묻고답하기
웹하드랑 비슷한건데요.. 도와주세요... 2/2
2002.12.30 17:37
//////////////////////////////////////////////////////////////////
function Navigate($fsRoot,$relDir) {
global $gblEditable, $gblIcon ;
$self = $GLOBALS["PHP_SELF"] ;
$webRoot = "http://" . $GLOBALS["SERVER_NAME"] ;
$fsDir = $fsRoot . $relDir . "/" ; // current directory
if (!is_dir($fsDir)) Error("Dir not found",$relDir) ;
// read directory contents
if ( !($dir = @opendir($fsDir)) )
Error("Read Access denied",$relDir) ;
while ($item = readdir($dir)) {
if ( $item == ".." || $item == "." ) continue ;
if ( is_dir($fsDir . $item) ) {
$dirList[] = $item ;
}
else if ( is_file($fsDir . $item) ) {
$fileList[] = $item ;
}
else {
// unknown file type
// $text = "Could not determine file type of " ;
// Error("File Error", $text.$relDir."/".$item) ;
// exit ;
}
}
closedir($dir) ;
$emptyDir = ! (sizeof($dirList) || sizeof($fileList)) ;
// start navigation page
$text = "Use this page to add, delete or " ;
$text .= "revise files on this web site." ;
StartHTML("(Navigate)",$text) ;
echo "<TABLE BORDER=0 CELLPADDING=2
CELLSPACING=3 WIDTH="100%">" ;
// updir bar
if ($fsDir != $fsRoot) {
$parent = dirname($relDir) ;
if ($parent == "") $parent = "/" ;
?>
<TR><TD><?php echo $gblIcon("up") ?></TD><TD COLSPAN=4 CLASS=LST>
<A HREF="<?php echo $self ?>?D=<?php echo urlencode($parent) ?>">
<B><?php echo $parent ?></B></A></TD></TR>
<?php
}
// output subdirs
if (sizeof($dirList) > 0) {
sort($dirList) ;
?>
<TR><TD></TD><TD COLSPAN=4 CLASS=TOP><HR><b><font size="2">폴더 이름</font></b></TD></TR>
<!--<TR><TD></TD><TD COLSPAN=4 CLASS=TOP><HR>DIRECTORY NAME</TD></TR>-->
<?php
while (list($key,$dir) = each($dirList)) {
$tstr = "<A HREF="" . $self . "?D=" ;
$tstr .= urlencode($relDir."/".$dir) ;
$tstr .= "">" . $dir . "/</A>" ;
?>
<TR><TD><?php echo $gblIcon("fldr") ?></TD>
<TD COLSPAN=4 CLASS=LST><?php echo $tstr ?></TD>
</TR>
<?php
} // iterate over dirs
} // end if no dirs
?>
<TR><TD></TD><TD COLSPAN=4><HR><B><font size="2">현재 경로 : <?php echo $webRoot . $relDir ?></font>
</B></TD></TR>
<TR><TD></TD><TD CLASS=TOP><B><font size="2">파일 이름</font></b></TD>
<TD><?php echo $gblIcon("blank") ?></TD>
<TD CLASS=TOP><B><font size="2">마지막 변경일</font></b></TD><TD CLASS=TOP><B><font size="2">파일 크기</font></b></TD></TR>
<?php
if (sizeof($fileList) > 0) {
sort($fileList) ;
while (list($key,$file) = each($fileList)) {
$path = $fsDir."/".$file ;
$mod = filemtime($path) ;
$sz = filesize($path) ;
if ($sz >= 10240) {
$sz = (int)(($sz+1023)/1024) . " k" ;
}
else {
$sz .= " " ;
} // end size
$a = $b = "" ;
if ( ($mod + 30*86400) > time() ) {
$a = "<SPAN CLASS=RED TITLE="Newer" ;
$a .= " than 30 days"> * </SPAN>" ;
}
$tstr = $webRoot . $relDir . "/" . $file ;
$tstr = "<A HREF="" . $tstr . "">" ;
$tstr .= $file . "</A>" . $a ;
$ext = strtolower(strrchr($file,".")) ;
if ( $ext=="" ||
strstr(join(" ",$gblEditable),$ext) )
{
$b = "<A HREF="" . $self . "?A=C&F=" ;
$b .= urlencode($file) . "&D=" . urlencode($relDir) ;
$b .= "" TITLE="List contents">" ;
$b .= $gblIcon("view") . "</A>" ;
}
?>
<TR><TD>
<A HREF="<?php echo $self ?>?A=E&F=<?php echo urlencode($file)
?>&D=<?php echo urlencode($relDir) ?>" TITLE="View/Edit">
<?php echo $gblIcon($ext) ?></A></TD>
<TD CLASS=LST><?php echo $tstr ?></TD>
<TD CLASS=LST ALIGN=center><?php echo $b ?></TD>
<TD CLASS=LST><?php echo date("d/M/y G:i:s",$mod) ?></TD>
<TD CLASS=LST><?php echo $sz ?>Bytes</TD></TR>
<?php
} // iterate over files
} // end if no files
if ($emptyDir) {
?>
<FORM METHOD="POST" ACTION="<?php echo $self ?>">
<TR><TD></TD><TD COLSPAN=4 CLASS=BAR>
<INPUT TYPE="HIDDEN" NAME="DIR" VALUE="<?php echo $relDir ?>">
현재 디렉토리에 파일이 없습니다. 폴더를 삭제하실려면 체크하신후 DELETE를 눌러주세요
<INPUT TYPE="CHECKBOX" NAME="CONFIRM">
<INPUT TYPE="SUBMIT" NAME="POSTACTION" VALUE="DELETE">
</TD></TR>
</FORM>
<?php
} // end if emptyDir
?>
<TR><TD></TD><TD COLSPAN=4><HR></TD></TR>
<FORM METHOD="POST" ACTION="<?php echo $self ?>">
<TR><TD></TD><TD COLSPAN=4 CLASS=BAR>
<INPUT TYPE="RADIO" NAME="T" VALUE="D" CHECKED>
신규 폴더 만들기 - <!-- 문서 저장-OR-
<INPUT TYPE="RADIO" NAME="T" VALUE="F">FILE :-->
<NOBR>이름 <INPUT TYPE="TEXT" NAME="FN" SIZE=14>
<INPUT TYPE="HIDDEN" NAME="POSTACTION" VALUE="CREATE">
<INPUT TYPE="HIDDEN" NAME="DIR" VALUE="<?php echo $relDir ?>">
<INPUT TYPE="SUBMIT" VALUE="폴더생성"></NOBR>
<NOBR> ------------------- <A HREF="<?php echo $self
?>?A=U&D=<?php echo urlencode($relDir) ?>">파일 올리기</A>
</NOBR>
</TD></TR>
</FORM>
</TABLE>
<?php
EndHTML() ;
} // end function Navigate
//////////////////////////////////////////////////////////////////
function UploadPage($fsRoot, $relDir) {
$self = $GLOBALS["PHP_SELF"] ;
if ($relDir == "") $relDir = "/" ;
?>
<P><TABLE BORDER=0 CELLPADDING=5><TR><TD WIDTH=5></TD><TD CLASS=BAR>
<FORM ENCTYPE="multipart/form-data" METHOD="POST"
ACTION="<?php echo $self ?>">
파일이 저장될 위치 : <B><?php echo " " . $relDir ?></B>
<P><font color=red>파일의 경로명을 적어주세요</font><BR>
<INPUT TYPE="HIDDEN" NAME="DIR" VALUE="<?php echo $relDir ?>">
<INPUT TYPE="HIDDEN" NAME="POSTACTION" VALUE="UPLOAD">
<INPUT SIZE=30 TYPE="FILE" NAME="FN"></P>
<P><INPUT TYPE="SUBMIT" VALUE="올리기"></P>
<!--<P>If the <B>[BROWSE...]</B> button is not displayed,<BR>
you must upgrade to an RFC1867-compliant browser.</P>
<P>Your browser:<BR><?php// echo $GLOBALS["HTTP_USER_AGENT"] ?></P>-->
</FORM>
</TD></TR>
<TR><TD></TD><TD>
<FORM METHOD="POST" ACTION="<?php echo $self ?>">
<INPUT TYPE="HIDDEN" NAME="DIR" VALUE="<?php echo $relDir ?>"><BR>
<INPUT TYPE="SUBMIT" NAME="POSTACTION" VALUE="취소">
</FORM>
</TD></TR></TABLE></P>
<?php
} // end function UploadPage
//////////////////////////////////////////////////////////////////
function Error($title,$text="") {
StartHTML("(".$title.")",$text) ;
echo "<P ALIGN=center>Hit your Browser's Back Button.</P>" ;
EndHTML() ;
exit ;
} // end function Error
//////////////////////////////////////////////////////////////////
function Writeable($path) {
// fix by -mat- filid brandy, brandy@ecrc.de, 07/JUL/99
clearstatcache ;
$perms = @fileperms($path) ;
$owner = @fileowner($path) ;
exec("id",$id) ;
eregi( "^uid=([0-9]*)",$id[0], $regs) ;
$apacheuid = $regs[1] ;
$perms = 0777 & $perms ;
if ( $apacheuid != $owner ) {
return (06 == (06 & $perms)) ? 1 : 0 ;
}
else {
return (0600 == (0600 & $perms)) ? 1 : 0 ;
}
} // end function Writable
//////////////////////////////////////////////////////////////////
function CreateHash($user, $pw) {
global $gblHash ; // hash function to use
if ($user == "" || $pw == "") {
$text = "either no password or no username supplied" ;
Error("Create Hash",$text) ;
}
$title = "(Create Hash)" ;
StartHTML($title) ;
echo "<P ALIGN=center>" ;
echo "<BLOCKQUOTE>Copy the value below and paste it " ;
echo "into the<BR>value for $gblPw in the source of " ;
echo "this file<BR><BR><B>" . $gblHash($user.$pw) ;
echo "</B><BR><BR>Hash function: " . $gblHash ;
echo "</BLOCKQUOTE></P>" ;
EndHTML() ;
exit ;
} // end function CreateHash
//////////////////////////////////////////////////////////////////
function NoEntry() {
$user = $GLOBALS["PHP_AUTH_USER"] ;
$pw = $GLOBALS["PHP_AUTH_PW"] ;
$self = $GLOBALS["PHP_SELF"] ;
$title = "(401 Unauthorized)" ;
$text = "No trespassing !" ;
StartHTML($title,$text) ;
?>
<FORM ACTION="<?php echo $self ?>?HASH=create" METHOD="POST">
<INPUT TYPE="HIDDEN" NAME="USER" VALUE="<?php echo $user ?>">
<INPUT TYPE="HIDDEN" NAME="PW" VALUE="<?php echo $pw ?>">
<BLOCKQUOTE><B>If you are a site administrator:</B><BR><BR>
Click below to <B>generate a password hash</B><BR>from
the username-password pair you just<BR>entered. Then include the hash in
the source<BR>of this file.<BR><BR>
<INPUT TYPE="SUBMIT" VALUE="CREATE HASH">
</BLOCKQUOTE></FORM>
<?php
EndHTML() ;
exit ;
}
//////////////////////////////////////////////////////////////////
// MAIN PROGRAM
// ============
// query parameters: capital letters
// local functions : begin with capital letters
// global constants: begin with gbl
$gblFilePerms = "644" ; // default for new files
$gblDirPerms = 0755 ; // default for new dirs
// phpinfo() ;
// exit ;
// forks before authentication: style sheet and hash
// creation if password not yet set.
if ($STYLE == "get") { CSS() ; exit ; }
if ($HASH != "") {
CreateHash($USER, $PW) ;
exit ;
}
// authentication if $gblAuth == true
if ( $gblAuth &&
$gblHash($PHP_AUTH_USER.$PHP_AUTH_PW) != $gblPw ) {
header("WWW-authenticate: basic realm="$SERVER_NAME"") ;
header("HTTP/1.0 401 Unauthorized") ;
NoEntry() ;
exit ;
}
// get current directory relative to $gblFsRoot
$relDir = $DIR ; // from POST
if ($relDir == "") { // not defined in POST ?
$relDir = urldecode($D) ; // then use GET
}
if ($relDir == "/") $relDir = "" ;
// default : website root = ""
if (strstr($relDir,"..")) Error("No updirs allowed");
// full paths contain "fs" or "Fs". Paths realitve to root of
// website contain "rel" or "Rel". The script won't let you
// edit anything above directory equal to http://server.com
// i.e. below $gblFsRoot.
$relScriptDir = dirname($SCRIPT_NAME) ;
// i.e. /siteman
$fsScriptDir = dirname($SCRIPT_FILENAME) ;
// i.e. /home/httpd/html/siteman
$gblFsRoot = substr($fsScriptDir,0,
strlen($fsScriptDir)-strlen($relScriptDir)) ;
// i.e. /home/httpd/html
$fsDir = $gblFsRoot . $relDir ; // current directory
if ( !is_dir($fsDir) ) Error("Dir not found",$relDir) ;
switch ($POSTACTION) {
case "UPLOAD" :
if (!Writeable($fsDir)) Error("Write denied",$relDir) ;
if (strstr($FN_name,"/"))
Error("Non-conforming filename") ;
// TODO : should rather check for escapeshellcmds
// but maybe RFC 18xx asserts safe filenames ....
$source = $FN ;
$target = $fsDir . "/" . $FN_name ;
exec("cp $source $target") ;
exec("chmod $gblFilePerms $target") ;
clearstatcache() ;
break ;
case "SAVE" :
$path = $gblFsRoot . escapeshellcmd($RELPATH) ;
$writable = Writeable($path) ;
$legaldir = Writeable(dirname($path)) ;
$exists = (file_exists($path)) ? 1 : 0 ;
// check for legal extension here as well
if (!($writable || (!$exists && $legaldir)))
Error("Write denied",$RELPATH) ;
$fh = fopen($path, "w") ;
fwrite($fh,$FILEDATA) ;
fclose($fh) ;
clearstatcache() ;
break ;
case "CREATE" :
// we know $fsDir exists
if (!Writeable($fsDir)) Error("Write denied",$relDir) ;
$path = $fsDir . "/" . $FN ; // file or dir to create
$relPath = $relDir . "/" . $FN ;
switch ( $T ) {
case "D" : // create a directory
if ( ! @mkdir($path,$gblDirPerms) )
Error("Mkdir failed",$relPath) ; // eg. if it exists
clearstatcache() ;
break ;
case "F" : // create a new file
// this functionality is doubled in DetailView().
// better keep it here altogether
// chmod perms to $gblFilePerms
if ( file_exists($path) && !Writable($path) )
Error("File not writable", $relPath) ;
$tstr = $PHP_SELF . "?A=E&D=" . $relDir . "&F=" . $FN ;
header("Location: " . $tstr) ;
exit ;
}
break ;
case "DELETE" :
if ( $CONFIRM != "on" ) break ;
$tstr = "Attempt to delete non-existing object or " ;
$tstr .= "insufficient privileges: " ;
if ( $FN != "") { // delete file
$path = $fsDir . "/" . $FN ;
if ( ! @unlink($path) ) {
Error("File delete failed", $tstr . $path) ;
exit ;
}
}
else { // delete directory
if ( ! @rmdir($fsDir) ) {
Error("Rmdir failed", $tstr . $fsDir) ;
}
else {
$relDir = dirname($relDir) ; // move up
}
}
break ;
default :
// user hit "CANCEL" or undefined action
}
// common to all POSTs : redirect to directory view ($relDir)
if ( $POSTACTION != "" ) {
$tstr = $PHP_SELF . "?D=" . urlencode($relDir) ;
header("Location: " . $tstr) ;
exit ;
}
// check for mode.. navigate, code display, upload, or detail?
// $A=U : upload to path given in $D
// $A=E : display detail of file $D/$F and edit
// $A=C : display code in file $D/$F
// default : display directory $D
switch ($A) {
case "U" :
// upload to $relDir
if (!Writeable($gblFsRoot . $relDir))
Error("Write access denied",$relDir) ;
$text = "Use this page to upload a single " ;
$text .= "file to <B>$SERVER_NAME</B>." ;
StartHTML("(Upload Page)", $text) ;
UploadPage($gblFsRoot, $relDir) ;
EndHTML() ;
exit ;
case "E" :
// detail of $relDir/$F
DetailPage($gblFsRoot, $relDir, $F) ;
exit ;
case "C" :
// listing of $relDir/$F
DisplayCode($gblFsRoot, $relDir, $F) ;
exit ;
}
// default: display directory $relDir
Navigate($gblFsRoot,$relDir) ;
exit ;
Error("Whooah!","By cartesian logic, this never happens") ;
?>
function Navigate($fsRoot,$relDir) {
global $gblEditable, $gblIcon ;
$self = $GLOBALS["PHP_SELF"] ;
$webRoot = "http://" . $GLOBALS["SERVER_NAME"] ;
$fsDir = $fsRoot . $relDir . "/" ; // current directory
if (!is_dir($fsDir)) Error("Dir not found",$relDir) ;
// read directory contents
if ( !($dir = @opendir($fsDir)) )
Error("Read Access denied",$relDir) ;
while ($item = readdir($dir)) {
if ( $item == ".." || $item == "." ) continue ;
if ( is_dir($fsDir . $item) ) {
$dirList[] = $item ;
}
else if ( is_file($fsDir . $item) ) {
$fileList[] = $item ;
}
else {
// unknown file type
// $text = "Could not determine file type of " ;
// Error("File Error", $text.$relDir."/".$item) ;
// exit ;
}
}
closedir($dir) ;
$emptyDir = ! (sizeof($dirList) || sizeof($fileList)) ;
// start navigation page
$text = "Use this page to add, delete or " ;
$text .= "revise files on this web site." ;
StartHTML("(Navigate)",$text) ;
echo "<TABLE BORDER=0 CELLPADDING=2
CELLSPACING=3 WIDTH="100%">" ;
// updir bar
if ($fsDir != $fsRoot) {
$parent = dirname($relDir) ;
if ($parent == "") $parent = "/" ;
?>
<TR><TD><?php echo $gblIcon("up") ?></TD><TD COLSPAN=4 CLASS=LST>
<A HREF="<?php echo $self ?>?D=<?php echo urlencode($parent) ?>">
<B><?php echo $parent ?></B></A></TD></TR>
<?php
}
// output subdirs
if (sizeof($dirList) > 0) {
sort($dirList) ;
?>
<TR><TD></TD><TD COLSPAN=4 CLASS=TOP><HR><b><font size="2">폴더 이름</font></b></TD></TR>
<!--<TR><TD></TD><TD COLSPAN=4 CLASS=TOP><HR>DIRECTORY NAME</TD></TR>-->
<?php
while (list($key,$dir) = each($dirList)) {
$tstr = "<A HREF="" . $self . "?D=" ;
$tstr .= urlencode($relDir."/".$dir) ;
$tstr .= "">" . $dir . "/</A>" ;
?>
<TR><TD><?php echo $gblIcon("fldr") ?></TD>
<TD COLSPAN=4 CLASS=LST><?php echo $tstr ?></TD>
</TR>
<?php
} // iterate over dirs
} // end if no dirs
?>
<TR><TD></TD><TD COLSPAN=4><HR><B><font size="2">현재 경로 : <?php echo $webRoot . $relDir ?></font>
</B></TD></TR>
<TR><TD></TD><TD CLASS=TOP><B><font size="2">파일 이름</font></b></TD>
<TD><?php echo $gblIcon("blank") ?></TD>
<TD CLASS=TOP><B><font size="2">마지막 변경일</font></b></TD><TD CLASS=TOP><B><font size="2">파일 크기</font></b></TD></TR>
<?php
if (sizeof($fileList) > 0) {
sort($fileList) ;
while (list($key,$file) = each($fileList)) {
$path = $fsDir."/".$file ;
$mod = filemtime($path) ;
$sz = filesize($path) ;
if ($sz >= 10240) {
$sz = (int)(($sz+1023)/1024) . " k" ;
}
else {
$sz .= " " ;
} // end size
$a = $b = "" ;
if ( ($mod + 30*86400) > time() ) {
$a = "<SPAN CLASS=RED TITLE="Newer" ;
$a .= " than 30 days"> * </SPAN>" ;
}
$tstr = $webRoot . $relDir . "/" . $file ;
$tstr = "<A HREF="" . $tstr . "">" ;
$tstr .= $file . "</A>" . $a ;
$ext = strtolower(strrchr($file,".")) ;
if ( $ext=="" ||
strstr(join(" ",$gblEditable),$ext) )
{
$b = "<A HREF="" . $self . "?A=C&F=" ;
$b .= urlencode($file) . "&D=" . urlencode($relDir) ;
$b .= "" TITLE="List contents">" ;
$b .= $gblIcon("view") . "</A>" ;
}
?>
<TR><TD>
<A HREF="<?php echo $self ?>?A=E&F=<?php echo urlencode($file)
?>&D=<?php echo urlencode($relDir) ?>" TITLE="View/Edit">
<?php echo $gblIcon($ext) ?></A></TD>
<TD CLASS=LST><?php echo $tstr ?></TD>
<TD CLASS=LST ALIGN=center><?php echo $b ?></TD>
<TD CLASS=LST><?php echo date("d/M/y G:i:s",$mod) ?></TD>
<TD CLASS=LST><?php echo $sz ?>Bytes</TD></TR>
<?php
} // iterate over files
} // end if no files
if ($emptyDir) {
?>
<FORM METHOD="POST" ACTION="<?php echo $self ?>">
<TR><TD></TD><TD COLSPAN=4 CLASS=BAR>
<INPUT TYPE="HIDDEN" NAME="DIR" VALUE="<?php echo $relDir ?>">
현재 디렉토리에 파일이 없습니다. 폴더를 삭제하실려면 체크하신후 DELETE를 눌러주세요
<INPUT TYPE="CHECKBOX" NAME="CONFIRM">
<INPUT TYPE="SUBMIT" NAME="POSTACTION" VALUE="DELETE">
</TD></TR>
</FORM>
<?php
} // end if emptyDir
?>
<TR><TD></TD><TD COLSPAN=4><HR></TD></TR>
<FORM METHOD="POST" ACTION="<?php echo $self ?>">
<TR><TD></TD><TD COLSPAN=4 CLASS=BAR>
<INPUT TYPE="RADIO" NAME="T" VALUE="D" CHECKED>
신규 폴더 만들기 - <!-- 문서 저장-OR-
<INPUT TYPE="RADIO" NAME="T" VALUE="F">FILE :-->
<NOBR>이름 <INPUT TYPE="TEXT" NAME="FN" SIZE=14>
<INPUT TYPE="HIDDEN" NAME="POSTACTION" VALUE="CREATE">
<INPUT TYPE="HIDDEN" NAME="DIR" VALUE="<?php echo $relDir ?>">
<INPUT TYPE="SUBMIT" VALUE="폴더생성"></NOBR>
<NOBR> ------------------- <A HREF="<?php echo $self
?>?A=U&D=<?php echo urlencode($relDir) ?>">파일 올리기</A>
</NOBR>
</TD></TR>
</FORM>
</TABLE>
<?php
EndHTML() ;
} // end function Navigate
//////////////////////////////////////////////////////////////////
function UploadPage($fsRoot, $relDir) {
$self = $GLOBALS["PHP_SELF"] ;
if ($relDir == "") $relDir = "/" ;
?>
<P><TABLE BORDER=0 CELLPADDING=5><TR><TD WIDTH=5></TD><TD CLASS=BAR>
<FORM ENCTYPE="multipart/form-data" METHOD="POST"
ACTION="<?php echo $self ?>">
파일이 저장될 위치 : <B><?php echo " " . $relDir ?></B>
<P><font color=red>파일의 경로명을 적어주세요</font><BR>
<INPUT TYPE="HIDDEN" NAME="DIR" VALUE="<?php echo $relDir ?>">
<INPUT TYPE="HIDDEN" NAME="POSTACTION" VALUE="UPLOAD">
<INPUT SIZE=30 TYPE="FILE" NAME="FN"></P>
<P><INPUT TYPE="SUBMIT" VALUE="올리기"></P>
<!--<P>If the <B>[BROWSE...]</B> button is not displayed,<BR>
you must upgrade to an RFC1867-compliant browser.</P>
<P>Your browser:<BR><?php// echo $GLOBALS["HTTP_USER_AGENT"] ?></P>-->
</FORM>
</TD></TR>
<TR><TD></TD><TD>
<FORM METHOD="POST" ACTION="<?php echo $self ?>">
<INPUT TYPE="HIDDEN" NAME="DIR" VALUE="<?php echo $relDir ?>"><BR>
<INPUT TYPE="SUBMIT" NAME="POSTACTION" VALUE="취소">
</FORM>
</TD></TR></TABLE></P>
<?php
} // end function UploadPage
//////////////////////////////////////////////////////////////////
function Error($title,$text="") {
StartHTML("(".$title.")",$text) ;
echo "<P ALIGN=center>Hit your Browser's Back Button.</P>" ;
EndHTML() ;
exit ;
} // end function Error
//////////////////////////////////////////////////////////////////
function Writeable($path) {
// fix by -mat- filid brandy, brandy@ecrc.de, 07/JUL/99
clearstatcache ;
$perms = @fileperms($path) ;
$owner = @fileowner($path) ;
exec("id",$id) ;
eregi( "^uid=([0-9]*)",$id[0], $regs) ;
$apacheuid = $regs[1] ;
$perms = 0777 & $perms ;
if ( $apacheuid != $owner ) {
return (06 == (06 & $perms)) ? 1 : 0 ;
}
else {
return (0600 == (0600 & $perms)) ? 1 : 0 ;
}
} // end function Writable
//////////////////////////////////////////////////////////////////
function CreateHash($user, $pw) {
global $gblHash ; // hash function to use
if ($user == "" || $pw == "") {
$text = "either no password or no username supplied" ;
Error("Create Hash",$text) ;
}
$title = "(Create Hash)" ;
StartHTML($title) ;
echo "<P ALIGN=center>" ;
echo "<BLOCKQUOTE>Copy the value below and paste it " ;
echo "into the<BR>value for $gblPw in the source of " ;
echo "this file<BR><BR><B>" . $gblHash($user.$pw) ;
echo "</B><BR><BR>Hash function: " . $gblHash ;
echo "</BLOCKQUOTE></P>" ;
EndHTML() ;
exit ;
} // end function CreateHash
//////////////////////////////////////////////////////////////////
function NoEntry() {
$user = $GLOBALS["PHP_AUTH_USER"] ;
$pw = $GLOBALS["PHP_AUTH_PW"] ;
$self = $GLOBALS["PHP_SELF"] ;
$title = "(401 Unauthorized)" ;
$text = "No trespassing !" ;
StartHTML($title,$text) ;
?>
<FORM ACTION="<?php echo $self ?>?HASH=create" METHOD="POST">
<INPUT TYPE="HIDDEN" NAME="USER" VALUE="<?php echo $user ?>">
<INPUT TYPE="HIDDEN" NAME="PW" VALUE="<?php echo $pw ?>">
<BLOCKQUOTE><B>If you are a site administrator:</B><BR><BR>
Click below to <B>generate a password hash</B><BR>from
the username-password pair you just<BR>entered. Then include the hash in
the source<BR>of this file.<BR><BR>
<INPUT TYPE="SUBMIT" VALUE="CREATE HASH">
</BLOCKQUOTE></FORM>
<?php
EndHTML() ;
exit ;
}
//////////////////////////////////////////////////////////////////
// MAIN PROGRAM
// ============
// query parameters: capital letters
// local functions : begin with capital letters
// global constants: begin with gbl
$gblFilePerms = "644" ; // default for new files
$gblDirPerms = 0755 ; // default for new dirs
// phpinfo() ;
// exit ;
// forks before authentication: style sheet and hash
// creation if password not yet set.
if ($STYLE == "get") { CSS() ; exit ; }
if ($HASH != "") {
CreateHash($USER, $PW) ;
exit ;
}
// authentication if $gblAuth == true
if ( $gblAuth &&
$gblHash($PHP_AUTH_USER.$PHP_AUTH_PW) != $gblPw ) {
header("WWW-authenticate: basic realm="$SERVER_NAME"") ;
header("HTTP/1.0 401 Unauthorized") ;
NoEntry() ;
exit ;
}
// get current directory relative to $gblFsRoot
$relDir = $DIR ; // from POST
if ($relDir == "") { // not defined in POST ?
$relDir = urldecode($D) ; // then use GET
}
if ($relDir == "/") $relDir = "" ;
// default : website root = ""
if (strstr($relDir,"..")) Error("No updirs allowed");
// full paths contain "fs" or "Fs". Paths realitve to root of
// website contain "rel" or "Rel". The script won't let you
// edit anything above directory equal to http://server.com
// i.e. below $gblFsRoot.
$relScriptDir = dirname($SCRIPT_NAME) ;
// i.e. /siteman
$fsScriptDir = dirname($SCRIPT_FILENAME) ;
// i.e. /home/httpd/html/siteman
$gblFsRoot = substr($fsScriptDir,0,
strlen($fsScriptDir)-strlen($relScriptDir)) ;
// i.e. /home/httpd/html
$fsDir = $gblFsRoot . $relDir ; // current directory
if ( !is_dir($fsDir) ) Error("Dir not found",$relDir) ;
switch ($POSTACTION) {
case "UPLOAD" :
if (!Writeable($fsDir)) Error("Write denied",$relDir) ;
if (strstr($FN_name,"/"))
Error("Non-conforming filename") ;
// TODO : should rather check for escapeshellcmds
// but maybe RFC 18xx asserts safe filenames ....
$source = $FN ;
$target = $fsDir . "/" . $FN_name ;
exec("cp $source $target") ;
exec("chmod $gblFilePerms $target") ;
clearstatcache() ;
break ;
case "SAVE" :
$path = $gblFsRoot . escapeshellcmd($RELPATH) ;
$writable = Writeable($path) ;
$legaldir = Writeable(dirname($path)) ;
$exists = (file_exists($path)) ? 1 : 0 ;
// check for legal extension here as well
if (!($writable || (!$exists && $legaldir)))
Error("Write denied",$RELPATH) ;
$fh = fopen($path, "w") ;
fwrite($fh,$FILEDATA) ;
fclose($fh) ;
clearstatcache() ;
break ;
case "CREATE" :
// we know $fsDir exists
if (!Writeable($fsDir)) Error("Write denied",$relDir) ;
$path = $fsDir . "/" . $FN ; // file or dir to create
$relPath = $relDir . "/" . $FN ;
switch ( $T ) {
case "D" : // create a directory
if ( ! @mkdir($path,$gblDirPerms) )
Error("Mkdir failed",$relPath) ; // eg. if it exists
clearstatcache() ;
break ;
case "F" : // create a new file
// this functionality is doubled in DetailView().
// better keep it here altogether
// chmod perms to $gblFilePerms
if ( file_exists($path) && !Writable($path) )
Error("File not writable", $relPath) ;
$tstr = $PHP_SELF . "?A=E&D=" . $relDir . "&F=" . $FN ;
header("Location: " . $tstr) ;
exit ;
}
break ;
case "DELETE" :
if ( $CONFIRM != "on" ) break ;
$tstr = "Attempt to delete non-existing object or " ;
$tstr .= "insufficient privileges: " ;
if ( $FN != "") { // delete file
$path = $fsDir . "/" . $FN ;
if ( ! @unlink($path) ) {
Error("File delete failed", $tstr . $path) ;
exit ;
}
}
else { // delete directory
if ( ! @rmdir($fsDir) ) {
Error("Rmdir failed", $tstr . $fsDir) ;
}
else {
$relDir = dirname($relDir) ; // move up
}
}
break ;
default :
// user hit "CANCEL" or undefined action
}
// common to all POSTs : redirect to directory view ($relDir)
if ( $POSTACTION != "" ) {
$tstr = $PHP_SELF . "?D=" . urlencode($relDir) ;
header("Location: " . $tstr) ;
exit ;
}
// check for mode.. navigate, code display, upload, or detail?
// $A=U : upload to path given in $D
// $A=E : display detail of file $D/$F and edit
// $A=C : display code in file $D/$F
// default : display directory $D
switch ($A) {
case "U" :
// upload to $relDir
if (!Writeable($gblFsRoot . $relDir))
Error("Write access denied",$relDir) ;
$text = "Use this page to upload a single " ;
$text .= "file to <B>$SERVER_NAME</B>." ;
StartHTML("(Upload Page)", $text) ;
UploadPage($gblFsRoot, $relDir) ;
EndHTML() ;
exit ;
case "E" :
// detail of $relDir/$F
DetailPage($gblFsRoot, $relDir, $F) ;
exit ;
case "C" :
// listing of $relDir/$F
DisplayCode($gblFsRoot, $relDir, $F) ;
exit ;
}
// default: display directory $relDir
Navigate($gblFsRoot,$relDir) ;
exit ;
Error("Whooah!","By cartesian logic, this never happens") ;
?>