/[docman]/docman.php
This is repository of my old source code which isn't updated any more. Go to git.rot13.org for current projects!
ViewVC logotype

Contents of /docman.php

Parent Directory Parent Directory | Revision Log Revision Log


Revision 1.5 - (show annotations)
Thu Aug 3 22:02:03 2000 UTC (22 years, 6 months ago) by dpavlin
Branch: MAIN
Changes since 1.4: +6 -2 lines
note on non-writable files

1 <?php
2
3 /* Copyright 1999 by John Martin d/b/a www.ANYPORTAL.com */
4 /* All Rights Reserved. */
5 /* */
6 /* This software is freeware and is not in the public domain. */
7 /* You are hereby granted the right to freely distribute this */
8 /* software as long as this copyright notice remains in place. */
9 /* */
10 /* Comments or suggestions? email: andmore@alief.com */
11 /* */
12 /* This is the PHP port: AnyPortal(php)-0.1 */
13 /* ======================================== */
14 /* */
15 /* PHP version 2000 by Stefan@Wiesendanger.org */
16 /* No Rights Reserved. What for, anyhow ? */
17 /* */
18 /* Date Remarks */
19 /* --------- ----------------------------------------------- */
20 /* 25 MAY 99 original ASP version */
21 /* 17 SEP 99 change upload from SA-FILEUP to aspSmartUpload */
22 /* 10 APR 00 simplified PHP3 version */
23 /* 18 APR 00 most of PHP3 port working. Slight modifications */
24 /* 22 APR 00 modified syntax highlighting, no absolute paths */
25 /* revealed, PHP builtin authentication, global */
26 /* style sheet as callback, use apache default */
27 /* icons as an alternative to the wingdings font. */
28 /* 25 APR 00 catch some exceptions (not foolproof yet) */
29 /* 26 APR 00 catch some more exceptions, implicit copy */
30 /* function by saving somewhere else in the detail */
31 /* view, MD5 hashed password. */
32 /* 27 APR 00 Fixed authentication bug */
33 /* 12 MAY 00 Fixed trouble with exec() with newer versions of */
34 /* PHP3. Fixed bug which would send you to a non- */
35 /* existent address after file modifications. */
36
37 /*
38 2000-07-25 Dobrica Pavlinusic <dpavlin@rot13.org>
39
40 nuked exec calls (unsecure)
41 nuked writeable function (replaced by php is_writeable)
42 added support for https (tested with apache+mod_ssl)
43 added users file
44 date format user-selectable
45 cycle backup files in bak directory
46 support links as directoryes (for now)
47 support of file history logging
48 undelete capabilities (delete moves to .del directory)
49
50 2000-07-26 DbP
51
52 added more checking on entered filename (when creating file/dir)
53 added rename option
54
55
56 IMPORTANT INSTALLATION NOTE:
57 deny serving of .* (dot-something) files in web server!
58 Otherwise, uses can access your log files, users and/or
59 deleted files!
60
61 .htusers is in form:
62 login:Real Name:md5(loginpassword)
63
64
65 TODO:
66 mixed file/directory output (add type to each entry,
67 real support for links)
68 add more content-management (like cms.sourceforge.net):
69 check-out/check-in/reserve
70 comments to files
71 */
72
73 //////////////////////////////////////////////////////////////////
74
75 // TODO : Don't let the file be modified itself. Create a hash of
76 // it (kinda hard since it's self-referential ;-). Make better use
77 // of session management. Escapeshellcmd for all user input.
78
79 //////////////////////////////////////////////////////////////////
80
81 // GLOBAL PARAMETERS
82 // =================
83 // Make modifications here to suit siteman to your needs
84
85 // error_reporting(4) ; // how verbose ?
86
87 // username/password should not be system
88 // usernames/passwords !!
89
90 // $gblPw = "hash_of_your_username_and_password" ;
91
92 // $gblAuth = false ; // use builtin authentication
93 $gblAuth = true ; // use builtin authentication
94 $gblHash = "md5" ; // hash function to use
95
96 $gblPw = "";
97
98 if ($gblAuth) {
99 $htusers_file=dirname($SCRIPT_FILENAME)."/.htusers";
100 if (! file_exists($htusers_file)) {
101 $htusers=fopen($htusers_file,"a+");
102 fputs($htusers,"# Change owner of $htusers_file to root !!\n");
103 fputs($htusers,"demo:full name:md5_hash\n");
104 fclose($htusers);
105 }
106 $htusers=fopen($htusers_file,"r");
107 while($user = fgetcsv($htusers,255,":")) {
108 if ($user[0] == $GLOBALS["PHP_AUTH_USER"]) {
109 $gblUserName=$user[1];
110 $gblPw=$user[2];
111 continue ;
112 }
113 }
114 fclose($htusers);
115 }
116
117 // $gblDateFmt="D, F d, Y";
118 // $gblTimeFmt="g:i:sA";
119
120 $gblDateFmt="Y-m-d";
121 $gblTimeFmt="H:i:s";
122
123 // Number of backup files to keep
124 $gblNumBackups=5;
125
126 // choose GifIcon below unless you have the M$
127 // WingDings font installed on your system
128
129 $gblIcon = "GifIcon" ; // MockIcon or GifIcon
130
131 // the directory below should be /icons/ or /icons/small/
132 // on Apache; a set of icons is included in the distribution
133
134 $gblIconLocation = "/icons/" ;
135
136 // files you want to be able to edit in text mode
137 // and view with (primitive) syntax highlighting
138
139 $gblEditable = array( ".txt",".asa",".asp",".htm",".html",
140 ".cfm",".php3",".php",".phtml",
141 ".shtml",".css" ) ;
142
143 // files that will display as images on the detail page
144 // (useless if your browser doesn't support them)
145
146 $gblImages = array( ".jpg",".jpeg",".gif",".png",".ico",
147 ".bmp",".xbm") ;
148
149 //////////////////////////////////////////////////////////////////
150
151 function StartHTML($title,$text="") {
152
153 $title = "Site Manager " . $title ;
154 $host = $GLOBALS["HTTP_HOST"] ;
155 $self = $GLOBALS["PHP_SELF"] ;
156 ?>
157
158 <HTML>
159 <HEAD>
160 <TITLE><?= $host . " " . $title ?></TITLE>
161 <META NAME="description" CONTENT="PHP port of AnyPortal Site Manager">
162 <META NAME="keywords" CONTENT="site manager, web site maintenance">
163 <META NAME="robots" CONTENT="noindex">
164 <META HTTP-EQUIV="expires" CONTENT="0">
165 <LINK REL="stylesheet" TYPE="text/css"
166 HREF="<?= $self ?>?STYLE=get">
167 </HEAD>
168 <BODY BGCOLOR="#FFFFFF">
169 <H3 ALIGN="RIGHT"><?= $host ?></H3>
170 <TABLE BORDER=0 WIDTH="100%"><TR>
171 <TD CLASS=INV><?= $title ?></TD></TR></TABLE>
172 <P><?= $text ?></P>
173
174 <?php
175 } // end function StartHTML
176
177 //////////////////////////////////////////////////////////////////
178
179 function EndHTML() {
180 ?>
181
182 <HR>
183 <P CLASS=FTR>
184 <B><?= date($GLOBALS[gblDateFmt]) ?> -
185 <?= date($GLOBALS[gblTimeFmt]) ?> -
186 <?= $GLOBALS[gblUserName] ?>
187 <small> [<a href="<?= $PHP_SELF ?>?relogin=<?= $GLOBALS[gblPw] ?>">logout</a>]</small>
188 </B>
189 <BR>ANYPORTAL(php) Site Manager
190 <br><small>
191 &copy; 1999 by <A HREF="http://www.anyportal.com">ANYPORTAL</A>,
192 &copy; 2000 by <A HREF="http://da.nger.org">d@nger.org</A>,
193 &copy; 2000 by <A HREF="http://www.rot13.org/~dpavlin/">DbP</A>
194 </small>
195 </P>
196 <BR>
197 <? include(".debug.inc") ?>
198 <BR><BR></BODY></HTML>
199
200 <?php
201 } // end function EndHTML
202
203 //////////////////////////////////////////////////////////////////
204
205 function CSS() {
206 ?>
207
208 BODY,TD,P,H1,H2,H3 { font-family:Verdana,Helvetica,Arial,sans-serif; }
209 .BLK { color:black; }
210 .RED { color:red; }
211 .TOP { color:red; font-size:70%; } /* table headings */
212 .INV { color:white; background-color:navy;
213 font-weight:bold; font-size:120%; } /* title */
214 .FTR { } /* footer */
215 .LST { background-color:#E0E0E0; } /* table cells */
216 .BAR { background-color:#E0E0E0; } /* action bar */
217 PRE { color:blue; font-family:Lucida Console,Courier New,
218 Courier,sans-serif; } /* source code */
219 EM { color:green; font-style:normal; } /* line numbers */
220 .REM { color:silver; }
221 .XML { color:navy; background-color:yellow; }
222 .MCK { color:red; font-family:WingDings; } /* Mock Icons */
223 A:HOVER { color:red; }
224
225 <?php
226 } // end function CSS
227
228 //////////////////////////////////////////////////////////////////
229
230 function DetailPage($fsRoot,$relDir,$fn) {
231
232 global $gblEditable, $gblImages ;
233 $self = $GLOBALS["PHP_SELF"] ;
234
235 $relPath = $relDir . "/" . $fn ;
236 $fsPath = $fsRoot . $relPath ;
237 $fsDir = $fsRoot . $relDir ;
238
239 $exists = file_exists($fsPath) ;
240 $ext = strtolower(strrchr($relPath,".")) ;
241 $editable = ( $ext=="" || strstr(join(" ",$gblEditable),$ext)) ;
242 $writable = is_writeable($fsPath) ;
243
244 if (!$editable && !$exists)
245 Error("Creation unsupported for type",$relPath) ;
246 if (!exists && !is_writeable($fsDir) )
247 Error("Creation denied",$relDir) ;
248
249 $text = "Use this page to view, modify or " ;
250 $text .= "delete a single document on this " ;
251 $text .= "web site." ;
252 $title = "(Detail Page)" ;
253 StartHTML($title, $text) ;
254
255 echo "<H3>" . $relDir . "/" . $fn . "</H3>" ;
256 if ($exists) { // get file info
257 $fsize = filesize($fsPath) ;
258 $fmodified = date("$GLOBALS[gblDateFmt] $GLOBALS[gblTimeFmt]", filemtime($fsPath)) ;
259 $faccessed = date("$GLOBALS[gblDateFmt] $GLOBALS[gblTimeFmt]", fileatime($fsPath)) ;
260 echo "<PRE> file size: " . $fsize . " Bytes<BR>" ;
261 echo "last modified: <B>" . $fmodified . "</B><BR>" ;
262 echo "last accessed: <B>" . $faccessed . "</B><BR>" ;
263 echo " owner: <B>" . fileowner($fsPath) . "</B><BR>" ;
264 echo " group: <B>" . filegroup($fsPath) . "</B><BR>" ;
265 echo " permissions: <B>" ;
266 echo printf( "%o", fileperms($fsPath) ) . "</B>" ;
267 echo "</PRE>" ;
268
269 }
270
271 if ( $editable && ($writable || !$exists) ) {
272 $fh = fopen($fsPath,"a+") ;
273 rewind($fh) ;
274 $fstr = fread($fh,filesize($fsPath)) ;
275 fclose($fh) ;
276 $fstr = htmlentities( $fstr ) ;
277 ?>
278
279 <FORM ACTION="<?= $self ; ?>" METHOD="POST">
280 <SPAN TITLE="Click [SAVE] to store updated contents.">
281 <B>DOCUMENT CONTENTS</B>
282 </SPAN><BR>
283 <TEXTAREA NAME="FILEDATA" ROWS=18 COLS=70 WRAP="OFF"><?php
284 echo($fstr) ; ?></TEXTAREA>
285 <INPUT TYPE="HIDDEN" NAME="DIR" VALUE="<?= $relDir ; ?>">
286 <INPUT TYPE="HIDDEN" NAME="FN" VALUE="<?= $fn ; ?>">
287 <INPUT TYPE="HIDDEN" NAME="POSTACTION" VALUE="SAVE">
288 <INPUT TYPE="HIDDEN" SIZE=48 MAXLENGTH=255 NAME="RELPATH"
289 VALUE="<?= $relPath ; ?>">
290 <br>
291 <INPUT TYPE="RESET" VALUE="UNDO ALL CHANGES">
292 <INPUT TYPE="SUBMIT" VALUE="SAVE">
293 </FORM>
294
295 <?php
296 }
297 else if ( strstr( join(" ",$gblImages), $ext ) ) {
298 $info = getimagesize($fsPath) ;
299 $tstr = "<IMG SRC=\"". $relPath . "\" BORDER=0 " ;
300 $tstr .= $info[3] . " ALT=\"" . $fn . " - " ;
301 $tstr .= (int)(($fsize+1023)/1024) . "Kb\">" ;
302 echo htmlentities($tstr) . "<BR><BR>" . $tstr ;
303 }
304 ?>
305
306 <FORM ACTION="<?= $self ; ?>" METHOD="POST">
307 <INPUT TYPE="HIDDEN" NAME="DIR" VALUE="<?= $relDir ; ?>">
308 <INPUT TYPE="HIDDEN" NAME="FN" VALUE="<?= $fn ; ?>">
309 <INPUT TYPE="SUBMIT" NAME="POSTACTION" VALUE="CANCEL"><BR>
310
311 <?php
312 if (substr($fn,0,4) == ".del") {
313 $action="UNDELETE";
314 $desc="undelete previously deleted file";
315 } else {
316 $action="DELETE";
317 $desc="delete";
318 }
319
320 if ($exists && $writable) {
321 ?>
322
323 <HR>
324 <a name="undelete">
325 <SPAN TITLE="Check OK and click [<?= $action ?>] to <?= $desc ?>.">
326 <B>OK TO <?= $action ?> "<?= $fn ; ?>"? </B></SPAN>
327 <INPUT TYPE="CHECKBOX" NAME="CONFIRM">
328 <INPUT TYPE="SUBMIT" NAME="POSTACTION" VALUE="<?= $action ?>">
329
330 <HR>
331 <a name="rename">
332 <SPAN TITLE="Check OK and click [RENAME] to rename.">
333 <B>OK TO RENAME "<?= $fn ; ?>" TO
334 <INPUT TYPE="TEXT" SIZE=24 MAXLENGTH=255 NAME="NEWNAME" VALUE="<?= $fn ?>">
335 ? </B></SPAN>
336 <INPUT TYPE="CHECKBOX" NAME="CONFIRM">
337 <INPUT TYPE="SUBMIT" NAME="POSTACTION" VALUE="RENAME">
338
339 <?php
340 } // exists && writable
341 ?>
342 <HR>
343 <a name="note">
344 <B>NOTE FOR "<?= $fn ; ?>":
345 <INPUT TYPE="TEXT" SIZE=50 MAXLENGTH=255 NAME="NOTE" VALUE="<?= ReadNote($fsPath) ?>">
346 </B></SPAN>
347 <INPUT TYPE="SUBMIT" NAME="POSTACTION" VALUE="NOTE">
348
349 </FORM>
350
351 <?php
352
353
354 $logname=dirname("$fsDir/$fn")."/.log/".basename("$fsDir/$fn");
355 if (file_exists($logname)) {
356 print "<hr><br><b>CHANGES TO THIS FILE</b><br><table border=0 width=100%>\n";
357 $log=fopen($logname,"r");
358 $cl1=" class=lst"; $cl2="";
359 while($line = fgetcsv($log,255,"\t")) {
360 $cl=$cl1; $cl1=$cl2; $cl2=$cl;
361 print "<tr><td$cl>$line[0]</td><td$cl>$line[1]</td><td$cl>$line[2]</td><td$cl>$line[3]</td></tr>\n";
362 }
363 fclose($log);
364 print "</table>";
365 }
366
367 EndHTML() ;
368
369 } // end function DetailPage
370
371 //////////////////////////////////////////////////////////////////
372
373 function DisplayCode($fsRoot,$relDir,$fn) {
374
375 $path = $fsRoot . $relDir . "/" . $fn ;
376
377 if (!file_exists($path)) Error("File not found",$path) ;
378
379 StartHTML("(".$relDir."/".$fn.")","");
380
381 $tstr = join("",file($path)) ;
382 $tstr = htmlentities($tstr) ;
383
384 // Tabs
385 $tstr = str_replace(chr(9)," ",$tstr) ;
386
387 // ASP tags & XML/PHP tags
388 $aspbeg = "<SPAN CLASS=XML>&lt;%</SPAN><SPAN CLASS=BLK>" ;
389 $aspend = "</SPAN><SPAN CLASS=XML>%&gt;</SPAN>" ;
390 $tstr = str_replace("&lt;%",$aspbeg,$tstr) ;
391 $tstr = str_replace("%&gt;",$aspend,$tstr) ;
392
393 $xmlbeg = "<SPAN CLASS=XML>&lt;?</SPAN><SPAN CLASS=BLK>" ;
394 $xmlend = "</SPAN><SPAN CLASS=XML>?&gt;</SPAN>" ;
395 $tstr = str_replace("&lt;?",$xmlbeg,$tstr) ;
396 $tstr = str_replace("?&gt;",$xmlend,$tstr) ;
397
398 // C style comment
399 $tstr = str_replace("/*","<SPAN CLASS=REM>/*",$tstr) ;
400 $tstr = str_replace("*/","*/</SPAN>",$tstr) ;
401
402 // HTML comments
403 $tstr = str_replace("&lt;!--","<I CLASS=RED>&lt;!--",$tstr) ;
404 $tstr = str_replace("--&gt;","--&gt;</I>",$tstr) ;
405
406 echo "<PRE>" ;
407
408 $tstr = split("\n",$tstr) ;
409 for ($i = 0 ; $i < sizeof($tstr) ; ++$i) {
410 // add line numbers
411 echo "<BR><EM>" ;
412 echo substr(("000" . ($i+1)), -4) . ":</EM> " ;
413 $line = $tstr[$i] ;
414 // C++ style comments
415 $pos = strpos($line,"//") ;
416 // exceptions: two slashes aren't a script comment
417 if (strstr($line,"//") &&
418 ! ($pos>0 && substr($line,$pos-1,1)==":") &&
419 ! (substr($line,$pos,8) == "//--&gt;") &&
420 ! (substr($line,$pos,9) == "// --&gt;")) {
421 $beg = substr($line,0,strpos($line,"//")) ;
422 $end = strstr($line,"//") ;
423 $line = $beg."<SPAN CLASS=REM>".$end."</SPAN>";
424 }
425 // shell & asp style comments
426 $first = substr(ltrim($line),0,1) ;
427 if ($first == "#" || $first == "'") {
428 $line = "<SPAN CLASS=REM>".$line."</SPAN>";
429 }
430 print($line) ;
431 } // next i
432
433 echo "</PRE>" ;
434
435 EndHTML() ;
436
437 } // end function DisplayCode
438
439 //////////////////////////////////////////////////////////////////
440
441 function MockIcon($txt) {
442 $tstr = "<SPAN CLASS=MCK>" ;
443
444 switch (strtolower($txt)) {
445 case ".bmp" :
446 case ".gif" :
447 case ".jpg" :
448 case ".jpeg":
449 case ".tif" :
450 case ".tiff":
451 $d = 176 ;
452 break ;
453 case ".doc" :
454 $d = 50 ;
455 break ;
456 case ".exe" :
457 case ".bat" :
458 $d = 255 ;
459 break ;
460 case ".bas" :
461 case ".c" :
462 case ".cc" :
463 case ".src" :
464 $d = 255 ;
465 break ;
466 case "file" :
467 $d = 51 ;
468 break ;
469 case "fldr" :
470 $d = 48 ;
471 break ;
472 case ".htm" :
473 case ".html":
474 case ".asa" :
475 case ".asp" :
476 case ".cfm" :
477 case ".php3":
478 case ".php" :
479 case ".phtml" :
480 case ".shtml" :
481 $d = 182 ;
482 break ;
483 case ".pdf" :
484 $d = 38 ;
485 break;
486 case ".txt" :
487 case ".ini" :
488 $d = 52 ;
489 break ;
490 case ".xls" :
491 $d = 252 ;
492 break ;
493 case ".zip" :
494 case ".arc" :
495 case ".sit" :
496 case ".tar" :
497 case ".gz" :
498 case ".tgz" :
499 case ".Z" :
500 $d = 59 ;
501 break ;
502 case "view" :
503 $d = 52 ;
504 break ;
505 case "up" :
506 $d = 199 ;
507 break ;
508 case "blank" :
509 return "&nbsp;&nbsp;</SPAN>" ;
510 break ;
511 default :
512 $d = 51 ;
513 }
514
515 return $tstr . chr($d) . "</SPAN>" ;
516 } // end function MockIcon
517
518 //////////////////////////////////////////////////////////////////
519
520 function GifIcon($txt) {
521 global $gblIconLocation ;
522
523 switch (strtolower($txt)) {
524 case ".bmp" :
525 case ".gif" :
526 case ".jpg" :
527 case ".jpeg":
528 case ".tif" :
529 case ".tiff":
530 $d = "image2.gif" ;
531 break ;
532 case ".doc" :
533 $d = "layout.gif" ;
534 break ;
535 case ".exe" :
536 case ".bat" :
537 $d = "screw2.gif" ;
538 break ;
539 case ".bas" :
540 case ".c" :
541 case ".cc" :
542 case ".src" :
543 $d = "c.gif" ;
544 break ;
545 case "file" :
546 $d = "generic.gif" ;
547 break ;
548 case "fldr" :
549 $d = "dir.gif" ;
550 break ;
551 case ".phps" :
552 $d = "phps.gif" ;
553 break ;
554 case ".php3" :
555 $d = "php3.gif" ;
556 break ;
557 case ".htm" :
558 case ".html":
559 case ".asa" :
560 case ".asp" :
561 case ".cfm" :
562 case ".php3":
563 case ".php" :
564 case ".phtml" :
565 case ".shtml" :
566 $d = "world1.gif" ;
567 break ;
568 case ".pdf" :
569 $d = "pdf.gif" ;
570 break;
571 case ".txt" :
572 case ".ini" :
573 $d = "text.gif" ;
574 break ;
575 case ".xls" :
576 $d = "box2.gif" ;
577 break ;
578 case ".zip" :
579 case ".arc" :
580 case ".sit" :
581 case ".tar" :
582 case ".gz" :
583 case ".tgz" :
584 case ".Z" :
585 $d = "compressed.gif" ;
586 break ;
587 case "view" :
588 $d = "index.gif" ;
589 break ;
590 case "up" :
591 $d = "back.gif" ;
592 break ;
593 case "blank" :
594 $d = "blank.gif" ;
595 break ;
596 case "checkout":
597 $d = "down.gif";
598 break;
599 case "checkin":
600 $d = "up.gif";
601 break;
602 case "note":
603 $d = "quill.gif";
604 break;
605 default :
606 $d = "generic.gif" ;
607 }
608
609 return "<IMG SRC=\"$gblIconLocation" . $d . "\" BORDER=0>" ;
610 } // end function GifIcon
611
612 //////////////////////////////////////////////////////////////////
613
614 function Navigate($fsRoot,$relDir) {
615
616 global $gblEditable, $gblIcon ;
617
618 $self = $GLOBALS["PHP_SELF"] ;
619 if (isset($GLOBALS["HTTPS"]) && $GLOBALS["HTTPS"] == "on") {
620 $webRoot = "https://" . $GLOBALS["SERVER_NAME"] ;
621 } else {
622 $webRoot = "http://" . $GLOBALS["SERVER_NAME"] ;
623 }
624 $fsDir = $fsRoot . $relDir . "/" ; // current directory
625
626 if (!is_dir($fsDir)) Error("Dir not found",$relDir) ;
627
628 // read directory contents
629 if ( !($dir = @opendir($fsDir)) )
630 Error("Read Access denied",$relDir) ;
631 while ($item = readdir($dir)) {
632 if ( $item == ".." || $item == "." || substr($item,0,1) == "." ) continue ;
633 if ( is_dir($fsDir . $item) ) {
634 $dirList[] = $item ;
635 } else if ( is_file($fsDir . $item) ) {
636 $fileList[] = $item ;
637 } else if ( is_link($fsDir . $item) ) {
638 $dirList[] = $item ;
639 } else {
640 // unknown file type
641 // $text = "Could not determine file type of " ;
642 // Error("File Error", $text.$relDir."/".$item) ;
643 // exit ;
644 }
645 }
646 closedir($dir) ;
647
648 // scan deleted files
649 if ( $GLOBALS[show_deleted] == 1 && ($dir = @opendir("$fsDir/.del")) ) {
650 while ($item = readdir($dir)) {
651 if ( substr($item,0,1) == "." ) continue ;
652 $fileList[] = ".del/$item" ;
653 }
654 closedir($dir) ;
655 }
656
657 $emptyDir = ! (sizeof($dirList) || sizeof($fileList)) ;
658
659 // start navigation page
660 $text = "Use this page to add, delete";
661 if (! isset($show_deleted)) {
662 $text .= ", <a href=".$GLOBALS[PHP_SELF]."?D=".urlencode($relDir)."&show_deleted=1>undelete</a>";
663 }
664 $text .= " or revise files on this web site." ;
665 StartHTML("(Navigate)",$text) ;
666
667 echo "<TABLE BORDER=0 CELLPADDING=2
668 CELLSPACING=3 WIDTH=\"100%\">" ;
669
670 // updir bar
671 if ($fsDir != $fsRoot) {
672 $parent = dirname($relDir) ;
673 if ($parent == "") $parent = "/" ;
674 ?>
675
676 <TR><TD><?= $gblIcon("up") ?></TD><TD COLSPAN=5 CLASS=LST>
677 <A HREF="<?= $self ?>?D=<?= urlencode($parent) ?>">
678 <B><?= $parent ?></B></A></TD></TR>
679
680 <?php
681 }
682
683 // output subdirs
684 if (sizeof($dirList) > 0) {
685 sort($dirList) ;
686 ?>
687
688 <TR><TD></TD><TD COLSPAN=5 CLASS=TOP><HR>DIRECTORY NAME</TD></TR>
689
690 <?php
691 while (list($key,$dir) = each($dirList)) {
692
693 $tstr = "<A HREF=\"" . $self . "?D=" ;
694 $tstr .= urlencode($relDir."/".$dir) ;
695 $tstr .= "\">" . $dir . "/</A>" ;
696 ?>
697
698 <TR><TD><?= $gblIcon("fldr") ?></TD>
699 <TD COLSPAN=5 CLASS=LST><?= $tstr ?></TD></TR>
700
701 <?php
702 } // iterate over dirs
703 } // end if no dirs
704 ?>
705
706 <TR><TD></TD><TD COLSPAN=5><HR><B><?= $webRoot . $relDir ?>
707 </B></TD></TR>
708 <TR><TD></TD><TD CLASS=TOP>DOCUMENT NAME</TD>
709 <TD><?= $gblIcon("blank") ?></TD>
710 <TD CLASS=TOP>NOTE</TD>
711 <TD CLASS=TOP>LAST UPDATE</TD><TD CLASS=TOP>FILE SIZE</TD></TR>
712
713 <?php
714 if (sizeof($fileList) > 0) {
715 sort($fileList) ;
716 while (list($key,$file) = each($fileList)) {
717 $path = $fsDir."/".$file ;
718 $mod = filemtime($path) ;
719 $sz = filesize($path) ;
720
721 if ($sz >= 10240) {
722 $sz = (int)(($sz+1023)/1024) . " k" ;
723 } else {
724 $sz .= " " ;
725 } // end size
726
727 $a = $b = "" ;
728
729 $info_url=$self."?A=E&F=".urlencode($file)."&D=".urlencode($relDir);
730
731 if ( ($mod + 30*86400) > time() ) {
732 $a = "<SPAN CLASS=RED TITLE=\"Newer" ;
733 $a .= " than 30 days\"> * </SPAN>" ;
734 }
735
736 $tstr = $webRoot . $relDir . "/" . $file ;
737 $tstr = "<A HREF=\"" . $tstr . "\">" ;
738
739 if (substr($file,0,5) != ".del/") {
740 $tstr .= $file . "</A>" . $a ;
741 } else {
742 $tstr .= substr($file,5,strlen($file)-5) . "</a> <SPAN CLASS=RED TITLE=\"deleted\"> <a href=\"$info_url#undelete\">deleted</a> </span>";
743 }
744
745 // $b = $gblIcon("checkout");
746 // $b .= $gblIcon("checkin");
747
748 $ext = strtolower(strrchr($file,".")) ;
749 if ( $ext=="" || strstr(join(" ",$gblEditable),$ext) ) {
750 $b .= "<A HREF=\"" . $self . "?A=C&F=" ;
751 $b .= urlencode($file) . "&D=" . urlencode($relDir) ;
752 $b .= "\" TITLE=\"List contents\">" ;
753 $b .= $gblIcon("view") . "</A>" ;
754 } else {
755 $b .= $gblIcon("blank");
756 }
757
758
759 ?>
760
761 <TR><TD>
762 <A HREF="<?= $info_url ?>" TITLE="View/Edit">
763 <?= $gblIcon($ext) ?></A></TD>
764 <TD CLASS=LST><?= $tstr ?></TD>
765 <TD CLASS=LST ALIGN=center><?= $b ?></TD>
766 <TD CLASS=LST ALIGN=left><a href="<?= $info_url ?>#note"><?= $gblIcon("note") ?></a><?= ReadNote($path) ?></TD>
767 <TD CLASS=LST><?= date("$GLOBALS[gblDateFmt] $GLOBALS[gblTimeFmt]",$mod) ?></TD>
768 <TD CLASS=LST><?= $sz ?>Bytes</TD></TR>
769
770 <?php
771 } // iterate over files
772 } // end if no files
773
774 if ($emptyDir) {
775 ?>
776
777 <FORM METHOD="POST" ACTION="<?= $self ?>">
778 <TR><TD></TD><TD COLSPAN=5 CLASS=BAR>
779 <INPUT TYPE="HIDDEN" NAME="DIR" VALUE="<?= $relDir ?>">
780 OK TO DELETE THIS EMPTY FOLDER?
781 <INPUT TYPE="CHECKBOX" NAME="CONFIRM">
782 <INPUT TYPE="SUBMIT" NAME="POSTACTION" VALUE="DELETE">
783 </TD></TR>
784 </FORM>
785
786 <?php
787 } // end if emptyDir
788 ?>
789
790 <TR><TD></TD><TD COLSPAN=5><HR></TD></TR>
791
792 <FORM METHOD="POST" ACTION="<?= $self ?>">
793 <TR><TD></TD><TD COLSPAN=5 CLASS=BAR>CREATE NEW
794 <INPUT TYPE="RADIO" NAME="T" VALUE="D" CHECKED>DIRECTORY -OR-
795 <INPUT TYPE="RADIO" NAME="T" VALUE="F">FILE : &nbsp;&nbsp;
796 <NOBR>NAME <INPUT TYPE="TEXT" NAME="FN" SIZE=14>
797 <INPUT TYPE="HIDDEN" NAME="POSTACTION" VALUE="CREATE">
798 <INPUT TYPE="HIDDEN" NAME="DIR" VALUE="<?= $relDir ?>">
799 <INPUT TYPE="SUBMIT" VALUE="CREATE"></NOBR>
800 <NOBR>OR <A HREF="<?= $self
801 ?>?A=U&D=<?= urlencode($relDir) ?>">UPLOAD</A> A FILE
802 </NOBR>
803 </TD></TR>
804 </FORM>
805 </TABLE>
806
807 <?php
808 EndHTML() ;
809 } // end function Navigate
810
811 //////////////////////////////////////////////////////////////////
812
813 function UploadPage($fsRoot, $relDir) {
814
815 $self = $GLOBALS["PHP_SELF"] ;
816 if ($relDir == "") $relDir = "/" ;
817 ?>
818
819 <P><TABLE BORDER=0 CELLPADDING=5><TR><TD WIDTH=5></TD><TD CLASS=BAR>
820 <FORM ENCTYPE="multipart/form-data" METHOD="POST"
821 ACTION="<?= $self ?>">
822 DESTINATION DIRECTORY:<B><?= " " . $relDir ?></B>
823 <P>PATHNAME OF LOCAL FILE<BR>
824 <INPUT TYPE="HIDDEN" NAME="DIR" VALUE="<?= $relDir ?>">
825 <INPUT TYPE="HIDDEN" NAME="POSTACTION" VALUE="UPLOAD">
826 <INPUT SIZE=30 TYPE="FILE" NAME="FN"></P>
827 <P><INPUT TYPE="SUBMIT" VALUE="UPLOAD"></P>
828 <P>If the <B>[BROWSE...]</B> button is not displayed,<BR>
829 you must upgrade to an RFC1867-compliant browser.</P>
830 <P>Your browser:<BR><?= $GLOBALS["HTTP_USER_AGENT"] ?></P>
831 </FORM>
832 </TD></TR>
833 <TR><TD></TD><TD>
834 <FORM METHOD="POST" ACTION="<?= $self ?>">
835 <INPUT TYPE="HIDDEN" NAME="DIR" VALUE="<?= $relDir ?>"><BR>
836 <INPUT TYPE="SUBMIT" NAME="POSTACTION" VALUE="CANCEL">
837 </FORM>
838 </TD></TR></TABLE></P>
839
840 <?php
841 } // end function UploadPage
842
843 //////////////////////////////////////////////////////////////////
844
845 function Error($title,$text="") {
846 StartHTML("(".$title.")",$text) ;
847 echo "<P ALIGN=center>Hit your Browser's Back Button.</P>" ;
848 EndHTML() ;
849 exit ;
850 } // end function Error
851
852 //////////////////////////////////////////////////////////////////
853
854 function CreateHash($user, $pw) {
855
856 global $gblHash ; // hash function to use
857
858 if ($user == "" || $pw == "") {
859 $text = "either no password or no username supplied" ;
860 Error("Create Hash",$text) ;
861 }
862 $title = "(Create Hash)" ;
863 StartHTML($title) ;
864 echo "<P ALIGN=center>" ;
865 echo "<BLOCKQUOTE>Copy the value below and paste it " ;
866 echo "into the<BR>value for \$gblPw in the source of " ;
867 echo "this file<BR><BR><B>" . $gblHash($user.$pw) ;
868 echo "</B><BR><BR>Hash function: " . $gblHash ;
869 echo "</BLOCKQUOTE></P>" ;
870 EndHTML() ;
871 exit ;
872
873 } // end function CreateHash
874
875 //////////////////////////////////////////////////////////////////
876
877 function NoEntry() {
878
879 $user = $GLOBALS["PHP_AUTH_USER"] ;
880 $pw = $GLOBALS["PHP_AUTH_PW"] ;
881 $self = $GLOBALS["PHP_SELF"] ;
882
883 $title = "(401 Unauthorized)" ;
884 $text = "No trespassing !" ;
885 StartHTML($title,$text) ;
886 ?>
887
888 <FORM ACTION="<?= $self ?>?HASH=create" METHOD="POST">
889 <INPUT TYPE="HIDDEN" NAME="USER" VALUE="<?= $user ?>">
890 <INPUT TYPE="HIDDEN" NAME="PW" VALUE="<?= $pw ?>">
891
892 <BLOCKQUOTE><B>If you are a site administrator:</B><BR><BR>
893 Click below to <B>generate a password hash</B><BR>from
894 the username-password pair you just<BR>entered. Then include the hash in
895 the source<BR>of this file.<BR><BR>
896 <INPUT TYPE="SUBMIT" VALUE="CREATE HASH">
897 </BLOCKQUOTE></FORM>
898
899 <?php
900 EndHTML() ;
901 exit ;
902 }
903
904 //////////////////////////////////////////////////////////////////
905
906 function Logit($target,$msg) {
907
908 $dir=dirname($target);
909 if (! file_exists($dir."/.log")) {
910 mkdir($dir."/.log",0700);
911 }
912 $file=basename($target);
913
914 $log=fopen("$dir/.log/$file","a+");
915 fputs($log,date("$GLOBALS[gblDateFmt]\t$GLOBALS[gblTimeFmt]").
916 "\t$GLOBALS[gblUserName]\t$msg\n");
917 fclose($log);
918
919 }
920
921
922 //////////////////////////////////////////////////////////////////
923
924 function WriteNote($target,$msg) {
925
926 $dir=dirname($target);
927 if (! file_exists($dir."/.note")) {
928 mkdir($dir."/.note",0700);
929 }
930 $file=basename($target);
931
932 $note=fopen("$dir/.note/$file","w");
933 fputs($note,"$msg\n");
934 fclose($note);
935
936 Logit($target,"added note $msg");
937
938 }
939
940 function ReadNote($target) {
941
942 $dir=dirname($target);
943 $file=basename($target);
944 $msg="";
945 if (file_exists($dir."/.note/$file")) {
946 $note=fopen("$dir/.note/$file","r");
947 $msg=fgets($note,4096);
948 fclose($note);
949 }
950 return $msg;
951
952 }
953
954 //////////////////////////////////////////////////////////////////
955
956 function MoveTo($source,$folder) {
957
958 $file=basename($source);
959 if (! file_exists($folder)) {
960 mkdir($folder,0700);
961 }
962 if (file_exists($source)) {
963 rename($source,"$folder/$file");
964 }
965 }
966
967 //////////////////////////////////////////////////////////////////
968
969 // MAIN PROGRAM
970 // ============
971 // query parameters: capital letters
972 // local functions : begin with capital letters
973 // global constants: begin with gbl
974
975 $gblFilePerms = 0640 ; // default for new files
976 $gblDirPerms = 0750 ; // default for new dirs
977
978 // phpinfo() ;
979 // exit ;
980
981 // forks before authentication: style sheet and hash
982 // creation if password not yet set.
983 if ($STYLE == "get") { CSS() ; exit ; }
984 if ($HASH != "") {
985 CreateHash($USER, $PW) ;
986 exit ;
987 }
988
989 // authentication if $gblAuth == true
990 if ( $gblAuth && $gblHash($PHP_AUTH_USER.$PHP_AUTH_PW) != $gblPw ||
991 isset($relogin) && $gblPw == $relogin ) {
992 header("WWW-authenticate: basic realm=\"$SERVER_NAME\"") ;
993 header("HTTP/1.0 401 Unauthorized") ;
994 NoEntry() ;
995 exit ;
996 }
997
998 // get current directory relative to $gblFsRoot
999 $relDir = $DIR ; // from POST
1000 if ($relDir == "") { // not defined in POST ?
1001 $relDir = urldecode($D) ; // then use GET
1002 }
1003
1004 if ($relDir == "/") $relDir = "" ;
1005 // default : website root = ""
1006
1007 if (strstr($relDir,"..")) Error("No updirs allowed");
1008
1009 // full paths contain "fs" or "Fs". Paths realitve to root of
1010 // website contain "rel" or "Rel". The script won't let you
1011 // edit anything above directory equal to http://server.com
1012 // i.e. below $gblFsRoot.
1013
1014 $relScriptDir = dirname($SCRIPT_NAME) ;
1015 // i.e. /siteman
1016
1017 $fsScriptDir = dirname($SCRIPT_FILENAME) ;
1018 // i.e. /home/httpd/html/siteman
1019
1020 $gblFsRoot = substr($fsScriptDir,0,
1021 strlen($fsScriptDir)-strlen($relScriptDir)) ;
1022 // i.e. /home/httpd/html
1023
1024 $fsDir = $gblFsRoot . $relDir ; // current directory
1025 if ( !is_dir($fsDir) ) Error("Dir not found",$relDir) ;
1026
1027 switch ($POSTACTION) {
1028 case "UPLOAD" :
1029 if (!is_writeable($fsDir)) Error("Write denied",$relDir) ;
1030 if (strstr($FN_name,"/"))
1031 Error("Non-conforming filename") ;
1032 // TODO : should rather check for escapeshellcmds
1033 // but maybe RFC 18xx asserts safe filenames ....
1034 $source = $FN ;
1035 $target = $fsDir . "/" . $FN_name ;
1036
1037 // backup old files first
1038 $dir=dirname($target);
1039 if (! file_exists($dir."/.bak")) {
1040 mkdir($dir."/.bak",0700);
1041 }
1042 if (! file_exists($dir."/.bak/$GLOBALS[gblNumBackups]")) {
1043 mkdir($dir."/.bak/$GLOBALS[gblNumBackups]",0700);
1044 }
1045 $file=basename($target);
1046 for($i=$GLOBALS[gblNumBackups]-1;$i>0;$i--) {
1047 MoveTo("$dir/.bak/$i/$file","$dir/.bak/".($i+1)."/");
1048 }
1049 MoveTo($target,$dir."/.bak/1/".$file);
1050
1051 copy($source,$target) ;
1052 chmod($target,$gblFilePerms) ;
1053 clearstatcache() ;
1054 Logit($target,"uploaded");
1055 break ;
1056
1057 case "SAVE" :
1058 $path = $gblFsRoot . escapeshellcmd($RELPATH) ;
1059 $writable = is_writeable($path) ;
1060 $legaldir = is_writeable(dirname($path)) ;
1061 $exists = (file_exists($path)) ? 1 : 0 ;
1062 // check for legal extension here as well
1063 if (!($writable || (!$exists && $legaldir)))
1064 Error("Write denied",$RELPATH) ;
1065 $fh = fopen($path, "w") ;
1066 fwrite($fh,$FILEDATA) ;
1067 fclose($fh) ;
1068 clearstatcache() ;
1069 Logit($path,"saved changes");
1070 break ;
1071
1072 case "CREATE" :
1073 // we know $fsDir exists
1074 if ($FN == "") break; // no filename!
1075 if (!is_writeable($fsDir)) Error("Write denied",$relDir) ;
1076 $path = $fsDir . "/" . $FN ; // file or dir to create
1077 $relPath = $relDir . "/" . $FN ;
1078 switch ( $T ) {
1079 case "D" : // create a directory
1080 if ( ! @mkdir($path,$gblDirPerms) )
1081 Error("Mkdir failed",$relPath) ; // eg. if it exists
1082 clearstatcache() ;
1083 break ;
1084 case "F" : // create a new file
1085 // this functionality is doubled in DetailView().
1086 // better keep it here altogether
1087 // chmod perms to $gblFilePerms
1088 if ( file_exists($path) && !is_writable($path) )
1089 Error("File not writable", $relPath) ;
1090 $tstr = $PHP_SELF . "?A=E&D=" . $relDir . "&F=" . $FN ;
1091 header("Location: " . $tstr) ;
1092 exit ;
1093 }
1094 break ;
1095
1096 case "DELETE" :
1097 if ( $CONFIRM != "on" ) break ;
1098
1099 $tstr = "Attempt to delete non-existing object or " ;
1100 $tstr .= "insufficient privileges: " ;
1101
1102 if ( $FN != "") { // delete file
1103 $path = $fsDir . "/" . $FN ;
1104
1105 $dir=dirname($path);
1106 $file=basename($path);
1107 if (! file_exists("$dir/.del")) {
1108 mkdir("$dir/.del",0700);
1109 }
1110
1111 // if ( ! @unlink($path) ) {
1112 if ( ! rename($path,"$dir/.del/$file") ) {
1113 Error("File delete failed", $tstr . $path) ;
1114 Logit($path,"file delete failed");
1115 exit ;
1116 } else {
1117 Logit($path,"file deleted");
1118 if (! file_exists("$dir/.del/.log")) {
1119 mkdir("$dir/.del/.log",0700);
1120 }
1121 MoveTo("$dir/.log/$file","$dir/.del/.log/");
1122 MoveTo("$dir/.note/$file","$dir/.del/.note/");
1123 }
1124 }
1125 else { // delete directory
1126 if ( ! @rmdir($fsDir) ) {
1127 Error("Rmdir failed", $tstr . $fsDir) ;
1128 }
1129 else {
1130 $relDir = dirname($relDir) ; // move up
1131 }
1132 }
1133 break ;
1134
1135 case "UNDELETE" :
1136 if ( $CONFIRM != "on" ) break ;
1137
1138 if (substr($FN,0,4) != ".del") break ;
1139 $file=substr($FN,4,strlen($FN)-4);
1140
1141 Logit("$fsDir/.del/$file","undeleted");
1142 MoveTo("$fsDir/.del/$file","$fsDir/");
1143 MoveTo("$fsDir/.del/.log/$file","$fsDir/.log/");
1144 MoveTo("$fsDir/.del/.note/$file","$fsDir/.note/");
1145
1146 break ;
1147
1148 case "RENAME" :
1149 if ( $CONFIRM != "on" ) break ;
1150
1151 Logit("$fsDir/$FN","renamed $FN to $NEWNAME");
1152 rename("$fsDir/$FN","$fsDir/$NEWNAME");
1153 rename("$fsDir/.log/$FN","$fsDir/.log/$NEWNAME");
1154
1155 break ;
1156
1157 case "NOTE" :
1158 WriteNote("$fsDir/$FN","$NOTE");
1159 break ;
1160
1161 default :
1162 // user hit "CANCEL" or undefined action
1163 }
1164
1165 // common to all POSTs : redirect to directory view ($relDir)
1166 if ( $POSTACTION != "" ) {
1167 $tstr = $PHP_SELF . "?D=" . urlencode($relDir) ;
1168 header("Location: " . $tstr) ;
1169 exit ;
1170 }
1171
1172 // check for mode.. navigate, code display, upload, or detail?
1173 // $A=U : upload to path given in $D
1174 // $A=E : display detail of file $D/$F and edit
1175 // $A=C : display code in file $D/$F
1176 // default : display directory $D
1177
1178 switch ($A) {
1179 case "U" :
1180 // upload to $relDir
1181 if (!is_writeable($gblFsRoot . $relDir))
1182 Error("Write access denied",$relDir) ;
1183 $text = "Use this page to upload a single " ;
1184 $text .= "file to <B>$SERVER_NAME</B>." ;
1185 StartHTML("(Upload Page)", $text) ;
1186 UploadPage($gblFsRoot, $relDir) ;
1187 EndHTML() ;
1188 exit ;
1189 case "E" :
1190 // detail of $relDir/$F
1191 if (is_file("$gblFsRoot/$relDir/$F")) DetailPage($gblFsRoot, $relDir, $F) ;
1192 exit ;
1193 case "C" :
1194 // listing of $relDir/$F
1195 DisplayCode($gblFsRoot, $relDir, $F) ;
1196 exit ;
1197 }
1198
1199 // default: display directory $relDir
1200 Navigate($gblFsRoot,$relDir) ;
1201 exit ;
1202
1203 Error("Whooah!","By cartesian logic, this never happens") ;
1204 ?>

  ViewVC Help
Powered by ViewVC 1.1.26