Location: PHPKode > projects > Ptk-forensics > ptk/lib/folder_browsing.php
<?
/*
PTK  - DFLabs
Copyright (C) 2008 - DFLabs srl - All rights reserved
hide@address.com
*/
include("check_session.php");
include("sanitize.php");
include("loggerClass.php");
include("../config/conf.php");
if (isset($_SESSION['img_token']) && strcmp($_SESSION['user'],"admin")==0 && strcmp($_SESSION['img_token'],$_GET['tk'])==0){
	$path= sanitize(RemoveXSS($_GET['path']),PARANOID);
	$path_text = preg_replace("/2008PTKPTKPTKPTKPTK2008/", " ", $path);
	$path = preg_replace("/2008PTKPTKPTKPTKPTK2008/", "\ ", $path);
	if(preg_match("/(.+)(\/.+)$/", $path, $out)){
		$up = $out[1];
	}else{
		$up = "/";
	}
	if(($up[9]!=' ')and(preg_match("/\s/", $up))){
		$up = preg_replace("/\s/", "2008PTKPTKPTKPTKPTK2008", $up);
	}
	DEFINE (FPERM,1);
	DEFINE (FSIZE,5);
	DEFINE (FNAME,8);

	?>

	<div id="browse_path">
		<b style="float:left"><?if(strlen($path_text)<=45){echo $path_text;}else{echo "...".substr($path_text, strlen($path_text)-43, strlen($path_text));}?></b>
		<img style="float:right;margin-top: 2px;cursor: pointer" src="../img/cancel.png" onclick="hideBrowse()">
	</div>
	<div id="browse_content">
	
	<table class="browse">
	<tr><td onclick="ajax_request('folder_browsing.php?tk=<?=$_GET['tk']?>&path=<?echo $up;?>', 'browse')"><img src="../img/folderup.png" class="img">&nbsp;..</td><td></td></tr>
	<?
	$path = sanitize($path,PARANOID);
	$cmd = shell_exec("$ls_bin -lhBL --time-style=long-iso $path");
	$list = split("\n",$cmd);
	if($path=='/') $path='';
	$i=0; $j=0;
	$list = array_slice($list,1,count($list)-1);


	/*LISTING OF DIRECTORIES*/
	foreach($list as $dir){
		preg_match("/(\S+)\s+(\S+)\s+(\S+)\s+(\S+)\s+(\S+)\s+(\S+)\s+(\d+:\d+)\s+(.+)/", $dir, $dir);
		if(($dir[FNAME]!=' ')and(preg_match("/\s/", $dir[FNAME]))){
			$name = preg_replace("/\s/", "2008PTKPTKPTKPTKPTK2008", $dir[FNAME]);
		}else{
			$name = $dir[FNAME];
		}
		if (strpos($dir[FPERM], "d") !== false){
			?>
			<tr>
			<td onclick="ajax_request('folder_browsing.php?tk=<?=$_GET['tk']?>&path=<?echo $path."/".$name;?>', 'browse')">
				<img src="../img/folder.gif" class="img">&nbsp;<?=sanitize(RemoveXSS($dir[FNAME]),PARANOID);?>
			<td>
			</tr>
			<?
		}
		$i++;
	}

	/*LISTING OF FILES*/
	foreach($list as $file){
		preg_match("/(\S+)\s+(\S+)\s+(\S+)\s+(\S+)\s+(\S+)\s+(\S+)\s+(\d+:\d+)\s+(.+)/", $file, $file);
		if(preg_match("/\s+-\>\s+/", $file[FNAME])){
			$file[FNAME] = preg_replace("/\s+->\s+.+/", "", $file[FNAME]);
		}	
		if(($file[FNAME]!=' ')and(preg_match("/\s/", $file[FNAME]))){
			$name = preg_replace("/\s/", "%20", $file[FNAME]);
		}else{
			$name = $file[FNAME];
		}
		if(preg_match("/\s/", $path)){
			$path = preg_replace("/\s/", "%20", $path);
		}	
		if((strpos($file[FPERM], "d") === false)&&($file[FPERM]!='')){
			?>
			<tr>
			<td onclick="select_image_file('<?=$path;?>', '<?=$INSTALLDIR?>', '<?=$name;?>', '<?=$file[FSIZE];?>')">
				<img src="../img/file.gif" class="img">&nbsp;<?= sanitize(RemoveXSS($file[FNAME]),PARANOID) ?>
			</td>
			<td>
				<?= $file[FSIZE];?>&nbsp;
			</td>
			</tr>
			<?
		}
		$j++;
	}
	?>
	</table>
	</div>
<?}else{
	new AuditLog('Unauthorized access to folder_browsing');
  	header("location: goto_home.php");
}?>

Return current item: Ptk-forensics