--- docman.php 2000/09/07 10:17:35 1.18 +++ docman.php 2001/01/26 12:39:57 1.30 @@ -35,22 +35,14 @@ /* existent address after file modifications. */ /* - 2000-07-25 Dobrica Pavlinusic - nuked exec calls (unsecure) - nuked writeable function (replaced by php is_writeable) - added support for https (tested with apache+mod_ssl) - added users file - date format user-selectable - cycle backup files in bak directory - support links as directoryes (for now) - support of file history logging - undelete capabilities (delete moves to .del directory) + This project is now called Directory Manager. - 2000-07-26 DbP + For more info, please see web pages at + http://www.rot13.org/~dpavlin/docman.html - added more checking on entered filename (when creating file/dir) - added rename option + It's relased under GPL by + Dobrica Pavlinusic IMPORTANT INSTALLATION NOTE: @@ -59,15 +51,14 @@ deleted files! .htusers is in form: - login:Real Name:md5(loginpassword) + login:Real Name:[md5(loginpassword)|auth_*]:email@host.dom TODO: mixed file/directory output (add type to each entry, real support for links) - retrieve old versions of files (overwritten) - show last lock date - + access controll + */ ////////////////////////////////////////////////////////////////// @@ -80,45 +71,50 @@ // GLOBAL PARAMETERS // ================= -// Make modifications here to suit siteman to your needs +// Make modifications here to suit docman to your needs // error_reporting(4) ; // how verbose ? + // from where to include auth_*.php modules? + $gblIncDir = "/home/httpd/docman"; + // username/password should not be system // usernames/passwords !! -// $gblPw = "hash_of_your_username_and_password" ; - -// $gblAuth = false ; // use builtin authentication - $gblAuth = true ; // use builtin authentication - $gblHash = "md5" ; // hash function to use - $gblPw = ""; - if ($gblAuth) { - $htusers_file=dirname($SCRIPT_FILENAME)."/.htusers"; - if (! file_exists($htusers_file)) { - $htusers=fopen($htusers_file,"a+"); - fputs($htusers,"# Change owner of $htusers_file to root !!\n"); - fputs($htusers,"demo:full name:md5_hash\n"); - fclose($htusers); - } - $htusers=fopen($htusers_file,"r"); - while($user = fgetcsv($htusers,255,":")) { - if ($user[0] == $GLOBALS["PHP_AUTH_USER"]) { - $gblUserName=$user[1]; - $gblPw=$user[2]; - $gblEmail=$user[3]; - continue ; + $htusers_file=dirname($SCRIPT_FILENAME)."/.htusers"; + if (! file_exists($htusers_file)) { + $htusers=fopen($htusers_file,"a+"); + fputs($htusers,"# Change owner of $htusers_file to root !!\n"); + fputs($htusers,"demo:full name:[md5_hash|auth_*]:e-mail\n"); + fclose($htusers); + } + $htusers=fopen($htusers_file,"r"); + while($user = fgetcsv($htusers,255,":")) { + if ($user[0] == $GLOBALS["PHP_AUTH_USER"]) { + $gblUserName=$user[1]; + $gblPw=$user[2]; + if (substr($gblPw,0,5) == "auth_" && file_exists("$gblIncDir/$gblPw.php")) { + require("$gblIncDir/$gblPw.php"); + if ($gblPw($user)) { + $gblPw=md5($PHP_AUTH_USER.$PHP_AUTH_PW); + } else { + $gblPw="error".md5($PHP_AUTH_USER.$PHP_AUTH_PW); + } } + $gblEmail=$user[3]; + continue ; } - fclose($htusers); } + fclose($htusers); + // date format // $gblDateFmt="D, F d, Y"; -// $gblTimeFmt="g:i:sA"; - $gblDateFmt="Y-m-d"; + + // time format +// $gblTimeFmt="g:i:sA"; $gblTimeFmt="H:i:s"; // Number of backup files to keep @@ -130,12 +126,12 @@ // choose GifIcon below unless you have the M$ // WingDings font installed on your system - $gblIcon = "GifIcon" ; // MockIcon or GifIcon + $gblIcon="GifIcon"; // MockIcon or GifIcon // the directory below should be /icons/ or /icons/small/ // on Apache; a set of icons is included in the distribution - $gblIconLocation = "/icons/" ; + $gblIconLocation="/icons/"; // files you want to be able to edit in text mode // and view with (primitive) syntax highlighting @@ -154,7 +150,7 @@ function StartHTML($title,$text="") { - $title = "Site Manager " . $title ; + $title = "Document Manager " . $title ; $host = $GLOBALS["HTTP_HOST"] ; $self = $GLOBALS["PHP_SELF"] ; ?> @@ -367,13 +363,13 @@ $e[4]"; + $e[4]="$e[4]"; } $bakcount++; } @@ -650,9 +646,9 @@ $self = $GLOBALS["PHP_SELF"] ; if (isset($GLOBALS["HTTPS"]) && $GLOBALS["HTTPS"] == "on") { - $webRoot = "https://" . $GLOBALS["SERVER_NAME"] ; + $webRoot = "https://" . $GLOBALS["HTTP_HOST"] ; } else { - $webRoot = "http://" . $GLOBALS["SERVER_NAME"] ; + $webRoot = "http://" . $GLOBALS["HTTP_HOST"] ; } $fsDir = $fsRoot . $relDir . "/" ; // current directory @@ -829,7 +825,13 @@ + + No files in this directory + + @@ -849,15 +851,14 @@
- "; include(".info.inc"); + print " +
"; } ?> - - -
CREATE NEW @@ -879,7 +880,7 @@ ////////////////////////////////////////////////////////////////// -function UploadPage($fsRoot, $relDir, $filename) { +function UploadPage($fsRoot, $relDir, $filename="") { $self = $GLOBALS["PHP_SELF"] ; if ($relDir == "") $relDir = "/" ; @@ -889,7 +890,7 @@ DESTINATION DIRECTORY: - +
DESTINATION FILE: @@ -924,29 +925,6 @@ ////////////////////////////////////////////////////////////////// -function CreateHash($user, $pw) { - - global $gblHash ; // hash function to use - - if ($user == "" || $pw == "") { - $text = "either no password or no username supplied" ; - Error("Create Hash",$text) ; - } - $title = "(Create Hash)" ; - StartHTML($title) ; - echo "

" ; - echo "

Copy the value below and paste it " ; - echo "into the
value for \$gblPw in the source of " ; - echo "this file

" . $gblHash($user.$pw) ; - echo "

Hash function: " . $gblHash ; - echo "

" ; - EndHTML() ; - exit ; - -} // end function CreateHash - -////////////////////////////////////////////////////////////////// - function NoEntry() { $user = $GLOBALS["PHP_AUTH_USER"] ; @@ -956,27 +934,14 @@ $title = "(401 Unauthorized)" ; $text = "No trespassing !" ; StartHTML($title,$text) ; -?> - - - - - -
If you are a site administrator:

-Click below to generate a password hash
from -the username-password pair you just
entered. Then include the hash in -the source
of this file.

- -
-\n"; while ($e = array_shift($logarr)) { $cl=$cl1; $cl1=$cl2; $cl2=$cl; @@ -1156,6 +1128,7 @@ print "$date$time$dir/$file$e[2]$e[3]\n"; } print ""; + print "

".GifIcon(up)." Back to front page.

"; } ////////////////////////////////////////////////////////////////// @@ -1175,15 +1148,11 @@ // forks before authentication: style sheet and hash // creation if password not yet set. if ($STYLE == "get") { CSS() ; exit ; } - if ($HASH != "") { - CreateHash($USER, $PW) ; - exit ; - } - // authentication if $gblAuth == true - if ( $gblAuth && $gblHash($PHP_AUTH_USER.$PHP_AUTH_PW) != $gblPw || + // authentication failure + if ( md5($PHP_AUTH_USER.$PHP_AUTH_PW) != $gblPw || isset($relogin) && $gblPw == $relogin ) { - header("WWW-authenticate: basic realm=\"$SERVER_NAME\"") ; + header("WWW-authenticate: basic realm=\"$HTTP_HOST\"") ; header("HTTP/1.0 401 Unauthorized") ; NoEntry() ; exit ; @@ -1206,18 +1175,22 @@ // i.e. below $gblFsRoot. $relScriptDir = dirname($SCRIPT_NAME) ; - // i.e. /siteman + // i.e. /docman $fsScriptDir = dirname($SCRIPT_FILENAME) ; - // i.e. /home/httpd/html/siteman + // i.e. /home/httpd/html/docman - $gblFsRoot = substr($fsScriptDir,0, - strlen($fsScriptDir)-strlen($relScriptDir)) ; + // start on server root +// $gblFsRoot = substr($fsScriptDir,0, strlen($fsScriptDir)-strlen($relScriptDir)) ; + // or on script root + $gblFsRoot = $fsScriptDir; // i.e. /home/httpd/html $fsDir = $gblFsRoot . $relDir ; // current directory if ( !is_dir($fsDir) ) Error("Dir not found",$relDir) ; - + + $FN=stripSlashes($FN); + switch ($POSTACTION) { case "UPLOAD" : if (!is_writeable($fsDir)) Error("Write denied",$relDir) ; @@ -1226,6 +1199,9 @@ // TODO : should rather check for escapeshellcmds // but maybe RFC 18xx asserts safe filenames .... $source = $FN ; + if (! file_exists($source)) { + Error("You must select file with browse to upload it!"); + } if (! isset($FILENAME)) { // from update file $target = "$fsDir/$FN_name" ; } else { @@ -1258,6 +1234,7 @@ case "SAVE" : $path = $gblFsRoot . $RELPATH ; + $path=stripSlashes($path); $writable = is_writeable($path) ; $legaldir = is_writeable(dirname($path)) ; $exists = (file_exists($path)) ? 1 : 0 ; @@ -1265,6 +1242,7 @@ if (!($writable || (!$exists && $legaldir))) Error("Write denied",$RELPATH) ; $fh = fopen($path, "w") ; + $FILEDATA=stripSlashes($FILEDATA); fwrite($fh,$FILEDATA) ; fclose($fh) ; clearstatcache() ; @@ -1398,23 +1376,25 @@ // $A=Ci : checkin file $D/$F // $A=V : view file (do nothing except log) // default : display directory $D - + switch ($A) { case "U" : // upload to $relDir if (!is_writeable($gblFsRoot . $relDir)) Error("Write access denied",$relDir) ; $text = "Use this page to upload a single " ; - $text .= "file to $SERVER_NAME." ; + $text .= "file to $HTTP_HOST." ; StartHTML("(Upload Page)", $text) ; UploadPage($gblFsRoot, $relDir) ; EndHTML() ; exit ; case "E" : + $F=stripSlashes($F); // detail of $relDir/$F if (is_file("$gblFsRoot/$relDir/$F")) DetailPage($gblFsRoot, $relDir, $F) ; exit ; case "C" : + $F=stripSlashes($F); // listing of $relDir/$F DisplayCode($gblFsRoot, $relDir, $F) ; exit ; @@ -1425,11 +1405,12 @@ Header("Location: ".urlpath("$relDir/$F")); exit; case "Ci" : + $F=stripSlashes($F); // upload && update to $relDir if (!is_writeable($gblFsRoot . $relDir)) Error("Write access denied",$relDir) ; $text = "Use this page to update a single " ; - $text .= "file to $SERVER_NAME." ; + $text .= "file to $HTTP_HOST." ; StartHTML("(Update file Page)", $text) ; UploadPage($gblFsRoot, $relDir, $F) ; EndHTML() ;