1.4.0 #
# : 00.03.11 31.01.2011 ADD plupload silverlight, gears #
# : 00.03.11 31.01.2011 FIX uploader urlencoded to support Umlaute and special characters #
# : 00.03.12 01.02.2011 ADD css style IMG padding #
# : 00.03.13 03.02.2011 MOD pdf files are downloadable only #
# : 00.03.14 04.02.2011 ADD use alt text to name href of pdf downloads #
# : #
# License This program is free software; you can redistribute it and/or modify #
# it under the terms of the GNU General Public License as published by #
# the Free Software Foundation; either version 2 of the License, or #
# (at your option) any later version. #
# #
# This program is distributed in the hope that it will be useful, #
# but WITHOUT ANY WARRANTY; without even the implied warranty of #
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
# GNU General Public License for more details. #
# #
######################################################################################################################################################
######################################################################################################################################################
# initialize #
#----------------------------------------------------------------------------------------------------------------------------------------------------#
error_reporting(E_ERROR | E_PARSE); # suppress warnings
ob_implicit_flush(TRUE); # autoflush on
ini_set('session.use_trans_sid', 0);
ini_set('allow_url_fopen', 0);
ini_set('allow_url_include', 0);
ini_set('display_errors', 1);
ini_set('expose_php', 0);
ini_set('magic_quotes_gpc', 0);
ini_set('memory_limit', '64M');
#ini_set('open_basedir', '/www/htdocs/w007b097/www.hksrv.org');
ini_set('post_max_size', '8M');
ini_set('register_globals', 0);
ini_set('upload_max_filesize', '8M');
ini_set('force_redirect', 1);
ini_set('session.cookie_lifetime', 0);
ini_set('session.gc_probability', 1);
ini_set('session.gc_divisor', 1000000);
ini_set('session.gc_maxlifetime', 0);
include_once('sseq-lib/seq_lib.php');
include_once('include/texy.min.php');
# error_reporting(E_ALL); # all warnings
$pwd = getcwd(); # starting dir
ini_set('session.save_path', $pwd.'/sessions');
#ini_set('upload_tmp_dir', $pwd.'/tmp');
validate_session(); # secure things
auth($_POST); # session login authentication
$least_dir = ''; # global variable
#----------------------------------------------------------------------------------------------------------------------------------------------------#
# initialize #
######################################################################################################################################################
######################################################################################################################################################
# 00.01.00 uploader receiver #
#----------------------------------------------------------------------------------------------------------------------------------------------------#
# receive uploaded images etc.
if (isset($_GET['upload']))
{
/**
* upload.php
*
* Copyright 2009, Moxiecode Systems AB
* Released under GPL License.
*
* License: http://www.plupload.com/license
* Contributing: http://www.plupload.com/contributing
*/
// HTTP headers for no cache etc
header('Content-type: text/plain; charset=UTF-8');
header("Expires: Mon, 26 Jul 1997 05:00:00 GMT");
header("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT");
header("Cache-Control: no-store, no-cache, must-revalidate");
header("Cache-Control: post-check=0, pre-check=0", false);
header("Pragma: no-cache");
// Settings
// $targetDir = $_SERVER['DOCUMENT_ROOT'] . "uploader/plupload/examples";
// $targetDir = ini_get("upload_tmp_dir") . DIRECTORY_SEPARATOR . "plupload";
$cleanupTargetDir = false; // Remove old files
$maxFileAge = 60 * 60; // Temp file age in seconds
// 5 minutes execution time
@set_time_limit(5 * 60);
// usleep(5000);
// Get parameters
$chunk = isset($_REQUEST["chunk"]) ? $_REQUEST["chunk"] : 0;
$chunks = isset($_REQUEST["chunks"]) ? $_REQUEST["chunks"] : 0;
$fileName = isset($_REQUEST["name"]) ? $_REQUEST["name"] : '';
$target = isset($_REQUEST["target"]) ? $_REQUEST["target"] : './';
# $targetDir = $_SERVER['DOCUMENT_ROOT'] . $target;
$targetDir = urldecode($target); // subdomain problems! # former: utf8_decode
// Clean the fileName for security reasons
$fileName = preg_replace('/[^\pL\w\s\._-]+/u', '', $fileName); // modified to allow whitespace 01.02.2011 dh@huffer-klawitter.de
// again modified to allow Umlaute - seen here: http://weppz.com/tipps/preg_replace-utf-8-und-umlaute/
// Create target dir
if (!file_exists($targetDir))
@mkdir($targetDir,0777,true); // create recursive with full access
// Remove old temp files
if (is_dir($targetDir) && ($dir = opendir($targetDir))) {
while (($file = readdir($dir)) !== false) {
$filePath = $targetDir . DIRECTORY_SEPARATOR . $file;
// Remove temp files if they are older than the max age
if (preg_match('/\\.tmp$/', $file) && (filemtime($filePath) < time() - $maxFileAge))
@unlink($filePath);
}
closedir($dir);
} else
die('{"jsonrpc" : "2.0", "error" : {"code": 100, "message": "Failed to open temp directory."}, "id" : "id"}');
// Look for the content type header
if (isset($_SERVER["HTTP_CONTENT_TYPE"]))
$contentType = $_SERVER["HTTP_CONTENT_TYPE"];
if (isset($_SERVER["CONTENT_TYPE"]))
$contentType = $_SERVER["CONTENT_TYPE"];
if (strpos($contentType, "multipart") !== false) {
if (isset($_FILES['file']['tmp_name']) && is_uploaded_file($_FILES['file']['tmp_name'])) {
// Open temp file
$out = fopen($targetDir . DIRECTORY_SEPARATOR . $fileName, $chunk == 0 ? "wb" : "ab");
if ($out) {
// Read binary input stream and append it to temp file
$in = fopen($_FILES['file']['tmp_name'], "rb");
if ($in) {
while ($buff = fread($in, 4096))
fwrite($out, $buff);
} else
die('{"jsonrpc" : "2.0", "error" : {"code": 101, "message": "Failed to open input stream."}, "id" : "id"}');
fclose($out);
unlink($_FILES['file']['tmp_name']);
} else
die('{"jsonrpc" : "2.0", "error" : {"code": 102, "message": "Failed to open output stream."}, "id" : "id"}');
} else
die('{"jsonrpc" : "2.0", "error" : {"code": 103, "message": "Failed to move uploaded file."}, "id" : "id"}');
} else {
// Open temp file
$out = fopen($targetDir . DIRECTORY_SEPARATOR . $fileName, $chunk == 0 ? "wb" : "ab");
if ($out) {
// Read binary input stream and append it to temp file
$in = fopen("php://input", "rb");
if ($in) {
while ($buff = fread($in, 4096))
fwrite($out, $buff);
} else
die('{"jsonrpc" : "2.0", "error" : {"code": 101, "message": "Failed to open input stream."}, "id" : "id"}');
fclose($out);
} else
die('{"jsonrpc" : "2.0", "error" : {"code": 102, "message": "Failed to open output stream."}, "id" : "id"}');
}
// rotate and resize image
// added 14.09.2010 Dirk Huffer
write_logfile($targetDir . DIRECTORY_SEPARATOR . 'rotate.log','rotate');
$filePath = $targetDir . DIRECTORY_SEPARATOR . $fileName;
write_logfile($targetDir . DIRECTORY_SEPARATOR . 'rotate.log',"filepath: $filePath");
$exif_data = exif_read_data($filePath);
foreach($exif_data as $key => $value)
{
write_logfile($targetDir . DIRECTORY_SEPARATOR . 'rotate.log',"exif_data: $key->$value");
}
write_logfile($targetDir . DIRECTORY_SEPARATOR . 'rotate.log',"exif_data: $exif_data");
$image_object = imagecreatefromjpeg($filePath);
$orientation = $exif_data['IFD0']['Orientation'];
if ($orientation == 6) { imagejpeg(imagerotate($image_object, -90, 0),$filePath); }
if ($orientation == 8) { imagejpeg(imagerotate($image_object, 90, 0),$filePath); }
if ($orientation == 3) { imagejpeg(imagerotate($image_object, 180, 0),$filePath); }
write_logfile($targetDir . DIRECTORY_SEPARATOR . 'rotate.log',"orientation: $orientation");
// write acl control file
// added 09.12.2010 Dirk Huffer
if (!file_exists($targetDir."/acl.txt"))
{
file_put_contents($targetDir."/acl.txt",":r\nadmin:w\n");
}
// Return JSON-RPC response
die('{"jsonrpc" : "2.0", "result" : null, "id" : "id"}');
exit();
}
#----------------------------------------------------------------------------------------------------------------------------------------------------#
# uploader receiver #
######################################################################################################################################################
######################################################################################################################################################
# 00.01.01 deliver image #
#----------------------------------------------------------------------------------------------------------------------------------------------------#
# self-referenced image deliverer - must stand before header
# direct linking of files is locked by .htaccess
if (isset($_GET['raw_content']))
{
Header("Cache-Control: max-age=600");
Header("Pragma: cache");
if (read_access(dirname($_GET['raw_content'])))
{
raw_content($_GET['raw_content']);
}
else
{
print "Access denied.";
}
exit();
}
#----------------------------------------------------------------------------------------------------------------------------------------------------#
# deliver image #
######################################################################################################################################################
######################################################################################################################################################
# config #
#----------------------------------------------------------------------------------------------------------------------------------------------------#
$config_array = parse_ini_file("style/config.ini",true);
#----------------------------------------------------------------------------------------------------------------------------------------------------#
# config #
######################################################################################################################################################
######################################################################################################################################################
# 00.01.00 debug output #
#----------------------------------------------------------------------------------------------------------------------------------------------------#
#get_dir($_GET); # dummy, um $least_dir zu fuellen
#print "
";
#print "";
#print_r($pwd); print "\n";
#print_r($least_dir); print "\n";
#phpinfo();ber
#print_r($_SERVER); print "\n";
#print_r($_POST); print "\n";
#$_POST['dir'] = utf8_decode($_POST['dir']);
#print_r($_POST['dir']); print "\n";
#print_r($_GET); print "\n";
#print_r(get_dir($_GET)); print "\n";
#print md5($_POST['password']);
#print crypt($_GET['l']);
#if (crypt($_GET['l'], $_GET['p']) == $_GET['p']) {
# echo "Password verified!";
#}
#print_r(import_content_dir($_SERVER['DOCUMENT_ROOT']."/content"));
#print_r($_SESSION); print "\n";
#print $_SESSION['started']; print "\n";
#print time(); print "\n";
#print_r(html_menu(menu_array(getcwd().'/extras')));
#print "
";
#----------------------------------------------------------------------------------------------------------------------------------------------------#
# debug output #
######################################################################################################################################################
######################################################################################################################################################
# 00.01.03 action part #
#----------------------------------------------------------------------------------------------------------------------------------------------------#
if (isset($_POST['action']))
{
if (isset($_POST['action']) && ($_POST['action'] == 'sav_index') && (write_access(absolute_path(get_dir($_GET)))) && (isset($_POST['page'])))
{
file_put_contents(absolute_path(get_dir($_GET))."index.txt",$_POST['page']);
}
if (isset($_POST['action']) && ($_POST['action'] == 'sav_info') && (write_access(absolute_path(get_dir($_GET)))) && (isset($_POST['page'])))
{
file_put_contents(absolute_path(get_dir($_GET))."info.txt",$_POST['page']);
}
if (isset($_POST['action']) && ($_POST['action'] == 'sav_desc') && (write_access(absolute_path(get_dir($_GET)))) && (isset($_POST['page'])))
{
file_put_contents(absolute_path(get_dir($_GET))."desc.txt",$_POST['page']);
}
# rename
if (isset($_POST['action']) && ($_POST['action'] == 'ren') && isset($_POST['dir']) && write_access(absolute_path(get_dir($_GET))))
{
$oldName = absolute_path(get_dir($_GET));
$oldName = rtrim($oldName,"/"); # remove trailing slash - if any
$newName = dirname($oldName).'/'.$_POST['dir'];
rename ($oldName,$newName);
}
# delete
if (isset($_POST['action']) && ($_POST['action'] == 'del') && (write_access(absolute_path(get_dir($_GET)))))
{
unlink(absolute_path(get_dir($_GET))."index.txt");
}
if (isset($_POST['action']) && ($_POST['action'] == 'add_dir') && isset($_POST['dir']) && write_access(absolute_path(get_dir($_GET))))
{
$oldPWD = getcwd();
chdir(absolute_path(get_dir($_GET)));
if (!strcmp($_GET['d'],'extras'))
{
chdir("..");
}
if (write_access(absolute_path(".")))
{
mkdir($_POST['dir']);
file_put_contents($_POST['dir']."/index.txt","#");
file_put_contents($_POST['dir']."/acl.txt",":r\nadmin:w\n");
}
chdir($oldPWD);
}
if (isset($_POST['action']) && ($_POST['action'] == 'add_subdir') && isset($_POST['dir']) && write_access(absolute_path(get_dir($_GET))))
{
$oldPWD = getcwd();
chdir(absolute_path(get_dir($_GET)));
#chdir("..");
if (write_access(absolute_path(".")))
{
mkdir($_POST['dir']);
file_put_contents($_POST['dir']."/index.txt","#");
file_put_contents($_POST['dir']."/acl.txt",":r\nadmin:w\n");
}
chdir($oldPWD);
}
# usermanager
if (isset($_POST['action']) && ($_POST['action'] == 'usermanager') && ((in_array('admin',$_SESSION['groups']))))
{
$users = array();
foreach(file("$pwd/etc/users.txt") as $userentry)
{
$userentry = rtrim($userentry, PHP_EOL);
list($user, $password_hash, $groups) = explode(":", $userentry); # split
array_push($users, $user, $password_hash, $groups);
}
file_put_contents("$pwd/etc/users.txt",'', LOCK_EX);
$newuser=true;
while(!empty($users))
{
$user = array_shift($users);
$password_hash = array_shift($users);
$groups = array_shift($users);
if ($_POST['user'] == $user)
{
$password_hash = crypt($_POST['password']);
$groups = $_POST['groups'];
$newuser = false;
}
if(isset($_POST['del']) && $_POST['user'] == $user)
{
# don't write to file
}
else
{
file_put_contents("$pwd/etc/users.txt","$user:$password_hash:$groups".PHP_EOL, FILE_APPEND | LOCK_EX);
}
}
if ($newuser)
{
$user = $_POST['user'];
$password_hash = crypt($_POST['password']);
$groups = $_POST['groups'];
file_put_contents("$pwd/etc/users.txt","$user:$password_hash:$groups".PHP_EOL, FILE_APPEND | LOCK_EX);
}
}
}
#----------------------------------------------------------------------------------------------------------------------------------------------------#
# action part #
######################################################################################################################################################
print html_head($config_array);
flush();
print html_body($config_array);
flush();
print html_tail($config_array);
######################################################################################################################################################
# 00.01.01 html_head #
# $cfg : array with config variables #
# retval : html head #
#----------------------------------------------------------------------------------------------------------------------------------------------------#
function html_head ($cfg)
{
$css_debug = ""; #"border: 1px solid red; "; # css debug borders
$base_font_size_px=12;
$title = htmlentities($cfg['title']['title'].menu_description(get_dir($_GET)), ENT_QUOTES, 'UTF-8');
$desc = desc();
$header_padding = "";
$h_menu_padding_px = 4;
$h_menu_half_height_px = (2 * $h_menu_padding_px) + (int)($base_font_size_px * $cfg['menu']['font_size_em']);
$h_menu_height_px = 2 * $h_menu_half_height_px;
$middle_margin_left_px = $cfg['menu']['width'] + 2 * $cfg['body']['margin_px'];
$menu_width_px = $cfg['menu']['width'];
$header_height = $cfg['title']['height'];
if ($cfg['menu']['h_menu'] == 'visible')
{
$header_padding = " padding-bottom: ".$h_menu_height_px."px;";
}
$v_menu_height = "";
if ($cfg['menu']['v_menu'] != 'visible')
{
$v_menu_height = "height:0px; position:absolute; DISPLAY:none; VISIBILITY: hidden; padding: 0px; margin: 0px; FONT-SIZE: 0em;";
}
header("Content-Type: text/html; charset=utf-8");
Header("Cache-Control: must-revalidate");
Header("Cache-Control: max-age=2");
Header("Pragma: cache");
$head = <<
$title
HEAD;
return ($head);
}
#----------------------------------------------------------------------------------------------------------------------------------------------------#
# html_head #
######################################################################################################################################################
######################################################################################################################################################
# 00.01.02 html_body #
# $cfg : array with config variables #
# retval : html body #
#----------------------------------------------------------------------------------------------------------------------------------------------------#
function html_body($cfg)
{
global $pwd;
static $menu = '';
$menu = html_menu(menu_array($pwd."/content"),1);
$body = '';
$body .= "";
$body .= "\n"; # Page Container
$body .= "\n";
$body .= "
\n"; # left column
if (strcmp($_GET['d'],'extras'))
{
$body .= html_admin('menu');
}
if (!strcmp($_GET['d'],'extras'))
{
$body .= html_admin('extras');
}
$body .= "\n";
$body .= html_admin('info');
$body .= "
\n"; # info block
$body .= html_info();
$body .= "
\n";
$body .= html_admin('misc');
$body .= "
\n";
$body .= "
\n"; # middle column
$body .= html_index(absolute_path(get_dir($_GET))); # Page content
# $body .= php_index(absolute_path(get_dir($_GET))); # PHP Include
$body .= "
\n";
$body .= "\n";
$body .= "
\n"; # end Page Container
$body .= "\n";
return $body;
}
#----------------------------------------------------------------------------------------------------------------------------------------------------#
# html_body #
######################################################################################################################################################
######################################################################################################################################################
# 00.01.00 html_tail #
# retval : html tail #
#----------------------------------------------------------------------------------------------------------------------------------------------------#
function html_tail()
{
return "";
}
#----------------------------------------------------------------------------------------------------------------------------------------------------#
# html_tail #
######################################################################################################################################################
######################################################################################################################################################
# 00.01.00 html_title #
# $cfg : array with config variables #
# retval : html title #
#----------------------------------------------------------------------------------------------------------------------------------------------------#
function html_title($cfg)
{
$html_title = '';
$html_title .= "\n";
return $html_title;
}
#----------------------------------------------------------------------------------------------------------------------------------------------------#
# html_title #
######################################################################################################################################################
######################################################################################################################################################
# 00.01.02 html_info #
# retval : md-decoded info content #
#----------------------------------------------------------------------------------------------------------------------------------------------------#
function html_info()
{
global $pwd;
$info_dir = absolute_path(get_dir($_GET));
if (isset($_POST['action']) && ($_POST['action'] == 'chg_info') && (write_access($info_dir)))
{
$info = js_editor(file_get_contents("$info_dir"."info.txt"),'sav_info',false,false,'90%','80px','100px');
}
else
{
if (!file_exists("$info_dir"."info.txt"))
{
$info_dir = absolute_path("/");
}
if (!file_exists("$info_dir"."info.txt"))
{
$info_dir = $pwd."/content/";
}
$info = Texy(file_get_contents("$info_dir"."info.txt"));
}
$html_info='';
if ($info != '')
{
$html_info .= "\n";
$html_info .= "$info\n";
$html_info .= "
\n";
}
else
{
$html_info = " ";
}
return $html_info;
}
#----------------------------------------------------------------------------------------------------------------------------------------------------#
# html_info #
######################################################################################################################################################
######################################################################################################################################################
# 00.01.02 desc #
# retval : desc.txt content #
#----------------------------------------------------------------------------------------------------------------------------------------------------#
function desc()
{
$desc_dir = absolute_path(get_dir($_GET));
if (!file_exists("$desc_dir"."desc.txt"))
{
$desc_dir = absolute_path("/");
}
$desc = file_get_contents("$desc_dir"."desc.txt");
return $desc;
}
#----------------------------------------------------------------------------------------------------------------------------------------------------#
# desc #
######################################################################################################################################################
######################################################################################################################################################
# 00.01.01 html_login #
# retval : login form #
#----------------------------------------------------------------------------------------------------------------------------------------------------#
function html_login()
{
$retval='';
if (isset ($_SESSION['username']))
{
$retval.="{$_SESSION['username']}
";
$retval.="";
}
else
{
$retval.="\n";
}
return $retval;
}
#----------------------------------------------------------------------------------------------------------------------------------------------------#
# html_login #
######################################################################################################################################################
######################################################################################################################################################
# 00.02.01 html_admin #
# retval : admin forms #
#----------------------------------------------------------------------------------------------------------------------------------------------------#
function html_admin($control)
{
if (isset ($_SESSION['username']) && (write_access(absolute_path(get_dir($_GET)))))
{
global $least_dir;
if ($control == 'menu')
{
$retval = "\n"; # menu admin';
}
if ($control == 'info')
{
$retval = "\n"; # menu admin';
}
if ($control == 'misc')
{
$retval = "\n"; # menu admin';
}
if ($control == 'extras')
{
$retval = "\n"; # menu admin';
}
return $retval;
}
}
#----------------------------------------------------------------------------------------------------------------------------------------------------#
# html_admin #
######################################################################################################################################################
######################################################################################################################################################
# 00.01.00 html_menu #
# $menu_array : menu to print #
# retval : menu in html format #
#----------------------------------------------------------------------------------------------------------------------------------------------------#
function html_menu($menu_array,$reset,$extra='')
{
static $m_nr = 0;
static $menu = '';
static $m = array();
if ($reset)
{
$m_nr = 0;
$menu = '';
$m = array();
}
if (!empty($menu_array))
{
$menu .= (""); # Schreibweise so belassen, wird spﺃ¤ter am Stringende abgefragt
while( list ( $dir, $val ) = each ( $menu_array ) )
{
$urldir = urlencode($dir);
$m[$m_nr] = $urldir;
$m_str = "";
$m_nr_parent = $m_nr-1;
for ($i = 0; $i <= $m_nr; $i++)
{
$m_str.="m$i=$m[$i]&";
}
if (($m_nr == 0) or (isset($_GET["m$m_nr_parent"]) and (urlencode($_GET["m$m_nr_parent"]) == $m[$m_nr_parent])))
{
$bullets = "";
if (!preg_match("/$/",$menu))
{
#$menu .= "\n";
}
for ($i = 2; $i <= $m_nr; $i++)
{
$bullets.=" ";
}
if ((isset($_GET["m$m_nr"]) and (urlencode($_GET["m$m_nr"]) == $m[$m_nr]))) # Aktiver Menueeintrag
{
$class="class=active";
}
else
{
$class="";
}
#$menu .= " - ".$bullets.htmlentities(strip_num($dir))."\n"; # changed 14.09.2010
$menu .= "
- ".$bullets.(strip_num($dir))."\n";
#$menu .= " \n
";
}
$m_nr++; # descend
html_menu($val);
}
if (preg_match("/$/",$menu)) # Falls Untermenﺃﺱliste leer war, wird das fﺃﺱhrende wieder entfernt
{
$menu = preg_replace("/$/","",$menu);
}
else
{
$menu .= ("
\n");
}
}
$m_nr--;
return $menu;
# end menu
}
#----------------------------------------------------------------------------------------------------------------------------------------------------#
# html_menu #
######################################################################################################################################################
######################################################################################################################################################
# 00.01.00 get_dir #
# $get_array : menu entry as 'GET'-array #
# retval : directory path #
#----------------------------------------------------------------------------------------------------------------------------------------------------#
function get_dir($get_array)
{
global $least_dir;
$dir='';
$i = 0;
while (isset($get_array['m'.$i]))
{
$least_dir=$get_array['m'.$i];
$dir.=$get_array['m'.$i].'/';
$i++;
}
return $dir;
}
#----------------------------------------------------------------------------------------------------------------------------------------------------#
# get_dir #
######################################################################################################################################################
######################################################################################################################################################
# 00.01.03 html_index #
# $dir : directory with content #
# retval : bb-decoded index content #
#----------------------------------------------------------------------------------------------------------------------------------------------------#
function html_index($dir)
{
if (isset($_POST['action']) && ($_POST['action'] == 'upload') && (write_access($dir)))
{
return uploader();
}
if (isset($_POST['action']) && ($_POST['action'] == 'acl') && (write_access($dir)))
{
return usermanager();
}
if (isset($_POST['action']) && ($_POST['action'] == 'chg_index') && (write_access($dir)))
{
$index = js_editor(file_get_contents("$dir"."index.txt"),'sav_index',true,true,'94%','400px','460px');
$desc = js_editor(file_get_contents("$dir"."desc.txt"),'sav_desc',false,false,'94%','60px','80px');
return $index .'
'. $desc .'
'.filemanager($dir);
}
if (read_access($dir))
{
if (file_exists("$dir"."index.txt"))
{
return markdown_extras(Texy(file_get_contents("$dir"."index.txt")));
}
}
}
#----------------------------------------------------------------------------------------------------------------------------------------------------#
# html_index #
######################################################################################################################################################
######################################################################################################################################################
# 00.01.00 php_index #
# $dir : directory with content #
# retval : php-executed result #
#----------------------------------------------------------------------------------------------------------------------------------------------------#
function php_index($dir)
{
if (read_access($dir))
{
if (file_exists("$dir"."index.php"))
{
ob_start();
include("$dir"."index.php");
$contents = ob_get_contents();
ob_end_clean();
return $contents;
}
}
}
#----------------------------------------------------------------------------------------------------------------------------------------------------#
# php_index #
######################################################################################################################################################
######################################################################################################################################################
# js_editor #
#----------------------------------------------------------------------------------------------------------------------------------------------------#
function js_editor($markdown_code, $action, $upload_controls, $format_controls, $textarea_width, $textarea_height, $editor_div_height)
{
$upload_target_dir = urlencode(absolute_path(get_dir($_GET)));
$plupload = <<< PLUPLOAD
PLUPLOAD;
$insertatcaret = <<< INSERTATCARET
INSERTATCARET;
$retval='';
if ($upload_controls) {$retval .= $plupload;}
if ($format_controls) {$retval .= $insertatcaret;}
$retval.="\n";
if ($upload_controls)
{
$retval.="
";
$retval.="
";
}
$retval.="
";
$retval.="
";
return $retval;
}
#----------------------------------------------------------------------------------------------------------------------------------------------------#
# js_editor #
######################################################################################################################################################
######################################################################################################################################################
# filemanager #
#----------------------------------------------------------------------------------------------------------------------------------------------------#
function filemanager($dir)
{
$retval.="\n";
$dir_handle = @opendir($dir) or die("Fehler beim Öffnen von $dir");
$retval.="
";
$retval.="
";
return $retval;
}
#----------------------------------------------------------------------------------------------------------------------------------------------------#
# filemanager #
######################################################################################################################################################
######################################################################################################################################################
# uploader #
#----------------------------------------------------------------------------------------------------------------------------------------------------#
function uploader()
{
$upload_dir = get_dir($_GET);
print "uploader";
# return $retval;
}
#----------------------------------------------------------------------------------------------------------------------------------------------------#
# uploader #
######################################################################################################################################################
######################################################################################################################################################
# 00.01.00 strip_num #
# $file : filename #
# retval : filename without leading numbers #
#----------------------------------------------------------------------------------------------------------------------------------------------------#
function strip_num ( $string )
{
#return $string;
return preg_replace('/^\d*-/', '', $string);
}
#----------------------------------------------------------------------------------------------------------------------------------------------------#
# strip_num #
######################################################################################################################################################
######################################################################################################################################################
# 00.01.00 strip_extension #
# $file : filename #
# retval : filename without extension #
#----------------------------------------------------------------------------------------------------------------------------------------------------#
function strip_extension ( $file )
{
$fext = array_pop(explode('.', $file));
return basename($file, '.'.$fext);
}
#----------------------------------------------------------------------------------------------------------------------------------------------------#
# strip_extension #
######################################################################################################################################################
######################################################################################################################################################
# 00.01.00 absolute_path #
# $dir : directory short name #
# retval : absolute directory path #
#----------------------------------------------------------------------------------------------------------------------------------------------------#
function absolute_path($dir)
{
global $pwd;
if (!strcmp($_GET['d'],'extras'))
{
return ($pwd."/extras/".$dir);
}
return ($pwd."/content/".$dir);
}
#----------------------------------------------------------------------------------------------------------------------------------------------------#
# absolute_path #
######################################################################################################################################################
######################################################################################################################################################
# 00.01.01 validate_session #
# function : validates session #
#----------------------------------------------------------------------------------------------------------------------------------------------------#
function validate_session()
{
session_start();
if (!isset( $_SESSION['started'] ))
{
$_SESSION['started'] = time();
}
if ($_SESSION['started']+60 <= time())
{
# session_unset();
# session_destroy();
}
if (isset($_SESSION['USERAGENT_HASH']))
{
if ($_SESSION['USERAGENT_HASH'] != md5($_SERVER['HTTP_USER_AGENT'])) # detect USER_AGENT changed
{
session_unset();
session_destroy();
exit;
}
}
else
{
$_SESSION['USERAGENT_HASH'] = md5($_SERVER['HTTP_USER_AGENT']); # remember USER_AGENT
}
}
#----------------------------------------------------------------------------------------------------------------------------------------------------#
# validate_session #
######################################################################################################################################################
######################################################################################################################################################
# 00.01.00 auth #
# $post_array : $_POST #
# function : auth action #
#----------------------------------------------------------------------------------------------------------------------------------------------------#
function auth($post_array)
{
$retval='';
if (isset($post_array['action']) && ($post_array['action']=='login'))
{
if ($_SESSION['groups']=groups($post_array['username'],$post_array['password']))
{
$_SESSION['username'] = $post_array['username'];
}
}
if (isset($post_array['action']) && ($post_array['action']=='logout'))
{
session_unset();
session_destroy();
}
}
#----------------------------------------------------------------------------------------------------------------------------------------------------#
# auth #
######################################################################################################################################################
######################################################################################################################################################
# 00.01.01 usermanager #
#----------------------------------------------------------------------------------------------------------------------------------------------------#
function usermanager()
{
$usermanager_html = "";
return $usermanager_html;
}
#----------------------------------------------------------------------------------------------------------------------------------------------------#
# usermanager #
######################################################################################################################################################
######################################################################################################################################################
# 00.02.00 groups #
# $username : username to check #
# $password : password to check #
# retval : array of groups that the user belongs to - if login succeeds #
#----------------------------------------------------------------------------------------------------------------------------------------------------#
function groups($username,$password)
{
global $pwd;
foreach(file("$pwd/etc/users.txt") as $userentry)
{
list($user, $password_hash, $groups) = explode(":", $userentry); # split
if (($username == $user) && (crypt($password, $password_hash) == $password_hash))
{
return explode(",", $groups);
}
}
return false;
}
#----------------------------------------------------------------------------------------------------------------------------------------------------#
# groups #
######################################################################################################################################################
######################################################################################################################################################
# 00.01.01 read_access #
# $dir : directory to check access #
# retval : true if user has read access to $dir (returns true if $dir is anonymous readable) #
#----------------------------------------------------------------------------------------------------------------------------------------------------#
function read_access($dir)
{
$aclentry='';
if (file_exists("$dir/acl.txt"))
{
foreach (file("$dir/acl.txt") as $aclentry)
{
if (list($group,$acl) = explode(":", rtrim($aclentry)))
{
#if (((isset($_SESSION['groups'])) && (($group=='') || in_array($group,$_SESSION['groups']))))
if (($group=='') || ((isset($_SESSION['groups'])) && (is_array($_SESSION['groups'])) && in_array($group,$_SESSION['groups'])))
{
return true;
}
}
}
}
return false;
}
#----------------------------------------------------------------------------------------------------------------------------------------------------#
# read_access #
######################################################################################################################################################
######################################################################################################################################################
# 00.01.01 write_access #
# $dir : directory to check access #
# retval : true if user has write access to $dir #
#----------------------------------------------------------------------------------------------------------------------------------------------------#
function write_access($dir)
{
$aclentry='';
if (file_exists("$dir/acl.txt"))
{
foreach (file("$dir/acl.txt") as $aclentry)
{
if (list($group,$acl) = explode(":", rtrim($aclentry)))
{
if ((in_array($group,$_SESSION['groups'])) && ($acl=='w'))
{
return true;
}
}
}
}
return false;
}
#----------------------------------------------------------------------------------------------------------------------------------------------------#
# write_access #
######################################################################################################################################################
######################################################################################################################################################
# 00.01.03 raw_content #
# $file: image filename #
# function : returns image stream even of files that are not directly accessibly by the user - must be called before first 'echo' #
#----------------------------------------------------------------------------------------------------------------------------------------------------#
function raw_content ( $file )
{
$raw_ex = explode('.', $file); # ext
$raw_which = count($raw_ex) - 1;
$raw_ext = strtolower($raw_ex[$raw_which]);
if ($raw_ext == 'gif') { $raw_type = 'image/gif'; }
elseif ($raw_ext == 'jpg') { $raw_type = 'image/jpeg'; }
elseif ($raw_ext == 'png') { $raw_type = 'image/png'; }
elseif ($raw_ext == 'pdf') { $raw_type = 'application/pdf'; }
elseif ($raw_ext == 'swf') { $raw_type = 'application/x-shockwave-flash'; }
else { $raw_type = 'application/octet-stream'; }
header("Content-type: $raw_type");
header("Content-Length: ".filesize($file));
header("Content-disposition: attachment; filename=".basename($file));
readfile($file);
}
#----------------------------------------------------------------------------------------------------------------------------------------------------#
# raw_content #
######################################################################################################################################################
######################################################################################################################################################
# 00.01.00 Texy #
# $text: text to transform #
# function : returns html-transformed text of texy input #
#----------------------------------------------------------------------------------------------------------------------------------------------------#
function Texy ( $text )
{
$texy = new Texy();
$texy->imageModule->root = '';
return $texy->process($text);
}
#----------------------------------------------------------------------------------------------------------------------------------------------------#
# Texy #
######################################################################################################################################################
######################################################################################################################################################
# 00.01.00 menu_description #
# $menu: text to transform #
# function : returns beautyfied text of menu input #
#----------------------------------------------------------------------------------------------------------------------------------------------------#
function menu_description ( $menu )
{
$menu = preg_replace('/^\d*-/', ' - ', $menu); # leading numbers
$menu = preg_replace('/\/\d*-/', ' - ', $menu); # numbers after slashes
$menu = preg_replace('/\/$/', '', $menu); # trailing slashes
return $menu;
}
#----------------------------------------------------------------------------------------------------------------------------------------------------#
# menu_description #
######################################################################################################################################################
######################################################################################################################################################
# 00.01.01 menu_array #
# $dir : starting directory #
# retval : array of actual menu entries #
#----------------------------------------------------------------------------------------------------------------------------------------------------#
function menu_array($dir)
{
if (!is_dir($dir)) return false;
$handle = opendir($dir);
if (!is_resource($handle)) return false;
$files = array();
while (false !== ($file = readdir($handle)))
{
if ($file != '.' && $file != '..')
{
$fullpath = $dir.'/'.$file;
if ((is_dir($fullpath)) && (file_exists($fullpath."/index.txt")) && (read_access($fullpath)))
{
$files[$file] = menu_array($fullpath);
ksort($files);
}
}
}
return $files;
}
#----------------------------------------------------------------------------------------------------------------------------------------------------#
# menu_array #
######################################################################################################################################################
######################################################################################################################################################
# 00.01.00 markdown_extras #
# $html_code : string with html code as it comes from markdown #
# retval : string with html code #
#----------------------------------------------------------------------------------------------------------------------------------------------------#
function markdown_extras($html_code)
{
# Grafiken
#$html_code = preg_replace_callback('##iU', 'img_src_translated' , $html_code);
$html_code = preg_replace_callback('##imsU', 'img_str_translated' , $html_code);
# Login
$html_code = preg_replace('#\[!LOGIN!\]#i', html_login(), $html_code);
# Security check
$html_code = preg_replace('#\[!SECURITYCHECK!\]#i', security_check(), $html_code);
return $html_code;
}
#----------------------------------------------------------------------------------------------------------------------------------------------------#
# markdown_extras #
######################################################################################################################################################
######################################################################################################################################################
# img_str_translated #
#----------------------------------------------------------------------------------------------------------------------------------------------------#
function img_str_translated($img_str)
{
$img_src = preg_replace('/src=\"(.*?)\".*/ims', '$1', $img_str, 1);
#$img_src[1] = urlencode($img_src[1]); # added to support whitespace in filename
$size_str = '';
# check if width is given
$img_width = preg_replace('/.*?width=\"(.*?)\".*/ims', '$1', $img_str, 1);
if (!strcmp($img_width[1],$img_str[1])) {unset($img_width);}
if (isset($img_width[1]) && ($img_width[1] != '0'))
{
$size_str .= ' width='.$img_width[1];
}
# check if height is given
$img_height = preg_replace('/.*?height=\"(.*?)\".*/ims', '$1', $img_str, 1);
if (!strcmp($img_height[1],$img_str[1])) {unset($img_height);}
if (isset($img_height[1]) && ($img_height[1] != '0'))
{
$size_str .= ' height='.$img_height[1];
}
# check if alt text is given 00.03.14
$alt_text = preg_replace('/.*?alt=\"(.*?)\".*/ims', '$1', $img_str, 1);
if (!strcmp($alt_text[1],$img_str[1])) {unset($alt_text);}
if (isset($alt_text[1]) && ($alt_text[1] != ''))
{
$alt = ' alt="'.$alt_text[1].'"';
}
# no size is given => detect original size
if ($size_str == '')
{
$getimagesize = @getimagesize("content/".get_dir($_GET).$img_src[1]);
$size_str = $getimagesize[3];
}
# check if style is given
$img_style = preg_replace('/.*?style=\"(.*?)\".*/ims', '$1', $img_str, 1);
if (!strcmp($img_style[1],$img_str[1])) {unset($img_style);}
if (isset($img_style[1]) && ($img_style[1] != '0'))
{
$style_str .= ' style='.$img_style[1];
}
$path_info = pathinfo($img_src[1]);
$extension = strtolower($path_info['extension']);
if (preg_match("/jpg|png|gif/i",$extension))
{
return "";
}
elseif ($extension == 'swf')
{
$swf="?raw_content=content/".get_dir($_GET).$img_src[1];
return "";
}
elseif ($extension == 'pdf')
{
$pdf="?raw_content=content/".urlencode(get_dir($_GET)).$img_src[1]; # 00.03.14
# return "";
if (isset($alt_text[1]) && ($alt_text[1] != '')) # use 'alt' text to name href of pdf files
{
$a_href = $alt_text[1];
}
else
{
$a_href = $img_src[1]; # use filename as href if no alt text is given
}
return "$a_href";
}
else
{
$img_src_gallery = '';
$img_src_gallery .= ''."\n";
$img_src_gallery .= '
'."\n";
$img_src_gallery .= ' - Previous
'."\n";
$img_src_gallery .= ' - Next
'."\n";
$img_src_gallery .= ' - Pause
'."\n";
$img_src_gallery .= '
'."\n";
$img_src_gallery .= '
'."\n";
$dir = "content/".get_dir($_GET).$img_src[1];
$handle = opendir($dir);
$img_first = ' class="first"';
while (false !== ($file = readdir($handle)))
{
if ($file != '.' && $file != '..' && @getimagesize($dir.'/'.$file))
{
$fullpath = $dir.'/'.$file;
$getimagesize = @getimagesize($dir.'/'.$file);
$size_str = $getimagesize[3];
#$exif = exif_read_data($fullpath, 0, true);
#$exif_date = $exif["EXIF"]["DateTimeOriginal"];
$img_src_gallery .= ' '."\n";
$img_first = '';
}
}
$img_src_gallery .= '
'."\n";
$img_src_gallery .= '
'."\n";
return $img_src_gallery ;
}
}
#----------------------------------------------------------------------------------------------------------------------------------------------------#
# img_str_translated #
######################################################################################################################################################
######################################################################################################################################################
# 00.01.00 write_logfile #
#----------------------------------------------------------------------------------------------------------------------------------------------------#
function write_logfile ($logfile,$logstring)
{
$file=fopen($logfile,"a");
fputs($file,
date("d.m.Y, H:i:s",time()) .
", " . $logstring .
", " . $_SERVER['REMOTE_ADDR'] .
", " . $_SERVER['REQUEST_METHOD'] .
", " . $_SERVER['PHP_SELF'] .
", " . $_SERVER['HTTP_USER_AGENT'] .
", " . $_SERVER['HTTP_REFERER'] ."\n"
);
fclose($file);
}
#----------------------------------------------------------------------------------------------------------------------------------------------------#
# write_logfile #
######################################################################################################################################################
######################################################################################################################################################
# 00.01.00 security_check #
# function : returns html-transformed information about security settings #
#----------------------------------------------------------------------------------------------------------------------------------------------------#
function security_check ()
{
$result = "\n";
$color = 'white';
$check_ini_var = "save_path";
if ((ini_get($check_ini_var) != '') and (ini_get($check_ini_var) != '/')) { $color = '#00FF00'; } else { $color = '#FF0000'; }
$result .= ' ';
$result .= ' '.$check_ini_var.' | '.ini_get($check_ini_var).' | ';
$result .= "
\n";
$check_ini_var = "session.gc_probability";
if (ini_get($check_ini_var) == 1) { $color = '#00FF00'; } else { $color = '#FF0000'; }
$result .= ' ';
$result .= ' '.$check_ini_var.' | '.ini_get($check_ini_var).' | ';
$result .= "
\n";
$check_ini_var = "session.gc_divisor";
if (ini_get($check_ini_var) == 1) { $color = '#00FF00'; } else { $color = '#FF0000'; }
$result .= ' ';
$result .= ' '.$check_ini_var.' | '.ini_get($check_ini_var).' | ';
$result .= "
\n";
$check_ini_var = "use_trans_sid";
if (ini_get($check_ini_var) == 0) { $color = '#00FF00'; } else { $color = '#FF0000'; }
$result .= ' ';
$result .= ' '.$check_ini_var.' | '.ini_get($check_ini_var).' | ';
$result .= "
\n";
$check_ini_var = "allow_url_fopen";
if (ini_get($check_ini_var) == 0) { $color = '#00FF00'; } else { $color = '#FF0000'; }
$result .= ' ';
$result .= ' '.$check_ini_var.' | '.ini_get($check_ini_var).' | ';
$result .= "
\n";
$check_ini_var = "allow_url_include";
if (ini_get($check_ini_var) == 0) { $color = '#00FF00'; } else { $color = '#FF0000'; }
$result .= ' ';
$result .= ' '.$check_ini_var.' | '.ini_get($check_ini_var).' | ';
$result .= "
\n";
$check_ini_var = "display_errors";
if (ini_get($check_ini_var) == 0) { $color = '#00FF00'; } else { $color = '#FF0000'; }
$result .= ' ';
$result .= ' '.$check_ini_var.' | '.ini_get($check_ini_var).' | ';
$result .= "
\n";
$check_ini_var = "expose_php";
if (ini_get($check_ini_var) == 0) { $color = '#00FF00'; } else { $color = '#FF0000'; }
$result .= ' ';
$result .= ' '.$check_ini_var.' | '.ini_get($check_ini_var).' | ';
$result .= "
\n";
$check_ini_var = "magic_quotes_gpc";
if (ini_get($check_ini_var) == 0) { $color = '#00FF00'; } else { $color = '#FF0000'; }
$result .= ' ';
$result .= ' '.$check_ini_var.' | '.ini_get($check_ini_var).' | ';
$result .= "
\n";
$check_ini_var = "memory_limit";
if (ini_get($check_ini_var) <= 8) { $color = '#00FF00'; } else { $color = '#FF0000'; }
$result .= ' ';
$result .= ' '.$check_ini_var.' | '.ini_get($check_ini_var).' | ';
$result .= "
\n";
$check_ini_var = "open_basedir";
if (ini_get($check_ini_var) == 1) { $color = '#00FF00'; } else { $color = '#FF0000'; }
$result .= ' ';
$result .= ' '.$check_ini_var.' | '.ini_get($check_ini_var).' | ';
$result .= "
\n";
$check_ini_var = "post_max_size";
if (ini_get($check_ini_var) <= 8) { $color = '#00FF00'; } else { $color = '#FF0000'; }
$result .= ' ';
$result .= ' '.$check_ini_var.' | '.ini_get($check_ini_var).' | ';
$result .= "
\n";
$check_ini_var = "register_globals";
if (ini_get($check_ini_var) == 0) { $color = '#00FF00'; } else { $color = '#FF0000'; }
$result .= ' ';
$result .= ' '.$check_ini_var.' | '.ini_get($check_ini_var).' | ';
$result .= "
\n";
$check_ini_var = "upload_max_filesize";
if (ini_get($check_ini_var) <= 8) { $color = '#00FF00'; } else { $color = '#FF0000'; }
$result .= ' ';
$result .= ' '.$check_ini_var.' | '.ini_get($check_ini_var).' | ';
$result .= "
\n";
$check_ini_var = "upload_tmp_dir";
if ((ini_get($check_ini_var) != '') and (ini_get($check_ini_var) != '/')) { $color = '#00FF00'; } else { $color = '#FF0000'; }
$result .= ' ';
$result .= ' '.$check_ini_var.' | '.ini_get($check_ini_var).' | ';
$result .= "
\n";
$check_ini_var = "force_redirect";
if (ini_get($check_ini_var) != null) { $color = '#00FF00'; } else { $color = '#FF0000'; }
$result .= ' ';
$result .= ' '.$check_ini_var.' | '.ini_get($check_ini_var).' | ';
$result .= "
\n";
$result .= "
\n";
return $result;
}
#----------------------------------------------------------------------------------------------------------------------------------------------------#
# security_check #
######################################################################################################################################################
?>