FILEUP

F diff --git a/loggedin.js b/loggedin.js
--- a/loggedin.js
+++ b/loggedin.js
  function open_file(fileview) {
      var data = new FormData();
      data.append('folder', get_path());
-     data.append('path', get_path());
+     data.append('filename', fileview.filename);
  
      var xhr = new XMLHttpRequest();
      xhr.open('POST', '/php/readfile.php', true);
      xhr.onload = function () {
- 
+         console.log(xhr.responseText);
      };
      xhr.send(data);
  }
F diff --git a/php/readfile.php b/php/readfile.php
--- a/php/readfile.php
+++ b/php/readfile.php
  require_once "misc.php";
  
  session_start();
- if (!isset($_POST["filename"]) || !isset($_FILES["folder"])) {
+ if (!isset($_POST["filename"]) || !isset($_POST["folder"])) {
  	error_log("/php/readfile.php - invalid request");
  	http_response_code(400);
  	exit(1);
  
  $dir = get_directory($folder, $user);
  if (!$dir) {
-     error_log("i/php/readfile.php - invalid directory");
+     error_log("/php/readfile.php - invalid directory");
  	http_response_code(409);
      exit(0);
  }
  foreach ($contents_of_dir as $c) {
      if ($c['name'] == $filename) {
          $file_node = $c;
+         break;
      }
  }
+ if (!$file_node) {
+     error_log("/php/readfile.php - invalid filename");
+ 	http_response_code(409);
+     exit(0);
+ }
+ 
+ header("Content-type: $file_node[mimetype]");
  
- var_error_log($file_node);
+ readfile("$storage_root/$file_node[code]");