--- docman.php	2000/12/21 08:25:06	1.26
+++ docman.php	2001/03/11 15:36:51	1.35
@@ -51,7 +51,7 @@
 	deleted files!
 
 	.htusers is in form:
-	login:Real Name:md5(loginpassword)
+	login:Real Name:[md5(loginpassword)|auth_*]:email@host.dom
 
 
 TODO:
@@ -75,41 +75,20 @@
 
 // 	error_reporting(4) ;		// how verbose ?
 
+	// from where to include auth_*.php modules?
+	$gblIncDir = "/home/httpd/docman";
+
 	// username/password should not be system 
 	// usernames/passwords !!
 
-//	$gblPw    = "hash_of_your_username_and_password" ;
-
-//	$gblAuth  = false ;             // use builtin authentication
-	$gblAuth  = true ;             // use builtin authentication
-        $gblHash  = "md5" ;             // hash function to use
-
 	$gblPw    = "";
 
-	if ($gblAuth) {
-		$htusers_file=dirname($SCRIPT_FILENAME)."/.htusers";
-		if (! file_exists($htusers_file)) {
-			$htusers=fopen($htusers_file,"a+");
-			fputs($htusers,"# Change owner of $htusers_file to root !!\n");
-			fputs($htusers,"demo:full name:md5_hash\n");
-			fclose($htusers);
-		}
-		$htusers=fopen($htusers_file,"r");
-		while($user = fgetcsv($htusers,255,":")) {
-			if ($user[0] == $GLOBALS["PHP_AUTH_USER"]) {
-				$gblUserName=$user[1];
-				$gblPw=$user[2];
-				$gblEmail=$user[3];
-				continue ;
-			}
-		}
-		fclose($htusers);
-	}
-
+	// date format
 //	$gblDateFmt="D, F d, Y";
-//	$gblTimeFmt="g:i:sA";
-
 	$gblDateFmt="Y-m-d";
+
+	// time format
+//	$gblTimeFmt="g:i:sA";
 	$gblTimeFmt="H:i:s";
 
 	// Number of backup files to keep
@@ -121,12 +100,12 @@
 	// choose GifIcon below unless you have the M$
 	// WingDings font installed on your system
 
-	$gblIcon = "GifIcon" ;		// MockIcon or GifIcon
+	$gblIcon="GifIcon";		// MockIcon or GifIcon
 
 	// the directory below should be /icons/ or /icons/small/ 
 	// on Apache; a set of icons is included in the distribution
 
-	$gblIconLocation = "/icons/" ; 
+	$gblIconLocation="/icons/"; 
 
 	// files you want to be able to edit in text mode
 	// and view with (primitive) syntax highlighting
@@ -145,7 +124,7 @@
 
 function StartHTML($title,$text="") {
 
-	$title = "Site Manager " . $title ;
+	$title = "Document Manager " . $title ;
 	$host  = $GLOBALS["HTTP_HOST"] ;
 	$self  = $GLOBALS["PHP_SELF"] ;
 ?>
@@ -224,7 +203,7 @@
 
 function DetailPage($fsRoot,$relDir,$fn) {
 	
-	global $gblEditable, $gblImages ;
+	global $gblEditable, $gblImages, $webRoot ;
 	$self = $GLOBALS["PHP_SELF"] ;
 
 	$relPath  = $relDir . "/" . $fn ;
@@ -243,7 +222,11 @@
 		Error("Creation denied",$relDir) ;
 
 	$text  = "Use this page to view, modify or " ;
-	$text .= "delete a single document on this " ;
+	if (is_dir($fsPath)) {
+		$text .="delete a directory on this " ;
+	} else {
+		$text .= "delete a single document on this " ;
+	};
 	$text .= "web site." ;	
 	$title = "(Detail Page)" ;
 	StartHTML($title, $text) ;
@@ -253,18 +236,21 @@
 		$fsize = filesize($fsPath) ; 
 		$fmodified = date("$GLOBALS[gblDateFmt] $GLOBALS[gblTimeFmt]", filemtime($fsPath)) ;
 		$faccessed = date("$GLOBALS[gblDateFmt] $GLOBALS[gblTimeFmt]", fileatime($fsPath)) ;
-		echo "<PRE>    file size: " . $fsize . " Bytes<BR>" ;
+		$userinfo = posix_getpwuid(fileowner($fsPath));
+		$grpinfo = posix_getgrgid(filegroup($fsPath));
+		echo "<PRE>";
+		if (!is_dir($fsPath)) echo "file size: " . $fsize . " Bytes<BR>" ;
 		echo "last modified: <B>" . $fmodified . "</B><BR>" ;
 		echo "last accessed: <B>" . $faccessed . "</B><BR>" ;
-		echo "        owner: <B>" . fileowner($fsPath) . "</B><BR>" ;
-		echo "        group: <B>" . filegroup($fsPath) . "</B><BR>" ;
+		echo "        owner: <B>" . $userinfo["name"] . "</B><BR>" ;
+		echo "        group: <B>" . $grpinfo["name"] . "</B><BR>" ;
 		echo "  permissions: <B>" ; 
 		echo printf( "%o", fileperms($fsPath) ) . "</B>" ;
 		echo "</PRE>" ;
 
 	}
 
-	if ( $editable && ($writable || !$exists) && !$file_lock ) { 
+	if ( !is_dir($fsPath) && $editable && ($writable || !$exists) && !$file_lock ) { 
 		$fh = fopen($fsPath,"a+") ;
 		rewind($fh) ;
 		$fstr = fread($fh,filesize($fsPath)) ;
@@ -292,7 +278,7 @@
 	}
 	if ( !$file_lock && $ext!="" && strstr(join(' ',$gblImages),$ext) ) {  
 		$info  = getimagesize($fsPath) ;
-		$tstr = "<IMG SRC=\"".urlpath($relPath)."\" BORDER=0 " ;
+		$tstr = "<IMG SRC=\"$webRoot".urlpath($relPath)."\" BORDER=0 " ;
 		$tstr .= $info[3] . " ALT=\"" . $fn . " - " ;
 		$tstr .= (int)(($fsize+1023)/1024) . "Kb\">" ;
 //		echo htmlentities($tstr) . "<BR><BR>" . $tstr ;
@@ -364,19 +350,24 @@
 	$bakdir=dirname("$fsDir/$fn")."/.bak";
 	if (file_exists($logname)) {
 		$log=fopen($logname,"r");
-		$cl1=" class=lst"; $cl2="";
+		$cl1=" class=LST"; $cl2="";
 		$logarr = array();
 		while($line = fgetcsv($log,255,"\t")) {
 			$cl=$cl1; $cl1=$cl2; $cl2=$cl;
 			array_unshift($logarr,array($cl,$line[0],$line[1],$line[2],$line[3]));
 		}
 		fclose($log);
-		print "<hr><br><b>CHANGES TO THIS FILE</b><br><table border=0 width=100%>\n";
+		if (is_dir("$fsDir/$fn")) {
+			$whatis="DIRECTORY";
+		} else {
+			$whatis="FILE";
+		}
+		print "<hr><br><b>CHANGES TO THIS $whatis</b><br><table border=0 width=100%>\n";
 		$bakcount = 0;	// start from 0, skip fist backup (it's current)
 		while ($e = array_shift($logarr)) {
 			if (strstr($e[4],"upload")) {
 				if (file_exists("$bakdir/$bakcount/$name")) {
-					$e[4]="<a href=\"".dirname($relPath)."/.bak/$bakcount/$name\">$e[4]</a>";
+					$e[4]="<a href=\"$webRoot".urlpath(dirname($relPath)."/.bak/$bakcount/$name")."\">$e[4]</a>";
 				}
 				$bakcount++;
 			}
@@ -637,15 +628,11 @@
 
 function Navigate($fsRoot,$relDir) {
 
-	global $gblEditable, $gblIcon, $gblModDays ;
+	global $gblEditable, $gblIcon, $gblModDays, $webRoot ;
 
 	$self     = $GLOBALS["PHP_SELF"] ;
-	if (isset($GLOBALS["HTTPS"]) && $GLOBALS["HTTPS"] == "on") {
-		$webRoot  = "https://" . $GLOBALS["HTTP_HOST"] ;
-	} else {
-		$webRoot  = "http://" . $GLOBALS["HTTP_HOST"] ;
-	}
-	$fsDir    = $fsRoot . $relDir . "/" ; // current directory
+
+	$fsDir = $fsRoot . $relDir . "/" ; // current directory
 
 	if (!is_dir($fsDir)) Error("Dir not found",$relDir) ; 
 
@@ -710,18 +697,23 @@
 		sort($dirList) ; 
 ?>
 
-<TR><TD></TD><TD COLSPAN=5 CLASS=TOP><HR>DIRECTORY NAME</TD></TR>
+<TR><TD></TD><TD COLSPAN=2 CLASS=TOP>DIRECTORY NAME</TD><TD COLSPAN=3 CLASS=TOP>DIRECTORY NOTE</TR>
 
 <?php
 		while (list($key,$dir) = each($dirList)) {
 
+			$info_url=$self."?A=E&F=".urlencode($dir)."&D=".urlencode($relDir);
 			$tstr = "<A HREF=\"" . $self . "?D=" ; 
 			$tstr .= urlencode($relDir."/".$dir) ;
 			$tstr .= "\">" . $dir . "/</A>" ;
+			$note_html="<a href=\"$info_url#note\">".$gblIcon("note")."</a>".ReadNote($fsDir.$dir);
 ?>
 
-<TR><TD><?= $gblIcon("fldr") ?></TD>
-<TD COLSPAN=5 CLASS=LST><?= $tstr ?></TD></TR>
+<TR><TD>
+<A HREF="<?= $info_url ?>" TITLE="View/Edit">
+<?= $gblIcon("fldr") ?></A></TD>
+<TD COLSPAN=2 CLASS=LST><?= $tstr ?></TD>
+<TD COLSPAN=3 CLASS=LST><?= $note_html ?></TD></TR>
 
 <?php
 		}  // iterate over dirs
@@ -920,29 +912,6 @@
 
 //////////////////////////////////////////////////////////////////
 
-function CreateHash($user, $pw) {
-
-	global $gblHash ;  // hash function to use 
-
-	if ($user == "" || $pw == "") {
-		$text = "either no password or no username supplied" ;
-		Error("Create Hash",$text) ;
-	}
-	$title = "(Create Hash)" ;
-	StartHTML($title) ;
-	echo "<P ALIGN=center>" ;
-	echo "<BLOCKQUOTE>Copy the value below and paste it " ;
-	echo "into the<BR>value for \$gblPw in the source of " ;
-	echo "this file<BR><BR><B>" . $gblHash($user.$pw) ;
-	echo "</B><BR><BR>Hash function: " . $gblHash ;
-	echo "</BLOCKQUOTE></P>" ;
-	EndHTML() ;
-	exit ;
-
-} // end function CreateHash
-
-//////////////////////////////////////////////////////////////////
-
 function NoEntry() {
 
 	$user = $GLOBALS["PHP_AUTH_USER"] ;
@@ -952,20 +921,7 @@
 	$title = "(401 Unauthorized)" ;
 	$text  = "No trespassing !" ;
 	StartHTML($title,$text) ;
-?>
-
-<FORM ACTION="<?= $self ?>?HASH=create" METHOD="POST">
-<INPUT TYPE="HIDDEN" NAME="USER" VALUE="<?= $user ?>">
-<INPUT TYPE="HIDDEN" NAME="PW" VALUE="<?= $pw ?>">
-
-<BLOCKQUOTE><B>If you are a site administrator:</B><BR><BR>
-Click below to <B>generate a password hash</B><BR>from 
-the username-password pair you just<BR>entered. Then include the hash in 
-the source<BR>of this file.<BR><BR>
-<INPUT TYPE="SUBMIT" VALUE="CREATE HASH">
-</BLOCKQUOTE></FORM>
 
-<?php
 	EndHTML() ;
 	exit ;
 }
@@ -1099,12 +1055,40 @@
 
 //////////////////////////////////////////////////////////////////
 
-function safe_rename($from,$to) {
-	if (file_exists($from) && is_writable(dirname($to))) {
-		rename($from,$to);
+function safe_rename($fromdir,$fromfile,$tofile) {
+	function try_rename($from,$to) {
+		print "$from -> $to\n";
+		if (file_exists($from) && is_writeable(dirname($to))) {
+			rename($from,$to);
+		}
+	}
+
+	function try_dir($todir) {
+		if (! file_exists($todir)) {
+			mkdir($todir,0700);
+	        }
+	}
+
+	$to="$fromdir/$tofile";
+	$todir=dirname($to);
+	$tofile=basename($to);
+
+	print "<pre>$fromdir / $fromfile -> $todir / $tofile\n\n";
+
+	try_rename("$fromdir/$fromfile","$todir/$tofile");
+	try_dir("$todir/.log");
+	try_rename("$fromdir/.log/$fromfile","$todir/.log/$tofile");
+	try_dir("$todir/.note");
+	try_rename("$fromdir/.note/$fromfile","$todir/.note/$tofile");
+	try_dir("$todir/.lock");
+	try_rename("$fromdir/.lock/$fromfile","$todir/.lock/$tofile");
+	try_dir("$todir/.bak");
+	for($i=0;$i<=$GLOBALS[gblNumBackups];$i++) {
+		try_rename("$fromdir/.bak/$i/$fromfile","$todir/.bak/$i/$tofile");
 	}
 }
 
+
 //////////////////////////////////////////////////////////////////
 
 // recursivly delete directory
@@ -1148,7 +1132,7 @@
 		}
 	}
 	fclose($log);
-	$cl1=" class=lst"; $cl2="";
+	$cl1=" class=LST"; $cl2="";
 	print "<table border=0 width=100%>\n";
 	while ($e = array_shift($logarr)) {
 		$cl=$cl1; $cl1=$cl2; $cl2=$cl;
@@ -1179,13 +1163,42 @@
 	// forks before authentication: style sheet and hash
 	// creation if password not yet set.
 	if ($STYLE == "get") { CSS() ; exit ; }
-	if ($HASH != "") { 
-		CreateHash($USER, $PW) ; 
-		exit ; 
+
+	$htusers_file=dirname($SCRIPT_FILENAME)."/.htusers";
+	if (! file_exists($htusers_file)) {
+		if (is_writeable(dirname($SCRIPT_FILENAME))) {
+			$htusers=fopen($htusers_file,"a+");
+			fputs($htusers,"# Change owner of $htusers_file to root !!\n");
+			fputs($htusers,"demo:full name:[md5_hash|auth_*]:e-mail\n");
+			fclose($htusers);
+			Error("Proto user file created!","Please edit <tt>$htusers_file</tt> and set it correct permissions (<B>not writable by web server as it is now!</b>). You can add users using <tt>adduser.pl</tt> script!");
+			exit;
+		} else {
+			Error("Can't create proto user file!","Please make directory <tt>".dirname($htusers_file)."</tt> writable or create <tt>.htusers</tt> file by hand using <tt>adduser.pl</tt> script!");
+			exit;
+		}
+	}
+	$htusers=fopen($htusers_file,"r");
+	while($user = fgetcsv($htusers,255,":")) {
+		if ($user[0] == $GLOBALS["PHP_AUTH_USER"]) {
+			$gblUserName=$user[1];
+			$gblPw=$user[2];
+			if (substr($gblPw,0,5) == "auth_" && file_exists("$gblIncDir/$gblPw.php")) {
+				require("$gblIncDir/$gblPw.php");
+				if ($gblPw($user)) {
+					$gblPw=md5($PHP_AUTH_USER.$PHP_AUTH_PW);
+				} else {
+					$gblPw="error".md5($PHP_AUTH_USER.$PHP_AUTH_PW);
+				}
+			}
+			$gblEmail=$user[3];
+			continue ;
+		}
 	}
+	fclose($htusers);
 
-	// authentication if $gblAuth == true
-	if ( $gblAuth && $gblHash($PHP_AUTH_USER.$PHP_AUTH_PW) != $gblPw ||
+	// authentication failure
+	if ( md5($PHP_AUTH_USER.$PHP_AUTH_PW) != $gblPw ||
 		isset($relogin) && $gblPw == $relogin ) {
 		header("WWW-authenticate: basic realm=\"$HTTP_HOST\"") ;
 		header("HTTP/1.0 401 Unauthorized") ;
@@ -1224,6 +1237,13 @@
 	$fsDir = $gblFsRoot . $relDir ; // current directory
 	if ( !is_dir($fsDir) ) Error("Dir not found",$relDir) ;
 
+	if (isset($GLOBALS["HTTPS"]) && $GLOBALS["HTTPS"] == "on") {
+		$webRoot  = "https://";
+	} else {
+		$webRoot  = "http://";
+	}
+	$webRoot .= $GLOBALS["HTTP_HOST"] . $relScriptDir;
+
 	$FN=stripSlashes($FN);
 
 	switch ($POSTACTION) {
@@ -1301,7 +1321,7 @@
 // this functionality is doubled in DetailView().
 // better keep it here altogether
 // chmod perms to $gblFilePerms
-			if ( file_exists($path) && !is_writable($path) ) 
+			if ( file_exists($path) && !is_writeable($path) ) 
 				Error("File not writable", $relPath) ;
 			$fh = fopen($path, "w+") ;
 			if ($fh) {
@@ -1373,14 +1393,7 @@
 		if ( $CONFIRM != "on" ) break ;
 
 		Logit("$fsDir/$FN","renamed $FN to $NEWNAME");
-		safe_rename("$fsDir/$FN","$fsDir/$NEWNAME");
-		safe_rename("$fsDir/.log/$FN","$fsDir/.log/$NEWNAME");
-		safe_rename("$fsDir/.note/$FN","$fsDir/.note/$NEWNAME");
-		safe_rename("$fsDir/.lock/$FN","$fsDir/.lock/$NEWNAME");
-		for($i=0;$i<=$GLOBALS[gblNumBackups];$i++) {
-			safe_rename("$fsDir/.bak/$i/$FN","$fsDir/.bak/$i/$NEWNAME");
-		}
-
+		safe_rename($fsDir,$FN,$NEWNAME);
 		break ;
 
 	case "NOTE" :  
@@ -1426,7 +1439,7 @@
 	case "E" :
 		$F=stripSlashes($F);
 		// detail of $relDir/$F
-		if (is_file("$gblFsRoot/$relDir/$F")) DetailPage($gblFsRoot, $relDir, $F) ;
+		if (is_file("$gblFsRoot/$relDir/$F") || is_dir("$gblFsRoot/$relDir/$F")) DetailPage($gblFsRoot, $relDir, $F) ;
 		exit ;
 	case "C" :
 		$F=stripSlashes($F);
@@ -1437,7 +1450,7 @@
 		// checkout
 		Lock("$gblFsRoot/$relDir/$F");
 		header("Content-Disposition: attachment; filename=$F" );
-		Header("Location: ".urlpath("$relDir/$F"));
+		Header("Location: $webRoot".urlpath("$relDir/$F"));
 		exit;
 	case "Ci" :
 		$F=stripSlashes($F);
@@ -1454,7 +1467,7 @@
 		// view
 		LogIt("$gblFsRoot/$relDir/$F","viewed");
 		header("Content-Disposition: attachment; filename=$F" );
-		Header("Location: ".urlpath("$relDir/$F"));
+		Header("Location: $webRoot".urlpath("$relDir/$F"));
 		exit;
 	case "Ch" :
 		StartHTML("(File changes)","All changes chronologicaly...");