Location: PHPKode > projects > Phpwebfiles > main.php
<br />
<?php
/*

    Author: Attila Agas <hide@address.com>
    Copyright (C) 2007

    This program is free software; you can redistribute it and/or modify
    it under the terms of the GNU General Public License version 2,
    as published by the Free Software Foundation.

    This program is distributed in the hope that it will be useful,
    but WITHOUT ANY WARRANTY; without even the implied warranty of
    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
    GNU General Public License for more details.

    You should have received a copy of the GNU General Public License
    along with this program; if not, write to the Free Software
    Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
*/


	do_not_hack_please(); //not to be called alone



if ($logged_in==true)
{
/*
***********************************************

	upload

***********************************************
*/
	if (($action=="upload") && $succ && (($dirflags & 1)!=0))
	{
		$file=$_FILES['file1']['tmp_name'];
		$dst=$_FILES['file1']['name'];
		$size=intval($_FILES['file1']['size']);
		if (($dirflags & 32)!=0)
		{
			$ext=strtolower(array_pop(explode('.',$dst)));
			if (($ext=='php') || ($ext=='php3') || ($ext=='php4')) $dst.='.txt';
		}
		if (($dirflags & 64)!=0)
		{
			$ext=strtolower(array_pop(explode('.',$dst)));
			if (($ext=='htm') || ($ext=='html') || ($ext=='xhtml')) $dst.='.txt';
		}
		$i=1;
		$dst_=$dst;
		while(file_exists($wd.$dst_))
		{
			$dst_="$i_".$dst;
			$i++;
		}
		$dst=$dst_;
		$quotas=get_effective_quota($wd,true);
		$quotaerr=false;
		foreach($quotas AS $key => $val)
		{
			$dirsize=getsize($key);
			if ($val!=0)
				if (($dirsize+$size)/1048576>$val) $quotaerr=true;
		}
		if (!$quotaerr) 
		{
		    $error=move_uploaded_file($file,$wd.$dst);
		}
		if (!$error || $quotaerr)
		{
			if ($quotaerr)
			{
				print $design->error($stringtable['quotaerror']).'<br />';
			}
			else
			{
				print $design->error($stringtable['uploaderror']).'<br />';
			}
		}
		else
		{
			unset($files);
			readmydirs();
		}
	}
/*
******************************************

	"are your sure?" delete form

******************************************
*/
	else if ($action=="del")
	{
		$question='<h1>'.$stringtable['delquestion'].'<br />('.$param['file'].')</h1>';
		$yes=array('action' => 'del2',
			   'file' => $param['file']);
		print $design->question($question,$yes).'<br />';
	}
/*
**************************************

	delete

**************************************
*/
	else if ($action=="del2")
	{
		if ($succ && (($dirflags & 2)!=0))
		{
			myquery("LOCK TABLES dirs WRITE, dirs2 WRITE");
			$file=$param['file'];
			if (strpos($file,'..')===false)
			{
				mydelete($wd.$file);
			}
			myquery("UNLOCK TABLES");
			unset($files);
			readmydirs();
		}
	}
/*
*************************************

	rename form

*************************************
*/
	else if ($action=="ren")
	{
		if ($succ && (($dirflags & 8)!=0))
		{
			print ren().'<br />';
		}
	}
/*
***************************************

	rename

***************************************
*/
	else if ($action=="ren2")
	{
		if ($succ && (($dirflags & 8)!=0))
		{
			$file=$param['file'];
			$newname=$param['newname'];
			if (($dirflags & 32)!=0)
			{
				$ext=strtolower(array_pop(explode('.',$newname)));
				if (($ext=='php') || ($ext=='php3') || ($ext=='php4')) $newname.='.txt';
			}
			if (($dirflags & 64)!=0)
			{
				$ext=strtolower(array_pop(explode('.',$newname)));
				if (($ext=='htm') || ($ext=='html') || ($ext=='xhtml')) $newname.='.txt';
			}
			$ok=true;
			if (strpos($file,'..')!==false) $ok=false;
			if (strpos($file,'/')!==false) $ok=false;
			if (!file_exists($wd.$file)) $ok=false;
			if (strpos($newname,'..')!==false) $ok=false;
			if (strpos($newname,'/')!==false) $ok=false;
			if ($ok)
			{
				if (is_file($wd.$file))
				{
					if (file_exists($wd.$newname) && ($param['ok']!=='ok'))
					{
						$question='<h1>'.$stringtable['renquestion'].'<br />('.$newname.')</h1>';
						$yes=array('action' => 'ren2',
							   'ok' => 'ok',
							   'file' => $file,
							   'newname' => $newname);
						print $design->question($question,$yes).'<br />';
					}elseif (!rename($wd.$file,$wd.$newname))
					{
						print $design->error('<h1>'.$stringtable['renamerr'].'</h1>').'<br />';
					}
					else
					{
						unset($files);
						readmydirs();
					}
				}
				else if (is_dir($wd.$file))
				{
					if (!file_exists($wd.$newname))
					{
						// We may need to rename directories in dirs table too. 
						$path=dirform($wd.$file);
						myquery("LOCK TABLE dirs2 WRITE");
						$result=myquery("SELECT id,path FROM dirs2 WHERE LOCATE(BINARY '$path',path)=1");
						$num=mysql_num_rows($result);
						$i=0;
						while($i<$num)
						{
							$row=mysql_fetch_object($result);
							$ldirid[$i]=$row->id;
							$lpath[$i]=$row->path; // forexample/mydir/bla/
							$lpath[$i]=substr($lpath[$i],strlen($path));
							// bla/
							$lpath[$i]=$wd.$newname.'/'.$lpath[$i];
							// forexample/newdir/bla/  (I hope)
							$i++;
						}
						if (rename($wd.$file,$wd.$newname))
						{
							for($i=0;$i<$num;$i++)
							{
								$kpath=$lpath[$i];
								$kdirid=$ldirid[$i];
								myquery("UPDATE dirs2 SET path='$kpath',dirname='$newname' WHERE id=$kdirid");
							}
						}
						myquery("UNLOCK TABLES");
						unset($files);
						readmydirs();
					}
					else
					{
						print $design->error('<h1>'.$stringtable['eexists'].'</h1>').'<br />';
					}
				}
			}
		}
	}
/*
**********************************************

	select

**********************************************
*/
	else if (($action=="select") && $succ)
	{
		myquery("LOCK TABLES selections WRITE");
		foreach($param AS $key => $value)
		{
			if (substr($key,0,5)=='file_')
				add_file_to_selections($value);
		}

		myquery("UNLOCK TABLES");
	}
/*
*************************************

	newdir form

*************************************
*/
	else if ($action=="newdir")
	{
		print newdir().'<br />';

	}
/*
**************************************

	newdir

**************************************
*/
	else if ($action=="newdir2")
	{
		if ($succ && (($dirflags & 4)!=0))
		{
			$dir=$param['dir'];
			if (strpos($dir,'..')===false)
			{
				if (!file_exists($wd.$dir))
				{
					if (!mkdir($wd.$dir))
					{
						print $design->error($stringtable['createdirerror']).'<br />';
					}
					else
					{
						unset($files);
						readmydirs();
					}
				}
				else
				{
					print $design->error('<h1>'.$stringtable['createdirerror'].'</h1>').'<br />';
				}
			}
		}
	}
/*
*************************************

	change password

*************************************
*/
	else if ($action=="changepass")
	{
		$pass1=mysql_real_escape_string($param['pass1']);
		$pass2=mysql_real_escape_string($param['pass2']);
		$uid=$param['uid'];
		if ($pass1!=$pass2)
		{
			datamod(true);
		}
		else if (strlen($pass1)<6)
		{
			datamod(true);
		}
		else
		{
			if ((strlen($uid)>0) && ($superuser))
			{
				$uid=intval($uid);
				myquery("UPDATE users SET pass=MD5('$pass1') WHERE id=$uid");
			}
			else
			{
				myquery("UPDATE users SET pass=MD5('$pass1') WHERE id=$id");
			}

			//some check should be done, but I'm laisy
			print $design->info($stringtable['passchanged']).'<br />';
		}
	}
/*
*********************************************

	change e-mail, name

*********************************************
*/
	else if ($action=="changedata")
	{
		$email=mysql_real_escape_string($param['email']);
		$name=mysql_real_escape_string($param['name']);
		$uid=$param['uid'];
		if ((strlen($uid)>0) && ($superuser))
		{
			$uid=intval($uid);
			myquery("UPDATE users SET email='$email',name='$name' WHERE id=$uid");
		}
		else
		{
			myquery("UPDATE users SET email='$email',name='$name' WHERE id=$id");
		}

		//detto
		print $design->info($stringtable['datachanged']).'<br />';
	}
/*
****************************************************

	datamod form (password,e-mail,name

****************************************************
*/
	else if ($action=="datamod")
	{
		datamod(false);
	}
/*
******************************************

	remove files from selections

******************************************
*/
	else if ($action=="remsel")
	{
		foreach($param AS $key => $val)
		{
			if (substr($key,0,6)=='selid_')
			{
				$selid=intval($val);
				myquery("DELETE FROM selections WHERE id=$selid and uid=$id");
			}
		}
	}
/*
******************************************

	delete all files in selections
	"are you sure?" form

******************************************
*/
	else if ($action=="deleteall")
	{
		$yes=array('action' => 'deleteall2');
		$tmp='';
		foreach($param AS $key => $val)
		{
			if (substr($key,0,6)=="selid_")
			{
				$yes[$key]=$val;
				$result=myquery("SELECT dirs2.dirname AS dirname, selections.path AS path, selections.file AS file FROM dirs2,selections WHERE dirs2.id=selections.dirid and selections.id=$val");
				$num=mysql_num_rows($result);
				if ($num>0)
				{
					$row=mysql_fetch_object($result);
					$ldirname=dirform($row->dirname);
					$lpath=$row->path;
					if ($lpath{0}=='/') $lpath=substr($lpath,1);
					$lpath=dirform($ldirname.$lpath);
					$lfile=$row->file;
					$tmp.=$lpath.$lfile.'<br />';
				}
			}
		}
		$question='<h1>'.$stringtable['delallquestion'].'</h1>'.$tmp;
		print $design->question($question,$yes).'<br />';
	}
/*
******************************************

	move selected files to current dir
	"are you sure?" form

******************************************
*/
	else if ($action=="move")
	{
		$yes=array('action' => 'move2');
		$tmp='';
		foreach($param AS $key => $val)
		{
			if (substr($key,0,6)=="selid_")
			{
				$yes[$key]=$val;
				$result=myquery("SELECT dirs2.dirname AS dirname, selections.path AS path, selections.file AS file FROM dirs2,selections WHERE dirs2.id=selections.dirid and selections.id=$val");
				$num=mysql_num_rows($result);
				if ($num>0)
				{
					$row=mysql_fetch_object($result);
					$ldirname=dirform($row->dirname);
					$lpath=$row->path;
					if ($lpath{0}=='/') $lpath=substr($lpath,1);
					$lpath=dirform($ldirname.$lpath);
					$lfile=$row->file;
					$tmp.=$lpath.$lfile.'<br />';
				}
			}
		}
		$question='<h1>'.$stringtable['movequestion'].'</h1>'.$tmp;
		print $design->question($question,$yes).'<br />';
	}
/*
******************************************

	move selected files

******************************************
*/
	else if ($action=="move2")
	{
		myquery("LOCK TABLES selections WRITE, dirs2 WRITE, dirs WRITE");
		foreach($param AS $key => $val)
		{
			if (substr($key,0,6)=="selid_")
			{
				move_selected($val,$id);
			}
		}
		unset($files);
		readmydirs();
		myquery("UNLOCK TABLES");
	}
/*
******************************************

	delete all files in selections

******************************************
*/
	else if ($action=="deleteall2")
	{
		myquery("LOCK TABLES selections WRITE, dirs2 WRITE, dirs WRITE");
		foreach($param AS $key => $val)
		{
			if (substr($key,0,6)=="selid_")
			{
				delete_selected($val,$id);
			}
		}
		unset($files);
		readmydirs();
		myquery("UNLOCK TABLES");
	}

/*
*****************************************

selections window

*****************************************
*/	
	$result=myquery("SELECT selections.id AS selid,dirs2.dirname AS dirname,selections.path AS webpath,selections.file AS file FROM selections,dirs2 WHERE dirs2.id=selections.dirid and selections.uid=$id");
	$num=mysql_num_rows($result);
	if ($num>0)
	{
		$tmp=<<<END
<table border='0' cellspacing='2' cellpadding='2'>
<form action="index.php" method="post" />
<input type="hidden" name="action" value="" />
<input type="hidden" name="dirid" value="$dirid" />
<input type="hidden" name="path" value="$webpath" />
<input type="hidden" name="lang" value="$lang" />
<input type="hidden" name="des" value="$des" />
<tr><td colspan="2" align="right">
<input type="submit" OnClick='action.value="move"' value="$stringtable[movehere]" />
<input type="submit" OnClick='action.value="deleteall"' value="$stringtable[deleteall]" />
<input type="submit" OnClick='action.value="remsel"' value="$stringtable[remove]" />
</td></tr>
END;
		while($num>0)
		{
			$name='selid_'.$num;
			$row=mysql_fetch_object($result);
			$selid=$row->selid;
			$dir=$row->dirname;
			$lwebpath=$row->webpath;
			$file=$row->file;
			$entry=$dir.$lwebpath.$file;
			$tmp.="<tr><td align=left>$entry</td>";
			$tmp.="<td align=right><input type='checkbox' name='$name' value='$selid' /></td></tr>";
			$num--;
		}
		$tmp.=<<<END
</form>
END;
		$tmp.="</table>";
		print $design->window($stringtable['selections'],$tmp).'<br />';
	}

/*
****************************

	admin stuff

****************************
*/
	if ($superuser) include 'admin.php';


/*
********************************

	Here comes the files

********************************
*/
	if ($succ)
	{
		$quota=get_effective_quota($wd,false);
		if ($quota==0) $quota=$stringtable['unlimited'];
		else $quota.='mb';
		$total=$stringtable['total'].':'.make_size_nice(getsize($wd));
		$quota=$stringtable['quota'].':'.$quota;
	}

?>
<table border="0" cellpadding="0" cellspacing="0" width="100%">
<form action="index.php" method="post">
<input type="hidden" name="action" value="select" />
<input type="hidden" name="dirid" value="<?php print $dirid; ?>" />
<input type="hidden" name="path" value="<?php print $webpath; ?>" />
<input type="hidden" name="lang" value="<?php print $lang; ?>" />
<input type="hidden" name="des" value="<?php print $des; ?>" />
<tr>
<td align="center" class="fill">
<?php print $total; ?>
</td>
<td align="center" class="fill">
<?php print $quota; ?>
</td>

<td align="right" class="fill">
<input type="submit" value="<?php print $stringtable['select']; ?>" />
</td>
</tr>
<?php
	$col=0;
	foreach($files as $file)
	{
		if ($col==0) print "<tr>";
		print "<td align='center' valign='middle'>$file</td>";
		$col++;
		if ($col==3)
		{
			print "</tr>";
			$col=0;
		}
	}
	while(($col>0) && ($col<3))
	{
		print "<td></td>";
		$col++;
		if ($col==3) print "</tr>";
	}
?>
</form>
</table>

<?php
}
else
{
/*
***********************************************

	Not logged in,
	Needs to login

***********************************************
*/
$data=<<<END
<table border="0" width="300" cellpadding="0" cellspacing="4">
<form action="index.php" method="post" />
<input type="hidden" name="action" value="login" />
<input type="hidden" name="lang" value="$lang" />
<input type="hidden" name="des" value="$des" />
END;
	if ($badpass==true)
	{
		$data.="<tr><td colspan='2' align='center'><h2>$stringtable[badpass]</h2></td></tr>";
	}
$data.=<<<END
<tr>
<td align='left'>$stringtable[username]:</td><td align='right'><input type="text" name="user" /></td>
</tr>
<tr>
<td align='left'>$stringtable[password]:</td><td align='right'><input type="password" name="pass" /></td>
</tr>
<tr>
<td align="center" colspan="2"><input type="submit" value="$stringtable[login]" /></td>
</tr>
</form>
<tr>
<td align="left">$langselect</td><td align="right">$designselect</td>
</tr>
</table>
END;
	print $design->window($stringtable['login'],$data);
}



/* 
***********************************************

	functions

***********************************************
*/


/*
***********************************************

	delete_selected

***********************************************
*/
function delete_selected($selid,$id)
{
	//find the file/directory from selid, and check delete flag
	$result=myquery("SELECT dirs2.path AS root,selections.path AS path,selections.file AS file FROM dirs,dirs2,selections WHERE dirs.uid=$id and dirs2.id=dirs.dirid and dirs.dirid=selections.dirid and selections.id=$selid and (dirs.flags & 2)=2");
	$num=mysql_num_rows($result);
	if ($num>0)
	{
		$row=mysql_fetch_object($result);
		$root=dirform($row->root);
		$path=$row->path;
		$file=$row->file;
		if ($path{0}=='/') $path=substr($path,1);
		$path=dirform($root.$path);
		if (file_exists($path.$file))
		{
			// There should be some error handling here
			mydelete($path.$file);
			//print $path.$file.'<br />';
		}
		// remove the file from selections
		myquery("DELETE FROM selections WHERE id=$selid");
	}
}

/*
*****************************************

	move_selected

*****************************************
*/
function move_selected($selid,$id)
{
	global $dirflags;
	global $wd;
	global $dirid;
	//find the file/directory from selid, and check move flag
	$result=myquery("SELECT dirs2.path AS root,selections.path AS path,selections.file AS file,dirs2.id AS dirid FROM dirs,dirs2,selections WHERE dirs.uid=$id and dirs2.id=dirs.dirid and dirs.dirid=selections.dirid and selections.id=$selid and (dirs.flags & 16)=16"); //src move flag
	$num=mysql_num_rows($result);
	$b=true;
	if ($num>0)
	{
		$row=mysql_fetch_object($result);
		$root=dirform($row->root);
		$path=$row->path;
		$file=$row->file;
		$src_dirid=$row->dirid;
		if ($path{0}=='/') $path=substr($path,1);
		$path=dirform($root.$path);
		if (file_exists($path.$file) && ($dirflags & 16)) //dest move flag
		{
			$file_=$file;
			if ($path.$file!=$wd.$file_)
			{
				$i=0;
				while(file_exists($wd.$file))
				{
					$file_=$i.'_'.$file;
					$i++;
				}
				$size=getsize($path.$file);
				$quota=get_effective_quota($wd,true);
				foreach($quota AS $key => $val)
				{
					if ($val!=0)
					{
						//print $key.' '.$path.' '.helper($key,$path).'<br />';
						//print ((getsize($key)+$size)/1048576).'<br />';
						if (!helper($key,$path) && ($val<(getsize($key)+$size)/1048576)) $b=false;
					}
				}
				if ($b) $b=rename($path.$file,$wd.$file_);
			}
			else
				$b=false;
			//print $path.$file.'<br />';
		}
		else $b=false;
		// on success remove file from selections
		if ($b) myquery("DELETE FROM selections WHERE id=$selid");
	}

}

/*

	helper
	return true if $src path is in $quotapath(subpath of destination), in this case quota doesn't 
	need to be checked

*/
function helper($quotapath,$src)
{
	if (strlen($quotapath)<=strlen($src))
		return $quotapath==substr($src,0,strlen($quotapath));
	else return false;
}

function add_file_to_selections($file)
{
	global $webpath;
	global $dirid;
	global $id;
	global $wd;
	$ok=true;
	if (strpos($file,'..')!==false) $ok=false;
	if (strpos($file,'/')!==false) $ok=false;
	if ($ok)
	{
		$file=mysql_real_escape_string($file);
		// if it's a directory, then delete all subdirectories, files in selections
		if (is_dir($wd.$file))
		{
			$path=dirform($webpath);
			$path.=$file;
			if ($path{0}!='/') $path='/'.$path;
			if ($path{strlen($path)-1}!='/') $path.='/';
			myquery("DELETE FROM selections WHERE uid=$id and dirid=$dirid and LOCATE(BINARY '$path',path)=1");
		}
		$path=$webpath;
		if ($path{strlen($path)-1}!='/') $path.='/';
		if ($path{0}!='/') $path='/'.$path;
		//check if it, or it's parent directory already in selections
		$result=myquery("SELECT id FROM selections WHERE uid=$id and dirid=$dirid and ((path='$path' and file='$file') or LOCATE(CONCAT(path,file,'/'),BINARY '$path')=1)");
		$num=mysql_num_rows($result);
		if ($num==0)
		{
			myquery("INSERT INTO selections (uid,dirid,path,file) VALUES ($id,$dirid,'$path','$file')");
		}
	}
}

function datamod($wrongpass)
{
	global $dirid;
	global $webpath;
	global $lang;
	global $des;
	global $stringtable;
	global $design;
	global $param;
	global $superuser;
	global $id;
	$uid=$param['uid'];
	if ((strlen($uid)>0) && $superuser)
	{
		$uid=intval($uid);
		$result=myquery("SELECT user,name,email FROM users WHERE id=$uid");
	}
	else
	{
		$result=myquery("SELECT user,name,email FROM users WHERE id=$id");
	}
	$num=mysql_num_rows($result);
	if ($num==1)
	{
		$sor=mysql_fetch_object($result);
		$user=$sor->user;
		$name=$sor->name;
		$email=$sor->email;
	}
	$tmp=<<<END
<table border="0" width="360" cellpadding="0" cellspacing="4">
<form action="index.php" method="post" />
<input type="hidden" name="action" value="changepass" />
<input type="hidden" name="dirid" value="$dirid" />
<input type="hidden" name="path" value="$webpath" />
<input type="hidden" name="lang" value="$lang" />
<input type="hidden" name="des" value="$des" />
<input type="hidden" name="uid" value="$uid" />
END;
if ($wrongpass==true)
{
$tmp.="<tr><td colspan='2' align='center'><h2>$stringtable[wrongpass]</h2></td></tr>";
}
$tmp.=<<<END
<td>$stringtable[password1]:</td><td><input type="password" name="pass1" /></td>
</tr>
<tr>
<td>$stringtable[password2]:</td><td><input type="password" name="pass2" /></td>
</tr>
<tr>
<td colspan="2" align="center"><input type="submit" value="$stringtable[change]" /></td>
</tr>
</form>
</table>
END;
	$data=$design->window($stringtable['changepass'],$tmp);
	$data.='<br />';
	$tmp=<<<END
<table border="0" width="360" cellpadding="0" cellspacing="4">
<form action="" method="post" />
<input type="hidden" name="action" value="changedata" />
<input type="hidden" name="dirid" value="$dirid" />
<input type="hidden" name="path" value="$webpath" />
<input type="hidden" name="lang" value="$lang" />
<input type="hidden" name="des" value="$des" />
<input type="hidden" name="uid" value="$uid" />
<tr>
<td>$stringtable[name]:</td><td><input type="text" name="name" value="$name"/></td>
</tr>
<tr>
<td>$stringtable[email]:</td><td><input type="text" name="email" value="$email"/></td>
</tr>
<tr>
<td colspan="2" align="center"><input type="submit" value="$stringtable[change]" /></td>
</tr>
</form>
</table>
END;
	$data.=$design->window($stringtable['changedata'],$tmp);
	print $design->window($stringtable['datamod'].': '.$user,$data);
	print '<br />';

}

function newdir()
{
	global $param;
	global $lang;
	global $des;
	global $webpath;
	global $dirid;
	global $stringtable;
	global $design;
	$tmp=<<<END
<table border="0" width="300" cellpadding="0" cellspacing="4">
<form action="index.php" method="post" />
<input type="hidden" name="action" value="newdir2" />
<input type="hidden" name="dirid" value="$dirid" />
<input type="hidden" name="path" value="$webpath" />
<input type="hidden" name="lang" value="$lang" />
<input type="hidden" name="des" value="$des" />
<tr>
<td align="left">
$stringtable[dirname]:
</td>
<td align="right"><input type="text" name="dir" /></td>
</tr>
<tr>
<td align="center" colspan="2"><input type="submit" value="$stringtable[ok]" /></td>
</tr>
</form>
</table>
END;
	return $design->window($stringtable['newdir2'],$tmp);
}

function ren()
{
	global $param;
	global $lang;
	global $des;
	global $webpath;
	global $dirid;
	global $stringtable;
	global $design;
	$tmp=<<<END
<table border="0" width="300" cellpadding="0" cellspacing="4">
<form action="index.php" method="post" />
<input type="hidden" name="action" value="ren2" />
<input type="hidden" name="dirid" value="$dirid" />
<input type="hidden" name="path" value="$webpath" />
<input type="hidden" name="lang" value="$lang" />
<input type="hidden" name="des" value="$des" />
<input type="hidden" name="file" value="$param[file]" />
<tr><td align="right" colspan="2">$param[file]</td></tr>
<tr>
<td align="left">
$stringtable[rename]:
</td>
<td align="right"><input type="text" name="newname" value="$param[file]"/></td>
</tr>
<tr>
<td align="center" colspan="2"><input type="submit" value="$stringtable[ok]" /></td>
</tr>
</form>
</table>
END;
	return $design->window($stringtable['rename'],$tmp);
}

?>
Return current item: Phpwebfiles