/[docman]/docman.php
This is repository of my old source code which isn't updated any more. Go to git.rot13.org for current projects!
ViewVC logotype

Contents of /docman.php

Parent Directory Parent Directory | Revision Log Revision Log


Revision 1.2 - (show annotations)
Wed Jul 26 11:46:19 2000 UTC (22 years, 6 months ago) by dpavlin
Branch: MAIN
Changes since 1.1: +249 -69 lines
nuked exec calls (unsecure)
nuked writeable function (replaced by php is_writeable)
added support for https (tested with apache+mod_ssl)
added users file
date format user-selectable
cycle backup files in bak directory
support links as directoryes (for now)
support of file history logging
undelete capabilities (delete moves to .del directory)
added more checking on entered filename (when creating file/dir)
added rename option

1 <?php
2
3 /* Copyright 1999 by John Martin d/b/a www.ANYPORTAL.com */
4 /* All Rights Reserved. */
5 /* */
6 /* This software is freeware and is not in the public domain. */
7 /* You are hereby granted the right to freely distribute this */
8 /* software as long as this copyright notice remains in place. */
9 /* */
10 /* Comments or suggestions? email: andmore@alief.com */
11 /* */
12 /* This is the PHP port: AnyPortal(php)-0.1 */
13 /* ======================================== */
14 /* */
15 /* PHP version 2000 by Stefan@Wiesendanger.org */
16 /* No Rights Reserved. What for, anyhow ? */
17 /* */
18 /* Date Remarks */
19 /* --------- ----------------------------------------------- */
20 /* 25 MAY 99 original ASP version */
21 /* 17 SEP 99 change upload from SA-FILEUP to aspSmartUpload */
22 /* 10 APR 00 simplified PHP3 version */
23 /* 18 APR 00 most of PHP3 port working. Slight modifications */
24 /* 22 APR 00 modified syntax highlighting, no absolute paths */
25 /* revealed, PHP builtin authentication, global */
26 /* style sheet as callback, use apache default */
27 /* icons as an alternative to the wingdings font. */
28 /* 25 APR 00 catch some exceptions (not foolproof yet) */
29 /* 26 APR 00 catch some more exceptions, implicit copy */
30 /* function by saving somewhere else in the detail */
31 /* view, MD5 hashed password. */
32 /* 27 APR 00 Fixed authentication bug */
33 /* 12 MAY 00 Fixed trouble with exec() with newer versions of */
34 /* PHP3. Fixed bug which would send you to a non- */
35 /* existent address after file modifications. */
36
37 /*
38 2000-07-25 Dobrica Pavlinusic <dpavlin@rot13.org>
39
40 nuked exec calls (unsecure)
41 nuked writeable function (replaced by php is_writeable)
42 added support for https (tested with apache+mod_ssl)
43 added users file
44 date format user-selectable
45 cycle backup files in bak directory
46 support links as directoryes (for now)
47 support of file history logging
48 undelete capabilities (delete moves to .del directory)
49
50 2000-07-26 DbP
51
52 added more checking on entered filename (when creating file/dir)
53 added rename option
54
55
56 IMPORTANT INSTALLATION NOTE:
57 deny serving of .* (dot-something) files in web server!
58 Otherwise, uses can access your log files, users and/or
59 deleted files!
60
61 .htusers is in form:
62 login:Real Name:md5(loginpassword)
63
64
65 TODO:
66 mixed file/directory output (add type to each entry,
67 real support for links)
68 add more content-management (like cms.sourceforge.net):
69 check-out/check-in/reserve
70 comments to files
71 */
72
73 //////////////////////////////////////////////////////////////////
74
75 // TODO : Don't let the file be modified itself. Create a hash of
76 // it (kinda hard since it's self-referential ;-). Make better use
77 // of session management. Escapeshellcmd for all user input.
78
79 //////////////////////////////////////////////////////////////////
80
81 // GLOBAL PARAMETERS
82 // =================
83 // Make modifications here to suit siteman to your needs
84
85 // error_reporting(4) ; // how verbose ?
86
87 // username/password should not be system
88 // usernames/passwords !!
89
90 // $gblPw = "hash_of_your_username_and_password" ;
91
92 // $gblAuth = false ; // use builtin authentication
93 $gblAuth = true ; // use builtin authentication
94 $gblHash = "md5" ; // hash function to use
95
96 $gblPw = "";
97
98 if ($gblAuth) {
99 $htusers=fopen(dirname($SCRIPT_FILENAME)."/.htusers","r");
100 while($user = fgetcsv($htusers,255,":")) {
101 if ($user[0] == $GLOBALS["PHP_AUTH_USER"]) {
102 $gblUserName=$user[1];
103 $gblPw=$user[2];
104 continue ;
105 }
106 }
107 fclose($htusers);
108 }
109
110 // $gblDateFmt="D, F d, Y";
111 // $gblTimeFmt="g:i:sA";
112
113 $gblDateFmt="Y-m-d";
114 $gblTimeFmt="H:i:s";
115
116 // Number of backup files to keep
117 $gblNumBackups=5;
118
119 // choose GifIcon below unless you have the M$
120 // WingDings font installed on your system
121
122 $gblIcon = "GifIcon" ; // MockIcon or GifIcon
123
124 // the directory below should be /icons/ or /icons/small/
125 // on Apache; a set of icons is included in the distribution
126
127 $gblIconLocation = "icons/" ;
128
129 // files you want to be able to edit in text mode
130 // and view with (primitive) syntax highlighting
131
132 $gblEditable = array( ".txt",".asa",".asp",".htm",".html",
133 ".cfm",".php3",".php",".phtml",
134 ".shtml",".css" ) ;
135
136 // files that will display as images on the detail page
137 // (useless if your browser doesn't support them)
138
139 $gblImages = array( ".jpg",".jpeg",".gif",".png",".ico",
140 ".bmp",".xbm") ;
141
142 //////////////////////////////////////////////////////////////////
143
144 function StartHTML($title,$text="") {
145
146 $title = "Site Manager " . $title ;
147 $host = $GLOBALS["HTTP_HOST"] ;
148 $self = $GLOBALS["PHP_SELF"] ;
149 ?>
150
151 <HTML>
152 <HEAD>
153 <TITLE><?php echo $host . " " . $title ?></TITLE>
154 <META NAME="description" CONTENT="PHP port of AnyPortal Site Manager">
155 <META NAME="keywords" CONTENT="site manager, web site maintenance">
156 <META NAME="robots" CONTENT="noindex">
157 <META HTTP-EQUIV="expires" CONTENT="0">
158 <LINK REL="stylesheet" TYPE="text/css"
159 HREF="<?php echo $self ?>?STYLE=get">
160 </HEAD>
161 <BODY BGCOLOR="#FFFFFF">
162 <H3 ALIGN="RIGHT"><?php echo $host ?></H3>
163 <TABLE BORDER=0 WIDTH="100%"><TR>
164 <TD CLASS=INV><?php echo $title ?></TD></TR></TABLE>
165 <P><?php echo $text ?></P>
166
167 <?php
168 } // end function StartHTML
169
170 //////////////////////////////////////////////////////////////////
171
172 function EndHTML() {
173 ?>
174
175 <HR>
176 <P CLASS=FTR>
177 <B><?= date($GLOBALS[gblDateFmt]) ?> -
178 <?= date($GLOBALS[gblTimeFmt]) ?> -
179 <?= $GLOBALS[gblUserName] ?>
180 <small> [<a href="<?= $PHP_SELF ?>?relogin=<?= $GLOBALS[gblPw] ?>">logout</a>]</small>
181 </B>
182 <BR>ANYPORTAL(php) Site Manager
183 <br><small>
184 &copy; 1999 by <A HREF="http://www.anyportal.com">ANYPORTAL</A>,
185 &copy; 2000 by <A HREF="http://da.nger.org">d@nger.org</A>,
186 &copy; 2000 by <A HREF="http://www.rot13.org/~dpavlin/">DbP</A>
187 </small>
188 </P>
189 <BR>
190 <? //include("../debug.inc") ?>
191 <BR><BR></BODY></HTML>
192
193 <?php
194 } // end function EndHTML
195
196 //////////////////////////////////////////////////////////////////
197
198 function CSS() {
199 ?>
200
201 BODY,TD,P,H1,H2,H3 { font-family:Verdana,Helvetica,Arial,sans-serif; }
202 .BLK { color:black; }
203 .RED { color:red; }
204 .TOP { color:red; font-size:70%; } /* table headings */
205 .INV { color:white; background-color:navy;
206 font-weight:bold; font-size:120%; } /* title */
207 .FTR { } /* footer */
208 .LST { background-color:#E0E0E0; } /* table cells */
209 .BAR { background-color:#E0E0E0; } /* action bar */
210 PRE { color:blue; font-family:Lucida Console,Courier New,
211 Courier,sans-serif; } /* source code */
212 EM { color:green; font-style:normal; } /* line numbers */
213 .REM { color:silver; }
214 .XML { color:navy; background-color:yellow; }
215 .MCK { color:red; font-family:WingDings; } /* Mock Icons */
216 A:HOVER { color:red; }
217
218 <?php
219 } // end function CSS
220
221 //////////////////////////////////////////////////////////////////
222
223 function DetailPage($fsRoot,$relDir,$fn) {
224
225 global $gblEditable, $gblImages ;
226 $self = $GLOBALS["PHP_SELF"] ;
227
228 $relPath = $relDir . "/" . $fn ;
229 $fsPath = $fsRoot . $relPath ;
230 $fsDir = $fsRoot . $relDir ;
231
232 $exists = file_exists($fsPath) ;
233 $ext = strtolower(strrchr($relPath,".")) ;
234 $editable = ( $ext=="" || strstr(join(" ",$gblEditable),$ext)) ;
235 $writable = is_writeable($fsPath) ;
236
237 if (!$editable && !$exists)
238 Error("Creation unsupported for type",$relPath) ;
239 if (!exists && !is_writeable($fsDir) )
240 Error("Creation denied",$relDir) ;
241
242 $text = "Use this page to view, modify or " ;
243 $text .= "delete a single document on this " ;
244 $text .= "web site." ;
245 $title = "(Detail Page)" ;
246 StartHTML($title, $text) ;
247
248 echo "<H3>" . $relDir . "/" . $fn . "</H3>" ;
249 if ($exists) { // get file info
250 $fsize = filesize($fsPath) ;
251 $fmodified = date("$GLOBALS[gblDateFmt] $GLOBALS[gblTimeFmt]", filemtime($fsPath)) ;
252 $faccessed = date("$GLOBALS[gblDateFmt] $GLOBALS[gblTimeFmt]", fileatime($fsPath)) ;
253 echo "<PRE> file size: " . $fsize . " Bytes<BR>" ;
254 echo "last modified: <B>" . $fmodified . "</B><BR>" ;
255 echo "last accessed: <B>" . $faccessed . "</B><BR>" ;
256 echo " owner: <B>" . fileowner($fsPath) . "</B><BR>" ;
257 echo " group: <B>" . filegroup($fsPath) . "</B><BR>" ;
258 echo " permissions: <B>" ;
259 echo printf( "%o", fileperms($fsPath) ) . "</B>" ;
260 echo "</PRE>" ;
261
262 }
263
264 if ( $editable && ($writable || !$exists) ) {
265 $fh = fopen($fsPath,"a+") ;
266 rewind($fh) ;
267 $fstr = fread($fh,filesize($fsPath)) ;
268 fclose($fh) ;
269 $fstr = htmlentities( $fstr ) ;
270 ?>
271
272 <FORM ACTION="<?php echo $self ; ?>" METHOD="POST">
273 <SPAN TITLE="Click [SAVE] to store updated contents.">
274 <B>DOCUMENT CONTENTS</B>
275 </SPAN><BR>
276 <TEXTAREA NAME="FILEDATA" ROWS=18 COLS=70 WRAP="OFF"><?php
277 echo($fstr) ; ?></TEXTAREA>
278 <INPUT TYPE="HIDDEN" NAME="DIR" VALUE="<?php echo $relDir ; ?>">
279 <INPUT TYPE="HIDDEN" NAME="FN" VALUE="<?php echo $fn ; ?>">
280 <INPUT TYPE="HIDDEN" NAME="POSTACTION" VALUE="SAVE">
281 <INPUT TYPE="HIDDEN" SIZE=48 MAXLENGTH=255 NAME="RELPATH"
282 VALUE="<?php echo $relPath ; ?>">
283 <br>
284 <INPUT TYPE="RESET" VALUE="UNDO ALL CHANGES">
285 <INPUT TYPE="SUBMIT" VALUE="SAVE">
286 </FORM>
287
288 <?php
289 }
290 else if ( strstr( join(" ",$gblImages), $ext ) ) {
291 $info = getimagesize($fsPath) ;
292 $tstr = "<IMG SRC=\"". $relPath . "\" BORDER=0 " ;
293 $tstr .= $info[3] . " ALT=\"" . $fn . " - " ;
294 $tstr .= (int)(($fsize+1023)/1024) . "Kb\">" ;
295 echo htmlentities($tstr) . "<BR><BR>" . $tstr ;
296 }
297 ?>
298
299 <FORM ACTION="<?php echo $self ; ?>" METHOD="POST">
300 <INPUT TYPE="HIDDEN" NAME="DIR" VALUE="<?php echo $relDir ; ?>">
301 <INPUT TYPE="HIDDEN" NAME="FN" VALUE="<?php echo $fn ; ?>">
302 <INPUT TYPE="SUBMIT" NAME="POSTACTION" VALUE="CANCEL"><BR>
303
304 <?php
305 if (substr($fn,0,4) == ".del") {
306 $action="UNDELETE";
307 $desc="undelete previously deleted file";
308 } else {
309 $action="DELETE";
310 $desc="delete";
311 }
312
313 if ($exists && $writable) {
314 ?>
315
316 <HR><SPAN TITLE="Check OK and click [<?= $action ?>] to <?= $desc ?>.">
317 <B>OK TO <?= $action ?> "<?php echo $fn ; ?>"? </B></SPAN>
318 <INPUT TYPE="CHECKBOX" NAME="CONFIRM">
319 <INPUT TYPE="SUBMIT" NAME="POSTACTION" VALUE="<?= $action ?>">
320
321 <HR><SPAN TITLE="Check OK and click [RENAME] to rename.">
322 <B>OK TO RENAME "<?php echo $fn ; ?>" TO
323 <INPUT TYPE="TEXT" SIZE=24 MAXLENGTH=255 NAME="NEWNAME" VALUE="<?= $fn ?>">
324 ? </B></SPAN>
325 <INPUT TYPE="CHECKBOX" NAME="CONFIRM">
326 <INPUT TYPE="SUBMIT" NAME="POSTACTION" VALUE="RENAME">
327
328 <?php
329 }
330 echo "</FORM>" ;
331
332 $logname=dirname("$fsDir/$fn")."/.log/".basename("$fsDir/$fn");
333 if (file_exists($logname)) {
334 print "<hr><br><b>CHANGES TO THIS FILE</b><br><table border=0 width=100%>\n";
335 $log=fopen($logname,"r");
336 $cl1=" class=lst"; $cl2="";
337 while($line = fgetcsv($log,255,"\t")) {
338 $cl=$cl1; $cl1=$cl2; $cl2=$cl;
339 print "<tr><td$cl>$line[0]</td><td$cl>$line[1]</td><td$cl>$line[2]</td><td$cl>$line[3]</td></tr>\n";
340 }
341 fclose($log);
342 print "</table>";
343 }
344
345 EndHTML() ;
346
347 } // end function DetailPage
348
349 //////////////////////////////////////////////////////////////////
350
351 function DisplayCode($fsRoot,$relDir,$fn) {
352
353 $path = $fsRoot . $relDir . "/" . $fn ;
354
355 if (!file_exists($path)) Error("File not found",$path) ;
356
357 StartHTML("(".$relDir."/".$fn.")","");
358
359 $tstr = join("",file($path)) ;
360 $tstr = htmlentities($tstr) ;
361
362 // Tabs
363 $tstr = str_replace(chr(9)," ",$tstr) ;
364
365 // ASP tags & XML/PHP tags
366 $aspbeg = "<SPAN CLASS=XML>&lt;%</SPAN><SPAN CLASS=BLK>" ;
367 $aspend = "</SPAN><SPAN CLASS=XML>%&gt;</SPAN>" ;
368 $tstr = str_replace("&lt;%",$aspbeg,$tstr) ;
369 $tstr = str_replace("%&gt;",$aspend,$tstr) ;
370
371 $xmlbeg = "<SPAN CLASS=XML>&lt;?</SPAN><SPAN CLASS=BLK>" ;
372 $xmlend = "</SPAN><SPAN CLASS=XML>?&gt;</SPAN>" ;
373 $tstr = str_replace("&lt;?",$xmlbeg,$tstr) ;
374 $tstr = str_replace("?&gt;",$xmlend,$tstr) ;
375
376 // C style comment
377 $tstr = str_replace("/*","<SPAN CLASS=REM>/*",$tstr) ;
378 $tstr = str_replace("*/","*/</SPAN>",$tstr) ;
379
380 // HTML comments
381 $tstr = str_replace("&lt;!--","<I CLASS=RED>&lt;!--",$tstr) ;
382 $tstr = str_replace("--&gt;","--&gt;</I>",$tstr) ;
383
384 echo "<PRE>" ;
385
386 $tstr = split("\n",$tstr) ;
387 for ($i = 0 ; $i < sizeof($tstr) ; ++$i) {
388 // add line numbers
389 echo "<BR><EM>" ;
390 echo substr(("000" . ($i+1)), -4) . ":</EM> " ;
391 $line = $tstr[$i] ;
392 // C++ style comments
393 $pos = strpos($line,"//") ;
394 // exceptions: two slashes aren't a script comment
395 if (strstr($line,"//") &&
396 ! ($pos>0 && substr($line,$pos-1,1)==":") &&
397 ! (substr($line,$pos,8) == "//--&gt;") &&
398 ! (substr($line,$pos,9) == "// --&gt;")) {
399 $beg = substr($line,0,strpos($line,"//")) ;
400 $end = strstr($line,"//") ;
401 $line = $beg."<SPAN CLASS=REM>".$end."</SPAN>";
402 }
403 // shell & asp style comments
404 $first = substr(ltrim($line),0,1) ;
405 if ($first == "#" || $first == "'") {
406 $line = "<SPAN CLASS=REM>".$line."</SPAN>";
407 }
408 print($line) ;
409 } // next i
410
411 echo "</PRE>" ;
412
413 EndHTML() ;
414
415 } // end function DisplayCode
416
417 //////////////////////////////////////////////////////////////////
418
419 function MockIcon($txt) {
420 $tstr = "<SPAN CLASS=MCK>" ;
421
422 switch (strtolower($txt)) {
423 case ".bmp" :
424 case ".gif" :
425 case ".jpg" :
426 case ".jpeg":
427 case ".tif" :
428 case ".tiff":
429 $d = 176 ;
430 break ;
431 case ".doc" :
432 $d = 50 ;
433 break ;
434 case ".exe" :
435 case ".bat" :
436 $d = 255 ;
437 break ;
438 case ".bas" :
439 case ".c" :
440 case ".cc" :
441 case ".src" :
442 $d = 255 ;
443 break ;
444 case "file" :
445 $d = 51 ;
446 break ;
447 case "fldr" :
448 $d = 48 ;
449 break ;
450 case ".htm" :
451 case ".html":
452 case ".asa" :
453 case ".asp" :
454 case ".cfm" :
455 case ".php3":
456 case ".php" :
457 case ".phtml" :
458 case ".shtml" :
459 $d = 182 ;
460 break ;
461 case ".pdf" :
462 $d = 38 ;
463 break;
464 case ".txt" :
465 case ".ini" :
466 $d = 52 ;
467 break ;
468 case ".xls" :
469 $d = 252 ;
470 break ;
471 case ".zip" :
472 case ".arc" :
473 case ".sit" :
474 case ".tar" :
475 case ".gz" :
476 case ".tgz" :
477 case ".Z" :
478 $d = 59 ;
479 break ;
480 case "view" :
481 $d = 52 ;
482 break ;
483 case "up" :
484 $d = 199 ;
485 break ;
486 case "blank" :
487 return "&nbsp;&nbsp;</SPAN>" ;
488 break ;
489 default :
490 $d = 51 ;
491 }
492
493 return $tstr . chr($d) . "</SPAN>" ;
494 } // end function MockIcon
495
496 //////////////////////////////////////////////////////////////////
497
498 function GifIcon($txt) {
499 global $gblIconLocation ;
500
501 switch (strtolower($txt)) {
502 case ".bmp" :
503 case ".gif" :
504 case ".jpg" :
505 case ".jpeg":
506 case ".tif" :
507 case ".tiff":
508 $d = "image2.gif" ;
509 break ;
510 case ".doc" :
511 $d = "layout.gif" ;
512 break ;
513 case ".exe" :
514 case ".bat" :
515 $d = "screw2.gif" ;
516 break ;
517 case ".bas" :
518 case ".c" :
519 case ".cc" :
520 case ".src" :
521 $d = "c.gif" ;
522 break ;
523 case "file" :
524 $d = "generic.gif" ;
525 break ;
526 case "fldr" :
527 $d = "dir.gif" ;
528 break ;
529 case ".phps" :
530 $d = "phps.gif" ;
531 break ;
532 case ".php3" :
533 $d = "php3.gif" ;
534 break ;
535 case ".htm" :
536 case ".html":
537 case ".asa" :
538 case ".asp" :
539 case ".cfm" :
540 case ".php3":
541 case ".php" :
542 case ".phtml" :
543 case ".shtml" :
544 $d = "world1.gif" ;
545 break ;
546 case ".pdf" :
547 $d = "pdf.gif" ;
548 break;
549 case ".txt" :
550 case ".ini" :
551 $d = "text.gif" ;
552 break ;
553 case ".xls" :
554 $d = "box2.gif" ;
555 break ;
556 case ".zip" :
557 case ".arc" :
558 case ".sit" :
559 case ".tar" :
560 case ".gz" :
561 case ".tgz" :
562 case ".Z" :
563 $d = "compressed.gif" ;
564 break ;
565 case "view" :
566 $d = "index.gif" ;
567 break ;
568 case "up" :
569 $d = "back.gif" ;
570 break ;
571 case "blank" :
572 $d = "blank.gif" ;
573 break ;
574 default :
575 $d = "generic.gif" ;
576 }
577
578 return "<IMG SRC=\"$gblIconLocation" . $d . "\" BORDER=0>" ;
579 } // end function GifIcon
580
581 //////////////////////////////////////////////////////////////////
582
583 function Navigate($fsRoot,$relDir) {
584
585 global $gblEditable, $gblIcon ;
586
587 $self = $GLOBALS["PHP_SELF"] ;
588 if (isset($GLOBALS["HTTPS"]) && $GLOBALS["HTTPS"] == "on") {
589 $webRoot = "https://" . $GLOBALS["SERVER_NAME"] ;
590 } else {
591 $webRoot = "http://" . $GLOBALS["SERVER_NAME"] ;
592 }
593 $fsDir = $fsRoot . $relDir . "/" ; // current directory
594
595 if (!is_dir($fsDir)) Error("Dir not found",$relDir) ;
596
597 // read directory contents
598 if ( !($dir = @opendir($fsDir)) )
599 Error("Read Access denied",$relDir) ;
600 while ($item = readdir($dir)) {
601 if ( $item == ".." || $item == "." || substr($item,0,1) == "." ) continue ;
602 if ( is_dir($fsDir . $item) ) {
603 $dirList[] = $item ;
604 } else if ( is_file($fsDir . $item) ) {
605 $fileList[] = $item ;
606 } else if ( is_link($fsDir . $item) ) {
607 $dirList[] = $item ;
608 } else {
609 // unknown file type
610 // $text = "Could not determine file type of " ;
611 // Error("File Error", $text.$relDir."/".$item) ;
612 // exit ;
613 }
614 }
615 closedir($dir) ;
616
617 // scan deleted files
618 if ( $GLOBALS[show_deleted] == 1 && ($dir = @opendir("$fsDir/.del")) ) {
619 while ($item = readdir($dir)) {
620 if ( substr($item,0,1) == "." ) continue ;
621 $fileList[] = ".del/$item" ;
622 }
623 closedir($dir) ;
624 }
625
626 $emptyDir = ! (sizeof($dirList) || sizeof($fileList)) ;
627
628 // start navigation page
629 $text = "Use this page to add, delete";
630 if (! isset($show_deleted)) {
631 $text .= ", <a href=$PHP_SELF?show_deleted=1>undelete</a>";
632 }
633 $text .= " or revise files on this web site." ;
634 StartHTML("(Navigate)",$text) ;
635
636 echo "<TABLE BORDER=0 CELLPADDING=2
637 CELLSPACING=3 WIDTH=\"100%\">" ;
638
639 // updir bar
640 if ($fsDir != $fsRoot) {
641 $parent = dirname($relDir) ;
642 if ($parent == "") $parent = "/" ;
643 ?>
644
645 <TR><TD><?php echo $gblIcon("up") ?></TD><TD COLSPAN=4 CLASS=LST>
646 <A HREF="<?php echo $self ?>?D=<?php echo urlencode($parent) ?>">
647 <B><?php echo $parent ?></B></A></TD></TR>
648
649 <?php
650 }
651
652 // output subdirs
653 if (sizeof($dirList) > 0) {
654 sort($dirList) ;
655 ?>
656
657 <TR><TD></TD><TD COLSPAN=4 CLASS=TOP><HR>DIRECTORY NAME</TD></TR>
658
659 <?php
660 while (list($key,$dir) = each($dirList)) {
661
662 $tstr = "<A HREF=\"" . $self . "?D=" ;
663 $tstr .= urlencode($relDir."/".$dir) ;
664 $tstr .= "\">" . $dir . "/</A>" ;
665 ?>
666
667 <TR><TD><?php echo $gblIcon("fldr") ?></TD>
668 <TD COLSPAN=4 CLASS=LST><?php echo $tstr ?></TD></TR>
669
670 <?php
671 } // iterate over dirs
672 } // end if no dirs
673 ?>
674
675 <TR><TD></TD><TD COLSPAN=4><HR><B><?php echo $webRoot . $relDir ?>
676 </B></TD></TR>
677 <TR><TD></TD><TD CLASS=TOP>DOCUMENT NAME</TD>
678 <TD><?php echo $gblIcon("blank") ?></TD>
679 <TD CLASS=TOP>LAST UPDATE</TD><TD CLASS=TOP>FILE SIZE</TD></TR>
680
681 <?php
682 if (sizeof($fileList) > 0) {
683 sort($fileList) ;
684 while (list($key,$file) = each($fileList)) {
685 $path = $fsDir."/".$file ;
686 $mod = filemtime($path) ;
687 $sz = filesize($path) ;
688
689 if ($sz >= 10240) {
690 $sz = (int)(($sz+1023)/1024) . " k" ;
691 }
692 else {
693 $sz .= " " ;
694 } // end size
695
696 $a = $b = "" ;
697
698 if ( ($mod + 30*86400) > time() ) {
699 $a = "<SPAN CLASS=RED TITLE=\"Newer" ;
700 $a .= " than 30 days\"> * </SPAN>" ;
701 }
702
703 $tstr = $webRoot . $relDir . "/" . $file ;
704 $tstr = "<A HREF=\"" . $tstr . "\">" ;
705
706 if (substr($file,0,5) != ".del/") {
707 $tstr .= $file . "</A>" . $a ;
708 } else {
709 $tstr .= substr($file,5,strlen($file)-5) . "</a> <SPAN CLASS=RED TITLE=\"deleted\"> deleted </span>";
710 }
711
712 $ext = strtolower(strrchr($file,".")) ;
713 if ( $ext=="" ||
714 strstr(join(" ",$gblEditable),$ext) )
715 {
716 $b = "<A HREF=\"" . $self . "?A=C&F=" ;
717 $b .= urlencode($file) . "&D=" . urlencode($relDir) ;
718 $b .= "\" TITLE=\"List contents\">" ;
719 $b .= $gblIcon("view") . "</A>" ;
720 }
721
722 ?>
723
724 <TR><TD>
725 <A HREF="<?php echo $self ?>?A=E&F=<?php echo urlencode($file)
726 ?>&D=<?php echo urlencode($relDir) ?>" TITLE="View/Edit">
727 <?php echo $gblIcon($ext) ?></A></TD>
728 <TD CLASS=LST><?php echo $tstr ?></TD>
729 <TD CLASS=LST ALIGN=center><?php echo $b ?></TD>
730 <TD CLASS=LST><?php echo date("$GLOBALS[gblDateFmt] $GLOBALS[gblTimeFmt]",$mod) ?></TD>
731 <TD CLASS=LST><?php echo $sz ?>Bytes</TD></TR>
732
733 <?php
734 } // iterate over files
735 } // end if no files
736
737 if ($emptyDir) {
738 ?>
739
740 <FORM METHOD="POST" ACTION="<?php echo $self ?>">
741 <TR><TD></TD><TD COLSPAN=4 CLASS=BAR>
742 <INPUT TYPE="HIDDEN" NAME="DIR" VALUE="<?php echo $relDir ?>">
743 OK TO DELETE THIS EMPTY FOLDER?
744 <INPUT TYPE="CHECKBOX" NAME="CONFIRM">
745 <INPUT TYPE="SUBMIT" NAME="POSTACTION" VALUE="DELETE">
746 </TD></TR>
747 </FORM>
748
749 <?php
750 } // end if emptyDir
751 ?>
752
753 <TR><TD></TD><TD COLSPAN=4><HR></TD></TR>
754
755 <FORM METHOD="POST" ACTION="<?php echo $self ?>">
756 <TR><TD></TD><TD COLSPAN=4 CLASS=BAR>CREATE NEW
757 <INPUT TYPE="RADIO" NAME="T" VALUE="D" CHECKED>DIRECTORY -OR-
758 <INPUT TYPE="RADIO" NAME="T" VALUE="F">FILE : &nbsp;&nbsp;
759 <NOBR>NAME <INPUT TYPE="TEXT" NAME="FN" SIZE=14>
760 <INPUT TYPE="HIDDEN" NAME="POSTACTION" VALUE="CREATE">
761 <INPUT TYPE="HIDDEN" NAME="DIR" VALUE="<?php echo $relDir ?>">
762 <INPUT TYPE="SUBMIT" VALUE="CREATE"></NOBR>
763 <NOBR>OR <A HREF="<?php echo $self
764 ?>?A=U&D=<?php echo urlencode($relDir) ?>">UPLOAD</A> A FILE
765 </NOBR>
766 </TD></TR>
767 </FORM>
768 </TABLE>
769
770 <?php
771 EndHTML() ;
772 } // end function Navigate
773
774 //////////////////////////////////////////////////////////////////
775
776 function UploadPage($fsRoot, $relDir) {
777
778 $self = $GLOBALS["PHP_SELF"] ;
779 if ($relDir == "") $relDir = "/" ;
780 ?>
781
782 <P><TABLE BORDER=0 CELLPADDING=5><TR><TD WIDTH=5></TD><TD CLASS=BAR>
783 <FORM ENCTYPE="multipart/form-data" METHOD="POST"
784 ACTION="<?php echo $self ?>">
785 DESTINATION DIRECTORY:<B><?php echo " " . $relDir ?></B>
786 <P>PATHNAME OF LOCAL FILE<BR>
787 <INPUT TYPE="HIDDEN" NAME="DIR" VALUE="<?php echo $relDir ?>">
788 <INPUT TYPE="HIDDEN" NAME="POSTACTION" VALUE="UPLOAD">
789 <INPUT SIZE=30 TYPE="FILE" NAME="FN"></P>
790 <P><INPUT TYPE="SUBMIT" VALUE="UPLOAD"></P>
791 <P>If the <B>[BROWSE...]</B> button is not displayed,<BR>
792 you must upgrade to an RFC1867-compliant browser.</P>
793 <P>Your browser:<BR><?php echo $GLOBALS["HTTP_USER_AGENT"] ?></P>
794 </FORM>
795 </TD></TR>
796 <TR><TD></TD><TD>
797 <FORM METHOD="POST" ACTION="<?php echo $self ?>">
798 <INPUT TYPE="HIDDEN" NAME="DIR" VALUE="<?php echo $relDir ?>"><BR>
799 <INPUT TYPE="SUBMIT" NAME="POSTACTION" VALUE="CANCEL">
800 </FORM>
801 </TD></TR></TABLE></P>
802
803 <?php
804 } // end function UploadPage
805
806 //////////////////////////////////////////////////////////////////
807
808 function Error($title,$text="") {
809 StartHTML("(".$title.")",$text) ;
810 echo "<P ALIGN=center>Hit your Browser's Back Button.</P>" ;
811 EndHTML() ;
812 exit ;
813 } // end function Error
814
815 //////////////////////////////////////////////////////////////////
816
817 function CreateHash($user, $pw) {
818
819 global $gblHash ; // hash function to use
820
821 if ($user == "" || $pw == "") {
822 $text = "either no password or no username supplied" ;
823 Error("Create Hash",$text) ;
824 }
825 $title = "(Create Hash)" ;
826 StartHTML($title) ;
827 echo "<P ALIGN=center>" ;
828 echo "<BLOCKQUOTE>Copy the value below and paste it " ;
829 echo "into the<BR>value for \$gblPw in the source of " ;
830 echo "this file<BR><BR><B>" . $gblHash($user.$pw) ;
831 echo "</B><BR><BR>Hash function: " . $gblHash ;
832 echo "</BLOCKQUOTE></P>" ;
833 EndHTML() ;
834 exit ;
835
836 } // end function CreateHash
837
838 //////////////////////////////////////////////////////////////////
839
840 function NoEntry() {
841
842 $user = $GLOBALS["PHP_AUTH_USER"] ;
843 $pw = $GLOBALS["PHP_AUTH_PW"] ;
844 $self = $GLOBALS["PHP_SELF"] ;
845
846 $title = "(401 Unauthorized)" ;
847 $text = "No trespassing !" ;
848 StartHTML($title,$text) ;
849 ?>
850
851 <FORM ACTION="<?php echo $self ?>?HASH=create" METHOD="POST">
852 <INPUT TYPE="HIDDEN" NAME="USER" VALUE="<?php echo $user ?>">
853 <INPUT TYPE="HIDDEN" NAME="PW" VALUE="<?php echo $pw ?>">
854
855 <BLOCKQUOTE><B>If you are a site administrator:</B><BR><BR>
856 Click below to <B>generate a password hash</B><BR>from
857 the username-password pair you just<BR>entered. Then include the hash in
858 the source<BR>of this file.<BR><BR>
859 <INPUT TYPE="SUBMIT" VALUE="CREATE HASH">
860 </BLOCKQUOTE></FORM>
861
862 <?php
863 EndHTML() ;
864 exit ;
865 }
866
867 //////////////////////////////////////////////////////////////////
868
869 function Logit($target,$msg) {
870
871 $dir=dirname($target);
872 if (! file_exists($dir."/.log")) {
873 mkdir($dir."/.log",0700);
874 }
875 $file=basename($target);
876
877 $log=fopen("$dir/.log/$file","a+");
878 fputs($log,date("$GLOBALS[gblDateFmt]\t$GLOBALS[gblTimeFmt]").
879 "\t$GLOBALS[gblUserName]\t$msg\n");
880 fclose($log);
881
882 }
883
884
885
886 //////////////////////////////////////////////////////////////////
887
888 // MAIN PROGRAM
889 // ============
890 // query parameters: capital letters
891 // local functions : begin with capital letters
892 // global constants: begin with gbl
893
894 $gblFilePerms = 0640 ; // default for new files
895 $gblDirPerms = 0750 ; // default for new dirs
896
897 // phpinfo() ;
898 // exit ;
899
900 // forks before authentication: style sheet and hash
901 // creation if password not yet set.
902 if ($STYLE == "get") { CSS() ; exit ; }
903 if ($HASH != "") {
904 CreateHash($USER, $PW) ;
905 exit ;
906 }
907
908 // authentication if $gblAuth == true
909 if ( $gblAuth && $gblHash($PHP_AUTH_USER.$PHP_AUTH_PW) != $gblPw ||
910 isset($relogin) && $gblPw == $relogin ) {
911 header("WWW-authenticate: basic realm=\"$SERVER_NAME\"") ;
912 header("HTTP/1.0 401 Unauthorized") ;
913 NoEntry() ;
914 exit ;
915 }
916
917 // get current directory relative to $gblFsRoot
918 $relDir = $DIR ; // from POST
919 if ($relDir == "") { // not defined in POST ?
920 $relDir = urldecode($D) ; // then use GET
921 }
922
923 if ($relDir == "/") $relDir = "" ;
924 // default : website root = ""
925
926 if (strstr($relDir,"..")) Error("No updirs allowed");
927
928 // full paths contain "fs" or "Fs". Paths realitve to root of
929 // website contain "rel" or "Rel". The script won't let you
930 // edit anything above directory equal to http://server.com
931 // i.e. below $gblFsRoot.
932
933 $relScriptDir = dirname($SCRIPT_NAME) ;
934 // i.e. /siteman
935
936 $fsScriptDir = dirname($SCRIPT_FILENAME) ;
937 // i.e. /home/httpd/html/siteman
938
939 $gblFsRoot = substr($fsScriptDir,0,
940 strlen($fsScriptDir)-strlen($relScriptDir)) ;
941 // i.e. /home/httpd/html
942
943 $fsDir = $gblFsRoot . $relDir ; // current directory
944 if ( !is_dir($fsDir) ) Error("Dir not found",$relDir) ;
945
946 switch ($POSTACTION) {
947 case "UPLOAD" :
948 if (!is_writeable($fsDir)) Error("Write denied",$relDir) ;
949 if (strstr($FN_name,"/"))
950 Error("Non-conforming filename") ;
951 // TODO : should rather check for escapeshellcmds
952 // but maybe RFC 18xx asserts safe filenames ....
953 $source = $FN ;
954 $target = $fsDir . "/" . $FN_name ;
955
956 // backup old files first
957 $dir=dirname($target);
958 if (! file_exists($dir."/.bak")) {
959 mkdir($dir."/.bak",0700);
960 }
961 if (! file_exists($dir."/.bak/$GLOBALS[gblNumBackups]")) {
962 mkdir($dir."/.bak/$GLOBALS[gblNumBackups]",0700);
963 }
964 $file=basename($target);
965 for($i=$GLOBALS[gblNumBackups]-1;$i>0;$i--) {
966 if (! file_exists($dir."/.bak/".$i)) {
967 mkdir($dir."/.bak/".$i,0700);
968 }
969 if (file_exists($dir."/.bak/".$i."/".$file)) {
970 rename($dir."/.bak/".$i."/".$file,
971 $dir."/.bak/".($i+1)."/".$file);
972 }
973 }
974 if (file_exists($target)) {
975 rename($target,$dir."/.bak/1/".$file);
976 }
977
978 copy($source,$target) ;
979 chmod($target,$gblFilePerms) ;
980 clearstatcache() ;
981 Logit($target,"uploaded");
982 break ;
983
984 case "SAVE" :
985 $path = $gblFsRoot . escapeshellcmd($RELPATH) ;
986 $writable = is_writeable($path) ;
987 $legaldir = is_writeable(dirname($path)) ;
988 $exists = (file_exists($path)) ? 1 : 0 ;
989 // check for legal extension here as well
990 if (!($writable || (!$exists && $legaldir)))
991 Error("Write denied",$RELPATH) ;
992 $fh = fopen($path, "w") ;
993 fwrite($fh,$FILEDATA) ;
994 fclose($fh) ;
995 clearstatcache() ;
996 Logit($path,"saved changes");
997 break ;
998
999 case "CREATE" :
1000 // we know $fsDir exists
1001 if ($FN == "") break; // no filename!
1002 if (!is_writeable($fsDir)) Error("Write denied",$relDir) ;
1003 $path = $fsDir . "/" . $FN ; // file or dir to create
1004 $relPath = $relDir . "/" . $FN ;
1005 switch ( $T ) {
1006 case "D" : // create a directory
1007 if ( ! @mkdir($path,$gblDirPerms) )
1008 Error("Mkdir failed",$relPath) ; // eg. if it exists
1009 clearstatcache() ;
1010 break ;
1011 case "F" : // create a new file
1012 // this functionality is doubled in DetailView().
1013 // better keep it here altogether
1014 // chmod perms to $gblFilePerms
1015 if ( file_exists($path) && !is_writable($path) )
1016 Error("File not writable", $relPath) ;
1017 $tstr = $PHP_SELF . "?A=E&D=" . $relDir . "&F=" . $FN ;
1018 header("Location: " . $tstr) ;
1019 exit ;
1020 }
1021 break ;
1022
1023 case "DELETE" :
1024 if ( $CONFIRM != "on" ) break ;
1025
1026 $tstr = "Attempt to delete non-existing object or " ;
1027 $tstr .= "insufficient privileges: " ;
1028
1029 if ( $FN != "") { // delete file
1030 $path = $fsDir . "/" . $FN ;
1031
1032 $dir=dirname($path);
1033 $file=basename($path);
1034 if (! file_exists("$dir/.del")) {
1035 mkdir("$dir/.del",0700);
1036 }
1037
1038 // if ( ! @unlink($path) ) {
1039 if ( ! rename($path,"$dir/.del/$file") ) {
1040 Error("File delete failed", $tstr . $path) ;
1041 Logit($path,"file delete failed");
1042 exit ;
1043 } else {
1044 Logit($path,"file deleted");
1045 if (! file_exists("$dir/.del/.log")) {
1046 mkdir("$dir/.del/.log",0700);
1047 }
1048 rename("$dir/.log/$file","$dir/.del/.log/$file");
1049 }
1050 }
1051 else { // delete directory
1052 if ( ! @rmdir($fsDir) ) {
1053 Error("Rmdir failed", $tstr . $fsDir) ;
1054 }
1055 else {
1056 $relDir = dirname($relDir) ; // move up
1057 }
1058 }
1059 break ;
1060
1061 case "UNDELETE" :
1062 if ( $CONFIRM != "on" ) break ;
1063
1064 if (substr($FN,0,4) != ".del") break ;
1065 $file=substr($FN,4,strlen($FN)-4);
1066
1067 Logit("$fsDir/.del/$file","undeleted");
1068 rename("$fsDir/.del/$file","$fsDir/$file");
1069 rename("$fsDir/.del/.log/$file","$fsDir/.log/$file");
1070
1071 break ;
1072
1073 case "RENAME" :
1074 if ( $CONFIRM != "on" ) break ;
1075
1076 Logit("$fsDir/$FN","renamed $FN to $NEWNAME");
1077 rename("$fsDir/$FN","$fsDir/$NEWNAME");
1078 rename("$fsDir/.log/$FN","$fsDir/.log/$NEWNAME");
1079
1080 break ;
1081
1082 default :
1083 // user hit "CANCEL" or undefined action
1084 }
1085
1086 // common to all POSTs : redirect to directory view ($relDir)
1087 if ( $POSTACTION != "" ) {
1088 $tstr = $PHP_SELF . "?D=" . urlencode($relDir) ;
1089 header("Location: " . $tstr) ;
1090 exit ;
1091 }
1092
1093 // check for mode.. navigate, code display, upload, or detail?
1094 // $A=U : upload to path given in $D
1095 // $A=E : display detail of file $D/$F and edit
1096 // $A=C : display code in file $D/$F
1097 // default : display directory $D
1098
1099 switch ($A) {
1100 case "U" :
1101 // upload to $relDir
1102 if (!is_writeable($gblFsRoot . $relDir))
1103 Error("Write access denied",$relDir) ;
1104 $text = "Use this page to upload a single " ;
1105 $text .= "file to <B>$SERVER_NAME</B>." ;
1106 StartHTML("(Upload Page)", $text) ;
1107 UploadPage($gblFsRoot, $relDir) ;
1108 EndHTML() ;
1109 exit ;
1110 case "E" :
1111 // detail of $relDir/$F
1112 if (is_file("$gblFsRoot/$relDir/$F")) DetailPage($gblFsRoot, $relDir, $F) ;
1113 exit ;
1114 case "C" :
1115 // listing of $relDir/$F
1116 DisplayCode($gblFsRoot, $relDir, $F) ;
1117 exit ;
1118 }
1119
1120 // default: display directory $relDir
1121 Navigate($gblFsRoot,$relDir) ;
1122 exit ;
1123
1124 Error("Whooah!","By cartesian logic, this never happens") ;
1125 ?>

  ViewVC Help
Powered by ViewVC 1.1.26