--- docman.php 2000/12/21 08:46:18 1.27
+++ docman.php 2001/02/15 21:20:53 1.32
@@ -51,7 +51,7 @@
deleted files!
.htusers is in form:
- login:Real Name:md5(loginpassword)
+ login:Real Name:[md5(loginpassword)|auth_*]:email@host.dom
TODO:
@@ -75,41 +75,20 @@
// error_reporting(4) ; // how verbose ?
+ // from where to include auth_*.php modules?
+ $gblIncDir = "/home/httpd/docman";
+
// username/password should not be system
// usernames/passwords !!
-// $gblPw = "hash_of_your_username_and_password" ;
-
-// $gblAuth = false ; // use builtin authentication
- $gblAuth = true ; // use builtin authentication
- $gblHash = "md5" ; // hash function to use
-
$gblPw = "";
- if ($gblAuth) {
- $htusers_file=dirname($SCRIPT_FILENAME)."/.htusers";
- if (! file_exists($htusers_file)) {
- $htusers=fopen($htusers_file,"a+");
- fputs($htusers,"# Change owner of $htusers_file to root !!\n");
- fputs($htusers,"demo:full name:md5_hash\n");
- fclose($htusers);
- }
- $htusers=fopen($htusers_file,"r");
- while($user = fgetcsv($htusers,255,":")) {
- if ($user[0] == $GLOBALS["PHP_AUTH_USER"]) {
- $gblUserName=$user[1];
- $gblPw=$user[2];
- $gblEmail=$user[3];
- continue ;
- }
- }
- fclose($htusers);
- }
-
+ // date format
// $gblDateFmt="D, F d, Y";
-// $gblTimeFmt="g:i:sA";
-
$gblDateFmt="Y-m-d";
+
+ // time format
+// $gblTimeFmt="g:i:sA";
$gblTimeFmt="H:i:s";
// Number of backup files to keep
@@ -121,12 +100,12 @@
// choose GifIcon below unless you have the M$
// WingDings font installed on your system
- $gblIcon = "GifIcon" ; // MockIcon or GifIcon
+ $gblIcon="GifIcon"; // MockIcon or GifIcon
// the directory below should be /icons/ or /icons/small/
// on Apache; a set of icons is included in the distribution
- $gblIconLocation = "/icons/" ;
+ $gblIconLocation="/icons/";
// files you want to be able to edit in text mode
// and view with (primitive) syntax highlighting
@@ -145,7 +124,7 @@
function StartHTML($title,$text="") {
- $title = "Site Manager " . $title ;
+ $title = "Document Manager " . $title ;
$host = $GLOBALS["HTTP_HOST"] ;
$self = $GLOBALS["PHP_SELF"] ;
?>
@@ -224,7 +203,7 @@
function DetailPage($fsRoot,$relDir,$fn) {
- global $gblEditable, $gblImages ;
+ global $gblEditable, $gblImages, $webRoot ;
$self = $GLOBALS["PHP_SELF"] ;
$relPath = $relDir . "/" . $fn ;
@@ -292,7 +271,7 @@
}
if ( !$file_lock && $ext!="" && strstr(join(' ',$gblImages),$ext) ) {
$info = getimagesize($fsPath) ;
- $tstr = "" ;
// echo htmlentities($tstr) . "
" . $tstr ;
@@ -376,7 +355,7 @@
while ($e = array_shift($logarr)) {
if (strstr($e[4],"upload")) {
if (file_exists("$bakdir/$bakcount/$name")) {
- $e[4]="$e[4]";
+ $e[4]="$e[4]";
}
$bakcount++;
}
@@ -637,15 +616,11 @@
function Navigate($fsRoot,$relDir) {
- global $gblEditable, $gblIcon, $gblModDays ;
+ global $gblEditable, $gblIcon, $gblModDays, $webRoot ;
$self = $GLOBALS["PHP_SELF"] ;
- if (isset($GLOBALS["HTTPS"]) && $GLOBALS["HTTPS"] == "on") {
- $webRoot = "https://" . $GLOBALS["HTTP_HOST"] ;
- } else {
- $webRoot = "http://" . $GLOBALS["HTTP_HOST"] ;
- }
- $fsDir = $fsRoot . $relDir . "/" ; // current directory
+
+ $fsDir = $fsRoot . $relDir . "/" ; // current directory
if (!is_dir($fsDir)) Error("Dir not found",$relDir) ;
@@ -920,29 +895,6 @@
//////////////////////////////////////////////////////////////////
-function CreateHash($user, $pw) {
-
- global $gblHash ; // hash function to use
-
- if ($user == "" || $pw == "") {
- $text = "either no password or no username supplied" ;
- Error("Create Hash",$text) ;
- }
- $title = "(Create Hash)" ;
- StartHTML($title) ;
- echo "
" ; - echo "
Copy the value below and paste it " ; - echo "into the" ; - EndHTML() ; - exit ; - -} // end function CreateHash - -////////////////////////////////////////////////////////////////// - function NoEntry() { $user = $GLOBALS["PHP_AUTH_USER"] ; @@ -952,20 +904,7 @@ $title = "(401 Unauthorized)" ; $text = "No trespassing !" ; StartHTML($title,$text) ; -?> - - -$htusers_file and set it correct permissions (not writable by web server as it is now!). You can add users using adduser.pl script!"); + exit; + } else { + Error("Can't create proto user file!","Please make directory ".dirname($htusers_file)." writable or create .htusers file by hand using adduser.pl script!"); + exit; + } } + $htusers=fopen($htusers_file,"r"); + while($user = fgetcsv($htusers,255,":")) { + if ($user[0] == $GLOBALS["PHP_AUTH_USER"]) { + $gblUserName=$user[1]; + $gblPw=$user[2]; + if (substr($gblPw,0,5) == "auth_" && file_exists("$gblIncDir/$gblPw.php")) { + require("$gblIncDir/$gblPw.php"); + if ($gblPw($user)) { + $gblPw=md5($PHP_AUTH_USER.$PHP_AUTH_PW); + } else { + $gblPw="error".md5($PHP_AUTH_USER.$PHP_AUTH_PW); + } + } + $gblEmail=$user[3]; + continue ; + } + } + fclose($htusers); - // authentication if $gblAuth == true - if ( $gblAuth && $gblHash($PHP_AUTH_USER.$PHP_AUTH_PW) != $gblPw || + // authentication failure + if ( md5($PHP_AUTH_USER.$PHP_AUTH_PW) != $gblPw || isset($relogin) && $gblPw == $relogin ) { header("WWW-authenticate: basic realm=\"$HTTP_HOST\"") ; header("HTTP/1.0 401 Unauthorized") ; @@ -1224,6 +1192,13 @@ $fsDir = $gblFsRoot . $relDir ; // current directory if ( !is_dir($fsDir) ) Error("Dir not found",$relDir) ; + if (isset($GLOBALS["HTTPS"]) && $GLOBALS["HTTPS"] == "on") { + $webRoot = "https://"; + } else { + $webRoot = "http://"; + } + $webRoot .= $GLOBALS["HTTP_HOST"] . $relScriptDir; + $FN=stripSlashes($FN); switch ($POSTACTION) { @@ -1437,7 +1412,7 @@ // checkout Lock("$gblFsRoot/$relDir/$F"); header("Content-Disposition: attachment; filename=$F" ); - Header("Location: ".urlpath("$relDir/$F")); + Header("Location: $webRoot".urlpath("$relDir/$F")); exit; case "Ci" : $F=stripSlashes($F); @@ -1454,7 +1429,7 @@ // view LogIt("$gblFsRoot/$relDir/$F","viewed"); header("Content-Disposition: attachment; filename=$F" ); - Header("Location: ".urlpath("$relDir/$F")); + Header("Location: $webRoot".urlpath("$relDir/$F")); exit; case "Ch" : StartHTML("(File changes)","All changes chronologicaly...");
value for \$gblPw in the source of " ; - echo "this file
" . $gblHash($user.$pw) ; - echo "
Hash function: " . $gblHash ; - echo "