'.__LINE__.') session_save_path:   "'.ini_get('session.save_path').'"
'; } //****************************************************************************** /******************************************************************************* Except where noted otherwise: Copyright © 2009-2012 https://github.com/rocktronica Copyright © 2012- https://github.com/Self-Evident Under the following terms (an "MIT" License): Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software. THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. *******************************************************************************/ /******************************************************************************* A portion of this software is copyright under terms of the "BSD" license (below). The copyright holders of that portion are indicated near where that portion is included. (Search for references to the BSD license) Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: * Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. * Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. * Neither the name of the author or copyright holder, nor the names of its contributors may be used to endorse or promote products derived from this software without specific prior written permission. THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. *******************************************************************************/ // CONFIGURABLE OPTIONS ******************************************************** $MAIN_TITLE = "OneFileCMS"; $USERNAME = "username"; $HASHWORD = "5ccc11367dc9fc18822100df2149464a64c8992fc0de9cce2a7a451360491650"; //$HASHWORD = "5ccc11367dc9fc18822100df2149464a64c8992fc0de9cce2a7a451360491650"; //"password" with $PRE_ITERATIONS = 10000 $SALT = 'somerandomsalt'; $MAX_ATTEMPTS = 3; //Max failed login attempts before LOGIN_DELAY starts. $LOGIN_DELAY = 10; //In seconds. $MAX_IDLE_TIME = 600; //In seconds. 600 = 10 minutes. Other PHP settings (like gc) may limit its max effective value. $TO_WARNING = 120; //In seconds. When idle time remaining is less than this value, a TimeOut warning is displayed. $LOG_LOGINS = true; //Keep log of login attempts. $MAIN_WIDTH = '810px'; //Width of main
defining page layout. Can be px, pt, em, or %. Assumes px otherwise. $WIDE_VIEW_WIDTH = '97%'; //Width to set Edit page if [Wide View] is clicked. Can be px, pt, em, or %. Assumes px otherwise. $LINE_WRAP = "on"; //"on", anything else = "off". Default for edit page. Once on page, line-wrap can toggle on/off. $TAB_SIZE = 4; //Some browsers recognize a css tab-size. Some don't (IE/Edge, as of mid-2016). $MAX_EDIT_SIZE = 250000; // Edit gets flaky with large files in some browsers. Trial and error your's. $MAX_VIEW_SIZE = 1000000; // If file > $MAX_EDIT_SIZE, don't even view in OneFileCMS. // The default max view size is completely arbitrary. Basically, it was 2am, and seemed like a good idea at the time. $MAX_IMG_W = 810; //Max width (in px) to display images. (main width is 810) $MAX_IMG_H = 1000; //Max height (in px). I don't know, it just looks reasonable. $UPLOAD_FIELDS = 10; //Number of upload fields on Upload File(s) page. Max value is ini_get('max_file_uploads'). $FAVICON = "favicon.ico"; //Path is relative to root of website. $EXCLUDED_FILES = ""; //csv list of filenames to exclude from directory listings- CaSe sEnsiTive! $EDIT_FILES = "svg,asp,cfg,conf,csv,css,dtd,htm,html,xhtml,htaccess,ini,js,log,markdown,md,php,pl,txt,text,types"; //Editable file types. $SHOW_FILES = "*"; // Shown types; only files of the given types should show up in the file-listing // Use $SHOW_FILES exactly like $EDIT_FILES: a list of extensions separated by commas. // If $SHOW_FILES is set to null - by intention or by error - only folders will be shown. // If $SHOW_FILES is set to the *-wildcard (the default), all files will show up. // If $SHOW_FILES is set to "html,htm" for example, only file with the extension "html" or "htm" will get listed. $SHOW_IMGS = "jpg,gif,png,bmp,ico"; //image types to display on edit page. //File types (extensions). _ftypes & _fclass must have the same number of values. bin is default. $FILE_TYPES = "bin,z,gz,7z,zip,jpg,gif,png,bmp,ico,svg,asp,cfg,conf,csv,css,dtd,htm,html,xhtml,htaccess,ini,js,log,markdown,md,php,pl,txt,text"; //Cooresponding file classes to _ftypes - used to determine icons for directory listing. $FILE_CLASSES = "bin,z,z ,z ,z ,img,img,img,img,img,svg,txt,txt,cfg ,txt,css,txt,htm,htm ,htm ,txt ,txt,txt,txt,txt ,txt,php,php,txt,txt"; $EX = '( ! ) '; //EXclaimation point "icon" Used in $MESSAGE's $PAGEUPDOWN = 10; //Number of rows to jump using Page Up/Page Down keys on directory listing. $SESSION_NAME = 'OFCMS'; //Name of session cookie. Change if using multiple copies of OneFileCMS concurrently. //Optional: restrict access to a particular sub folder from root. //$ACCESS_ROOT = '/some/path'; //If blank or invalid, default is $_SERVER['DOCUMENT_ROOT']. //$ACCESS_ROOT = '/home/'.get_current_user(); //Optional: specify a default start path on login. //$DEFAULT_PATH = 'some/path/deeper/' //Must be a decendant of $ACCESS_ROOT. //If blank or invalid, defaults to $ACCESS_ROOT. //$DEFAULT_PATH = '/home/'.get_current_user().'/public_html'; //URL of optional external style sheet. Used as an href in //If file is not found, or is incomplete, built-in defaults will be used. //$CSS_FILE = 'OneFileCMS.css'; //Notes for $LANGUAGE_FILE, $WYSIWYG_PLUGIN, and $CONFIG_FILE: // // Filename path examples: // 1) $SOME_FILE = "/some/path/from/system/root/somefile.php" //Absolue to filesystem. // 2) $SOME_FILE = $_SERVER['DOCUMENT_ROOT']."/some/path/from/web/root/somefile.php" //Relative to root of web site. //Name of optional external language file. If file is not found, the built-in defaults will be used. //$LANGUAGE_FILE = "/home/user/public_html/OneFileCMS.LANG.EN.php"; //Init file for optional external wysiwyg editor. //Sample init files are availble in the "extras\" folder of the OneFileCMS repo, but the actual editors are not. //$WYSIWYG_PLUGIN = '/home/user/public_html/plugins/plugin-tinymce_init.php'; //$WYSIWYG_PLUGIN = '/home/user/public_html/plugins/plugin-ckeditor_init.php'; //Name of optional external config file. Any settings it contains will supersede those above. //See the sample file in the OneFileCMS github repo for format example. //Basically, it is just a php file with a copy/paste of this configuration section. //$CONFIG_FILE = '/home/user/public_html/extras/OneFileCMS.config.SAMPLE.php'; //end CONFIGURABLE OPTIoNS ***************************************************** function System_Setup() {//***************************************************** global $_, $MAX_IDLE_TIME, $LOGIN_ATTEMPTS, $LOGIN_DELAYED, $MAIN_WIDTH, $WIDE_VIEW_WIDTH, $MAX_EDIT_SIZE, $MAX_VIEW_SIZE, $EXCLUDED_FILES, $TAB_SIZE, $EDIT_FILES, $SHOW_FILES, $SHOW_IMGS, $FILE_TYPES, $FILE_CLASSES, $SHOWALLFILES, $ETYPES, $STYPES, $ITYPES, $FTYPES, $FCLASSES, $EXCLUDED_LIST, $LANGUAGE_FILE, $ACCESS_ROOT, $ACCESS_ROOT_len, $WYSIWYG_PLUGIN, $WYSIWYG_VALID, $WYSIWYG_PLUGIN_OS, $INVALID_CHARS, $WHSPC_SLASH, $VALID_PAGES, $LOGIN_LOG_url, $LOGIN_LOG_file, $ONESCRIPT, $ONESCRIPT_file, $ONESCRIPT_backup, $ONESCRIPT_file_backup, $CONFIG_backup, $CONFIG_FILE, $CONFIG_FILE_backup, $VALID_CONFIG_FILE, $DOC_ROOT, $WEBSITE, $PRE_ITERATIONS, $EX, $MESSAGE, $ENC_OS, $DEFAULT_PATH, $DELAY_Expired_Reload, $DELAY_Sort_and_Show_msgs, $DELAY_Start_Countdown, $DELAY_final_messages, $MIN_DIR_ITEMS, $DIRECTORY_COLUMNS; //Used to pass & display any setup $MESSAGES only if $_SESSION['valid']. //(So they don't display on the Login screen.) $setup_messages = ""; //Requires PHP 5.1 or newer, due to changes in explode() (and maybe others). define('PHP_VERSION_ID_REQUIRED',50100); //Ex: 5.1.23 is 50123 define('PHP_VERSION_REQUIRED' ,'5.1 + '); //Used in exit() message. //The predefined constant PHP_VERSION_ID has only been available since 5.2.7. //So, if needed, convert PHP_VERSION (a string) to PHP_VERSION_ID (an integer). //Ex: 5.1.23 converts to 50123. if (!defined('PHP_VERSION_ID')) { $phpversion = explode('.', PHP_VERSION); define('PHP_VERSION_ID', ($phpversion[0] * 10000 + $phpversion[1] * 100 + $phpversion[2])); } if( PHP_VERSION_ID < PHP_VERSION_ID_REQUIRED ) { exit( 'PHP '.PHP_VERSION.'
'.hsc($_['OFCMS_requires']).' '.PHP_VERSION_REQUIRED ); } mb_detect_order("UTF-8, ASCII, Windows-1252, ISO-8859-1"); //Get server's File System encoding. Windows NTFS uses ISO-8859-1 / Windows-1252. //Needed when working with non-ascii filenames. if (php_uname("s") == 'Windows NT') {$ENC_OS = 'Windows-1252';} else {$ENC_OS = 'UTF-8';} //Allow OneFileCMS.php to be started from any dir on the site. //This also effects the path in an include("path/somefile.php") chdir('/'); $INVALID_CHARS = '< > ? * : " | / \\'; //Illegal characters for file & folder names. Space deliminated. $WHSPC_SLASH = "\x00..\x20/"; //Whitespace & forward slash. For trimming file & folder name inputs. //$DOC_ROOT is normalized to always be (for ex:) "server/doc/root/", instead of "C:/server/doc/root/" if on Windows. $ds_pos = strpos($_SERVER['DOCUMENT_ROOT'], "/") * 1; $DOC_ROOT = trim(substr($_SERVER['DOCUMENT_ROOT'], $ds_pos), '/').'/'; $WEBSITE = $_SERVER['HTTP_HOST'].'/'; $ONESCRIPT = URLencode_path($_SERVER['SCRIPT_NAME']); //Used for URL's in HTML attributes $ONESCRIPT_file = $_SERVER['SCRIPT_FILENAME']; //Non-url file system use. $ONESCRIPT_backup = $ONESCRIPT.'-BACKUP.txt'; //used for p/w & u/n updates. $ONESCRIPT_file_backup = $ONESCRIPT_file.'-BACKUP.txt'; //used for p/w & u/n updates. $LOGIN_ATTEMPTS = $ONESCRIPT_file.'.invalid_login_attempts';//Non-url file system use. $LOGIN_LOG_url = $ONESCRIPT.'-LOGIN.log'; $LOGIN_LOG_file = $ONESCRIPT_file.'-LOGIN.log'; //If specified, check for & load $LANGUAGE_FILE if (isset($LANGUAGE_FILE)) { $LANGUAGE_FILE_OS = Convert_encoding($LANGUAGE_FILE); if (is_file($LANGUAGE_FILE_OS)) { include($LANGUAGE_FILE_OS); } else { $setup_messages .= '$LANGUAGE_FILE '.hsc($_['Not_found']).": ".hsc($LANGUAGE_FILE)."
"; } } //If specified, validate $WYSIWYG_PLUGIN. Actual include() is at end of OneFileCMS. $WYSIWYG_VALID = 0; //Default to invalid. if (isset($WYSIWYG_PLUGIN)) { $WYSIWYG_PLUGIN_OS = Convert_encoding($WYSIWYG_PLUGIN); //Also used for include() if (is_file($WYSIWYG_PLUGIN_OS)) { $WYSIWYG_VALID = 1; } else { $setup_messages .= '$WYSIWYG_PLUGIN '.hsc($_['Not_found']).': '.hsc($WYSIWYG_PLUGIN)."
"; } } //If specified & found, include $CONFIG_FILE. $VALID_CONFIG_FILE = 0; if (isset($CONFIG_FILE)) { $CONFIG_FILE_OS = Convert_encoding($CONFIG_FILE); if (is_file($CONFIG_FILE_OS)) { $VALID_CONFIG_FILE = 1; include($CONFIG_FILE_OS); $CONFIG_backup = URLencode_path($CONFIG_FILE).'-BACKUP.txt'; //used for p/w & u/n updates. $CONFIG_FILE_backup = $CONFIG_FILE.'-BACKUP.txt'; //used for p/w & u/n updates. } else { $setup_messages .= $EX.'$CONFIG_FILE '.hsc($_['Not_found']).': '.hsc($CONFIG_FILE).'
'; $CONFIG_FILE = $CONFIG_FILE_OS = ''; } } //Clean up & validate $ACCESS_ROOT if (!isset($ACCESS_ROOT) || $ACCESS_ROOT == '') { $ACCESS_ROOT = $DOC_ROOT; } //Make sure it's set. $ACCESS_ROOT = trim($ACCESS_ROOT, ' /'); //Trim to '' or 'some/path' if ($ACCESS_ROOT != '') { $ACCESS_ROOT = $ACCESS_ROOT.'/'; } $ACCESS_ROOT_OS = Convert_encoding($ACCESS_ROOT); if (!is_dir('/'.$ACCESS_ROOT_OS)) { $setup_messages .= $EX.'$ACCESS_ROOT '.hsc($_['Invalid']).": $ACCESS_ROOT
"; $ACCESS_ROOT = $DOC_ROOT; $ACCESS_ROOT_OS = Convert_encoding($ACCESS_ROOT); } $ACCESS_ROOT_enc = mb_detect_encoding($ACCESS_ROOT); $ACCESS_ROOT_len = mb_strlen($ACCESS_ROOT, $ACCESS_ROOT_enc); //Clean up & validate $DEFAULT_PATH //It must either be = $ACCESS_ROOT, or $ACCESS_ROOT."some/valid/path/" if (!isset($DEFAULT_PATH) || $DEFAULT_PATH == '') { $DEFAULT_PATH = $ACCESS_ROOT; } //Make sure it's set. $DEFAULT_PATH = trim($DEFAULT_PATH, ' /'); //Trim to 'some/path' if ($DEFAULT_PATH != '') {$DEFAULT_PATH .= '/'; } $DEFAULT_PATH_OS = Convert_encoding($DEFAULT_PATH); //Verify that $DEFAULT_PATH is equal to, or a decendant of, $ACCESS_ROOT. $needle = realpath($ACCESS_ROOT); //ex: /some/access/root $haystack = realpath($DEFAULT_PATH); //ex: /some/access/root/some/default/path $needle_len = strlen($needle); $valid_subpath = (substr($haystack, 0, $needle_len) === $needle); if (!is_dir('/'.$DEFAULT_PATH_OS)) { $setup_messages .= $EX.'$DEFAULT_PATH '.$_['Invalid'].": $DEFAULT_PATH
"; $DEFAULT_PATH = $ACCESS_ROOT; $DEFAULT_PATH_OS = Convert_encoding($DEFAULT_PATH); } else if (!$valid_subpath) { $setup_messages .= $EX.''.$_['must_be_decendant'].'
'; $setup_messages .= "\$ACCESS_ROOT = $ACCESS_ROOT
"; $setup_messages .= "\$DEFAULT_PATH = $DEFAULT_PATH
"; $DEFAULT_PATH = $ACCESS_ROOT; $DEFAULT_PATH_OS = Convert_encoding($DEFAULT_PATH); } $MAIN_WIDTH = validate_units($MAIN_WIDTH); $WIDE_VIEW_WIDTH = validate_units($WIDE_VIEW_WIDTH); //Just some basic validation. The 80 is just a round number that seems reasonable. $TAB_SIZE = intval($TAB_SIZE); if (($TAB_SIZE < 1) || ($TAB_SIZE > 80)) { $TAB_SIZE = 8; } ini_set('session.gc_maxlifetime', $MAX_IDLE_TIME + 100); //in case the default is less. $VALID_PAGES = array("login","logout","admin","hash","changepw","changeun","index","edit","upload","uploaded","newfile","renamefile","copyfile","deletefile","deletefolder","newfolder","renamefolder","copyfolder","mcdaction", "phpinfo", "raw_view"); //Make arrays out of a few config variables for actual use later. //First, remove spaces and make lowercase (for *types). $SHOWALLFILES = $STYPES = false; if ($SHOW_FILES == '*') { $SHOWALLFILES = true; } else { $STYPES = explode(',', mb_strtolower(str_replace(' ', '', $SHOW_FILES))); }//shown file types $ETYPES = explode(',', mb_strtolower(str_replace(' ', '', $EDIT_FILES))); //editable file types $ITYPES = explode(',', mb_strtolower(str_replace(' ', '', $SHOW_IMGS))); //images types to display $FTYPES = explode(',', mb_strtolower(str_replace(' ', '', $FILE_TYPES))); //file types with icons $FCLASSES = explode(',', mb_strtolower(str_replace(' ', '', $FILE_CLASSES))); //for file types with icons $EXCLUDED_LIST = explode(',', str_replace(' ', '', $EXCLUDED_FILES)); //A few variables for values that were otherwise hardcoded in js. //$DELAY_... values are in milliseconds. //The values were determined thru quick experimentation, and may be tweaked if desired, except as noted. $DELAY_Sort_and_Show_msgs = 20; //Needed so "Working..." message shows during directory sorts. Mostly for Firefox. $DELAY_Start_Countdown = 25; //Needs to be > than $Sort_and_Show_msgs. Used in Timeout_Timer(). $DELAY_final_messages = 25; //Needs to be > than $Sort_and_Show_msgs. Delays final Display_Messages(). $DELAY_Expired_Reload = 10000; //Delay from Session Expired to page load of login screen. Ten seconds, but can be less/more. $MIN_DIR_ITEMS = 25; //Minimum number of directory items before "Working..." message is needed/displayed. //Validate wide_view cookie... if ( !isset($_COOKIE['wide_view']) || ($_COOKIE['wide_view'] !== "on") ) { $_COOKIE['wide_view'] = "off"; } //This will probably never change, again... //Value deterimined in Create_Table_for_Listing(), and used in Assemble_Insert_row() & Init_Dir_table_rows(). $DIRECTORY_COLUMNS = 10; //Used in hashit() and js_hash_scripts(). IE<9 is WAY slow, so keep it low. //For 200 iterations: (time on IE8) > (37 x time on FF). And the difference grows with the iterations. //If you change this, or any other aspect of either hashit() or js_hash_scripts(), do so while logged in. //Then, manually update your password as instructed on the Admin/Generate Hash page. $PRE_ITERATIONS = 10000; return $setup_messages; }//end System_Setup() //******************************************************* function Default_Language() { // *********************************************** global $_; // OneFileCMS Language Settings v3.6.09 (Not always in sync with OFCMS version#, if no changes to displayed wording.) $_['LANGUAGE'] = 'English'; $_['LANG'] = 'EN'; // If no translation or value is desired for a particular setting, do not delete // the actual setting variable, just set it to an empty string. // For example: $_['some_unused_setting'] = ''; // // Remember to slash-escape any single quotes that may be within the text: \' // The back-slash itself may or may not also need to be escaped: \\ // // If present as a trailing comment, "## NT ##" means 'Needs Translation'. // // These first few settings control a few font and layout settings. // In some instances, some langauges may use significantly longer words or phrases than others. // So, a smaller font or less spacing may be desirable in those places to preserve page layout. $_['front_links_font_size'] = '1.0em'; //Buttons on Index page. $_['front_links_margin_L'] = '1.0em'; $_['MCD_margin_R'] = '1.0em'; //[Move] [Copy] [Delete] buttons $_['button_font_size'] = '0.9em'; //Buttons on Edit page. $_['button_margin_L'] = '0.7em'; $_['button_padding'] = '4px 4px 4px 4px'; //T R B L ,or, V H if only two values. $_['image_info_font_size'] = '1em'; //show_img_msg_01 & _02 $_['image_info_pos'] = ''; //If 1 or true, moves the info down a line for more space. $_['select_all_label_size'] = '.84em'; //Font size of $_['Select_All'] $_['select_all_label_width'] = '72px'; //Width of space for $_['Select_All'] $_['HTML'] = 'HTML'; $_['WYSIWYG'] = 'WYSIWYG'; //... $_['Admin'] = 'Admin'; $_['bytes'] = 'bytes'; $_['Cancel'] = 'Cancel'; $_['cancelled'] = 'cancelled'; $_['Close'] = 'Close'; $_['Copy'] = 'Copy'; $_['Copied'] = 'Copied'; $_['Create'] = 'Create'; $_['Date'] = 'Date'; $_['Delete'] = 'Delete'; $_['DELETE'] = 'DELETE'; $_['Deleted'] = 'Deleted'; $_['Edit'] = 'Edit'; $_['Enter'] = 'Enter'; $_['Error'] = 'Error'; $_['errors'] = 'errors'; $_['ext'] = '.ext'; //## NT ## filename[.ext]ension $_['File'] = 'File'; $_['files'] = 'files'; $_['Folder'] = 'Folder'; $_['folders'] = 'folders'; $_['From'] = 'From'; $_['Group'] = 'Group'; //## NT ## as of 3.6.09 $_['Hash'] = 'Hash'; $_['Invalid'] = 'Invalid'; //## NT ## as of 3.5.23 $_['Move'] = 'Move'; $_['Moved'] = 'Moved'; $_['Name'] = 'Name'; //... $_['off'] = 'off'; $_['on'] = 'on'; $_['Owner'] = 'Owner'; //## NT ## as of 3.6.09 $_['Password'] = 'Password'; $_['Rename'] = 'Rename'; $_['reset'] = 'Reset'; $_['save_1'] = 'Save'; $_['save_2'] = 'SAVE CHANGES'; $_['Size'] = 'Size'; $_['Source'] = 'Source'; //## NT ## $_['successful'] = 'successful'; $_['To'] = 'To'; $_['Upload'] = 'Upload'; $_['Username'] = 'Username'; $_['View'] = 'View'; $_['Log_In'] = 'Log In'; $_['Log_Out'] = 'Log Out'; $_['Admin_Options'] = 'Administration Options'; $_['Are_you_sure'] = 'Are you sure?'; $_['View_Raw'] = 'View Raw'; //## NT ### as of 3.5.07 $_['Open_View'] = 'Open/View in browser window'; $_['Edit_View'] = 'Edit / View'; $_['Wide_View'] = 'Wide View'; $_['Normal_View'] = 'Normal View'; $_['Word_Wrap'] = 'Word Wrap'; //## NT ## as of 3.5.19 $_['Line_Wrap'] = 'Line Wrap'; //## NT ## as of 3.5.20 $_['Upload_File'] = 'Upload File'; $_['New_File'] = 'New File'; $_['Ren_Move'] = 'Rename / Move'; $_['Ren_Moved'] = 'Renamed / Moved'; $_['folders_first'] = 'folders first'; //## NT ## $_['folders_first_info'] = 'Sort folders first, but don\'t change primary sort.'; //## NT ## $_['New_Folder'] = 'New Folder'; $_['Ren_Folder'] = 'Rename / Move Folder'; $_['Submit'] = 'Submit Request'; $_['Move_Files'] = 'Move File(s)'; $_['Copy_Files'] = 'Copy File(s)'; $_['Del_Files'] = 'Delete File(s)'; $_['Selected_Files'] = 'Selected Folders and Files'; $_['Select_All'] = 'Select All'; $_['Clear_All'] = 'Clear All'; $_['New_Location'] = 'New Location'; $_['No_files'] = 'No files selected.'; $_['Not_found'] = 'Not found'; $_['Invalid_path'] = 'Invalid path'; //## NT ## $_['must_be_decendant'] = '$DEFAULT_PATH must be a decendant of, or equal to, $ACCESS_ROOT'; //## NT ## as of 3.5.23 $_['Update_failed'] = 'Update failed'; $_['Working'] = 'Working - please wait...'; //## NT ## $_['Enter_to_edit'] = '[Enter] to edit'; //## NT ## as of 3.6.07 $_['Press_Enter'] = 'Press [Enter] to save changes. Press [Esc] or [Tab] to cancel.'; //## NT ## as of 3.6.07 $_['Permissions_msg_1'] = 'Permissions must be exactly 3 or 4 octal digits (0-7)'; //## NT ## as of 3.6.07 $_['verify_msg_01'] = 'Session expired.'; $_['verify_msg_02'] = 'INVALID POST'; $_['get_get_msg_01'] = 'File does not exist:'; $_['get_get_msg_02'] = 'Invalid page request:'; $_['check_path_msg_02'] = '"dot" or "dot dot" path segments are not permitted.'; $_['check_path_msg_03'] = 'Path or filename contains an invalid character:'; $_['ord_msg_01'] = 'A file with that name already exists in the target directory.'; $_['ord_msg_02'] = 'Saving as'; $_['rCopy_msg_01'] = 'A folder can not be copied into one of its own sub-folders.'; $_['show_img_msg_01'] = 'Image shown at ~'; $_['show_img_msg_02'] = '% of full size (W x H ='; $_['hash_txt_01'] = 'The hashes generated by this page may be used to manually update $HASHWORD in OneFileCMS, or in an external config file. In either case, make sure you remember the password used to generate the hash!'; $_['hash_txt_06'] = 'Type your desired password in the input field above and hit Enter.'; $_['hash_txt_07'] = 'The hash will be displayed in a yellow message box above that.'; $_['hash_txt_08'] = 'Copy and paste the new hash to the $HASHWORD variable in the config section.'; $_['hash_txt_09'] = 'Make sure to copy ALL of, and ONLY, the hash (no leading or trailing spaces etc).'; $_['hash_txt_10'] = 'A double-click should select it...'; $_['hash_txt_12'] = 'When ready, logout and login.'; $_['pass_to_hash'] = 'Password to hash:'; $_['Generate_Hash'] = 'Generate Hash'; $_['login_msg_01a'] = 'There have been'; $_['login_msg_01b'] = 'invalid login attempts.'; $_['login_msg_02a'] = 'Please wait'; $_['login_msg_02b'] = 'seconds to try again.'; $_['login_msg_03'] = 'INVALID LOGIN ATTEMPT #'; $_['edit_note_00'] = 'NOTES:'; $_['edit_note_01a'] = 'Remember- '; $_['edit_note_01b'] = 'is'; $_['edit_note_02'] = 'So save changes before the clock runs out, or the changes will be lost!'; $_['edit_note_03'] = 'With some browsers, such as Chrome, if you click the browser [Back] then browser [Forward], the file state may not be accurate. To correct, click the browser\'s [Reload].'; $_['edit_h2_1'] = 'Viewing:'; $_['edit_h2_2'] = 'Editing:'; $_['edit_txt_00'] = 'Edit disabled.'; //## NT ## as of 3.5.07 $_['edit_txt_01'] = 'Non-text or unkown file type. Edit disabled.'; $_['edit_txt_02'] = 'File possibly contains an invalid character. Edit and view disabled.'; $_['edit_txt_03'] = 'htmlspecialchars() returned an empty string from what may be an otherwise valid file.'; $_['edit_txt_04'] = 'This behavior can be inconsistant from version to version of php.'; $_['edit_txt_05'] = 'File is readonly.'; $_['too_large_to_edit_01'] = 'Edit disabled. Filesize >'; $_['too_large_to_edit_02'] = 'Some browsers (ie: IE) bog down or become unstable while editing a large file in an HTML \n"; echo "
\n"; $wrap_on_off = hsc($_['Line_Wrap'])." "; $wrap_on_off .= "" .hsc($_['on']) ."/"; $wrap_on_off .= "".hsc($_['off']).""; echo ""; } }//end if/elseif... }//end if non-image Edit_Page_buttons($text_editable, $too_large_to_edit, $writable); echo "\n\n"; Edit_Page_scripts(); if ( !$IS_OFCMS && $text_editable && !$too_large_to_edit && !$bad_chars && $writable) {Edit_Page_Notes();} }//end Edit_Page_form() //****************************************************** function Edit_Page_Notes() {//************************************************** global $_, $MAX_IDLE_TIME; $SEC = $MAX_IDLE_TIME; $HRS = floor($SEC/3600); $SEC = fmod($SEC,3600); $MIN = floor($SEC/60); if ($MIN < 10) { $MIN = "0".$MIN; }; $SEC = fmod($SEC,60); if ($SEC < 10) { $SEC = "0".$SEC; }; $HRS_MIN_SEC = $HRS.':'.$MIN.':'.$SEC; ?>
1)
2)
$MAX_EDIT_SIZE); $too_large_to_view = (filesize($filename_OS) > $MAX_VIEW_SIZE); //Don't load $WYSIWYG_PLUGIN if not needed if (!$text_editable || $too_large_to_edit) {$WYSIWYG_VALID = 0;} //Get file contents if (($text_editable && !$too_large_to_view) || $IS_OFCMS) { $raw_contents = file_get_contents($filename_OS); $file_ENC = mb_detect_encoding($raw_contents); //ASCII, UTF-8, ISO-8859-1, etc... if ($file_ENC != 'UTF-8') { $raw_contents = mb_convert_encoding($raw_contents, 'UTF-8', $file_ENC); } }else{ $file_ENC = ""; $raw_contents = ""; } if (PHP_VERSION_ID < 50400) { $FILECONTENTS = hsc($raw_contents); } else { $FILECONTENTS = htmlspecialchars($raw_contents,ENT_SUBSTITUTE | ENT_QUOTES, 'UTF-8'); } if ($too_large_to_view || !$text_editable) { $header2 = "";} elseif ($text_editable && !$too_large_to_edit && !$IS_OFCMS) { $header2 = hsc($_['edit_h2_2']); } else { $header2 = hsc($_['edit_h2_1']); } echo '

'.$header2.' '; echo ''; echo hsc(basename($filename)).''; echo '

'."\n"; Edit_Page_form($ext, $text_editable, $too_large_to_edit, $too_large_to_view, $file_ENC); if ( in_array( $ext, $ITYPES) ) { Show_Image($filename1); } //If image, show below the [Rename/Move] [Copy] [Delete] buttons echo '
'; //If viewing OneFileCMS itself, show Edit Disabled message. if ($IS_OFCMS && $page == "edit") { $MESSAGE .= ''; $MESSAGE .= ''; $MESSAGE .= ''.$EX.hsc($_['edit_caution_02']).'   '.$_['edit_txt_00'].'
'; } }//end Edit_Page() //*********************************************************** function Edit_response() {//***If on Edit page, and [Save] clicked ************* global $_, $EX, $MESSAGE, $filename, $filename_OS; $contents = $_POST['contents']; $contents = str_replace("\r\n", "\n", $contents); //Normalize EOL $contents = str_replace("\r" , "\n", $contents); //Normalize EOL $bytes = file_put_contents($filename_OS, $contents); if ($bytes !== false) { $MESSAGE .= ''.hsc($_['edit_msg_01']).' '.number_format($bytes).' '.hsc($_['edit_msg_02']).'
'; }else{ $MESSAGE .= $EX.''.hsc($_['edit_msg_03']).'
'; } }//end Edit_response() //******************************************************* function Upload_Page() {//****************************************************** global $_, $ONESCRIPT, $ipath, $param1, $INPUT_NUONCE, $UPLOAD_FIELDS, $MAIN_WIDTH; $max_file_uploads = ini_get('max_file_uploads'); if ($max_file_uploads < 1) { $max_file_uploads = $UPLOAD_FIELDS; } if ($max_file_uploads < $UPLOAD_FIELDS) { $UPLOAD_FIELDS = $max_file_uploads; } //$main_width is used below to determine size (width) of in FF. $main_width = $MAIN_WIDTH * 1; //set in config section. Default is 810px. $main_units = mb_substr($MAIN_WIDTH, -2); //should be px, pt, or em. //convert to px. 16px = 12pt = 1em if ( $main_units == "em") { $main_width = $main_width * 16 ; } elseif ( $main_units == "pt") { $main_width = $main_width * (16 / 12); } echo '

'.hsc($_['Upload_File']).'

'; echo '

'; echo hsc($_['upload_txt_03']).' '.ini_get('upload_max_filesize').' '.hsc($_['upload_txt_01']).'
'; echo hsc($_['upload_txt_04']).' '.ini_get('post_max_size') .' '.hsc($_['upload_txt_02']).'
'; echo '

'; echo $INPUT_NUONCE; echo '
'; echo '
'; //So
'; for ($x = 0; $x < $UPLOAD_FIELDS; $x++) { //size attibute is for FF (and is not em, px, pt, or %). //width attribute is for IE & Chrome, and can be set via css (in style_sheet()). //In FF, width of is 121px. If size=2, width = 128, etc. The base value is 114px. echo '
'."\n"; } echo '

'; Cancel_Submit_Buttons($_['Upload']); echo "\n

\n"; }//end Upload_Page() //********************************************************* function Upload_response() {//************************************************** global $_, $ipath, $ipath_OS, $page, $EX, $MESSAGE, $UPLOAD_FIELDS; $page = "index"; //return to index. $filecount = 0; foreach ($_FILES['upload_file']['name'] as $N => $name) { if ($name == "") { continue; } //ignore empty upload fields $filecount++; $filename_up = $ipath.$_FILES['upload_file']['name'][$N]; //just filename, no path. $filename_OS = Convert_encoding($filename_up); $savefile_msg = ''; $MAXUP1 = ini_get('upload_max_filesize'); //$MAXUP2 = ''; //number_format($_POST['MAX_FILE_SIZE']).' '.hsc($_['bytes']); $ERROR = $_FILES['upload_file']['error'][$N]; if ( $ERROR == 1 ){ $ERRMSG = hsc($_['upload_err_01']).' upload_max_filesize = '.$MAXUP1;} elseif (($ERROR > 1) && ($ERROR < 9)) { $ERRMSG = hsc($_['upload_err_0'.$ERROR]); } else { $ERRMSG = ''; } if ( ($ipath === false) || (($ipath != "") && !is_dir($ipath_OS))) { $MESSAGE .= $EX.''.hsc($_['upload_msg_02']).'
'; $MESSAGE .= ''.hsc($ipath).'
'; $MESSAGE .= hsc($_['upload_msg_03']).'
'; }else{ $MESSAGE .= ''.hsc($_['upload_msg_04']).' '.hsc(basename($filename_up)).'
'; if ( isset($_POST['ifexists']) && ($_POST['ifexists'] == 'overwrite') ) { if (is_file($filename_OS)) { $savefile_msg .= hsc($_['upload_msg_07']) ; } }else{ //rename to "file.etc.001" etc... $filename_up = add_serial_num($filename_up, $savefile_msg); } $filename_OS = Convert_encoding($filename_up); if(move_uploaded_file($_FILES['upload_file']['tmp_name'][$N], $filename_OS)) { $MESSAGE .= ''.hsc($_['upload_msg_05']).' '.$savefile_msg.'
'; } else{ $MESSAGE .= ''.$EX.hsc($_['upload_msg_06']).' '.$ERRMSG.'
'; } } }//end foreach $_FILES if ($filecount == 0) { $page = "upload"; } //If nothing selected, just reload Upload page. }//end Upload_response() //***************************************************** function New_Page($title, $new_f_or_f) {//********************************************** global $_, $FORM_COMMON, $INVALID_CHARS; echo '

'.hsc($title).'

'; echo $FORM_COMMON; echo '

'.hsc($_['new_file_txt_01'].' '.$_['new_file_txt_02']); echo ' '.hsc($INVALID_CHARS).'

'; echo '

'; Cancel_Submit_Buttons($_['Create']); echo "\n\n"; }//end New_Page() //************************************************************ function New_response($post, $isfile) {//*************************************** global $_, $ipath, $ipath_OS, $filename, $filename_OS, $page, $param1, $param2, $param3, $MESSAGE, $EX, $INVALID_CHARS, $WHSPC_SLASH; $page = "index"; //Return to index if folder, or on error. $new_name = trim($_POST[$post], $WHSPC_SLASH); //Trim whitespace & slashes. $filename = $ipath.$new_name; $filename_OS = Convert_encoding($filename); if ($isfile) { $f_or_f = "file"; } else { $f_or_f = "folder"; } $msg_new = ''.hsc($new_name).'
'; if (has_invalid_char($new_name)){ $MESSAGE .= $EX.''.hsc($_['new_file_msg_01']).' '.$msg_new; $MESSAGE .= ''.hsc($_['new_file_msg_02']).' '.hsc($INVALID_CHARS).''; }elseif ($new_name == ""){ //No new name given. $page = "new".$f_or_f; $param3 = '&p=index'; //For [Cancel] button }elseif (file_exists($filename_OS)) { //Does file or folder already exist ? $MESSAGE .= $EX.''.hsc($_['new_file_msg_04']).' '.$msg_new; }elseif ($isfile && touch($filename_OS) ) { //Create File $MESSAGE .= ''.hsc($_['new_file_msg_05']).' '.$msg_new; //New File success. $page = "edit"; //Return to edit page. $param2 = '&f='.rawurlencode(basename($filename)); //for Edit_Page() buttons $param3 = '&p=edit'; //for Edit_Page() buttons }elseif (!$isfile && mkdir($filename_OS,0755)) { //Create Folder $MESSAGE .= ''.hsc($_['new_file_msg_07']).' '.$msg_new; //New folder success $ipath = $filename; //return to new folder $ipath_OS = Convert_encoding($filename); $param1 = '?i='.URLencode_path($ipath); }else{ $MESSAGE .= $EX.''.hsc($_['new_file_msg_01']).':
'.$msg_new; //'Error - new file not created:' } }//end New_response() //******************************************************** function Set_Input_width() {//************************************************** global $_, $MAIN_WIDTH, $ACCESS_ROOT; // Adjust (shorten) width based on width of $ACCESS_ROOT // (width of ) = $MAIN_WIDTH - (Width of

'.hsc($action.' '.$title).'

'; echo $FORM_COMMON; echo ''; echo ''; echo ''; echo '
'; echo ''; echo ''.hsc('/'.$ACCESS_ROOT).''; echo '
'; echo '('.hsc($_['CRM_txt_02']).')

'; Cancel_Submit_Buttons($action); echo "\n\n"; }//end CRM_Page() //************************************************************ function CRM_response($action, $msg1, $show_message = 3) {//******************** //$action = 'rCopy' or 'rename'. Returns 0 if successful, 1 on error. //$show_message: 0 = none; 1 = errors only; 2 = successes only; 3 = all messages (default). global $_, $ONESCRIPT, $ipath, $ipath_OS, $filename, $page, $param1, $param2, $param3, $MESSAGE, $EX, $INVALID_CHARS, $WHSPC_SLASH; $old_full_name = trim($_POST['old_full_name'], $WHSPC_SLASH); //Trim whitespace & slashes. $new_name_only = trim($_POST['new_name'], $WHSPC_SLASH); $new_location = trim($_POST['new_location'], $WHSPC_SLASH); if ($new_location != "") { $new_location .= '/'; } $new_full_name = $new_location.$new_name_only; $filename = $old_full_name; //default if error. //for function calls that access the server file system, such as rCopy, rename, file_exists, etc... $old_full_name_OS = Convert_encoding($old_full_name); $new_full_name_OS = Convert_encoding($new_full_name); $new_location_OS = Convert_encoding($new_location); $isfile = 0; if (is_file($old_full_name_OS)) { $isfile = 1;} //File or folder? //Common message lines $com_msg = '

'.hsc($_['From']).'
'.hsc($_['To']).'
'; $com_msg .= ': '.hsc($old_full_name).'
'; $com_msg .= ': '.hsc($new_full_name).'
'; $bad_name = ""; //bad file or folder name (can be either old_ or new_) $err_msg = ''; //Error message. $scs_msg = ''; //Success message. $error_code = 0; //1 = success (no error), 0 = an error. Used for return value. //Check old name for invalid chars (like .. ) (Unlikely to be false outside a malicious attempt) if ( Check_path($old_full_name,$show_message) === false ) { $bad_name = $old_full_name; }elseif ( !file_exists($old_full_name_OS) ) { $err_msg .= $EX.''.hsc($msg1.' '.hsc($_['CRM_msg_02'])).'
'; $bad_name = $old_full_name; //Ignore if new name is blank. }elseif ( mb_strlen($new_name_only) == 0 ) { $page = 'copyfile'; $param3 = '&p=copyfile'; return 0; //Check new name for invalid chars, including slashes. }elseif ( has_invalid_char($new_name_only) ) { $err_msg .= $EX.''.hsc($_['new_file_msg_02']).' '.hsc($INVALID_CHARS).'
'; $bad_name = $new_name_only; //Check new location for invalid chars etc. }elseif ( Check_path($new_location,$show_message) === false ) { $bad_name = $new_location; //$new_location must already exist as a directory }elseif ( ($new_location != "") && !is_dir($new_location_OS) ) { $err_msg .= $EX.''.hsc($msg1.' '.hsc($_['CRM_msg_01'])).'
'; $bad_name = $new_location; //Don't overwrite existing files. }elseif ( file_exists($new_full_name_OS) ) { $bad_name = $new_full_name; $err_msg .= $EX.''.hsc($msg1.' '.hsc($_['CRM_msg_03'])).'
'; }else{ //attempt $action $error_code = $action($old_full_name_OS, $new_full_name_OS); if ( $error_code > 0 ) { $scs_msg .= ''.hsc($msg1.' '.hsc($_['successful'])).'
'.$com_msg; if ($isfile) { $filename = $new_full_name; } $ipath = $new_location; $ipath_OS = $new_location_OS; }else{ $err_msg .= $EX.''.hsc($_['CRM_msg_05'].' '.$msg1).'
'.$com_msg; } }// if (($bad_name !='' ) && ($error_code == 0)) { $err_msg .= ''.hsc($bad_name).'
'; } if (($show_message & 1) && ($error_code == 0)) { $MESSAGE .= $err_msg; } //Show error message. if ( $show_message & 2) { $MESSAGE .= $scs_msg; } //Show success message. //Prior page should be either index or edit $page = $_SESSION['recent_pages'][1]; $param1 = '?i='.URLencode_path($ipath); if ($isfile & $page == "edit") {$param2 = '&f='.rawurlencode(basename($filename));} return $error_code; // }//end CRM_response() //******************************************************** function Delete_response($target, $show_message=3) {//************************** global $_, $ipath, $ipath_OS, $param1, $filename, $param2, $page, $MESSAGE, $EX; if ($target == "") { return 0; } //Prevent accidental delete of entire website. $target = Check_path($target,$show_message); $target = trim($target,'/'); $page = "index"; //Return to index //If came from admin page, return there. if ( $_SESSION['admin_page'] ) { $page = 'admin'; } $err_msg = ''; //On error, set this message. $scs_msg = ''; //On success, set this message. $error_code = rDel($target); if ($error_code > 0) { // 0 = error, > 0 is number of successes $scs_msg .= ''.hsc($_['Deleted']).': '; $scs_msg .= ''.hsc(basename($target)).'
'; $ipath = dir_name($target); //Return to parent dir. $ipath_OS = Convert_encoding($ipath); $param1 = '?i='.URLencode_path($ipath); $filename = ""; $param2 = ""; }else { //Error $err_msg .= $EX.''.hsc($_['delete_msg_03']).' '.hsc($target).'
'; $page = $_SESSION['recent_pages'][1]; if ($page == "edit") { $filename = $target; $param2 = '&f='.basename($filename); } } if ($show_message & 1) { $MESSAGE .= $err_msg; } //Show error message. if ($show_message & 2) { $MESSAGE .= $scs_msg; } //Show success message. return $error_code; }//end Delete_response() //***************************************************** function MCD_Page($action, $page_title, $classes = '') {//********************** //$action = mcd_mov or mcd_cpy or mcd_del global $_, $ONESCRIPT, $ipath, $ipath_OS, $param1, $filename, $page, $ICONS, $ACCESS_ROOT, $ACCESS_PATH, $INPUT_NUONCE, $MESSAGE; //Prep for a single file or folder if( $page == "deletefile" || $page == "deletefolder" ){ $_POST['mcdaction'] = 'delete'; //set mcdaction != copy or move (see below). if ($page == "deletefile") { $_POST['files'][1] = basename($filename); } //If $page == deletefolder, $_POST['files'][1] is set in Verify_Page_Conditions() } Set_Input_width(); echo '

'.hsc($page_title).'

'; echo '
'.$INPUT_NUONCE; echo ''."\n"; if ( ($_POST['mcdaction'] == 'copy') || ($_POST['mcdaction'] == 'move') ) { echo ''; echo ''.hsc('/'.$ACCESS_ROOT).''; echo ''; echo '

('.hsc($_['CRM_txt_02']).')

'; } echo '

'.hsc($_['Are_you_sure']).'

'; Cancel_Submit_Buttons($page_title); //List selected folders & files $full_list = Sort_Seperate($ipath, $_POST['files']); echo ''; echo ''."\n"; foreach ($full_list as $file) { $file_OS = Convert_encoding($file); if (is_dir($ipath_OS.$file_OS)) { echo ''; } else { echo ''; } echo ''."\n"; } echo '
'.hsc($_['Selected_Files']).':
'.$ICONS['folder'].' '.hsc($file).' /
' .hsc($file).'
'; echo "\n
\n"; }//end MCD_Page() //************************************************************ function MCD_response($action, $msg1, $success_msg = '') {//******************** global $_, $ipath, $ipath_OS, $EX, $MESSAGE, $WHSPC_SLASH; $files = $_POST['files']; //List of files to delete (path not included) $errors = 0; //number of failed moves, copies, or deletes $successful = 0; $new_location = ""; if (isset($_POST['new_location'])) { $new_location = $_POST['new_location']; $new_location_OS = Convert_encoding($_POST['new_location']); } $show_message = 1; //1= show error msg only. if ( ($new_location != "") && !is_dir($new_location_OS)) { $MESSAGE .= $EX.''.hsc($msg1.' '.$_['CRM_msg_01']).'
'; $MESSAGE .= ''.hsc($_POST['new_location']).'
'; return; }elseif ($action == 'rDel') { foreach ($files as $file){ if ($file == "") {continue;} //a blank file name would cause $ipath to be deleted. $error_code = Delete_response($ipath.$file, $show_message); $successful += $error_code; if ($error_code == 0) {$errors++;} } }else { //move or rCopy $mcd_ipath = $ipath; //CRM_response() changes $ipath to $new_location foreach ($files as $file){ $_POST['old_full_name'] = $mcd_ipath.$file; $_POST['new_name'] = $file; //$_POST['new_location'] should already be set by the client ( via MCD_Page() ). $error_code = CRM_response($action, $msg1, $show_message); $successful += $error_code; if ($error_code == 0) {$errors++;} } } if ($errors) {$MESSAGE .= $EX.' '.$errors.' '.hsc($_['errors']).'.
';} $MESSAGE .= ''.$successful.' '.hsc($success_msg).'
'; if ($action != 'rDel') { if ($successful > 0) { //"From:" & "To:" lines if any successes. $MESSAGE .= '
'.hsc($_['From']).'
'.hsc($_['To']).'
'; $MESSAGE .= ': '.hsc($mcd_ipath).'
'; $MESSAGE .= ': '.hsc($ipath).'
'; } } }//end MCD_response() //******************************************************** function Format_Perms($perms_oct) {//******************************************* //$perms_oct is a 3 or 4 digit octal string (7777). //file file |s s s|owner|group|world //permissions t y p e|u g t|r w x|r w x|r w x // //bits 1|4 2 1|4 2 1|4 2 1|4 2 1|4 2 1 //octal 1 7 7 7 7 7 // //bits 8 4 2 1|8 4 2 1|8 4 2 1|8 4 2 1 //hex F F F F $ugt = ['...', '..t', '.g.', '.gt', 'u..', 'u.t', 'ug.', 'ugt']; //SetUid SetGid sTicky $rwx = ['---', '--x', '-w-', '-wx', 'r--', 'r-x', 'rw-', 'rwx']; if (strlen($perms_oct) > 3) { $ugidsticky = substr($perms_oct, -4, 1); } else { $ugidsticky = 0; } $owner = substr($perms_oct, -3, 1); $group = substr($perms_oct, -2, 1); $world = substr($perms_oct, -1, 1); return "[$perms_oct][".$ugt[$ugidsticky]." ".$rwx[$owner]." ".$rwx[$group]." ".$rwx[$world]."]"; }//end Format_Perms() {//******************************************************* function Update_File_Permissions() {//****************************************** //Validate new_perms & update. //$_POST['new_perms'] must be an octal value with 3 or 4 digits (0-7) only. global $_, $MESSAGE; $new_perms = trim($_POST['new_perms']); $len = strlen($new_perms); $errors = 0; //No errrors $ipath = $_POST['ipath']; $ipath_OS = Convert_encoding($ipath); $filename = $_POST['perms_filename']; $filename_OS = Convert_encoding($ipath.$filename); //Full path/filename //Verify that each digit is octal (0-7), and that $new_perms is only 3 or 4 digits in length. if (preg_match("/^[0-7]{3,4}$/", $new_perms) != 1) { $errors++; } if ($errors > 0) { $MESSAGE .= "".$_['Invalid'].": [$new_perms] ".$_['Permissions_msg_1']."."; } //Validate path & filename. Valid_Path() required to prevent access outside $ACCESS_ROOT. if (!Valid_Path($ipath_OS, false)) { $errors++; $MESSAGE .= $_['Invalid_path'].". \n"; } if (!file_exists($filename_OS)) { $errors++; $MESSAGE .= $_['get_get_msg_01']."\n "; } if ($errors == 0) { //Update the file permissions... if (!chmod($filename_OS, octdec($new_perms))) { $errors++; $MESSAGE .= "".$_['Update_failed'].": "; } } clearstatcache(); $new_perms = decoct((fileperms($filename_OS) & 07777)); //May not actually be new, if chmod() failed. $new_perms = str_pad($new_perms, 3, "0", STR_PAD_LEFT); //Always at least three digits: 000 if ($errors == 0) { $MESSAGE .= "".hsc($_['meta_txt_03'])." "; $MESSAGE .= " ".Format_Perms($new_perms)." ".hsc($filename)."
"; } $new_perms_response = ""; $new_perms_response['new_perms'] = $new_perms; $new_perms_response['perms_filename'] = $ipath.$filename; $new_perms_response['nuonce'] = $_SESSION['nuonce']; $new_perms_response['early_output'] = ob_get_clean(); //Should always be empty unless error or trouble-shooting. $new_perms_response['errors'] = $errors.""; $new_perms_response['MESSAGE'] = $MESSAGE; $new_perms_response['writable'] = is_writable($filename_OS) * 1; //1 or 0 (true or false) echo json_encode($new_perms_response); }//end Update_File_Permissions() //********************************************* function Page_Title() {//***Page_Title()************************* global $_, $page; if (!$_SESSION['valid']) { return $_['Log_In']; } elseif ($page == "admin") { return $_['Admin_Options']; } elseif ($page == "hash") { return $_['Generate_Hash']; } elseif ($page == "changepw") { return $_['pw_change']; } elseif ($page == "changeun") { return $_['un_change']; } elseif ($page == "edit") { return $_['Edit_View']; } elseif ($page == "upload") { return $_['Upload_File']; } elseif ($page == "newfile") { return $_['New_File']; } elseif ($page == "copyfile" ) { return $_['Copy_Files']; } elseif ($page == "copyfolder" ) { return $_['Copy_Files']; } elseif ($page == "renamefile") { return $_['Ren_Move'].' '.$_['File'];} elseif ($page == "deletefile") { return $_['Del_Files']; } elseif ($page == "deletefolder") { return $_['Del_Files']; } elseif ($page == "newfolder") { return $_['New_Folder']; } elseif ($page == "renamefolder") { return $_['Ren_Folder']; } elseif ($page == "mcdaction" && ($_POST['mcdaction'] == "copy") ) { return $_['Copy_Files'];} elseif ($page == "mcdaction" && ($_POST['mcdaction'] == "move") ) { return $_['Move_Files'];} elseif ($page == "mcdaction" && ($_POST['mcdaction'] == "delete") ) { return $_['Del_Files']; } else { return $_SERVER['SERVER_NAME']; } }//end Page_Title() //********************************************************** function Load_Selected_Page() {//*********************************************** global $_, $ONESCRIPT, $ipath, $filename, $page; if (!$_SESSION['valid']) { Login_Page(); } elseif ($page == "admin") { Admin_Page(); } elseif ($page == "hash") { Hash_Page(); } elseif ($page == "changepw") { Change_PWUN_Page('pw', 'password', $_['pw_change'], $_['pw_new'], $_['pw_confirm']);} elseif ($page == "changeun") { Change_PWUN_Page('un', 'text', $_['un_change'], $_['un_new'], $_['un_confirm']);} elseif ($page == "edit") { Edit_Page(); } elseif ($page == "upload") { Upload_Page();} elseif ($page == "newfile") { New_Page($_['New_File'] , "new_file"); } elseif ($page == "newfolder") { New_Page($_['New_Folder'], "new_folder");} elseif ($page == "copyfile") { CRM_Page($_['Copy'], $_['File'] , 'copy_file' , $filename);} elseif ($page == "copyfolder") { CRM_Page($_['Copy'], $_['Folder'], 'copy_file' , $ipath);} elseif ($page == "renamefile") { CRM_Page($_['Ren_Move'], $_['File'] , 'rename_file', $filename);} elseif ($page == "renamefolder") { CRM_Page($_['Ren_Move'], $_['Folder'], 'rename_file', $ipath);} elseif ($page == "deletefile") { MCD_Page('mcd_del', $_['Del_Files'],'verify_del'); } elseif ($page == "deletefolder") { MCD_Page('mcd_del', $_['Del_Files'],'verify_del'); } elseif ($page == "mcdaction") { if ($_POST['mcdaction'] == 'move') { MCD_Page('mcd_mov', $_['Move_Files']); } if ($_POST['mcdaction'] == 'copy') { MCD_Page('mcd_cpy', $_['Copy_Files']); } if ($_POST['mcdaction'] == 'delete'){ MCD_Page('mcd_del', $_['Del_Files'], 'verify_del'); } } else /* default if session valid */ { Index_Page(); } }//end Load_Selected_Page() //************************************************** function Respond_to_POST() {//************************************************** global $_, $VALID_POST, $ipath, $page, $EX, $ACCESS_ROOT, $MESSAGE; // $_POST['key']'s must all be unique, or order of if/elseif's below becomes significant. if (!$VALID_POST) { return; } //First, validate any $_POST'ed paths against $ACCESS_ROOT. if (isset($_POST["old_full_name"]) && !Valid_Path($_POST["old_full_name"], false)) { //unlikely, but just in case $MESSAGE .= $EX.''.hsc($_['Invalid_path']).': '.hsc($_POST["old_full_name"]).''; $VALID_POST = 0; return; } if (isset($_POST["new_location"])) { $_POST["new_location"] = $ACCESS_ROOT.$_POST["new_location"]; if (!Valid_Path($_POST["new_location"], false)) { $MESSAGE .= $EX.''.hsc($_['Invalid_path']).': '.hsc($_POST["new_location"]).''; $VALID_POST = 0; return; } } if (isset($_POST['mcd_mov'] )) { MCD_response('rename', $_['Ren_Move'], $_['mcd_msg_01']); } //move == rename elseif (isset($_POST['mcd_cpy'] )) { MCD_response('rCopy' , $_['Copy'] , $_['mcd_msg_02']); } elseif (isset($_POST['mcd_del'] )) { MCD_response('rDel' , $_['Delete'] , $_['mcd_msg_03']); } elseif (isset($_POST['whattohash'] )) { Hash_response(); } elseif (isset($_POST['pw'] )) { Change_PWUN_response('pw', $_['change_pw_02']);} elseif (isset($_POST['un'] )) { Change_PWUN_response('un', $_['change_un_02']);} elseif (isset($_POST['filename'] )) { Edit_response(); } elseif (isset($_POST['new_file'] )) { New_response('new_file' , 1);} //1=file elseif (isset($_POST['new_folder'] )) { New_response('new_folder', 0);} //0=folder elseif (isset($_POST['rename_file'] )) { CRM_response('rename', $_['Ren_Move']);} elseif (isset($_POST['copy_file'] )) { CRM_response('rCopy' , $_['Copy'] );} elseif (isset($_FILES['upload_file']['name'])) { Upload_response(); } elseif (isset($_POST['new_perms'] )) { Update_File_Permissions(); } //die()'s after return from Resopnd_to_POST(). //If Changed p/w, u/n, or other Admin Page action, make sure to not return to a folder outside of $ACCESS_ROOT. Valid_Path($ipath, true); }//end Respond_to_POST() //***************************************************** function init_ICONS_js() {//**************************************************** global $ICONS; //Currently, only icons for dir listing are needed in js ?> '; } Language_and_config_adjusted_styles(); }//end Load_style_sheet() //**************************************************** //****************************************************************************** //Main logic to determine page action //****************************************************************************** Default_Language(); $setup_messages = System_Setup(); Session_Startup(); if (!isset($_SESSION['admin_page'])) { $_SESSION['admin_page'] = false; $_SESSION['admin_ipath'] = ''; } if ($_SESSION['valid']) { undo_magic_quotes(); Init_ICONS(); Get_GET(); if ($page == "phpinfo") { phpinfo(); die; } Valid_Path($ipath, true); Validate_params(); Init_Macros(); //Needs to be after Get_Get()/Validate_params()/Valid_Path() //$ACCESS_ROOT.$ACCESS_PATH == $ipath $ipath_len = mb_strlen($ipath); $ACCESS_PATH = ''; if (($ACCESS_ROOT_len < $ipath_len)) { $ACCESS_PATH = trim(mb_substr($ipath, $ACCESS_ROOT_len), ' /').'/'; } Respond_to_POST(); Verify_Page_Conditions(); //Must come after Respond_to_POST() if ($page != "login") { $MESSAGE .= $setup_messages; } //Must come after Verify_Page_Conditions() if (isset($_POST['new_perms'])) { die(); } //die() here just for clarity. Update_Recent_Pages(); //Don't show current/path/ header on some pages. $Show_Path = true; $pages_dont_show_path = array("login","admin","hash","changepw","changeun"); if ( in_array($page, $pages_dont_show_path) ){ $Show_Path = false; } // }//end if $_SESSION[valid] //end logic to determine page action ******************************************* //****************************************************************************** //Output page contents //****************************************************************************** $early_output = ob_get_clean(); // Should be blank unless trouble-shooting. ob_start(); header('Content-type: text/html; charset=UTF-8'); ?> '.hsc($MAIN_TITLE.' - '.Page_Title()).''."\n"; Load_style_sheet(); Common_Scripts(); Error_reporting_status_and_early_output(0,0); //0,0 will only show early output. if ($_SESSION['valid']) { echo '
'; } else { echo '
'; } Page_Header(); if ($_SESSION['valid'] && $Show_Path) { Current_Path_Header(); } $TABINDEX_XBOX = $TABINDEX++; //Messages, and the [X] box, not displayed until later. echo '
'; Load_Selected_Page(); //footer... if ($_SESSION['valid']) { //Countdown timer echo "
\n"; echo ""; echo "".hsc($_['time_out_txt']).""; //Adjust $TABINDEX to account for contents of directory list (created by Assemble_Insert_row()). //Directory list is created client-side by js, so tabindex is incremented by the js at that point. //Each row in directory list (with a filename) has 6 tab-able/focusable items: // [m] [c] [d] [x] [sogw] [file name] if (isset($DIRECTORY_COUNT)) { $TAB_INDEX = "tabindex=".($TABINDEX + ($DIRECTORY_COUNT * 6)); } else { $TAB_INDEX = ""; } //Admin link if ( ($_SESSION['admin_page'] === false) ) { echo ''.hsc($_['Admin']).''; } }//end footer echo "\n
\n"; //end main/login_page if ( ($page == "edit") && $WYSIWYG_VALID && $EDIT_WYSIWYG ) { include($WYSIWYG_PLUGIN_OS); } //Display any $MESSAGE's echo "\n\n\n\n"; //##### ACTUAL COUNTDOWN STARTS ON THE SERVER. //##### DO I NEED TO ACCOUNT FOR TIME RECEIVING & LOADING PAGE CLIENT SIDE? //start any timers... if ($_SESSION['valid']) { echo Timeout_Timer($MAX_IDLE_TIME, 'timer0', 'LOGOUT'); } if ($page == 'edit') { echo Timeout_Timer($MAX_IDLE_TIME, 'timer1', 'LOGOUT'); } if ($LOGIN_DELAYED > 0) { echo Timeout_Timer($LOGIN_DELAYED, 'timer0', ''); } echo "\n"; //*********************************************************** //##### Header (UTF-8) for [View Raw] incorrect or not getting sent?? //##### If file has non-ascii characters, browers display in ISO-8859-1/Windows-1252, //##### Except IE, which asks to download the file... //##### When browsers manually set to UTF-8, files display fine. //##### END OF FILE ############################################################