--- docman.php	2002/07/29 12:53:50	1.30
+++ docman.php	2002/09/06 17:34:06	1.33
@@ -157,6 +157,7 @@
 	
 	global $gblEditable, $gblImages,
 		$gblDateFmt, $gblTimeFmt,
+		$gblPermNote,
 		$webRoot, $html,
 		$HTTP_SERVER_VARS ;
 	$self = $HTTP_SERVER_VARS["PHP_SELF"] ;
@@ -208,25 +209,8 @@
 		$fstr = fread($fh,filesize($fsPath)) ;
 		fclose($fh) ;
 		$fstr = htmlentities( $fstr ) ;
-?>
 
-<FORM ACTION="<?= $self ?>" METHOD="POST">
-<SPAN TITLE="Click [SAVE] to store updated contents.">
-	<B>DOCUMENT CONTENTS</B>
-</SPAN><BR>
-<TEXTAREA NAME="FILEDATA" ROWS=18 COLS=70 WRAP="OFF"><?php 
-echo($fstr) ; ?></TEXTAREA>
-<INPUT TYPE="HIDDEN" NAME="DIR" VALUE="<?= $relDir ; ?>">
-<INPUT TYPE="HIDDEN" NAME="FN" VALUE="<?= $fn ; ?>">
-<INPUT TYPE="HIDDEN" NAME="POSTACTION" VALUE="SAVE">
-<INPUT TYPE="HIDDEN" SIZE=48 MAXLENGTH=255 NAME="RELPATH" 
-	VALUE="<?= $relPath ; ?>">
-<br>
-<INPUT TYPE="RESET" VALUE="UNDO ALL CHANGES">
-<INPUT TYPE="SUBMIT" VALUE="SAVE">
-</FORM>
-
-<?php
+		include("$html/DetailPage-edit.html");
 	}
 	if ( !$file_lock && $ext!="" && strstr(join(' ',$gblImages),$ext) ) {  
 		$info  = getimagesize($fsPath) ;
@@ -237,23 +221,15 @@
 		echo $tstr ;
 	}
 
-?>
 
-<FORM ACTION="<?= $self ; ?>" METHOD="POST">
-<INPUT TYPE="HIDDEN" NAME="DIR" VALUE="<?= $relDir ; ?>">
-<INPUT TYPE="HIDDEN" NAME="FN" VALUE="<?= $fn ; ?>">
-<INPUT TYPE="SUBMIT" NAME="POSTACTION" VALUE="CANCEL"><BR>
-
-<?php
-
-	if ($file_lock) {
-?>
-<hr>
-<SPAN TITLE="Check OK and click UNLOCK to remove lock on file.">
-<B>OK TO FORCE LOCK REMOVAL ON "<?= $fn ; ?>" HELD BY <?= $file_lock ?>? </B></SPAN>
-<INPUT TYPE="CHECKBOX" NAME="CONFIRM">
-<INPUT TYPE="SUBMIT" NAME="POSTACTION" VALUE="UNLOCK">
-<?
+	print '<FORM ACTION="'.$self.'" METHOD="POST">
+		<INPUT TYPE="HIDDEN" NAME="DIR" VALUE="'.$relDir.'">
+		<INPUT TYPE="HIDDEN" NAME="FN" VALUE="'.$fn.'">
+		<INPUT TYPE="SUBMIT" NAME="POSTACTION" VALUE="CANCEL"><BR>
+		';
+
+	if ($file_lock && check_perm($relDir.$fn,trperm_w)) {
+		include("$html/DetailPage-unlock.html");
 	} // file_lock
 
 	if (substr($fn,0,4) == ".del") {
@@ -265,37 +241,16 @@
 	}
 
 	if ($exists && $writable) {
-?>
-
-<HR>
-<a name="undelete">
-<SPAN TITLE="Check OK and click [<?= $action ?>] to <?= $desc ?>.">
-<B>OK TO <?= $action ?> "<?= $fn ; ?>"? </B></SPAN>
-<INPUT TYPE="CHECKBOX" NAME="CONFIRM">
-<INPUT TYPE="SUBMIT" NAME="POSTACTION" VALUE="<?= $action ?>">
-
-<HR>
-<a name="rename">
-<SPAN TITLE="Check OK and click [RENAME] to rename.">
-<B>OK TO RENAME "<?= $fn ; ?>" TO 
-<INPUT TYPE="TEXT" SIZE=24 MAXLENGTH=255 NAME="NEWNAME" VALUE="<?= $fn ?>">
-? </B></SPAN>
-<INPUT TYPE="CHECKBOX" NAME="CONFIRM">
-<INPUT TYPE="SUBMIT" NAME="POSTACTION" VALUE="RENAME">
-
-<?php
-	}	// exists && writable
-?>
-<HR>
-<a name="note">
-<B>NOTE FOR "<?= $fn ; ?>":
-<INPUT TYPE="TEXT" SIZE=50 MAXLENGTH=255 NAME="NOTE" VALUE="<?= ReadNote($fsPath) ?>">
-</B></SPAN>
-<INPUT TYPE="SUBMIT" NAME="POSTACTION" VALUE="NOTE">
+		include("$html/DetailPage-undelete.html");
+		include("$html/DetailPage-rename.html");
 
-</FORM>
+	}
+	
+	if (check_perm($relDir.$fn,$gblPermNote)) {
+		include("$html/DetailPage-note.html");
+	}
 
-<?php
+	print "</FORM>";
 
 	$name=basename("$fsDir/$fn");
 	$logname=dirname("$fsDir/$fn")."/.log/$name";
@@ -580,6 +535,7 @@
 	global $gblEditable, $gblIcon, $gblModDays, $webRoot, $gblHide,
 		$gblIgnoreUnknownFileType, $gblRepositoryDir,
 		$gblLogin, $gblUserName, $gblDateFmt, $gblTimeFmt,
+		$gblPermNote,
 		$fsRealmDir, $realm, $realm_sep,
 		$html, $realm_config,
 		$HTTP_GET_VARS, $HTTP_SERVER_VARS;
@@ -654,8 +610,7 @@
 	$text .= "<br>Examine list of files <a href=\"$self?A=Ch1\">changed in last day</a> or <a href=\"$self?A=Ch\">all changes</a>.";
 	StartHTML("(Navigate)",$text) ;
 
-	echo "<TABLE BORDER=0 CELLPADDING=2 
-		CELLSPACING=3 WIDTH=\"100%\">" ;
+	print "<TABLE BORDER=0 CELLPADDING=2 CELLSPACING=3 WIDTH=\"100%\">" ;
 
 	// updir (parent) bar	
 	if (chopsl($fsDir) != chopsl($fsRoot)) {
@@ -673,7 +628,8 @@
 		return $out;
 	}
 
-	if (! HTTP_GET_VAR("dsort")) $dsort = "name"; // default directory sort
+	$dsort = HTTP_GET_VAR("dsort");
+	if (! isset($dsort)) $dsort = "name"; // default directory sort
 
 	$dsort_arr = array(
 		"name" => array ("rname", "note"),
@@ -682,7 +638,8 @@
 		"rnote" => array ("name", "note")
 		);
 
-	if (! HTTP_GET_VAR("fsort")) $fsort = "name"; // default directory sort
+	$fsort = HTTP_GET_VAR("fsort");
+	if (! isset($fsort)) $fsort = "name"; // default directory sort
 
 	$fsort_arr = array(
 		"name" => array ("rname", "note", "date", "size"),
@@ -744,6 +701,12 @@
 			}
 	
 			$dir_url=$self."?D=".urlencode(chopsl($relDir)."/".$dir);
+			if (check_perm($relDir.$dir,$gblPermNote)) {
+				$note_html="<a href=\"$info_url#note\">".$gblIcon("note")."</a>".$dirNote[$key];
+			} else {
+				$note_html=$dirNote[$key];
+			}
+
 			include("$html/Navigate-dirEntry.html");
 
 		}  // iterate over dirs
@@ -824,7 +787,11 @@
 			$file_url_html .= substr($file,5,strlen($file)-5) . "</a> <a href=\"$info_url#undelete\"><SPAN CLASS=deleted TITLE=\"deleted\">deleted</span></a>";
 		}
 
-		$note_html="<a href=\"$info_url#note\">".$gblIcon("note")."</a>".ReadNote($path);
+		if (check_perm($relDir.$file,$gblPermNote)) {
+			$note_html="<a href=\"$info_url#note\">".$gblIcon("note")."</a>".$fileNote[$key];
+		} else {
+			$note_html=$fileNote[$key];
+		}
 
 		$ext = strtolower(strrchr($file,".")) ;
 
@@ -844,9 +811,11 @@
 				$file_url_html = "$file $a";
 			}
 		} else {
-			$b.="<A HREF=\"$self?A=Co&D=".urlencode($relDir)."&F=".urlencode($file);
-			$b.="\" TITLE=\"Checkout file for edit\">" ;
-			$b.=$gblIcon("checkout")."</A>";
+			if (check_perm($relDir.$file,trperm_w)) {
+				$b.="<A HREF=\"$self?A=Co&D=".urlencode($relDir)."&F=".urlencode($file);
+				$b.="\" TITLE=\"Checkout file for edit\">" ;
+				$b.=$gblIcon("checkout")."</A>";
+			}
 
 			if ( $ext=="" || strstr(join(" ",$gblEditable),$ext) ) {  
 				$b.="<A HREF=\"$self?A=C&D=".urlencode($relDir)."&F=".urlencode($file);
@@ -863,61 +832,31 @@
 
 	  }  // iterate over files
 	} else {  // end if no files
-?>
- <TR><TD></TD><TD COLSPAN=5 CLASS=LST>
-  No files in this directory
- </TD></TR>
-<?
+		include("$html/Navigate-noFiles.html");
 	}
 
 	if ($emptyDir && $relDir != "") {
-?>
-
-<FORM METHOD="POST" ACTION="<?= $self ?>">
- <TR><TD></TD><TD COLSPAN=5 CLASS=BAR>
-  <INPUT TYPE="HIDDEN" NAME="DIR" VALUE="<?= $relDir ?>">
-  OK TO DELETE THIS EMPTY FOLDER?
-  <INPUT TYPE="CHECKBOX" NAME="CONFIRM"> 
-  <INPUT TYPE="SUBMIT" NAME="POSTACTION" VALUE="DELETE">
- </TD></TR>
-</FORM>
-
-<?php
+		include("$html/Navigate-emptyDir.html");
 	} // end if emptyDir
-?>
-
-<TR><TD></TD><TD COLSPAN=5><HR></TD></TR>
 
-<?
+	include("$html/Navigate-hr.html");	
 
-if (file_exists("$fsRealmDir/$realm".$realm_sep."info.inc")) {
-	print "<TR><TD></TD><TD COLSPAN=5>";
-	include("$fsRealmDir/$realm".$realm_sep."info.inc");
-	print "</TD></TR><TR><TD></TD><TD COLSPAN=5><HR></TD></TR>";
-} elseif (file_exists("$gblRepositoryDir/.info.inc")) {
-	print "<TR><TD></TD><TD COLSPAN=5>";
-	include("$gblRepositoryDir/.info.inc");
-	print "</TD></TR><TR><TD></TD><TD COLSPAN=5><HR></TD></TR>";
-}
+	if (file_exists("$fsRealmDir/$realm".$realm_sep."info.inc")) {
+		print "<TR><TD></TD><TD COLSPAN=5>";
+		include("$fsRealmDir/$realm".$realm_sep."info.inc");
+		print "</TD></TR>";
+		include("$html/Navigate-hr.html");	
+	} elseif (file_exists("$gblRepositoryDir/.info.inc")) {
+		print "<TR><TD></TD><TD COLSPAN=5>";
+		include("$gblRepositoryDir/.info.inc");
+		print "</TD></TR>";
+		include("$html/Navigate-hr.html");	
+	}
 
+	include("$html/Navigate-createNew.html");
 
-?>
-
-<FORM METHOD="POST" ACTION="<?= $self ?>">
-<TR><TD></TD><TD COLSPAN=5 CLASS=BAR>CREATE NEW
- <INPUT TYPE="RADIO" NAME="T" VALUE="D" CHECKED>DIRECTORY -OR- 
- <INPUT TYPE="RADIO" NAME="T" VALUE="F">FILE : &nbsp;&nbsp;
- <NOBR>NAME <INPUT TYPE="TEXT" NAME="FN" SIZE=14>
- <INPUT TYPE="HIDDEN" NAME="POSTACTION" VALUE="CREATE">
- <INPUT TYPE="HIDDEN" NAME="DIR" VALUE="<?= $relDir ?>">
- <INPUT TYPE="SUBMIT" VALUE="CREATE" NAME="CREATE">
- </NOBR> 
- <NOBR>OR <A HREF="<?= $self ?>?A=U&D=<?= urlencode($relDir) ?>">UPLOAD</A> A FILE</NOBR>
-</TD></TR>
-</FORM>
-</TABLE>
+	print "</TABLE>";
 
-<?php
 	EndHTML() ;
 } // end function Navigate
 
@@ -1701,7 +1640,11 @@
 	// read mime.types
 	readMime();
 
-HTTP_POST_VAR("FN");
+	if (! isset($gblPermNote)) {
+		$gblPermNote = trperm_r;
+	}
+
+	HTTP_POST_VAR("FN");
 
 	if ($HTTP_SERVER_VARS["REQUEST_METHOD"] == "POST") {
 		// take variables from server
@@ -1758,7 +1701,7 @@
 
 		$source = $FN_name ;
 		if (! file_exists($source)) {
-			Error("You must select file with browse to upload it!");
+			Error("You must select file with browse to upload it!","If file is too big, you might need to modify php configuration options <tt>post_max_size</tt> and <tt>upload_max_filesize</tt>",1);
 		}
 
 		if (HTTP_POST_VAR("FILENAME")) check_filename($FILENAME);
@@ -1939,6 +1882,8 @@
 
 	case "UNLOCK" :  
 		if ( $CONFIRM != "on" ) break ;
+		if (! check_perm("$relDir/$FN", trperm_w))
+			Error("Access denied","User <tt>$gblLogin</tt> tried to unlock <tt>$relDir/$FN</tt> without valid trustee.",1);
 		Unlock("$fsDir/$FN");
 		break ;
 

	- No files in this directory -
	- - OK TO DELETE THIS EMPTY FOLDER? - - -

	"; - include("$fsRealmDir/$realm".$realm_sep."info.inc"); - print "

	"; - include("$gblRepositoryDir/.info.inc"); - print "

	"; + include("$fsRealmDir/$realm".$realm_sep."info.inc"); + print "
	"; + include("$gblRepositoryDir/.info.inc"); + print "
	CREATE NEW - DIRECTORY -OR- - FILE : - NAME - - - - - OR UPLOAD A FILE -