Escape weird characters in templates
[squasher.git] / squasher.php
1 <?php
2 if (!$_SESSION['creds']['validated'] && !isset($_GET['f']))
3         exit();
4
5 require_once("squasher.class.php");
6
7 $squashweb = new squashweb();
8
9 $squashweb->update_history();
10
11 //set root directory
12 $basedir = "../uploads";
13 if (isset($_GET['path']) && $_GET['path']!=NULL && strlen($_GET['path'])!=1) {
14         $subf = $_GET['path'];
15         $path = $basedir . $subf;
16 } else {
17         $subf = '/';
18         $path = $basedir;
19 }
20
21 $squashweb->set_root($basedir);
22
23 if (@$_GET['f'] || @$_GET['tools']=='hide' || @$_GET['tools']=='unhide' || @$_GET['tools']=='delete') {
24         $getdeepfiles=true;
25         $populate=false;
26 } else {
27         $getdeepfiles=false;
28         $populate=true;
29 }
30
31 //update folder rights if form is posted
32 if (@$_POST['edited_user'] > 0 && @$_POST['formtype'] == 'folderrights')
33         $squashweb->update_rights($_POST['edited_user'], $_POST['m'], $_SESSION['creds']['user_level']);
34
35 //set folder rights
36 if (@$_GET['f']) {
37         $squashweb->give_rights(2);
38 } else {
39         $squashweb->give_rights($_SESSION['creds']['user_id']);
40 }
41
42 if (@$_GET['f']) {
43         $f_q = "SELECT * FROM file_hash WHERE md5_hash = '".mysql_escape_string($_GET['f'])."'";
44         $f_r = mysql_query($f_q);
45         $f_o = mysql_fetch_object($f_r);
46
47         //log downloads
48         @mysql_query("INSERT INTO log (hash,file,action,user_id,user_name,ip,date) VALUES ('".mysql_escape_string($_GET['f'])."','".mysql_escape_string($f_o->file)."','download','".mysql_escape_string($_SESSION['creds']['user_id'])."','".mysql_escape_string($_SESSION['creds']['user_name'])."','".mysql_escape_string($_SERVER['REMOTE_ADDR'])."',NOW())");
49
50         $_hpath_arr=explode("/", $f_o->file);
51         $file=array_pop($_hpath_arr); //Remove filename
52         $path=implode("/", $_hpath_arr);
53         $squashweb->read_single_file($path, $file);
54         #$squashweb->read_directory($path, false, true, false, false);
55 } else {
56         //parse folders for readable files
57         $squashweb->read_directory($path, true, true, $getdeepfiles, $populate);
58 }
59
60 //check if a file is requested
61 if (@$_GET['f']) {
62         //get the config of requested file
63         $request = $squashweb->get_config($_GET['f']);
64
65         //show requested file
66         #header('Cache-control: private');
67         header('Content-Disposition: attachment; filename="'.$request[2].'"');
68         header("Content-Type: ".$request['mime']);
69         if ($request[3])
70                 header('Content-Length: '.$request[3]);
71         #@ob_flush();
72         @flush();
73         $squashweb->print_files($request['path'], $request[2]);
74
75 } elseif (@$_GET['tools']=="hide" && @$_GET['h']) {
76         if ($_SESSION['creds']['user_level'] > 99) {
77                 $request = $squashweb->get_config($_GET['h']);
78                 $handle = fopen($request['path'].'/'.$request[2].'.hidden', 'x');
79                 fwrite($handle, 'hidden by '.$_SESSION['creds']['user_name']);
80                 fclose($handle);
81                 $path=substr($request['path'], strlen($basedir));
82                 header( 'Location: '.$_SERVER['PHP_SELF'].'?path='.$path) ;
83         }
84 } elseif (@$_GET['tools']=="unhide" && isset($_GET['h'])) {
85         if ($_SESSION['creds']['user_level'] > 99) {
86                 $request = $squashweb->get_config($_GET['h']);
87                 @unlink($request['path'].'/'.$request[2].'.hidden');
88                 $path=substr($request['path'], strlen($basedir));
89                 header( 'Location: '.$_SERVER['PHP_SELF'].'?path='.$path) ;
90         }
91 } elseif (@$_GET['tools']=="delete" && isset($_GET['h'])) {
92         if ($_SESSION['creds']['user_level'] > 99) {
93                 if ($_GET['h'] == "multiple") {
94                         $h_post = $_POST['h'];
95                         foreach ($h_post as $h_key => $h) {
96                                 $request = $squashweb->get_config($h);
97                                 $squashweb->delete_file($h, $_SESSION['creds']);
98                         }
99                 } else {
100                         $h = $_GET['h'];
101                         $request = $squashweb->get_config($h);
102                         $squashweb->delete_file($h, $_SESSION['creds']);
103                 }
104                 $path=substr($request['path'], strlen($basedir));
105                 header( 'Location: '.$_SERVER['PHP_SELF'].'?path='.$path);
106         }
107 } elseif (@$_GET['tools']=='access' && $_SESSION['creds']['user_level'] > 100) {
108
109         require_once(SQUASHER_SMARTY);
110
111         $smarty = new Smarty;
112
113         $smarty->assign('user_level', $_SESSION['creds']['user_level']);
114         $smarty->assign('user_name', $_SESSION['creds']['user_name']);
115         $smarty->assign('users', $squashweb->get_users($_SESSION['creds']['user_level']));
116
117         $smarty->assign('edited_user', @$_GET['user']);
118
119         $tree = $squashweb->show_rights_tree($path, 0, @$_GET['user']);
120
121         $smarty->assign('style', $tree['style']);
122         $smarty->assign('layout', $tree['layout']);
123
124         $smarty->assign('debug', @$_GET['debug']);
125         $smarty->assign('folderrights', $squashweb->folderrights());
126         $smarty->assign('userrights', $squashweb->userrights());
127         $smarty->display('admin.tpl');
128
129 } elseif (@$_GET['tools']=='users' && $_SESSION['creds']['user_level'] > 100) {
130         $type = @$_POST['type'];
131         if ($type=="update")
132                 $squashweb->update_users($_POST['u']);
133         if ($type=="disable")
134                 $squashweb->disable_users($_POST['u']);
135         if ($type=="delete")
136                 $squashweb->remove_users($_POST['u']);
137         if ($type=="new")
138                 $squashweb->insert_users($_POST['u'], $_SESSION['creds']['user_level']);
139         require_once(SQUASHER_SMARTY);
140
141         $smarty = new Smarty;
142
143         $smarty->assign('user_level', $_SESSION['creds']['user_level']);
144         $smarty->assign('user_name', $_SESSION['creds']['user_name']);
145         $smarty->assign('users', $squashweb->get_users($_SESSION['creds']['user_level']));
146
147         if ($_SESSION['creds']['user_level'] > 199) {
148                 $smarty->assign('user_levels', array(155 => 'admin' , 55 => 'user' ) );
149         } else {
150                 $smarty->assign('user_levels', array(55 => 'user' ) );
151         }
152         $smarty->assign('debug', @$_GET['debug']);
153
154         $smarty->display('udmin.tpl');
155
156 } elseif (@$_GET['tools']=='logs' && $_SESSION['creds']['user_level'] > 100) {
157         $logtype=@$_GET['logtype'];
158         if (!$logtype)
159                 $logtype = 'all';
160         require_once(SQUASHER_SMARTY);
161
162         $smarty = new Smarty;
163
164         $smarty->assign('user_level', $_SESSION['creds']['user_level']);
165         $smarty->assign('user_name', $_SESSION['creds']['user_name']);
166         $smarty->assign('logtype', $logtype);
167         $smarty->assign('logs', $squashweb->get_logs($logtype));
168
169         $smarty->assign('debug', @$_GET['debug']);
170         $smarty->display('logs.tpl');
171
172 } else {
173         //show overview
174
175         require_once(SQUASHER_SMARTY);
176
177         $smarty = new Smarty;
178
179         /***
180         *       $config:: array
181         *       [0]     ->      versioncode
182         *       [1]     ->      date&time
183         *       [2]     ->      filename
184         *       [3]     ->      filesize
185         *       [4]     ->      chunksize
186         *       [5]     ->      chunkcount
187         *       [6]     ->      CRC32 checksum
188         ***/
189
190         $configs_num = $squashweb->get_configs();
191
192         $configs_sorted = named_records_sort($configs_num, 'lastchange', true);
193
194         $configs = array();
195         $paths = array();
196
197         foreach ($configs_sorted as $key => $value) {
198                 $configs[$key]['squashed'] = $value['squashed'];
199                 $configs[$key]['version'] = $value[0];
200                 //$configs[$key]['date'] = $value[1]; //removed because user local creation date is irrelevant
201                 $configs[$key]['name'] = $value[2];
202                 $configs[$key]['size'] = $value[3];
203                 $configs[$key]['chunk_size'] = $value[4];
204                 $configs[$key]['chunks'] = $value[5];
205                 $configs[$key]['crc'] = $value[6];
206                 $paths[substr($value['path'], strlen($basedir))]=array_pop(explode('/',$value['path']));
207                 (strpos($value['mime'],'ideo')) ? $embedable=true : $embedable=false;
208                 (@array_sum($value['stats']) == $value[5]) ? $finished=true : $finished=false;
209
210                 $configs[$key]['embedable'] = $embedable;
211                 $configs[$key]['finished'] = $finished;
212                 $configs[$key]['mime'] = $value['mime'];
213                 $configs[$key]['status'] = $value['status'];
214                 $configs[$key]['hidden'] = $value['hidden'];
215                 $configs[$key]['chunks_finished'] = @array_sum($value['stats']);
216                 if ($finished) {
217                         $configs[$key]['chunks_partial'] = $configs[$key]['chunks_finished'];
218                 } else {
219                         $continue = true;
220                         foreach($value['stats'] as $sk => $sv) {
221                                 if ($continue) {
222                                         $configs[$key]['chunks_partial'] = $configs[$key]['chunks_partial']+$sv;
223                                         if ($sv != '1.00') $continue=false;
224                                 }
225                         }
226                 }
227                 $configs[$key]['date'] = date('d.m.y - H:i:s - T', $value['added']);
228                 $configs[$key]['lastchange'] = date('d.m.y - H:i:s - T', $value['lastchange']);
229         }
230
231
232         //set base folders
233         $basepath['/'] = 'top';
234         $bpath = '';
235         foreach (explode('/', $subf) as $key => $value) {
236                 if ($value != '') {
237                         $bpath .= '/'.$value;
238                         $basepath[$bpath] = $value;
239                 }
240         }
241         $smarty->assign('debug', @$_GET['debug']);
242         $smarty->assign('user_level', $_SESSION['creds']['user_level']);
243         $smarty->assign('user_name', $_SESSION['creds']['user_name']);
244         $smarty->assign('folderrights', $squashweb->folderrights());
245
246         $smarty->assign('squashed', $configs);
247         $smarty->assign('paths', $paths);
248         $smarty->assign('base', $basepath);
249         $smarty->assign('currentfolder', $subf);
250         $subs = $squashweb->subfolders();
251         if ($subs)
252                 asort($subs);
253         $smarty->assign('subfolders', $subs);
254
255         //if(@$_GET[debug]) print_r($configs);
256         $smarty->display('index.tpl'); //Display normal template
257
258 }
259 // vim: syntax=php ts=4 sw=4 sts=4 sr noet
260 ?>