--- docman.php	2002/07/29 12:04:43	1.27
+++ docman.php	2003/04/09 16:50:02	1.36
@@ -74,14 +74,16 @@
 //////////////////////////////////////////////////////////////////
 
 	$gblTitle = "Document Manager";
-	$gblVersion = "2.0-pre1";
+	$gblVersion = "2.0-pre2";
 
 	$secHash    = "";
 
 	// location of html files
 	$html = $gblIncDir."/html";
 
-	LoadLanguage($HTTP_SERVER_VARS["HTTP_ACCEPT_LANGUAGE"]);
+	if (isset($HTTP_SERVER_VARS["HTTP_ACCEPT_LANGUAGE"])) {
+		LoadLanguage($HTTP_SERVER_VARS["HTTP_ACCEPT_LANGUAGE"]);
+	}
 
 	// for security and configuration
 	$realm=$HTTP_SERVER_VARS["HTTP_HOST"];
@@ -147,8 +149,8 @@
 	}
 	include("$html/footer.html");
 
-	global $debug;
-	if ($debug) print $debug;
+#	global $debug;
+#	if ($debug) print $debug;
 } // end function EndHTML
 
 //////////////////////////////////////////////////////////////////
@@ -157,6 +159,7 @@
 	
 	global $gblEditable, $gblImages,
 		$gblDateFmt, $gblTimeFmt,
+		$gblPermNote,
 		$webRoot, $html,
 		$HTTP_SERVER_VARS ;
 	$self = $HTTP_SERVER_VARS["PHP_SELF"] ;
@@ -208,52 +211,27 @@
 		$fstr = fread($fh,filesize($fsPath)) ;
 		fclose($fh) ;
 		$fstr = htmlentities( $fstr ) ;
-?>
 
-<FORM ACTION="<?= $self ?>" METHOD="POST">
-<SPAN TITLE="Click [SAVE] to store updated contents.">
-	<B>DOCUMENT CONTENTS</B>
-</SPAN><BR>
-<TEXTAREA NAME="FILEDATA" ROWS=18 COLS=70 WRAP="OFF"><?php 
-echo($fstr) ; ?></TEXTAREA>
-<INPUT TYPE="HIDDEN" NAME="DIR" VALUE="<?= $relDir ; ?>">
-<INPUT TYPE="HIDDEN" NAME="FN" VALUE="<?= $fn ; ?>">
-<INPUT TYPE="HIDDEN" NAME="POSTACTION" VALUE="SAVE">
-<INPUT TYPE="HIDDEN" SIZE=48 MAXLENGTH=255 NAME="RELPATH" 
-	VALUE="<?= $relPath ; ?>">
-<br>
-<INPUT TYPE="RESET" VALUE="UNDO ALL CHANGES">
-<INPUT TYPE="SUBMIT" VALUE="SAVE">
-</FORM>
-
-<?php
+		include("$html/DetailPage-edit.html");
 	}
 	if ( !$file_lock && $ext!="" && strstr(join(' ',$gblImages),$ext) ) {  
 		$info  = getimagesize($fsPath) ;
-		$tstr = "<IMG SRC=\"$webRoot".urlpath($relPath)."\" BORDER=0 " ;
+		$tstr = "<IMG SRC=\"$self?A=V&D=".urlpath(dirname($relPath))."&F=".urlpath(basename($relPath))."\" BORDER=0 " ;
 		$tstr .= $info[3] . " ALT=\"" . $fn . " - " ;
 		$tstr .= (int)(($fsize+1023)/1024) . "Kb\">" ;
 //		echo htmlentities($tstr) . "<BR><BR>" . $tstr ;
 		echo $tstr ;
 	}
 
-?>
 
-<FORM ACTION="<?= $self ; ?>" METHOD="POST">
-<INPUT TYPE="HIDDEN" NAME="DIR" VALUE="<?= $relDir ; ?>">
-<INPUT TYPE="HIDDEN" NAME="FN" VALUE="<?= $fn ; ?>">
-<INPUT TYPE="SUBMIT" NAME="POSTACTION" VALUE="CANCEL"><BR>
-
-<?php
-
-	if ($file_lock) {
-?>
-<hr>
-<SPAN TITLE="Check OK and click UNLOCK to remove lock on file.">
-<B>OK TO FORCE LOCK REMOVAL ON "<?= $fn ; ?>" HELD BY <?= $file_lock ?>? </B></SPAN>
-<INPUT TYPE="CHECKBOX" NAME="CONFIRM">
-<INPUT TYPE="SUBMIT" NAME="POSTACTION" VALUE="UNLOCK">
-<?
+	print '<FORM ACTION="'.$self.'" METHOD="POST">
+		<INPUT TYPE="HIDDEN" NAME="DIR" VALUE="'.$relDir.'">
+		<INPUT TYPE="HIDDEN" NAME="FN" VALUE="'.$fn.'">
+		<INPUT TYPE="SUBMIT" NAME="POSTACTION" VALUE="CANCEL"><BR>
+		';
+
+	if ($file_lock && check_perm($relDir.$fn,trperm_w)) {
+		include("$html/DetailPage-unlock.html");
 	} // file_lock
 
 	if (substr($fn,0,4) == ".del") {
@@ -265,37 +243,16 @@
 	}
 
 	if ($exists && $writable) {
-?>
+		include("$html/DetailPage-undelete.html");
+		include("$html/DetailPage-rename.html");
 
-<HR>
-<a name="undelete">
-<SPAN TITLE="Check OK and click [<?= $action ?>] to <?= $desc ?>.">
-<B>OK TO <?= $action ?> "<?= $fn ; ?>"? </B></SPAN>
-<INPUT TYPE="CHECKBOX" NAME="CONFIRM">
-<INPUT TYPE="SUBMIT" NAME="POSTACTION" VALUE="<?= $action ?>">
-
-<HR>
-<a name="rename">
-<SPAN TITLE="Check OK and click [RENAME] to rename.">
-<B>OK TO RENAME "<?= $fn ; ?>" TO 
-<INPUT TYPE="TEXT" SIZE=24 MAXLENGTH=255 NAME="NEWNAME" VALUE="<?= $fn ?>">
-? </B></SPAN>
-<INPUT TYPE="CHECKBOX" NAME="CONFIRM">
-<INPUT TYPE="SUBMIT" NAME="POSTACTION" VALUE="RENAME">
-
-<?php
-	}	// exists && writable
-?>
-<HR>
-<a name="note">
-<B>NOTE FOR "<?= $fn ; ?>":
-<INPUT TYPE="TEXT" SIZE=50 MAXLENGTH=255 NAME="NOTE" VALUE="<?= ReadNote($fsPath) ?>">
-</B></SPAN>
-<INPUT TYPE="SUBMIT" NAME="POSTACTION" VALUE="NOTE">
-
-</FORM>
+	}
+	
+	if (check_perm($relDir.$fn,$gblPermNote)) {
+		include("$html/DetailPage-note.html");
+	}
 
-<?php
+	print "</FORM>";
 
 	$name=basename("$fsDir/$fn");
 	$logname=dirname("$fsDir/$fn")."/.log/$name";
@@ -481,18 +438,10 @@
 
 //////////////////////////////////////////////////////////////////
 
-function GifIcon($txt) {
-	global $gblIconLocation ;
+function GifIcon($txt = "") {
+	global $gblIconLocation, $gblImages ;
 
 	switch (strtolower($txt)) {
-	case ".bmp" :
-	case ".gif" :
-	case ".jpg" :
-	case ".jpeg":
-	case ".tif" :
-	case ".tiff": 
-		$d = "image2.gif" ;
-		break ;
 	case ".doc" :
 		$d = "layout.gif" ;
 		break ;
@@ -570,9 +519,14 @@
 		$d = "quill.gif";
 		break;
 	default :
-		$d = "generic.gif" ;
+		if (in_array(strtolower($txt),$gblImages)) {
+			$d = "image2.gif" ;
+		} else {
+			$d = "generic.gif" ;
+		}
 	}
 
+
 	return "<IMG SRC=\"$gblIconLocation" . $d . "\" BORDER=0>" ;
 } // end function GifIcon
 
@@ -583,6 +537,7 @@
 	global $gblEditable, $gblIcon, $gblModDays, $webRoot, $gblHide,
 		$gblIgnoreUnknownFileType, $gblRepositoryDir,
 		$gblLogin, $gblUserName, $gblDateFmt, $gblTimeFmt,
+		$gblPermNote,
 		$fsRealmDir, $realm, $realm_sep,
 		$html, $realm_config,
 		$HTTP_GET_VARS, $HTTP_SERVER_VARS;
@@ -657,8 +612,7 @@
 	$text .= "<br>Examine list of files <a href=\"$self?A=Ch1\">changed in last day</a> or <a href=\"$self?A=Ch\">all changes</a>.";
 	StartHTML("(Navigate)",$text) ;
 
-	echo "<TABLE BORDER=0 CELLPADDING=2 
-		CELLSPACING=3 WIDTH=\"100%\">" ;
+	print "<TABLE BORDER=0 CELLPADDING=2 CELLSPACING=3 WIDTH=\"100%\">" ;
 
 	// updir (parent) bar	
 	if (chopsl($fsDir) != chopsl($fsRoot)) {
@@ -676,7 +630,8 @@
 		return $out;
 	}
 
-	if (! HTTP_GET_VAR("dsort")) $dsort = "name"; // default directory sort
+	$dsort = HTTP_GET_VAR("dsort");
+	if (! isset($dsort)) $dsort = "name"; // default directory sort
 
 	$dsort_arr = array(
 		"name" => array ("rname", "note"),
@@ -685,7 +640,8 @@
 		"rnote" => array ("name", "note")
 		);
 
-	if (! HTTP_GET_VAR("fsort")) $fsort = "name"; // default directory sort
+	$fsort = HTTP_GET_VAR("fsort");
+	if (! isset($fsort)) $fsort = "name"; // default directory sort
 
 	$fsort_arr = array(
 		"name" => array ("rname", "note", "date", "size"),
@@ -747,6 +703,14 @@
 			}
 	
 			$dir_url=$self."?D=".urlencode(chopsl($relDir)."/".$dir);
+			if (check_perm($relDir.$dir,$gblPermNote)) {
+				$note_html="<a href=\"$info_url#note\">".$gblIcon("note")."</a>".$dirNote[$key];
+			} else {
+				$note_html=$dirNote[$key];
+			}
+
+			$dir_html = isBlank($dir,"directory");
+
 			include("$html/Navigate-dirEntry.html");
 
 		}  // iterate over dirs
@@ -757,6 +721,14 @@
 	$uurl = self_args(array($D,"fsort=".$fsort_arr[$fsort][2]));
 	$surl = self_args(array($D,"fsort=".$fsort_arr[$fsort][3]));
 
+	$html_uri = $webRoot;
+
+	if (substr($relDir,0,1) == "/") {
+		$html_uri .= substr($relDir,1,strlen($relDir)-1);
+	} else {
+		$html_uri .= $relDir;
+	}
+
 	include("$html/Navigate-fileHeader.html");
 
 	if (sizeof($fileList) > 0) {
@@ -822,12 +794,16 @@
 		$file_url_html.="\" TITLE=\"View file\">" ;
 
 		if (substr($file,0,5) != ".del/") {
-			$file_url_html .= $file . "</A>" . $a ;
+			$file_url_html .= isBlank($file) . "</A>" . $a ;
 		} else {
-			$file_url_html .= substr($file,5,strlen($file)-5) . "</a> <a href=\"$info_url#undelete\"><SPAN CLASS=deleted TITLE=\"deleted\">deleted</span></a>";
+			$file_url_html .= isBlank(substr($file,5,strlen($file)-5)) . "</a> <a href=\"$info_url#undelete\"><SPAN CLASS=deleted TITLE=\"deleted\">deleted</span></a>";
 		}
 
-		$note_html="<a href=\"$info_url#note\">".$gblIcon("note")."</a>".ReadNote($path);
+		if (check_perm($relDir.$file,$gblPermNote)) {
+			$note_html="<a href=\"$info_url#note\">".$gblIcon("note")."</a>".$fileNote[$key];
+		} else {
+			$note_html=$fileNote[$key];
+		}
 
 		$ext = strtolower(strrchr($file,".")) ;
 
@@ -847,9 +823,11 @@
 				$file_url_html = "$file $a";
 			}
 		} else {
-			$b.="<A HREF=\"$self?A=Co&D=".urlencode($relDir)."&F=".urlencode($file);
-			$b.="\" TITLE=\"Checkout file for edit\">" ;
-			$b.=$gblIcon("checkout")."</A>";
+			if (check_perm($relDir.$file,trperm_w)) {
+				$b.="<A HREF=\"$self?A=Co&D=".urlencode($relDir)."&F=".urlencode($file);
+				$b.="\" TITLE=\"Checkout file for edit\">" ;
+				$b.=$gblIcon("checkout")."</A>";
+			}
 
 			if ( $ext=="" || strstr(join(" ",$gblEditable),$ext) ) {  
 				$b.="<A HREF=\"$self?A=C&D=".urlencode($relDir)."&F=".urlencode($file);
@@ -866,61 +844,31 @@
 
 	  }  // iterate over files
 	} else {  // end if no files
-?>
- <TR><TD></TD><TD COLSPAN=5 CLASS=LST>
-  No files in this directory
- </TD></TR>
-<?
+		include("$html/Navigate-noFiles.html");
 	}
 
 	if ($emptyDir && $relDir != "") {
-?>
-
-<FORM METHOD="POST" ACTION="<?= $self ?>">
- <TR><TD></TD><TD COLSPAN=5 CLASS=BAR>
-  <INPUT TYPE="HIDDEN" NAME="DIR" VALUE="<?= $relDir ?>">
-  OK TO DELETE THIS EMPTY FOLDER?
-  <INPUT TYPE="CHECKBOX" NAME="CONFIRM"> 
-  <INPUT TYPE="SUBMIT" NAME="POSTACTION" VALUE="DELETE">
- </TD></TR>
-</FORM>
-
-<?php
+		include("$html/Navigate-emptyDir.html");
 	} // end if emptyDir
-?>
-
-<TR><TD></TD><TD COLSPAN=5><HR></TD></TR>
 
-<?
+	include("$html/Navigate-hr.html");	
 
-if (file_exists("$fsRealmDir/$realm".$realm_sep."info.inc")) {
-	print "<TR><TD></TD><TD COLSPAN=5>";
-	include("$fsRealmDir/$realm".$realm_sep."info.inc");
-	print "</TD></TR><TR><TD></TD><TD COLSPAN=5><HR></TD></TR>";
-} elseif (file_exists("$gblRepositoryDir/.info.inc")) {
-	print "<TR><TD></TD><TD COLSPAN=5>";
-	include("$gblRepositoryDir/.info.inc");
-	print "</TD></TR><TR><TD></TD><TD COLSPAN=5><HR></TD></TR>";
-}
+	if (file_exists("$fsRealmDir/$realm".$realm_sep."info.inc")) {
+		print "<TR><TD></TD><TD COLSPAN=5>";
+		include("$fsRealmDir/$realm".$realm_sep."info.inc");
+		print "</TD></TR>";
+		include("$html/Navigate-hr.html");	
+	} elseif (file_exists("$gblRepositoryDir/.info.inc")) {
+		print "<TR><TD></TD><TD COLSPAN=5>";
+		include("$gblRepositoryDir/.info.inc");
+		print "</TD></TR>";
+		include("$html/Navigate-hr.html");	
+	}
 
+	include("$html/Navigate-createNew.html");
 
-?>
-
-<FORM METHOD="POST" ACTION="<?= $self ?>">
-<TR><TD></TD><TD COLSPAN=5 CLASS=BAR>CREATE NEW
- <INPUT TYPE="RADIO" NAME="T" VALUE="D" CHECKED>DIRECTORY -OR- 
- <INPUT TYPE="RADIO" NAME="T" VALUE="F">FILE : &nbsp;&nbsp;
- <NOBR>NAME <INPUT TYPE="TEXT" NAME="FN" SIZE=14>
- <INPUT TYPE="HIDDEN" NAME="POSTACTION" VALUE="CREATE">
- <INPUT TYPE="HIDDEN" NAME="DIR" VALUE="<?= $relDir ?>">
- <INPUT TYPE="SUBMIT" VALUE="CREATE" NAME="CREATE">
- </NOBR> 
- <NOBR>OR <A HREF="<?= $self ?>?A=U&D=<?= urlencode($relDir) ?>">UPLOAD</A> A FILE</NOBR>
-</TD></TR>
-</FORM>
-</TABLE>
+	print "</TABLE>";
 
-<?php
 	EndHTML() ;
 } // end function Navigate
 
@@ -1011,6 +959,9 @@
 	$file=basename($target);
 
 	$note=fopen("$dir/.note/$file","w");
+	if (! $note) {
+		Error("Error writing note","Can't open note file <tt>$dir/.note/$file</tt> for writing",1);
+	}
 	fputs($note,"$msg\n");
 	fclose($note);
 
@@ -1338,7 +1289,7 @@
 		$l = trim(fgets($fp_conf,4096));
 		if (substr($l,0,1) == "+") {	// no comment
 			$arr=explode(":",$l);
-			$groups_arr[$arr[0]] = $arr[1] ;
+			$groups_arr[$arr[0]] = str_replace(" ","",$arr[1]) ;
 		} elseif (substr($l,0,1) != "#") {
 			$arr=explode(":",$l);
 			$path=array_shift($arr);
@@ -1600,6 +1551,14 @@
 }
 
 //////////////////////////////////////////////////////////////////
+
+function isBlank($file,$what = "filename") {
+	if (trim($file) == "") return "<i>whitespace $what</i>";
+	if ($file == "") return "<i>no $what</i>";
+	return $file;
+}
+
+//////////////////////////////////////////////////////////////////
 // MAIN PROGRAM
 
 	$gblFilePerms = 0640 ;         // default for new files
@@ -1701,7 +1660,11 @@
 	// read mime.types
 	readMime();
 
-HTTP_POST_VAR("FN");
+	if (! isset($gblPermNote)) {
+		$gblPermNote = trperm_r;
+	}
+
+	HTTP_POST_VAR("FN");
 
 	if ($HTTP_SERVER_VARS["REQUEST_METHOD"] == "POST") {
 		// take variables from server
@@ -1758,7 +1721,7 @@
 
 		$source = $FN_name ;
 		if (! file_exists($source)) {
-			Error("You must select file with browse to upload it!");
+			Error("You must select file with browse to upload it!","If file is too big, you might need to modify php configuration options <tt>post_max_size</tt> and <tt>upload_max_filesize</tt>",1);
 		}
 
 		if (HTTP_POST_VAR("FILENAME")) check_filename($FILENAME);
@@ -1769,6 +1732,9 @@
 			$target = "$fsDir/$FILENAME";
 		}
 
+		if (! check_perm("$relDir/".basename($target), trperm_w))
+			Error("Access denied","User <tt>$gblLogin</tt> tried to upload <tt>$relDir/".basename($target)."</tt> without valid trustee.",1);
+
 		// backup old files first
 		$dir=dirname($target);
 		if (! file_exists($dir."/.bak")) {
@@ -1797,10 +1763,14 @@
 	case "SAVE" :
 		$path = $gblFsRoot . $RELPATH ;
 		$path=stripSlashes($path);
+
+		if (! check_perm("$RELPATH", trperm_w))
+			Error("Access denied","User <tt>$gblLogin</tt> tried to save <tt>$RELPATH</tt> without valid trustee.",1);
+
 		$writable = is_writeable($path) ;
 		$legaldir = is_writeable(dirname($path)) ;
 		$exists   = (file_exists($path)) ? 1 : 0 ; 
-// check for legal extension here as well
+		// FIX: more verbose error message
 	 	if (!($writable || (!$exists && $legaldir))) 
 			Error("Write denied",$RELPATH) ;
 		$fh = fopen($path, "w") ;
@@ -1895,6 +1865,9 @@
 		if (substr($FN,0,4) != ".del") break ;
 		$file=substr($FN,4,strlen($FN)-4);
 
+		if (! check_perm("$relDir/$file", trperm_w))
+			Error("Access denied","User <tt>$gblLogin</tt> tried to undelete <tt>$relDir/$file</tt> without valid trustee.",1);
+
 		LogIt("$fsDir/.del/$file","undeleted",trperm_w);
 		MoveTo("$fsDir/.del/$file","$fsDir/");
 		MoveTo("$fsDir/.del/.log/$file","$fsDir/.log/");
@@ -1918,13 +1891,19 @@
 		safe_rename($fsDir,$FN,$NEWNAME);
 		break ;
 
-	case "NOTE" :  
-		$NOTE=stripSlashes($HTTP_POST_VARS["NOTE"]);
-		WriteNote("$fsDir/$FN","$NOTE");
+	case "NOTE" :
+		if (! HTTP_POST_VAR("NOTE"))
+			Error("Can't add note to object","Can't find var <tt>\$NOTE</tt>",1);
+		if (! check_perm("$relDir/$FN", trperm_w))
+			Error("Access denied","User <tt>$gblLogin</tt> tried to add note to <tt>$relDir/$FN</tt> without valid trustee.",1);
+
+		WriteNote("$fsDir/$FN",$NOTE);
 		break ;
 
 	case "UNLOCK" :  
 		if ( $CONFIRM != "on" ) break ;
+		if (! check_perm("$relDir/$FN", trperm_w))
+			Error("Access denied","User <tt>$gblLogin</tt> tried to unlock <tt>$relDir/$FN</tt> without valid trustee.",1);
 		Unlock("$fsDir/$FN");
 		break ;
 
@@ -1938,7 +1917,7 @@
 		header("Location: ".$tstr) ;   
 		exit ;
  	}
-	
+
 	// check for mode.. navigate, code display, upload, or detail?
 	// $A=U : upload to path given in $D
 	// $A=E : display detail of file $D/$F and edit

	- No files in this directory -
	- - OK TO DELETE THIS EMPTY FOLDER? - - -

	"; - include("$fsRealmDir/$realm".$realm_sep."info.inc"); - print "

	"; - include("$gblRepositoryDir/.info.inc"); - print "

	"; + include("$fsRealmDir/$realm".$realm_sep."info.inc"); + print "
	"; + include("$gblRepositoryDir/.info.inc"); + print "
	CREATE NEW - DIRECTORY -OR- - FILE : - NAME - - - - - OR UPLOAD A FILE -