--- docman.php 2000/09/07 10:19:34 1.19 +++ docman.php 2002/02/20 12:15:06 1.57 @@ -35,22 +35,14 @@ /* existent address after file modifications. */ /* - 2000-07-25 Dobrica Pavlinusic - nuked exec calls (unsecure) - nuked writeable function (replaced by php is_writeable) - added support for https (tested with apache+mod_ssl) - added users file - date format user-selectable - cycle backup files in bak directory - support links as directoryes (for now) - support of file history logging - undelete capabilities (delete moves to .del directory) + This project is now called Directory Manager. - 2000-07-26 DbP + For more info, please see web pages at + http://www.rot13.org/~dpavlin/docman.html - added more checking on entered filename (when creating file/dir) - added rename option + It's relased under GPL by + Dobrica Pavlinusic IMPORTANT INSTALLATION NOTE: @@ -59,15 +51,14 @@ deleted files! .htusers is in form: - login:Real Name:md5(loginpassword) + login:Real Name:[md5(loginpassword)|auth_*]:email@host.dom TODO: mixed file/directory output (add type to each entry, real support for links) - retrieve old versions of files (overwritten) - show last lock date - + access controll + */ ////////////////////////////////////////////////////////////////// @@ -80,45 +71,29 @@ // GLOBAL PARAMETERS // ================= -// Make modifications here to suit siteman to your needs +// Make modifications here to suit docman to your needs // error_reporting(4) ; // how verbose ? - // username/password should not be system - // usernames/passwords !! + // from where to include auth_*.php modules? + $gblIncDir = "/home/httpd/docman"; -// $gblPw = "hash_of_your_username_and_password" ; + // do we want to force download? (default is 0 for backward + // compatibility, but it's defined as 1 in docman.conf for all + // future applications! + $gblForceDownload = 0; -// $gblAuth = false ; // use builtin authentication - $gblAuth = true ; // use builtin authentication - $gblHash = "md5" ; // hash function to use + // username/password should not be system + // usernames/passwords !! $gblPw = ""; - if ($gblAuth) { - $htusers_file=dirname($SCRIPT_FILENAME)."/.htusers"; - if (! file_exists($htusers_file)) { - $htusers=fopen($htusers_file,"a+"); - fputs($htusers,"# Change owner of $htusers_file to root !!\n"); - fputs($htusers,"demo:full name:md5_hash\n"); - fclose($htusers); - } - $htusers=fopen($htusers_file,"r"); - while($user = fgetcsv($htusers,255,":")) { - if ($user[0] == $GLOBALS["PHP_AUTH_USER"]) { - $gblUserName=$user[1]; - $gblPw=$user[2]; - $gblEmail=$user[3]; - continue ; - } - } - fclose($htusers); - } - + // date format // $gblDateFmt="D, F d, Y"; -// $gblTimeFmt="g:i:sA"; - $gblDateFmt="Y-m-d"; + + // time format +// $gblTimeFmt="g:i:sA"; $gblTimeFmt="H:i:s"; // Number of backup files to keep @@ -130,12 +105,12 @@ // choose GifIcon below unless you have the M$ // WingDings font installed on your system - $gblIcon = "GifIcon" ; // MockIcon or GifIcon + $gblIcon="GifIcon"; // MockIcon or GifIcon // the directory below should be /icons/ or /icons/small/ // on Apache; a set of icons is included in the distribution - $gblIconLocation = "/icons/" ; + $gblIconLocation="/icons/"; // files you want to be able to edit in text mode // and view with (primitive) syntax highlighting @@ -150,11 +125,19 @@ $gblImages = array( ".jpg",".jpeg",".gif",".png",".ico", ".bmp",".xbm") ; + // which files to hide (separated by ,) + $gblHide = ""; + + // Where are users? (by default in .htusers file) + $gblUsers = "htusers_file"; + ////////////////////////////////////////////////////////////////// + $gblVersion = "1.9-dev"; + function StartHTML($title,$text="") { - $title = "Site Manager " . $title ; + $title = "Document Manager " . $title ; $host = $GLOBALS["HTTP_HOST"] ; $self = $GLOBALS["PHP_SELF"] ; ?> @@ -162,7 +145,7 @@ <?= $host . " " . $title ?> - + @@ -181,20 +164,39 @@ ////////////////////////////////////////////////////////////////// function EndHTML() { + +global $gblDateFmt, $gblTimeFmt, $gblUserName, $PHP_SELF, $gblPw, $gblVersion; + ?>

- - - - - - [?relogin=">logout] + - + - + + + [] -
ANYPORTAL(php) Site Manager -
+
+Document Manager , based on ANYPORTAL(php) Site Manager +
© 1999 by ANYPORTAL, © 2000 by d@nger.org, -© 2000 by DbP +© 2000-2002 by DbP


@@ -233,7 +235,7 @@ function DetailPage($fsRoot,$relDir,$fn) { - global $gblEditable, $gblImages ; + global $gblEditable, $gblImages, $webRoot ; $self = $GLOBALS["PHP_SELF"] ; $relPath = $relDir . "/" . $fn ; @@ -252,7 +254,11 @@ Error("Creation denied",$relDir) ; $text = "Use this page to view, modify or " ; - $text .= "delete a single document on this " ; + if (is_dir($fsPath)) { + $text .="delete a directory on this " ; + } else { + $text .= "delete a single document on this " ; + }; $text .= "web site." ; $title = "(Detail Page)" ; StartHTML($title, $text) ; @@ -262,18 +268,23 @@ $fsize = filesize($fsPath) ; $fmodified = date("$GLOBALS[gblDateFmt] $GLOBALS[gblTimeFmt]", filemtime($fsPath)) ; $faccessed = date("$GLOBALS[gblDateFmt] $GLOBALS[gblTimeFmt]", fileatime($fsPath)) ; - echo "
    file size: " . $fsize . " Bytes
" ;
+		$fuid=fileowner($fsPath);
+		$fgid=filegroup($fsPath);
+		$userinfo = posix_getpwuid($fuid);
+		$grpinfo = posix_getgrgid($fgid);
+		echo "
";
+		if (!is_dir($fsPath)) echo "    file size: " . $fsize . " Bytes
" ;
 		echo "last modified: " . $fmodified . "
" ;
 		echo "last accessed: " . $faccessed . "
" ;
-		echo "        owner: " . fileowner($fsPath) . "
" ;
-		echo "        group: " . filegroup($fsPath) . "
" ;
+		echo "        owner: " . $userinfo["name"] . " [$fuid]
" ;
+		echo "        group: " . $grpinfo["name"] . " [$fgid]
" ;
 		echo "  permissions: " ; 
 		echo printf( "%o", fileperms($fsPath) ) . "" ;
 		echo "
" ;
 
 	}
 
-	if ( $editable && ($writable || !$exists) && !$file_lock ) { 
+	if ( !is_dir($fsPath) && $editable && ($writable || !$exists) && !$file_lock ) { 
 		$fh = fopen($fsPath,"a+") ;
 		rewind($fh) ;
 		$fstr = fread($fh,filesize($fsPath)) ;
@@ -301,7 +312,7 @@
 	}
 	if ( !$file_lock && $ext!="" && strstr(join(' ',$gblImages),$ext) ) {  
 		$info  = getimagesize($fsPath) ;
-		$tstr = "\""" ;
 //		echo htmlentities($tstr) . "

" . $tstr ;
@@ -367,25 +378,30 @@
 
 
 
CHANGES TO THIS FILE
\n";
+		if (is_dir("$fsDir/$fn")) {
+			$whatis="DIRECTORY";
+		} else {
+			$whatis="FILE";
+		}
+		print "

CHANGES TO THIS $whatis
\n";
 		$bakcount = 0;	// start from 0, skip fist backup (it's current)
 		while ($e = array_shift($logarr)) {
 			if (strstr($e[4],"upload")) {
 				if (file_exists("$bakdir/$bakcount/$name")) {
-					$e[4]="$e[4]";
+					$e[4]="$e[4]";
 				}
 				$bakcount++;
 			}
@@ -646,23 +662,21 @@
 
 function Navigate($fsRoot,$relDir) {
 
-	global $gblEditable, $gblIcon, $gblModDays ;
+	global $gblEditable, $gblIcon, $gblModDays, $webRoot, $gblHide ;
 
 	$self     = $GLOBALS["PHP_SELF"] ;
-	if (isset($GLOBALS["HTTPS"]) && $GLOBALS["HTTPS"] == "on") {
-		$webRoot  = "https://" . $GLOBALS["SERVER_NAME"] ;
-	} else {
-		$webRoot  = "http://" . $GLOBALS["SERVER_NAME"] ;
-	}
-	$fsDir    = $fsRoot . $relDir . "/" ; // current directory
+
+	$fsDir = $fsRoot . $relDir . "/" ; // current directory
 
 	if (!is_dir($fsDir)) Error("Dir not found",$relDir) ; 
 
+	$hide_items=",$gblHide,";
+
 	// read directory contents
 	if ( !($dir = @opendir($fsDir)) ) 
 		Error("Read Access denied",$relDir) ;
 	while ($item = readdir($dir)) {
-		if ( $item == ".." || $item == "." || substr($item,0,1) == "." ) continue ;
+		if ( substr($item,0,1) == "." || strstr($hide_items,",$item,") ) continue ;
 		if ( is_dir($fsDir . $item) ) {
 			$dirList[] = $item ;
 		} else if ( is_file($fsDir . $item) ) {
@@ -681,7 +695,7 @@
 	// scan deleted files
 	if ( $GLOBALS[show_deleted] == 1 && ($dir = @opendir("$fsDir/.del")) ) {
 		while ($item = readdir($dir)) {
-			if ( substr($item,0,1) == "." ) continue ;
+			if ( substr($item,0,1) == "." || strstr($hide_items,",$item,") ) continue ;
 			$fileList[] = ".del/$item" ;		
 		}
 		closedir($dir) ; 
@@ -702,7 +716,7 @@
 		CELLSPACING=3 WIDTH=\"100%\">" ;
 
 	// updir bar	
-	if ($fsDir != $fsRoot) {
+	if (chopsl($fsDir) != chopsl($fsRoot)) {
 		$parent = dirname($relDir) ;
 		if ($parent == "") $parent = "/" ;
 ?>
@@ -714,23 +728,36 @@
  1) {
+		$out.="s";
+	}
+	return $out;
+}
+
 	// output subdirs
 	if (sizeof($dirList) > 0) {
 		sort($dirList) ; 
 ?>
 
-
+" . $dir . "/" ;
+			$note_html="".$gblIcon("note")."".ReadNote($fsDir.$dir);
 ?>
 
-
-
+
+
+
-
+
@@ -829,9 +856,15 @@
 
 
+ 
+
@@ -849,15 +882,14 @@
 
 
 
-
+	";
 }
 ?>
-
-
-
DIRECTORY NAME
DIRECTORY NAME ()DIRECTORY NOTE

 
 

+
+

 
 

 
DOCUMENT NAME
DOCUMENT NAME ()
 
 NOTE
 LAST UPDATEFILE SIZE

+  No files in this directory
+ 

 
 

 ";
 	include(".info.inc");
+	print "

 
 
 
CREATE NEW
@@ -866,9 +898,9 @@
  NAME 
  
  
-  
- OR UPLOAD A FILE
- 
+ 
+  
+ OR UPLOAD A FILE
 

 
 

@@ -879,7 +911,7 @@
 
 //////////////////////////////////////////////////////////////////
 
-function UploadPage($fsRoot, $relDir, $filename) {
+function UploadPage($fsRoot, $relDir, $filename="") {
 
 	$self = $GLOBALS["PHP_SELF"] ;
 	if ($relDir == "") $relDir = "/" ; 
@@ -889,7 +921,7 @@
 

 DESTINATION DIRECTORY:
-
+
 
DESTINATION FILE:
 
 
@@ -924,29 +956,6 @@
 
 //////////////////////////////////////////////////////////////////
 
-function CreateHash($user, $pw) {
-
-	global $gblHash ;  // hash function to use 
-
-	if ($user == "" || $pw == "") {
-		$text = "either no password or no username supplied" ;
-		Error("Create Hash",$text) ;
-	}
-	$title = "(Create Hash)" ;
-	StartHTML($title) ;
-	echo "
" ;
-	echo "
Copy the value below and paste it " ;
-	echo "into the
value for \$gblPw in the source of " ;
-	echo "this file

" . $gblHash($user.$pw) ;
-	echo "

Hash function: " . $gblHash ;
-	echo "
" ;
-	EndHTML() ;
-	exit ;
-
-} // end function CreateHash
-
-//////////////////////////////////////////////////////////////////
-
 function NoEntry() {
 
 	$user = $GLOBALS["PHP_AUTH_USER"] ;
@@ -955,28 +964,17 @@
 
 	$title = "(401 Unauthorized)" ;
 	$text  = "No trespassing !" ;
-	StartHTML($title,$text) ;
-?>
 
-
-
-
-
-
If you are a site administrator:


-Click below to generate a password hash
from 
-the username-password pair you just
entered. Then include the hash in 
-the source
of this file.


-
-

+	global $PHP_AUTH_USER,$PHP_AUTH_PW,$gblPw,$relogin;
+	StartHTML($title,$text) ;
 
- $to\n";
+		if (file_exists($from) && is_writeable(dirname($to))) {
+			rename($from,$to);
+		}
+	}
+
+	function try_dir($todir) {
+		if (! file_exists($todir)) {
+			mkdir($todir,0700);
+	        }
+	}
+
+	$to="$fromdir/$tofile";
+	$todir=dirname($to);
+	$tofile=basename($to);
+
+#	print "
$fromdir / $fromfile -> $todir / $tofile\n\n";
+
+	try_rename("$fromdir/$fromfile","$todir/$tofile");
+	try_dir("$todir/.log");
+	try_rename("$fromdir/.log/$fromfile","$todir/.log/$tofile");
+	try_dir("$todir/.note");
+	try_rename("$fromdir/.note/$fromfile","$todir/.note/$tofile");
+	try_dir("$todir/.lock");
+	try_rename("$fromdir/.lock/$fromfile","$todir/.lock/$tofile");
+	try_dir("$todir/.bak");
+	for($i=0;$i<=$GLOBALS[gblNumBackups];$i++) {
+		try_rename("$fromdir/.bak/$i/$fromfile","$todir/.bak/$i/$tofile");
 	}
 }
 
+
 //////////////////////////////////////////////////////////////////
 
 // recursivly delete directory
@@ -1129,6 +1161,7 @@
 	$log=fopen("$gblFsRoot/.changelog","a+");
 	if (substr($target,0,strlen($gblFsRoot)) == $gblFsRoot)
 		$target=substr($target,strlen($gblFsRoot),strlen($target)-strlen($gblFsRoot));
+	$msg=str_replace("\t"," ",$msg);
 	fputs($log,time()."\t$target\t$GLOBALS[gblUserName]\t$msg\n");
 	fclose($log);
 
@@ -1137,16 +1170,20 @@
 function DisplayChangeLog($day) {
 
 	global $gblFsRoot;
-	if (!file_exists("gblFsRoot/.changelog")) return;
+	if (!file_exists("$gblFsRoot/.changelog")) return;
 	$log=fopen("$gblFsRoot/.changelog","r");
 	$logarr = array();
-	while($line = fgetcsv($log,255,"\t")) {
-		if ($day!=1 || $day==1 && $line[0]-time() < 24*60) {
+	while($line = fgetcsv($log,512,"\t")) {
+		while (sizeof($line) > 4) {
+			$tmp = array_pop($line);
+			$line.=" $tmp";
+		}
+		if ($day!=1 || ($day==1 && (time()-$line[0] < 24*60*60))) {
 			array_unshift($logarr,array($line[0],$line[1],$line[2],$line[3]));
 		}
 	}
 	fclose($log);
-	$cl1=" class=lst"; $cl2="";
+	$cl1=" class=LST"; $cl2="";
 	print "\n";
 	while ($e = array_shift($logarr)) {
 		$cl=$cl1; $cl1=$cl2; $cl2=$cl;
@@ -1157,10 +1194,39 @@
 		print "$date$time$dir/$file$e[2]$e[3]\n";
 	}
 	print "
";
+	print "
".GifIcon(up)." Back to front page.
";
+}
+
+//////////////////////////////////////////////////////////////////
+
+function Download($path) {
+	global $HTTP_USER_AGENT;
+	$file=basename($path);
+	$size = filesize($path);
+	//header("Content-Type: application/octet-stream");
+	header("Content-Type: application/force-download");
+	header("Content-Length: $size");
+	// IE5.5 just downloads index.php if we don't do this
+	if(preg_match("/MSIE 5.5/", $HTTP_USER_AGENT)) {
+		header("Content-Disposition: filename=$file");
+	} else {
+		header("Content-Disposition: attachment; filename=$file");
+	}
+	header("Content-Transfer-Encoding: binary");
+	$fh = fopen($path, "r");
+	fpassthru($fh);
 }
 
+
 //////////////////////////////////////////////////////////////////
 
+function chopsl($path) {
+	if (substr($path,strlen($path)-1,1) == "/") $path=substr($path,0,strlen($path)-1);
+	$path=str_replace("//","/",$path);
+	return $path;
+}
+
+//////////////////////////////////////////////////////////////////
 // MAIN PROGRAM
 // ============
 // query parameters: capital letters
@@ -1175,16 +1241,43 @@
 
 	// forks before authentication: style sheet and hash
 	// creation if password not yet set.
-	if ($STYLE == "get") { CSS() ; exit ; }
-	if ($HASH != "") { 
-		CreateHash($USER, $PW) ; 
-		exit ; 
+	if (isset($STYLE) && $STYLE == "get") { CSS() ; exit ; }
+
+	$fsScriptDir  = dirname($SCRIPT_FILENAME) ; 	
+	// i.e. /home/httpd/html/docman
+
+	// read user-defined configuration
+	if (file_exists("$fsScriptDir/.docman.conf")) {
+		include("$fsScriptDir/.docman.conf");
+	}
+
+	// where do we get users from?
+	if (file_exists("$gblIncDir/$gblUsers.php")) {
+		include("$gblIncDir/$gblUsers.php");
+	} else {
+		Error("Configuration error","Can't find user handling module at $gblIncDir/$gblUsers.php ! Please fix $fsScriptDir/.docman.conf");
 	}
 
-	// authentication if $gblAuth == true
-	if ( $gblAuth && $gblHash($PHP_AUTH_USER.$PHP_AUTH_PW) != $gblPw ||
-		isset($relogin) && $gblPw == $relogin ) {
-		header("WWW-authenticate: basic realm=\"$SERVER_NAME\"") ;
+	// if no password, or empty password logout
+	if (
+		isset($PHP_AUTH_USER) && (
+			!isset($relogin) || (
+				isset($relogin) && $relogin != md5($PHP_AUTH_USER.$PHP_AUTH_PW)
+			)
+		) && (
+			$PHP_AUTH_PW == "" || !isset($PHP_AUTH_PW)
+		) && !isset($force_login)
+	   ) {
+		StartHTML("Logout completed","Your login credentials has been erased") ;
+		EndHTML() ;
+		exit ;
+	}
+
+	// authentication failure
+	if ( md5($PHP_AUTH_USER.$PHP_AUTH_PW) != $gblPw ||
+		isset($relogin) && $gblPw == $relogin) {
+		$realm="$HTTP_HOST";
+		header("WWW-authenticate: basic realm=\"$realm\"") ;
 		header("HTTP/1.0 401 Unauthorized") ;
 		NoEntry() ;
 		exit ;
@@ -1196,6 +1289,8 @@
 		$relDir = urldecode($D) ;  // then use GET
 	}	
 
+	$relDir=stripSlashes($relDir);
+
 	if ($relDir == "/") $relDir = "" ; 	
 	// default : website root = ""
 
@@ -1207,18 +1302,27 @@
 	// i.e. below $gblFsRoot.
 
 	$relScriptDir = dirname($SCRIPT_NAME) ;  	
-	// i.e. /siteman
+	// i.e. /docman
 
-	$fsScriptDir  = dirname($SCRIPT_FILENAME) ; 	
-	// i.e. /home/httpd/html/siteman
-
-	$gblFsRoot = substr($fsScriptDir,0,
-	  strlen($fsScriptDir)-strlen($relScriptDir)) ;
+	// start on server root
+//	$gblFsRoot = substr($fsScriptDir,0, strlen($fsScriptDir)-strlen($relScriptDir)) ;
+	// or on script root
+	$gblFsRoot = $fsScriptDir;
 	// i.e. /home/httpd/html
 
 	$fsDir = $gblFsRoot . $relDir ; // current directory
 	if ( !is_dir($fsDir) ) Error("Dir not found",$relDir) ;
-	
+
+	if (isset($GLOBALS["HTTPS"]) && $GLOBALS["HTTPS"] == "on") {
+		$webRoot  = "https://";
+	} else {
+		$webRoot  = "http://";
+	}
+	$webRoot .= $GLOBALS["HTTP_HOST"] . $relScriptDir;
+
+	$FN=stripSlashes($FN);
+
+
 	switch ($POSTACTION) {
 	case "UPLOAD" :
 		if (!is_writeable($fsDir)) Error("Write denied",$relDir) ;
@@ -1227,6 +1331,9 @@
 		// TODO : should rather check for escapeshellcmds
 		// but maybe RFC 18xx asserts safe filenames ....
 		$source = $FN ;
+		if (! file_exists($source)) {
+			Error("You must select file with browse to upload it!");
+		}
 		if (! isset($FILENAME)) { 	// from update file
 			$target = "$fsDir/$FN_name" ;
 		} else {
@@ -1259,6 +1366,7 @@
 
 	case "SAVE" :
 		$path = $gblFsRoot . $RELPATH ;
+		$path=stripSlashes($path);
 		$writable = is_writeable($path) ;
 		$legaldir = is_writeable(dirname($path)) ;
 		$exists   = (file_exists($path)) ? 1 : 0 ; 
@@ -1266,6 +1374,7 @@
 	 	if (!($writable || (!$exists && $legaldir))) 
 			Error("Write denied",$RELPATH) ;
 		$fh = fopen($path, "w") ;
+		$FILEDATA=stripSlashes($FILEDATA);
 		fwrite($fh,$FILEDATA) ;
 		fclose($fh) ;
 		clearstatcache() ;
@@ -1289,7 +1398,7 @@
 // this functionality is doubled in DetailView().
 // better keep it here altogether
 // chmod perms to $gblFilePerms
-			if ( file_exists($path) && !is_writable($path) ) 
+			if ( file_exists($path) && !is_writeable($path) ) 
 				Error("File not writable", $relPath) ;
 			$fh = fopen($path, "w+") ;
 			if ($fh) {
@@ -1361,14 +1470,7 @@
 		if ( $CONFIRM != "on" ) break ;
 
 		Logit("$fsDir/$FN","renamed $FN to $NEWNAME");
-		safe_rename("$fsDir/$FN","$fsDir/$NEWNAME");
-		safe_rename("$fsDir/.log/$FN","$fsDir/.log/$NEWNAME");
-		safe_rename("$fsDir/.note/$FN","$fsDir/.note/$NEWNAME");
-		safe_rename("$fsDir/.lock/$FN","$fsDir/.lock/$NEWNAME");
-		for($i=0;$i<=$GLOBALS[gblNumBackups];$i++) {
-			safe_rename("$fsDir/.bak/$i/$FN","$fsDir/.bak/$i/$NEWNAME");
-		}
-
+		safe_rename($fsDir,$FN,$NEWNAME);
 		break ;
 
 	case "NOTE" :  
@@ -1398,39 +1500,42 @@
 	// $A=Co : checkout file $D/$F
 	// $A=Ci : checkin file $D/$F
 	// $A=V : view file (do nothing except log)
+	// $A=I : include file .$F.php from $gblFsRoot
 	// default : display directory $D
-	
+
 	switch ($A) {
 	case "U" :
 		// upload to $relDir
 		if (!is_writeable($gblFsRoot . $relDir)) 
 			Error("Write access denied",$relDir) ;
 		$text  = "Use this page to upload a single " ;
-		$text .= "file to $SERVER_NAME." ;
+		$text .= "file to $HTTP_HOST." ;
 		StartHTML("(Upload Page)", $text) ;
 		UploadPage($gblFsRoot, $relDir) ;
 		EndHTML() ;
 		exit ;
 	case "E" :
+		$F=stripSlashes($F);
 		// detail of $relDir/$F
-		if (is_file("$gblFsRoot/$relDir/$F")) DetailPage($gblFsRoot, $relDir, $F) ;
+		if (is_file("$gblFsRoot/$relDir/$F") || is_dir("$gblFsRoot/$relDir/$F")) DetailPage($gblFsRoot, $relDir, $F) ;
 		exit ;
 	case "C" :
+		$F=stripSlashes($F);
 		// listing of $relDir/$F 
 		DisplayCode($gblFsRoot, $relDir, $F) ;
 		exit ;
 	case "Co" :
 		// checkout
 		Lock("$gblFsRoot/$relDir/$F");
-		header("Content-Disposition: attachment; filename=$F" );
-		Header("Location: ".urlpath("$relDir/$F"));
+		Download("$gblFsRoot/$relDir/$F");
 		exit;
 	case "Ci" :
+		$F=stripSlashes($F);
 		// upload && update to $relDir
 		if (!is_writeable($gblFsRoot . $relDir)) 
 			Error("Write access denied",$relDir) ;
 		$text  = "Use this page to update a single " ;
-		$text .= "file to $SERVER_NAME." ;
+		$text .= "file to $HTTP_HOST." ;
 		StartHTML("(Update file Page)", $text) ;
 		UploadPage($gblFsRoot, $relDir, $F) ;
 		EndHTML() ;
@@ -1438,8 +1543,12 @@
 	case "V" :
 		// view
 		LogIt("$gblFsRoot/$relDir/$F","viewed");
-		header("Content-Disposition: attachment; filename=$F" );
-		Header("Location: ".urlpath("$relDir/$F"));
+		if ($gblForceDownload) {
+			Download("$gblFsRoot/$relDir/$F");
+		} else {
+			header("Content-Disposition: attachment; filename=$F" );
+			Header("Location: $webRoot".urlpath("$relDir/$F"));
+		}
 		exit;
 	case "Ch" :
 		StartHTML("(File changes)","All changes chronologicaly...");
@@ -1451,6 +1560,19 @@
 		DisplayChangeLog(1);
 		EndHTML() ;
 		exit;
+	case "I" :
+		$F=stripSlashes($F);
+		$inc_file="${gblFsRoot}/.${F}.php";
+		if (!isset($F) || $F == "" || !file_exists($inc_file)) Error("Fatal error $inc_file"); // can't find file to include
+		if (!is_readable($inc_file))
+			Error("Read access to include file denied",".${F}.php");
+		$text  = "Your include file should define \$text variable which holds this text and \$title variable which is page title";
+		$title = "You should define \$title variable with page title";
+		include($inc_file);
+		StartHTML($title, $text) ;
+		print "
".GifIcon(up)." Back to front page.
";
+		EndHTML() ;
+		exit ;
 	}
 
 	// default: display directory $relDir