/[docman]/docman.php
This is repository of my old source code which isn't updated any more. Go to git.rot13.org for current projects!
ViewVC logotype

Annotation of /docman.php

Parent Directory Parent Directory | Revision Log Revision Log


Revision 1.15 - (hide annotations)
Wed Sep 6 11:04:32 2000 UTC (22 years, 5 months ago) by dpavlin
Branch: MAIN
Changes since 1.14: +1 -1 lines
gblModDays should be global!

1 dpavlin 1.1 <?php
2    
3     /* Copyright 1999 by John Martin d/b/a www.ANYPORTAL.com */
4     /* All Rights Reserved. */
5     /* */
6     /* This software is freeware and is not in the public domain. */
7     /* You are hereby granted the right to freely distribute this */
8     /* software as long as this copyright notice remains in place. */
9     /* */
10     /* Comments or suggestions? email: andmore@alief.com */
11     /* */
12     /* This is the PHP port: AnyPortal(php)-0.1 */
13     /* ======================================== */
14     /* */
15     /* PHP version 2000 by Stefan@Wiesendanger.org */
16     /* No Rights Reserved. What for, anyhow ? */
17     /* */
18     /* Date Remarks */
19     /* --------- ----------------------------------------------- */
20     /* 25 MAY 99 original ASP version */
21     /* 17 SEP 99 change upload from SA-FILEUP to aspSmartUpload */
22     /* 10 APR 00 simplified PHP3 version */
23     /* 18 APR 00 most of PHP3 port working. Slight modifications */
24     /* 22 APR 00 modified syntax highlighting, no absolute paths */
25     /* revealed, PHP builtin authentication, global */
26     /* style sheet as callback, use apache default */
27     /* icons as an alternative to the wingdings font. */
28     /* 25 APR 00 catch some exceptions (not foolproof yet) */
29     /* 26 APR 00 catch some more exceptions, implicit copy */
30     /* function by saving somewhere else in the detail */
31     /* view, MD5 hashed password. */
32     /* 27 APR 00 Fixed authentication bug */
33     /* 12 MAY 00 Fixed trouble with exec() with newer versions of */
34     /* PHP3. Fixed bug which would send you to a non- */
35     /* existent address after file modifications. */
36    
37 dpavlin 1.2 /*
38     2000-07-25 Dobrica Pavlinusic <dpavlin@rot13.org>
39    
40     nuked exec calls (unsecure)
41     nuked writeable function (replaced by php is_writeable)
42     added support for https (tested with apache+mod_ssl)
43     added users file
44     date format user-selectable
45     cycle backup files in bak directory
46     support links as directoryes (for now)
47     support of file history logging
48     undelete capabilities (delete moves to .del directory)
49    
50     2000-07-26 DbP
51    
52     added more checking on entered filename (when creating file/dir)
53     added rename option
54    
55    
56     IMPORTANT INSTALLATION NOTE:
57     deny serving of .* (dot-something) files in web server!
58     Otherwise, uses can access your log files, users and/or
59     deleted files!
60    
61     .htusers is in form:
62     login:Real Name:md5(loginpassword)
63    
64    
65     TODO:
66     mixed file/directory output (add type to each entry,
67     real support for links)
68 dpavlin 1.9 retrieve old versions of files (overwritten)
69 dpavlin 1.13 show last lock date
70    
71 dpavlin 1.2 */
72    
73 dpavlin 1.1 //////////////////////////////////////////////////////////////////
74    
75     // TODO : Don't let the file be modified itself. Create a hash of
76     // it (kinda hard since it's self-referential ;-). Make better use
77     // of session management. Escapeshellcmd for all user input.
78    
79     //////////////////////////////////////////////////////////////////
80    
81     // GLOBAL PARAMETERS
82     // =================
83     // Make modifications here to suit siteman to your needs
84    
85     // error_reporting(4) ; // how verbose ?
86    
87     // username/password should not be system
88     // usernames/passwords !!
89    
90 dpavlin 1.2 // $gblPw = "hash_of_your_username_and_password" ;
91    
92     // $gblAuth = false ; // use builtin authentication
93     $gblAuth = true ; // use builtin authentication
94 dpavlin 1.1 $gblHash = "md5" ; // hash function to use
95    
96 dpavlin 1.2 $gblPw = "";
97    
98     if ($gblAuth) {
99 dpavlin 1.3 $htusers_file=dirname($SCRIPT_FILENAME)."/.htusers";
100     if (! file_exists($htusers_file)) {
101     $htusers=fopen($htusers_file,"a+");
102     fputs($htusers,"# Change owner of $htusers_file to root !!\n");
103     fputs($htusers,"demo:full name:md5_hash\n");
104     fclose($htusers);
105     }
106     $htusers=fopen($htusers_file,"r");
107 dpavlin 1.2 while($user = fgetcsv($htusers,255,":")) {
108     if ($user[0] == $GLOBALS["PHP_AUTH_USER"]) {
109     $gblUserName=$user[1];
110     $gblPw=$user[2];
111 dpavlin 1.14 $gblEmail=$user[3];
112 dpavlin 1.2 continue ;
113     }
114     }
115     fclose($htusers);
116     }
117    
118     // $gblDateFmt="D, F d, Y";
119     // $gblTimeFmt="g:i:sA";
120    
121     $gblDateFmt="Y-m-d";
122     $gblTimeFmt="H:i:s";
123    
124 dpavlin 1.14 // Number of backup files to keep
125     $gblNumBackups=3;
126    
127     // show red star if newer than ... days
128     $gblModDays=1;
129 dpavlin 1.2
130 dpavlin 1.1 // choose GifIcon below unless you have the M$
131     // WingDings font installed on your system
132    
133     $gblIcon = "GifIcon" ; // MockIcon or GifIcon
134    
135     // the directory below should be /icons/ or /icons/small/
136     // on Apache; a set of icons is included in the distribution
137    
138 dpavlin 1.3 $gblIconLocation = "/icons/" ;
139 dpavlin 1.1
140     // files you want to be able to edit in text mode
141     // and view with (primitive) syntax highlighting
142    
143     $gblEditable = array( ".txt",".asa",".asp",".htm",".html",
144     ".cfm",".php3",".php",".phtml",
145     ".shtml",".css" ) ;
146    
147     // files that will display as images on the detail page
148     // (useless if your browser doesn't support them)
149    
150     $gblImages = array( ".jpg",".jpeg",".gif",".png",".ico",
151     ".bmp",".xbm") ;
152    
153     //////////////////////////////////////////////////////////////////
154    
155     function StartHTML($title,$text="") {
156    
157     $title = "Site Manager " . $title ;
158     $host = $GLOBALS["HTTP_HOST"] ;
159     $self = $GLOBALS["PHP_SELF"] ;
160     ?>
161    
162     <HTML>
163     <HEAD>
164 dpavlin 1.4 <TITLE><?= $host . " " . $title ?></TITLE>
165 dpavlin 1.1 <META NAME="description" CONTENT="PHP port of AnyPortal Site Manager">
166     <META NAME="keywords" CONTENT="site manager, web site maintenance">
167     <META NAME="robots" CONTENT="noindex">
168     <META HTTP-EQUIV="expires" CONTENT="0">
169     <LINK REL="stylesheet" TYPE="text/css"
170 dpavlin 1.4 HREF="<?= $self ?>?STYLE=get">
171 dpavlin 1.1 </HEAD>
172     <BODY BGCOLOR="#FFFFFF">
173 dpavlin 1.4 <H3 ALIGN="RIGHT"><?= $host ?></H3>
174 dpavlin 1.1 <TABLE BORDER=0 WIDTH="100%"><TR>
175 dpavlin 1.4 <TD CLASS=INV><?= $title ?></TD></TR></TABLE>
176     <P><?= $text ?></P>
177 dpavlin 1.1
178     <?php
179     } // end function StartHTML
180    
181     //////////////////////////////////////////////////////////////////
182    
183     function EndHTML() {
184     ?>
185    
186     <HR>
187     <P CLASS=FTR>
188 dpavlin 1.2 <B><?= date($GLOBALS[gblDateFmt]) ?> -
189     <?= date($GLOBALS[gblTimeFmt]) ?> -
190     <?= $GLOBALS[gblUserName] ?>
191 dpavlin 1.6 <small> [<a href="<?= $GLOBALS["PHP_SELF"] ?>?relogin=<?= $GLOBALS[gblPw] ?>">logout</a>]</small>
192 dpavlin 1.2 </B>
193     <BR>ANYPORTAL(php) Site Manager
194     <br><small>
195     &copy; 1999 by <A HREF="http://www.anyportal.com">ANYPORTAL</A>,
196     &copy; 2000 by <A HREF="http://da.nger.org">d@nger.org</A>,
197     &copy; 2000 by <A HREF="http://www.rot13.org/~dpavlin/">DbP</A>
198     </small>
199 dpavlin 1.1 </P>
200 dpavlin 1.2 <BR>
201 dpavlin 1.9 <? //include(".debug.inc") ?>
202 dpavlin 1.2 <BR><BR></BODY></HTML>
203 dpavlin 1.1
204     <?php
205     } // end function EndHTML
206    
207     //////////////////////////////////////////////////////////////////
208    
209     function CSS() {
210     ?>
211    
212 dpavlin 1.2 BODY,TD,P,H1,H2,H3 { font-family:Verdana,Helvetica,Arial,sans-serif; }
213 dpavlin 1.1 .BLK { color:black; }
214     .RED { color:red; }
215     .TOP { color:red; font-size:70%; } /* table headings */
216     .INV { color:white; background-color:navy;
217     font-weight:bold; font-size:120%; } /* title */
218     .FTR { } /* footer */
219     .LST { background-color:#E0E0E0; } /* table cells */
220     .BAR { background-color:#E0E0E0; } /* action bar */
221     PRE { color:blue; font-family:Lucida Console,Courier New,
222     Courier,sans-serif; } /* source code */
223     EM { color:green; font-style:normal; } /* line numbers */
224     .REM { color:silver; }
225     .XML { color:navy; background-color:yellow; }
226     .MCK { color:red; font-family:WingDings; } /* Mock Icons */
227     A:HOVER { color:red; }
228    
229     <?php
230     } // end function CSS
231    
232     //////////////////////////////////////////////////////////////////
233    
234     function DetailPage($fsRoot,$relDir,$fn) {
235    
236     global $gblEditable, $gblImages ;
237     $self = $GLOBALS["PHP_SELF"] ;
238    
239     $relPath = $relDir . "/" . $fn ;
240     $fsPath = $fsRoot . $relPath ;
241     $fsDir = $fsRoot . $relDir ;
242    
243     $exists = file_exists($fsPath) ;
244     $ext = strtolower(strrchr($relPath,".")) ;
245     $editable = ( $ext=="" || strstr(join(" ",$gblEditable),$ext)) ;
246 dpavlin 1.2 $writable = is_writeable($fsPath) ;
247 dpavlin 1.6 $file_lock = CheckLock($fsPath);
248 dpavlin 1.1
249     if (!$editable && !$exists)
250     Error("Creation unsupported for type",$relPath) ;
251 dpavlin 1.2 if (!exists && !is_writeable($fsDir) )
252 dpavlin 1.1 Error("Creation denied",$relDir) ;
253    
254     $text = "Use this page to view, modify or " ;
255     $text .= "delete a single document on this " ;
256     $text .= "web site." ;
257     $title = "(Detail Page)" ;
258     StartHTML($title, $text) ;
259    
260     echo "<H3>" . $relDir . "/" . $fn . "</H3>" ;
261     if ($exists) { // get file info
262 dpavlin 1.4 $fsize = filesize($fsPath) ;
263     $fmodified = date("$GLOBALS[gblDateFmt] $GLOBALS[gblTimeFmt]", filemtime($fsPath)) ;
264     $faccessed = date("$GLOBALS[gblDateFmt] $GLOBALS[gblTimeFmt]", fileatime($fsPath)) ;
265     echo "<PRE> file size: " . $fsize . " Bytes<BR>" ;
266     echo "last modified: <B>" . $fmodified . "</B><BR>" ;
267     echo "last accessed: <B>" . $faccessed . "</B><BR>" ;
268     echo " owner: <B>" . fileowner($fsPath) . "</B><BR>" ;
269     echo " group: <B>" . filegroup($fsPath) . "</B><BR>" ;
270     echo " permissions: <B>" ;
271     echo printf( "%o", fileperms($fsPath) ) . "</B>" ;
272     echo "</PRE>" ;
273 dpavlin 1.2
274 dpavlin 1.1 }
275    
276 dpavlin 1.6 if ( $editable && ($writable || !$exists) && !$file_lock ) {
277 dpavlin 1.1 $fh = fopen($fsPath,"a+") ;
278     rewind($fh) ;
279     $fstr = fread($fh,filesize($fsPath)) ;
280     fclose($fh) ;
281     $fstr = htmlentities( $fstr ) ;
282     ?>
283    
284 dpavlin 1.4 <FORM ACTION="<?= $self ; ?>" METHOD="POST">
285 dpavlin 1.1 <SPAN TITLE="Click [SAVE] to store updated contents.">
286     <B>DOCUMENT CONTENTS</B>
287     </SPAN><BR>
288     <TEXTAREA NAME="FILEDATA" ROWS=18 COLS=70 WRAP="OFF"><?php
289     echo($fstr) ; ?></TEXTAREA>
290 dpavlin 1.4 <INPUT TYPE="HIDDEN" NAME="DIR" VALUE="<?= $relDir ; ?>">
291     <INPUT TYPE="HIDDEN" NAME="FN" VALUE="<?= $fn ; ?>">
292 dpavlin 1.1 <INPUT TYPE="HIDDEN" NAME="POSTACTION" VALUE="SAVE">
293 dpavlin 1.2 <INPUT TYPE="HIDDEN" SIZE=48 MAXLENGTH=255 NAME="RELPATH"
294 dpavlin 1.4 VALUE="<?= $relPath ; ?>">
295 dpavlin 1.2 <br>
296     <INPUT TYPE="RESET" VALUE="UNDO ALL CHANGES">
297 dpavlin 1.1 <INPUT TYPE="SUBMIT" VALUE="SAVE">
298     </FORM>
299    
300     <?php
301 dpavlin 1.9 }
302 dpavlin 1.14 if ( !$file_lock && $ext!="" && strstr(join(' ',$gblImages),$ext) ) {
303 dpavlin 1.6 $info = getimagesize($fsPath) ;
304 dpavlin 1.9 $tstr = "<IMG SRC=\"".urlpath($relPath)."\" BORDER=0 " ;
305 dpavlin 1.6 $tstr .= $info[3] . " ALT=\"" . $fn . " - " ;
306     $tstr .= (int)(($fsize+1023)/1024) . "Kb\">" ;
307 dpavlin 1.9 // echo htmlentities($tstr) . "<BR><BR>" . $tstr ;
308     echo $tstr ;
309 dpavlin 1.1 }
310 dpavlin 1.6
311 dpavlin 1.1 ?>
312    
313 dpavlin 1.4 <FORM ACTION="<?= $self ; ?>" METHOD="POST">
314     <INPUT TYPE="HIDDEN" NAME="DIR" VALUE="<?= $relDir ; ?>">
315     <INPUT TYPE="HIDDEN" NAME="FN" VALUE="<?= $fn ; ?>">
316 dpavlin 1.1 <INPUT TYPE="SUBMIT" NAME="POSTACTION" VALUE="CANCEL"><BR>
317    
318     <?php
319 dpavlin 1.6
320     if ($file_lock) {
321     ?>
322     <hr>
323     <SPAN TITLE="Check OK and click UNLOCK to remove lock on file.">
324     <B>OK TO FORCE LOCK REMOVAL ON "<?= $fn ; ?>" HELD BY <?= $file_lock ?>? </B></SPAN>
325     <INPUT TYPE="CHECKBOX" NAME="CONFIRM">
326     <INPUT TYPE="SUBMIT" NAME="POSTACTION" VALUE="UNLOCK">
327     <?
328     } // file_lock
329    
330 dpavlin 1.2 if (substr($fn,0,4) == ".del") {
331     $action="UNDELETE";
332     $desc="undelete previously deleted file";
333     } else {
334     $action="DELETE";
335     $desc="delete";
336     }
337    
338 dpavlin 1.1 if ($exists && $writable) {
339     ?>
340    
341 dpavlin 1.4 <HR>
342     <a name="undelete">
343     <SPAN TITLE="Check OK and click [<?= $action ?>] to <?= $desc ?>.">
344     <B>OK TO <?= $action ?> "<?= $fn ; ?>"? </B></SPAN>
345 dpavlin 1.2 <INPUT TYPE="CHECKBOX" NAME="CONFIRM">
346     <INPUT TYPE="SUBMIT" NAME="POSTACTION" VALUE="<?= $action ?>">
347    
348 dpavlin 1.4 <HR>
349     <a name="rename">
350     <SPAN TITLE="Check OK and click [RENAME] to rename.">
351     <B>OK TO RENAME "<?= $fn ; ?>" TO
352 dpavlin 1.2 <INPUT TYPE="TEXT" SIZE=24 MAXLENGTH=255 NAME="NEWNAME" VALUE="<?= $fn ?>">
353     ? </B></SPAN>
354 dpavlin 1.1 <INPUT TYPE="CHECKBOX" NAME="CONFIRM">
355 dpavlin 1.2 <INPUT TYPE="SUBMIT" NAME="POSTACTION" VALUE="RENAME">
356 dpavlin 1.1
357 dpavlin 1.5 <?php
358     } // exists && writable
359     ?>
360 dpavlin 1.4 <HR>
361     <a name="note">
362     <B>NOTE FOR "<?= $fn ; ?>":
363     <INPUT TYPE="TEXT" SIZE=50 MAXLENGTH=255 NAME="NOTE" VALUE="<?= ReadNote($fsPath) ?>">
364     </B></SPAN>
365     <INPUT TYPE="SUBMIT" NAME="POSTACTION" VALUE="NOTE">
366    
367 dpavlin 1.5 </FORM>
368    
369 dpavlin 1.1 <?php
370 dpavlin 1.5
371 dpavlin 1.10 $name=basename("$fsDir/$fn");
372     $logname=dirname("$fsDir/$fn")."/.log/$name";
373     $bakdir=dirname("$fsDir/$fn")."/.bak";
374 dpavlin 1.2 if (file_exists($logname)) {
375     $log=fopen($logname,"r");
376     $cl1=" class=lst"; $cl2="";
377 dpavlin 1.10 $logarr = array();
378 dpavlin 1.2 while($line = fgetcsv($log,255,"\t")) {
379     $cl=$cl1; $cl1=$cl2; $cl2=$cl;
380 dpavlin 1.10 array_unshift($logarr,array($cl,$line[0],$line[1],$line[2],$line[3]));
381 dpavlin 1.2 }
382     fclose($log);
383 dpavlin 1.10 print "<hr><br><b>CHANGES TO THIS FILE</b><br><table border=0 width=100%>\n";
384     $bakcount = 0; // start from 0, skip fist backup (it's current)
385     while ($e = array_shift($logarr)) {
386     if (strstr($e[4],"upload")) {
387     if (file_exists("$bakdir/$bakcount/$name")) {
388     $e[4]="<a href=\"".dirname($relPath)."/.bak/$bakcount/$name\">$e[4]</a>";
389     }
390     $bakcount++;
391     }
392     print "<tr><td$e[0]>$e[1]</td><td$e[0]>$e[2]</td><td$e[0]>$e[3]</td><td$e[0]>$e[4]</td></tr>\n";
393     }
394 dpavlin 1.2 print "</table>";
395     }
396    
397 dpavlin 1.1 EndHTML() ;
398    
399     } // end function DetailPage
400    
401     //////////////////////////////////////////////////////////////////
402    
403     function DisplayCode($fsRoot,$relDir,$fn) {
404    
405     $path = $fsRoot . $relDir . "/" . $fn ;
406    
407     if (!file_exists($path)) Error("File not found",$path) ;
408    
409     StartHTML("(".$relDir."/".$fn.")","");
410    
411     $tstr = join("",file($path)) ;
412     $tstr = htmlentities($tstr) ;
413    
414     // Tabs
415     $tstr = str_replace(chr(9)," ",$tstr) ;
416    
417     // ASP tags & XML/PHP tags
418     $aspbeg = "<SPAN CLASS=XML>&lt;%</SPAN><SPAN CLASS=BLK>" ;
419     $aspend = "</SPAN><SPAN CLASS=XML>%&gt;</SPAN>" ;
420     $tstr = str_replace("&lt;%",$aspbeg,$tstr) ;
421     $tstr = str_replace("%&gt;",$aspend,$tstr) ;
422    
423     $xmlbeg = "<SPAN CLASS=XML>&lt;?</SPAN><SPAN CLASS=BLK>" ;
424     $xmlend = "</SPAN><SPAN CLASS=XML>?&gt;</SPAN>" ;
425     $tstr = str_replace("&lt;?",$xmlbeg,$tstr) ;
426     $tstr = str_replace("?&gt;",$xmlend,$tstr) ;
427    
428     // C style comment
429     $tstr = str_replace("/*","<SPAN CLASS=REM>/*",$tstr) ;
430     $tstr = str_replace("*/","*/</SPAN>",$tstr) ;
431    
432     // HTML comments
433     $tstr = str_replace("&lt;!--","<I CLASS=RED>&lt;!--",$tstr) ;
434     $tstr = str_replace("--&gt;","--&gt;</I>",$tstr) ;
435    
436     echo "<PRE>" ;
437    
438     $tstr = split("\n",$tstr) ;
439     for ($i = 0 ; $i < sizeof($tstr) ; ++$i) {
440     // add line numbers
441     echo "<BR><EM>" ;
442     echo substr(("000" . ($i+1)), -4) . ":</EM> " ;
443     $line = $tstr[$i] ;
444     // C++ style comments
445     $pos = strpos($line,"//") ;
446     // exceptions: two slashes aren't a script comment
447     if (strstr($line,"//") &&
448     ! ($pos>0 && substr($line,$pos-1,1)==":") &&
449     ! (substr($line,$pos,8) == "//--&gt;") &&
450     ! (substr($line,$pos,9) == "// --&gt;")) {
451     $beg = substr($line,0,strpos($line,"//")) ;
452     $end = strstr($line,"//") ;
453     $line = $beg."<SPAN CLASS=REM>".$end."</SPAN>";
454     }
455     // shell & asp style comments
456     $first = substr(ltrim($line),0,1) ;
457     if ($first == "#" || $first == "'") {
458     $line = "<SPAN CLASS=REM>".$line."</SPAN>";
459     }
460     print($line) ;
461     } // next i
462    
463     echo "</PRE>" ;
464    
465     EndHTML() ;
466    
467     } // end function DisplayCode
468    
469     //////////////////////////////////////////////////////////////////
470    
471     function MockIcon($txt) {
472     $tstr = "<SPAN CLASS=MCK>" ;
473    
474     switch (strtolower($txt)) {
475     case ".bmp" :
476     case ".gif" :
477     case ".jpg" :
478     case ".jpeg":
479     case ".tif" :
480     case ".tiff":
481     $d = 176 ;
482     break ;
483     case ".doc" :
484     $d = 50 ;
485     break ;
486     case ".exe" :
487     case ".bat" :
488     $d = 255 ;
489     break ;
490     case ".bas" :
491     case ".c" :
492     case ".cc" :
493     case ".src" :
494     $d = 255 ;
495     break ;
496     case "file" :
497     $d = 51 ;
498     break ;
499     case "fldr" :
500     $d = 48 ;
501     break ;
502     case ".htm" :
503     case ".html":
504     case ".asa" :
505     case ".asp" :
506     case ".cfm" :
507     case ".php3":
508     case ".php" :
509     case ".phtml" :
510     case ".shtml" :
511     $d = 182 ;
512     break ;
513     case ".pdf" :
514     $d = 38 ;
515     break;
516     case ".txt" :
517     case ".ini" :
518     $d = 52 ;
519     break ;
520     case ".xls" :
521     $d = 252 ;
522     break ;
523     case ".zip" :
524     case ".arc" :
525     case ".sit" :
526     case ".tar" :
527     case ".gz" :
528     case ".tgz" :
529     case ".Z" :
530     $d = 59 ;
531     break ;
532     case "view" :
533     $d = 52 ;
534     break ;
535     case "up" :
536     $d = 199 ;
537     break ;
538     case "blank" :
539     return "&nbsp;&nbsp;</SPAN>" ;
540     break ;
541     default :
542     $d = 51 ;
543     }
544    
545     return $tstr . chr($d) . "</SPAN>" ;
546     } // end function MockIcon
547    
548     //////////////////////////////////////////////////////////////////
549    
550     function GifIcon($txt) {
551     global $gblIconLocation ;
552    
553     switch (strtolower($txt)) {
554     case ".bmp" :
555     case ".gif" :
556     case ".jpg" :
557     case ".jpeg":
558     case ".tif" :
559     case ".tiff":
560     $d = "image2.gif" ;
561     break ;
562     case ".doc" :
563     $d = "layout.gif" ;
564     break ;
565     case ".exe" :
566     case ".bat" :
567     $d = "screw2.gif" ;
568     break ;
569     case ".bas" :
570     case ".c" :
571     case ".cc" :
572     case ".src" :
573     $d = "c.gif" ;
574     break ;
575     case "file" :
576     $d = "generic.gif" ;
577     break ;
578     case "fldr" :
579     $d = "dir.gif" ;
580     break ;
581     case ".phps" :
582     $d = "phps.gif" ;
583     break ;
584     case ".php3" :
585     $d = "php3.gif" ;
586     break ;
587     case ".htm" :
588     case ".html":
589     case ".asa" :
590     case ".asp" :
591     case ".cfm" :
592     case ".php3":
593     case ".php" :
594     case ".phtml" :
595     case ".shtml" :
596     $d = "world1.gif" ;
597     break ;
598     case ".pdf" :
599     $d = "pdf.gif" ;
600     break;
601     case ".txt" :
602     case ".ini" :
603     $d = "text.gif" ;
604     break ;
605     case ".xls" :
606     $d = "box2.gif" ;
607     break ;
608     case ".zip" :
609     case ".arc" :
610     case ".sit" :
611     case ".tar" :
612     case ".gz" :
613     case ".tgz" :
614     case ".Z" :
615     $d = "compressed.gif" ;
616     break ;
617     case "view" :
618     $d = "index.gif" ;
619     break ;
620     case "up" :
621     $d = "back.gif" ;
622     break ;
623     case "blank" :
624     $d = "blank.gif" ;
625     break ;
626 dpavlin 1.4 case "checkout":
627 dpavlin 1.6 $d = "box2.gif";
628 dpavlin 1.4 break;
629     case "checkin":
630 dpavlin 1.6 $d = "hand.up.gif";
631     break;
632     case "locked":
633     $d = "screw2.gif";
634 dpavlin 1.4 break;
635     case "note":
636     $d = "quill.gif";
637     break;
638 dpavlin 1.1 default :
639     $d = "generic.gif" ;
640     }
641    
642     return "<IMG SRC=\"$gblIconLocation" . $d . "\" BORDER=0>" ;
643     } // end function GifIcon
644    
645     //////////////////////////////////////////////////////////////////
646    
647     function Navigate($fsRoot,$relDir) {
648    
649 dpavlin 1.15 global $gblEditable, $gblIcon, $gblModDays ;
650 dpavlin 1.1
651     $self = $GLOBALS["PHP_SELF"] ;
652 dpavlin 1.2 if (isset($GLOBALS["HTTPS"]) && $GLOBALS["HTTPS"] == "on") {
653     $webRoot = "https://" . $GLOBALS["SERVER_NAME"] ;
654     } else {
655     $webRoot = "http://" . $GLOBALS["SERVER_NAME"] ;
656     }
657 dpavlin 1.1 $fsDir = $fsRoot . $relDir . "/" ; // current directory
658    
659     if (!is_dir($fsDir)) Error("Dir not found",$relDir) ;
660    
661     // read directory contents
662     if ( !($dir = @opendir($fsDir)) )
663     Error("Read Access denied",$relDir) ;
664     while ($item = readdir($dir)) {
665 dpavlin 1.2 if ( $item == ".." || $item == "." || substr($item,0,1) == "." ) continue ;
666 dpavlin 1.1 if ( is_dir($fsDir . $item) ) {
667     $dirList[] = $item ;
668 dpavlin 1.2 } else if ( is_file($fsDir . $item) ) {
669 dpavlin 1.1 $fileList[] = $item ;
670 dpavlin 1.2 } else if ( is_link($fsDir . $item) ) {
671     $dirList[] = $item ;
672     } else {
673 dpavlin 1.1 // unknown file type
674     // $text = "Could not determine file type of " ;
675     // Error("File Error", $text.$relDir."/".$item) ;
676     // exit ;
677     }
678     }
679     closedir($dir) ;
680 dpavlin 1.2
681     // scan deleted files
682     if ( $GLOBALS[show_deleted] == 1 && ($dir = @opendir("$fsDir/.del")) ) {
683     while ($item = readdir($dir)) {
684     if ( substr($item,0,1) == "." ) continue ;
685     $fileList[] = ".del/$item" ;
686     }
687     closedir($dir) ;
688     }
689    
690 dpavlin 1.1 $emptyDir = ! (sizeof($dirList) || sizeof($fileList)) ;
691    
692     // start navigation page
693 dpavlin 1.2 $text = "Use this page to add, delete";
694     if (! isset($show_deleted)) {
695 dpavlin 1.6 $text .= ", <a href=$self?D=".urlencode($relDir)."&show_deleted=1>undelete</a>";
696 dpavlin 1.2 }
697     $text .= " or revise files on this web site." ;
698 dpavlin 1.1 StartHTML("(Navigate)",$text) ;
699    
700     echo "<TABLE BORDER=0 CELLPADDING=2
701     CELLSPACING=3 WIDTH=\"100%\">" ;
702    
703     // updir bar
704     if ($fsDir != $fsRoot) {
705     $parent = dirname($relDir) ;
706     if ($parent == "") $parent = "/" ;
707     ?>
708    
709 dpavlin 1.4 <TR><TD><?= $gblIcon("up") ?></TD><TD COLSPAN=5 CLASS=LST>
710     <A HREF="<?= $self ?>?D=<?= urlencode($parent) ?>">
711     <B><?= $parent ?></B></A></TD></TR>
712 dpavlin 1.1
713     <?php
714     }
715    
716     // output subdirs
717     if (sizeof($dirList) > 0) {
718     sort($dirList) ;
719     ?>
720    
721 dpavlin 1.4 <TR><TD></TD><TD COLSPAN=5 CLASS=TOP><HR>DIRECTORY NAME</TD></TR>
722 dpavlin 1.1
723     <?php
724     while (list($key,$dir) = each($dirList)) {
725    
726     $tstr = "<A HREF=\"" . $self . "?D=" ;
727     $tstr .= urlencode($relDir."/".$dir) ;
728     $tstr .= "\">" . $dir . "/</A>" ;
729     ?>
730    
731 dpavlin 1.4 <TR><TD><?= $gblIcon("fldr") ?></TD>
732     <TD COLSPAN=5 CLASS=LST><?= $tstr ?></TD></TR>
733 dpavlin 1.1
734     <?php
735     } // iterate over dirs
736     } // end if no dirs
737     ?>
738    
739 dpavlin 1.4 <TR><TD></TD><TD COLSPAN=5><HR><B><?= $webRoot . $relDir ?>
740 dpavlin 1.1 </B></TD></TR>
741     <TR><TD></TD><TD CLASS=TOP>DOCUMENT NAME</TD>
742 dpavlin 1.6 <TD><?= $gblIcon("blank").$gblIcon("blank") ?></TD>
743 dpavlin 1.4 <TD CLASS=TOP>NOTE</TD>
744 dpavlin 1.1 <TD CLASS=TOP>LAST UPDATE</TD><TD CLASS=TOP>FILE SIZE</TD></TR>
745    
746     <?php
747     if (sizeof($fileList) > 0) {
748     sort($fileList) ;
749     while (list($key,$file) = each($fileList)) {
750 dpavlin 1.4 $path = $fsDir."/".$file ;
751     $mod = filemtime($path) ;
752     $sz = filesize($path) ;
753    
754     if ($sz >= 10240) {
755     $sz = (int)(($sz+1023)/1024) . " k" ;
756     } else {
757     $sz .= " " ;
758     } // end size
759 dpavlin 1.1
760 dpavlin 1.4 $a = $b = "" ;
761    
762     $info_url=$self."?A=E&F=".urlencode($file)."&D=".urlencode($relDir);
763    
764 dpavlin 1.14 if ( ($mod + $gblModDays*86400) > time() ) {
765 dpavlin 1.4 $a = "<SPAN CLASS=RED TITLE=\"Newer" ;
766 dpavlin 1.14 $a .= " than $gblModDays days\"> * </SPAN>" ;
767 dpavlin 1.4 }
768    
769 dpavlin 1.6 $file_lock=CheckLock($path);
770    
771     $file_url_html="<A HREF=\"$self?A=V&F=".urlencode($file);
772     $file_url_html.="&D=".urlencode($relDir);
773     $file_url_html.="\" TITLE=\"View file\">" ;
774 dpavlin 1.2
775     if (substr($file,0,5) != ".del/") {
776 dpavlin 1.6 $file_url_html .= $file . "</A>" . $a ;
777 dpavlin 1.2 } else {
778 dpavlin 1.6 $file_url_html .= substr($file,5,strlen($file)-5) . "</a> <SPAN CLASS=RED TITLE=\"deleted\"> <a href=\"$info_url#undelete\">deleted</a> </span>";
779 dpavlin 1.4 }
780    
781 dpavlin 1.6 $note_html="<a href=\"$info_url#note\">".$gblIcon("note")."</a>".ReadNote($path);
782 dpavlin 1.4
783     $ext = strtolower(strrchr($file,".")) ;
784 dpavlin 1.6
785     if ($file_lock) {
786     if ($file_lock == $GLOBALS[gblUserName]) {
787     $b.="<A HREF=\"$self?A=Ci&F=".urlencode($file);
788     $b.="&D=".urlencode($relDir);
789     $b.="\" TITLE=\"Checkin (update) file on server\">" ;
790     $file_url_html=$b;
791     $b.=$gblIcon("checkin")."</A>" ;
792     $b.= $gblIcon("blank");
793     $file_url_html.="$file</a> $a";
794     $note_html = $gblIcon("blank")."<b>Please check-in (update) this file</b>";
795     } else {
796     $b = $gblIcon("locked");
797     $b.= $gblIcon("blank");
798     $note_html = $gblIcon("blank")."<b>File locked by $file_lock</b>";
799     $file_url_html = "$file $a";
800     }
801 dpavlin 1.4 } else {
802 dpavlin 1.6 $b.="<A HREF=\"$self?A=Co&F=".urlencode($file);
803     $b.="&D=".urlencode($relDir);
804     $b.="\" TITLE=\"Checkout file for edit\">" ;
805     $b.=$gblIcon("checkout")."</A>" ;
806    
807     if ( $ext=="" || strstr(join(" ",$gblEditable),$ext) ) {
808     $b.="<A HREF=\"$self?A=C&F=".urlencode($file);
809     $b.="&D=".urlencode($relDir);
810     $b.="\" TITLE=\"List contents\">" ;
811     $b.=$gblIcon("view")."</A>" ;
812     } else {
813     $b.= $gblIcon("blank");
814     }
815 dpavlin 1.2 }
816 dpavlin 1.1
817    
818     ?>
819    
820     <TR><TD>
821 dpavlin 1.4 <A HREF="<?= $info_url ?>" TITLE="View/Edit">
822     <?= $gblIcon($ext) ?></A></TD>
823 dpavlin 1.6 <TD CLASS=LST><?= $file_url_html ?></TD>
824 dpavlin 1.4 <TD CLASS=LST ALIGN=center><?= $b ?></TD>
825 dpavlin 1.6 <TD CLASS=LST ALIGN=left><?= $note_html ?></TD>
826 dpavlin 1.4 <TD CLASS=LST><?= date("$GLOBALS[gblDateFmt] $GLOBALS[gblTimeFmt]",$mod) ?></TD>
827     <TD CLASS=LST><?= $sz ?>Bytes</TD></TR>
828 dpavlin 1.1
829     <?php
830     } // iterate over files
831     } // end if no files
832    
833     if ($emptyDir) {
834     ?>
835    
836 dpavlin 1.4 <FORM METHOD="POST" ACTION="<?= $self ?>">
837     <TR><TD></TD><TD COLSPAN=5 CLASS=BAR>
838     <INPUT TYPE="HIDDEN" NAME="DIR" VALUE="<?= $relDir ?>">
839 dpavlin 1.1 OK TO DELETE THIS EMPTY FOLDER?
840     <INPUT TYPE="CHECKBOX" NAME="CONFIRM">
841     <INPUT TYPE="SUBMIT" NAME="POSTACTION" VALUE="DELETE">
842     </TD></TR>
843     </FORM>
844    
845     <?php
846     } // end if emptyDir
847     ?>
848    
849 dpavlin 1.4 <TR><TD></TD><TD COLSPAN=5><HR></TD></TR>
850 dpavlin 1.1
851 dpavlin 1.6 <TR><TD></TD><TD COLSPAN=5>
852 dpavlin 1.13 <?
853     if (file_exists(".info.inc")) {
854     include(".info.inc");
855     }
856     ?>
857 dpavlin 1.6 </TD></TR>
858    
859     <TR><TD></TD><TD COLSPAN=5><HR></TD></TR>
860    
861 dpavlin 1.4 <FORM METHOD="POST" ACTION="<?= $self ?>">
862     <TR><TD></TD><TD COLSPAN=5 CLASS=BAR>CREATE NEW
863 dpavlin 1.1 <INPUT TYPE="RADIO" NAME="T" VALUE="D" CHECKED>DIRECTORY -OR-
864     <INPUT TYPE="RADIO" NAME="T" VALUE="F">FILE : &nbsp;&nbsp;
865     <NOBR>NAME <INPUT TYPE="TEXT" NAME="FN" SIZE=14>
866     <INPUT TYPE="HIDDEN" NAME="POSTACTION" VALUE="CREATE">
867 dpavlin 1.4 <INPUT TYPE="HIDDEN" NAME="DIR" VALUE="<?= $relDir ?>">
868 dpavlin 1.1 <INPUT TYPE="SUBMIT" VALUE="CREATE"></NOBR>
869 dpavlin 1.9 <NOBR>OR <A HREF="<?= $self ?>?A=U&D=<?= urlencode($relDir) ?>">UPLOAD</A> A FILE
870 dpavlin 1.1 </NOBR>
871     </TD></TR>
872     </FORM>
873     </TABLE>
874    
875     <?php
876     EndHTML() ;
877     } // end function Navigate
878    
879     //////////////////////////////////////////////////////////////////
880    
881 dpavlin 1.6 function UploadPage($fsRoot, $relDir, $filename) {
882 dpavlin 1.1
883     $self = $GLOBALS["PHP_SELF"] ;
884     if ($relDir == "") $relDir = "/" ;
885     ?>
886    
887     <P><TABLE BORDER=0 CELLPADDING=5><TR><TD WIDTH=5></TD><TD CLASS=BAR>
888     <FORM ENCTYPE="multipart/form-data" METHOD="POST"
889 dpavlin 1.4 ACTION="<?= $self ?>">
890     DESTINATION DIRECTORY:<B><?= " " . $relDir ?></B>
891 dpavlin 1.6 <? if (isset($filename)) { ?>
892     <br>DESTINATION FILE:<B><?= " " . $filename ?></B>
893     <INPUT TYPE="HIDDEN" NAME="FILENAME" VALUE="<?= $filename ?>">
894     <? } ?>
895 dpavlin 1.1 <P>PATHNAME OF LOCAL FILE<BR>
896 dpavlin 1.4 <INPUT TYPE="HIDDEN" NAME="DIR" VALUE="<?= $relDir ?>">
897 dpavlin 1.1 <INPUT TYPE="HIDDEN" NAME="POSTACTION" VALUE="UPLOAD">
898     <INPUT SIZE=30 TYPE="FILE" NAME="FN"></P>
899     <P><INPUT TYPE="SUBMIT" VALUE="UPLOAD"></P>
900     <P>If the <B>[BROWSE...]</B> button is not displayed,<BR>
901     you must upgrade to an RFC1867-compliant browser.</P>
902 dpavlin 1.4 <P>Your browser:<BR><?= $GLOBALS["HTTP_USER_AGENT"] ?></P>
903 dpavlin 1.1 </FORM>
904     </TD></TR>
905     <TR><TD></TD><TD>
906 dpavlin 1.4 <FORM METHOD="POST" ACTION="<?= $self ?>">
907     <INPUT TYPE="HIDDEN" NAME="DIR" VALUE="<?= $relDir ?>"><BR>
908 dpavlin 1.1 <INPUT TYPE="SUBMIT" NAME="POSTACTION" VALUE="CANCEL">
909     </FORM>
910     </TD></TR></TABLE></P>
911    
912     <?php
913     } // end function UploadPage
914    
915     //////////////////////////////////////////////////////////////////
916    
917     function Error($title,$text="") {
918     StartHTML("(".$title.")",$text) ;
919     echo "<P ALIGN=center>Hit your Browser's Back Button.</P>" ;
920     EndHTML() ;
921     exit ;
922     } // end function Error
923    
924     //////////////////////////////////////////////////////////////////
925    
926     function CreateHash($user, $pw) {
927    
928     global $gblHash ; // hash function to use
929    
930     if ($user == "" || $pw == "") {
931     $text = "either no password or no username supplied" ;
932     Error("Create Hash",$text) ;
933     }
934     $title = "(Create Hash)" ;
935     StartHTML($title) ;
936     echo "<P ALIGN=center>" ;
937     echo "<BLOCKQUOTE>Copy the value below and paste it " ;
938     echo "into the<BR>value for \$gblPw in the source of " ;
939     echo "this file<BR><BR><B>" . $gblHash($user.$pw) ;
940     echo "</B><BR><BR>Hash function: " . $gblHash ;
941     echo "</BLOCKQUOTE></P>" ;
942     EndHTML() ;
943     exit ;
944    
945     } // end function CreateHash
946    
947     //////////////////////////////////////////////////////////////////
948    
949     function NoEntry() {
950    
951     $user = $GLOBALS["PHP_AUTH_USER"] ;
952     $pw = $GLOBALS["PHP_AUTH_PW"] ;
953     $self = $GLOBALS["PHP_SELF"] ;
954    
955     $title = "(401 Unauthorized)" ;
956     $text = "No trespassing !" ;
957     StartHTML($title,$text) ;
958     ?>
959    
960 dpavlin 1.4 <FORM ACTION="<?= $self ?>?HASH=create" METHOD="POST">
961     <INPUT TYPE="HIDDEN" NAME="USER" VALUE="<?= $user ?>">
962     <INPUT TYPE="HIDDEN" NAME="PW" VALUE="<?= $pw ?>">
963 dpavlin 1.1
964     <BLOCKQUOTE><B>If you are a site administrator:</B><BR><BR>
965     Click below to <B>generate a password hash</B><BR>from
966     the username-password pair you just<BR>entered. Then include the hash in
967     the source<BR>of this file.<BR><BR>
968     <INPUT TYPE="SUBMIT" VALUE="CREATE HASH">
969     </BLOCKQUOTE></FORM>
970    
971     <?php
972     EndHTML() ;
973     exit ;
974     }
975    
976     //////////////////////////////////////////////////////////////////
977    
978 dpavlin 1.2 function Logit($target,$msg) {
979    
980     $dir=dirname($target);
981     if (! file_exists($dir."/.log")) {
982     mkdir($dir."/.log",0700);
983     }
984     $file=basename($target);
985    
986     $log=fopen("$dir/.log/$file","a+");
987     fputs($log,date("$GLOBALS[gblDateFmt]\t$GLOBALS[gblTimeFmt]").
988     "\t$GLOBALS[gblUserName]\t$msg\n");
989     fclose($log);
990    
991     }
992    
993    
994 dpavlin 1.4 //////////////////////////////////////////////////////////////////
995    
996     function WriteNote($target,$msg) {
997    
998     $dir=dirname($target);
999     if (! file_exists($dir."/.note")) {
1000     mkdir($dir."/.note",0700);
1001     }
1002     $file=basename($target);
1003    
1004     $note=fopen("$dir/.note/$file","w");
1005     fputs($note,"$msg\n");
1006     fclose($note);
1007    
1008     Logit($target,"added note $msg");
1009    
1010     }
1011    
1012     function ReadNote($target) {
1013    
1014     $dir=dirname($target);
1015     $file=basename($target);
1016     $msg="";
1017     if (file_exists($dir."/.note/$file")) {
1018     $note=fopen("$dir/.note/$file","r");
1019     $msg=fgets($note,4096);
1020     fclose($note);
1021     }
1022 dpavlin 1.6 return StripSlashes($msg);
1023 dpavlin 1.4
1024     }
1025    
1026     //////////////////////////////////////////////////////////////////
1027    
1028     function MoveTo($source,$folder) {
1029    
1030     $file=basename($source);
1031     if (! file_exists($folder)) {
1032     mkdir($folder,0700);
1033     }
1034     if (file_exists($source)) {
1035     rename($source,"$folder/$file");
1036     }
1037     }
1038 dpavlin 1.2
1039     //////////////////////////////////////////////////////////////////
1040    
1041 dpavlin 1.6 function Lock($target) {
1042    
1043     $dir=dirname($target);
1044     if (! file_exists($dir."/.lock")) {
1045     mkdir($dir."/.lock",0700);
1046     }
1047     $file=basename($target);
1048    
1049     if (file_exists("$dir/.lock/$file")) {
1050     Logit($target,"attempt to locked allready locked file!");
1051     } else {
1052     $lock=fopen("$dir/.lock/$file","w");
1053     fputs($lock,"$GLOBALS[gblUserName]\n");
1054     fclose($lock);
1055    
1056     Logit($target,"file locked");
1057     }
1058    
1059     }
1060    
1061     function CheckLock($target) {
1062    
1063     $dir=dirname($target);
1064     $file=basename($target);
1065     $msg=0;
1066     if (file_exists($dir."/.lock/$file")) {
1067     $lock=fopen("$dir/.lock/$file","r");
1068     $msg=fgets($lock,4096);
1069     fclose($lock);
1070     }
1071     return chop($msg);
1072    
1073     }
1074    
1075     function Unlock($target) {
1076    
1077     $dir=dirname($target);
1078     $file=basename($target);
1079     if (file_exists($dir."/.lock/$file")) {
1080     unlink("$dir/.lock/$file");
1081     Logit($target,"file unlocked");
1082     } else {
1083     Logit($target,"attempt to unlocked non-locked file!");
1084     }
1085    
1086     }
1087    
1088     //////////////////////////////////////////////////////////////////
1089    
1090 dpavlin 1.9 function urlpath($url) {
1091 dpavlin 1.8 $url=urlencode(StripSlashes("$url"));
1092 dpavlin 1.7 $url=str_replace("%2F","/",$url);
1093     $url=str_replace("+","%20",$url);
1094 dpavlin 1.9 return($url);
1095 dpavlin 1.7 }
1096    
1097     //////////////////////////////////////////////////////////////////
1098    
1099 dpavlin 1.8 function safe_rename($from,$to) {
1100     if (file_exists($from) && is_writable(dirname($to))) {
1101     rename($from,$to);
1102     }
1103     }
1104    
1105     //////////////////////////////////////////////////////////////////
1106    
1107 dpavlin 1.1 // MAIN PROGRAM
1108     // ============
1109     // query parameters: capital letters
1110     // local functions : begin with capital letters
1111     // global constants: begin with gbl
1112    
1113 dpavlin 1.2 $gblFilePerms = 0640 ; // default for new files
1114     $gblDirPerms = 0750 ; // default for new dirs
1115 dpavlin 1.1
1116     // phpinfo() ;
1117     // exit ;
1118    
1119     // forks before authentication: style sheet and hash
1120     // creation if password not yet set.
1121     if ($STYLE == "get") { CSS() ; exit ; }
1122     if ($HASH != "") {
1123     CreateHash($USER, $PW) ;
1124     exit ;
1125     }
1126    
1127     // authentication if $gblAuth == true
1128 dpavlin 1.2 if ( $gblAuth && $gblHash($PHP_AUTH_USER.$PHP_AUTH_PW) != $gblPw ||
1129     isset($relogin) && $gblPw == $relogin ) {
1130 dpavlin 1.1 header("WWW-authenticate: basic realm=\"$SERVER_NAME\"") ;
1131     header("HTTP/1.0 401 Unauthorized") ;
1132     NoEntry() ;
1133     exit ;
1134     }
1135    
1136     // get current directory relative to $gblFsRoot
1137     $relDir = $DIR ; // from POST
1138     if ($relDir == "") { // not defined in POST ?
1139     $relDir = urldecode($D) ; // then use GET
1140     }
1141    
1142     if ($relDir == "/") $relDir = "" ;
1143     // default : website root = ""
1144    
1145     if (strstr($relDir,"..")) Error("No updirs allowed");
1146    
1147     // full paths contain "fs" or "Fs". Paths realitve to root of
1148     // website contain "rel" or "Rel". The script won't let you
1149     // edit anything above directory equal to http://server.com
1150     // i.e. below $gblFsRoot.
1151    
1152     $relScriptDir = dirname($SCRIPT_NAME) ;
1153     // i.e. /siteman
1154    
1155     $fsScriptDir = dirname($SCRIPT_FILENAME) ;
1156     // i.e. /home/httpd/html/siteman
1157    
1158     $gblFsRoot = substr($fsScriptDir,0,
1159     strlen($fsScriptDir)-strlen($relScriptDir)) ;
1160     // i.e. /home/httpd/html
1161    
1162     $fsDir = $gblFsRoot . $relDir ; // current directory
1163     if ( !is_dir($fsDir) ) Error("Dir not found",$relDir) ;
1164    
1165     switch ($POSTACTION) {
1166     case "UPLOAD" :
1167 dpavlin 1.2 if (!is_writeable($fsDir)) Error("Write denied",$relDir) ;
1168 dpavlin 1.1 if (strstr($FN_name,"/"))
1169     Error("Non-conforming filename") ;
1170     // TODO : should rather check for escapeshellcmds
1171     // but maybe RFC 18xx asserts safe filenames ....
1172     $source = $FN ;
1173 dpavlin 1.6 if (! isset($FILENAME)) { // from update file
1174     $target = "$fsDir/$FN_name" ;
1175     } else {
1176     $target = "$fsDir/$FILENAME";
1177     }
1178 dpavlin 1.2
1179     // backup old files first
1180     $dir=dirname($target);
1181     if (! file_exists($dir."/.bak")) {
1182     mkdir($dir."/.bak",0700);
1183     }
1184     if (! file_exists($dir."/.bak/$GLOBALS[gblNumBackups]")) {
1185     mkdir($dir."/.bak/$GLOBALS[gblNumBackups]",0700);
1186     }
1187     $file=basename($target);
1188     for($i=$GLOBALS[gblNumBackups]-1;$i>0;$i--) {
1189 dpavlin 1.4 MoveTo("$dir/.bak/$i/$file","$dir/.bak/".($i+1)."/");
1190 dpavlin 1.2 }
1191 dpavlin 1.6 MoveTo($target,$dir."/.bak/1/");
1192 dpavlin 1.2
1193     copy($source,$target) ;
1194     chmod($target,$gblFilePerms) ;
1195 dpavlin 1.1 clearstatcache() ;
1196 dpavlin 1.2 Logit($target,"uploaded");
1197 dpavlin 1.6 if (isset($FILENAME)) {
1198     Unlock($target);
1199     }
1200 dpavlin 1.1 break ;
1201    
1202     case "SAVE" :
1203     $path = $gblFsRoot . escapeshellcmd($RELPATH) ;
1204 dpavlin 1.2 $writable = is_writeable($path) ;
1205     $legaldir = is_writeable(dirname($path)) ;
1206 dpavlin 1.1 $exists = (file_exists($path)) ? 1 : 0 ;
1207     // check for legal extension here as well
1208     if (!($writable || (!$exists && $legaldir)))
1209     Error("Write denied",$RELPATH) ;
1210     $fh = fopen($path, "w") ;
1211     fwrite($fh,$FILEDATA) ;
1212     fclose($fh) ;
1213     clearstatcache() ;
1214 dpavlin 1.2 Logit($path,"saved changes");
1215 dpavlin 1.1 break ;
1216    
1217     case "CREATE" :
1218     // we know $fsDir exists
1219 dpavlin 1.2 if ($FN == "") break; // no filename!
1220     if (!is_writeable($fsDir)) Error("Write denied",$relDir) ;
1221 dpavlin 1.1 $path = $fsDir . "/" . $FN ; // file or dir to create
1222     $relPath = $relDir . "/" . $FN ;
1223     switch ( $T ) {
1224     case "D" : // create a directory
1225 dpavlin 1.6 if ( ! @mkdir($path,$gblDirPerms) )
1226     Error("Mkdir failed",$relPath) ; // eg. if it exists
1227     clearstatcache() ;
1228     break ;
1229 dpavlin 1.1 case "F" : // create a new file
1230     // this functionality is doubled in DetailView().
1231     // better keep it here altogether
1232     // chmod perms to $gblFilePerms
1233 dpavlin 1.6 if ( file_exists($path) && !is_writable($path) )
1234     Error("File not writable", $relPath) ;
1235     $fh = fopen($path, "w+") ;
1236     if ($fh) {
1237     fputs($fh,"\n");
1238     fclose($fh) ;
1239     LogIt($path,"file created");
1240     } else {
1241     Error("Creation of file $relPath failed -- $path");
1242     }
1243     $tstr = "$PHP_SELF?A=E&D=".urlencode($relDir)."&F=".urlencode($FN) ;
1244     header("Location: " . $tstr) ;
1245     exit ;
1246 dpavlin 1.1 }
1247     break ;
1248    
1249     case "DELETE" :
1250     if ( $CONFIRM != "on" ) break ;
1251    
1252     $tstr = "Attempt to delete non-existing object or " ;
1253     $tstr .= "insufficient privileges: " ;
1254    
1255     if ( $FN != "") { // delete file
1256 dpavlin 1.2 $path = $fsDir . "/" . $FN ;
1257    
1258     $dir=dirname($path);
1259     $file=basename($path);
1260     if (! file_exists("$dir/.del")) {
1261     mkdir("$dir/.del",0700);
1262     }
1263    
1264     // if ( ! @unlink($path) ) {
1265     if ( ! rename($path,"$dir/.del/$file") ) {
1266     Error("File delete failed", $tstr . $path) ;
1267     Logit($path,"file delete failed");
1268     exit ;
1269     } else {
1270     Logit($path,"file deleted");
1271 dpavlin 1.4 MoveTo("$dir/.log/$file","$dir/.del/.log/");
1272     MoveTo("$dir/.note/$file","$dir/.del/.note/");
1273 dpavlin 1.6 MoveTo("$dir/.lock/$file","$dir/.del/.lock/");
1274 dpavlin 1.2 }
1275 dpavlin 1.1 }
1276     else { // delete directory
1277     if ( ! @rmdir($fsDir) ) {
1278     Error("Rmdir failed", $tstr . $fsDir) ;
1279     }
1280     else {
1281     $relDir = dirname($relDir) ; // move up
1282     }
1283     }
1284     break ;
1285    
1286 dpavlin 1.2 case "UNDELETE" :
1287     if ( $CONFIRM != "on" ) break ;
1288    
1289     if (substr($FN,0,4) != ".del") break ;
1290     $file=substr($FN,4,strlen($FN)-4);
1291    
1292     Logit("$fsDir/.del/$file","undeleted");
1293 dpavlin 1.4 MoveTo("$fsDir/.del/$file","$fsDir/");
1294     MoveTo("$fsDir/.del/.log/$file","$fsDir/.log/");
1295     MoveTo("$fsDir/.del/.note/$file","$fsDir/.note/");
1296 dpavlin 1.6 MoveTo("$fsDir/.del/.lock/$file","$fsDir/.lock/");
1297 dpavlin 1.2
1298     break ;
1299    
1300     case "RENAME" :
1301     if ( $CONFIRM != "on" ) break ;
1302    
1303     Logit("$fsDir/$FN","renamed $FN to $NEWNAME");
1304 dpavlin 1.8 safe_rename("$fsDir/$FN","$fsDir/$NEWNAME");
1305     safe_rename("$fsDir/.log/$FN","$fsDir/.log/$NEWNAME");
1306     safe_rename("$fsDir/.note/$FN","$fsDir/.note/$NEWNAME");
1307     safe_rename("$fsDir/.lock/$FN","$fsDir/.lock/$NEWNAME");
1308 dpavlin 1.11 for($i=0;$i<=$GLOBALS[gblNumBackups];$i++) {
1309     safe_rename("$fsDir/.bak/$i/$FN","$fsDir/.bak/$i/$NEWNAME");
1310     }
1311 dpavlin 1.2
1312 dpavlin 1.4 break ;
1313    
1314     case "NOTE" :
1315     WriteNote("$fsDir/$FN","$NOTE");
1316 dpavlin 1.2 break ;
1317    
1318 dpavlin 1.6 case "UNLOCK" :
1319     if ( $CONFIRM != "on" ) break ;
1320     Unlock("$fsDir/$FN");
1321     break ;
1322    
1323 dpavlin 1.1 default :
1324     // user hit "CANCEL" or undefined action
1325     }
1326    
1327     // common to all POSTs : redirect to directory view ($relDir)
1328     if ( $POSTACTION != "" ) {
1329     $tstr = $PHP_SELF . "?D=" . urlencode($relDir) ;
1330     header("Location: " . $tstr) ;
1331     exit ;
1332     }
1333    
1334     // check for mode.. navigate, code display, upload, or detail?
1335     // $A=U : upload to path given in $D
1336     // $A=E : display detail of file $D/$F and edit
1337     // $A=C : display code in file $D/$F
1338 dpavlin 1.6 // $A=Co : checkout file $D/$F
1339     // $A=Ci : checkin file $D/$F
1340     // $A=V : view file (do nothing except log)
1341 dpavlin 1.1 // default : display directory $D
1342    
1343     switch ($A) {
1344     case "U" :
1345     // upload to $relDir
1346 dpavlin 1.2 if (!is_writeable($gblFsRoot . $relDir))
1347 dpavlin 1.1 Error("Write access denied",$relDir) ;
1348     $text = "Use this page to upload a single " ;
1349     $text .= "file to <B>$SERVER_NAME</B>." ;
1350     StartHTML("(Upload Page)", $text) ;
1351     UploadPage($gblFsRoot, $relDir) ;
1352     EndHTML() ;
1353     exit ;
1354     case "E" :
1355     // detail of $relDir/$F
1356 dpavlin 1.2 if (is_file("$gblFsRoot/$relDir/$F")) DetailPage($gblFsRoot, $relDir, $F) ;
1357 dpavlin 1.1 exit ;
1358     case "C" :
1359     // listing of $relDir/$F
1360     DisplayCode($gblFsRoot, $relDir, $F) ;
1361     exit ;
1362 dpavlin 1.6 case "Co" :
1363     // checkout
1364     Lock("$gblFsRoot/$relDir/$F");
1365 dpavlin 1.12 header("Content-Disposition: attachment; filename=$F" );
1366 dpavlin 1.9 Header("Location: ".urlpath("$relDir/$F"));
1367 dpavlin 1.6 exit;
1368     case "Ci" :
1369     // upload && update to $relDir
1370     if (!is_writeable($gblFsRoot . $relDir))
1371     Error("Write access denied",$relDir) ;
1372     $text = "Use this page to update a single " ;
1373     $text .= "file to <B>$SERVER_NAME</B>." ;
1374     StartHTML("(Update file Page)", $text) ;
1375     UploadPage($gblFsRoot, $relDir, $F) ;
1376     EndHTML() ;
1377     exit ;
1378     case "V" :
1379     // view
1380 dpavlin 1.9 LogIt("$gblFsRoot/$relDir/$F","viewed");
1381 dpavlin 1.12 header("Content-Disposition: attachment; filename=$F" );
1382 dpavlin 1.9 Header("Location: ".urlpath("$relDir/$F"));
1383 dpavlin 1.6 exit;
1384 dpavlin 1.1 }
1385    
1386     // default: display directory $relDir
1387     Navigate($gblFsRoot,$relDir) ;
1388     exit ;
1389    
1390     Error("Whooah!","By cartesian logic, this never happens") ;
1391     ?>

  ViewVC Help
Powered by ViewVC 1.1.26