--- docman.php 2000/09/13 09:59:51 1.23 +++ docman.php 2001/01/30 16:48:36 1.31 @@ -35,22 +35,14 @@ /* existent address after file modifications. */ /* - 2000-07-25 Dobrica Pavlinusic - nuked exec calls (unsecure) - nuked writeable function (replaced by php is_writeable) - added support for https (tested with apache+mod_ssl) - added users file - date format user-selectable - cycle backup files in bak directory - support links as directoryes (for now) - support of file history logging - undelete capabilities (delete moves to .del directory) + This project is now called Directory Manager. - 2000-07-26 DbP + For more info, please see web pages at + http://www.rot13.org/~dpavlin/docman.html - added more checking on entered filename (when creating file/dir) - added rename option + It's relased under GPL by + Dobrica Pavlinusic IMPORTANT INSTALLATION NOTE: @@ -59,15 +51,14 @@ deleted files! .htusers is in form: - login:Real Name:md5(loginpassword) + login:Real Name:[md5(loginpassword)|auth_*]:email@host.dom TODO: mixed file/directory output (add type to each entry, real support for links) - retrieve old versions of files (overwritten) - show last lock date - + access controll + */ ////////////////////////////////////////////////////////////////// @@ -80,45 +71,24 @@ // GLOBAL PARAMETERS // ================= -// Make modifications here to suit siteman to your needs +// Make modifications here to suit docman to your needs // error_reporting(4) ; // how verbose ? + // from where to include auth_*.php modules? + $gblIncDir = "/home/httpd/docman"; + // username/password should not be system // usernames/passwords !! -// $gblPw = "hash_of_your_username_and_password" ; - -// $gblAuth = false ; // use builtin authentication - $gblAuth = true ; // use builtin authentication - $gblHash = "md5" ; // hash function to use - $gblPw = ""; - if ($gblAuth) { - $htusers_file=dirname($SCRIPT_FILENAME)."/.htusers"; - if (! file_exists($htusers_file)) { - $htusers=fopen($htusers_file,"a+"); - fputs($htusers,"# Change owner of $htusers_file to root !!\n"); - fputs($htusers,"demo:full name:md5_hash\n"); - fclose($htusers); - } - $htusers=fopen($htusers_file,"r"); - while($user = fgetcsv($htusers,255,":")) { - if ($user[0] == $GLOBALS["PHP_AUTH_USER"]) { - $gblUserName=$user[1]; - $gblPw=$user[2]; - $gblEmail=$user[3]; - continue ; - } - } - fclose($htusers); - } - + // date format // $gblDateFmt="D, F d, Y"; -// $gblTimeFmt="g:i:sA"; - $gblDateFmt="Y-m-d"; + + // time format +// $gblTimeFmt="g:i:sA"; $gblTimeFmt="H:i:s"; // Number of backup files to keep @@ -130,12 +100,12 @@ // choose GifIcon below unless you have the M$ // WingDings font installed on your system - $gblIcon = "GifIcon" ; // MockIcon or GifIcon + $gblIcon="GifIcon"; // MockIcon or GifIcon // the directory below should be /icons/ or /icons/small/ // on Apache; a set of icons is included in the distribution - $gblIconLocation = "/icons/" ; + $gblIconLocation="/icons/"; // files you want to be able to edit in text mode // and view with (primitive) syntax highlighting @@ -154,7 +124,7 @@ function StartHTML($title,$text="") { - $title = "Site Manager " . $title ; + $title = "Document Manager " . $title ; $host = $GLOBALS["HTTP_HOST"] ; $self = $GLOBALS["PHP_SELF"] ; ?> @@ -233,7 +203,7 @@ function DetailPage($fsRoot,$relDir,$fn) { - global $gblEditable, $gblImages ; + global $gblEditable, $gblImages, $webRoot ; $self = $GLOBALS["PHP_SELF"] ; $relPath = $relDir . "/" . $fn ; @@ -301,7 +271,7 @@ } if ( !$file_lock && $ext!="" && strstr(join(' ',$gblImages),$ext) ) { $info = getimagesize($fsPath) ; - $tstr = "\""" ; // echo htmlentities($tstr) . "

" . $tstr ; @@ -373,7 +343,7 @@ $bakdir=dirname("$fsDir/$fn")."/.bak"; if (file_exists($logname)) { $log=fopen($logname,"r"); - $cl1=" class=lst"; $cl2=""; + $cl1=" class=LST"; $cl2=""; $logarr = array(); while($line = fgetcsv($log,255,"\t")) { $cl=$cl1; $cl1=$cl2; $cl2=$cl; @@ -385,7 +355,7 @@ while ($e = array_shift($logarr)) { if (strstr($e[4],"upload")) { if (file_exists("$bakdir/$bakcount/$name")) { - $e[4]="$e[4]"; + $e[4]="$e[4]"; } $bakcount++; } @@ -646,15 +616,11 @@ function Navigate($fsRoot,$relDir) { - global $gblEditable, $gblIcon, $gblModDays ; + global $gblEditable, $gblIcon, $gblModDays, $webRoot ; $self = $GLOBALS["PHP_SELF"] ; - if (isset($GLOBALS["HTTPS"]) && $GLOBALS["HTTPS"] == "on") { - $webRoot = "https://" . $GLOBALS["SERVER_NAME"] ; - } else { - $webRoot = "http://" . $GLOBALS["SERVER_NAME"] ; - } - $fsDir = $fsRoot . $relDir . "/" ; // current directory + + $fsDir = $fsRoot . $relDir . "/" ; // current directory if (!is_dir($fsDir)) Error("Dir not found",$relDir) ; @@ -829,7 +795,13 @@ + + No files in this directory + + @@ -849,15 +821,14 @@
- "; include(".info.inc"); + print " +
"; } ?> - - -
CREATE NEW @@ -879,7 +850,7 @@ ////////////////////////////////////////////////////////////////// -function UploadPage($fsRoot, $relDir, $filename) { +function UploadPage($fsRoot, $relDir, $filename="") { $self = $GLOBALS["PHP_SELF"] ; if ($relDir == "") $relDir = "/" ; @@ -889,7 +860,7 @@ DESTINATION DIRECTORY: - +
DESTINATION FILE: @@ -924,29 +895,6 @@ ////////////////////////////////////////////////////////////////// -function CreateHash($user, $pw) { - - global $gblHash ; // hash function to use - - if ($user == "" || $pw == "") { - $text = "either no password or no username supplied" ; - Error("Create Hash",$text) ; - } - $title = "(Create Hash)" ; - StartHTML($title) ; - echo "

" ; - echo "

Copy the value below and paste it " ; - echo "into the
value for \$gblPw in the source of " ; - echo "this file

" . $gblHash($user.$pw) ; - echo "

Hash function: " . $gblHash ; - echo "

" ; - EndHTML() ; - exit ; - -} // end function CreateHash - -////////////////////////////////////////////////////////////////// - function NoEntry() { $user = $GLOBALS["PHP_AUTH_USER"] ; @@ -956,20 +904,7 @@ $title = "(401 Unauthorized)" ; $text = "No trespassing !" ; StartHTML($title,$text) ; -?> - - - - - -
If you are a site administrator:

-Click below to generate a password hash
from -the username-password pair you just
entered. Then include the hash in -the source
of this file.

- -
-\n"; while ($e = array_shift($logarr)) { $cl=$cl1; $cl1=$cl2; $cl2=$cl; @@ -1183,15 +1118,42 @@ // forks before authentication: style sheet and hash // creation if password not yet set. if ($STYLE == "get") { CSS() ; exit ; } - if ($HASH != "") { - CreateHash($USER, $PW) ; - exit ; + + $htusers_file=dirname($SCRIPT_FILENAME)."/.htusers"; + if (! file_exists($htusers_file)) { + if (is_writable($htuser_file)) { + $htusers=fopen($htusers_file,"a+"); + fputs($htusers,"# Change owner of $htusers_file to root !!\n"); + fputs($htusers,"demo:full name:[md5_hash|auth_*]:e-mail\n"); + fclose($htusers); + } else { + Error("Can't create proto user file!","Please make directory ".dirname($htusers_file)." writable or create .htusers file by hand using adduser.pl script!"); + exit; + } } + $htusers=fopen($htusers_file,"r"); + while($user = fgetcsv($htusers,255,":")) { + if ($user[0] == $GLOBALS["PHP_AUTH_USER"]) { + $gblUserName=$user[1]; + $gblPw=$user[2]; + if (substr($gblPw,0,5) == "auth_" && file_exists("$gblIncDir/$gblPw.php")) { + require("$gblIncDir/$gblPw.php"); + if ($gblPw($user)) { + $gblPw=md5($PHP_AUTH_USER.$PHP_AUTH_PW); + } else { + $gblPw="error".md5($PHP_AUTH_USER.$PHP_AUTH_PW); + } + } + $gblEmail=$user[3]; + continue ; + } + } + fclose($htusers); - // authentication if $gblAuth == true - if ( $gblAuth && $gblHash($PHP_AUTH_USER.$PHP_AUTH_PW) != $gblPw || + // authentication failure + if ( md5($PHP_AUTH_USER.$PHP_AUTH_PW) != $gblPw || isset($relogin) && $gblPw == $relogin ) { - header("WWW-authenticate: basic realm=\"$SERVER_NAME\"") ; + header("WWW-authenticate: basic realm=\"$HTTP_HOST\"") ; header("HTTP/1.0 401 Unauthorized") ; NoEntry() ; exit ; @@ -1214,18 +1176,27 @@ // i.e. below $gblFsRoot. $relScriptDir = dirname($SCRIPT_NAME) ; - // i.e. /siteman + // i.e. /docman $fsScriptDir = dirname($SCRIPT_FILENAME) ; - // i.e. /home/httpd/html/siteman + // i.e. /home/httpd/html/docman - $gblFsRoot = substr($fsScriptDir,0, - strlen($fsScriptDir)-strlen($relScriptDir)) ; + // start on server root +// $gblFsRoot = substr($fsScriptDir,0, strlen($fsScriptDir)-strlen($relScriptDir)) ; + // or on script root + $gblFsRoot = $fsScriptDir; // i.e. /home/httpd/html $fsDir = $gblFsRoot . $relDir ; // current directory if ( !is_dir($fsDir) ) Error("Dir not found",$relDir) ; + if (isset($GLOBALS["HTTPS"]) && $GLOBALS["HTTPS"] == "on") { + $webRoot = "https://"; + } else { + $webRoot = "http://"; + } + $webRoot .= $GLOBALS["HTTP_HOST"] . $relScriptDir; + $FN=stripSlashes($FN); switch ($POSTACTION) { @@ -1236,6 +1207,9 @@ // TODO : should rather check for escapeshellcmds // but maybe RFC 18xx asserts safe filenames .... $source = $FN ; + if (! file_exists($source)) { + Error("You must select file with browse to upload it!"); + } if (! isset($FILENAME)) { // from update file $target = "$fsDir/$FN_name" ; } else { @@ -1417,7 +1391,7 @@ if (!is_writeable($gblFsRoot . $relDir)) Error("Write access denied",$relDir) ; $text = "Use this page to upload a single " ; - $text .= "file to $SERVER_NAME." ; + $text .= "file to $HTTP_HOST." ; StartHTML("(Upload Page)", $text) ; UploadPage($gblFsRoot, $relDir) ; EndHTML() ; @@ -1436,7 +1410,7 @@ // checkout Lock("$gblFsRoot/$relDir/$F"); header("Content-Disposition: attachment; filename=$F" ); - Header("Location: ".urlpath("$relDir/$F")); + Header("Location: $webRoot".urlpath("$relDir/$F")); exit; case "Ci" : $F=stripSlashes($F); @@ -1444,7 +1418,7 @@ if (!is_writeable($gblFsRoot . $relDir)) Error("Write access denied",$relDir) ; $text = "Use this page to update a single " ; - $text .= "file to $SERVER_NAME." ; + $text .= "file to $HTTP_HOST." ; StartHTML("(Update file Page)", $text) ; UploadPage($gblFsRoot, $relDir, $F) ; EndHTML() ; @@ -1453,7 +1427,7 @@ // view LogIt("$gblFsRoot/$relDir/$F","viewed"); header("Content-Disposition: attachment; filename=$F" ); - Header("Location: ".urlpath("$relDir/$F")); + Header("Location: $webRoot".urlpath("$relDir/$F")); exit; case "Ch" : StartHTML("(File changes)","All changes chronologicaly...");