2 if (!$_SESSION['creds']['validated'] && !isset($_GET['f']))
5 require_once("squasher.class.php");
7 $squashweb = new squashweb();
10 $squashweb->update_history();
12 $requestpath = @$_GET['path'];
13 if (!$requestpath || strlen($requestpath)<1 || $requestpath[0]!='/') {
17 if (@$_GET['f'] || @$_GET['tools']=='hide' || @$_GET['tools']=='unhide' || @$_GET['tools']=='delete') {
25 //update folder rights if form is posted
26 if (@$_POST['edited_user'] > 0 && @$_POST['formtype'] == 'folderrights')
27 $squashweb->update_rights($_POST['edited_user'], $_POST['m'], $_SESSION['creds']['user_level']);
30 if (@$_GET['f'] || $_SESSION['creds']['user_level']>200) {
31 $squashweb->give_rights(-1); // full access
33 $squashweb->give_rights($_SESSION['creds']['user_id']);
37 $f_q = "SELECT * FROM file_hash WHERE md5_hash = '".$db->real_escape_string($_GET['f'])."'";
38 $f_r = $db->query($f_q);
39 $f_o = mysqli_fetch_object($f_r);
42 log_event('download', $f_o->file, $_GET['f']);
44 $_hpath_arr=explode("/", $f_o->file);
45 $file=array_pop($_hpath_arr); //Remove filename
46 $path=implode("/", $_hpath_arr);
47 if (!$squashweb->read_single_file($path, $file)) {
48 header('HTTP/1.0 404 Not found');
49 echo('<h1>No file with that hash</h1>');
52 #$squashweb->read_directory($path, false, true, false, false);
54 //parse folders for readable files
55 $squashweb->read_directory($requestpath, true, true, $getdeepfiles, $populate);
58 //check if a file is requested
60 //get the config of requested file
61 $request = $squashweb->get_config($_GET['f']);
64 #header('Cache-control: private');
65 header('Content-Disposition: attachment; filename="'.$request[2].'"');
66 header("Content-Type: ".$request['mime']);
68 header('Content-Length: '.$request[3]);
71 $squashweb->print_files($request['path'], $request[2]);
73 } elseif (@$_GET['tools']=="hide" && @$_GET['h']) {
74 if ($_SESSION['creds']['user_level'] > 99) {
75 $request = $squashweb->get_config($_GET['h']);
76 $handle = fopen(SQUASHER_UPLOADS_DIR.$request['path'].'/'.$request[2].'.hidden', 'x');
77 fwrite($handle, 'hidden by '.$_SESSION['creds']['user_name']);
79 $path=$request['path'];
80 header( 'Location: ?path='.$path) ;
82 } elseif (@$_GET['tools']=="unhide" && isset($_GET['h'])) {
83 if ($_SESSION['creds']['user_level'] > 99) {
84 $request = $squashweb->get_config($_GET['h']);
85 @unlink(SQUASHER_UPLOADS_DIR.$request['path'].'/'.$request[2].'.hidden');
86 $path=$request['path'];
87 header( 'Location: ?path='.$path) ;
89 } elseif (@$_GET['tools']=="delete" && isset($_GET['h'])) {
90 if ($_SESSION['creds']['user_level'] > 99) {
91 if ($_GET['h'] == "multiple") {
92 $h_post = $_POST['h'];
93 foreach ($h_post as $h_key => $h) {
94 $request = $squashweb->get_config($h);
95 $squashweb->delete_file($h, $_SESSION['creds']);
99 $request = $squashweb->get_config($h);
100 $squashweb->delete_file($h, $_SESSION['creds']);
102 $path=$request['path'];
103 header( 'Location: ?path='.$path);
106 } elseif (@$_POST['tools']=="mkdir" && @$_POST['newname'] && $_SESSION['creds']['user_level'] > 99) {
107 $path = @$_GET['path'];
108 $nonemptypath = $path;
109 $newname = $_POST['newname'];
110 $subs = explode('/', $path);
111 if (in_array('..', $subs))
112 die(); // Hard fails when trying to play above SQUASHER_UPLOADS_DIR
113 if ($squashweb->got_rights_array_admin($nonemptypath) > 0) {
114 umask(002); // don't remove g+w
115 mkdir(SQUASHER_UPLOADS_DIR.$path.'/'.$newname);
117 header( 'Location: ?path='.$path.'/'.$newname) ;
119 } elseif (@$_POST['tools']=="rmdir" && isset($_GET['path']) && $_SESSION['creds']['user_level'] > 99) {
120 $path = $_GET['path'];
121 $subs = explode('/', $path);
122 if (in_array('..', $subs))
123 die(); // Hard fails when trying to play above SQUASHER_UPLOADS_DIR
124 if ($squashweb->got_rights_array_admin($path) > 0) {
125 rmdir(SQUASHER_UPLOADS_DIR.$path);
128 $path=implode("/", $subs);
129 header( 'Location: ?path='.$path) ;
131 } elseif (@$_GET['tools']=='access' && $_SESSION['creds']['user_level'] > 100) {
133 $smarty = get_smarty();
135 $smarty->assign('user_level', $_SESSION['creds']['user_level']);
136 $smarty->assign('user_name', $_SESSION['creds']['user_name']);
137 $smarty->assign('users', $squashweb->get_users($_SESSION['creds']['user_level']));
139 $smarty->assign('edited_user', @$_GET['user']);
141 $tree = $squashweb->show_rights_tree($requestpath, 0, @$_GET['user']);
143 $smarty->assign('style', $tree['style']);
144 $smarty->assign('layout', $tree['layout']);
146 $smarty->assign('debug', @$_GET['debug']);
147 $smarty->assign('folderrights', $squashweb->folderrights());
148 $smarty->assign('userrights', $squashweb->userrights());
149 $smarty->display('admin.tpl');
151 } elseif (@$_GET['tools']=='users' && $_SESSION['creds']['user_level'] > 100) {
153 $type = @$_POST['type'];
154 if ($type=="disable")
155 $squashweb->disable_users($_POST['u']);
157 $smarty = get_smarty();
159 $smarty->assign('user_level', $_SESSION['creds']['user_level']);
160 $smarty->assign('user_name', $_SESSION['creds']['user_name']);
161 $smarty->assign('user_id', $_SESSION['creds']['user_id']);
163 $smarty->assign('users', $squashweb->get_users($_SESSION['creds']['user_level']));
165 $smarty->assign('debug', @$_GET['debug']);
167 $smarty->display('udmin.tpl');
169 } elseif (@$_REQUEST['tools']=='edituser' && $_SESSION['creds']['user_level'] > 100) {
171 $edited_user = @$_REQUEST['edited_user']; // user id
172 $users = $squashweb->get_users($_SESSION['creds']['user_level']);
173 $u = @$_REQUEST['u']; // new or edited data
175 if ($edited_user != NULL) {
176 $squashweb->update_users($u, $edited_user);
178 // Simple admin don't have the user_level <tr>. Just set the value for them now:
179 if ($_SESSION['creds']['user_level'] < 200)
180 $u['user_level'] = 55;
181 $squashweb->insert_users($u, $_SESSION['creds']['user_level']);
184 header('Location: ?tools=users');
186 $smarty = get_smarty();
187 $smarty->assign('user_level', $_SESSION['creds']['user_level']);
188 $smarty->assign('user_name', $_SESSION['creds']['user_name']);
189 $smarty->assign('user_id', $_SESSION['creds']['user_id']);
191 $smarty->assign('users', $users);
192 $smarty->assign('edited_user', $edited_user);
194 if (array_key_exists($edited_user, $users)) {
195 $user = $users[$edited_user];
196 if (!$user['enabled'])
198 $smarty->assign('u', $user);
200 $smarty->assign('u', NULL);
203 if ($_SESSION['creds']['user_level'] > 199) {
204 $smarty->assign('user_levels', array(55 => 'User', 155 => 'Admin', 255 => 'Super admin', 0 => 'Disabled') );
206 $smarty->assign('user_levels', array(55 => 'User', 0 => 'Disabled') );
209 $smarty->assign('debug', @$_GET['debug']);
210 $smarty->display('edit_user.tpl');
213 } elseif (@$_REQUEST['tools']=='deluser' && $_SESSION['creds']['user_level'] > 100) {
214 $edited_user = @$_REQUEST['edited_user']; // user id
215 $users = $squashweb->get_users($_SESSION['creds']['user_level']);
216 if (array_key_exists($edited_user, $users))
217 $squashweb->remove_users($edited_user);
219 header('Location: ?tools=users');
221 } elseif (@$_GET['tools']=='logs' && $_SESSION['creds']['user_level'] > 100) {
222 $logtype=@$_GET['logtype'];
226 $smarty = get_smarty();
228 $smarty->assign('user_level', $_SESSION['creds']['user_level']);
229 $smarty->assign('user_name', $_SESSION['creds']['user_name']);
230 $smarty->assign('logtype', $logtype);
231 $smarty->assign('logs', $squashweb->get_logs($logtype));
233 $smarty->assign('debug', @$_GET['debug']);
234 $smarty->display('logs.tpl');
239 $smarty = get_smarty();
248 * [6] -> CRC32 checksum
251 $configs_num = $squashweb->get_configs();
252 $configs_sorted = named_records_sort($configs_num, 'lastchange', true);
256 foreach ($configs_sorted as $key => $value) {
257 $configs[$key]['squashed'] = $value['squashed'];
258 $configs[$key]['version'] = $value[0];
259 //$configs[$key]['date'] = $value[1]; //removed because user local creation date is irrelevant
260 $configs[$key]['name'] = $value[2];
261 $configs[$key]['size'] = $value[3];
262 $configs[$key]['chunk_size'] = $value[4];
263 $configs[$key]['chunks'] = $value[5];
264 $configs[$key]['crc'] = $value[6];
265 (strpos($value['mime'],'ideo')) ? $embedable=true : $embedable=false;
266 (@array_sum($value['stats']) == $value[5]) ? $finished=true : $finished=false;
268 $configs[$key]['embedable'] = $embedable;
269 $configs[$key]['finished'] = $finished;
270 $configs[$key]['mime'] = $value['mime'];
271 $configs[$key]['status'] = $value['status'];
272 $configs[$key]['hidden'] = $value['hidden'];
273 $configs[$key]['chunks_finished'] = @array_sum($value['stats']);
275 $configs[$key]['chunks_partial'] = $configs[$key]['chunks_finished'];
278 foreach($value['stats'] as $sk => $sv) {
280 $configs[$key]['chunks_partial'] = $configs[$key]['chunks_partial']+$sv;
281 if ($sv != '1.00') $continue=false;
285 $configs[$key]['date'] = date('d.m.y - H:i:s - T', $value['added']);
286 $configs[$key]['lastchange'] = date('d.m.y - H:i:s - T', $value['lastchange']);
291 $basepath['/'] = 'top';
293 $path_fragments = explode('/', $requestpath);
294 if (in_array('..', $path_fragments)) {
295 trigger_error("Unauthorized path ".$requestpath, E_USER_ERROR);
298 foreach ($path_fragments as $key => $value) {
300 $bpath .= '/'.$value;
301 $basepath[$bpath] = $value;
304 $smarty->assign('debug', @$_GET['debug']);
305 $smarty->assign('user_level', $_SESSION['creds']['user_level']);
306 $smarty->assign('user_name', $_SESSION['creds']['user_name']);
307 $smarty->assign('folderrights', $squashweb->folderrights());
309 $smarty->assign('squashed', $configs);
310 $smarty->assign('base', $basepath);
311 $smarty->assign('currentfolder', $requestpath);
312 $subs = $squashweb->subfolders();
315 $smarty->assign('subfolders', $subs);
317 //if(@$_GET[debug]) print_r($configs);
318 $smarty->display('index.tpl'); //Display normal template
321 // vim: syntax=php ts=4 sw=4 sts=4 sr noet