--- docman.php 2000/09/07 10:19:34 1.19 +++ docman.php 2000/12/21 07:30:04 1.25 @@ -35,22 +35,14 @@ /* existent address after file modifications. */ /* - 2000-07-25 Dobrica Pavlinusic - nuked exec calls (unsecure) - nuked writeable function (replaced by php is_writeable) - added support for https (tested with apache+mod_ssl) - added users file - date format user-selectable - cycle backup files in bak directory - support links as directoryes (for now) - support of file history logging - undelete capabilities (delete moves to .del directory) + This project is now called Directory Manager. - 2000-07-26 DbP + For more info, please see web pages at + http://www.rot13.org/~dpavlin/docman.html - added more checking on entered filename (when creating file/dir) - added rename option + It's relased under GPL by + Dobrica Pavlinusic IMPORTANT INSTALLATION NOTE: @@ -65,9 +57,8 @@ TODO: mixed file/directory output (add type to each entry, real support for links) - retrieve old versions of files (overwritten) - show last lock date - + access controll + */ ////////////////////////////////////////////////////////////////// @@ -80,7 +71,7 @@ // GLOBAL PARAMETERS // ================= -// Make modifications here to suit siteman to your needs +// Make modifications here to suit docman to your needs // error_reporting(4) ; // how verbose ? @@ -367,7 +358,7 @@ + + No files in this directory + + @@ -849,15 +846,14 @@
- "; include(".info.inc"); + print " +
"; } ?> - - -
CREATE NEW @@ -976,7 +972,7 @@ ////////////////////////////////////////////////////////////////// -function Logit($target,$msg) { +function LogIt($target,$msg) { $dir=dirname($target); if (! file_exists($dir."/.log")) { @@ -996,6 +992,7 @@ function WriteNote($target,$msg) { + $target=stripSlashes($target); $dir=dirname($target); if (! file_exists($dir."/.note")) { mkdir($dir."/.note",0700); @@ -1012,6 +1009,7 @@ function ReadNote($target) { + $target=stripSlashes($target); $dir=dirname($target); $file=basename($target); $msg=""; @@ -1028,6 +1026,7 @@ function MoveTo($source,$folder) { + $source=stripSlashes($source); $file=basename($source); if (! file_exists($folder)) { mkdir($folder,0700); @@ -1041,6 +1040,7 @@ function Lock($target) { + $target=stripSlashes($target); $dir=dirname($target); if (! file_exists($dir."/.lock")) { mkdir($dir."/.lock",0700); @@ -1061,6 +1061,7 @@ function CheckLock($target) { + $target=stripSlashes($target); $dir=dirname($target); $file=basename($target); $msg=0; @@ -1075,6 +1076,7 @@ function Unlock($target) { + $target=stripSlashes($target); $dir=dirname($target); $file=basename($target); if (file_exists($dir."/.lock/$file")) { @@ -1137,11 +1139,11 @@ function DisplayChangeLog($day) { global $gblFsRoot; - if (!file_exists("gblFsRoot/.changelog")) return; + if (!file_exists("$gblFsRoot/.changelog")) return; $log=fopen("$gblFsRoot/.changelog","r"); $logarr = array(); while($line = fgetcsv($log,255,"\t")) { - if ($day!=1 || $day==1 && $line[0]-time() < 24*60) { + if ($day!=1 || ($day==1 && (time()-$line[0] < 24*60*60))) { array_unshift($logarr,array($line[0],$line[1],$line[2],$line[3])); } } @@ -1157,6 +1159,7 @@ print "$date$time$dir/$file$e[2]$e[3]\n"; } print ""; + print "

".GifIcon(up)." Back to front page.

"; } ////////////////////////////////////////////////////////////////// @@ -1184,7 +1187,7 @@ // authentication if $gblAuth == true if ( $gblAuth && $gblHash($PHP_AUTH_USER.$PHP_AUTH_PW) != $gblPw || isset($relogin) && $gblPw == $relogin ) { - header("WWW-authenticate: basic realm=\"$SERVER_NAME\"") ; + header("WWW-authenticate: basic realm=\"$HTTP_HOST\"") ; header("HTTP/1.0 401 Unauthorized") ; NoEntry() ; exit ; @@ -1207,18 +1210,22 @@ // i.e. below $gblFsRoot. $relScriptDir = dirname($SCRIPT_NAME) ; - // i.e. /siteman + // i.e. /docman $fsScriptDir = dirname($SCRIPT_FILENAME) ; - // i.e. /home/httpd/html/siteman + // i.e. /home/httpd/html/docman - $gblFsRoot = substr($fsScriptDir,0, - strlen($fsScriptDir)-strlen($relScriptDir)) ; + // start on server root +// $gblFsRoot = substr($fsScriptDir,0, strlen($fsScriptDir)-strlen($relScriptDir)) ; + // or on script root + $gblFsRoot = $fsScriptDir; // i.e. /home/httpd/html $fsDir = $gblFsRoot . $relDir ; // current directory if ( !is_dir($fsDir) ) Error("Dir not found",$relDir) ; - + + $FN=stripSlashes($FN); + switch ($POSTACTION) { case "UPLOAD" : if (!is_writeable($fsDir)) Error("Write denied",$relDir) ; @@ -1259,6 +1266,7 @@ case "SAVE" : $path = $gblFsRoot . $RELPATH ; + $path=stripSlashes($path); $writable = is_writeable($path) ; $legaldir = is_writeable(dirname($path)) ; $exists = (file_exists($path)) ? 1 : 0 ; @@ -1266,6 +1274,7 @@ if (!($writable || (!$exists && $legaldir))) Error("Write denied",$RELPATH) ; $fh = fopen($path, "w") ; + $FILEDATA=stripSlashes($FILEDATA); fwrite($fh,$FILEDATA) ; fclose($fh) ; clearstatcache() ; @@ -1399,23 +1408,25 @@ // $A=Ci : checkin file $D/$F // $A=V : view file (do nothing except log) // default : display directory $D - + switch ($A) { case "U" : // upload to $relDir if (!is_writeable($gblFsRoot . $relDir)) Error("Write access denied",$relDir) ; $text = "Use this page to upload a single " ; - $text .= "file to $SERVER_NAME." ; + $text .= "file to $HTTP_HOST." ; StartHTML("(Upload Page)", $text) ; UploadPage($gblFsRoot, $relDir) ; EndHTML() ; exit ; case "E" : + $F=stripSlashes($F); // detail of $relDir/$F if (is_file("$gblFsRoot/$relDir/$F")) DetailPage($gblFsRoot, $relDir, $F) ; exit ; case "C" : + $F=stripSlashes($F); // listing of $relDir/$F DisplayCode($gblFsRoot, $relDir, $F) ; exit ; @@ -1426,11 +1437,12 @@ Header("Location: ".urlpath("$relDir/$F")); exit; case "Ci" : + $F=stripSlashes($F); // upload && update to $relDir if (!is_writeable($gblFsRoot . $relDir)) Error("Write access denied",$relDir) ; $text = "Use this page to update a single " ; - $text .= "file to $SERVER_NAME." ; + $text .= "file to $HTTP_HOST." ; StartHTML("(Update file Page)", $text) ; UploadPage($gblFsRoot, $relDir, $F) ; EndHTML() ;