<?
/*
PTK  - DFLabs
Copyright (C) 2008 - DFLabs srl - All rights reserved
hide@address.com
*/
include("check_session.php");
include("check_session_image.php");
include("lib_commands.php");
include("loggerClass.php");
if(isset($_GET['parentId'])){
	$parent = $_GET['parentId'];
	$parent = RemoveXSS($parent);
	$x = explode("|", $parent);
	$offset = sanitize($x[0],INT);
	$parent = sanitize($x[1],PARANOID);
	$partition = sanitize($x[2],INT);
	$tz = preg_replace("/[^a-zA-Z0-9\/\_\-\+\|]/", "", $x[3]);
	$token = sanitize($x[4],PARANOID);
	if (isset($_SESSION['file_bro_token']) && strcmp($_SESSION['file_bro_token'],$token) == 0){
		$output = get_folder_browsing($_SESSION['image_path'], $offset, $parent);
		$line = explode("\n", $output);
		foreach ($line as $line){
			$arr = explode("|", $line);
			$inode = $arr[2];
			$name = RemoveXSS($arr[1]);
			$name = preg_replace("/^\//", "", $name);		
			$has_subfolders = check_subfolders($_SESSION['image_path'], $offset, $inode);
			if(preg_match("/\(deleted\)/", $name)){
				$name = preg_replace("/\(deleted\)/", "", $name);
				if($has_subfolders == 1){
					echo "<li class='folderdeleted.gif'><a href='#'><father onclick=\"folderWait(this); ajax_request('get_folder_content.php?tk=".$token."&arg1=$offset&arg2=$inode&arg3=$partition&arg5=$tz', 'folder_content')\">$name</father></a>";	
					echo "<ul>";
					echo "<li parentId='$offset|$inode|$partition|$tz|$token' onclick=\"folderWait(this); ajax_request('get_folder_content.php?tk=".$token."&arg1=$offset&arg2=$inode&arg3=$partition&arg5=$tz', 'folder_content')\"><a href='#'>Loading</a></li>";
					echo "</ul>";
					echo "</li>";
				}else{
					echo "<li class='folderdeleted.gif' onclick=\"folderWait(this); ajax_request('get_folder_content.php?tk=".$token."&arg1=$offset&arg2=$inode&arg3=$partition&arg5=$tz', 'folder_content')\"><a href='#'>$name</a></li>";	
				}				
			}else{
				if($name!=''){
					if($has_subfolders == 1){
						echo "<li><a href='#'><father  onclick=\"folderWait(this); ajax_request('get_folder_content.php?tk=".$token."&arg1=$offset&arg2=$inode&arg3=$partition&arg5=$tz', 'folder_content')\">$name</father></a>";	
						echo "<ul>";
						echo "<li parentId='$offset|$inode|$partition|$tz|$token' onclick=\"folderWait(this); ajax_request('get_folder_content.php?tk=".$token."&arg1=$offset&arg2=$inode&arg3=$partition&arg5=$tz', 'folder_content')\"><a href='#'>Loading</a></li>";
						echo "</ul>";
						echo "</li>";
					}else{
						echo "<li onclick=\"folderWait(this); ajax_request('get_folder_content.php?tk=".$token."&arg1=$offset&arg2=$inode&arg3=$partition&arg5=$tz', 'folder_content')\"><a href='#'>$name</a></li>";	
					}	
				}
			}
		}
	}else{
        	new AuditLog('Unauthorized access to image_browsing');
	        header("location: home.php");
	}
}else{
	new AuditLog('Unauthorized access to image_browsing');
        header("location: goto_home.php");
}
?>