--- docman.php 2001/01/26 12:39:57 1.30 +++ docman.php 2002/07/20 18:27:27 1.58 @@ -78,37 +78,16 @@ // from where to include auth_*.php modules? $gblIncDir = "/home/httpd/docman"; + // do we want to force download? (default is 0 for backward + // compatibility, but it's defined as 1 in docman.conf for all + // future applications! + $gblForceDownload = 0; + // username/password should not be system // usernames/passwords !! $gblPw = ""; - $htusers_file=dirname($SCRIPT_FILENAME)."/.htusers"; - if (! file_exists($htusers_file)) { - $htusers=fopen($htusers_file,"a+"); - fputs($htusers,"# Change owner of $htusers_file to root !!\n"); - fputs($htusers,"demo:full name:[md5_hash|auth_*]:e-mail\n"); - fclose($htusers); - } - $htusers=fopen($htusers_file,"r"); - while($user = fgetcsv($htusers,255,":")) { - if ($user[0] == $GLOBALS["PHP_AUTH_USER"]) { - $gblUserName=$user[1]; - $gblPw=$user[2]; - if (substr($gblPw,0,5) == "auth_" && file_exists("$gblIncDir/$gblPw.php")) { - require("$gblIncDir/$gblPw.php"); - if ($gblPw($user)) { - $gblPw=md5($PHP_AUTH_USER.$PHP_AUTH_PW); - } else { - $gblPw="error".md5($PHP_AUTH_USER.$PHP_AUTH_PW); - } - } - $gblEmail=$user[3]; - continue ; - } - } - fclose($htusers); - // date format // $gblDateFmt="D, F d, Y"; $gblDateFmt="Y-m-d"; @@ -146,8 +125,16 @@ $gblImages = array( ".jpg",".jpeg",".gif",".png",".ico", ".bmp",".xbm") ; + // which files to hide (separated by ,) + $gblHide = ""; + + // Where are users? (by default in .htusers file) + $gblUsers = "htusers_file"; + ////////////////////////////////////////////////////////////////// + $gblVersion = "1.9"; + function StartHTML($title,$text="") { $title = "Document Manager " . $title ; @@ -158,7 +145,7 @@
-= date($GLOBALS[gblDateFmt]) ?> -
-= date($GLOBALS[gblTimeFmt]) ?> -
-= $GLOBALS[gblUserName] ?>
- [?relogin== $GLOBALS[gblPw] ?>">logout]
+= date($gblDateFmt) ?> -
+= date($gblTimeFmt) ?> -
+= $gblUserName ?>
+
+ [= $url_title ?>]
-
ANYPORTAL(php) Site Manager
-
+
+Document Manager = $gblVersion ?>, based on ANYPORTAL(php) Site Manager
+
© 1999 by ANYPORTAL,
© 2000 by d@nger.org,
-© 2000 by DbP
+© 2000-2002 by DbP
file size: " . $fsize . " Bytes
" ; + $fuid=fileowner($fsPath); + $fgid=filegroup($fsPath); + $userinfo = posix_getpwuid($fuid); + $grpinfo = posix_getgrgid($fgid); + echo ""; + if (!is_dir($fsPath)) echo " file size: " . $fsize . " Bytes" ; } - if ( $editable && ($writable || !$exists) && !$file_lock ) { + if ( !is_dir($fsPath) && $editable && ($writable || !$exists) && !$file_lock ) { $fh = fopen($fsPath,"a+") ; rewind($fh) ; $fstr = fread($fh,filesize($fsPath)) ; @@ -297,7 +312,7 @@ } if ( !$file_lock && $ext!="" && strstr(join(' ',$gblImages),$ext) ) { $info = getimagesize($fsPath) ; - $tstr = "" ; // echo htmlentities($tstr) . "
" ; echo "last modified: " . $fmodified . "
" ; echo "last accessed: " . $faccessed . "
" ; - echo " owner: " . fileowner($fsPath) . "
" ; - echo " group: " . filegroup($fsPath) . "
" ; + echo " owner: " . $userinfo["name"] . " [$fuid]
" ; + echo " group: " . $grpinfo["name"] . " [$fgid]
" ; echo " permissions: " ; echo printf( "%o", fileperms($fsPath) ) . "" ; echo "
" . $tstr ; @@ -371,17 +386,22 @@ $log=fopen($logname,"r"); $cl1=" class=LST"; $cl2=""; $logarr = array(); - while($line = fgetcsv($log,255,"\t")) { + while($line = fgetcsv($log,512,"\t")) { $cl=$cl1; $cl1=$cl2; $cl2=$cl; array_unshift($logarr,array($cl,$line[0],$line[1],$line[2],$line[3])); } fclose($log); - print "
CHANGES TO THIS FILE
DIRECTORY NAME | |||||
DIRECTORY NAME (= plural("dir",sizeof($dirList)) ?>) | DIRECTORY NOTE | ||||
= $gblIcon("fldr") ?> | -= $tstr ?> | ||||
+ += $gblIcon("fldr") ?> | += $tstr ?> | += $note_html ?> | = $webRoot . $relDir ?> |
-||
DOCUMENT NAME | +|||||
DOCUMENT NAME (= plural("file",sizeof($fileList)) ?>) | = $gblIcon("blank").$gblIcon("blank") ?> | NOTE | LAST UPDATE | FILE SIZE |
$fromdir / $fromfile -> $todir / $tofile\n\n"; + + try_rename("$fromdir/$fromfile","$todir/$tofile"); + try_dir("$todir/.log"); + try_rename("$fromdir/.log/$fromfile","$todir/.log/$tofile"); + try_dir("$todir/.note"); + try_rename("$fromdir/.note/$fromfile","$todir/.note/$tofile"); + try_dir("$todir/.lock"); + try_rename("$fromdir/.lock/$fromfile","$todir/.lock/$tofile"); + try_dir("$todir/.bak"); + for($i=0;$i<=$GLOBALS[gblNumBackups];$i++) { + try_rename("$fromdir/.bak/$i/$fromfile","$todir/.bak/$i/$tofile"); } } + ////////////////////////////////////////////////////////////////// // recursivly delete directory @@ -1100,6 +1161,7 @@ $log=fopen("$gblFsRoot/.changelog","a+"); if (substr($target,0,strlen($gblFsRoot)) == $gblFsRoot) $target=substr($target,strlen($gblFsRoot),strlen($target)-strlen($gblFsRoot)); + $msg=str_replace("\t"," ",$msg); fputs($log,time()."\t$target\t$GLOBALS[gblUserName]\t$msg\n"); fclose($log); @@ -1111,7 +1173,11 @@ if (!file_exists("$gblFsRoot/.changelog")) return; $log=fopen("$gblFsRoot/.changelog","r"); $logarr = array(); - while($line = fgetcsv($log,255,"\t")) { + while($line = fgetcsv($log,512,"\t")) { + while (sizeof($line) > 4) { + $tmp = array_pop($line); + $line.=" $tmp"; + } if ($day!=1 || ($day==1 && (time()-$line[0] < 24*60*60))) { array_unshift($logarr,array($line[0],$line[1],$line[2],$line[3])); } @@ -1133,6 +1199,34 @@ ////////////////////////////////////////////////////////////////// +function Download($path) { + global $HTTP_USER_AGENT; + $file=basename($path); + $size = filesize($path); + //header("Content-Type: application/octet-stream"); + header("Content-Type: application/force-download"); + header("Content-Length: $size"); + // IE5.5 just downloads index.php if we don't do this + if(preg_match("/MSIE 5.5/", $HTTP_USER_AGENT)) { + header("Content-Disposition: filename=$file"); + } else { + header("Content-Disposition: attachment; filename=$file"); + } + header("Content-Transfer-Encoding: binary"); + $fh = fopen($path, "r"); + fpassthru($fh); +} + + +////////////////////////////////////////////////////////////////// + +function chopsl($path) { + if (substr($path,strlen($path)-1,1) == "/") $path=substr($path,0,strlen($path)-1); + $path=str_replace("//","/",$path); + return $path; +} + +////////////////////////////////////////////////////////////////// // MAIN PROGRAM // ============ // query parameters: capital letters @@ -1147,12 +1241,43 @@ // forks before authentication: style sheet and hash // creation if password not yet set. - if ($STYLE == "get") { CSS() ; exit ; } + if (isset($STYLE) && $STYLE == "get") { CSS() ; exit ; } + + $fsScriptDir = dirname($SCRIPT_FILENAME) ; + // i.e. /home/httpd/html/docman + + // read user-defined configuration + if (file_exists("$fsScriptDir/.docman.conf")) { + include("$fsScriptDir/.docman.conf"); + } + + // where do we get users from? + if (file_exists("$gblIncDir/$gblUsers.php")) { + include("$gblIncDir/$gblUsers.php"); + } else { + Error("Configuration error","Can't find user handling module at $gblIncDir/$gblUsers.php ! Please fix $fsScriptDir/.docman.conf"); + } + + // if no password, or empty password logout + if ( + isset($PHP_AUTH_USER) && ( + !isset($relogin) || ( + isset($relogin) && $relogin != md5($PHP_AUTH_USER.$PHP_AUTH_PW) + ) + ) && ( + $PHP_AUTH_PW == "" || !isset($PHP_AUTH_PW) + ) && !isset($force_login) + ) { + StartHTML("Logout completed","Your login credentials has been erased") ; + EndHTML() ; + exit ; + } // authentication failure if ( md5($PHP_AUTH_USER.$PHP_AUTH_PW) != $gblPw || - isset($relogin) && $gblPw == $relogin ) { - header("WWW-authenticate: basic realm=\"$HTTP_HOST\"") ; + isset($relogin) && $gblPw == $relogin) { + $realm="$HTTP_HOST"; + header("WWW-authenticate: basic realm=\"$realm\"") ; header("HTTP/1.0 401 Unauthorized") ; NoEntry() ; exit ; @@ -1164,6 +1289,8 @@ $relDir = urldecode($D) ; // then use GET } + $relDir=stripSlashes($relDir); + if ($relDir == "/") $relDir = "" ; // default : website root = "" @@ -1177,9 +1304,6 @@ $relScriptDir = dirname($SCRIPT_NAME) ; // i.e. /docman - $fsScriptDir = dirname($SCRIPT_FILENAME) ; - // i.e. /home/httpd/html/docman - // start on server root // $gblFsRoot = substr($fsScriptDir,0, strlen($fsScriptDir)-strlen($relScriptDir)) ; // or on script root @@ -1189,8 +1313,16 @@ $fsDir = $gblFsRoot . $relDir ; // current directory if ( !is_dir($fsDir) ) Error("Dir not found",$relDir) ; + if (isset($GLOBALS["HTTPS"]) && $GLOBALS["HTTPS"] == "on") { + $webRoot = "https://"; + } else { + $webRoot = "http://"; + } + $webRoot .= $GLOBALS["HTTP_HOST"] . $relScriptDir; + $FN=stripSlashes($FN); + switch ($POSTACTION) { case "UPLOAD" : if (!is_writeable($fsDir)) Error("Write denied",$relDir) ; @@ -1266,7 +1398,7 @@ // this functionality is doubled in DetailView(). // better keep it here altogether // chmod perms to $gblFilePerms - if ( file_exists($path) && !is_writable($path) ) + if ( file_exists($path) && !is_writeable($path) ) Error("File not writable", $relPath) ; $fh = fopen($path, "w+") ; if ($fh) { @@ -1338,14 +1470,7 @@ if ( $CONFIRM != "on" ) break ; Logit("$fsDir/$FN","renamed $FN to $NEWNAME"); - safe_rename("$fsDir/$FN","$fsDir/$NEWNAME"); - safe_rename("$fsDir/.log/$FN","$fsDir/.log/$NEWNAME"); - safe_rename("$fsDir/.note/$FN","$fsDir/.note/$NEWNAME"); - safe_rename("$fsDir/.lock/$FN","$fsDir/.lock/$NEWNAME"); - for($i=0;$i<=$GLOBALS[gblNumBackups];$i++) { - safe_rename("$fsDir/.bak/$i/$FN","$fsDir/.bak/$i/$NEWNAME"); - } - + safe_rename($fsDir,$FN,$NEWNAME); break ; case "NOTE" : @@ -1375,6 +1500,7 @@ // $A=Co : checkout file $D/$F // $A=Ci : checkin file $D/$F // $A=V : view file (do nothing except log) + // $A=I : include file .$F.php from $gblFsRoot // default : display directory $D switch ($A) { @@ -1391,7 +1517,7 @@ case "E" : $F=stripSlashes($F); // detail of $relDir/$F - if (is_file("$gblFsRoot/$relDir/$F")) DetailPage($gblFsRoot, $relDir, $F) ; + if (is_file("$gblFsRoot/$relDir/$F") || is_dir("$gblFsRoot/$relDir/$F")) DetailPage($gblFsRoot, $relDir, $F) ; exit ; case "C" : $F=stripSlashes($F); @@ -1401,8 +1527,7 @@ case "Co" : // checkout Lock("$gblFsRoot/$relDir/$F"); - header("Content-Disposition: attachment; filename=$F" ); - Header("Location: ".urlpath("$relDir/$F")); + Download("$gblFsRoot/$relDir/$F"); exit; case "Ci" : $F=stripSlashes($F); @@ -1418,8 +1543,12 @@ case "V" : // view LogIt("$gblFsRoot/$relDir/$F","viewed"); - header("Content-Disposition: attachment; filename=$F" ); - Header("Location: ".urlpath("$relDir/$F")); + if ($gblForceDownload) { + Download("$gblFsRoot/$relDir/$F"); + } else { + header("Content-Disposition: attachment; filename=$F" ); + Header("Location: $webRoot".urlpath("$relDir/$F")); + } exit; case "Ch" : StartHTML("(File changes)","All changes chronologicaly..."); @@ -1431,6 +1560,19 @@ DisplayChangeLog(1); EndHTML() ; exit; + case "I" : + $F=stripSlashes($F); + $inc_file="${gblFsRoot}/.${F}.php"; + if (!isset($F) || $F == "" || !file_exists($inc_file)) Error("Fatal error $inc_file"); // can't find file to include + if (!is_readable($inc_file)) + Error("Read access to include file denied",".${F}.php"); + $text = "Your include file should define \$text variable which holds this text and \$title variable which is page title"; + $title = "You should define \$title variable with page title"; + include($inc_file); + StartHTML($title, $text) ; + print "".GifIcon(up)." Back to front page.
"; + EndHTML() ; + exit ; } // default: display directory $relDir