--- docman.php 2002/07/27 19:59:35 1.9
+++ docman.php 2004/04/10 18:43:38 1.45
@@ -1,1863 +1,2037 @@
-
- *
- * License: GPL2
- *
- * Document Manager 1.x was based on
- * Copyright 1999 by John Martin d/b/a www.ANYPORTAL.com
- * PHP version Copyright 2000 by Stefan@Wiesendanger.org
- *
- * For more info, please see web pages at
- * http://www.rot13.org/~dpavlin/docman.html
- *
- */
-
-
-//////////////////////////////////////////////////////////////////
-// CONFIGURATION OPTIONS
-
-// error_reporting(4) ; // how verbose ?
-
- // from where to include auth_*.php modules?
- $gblIncDir = "/data/docman2";
-
- // force download on view (so it won't open in associated application)
- $gblForceDownload = 0;
-
- // date format
- $gblDateFmt="Y-m-d";
-// $gblDateFmt="D, F d, Y";
-
- // time format
- $gblTimeFmt="H:i:s";
-// $gblTimeFmt="g:i:sA";
-
- // Number of backup files to keep
- $gblNumBackups=3;
-
- // show red star if newer than ... days
- $gblModDays=1;
-
- // choose GifIcon below unless you have the M$
- // WingDings font installed on your system
-
- $gblIcon="GifIcon"; // MockIcon or GifIcon
-
- // the directory below should be /icons/ or /icons/small/
- // on Apache; a set of icons is included in the distribution
-
- $gblIconLocation="/icons/";
-
- // files you want to be able to edit in text mode
- // and view with (primitive) syntax highlighting
-
- $gblEditable = array( ".txt",".asa",".asp",".htm",".html",
- ".cfm",".php3",".php",".phtml",
- ".shtml",".css" ) ;
-
- // files that will display as images on the detail page
- // (useless if your browser doesn't support them)
-
- $gblImages = array( ".jpg",".jpeg",".gif",".png",".ico",
- ".bmp",".xbm") ;
-
- // which files to hide (separated by ,)
- $gblHide = "";
-
- // Where are users? (by default in .htusers file)
- $gblUsers = "file";
-
-//////////////////////////////////////////////////////////////////
-
- $gblTitle = "Document Manager";
- $gblVersion = "2.0-pre1";
-
- $secHash = "";
-
- // location of html files
- $html = $gblIncDir."/html";
-
- LoadLanguage($HTTP_SERVER_VARS["HTTP_ACCEPT_LANGUAGE"]);
-
- // for security and configuration
- $realm=$HTTP_SERVER_VARS[HTTP_HOST];
-
- $fsDocumentRoot = dirname($HTTP_SERVER_VARS[SCRIPT_FILENAME]);
- if ($fsDocumentRoot == "") Error("Configuration error","Can't get SCRIPT_FILENAME from your web server. Please set \$fsDocumentRoot in \$",1);
-
- // globals for later
- $gblLogin = $HTTP_SERVER_VARS[PHP_AUTH_USER];
- $gblPasswd = $HTTP_SERVER_VARS[PHP_AUTH_PW];
-
-//////////////////////////////////////////////////////////////////
-
-function LoadLanguage($lang) {
-
- global $gblIncDir,$html;
-
- if (file_exists($gblIncDir."/lang/$lang.php")) {
- include($gblIncDir."/lang/$lang.php");
- $html .= "-$lang";
- } else {
- include($gblIncDir."/lang/default.php");
- }
-}
-
-function StartHTML($title,$text="") {
-
- global $html,$fsDocumentRoot,$HTTP_SERVER_VARS;
-
- $title = $gblTitle." ".$title ;
- $host = $HTTP_SERVER_VARS["HTTP_HOST"] ;
- $self = $HTTP_SERVER_VARS["PHP_SELF"] ;
-
- if (file_exists("$fsDocumentRoot/docman.css")) {
- $css=dirname($self)."/docman.css";
- } else {
- $css=$self."?STYLE=get&css=$css";
- }
-
- include("$html/head.html");
-}
-
-//////////////////////////////////////////////////////////////////
-
-function EndHTML() {
-
- global $gblDateFmt, $gblTimeFmt, $gblUserName, $PHP_SELF,
- $secHash, $gblVersion, $html,
- $gblLogin,$gblPasswd;
-
- $url = $PHP_SELF."?relogin=";
- if (isset($secHash) && $secHash != "") {
- $url .= $secHash;
- } else {
- $url .= md5($gblLogin.$gblPasswd);
- }
- if (isset($gblLogin) && $gblLogin != "" && ($gblPasswd == "" || !isset($gblPasswd))) {
- $url_title="login";
- $url .= "&force_login=1";
- } else {
- $url_title="relogin";
- }
- include("$html/footer.html");
-} // end function EndHTML
-
-//////////////////////////////////////////////////////////////////
-
-function DetailPage($fsRoot,$relDir,$fn) {
-
- global $gblEditable, $gblImages, $webRoot, $html, $HTTP_SERVER_VARS ;
- $self = $HTTP_SERVER_VARS["PHP_SELF"] ;
-
- $relPath = $relDir . "/" . $fn ;
- $fsPath = $fsRoot . $relPath ;
- $fsDir = $fsRoot . $relDir ;
-
- $exists = file_exists($fsPath) ;
- $ext = strtolower(strrchr($relPath,".")) ;
- $editable = ( $ext=="" || strstr(join(" ",$gblEditable),$ext)) ;
- $writable = is_writeable($fsPath) ;
- $file_lock = CheckLock($fsPath);
-
- if (!$editable && !$exists)
- Error("Creation unsupported for type",$relPath) ;
- if (!exists && !is_writeable($fsDir) )
- Error("Creation denied",$relDir) ;
-
- $text = _("Use this page to view, modify or ") ;
- if (is_dir($fsPath)) {
- $text .=_("delete a directory on this ") ;
- } else {
- $text .= _("delete a single document on this ") ;
- };
- $text .= _("web site.") ;
- $title = "("._("Detail Page").")" ;
- StartHTML($title, $text) ;
-
- echo "
" . $relDir . "/" . $fn . "
" ;
- if ($exists) { // get file info
- $fsize = filesize($fsPath) ;
- $fmodified = date("$GLOBALS[gblDateFmt] $GLOBALS[gblTimeFmt]", filemtime($fsPath)) ;
- $faccessed = date("$GLOBALS[gblDateFmt] $GLOBALS[gblTimeFmt]", fileatime($fsPath)) ;
- $fuid=fileowner($fsPath);
- $fgid=filegroup($fsPath);
- $userinfo = posix_getpwuid($fuid);
- $grpinfo = posix_getgrgid($fgid);
-
- include("$html/DetailPage-file.html");
- }
-
- if ( !is_dir($fsPath) && $editable && ($writable || !$exists) && !$file_lock ) {
- $fh = fopen($fsPath,"a+") ;
- rewind($fh) ;
- $fstr = fread($fh,filesize($fsPath)) ;
- fclose($fh) ;
- $fstr = htmlentities( $fstr ) ;
-?>
-
-
-
-" ;
-// echo htmlentities($tstr) . "
" . $tstr ;
- echo $tstr ;
- }
-
-?>
-
-
-
-
CHANGES TO THIS $whatis
\n";
- $bakcount = 0; // start from 0, skip fist backup (it's current)
- while ($e = array_shift($logarr)) {
- if (strstr($e[4],"upload")) {
- if (file_exists("$bakdir/$bakcount/$name")) {
- $e[4]="$e[4]";
- }
- $bakcount++;
- }
- print "$e[1] | $e[2] | $e[3] | $e[4] |
\n";
- }
- print "
";
- }
-
- EndHTML() ;
-
-} // end function DetailPage
-
-//////////////////////////////////////////////////////////////////
-
-function DisplayCode($fsRoot,$relDir,$fn) {
-
- $path = $fsRoot . $relDir . "/" . $fn ;
-
- if (!file_exists($path)) Error("File not found",$path) ;
-
- StartHTML("(".$relDir."/".$fn.")","");
-
- $tstr = join("",file($path)) ;
- $tstr = htmlentities($tstr) ;
-
- // Tabs
- $tstr = str_replace(chr(9)," ",$tstr) ;
-
- // ASP tags & XML/PHP tags
- $aspbeg = "<%" ;
- $aspend = "%>" ;
- $tstr = str_replace("<%",$aspbeg,$tstr) ;
- $tstr = str_replace("%>",$aspend,$tstr) ;
-
- $xmlbeg = "<?" ;
- $xmlend = "?>" ;
- $tstr = str_replace("<?",$xmlbeg,$tstr) ;
- $tstr = str_replace("?>",$xmlend,$tstr) ;
-
- // C style comment
- $tstr = str_replace("/*","/*",$tstr) ;
- $tstr = str_replace("*/","*/",$tstr) ;
-
- // HTML comments
- $tstr = str_replace("<!--","<!--",$tstr) ;
- $tstr = str_replace("-->","-->",$tstr) ;
-
- echo "" ;
-
- $tstr = split("\n",$tstr) ;
- for ($i = 0 ; $i < sizeof($tstr) ; ++$i) {
- // add line numbers
- echo "
" ;
- echo substr(("000" . ($i+1)), -4) . ": " ;
- $line = $tstr[$i] ;
- // C++ style comments
- $pos = strpos($line,"//") ;
- // exceptions: two slashes aren't a script comment
- if (strstr($line,"//") &&
- ! ($pos>0 && substr($line,$pos-1,1)==":") &&
- ! (substr($line,$pos,8) == "//-->") &&
- ! (substr($line,$pos,9) == "// -->")) {
- $beg = substr($line,0,strpos($line,"//")) ;
- $end = strstr($line,"//") ;
- $line = $beg."".$end."";
- }
- // shell & asp style comments
- $first = substr(ltrim($line),0,1) ;
- if ($first == "#" || $first == "'") {
- $line = "".$line."";
- }
- print($line) ;
- } // next i
-
- echo "
" ;
-
- EndHTML() ;
-
-} // end function DisplayCode
-
-//////////////////////////////////////////////////////////////////
-
-function MockIcon($txt) {
- $tstr = "" ;
-
- switch (strtolower($txt)) {
- case ".bmp" :
- case ".gif" :
- case ".jpg" :
- case ".jpeg":
- case ".tif" :
- case ".tiff":
- $d = 176 ;
- break ;
- case ".doc" :
- $d = 50 ;
- break ;
- case ".exe" :
- case ".bat" :
- $d = 255 ;
- break ;
- case ".bas" :
- case ".c" :
- case ".cc" :
- case ".src" :
- $d = 255 ;
- break ;
- case "file" :
- $d = 51 ;
- break ;
- case "fldr" :
- $d = 48 ;
- break ;
- case ".htm" :
- case ".html":
- case ".asa" :
- case ".asp" :
- case ".cfm" :
- case ".php3":
- case ".php" :
- case ".phtml" :
- case ".shtml" :
- $d = 182 ;
- break ;
- case ".pdf" :
- $d = 38 ;
- break;
- case ".txt" :
- case ".ini" :
- $d = 52 ;
- break ;
- case ".xls" :
- $d = 252 ;
- break ;
- case ".zip" :
- case ".arc" :
- case ".sit" :
- case ".tar" :
- case ".gz" :
- case ".tgz" :
- case ".Z" :
- $d = 59 ;
- break ;
- case "view" :
- $d = 52 ;
- break ;
- case "up" :
- $d = 199 ;
- break ;
- case "blank" :
- return " " ;
- break ;
- default :
- $d = 51 ;
- }
-
- return $tstr . chr($d) . "" ;
-} // end function MockIcon
-
-//////////////////////////////////////////////////////////////////
-
-function GifIcon($txt) {
- global $gblIconLocation ;
-
- switch (strtolower($txt)) {
- case ".bmp" :
- case ".gif" :
- case ".jpg" :
- case ".jpeg":
- case ".tif" :
- case ".tiff":
- $d = "image2.gif" ;
- break ;
- case ".doc" :
- $d = "layout.gif" ;
- break ;
- case ".exe" :
- case ".bat" :
- $d = "screw2.gif" ;
- break ;
- case ".bas" :
- case ".c" :
- case ".cc" :
- case ".src" :
- $d = "c.gif" ;
- break ;
- case "file" :
- $d = "generic.gif" ;
- break ;
- case "fldr" :
- $d = "dir.gif" ;
- break ;
- case ".phps" :
- $d = "phps.gif" ;
- break ;
- case ".php3" :
- $d = "php3.gif" ;
- break ;
- case ".htm" :
- case ".html":
- case ".asa" :
- case ".asp" :
- case ".cfm" :
- case ".php3":
- case ".php" :
- case ".phtml" :
- case ".shtml" :
- $d = "world1.gif" ;
- break ;
- case ".pdf" :
- $d = "pdf.gif" ;
- break;
- case ".txt" :
- case ".ini" :
- $d = "text.gif" ;
- break ;
- case ".xls" :
- $d = "box2.gif" ;
- break ;
- case ".zip" :
- case ".arc" :
- case ".sit" :
- case ".tar" :
- case ".gz" :
- case ".tgz" :
- case ".Z" :
- $d = "compressed.gif" ;
- break ;
- case "view" :
- $d = "index.gif" ;
- break ;
- case "up" :
- $d = "back.gif" ;
- break ;
- case "blank" :
- $d = "blank.gif" ;
- break ;
- case "checkout":
- $d = "box2.gif";
- break;
- case "checkin":
- $d = "hand.up.gif";
- break;
- case "locked":
- $d = "screw2.gif";
- break;
- case "note":
- $d = "quill.gif";
- break;
- default :
- $d = "generic.gif" ;
- }
-
- return "" ;
-} // end function GifIcon
-
-//////////////////////////////////////////////////////////////////
-
-function Navigate($fsRoot,$relDir) {
-
- global $gblEditable, $gblIcon, $gblModDays, $webRoot, $gblHide,
- $gblIgnoreUnknownFileType,
- $HTTP_GET_VARS, $html, $realm_config;
-
- $self = $HTTP_SERVER_VARS["PHP_SELF"] ;
-
- if ($relDir == "") $relDir = "/";
-
- $fsDir = $fsRoot.$relDir."/"; // current directory
-
- if (!is_dir($fsDir)) Error("Dir not found",$relDir) ;
-
- $hide_items=",$gblHide,";
-
- // read directory contents
- if ( !($dir = @opendir($fsDir)) )
- Error("Read Access denied",$relDir,1) ;
- while ($item = readdir($dir)) {
- if ( substr($item,0,1) == "." || strstr($hide_items,",$item,") ) continue ;
- if (is_dir($fsDir.$item) || is_link ($fsDir.$item)) {
- if (check_perm($relDir.$item,trperm_b)) {
- $dirList[$item] = $item ;
- $dirNote[$item] = ReadNote($fsDir.$item);
- }
- } else if (is_file($fsDir.$item)) {
- if (check_perm($relDir.$item,trperm_r)) {
- $fileList[$item] = $item ;
- $fileDate[$item] = filemtime($fsDir.$item) ;
- $fileSize[$item] = filesize($fsDir.$item) ;
- $fileNote[$item] = ReadNote($fsDir.$item);
- }
- } else {
- if (! $gblIgnoreUnknownFileType) Error("File Type Error", "Item ".$fsDir.$item." is not file, directory or link. If you want to ignore errors like this, set \$gblIgnoreUnknownFileType = 1 in $realm_config.",1);
- }
- }
- closedir($dir) ;
-
- // scan deleted files
- if ( $HTTP_GET_VARS["show_deleted"] == 1 && ($dir = @opendir("$fsDir/.del")) ) {
- while ($item = readdir($dir)) {
- if ( substr($item,0,1) == "." || strstr($hide_items,",$item,") || !check_perm($relDir.$item,trperm_w) ) continue ;
- $fileList[$item] = ".del/$item" ;
- $fileDate[$item] = filemtime($fsDir.".del/$path") ;
- $fileSize[$item] = filesize($fsDir.".del/$path") ;
- $fileNote[$item] = ReadNote($fsDir.".del/$item");
- }
- closedir($dir) ;
- }
-
- $emptyDir = ! (sizeof($dirList) || sizeof($fileList)) ;
-
- // start navigation page
- $text = "Use this page to add, delete";
- if (! isset($HTTP_GET_VARS[show_deleted])) {
- $text .= ", undelete";
- }
- $text .= " or revise files on this web site." ;
- $text .= "
Examine list of files changed in last day or all changes.";
- StartHTML("(Navigate)",$text) ;
-
- echo "" ;
-
- // updir bar
- if (chopsl($fsDir) != chopsl($fsRoot)) {
- $parent = dirname($relDir) ;
- if ($parent == "") $parent = "/" ;
-
- include("$html/Navigate-parent.html");
- }
-
- function plural($name,$count) {
- $out="$count $name";
- if ($count > 1) {
- $out.="s";
- }
- return $out;
- }
-
- $dsort = $HTTP_GET_VARS[dsort];
- if (! isset($dsort)) $dsort = "name"; // default directory sort
-
- $dsort_arr = array(
- "name" => array ("rname", "note"),
- "rname" => array ("name", "note"),
- "note" => array ("name", "rnote"),
- "rnote" => array ("name", "note")
- );
-
- $fsort = $HTTP_GET_VARS[fsort];
- if (! isset($fsort)) $fsort = "name"; // default directory sort
-
- $fsort_arr = array(
- "name" => array ("rname", "note", "date", "size"),
- "rname" => array ("name", "note", "date", "size"),
- "note" => array ("name", "rnote", "date", "size"),
- "rnote" => array ("name", "note", "date", "size"),
- "date" => array ("name", "note", "rdate", "size"),
- "rdate" => array ("name", "note", "date", "size"),
- "size" => array ("name", "note", "date", "rsize"),
- "rsize" => array ("name", "note", "date", "size")
- );
-
- $D="D=".urlencode($relDir);
-
- function self_args($arr = array()) {
- $arg = implode("&",$arr);
- if ($arg) {
- return $self."?".$arg;
- } else {
- return $self;
- }
- }
- // output subdirs
- if (sizeof($dirList) > 0) {
- switch ($dsort) {
- case "note":
- $items = $dirNote;
- asort($items);
- break;
- case "rnote":
- $items = $dirNote;
- arsort($items);
- break;
- case "rname":
- $items = $dirList;
- krsort($items);
- break;
- default:
- $items = $dirList;
- ksort($items);
- break;
- }
- $durl = self_args(array($D,"dsort=".$dsort_arr[$dsort][0]));
- $nurl = self_args(array($D,"dsort=".$dsort_arr[$dsort][1]));
-
- include("$html/Navigate-dirHeader.html");
-
- while (list($key,$dir) = each($items)) {
-
- $dir = $dirList[$key];
-
- $info_url=self_args(array("A"=>"A=E", "F"=>"F=".urlencode($dir), "D"=>$D));
- $dir_url=$self."?D=".urlencode($relDir."/".$dir);
- include("$html/Navigate-dirEntry.html");
-
- } // iterate over dirs
- } // end if no dirs
-
- $durl = self_args(array($D,"fsort=".$fsort_arr[$fsort][0]));
- $nurl = self_args(array($D,"fsort=".$fsort_arr[$fsort][1]));
- $uurl = self_args(array($D,"fsort=".$fsort_arr[$fsort][2]));
- $surl = self_args(array($D,"fsort=".$fsort_arr[$fsort][3]));
-
- include("$html/Navigate-fileHeader.html");
-
- if (sizeof($fileList) > 0) {
- switch ($fsort) {
- case "note":
- $items = $fileNote;
- asort($items);
- break;
- case "rnote":
- $items = $fileNote;
- arsort($items);
- break;
- case "date":
- $items = $fileDate;
- asort($items);
- break;
- case "rdate":
- $items = $fileDate;
- arsort($items);
- break;
- case "size":
- $items = $fileSize;
- asort($items);
- break;
- case "rsize":
- $items = $fileSize;
- arsort($items);
- break;
- case "rname":
- $items = $fileList;
- krsort($items);
- break;
- default:
- $items = $fileList;
- ksort($items);
- break;
- }
-
- while (list($key,$file) = each($items)) {
- $file = $fileList[$key];
- $path = $fsDir."/".$file ;
- $mod = $fileDate[$key];
- $sz = $fileSize[$key];
-
- if ($sz >= 10240) {
- $sz = (int)(($sz+1023)/1024) . " k" ;
- } else {
- $sz .= " " ;
- } // end size
-
- $a = $b = "" ;
-
- $info_url=$self."?A=E&F=".urlencode($file)."&D=".urlencode($relDir);
-
- if ( ($mod + $gblModDays*86400) > time() ) {
- $a = " * " ;
- }
-
- $file_lock=CheckLock($path);
-
- $file_url_html="" ;
-
- if (substr($file,0,5) != ".del/") {
- $file_url_html .= $file . "" . $a ;
- } else {
- $file_url_html .= substr($file,5,strlen($file)-5) . " deleted ";
- }
-
- $note_html="".$gblIcon("note")."".ReadNote($path);
-
- $ext = strtolower(strrchr($file,".")) ;
-
- if ($file_lock) {
- if ($file_lock == $GLOBALS[gblUserName]) {
- $b.="" ;
- $file_url_html=$b;
- $b.=$gblIcon("checkin")."" ;
- $b.= $gblIcon("blank");
- $file_url_html.="$file $a";
- $note_html = $gblIcon("blank")."Please check-in (update) this file";
- } else {
- $b = $gblIcon("locked");
- $b.= $gblIcon("blank");
- $note_html = $gblIcon("blank")."File locked by $file_lock";
- $file_url_html = "$file $a";
- }
- } else {
- $b.="" ;
- $b.=$gblIcon("checkout")."";
-
- if ( $ext=="" || strstr(join(" ",$gblEditable),$ext) ) {
- $b.="" ;
- $b.=$gblIcon("view")."" ;
- } else {
- $b.= $gblIcon("blank");
- }
- }
-
- $mod = date("$GLOBALS[gblDateFmt] $GLOBALS[gblTimeFmt]",$mod);
-
- include("$html/Navigate-fileEntry.html");
-
- } // iterate over files
- } else { // end if no files
-?>
- |
- No files in this directory
- |
-
- }
-
- if ($emptyDir && $relDir != "") {
-?>
-
-
-
-
-
- |
|
-
-
-if (file_exists(".info.inc")) {
- print " | ";
- include(".info.inc");
- print " |
- |
|
";
-}
-?>
-
-
-
-
-".$HTTP_SERVER_VARS["SERVER_ADMIN"]." ";
- }
- $user.="has been notified about error" ;
- StartHTML("($title)",$user);
- echo "Hit your Browser's Back Button.
" ;
- EndHTML();
- error_log("docman $realm: ".strip_tags($text));
- } else {
- StartHTML("ADMIN: ".$title,$text) ;
- echo "Hit your Browser's Back Button.
" ;
- EndHTML();
- }
- } else {
- StartHTML("(".$title.")",$text) ;
- echo "Hit your Browser's Back Button.
" ;
- EndHTML() ;
- }
- exit ;
-} // end function Error
-
-function LogIt($target,$msg, $changelog=0) {
-
- $dir=dirname($target);
- if (! file_exists($dir."/.log")) {
- if (! @mkdir($dir."/.log",0700)) Error("docman installation problem","can't create log directory $dir/.log",1);
- }
- $file=basename($target);
-
- $log=fopen("$dir/.log/$file","a+");
- fputs($log,date("$GLOBALS[gblDateFmt]\t$GLOBALS[gblTimeFmt]").
- "\t$GLOBALS[gblUserName]\t$msg\n");
- fclose($log);
-
- if (! $changelog) return;
-
- global $gblFsRoot;
- $log=fopen("$gblFsRoot/.changelog","a+");
- if (substr($target,0,strlen($gblFsRoot)) == $gblFsRoot)
- $target=substr($target,strlen($gblFsRoot),strlen($target)-strlen($gblFsRoot));
- $msg=str_replace("\t"," ",$msg);
- fputs($log,time()."\t$target\t$GLOBALS[gblUserName]\t$msg\n");
- fclose($log);
-
- // FIX: implement e-mail notification based on $changelog
- // permission
-}
-
-
-//////////////////////////////////////////////////////////////////
-
-function WriteNote($target,$msg) {
-
- $target=stripSlashes($target);
- $dir=dirname($target);
- if (! file_exists($dir."/.note")) {
- mkdir($dir."/.note",0700);
- }
- $file=basename($target);
-
- $note=fopen("$dir/.note/$file","w");
- fputs($note,"$msg\n");
- fclose($note);
-
- LogIt($target,"added note $msg");
-
-}
-
-function ReadNote($target) {
-
- $target=stripSlashes($target);
- $dir=dirname($target);
- $file=basename($target);
- $msg="";
- if (file_exists($dir."/.note/$file")) {
- $note=fopen("$dir/.note/$file","r");
- $msg=fgets($note,4096);
- fclose($note);
- }
- return HtmlSpecialChars(StripSlashes($msg));
-
-}
-
-//////////////////////////////////////////////////////////////////
-
-function MoveTo($source,$folder) {
-
- $source=stripSlashes($source);
- $file=basename($source);
- if (! file_exists($folder)) {
- mkdir($folder,0700);
- }
- if (file_exists($source)) {
- rename($source,"$folder/$file");
- }
-}
-
-//////////////////////////////////////////////////////////////////
-
-function Lock($target) {
-
- $target=stripSlashes($target);
- $dir=dirname($target);
- if (! file_exists($dir."/.lock")) {
- mkdir($dir."/.lock",0700);
- }
- $file=basename($target);
-
- if (file_exists("$dir/.lock/$file")) {
- LogIt($target,"attempt to locked allready locked file!");
- } else {
- $lock=fopen("$dir/.lock/$file","w");
- fputs($lock,"$GLOBALS[gblUserName]\n");
- fclose($lock);
-
- LogIt($target,"file locked");
- }
-
-}
-
-function CheckLock($target) {
-
- $target=stripSlashes($target);
- $dir=dirname($target);
- $file=basename($target);
- $msg=0;
- if (file_exists($dir."/.lock/$file")) {
- $lock=fopen("$dir/.lock/$file","r");
- $msg=fgets($lock,4096);
- fclose($lock);
- }
- return chop($msg);
-
-}
-
-function Unlock($target) {
-
- $target=stripSlashes($target);
- $dir=dirname($target);
- $file=basename($target);
- if (file_exists($dir."/.lock/$file")) {
- unlink("$dir/.lock/$file");
- LogIt($target,"file unlocked");
- } else {
- LogIt($target,"attempt to unlocked non-locked file!");
- }
-
-}
-
-//////////////////////////////////////////////////////////////////
-
-function urlpath($url) {
- $url=urlencode(StripSlashes("$url"));
- $url=str_replace("%2F","/",$url);
- $url=str_replace("+","%20",$url);
- return($url);
-}
-
-//////////////////////////////////////////////////////////////////
-
-function safe_rename($fromdir,$fromfile,$tofile) {
- function try_rename($from,$to) {
-# print "$from -> $to\n";
- if (file_exists($from) && is_writeable(dirname($to))) {
- return rename($from,$to);
- } else {
- return 0;
- }
- }
-
- function try_dir($todir) {
- if (! file_exists($todir)) {
- @mkdir($todir,0700);
- }
- }
-
- $to="$fromdir/$tofile";
- $todir=dirname($to);
- $tofile=basename($to);
-
-# print "$fromdir / $fromfile -> $todir / $tofile\n\n";
-
- if (! try_rename("$fromdir/$fromfile","$todir/$tofile")) Error("Rename error","Can't rename file $fromfile to $tofile",1);
- try_dir("$todir/.log");
- try_rename("$fromdir/.log/$fromfile","$todir/.log/$tofile");
- try_dir("$todir/.note");
- try_rename("$fromdir/.note/$fromfile","$todir/.note/$tofile");
- try_dir("$todir/.lock");
- try_rename("$fromdir/.lock/$fromfile","$todir/.lock/$tofile");
- try_dir("$todir/.bak");
- for($i=0;$i<=$GLOBALS[gblNumBackups];$i++) {
- try_rename("$fromdir/.bak/$i/$fromfile","$todir/.bak/$i/$tofile");
- }
-}
-
-
-//////////////////////////////////////////////////////////////////
-
-// recursivly delete directory
-
-function rrmdir($dir) {
- $handle=opendir($dir);
- while ($file = readdir($handle)) {
- if ($file != "." && $file != "..") {
- if (is_dir("$dir/$file"))
- rrmdir("$dir/$file");
- else
- if (! @unlink("$dir/$file")) return(0);
- }
- }
- closedir($handle);
- return @rmdir($dir);
-}
-
-//////////////////////////////////////////////////////////////////
-
-function DisplayChangeLog($day) {
-
- global $gblFsRoot,$HTTP_SERVER_VARS;
-
- if (!file_exists("$gblFsRoot/.changelog")) return;
- $log=fopen("$gblFsRoot/.changelog","r");
- $logarr = array();
- while($line = fgetcsv($log,512,"\t")) {
- while (sizeof($line) > 4) {
- $tmp = array_pop($line);
- $line.=" $tmp";
- }
- if ($day!=1 || ($day==1 && (time()-$line[0] < 24*60*60))) {
- array_unshift($logarr,array($line[0],$line[1],$line[2],$line[3]));
- }
- }
- fclose($log);
- $cl1=" class=LST"; $cl2="";
- print "
\n";
- while ($e = array_shift($logarr)) {
- $cl=$cl1; $cl1=$cl2; $cl2=$cl;
- $date = date("$GLOBALS[gblDateFmt]", $e[0]);
- $time = date("$GLOBALS[gblTimeFmt]", $e[0]);
- $dir = dirname($e[1]);
- $file = basename($e[1]);
- print "$date | $time | $dir/$file | $e[2] | $e[3] |
\n";
- }
- print "
";
- print "".GifIcon(up)." Back to front page.
";
-}
-
-//////////////////////////////////////////////////////////////////
-
-function Download($path,$force=0) {
- global $HTTP_SERVER_VARS,$mime_type;
-
- // default transfer-encoding
- $encoding = "binary";
-
- // known transfer encodings
- $encoding_ext = array(
- "gz" => "x-gzip",
- "Z" => "x-compress",
- );
-
- $file = basename($path);
- $size = filesize($path);
-
- $ext_arr = explode(".",$file);
- $ext = array_pop($ext_arr);
- if ($encoding_ext[$ext]) {
- $encoding = $encoding_ext[$ext];
- $ext = array_pop($ext_arr);
- }
-
- if ($force || !isset($mime_type[$ext])) {
- header("Content-Type: application/force-download");
- } else {
- header("Content-Type: $mime_type[$ext]");
- }
-
- // IE5.5 just downloads index.php if we don't do this
- if(preg_match("/MSIE 5.5/", $HTTP_SERVER_VARS[HTTP_USER_AGENT])) {
- header("Content-Disposition: filename=$file");
- } else {
- header("Content-Disposition: attachment; filename=$file");
- }
-
- header("Content-Transfer-Encoding: $encoding");
- $fh = fopen($path, "r");
- fpassthru($fh);
-}
-
-
-//////////////////////////////////////////////////////////////////
-
-function chopsl($path) {
- if (substr($path,strlen($path)-1,1) == "/") $path=substr($path,0,strlen($path)-1);
- $path=str_replace("//","/",$path);
- return $path;
-}
-
-//////////////////////////////////////////////////////////////////
-/*
- Document manager ACL implementation
-
- Written by Dobrica Pavlinusic
-
- Based on ideas from Linux trustees code
- by Vyacheslav Zavadsky
-*/
-
-define(trmask_not,1 << 0);
-define(trmask_clear,1 << 1);
-define(trmask_deny,1 << 2);
-define(trmask_one_level,1 << 3);
-define(trmask_group,1 << 4);
-
-define(trperm_r,1 << 5);
-define(trperm_w,1 << 6);
-define(trperm_b,1 << 7);
-define(trperm_n,1 << 8);
-
-$trustee_a2n = array(
- '!' => trmask_not,
- 'C' => trmask_clear,
- 'D' => trmask_deny,
- 'O' => trmask_one_level,
- '+' => trmask_group,
- 'R' => trperm_r,
- 'W' => trperm_w,
- 'B' => trperm_b,
- 'N' => trperm_n,
-);
-
-// debugging function
-function display_trustee($t) {
- global $trustee_a2n;
- $out="";
- foreach ($trustee_a2n as $c=>$v) {
- if ($t & $v) $out.=$c;
- }
- return $out;
-}
-function display_all_trustee() {
- global $trustees;
- print "trustee dump:
\n";
- foreach ($trustees as $path => $tr) {
- print "
$path\n";
- foreach ($tr as $user=>$perm) {
- print "$user == $perm (".display_trustee($perm).")
\n";
- }
- }
-}
-
-function init_trustee() {
-
-global $trustee_conf,$trustee_php,$trustee_a2n,$groups,$trustees;
-
-// do we need to re-create compiled trustees?
-if (! file_exists($trustee_conf)) {
- # $error="$trustee_conf doesn't exits";
- return 0; # don't use trustees
-} elseif (file_exists($trustee_conf) && !is_readable($trustee_conf)) {
- $error="$trustee_conf exits, but is not readable";
-} elseif (!is_writable(dirname($trustee_php))) {
- $error="".dirname($trustee_php)." must be writable by web server user";
-} elseif (file_exists($trustee_php) && !is_writable($trustee_php)) {
- $error="trustees cache file $trustee_php exists, but is not writable by web server";
-} elseif (1 || filemtime($trustee_conf) >= filemtime($trustee_php)) {
- $fp_php=@fopen($trustee_php,"w");
- fputs($fp_php,"\n";
- }
- }
- $tr_arr[$path][$user] |= $perm;
- }
- }
- }
-
- fclose($fp_conf);
-
- // save trustees
- $tr_out='$trustees = array (';
- $sep1="";
- while (list ($path, $tr) = each ($tr_arr)) {
- $tr_out.="$sep1\n\t'$path'=>array(";
- $sep2="";
- while (list($user,$perm)=each($tr)) {
- $tr_out.="$sep2\n\t\t'$user'=>$perm";
- $sep2=",";
- }
- $tr_out.="\n\t)";
- $sep1=",";
- }
- $tr_out.="\n);";
-
- // save groups
- $gr_out='$groups = array (';
- $sep="";
- while (list ($group, $members) = each ($groups_arr)) {
- $gr_out.="$sep\n\t'";
- $gr_out.=substr($group,1,strlen($group)-1);
- $gr_out.="'=>array('".join("','",explode(",",$members))."')";
- $sep=",";
- }
- $gr_out.="\n);\n";
-
- fputs($fp_php,$gr_out);
- fputs($fp_php,$tr_out);
- fputs($fp_php,"?>\n");
- fclose($fp_php);
-}
-
-if ($error) {
- Error("Trustee error",$error,1);
-} else {
- include("$trustee_php");
-}
-
-return 1;
-
-}//init_trustee
-
-function in_group($user,$group) {
- return in_array($groups[$group],$user);
-}
-
-// helper function
-function unroll_perm($u,$t,$user,$perm) {
- // check user
- if ($t & trmask_not && ($u==$user)) continue;
- if (!($t & trmask_not) && ($u!=$user)) continue;
-
- if ($t & trmask_deny) {
- if ($t & trmask_clear) {
- $perm[deny] &= ~$t;
- } else {
- $perm[deny] |= $t;
- }
- } elseif ($t & trmask_clear) {
- $perm[allow] &= ~$t;
- } else {
- $perm[allow] |= $t;
- }
- return $perm;
-}// end of helper function
-
-function check_trustee($user,$path) {
- global $trustees;
- $perm[allow] = 0;
- $perm[deny] = 0;
- $path_arr=explode("/",$path);
- $path = "/";
- while (count($path_arr)) {
- if (substr($path,strlen($path)-1,1) != "/") $path.="/";
- $path.=array_shift($path_arr);
- $tr = $trustees[$path];
-
- if (isset($tr)) {
- // first apply trustee for all
- if (isset($tr['*'])) {
- $perm = unroll_perm($user,$tr['*'],$user, $perm);
- unset($tr['*']);
- }
- // then apply group policies
- foreach ($tr as $u=>$t) {
- if ($t & trmask_group && in_group($user,$u)) {
- // resolv user
- $t = $t & ~trmask_group;
- $u = $user;
- $perm = unroll_perm($u,$t,$user, $perm);
- unset($tr[$u]);
- }
- }
- // then apply use policy
- if (isset($tr[$user])) {
- $perm = unroll_perm($user,$tr[$user],$user, $perm);
- unset($tr[$user]);
- }
-
- }
-
- }
-#print "
user: $user path: $path perm: ";
-#print "d: $perm[deny] (".display_trustee($perm[deny]).") a: $perm[allow] (".display_trustee($perm[allow]).")
\n";
- return $perm;
-}
-
-// handy functions
-
-function check_perm($path,$trperm) {
- global $gblLogin,$HAVE_TRUSTEE;
-print "
check_perm: $path test perm ".display_trustee($perm)."
\n";
- $return = ! $HAVE_TRUSTEE;
- if ($HAVE_TRUSTEE) {
- $perm = check_trustee($gblLogin,$path);
-print " d: $perm[deny] (".display_trustee($perm[deny]).") a: $perm[allow] (".display_trustee($perm[allow]).") perm: $trperm";
- if ($perm[deny] & $trperm) $return=0;
- elseif ($perm[allow] & $trperm) $return=1;
- }
-print " return: $return
\n";
- return($return);
-}
-
-//////////////////////////////////////////////////////////////////
-
-function readMime() {
- global $mime_type;
-
- if (! isset($gblMimeTypes)) {
- $gblMimeTypes = "/etc/mime.types";
- }
-
- $mime = @fopen($gblMimeTypes,"r");
-
- if (! $mime) Error("Can't read MIME types","$gblMimeTypes file not found. You can setup other mime.types file using \$gblMimeTypes in $realm_config");
-
- while($line = fgets($mime,80)) {
- if (substr($line,0,1) == "#") continue; // skip comment
- $arr = preg_split("/[\s\t]+/",$line);
- $type = array_shift($arr);
- while ($ext = array_shift($arr)) {
- $mime_type[$ext] = $type;
- }
- }
-
- fclose($mime);
-}
-
-//////////////////////////////////////////////////////////////////
-// MAIN PROGRAM
-
- $gblFilePerms = 0640 ; // default for new files
- $gblDirPerms = 0750 ; // default for new dirs
-
- if (isset($STYLE) && $STYLE == "get") {
- include("$html/docman.css");
- exit;
- }
-
- // location of master docman configuration file
- $docman_conf = "/etc/docman.conf";
- if (! file_exists($docman_conf)) {
- $error = "Can't find master configuration file $docman_conf. See docman2/doc/upgrade.html#docman_conf for more informations";
-
- error_log("docman: $error");
- Error("docman not installed completly",$error);
- }
- include($docman_conf);
-
- if (! isset($fsRealmDir)) {
- $fsRealmDir = "$gblIncDir/realm";
- }
- $realm_config = "$fsRealmDir/$realm.conf";
-
- // read user-defined configuration
- if (file_exists($realm_config)) {
- include($realm_config);
- } else {
- Error("Configuration error","Can't find configuration file at $realm_config !");
- }
-
- if (! isset($gblRepositoryDir)) Error("Configuration error","\$gblRepositoryDir is not setuped in realm configuration file $realm_config");
-
- // where do we get users from?
- if (file_exists("$gblIncDir/htusers/$gblUsers.php")) {
- include("$gblIncDir/htusers/$gblUsers.php");
- } else {
- Error("Configuration error","Can't find user handling module at $gblIncDir/htusers/$gblUsers.php ! Please fix $realm_config");
- }
-
- // if no password, or empty password logout
- if (
- isset($gblLogin) && (
- !isset($relogin) || (
- isset($relogin) && $relogin != md5($gblLogin.$gblPasswd)
- )
- ) && (
- $gblPasswd == "" || !isset($gblPasswd)
- ) && !isset($force_login) && $gblLogin != "anonymous"
- ) {
- StartHTML("Logout completed","Your login credentials has been erased") ;
- EndHTML() ;
- exit ;
- }
-
- if (!is_dir($gblRepositoryDir)) Error("Repository dir not found","Can't find repository directory $gblRepositoryDir. Please fix that in $realm_config variable \$gblRepositoryDir.",1);
-
- // trustee (ACL) file configuration
- $trustee_conf="$gblIncDir/realm/$realm.trustee";
- // compiled version of trustee file
- $trustee_php="$gblRepositoryDir/.trustee.php";
- // get ACL informations
- $HAVE_TRUSTEE = init_trustee();
-
- if (strtolower($gblLogin) == "anonymous" || !isset($gblPasswd)) {
- $perm = check_trustee($gblLogin,$path);
- // browsing must be explicitly allowed for root directory
- // of repository for anonymous user to work!
- if ($perm[allow] & trperm_b) {
- $secHash = md5($gblLogin.$gblPasswd);
- $gblUserName = "Anonymous user";
- }
- }
-
- // authentication failure
- if ( md5($gblLogin.$gblPasswd) != $secHash ||
- isset($relogin) && $secHash == $relogin) {
- header("WWW-authenticate: basic realm=\"$realm\"") ;
- header("HTTP/1.0 401 Unauthorized") ;
- Error("401 Unauthorized","No trespassing !");
- }
-
- // read mime.types
- readMime();
-
- // get current directory relative to $gblFsRoot
- $relDir = $DIR ; // from POST
- if ($relDir == "") { // not defined in POST ?
- $relDir = urldecode($D) ; // then use GET
- }
-
- $relDir=stripSlashes($relDir);
-
- if ($relDir == "/") $relDir = "" ;
- // default : website root = ""
-
- if (strstr($relDir,"..")) Error("No updirs allowed");
-
- // full paths contain "fs" or "Fs". Paths realitve to root of
- // website contain "rel" or "Rel". The script won't let you
- // edit anything above directory equal to http://server.com
- // i.e. below $gblFsRoot.
-
- $relScriptDir = dirname($SCRIPT_NAME) ;
- // i.e. /docman
-
- // start on server root
- $gblFsRoot = $gblRepositoryDir;
- // i.e. /home/httpd/html
-
- $fsDir = $gblFsRoot . $relDir ; // current directory
- if ( !is_dir($fsDir) ) Error("Dir not found",$relDir) ;
-
- if (isset($HTTP_SERVER_VARS["HTTPS"]) && $HTTP_SERVER_VARS["HTTPS"] == "on") {
- $webRoot = "https://";
- } else {
- $webRoot = "http://";
- }
- $webRoot .= $HTTP_SERVER_VARS["HTTP_HOST"] . $relScriptDir;
-
- // take variables from server
- $FN=stripSlashes($HTTP_POST_VARS["FN"]);
- $DIR=stripSlashes($HTTP_POST_VARS["DIR"]);
- $RELPATH=stripSlashes($HTTP_POST_VARS["RELPATH"]);
- $T=stripSlashes($HTTP_POST_VARS["T"]);
- $CONFIRM=stripSlashes($HTTP_POST_VARS["CONFIRM"]);
-
- // get
- $A=stripSlashes($HTTP_GET_VARS["A"]);
- $D=stripSlashes($HTTP_GET_VARS["D"]);
-
-// if (isset($F)) Error("Document manager system error","variable $F shouldn't be set here (re-check old code)",1);
-// $F=stripSlashes($HTTP_SERVER_VARS["PATH_INFO"]);
- $F=stripSlashes($HTTP_GET_VARS["F"]);
-
- switch ($HTTP_POST_VARS["POSTACTION"]) {
- case "UPLOAD" :
- $FN_name=stripSlashes($HTTP_POST_FILES["FN"]["tmp_name"]);
- $FN=stripSlashes($HTTP_POST_FILES["FN"]["name"]);
- if (!is_writeable($fsDir)) Error("Write denied",$relDir) ;
-
- $source = $FN_name ;
- if (! file_exists($source)) {
- Error("You must select file with browse to upload it!");
- }
-
- $FILENAME = $HTTP_POST_VARS["FILENAME"];
- if (strstr($FILENAME,"/"))
- Error("Upload error","Non-conforming filename. Filename $FILENAME has slashes (/) in it.") ;
- if (! isset($FILENAME)) { // from update file
- $target = "$fsDir/".basename($FN);
- } else {
- $target = "$fsDir/$FILENAME";
- }
-
- // backup old files first
- $dir=dirname($target);
- if (! file_exists($dir."/.bak")) {
- mkdir($dir."/.bak",0700);
- }
- if (! file_exists($dir."/.bak/$GLOBALS[gblNumBackups]")) {
- mkdir($dir."/.bak/$GLOBALS[gblNumBackups]",0700);
- }
- $file=basename($target);
- for($i=$GLOBALS[gblNumBackups]-1;$i>0;$i--) {
- MoveTo("$dir/.bak/$i/$file","$dir/.bak/".($i+1)."/");
- }
- MoveTo($target,$dir."/.bak/1/");
-
- copy($source,$target) ;
- chmod($target,$gblFilePerms) ;
- clearstatcache() ;
- if (isset($FILENAME)) {
- LogIt($target,"check-in",trperm_r | trperm_w);
- Unlock($target);
- } else {
- LogIt($target,"uploaded",trperm_r | trperm_w);
- }
- break ;
-
- case "SAVE" :
- $path = $gblFsRoot . $RELPATH ;
- $path=stripSlashes($path);
- $writable = is_writeable($path) ;
- $legaldir = is_writeable(dirname($path)) ;
- $exists = (file_exists($path)) ? 1 : 0 ;
-// check for legal extension here as well
- if (!($writable || (!$exists && $legaldir)))
- Error("Write denied",$RELPATH) ;
- $fh = fopen($path, "w") ;
- $FILEDATA=stripSlashes($FILEDATA);
- fwrite($fh,$FILEDATA) ;
- fclose($fh) ;
- clearstatcache() ;
- LogIt($path,"saved changes",trperm_r);
- break ;
-
- case "CREATE" :
- // we know $fsDir exists
- if ($FN == "") break; // no filename!
- if (!is_writeable($fsDir)) Error("Write denied",$relDir) ;
- $path = $fsDir . "/" . $FN ; // file or dir to create
- $relPath = $relDir . "/" . $FN ;
- switch ( $T ) {
- case "D" : // create a directory
- if ( ! @mkdir($path,$gblDirPerms) )
- Error("Mkdir failed",$relPath) ; // eg. if it exists
- else
- LogIt($path."/","dir created",trperm_w);
- clearstatcache() ;
- break ;
- case "F" : // create a new file
-// this functionality is doubled in DetailView().
-// better keep it here altogether
-// chmod perms to $gblFilePerms
- if ( file_exists($path) && !is_writeable($path) )
- Error("File not writable", $relPath) ;
- $fh = fopen($path, "w+") ;
- if ($fh) {
- fputs($fh,"\n");
- fclose($fh) ;
- LogIt($path,"file created",trperm_r | trperm_w);
- } else {
- Error("Creation of file $relPath failed -- $path");
- }
- $tstr = "$PHP_SELF?A=E&D=".urlencode($relDir)."&F=".urlencode($FN) ;
- header("Location: " . $tstr) ;
- exit ;
- }
- break ;
-
- case "DELETE" :
- if ( $CONFIRM != "on" ) break ;
-
- $tstr = "Attempt to delete non-existing object or " ;
- $tstr .= "insufficient privileges: " ;
-
- if ( $FN != "") { // delete file
- $path = $fsDir . "/" . $FN ;
-
- $dir=dirname($path);
- $file=basename($path);
- if (! file_exists("$dir/.del")) {
- mkdir("$dir/.del",0700);
- }
-
-// if ( ! @unlink($path) ) {
- if ( ! rename($path,"$dir/.del/$file") ) {
- LogIt($path,"file delete failed");
- Error("File delete failed", $tstr . $path) ;
- } else {
- LogIt($path,"file deleted",trperm_w);
- MoveTo("$dir/.log/$file","$dir/.del/.log/");
- MoveTo("$dir/.note/$file","$dir/.del/.note/");
- MoveTo("$dir/.lock/$file","$dir/.del/.lock/");
- }
- } else { // delete directory
- if ( ! @rrmdir($fsDir) ) {
- Error("Rmdir failed", $tstr . $fsDir) ;
- } else {
- LogIt($path,"dir deleted",trperm_w);
- $relDir = dirname($relDir) ; // move up
- }
- }
- break ;
-
- case "UNDELETE" :
- if ( $CONFIRM != "on" ) break ;
-
- if (substr($FN,0,4) != ".del") break ;
- $file=substr($FN,4,strlen($FN)-4);
-
- LogIt("$fsDir/.del/$file","undeleted",trperm_w);
- MoveTo("$fsDir/.del/$file","$fsDir/");
- MoveTo("$fsDir/.del/.log/$file","$fsDir/.log/");
- MoveTo("$fsDir/.del/.note/$file","$fsDir/.note/");
- MoveTo("$fsDir/.del/.lock/$file","$fsDir/.lock/");
-
- break ;
-
- case "RENAME" :
- if ( $CONFIRM != "on" ) break ;
-
- $NEWNAME=stripSlashes($HTTP_POST_VARS["NEWNAME"]);
- LogIt("$fsDir/$FN","renamed $FN to $NEWNAME",trperm_r);
- safe_rename($fsDir,$FN,$NEWNAME);
- break ;
-
- case "NOTE" :
- $NOTE=stripSlashes($HTTP_POST_VARS["NOTE"]);
- WriteNote("$fsDir/$FN","$NOTE");
- break ;
-
- case "UNLOCK" :
- if ( $CONFIRM != "on" ) break ;
- Unlock("$fsDir/$FN");
- break ;
-
- default :
- // user hit "CANCEL" or undefined action
- }
-
- // common to all POSTs : redirect to directory view ($relDir)
- if ( $POSTACTION != "" ) {
- $tstr = $PHP_SELF . "?D=" . urlencode($relDir) ;
- header("Location: " . $tstr) ;
- exit ;
- }
-
- // check for mode.. navigate, code display, upload, or detail?
- // $A=U : upload to path given in $D
- // $A=E : display detail of file $D/$F and edit
- // $A=C : display code in file $D/$F
- // $A=Co : checkout file $D/$F
- // $A=Ci : checkin file $D/$F
- // $A=V : view file (do nothing except log)
- // $A=I : include file .$F.php from $gblFsRoot
- // default : display directory $D
-
- switch ($A) {
- case "U" :
- // upload to $relDir
- if (!is_writeable($gblFsRoot . $relDir))
- Error("Write access denied",$relDir) ;
- $text = "Use this page to upload a single " ;
- $text .= "file to $realm." ;
- StartHTML("(Upload Page)", $text) ;
- UploadPage($gblFsRoot, $relDir) ;
- EndHTML() ;
- exit ;
- case "E" :
- // detail of $relDir/$F
- if (is_file("$gblFsRoot/$relDir/$F") || is_dir("$gblFsRoot/$relDir/$F")) DetailPage($gblFsRoot, $relDir, $F) ;
- exit ;
- case "C" :
- $F=stripSlashes($F);
- // listing of $relDir/$F
- DisplayCode($gblFsRoot, $relDir, $F) ;
- exit ;
- case "Co" :
- // checkout
- Lock("$gblFsRoot/$relDir/$F");
- Download("$gblFsRoot/$relDir/$F",1);
- exit;
- case "Ci" :
- $F=stripSlashes($F);
- // upload && update to $relDir
- if (!is_writeable($gblFsRoot . $relDir))
- Error("Write access denied",$relDir) ;
- $text = "Use this page to update a single " ;
- $text .= "file to $realm." ;
- StartHTML("(Update file Page)", $text) ;
- UploadPage($gblFsRoot, $relDir, $F) ;
- EndHTML() ;
- exit ;
- case "V" :
- // view
- LogIt("$gblFsRoot/$relDir/$F","viewed");
- Download("$gblFsRoot/$relDir/$F",$gblForceDownload);
- exit;
- case "Ch" :
- StartHTML("(File changes)","All changes chronologicaly...");
- DisplayChangeLog(0); // all
- EndHTML() ;
- exit;
- case "Ch1" :
- StartHTML("(File changes)","Changes to files in last day...");
- DisplayChangeLog(1);
- EndHTML() ;
- exit;
- case "I" :
- $F=stripSlashes($F);
- $inc_file="${gblFsRoot}/.${F}.php";
- if (!isset($F) || $F == "" || !file_exists($inc_file)) Error("Fatal error $inc_file"); // can't find file to include
- if (!is_readable($inc_file))
- Error("Read access to include file denied",".${F}.php");
- $text = "Your include file should define \$text variable which holds this text and \$title variable which is page title";
- $title = "You should define \$title variable with page title";
- include($inc_file);
- StartHTML($title, $text) ;
- print "".GifIcon(up)." Back to front page.
";
- EndHTML() ;
- exit ;
- }
-
- // default: display directory $relDir
- Navigate($gblFsRoot,$relDir) ;
- exit ;
-
- Error("Whooah!","By cartesian logic, this never happens",1) ;
-?>
+
+ *
+ * License: GPL2
+ *
+ * Document Manager 1.x was based on
+ * Copyright 1999 by John Martin d/b/a www.ANYPORTAL.com
+ * PHP version Copyright 2000 by Stefan@Wiesendanger.org
+ *
+ * For more info, please see web pages at
+ * http://www.rot13.org/~dpavlin/docman.html
+ *
+ */
+
+
+//////////////////////////////////////////////////////////////////
+// CONFIGURATION OPTIONS
+
+ error_reporting(E_ALL) ; // how verbose ?
+
+ // try to do some guessing about configuration
+ $script = $HTTP_SERVER_VARS["SCRIPT_FILENAME"];
+ if (is_link($script)) $script=readlink($script);
+ $gblIncDir = dirname($script);
+ $html = $gblIncDir."/html";
+
+ // location of master docman configuration file
+ $docman_conf = "/etc/docman.conf";
+ if (! file_exists($docman_conf)) {
+ $error = "Can't find master configuration file $docman_conf. See docman2/doc/upgrade.html#docman_conf for more informations";
+
+ error_log("docman: $error");
+ Error("docman not installed completly",$error);
+ }
+ include($docman_conf);
+
+ if (! isset($gblIncDir)) {
+ $error = "Can't findi \$gblIncDir in master configuration file $docman_conf. This variable should point to docman installation directory";
+
+ error_log("docman: $error");
+ Error("docman not installed completly",$error);
+ }
+
+ // location of html files
+ $html = $gblIncDir."/html";
+
+ // force download on view (so it won't open in associated application)
+ $gblForceDownload = 0;
+
+ // date format
+ $gblDateFmt="Y-m-d";
+// $gblDateFmt="D, F d, Y";
+
+ // time format
+ $gblTimeFmt="H:i:s";
+// $gblTimeFmt="g:i:sA";
+
+ // Number of backup files to keep
+ $gblNumBackups=3;
+
+ // show red star if newer than ... days
+ $gblModDays=1;
+
+ // choose GifIcon below unless you have the M$
+ // WingDings font installed on your system
+
+ $gblIcon="GifIcon"; // MockIcon or GifIcon
+
+ // the directory below should be /icons/ or /icons/small/
+ // on Apache; a set of icons is included in the distribution
+
+ $gblIconLocation="/icons/";
+
+ // files you want to be able to edit in text mode
+ // and view with (primitive) syntax highlighting
+
+ $gblEditable = array( ".txt",".asa",".asp",".htm",".html",
+ ".cfm",".php3",".php",".phtml",
+ ".shtml",".css" ) ;
+
+ // files that will display as images on the detail page
+ // (useless if your browser doesn't support them)
+
+ $gblImages = array( ".jpg",".jpeg",".gif",".png",".ico",
+ ".bmp",".xbm") ;
+
+ // which files to hide (separated by ,)
+ $gblHide = "";
+
+ // Where are users? (by default in .htusers file)
+ $gblUsers = "file";
+
+//////////////////////////////////////////////////////////////////
+
+ $gblTitle = "Document Manager";
+ $gblVersion = "2.0-pre4";
+
+ $secHash = "";
+
+ // load language
+ if (isset($HTTP_SERVER_VARS["HTTP_ACCEPT_LANGUAGE"])) {
+ LoadLanguage($HTTP_SERVER_VARS["HTTP_ACCEPT_LANGUAGE"]);
+ }
+
+ // does gettext locale function exits?
+ if (! function_exists("_")) {
+ function _($str) { return $str; }
+ }
+
+ // for security and configuration
+ $realm=$HTTP_SERVER_VARS["HTTP_HOST"];
+
+ // globals for later
+ $gblLogin = HTTP_SERVER_VAR("PHP_AUTH_USER");
+ $gblPasswd = HTTP_SERVER_VAR("PHP_AUTH_PW");
+
+//////////////////////////////////////////////////////////////////
+
+function LoadLanguage($lang) {
+
+ global $gblIncDir,$html;
+
+ if (file_exists($gblIncDir."/lang/$lang.php")) {
+ include($gblIncDir."/lang/$lang.php");
+ $html .= "-$lang";
+ } elseif (file_exists($gblIncDir."/lang/default.php")) {
+ include($gblIncDir."/lang/default.php");
+ }
+}
+
+function StartHTML($title,$text="") {
+
+ global $html,$gblIncDir,$gblTitle,$HTTP_SERVER_VARS;
+
+ $host = $HTTP_SERVER_VARS["HTTP_HOST"] ;
+ $self = $HTTP_SERVER_VARS["PHP_SELF"] ;
+
+ if (file_exists("$gblIncDir/docman.css")) {
+ $css = "";
+ $d = dirname($self);
+ if ($d != "/") $css = $d;
+ $css .= "/docman.css";
+ } else {
+ $css=$self."?STYLE=get";
+ }
+ include("$html/head.html");
+}
+
+//////////////////////////////////////////////////////////////////
+
+function EndHTML() {
+
+ global $gblDateFmt, $gblTimeFmt, $gblUserName, $PHP_SELF,
+ $secHash, $gblVersion, $html,
+ $gblLogin,$gblPasswd;
+
+ $url = $PHP_SELF."?relogin=";
+ if (isset($secHash) && $secHash != "") {
+ $url .= $secHash;
+ } else {
+ $url .= md5($gblLogin.$gblPasswd);
+ }
+ if ( ( (isset($gblLogin) && $gblLogin != "") ||
+ (!isset($gblLogin) || $gblLogin == "")
+ ) && ($gblPasswd == "" || !isset($gblPasswd))) {
+ $url_title="login";
+ $url .= "&force_login=1";
+ } else {
+ $url_title="relogin";
+ }
+ include("$html/footer.html");
+
+# global $debug;
+# if ($debug) print $debug;
+} // end function EndHTML
+
+//////////////////////////////////////////////////////////////////
+
+function DetailPage($fsRoot,$relDir,$fn) {
+
+ global $gblEditable, $gblImages,
+ $gblDateFmt, $gblTimeFmt,
+ $gblPermNote,
+ $webRoot, $html,
+ $HTTP_SERVER_VARS ;
+ $self = $HTTP_SERVER_VARS["PHP_SELF"] ;
+
+ $relPath = $relDir . "/" . $fn ;
+ $fsPath = $fsRoot . $relPath ;
+ $fsDir = $fsRoot . $relDir ;
+
+ $exists = file_exists($fsPath) ;
+ $ext = strtolower(strrchr($relPath,".")) ;
+ $editable = ( $ext=="" || strstr(join(" ",$gblEditable),$ext)) &&
+ check_perm($relPath,trperm_w);
+ $writable = is_writeable($fsPath) && check_perm($relPath,trperm_w) ;
+ $writable_dir = is_writeable($fsDir) && check_perm($relDir,trperm_w) ;
+ $file_lock = CheckLock($fsPath);
+
+ if (!$editable && !$exists)
+ Error("Creation denied","Can't create $relPath") ;
+ if (!$exists && !$writable_dir )
+ Error("Creation denied","Can't write in directory $relDir while creating $relPathfor which user has permissions.",1);
+
+ $text = _("Use this page to view, modify or ") ;
+ if (is_dir($fsPath)) {
+ $text .=_("delete a directory on this ") ;
+ } else {
+ $text .= _("delete a single document on this ") ;
+ };
+ $text .= _("web site.") ;
+ $title = "("._("Detail Page").")" ;
+ StartHTML($title, $text) ;
+
+ print "".$relDir.$fn."
";
+
+ if ($exists) { // get file info
+ $fsize = filesize($fsPath) ;
+ $fmodified = date("$gblDateFmt $gblTimeFmt", filemtime($fsPath)) ;
+ $faccessed = date("$gblDateFmt $gblTimeFmt", fileatime($fsPath)) ;
+ $fuid=fileowner($fsPath);
+ $fgid=filegroup($fsPath);
+ $userinfo = posix_getpwuid($fuid);
+ $grpinfo = posix_getgrgid($fgid);
+
+ include("$html/DetailPage-file.html");
+ }
+
+ if ( !is_dir($fsPath) && $editable && ($writable || !$exists) && !$file_lock ) {
+ $fh = fopen($fsPath,"a+") ;
+ rewind($fh) ;
+ $fstr = fread($fh,filesize($fsPath)) ;
+ fclose($fh) ;
+ $fstr = htmlentities( $fstr ) ;
+
+ include("$html/DetailPage-edit.html");
+ }
+ if ( !$file_lock && $ext!="" && strstr(join(' ',$gblImages),$ext) ) {
+ $info = getimagesize($fsPath) ;
+ $tstr = "" ;
+// echo htmlentities($tstr) . "
" . $tstr ;
+ echo $tstr ;
+ }
+
+
+ print '";
+
+ $name=basename("$fsDir/$fn");
+ $logname=dirname("$fsDir/$fn")."/.log/$name";
+ $bakdir=dirname("$fsDir/$fn")."/.bak";
+ if (file_exists($logname)) {
+ $log=fopen($logname,"r");
+ $cl1=" class=LST"; $cl2="";
+ $logarr = array();
+ while($line = fgetcsv($log,512,"\t")) {
+ $cl=$cl1; $cl1=$cl2; $cl2=$cl;
+ array_unshift($logarr,array($cl,$line[0],$line[1],$line[2],$line[3]));
+ }
+ fclose($log);
+ if (is_dir("$fsDir/$fn")) {
+ $whatis="DIRECTORY";
+ } else {
+ $whatis="FILE";
+ }
+ print "
CHANGES TO THIS $whatis
\n";
+ $bakcount = 0; // start from 0, skip fist backup (it's current)
+ while ($e = array_shift($logarr)) {
+ if (stristr($e[4],"upload") || stristr($e[4],"check-in")) {
+print "-- $e[4] -- $bakdir/$bakcount/$name --
\n";
+ if (file_exists("$bakdir/$bakcount/$name")) {
+ $e[4]="$e[4]";
+ }
+ $bakcount++;
+ }
+ print "$e[1] | $e[2] | $e[3] | $e[4] |
\n";
+ }
+ print "
";
+ }
+
+ EndHTML() ;
+
+} // end function DetailPage
+
+//////////////////////////////////////////////////////////////////
+
+function DisplayCode($fsRoot,$relDir,$fn) {
+
+ $path = $fsRoot . $relDir . "/" . $fn ;
+
+ if (!file_exists($path)) Error("File not found",$path) ;
+
+ StartHTML("(".$relDir."/".$fn.")","");
+
+ $tstr = join("",file($path)) ;
+ $tstr = htmlentities($tstr) ;
+
+ // Tabs
+ $tstr = str_replace(chr(9)," ",$tstr) ;
+
+ // ASP tags & XML/PHP tags
+ $aspbeg = "<%" ;
+ $aspend = "%>" ;
+ $tstr = str_replace("<%",$aspbeg,$tstr) ;
+ $tstr = str_replace("%>",$aspend,$tstr) ;
+
+ $xmlbeg = "<?" ;
+ $xmlend = "?>" ;
+ $tstr = str_replace("<?",$xmlbeg,$tstr) ;
+ $tstr = str_replace("?>",$xmlend,$tstr) ;
+
+ // C style comment
+ $tstr = str_replace("/*","/*",$tstr) ;
+ $tstr = str_replace("*/","*/",$tstr) ;
+
+ // HTML comments
+ $tstr = str_replace("<!--","<!--",$tstr) ;
+ $tstr = str_replace("-->","-->",$tstr) ;
+
+ echo "" ;
+
+ $tstr = split("\n",$tstr) ;
+ for ($i = 0 ; $i < sizeof($tstr) ; ++$i) {
+ // add line numbers
+ echo "
" ;
+ echo substr(("000" . ($i+1)), -4) . ": " ;
+ $line = $tstr[$i] ;
+ // C++ style comments
+ $pos = strpos($line,"//") ;
+ // exceptions: two slashes aren't a script comment
+ if (strstr($line,"//") &&
+ ! ($pos>0 && substr($line,$pos-1,1)==":") &&
+ ! (substr($line,$pos,8) == "//-->") &&
+ ! (substr($line,$pos,9) == "// -->")) {
+ $beg = substr($line,0,strpos($line,"//")) ;
+ $end = strstr($line,"//") ;
+ $line = $beg."".$end."";
+ }
+ // shell & asp style comments
+ $first = substr(ltrim($line),0,1) ;
+ if ($first == "#" || $first == "'") {
+ $line = "".$line."";
+ }
+ print($line) ;
+ } // next i
+
+ echo "
" ;
+
+ EndHTML() ;
+
+} // end function DisplayCode
+
+//////////////////////////////////////////////////////////////////
+
+function MockIcon($txt) {
+ $tstr = "" ;
+
+ switch (strtolower($txt)) {
+ case ".bmp" :
+ case ".gif" :
+ case ".jpg" :
+ case ".jpeg":
+ case ".tif" :
+ case ".tiff":
+ $d = 176 ;
+ break ;
+ case ".doc" :
+ $d = 50 ;
+ break ;
+ case ".exe" :
+ case ".bat" :
+ $d = 255 ;
+ break ;
+ case ".bas" :
+ case ".c" :
+ case ".cc" :
+ case ".src" :
+ $d = 255 ;
+ break ;
+ case "file" :
+ $d = 51 ;
+ break ;
+ case "fldr" :
+ $d = 48 ;
+ break ;
+ case ".htm" :
+ case ".html":
+ case ".asa" :
+ case ".asp" :
+ case ".cfm" :
+ case ".php3":
+ case ".php" :
+ case ".phtml" :
+ case ".shtml" :
+ $d = 182 ;
+ break ;
+ case ".pdf" :
+ $d = 38 ;
+ break;
+ case ".txt" :
+ case ".ini" :
+ $d = 52 ;
+ break ;
+ case ".xls" :
+ $d = 252 ;
+ break ;
+ case ".zip" :
+ case ".arc" :
+ case ".sit" :
+ case ".tar" :
+ case ".gz" :
+ case ".tgz" :
+ case ".Z" :
+ $d = 59 ;
+ break ;
+ case "view" :
+ $d = 52 ;
+ break ;
+ case "up" :
+ $d = 199 ;
+ break ;
+ case "blank" :
+ return " " ;
+ break ;
+ default :
+ $d = 51 ;
+ }
+
+ return $tstr . chr($d) . "" ;
+} // end function MockIcon
+
+//////////////////////////////////////////////////////////////////
+
+function GifIcon($txt = "") {
+ global $gblIconLocation, $gblImages ;
+
+ switch (strtolower($txt)) {
+ case ".doc" :
+ $d = "layout.gif" ;
+ break ;
+ case ".exe" :
+ case ".bat" :
+ $d = "screw2.gif" ;
+ break ;
+ case ".bas" :
+ case ".c" :
+ case ".cc" :
+ case ".src" :
+ $d = "c.gif" ;
+ break ;
+ case "file" :
+ $d = "generic.gif" ;
+ break ;
+ case "fldr" :
+ $d = "dir.gif" ;
+ break ;
+ case ".phps" :
+ $d = "phps.gif" ;
+ break ;
+ case ".php3" :
+ $d = "php3.gif" ;
+ break ;
+ case ".htm" :
+ case ".html":
+ case ".asa" :
+ case ".asp" :
+ case ".cfm" :
+ case ".php3":
+ case ".php" :
+ case ".phtml" :
+ case ".shtml" :
+ $d = "world1.gif" ;
+ break ;
+ case ".pdf" :
+ $d = "pdf.gif" ;
+ break;
+ case ".txt" :
+ case ".ini" :
+ $d = "text.gif" ;
+ break ;
+ case ".xls" :
+ $d = "box2.gif" ;
+ break ;
+ case ".zip" :
+ case ".arc" :
+ case ".sit" :
+ case ".tar" :
+ case ".gz" :
+ case ".tgz" :
+ case ".Z" :
+ $d = "compressed.gif" ;
+ break ;
+ case "view" :
+ $d = "index.gif" ;
+ break ;
+ case "up" :
+ $d = "back.gif" ;
+ break ;
+ case "blank" :
+ $d = "blank.gif" ;
+ break ;
+ case "checkout":
+ $d = "box2.gif";
+ break;
+ case "checkin":
+ $d = "hand.up.gif";
+ break;
+ case "locked":
+ $d = "screw2.gif";
+ break;
+ case "note":
+ $d = "quill.gif";
+ break;
+ default :
+ if (in_array(strtolower($txt),$gblImages)) {
+ $d = "image2.gif" ;
+ } else {
+ $d = "generic.gif" ;
+ }
+ }
+
+
+ return "" ;
+} // end function GifIcon
+
+//////////////////////////////////////////////////////////////////
+
+function Navigate($fsRoot,$relDir) {
+
+ global $gblEditable, $gblIcon, $gblModDays, $webRoot, $gblHide,
+ $gblIgnoreUnknownFileType, $gblRepositoryDir,
+ $gblLogin, $gblUserName, $gblDateFmt, $gblTimeFmt,
+ $gblPermNote,
+ $fsRealmDir, $realm, $realm_sep,
+ $html, $realm_config,
+ $HTTP_GET_VARS, $HTTP_SERVER_VARS;
+
+ $self = $HTTP_SERVER_VARS["PHP_SELF"] ;
+
+ $relDir = chopsl($relDir)."/";
+ $fsDir = $fsRoot.$relDir; // current directory
+
+ if (!is_dir($fsDir)) Error("Dir not found","Directory $relDir not found on filesystem at $fsDir",1) ;
+
+ global $debug;
+ $debug .= "[$gblLogin|$relDir] before >";
+
+ if (! check_perm($relDir,trperm_b))
+ Error("Access denied","User $gblLogin tried to access $relDir without valid trustee.",1);
+ $debug .= "< afeter";
+
+ $hide_items=",$gblHide,";
+
+ $dirList = array();
+ $fileList = array();
+
+ // read directory contents
+ if ( !($dir = @opendir($fsDir)) )
+ Error("Read Access denied",$relDir,1) ;
+ while ($item = readdir($dir)) {
+ if ( substr($item,0,1) == "." || strstr($hide_items,",$item,") ) continue ;
+ if (is_dir($fsDir.$item) || is_link ($fsDir.$item)) {
+ if (check_perm($relDir.$item,trperm_b)) {
+ $dirList[$item] = $item ;
+ $dirNote[$item] = ReadNote($fsDir.$item);
+ }
+ } else if (is_file($fsDir.$item)) {
+ if (check_perm($relDir.$item,trperm_r)) {
+ $fileList[$item] = $item ;
+ $fileDate[$item] = filemtime($fsDir.$item) ;
+ $fileSize[$item] = filesize($fsDir.$item) ;
+ $fileNote[$item] = ReadNote($fsDir.$item);
+ }
+ } else {
+ if (! $gblIgnoreUnknownFileType) Error("File Type Error", "Item ".$fsDir.$item." is not file, directory or link. If you want to ignore errors like this, set \$gblIgnoreUnknownFileType = 1 in $realm_config.",1);
+ }
+ }
+ closedir($dir) ;
+
+ // scan deleted files
+ if ( HTTP_GET_VAR("show_deleted") == 1 && ($dir = @opendir("$fsDir/.del")) ) {
+ while ($item = readdir($dir)) {
+ if ( substr($item,0,1) == "." || strstr($hide_items,",$item,") || !check_perm($relDir.$item,trperm_w) ) continue ;
+ if (is_file($fsDir.".del/$item")) {
+ $fileList[$item] = ".del/$item" ;
+ $fileDate[$item] = filemtime($fsDir.".del/$item") ;
+ $fileSize[$item] = filesize($fsDir.".del/$item") ;
+ $fileNote[$item] = ReadNote($fsDir.".del/$item");
+ } else {
+ $dirList[$item] = ".del/$item" ;
+ $dirNote[$item] = ReadNote($fsDir.".del/$item");
+ }
+ }
+ closedir($dir) ;
+ }
+
+ $emptyDir = ! (sizeof($dirList) || sizeof($fileList)) ;
+
+ // start navigation page
+ $text = "Use this page to add, delete";
+ if (! isset($HTTP_GET_VARS["show_deleted"])) {
+ $text .= ", undelete";
+ }
+ $text .= " or revise files on this web site." ;
+ $text .= "
Examine list of files changed in last day or all changes.";
+ StartHTML("(Navigate)",$text) ;
+
+ print "" ;
+
+ // updir (parent) bar
+ if (chopsl($fsDir) != chopsl($fsRoot)) {
+ $parent = dirname($relDir) ;
+ if ($parent == "") $parent = "/" ;
+
+ include("$html/Navigate-parent.html");
+ }
+
+ function plural($name,$count) {
+ $out="$count $name";
+ if ($count > 1) {
+ $out.="s";
+ }
+ return $out;
+ }
+
+ $dsort = HTTP_GET_VAR("dsort");
+ if (! isset($dsort)) $dsort = "name"; // default directory sort
+
+ $dsort_arr = array(
+ "name" => array ("rname", "note"),
+ "rname" => array ("name", "note"),
+ "note" => array ("name", "rnote"),
+ "rnote" => array ("name", "note")
+ );
+
+ $fsort = HTTP_GET_VAR("fsort");
+ if (! isset($fsort)) $fsort = "name"; // default directory sort
+
+ $fsort_arr = array(
+ "name" => array ("rname", "note", "date", "size"),
+ "rname" => array ("name", "note", "date", "size"),
+ "note" => array ("name", "rnote", "date", "size"),
+ "rnote" => array ("name", "note", "date", "size"),
+ "date" => array ("name", "note", "rdate", "size"),
+ "rdate" => array ("name", "note", "date", "size"),
+ "size" => array ("name", "note", "date", "rsize"),
+ "rsize" => array ("name", "note", "date", "size")
+ );
+
+ $D="D=".urlencode($relDir);
+
+ function self_args($arr = array()) {
+ global $self;
+ $arg = implode("&",$arr);
+ if ($arg) {
+ return $self."?".$arg;
+ } else {
+ return $self;
+ }
+ }
+ // output subdirs
+ if (sizeof($dirList) > 0) {
+ switch ($dsort) {
+ case "note":
+ $items = $dirNote;
+ asort($items);
+ break;
+ case "rnote":
+ $items = $dirNote;
+ arsort($items);
+ break;
+ case "rname":
+ $items = $dirList;
+ krsort($items);
+ break;
+ default:
+ $items = $dirList;
+ ksort($items);
+ break;
+ }
+ $durl = self_args(array($D,"dsort=".$dsort_arr[$dsort][0]));
+ $nurl = self_args(array($D,"dsort=".$dsort_arr[$dsort][1]));
+
+ include("$html/Navigate-dirHeader.html");
+
+ while (list($key,$dir) = each($items)) {
+
+ $dir = $dirList[$key];
+
+ $info_url=self_args(array("A"=>"A=E", "F"=>"F=".urlencode($dir), "D"=>$D));
+ if (substr($dir,0,5) == ".del/") {
+ $dir = substr($dir,5,strlen($dir)-5);
+ $deleted = " deleted";
+ } else {
+ $deleted = "";
+ }
+
+ $dir_url=$self."?D=".urlencode(chopsl($relDir)."/".$dir);
+ if (check_perm($relDir.$dir,$gblPermNote)) {
+ $note_html="".$gblIcon("note")."".$dirNote[$key];
+ } else {
+ $note_html=$dirNote[$key];
+ }
+
+ $dir_html = isBlank($dir,"directory");
+
+ include("$html/Navigate-dirEntry.html");
+
+ } // iterate over dirs
+ } // end if no dirs
+
+ $durl = self_args(array($D,"fsort=".$fsort_arr[$fsort][0]));
+ $nurl = self_args(array($D,"fsort=".$fsort_arr[$fsort][1]));
+ $uurl = self_args(array($D,"fsort=".$fsort_arr[$fsort][2]));
+ $surl = self_args(array($D,"fsort=".$fsort_arr[$fsort][3]));
+
+ $html_uri = $webRoot;
+
+ if (substr($relDir,0,1) == "/") {
+ $html_uri .= substr($relDir,1,strlen($relDir)-1);
+ } else {
+ $html_uri .= $relDir;
+ }
+
+ include("$html/Navigate-fileHeader.html");
+
+ if (sizeof($fileList) > 0) {
+ switch ($fsort) {
+ case "note":
+ $items = $fileNote;
+ asort($items);
+ break;
+ case "rnote":
+ $items = $fileNote;
+ arsort($items);
+ break;
+ case "date":
+ $items = $fileDate;
+ asort($items);
+ break;
+ case "rdate":
+ $items = $fileDate;
+ arsort($items);
+ break;
+ case "size":
+ $items = $fileSize;
+ asort($items);
+ break;
+ case "rsize":
+ $items = $fileSize;
+ arsort($items);
+ break;
+ case "rname":
+ $items = $fileList;
+ krsort($items);
+ break;
+ default:
+ $items = $fileList;
+ ksort($items);
+ break;
+ }
+
+ while (list($key,$file) = each($items)) {
+ $file = $fileList[$key];
+ $path = $fsDir."/".$file ;
+ $mod = $fileDate[$key];
+ $sz = $fileSize[$key];
+
+ if ($sz >= 10240) {
+ $sz = (int)(($sz+1023)/1024) . " k" ;
+ } else {
+ $sz .= " " ;
+ } // end size
+
+ $a = $b = "" ;
+
+ $info_url=$self."?A=E&F=".urlencode($file)."&D=".urlencode($relDir);
+
+ if ( ($mod + $gblModDays*86400) > time() ) {
+ $a = " * " ;
+ }
+
+ $file_lock=CheckLock($path);
+
+ $file_url_html="" ;
+
+ if (substr($file,0,5) != ".del/") {
+ $file_url_html .= isBlank($file) . "" . $a ;
+ } else {
+ $file_url_html .= isBlank(substr($file,5,strlen($file)-5)) . " deleted";
+ }
+
+ if (check_perm($relDir.$file,$gblPermNote)) {
+ $note_html="".$gblIcon("note")."".$fileNote[$key];
+ } else {
+ $note_html=$fileNote[$key];
+ }
+
+ $ext = strtolower(strrchr($file,".")) ;
+
+ if ($file_lock) {
+ if ($file_lock == $gblUserName) {
+ $b.="" ;
+ $file_url_html=$b;
+ $b.=$gblIcon("checkin")."" ;
+ $b.= $gblIcon("blank");
+ $file_url_html.="$file $a";
+ $note_html = $gblIcon("blank")."Please check-in (update) this file";
+ } else {
+ $b = $gblIcon("locked");
+ $b.= $gblIcon("blank");
+ $note_html = $gblIcon("blank")."File locked by $file_lock";
+ $file_url_html = "$file $a";
+ }
+ } else {
+ if (check_perm($relDir.$file,trperm_w)) {
+ $b.="" ;
+ $b.=$gblIcon("checkout")."";
+ }
+
+ if ( $ext=="" || strstr(join(" ",$gblEditable),$ext) ) {
+ $b.="" ;
+ $b.=$gblIcon("view")."" ;
+ } else {
+ $b.= $gblIcon("blank");
+ }
+ }
+
+ $mod = date("$gblDateFmt $gblTimeFmt",$mod);
+
+ include("$html/Navigate-fileEntry.html");
+
+ } // iterate over files
+ } else { // end if no files
+ include("$html/Navigate-noFiles.html");
+ }
+
+ if ($emptyDir && $relDir != "") {
+ include("$html/Navigate-emptyDir.html");
+ } // end if emptyDir
+
+ include("$html/Navigate-hr.html");
+
+ if (file_exists("$fsRealmDir/$realm".$realm_sep."info.inc")) {
+ print " | ";
+ include("$fsRealmDir/$realm".$realm_sep."info.inc");
+ print " |
";
+ include("$html/Navigate-hr.html");
+ } elseif (file_exists("$gblRepositoryDir/.info.inc")) {
+ print " | ";
+ include("$gblRepositoryDir/.info.inc");
+ print " |
";
+ include("$html/Navigate-hr.html");
+ }
+
+ include("$html/Navigate-createNew.html");
+
+ print "
";
+
+ EndHTML() ;
+} // end function Navigate
+
+//////////////////////////////////////////////////////////////////
+
+function UploadPage($fsRoot, $relDir, $filename="") {
+
+ global $html, $HTTP_SERVER_VARS;
+
+ $self = $HTTP_SERVER_VARS["PHP_SELF"] ;
+ include("$html/UploadPage.html");
+
+} // end function UploadPage
+
+//////////////////////////////////////////////////////////////////
+
+// Error with sysadmin flag are reported to error_log or hidden from
+// users
+
+function Error($title,$text="",$sysadmin=0,$no_404=0) {
+ global $gblSeparateAdminMessages,
+ $gblMailAdminMessages,$realm,
+ $HTTP_SERVER_VARS;
+ if (! headers_sent() && ! $no_404) header("HTTP/1.0 404 Not Found");
+ if ($sysadmin) {
+ if ($gblSeparateAdminMessages) {
+ $user="Your administrator ";
+ if ($gblMailAdminMessages) {
+ mail($HTTP_SERVER_VARS["SERVER_ADMIN"], "docman $realm error message: $title", strip_tags($text));
+ $user.="".$HTTP_SERVER_VARS["SERVER_ADMIN"]." ";
+ }
+ $user.="has been notified about error" ;
+ StartHTML("($title)",$user);
+ echo "Hit your Browser's Back Button.
" ;
+ EndHTML();
+ error_log("docman $realm: ".strip_tags($text));
+ } else {
+ StartHTML("ADMIN: ".$title,$text) ;
+ echo "Hit your Browser's Back Button.
" ;
+ EndHTML();
+ }
+ } else {
+ StartHTML("(".$title.")",$text) ;
+ echo "Hit your Browser's Back Button.
" ;
+ EndHTML() ;
+ }
+ exit ;
+} // end function Error
+
+function LogIt($target,$msg, $changelog=0) {
+
+ global $gblDateFmt, $gblTimeFmt, $gblUserName, $gblFsRoot;
+
+ $dir=dirname($target);
+ if (! file_exists($dir."/.log")) {
+ if (! @mkdir($dir."/.log",0700)) Error("docman installation problem","can't create log directory $dir/.log",1);
+ }
+ $file=basename($target);
+
+ $log=fopen("$dir/.log/$file","a+");
+ fputs($log,date("$gblDateFmt\t$gblTimeFmt").
+ "\t$gblUserName\t$msg\n");
+ fclose($log);
+
+ if (! $changelog) return;
+
+ $log=fopen("$gblFsRoot/.changelog","a+");
+ if (substr($target,0,strlen($gblFsRoot)) == $gblFsRoot)
+ $target=substr($target,strlen($gblFsRoot),strlen($target)-strlen($gblFsRoot));
+ $msg=str_replace("\t"," ",$msg);
+ fputs($log,time()."\t$target\t$gblUserName\t$msg\n");
+ fclose($log);
+
+ // FIX: implement e-mail notification based on $changelog
+ // permission
+}
+
+
+//////////////////////////////////////////////////////////////////
+
+function WriteNote($target,$msg) {
+
+ $target=stripSlashes($target);
+ $dir=dirname($target);
+ if (! file_exists($dir."/.note")) {
+ mkdir($dir."/.note",0700);
+ }
+ $file=basename($target);
+
+ $note=fopen("$dir/.note/$file","w");
+ if (! $note) {
+ Error("Error writing note","Can't open note file $dir/.note/$file for writing",1);
+ }
+ fputs($note,"$msg\n");
+ fclose($note);
+
+ LogIt($target,"added note $msg");
+
+}
+
+function ReadNote($target) {
+
+ $target=stripSlashes($target);
+ $dir=dirname($target);
+ $file=basename($target);
+ $msg="";
+ if (file_exists($dir."/.note/$file")) {
+ $note=fopen("$dir/.note/$file","r");
+ $msg=fgets($note,4096);
+ fclose($note);
+ }
+ return HtmlSpecialChars(StripSlashes($msg));
+
+}
+
+//////////////////////////////////////////////////////////////////
+
+function MoveTo($source,$folder) {
+
+ $source=stripSlashes($source);
+ $file=basename($source);
+ if (! file_exists($folder)) {
+ mkdir($folder,0700);
+ }
+ if (file_exists($source)) {
+ rename($source,"$folder/$file");
+ }
+}
+
+//////////////////////////////////////////////////////////////////
+
+function Lock($target) {
+
+ global $gblUserName;
+
+ $target=stripSlashes($target);
+ $dir=dirname($target);
+ if (! file_exists($dir."/.lock")) {
+ mkdir($dir."/.lock",0700);
+ }
+ $file=basename($target);
+
+ if (file_exists("$dir/.lock/$file")) {
+ LogIt($target,"attempt to locked allready locked file!");
+ } else {
+ $lock=fopen("$dir/.lock/$file","w");
+ fputs($lock,"$gblUserName\n");
+ fclose($lock);
+
+ LogIt($target,"file locked");
+ }
+
+}
+
+function CheckLock($target) {
+
+ $target=stripSlashes($target);
+ $dir=dirname($target);
+ $file=basename($target);
+ $msg=0;
+ if (file_exists($dir."/.lock/$file")) {
+ $lock=fopen("$dir/.lock/$file","r");
+ $msg=fgets($lock,4096);
+ fclose($lock);
+ }
+ return chop($msg);
+
+}
+
+function Unlock($target) {
+
+ $target=stripSlashes($target);
+ $dir=dirname($target);
+ $file=basename($target);
+ if (file_exists($dir."/.lock/$file")) {
+ unlink("$dir/.lock/$file");
+ LogIt($target,"file unlocked");
+ } else {
+ LogIt($target,"attempt to unlocked non-locked file!");
+ }
+
+}
+
+//////////////////////////////////////////////////////////////////
+
+function urlpath($url) {
+ $url=urlencode(StripSlashes("$url"));
+ $url=str_replace("%2F","/",$url);
+ $url=str_replace("+","%20",$url);
+ return($url);
+}
+
+//////////////////////////////////////////////////////////////////
+
+function safe_rename($fromdir,$fromfile,$tofile) {
+
+ global $gblNumBackups;
+
+ function try_rename($from,$to) {
+# print "$from -> $to\n";
+ if (file_exists($from) && is_writeable(dirname($to))) {
+ return rename($from,$to);
+ } else {
+ return 0;
+ }
+ }
+
+ function try_dir($todir) {
+ if (! file_exists($todir)) {
+ @mkdir($todir,0700);
+ }
+ }
+
+ $to="$fromdir/$tofile";
+ $todir=dirname($to);
+ $tofile=basename($to);
+
+# print "$fromdir / $fromfile -> $todir / $tofile\n\n";
+
+ if (! try_rename("$fromdir/$fromfile","$todir/$tofile")) Error("Rename error","Can't rename file $fromfile to $tofile",1);
+ try_dir("$todir/.log");
+ try_rename("$fromdir/.log/$fromfile","$todir/.log/$tofile");
+ try_dir("$todir/.note");
+ try_rename("$fromdir/.note/$fromfile","$todir/.note/$tofile");
+ try_dir("$todir/.lock");
+ try_rename("$fromdir/.lock/$fromfile","$todir/.lock/$tofile");
+ try_dir("$todir/.bak");
+ for($i=0;$i<=$gblNumBackups;$i++) {
+ try_rename("$fromdir/.bak/$i/$fromfile","$todir/.bak/$i/$tofile");
+ }
+}
+
+
+//////////////////////////////////////////////////////////////////
+
+// recursivly delete directory
+
+function rrmdir($dir) {
+ $handle=opendir($dir);
+ while ($file = readdir($handle)) {
+ if ($file != "." && $file != "..") {
+ if (is_dir("$dir/$file"))
+ rrmdir("$dir/$file");
+ else
+ if (! @unlink("$dir/$file")) return(0);
+ }
+ }
+ closedir($handle);
+ return @rmdir($dir);
+}
+
+//////////////////////////////////////////////////////////////////
+
+function DisplayChangeLog($day) {
+
+ global $gblFsRoot, $gblDateFmt, $gblTimeFmt,
+ $HTTP_SERVER_VARS;
+
+ $self = $HTTP_SERVER_VARS["PHP_SELF"];
+
+ if (!file_exists("$gblFsRoot/.changelog")) return;
+ $log=fopen("$gblFsRoot/.changelog","r");
+ $logarr = array();
+ while($line = fgetcsv($log,512,"\t")) {
+ while (sizeof($line) > 4) {
+ $tmp = array_pop($line);
+ $line.=" $tmp";
+ }
+ if ($day!=1 || ($day==1 && (time()-$line[0] < 24*60*60))) {
+ array_unshift($logarr,array($line[0],$line[1],$line[2],$line[3]));
+ }
+ }
+ fclose($log);
+ $cl1=" class=LST"; $cl2="";
+ print "
\n";
+ while ($e = array_shift($logarr)) {
+ $cl=$cl1; $cl1=$cl2; $cl2=$cl;
+ $date = date($gblDateFmt, $e[0]);
+ $time = date($gblTimeFmt, $e[0]);
+ $dir = dirname($e[1]);
+ $file = basename($e[1]);
+ print "$date | $time | $dir/$file | $e[2] | $e[3] |
\n";
+ }
+ print "
";
+ print "".GifIcon("up")." Back to front page.
";
+}
+
+//////////////////////////////////////////////////////////////////
+
+function Download($path,$force=0) {
+ global $HTTP_SERVER_VARS,$mime_type;
+
+ // default transfer-encoding
+ $encoding = "binary";
+
+ // known transfer encodings
+ $encoding_ext = array(
+ "gz" => "x-gzip",
+ "Z" => "x-compress",
+ );
+
+ $file = basename($path);
+ $size = filesize($path);
+
+ $ext_arr = explode(".",$file);
+ $ext = array_pop($ext_arr);
+ if (isset($encoding_ext[$ext])) {
+ $encoding = $encoding_ext[$ext];
+ $ext = array_pop($ext_arr);
+ }
+
+ if ($force || !isset($mime_type[$ext])) {
+ header("Content-Type: application/force-download");
+ } else {
+ header("Content-Type: $mime_type[$ext]");
+ }
+
+ // IE5.5 just downloads index.php if we don't do this
+ if(preg_match("/MSIE 5.5/", $HTTP_SERVER_VARS["HTTP_USER_AGENT"])) {
+ header("Content-Disposition: filename=$file");
+ } else {
+ header("Content-Disposition: attachment; filename=$file");
+ }
+
+ header("Content-Transfer-Encoding: $encoding");
+ $fh = fopen($path, "r");
+ fpassthru($fh);
+}
+
+
+//////////////////////////////////////////////////////////////////
+
+function chopsl($path) {
+ $path=str_replace("//","/",$path);
+ if (substr($path,strlen($path)-1,1) == "/") $path=substr($path,0,strlen($path)-1);
+ return $path;
+}
+
+//////////////////////////////////////////////////////////////////
+/*
+ Document manager ACL implementation
+
+ Written by Dobrica Pavlinusic
+
+ Based on ideas from Linux trustees code
+ by Vyacheslav Zavadsky
+*/
+
+define('trmask_not',1 << 0);
+define('trmask_clear',1 << 1);
+define('trmask_deny',1 << 2);
+define('trmask_one_level',1 << 3);
+define('trmask_group',1 << 4);
+
+define('trperm_r',1 << 5);
+define('trperm_w',1 << 6);
+define('trperm_b',1 << 7);
+define('trperm_n',1 << 8);
+
+$trustee_a2n = array(
+ '!' => trmask_not,
+ 'C' => trmask_clear,
+ 'D' => trmask_deny,
+ 'O' => trmask_one_level,
+ '+' => trmask_group,
+ 'R' => trperm_r,
+ 'W' => trperm_w,
+ 'B' => trperm_b,
+ 'N' => trperm_n,
+);
+
+// debugging function
+function display_trustee($t) {
+ global $trustee_a2n;
+ $out="";
+ foreach ($trustee_a2n as $c=>$v) {
+ if ($t & $v) $out.=$c;
+ }
+ return $out;
+}
+function display_all_trustee() {
+ global $trustees;
+ print "trustee dump:
\n";
+ foreach ($trustees as $path => $tr) {
+ print "
$path\n";
+ foreach ($tr as $user=>$perm) {
+ print "$user == $perm (".display_trustee($perm).")
\n";
+ }
+ }
+}
+
+function init_trustee() {
+
+global $trustee_conf,$trustee_php,$trustee_a2n,$groups,$trustees;
+
+// do we need to re-create compiled trustees?
+if (! file_exists($trustee_conf)) {
+ # $error="$trustee_conf doesn't exits";
+ return 0; # don't use trustees
+} elseif (file_exists($trustee_conf) && !is_readable($trustee_conf)) {
+ $error="$trustee_conf exits, but is not readable";
+} elseif (!is_writable(dirname($trustee_php))) {
+ $error="".dirname($trustee_php)." must be writable by web server user";
+} elseif (file_exists($trustee_php) && !is_writable($trustee_php)) {
+ $error="trustees cache file $trustee_php exists, but is not writable by web server";
+} elseif (@filemtime($trustee_conf) >= @filemtime($trustee_php)) {
+ $fp_php=@fopen($trustee_php,"w");
+ fputs($fp_php,"\n";
+ }
+ }
+ if (isset($tr_arr[$path][$user])) {
+ $tr_arr[$path][$user] |= $perm;
+ } else {
+ $tr_arr[$path][$user] = $perm;
+ }
+ }
+ }
+ }
+
+ fclose($fp_conf);
+
+ // save trustees
+ $tr_out='$trustees = array (';
+ $sep1="";
+ while (list ($path, $tr) = each ($tr_arr)) {
+ $tr_out.="$sep1\n\t'$path'=>array(";
+ $sep2="";
+ while (list($user,$perm)=each($tr)) {
+ $tr_out.="$sep2\n\t\t'$user'=>$perm";
+ $sep2=",";
+ }
+ $tr_out.="\n\t)";
+ $sep1=",";
+ }
+ $tr_out.="\n);";
+
+ // save groups
+ $gr_out='$groups = array (';
+ $sep="";
+ while (list ($group, $members) = each ($groups_arr)) {
+ $gr_out.="$sep\n\t'";
+ $gr_out.=substr($group,1,strlen($group)-1);
+ $gr_out.="'=>array('".join("','",explode(",",$members))."')";
+ $sep=",";
+ }
+ $gr_out.="\n);\n";
+
+ fputs($fp_php,$gr_out);
+ fputs($fp_php,$tr_out);
+ fputs($fp_php,"?>\n");
+ fclose($fp_php);
+}
+
+if (isset($error)) {
+ Error("Trustee error",$error,1);
+} else {
+ include_once("$trustee_php");
+}
+
+return 1;
+
+}//init_trustee
+
+function in_group($user,$group) {
+ global $groups;
+ return in_array($user,$groups[$group]);
+}
+
+// helper function
+function unroll_perm($u,$t,$perm,$one_level) {
+
+ if ($t & trmask_one_level && !$one_level) return $perm;
+
+ if ($t & trmask_deny) {
+ if ($t & trmask_clear) {
+ $perm['deny'] &= ~$t;
+ } else {
+ $perm['deny'] |= $t;
+ }
+ } elseif ($t & trmask_clear) {
+ $perm['allow'] &= ~$t;
+ } else {
+ $perm['allow'] |= $t;
+ }
+ return $perm;
+}// end of helper function
+
+function check_trustee($user,$path) {
+ global $trustees,$HAVE_TRUSTEE;
+ $perm['allow'] = 0;
+ $perm['deny'] = 0;
+
+ // do we use trustees?
+ if (! $HAVE_TRUSTEE) return $perm;
+
+ if (! isset($trustees)) Error("Trustees not found","Can't find in-memory trustee structure \$trustees. Probably bug in code. Contact dpavlin@rot13.org",1);
+
+global $debug;
+$debug .= "
check_trustee $path ... ";
+
+ $path_arr=explode("/",$path);
+ $tmppath="";
+ while (count($path_arr)) {
+ $p = array_shift($path_arr);
+$debug.= "[$p] ";
+ # add trailing slash
+ if (substr($tmppath,strlen($tmppath)-1,1) != "/") {
+ $tmppath.="/";
+ }
+ # append currnet dir to tmppath
+ if (isset($p)) {
+ $tmppath.=$p;
+ }
+$debug.= ">> $tmppath ";
+
+ if (! isset($trustees[$tmppath])) continue;
+ $tr = $trustees[$tmppath];
+
+ $one_level = (!count($path_arr));
+$debug.=" O($one_level) ";
+
+ if (isset($tr)) {
+ // first apply trustee for all
+ if (isset($tr['*']) && $user!="anonymous") {
+ $perm = unroll_perm($user,$tr['*'],$perm, $one_level);
+ unset($tr['*']);
+ }
+ // then apply not and group policies
+ foreach ($tr as $g=>$t) {
+ if ($t & trmask_not && $g != $user) {
+ $t = $t & ~trmask_not;
+ $perm = unroll_perm($user,$t,$perm, $one_level);
+ unset($tr[$g]);
+
+ } elseif ($t & trmask_group && in_group($user,$g)) {
+ // resolv user
+ $t = $t & ~trmask_group;
+ $perm = unroll_perm($user,$t,$perm, $one_level);
+ unset($tr[$g]);
+ }
+ }
+ // then apply user policy
+ if (isset($tr[$user])) {
+ $perm = unroll_perm($user,$tr[$user],$perm,$one_level);
+ unset($tr[$user]);
+ }
+ }
+$debug.="d(".display_trustee($perm['deny']).") a(".display_trustee($perm['allow']).") ";
+
+ }
+$debug.="
check_trustee: user: $user path: $path==$tmppath perm: ";
+$debug.="d: ".$perm['deny']." (".display_trustee($perm['deny']).") a: ".$perm['allow']." (".display_trustee($perm['allow']).")
\n";
+ return $perm;
+}
+
+// handy functions
+
+function check_perm($path,$trperm) {
+ global $gblLogin,$HAVE_TRUSTEE;
+
+ $path = str_replace("//","/",$path);
+
+ global $debug;
+$debug.="
check_perm: on $path for perm ".display_trustee($trperm)."
\n";
+
+ $return = ! $HAVE_TRUSTEE;
+ if ($HAVE_TRUSTEE) {
+ $perm = check_trustee($gblLogin,$path);
+$debug.=" d: ".$perm['deny']." (".display_trustee($perm['deny']).") a: ".$perm['allow']." (".display_trustee($perm['allow']).") perm to have: $trperm (".display_trustee($trperm).")";
+ if ($perm['deny'] & $trperm) $return=0;
+ elseif (($perm['allow'] & $trperm) == $trperm) $return=1;
+ }
+$debug.=" return: $return
\n";
+ return($return);
+}
+
+//////////////////////////////////////////////////////////////////
+
+function readMime() {
+ global $mime_type, $gblMimeTypes;
+
+ if (! isset($gblMimeTypes)) {
+ $gblMimeTypes = "/etc/mime.types";
+ }
+
+ $mime = @fopen($gblMimeTypes,"r");
+
+ if (! $mime) Error("Can't read MIME types","$gblMimeTypes file not found. You can setup other mime.types file using \$gblMimeTypes in $realm_config");
+
+ while($line = fgets($mime,80)) {
+ if (substr($line,0,1) == "#") continue; // skip comment
+ $arr = preg_split("/[\s\t]+/",$line);
+ $type = array_shift($arr);
+ while ($ext = array_shift($arr)) {
+ $mime_type[$ext] = $type;
+ }
+ }
+
+ fclose($mime);
+}
+
+//////////////////////////////////////////////////////////////////
+
+// check for invalid characters in filename and dirname (.. and /)
+
+function check_dirname($file) {
+ if (strstr($file,"..")) Error("Security violation","No parent dir .. allowed in directory name $file",1);
+}
+
+function check_filename($file) {
+ if (strstr($file,"..")) Error("Security violation","No parent dir .. allowed in file name $file",1);
+ // remove deleted directory (for undelete to work)
+ $file = str_replace(".del/","",$file);
+ if (strstr($file,"/")) Error("Security violation","No slashes / allowed in file name $file",1);
+}
+
+// bla/blo/../foo will return bla/foo
+function remove_parent($path) {
+ while (preg_match(",/[^/]+/\.\./,",$path)) {
+ $path = preg_replace(",/[^/]+/\.\./,","",$path);
+ }
+ if (substr($path,0,1) != "/") $path = "/".$path;
+ return $path;
+}
+
+//////////////////////////////////////////////////////////////////
+
+// functions to move HTTP server variables to global namespace
+// [replacement for register_globals in php.ini]
+
+function HTTP_GET_VAR($var) {
+ global $HTTP_GET_VARS, ${$var};
+ if (isset($HTTP_GET_VARS[$var])) {
+ $$var = stripSlashes($HTTP_GET_VARS[$var]);
+ return $$var;
+ }
+}
+
+function HTTP_POST_VAR($var) {
+ global $HTTP_POST_VARS, ${$var};
+ if (isset($HTTP_POST_VARS[$var])) {
+ $$var = $HTTP_POST_VARS[$var];
+ return $$var;
+ }
+}
+
+function HTTP_SERVER_VAR($var) {
+ global $HTTP_SERVER_VARS, ${$var};
+ if (isset($HTTP_SERVER_VARS[$var])) {
+ $$var = $HTTP_SERVER_VARS[$var];
+ return $$var;
+ }
+}
+
+//////////////////////////////////////////////////////////////////
+
+function Warn($text) {
+}
+
+//////////////////////////////////////////////////////////////////
+
+function isBlank($file,$what = "filename") {
+ if (trim($file) == "") return "whitespace $what";
+ if ($file == "") return "no $what";
+ return $file;
+}
+
+//////////////////////////////////////////////////////////////////
+// MAIN PROGRAM
+
+ $gblFilePerms = 0640 ; // default for new files
+ $gblDirPerms = 0750 ; // default for new dirs
+
+ if (isset($HTTP_GET_VARS["STYLE"]) && $HTTP_GET_VARS["STYLE"] == "get") {
+ if (! headers_sent()) {
+ Header("Content-type: text/css");
+ }
+ include("$html/docman.css");
+ exit;
+ }
+
+ // set fsRealmDir
+ if (! isset($fsRealmDir)) {
+ $fsRealmDir = "$gblIncDir/realm";
+ }
+
+ // try to add dir to script name to realm var
+ if (is_dir("$fsRealmDir/$realm/".dirname($HTTP_SERVER_VARS["SCRIPT_NAME"]))) {
+ $realm .= dirname($HTTP_SERVER_VARS["SCRIPT_NAME"]);
+ $realm_sep = "/";
+ } else {
+ $realm_sep = ".";
+ }
+
+ $realm_config = $fsRealmDir."/".$realm.$realm_sep."conf";
+
+ // read user-defined configuration
+ if (file_exists($realm_config)) {
+ include($realm_config);
+ } else {
+ Error("Configuration error","Can't find configuration file at $realm_config !");
+ }
+
+ if (! isset($gblRepositoryDir)) Error("Configuration error","\$gblRepositoryDir is not setuped in realm configuration file $realm_config");
+
+ // where do we get users from?
+ if (file_exists("$gblIncDir/htusers/$gblUsers.php")) {
+ include("$gblIncDir/htusers/$gblUsers.php");
+ } else {
+ Error("Configuration error","Can't find user handling module at $gblIncDir/htusers/$gblUsers.php ! Please fix $realm_config");
+ }
+
+ // take additional login vars
+ HTTP_GET_VAR("relogin");
+ HTTP_GET_VAR("force_login");
+
+ // if no password, or empty password logout
+ if (
+ isset($gblLogin) && (
+ !isset($relogin) || (
+ isset($relogin) && $relogin != md5($gblLogin.$gblPasswd)
+ )
+ ) && (
+ $gblPasswd == "" || !isset($gblPasswd)
+ ) && !isset($force_login) && $gblLogin != "anonymous"
+ ) {
+ StartHTML("Logout completed","Your login credentials has been erased") ;
+ EndHTML() ;
+ exit ;
+ }
+
+ if (!is_dir($gblRepositoryDir)) Error("Repository dir not found","Can't find repository directory $gblRepositoryDir. Please fix that in $realm_config variable \$gblRepositoryDir.",1);
+
+ // trustee (ACL) file configuration
+ $trustee_conf="$fsRealmDir/$realm".$realm_sep."trustee";
+ // compiled version of trustee file
+ $trustee_php="$gblRepositoryDir/.trustee.php";
+ // get ACL informations
+ $HAVE_TRUSTEE = init_trustee();
+
+ if (strtolower($gblLogin) == "anonymous" || !isset($gblLogin)) {
+ $perm = check_trustee("anonymous","/");
+ // browsing must be explicitly allowed for root directory
+ // of repository for anonymous user to work!
+ if ($perm['allow'] & trperm_b) {
+ $gblLogin = $gblPasswd = "anonymous";
+ $secHash = md5($gblLogin.$gblPasswd);
+ $gblUserName = "Anonymous user";
+ }
+ }
+
+ // authentication failure
+ if ( md5($gblLogin.$gblPasswd) != $secHash ||
+ isset($relogin) && $secHash == $relogin) {
+ header("WWW-authenticate: basic realm=\"$realm\"") ;
+ header("HTTP/1.0 401 Unauthorized") ;
+ Error("401 Unauthorized","No trespassing !",0,1);
+ }
+
+
+ // read mime.types
+ readMime();
+
+ if (! isset($gblPermNote)) {
+ $gblPermNote = trperm_r;
+ }
+
+ HTTP_POST_VAR("FN");
+
+ if ($HTTP_SERVER_VARS["REQUEST_METHOD"] == "POST") {
+ // take variables from server
+ if (HTTP_POST_VAR("FN"))
+ check_filename($FN);
+ if (HTTP_POST_VAR("DIR")) {
+ check_dirname($DIR);
+ $relDir = $DIR;
+ } else {
+ trigger_error("Can't get DIR",E_USER_WARNING);
+ $relDir = "/";
+ }
+ if (HTTP_POST_VAR("RELPATH")) check_dirname($RELPATH);
+ HTTP_POST_VAR("T");
+ HTTP_POST_VAR("CONFIRM");
+ } else {
+ // get
+ HTTP_GET_VAR("A");
+ if (HTTP_GET_VAR("D")) {
+ check_dirname($D);
+ $D=urldecode($D);
+ $relDir = $D;
+ } else {
+ //trigger_error("Can't get D",E_USER_WARNING);
+ $relDir = "/";
+ }
+ if (HTTP_GET_VAR("F")) check_filename($F);
+ }
+
+ $relScriptDir = dirname($HTTP_SERVER_VARS["SCRIPT_NAME"]) ;
+ // i.e. /docman
+
+ // start on server root
+ $gblFsRoot = $gblRepositoryDir;
+ // i.e. /home/httpd/repository
+
+ $fsDir = $gblFsRoot . $relDir ; // current directory
+ if ( !is_dir($fsDir) ) Error("Dir not found","Can't find $relDir which points to $fsDir",1) ;
+
+ if ($relDir == "") $relDir="/";
+
+ if (isset($HTTP_SERVER_VARS["HTTPS"]) && $HTTP_SERVER_VARS["HTTPS"] == "on") {
+ $webRoot = "https://";
+ } else {
+ $webRoot = "http://";
+ }
+ $webRoot .= $HTTP_SERVER_VARS["HTTP_HOST"] . $relScriptDir;
+
+ if (HTTP_POST_VAR("POSTACTION")) switch ($POSTACTION) {
+ case "UPLOAD" :
+ $FN_name=stripSlashes($HTTP_POST_FILES["FN"]["tmp_name"]);
+ $FN=stripSlashes($HTTP_POST_FILES["FN"]["name"]);
+ if (!is_writeable($fsDir)) Error("Write denied",$relDir) ;
+
+ $source = $FN_name ;
+ if (! file_exists($source)) {
+ Error("You must select file with browse to upload it!","If file is too big, you might need to modify php configuration options post_max_size and upload_max_filesize",1);
+ }
+
+ if (HTTP_POST_VAR("FILENAME")) check_filename($FILENAME);
+
+ if (! isset($FILENAME)) { // from update file
+ $target = "$fsDir/".basename($FN);
+ } else {
+ $target = "$fsDir/$FILENAME";
+ }
+
+ if (! check_perm("$relDir/".basename($target), trperm_w))
+ Error("Access denied","User $gblLogin tried to upload $relDir/".basename($target)." without valid trustee.",1);
+
+ // backup old files first
+ $dir=dirname($target);
+ if (! file_exists($dir."/.bak")) {
+ mkdir($dir."/.bak",0700);
+ }
+ if (! file_exists($dir."/.bak/$gblNumBackups")) {
+ mkdir($dir."/.bak/$gblNumBackups",0700);
+ }
+ $file=basename($target);
+ for($i=$gblNumBackups-1;$i>0;$i--) {
+ MoveTo("$dir/.bak/$i/$file","$dir/.bak/".($i+1)."/");
+ }
+ MoveTo($target,$dir."/.bak/1/");
+
+ copy($source,$target) ;
+ chmod($target,$gblFilePerms) ;
+ clearstatcache() ;
+ if (isset($FILENAME)) {
+ LogIt($target,"check-in",trperm_r | trperm_w);
+ Unlock($target);
+ } else {
+ LogIt($target,"uploaded",trperm_r | trperm_w);
+ }
+ break ;
+
+ case "SAVE" :
+ $path = $gblFsRoot . $RELPATH ;
+ $path=stripSlashes($path);
+
+ if (! check_perm("$RELPATH", trperm_w))
+ Error("Access denied","User $gblLogin tried to save $RELPATH without valid trustee.",1);
+
+ $writable = is_writeable($path) ;
+ $legaldir = is_writeable(dirname($path)) ;
+ $exists = (file_exists($path)) ? 1 : 0 ;
+ // FIX: more verbose error message
+ if (!($writable || (!$exists && $legaldir)))
+ Error("Write denied",$RELPATH) ;
+ $fh = fopen($path, "w") ;
+ HTTP_POST_VAR("FILEDATA");
+ fwrite($fh,stripSlashes($FILEDATA)) ;
+ fclose($fh) ;
+ clearstatcache() ;
+ LogIt($path,"saved changes",trperm_r);
+ break ;
+
+ case "CREATE" :
+ // we know $fsDir exists
+ if (! check_perm($relDir, trperm_w))
+ Error("Write access denied","You don't have permission to write in $relDir");
+ if ($T == "D") $type = "directory";
+ else $type ="file";
+ if ($FN == "") Error("Can't create $type","You must enter name of $type to create it.");
+ if (!is_writeable($fsDir)) Error("Write denied","User $gblLogin has trustee to write in $relDir but permissions on $fsDir are wrong!", 1) ;
+ $path = "$fsDir/$FN"; // file or dir to create
+ $relPath = "$relDir/$FN";
+
+ if (file_exists($path))
+ Error("Can't create $type","Object $relPath allready exists");
+
+ switch ( $T ) {
+ case "D" : // create a directory
+ if ( ! @mkdir($path,$gblDirPerms) )
+ Error("Mkdir failed",$relPath) ; // eg. if it exists
+ else
+ LogIt($path."/","dir created",trperm_w);
+ clearstatcache() ;
+ break ;
+ case "F" : // create a new file
+// this functionality is doubled in DetailView().
+// better keep it here altogether
+// chmod perms to $gblFilePerms
+ if ( file_exists($path) && !is_writeable($path) )
+ Error("File not writable", "User $gblLogin has trustee to write in $relPath but permissions on $path are wrong!", 1) ;
+ $fh = fopen($path, "w+") ;
+ if ($fh) {
+ fputs($fh,"\n");
+ fclose($fh) ;
+ LogIt($path,"file created",trperm_r | trperm_w);
+ } else {
+ Error("Creation of file $relPath failed", "User $gblLogin has trustee to write in $relPath but creation of $path failed!", 1) ;
+ }
+ $tstr = $HTTP_SERVER_VARS["PHP_SELF"]."?A=E&D=".urlencode($relDir)."&F=".urlencode($FN) ;
+ header("Location: " . $tstr) ;
+ exit ;
+ }
+ break ;
+
+ case "DELETE" :
+ if ( $CONFIRM != "on" ) break;
+
+ if ( isset($FN) && $FN != "") {
+ $path=$fsDir."/".$FN;
+ $what = "file";
+ } elseif (isset($DIR)) {
+ $path=$gblFsRoot."/".$DIR;
+ $what = "directory";
+ } else {
+ Error("Can't delete object","Can't find filename \$FN or dirname in \$DIR",1);
+ }
+
+ if (! check_perm("$relDir/$FN", trperm_w))
+ Error("Access denied","User $gblLogin tried to erase $what $relDir/$FN without valid trustee.",1);
+
+ $tstr = "Attempt to delete non-existing object or insufficient privileges: " ;
+
+ $dir=dirname($path);
+ $file=basename($path);
+
+ if (! file_exists("$dir/.del")) {
+ mkdir("$dir/.del",0700);
+ }
+
+ if ( ! @rename($path,"$dir/.del/$file") ) {
+ LogIt($path,"$what delete failed");
+ Error("Can't delete $what",$tstr."".$relDir."/".$FN."") ;
+ } else {
+ LogIt($path,"$what deleted",trperm_w);
+ MoveTo("$dir/.log/$file","$dir/.del/.log/");
+ MoveTo("$dir/.note/$file","$dir/.del/.note/");
+ MoveTo("$dir/.lock/$file","$dir/.del/.lock/");
+ }
+ break ;
+
+ case "UNDELETE" :
+ if ( $CONFIRM != "on" ) break ;
+
+ if (substr($FN,0,4) != ".del") break ;
+ $file=substr($FN,4,strlen($FN)-4);
+
+ if (! check_perm("$relDir/$file", trperm_w))
+ Error("Access denied","User $gblLogin tried to undelete $relDir/$file without valid trustee.",1);
+
+ LogIt("$fsDir/.del/$file","undeleted",trperm_w);
+ MoveTo("$fsDir/.del/$file","$fsDir/");
+ MoveTo("$fsDir/.del/.log/$file","$fsDir/.log/");
+ MoveTo("$fsDir/.del/.note/$file","$fsDir/.note/");
+ MoveTo("$fsDir/.del/.lock/$file","$fsDir/.lock/");
+
+ break ;
+
+ case "RENAME" :
+ if ( $CONFIRM != "on" ) break ;
+
+ if (HTTP_POST_VAR("NEWNAME")) {
+ $dest = remove_parent($relDir.$NEWNAME);
+ if (! check_perm($relDir.$FN, trperm_w) ||
+ ! check_perm($dest, trperm_w) )
+ Error("Access denied","User $gblLogin tried to rename $relDir$FN to $dest without valid trustee.",1);
+ } else {
+ Error("Rename error","Can't find new name in var \$NEWNAME",1);
+ }
+ LogIt("$fsDir/$FN","renamed $FN to $NEWNAME",trperm_r);
+ safe_rename($fsDir,$FN,$NEWNAME);
+ break ;
+
+ case "NOTE" :
+ if (! HTTP_POST_VAR("NOTE"))
+ Error("Can't add note to object","Can't find var \$NOTE",1);
+ if (! check_perm("$relDir/$FN", trperm_w))
+ Error("Access denied","User $gblLogin tried to add note to $relDir/$FN without valid trustee.",1);
+
+ WriteNote("$fsDir/$FN",$NOTE);
+ break ;
+
+ case "UNLOCK" :
+ if ( $CONFIRM != "on" ) break ;
+ if (! check_perm("$relDir/$FN", trperm_w))
+ Error("Access denied","User $gblLogin tried to unlock $relDir/$FN without valid trustee.",1);
+ Unlock("$fsDir/$FN");
+ break ;
+
+ default :
+ // user hit "CANCEL" or undefined action
+ }
+
+ // common to all POSTs : redirect to directory view ($relDir)
+ if (isset($POSTACTION)) {
+ $tstr = $HTTP_SERVER_VARS["PHP_SELF"]."?D=".urlencode($relDir);
+ header("Location: ".$tstr) ;
+ exit ;
+ }
+
+ // check for mode.. navigate, code display, upload, or detail?
+ // $A=U : upload to path given in $D
+ // $A=E : display detail of file $D/$F and edit
+ // $A=C : display code in file $D/$F
+ // $A=Co : checkout file $D/$F
+ // $A=Ci : checkin file $D/$F
+ // $A=V : view file (do nothing except log)
+ // $A=I : include file .$F.php from [$gblIncDir|realm]/include_php
+ // default : display directory $D
+
+ if (isset($A)) switch ($A) {
+ case "U" :
+ // upload to $relDir
+ if (! check_perm($relDir, trperm_w))
+ Error("Write access denied","You don't have permission to write in $relDir");
+ if (!is_writeable($gblFsRoot . $relDir))
+ Error("Write access denied","User $gblLogin has permission on $relDir, but directory is not writable",1);
+ $text = "Use this page to upload a single " ;
+ $text .= "file to $realm." ;
+ StartHTML("(Upload Page)", $text) ;
+ UploadPage($gblFsRoot, $relDir) ;
+ EndHTML() ;
+ exit ;
+ case "E" :
+ // detail of $relDir/$F
+ if (is_file("$gblFsRoot/$relDir/$F") || is_dir("$gblFsRoot/$relDir/$F")) DetailPage($gblFsRoot, $relDir, $F) ;
+ exit ;
+ case "C" :
+ $F=stripSlashes($F);
+ // listing of $relDir/$F
+ DisplayCode($gblFsRoot, $relDir, $F) ;
+ exit ;
+ case "Co" :
+ // checkout
+ Lock("$gblFsRoot/$relDir/$F");
+ Download("$gblFsRoot/$relDir/$F",1);
+ exit;
+ case "Ci" :
+ $F=stripSlashes($F);
+ // upload && update to $relDir
+ if (!is_writeable($gblFsRoot . $relDir))
+ Error("Write access denied",$relDir) ;
+ $text = "Use this page to update a single " ;
+ $text .= "file to $realm." ;
+ StartHTML("(Update file Page)", $text) ;
+ UploadPage($gblFsRoot, $relDir, $F) ;
+ EndHTML() ;
+ exit ;
+ case "V" :
+ // view
+ LogIt("$gblFsRoot/$relDir/$F","viewed");
+ Download("$gblFsRoot/$relDir/$F",$gblForceDownload);
+ exit;
+ case "Ch" :
+ StartHTML("(File changes)","All changes chronologicaly...");
+ DisplayChangeLog(0); // all
+ EndHTML() ;
+ exit;
+ case "Ch1" :
+ StartHTML("(File changes)","Changes to files in last day...");
+ DisplayChangeLog(1);
+ EndHTML() ;
+ exit;
+ case "I" :
+ if (! isset($F) || $F == "")
+ Error("Can't find file to include","Your request didn't specify file to include which should be in variable F like $HTTP_SERVER_VARS[REQUEST_URI]&F=include_php_file",1);
+ $inc_file="$fsRealmDir/$realm".$realm_sep.$F.".php";
+ if (! file_exists($inc_file)) {
+ Error("Can't find file to include","Can't find include file $F.php in $fsRealmDir/$realm/. Meybe you should copy $gblIncDir/include_php/$F.php to $inc_file ?",1);
+ }
+ if (!is_readable($inc_file))
+ Error("Read access to include file denied","Can't read PHP include file $inc_file. Fix permissions on it.",1);
+ $text = "Your include file should define \$text variable which holds this text and \$title variable which is page title";
+ $title = "You should define \$title variable with page title";
+ include($inc_file);
+ StartHTML($title, $text) ;
+ print "".GifIcon(up)." Back to front page.
";
+ EndHTML() ;
+ exit ;
+ }
+
+ // default: display directory $relDir
+ Navigate($gblFsRoot,$relDir) ;
+ exit ;
+
+ Error("Whooah!","By cartesian logic, this never happens",1) ;
+?>
+