Location: PHPKode > projects > PHP Remote File Management System > fm_setup.php
<?PHP

/*******************************************************************************
 * PHP Remote File Management System Setup Script :: version 2.1               *
 *******************************************************************************
 * Created by Brandon Nimon                                                    *
 * Version 2 started 28/10/2008                                                *
 ******************************************************************************/

/*
 * Read the README file. It is a must read for all admins and programmers that
 * use or intend to edit this program. If you read nothing else in that file,
 * read "Notes about security" near the bottom.
 *
 * PHP Remote File Management System is the legal property of its developers
 * whose names are listed in the COPYRIGHT file.
 *
 * This program is free software; you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
 * the Free Software Foundation; either version 2 of the License, or
 * (at your option) any later version.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License
 * along with this program; if not, write to the Free Software
 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
 * or visit http://www.opensource.org/licenses/gpl-license.php
 */

define ('SUVERSION', '2.1.0');
session_start();

html_start('Setup Script');

echo '<div align="center">';

if (isset($_POST['page']) && $_POST['page'] == 0) {
  if (isset($_POST['newupgrade'])) {
    $_SESSION['newupgrade'] = $_POST['newupgrade'];

    if ($_SESSION['newupgrade'] == 'upgrade' && is_file('filemanage/mysql_info.php')) {
      @include('filemanage/mysql_info.php');
      $_SESSION['HOST'] = $db['HOST'];
      $_SESSION['USER'] = $db['USER'];
      $_SESSION['PASSWORD'] = $db['PASSWORD'];
      $_SESSION['DB'] = $db['DB'];
      $_SESSION['TABLE_PREFIX'] = $db['TABLE_PREFIX'];
    } else
      $_SESSION['newupgrade'] = 'new';
  } else
    unset($_POST['submit']);
}
if (isset($_POST['page']) && $_POST['page'] == 1) {
  $_SESSION['HOST'] = $_POST['HOST'];
  $_SESSION['USER'] = $_POST['USER'];
  $_SESSION['PASSWORD'] = $_POST['PASSWORD'];
  $_SESSION['DB'] = $_POST['DB'];
  $_SESSION['TABLE_PREFIX'] = $_POST['TABLE_PREFIX'];

  if ($_SESSION['HOST'] == '' || $_SESSION['USER'] == '' || $_SESSION['DB'] == '') {
    echo '<font color="red">Some mySQL database information is blank.</font>';
    $_POST['submit'] = 'Page 1';
  } else {
    $conn = mysql_connect($_SESSION['HOST'], $_SESSION['USER'], $_SESSION['PASSWORD']) or $_POST['submit'] = 'Page 1';
    mysql_select_db($_SESSION['DB']) or $_POST['submit'] = 'Page 1';
    if ($_POST['submit'] == 'Page 1')
      echo '<font color="red">Could not connect to mySQL. '.mysql_error().'</font>';
  }
}
if (isset($_POST['page']) && $_POST['page'] == 2) {
  if ($_SESSION['newupgrade'] == 'new') {
    $_SESSION['username'] = preg_replace('/[^a-zA-Z0-9s]/', '', $_POST['username']);
    $_SESSION['pw'] = $_POST['pw'];
    $_SESSION['cpw'] = $_POST['cpw'];
    $_SESSION['rootdir'] = $_POST['rootdir'];
    if (substr($_SESSION['rootdir'], -1) == '/' || substr($_SESSION['rootdir'], -1) == '\\')
      $_SESSION['rootdir'] = substr($_SESSION['rootdir'], 0, -1);
  }
  $_SESSION['smartydir'] = $_POST['smartydir'];


  if ($_SESSION['newupgrade'] == 'new' && ($_SESSION['username'] == '' || $_SESSION['pw'] == '')) {
    echo '<font color="red">Invalid username or password.</font>';
    $_POST['submit'] = 'Page 2';
  } elseif ($_SESSION['newupgrade'] == 'new' && $_SESSION['pw'] != $_SESSION['cpw']) {
    echo '<font color="red">Confirmation password and password do not match.</font>';
    $_POST['submit'] = 'Page 2';
  } elseif ($_SESSION['newupgrade'] == 'new' && false !== strpos('..', $_SESSION['rootdir'])) {
    echo '<font color="red">ROOT directory must be an absolute path, it cannot contain ".."</font>';
    $_POST['submit'] = 'Page 2';
  } elseif ($_SESSION['newupgrade'] == 'new' && !is_dir($_SESSION['rootdir'])) {
    echo '<font color="red">ROOT directory does not exists.</font>';
    $_POST['submit'] = 'Page 2';
  } elseif (!is_file($_SESSION['smartydir'].'libs/Smarty.class.php')) {
    echo '<font color="red">Smarty directory is incorrect, cannot find Smarty.class.php.</font>';
    $_POST['submit'] = 'Page 2';
  } else {
    $conn = mysql_connect($_SESSION['HOST'], $_SESSION['USER'], $_SESSION['PASSWORD']) or $_POST['submit'] = 'Page 1';
    mysql_select_db($_SESSION['DB']) or $_POST['submit'] = 'Page 1';
  }
}
if (isset($_POST['page']) && $_POST['page'] == 3) {
  if ($_SESSION['newupgrade'] == 'new') {
    $_SESSION['title'] = $_POST['title'];
    $_SESSION['sha1_1'] = str_replace(';', chr(mt_rand(60, 126)), $_POST['sha1_1']);
    $_SESSION['sha1_2'] = str_replace(';', chr(mt_rand(60, 126)), $_POST['sha1_2']);
  }
  $_SESSION['no_write'] = (isset($_POST['no_write']) ? true : false);
  $_SESSION['no_mysql'] = (isset($_POST['no_mysql']) ? true : false);

  $conn = mysql_connect($_SESSION['HOST'], $_SESSION['USER'], $_SESSION['PASSWORD']) or $_POST['submit'] = 'Page 1';
  mysql_select_db($_SESSION['DB']) or $_POST['submit'] = 'Page 1';
}

if (!isset($_POST['submit'])) {
  echo '<form name="db_setup" method="post" action="fm_setup.php">';
  echo '<font size="+2"><u>Upgrade/Fresh Install</u></font><br />';
  echo '<table cellpadding="2" cellspacing="0" border="0">';
  echo '<tr><td>';
  echo '<table cellpadding="2" cellspacing="0" border="1">';
  echo '<tr><td align="center">New Install</td>';
  echo '<td align="center">Upgrade from 2.0.X</td></tr>';
  echo '<tr><td align="center"><input type="radio" name="newupgrade" value="new"></td>';
  echo '<td align="center"><input type="radio" name="newupgrade" value="upgrade"'.(is_file('filemanage/mysql_info.php') ? ' checked' : '').'></td></tr>';
  echo '</table>';
  echo '<input type="hidden" name="page" value="0">';
  echo '<tr><td colspan="2" align="right" width="100%"><input type="submit" name="submit" value="Page 1"></td></tr>';
  echo '</table>';
  echo '</form>';
} elseif ($_POST['submit'] == 'Page 1') {
  echo '<form name="db_setup" method="post" action="fm_setup.php">';
  echo '<font size="+2"><u>mySQL Setup</u></font><br />';
  echo '<table cellpadding="2" cellspacing="0" border="0">';
  echo '<tr><td align="right">Host address:</td><td><input type="text" name="HOST" value="'.htmlspecialchars(isset($_SESSION['HOST']) ? $_SESSION['HOST'] : 'localhost:3306').'"></td></tr>';
  echo '<tr><td align="right">User:</td><td><input type="text" name="USER" value="'.htmlspecialchars(isset($_SESSION['USER']) ? $_SESSION['USER'] : 'root').'"></td></tr>';
  echo '<tr><td align="right">Password:</td><td><input type="password" name="PASSWORD" value="'.htmlspecialchars(isset($_SESSION['PASSWORD']) ? $_SESSION['PASSWORD'] : '').'"></td></tr>';
  echo '<tr><td align="right">Database:</td><td><input type="text" name="DB" value="'.htmlspecialchars(isset($_SESSION['DB']) ? $_SESSION['DB'] : 'filemanage').'"></td></tr>';
  echo '<tr><td align="right">Prefix:</td><td><input type="text" name="TABLE_PREFIX" maxlength="8" value="'.htmlspecialchars(isset($_SESSION['TABLE_PREFIX']) ? $_SESSION['TABLE_PREFIX'] : 'fm_').'">';
  echo '<acronym title="This allows multiple instances of this application in the same database. It can be left blank."><u>(?)</u></acronym></td></tr>';
  echo '<input type="hidden" name="page" value="1">';
  echo '<tr><td colspan="2" align="right" width="100%"><input type="submit" name="submit" value="Page 2"></td></tr>';
  echo '</table>';
  echo '</form>';
} elseif ($_POST['submit'] == 'Page 2') {
  echo '<form name="admin_setup" method="post" action="fm_setup.php">';
  echo '<font size="+2"><u>File Manage Admin Setup</u></font><br />';
  echo '<table cellpadding="2" cellspacing="0" border="0">';
  if ($_SESSION['newupgrade'] == 'new') {
    echo '<tr><td align="right">Username:</td><td><input type="text" name="username" maxlength="32" value="'.htmlspecialchars(isset($_SESSION['username']) ? $_SESSION['username'] : '').'">';
    echo '<acronym title="Username of the superuser."><u>(?)</u></acronym></td></tr>';
    echo '<tr><td align="right">Password:</td><td><input type="password" name="pw" maxlength="128" value="'.htmlspecialchars(isset($_SESSION['pw']) ? $_SESSION['pw'] : '').'"></td></tr>';
    echo '<tr><td align="right">Confirm Password:</td><td><input type="password" name="cpw" maxlength="128" value="'.htmlspecialchars(isset($_SESSION['cpw']) ? $_SESSION['cpw'] : '').'"></td></tr>';
    echo '<tr><td align="right">Root Directory:</td><td><input type="text" name="rootdir" value="'.htmlspecialchars(isset($_SESSION['rootdir']) ? $_SESSION['rootdir'] : str_replace('\\', '/', dirname(__FILE__))).'">';
    echo '<acronym title="Once you log in, this is the base directory you can explore."><u>(?)</u></acronym></td></tr>';
  }
  echo '<tr><td align="right">Path to Smarty Directory:</td><td><input type="text" name="smartydir" value="'.htmlspecialchars(isset($_SESSION['smartydir']) ? $_SESSION['smartydir'] : str_replace('\\', '/', dirname(__FILE__).'/filemanage/smarty/')).'"></td></tr>';
  echo '<input type="hidden" name="page" value="2">';
  echo '<tr width="100%"><td align="left"><input type="submit" name="submit" value="Page 1"></td><td align="right"><input type="submit" name="submit" value="Page 3"></td></tr>';
  echo '</table>';
  echo '</form>';
} elseif ($_POST['submit'] == 'Page 3') {
  echo '<form name="settings_setup" method="post" action="fm_setup.php">';
  echo '<font size="+2"><u>Settings</u></font><br />';
  echo '<table cellpadding="2" cellspacing="0" border="0">';
  if ($_SESSION['newupgrade'] == 'new') {
    echo '<tr><td align="right">Site Title:</td><td><input type="text" name="title" maxlength="32" value="'.htmlspecialchars(isset($_SESSION['title']) ? $_SESSION['title'] : '').'">';
    echo '<acronym title="This will be displayed in the title bar. It can be left blank."><u>(?)</u></acronym></td></tr>';
    echo '<tr><td align="right">SHA1 Salt 1:</td><td><input type="text" name="sha1_1" maxlength="32" value="'.htmlspecialchars(isset($_SESSION['sha1_1']) ? $_SESSION['sha1_1'] : rand_salt()).'">';
    echo '<acronym title="Salt adds a level of security to stored passwords. Generally the default values do not need to be changed."><u>(?)</u></acronym></td></tr>';
    echo '<tr><td align="right">SHA1 Salt 2:</td><td><input type="text" name="sha1_2" maxlength="32" value="'.htmlspecialchars(isset($_SESSION['sha1_2']) ? $_SESSION['sha1_2'] : rand_salt()).'"></td></tr>';
  }
  echo '<tr><td align="right">Do not write to file:</td><td><input type="checkbox" name="no_write"'.(isset($_SESSION['no_write']) && $_SESSION['no_write'] ? ' checked' : '').'>';
  echo '<acronym title="If checked, you will have to create a file manually within the filemanage directory."><u>(?)</u></acronym></td></tr>';
  echo '<tr><td align="right">Do not create mySQL tables:</td><td><input type="checkbox" name="no_mysql"'.(isset($_SESSION['no_mysql']) && $_SESSION['no_mysql'] ? ' checked' : '').'>';
  echo '<acronym title="If checked, you will have to create the mySQL tables manually."><u>(?)</u></acronym></td></tr>';
  echo '<input type="hidden" name="page" value="3">';
  echo '<tr width="100%"><td align="left"><input type="submit" name="submit" value="Page 2"></td><td align="right"><input type="submit" name="submit" value="Create Tables and File"></td></tr>';
  echo '</table>';
  echo '</form>';
} elseif ($_POST['submit'] == 'Create Tables and File') {
  echo '</div>';
  echo '<div align="left">';

  if (false == $_SESSION['no_mysql']) {
    $query_ar = explode(';', create_tables(($_SESSION['newupgrade'] == 'new' ? true : false)));
    foreach ($query_ar as $query)
      if (trim($query) != NULL)
        mysql_query($query) or die('<font color="red">Tables were not created. Please diagnose problem: '.mysql_error().'</font><br />');//<br />'.nl2br($query));
    echo 'Please delete this setup script file ('.__FILE__.') when you are done with the below step(s).<br /><br />';
    echo 'mySQL tables were created.<br />';
  } else {
    echo '<table cellpadding="4" cellspacing="0" border="1" bgcolor="#404040"><tr><td>';
    echo '<pre>';
    echo htmlspecialchars(create_tables(($_SESSION['newupgrade'] == 'new' ? true : false)));
    echo '</pre>';
    echo '</td></tr></table><br /><br />';
  }


  $filename = 'filemanage/mysql_info.php';
  $file_content = '<'.'?PHP
/*
 * Read the README file. It is a must read for all programmers that intend to
 * edit this program.
 *
 * PHP Remote File Management System is the legal property of its developers
 * whose names are listed in the COPYRIGHT file.
 *
 * This program is free software; you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
 * the Free Software Foundation; either version 2 of the License, or
 * (at your option) any later version.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License
 * along with this program; if not, write to the Free Software
 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
 * or visit http://www.opensource.org/licenses/gpl-license.php
 */
 
define (\'SUVERSION\', \''.SUVERSION.'\');
define (\'SMARTY_PATH\', \''.$_SESSION['smartydir'].'\');

/*****[ mySQL SETTINGS ]*******************************************************/
$db[\'HOST\'] = \''.$_SESSION['HOST'].'\';
$db[\'USER\'] = \''.$_SESSION['USER'].'\';
$db[\'PASSWORD\'] = \''.$_SESSION['PASSWORD'].'\';
$db[\'DB\'] = \''.$_SESSION['DB'].'\';
$db[\'TABLE_PREFIX\'] = \''.$_SESSION['TABLE_PREFIX'].'\';

?'.'>
';

  if (false == $_SESSION['no_write'] && (!is_file($filename) || is_writable($filename)) && write_file($filename, $file_content)) {
    echo 'The file ('.realpath($filename).') was created with the necessary information.<br />';
    echo 'Complete.<br />';
    if (is_file('filemanage2.php') && $_SESSION['newupgrade'] == 'new') {
      $_SESSION['user'] = $_SESSION['username'];
      $_SESSION['pw'] = sha1($_SESSION['sha1_1']hide@address.com($_SESSION['pw'], 0, 128).$_SESSION['sha1_2']);
      echo '<a href="filemanage2.php?loc='.substr(str_replace('\\', '/', dirname(__FILE__)), strlen($_SESSION['rootdir'])).'/&del=fm_setup.php">Delete this file.</a>';
    }
  } else {
    echo 'The file '.realpath($filename).' is not writable.<br />';

    echo '<font color="red">Create a file named "mysql_info.php" inside the "filemanage" directory with the following content:</font><br />';
    echo '<table cellpadding="4" cellspacing="0" border="1" bgcolor="#404040"><tr><td>';
    echo '<pre>';
    echo htmlspecialchars($file_content);
    echo '</pre>';
    echo '</td></tr></table>';
  }
}

echo '</div>';


// generate a random salt value
function rand_salt () {
  $str = NULL;
  for ($i = 0; $i < 5; $i++)
    $str .= chr(mt_rand(32, 126));
  return str_replace(';', chr(mt_rand(60, 126)), $str);
} // end of rand_salt


// attempt to write to a file, return true on success
function write_file ($filename, $file_content) {
  if (!$handle = fopen($filename, 'w')) {
    fclose($handle);
    return false;
  }

  if (false === fwrite($handle, $file_content)) {
    fclose($handle);
    return false;
  }

  fclose($handle);
  return true;
} // end of write_file


// return mysql table creating string (semicolon delimiters)
function create_tables ($new) {
  $str = '
-- phpMyAdmin SQL Dump
-- version 3.0.0
-- http://www.phpmyadmin.net
--
-- Host: localhost:3306
-- Generation Time: Jan 12, 2009 at 12:00 PM
-- Server version: 5.0.67
-- PHP Version: 5.2.6

SET SQL_MODE="NO_AUTO_VALUE_ON_ZERO";

--
-- Database: `filemanage`
--

-- --------------------------------------------------------

--
-- Table structure for table `badlogins`
--

CREATE TABLE IF NOT EXISTS `'.$_SESSION['TABLE_PREFIX'].'badlogins` (
  `id` int(9) NOT NULL auto_increment,
  `user` varchar(32) NOT NULL,
  `ip` varchar(15) NOT NULL,
  `date` int(10) NOT NULL,
  `failtype` tinyint(1) NOT NULL,
  PRIMARY KEY  (`id`)
) ENGINE=InnoDB  DEFAULT CHARSET=latin1 COMMENT=\'Keep track of unsuccessful logins\';

-- --------------------------------------------------------

--
-- Table structure for table `errors`
--

CREATE TABLE IF NOT EXISTS `'.$_SESSION['TABLE_PREFIX'].'errors` (
  `id` int(9) NOT NULL auto_increment,
  `query` text NOT NULL,
  `time` int(10) NOT NULL,
  `page` varchar(32) NOT NULL,
  `pagepar` varchar(64) default NULL,
  `post` text NOT NULL,
  `line` int(9) NOT NULL,
  `error` text NOT NULL,
  `user` int(9) NOT NULL,
  `ip` varchar(15) NOT NULL,
  `viewed` tinyint(1) NOT NULL default \'0\',
  PRIMARY KEY  (`id`)
) ENGINE=InnoDB DEFAULT CHARSET=latin1 COMMENT=\'Keep track of errors on the site\';

-- --------------------------------------------------------

--
-- Table structure for table `fileindex`
--

CREATE TABLE IF NOT EXISTS `'.$_SESSION['TABLE_PREFIX'].'fileindex` (
  `id` int(9) NOT NULL auto_increment,
  `path` text NOT NULL,
  `owner` int(9) NOT NULL,
  `fileatrib` tinyint(2) NOT NULL,
  `password` varchar(40) default NULL,
  PRIMARY KEY  (`id`)
) ENGINE=InnoDB DEFAULT CHARSET=latin1 COMMENT=\'Contains information about files and dirs created by FM\';

-- --------------------------------------------------------

--
-- Table structure for table `hidden`
--

CREATE TABLE IF NOT EXISTS `'.$_SESSION['TABLE_PREFIX'].'hidden` (
  `id` int(9) NOT NULL auto_increment,
  `path` text NOT NULL,
  `user` int(9) NOT NULL,
  `ip` varchar(15) NOT NULL,
  `date` int(9) NOT NULL,
  PRIMARY KEY  (`id`)
) ENGINE=InnoDB  DEFAULT CHARSET=latin1 ROW_FORMAT=COMPACT COMMENT=\'List of hidden files/dirs\';

-- --------------------------------------------------------

--
-- Table structure for table `ipblock`
--

CREATE TABLE IF NOT EXISTS `'.$_SESSION['TABLE_PREFIX'].'ipblock` (
  `id` int(11) NOT NULL auto_increment,
  `ip` varchar(15) NOT NULL,
  `blockby` int(9) NOT NULL,
  `date` int(10) NOT NULL,
  PRIMARY KEY  (`id`)
) ENGINE=InnoDB DEFAULT CHARSET=latin1 ROW_FORMAT=COMPACT COMMENT=\'List of blocked IPs\';

-- --------------------------------------------------------

--
-- Table structure for table `log`
--

CREATE TABLE IF NOT EXISTS `'.$_SESSION['TABLE_PREFIX'].'log` (
  `id` int(9) NOT NULL auto_increment,
  `level` tinyint(1) NOT NULL,
  `func` varchar(32) NOT NULL,
  `line` smallint(4) NOT NULL,
  `description` varchar(255) NOT NULL,
  `user` int(9) NOT NULL,
  `ip` varchar(15) NOT NULL,
  `source` text NOT NULL,
  `dest` text NOT NULL,
  `date` int(10) NOT NULL,
  PRIMARY KEY  (`id`)
) ENGINE=InnoDB  DEFAULT CHARSET=latin1 COMMENT=\'error and file manipulation table\';

-- --------------------------------------------------------

--
-- Table structure for table `setting`
--

CREATE TABLE IF NOT EXISTS `'.$_SESSION['TABLE_PREFIX'].'settings` (
  `id` int(9) NOT NULL auto_increment,
  `setting` varchar(32) NOT NULL,
  `value` varchar(32) NOT NULL,
  `comment` text,
  `user` int(9) NOT NULL,
  `edited` int(10) NOT NULL,
  PRIMARY KEY  (`id`)
) ENGINE=InnoDB  DEFAULT CHARSET=latin1 COMMENT=\'system settings values\' AUTO_INCREMENT=14 ;
';
if ($new)
  $str .= '
--
-- Dumping data for table `settings`
--

INSERT INTO `'.$_SESSION['TABLE_PREFIX'].'settings` (`id`, `setting`, `value`, `comment`, `user`, `edited`) VALUES
(1, \'title_add\', \''.mysql_real_escape_string($_SESSION['title']).'\', \'This can be the title of the page, it will be displayed in the title bar along with "File Manage..."\', 0, 0),
(2, \'require_login\', \'1\', \'Require user to log in to view anything. Any value other than "0" will require the user to log in.\', 0, 0),
(3, \'no_login_perm\', \'3\', \'A hexadecimal representation of available permission of non-logged in users (not applicable if require_login is enabled).\', 0, 0),
(4, \'no_login_ullimit\', \'-1\', \'Limit users who are not logged in to a certain uploaded file size. Size is in bytes. 0 disables uploading files, while -1 makes the uploaded file size limited only by the server\'\'s settings.\', 0, 0),
(5, \'no_login_rootdir\', \''.mysql_real_escape_string($_SESSION['rootdir']).'\', \'Users who are not logged in can be forced to only view a certain directory. Use this the same as individual users\'\' root directory setting. Be sure not to end with a "/" and you cannot use "..".\', 0, 0),
(6, \'login_timeout\', \'86400\', \'Number of seconds before session cookie and session data are erased (thus requiring users to log in again).\', 0, 0),
(7, \'log_level\', \'5\', \'Which events should be logged. The lower the number the fewer the logs. 0 represents only fatal errors. 1 means their may have been a security problem or error. 2 is read/write errors and new users. 3 is a file/dir has been created, moved, deleted, or hidden. 4 a file/dir has been renamed or edited. 5 is a benign event.\', 0, 0),
(8, \'keep_logs\', \'5000\', \'Number of logs to keep. Every time an admin or moderator accesses the system log, the database will automatically truncate to this number of entries.\', 0, 0),
(9, \'BAD_LOGIN_COOKIE_LIMIT\', \'5\', \'Number of log in attempts with a bad username/password in cookie before lockout.\', 0, 0),
(10, \'BAD_LOGIN_LIMIT\', \'5\', \'Number of bad log in attempts from form before lockout.\', 0, 0),
(11, \'BAD_LOGIN_TIME\', \'300\', \'Number of seconds to look back for bad log in attempts, and maximum length of lockout. There can be BAD_LOGIN_LIMIT log in attempts for every BAD_LOGIN_TIME seconds.\', 0, 0),
(12, \'SHA1_SALT1\', \''.mysql_real_escape_string($_SESSION['sha1_1']).'\', \'Salt string at beginning of password to be hashed (can be longer/shorter if you need). This prevents database driven hacking attempts. Once set, these cannot be changed (as password hashes change with them).\', 0, 0),
(13, \'SHA1_SALT2\', \''.mysql_real_escape_string($_SESSION['sha1_2']).'\', \'Salt string at end of password to be hashed (can be longer/shorter if you need). This prevents database driven hacking attempts. Once set, these cannot be changed (as password hashes change with them).\', 0, 0);
';
$str .= '
-- --------------------------------------------------------

--
-- Table structure for table `usergroups`
--

CREATE TABLE IF NOT EXISTS `'.$_SESSION['TABLE_PREFIX'].'usergroups` (
  `id` int(9) NOT NULL auto_increment,
  `name` varchar(64) NOT NULL,
  `perm` int(9) NOT NULL,
  `uldefault` bigint(19) NOT NULL,
  `rootdir` text NOT NULL,
  `created` int(10) NOT NULL,
  PRIMARY KEY  (`id`)
) ENGINE=InnoDB  DEFAULT CHARSET=latin1 ROW_FORMAT=COMPACT COMMENT=\'user groups to allow "default" settings for users\' AUTO_INCREMENT=2 ;
';
if ($new)
  $str .= '
--
-- Dumping data for table `usergroups`
--

INSERT INTO `'.$_SESSION['TABLE_PREFIX'].'usergroups` (`id`, `name`, `perm`, `uldefault`, `rootdir`, `created`) VALUES
(1, \'Basic Users\', 3, -1, \''.mysql_real_escape_string($_SESSION['rootdir']).'\', '.time().');
';
$str .= '
-- --------------------------------------------------------

--
-- Table structure for table `users`
--

CREATE TABLE IF NOT EXISTS `'.$_SESSION['TABLE_PREFIX'].'users` (
  `id` int(9) NOT NULL auto_increment,
  `user` varchar(32) NOT NULL,
  `password` varchar(40) NOT NULL,
  `groupid` tinyint(2) NOT NULL,
  `perm` int(9) NOT NULL,
  `ullimit` bigint(19) NOT NULL,
  `rootdir` text NOT NULL,
  `created` int(10) NOT NULL,
  `ip` varchar(15) default NULL,
  `sessname` varchar(32) default NULL,
  `bypassusers` text,
  `bypasswords` text,
  `lastlogin` int(10) NOT NULL default \'0\',
  `lastvisit` int(10) NOT NULL default \'0\',
  `totlogins` int(9) NOT NULL default \'0\',
  `totvisits` int(9) NOT NULL default \'0\',
  `deleted` tinyint(1) NOT NULL default \'0\',
  PRIMARY KEY  (`id`),
  UNIQUE KEY `user` (`user`)
) ENGINE=InnoDB  DEFAULT CHARSET=latin1 ROW_FORMAT=COMPACT COMMENT=\'users table\' AUTO_INCREMENT=2 ;
';
if ($new)
  $str .= '
--
-- Dumping data for table `users`
--

INSERT INTO `'.$_SESSION['TABLE_PREFIX'].'users` (`id`, `user`, `password`, `groupid`, `perm`, `ullimit`, `rootdir`, `created`, `ip`, `sessname`, `lastlogin`, `lastvisit`, `totlogins`, `totvisits`, `deleted`) VALUES
(1, \''.mysql_real_escape_string($_SESSION['username']).'\', \''.mysql_real_escape_string(sha1($_SESSION['sha1_1']hide@address.com($_SESSION['pw'], 0, 128).$_SESSION['sha1_2'])).'\', 0, 255, -1, \''.mysql_real_escape_string($_SESSION['rootdir']).'\', '.time().', \''.mysql_real_escape_string($_SERVER['REMOTE_ADDR']).'\', \''.mysql_real_escape_string($_COOKIE[session_name()]).'\', 0, 0, 1, 0, 0);
';
$str .= '
-- --------------------------------------------------------

--
-- Table structure for table `visits`
--

CREATE TABLE IF NOT EXISTS `'.$_SESSION['TABLE_PREFIX'].'visits` (
  `id` int(9) NOT NULL auto_increment,
  `ip` varchar(15) NOT NULL,
  `visits` int(9) NOT NULL,
  `firstvisit` int(10) NOT NULL,
  `lastvisit` int(10) NOT NULL,
  PRIMARY KEY  (`id`)
) ENGINE=InnoDB  DEFAULT CHARSET=latin1 COMMENT=\'log visits from users who aren\'\'t logged in\';

ALTER TABLE `'.$_SESSION['TABLE_PREFIX'].'ipblock` ADD `denyallow` TINYINT( 1 ) NOT NULL DEFAULT \'0\' AFTER `blockby`;
ALTER TABLE `'.$_SESSION['TABLE_PREFIX'].'users` CHANGE `deleted` `deleted` INT( 10 ) NOT NULL DEFAULT \'0\';
ALTER TABLE `'.$_SESSION['TABLE_PREFIX'].'settings` CHANGE `value` `value` TEXT CHARACTER SET latin1 COLLATE latin1_swedish_ci NOT NULL;

INSERT INTO `'.$_SESSION['TABLE_PREFIX'].'settings` (`setting`, `value`, `comment`, `user`, `edited`) VALUES
(\'version\', \''.SUVERSION.'\', \'Current File Manage Version. This will be used in the future when doing updates.\', \'0\', \'0\'),
(\'getid3\', \'1\', \'GetID3 is a PHP class that can access information about media files such as MP3, WMA, MPEG, and many other files. Setting this value to 0 disables the use of GetID3, 1 enables GetID3 in the properties window, and 2 will also display some media information in the directory listings.\', \'0\', \'0\'),
(\'getid3_cache\', \'1\', \'Enabling caching of GetID3 will greatly decrease the load time of GetID3 information (after the file has been accessed once). But it will create a new table in the database with that information, which means increased memory usage.\', \'0\', \'0\'),
(\'input_date_format\', \'MDY\', \'When entering a date, this is the order used. Common North American format is MDY. The international format is DMY.\', \'0\', \'0\'),
(\'date_format\', \'%B %e, %Y\', \'This format is used most commonly. Use the Smarty Templating (smarty.net) format to alter this value.\', \'0\', \'0\'),
(\'long_date_format\', \'%A, %B %e, %Y\', \'This format is used where more space for the date is available. Use the Smarty Templating (smarty.net) format to alter this value.\', \'0\', \'0\'),
(\'date_time_format\', \'%a %b %e, %Y %H:%M:%S\', \'Date format including date and time. Use the Smarty Templating (smarty.net) format to alter this value.\', \'0\', \'0\');

--
-- Table structure for table `announcement`
--

CREATE TABLE IF NOT EXISTS `'.$_SESSION['TABLE_PREFIX'].'announcement` (
  `id` int(9) NOT NULL auto_increment,
  `announcement` text NOT NULL,
  `user` int(9) NOT NULL,
  `start` int(10) NOT NULL,
  `expire` int(10) NOT NULL,
  `date` int(11) NOT NULL,
  `deleted` int(10) NOT NULL default \'0\',
  PRIMARY KEY  (`id`)
) ENGINE=InnoDB  DEFAULT CHARSET=latin1 ROW_FORMAT=COMPACT COMMENT=\'Announcements for users\';

-- --------------------------------------------------------

--
-- Table structure for table `announce_track`
--

CREATE TABLE IF NOT EXISTS `'.$_SESSION['TABLE_PREFIX'].'announce_track` (
  `id` int(9) NOT NULL auto_increment,
  `user` int(9) NOT NULL,
  `viewed` int(10) NOT NULL default \'0\',
  `hide` int(10) NOT NULL default \'0\',
  `announceid` int(9) NOT NULL,
  PRIMARY KEY  (`id`)
) ENGINE=InnoDB  DEFAULT CHARSET=latin1 COMMENT=\'Track of user-viewed announcements\';

INSERT INTO `'.$_SESSION['TABLE_PREFIX'].'announcement` (`id`, `announcement`, `user`, `start`, `expire`, `date`, `deleted`) VALUES (1, \'Welcome to PHP Remote File Manage 2.1.0. Please report any bugs you find to http://sourceforge.net/projects/filemanage/.\', \'1\', \'0\', \'0\', \''.time().'\', \'0\');
INSERT INTO `'.$_SESSION['TABLE_PREFIX'].'announce_track` (`user`, `viewed`, `hide`, `announceid`) VALUES (\'1\', \'0\', \'0\', \'1\');
';
  return $str;
} // end of create tables

html_end();


/*****[ FUNCTIONS ]************************************************************/
// top of html page
function html_start ($title = NULL) {
  echo '<html>';
  echo '<head>';
  echo '<title>'.$title.'</title>';
  echo '<STYLE type=text/css><!--';
  echo 'A:link{color:#FFFFFF}';
  echo 'A:visited{color:#FFFFFF}';
  echo 'A:active{color:#F0F0F0}';
  echo 'A:hover{color:#E0E0E0;text-decoration:none}';
  echo '--></STYLE>';
  echo '</head>';
  echo '<body bgcolor="#010101" text="#F0F0F0" link="#FFFFFF" vlink="#C0C0C0" alink="#A0A0A0">';
  //echo '<div align="center">';
} // end of html_start


// bottom of html page
function html_end () {
  //echo '</div>';
  // always display this info for obvious legal reasons
  echo '<br /><br /><font size="-1"><a target="_blank" href="http://www.sourceforge.net/projects/filemanage/">PHP Remote File Management System</a> version '.SUVERSION.'.<br />';
  echo '&copy; 2004-2008 PHP Remote File Management System Development Team and licensed under the terms of the <a href="http://www.opensource.org/licenses/gpl-license.php" target="_blank">GNU General Public License</a>.<br />';
  echo 'These pages and the software that generates them are NOT covered by any kind of warranty, either expressed or implied.</font>';
  echo '</body>';
  echo '</html>';
} // end of html_end

?>
Return current item: PHP Remote File Management System