Allow admins to mkdir rmdir
[squasher.git] / squasher.php
1 <?php
2 if (!$_SESSION['creds']['validated'] && !isset($_GET['f']))
3         exit();
4
5 require_once("squasher.class.php");
6
7 $squashweb = new squashweb();
8
9 $squashweb->update_history();
10
11 //set root directory
12 $basedir = "../uploads";
13 if (isset($_GET['path']) && $_GET['path']!=NULL && strlen($_GET['path'])!=1) {
14         $subf = $_GET['path'];
15         $path = $basedir . $subf;
16 } else {
17         $subf = '/';
18         $path = $basedir;
19 }
20
21 $squashweb->set_root($basedir);
22
23 if (@$_GET['f'] || @$_GET['tools']=='hide' || @$_GET['tools']=='unhide' || @$_GET['tools']=='delete') {
24         $getdeepfiles=true;
25         $populate=false;
26 } else {
27         $getdeepfiles=false;
28         $populate=true;
29 }
30
31 //update folder rights if form is posted
32 if (@$_POST['edited_user'] > 0 && @$_POST['formtype'] == 'folderrights')
33         $squashweb->update_rights($_POST['edited_user'], $_POST['m'], $_SESSION['creds']['user_level']);
34
35 //set folder rights
36 if (@$_GET['f']) {
37         $squashweb->give_rights(2);
38 } else {
39         $squashweb->give_rights($_SESSION['creds']['user_id']);
40 }
41
42 if (@$_GET['f']) {
43         $f_q = "SELECT * FROM file_hash WHERE md5_hash = '".mysql_escape_string($_GET['f'])."'";
44         $f_r = mysql_query($f_q);
45         $f_o = mysql_fetch_object($f_r);
46
47         //log downloads
48         @mysql_query("INSERT INTO log (hash,file,action,user_id,user_name,ip,date) VALUES ('".mysql_escape_string($_GET['f'])."','".mysql_escape_string($f_o->file)."','download','".mysql_escape_string($_SESSION['creds']['user_id'])."','".mysql_escape_string($_SESSION['creds']['user_name'])."','".mysql_escape_string($_SERVER['REMOTE_ADDR'])."',NOW())");
49
50         $_hpath_arr=explode("/", $f_o->file);
51         $file=array_pop($_hpath_arr); //Remove filename
52         $path=implode("/", $_hpath_arr);
53         $squashweb->read_single_file($path, $file);
54         #$squashweb->read_directory($path, false, true, false, false);
55 } else {
56         //parse folders for readable files
57         $squashweb->read_directory($path, true, true, $getdeepfiles, $populate);
58 }
59
60 //check if a file is requested
61 if (@$_GET['f']) {
62         //get the config of requested file
63         $request = $squashweb->get_config($_GET['f']);
64
65         //show requested file
66         #header('Cache-control: private');
67         header('Content-Disposition: attachment; filename="'.$request[2].'"');
68         header("Content-Type: ".$request['mime']);
69         if ($request[3])
70                 header('Content-Length: '.$request[3]);
71         #@ob_flush();
72         @flush();
73         $squashweb->print_files($request['path'], $request[2]);
74
75 } elseif (@$_GET['tools']=="hide" && @$_GET['h']) {
76         if ($_SESSION['creds']['user_level'] > 99) {
77                 $request = $squashweb->get_config($_GET['h']);
78                 $handle = fopen($request['path'].'/'.$request[2].'.hidden', 'x');
79                 fwrite($handle, 'hidden by '.$_SESSION['creds']['user_name']);
80                 fclose($handle);
81                 $path=substr($request['path'], strlen($basedir));
82                 header( 'Location: '.$_SERVER['PHP_SELF'].'?path='.$path) ;
83         }
84 } elseif (@$_GET['tools']=="unhide" && isset($_GET['h'])) {
85         if ($_SESSION['creds']['user_level'] > 99) {
86                 $request = $squashweb->get_config($_GET['h']);
87                 @unlink($request['path'].'/'.$request[2].'.hidden');
88                 $path=substr($request['path'], strlen($basedir));
89                 header( 'Location: '.$_SERVER['PHP_SELF'].'?path='.$path) ;
90         }
91 } elseif (@$_GET['tools']=="delete" && isset($_GET['h'])) {
92         if ($_SESSION['creds']['user_level'] > 99) {
93                 if ($_GET['h'] == "multiple") {
94                         $h_post = $_POST['h'];
95                         foreach ($h_post as $h_key => $h) {
96                                 $request = $squashweb->get_config($h);
97                                 $squashweb->delete_file($h, $_SESSION['creds']);
98                         }
99                 } else {
100                         $h = $_GET['h'];
101                         $request = $squashweb->get_config($h);
102                         $squashweb->delete_file($h, $_SESSION['creds']);
103                 }
104                 $path=substr($request['path'], strlen($basedir));
105                 header( 'Location: '.$_SERVER['PHP_SELF'].'?path='.$path);
106         }
107
108 } elseif (@$_POST['tools']=="mkdir" && isset($_GET['path']) && isset($_POST['newname']) && $_SESSION['creds']['user_level'] > 99) {
109         $path = $_GET['path'];
110         $newname = $_POST['newname'];
111         $subs = explode('/', $path);
112         if (in_array('..', $subs))
113                 die(); // Hard fails when trying to play above basedir
114         if ($squashweb->got_rights_array_admin($path) > 0) {
115                 umask(002); // don't remove g+w
116                 mkdir($basedir.'/'.$path.'/'.$newname);
117         }
118         header( 'Location: ?path='.$path.'/'.$newname) ;
119         
120 } elseif (@$_POST['tools']=="rmdir" && isset($_GET['path']) && $_SESSION['creds']['user_level'] > 99) {
121         $path = $_GET['path'];
122         $subs = explode('/', $path);
123         if (in_array('..', $subs))
124                 die(); // Hard fails when trying to play above basedir
125         if ($squashweb->got_rights_array_admin($path) > 0) {
126                 rmdir($basedir.$path);
127         }
128         array_pop($subs);
129         $path=implode("/", $subs);
130         header( 'Location: ?path='.$path) ;
131         
132 } elseif (@$_GET['tools']=='access' && $_SESSION['creds']['user_level'] > 100) {
133
134         require_once(SQUASHER_SMARTY);
135
136         $smarty = new Smarty;
137
138         $smarty->assign('user_level', $_SESSION['creds']['user_level']);
139         $smarty->assign('user_name', $_SESSION['creds']['user_name']);
140         $smarty->assign('users', $squashweb->get_users($_SESSION['creds']['user_level']));
141
142         $smarty->assign('edited_user', @$_GET['user']);
143
144         $tree = $squashweb->show_rights_tree($path, 0, @$_GET['user']);
145
146         $smarty->assign('style', $tree['style']);
147         $smarty->assign('layout', $tree['layout']);
148
149         $smarty->assign('debug', @$_GET['debug']);
150         $smarty->assign('folderrights', $squashweb->folderrights());
151         $smarty->assign('userrights', $squashweb->userrights());
152         $smarty->display('admin.tpl');
153
154 } elseif (@$_GET['tools']=='users' && $_SESSION['creds']['user_level'] > 100) {
155         $type = @$_POST['type'];
156         if ($type=="update")
157                 $squashweb->update_users($_POST['u']);
158         if ($type=="disable")
159                 $squashweb->disable_users($_POST['u']);
160         if ($type=="delete")
161                 $squashweb->remove_users($_POST['u']);
162         if ($type=="new")
163                 $squashweb->insert_users($_POST['u'], $_SESSION['creds']['user_level']);
164         require_once(SQUASHER_SMARTY);
165
166         $smarty = new Smarty;
167
168         $smarty->assign('user_level', $_SESSION['creds']['user_level']);
169         $smarty->assign('user_name', $_SESSION['creds']['user_name']);
170         $smarty->assign('users', $squashweb->get_users($_SESSION['creds']['user_level']));
171
172         if ($_SESSION['creds']['user_level'] > 199) {
173                 $smarty->assign('user_levels', array(155 => 'admin' , 55 => 'user' ) );
174         } else {
175                 $smarty->assign('user_levels', array(55 => 'user' ) );
176         }
177         $smarty->assign('debug', @$_GET['debug']);
178
179         $smarty->display('udmin.tpl');
180
181 } elseif (@$_GET['tools']=='logs' && $_SESSION['creds']['user_level'] > 100) {
182         $logtype=@$_GET['logtype'];
183         if (!$logtype)
184                 $logtype = 'all';
185         require_once(SQUASHER_SMARTY);
186
187         $smarty = new Smarty;
188
189         $smarty->assign('user_level', $_SESSION['creds']['user_level']);
190         $smarty->assign('user_name', $_SESSION['creds']['user_name']);
191         $smarty->assign('logtype', $logtype);
192         $smarty->assign('logs', $squashweb->get_logs($logtype));
193
194         $smarty->assign('debug', @$_GET['debug']);
195         $smarty->display('logs.tpl');
196
197 } else {
198         //show overview
199
200         require_once(SQUASHER_SMARTY);
201
202         $smarty = new Smarty;
203
204         /***
205         *       $config:: array
206         *       [0]     ->      versioncode
207         *       [1]     ->      date&time
208         *       [2]     ->      filename
209         *       [3]     ->      filesize
210         *       [4]     ->      chunksize
211         *       [5]     ->      chunkcount
212         *       [6]     ->      CRC32 checksum
213         ***/
214
215         $configs_num = $squashweb->get_configs();
216
217         $configs_sorted = named_records_sort($configs_num, 'lastchange', true);
218
219         $configs = array();
220         $paths = array();
221
222         foreach ($configs_sorted as $key => $value) {
223                 $configs[$key]['squashed'] = $value['squashed'];
224                 $configs[$key]['version'] = $value[0];
225                 //$configs[$key]['date'] = $value[1]; //removed because user local creation date is irrelevant
226                 $configs[$key]['name'] = $value[2];
227                 $configs[$key]['size'] = $value[3];
228                 $configs[$key]['chunk_size'] = $value[4];
229                 $configs[$key]['chunks'] = $value[5];
230                 $configs[$key]['crc'] = $value[6];
231                 $paths[substr($value['path'], strlen($basedir))]=array_pop(explode('/',$value['path']));
232                 (strpos($value['mime'],'ideo')) ? $embedable=true : $embedable=false;
233                 (@array_sum($value['stats']) == $value[5]) ? $finished=true : $finished=false;
234
235                 $configs[$key]['embedable'] = $embedable;
236                 $configs[$key]['finished'] = $finished;
237                 $configs[$key]['mime'] = $value['mime'];
238                 $configs[$key]['status'] = $value['status'];
239                 $configs[$key]['hidden'] = $value['hidden'];
240                 $configs[$key]['chunks_finished'] = @array_sum($value['stats']);
241                 if ($finished) {
242                         $configs[$key]['chunks_partial'] = $configs[$key]['chunks_finished'];
243                 } else {
244                         $continue = true;
245                         foreach($value['stats'] as $sk => $sv) {
246                                 if ($continue) {
247                                         $configs[$key]['chunks_partial'] = $configs[$key]['chunks_partial']+$sv;
248                                         if ($sv != '1.00') $continue=false;
249                                 }
250                         }
251                 }
252                 $configs[$key]['date'] = date('d.m.y - H:i:s - T', $value['added']);
253                 $configs[$key]['lastchange'] = date('d.m.y - H:i:s - T', $value['lastchange']);
254         }
255
256
257         //set base folders
258         $basepath['/'] = 'top';
259         $bpath = '';
260         foreach (explode('/', $subf) as $key => $value) {
261                 if ($value != '') {
262                         $bpath .= '/'.$value;
263                         $basepath[$bpath] = $value;
264                 }
265         }
266         $smarty->assign('debug', @$_GET['debug']);
267         $smarty->assign('user_level', $_SESSION['creds']['user_level']);
268         $smarty->assign('user_name', $_SESSION['creds']['user_name']);
269         $smarty->assign('folderrights', $squashweb->folderrights());
270
271         $smarty->assign('squashed', $configs);
272         $smarty->assign('paths', $paths);
273         $smarty->assign('base', $basepath);
274         $smarty->assign('currentfolder', $subf);
275         $subs = $squashweb->subfolders();
276         if ($subs)
277                 asort($subs);
278         $smarty->assign('subfolders', $subs);
279
280         //if(@$_GET[debug]) print_r($configs);
281         $smarty->display('index.tpl'); //Display normal template
282
283 }
284 // vim: syntax=php ts=4 sw=4 sts=4 sr noet
285 ?>