Location: PHPKode > projects > PHP Remote File Management System > filemanage2.php
<?PHP

/*******************************************************************************
 * PHP Remote File Management System :: version 2.1                            *
 *******************************************************************************
 * Created by Brandon Nimon                                                    *
 * Version 2 started 28/10/2008                                                *
 *******************************************************************************
 * Notes:                                                                      *
 * Requires PHP 4.3.3 or higher. Browser requires javascript and cookies to be *
 * fully functional.                                                           *
 ******************************************************************************/

/*
 * Read the README file. It is a must read for all admins and programmers that
 * use or intend to edit this program. If you read nothing else in that file,
 * read "Notes about security" near the bottom.
 *
 * PHP Remote File Management System is the legal property of its developers
 * whose names are listed in the COPYRIGHT file.
 *
 * This program is free software; you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
 * the Free Software Foundation; either version 2 of the License, or
 * (at your option) any later version.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License
 * along with this program; if not, write to the Free Software
 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
 * or visit http://www.opensource.org/licenses/gpl-license.php
 */

/*****[ INCLUDES/CLASSES ]*****************************************************/
if (!is_file('filemanage/mysql_info.php'))
  die('Run the setup script.');
require('filemanage/mysql_info.php');
if (!defined('SMARTY_PATH'))
  die('Run the setup script.');
require('filemanage/inc.php');                                                  // include all classes and functions that are needed
$common = new common;
$files = new files;


/*****[ mySQL CONNECT ]********************************************************/
$conn = @mysql_connect($db['HOST'], $db['USER'], $db['PASSWORD']) or die ('Error connecting to mySQL. If you have not run the setup script, run that first. Be sure you have write permissions in the filemanage directory.<br /><br />'.mysql_error());
@mysql_select_db($db['DB']) or die ('Error selecting mySQL database. Please fix in filemanage/mysql_info.php<br />'.mysql_error()); // switches to QC database later on


/*****[ IP BLOCK ]*************************************************************/
define ('TABLE_PREFIX', $db['TABLE_PREFIX']);
$query = 'SELECT ip, denyallow FROM '.TABLE_PREFIX.'ipblock';
$result = $common->myquery($query, __LINE__, true);
$ipblock_ar = array();
$ipallow_ar = array();
while(list($ip, $denyallow) = mysql_fetch_row($result)) {
  if ($_SERVER['REMOTE_ADDR'] == $ip)
    die('Your IP has been blocked.');
  elseif ($denyallow == 0)
    $ipblock_ar[] = $ip;
  elseif ($denyallow == 1)
    $ipallow_ar[] = $ip;
}

// allow only IPs with wildcards
if (count($ipallow_ar) > 0) {
  $block = true;
  foreach ($ipallow_ar as $ip)
    if (fnmatch($ip, $_SERVER['REMOTE_ADDR']))
      $block = false;
  if ($block)
    die('Your IP has been blocked.');
}

// block IPs with wildcards
foreach ($ipblock_ar as $ip)
  if (fnmatch($ip, $_SERVER['REMOTE_ADDR']))
    die('Your IP has been blocked.');


/*****[ SMARTY TEMPLATING ]****************************************************/
require(SMARTY_PATH . DIRECTORY_SEPARATOR . 'libs/Smarty.class.php');                                   // Include the Smarty templating engine
$smarty = new Smarty();
/* Configure the Smarty templating engine */
$smarty->template_dir = SMARTY_PATH . DIRECTORY_SEPARATOR . 'templates';
$smarty->compile_dir  = SMARTY_PATH . DIRECTORY_SEPARATOR . 'templates_c';
$smarty->cache_dir    = SMARTY_PATH . DIRECTORY_SEPARATOR . 'cache';
$smarty->config_dir   = SMARTY_PATH . DIRECTORY_SEPARATOR . 'configs';


/*****[ SYSTEM SETTINGS ]******************************************************/
$query = 'SELECT setting, value FROM '.TABLE_PREFIX.'settings';
$result = $common->myquery($query, __LINE__, true);
while(list($setting, $value) = mysql_fetch_row($result))
  $sets[$setting] = $value;

$sets['require_login'] = $sets['require_login'] === '0' ? false : true;
$sets['no_login_perm'] = hexdec($sets['no_login_perm']);

ini_set('session.gc_maxlifetime', $sets['login_timeout']);

define ('LOG_LEVEL', $sets['log_level']);

$smarty->assign('date_format', $sets['date_format']);
$smarty->assign('long_date_format', $sets['long_date_format']);
$smarty->assign('date_time_format', $sets['date_time_format']);
if (substr(strtolower($sets['input_date_format']), 0, 2) == 'dm') {
  define('INDATEFORMAT', 'dmy');
  $input_date_format_str = 'D/M/Y';
  $smarty->assign('input_date_format_str', 'D/M/Y');
  $smarty->assign('output_input_date_format', '%d/%m/%Y');
} else {
  define('INDATEFORMAT', 'mdy');
  $input_date_format_str = 'M/D/Y';
  $smarty->assign('input_date_format_str', 'M/D/Y');
  $smarty->assign('output_input_date_format', '%m/%d/%Y');
}


/*****[ INITIALIZE PROGRAM ]***************************************************/
define ('SELF', htmlspecialchars($_SERVER['PHP_SELF']));

// borrowed from webmaster at kevinjb dot com from PHP.net post on magic_quotes page
// negates the use of magic_quotes_gpc
if (get_magic_quotes_gpc()) {
  function stripslashes_array ($array) {
    return is_array($array) ? array_map('stripslashes_array', $array) : stripslashes($array);
  }

  $_COOKIE = stripslashes_array($_COOKIE);
  $_FILES = stripslashes_array($_FILES);
  $_GET = stripslashes_array($_GET);
  $_POST = stripslashes_array($_POST);
}
set_magic_quotes_runtime(0);                                                    // turns off magic_quotes at runtime

// Get current LOC
if (isset($_GET['loc'])) {
  $loc = trim($_GET['loc']);
  if (substr($loc, 0, 1) != '/')
    $loc = '/'.$loc;
  if (substr($loc, -1) != '/')
    $loc .= '/';
} else
  $loc = '/';

define ('LOC', $loc);
define ('LLOC', $common->linksafe($loc));                                       // link-safe loc

$error_ar = array();


/*****[ LOGIN TEST ]***********************************************************/
$logintest = new login;
$login = $logintest->logintest();


/*****[ START DISPLAY ]********************************************************/
if (($login || !$sets['require_login']) && !isset($_GET['login'])) {
  $announcement = new announcement;

  if (!$login && !$sets['require_login']) {
    $sets['no_login_perm'] = bindec(substr(str_pad(decbin($sets['no_login_perm']), 8, '0', STR_PAD_LEFT), 2));
    $logintest->perms($sets['no_login_perm']);
    $ullimit = $sets['no_login_ullimit'];

    if (false !== strpos($sets['no_login_rootdir'], '..'))
      die('<font color="red">ROOT must be a literal path (cannot contrain ".."). Notify an admin or moderator.');
    if (substr($sets['no_login_rootdir'], -1) == '/')
      $sets['no_login_rootdir'] = substr($sets['no_login_rootdir'], 0, -1);
    define ('ROOT', $sets['no_login_rootdir']);
  }

  if (isset($_GET['prop']) && allowed(LOC.trim($_GET['prop']), 1)) {
    include('filemanage/includes/prop.class.php');
    new prop(trim($_GET['prop']));
    die();
  }

  if (isset($_GET['getid3']) && $sets['getid3'] == 2) {
    if (!allowed(LOC.trim($_GET['getid3']), 0))
      die();
    @include('filemanage/getid3/getid3/getid3.php');
    if ($sets['getid3_cache'])
      @include('filemanage/getid3/getid3/extension.cache.mysql.php');
    if (class_exists('getID3')) {
      if ($sets['getid3_cache'])
        $getID3 = new getID3_cached_mysql($GLOBALS['db']['HOST'], $GLOBALS['db']['DB'],
                                          $GLOBALS['db']['USER'], $GLOBALS['db']['PASSWORD']);
      else
        $getID3 = new getID3;
      $getID3->encoding = 'UTF-8';
      die(addinfo_get($_GET['getid3'], $getID3));
    }
  }


  $head = new head;
  $loc_str = $p_dir_list ? ' - '.dir_nav(LOC, true) : NULL;

  /* output starts here */
  $smarty->assign('title', LOC.($sets['title_add'] != NULL ? ' | '.$sets['title_add'] : ''));
  $smarty->display('header.tpl');
  if (isset($_GET['ajdir']) && $p_dir_list) {
    include('filemanage/includes/dir_map.class.php');
    new dir_map();
    die();
  }

  $paste = 0;
  if (!isset($_GET['clearp']) && (isset($GLOBALS['cp_s']) || isset($_COOKIE['cp']) || isset($GLOBALS['cut_s']) || isset($_COOKIE['cut']))) {
    if (isset($GLOBALS['cp_s']) || isset($_COOKIE['cp']))
      $paste = 1;
    elseif (isset($GLOBALS['cut_s']) || isset($_COOKIE['cut']))
      $paste = 2;
  }
  $smarty->assign('permissions', array('admin' => $GLOBALS['admin'], 'create' => allowed(LOC, 2), 'moderator' => $GLOBALS['moderator'], 'p_batch' => $GLOBALS['p_batch'], 'p_dir_list' => $GLOBALS['p_dir_list'], 'paste' => $paste, 'username' => (isset($_SESSION['user']) ? $_SESSION['user'] : false), 'zip' => class_exists('zip')));
  $smarty->display('toolbox.tpl');
  if (is_dir(ROOT.LOC) && $p_dir_list && (!is_hidden(LOC) || $moderator)) {
    $smarty->assign('permissions', array('p_batch' => $GLOBALS['p_batch']));
    $smarty->assign('search', isset($_POST['search']) ? $_POST['search'] : 'Search this directory...');
    $smarty->display('search_ui.tpl');
    echo '<h2>Path: <b>'.dir_nav(LOC).'</b></h2>';
  }

  foreach ($error_ar as $error)
    echo '<font color="red">'.$error.' - May be a file permissions problem or the file is open or otherwise locked.</font><br />';

/*****[ ANNOUNCEMENTS ]********************************************************/
  if ($login && isset($_GET['announcehide']))
    $announcement->hide(trim($_GET['announcehide']));
  if (!isset($_GET['announcements'])) {
    $announce_ar = $announcement->announcements();
    if (!empty($announce_ar)) {
      $announcement->viewed(array_keys($announce_ar));
      $smarty->assign('announcements', $announce_ar);
      $smarty->assign('user', $login);
      $smarty->display('announcements.tpl');
    }
  }

/*****[ THE MEAT ]*************************************************************/
  if (isset($_GET['edit']) && allowed(LOC.trim($_GET['edit']), 1) && $p_edit) {
    include('filemanage/includes/text_edit.class.php');
    new text_edit(trim($_GET['edit']));
  } elseif (isset($_GET['upload']) && allowed(LOC, 2, true)) {
    include('filemanage/includes/upload.class.php');
    new upload();
  } elseif (isset($_GET['mass_hide']) && $moderator) {
    include('filemanage/includes/mass_hide.class.php');
    new mass_hide();
  } elseif (isset($_GET['advsearch']) && $p_batch && $p_dir_list) {
    include('filemanage/includes/adv_search.class.php');
    new adv_search();
  } elseif (isset($_GET['dir_map']) && $p_dir_list) {
    include('filemanage/includes/dir_map.class.php');
    new dir_map();
  } elseif (isset($_GET['batch']) && $p_batch) {
    include('filemanage/includes/batch.class.php');
    new batch();
  } elseif (isset($_GET['manage_users']) && $moderator) {
    include('filemanage/includes/manage_users.class.php');
    new manage_users();
  } elseif (isset($_GET['announcements']) && $moderator) {
    include('filemanage/includes/manageannouncements.class.php');
    new manageannouncements();
  } elseif (isset($_GET['sys_settings']) && $admin) {
    include('filemanage/includes/sys_settings.class.php');
    new sys_settings();
  } elseif (isset($_GET['sys_log']) && $moderator) {
    include('filemanage/includes/sys_log.class.php');
    new sys_log();
  } elseif (isset($_GET['sys_clean']) && $admin) {
    include('filemanage/includes/sys_clean.class.php');
    new sys_clean();
  } elseif (isset($_GET['my_settings']) && $login) {
    include('filemanage/includes/my_settings.class.php');
    new my_settings();
  } elseif (is_dir(ROOT.LOC) && $p_dir_list && (!is_hidden(LOC) || $moderator)) {
    include('filemanage/includes/contents_disp.class.php');
    new contents_disp();
  } else {
    echo '<font color="red">Directory does not exists or has been hidden by a moderator or admin.<br />';
    echo 'Try <a href="'.SELF.'?loc=/">ROOT</a> or contact an administrator for assistance.</font>';
  }

} elseif ($sets['require_login'] || $disp_login) {
  $smarty->display('header.tpl');
  $logintest->login_form();
}

$smarty->display('footer.tpl');
$logintest->log_visits();

?>
Return current item: PHP Remote File Management System