/[docman2]/docman.php
This is repository of my old source code which isn't updated any more. Go to git.rot13.org for current projects!
ViewVC logotype

Diff of /docman.php

Parent Directory Parent Directory | Revision Log Revision Log | View Patch Patch

revision 1.9 by dpavlin, Sat Jul 27 19:59:35 2002 UTC revision 1.15 by dpavlin, Sun Jul 28 13:08:21 2002 UTC
# Line 118  function StartHTML($title,$text="") { Line 118  function StartHTML($title,$text="") {
118          if (file_exists("$fsDocumentRoot/docman.css")) {          if (file_exists("$fsDocumentRoot/docman.css")) {
119                  $css=dirname($self)."/docman.css";                  $css=dirname($self)."/docman.css";
120          } else {          } else {
121                  $css=$self."?STYLE=get&css=$css";                  $css=$self."?STYLE=get";
122          }          }
123    
124          include("$html/head.html");          include("$html/head.html");
# Line 145  function EndHTML() { Line 145  function EndHTML() {
145                  $url_title="relogin";                  $url_title="relogin";
146          }          }
147          include("$html/footer.html");          include("$html/footer.html");
148    
149            global $debug;
150            if ($debug) print $debug;
151  } // end function EndHTML  } // end function EndHTML
152    
153  //////////////////////////////////////////////////////////////////  //////////////////////////////////////////////////////////////////
# Line 160  function DetailPage($fsRoot,$relDir,$fn) Line 163  function DetailPage($fsRoot,$relDir,$fn)
163    
164          $exists   = file_exists($fsPath) ;          $exists   = file_exists($fsPath) ;
165          $ext      = strtolower(strrchr($relPath,".")) ;          $ext      = strtolower(strrchr($relPath,".")) ;
166          $editable = ( $ext=="" || strstr(join(" ",$gblEditable),$ext)) ;          $editable = ( $ext=="" || strstr(join(" ",$gblEditable),$ext)) &&
167          $writable = is_writeable($fsPath) ;                  check_perm($relPath,trperm_w);
168            $writable = is_writeable($fsPath) && check_perm($relPath,trperm_w) ;
169            $writable_dir = is_writeable($fsDir) && check_perm($relDir,trperm_w) ;
170          $file_lock = CheckLock($fsPath);          $file_lock = CheckLock($fsPath);
171    
172          if (!$editable && !$exists)          if (!$editable && !$exists)
173                  Error("Creation unsupported for type",$relPath) ;                  Error("Creation denied","Can't create <tt>$relPath</tt>") ;
174          if (!exists && !is_writeable($fsDir) )          if (!$exists && !$writable_dir )
175                  Error("Creation denied",$relDir) ;                  Error("Creation denied","Can't write in directory <tt>$relDir</tt> while creating <tt>$relPath</tt>for which user has permissions.",1);
176    
177          $text  = _("Use this page to view, modify or ") ;          $text  = _("Use this page to view, modify or ") ;
178          if (is_dir($fsPath)) {          if (is_dir($fsPath)) {
# Line 200  function DetailPage($fsRoot,$relDir,$fn) Line 205  function DetailPage($fsRoot,$relDir,$fn)
205                  $fstr = htmlentities( $fstr ) ;                  $fstr = htmlentities( $fstr ) ;
206  ?>  ?>
207    
208  <FORM ACTION="<?= $self ; ?>" METHOD="POST">  <FORM ACTION="<?= $self ?>" METHOD="POST">
209  <SPAN TITLE="Click [SAVE] to store updated contents.">  <SPAN TITLE="Click [SAVE] to store updated contents.">
210          <B>DOCUMENT CONTENTS</B>          <B>DOCUMENT CONTENTS</B>
211  </SPAN><BR>  </SPAN><BR>
# Line 571  function GifIcon($txt) { Line 576  function GifIcon($txt) {
576  function Navigate($fsRoot,$relDir) {  function Navigate($fsRoot,$relDir) {
577    
578          global $gblEditable, $gblIcon, $gblModDays, $webRoot, $gblHide,          global $gblEditable, $gblIcon, $gblModDays, $webRoot, $gblHide,
579                  $gblIgnoreUnknownFileType,                  $gblIgnoreUnknownFileType, $gblRepositoryDir,
580                    $fsRealmDir, $realm, $realm_sep,
581                  $HTTP_GET_VARS, $html, $realm_config;                  $HTTP_GET_VARS, $html, $realm_config;
582            
583          $self     = $HTTP_SERVER_VARS["PHP_SELF"] ;          $self     = $HTTP_SERVER_VARS["PHP_SELF"] ;
584    
585          if ($relDir == "") $relDir = "/";          if ($relDir == "") $relDir = "/";
586    
587          $fsDir = $fsRoot.$relDir."/";   // current directory          $fsDir = $fsRoot.$relDir."/";   // current directory
588    
589          if (!is_dir($fsDir)) Error("Dir not found",$relDir) ;          if (!is_dir($fsDir)) Error("Dir not found",$relDir,1) ;
590    
591          $hide_items=",$gblHide,";          $hide_items=",$gblHide,";
592    
# Line 633  function Navigate($fsRoot,$relDir) { Line 639  function Navigate($fsRoot,$relDir) {
639          echo "<TABLE BORDER=0 CELLPADDING=2          echo "<TABLE BORDER=0 CELLPADDING=2
640                  CELLSPACING=3 WIDTH=\"100%\">" ;                  CELLSPACING=3 WIDTH=\"100%\">" ;
641    
642          // updir bar              // updir (parent) bar  
643          if (chopsl($fsDir) != chopsl($fsRoot)) {          if (chopsl($fsDir) != chopsl($fsRoot)) {
644                  $parent = dirname($relDir) ;                  $parent = dirname($relDir) ;
645                  if ($parent == "") $parent = "/" ;                  if ($parent == "") $parent = "/" ;
# Line 713  function Navigate($fsRoot,$relDir) { Line 719  function Navigate($fsRoot,$relDir) {
719                          $dir = $dirList[$key];                          $dir = $dirList[$key];
720    
721                          $info_url=self_args(array("A"=>"A=E", "F"=>"F=".urlencode($dir), "D"=>$D));                          $info_url=self_args(array("A"=>"A=E", "F"=>"F=".urlencode($dir), "D"=>$D));
722                          $dir_url=$self."?D=".urlencode($relDir."/".$dir);                          $dir_url=$self."?D=".urlencode(chopsl($relDir)."/".$dir);
723                          include("$html/Navigate-dirEntry.html");                          include("$html/Navigate-dirEntry.html");
724    
725                  }  // iterate over dirs                  }  // iterate over dirs
# Line 859  function Navigate($fsRoot,$relDir) { Line 865  function Navigate($fsRoot,$relDir) {
865  <TR><TD></TD><TD COLSPAN=5><HR></TD></TR>  <TR><TD></TD><TD COLSPAN=5><HR></TD></TR>
866    
867  <?  <?
868  if (file_exists(".info.inc")) {  
869    if (file_exists("$fsRealmDir/$realm".$realm_sep."info.inc")) {
870            print "<TR><TD></TD><TD COLSPAN=5>";
871            include("$fsRealmDir/$realm".$realm_sep."info.inc");
872            print "</TD></TR><TR><TD></TD><TD COLSPAN=5><HR></TD></TR>";
873    } elseif (file_exists("$gblRepositoryDir/.info.inc")) {
874          print "<TR><TD></TD><TD COLSPAN=5>";          print "<TR><TD></TD><TD COLSPAN=5>";
875          include(".info.inc");          include("$gblRepositoryDir/.info.inc");
876          print "</TD></TR>          print "</TD></TR><TR><TD></TD><TD COLSPAN=5><HR></TD></TR>";
         <TR><TD></TD><TD COLSPAN=5><HR></TD></TR>";  
877  }  }
878    
879    
880  ?>  ?>
881    
882  <FORM METHOD="POST" ACTION="<?= $self ?>">  <FORM METHOD="POST" ACTION="<?= $self ?>">
# Line 903  function UploadPage($fsRoot, $relDir, $f Line 915  function UploadPage($fsRoot, $relDir, $f
915  // Error with sysadmin flag are reported to error_log or hidden from  // Error with sysadmin flag are reported to error_log or hidden from
916  // users  // users
917    
918  function Error($title,$text="",$sysadmin=0) {  function Error($title,$text="",$sysadmin=0,$no_404=0) {
919          global $gblSeparateAdminMessages,          global $gblSeparateAdminMessages,
920                  $gblMailAdminMessages,$realm,                  $gblMailAdminMessages,$realm,
921                  $HTTP_SERVER_VARS;                  $HTTP_SERVER_VARS;
922          if (! headers_sent()) header("HTTP/1.0 404 Not Found");          if (! headers_sent() && ! $no_404) header("HTTP/1.0 404 Not Found");
923          if ($sysadmin) {          if ($sysadmin) {
924                  if ($gblSeparateAdminMessages) {                  if ($gblSeparateAdminMessages) {
925                          $user="Your administrator ";                          $user="Your administrator ";
# Line 1205  function Download($path,$force=0) { Line 1217  function Download($path,$force=0) {
1217  //////////////////////////////////////////////////////////////////  //////////////////////////////////////////////////////////////////
1218    
1219  function chopsl($path) {  function chopsl($path) {
         if (substr($path,strlen($path)-1,1) == "/") $path=substr($path,0,strlen($path)-1);  
1220          $path=str_replace("//","/",$path);          $path=str_replace("//","/",$path);
1221            if (substr($path,strlen($path)-1,1) == "/") $path=substr($path,0,strlen($path)-1);
1222          return $path;          return $path;
1223  }  }
1224    
# Line 1431  function check_trustee($user,$path) { Line 1443  function check_trustee($user,$path) {
1443    
1444  function check_perm($path,$trperm) {  function check_perm($path,$trperm) {
1445          global $gblLogin,$HAVE_TRUSTEE;          global $gblLogin,$HAVE_TRUSTEE;
1446  print "<br>check_perm: <tt>$path</tt> test perm ".display_trustee($perm)."<br>\n";  
1447            global $debug;
1448    $debug.="<br>check_perm: <tt>$path</tt> test perm ".display_trustee($perm)."<br>\n";
1449          $return = ! $HAVE_TRUSTEE;          $return = ! $HAVE_TRUSTEE;
1450          if ($HAVE_TRUSTEE) {          if ($HAVE_TRUSTEE) {
1451                  $perm = check_trustee($gblLogin,$path);                  $perm = check_trustee($gblLogin,$path);
1452  print " d: $perm[deny] (".display_trustee($perm[deny]).") a: $perm[allow] (".display_trustee($perm[allow]).") perm: $trperm";  $debug.=" d: $perm[deny] (".display_trustee($perm[deny]).") a: $perm[allow] (".display_trustee($perm[allow]).") perm: $trperm";
1453                  if ($perm[deny] & $trperm) $return=0;                  if ($perm[deny] & $trperm) $return=0;
1454                  elseif ($perm[allow] & $trperm) $return=1;                  elseif ($perm[allow] & $trperm) $return=1;
1455          }          }
1456  print " return: $return<br>\n";  $debug.=" return: $return<br>\n";
1457          return($return);          return($return);
1458  }  }
1459    
# Line 1469  function readMime() { Line 1483  function readMime() {
1483  }  }
1484    
1485  //////////////////////////////////////////////////////////////////  //////////////////////////////////////////////////////////////////
1486    
1487    // check for invalid characters in filename and dirname (.. and /)
1488    
1489    function check_dirname($file) {
1490            if (strstr($file,"..")) Error("Security violation","No parent dir <tt>..</tt> allowed in directory name <tt>$file</tt>",1);
1491    }
1492    
1493    function check_filename($file) {
1494            if (strstr($file,"..")) Error("Security violation","No parent dir <tt>..</tt> allowed in file name <tt>$file</tt>",1);
1495            if (strstr($file,"/")) Error("Security violation","No slashes <tt>/</tt> allowed in file name <tt>$file</tt>",1);
1496    }
1497    
1498    //////////////////////////////////////////////////////////////////
1499  // MAIN PROGRAM  // MAIN PROGRAM
1500    
1501          $gblFilePerms = 0640 ;         // default for new files          $gblFilePerms = 0640 ;         // default for new files
1502          $gblDirPerms  = 0750 ;          // default for new dirs          $gblDirPerms  = 0750 ;          // default for new dirs
1503    
1504            $STYLE = $HTTP_GET_VARS[STYLE];
1505          if (isset($STYLE) && $STYLE == "get") {          if (isset($STYLE) && $STYLE == "get") {
1506                  include("$html/docman.css");                  include("$html/docman.css");
1507                  exit;                  exit;
# Line 1492  function readMime() { Line 1520  function readMime() {
1520          if (! isset($fsRealmDir)) {          if (! isset($fsRealmDir)) {
1521                  $fsRealmDir = "$gblIncDir/realm";                  $fsRealmDir = "$gblIncDir/realm";
1522          }          }
1523          $realm_config = "$fsRealmDir/$realm.conf";  
1524            // try to add dir to script name to realm var
1525            if (is_dir("$fsRealmDir/$realm/".dirname($HTTP_SERVER_VARS[SCRIPT_NAME]))) {
1526                    $realm .= dirname($HTTP_SERVER_VARS[SCRIPT_NAME]);
1527                    $realm_sep = "/";
1528            } else {
1529                    $realm_sep = ".";
1530            }
1531    
1532            $realm_config = $fsRealmDir."/".$realm.$realm_sep."conf";
1533    
1534          // read user-defined configuration          // read user-defined configuration
1535          if (file_exists($realm_config)) {          if (file_exists($realm_config)) {
# Line 1511  function readMime() { Line 1548  function readMime() {
1548          }          }
1549    
1550          // if no password, or empty password logout          // if no password, or empty password logout
1551            $relogin = $HTTP_GET_VARS[relogin];
1552            $force_login = $HTTP_GET_VARS[force_login];
1553          if (          if (
1554                  isset($gblLogin) && (                  isset($gblLogin) && (
1555                          !isset($relogin) || (                          !isset($relogin) || (
# Line 1528  function readMime() { Line 1567  function readMime() {
1567          if (!is_dir($gblRepositoryDir)) Error("Repository dir not found","Can't find repository directory <tt>$gblRepositoryDir</tt>. Please fix that in <tt>$realm_config</tt> variable <tt>\$gblRepositoryDir</tt>.",1);          if (!is_dir($gblRepositoryDir)) Error("Repository dir not found","Can't find repository directory <tt>$gblRepositoryDir</tt>. Please fix that in <tt>$realm_config</tt> variable <tt>\$gblRepositoryDir</tt>.",1);
1568    
1569          // trustee (ACL) file configuration          // trustee (ACL) file configuration
1570          $trustee_conf="$gblIncDir/realm/$realm.trustee";          $trustee_conf="$fsRealmDir/$realm".$realm_sep."trustee";
1571          // compiled version of trustee file          // compiled version of trustee file
1572          $trustee_php="$gblRepositoryDir/.trustee.php";          $trustee_php="$gblRepositoryDir/.trustee.php";
1573          // get ACL informations          // get ACL informations
# Line 1549  function readMime() { Line 1588  function readMime() {
1588                  isset($relogin) && $secHash == $relogin) {                  isset($relogin) && $secHash == $relogin) {
1589                  header("WWW-authenticate: basic realm=\"$realm\"") ;                  header("WWW-authenticate: basic realm=\"$realm\"") ;
1590                  header("HTTP/1.0 401 Unauthorized") ;                  header("HTTP/1.0 401 Unauthorized") ;
1591                  Error("401 Unauthorized","No trespassing !");                  Error("401 Unauthorized","No trespassing !",0,1);
1592          }          }
1593    
1594    
1595          // read mime.types          // read mime.types
1596          readMime();          readMime();
1597    
1598          // get current directory relative to $gblFsRoot          if ($HTTP_SERVER_VARS["REQUEST_METHOD"] == "POST") {
1599          $relDir = $DIR ;        // from POST                  // take variables from server
1600          if ($relDir == "") {    // not defined in POST ?                  $FN=stripSlashes($HTTP_POST_VARS["FN"]);
1601                  $relDir = urldecode($D) ;  // then use GET                  $DIR=stripSlashes($HTTP_POST_VARS["DIR"]);
1602          }                        $RELPATH=stripSlashes($HTTP_POST_VARS["RELPATH"]);
1603                    $T=stripSlashes($HTTP_POST_VARS["T"]);
1604                    $CONFIRM=stripSlashes($HTTP_POST_VARS["CONFIRM"]);
1605    
1606                    check_filename($FN);
1607                    check_dirname($DIR);
1608                    check_dirname($RELPATH);
1609    
1610          $relDir=stripSlashes($relDir);                  $relDir = $DIR;
1611            } else {
1612                    // get
1613                    $A=stripSlashes($HTTP_GET_VARS["A"]);
1614                    $D=stripSlashes(urldecode($HTTP_GET_VARS["D"]));
1615                    $F=stripSlashes($HTTP_GET_VARS["F"]);
1616    
1617          if ($relDir == "/") $relDir = "" ;                        check_filename($F);
1618          // default : website root = ""                  check_dirname($D);
1619    
1620          if (strstr($relDir,"..")) Error("No updirs allowed");                  $relDir = $D;
1621            }
1622    
1623          // full paths contain "fs" or "Fs". Paths realitve to root of          if ($relDir == "/") $relDir = "" ;      
         // website contain "rel" or "Rel". The script won't let you  
         // edit anything above directory equal to http://server.com  
         // i.e. below $gblFsRoot.  
1624    
1625          $relScriptDir = dirname($SCRIPT_NAME) ;                  $relScriptDir = dirname($SCRIPT_NAME) ;        
1626          // i.e. /docman          // i.e. /docman
1627    
1628          // start on server root          // start on server root
1629          $gblFsRoot = $gblRepositoryDir;          $gblFsRoot = $gblRepositoryDir;
1630          // i.e. /home/httpd/html          // i.e. /home/httpd/repository
1631    
1632          $fsDir = $gblFsRoot . $relDir ; // current directory          $fsDir = $gblFsRoot . $relDir ; // current directory
1633          if ( !is_dir($fsDir) ) Error("Dir not found",$relDir) ;          if ( !is_dir($fsDir) ) Error("Dir not found",$relDir,1) ;
1634    
1635          if (isset($HTTP_SERVER_VARS["HTTPS"]) && $HTTP_SERVER_VARS["HTTPS"] == "on") {          if (isset($HTTP_SERVER_VARS["HTTPS"]) && $HTTP_SERVER_VARS["HTTPS"] == "on") {
1636                  $webRoot  = "https://";                  $webRoot  = "https://";
# Line 1590  function readMime() { Line 1639  function readMime() {
1639          }          }
1640          $webRoot .= $HTTP_SERVER_VARS["HTTP_HOST"] . $relScriptDir;          $webRoot .= $HTTP_SERVER_VARS["HTTP_HOST"] . $relScriptDir;
1641    
         // take variables from server  
         $FN=stripSlashes($HTTP_POST_VARS["FN"]);  
         $DIR=stripSlashes($HTTP_POST_VARS["DIR"]);  
         $RELPATH=stripSlashes($HTTP_POST_VARS["RELPATH"]);  
         $T=stripSlashes($HTTP_POST_VARS["T"]);  
         $CONFIRM=stripSlashes($HTTP_POST_VARS["CONFIRM"]);  
   
         // get  
         $A=stripSlashes($HTTP_GET_VARS["A"]);  
         $D=stripSlashes($HTTP_GET_VARS["D"]);  
   
 //      if (isset($F)) Error("Document manager system error","variable $F shouldn't be set here (re-check old code)",1);  
 //      $F=stripSlashes($HTTP_SERVER_VARS["PATH_INFO"]);  
         $F=stripSlashes($HTTP_GET_VARS["F"]);  
   
1642          switch ($HTTP_POST_VARS["POSTACTION"]) {          switch ($HTTP_POST_VARS["POSTACTION"]) {
1643          case "UPLOAD" :          case "UPLOAD" :
1644                  $FN_name=stripSlashes($HTTP_POST_FILES["FN"]["tmp_name"]);                  $FN_name=stripSlashes($HTTP_POST_FILES["FN"]["tmp_name"]);
# Line 1617  function readMime() { Line 1651  function readMime() {
1651                  }                  }
1652    
1653                  $FILENAME = $HTTP_POST_VARS["FILENAME"];                  $FILENAME = $HTTP_POST_VARS["FILENAME"];
1654                  if (strstr($FILENAME,"/"))                  check_filename($FILENAME);
1655                          Error("Upload error","Non-conforming filename. Filename <tt>$FILENAME</tt> has slashes (<tt>/</tt>) in it.") ;  
1656                  if (! isset($FILENAME)) {       // from update file                  if (! isset($FILENAME)) {       // from update file
1657                          $target = "$fsDir/".basename($FN);                          $target = "$fsDir/".basename($FN);
1658                  } else {                  } else {
# Line 1786  function readMime() { Line 1820  function readMime() {
1820          // $A=Co : checkout file $D/$F          // $A=Co : checkout file $D/$F
1821          // $A=Ci : checkin file $D/$F          // $A=Ci : checkin file $D/$F
1822          // $A=V : view file (do nothing except log)          // $A=V : view file (do nothing except log)
1823          // $A=I : include file .$F.php from $gblFsRoot          // $A=I : include file .$F.php from [$gblIncDir|realm]/include_php
1824          // default : display directory $D          // default : display directory $D
1825    
1826          switch ($A) {          switch ($A) {
# Line 1841  function readMime() { Line 1875  function readMime() {
1875                  EndHTML() ;                  EndHTML() ;
1876                  exit;                  exit;
1877          case "I" :          case "I" :
1878                  $F=stripSlashes($F);                  if (! isset($F) || $F == "")
1879                  $inc_file="${gblFsRoot}/.${F}.php";                          Error("Can't find file to include","Your request didn't specify file to include which should be in variable <tt>F</tt> like <tt>$HTTP_SERVER_VARS[REQUEST_URI]<b>&F=include_php_file</b></tt>",1);
1880                  if (!isset($F) || $F == "" || !file_exists($inc_file)) Error("Fatal error $inc_file"); // can't find file to include                  $inc_file="$fsRealmDir/$realm".$realm_sep.$F.".php";
1881                    if (! file_exists($inc_file)) {
1882                            Error("Can't find file to include","Can't find include file <tt>$F.php</tt> in <tt>$fsRealmDir/$realm/</tt>. Meybe you should copy <tt>$gblIncDir/include_php/$F.php</tt> to <tt>$inc_file<tt> ?",1);
1883                    }
1884                  if (!is_readable($inc_file))                  if (!is_readable($inc_file))
1885                          Error("Read access to include file denied",".${F}.php");                          Error("Read access to include file denied","Can't read PHP include file <tt>$inc_file</tt>. Fix permissions on it.",1);
1886                  $text  = "Your include file should define \$text variable which holds this text and \$title variable which is page title";                  $text  = "Your include file should define \$text variable which holds this text and \$title variable which is page title";
1887                  $title = "You should define \$title variable with page title";                  $title = "You should define \$title variable with page title";
1888                  include($inc_file);                  include($inc_file);
Legend:
Removed from v.1.9  
changed lines
  Added in v.1.15
  ViewVC Help
Powered by ViewVC 1.1.26