Allow smarty directory customization
[squasher.git] / squasher.php
1 <?php
2 if (!$_SESSION['creds']['validated'] && !isset($_GET['f']))
3         exit();
4
5 require_once("squasher.class.php");
6
7 $squashweb = new squashweb();
8
9 $squashweb->update_history();
10
11 //set root directory
12 $basedir = "../uploads";
13 if (isset($_GET['path']) && $_GET['path']!=NULL && strlen($_GET['path'])!=1) {
14         $subf = $_GET['path'];
15         $path = $basedir . $subf;
16 } else {
17         $subf = '/';
18         $path = $basedir;
19 }
20
21 $squashweb->set_root($basedir);
22
23 if (@$_GET['f'] || @$_GET['tools']=='hide' || @$_GET['tools']=='unhide' || @$_GET['tools']=='delete') {
24         $getdeepfiles=true;
25         $populate=false;
26 } else {
27         $getdeepfiles=false;
28         $populate=true;
29 }
30
31 //update folder rights if form is posted
32 if (@$_POST['edited_user'] > 0 && @$_POST['formtype'] == 'folderrights')
33         $squashweb->update_rights($_POST['edited_user'], $_POST['m'], $_SESSION['creds']['user_level']);
34
35 //set folder rights
36 if (@$_GET['f']) {
37         $squashweb->give_rights(2);
38 } else {
39         $squashweb->give_rights($_SESSION['creds']['user_id']);
40 }
41
42 if (@$_GET['f']) {
43         $f_q = "SELECT * FROM file_hash WHERE md5_hash = '".mysql_escape_string($_GET['f'])."'";
44         $f_r = mysql_query($f_q);
45         $f_o = mysql_fetch_object($f_r);
46
47         //log downloads
48         @mysql_query("INSERT INTO log (hash,file,action,user_id,user_name,ip,date) VALUES ('".mysql_escape_string($_GET['f'])."','".mysql_escape_string($f_o->file)."','download','".mysql_escape_string($_SESSION['creds']['user_id'])."','".mysql_escape_string($_SESSION['creds']['user_name'])."','".mysql_escape_string($_SERVER['REMOTE_ADDR'])."',NOW())");
49
50         $_hpath_arr=explode("/", $f_o->file);
51         $file=array_pop($_hpath_arr); //Remove filename
52         $path=implode("/", $_hpath_arr);
53         $squashweb->read_single_file($path, $file);
54         #$squashweb->read_directory($path, false, true, false, false);
55 } else {
56         //parse folders for readable files
57         $squashweb->read_directory($path, true, true, $getdeepfiles, $populate);
58 }
59
60 //check if a file is requested
61 if (@$_GET['f']) {
62         //get the config of requested file
63         $request = $squashweb->get_config($_GET['f']);
64
65         //show requested file
66         #header('Cache-control: private');
67         header('Content-Disposition: attachment; filename="'.$request[2].'"');
68         header("Content-Type: ".$request['mime']);
69         if ($request[3])
70                 header('Content-Length: '.$request[3]);
71         #@ob_flush();
72         @flush();
73         $squashweb->print_files($request['path'], $request[2]);
74
75 } elseif (@$_GET['tools']=="hide" && @$_GET['h']) {
76         if ($_SESSION['creds']['user_level'] > 99) {
77                 $request = $squashweb->get_config($_GET['h']);
78                 $handle = fopen($request['path'].'/'.$request[2].'.hidden', 'x');
79                 fwrite($handle, 'hidden by '.$_SESSION['creds']['user_name']);
80                 fclose($handle);
81                 $path=substr($request['path'], strlen($basedir));
82                 header( 'Location: '.$_SERVER['PHP_SELF'].'?path='.$path) ;
83         }
84 } elseif (@$_GET['tools']=="unhide" && isset($_GET['h'])) {
85         if ($_SESSION['creds']['user_level'] > 99) {
86                 $request = $squashweb->get_config($_GET['h']);
87                 @unlink($request['path'].'/'.$request[2].'.hidden');
88                 $path=substr($request['path'], strlen($basedir));
89                 header( 'Location: '.$_SERVER['PHP_SELF'].'?path='.$path) ;
90         }
91 } elseif (@$_GET['tools']=="delete" && isset($_GET['h'])) {
92         if ($_SESSION['creds']['user_level'] > 99) {
93                 if ($_GET['h'] == "multiple") {
94                         $h_post = $_POST['h'];
95                         foreach ($h_post as $h_key => $h) {
96                                 $request = $squashweb->get_config($h);
97                                 $squashweb->delete_file($h, $_SESSION['creds']);
98                         }
99                 } else {
100                         $h = $_GET['h'];
101                         $request = $squashweb->get_config($h);
102                         $squashweb->delete_file($h, $_SESSION['creds']);
103                 }
104                 $path=substr($request['path'], strlen($basedir));
105                 header( 'Location: '.$_SERVER['PHP_SELF'].'?path='.$path);
106         }
107
108 } elseif (@$_POST['tools']=="mkdir" && isset($_GET['path']) && isset($_POST['newname']) && $_SESSION['creds']['user_level'] > 99) {
109         $path = $_GET['path'];
110         $newname = $_POST['newname'];
111         $subs = explode('/', $path);
112         if (in_array('..', $subs))
113                 die(); // Hard fails when trying to play above basedir
114         if ($squashweb->got_rights_array_admin($path) > 0) {
115                 umask(002); // don't remove g+w
116                 mkdir($basedir.'/'.$path.'/'.$newname);
117         }
118         header( 'Location: ?path='.$path.'/'.$newname) ;
119         
120 } elseif (@$_POST['tools']=="rmdir" && isset($_GET['path']) && $_SESSION['creds']['user_level'] > 99) {
121         $path = $_GET['path'];
122         $subs = explode('/', $path);
123         if (in_array('..', $subs))
124                 die(); // Hard fails when trying to play above basedir
125         if ($squashweb->got_rights_array_admin($path) > 0) {
126                 rmdir($basedir.$path);
127         }
128         array_pop($subs);
129         $path=implode("/", $subs);
130         header( 'Location: ?path='.$path) ;
131         
132 } elseif (@$_GET['tools']=='access' && $_SESSION['creds']['user_level'] > 100) {
133
134         $smarty = get_smarty();
135
136         $smarty->assign('user_level', $_SESSION['creds']['user_level']);
137         $smarty->assign('user_name', $_SESSION['creds']['user_name']);
138         $smarty->assign('users', $squashweb->get_users($_SESSION['creds']['user_level']));
139
140         $smarty->assign('edited_user', @$_GET['user']);
141
142         $tree = $squashweb->show_rights_tree($path, 0, @$_GET['user']);
143
144         $smarty->assign('style', $tree['style']);
145         $smarty->assign('layout', $tree['layout']);
146
147         $smarty->assign('debug', @$_GET['debug']);
148         $smarty->assign('folderrights', $squashweb->folderrights());
149         $smarty->assign('userrights', $squashweb->userrights());
150         $smarty->display('admin.tpl');
151
152 } elseif (@$_GET['tools']=='users' && $_SESSION['creds']['user_level'] > 100) {
153         $type = @$_POST['type'];
154         if ($type=="update")
155                 $squashweb->update_users($_POST['u']);
156         if ($type=="disable")
157                 $squashweb->disable_users($_POST['u']);
158         if ($type=="delete")
159                 $squashweb->remove_users($_POST['u']);
160         if ($type=="new")
161                 $squashweb->insert_users($_POST['u'], $_SESSION['creds']['user_level']);
162         $smarty = get_smarty();
163
164         $smarty->assign('user_level', $_SESSION['creds']['user_level']);
165         $smarty->assign('user_name', $_SESSION['creds']['user_name']);
166         $smarty->assign('users', $squashweb->get_users($_SESSION['creds']['user_level']));
167
168         if ($_SESSION['creds']['user_level'] > 199) {
169                 $smarty->assign('user_levels', array(155 => 'admin' , 55 => 'user' ) );
170         } else {
171                 $smarty->assign('user_levels', array(55 => 'user' ) );
172         }
173         $smarty->assign('debug', @$_GET['debug']);
174
175         $smarty->display('udmin.tpl');
176
177 } elseif (@$_GET['tools']=='logs' && $_SESSION['creds']['user_level'] > 100) {
178         $logtype=@$_GET['logtype'];
179         if (!$logtype)
180                 $logtype = 'all';
181
182         $smarty = get_smarty();
183
184         $smarty->assign('user_level', $_SESSION['creds']['user_level']);
185         $smarty->assign('user_name', $_SESSION['creds']['user_name']);
186         $smarty->assign('logtype', $logtype);
187         $smarty->assign('logs', $squashweb->get_logs($logtype));
188
189         $smarty->assign('debug', @$_GET['debug']);
190         $smarty->display('logs.tpl');
191
192 } else {
193         //show overview
194
195         $smarty = get_smarty();
196         /***
197         *       $config:: array
198         *       [0]     ->      versioncode
199         *       [1]     ->      date&time
200         *       [2]     ->      filename
201         *       [3]     ->      filesize
202         *       [4]     ->      chunksize
203         *       [5]     ->      chunkcount
204         *       [6]     ->      CRC32 checksum
205         ***/
206
207         $configs_num = $squashweb->get_configs();
208
209         $configs_sorted = named_records_sort($configs_num, 'lastchange', true);
210
211         $configs = array();
212         $paths = array();
213
214         foreach ($configs_sorted as $key => $value) {
215                 $configs[$key]['squashed'] = $value['squashed'];
216                 $configs[$key]['version'] = $value[0];
217                 //$configs[$key]['date'] = $value[1]; //removed because user local creation date is irrelevant
218                 $configs[$key]['name'] = $value[2];
219                 $configs[$key]['size'] = $value[3];
220                 $configs[$key]['chunk_size'] = $value[4];
221                 $configs[$key]['chunks'] = $value[5];
222                 $configs[$key]['crc'] = $value[6];
223                 $paths[substr($value['path'], strlen($basedir))]=array_pop(explode('/',$value['path']));
224                 (strpos($value['mime'],'ideo')) ? $embedable=true : $embedable=false;
225                 (@array_sum($value['stats']) == $value[5]) ? $finished=true : $finished=false;
226
227                 $configs[$key]['embedable'] = $embedable;
228                 $configs[$key]['finished'] = $finished;
229                 $configs[$key]['mime'] = $value['mime'];
230                 $configs[$key]['status'] = $value['status'];
231                 $configs[$key]['hidden'] = $value['hidden'];
232                 $configs[$key]['chunks_finished'] = @array_sum($value['stats']);
233                 if ($finished) {
234                         $configs[$key]['chunks_partial'] = $configs[$key]['chunks_finished'];
235                 } else {
236                         $continue = true;
237                         foreach($value['stats'] as $sk => $sv) {
238                                 if ($continue) {
239                                         $configs[$key]['chunks_partial'] = $configs[$key]['chunks_partial']+$sv;
240                                         if ($sv != '1.00') $continue=false;
241                                 }
242                         }
243                 }
244                 $configs[$key]['date'] = date('d.m.y - H:i:s - T', $value['added']);
245                 $configs[$key]['lastchange'] = date('d.m.y - H:i:s - T', $value['lastchange']);
246         }
247
248
249         //set base folders
250         $basepath['/'] = 'top';
251         $bpath = '';
252         foreach (explode('/', $subf) as $key => $value) {
253                 if ($value != '') {
254                         $bpath .= '/'.$value;
255                         $basepath[$bpath] = $value;
256                 }
257         }
258         $smarty->assign('debug', @$_GET['debug']);
259         $smarty->assign('user_level', $_SESSION['creds']['user_level']);
260         $smarty->assign('user_name', $_SESSION['creds']['user_name']);
261         $smarty->assign('folderrights', $squashweb->folderrights());
262
263         $smarty->assign('squashed', $configs);
264         $smarty->assign('paths', $paths);
265         $smarty->assign('base', $basepath);
266         $smarty->assign('currentfolder', $subf);
267         $subs = $squashweb->subfolders();
268         if ($subs)
269                 asort($subs);
270         $smarty->assign('subfolders', $subs);
271
272         //if(@$_GET[debug]) print_r($configs);
273         $smarty->display('index.tpl'); //Display normal template
274
275 }
276 // vim: syntax=php ts=4 sw=4 sts=4 sr noet
277 ?>