<?php
/********************** WEB AUTHENTICATION with PHP **************************
This package provide a set of tools for web authentication with php and mysql.
GNU GENERAL PUBLIC LICENSE
Version 2, June 1991
WEB AUTHENTICATION with PHP
Copyright (C) 2005-2006 Naldi Stefano
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
CONTACT
Please send any question, bug or communication to the author:
Naldi Stefano
ITALY
e-mail: hide@address.com
*****************************************************************************/
$infi = str_replace ("\\", "/", get_included_files());
if(!in_array(stripslashes(dirname($_SERVER['DOCUMENT_ROOT'])."/wawp_admin/admin.php"), $infi)
|| !in_array(stripslashes(dirname($_SERVER['DOCUMENT_ROOT'])."/wawp_admin/config.php"), $infi))
{
require (dirname($_SERVER['DOCUMENT_ROOT'])."/wawp_admin/php_pages_header.php");
}
function list_dir($dir_name, $mylink)
{
if ($handle = opendir($dir_name))
{
while (false <> ($file = readdir($handle)))
{
$dir_array[] = $file;
}
closedir($handle);
}
// $dir_array=scandir($dir_name); // only for PHP5 and above
foreach ($dir_array as $value) {
if($value=='.' || $value=='..')
;
else
{
$dnf=$dir_name.'/'.$value;
$dn=substr($dnf, strlen($_SERVER['DOCUMENT_ROOT']));
if(filetype($dnf)=='dir')
$ft='D';
if(filetype($dnf)=='file')
$ft='F';
$query_Recordset = "SELECT location FROM locations WHERE location='$dn'";
$Recordset = mysql_query($query_Recordset, $mylink) or die(mysql_error());
// if(mysql_num_rows($Recordset)==0 && $dn!='/' && $dn!='/wawp' && $dn!='/wawp/login' && $dn!='/wawp/login/wawp.php')
if(mysql_num_rows($Recordset)==0)
{
//$dn=$dir_name.'/'.$value;
$insertSQL = sprintf("INSERT INTO locations (location, locationtype) VALUES (%s, %s)",
"'$dn'", "'$ft'");
$Result = mysql_query($insertSQL, $mylink) or die(mysql_error());
}
if(filetype($dnf)=='dir')
list_dir($dnf, $mylink);
mysql_free_result($Recordset);
}
}
unset($dir_array);
}
mysql_select_db($mydbname, $mylink);
// check for the $_SERVER['DOCUMENT_ROOT'] directory - start
$query_Recordset = "SELECT location FROM locations WHERE location='/'";
$Recordset = mysql_query($query_Recordset, $mylink) or die(mysql_error());
if(mysql_num_rows($Recordset)==0)
{
//$dn=$dir_name.'/'.$value;
$insertSQL = sprintf("INSERT INTO locations (location, locationtype) VALUES (%s, %s)",
"'/'", "'D'");
$Result = mysql_query($insertSQL, $mylink) or die(mysql_error());
}
mysql_free_result($Recordset);
// check for the $_SERVER['DOCUMENT_ROOT'] directory - end
// check for all files and subdirs inside the $_SERVER['DOCUMENT_ROOT'] directory - start
list_dir($_SERVER['DOCUMENT_ROOT'], $mylink);
// check for all files and subdirs inside the $_SERVER['DOCUMENT_ROOT'] directory - end
$currentPage = $_SERVER["PHP_SELF"];
$maxRows_Recordset1 = 5;
$pageNum_Recordset1 = 0;
if (isset($_GET['pageNum_Recordset1'])) {
$pageNum_Recordset1 = $_GET['pageNum_Recordset1'];
}
$startRow_Recordset1 = $pageNum_Recordset1 * $maxRows_Recordset1;
$field_Recordset1 = "location";
if (isset($_POST['fn'])) {
$field_Recordset1 = (get_magic_quotes_gpc()) ? $_POST['fn'] : addslashes($_POST['fn']);
}
$txt_Recordset1 = "%";
if (isset($_POST['tx'])) {
$txt_Recordset1 = (get_magic_quotes_gpc()) ? $_POST['tx'] : addslashes($_POST['tx']);
}
mysql_select_db($mydbname, $mylink);
$query_Recordset1 = sprintf("SELECT * FROM locations WHERE %s LIKE '%%%s%%' ORDER BY locationtype, location ASC", $field_Recordset1,$txt_Recordset1);
$query_limit_Recordset1 = sprintf("%s LIMIT %d, %d", $query_Recordset1, $startRow_Recordset1, $maxRows_Recordset1);
$Recordset1 = mysql_query($query_limit_Recordset1, $mylink) or die(mysql_error());
$row_Recordset1 = mysql_fetch_assoc($Recordset1);
if (isset($_GET['totalRows_Recordset1'])) {
$totalRows_Recordset1 = $_GET['totalRows_Recordset1'];
} else {
$all_Recordset1 = mysql_query($query_Recordset1);
$totalRows_Recordset1 = mysql_num_rows($all_Recordset1);
}
$totalPages_Recordset1 = ceil($totalRows_Recordset1/$maxRows_Recordset1)-1;
$queryString_Recordset1 = "";
if (!empty($_SERVER['QUERY_STRING'])) {
$params = explode("&", $_SERVER['QUERY_STRING']);
$newParams = array();
foreach ($params as $param) {
if (stristr($param, "pageNum_Recordset1") == false &&
stristr($param, "totalRows_Recordset1") == false) {
array_push($newParams, $param);
}
}
if (count($newParams) != 0) {
$queryString_Recordset1 = "&" . htmlentities(implode("&", $newParams));
}
}
$queryString_Recordset1 = sprintf("&totalRows_Recordset1=%d%s", $totalRows_Recordset1, $queryString_Recordset1);
?>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<title>Web Authentication with PHP</title>
<style type="text/css">
<!--
.style4 {
color: #FFFF00;
font-weight: bold;
}
.style5 {color: #FF0000}
.style6 {font-size: small}
.style7 {color: #FFFF00}
-->
</style>
</head>
<body>
<table width="100%" border="0" cellpadding="0" cellspacing="0">
<!--DWLayoutTable-->
<tr>
<td width="100%" height="50" align="center" valign="middle" bgcolor="#0000FF"><div align="center" class="style4">Web Authentication with PHP v. 1.1<br>
<small><small style="font-style: italic;">
<span style="color: rgb(255, 255, 0);">Released under the GNU General Public License</span></small></small><br>
</div></td>
</tr>
<tr>
<td height="50" align="center" valign="middle" bgcolor="#FFCC33"><div align="center" class="style5">
<table width="80%" cellspacing="1" bgcolor="#0000FF">
<tr align="center" bgcolor="#FFCC33">
<td width="20%" bgcolor="#FFCC33"><a href="../index.php">Administration</a></td>
<td width="20%"><a href="../setup/setup.php">Setup</a></td>
<td width="20%"><a href="users.php">Users</a></td>
<td width="20%"><a href="groups.php">Groups</a></td>
<td width="20%" bgcolor="#FFFFFF"><a href="locations.php">Locations</a></td>
</tr>
</table>
</div></td>
</tr>
<tr>
<td height="350" align="center" valign="top"> <br>
<table width="80%" cellspacing="1" bgcolor="#0000FF">
<tr bgcolor="#CCCCCC">
<td colspan="3"><table>
<tr valign="middle">
<td width="20%" valign="top" bgcolor="#0000FF"><div align="left" class="style7">Locations's table </div></td>
<td width="40%" valign="top"><span class="style6"> </span> <table border="0" width="100%" align="center">
<tr>
<td width="23%" align="center" class="style6"><?php if ($pageNum_Recordset1 > 0) { // Show if not first page ?>
<a href="<?php printf("%s?pageNum_Recordset1=%d%s", $currentPage, 0, $queryString_Recordset1); ?>">First</a>
<?php } // Show if not first page ?>
</td>
<td width="31%" align="center" class="style6"><?php if ($pageNum_Recordset1 > 0) { // Show if not first page ?>
<a href="<?php printf("%s?pageNum_Recordset1=%d%s", $currentPage, max(0, $pageNum_Recordset1 - 1), $queryString_Recordset1); ?>">Previous</a>
<?php } // Show if not first page ?>
</td>
<td width="23%" align="center" class="style6"><?php if ($pageNum_Recordset1 < $totalPages_Recordset1) { // Show if not last page ?>
<a href="<?php printf("%s?pageNum_Recordset1=%d%s", $currentPage, min($totalPages_Recordset1, $pageNum_Recordset1 + 1), $queryString_Recordset1); ?>">Next</a>
<?php } // Show if not last page ?>
</td>
<td width="23%" align="center" class="style6"><?php if ($pageNum_Recordset1 < $totalPages_Recordset1) { // Show if not last page ?>
<a href="<?php printf("%s?pageNum_Recordset1=%d%s", $currentPage, $totalPages_Recordset1, $queryString_Recordset1); ?>">Last</a>
<?php } // Show if not last page ?>
</td>
</tr>
</table></td>
<td width="40%" valign="middle"><div align="center"><span class="style6"> Records <?php echo ($startRow_Recordset1 + 1) ?> to <?php echo min($startRow_Recordset1 + $maxRows_Recordset1, $totalRows_Recordset1) ?> of <?php echo $totalRows_Recordset1 ?> </span></div></td>
</tr>
</table></td>
</tr>
<tr bgcolor="#CCCCCC">
<td> </td>
<td colspan="2" bgcolor="#FFFFFF"><form action="locations.php" method="post" enctype="multipart/form-data" name="form2" class="style6">
Search for
<input name="tx" type="text" id="tx" value="<?php if(isset($_POST['tx'])) {echo $_POST['tx'];} ?>">
in the field
<select name="fn" id="fn">
<option value="location" selected>location</option>
<option value="locationtype">type D(ir) or F(iles)</option>
<option value="locationid">locationID</option>
</select>
<input type="submit" name="Submit" value="Search">
</form></td>
</tr>
<tr bgcolor="#CCCCCC">
<td width="5%"><span class="style6">Restrictions</span></td>
<td width="5%"><div align="center" class="style6">type</div></td>
<td width="90%"><span class="style6">location</span></td>
</tr>
<?php do { ?>
<tr bgcolor="#FFFFFF">
<td width="5%"><form action="restrictions.of.the.location.php" method="post" enctype="multipart/form-data" name="form1">
<input type="submit" name="Submit" value="restrictions">
<input name="ln" type="hidden" id="ln" value="<?php echo $row_Recordset1['location']; ?>">
<input name="lid" type="hidden" id="lid" value="<?php echo $row_Recordset1['locationid']; ?>">
</form> <span class="style6"></span></td>
<td width="5%"><div align="center" class="style6"><?php echo $row_Recordset1['locationtype']; ?></div></td>
<td width="90%"><div align="left"><span class="style6"><?php echo $row_Recordset1['location']; ?></span></div></td>
</tr>
<?php } while ($row_Recordset1 = mysql_fetch_assoc($Recordset1)); ?>
</table></td>
</tr>
</table>
</body>
</html>
<?php
mysql_free_result($Recordset1);
?>