/[docman]/docman.php
This is repository of my old source code which isn't updated any more. Go to git.rot13.org for current projects!
ViewVC logotype

Annotation of /docman.php

Parent Directory Parent Directory | Revision Log Revision Log


Revision 1.2 - (hide annotations)
Wed Jul 26 11:46:19 2000 UTC (23 years, 8 months ago) by dpavlin
Branch: MAIN
Changes since 1.1: +249 -69 lines
nuked exec calls (unsecure)
nuked writeable function (replaced by php is_writeable)
added support for https (tested with apache+mod_ssl)
added users file
date format user-selectable
cycle backup files in bak directory
support links as directoryes (for now)
support of file history logging
undelete capabilities (delete moves to .del directory)
added more checking on entered filename (when creating file/dir)
added rename option

1 dpavlin 1.1 <?php
2    
3     /* Copyright 1999 by John Martin d/b/a www.ANYPORTAL.com */
4     /* All Rights Reserved. */
5     /* */
6     /* This software is freeware and is not in the public domain. */
7     /* You are hereby granted the right to freely distribute this */
8     /* software as long as this copyright notice remains in place. */
9     /* */
10     /* Comments or suggestions? email: andmore@alief.com */
11     /* */
12     /* This is the PHP port: AnyPortal(php)-0.1 */
13     /* ======================================== */
14     /* */
15     /* PHP version 2000 by Stefan@Wiesendanger.org */
16     /* No Rights Reserved. What for, anyhow ? */
17     /* */
18     /* Date Remarks */
19     /* --------- ----------------------------------------------- */
20     /* 25 MAY 99 original ASP version */
21     /* 17 SEP 99 change upload from SA-FILEUP to aspSmartUpload */
22     /* 10 APR 00 simplified PHP3 version */
23     /* 18 APR 00 most of PHP3 port working. Slight modifications */
24     /* 22 APR 00 modified syntax highlighting, no absolute paths */
25     /* revealed, PHP builtin authentication, global */
26     /* style sheet as callback, use apache default */
27     /* icons as an alternative to the wingdings font. */
28     /* 25 APR 00 catch some exceptions (not foolproof yet) */
29     /* 26 APR 00 catch some more exceptions, implicit copy */
30     /* function by saving somewhere else in the detail */
31     /* view, MD5 hashed password. */
32     /* 27 APR 00 Fixed authentication bug */
33     /* 12 MAY 00 Fixed trouble with exec() with newer versions of */
34     /* PHP3. Fixed bug which would send you to a non- */
35     /* existent address after file modifications. */
36    
37 dpavlin 1.2 /*
38     2000-07-25 Dobrica Pavlinusic <dpavlin@rot13.org>
39    
40     nuked exec calls (unsecure)
41     nuked writeable function (replaced by php is_writeable)
42     added support for https (tested with apache+mod_ssl)
43     added users file
44     date format user-selectable
45     cycle backup files in bak directory
46     support links as directoryes (for now)
47     support of file history logging
48     undelete capabilities (delete moves to .del directory)
49    
50     2000-07-26 DbP
51    
52     added more checking on entered filename (when creating file/dir)
53     added rename option
54    
55    
56     IMPORTANT INSTALLATION NOTE:
57     deny serving of .* (dot-something) files in web server!
58     Otherwise, uses can access your log files, users and/or
59     deleted files!
60    
61     .htusers is in form:
62     login:Real Name:md5(loginpassword)
63    
64    
65     TODO:
66     mixed file/directory output (add type to each entry,
67     real support for links)
68     add more content-management (like cms.sourceforge.net):
69     check-out/check-in/reserve
70     comments to files
71     */
72    
73 dpavlin 1.1 //////////////////////////////////////////////////////////////////
74    
75     // TODO : Don't let the file be modified itself. Create a hash of
76     // it (kinda hard since it's self-referential ;-). Make better use
77     // of session management. Escapeshellcmd for all user input.
78    
79     //////////////////////////////////////////////////////////////////
80    
81     // GLOBAL PARAMETERS
82     // =================
83     // Make modifications here to suit siteman to your needs
84    
85     // error_reporting(4) ; // how verbose ?
86    
87     // username/password should not be system
88     // usernames/passwords !!
89    
90 dpavlin 1.2 // $gblPw = "hash_of_your_username_and_password" ;
91    
92     // $gblAuth = false ; // use builtin authentication
93     $gblAuth = true ; // use builtin authentication
94 dpavlin 1.1 $gblHash = "md5" ; // hash function to use
95    
96 dpavlin 1.2 $gblPw = "";
97    
98     if ($gblAuth) {
99     $htusers=fopen(dirname($SCRIPT_FILENAME)."/.htusers","r");
100     while($user = fgetcsv($htusers,255,":")) {
101     if ($user[0] == $GLOBALS["PHP_AUTH_USER"]) {
102     $gblUserName=$user[1];
103     $gblPw=$user[2];
104     continue ;
105     }
106     }
107     fclose($htusers);
108     }
109    
110     // $gblDateFmt="D, F d, Y";
111     // $gblTimeFmt="g:i:sA";
112    
113     $gblDateFmt="Y-m-d";
114     $gblTimeFmt="H:i:s";
115    
116     // Number of backup files to keep
117     $gblNumBackups=5;
118    
119 dpavlin 1.1 // choose GifIcon below unless you have the M$
120     // WingDings font installed on your system
121    
122     $gblIcon = "GifIcon" ; // MockIcon or GifIcon
123    
124     // the directory below should be /icons/ or /icons/small/
125     // on Apache; a set of icons is included in the distribution
126    
127     $gblIconLocation = "icons/" ;
128    
129     // files you want to be able to edit in text mode
130     // and view with (primitive) syntax highlighting
131    
132     $gblEditable = array( ".txt",".asa",".asp",".htm",".html",
133     ".cfm",".php3",".php",".phtml",
134     ".shtml",".css" ) ;
135    
136     // files that will display as images on the detail page
137     // (useless if your browser doesn't support them)
138    
139     $gblImages = array( ".jpg",".jpeg",".gif",".png",".ico",
140     ".bmp",".xbm") ;
141    
142     //////////////////////////////////////////////////////////////////
143    
144     function StartHTML($title,$text="") {
145    
146     $title = "Site Manager " . $title ;
147     $host = $GLOBALS["HTTP_HOST"] ;
148     $self = $GLOBALS["PHP_SELF"] ;
149     ?>
150    
151     <HTML>
152     <HEAD>
153     <TITLE><?php echo $host . " " . $title ?></TITLE>
154     <META NAME="description" CONTENT="PHP port of AnyPortal Site Manager">
155     <META NAME="keywords" CONTENT="site manager, web site maintenance">
156     <META NAME="robots" CONTENT="noindex">
157     <META HTTP-EQUIV="expires" CONTENT="0">
158     <LINK REL="stylesheet" TYPE="text/css"
159     HREF="<?php echo $self ?>?STYLE=get">
160     </HEAD>
161     <BODY BGCOLOR="#FFFFFF">
162     <H3 ALIGN="RIGHT"><?php echo $host ?></H3>
163     <TABLE BORDER=0 WIDTH="100%"><TR>
164     <TD CLASS=INV><?php echo $title ?></TD></TR></TABLE>
165     <P><?php echo $text ?></P>
166    
167     <?php
168     } // end function StartHTML
169    
170     //////////////////////////////////////////////////////////////////
171    
172     function EndHTML() {
173     ?>
174    
175     <HR>
176     <P CLASS=FTR>
177 dpavlin 1.2 <B><?= date($GLOBALS[gblDateFmt]) ?> -
178     <?= date($GLOBALS[gblTimeFmt]) ?> -
179     <?= $GLOBALS[gblUserName] ?>
180     <small> [<a href="<?= $PHP_SELF ?>?relogin=<?= $GLOBALS[gblPw] ?>">logout</a>]</small>
181     </B>
182     <BR>ANYPORTAL(php) Site Manager
183     <br><small>
184     &copy; 1999 by <A HREF="http://www.anyportal.com">ANYPORTAL</A>,
185     &copy; 2000 by <A HREF="http://da.nger.org">d@nger.org</A>,
186     &copy; 2000 by <A HREF="http://www.rot13.org/~dpavlin/">DbP</A>
187     </small>
188 dpavlin 1.1 </P>
189 dpavlin 1.2 <BR>
190     <? //include("../debug.inc") ?>
191     <BR><BR></BODY></HTML>
192 dpavlin 1.1
193     <?php
194     } // end function EndHTML
195    
196     //////////////////////////////////////////////////////////////////
197    
198     function CSS() {
199     ?>
200    
201 dpavlin 1.2 BODY,TD,P,H1,H2,H3 { font-family:Verdana,Helvetica,Arial,sans-serif; }
202 dpavlin 1.1 .BLK { color:black; }
203     .RED { color:red; }
204     .TOP { color:red; font-size:70%; } /* table headings */
205     .INV { color:white; background-color:navy;
206     font-weight:bold; font-size:120%; } /* title */
207     .FTR { } /* footer */
208     .LST { background-color:#E0E0E0; } /* table cells */
209     .BAR { background-color:#E0E0E0; } /* action bar */
210     PRE { color:blue; font-family:Lucida Console,Courier New,
211     Courier,sans-serif; } /* source code */
212     EM { color:green; font-style:normal; } /* line numbers */
213     .REM { color:silver; }
214     .XML { color:navy; background-color:yellow; }
215     .MCK { color:red; font-family:WingDings; } /* Mock Icons */
216     A:HOVER { color:red; }
217    
218     <?php
219     } // end function CSS
220    
221     //////////////////////////////////////////////////////////////////
222    
223     function DetailPage($fsRoot,$relDir,$fn) {
224    
225     global $gblEditable, $gblImages ;
226     $self = $GLOBALS["PHP_SELF"] ;
227    
228     $relPath = $relDir . "/" . $fn ;
229     $fsPath = $fsRoot . $relPath ;
230     $fsDir = $fsRoot . $relDir ;
231    
232     $exists = file_exists($fsPath) ;
233     $ext = strtolower(strrchr($relPath,".")) ;
234     $editable = ( $ext=="" || strstr(join(" ",$gblEditable),$ext)) ;
235 dpavlin 1.2 $writable = is_writeable($fsPath) ;
236 dpavlin 1.1
237     if (!$editable && !$exists)
238     Error("Creation unsupported for type",$relPath) ;
239 dpavlin 1.2 if (!exists && !is_writeable($fsDir) )
240 dpavlin 1.1 Error("Creation denied",$relDir) ;
241    
242     $text = "Use this page to view, modify or " ;
243     $text .= "delete a single document on this " ;
244     $text .= "web site." ;
245     $title = "(Detail Page)" ;
246     StartHTML($title, $text) ;
247    
248     echo "<H3>" . $relDir . "/" . $fn . "</H3>" ;
249     if ($exists) { // get file info
250     $fsize = filesize($fsPath) ;
251 dpavlin 1.2 $fmodified = date("$GLOBALS[gblDateFmt] $GLOBALS[gblTimeFmt]", filemtime($fsPath)) ;
252     $faccessed = date("$GLOBALS[gblDateFmt] $GLOBALS[gblTimeFmt]", fileatime($fsPath)) ;
253 dpavlin 1.1 echo "<PRE> file size: " . $fsize . " Bytes<BR>" ;
254     echo "last modified: <B>" . $fmodified . "</B><BR>" ;
255     echo "last accessed: <B>" . $faccessed . "</B><BR>" ;
256     echo " owner: <B>" . fileowner($fsPath) . "</B><BR>" ;
257     echo " group: <B>" . filegroup($fsPath) . "</B><BR>" ;
258     echo " permissions: <B>" ;
259     echo printf( "%o", fileperms($fsPath) ) . "</B>" ;
260     echo "</PRE>" ;
261 dpavlin 1.2
262 dpavlin 1.1 }
263    
264     if ( $editable && ($writable || !$exists) ) {
265     $fh = fopen($fsPath,"a+") ;
266     rewind($fh) ;
267     $fstr = fread($fh,filesize($fsPath)) ;
268     fclose($fh) ;
269     $fstr = htmlentities( $fstr ) ;
270     ?>
271    
272     <FORM ACTION="<?php echo $self ; ?>" METHOD="POST">
273     <SPAN TITLE="Click [SAVE] to store updated contents.">
274     <B>DOCUMENT CONTENTS</B>
275     </SPAN><BR>
276     <TEXTAREA NAME="FILEDATA" ROWS=18 COLS=70 WRAP="OFF"><?php
277     echo($fstr) ; ?></TEXTAREA>
278     <INPUT TYPE="HIDDEN" NAME="DIR" VALUE="<?php echo $relDir ; ?>">
279     <INPUT TYPE="HIDDEN" NAME="FN" VALUE="<?php echo $fn ; ?>">
280     <INPUT TYPE="HIDDEN" NAME="POSTACTION" VALUE="SAVE">
281 dpavlin 1.2 <INPUT TYPE="HIDDEN" SIZE=48 MAXLENGTH=255 NAME="RELPATH"
282 dpavlin 1.1 VALUE="<?php echo $relPath ; ?>">
283 dpavlin 1.2 <br>
284     <INPUT TYPE="RESET" VALUE="UNDO ALL CHANGES">
285 dpavlin 1.1 <INPUT TYPE="SUBMIT" VALUE="SAVE">
286     </FORM>
287    
288     <?php
289     }
290     else if ( strstr( join(" ",$gblImages), $ext ) ) {
291     $info = getimagesize($fsPath) ;
292     $tstr = "<IMG SRC=\"". $relPath . "\" BORDER=0 " ;
293     $tstr .= $info[3] . " ALT=\"" . $fn . " - " ;
294     $tstr .= (int)(($fsize+1023)/1024) . "Kb\">" ;
295     echo htmlentities($tstr) . "<BR><BR>" . $tstr ;
296     }
297     ?>
298    
299     <FORM ACTION="<?php echo $self ; ?>" METHOD="POST">
300     <INPUT TYPE="HIDDEN" NAME="DIR" VALUE="<?php echo $relDir ; ?>">
301     <INPUT TYPE="HIDDEN" NAME="FN" VALUE="<?php echo $fn ; ?>">
302     <INPUT TYPE="SUBMIT" NAME="POSTACTION" VALUE="CANCEL"><BR>
303    
304     <?php
305 dpavlin 1.2 if (substr($fn,0,4) == ".del") {
306     $action="UNDELETE";
307     $desc="undelete previously deleted file";
308     } else {
309     $action="DELETE";
310     $desc="delete";
311     }
312    
313 dpavlin 1.1 if ($exists && $writable) {
314     ?>
315    
316 dpavlin 1.2 <HR><SPAN TITLE="Check OK and click [<?= $action ?>] to <?= $desc ?>.">
317     <B>OK TO <?= $action ?> "<?php echo $fn ; ?>"? </B></SPAN>
318     <INPUT TYPE="CHECKBOX" NAME="CONFIRM">
319     <INPUT TYPE="SUBMIT" NAME="POSTACTION" VALUE="<?= $action ?>">
320    
321     <HR><SPAN TITLE="Check OK and click [RENAME] to rename.">
322     <B>OK TO RENAME "<?php echo $fn ; ?>" TO
323     <INPUT TYPE="TEXT" SIZE=24 MAXLENGTH=255 NAME="NEWNAME" VALUE="<?= $fn ?>">
324     ? </B></SPAN>
325 dpavlin 1.1 <INPUT TYPE="CHECKBOX" NAME="CONFIRM">
326 dpavlin 1.2 <INPUT TYPE="SUBMIT" NAME="POSTACTION" VALUE="RENAME">
327 dpavlin 1.1
328     <?php
329     }
330     echo "</FORM>" ;
331 dpavlin 1.2
332     $logname=dirname("$fsDir/$fn")."/.log/".basename("$fsDir/$fn");
333     if (file_exists($logname)) {
334     print "<hr><br><b>CHANGES TO THIS FILE</b><br><table border=0 width=100%>\n";
335     $log=fopen($logname,"r");
336     $cl1=" class=lst"; $cl2="";
337     while($line = fgetcsv($log,255,"\t")) {
338     $cl=$cl1; $cl1=$cl2; $cl2=$cl;
339     print "<tr><td$cl>$line[0]</td><td$cl>$line[1]</td><td$cl>$line[2]</td><td$cl>$line[3]</td></tr>\n";
340     }
341     fclose($log);
342     print "</table>";
343     }
344    
345 dpavlin 1.1 EndHTML() ;
346    
347     } // end function DetailPage
348    
349     //////////////////////////////////////////////////////////////////
350    
351     function DisplayCode($fsRoot,$relDir,$fn) {
352    
353     $path = $fsRoot . $relDir . "/" . $fn ;
354    
355     if (!file_exists($path)) Error("File not found",$path) ;
356    
357     StartHTML("(".$relDir."/".$fn.")","");
358    
359     $tstr = join("",file($path)) ;
360     $tstr = htmlentities($tstr) ;
361    
362     // Tabs
363     $tstr = str_replace(chr(9)," ",$tstr) ;
364    
365     // ASP tags & XML/PHP tags
366     $aspbeg = "<SPAN CLASS=XML>&lt;%</SPAN><SPAN CLASS=BLK>" ;
367     $aspend = "</SPAN><SPAN CLASS=XML>%&gt;</SPAN>" ;
368     $tstr = str_replace("&lt;%",$aspbeg,$tstr) ;
369     $tstr = str_replace("%&gt;",$aspend,$tstr) ;
370    
371     $xmlbeg = "<SPAN CLASS=XML>&lt;?</SPAN><SPAN CLASS=BLK>" ;
372     $xmlend = "</SPAN><SPAN CLASS=XML>?&gt;</SPAN>" ;
373     $tstr = str_replace("&lt;?",$xmlbeg,$tstr) ;
374     $tstr = str_replace("?&gt;",$xmlend,$tstr) ;
375    
376     // C style comment
377     $tstr = str_replace("/*","<SPAN CLASS=REM>/*",$tstr) ;
378     $tstr = str_replace("*/","*/</SPAN>",$tstr) ;
379    
380     // HTML comments
381     $tstr = str_replace("&lt;!--","<I CLASS=RED>&lt;!--",$tstr) ;
382     $tstr = str_replace("--&gt;","--&gt;</I>",$tstr) ;
383    
384     echo "<PRE>" ;
385    
386     $tstr = split("\n",$tstr) ;
387     for ($i = 0 ; $i < sizeof($tstr) ; ++$i) {
388     // add line numbers
389     echo "<BR><EM>" ;
390     echo substr(("000" . ($i+1)), -4) . ":</EM> " ;
391     $line = $tstr[$i] ;
392     // C++ style comments
393     $pos = strpos($line,"//") ;
394     // exceptions: two slashes aren't a script comment
395     if (strstr($line,"//") &&
396     ! ($pos>0 && substr($line,$pos-1,1)==":") &&
397     ! (substr($line,$pos,8) == "//--&gt;") &&
398     ! (substr($line,$pos,9) == "// --&gt;")) {
399     $beg = substr($line,0,strpos($line,"//")) ;
400     $end = strstr($line,"//") ;
401     $line = $beg."<SPAN CLASS=REM>".$end."</SPAN>";
402     }
403     // shell & asp style comments
404     $first = substr(ltrim($line),0,1) ;
405     if ($first == "#" || $first == "'") {
406     $line = "<SPAN CLASS=REM>".$line."</SPAN>";
407     }
408     print($line) ;
409     } // next i
410    
411     echo "</PRE>" ;
412    
413     EndHTML() ;
414    
415     } // end function DisplayCode
416    
417     //////////////////////////////////////////////////////////////////
418    
419     function MockIcon($txt) {
420     $tstr = "<SPAN CLASS=MCK>" ;
421    
422     switch (strtolower($txt)) {
423     case ".bmp" :
424     case ".gif" :
425     case ".jpg" :
426     case ".jpeg":
427     case ".tif" :
428     case ".tiff":
429     $d = 176 ;
430     break ;
431     case ".doc" :
432     $d = 50 ;
433     break ;
434     case ".exe" :
435     case ".bat" :
436     $d = 255 ;
437     break ;
438     case ".bas" :
439     case ".c" :
440     case ".cc" :
441     case ".src" :
442     $d = 255 ;
443     break ;
444     case "file" :
445     $d = 51 ;
446     break ;
447     case "fldr" :
448     $d = 48 ;
449     break ;
450     case ".htm" :
451     case ".html":
452     case ".asa" :
453     case ".asp" :
454     case ".cfm" :
455     case ".php3":
456     case ".php" :
457     case ".phtml" :
458     case ".shtml" :
459     $d = 182 ;
460     break ;
461     case ".pdf" :
462     $d = 38 ;
463     break;
464     case ".txt" :
465     case ".ini" :
466     $d = 52 ;
467     break ;
468     case ".xls" :
469     $d = 252 ;
470     break ;
471     case ".zip" :
472     case ".arc" :
473     case ".sit" :
474     case ".tar" :
475     case ".gz" :
476     case ".tgz" :
477     case ".Z" :
478     $d = 59 ;
479     break ;
480     case "view" :
481     $d = 52 ;
482     break ;
483     case "up" :
484     $d = 199 ;
485     break ;
486     case "blank" :
487     return "&nbsp;&nbsp;</SPAN>" ;
488     break ;
489     default :
490     $d = 51 ;
491     }
492    
493     return $tstr . chr($d) . "</SPAN>" ;
494     } // end function MockIcon
495    
496     //////////////////////////////////////////////////////////////////
497    
498     function GifIcon($txt) {
499     global $gblIconLocation ;
500    
501     switch (strtolower($txt)) {
502     case ".bmp" :
503     case ".gif" :
504     case ".jpg" :
505     case ".jpeg":
506     case ".tif" :
507     case ".tiff":
508     $d = "image2.gif" ;
509     break ;
510     case ".doc" :
511     $d = "layout.gif" ;
512     break ;
513     case ".exe" :
514     case ".bat" :
515     $d = "screw2.gif" ;
516     break ;
517     case ".bas" :
518     case ".c" :
519     case ".cc" :
520     case ".src" :
521     $d = "c.gif" ;
522     break ;
523     case "file" :
524     $d = "generic.gif" ;
525     break ;
526     case "fldr" :
527     $d = "dir.gif" ;
528     break ;
529     case ".phps" :
530     $d = "phps.gif" ;
531     break ;
532     case ".php3" :
533     $d = "php3.gif" ;
534     break ;
535     case ".htm" :
536     case ".html":
537     case ".asa" :
538     case ".asp" :
539     case ".cfm" :
540     case ".php3":
541     case ".php" :
542     case ".phtml" :
543     case ".shtml" :
544     $d = "world1.gif" ;
545     break ;
546     case ".pdf" :
547     $d = "pdf.gif" ;
548     break;
549     case ".txt" :
550     case ".ini" :
551     $d = "text.gif" ;
552     break ;
553     case ".xls" :
554     $d = "box2.gif" ;
555     break ;
556     case ".zip" :
557     case ".arc" :
558     case ".sit" :
559     case ".tar" :
560     case ".gz" :
561     case ".tgz" :
562     case ".Z" :
563     $d = "compressed.gif" ;
564     break ;
565     case "view" :
566     $d = "index.gif" ;
567     break ;
568     case "up" :
569     $d = "back.gif" ;
570     break ;
571     case "blank" :
572     $d = "blank.gif" ;
573     break ;
574     default :
575     $d = "generic.gif" ;
576     }
577    
578     return "<IMG SRC=\"$gblIconLocation" . $d . "\" BORDER=0>" ;
579     } // end function GifIcon
580    
581     //////////////////////////////////////////////////////////////////
582    
583     function Navigate($fsRoot,$relDir) {
584    
585     global $gblEditable, $gblIcon ;
586    
587     $self = $GLOBALS["PHP_SELF"] ;
588 dpavlin 1.2 if (isset($GLOBALS["HTTPS"]) && $GLOBALS["HTTPS"] == "on") {
589     $webRoot = "https://" . $GLOBALS["SERVER_NAME"] ;
590     } else {
591     $webRoot = "http://" . $GLOBALS["SERVER_NAME"] ;
592     }
593 dpavlin 1.1 $fsDir = $fsRoot . $relDir . "/" ; // current directory
594    
595     if (!is_dir($fsDir)) Error("Dir not found",$relDir) ;
596    
597     // read directory contents
598     if ( !($dir = @opendir($fsDir)) )
599     Error("Read Access denied",$relDir) ;
600     while ($item = readdir($dir)) {
601 dpavlin 1.2 if ( $item == ".." || $item == "." || substr($item,0,1) == "." ) continue ;
602 dpavlin 1.1 if ( is_dir($fsDir . $item) ) {
603     $dirList[] = $item ;
604 dpavlin 1.2 } else if ( is_file($fsDir . $item) ) {
605 dpavlin 1.1 $fileList[] = $item ;
606 dpavlin 1.2 } else if ( is_link($fsDir . $item) ) {
607     $dirList[] = $item ;
608     } else {
609 dpavlin 1.1 // unknown file type
610     // $text = "Could not determine file type of " ;
611     // Error("File Error", $text.$relDir."/".$item) ;
612     // exit ;
613     }
614     }
615     closedir($dir) ;
616 dpavlin 1.2
617     // scan deleted files
618     if ( $GLOBALS[show_deleted] == 1 && ($dir = @opendir("$fsDir/.del")) ) {
619     while ($item = readdir($dir)) {
620     if ( substr($item,0,1) == "." ) continue ;
621     $fileList[] = ".del/$item" ;
622     }
623     closedir($dir) ;
624     }
625    
626 dpavlin 1.1 $emptyDir = ! (sizeof($dirList) || sizeof($fileList)) ;
627    
628     // start navigation page
629 dpavlin 1.2 $text = "Use this page to add, delete";
630     if (! isset($show_deleted)) {
631     $text .= ", <a href=$PHP_SELF?show_deleted=1>undelete</a>";
632     }
633     $text .= " or revise files on this web site." ;
634 dpavlin 1.1 StartHTML("(Navigate)",$text) ;
635    
636     echo "<TABLE BORDER=0 CELLPADDING=2
637     CELLSPACING=3 WIDTH=\"100%\">" ;
638    
639     // updir bar
640     if ($fsDir != $fsRoot) {
641     $parent = dirname($relDir) ;
642     if ($parent == "") $parent = "/" ;
643     ?>
644    
645     <TR><TD><?php echo $gblIcon("up") ?></TD><TD COLSPAN=4 CLASS=LST>
646     <A HREF="<?php echo $self ?>?D=<?php echo urlencode($parent) ?>">
647     <B><?php echo $parent ?></B></A></TD></TR>
648    
649     <?php
650     }
651    
652     // output subdirs
653     if (sizeof($dirList) > 0) {
654     sort($dirList) ;
655     ?>
656    
657     <TR><TD></TD><TD COLSPAN=4 CLASS=TOP><HR>DIRECTORY NAME</TD></TR>
658    
659     <?php
660     while (list($key,$dir) = each($dirList)) {
661    
662     $tstr = "<A HREF=\"" . $self . "?D=" ;
663     $tstr .= urlencode($relDir."/".$dir) ;
664     $tstr .= "\">" . $dir . "/</A>" ;
665     ?>
666    
667     <TR><TD><?php echo $gblIcon("fldr") ?></TD>
668     <TD COLSPAN=4 CLASS=LST><?php echo $tstr ?></TD></TR>
669    
670     <?php
671     } // iterate over dirs
672     } // end if no dirs
673     ?>
674    
675     <TR><TD></TD><TD COLSPAN=4><HR><B><?php echo $webRoot . $relDir ?>
676     </B></TD></TR>
677     <TR><TD></TD><TD CLASS=TOP>DOCUMENT NAME</TD>
678     <TD><?php echo $gblIcon("blank") ?></TD>
679     <TD CLASS=TOP>LAST UPDATE</TD><TD CLASS=TOP>FILE SIZE</TD></TR>
680    
681     <?php
682     if (sizeof($fileList) > 0) {
683     sort($fileList) ;
684     while (list($key,$file) = each($fileList)) {
685     $path = $fsDir."/".$file ;
686     $mod = filemtime($path) ;
687     $sz = filesize($path) ;
688    
689     if ($sz >= 10240) {
690     $sz = (int)(($sz+1023)/1024) . " k" ;
691     }
692     else {
693     $sz .= " " ;
694     } // end size
695    
696     $a = $b = "" ;
697    
698     if ( ($mod + 30*86400) > time() ) {
699     $a = "<SPAN CLASS=RED TITLE=\"Newer" ;
700     $a .= " than 30 days\"> * </SPAN>" ;
701     }
702    
703     $tstr = $webRoot . $relDir . "/" . $file ;
704     $tstr = "<A HREF=\"" . $tstr . "\">" ;
705 dpavlin 1.2
706     if (substr($file,0,5) != ".del/") {
707     $tstr .= $file . "</A>" . $a ;
708     } else {
709     $tstr .= substr($file,5,strlen($file)-5) . "</a> <SPAN CLASS=RED TITLE=\"deleted\"> deleted </span>";
710     }
711 dpavlin 1.1
712     $ext = strtolower(strrchr($file,".")) ;
713     if ( $ext=="" ||
714     strstr(join(" ",$gblEditable),$ext) )
715     {
716     $b = "<A HREF=\"" . $self . "?A=C&F=" ;
717     $b .= urlencode($file) . "&D=" . urlencode($relDir) ;
718     $b .= "\" TITLE=\"List contents\">" ;
719     $b .= $gblIcon("view") . "</A>" ;
720     }
721    
722     ?>
723    
724     <TR><TD>
725     <A HREF="<?php echo $self ?>?A=E&F=<?php echo urlencode($file)
726     ?>&D=<?php echo urlencode($relDir) ?>" TITLE="View/Edit">
727     <?php echo $gblIcon($ext) ?></A></TD>
728     <TD CLASS=LST><?php echo $tstr ?></TD>
729     <TD CLASS=LST ALIGN=center><?php echo $b ?></TD>
730 dpavlin 1.2 <TD CLASS=LST><?php echo date("$GLOBALS[gblDateFmt] $GLOBALS[gblTimeFmt]",$mod) ?></TD>
731 dpavlin 1.1 <TD CLASS=LST><?php echo $sz ?>Bytes</TD></TR>
732    
733     <?php
734     } // iterate over files
735     } // end if no files
736    
737     if ($emptyDir) {
738     ?>
739    
740     <FORM METHOD="POST" ACTION="<?php echo $self ?>">
741     <TR><TD></TD><TD COLSPAN=4 CLASS=BAR>
742     <INPUT TYPE="HIDDEN" NAME="DIR" VALUE="<?php echo $relDir ?>">
743     OK TO DELETE THIS EMPTY FOLDER?
744     <INPUT TYPE="CHECKBOX" NAME="CONFIRM">
745     <INPUT TYPE="SUBMIT" NAME="POSTACTION" VALUE="DELETE">
746     </TD></TR>
747     </FORM>
748    
749     <?php
750     } // end if emptyDir
751     ?>
752    
753     <TR><TD></TD><TD COLSPAN=4><HR></TD></TR>
754    
755     <FORM METHOD="POST" ACTION="<?php echo $self ?>">
756     <TR><TD></TD><TD COLSPAN=4 CLASS=BAR>CREATE NEW
757     <INPUT TYPE="RADIO" NAME="T" VALUE="D" CHECKED>DIRECTORY -OR-
758     <INPUT TYPE="RADIO" NAME="T" VALUE="F">FILE : &nbsp;&nbsp;
759     <NOBR>NAME <INPUT TYPE="TEXT" NAME="FN" SIZE=14>
760     <INPUT TYPE="HIDDEN" NAME="POSTACTION" VALUE="CREATE">
761     <INPUT TYPE="HIDDEN" NAME="DIR" VALUE="<?php echo $relDir ?>">
762     <INPUT TYPE="SUBMIT" VALUE="CREATE"></NOBR>
763     <NOBR>OR <A HREF="<?php echo $self
764     ?>?A=U&D=<?php echo urlencode($relDir) ?>">UPLOAD</A> A FILE
765     </NOBR>
766     </TD></TR>
767     </FORM>
768     </TABLE>
769    
770     <?php
771     EndHTML() ;
772     } // end function Navigate
773    
774     //////////////////////////////////////////////////////////////////
775    
776     function UploadPage($fsRoot, $relDir) {
777    
778     $self = $GLOBALS["PHP_SELF"] ;
779     if ($relDir == "") $relDir = "/" ;
780     ?>
781    
782     <P><TABLE BORDER=0 CELLPADDING=5><TR><TD WIDTH=5></TD><TD CLASS=BAR>
783     <FORM ENCTYPE="multipart/form-data" METHOD="POST"
784     ACTION="<?php echo $self ?>">
785     DESTINATION DIRECTORY:<B><?php echo " " . $relDir ?></B>
786     <P>PATHNAME OF LOCAL FILE<BR>
787     <INPUT TYPE="HIDDEN" NAME="DIR" VALUE="<?php echo $relDir ?>">
788     <INPUT TYPE="HIDDEN" NAME="POSTACTION" VALUE="UPLOAD">
789     <INPUT SIZE=30 TYPE="FILE" NAME="FN"></P>
790     <P><INPUT TYPE="SUBMIT" VALUE="UPLOAD"></P>
791     <P>If the <B>[BROWSE...]</B> button is not displayed,<BR>
792     you must upgrade to an RFC1867-compliant browser.</P>
793     <P>Your browser:<BR><?php echo $GLOBALS["HTTP_USER_AGENT"] ?></P>
794     </FORM>
795     </TD></TR>
796     <TR><TD></TD><TD>
797     <FORM METHOD="POST" ACTION="<?php echo $self ?>">
798     <INPUT TYPE="HIDDEN" NAME="DIR" VALUE="<?php echo $relDir ?>"><BR>
799     <INPUT TYPE="SUBMIT" NAME="POSTACTION" VALUE="CANCEL">
800     </FORM>
801     </TD></TR></TABLE></P>
802    
803     <?php
804     } // end function UploadPage
805    
806     //////////////////////////////////////////////////////////////////
807    
808     function Error($title,$text="") {
809     StartHTML("(".$title.")",$text) ;
810     echo "<P ALIGN=center>Hit your Browser's Back Button.</P>" ;
811     EndHTML() ;
812     exit ;
813     } // end function Error
814    
815     //////////////////////////////////////////////////////////////////
816    
817     function CreateHash($user, $pw) {
818    
819     global $gblHash ; // hash function to use
820    
821     if ($user == "" || $pw == "") {
822     $text = "either no password or no username supplied" ;
823     Error("Create Hash",$text) ;
824     }
825     $title = "(Create Hash)" ;
826     StartHTML($title) ;
827     echo "<P ALIGN=center>" ;
828     echo "<BLOCKQUOTE>Copy the value below and paste it " ;
829     echo "into the<BR>value for \$gblPw in the source of " ;
830     echo "this file<BR><BR><B>" . $gblHash($user.$pw) ;
831     echo "</B><BR><BR>Hash function: " . $gblHash ;
832     echo "</BLOCKQUOTE></P>" ;
833     EndHTML() ;
834     exit ;
835    
836     } // end function CreateHash
837    
838     //////////////////////////////////////////////////////////////////
839    
840     function NoEntry() {
841    
842     $user = $GLOBALS["PHP_AUTH_USER"] ;
843     $pw = $GLOBALS["PHP_AUTH_PW"] ;
844     $self = $GLOBALS["PHP_SELF"] ;
845    
846     $title = "(401 Unauthorized)" ;
847     $text = "No trespassing !" ;
848     StartHTML($title,$text) ;
849     ?>
850    
851     <FORM ACTION="<?php echo $self ?>?HASH=create" METHOD="POST">
852     <INPUT TYPE="HIDDEN" NAME="USER" VALUE="<?php echo $user ?>">
853     <INPUT TYPE="HIDDEN" NAME="PW" VALUE="<?php echo $pw ?>">
854    
855     <BLOCKQUOTE><B>If you are a site administrator:</B><BR><BR>
856     Click below to <B>generate a password hash</B><BR>from
857     the username-password pair you just<BR>entered. Then include the hash in
858     the source<BR>of this file.<BR><BR>
859     <INPUT TYPE="SUBMIT" VALUE="CREATE HASH">
860     </BLOCKQUOTE></FORM>
861    
862     <?php
863     EndHTML() ;
864     exit ;
865     }
866    
867     //////////////////////////////////////////////////////////////////
868    
869 dpavlin 1.2 function Logit($target,$msg) {
870    
871     $dir=dirname($target);
872     if (! file_exists($dir."/.log")) {
873     mkdir($dir."/.log",0700);
874     }
875     $file=basename($target);
876    
877     $log=fopen("$dir/.log/$file","a+");
878     fputs($log,date("$GLOBALS[gblDateFmt]\t$GLOBALS[gblTimeFmt]").
879     "\t$GLOBALS[gblUserName]\t$msg\n");
880     fclose($log);
881    
882     }
883    
884    
885    
886     //////////////////////////////////////////////////////////////////
887    
888 dpavlin 1.1 // MAIN PROGRAM
889     // ============
890     // query parameters: capital letters
891     // local functions : begin with capital letters
892     // global constants: begin with gbl
893    
894 dpavlin 1.2 $gblFilePerms = 0640 ; // default for new files
895     $gblDirPerms = 0750 ; // default for new dirs
896 dpavlin 1.1
897     // phpinfo() ;
898     // exit ;
899    
900     // forks before authentication: style sheet and hash
901     // creation if password not yet set.
902     if ($STYLE == "get") { CSS() ; exit ; }
903     if ($HASH != "") {
904     CreateHash($USER, $PW) ;
905     exit ;
906     }
907    
908     // authentication if $gblAuth == true
909 dpavlin 1.2 if ( $gblAuth && $gblHash($PHP_AUTH_USER.$PHP_AUTH_PW) != $gblPw ||
910     isset($relogin) && $gblPw == $relogin ) {
911 dpavlin 1.1 header("WWW-authenticate: basic realm=\"$SERVER_NAME\"") ;
912     header("HTTP/1.0 401 Unauthorized") ;
913     NoEntry() ;
914     exit ;
915     }
916    
917     // get current directory relative to $gblFsRoot
918     $relDir = $DIR ; // from POST
919     if ($relDir == "") { // not defined in POST ?
920     $relDir = urldecode($D) ; // then use GET
921     }
922    
923     if ($relDir == "/") $relDir = "" ;
924     // default : website root = ""
925    
926     if (strstr($relDir,"..")) Error("No updirs allowed");
927    
928     // full paths contain "fs" or "Fs". Paths realitve to root of
929     // website contain "rel" or "Rel". The script won't let you
930     // edit anything above directory equal to http://server.com
931     // i.e. below $gblFsRoot.
932    
933     $relScriptDir = dirname($SCRIPT_NAME) ;
934     // i.e. /siteman
935    
936     $fsScriptDir = dirname($SCRIPT_FILENAME) ;
937     // i.e. /home/httpd/html/siteman
938    
939     $gblFsRoot = substr($fsScriptDir,0,
940     strlen($fsScriptDir)-strlen($relScriptDir)) ;
941     // i.e. /home/httpd/html
942    
943     $fsDir = $gblFsRoot . $relDir ; // current directory
944     if ( !is_dir($fsDir) ) Error("Dir not found",$relDir) ;
945    
946     switch ($POSTACTION) {
947     case "UPLOAD" :
948 dpavlin 1.2 if (!is_writeable($fsDir)) Error("Write denied",$relDir) ;
949 dpavlin 1.1 if (strstr($FN_name,"/"))
950     Error("Non-conforming filename") ;
951     // TODO : should rather check for escapeshellcmds
952     // but maybe RFC 18xx asserts safe filenames ....
953     $source = $FN ;
954     $target = $fsDir . "/" . $FN_name ;
955 dpavlin 1.2
956     // backup old files first
957     $dir=dirname($target);
958     if (! file_exists($dir."/.bak")) {
959     mkdir($dir."/.bak",0700);
960     }
961     if (! file_exists($dir."/.bak/$GLOBALS[gblNumBackups]")) {
962     mkdir($dir."/.bak/$GLOBALS[gblNumBackups]",0700);
963     }
964     $file=basename($target);
965     for($i=$GLOBALS[gblNumBackups]-1;$i>0;$i--) {
966     if (! file_exists($dir."/.bak/".$i)) {
967     mkdir($dir."/.bak/".$i,0700);
968     }
969     if (file_exists($dir."/.bak/".$i."/".$file)) {
970     rename($dir."/.bak/".$i."/".$file,
971     $dir."/.bak/".($i+1)."/".$file);
972     }
973     }
974     if (file_exists($target)) {
975     rename($target,$dir."/.bak/1/".$file);
976     }
977    
978     copy($source,$target) ;
979     chmod($target,$gblFilePerms) ;
980 dpavlin 1.1 clearstatcache() ;
981 dpavlin 1.2 Logit($target,"uploaded");
982 dpavlin 1.1 break ;
983    
984     case "SAVE" :
985     $path = $gblFsRoot . escapeshellcmd($RELPATH) ;
986 dpavlin 1.2 $writable = is_writeable($path) ;
987     $legaldir = is_writeable(dirname($path)) ;
988 dpavlin 1.1 $exists = (file_exists($path)) ? 1 : 0 ;
989     // check for legal extension here as well
990     if (!($writable || (!$exists && $legaldir)))
991     Error("Write denied",$RELPATH) ;
992     $fh = fopen($path, "w") ;
993     fwrite($fh,$FILEDATA) ;
994     fclose($fh) ;
995     clearstatcache() ;
996 dpavlin 1.2 Logit($path,"saved changes");
997 dpavlin 1.1 break ;
998    
999     case "CREATE" :
1000     // we know $fsDir exists
1001 dpavlin 1.2 if ($FN == "") break; // no filename!
1002     if (!is_writeable($fsDir)) Error("Write denied",$relDir) ;
1003 dpavlin 1.1 $path = $fsDir . "/" . $FN ; // file or dir to create
1004     $relPath = $relDir . "/" . $FN ;
1005     switch ( $T ) {
1006     case "D" : // create a directory
1007     if ( ! @mkdir($path,$gblDirPerms) )
1008     Error("Mkdir failed",$relPath) ; // eg. if it exists
1009     clearstatcache() ;
1010     break ;
1011     case "F" : // create a new file
1012     // this functionality is doubled in DetailView().
1013     // better keep it here altogether
1014     // chmod perms to $gblFilePerms
1015 dpavlin 1.2 if ( file_exists($path) && !is_writable($path) )
1016 dpavlin 1.1 Error("File not writable", $relPath) ;
1017     $tstr = $PHP_SELF . "?A=E&D=" . $relDir . "&F=" . $FN ;
1018     header("Location: " . $tstr) ;
1019     exit ;
1020     }
1021     break ;
1022    
1023     case "DELETE" :
1024     if ( $CONFIRM != "on" ) break ;
1025    
1026     $tstr = "Attempt to delete non-existing object or " ;
1027     $tstr .= "insufficient privileges: " ;
1028    
1029     if ( $FN != "") { // delete file
1030 dpavlin 1.2 $path = $fsDir . "/" . $FN ;
1031    
1032     $dir=dirname($path);
1033     $file=basename($path);
1034     if (! file_exists("$dir/.del")) {
1035     mkdir("$dir/.del",0700);
1036     }
1037    
1038     // if ( ! @unlink($path) ) {
1039     if ( ! rename($path,"$dir/.del/$file") ) {
1040     Error("File delete failed", $tstr . $path) ;
1041     Logit($path,"file delete failed");
1042     exit ;
1043     } else {
1044     Logit($path,"file deleted");
1045     if (! file_exists("$dir/.del/.log")) {
1046     mkdir("$dir/.del/.log",0700);
1047     }
1048     rename("$dir/.log/$file","$dir/.del/.log/$file");
1049     }
1050 dpavlin 1.1 }
1051     else { // delete directory
1052     if ( ! @rmdir($fsDir) ) {
1053     Error("Rmdir failed", $tstr . $fsDir) ;
1054     }
1055     else {
1056     $relDir = dirname($relDir) ; // move up
1057     }
1058     }
1059     break ;
1060    
1061 dpavlin 1.2 case "UNDELETE" :
1062     if ( $CONFIRM != "on" ) break ;
1063    
1064     if (substr($FN,0,4) != ".del") break ;
1065     $file=substr($FN,4,strlen($FN)-4);
1066    
1067     Logit("$fsDir/.del/$file","undeleted");
1068     rename("$fsDir/.del/$file","$fsDir/$file");
1069     rename("$fsDir/.del/.log/$file","$fsDir/.log/$file");
1070    
1071     break ;
1072    
1073     case "RENAME" :
1074     if ( $CONFIRM != "on" ) break ;
1075    
1076     Logit("$fsDir/$FN","renamed $FN to $NEWNAME");
1077     rename("$fsDir/$FN","$fsDir/$NEWNAME");
1078     rename("$fsDir/.log/$FN","$fsDir/.log/$NEWNAME");
1079    
1080     break ;
1081    
1082 dpavlin 1.1 default :
1083     // user hit "CANCEL" or undefined action
1084     }
1085    
1086     // common to all POSTs : redirect to directory view ($relDir)
1087     if ( $POSTACTION != "" ) {
1088     $tstr = $PHP_SELF . "?D=" . urlencode($relDir) ;
1089     header("Location: " . $tstr) ;
1090     exit ;
1091     }
1092    
1093     // check for mode.. navigate, code display, upload, or detail?
1094     // $A=U : upload to path given in $D
1095     // $A=E : display detail of file $D/$F and edit
1096     // $A=C : display code in file $D/$F
1097     // default : display directory $D
1098    
1099     switch ($A) {
1100     case "U" :
1101     // upload to $relDir
1102 dpavlin 1.2 if (!is_writeable($gblFsRoot . $relDir))
1103 dpavlin 1.1 Error("Write access denied",$relDir) ;
1104     $text = "Use this page to upload a single " ;
1105     $text .= "file to <B>$SERVER_NAME</B>." ;
1106     StartHTML("(Upload Page)", $text) ;
1107     UploadPage($gblFsRoot, $relDir) ;
1108     EndHTML() ;
1109     exit ;
1110     case "E" :
1111     // detail of $relDir/$F
1112 dpavlin 1.2 if (is_file("$gblFsRoot/$relDir/$F")) DetailPage($gblFsRoot, $relDir, $F) ;
1113 dpavlin 1.1 exit ;
1114     case "C" :
1115     // listing of $relDir/$F
1116     DisplayCode($gblFsRoot, $relDir, $F) ;
1117     exit ;
1118     }
1119    
1120     // default: display directory $relDir
1121     Navigate($gblFsRoot,$relDir) ;
1122     exit ;
1123    
1124     Error("Whooah!","By cartesian logic, this never happens") ;
1125     ?>

  ViewVC Help
Powered by ViewVC 1.1.26