/[docman]/docman.php
This is repository of my old source code which isn't updated any more. Go to git.rot13.org for current projects!
ViewVC logotype

Annotation of /docman.php

Parent Directory Parent Directory | Revision Log Revision Log


Revision 1.3 - (hide annotations)
Thu Aug 3 19:35:44 2000 UTC (22 years, 6 months ago) by dpavlin
Branch: MAIN
CVS Tags: non-checkin
Changes since 1.2: +10 -3 lines
create proto .htusers undelete preserves directory

1 dpavlin 1.1 <?php
2    
3     /* Copyright 1999 by John Martin d/b/a www.ANYPORTAL.com */
4     /* All Rights Reserved. */
5     /* */
6     /* This software is freeware and is not in the public domain. */
7     /* You are hereby granted the right to freely distribute this */
8     /* software as long as this copyright notice remains in place. */
9     /* */
10     /* Comments or suggestions? email: andmore@alief.com */
11     /* */
12     /* This is the PHP port: AnyPortal(php)-0.1 */
13     /* ======================================== */
14     /* */
15     /* PHP version 2000 by Stefan@Wiesendanger.org */
16     /* No Rights Reserved. What for, anyhow ? */
17     /* */
18     /* Date Remarks */
19     /* --------- ----------------------------------------------- */
20     /* 25 MAY 99 original ASP version */
21     /* 17 SEP 99 change upload from SA-FILEUP to aspSmartUpload */
22     /* 10 APR 00 simplified PHP3 version */
23     /* 18 APR 00 most of PHP3 port working. Slight modifications */
24     /* 22 APR 00 modified syntax highlighting, no absolute paths */
25     /* revealed, PHP builtin authentication, global */
26     /* style sheet as callback, use apache default */
27     /* icons as an alternative to the wingdings font. */
28     /* 25 APR 00 catch some exceptions (not foolproof yet) */
29     /* 26 APR 00 catch some more exceptions, implicit copy */
30     /* function by saving somewhere else in the detail */
31     /* view, MD5 hashed password. */
32     /* 27 APR 00 Fixed authentication bug */
33     /* 12 MAY 00 Fixed trouble with exec() with newer versions of */
34     /* PHP3. Fixed bug which would send you to a non- */
35     /* existent address after file modifications. */
36    
37 dpavlin 1.2 /*
38     2000-07-25 Dobrica Pavlinusic <dpavlin@rot13.org>
39    
40     nuked exec calls (unsecure)
41     nuked writeable function (replaced by php is_writeable)
42     added support for https (tested with apache+mod_ssl)
43     added users file
44     date format user-selectable
45     cycle backup files in bak directory
46     support links as directoryes (for now)
47     support of file history logging
48     undelete capabilities (delete moves to .del directory)
49    
50     2000-07-26 DbP
51    
52     added more checking on entered filename (when creating file/dir)
53     added rename option
54    
55    
56     IMPORTANT INSTALLATION NOTE:
57     deny serving of .* (dot-something) files in web server!
58     Otherwise, uses can access your log files, users and/or
59     deleted files!
60    
61     .htusers is in form:
62     login:Real Name:md5(loginpassword)
63    
64    
65     TODO:
66     mixed file/directory output (add type to each entry,
67     real support for links)
68     add more content-management (like cms.sourceforge.net):
69     check-out/check-in/reserve
70     comments to files
71     */
72    
73 dpavlin 1.1 //////////////////////////////////////////////////////////////////
74    
75     // TODO : Don't let the file be modified itself. Create a hash of
76     // it (kinda hard since it's self-referential ;-). Make better use
77     // of session management. Escapeshellcmd for all user input.
78    
79     //////////////////////////////////////////////////////////////////
80    
81     // GLOBAL PARAMETERS
82     // =================
83     // Make modifications here to suit siteman to your needs
84    
85     // error_reporting(4) ; // how verbose ?
86    
87     // username/password should not be system
88     // usernames/passwords !!
89    
90 dpavlin 1.2 // $gblPw = "hash_of_your_username_and_password" ;
91    
92     // $gblAuth = false ; // use builtin authentication
93     $gblAuth = true ; // use builtin authentication
94 dpavlin 1.1 $gblHash = "md5" ; // hash function to use
95    
96 dpavlin 1.2 $gblPw = "";
97    
98     if ($gblAuth) {
99 dpavlin 1.3 $htusers_file=dirname($SCRIPT_FILENAME)."/.htusers";
100     if (! file_exists($htusers_file)) {
101     $htusers=fopen($htusers_file,"a+");
102     fputs($htusers,"# Change owner of $htusers_file to root !!\n");
103     fputs($htusers,"demo:full name:md5_hash\n");
104     fclose($htusers);
105     }
106     $htusers=fopen($htusers_file,"r");
107 dpavlin 1.2 while($user = fgetcsv($htusers,255,":")) {
108     if ($user[0] == $GLOBALS["PHP_AUTH_USER"]) {
109     $gblUserName=$user[1];
110     $gblPw=$user[2];
111     continue ;
112     }
113     }
114     fclose($htusers);
115     }
116    
117     // $gblDateFmt="D, F d, Y";
118     // $gblTimeFmt="g:i:sA";
119    
120     $gblDateFmt="Y-m-d";
121     $gblTimeFmt="H:i:s";
122    
123     // Number of backup files to keep
124     $gblNumBackups=5;
125    
126 dpavlin 1.1 // choose GifIcon below unless you have the M$
127     // WingDings font installed on your system
128    
129     $gblIcon = "GifIcon" ; // MockIcon or GifIcon
130    
131     // the directory below should be /icons/ or /icons/small/
132     // on Apache; a set of icons is included in the distribution
133    
134 dpavlin 1.3 $gblIconLocation = "/icons/" ;
135 dpavlin 1.1
136     // files you want to be able to edit in text mode
137     // and view with (primitive) syntax highlighting
138    
139     $gblEditable = array( ".txt",".asa",".asp",".htm",".html",
140     ".cfm",".php3",".php",".phtml",
141     ".shtml",".css" ) ;
142    
143     // files that will display as images on the detail page
144     // (useless if your browser doesn't support them)
145    
146     $gblImages = array( ".jpg",".jpeg",".gif",".png",".ico",
147     ".bmp",".xbm") ;
148    
149     //////////////////////////////////////////////////////////////////
150    
151     function StartHTML($title,$text="") {
152    
153     $title = "Site Manager " . $title ;
154     $host = $GLOBALS["HTTP_HOST"] ;
155     $self = $GLOBALS["PHP_SELF"] ;
156     ?>
157    
158     <HTML>
159     <HEAD>
160     <TITLE><?php echo $host . " " . $title ?></TITLE>
161     <META NAME="description" CONTENT="PHP port of AnyPortal Site Manager">
162     <META NAME="keywords" CONTENT="site manager, web site maintenance">
163     <META NAME="robots" CONTENT="noindex">
164     <META HTTP-EQUIV="expires" CONTENT="0">
165     <LINK REL="stylesheet" TYPE="text/css"
166     HREF="<?php echo $self ?>?STYLE=get">
167     </HEAD>
168     <BODY BGCOLOR="#FFFFFF">
169     <H3 ALIGN="RIGHT"><?php echo $host ?></H3>
170     <TABLE BORDER=0 WIDTH="100%"><TR>
171     <TD CLASS=INV><?php echo $title ?></TD></TR></TABLE>
172     <P><?php echo $text ?></P>
173    
174     <?php
175     } // end function StartHTML
176    
177     //////////////////////////////////////////////////////////////////
178    
179     function EndHTML() {
180     ?>
181    
182     <HR>
183     <P CLASS=FTR>
184 dpavlin 1.2 <B><?= date($GLOBALS[gblDateFmt]) ?> -
185     <?= date($GLOBALS[gblTimeFmt]) ?> -
186     <?= $GLOBALS[gblUserName] ?>
187     <small> [<a href="<?= $PHP_SELF ?>?relogin=<?= $GLOBALS[gblPw] ?>">logout</a>]</small>
188     </B>
189     <BR>ANYPORTAL(php) Site Manager
190     <br><small>
191     &copy; 1999 by <A HREF="http://www.anyportal.com">ANYPORTAL</A>,
192     &copy; 2000 by <A HREF="http://da.nger.org">d@nger.org</A>,
193     &copy; 2000 by <A HREF="http://www.rot13.org/~dpavlin/">DbP</A>
194     </small>
195 dpavlin 1.1 </P>
196 dpavlin 1.2 <BR>
197     <? //include("../debug.inc") ?>
198     <BR><BR></BODY></HTML>
199 dpavlin 1.1
200     <?php
201     } // end function EndHTML
202    
203     //////////////////////////////////////////////////////////////////
204    
205     function CSS() {
206     ?>
207    
208 dpavlin 1.2 BODY,TD,P,H1,H2,H3 { font-family:Verdana,Helvetica,Arial,sans-serif; }
209 dpavlin 1.1 .BLK { color:black; }
210     .RED { color:red; }
211     .TOP { color:red; font-size:70%; } /* table headings */
212     .INV { color:white; background-color:navy;
213     font-weight:bold; font-size:120%; } /* title */
214     .FTR { } /* footer */
215     .LST { background-color:#E0E0E0; } /* table cells */
216     .BAR { background-color:#E0E0E0; } /* action bar */
217     PRE { color:blue; font-family:Lucida Console,Courier New,
218     Courier,sans-serif; } /* source code */
219     EM { color:green; font-style:normal; } /* line numbers */
220     .REM { color:silver; }
221     .XML { color:navy; background-color:yellow; }
222     .MCK { color:red; font-family:WingDings; } /* Mock Icons */
223     A:HOVER { color:red; }
224    
225     <?php
226     } // end function CSS
227    
228     //////////////////////////////////////////////////////////////////
229    
230     function DetailPage($fsRoot,$relDir,$fn) {
231    
232     global $gblEditable, $gblImages ;
233     $self = $GLOBALS["PHP_SELF"] ;
234    
235     $relPath = $relDir . "/" . $fn ;
236     $fsPath = $fsRoot . $relPath ;
237     $fsDir = $fsRoot . $relDir ;
238    
239     $exists = file_exists($fsPath) ;
240     $ext = strtolower(strrchr($relPath,".")) ;
241     $editable = ( $ext=="" || strstr(join(" ",$gblEditable),$ext)) ;
242 dpavlin 1.2 $writable = is_writeable($fsPath) ;
243 dpavlin 1.1
244     if (!$editable && !$exists)
245     Error("Creation unsupported for type",$relPath) ;
246 dpavlin 1.2 if (!exists && !is_writeable($fsDir) )
247 dpavlin 1.1 Error("Creation denied",$relDir) ;
248    
249     $text = "Use this page to view, modify or " ;
250     $text .= "delete a single document on this " ;
251     $text .= "web site." ;
252     $title = "(Detail Page)" ;
253     StartHTML($title, $text) ;
254    
255     echo "<H3>" . $relDir . "/" . $fn . "</H3>" ;
256     if ($exists) { // get file info
257     $fsize = filesize($fsPath) ;
258 dpavlin 1.2 $fmodified = date("$GLOBALS[gblDateFmt] $GLOBALS[gblTimeFmt]", filemtime($fsPath)) ;
259     $faccessed = date("$GLOBALS[gblDateFmt] $GLOBALS[gblTimeFmt]", fileatime($fsPath)) ;
260 dpavlin 1.1 echo "<PRE> file size: " . $fsize . " Bytes<BR>" ;
261     echo "last modified: <B>" . $fmodified . "</B><BR>" ;
262     echo "last accessed: <B>" . $faccessed . "</B><BR>" ;
263     echo " owner: <B>" . fileowner($fsPath) . "</B><BR>" ;
264     echo " group: <B>" . filegroup($fsPath) . "</B><BR>" ;
265     echo " permissions: <B>" ;
266     echo printf( "%o", fileperms($fsPath) ) . "</B>" ;
267     echo "</PRE>" ;
268 dpavlin 1.2
269 dpavlin 1.1 }
270    
271     if ( $editable && ($writable || !$exists) ) {
272     $fh = fopen($fsPath,"a+") ;
273     rewind($fh) ;
274     $fstr = fread($fh,filesize($fsPath)) ;
275     fclose($fh) ;
276     $fstr = htmlentities( $fstr ) ;
277     ?>
278    
279     <FORM ACTION="<?php echo $self ; ?>" METHOD="POST">
280     <SPAN TITLE="Click [SAVE] to store updated contents.">
281     <B>DOCUMENT CONTENTS</B>
282     </SPAN><BR>
283     <TEXTAREA NAME="FILEDATA" ROWS=18 COLS=70 WRAP="OFF"><?php
284     echo($fstr) ; ?></TEXTAREA>
285     <INPUT TYPE="HIDDEN" NAME="DIR" VALUE="<?php echo $relDir ; ?>">
286     <INPUT TYPE="HIDDEN" NAME="FN" VALUE="<?php echo $fn ; ?>">
287     <INPUT TYPE="HIDDEN" NAME="POSTACTION" VALUE="SAVE">
288 dpavlin 1.2 <INPUT TYPE="HIDDEN" SIZE=48 MAXLENGTH=255 NAME="RELPATH"
289 dpavlin 1.1 VALUE="<?php echo $relPath ; ?>">
290 dpavlin 1.2 <br>
291     <INPUT TYPE="RESET" VALUE="UNDO ALL CHANGES">
292 dpavlin 1.1 <INPUT TYPE="SUBMIT" VALUE="SAVE">
293     </FORM>
294    
295     <?php
296     }
297     else if ( strstr( join(" ",$gblImages), $ext ) ) {
298     $info = getimagesize($fsPath) ;
299     $tstr = "<IMG SRC=\"". $relPath . "\" BORDER=0 " ;
300     $tstr .= $info[3] . " ALT=\"" . $fn . " - " ;
301     $tstr .= (int)(($fsize+1023)/1024) . "Kb\">" ;
302     echo htmlentities($tstr) . "<BR><BR>" . $tstr ;
303     }
304     ?>
305    
306     <FORM ACTION="<?php echo $self ; ?>" METHOD="POST">
307     <INPUT TYPE="HIDDEN" NAME="DIR" VALUE="<?php echo $relDir ; ?>">
308     <INPUT TYPE="HIDDEN" NAME="FN" VALUE="<?php echo $fn ; ?>">
309     <INPUT TYPE="SUBMIT" NAME="POSTACTION" VALUE="CANCEL"><BR>
310    
311     <?php
312 dpavlin 1.2 if (substr($fn,0,4) == ".del") {
313     $action="UNDELETE";
314     $desc="undelete previously deleted file";
315     } else {
316     $action="DELETE";
317     $desc="delete";
318     }
319    
320 dpavlin 1.1 if ($exists && $writable) {
321     ?>
322    
323 dpavlin 1.2 <HR><SPAN TITLE="Check OK and click [<?= $action ?>] to <?= $desc ?>.">
324     <B>OK TO <?= $action ?> "<?php echo $fn ; ?>"? </B></SPAN>
325     <INPUT TYPE="CHECKBOX" NAME="CONFIRM">
326     <INPUT TYPE="SUBMIT" NAME="POSTACTION" VALUE="<?= $action ?>">
327    
328     <HR><SPAN TITLE="Check OK and click [RENAME] to rename.">
329     <B>OK TO RENAME "<?php echo $fn ; ?>" TO
330     <INPUT TYPE="TEXT" SIZE=24 MAXLENGTH=255 NAME="NEWNAME" VALUE="<?= $fn ?>">
331     ? </B></SPAN>
332 dpavlin 1.1 <INPUT TYPE="CHECKBOX" NAME="CONFIRM">
333 dpavlin 1.2 <INPUT TYPE="SUBMIT" NAME="POSTACTION" VALUE="RENAME">
334 dpavlin 1.1
335     <?php
336     }
337     echo "</FORM>" ;
338 dpavlin 1.2
339     $logname=dirname("$fsDir/$fn")."/.log/".basename("$fsDir/$fn");
340     if (file_exists($logname)) {
341     print "<hr><br><b>CHANGES TO THIS FILE</b><br><table border=0 width=100%>\n";
342     $log=fopen($logname,"r");
343     $cl1=" class=lst"; $cl2="";
344     while($line = fgetcsv($log,255,"\t")) {
345     $cl=$cl1; $cl1=$cl2; $cl2=$cl;
346     print "<tr><td$cl>$line[0]</td><td$cl>$line[1]</td><td$cl>$line[2]</td><td$cl>$line[3]</td></tr>\n";
347     }
348     fclose($log);
349     print "</table>";
350     }
351    
352 dpavlin 1.1 EndHTML() ;
353    
354     } // end function DetailPage
355    
356     //////////////////////////////////////////////////////////////////
357    
358     function DisplayCode($fsRoot,$relDir,$fn) {
359    
360     $path = $fsRoot . $relDir . "/" . $fn ;
361    
362     if (!file_exists($path)) Error("File not found",$path) ;
363    
364     StartHTML("(".$relDir."/".$fn.")","");
365    
366     $tstr = join("",file($path)) ;
367     $tstr = htmlentities($tstr) ;
368    
369     // Tabs
370     $tstr = str_replace(chr(9)," ",$tstr) ;
371    
372     // ASP tags & XML/PHP tags
373     $aspbeg = "<SPAN CLASS=XML>&lt;%</SPAN><SPAN CLASS=BLK>" ;
374     $aspend = "</SPAN><SPAN CLASS=XML>%&gt;</SPAN>" ;
375     $tstr = str_replace("&lt;%",$aspbeg,$tstr) ;
376     $tstr = str_replace("%&gt;",$aspend,$tstr) ;
377    
378     $xmlbeg = "<SPAN CLASS=XML>&lt;?</SPAN><SPAN CLASS=BLK>" ;
379     $xmlend = "</SPAN><SPAN CLASS=XML>?&gt;</SPAN>" ;
380     $tstr = str_replace("&lt;?",$xmlbeg,$tstr) ;
381     $tstr = str_replace("?&gt;",$xmlend,$tstr) ;
382    
383     // C style comment
384     $tstr = str_replace("/*","<SPAN CLASS=REM>/*",$tstr) ;
385     $tstr = str_replace("*/","*/</SPAN>",$tstr) ;
386    
387     // HTML comments
388     $tstr = str_replace("&lt;!--","<I CLASS=RED>&lt;!--",$tstr) ;
389     $tstr = str_replace("--&gt;","--&gt;</I>",$tstr) ;
390    
391     echo "<PRE>" ;
392    
393     $tstr = split("\n",$tstr) ;
394     for ($i = 0 ; $i < sizeof($tstr) ; ++$i) {
395     // add line numbers
396     echo "<BR><EM>" ;
397     echo substr(("000" . ($i+1)), -4) . ":</EM> " ;
398     $line = $tstr[$i] ;
399     // C++ style comments
400     $pos = strpos($line,"//") ;
401     // exceptions: two slashes aren't a script comment
402     if (strstr($line,"//") &&
403     ! ($pos>0 && substr($line,$pos-1,1)==":") &&
404     ! (substr($line,$pos,8) == "//--&gt;") &&
405     ! (substr($line,$pos,9) == "// --&gt;")) {
406     $beg = substr($line,0,strpos($line,"//")) ;
407     $end = strstr($line,"//") ;
408     $line = $beg."<SPAN CLASS=REM>".$end."</SPAN>";
409     }
410     // shell & asp style comments
411     $first = substr(ltrim($line),0,1) ;
412     if ($first == "#" || $first == "'") {
413     $line = "<SPAN CLASS=REM>".$line."</SPAN>";
414     }
415     print($line) ;
416     } // next i
417    
418     echo "</PRE>" ;
419    
420     EndHTML() ;
421    
422     } // end function DisplayCode
423    
424     //////////////////////////////////////////////////////////////////
425    
426     function MockIcon($txt) {
427     $tstr = "<SPAN CLASS=MCK>" ;
428    
429     switch (strtolower($txt)) {
430     case ".bmp" :
431     case ".gif" :
432     case ".jpg" :
433     case ".jpeg":
434     case ".tif" :
435     case ".tiff":
436     $d = 176 ;
437     break ;
438     case ".doc" :
439     $d = 50 ;
440     break ;
441     case ".exe" :
442     case ".bat" :
443     $d = 255 ;
444     break ;
445     case ".bas" :
446     case ".c" :
447     case ".cc" :
448     case ".src" :
449     $d = 255 ;
450     break ;
451     case "file" :
452     $d = 51 ;
453     break ;
454     case "fldr" :
455     $d = 48 ;
456     break ;
457     case ".htm" :
458     case ".html":
459     case ".asa" :
460     case ".asp" :
461     case ".cfm" :
462     case ".php3":
463     case ".php" :
464     case ".phtml" :
465     case ".shtml" :
466     $d = 182 ;
467     break ;
468     case ".pdf" :
469     $d = 38 ;
470     break;
471     case ".txt" :
472     case ".ini" :
473     $d = 52 ;
474     break ;
475     case ".xls" :
476     $d = 252 ;
477     break ;
478     case ".zip" :
479     case ".arc" :
480     case ".sit" :
481     case ".tar" :
482     case ".gz" :
483     case ".tgz" :
484     case ".Z" :
485     $d = 59 ;
486     break ;
487     case "view" :
488     $d = 52 ;
489     break ;
490     case "up" :
491     $d = 199 ;
492     break ;
493     case "blank" :
494     return "&nbsp;&nbsp;</SPAN>" ;
495     break ;
496     default :
497     $d = 51 ;
498     }
499    
500     return $tstr . chr($d) . "</SPAN>" ;
501     } // end function MockIcon
502    
503     //////////////////////////////////////////////////////////////////
504    
505     function GifIcon($txt) {
506     global $gblIconLocation ;
507    
508     switch (strtolower($txt)) {
509     case ".bmp" :
510     case ".gif" :
511     case ".jpg" :
512     case ".jpeg":
513     case ".tif" :
514     case ".tiff":
515     $d = "image2.gif" ;
516     break ;
517     case ".doc" :
518     $d = "layout.gif" ;
519     break ;
520     case ".exe" :
521     case ".bat" :
522     $d = "screw2.gif" ;
523     break ;
524     case ".bas" :
525     case ".c" :
526     case ".cc" :
527     case ".src" :
528     $d = "c.gif" ;
529     break ;
530     case "file" :
531     $d = "generic.gif" ;
532     break ;
533     case "fldr" :
534     $d = "dir.gif" ;
535     break ;
536     case ".phps" :
537     $d = "phps.gif" ;
538     break ;
539     case ".php3" :
540     $d = "php3.gif" ;
541     break ;
542     case ".htm" :
543     case ".html":
544     case ".asa" :
545     case ".asp" :
546     case ".cfm" :
547     case ".php3":
548     case ".php" :
549     case ".phtml" :
550     case ".shtml" :
551     $d = "world1.gif" ;
552     break ;
553     case ".pdf" :
554     $d = "pdf.gif" ;
555     break;
556     case ".txt" :
557     case ".ini" :
558     $d = "text.gif" ;
559     break ;
560     case ".xls" :
561     $d = "box2.gif" ;
562     break ;
563     case ".zip" :
564     case ".arc" :
565     case ".sit" :
566     case ".tar" :
567     case ".gz" :
568     case ".tgz" :
569     case ".Z" :
570     $d = "compressed.gif" ;
571     break ;
572     case "view" :
573     $d = "index.gif" ;
574     break ;
575     case "up" :
576     $d = "back.gif" ;
577     break ;
578     case "blank" :
579     $d = "blank.gif" ;
580     break ;
581     default :
582     $d = "generic.gif" ;
583     }
584    
585     return "<IMG SRC=\"$gblIconLocation" . $d . "\" BORDER=0>" ;
586     } // end function GifIcon
587    
588     //////////////////////////////////////////////////////////////////
589    
590     function Navigate($fsRoot,$relDir) {
591    
592     global $gblEditable, $gblIcon ;
593    
594     $self = $GLOBALS["PHP_SELF"] ;
595 dpavlin 1.2 if (isset($GLOBALS["HTTPS"]) && $GLOBALS["HTTPS"] == "on") {
596     $webRoot = "https://" . $GLOBALS["SERVER_NAME"] ;
597     } else {
598     $webRoot = "http://" . $GLOBALS["SERVER_NAME"] ;
599     }
600 dpavlin 1.1 $fsDir = $fsRoot . $relDir . "/" ; // current directory
601    
602     if (!is_dir($fsDir)) Error("Dir not found",$relDir) ;
603    
604     // read directory contents
605     if ( !($dir = @opendir($fsDir)) )
606     Error("Read Access denied",$relDir) ;
607     while ($item = readdir($dir)) {
608 dpavlin 1.2 if ( $item == ".." || $item == "." || substr($item,0,1) == "." ) continue ;
609 dpavlin 1.1 if ( is_dir($fsDir . $item) ) {
610     $dirList[] = $item ;
611 dpavlin 1.2 } else if ( is_file($fsDir . $item) ) {
612 dpavlin 1.1 $fileList[] = $item ;
613 dpavlin 1.2 } else if ( is_link($fsDir . $item) ) {
614     $dirList[] = $item ;
615     } else {
616 dpavlin 1.1 // unknown file type
617     // $text = "Could not determine file type of " ;
618     // Error("File Error", $text.$relDir."/".$item) ;
619     // exit ;
620     }
621     }
622     closedir($dir) ;
623 dpavlin 1.2
624     // scan deleted files
625     if ( $GLOBALS[show_deleted] == 1 && ($dir = @opendir("$fsDir/.del")) ) {
626     while ($item = readdir($dir)) {
627     if ( substr($item,0,1) == "." ) continue ;
628     $fileList[] = ".del/$item" ;
629     }
630     closedir($dir) ;
631     }
632    
633 dpavlin 1.1 $emptyDir = ! (sizeof($dirList) || sizeof($fileList)) ;
634    
635     // start navigation page
636 dpavlin 1.2 $text = "Use this page to add, delete";
637     if (! isset($show_deleted)) {
638 dpavlin 1.3 $text .= ", <a href=".$GLOBALS[PHP_SELF]."?D=".urlencode($relDir)."&show_deleted=1>undelete</a>";
639 dpavlin 1.2 }
640     $text .= " or revise files on this web site." ;
641 dpavlin 1.1 StartHTML("(Navigate)",$text) ;
642    
643     echo "<TABLE BORDER=0 CELLPADDING=2
644     CELLSPACING=3 WIDTH=\"100%\">" ;
645    
646     // updir bar
647     if ($fsDir != $fsRoot) {
648     $parent = dirname($relDir) ;
649     if ($parent == "") $parent = "/" ;
650     ?>
651    
652     <TR><TD><?php echo $gblIcon("up") ?></TD><TD COLSPAN=4 CLASS=LST>
653     <A HREF="<?php echo $self ?>?D=<?php echo urlencode($parent) ?>">
654     <B><?php echo $parent ?></B></A></TD></TR>
655    
656     <?php
657     }
658    
659     // output subdirs
660     if (sizeof($dirList) > 0) {
661     sort($dirList) ;
662     ?>
663    
664     <TR><TD></TD><TD COLSPAN=4 CLASS=TOP><HR>DIRECTORY NAME</TD></TR>
665    
666     <?php
667     while (list($key,$dir) = each($dirList)) {
668    
669     $tstr = "<A HREF=\"" . $self . "?D=" ;
670     $tstr .= urlencode($relDir."/".$dir) ;
671     $tstr .= "\">" . $dir . "/</A>" ;
672     ?>
673    
674     <TR><TD><?php echo $gblIcon("fldr") ?></TD>
675     <TD COLSPAN=4 CLASS=LST><?php echo $tstr ?></TD></TR>
676    
677     <?php
678     } // iterate over dirs
679     } // end if no dirs
680     ?>
681    
682     <TR><TD></TD><TD COLSPAN=4><HR><B><?php echo $webRoot . $relDir ?>
683     </B></TD></TR>
684     <TR><TD></TD><TD CLASS=TOP>DOCUMENT NAME</TD>
685     <TD><?php echo $gblIcon("blank") ?></TD>
686     <TD CLASS=TOP>LAST UPDATE</TD><TD CLASS=TOP>FILE SIZE</TD></TR>
687    
688     <?php
689     if (sizeof($fileList) > 0) {
690     sort($fileList) ;
691     while (list($key,$file) = each($fileList)) {
692     $path = $fsDir."/".$file ;
693     $mod = filemtime($path) ;
694     $sz = filesize($path) ;
695    
696     if ($sz >= 10240) {
697     $sz = (int)(($sz+1023)/1024) . " k" ;
698     }
699     else {
700     $sz .= " " ;
701     } // end size
702    
703     $a = $b = "" ;
704    
705     if ( ($mod + 30*86400) > time() ) {
706     $a = "<SPAN CLASS=RED TITLE=\"Newer" ;
707     $a .= " than 30 days\"> * </SPAN>" ;
708     }
709    
710     $tstr = $webRoot . $relDir . "/" . $file ;
711     $tstr = "<A HREF=\"" . $tstr . "\">" ;
712 dpavlin 1.2
713     if (substr($file,0,5) != ".del/") {
714     $tstr .= $file . "</A>" . $a ;
715     } else {
716     $tstr .= substr($file,5,strlen($file)-5) . "</a> <SPAN CLASS=RED TITLE=\"deleted\"> deleted </span>";
717     }
718 dpavlin 1.1
719     $ext = strtolower(strrchr($file,".")) ;
720     if ( $ext=="" ||
721     strstr(join(" ",$gblEditable),$ext) )
722     {
723     $b = "<A HREF=\"" . $self . "?A=C&F=" ;
724     $b .= urlencode($file) . "&D=" . urlencode($relDir) ;
725     $b .= "\" TITLE=\"List contents\">" ;
726     $b .= $gblIcon("view") . "</A>" ;
727     }
728    
729     ?>
730    
731     <TR><TD>
732     <A HREF="<?php echo $self ?>?A=E&F=<?php echo urlencode($file)
733     ?>&D=<?php echo urlencode($relDir) ?>" TITLE="View/Edit">
734     <?php echo $gblIcon($ext) ?></A></TD>
735     <TD CLASS=LST><?php echo $tstr ?></TD>
736     <TD CLASS=LST ALIGN=center><?php echo $b ?></TD>
737 dpavlin 1.2 <TD CLASS=LST><?php echo date("$GLOBALS[gblDateFmt] $GLOBALS[gblTimeFmt]",$mod) ?></TD>
738 dpavlin 1.1 <TD CLASS=LST><?php echo $sz ?>Bytes</TD></TR>
739    
740     <?php
741     } // iterate over files
742     } // end if no files
743    
744     if ($emptyDir) {
745     ?>
746    
747     <FORM METHOD="POST" ACTION="<?php echo $self ?>">
748     <TR><TD></TD><TD COLSPAN=4 CLASS=BAR>
749     <INPUT TYPE="HIDDEN" NAME="DIR" VALUE="<?php echo $relDir ?>">
750     OK TO DELETE THIS EMPTY FOLDER?
751     <INPUT TYPE="CHECKBOX" NAME="CONFIRM">
752     <INPUT TYPE="SUBMIT" NAME="POSTACTION" VALUE="DELETE">
753     </TD></TR>
754     </FORM>
755    
756     <?php
757     } // end if emptyDir
758     ?>
759    
760     <TR><TD></TD><TD COLSPAN=4><HR></TD></TR>
761    
762     <FORM METHOD="POST" ACTION="<?php echo $self ?>">
763     <TR><TD></TD><TD COLSPAN=4 CLASS=BAR>CREATE NEW
764     <INPUT TYPE="RADIO" NAME="T" VALUE="D" CHECKED>DIRECTORY -OR-
765     <INPUT TYPE="RADIO" NAME="T" VALUE="F">FILE : &nbsp;&nbsp;
766     <NOBR>NAME <INPUT TYPE="TEXT" NAME="FN" SIZE=14>
767     <INPUT TYPE="HIDDEN" NAME="POSTACTION" VALUE="CREATE">
768     <INPUT TYPE="HIDDEN" NAME="DIR" VALUE="<?php echo $relDir ?>">
769     <INPUT TYPE="SUBMIT" VALUE="CREATE"></NOBR>
770     <NOBR>OR <A HREF="<?php echo $self
771     ?>?A=U&D=<?php echo urlencode($relDir) ?>">UPLOAD</A> A FILE
772     </NOBR>
773     </TD></TR>
774     </FORM>
775     </TABLE>
776    
777     <?php
778     EndHTML() ;
779     } // end function Navigate
780    
781     //////////////////////////////////////////////////////////////////
782    
783     function UploadPage($fsRoot, $relDir) {
784    
785     $self = $GLOBALS["PHP_SELF"] ;
786     if ($relDir == "") $relDir = "/" ;
787     ?>
788    
789     <P><TABLE BORDER=0 CELLPADDING=5><TR><TD WIDTH=5></TD><TD CLASS=BAR>
790     <FORM ENCTYPE="multipart/form-data" METHOD="POST"
791     ACTION="<?php echo $self ?>">
792     DESTINATION DIRECTORY:<B><?php echo " " . $relDir ?></B>
793     <P>PATHNAME OF LOCAL FILE<BR>
794     <INPUT TYPE="HIDDEN" NAME="DIR" VALUE="<?php echo $relDir ?>">
795     <INPUT TYPE="HIDDEN" NAME="POSTACTION" VALUE="UPLOAD">
796     <INPUT SIZE=30 TYPE="FILE" NAME="FN"></P>
797     <P><INPUT TYPE="SUBMIT" VALUE="UPLOAD"></P>
798     <P>If the <B>[BROWSE...]</B> button is not displayed,<BR>
799     you must upgrade to an RFC1867-compliant browser.</P>
800     <P>Your browser:<BR><?php echo $GLOBALS["HTTP_USER_AGENT"] ?></P>
801     </FORM>
802     </TD></TR>
803     <TR><TD></TD><TD>
804     <FORM METHOD="POST" ACTION="<?php echo $self ?>">
805     <INPUT TYPE="HIDDEN" NAME="DIR" VALUE="<?php echo $relDir ?>"><BR>
806     <INPUT TYPE="SUBMIT" NAME="POSTACTION" VALUE="CANCEL">
807     </FORM>
808     </TD></TR></TABLE></P>
809    
810     <?php
811     } // end function UploadPage
812    
813     //////////////////////////////////////////////////////////////////
814    
815     function Error($title,$text="") {
816     StartHTML("(".$title.")",$text) ;
817     echo "<P ALIGN=center>Hit your Browser's Back Button.</P>" ;
818     EndHTML() ;
819     exit ;
820     } // end function Error
821    
822     //////////////////////////////////////////////////////////////////
823    
824     function CreateHash($user, $pw) {
825    
826     global $gblHash ; // hash function to use
827    
828     if ($user == "" || $pw == "") {
829     $text = "either no password or no username supplied" ;
830     Error("Create Hash",$text) ;
831     }
832     $title = "(Create Hash)" ;
833     StartHTML($title) ;
834     echo "<P ALIGN=center>" ;
835     echo "<BLOCKQUOTE>Copy the value below and paste it " ;
836     echo "into the<BR>value for \$gblPw in the source of " ;
837     echo "this file<BR><BR><B>" . $gblHash($user.$pw) ;
838     echo "</B><BR><BR>Hash function: " . $gblHash ;
839     echo "</BLOCKQUOTE></P>" ;
840     EndHTML() ;
841     exit ;
842    
843     } // end function CreateHash
844    
845     //////////////////////////////////////////////////////////////////
846    
847     function NoEntry() {
848    
849     $user = $GLOBALS["PHP_AUTH_USER"] ;
850     $pw = $GLOBALS["PHP_AUTH_PW"] ;
851     $self = $GLOBALS["PHP_SELF"] ;
852    
853     $title = "(401 Unauthorized)" ;
854     $text = "No trespassing !" ;
855     StartHTML($title,$text) ;
856     ?>
857    
858     <FORM ACTION="<?php echo $self ?>?HASH=create" METHOD="POST">
859     <INPUT TYPE="HIDDEN" NAME="USER" VALUE="<?php echo $user ?>">
860     <INPUT TYPE="HIDDEN" NAME="PW" VALUE="<?php echo $pw ?>">
861    
862     <BLOCKQUOTE><B>If you are a site administrator:</B><BR><BR>
863     Click below to <B>generate a password hash</B><BR>from
864     the username-password pair you just<BR>entered. Then include the hash in
865     the source<BR>of this file.<BR><BR>
866     <INPUT TYPE="SUBMIT" VALUE="CREATE HASH">
867     </BLOCKQUOTE></FORM>
868    
869     <?php
870     EndHTML() ;
871     exit ;
872     }
873    
874     //////////////////////////////////////////////////////////////////
875    
876 dpavlin 1.2 function Logit($target,$msg) {
877    
878     $dir=dirname($target);
879     if (! file_exists($dir."/.log")) {
880     mkdir($dir."/.log",0700);
881     }
882     $file=basename($target);
883    
884     $log=fopen("$dir/.log/$file","a+");
885     fputs($log,date("$GLOBALS[gblDateFmt]\t$GLOBALS[gblTimeFmt]").
886     "\t$GLOBALS[gblUserName]\t$msg\n");
887     fclose($log);
888    
889     }
890    
891    
892    
893     //////////////////////////////////////////////////////////////////
894    
895 dpavlin 1.1 // MAIN PROGRAM
896     // ============
897     // query parameters: capital letters
898     // local functions : begin with capital letters
899     // global constants: begin with gbl
900    
901 dpavlin 1.2 $gblFilePerms = 0640 ; // default for new files
902     $gblDirPerms = 0750 ; // default for new dirs
903 dpavlin 1.1
904     // phpinfo() ;
905     // exit ;
906    
907     // forks before authentication: style sheet and hash
908     // creation if password not yet set.
909     if ($STYLE == "get") { CSS() ; exit ; }
910     if ($HASH != "") {
911     CreateHash($USER, $PW) ;
912     exit ;
913     }
914    
915     // authentication if $gblAuth == true
916 dpavlin 1.2 if ( $gblAuth && $gblHash($PHP_AUTH_USER.$PHP_AUTH_PW) != $gblPw ||
917     isset($relogin) && $gblPw == $relogin ) {
918 dpavlin 1.1 header("WWW-authenticate: basic realm=\"$SERVER_NAME\"") ;
919     header("HTTP/1.0 401 Unauthorized") ;
920     NoEntry() ;
921     exit ;
922     }
923    
924     // get current directory relative to $gblFsRoot
925     $relDir = $DIR ; // from POST
926     if ($relDir == "") { // not defined in POST ?
927     $relDir = urldecode($D) ; // then use GET
928     }
929    
930     if ($relDir == "/") $relDir = "" ;
931     // default : website root = ""
932    
933     if (strstr($relDir,"..")) Error("No updirs allowed");
934    
935     // full paths contain "fs" or "Fs". Paths realitve to root of
936     // website contain "rel" or "Rel". The script won't let you
937     // edit anything above directory equal to http://server.com
938     // i.e. below $gblFsRoot.
939    
940     $relScriptDir = dirname($SCRIPT_NAME) ;
941     // i.e. /siteman
942    
943     $fsScriptDir = dirname($SCRIPT_FILENAME) ;
944     // i.e. /home/httpd/html/siteman
945    
946     $gblFsRoot = substr($fsScriptDir,0,
947     strlen($fsScriptDir)-strlen($relScriptDir)) ;
948     // i.e. /home/httpd/html
949    
950     $fsDir = $gblFsRoot . $relDir ; // current directory
951     if ( !is_dir($fsDir) ) Error("Dir not found",$relDir) ;
952    
953     switch ($POSTACTION) {
954     case "UPLOAD" :
955 dpavlin 1.2 if (!is_writeable($fsDir)) Error("Write denied",$relDir) ;
956 dpavlin 1.1 if (strstr($FN_name,"/"))
957     Error("Non-conforming filename") ;
958     // TODO : should rather check for escapeshellcmds
959     // but maybe RFC 18xx asserts safe filenames ....
960     $source = $FN ;
961     $target = $fsDir . "/" . $FN_name ;
962 dpavlin 1.2
963     // backup old files first
964     $dir=dirname($target);
965     if (! file_exists($dir."/.bak")) {
966     mkdir($dir."/.bak",0700);
967     }
968     if (! file_exists($dir."/.bak/$GLOBALS[gblNumBackups]")) {
969     mkdir($dir."/.bak/$GLOBALS[gblNumBackups]",0700);
970     }
971     $file=basename($target);
972     for($i=$GLOBALS[gblNumBackups]-1;$i>0;$i--) {
973     if (! file_exists($dir."/.bak/".$i)) {
974     mkdir($dir."/.bak/".$i,0700);
975     }
976     if (file_exists($dir."/.bak/".$i."/".$file)) {
977     rename($dir."/.bak/".$i."/".$file,
978     $dir."/.bak/".($i+1)."/".$file);
979     }
980     }
981     if (file_exists($target)) {
982     rename($target,$dir."/.bak/1/".$file);
983     }
984    
985     copy($source,$target) ;
986     chmod($target,$gblFilePerms) ;
987 dpavlin 1.1 clearstatcache() ;
988 dpavlin 1.2 Logit($target,"uploaded");
989 dpavlin 1.1 break ;
990    
991     case "SAVE" :
992     $path = $gblFsRoot . escapeshellcmd($RELPATH) ;
993 dpavlin 1.2 $writable = is_writeable($path) ;
994     $legaldir = is_writeable(dirname($path)) ;
995 dpavlin 1.1 $exists = (file_exists($path)) ? 1 : 0 ;
996     // check for legal extension here as well
997     if (!($writable || (!$exists && $legaldir)))
998     Error("Write denied",$RELPATH) ;
999     $fh = fopen($path, "w") ;
1000     fwrite($fh,$FILEDATA) ;
1001     fclose($fh) ;
1002     clearstatcache() ;
1003 dpavlin 1.2 Logit($path,"saved changes");
1004 dpavlin 1.1 break ;
1005    
1006     case "CREATE" :
1007     // we know $fsDir exists
1008 dpavlin 1.2 if ($FN == "") break; // no filename!
1009     if (!is_writeable($fsDir)) Error("Write denied",$relDir) ;
1010 dpavlin 1.1 $path = $fsDir . "/" . $FN ; // file or dir to create
1011     $relPath = $relDir . "/" . $FN ;
1012     switch ( $T ) {
1013     case "D" : // create a directory
1014     if ( ! @mkdir($path,$gblDirPerms) )
1015     Error("Mkdir failed",$relPath) ; // eg. if it exists
1016     clearstatcache() ;
1017     break ;
1018     case "F" : // create a new file
1019     // this functionality is doubled in DetailView().
1020     // better keep it here altogether
1021     // chmod perms to $gblFilePerms
1022 dpavlin 1.2 if ( file_exists($path) && !is_writable($path) )
1023 dpavlin 1.1 Error("File not writable", $relPath) ;
1024     $tstr = $PHP_SELF . "?A=E&D=" . $relDir . "&F=" . $FN ;
1025     header("Location: " . $tstr) ;
1026     exit ;
1027     }
1028     break ;
1029    
1030     case "DELETE" :
1031     if ( $CONFIRM != "on" ) break ;
1032    
1033     $tstr = "Attempt to delete non-existing object or " ;
1034     $tstr .= "insufficient privileges: " ;
1035    
1036     if ( $FN != "") { // delete file
1037 dpavlin 1.2 $path = $fsDir . "/" . $FN ;
1038    
1039     $dir=dirname($path);
1040     $file=basename($path);
1041     if (! file_exists("$dir/.del")) {
1042     mkdir("$dir/.del",0700);
1043     }
1044    
1045     // if ( ! @unlink($path) ) {
1046     if ( ! rename($path,"$dir/.del/$file") ) {
1047     Error("File delete failed", $tstr . $path) ;
1048     Logit($path,"file delete failed");
1049     exit ;
1050     } else {
1051     Logit($path,"file deleted");
1052     if (! file_exists("$dir/.del/.log")) {
1053     mkdir("$dir/.del/.log",0700);
1054     }
1055     rename("$dir/.log/$file","$dir/.del/.log/$file");
1056     }
1057 dpavlin 1.1 }
1058     else { // delete directory
1059     if ( ! @rmdir($fsDir) ) {
1060     Error("Rmdir failed", $tstr . $fsDir) ;
1061     }
1062     else {
1063     $relDir = dirname($relDir) ; // move up
1064     }
1065     }
1066     break ;
1067    
1068 dpavlin 1.2 case "UNDELETE" :
1069     if ( $CONFIRM != "on" ) break ;
1070    
1071     if (substr($FN,0,4) != ".del") break ;
1072     $file=substr($FN,4,strlen($FN)-4);
1073    
1074     Logit("$fsDir/.del/$file","undeleted");
1075     rename("$fsDir/.del/$file","$fsDir/$file");
1076     rename("$fsDir/.del/.log/$file","$fsDir/.log/$file");
1077    
1078     break ;
1079    
1080     case "RENAME" :
1081     if ( $CONFIRM != "on" ) break ;
1082    
1083     Logit("$fsDir/$FN","renamed $FN to $NEWNAME");
1084     rename("$fsDir/$FN","$fsDir/$NEWNAME");
1085     rename("$fsDir/.log/$FN","$fsDir/.log/$NEWNAME");
1086    
1087     break ;
1088    
1089 dpavlin 1.1 default :
1090     // user hit "CANCEL" or undefined action
1091     }
1092    
1093     // common to all POSTs : redirect to directory view ($relDir)
1094     if ( $POSTACTION != "" ) {
1095     $tstr = $PHP_SELF . "?D=" . urlencode($relDir) ;
1096     header("Location: " . $tstr) ;
1097     exit ;
1098     }
1099    
1100     // check for mode.. navigate, code display, upload, or detail?
1101     // $A=U : upload to path given in $D
1102     // $A=E : display detail of file $D/$F and edit
1103     // $A=C : display code in file $D/$F
1104     // default : display directory $D
1105    
1106     switch ($A) {
1107     case "U" :
1108     // upload to $relDir
1109 dpavlin 1.2 if (!is_writeable($gblFsRoot . $relDir))
1110 dpavlin 1.1 Error("Write access denied",$relDir) ;
1111     $text = "Use this page to upload a single " ;
1112     $text .= "file to <B>$SERVER_NAME</B>." ;
1113     StartHTML("(Upload Page)", $text) ;
1114     UploadPage($gblFsRoot, $relDir) ;
1115     EndHTML() ;
1116     exit ;
1117     case "E" :
1118     // detail of $relDir/$F
1119 dpavlin 1.2 if (is_file("$gblFsRoot/$relDir/$F")) DetailPage($gblFsRoot, $relDir, $F) ;
1120 dpavlin 1.1 exit ;
1121     case "C" :
1122     // listing of $relDir/$F
1123     DisplayCode($gblFsRoot, $relDir, $F) ;
1124     exit ;
1125     }
1126    
1127     // default: display directory $relDir
1128     Navigate($gblFsRoot,$relDir) ;
1129     exit ;
1130    
1131     Error("Whooah!","By cartesian logic, this never happens") ;
1132     ?>

  ViewVC Help
Powered by ViewVC 1.1.26