--- docman.php	2002/07/28 12:14:18	1.14
+++ docman.php	2002/07/28 14:16:04	1.17
@@ -582,8 +582,6 @@
 	
 	$self     = $HTTP_SERVER_VARS["PHP_SELF"] ;
 
-	if ($relDir == "") $relDir = "/";
-
 	$fsDir = $fsRoot.$relDir."/";	// current directory
 
 	if (!is_dir($fsDir)) Error("Dir not found",$relDir,1) ; 
@@ -904,8 +902,6 @@
 	global $html, $HTTP_SERVER_VARS;
 
 	$self = $HTTP_SERVER_VARS["PHP_SELF"] ;
-	if ($relDir == "") $relDir = "/" ; 
-
 	include("$html/UploadPage.html");
 
 } // end function UploadPage
@@ -1375,12 +1371,14 @@
 }//init_trustee
 
 function in_group($user,$group) {
-	return in_array($groups[$group],$user);
+	global $groups;
+	return in_array($user,$groups[$group]);
 }
 
 // helper function
 function unroll_perm($u,$t,$user,$perm) {
-	// check user
+
+	// check user FIX
 	if ($t & trmask_not && ($u==$user)) continue;
 	if (!($t & trmask_not) && ($u!=$user)) continue;
 
@@ -1406,9 +1404,7 @@
 	$path = "/";
 	while (count($path_arr)) {
 		if (substr($path,strlen($path)-1,1) != "/") $path.="/";
-		$path.=array_shift($path_arr);
 		$tr = $trustees[$path];
-
 		if (isset($tr)) {
 			// first apply trustee for all
 			if (isset($tr['*'])) {
@@ -1416,21 +1412,20 @@
 				unset($tr['*']);
 			}
 			// then apply group policies
-			foreach ($tr as $u=>$t) {
-				if ($t & trmask_group && in_group($user,$u)) {
+			foreach ($tr as $g=>$t) {
+				if ($t & trmask_group && in_group($user,$g)) {
 					// resolv user
 					$t = $t & ~trmask_group;
-					$u = $user;
-					$perm = unroll_perm($u,$t,$user, $perm);
-					unset($tr[$u]);
+					$perm = unroll_perm($user,$t,$user, $perm);
+					unset($tr[$g]);
 				}
 			}
-			// then apply use policy
+			// then apply user policy
 			if (isset($tr[$user])) {
 				$perm = unroll_perm($user,$tr[$user],$user, $perm);
 				unset($tr[$user]);
 			}
-
+		$path.=array_shift($path_arr);
 		}
 
 	}
@@ -1446,6 +1441,7 @@
 
 	global $debug;
 $debug.="<br>check_perm: <tt>$path</tt> test perm ".display_trustee($perm)."<br>\n";
+
 	$return = ! $HAVE_TRUSTEE;
 	if ($HAVE_TRUSTEE) {
 		$perm = check_trustee($gblLogin,$path);
@@ -1571,8 +1567,12 @@
 	// get ACL informations
 	$HAVE_TRUSTEE = init_trustee();
 
+	// take additional login vars
+	$relogin = $HTTP_GET_VARS[relogin];
+	$force_login = $HTTP_GET_VARS[force_login];
+
 	if (strtolower($gblLogin) == "anonymous" || !isset($gblPasswd)) {
-		$perm = check_trustee($gblLogin,$path);
+		$perm = check_trustee("anonymous",$path);
 		// browsing must be explicitly allowed for root directory
 		// of repository for anonymous user to work!
 		if ($perm[allow] & trperm_b) {
@@ -1618,8 +1618,6 @@
 		$relDir = $D;
 	}
 
-	if ($relDir == "/") $relDir = "" ; 	
-
 	$relScriptDir = dirname($SCRIPT_NAME) ;  	
 	// i.e. /docman
 
@@ -1628,7 +1626,7 @@
 	// i.e. /home/httpd/repository
 
 	$fsDir = $gblFsRoot . $relDir ; // current directory
-	if ( !is_dir($fsDir) ) Error("Dir not found",$relDir,1) ;
+	if ( !is_dir($fsDir) ) Error("Dir not found","Can't find <tt>$relDir</tt> which points to <tt>$fsDir</tt>",1) ;
 
 	if (isset($HTTP_SERVER_VARS["HTTPS"]) && $HTTP_SERVER_VARS["HTTPS"] == "on") {
 		$webRoot  = "https://";
@@ -1824,8 +1822,10 @@
 	switch ($A) {
 	case "U" :
 		// upload to $relDir
+		if (! check_perm($relDir, trperm_w))
+			Error("Write access denied","You don't have permission to write in <tt>$relDir</tt>");
 		if (!is_writeable($gblFsRoot . $relDir)) 
-			Error("Write access denied",$relDir) ;
+			Error("Write access denied","User <tt>$gblLogin</tt> has permission on <tt>$relDir</tt>, but directory is not writable",1);
 		$text  = "Use this page to upload a single " ;
 		$text .= "file to <B>$realm</B>." ;
 		StartHTML("(Upload Page)", $text) ;
@@ -1875,15 +1875,12 @@
 	case "I" :
 		if (! isset($F) || $F == "")
 			Error("Can't find file to include","Your request didn't specify file to include which should be in variable <tt>F</tt> like <tt>$HTTP_SERVER_VARS[REQUEST_URI]<b>&F=include_php_file</b></tt>",1);
-		if (file_exists("$gblIncDir/include_php/$F.php")) {
-			$inc_file="$gblIncDir/include_php/${F}.php";
-		} elseif (file_exists("$fsRealmDir/$realm/$F.php")) {
-			$inc_file="$fsRealmDir/$realm/${F}.php";
-		} else {
-			Error("Can't find file to include","Can't find include file <tt>$F.php</tt> in <tt>$gblIncDir/include_php/<tt> nor <tt>$fsRealmDir/$realm/</tt>",1);
+		$inc_file="$fsRealmDir/$realm".$realm_sep.$F.".php";
+		if (! file_exists($inc_file)) {
+			Error("Can't find file to include","Can't find include file <tt>$F.php</tt> in <tt>$fsRealmDir/$realm/</tt>. Meybe you should copy <tt>$gblIncDir/include_php/$F.php</tt> to <tt>$inc_file<tt> ?",1);
 		}
 		if (!is_readable($inc_file))
-			Error("Read access to include file denied","Can't read PHP include file <tt>$inc_file</tt>. Fix permissions on it.");
+			Error("Read access to include file denied","Can't read PHP include file <tt>$inc_file</tt>. Fix permissions on it.",1);
 		$text  = "Your include file should define \$text variable which holds this text and \$title variable which is page title";
 		$title = "You should define \$title variable with page title";
 		include($inc_file);