<?PHP
/*******************************************************************************
* PHP Remote File Management System :: version 2.1 *
*******************************************************************************
* Created by Brandon Nimon *
* Version 2 started 28/10/2008 *
*******************************************************************************
* Notes: *
* Requires PHP 4.3.3 or higher. Browser requires javascript and cookies to be *
* fully functional. *
******************************************************************************/
/*
* Read the README file. It is a must read for all admins and programmers that
* use or intend to edit this program. If you read nothing else in that file,
* read "Notes about security" near the bottom.
*
* PHP Remote File Management System is the legal property of its developers
* whose names are listed in the COPYRIGHT file.
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
* or visit http://www.opensource.org/licenses/gpl-license.php
*/
/*****[ INCLUDES/CLASSES ]*****************************************************/
if (!is_file('filemanage/mysql_info.php'))
die('Run the setup script.');
require('filemanage/mysql_info.php');
if (!defined('SMARTY_PATH'))
die('Run the setup script.');
require('filemanage/inc.php'); // include all classes and functions that are needed
$common = new common;
$files = new files;
/*****[ mySQL CONNECT ]********************************************************/
$conn = @mysql_connect($db['HOST'], $db['USER'], $db['PASSWORD']) or die ('Error connecting to mySQL. If you have not run the setup script, run that first. Be sure you have write permissions in the filemanage directory.<br /><br />'.mysql_error());
@mysql_select_db($db['DB']) or die ('Error selecting mySQL database. Please fix in filemanage/mysql_info.php<br />'.mysql_error()); // switches to QC database later on
/*****[ IP BLOCK ]*************************************************************/
define ('TABLE_PREFIX', $db['TABLE_PREFIX']);
$query = 'SELECT ip, denyallow FROM '.TABLE_PREFIX.'ipblock';
$result = $common->myquery($query, __LINE__, true);
$ipblock_ar = array();
$ipallow_ar = array();
while(list($ip, $denyallow) = mysql_fetch_row($result)) {
if ($_SERVER['REMOTE_ADDR'] == $ip)
die('Your IP has been blocked.');
elseif ($denyallow == 0)
$ipblock_ar[] = $ip;
elseif ($denyallow == 1)
$ipallow_ar[] = $ip;
}
// allow only IPs with wildcards
if (count($ipallow_ar) > 0) {
$block = true;
foreach ($ipallow_ar as $ip)
if (fnmatch($ip, $_SERVER['REMOTE_ADDR']))
$block = false;
if ($block)
die('Your IP has been blocked.');
}
// block IPs with wildcards
foreach ($ipblock_ar as $ip)
if (fnmatch($ip, $_SERVER['REMOTE_ADDR']))
die('Your IP has been blocked.');
/*****[ SMARTY TEMPLATING ]****************************************************/
require(SMARTY_PATH . DIRECTORY_SEPARATOR . 'libs/Smarty.class.php'); // Include the Smarty templating engine
$smarty = new Smarty();
/* Configure the Smarty templating engine */
$smarty->template_dir = SMARTY_PATH . DIRECTORY_SEPARATOR . 'templates';
$smarty->compile_dir = SMARTY_PATH . DIRECTORY_SEPARATOR . 'templates_c';
$smarty->cache_dir = SMARTY_PATH . DIRECTORY_SEPARATOR . 'cache';
$smarty->config_dir = SMARTY_PATH . DIRECTORY_SEPARATOR . 'configs';
/*****[ SYSTEM SETTINGS ]******************************************************/
$query = 'SELECT setting, value FROM '.TABLE_PREFIX.'settings';
$result = $common->myquery($query, __LINE__, true);
while(list($setting, $value) = mysql_fetch_row($result))
$sets[$setting] = $value;
$sets['require_login'] = $sets['require_login'] === '0' ? false : true;
$sets['no_login_perm'] = hexdec($sets['no_login_perm']);
ini_set('session.gc_maxlifetime', $sets['login_timeout']);
define ('LOG_LEVEL', $sets['log_level']);
$smarty->assign('date_format', $sets['date_format']);
$smarty->assign('long_date_format', $sets['long_date_format']);
$smarty->assign('date_time_format', $sets['date_time_format']);
if (substr(strtolower($sets['input_date_format']), 0, 2) == 'dm') {
define('INDATEFORMAT', 'dmy');
$input_date_format_str = 'D/M/Y';
$smarty->assign('input_date_format_str', 'D/M/Y');
$smarty->assign('output_input_date_format', '%d/%m/%Y');
} else {
define('INDATEFORMAT', 'mdy');
$input_date_format_str = 'M/D/Y';
$smarty->assign('input_date_format_str', 'M/D/Y');
$smarty->assign('output_input_date_format', '%m/%d/%Y');
}
/*****[ INITIALIZE PROGRAM ]***************************************************/
define ('SELF', htmlspecialchars($_SERVER['PHP_SELF']));
// borrowed from webmaster at kevinjb dot com from PHP.net post on magic_quotes page
// negates the use of magic_quotes_gpc
if (get_magic_quotes_gpc()) {
function stripslashes_array ($array) {
return is_array($array) ? array_map('stripslashes_array', $array) : stripslashes($array);
}
$_COOKIE = stripslashes_array($_COOKIE);
$_FILES = stripslashes_array($_FILES);
$_GET = stripslashes_array($_GET);
$_POST = stripslashes_array($_POST);
}
set_magic_quotes_runtime(0); // turns off magic_quotes at runtime
// Get current LOC
if (isset($_GET['loc'])) {
$loc = trim($_GET['loc']);
if (substr($loc, 0, 1) != '/')
$loc = '/'.$loc;
if (substr($loc, -1) != '/')
$loc .= '/';
} else
$loc = '/';
define ('LOC', $loc);
define ('LLOC', $common->linksafe($loc)); // link-safe loc
$error_ar = array();
/*****[ LOGIN TEST ]***********************************************************/
$logintest = new login;
$login = $logintest->logintest();
/*****[ START DISPLAY ]********************************************************/
if (($login || !$sets['require_login']) && !isset($_GET['login'])) {
$announcement = new announcement;
if (!$login && !$sets['require_login']) {
$sets['no_login_perm'] = bindec(substr(str_pad(decbin($sets['no_login_perm']), 8, '0', STR_PAD_LEFT), 2));
$logintest->perms($sets['no_login_perm']);
$ullimit = $sets['no_login_ullimit'];
if (false !== strpos($sets['no_login_rootdir'], '..'))
die('<font color="red">ROOT must be a literal path (cannot contrain ".."). Notify an admin or moderator.');
if (substr($sets['no_login_rootdir'], -1) == '/')
$sets['no_login_rootdir'] = substr($sets['no_login_rootdir'], 0, -1);
define ('ROOT', $sets['no_login_rootdir']);
}
if (isset($_GET['prop']) && allowed(LOC.trim($_GET['prop']), 1)) {
include('filemanage/includes/prop.class.php');
new prop(trim($_GET['prop']));
die();
}
if (isset($_GET['getid3']) && $sets['getid3'] == 2) {
if (!allowed(LOC.trim($_GET['getid3']), 0))
die();
@include('filemanage/getid3/getid3/getid3.php');
if ($sets['getid3_cache'])
@include('filemanage/getid3/getid3/extension.cache.mysql.php');
if (class_exists('getID3')) {
if ($sets['getid3_cache'])
$getID3 = new getID3_cached_mysql($GLOBALS['db']['HOST'], $GLOBALS['db']['DB'],
$GLOBALS['db']['USER'], $GLOBALS['db']['PASSWORD']);
else
$getID3 = new getID3;
$getID3->encoding = 'UTF-8';
die(addinfo_get($_GET['getid3'], $getID3));
}
}
$head = new head;
$loc_str = $p_dir_list ? ' - '.dir_nav(LOC, true) : NULL;
/* output starts here */
$smarty->assign('title', LOC.($sets['title_add'] != NULL ? ' | '.$sets['title_add'] : ''));
$smarty->display('header.tpl');
if (isset($_GET['ajdir']) && $p_dir_list) {
include('filemanage/includes/dir_map.class.php');
new dir_map();
die();
}
$paste = 0;
if (!isset($_GET['clearp']) && (isset($GLOBALS['cp_s']) || isset($_COOKIE['cp']) || isset($GLOBALS['cut_s']) || isset($_COOKIE['cut']))) {
if (isset($GLOBALS['cp_s']) || isset($_COOKIE['cp']))
$paste = 1;
elseif (isset($GLOBALS['cut_s']) || isset($_COOKIE['cut']))
$paste = 2;
}
$smarty->assign('permissions', array('admin' => $GLOBALS['admin'], 'create' => allowed(LOC, 2), 'moderator' => $GLOBALS['moderator'], 'p_batch' => $GLOBALS['p_batch'], 'p_dir_list' => $GLOBALS['p_dir_list'], 'paste' => $paste, 'username' => (isset($_SESSION['user']) ? $_SESSION['user'] : false), 'zip' => class_exists('zip')));
$smarty->display('toolbox.tpl');
if (is_dir(ROOT.LOC) && $p_dir_list && (!is_hidden(LOC) || $moderator)) {
$smarty->assign('permissions', array('p_batch' => $GLOBALS['p_batch']));
$smarty->assign('search', isset($_POST['search']) ? $_POST['search'] : 'Search this directory...');
$smarty->display('search_ui.tpl');
echo '<h2>Path: <b>'.dir_nav(LOC).'</b></h2>';
}
foreach ($error_ar as $error)
echo '<font color="red">'.$error.' - May be a file permissions problem or the file is open or otherwise locked.</font><br />';
/*****[ ANNOUNCEMENTS ]********************************************************/
if ($login && isset($_GET['announcehide']))
$announcement->hide(trim($_GET['announcehide']));
if (!isset($_GET['announcements'])) {
$announce_ar = $announcement->announcements();
if (!empty($announce_ar)) {
$announcement->viewed(array_keys($announce_ar));
$smarty->assign('announcements', $announce_ar);
$smarty->assign('user', $login);
$smarty->display('announcements.tpl');
}
}
/*****[ THE MEAT ]*************************************************************/
if (isset($_GET['edit']) && allowed(LOC.trim($_GET['edit']), 1) && $p_edit) {
include('filemanage/includes/text_edit.class.php');
new text_edit(trim($_GET['edit']));
} elseif (isset($_GET['upload']) && allowed(LOC, 2, true)) {
include('filemanage/includes/upload.class.php');
new upload();
} elseif (isset($_GET['mass_hide']) && $moderator) {
include('filemanage/includes/mass_hide.class.php');
new mass_hide();
} elseif (isset($_GET['advsearch']) && $p_batch && $p_dir_list) {
include('filemanage/includes/adv_search.class.php');
new adv_search();
} elseif (isset($_GET['dir_map']) && $p_dir_list) {
include('filemanage/includes/dir_map.class.php');
new dir_map();
} elseif (isset($_GET['batch']) && $p_batch) {
include('filemanage/includes/batch.class.php');
new batch();
} elseif (isset($_GET['manage_users']) && $moderator) {
include('filemanage/includes/manage_users.class.php');
new manage_users();
} elseif (isset($_GET['announcements']) && $moderator) {
include('filemanage/includes/manageannouncements.class.php');
new manageannouncements();
} elseif (isset($_GET['sys_settings']) && $admin) {
include('filemanage/includes/sys_settings.class.php');
new sys_settings();
} elseif (isset($_GET['sys_log']) && $moderator) {
include('filemanage/includes/sys_log.class.php');
new sys_log();
} elseif (isset($_GET['sys_clean']) && $admin) {
include('filemanage/includes/sys_clean.class.php');
new sys_clean();
} elseif (isset($_GET['my_settings']) && $login) {
include('filemanage/includes/my_settings.class.php');
new my_settings();
} elseif (is_dir(ROOT.LOC) && $p_dir_list && (!is_hidden(LOC) || $moderator)) {
include('filemanage/includes/contents_disp.class.php');
new contents_disp();
} else {
echo '<font color="red">Directory does not exists or has been hidden by a moderator or admin.<br />';
echo 'Try <a href="'.SELF.'?loc=/">ROOT</a> or contact an administrator for assistance.</font>';
}
} elseif ($sets['require_login'] || $disp_login) {
$smarty->display('header.tpl');
$logintest->login_form();
}
$smarty->display('footer.tpl');
$logintest->log_visits();
?>