/[docman]/docman.php
This is repository of my old source code which isn't updated any more. Go to git.rot13.org for current projects!
ViewVC logotype

Annotation of /docman.php

Parent Directory Parent Directory | Revision Log Revision Log


Revision 1.13 - (hide annotations)
Wed Sep 6 10:49:15 2000 UTC (22 years, 5 months ago) by dpavlin
Branch: MAIN
Changes since 1.12: +7 -5 lines
extract info file into .info.inc

1 dpavlin 1.1 <?php
2    
3     /* Copyright 1999 by John Martin d/b/a www.ANYPORTAL.com */
4     /* All Rights Reserved. */
5     /* */
6     /* This software is freeware and is not in the public domain. */
7     /* You are hereby granted the right to freely distribute this */
8     /* software as long as this copyright notice remains in place. */
9     /* */
10     /* Comments or suggestions? email: andmore@alief.com */
11     /* */
12     /* This is the PHP port: AnyPortal(php)-0.1 */
13     /* ======================================== */
14     /* */
15     /* PHP version 2000 by Stefan@Wiesendanger.org */
16     /* No Rights Reserved. What for, anyhow ? */
17     /* */
18     /* Date Remarks */
19     /* --------- ----------------------------------------------- */
20     /* 25 MAY 99 original ASP version */
21     /* 17 SEP 99 change upload from SA-FILEUP to aspSmartUpload */
22     /* 10 APR 00 simplified PHP3 version */
23     /* 18 APR 00 most of PHP3 port working. Slight modifications */
24     /* 22 APR 00 modified syntax highlighting, no absolute paths */
25     /* revealed, PHP builtin authentication, global */
26     /* style sheet as callback, use apache default */
27     /* icons as an alternative to the wingdings font. */
28     /* 25 APR 00 catch some exceptions (not foolproof yet) */
29     /* 26 APR 00 catch some more exceptions, implicit copy */
30     /* function by saving somewhere else in the detail */
31     /* view, MD5 hashed password. */
32     /* 27 APR 00 Fixed authentication bug */
33     /* 12 MAY 00 Fixed trouble with exec() with newer versions of */
34     /* PHP3. Fixed bug which would send you to a non- */
35     /* existent address after file modifications. */
36    
37 dpavlin 1.2 /*
38     2000-07-25 Dobrica Pavlinusic <dpavlin@rot13.org>
39    
40     nuked exec calls (unsecure)
41     nuked writeable function (replaced by php is_writeable)
42     added support for https (tested with apache+mod_ssl)
43     added users file
44     date format user-selectable
45     cycle backup files in bak directory
46     support links as directoryes (for now)
47     support of file history logging
48     undelete capabilities (delete moves to .del directory)
49    
50     2000-07-26 DbP
51    
52     added more checking on entered filename (when creating file/dir)
53     added rename option
54    
55    
56     IMPORTANT INSTALLATION NOTE:
57     deny serving of .* (dot-something) files in web server!
58     Otherwise, uses can access your log files, users and/or
59     deleted files!
60    
61     .htusers is in form:
62     login:Real Name:md5(loginpassword)
63    
64    
65     TODO:
66     mixed file/directory output (add type to each entry,
67     real support for links)
68 dpavlin 1.9 retrieve old versions of files (overwritten)
69 dpavlin 1.13 show last lock date
70    
71 dpavlin 1.2 */
72    
73 dpavlin 1.1 //////////////////////////////////////////////////////////////////
74    
75     // TODO : Don't let the file be modified itself. Create a hash of
76     // it (kinda hard since it's self-referential ;-). Make better use
77     // of session management. Escapeshellcmd for all user input.
78    
79     //////////////////////////////////////////////////////////////////
80    
81     // GLOBAL PARAMETERS
82     // =================
83     // Make modifications here to suit siteman to your needs
84    
85     // error_reporting(4) ; // how verbose ?
86    
87     // username/password should not be system
88     // usernames/passwords !!
89    
90 dpavlin 1.2 // $gblPw = "hash_of_your_username_and_password" ;
91    
92     // $gblAuth = false ; // use builtin authentication
93     $gblAuth = true ; // use builtin authentication
94 dpavlin 1.1 $gblHash = "md5" ; // hash function to use
95    
96 dpavlin 1.2 $gblPw = "";
97    
98     if ($gblAuth) {
99 dpavlin 1.3 $htusers_file=dirname($SCRIPT_FILENAME)."/.htusers";
100     if (! file_exists($htusers_file)) {
101     $htusers=fopen($htusers_file,"a+");
102     fputs($htusers,"# Change owner of $htusers_file to root !!\n");
103     fputs($htusers,"demo:full name:md5_hash\n");
104     fclose($htusers);
105     }
106     $htusers=fopen($htusers_file,"r");
107 dpavlin 1.2 while($user = fgetcsv($htusers,255,":")) {
108     if ($user[0] == $GLOBALS["PHP_AUTH_USER"]) {
109     $gblUserName=$user[1];
110     $gblPw=$user[2];
111     continue ;
112     }
113     }
114     fclose($htusers);
115     }
116    
117     // $gblDateFmt="D, F d, Y";
118     // $gblTimeFmt="g:i:sA";
119    
120     $gblDateFmt="Y-m-d";
121     $gblTimeFmt="H:i:s";
122    
123     // Number of backup files to keep
124     $gblNumBackups=5;
125    
126 dpavlin 1.1 // choose GifIcon below unless you have the M$
127     // WingDings font installed on your system
128    
129     $gblIcon = "GifIcon" ; // MockIcon or GifIcon
130    
131     // the directory below should be /icons/ or /icons/small/
132     // on Apache; a set of icons is included in the distribution
133    
134 dpavlin 1.3 $gblIconLocation = "/icons/" ;
135 dpavlin 1.1
136     // files you want to be able to edit in text mode
137     // and view with (primitive) syntax highlighting
138    
139     $gblEditable = array( ".txt",".asa",".asp",".htm",".html",
140     ".cfm",".php3",".php",".phtml",
141     ".shtml",".css" ) ;
142    
143     // files that will display as images on the detail page
144     // (useless if your browser doesn't support them)
145    
146     $gblImages = array( ".jpg",".jpeg",".gif",".png",".ico",
147     ".bmp",".xbm") ;
148    
149     //////////////////////////////////////////////////////////////////
150    
151     function StartHTML($title,$text="") {
152    
153     $title = "Site Manager " . $title ;
154     $host = $GLOBALS["HTTP_HOST"] ;
155     $self = $GLOBALS["PHP_SELF"] ;
156     ?>
157    
158     <HTML>
159     <HEAD>
160 dpavlin 1.4 <TITLE><?= $host . " " . $title ?></TITLE>
161 dpavlin 1.1 <META NAME="description" CONTENT="PHP port of AnyPortal Site Manager">
162     <META NAME="keywords" CONTENT="site manager, web site maintenance">
163     <META NAME="robots" CONTENT="noindex">
164     <META HTTP-EQUIV="expires" CONTENT="0">
165     <LINK REL="stylesheet" TYPE="text/css"
166 dpavlin 1.4 HREF="<?= $self ?>?STYLE=get">
167 dpavlin 1.1 </HEAD>
168     <BODY BGCOLOR="#FFFFFF">
169 dpavlin 1.4 <H3 ALIGN="RIGHT"><?= $host ?></H3>
170 dpavlin 1.1 <TABLE BORDER=0 WIDTH="100%"><TR>
171 dpavlin 1.4 <TD CLASS=INV><?= $title ?></TD></TR></TABLE>
172     <P><?= $text ?></P>
173 dpavlin 1.1
174     <?php
175     } // end function StartHTML
176    
177     //////////////////////////////////////////////////////////////////
178    
179     function EndHTML() {
180     ?>
181    
182     <HR>
183     <P CLASS=FTR>
184 dpavlin 1.2 <B><?= date($GLOBALS[gblDateFmt]) ?> -
185     <?= date($GLOBALS[gblTimeFmt]) ?> -
186     <?= $GLOBALS[gblUserName] ?>
187 dpavlin 1.6 <small> [<a href="<?= $GLOBALS["PHP_SELF"] ?>?relogin=<?= $GLOBALS[gblPw] ?>">logout</a>]</small>
188 dpavlin 1.2 </B>
189     <BR>ANYPORTAL(php) Site Manager
190     <br><small>
191     &copy; 1999 by <A HREF="http://www.anyportal.com">ANYPORTAL</A>,
192     &copy; 2000 by <A HREF="http://da.nger.org">d@nger.org</A>,
193     &copy; 2000 by <A HREF="http://www.rot13.org/~dpavlin/">DbP</A>
194     </small>
195 dpavlin 1.1 </P>
196 dpavlin 1.2 <BR>
197 dpavlin 1.9 <? //include(".debug.inc") ?>
198 dpavlin 1.2 <BR><BR></BODY></HTML>
199 dpavlin 1.1
200     <?php
201     } // end function EndHTML
202    
203     //////////////////////////////////////////////////////////////////
204    
205     function CSS() {
206     ?>
207    
208 dpavlin 1.2 BODY,TD,P,H1,H2,H3 { font-family:Verdana,Helvetica,Arial,sans-serif; }
209 dpavlin 1.1 .BLK { color:black; }
210     .RED { color:red; }
211     .TOP { color:red; font-size:70%; } /* table headings */
212     .INV { color:white; background-color:navy;
213     font-weight:bold; font-size:120%; } /* title */
214     .FTR { } /* footer */
215     .LST { background-color:#E0E0E0; } /* table cells */
216     .BAR { background-color:#E0E0E0; } /* action bar */
217     PRE { color:blue; font-family:Lucida Console,Courier New,
218     Courier,sans-serif; } /* source code */
219     EM { color:green; font-style:normal; } /* line numbers */
220     .REM { color:silver; }
221     .XML { color:navy; background-color:yellow; }
222     .MCK { color:red; font-family:WingDings; } /* Mock Icons */
223     A:HOVER { color:red; }
224    
225     <?php
226     } // end function CSS
227    
228     //////////////////////////////////////////////////////////////////
229    
230     function DetailPage($fsRoot,$relDir,$fn) {
231    
232     global $gblEditable, $gblImages ;
233     $self = $GLOBALS["PHP_SELF"] ;
234    
235     $relPath = $relDir . "/" . $fn ;
236     $fsPath = $fsRoot . $relPath ;
237     $fsDir = $fsRoot . $relDir ;
238    
239     $exists = file_exists($fsPath) ;
240     $ext = strtolower(strrchr($relPath,".")) ;
241     $editable = ( $ext=="" || strstr(join(" ",$gblEditable),$ext)) ;
242 dpavlin 1.2 $writable = is_writeable($fsPath) ;
243 dpavlin 1.6 $file_lock = CheckLock($fsPath);
244 dpavlin 1.1
245     if (!$editable && !$exists)
246     Error("Creation unsupported for type",$relPath) ;
247 dpavlin 1.2 if (!exists && !is_writeable($fsDir) )
248 dpavlin 1.1 Error("Creation denied",$relDir) ;
249    
250     $text = "Use this page to view, modify or " ;
251     $text .= "delete a single document on this " ;
252     $text .= "web site." ;
253     $title = "(Detail Page)" ;
254     StartHTML($title, $text) ;
255    
256     echo "<H3>" . $relDir . "/" . $fn . "</H3>" ;
257     if ($exists) { // get file info
258 dpavlin 1.4 $fsize = filesize($fsPath) ;
259     $fmodified = date("$GLOBALS[gblDateFmt] $GLOBALS[gblTimeFmt]", filemtime($fsPath)) ;
260     $faccessed = date("$GLOBALS[gblDateFmt] $GLOBALS[gblTimeFmt]", fileatime($fsPath)) ;
261     echo "<PRE> file size: " . $fsize . " Bytes<BR>" ;
262     echo "last modified: <B>" . $fmodified . "</B><BR>" ;
263     echo "last accessed: <B>" . $faccessed . "</B><BR>" ;
264     echo " owner: <B>" . fileowner($fsPath) . "</B><BR>" ;
265     echo " group: <B>" . filegroup($fsPath) . "</B><BR>" ;
266     echo " permissions: <B>" ;
267     echo printf( "%o", fileperms($fsPath) ) . "</B>" ;
268     echo "</PRE>" ;
269 dpavlin 1.2
270 dpavlin 1.1 }
271    
272 dpavlin 1.6 if ( $editable && ($writable || !$exists) && !$file_lock ) {
273 dpavlin 1.1 $fh = fopen($fsPath,"a+") ;
274     rewind($fh) ;
275     $fstr = fread($fh,filesize($fsPath)) ;
276     fclose($fh) ;
277     $fstr = htmlentities( $fstr ) ;
278     ?>
279    
280 dpavlin 1.4 <FORM ACTION="<?= $self ; ?>" METHOD="POST">
281 dpavlin 1.1 <SPAN TITLE="Click [SAVE] to store updated contents.">
282     <B>DOCUMENT CONTENTS</B>
283     </SPAN><BR>
284     <TEXTAREA NAME="FILEDATA" ROWS=18 COLS=70 WRAP="OFF"><?php
285     echo($fstr) ; ?></TEXTAREA>
286 dpavlin 1.4 <INPUT TYPE="HIDDEN" NAME="DIR" VALUE="<?= $relDir ; ?>">
287     <INPUT TYPE="HIDDEN" NAME="FN" VALUE="<?= $fn ; ?>">
288 dpavlin 1.1 <INPUT TYPE="HIDDEN" NAME="POSTACTION" VALUE="SAVE">
289 dpavlin 1.2 <INPUT TYPE="HIDDEN" SIZE=48 MAXLENGTH=255 NAME="RELPATH"
290 dpavlin 1.4 VALUE="<?= $relPath ; ?>">
291 dpavlin 1.2 <br>
292     <INPUT TYPE="RESET" VALUE="UNDO ALL CHANGES">
293 dpavlin 1.1 <INPUT TYPE="SUBMIT" VALUE="SAVE">
294     </FORM>
295    
296     <?php
297 dpavlin 1.9 }
298     if ( !$file_lock && strstr(join(" ",$gblImages),$ext) ) {
299 dpavlin 1.6 $info = getimagesize($fsPath) ;
300 dpavlin 1.9 $tstr = "<IMG SRC=\"".urlpath($relPath)."\" BORDER=0 " ;
301 dpavlin 1.6 $tstr .= $info[3] . " ALT=\"" . $fn . " - " ;
302     $tstr .= (int)(($fsize+1023)/1024) . "Kb\">" ;
303 dpavlin 1.9 // echo htmlentities($tstr) . "<BR><BR>" . $tstr ;
304     echo $tstr ;
305 dpavlin 1.1 }
306 dpavlin 1.6
307 dpavlin 1.1 ?>
308    
309 dpavlin 1.4 <FORM ACTION="<?= $self ; ?>" METHOD="POST">
310     <INPUT TYPE="HIDDEN" NAME="DIR" VALUE="<?= $relDir ; ?>">
311     <INPUT TYPE="HIDDEN" NAME="FN" VALUE="<?= $fn ; ?>">
312 dpavlin 1.1 <INPUT TYPE="SUBMIT" NAME="POSTACTION" VALUE="CANCEL"><BR>
313    
314     <?php
315 dpavlin 1.6
316     if ($file_lock) {
317     ?>
318     <hr>
319     <SPAN TITLE="Check OK and click UNLOCK to remove lock on file.">
320     <B>OK TO FORCE LOCK REMOVAL ON "<?= $fn ; ?>" HELD BY <?= $file_lock ?>? </B></SPAN>
321     <INPUT TYPE="CHECKBOX" NAME="CONFIRM">
322     <INPUT TYPE="SUBMIT" NAME="POSTACTION" VALUE="UNLOCK">
323     <?
324     } // file_lock
325    
326 dpavlin 1.2 if (substr($fn,0,4) == ".del") {
327     $action="UNDELETE";
328     $desc="undelete previously deleted file";
329     } else {
330     $action="DELETE";
331     $desc="delete";
332     }
333    
334 dpavlin 1.1 if ($exists && $writable) {
335     ?>
336    
337 dpavlin 1.4 <HR>
338     <a name="undelete">
339     <SPAN TITLE="Check OK and click [<?= $action ?>] to <?= $desc ?>.">
340     <B>OK TO <?= $action ?> "<?= $fn ; ?>"? </B></SPAN>
341 dpavlin 1.2 <INPUT TYPE="CHECKBOX" NAME="CONFIRM">
342     <INPUT TYPE="SUBMIT" NAME="POSTACTION" VALUE="<?= $action ?>">
343    
344 dpavlin 1.4 <HR>
345     <a name="rename">
346     <SPAN TITLE="Check OK and click [RENAME] to rename.">
347     <B>OK TO RENAME "<?= $fn ; ?>" TO
348 dpavlin 1.2 <INPUT TYPE="TEXT" SIZE=24 MAXLENGTH=255 NAME="NEWNAME" VALUE="<?= $fn ?>">
349     ? </B></SPAN>
350 dpavlin 1.1 <INPUT TYPE="CHECKBOX" NAME="CONFIRM">
351 dpavlin 1.2 <INPUT TYPE="SUBMIT" NAME="POSTACTION" VALUE="RENAME">
352 dpavlin 1.1
353 dpavlin 1.5 <?php
354     } // exists && writable
355     ?>
356 dpavlin 1.4 <HR>
357     <a name="note">
358     <B>NOTE FOR "<?= $fn ; ?>":
359     <INPUT TYPE="TEXT" SIZE=50 MAXLENGTH=255 NAME="NOTE" VALUE="<?= ReadNote($fsPath) ?>">
360     </B></SPAN>
361     <INPUT TYPE="SUBMIT" NAME="POSTACTION" VALUE="NOTE">
362    
363 dpavlin 1.5 </FORM>
364    
365 dpavlin 1.1 <?php
366 dpavlin 1.5
367 dpavlin 1.10 $name=basename("$fsDir/$fn");
368     $logname=dirname("$fsDir/$fn")."/.log/$name";
369     $bakdir=dirname("$fsDir/$fn")."/.bak";
370 dpavlin 1.2 if (file_exists($logname)) {
371     $log=fopen($logname,"r");
372     $cl1=" class=lst"; $cl2="";
373 dpavlin 1.10 $logarr = array();
374 dpavlin 1.2 while($line = fgetcsv($log,255,"\t")) {
375     $cl=$cl1; $cl1=$cl2; $cl2=$cl;
376 dpavlin 1.10 array_unshift($logarr,array($cl,$line[0],$line[1],$line[2],$line[3]));
377 dpavlin 1.2 }
378     fclose($log);
379 dpavlin 1.10 print "<hr><br><b>CHANGES TO THIS FILE</b><br><table border=0 width=100%>\n";
380     $bakcount = 0; // start from 0, skip fist backup (it's current)
381     while ($e = array_shift($logarr)) {
382     if (strstr($e[4],"upload")) {
383     if (file_exists("$bakdir/$bakcount/$name")) {
384     $e[4]="<a href=\"".dirname($relPath)."/.bak/$bakcount/$name\">$e[4]</a>";
385     }
386     $bakcount++;
387     }
388     print "<tr><td$e[0]>$e[1]</td><td$e[0]>$e[2]</td><td$e[0]>$e[3]</td><td$e[0]>$e[4]</td></tr>\n";
389     }
390 dpavlin 1.2 print "</table>";
391     }
392    
393 dpavlin 1.1 EndHTML() ;
394    
395     } // end function DetailPage
396    
397     //////////////////////////////////////////////////////////////////
398    
399     function DisplayCode($fsRoot,$relDir,$fn) {
400    
401     $path = $fsRoot . $relDir . "/" . $fn ;
402    
403     if (!file_exists($path)) Error("File not found",$path) ;
404    
405     StartHTML("(".$relDir."/".$fn.")","");
406    
407     $tstr = join("",file($path)) ;
408     $tstr = htmlentities($tstr) ;
409    
410     // Tabs
411     $tstr = str_replace(chr(9)," ",$tstr) ;
412    
413     // ASP tags & XML/PHP tags
414     $aspbeg = "<SPAN CLASS=XML>&lt;%</SPAN><SPAN CLASS=BLK>" ;
415     $aspend = "</SPAN><SPAN CLASS=XML>%&gt;</SPAN>" ;
416     $tstr = str_replace("&lt;%",$aspbeg,$tstr) ;
417     $tstr = str_replace("%&gt;",$aspend,$tstr) ;
418    
419     $xmlbeg = "<SPAN CLASS=XML>&lt;?</SPAN><SPAN CLASS=BLK>" ;
420     $xmlend = "</SPAN><SPAN CLASS=XML>?&gt;</SPAN>" ;
421     $tstr = str_replace("&lt;?",$xmlbeg,$tstr) ;
422     $tstr = str_replace("?&gt;",$xmlend,$tstr) ;
423    
424     // C style comment
425     $tstr = str_replace("/*","<SPAN CLASS=REM>/*",$tstr) ;
426     $tstr = str_replace("*/","*/</SPAN>",$tstr) ;
427    
428     // HTML comments
429     $tstr = str_replace("&lt;!--","<I CLASS=RED>&lt;!--",$tstr) ;
430     $tstr = str_replace("--&gt;","--&gt;</I>",$tstr) ;
431    
432     echo "<PRE>" ;
433    
434     $tstr = split("\n",$tstr) ;
435     for ($i = 0 ; $i < sizeof($tstr) ; ++$i) {
436     // add line numbers
437     echo "<BR><EM>" ;
438     echo substr(("000" . ($i+1)), -4) . ":</EM> " ;
439     $line = $tstr[$i] ;
440     // C++ style comments
441     $pos = strpos($line,"//") ;
442     // exceptions: two slashes aren't a script comment
443     if (strstr($line,"//") &&
444     ! ($pos>0 && substr($line,$pos-1,1)==":") &&
445     ! (substr($line,$pos,8) == "//--&gt;") &&
446     ! (substr($line,$pos,9) == "// --&gt;")) {
447     $beg = substr($line,0,strpos($line,"//")) ;
448     $end = strstr($line,"//") ;
449     $line = $beg."<SPAN CLASS=REM>".$end."</SPAN>";
450     }
451     // shell & asp style comments
452     $first = substr(ltrim($line),0,1) ;
453     if ($first == "#" || $first == "'") {
454     $line = "<SPAN CLASS=REM>".$line."</SPAN>";
455     }
456     print($line) ;
457     } // next i
458    
459     echo "</PRE>" ;
460    
461     EndHTML() ;
462    
463     } // end function DisplayCode
464    
465     //////////////////////////////////////////////////////////////////
466    
467     function MockIcon($txt) {
468     $tstr = "<SPAN CLASS=MCK>" ;
469    
470     switch (strtolower($txt)) {
471     case ".bmp" :
472     case ".gif" :
473     case ".jpg" :
474     case ".jpeg":
475     case ".tif" :
476     case ".tiff":
477     $d = 176 ;
478     break ;
479     case ".doc" :
480     $d = 50 ;
481     break ;
482     case ".exe" :
483     case ".bat" :
484     $d = 255 ;
485     break ;
486     case ".bas" :
487     case ".c" :
488     case ".cc" :
489     case ".src" :
490     $d = 255 ;
491     break ;
492     case "file" :
493     $d = 51 ;
494     break ;
495     case "fldr" :
496     $d = 48 ;
497     break ;
498     case ".htm" :
499     case ".html":
500     case ".asa" :
501     case ".asp" :
502     case ".cfm" :
503     case ".php3":
504     case ".php" :
505     case ".phtml" :
506     case ".shtml" :
507     $d = 182 ;
508     break ;
509     case ".pdf" :
510     $d = 38 ;
511     break;
512     case ".txt" :
513     case ".ini" :
514     $d = 52 ;
515     break ;
516     case ".xls" :
517     $d = 252 ;
518     break ;
519     case ".zip" :
520     case ".arc" :
521     case ".sit" :
522     case ".tar" :
523     case ".gz" :
524     case ".tgz" :
525     case ".Z" :
526     $d = 59 ;
527     break ;
528     case "view" :
529     $d = 52 ;
530     break ;
531     case "up" :
532     $d = 199 ;
533     break ;
534     case "blank" :
535     return "&nbsp;&nbsp;</SPAN>" ;
536     break ;
537     default :
538     $d = 51 ;
539     }
540    
541     return $tstr . chr($d) . "</SPAN>" ;
542     } // end function MockIcon
543    
544     //////////////////////////////////////////////////////////////////
545    
546     function GifIcon($txt) {
547     global $gblIconLocation ;
548    
549     switch (strtolower($txt)) {
550     case ".bmp" :
551     case ".gif" :
552     case ".jpg" :
553     case ".jpeg":
554     case ".tif" :
555     case ".tiff":
556     $d = "image2.gif" ;
557     break ;
558     case ".doc" :
559     $d = "layout.gif" ;
560     break ;
561     case ".exe" :
562     case ".bat" :
563     $d = "screw2.gif" ;
564     break ;
565     case ".bas" :
566     case ".c" :
567     case ".cc" :
568     case ".src" :
569     $d = "c.gif" ;
570     break ;
571     case "file" :
572     $d = "generic.gif" ;
573     break ;
574     case "fldr" :
575     $d = "dir.gif" ;
576     break ;
577     case ".phps" :
578     $d = "phps.gif" ;
579     break ;
580     case ".php3" :
581     $d = "php3.gif" ;
582     break ;
583     case ".htm" :
584     case ".html":
585     case ".asa" :
586     case ".asp" :
587     case ".cfm" :
588     case ".php3":
589     case ".php" :
590     case ".phtml" :
591     case ".shtml" :
592     $d = "world1.gif" ;
593     break ;
594     case ".pdf" :
595     $d = "pdf.gif" ;
596     break;
597     case ".txt" :
598     case ".ini" :
599     $d = "text.gif" ;
600     break ;
601     case ".xls" :
602     $d = "box2.gif" ;
603     break ;
604     case ".zip" :
605     case ".arc" :
606     case ".sit" :
607     case ".tar" :
608     case ".gz" :
609     case ".tgz" :
610     case ".Z" :
611     $d = "compressed.gif" ;
612     break ;
613     case "view" :
614     $d = "index.gif" ;
615     break ;
616     case "up" :
617     $d = "back.gif" ;
618     break ;
619     case "blank" :
620     $d = "blank.gif" ;
621     break ;
622 dpavlin 1.4 case "checkout":
623 dpavlin 1.6 $d = "box2.gif";
624 dpavlin 1.4 break;
625     case "checkin":
626 dpavlin 1.6 $d = "hand.up.gif";
627     break;
628     case "locked":
629     $d = "screw2.gif";
630 dpavlin 1.4 break;
631     case "note":
632     $d = "quill.gif";
633     break;
634 dpavlin 1.1 default :
635     $d = "generic.gif" ;
636     }
637    
638     return "<IMG SRC=\"$gblIconLocation" . $d . "\" BORDER=0>" ;
639     } // end function GifIcon
640    
641     //////////////////////////////////////////////////////////////////
642    
643     function Navigate($fsRoot,$relDir) {
644    
645     global $gblEditable, $gblIcon ;
646    
647     $self = $GLOBALS["PHP_SELF"] ;
648 dpavlin 1.2 if (isset($GLOBALS["HTTPS"]) && $GLOBALS["HTTPS"] == "on") {
649     $webRoot = "https://" . $GLOBALS["SERVER_NAME"] ;
650     } else {
651     $webRoot = "http://" . $GLOBALS["SERVER_NAME"] ;
652     }
653 dpavlin 1.1 $fsDir = $fsRoot . $relDir . "/" ; // current directory
654    
655     if (!is_dir($fsDir)) Error("Dir not found",$relDir) ;
656    
657     // read directory contents
658     if ( !($dir = @opendir($fsDir)) )
659     Error("Read Access denied",$relDir) ;
660     while ($item = readdir($dir)) {
661 dpavlin 1.2 if ( $item == ".." || $item == "." || substr($item,0,1) == "." ) continue ;
662 dpavlin 1.1 if ( is_dir($fsDir . $item) ) {
663     $dirList[] = $item ;
664 dpavlin 1.2 } else if ( is_file($fsDir . $item) ) {
665 dpavlin 1.1 $fileList[] = $item ;
666 dpavlin 1.2 } else if ( is_link($fsDir . $item) ) {
667     $dirList[] = $item ;
668     } else {
669 dpavlin 1.1 // unknown file type
670     // $text = "Could not determine file type of " ;
671     // Error("File Error", $text.$relDir."/".$item) ;
672     // exit ;
673     }
674     }
675     closedir($dir) ;
676 dpavlin 1.2
677     // scan deleted files
678     if ( $GLOBALS[show_deleted] == 1 && ($dir = @opendir("$fsDir/.del")) ) {
679     while ($item = readdir($dir)) {
680     if ( substr($item,0,1) == "." ) continue ;
681     $fileList[] = ".del/$item" ;
682     }
683     closedir($dir) ;
684     }
685    
686 dpavlin 1.1 $emptyDir = ! (sizeof($dirList) || sizeof($fileList)) ;
687    
688     // start navigation page
689 dpavlin 1.2 $text = "Use this page to add, delete";
690     if (! isset($show_deleted)) {
691 dpavlin 1.6 $text .= ", <a href=$self?D=".urlencode($relDir)."&show_deleted=1>undelete</a>";
692 dpavlin 1.2 }
693     $text .= " or revise files on this web site." ;
694 dpavlin 1.1 StartHTML("(Navigate)",$text) ;
695    
696     echo "<TABLE BORDER=0 CELLPADDING=2
697     CELLSPACING=3 WIDTH=\"100%\">" ;
698    
699     // updir bar
700     if ($fsDir != $fsRoot) {
701     $parent = dirname($relDir) ;
702     if ($parent == "") $parent = "/" ;
703     ?>
704    
705 dpavlin 1.4 <TR><TD><?= $gblIcon("up") ?></TD><TD COLSPAN=5 CLASS=LST>
706     <A HREF="<?= $self ?>?D=<?= urlencode($parent) ?>">
707     <B><?= $parent ?></B></A></TD></TR>
708 dpavlin 1.1
709     <?php
710     }
711    
712     // output subdirs
713     if (sizeof($dirList) > 0) {
714     sort($dirList) ;
715     ?>
716    
717 dpavlin 1.4 <TR><TD></TD><TD COLSPAN=5 CLASS=TOP><HR>DIRECTORY NAME</TD></TR>
718 dpavlin 1.1
719     <?php
720     while (list($key,$dir) = each($dirList)) {
721    
722     $tstr = "<A HREF=\"" . $self . "?D=" ;
723     $tstr .= urlencode($relDir."/".$dir) ;
724     $tstr .= "\">" . $dir . "/</A>" ;
725     ?>
726    
727 dpavlin 1.4 <TR><TD><?= $gblIcon("fldr") ?></TD>
728     <TD COLSPAN=5 CLASS=LST><?= $tstr ?></TD></TR>
729 dpavlin 1.1
730     <?php
731     } // iterate over dirs
732     } // end if no dirs
733     ?>
734    
735 dpavlin 1.4 <TR><TD></TD><TD COLSPAN=5><HR><B><?= $webRoot . $relDir ?>
736 dpavlin 1.1 </B></TD></TR>
737     <TR><TD></TD><TD CLASS=TOP>DOCUMENT NAME</TD>
738 dpavlin 1.6 <TD><?= $gblIcon("blank").$gblIcon("blank") ?></TD>
739 dpavlin 1.4 <TD CLASS=TOP>NOTE</TD>
740 dpavlin 1.1 <TD CLASS=TOP>LAST UPDATE</TD><TD CLASS=TOP>FILE SIZE</TD></TR>
741    
742     <?php
743     if (sizeof($fileList) > 0) {
744     sort($fileList) ;
745     while (list($key,$file) = each($fileList)) {
746 dpavlin 1.4 $path = $fsDir."/".$file ;
747     $mod = filemtime($path) ;
748     $sz = filesize($path) ;
749    
750     if ($sz >= 10240) {
751     $sz = (int)(($sz+1023)/1024) . " k" ;
752     } else {
753     $sz .= " " ;
754     } // end size
755 dpavlin 1.1
756 dpavlin 1.4 $a = $b = "" ;
757    
758     $info_url=$self."?A=E&F=".urlencode($file)."&D=".urlencode($relDir);
759    
760     if ( ($mod + 30*86400) > time() ) {
761     $a = "<SPAN CLASS=RED TITLE=\"Newer" ;
762     $a .= " than 30 days\"> * </SPAN>" ;
763     }
764    
765 dpavlin 1.6 $file_lock=CheckLock($path);
766    
767     $file_url_html="<A HREF=\"$self?A=V&F=".urlencode($file);
768     $file_url_html.="&D=".urlencode($relDir);
769     $file_url_html.="\" TITLE=\"View file\">" ;
770 dpavlin 1.2
771     if (substr($file,0,5) != ".del/") {
772 dpavlin 1.6 $file_url_html .= $file . "</A>" . $a ;
773 dpavlin 1.2 } else {
774 dpavlin 1.6 $file_url_html .= substr($file,5,strlen($file)-5) . "</a> <SPAN CLASS=RED TITLE=\"deleted\"> <a href=\"$info_url#undelete\">deleted</a> </span>";
775 dpavlin 1.4 }
776    
777 dpavlin 1.6 $note_html="<a href=\"$info_url#note\">".$gblIcon("note")."</a>".ReadNote($path);
778 dpavlin 1.4
779     $ext = strtolower(strrchr($file,".")) ;
780 dpavlin 1.6
781     if ($file_lock) {
782     if ($file_lock == $GLOBALS[gblUserName]) {
783     $b.="<A HREF=\"$self?A=Ci&F=".urlencode($file);
784     $b.="&D=".urlencode($relDir);
785     $b.="\" TITLE=\"Checkin (update) file on server\">" ;
786     $file_url_html=$b;
787     $b.=$gblIcon("checkin")."</A>" ;
788     $b.= $gblIcon("blank");
789     $file_url_html.="$file</a> $a";
790     $note_html = $gblIcon("blank")."<b>Please check-in (update) this file</b>";
791     } else {
792     $b = $gblIcon("locked");
793     $b.= $gblIcon("blank");
794     $note_html = $gblIcon("blank")."<b>File locked by $file_lock</b>";
795     $file_url_html = "$file $a";
796     }
797 dpavlin 1.4 } else {
798 dpavlin 1.6 $b.="<A HREF=\"$self?A=Co&F=".urlencode($file);
799     $b.="&D=".urlencode($relDir);
800     $b.="\" TITLE=\"Checkout file for edit\">" ;
801     $b.=$gblIcon("checkout")."</A>" ;
802    
803     if ( $ext=="" || strstr(join(" ",$gblEditable),$ext) ) {
804     $b.="<A HREF=\"$self?A=C&F=".urlencode($file);
805     $b.="&D=".urlencode($relDir);
806     $b.="\" TITLE=\"List contents\">" ;
807     $b.=$gblIcon("view")."</A>" ;
808     } else {
809     $b.= $gblIcon("blank");
810     }
811 dpavlin 1.2 }
812 dpavlin 1.1
813    
814     ?>
815    
816     <TR><TD>
817 dpavlin 1.4 <A HREF="<?= $info_url ?>" TITLE="View/Edit">
818     <?= $gblIcon($ext) ?></A></TD>
819 dpavlin 1.6 <TD CLASS=LST><?= $file_url_html ?></TD>
820 dpavlin 1.4 <TD CLASS=LST ALIGN=center><?= $b ?></TD>
821 dpavlin 1.6 <TD CLASS=LST ALIGN=left><?= $note_html ?></TD>
822 dpavlin 1.4 <TD CLASS=LST><?= date("$GLOBALS[gblDateFmt] $GLOBALS[gblTimeFmt]",$mod) ?></TD>
823     <TD CLASS=LST><?= $sz ?>Bytes</TD></TR>
824 dpavlin 1.1
825     <?php
826     } // iterate over files
827     } // end if no files
828    
829     if ($emptyDir) {
830     ?>
831    
832 dpavlin 1.4 <FORM METHOD="POST" ACTION="<?= $self ?>">
833     <TR><TD></TD><TD COLSPAN=5 CLASS=BAR>
834     <INPUT TYPE="HIDDEN" NAME="DIR" VALUE="<?= $relDir ?>">
835 dpavlin 1.1 OK TO DELETE THIS EMPTY FOLDER?
836     <INPUT TYPE="CHECKBOX" NAME="CONFIRM">
837     <INPUT TYPE="SUBMIT" NAME="POSTACTION" VALUE="DELETE">
838     </TD></TR>
839     </FORM>
840    
841     <?php
842     } // end if emptyDir
843     ?>
844    
845 dpavlin 1.4 <TR><TD></TD><TD COLSPAN=5><HR></TD></TR>
846 dpavlin 1.1
847 dpavlin 1.6 <TR><TD></TD><TD COLSPAN=5>
848 dpavlin 1.13 <?
849     if (file_exists(".info.inc")) {
850     include(".info.inc");
851     }
852     ?>
853 dpavlin 1.6 </TD></TR>
854    
855     <TR><TD></TD><TD COLSPAN=5><HR></TD></TR>
856    
857 dpavlin 1.4 <FORM METHOD="POST" ACTION="<?= $self ?>">
858     <TR><TD></TD><TD COLSPAN=5 CLASS=BAR>CREATE NEW
859 dpavlin 1.1 <INPUT TYPE="RADIO" NAME="T" VALUE="D" CHECKED>DIRECTORY -OR-
860     <INPUT TYPE="RADIO" NAME="T" VALUE="F">FILE : &nbsp;&nbsp;
861     <NOBR>NAME <INPUT TYPE="TEXT" NAME="FN" SIZE=14>
862     <INPUT TYPE="HIDDEN" NAME="POSTACTION" VALUE="CREATE">
863 dpavlin 1.4 <INPUT TYPE="HIDDEN" NAME="DIR" VALUE="<?= $relDir ?>">
864 dpavlin 1.1 <INPUT TYPE="SUBMIT" VALUE="CREATE"></NOBR>
865 dpavlin 1.9 <NOBR>OR <A HREF="<?= $self ?>?A=U&D=<?= urlencode($relDir) ?>">UPLOAD</A> A FILE
866 dpavlin 1.1 </NOBR>
867     </TD></TR>
868     </FORM>
869     </TABLE>
870    
871     <?php
872     EndHTML() ;
873     } // end function Navigate
874    
875     //////////////////////////////////////////////////////////////////
876    
877 dpavlin 1.6 function UploadPage($fsRoot, $relDir, $filename) {
878 dpavlin 1.1
879     $self = $GLOBALS["PHP_SELF"] ;
880     if ($relDir == "") $relDir = "/" ;
881     ?>
882    
883     <P><TABLE BORDER=0 CELLPADDING=5><TR><TD WIDTH=5></TD><TD CLASS=BAR>
884     <FORM ENCTYPE="multipart/form-data" METHOD="POST"
885 dpavlin 1.4 ACTION="<?= $self ?>">
886     DESTINATION DIRECTORY:<B><?= " " . $relDir ?></B>
887 dpavlin 1.6 <? if (isset($filename)) { ?>
888     <br>DESTINATION FILE:<B><?= " " . $filename ?></B>
889     <INPUT TYPE="HIDDEN" NAME="FILENAME" VALUE="<?= $filename ?>">
890     <? } ?>
891 dpavlin 1.1 <P>PATHNAME OF LOCAL FILE<BR>
892 dpavlin 1.4 <INPUT TYPE="HIDDEN" NAME="DIR" VALUE="<?= $relDir ?>">
893 dpavlin 1.1 <INPUT TYPE="HIDDEN" NAME="POSTACTION" VALUE="UPLOAD">
894     <INPUT SIZE=30 TYPE="FILE" NAME="FN"></P>
895     <P><INPUT TYPE="SUBMIT" VALUE="UPLOAD"></P>
896     <P>If the <B>[BROWSE...]</B> button is not displayed,<BR>
897     you must upgrade to an RFC1867-compliant browser.</P>
898 dpavlin 1.4 <P>Your browser:<BR><?= $GLOBALS["HTTP_USER_AGENT"] ?></P>
899 dpavlin 1.1 </FORM>
900     </TD></TR>
901     <TR><TD></TD><TD>
902 dpavlin 1.4 <FORM METHOD="POST" ACTION="<?= $self ?>">
903     <INPUT TYPE="HIDDEN" NAME="DIR" VALUE="<?= $relDir ?>"><BR>
904 dpavlin 1.1 <INPUT TYPE="SUBMIT" NAME="POSTACTION" VALUE="CANCEL">
905     </FORM>
906     </TD></TR></TABLE></P>
907    
908     <?php
909     } // end function UploadPage
910    
911     //////////////////////////////////////////////////////////////////
912    
913     function Error($title,$text="") {
914     StartHTML("(".$title.")",$text) ;
915     echo "<P ALIGN=center>Hit your Browser's Back Button.</P>" ;
916     EndHTML() ;
917     exit ;
918     } // end function Error
919    
920     //////////////////////////////////////////////////////////////////
921    
922     function CreateHash($user, $pw) {
923    
924     global $gblHash ; // hash function to use
925    
926     if ($user == "" || $pw == "") {
927     $text = "either no password or no username supplied" ;
928     Error("Create Hash",$text) ;
929     }
930     $title = "(Create Hash)" ;
931     StartHTML($title) ;
932     echo "<P ALIGN=center>" ;
933     echo "<BLOCKQUOTE>Copy the value below and paste it " ;
934     echo "into the<BR>value for \$gblPw in the source of " ;
935     echo "this file<BR><BR><B>" . $gblHash($user.$pw) ;
936     echo "</B><BR><BR>Hash function: " . $gblHash ;
937     echo "</BLOCKQUOTE></P>" ;
938     EndHTML() ;
939     exit ;
940    
941     } // end function CreateHash
942    
943     //////////////////////////////////////////////////////////////////
944    
945     function NoEntry() {
946    
947     $user = $GLOBALS["PHP_AUTH_USER"] ;
948     $pw = $GLOBALS["PHP_AUTH_PW"] ;
949     $self = $GLOBALS["PHP_SELF"] ;
950    
951     $title = "(401 Unauthorized)" ;
952     $text = "No trespassing !" ;
953     StartHTML($title,$text) ;
954     ?>
955    
956 dpavlin 1.4 <FORM ACTION="<?= $self ?>?HASH=create" METHOD="POST">
957     <INPUT TYPE="HIDDEN" NAME="USER" VALUE="<?= $user ?>">
958     <INPUT TYPE="HIDDEN" NAME="PW" VALUE="<?= $pw ?>">
959 dpavlin 1.1
960     <BLOCKQUOTE><B>If you are a site administrator:</B><BR><BR>
961     Click below to <B>generate a password hash</B><BR>from
962     the username-password pair you just<BR>entered. Then include the hash in
963     the source<BR>of this file.<BR><BR>
964     <INPUT TYPE="SUBMIT" VALUE="CREATE HASH">
965     </BLOCKQUOTE></FORM>
966    
967     <?php
968     EndHTML() ;
969     exit ;
970     }
971    
972     //////////////////////////////////////////////////////////////////
973    
974 dpavlin 1.2 function Logit($target,$msg) {
975    
976     $dir=dirname($target);
977     if (! file_exists($dir."/.log")) {
978     mkdir($dir."/.log",0700);
979     }
980     $file=basename($target);
981    
982     $log=fopen("$dir/.log/$file","a+");
983     fputs($log,date("$GLOBALS[gblDateFmt]\t$GLOBALS[gblTimeFmt]").
984     "\t$GLOBALS[gblUserName]\t$msg\n");
985     fclose($log);
986    
987     }
988    
989    
990 dpavlin 1.4 //////////////////////////////////////////////////////////////////
991    
992     function WriteNote($target,$msg) {
993    
994     $dir=dirname($target);
995     if (! file_exists($dir."/.note")) {
996     mkdir($dir."/.note",0700);
997     }
998     $file=basename($target);
999    
1000     $note=fopen("$dir/.note/$file","w");
1001     fputs($note,"$msg\n");
1002     fclose($note);
1003    
1004     Logit($target,"added note $msg");
1005    
1006     }
1007    
1008     function ReadNote($target) {
1009    
1010     $dir=dirname($target);
1011     $file=basename($target);
1012     $msg="";
1013     if (file_exists($dir."/.note/$file")) {
1014     $note=fopen("$dir/.note/$file","r");
1015     $msg=fgets($note,4096);
1016     fclose($note);
1017     }
1018 dpavlin 1.6 return StripSlashes($msg);
1019 dpavlin 1.4
1020     }
1021    
1022     //////////////////////////////////////////////////////////////////
1023    
1024     function MoveTo($source,$folder) {
1025    
1026     $file=basename($source);
1027     if (! file_exists($folder)) {
1028     mkdir($folder,0700);
1029     }
1030     if (file_exists($source)) {
1031     rename($source,"$folder/$file");
1032     }
1033     }
1034 dpavlin 1.2
1035     //////////////////////////////////////////////////////////////////
1036    
1037 dpavlin 1.6 function Lock($target) {
1038    
1039     $dir=dirname($target);
1040     if (! file_exists($dir."/.lock")) {
1041     mkdir($dir."/.lock",0700);
1042     }
1043     $file=basename($target);
1044    
1045     if (file_exists("$dir/.lock/$file")) {
1046     Logit($target,"attempt to locked allready locked file!");
1047     } else {
1048     $lock=fopen("$dir/.lock/$file","w");
1049     fputs($lock,"$GLOBALS[gblUserName]\n");
1050     fclose($lock);
1051    
1052     Logit($target,"file locked");
1053     }
1054    
1055     }
1056    
1057     function CheckLock($target) {
1058    
1059     $dir=dirname($target);
1060     $file=basename($target);
1061     $msg=0;
1062     if (file_exists($dir."/.lock/$file")) {
1063     $lock=fopen("$dir/.lock/$file","r");
1064     $msg=fgets($lock,4096);
1065     fclose($lock);
1066     }
1067     return chop($msg);
1068    
1069     }
1070    
1071     function Unlock($target) {
1072    
1073     $dir=dirname($target);
1074     $file=basename($target);
1075     if (file_exists($dir."/.lock/$file")) {
1076     unlink("$dir/.lock/$file");
1077     Logit($target,"file unlocked");
1078     } else {
1079     Logit($target,"attempt to unlocked non-locked file!");
1080     }
1081    
1082     }
1083    
1084     //////////////////////////////////////////////////////////////////
1085    
1086 dpavlin 1.9 function urlpath($url) {
1087 dpavlin 1.8 $url=urlencode(StripSlashes("$url"));
1088 dpavlin 1.7 $url=str_replace("%2F","/",$url);
1089     $url=str_replace("+","%20",$url);
1090 dpavlin 1.9 return($url);
1091 dpavlin 1.7 }
1092    
1093     //////////////////////////////////////////////////////////////////
1094    
1095 dpavlin 1.8 function safe_rename($from,$to) {
1096     if (file_exists($from) && is_writable(dirname($to))) {
1097     rename($from,$to);
1098     }
1099     }
1100    
1101     //////////////////////////////////////////////////////////////////
1102    
1103 dpavlin 1.1 // MAIN PROGRAM
1104     // ============
1105     // query parameters: capital letters
1106     // local functions : begin with capital letters
1107     // global constants: begin with gbl
1108    
1109 dpavlin 1.2 $gblFilePerms = 0640 ; // default for new files
1110     $gblDirPerms = 0750 ; // default for new dirs
1111 dpavlin 1.1
1112     // phpinfo() ;
1113     // exit ;
1114    
1115     // forks before authentication: style sheet and hash
1116     // creation if password not yet set.
1117     if ($STYLE == "get") { CSS() ; exit ; }
1118     if ($HASH != "") {
1119     CreateHash($USER, $PW) ;
1120     exit ;
1121     }
1122    
1123     // authentication if $gblAuth == true
1124 dpavlin 1.2 if ( $gblAuth && $gblHash($PHP_AUTH_USER.$PHP_AUTH_PW) != $gblPw ||
1125     isset($relogin) && $gblPw == $relogin ) {
1126 dpavlin 1.1 header("WWW-authenticate: basic realm=\"$SERVER_NAME\"") ;
1127     header("HTTP/1.0 401 Unauthorized") ;
1128     NoEntry() ;
1129     exit ;
1130     }
1131    
1132     // get current directory relative to $gblFsRoot
1133     $relDir = $DIR ; // from POST
1134     if ($relDir == "") { // not defined in POST ?
1135     $relDir = urldecode($D) ; // then use GET
1136     }
1137    
1138     if ($relDir == "/") $relDir = "" ;
1139     // default : website root = ""
1140    
1141     if (strstr($relDir,"..")) Error("No updirs allowed");
1142    
1143     // full paths contain "fs" or "Fs". Paths realitve to root of
1144     // website contain "rel" or "Rel". The script won't let you
1145     // edit anything above directory equal to http://server.com
1146     // i.e. below $gblFsRoot.
1147    
1148     $relScriptDir = dirname($SCRIPT_NAME) ;
1149     // i.e. /siteman
1150    
1151     $fsScriptDir = dirname($SCRIPT_FILENAME) ;
1152     // i.e. /home/httpd/html/siteman
1153    
1154     $gblFsRoot = substr($fsScriptDir,0,
1155     strlen($fsScriptDir)-strlen($relScriptDir)) ;
1156     // i.e. /home/httpd/html
1157    
1158     $fsDir = $gblFsRoot . $relDir ; // current directory
1159     if ( !is_dir($fsDir) ) Error("Dir not found",$relDir) ;
1160    
1161     switch ($POSTACTION) {
1162     case "UPLOAD" :
1163 dpavlin 1.2 if (!is_writeable($fsDir)) Error("Write denied",$relDir) ;
1164 dpavlin 1.1 if (strstr($FN_name,"/"))
1165     Error("Non-conforming filename") ;
1166     // TODO : should rather check for escapeshellcmds
1167     // but maybe RFC 18xx asserts safe filenames ....
1168     $source = $FN ;
1169 dpavlin 1.6 if (! isset($FILENAME)) { // from update file
1170     $target = "$fsDir/$FN_name" ;
1171     } else {
1172     $target = "$fsDir/$FILENAME";
1173     }
1174 dpavlin 1.2
1175     // backup old files first
1176     $dir=dirname($target);
1177     if (! file_exists($dir."/.bak")) {
1178     mkdir($dir."/.bak",0700);
1179     }
1180     if (! file_exists($dir."/.bak/$GLOBALS[gblNumBackups]")) {
1181     mkdir($dir."/.bak/$GLOBALS[gblNumBackups]",0700);
1182     }
1183     $file=basename($target);
1184     for($i=$GLOBALS[gblNumBackups]-1;$i>0;$i--) {
1185 dpavlin 1.4 MoveTo("$dir/.bak/$i/$file","$dir/.bak/".($i+1)."/");
1186 dpavlin 1.2 }
1187 dpavlin 1.6 MoveTo($target,$dir."/.bak/1/");
1188 dpavlin 1.2
1189     copy($source,$target) ;
1190     chmod($target,$gblFilePerms) ;
1191 dpavlin 1.1 clearstatcache() ;
1192 dpavlin 1.2 Logit($target,"uploaded");
1193 dpavlin 1.6 if (isset($FILENAME)) {
1194     Unlock($target);
1195     }
1196 dpavlin 1.1 break ;
1197    
1198     case "SAVE" :
1199     $path = $gblFsRoot . escapeshellcmd($RELPATH) ;
1200 dpavlin 1.2 $writable = is_writeable($path) ;
1201     $legaldir = is_writeable(dirname($path)) ;
1202 dpavlin 1.1 $exists = (file_exists($path)) ? 1 : 0 ;
1203     // check for legal extension here as well
1204     if (!($writable || (!$exists && $legaldir)))
1205     Error("Write denied",$RELPATH) ;
1206     $fh = fopen($path, "w") ;
1207     fwrite($fh,$FILEDATA) ;
1208     fclose($fh) ;
1209     clearstatcache() ;
1210 dpavlin 1.2 Logit($path,"saved changes");
1211 dpavlin 1.1 break ;
1212    
1213     case "CREATE" :
1214     // we know $fsDir exists
1215 dpavlin 1.2 if ($FN == "") break; // no filename!
1216     if (!is_writeable($fsDir)) Error("Write denied",$relDir) ;
1217 dpavlin 1.1 $path = $fsDir . "/" . $FN ; // file or dir to create
1218     $relPath = $relDir . "/" . $FN ;
1219     switch ( $T ) {
1220     case "D" : // create a directory
1221 dpavlin 1.6 if ( ! @mkdir($path,$gblDirPerms) )
1222     Error("Mkdir failed",$relPath) ; // eg. if it exists
1223     clearstatcache() ;
1224     break ;
1225 dpavlin 1.1 case "F" : // create a new file
1226     // this functionality is doubled in DetailView().
1227     // better keep it here altogether
1228     // chmod perms to $gblFilePerms
1229 dpavlin 1.6 if ( file_exists($path) && !is_writable($path) )
1230     Error("File not writable", $relPath) ;
1231     $fh = fopen($path, "w+") ;
1232     if ($fh) {
1233     fputs($fh,"\n");
1234     fclose($fh) ;
1235     LogIt($path,"file created");
1236     } else {
1237     Error("Creation of file $relPath failed -- $path");
1238     }
1239     $tstr = "$PHP_SELF?A=E&D=".urlencode($relDir)."&F=".urlencode($FN) ;
1240     header("Location: " . $tstr) ;
1241     exit ;
1242 dpavlin 1.1 }
1243     break ;
1244    
1245     case "DELETE" :
1246     if ( $CONFIRM != "on" ) break ;
1247    
1248     $tstr = "Attempt to delete non-existing object or " ;
1249     $tstr .= "insufficient privileges: " ;
1250    
1251     if ( $FN != "") { // delete file
1252 dpavlin 1.2 $path = $fsDir . "/" . $FN ;
1253    
1254     $dir=dirname($path);
1255     $file=basename($path);
1256     if (! file_exists("$dir/.del")) {
1257     mkdir("$dir/.del",0700);
1258     }
1259    
1260     // if ( ! @unlink($path) ) {
1261     if ( ! rename($path,"$dir/.del/$file") ) {
1262     Error("File delete failed", $tstr . $path) ;
1263     Logit($path,"file delete failed");
1264     exit ;
1265     } else {
1266     Logit($path,"file deleted");
1267 dpavlin 1.4 MoveTo("$dir/.log/$file","$dir/.del/.log/");
1268     MoveTo("$dir/.note/$file","$dir/.del/.note/");
1269 dpavlin 1.6 MoveTo("$dir/.lock/$file","$dir/.del/.lock/");
1270 dpavlin 1.2 }
1271 dpavlin 1.1 }
1272     else { // delete directory
1273     if ( ! @rmdir($fsDir) ) {
1274     Error("Rmdir failed", $tstr . $fsDir) ;
1275     }
1276     else {
1277     $relDir = dirname($relDir) ; // move up
1278     }
1279     }
1280     break ;
1281    
1282 dpavlin 1.2 case "UNDELETE" :
1283     if ( $CONFIRM != "on" ) break ;
1284    
1285     if (substr($FN,0,4) != ".del") break ;
1286     $file=substr($FN,4,strlen($FN)-4);
1287    
1288     Logit("$fsDir/.del/$file","undeleted");
1289 dpavlin 1.4 MoveTo("$fsDir/.del/$file","$fsDir/");
1290     MoveTo("$fsDir/.del/.log/$file","$fsDir/.log/");
1291     MoveTo("$fsDir/.del/.note/$file","$fsDir/.note/");
1292 dpavlin 1.6 MoveTo("$fsDir/.del/.lock/$file","$fsDir/.lock/");
1293 dpavlin 1.2
1294     break ;
1295    
1296     case "RENAME" :
1297     if ( $CONFIRM != "on" ) break ;
1298    
1299     Logit("$fsDir/$FN","renamed $FN to $NEWNAME");
1300 dpavlin 1.8 safe_rename("$fsDir/$FN","$fsDir/$NEWNAME");
1301     safe_rename("$fsDir/.log/$FN","$fsDir/.log/$NEWNAME");
1302     safe_rename("$fsDir/.note/$FN","$fsDir/.note/$NEWNAME");
1303     safe_rename("$fsDir/.lock/$FN","$fsDir/.lock/$NEWNAME");
1304 dpavlin 1.11 for($i=0;$i<=$GLOBALS[gblNumBackups];$i++) {
1305     safe_rename("$fsDir/.bak/$i/$FN","$fsDir/.bak/$i/$NEWNAME");
1306     }
1307 dpavlin 1.2
1308 dpavlin 1.4 break ;
1309    
1310     case "NOTE" :
1311     WriteNote("$fsDir/$FN","$NOTE");
1312 dpavlin 1.2 break ;
1313    
1314 dpavlin 1.6 case "UNLOCK" :
1315     if ( $CONFIRM != "on" ) break ;
1316     Unlock("$fsDir/$FN");
1317     break ;
1318    
1319 dpavlin 1.1 default :
1320     // user hit "CANCEL" or undefined action
1321     }
1322    
1323     // common to all POSTs : redirect to directory view ($relDir)
1324     if ( $POSTACTION != "" ) {
1325     $tstr = $PHP_SELF . "?D=" . urlencode($relDir) ;
1326     header("Location: " . $tstr) ;
1327     exit ;
1328     }
1329    
1330     // check for mode.. navigate, code display, upload, or detail?
1331     // $A=U : upload to path given in $D
1332     // $A=E : display detail of file $D/$F and edit
1333     // $A=C : display code in file $D/$F
1334 dpavlin 1.6 // $A=Co : checkout file $D/$F
1335     // $A=Ci : checkin file $D/$F
1336     // $A=V : view file (do nothing except log)
1337 dpavlin 1.1 // default : display directory $D
1338    
1339     switch ($A) {
1340     case "U" :
1341     // upload to $relDir
1342 dpavlin 1.2 if (!is_writeable($gblFsRoot . $relDir))
1343 dpavlin 1.1 Error("Write access denied",$relDir) ;
1344     $text = "Use this page to upload a single " ;
1345     $text .= "file to <B>$SERVER_NAME</B>." ;
1346     StartHTML("(Upload Page)", $text) ;
1347     UploadPage($gblFsRoot, $relDir) ;
1348     EndHTML() ;
1349     exit ;
1350     case "E" :
1351     // detail of $relDir/$F
1352 dpavlin 1.2 if (is_file("$gblFsRoot/$relDir/$F")) DetailPage($gblFsRoot, $relDir, $F) ;
1353 dpavlin 1.1 exit ;
1354     case "C" :
1355     // listing of $relDir/$F
1356     DisplayCode($gblFsRoot, $relDir, $F) ;
1357     exit ;
1358 dpavlin 1.6 case "Co" :
1359     // checkout
1360     Lock("$gblFsRoot/$relDir/$F");
1361 dpavlin 1.12 header("Content-Disposition: attachment; filename=$F" );
1362 dpavlin 1.9 Header("Location: ".urlpath("$relDir/$F"));
1363 dpavlin 1.6 exit;
1364     case "Ci" :
1365     // upload && update to $relDir
1366     if (!is_writeable($gblFsRoot . $relDir))
1367     Error("Write access denied",$relDir) ;
1368     $text = "Use this page to update a single " ;
1369     $text .= "file to <B>$SERVER_NAME</B>." ;
1370     StartHTML("(Update file Page)", $text) ;
1371     UploadPage($gblFsRoot, $relDir, $F) ;
1372     EndHTML() ;
1373     exit ;
1374     case "V" :
1375     // view
1376 dpavlin 1.9 LogIt("$gblFsRoot/$relDir/$F","viewed");
1377 dpavlin 1.12 header("Content-Disposition: attachment; filename=$F" );
1378 dpavlin 1.9 Header("Location: ".urlpath("$relDir/$F"));
1379 dpavlin 1.6 exit;
1380 dpavlin 1.1 }
1381    
1382     // default: display directory $relDir
1383     Navigate($gblFsRoot,$relDir) ;
1384     exit ;
1385    
1386     Error("Whooah!","By cartesian logic, this never happens") ;
1387     ?>

  ViewVC Help
Powered by ViewVC 1.1.26