'.print_r($_POST).'

'.print_r($settings_ar).'

Visual Settings for File Manage:

'.print_r($_POST).'

'.print_r($settings_ar).'

'.print_r($files_ar).'

Setup Custom Icon Association

'; echo ' '; echo ''; foreach($accept as $i => $type){ echo ''; echo ''; echo ''; } echo ' Type Icon SRC Icon New SRC Action '.($i + 1).' '.$type.' '.htmlspecialchars($iconlink[$i]).' Del '; echo 'Add '; echo ' '; echo ' '; echo ''.note(24, 180, 260); echo ' '; echo '		'; echo ' '; if(!is_dir('filelist/filelist-icons/')) mkdir('filelist/filelist-icons/'); if(isset($_FILES['userfile_0'])){ for($i = 0; $i < 5; $i++){ if(isset($_FILES['userfile_'.$i]) && trim($_FILES['userfile_'.$i]['name'] != '')){ $filename = $_POST['filename_'.$i]; if($_FILES['userfile_'.$i]['name'] != '' && $_FILES['userfile_'.$i]['size'] > 0){ if($filename == '' || check_name($filename)){ if($filename == '' && strlen($_FILES['userfile_'.$i]['name']) < 255 && check_name($_FILES['userfile_'.$i]['name'])) $filename = $_FILES['userfile_'.$i]['name']; if(magicQuotes) $filename = stripslashes($filename); if($filename != '' && !is_file('filelist/filelist-icons/' . $filename)){ $ftype = get_ftype($filename); if($_FILES['userfile_'.$i]['type'] == 'image/jpeg' || $_FILES['userfile_'.$i]['type'] == 'image/jpg' || $_FILES['userfile_'.$i]['type'] == 'image/gif'){ if($ftype == 'gif' || $ftype == 'jpg' || $ftype == 'jpeg'){ $tmp_file = file_get_contents($_FILES['userfile_'.$i]['tmp_name']); if(move_uploaded_file($_FILES['userfile_'.$i]['tmp_name'], 'filelist/filelist-icons/' . $filename)){ echo 'File ('.$filename.') successfully uploaded. '; writelog('Admin uploaded an icon', 'icon', 'filelist/filelist-icons/' . $filename, 3); } else { echo 'The file ('.$filename.') could not be uploaded. This may be due to permission problems or the file is too large. '; writelog('Admin tried to upload an icon, but it failed (may be due to permission problems or the file is too large)', 'icon', 'filelist/filelist-icons/' . $filename); } } else echo $filename.' has invalid extension. '; } else echo $_FILES['userfile_'.$i]['type'].' type is not supported. '; } else echo 'A file with file name '.$filename.' already exists. '; } else echo 'File name ('.$filename.') is not acceptable. '; } else { echo 'Invalid file. Invalid name or size. ('.$filename.') '; writelog('Admin tried to upload an icon, but it failed (Invalid file. Invalid name or size)', 'icon', 'filelist/filelist-icons/' . $filename); } } // if(isset($_FILES['userfile_'.$i]) && trim($_FILES['userfile_'.$i]['name'] != '')) } // for($i = 0; $i < 5; $i++) } // if(isset($_FILES['userfile_0'])) $max_ul_sizemb = 0; $max_ul_sizekb = 0; $umfs = ini_get('upload_max_filesize'); if(strtolower(substr($umfs, -1)) == 'm'){ $max_ul_sizemb = substr($umfs, 0, -1); $max_ul_sizekb = $max_ul_sizemb * 1024; } else if(strtolower(substr($umfs, -1)) == 'k'){ $max_ul_sizekb = substr($umfs, 0, -1); $max_ul_sizemb = round(($max_ul_sizekb / 1024), 2); } if($max_ul_sizekb != 0) $max_ul_sizebt = $max_ul_sizekb * 1024 - 1; else $max_ul_sizebt = 0; if(!isset($filename_0)) $filename_0 = NULL; echo ' '; echo ''; for($i = 0; $i < 5; $i++){ echo ''; echo ''; } echo ' File location. Change file name (include extension) '; echo ' Total file size must be less than '.$max_ul_sizekb.' KB ('.$max_ul_sizemb.' MB) '; echo 'Needs to be a .jpg, .jpeg, or .gif file with the correct mime type. It must be less than 32 pixels tall and wide. '; echo ' '; // end of OSP code echo ' '; if(isset($_GET['delicon'])){ $del = $_GET['delicon']; if(is_file($del)){ if(unlink($del)){ echo 'File has been deleted.'; writelog('Admin deleted an icon.', 'icon', 'filelist/filelist-icons/' . $del); } else { echo 'File could not be deleted, may be a permissions problem.'; writelog('Admin tried to deleted an icon, but it failed. Likely a permissions problem.', 'icon', 'filelist/filelist-icons/' . $del, 1); } } else echo 'File does not exist, it may have already been deleted. '; } if(is_dir('filelist/filelist-icons/')){ $icons_ar = glob('filelist/filelist-icons/*.gif'); $icons_ar = array_merge($icons_ar, glob('filelist/filelist-icons/*.jpg')); $icons_ar = array_merge($icons_ar, glob('filelist/filelist-icons/*.jpeg')); $icons_ar = array_merge($icons_ar, glob('filelist/filelist-icons/*.GIF')); $icons_ar = array_merge($icons_ar, glob('filelist/filelist-icons/*.JPG')); $icons_ar = array_merge($icons_ar, glob('filelist/filelist-icons/*.JPEG')); if(count($icons_ar) > 0){ echo ''; foreach($icons_ar as $icon){ if($imageinfo = @getimagesize($icon)){ if($imageinfo[0] < 32 && $imageinfo[1] < 32 && ($imageinfo[2] == 1 || $imageinfo[2] == 2) && ($imageinfo['channels'] == 3 || $imageinfo['channels'] == 2)) echo ''; else { echo 'Image ('.$icon.') file removed because it did not meet specifications. '; @unlink($icon); } } else { echo 'File ('.$icon.') removed because it did not have image information. '; @unlink($icon); } } echo ' Icon SRC Icon Action '.htmlspecialchars($icon).' Del '; } } echo '
		'; if(isset($_POST['icondir'])){ if(realpath($_POST['icondir'])){ if(magicQuotes) $icon_loc = stripslashes(trim($_POST['icondir'])); else $icon_loc = trim($_POST['icondir']); $fout = fopen(loc1 . '/filelist/filelist-icondir.list', 'w'); $fp = fwrite($fout, $icon_loc . "\n"); fclose($fout); } else { echo 'The directory, '.trim($_POST['icondir']).', does not exist. '; $icon_loc = ''; } } elseif(is_file(loc1 . '/filelist/filelist-icondir.list')){ $icon_loc_file = file(loc1 . '/filelist/filelist-icondir.list'); $icon_loc = trim($icon_loc_file[0]); } else { if(is_dir('../../../icons/')) // automaticall detect if two directories up... $icon_loc = '../../../icons/'; // e.g.: Apache/htdocs/1/2/filemanage.php will find icons dir else if(is_dir('./icons/')) // automaticall detect if one directories down... $icon_loc = './icons/'; // e.g.: Apache/htdocs/1/2/filemanage.php will find icons dir elseif(is_dir('../../icons/')) // automaticall detect if one directories up... $icon_loc = '../../icons/'; // e.g.: Apache/htdocs/1/filemanage.php will find icons dir elseif(is_dir('../icons/')) // automaticall detect if in root directory... $icon_loc = '../icons/'; // e.g.: Apache/htdocs/filemanage.php will find icons dir elseif(is_dir('icons/')) // automaticall detect if in ?same director?... $icon_loc = 'icons/'; // e.g.: Apache/filemanage.php will find icons dir else $icon_loc = ''; } echo ' '; echo 'If this is not the correct icons directory, please enter the correct one instead. '; echo ''; echo ''; echo ' '; if(trim($icon_loc) != ''){ $real_path = realpath(trim($icon_loc)); echo 'List in '.$real_path; $icons_ar = glob(realpath($icon_loc).'/*.gif'); array_push($icons_ar, glob(realpath($icon_loc).'/*.jpg')); if(count($icons_ar) > 0){ echo ''; foreach($icons_ar as $icon){ if($imageinfo = @getimagesize($icon)){ $icon = 'icons'.str_replace($real_path, '', $icon); /*echo ' '; print_r($imageinfo); echo ' ';*/ if($imageinfo[0] < 32 && $imageinfo[1] < 32 && ($imageinfo[2] == 1 || $imageinfo[2] == 2) && ($imageinfo['channels'] == 3 || $imageinfo['channels'] == 2)) echo ''; } } echo ' Icon SRC Icon '.htmlspecialchars($icon).' '; } } echo '

	File Name	Size	Date Deleted	Action
	'.$sub_recycle[0].'	'.filesz($sub_recycle[3]).'	'.date('j M, Y H:i:s', $sub_recycle[5]).'	'; echo ''; echo ''; if($admin) echo ''; echo ' Move Restore Delete
	'.$sub_recycle[0].'	'.filesz($sub_recycle[3]).'	'.date('j M, Y H:i:s', $sub_recycle[5]).'	'; echo ''; echo ''; if($admin) echo ''; echo ' Move Restore Delete

Invalid source directory.'; } // if a file is being created if(isset($_GET['cfile']) && $current_user['write']){ $show_form = true; echo '

'; if(isset($_POST['cfname'])){ if(magicQuotes) $cfname = stripslashes($_POST['cfname']); else $cfname = $_POST['cfname']; if(magicQuotes) $cfcont = stripslashes($_POST['cfcont']); else $cfcont = $_POST['cfcont']; if(check_name($cfname)){ if(check_contents($cfcont)){ if(!is_file(loc1 . loc . $cfname) && !is_dir(loc1 . loc . $cfname)){ if(allowed($cfname, true, true, false)){ $fout = fopen(loc1 . loc . $cfname, 'w'); $fp = fwrite($fout, $cfcont); fclose($fout); echo 'File successfully created.'; writelog('User created a file', 'cfile', loc . $cfname); if(isset($_POST['cedit'])){ echo ''; } $show_form = false; } else echo 'The file name "' . $cfname . '" has an invalid extension, is being created in an invalid directory, or is otherwise blocked.
'; } else echo 'A file or directory with that name already exists.
'; } else if(is_file(loc1 . '/filelist/filelist-passcode.php')) echo 'Enter correct passcode:
'; } } else { $cfname = ''; $cfcont = ''; } if($show_form){ echo ''; echo '
Enter the name of the file that you want to create:
'; echo ''; echo "

File contents:"; echo '

'; echo htmlspecialchars($cfcont); echo '

'; echo ''; if($current_user['append']) echo ' '; echo ''; } echo '

'; } // if uploading a file if(isset($_GET['upld']) && $current_user['write']){ if(!$upload_bar || (!$admin && !$all_upload_bar)){ echo '

'; if(isset($_FILES['userfile_0'])){ for($i = 0; $i < 10; $i++){ if(isset($_FILES['userfile_'.$i]) && trim($_FILES['userfile_'.$i]['name'] != '')){ $filename = $_POST['filename_'.$i]; if($_FILES['userfile_'.$i]['name'] != '' && $_FILES['userfile_'.$i]['size'] > 0){ if($filename == '' || check_name($filename)){ if($filename == '' && strlen($_FILES['userfile_'.$i]['name']) < 255 && check_name($_FILES['userfile_'.$i]['name'])) $filename = $_FILES['userfile_'.$i]['name']; if(magicQuotes) $filename = stripslashes($filename); writelog('User attemped to upload a file', 'upld', loc . $filename, 3); if($filename != '' && !is_file(loc1 . loc . $filename)){ if(allowed($filename, true, true, false)){ $ftype = get_ftype($filename); if(strpos($_FILES['userfile_'.$i]['type'], 'text') !== false || strpos($_FILES['userfile_'.$i]['type'], 'txt') !== false || $ftype == 'php' || $ftype == 'php3' || $ftype == 'php4' || $ftype == 'php5' || $ftype == 'phtml') $tmp_file = file_get_contents($_FILES['userfile_'.$i]['tmp_name']); else $tmp_file = ''; if(check_contents($tmp_file)){ if(move_uploaded_file($_FILES['userfile_'.$i]['tmp_name'], loc1 . loc . $filename)){ echo 'File ('.$filename.') successfully uploaded.
'; if(strpos($_FILES['userfile_'.$i]['type'], 'text') !== false || strpos($_FILES['userfile_'.$i]['type'], 'txt') !== false || $ftype == 'php' || $ftype == 'php3' || $ftype == 'php4' || $ftype == 'php5' || $ftype == 'phtml') writelog('User uploaded a text-based file', 'upld', loc . $filename); else writelog('User uploaded a file with type "'.$_FILES['userfile_'.$i]['type'].'". If this is a suspicous type, check the file immediately!', 'upld', loc . $filename); } else { echo 'The file ('.$filename.') could not be uploaded. This may be due to permission problems or the file is too large.
'; writelog('User tried to upload a file, but it failed (may be due to permission problems or the file is too large)', 'upld', $filename, 1); } } else if(is_file(loc1 . '/filelist/filelist-passcode.php')) echo 'Enter correct passcode:
For security reasons, you will need to enter the file ('.$filename.') location again.
'; } else echo 'The file name "' . $filename . '" has an invalid extension, is being created in an invalid directory, or is otherwise blocked.
'; } else echo 'A file with that name already exists.
'; } } else { echo 'Invalid file. Invalid name or size.
'; writelog('User tried to upload a file, but it failed (Invalid file. Invalid name or size)', 'upld', loc . $filename, 1); } } // if(isset($_FILES['userfile_'.$i]) && trim($_FILES['userfile_'.$i]['name'] != '')) } // for($i = 0; $i < 10; $i++) } // if(isset($_FILES['userfile_0'])) // Some ideas and lines of code taken from OutSide Photos // (www.sourceforge.net/projects/outside-photos/) copyright 2004-2005 by // OutSide Photos Development Team under the GNU General Public License, // redistibution is allowed under the same licese. View the file LICENSE that // was packaged with this file, or download a copy at // www.opensource.org/licenses/gpl-license.php if(is_file(loc1 . '/filelist-loading.gif') && is_file(loc1 . '/filelist-blank.gif')){ echo ''."\n"; $image_exists = true; } else $image_exists = false; $max_ul_sizemb = 0; $max_ul_sizekb = 0; $umfs = ini_get('upload_max_filesize'); if(strtolower(substr($umfs, -1)) == 'm'){ $max_ul_sizemb = substr($umfs, 0, -1); $max_ul_sizekb = $max_ul_sizemb * 1024; } else if(strtolower(substr($umfs, -1)) == 'k'){ $max_ul_sizekb = substr($umfs, 0, -1); $max_ul_sizemb = round(($max_ul_sizekb / 1024),2); } if($max_ul_sizekb != 0) $max_ul_sizebt = $max_ul_sizekb * 1024 - 1; else $max_ul_sizebt = 0; if(!isset($filename_0)) $filename_0 = NULL; echo '
'; if($multi_upload){ echo ''; echo ''; for($i = 0; $i < 10; $i++){ echo ''; echo ''; } echo '

File location.	File name (include extension)

'; echo '
Total file size must be less than '.$max_ul_sizekb.' KB ('.$max_ul_sizemb.' MB)
'; } else { echo ''; echo 'File location (click the browse button to find the file you wish to upload):'; echo '
'; echo '
Filesize must be less than '.$max_ul_sizekb.' KB ('.$max_ul_sizemb.' MB)
'; echo '

File Name: (include extension)
If you leave the file name blank, the uploaded file\'s name will be used as the name.

'; } echo '

'; if($image_exists) echo '

'; // end of OSP code echo ''; } else { /* the following is largly 98% based on uber_uploader (https://sourceforge.net/projects/uber-uploader/) some changes have been made to make it work with File Manage */ $tmp_sid = md5(uniqid(rand(), true)); // SID used by cgi for the temp directory if(!isset($_POST['upload_range'])){ if($multi_upload) $_POST['upload_range'] = 10; else $_POST['upload_range'] = 1; } echo ''; echo '\n
"; if(isset($_GET['sucsess'])){ echo 'Upload was successful.'; if($admin) writelog('Admin uploaded a file with the progress bar.', 'upld'); else writelog('User uploaded a file with the progress bar, check for suspicious files!', 'upld', 'unknown', 1); } echo '

'; if($multi_upload) echo ''; else echo ''; for($i = 0; $i < $_POST['upload_range']; $i++){ echo ''; echo ' '; echo ''; } echo '

Upload up to 10 files:

Upload a file:

Warning: If a file already exists in this directory with the same name as one of the files being uploaded, it will be overwritten.

'; /* end of code based on uber-uploader */ } } // display search form echo '

'; if(loc != '/'){ if(substr($parent_loc2, -1) == '/' && $parent_loc2 != '/') $parent_loc3 = substr($parent_loc2, 0, -1); else $parent_loc3 = $parent_loc2; echo 'Parent Directory'; } echo '

Search this directory '.note(5, 250, 280).': '; echo ' '; if($showsearch) echo 'Show only the search results? '; else echo 'Show only the search results? '; if($exactmatch) echo 'Show exact results only? '; else echo 'Show exact results only? '; echo ''; if($search_value != 'Search') echo ' '; echo ' '; echo '

'; if($search_value != 'Search') echo 'Search results are bold.

'; echo ''; // column headers to make them organizable echo ''; echo ''; echo ''; } else { if($ar1 == 'n' && $ar2 == 'a') echo 'File Name'; else echo 'File Name'; echo ''; echo ''; echo ''; } if($show_file_time) if($file_time == 'c') echo ''; else echo ''; if($show_add_info) echo ''; echo ''; echo ''; $array_of_dirs = array(); $array_of_files = array(); $i = 0; $j = 0; // open the current directory if($handle = opendir(loc1 . loc)){ while(false !== ($file = readdir($handle))){ // though this is kind of weird, I had the variables set up this way. I may change it in the future to get rid of one more line of code (mm optimization, tasty?) $file2 = $file; $file = loc . $file; if($current_user['read'] && is_file(loc1 . $file) && substr($file2, 0, 1) != '.' && strpos(strtolower($file), 'filelist') === false && strpos(strtolower($file), 'filemanage') === false && strpos($file, '..') === false && strpos($file, '#') === false && $file2 != cur_filename){ $display_this_item = true; if(isset($hidden_items_ar) && (!$admin || ($admin && !$admin_see_hidden))){ if(in_array($file, $hidden_items_ar)) $display_this_item = false; else { $item_done = false; for($l = 0; $l < count($hidden_items_ar) && !$item_done; $l++) if(substr($file, 0, strlen($hidden_items_ar[$l])) == $hidden_items_ar[$l]){ $display_this_item = false; $item_done = true; } } } if($display_this_item){ // set use this to default, for whence it becomes true the loop will end $use_this = false; // run through each acceptable extension for($k = 0; $k < count($accept) && !$use_this; $k++){ // if the file has the correct extension, continue if(strtolower($accept[$k]) == strtolower(substr($file2, strlen($file2) - strlen($accept[$k]), strlen($accept[$k])))){ // $organize_ord organizes the file names ignoring any leading 'the's and 'a's. With or without $organize_ord, the files are organized ignoring anything but letters and numbers if($organize_ord && strtolower(substr($file2, 0, 4)) == 'the ') $orgn = ereg_replace("[^[:alnum:]]", '', strtolower(trim(substr($file2, 3)))); elseif($organize_ord && strtolower(substr($file2, 0, 2)) == 'a ') $orgn = ereg_replace("[^[:alnum:]]", '', strtolower(trim(substr($file2, 1)))); elseif($organize_ord && strtolower(substr($file2, 0, 3)) == 'an ') $orgn = ereg_replace("[^[:alnum:]]", '', strtolower(trim(substr($file2, 2)))); else $orgn = ereg_replace("[^[:alnum:]]", '', strtolower(trim($file2))); $ftype = get_ftype($file2); // store file size (in bytes) $size = filesize(loc1 . $file); // the organization type determines the order in which the variables are stored if($ar1 == 'n'){ $array_of_files[$j]['orgn'] = $orgn; $array_of_files[$j]['ftype'] = $ftype; $array_of_files[$j]['size'] = $size; } else if($ar1 == 't'){ $array_of_files[$j]['ftype'] = $ftype; $array_of_files[$j]['orgn'] = $orgn; $array_of_files[$j]['size'] = $size; } else if($ar1 == 's'){ $array_of_files[$j]['size'] = $size; $array_of_files[$j]['orgn'] = $orgn; $array_of_files[$j]['ftype'] = $ftype; } // these variables are last since they don't affect organization $array_of_files[$j]['file'] = $file; $array_of_files[$j]['file2'] = $file2; $array_of_files[$j]['extkey'] = $k; $j++; // get the heck out of the loop $use_this = true; } // if(strtolower($accept[$k]) == strtolower(substr($file2, ... } // for($k = 0; $k < count($accept) && $use_this != 1; $k++) } // if($display_this_item) } // if(is_file(loc1 . $file) && substr($file2, 0, 8) != 'filelist' && ... elseif($current_user['list'] && is_dir(loc1 . $file) && substr($file2, 0, 1) != '.' && strpos(strtolower($file2), 'filelist') === false && strpos(strtolower($file2), 'filemanage') === false && strpos(strtolower($file2), 'getid3') === false && strpos($file2, '#') === false && strpos($file, '..') === false){ $display_this_item = true; if(isset($hidden_items_ar) && (!$admin || ($admin && !$admin_see_hidden))){ if(in_array($file.'/', $hidden_items_ar)) $display_this_item = false; else { $item_done = false; for($l = 0; $l < count($hidden_items_ar) && !$item_done; $l++) if(substr($file.'/', 0, strlen($hidden_items_ar[$l])) == $hidden_items_ar[$l]){ $display_this_item = false; $item_done = true; } } } if($display_this_item){ // $organize_ord organizes the directory names ignoring any leading 'the's and 'a's. With or without $organize_ord, the directories are organized ignoring anything but letters and numbers if($organize_ord && strtolower(substr($file2, 0, 4)) == 'the ') $array_of_dirs[$i]['orgn'] = ereg_replace("[^[:alnum:]]", '', strtolower(trim(substr($file2, 3)))); elseif($organize_ord && strtolower(substr($file2, 0, 2)) == 'a ') $array_of_dirs[$i]['orgn'] = ereg_replace("[^[:alnum:]]", '', strtolower(trim(substr($file2, 1)))); elseif($organize_ord && strtolower(substr($file2, 0, 2)) == 'an ') $array_of_dirs[$i]['orgn'] = ereg_replace("[^[:alnum:]]", '', strtolower(trim(substr($file2, 2)))); else $array_of_dirs[$i]['orgn'] = ereg_replace("[^[:alnum:]]", '', strtolower(trim($file2))); // store directory name to array $array_of_dirs[$i]['file'] = $file; $array_of_dirs[$i]['file2'] = $file2; $i++; } // if($display_this_item) } // if(is_dir(loc1 . $file) && substr($file2, 0, 1) != '.' && ... } // while(false !== ($file = readdir($handle))) // close out of the directory closedir($handle); } // if($handle = opendir(loc1 . loc)) // if any directories were found, store them to $array_of_all if(isset($array_of_dirs) && is_array($array_of_dirs) && count($array_of_dirs) > 0){ sort($array_of_dirs); $array_of_all = $array_of_dirs; } // if any files were found store that info to $array_of_all if(isset($array_of_files) && is_array($array_of_files) && count($array_of_files) > 0){ if($ar2 == 'a') sort($array_of_files); else rsort($array_of_files); // if directories were already stored to $array_of_all, then store each file key to $array_of_all if(count($array_of_dirs) > 0){ for($i = 0; $i < count($array_of_files); $i++){ $j = count($array_of_all); $array_of_all[$j]['file'] = $array_of_files[$i]['file']; $array_of_all[$j]['file2'] = $array_of_files[$i]['file2']; $array_of_all[$j]['extkey'] = $array_of_files[$i]['extkey']; $array_of_all[$j]['size'] = $array_of_files[$i]['size']; $array_of_all[$j]['ftype'] = $array_of_files[$i]['ftype']; } } else $array_of_all = $array_of_files; // if no directories were stored, just store the files to $array_of_all } // if no files or folders in this directory set to none if(!isset($array_of_all)) $array_of_all = array(); $row_clr = 0; // for alternating row colors $all_number_of_files = 0; $all_number_of_dirs = 0; $all_total_file_size = 0; // ready to display all the crap that was just stored foreach($array_of_all as $j => $file){ $file = $array_of_all[$j]['file']; $file2 = $array_of_all[$j]['file2']; // this section is for files, later is for directories if(is_file(loc1 . $file)){ // nice long test, so that it only does the things it needs to do, when it needs to do it; and if only the finds are to be shown, only they will be if(($showsearch == 1 && isclosematch($file2, $search_value, $exactmatch, 0)) || $showsearch != 1 || $search_value == 'Search'){ $extkey = $array_of_all[$j]['extkey']; $ftype = $array_of_all[$j]['ftype']; $size = $array_of_all[$j]['size']; // if there is a file type then get the file's name (no extension) if($ftype != 'none') $name2 = substr($file2, 0, strlen($file2) - strlen($ftype) - 1); else $name2 = $file2; // if additional info is enabled, test each file to see if it can extract any info from it if($show_add_info){ $add_info = ''; // if the file is a text file, display some of it's contents if($ftype == 'txt' || $ftype == 'list' || $ftype == 'nfo' || $ftype == 'log' || $ftype == 'diz' || $ftype == 'php' || $ftype == 'php3' || $ftype == 'phtml' || $ftype == 'php5' || $ftype == 'php4' || $ftype == 'js' || $ftype == 'xhtml' || $ftype == 'asp' || $ftype == 'xml' || $ftype == 'ini' || $ftype == 'inf' || $ftype == 'reg' || $ftype == 'c' || $ftype == 'cpp' || $ftype == 'h' || $ftype == 'hpp' || $ftype == 'sh' || $ftype == 'vbs' || $ftype == 'readme' || $ftype == 'shtml' || $ftype == 'nsi' || $ftype == 'cgi' || $ftype == 'tmpl' || $ftype == 'sql'){ $contents = file(loc1 . $file); if(magicQuotes) $contents2 = stripslashes($contents[0] . @$contents[1] . @$contents[2] . rtrim(@$contents[3])); else $contents2 = $contents[0] . @$contents[1] . @$contents[2] . rtrim(@$contents[3]); $contlen = strlen($contents2); if($contlen > 40){ $contlen = 40; $contover = true; } else $contover = false; $add_info = 'Number of lines: ' . count($contents) . '; Contents: ' . str_replace("\n", ' :: ', str_replace("\r", '', htmlspecialchars(substr($contents2, 0, $contlen)))); if($contover) $add_info .= '...'; } else // if the file is an HMTL file, display it's title, or body, or contents if($ftype == 'htm' || $ftype == 'html'){ $titover = false; $bodover = false; $conover = false; $contents = file_get_contents(loc1 . $file); if(magicQuotes) $contents = stripslashes($contents); $contents2 = strtolower($contents); if(strpos($contents2, '') !== false){ $titlepos2 = strpos($contents2, ''); if($titlepos2 > 40){ $titlepos2 = 40; $titover = true; } $add_info = 'Title: ' . htmlspecialchars(substr($contents, $titlepos1, $titlepos2)); if($titover) $add_info .= '...'; } } else if(strpos($contents2, ''); $contents2 = substr($contents2, $bodypos3); if(strpos($contents2, '') !== false){ $bodypos2 = strpos($contents2, ''); if($bodypos2 > 40){ $bodypos2 = 40; $bodover = true; } $bodycont = substr($contents, $bodypos1 + $bodypos3, $bodypos2); $add_info = 'Body: ' . str_replace("\n", ' :: ', str_replace("\r", '', htmlspecialchars($bodycont))); if($bodover) $add_info .= '...'; } } else { $cont_len = strlen($contents); if($cont_len > 40){ $cont_len = 40; $conover = true; } $add_info = 'Contents: ' . str_replace("\n", ' :: ', str_replace("\r", '', htmlspecialchars(substr($contents, 0, $cont_len)))); if($conover) $add_info .= '...'; } } else // supported by 4.3.2: GIF, JPG, PNG, SWF, SWC, PSD, TIFF, BMP, IFF, JP2, JPX, JB2, JPC, XBM, and WBMP if($php_version[0] > 4 || ($php_version[0] == 4 && $php_version[1] > 3) || ($php_version[0] == 4 && $php_version[1] == 3 && $php_version[2] >= 2)){ if($ftype == 'gif' || $ftype == 'jpg' || $ftype == 'jpeg' || $ftype == 'png' || $ftype == 'swf' || $ftype == 'swc' || $ftype == 'psd' || $ftype == 'tiff' || $ftype == 'bmp' || $ftype == 'iff' || $ftype == 'jp2' || $ftype == 'jpx' || $ftype == 'jb2' || $ftype == 'jpc' || $ftype == 'xbm' || $ftype == 'wbmp' || $ftype == 'tif' || $ftype == 'ico') if($tmp = @getimagesize(loc1 . $file)) $add_info = 'Resolution: ' . $tmp[0] . 'x' . $tmp[1]; } else { // supported by 4.3.0: GIF, JPG, PNG, SWF, SWC, PSD, TIFF, BMP, and IFF if($ftype == 'gif' || $ftype == 'jpg' || $ftype == 'jpeg' || $ftype == 'png' || $ftype == 'swf' || $ftype == 'swc' || $ftype == 'psd' || $ftype == 'tiff' || $ftype == 'bmp' || $ftype == 'iff' || $ftype == 'tif' || $ftype == 'ico') if($tmp = @getimagesize(loc1 . $file)) $add_info = 'Resolution: ' . $tmp[0] . 'x' . $tmp[1]; } } // if getid3 is going to be called, set up $filename, then get info if($show_add_info && $getid3_true && ($add_info == '' || !isset($add_info))){ $filename = loc1 . $file; $getID3 = new getID3; $fileinfo = $getID3->analyze($filename); $add_info = ''; if($getid3_true && isset($fileinfo['video']['resolution_x'])){ if(isset($fileinfo['bitrate'])) $file_br = $fileinfo['bitrate']; if(isset($fileinfo['playtime_string'])) $add_info = 'Length: ' . $fileinfo['playtime_string'] . ';'; $add_info .= ' Resolution: ' . $fileinfo['video']['resolution_x'] . 'x' . $fileinfo['video']['resolution_y'] . ';'; if(isset($file_br)) $add_info .= ' Bit rate: ' . round($file_br / 1000) . ' kbps;'; if(isset($fileinfo['video']['codec'])) $add_info .= ' Codec: ' . $fileinfo['video']['codec']; } else if($getid3_true && isset($fileinfo['audio']['bitrate'])){ $file_br = $fileinfo['bitrate']; $add_info = 'Length: ' . $fileinfo['playtime_string'] . '; Bit rate: ' . round($file_br / 1000) . ' kbps'; if($ftype == 'wma') $add_info .= ' (MP3 equiv: ' . round($file_br / 600) . ' kbps)'; } } $file_size1 = filesize(loc1 . $file); $file_size = filesz($file_size1); if($show_dir_size){ $all_number_of_files++; $all_total_file_size += $file_size1; } echo "\n".''; echo ''; if($show_file_time){ echo ''; } if($show_add_info) echo ''; echo ''; } } else // this section is for directories, previous was for files; also, exclude the '.' and '..' directories if(is_dir(loc1 . $file)){ // if there is a search occuring, and the test of the search string in the isclosematch() function returns true, or not only search results are being displayed, or there is no search; then continue, so the results can be displayed if(($showsearch == 1 && isclosematch($file2, $search_value, $exactmatch, 0)) || $showsearch != 1 || $search_value == 'Search'){ if(strlen($file2) > $name_length) $name2 = substr($file2, 0, $name_length - $trunc_offset1) . '...' . substr($file2, strlen($file2) - ($trunc_offset1 - 3)); else $name2 = $file2; echo "\n".''; if($show_dir_size){ clearscandir(); scanfulldir(loc1 . $file); $all_number_of_files += $number_of_files; $all_number_of_dirs += $number_of_dirs + 1; $all_total_file_size += $total_file_size; echo ''; if($show_file_time){ echo ''; } if($show_add_info){ echo ''; } echo ''; } } } echo '

	'; if(is_file('filelist-dec.gif') && is_file('filelist-asc.gif')){ if($ar1 == 'n') if($ar2 == 'd') echo 'File Name'; else echo 'File Name'; else echo 'File Name'; echo '	'; if($ar1 == 's') if($ar2 == 'a') echo 'Size'; else echo 'Size'; else echo 'Size'; echo '	'; if($ar1 == 't') if($ar2 == 'a') echo 'Type'; else echo 'Type'; else echo 'Type'; echo '		'; if($ar1 == 's' && $ar2 == 'a') echo 'Size'; else echo 'Size'; echo '	'; if($ar1 == 't' && $ar2 == 'a') echo 'Type'; else echo 'Type'; echo '		File Created	File Updated	Additional Info
'; else echo 'target="_blank" href="'.cur_dir.$fileenc.'">'; $disp_def = true; if($show_exif_thumb && strpos($file, '\'') === false && ($ftype == 'jpeg' || $ftype == 'jpg' || $ftype == 'tiff' || $ftype == 'tif') && function_exists('exif_read_data')){ $image = loc1 . $file; if($image_info = @getimagesize($image)){ if($image_info[0] < $image_info[1]){ $ratio = $image_info[0] / $image_info[1]; $thumb_height = 32; $thumb_width = round($thumb_height * $ratio); } else { $ratio = $image_info[1] / $image_info[0]; $thumb_width = 32; $thumb_height = round($thumb_width * $ratio); } $exif = @exif_read_data($image, 'THUMBNAIL', true); if($exif !== false){ echo ' '; $disp_def = false; } } } if($disp_def && isset($iconlink[$extkey])) echo ''; echo '	'; else echo cur_dir.$fileenc.'">'; if(strlen($name2) > $name_length) $name2 = substr($name2, 0, $name_length - $trunc_offset1) . '...' . substr($name2, strlen($name2) - ($trunc_offset1 - 3)); // if there is a search occuring, and the test of the search string in the isclosematch() function returns true; then bold the name so it can be seen if($search_value != 'Search' && isclosematch($file2, $search_value, $exactmatch, !$exactmatch)) echo ''.$name2.''; else echo $name2; echo '	'; echo $file_size . '	'; echo $ftype . '	'; // if the file's creation time is newer than the current time - the "new time" deadline (set above in seconds) then display "new" if($display_new && filectime(loc1 . $file) > time() - $new_time_secs) echo 'New'; elseif($display_updated && filemtime(loc1 . $file) > time() - $new_time_secs) echo 'Updated'; echo '	'; if($file_time == 'c') echo date($file_time_date, filectime(loc1 . $file)); else echo date($file_time_date, filemtime(loc1 . $file)); echo '	' . $add_info . '	'; if($current_user['delete']) echo 'Del'; echo ' '; if($current_user['write']) echo 'Copy'; echo ' '; if($current_user['write'] && $current_user['delete']) echo 'Cut'; echo ' '; if($current_user['append']) echo 'Edit'; echo ' '; if($current_user['read']) echo 'Prop'; echo ' '; if($current_user['append']) echo 'Ren'; echo ' '; //if($admin && (!isset($hidden_items_ar) || !in_array($file, $hidden_items_ar))) // echo 'Hide'; if($admin){ $display_this_item = true; if(isset($hidden_items_ar)){ if(in_array($file, $hidden_items_ar)) $display_this_item = false; else { $item_done = false; for($i = 0; $i < count($hidden_items_ar) && !$item_done; $i++) if(substr($file, 0, strlen($hidden_items_ar[$i])) == $hidden_items_ar[$i]){ $display_this_item = false; $item_done = true; } } } if($display_this_item) echo 'Hide'; else { echo 'Unhide'; if($show_dir_size){ $all_number_of_files--; $all_total_file_size -= $file_size1; } } } echo '
	'; // if there is a search occuring, and the test of the search string in the isclosematch() function returns true; then bold the name so it can be seen if($search_value != 'Search' && isclosematch($file2, $search_value, $exactmatch, !$exactmatch)) echo "$name2"; else echo $name2; echo '	'.filesz($total_file_size).'	Dir'; } else echo '	Directory'; echo '		'; // if the directory has been modified since the deadline, then display it, if the directory is new, then display so, if not, then display "updated" if($display_new && filectime(loc1 . $file) > time() - $new_time_secs) echo 'New'; elseif($display_updated && filemtime(loc1 . $file) > time() - $new_time_secs) echo 'Updated'; echo '	'; if($file_time == 'c') echo date($file_time_date, filectime(loc1 . $file)); else echo date($file_time_date, filemtime(loc1 . $file)); echo '	'; if($show_dir_size) echo 'Files: '.$number_of_files.'; Directories: '.$number_of_dirs; echo '	'; echo ''; echo ' '; if($current_user['ddelete']) echo 'Del'; echo ' '; if($current_user['make'] && $current_user['write']) echo 'Copy'; echo ' '; if($current_user['ddelete'] && $current_user['delete'] && $current_user['make'] && $current_user['write']) echo 'Cut'; echo ' '; if($admin){ $display_this_item = true; if(isset($hidden_items_ar)){ if(in_array($file.'/', $hidden_items_ar)) $display_this_item = false; else { $item_done = false; for($i = 0; $i < count($hidden_items_ar) && !$item_done; $i++) if(substr($file.'/', 0, strlen($hidden_items_ar[$i])) == $hidden_items_ar[$i]){ $display_this_item = false; $item_done = true; } } } if($display_this_item) echo 'Hide'; else { echo 'Unhide'; if($show_dir_size){ $all_number_of_files -= $number_of_files; $all_number_of_dirs -= $number_of_dirs + 1; $all_total_file_size -= $total_file_size; } } } echo ' '; if($current_user['list']) echo 'Prop'; echo ' '; if($current_user['make']) echo 'Ren'; echo ' '; if($adlnk != '' && $current_user['write'] && ((!isset($_GET['dcut']) && !isset($_GET['dcpy'])) || ((isset($_GET['dcut']) && substr($file.'/', 0, strlen($_GET['dcut'].'/')) != $_GET['dcut'].'/') || (isset($_GET['dcpy']) && substr($file.'/', 0, strlen($_GET['dcpy'].'/')) != $_GET['dcpy'].'/')))) echo 'Paste'; echo '

'; if(loc != '/') echo 'Parent Directory'; if($show_all_stats && $show_dir_size && loc == '/' && $current_user['list']){ echo '

There is a total of '.$all_number_of_dirs.' directories, containing '.$all_number_of_files.' files, with a total file size of '.filesz($all_total_file_size)."\n"; $fout = fopen($logFile, 'w'); $fp = fwrite($fout, time() . $line_break . $all_number_of_dirs . $line_break . $all_number_of_files . $line_break . $all_total_file_size . $line_break); fclose($fout); } // this area scans all subdirectories and stores the amount of files, directories, filesize, and time stamp into a file for access later // depending on the amount of files and directories, this could be a very long processes, so it doesn't happen every time a page loads // based on a variable set at the beginning of this file, it makes this refresh based on the amount of files and directories // this all boils down to the custom recursive scanfulldir() function. View that furthur down to see what is actually happening // it then takes all this information and displays it at the bottom of the page if($show_all_stats){ $get_new_info = false; if(!is_file($logFile)) $get_new_info = true; else { $array_of_log_file = file($logFile); if(trim($array_of_log_file[0]) < time() - $update_log_sec && !$show_dir_size) $get_new_info = true; else { $last_update = trim($array_of_log_file[0]); $number_of_dirs = trim($array_of_log_file[1]); $number_of_files = trim($array_of_log_file[2]); $total_file_size = trim($array_of_log_file[3]); } } if($get_new_info && !$show_dir_size){ clearscandir(); scanfulldir(loc1); $fout = fopen($logFile, 'w'); $fp = fwrite($fout, time() . $line_break . $number_of_dirs . $line_break . $number_of_files . $line_break . $total_file_size . $line_break); fclose($fout); $last_update = time(); } if(($show_dir_size && loc != '/') || !$show_dir_size || !$current_user['list']) echo '

As of ' . date("F d, Y H:i (O)", $last_update) . ' there is a total of '.$number_of_dirs.' directories, containing '.$number_of_files.' files, with a total file size of '.filesz($total_file_size)."\n"; } } } else { if(!isset($_GET['create'])){ echo ''; echo ''; } if($php_version[0] < 4 || ($php_version[0] == 4 && $php_version[1] < 3)){ echo 'Server\'s PHP version is too old. It must be at least 4.3.0.
'; echo 'Visit PHP.net to get the newest version.'; } else { // if the user is not logged in, make them. if(isset($lockout) && $lockout !== true){ echo 'ERROR: Too many login attempts on this IP or username. You have been locked out for 3 minutes'; echo ''; echo '.
'; writelog('User has been locked out for too many login attempts', 'Login'); } elseif(isset($lockout) && $lockout === true) echo 'ERROR: You have been perminantly banned.
'; else { if(isset($_POST['loginsubmit'])){ echo 'ERROR: Incorrect username or password.

Please try again.
'; writelog('User failed to login', 'Login'); // prevent brute force login attempts $fout = fopen(loc1 . '/filelist/filelist-loginattempts-IP.list', 'a'); $fp = fwrite($fout, $_SERVER['REMOTE_ADDR'].'~~~~~'.time()."\n"); fclose($fout); $fout = fopen(loc1 . '/filelist/filelist-loginattempts-un.list', 'a'); $fp = fwrite($fout, $un.'~~~~~'.time()."\n"); fclose($fout); } if(!isset($_GET['create'])) loginpage(); } } } // always display this info for obvious legal reasons echo '


Bobb\'s File Manage System version ' . $version . '.
'; echo '© 2004-2006 Bobb\'s File Manage System Development Team.
'; echo 'These pages are licensed under the GNU General Public License.
'; echo 'These pages and the software that generates them are NOT covered by any kind of warranty, either expressed or implied.
'; echo 'Redistribution is permitted under the same license.'; echo ''; if($track_time || $development){ $timeparts2 = explode(' ', microtime()); $starttime1 = $timeparts1[1].substr($timeparts1[0], 1); $endtime1 = $timeparts2[1].substr($timeparts2[0], 1); $time_elapsed1 = bcsub($endtime1, $starttime1, 4); echo "\n".''."\n"; if(!isset($_GET['settings']) && !isset($_GET['fitness']) && !isset($_GET['console']) && !isset($_GET['log']) && !isset($_GET['recycle']) && !isset($_GET['manage']) && !isset($_GET['mysettings']) && !isset($_GET['paste']) && !isset($_GET['prop']) && !isset($_GET['req_login']) && !isset($_GET['customicon'])) $ok = '1'; else $ok = '0'; if($ok || $development){ if(!isset($un)) $un = '*none*'; if(defined('loc')) $loc = loc; elseif(isset($loc)) $loc = '*none*'; $fout = fopen(loc1 . '/filelist/filelist-fitness.log', 'a'); $fp = fwrite($fout, $time_elapsed1.'~~~~~'.time().'~~~~~'.$ok.'~~~~~'.$un.'~~~~~'.$loc."\n"); fclose($fout); if(filesize(loc1 . '/filelist/filelist-fitness.log') > $max_track_size * 1024){ // if the log file is larger than max_log_size $log_size = filesize(loc1 . '/filelist/filelist-fitness.log'); $log_file_ar = file(loc1 . '/filelist/filelist-fitness.log'); $removed_size = 0; // the value is the size in bytes that will be removed once the file is written again while($removed_size < $log_size - ($max_track_size * 1024)){ $removed_size += strlen($log_file_ar[0]); // store the size of the line being removed array_shift($log_file_ar); // kick off the line being removed } $fout = fopen(loc1 . '/filelist/filelist-fitness.log', 'w'); $fp = fwrite($fout, implode('', $log_file_ar)); fclose($fout); } } } /****************************************************************************** * Below here are all the functions called by all the previous code. * ******************************************************************************/ // this function tests to see if first of all, filemanage logins exist; second // to see if the user is logged in on a valid login. // Some ideas and lines of code taken from OutSide Photos // (www.sourceforge.net/projects/outside-photos/) copyright 2004-2005 by // OutSide Photos Development Team under the GNU General Public License, // redistibution is allowed under the same licese. View the file LICENSE that // was packaged with this file, or download a copy at // www.opensource.org/licenses/gpl-license.php // bool logintest( void ) function logintest(){ // make global so the rest of the program can access them global $un; global $pw; global $useremail; global $login; global $admin; global $perm; global $permtype; global $anonymous_user; global $uip; global $fp; $line_break = $GLOBALS['line_break']; $php_version = $GLOBALS['php_version']; $admin = false; $anonymous_user = false; // if either one of these files do not exist, some tampering has occured (or filelist is being run for the first time), reset all logins if(!is_file(loc1 . '/filelist/filelist-logins.list') || !is_file(loc1 . '/filelist/filelist-admin.php')){ writelog('Login list or admin login file does not exist, creating one', 'nowhere', 'none', 0); $filename = loc1 . '/filelist/filelist-admin.php'; $filename2 = loc1 . '/filelist/filelist-logins.list'; @unlink($filename); @unlink($filename2); $input_array[0] = $line_break . '' . $line_break; // compile the string to be written to $filename $insertline = implode($line_break, $input_array); // this will be written to $filename2 $insertline2 = 'admin'; // write to file, if it fails, error out if(!$handle = fopen($filename2, 'a')){ echo "Cannot open file ($filename2). Likely to be a permissions problem."; exit; } if(fwrite($handle, $insertline2 . $line_break) === FALSE){ echo "Cannot write to file ($filename2). Likely to be a permissions problem."; exit; } fclose($handle); // write to file, if it fails, error out if(!$handle = fopen($filename, 'a')){ echo "Cannot open file ($filename). Likely to be a permissions problem."; exit; } if(fwrite($handle, $insertline) === FALSE){ echo "Cannot write to file ($filename). Likely to be a permissions problem."; exit; } fclose($handle); $login = false; $admin = false; $useremail = ''; $perm = 10; $permtype = 'basic'; return false; } else { if(is_file(loc1 . '/filelist/filelist-bannedIPs.list') && isset($_SERVER['REMOTE_ADDR'])){ $GLOBALS['banned_ar'] = file(loc1 . '/filelist/filelist-bannedIPs.list'); $done = false; for($i = 0; $i < count($GLOBALS['banned_ar']) && !$done; $i++){ if($_SERVER['REMOTE_ADDR'] == trim($GLOBALS['banned_ar'][$i])){ $login = false; $admin = false; $useremail = ''; $perm = 10; $permtype = 'basic'; $GLOBALS['lockout'] = true; return false; } } } if(is_file(loc1 . '/filelist/filelist-loginattempts-IP.list') || is_file(loc1 . '/filelist/filelist-loginattempts-un.list')){ if(is_file(loc1 . '/filelist/filelist-loginattempts-IP.list') && isset($_SERVER['REMOTE_ADDR'])){ $IP_ar = file(loc1 . '/filelist/filelist-loginattempts-IP.list'); $i = 0; foreach($IP_ar as $IP_info){ $sub_array = explode('~~~~~', trim($IP_info)); if($_SERVER['REMOTE_ADDR'] == $sub_array[0]){ $time = $sub_array[1]; $i++; } } if($i >= 5 && time() - (3 * 60) < $time){ $login = false; $admin = false; $useremail = ''; $perm = 10; $permtype = 'basic'; $GLOBALS['lockout'] = $time; return false; } } if(is_file(loc1 . '/filelist/filelist-loginattempts-un.list') && isset($_POST['un'])){ $un_ar = file(loc1 . '/filelist/filelist-loginattempts-un.list'); $i = 0; foreach($un_ar as $un_info){ $sub_array = explode('~~~~~', trim($un_info)); if($_POST['un'] == $sub_array[0]){ $time = $sub_array[1]; $i++; } } if($i >= 5 && time() - (3 * 60) < $time){ $login = false; $admin = false; $useremail = ''; $perm = 10; $permtype = 'basic'; $GLOBALS['lockout'] = $time; return false; } } } // set default (guilty until proven innocent) $need_cookie = false; // if the form was submitted, store username and password to variable and set $need_cookie to true so one will be created if(isset($_POST['loginsubmit'])){ $un = $_POST['un']; $pw = md5($_POST['pw']); $fp = phpSelf; $need_cookie = true; } else // if a session already exists, store it's contents to variables, if it is an anonymous login, let them through if(@session_start() && !@is_null($_SESSION['username']) && !isset($_GET['anonymous'])){ @$un = $_SESSION['username']; @$pw = $_SESSION['password']; @$uip = $_SESSION['IP']; @$fp = $_SESSION['filepath']; if($GLOBALS['allow_anonymous'] && $un == 'anonymous' && $pw == md5('anonymous') && !isset($_GET['req_login'])){ $login = true; $admin = false; $perm = $GLOBALS['anonym_perm']; $permtype = $GLOBALS['anonym_perm_type']; $useremail = ''; $ul_value = 0; $anonymous_user = true; return true; } else if($uip != $_SERVER['REMOTE_ADDR']){ $login = false; $admin = false; $perm = 10; $permtype = 'basic'; $useremail = ''; $ul_value = 0; return false; } } else { if($GLOBALS['allow_anonymous'] && !isset($_GET['req_login']) && ($GLOBALS['auto_anonym_login'] || isset($_GET['anonymous']))){ $un = 'anonymous'; $pw = md5('anonymous'); session_id($un); @session_start(); if($php_version[0] > 4 || ($php_version[0] == 4 && $php_version[1] > 3) || ($php_version[0] == 4 && $php_version[1] == 3 && $php_version[2] >= 2)) session_regenerate_id(); $_SESSION['username'] = $un; $_SESSION['password'] = $pw; $_SESSION['filepath'] = phpSelf; writelog('Anonymous user logged in', 'Login', 'none', 3); $login = true; $admin = false; $perm = $GLOBALS['anonym_perm']; $permtype = $GLOBALS['anonym_perm_type']; $useremail = ''; $ul_value = 0; $anonymous_user = true; return true; } else { $login = false; $admin = false; $perm = 10; $permtype = 'basic'; $useremail = ''; $ul_value = 0; return false; } } // if the function hasn't ended yet, go through the username and password variables to test their authenticity $user_list = file(loc1 . '/filelist/filelist-logins.list'); foreach($user_list as $all_users){ if(strtolower($un) == strtolower(trim($all_users))){ if(!is_file(loc1 . '/filelist/filelist-' . $un . '.php')){ $login = false; $admin = false; $perm = 10; $permtype = 'basic'; $useremail = ''; return false; } else { $array_of_users_file = file(loc1 . '/filelist/filelist-' . $un . '.php'); if($pw == trim($array_of_users_file[3]) && $fp == phpSelf){// echo trim($array_of_users_file[5]); if(trim($array_of_users_file[7]) != 'Pending Admin Authorization' || (trim($array_of_users_file[7]) == 'Pending Admin Authorization' && $GLOBALS['allow_anonymous'] && $GLOBALS['anonym_perm'] == trim($array_of_users_file[4]) && $GLOBALS['anonym_perm_type'] == trim($array_of_users_file[5]))){ if(trim($array_of_users_file[7]) == 'Pending Admin Authorization' && $GLOBALS['allow_anonymous'] && $GLOBALS['anonym_perm'] == trim($array_of_users_file[4]) && $GLOBALS['anonym_perm_type'] == trim($array_of_users_file[5])) $GLOBALS['not_authorized'] = 1; $login = true; $perm = trim($array_of_users_file[4]); $permtype = trim($array_of_users_file[5]); $useremail = trim($array_of_users_file[6]); if((($perm == 0 && $permtype != 'hex') || (hexdec($perm) == 0)) || $un == 'admin') $admin = true; if($un == 'admin') $perm = 0; if($need_cookie){ session_id($un); @session_start(); if($php_version[0] > 4 || ($php_version[0] == 4 && $php_version[1] > 3) || ($php_version[0] == 4 && $php_version[1] == 3 && $php_version[2] >= 2)) session_regenerate_id(); $_SESSION['username'] = $un; $_SESSION['password'] = $pw; $_SESSION['IP'] = $_SERVER['REMOTE_ADDR']; $_SESSION['filepath'] = phpSelf; setcookie('filelist-user', $un, time() + 60 * 60 * 24 * 30); // remember username for 30 days writelog('User logged in', 'Login', 'none', 4); } return true; } else if(trim($array_of_users_file[7]) == 'Pending Admin Authorization') $GLOBALS['not_authorized'] = 1; } } // if(is_file(loc1 . '/filelist/filelist-' . $un . '.php')) } // if(strtolower($un) == strtolower(trim($user_list[$i]))) } // foreach($user_list as $all_users) } // if(!is_file(loc1 . '/filelist/filelist-logins.list') ... // if the functions still hasn't ended, "no login for you!" $login = false; $admin = false; $perm = 10; $permtype = 'basic'; $useremail = ''; $ul_value = 0; return false; } // end of logintest() // this displays the form that users use to login to the File Manage system // void loginpage( void ) function loginpage(){ // if admin has not authorized this user, deny them, but tell them why if(isset($GLOBALS['not_authorized']) && $GLOBALS['not_authorized'] == 1){ echo ''; } if(!isset($_GET['loc'])) $loc = '/'; else if(magicQuotes) $loc = stripslashes($_GET['loc']); else $loc = $_GET['loc']; if(isset($_COOKIE['filelist-user'])){ echo ''; $cookieuser = $_COOKIE['filelist-user']; } else { echo ''; $cookieuser = ''; } echo '

'; echo ''; echo ''; echo ''; echo ''; echo ''; echo ''; echo ''; echo ''; echo ''; echo ''; echo '

Username:		Password:
'; if($GLOBALS['allow_anonymous']) echo ' [Login Anonymously] '.note(4, 250, 210); echo '		[Create an Account]

'; $_GET['req_login'] = $loc; } // end of loginpage() // this function checks if the user name uses a correct character set // then checks to see whether or not the username is already in use. // bool check_user( str 'user' ) function check_user($user){ $user = strtolower($user); if(strpos($user, 'admin') !== false || strpos($user, 'anonymous') !== false || $user == 'settings' || $user == 'passcode'){ echo '
Invalid username.

'; return false; } if(strlen($user) < 5){ echo '
Username must be at least five characters long.

'; return false; } $array_of_users = file(loc1 . '/filelist/filelist-logins.list'); // file with all users foreach($array_of_users as $i => $user_name) $users_array[$i] = trim($user_name); if(in_array($user, $users_array)){ echo '
User already exists.

'; return false; } // characters 48-57, 65-90, 97-122 (alpha numerics) for($i = 48; $i <= 57; $i++) $chr_array[] = chr($i); for($i = 65; $i <= 90; $i++) $chr_array[] = chr($i); for($i = 97; $i <= 122; $i++) $chr_array[] = chr($i); $chr_array[] = chr(45); $chr_array[] = chr(95); for($i = 0; $i < strlen($user); $i++){ $char = substr($user, $i, 1); $chr_done = false; for($j = 0; $j < count($chr_array) && !$chr_done; $j++) if($chr_array[$j] == $char) $chr_done = true; if(!$chr_done){ echo 'Username contains invalid character, "'. $char .'"
'; return false; } } return true; } // end of check_user() // this function is for when a user logs in as a new users (that the admin has // already created) // void make_user( void ) function make_user(){ echo ''; echo ''; $line_break = $GLOBALS['line_break']; $loc = './'; if(!isset($_GET['priv'])){ $showform = true; if(isset($_POST['profile'])){ $uemail = trim($_POST['uemail']); $user = strtolower($_POST['user']); $password = $_POST['password']; if(strlen($uemail) > 5 && strpos($uemail, '@') !== false && strpos($uemail, '.') !== false){ $array_of_users = file(loc1 . '/filelist/filelist-logins.list'); $done = false; for($i = 0; $i < count($array_of_users) && !$done; $i++){ if($user == trim($array_of_users[$i]) && is_file(loc1 . '/filelist/filelist-'. $user .'.php')){ $array_of_user = file(loc1 . '/filelist/filelist-'. $user .'.php'); if(trim($array_of_user[3]) == ''){ if(md5($_POST['passcode']) == trim($array_of_user[7])){ $array_of_user[6] = $uemail . $line_break; if($user != $password){ if(!$GLOBALS['strong_pw_enforce'] || strong_password($password)){ if(isset($_POST['cpassword']) && $password != ''){ if($password != '**********'){ $cpassword = $_POST['cpassword']; if($password == $cpassword){ $array_of_user[3] = md5($password) . $line_break; $array_of_user[7] = ''; $write = implode('', $array_of_user); $fout = fopen(loc1 . '/filelist/filelist-'. $user .'.php', 'w'); $fp = fwrite($fout, $write); fclose($fout); echo '
User created, Click here to continue.

'; $showform = false; writelog('User ('.$user.') registered their profile', 'create'); } else echo '
Passwords do not match.

'; } else echo '
Password is an invalid value.

'; } } else echo '
Password is not a strong password. Password must be at least 8 characters long and use at least two types of characters (uppercase, lowercase, numbers, or symbols).

'; } else echo '
Password cannot be the same as user name.

'; } else echo '
Passcode is invalid.

'; } else echo '
Username is invalid. Admin has not submitted this username to logins.

'; $done = true; } } if(!$done) echo '
Username is invalid. Admin has not submitted this username to logins.

'; } else echo '
You must enter a valid email address.

'; } elseif(isset($_POST['request']) && $GLOBALS['allow_login_request']){ $uemail = trim($_POST['uemail']); $user = strtolower(trim($_POST['user'])); $password = $_POST['password']; if(strlen($uemail) > 5 && strpos($uemail, '@') !== false && strpos($uemail, '.') !== false){ if(check_user($user)){ if($user != $password){ if(!$GLOBALS['strong_pw_enforce'] || strong_password($password)){ if(isset($_POST['cpassword']) && $password != ''){ if($password != '**********'){ $cpassword = $_POST['cpassword']; if($password == $cpassword){ $array_of_user[0] = NULL; $array_of_user[1] = ''; $array_of_user[9] = NULL; $fout = fopen(loc1 . '/filelist/filelist-'. $user .'.php', 'w'); $fp = fwrite($fout, implode($line_break, $array_of_user)); fclose($fout); $fout = fopen(loc1 . '/filelist/filelist-logins.list', 'a'); $fp = fwrite($fout, $user . $line_break); fclose($fout); $fout = fopen(loc1 . '/filelist/filelistloginscount.list', 'a'); $fp = fwrite($fout, '1' . $line_break); fclose($fout); echo '
User created, Click here to continue.

'; $showform = false; writelog('User ('.$user.') created their profile', 'create', 'none', 1); } else echo '
Passwords do not match.

'; } else echo '
Password is an invalid value.

'; } } else echo '
Password is not a strong password. Password must be at least 8 characters long and use at least two types of characters (uppercase, lowercase, numbers, or symbols).

'; } else echo '
Password cannot be the same as user name.

'; } else echo '
Username is invalid.

'; } else echo '
You must enter a valid email address.

'; } else echo '


'; if($showform){ if(!isset($user)) $user = ''; if(!isset($uemail)) $uemail = ''; if($GLOBALS['allow_login_request']){ echo '

'; echo 'Create an account for the File Manage System. '; if($GLOBALS['allow_anonymous']) echo 'This server allows anonymous users, so you will be able to log in right away with the same permissions as the anonymous users. Once the admin accepts you, you may be given higher permissions.'; else echo 'This does not mean you can log in right away. An admin must accept you before you are allowed to login. At that point you will be given a set of permissions.'; echo ' Create Profile '; echo ' '; echo ''; echo ''; echo ''; echo ''; echo ''; echo ''; echo ''; echo ' Username: My email: My Password: Confirm password: '; echo ' '; echo '

'; } echo 'This is for users that an admin has already created. The admin should have given you a passcode to authorize your login name creation. If the admin did not, please contact the admin again. Without the passcode you will be unable to log in. '.note(1, 200, 200).' '; echo ' Create Profile '; echo ' '; echo ''; echo ''; echo ''; echo ''; echo ''; echo ''; echo ''; echo ''; echo ''; echo ' Admin suplied username: My email: Admin suplied passcode: My Password: Confirm password: '; echo ' '; if($GLOBALS['allow_login_request']) echo '

'; echo '

'; } } else { echo 'Notes about File Manage security:
'; echo 'Passcodes and user\'s passwords are at no time stored as is. As soon as they are posted to the File Manage program they are changed to a MD5 hash.'; echo 'This hash is what is stored to the database. So absolutely no one has access to a password (not even this program).'; echo 'What the program does when a user logs in is tests the entered password\'s MD5 hash against the stored one.'; echo 'Again no one will be able to see what was entered. This should give users confidence against malintensioned admins.

'; echo 'Note about your email:
'; echo 'Only this program and the admin(s) have access to your email. Your email address is only needed by this program if you forget your password. A new, randomly generated password will be created and emailed to the email address submitted.'; echo '
(this feature is not yet available in the program, but will become available in the future)

'; echo 'Note about creating a password:
'; echo 'MD5 hashes are still crackable by the most basic of "brute force" hacks. Under this type of hacking, the longer the password, and the more types of characters (lowercase and uppercase letters, numbers, and symbols) used, the better the security. Passwords longer than eight characters, using at least three types of characters is suggested.

'; echo 'If you are having problems with the login:
'; echo 'If you are unable to login. This could be for obvious reasons (wrong username or password), so please double check you are entering those correctly. The password is case sensitive, but the username is not.
'; echo 'Due to security handling, if you have an ISP, router/firewall, or some other system that changes your IP address after every connection, you will be prompted to enter your username and password after everything you click on. You will be unable to use any of the enhanced functionality of this program. You must disable that, or if you are the admin, disable logins to be able to use this program correctly.'; echo '

Click here to close this window'; } } // end of make_user() function strong_password($pass){ if(strlen($pass) < 8) return false; $lower = 0; $upper = 0; $numer = 0; $symbl = 0; for($i = 97; $i <= 122; $i++) $lower_ar[] = chr($i); for($i = 65; $i <= 90; $i++) $upper_ar[] = chr($i); for($i = 48; $i <= 57; $i++) $numer_ar[] = chr($i); $done = false; for($i = 0; $i < strlen($pass) && !$done; $i++){ if(in_array(substr($pass, $i, 1), $lower_ar)) $lower = 1; elseif(in_array(substr($pass, $i, 1), $upper_ar)) $upper = 1; elseif(in_array(substr($pass, $i, 1), $numer_ar)) $numer = 1; elseif(substr($pass, $i, 1) != ' ') $symbl = 1; } if($lower + $upper + $numer + $symbl >= 2) return true; return false; } // end of strong_password() // this function is 99% based on Uber Uploader (https://sourceforge.net/projects/uber-uploader/) // some changes have been made to make it work with File Manage // void upload_popup( void ) function upload_popup(){ if(isset($_GET['close_pop']) && $_GET['close_pop'] == 1){ echo ' '; exit; } $temp_dir = "/tmp/"; //ATTENTION: this variable must be the same as the $temp_dir set in uber_uploader.cgi $temp_dir .= $_GET['tmp_sid']; //Directory CGI.pm is using to write the temp files. $flength_file = $temp_dir . "/flength"; //Path to flength file $temp_dir/$tmp_sid/flength $flength_file_exists = false; $total_upload_size = 0; // Total size of the upload in bytes that we read from the flength file $cmd_line_exec_dl = false; // Set to true if you want to use command line exec `rm -rf $temp_dir` $bRead = 0; $old_percent = 0; $old_time = 0; $old_size = 0; $first_loop = true; // Keep trying to read the flength file for 15 secs for($i = 0; $i < 20; $i++){ if(file_exists($flength_file) && $fp = fopen($flength_file, "r")){ $flength_file_exists = true; $total_upload_size = fread($fp, filesize($flength_file)); //Read the size of the upload from the flength file fclose($fp); clearstatcache(); break; } else sleep(1); //Couldn't find the flength file so wait 1 second and try again clearstatcache(); } ///////////////////////////////////////////////////////////////////////////////////////////// // Ok, we couldn't find the flength file after 10 seconds. This means // // a. The upload was so fast the flength file was deleted before it could be read. // b. The flength file does not exist because the script is not set up properly // c. The flength file exists but this script could not find it. Maybe wrong $temp_dir path // // So, issue "Upload Finished ???" and exit. Upload may succeed anyway. ///////////////////////////////////////////////////////////////////////////////////////////// if(!$flength_file_exists) echo "Upload Finished ???"; ////////////////////////////////////////////////////////////////////// // Found the flength file but it contains the max file upload error. // Delete the temp directory, issue error and exit. ////////////////////////////////////////////////////////////////////// if(strpos($total_upload_size, "ERROR") !== false){ deleteTempDir($temp_dir, $cmd_line_exec_dl); DisplayMessage($total_upload_size); } // Found the flength file and everything is cool so we continue $start_time = time(); $totalKB = round($total_upload_size / 1024); //Total upload size in Kilobytes echo '

 

Transferring Files ... Please wait for the file upload page to refresh.

 

Percent Complete:	0%
Current Position:	0 / '.$totalKB.' Kbytes
Elapsed time:	0
Est Time Left:	0
Est Speed:	0 Kbytes/Sec.

'; echo str_pad('',4096)."\n"; flush(); ///////////////////////////////////////////////////////////////// // Return the current size of the $temp_dir - flength file size. // This version does not depend on the DU command. ///////////////////////////////////////////////////////////////// function GetBytesRead($tmp_dir){ $bytesRead = 0; if(is_dir($tmp_dir)){ if($handle = opendir($tmp_dir)){ while(false !== ($file = readdir($handle))){ if($file != '.' && $file != '..' && $file != 'flength') $bytesRead += filesize($tmp_dir . "/" . $file); clearstatcache(); } closedir($handle); } } $bytesRead = trim($bytesRead); return $bytesRead; } ////////////////////////////////////////////////////////////// // Keep reading the temp_dir while the flength file exists and // the total size of (temp_dir - flength_file) is less than the // total upload size. ////////////////////////////////////////////////////////////// while(is_dir($temp_dir) && file_exists($flength_file) && $bRead < $total_upload_size){ clearstatcache(); sleep(1); $bRead = GetBytesRead($temp_dir); $curr_time = time(); if($first_loop){ $modif_time = time(); $first_loop = false; } // Calculate elapsed time and format for display $lapsed = $curr_time - $start_time; $lapsed_sec = ($lapsed % 60); $lapsed_min = ((($lapsed - $lapsed_sec) % 3600) / 60); $lapsed_hours = (((($lapsed - $lapsed_sec) - ($lapsed_min * 60)) % 86400) / 3600); // Gets number of hours; assuming that we won't be going into days! if($lapsed_sec < 10) $lapsed_sec = "0$lapsed_sec"; if($lapsed_min < 10) $lapsed_min = "0$lapsed_min"; if($lapsed_hours < 10) $lapsed_hours = "0$lapsed_hours"; $lapsedf = "$lapsed_hours:$lapsed_min:$lapsed_sec"; // display as 00:00:00 // Calculate time remaining and format for display $bSpeed = 0; if($lapsed > 0) $bSpeed = $bRead / $lapsed; $remaining = 0; if($bSpeed > 0) $remaining = (($total_upload_size - $bRead) / $bSpeed); $remaining = round($remaining); $remaining_sec = ($remaining % 60); $remaining_min = ((($remaining - $remaining_sec) % 3600) / 60); $remaining_hours = (((($remaining - $remaining_sec) - ($remaining_min * 60)) % 86400) / 3600); if($remaining_sec < 10) $remaining_sec = "0$remaining_sec"; if($remaining_min < 10) $remaining_min = "0$remaining_min"; if($remaining_hours < 10) $remaining_hours = "0$remaining_hours"; $remainingf = "$remaining_hours:$remaining_min:$remaining_sec"; $percent = round(100 * $bRead / $total_upload_size); if($old_percent != $percent || $old_time != $curr_time){ $old_percent = $percent; $old_time = $curr_time; if($old_size != $bRead) $modif_time = $curr_time; $old_size = $bRead; $time = $curr_time - $start_time; $speed = $time ? round($bRead / $time) : 0; $speed = round($speed / 1024); $bRead = round($bRead /= 1024); echo "\n"; echo str_pad('',4096)."\n"; flush(); } if($curr_time - $modif_time > 300){ //(300 seconds) 5 minutes without $temp_dir modification means upload probably failed. echo "\n"; echo str_pad('',4096)."\n"; flush(); exit; } } /////////////////////////////////////////////////////////////////// // Keep checking for the existance of the flength file for 10 secs. // The flength file will be erased when uber_uploader.cgi is // finished transfering the files to the upload_dir. So we keep // looping for 10 secs until it is gone. /////////////////////////////////////////////////////////////////// $upload_success = false; for($i = 0; $i < 20; $i++){ if(!file_exists($flength_file)){ $upload_success = true; echo "\n"; echo "\n"; echo str_pad('',4096)."\n"; flush(); break; } else { echo "\n"; echo str_pad('',4096)."\n"; flush(); sleep(1); } clearstatcache(); } if(!$upload_success){ echo "\n"; echo str_pad('',4096)."\n"; flush(); } echo "\n"; echo str_pad('',4096)."\n"; flush(); /////////////////////////////////////////////////////////////// // Delete the temp dir and everything in it. The only // way this function is called is if the user tried // to upload a file > $max_upload defined in uber_uploader.cgi ////////////////////////////////////////////////////////////// function deleteTempDir($tmp_dir, $cmd_exec){ if($cmd_exec) $output = `rm -rf $tmp_dir`; else { if($handle = opendir($tmp_dir)){ while(false !== ($file_name = readdir($handle))){ if($file_name != "." && $file_name != "..") unlink($tmp_dir . '/' . $file_name); clearstatcache(); } closedir($handle); } rmdir($tmp_dir); } } ///////////////////////////////////////////////////////////////// // Something unexpected has happened so issue a message and exit ///////////////////////////////////////////////////////////////// function DisplayMessage($msg){ echo '

'.$msg.'

'; exit; } } // end of upload_popup() // function writes to a log file the items inputted; returns false if log // point is not a high enough level ($logging_level < $lvl) or for some reason // $_SERVER['REMOTE_ADDR'] is not set // It also checks to make sure the log file has not exceded the max_log_size, // if it has, it deleted the oldest entries in the log first. // bool writelog( str 'log message', str 'location of occurance' [, str 'file associated' [, int 'level of log']] ) function writelog($message, $location, $file = 'none', $lvl = 2){ if($GLOBALS['logging_level'] >= $lvl){ $bk = '~~~~~'; // time, IP:port, user, message, location, file if(!isset($GLOBALS['un'])) $un = 'no one'; else $un = $GLOBALS['un']; $write = time() . $bk; if(isset($_SERVER['REMOTE_ADDR'])) $write .= $_SERVER['REMOTE_ADDR']; if(isset($_SERVER['REMOTE_PORT'])) $write .= ':' . $_SERVER['REMOTE_PORT']; $write .= $bk . $un . $bk . $message . $bk . $location . $bk . $file . $bk . $lvl . $GLOBALS['line_break']; $fout = fopen(loc1 . '/filelist/filemanagelog.log', 'a') or die('no read/write permissions'); $fp = fwrite($fout, $write) or die('no read/write permissions'); fclose($fout); if(filesize(loc1 . '/filelist/filemanagelog.log') > $GLOBALS['max_log_size'] * 1024){ // if the log file is larger than max_log_size $log_size = filesize(loc1 . '/filelist/filemanagelog.log'); $log_file_ar = file(loc1 . '/filelist/filemanagelog.log'); $removed_size = 0; // the value is the size in bytes that will be removed once the file is written again while($removed_size < $log_size - ($GLOBALS['max_log_size'] * 1024)){ $removed_size += strlen($log_file_ar[0]); // store the size of the line being removed array_shift($log_file_ar); // kick off the line being removed } $fout = fopen(loc1 . '/filelist/filemanagelog.log', 'w'); $fp = fwrite($fout, implode('', $log_file_ar)); fclose($fout); } return true; } else return false; } // end of writelog() // function keeps track of page views and unique hits and logs them in a file // so they can be accessed later for statistics. // Some ideas and lines of code taken from OutSide Photos // (www.sourceforge.net/projects/outside-photos/) copyright 2004-2005 by // OutSide Photos Development Team under the GNU General Public License, // redistibution is allowed under the same licese. View the file LICENSE that // was packaged with this file, or download a copy at // www.opensource.org/licenses/gpl-license.php // void hits( void ) function hits(){ // this keeps track of all the page views $pageviewsfile = loc1 . '/filelist/filelist-pageviews.list'; if(is_file($pageviewsfile)){ $array_of_pageviews = file($pageviewsfile); $number_of_pageviews = $array_of_pageviews[0] + 1; $pageviewdate = $array_of_pageviews[1]; } else { $number_of_pageviews = 1; $pageviewdate = time(); } // fopen is set to w (instead of a) so that it will overwrite the previous value $fout = fopen($pageviewsfile, 'w'); $fp = fwrite($fout, $number_of_pageviews . $GLOBALS['line_break'] . $pageviewdate); fclose($fout); // this keeps track of all unique hits if(isset($_SERVER['REMOTE_ADDR'])){ $hitsfile = loc1 . '/filelist/filelist-hits.list'; if(is_file($hitsfile)){ $array_of_hits = file($hitsfile); for($i = 1; $i < count($array_of_hits); $i++) $array_of_hits[$i - 1] = trim($array_of_hits[$i]); if(!in_array($_SERVER['REMOTE_ADDR'], $array_of_hits, true)){ $fout = fopen($hitsfile, 'a'); $fp = fwrite($fout, $_SERVER['REMOTE_ADDR'] . $GLOBALS['line_break']); fclose($fout); } } else { $fout = fopen($hitsfile, 'a'); $fp = fwrite($fout, time() . $GLOBALS['line_break'] . $_SERVER['REMOTE_ADDR'] . $GLOBALS['line_break']); fclose($fout); } } } // end of hits() // this function deletes the temperary files created for previews of pages // void del_tmp( void ) function del_tmp(){ if(is_file(loc1 . '/filelist/filelist-tmpfiles.list')){ $temp_files = file(loc1 . '/filelist/filelist-tmpfiles.list'); $fout = fopen(loc1 . '/filelist/filelist-tmpfiles.list', 'w'); $count = 0; foreach($temp_files as $file){ $file_ar = explode('~~', trim($file)); if(time() - $file_ar[1] >= 3600){ if(!unlink(loc1 . '/filelist/' . $file_ar[0])){ writelog('System tried to delete temp file and failed.', 'none', $file, 1); $fp = fwrite($fout, $file); } else $count++; } else $fp = fwrite($fout, $file); $count--; } fclose($fout); if($count == 0) @unlink(loc1 . '/filelist/filelist-tmpfiles.list'); } } // end of del_tmp() // this function just does a test to see if an inputed value contains // non-numerics. This may be used to test wether or not to add quotes around a // value. Returns true if non-numerics are found, returns false if only // numerics are found. // bool cont_non_num( str 'any value' ) function cont_non_num($input){ for($i = 0; $i < strlen($input); $i++){ $ord_val = ord(substr($input, $i, 1)); if($ord_val < 48 || $ord_val > 57) return true; } return false; } // end of cont_non_num() // this function adds the most common index files so that the server does not // create an index of the files in the filelist directory. // void index_sec( [str 'directory path'] ) function index_sec($dir = '/filelist/'){ if(substr($dir, -1) != '/') $dir .= '/'; if(!is_dir(loc1 . $dir)) mkdir(loc1 . $dir) or die('Unable to create directory ('.$dir.'). Requires write permissions, on Linux 777 permissions is suggested.'); $write = '

Not permitted

'; if(!is_file(loc1 . $dir . 'index.php')){ $fout = fopen(loc1 . $dir . 'index.php', 'w'); $fp = fwrite($fout, $write); fclose($fout); } if(!is_file(loc1 . $dir . 'index.html')){ $fout = fopen(loc1 . $dir . 'index.html', 'w'); $fp = fwrite($fout, $write); fclose($fout); } if(!is_file(loc1 . $dir . 'index.htm')){ $fout = fopen(loc1 . $dir . 'index.htm', 'w'); $fp = fwrite($fout, $write); fclose($fout); } if(!is_file(loc1 . $dir . 'default.htm')){ $fout = fopen(loc1 . $dir . 'default.htm', 'w'); $fp = fwrite($fout, $write); fclose($fout); } } // end of index_sec() // gets $path and returns an array with all files which return true to the // wild card // array 'list of matching files' wild_card( str 'path of searched directory' [, bool 'search dir names' [, bool 'search file names']] ) function wild_card($path, $dirs = true, $files = true){ $path = str_replace('\\', '/', $path); $file_ar = array(); if(strpos($path, '*') !== false){ if(substr($path, 0, 1) == '/') $path = substr($path, 1); $file_ar1 = glob(loc1 . '/' . $path); /*echo '

';
    print_r($file_ar1);
    echo '

';*/ if(count($file_ar1) > 0){ foreach($file_ar1 as $file){ if(substr($file, 0, 1) != '.' && ($dirs && is_dir($file)) || ($files && is_file($file)) && allowed(str_replace(loc1, '', $file), false, false, false)){ if(is_dir($file)) $file .= '/'; $file_ar[] = str_replace(loc1, '', $file); } } } } elseif(($dirs && is_dir(loc1 . $path)) || ($files && is_file(loc1 . $path))) $file_ar[] = $path; return($file_ar); } // end of wild_card() // str '(?) link' note( int 'note number', int 'width of popup window', int 'height') function note($note, $width, $height){ return '(?)'; } // end of note() // takes $name and returns just the name of the file, no directories // also outputs $pre_ex as global for other uses // str 'file name of $name' get_name( str 'path of a file' ) *str 'path to file' $pre_ex function get_name($name){ $GLOBALS['pre_ex'] = str_replace('//', '/', str_replace('\\', '/', dirname($name) . '/')); return basename($name); } // end of get_name() // input file, returns the extension // str 'extension of $file' get_ftype( str 'file name' ) function get_ftype($file){ $info = pathinfo($file); if(!isset($info['extension'])) $info['extension'] = 'none'; return strtolower($info['extension']); } // end of get_ftype() // this function returns an array of permissions based on $perm // $hex will make the function test it based on HEX or Basic permissions // array 'int of each ability' get_perm( int/str 'dec/hex of permissions', str 'permissions type -- dec or hex' ) function get_perm($perms, $permstype){ $perms1 = array('read','list','subdir','write','make','append','delete','ddelete'); if($permstype == 'hex'){ $dec = hexdec($perms); if($dec >= 0 && $dec <= 256){ $bin = strrev(decbin($dec - 1)); for($i = 0; $i < count($perms1); $i++){ if(substr($bin, $i, 1) == 1 && $dec != 0) $current_user[$perms1[7 - $i]] = 0; else $current_user[$perms1[7 - $i]] = 1; } return($current_user); } else { echo 'Number too low or too high. Range: 0-100 (hex).'; return false; } } else { if($perms >= 0 && $perms <= 9){ $user_value = 9 - $perms; foreach($perms1 as $prms){ if($user_value >= 1) $current_user[$prms] = 1; else $current_user[$prms] = 0; $user_value = $user_value - $current_user[$prms]; } return($current_user); } else { echo 'Number is invalid, or the value is too low or too high. Range: 0-10.'; return false; } } return false; } // end of get_perm() // this function checks the contents of files (uploaded, edited, or created) // and returns false if it contains words that are "illegal", there is a // customizable list in the settings to adjust what to block. This won't help // against anyone with a good brain in PHP, at least it will weed out the // idiots that are trying to get into stuff they shouldn't. // bool check_contents( str 'contents of anything' ) function check_contents($contents){ if(!isset($_POST['overridepasscode']) || $_POST['overridepasscode'] == ''){ $illegal_words = $GLOBALS['illegal_words']; array_unshift($illegal_words, 'filelist'); array_unshift($illegal_words, 'filemanage'); $contents = strtolower($contents); // quick test, so for larger files, there is a chance to not wait so long if(strpos($contents, 'filelist') !== false || strpos($contents, 'file list') !== false){ echo 'File contains invalid word or word composit: "filelist". Please fix.
'; writelog('User attempted to submit file with a illegal word or word composit (filelist)', 'unknown', 'unknown'); return false; } if(strpos($contents, 'filemanage') !== false || strpos($contents, 'file manage') !== false){ echo 'File contains invalid word or word composit: "filemanage". Please fix.
'; writelog('User attempted to submit file with a illegal word or word composit (filemanage)', 'unknown', 'unknown'); return false; } // nice long regex sting getting rid of any '.' or "." and spaces for better testing // it's my first homemade regex string, I learned the basics in about 5 minutes and // wrote this, so there is probably a more effecient way to do what this does. $contents1 = preg_replace(array("/\s/","/(('|\")(\.)('|\"))|((('|\")(\.))|((\.)('|\")))/"), array('',''), strtolower($contents)); //$contents2 = ereg_replace("[^[:alnum:]]", '', $contents); // remove everything but numbers and letters -- the default illegal_words will be skipped with this. I'm getting rid of it to speed things up, and there is a very small chance it was actually doing anything. foreach($illegal_words as $illegal_word) if(strpos($contents1, strtolower($illegal_word)) !== false){ echo 'File contains invalid word or word composit: "'.$illegal_word.'". Please fix.
'; writelog('User attempted to submit file with a illegal word or word composit ('.$illegal_word.')', 'unknown', 'unknown'); return false; } } else { $passcode = file(loc1 . '/filelist/filelist-passcode.php'); $passcode = trim($passcode[1]); if(md5($_POST['overridepasscode']) == $passcode) return true; else { echo 'Passcode was incorrect.
'; return false; } } return true; } // end of check_contents() // this function checks $name for common filename errors. It can't be null, it // can't be longer than 255 characters long, it can't contain certain symbols // and it can't contain 'filelist', if it did, the file would then become // inaccessible // returns true if all criteria are met, false if not // bool check_name( str 'file name' ) function check_name($name){ if($name == '') return false; if(strlen($name) >= 255){ echo 'Name too long
'; return false; } if(strpos(strtolower($name), 'filelist') !== false){ echo 'Name contains an invalid word "filelist"
'; return false; } if(strpos(strtolower($name), 'filemanage') !== false){ echo 'Name contains an invalid word "filemanage"
'; return false; } if(strpos($name, '..') !== false){ echo 'Name is invalid. Name contains ".."
'; return false; } // not \ / ; * ? " < > | # // characters 32-126 !34 !35 !42 !47 !59 !60 !62 !63 !92 !124 for($i = 32; $i <= 126; $i++) if($i != 34 && $i != 35 && $i != 42 && $i != 47 && $i != 59 && $i != 60 && $i != 62 && $i != 63 && $i != 92 && $i != 124) $chr_array[] = chr($i); for($i = 0; $i < strlen($name); $i++){ $char = substr($name, $i, 1); $chr_done = false; for($j = 0; $j < count($chr_array) && !$chr_done; $j++){ if($chr_array[$j] == $char) $chr_done = true; } if(!$chr_done){ echo 'Name is invalid. Name contains "'. $char .'"
'; return false; } } return true; } // end of check_name() // Is this an acceptable file to do anything with? Does it comply with all // needs such as accepted extension and is not the current file. Does it have // anything to do with filelist? // returns true/false based on results // bool allowed( str 'file path' [, bool 'is new file' [, bool 'write to log' [, bool 'display error' [, bool 'display continue link']]]] ) function allowed($file, $new_file = false, $write_log = true, $dis_allowed_error = true, $dis_allowed_cont = false){ if(isset($GLOBALS['prevcmd'])) $echo = false; else $echo = true; if(defined('loc')) $loc = loc; else $loc = $GLOBALS['loc']; if(!$GLOBALS['admin'] && isset($GLOBALS['hidden_items_ar']) && (in_array($loc, $GLOBALS['hidden_items_ar']))){ if($dis_allowed_error) if($echo) echo 'This file ('.$file.') is off limits. If you believe this is in error, please contact the administrator of this site immidiately.

'; else array_unshift($GLOBALS['prevcmd'], 'This file ('.$file.') is off limits.'); if($dis_allowed_cont && $echo) echo 'Click here to go back'; if($write_log) writelog('User tried to access a forbidden file', 'unknown', $file, 1); return false; } if(substr($file, 0, 2) == './') $file = substr($file, 1); if(substr($file, 0, 1) != '/') $file = $loc . $file; if(!$GLOBALS['admin'] && isset($GLOBALS['hidden_items_ar'])){ if(in_array($file, $GLOBALS['hidden_items_ar'])){ if($dis_allowed_error) if($echo) echo 'This file ('.$file.') is off limits. If you believe this is in error, please contact the administrator of this site immidiately.

'; else array_unshift($GLOBALS['prevcmd'], 'This file ('.$file.') is off limits.'); if($dis_allowed_cont && $echo) echo 'Click here to go back'; if($write_log) writelog('User tried to access a forbidden file', 'unknown', $file, 1); return false; } for($i = 0; $i < count($GLOBALS['hidden_items_ar']); $i++) if(substr($file, 0, strlen($GLOBALS['hidden_items_ar'][$i])) == $GLOBALS['hidden_items_ar'][$i]){ if($dis_allowed_error) if($echo) echo 'This file ('.$file.') is off limits. If you believe this is in error, please contact the administrator of this site immidiately.

'; else array_unshift($GLOBALS['prevcmd'], 'This file ('.$file.') is off limits.'); if($dis_allowed_cont && $echo) echo 'Click here to go back'; if($write_log) writelog('User tried to access a forbidden file', 'unknown', $file, 1); return false; } } if((is_file(loc1 . $file) || $new_file) && strpos(strtolower($file), 'filelist') === false && strpos(strtolower($file), 'filemanage') === false && strpos($file, '../') === false && strpos($file, '..\\') === false && strpos($file, '#') === false && $file != phpSelf) if($GLOBALS['accept_all']) return true; else { foreach($GLOBALS['accept'] as $exts) if(strtolower($exts) == strtolower(substr($file, strlen($file) - strlen($exts), strlen($exts)))) // get the heck out of the function return true; } // if(!$accept_all) if($dis_allowed_error) if($echo) echo 'This file ('.$file.') is off limits. If you believe this is in error, please contact the administrator of this site immidiately.

'; else array_unshift($GLOBALS['prevcmd'], 'This file ('.$file.') is off limits.'); if($dis_allowed_cont && $echo) echo 'Click here to go back'; if($write_log) writelog('User tried to access a forbidden file', 'unknown', $file, 1); return false; } // end of allowed() // function returns a string of the filesize with proper denominator // returns false if number is not greater than 0 or $size does not contain // numbers // str 'formmated file size' filesz( int 'number in bytes' [, bool 'is bytes?' [, int 'number of decimal places' ]] ) function filesz($size, $bytes = true, $decs = 2){ $size += 0; // set to int (since settype() doesn't seem to work correctly always) if($size >= 0){ if($bytes){ if($size < 980) return round($size, 0) . ' bytes'; else if($size < 1000000) return round($size / 1024, $decs) . ' KB'; else if($size < 1020000000) return round($size / 1048576, $decs) . ' MB'; else return round($size / 1073741824, $decs + 1) . ' GB'; } else { if($size < 1000) return round($size, 0) . ' bits'; else if($size < 1000000) return round($size / 1000, $decs) . ' Kb'; else if($size < 1000000000) return round($size / 1000000, $decs) . ' Mb'; else return round($size / 1000000000, $decs + 1) . ' Gb'; } } return false; } // end of filesz() // this is a function to determine if the entered search is at least close to // the file's name // bool isclosematch( str 'name of file', str 'search string', bool 'exact matches only', bool 'display "exact match:"' ) function isclosematch($name, $search, $exact, $disp){ // if the file name contains the search, then return "exact match" if(strpos(strtolower($name), strtolower($search)) !== false){ // if display is not supressed, then display if($disp != 0) echo 'Exact match: '; return true; } else // if exact matches are the only returned true, then return all else false if($exact == 1) return false; // error spectrum that will be allowed, 1 = all should return true, 0 = must be exact match // these numbers are used so that the shorter the word the more strict it is (per letter) and visa versa $error_spacer = $GLOBALS['error_spacer']; // for per word errors $error_spacer2 = $GLOBALS['error_spacer2']; // for per segment errors // number of characters errors allowed (calculated from the numbers above and the length of the word) $num_of_error_chars = strlen($search) * $error_spacer; // for per word errors $num_of_error_chars2 = strlen($search) * $error_spacer2; // for per segment errors // rounded down integer of the number of letters that can be different from the file and and search $real_num_of_error_chars = floor(strlen($search) * $error_spacer2); // if the whole file name is less than $num_of_error_chars from the search then return true if(levenshtein(strtolower($name), strtolower($search)) <= $num_of_error_chars) return true; // split all the words of the file into an array to sort through $array_of_words = explode(' ', strtolower($name)); // if a word in the file name is less than $num_of_error_chars from the search then return true foreach($array_of_words as $word) if(levenshtein($word, strtolower($search)) <= $num_of_error_chars) return true; // if a segment of the file name is less than $num_of_error_chars from the search then return true for($i = 0; $i < strlen($name) - strlen($search) + $real_num_of_error_chars; $i++) for($j = 0 - $real_num_of_error_chars; $j <= $real_num_of_error_chars; $j++){ $name1 = substr($name, $i, strlen($search) + $j); if(levenshtein(strtolower($name1), strtolower($search)) <= $num_of_error_chars2) return true; } // all else fails: return false return false; } // end of isclosematch() // get properties of a file or directory // bool prop( str 'file path' ) function prop($prop){ if(isset($GLOBALS['prevcmd'])) $echo = false; else $echo = true; if(is_file(loc1 . $prop) && $GLOBALS['current_user']['read'] && allowed($prop)){ $getid3_true2 = $GLOBALS['getid3_true2']; writelog('User viewed properties of a file', 'prop', $prop, 4); $ftype = get_ftype($prop); switch($ftype){ case 'txt': case 'list': $is_txt = true; $txt_type = 'Plain text/list/flat-database'; break; case 'diz': $is_txt = true; $txt_type = 'Plain text/zip nfo file'; break; case 'nfo': $is_txt = true; $txt_type = 'Plain text/information/help file'; break; case 'log': $is_txt = true; $txt_type = 'Plain text/list/log file'; break; case 'php': case 'php3': case 'phtml': case 'php4': case 'php5': $is_txt = true; $txt_type = 'Plain text/PHP program/HTML-PHP mix'; break; case 'htm': case 'html': case 'js': case 'xhtml': case 'xml': case 'shtml': $is_txt = true; $txt_type = 'Plain text/HTML/XML/JavaScript/web file'; break; case 'cgi': $is_txt = true; $txt_type = 'Plain text/CGI script'; break; case 'tmpl': $is_txt = true; $txt_type = 'Plain text/Template file'; break; case 'c': case 'cpp': case 'h': case 'hpp': $is_txt = true; $txt_type = 'Plain text/C/C++ programming file'; break; case 'ini': case 'inf': case 'reg': $is_txt = true; $txt_type = 'Plain text/INI/Setup/Settings file'; break; case 'sh': $is_txt = true; $txt_type = 'Plain text/Unix shell script'; break; case 'vbs': $is_txt = true; $txt_type = 'Plain text/Visual Basic script'; break; case 'readme': $is_txt = true; $txt_type = 'Plain text/README file'; break; case 'nsi': $is_txt = true; $txt_type = 'Plain text/NSIS script file'; break; case 'asp': $is_txt = true; $txt_type = 'Plain text/Active Server Page file'; break; case 'sql': $is_txt = true; $txt_type = 'Plain text/SQL data'; break; default: $is_txt = false; } // if getid3 is going to be called, set up $filename, then get info if(!$is_txt && $getid3_true2){ $filename = loc1 . $prop; $getID3 = new getID3; $fileinfo = $getID3->analyze($filename); } if(isset($fileinfo['error'][0]) && (count($fileinfo['error']) > 1 || $fileinfo['error'][0] != 'unable to determine file format')){ echo 'More info may be available if getid3 was configured correctly.
'; if(!isset($_GET['showerror']) && (($GLOBALS['perm'] == 0 && $GLOBALS['permtype'] != 'hex') || hexdec($GLOBALS['perm']) == 0)) echo 'Show error(s)'; if(isset($_GET['showerror'])){ echo '

';
        print_r($fileinfo['error']);
        echo '

'; } } if($echo) echo '

File Properties

'; else array_unshift($GLOBALS['prevcmd'], 'File Properties'); if($echo) echo ''; if($echo){ echo ''; } else array_unshift($GLOBALS['prevcmd'], 'File name: ' . get_name($prop)); if($echo) echo ''; else array_unshift($GLOBALS['prevcmd'], 'File path: ' . $prop); $file_size = filesize(loc1 . $prop); if($echo) echo ''; if($GLOBALS['show_file_hash']){ if($file_size < $GLOBALS['hash_size'] * 1024 * 1024){ if($echo) echo ''; else array_unshift($GLOBALS['prevcmd'], 'MD5 Hash: '.md5_file(loc1 . $prop)); if($echo) echo ''; else array_unshift($GLOBALS['prevcmd'], 'SHA1 Hash: '.sha1_file(loc1 . $prop)); } else echo ''; else array_unshift($GLOBALS['prevcmd'], 'File created: ' . date("F d, Y H:i (O)", filectime(loc1 . $prop))); if($echo) echo ''; else array_unshift($GLOBALS['prevcmd'], 'File modified: ' . date("F d, Y H:i (O)", filemtime(loc1 . $prop))); if($echo) echo ''; else array_unshift($GLOBALS['prevcmd'], 'File accessed: ' . date("F d, Y H:i (O)", fileatime(loc1 . $prop))); if($echo && ($ftype == 'gif' || $ftype == 'jpg' || $ftype == 'jpeg' || $ftype == 'png' || $ftype == 'swf' || $ftype == 'swc' || $ftype == 'psd' || $ftype == 'tiff' || $ftype == 'bmp' || $ftype == 'iff' || $ftype == 'jp2' || $ftype == 'jpx' || $ftype == 'jb2' || $ftype == 'jpc' || $ftype == 'xbm' || $ftype == 'wbmp' || $ftype == 'tif' || $ftype == 'ico')) @$image_info = getimagesize(loc1 . $prop); if(isset($image_info[2])){ $image_type_array = array(NULL,'GIF','JPEG','PNG','Flash','Photoshop','BitMap','TIFF(intel byte order)', 'TIFF(motorola byte order)','JPC','JP2','JPX','JB2','SWC','IFF','WBMP','XBM'); $image_channel_array = array(NULL,' (gray scale)',NULL,' (RGB)',' (CMYK)'); echo ''; } else if($echo && $is_txt){ echo ''; } else // get a heck of a lot of ID3 info here, dang! if($echo && $getid3_true2 && isset($fileinfo['fileformat']) && $fileinfo['fileformat'] != 'zip'){ echo ''; } if($echo) echo '

File name	'; else echo 'title="Open file in separate window" target="_blank" href="'.cur_dir.$prop.'">'; echo get_name($prop) .'
'.note(2, 220, 190).' File path	'. $prop .'
File size	'; else array_unshift($GLOBALS['prevcmd'], 'File size: ' . $file_size . ' bytes'); if($file_size > 980 && $echo) echo filesz($file_size) . ', '; if($echo) echo $file_size .' bytes
MD5 Hash	'.md5_file(loc1 . $prop).'
SHA1 Hash	'.sha1_file(loc1 . $prop).'
Hashes for this file have been hidden due to the size of the file, click here to view hashes. It may take a few seconds to generate.'; } if($echo) echo '
File created	'. date("F d, Y H:i (O)", filectime(loc1 . $prop)) .'
File modified	'. date("F d, Y H:i (O)", filemtime(loc1 . $prop)) .'
File accessed	'. date("F d, Y H:i (O)", fileatime(loc1 . $prop)) .'
Image info:	'; echo 'Image resolution: '. $image_info[0] .'x'. $image_info[1] .' '; echo 'Image type: '. $image_type_array[$image_info[2]] .' '; if(isset($image_info['bits'])) echo 'Image depth: '. $image_info['bits'] .'-bit '; if(isset($image_info['channels'])) echo 'Image channels: '. $image_info['channels'] . $image_channel_array[$image_info['channels']] .' '; if(($ftype == 'jpeg' || $ftype == 'jpg' || $ftype == 'tiff' || $ftype == 'tif')){ if(function_exists('exif_read_data') && strpos($prop, '\'') === false){ $image = loc1 . $prop; if($image_info = @getimagesize($image)){ $exif = @exif_read_data($image, 'ANY_TAG', true); if($exif !== false){ function reduce($numb){ if(strpos($numb, '/') === false) return $numb; $exp = explode('/', $numb); $num = (int)$exp[0]; $den = (int)$exp[1]; if($den == $num) return '1'; if($den == 1) return $num; if($num == 1) return '1/'.$den; if($den > $num) return '1/'.($den / $num); else return ($num / $den); } if(isset($exif['EXIF']['ColorSpace']) && $exif['EXIF']['ColorSpace'] > 1) echo 'Colors: '.$exif['EXIF']['ColorSpace'].' '; if(isset($exif['IFD0']['Software'])) echo 'Created by: '.$exif['IFD0']['Software'].' '; if(isset($exif['IFD0']['Make'])) echo 'Make: '.$exif['IFD0']['Make'].' '; if(isset($exif['IFD0']['Model'])) echo 'Model: '.$exif['IFD0']['Model'].' '; if(isset($exif['EXIF']['DateTimeOriginal'])) echo 'Date/Time taken: '.$exif['EXIF']['DateTimeOriginal'].' '; if(isset($exif['IFD0']['DateTime'])) echo 'Date/Time downloaded/edited: '.$exif['IFD0']['DateTime'].' '; if(isset($exif['EXIF']['ExposureTime'])) echo 'Exposure time: '.reduce($exif['EXIF']['ExposureTime']).'" '; if(isset($exif['COMPUTED']['ApertureFNumber'])) echo 'Aperture: '.$exif['COMPUTED']['ApertureFNumber'].' '; if(isset($exif['EXIF']['DigitalZoomRatio'])) echo 'Digital zoom: '.reduce($exif['EXIF']['DigitalZoomRatio']).'x '; elseif(isset($exif['IFD0']['DigitalZoomRatio'])) echo 'Digital zoom: '.reduce($exif['IFD0']['DigitalZoomRatio']).'x '; if(isset($exif['EXIF']['FocalLengthIn35mmFilm'])) echo 'Approx. focal distance (in 35mm): '.round($exif['EXIF']['FocalLengthIn35mmFilm'] * 0.7).'mm ('.$exif['EXIF']['FocalLengthIn35mmFilm'].'mm) '; elseif(isset($exif['IFD0']['FocalLengthIn35mmFilm'])) echo 'Approx. focal distance (in 35mm): '.round($exif['IFD0']['FocalLengthIn35mmFilm'] * 0.7).'mm ('.$exif['IFD0']['FocalLengthIn35mmFilm'].'mm) '; //if(isset($exif['EXIF']['FocalLength'])) // echo 'Focus distance: '.reduce($exif['EXIF']['FocalLength']).'m '; if(isset($exif['EXIF']['Flash'])) echo 'Flash type or power '.note(14, 220, 300).': '.$exif['EXIF']['Flash'].' '; //$exif = @exif_read_data($image, 'THUMBNAIL', true); if(isset($exif['THUMBNAIL'])) echo ' '; /*echo ' '; print_r($exif); // lots of info for digital photographs echo ' ';*/ } elseif(!function_exists('exif_read_data')) echo ' Much more information is available if EXIF support was available (read the README to learn how to enable EXIF support).'; } } } echo '
Additional info:	'; echo 'Number of lines: '.count(file(loc1 . $prop)).' '; echo 'Text type: '. $txt_type . ' '; // if the file is a text file, display some of it's contents if($ftype == 'txt' || $ftype == 'list' || $ftype == 'nfo' || $ftype == 'log' || $ftype == 'diz' || $ftype == 'php' || $ftype == 'php3' || $ftype == 'phtml' || $ftype == 'php5' || $ftype == 'php4' || $ftype == 'js' || $ftype == 'xhtml' || $ftype == 'asp' || $ftype == 'xml' || $ftype == 'ini' || $ftype == 'inf' || $ftype == 'reg' || $ftype == 'c' || $ftype == 'cpp' || $ftype == 'h' || $ftype == 'hpp' || $ftype == 'sh' || $ftype == 'vbs' || $ftype == 'readme' || $ftype == 'shtml' || $ftype == 'nsi' || $ftype == 'cgi' || $ftype == 'tmpl' || $ftype == 'sql'){ $contents = file(loc1 . $prop); if(magicQuotes) $contents2 = stripslashes($contents[0] . @$contents[1] . @$contents[2] . rtrim(@$contents[3])); else $contents2 = $contents[0] . @$contents[1] . @$contents[2] . rtrim(@$contents[3]); $contlen = strlen($contents2); if($contlen > 60){ $contlen = 60; $contover = true; } else $contover = false; echo 'Contents: ' . str_replace("\n", ' :: ', str_replace("\r", '', htmlspecialchars(substr($contents2, 0, $contlen)))); if($contover) echo '...'; } else // if the file is an HMTL file, display it's title, or body, or contents if($ftype == 'htm' || $ftype == 'html'){ $titover = false; $bodover = false; $conover = false; $contents = file_get_contents(loc1 . $prop); if(magicQuotes) $contents = stripslashes($contents); $contents2 = strtolower($contents); $contents3 = $contents; $contents4 = $contents2; $show_cont = true; if(strpos($contents2, '') !== false){ $titlepos2 = strpos($contents2, ''); if($titlepos2 > 60){ $titlepos2 = 60; $titover = true; } echo 'Title: ' . htmlspecialchars(substr($contents, $titlepos1, $titlepos2)) . ' '; if($titover) echo '...'; $show_cont = false; } } $contents = $contents3; $contents2 = $contents4; if(strpos($contents2, ''); $contents2 = substr($contents2, $bodypos3); if(strpos($contents2, '') !== false){ $bodypos2 = strpos($contents2, ''); if($bodypos2 > 60){ $bodypos2 = 60; $bodover = true; } $bodycont = substr($contents, $bodypos1 + $bodypos3, $bodypos2); echo 'Page body: ' . str_replace("\n", ' :: ', str_replace("\r", '', htmlspecialchars($bodycont))) . ' '; if($bodover) echo '...'; $show_cont = false; } } if($show_cont){ $cont_len = strlen($contents); if($cont_len > 60){ $cont_len = 60; $conover = true; } echo 'Page contents: ' . str_replace("\n", ' :: ', str_replace("\r", '', htmlspecialchars(substr($contents, 0, $cont_len)))) . ' '; if($conover) echo '...'; } } echo '
'.note(3, 175, 150).' Audio/Video Info	'; echo 'Format: '. $fileinfo['fileformat'] .' '; echo 'Length: '. $fileinfo['playtime_string'] .' '; if(!isset($fileinfo['video']) && isset($fileinfo['audio']['compression_ratio'])) echo 'Bit rate (true '.note(18, 200, 220).') (original '.note(17, 180, 200).'): '. round($fileinfo['bitrate'] / 1000) .' Kbps ('.filesz($file_size * 8 / $fileinfo['playtime_seconds'], false, 3).'ps) ('.filesz($fileinfo['audio']['bitrate'] / $fileinfo['audio']['compression_ratio'], false, 3).'ps) '; elseif(isset($fileinfo['video']) && isset($fileinfo['video']['compression_ratio'])) echo 'Bit rate (true '.note(18, 200, 220).') (original '.note(17, 180, 200).'): '. round($fileinfo['bitrate'] / 1000) .' Kbps ('.filesz($file_size * 8 / $fileinfo['playtime_seconds'], false, 3).'ps) ('.filesz($fileinfo['video']['bitrate'] / $fileinfo['video']['compression_ratio'], false, 3).'ps) '; else echo 'Bit rate (true '.note(18, 200, 220).'): '. round($fileinfo['bitrate'] / 1000) .' Kbps ('.filesz($file_size * 8 / $fileinfo['playtime_seconds'], false, 3).'ps) '; //echo 'True bit rate: '.filesz($file_size * 8 / $fileinfo['playtime_seconds'], false, 5).'ps '; if(isset($fileinfo['video']['codec'])) echo 'Video codec: '. $fileinfo['video']['codec'] .' '; if(isset($fileinfo['audio']['codec'])) echo 'Audio codec: '. $fileinfo['audio']['codec'] .' '; elseif(isset($fileinfo['audio']['streams'][0]['codec'])) echo 'Audio codec: '. $fileinfo['audio']['streams'][0]['codec'] .' '; if(isset($fileinfo['video']) && isset($fileinfo['audio']['bitrate'])){ if(isset($fileinfo['audio']['compression_ratio'])) echo 'Audio bit rate (original '.note(17, 180, 200).'): '. filesz($fileinfo['audio']['bitrate'], false) .'ps ('.filesz($fileinfo['audio']['bitrate'] / $fileinfo['audio']['compression_ratio'], false, 3).'ps) '; else echo 'Audio bit rate: '. filesz($fileinfo['audio']['bitrate'], false) .'ps'; } elseif(isset($fileinfo['video']) && isset($fileinfo['audio']['streams'][0]['bitrate'])){ if(isset($fileinfo['audio']['streams'][0]['compression_ratio'])) echo 'Audio bit rate (original '.note(17, 180, 200).'): '. filesz($fileinfo['audio']['streams'][0]['bitrate'], false) .'ps ('.filesz($fileinfo['audio']['streams'][0]['bitrate'] / $fileinfo['audio']['streams'][0]['compression_ratio'], false, 3).'ps) '; else echo 'Audio bit rate: '. filesz($fileinfo['audio']['streams'][0]['bitrate'], false) .'ps'; } if(isset($fileinfo['audio']['channels']) && isset($fileinfo['audio']['channelmode'])) echo 'Audio channels: '. $fileinfo['audio']['channels'] .' ('. $fileinfo['audio']['channelmode'] .') '; elseif(isset($fileinfo['audio']['channels'])) echo 'Audio channels: '. $fileinfo['audio']['channels'] .' '; if(isset($fileinfo['audio']['sample_rate'])) echo 'Audio sample rate: '. $fileinfo['audio']['sample_rate'] .' Hz '; if(isset($fileinfo['audio']['bits_per_sample'])) echo 'Audio sample size: '. $fileinfo['audio']['bits_per_sample'] .' bits '; if(isset($fileinfo['tags']['id3v1']) || isset($fileinfo['tags']['id3v2'])){ if(isset($fileinfo['tags']['id3v1']['title'][0])) echo 'Song title: '. $fileinfo['tags']['id3v1']['title'][0] .' '; if(isset($fileinfo['tags']['id3v1']['artist'][0])) echo 'Song artist: '. $fileinfo['tags']['id3v1']['artist'][0] .' '; if(isset($fileinfo['tags']['id3v1']['album'][0])) echo 'Song album: '. $fileinfo['tags']['id3v1']['album'][0] .' '; if(isset($fileinfo['tags']['id3v2']['genre'][0])) echo 'Song genre: '. $fileinfo['tags']['id3v2']['genre'][0] .' '; elseif(isset($fileinfo['tags']['id3v1']['genre'][0])) echo 'Song genre: '. $fileinfo['tags']['id3v1']['genre'][0] .' '; if(isset($fileinfo['tags']['id3v1']['track'][0])) echo 'Song track: '. $fileinfo['tags']['id3v1']['track'][0] .' '; if(isset($fileinfo['tags']['id3v1']['year'][0])) echo 'Song year: '. $fileinfo['tags']['id3v1']['year'][0] .' '; if(isset($fileinfo['tags']['id3v2']['composer'][0])) echo 'Song composer: '. $fileinfo['tags']['id3v2']['composer'][0] .' '; if(isset($fileinfo['tags']['id3v2']['publisher'][0])) echo 'Song publisher: '. $fileinfo['tags']['id3v2']['publisher'][0] .' '; } else if(isset($fileinfo['tags'][$fileinfo['fileformat']])){ if(isset($fileinfo['tags'][$fileinfo['fileformat']]['title'][0])) echo 'Song title: '. $fileinfo['tags'][$fileinfo['fileformat']]['title'][0] .' '; if(isset($fileinfo['tags'][$fileinfo['fileformat']]['artist'][0])) echo 'Song artist: '. $fileinfo['tags'][$fileinfo['fileformat']]['artist'][0] .' '; if(isset($fileinfo['tags'][$fileinfo['fileformat']]['album'][0])) echo 'Song album: '. $fileinfo['tags'][$fileinfo['fileformat']]['album'][0] .' '; if(isset($fileinfo['tags'][$fileinfo['fileformat']]['genre'][0])) echo 'Song genre: '. $fileinfo['tags'][$fileinfo['fileformat']]['genre'][0] .' '; if(isset($fileinfo['tags'][$fileinfo['fileformat']]['track'][0])) echo 'Song track: '. $fileinfo['tags'][$fileinfo['fileformat']]['track'][0] .' '; if(isset($fileinfo['tags'][$fileinfo['fileformat']]['year'][0])) echo 'Song year: '. $fileinfo['tags'][$fileinfo['fileformat']]['year'][0] .' '; if(isset($fileinfo['tags'][$fileinfo['fileformat']]['composer'][0])) echo 'Song composer: '. $fileinfo['tags'][$fileinfo['fileformat']]['composer'][0] .' '; if(isset($fileinfo['tags'][$fileinfo['fileformat']]['publisher'][0])) echo 'Song publisher: '. $fileinfo['tags'][$fileinfo['fileformat']]['publisher'][0] .' '; } if(isset($fileinfo['video']['resolution_x'])) echo 'Video resolution: '. $fileinfo['video']['resolution_x'] . 'x' . $fileinfo['video']['resolution_y'] .' '; if(isset($fileinfo['video']['frame_rate'])) echo 'Video frame rate: '. $fileinfo['video']['frame_rate'] .' '; if(isset($fileinfo['video']['bits_per_sample'])) echo 'Video sample size: '. $fileinfo['video']['bits_per_sample'] .' bits '; if(isset($fileinfo[$fileinfo['fileformat']]['video']['color_depth'])) echo 'Video color depth: '. $fileinfo[$fileinfo['fileformat']]['video']['color_depth'] .'-bit '; if(isset($fileinfo['tags_html'][$fileinfo['fileformat']]['author'][0])) echo 'Video author: '. $fileinfo['tags_html'][$fileinfo['fileformat']]['author'][0] .' '; if($fileinfo['fileformat'] == 'mp4' && isset($fileinfo['error'][0])) echo 'MP4 format is not fully supported by 1.7.4, some information may be incorrect or missing'; /*echo ' '; print_r($fileinfo); echo ' ';*/ echo '

'; if($echo) echo 'Click here to close this window.'; return true; } else if(is_dir(loc1 . $prop) && $GLOBALS['current_user']['list'] && substr($prop, 0, 1) != '.' && strpos(strtolower($prop), 'filelist') === false && strpos(strtolower($prop), 'filemanage') === false && substr($prop, 1, 6) != 'getid3' && $prop != '/'){ if($echo) echo '

Directory Properties

'; else array_unshift($GLOBALS['prevcmd'], 'Directory Properties'); if($echo) echo ''; $ar = explode('/', $prop); $dir_nm = $ar[count($ar) - 1]; if($echo) echo ''; else array_unshift($GLOBALS['prevcmd'], 'Directory name: ' . $dir_nm); if($echo) echo ''; else array_unshift($GLOBALS['prevcmd'], 'Directory path: ' . $prop); clearscandir(); scanfulldir(loc1 . $prop); $total_file_size = $GLOBALS['total_file_size']; if($echo) echo ''; if($echo) echo ''; else array_unshift($GLOBALS['prevcmd'], 'Directory created: ' . date("F d, Y H:i (O)", filectime(loc1 . $prop))); if($echo) echo ''; else array_unshift($GLOBALS['prevcmd'], 'Directory modified: ' . date("F d, Y H:i (O)", filemtime(loc1 . $prop))); if($echo) echo ''; else array_unshift($GLOBALS['prevcmd'], 'Contains: ' . $GLOBALS['number_of_files'] .' files, '. $GLOBALS['number_of_dirs'] .' directories'); if($echo) echo '

Directory name	'. $dir_nm .'
'.note(2, 220, 190).' Directory path	'. $prop .'
Directory volume	'; else array_unshift($GLOBALS['prevcmd'], 'Directory volume: ' . $total_file_size . ' bytes'); if($total_file_size > 980 && $echo) echo filesz($total_file_size) . ', '; if($echo) echo $total_file_size .' bytes
Directory created	'. date("F d, Y H:i (O)", filectime(loc1 . $prop)) .'
Directory modified	'. date("F d, Y H:i (O)", filemtime(loc1 . $prop)) .'
Contains	'. $GLOBALS['number_of_files'] .' files, '. $GLOBALS['number_of_dirs'] .' directories

'; return true; } else { if($echo) echo 'File or directory is not accessible.'; else array_unshift($GLOBALS['prevcmd'], 'File or directory is not accessible.'); return false; } } // end of prop() // this function scans a directory and all subdirectories and returns some stats on them // it scans all files, instead of just accepted ones. // void scanfulldir( str 'directory path' ) *int 'number of directories counted' $number_of_dirs *int 'number of files counted' $number_of_files *int 'total size of files counted' $total_file_size function scanfulldir($dir){ if(!isset($GLOBALS['number_of_dirs'])) $GLOBALS['number_of_dirs'] = 0; if(!isset($GLOBALS['number_of_files'])) $GLOBALS['number_of_files'] = 0; if(!isset($GLOBALS['total_file_size'])) $GLOBALS['total_file_size'] = 0; if(is_dir($dir)){ if($handle = opendir($dir)){ // if the folder exploration is sucsessful, continue while(false !== ($file = readdir($handle))){ // as long as storing the next file to $file is successful, continue $path = $dir . '/' . $file; if(is_file($path)){ $GLOBALS['number_of_files']++; $GLOBALS['total_file_size'] += filesize($path); } else if(is_dir($path) && substr($file, 0, 1) != '.'){ $GLOBALS['number_of_dirs']++; scanfulldir($path); } } closedir($handle); // close the folder exploration } } } // end of scanfulldir() // this function just clears the values set by scanfulldir() so it can be used again // void clearscandir( void ) function clearscandir(){ unset($GLOBALS['number_of_files']); unset($GLOBALS['number_of_dirs']); unset($GLOBALS['total_file_size']); } // end of clearscandir() // function returns all files or directories matching the $search parameter // (with wild cards) // void getarrayofmatching( str 'str to match' [, bool 'include dirs?' [, bool 'include files?' [, str 'current function location' ]]] ) function getarrayofmatching($search, $dirs = true, $files = true, $dir = loc1){ if($GLOBALS['php_version'][0] > 4 || ($GLOBALS['php_version'][0] == 4 && $GLOBALS['php_version'][1] > 3) || ($GLOBALS['php_version'][0] == 4 && $GLOBALS['php_version'][1] == 3 && $GLOBALS['php_version'][2] >= 3)) $dir_list = glob($dir . '/'.'*', GLOB_ONLYDIR); // /* is split for code highlighting program problems else $dir_list = glob($dir . '/'.'*'); // /* is split for code highlighting program problems $tmp_items_ar = glob($dir . '/' . $search); foreach($tmp_items_ar as $item){ if($dirs) if(is_dir($item)) $tmp_items_ar1[] = str_replace(loc1, '', $item . '/'); if($files) if(is_file($item)) $tmp_items_ar1[] = str_replace(loc1, '', $item); } if(isset($tmp_items_ar1) && count($tmp_items_ar1) > 0) $GLOBALS['items_ar'] = array_merge($GLOBALS['items_ar'], $tmp_items_ar1); foreach($dir_list as $item){ $item1 = str_replace(loc1, '', $item); if(is_dir($item) && strpos($item1, 'filelist') === false && strpos($item1, 'filemanage') === false && strpos($item1, 'getid3') === false) getarrayofmatching($search, $dirs, $files, $item); } } // end of getarrayofmatching() function max_load_stats($max){ if($max > 15) return 'Morbidly slow!'; elseif($max > 13) return 'Pitifully slow!'; elseif($max > 11) return 'Extremely slow!'; elseif($max > 9) return 'Pretty slow.'; elseif($max > 7) return 'Slow.'; elseif($max > 5) return 'Average.'; elseif($max > 3) return 'Above average.'; elseif($max > 2) return 'Fast.'; elseif($max > 1) return 'Extremely fast!'; else return 'Unbelievably fast!'; } // end of max_load_stats() function min_load_stats($min){ if($min > 0.5) return 'Morbidly slow!'; elseif($min > 0.25) return 'Pitifully slow!'; elseif($min > 0.15) return 'Extremely slow!'; elseif($min > 0.08) return 'Pretty slow.'; elseif($min > 0.03) return 'Slow.'; elseif($min > 0.018) return 'Average.'; elseif($min > 0.01) return 'Above average.'; elseif($min > 0.006) return 'Fast.'; elseif($min > 0.003) return 'Extremely fast!'; else return 'Unbelievably fast!'; } // end of min_load_stats() function avg_load_stats($avg){ if($avg > 7) return 'Morbidly slow!'; elseif($avg > 5) return 'Pitifully slow!'; elseif($avg > 3.5) return 'Extremely slow!'; elseif($avg > 1.7) return 'Pretty slow.'; elseif($avg > 1) return 'Slow.'; elseif($avg > 0.7) return 'Average.'; elseif($avg > 0.4) return 'Above average.'; elseif($avg > 0.2) return 'Fast.'; elseif($avg > 0.1) return 'Very fast!'; elseif($avg > 0.05) return 'Extremely fast!'; else return 'Unbelievably fast!'; } // end of avg_load_stats() // this function deletes all files and sub directories directories in a directory // bool remdir( str 'directory path' ) function remdir($dir){ if(isset($GLOBALS['prevcmd'])) $echo = false; else $echo = true; if(!isset($GLOBALS['remerror'])) $GLOBALS['remerror'] = false; if($handle = opendir(loc1 . $dir)){ // if the folder exploration is sucsessful, continue while (false !== ($file = readdir($handle))){ // as long as storing the next file to $file is successful, continue $path = $dir . '/' . $file; if(is_file(loc1 . $path)){ if(!unlink(loc1 . $path)){ if($echo) echo '"' . $path . '" could not be deleted. This may be due to a permissions problem.
Directory cannot be deleted until all files are deleted.
'; else array_unshift($GLOBALS['prevcmd'], $path . '" could not be deleted. Directory cannot be deleted until it is empty.'); writelog('User tried to delete a directory, but deleting a file in it failed (may be a permissions problem)', 'ren', $path .' in '. $dir, 1); $GLOBALS['remerror'] = true; return false; } } else if(is_dir(loc1 . $path) && substr($file, 0, 1) != '.'){ remdir($path); @rmdir(loc1 . $path); } } closedir($handle); // close the folder exploration } if(!$GLOBALS['remerror']) // if no errors occured, delete the now empty directory. if(!@rmdir(loc1 . $dir)){ if($echo) echo 'Could not remove directory "' . $dir . '". This may be due to a permissions problem.
'; else array_unshift($GLOBALS['prevcmd'], 'Could not remove directory "' . $dir . '".'); writelog('User tried to delete a directory, but it failed (may be a permissions problem)', 'ddel', $dir, 1); return false; } else return true; return false; } // end of remdir() // rename file or directory // bool ren( str 'path to file/dir', str 'new name' ) function ren($ren, $ren2){ if(isset($GLOBALS['prevcmd'])) $echo = false; else $echo = true; if((is_file(loc1 . $ren) && allowed($ren)) || (is_dir(loc1 . $ren) && strpos($ren, '..') === false && strpos(strtolower($ren), 'filelist') === false && strpos(strtolower($ren), 'filemanage') === false && $ren != '/')){ $req_ren2 = true; if(check_name($ren2)){ get_name($ren); $pre_ex = $GLOBALS['pre_ex']; $was_file = false; $was_dir = false; if(is_file(loc1 . $ren)){ $was_file = true; if(!is_file(loc1 . '/' . $pre_ex . $ren2)){ if(allowed($ren2, true, true, false)){ $ftype1 = get_ftype($ren); $ftype2 = get_ftype($ren2); if($ftype1 != 'php' && $ftype1 != 'php3' && $ftype1 != 'php4' && $ftype1 != 'php5' && $ftype1 != 'phtml' && ($ftype2 == 'php' || $ftype2 == 'php3' || $ftype2 == 'php4' || $ftype2 == 'php5' || $ftype2 == 'phtml')) $filecont = file_get_contents(loc1 . $ren); else $filecont = ''; if(check_contents($filecont)){ if(!rename(loc1 . $ren, loc1 . '/' . $pre_ex . $ren2)){ if($echo) echo 'The file ('. $ren .') could not be renamed. This could be a permissions problem.
'; else array_unshift($GLOBALS['prevcmd'], 'The file ('. $ren .') could not be renamed. This could be a permissions problem.'); writelog('User tried to rename a file, but it failed (may be a permissions problem)', 'ren', $ren .' - '. $pre_ex . $ren2, 1); return false; } } else { if($echo) echo 'The file is being renamed to a PHP extension, and it previously was not.'; else array_unshift($GLOBALS['prevcmd'], 'The file is being renamed to a PHP extension, and it previously was not.'); if($echo && is_file(loc1 . '/filelist/filelist-passcode.php')) echo '
Enter correct passcode:
'; writelog('User tried to rename a file to a PHP when it wasn\'t previously.', 'ren', $ren .' - '. $pre_ex . $ren2, 1); } } else { if($echo) echo 'The file name "'. $ren2 .'" has an invalid extension, is being created in an invalid directory, or is otherwise blocked.
'; else array_unshift($GLOBALS['prevcmd'], 'The file name "'. $ren2 .'" has a invalid extension.'); return false; } } else { if($echo) echo 'A file named "'. $ren2 .'" already exists. Try a different name.
'; else array_unshift($GLOBALS['prevcmd'], 'A file named "'. $ren2 .'" already exists.'); return false; } } else if(is_dir(loc1 . $ren)){ $was_dir = true; if(!is_dir(loc1 . '/' . $pre_ex . $ren2)){ if(!rename(loc1 . $ren, loc1 . '/' . $pre_ex . $ren2)){ if($echo) echo 'The directory (' . $ren . ') could not be renamed. This could be a permissions problem.'; else array_unshift($GLOBALS['prevcmd'], 'The directory ('. $ren .') could not be renamed. This could be a permissions problem.'); writelog('User tried to rename a directory, but it failed (may be a permissions problem)', 'ren', $ren .' - '. $pre_ex . $ren2, 1); return false; } } else { if($echo) echo 'A directory named "'. $ren2 .'" already exists. Try a different name.'; else array_unshift($GLOBALS['prevcmd'], 'A directory named "'. $ren2 .'" already exists.'); return false; } } } else return false; if((is_file(loc1 . '/' . $pre_ex . $ren2) && $was_file) || (is_dir(loc1 . '/' . $pre_ex . $ren2) && $was_dir)){ if($echo) echo 'Renamed successfully.'; writelog('User renamed an item', 'ren', $ren .' - '. $pre_ex . $ren2); return true; } else { if($echo) echo 'This item ('. $ren .') could not be renamed. This may be a permissions problem.'; else array_unshift($GLOBALS['prevcmd'], 'The file ('. $ren .') could not be renamed. This could be a permissions problem.'); writelog('User tried to rename an item, but it failed (may be a permissions problem)', 'ren', $ren .' - '. $pre_ex . $ren2, 1); return false; } } else if($echo) echo 'File/Directory is inaccessible.'; else array_unshift($GLOBALS['prevcmd'], 'File/Directory is inaccessible.'); return false; } // end of ren() // create a directory // bool cdir( str 'path to new dir' ) function cdir($cdir){ if(isset($GLOBALS['prevcmd'])) $echo = false; else $echo = true; if(check_name(get_name($cdir))){ if(strpos($cdir, '..') === false && substr($cdir, 0, 1) != '.' && strpos(strtolower($cdir), 'filelist') === false && strpos(strtolower($cdir), 'filemanage') === false && substr(strtolower($cdir), 0, 6) != 'getid3'){ if(!is_dir(loc1 . $cdir)){ if(!mkdir(loc1 . $cdir)){ if($echo) echo 'The directory ('. $cdir .') could not be made. This may be a permissions problem1.'; else array_unshift($GLOBALS['prevcmd'], 'The directory ('. $cdir .') could not be made. This may be a permissions problem.'); writelog('User tried to create a directory, but it failed (may be a permissions problem)', 'cdir', loc . $cdir, 1); return false; } } else { if($echo) echo 'A directory named "'. $cdir .'" already exists. Try a different name.'; else array_unshift($GLOBALS['prevcmd'], 'A directory named '. $cdir .' alredy exists.'); return false; } } else { if($echo) echo 'The directory name, "'. $cdir .'", is invalid. Try a different name.'; else array_unshift($GLOBALS['prevcmd'], 'The directory name "'. $cdir .'" is invalid.'); return false; } } else return false; if(is_dir(loc1 . $cdir)){ if($echo) echo 'Directory created successfully.'; writelog('User created a directory', 'cdir', $cdir); return true; } else { if($echo) echo 'The directory ('. $cdir .') could not be made. This may be a permissions problem.'; else array_unshift($GLOBALS['prevcmd'], 'The directory ('. $cdir .') could not be made. This may be a permissions problem.'); writelog('User tried to create a directory, but it failed (may be a permissions problem)', 'cdir', $cdir, 1); return false; } } // end of cdir() // copy a file // bool cpy( str 'path to file to copy', str 'path of dir to copy to' ) function cpy($cpy, $loc){ if(isset($GLOBALS['prevcmd'])) $echo = false; else $echo = true; if(is_file(loc1 . $cpy) && allowed($cpy)){ $name = get_name($cpy); if(is_dir(loc1 . $loc)){ if(file_exists(loc1 . $loc . $name)){ $cpy2 = 'Copy of ' . $name; if(file_exists(loc1 . $loc . $cpy2)){ $done = false; $num = 2; while(!$done){ $cpy2 = 'Copy ('. $num .') of ' . $name; if(!file_exists(loc1 . loc . $cpy2)) $done = true; $num++; } } $name = $cpy2; } if(!copy(loc1 . $cpy, loc1 . $loc . $name)){ if($echo) echo 'File ('.$cpy.') cannot be copied. May be a permissions problem.'; else array_unshift($GLOBALS['prevcmd'], 'File ('.$cpy.') cannot be copied. May be a permissions problem.'); writelog('File could not be copied (may be a permissions problem)', 'cpy', $cpy .' - '. $loc, 1); return false; } else { if($echo) echo 'File copied successfully.'; writelog('User copied a file', 'cpy', $cpy .' - '. $loc); return true; } } else { if($echo) echo 'Destination is not a valid directory.'; else array_unshift($GLOBALS['prevcmd'], 'Destination is not a valid directory.'); writelog('File could not be copied, destination not valid', 'cpy', $cpy .' - '. $loc, 4); } } else if($echo) echo 'File not accessible.'; else array_unshift($GLOBALS['prevcmd'], 'File not accessible.'); return false; } // end of cpy() // delete a file // bool del( str 'path to file' ) function del($del){ if(isset($GLOBALS['prevcmd'])) $echo = false; else $echo = true; if(is_file(loc1 . $del) && allowed($del)){ // try to delete file if(unlink(loc1 . $del)){ if($echo) echo 'File deleted successfully.'; else array_unshift($GLOBALS['prevcmd'], 'File ('.$del.') deleted successfully.'); writelog('User deleted a file', 'del', $del); $return = true; } else { if($echo) echo 'Unable to delete file (' . $del . '), may be a permissions problem.'; else array_unshift($GLOBALS['prevcmd'], 'Unable to delete file (' . $del . '), may be a permissions problem.'); writelog('User tried to delete a file, but it failed (may be a permissions problem)', 'del', $del, 1); $return = false; } return($return); } else if($echo) echo 'File is not accessible.'; else array_unshift($GLOBALS['prevcmd'], 'File is not accessible.'); return false; } // end of del() // delete a directory // bool ddel( str 'path to directory' ) function ddel($ddel){ if(isset($GLOBALS['prevcmd'])) $echo = false; else $echo = true; if(is_dir(loc1 . $ddel) && strpos(strtolower($ddel), 'filelist') === false && strpos(strtolower($ddel), 'filemanage') === false && substr(strtolower($ddel), 1, 6) != 'getid3' && $ddel != '/'){ // try to delete directory remdir($ddel); if(!$GLOBALS['remerror']) if(!is_dir(loc1 . $ddel)){ if($echo) echo 'Directory deleted successfully.'; else array_unshift($GLOBALS['prevcmd'], 'Directory deleted successfully.'); writelog('User deleted a directory', 'ddel', $ddel); return true; } else { if($echo) echo 'Unable to delete directory ('. $ddel .'), either the directory does not exist, or the webhosting server does not have permisions to delete the directory or the files contained in the directory.'; else array_unshift($GLOBALS['prevcmd'], 'Unable to delete directory.'); writelog('User tried to delete a directory, but it failed (may be a permissions problem)', 'ddel', $ddel, 1); return false; } else { if($echo) echo 'Unable to delete directory ('. $ddel .'), either the directory does not exist, or the webhosting server does not have permisions to delete the directory or the files contained in the directory.'; else array_unshift($GLOBALS['prevcmd'], 'Unable to delete directory.'); writelog('User tried to delete a directory but failed (may be a permissions problem)', 'ddel', $ddel, 1); return false; } } else if($echo) echo 'Directory is inaccessible.'; else array_unshift($GLOBALS['prevcmd'], 'Directory is inaccessible.'); return false; } // end of ddel() // this function adds lines to the recycle database (/filelist/recycle_db.list) // to keep track of the files in the recycle bin. It can also remove lines for // when files are deleted or moved from the recycle bin // recycle_db( function recycle_db($action, $item, $dir = false){ if($action == 'add'){ if($dir){ clearscandir(); scanfulldir(loc1 . $item); $size = $GLOBALS['total_file_size']; } else { $size = filesize(loc1 . $item); $dir = 0; } $name = get_name($item); if(is_file(loc1 . '/filelist/filelist-recycle_db.list') && file_exists(loc1 . '/filelist/.recycle/'.$name)){ $recycle_db = file(loc1 . '/filelist/filelist-recycle_db.list'); for($i = 0; $i < count($recycle_db); $i++){ $sub_recycle = explode('~~~~~', trim($recycle_db[$i])); if($sub_recycle[0] == $name){ $name2 = NULL; if(file_exists(loc1 . '/filelist/.recycle/cont/'.$name)){ while(file_exists(loc1 . '/filelist/.recycle/cont/'.$name.$name2)) $name2 .= mt_rand(0, 9); } $fout = fopen(loc1 . '/filelist/filelist-recycle_db.list', 'a'); $fp = fwrite($fout, $name . '~~~~~cont/' . $name.$name2 . '~~~~~' . $item . '~~~~~' . $size . '~~~~~' . $dir . '~~~~~' . time() . $GLOBALS['line_break']); fclose($fout); writelog('User moved an item to the Recycle Bin', 'rec', 'cont/'.$name.$name2); return 'cont/'.$name.$name2; } } } $fout = fopen(loc1 . '/filelist/filelist-recycle_db.list', 'a'); $fp = fwrite($fout, $name . '~~~~~' . $name . '~~~~~' . $item . '~~~~~' . $size . '~~~~~' . $dir . '~~~~~' . time() . $GLOBALS['line_break']); fclose($fout); $GLOBALS['recycle_db'][] = $name . '~~~~~' . $name . '~~~~~' . $item . '~~~~~' . $size . '~~~~~' . $dir . '~~~~~' . time() . $GLOBALS['line_break']; writelog('User moved an item to the Recycle Bin', 'rec', $name); return $name; } elseif($action == 'rem'){ if(is_file(loc1 . '/filelist/filelist-recycle_db.list')){ $recycle_db = file(loc1 . '/filelist/filelist-recycle_db.list'); foreach($recycle_db as $recycle_entry){ $sub_recycle = explode('~~~~~', trim($recycle_entry)); if($sub_recycle[1] == $item){ $return_dest = $sub_recycle[2]; } else $new_recycle_db[] = $recycle_entry; } if(isset($new_recycle_db) && count($new_recycle_db) > 0){ $fout = fopen(loc1 . '/filelist/filelist-recycle_db.list', 'w'); $fp = fwrite($fout, implode('', $new_recycle_db)); fclose($fout); $GLOBALS['recycle_db'] = $new_recycle_db; } else { unset($GLOBALS['recycle_db']); @unlink(loc1 . '/filelist/filelist-recycle_db.list'); } return $return_dest; } else return false; } elseif($action == 'none'){ if(is_file(loc1 . '/filelist/filelist-recycle_db.list')){ $recycle_db = file(loc1 . '/filelist/filelist-recycle_db.list'); foreach($recycle_db as $recycle_entry){ $sub_recycle = explode('~~~~~', trim($recycle_entry)); if($sub_recycle[1] == $item) return $sub_recycle[2]; } } else return false; } else return false; } // end of recycle_db() // copy a directory and all subdirectories and files (recursive) // void dircpy( str 'source directory', str 'destination directory' [, bool 'overwrite existing files'] ) function dircpy($source, $dest, $overwrite = false){ if(isset($GLOBALS['prevcmd'])) $echo = false; else $echo = true; if($handle = opendir(loc1 . $source)){ // if the folder exploration is sucsessful, continue while(false !== ($file = readdir($handle))){ // as long as storing the next file to $file is successful, continue if($file != '.' && $file != '..'){ $path = $source . '/' . $file; if(is_file(loc1 . $path)){ if(!is_file(loc1 . $dest . '/' . $file) || $overwrite) if(!@copy(loc1 . $path, loc1 . $dest . '/' . $file)){ if($echo) echo 'File ('.$path.') could not be copied, likely a permissions problem.'; else array_unshift($GLOBALS['prevcmd'], 'File ('.$path.') could not be copied, likely a permissions problem.'); writelog('File could not be copied.', 'dircpy', $path . ' - ' . $dest .'/'.$file, 1); } } elseif(is_dir(loc1 . $path)){ if(!is_dir(loc1 . $dest . '/' . $file)) mkdir(loc1 . $dest . '/' . $file); // make subdirectory before subdirectory is copied dircpy($path, $dest . '/' . $file, $overwrite); //recurse! } } } closedir($handle); } } // end of dircpy() // move a file // bool move_recycle( str 'path to file to move', str 'path of dir to move to' ) function move_recycle($mv, $loc, $overwrite = false){ if($GLOBALS['current_user']['delete'] || $admin){ if(isset($GLOBALS['prevcmd'])) $echo = false; else $echo = true; if(is_file(loc1 . $mv)){ $name = get_name($loc); if(is_dir(loc1 . dirname($loc))){ $cont = true; if(is_file(loc1 . $loc)){ $cont = false; if($overwrite){ if(!unlink(loc1 . $loc)){ if($echo) echo 'A file named "'.$name.'" already exists in destination directory, and it cannot be deleted.'; else array_unshift($GLOBALS['prevcmd'], 'A file named "'.$name.'" already exists'."\n".'in destination directory, and it cannot be deleted.'); writelog('File in destination directory could not be deleted', 'move', $mv .' - '. $loc); return false; } else $cont = true; } else { if($echo) echo 'A file named "'.$name.'" already exists in destination directory.'; else array_unshift($GLOBALS['prevcmd'], 'A file named "'.$name.'" already exists in destination directory.'); return false; } } if($cont){ if(!rename(loc1 . $mv, loc1 . $loc)){ if($echo) echo 'File ('.$mv.') cannot be moved. May be a permissions problem.'; else array_unshift($GLOBALS['prevcmd'], 'File ('.$mv.') cannot be moved. May be a permissions problem.'); writelog('File could not be moved (may be a permissions problem)', 'move', $mv .' - '. $loc, 1); return false; } else { if($echo) echo 'File deleted/moved successfully.'; else array_unshift($GLOBALS['prevcmd'], 'File deleted/moved successfully.'); writelog('User moved a file', 'move', $mv .' - '. $loc); return true; } } } else { if($echo) echo 'Destination is not a valid directory.'; else array_unshift($GLOBALS['prevcmd'], 'Destination is not a valid directory.'); writelog('File could not be moved, destination not valid', 'move', $mv .' - '. $loc, 3); } } else if($echo) echo 'File not accessible.'; else array_unshift($GLOBALS['prevcmd'], 'File not accessible.'); } return false; } // end of move_recycle() // move a file // bool move( str 'path to file to move', str 'path of dir to move to' ) function move($mv, $loc){ if(isset($GLOBALS['prevcmd'])) $echo = false; else $echo = true; if(is_file(loc1 . $mv) && allowed($mv)){ $name = get_name($mv); if(is_dir(loc1 . $loc)){ if(!is_file(loc1 . $loc . $name)){ if(!rename(loc1 . $mv, loc1 . $loc . $name)){ if($echo) echo 'File ('.$mv.') cannot be moved. May be a permissions problem.'; else array_unshift($GLOBALS['prevcmd'], 'File ('.$mv.') cannot be moved. May be a permissions problem.'); writelog('File could not be moved (may be a permissions problem)', 'move', $mv .' - '. $loc, 1); return false; } else { if($echo) echo 'File moved successfully.'; writelog('User moved a file', 'move', $mv .' - '. $loc); return true; } } else if($echo) echo 'A file named "'.$name.'" already exists in destination directory.'; else array_unshift($GLOBALS['prevcmd'], 'A file named "'.$name.'" already exists in destination directory.'); } else { if($echo) echo 'Destination is not a valid directory.'; else array_unshift($GLOBALS['prevcmd'], 'Destination is not a valid directory.'); writelog('File could not be moved, destination not valid', 'move', $mv .' - '. $loc, 3); } } else if($echo) echo 'File not accessible.'; else array_unshift($GLOBALS['prevcmd'], 'File not accessible.'); return false; } // end of move() // move a directory and all subdirectories and files (recursive) // void dirmv( str 'source directory', str 'destination directory' [, bool 'overwrite existing files' [, bool 'if the destination contains the dir name too' [, str 'location within the directory (for recurse)']] ) function dirmv($source, $dest, $overwrite = false, $inc_name = false, $funcloc = NULL){ if(substr($dest, 0, strlen($source)) == $source) return false; if(is_null($funcloc)){ if(!$inc_name) $dest .= '/' . strrev(substr(strrev($source), 0, strpos(strrev($source), '/'))); else if(substr($dest, -1) != '/') $dest .= '/'; $funcloc = '/'; } if(!is_dir(loc1 . $dest . $funcloc)) mkdir(loc1 . $dest . $funcloc); // make subdirectory before subdirectory is copied if(isset($GLOBALS['prevcmd'])) $echo = false; else $echo = true; if($handle = opendir(loc1 . $source . $funcloc)){ // if the folder exploration is sucsessful, continue while(false !== ($file = readdir($handle))){ // as long as storing the next file to $file is successful, continue if($file != '.' && $file != '..'){ $path = $source . $funcloc . $file; $path2 = $dest . $funcloc . $file; if(is_file(loc1 . $path)){ if(!is_file(loc1 . $path2)){ if(!@rename(loc1 . $path, loc1 . $path2)){ if($echo) echo 'File ('.$path.') could not be moved/deleted, likely a permissions problem.'; else array_unshift($GLOBALS['prevcmd'], 'File ('.$path.') could not be moved, likely a permissions problem.'); writelog('File could not be moved.', 'dirmv', $path . ' - ' . $path2, 1); } } elseif($overwrite){ if(!@unlink(loc1 . $path2)){ if($echo) echo 'Unable to overwrite file ("'.$path2.'"), likely to be a permissions problem.'; else array_unshift($GLOBALS['prevcmd'], 'Unable to overwrite file ("'.$path2.'"), likely to be a permissions problem.'); writelog('Unable to overwrite (delete) file.', 'dirmv', $dest .'/'.$file, 1); } else { if(!@rename(loc1 . $path, loc1 . $path2)){ if($echo) echo 'File ('.$path.') could not be moved/deleted after overwriting, likely a permissions problem.'; else array_unshift($GLOBALS['prevcmd'], 'File ('.$path.') could not be moved after overwriting, likely a permissions problem.'); writelog('File could not be moved after overwritting.', 'dirmv', $path . ' - ' . $path2, 1); } } } } elseif(is_dir(loc1 . $path)){ dirmv($source, $dest, $overwrite, false, $funcloc . $file . '/'); //recurse! @rmdir(loc1 . $path); } } } closedir($handle); } return true; } // end of dirmv() ?>