/[docman2]/docman.php
This is repository of my old source code which isn't updated any more. Go to git.rot13.org for current projects!
ViewVC logotype

Annotation of /docman.php

Parent Directory Parent Directory | Revision Log Revision Log


Revision 1.24 - (hide annotations)
Mon Jul 29 09:36:22 2002 UTC (21 years, 8 months ago) by dpavlin
Branch: MAIN
Changes since 1.23: +6 -3 lines
misc fixes

1 dpavlin 1.1 <?php
2    
3     /*
4     * Document Manager ][
5     *
6     * Dobrica Pavlinusic <dpavlin@rot13.org>
7     *
8     * License: GPL2
9     *
10     * Document Manager 1.x was based on
11     * Copyright 1999 by John Martin d/b/a www.ANYPORTAL.com
12     * PHP version Copyright 2000 by Stefan@Wiesendanger.org
13     *
14     * For more info, please see web pages at
15     * http://www.rot13.org/~dpavlin/docman.html
16     *
17     */
18    
19    
20     //////////////////////////////////////////////////////////////////
21     // CONFIGURATION OPTIONS
22    
23 dpavlin 1.18 error_reporting(E_ALL) ; // how verbose ?
24 dpavlin 1.1
25     // from where to include auth_*.php modules?
26     $gblIncDir = "/data/docman2";
27    
28 dpavlin 1.5 // force download on view (so it won't open in associated application)
29     $gblForceDownload = 0;
30 dpavlin 1.1
31     // date format
32     $gblDateFmt="Y-m-d";
33     // $gblDateFmt="D, F d, Y";
34    
35     // time format
36     $gblTimeFmt="H:i:s";
37     // $gblTimeFmt="g:i:sA";
38    
39     // Number of backup files to keep
40     $gblNumBackups=3;
41    
42     // show red star if newer than ... days
43     $gblModDays=1;
44    
45     // choose GifIcon below unless you have the M$
46     // WingDings font installed on your system
47    
48     $gblIcon="GifIcon"; // MockIcon or GifIcon
49    
50     // the directory below should be /icons/ or /icons/small/
51     // on Apache; a set of icons is included in the distribution
52    
53     $gblIconLocation="/icons/";
54    
55     // files you want to be able to edit in text mode
56     // and view with (primitive) syntax highlighting
57    
58     $gblEditable = array( ".txt",".asa",".asp",".htm",".html",
59     ".cfm",".php3",".php",".phtml",
60     ".shtml",".css" ) ;
61    
62     // files that will display as images on the detail page
63     // (useless if your browser doesn't support them)
64    
65     $gblImages = array( ".jpg",".jpeg",".gif",".png",".ico",
66     ".bmp",".xbm") ;
67    
68     // which files to hide (separated by ,)
69     $gblHide = "";
70    
71     // Where are users? (by default in .htusers file)
72     $gblUsers = "file";
73    
74     //////////////////////////////////////////////////////////////////
75    
76     $gblTitle = "Document Manager";
77     $gblVersion = "2.0-pre1";
78    
79     $secHash = "";
80    
81     // location of html files
82     $html = $gblIncDir."/html";
83    
84     LoadLanguage($HTTP_SERVER_VARS["HTTP_ACCEPT_LANGUAGE"]);
85    
86     // for security and configuration
87 dpavlin 1.18 $realm=$HTTP_SERVER_VARS["HTTP_HOST"];
88 dpavlin 1.1
89 dpavlin 1.19 $fsDocumentRoot = dirname($HTTP_SERVER_VARS["SCRIPT_FILENAME"]);
90 dpavlin 1.3 if ($fsDocumentRoot == "") Error("Configuration error","Can't get SCRIPT_FILENAME from your web server. Please set <tt>\$fsDocumentRoot</tt> in <tt>\$</tt>",1);
91 dpavlin 1.1
92     // globals for later
93 dpavlin 1.23 $gblLogin = HTTP_SERVER_VAR("PHP_AUTH_USER");
94     $gblPasswd = HTTP_SERVER_VAR("PHP_AUTH_PW");
95 dpavlin 1.1
96     //////////////////////////////////////////////////////////////////
97    
98     function LoadLanguage($lang) {
99    
100     global $gblIncDir,$html;
101    
102     if (file_exists($gblIncDir."/lang/$lang.php")) {
103     include($gblIncDir."/lang/$lang.php");
104     $html .= "-$lang";
105     } else {
106     include($gblIncDir."/lang/default.php");
107     }
108     }
109    
110     function StartHTML($title,$text="") {
111    
112 dpavlin 1.19 global $html,$fsDocumentRoot,$gblTitle,$HTTP_SERVER_VARS;
113 dpavlin 1.1
114 dpavlin 1.4 $host = $HTTP_SERVER_VARS["HTTP_HOST"] ;
115     $self = $HTTP_SERVER_VARS["PHP_SELF"] ;
116 dpavlin 1.1
117     if (file_exists("$fsDocumentRoot/docman.css")) {
118     $css=dirname($self)."/docman.css";
119     } else {
120 dpavlin 1.11 $css=$self."?STYLE=get";
121 dpavlin 1.1 }
122    
123     include("$html/head.html");
124     }
125    
126     //////////////////////////////////////////////////////////////////
127    
128     function EndHTML() {
129    
130     global $gblDateFmt, $gblTimeFmt, $gblUserName, $PHP_SELF,
131     $secHash, $gblVersion, $html,
132     $gblLogin,$gblPasswd;
133    
134     $url = $PHP_SELF."?relogin=";
135     if (isset($secHash) && $secHash != "") {
136     $url .= $secHash;
137     } else {
138     $url .= md5($gblLogin.$gblPasswd);
139     }
140 dpavlin 1.18 if ( ( (isset($gblLogin) && $gblLogin != "") ||
141     (!isset($gblLogin) || $gblLogin == "")
142     ) && ($gblPasswd == "" || !isset($gblPasswd))) {
143 dpavlin 1.1 $url_title="login";
144     $url .= "&force_login=1";
145     } else {
146     $url_title="relogin";
147     }
148     include("$html/footer.html");
149 dpavlin 1.13
150     global $debug;
151     if ($debug) print $debug;
152 dpavlin 1.1 } // end function EndHTML
153    
154     //////////////////////////////////////////////////////////////////
155    
156     function DetailPage($fsRoot,$relDir,$fn) {
157    
158 dpavlin 1.22 global $gblEditable, $gblImages,
159     $gblDateFmt, $gblTimeFmt,
160     $webRoot, $html,
161     $HTTP_SERVER_VARS ;
162 dpavlin 1.4 $self = $HTTP_SERVER_VARS["PHP_SELF"] ;
163 dpavlin 1.1
164     $relPath = $relDir . "/" . $fn ;
165     $fsPath = $fsRoot . $relPath ;
166     $fsDir = $fsRoot . $relDir ;
167    
168     $exists = file_exists($fsPath) ;
169     $ext = strtolower(strrchr($relPath,".")) ;
170 dpavlin 1.13 $editable = ( $ext=="" || strstr(join(" ",$gblEditable),$ext)) &&
171     check_perm($relPath,trperm_w);
172     $writable = is_writeable($fsPath) && check_perm($relPath,trperm_w) ;
173     $writable_dir = is_writeable($fsDir) && check_perm($relDir,trperm_w) ;
174 dpavlin 1.1 $file_lock = CheckLock($fsPath);
175    
176     if (!$editable && !$exists)
177 dpavlin 1.13 Error("Creation denied","Can't create <tt>$relPath</tt>") ;
178     if (!$exists && !$writable_dir )
179     Error("Creation denied","Can't write in directory <tt>$relDir</tt> while creating <tt>$relPath</tt>for which user has permissions.",1);
180 dpavlin 1.1
181     $text = _("Use this page to view, modify or ") ;
182     if (is_dir($fsPath)) {
183     $text .=_("delete a directory on this ") ;
184     } else {
185     $text .= _("delete a single document on this ") ;
186     };
187     $text .= _("web site.") ;
188     $title = "("._("Detail Page").")" ;
189     StartHTML($title, $text) ;
190    
191     echo "<H3>" . $relDir . "/" . $fn . "</H3>" ;
192     if ($exists) { // get file info
193     $fsize = filesize($fsPath) ;
194 dpavlin 1.22 $fmodified = date("$gblDateFmt $gblTimeFmt", filemtime($fsPath)) ;
195     $faccessed = date("$gblDateFmt $gblTimeFmt", fileatime($fsPath)) ;
196 dpavlin 1.1 $fuid=fileowner($fsPath);
197     $fgid=filegroup($fsPath);
198     $userinfo = posix_getpwuid($fuid);
199     $grpinfo = posix_getgrgid($fgid);
200    
201     include("$html/DetailPage-file.html");
202     }
203    
204     if ( !is_dir($fsPath) && $editable && ($writable || !$exists) && !$file_lock ) {
205     $fh = fopen($fsPath,"a+") ;
206     rewind($fh) ;
207     $fstr = fread($fh,filesize($fsPath)) ;
208     fclose($fh) ;
209     $fstr = htmlentities( $fstr ) ;
210     ?>
211    
212 dpavlin 1.13 <FORM ACTION="<?= $self ?>" METHOD="POST">
213 dpavlin 1.1 <SPAN TITLE="Click [SAVE] to store updated contents.">
214     <B>DOCUMENT CONTENTS</B>
215     </SPAN><BR>
216     <TEXTAREA NAME="FILEDATA" ROWS=18 COLS=70 WRAP="OFF"><?php
217     echo($fstr) ; ?></TEXTAREA>
218     <INPUT TYPE="HIDDEN" NAME="DIR" VALUE="<?= $relDir ; ?>">
219     <INPUT TYPE="HIDDEN" NAME="FN" VALUE="<?= $fn ; ?>">
220     <INPUT TYPE="HIDDEN" NAME="POSTACTION" VALUE="SAVE">
221     <INPUT TYPE="HIDDEN" SIZE=48 MAXLENGTH=255 NAME="RELPATH"
222     VALUE="<?= $relPath ; ?>">
223     <br>
224     <INPUT TYPE="RESET" VALUE="UNDO ALL CHANGES">
225     <INPUT TYPE="SUBMIT" VALUE="SAVE">
226     </FORM>
227    
228     <?php
229     }
230     if ( !$file_lock && $ext!="" && strstr(join(' ',$gblImages),$ext) ) {
231     $info = getimagesize($fsPath) ;
232     $tstr = "<IMG SRC=\"$webRoot".urlpath($relPath)."\" BORDER=0 " ;
233     $tstr .= $info[3] . " ALT=\"" . $fn . " - " ;
234     $tstr .= (int)(($fsize+1023)/1024) . "Kb\">" ;
235     // echo htmlentities($tstr) . "<BR><BR>" . $tstr ;
236     echo $tstr ;
237     }
238    
239     ?>
240    
241     <FORM ACTION="<?= $self ; ?>" METHOD="POST">
242     <INPUT TYPE="HIDDEN" NAME="DIR" VALUE="<?= $relDir ; ?>">
243     <INPUT TYPE="HIDDEN" NAME="FN" VALUE="<?= $fn ; ?>">
244     <INPUT TYPE="SUBMIT" NAME="POSTACTION" VALUE="CANCEL"><BR>
245    
246     <?php
247    
248     if ($file_lock) {
249     ?>
250     <hr>
251     <SPAN TITLE="Check OK and click UNLOCK to remove lock on file.">
252     <B>OK TO FORCE LOCK REMOVAL ON "<?= $fn ; ?>" HELD BY <?= $file_lock ?>? </B></SPAN>
253     <INPUT TYPE="CHECKBOX" NAME="CONFIRM">
254     <INPUT TYPE="SUBMIT" NAME="POSTACTION" VALUE="UNLOCK">
255     <?
256     } // file_lock
257    
258     if (substr($fn,0,4) == ".del") {
259     $action="UNDELETE";
260     $desc="undelete previously deleted file";
261     } else {
262     $action="DELETE";
263     $desc="delete";
264     }
265    
266     if ($exists && $writable) {
267     ?>
268    
269     <HR>
270     <a name="undelete">
271     <SPAN TITLE="Check OK and click [<?= $action ?>] to <?= $desc ?>.">
272     <B>OK TO <?= $action ?> "<?= $fn ; ?>"? </B></SPAN>
273     <INPUT TYPE="CHECKBOX" NAME="CONFIRM">
274     <INPUT TYPE="SUBMIT" NAME="POSTACTION" VALUE="<?= $action ?>">
275    
276     <HR>
277     <a name="rename">
278     <SPAN TITLE="Check OK and click [RENAME] to rename.">
279     <B>OK TO RENAME "<?= $fn ; ?>" TO
280     <INPUT TYPE="TEXT" SIZE=24 MAXLENGTH=255 NAME="NEWNAME" VALUE="<?= $fn ?>">
281     ? </B></SPAN>
282     <INPUT TYPE="CHECKBOX" NAME="CONFIRM">
283     <INPUT TYPE="SUBMIT" NAME="POSTACTION" VALUE="RENAME">
284    
285     <?php
286     } // exists && writable
287     ?>
288     <HR>
289     <a name="note">
290     <B>NOTE FOR "<?= $fn ; ?>":
291     <INPUT TYPE="TEXT" SIZE=50 MAXLENGTH=255 NAME="NOTE" VALUE="<?= ReadNote($fsPath) ?>">
292     </B></SPAN>
293     <INPUT TYPE="SUBMIT" NAME="POSTACTION" VALUE="NOTE">
294    
295     </FORM>
296    
297     <?php
298    
299     $name=basename("$fsDir/$fn");
300     $logname=dirname("$fsDir/$fn")."/.log/$name";
301     $bakdir=dirname("$fsDir/$fn")."/.bak";
302     if (file_exists($logname)) {
303     $log=fopen($logname,"r");
304     $cl1=" class=LST"; $cl2="";
305     $logarr = array();
306     while($line = fgetcsv($log,512,"\t")) {
307     $cl=$cl1; $cl1=$cl2; $cl2=$cl;
308     array_unshift($logarr,array($cl,$line[0],$line[1],$line[2],$line[3]));
309     }
310     fclose($log);
311     if (is_dir("$fsDir/$fn")) {
312     $whatis="DIRECTORY";
313     } else {
314     $whatis="FILE";
315     }
316     print "<hr><br><b>CHANGES TO THIS $whatis</b><br><table border=0 width=100%>\n";
317     $bakcount = 0; // start from 0, skip fist backup (it's current)
318     while ($e = array_shift($logarr)) {
319     if (strstr($e[4],"upload")) {
320     if (file_exists("$bakdir/$bakcount/$name")) {
321     $e[4]="<a href=\"$webRoot".urlpath(dirname($relPath)."/.bak/$bakcount/$name")."\">$e[4]</a>";
322     }
323     $bakcount++;
324     }
325     print "<tr><td$e[0]>$e[1]</td><td$e[0]>$e[2]</td><td$e[0]>$e[3]</td><td$e[0]>$e[4]</td></tr>\n";
326     }
327     print "</table>";
328     }
329    
330     EndHTML() ;
331    
332     } // end function DetailPage
333    
334     //////////////////////////////////////////////////////////////////
335    
336     function DisplayCode($fsRoot,$relDir,$fn) {
337    
338     $path = $fsRoot . $relDir . "/" . $fn ;
339    
340     if (!file_exists($path)) Error("File not found",$path) ;
341    
342     StartHTML("(".$relDir."/".$fn.")","");
343    
344     $tstr = join("",file($path)) ;
345     $tstr = htmlentities($tstr) ;
346    
347     // Tabs
348     $tstr = str_replace(chr(9)," ",$tstr) ;
349    
350     // ASP tags & XML/PHP tags
351     $aspbeg = "<SPAN CLASS=XML>&lt;%</SPAN><SPAN CLASS=BLK>" ;
352     $aspend = "</SPAN><SPAN CLASS=XML>%&gt;</SPAN>" ;
353     $tstr = str_replace("&lt;%",$aspbeg,$tstr) ;
354     $tstr = str_replace("%&gt;",$aspend,$tstr) ;
355    
356     $xmlbeg = "<SPAN CLASS=XML>&lt;?</SPAN><SPAN CLASS=BLK>" ;
357     $xmlend = "</SPAN><SPAN CLASS=XML>?&gt;</SPAN>" ;
358     $tstr = str_replace("&lt;?",$xmlbeg,$tstr) ;
359     $tstr = str_replace("?&gt;",$xmlend,$tstr) ;
360    
361     // C style comment
362     $tstr = str_replace("/*","<SPAN CLASS=REM>/*",$tstr) ;
363     $tstr = str_replace("*/","*/</SPAN>",$tstr) ;
364    
365     // HTML comments
366     $tstr = str_replace("&lt;!--","<I CLASS=RED>&lt;!--",$tstr) ;
367     $tstr = str_replace("--&gt;","--&gt;</I>",$tstr) ;
368    
369     echo "<PRE>" ;
370    
371     $tstr = split("\n",$tstr) ;
372     for ($i = 0 ; $i < sizeof($tstr) ; ++$i) {
373     // add line numbers
374     echo "<BR><EM>" ;
375     echo substr(("000" . ($i+1)), -4) . ":</EM> " ;
376     $line = $tstr[$i] ;
377     // C++ style comments
378     $pos = strpos($line,"//") ;
379     // exceptions: two slashes aren't a script comment
380     if (strstr($line,"//") &&
381     ! ($pos>0 && substr($line,$pos-1,1)==":") &&
382     ! (substr($line,$pos,8) == "//--&gt;") &&
383     ! (substr($line,$pos,9) == "// --&gt;")) {
384     $beg = substr($line,0,strpos($line,"//")) ;
385     $end = strstr($line,"//") ;
386     $line = $beg."<SPAN CLASS=REM>".$end."</SPAN>";
387     }
388     // shell & asp style comments
389     $first = substr(ltrim($line),0,1) ;
390     if ($first == "#" || $first == "'") {
391     $line = "<SPAN CLASS=REM>".$line."</SPAN>";
392     }
393     print($line) ;
394     } // next i
395    
396     echo "</PRE>" ;
397    
398     EndHTML() ;
399    
400     } // end function DisplayCode
401    
402     //////////////////////////////////////////////////////////////////
403    
404     function MockIcon($txt) {
405     $tstr = "<SPAN CLASS=MCK>" ;
406    
407     switch (strtolower($txt)) {
408     case ".bmp" :
409     case ".gif" :
410     case ".jpg" :
411     case ".jpeg":
412     case ".tif" :
413     case ".tiff":
414     $d = 176 ;
415     break ;
416     case ".doc" :
417     $d = 50 ;
418     break ;
419     case ".exe" :
420     case ".bat" :
421     $d = 255 ;
422     break ;
423     case ".bas" :
424     case ".c" :
425     case ".cc" :
426     case ".src" :
427     $d = 255 ;
428     break ;
429     case "file" :
430     $d = 51 ;
431     break ;
432     case "fldr" :
433     $d = 48 ;
434     break ;
435     case ".htm" :
436     case ".html":
437     case ".asa" :
438     case ".asp" :
439     case ".cfm" :
440     case ".php3":
441     case ".php" :
442     case ".phtml" :
443     case ".shtml" :
444     $d = 182 ;
445     break ;
446     case ".pdf" :
447     $d = 38 ;
448     break;
449     case ".txt" :
450     case ".ini" :
451     $d = 52 ;
452     break ;
453     case ".xls" :
454     $d = 252 ;
455     break ;
456     case ".zip" :
457     case ".arc" :
458     case ".sit" :
459     case ".tar" :
460     case ".gz" :
461     case ".tgz" :
462     case ".Z" :
463     $d = 59 ;
464     break ;
465     case "view" :
466     $d = 52 ;
467     break ;
468     case "up" :
469     $d = 199 ;
470     break ;
471     case "blank" :
472     return "&nbsp;&nbsp;</SPAN>" ;
473     break ;
474     default :
475     $d = 51 ;
476     }
477    
478     return $tstr . chr($d) . "</SPAN>" ;
479     } // end function MockIcon
480    
481     //////////////////////////////////////////////////////////////////
482    
483     function GifIcon($txt) {
484     global $gblIconLocation ;
485    
486     switch (strtolower($txt)) {
487     case ".bmp" :
488     case ".gif" :
489     case ".jpg" :
490     case ".jpeg":
491     case ".tif" :
492     case ".tiff":
493     $d = "image2.gif" ;
494     break ;
495     case ".doc" :
496     $d = "layout.gif" ;
497     break ;
498     case ".exe" :
499     case ".bat" :
500     $d = "screw2.gif" ;
501     break ;
502     case ".bas" :
503     case ".c" :
504     case ".cc" :
505     case ".src" :
506     $d = "c.gif" ;
507     break ;
508     case "file" :
509     $d = "generic.gif" ;
510     break ;
511     case "fldr" :
512     $d = "dir.gif" ;
513     break ;
514     case ".phps" :
515     $d = "phps.gif" ;
516     break ;
517     case ".php3" :
518     $d = "php3.gif" ;
519     break ;
520     case ".htm" :
521     case ".html":
522     case ".asa" :
523     case ".asp" :
524     case ".cfm" :
525     case ".php3":
526     case ".php" :
527     case ".phtml" :
528     case ".shtml" :
529     $d = "world1.gif" ;
530     break ;
531     case ".pdf" :
532     $d = "pdf.gif" ;
533     break;
534     case ".txt" :
535     case ".ini" :
536     $d = "text.gif" ;
537     break ;
538     case ".xls" :
539     $d = "box2.gif" ;
540     break ;
541     case ".zip" :
542     case ".arc" :
543     case ".sit" :
544     case ".tar" :
545     case ".gz" :
546     case ".tgz" :
547     case ".Z" :
548     $d = "compressed.gif" ;
549     break ;
550     case "view" :
551     $d = "index.gif" ;
552     break ;
553     case "up" :
554     $d = "back.gif" ;
555     break ;
556     case "blank" :
557     $d = "blank.gif" ;
558     break ;
559     case "checkout":
560     $d = "box2.gif";
561     break;
562     case "checkin":
563     $d = "hand.up.gif";
564     break;
565     case "locked":
566     $d = "screw2.gif";
567     break;
568     case "note":
569     $d = "quill.gif";
570     break;
571     default :
572     $d = "generic.gif" ;
573     }
574    
575     return "<IMG SRC=\"$gblIconLocation" . $d . "\" BORDER=0>" ;
576     } // end function GifIcon
577    
578     //////////////////////////////////////////////////////////////////
579    
580     function Navigate($fsRoot,$relDir) {
581    
582     global $gblEditable, $gblIcon, $gblModDays, $webRoot, $gblHide,
583 dpavlin 1.10 $gblIgnoreUnknownFileType, $gblRepositoryDir,
584 dpavlin 1.23 $gblLogin, $gblUserName, $gblDateFmt, $gblTimeFmt,
585 dpavlin 1.12 $fsRealmDir, $realm, $realm_sep,
586 dpavlin 1.19 $html, $realm_config,
587     $HTTP_GET_VARS, $HTTP_SERVER_VARS;
588 dpavlin 1.13
589 dpavlin 1.4 $self = $HTTP_SERVER_VARS["PHP_SELF"] ;
590 dpavlin 1.1
591 dpavlin 1.18 $relDir = chopsl($relDir)."/";
592     $fsDir = $fsRoot.$relDir; // current directory
593 dpavlin 1.1
594 dpavlin 1.18 if (!is_dir($fsDir)) Error("Dir not found","Directory <tt>$relDir<tt> not found on filesystem at <tt>$fsDir</tt>",1) ;
595    
596     global $debug;
597     $debug .= "[$gblLogin|$relDir] before >";
598    
599 dpavlin 1.20 if (! check_perm($relDir,trperm_b))
600 dpavlin 1.18 Error("Access denied","User <tt>$gblLogin</tt> tried to access <tt>$relDir</tt> without valid trustee.",1);
601     $debug .= "< afeter";
602 dpavlin 1.1
603     $hide_items=",$gblHide,";
604    
605 dpavlin 1.19 $dirList = array();
606     $fileList = array();
607    
608 dpavlin 1.1 // read directory contents
609     if ( !($dir = @opendir($fsDir)) )
610 dpavlin 1.4 Error("Read Access denied",$relDir,1) ;
611 dpavlin 1.1 while ($item = readdir($dir)) {
612     if ( substr($item,0,1) == "." || strstr($hide_items,",$item,") ) continue ;
613 dpavlin 1.4 if (is_dir($fsDir.$item) || is_link ($fsDir.$item)) {
614     if (check_perm($relDir.$item,trperm_b)) {
615     $dirList[$item] = $item ;
616     $dirNote[$item] = ReadNote($fsDir.$item);
617     }
618     } else if (is_file($fsDir.$item)) {
619     if (check_perm($relDir.$item,trperm_r)) {
620     $fileList[$item] = $item ;
621     $fileDate[$item] = filemtime($fsDir.$item) ;
622     $fileSize[$item] = filesize($fsDir.$item) ;
623     $fileNote[$item] = ReadNote($fsDir.$item);
624     }
625 dpavlin 1.1 } else {
626 dpavlin 1.4 if (! $gblIgnoreUnknownFileType) Error("File Type Error", "Item <tt>".$fsDir.$item."</tt> is not file, directory or link. If you want to ignore errors like this, set <tt>\$gblIgnoreUnknownFileType = 1</tt> in <tt>$realm_config</tt>.",1);
627 dpavlin 1.1 }
628     }
629     closedir($dir) ;
630    
631     // scan deleted files
632 dpavlin 1.19 if ( HTTP_GET_VAR("show_deleted") == 1 && ($dir = @opendir("$fsDir/.del")) ) {
633 dpavlin 1.1 while ($item = readdir($dir)) {
634     if ( substr($item,0,1) == "." || strstr($hide_items,",$item,") || !check_perm($relDir.$item,trperm_w) ) continue ;
635     $fileList[$item] = ".del/$item" ;
636     $fileDate[$item] = filemtime($fsDir.".del/$path") ;
637     $fileSize[$item] = filesize($fsDir.".del/$path") ;
638     $fileNote[$item] = ReadNote($fsDir.".del/$item");
639     }
640     closedir($dir) ;
641     }
642    
643     $emptyDir = ! (sizeof($dirList) || sizeof($fileList)) ;
644    
645     // start navigation page
646     $text = "Use this page to add, delete";
647 dpavlin 1.19 if (! isset($HTTP_GET_VARS["show_deleted"])) {
648 dpavlin 1.1 $text .= ", <a href=$self?D=".urlencode($relDir)."&show_deleted=1>undelete</a>";
649     }
650     $text .= " or revise files on this web site." ;
651     $text .= "<br>Examine list of files <a href=\"$self?A=Ch1\">changed in last day</a> or <a href=\"$self?A=Ch\">all changes</a>.";
652     StartHTML("(Navigate)",$text) ;
653    
654     echo "<TABLE BORDER=0 CELLPADDING=2
655     CELLSPACING=3 WIDTH=\"100%\">" ;
656    
657 dpavlin 1.13 // updir (parent) bar
658 dpavlin 1.1 if (chopsl($fsDir) != chopsl($fsRoot)) {
659     $parent = dirname($relDir) ;
660     if ($parent == "") $parent = "/" ;
661    
662     include("$html/Navigate-parent.html");
663     }
664    
665     function plural($name,$count) {
666     $out="$count $name";
667     if ($count > 1) {
668     $out.="s";
669     }
670     return $out;
671     }
672    
673 dpavlin 1.19 if (! HTTP_GET_VAR("dsort")) $dsort = "name"; // default directory sort
674 dpavlin 1.1
675     $dsort_arr = array(
676     "name" => array ("rname", "note"),
677     "rname" => array ("name", "note"),
678     "note" => array ("name", "rnote"),
679     "rnote" => array ("name", "note")
680     );
681    
682 dpavlin 1.19 if (! HTTP_GET_VAR("fsort")) $fsort = "name"; // default directory sort
683 dpavlin 1.1
684     $fsort_arr = array(
685     "name" => array ("rname", "note", "date", "size"),
686     "rname" => array ("name", "note", "date", "size"),
687     "note" => array ("name", "rnote", "date", "size"),
688     "rnote" => array ("name", "note", "date", "size"),
689     "date" => array ("name", "note", "rdate", "size"),
690     "rdate" => array ("name", "note", "date", "size"),
691     "size" => array ("name", "note", "date", "rsize"),
692     "rsize" => array ("name", "note", "date", "size")
693     );
694    
695     $D="D=".urlencode($relDir);
696    
697     function self_args($arr = array()) {
698 dpavlin 1.19 global $self;
699 dpavlin 1.1 $arg = implode("&",$arr);
700     if ($arg) {
701     return $self."?".$arg;
702     } else {
703     return $self;
704     }
705     }
706     // output subdirs
707     if (sizeof($dirList) > 0) {
708     switch ($dsort) {
709     case "note":
710     $items = $dirNote;
711     asort($items);
712     break;
713     case "rnote":
714     $items = $dirNote;
715     arsort($items);
716     break;
717     case "rname":
718     $items = $dirList;
719     krsort($items);
720     break;
721     default:
722     $items = $dirList;
723     ksort($items);
724     break;
725     }
726     $durl = self_args(array($D,"dsort=".$dsort_arr[$dsort][0]));
727     $nurl = self_args(array($D,"dsort=".$dsort_arr[$dsort][1]));
728    
729     include("$html/Navigate-dirHeader.html");
730    
731     while (list($key,$dir) = each($items)) {
732    
733     $dir = $dirList[$key];
734    
735 dpavlin 1.2 $info_url=self_args(array("A"=>"A=E", "F"=>"F=".urlencode($dir), "D"=>$D));
736 dpavlin 1.13 $dir_url=$self."?D=".urlencode(chopsl($relDir)."/".$dir);
737 dpavlin 1.1 include("$html/Navigate-dirEntry.html");
738    
739     } // iterate over dirs
740     } // end if no dirs
741    
742     $durl = self_args(array($D,"fsort=".$fsort_arr[$fsort][0]));
743     $nurl = self_args(array($D,"fsort=".$fsort_arr[$fsort][1]));
744     $uurl = self_args(array($D,"fsort=".$fsort_arr[$fsort][2]));
745     $surl = self_args(array($D,"fsort=".$fsort_arr[$fsort][3]));
746    
747     include("$html/Navigate-fileHeader.html");
748    
749     if (sizeof($fileList) > 0) {
750     switch ($fsort) {
751     case "note":
752     $items = $fileNote;
753     asort($items);
754     break;
755     case "rnote":
756     $items = $fileNote;
757     arsort($items);
758     break;
759     case "date":
760     $items = $fileDate;
761     asort($items);
762     break;
763     case "rdate":
764     $items = $fileDate;
765     arsort($items);
766     break;
767     case "size":
768     $items = $fileSize;
769     asort($items);
770     break;
771     case "rsize":
772     $items = $fileSize;
773     arsort($items);
774     break;
775     case "rname":
776     $items = $fileList;
777     krsort($items);
778     break;
779     default:
780     $items = $fileList;
781     ksort($items);
782     break;
783     }
784    
785     while (list($key,$file) = each($items)) {
786     $file = $fileList[$key];
787     $path = $fsDir."/".$file ;
788     $mod = $fileDate[$key];
789     $sz = $fileSize[$key];
790    
791     if ($sz >= 10240) {
792     $sz = (int)(($sz+1023)/1024) . " k" ;
793     } else {
794     $sz .= " " ;
795     } // end size
796    
797     $a = $b = "" ;
798    
799     $info_url=$self."?A=E&F=".urlencode($file)."&D=".urlencode($relDir);
800    
801     if ( ($mod + $gblModDays*86400) > time() ) {
802     $a = "<SPAN CLASS=RED TITLE=\"Newer" ;
803     $a .= " than $gblModDays days\"> * </SPAN>" ;
804     }
805    
806     $file_lock=CheckLock($path);
807    
808 dpavlin 1.4 $file_url_html="<A HREF=\"$self?A=V&D=".urlencode($relDir)."&F=".urlencode($file);
809 dpavlin 1.1 $file_url_html.="\" TITLE=\"View file\">" ;
810    
811     if (substr($file,0,5) != ".del/") {
812     $file_url_html .= $file . "</A>" . $a ;
813     } else {
814     $file_url_html .= substr($file,5,strlen($file)-5) . "</a> <SPAN CLASS=RED TITLE=\"deleted\"> <a href=\"$info_url#undelete\">deleted</a> </span>";
815     }
816    
817     $note_html="<a href=\"$info_url#note\">".$gblIcon("note")."</a>".ReadNote($path);
818    
819     $ext = strtolower(strrchr($file,".")) ;
820    
821     if ($file_lock) {
822 dpavlin 1.22 if ($file_lock == $gblUserName) {
823 dpavlin 1.4 $b.="<A HREF=\"$self?A=Ci&D=".urlencode($relDir)."&F=".urlencode($file);
824 dpavlin 1.1 $b.="\" TITLE=\"Checkin (update) file on server\">" ;
825     $file_url_html=$b;
826     $b.=$gblIcon("checkin")."</A>" ;
827     $b.= $gblIcon("blank");
828     $file_url_html.="$file</a> $a";
829     $note_html = $gblIcon("blank")."<b>Please check-in (update) this file</b>";
830     } else {
831     $b = $gblIcon("locked");
832     $b.= $gblIcon("blank");
833     $note_html = $gblIcon("blank")."<b>File locked by $file_lock</b>";
834     $file_url_html = "$file $a";
835     }
836     } else {
837 dpavlin 1.4 $b.="<A HREF=\"$self?A=Co&D=".urlencode($relDir)."&F=".urlencode($file);
838 dpavlin 1.1 $b.="\" TITLE=\"Checkout file for edit\">" ;
839 dpavlin 1.4 $b.=$gblIcon("checkout")."</A>";
840 dpavlin 1.1
841     if ( $ext=="" || strstr(join(" ",$gblEditable),$ext) ) {
842 dpavlin 1.4 $b.="<A HREF=\"$self?A=C&D=".urlencode($relDir)."&F=".urlencode($file);
843 dpavlin 1.1 $b.="\" TITLE=\"List contents\">" ;
844     $b.=$gblIcon("view")."</A>" ;
845     } else {
846     $b.= $gblIcon("blank");
847     }
848     }
849    
850 dpavlin 1.22 $mod = date("$gblDateFmt $gblTimeFmt",$mod);
851 dpavlin 1.1
852     include("$html/Navigate-fileEntry.html");
853    
854     } // iterate over files
855     } else { // end if no files
856     ?>
857     <TR><TD></TD><TD COLSPAN=5 CLASS=LST>
858     No files in this directory
859     </TD></TR>
860     <?
861     }
862    
863     if ($emptyDir && $relDir != "") {
864     ?>
865    
866     <FORM METHOD="POST" ACTION="<?= $self ?>">
867     <TR><TD></TD><TD COLSPAN=5 CLASS=BAR>
868     <INPUT TYPE="HIDDEN" NAME="DIR" VALUE="<?= $relDir ?>">
869     OK TO DELETE THIS EMPTY FOLDER?
870     <INPUT TYPE="CHECKBOX" NAME="CONFIRM">
871     <INPUT TYPE="SUBMIT" NAME="POSTACTION" VALUE="DELETE">
872     </TD></TR>
873     </FORM>
874    
875     <?php
876     } // end if emptyDir
877     ?>
878    
879     <TR><TD></TD><TD COLSPAN=5><HR></TD></TR>
880    
881     <?
882 dpavlin 1.10
883 dpavlin 1.12 if (file_exists("$fsRealmDir/$realm".$realm_sep."info.inc")) {
884     print "<TR><TD></TD><TD COLSPAN=5>";
885     include("$fsRealmDir/$realm".$realm_sep."info.inc");
886     print "</TD></TR><TR><TD></TD><TD COLSPAN=5><HR></TD></TR>";
887     } elseif (file_exists("$gblRepositoryDir/.info.inc")) {
888 dpavlin 1.1 print "<TR><TD></TD><TD COLSPAN=5>";
889 dpavlin 1.10 include("$gblRepositoryDir/.info.inc");
890     print "</TD></TR><TR><TD></TD><TD COLSPAN=5><HR></TD></TR>";
891 dpavlin 1.1 }
892 dpavlin 1.10
893 dpavlin 1.12
894 dpavlin 1.1 ?>
895    
896     <FORM METHOD="POST" ACTION="<?= $self ?>">
897     <TR><TD></TD><TD COLSPAN=5 CLASS=BAR>CREATE NEW
898     <INPUT TYPE="RADIO" NAME="T" VALUE="D" CHECKED>DIRECTORY -OR-
899     <INPUT TYPE="RADIO" NAME="T" VALUE="F">FILE : &nbsp;&nbsp;
900     <NOBR>NAME <INPUT TYPE="TEXT" NAME="FN" SIZE=14>
901     <INPUT TYPE="HIDDEN" NAME="POSTACTION" VALUE="CREATE">
902     <INPUT TYPE="HIDDEN" NAME="DIR" VALUE="<?= $relDir ?>">
903     <INPUT TYPE="SUBMIT" VALUE="CREATE" NAME="CREATE">
904     </NOBR>
905     <NOBR>OR <A HREF="<?= $self ?>?A=U&D=<?= urlencode($relDir) ?>">UPLOAD</A> A FILE</NOBR>
906     </TD></TR>
907     </FORM>
908     </TABLE>
909    
910     <?php
911     EndHTML() ;
912     } // end function Navigate
913    
914     //////////////////////////////////////////////////////////////////
915    
916     function UploadPage($fsRoot, $relDir, $filename="") {
917    
918 dpavlin 1.4 global $html, $HTTP_SERVER_VARS;
919    
920     $self = $HTTP_SERVER_VARS["PHP_SELF"] ;
921     include("$html/UploadPage.html");
922 dpavlin 1.1
923     } // end function UploadPage
924    
925     //////////////////////////////////////////////////////////////////
926    
927 dpavlin 1.3 // Error with sysadmin flag are reported to error_log or hidden from
928     // users
929    
930 dpavlin 1.12 function Error($title,$text="",$sysadmin=0,$no_404=0) {
931 dpavlin 1.3 global $gblSeparateAdminMessages,
932     $gblMailAdminMessages,$realm,
933     $HTTP_SERVER_VARS;
934 dpavlin 1.12 if (! headers_sent() && ! $no_404) header("HTTP/1.0 404 Not Found");
935 dpavlin 1.3 if ($sysadmin) {
936     if ($gblSeparateAdminMessages) {
937     $user="Your administrator ";
938     if ($gblMailAdminMessages) {
939     mail($HTTP_SERVER_VARS["SERVER_ADMIN"], "docman $realm error message: $title", strip_tags($text));
940     $user.="<tt>".$HTTP_SERVER_VARS["SERVER_ADMIN"]."</tt> ";
941     }
942     $user.="has been notified about error" ;
943     StartHTML("($title)",$user);
944     echo "<P ALIGN=center>Hit your Browser's Back Button.</P>" ;
945     EndHTML();
946     error_log("docman $realm: ".strip_tags($text));
947     } else {
948     StartHTML("ADMIN: ".$title,$text) ;
949     echo "<P ALIGN=center>Hit your Browser's Back Button.</P>" ;
950     EndHTML();
951     }
952     } else {
953     StartHTML("(".$title.")",$text) ;
954     echo "<P ALIGN=center>Hit your Browser's Back Button.</P>" ;
955     EndHTML() ;
956     }
957 dpavlin 1.1 exit ;
958     } // end function Error
959    
960 dpavlin 1.2 function LogIt($target,$msg, $changelog=0) {
961 dpavlin 1.1
962 dpavlin 1.22 global $gblDateFmt, $gblTimeFmt, $gblUserName, $gblFsRoot;
963    
964 dpavlin 1.1 $dir=dirname($target);
965     if (! file_exists($dir."/.log")) {
966 dpavlin 1.3 if (! @mkdir($dir."/.log",0700)) Error("docman installation problem","can't create log directory <tt>$dir/.log</tt>",1);
967 dpavlin 1.1 }
968     $file=basename($target);
969    
970     $log=fopen("$dir/.log/$file","a+");
971 dpavlin 1.22 fputs($log,date("$gblDateFmt\t$gblTimeFmt").
972     "\t$gblUserName\t$msg\n");
973 dpavlin 1.1 fclose($log);
974    
975 dpavlin 1.2 if (! $changelog) return;
976    
977     $log=fopen("$gblFsRoot/.changelog","a+");
978     if (substr($target,0,strlen($gblFsRoot)) == $gblFsRoot)
979     $target=substr($target,strlen($gblFsRoot),strlen($target)-strlen($gblFsRoot));
980     $msg=str_replace("\t"," ",$msg);
981 dpavlin 1.22 fputs($log,time()."\t$target\t$gblUserName\t$msg\n");
982 dpavlin 1.2 fclose($log);
983    
984     // FIX: implement e-mail notification based on $changelog
985     // permission
986 dpavlin 1.1 }
987    
988    
989     //////////////////////////////////////////////////////////////////
990    
991     function WriteNote($target,$msg) {
992    
993     $target=stripSlashes($target);
994     $dir=dirname($target);
995     if (! file_exists($dir."/.note")) {
996     mkdir($dir."/.note",0700);
997     }
998     $file=basename($target);
999    
1000     $note=fopen("$dir/.note/$file","w");
1001     fputs($note,"$msg\n");
1002     fclose($note);
1003    
1004 dpavlin 1.2 LogIt($target,"added note $msg");
1005 dpavlin 1.1
1006     }
1007    
1008     function ReadNote($target) {
1009    
1010     $target=stripSlashes($target);
1011     $dir=dirname($target);
1012     $file=basename($target);
1013     $msg="";
1014     if (file_exists($dir."/.note/$file")) {
1015     $note=fopen("$dir/.note/$file","r");
1016     $msg=fgets($note,4096);
1017     fclose($note);
1018     }
1019     return HtmlSpecialChars(StripSlashes($msg));
1020    
1021     }
1022    
1023     //////////////////////////////////////////////////////////////////
1024    
1025     function MoveTo($source,$folder) {
1026    
1027     $source=stripSlashes($source);
1028     $file=basename($source);
1029     if (! file_exists($folder)) {
1030     mkdir($folder,0700);
1031     }
1032     if (file_exists($source)) {
1033     rename($source,"$folder/$file");
1034     }
1035     }
1036    
1037     //////////////////////////////////////////////////////////////////
1038    
1039     function Lock($target) {
1040    
1041 dpavlin 1.22 global $gblUserName;
1042    
1043 dpavlin 1.1 $target=stripSlashes($target);
1044     $dir=dirname($target);
1045     if (! file_exists($dir."/.lock")) {
1046     mkdir($dir."/.lock",0700);
1047     }
1048     $file=basename($target);
1049    
1050     if (file_exists("$dir/.lock/$file")) {
1051 dpavlin 1.2 LogIt($target,"attempt to locked allready locked file!");
1052 dpavlin 1.1 } else {
1053     $lock=fopen("$dir/.lock/$file","w");
1054 dpavlin 1.22 fputs($lock,"$gblUserName\n");
1055 dpavlin 1.1 fclose($lock);
1056    
1057 dpavlin 1.2 LogIt($target,"file locked");
1058 dpavlin 1.1 }
1059    
1060     }
1061    
1062     function CheckLock($target) {
1063    
1064     $target=stripSlashes($target);
1065     $dir=dirname($target);
1066     $file=basename($target);
1067     $msg=0;
1068     if (file_exists($dir."/.lock/$file")) {
1069     $lock=fopen("$dir/.lock/$file","r");
1070     $msg=fgets($lock,4096);
1071     fclose($lock);
1072     }
1073     return chop($msg);
1074    
1075     }
1076    
1077     function Unlock($target) {
1078    
1079     $target=stripSlashes($target);
1080     $dir=dirname($target);
1081     $file=basename($target);
1082     if (file_exists($dir."/.lock/$file")) {
1083     unlink("$dir/.lock/$file");
1084 dpavlin 1.2 LogIt($target,"file unlocked");
1085 dpavlin 1.1 } else {
1086 dpavlin 1.2 LogIt($target,"attempt to unlocked non-locked file!");
1087 dpavlin 1.1 }
1088    
1089     }
1090    
1091     //////////////////////////////////////////////////////////////////
1092    
1093     function urlpath($url) {
1094     $url=urlencode(StripSlashes("$url"));
1095     $url=str_replace("%2F","/",$url);
1096     $url=str_replace("+","%20",$url);
1097     return($url);
1098     }
1099    
1100     //////////////////////////////////////////////////////////////////
1101    
1102     function safe_rename($fromdir,$fromfile,$tofile) {
1103 dpavlin 1.22
1104     global $gblNumBackups;
1105    
1106 dpavlin 1.1 function try_rename($from,$to) {
1107     # print "$from -> $to\n";
1108     if (file_exists($from) && is_writeable(dirname($to))) {
1109 dpavlin 1.8 return rename($from,$to);
1110     } else {
1111     return 0;
1112 dpavlin 1.1 }
1113     }
1114    
1115     function try_dir($todir) {
1116     if (! file_exists($todir)) {
1117 dpavlin 1.8 @mkdir($todir,0700);
1118 dpavlin 1.1 }
1119     }
1120    
1121     $to="$fromdir/$tofile";
1122     $todir=dirname($to);
1123     $tofile=basename($to);
1124    
1125     # print "<pre>$fromdir / $fromfile -> $todir / $tofile\n\n";
1126    
1127 dpavlin 1.8 if (! try_rename("$fromdir/$fromfile","$todir/$tofile")) Error("Rename error","Can't rename file <tt>$fromfile</tt> to <tt>$tofile</tt>",1);
1128 dpavlin 1.1 try_dir("$todir/.log");
1129     try_rename("$fromdir/.log/$fromfile","$todir/.log/$tofile");
1130     try_dir("$todir/.note");
1131     try_rename("$fromdir/.note/$fromfile","$todir/.note/$tofile");
1132     try_dir("$todir/.lock");
1133     try_rename("$fromdir/.lock/$fromfile","$todir/.lock/$tofile");
1134     try_dir("$todir/.bak");
1135 dpavlin 1.22 for($i=0;$i<=$gblNumBackups;$i++) {
1136 dpavlin 1.1 try_rename("$fromdir/.bak/$i/$fromfile","$todir/.bak/$i/$tofile");
1137     }
1138     }
1139    
1140    
1141     //////////////////////////////////////////////////////////////////
1142    
1143     // recursivly delete directory
1144    
1145     function rrmdir($dir) {
1146     $handle=opendir($dir);
1147     while ($file = readdir($handle)) {
1148     if ($file != "." && $file != "..") {
1149     if (is_dir("$dir/$file"))
1150     rrmdir("$dir/$file");
1151     else
1152     if (! @unlink("$dir/$file")) return(0);
1153     }
1154     }
1155     closedir($handle);
1156     return @rmdir($dir);
1157     }
1158    
1159     //////////////////////////////////////////////////////////////////
1160    
1161     function DisplayChangeLog($day) {
1162    
1163 dpavlin 1.23 global $gblFsRoot, $gblDateFmt, $gblTimeFmt,
1164 dpavlin 1.22 $HTTP_SERVER_VARS;
1165    
1166     $self = $HTTP_SERVER_VARS["PHP_SELF"];
1167 dpavlin 1.4
1168 dpavlin 1.1 if (!file_exists("$gblFsRoot/.changelog")) return;
1169     $log=fopen("$gblFsRoot/.changelog","r");
1170     $logarr = array();
1171     while($line = fgetcsv($log,512,"\t")) {
1172     while (sizeof($line) > 4) {
1173     $tmp = array_pop($line);
1174     $line.=" $tmp";
1175     }
1176     if ($day!=1 || ($day==1 && (time()-$line[0] < 24*60*60))) {
1177     array_unshift($logarr,array($line[0],$line[1],$line[2],$line[3]));
1178     }
1179     }
1180     fclose($log);
1181     $cl1=" class=LST"; $cl2="";
1182     print "<table border=0 width=100%>\n";
1183     while ($e = array_shift($logarr)) {
1184     $cl=$cl1; $cl1=$cl2; $cl2=$cl;
1185 dpavlin 1.22 $date = date($gblDateFmt, $e[0]);
1186     $time = date($gblTimeFmt, $e[0]);
1187 dpavlin 1.1 $dir = dirname($e[1]);
1188     $file = basename($e[1]);
1189 dpavlin 1.4 print "<tr><td$cl>$date</td><td$cl>$time</td><td$cl><a href=\"$HTTP_SERVER_VARS[PHP_SELF]?D=".urlencode($dir)."\">$dir</a>/$file</td><td$cl>$e[2]</td><td$cl>$e[3]</td></tr>\n";
1190 dpavlin 1.1 }
1191     print "</table>";
1192 dpavlin 1.23 print "<p>".GifIcon("up")." Back to <a href=\"$self\">front page</a>.</p>";
1193 dpavlin 1.1 }
1194    
1195     //////////////////////////////////////////////////////////////////
1196    
1197 dpavlin 1.4 function Download($path,$force=0) {
1198     global $HTTP_SERVER_VARS,$mime_type;
1199    
1200     // default transfer-encoding
1201     $encoding = "binary";
1202    
1203     // known transfer encodings
1204     $encoding_ext = array(
1205     "gz" => "x-gzip",
1206     "Z" => "x-compress",
1207     );
1208    
1209     $file = basename($path);
1210 dpavlin 1.1 $size = filesize($path);
1211 dpavlin 1.4
1212     $ext_arr = explode(".",$file);
1213     $ext = array_pop($ext_arr);
1214     if ($encoding_ext[$ext]) {
1215     $encoding = $encoding_ext[$ext];
1216     $ext = array_pop($ext_arr);
1217     }
1218    
1219     if ($force || !isset($mime_type[$ext])) {
1220     header("Content-Type: application/force-download");
1221     } else {
1222     header("Content-Type: $mime_type[$ext]");
1223     }
1224    
1225 dpavlin 1.1 // IE5.5 just downloads index.php if we don't do this
1226 dpavlin 1.4 if(preg_match("/MSIE 5.5/", $HTTP_SERVER_VARS[HTTP_USER_AGENT])) {
1227 dpavlin 1.1 header("Content-Disposition: filename=$file");
1228     } else {
1229     header("Content-Disposition: attachment; filename=$file");
1230     }
1231 dpavlin 1.4
1232     header("Content-Transfer-Encoding: $encoding");
1233 dpavlin 1.1 $fh = fopen($path, "r");
1234     fpassthru($fh);
1235     }
1236    
1237    
1238     //////////////////////////////////////////////////////////////////
1239    
1240     function chopsl($path) {
1241 dpavlin 1.13 $path=str_replace("//","/",$path);
1242 dpavlin 1.1 if (substr($path,strlen($path)-1,1) == "/") $path=substr($path,0,strlen($path)-1);
1243     return $path;
1244     }
1245    
1246     //////////////////////////////////////////////////////////////////
1247     /*
1248     Document manager ACL implementation
1249    
1250     Written by Dobrica Pavlinusic <dpavlin@rot13.org>
1251    
1252     Based on ideas from Linux trustees code
1253     by Vyacheslav Zavadsky <zavadsky@braysystems.com>
1254     */
1255    
1256 dpavlin 1.19 define('trmask_not',1 << 0);
1257     define('trmask_clear',1 << 1);
1258     define('trmask_deny',1 << 2);
1259     define('trmask_one_level',1 << 3);
1260     define('trmask_group',1 << 4);
1261    
1262     define('trperm_r',1 << 5);
1263     define('trperm_w',1 << 6);
1264     define('trperm_b',1 << 7);
1265     define('trperm_n',1 << 8);
1266 dpavlin 1.1
1267     $trustee_a2n = array(
1268     '!' => trmask_not,
1269     'C' => trmask_clear,
1270     'D' => trmask_deny,
1271     'O' => trmask_one_level,
1272     '+' => trmask_group,
1273     'R' => trperm_r,
1274     'W' => trperm_w,
1275     'B' => trperm_b,
1276     'N' => trperm_n,
1277     );
1278    
1279     // debugging function
1280     function display_trustee($t) {
1281     global $trustee_a2n;
1282     $out="";
1283     foreach ($trustee_a2n as $c=>$v) {
1284     if ($t & $v) $out.=$c;
1285     }
1286     return $out;
1287     }
1288     function display_all_trustee() {
1289     global $trustees;
1290     print "trustee dump:<br>\n";
1291     foreach ($trustees as $path => $tr) {
1292     print "<br><tt>$path</tt>\n";
1293     foreach ($tr as $user=>$perm) {
1294     print "$user == $perm (".display_trustee($perm).")<br>\n";
1295     }
1296     }
1297     }
1298    
1299     function init_trustee() {
1300    
1301     global $trustee_conf,$trustee_php,$trustee_a2n,$groups,$trustees;
1302    
1303     // do we need to re-create compiled trustees?
1304     if (! file_exists($trustee_conf)) {
1305     # $error="$trustee_conf doesn't exits";
1306     return 0; # don't use trustees
1307     } elseif (file_exists($trustee_conf) && !is_readable($trustee_conf)) {
1308     $error="<tt>$trustee_conf</tt> exits, but is not readable";
1309     } elseif (!is_writable(dirname($trustee_php))) {
1310     $error="<tt>".dirname($trustee_php)."</tt> must be writable by web server user";
1311     } elseif (file_exists($trustee_php) && !is_writable($trustee_php)) {
1312     $error="trustees cache file <tt>$trustee_php</tt> exists, but is not writable by web server";
1313 dpavlin 1.19 } elseif (@filemtime($trustee_conf) >= @filemtime($trustee_php)) {
1314 dpavlin 1.1 $fp_php=@fopen($trustee_php,"w");
1315     fputs($fp_php,"<?php // don't edit by hand!\n");
1316    
1317     $fp_conf=fopen($trustee_conf,"r");
1318    
1319     $groups_arr = array();
1320     $perm_arr = array();
1321    
1322     $tr_arr = array();
1323    
1324     while (! feof($fp_conf)) {
1325     $l = trim(fgets($fp_conf,4096));
1326     if (substr($l,0,1) == "+") { // no comment
1327     $arr=explode(":",$l);
1328     $groups_arr[$arr[0]] = $arr[1] ;
1329     } elseif (substr($l,0,1) != "#") {
1330     $arr=explode(":",$l);
1331     $path=array_shift($arr);
1332     if ($path == "") continue;
1333     $sep2="";
1334     while ($user=array_shift($arr)) {
1335     $perm=0;
1336     if (substr($user,0,1) == "+") {
1337     $perm|=trmask_group;
1338     $user=substr($user,1,strlen($user)-1);
1339     }
1340     $perm_ascii=array_shift($arr);
1341     for ($i=0;$i<strlen($perm_ascii);$i++) {
1342     $ch=strtoupper($perm_ascii[$i]);
1343     if (isset($trustee_a2n[$ch])) {
1344     $perm|=$trustee_a2n[$ch];
1345     } else {
1346     $error.="trustee error in line '$l' [Unknown modifier '$ch']<br>\n";
1347     }
1348     }
1349 dpavlin 1.19 if (isset($tr_arr[$path][$user])) {
1350     $tr_arr[$path][$user] |= $perm;
1351     } else {
1352     $tr_arr[$path][$user] = $perm;
1353     }
1354 dpavlin 1.1 }
1355     }
1356     }
1357    
1358     fclose($fp_conf);
1359    
1360     // save trustees
1361     $tr_out='$trustees = array (';
1362     $sep1="";
1363     while (list ($path, $tr) = each ($tr_arr)) {
1364     $tr_out.="$sep1\n\t'$path'=>array(";
1365     $sep2="";
1366     while (list($user,$perm)=each($tr)) {
1367     $tr_out.="$sep2\n\t\t'$user'=>$perm";
1368     $sep2=",";
1369     }
1370     $tr_out.="\n\t)";
1371     $sep1=",";
1372     }
1373     $tr_out.="\n);";
1374    
1375     // save groups
1376     $gr_out='$groups = array (';
1377     $sep="";
1378     while (list ($group, $members) = each ($groups_arr)) {
1379     $gr_out.="$sep\n\t'";
1380     $gr_out.=substr($group,1,strlen($group)-1);
1381     $gr_out.="'=>array('".join("','",explode(",",$members))."')";
1382     $sep=",";
1383     }
1384     $gr_out.="\n);\n";
1385    
1386     fputs($fp_php,$gr_out);
1387     fputs($fp_php,$tr_out);
1388     fputs($fp_php,"?>\n");
1389     fclose($fp_php);
1390     }
1391    
1392 dpavlin 1.19 if (isset($error)) {
1393 dpavlin 1.3 Error("Trustee error",$error,1);
1394 dpavlin 1.1 } else {
1395 dpavlin 1.19 include_once("$trustee_php");
1396 dpavlin 1.1 }
1397    
1398     return 1;
1399    
1400     }//init_trustee
1401    
1402     function in_group($user,$group) {
1403 dpavlin 1.16 global $groups;
1404     return in_array($user,$groups[$group]);
1405 dpavlin 1.1 }
1406    
1407     // helper function
1408 dpavlin 1.23 function unroll_perm($u,$t,$perm,$one_level) {
1409 dpavlin 1.17
1410 dpavlin 1.21 if ($t & trmask_one_level && !$one_level) return $perm;
1411    
1412 dpavlin 1.1 if ($t & trmask_deny) {
1413     if ($t & trmask_clear) {
1414 dpavlin 1.19 $perm['deny'] &= ~$t;
1415 dpavlin 1.1 } else {
1416 dpavlin 1.19 $perm['deny'] |= $t;
1417 dpavlin 1.1 }
1418     } elseif ($t & trmask_clear) {
1419 dpavlin 1.19 $perm['allow'] &= ~$t;
1420 dpavlin 1.1 } else {
1421 dpavlin 1.19 $perm['allow'] |= $t;
1422 dpavlin 1.1 }
1423     return $perm;
1424     }// end of helper function
1425    
1426     function check_trustee($user,$path) {
1427 dpavlin 1.24 global $trustees,$HAVE_TRUSTEE;
1428 dpavlin 1.19 $perm['allow'] = 0;
1429     $perm['deny'] = 0;
1430    
1431 dpavlin 1.24 // do we use trustees?
1432     if (! $HAVE_TRUSTEE) return $perm;
1433    
1434     if (! isset($trustees)) Error("Trustees not found","Can't find in-memory trustee structure <tt>\$trustees</tt>. Probably bug in code. Contact <tt>dpavlin@rot13.org</tt>",1);
1435 dpavlin 1.18
1436     global $debug;
1437     $debug .= "<br>check_trustee $path ... ";
1438    
1439 dpavlin 1.1 $path_arr=explode("/",$path);
1440 dpavlin 1.18 $tmppath = "/";
1441 dpavlin 1.1 while (count($path_arr)) {
1442 dpavlin 1.18 $tmppath.=array_shift($path_arr);
1443     $debug.= ">> $tmppath ";
1444    
1445 dpavlin 1.19 if (! isset($trustees[$tmppath])) continue;
1446     $tr = $trustees[$tmppath];
1447 dpavlin 1.18
1448 dpavlin 1.21 $one_level = (!count($path_arr));
1449     $debug.=" O($one_level) ";
1450    
1451 dpavlin 1.1 if (isset($tr)) {
1452     // first apply trustee for all
1453     if (isset($tr['*'])) {
1454 dpavlin 1.23 $perm = unroll_perm($user,$tr['*'],$perm, $one_level);
1455 dpavlin 1.1 unset($tr['*']);
1456     }
1457 dpavlin 1.23 // then apply not and group policies
1458 dpavlin 1.17 foreach ($tr as $g=>$t) {
1459 dpavlin 1.23 if ($t & trmask_not && $g != $user) {
1460     $t = $t & ~trmask_not;
1461     $perm = unroll_perm($user,$t,$perm, $one_level);
1462     unset($tr[$g]);
1463    
1464     } elseif ($t & trmask_group && in_group($user,$g)) {
1465 dpavlin 1.1 // resolv user
1466     $t = $t & ~trmask_group;
1467 dpavlin 1.23 $perm = unroll_perm($user,$t,$perm, $one_level);
1468 dpavlin 1.17 unset($tr[$g]);
1469 dpavlin 1.1 }
1470     }
1471 dpavlin 1.17 // then apply user policy
1472 dpavlin 1.1 if (isset($tr[$user])) {
1473 dpavlin 1.23 $perm = unroll_perm($user,$tr[$user],$perm,$one_level);
1474 dpavlin 1.1 unset($tr[$user]);
1475     }
1476     }
1477 dpavlin 1.19 $debug.="d(".display_trustee($perm['deny']).") a(".display_trustee($perm['allow']).") ";
1478 dpavlin 1.1
1479     }
1480 dpavlin 1.18 $debug.="<br>check_trustee: user: $user path: $path==$tmppath perm: ";
1481 dpavlin 1.19 $debug.="d: ".$perm['deny']." (".display_trustee($perm['deny']).") a: ".$perm['allow']." (".display_trustee($perm['allow']).")<Br>\n";
1482 dpavlin 1.1 return $perm;
1483     }
1484    
1485     // handy functions
1486    
1487     function check_perm($path,$trperm) {
1488     global $gblLogin,$HAVE_TRUSTEE;
1489 dpavlin 1.13
1490     global $debug;
1491 dpavlin 1.19 $debug.="<br>check_perm: on <tt>$path</tt> for perm ".display_trustee($trperm)."<br>\n";
1492 dpavlin 1.16
1493 dpavlin 1.1 $return = ! $HAVE_TRUSTEE;
1494     if ($HAVE_TRUSTEE) {
1495     $perm = check_trustee($gblLogin,$path);
1496 dpavlin 1.19 $debug.=" d: ".$perm['deny']." (".display_trustee($perm['deny']).") a: ".$perm['allow']." (".display_trustee($perm['allow']).") perm to have: $trperm (".display_trustee($trperm).")";
1497     if ($perm['deny'] & $trperm) $return=0;
1498     elseif (($perm['allow'] & $trperm) == $trperm) $return=1;
1499 dpavlin 1.1 }
1500 dpavlin 1.13 $debug.=" return: $return<br>\n";
1501 dpavlin 1.1 return($return);
1502     }
1503    
1504 dpavlin 1.4 //////////////////////////////////////////////////////////////////
1505    
1506     function readMime() {
1507     global $mime_type;
1508    
1509     if (! isset($gblMimeTypes)) {
1510     $gblMimeTypes = "/etc/mime.types";
1511     }
1512    
1513     $mime = @fopen($gblMimeTypes,"r");
1514    
1515     if (! $mime) Error("Can't read MIME types","<tt>$gblMimeTypes</tt> file not found. You can setup other <tt>mime.types</tt> file using <tt>\$gblMimeTypes</tt> in <tt>$realm_config</tt>");
1516    
1517     while($line = fgets($mime,80)) {
1518     if (substr($line,0,1) == "#") continue; // skip comment
1519     $arr = preg_split("/[\s\t]+/",$line);
1520     $type = array_shift($arr);
1521     while ($ext = array_shift($arr)) {
1522     $mime_type[$ext] = $type;
1523     }
1524     }
1525    
1526     fclose($mime);
1527     }
1528 dpavlin 1.1
1529     //////////////////////////////////////////////////////////////////
1530 dpavlin 1.13
1531     // check for invalid characters in filename and dirname (.. and /)
1532    
1533     function check_dirname($file) {
1534     if (strstr($file,"..")) Error("Security violation","No parent dir <tt>..</tt> allowed in directory name <tt>$file</tt>",1);
1535     }
1536    
1537     function check_filename($file) {
1538     if (strstr($file,"..")) Error("Security violation","No parent dir <tt>..</tt> allowed in file name <tt>$file</tt>",1);
1539     if (strstr($file,"/")) Error("Security violation","No slashes <tt>/</tt> allowed in file name <tt>$file</tt>",1);
1540     }
1541    
1542     //////////////////////////////////////////////////////////////////
1543 dpavlin 1.19
1544     // functions to move HTTP server variables to global namespace
1545     // [replacement for register_globals in php.ini]
1546    
1547     function HTTP_GET_VAR($var) {
1548 dpavlin 1.23 global $HTTP_GET_VARS, ${$var};
1549 dpavlin 1.19 if (isset($HTTP_GET_VARS[$var])) {
1550 dpavlin 1.23 $$var = stripSlashes($HTTP_GET_VARS[$var]);
1551     return $$var;
1552 dpavlin 1.19 }
1553     }
1554    
1555     function HTTP_POST_VAR($var) {
1556 dpavlin 1.23 global $HTTP_POST_VARS, ${$var};
1557 dpavlin 1.22 if (isset($HTTP_POST_VARS[$var])) {
1558 dpavlin 1.23 $$var = $HTTP_POST_VARS[$var];
1559     return $$var;
1560     }
1561     }
1562    
1563     function HTTP_SERVER_VAR($var) {
1564     global $HTTP_SERVER_VARS, ${$var};
1565     if (isset($HTTP_SERVER_VARS[$var])) {
1566     $$var = $HTTP_SERVER_VARS[$var];
1567     return $$var;
1568 dpavlin 1.19 }
1569     }
1570    
1571     //////////////////////////////////////////////////////////////////
1572    
1573     function Warn($text) {
1574     }
1575    
1576     //////////////////////////////////////////////////////////////////
1577 dpavlin 1.1 // MAIN PROGRAM
1578    
1579     $gblFilePerms = 0640 ; // default for new files
1580     $gblDirPerms = 0750 ; // default for new dirs
1581    
1582 dpavlin 1.19 if (isset($HTTP_GET_VARS["STYLE"]) && $HTTP_GET_VARS["STYLE"] == "get") {
1583 dpavlin 1.1 include("$html/docman.css");
1584     exit;
1585     }
1586    
1587     // location of master docman configuration file
1588     $docman_conf = "/etc/docman.conf";
1589     if (! file_exists($docman_conf)) {
1590 dpavlin 1.24 $error = "Can't find master configuration file <tt>$docman_conf</tt>. See <tt>docman2/doc/upgrade.html#docman_conf</tt> for more informations";
1591 dpavlin 1.1
1592     error_log("docman: $error");
1593     Error("docman not installed completly",$error);
1594     }
1595     include($docman_conf);
1596    
1597     if (! isset($fsRealmDir)) {
1598     $fsRealmDir = "$gblIncDir/realm";
1599     }
1600 dpavlin 1.12
1601     // try to add dir to script name to realm var
1602 dpavlin 1.19 if (is_dir("$fsRealmDir/$realm/".dirname($HTTP_SERVER_VARS["SCRIPT_NAME"]))) {
1603     $realm .= dirname($HTTP_SERVER_VARS["SCRIPT_NAME"]);
1604 dpavlin 1.12 $realm_sep = "/";
1605     } else {
1606     $realm_sep = ".";
1607     }
1608    
1609     $realm_config = $fsRealmDir."/".$realm.$realm_sep."conf";
1610 dpavlin 1.1
1611     // read user-defined configuration
1612     if (file_exists($realm_config)) {
1613     include($realm_config);
1614     } else {
1615     Error("Configuration error","Can't find configuration file at <tt>$realm_config</tt> !");
1616     }
1617    
1618     if (! isset($gblRepositoryDir)) Error("Configuration error","<tt>\$gblRepositoryDir</tt> is not setuped in realm configuration file <tt>$realm_config</tt>");
1619    
1620     // where do we get users from?
1621     if (file_exists("$gblIncDir/htusers/$gblUsers.php")) {
1622     include("$gblIncDir/htusers/$gblUsers.php");
1623     } else {
1624     Error("Configuration error","Can't find user handling module at <tt>$gblIncDir/htusers/$gblUsers.php</tt> ! Please fix <tt>$realm_config</tt>");
1625     }
1626    
1627 dpavlin 1.18 // take additional login vars
1628 dpavlin 1.19 HTTP_GET_VAR("relogin");
1629     HTTP_GET_VAR("force_login");
1630 dpavlin 1.18
1631 dpavlin 1.1 // if no password, or empty password logout
1632     if (
1633     isset($gblLogin) && (
1634     !isset($relogin) || (
1635     isset($relogin) && $relogin != md5($gblLogin.$gblPasswd)
1636     )
1637     ) && (
1638     $gblPasswd == "" || !isset($gblPasswd)
1639     ) && !isset($force_login) && $gblLogin != "anonymous"
1640     ) {
1641     StartHTML("Logout completed","Your login credentials has been erased") ;
1642     EndHTML() ;
1643     exit ;
1644     }
1645    
1646 dpavlin 1.3 if (!is_dir($gblRepositoryDir)) Error("Repository dir not found","Can't find repository directory <tt>$gblRepositoryDir</tt>. Please fix that in <tt>$realm_config</tt> variable <tt>\$gblRepositoryDir</tt>.",1);
1647    
1648 dpavlin 1.1 // trustee (ACL) file configuration
1649 dpavlin 1.12 $trustee_conf="$fsRealmDir/$realm".$realm_sep."trustee";
1650 dpavlin 1.1 // compiled version of trustee file
1651     $trustee_php="$gblRepositoryDir/.trustee.php";
1652     // get ACL informations
1653     $HAVE_TRUSTEE = init_trustee();
1654    
1655 dpavlin 1.18 if (strtolower($gblLogin) == "anonymous" || !isset($gblLogin)) {
1656 dpavlin 1.19 $perm = check_trustee("anonymous","/");
1657 dpavlin 1.1 // browsing must be explicitly allowed for root directory
1658     // of repository for anonymous user to work!
1659 dpavlin 1.19 if ($perm['allow'] & trperm_b) {
1660 dpavlin 1.18 $gblLogin = $gblPasswd = "anonymous";
1661 dpavlin 1.1 $secHash = md5($gblLogin.$gblPasswd);
1662     $gblUserName = "Anonymous user";
1663     }
1664     }
1665    
1666     // authentication failure
1667     if ( md5($gblLogin.$gblPasswd) != $secHash ||
1668     isset($relogin) && $secHash == $relogin) {
1669     header("WWW-authenticate: basic realm=\"$realm\"") ;
1670     header("HTTP/1.0 401 Unauthorized") ;
1671 dpavlin 1.12 Error("401 Unauthorized","No trespassing !",0,1);
1672 dpavlin 1.1 }
1673    
1674 dpavlin 1.13
1675 dpavlin 1.4 // read mime.types
1676     readMime();
1677    
1678 dpavlin 1.23 HTTP_POST_VAR("FN");
1679    
1680 dpavlin 1.13 if ($HTTP_SERVER_VARS["REQUEST_METHOD"] == "POST") {
1681     // take variables from server
1682 dpavlin 1.23 if (HTTP_POST_VAR("FN"))
1683     check_filename($FN);
1684 dpavlin 1.19 if (HTTP_POST_VAR("DIR")) {
1685     check_dirname($DIR);
1686     $relDir = $DIR;
1687     } else {
1688     trigger_error("Can't get DIR",E_USER_WARNING);
1689 dpavlin 1.22 $relDir = "/";
1690 dpavlin 1.19 }
1691     if (HTTP_POST_VAR("RELPATH")) check_dirname($RELPATH);
1692     HTTP_POST_VAR("T");
1693     HTTP_POST_VAR("CONFIRM");
1694 dpavlin 1.13 } else {
1695     // get
1696 dpavlin 1.19 HTTP_GET_VAR("A");
1697     if (HTTP_GET_VAR("D")) {
1698     check_dirname($D);
1699     $D=urldecode($D);
1700     $relDir = $D;
1701     } else {
1702     //trigger_error("Can't get D",E_USER_WARNING);
1703     $relDir = "/";
1704     }
1705     if (HTTP_GET_VAR("F")) check_filename($F);
1706 dpavlin 1.13 }
1707 dpavlin 1.1
1708 dpavlin 1.19 $relScriptDir = dirname($HTTP_SERVER_VARS["SCRIPT_NAME"]) ;
1709 dpavlin 1.1 // i.e. /docman
1710    
1711     // start on server root
1712     $gblFsRoot = $gblRepositoryDir;
1713 dpavlin 1.13 // i.e. /home/httpd/repository
1714 dpavlin 1.1
1715     $fsDir = $gblFsRoot . $relDir ; // current directory
1716 dpavlin 1.16 if ( !is_dir($fsDir) ) Error("Dir not found","Can't find <tt>$relDir</tt> which points to <tt>$fsDir</tt>",1) ;
1717 dpavlin 1.18
1718     if ($relDir == "") $relDir="/";
1719 dpavlin 1.1
1720 dpavlin 1.4 if (isset($HTTP_SERVER_VARS["HTTPS"]) && $HTTP_SERVER_VARS["HTTPS"] == "on") {
1721 dpavlin 1.1 $webRoot = "https://";
1722     } else {
1723     $webRoot = "http://";
1724     }
1725 dpavlin 1.4 $webRoot .= $HTTP_SERVER_VARS["HTTP_HOST"] . $relScriptDir;
1726 dpavlin 1.1
1727 dpavlin 1.19 if (HTTP_POST_VAR("POSTACTION")) switch ($POSTACTION) {
1728 dpavlin 1.1 case "UPLOAD" :
1729 dpavlin 1.4 $FN_name=stripSlashes($HTTP_POST_FILES["FN"]["tmp_name"]);
1730 dpavlin 1.7 $FN=stripSlashes($HTTP_POST_FILES["FN"]["name"]);
1731 dpavlin 1.1 if (!is_writeable($fsDir)) Error("Write denied",$relDir) ;
1732 dpavlin 1.7
1733 dpavlin 1.4 $source = $FN_name ;
1734 dpavlin 1.1 if (! file_exists($source)) {
1735     Error("You must select file with browse to upload it!");
1736     }
1737 dpavlin 1.7
1738 dpavlin 1.22 if (HTTP_POST_VAR("FILENAME")) check_filename($FILENAME);
1739 dpavlin 1.13
1740 dpavlin 1.1 if (! isset($FILENAME)) { // from update file
1741 dpavlin 1.9 $target = "$fsDir/".basename($FN);
1742 dpavlin 1.1 } else {
1743     $target = "$fsDir/$FILENAME";
1744     }
1745    
1746     // backup old files first
1747     $dir=dirname($target);
1748     if (! file_exists($dir."/.bak")) {
1749     mkdir($dir."/.bak",0700);
1750     }
1751 dpavlin 1.22 if (! file_exists($dir."/.bak/$gblNumBackups")) {
1752     mkdir($dir."/.bak/$gblNumBackups",0700);
1753 dpavlin 1.1 }
1754     $file=basename($target);
1755 dpavlin 1.22 for($i=$gblNumBackups-1;$i>0;$i--) {
1756 dpavlin 1.1 MoveTo("$dir/.bak/$i/$file","$dir/.bak/".($i+1)."/");
1757     }
1758     MoveTo($target,$dir."/.bak/1/");
1759    
1760     copy($source,$target) ;
1761     chmod($target,$gblFilePerms) ;
1762     clearstatcache() ;
1763     if (isset($FILENAME)) {
1764 dpavlin 1.2 LogIt($target,"check-in",trperm_r | trperm_w);
1765 dpavlin 1.1 Unlock($target);
1766 dpavlin 1.2 } else {
1767     LogIt($target,"uploaded",trperm_r | trperm_w);
1768 dpavlin 1.1 }
1769     break ;
1770    
1771     case "SAVE" :
1772     $path = $gblFsRoot . $RELPATH ;
1773     $path=stripSlashes($path);
1774     $writable = is_writeable($path) ;
1775     $legaldir = is_writeable(dirname($path)) ;
1776     $exists = (file_exists($path)) ? 1 : 0 ;
1777     // check for legal extension here as well
1778     if (!($writable || (!$exists && $legaldir)))
1779     Error("Write denied",$RELPATH) ;
1780     $fh = fopen($path, "w") ;
1781 dpavlin 1.23 HTTP_POST_VAR("FILEDATA");
1782 dpavlin 1.1 fwrite($fh,$FILEDATA) ;
1783     fclose($fh) ;
1784     clearstatcache() ;
1785 dpavlin 1.2 LogIt($path,"saved changes",trperm_r);
1786 dpavlin 1.1 break ;
1787    
1788     case "CREATE" :
1789     // we know $fsDir exists
1790 dpavlin 1.23 if (! check_perm($relDir, trperm_w))
1791     Error("Write access denied","You don't have permission to write in <tt>$relDir</tt>");
1792     if ($T == "D") $type = "directory";
1793     else $type ="file";
1794     if ($FN == "") Error("Can't create $type","You must enter name of $type to create it.");
1795 dpavlin 1.1 if (!is_writeable($fsDir)) Error("Write denied",$relDir) ;
1796     $path = $fsDir . "/" . $FN ; // file or dir to create
1797     $relPath = $relDir . "/" . $FN ;
1798     switch ( $T ) {
1799     case "D" : // create a directory
1800     if ( ! @mkdir($path,$gblDirPerms) )
1801     Error("Mkdir failed",$relPath) ; // eg. if it exists
1802 dpavlin 1.2 else
1803     LogIt($path."/","dir created",trperm_w);
1804 dpavlin 1.1 clearstatcache() ;
1805     break ;
1806     case "F" : // create a new file
1807     // this functionality is doubled in DetailView().
1808     // better keep it here altogether
1809     // chmod perms to $gblFilePerms
1810     if ( file_exists($path) && !is_writeable($path) )
1811     Error("File not writable", $relPath) ;
1812     $fh = fopen($path, "w+") ;
1813     if ($fh) {
1814     fputs($fh,"\n");
1815     fclose($fh) ;
1816 dpavlin 1.2 LogIt($path,"file created",trperm_r | trperm_w);
1817 dpavlin 1.1 } else {
1818     Error("Creation of file $relPath failed -- $path");
1819     }
1820 dpavlin 1.23 $tstr = $HTTP_SERVER_VARS["PHP_SELF"]."?A=E&D=".urlencode($relDir)."&F=".urlencode($FN) ;
1821 dpavlin 1.1 header("Location: " . $tstr) ;
1822     exit ;
1823     }
1824     break ;
1825    
1826     case "DELETE" :
1827     if ( $CONFIRM != "on" ) break ;
1828    
1829     $tstr = "Attempt to delete non-existing object or " ;
1830     $tstr .= "insufficient privileges: " ;
1831    
1832     if ( $FN != "") { // delete file
1833     $path = $fsDir . "/" . $FN ;
1834    
1835     $dir=dirname($path);
1836     $file=basename($path);
1837     if (! file_exists("$dir/.del")) {
1838     mkdir("$dir/.del",0700);
1839     }
1840    
1841     // if ( ! @unlink($path) ) {
1842     if ( ! rename($path,"$dir/.del/$file") ) {
1843 dpavlin 1.4 LogIt($path,"file delete failed");
1844 dpavlin 1.1 Error("File delete failed", $tstr . $path) ;
1845     } else {
1846 dpavlin 1.2 LogIt($path,"file deleted",trperm_w);
1847 dpavlin 1.1 MoveTo("$dir/.log/$file","$dir/.del/.log/");
1848     MoveTo("$dir/.note/$file","$dir/.del/.note/");
1849     MoveTo("$dir/.lock/$file","$dir/.del/.lock/");
1850     }
1851 dpavlin 1.2 } else { // delete directory
1852     if ( ! @rrmdir($fsDir) ) {
1853     Error("Rmdir failed", $tstr . $fsDir) ;
1854     } else {
1855     LogIt($path,"dir deleted",trperm_w);
1856     $relDir = dirname($relDir) ; // move up
1857     }
1858 dpavlin 1.1 }
1859     break ;
1860    
1861     case "UNDELETE" :
1862     if ( $CONFIRM != "on" ) break ;
1863    
1864     if (substr($FN,0,4) != ".del") break ;
1865     $file=substr($FN,4,strlen($FN)-4);
1866    
1867 dpavlin 1.2 LogIt("$fsDir/.del/$file","undeleted",trperm_w);
1868 dpavlin 1.1 MoveTo("$fsDir/.del/$file","$fsDir/");
1869     MoveTo("$fsDir/.del/.log/$file","$fsDir/.log/");
1870     MoveTo("$fsDir/.del/.note/$file","$fsDir/.note/");
1871     MoveTo("$fsDir/.del/.lock/$file","$fsDir/.lock/");
1872    
1873     break ;
1874    
1875     case "RENAME" :
1876     if ( $CONFIRM != "on" ) break ;
1877    
1878 dpavlin 1.8 $NEWNAME=stripSlashes($HTTP_POST_VARS["NEWNAME"]);
1879 dpavlin 1.2 LogIt("$fsDir/$FN","renamed $FN to $NEWNAME",trperm_r);
1880 dpavlin 1.1 safe_rename($fsDir,$FN,$NEWNAME);
1881     break ;
1882    
1883     case "NOTE" :
1884 dpavlin 1.8 $NOTE=stripSlashes($HTTP_POST_VARS["NOTE"]);
1885 dpavlin 1.1 WriteNote("$fsDir/$FN","$NOTE");
1886     break ;
1887    
1888     case "UNLOCK" :
1889     if ( $CONFIRM != "on" ) break ;
1890     Unlock("$fsDir/$FN");
1891     break ;
1892    
1893     default :
1894     // user hit "CANCEL" or undefined action
1895     }
1896    
1897     // common to all POSTs : redirect to directory view ($relDir)
1898 dpavlin 1.19 if (isset($POSTACTION)) {
1899 dpavlin 1.22 $tstr = $HTTP_SERVER_VARS["PHP_SELF"]."?D=".urlencode($relDir);
1900     header("Location: ".$tstr) ;
1901 dpavlin 1.1 exit ;
1902     }
1903    
1904     // check for mode.. navigate, code display, upload, or detail?
1905     // $A=U : upload to path given in $D
1906     // $A=E : display detail of file $D/$F and edit
1907     // $A=C : display code in file $D/$F
1908     // $A=Co : checkout file $D/$F
1909     // $A=Ci : checkin file $D/$F
1910     // $A=V : view file (do nothing except log)
1911 dpavlin 1.14 // $A=I : include file .$F.php from [$gblIncDir|realm]/include_php
1912 dpavlin 1.1 // default : display directory $D
1913    
1914 dpavlin 1.19 if (isset($A)) switch ($A) {
1915 dpavlin 1.1 case "U" :
1916     // upload to $relDir
1917 dpavlin 1.16 if (! check_perm($relDir, trperm_w))
1918     Error("Write access denied","You don't have permission to write in <tt>$relDir</tt>");
1919 dpavlin 1.1 if (!is_writeable($gblFsRoot . $relDir))
1920 dpavlin 1.16 Error("Write access denied","User <tt>$gblLogin</tt> has permission on <tt>$relDir</tt>, but directory is not writable",1);
1921 dpavlin 1.1 $text = "Use this page to upload a single " ;
1922 dpavlin 1.4 $text .= "file to <B>$realm</B>." ;
1923 dpavlin 1.1 StartHTML("(Upload Page)", $text) ;
1924     UploadPage($gblFsRoot, $relDir) ;
1925     EndHTML() ;
1926     exit ;
1927     case "E" :
1928     // detail of $relDir/$F
1929     if (is_file("$gblFsRoot/$relDir/$F") || is_dir("$gblFsRoot/$relDir/$F")) DetailPage($gblFsRoot, $relDir, $F) ;
1930     exit ;
1931     case "C" :
1932     $F=stripSlashes($F);
1933     // listing of $relDir/$F
1934     DisplayCode($gblFsRoot, $relDir, $F) ;
1935     exit ;
1936     case "Co" :
1937     // checkout
1938     Lock("$gblFsRoot/$relDir/$F");
1939 dpavlin 1.5 Download("$gblFsRoot/$relDir/$F",1);
1940 dpavlin 1.1 exit;
1941     case "Ci" :
1942     $F=stripSlashes($F);
1943     // upload && update to $relDir
1944     if (!is_writeable($gblFsRoot . $relDir))
1945     Error("Write access denied",$relDir) ;
1946     $text = "Use this page to update a single " ;
1947 dpavlin 1.4 $text .= "file to <B>$realm</B>." ;
1948 dpavlin 1.1 StartHTML("(Update file Page)", $text) ;
1949     UploadPage($gblFsRoot, $relDir, $F) ;
1950     EndHTML() ;
1951     exit ;
1952     case "V" :
1953     // view
1954     LogIt("$gblFsRoot/$relDir/$F","viewed");
1955 dpavlin 1.5 Download("$gblFsRoot/$relDir/$F",$gblForceDownload);
1956 dpavlin 1.1 exit;
1957     case "Ch" :
1958     StartHTML("(File changes)","All changes chronologicaly...");
1959     DisplayChangeLog(0); // all
1960     EndHTML() ;
1961     exit;
1962     case "Ch1" :
1963     StartHTML("(File changes)","Changes to files in last day...");
1964     DisplayChangeLog(1);
1965     EndHTML() ;
1966     exit;
1967     case "I" :
1968 dpavlin 1.14 if (! isset($F) || $F == "")
1969     Error("Can't find file to include","Your request didn't specify file to include which should be in variable <tt>F</tt> like <tt>$HTTP_SERVER_VARS[REQUEST_URI]<b>&F=include_php_file</b></tt>",1);
1970 dpavlin 1.15 $inc_file="$fsRealmDir/$realm".$realm_sep.$F.".php";
1971     if (! file_exists($inc_file)) {
1972     Error("Can't find file to include","Can't find include file <tt>$F.php</tt> in <tt>$fsRealmDir/$realm/</tt>. Meybe you should copy <tt>$gblIncDir/include_php/$F.php</tt> to <tt>$inc_file<tt> ?",1);
1973 dpavlin 1.14 }
1974 dpavlin 1.1 if (!is_readable($inc_file))
1975 dpavlin 1.15 Error("Read access to include file denied","Can't read PHP include file <tt>$inc_file</tt>. Fix permissions on it.",1);
1976 dpavlin 1.1 $text = "Your include file should define \$text variable which holds this text and \$title variable which is page title";
1977     $title = "You should define \$title variable with page title";
1978     include($inc_file);
1979     StartHTML($title, $text) ;
1980 dpavlin 1.4 print "<p>".GifIcon(up)." Back to <a href=$HTTP_SERVER_VARS[PHP_SELF]>front page</a>.</p>";
1981 dpavlin 1.1 EndHTML() ;
1982     exit ;
1983     }
1984    
1985     // default: display directory $relDir
1986     Navigate($gblFsRoot,$relDir) ;
1987     exit ;
1988    
1989 dpavlin 1.3 Error("Whooah!","By cartesian logic, this never happens",1) ;
1990 dpavlin 1.1 ?>

  ViewVC Help
Powered by ViewVC 1.1.26