--- docman.php 2000/09/13 08:27:43 1.21 +++ docman.php 2001/01/26 07:54:53 1.28 @@ -35,22 +35,14 @@ /* existent address after file modifications. */ /* - 2000-07-25 Dobrica Pavlinusic - nuked exec calls (unsecure) - nuked writeable function (replaced by php is_writeable) - added support for https (tested with apache+mod_ssl) - added users file - date format user-selectable - cycle backup files in bak directory - support links as directoryes (for now) - support of file history logging - undelete capabilities (delete moves to .del directory) + This project is now called Directory Manager. - 2000-07-26 DbP + For more info, please see web pages at + http://www.rot13.org/~dpavlin/docman.html - added more checking on entered filename (when creating file/dir) - added rename option + It's relased under GPL by + Dobrica Pavlinusic IMPORTANT INSTALLATION NOTE: @@ -59,15 +51,14 @@ deleted files! .htusers is in form: - login:Real Name:md5(loginpassword) + login:Real Name:[md5(loginpassword)|auth_*]:email@host.dom TODO: mixed file/directory output (add type to each entry, real support for links) - retrieve old versions of files (overwritten) - show last lock date - + access controll + */ ////////////////////////////////////////////////////////////////// @@ -80,7 +71,7 @@ // GLOBAL PARAMETERS // ================= -// Make modifications here to suit siteman to your needs +// Make modifications here to suit docman to your needs // error_reporting(4) ; // how verbose ? @@ -367,13 +358,13 @@ $e[4]"; + $e[4]="$e[4]"; } $bakcount++; } @@ -650,9 +641,9 @@ $self = $GLOBALS["PHP_SELF"] ; if (isset($GLOBALS["HTTPS"]) && $GLOBALS["HTTPS"] == "on") { - $webRoot = "https://" . $GLOBALS["SERVER_NAME"] ; + $webRoot = "https://" . $GLOBALS["HTTP_HOST"] ; } else { - $webRoot = "http://" . $GLOBALS["SERVER_NAME"] ; + $webRoot = "http://" . $GLOBALS["HTTP_HOST"] ; } $fsDir = $fsRoot . $relDir . "/" ; // current directory @@ -829,7 +820,13 @@ + + No files in this directory + + @@ -849,15 +846,14 @@
- "; include(".info.inc"); + print " +
"; } ?> - - -
CREATE NEW @@ -879,7 +875,7 @@ ////////////////////////////////////////////////////////////////// -function UploadPage($fsRoot, $relDir, $filename) { +function UploadPage($fsRoot, $relDir, $filename="") { $self = $GLOBALS["PHP_SELF"] ; if ($relDir == "") $relDir = "/" ; @@ -889,7 +885,7 @@ DESTINATION DIRECTORY: - +
DESTINATION FILE: @@ -978,7 +974,6 @@ function LogIt($target,$msg) { - $target=stripSlashes($target); $dir=dirname($target); if (! file_exists($dir."/.log")) { mkdir($dir."/.log",0700); @@ -1148,12 +1143,12 @@ $log=fopen("$gblFsRoot/.changelog","r"); $logarr = array(); while($line = fgetcsv($log,255,"\t")) { - if ($day!=1 || ($day==1 && (time()-$line[0] < 24*60))) { + if ($day!=1 || ($day==1 && (time()-$line[0] < 24*60*60))) { array_unshift($logarr,array($line[0],$line[1],$line[2],$line[3])); } } fclose($log); - $cl1=" class=lst"; $cl2=""; + $cl1=" class=LST"; $cl2=""; print "\n"; while ($e = array_shift($logarr)) { $cl=$cl1; $cl1=$cl2; $cl2=$cl; @@ -1192,7 +1187,7 @@ // authentication if $gblAuth == true if ( $gblAuth && $gblHash($PHP_AUTH_USER.$PHP_AUTH_PW) != $gblPw || isset($relogin) && $gblPw == $relogin ) { - header("WWW-authenticate: basic realm=\"$SERVER_NAME\"") ; + header("WWW-authenticate: basic realm=\"$HTTP_HOST\"") ; header("HTTP/1.0 401 Unauthorized") ; NoEntry() ; exit ; @@ -1215,18 +1210,22 @@ // i.e. below $gblFsRoot. $relScriptDir = dirname($SCRIPT_NAME) ; - // i.e. /siteman + // i.e. /docman $fsScriptDir = dirname($SCRIPT_FILENAME) ; - // i.e. /home/httpd/html/siteman + // i.e. /home/httpd/html/docman - $gblFsRoot = substr($fsScriptDir,0, - strlen($fsScriptDir)-strlen($relScriptDir)) ; + // start on server root +// $gblFsRoot = substr($fsScriptDir,0, strlen($fsScriptDir)-strlen($relScriptDir)) ; + // or on script root + $gblFsRoot = $fsScriptDir; // i.e. /home/httpd/html $fsDir = $gblFsRoot . $relDir ; // current directory if ( !is_dir($fsDir) ) Error("Dir not found",$relDir) ; - + + $FN=stripSlashes($FN); + switch ($POSTACTION) { case "UPLOAD" : if (!is_writeable($fsDir)) Error("Write denied",$relDir) ; @@ -1235,6 +1234,9 @@ // TODO : should rather check for escapeshellcmds // but maybe RFC 18xx asserts safe filenames .... $source = $FN ; + if (! file_exists($source)) { + Error("You must select file with browse to upload it!"); + } if (! isset($FILENAME)) { // from update file $target = "$fsDir/$FN_name" ; } else { @@ -1267,6 +1269,7 @@ case "SAVE" : $path = $gblFsRoot . $RELPATH ; + $path=stripSlashes($path); $writable = is_writeable($path) ; $legaldir = is_writeable(dirname($path)) ; $exists = (file_exists($path)) ? 1 : 0 ; @@ -1274,6 +1277,7 @@ if (!($writable || (!$exists && $legaldir))) Error("Write denied",$RELPATH) ; $fh = fopen($path, "w") ; + $FILEDATA=stripSlashes($FILEDATA); fwrite($fh,$FILEDATA) ; fclose($fh) ; clearstatcache() ; @@ -1408,24 +1412,24 @@ // $A=V : view file (do nothing except log) // default : display directory $D - $F=stripSlashes($F); - switch ($A) { case "U" : // upload to $relDir if (!is_writeable($gblFsRoot . $relDir)) Error("Write access denied",$relDir) ; $text = "Use this page to upload a single " ; - $text .= "file to $SERVER_NAME." ; + $text .= "file to $HTTP_HOST." ; StartHTML("(Upload Page)", $text) ; UploadPage($gblFsRoot, $relDir) ; EndHTML() ; exit ; case "E" : + $F=stripSlashes($F); // detail of $relDir/$F if (is_file("$gblFsRoot/$relDir/$F")) DetailPage($gblFsRoot, $relDir, $F) ; exit ; case "C" : + $F=stripSlashes($F); // listing of $relDir/$F DisplayCode($gblFsRoot, $relDir, $F) ; exit ; @@ -1436,11 +1440,12 @@ Header("Location: ".urlpath("$relDir/$F")); exit; case "Ci" : + $F=stripSlashes($F); // upload && update to $relDir if (!is_writeable($gblFsRoot . $relDir)) Error("Write access denied",$relDir) ; $text = "Use this page to update a single " ; - $text .= "file to $SERVER_NAME." ; + $text .= "file to $HTTP_HOST." ; StartHTML("(Update file Page)", $text) ; UploadPage($gblFsRoot, $relDir, $F) ; EndHTML() ;