webroot/squasher.php

   1 <?php
   2 if (!$_SESSION['creds']['validated'] && !isset($_GET['f']))
   3         exit();
   4
   5 require_once("squasher.class.php");
   6
   7 $squashweb = new squashweb();
   8 $squashweb->db = $db;
   9
  10 $squashweb->update_history();
  11
  12 $requestpath = @$_GET['path'];
  13 if (!$requestpath || strlen($requestpath)<1 || $requestpath[0]!='/') {
  14         $requestpath = '/';
  15 }
  16
  17 if (@$_GET['f'] || @$_GET['tools']=='hide' || @$_GET['tools']=='unhide' || @$_GET['tools']=='delete') {
  18         $getdeepfiles=true;
  19         $populate=false;
  20 } else {
  21         $getdeepfiles=false;
  22         $populate=true;
  23 }
  24
  25 //update folder rights if form is posted
  26 if (@$_POST['edited_user'] > 0 && @$_POST['formtype'] == 'folderrights')
  27         $squashweb->update_rights($_POST['edited_user'], $_POST['m'], $_SESSION['creds']['user_level']);
  28
  29 //set folder rights
  30 if (@$_GET['f'] || $_SESSION['creds']['user_level']>200) {
  31         $squashweb->give_rights(-1); // full access
  32 } else {
  33         $squashweb->give_rights($_SESSION['creds']['user_id']);
  34 }
  35
  36 if (@$_GET['f']) {
  37         $f_q = "SELECT * FROM file_hash WHERE md5_hash = '".$db->real_escape_string($_GET['f'])."'";
  38         $f_r = $db->query($f_q);
  39         $f_o = mysqli_fetch_object($f_r);
  40
  41         //log downloads
  42         log_event('download', $f_o->file, $_GET['f']);
  43
  44         $_hpath_arr=explode("/", $f_o->file);
  45         $file=array_pop($_hpath_arr); //Remove filename
  46         $path=implode("/", $_hpath_arr);
  47         if (!$squashweb->read_single_file($path, $file)) {
  48                 header('HTTP/1.0 404 Not found');
  49                 echo('<h1>No file with that hash</h1>');
  50                 exit();
  51         }
  52         #$squashweb->read_directory($path, false, true, false, false);
  53 } else {
  54         //parse folders for readable files
  55         $squashweb->read_directory($requestpath, true, true, $getdeepfiles, $populate);
  56 }
  57
  58 //check if a file is requested
  59 if (@$_GET['f']) {
  60         //get the config of requested file
  61         $request = $squashweb->get_config($_GET['f']);
  62
  63         //show requested file
  64         #header('Cache-control: private');
  65         header('Content-Disposition: attachment; filename="'.$request[2].'"');
  66         header("Content-Type: ".$request['mime']);
  67         if ($request[3])
  68                 header('Content-Length: '.$request[3]);
  69         #@ob_flush();
  70         @flush();
  71         $squashweb->print_files($request['path'], $request[2]);
  72
  73 } elseif (@$_GET['tools']=="hide" && @$_GET['h']) {
  74         if ($_SESSION['creds']['user_level'] > 99) {
  75                 $request = $squashweb->get_config($_GET['h']);
  76                 $handle = fopen(SQUASHER_UPLOADS_DIR.$request['path'].'/'.$request[2].'.hidden', 'x');
  77                 fwrite($handle, 'hidden by '.$_SESSION['creds']['user_name']);
  78                 fclose($handle);
  79                 $path=$request['path'];
  80                 header( 'Location: ?path='.$path) ;
  81         }
  82 } elseif (@$_GET['tools']=="unhide" && isset($_GET['h'])) {
  83         if ($_SESSION['creds']['user_level'] > 99) {
  84                 $request = $squashweb->get_config($_GET['h']);
  85                 @unlink(SQUASHER_UPLOADS_DIR.$request['path'].'/'.$request[2].'.hidden');
  86                 $path=$request['path'];
  87                 header( 'Location: ?path='.$path) ;
  88         }
  89 } elseif (@$_GET['tools']=="delete" && isset($_GET['h'])) {
  90         if ($_SESSION['creds']['user_level'] > 99) {
  91                 if ($_GET['h'] == "multiple") {
  92                         $h_post = $_POST['h'];
  93                         foreach ($h_post as $h_key => $h) {
  94                                 $request = $squashweb->get_config($h);
  95                                 $squashweb->delete_file($h, $_SESSION['creds']);
  96                         }
  97                 } else {
  98                         $h = $_GET['h'];
  99                         $request = $squashweb->get_config($h);
 100                         $squashweb->delete_file($h, $_SESSION['creds']);
 101                 }
 102                 $path=$request['path'];
 103                 header( 'Location: ?path='.$path);
 104         }
 105
 106 } elseif (@$_POST['tools']=="mkdir" && @$_POST['newname'] && $_SESSION['creds']['user_level'] > 99) {
 107         $path = @$_GET['path'];
 108         $nonemptypath = $path;
 109         $newname = $_POST['newname'];
 110         $subs = explode('/', $path);
 111         if (in_array('..', $subs))
 112                 die(); // Hard fails when trying to play above SQUASHER_UPLOADS_DIR
 113         if ($squashweb->got_rights_array_admin($nonemptypath) > 0) {
 114                 umask(002); // don't remove g+w
 115                 mkdir(SQUASHER_UPLOADS_DIR.$path.'/'.$newname);
 116         }
 117         header( 'Location: ?path='.$path.'/'.$newname) ;
 118
 119 } elseif (@$_POST['tools']=="rmdir" && isset($_GET['path']) && $_SESSION['creds']['user_level'] > 99) {
 120         $path = $_GET['path'];
 121         $subs = explode('/', $path);
 122         if (in_array('..', $subs))
 123                 die(); // Hard fails when trying to play above SQUASHER_UPLOADS_DIR
 124         if ($squashweb->got_rights_array_admin($path) > 0) {
 125                 rmdir(SQUASHER_UPLOADS_DIR.$path);
 126         }
 127         array_pop($subs);
 128         $path=implode("/", $subs);
 129         header( 'Location: ?path='.$path) ;
 130
 131 } elseif (@$_GET['tools']=='access' && $_SESSION['creds']['user_level'] > 100) {
 132
 133         $smarty = get_smarty();
 134
 135         $smarty->assign('user_level', $_SESSION['creds']['user_level']);
 136         $smarty->assign('user_name', $_SESSION['creds']['user_name']);
 137         $smarty->assign('users', $squashweb->get_users($_SESSION['creds']['user_level']));
 138
 139         $smarty->assign('edited_user', @$_GET['user']);
 140
 141         $tree = $squashweb->show_rights_tree($requestpath, 0, @$_GET['user']);
 142
 143         $smarty->assign('style', $tree['style']);
 144         $smarty->assign('layout', $tree['layout']);
 145
 146         $smarty->assign('debug', @$_GET['debug']);
 147         $smarty->assign('folderrights', $squashweb->folderrights());
 148         $smarty->assign('userrights', $squashweb->userrights());
 149         $smarty->display('admin.tpl');
 150
 151 } elseif (@$_GET['tools']=='users' && $_SESSION['creds']['user_level'] > 100) {
 152         /*
 153         $type = @$_POST['type'];
 154         if ($type=="disable")
 155                 $squashweb->disable_users($_POST['u']);
 156         */
 157         $smarty = get_smarty();
 158
 159         $smarty->assign('user_level', $_SESSION['creds']['user_level']);
 160         $smarty->assign('user_name', $_SESSION['creds']['user_name']);
 161         $smarty->assign('user_id', $_SESSION['creds']['user_id']);
 162
 163         $smarty->assign('users', $squashweb->get_users($_SESSION['creds']['user_level']));
 164
 165         $smarty->assign('debug', @$_GET['debug']);
 166
 167         $smarty->display('udmin.tpl');
 168
 169 } elseif (@$_REQUEST['tools']=='edituser' && $_SESSION['creds']['user_level'] > 100) {
 170
 171         $edited_user = @$_REQUEST['edited_user']; // user id
 172         $users = $squashweb->get_users($_SESSION['creds']['user_level']);
 173         $u = @$_REQUEST['u']; // new or edited data
 174         if ($u) {
 175                 if ($edited_user != NULL) {
 176                         $squashweb->update_users($u, $edited_user);
 177                 } else {
 178                         // Simple admin don't have the user_level <tr>. Just set the value for them now:
 179                         if ($_SESSION['creds']['user_level'] < 200)
 180                                 $u['user_level'] = 55;
 181                         $squashweb->insert_users($u, $_SESSION['creds']['user_level']);
 182                 }
 183                 header('302 done');
 184                 header('Location: ?tools=users');
 185         } else {
 186                 $smarty = get_smarty();
 187                 $smarty->assign('user_level', $_SESSION['creds']['user_level']);
 188                 $smarty->assign('user_name', $_SESSION['creds']['user_name']);
 189                 $smarty->assign('user_id', $_SESSION['creds']['user_id']);
 190
 191                 $smarty->assign('users', $users);
 192                 $smarty->assign('edited_user', $edited_user);
 193
 194                 if (array_key_exists($edited_user, $users)) {
 195                         $user = $users[$edited_user];
 196                         if (!$user['enabled'])
 197                                 $user['level'] = 0;
 198                         $smarty->assign('u', $user);
 199                 } else {
 200                         $smarty->assign('u', NULL);
 201                 }
 202
 203                 if ($_SESSION['creds']['user_level'] > 199) {
 204                         $smarty->assign('user_levels', array(55 => 'User', 155 => 'Admin', 255 => 'Super admin', 0 => 'Disabled') );
 205                 } else {
 206                         $smarty->assign('user_levels', array(55 => 'User', 0 => 'Disabled') );
 207                 }
 208
 209                 $smarty->assign('debug', @$_GET['debug']);
 210                 $smarty->display('edit_user.tpl');
 211         }
 212
 213 } elseif (@$_REQUEST['tools']=='deluser' && $_SESSION['creds']['user_level'] > 100) {
 214         $edited_user = @$_REQUEST['edited_user']; // user id
 215         $users = $squashweb->get_users($_SESSION['creds']['user_level']);
 216         if (array_key_exists($edited_user, $users))
 217                 $squashweb->remove_users($edited_user);
 218         header('302 done');
 219         header('Location: ?tools=users');
 220
 221 } elseif (@$_GET['tools']=='logs' && $_SESSION['creds']['user_level'] > 100) {
 222         $logtype=@$_GET['logtype'];
 223         if (!$logtype)
 224                 $logtype = 'all';
 225
 226         $smarty = get_smarty();
 227
 228         $smarty->assign('user_level', $_SESSION['creds']['user_level']);
 229         $smarty->assign('user_name', $_SESSION['creds']['user_name']);
 230         $smarty->assign('logtype', $logtype);
 231         $smarty->assign('logs', $squashweb->get_logs($logtype));
 232
 233         $smarty->assign('debug', @$_GET['debug']);
 234         $smarty->display('logs.tpl');
 235
 236 } else {
 237         //show overview
 238
 239         $smarty = get_smarty();
 240         /***
 241         *       $config:: array
 242         *       [0]     ->      versioncode
 243         *       [1]     ->      date&time
 244         *       [2]     ->      filename
 245         *       [3]     ->      filesize
 246         *       [4]     ->      chunksize
 247         *       [5]     ->      chunkcount
 248         *       [6]     ->      CRC32 checksum
 249         ***/
 250
 251         $configs_num = $squashweb->get_configs();
 252         $configs_sorted = named_records_sort($configs_num, 'lastchange', true);
 253
 254         $configs = array();
 255
 256         foreach ($configs_sorted as $key => $value) {
 257                 $configs[$key]['squashed'] = $value['squashed'];
 258                 $configs[$key]['version'] = $value[0];
 259                 //$configs[$key]['date'] = $value[1]; //removed because user local creation date is irrelevant
 260                 $configs[$key]['name'] = $value[2];
 261                 $configs[$key]['size'] = $value[3];
 262                 $configs[$key]['chunk_size'] = $value[4];
 263                 $configs[$key]['chunks'] = $value[5];
 264                 $configs[$key]['crc'] = $value[6];
 265                 (strpos($value['mime'],'ideo')) ? $embedable=true : $embedable=false;
 266                 (@array_sum($value['stats']) == $value[5]) ? $finished=true : $finished=false;
 267
 268                 $configs[$key]['embedable'] = $embedable;
 269                 $configs[$key]['finished'] = $finished;
 270                 $configs[$key]['mime'] = $value['mime'];
 271                 $configs[$key]['status'] = $value['status'];
 272                 $configs[$key]['hidden'] = $value['hidden'];
 273                 $configs[$key]['chunks_finished'] = @array_sum($value['stats']);
 274                 if ($finished) {
 275                         $configs[$key]['chunks_partial'] = $configs[$key]['chunks_finished'];
 276                 } else {
 277                         $continue = true;
 278                         foreach($value['stats'] as $sk => $sv) {
 279                                 if ($continue) {
 280                                         $configs[$key]['chunks_partial'] = $configs[$key]['chunks_partial']+$sv;
 281                                         if ($sv != '1.00') $continue=false;
 282                                 }
 283                         }
 284                 }
 285                 $configs[$key]['date'] = date('d.m.y - H:i:s - T', $value['added']);
 286                 $configs[$key]['lastchange'] = date('d.m.y - H:i:s - T', $value['lastchange']);
 287         }
 288
 289
 290         //set base folders
 291         $basepath['/'] = 'top';
 292         $bpath = '';
 293         $path_fragments = explode('/', $requestpath);
 294         if (in_array('..', $path_fragments)) {
 295                 trigger_error("Unauthorized path ".$requestpath, E_USER_ERROR);
 296                 die();
 297         }
 298         foreach ($path_fragments as $key => $value) {
 299                 if ($value != '') {
 300                         $bpath .= '/'.$value;
 301                         $basepath[$bpath] = $value;
 302                 }
 303         }
 304         $smarty->assign('debug', @$_GET['debug']);
 305         $smarty->assign('user_level', $_SESSION['creds']['user_level']);
 306         $smarty->assign('user_name', $_SESSION['creds']['user_name']);
 307         $smarty->assign('folderrights', $squashweb->folderrights());
 308
 309         $smarty->assign('squashed', $configs);
 310         $smarty->assign('base', $basepath);
 311         $smarty->assign('currentfolder', $requestpath);
 312         $subs = $squashweb->subfolders();
 313         if ($subs)
 314                 asort($subs);
 315         $smarty->assign('subfolders', $subs);
 316
 317         //if(@$_GET[debug]) print_r($configs);
 318         $smarty->display('index.tpl'); //Display normal template
 319
 320 }
 321 // vim: syntax=php ts=4 sw=4 sts=4 sr noet
 322 ?>