/[docman]/docman.php
This is repository of my old source code which isn't updated any more. Go to git.rot13.org for current projects!
ViewVC logotype

Annotation of /docman.php

Parent Directory Parent Directory | Revision Log Revision Log


Revision 1.11 - (hide annotations)
Fri Aug 4 11:25:05 2000 UTC (22 years, 6 months ago) by dpavlin
Branch: MAIN
Changes since 1.10: +3 -0 lines
rename old backups too

1 dpavlin 1.1 <?php
2    
3     /* Copyright 1999 by John Martin d/b/a www.ANYPORTAL.com */
4     /* All Rights Reserved. */
5     /* */
6     /* This software is freeware and is not in the public domain. */
7     /* You are hereby granted the right to freely distribute this */
8     /* software as long as this copyright notice remains in place. */
9     /* */
10     /* Comments or suggestions? email: andmore@alief.com */
11     /* */
12     /* This is the PHP port: AnyPortal(php)-0.1 */
13     /* ======================================== */
14     /* */
15     /* PHP version 2000 by Stefan@Wiesendanger.org */
16     /* No Rights Reserved. What for, anyhow ? */
17     /* */
18     /* Date Remarks */
19     /* --------- ----------------------------------------------- */
20     /* 25 MAY 99 original ASP version */
21     /* 17 SEP 99 change upload from SA-FILEUP to aspSmartUpload */
22     /* 10 APR 00 simplified PHP3 version */
23     /* 18 APR 00 most of PHP3 port working. Slight modifications */
24     /* 22 APR 00 modified syntax highlighting, no absolute paths */
25     /* revealed, PHP builtin authentication, global */
26     /* style sheet as callback, use apache default */
27     /* icons as an alternative to the wingdings font. */
28     /* 25 APR 00 catch some exceptions (not foolproof yet) */
29     /* 26 APR 00 catch some more exceptions, implicit copy */
30     /* function by saving somewhere else in the detail */
31     /* view, MD5 hashed password. */
32     /* 27 APR 00 Fixed authentication bug */
33     /* 12 MAY 00 Fixed trouble with exec() with newer versions of */
34     /* PHP3. Fixed bug which would send you to a non- */
35     /* existent address after file modifications. */
36    
37 dpavlin 1.2 /*
38     2000-07-25 Dobrica Pavlinusic <dpavlin@rot13.org>
39    
40     nuked exec calls (unsecure)
41     nuked writeable function (replaced by php is_writeable)
42     added support for https (tested with apache+mod_ssl)
43     added users file
44     date format user-selectable
45     cycle backup files in bak directory
46     support links as directoryes (for now)
47     support of file history logging
48     undelete capabilities (delete moves to .del directory)
49    
50     2000-07-26 DbP
51    
52     added more checking on entered filename (when creating file/dir)
53     added rename option
54    
55    
56     IMPORTANT INSTALLATION NOTE:
57     deny serving of .* (dot-something) files in web server!
58     Otherwise, uses can access your log files, users and/or
59     deleted files!
60    
61     .htusers is in form:
62     login:Real Name:md5(loginpassword)
63    
64    
65     TODO:
66     mixed file/directory output (add type to each entry,
67     real support for links)
68 dpavlin 1.9 retrieve old versions of files (overwritten)
69 dpavlin 1.2 */
70    
71 dpavlin 1.1 //////////////////////////////////////////////////////////////////
72    
73     // TODO : Don't let the file be modified itself. Create a hash of
74     // it (kinda hard since it's self-referential ;-). Make better use
75     // of session management. Escapeshellcmd for all user input.
76    
77     //////////////////////////////////////////////////////////////////
78    
79     // GLOBAL PARAMETERS
80     // =================
81     // Make modifications here to suit siteman to your needs
82    
83     // error_reporting(4) ; // how verbose ?
84    
85     // username/password should not be system
86     // usernames/passwords !!
87    
88 dpavlin 1.2 // $gblPw = "hash_of_your_username_and_password" ;
89    
90     // $gblAuth = false ; // use builtin authentication
91     $gblAuth = true ; // use builtin authentication
92 dpavlin 1.1 $gblHash = "md5" ; // hash function to use
93    
94 dpavlin 1.2 $gblPw = "";
95    
96     if ($gblAuth) {
97 dpavlin 1.3 $htusers_file=dirname($SCRIPT_FILENAME)."/.htusers";
98     if (! file_exists($htusers_file)) {
99     $htusers=fopen($htusers_file,"a+");
100     fputs($htusers,"# Change owner of $htusers_file to root !!\n");
101     fputs($htusers,"demo:full name:md5_hash\n");
102     fclose($htusers);
103     }
104     $htusers=fopen($htusers_file,"r");
105 dpavlin 1.2 while($user = fgetcsv($htusers,255,":")) {
106     if ($user[0] == $GLOBALS["PHP_AUTH_USER"]) {
107     $gblUserName=$user[1];
108     $gblPw=$user[2];
109     continue ;
110     }
111     }
112     fclose($htusers);
113     }
114    
115     // $gblDateFmt="D, F d, Y";
116     // $gblTimeFmt="g:i:sA";
117    
118     $gblDateFmt="Y-m-d";
119     $gblTimeFmt="H:i:s";
120    
121     // Number of backup files to keep
122     $gblNumBackups=5;
123    
124 dpavlin 1.1 // choose GifIcon below unless you have the M$
125     // WingDings font installed on your system
126    
127     $gblIcon = "GifIcon" ; // MockIcon or GifIcon
128    
129     // the directory below should be /icons/ or /icons/small/
130     // on Apache; a set of icons is included in the distribution
131    
132 dpavlin 1.3 $gblIconLocation = "/icons/" ;
133 dpavlin 1.1
134     // files you want to be able to edit in text mode
135     // and view with (primitive) syntax highlighting
136    
137     $gblEditable = array( ".txt",".asa",".asp",".htm",".html",
138     ".cfm",".php3",".php",".phtml",
139     ".shtml",".css" ) ;
140    
141     // files that will display as images on the detail page
142     // (useless if your browser doesn't support them)
143    
144     $gblImages = array( ".jpg",".jpeg",".gif",".png",".ico",
145     ".bmp",".xbm") ;
146    
147     //////////////////////////////////////////////////////////////////
148    
149     function StartHTML($title,$text="") {
150    
151     $title = "Site Manager " . $title ;
152     $host = $GLOBALS["HTTP_HOST"] ;
153     $self = $GLOBALS["PHP_SELF"] ;
154     ?>
155    
156     <HTML>
157     <HEAD>
158 dpavlin 1.4 <TITLE><?= $host . " " . $title ?></TITLE>
159 dpavlin 1.1 <META NAME="description" CONTENT="PHP port of AnyPortal Site Manager">
160     <META NAME="keywords" CONTENT="site manager, web site maintenance">
161     <META NAME="robots" CONTENT="noindex">
162     <META HTTP-EQUIV="expires" CONTENT="0">
163     <LINK REL="stylesheet" TYPE="text/css"
164 dpavlin 1.4 HREF="<?= $self ?>?STYLE=get">
165 dpavlin 1.1 </HEAD>
166     <BODY BGCOLOR="#FFFFFF">
167 dpavlin 1.4 <H3 ALIGN="RIGHT"><?= $host ?></H3>
168 dpavlin 1.1 <TABLE BORDER=0 WIDTH="100%"><TR>
169 dpavlin 1.4 <TD CLASS=INV><?= $title ?></TD></TR></TABLE>
170     <P><?= $text ?></P>
171 dpavlin 1.1
172     <?php
173     } // end function StartHTML
174    
175     //////////////////////////////////////////////////////////////////
176    
177     function EndHTML() {
178     ?>
179    
180     <HR>
181     <P CLASS=FTR>
182 dpavlin 1.2 <B><?= date($GLOBALS[gblDateFmt]) ?> -
183     <?= date($GLOBALS[gblTimeFmt]) ?> -
184     <?= $GLOBALS[gblUserName] ?>
185 dpavlin 1.6 <small> [<a href="<?= $GLOBALS["PHP_SELF"] ?>?relogin=<?= $GLOBALS[gblPw] ?>">logout</a>]</small>
186 dpavlin 1.2 </B>
187     <BR>ANYPORTAL(php) Site Manager
188     <br><small>
189     &copy; 1999 by <A HREF="http://www.anyportal.com">ANYPORTAL</A>,
190     &copy; 2000 by <A HREF="http://da.nger.org">d@nger.org</A>,
191     &copy; 2000 by <A HREF="http://www.rot13.org/~dpavlin/">DbP</A>
192     </small>
193 dpavlin 1.1 </P>
194 dpavlin 1.2 <BR>
195 dpavlin 1.9 <? //include(".debug.inc") ?>
196 dpavlin 1.2 <BR><BR></BODY></HTML>
197 dpavlin 1.1
198     <?php
199     } // end function EndHTML
200    
201     //////////////////////////////////////////////////////////////////
202    
203     function CSS() {
204     ?>
205    
206 dpavlin 1.2 BODY,TD,P,H1,H2,H3 { font-family:Verdana,Helvetica,Arial,sans-serif; }
207 dpavlin 1.1 .BLK { color:black; }
208     .RED { color:red; }
209     .TOP { color:red; font-size:70%; } /* table headings */
210     .INV { color:white; background-color:navy;
211     font-weight:bold; font-size:120%; } /* title */
212     .FTR { } /* footer */
213     .LST { background-color:#E0E0E0; } /* table cells */
214     .BAR { background-color:#E0E0E0; } /* action bar */
215     PRE { color:blue; font-family:Lucida Console,Courier New,
216     Courier,sans-serif; } /* source code */
217     EM { color:green; font-style:normal; } /* line numbers */
218     .REM { color:silver; }
219     .XML { color:navy; background-color:yellow; }
220     .MCK { color:red; font-family:WingDings; } /* Mock Icons */
221     A:HOVER { color:red; }
222    
223     <?php
224     } // end function CSS
225    
226     //////////////////////////////////////////////////////////////////
227    
228     function DetailPage($fsRoot,$relDir,$fn) {
229    
230     global $gblEditable, $gblImages ;
231     $self = $GLOBALS["PHP_SELF"] ;
232    
233     $relPath = $relDir . "/" . $fn ;
234     $fsPath = $fsRoot . $relPath ;
235     $fsDir = $fsRoot . $relDir ;
236    
237     $exists = file_exists($fsPath) ;
238     $ext = strtolower(strrchr($relPath,".")) ;
239     $editable = ( $ext=="" || strstr(join(" ",$gblEditable),$ext)) ;
240 dpavlin 1.2 $writable = is_writeable($fsPath) ;
241 dpavlin 1.6 $file_lock = CheckLock($fsPath);
242 dpavlin 1.1
243     if (!$editable && !$exists)
244     Error("Creation unsupported for type",$relPath) ;
245 dpavlin 1.2 if (!exists && !is_writeable($fsDir) )
246 dpavlin 1.1 Error("Creation denied",$relDir) ;
247    
248     $text = "Use this page to view, modify or " ;
249     $text .= "delete a single document on this " ;
250     $text .= "web site." ;
251     $title = "(Detail Page)" ;
252     StartHTML($title, $text) ;
253    
254     echo "<H3>" . $relDir . "/" . $fn . "</H3>" ;
255     if ($exists) { // get file info
256 dpavlin 1.4 $fsize = filesize($fsPath) ;
257     $fmodified = date("$GLOBALS[gblDateFmt] $GLOBALS[gblTimeFmt]", filemtime($fsPath)) ;
258     $faccessed = date("$GLOBALS[gblDateFmt] $GLOBALS[gblTimeFmt]", fileatime($fsPath)) ;
259     echo "<PRE> file size: " . $fsize . " Bytes<BR>" ;
260     echo "last modified: <B>" . $fmodified . "</B><BR>" ;
261     echo "last accessed: <B>" . $faccessed . "</B><BR>" ;
262     echo " owner: <B>" . fileowner($fsPath) . "</B><BR>" ;
263     echo " group: <B>" . filegroup($fsPath) . "</B><BR>" ;
264     echo " permissions: <B>" ;
265     echo printf( "%o", fileperms($fsPath) ) . "</B>" ;
266     echo "</PRE>" ;
267 dpavlin 1.2
268 dpavlin 1.1 }
269    
270 dpavlin 1.6 if ( $editable && ($writable || !$exists) && !$file_lock ) {
271 dpavlin 1.1 $fh = fopen($fsPath,"a+") ;
272     rewind($fh) ;
273     $fstr = fread($fh,filesize($fsPath)) ;
274     fclose($fh) ;
275     $fstr = htmlentities( $fstr ) ;
276     ?>
277    
278 dpavlin 1.4 <FORM ACTION="<?= $self ; ?>" METHOD="POST">
279 dpavlin 1.1 <SPAN TITLE="Click [SAVE] to store updated contents.">
280     <B>DOCUMENT CONTENTS</B>
281     </SPAN><BR>
282     <TEXTAREA NAME="FILEDATA" ROWS=18 COLS=70 WRAP="OFF"><?php
283     echo($fstr) ; ?></TEXTAREA>
284 dpavlin 1.4 <INPUT TYPE="HIDDEN" NAME="DIR" VALUE="<?= $relDir ; ?>">
285     <INPUT TYPE="HIDDEN" NAME="FN" VALUE="<?= $fn ; ?>">
286 dpavlin 1.1 <INPUT TYPE="HIDDEN" NAME="POSTACTION" VALUE="SAVE">
287 dpavlin 1.2 <INPUT TYPE="HIDDEN" SIZE=48 MAXLENGTH=255 NAME="RELPATH"
288 dpavlin 1.4 VALUE="<?= $relPath ; ?>">
289 dpavlin 1.2 <br>
290     <INPUT TYPE="RESET" VALUE="UNDO ALL CHANGES">
291 dpavlin 1.1 <INPUT TYPE="SUBMIT" VALUE="SAVE">
292     </FORM>
293    
294     <?php
295 dpavlin 1.9 }
296     if ( !$file_lock && strstr(join(" ",$gblImages),$ext) ) {
297 dpavlin 1.6 $info = getimagesize($fsPath) ;
298 dpavlin 1.9 $tstr = "<IMG SRC=\"".urlpath($relPath)."\" BORDER=0 " ;
299 dpavlin 1.6 $tstr .= $info[3] . " ALT=\"" . $fn . " - " ;
300     $tstr .= (int)(($fsize+1023)/1024) . "Kb\">" ;
301 dpavlin 1.9 // echo htmlentities($tstr) . "<BR><BR>" . $tstr ;
302     echo $tstr ;
303 dpavlin 1.1 }
304 dpavlin 1.6
305 dpavlin 1.1 ?>
306    
307 dpavlin 1.4 <FORM ACTION="<?= $self ; ?>" METHOD="POST">
308     <INPUT TYPE="HIDDEN" NAME="DIR" VALUE="<?= $relDir ; ?>">
309     <INPUT TYPE="HIDDEN" NAME="FN" VALUE="<?= $fn ; ?>">
310 dpavlin 1.1 <INPUT TYPE="SUBMIT" NAME="POSTACTION" VALUE="CANCEL"><BR>
311    
312     <?php
313 dpavlin 1.6
314     if ($file_lock) {
315     ?>
316     <hr>
317     <SPAN TITLE="Check OK and click UNLOCK to remove lock on file.">
318     <B>OK TO FORCE LOCK REMOVAL ON "<?= $fn ; ?>" HELD BY <?= $file_lock ?>? </B></SPAN>
319     <INPUT TYPE="CHECKBOX" NAME="CONFIRM">
320     <INPUT TYPE="SUBMIT" NAME="POSTACTION" VALUE="UNLOCK">
321     <?
322     } // file_lock
323    
324 dpavlin 1.2 if (substr($fn,0,4) == ".del") {
325     $action="UNDELETE";
326     $desc="undelete previously deleted file";
327     } else {
328     $action="DELETE";
329     $desc="delete";
330     }
331    
332 dpavlin 1.1 if ($exists && $writable) {
333     ?>
334    
335 dpavlin 1.4 <HR>
336     <a name="undelete">
337     <SPAN TITLE="Check OK and click [<?= $action ?>] to <?= $desc ?>.">
338     <B>OK TO <?= $action ?> "<?= $fn ; ?>"? </B></SPAN>
339 dpavlin 1.2 <INPUT TYPE="CHECKBOX" NAME="CONFIRM">
340     <INPUT TYPE="SUBMIT" NAME="POSTACTION" VALUE="<?= $action ?>">
341    
342 dpavlin 1.4 <HR>
343     <a name="rename">
344     <SPAN TITLE="Check OK and click [RENAME] to rename.">
345     <B>OK TO RENAME "<?= $fn ; ?>" TO
346 dpavlin 1.2 <INPUT TYPE="TEXT" SIZE=24 MAXLENGTH=255 NAME="NEWNAME" VALUE="<?= $fn ?>">
347     ? </B></SPAN>
348 dpavlin 1.1 <INPUT TYPE="CHECKBOX" NAME="CONFIRM">
349 dpavlin 1.2 <INPUT TYPE="SUBMIT" NAME="POSTACTION" VALUE="RENAME">
350 dpavlin 1.1
351 dpavlin 1.5 <?php
352     } // exists && writable
353     ?>
354 dpavlin 1.4 <HR>
355     <a name="note">
356     <B>NOTE FOR "<?= $fn ; ?>":
357     <INPUT TYPE="TEXT" SIZE=50 MAXLENGTH=255 NAME="NOTE" VALUE="<?= ReadNote($fsPath) ?>">
358     </B></SPAN>
359     <INPUT TYPE="SUBMIT" NAME="POSTACTION" VALUE="NOTE">
360    
361 dpavlin 1.5 </FORM>
362    
363 dpavlin 1.1 <?php
364 dpavlin 1.5
365 dpavlin 1.10 $name=basename("$fsDir/$fn");
366     $logname=dirname("$fsDir/$fn")."/.log/$name";
367     $bakdir=dirname("$fsDir/$fn")."/.bak";
368 dpavlin 1.2 if (file_exists($logname)) {
369     $log=fopen($logname,"r");
370     $cl1=" class=lst"; $cl2="";
371 dpavlin 1.10 $logarr = array();
372 dpavlin 1.2 while($line = fgetcsv($log,255,"\t")) {
373     $cl=$cl1; $cl1=$cl2; $cl2=$cl;
374 dpavlin 1.10 array_unshift($logarr,array($cl,$line[0],$line[1],$line[2],$line[3]));
375 dpavlin 1.2 }
376     fclose($log);
377 dpavlin 1.10 print "<hr><br><b>CHANGES TO THIS FILE</b><br><table border=0 width=100%>\n";
378     $bakcount = 0; // start from 0, skip fist backup (it's current)
379     while ($e = array_shift($logarr)) {
380     if (strstr($e[4],"upload")) {
381     if (file_exists("$bakdir/$bakcount/$name")) {
382     $e[4]="<a href=\"".dirname($relPath)."/.bak/$bakcount/$name\">$e[4]</a>";
383     }
384     $bakcount++;
385     }
386     print "<tr><td$e[0]>$e[1]</td><td$e[0]>$e[2]</td><td$e[0]>$e[3]</td><td$e[0]>$e[4]</td></tr>\n";
387     }
388 dpavlin 1.2 print "</table>";
389     }
390    
391 dpavlin 1.1 EndHTML() ;
392    
393     } // end function DetailPage
394    
395     //////////////////////////////////////////////////////////////////
396    
397     function DisplayCode($fsRoot,$relDir,$fn) {
398    
399     $path = $fsRoot . $relDir . "/" . $fn ;
400    
401     if (!file_exists($path)) Error("File not found",$path) ;
402    
403     StartHTML("(".$relDir."/".$fn.")","");
404    
405     $tstr = join("",file($path)) ;
406     $tstr = htmlentities($tstr) ;
407    
408     // Tabs
409     $tstr = str_replace(chr(9)," ",$tstr) ;
410    
411     // ASP tags & XML/PHP tags
412     $aspbeg = "<SPAN CLASS=XML>&lt;%</SPAN><SPAN CLASS=BLK>" ;
413     $aspend = "</SPAN><SPAN CLASS=XML>%&gt;</SPAN>" ;
414     $tstr = str_replace("&lt;%",$aspbeg,$tstr) ;
415     $tstr = str_replace("%&gt;",$aspend,$tstr) ;
416    
417     $xmlbeg = "<SPAN CLASS=XML>&lt;?</SPAN><SPAN CLASS=BLK>" ;
418     $xmlend = "</SPAN><SPAN CLASS=XML>?&gt;</SPAN>" ;
419     $tstr = str_replace("&lt;?",$xmlbeg,$tstr) ;
420     $tstr = str_replace("?&gt;",$xmlend,$tstr) ;
421    
422     // C style comment
423     $tstr = str_replace("/*","<SPAN CLASS=REM>/*",$tstr) ;
424     $tstr = str_replace("*/","*/</SPAN>",$tstr) ;
425    
426     // HTML comments
427     $tstr = str_replace("&lt;!--","<I CLASS=RED>&lt;!--",$tstr) ;
428     $tstr = str_replace("--&gt;","--&gt;</I>",$tstr) ;
429    
430     echo "<PRE>" ;
431    
432     $tstr = split("\n",$tstr) ;
433     for ($i = 0 ; $i < sizeof($tstr) ; ++$i) {
434     // add line numbers
435     echo "<BR><EM>" ;
436     echo substr(("000" . ($i+1)), -4) . ":</EM> " ;
437     $line = $tstr[$i] ;
438     // C++ style comments
439     $pos = strpos($line,"//") ;
440     // exceptions: two slashes aren't a script comment
441     if (strstr($line,"//") &&
442     ! ($pos>0 && substr($line,$pos-1,1)==":") &&
443     ! (substr($line,$pos,8) == "//--&gt;") &&
444     ! (substr($line,$pos,9) == "// --&gt;")) {
445     $beg = substr($line,0,strpos($line,"//")) ;
446     $end = strstr($line,"//") ;
447     $line = $beg."<SPAN CLASS=REM>".$end."</SPAN>";
448     }
449     // shell & asp style comments
450     $first = substr(ltrim($line),0,1) ;
451     if ($first == "#" || $first == "'") {
452     $line = "<SPAN CLASS=REM>".$line."</SPAN>";
453     }
454     print($line) ;
455     } // next i
456    
457     echo "</PRE>" ;
458    
459     EndHTML() ;
460    
461     } // end function DisplayCode
462    
463     //////////////////////////////////////////////////////////////////
464    
465     function MockIcon($txt) {
466     $tstr = "<SPAN CLASS=MCK>" ;
467    
468     switch (strtolower($txt)) {
469     case ".bmp" :
470     case ".gif" :
471     case ".jpg" :
472     case ".jpeg":
473     case ".tif" :
474     case ".tiff":
475     $d = 176 ;
476     break ;
477     case ".doc" :
478     $d = 50 ;
479     break ;
480     case ".exe" :
481     case ".bat" :
482     $d = 255 ;
483     break ;
484     case ".bas" :
485     case ".c" :
486     case ".cc" :
487     case ".src" :
488     $d = 255 ;
489     break ;
490     case "file" :
491     $d = 51 ;
492     break ;
493     case "fldr" :
494     $d = 48 ;
495     break ;
496     case ".htm" :
497     case ".html":
498     case ".asa" :
499     case ".asp" :
500     case ".cfm" :
501     case ".php3":
502     case ".php" :
503     case ".phtml" :
504     case ".shtml" :
505     $d = 182 ;
506     break ;
507     case ".pdf" :
508     $d = 38 ;
509     break;
510     case ".txt" :
511     case ".ini" :
512     $d = 52 ;
513     break ;
514     case ".xls" :
515     $d = 252 ;
516     break ;
517     case ".zip" :
518     case ".arc" :
519     case ".sit" :
520     case ".tar" :
521     case ".gz" :
522     case ".tgz" :
523     case ".Z" :
524     $d = 59 ;
525     break ;
526     case "view" :
527     $d = 52 ;
528     break ;
529     case "up" :
530     $d = 199 ;
531     break ;
532     case "blank" :
533     return "&nbsp;&nbsp;</SPAN>" ;
534     break ;
535     default :
536     $d = 51 ;
537     }
538    
539     return $tstr . chr($d) . "</SPAN>" ;
540     } // end function MockIcon
541    
542     //////////////////////////////////////////////////////////////////
543    
544     function GifIcon($txt) {
545     global $gblIconLocation ;
546    
547     switch (strtolower($txt)) {
548     case ".bmp" :
549     case ".gif" :
550     case ".jpg" :
551     case ".jpeg":
552     case ".tif" :
553     case ".tiff":
554     $d = "image2.gif" ;
555     break ;
556     case ".doc" :
557     $d = "layout.gif" ;
558     break ;
559     case ".exe" :
560     case ".bat" :
561     $d = "screw2.gif" ;
562     break ;
563     case ".bas" :
564     case ".c" :
565     case ".cc" :
566     case ".src" :
567     $d = "c.gif" ;
568     break ;
569     case "file" :
570     $d = "generic.gif" ;
571     break ;
572     case "fldr" :
573     $d = "dir.gif" ;
574     break ;
575     case ".phps" :
576     $d = "phps.gif" ;
577     break ;
578     case ".php3" :
579     $d = "php3.gif" ;
580     break ;
581     case ".htm" :
582     case ".html":
583     case ".asa" :
584     case ".asp" :
585     case ".cfm" :
586     case ".php3":
587     case ".php" :
588     case ".phtml" :
589     case ".shtml" :
590     $d = "world1.gif" ;
591     break ;
592     case ".pdf" :
593     $d = "pdf.gif" ;
594     break;
595     case ".txt" :
596     case ".ini" :
597     $d = "text.gif" ;
598     break ;
599     case ".xls" :
600     $d = "box2.gif" ;
601     break ;
602     case ".zip" :
603     case ".arc" :
604     case ".sit" :
605     case ".tar" :
606     case ".gz" :
607     case ".tgz" :
608     case ".Z" :
609     $d = "compressed.gif" ;
610     break ;
611     case "view" :
612     $d = "index.gif" ;
613     break ;
614     case "up" :
615     $d = "back.gif" ;
616     break ;
617     case "blank" :
618     $d = "blank.gif" ;
619     break ;
620 dpavlin 1.4 case "checkout":
621 dpavlin 1.6 $d = "box2.gif";
622 dpavlin 1.4 break;
623     case "checkin":
624 dpavlin 1.6 $d = "hand.up.gif";
625     break;
626     case "locked":
627     $d = "screw2.gif";
628 dpavlin 1.4 break;
629     case "note":
630     $d = "quill.gif";
631     break;
632 dpavlin 1.1 default :
633     $d = "generic.gif" ;
634     }
635    
636     return "<IMG SRC=\"$gblIconLocation" . $d . "\" BORDER=0>" ;
637     } // end function GifIcon
638    
639     //////////////////////////////////////////////////////////////////
640    
641     function Navigate($fsRoot,$relDir) {
642    
643     global $gblEditable, $gblIcon ;
644    
645     $self = $GLOBALS["PHP_SELF"] ;
646 dpavlin 1.2 if (isset($GLOBALS["HTTPS"]) && $GLOBALS["HTTPS"] == "on") {
647     $webRoot = "https://" . $GLOBALS["SERVER_NAME"] ;
648     } else {
649     $webRoot = "http://" . $GLOBALS["SERVER_NAME"] ;
650     }
651 dpavlin 1.1 $fsDir = $fsRoot . $relDir . "/" ; // current directory
652    
653     if (!is_dir($fsDir)) Error("Dir not found",$relDir) ;
654    
655     // read directory contents
656     if ( !($dir = @opendir($fsDir)) )
657     Error("Read Access denied",$relDir) ;
658     while ($item = readdir($dir)) {
659 dpavlin 1.2 if ( $item == ".." || $item == "." || substr($item,0,1) == "." ) continue ;
660 dpavlin 1.1 if ( is_dir($fsDir . $item) ) {
661     $dirList[] = $item ;
662 dpavlin 1.2 } else if ( is_file($fsDir . $item) ) {
663 dpavlin 1.1 $fileList[] = $item ;
664 dpavlin 1.2 } else if ( is_link($fsDir . $item) ) {
665     $dirList[] = $item ;
666     } else {
667 dpavlin 1.1 // unknown file type
668     // $text = "Could not determine file type of " ;
669     // Error("File Error", $text.$relDir."/".$item) ;
670     // exit ;
671     }
672     }
673     closedir($dir) ;
674 dpavlin 1.2
675     // scan deleted files
676     if ( $GLOBALS[show_deleted] == 1 && ($dir = @opendir("$fsDir/.del")) ) {
677     while ($item = readdir($dir)) {
678     if ( substr($item,0,1) == "." ) continue ;
679     $fileList[] = ".del/$item" ;
680     }
681     closedir($dir) ;
682     }
683    
684 dpavlin 1.1 $emptyDir = ! (sizeof($dirList) || sizeof($fileList)) ;
685    
686     // start navigation page
687 dpavlin 1.2 $text = "Use this page to add, delete";
688     if (! isset($show_deleted)) {
689 dpavlin 1.6 $text .= ", <a href=$self?D=".urlencode($relDir)."&show_deleted=1>undelete</a>";
690 dpavlin 1.2 }
691     $text .= " or revise files on this web site." ;
692 dpavlin 1.1 StartHTML("(Navigate)",$text) ;
693    
694     echo "<TABLE BORDER=0 CELLPADDING=2
695     CELLSPACING=3 WIDTH=\"100%\">" ;
696    
697     // updir bar
698     if ($fsDir != $fsRoot) {
699     $parent = dirname($relDir) ;
700     if ($parent == "") $parent = "/" ;
701     ?>
702    
703 dpavlin 1.4 <TR><TD><?= $gblIcon("up") ?></TD><TD COLSPAN=5 CLASS=LST>
704     <A HREF="<?= $self ?>?D=<?= urlencode($parent) ?>">
705     <B><?= $parent ?></B></A></TD></TR>
706 dpavlin 1.1
707     <?php
708     }
709    
710     // output subdirs
711     if (sizeof($dirList) > 0) {
712     sort($dirList) ;
713     ?>
714    
715 dpavlin 1.4 <TR><TD></TD><TD COLSPAN=5 CLASS=TOP><HR>DIRECTORY NAME</TD></TR>
716 dpavlin 1.1
717     <?php
718     while (list($key,$dir) = each($dirList)) {
719    
720     $tstr = "<A HREF=\"" . $self . "?D=" ;
721     $tstr .= urlencode($relDir."/".$dir) ;
722     $tstr .= "\">" . $dir . "/</A>" ;
723     ?>
724    
725 dpavlin 1.4 <TR><TD><?= $gblIcon("fldr") ?></TD>
726     <TD COLSPAN=5 CLASS=LST><?= $tstr ?></TD></TR>
727 dpavlin 1.1
728     <?php
729     } // iterate over dirs
730     } // end if no dirs
731     ?>
732    
733 dpavlin 1.4 <TR><TD></TD><TD COLSPAN=5><HR><B><?= $webRoot . $relDir ?>
734 dpavlin 1.1 </B></TD></TR>
735     <TR><TD></TD><TD CLASS=TOP>DOCUMENT NAME</TD>
736 dpavlin 1.6 <TD><?= $gblIcon("blank").$gblIcon("blank") ?></TD>
737 dpavlin 1.4 <TD CLASS=TOP>NOTE</TD>
738 dpavlin 1.1 <TD CLASS=TOP>LAST UPDATE</TD><TD CLASS=TOP>FILE SIZE</TD></TR>
739    
740     <?php
741     if (sizeof($fileList) > 0) {
742     sort($fileList) ;
743     while (list($key,$file) = each($fileList)) {
744 dpavlin 1.4 $path = $fsDir."/".$file ;
745     $mod = filemtime($path) ;
746     $sz = filesize($path) ;
747    
748     if ($sz >= 10240) {
749     $sz = (int)(($sz+1023)/1024) . " k" ;
750     } else {
751     $sz .= " " ;
752     } // end size
753 dpavlin 1.1
754 dpavlin 1.4 $a = $b = "" ;
755    
756     $info_url=$self."?A=E&F=".urlencode($file)."&D=".urlencode($relDir);
757    
758     if ( ($mod + 30*86400) > time() ) {
759     $a = "<SPAN CLASS=RED TITLE=\"Newer" ;
760     $a .= " than 30 days\"> * </SPAN>" ;
761     }
762    
763 dpavlin 1.6 $file_lock=CheckLock($path);
764    
765     $file_url_html="<A HREF=\"$self?A=V&F=".urlencode($file);
766     $file_url_html.="&D=".urlencode($relDir);
767     $file_url_html.="\" TITLE=\"View file\">" ;
768 dpavlin 1.2
769     if (substr($file,0,5) != ".del/") {
770 dpavlin 1.6 $file_url_html .= $file . "</A>" . $a ;
771 dpavlin 1.2 } else {
772 dpavlin 1.6 $file_url_html .= substr($file,5,strlen($file)-5) . "</a> <SPAN CLASS=RED TITLE=\"deleted\"> <a href=\"$info_url#undelete\">deleted</a> </span>";
773 dpavlin 1.4 }
774    
775 dpavlin 1.6 $note_html="<a href=\"$info_url#note\">".$gblIcon("note")."</a>".ReadNote($path);
776 dpavlin 1.4
777     $ext = strtolower(strrchr($file,".")) ;
778 dpavlin 1.6
779     if ($file_lock) {
780     if ($file_lock == $GLOBALS[gblUserName]) {
781     $b.="<A HREF=\"$self?A=Ci&F=".urlencode($file);
782     $b.="&D=".urlencode($relDir);
783     $b.="\" TITLE=\"Checkin (update) file on server\">" ;
784     $file_url_html=$b;
785     $b.=$gblIcon("checkin")."</A>" ;
786     $b.= $gblIcon("blank");
787     $file_url_html.="$file</a> $a";
788     $note_html = $gblIcon("blank")."<b>Please check-in (update) this file</b>";
789     } else {
790     $b = $gblIcon("locked");
791     $b.= $gblIcon("blank");
792     $note_html = $gblIcon("blank")."<b>File locked by $file_lock</b>";
793     $file_url_html = "$file $a";
794     }
795 dpavlin 1.4 } else {
796 dpavlin 1.6 $b.="<A HREF=\"$self?A=Co&F=".urlencode($file);
797     $b.="&D=".urlencode($relDir);
798     $b.="\" TITLE=\"Checkout file for edit\">" ;
799     $b.=$gblIcon("checkout")."</A>" ;
800    
801     if ( $ext=="" || strstr(join(" ",$gblEditable),$ext) ) {
802     $b.="<A HREF=\"$self?A=C&F=".urlencode($file);
803     $b.="&D=".urlencode($relDir);
804     $b.="\" TITLE=\"List contents\">" ;
805     $b.=$gblIcon("view")."</A>" ;
806     } else {
807     $b.= $gblIcon("blank");
808     }
809 dpavlin 1.2 }
810 dpavlin 1.1
811    
812     ?>
813    
814     <TR><TD>
815 dpavlin 1.4 <A HREF="<?= $info_url ?>" TITLE="View/Edit">
816     <?= $gblIcon($ext) ?></A></TD>
817 dpavlin 1.6 <TD CLASS=LST><?= $file_url_html ?></TD>
818 dpavlin 1.4 <TD CLASS=LST ALIGN=center><?= $b ?></TD>
819 dpavlin 1.6 <TD CLASS=LST ALIGN=left><?= $note_html ?></TD>
820 dpavlin 1.4 <TD CLASS=LST><?= date("$GLOBALS[gblDateFmt] $GLOBALS[gblTimeFmt]",$mod) ?></TD>
821     <TD CLASS=LST><?= $sz ?>Bytes</TD></TR>
822 dpavlin 1.1
823     <?php
824     } // iterate over files
825     } // end if no files
826    
827     if ($emptyDir) {
828     ?>
829    
830 dpavlin 1.4 <FORM METHOD="POST" ACTION="<?= $self ?>">
831     <TR><TD></TD><TD COLSPAN=5 CLASS=BAR>
832     <INPUT TYPE="HIDDEN" NAME="DIR" VALUE="<?= $relDir ?>">
833 dpavlin 1.1 OK TO DELETE THIS EMPTY FOLDER?
834     <INPUT TYPE="CHECKBOX" NAME="CONFIRM">
835     <INPUT TYPE="SUBMIT" NAME="POSTACTION" VALUE="DELETE">
836     </TD></TR>
837     </FORM>
838    
839     <?php
840     } // end if emptyDir
841     ?>
842    
843 dpavlin 1.4 <TR><TD></TD><TD COLSPAN=5><HR></TD></TR>
844 dpavlin 1.1
845 dpavlin 1.6 <TR><TD></TD><TD COLSPAN=5>
846     To just view file without editing, select it's filename (<b>don't edit files which are opened this way!</b>)<br>
847     To <b>edit</b> file select <?= $gblIcon("checkout") ?> to check-out
848     and edit it locally. After editing is over, select filename or <?= $gblIcon("checkin") ?> to check-in (update copy of file on server).<br>
849     <by>If you select icon left from filename, you will get detailed information
850     about file, as well as delete, rename and annotation options.
851     </TD></TR>
852    
853     <TR><TD></TD><TD COLSPAN=5><HR></TD></TR>
854    
855 dpavlin 1.4 <FORM METHOD="POST" ACTION="<?= $self ?>">
856     <TR><TD></TD><TD COLSPAN=5 CLASS=BAR>CREATE NEW
857 dpavlin 1.1 <INPUT TYPE="RADIO" NAME="T" VALUE="D" CHECKED>DIRECTORY -OR-
858     <INPUT TYPE="RADIO" NAME="T" VALUE="F">FILE : &nbsp;&nbsp;
859     <NOBR>NAME <INPUT TYPE="TEXT" NAME="FN" SIZE=14>
860     <INPUT TYPE="HIDDEN" NAME="POSTACTION" VALUE="CREATE">
861 dpavlin 1.4 <INPUT TYPE="HIDDEN" NAME="DIR" VALUE="<?= $relDir ?>">
862 dpavlin 1.1 <INPUT TYPE="SUBMIT" VALUE="CREATE"></NOBR>
863 dpavlin 1.9 <NOBR>OR <A HREF="<?= $self ?>?A=U&D=<?= urlencode($relDir) ?>">UPLOAD</A> A FILE
864 dpavlin 1.1 </NOBR>
865     </TD></TR>
866     </FORM>
867     </TABLE>
868    
869     <?php
870     EndHTML() ;
871     } // end function Navigate
872    
873     //////////////////////////////////////////////////////////////////
874    
875 dpavlin 1.6 function UploadPage($fsRoot, $relDir, $filename) {
876 dpavlin 1.1
877     $self = $GLOBALS["PHP_SELF"] ;
878     if ($relDir == "") $relDir = "/" ;
879     ?>
880    
881     <P><TABLE BORDER=0 CELLPADDING=5><TR><TD WIDTH=5></TD><TD CLASS=BAR>
882     <FORM ENCTYPE="multipart/form-data" METHOD="POST"
883 dpavlin 1.4 ACTION="<?= $self ?>">
884     DESTINATION DIRECTORY:<B><?= " " . $relDir ?></B>
885 dpavlin 1.6 <? if (isset($filename)) { ?>
886     <br>DESTINATION FILE:<B><?= " " . $filename ?></B>
887     <INPUT TYPE="HIDDEN" NAME="FILENAME" VALUE="<?= $filename ?>">
888     <? } ?>
889 dpavlin 1.1 <P>PATHNAME OF LOCAL FILE<BR>
890 dpavlin 1.4 <INPUT TYPE="HIDDEN" NAME="DIR" VALUE="<?= $relDir ?>">
891 dpavlin 1.1 <INPUT TYPE="HIDDEN" NAME="POSTACTION" VALUE="UPLOAD">
892     <INPUT SIZE=30 TYPE="FILE" NAME="FN"></P>
893     <P><INPUT TYPE="SUBMIT" VALUE="UPLOAD"></P>
894     <P>If the <B>[BROWSE...]</B> button is not displayed,<BR>
895     you must upgrade to an RFC1867-compliant browser.</P>
896 dpavlin 1.4 <P>Your browser:<BR><?= $GLOBALS["HTTP_USER_AGENT"] ?></P>
897 dpavlin 1.1 </FORM>
898     </TD></TR>
899     <TR><TD></TD><TD>
900 dpavlin 1.4 <FORM METHOD="POST" ACTION="<?= $self ?>">
901     <INPUT TYPE="HIDDEN" NAME="DIR" VALUE="<?= $relDir ?>"><BR>
902 dpavlin 1.1 <INPUT TYPE="SUBMIT" NAME="POSTACTION" VALUE="CANCEL">
903     </FORM>
904     </TD></TR></TABLE></P>
905    
906     <?php
907     } // end function UploadPage
908    
909     //////////////////////////////////////////////////////////////////
910    
911     function Error($title,$text="") {
912     StartHTML("(".$title.")",$text) ;
913     echo "<P ALIGN=center>Hit your Browser's Back Button.</P>" ;
914     EndHTML() ;
915     exit ;
916     } // end function Error
917    
918     //////////////////////////////////////////////////////////////////
919    
920     function CreateHash($user, $pw) {
921    
922     global $gblHash ; // hash function to use
923    
924     if ($user == "" || $pw == "") {
925     $text = "either no password or no username supplied" ;
926     Error("Create Hash",$text) ;
927     }
928     $title = "(Create Hash)" ;
929     StartHTML($title) ;
930     echo "<P ALIGN=center>" ;
931     echo "<BLOCKQUOTE>Copy the value below and paste it " ;
932     echo "into the<BR>value for \$gblPw in the source of " ;
933     echo "this file<BR><BR><B>" . $gblHash($user.$pw) ;
934     echo "</B><BR><BR>Hash function: " . $gblHash ;
935     echo "</BLOCKQUOTE></P>" ;
936     EndHTML() ;
937     exit ;
938    
939     } // end function CreateHash
940    
941     //////////////////////////////////////////////////////////////////
942    
943     function NoEntry() {
944    
945     $user = $GLOBALS["PHP_AUTH_USER"] ;
946     $pw = $GLOBALS["PHP_AUTH_PW"] ;
947     $self = $GLOBALS["PHP_SELF"] ;
948    
949     $title = "(401 Unauthorized)" ;
950     $text = "No trespassing !" ;
951     StartHTML($title,$text) ;
952     ?>
953    
954 dpavlin 1.4 <FORM ACTION="<?= $self ?>?HASH=create" METHOD="POST">
955     <INPUT TYPE="HIDDEN" NAME="USER" VALUE="<?= $user ?>">
956     <INPUT TYPE="HIDDEN" NAME="PW" VALUE="<?= $pw ?>">
957 dpavlin 1.1
958     <BLOCKQUOTE><B>If you are a site administrator:</B><BR><BR>
959     Click below to <B>generate a password hash</B><BR>from
960     the username-password pair you just<BR>entered. Then include the hash in
961     the source<BR>of this file.<BR><BR>
962     <INPUT TYPE="SUBMIT" VALUE="CREATE HASH">
963     </BLOCKQUOTE></FORM>
964    
965     <?php
966     EndHTML() ;
967     exit ;
968     }
969    
970     //////////////////////////////////////////////////////////////////
971    
972 dpavlin 1.2 function Logit($target,$msg) {
973    
974     $dir=dirname($target);
975     if (! file_exists($dir."/.log")) {
976     mkdir($dir."/.log",0700);
977     }
978     $file=basename($target);
979    
980     $log=fopen("$dir/.log/$file","a+");
981     fputs($log,date("$GLOBALS[gblDateFmt]\t$GLOBALS[gblTimeFmt]").
982     "\t$GLOBALS[gblUserName]\t$msg\n");
983     fclose($log);
984    
985     }
986    
987    
988 dpavlin 1.4 //////////////////////////////////////////////////////////////////
989    
990     function WriteNote($target,$msg) {
991    
992     $dir=dirname($target);
993     if (! file_exists($dir."/.note")) {
994     mkdir($dir."/.note",0700);
995     }
996     $file=basename($target);
997    
998     $note=fopen("$dir/.note/$file","w");
999     fputs($note,"$msg\n");
1000     fclose($note);
1001    
1002     Logit($target,"added note $msg");
1003    
1004     }
1005    
1006     function ReadNote($target) {
1007    
1008     $dir=dirname($target);
1009     $file=basename($target);
1010     $msg="";
1011     if (file_exists($dir."/.note/$file")) {
1012     $note=fopen("$dir/.note/$file","r");
1013     $msg=fgets($note,4096);
1014     fclose($note);
1015     }
1016 dpavlin 1.6 return StripSlashes($msg);
1017 dpavlin 1.4
1018     }
1019    
1020     //////////////////////////////////////////////////////////////////
1021    
1022     function MoveTo($source,$folder) {
1023    
1024     $file=basename($source);
1025     if (! file_exists($folder)) {
1026     mkdir($folder,0700);
1027     }
1028     if (file_exists($source)) {
1029     rename($source,"$folder/$file");
1030     }
1031     }
1032 dpavlin 1.2
1033     //////////////////////////////////////////////////////////////////
1034    
1035 dpavlin 1.6 function Lock($target) {
1036    
1037     $dir=dirname($target);
1038     if (! file_exists($dir."/.lock")) {
1039     mkdir($dir."/.lock",0700);
1040     }
1041     $file=basename($target);
1042    
1043     if (file_exists("$dir/.lock/$file")) {
1044     Logit($target,"attempt to locked allready locked file!");
1045     } else {
1046     $lock=fopen("$dir/.lock/$file","w");
1047     fputs($lock,"$GLOBALS[gblUserName]\n");
1048     fclose($lock);
1049    
1050     Logit($target,"file locked");
1051     }
1052    
1053     }
1054    
1055     function CheckLock($target) {
1056    
1057     $dir=dirname($target);
1058     $file=basename($target);
1059     $msg=0;
1060     if (file_exists($dir."/.lock/$file")) {
1061     $lock=fopen("$dir/.lock/$file","r");
1062     $msg=fgets($lock,4096);
1063     fclose($lock);
1064     }
1065     return chop($msg);
1066    
1067     }
1068    
1069     function Unlock($target) {
1070    
1071     $dir=dirname($target);
1072     $file=basename($target);
1073     if (file_exists($dir."/.lock/$file")) {
1074     unlink("$dir/.lock/$file");
1075     Logit($target,"file unlocked");
1076     } else {
1077     Logit($target,"attempt to unlocked non-locked file!");
1078     }
1079    
1080     }
1081    
1082     //////////////////////////////////////////////////////////////////
1083    
1084 dpavlin 1.9 function urlpath($url) {
1085 dpavlin 1.8 $url=urlencode(StripSlashes("$url"));
1086 dpavlin 1.7 $url=str_replace("%2F","/",$url);
1087     $url=str_replace("+","%20",$url);
1088 dpavlin 1.9 return($url);
1089 dpavlin 1.7 }
1090    
1091     //////////////////////////////////////////////////////////////////
1092    
1093 dpavlin 1.8 function safe_rename($from,$to) {
1094     if (file_exists($from) && is_writable(dirname($to))) {
1095     rename($from,$to);
1096     }
1097     }
1098    
1099     //////////////////////////////////////////////////////////////////
1100    
1101 dpavlin 1.1 // MAIN PROGRAM
1102     // ============
1103     // query parameters: capital letters
1104     // local functions : begin with capital letters
1105     // global constants: begin with gbl
1106    
1107 dpavlin 1.2 $gblFilePerms = 0640 ; // default for new files
1108     $gblDirPerms = 0750 ; // default for new dirs
1109 dpavlin 1.1
1110     // phpinfo() ;
1111     // exit ;
1112    
1113     // forks before authentication: style sheet and hash
1114     // creation if password not yet set.
1115     if ($STYLE == "get") { CSS() ; exit ; }
1116     if ($HASH != "") {
1117     CreateHash($USER, $PW) ;
1118     exit ;
1119     }
1120    
1121     // authentication if $gblAuth == true
1122 dpavlin 1.2 if ( $gblAuth && $gblHash($PHP_AUTH_USER.$PHP_AUTH_PW) != $gblPw ||
1123     isset($relogin) && $gblPw == $relogin ) {
1124 dpavlin 1.1 header("WWW-authenticate: basic realm=\"$SERVER_NAME\"") ;
1125     header("HTTP/1.0 401 Unauthorized") ;
1126     NoEntry() ;
1127     exit ;
1128     }
1129    
1130     // get current directory relative to $gblFsRoot
1131     $relDir = $DIR ; // from POST
1132     if ($relDir == "") { // not defined in POST ?
1133     $relDir = urldecode($D) ; // then use GET
1134     }
1135    
1136     if ($relDir == "/") $relDir = "" ;
1137     // default : website root = ""
1138    
1139     if (strstr($relDir,"..")) Error("No updirs allowed");
1140    
1141     // full paths contain "fs" or "Fs". Paths realitve to root of
1142     // website contain "rel" or "Rel". The script won't let you
1143     // edit anything above directory equal to http://server.com
1144     // i.e. below $gblFsRoot.
1145    
1146     $relScriptDir = dirname($SCRIPT_NAME) ;
1147     // i.e. /siteman
1148    
1149     $fsScriptDir = dirname($SCRIPT_FILENAME) ;
1150     // i.e. /home/httpd/html/siteman
1151    
1152     $gblFsRoot = substr($fsScriptDir,0,
1153     strlen($fsScriptDir)-strlen($relScriptDir)) ;
1154     // i.e. /home/httpd/html
1155    
1156     $fsDir = $gblFsRoot . $relDir ; // current directory
1157     if ( !is_dir($fsDir) ) Error("Dir not found",$relDir) ;
1158    
1159     switch ($POSTACTION) {
1160     case "UPLOAD" :
1161 dpavlin 1.2 if (!is_writeable($fsDir)) Error("Write denied",$relDir) ;
1162 dpavlin 1.1 if (strstr($FN_name,"/"))
1163     Error("Non-conforming filename") ;
1164     // TODO : should rather check for escapeshellcmds
1165     // but maybe RFC 18xx asserts safe filenames ....
1166     $source = $FN ;
1167 dpavlin 1.6 if (! isset($FILENAME)) { // from update file
1168     $target = "$fsDir/$FN_name" ;
1169     } else {
1170     $target = "$fsDir/$FILENAME";
1171     }
1172 dpavlin 1.2
1173     // backup old files first
1174     $dir=dirname($target);
1175     if (! file_exists($dir."/.bak")) {
1176     mkdir($dir."/.bak",0700);
1177     }
1178     if (! file_exists($dir."/.bak/$GLOBALS[gblNumBackups]")) {
1179     mkdir($dir."/.bak/$GLOBALS[gblNumBackups]",0700);
1180     }
1181     $file=basename($target);
1182     for($i=$GLOBALS[gblNumBackups]-1;$i>0;$i--) {
1183 dpavlin 1.4 MoveTo("$dir/.bak/$i/$file","$dir/.bak/".($i+1)."/");
1184 dpavlin 1.2 }
1185 dpavlin 1.6 MoveTo($target,$dir."/.bak/1/");
1186 dpavlin 1.2
1187     copy($source,$target) ;
1188     chmod($target,$gblFilePerms) ;
1189 dpavlin 1.1 clearstatcache() ;
1190 dpavlin 1.2 Logit($target,"uploaded");
1191 dpavlin 1.6 if (isset($FILENAME)) {
1192     Unlock($target);
1193     }
1194 dpavlin 1.1 break ;
1195    
1196     case "SAVE" :
1197     $path = $gblFsRoot . escapeshellcmd($RELPATH) ;
1198 dpavlin 1.2 $writable = is_writeable($path) ;
1199     $legaldir = is_writeable(dirname($path)) ;
1200 dpavlin 1.1 $exists = (file_exists($path)) ? 1 : 0 ;
1201     // check for legal extension here as well
1202     if (!($writable || (!$exists && $legaldir)))
1203     Error("Write denied",$RELPATH) ;
1204     $fh = fopen($path, "w") ;
1205     fwrite($fh,$FILEDATA) ;
1206     fclose($fh) ;
1207     clearstatcache() ;
1208 dpavlin 1.2 Logit($path,"saved changes");
1209 dpavlin 1.1 break ;
1210    
1211     case "CREATE" :
1212     // we know $fsDir exists
1213 dpavlin 1.2 if ($FN == "") break; // no filename!
1214     if (!is_writeable($fsDir)) Error("Write denied",$relDir) ;
1215 dpavlin 1.1 $path = $fsDir . "/" . $FN ; // file or dir to create
1216     $relPath = $relDir . "/" . $FN ;
1217     switch ( $T ) {
1218     case "D" : // create a directory
1219 dpavlin 1.6 if ( ! @mkdir($path,$gblDirPerms) )
1220     Error("Mkdir failed",$relPath) ; // eg. if it exists
1221     clearstatcache() ;
1222     break ;
1223 dpavlin 1.1 case "F" : // create a new file
1224     // this functionality is doubled in DetailView().
1225     // better keep it here altogether
1226     // chmod perms to $gblFilePerms
1227 dpavlin 1.6 if ( file_exists($path) && !is_writable($path) )
1228     Error("File not writable", $relPath) ;
1229     $fh = fopen($path, "w+") ;
1230     if ($fh) {
1231     fputs($fh,"\n");
1232     fclose($fh) ;
1233     LogIt($path,"file created");
1234     } else {
1235     Error("Creation of file $relPath failed -- $path");
1236     }
1237     $tstr = "$PHP_SELF?A=E&D=".urlencode($relDir)."&F=".urlencode($FN) ;
1238     header("Location: " . $tstr) ;
1239     exit ;
1240 dpavlin 1.1 }
1241     break ;
1242    
1243     case "DELETE" :
1244     if ( $CONFIRM != "on" ) break ;
1245    
1246     $tstr = "Attempt to delete non-existing object or " ;
1247     $tstr .= "insufficient privileges: " ;
1248    
1249     if ( $FN != "") { // delete file
1250 dpavlin 1.2 $path = $fsDir . "/" . $FN ;
1251    
1252     $dir=dirname($path);
1253     $file=basename($path);
1254     if (! file_exists("$dir/.del")) {
1255     mkdir("$dir/.del",0700);
1256     }
1257    
1258     // if ( ! @unlink($path) ) {
1259     if ( ! rename($path,"$dir/.del/$file") ) {
1260     Error("File delete failed", $tstr . $path) ;
1261     Logit($path,"file delete failed");
1262     exit ;
1263     } else {
1264     Logit($path,"file deleted");
1265 dpavlin 1.4 MoveTo("$dir/.log/$file","$dir/.del/.log/");
1266     MoveTo("$dir/.note/$file","$dir/.del/.note/");
1267 dpavlin 1.6 MoveTo("$dir/.lock/$file","$dir/.del/.lock/");
1268 dpavlin 1.2 }
1269 dpavlin 1.1 }
1270     else { // delete directory
1271     if ( ! @rmdir($fsDir) ) {
1272     Error("Rmdir failed", $tstr . $fsDir) ;
1273     }
1274     else {
1275     $relDir = dirname($relDir) ; // move up
1276     }
1277     }
1278     break ;
1279    
1280 dpavlin 1.2 case "UNDELETE" :
1281     if ( $CONFIRM != "on" ) break ;
1282    
1283     if (substr($FN,0,4) != ".del") break ;
1284     $file=substr($FN,4,strlen($FN)-4);
1285    
1286     Logit("$fsDir/.del/$file","undeleted");
1287 dpavlin 1.4 MoveTo("$fsDir/.del/$file","$fsDir/");
1288     MoveTo("$fsDir/.del/.log/$file","$fsDir/.log/");
1289     MoveTo("$fsDir/.del/.note/$file","$fsDir/.note/");
1290 dpavlin 1.6 MoveTo("$fsDir/.del/.lock/$file","$fsDir/.lock/");
1291 dpavlin 1.2
1292     break ;
1293    
1294     case "RENAME" :
1295     if ( $CONFIRM != "on" ) break ;
1296    
1297     Logit("$fsDir/$FN","renamed $FN to $NEWNAME");
1298 dpavlin 1.8 safe_rename("$fsDir/$FN","$fsDir/$NEWNAME");
1299     safe_rename("$fsDir/.log/$FN","$fsDir/.log/$NEWNAME");
1300     safe_rename("$fsDir/.note/$FN","$fsDir/.note/$NEWNAME");
1301     safe_rename("$fsDir/.lock/$FN","$fsDir/.lock/$NEWNAME");
1302 dpavlin 1.11 for($i=0;$i<=$GLOBALS[gblNumBackups];$i++) {
1303     safe_rename("$fsDir/.bak/$i/$FN","$fsDir/.bak/$i/$NEWNAME");
1304     }
1305 dpavlin 1.2
1306 dpavlin 1.4 break ;
1307    
1308     case "NOTE" :
1309     WriteNote("$fsDir/$FN","$NOTE");
1310 dpavlin 1.2 break ;
1311    
1312 dpavlin 1.6 case "UNLOCK" :
1313     if ( $CONFIRM != "on" ) break ;
1314     Unlock("$fsDir/$FN");
1315     break ;
1316    
1317 dpavlin 1.1 default :
1318     // user hit "CANCEL" or undefined action
1319     }
1320    
1321     // common to all POSTs : redirect to directory view ($relDir)
1322     if ( $POSTACTION != "" ) {
1323     $tstr = $PHP_SELF . "?D=" . urlencode($relDir) ;
1324     header("Location: " . $tstr) ;
1325     exit ;
1326     }
1327    
1328     // check for mode.. navigate, code display, upload, or detail?
1329     // $A=U : upload to path given in $D
1330     // $A=E : display detail of file $D/$F and edit
1331     // $A=C : display code in file $D/$F
1332 dpavlin 1.6 // $A=Co : checkout file $D/$F
1333     // $A=Ci : checkin file $D/$F
1334     // $A=V : view file (do nothing except log)
1335 dpavlin 1.1 // default : display directory $D
1336    
1337     switch ($A) {
1338     case "U" :
1339     // upload to $relDir
1340 dpavlin 1.2 if (!is_writeable($gblFsRoot . $relDir))
1341 dpavlin 1.1 Error("Write access denied",$relDir) ;
1342     $text = "Use this page to upload a single " ;
1343     $text .= "file to <B>$SERVER_NAME</B>." ;
1344     StartHTML("(Upload Page)", $text) ;
1345     UploadPage($gblFsRoot, $relDir) ;
1346     EndHTML() ;
1347     exit ;
1348     case "E" :
1349     // detail of $relDir/$F
1350 dpavlin 1.2 if (is_file("$gblFsRoot/$relDir/$F")) DetailPage($gblFsRoot, $relDir, $F) ;
1351 dpavlin 1.1 exit ;
1352     case "C" :
1353     // listing of $relDir/$F
1354     DisplayCode($gblFsRoot, $relDir, $F) ;
1355     exit ;
1356 dpavlin 1.6 case "Co" :
1357     // checkout
1358     Lock("$gblFsRoot/$relDir/$F");
1359 dpavlin 1.9 Header("Location: ".urlpath("$relDir/$F"));
1360 dpavlin 1.6 exit;
1361     case "Ci" :
1362     // upload && update to $relDir
1363     if (!is_writeable($gblFsRoot . $relDir))
1364     Error("Write access denied",$relDir) ;
1365     $text = "Use this page to update a single " ;
1366     $text .= "file to <B>$SERVER_NAME</B>." ;
1367     StartHTML("(Update file Page)", $text) ;
1368     UploadPage($gblFsRoot, $relDir, $F) ;
1369     EndHTML() ;
1370     exit ;
1371     case "V" :
1372     // view
1373 dpavlin 1.9 LogIt("$gblFsRoot/$relDir/$F","viewed");
1374     Header("Location: ".urlpath("$relDir/$F"));
1375 dpavlin 1.6 exit;
1376 dpavlin 1.1 }
1377    
1378     // default: display directory $relDir
1379     Navigate($gblFsRoot,$relDir) ;
1380     exit ;
1381    
1382     Error("Whooah!","By cartesian logic, this never happens") ;
1383     ?>

  ViewVC Help
Powered by ViewVC 1.1.26