<?PHP
/*******************************************************************************
* PHP Remote File Management System Setup Script :: version 2.1 *
*******************************************************************************
* Created by Brandon Nimon *
* Version 2 started 28/10/2008 *
******************************************************************************/
/*
* Read the README file. It is a must read for all admins and programmers that
* use or intend to edit this program. If you read nothing else in that file,
* read "Notes about security" near the bottom.
*
* PHP Remote File Management System is the legal property of its developers
* whose names are listed in the COPYRIGHT file.
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
* or visit http://www.opensource.org/licenses/gpl-license.php
*/
define ('SUVERSION', '2.1.0');
session_start();
html_start('Setup Script');
echo '<div align="center">';
if (isset($_POST['page']) && $_POST['page'] == 0) {
if (isset($_POST['newupgrade'])) {
$_SESSION['newupgrade'] = $_POST['newupgrade'];
if ($_SESSION['newupgrade'] == 'upgrade' && is_file('filemanage/mysql_info.php')) {
@include('filemanage/mysql_info.php');
$_SESSION['HOST'] = $db['HOST'];
$_SESSION['USER'] = $db['USER'];
$_SESSION['PASSWORD'] = $db['PASSWORD'];
$_SESSION['DB'] = $db['DB'];
$_SESSION['TABLE_PREFIX'] = $db['TABLE_PREFIX'];
} else
$_SESSION['newupgrade'] = 'new';
} else
unset($_POST['submit']);
}
if (isset($_POST['page']) && $_POST['page'] == 1) {
$_SESSION['HOST'] = $_POST['HOST'];
$_SESSION['USER'] = $_POST['USER'];
$_SESSION['PASSWORD'] = $_POST['PASSWORD'];
$_SESSION['DB'] = $_POST['DB'];
$_SESSION['TABLE_PREFIX'] = $_POST['TABLE_PREFIX'];
if ($_SESSION['HOST'] == '' || $_SESSION['USER'] == '' || $_SESSION['DB'] == '') {
echo '<font color="red">Some mySQL database information is blank.</font>';
$_POST['submit'] = 'Page 1';
} else {
$conn = mysql_connect($_SESSION['HOST'], $_SESSION['USER'], $_SESSION['PASSWORD']) or $_POST['submit'] = 'Page 1';
mysql_select_db($_SESSION['DB']) or $_POST['submit'] = 'Page 1';
if ($_POST['submit'] == 'Page 1')
echo '<font color="red">Could not connect to mySQL. '.mysql_error().'</font>';
}
}
if (isset($_POST['page']) && $_POST['page'] == 2) {
if ($_SESSION['newupgrade'] == 'new') {
$_SESSION['username'] = preg_replace('/[^a-zA-Z0-9s]/', '', $_POST['username']);
$_SESSION['pw'] = $_POST['pw'];
$_SESSION['cpw'] = $_POST['cpw'];
$_SESSION['rootdir'] = $_POST['rootdir'];
if (substr($_SESSION['rootdir'], -1) == '/' || substr($_SESSION['rootdir'], -1) == '\\')
$_SESSION['rootdir'] = substr($_SESSION['rootdir'], 0, -1);
}
$_SESSION['smartydir'] = $_POST['smartydir'];
if ($_SESSION['newupgrade'] == 'new' && ($_SESSION['username'] == '' || $_SESSION['pw'] == '')) {
echo '<font color="red">Invalid username or password.</font>';
$_POST['submit'] = 'Page 2';
} elseif ($_SESSION['newupgrade'] == 'new' && $_SESSION['pw'] != $_SESSION['cpw']) {
echo '<font color="red">Confirmation password and password do not match.</font>';
$_POST['submit'] = 'Page 2';
} elseif ($_SESSION['newupgrade'] == 'new' && false !== strpos('..', $_SESSION['rootdir'])) {
echo '<font color="red">ROOT directory must be an absolute path, it cannot contain ".."</font>';
$_POST['submit'] = 'Page 2';
} elseif ($_SESSION['newupgrade'] == 'new' && !is_dir($_SESSION['rootdir'])) {
echo '<font color="red">ROOT directory does not exists.</font>';
$_POST['submit'] = 'Page 2';
} elseif (!is_file($_SESSION['smartydir'].'libs/Smarty.class.php')) {
echo '<font color="red">Smarty directory is incorrect, cannot find Smarty.class.php.</font>';
$_POST['submit'] = 'Page 2';
} else {
$conn = mysql_connect($_SESSION['HOST'], $_SESSION['USER'], $_SESSION['PASSWORD']) or $_POST['submit'] = 'Page 1';
mysql_select_db($_SESSION['DB']) or $_POST['submit'] = 'Page 1';
}
}
if (isset($_POST['page']) && $_POST['page'] == 3) {
if ($_SESSION['newupgrade'] == 'new') {
$_SESSION['title'] = $_POST['title'];
$_SESSION['sha1_1'] = str_replace(';', chr(mt_rand(60, 126)), $_POST['sha1_1']);
$_SESSION['sha1_2'] = str_replace(';', chr(mt_rand(60, 126)), $_POST['sha1_2']);
}
$_SESSION['no_write'] = (isset($_POST['no_write']) ? true : false);
$_SESSION['no_mysql'] = (isset($_POST['no_mysql']) ? true : false);
$conn = mysql_connect($_SESSION['HOST'], $_SESSION['USER'], $_SESSION['PASSWORD']) or $_POST['submit'] = 'Page 1';
mysql_select_db($_SESSION['DB']) or $_POST['submit'] = 'Page 1';
}
if (!isset($_POST['submit'])) {
echo '<form name="db_setup" method="post" action="fm_setup.php">';
echo '<font size="+2"><u>Upgrade/Fresh Install</u></font><br />';
echo '<table cellpadding="2" cellspacing="0" border="0">';
echo '<tr><td>';
echo '<table cellpadding="2" cellspacing="0" border="1">';
echo '<tr><td align="center">New Install</td>';
echo '<td align="center">Upgrade from 2.0.X</td></tr>';
echo '<tr><td align="center"><input type="radio" name="newupgrade" value="new"></td>';
echo '<td align="center"><input type="radio" name="newupgrade" value="upgrade"'.(is_file('filemanage/mysql_info.php') ? ' checked' : '').'></td></tr>';
echo '</table>';
echo '<input type="hidden" name="page" value="0">';
echo '<tr><td colspan="2" align="right" width="100%"><input type="submit" name="submit" value="Page 1"></td></tr>';
echo '</table>';
echo '</form>';
} elseif ($_POST['submit'] == 'Page 1') {
echo '<form name="db_setup" method="post" action="fm_setup.php">';
echo '<font size="+2"><u>mySQL Setup</u></font><br />';
echo '<table cellpadding="2" cellspacing="0" border="0">';
echo '<tr><td align="right">Host address:</td><td><input type="text" name="HOST" value="'.htmlspecialchars(isset($_SESSION['HOST']) ? $_SESSION['HOST'] : 'localhost:3306').'"></td></tr>';
echo '<tr><td align="right">User:</td><td><input type="text" name="USER" value="'.htmlspecialchars(isset($_SESSION['USER']) ? $_SESSION['USER'] : 'root').'"></td></tr>';
echo '<tr><td align="right">Password:</td><td><input type="password" name="PASSWORD" value="'.htmlspecialchars(isset($_SESSION['PASSWORD']) ? $_SESSION['PASSWORD'] : '').'"></td></tr>';
echo '<tr><td align="right">Database:</td><td><input type="text" name="DB" value="'.htmlspecialchars(isset($_SESSION['DB']) ? $_SESSION['DB'] : 'filemanage').'"></td></tr>';
echo '<tr><td align="right">Prefix:</td><td><input type="text" name="TABLE_PREFIX" maxlength="8" value="'.htmlspecialchars(isset($_SESSION['TABLE_PREFIX']) ? $_SESSION['TABLE_PREFIX'] : 'fm_').'">';
echo '<acronym title="This allows multiple instances of this application in the same database. It can be left blank."><u>(?)</u></acronym></td></tr>';
echo '<input type="hidden" name="page" value="1">';
echo '<tr><td colspan="2" align="right" width="100%"><input type="submit" name="submit" value="Page 2"></td></tr>';
echo '</table>';
echo '</form>';
} elseif ($_POST['submit'] == 'Page 2') {
echo '<form name="admin_setup" method="post" action="fm_setup.php">';
echo '<font size="+2"><u>File Manage Admin Setup</u></font><br />';
echo '<table cellpadding="2" cellspacing="0" border="0">';
if ($_SESSION['newupgrade'] == 'new') {
echo '<tr><td align="right">Username:</td><td><input type="text" name="username" maxlength="32" value="'.htmlspecialchars(isset($_SESSION['username']) ? $_SESSION['username'] : '').'">';
echo '<acronym title="Username of the superuser."><u>(?)</u></acronym></td></tr>';
echo '<tr><td align="right">Password:</td><td><input type="password" name="pw" maxlength="128" value="'.htmlspecialchars(isset($_SESSION['pw']) ? $_SESSION['pw'] : '').'"></td></tr>';
echo '<tr><td align="right">Confirm Password:</td><td><input type="password" name="cpw" maxlength="128" value="'.htmlspecialchars(isset($_SESSION['cpw']) ? $_SESSION['cpw'] : '').'"></td></tr>';
echo '<tr><td align="right">Root Directory:</td><td><input type="text" name="rootdir" value="'.htmlspecialchars(isset($_SESSION['rootdir']) ? $_SESSION['rootdir'] : str_replace('\\', '/', dirname(__FILE__))).'">';
echo '<acronym title="Once you log in, this is the base directory you can explore."><u>(?)</u></acronym></td></tr>';
}
echo '<tr><td align="right">Path to Smarty Directory:</td><td><input type="text" name="smartydir" value="'.htmlspecialchars(isset($_SESSION['smartydir']) ? $_SESSION['smartydir'] : str_replace('\\', '/', dirname(__FILE__).'/filemanage/smarty/')).'"></td></tr>';
echo '<input type="hidden" name="page" value="2">';
echo '<tr width="100%"><td align="left"><input type="submit" name="submit" value="Page 1"></td><td align="right"><input type="submit" name="submit" value="Page 3"></td></tr>';
echo '</table>';
echo '</form>';
} elseif ($_POST['submit'] == 'Page 3') {
echo '<form name="settings_setup" method="post" action="fm_setup.php">';
echo '<font size="+2"><u>Settings</u></font><br />';
echo '<table cellpadding="2" cellspacing="0" border="0">';
if ($_SESSION['newupgrade'] == 'new') {
echo '<tr><td align="right">Site Title:</td><td><input type="text" name="title" maxlength="32" value="'.htmlspecialchars(isset($_SESSION['title']) ? $_SESSION['title'] : '').'">';
echo '<acronym title="This will be displayed in the title bar. It can be left blank."><u>(?)</u></acronym></td></tr>';
echo '<tr><td align="right">SHA1 Salt 1:</td><td><input type="text" name="sha1_1" maxlength="32" value="'.htmlspecialchars(isset($_SESSION['sha1_1']) ? $_SESSION['sha1_1'] : rand_salt()).'">';
echo '<acronym title="Salt adds a level of security to stored passwords. Generally the default values do not need to be changed."><u>(?)</u></acronym></td></tr>';
echo '<tr><td align="right">SHA1 Salt 2:</td><td><input type="text" name="sha1_2" maxlength="32" value="'.htmlspecialchars(isset($_SESSION['sha1_2']) ? $_SESSION['sha1_2'] : rand_salt()).'"></td></tr>';
}
echo '<tr><td align="right">Do not write to file:</td><td><input type="checkbox" name="no_write"'.(isset($_SESSION['no_write']) && $_SESSION['no_write'] ? ' checked' : '').'>';
echo '<acronym title="If checked, you will have to create a file manually within the filemanage directory."><u>(?)</u></acronym></td></tr>';
echo '<tr><td align="right">Do not create mySQL tables:</td><td><input type="checkbox" name="no_mysql"'.(isset($_SESSION['no_mysql']) && $_SESSION['no_mysql'] ? ' checked' : '').'>';
echo '<acronym title="If checked, you will have to create the mySQL tables manually."><u>(?)</u></acronym></td></tr>';
echo '<input type="hidden" name="page" value="3">';
echo '<tr width="100%"><td align="left"><input type="submit" name="submit" value="Page 2"></td><td align="right"><input type="submit" name="submit" value="Create Tables and File"></td></tr>';
echo '</table>';
echo '</form>';
} elseif ($_POST['submit'] == 'Create Tables and File') {
echo '</div>';
echo '<div align="left">';
if (false == $_SESSION['no_mysql']) {
$query_ar = explode(';', create_tables(($_SESSION['newupgrade'] == 'new' ? true : false)));
foreach ($query_ar as $query)
if (trim($query) != NULL)
mysql_query($query) or die('<font color="red">Tables were not created. Please diagnose problem: '.mysql_error().'</font><br />');//<br />'.nl2br($query));
echo 'Please delete this setup script file ('.__FILE__.') when you are done with the below step(s).<br /><br />';
echo 'mySQL tables were created.<br />';
} else {
echo '<table cellpadding="4" cellspacing="0" border="1" bgcolor="#404040"><tr><td>';
echo '<pre>';
echo htmlspecialchars(create_tables(($_SESSION['newupgrade'] == 'new' ? true : false)));
echo '</pre>';
echo '</td></tr></table><br /><br />';
}
$filename = 'filemanage/mysql_info.php';
$file_content = '<'.'?PHP
/*
* Read the README file. It is a must read for all programmers that intend to
* edit this program.
*
* PHP Remote File Management System is the legal property of its developers
* whose names are listed in the COPYRIGHT file.
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
* or visit http://www.opensource.org/licenses/gpl-license.php
*/
define (\'SUVERSION\', \''.SUVERSION.'\');
define (\'SMARTY_PATH\', \''.$_SESSION['smartydir'].'\');
/*****[ mySQL SETTINGS ]*******************************************************/
$db[\'HOST\'] = \''.$_SESSION['HOST'].'\';
$db[\'USER\'] = \''.$_SESSION['USER'].'\';
$db[\'PASSWORD\'] = \''.$_SESSION['PASSWORD'].'\';
$db[\'DB\'] = \''.$_SESSION['DB'].'\';
$db[\'TABLE_PREFIX\'] = \''.$_SESSION['TABLE_PREFIX'].'\';
?'.'>
';
if (false == $_SESSION['no_write'] && (!is_file($filename) || is_writable($filename)) && write_file($filename, $file_content)) {
echo 'The file ('.realpath($filename).') was created with the necessary information.<br />';
echo 'Complete.<br />';
if (is_file('filemanage2.php') && $_SESSION['newupgrade'] == 'new') {
$_SESSION['user'] = $_SESSION['username'];
$_SESSION['pw'] = sha1($_SESSION['sha1_1']hide@address.com($_SESSION['pw'], 0, 128).$_SESSION['sha1_2']);
echo '<a href="filemanage2.php?loc='.substr(str_replace('\\', '/', dirname(__FILE__)), strlen($_SESSION['rootdir'])).'/&del=fm_setup.php">Delete this file.</a>';
}
} else {
echo 'The file '.realpath($filename).' is not writable.<br />';
echo '<font color="red">Create a file named "mysql_info.php" inside the "filemanage" directory with the following content:</font><br />';
echo '<table cellpadding="4" cellspacing="0" border="1" bgcolor="#404040"><tr><td>';
echo '<pre>';
echo htmlspecialchars($file_content);
echo '</pre>';
echo '</td></tr></table>';
}
}
echo '</div>';
// generate a random salt value
function rand_salt () {
$str = NULL;
for ($i = 0; $i < 5; $i++)
$str .= chr(mt_rand(32, 126));
return str_replace(';', chr(mt_rand(60, 126)), $str);
} // end of rand_salt
// attempt to write to a file, return true on success
function write_file ($filename, $file_content) {
if (!$handle = fopen($filename, 'w')) {
fclose($handle);
return false;
}
if (false === fwrite($handle, $file_content)) {
fclose($handle);
return false;
}
fclose($handle);
return true;
} // end of write_file
// return mysql table creating string (semicolon delimiters)
function create_tables ($new) {
$str = '
-- phpMyAdmin SQL Dump
-- version 3.0.0
-- http://www.phpmyadmin.net
--
-- Host: localhost:3306
-- Generation Time: Jan 12, 2009 at 12:00 PM
-- Server version: 5.0.67
-- PHP Version: 5.2.6
SET SQL_MODE="NO_AUTO_VALUE_ON_ZERO";
--
-- Database: `filemanage`
--
-- --------------------------------------------------------
--
-- Table structure for table `badlogins`
--
CREATE TABLE IF NOT EXISTS `'.$_SESSION['TABLE_PREFIX'].'badlogins` (
`id` int(9) NOT NULL auto_increment,
`user` varchar(32) NOT NULL,
`ip` varchar(15) NOT NULL,
`date` int(10) NOT NULL,
`failtype` tinyint(1) NOT NULL,
PRIMARY KEY (`id`)
) ENGINE=InnoDB DEFAULT CHARSET=latin1 COMMENT=\'Keep track of unsuccessful logins\';
-- --------------------------------------------------------
--
-- Table structure for table `errors`
--
CREATE TABLE IF NOT EXISTS `'.$_SESSION['TABLE_PREFIX'].'errors` (
`id` int(9) NOT NULL auto_increment,
`query` text NOT NULL,
`time` int(10) NOT NULL,
`page` varchar(32) NOT NULL,
`pagepar` varchar(64) default NULL,
`post` text NOT NULL,
`line` int(9) NOT NULL,
`error` text NOT NULL,
`user` int(9) NOT NULL,
`ip` varchar(15) NOT NULL,
`viewed` tinyint(1) NOT NULL default \'0\',
PRIMARY KEY (`id`)
) ENGINE=InnoDB DEFAULT CHARSET=latin1 COMMENT=\'Keep track of errors on the site\';
-- --------------------------------------------------------
--
-- Table structure for table `fileindex`
--
CREATE TABLE IF NOT EXISTS `'.$_SESSION['TABLE_PREFIX'].'fileindex` (
`id` int(9) NOT NULL auto_increment,
`path` text NOT NULL,
`owner` int(9) NOT NULL,
`fileatrib` tinyint(2) NOT NULL,
`password` varchar(40) default NULL,
PRIMARY KEY (`id`)
) ENGINE=InnoDB DEFAULT CHARSET=latin1 COMMENT=\'Contains information about files and dirs created by FM\';
-- --------------------------------------------------------
--
-- Table structure for table `hidden`
--
CREATE TABLE IF NOT EXISTS `'.$_SESSION['TABLE_PREFIX'].'hidden` (
`id` int(9) NOT NULL auto_increment,
`path` text NOT NULL,
`user` int(9) NOT NULL,
`ip` varchar(15) NOT NULL,
`date` int(9) NOT NULL,
PRIMARY KEY (`id`)
) ENGINE=InnoDB DEFAULT CHARSET=latin1 ROW_FORMAT=COMPACT COMMENT=\'List of hidden files/dirs\';
-- --------------------------------------------------------
--
-- Table structure for table `ipblock`
--
CREATE TABLE IF NOT EXISTS `'.$_SESSION['TABLE_PREFIX'].'ipblock` (
`id` int(11) NOT NULL auto_increment,
`ip` varchar(15) NOT NULL,
`blockby` int(9) NOT NULL,
`date` int(10) NOT NULL,
PRIMARY KEY (`id`)
) ENGINE=InnoDB DEFAULT CHARSET=latin1 ROW_FORMAT=COMPACT COMMENT=\'List of blocked IPs\';
-- --------------------------------------------------------
--
-- Table structure for table `log`
--
CREATE TABLE IF NOT EXISTS `'.$_SESSION['TABLE_PREFIX'].'log` (
`id` int(9) NOT NULL auto_increment,
`level` tinyint(1) NOT NULL,
`func` varchar(32) NOT NULL,
`line` smallint(4) NOT NULL,
`description` varchar(255) NOT NULL,
`user` int(9) NOT NULL,
`ip` varchar(15) NOT NULL,
`source` text NOT NULL,
`dest` text NOT NULL,
`date` int(10) NOT NULL,
PRIMARY KEY (`id`)
) ENGINE=InnoDB DEFAULT CHARSET=latin1 COMMENT=\'error and file manipulation table\';
-- --------------------------------------------------------
--
-- Table structure for table `setting`
--
CREATE TABLE IF NOT EXISTS `'.$_SESSION['TABLE_PREFIX'].'settings` (
`id` int(9) NOT NULL auto_increment,
`setting` varchar(32) NOT NULL,
`value` varchar(32) NOT NULL,
`comment` text,
`user` int(9) NOT NULL,
`edited` int(10) NOT NULL,
PRIMARY KEY (`id`)
) ENGINE=InnoDB DEFAULT CHARSET=latin1 COMMENT=\'system settings values\' AUTO_INCREMENT=14 ;
';
if ($new)
$str .= '
--
-- Dumping data for table `settings`
--
INSERT INTO `'.$_SESSION['TABLE_PREFIX'].'settings` (`id`, `setting`, `value`, `comment`, `user`, `edited`) VALUES
(1, \'title_add\', \''.mysql_real_escape_string($_SESSION['title']).'\', \'This can be the title of the page, it will be displayed in the title bar along with "File Manage..."\', 0, 0),
(2, \'require_login\', \'1\', \'Require user to log in to view anything. Any value other than "0" will require the user to log in.\', 0, 0),
(3, \'no_login_perm\', \'3\', \'A hexadecimal representation of available permission of non-logged in users (not applicable if require_login is enabled).\', 0, 0),
(4, \'no_login_ullimit\', \'-1\', \'Limit users who are not logged in to a certain uploaded file size. Size is in bytes. 0 disables uploading files, while -1 makes the uploaded file size limited only by the server\'\'s settings.\', 0, 0),
(5, \'no_login_rootdir\', \''.mysql_real_escape_string($_SESSION['rootdir']).'\', \'Users who are not logged in can be forced to only view a certain directory. Use this the same as individual users\'\' root directory setting. Be sure not to end with a "/" and you cannot use "..".\', 0, 0),
(6, \'login_timeout\', \'86400\', \'Number of seconds before session cookie and session data are erased (thus requiring users to log in again).\', 0, 0),
(7, \'log_level\', \'5\', \'Which events should be logged. The lower the number the fewer the logs. 0 represents only fatal errors. 1 means their may have been a security problem or error. 2 is read/write errors and new users. 3 is a file/dir has been created, moved, deleted, or hidden. 4 a file/dir has been renamed or edited. 5 is a benign event.\', 0, 0),
(8, \'keep_logs\', \'5000\', \'Number of logs to keep. Every time an admin or moderator accesses the system log, the database will automatically truncate to this number of entries.\', 0, 0),
(9, \'BAD_LOGIN_COOKIE_LIMIT\', \'5\', \'Number of log in attempts with a bad username/password in cookie before lockout.\', 0, 0),
(10, \'BAD_LOGIN_LIMIT\', \'5\', \'Number of bad log in attempts from form before lockout.\', 0, 0),
(11, \'BAD_LOGIN_TIME\', \'300\', \'Number of seconds to look back for bad log in attempts, and maximum length of lockout. There can be BAD_LOGIN_LIMIT log in attempts for every BAD_LOGIN_TIME seconds.\', 0, 0),
(12, \'SHA1_SALT1\', \''.mysql_real_escape_string($_SESSION['sha1_1']).'\', \'Salt string at beginning of password to be hashed (can be longer/shorter if you need). This prevents database driven hacking attempts. Once set, these cannot be changed (as password hashes change with them).\', 0, 0),
(13, \'SHA1_SALT2\', \''.mysql_real_escape_string($_SESSION['sha1_2']).'\', \'Salt string at end of password to be hashed (can be longer/shorter if you need). This prevents database driven hacking attempts. Once set, these cannot be changed (as password hashes change with them).\', 0, 0);
';
$str .= '
-- --------------------------------------------------------
--
-- Table structure for table `usergroups`
--
CREATE TABLE IF NOT EXISTS `'.$_SESSION['TABLE_PREFIX'].'usergroups` (
`id` int(9) NOT NULL auto_increment,
`name` varchar(64) NOT NULL,
`perm` int(9) NOT NULL,
`uldefault` bigint(19) NOT NULL,
`rootdir` text NOT NULL,
`created` int(10) NOT NULL,
PRIMARY KEY (`id`)
) ENGINE=InnoDB DEFAULT CHARSET=latin1 ROW_FORMAT=COMPACT COMMENT=\'user groups to allow "default" settings for users\' AUTO_INCREMENT=2 ;
';
if ($new)
$str .= '
--
-- Dumping data for table `usergroups`
--
INSERT INTO `'.$_SESSION['TABLE_PREFIX'].'usergroups` (`id`, `name`, `perm`, `uldefault`, `rootdir`, `created`) VALUES
(1, \'Basic Users\', 3, -1, \''.mysql_real_escape_string($_SESSION['rootdir']).'\', '.time().');
';
$str .= '
-- --------------------------------------------------------
--
-- Table structure for table `users`
--
CREATE TABLE IF NOT EXISTS `'.$_SESSION['TABLE_PREFIX'].'users` (
`id` int(9) NOT NULL auto_increment,
`user` varchar(32) NOT NULL,
`password` varchar(40) NOT NULL,
`groupid` tinyint(2) NOT NULL,
`perm` int(9) NOT NULL,
`ullimit` bigint(19) NOT NULL,
`rootdir` text NOT NULL,
`created` int(10) NOT NULL,
`ip` varchar(15) default NULL,
`sessname` varchar(32) default NULL,
`bypassusers` text,
`bypasswords` text,
`lastlogin` int(10) NOT NULL default \'0\',
`lastvisit` int(10) NOT NULL default \'0\',
`totlogins` int(9) NOT NULL default \'0\',
`totvisits` int(9) NOT NULL default \'0\',
`deleted` tinyint(1) NOT NULL default \'0\',
PRIMARY KEY (`id`),
UNIQUE KEY `user` (`user`)
) ENGINE=InnoDB DEFAULT CHARSET=latin1 ROW_FORMAT=COMPACT COMMENT=\'users table\' AUTO_INCREMENT=2 ;
';
if ($new)
$str .= '
--
-- Dumping data for table `users`
--
INSERT INTO `'.$_SESSION['TABLE_PREFIX'].'users` (`id`, `user`, `password`, `groupid`, `perm`, `ullimit`, `rootdir`, `created`, `ip`, `sessname`, `lastlogin`, `lastvisit`, `totlogins`, `totvisits`, `deleted`) VALUES
(1, \''.mysql_real_escape_string($_SESSION['username']).'\', \''.mysql_real_escape_string(sha1($_SESSION['sha1_1']hide@address.com($_SESSION['pw'], 0, 128).$_SESSION['sha1_2'])).'\', 0, 255, -1, \''.mysql_real_escape_string($_SESSION['rootdir']).'\', '.time().', \''.mysql_real_escape_string($_SERVER['REMOTE_ADDR']).'\', \''.mysql_real_escape_string($_COOKIE[session_name()]).'\', 0, 0, 1, 0, 0);
';
$str .= '
-- --------------------------------------------------------
--
-- Table structure for table `visits`
--
CREATE TABLE IF NOT EXISTS `'.$_SESSION['TABLE_PREFIX'].'visits` (
`id` int(9) NOT NULL auto_increment,
`ip` varchar(15) NOT NULL,
`visits` int(9) NOT NULL,
`firstvisit` int(10) NOT NULL,
`lastvisit` int(10) NOT NULL,
PRIMARY KEY (`id`)
) ENGINE=InnoDB DEFAULT CHARSET=latin1 COMMENT=\'log visits from users who aren\'\'t logged in\';
ALTER TABLE `'.$_SESSION['TABLE_PREFIX'].'ipblock` ADD `denyallow` TINYINT( 1 ) NOT NULL DEFAULT \'0\' AFTER `blockby`;
ALTER TABLE `'.$_SESSION['TABLE_PREFIX'].'users` CHANGE `deleted` `deleted` INT( 10 ) NOT NULL DEFAULT \'0\';
ALTER TABLE `'.$_SESSION['TABLE_PREFIX'].'settings` CHANGE `value` `value` TEXT CHARACTER SET latin1 COLLATE latin1_swedish_ci NOT NULL;
INSERT INTO `'.$_SESSION['TABLE_PREFIX'].'settings` (`setting`, `value`, `comment`, `user`, `edited`) VALUES
(\'version\', \''.SUVERSION.'\', \'Current File Manage Version. This will be used in the future when doing updates.\', \'0\', \'0\'),
(\'getid3\', \'1\', \'GetID3 is a PHP class that can access information about media files such as MP3, WMA, MPEG, and many other files. Setting this value to 0 disables the use of GetID3, 1 enables GetID3 in the properties window, and 2 will also display some media information in the directory listings.\', \'0\', \'0\'),
(\'getid3_cache\', \'1\', \'Enabling caching of GetID3 will greatly decrease the load time of GetID3 information (after the file has been accessed once). But it will create a new table in the database with that information, which means increased memory usage.\', \'0\', \'0\'),
(\'input_date_format\', \'MDY\', \'When entering a date, this is the order used. Common North American format is MDY. The international format is DMY.\', \'0\', \'0\'),
(\'date_format\', \'%B %e, %Y\', \'This format is used most commonly. Use the Smarty Templating (smarty.net) format to alter this value.\', \'0\', \'0\'),
(\'long_date_format\', \'%A, %B %e, %Y\', \'This format is used where more space for the date is available. Use the Smarty Templating (smarty.net) format to alter this value.\', \'0\', \'0\'),
(\'date_time_format\', \'%a %b %e, %Y %H:%M:%S\', \'Date format including date and time. Use the Smarty Templating (smarty.net) format to alter this value.\', \'0\', \'0\');
--
-- Table structure for table `announcement`
--
CREATE TABLE IF NOT EXISTS `'.$_SESSION['TABLE_PREFIX'].'announcement` (
`id` int(9) NOT NULL auto_increment,
`announcement` text NOT NULL,
`user` int(9) NOT NULL,
`start` int(10) NOT NULL,
`expire` int(10) NOT NULL,
`date` int(11) NOT NULL,
`deleted` int(10) NOT NULL default \'0\',
PRIMARY KEY (`id`)
) ENGINE=InnoDB DEFAULT CHARSET=latin1 ROW_FORMAT=COMPACT COMMENT=\'Announcements for users\';
-- --------------------------------------------------------
--
-- Table structure for table `announce_track`
--
CREATE TABLE IF NOT EXISTS `'.$_SESSION['TABLE_PREFIX'].'announce_track` (
`id` int(9) NOT NULL auto_increment,
`user` int(9) NOT NULL,
`viewed` int(10) NOT NULL default \'0\',
`hide` int(10) NOT NULL default \'0\',
`announceid` int(9) NOT NULL,
PRIMARY KEY (`id`)
) ENGINE=InnoDB DEFAULT CHARSET=latin1 COMMENT=\'Track of user-viewed announcements\';
INSERT INTO `'.$_SESSION['TABLE_PREFIX'].'announcement` (`id`, `announcement`, `user`, `start`, `expire`, `date`, `deleted`) VALUES (1, \'Welcome to PHP Remote File Manage 2.1.0. Please report any bugs you find to http://sourceforge.net/projects/filemanage/.\', \'1\', \'0\', \'0\', \''.time().'\', \'0\');
INSERT INTO `'.$_SESSION['TABLE_PREFIX'].'announce_track` (`user`, `viewed`, `hide`, `announceid`) VALUES (\'1\', \'0\', \'0\', \'1\');
';
return $str;
} // end of create tables
html_end();
/*****[ FUNCTIONS ]************************************************************/
// top of html page
function html_start ($title = NULL) {
echo '<html>';
echo '<head>';
echo '<title>'.$title.'</title>';
echo '<STYLE type=text/css><!--';
echo 'A:link{color:#FFFFFF}';
echo 'A:visited{color:#FFFFFF}';
echo 'A:active{color:#F0F0F0}';
echo 'A:hover{color:#E0E0E0;text-decoration:none}';
echo '--></STYLE>';
echo '</head>';
echo '<body bgcolor="#010101" text="#F0F0F0" link="#FFFFFF" vlink="#C0C0C0" alink="#A0A0A0">';
//echo '<div align="center">';
} // end of html_start
// bottom of html page
function html_end () {
//echo '</div>';
// always display this info for obvious legal reasons
echo '<br /><br /><font size="-1"><a target="_blank" href="http://www.sourceforge.net/projects/filemanage/">PHP Remote File Management System</a> version '.SUVERSION.'.<br />';
echo '© 2004-2008 PHP Remote File Management System Development Team and licensed under the terms of the <a href="http://www.opensource.org/licenses/gpl-license.php" target="_blank">GNU General Public License</a>.<br />';
echo 'These pages and the software that generates them are NOT covered by any kind of warranty, either expressed or implied.</font>';
echo '</body>';
echo '</html>';
} // end of html_end
?>