/[docman]/docman.php
This is repository of my old source code which isn't updated any more. Go to git.rot13.org for current projects!
ViewVC logotype

Annotation of /docman.php

Parent Directory Parent Directory | Revision Log Revision Log


Revision 1.17 - (hide annotations)
Wed Sep 6 14:25:15 2000 UTC (22 years, 5 months ago) by dpavlin
Branch: MAIN
Changes since 1.16: +1 -1 lines
fix write denied error after creation of new file

1 dpavlin 1.1 <?php
2    
3     /* Copyright 1999 by John Martin d/b/a www.ANYPORTAL.com */
4     /* All Rights Reserved. */
5     /* */
6     /* This software is freeware and is not in the public domain. */
7     /* You are hereby granted the right to freely distribute this */
8     /* software as long as this copyright notice remains in place. */
9     /* */
10     /* Comments or suggestions? email: andmore@alief.com */
11     /* */
12     /* This is the PHP port: AnyPortal(php)-0.1 */
13     /* ======================================== */
14     /* */
15     /* PHP version 2000 by Stefan@Wiesendanger.org */
16     /* No Rights Reserved. What for, anyhow ? */
17     /* */
18     /* Date Remarks */
19     /* --------- ----------------------------------------------- */
20     /* 25 MAY 99 original ASP version */
21     /* 17 SEP 99 change upload from SA-FILEUP to aspSmartUpload */
22     /* 10 APR 00 simplified PHP3 version */
23     /* 18 APR 00 most of PHP3 port working. Slight modifications */
24     /* 22 APR 00 modified syntax highlighting, no absolute paths */
25     /* revealed, PHP builtin authentication, global */
26     /* style sheet as callback, use apache default */
27     /* icons as an alternative to the wingdings font. */
28     /* 25 APR 00 catch some exceptions (not foolproof yet) */
29     /* 26 APR 00 catch some more exceptions, implicit copy */
30     /* function by saving somewhere else in the detail */
31     /* view, MD5 hashed password. */
32     /* 27 APR 00 Fixed authentication bug */
33     /* 12 MAY 00 Fixed trouble with exec() with newer versions of */
34     /* PHP3. Fixed bug which would send you to a non- */
35     /* existent address after file modifications. */
36    
37 dpavlin 1.2 /*
38     2000-07-25 Dobrica Pavlinusic <dpavlin@rot13.org>
39    
40     nuked exec calls (unsecure)
41     nuked writeable function (replaced by php is_writeable)
42     added support for https (tested with apache+mod_ssl)
43     added users file
44     date format user-selectable
45     cycle backup files in bak directory
46     support links as directoryes (for now)
47     support of file history logging
48     undelete capabilities (delete moves to .del directory)
49    
50     2000-07-26 DbP
51    
52     added more checking on entered filename (when creating file/dir)
53     added rename option
54    
55    
56     IMPORTANT INSTALLATION NOTE:
57     deny serving of .* (dot-something) files in web server!
58     Otherwise, uses can access your log files, users and/or
59     deleted files!
60    
61     .htusers is in form:
62     login:Real Name:md5(loginpassword)
63    
64    
65     TODO:
66     mixed file/directory output (add type to each entry,
67     real support for links)
68 dpavlin 1.9 retrieve old versions of files (overwritten)
69 dpavlin 1.13 show last lock date
70    
71 dpavlin 1.2 */
72    
73 dpavlin 1.1 //////////////////////////////////////////////////////////////////
74    
75     // TODO : Don't let the file be modified itself. Create a hash of
76     // it (kinda hard since it's self-referential ;-). Make better use
77     // of session management. Escapeshellcmd for all user input.
78    
79     //////////////////////////////////////////////////////////////////
80    
81     // GLOBAL PARAMETERS
82     // =================
83     // Make modifications here to suit siteman to your needs
84    
85     // error_reporting(4) ; // how verbose ?
86    
87     // username/password should not be system
88     // usernames/passwords !!
89    
90 dpavlin 1.2 // $gblPw = "hash_of_your_username_and_password" ;
91    
92     // $gblAuth = false ; // use builtin authentication
93     $gblAuth = true ; // use builtin authentication
94 dpavlin 1.1 $gblHash = "md5" ; // hash function to use
95    
96 dpavlin 1.2 $gblPw = "";
97    
98     if ($gblAuth) {
99 dpavlin 1.3 $htusers_file=dirname($SCRIPT_FILENAME)."/.htusers";
100     if (! file_exists($htusers_file)) {
101     $htusers=fopen($htusers_file,"a+");
102     fputs($htusers,"# Change owner of $htusers_file to root !!\n");
103     fputs($htusers,"demo:full name:md5_hash\n");
104     fclose($htusers);
105     }
106     $htusers=fopen($htusers_file,"r");
107 dpavlin 1.2 while($user = fgetcsv($htusers,255,":")) {
108     if ($user[0] == $GLOBALS["PHP_AUTH_USER"]) {
109     $gblUserName=$user[1];
110     $gblPw=$user[2];
111 dpavlin 1.14 $gblEmail=$user[3];
112 dpavlin 1.2 continue ;
113     }
114     }
115     fclose($htusers);
116     }
117    
118     // $gblDateFmt="D, F d, Y";
119     // $gblTimeFmt="g:i:sA";
120    
121     $gblDateFmt="Y-m-d";
122     $gblTimeFmt="H:i:s";
123    
124 dpavlin 1.14 // Number of backup files to keep
125     $gblNumBackups=3;
126    
127     // show red star if newer than ... days
128     $gblModDays=1;
129 dpavlin 1.2
130 dpavlin 1.1 // choose GifIcon below unless you have the M$
131     // WingDings font installed on your system
132    
133     $gblIcon = "GifIcon" ; // MockIcon or GifIcon
134    
135     // the directory below should be /icons/ or /icons/small/
136     // on Apache; a set of icons is included in the distribution
137    
138 dpavlin 1.3 $gblIconLocation = "/icons/" ;
139 dpavlin 1.1
140     // files you want to be able to edit in text mode
141     // and view with (primitive) syntax highlighting
142    
143     $gblEditable = array( ".txt",".asa",".asp",".htm",".html",
144     ".cfm",".php3",".php",".phtml",
145     ".shtml",".css" ) ;
146    
147     // files that will display as images on the detail page
148     // (useless if your browser doesn't support them)
149    
150     $gblImages = array( ".jpg",".jpeg",".gif",".png",".ico",
151     ".bmp",".xbm") ;
152    
153     //////////////////////////////////////////////////////////////////
154    
155     function StartHTML($title,$text="") {
156    
157     $title = "Site Manager " . $title ;
158     $host = $GLOBALS["HTTP_HOST"] ;
159     $self = $GLOBALS["PHP_SELF"] ;
160     ?>
161    
162     <HTML>
163     <HEAD>
164 dpavlin 1.4 <TITLE><?= $host . " " . $title ?></TITLE>
165 dpavlin 1.1 <META NAME="description" CONTENT="PHP port of AnyPortal Site Manager">
166     <META NAME="keywords" CONTENT="site manager, web site maintenance">
167     <META NAME="robots" CONTENT="noindex">
168     <META HTTP-EQUIV="expires" CONTENT="0">
169     <LINK REL="stylesheet" TYPE="text/css"
170 dpavlin 1.4 HREF="<?= $self ?>?STYLE=get">
171 dpavlin 1.1 </HEAD>
172     <BODY BGCOLOR="#FFFFFF">
173 dpavlin 1.4 <H3 ALIGN="RIGHT"><?= $host ?></H3>
174 dpavlin 1.1 <TABLE BORDER=0 WIDTH="100%"><TR>
175 dpavlin 1.4 <TD CLASS=INV><?= $title ?></TD></TR></TABLE>
176     <P><?= $text ?></P>
177 dpavlin 1.1
178     <?php
179     } // end function StartHTML
180    
181     //////////////////////////////////////////////////////////////////
182    
183     function EndHTML() {
184     ?>
185    
186     <HR>
187     <P CLASS=FTR>
188 dpavlin 1.2 <B><?= date($GLOBALS[gblDateFmt]) ?> -
189     <?= date($GLOBALS[gblTimeFmt]) ?> -
190     <?= $GLOBALS[gblUserName] ?>
191 dpavlin 1.6 <small> [<a href="<?= $GLOBALS["PHP_SELF"] ?>?relogin=<?= $GLOBALS[gblPw] ?>">logout</a>]</small>
192 dpavlin 1.2 </B>
193     <BR>ANYPORTAL(php) Site Manager
194     <br><small>
195     &copy; 1999 by <A HREF="http://www.anyportal.com">ANYPORTAL</A>,
196     &copy; 2000 by <A HREF="http://da.nger.org">d@nger.org</A>,
197     &copy; 2000 by <A HREF="http://www.rot13.org/~dpavlin/">DbP</A>
198     </small>
199 dpavlin 1.1 </P>
200 dpavlin 1.2 <BR>
201 dpavlin 1.9 <? //include(".debug.inc") ?>
202 dpavlin 1.2 <BR><BR></BODY></HTML>
203 dpavlin 1.1
204     <?php
205     } // end function EndHTML
206    
207     //////////////////////////////////////////////////////////////////
208    
209     function CSS() {
210     ?>
211    
212 dpavlin 1.2 BODY,TD,P,H1,H2,H3 { font-family:Verdana,Helvetica,Arial,sans-serif; }
213 dpavlin 1.1 .BLK { color:black; }
214     .RED { color:red; }
215     .TOP { color:red; font-size:70%; } /* table headings */
216     .INV { color:white; background-color:navy;
217     font-weight:bold; font-size:120%; } /* title */
218     .FTR { } /* footer */
219     .LST { background-color:#E0E0E0; } /* table cells */
220     .BAR { background-color:#E0E0E0; } /* action bar */
221     PRE { color:blue; font-family:Lucida Console,Courier New,
222     Courier,sans-serif; } /* source code */
223     EM { color:green; font-style:normal; } /* line numbers */
224     .REM { color:silver; }
225     .XML { color:navy; background-color:yellow; }
226     .MCK { color:red; font-family:WingDings; } /* Mock Icons */
227     A:HOVER { color:red; }
228    
229     <?php
230     } // end function CSS
231    
232     //////////////////////////////////////////////////////////////////
233    
234     function DetailPage($fsRoot,$relDir,$fn) {
235    
236     global $gblEditable, $gblImages ;
237     $self = $GLOBALS["PHP_SELF"] ;
238    
239     $relPath = $relDir . "/" . $fn ;
240     $fsPath = $fsRoot . $relPath ;
241     $fsDir = $fsRoot . $relDir ;
242    
243     $exists = file_exists($fsPath) ;
244     $ext = strtolower(strrchr($relPath,".")) ;
245     $editable = ( $ext=="" || strstr(join(" ",$gblEditable),$ext)) ;
246 dpavlin 1.2 $writable = is_writeable($fsPath) ;
247 dpavlin 1.6 $file_lock = CheckLock($fsPath);
248 dpavlin 1.1
249     if (!$editable && !$exists)
250     Error("Creation unsupported for type",$relPath) ;
251 dpavlin 1.2 if (!exists && !is_writeable($fsDir) )
252 dpavlin 1.1 Error("Creation denied",$relDir) ;
253    
254     $text = "Use this page to view, modify or " ;
255     $text .= "delete a single document on this " ;
256     $text .= "web site." ;
257     $title = "(Detail Page)" ;
258     StartHTML($title, $text) ;
259    
260     echo "<H3>" . $relDir . "/" . $fn . "</H3>" ;
261     if ($exists) { // get file info
262 dpavlin 1.4 $fsize = filesize($fsPath) ;
263     $fmodified = date("$GLOBALS[gblDateFmt] $GLOBALS[gblTimeFmt]", filemtime($fsPath)) ;
264     $faccessed = date("$GLOBALS[gblDateFmt] $GLOBALS[gblTimeFmt]", fileatime($fsPath)) ;
265     echo "<PRE> file size: " . $fsize . " Bytes<BR>" ;
266     echo "last modified: <B>" . $fmodified . "</B><BR>" ;
267     echo "last accessed: <B>" . $faccessed . "</B><BR>" ;
268     echo " owner: <B>" . fileowner($fsPath) . "</B><BR>" ;
269     echo " group: <B>" . filegroup($fsPath) . "</B><BR>" ;
270     echo " permissions: <B>" ;
271     echo printf( "%o", fileperms($fsPath) ) . "</B>" ;
272     echo "</PRE>" ;
273 dpavlin 1.2
274 dpavlin 1.1 }
275    
276 dpavlin 1.6 if ( $editable && ($writable || !$exists) && !$file_lock ) {
277 dpavlin 1.1 $fh = fopen($fsPath,"a+") ;
278     rewind($fh) ;
279     $fstr = fread($fh,filesize($fsPath)) ;
280     fclose($fh) ;
281     $fstr = htmlentities( $fstr ) ;
282     ?>
283    
284 dpavlin 1.4 <FORM ACTION="<?= $self ; ?>" METHOD="POST">
285 dpavlin 1.1 <SPAN TITLE="Click [SAVE] to store updated contents.">
286     <B>DOCUMENT CONTENTS</B>
287     </SPAN><BR>
288     <TEXTAREA NAME="FILEDATA" ROWS=18 COLS=70 WRAP="OFF"><?php
289     echo($fstr) ; ?></TEXTAREA>
290 dpavlin 1.4 <INPUT TYPE="HIDDEN" NAME="DIR" VALUE="<?= $relDir ; ?>">
291     <INPUT TYPE="HIDDEN" NAME="FN" VALUE="<?= $fn ; ?>">
292 dpavlin 1.1 <INPUT TYPE="HIDDEN" NAME="POSTACTION" VALUE="SAVE">
293 dpavlin 1.2 <INPUT TYPE="HIDDEN" SIZE=48 MAXLENGTH=255 NAME="RELPATH"
294 dpavlin 1.4 VALUE="<?= $relPath ; ?>">
295 dpavlin 1.2 <br>
296     <INPUT TYPE="RESET" VALUE="UNDO ALL CHANGES">
297 dpavlin 1.1 <INPUT TYPE="SUBMIT" VALUE="SAVE">
298     </FORM>
299    
300     <?php
301 dpavlin 1.9 }
302 dpavlin 1.14 if ( !$file_lock && $ext!="" && strstr(join(' ',$gblImages),$ext) ) {
303 dpavlin 1.6 $info = getimagesize($fsPath) ;
304 dpavlin 1.9 $tstr = "<IMG SRC=\"".urlpath($relPath)."\" BORDER=0 " ;
305 dpavlin 1.6 $tstr .= $info[3] . " ALT=\"" . $fn . " - " ;
306     $tstr .= (int)(($fsize+1023)/1024) . "Kb\">" ;
307 dpavlin 1.9 // echo htmlentities($tstr) . "<BR><BR>" . $tstr ;
308     echo $tstr ;
309 dpavlin 1.1 }
310 dpavlin 1.6
311 dpavlin 1.1 ?>
312    
313 dpavlin 1.4 <FORM ACTION="<?= $self ; ?>" METHOD="POST">
314     <INPUT TYPE="HIDDEN" NAME="DIR" VALUE="<?= $relDir ; ?>">
315     <INPUT TYPE="HIDDEN" NAME="FN" VALUE="<?= $fn ; ?>">
316 dpavlin 1.1 <INPUT TYPE="SUBMIT" NAME="POSTACTION" VALUE="CANCEL"><BR>
317    
318     <?php
319 dpavlin 1.6
320     if ($file_lock) {
321     ?>
322     <hr>
323     <SPAN TITLE="Check OK and click UNLOCK to remove lock on file.">
324     <B>OK TO FORCE LOCK REMOVAL ON "<?= $fn ; ?>" HELD BY <?= $file_lock ?>? </B></SPAN>
325     <INPUT TYPE="CHECKBOX" NAME="CONFIRM">
326     <INPUT TYPE="SUBMIT" NAME="POSTACTION" VALUE="UNLOCK">
327     <?
328     } // file_lock
329    
330 dpavlin 1.2 if (substr($fn,0,4) == ".del") {
331     $action="UNDELETE";
332     $desc="undelete previously deleted file";
333     } else {
334     $action="DELETE";
335     $desc="delete";
336     }
337    
338 dpavlin 1.1 if ($exists && $writable) {
339     ?>
340    
341 dpavlin 1.4 <HR>
342     <a name="undelete">
343     <SPAN TITLE="Check OK and click [<?= $action ?>] to <?= $desc ?>.">
344     <B>OK TO <?= $action ?> "<?= $fn ; ?>"? </B></SPAN>
345 dpavlin 1.2 <INPUT TYPE="CHECKBOX" NAME="CONFIRM">
346     <INPUT TYPE="SUBMIT" NAME="POSTACTION" VALUE="<?= $action ?>">
347    
348 dpavlin 1.4 <HR>
349     <a name="rename">
350     <SPAN TITLE="Check OK and click [RENAME] to rename.">
351     <B>OK TO RENAME "<?= $fn ; ?>" TO
352 dpavlin 1.2 <INPUT TYPE="TEXT" SIZE=24 MAXLENGTH=255 NAME="NEWNAME" VALUE="<?= $fn ?>">
353     ? </B></SPAN>
354 dpavlin 1.1 <INPUT TYPE="CHECKBOX" NAME="CONFIRM">
355 dpavlin 1.2 <INPUT TYPE="SUBMIT" NAME="POSTACTION" VALUE="RENAME">
356 dpavlin 1.1
357 dpavlin 1.5 <?php
358     } // exists && writable
359     ?>
360 dpavlin 1.4 <HR>
361     <a name="note">
362     <B>NOTE FOR "<?= $fn ; ?>":
363     <INPUT TYPE="TEXT" SIZE=50 MAXLENGTH=255 NAME="NOTE" VALUE="<?= ReadNote($fsPath) ?>">
364     </B></SPAN>
365     <INPUT TYPE="SUBMIT" NAME="POSTACTION" VALUE="NOTE">
366    
367 dpavlin 1.5 </FORM>
368    
369 dpavlin 1.1 <?php
370 dpavlin 1.5
371 dpavlin 1.10 $name=basename("$fsDir/$fn");
372     $logname=dirname("$fsDir/$fn")."/.log/$name";
373     $bakdir=dirname("$fsDir/$fn")."/.bak";
374 dpavlin 1.2 if (file_exists($logname)) {
375     $log=fopen($logname,"r");
376     $cl1=" class=lst"; $cl2="";
377 dpavlin 1.10 $logarr = array();
378 dpavlin 1.2 while($line = fgetcsv($log,255,"\t")) {
379     $cl=$cl1; $cl1=$cl2; $cl2=$cl;
380 dpavlin 1.10 array_unshift($logarr,array($cl,$line[0],$line[1],$line[2],$line[3]));
381 dpavlin 1.2 }
382     fclose($log);
383 dpavlin 1.10 print "<hr><br><b>CHANGES TO THIS FILE</b><br><table border=0 width=100%>\n";
384     $bakcount = 0; // start from 0, skip fist backup (it's current)
385     while ($e = array_shift($logarr)) {
386     if (strstr($e[4],"upload")) {
387     if (file_exists("$bakdir/$bakcount/$name")) {
388     $e[4]="<a href=\"".dirname($relPath)."/.bak/$bakcount/$name\">$e[4]</a>";
389     }
390     $bakcount++;
391     }
392     print "<tr><td$e[0]>$e[1]</td><td$e[0]>$e[2]</td><td$e[0]>$e[3]</td><td$e[0]>$e[4]</td></tr>\n";
393     }
394 dpavlin 1.2 print "</table>";
395     }
396    
397 dpavlin 1.1 EndHTML() ;
398    
399     } // end function DetailPage
400    
401     //////////////////////////////////////////////////////////////////
402    
403     function DisplayCode($fsRoot,$relDir,$fn) {
404    
405     $path = $fsRoot . $relDir . "/" . $fn ;
406    
407     if (!file_exists($path)) Error("File not found",$path) ;
408    
409     StartHTML("(".$relDir."/".$fn.")","");
410    
411     $tstr = join("",file($path)) ;
412     $tstr = htmlentities($tstr) ;
413    
414     // Tabs
415     $tstr = str_replace(chr(9)," ",$tstr) ;
416    
417     // ASP tags & XML/PHP tags
418     $aspbeg = "<SPAN CLASS=XML>&lt;%</SPAN><SPAN CLASS=BLK>" ;
419     $aspend = "</SPAN><SPAN CLASS=XML>%&gt;</SPAN>" ;
420     $tstr = str_replace("&lt;%",$aspbeg,$tstr) ;
421     $tstr = str_replace("%&gt;",$aspend,$tstr) ;
422    
423     $xmlbeg = "<SPAN CLASS=XML>&lt;?</SPAN><SPAN CLASS=BLK>" ;
424     $xmlend = "</SPAN><SPAN CLASS=XML>?&gt;</SPAN>" ;
425     $tstr = str_replace("&lt;?",$xmlbeg,$tstr) ;
426     $tstr = str_replace("?&gt;",$xmlend,$tstr) ;
427    
428     // C style comment
429     $tstr = str_replace("/*","<SPAN CLASS=REM>/*",$tstr) ;
430     $tstr = str_replace("*/","*/</SPAN>",$tstr) ;
431    
432     // HTML comments
433     $tstr = str_replace("&lt;!--","<I CLASS=RED>&lt;!--",$tstr) ;
434     $tstr = str_replace("--&gt;","--&gt;</I>",$tstr) ;
435    
436     echo "<PRE>" ;
437    
438     $tstr = split("\n",$tstr) ;
439     for ($i = 0 ; $i < sizeof($tstr) ; ++$i) {
440     // add line numbers
441     echo "<BR><EM>" ;
442     echo substr(("000" . ($i+1)), -4) . ":</EM> " ;
443     $line = $tstr[$i] ;
444     // C++ style comments
445     $pos = strpos($line,"//") ;
446     // exceptions: two slashes aren't a script comment
447     if (strstr($line,"//") &&
448     ! ($pos>0 && substr($line,$pos-1,1)==":") &&
449     ! (substr($line,$pos,8) == "//--&gt;") &&
450     ! (substr($line,$pos,9) == "// --&gt;")) {
451     $beg = substr($line,0,strpos($line,"//")) ;
452     $end = strstr($line,"//") ;
453     $line = $beg."<SPAN CLASS=REM>".$end."</SPAN>";
454     }
455     // shell & asp style comments
456     $first = substr(ltrim($line),0,1) ;
457     if ($first == "#" || $first == "'") {
458     $line = "<SPAN CLASS=REM>".$line."</SPAN>";
459     }
460     print($line) ;
461     } // next i
462    
463     echo "</PRE>" ;
464    
465     EndHTML() ;
466    
467     } // end function DisplayCode
468    
469     //////////////////////////////////////////////////////////////////
470    
471     function MockIcon($txt) {
472     $tstr = "<SPAN CLASS=MCK>" ;
473    
474     switch (strtolower($txt)) {
475     case ".bmp" :
476     case ".gif" :
477     case ".jpg" :
478     case ".jpeg":
479     case ".tif" :
480     case ".tiff":
481     $d = 176 ;
482     break ;
483     case ".doc" :
484     $d = 50 ;
485     break ;
486     case ".exe" :
487     case ".bat" :
488     $d = 255 ;
489     break ;
490     case ".bas" :
491     case ".c" :
492     case ".cc" :
493     case ".src" :
494     $d = 255 ;
495     break ;
496     case "file" :
497     $d = 51 ;
498     break ;
499     case "fldr" :
500     $d = 48 ;
501     break ;
502     case ".htm" :
503     case ".html":
504     case ".asa" :
505     case ".asp" :
506     case ".cfm" :
507     case ".php3":
508     case ".php" :
509     case ".phtml" :
510     case ".shtml" :
511     $d = 182 ;
512     break ;
513     case ".pdf" :
514     $d = 38 ;
515     break;
516     case ".txt" :
517     case ".ini" :
518     $d = 52 ;
519     break ;
520     case ".xls" :
521     $d = 252 ;
522     break ;
523     case ".zip" :
524     case ".arc" :
525     case ".sit" :
526     case ".tar" :
527     case ".gz" :
528     case ".tgz" :
529     case ".Z" :
530     $d = 59 ;
531     break ;
532     case "view" :
533     $d = 52 ;
534     break ;
535     case "up" :
536     $d = 199 ;
537     break ;
538     case "blank" :
539     return "&nbsp;&nbsp;</SPAN>" ;
540     break ;
541     default :
542     $d = 51 ;
543     }
544    
545     return $tstr . chr($d) . "</SPAN>" ;
546     } // end function MockIcon
547    
548     //////////////////////////////////////////////////////////////////
549    
550     function GifIcon($txt) {
551     global $gblIconLocation ;
552    
553     switch (strtolower($txt)) {
554     case ".bmp" :
555     case ".gif" :
556     case ".jpg" :
557     case ".jpeg":
558     case ".tif" :
559     case ".tiff":
560     $d = "image2.gif" ;
561     break ;
562     case ".doc" :
563     $d = "layout.gif" ;
564     break ;
565     case ".exe" :
566     case ".bat" :
567     $d = "screw2.gif" ;
568     break ;
569     case ".bas" :
570     case ".c" :
571     case ".cc" :
572     case ".src" :
573     $d = "c.gif" ;
574     break ;
575     case "file" :
576     $d = "generic.gif" ;
577     break ;
578     case "fldr" :
579     $d = "dir.gif" ;
580     break ;
581     case ".phps" :
582     $d = "phps.gif" ;
583     break ;
584     case ".php3" :
585     $d = "php3.gif" ;
586     break ;
587     case ".htm" :
588     case ".html":
589     case ".asa" :
590     case ".asp" :
591     case ".cfm" :
592     case ".php3":
593     case ".php" :
594     case ".phtml" :
595     case ".shtml" :
596     $d = "world1.gif" ;
597     break ;
598     case ".pdf" :
599     $d = "pdf.gif" ;
600     break;
601     case ".txt" :
602     case ".ini" :
603     $d = "text.gif" ;
604     break ;
605     case ".xls" :
606     $d = "box2.gif" ;
607     break ;
608     case ".zip" :
609     case ".arc" :
610     case ".sit" :
611     case ".tar" :
612     case ".gz" :
613     case ".tgz" :
614     case ".Z" :
615     $d = "compressed.gif" ;
616     break ;
617     case "view" :
618     $d = "index.gif" ;
619     break ;
620     case "up" :
621     $d = "back.gif" ;
622     break ;
623     case "blank" :
624     $d = "blank.gif" ;
625     break ;
626 dpavlin 1.4 case "checkout":
627 dpavlin 1.6 $d = "box2.gif";
628 dpavlin 1.4 break;
629     case "checkin":
630 dpavlin 1.6 $d = "hand.up.gif";
631     break;
632     case "locked":
633     $d = "screw2.gif";
634 dpavlin 1.4 break;
635     case "note":
636     $d = "quill.gif";
637     break;
638 dpavlin 1.1 default :
639     $d = "generic.gif" ;
640     }
641    
642     return "<IMG SRC=\"$gblIconLocation" . $d . "\" BORDER=0>" ;
643     } // end function GifIcon
644    
645     //////////////////////////////////////////////////////////////////
646    
647     function Navigate($fsRoot,$relDir) {
648    
649 dpavlin 1.15 global $gblEditable, $gblIcon, $gblModDays ;
650 dpavlin 1.1
651     $self = $GLOBALS["PHP_SELF"] ;
652 dpavlin 1.2 if (isset($GLOBALS["HTTPS"]) && $GLOBALS["HTTPS"] == "on") {
653     $webRoot = "https://" . $GLOBALS["SERVER_NAME"] ;
654     } else {
655     $webRoot = "http://" . $GLOBALS["SERVER_NAME"] ;
656     }
657 dpavlin 1.1 $fsDir = $fsRoot . $relDir . "/" ; // current directory
658    
659     if (!is_dir($fsDir)) Error("Dir not found",$relDir) ;
660    
661     // read directory contents
662     if ( !($dir = @opendir($fsDir)) )
663     Error("Read Access denied",$relDir) ;
664     while ($item = readdir($dir)) {
665 dpavlin 1.2 if ( $item == ".." || $item == "." || substr($item,0,1) == "." ) continue ;
666 dpavlin 1.1 if ( is_dir($fsDir . $item) ) {
667     $dirList[] = $item ;
668 dpavlin 1.2 } else if ( is_file($fsDir . $item) ) {
669 dpavlin 1.1 $fileList[] = $item ;
670 dpavlin 1.2 } else if ( is_link($fsDir . $item) ) {
671     $dirList[] = $item ;
672     } else {
673 dpavlin 1.1 // unknown file type
674     // $text = "Could not determine file type of " ;
675     // Error("File Error", $text.$relDir."/".$item) ;
676     // exit ;
677     }
678     }
679     closedir($dir) ;
680 dpavlin 1.2
681     // scan deleted files
682     if ( $GLOBALS[show_deleted] == 1 && ($dir = @opendir("$fsDir/.del")) ) {
683     while ($item = readdir($dir)) {
684     if ( substr($item,0,1) == "." ) continue ;
685     $fileList[] = ".del/$item" ;
686     }
687     closedir($dir) ;
688     }
689    
690 dpavlin 1.1 $emptyDir = ! (sizeof($dirList) || sizeof($fileList)) ;
691    
692     // start navigation page
693 dpavlin 1.2 $text = "Use this page to add, delete";
694     if (! isset($show_deleted)) {
695 dpavlin 1.6 $text .= ", <a href=$self?D=".urlencode($relDir)."&show_deleted=1>undelete</a>";
696 dpavlin 1.2 }
697     $text .= " or revise files on this web site." ;
698 dpavlin 1.1 StartHTML("(Navigate)",$text) ;
699    
700     echo "<TABLE BORDER=0 CELLPADDING=2
701     CELLSPACING=3 WIDTH=\"100%\">" ;
702    
703     // updir bar
704     if ($fsDir != $fsRoot) {
705     $parent = dirname($relDir) ;
706     if ($parent == "") $parent = "/" ;
707     ?>
708    
709 dpavlin 1.4 <TR><TD><?= $gblIcon("up") ?></TD><TD COLSPAN=5 CLASS=LST>
710     <A HREF="<?= $self ?>?D=<?= urlencode($parent) ?>">
711     <B><?= $parent ?></B></A></TD></TR>
712 dpavlin 1.1
713     <?php
714     }
715    
716     // output subdirs
717     if (sizeof($dirList) > 0) {
718     sort($dirList) ;
719     ?>
720    
721 dpavlin 1.4 <TR><TD></TD><TD COLSPAN=5 CLASS=TOP><HR>DIRECTORY NAME</TD></TR>
722 dpavlin 1.1
723     <?php
724     while (list($key,$dir) = each($dirList)) {
725    
726     $tstr = "<A HREF=\"" . $self . "?D=" ;
727     $tstr .= urlencode($relDir."/".$dir) ;
728     $tstr .= "\">" . $dir . "/</A>" ;
729     ?>
730    
731 dpavlin 1.4 <TR><TD><?= $gblIcon("fldr") ?></TD>
732     <TD COLSPAN=5 CLASS=LST><?= $tstr ?></TD></TR>
733 dpavlin 1.1
734     <?php
735     } // iterate over dirs
736     } // end if no dirs
737     ?>
738    
739 dpavlin 1.4 <TR><TD></TD><TD COLSPAN=5><HR><B><?= $webRoot . $relDir ?>
740 dpavlin 1.1 </B></TD></TR>
741     <TR><TD></TD><TD CLASS=TOP>DOCUMENT NAME</TD>
742 dpavlin 1.6 <TD><?= $gblIcon("blank").$gblIcon("blank") ?></TD>
743 dpavlin 1.4 <TD CLASS=TOP>NOTE</TD>
744 dpavlin 1.1 <TD CLASS=TOP>LAST UPDATE</TD><TD CLASS=TOP>FILE SIZE</TD></TR>
745    
746     <?php
747     if (sizeof($fileList) > 0) {
748     sort($fileList) ;
749     while (list($key,$file) = each($fileList)) {
750 dpavlin 1.4 $path = $fsDir."/".$file ;
751     $mod = filemtime($path) ;
752     $sz = filesize($path) ;
753    
754     if ($sz >= 10240) {
755     $sz = (int)(($sz+1023)/1024) . " k" ;
756     } else {
757     $sz .= " " ;
758     } // end size
759 dpavlin 1.1
760 dpavlin 1.4 $a = $b = "" ;
761    
762     $info_url=$self."?A=E&F=".urlencode($file)."&D=".urlencode($relDir);
763    
764 dpavlin 1.14 if ( ($mod + $gblModDays*86400) > time() ) {
765 dpavlin 1.4 $a = "<SPAN CLASS=RED TITLE=\"Newer" ;
766 dpavlin 1.14 $a .= " than $gblModDays days\"> * </SPAN>" ;
767 dpavlin 1.4 }
768    
769 dpavlin 1.6 $file_lock=CheckLock($path);
770    
771     $file_url_html="<A HREF=\"$self?A=V&F=".urlencode($file);
772     $file_url_html.="&D=".urlencode($relDir);
773     $file_url_html.="\" TITLE=\"View file\">" ;
774 dpavlin 1.2
775     if (substr($file,0,5) != ".del/") {
776 dpavlin 1.6 $file_url_html .= $file . "</A>" . $a ;
777 dpavlin 1.2 } else {
778 dpavlin 1.6 $file_url_html .= substr($file,5,strlen($file)-5) . "</a> <SPAN CLASS=RED TITLE=\"deleted\"> <a href=\"$info_url#undelete\">deleted</a> </span>";
779 dpavlin 1.4 }
780    
781 dpavlin 1.6 $note_html="<a href=\"$info_url#note\">".$gblIcon("note")."</a>".ReadNote($path);
782 dpavlin 1.4
783     $ext = strtolower(strrchr($file,".")) ;
784 dpavlin 1.6
785     if ($file_lock) {
786     if ($file_lock == $GLOBALS[gblUserName]) {
787     $b.="<A HREF=\"$self?A=Ci&F=".urlencode($file);
788     $b.="&D=".urlencode($relDir);
789     $b.="\" TITLE=\"Checkin (update) file on server\">" ;
790     $file_url_html=$b;
791     $b.=$gblIcon("checkin")."</A>" ;
792     $b.= $gblIcon("blank");
793     $file_url_html.="$file</a> $a";
794     $note_html = $gblIcon("blank")."<b>Please check-in (update) this file</b>";
795     } else {
796     $b = $gblIcon("locked");
797     $b.= $gblIcon("blank");
798     $note_html = $gblIcon("blank")."<b>File locked by $file_lock</b>";
799     $file_url_html = "$file $a";
800     }
801 dpavlin 1.4 } else {
802 dpavlin 1.6 $b.="<A HREF=\"$self?A=Co&F=".urlencode($file);
803     $b.="&D=".urlencode($relDir);
804     $b.="\" TITLE=\"Checkout file for edit\">" ;
805     $b.=$gblIcon("checkout")."</A>" ;
806    
807     if ( $ext=="" || strstr(join(" ",$gblEditable),$ext) ) {
808     $b.="<A HREF=\"$self?A=C&F=".urlencode($file);
809     $b.="&D=".urlencode($relDir);
810     $b.="\" TITLE=\"List contents\">" ;
811     $b.=$gblIcon("view")."</A>" ;
812     } else {
813     $b.= $gblIcon("blank");
814     }
815 dpavlin 1.2 }
816 dpavlin 1.1
817    
818     ?>
819    
820     <TR><TD>
821 dpavlin 1.4 <A HREF="<?= $info_url ?>" TITLE="View/Edit">
822     <?= $gblIcon($ext) ?></A></TD>
823 dpavlin 1.6 <TD CLASS=LST><?= $file_url_html ?></TD>
824 dpavlin 1.4 <TD CLASS=LST ALIGN=center><?= $b ?></TD>
825 dpavlin 1.6 <TD CLASS=LST ALIGN=left><?= $note_html ?></TD>
826 dpavlin 1.4 <TD CLASS=LST><?= date("$GLOBALS[gblDateFmt] $GLOBALS[gblTimeFmt]",$mod) ?></TD>
827     <TD CLASS=LST><?= $sz ?>Bytes</TD></TR>
828 dpavlin 1.1
829     <?php
830     } // iterate over files
831     } // end if no files
832    
833     if ($emptyDir) {
834     ?>
835    
836 dpavlin 1.4 <FORM METHOD="POST" ACTION="<?= $self ?>">
837     <TR><TD></TD><TD COLSPAN=5 CLASS=BAR>
838     <INPUT TYPE="HIDDEN" NAME="DIR" VALUE="<?= $relDir ?>">
839 dpavlin 1.1 OK TO DELETE THIS EMPTY FOLDER?
840     <INPUT TYPE="CHECKBOX" NAME="CONFIRM">
841     <INPUT TYPE="SUBMIT" NAME="POSTACTION" VALUE="DELETE">
842     </TD></TR>
843     </FORM>
844    
845     <?php
846     } // end if emptyDir
847     ?>
848    
849 dpavlin 1.4 <TR><TD></TD><TD COLSPAN=5><HR></TD></TR>
850 dpavlin 1.1
851 dpavlin 1.6 <TR><TD></TD><TD COLSPAN=5>
852 dpavlin 1.13 <?
853     if (file_exists(".info.inc")) {
854     include(".info.inc");
855     }
856     ?>
857 dpavlin 1.6 </TD></TR>
858    
859     <TR><TD></TD><TD COLSPAN=5><HR></TD></TR>
860    
861 dpavlin 1.4 <FORM METHOD="POST" ACTION="<?= $self ?>">
862     <TR><TD></TD><TD COLSPAN=5 CLASS=BAR>CREATE NEW
863 dpavlin 1.1 <INPUT TYPE="RADIO" NAME="T" VALUE="D" CHECKED>DIRECTORY -OR-
864     <INPUT TYPE="RADIO" NAME="T" VALUE="F">FILE : &nbsp;&nbsp;
865     <NOBR>NAME <INPUT TYPE="TEXT" NAME="FN" SIZE=14>
866     <INPUT TYPE="HIDDEN" NAME="POSTACTION" VALUE="CREATE">
867 dpavlin 1.4 <INPUT TYPE="HIDDEN" NAME="DIR" VALUE="<?= $relDir ?>">
868 dpavlin 1.1 <INPUT TYPE="SUBMIT" VALUE="CREATE"></NOBR>
869 dpavlin 1.9 <NOBR>OR <A HREF="<?= $self ?>?A=U&D=<?= urlencode($relDir) ?>">UPLOAD</A> A FILE
870 dpavlin 1.1 </NOBR>
871     </TD></TR>
872     </FORM>
873     </TABLE>
874    
875     <?php
876     EndHTML() ;
877     } // end function Navigate
878    
879     //////////////////////////////////////////////////////////////////
880    
881 dpavlin 1.6 function UploadPage($fsRoot, $relDir, $filename) {
882 dpavlin 1.1
883     $self = $GLOBALS["PHP_SELF"] ;
884     if ($relDir == "") $relDir = "/" ;
885     ?>
886    
887     <P><TABLE BORDER=0 CELLPADDING=5><TR><TD WIDTH=5></TD><TD CLASS=BAR>
888     <FORM ENCTYPE="multipart/form-data" METHOD="POST"
889 dpavlin 1.4 ACTION="<?= $self ?>">
890     DESTINATION DIRECTORY:<B><?= " " . $relDir ?></B>
891 dpavlin 1.6 <? if (isset($filename)) { ?>
892     <br>DESTINATION FILE:<B><?= " " . $filename ?></B>
893     <INPUT TYPE="HIDDEN" NAME="FILENAME" VALUE="<?= $filename ?>">
894     <? } ?>
895 dpavlin 1.1 <P>PATHNAME OF LOCAL FILE<BR>
896 dpavlin 1.4 <INPUT TYPE="HIDDEN" NAME="DIR" VALUE="<?= $relDir ?>">
897 dpavlin 1.1 <INPUT TYPE="HIDDEN" NAME="POSTACTION" VALUE="UPLOAD">
898     <INPUT SIZE=30 TYPE="FILE" NAME="FN"></P>
899     <P><INPUT TYPE="SUBMIT" VALUE="UPLOAD"></P>
900     <P>If the <B>[BROWSE...]</B> button is not displayed,<BR>
901     you must upgrade to an RFC1867-compliant browser.</P>
902 dpavlin 1.4 <P>Your browser:<BR><?= $GLOBALS["HTTP_USER_AGENT"] ?></P>
903 dpavlin 1.1 </FORM>
904     </TD></TR>
905     <TR><TD></TD><TD>
906 dpavlin 1.4 <FORM METHOD="POST" ACTION="<?= $self ?>">
907     <INPUT TYPE="HIDDEN" NAME="DIR" VALUE="<?= $relDir ?>"><BR>
908 dpavlin 1.1 <INPUT TYPE="SUBMIT" NAME="POSTACTION" VALUE="CANCEL">
909     </FORM>
910     </TD></TR></TABLE></P>
911    
912     <?php
913     } // end function UploadPage
914    
915     //////////////////////////////////////////////////////////////////
916    
917     function Error($title,$text="") {
918     StartHTML("(".$title.")",$text) ;
919     echo "<P ALIGN=center>Hit your Browser's Back Button.</P>" ;
920     EndHTML() ;
921     exit ;
922     } // end function Error
923    
924     //////////////////////////////////////////////////////////////////
925    
926     function CreateHash($user, $pw) {
927    
928     global $gblHash ; // hash function to use
929    
930     if ($user == "" || $pw == "") {
931     $text = "either no password or no username supplied" ;
932     Error("Create Hash",$text) ;
933     }
934     $title = "(Create Hash)" ;
935     StartHTML($title) ;
936     echo "<P ALIGN=center>" ;
937     echo "<BLOCKQUOTE>Copy the value below and paste it " ;
938     echo "into the<BR>value for \$gblPw in the source of " ;
939     echo "this file<BR><BR><B>" . $gblHash($user.$pw) ;
940     echo "</B><BR><BR>Hash function: " . $gblHash ;
941     echo "</BLOCKQUOTE></P>" ;
942     EndHTML() ;
943     exit ;
944    
945     } // end function CreateHash
946    
947     //////////////////////////////////////////////////////////////////
948    
949     function NoEntry() {
950    
951     $user = $GLOBALS["PHP_AUTH_USER"] ;
952     $pw = $GLOBALS["PHP_AUTH_PW"] ;
953     $self = $GLOBALS["PHP_SELF"] ;
954    
955     $title = "(401 Unauthorized)" ;
956     $text = "No trespassing !" ;
957     StartHTML($title,$text) ;
958     ?>
959    
960 dpavlin 1.4 <FORM ACTION="<?= $self ?>?HASH=create" METHOD="POST">
961     <INPUT TYPE="HIDDEN" NAME="USER" VALUE="<?= $user ?>">
962     <INPUT TYPE="HIDDEN" NAME="PW" VALUE="<?= $pw ?>">
963 dpavlin 1.1
964     <BLOCKQUOTE><B>If you are a site administrator:</B><BR><BR>
965     Click below to <B>generate a password hash</B><BR>from
966     the username-password pair you just<BR>entered. Then include the hash in
967     the source<BR>of this file.<BR><BR>
968     <INPUT TYPE="SUBMIT" VALUE="CREATE HASH">
969     </BLOCKQUOTE></FORM>
970    
971     <?php
972     EndHTML() ;
973     exit ;
974     }
975    
976     //////////////////////////////////////////////////////////////////
977    
978 dpavlin 1.2 function Logit($target,$msg) {
979    
980     $dir=dirname($target);
981     if (! file_exists($dir."/.log")) {
982     mkdir($dir."/.log",0700);
983     }
984     $file=basename($target);
985    
986     $log=fopen("$dir/.log/$file","a+");
987     fputs($log,date("$GLOBALS[gblDateFmt]\t$GLOBALS[gblTimeFmt]").
988     "\t$GLOBALS[gblUserName]\t$msg\n");
989     fclose($log);
990    
991     }
992    
993    
994 dpavlin 1.4 //////////////////////////////////////////////////////////////////
995    
996     function WriteNote($target,$msg) {
997    
998     $dir=dirname($target);
999     if (! file_exists($dir."/.note")) {
1000     mkdir($dir."/.note",0700);
1001     }
1002     $file=basename($target);
1003    
1004     $note=fopen("$dir/.note/$file","w");
1005     fputs($note,"$msg\n");
1006     fclose($note);
1007    
1008     Logit($target,"added note $msg");
1009    
1010     }
1011    
1012     function ReadNote($target) {
1013    
1014     $dir=dirname($target);
1015     $file=basename($target);
1016     $msg="";
1017     if (file_exists($dir."/.note/$file")) {
1018     $note=fopen("$dir/.note/$file","r");
1019     $msg=fgets($note,4096);
1020     fclose($note);
1021     }
1022 dpavlin 1.6 return StripSlashes($msg);
1023 dpavlin 1.4
1024     }
1025    
1026     //////////////////////////////////////////////////////////////////
1027    
1028     function MoveTo($source,$folder) {
1029    
1030     $file=basename($source);
1031     if (! file_exists($folder)) {
1032     mkdir($folder,0700);
1033     }
1034     if (file_exists($source)) {
1035     rename($source,"$folder/$file");
1036     }
1037     }
1038 dpavlin 1.2
1039     //////////////////////////////////////////////////////////////////
1040    
1041 dpavlin 1.6 function Lock($target) {
1042    
1043     $dir=dirname($target);
1044     if (! file_exists($dir."/.lock")) {
1045     mkdir($dir."/.lock",0700);
1046     }
1047     $file=basename($target);
1048    
1049     if (file_exists("$dir/.lock/$file")) {
1050     Logit($target,"attempt to locked allready locked file!");
1051     } else {
1052     $lock=fopen("$dir/.lock/$file","w");
1053     fputs($lock,"$GLOBALS[gblUserName]\n");
1054     fclose($lock);
1055    
1056     Logit($target,"file locked");
1057     }
1058    
1059     }
1060    
1061     function CheckLock($target) {
1062    
1063     $dir=dirname($target);
1064     $file=basename($target);
1065     $msg=0;
1066     if (file_exists($dir."/.lock/$file")) {
1067     $lock=fopen("$dir/.lock/$file","r");
1068     $msg=fgets($lock,4096);
1069     fclose($lock);
1070     }
1071     return chop($msg);
1072    
1073     }
1074    
1075     function Unlock($target) {
1076    
1077     $dir=dirname($target);
1078     $file=basename($target);
1079     if (file_exists($dir."/.lock/$file")) {
1080     unlink("$dir/.lock/$file");
1081     Logit($target,"file unlocked");
1082     } else {
1083     Logit($target,"attempt to unlocked non-locked file!");
1084     }
1085    
1086     }
1087    
1088     //////////////////////////////////////////////////////////////////
1089    
1090 dpavlin 1.9 function urlpath($url) {
1091 dpavlin 1.8 $url=urlencode(StripSlashes("$url"));
1092 dpavlin 1.7 $url=str_replace("%2F","/",$url);
1093     $url=str_replace("+","%20",$url);
1094 dpavlin 1.9 return($url);
1095 dpavlin 1.7 }
1096    
1097     //////////////////////////////////////////////////////////////////
1098    
1099 dpavlin 1.8 function safe_rename($from,$to) {
1100     if (file_exists($from) && is_writable(dirname($to))) {
1101     rename($from,$to);
1102     }
1103     }
1104    
1105     //////////////////////////////////////////////////////////////////
1106    
1107 dpavlin 1.16 // recursivly delete directory
1108    
1109     function rrmdir($dir) {
1110     $handle=opendir($dir);
1111     while ($file = readdir($handle)) {
1112     if ($file != "." && $file != "..") {
1113     if (is_dir("$dir/$file"))
1114     rrmdir("$dir/$file");
1115     else
1116     if (! @unlink("$dir/$file")) return(0);
1117     }
1118     }
1119     closedir($handle);
1120     return @rmdir($dir);
1121     }
1122    
1123     //////////////////////////////////////////////////////////////////
1124    
1125 dpavlin 1.1 // MAIN PROGRAM
1126     // ============
1127     // query parameters: capital letters
1128     // local functions : begin with capital letters
1129     // global constants: begin with gbl
1130    
1131 dpavlin 1.2 $gblFilePerms = 0640 ; // default for new files
1132     $gblDirPerms = 0750 ; // default for new dirs
1133 dpavlin 1.1
1134     // phpinfo() ;
1135     // exit ;
1136    
1137     // forks before authentication: style sheet and hash
1138     // creation if password not yet set.
1139     if ($STYLE == "get") { CSS() ; exit ; }
1140     if ($HASH != "") {
1141     CreateHash($USER, $PW) ;
1142     exit ;
1143     }
1144    
1145     // authentication if $gblAuth == true
1146 dpavlin 1.2 if ( $gblAuth && $gblHash($PHP_AUTH_USER.$PHP_AUTH_PW) != $gblPw ||
1147     isset($relogin) && $gblPw == $relogin ) {
1148 dpavlin 1.1 header("WWW-authenticate: basic realm=\"$SERVER_NAME\"") ;
1149     header("HTTP/1.0 401 Unauthorized") ;
1150     NoEntry() ;
1151     exit ;
1152     }
1153    
1154     // get current directory relative to $gblFsRoot
1155     $relDir = $DIR ; // from POST
1156     if ($relDir == "") { // not defined in POST ?
1157     $relDir = urldecode($D) ; // then use GET
1158     }
1159    
1160     if ($relDir == "/") $relDir = "" ;
1161     // default : website root = ""
1162    
1163     if (strstr($relDir,"..")) Error("No updirs allowed");
1164    
1165     // full paths contain "fs" or "Fs". Paths realitve to root of
1166     // website contain "rel" or "Rel". The script won't let you
1167     // edit anything above directory equal to http://server.com
1168     // i.e. below $gblFsRoot.
1169    
1170     $relScriptDir = dirname($SCRIPT_NAME) ;
1171     // i.e. /siteman
1172    
1173     $fsScriptDir = dirname($SCRIPT_FILENAME) ;
1174     // i.e. /home/httpd/html/siteman
1175    
1176     $gblFsRoot = substr($fsScriptDir,0,
1177     strlen($fsScriptDir)-strlen($relScriptDir)) ;
1178     // i.e. /home/httpd/html
1179    
1180     $fsDir = $gblFsRoot . $relDir ; // current directory
1181     if ( !is_dir($fsDir) ) Error("Dir not found",$relDir) ;
1182    
1183     switch ($POSTACTION) {
1184     case "UPLOAD" :
1185 dpavlin 1.2 if (!is_writeable($fsDir)) Error("Write denied",$relDir) ;
1186 dpavlin 1.1 if (strstr($FN_name,"/"))
1187     Error("Non-conforming filename") ;
1188     // TODO : should rather check for escapeshellcmds
1189     // but maybe RFC 18xx asserts safe filenames ....
1190     $source = $FN ;
1191 dpavlin 1.6 if (! isset($FILENAME)) { // from update file
1192     $target = "$fsDir/$FN_name" ;
1193     } else {
1194     $target = "$fsDir/$FILENAME";
1195     }
1196 dpavlin 1.2
1197     // backup old files first
1198     $dir=dirname($target);
1199     if (! file_exists($dir."/.bak")) {
1200     mkdir($dir."/.bak",0700);
1201     }
1202     if (! file_exists($dir."/.bak/$GLOBALS[gblNumBackups]")) {
1203     mkdir($dir."/.bak/$GLOBALS[gblNumBackups]",0700);
1204     }
1205     $file=basename($target);
1206     for($i=$GLOBALS[gblNumBackups]-1;$i>0;$i--) {
1207 dpavlin 1.4 MoveTo("$dir/.bak/$i/$file","$dir/.bak/".($i+1)."/");
1208 dpavlin 1.2 }
1209 dpavlin 1.6 MoveTo($target,$dir."/.bak/1/");
1210 dpavlin 1.2
1211     copy($source,$target) ;
1212     chmod($target,$gblFilePerms) ;
1213 dpavlin 1.1 clearstatcache() ;
1214 dpavlin 1.2 Logit($target,"uploaded");
1215 dpavlin 1.6 if (isset($FILENAME)) {
1216     Unlock($target);
1217     }
1218 dpavlin 1.1 break ;
1219    
1220     case "SAVE" :
1221 dpavlin 1.17 $path = $gblFsRoot . $RELPATH ;
1222 dpavlin 1.2 $writable = is_writeable($path) ;
1223     $legaldir = is_writeable(dirname($path)) ;
1224 dpavlin 1.1 $exists = (file_exists($path)) ? 1 : 0 ;
1225     // check for legal extension here as well
1226     if (!($writable || (!$exists && $legaldir)))
1227     Error("Write denied",$RELPATH) ;
1228     $fh = fopen($path, "w") ;
1229     fwrite($fh,$FILEDATA) ;
1230     fclose($fh) ;
1231     clearstatcache() ;
1232 dpavlin 1.2 Logit($path,"saved changes");
1233 dpavlin 1.1 break ;
1234    
1235     case "CREATE" :
1236     // we know $fsDir exists
1237 dpavlin 1.2 if ($FN == "") break; // no filename!
1238     if (!is_writeable($fsDir)) Error("Write denied",$relDir) ;
1239 dpavlin 1.1 $path = $fsDir . "/" . $FN ; // file or dir to create
1240     $relPath = $relDir . "/" . $FN ;
1241     switch ( $T ) {
1242     case "D" : // create a directory
1243 dpavlin 1.6 if ( ! @mkdir($path,$gblDirPerms) )
1244     Error("Mkdir failed",$relPath) ; // eg. if it exists
1245     clearstatcache() ;
1246     break ;
1247 dpavlin 1.1 case "F" : // create a new file
1248     // this functionality is doubled in DetailView().
1249     // better keep it here altogether
1250     // chmod perms to $gblFilePerms
1251 dpavlin 1.6 if ( file_exists($path) && !is_writable($path) )
1252     Error("File not writable", $relPath) ;
1253     $fh = fopen($path, "w+") ;
1254     if ($fh) {
1255     fputs($fh,"\n");
1256     fclose($fh) ;
1257     LogIt($path,"file created");
1258     } else {
1259     Error("Creation of file $relPath failed -- $path");
1260     }
1261     $tstr = "$PHP_SELF?A=E&D=".urlencode($relDir)."&F=".urlencode($FN) ;
1262     header("Location: " . $tstr) ;
1263     exit ;
1264 dpavlin 1.1 }
1265     break ;
1266    
1267     case "DELETE" :
1268     if ( $CONFIRM != "on" ) break ;
1269    
1270     $tstr = "Attempt to delete non-existing object or " ;
1271     $tstr .= "insufficient privileges: " ;
1272    
1273     if ( $FN != "") { // delete file
1274 dpavlin 1.2 $path = $fsDir . "/" . $FN ;
1275    
1276     $dir=dirname($path);
1277     $file=basename($path);
1278     if (! file_exists("$dir/.del")) {
1279     mkdir("$dir/.del",0700);
1280     }
1281    
1282     // if ( ! @unlink($path) ) {
1283     if ( ! rename($path,"$dir/.del/$file") ) {
1284     Error("File delete failed", $tstr . $path) ;
1285     Logit($path,"file delete failed");
1286     exit ;
1287     } else {
1288     Logit($path,"file deleted");
1289 dpavlin 1.4 MoveTo("$dir/.log/$file","$dir/.del/.log/");
1290     MoveTo("$dir/.note/$file","$dir/.del/.note/");
1291 dpavlin 1.6 MoveTo("$dir/.lock/$file","$dir/.del/.lock/");
1292 dpavlin 1.2 }
1293 dpavlin 1.1 }
1294     else { // delete directory
1295 dpavlin 1.16 if ( ! @rrmdir($fsDir) ) {
1296 dpavlin 1.1 Error("Rmdir failed", $tstr . $fsDir) ;
1297     }
1298     else {
1299     $relDir = dirname($relDir) ; // move up
1300     }
1301     }
1302     break ;
1303    
1304 dpavlin 1.2 case "UNDELETE" :
1305     if ( $CONFIRM != "on" ) break ;
1306    
1307     if (substr($FN,0,4) != ".del") break ;
1308     $file=substr($FN,4,strlen($FN)-4);
1309    
1310     Logit("$fsDir/.del/$file","undeleted");
1311 dpavlin 1.4 MoveTo("$fsDir/.del/$file","$fsDir/");
1312     MoveTo("$fsDir/.del/.log/$file","$fsDir/.log/");
1313     MoveTo("$fsDir/.del/.note/$file","$fsDir/.note/");
1314 dpavlin 1.6 MoveTo("$fsDir/.del/.lock/$file","$fsDir/.lock/");
1315 dpavlin 1.2
1316     break ;
1317    
1318     case "RENAME" :
1319     if ( $CONFIRM != "on" ) break ;
1320    
1321     Logit("$fsDir/$FN","renamed $FN to $NEWNAME");
1322 dpavlin 1.8 safe_rename("$fsDir/$FN","$fsDir/$NEWNAME");
1323     safe_rename("$fsDir/.log/$FN","$fsDir/.log/$NEWNAME");
1324     safe_rename("$fsDir/.note/$FN","$fsDir/.note/$NEWNAME");
1325     safe_rename("$fsDir/.lock/$FN","$fsDir/.lock/$NEWNAME");
1326 dpavlin 1.11 for($i=0;$i<=$GLOBALS[gblNumBackups];$i++) {
1327     safe_rename("$fsDir/.bak/$i/$FN","$fsDir/.bak/$i/$NEWNAME");
1328     }
1329 dpavlin 1.2
1330 dpavlin 1.4 break ;
1331    
1332     case "NOTE" :
1333     WriteNote("$fsDir/$FN","$NOTE");
1334 dpavlin 1.2 break ;
1335    
1336 dpavlin 1.6 case "UNLOCK" :
1337     if ( $CONFIRM != "on" ) break ;
1338     Unlock("$fsDir/$FN");
1339     break ;
1340    
1341 dpavlin 1.1 default :
1342     // user hit "CANCEL" or undefined action
1343     }
1344    
1345     // common to all POSTs : redirect to directory view ($relDir)
1346     if ( $POSTACTION != "" ) {
1347     $tstr = $PHP_SELF . "?D=" . urlencode($relDir) ;
1348     header("Location: " . $tstr) ;
1349     exit ;
1350     }
1351    
1352     // check for mode.. navigate, code display, upload, or detail?
1353     // $A=U : upload to path given in $D
1354     // $A=E : display detail of file $D/$F and edit
1355     // $A=C : display code in file $D/$F
1356 dpavlin 1.6 // $A=Co : checkout file $D/$F
1357     // $A=Ci : checkin file $D/$F
1358     // $A=V : view file (do nothing except log)
1359 dpavlin 1.1 // default : display directory $D
1360    
1361     switch ($A) {
1362     case "U" :
1363     // upload to $relDir
1364 dpavlin 1.2 if (!is_writeable($gblFsRoot . $relDir))
1365 dpavlin 1.1 Error("Write access denied",$relDir) ;
1366     $text = "Use this page to upload a single " ;
1367     $text .= "file to <B>$SERVER_NAME</B>." ;
1368     StartHTML("(Upload Page)", $text) ;
1369     UploadPage($gblFsRoot, $relDir) ;
1370     EndHTML() ;
1371     exit ;
1372     case "E" :
1373     // detail of $relDir/$F
1374 dpavlin 1.2 if (is_file("$gblFsRoot/$relDir/$F")) DetailPage($gblFsRoot, $relDir, $F) ;
1375 dpavlin 1.1 exit ;
1376     case "C" :
1377     // listing of $relDir/$F
1378     DisplayCode($gblFsRoot, $relDir, $F) ;
1379     exit ;
1380 dpavlin 1.6 case "Co" :
1381     // checkout
1382     Lock("$gblFsRoot/$relDir/$F");
1383 dpavlin 1.12 header("Content-Disposition: attachment; filename=$F" );
1384 dpavlin 1.9 Header("Location: ".urlpath("$relDir/$F"));
1385 dpavlin 1.6 exit;
1386     case "Ci" :
1387     // upload && update to $relDir
1388     if (!is_writeable($gblFsRoot . $relDir))
1389     Error("Write access denied",$relDir) ;
1390     $text = "Use this page to update a single " ;
1391     $text .= "file to <B>$SERVER_NAME</B>." ;
1392     StartHTML("(Update file Page)", $text) ;
1393     UploadPage($gblFsRoot, $relDir, $F) ;
1394     EndHTML() ;
1395     exit ;
1396     case "V" :
1397     // view
1398 dpavlin 1.9 LogIt("$gblFsRoot/$relDir/$F","viewed");
1399 dpavlin 1.12 header("Content-Disposition: attachment; filename=$F" );
1400 dpavlin 1.9 Header("Location: ".urlpath("$relDir/$F"));
1401 dpavlin 1.6 exit;
1402 dpavlin 1.1 }
1403    
1404     // default: display directory $relDir
1405     Navigate($gblFsRoot,$relDir) ;
1406     exit ;
1407    
1408     Error("Whooah!","By cartesian logic, this never happens") ;
1409     ?>

  ViewVC Help
Powered by ViewVC 1.1.26