HTML ($file)
HTML ($file)
HTML ($file)
the GNU General Public License as published by * the Free Software Foundation; either
version 2 of the License, or * (at your option) any later version. * * This program is
distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even
the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR
PURPOSE. See the * GNU General Public License for more details. * * You should have
received a copy of the GNU General Public License * along with this program; if not, write to
the Free Software * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. * * -------
------------------------------------------------------------------ * While using this script, do NOT
navigate with your browser's back and * forward buttons! Always open files in a new browser
tab! * ------------------------------------------------------------------------- * * This is Version 0.9,
revision 10 *
=========================================================================
* * Changes of revision 10 * * added Russian translation * * added to achieve valid XHTML
(thanks to Marc Magos) * improved delete function * * new list order: folders first * *
Changes of revision 9 * * added workaround for directory listing, if lstat() is disabled * fixed
permisson of uploaded files (thanks to Stephan Duffner) * * Changes of revision 8 * * added
Turkish translation * * added Czech translation * * improved charset handling * * Changes of
revision 7 * * added Spanish translation * * added Danish translation * * improved rename
dialog * * Changes of revision 6 * * added Dutch translation * * Changes of revision 5 * *
added language auto select * fixed symlinks in directory listing * removed word-wrap in edit
textarea * * Changes of revision 4 * * added French translation * * added Swedish
translation * * Changes of revision 3 * * improved Italian translation * * Changes of revision 2
* * got images work in some old browsers * fixed creation of directories * fixed files deletion
* improved path handling * added missing word 'not_created' * * improved human readability
of file sizes * * added Italian translation * * Changes of revision 1 * * webadmin.php
completely rewritten: * - clean XHTML/CSS output * - several files selectable * - support for
windows servers * - no more treeview, because * - webadmin.php is a >simple< file manager
* - performance problems (too much additional code) * - I don't like: frames, java-script, to
reload after every treeview-click * - execution of shell scripts * - introduced revision numbers
* /* ------------------------------------------------------------------------- */ /* Your language: * 'en'
- English * 'de' - German * 'fr' - French * 'it' - Italian * 'nl' - Dutch * 'se' - Swedish * 'sp' -
Spanish * 'dk' - Danish * 'tr' - Turkish * 'cs' - Czech * 'ru' - Russian * 'auto' - autoselect */
$lang = 'auto'; /* Charset of output: * possible values are described in the charset table at *
http://www.php.net/manual/en/function.htmlentities.php * 'auto' - use the same charset as the
words of my language are encoded */ $site_charset = 'auto'; /* Homedir: * For example: './' -
the script's directory */ $homedir = './'; /* Size of the edit textarea */ $editcols = 80; $editrows
= 25; /* ------------------------------------------- * Optional configuration (remove # to enable) */
/* Permission of created directories: * For example: 0705 would be 'drwx---r-x'. */ #
$dirpermission = 0705; /* Permission of created files: * For example: 0604 would be '-rw----r-
-'. */ # $filepermission = 0604; /* Filenames related to the apache web server: */ $htaccess =
'.htaccess'; $htpasswd = '.htpasswd'; /* ---------------------------------------------------------------
---------- */ if (get_magic_quotes_gpc()) { array_walk($_GET, 'strip'); array_walk($_POST,
'strip'); array_walk($_REQUEST, 'strip'); } if (array_key_exists('image', $_GET)) {
header('Content-Type: image/gif'); die(getimage($_GET['image'])); } if (!function_exists('lstat'))
{ function lstat ($filename) { return stat($filename); } } $delim = DIRECTORY_SEPARATOR;
if (function_exists('php_uname')) { $win = (strtoupper(substr(PHP_OS, 0, 3)) === 'WIN') ? true
: false; } else { $win = ($delim == '\\') ? true : false; } if
(!empty($_SERVER['PATH_TRANSLATED'])) { $scriptdir =
dirname($_SERVER['PATH_TRANSLATED']); } elseif
(!empty($_SERVER['SCRIPT_FILENAME'])) { $scriptdir =
dirname($_SERVER['SCRIPT_FILENAME']); } elseif (function_exists('getcwd')) { $scriptdir =
getcwd(); } else { $scriptdir = '.'; } $homedir = relative2absolute($homedir, $scriptdir); $dir =
(array_key_exists('dir', $_REQUEST)) ? $_REQUEST['dir'] : $homedir; if
(array_key_exists('olddir', $_POST) && !path_is_relative($_POST['olddir'])) { $dir =
relative2absolute($dir, $_POST['olddir']); } $directory = simplify_path(addslash($dir)); $files =
array(); $action = ''; if (!empty($_POST['submit_all'])) { $action = $_POST['action_all']; for ($i =
0; $i < $_POST['num']; $i++) { if (array_key_exists("checked$i", $_POST) &&
$_POST["checked$i"] == 'true') { $files[] = $_POST["file$i"]; } } } elseif
(!empty($_REQUEST['action'])) { $action = $_REQUEST['action']; $files[] =
relative2absolute($_REQUEST['file'], $directory); } elseif (!empty($_POST['submit_upload'])
&& !empty($_FILES['upload']['name'])) { $files[] = $_FILES['upload']; $action = 'upload'; } elseif
(array_key_exists('num', $_POST)) { for ($i = 0; $i < $_POST['num']; $i++) { if
(array_key_exists("submit$i", $_POST)) break; } if ($i < $_POST['num']) { $action =
$_POST["action$i"]; $files[] = $_POST["file$i"]; } } if (empty($action) &&
(!empty($_POST['submit_create']) || (array_key_exists('focus', $_POST) && $_POST['focus']
== 'create')) && !empty($_POST['create_name'])) { $files[] =
relative2absolute($_POST['create_name'], $directory); switch ($_POST['create_type']) { case
'directory': $action = 'create_directory'; break; case 'file': $action = 'create_file'; } } if
(sizeof($files) == 0) $action = ''; else $file = reset($files); if ($lang == 'auto') { if
(array_key_exists('HTTP_ACCEPT_LANGUAGE', $_SERVER) &&
strlen($_SERVER['HTTP_ACCEPT_LANGUAGE']) >= 2) { $lang =
substr($_SERVER['HTTP_ACCEPT_LANGUAGE'], 0, 2); } else { $lang = 'en'; } } $words =
getwords($lang); if ($site_charset == 'auto') { $site_charset = $word_charset; } $cols = ($win)
? 4 : 7; if (!isset($dirpermission)) { $dirpermission = (function_exists('umask')) ? (0777 &
~umask()) : 0755; } if (!isset($filepermission)) { $filepermission = (function_exists('umask')) ?
(0666 & ~umask()) : 0644; } if (!empty($_SERVER['SCRIPT_NAME'])) { $self =
html(basename($_SERVER['SCRIPT_NAME'])); } elseif (!empty($_SERVER['PHP_SELF'])) {
$self = html(basename($_SERVER['PHP_SELF'])); } else { $self = ''; } if
(!empty($_SERVER['SERVER_SOFTWARE'])) { if
(strtolower(substr($_SERVER['SERVER_SOFTWARE'], 0, 6)) == 'apache') { $apache = true;
} else { $apache = false; } } else { $apache = true; } switch ($action) { case 'view': if
(is_script($file)) { /* highlight_file is a mess! */ ob_start(); highlight_file($file); $src =
ereg_replace('', '', ob_get_contents()); $src = str_replace(array('', "\r", "\n"), array('', '', ''),
$src); ob_end_clean(); html_header(); echo '
echo '
'; html_footer(); } else { header('Content-Type: ' . getmimetype($file)); header('Content-
Disposition: filename=' . basename($file)); readfile($file); } break; case 'download':
header('Pragma: public'); header('Expires: 0'); header('Cache-Control: must-revalidate, post-
check=0, pre-check=0'); header('Content-Type: ' . getmimetype($file)); header('Content-
Disposition: attachment; filename=' . basename($file) . ';'); header('Content-Length: ' .
filesize($file)); readfile($file); break; case 'upload': $dest = relative2absolute($file['name'],
$directory); if (@file_exists($dest)) { listing_page(error('already_exists', $dest)); } elseif
(@move_uploaded_file($file['tmp_name'], $dest)) { @chmod($dest, $filepermission);
listing_page(notice('uploaded', $file['name'])); } else { listing_page(error('not_uploaded',
$file['name'])); } break; case 'create_directory': if (@file_exists($file)) {
listing_page(error('already_exists', $file)); } else { $old = @umask(0777 & ~$dirpermission); if
(@mkdir($file, $dirpermission)) { listing_page(notice('created', $file)); } else {
listing_page(error('not_created', $file)); } @umask($old); } break; case 'create_file': if
(@file_exists($file)) { listing_page(error('already_exists', $file)); } else { $old = @umask(0777
& ~$filepermission); if (@touch($file)) { edit($file); } else { listing_page(error('not_created',
$file)); } @umask($old); } break; case 'execute': chdir(dirname($file)); $output = array();
$retval = 0; exec('echo "./' . basename($file) . '" | /bin/sh', $output, $retval); $error = ($retval
== 0) ? false : true; if (sizeof($output) == 0) $output = array('<' . $words['no_output'] . '>'); if
($error) { listing_page(error('not_executed', $file, implode("\n", $output))); } else {
listing_page(notice('executed', $file, implode("\n", $output))); } break; case 'delete': if
(!empty($_POST['no'])) { listing_page(); } elseif (!empty($_POST['yes'])) { $failure = array();
$success = array(); foreach ($files as $file) { if (del($file)) { $success[] = $file; } else {
$failure[] = $file; } } $message = ''; if (sizeof($failure) > 0) { $message = error('not_deleted',
implode("\n", $failure)); } if (sizeof($success) > 0) { $message .= notice('deleted',
implode("\n", $success)); } listing_page($message); } else { html_header(); echo '
webadmin.php
'; directory_choice(); if (!empty($message)) { spacer(); echo $message; } if
(@is_writable($directory)) { upload_box(); create_box(); } else { spacer(); } if ($list) {
listing($list); } else { echo error('not_readable', $directory); } echo '
'; html_footer(); } function listing ($list) { global $directory, $homedir, $sort, $reverse, $win,
$cols, $date_format, $self; echo ' '; column_title('filename', $sort, $reverse);
column_title('size', $sort, $reverse); if (!$win) { column_title('permission', $sort, $reverse);
column_title('owner', $sort, $reverse); column_title('group', $sort, $reverse); } echo ' ' .
word('functions') . ' '; for ($i = 0; $i < sizeof($list); $i++) { $file = $list[$i]; $timestamps =
'mtime: ' . date($date_format, $file['mtime']) . ', '; $timestamps .= 'atime: ' . date($date_format,
$file['atime']) . ', '; $timestamps .= 'ctime: ' . date($date_format, $file['ctime']); echo ' '; if
($file['is_link']) { echo ' '; echo html($file['filename']) . ' → '; $real_file =
relative2absolute($file['target'], $directory); if (@is_readable($real_file)) { if
(@is_dir($real_file)) { echo '[ ' . html($file['target']) . ' ]'; } else { echo '' . html($file['target']) . '';
} } else { echo html($file['target']); } } elseif ($file['is_dir']) { echo ' [ '; if ($win ||
$file['is_executable']) { echo '' . html($file['filename']) . ''; } else { echo html($file['filename']); }
echo ' ]'; } else { if (substr($file['filename'], 0, 1) == '.') { echo ' '; } else { echo ' '; } if
($file['is_file'] && $file['is_readable']) { echo '' . html($file['filename']) . ''; } else { echo
html($file['filename']); } } if ($file['size'] >= 1000) { $human = ' title="' .
human_filesize($file['size']) . '"'; } else { $human = ''; } echo "\n"; echo "\t{$file['size']} B\n"; if
(!$win) { echo "\t'; $l = !$file['is_link'] && (!function_exists('posix_getuid') || $file['owner'] ==
posix_getuid()); if ($l) echo ''; echo html(permission_octal2string($file['permission'])); if ($l)
echo ''; echo "\n"; if (array_key_exists('owner_name', $file)) { echo "\t{$file['owner_name']}\n";
} else { echo "\t{$file['owner']}\n"; } if (array_key_exists('group_name', $file)) { echo
"\t{$file['group_name']}\n"; } else { echo "\t{$file['group']}\n"; } } echo ' '; $actions = array(); if
(function_exists('symlink')) { $actions[] = 'create_symlink'; } if
(@is_writable(dirname($file['path']))) { $actions[] = 'delete'; $actions[] = 'rename'; $actions[] =
'move'; } if ($file['is_file'] && $file['is_readable']) { $actions[] = 'copy'; $actions[] = 'download'; if
($file['is_writable']) $actions[] = 'edit'; } if (!$win && function_exists('exec') && $file['is_file'] &&
$file['is_executable'] && file_exists('/bin/sh')) { $actions[] = 'execute'; } if (sizeof($actions) > 0)
{ echo ' ' . str_repeat(' ', 30) . ' > '; } echo ' '; } echo ' '; $actions = array(); if
(@is_writable(dirname($file['path']))) { $actions[] = 'delete'; $actions[] = 'move'; } $actions[] =
'copy'; echo ' ' . str_repeat(' ', 30) . ' > '; } function column_title ($column, $sort, $reverse)
{ global $self, $directory; $d = 'dir=' . urlencode($directory) . '&'; if ($sort == $column) { if
(!$reverse) { $r = '&reverse=true'; $arr = ' ∧'; } else { $arr = ' ∨'; } } else { $r = ''; } echo "\t" .
word($column) . "$arr\n"; } function directory_choice () { global $directory, $homedir, $cols,
$self; echo ' ' . word('directory') . ': ' . html($directory) . ' ' . word('change') . ' '; } function
upload_box () { global $cols; echo ' ' . word('file') . ':
Choose File no file selected ' . word('upload') . ' '; } function create_box
if (array_key_exists('content', $_POST)) {
echo $_POST['content'];
} else {
'; if ($apache && basename($file) == $htpasswd) { echo ' ' . word('user') . ':$f = fopen($file, 'r'); ' . word('password') . ': ' . word('a
while (!feof($f)) {
echo html(fread($f,
'; } if ($apache && basename($file) == $htaccess) { echo ' ' .8192));
word('add_basic_auth') . '
}
fclose($f);
'; } echo ' ' . word('reset')
} .' ' . word('save') . '
if (!empty($_POST['user'])) {
[ ' . word('back') . ' ] echo "\n" . $_POST['user'] . ':' . crypt($_POST['password']);
}
'; html_footer(); } function spacer () { global $cols; echo ' '; } function textfieldsize ($content) {
if (!empty($_POST['basic_auth'])) {
$size = strlen($content) + 5; if ($size < 30) $size = 30; return $size; } function request_dump if ($win) {
() { foreach ($_REQUEST as $key => $value) { echo "\t ' . html($value) . \n"; } } /* ------- $authfile = str_replace('\\', '/', $directory) . $htpasswd;
------------------------------------------------------------------ */ function html ($string) { global} else {
$site_charset; return htmlentities($string, ENT_COMPAT, $site_charset); } function word $authfile = $directory . $htpasswd;
($word) { global $words, $word_charset; return htmlentities($words[$word], ENT_COMPAT,}
$word_charset); } function phrase ($phrase, $arguments) { global $words; static $search; ifecho "\nAuthType Basic\nAuthName "Restricted Directory"\n";
(!is_array($search)) for ($i = 1; $i <= 8; $i++) $search[] = "%$i"; for ($i = 0; $i < echo 'AuthUserFile "' . html($authfile) . ""\n";
sizeof($arguments); $i++) { $arguments[$i] = nl2br(html($arguments[$i])); } $replace = array('{' echo 'Require valid-user';
=> ' }