/[docman]/docman.php

This is repository of my old source code which isn't updated any more. Go to git.rot13.org for current projects!

Diff of /docman.php

Parent Directory | Revision Log | View Patch Patch

-revision 1.16 by dpavlin,
Wed Sep  6 14:06:02 2000 UTC
+revision 1.30 by dpavlin,
Fri Jan 26 12:39:57 2001 UTC
 Line 35
  /*             existent address after file modifications.       */
  /*
--07-25 Dobrica Pavlinusic <dpavlin@rot13.org>
-         nuked exec calls (unsecure)
+         This project is now called Directory Manager.
-         nuked writeable function (replaced by php is_writeable)
-         added support for https (tested with apache+mod_ssl)
-         added users file
-         date format user-selectable
-         cycle backup files in bak directory
-         support links as directoryes (for now)
-         support of file history logging
-         undelete capabilities (delete moves to .del directory)
--07-26 DbP
+         For more info, please see web pages at
+         http://www.rot13.org/~dpavlin/docman.html
-         added more checking on entered filename (when creating file/dir)
+         It's relased under GPL by
-         added rename option
+         Dobrica Pavlinusic <dpavlin@rot13.org>
  IMPORTANT INSTALLATION NOTE:
-Line 59 
 IMPORTANT INSTALLATION NOTE:
+Line 51 
 IMPORTANT INSTALLATION NOTE:
          deleted files!
          .htusers is in form:
-         login:Real Name:md5(loginpassword)
+         login:Real Name:[md5(loginpassword)|auth_*]:email@host.dom
  TODO:
          mixed file/directory output (add type to each entry,
                  real support for links)
-         retrieve old versions of files (overwritten)
+         access controll
-         show last lock date
  */
  //////////////////////////////////////////////////////////////////
-Line 80 
 TODO:
+Line 71 
 TODO:
  // GLOBAL PARAMETERS
  // =================
- // Make modifications here to suit siteman to your needs
+ // Make modifications here to suit docman to your needs
  //      error_reporting(4) ;            // how verbose ?
+         // from where to include auth_*.php modules?
+         $gblIncDir = "/home/httpd/docman";
          // username/password should not be system
          // usernames/passwords !!
- //      $gblPw    = "hash_of_your_username_and_password" ;
- //      $gblAuth  = false ;             // use builtin authentication
-         $gblAuth  = true ;             // use builtin authentication
-         $gblHash  = "md5" ;             // hash function to use
          $gblPw    = "";
-         if ($gblAuth) {
+         $htusers_file=dirname($SCRIPT_FILENAME)."/.htusers";
-                 $htusers_file=dirname($SCRIPT_FILENAME)."/.htusers";
+         if (! file_exists($htusers_file)) {
-                 if (! file_exists($htusers_file)) {
+                 $htusers=fopen($htusers_file,"a+");
-                         $htusers=fopen($htusers_file,"a+");
+                 fputs($htusers,"# Change owner of $htusers_file to root !!\n");
-                         fputs($htusers,"# Change owner of $htusers_file to root !!\n");
+                 fputs($htusers,"demo:full name:[md5_hash|auth_*]:e-mail\n");
-                         fputs($htusers,"demo:full name:md5_hash\n");
+                 fclose($htusers);
-                         fclose($htusers);
+         }
-                 }
+         $htusers=fopen($htusers_file,"r");
-                 $htusers=fopen($htusers_file,"r");
+         while($user = fgetcsv($htusers,255,":")) {
-                 while($user = fgetcsv($htusers,255,":")) {
+                 if ($user[0] == $GLOBALS["PHP_AUTH_USER"]) {
-                         if ($user[0] == $GLOBALS["PHP_AUTH_USER"]) {
+                         $gblUserName=$user[1];
-                                 $gblUserName=$user[1];
+                         $gblPw=$user[2];
-                                 $gblPw=$user[2];
+                         if (substr($gblPw,0,5) == "auth_" && file_exists("$gblIncDir/$gblPw.php")) {
-                                 $gblEmail=$user[3];
+                                 require("$gblIncDir/$gblPw.php");
-                                 continue ;
+                                 if ($gblPw($user)) {
+                                         $gblPw=md5($PHP_AUTH_USER.$PHP_AUTH_PW);
+                                 } else {
+                                         $gblPw="error".md5($PHP_AUTH_USER.$PHP_AUTH_PW);
+                                 }
                          }
+                         $gblEmail=$user[3];
+                         continue ;
                  }
-                 fclose($htusers);
          }
+         fclose($htusers);
+         // date format
  //      $gblDateFmt="D, F d, Y";
- //      $gblTimeFmt="g:i:sA";
          $gblDateFmt="Y-m-d";
+         // time format
+ //      $gblTimeFmt="g:i:sA";
          $gblTimeFmt="H:i:s";
          // Number of backup files to keep
-Line 130 
 TODO:
+Line 126 
 TODO:
          // choose GifIcon below unless you have the M$
          // WingDings font installed on your system
-         $gblIcon = "GifIcon" ;          // MockIcon or GifIcon
+         $gblIcon="GifIcon";             // MockIcon or GifIcon
          // the directory below should be /icons/ or /icons/small/
          // on Apache; a set of icons is included in the distribution
-         $gblIconLocation = "/icons/" ;
+         $gblIconLocation="/icons/";
          // files you want to be able to edit in text mode
          // and view with (primitive) syntax highlighting
-Line 154 
 TODO:
+Line 150 
 TODO:
  function StartHTML($title,$text="") {
-         $title = "Site Manager " . $title ;
+         $title = "Document Manager " . $title ;
          $host  = $GLOBALS["HTTP_HOST"] ;
          $self  = $GLOBALS["PHP_SELF"] ;
  ?>
-Line 367 
 echo($fstr) ; ?></TEXTAREA>
+Line 363 
 echo($fstr) ; ?></TEXTAREA>
  </FORM>
  <?php
          $name=basename("$fsDir/$fn");
          $logname=dirname("$fsDir/$fn")."/.log/$name";
          $bakdir=dirname("$fsDir/$fn")."/.bak";
          if (file_exists($logname)) {
                  $log=fopen($logname,"r");
-                 $cl1=" class=lst"; $cl2="";
+                 $cl1=" class=LST"; $cl2="";
                  $logarr = array();
                  while($line = fgetcsv($log,255,"\t")) {
                          $cl=$cl1; $cl1=$cl2; $cl2=$cl;
-Line 385 
 echo($fstr) ; ?></TEXTAREA>
+Line 381 
 echo($fstr) ; ?></TEXTAREA>
                  while ($e = array_shift($logarr)) {
                          if (strstr($e[4],"upload")) {
                                  if (file_exists("$bakdir/$bakcount/$name")) {
-                                         $e[4]="<a href=\"".dirname($relPath)."/.bak/$bakcount/$name\">$e[4]</a>";
+                                         $e[4]="<a href=\"".urlpath(dirname($relPath)."/.bak/$bakcount/$name")."\">$e[4]</a>";
                                  }
                                  $bakcount++;
                          }
-Line 650 
 function Navigate($fsRoot,$relDir) {
+Line 646 
 function Navigate($fsRoot,$relDir) {
          $self     = $GLOBALS["PHP_SELF"] ;
          if (isset($GLOBALS["HTTPS"]) && $GLOBALS["HTTPS"] == "on") {
-                 $webRoot  = "https://" . $GLOBALS["SERVER_NAME"] ;
+                 $webRoot  = "https://" . $GLOBALS["HTTP_HOST"] ;
          } else {
-                 $webRoot  = "http://" . $GLOBALS["SERVER_NAME"] ;
+                 $webRoot  = "http://" . $GLOBALS["HTTP_HOST"] ;
          }
          $fsDir    = $fsRoot . $relDir . "/" ; // current directory
-Line 695 
 function Navigate($fsRoot,$relDir) {
+Line 691 
 function Navigate($fsRoot,$relDir) {
                  $text .= ", <a href=$self?D=".urlencode($relDir)."&show_deleted=1>undelete</a>";
          }
          $text .= " or revise files on this web site." ;
+         $text .= "<br>Examine list of files <a href=\"$self?A=Ch1\">changed in last day</a> or <a href=\"$self?A=Ch\">all changes</a>.";
          StartHTML("(Navigate)",$text) ;
          echo "<TABLE BORDER=0 CELLPADDING=2
-Line 828 
 function Navigate($fsRoot,$relDir) {
+Line 825 
 function Navigate($fsRoot,$relDir) {
  <?php
            }  // iterate over files
-         }  // end if no files
+         } else {  // end if no files
+ ?>
+  <TR><TD></TD><TD COLSPAN=5 CLASS=LST>
+   No files in this directory
+  </TD></TR>
+ <?
+         }
          if ($emptyDir) {
  ?>
-Line 848 
 function Navigate($fsRoot,$relDir) {
+Line 851 
 function Navigate($fsRoot,$relDir) {
  <TR><TD></TD><TD COLSPAN=5><HR></TD></TR>
- <TR><TD></TD><TD COLSPAN=5>
  <?
  if (file_exists(".info.inc")) {
+         print "<TR><TD></TD><TD COLSPAN=5>";
          include(".info.inc");
+         print "</TD></TR>
+         <TR><TD></TD><TD COLSPAN=5><HR></TD></TR>";
  }
  ?>
- </TD></TR>
- <TR><TD></TD><TD COLSPAN=5><HR></TD></TR>
  <FORM METHOD="POST" ACTION="<?= $self ?>">
  <TR><TD></TD><TD COLSPAN=5 CLASS=BAR>CREATE NEW
-Line 878 
 if (file_exists(".info.inc")) {
+Line 880 
 if (file_exists(".info.inc")) {
  //////////////////////////////////////////////////////////////////
- function UploadPage($fsRoot, $relDir, $filename) {
+ function UploadPage($fsRoot, $relDir, $filename="") {
          $self = $GLOBALS["PHP_SELF"] ;
          if ($relDir == "") $relDir = "/" ;
-Line 888 
 function UploadPage($fsRoot, $relDir, $f
+Line 890 
 function UploadPage($fsRoot, $relDir, $f
  <FORM ENCTYPE="multipart/form-data" METHOD="POST"
   ACTION="<?= $self ?>">
  DESTINATION DIRECTORY:<B><?= " " . $relDir ?></B>
- <? if (isset($filename)) { ?>
+ <? if (isset($filename) && $filename!="") { ?>
  <br>DESTINATION FILE:<B><?= " " . $filename ?></B>
  <INPUT TYPE="HIDDEN" NAME="FILENAME" VALUE="<?= $filename ?>">
  <? } ?>
-Line 923 
 function Error($title,$text="") {
+Line 925 
 function Error($title,$text="") {
  //////////////////////////////////////////////////////////////////
- function CreateHash($user, $pw) {
-         global $gblHash ;  // hash function to use
-         if ($user == "" || $pw == "") {
-                 $text = "either no password or no username supplied" ;
-                 Error("Create Hash",$text) ;
-         }
-         $title = "(Create Hash)" ;
-         StartHTML($title) ;
-         echo "<P ALIGN=center>" ;
-         echo "<BLOCKQUOTE>Copy the value below and paste it " ;
-         echo "into the<BR>value for \$gblPw in the source of " ;
-         echo "this file<BR><BR><B>" . $gblHash($user.$pw) ;
-         echo "</B><BR><BR>Hash function: " . $gblHash ;
-         echo "</BLOCKQUOTE></P>" ;
-         EndHTML() ;
-         exit ;
- } // end function CreateHash
- //////////////////////////////////////////////////////////////////
  function NoEntry() {
          $user = $GLOBALS["PHP_AUTH_USER"] ;
-Line 955 
 function NoEntry() {
+Line 934 
 function NoEntry() {
          $title = "(401 Unauthorized)" ;
          $text  = "No trespassing !" ;
          StartHTML($title,$text) ;
- ?>
- <FORM ACTION="<?= $self ?>?HASH=create" METHOD="POST">
- <INPUT TYPE="HIDDEN" NAME="USER" VALUE="<?= $user ?>">
- <INPUT TYPE="HIDDEN" NAME="PW" VALUE="<?= $pw ?>">
- <BLOCKQUOTE><B>If you are a site administrator:</B><BR><BR>
- Click below to <B>generate a password hash</B><BR>from
- the username-password pair you just<BR>entered. Then include the hash in
- the source<BR>of this file.<BR><BR>
- <INPUT TYPE="SUBMIT" VALUE="CREATE HASH">
- </BLOCKQUOTE></FORM>
- <?php
          EndHTML() ;
          exit ;
  }
  //////////////////////////////////////////////////////////////////
- function Logit($target,$msg) {
+ function LogIt($target,$msg) {
          $dir=dirname($target);
          if (! file_exists($dir."/.log")) {
-Line 995 
 function Logit($target,$msg) {
+Line 961 
 function Logit($target,$msg) {
  function WriteNote($target,$msg) {
+         $target=stripSlashes($target);
          $dir=dirname($target);
          if (! file_exists($dir."/.note")) {
                  mkdir($dir."/.note",0700);
-Line 1011 
 function WriteNote($target,$msg) {
+Line 978 
 function WriteNote($target,$msg) {
  function ReadNote($target) {
+         $target=stripSlashes($target);
          $dir=dirname($target);
          $file=basename($target);
          $msg="";
-Line 1027 
 function ReadNote($target) {
+Line 995 
 function ReadNote($target) {
  function MoveTo($source,$folder) {
+         $source=stripSlashes($source);
          $file=basename($source);
          if (! file_exists($folder)) {
                  mkdir($folder,0700);
-Line 1040 
 function MoveTo($source,$folder) {
+Line 1009 
 function MoveTo($source,$folder) {
  function Lock($target) {
+         $target=stripSlashes($target);
          $dir=dirname($target);
          if (! file_exists($dir."/.lock")) {
                  mkdir($dir."/.lock",0700);
-Line 1060 
 function Lock($target) {
+Line 1030 
 function Lock($target) {
  function CheckLock($target) {
+         $target=stripSlashes($target);
          $dir=dirname($target);
          $file=basename($target);
          $msg=0;
-Line 1074 
 function CheckLock($target) {
+Line 1045 
 function CheckLock($target) {
  function Unlock($target) {
+         $target=stripSlashes($target);
          $dir=dirname($target);
          $file=basename($target);
          if (file_exists($dir."/.lock/$file")) {
-Line 1122 
 function rrmdir($dir) {
+Line 1094 
 function rrmdir($dir) {
  //////////////////////////////////////////////////////////////////
+ function ChangeLog($target,$msg) {
+         global $gblFsRoot;
+         $log=fopen("$gblFsRoot/.changelog","a+");
+         if (substr($target,0,strlen($gblFsRoot)) == $gblFsRoot)
+                 $target=substr($target,strlen($gblFsRoot),strlen($target)-strlen($gblFsRoot));
+         fputs($log,time()."\t$target\t$GLOBALS[gblUserName]\t$msg\n");
+         fclose($log);
+ }
+ function DisplayChangeLog($day) {
+         global $gblFsRoot;
+         if (!file_exists("$gblFsRoot/.changelog")) return;
+         $log=fopen("$gblFsRoot/.changelog","r");
+         $logarr = array();
+         while($line = fgetcsv($log,255,"\t")) {
+                 if ($day!=1 || ($day==1 && (time()-$line[0] < 24*60*60))) {
+                         array_unshift($logarr,array($line[0],$line[1],$line[2],$line[3]));
+                 }
+         }
+         fclose($log);
+         $cl1=" class=LST"; $cl2="";
+         print "<table border=0 width=100%>\n";
+         while ($e = array_shift($logarr)) {
+                 $cl=$cl1; $cl1=$cl2; $cl2=$cl;
+                 $date = date("$GLOBALS[gblDateFmt]", $e[0]);
+                 $time = date("$GLOBALS[gblTimeFmt]", $e[0]);
+                 $dir = dirname($e[1]);
+                 $file = basename($e[1]);
+                 print "<tr><td$cl>$date</td><td$cl>$time</td><td$cl><a href=\"$GLOBALS[PHP_SELF]?D=".urlencode($dir)."\">$dir</a>/$file</td><td$cl>$e[2]</td><td$cl>$e[3]</td></tr>\n";
+         }
+         print "</table>";
+         print "<p>".GifIcon(up)." Back to <a href=$GLOBALS[PHP_SELF]>front page</a>.</p>";
+ }
+ //////////////////////////////////////////////////////////////////
  // MAIN PROGRAM
  // ============
  // query parameters: capital letters
-Line 1137 
 function rrmdir($dir) {
+Line 1148 
 function rrmdir($dir) {
          // forks before authentication: style sheet and hash
          // creation if password not yet set.
          if ($STYLE == "get") { CSS() ; exit ; }
-         if ($HASH != "") {
-                 CreateHash($USER, $PW) ;
-                 exit ;
-         }
-         // authentication if $gblAuth == true
+         // authentication failure
-         if ( $gblAuth && $gblHash($PHP_AUTH_USER.$PHP_AUTH_PW) != $gblPw ||
+         if ( md5($PHP_AUTH_USER.$PHP_AUTH_PW) != $gblPw ||
                  isset($relogin) && $gblPw == $relogin ) {
-                 header("WWW-authenticate: basic realm=\"$SERVER_NAME\"") ;
+                 header("WWW-authenticate: basic realm=\"$HTTP_HOST\"") ;
                  header("HTTP/1.0 401 Unauthorized") ;
                  NoEntry() ;
                  exit ;
-Line 1168 
 function rrmdir($dir) {
+Line 1175 
 function rrmdir($dir) {
          // i.e. below $gblFsRoot.
          $relScriptDir = dirname($SCRIPT_NAME) ;
-         // i.e. /siteman
+         // i.e. /docman
          $fsScriptDir  = dirname($SCRIPT_FILENAME) ;
-         // i.e. /home/httpd/html/siteman
+         // i.e. /home/httpd/html/docman
-         $gblFsRoot = substr($fsScriptDir,0,
+         // start on server root
-           strlen($fsScriptDir)-strlen($relScriptDir)) ;
+ //      $gblFsRoot = substr($fsScriptDir,0, strlen($fsScriptDir)-strlen($relScriptDir)) ;
+         // or on script root
+         $gblFsRoot = $fsScriptDir;
          // i.e. /home/httpd/html
          $fsDir = $gblFsRoot . $relDir ; // current directory
          if ( !is_dir($fsDir) ) Error("Dir not found",$relDir) ;
+         $FN=stripSlashes($FN);
          switch ($POSTACTION) {
          case "UPLOAD" :
                  if (!is_writeable($fsDir)) Error("Write denied",$relDir) ;
-Line 1188 
 function rrmdir($dir) {
+Line 1199 
 function rrmdir($dir) {
                  // TODO : should rather check for escapeshellcmds
                  // but maybe RFC 18xx asserts safe filenames ....
                  $source = $FN ;
+                 if (! file_exists($source)) {
+                         Error("You must select file with browse to upload it!");
+                 }
                  if (! isset($FILENAME)) {       // from update file
                          $target = "$fsDir/$FN_name" ;
                  } else {
-Line 1215 
 function rrmdir($dir) {
+Line 1229 
 function rrmdir($dir) {
                  if (isset($FILENAME)) {
                          Unlock($target);
                  }
+                 ChangeLog($target,"updated");
                  break ;
          case "SAVE" :
-                 $path = $gblFsRoot . escapeshellcmd($RELPATH) ;
+                 $path = $gblFsRoot . $RELPATH ;
+                 $path=stripSlashes($path);
                  $writable = is_writeable($path) ;
                  $legaldir = is_writeable(dirname($path)) ;
                  $exists   = (file_exists($path)) ? 1 : 0 ;
-Line 1226 
 function rrmdir($dir) {
+Line 1242 
 function rrmdir($dir) {
                  if (!($writable || (!$exists && $legaldir)))
                          Error("Write denied",$RELPATH) ;
                  $fh = fopen($path, "w") ;
+                 $FILEDATA=stripSlashes($FILEDATA);
                  fwrite($fh,$FILEDATA) ;
                  fclose($fh) ;
                  clearstatcache() ;
                  Logit($path,"saved changes");
+                 ChangeLog($path,"saved changes");
                  break ;
          case "CREATE" :
-Line 1260 
 function rrmdir($dir) {
+Line 1278 
 function rrmdir($dir) {
                          }
                          $tstr = "$PHP_SELF?A=E&D=".urlencode($relDir)."&F=".urlencode($FN) ;
                          header("Location: " . $tstr) ;
+                         ChangeLog($target,"created");
                          exit ;
                  }
                  break ;
-Line 1357 
 function rrmdir($dir) {
+Line 1376 
 function rrmdir($dir) {
          // $A=Ci : checkin file $D/$F
          // $A=V : view file (do nothing except log)
          // default : display directory $D
          switch ($A) {
          case "U" :
                  // upload to $relDir
                  if (!is_writeable($gblFsRoot . $relDir))
                          Error("Write access denied",$relDir) ;
                  $text  = "Use this page to upload a single " ;
-                 $text .= "file to <B>$SERVER_NAME</B>." ;
+                 $text .= "file to <B>$HTTP_HOST</B>." ;
                  StartHTML("(Upload Page)", $text) ;
                  UploadPage($gblFsRoot, $relDir) ;
                  EndHTML() ;
                  exit ;
          case "E" :
+                 $F=stripSlashes($F);
                  // detail of $relDir/$F
                  if (is_file("$gblFsRoot/$relDir/$F")) DetailPage($gblFsRoot, $relDir, $F) ;
                  exit ;
          case "C" :
+                 $F=stripSlashes($F);
                  // listing of $relDir/$F
                  DisplayCode($gblFsRoot, $relDir, $F) ;
                  exit ;
-Line 1384 
 function rrmdir($dir) {
+Line 1405 
 function rrmdir($dir) {
                  Header("Location: ".urlpath("$relDir/$F"));
                  exit;
          case "Ci" :
+                 $F=stripSlashes($F);
                  // upload && update to $relDir
                  if (!is_writeable($gblFsRoot . $relDir))
                          Error("Write access denied",$relDir) ;
                  $text  = "Use this page to update a single " ;
-                 $text .= "file to <B>$SERVER_NAME</B>." ;
+                 $text .= "file to <B>$HTTP_HOST</B>." ;
                  StartHTML("(Update file Page)", $text) ;
                  UploadPage($gblFsRoot, $relDir, $F) ;
                  EndHTML() ;
-Line 1399 
 function rrmdir($dir) {
+Line 1421 
 function rrmdir($dir) {
                  header("Content-Disposition: attachment; filename=$F" );
                  Header("Location: ".urlpath("$relDir/$F"));
                  exit;
+         case "Ch" :
+                 StartHTML("(File changes)","All changes chronologicaly...");
+                 DisplayChangeLog(0);    // all
+                 EndHTML() ;
+                 exit;
+         case "Ch1" :
+                 StartHTML("(File changes)","Changes to files in last day...");
+                 DisplayChangeLog(1);
+                 EndHTML() ;
+                 exit;
          }
          // default: display directory $relDir

 Legend:



Removed from v.1.16
 


changed lines


 
Added in v.1.30
 Legend:



Removed from v.1.16
 


changed lines


 
Added in v.1.30
-Removed from v.1.16
+Added in v.1.30

	ViewVC Help
Powered by ViewVC 1.1.26