--- docman.php 2000/05/12 12:01:08 1.1 +++ docman.php 2000/07/26 11:46:19 1.2 @@ -34,6 +34,42 @@ /* PHP3. Fixed bug which would send you to a non- */ /* existent address after file modifications. */ +/* + 2000-07-25 Dobrica Pavlinusic + + nuked exec calls (unsecure) + nuked writeable function (replaced by php is_writeable) + added support for https (tested with apache+mod_ssl) + added users file + date format user-selectable + cycle backup files in bak directory + support links as directoryes (for now) + support of file history logging + undelete capabilities (delete moves to .del directory) + + 2000-07-26 DbP + + added more checking on entered filename (when creating file/dir) + added rename option + + +IMPORTANT INSTALLATION NOTE: + deny serving of .* (dot-something) files in web server! + Otherwise, uses can access your log files, users and/or + deleted files! + + .htusers is in form: + login:Real Name:md5(loginpassword) + + +TODO: + mixed file/directory output (add type to each entry, + real support for links) + add more content-management (like cms.sourceforge.net): + check-out/check-in/reserve + comments to files +*/ + ////////////////////////////////////////////////////////////////// // TODO : Don't let the file be modified itself. Create a hash of @@ -51,12 +87,35 @@ // username/password should not be system // usernames/passwords !! - // your (hashed) username/password here - $gblPw = "hash_of_your_username_and_password" ; - - $gblAuth = false ; // use builtin authentication +// $gblPw = "hash_of_your_username_and_password" ; + +// $gblAuth = false ; // use builtin authentication + $gblAuth = true ; // use builtin authentication $gblHash = "md5" ; // hash function to use + $gblPw = ""; + + if ($gblAuth) { + $htusers=fopen(dirname($SCRIPT_FILENAME)."/.htusers","r"); + while($user = fgetcsv($htusers,255,":")) { + if ($user[0] == $GLOBALS["PHP_AUTH_USER"]) { + $gblUserName=$user[1]; + $gblPw=$user[2]; + continue ; + } + } + fclose($htusers); + } + +// $gblDateFmt="D, F d, Y"; +// $gblTimeFmt="g:i:sA"; + + $gblDateFmt="Y-m-d"; + $gblTimeFmt="H:i:s"; + +// Number of backup files to keep + $gblNumBackups=5; + // choose GifIcon below unless you have the M$ // WingDings font installed on your system @@ -115,12 +174,21 @@

- - -
ANYPORTAL(php) Site Manager -- © 1999 by ANYPORTAL -- © 2000 by d@nger.org + - + - + + [logout] + +
ANYPORTAL(php) Site Manager +
+© 1999 by ANYPORTAL, +© 2000 by d@nger.org, +© 2000 by DbP +

-


+
+ +

-BODY,TD,P,H1,H2,H3 { font-family:Helvetica,Arial,sans-serif; } +BODY,TD,P,H1,H2,H3 { font-family:Verdana,Helvetica,Arial,sans-serif; } .BLK { color:black; } .RED { color:red; } .TOP { color:red; font-size:70%; } /* table headings */ @@ -164,11 +232,11 @@ $exists = file_exists($fsPath) ; $ext = strtolower(strrchr($relPath,".")) ; $editable = ( $ext=="" || strstr(join(" ",$gblEditable),$ext)) ; - $writable = Writeable($fsPath) ; + $writable = is_writeable($fsPath) ; if (!$editable && !$exists) Error("Creation unsupported for type",$relPath) ; - if (!exists && !Writeable($fsDir) ) + if (!exists && !is_writeable($fsDir) ) Error("Creation denied",$relDir) ; $text = "Use this page to view, modify or " ; @@ -180,8 +248,8 @@ echo "

" . $relDir . "/" . $fn . "

" ; if ($exists) { // get file info $fsize = filesize($fsPath) ; - $fmodified = date("d/M/y G:i:s", filemtime($fsPath)) ; - $faccessed = date("d/M/y G:i:s", fileatime($fsPath)) ; + $fmodified = date("$GLOBALS[gblDateFmt] $GLOBALS[gblTimeFmt]", filemtime($fsPath)) ; + $faccessed = date("$GLOBALS[gblDateFmt] $GLOBALS[gblTimeFmt]", fileatime($fsPath)) ; echo "
    file size: " . $fsize . " Bytes
" ;
 	  echo "last modified: " . $fmodified . "
" ;
 	  echo "last accessed: " . $faccessed . "
" ;
@@ -190,6 +258,7 @@
 	  echo "  permissions: " ; 
 	  echo printf( "%o", fileperms($fsPath) ) . "" ;
 	  echo "
" ; + } if ( $editable && ($writable || !$exists) ) { @@ -209,9 +278,10 @@ - - +
+ @@ -232,17 +302,46 @@
-
-OK TO DELETE ""? +
+OK TO ""? + + + +
+OK TO RENAME "" TO + +? - + " ; + + $logname=dirname("$fsDir/$fn")."/.log/".basename("$fsDir/$fn"); + if (file_exists($logname)) { + print "

CHANGES TO THIS FILE
\n"; + $log=fopen($logname,"r"); + $cl1=" class=lst"; $cl2=""; + while($line = fgetcsv($log,255,"\t")) { + $cl=$cl1; $cl1=$cl2; $cl2=$cl; + print "$line[0]$line[1]$line[2]$line[3]\n"; + } + fclose($log); + print "
"; + } + EndHTML() ; } // end function DetailPage @@ -486,7 +585,11 @@ global $gblEditable, $gblIcon ; $self = $GLOBALS["PHP_SELF"] ; - $webRoot = "http://" . $GLOBALS["SERVER_NAME"] ; + if (isset($GLOBALS["HTTPS"]) && $GLOBALS["HTTPS"] == "on") { + $webRoot = "https://" . $GLOBALS["SERVER_NAME"] ; + } else { + $webRoot = "http://" . $GLOBALS["SERVER_NAME"] ; + } $fsDir = $fsRoot . $relDir . "/" ; // current directory if (!is_dir($fsDir)) Error("Dir not found",$relDir) ; @@ -495,14 +598,14 @@ if ( !($dir = @opendir($fsDir)) ) Error("Read Access denied",$relDir) ; while ($item = readdir($dir)) { - if ( $item == ".." || $item == "." ) continue ; + if ( $item == ".." || $item == "." || substr($item,0,1) == "." ) continue ; if ( is_dir($fsDir . $item) ) { $dirList[] = $item ; - } - else if ( is_file($fsDir . $item) ) { + } else if ( is_file($fsDir . $item) ) { $fileList[] = $item ; - } - else { + } else if ( is_link($fsDir . $item) ) { + $dirList[] = $item ; + } else { // unknown file type // $text = "Could not determine file type of " ; // Error("File Error", $text.$relDir."/".$item) ; @@ -510,12 +613,24 @@ } } closedir($dir) ; + + // scan deleted files + if ( $GLOBALS[show_deleted] == 1 && ($dir = @opendir("$fsDir/.del")) ) { + while ($item = readdir($dir)) { + if ( substr($item,0,1) == "." ) continue ; + $fileList[] = ".del/$item" ; + } + closedir($dir) ; + } + $emptyDir = ! (sizeof($dirList) || sizeof($fileList)) ; // start navigation page - $text = "Use this page to add, delete or " ; - $text .= "revise files on this web site." ; - + $text = "Use this page to add, delete"; + if (! isset($show_deleted)) { + $text .= ", undelete"; + } + $text .= " or revise files on this web site." ; StartHTML("(Navigate)",$text) ; echo "" ; - $tstr .= $file . "" . $a ; + + if (substr($file,0,5) != ".del/") { + $tstr .= $file . "" . $a ; + } else { + $tstr .= substr($file,5,strlen($file)-5) . " deleted "; + } $ext = strtolower(strrchr($file,".")) ; if ( $ext=="" || @@ -607,7 +727,7 @@ - +0;$i--) { + if (! file_exists($dir."/.bak/".$i)) { + mkdir($dir."/.bak/".$i,0700); + } + if (file_exists($dir."/.bak/".$i."/".$file)) { + rename($dir."/.bak/".$i."/".$file, + $dir."/.bak/".($i+1)."/".$file); + } + } + if (file_exists($target)) { + rename($target,$dir."/.bak/1/".$file); + } + + copy($source,$target) ; + chmod($target,$gblFilePerms) ; clearstatcache() ; + Logit($target,"uploaded"); break ; case "SAVE" : $path = $gblFsRoot . escapeshellcmd($RELPATH) ; - $writable = Writeable($path) ; - $legaldir = Writeable(dirname($path)) ; + $writable = is_writeable($path) ; + $legaldir = is_writeable(dirname($path)) ; $exists = (file_exists($path)) ? 1 : 0 ; // check for legal extension here as well if (!($writable || (!$exists && $legaldir))) @@ -851,11 +993,13 @@ fwrite($fh,$FILEDATA) ; fclose($fh) ; clearstatcache() ; + Logit($path,"saved changes"); break ; case "CREATE" : // we know $fsDir exists - if (!Writeable($fsDir)) Error("Write denied",$relDir) ; + if ($FN == "") break; // no filename! + if (!is_writeable($fsDir)) Error("Write denied",$relDir) ; $path = $fsDir . "/" . $FN ; // file or dir to create $relPath = $relDir . "/" . $FN ; switch ( $T ) { @@ -868,7 +1012,7 @@ // this functionality is doubled in DetailView(). // better keep it here altogether // chmod perms to $gblFilePerms - if ( file_exists($path) && !Writable($path) ) + if ( file_exists($path) && !is_writable($path) ) Error("File not writable", $relPath) ; $tstr = $PHP_SELF . "?A=E&D=" . $relDir . "&F=" . $FN ; header("Location: " . $tstr) ; @@ -883,11 +1027,26 @@ $tstr .= "insufficient privileges: " ; if ( $FN != "") { // delete file - $path = $fsDir . "/" . $FN ; - if ( ! @unlink($path) ) { - Error("File delete failed", $tstr . $path) ; - exit ; - } + $path = $fsDir . "/" . $FN ; + + $dir=dirname($path); + $file=basename($path); + if (! file_exists("$dir/.del")) { + mkdir("$dir/.del",0700); + } + +// if ( ! @unlink($path) ) { + if ( ! rename($path,"$dir/.del/$file") ) { + Error("File delete failed", $tstr . $path) ; + Logit($path,"file delete failed"); + exit ; + } else { + Logit($path,"file deleted"); + if (! file_exists("$dir/.del/.log")) { + mkdir("$dir/.del/.log",0700); + } + rename("$dir/.log/$file","$dir/.del/.log/$file"); + } } else { // delete directory if ( ! @rmdir($fsDir) ) { @@ -899,6 +1058,27 @@ } break ; + case "UNDELETE" : + if ( $CONFIRM != "on" ) break ; + + if (substr($FN,0,4) != ".del") break ; + $file=substr($FN,4,strlen($FN)-4); + + Logit("$fsDir/.del/$file","undeleted"); + rename("$fsDir/.del/$file","$fsDir/$file"); + rename("$fsDir/.del/.log/$file","$fsDir/.log/$file"); + + break ; + + case "RENAME" : + if ( $CONFIRM != "on" ) break ; + + Logit("$fsDir/$FN","renamed $FN to $NEWNAME"); + rename("$fsDir/$FN","$fsDir/$NEWNAME"); + rename("$fsDir/.log/$FN","$fsDir/.log/$NEWNAME"); + + break ; + default : // user hit "CANCEL" or undefined action } @@ -919,7 +1099,7 @@ switch ($A) { case "U" : // upload to $relDir - if (!Writeable($gblFsRoot . $relDir)) + if (!is_writeable($gblFsRoot . $relDir)) Error("Write access denied",$relDir) ; $text = "Use this page to upload a single " ; $text .= "file to $SERVER_NAME." ; @@ -929,7 +1109,7 @@ exit ; case "E" : // detail of $relDir/$F - DetailPage($gblFsRoot, $relDir, $F) ; + if (is_file("$gblFsRoot/$relDir/$F")) DetailPage($gblFsRoot, $relDir, $F) ; exit ; case "C" : // listing of $relDir/$F
Bytes