ad61604d15846803ce477803fab75d91ff0d2119
[squasher.git] / webroot / squasher.php
1 <?php
2 if (!$_SESSION['creds']['validated'] && !isset($_GET['f']))
3         exit();
4
5 require_once("squasher.class.php");
6
7 $squashweb = new squashweb();
8 $squashweb->db = $db;
9
10 $squashweb->update_history();
11
12 $requestpath = @$_GET['path'];
13 if (!$requestpath || strlen($requestpath)<1 || $requestpath[0]!='/') {
14         $requestpath = '/';
15 }
16
17 if (@$_GET['f'] || @$_GET['tools']=='hide' || @$_GET['tools']=='unhide' || @$_GET['tools']=='delete') {
18         $getdeepfiles=true;
19         $populate=false;
20 } else {
21         $getdeepfiles=false;
22         $populate=true;
23 }
24
25 //update folder rights if form is posted
26 if (@$_POST['edited_user'] > 0 && @$_POST['formtype'] == 'folderrights')
27         $squashweb->update_rights($_POST['edited_user'], $_POST['m'], $_SESSION['creds']['user_level']);
28
29 //set folder rights
30 if (@$_GET['f'] || $_SESSION['creds']['user_level']>200) {
31         $squashweb->give_rights(-1); // full access
32 } else {
33         $squashweb->give_rights($_SESSION['creds']['user_id']);
34 }
35
36 if (@$_GET['f']) {
37         $f_q = "SELECT * FROM file_hash WHERE md5_hash = '".$db->real_escape_string($_GET['f'])."'";
38         $f_r = $db->query($f_q);
39         $f_o = mysqli_fetch_object($f_r);
40
41         //log downloads
42         log_event('download', $f_o->file, $_GET['f']);
43
44         $_hpath_arr=explode("/", $f_o->file);
45         $file=array_pop($_hpath_arr); //Remove filename
46         $path=implode("/", $_hpath_arr);
47         $squashweb->read_single_file($path, $file);
48         #$squashweb->read_directory($path, false, true, false, false);
49 } else {
50         //parse folders for readable files
51         $squashweb->read_directory($requestpath, true, true, $getdeepfiles, $populate);
52 }
53
54 //check if a file is requested
55 if (@$_GET['f']) {
56         //get the config of requested file
57         $request = $squashweb->get_config($_GET['f']);
58
59         //show requested file
60         #header('Cache-control: private');
61         header('Content-Disposition: attachment; filename="'.$request[2].'"');
62         header("Content-Type: ".$request['mime']);
63         if ($request[3])
64                 header('Content-Length: '.$request[3]);
65         #@ob_flush();
66         @flush();
67         $squashweb->print_files($request['path'], $request[2]);
68
69 } elseif (@$_GET['tools']=="hide" && @$_GET['h']) {
70         if ($_SESSION['creds']['user_level'] > 99) {
71                 $request = $squashweb->get_config($_GET['h']);
72                 $handle = fopen(SQUASHER_UPLOADS_DIR.$request['path'].'/'.$request[2].'.hidden', 'x');
73                 fwrite($handle, 'hidden by '.$_SESSION['creds']['user_name']);
74                 fclose($handle);
75                 $path=$request['path'];
76                 header( 'Location: ?path='.$path) ;
77         }
78 } elseif (@$_GET['tools']=="unhide" && isset($_GET['h'])) {
79         if ($_SESSION['creds']['user_level'] > 99) {
80                 $request = $squashweb->get_config($_GET['h']);
81                 @unlink(SQUASHER_UPLOADS_DIR.$request['path'].'/'.$request[2].'.hidden');
82                 $path=$request['path'];
83                 header( 'Location: ?path='.$path) ;
84         }
85 } elseif (@$_GET['tools']=="delete" && isset($_GET['h'])) {
86         if ($_SESSION['creds']['user_level'] > 99) {
87                 if ($_GET['h'] == "multiple") {
88                         $h_post = $_POST['h'];
89                         foreach ($h_post as $h_key => $h) {
90                                 $request = $squashweb->get_config($h);
91                                 $squashweb->delete_file($h, $_SESSION['creds']);
92                         }
93                 } else {
94                         $h = $_GET['h'];
95                         $request = $squashweb->get_config($h);
96                         $squashweb->delete_file($h, $_SESSION['creds']);
97                 }
98                 $path=$request['path'];
99                 header( 'Location: ?path='.$path);
100         }
101
102 } elseif (@$_POST['tools']=="mkdir" && @$_POST['newname'] && $_SESSION['creds']['user_level'] > 99) {
103         $path = @$_GET['path'];
104         $nonemptypath = $path;
105         $newname = $_POST['newname'];
106         $subs = explode('/', $path);
107         if (in_array('..', $subs))
108                 die(); // Hard fails when trying to play above SQUASHER_UPLOADS_DIR
109         if ($squashweb->got_rights_array_admin($nonemptypath) > 0) {
110                 umask(002); // don't remove g+w
111                 mkdir(SQUASHER_UPLOADS_DIR.$path.'/'.$newname);
112         }
113         header( 'Location: ?path='.$path.'/'.$newname) ;
114         
115 } elseif (@$_POST['tools']=="rmdir" && isset($_GET['path']) && $_SESSION['creds']['user_level'] > 99) {
116         $path = $_GET['path'];
117         $subs = explode('/', $path);
118         if (in_array('..', $subs))
119                 die(); // Hard fails when trying to play above SQUASHER_UPLOADS_DIR
120         if ($squashweb->got_rights_array_admin($path) > 0) {
121                 rmdir(SQUASHER_UPLOADS_DIR.$path);
122         }
123         array_pop($subs);
124         $path=implode("/", $subs);
125         header( 'Location: ?path='.$path) ;
126         
127 } elseif (@$_GET['tools']=='access' && $_SESSION['creds']['user_level'] > 100) {
128
129         $smarty = get_smarty();
130
131         $smarty->assign('user_level', $_SESSION['creds']['user_level']);
132         $smarty->assign('user_name', $_SESSION['creds']['user_name']);
133         $smarty->assign('users', $squashweb->get_users($_SESSION['creds']['user_level']));
134
135         $smarty->assign('edited_user', @$_GET['user']);
136
137         $tree = $squashweb->show_rights_tree($requestpath, 0, @$_GET['user']);
138
139         $smarty->assign('style', $tree['style']);
140         $smarty->assign('layout', $tree['layout']);
141
142         $smarty->assign('debug', @$_GET['debug']);
143         $smarty->assign('folderrights', $squashweb->folderrights());
144         $smarty->assign('userrights', $squashweb->userrights());
145         $smarty->display('admin.tpl');
146
147 } elseif (@$_GET['tools']=='users' && $_SESSION['creds']['user_level'] > 100) {
148         /*
149         $type = @$_POST['type'];
150         if ($type=="disable")
151                 $squashweb->disable_users($_POST['u']);
152         */
153         $smarty = get_smarty();
154
155         $smarty->assign('user_level', $_SESSION['creds']['user_level']);
156         $smarty->assign('user_name', $_SESSION['creds']['user_name']);
157         $smarty->assign('user_id', $_SESSION['creds']['user_id']);
158
159         $smarty->assign('users', $squashweb->get_users($_SESSION['creds']['user_level']));
160
161         $smarty->assign('debug', @$_GET['debug']);
162
163         $smarty->display('udmin.tpl');
164
165 } elseif (@$_REQUEST['tools']=='edituser' && $_SESSION['creds']['user_level'] > 100) {
166         
167         $edited_user = @$_REQUEST['edited_user']; // user id
168         $users = $squashweb->get_users($_SESSION['creds']['user_level']);
169         $u = @$_REQUEST['u']; // new or edited data
170         if ($u) {
171                 if ($edited_user != NULL) {
172                         $squashweb->update_users($u, $edited_user);
173                 } else {
174                         // Simple admin don't have the user_level <tr>. Just set the value for them now:
175                         if ($_SESSION['creds']['user_level'] < 200)
176                                 $u['user_level'] = 55;
177                         $squashweb->insert_users($u, $_SESSION['creds']['user_level']);
178                 }
179                 header('302 done');
180                 header('Location: ?tools=users');
181         } else {
182                 $smarty = get_smarty();
183                 $smarty->assign('user_level', $_SESSION['creds']['user_level']);
184                 $smarty->assign('user_name', $_SESSION['creds']['user_name']);
185                 $smarty->assign('user_id', $_SESSION['creds']['user_id']);
186
187                 $smarty->assign('users', $users);
188                 $smarty->assign('edited_user', $edited_user);
189
190                 if (array_key_exists($edited_user, $users)) {
191                         $user = $users[$edited_user];
192                         if (!$user['enabled'])
193                                 $user['level'] = 0;
194                         $smarty->assign('u', $user);
195                 } else {
196                         $smarty->assign('u', NULL);
197                 }
198
199                 if ($_SESSION['creds']['user_level'] > 199) {
200                         $smarty->assign('user_levels', array(55 => 'User', 155 => 'Admin', 255 => 'Super admin', 0 => 'Disabled') );
201                 } else {
202                         $smarty->assign('user_levels', array(55 => 'User', 0 => 'Disabled') );
203                 }
204
205                 $smarty->assign('debug', @$_GET['debug']);
206                 $smarty->display('edit_user.tpl');
207         }
208
209 } elseif (@$_REQUEST['tools']=='deluser' && $_SESSION['creds']['user_level'] > 100) {
210         $edited_user = @$_REQUEST['edited_user']; // user id
211         $users = $squashweb->get_users($_SESSION['creds']['user_level']);
212         if (array_key_exists($edited_user, $users))
213                 $squashweb->remove_users($edited_user);
214         header('302 done');
215         header('Location: ?tools=users');
216         
217 } elseif (@$_GET['tools']=='logs' && $_SESSION['creds']['user_level'] > 100) {
218         $logtype=@$_GET['logtype'];
219         if (!$logtype)
220                 $logtype = 'all';
221
222         $smarty = get_smarty();
223
224         $smarty->assign('user_level', $_SESSION['creds']['user_level']);
225         $smarty->assign('user_name', $_SESSION['creds']['user_name']);
226         $smarty->assign('logtype', $logtype);
227         $smarty->assign('logs', $squashweb->get_logs($logtype));
228
229         $smarty->assign('debug', @$_GET['debug']);
230         $smarty->display('logs.tpl');
231
232 } else {
233         //show overview
234
235         $smarty = get_smarty();
236         /***
237         *       $config:: array
238         *       [0]     ->      versioncode
239         *       [1]     ->      date&time
240         *       [2]     ->      filename
241         *       [3]     ->      filesize
242         *       [4]     ->      chunksize
243         *       [5]     ->      chunkcount
244         *       [6]     ->      CRC32 checksum
245         ***/
246
247         $configs_num = $squashweb->get_configs();
248         $configs_sorted = named_records_sort($configs_num, 'lastchange', true);
249
250         $configs = array();
251
252         foreach ($configs_sorted as $key => $value) {
253                 $configs[$key]['squashed'] = $value['squashed'];
254                 $configs[$key]['version'] = $value[0];
255                 //$configs[$key]['date'] = $value[1]; //removed because user local creation date is irrelevant
256                 $configs[$key]['name'] = $value[2];
257                 $configs[$key]['size'] = $value[3];
258                 $configs[$key]['chunk_size'] = $value[4];
259                 $configs[$key]['chunks'] = $value[5];
260                 $configs[$key]['crc'] = $value[6];
261                 (strpos($value['mime'],'ideo')) ? $embedable=true : $embedable=false;
262                 (@array_sum($value['stats']) == $value[5]) ? $finished=true : $finished=false;
263
264                 $configs[$key]['embedable'] = $embedable;
265                 $configs[$key]['finished'] = $finished;
266                 $configs[$key]['mime'] = $value['mime'];
267                 $configs[$key]['status'] = $value['status'];
268                 $configs[$key]['hidden'] = $value['hidden'];
269                 $configs[$key]['chunks_finished'] = @array_sum($value['stats']);
270                 if ($finished) {
271                         $configs[$key]['chunks_partial'] = $configs[$key]['chunks_finished'];
272                 } else {
273                         $continue = true;
274                         foreach($value['stats'] as $sk => $sv) {
275                                 if ($continue) {
276                                         $configs[$key]['chunks_partial'] = $configs[$key]['chunks_partial']+$sv;
277                                         if ($sv != '1.00') $continue=false;
278                                 }
279                         }
280                 }
281                 $configs[$key]['date'] = date('d.m.y - H:i:s - T', $value['added']);
282                 $configs[$key]['lastchange'] = date('d.m.y - H:i:s - T', $value['lastchange']);
283         }
284
285
286         //set base folders
287         $basepath['/'] = 'top';
288         $bpath = '';
289         $path_fragments = explode('/', $requestpath);
290         if (in_array('..', $path_fragments)) {
291                 trigger_error("Unauthorized path ".$requestpath, E_USER_ERROR);
292                 die();
293         }
294         foreach ($path_fragments as $key => $value) {
295                 if ($value != '') {
296                         $bpath .= '/'.$value;
297                         $basepath[$bpath] = $value;
298                 }
299         }
300         $smarty->assign('debug', @$_GET['debug']);
301         $smarty->assign('user_level', $_SESSION['creds']['user_level']);
302         $smarty->assign('user_name', $_SESSION['creds']['user_name']);
303         $smarty->assign('folderrights', $squashweb->folderrights());
304
305         $smarty->assign('squashed', $configs);
306         $smarty->assign('base', $basepath);
307         $smarty->assign('currentfolder', $requestpath);
308         $subs = $squashweb->subfolders();
309         if ($subs)
310                 asort($subs);
311         $smarty->assign('subfolders', $subs);
312
313         //if(@$_GET[debug]) print_r($configs);
314         $smarty->display('index.tpl'); //Display normal template
315
316 }
317 // vim: syntax=php ts=4 sw=4 sts=4 sr noet
318 ?>