<?php echo $host . " " . $title ?>

--- docman.php 2000/05/12 12:01:08 1.1.1.1 +++ docman.php 2002/07/20 18:27:27 1.58 @@ -34,6 +34,33 @@ /* PHP3. Fixed bug which would send you to a non- */ /* existent address after file modifications. */ +/* + + This project is now called Directory Manager. + + For more info, please see web pages at + http://www.rot13.org/~dpavlin/docman.html + + It's relased under GPL by + Dobrica Pavlinusic + + +IMPORTANT INSTALLATION NOTE: + deny serving of .* (dot-something) files in web server! + Otherwise, uses can access your log files, users and/or + deleted files! + + .htusers is in form: + login:Real Name:[md5(loginpassword)|auth_*]:email@host.dom + + +TODO: + mixed file/directory output (add type to each entry, + real support for links) + access controll + +*/ + ////////////////////////////////////////////////////////////////// // TODO : Don't let the file be modified itself. Create a hash of @@ -44,28 +71,46 @@ // GLOBAL PARAMETERS // ================= -// Make modifications here to suit siteman to your needs +// Make modifications here to suit docman to your needs // error_reporting(4) ; // how verbose ? + // from where to include auth_*.php modules? + $gblIncDir = "/home/httpd/docman"; + + // do we want to force download? (default is 0 for backward + // compatibility, but it's defined as 1 in docman.conf for all + // future applications! + $gblForceDownload = 0; + // username/password should not be system // usernames/passwords !! - // your (hashed) username/password here - $gblPw = "hash_of_your_username_and_password" ; - - $gblAuth = false ; // use builtin authentication - $gblHash = "md5" ; // hash function to use + $gblPw = ""; + + // date format +// $gblDateFmt="D, F d, Y"; + $gblDateFmt="Y-m-d"; + + // time format +// $gblTimeFmt="g:i:sA"; + $gblTimeFmt="H:i:s"; + + // Number of backup files to keep + $gblNumBackups=3; + + // show red star if newer than ... days + $gblModDays=1; // choose GifIcon below unless you have the M$ // WingDings font installed on your system - $gblIcon = "GifIcon" ; // MockIcon or GifIcon + $gblIcon="GifIcon"; // MockIcon or GifIcon // the directory below should be /icons/ or /icons/small/ // on Apache; a set of icons is included in the distribution - $gblIconLocation = "icons/" ; + $gblIconLocation="/icons/"; // files you want to be able to edit in text mode // and view with (primitive) syntax highlighting @@ -80,30 +125,38 @@ $gblImages = array( ".jpg",".jpeg",".gif",".png",".ico", ".bmp",".xbm") ; + // which files to hide (separated by ,) + $gblHide = ""; + + // Where are users? (by default in .htusers file) + $gblUsers = "htusers_file"; + ////////////////////////////////////////////////////////////////// + $gblVersion = "1.9"; + function StartHTML($title,$text="") { - $title = "Site Manager " . $title ; + $title = "Document Manager " . $title ; $host = $GLOBALS["HTTP_HOST"] ; $self = $GLOBALS["PHP_SELF"] ; ?> - <?php echo $host . " " . $title ?> - + <?= $host . " " . $title ?> + + HREF="?STYLE=get"> -

+ +

- - -
ANYPORTAL(php) Site Manager -- © 1999 by ANYPORTAL -- © 2000 by d@nger.org + - + - + + + [] + +
+Document Manager , based on ANYPORTAL(php) Site Manager +
+© 1999 by ANYPORTAL, +© 2000 by d@nger.org, +© 2000-2002 by DbP +

-

+
+ +

-BODY,TD,P,H1,H2,H3 { font-family:Helvetica,Arial,sans-serif; } +BODY,TD,P,H1,H2,H3 { font-family:Verdana,Helvetica,Arial,sans-serif; } .BLK { color:black; } .RED { color:red; } .TOP { color:red; font-size:70%; } /* table headings */ @@ -154,7 +235,7 @@ function DetailPage($fsRoot,$relDir,$fn) { - global $gblEditable, $gblImages ; + global $gblEditable, $gblImages, $webRoot ; $self = $GLOBALS["PHP_SELF"] ; $relPath = $relDir . "/" . $fn ; @@ -164,35 +245,46 @@ $exists = file_exists($fsPath) ; $ext = strtolower(strrchr($relPath,".")) ; $editable = ( $ext=="" || strstr(join(" ",$gblEditable),$ext)) ; - $writable = Writeable($fsPath) ; + $writable = is_writeable($fsPath) ; + $file_lock = CheckLock($fsPath); if (!$editable && !$exists) Error("Creation unsupported for type",$relPath) ; - if (!exists && !Writeable($fsDir) ) + if (!exists && !is_writeable($fsDir) ) Error("Creation denied",$relDir) ; $text = "Use this page to view, modify or " ; - $text .= "delete a single document on this " ; + if (is_dir($fsPath)) { + $text .="delete a directory on this " ; + } else { + $text .= "delete a single document on this " ; + }; $text .= "web site." ; $title = "(Detail Page)" ; StartHTML($title, $text) ; echo "

" . $relDir . "/" . $fn . "

" ; if ($exists) { // get file info - $fsize = filesize($fsPath) ; - $fmodified = date("d/M/y G:i:s", filemtime($fsPath)) ; - $faccessed = date("d/M/y G:i:s", fileatime($fsPath)) ; - echo "

    file size: " . $fsize . " Bytes
" ;
-	  echo "last modified: " . $fmodified . "
" ;
-	  echo "last accessed: " . $faccessed . "
" ;
-	  echo "        owner: " . fileowner($fsPath) . "
" ;
-	  echo "        group: " . filegroup($fsPath) . "
" ;
-	  echo "  permissions: " ; 
-	  echo printf( "%o", fileperms($fsPath) ) . "" ;
-	  echo "

" ; + $fsize = filesize($fsPath) ; + $fmodified = date("$GLOBALS[gblDateFmt] $GLOBALS[gblTimeFmt]", filemtime($fsPath)) ; + $faccessed = date("$GLOBALS[gblDateFmt] $GLOBALS[gblTimeFmt]", fileatime($fsPath)) ; + $fuid=fileowner($fsPath); + $fgid=filegroup($fsPath); + $userinfo = posix_getpwuid($fuid); + $grpinfo = posix_getgrgid($fgid); + echo "

";
+		if (!is_dir($fsPath)) echo "    file size: " . $fsize . " Bytes
" ;
+		echo "last modified: " . $fmodified . "
" ;
+		echo "last accessed: " . $faccessed . "
" ;
+		echo "        owner: " . $userinfo["name"] . " [$fuid]
" ;
+		echo "        group: " . $grpinfo["name"] . " [$fgid]
" ;
+		echo "  permissions: " ; 
+		echo printf( "%o", fileperms($fsPath) ) . "" ;
+		echo "

" ; + } - if ( $editable && ($writable || !$exists) ) { + if ( !is_dir($fsPath) && $editable && ($writable || !$exists) && !$file_lock ) { $fh = fopen($fsPath,"a+") ; rewind($fh) ; $fstr = fread($fh,filesize($fsPath)) ; @@ -200,49 +292,124 @@ $fstr = htmlentities( $fstr ) ; ?> - " ; - echo htmlentities($tstr) . "

" . $tstr ; + if ( !$file_lock && $ext!="" && strstr(join(' ',$gblImages),$ext) ) { + $info = getimagesize($fsPath) ; + $tstr = " $\""$ " ; +// echo htmlentities($tstr) . "

" . $tstr ; + echo $tstr ; } + ?> -"; } - echo "" ; + EndHTML() ; } // end function DetailPage @@ -472,6 +639,18 @@ case "blank" : $d = "blank.gif" ; break ; + case "checkout": + $d = "box2.gif"; + break; + case "checkin": + $d = "hand.up.gif"; + break; + case "locked": + $d = "screw2.gif"; + break; + case "note": + $d = "quill.gif"; + break; default : $d = "generic.gif" ; } @@ -483,26 +662,28 @@ function Navigate($fsRoot,$relDir) { - global $gblEditable, $gblIcon ; + global $gblEditable, $gblIcon, $gblModDays, $webRoot, $gblHide ; $self = $GLOBALS["PHP_SELF"] ; - $webRoot = "http://" . $GLOBALS["SERVER_NAME"] ; - $fsDir = $fsRoot . $relDir . "/" ; // current directory + + $fsDir = $fsRoot . $relDir . "/" ; // current directory if (!is_dir($fsDir)) Error("Dir not found",$relDir) ; + $hide_items=",$gblHide,"; + // read directory contents if ( !($dir = @opendir($fsDir)) ) Error("Read Access denied",$relDir) ; while ($item = readdir($dir)) { - if ( $item == ".." || $item == "." ) continue ; + if ( substr($item,0,1) == "." || strstr($hide_items,",$item,") ) continue ; if ( is_dir($fsDir . $item) ) { $dirList[] = $item ; - } - else if ( is_file($fsDir . $item) ) { + } else if ( is_file($fsDir . $item) ) { $fileList[] = $item ; - } - else { + } else if ( is_link($fsDir . $item) ) { + $dirList[] = $item ; + } else { // unknown file type // $text = "Could not determine file type of " ; // Error("File Error", $text.$relDir."/".$item) ; @@ -510,116 +691,185 @@ } } closedir($dir) ; + + // scan deleted files + if ( $GLOBALS[show_deleted] == 1 && ($dir = @opendir("$fsDir/.del")) ) { + while ($item = readdir($dir)) { + if ( substr($item,0,1) == "." || strstr($hide_items,",$item,") ) continue ; + $fileList[] = ".del/$item" ; + } + closedir($dir) ; + } + $emptyDir = ! (sizeof($dirList) || sizeof($fileList)) ; // start navigation page - $text = "Use this page to add, delete or " ; - $text .= "revise files on this web site." ; - + $text = "Use this page to add, delete"; + if (! isset($show_deleted)) { + $text .= ", undelete"; + } + $text .= " or revise files on this web site." ; + $text .= "
Examine list of files changed in last day or all changes."; StartHTML("(Navigate)",$text) ; echo "" ; // updir bar - if ($fsDir != $fsRoot) { + if (chopsl($fsDir) != chopsl($fsRoot)) { $parent = dirname($relDir) ; if ($parent == "") $parent = "/" ; ?> - + 1) { + $out.="s"; + } + return $out; +} + // output subdirs if (sizeof($dirList) > 0) { sort($dirList) ; ?> - +" . $dir . "/" ; + $note_html="".$gblIcon("note")."".ReadNote($fsDir.$dir); ?> - - + + + - - - + + + 0) { sort($fileList) ; while (list($key,$file) = each($fileList)) { - $path = $fsDir."/".$file ; - $mod = filemtime($path) ; - $sz = filesize($path) ; - - if ($sz >= 10240) { - $sz = (int)(($sz+1023)/1024) . " k" ; - } - else { - $sz .= " " ; - } // end size - - $a = $b = "" ; - - if ( ($mod + 30*86400) > time() ) { - $a = " * " ; - } - - $tstr = $webRoot . $relDir . "/" . $file ; - $tstr = "" ; - $tstr .= $file . "" . $a ; - - $ext = strtolower(strrchr($file,".")) ; - if ( $ext=="" || - strstr(join(" ",$gblEditable),$ext) ) - { - $b = "" ; - $b .= $gblIcon("view") . "" ; - } + $path = $fsDir."/".$file ; + $mod = filemtime($path) ; + $sz = filesize($path) ; + + if ($sz >= 10240) { + $sz = (int)(($sz+1023)/1024) . " k" ; + } else { + $sz .= " " ; + } // end size + + $a = $b = "" ; + + $info_url=$self."?A=E&F=".urlencode($file)."&D=".urlencode($relDir); + + if ( ($mod + $gblModDays*86400) > time() ) { + $a = " * " ; + } + + $file_lock=CheckLock($path); + + $file_url_html="" ; + + if (substr($file,0,5) != ".del/") { + $file_url_html .= $file . "" . $a ; + } else { + $file_url_html .= substr($file,5,strlen($file)-5) . " deleted "; + } + + $note_html="".$gblIcon("note")."".ReadNote($path); + + $ext = strtolower(strrchr($file,".")) ; + + if ($file_lock) { + if ($file_lock == $GLOBALS[gblUserName]) { + $b.="" ; + $file_url_html=$b; + $b.=$gblIcon("checkin")."" ; + $b.= $gblIcon("blank"); + $file_url_html.="$file $a"; + $note_html = $gblIcon("blank")."Please check-in (update) this file"; + } else { + $b = $gblIcon("locked"); + $b.= $gblIcon("blank"); + $note_html = $gblIcon("blank")."File locked by $file_lock"; + $file_url_html = "$file $a"; + } + } else { + $b.="" ; + $b.=$gblIcon("checkout")."" ; + + if ( $ext=="" || strstr(join(" ",$gblEditable),$ext) ) { + $b.="" ; + $b.=$gblIcon("view")."" ; + } else { + $b.= $gblIcon("blank"); + } + } + ?> - - - - + + + + + + + + + - - + - - + "; +} +?> + + +

	- -
	+ +
	DIRECTORY NAME
	DIRECTORY NAME ()	DIRECTORY NOTE

+ +
	+

	DOCUMENT NAME
	DOCUMENT NAME ()	NOTE	LAST UPDATE	FILE SIZE
- -			Bytes
			Bytes
	+ No files in this directory +
	- + +
	+ OK TO DELETE THIS EMPTY FOLDER? @@ -630,19 +880,27 @@ } // end if emptyDir ?> -


	CREATE NEW +				"; + include(".info.inc"); + print "

	CREATE NEW DIRECTORY -OR- FILE : NAME - - - OR UPLOAD A FILE - + + + + OR UPLOAD A FILE

@@ -653,7 +911,7 @@ ////////////////////////////////////////////////////////////////// -function UploadPage($fsRoot, $relDir) { +function UploadPage($fsRoot, $relDir, $filename="") { $self = $GLOBALS["PHP_SELF"] ; if ($relDir == "") $relDir = "/" ; @@ -661,21 +919,25 @@

-DESTINATION DIRECTORY: + ACTION=""> +DESTINATION DIRECTORY: + +
DESTINATION FILE: + +
PATHNAME OF LOCAL FILE
- +

If the [BROWSE...] button is not displayed,
you must upgrade to an RFC1867-compliant browser.
-
Your browser:
+
Your browser:

-
-
+ +

@@ -694,103 +956,328 @@ ////////////////////////////////////////////////////////////////// -function Writeable($path) { - // fix by -mat- filid brandy, brandy@ecrc.de, 07/JUL/99 +function NoEntry() { - clearstatcache ; - $perms = @fileperms($path) ; - $owner = @fileowner($path) ; - exec("id",$id) ; - eregi( "^uid=([0-9]*)",$id[0], $regs) ; - $apacheuid = $regs[1] ; - $perms = 0777 & $perms ; - if ( $apacheuid != $owner ) { - return (06 == (06 & $perms)) ? 1 : 0 ; - } - else { - return (0600 == (0600 & $perms)) ? 1 : 0 ; - } - -} // end function Writable + $user = $GLOBALS["PHP_AUTH_USER"] ; + $pw = $GLOBALS["PHP_AUTH_PW"] ; + $self = $GLOBALS["PHP_SELF"] ; -////////////////////////////////////////////////////////////////// + $title = "(401 Unauthorized)" ; + $text = "No trespassing !" ; + + global $PHP_AUTH_USER,$PHP_AUTH_PW,$gblPw,$relogin; + StartHTML($title,$text) ; -function CreateHash($user, $pw) { - - global $gblHash ; // hash function to use - - if ($user == "" || $pw == "") { - $text = "either no password or no username supplied" ; - Error("Create Hash",$text) ; - } - $title = "(Create Hash)" ; - StartHTML($title) ; - echo "

" ; - echo "

Copy the value below and paste it " ; - echo "into the
value for \$gblPw in the source of " ; - echo "this file

" . $gblHash($user.$pw) ; - echo "

Hash function: " . $gblHash ; - echo "

" ; EndHTML() ; exit ; +} + +////////////////////////////////////////////////////////////////// + +function LogIt($target,$msg) { + + $dir=dirname($target); + if (! file_exists($dir."/.log")) { + mkdir($dir."/.log",0700); + } + $file=basename($target); + + $log=fopen("$dir/.log/$file","a+"); + fputs($log,date("$GLOBALS[gblDateFmt]\t$GLOBALS[gblTimeFmt]"). + "\t$GLOBALS[gblUserName]\t$msg\n"); + fclose($log); + +} -} // end function CreateHash ////////////////////////////////////////////////////////////////// -function NoEntry() { +function WriteNote($target,$msg) { - $user = $GLOBALS["PHP_AUTH_USER"] ; - $pw = $GLOBALS["PHP_AUTH_PW"] ; - $self = $GLOBALS["PHP_SELF"] ; + $target=stripSlashes($target); + $dir=dirname($target); + if (! file_exists($dir."/.note")) { + mkdir($dir."/.note",0700); + } + $file=basename($target); - $title = "(401 Unauthorized)" ; - $text = "No trespassing !" ; - StartHTML($title,$text) ; -?> + $note=fopen("$dir/.note/$file","w"); + fputs($note,"$msg\n"); + fclose($note); - + Logit($target,"added note $msg"); - $to\n"; + if (file_exists($from) && is_writeable(dirname($to))) { + rename($from,$to); + } + } + + function try_dir($todir) { + if (! file_exists($todir)) { + mkdir($todir,0700); + } + } + + $to="$fromdir/$tofile"; + $todir=dirname($to); + $tofile=basename($to); + +# print "

$fromdir / $fromfile -> $todir / $tofile\n\n";
+
+	try_rename("$fromdir/$fromfile","$todir/$tofile");
+	try_dir("$todir/.log");
+	try_rename("$fromdir/.log/$fromfile","$todir/.log/$tofile");
+	try_dir("$todir/.note");
+	try_rename("$fromdir/.note/$fromfile","$todir/.note/$tofile");
+	try_dir("$todir/.lock");
+	try_rename("$fromdir/.lock/$fromfile","$todir/.lock/$tofile");
+	try_dir("$todir/.bak");
+	for($i=0;$i<=$GLOBALS[gblNumBackups];$i++) {
+		try_rename("$fromdir/.bak/$i/$fromfile","$todir/.bak/$i/$tofile");
+	}
+}
+
+
+//////////////////////////////////////////////////////////////////
+
+// recursivly delete directory
+
+function rrmdir($dir) {
+	$handle=opendir($dir);
+	while ($file = readdir($handle)) {
+		if ($file != "." && $file != "..") {
+			if (is_dir("$dir/$file"))
+				rrmdir("$dir/$file");
+			else
+				if (! @unlink("$dir/$file")) return(0);
+		}
+	}
+	closedir($handle);
+	return @rmdir($dir);
+}
+
+//////////////////////////////////////////////////////////////////
+
+function ChangeLog($target,$msg) {
+
+	global $gblFsRoot;
+	$log=fopen("$gblFsRoot/.changelog","a+");
+	if (substr($target,0,strlen($gblFsRoot)) == $gblFsRoot)
+		$target=substr($target,strlen($gblFsRoot),strlen($target)-strlen($gblFsRoot));
+	$msg=str_replace("\t"," ",$msg);
+	fputs($log,time()."\t$target\t$GLOBALS[gblUserName]\t$msg\n");
+	fclose($log);
+
+}
+
+function DisplayChangeLog($day) {
+
+	global $gblFsRoot;
+	if (!file_exists("$gblFsRoot/.changelog")) return;
+	$log=fopen("$gblFsRoot/.changelog","r");
+	$logarr = array();
+	while($line = fgetcsv($log,512,"\t")) {
+		while (sizeof($line) > 4) {
+			$tmp = array_pop($line);
+			$line.=" $tmp";
+		}
+		if ($day!=1 || ($day==1 && (time()-$line[0] < 24*60*60))) {
+			array_unshift($logarr,array($line[0],$line[1],$line[2],$line[3]));
+		}
+	}
+	fclose($log);
+	$cl1=" class=LST"; $cl2="";
+	print "\n";
+	while ($e = array_shift($logarr)) {
+		$cl=$cl1; $cl1=$cl2; $cl2=$cl;
+		$date = date("$GLOBALS[gblDateFmt]", $e[0]);
+		$time = date("$GLOBALS[gblTimeFmt]", $e[0]);
+		$dir = dirname($e[1]);
+		$file = basename($e[1]);
+		print "$date$time$dir/$file$e[2]$e[3]\n";
+	}
+	print "";
+	print "".GifIcon(up)." Back to front page.";
+}
+
+//////////////////////////////////////////////////////////////////
+
+function Download($path) {
+	global $HTTP_USER_AGENT;
+	$file=basename($path);
+	$size = filesize($path);
+	//header("Content-Type: application/octet-stream");
+	header("Content-Type: application/force-download");
+	header("Content-Length: $size");
+	// IE5.5 just downloads index.php if we don't do this
+	if(preg_match("/MSIE 5.5/", $HTTP_USER_AGENT)) {
+		header("Content-Disposition: filename=$file");
+	} else {
+		header("Content-Disposition: attachment; filename=$file");
+	}
+	header("Content-Transfer-Encoding: binary");
+	$fh = fopen($path, "r");
+	fpassthru($fh);
+}
+
+
 //////////////////////////////////////////////////////////////////
 
+function chopsl($path) {
+	if (substr($path,strlen($path)-1,1) == "/") $path=substr($path,0,strlen($path)-1);
+	$path=str_replace("//","/",$path);
+	return $path;
+}
+
+//////////////////////////////////////////////////////////////////
 // MAIN PROGRAM
 // ============
 // query parameters: capital letters
 // local functions : begin with capital letters
 // global constants: begin with gbl
 
-	$gblFilePerms = "644" ;         // default for new files
-	$gblDirPerms  = 0755 ;		// default for new dirs
+	$gblFilePerms = 0640 ;         // default for new files
+	$gblDirPerms  = 0750 ;		// default for new dirs
 
 	// phpinfo() ;
 	// exit ;
 
 	// forks before authentication: style sheet and hash
 	// creation if password not yet set.
-	if ($STYLE == "get") { CSS() ; exit ; }
-	if ($HASH != "") { 
-		CreateHash($USER, $PW) ; 
-		exit ; 
+	if (isset($STYLE) && $STYLE == "get") { CSS() ; exit ; }
+
+	$fsScriptDir  = dirname($SCRIPT_FILENAME) ; 	
+	// i.e. /home/httpd/html/docman
+
+	// read user-defined configuration
+	if (file_exists("$fsScriptDir/.docman.conf")) {
+		include("$fsScriptDir/.docman.conf");
+	}
+
+	// where do we get users from?
+	if (file_exists("$gblIncDir/$gblUsers.php")) {
+		include("$gblIncDir/$gblUsers.php");
+	} else {
+		Error("Configuration error","Can't find user handling module at $gblIncDir/$gblUsers.php ! Please fix $fsScriptDir/.docman.conf");
+	}
+
+	// if no password, or empty password logout
+	if (
+		isset($PHP_AUTH_USER) && (
+			!isset($relogin) || (
+				isset($relogin) && $relogin != md5($PHP_AUTH_USER.$PHP_AUTH_PW)
+			)
+		) && (
+			$PHP_AUTH_PW == "" || !isset($PHP_AUTH_PW)
+		) && !isset($force_login)
+	   ) {
+		StartHTML("Logout completed","Your login credentials has been erased") ;
+		EndHTML() ;
+		exit ;
 	}
 
-	// authentication if $gblAuth == true
-	if ( $gblAuth && 
-	     $gblHash($PHP_AUTH_USER.$PHP_AUTH_PW) != $gblPw ) {
-		header("WWW-authenticate: basic realm=\"$SERVER_NAME\"") ;
+	// authentication failure
+	if ( md5($PHP_AUTH_USER.$PHP_AUTH_PW) != $gblPw ||
+		isset($relogin) && $gblPw == $relogin) {
+		$realm="$HTTP_HOST";
+		header("WWW-authenticate: basic realm=\"$realm\"") ;
 		header("HTTP/1.0 401 Unauthorized") ;
 		NoEntry() ;
 		exit ;
@@ -802,6 +1289,8 @@
 		$relDir = urldecode($D) ;  // then use GET
 	}	
 
+	$relDir=stripSlashes($relDir);
+
 	if ($relDir == "/") $relDir = "" ; 	
 	// default : website root = ""
 
@@ -813,66 +1302,116 @@
 	// i.e. below $gblFsRoot.
 
 	$relScriptDir = dirname($SCRIPT_NAME) ;  	
-	// i.e. /siteman
-
-	$fsScriptDir  = dirname($SCRIPT_FILENAME) ; 	
-	// i.e. /home/httpd/html/siteman
+	// i.e. /docman
 
-	$gblFsRoot = substr($fsScriptDir,0,
-	  strlen($fsScriptDir)-strlen($relScriptDir)) ;
+	// start on server root
+//	$gblFsRoot = substr($fsScriptDir,0, strlen($fsScriptDir)-strlen($relScriptDir)) ;
+	// or on script root
+	$gblFsRoot = $fsScriptDir;
 	// i.e. /home/httpd/html
 
 	$fsDir = $gblFsRoot . $relDir ; // current directory
 	if ( !is_dir($fsDir) ) Error("Dir not found",$relDir) ;
-	
+
+	if (isset($GLOBALS["HTTPS"]) && $GLOBALS["HTTPS"] == "on") {
+		$webRoot  = "https://";
+	} else {
+		$webRoot  = "http://";
+	}
+	$webRoot .= $GLOBALS["HTTP_HOST"] . $relScriptDir;
+
+	$FN=stripSlashes($FN);
+
+
 	switch ($POSTACTION) {
 	case "UPLOAD" :
-		if (!Writeable($fsDir)) Error("Write denied",$relDir) ;
+		if (!is_writeable($fsDir)) Error("Write denied",$relDir) ;
 		if (strstr($FN_name,"/")) 
 			Error("Non-conforming filename") ;
 		// TODO : should rather check for escapeshellcmds
 		// but maybe RFC 18xx asserts safe filenames ....
 		$source = $FN ;
-		$target = $fsDir . "/" . $FN_name ;
-		exec("cp $source $target") ;
-		exec("chmod $gblFilePerms $target") ;
+		if (! file_exists($source)) {
+			Error("You must select file with browse to upload it!");
+		}
+		if (! isset($FILENAME)) { 	// from update file
+			$target = "$fsDir/$FN_name" ;
+		} else {
+			$target = "$fsDir/$FILENAME";
+		}
+
+		// backup old files first
+		$dir=dirname($target);
+		if (! file_exists($dir."/.bak")) {
+			mkdir($dir."/.bak",0700);
+		}
+		if (! file_exists($dir."/.bak/$GLOBALS[gblNumBackups]")) {
+			mkdir($dir."/.bak/$GLOBALS[gblNumBackups]",0700);
+		}
+		$file=basename($target);
+		for($i=$GLOBALS[gblNumBackups]-1;$i>0;$i--) {
+			MoveTo("$dir/.bak/$i/$file","$dir/.bak/".($i+1)."/");
+		}
+		MoveTo($target,$dir."/.bak/1/");
+
+		copy($source,$target) ;
+		chmod($target,$gblFilePerms) ;
 		clearstatcache() ;
+		Logit($target,"uploaded");
+		if (isset($FILENAME)) {
+			Unlock($target);
+		}
+		ChangeLog($target,"updated");
 		break ;
 
 	case "SAVE" :
-		$path = $gblFsRoot . escapeshellcmd($RELPATH) ;
-		$writable = Writeable($path) ;
-		$legaldir = Writeable(dirname($path)) ;
+		$path = $gblFsRoot . $RELPATH ;
+		$path=stripSlashes($path);
+		$writable = is_writeable($path) ;
+		$legaldir = is_writeable(dirname($path)) ;
 		$exists   = (file_exists($path)) ? 1 : 0 ; 
 // check for legal extension here as well
 	 	if (!($writable || (!$exists && $legaldir))) 
 			Error("Write denied",$RELPATH) ;
 		$fh = fopen($path, "w") ;
+		$FILEDATA=stripSlashes($FILEDATA);
 		fwrite($fh,$FILEDATA) ;
 		fclose($fh) ;
 		clearstatcache() ;
+		Logit($path,"saved changes");
+		ChangeLog($path,"saved changes");
 		break ;
 
 	case "CREATE" :
 		// we know $fsDir exists
-		if (!Writeable($fsDir)) Error("Write denied",$relDir) ;
+		if ($FN == "") break;		// no filename!
+		if (!is_writeable($fsDir)) Error("Write denied",$relDir) ;
 		$path = $fsDir . "/" . $FN ;  // file or dir to create
 		$relPath = $relDir . "/" . $FN ;
 		switch ( $T ) {
 		case "D" :  // create a directory
-		  if ( ! @mkdir($path,$gblDirPerms) ) 
-		    Error("Mkdir failed",$relPath) ; // eg. if it exists
-		  clearstatcache() ;
-		  break ;
+			if ( ! @mkdir($path,$gblDirPerms) ) 
+				Error("Mkdir failed",$relPath) ; // eg. if it exists
+			clearstatcache() ;
+			break ;
 		case "F" :  // create a new file
 // this functionality is doubled in DetailView().
 // better keep it here altogether
 // chmod perms to $gblFilePerms
-		  if ( file_exists($path) && !Writable($path) ) 
-		    Error("File not writable", $relPath) ;
-		  $tstr = $PHP_SELF . "?A=E&D=" . $relDir . "&F=" . $FN ;
-		  header("Location: " . $tstr) ;
-		  exit ;
+			if ( file_exists($path) && !is_writeable($path) ) 
+				Error("File not writable", $relPath) ;
+			$fh = fopen($path, "w+") ;
+			if ($fh) {
+				fputs($fh,"\n");
+				fclose($fh) ;
+				LogIt($path,"file created");
+			} else {
+				Error("Creation of file $relPath failed -- $path");
+			}
+			$tstr = "$PHP_SELF?A=E&D=".urlencode($relDir)."&F=".urlencode($FN) ;
+			header("Location: " . $tstr) ;
+			ChangeLog($target,"created");
+			exit ;
 		}
 		break ;
 
@@ -883,14 +1422,28 @@
 		$tstr .= "insufficient privileges: " ;
 
 		if ( $FN != "") {  // delete file
-		  $path =  $fsDir . "/" . $FN ;
-		  if ( ! @unlink($path) ) { 
-		    Error("File delete failed", $tstr . $path) ; 
-		    exit ; 
-		  }			
+			$path =  $fsDir . "/" . $FN ;
+		
+			$dir=dirname($path);
+			$file=basename($path);
+			if (! file_exists("$dir/.del")) {
+				mkdir("$dir/.del",0700);
+			}
+
+//			if ( ! @unlink($path) ) { 
+			if ( ! rename($path,"$dir/.del/$file") ) { 
+				Error("File delete failed", $tstr . $path) ; 
+				Logit($path,"file delete failed");
+				exit ; 
+			} else {
+				Logit($path,"file deleted");
+				MoveTo("$dir/.log/$file","$dir/.del/.log/");
+				MoveTo("$dir/.note/$file","$dir/.del/.note/");
+				MoveTo("$dir/.lock/$file","$dir/.del/.lock/");
+			}
 		}
 		else {  // delete directory
-		  if ( ! @rmdir($fsDir) ) {
+		  if ( ! @rrmdir($fsDir) ) {
 		    Error("Rmdir failed", $tstr . $fsDir) ; 
 		  }
 		  else {
@@ -899,6 +1452,36 @@
 		}
 		break ;
 
+	case "UNDELETE" :  
+		if ( $CONFIRM != "on" ) break ;
+
+		if (substr($FN,0,4) != ".del") break ;
+		$file=substr($FN,4,strlen($FN)-4);
+
+		Logit("$fsDir/.del/$file","undeleted");
+		MoveTo("$fsDir/.del/$file","$fsDir/");
+		MoveTo("$fsDir/.del/.log/$file","$fsDir/.log/");
+		MoveTo("$fsDir/.del/.note/$file","$fsDir/.note/");
+		MoveTo("$fsDir/.del/.lock/$file","$fsDir/.lock/");
+
+		break ;
+
+	case "RENAME" :  
+		if ( $CONFIRM != "on" ) break ;
+
+		Logit("$fsDir/$FN","renamed $FN to $NEWNAME");
+		safe_rename($fsDir,$FN,$NEWNAME);
+		break ;
+
+	case "NOTE" :  
+		WriteNote("$fsDir/$FN","$NOTE");
+		break ;
+
+	case "UNLOCK" :  
+		if ( $CONFIRM != "on" ) break ;
+		Unlock("$fsDir/$FN");
+		break ;
+
 	default :
 		// user hit "CANCEL" or undefined action
 	}
@@ -914,27 +1497,82 @@
 	// $A=U : upload to path given in $D
 	// $A=E : display detail of file $D/$F and edit
 	// $A=C : display code in file $D/$F
+	// $A=Co : checkout file $D/$F
+	// $A=Ci : checkin file $D/$F
+	// $A=V : view file (do nothing except log)
+	// $A=I : include file .$F.php from $gblFsRoot
 	// default : display directory $D
-	
+
 	switch ($A) {
 	case "U" :
 		// upload to $relDir
-		if (!Writeable($gblFsRoot . $relDir)) 
+		if (!is_writeable($gblFsRoot . $relDir)) 
 			Error("Write access denied",$relDir) ;
 		$text  = "Use this page to upload a single " ;
-		$text .= "file to $SERVER_NAME." ;
+		$text .= "file to $HTTP_HOST." ;
 		StartHTML("(Upload Page)", $text) ;
 		UploadPage($gblFsRoot, $relDir) ;
 		EndHTML() ;
 		exit ;
 	case "E" :
+		$F=stripSlashes($F);
 		// detail of $relDir/$F
-		DetailPage($gblFsRoot, $relDir, $F) ;
+		if (is_file("$gblFsRoot/$relDir/$F") || is_dir("$gblFsRoot/$relDir/$F")) DetailPage($gblFsRoot, $relDir, $F) ;
 		exit ;
 	case "C" :
+		$F=stripSlashes($F);
 		// listing of $relDir/$F 
 		DisplayCode($gblFsRoot, $relDir, $F) ;
 		exit ;
+	case "Co" :
+		// checkout
+		Lock("$gblFsRoot/$relDir/$F");
+		Download("$gblFsRoot/$relDir/$F");
+		exit;
+	case "Ci" :
+		$F=stripSlashes($F);
+		// upload && update to $relDir
+		if (!is_writeable($gblFsRoot . $relDir)) 
+			Error("Write access denied",$relDir) ;
+		$text  = "Use this page to update a single " ;
+		$text .= "file to $HTTP_HOST." ;
+		StartHTML("(Update file Page)", $text) ;
+		UploadPage($gblFsRoot, $relDir, $F) ;
+		EndHTML() ;
+		exit ;
+	case "V" :
+		// view
+		LogIt("$gblFsRoot/$relDir/$F","viewed");
+		if ($gblForceDownload) {
+			Download("$gblFsRoot/$relDir/$F");
+		} else {
+			header("Content-Disposition: attachment; filename=$F" );
+			Header("Location: $webRoot".urlpath("$relDir/$F"));
+		}
+		exit;
+	case "Ch" :
+		StartHTML("(File changes)","All changes chronologicaly...");
+		DisplayChangeLog(0);	// all
+		EndHTML() ;
+		exit;
+	case "Ch1" :
+		StartHTML("(File changes)","Changes to files in last day...");
+		DisplayChangeLog(1);
+		EndHTML() ;
+		exit;
+	case "I" :
+		$F=stripSlashes($F);
+		$inc_file="${gblFsRoot}/.${F}.php";
+		if (!isset($F) || $F == "" || !file_exists($inc_file)) Error("Fatal error $inc_file"); // can't find file to include
+		if (!is_readable($inc_file))
+			Error("Read access to include file denied",".${F}.php");
+		$text  = "Your include file should define \$text variable which holds this text and \$title variable which is page title";
+		$title = "You should define \$title variable with page title";
+		include($inc_file);
+		StartHTML($title, $text) ;
+		print "".GifIcon(up)." Back to front page.";
+		EndHTML() ;
+		exit ;
 	}
 
 	// default: display directory $relDir

	-DESTINATION DIRECTORY: + ACTION=""> +DESTINATION DIRECTORY: + + DESTINATION FILE: + + PATHNAME OF LOCAL FILE - + If the [BROWSE...] button is not displayed, you must upgrade to an RFC1867-compliant browser. - Your browser: + Your browser:
	- - + +