/[docman]/docman.php
This is repository of my old source code which isn't updated any more. Go to git.rot13.org for current projects!
ViewVC logotype

Contents of /docman.php

Parent Directory Parent Directory | Revision Log Revision Log


Revision 1.3 - (show annotations)
Thu Aug 3 19:35:44 2000 UTC (23 years, 7 months ago) by dpavlin
Branch: MAIN
CVS Tags: non-checkin
Changes since 1.2: +10 -3 lines
create proto .htusers undelete preserves directory

1 <?php
2
3 /* Copyright 1999 by John Martin d/b/a www.ANYPORTAL.com */
4 /* All Rights Reserved. */
5 /* */
6 /* This software is freeware and is not in the public domain. */
7 /* You are hereby granted the right to freely distribute this */
8 /* software as long as this copyright notice remains in place. */
9 /* */
10 /* Comments or suggestions? email: andmore@alief.com */
11 /* */
12 /* This is the PHP port: AnyPortal(php)-0.1 */
13 /* ======================================== */
14 /* */
15 /* PHP version 2000 by Stefan@Wiesendanger.org */
16 /* No Rights Reserved. What for, anyhow ? */
17 /* */
18 /* Date Remarks */
19 /* --------- ----------------------------------------------- */
20 /* 25 MAY 99 original ASP version */
21 /* 17 SEP 99 change upload from SA-FILEUP to aspSmartUpload */
22 /* 10 APR 00 simplified PHP3 version */
23 /* 18 APR 00 most of PHP3 port working. Slight modifications */
24 /* 22 APR 00 modified syntax highlighting, no absolute paths */
25 /* revealed, PHP builtin authentication, global */
26 /* style sheet as callback, use apache default */
27 /* icons as an alternative to the wingdings font. */
28 /* 25 APR 00 catch some exceptions (not foolproof yet) */
29 /* 26 APR 00 catch some more exceptions, implicit copy */
30 /* function by saving somewhere else in the detail */
31 /* view, MD5 hashed password. */
32 /* 27 APR 00 Fixed authentication bug */
33 /* 12 MAY 00 Fixed trouble with exec() with newer versions of */
34 /* PHP3. Fixed bug which would send you to a non- */
35 /* existent address after file modifications. */
36
37 /*
38 2000-07-25 Dobrica Pavlinusic <dpavlin@rot13.org>
39
40 nuked exec calls (unsecure)
41 nuked writeable function (replaced by php is_writeable)
42 added support for https (tested with apache+mod_ssl)
43 added users file
44 date format user-selectable
45 cycle backup files in bak directory
46 support links as directoryes (for now)
47 support of file history logging
48 undelete capabilities (delete moves to .del directory)
49
50 2000-07-26 DbP
51
52 added more checking on entered filename (when creating file/dir)
53 added rename option
54
55
56 IMPORTANT INSTALLATION NOTE:
57 deny serving of .* (dot-something) files in web server!
58 Otherwise, uses can access your log files, users and/or
59 deleted files!
60
61 .htusers is in form:
62 login:Real Name:md5(loginpassword)
63
64
65 TODO:
66 mixed file/directory output (add type to each entry,
67 real support for links)
68 add more content-management (like cms.sourceforge.net):
69 check-out/check-in/reserve
70 comments to files
71 */
72
73 //////////////////////////////////////////////////////////////////
74
75 // TODO : Don't let the file be modified itself. Create a hash of
76 // it (kinda hard since it's self-referential ;-). Make better use
77 // of session management. Escapeshellcmd for all user input.
78
79 //////////////////////////////////////////////////////////////////
80
81 // GLOBAL PARAMETERS
82 // =================
83 // Make modifications here to suit siteman to your needs
84
85 // error_reporting(4) ; // how verbose ?
86
87 // username/password should not be system
88 // usernames/passwords !!
89
90 // $gblPw = "hash_of_your_username_and_password" ;
91
92 // $gblAuth = false ; // use builtin authentication
93 $gblAuth = true ; // use builtin authentication
94 $gblHash = "md5" ; // hash function to use
95
96 $gblPw = "";
97
98 if ($gblAuth) {
99 $htusers_file=dirname($SCRIPT_FILENAME)."/.htusers";
100 if (! file_exists($htusers_file)) {
101 $htusers=fopen($htusers_file,"a+");
102 fputs($htusers,"# Change owner of $htusers_file to root !!\n");
103 fputs($htusers,"demo:full name:md5_hash\n");
104 fclose($htusers);
105 }
106 $htusers=fopen($htusers_file,"r");
107 while($user = fgetcsv($htusers,255,":")) {
108 if ($user[0] == $GLOBALS["PHP_AUTH_USER"]) {
109 $gblUserName=$user[1];
110 $gblPw=$user[2];
111 continue ;
112 }
113 }
114 fclose($htusers);
115 }
116
117 // $gblDateFmt="D, F d, Y";
118 // $gblTimeFmt="g:i:sA";
119
120 $gblDateFmt="Y-m-d";
121 $gblTimeFmt="H:i:s";
122
123 // Number of backup files to keep
124 $gblNumBackups=5;
125
126 // choose GifIcon below unless you have the M$
127 // WingDings font installed on your system
128
129 $gblIcon = "GifIcon" ; // MockIcon or GifIcon
130
131 // the directory below should be /icons/ or /icons/small/
132 // on Apache; a set of icons is included in the distribution
133
134 $gblIconLocation = "/icons/" ;
135
136 // files you want to be able to edit in text mode
137 // and view with (primitive) syntax highlighting
138
139 $gblEditable = array( ".txt",".asa",".asp",".htm",".html",
140 ".cfm",".php3",".php",".phtml",
141 ".shtml",".css" ) ;
142
143 // files that will display as images on the detail page
144 // (useless if your browser doesn't support them)
145
146 $gblImages = array( ".jpg",".jpeg",".gif",".png",".ico",
147 ".bmp",".xbm") ;
148
149 //////////////////////////////////////////////////////////////////
150
151 function StartHTML($title,$text="") {
152
153 $title = "Site Manager " . $title ;
154 $host = $GLOBALS["HTTP_HOST"] ;
155 $self = $GLOBALS["PHP_SELF"] ;
156 ?>
157
158 <HTML>
159 <HEAD>
160 <TITLE><?php echo $host . " " . $title ?></TITLE>
161 <META NAME="description" CONTENT="PHP port of AnyPortal Site Manager">
162 <META NAME="keywords" CONTENT="site manager, web site maintenance">
163 <META NAME="robots" CONTENT="noindex">
164 <META HTTP-EQUIV="expires" CONTENT="0">
165 <LINK REL="stylesheet" TYPE="text/css"
166 HREF="<?php echo $self ?>?STYLE=get">
167 </HEAD>
168 <BODY BGCOLOR="#FFFFFF">
169 <H3 ALIGN="RIGHT"><?php echo $host ?></H3>
170 <TABLE BORDER=0 WIDTH="100%"><TR>
171 <TD CLASS=INV><?php echo $title ?></TD></TR></TABLE>
172 <P><?php echo $text ?></P>
173
174 <?php
175 } // end function StartHTML
176
177 //////////////////////////////////////////////////////////////////
178
179 function EndHTML() {
180 ?>
181
182 <HR>
183 <P CLASS=FTR>
184 <B><?= date($GLOBALS[gblDateFmt]) ?> -
185 <?= date($GLOBALS[gblTimeFmt]) ?> -
186 <?= $GLOBALS[gblUserName] ?>
187 <small> [<a href="<?= $PHP_SELF ?>?relogin=<?= $GLOBALS[gblPw] ?>">logout</a>]</small>
188 </B>
189 <BR>ANYPORTAL(php) Site Manager
190 <br><small>
191 &copy; 1999 by <A HREF="http://www.anyportal.com">ANYPORTAL</A>,
192 &copy; 2000 by <A HREF="http://da.nger.org">d@nger.org</A>,
193 &copy; 2000 by <A HREF="http://www.rot13.org/~dpavlin/">DbP</A>
194 </small>
195 </P>
196 <BR>
197 <? //include("../debug.inc") ?>
198 <BR><BR></BODY></HTML>
199
200 <?php
201 } // end function EndHTML
202
203 //////////////////////////////////////////////////////////////////
204
205 function CSS() {
206 ?>
207
208 BODY,TD,P,H1,H2,H3 { font-family:Verdana,Helvetica,Arial,sans-serif; }
209 .BLK { color:black; }
210 .RED { color:red; }
211 .TOP { color:red; font-size:70%; } /* table headings */
212 .INV { color:white; background-color:navy;
213 font-weight:bold; font-size:120%; } /* title */
214 .FTR { } /* footer */
215 .LST { background-color:#E0E0E0; } /* table cells */
216 .BAR { background-color:#E0E0E0; } /* action bar */
217 PRE { color:blue; font-family:Lucida Console,Courier New,
218 Courier,sans-serif; } /* source code */
219 EM { color:green; font-style:normal; } /* line numbers */
220 .REM { color:silver; }
221 .XML { color:navy; background-color:yellow; }
222 .MCK { color:red; font-family:WingDings; } /* Mock Icons */
223 A:HOVER { color:red; }
224
225 <?php
226 } // end function CSS
227
228 //////////////////////////////////////////////////////////////////
229
230 function DetailPage($fsRoot,$relDir,$fn) {
231
232 global $gblEditable, $gblImages ;
233 $self = $GLOBALS["PHP_SELF"] ;
234
235 $relPath = $relDir . "/" . $fn ;
236 $fsPath = $fsRoot . $relPath ;
237 $fsDir = $fsRoot . $relDir ;
238
239 $exists = file_exists($fsPath) ;
240 $ext = strtolower(strrchr($relPath,".")) ;
241 $editable = ( $ext=="" || strstr(join(" ",$gblEditable),$ext)) ;
242 $writable = is_writeable($fsPath) ;
243
244 if (!$editable && !$exists)
245 Error("Creation unsupported for type",$relPath) ;
246 if (!exists && !is_writeable($fsDir) )
247 Error("Creation denied",$relDir) ;
248
249 $text = "Use this page to view, modify or " ;
250 $text .= "delete a single document on this " ;
251 $text .= "web site." ;
252 $title = "(Detail Page)" ;
253 StartHTML($title, $text) ;
254
255 echo "<H3>" . $relDir . "/" . $fn . "</H3>" ;
256 if ($exists) { // get file info
257 $fsize = filesize($fsPath) ;
258 $fmodified = date("$GLOBALS[gblDateFmt] $GLOBALS[gblTimeFmt]", filemtime($fsPath)) ;
259 $faccessed = date("$GLOBALS[gblDateFmt] $GLOBALS[gblTimeFmt]", fileatime($fsPath)) ;
260 echo "<PRE> file size: " . $fsize . " Bytes<BR>" ;
261 echo "last modified: <B>" . $fmodified . "</B><BR>" ;
262 echo "last accessed: <B>" . $faccessed . "</B><BR>" ;
263 echo " owner: <B>" . fileowner($fsPath) . "</B><BR>" ;
264 echo " group: <B>" . filegroup($fsPath) . "</B><BR>" ;
265 echo " permissions: <B>" ;
266 echo printf( "%o", fileperms($fsPath) ) . "</B>" ;
267 echo "</PRE>" ;
268
269 }
270
271 if ( $editable && ($writable || !$exists) ) {
272 $fh = fopen($fsPath,"a+") ;
273 rewind($fh) ;
274 $fstr = fread($fh,filesize($fsPath)) ;
275 fclose($fh) ;
276 $fstr = htmlentities( $fstr ) ;
277 ?>
278
279 <FORM ACTION="<?php echo $self ; ?>" METHOD="POST">
280 <SPAN TITLE="Click [SAVE] to store updated contents.">
281 <B>DOCUMENT CONTENTS</B>
282 </SPAN><BR>
283 <TEXTAREA NAME="FILEDATA" ROWS=18 COLS=70 WRAP="OFF"><?php
284 echo($fstr) ; ?></TEXTAREA>
285 <INPUT TYPE="HIDDEN" NAME="DIR" VALUE="<?php echo $relDir ; ?>">
286 <INPUT TYPE="HIDDEN" NAME="FN" VALUE="<?php echo $fn ; ?>">
287 <INPUT TYPE="HIDDEN" NAME="POSTACTION" VALUE="SAVE">
288 <INPUT TYPE="HIDDEN" SIZE=48 MAXLENGTH=255 NAME="RELPATH"
289 VALUE="<?php echo $relPath ; ?>">
290 <br>
291 <INPUT TYPE="RESET" VALUE="UNDO ALL CHANGES">
292 <INPUT TYPE="SUBMIT" VALUE="SAVE">
293 </FORM>
294
295 <?php
296 }
297 else if ( strstr( join(" ",$gblImages), $ext ) ) {
298 $info = getimagesize($fsPath) ;
299 $tstr = "<IMG SRC=\"". $relPath . "\" BORDER=0 " ;
300 $tstr .= $info[3] . " ALT=\"" . $fn . " - " ;
301 $tstr .= (int)(($fsize+1023)/1024) . "Kb\">" ;
302 echo htmlentities($tstr) . "<BR><BR>" . $tstr ;
303 }
304 ?>
305
306 <FORM ACTION="<?php echo $self ; ?>" METHOD="POST">
307 <INPUT TYPE="HIDDEN" NAME="DIR" VALUE="<?php echo $relDir ; ?>">
308 <INPUT TYPE="HIDDEN" NAME="FN" VALUE="<?php echo $fn ; ?>">
309 <INPUT TYPE="SUBMIT" NAME="POSTACTION" VALUE="CANCEL"><BR>
310
311 <?php
312 if (substr($fn,0,4) == ".del") {
313 $action="UNDELETE";
314 $desc="undelete previously deleted file";
315 } else {
316 $action="DELETE";
317 $desc="delete";
318 }
319
320 if ($exists && $writable) {
321 ?>
322
323 <HR><SPAN TITLE="Check OK and click [<?= $action ?>] to <?= $desc ?>.">
324 <B>OK TO <?= $action ?> "<?php echo $fn ; ?>"? </B></SPAN>
325 <INPUT TYPE="CHECKBOX" NAME="CONFIRM">
326 <INPUT TYPE="SUBMIT" NAME="POSTACTION" VALUE="<?= $action ?>">
327
328 <HR><SPAN TITLE="Check OK and click [RENAME] to rename.">
329 <B>OK TO RENAME "<?php echo $fn ; ?>" TO
330 <INPUT TYPE="TEXT" SIZE=24 MAXLENGTH=255 NAME="NEWNAME" VALUE="<?= $fn ?>">
331 ? </B></SPAN>
332 <INPUT TYPE="CHECKBOX" NAME="CONFIRM">
333 <INPUT TYPE="SUBMIT" NAME="POSTACTION" VALUE="RENAME">
334
335 <?php
336 }
337 echo "</FORM>" ;
338
339 $logname=dirname("$fsDir/$fn")."/.log/".basename("$fsDir/$fn");
340 if (file_exists($logname)) {
341 print "<hr><br><b>CHANGES TO THIS FILE</b><br><table border=0 width=100%>\n";
342 $log=fopen($logname,"r");
343 $cl1=" class=lst"; $cl2="";
344 while($line = fgetcsv($log,255,"\t")) {
345 $cl=$cl1; $cl1=$cl2; $cl2=$cl;
346 print "<tr><td$cl>$line[0]</td><td$cl>$line[1]</td><td$cl>$line[2]</td><td$cl>$line[3]</td></tr>\n";
347 }
348 fclose($log);
349 print "</table>";
350 }
351
352 EndHTML() ;
353
354 } // end function DetailPage
355
356 //////////////////////////////////////////////////////////////////
357
358 function DisplayCode($fsRoot,$relDir,$fn) {
359
360 $path = $fsRoot . $relDir . "/" . $fn ;
361
362 if (!file_exists($path)) Error("File not found",$path) ;
363
364 StartHTML("(".$relDir."/".$fn.")","");
365
366 $tstr = join("",file($path)) ;
367 $tstr = htmlentities($tstr) ;
368
369 // Tabs
370 $tstr = str_replace(chr(9)," ",$tstr) ;
371
372 // ASP tags & XML/PHP tags
373 $aspbeg = "<SPAN CLASS=XML>&lt;%</SPAN><SPAN CLASS=BLK>" ;
374 $aspend = "</SPAN><SPAN CLASS=XML>%&gt;</SPAN>" ;
375 $tstr = str_replace("&lt;%",$aspbeg,$tstr) ;
376 $tstr = str_replace("%&gt;",$aspend,$tstr) ;
377
378 $xmlbeg = "<SPAN CLASS=XML>&lt;?</SPAN><SPAN CLASS=BLK>" ;
379 $xmlend = "</SPAN><SPAN CLASS=XML>?&gt;</SPAN>" ;
380 $tstr = str_replace("&lt;?",$xmlbeg,$tstr) ;
381 $tstr = str_replace("?&gt;",$xmlend,$tstr) ;
382
383 // C style comment
384 $tstr = str_replace("/*","<SPAN CLASS=REM>/*",$tstr) ;
385 $tstr = str_replace("*/","*/</SPAN>",$tstr) ;
386
387 // HTML comments
388 $tstr = str_replace("&lt;!--","<I CLASS=RED>&lt;!--",$tstr) ;
389 $tstr = str_replace("--&gt;","--&gt;</I>",$tstr) ;
390
391 echo "<PRE>" ;
392
393 $tstr = split("\n",$tstr) ;
394 for ($i = 0 ; $i < sizeof($tstr) ; ++$i) {
395 // add line numbers
396 echo "<BR><EM>" ;
397 echo substr(("000" . ($i+1)), -4) . ":</EM> " ;
398 $line = $tstr[$i] ;
399 // C++ style comments
400 $pos = strpos($line,"//") ;
401 // exceptions: two slashes aren't a script comment
402 if (strstr($line,"//") &&
403 ! ($pos>0 && substr($line,$pos-1,1)==":") &&
404 ! (substr($line,$pos,8) == "//--&gt;") &&
405 ! (substr($line,$pos,9) == "// --&gt;")) {
406 $beg = substr($line,0,strpos($line,"//")) ;
407 $end = strstr($line,"//") ;
408 $line = $beg."<SPAN CLASS=REM>".$end."</SPAN>";
409 }
410 // shell & asp style comments
411 $first = substr(ltrim($line),0,1) ;
412 if ($first == "#" || $first == "'") {
413 $line = "<SPAN CLASS=REM>".$line."</SPAN>";
414 }
415 print($line) ;
416 } // next i
417
418 echo "</PRE>" ;
419
420 EndHTML() ;
421
422 } // end function DisplayCode
423
424 //////////////////////////////////////////////////////////////////
425
426 function MockIcon($txt) {
427 $tstr = "<SPAN CLASS=MCK>" ;
428
429 switch (strtolower($txt)) {
430 case ".bmp" :
431 case ".gif" :
432 case ".jpg" :
433 case ".jpeg":
434 case ".tif" :
435 case ".tiff":
436 $d = 176 ;
437 break ;
438 case ".doc" :
439 $d = 50 ;
440 break ;
441 case ".exe" :
442 case ".bat" :
443 $d = 255 ;
444 break ;
445 case ".bas" :
446 case ".c" :
447 case ".cc" :
448 case ".src" :
449 $d = 255 ;
450 break ;
451 case "file" :
452 $d = 51 ;
453 break ;
454 case "fldr" :
455 $d = 48 ;
456 break ;
457 case ".htm" :
458 case ".html":
459 case ".asa" :
460 case ".asp" :
461 case ".cfm" :
462 case ".php3":
463 case ".php" :
464 case ".phtml" :
465 case ".shtml" :
466 $d = 182 ;
467 break ;
468 case ".pdf" :
469 $d = 38 ;
470 break;
471 case ".txt" :
472 case ".ini" :
473 $d = 52 ;
474 break ;
475 case ".xls" :
476 $d = 252 ;
477 break ;
478 case ".zip" :
479 case ".arc" :
480 case ".sit" :
481 case ".tar" :
482 case ".gz" :
483 case ".tgz" :
484 case ".Z" :
485 $d = 59 ;
486 break ;
487 case "view" :
488 $d = 52 ;
489 break ;
490 case "up" :
491 $d = 199 ;
492 break ;
493 case "blank" :
494 return "&nbsp;&nbsp;</SPAN>" ;
495 break ;
496 default :
497 $d = 51 ;
498 }
499
500 return $tstr . chr($d) . "</SPAN>" ;
501 } // end function MockIcon
502
503 //////////////////////////////////////////////////////////////////
504
505 function GifIcon($txt) {
506 global $gblIconLocation ;
507
508 switch (strtolower($txt)) {
509 case ".bmp" :
510 case ".gif" :
511 case ".jpg" :
512 case ".jpeg":
513 case ".tif" :
514 case ".tiff":
515 $d = "image2.gif" ;
516 break ;
517 case ".doc" :
518 $d = "layout.gif" ;
519 break ;
520 case ".exe" :
521 case ".bat" :
522 $d = "screw2.gif" ;
523 break ;
524 case ".bas" :
525 case ".c" :
526 case ".cc" :
527 case ".src" :
528 $d = "c.gif" ;
529 break ;
530 case "file" :
531 $d = "generic.gif" ;
532 break ;
533 case "fldr" :
534 $d = "dir.gif" ;
535 break ;
536 case ".phps" :
537 $d = "phps.gif" ;
538 break ;
539 case ".php3" :
540 $d = "php3.gif" ;
541 break ;
542 case ".htm" :
543 case ".html":
544 case ".asa" :
545 case ".asp" :
546 case ".cfm" :
547 case ".php3":
548 case ".php" :
549 case ".phtml" :
550 case ".shtml" :
551 $d = "world1.gif" ;
552 break ;
553 case ".pdf" :
554 $d = "pdf.gif" ;
555 break;
556 case ".txt" :
557 case ".ini" :
558 $d = "text.gif" ;
559 break ;
560 case ".xls" :
561 $d = "box2.gif" ;
562 break ;
563 case ".zip" :
564 case ".arc" :
565 case ".sit" :
566 case ".tar" :
567 case ".gz" :
568 case ".tgz" :
569 case ".Z" :
570 $d = "compressed.gif" ;
571 break ;
572 case "view" :
573 $d = "index.gif" ;
574 break ;
575 case "up" :
576 $d = "back.gif" ;
577 break ;
578 case "blank" :
579 $d = "blank.gif" ;
580 break ;
581 default :
582 $d = "generic.gif" ;
583 }
584
585 return "<IMG SRC=\"$gblIconLocation" . $d . "\" BORDER=0>" ;
586 } // end function GifIcon
587
588 //////////////////////////////////////////////////////////////////
589
590 function Navigate($fsRoot,$relDir) {
591
592 global $gblEditable, $gblIcon ;
593
594 $self = $GLOBALS["PHP_SELF"] ;
595 if (isset($GLOBALS["HTTPS"]) && $GLOBALS["HTTPS"] == "on") {
596 $webRoot = "https://" . $GLOBALS["SERVER_NAME"] ;
597 } else {
598 $webRoot = "http://" . $GLOBALS["SERVER_NAME"] ;
599 }
600 $fsDir = $fsRoot . $relDir . "/" ; // current directory
601
602 if (!is_dir($fsDir)) Error("Dir not found",$relDir) ;
603
604 // read directory contents
605 if ( !($dir = @opendir($fsDir)) )
606 Error("Read Access denied",$relDir) ;
607 while ($item = readdir($dir)) {
608 if ( $item == ".." || $item == "." || substr($item,0,1) == "." ) continue ;
609 if ( is_dir($fsDir . $item) ) {
610 $dirList[] = $item ;
611 } else if ( is_file($fsDir . $item) ) {
612 $fileList[] = $item ;
613 } else if ( is_link($fsDir . $item) ) {
614 $dirList[] = $item ;
615 } else {
616 // unknown file type
617 // $text = "Could not determine file type of " ;
618 // Error("File Error", $text.$relDir."/".$item) ;
619 // exit ;
620 }
621 }
622 closedir($dir) ;
623
624 // scan deleted files
625 if ( $GLOBALS[show_deleted] == 1 && ($dir = @opendir("$fsDir/.del")) ) {
626 while ($item = readdir($dir)) {
627 if ( substr($item,0,1) == "." ) continue ;
628 $fileList[] = ".del/$item" ;
629 }
630 closedir($dir) ;
631 }
632
633 $emptyDir = ! (sizeof($dirList) || sizeof($fileList)) ;
634
635 // start navigation page
636 $text = "Use this page to add, delete";
637 if (! isset($show_deleted)) {
638 $text .= ", <a href=".$GLOBALS[PHP_SELF]."?D=".urlencode($relDir)."&show_deleted=1>undelete</a>";
639 }
640 $text .= " or revise files on this web site." ;
641 StartHTML("(Navigate)",$text) ;
642
643 echo "<TABLE BORDER=0 CELLPADDING=2
644 CELLSPACING=3 WIDTH=\"100%\">" ;
645
646 // updir bar
647 if ($fsDir != $fsRoot) {
648 $parent = dirname($relDir) ;
649 if ($parent == "") $parent = "/" ;
650 ?>
651
652 <TR><TD><?php echo $gblIcon("up") ?></TD><TD COLSPAN=4 CLASS=LST>
653 <A HREF="<?php echo $self ?>?D=<?php echo urlencode($parent) ?>">
654 <B><?php echo $parent ?></B></A></TD></TR>
655
656 <?php
657 }
658
659 // output subdirs
660 if (sizeof($dirList) > 0) {
661 sort($dirList) ;
662 ?>
663
664 <TR><TD></TD><TD COLSPAN=4 CLASS=TOP><HR>DIRECTORY NAME</TD></TR>
665
666 <?php
667 while (list($key,$dir) = each($dirList)) {
668
669 $tstr = "<A HREF=\"" . $self . "?D=" ;
670 $tstr .= urlencode($relDir."/".$dir) ;
671 $tstr .= "\">" . $dir . "/</A>" ;
672 ?>
673
674 <TR><TD><?php echo $gblIcon("fldr") ?></TD>
675 <TD COLSPAN=4 CLASS=LST><?php echo $tstr ?></TD></TR>
676
677 <?php
678 } // iterate over dirs
679 } // end if no dirs
680 ?>
681
682 <TR><TD></TD><TD COLSPAN=4><HR><B><?php echo $webRoot . $relDir ?>
683 </B></TD></TR>
684 <TR><TD></TD><TD CLASS=TOP>DOCUMENT NAME</TD>
685 <TD><?php echo $gblIcon("blank") ?></TD>
686 <TD CLASS=TOP>LAST UPDATE</TD><TD CLASS=TOP>FILE SIZE</TD></TR>
687
688 <?php
689 if (sizeof($fileList) > 0) {
690 sort($fileList) ;
691 while (list($key,$file) = each($fileList)) {
692 $path = $fsDir."/".$file ;
693 $mod = filemtime($path) ;
694 $sz = filesize($path) ;
695
696 if ($sz >= 10240) {
697 $sz = (int)(($sz+1023)/1024) . " k" ;
698 }
699 else {
700 $sz .= " " ;
701 } // end size
702
703 $a = $b = "" ;
704
705 if ( ($mod + 30*86400) > time() ) {
706 $a = "<SPAN CLASS=RED TITLE=\"Newer" ;
707 $a .= " than 30 days\"> * </SPAN>" ;
708 }
709
710 $tstr = $webRoot . $relDir . "/" . $file ;
711 $tstr = "<A HREF=\"" . $tstr . "\">" ;
712
713 if (substr($file,0,5) != ".del/") {
714 $tstr .= $file . "</A>" . $a ;
715 } else {
716 $tstr .= substr($file,5,strlen($file)-5) . "</a> <SPAN CLASS=RED TITLE=\"deleted\"> deleted </span>";
717 }
718
719 $ext = strtolower(strrchr($file,".")) ;
720 if ( $ext=="" ||
721 strstr(join(" ",$gblEditable),$ext) )
722 {
723 $b = "<A HREF=\"" . $self . "?A=C&F=" ;
724 $b .= urlencode($file) . "&D=" . urlencode($relDir) ;
725 $b .= "\" TITLE=\"List contents\">" ;
726 $b .= $gblIcon("view") . "</A>" ;
727 }
728
729 ?>
730
731 <TR><TD>
732 <A HREF="<?php echo $self ?>?A=E&F=<?php echo urlencode($file)
733 ?>&D=<?php echo urlencode($relDir) ?>" TITLE="View/Edit">
734 <?php echo $gblIcon($ext) ?></A></TD>
735 <TD CLASS=LST><?php echo $tstr ?></TD>
736 <TD CLASS=LST ALIGN=center><?php echo $b ?></TD>
737 <TD CLASS=LST><?php echo date("$GLOBALS[gblDateFmt] $GLOBALS[gblTimeFmt]",$mod) ?></TD>
738 <TD CLASS=LST><?php echo $sz ?>Bytes</TD></TR>
739
740 <?php
741 } // iterate over files
742 } // end if no files
743
744 if ($emptyDir) {
745 ?>
746
747 <FORM METHOD="POST" ACTION="<?php echo $self ?>">
748 <TR><TD></TD><TD COLSPAN=4 CLASS=BAR>
749 <INPUT TYPE="HIDDEN" NAME="DIR" VALUE="<?php echo $relDir ?>">
750 OK TO DELETE THIS EMPTY FOLDER?
751 <INPUT TYPE="CHECKBOX" NAME="CONFIRM">
752 <INPUT TYPE="SUBMIT" NAME="POSTACTION" VALUE="DELETE">
753 </TD></TR>
754 </FORM>
755
756 <?php
757 } // end if emptyDir
758 ?>
759
760 <TR><TD></TD><TD COLSPAN=4><HR></TD></TR>
761
762 <FORM METHOD="POST" ACTION="<?php echo $self ?>">
763 <TR><TD></TD><TD COLSPAN=4 CLASS=BAR>CREATE NEW
764 <INPUT TYPE="RADIO" NAME="T" VALUE="D" CHECKED>DIRECTORY -OR-
765 <INPUT TYPE="RADIO" NAME="T" VALUE="F">FILE : &nbsp;&nbsp;
766 <NOBR>NAME <INPUT TYPE="TEXT" NAME="FN" SIZE=14>
767 <INPUT TYPE="HIDDEN" NAME="POSTACTION" VALUE="CREATE">
768 <INPUT TYPE="HIDDEN" NAME="DIR" VALUE="<?php echo $relDir ?>">
769 <INPUT TYPE="SUBMIT" VALUE="CREATE"></NOBR>
770 <NOBR>OR <A HREF="<?php echo $self
771 ?>?A=U&D=<?php echo urlencode($relDir) ?>">UPLOAD</A> A FILE
772 </NOBR>
773 </TD></TR>
774 </FORM>
775 </TABLE>
776
777 <?php
778 EndHTML() ;
779 } // end function Navigate
780
781 //////////////////////////////////////////////////////////////////
782
783 function UploadPage($fsRoot, $relDir) {
784
785 $self = $GLOBALS["PHP_SELF"] ;
786 if ($relDir == "") $relDir = "/" ;
787 ?>
788
789 <P><TABLE BORDER=0 CELLPADDING=5><TR><TD WIDTH=5></TD><TD CLASS=BAR>
790 <FORM ENCTYPE="multipart/form-data" METHOD="POST"
791 ACTION="<?php echo $self ?>">
792 DESTINATION DIRECTORY:<B><?php echo " " . $relDir ?></B>
793 <P>PATHNAME OF LOCAL FILE<BR>
794 <INPUT TYPE="HIDDEN" NAME="DIR" VALUE="<?php echo $relDir ?>">
795 <INPUT TYPE="HIDDEN" NAME="POSTACTION" VALUE="UPLOAD">
796 <INPUT SIZE=30 TYPE="FILE" NAME="FN"></P>
797 <P><INPUT TYPE="SUBMIT" VALUE="UPLOAD"></P>
798 <P>If the <B>[BROWSE...]</B> button is not displayed,<BR>
799 you must upgrade to an RFC1867-compliant browser.</P>
800 <P>Your browser:<BR><?php echo $GLOBALS["HTTP_USER_AGENT"] ?></P>
801 </FORM>
802 </TD></TR>
803 <TR><TD></TD><TD>
804 <FORM METHOD="POST" ACTION="<?php echo $self ?>">
805 <INPUT TYPE="HIDDEN" NAME="DIR" VALUE="<?php echo $relDir ?>"><BR>
806 <INPUT TYPE="SUBMIT" NAME="POSTACTION" VALUE="CANCEL">
807 </FORM>
808 </TD></TR></TABLE></P>
809
810 <?php
811 } // end function UploadPage
812
813 //////////////////////////////////////////////////////////////////
814
815 function Error($title,$text="") {
816 StartHTML("(".$title.")",$text) ;
817 echo "<P ALIGN=center>Hit your Browser's Back Button.</P>" ;
818 EndHTML() ;
819 exit ;
820 } // end function Error
821
822 //////////////////////////////////////////////////////////////////
823
824 function CreateHash($user, $pw) {
825
826 global $gblHash ; // hash function to use
827
828 if ($user == "" || $pw == "") {
829 $text = "either no password or no username supplied" ;
830 Error("Create Hash",$text) ;
831 }
832 $title = "(Create Hash)" ;
833 StartHTML($title) ;
834 echo "<P ALIGN=center>" ;
835 echo "<BLOCKQUOTE>Copy the value below and paste it " ;
836 echo "into the<BR>value for \$gblPw in the source of " ;
837 echo "this file<BR><BR><B>" . $gblHash($user.$pw) ;
838 echo "</B><BR><BR>Hash function: " . $gblHash ;
839 echo "</BLOCKQUOTE></P>" ;
840 EndHTML() ;
841 exit ;
842
843 } // end function CreateHash
844
845 //////////////////////////////////////////////////////////////////
846
847 function NoEntry() {
848
849 $user = $GLOBALS["PHP_AUTH_USER"] ;
850 $pw = $GLOBALS["PHP_AUTH_PW"] ;
851 $self = $GLOBALS["PHP_SELF"] ;
852
853 $title = "(401 Unauthorized)" ;
854 $text = "No trespassing !" ;
855 StartHTML($title,$text) ;
856 ?>
857
858 <FORM ACTION="<?php echo $self ?>?HASH=create" METHOD="POST">
859 <INPUT TYPE="HIDDEN" NAME="USER" VALUE="<?php echo $user ?>">
860 <INPUT TYPE="HIDDEN" NAME="PW" VALUE="<?php echo $pw ?>">
861
862 <BLOCKQUOTE><B>If you are a site administrator:</B><BR><BR>
863 Click below to <B>generate a password hash</B><BR>from
864 the username-password pair you just<BR>entered. Then include the hash in
865 the source<BR>of this file.<BR><BR>
866 <INPUT TYPE="SUBMIT" VALUE="CREATE HASH">
867 </BLOCKQUOTE></FORM>
868
869 <?php
870 EndHTML() ;
871 exit ;
872 }
873
874 //////////////////////////////////////////////////////////////////
875
876 function Logit($target,$msg) {
877
878 $dir=dirname($target);
879 if (! file_exists($dir."/.log")) {
880 mkdir($dir."/.log",0700);
881 }
882 $file=basename($target);
883
884 $log=fopen("$dir/.log/$file","a+");
885 fputs($log,date("$GLOBALS[gblDateFmt]\t$GLOBALS[gblTimeFmt]").
886 "\t$GLOBALS[gblUserName]\t$msg\n");
887 fclose($log);
888
889 }
890
891
892
893 //////////////////////////////////////////////////////////////////
894
895 // MAIN PROGRAM
896 // ============
897 // query parameters: capital letters
898 // local functions : begin with capital letters
899 // global constants: begin with gbl
900
901 $gblFilePerms = 0640 ; // default for new files
902 $gblDirPerms = 0750 ; // default for new dirs
903
904 // phpinfo() ;
905 // exit ;
906
907 // forks before authentication: style sheet and hash
908 // creation if password not yet set.
909 if ($STYLE == "get") { CSS() ; exit ; }
910 if ($HASH != "") {
911 CreateHash($USER, $PW) ;
912 exit ;
913 }
914
915 // authentication if $gblAuth == true
916 if ( $gblAuth && $gblHash($PHP_AUTH_USER.$PHP_AUTH_PW) != $gblPw ||
917 isset($relogin) && $gblPw == $relogin ) {
918 header("WWW-authenticate: basic realm=\"$SERVER_NAME\"") ;
919 header("HTTP/1.0 401 Unauthorized") ;
920 NoEntry() ;
921 exit ;
922 }
923
924 // get current directory relative to $gblFsRoot
925 $relDir = $DIR ; // from POST
926 if ($relDir == "") { // not defined in POST ?
927 $relDir = urldecode($D) ; // then use GET
928 }
929
930 if ($relDir == "/") $relDir = "" ;
931 // default : website root = ""
932
933 if (strstr($relDir,"..")) Error("No updirs allowed");
934
935 // full paths contain "fs" or "Fs". Paths realitve to root of
936 // website contain "rel" or "Rel". The script won't let you
937 // edit anything above directory equal to http://server.com
938 // i.e. below $gblFsRoot.
939
940 $relScriptDir = dirname($SCRIPT_NAME) ;
941 // i.e. /siteman
942
943 $fsScriptDir = dirname($SCRIPT_FILENAME) ;
944 // i.e. /home/httpd/html/siteman
945
946 $gblFsRoot = substr($fsScriptDir,0,
947 strlen($fsScriptDir)-strlen($relScriptDir)) ;
948 // i.e. /home/httpd/html
949
950 $fsDir = $gblFsRoot . $relDir ; // current directory
951 if ( !is_dir($fsDir) ) Error("Dir not found",$relDir) ;
952
953 switch ($POSTACTION) {
954 case "UPLOAD" :
955 if (!is_writeable($fsDir)) Error("Write denied",$relDir) ;
956 if (strstr($FN_name,"/"))
957 Error("Non-conforming filename") ;
958 // TODO : should rather check for escapeshellcmds
959 // but maybe RFC 18xx asserts safe filenames ....
960 $source = $FN ;
961 $target = $fsDir . "/" . $FN_name ;
962
963 // backup old files first
964 $dir=dirname($target);
965 if (! file_exists($dir."/.bak")) {
966 mkdir($dir."/.bak",0700);
967 }
968 if (! file_exists($dir."/.bak/$GLOBALS[gblNumBackups]")) {
969 mkdir($dir."/.bak/$GLOBALS[gblNumBackups]",0700);
970 }
971 $file=basename($target);
972 for($i=$GLOBALS[gblNumBackups]-1;$i>0;$i--) {
973 if (! file_exists($dir."/.bak/".$i)) {
974 mkdir($dir."/.bak/".$i,0700);
975 }
976 if (file_exists($dir."/.bak/".$i."/".$file)) {
977 rename($dir."/.bak/".$i."/".$file,
978 $dir."/.bak/".($i+1)."/".$file);
979 }
980 }
981 if (file_exists($target)) {
982 rename($target,$dir."/.bak/1/".$file);
983 }
984
985 copy($source,$target) ;
986 chmod($target,$gblFilePerms) ;
987 clearstatcache() ;
988 Logit($target,"uploaded");
989 break ;
990
991 case "SAVE" :
992 $path = $gblFsRoot . escapeshellcmd($RELPATH) ;
993 $writable = is_writeable($path) ;
994 $legaldir = is_writeable(dirname($path)) ;
995 $exists = (file_exists($path)) ? 1 : 0 ;
996 // check for legal extension here as well
997 if (!($writable || (!$exists && $legaldir)))
998 Error("Write denied",$RELPATH) ;
999 $fh = fopen($path, "w") ;
1000 fwrite($fh,$FILEDATA) ;
1001 fclose($fh) ;
1002 clearstatcache() ;
1003 Logit($path,"saved changes");
1004 break ;
1005
1006 case "CREATE" :
1007 // we know $fsDir exists
1008 if ($FN == "") break; // no filename!
1009 if (!is_writeable($fsDir)) Error("Write denied",$relDir) ;
1010 $path = $fsDir . "/" . $FN ; // file or dir to create
1011 $relPath = $relDir . "/" . $FN ;
1012 switch ( $T ) {
1013 case "D" : // create a directory
1014 if ( ! @mkdir($path,$gblDirPerms) )
1015 Error("Mkdir failed",$relPath) ; // eg. if it exists
1016 clearstatcache() ;
1017 break ;
1018 case "F" : // create a new file
1019 // this functionality is doubled in DetailView().
1020 // better keep it here altogether
1021 // chmod perms to $gblFilePerms
1022 if ( file_exists($path) && !is_writable($path) )
1023 Error("File not writable", $relPath) ;
1024 $tstr = $PHP_SELF . "?A=E&D=" . $relDir . "&F=" . $FN ;
1025 header("Location: " . $tstr) ;
1026 exit ;
1027 }
1028 break ;
1029
1030 case "DELETE" :
1031 if ( $CONFIRM != "on" ) break ;
1032
1033 $tstr = "Attempt to delete non-existing object or " ;
1034 $tstr .= "insufficient privileges: " ;
1035
1036 if ( $FN != "") { // delete file
1037 $path = $fsDir . "/" . $FN ;
1038
1039 $dir=dirname($path);
1040 $file=basename($path);
1041 if (! file_exists("$dir/.del")) {
1042 mkdir("$dir/.del",0700);
1043 }
1044
1045 // if ( ! @unlink($path) ) {
1046 if ( ! rename($path,"$dir/.del/$file") ) {
1047 Error("File delete failed", $tstr . $path) ;
1048 Logit($path,"file delete failed");
1049 exit ;
1050 } else {
1051 Logit($path,"file deleted");
1052 if (! file_exists("$dir/.del/.log")) {
1053 mkdir("$dir/.del/.log",0700);
1054 }
1055 rename("$dir/.log/$file","$dir/.del/.log/$file");
1056 }
1057 }
1058 else { // delete directory
1059 if ( ! @rmdir($fsDir) ) {
1060 Error("Rmdir failed", $tstr . $fsDir) ;
1061 }
1062 else {
1063 $relDir = dirname($relDir) ; // move up
1064 }
1065 }
1066 break ;
1067
1068 case "UNDELETE" :
1069 if ( $CONFIRM != "on" ) break ;
1070
1071 if (substr($FN,0,4) != ".del") break ;
1072 $file=substr($FN,4,strlen($FN)-4);
1073
1074 Logit("$fsDir/.del/$file","undeleted");
1075 rename("$fsDir/.del/$file","$fsDir/$file");
1076 rename("$fsDir/.del/.log/$file","$fsDir/.log/$file");
1077
1078 break ;
1079
1080 case "RENAME" :
1081 if ( $CONFIRM != "on" ) break ;
1082
1083 Logit("$fsDir/$FN","renamed $FN to $NEWNAME");
1084 rename("$fsDir/$FN","$fsDir/$NEWNAME");
1085 rename("$fsDir/.log/$FN","$fsDir/.log/$NEWNAME");
1086
1087 break ;
1088
1089 default :
1090 // user hit "CANCEL" or undefined action
1091 }
1092
1093 // common to all POSTs : redirect to directory view ($relDir)
1094 if ( $POSTACTION != "" ) {
1095 $tstr = $PHP_SELF . "?D=" . urlencode($relDir) ;
1096 header("Location: " . $tstr) ;
1097 exit ;
1098 }
1099
1100 // check for mode.. navigate, code display, upload, or detail?
1101 // $A=U : upload to path given in $D
1102 // $A=E : display detail of file $D/$F and edit
1103 // $A=C : display code in file $D/$F
1104 // default : display directory $D
1105
1106 switch ($A) {
1107 case "U" :
1108 // upload to $relDir
1109 if (!is_writeable($gblFsRoot . $relDir))
1110 Error("Write access denied",$relDir) ;
1111 $text = "Use this page to upload a single " ;
1112 $text .= "file to <B>$SERVER_NAME</B>." ;
1113 StartHTML("(Upload Page)", $text) ;
1114 UploadPage($gblFsRoot, $relDir) ;
1115 EndHTML() ;
1116 exit ;
1117 case "E" :
1118 // detail of $relDir/$F
1119 if (is_file("$gblFsRoot/$relDir/$F")) DetailPage($gblFsRoot, $relDir, $F) ;
1120 exit ;
1121 case "C" :
1122 // listing of $relDir/$F
1123 DisplayCode($gblFsRoot, $relDir, $F) ;
1124 exit ;
1125 }
1126
1127 // default: display directory $relDir
1128 Navigate($gblFsRoot,$relDir) ;
1129 exit ;
1130
1131 Error("Whooah!","By cartesian logic, this never happens") ;
1132 ?>

  ViewVC Help
Powered by ViewVC 1.1.26