Move db setup in config.php
[squasher.git] / squasher.class.php
index 4e3a4cf1c530bfc31f3418ed8b3fe26b6165ec5e..76e86a88afdffb32f541d6284ec9f6144697455c 100644 (file)
 <?php
-require_once("include/connect.inc.php");
+require_once("config.php");
 
-function zfill($n,$a) {
-  return str_repeat("0",max(0,$a-strlen($n))).$n;
+function zfill($n, $a) {
+       return str_repeat("0", max(0,$a-strlen($n))) . $n;
 }
 
-function named_records_sort($named_recs, $order_by, $reverse=false, $flags=0)
-{
+function named_records_sort($named_recs, $order_by, $reverse=false, $flags=0) {
        $named_hash = array();
-       foreach($named_recs as $key => $fields)$named_hash[$key] = $fields[$order_by];
+       foreach ($named_recs as $key => $fields)
+               $named_hash[$key] = $fields[$order_by];
 
-       if($reverse) arsort($named_hash,$flags=0) ;
-       else asort($named_hash, $flags=0);
+       if ($reverse)
+               arsort($named_hash,$flags=0) ;
+       else
+               asort($named_hash, $flags=0);
 
        $sorted_records = array();
        foreach($named_hash as $key => $val)$sorted_records[$key] = $named_recs[$key];
+
        return $sorted_records;
 }
 
-function validate_user($vars,$salt){
-       $creds[validated] = false;
-       $query="SELECT * FROM users";
+function validate_user($username, $password, $salt) {
+       $creds['validated'] = false;
+       $query="SELECT * FROM users WHERE user_name = '".mysql_escape_string($username)."'";
        $q_result = mysql_query($query);
-       while ($fetched_object = mysql_fetch_object($q_result)){
-               if (md5(md5($fetched_object->user_name).$salt) == $vars[user]){
-                       if (md5($fetched_object->user_pass.$salt) == $vars[pass]){
-                               //validated
-                               $creds[user_id] = $fetched_object->user_id;
-                               $creds[user_name] = $fetched_object->user_name;
-                               $creds[user_level] = $fetched_object->user_level;
-                               $creds[validated] = true;
-                               $log_hash=NULL;
-                               $log_hash=(isset($vars['f'])) ? $vars['f'] : $vars['h'] ;
-                               if ($log_hash==NULL)$log_hash=str_repeat("0",32);
-                               $q="insert into log (hash,action,user_id,user_name,ip,date) values ('{$log_hash}','login','".$creds['user_id']."','".$creds['user_name']."','".$_SERVER[REMOTE_ADDR]."',NOW())";
-                               mysql_query($q);
-                       }
+       while ($fetched_object = mysql_fetch_object($q_result)) {
+               if (md5($fetched_object->user_pass.$salt) == $password) {
+                       //validated
+                       $creds['user_id'] = $fetched_object->user_id;
+                       $creds['user_name'] = $fetched_object->user_name;
+                       $creds['user_level'] = $fetched_object->user_level;
+                       $creds['validated'] = true;
+                       $log_hash=str_repeat("0",32); // File ID is always empty on login
+                       $q="INSERT INTO log (hash,action,user_id,user_name,ip,date) VALUES ('".mysql_escape_string($log_hash)."','login',".$creds['user_id'].",'".mysql_escape_string($creds['user_name'])."','".mysql_escape_string($_SERVER['REMOTE_ADDR'])."',NOW())";
+                       mysql_query($q);
                }
        }
-       $_SESSION[creds] = $creds;
-       return $creds[validated];
+       $_SESSION['creds'] = $creds;
+       return $creds['validated'];
 }
 
+
+
 class squashweb {
 
 var $basepath;
-var $configs;
-var $stats;
-var $files;
-var $subfolders;
+var $configs = array();
+var $files = array();
+var $subfolders = array();
 var $folderrights;
 var $userrights;
-var $history;
+var $history = array();
 
-function set_root($root){
+function set_root($root) {
        $this->basepath = $root;
 }
 
-function get_configs(){
+function get_configs() {
        return $this->configs;
 }
 
-function subfolders(){
+function subfolders() {
        return $this->subfolders;
 }
 
-function get_config($h){
-       
+function get_config($h) {
+
        return $this->configs[$h];
 }
 
-function folderrights(){
+function folderrights() {
        return $this->folderrights;
 }
 
-function userrights(){
+function userrights() {
        return $this->userrights;
 }
 
-function update_history(){
+function update_history() {
        $q="SELECT md5_hash,file,completed,checked FROM file_hash";
        $r=mysql_query($q);
-       while($o=mysql_fetch_object($r)){
+       while($o=mysql_fetch_object($r)) {
                $this->history[$o->md5_hash]['file']=$o->file;
                $this->history[$o->md5_hash]['completed']=$o->completed;
                $this->history[$o->md5_hash]['checked']=$o->checked;
        }
 }
 
-function got_rights_checkbox($needle){
-       $result = $this->got_rights_array($needle,'',0,'userrights');
-       switch($result){
-               case 0 :
-                       $return = '';
-                       break;
-               case 1 :
-               case 2 :
-                       $return = 'checked';
-                       break;
-       }
-       return $return;
-}
-
-function get_users($user_level){
-       $q = "SELECT * FROM users WHERE user_level < '".$user_level."' order by user_name asc";
+function get_users($user_level) {
+       $q = "SELECT * FROM users WHERE user_level < ".$user_level." ORDER BY user_name ASC";
        $r = mysql_query($q);
-       
-       while ($o = mysql_fetch_object($r)){
+
+       while ($o = mysql_fetch_object($r)) {
                $return[$o->user_id]['id']              = $o->user_id;
                $return[$o->user_id]['name']    = $o->user_name;
                $return[$o->user_id]['level']   = $o->user_level;
-               $return[$o->user_id]['enabled'] = ($o->user_pass == '') ? false : true ;;
+               $return[$o->user_id]['enabled'] = ($o->user_pass == '') ? false : true ;
        }
-       
+
        return $return;
 }
 
-function get_logs($type='all'){
+function get_logs($type='all') {
        $q="SELECT log.* FROM log WHERE log.user_id != '1' and ip != '87.233.211.2' ";
-       if($_SESSION[creds][user_id] == 1)$q="SELECT log.* FROM log WHERE log.user_id != 'x' ";
-       switch($type){
+       if ($_SESSION['creds']['user_id'] == 1)
+               $q="SELECT log.* FROM log WHERE log.user_id != 'x' ";
+       switch($type) {
        case "delete":
-               $q.= " and log.action = 'delete'";
+               $q.= " AND log.action = 'delete'";
                break;
        case "download":
-               $q.= " and log.action = 'download'";
+               $q.= " AND log.action = 'download'";
                break;
        case "login":
-               $q.= " and log.action = 'login'";
+               $q.= " AND log.action = 'login'";
                break;
        case "debug":
-               $q.= " and log.action = 'debug'";
+               $q.= " AND log.action = 'debug'";
                break;
        default:
                $q.= "";
                break;
        }
 
-       $today     =" and date > date(date_add(now(), interval -0 day)) ";
-       $yesterday =" and date < date(date_add(now(), interval -0 day)) and date > date(date_add(now(), interval -1 day)) ";
-       $lastweek  =" and date < date(date_add(now(), interval -1 day)) and date > date(date_add(now(), interval -6 day)) ";
-       $older     =" and date < date(date_add(now(), interval -7 day)) and date > date(date_add(now(), interval -30 day)) ";
+       $today     =" AND date > date(date_add(now(), interval -0 day)) ";
+       $yesterday =" AND date < date(date_add(now(), interval -0 day)) AND date > date(date_add(now(), interval -1 day)) ";
+       $lastweek  =" AND date < date(date_add(now(), interval -1 day)) AND date > date(date_add(now(), interval -6 day)) ";
+       $older     =" AND date < date(date_add(now(), interval -7 day)) AND date > date(date_add(now(), interval -30 day)) ";
 
-       $order=" order by log.log_id desc ";
+       $order=" ORDER BY log.log_id desc ";
        $r = mysql_query($q.$today.$order);
-       while($a = mysql_fetch_array($r)){
-               $qu="select users.user_name from users left join log on users.user_id = log.user_id where log.ip='{$a[ip]}' group by users.user_name";
+       $return = array();
+       while($a = mysql_fetch_array($r)) {
+               $qu="SELECT users.user_name FROM users LEFT JOIN log ON users.user_id = log.user_id WHERE log.ip='".mysql_escape_string($a['ip'])."' GROUP BY users.user_name";
                $ru = mysql_query($qu);
-               $a[users_from_ip]=" | ";
-               while($au = mysql_fetch_array($ru))$a[users_from_ip].=$au[user_name]." | ";
-               $return['today'][$a['log_id']]=$a;
+               $a['users_from_ip'] = " | ";
+               while($au = mysql_fetch_array($ru))
+                       $a['users_from_ip'] .= $au['user_name']." | ";
+               $return['today'][$a['log_id']] = $a;
        }
        $r = mysql_query($q.$yesterday.$order);
-       while($a = mysql_fetch_array($r)){
-               $qu="select users.user_name from users left join log on users.user_id = log.user_id where log.ip='{$a[ip]}' group by users.user_name";
+       while($a = mysql_fetch_array($r)) {
+               $qu="SELECT users.user_name FROM users LEFT JOIN log ON users.user_id = log.user_id WHERE log.ip='".mysql_escape_string($a['ip'])."' GROUP BY users.user_name";
                $ru = mysql_query($qu);
-               $a[users_from_ip]=" | ";
-               while($au = mysql_fetch_array($ru))$a[users_from_ip].=$au[user_name]." | ";
-               $return['yesterday'][$a['log_id']]=$a;
+               $a['users_from_ip'] = " | ";
+               while($au = mysql_fetch_array($ru))
+                       $a['users_from_ip'] .= $au['user_name']." | ";
+               $return['yesterday'][$a['log_id']] = $a;
        }
        $r = mysql_query($q.$lastweek.$order);
-       while($a = mysql_fetch_array($r)){
-               $qu="select users.user_name from users left join log on users.user_id = log.user_id where log.ip='{$a[ip]}' group by users.user_name";
+       while($a = mysql_fetch_array($r)) {
+               $qu="SELECT users.user_name FROM users LEFT JOIN log ON users.user_id = log.user_id WHERE log.ip='".mysql_escape_string($a['ip'])."' GROUP BY users.user_name";
                $ru = mysql_query($qu);
-               $a[users_from_ip]=" | ";
-               while($au = mysql_fetch_array($ru))$a[users_from_ip].=$au[user_name]." | ";
-               $return['lastweek'][$a['log_id']]=$a;
+               $a['users_from_ip'] = " | ";
+               while($au = mysql_fetch_array($ru))
+                       $a['users_from_ip'] .= $au['user_name']." | ";
+               $return['lastweek'][$a['log_id']] = $a;
        }
        $r = mysql_query($q.$older.$order);
-       while($a = mysql_fetch_array($r)){
-               $qu="select users.user_name from users left join log on users.user_id = log.user_id where log.ip='{$a[ip]}' group by users.user_name";
+       while($a = mysql_fetch_array($r)) {
+               $qu="SELECT users.user_name FROM users LEFT JOIN log ON users.user_id = log.user_id WHERE log.ip='".mysql_escape_string($a['ip'])."' GROUP BY users.user_name";
                $ru = mysql_query($qu);
-               $a[users_from_ip]=" | ";
-               while($au = mysql_fetch_array($ru))$a[users_from_ip].=$au[user_name]." | ";
-               $return['older'][$a['log_id']]=$a;
+               $a['users_from_ip'] = " | ";
+               while($au = mysql_fetch_array($ru))
+                       $a['users_from_ip'] .= $au['user_name']." | ";
+               $return['older'][$a['log_id']] = $a;
        }
 
        return $return;
 }
 
-function insert_users($submitted,$admin_level){
-       $q = "INSERT INTO users (user_name,user_pass,user_level) values ('".$submitted[u][user_name]."','".md5($submitted[u][user_pass])."','".$submitted[u][user_level]."')";
+function insert_users($u, $admin_level) {
+       $user_name = $u['user_name'];
+       $user_pass = $u['user_pass'];
+       $user_level = (int)$u['user_level'];
+
+       $q = "INSERT INTO users (user_name,user_pass,user_level) VALUES ('".mysql_escape_string($user_name)."', '".mysql_escape_string(md5($user_pass))."', ".$user_level.")";
        $r = mysql_query($q);
 }
 
-function update_users($submitted){
-       $q = "UPDATE users SET user_name = '".$submitted[u][user_name]."', user_pass = '".md5($submitted[u][user_pass])."', user_level = '".$submitted[u][user_level]."' WHERE user_id = '".$submitted[u][user_id]."'";
-       $r = mysql_query($q);
+function update_users($u) {
+       $user_id = (int)$u['user_id'];
+       $user_name = @$u['user_name'];
+       $user_pass = @$u['user_pass'];
+       $user_level = (int)@$u['user_level'];
+       if ($user_name) {
+               $q = "UPDATE users SET user_name = '".mysql_escape_string($user_name)."' WHERE user_id = ".$user_id;
+               $r = mysql_query($q);
+       }
+       if ($user_pass) {
+               $q = "UPDATE users SET user_pass = '".mysql_escape_string(md5($user_pass))."' WHERE user_id = ".$user_id;
+               $r = mysql_query($q);
+       }
+       if ($user_level) {
+               $q = "UPDATE users SET user_level = ".$user_level." WHERE user_id = ".$user_id;
+               $r = mysql_query($q);
+       }
 }
 
-function disable_users($submitted){
-       $q = "UPDATE users SET user_name = '".$submitted[u][user_name]."', user_pass = '', user_level = '".$submitted[u][user_level]."' WHERE user_id = '".$submitted[u][user_id]."'";
+function disable_users($u) {
+       $user_id = (int)$u['user_id'];
+       $user_name = @$u['user_name'];
+       $user_level = (int)@$u['user_level'];
+       if ($user_name) {
+               $q = "UPDATE users SET user_name = '".mysql_escape_string($user_name)."' WHERE user_id = ".$user_id;
+               $r = mysql_query($q);
+       }
+       $q = "UPDATE users SET user_pass = '' WHERE user_id = ".$user_id;
+       $r = mysql_query($q);
+       if ($user_level) {
+               $q = "UPDATE users SET user_level = ".$user_level." WHERE user_id = ".$user_id;
+               $r = mysql_query($q);
+       }
        $r = mysql_query($q);
 }
 
-function remove_users($submitted){
-       $q = "DELETE FROM users WHERE user_id = '".$submitted[u][user_id]."'";
+function remove_users($u) {
+       $user_id = (int)$u['user_id'];
+       $q = "DELETE FROM users WHERE user_id = ".$user_id;
        $r = mysql_query($q);
 }
 
-function give_rights($user_id,$type='folderrights'){
-               
-       $q = "SELECT folder_path, access FROM user_rights WHERE user_id = '".$user_id."'";
+function get_rights($user_id) {
+       $result = array();
+
+       $q = "SELECT folder_path, access FROM user_rights WHERE user_id = ".(int)$user_id;
        $r = mysql_query($q);
-       while ($o = mysql_fetch_object($r)){
+       while ($o = mysql_fetch_object($r)) {
+
+               //clean vars
+               $arr_string = '$result';
 
-               //clean vars            
-               $arr_string = '$this->'.$type;
-               
                //get foldernames from path
-               if($o->folder_path != '/'){
+               if ($o->folder_path != '/') {
                        $path = $o->folder_path;
-                       if($path{0}=='/')$path=substr($path,1);
+                       if ($path{0}=='/')
+                               $path=substr($path,1);
                        $folder_arr = explode('/',$path);
 
                        //create folder structure array
-                       foreach ($folder_arr AS $key => $value){
+                       foreach ($folder_arr AS $key => $value) {
                                $arr_string .= "['".$value."']";
                        }
                }
                $arr_string .= "['__access__']";
-               
-               //choose access icon
-               // access = # --deny-all
-               // access = * --allow-dir-only
-               // access = @ --allow-inc-subs
-/*             switch($o->access){
-                       case 0 :
-                               $icon = '#';
-                               break;
-                       case 1 :
-                               $icon = '*';
-                               break;
-                       case 2 :
-                               $icon = '@';
-                               break;
-               }*/
-               //echo $arr_string." = '".$icon."'\n";
-               //echo $arr_string." = '".$o->access."';";
+
                eval($arr_string." = '".$o->access."';");
        }
-       
-       return $this->folderrights;
+       return $result;
 }
 
-function update_rights($submitted,$admin_level){
-       $q = "SELECT count(*) result FROM users WHERE user_id = '".$submitted['edited_user']."' AND user_level < '".$admin_level."'";
+function give_rights($user_id, $type='folderrights') {
+       if ($type=='folderrights')
+               $this->folderrights = $this->get_rights($user_id);
+       else // $type=='userrights'
+               $this->userrights = $this->get_rights($user_id);
+}
+
+function update_rights($edited_user, $m, $admin_level) {
+       $q = "SELECT count(*) result FROM users WHERE user_id = ".(int)$edited_user." AND user_level < ".(int)$admin_level;
        $r = mysql_query($q);
        $o = mysql_fetch_object($r);
-       
-       if ($o->result){
-               foreach ($submitted[m] AS $path => $access){
-                       $p_q = "SELECT count(*) result FROM user_rights WHERE user_id = '".$submitted['edited_user']."' AND folder_path = '".$path."'";
+
+       if ($o->result) {
+               foreach ($m AS $path => $access) {
+                       $p_q = "SELECT count(*) result FROM user_rights WHERE user_id = ".(int)$edited_user." AND folder_path = '".mysql_escape_string($path)."'";
                        $p_r = mysql_query($p_q);
                        $p_o = mysql_fetch_object($p_r);
-                       if ($p_o->result == 1) mysql_query("UPDATE user_rights SET access = ".$access." WHERE folder_path = '".$path."' AND user_id = '".$submitted['edited_user']."'");
-                       if ($p_o->result == 0) mysql_query("INSERT INTO user_rights (user_id,folder_path,access) values ('".$submitted['edited_user']."','".$path."','".$access."') ");
+                       if ($p_o->result == 1)
+                               mysql_query("UPDATE user_rights SET access = ".(int)$access." WHERE folder_path = '".mysql_escape_string($path)."' AND user_id = ".(int)$edited_user);
+                       if ($p_o->result == 0)
+                               mysql_query("INSERT INTO user_rights (user_id,folder_path,access) values (".(int)$edited_user.",'".mysql_escape_string($path)."',".(int)$access.") ");
                }
        }
 }
 
 
-function show_rights_tree($path,$depth=0,$userid=0){
+function show_rights_tree($path, $depth=0, $userid=0) {
+
+       if ($userid==0)
+               return false;
+       if ($depth==0)
+               $this->give_rights($userid, 'userrights');
 
-       if ($userid==0)return false;
-       if ($depth==0)$this->give_rights($userid,'userrights');
+       // access = 0 --deny-all
+       // access = 1 --allow-dir-only
+       // access = 2 --allow-inc-subs
 
-       // access = # | 0 --deny-all
-       // access = * | 1 --allow-dir-only
-       // access = @ | 2 --allow-inc-subs
+       $layout = '';
+       $style = '';
 
-       for ($i=0;$depth > $i; $i++)$layout .= " ";
-       if ($dir = opendir($path)){
+       for ($i=0; $i<$depth; $i++)
+               $layout .= " ";
+       if ($dir = opendir($path)) {
                $layout .= "<div style='clear:both;' >\n";
-               $f=0;
-               while (false !== ($file = readdir($dir))) { $files_array[]=$file; }
-                asort($files_array);
-                foreach ($files_array as $f_index => $file)
-                {
-//             while (false !== ($file = readdir($dir))) 
-//             {                                
-                       if (($file{0} !== ".") && ($file !== "..")) 
+               $f = 0;
+               while (false !== ($file = readdir($dir))) {
+                       $files_array[] = $file;
+               }
+               asort($files_array);
+               foreach ($files_array as $f_index => $file) {
+                       if (($file{0} !== ".") && ($file !== ".."))
                        {
                                $filename = $path."/".$file;
-                               if (!is_file($filename)){if ($this->got_rights_array($filename) > 0)
-                               {
+                               if (!is_file($filename) && $this->got_rights_array($filename) > 0) {
                                        $f++;
-                                       if(substr($filename,0,strlen($this->basepath))==$this->basepath) $name=substr($filename,strlen($this->basepath));
-                                       //$check = $this->got_rights_checkbox($filename);
-                                       $check = $this->got_rights_array_admin($filename,'',0,'userrights');
-                                               $check_all = '';
-                                               $check_allow = '';
-                                               $check_deny = '';
-                                       switch($check){
+                                       if (substr($filename,0,strlen($this->basepath))==$this->basepath)
+                                               $name = substr($filename,strlen($this->basepath));
+                                       $check = $this->got_rights_array_admin($filename, $this->userrights);
+                                       $check_all = '';
+                                       $check_allow = '';
+                                       $check_deny = '';
+                                       switch($check) {
                                                case 2:
                                                        $check_all = 'checked';
                                                        break;
@@ -306,19 +325,23 @@ function show_rights_tree($path,$depth=0,$userid=0){
                                                        break;
                                        }
 
-                                       if($f==1)$style[$depth] = ".depth".$depth."{float:right;width:".(600-($depth*10))."px;border-left:2px solid #FFFFFF;border-top:1px solid #FFFFFF;background:#".dechex(14-$depth).dechex(14-$depth).dechex(14-$depth).dechex(14-$depth).dechex(14-$depth).dechex(14-$depth).";}";
-                                       if($f==1)$layout .= "<div class='depth".$depth."'>";
+                                       if ($f==1)
+                                               $style[$depth] = ".depth".$depth."{float:right;width:".(600-($depth*10))."px;border-left:2px solid #FFFFFF;border-top:1px solid #FFFFFF;background:#".dechex(14-$depth).dechex(14-$depth).dechex(14-$depth).dechex(14-$depth).dechex(14-$depth).dechex(14-$depth).";}";
+                                       if ($f==1)
+                                               $layout .= "<div class='depth".$depth."'>";
                                        $layout .= "<div class='white_border' >".$file."</div>\n";
                                        $layout .= "<div class='check_deny'><input name='m[".$name."]' value=0 type=radio ".$check_deny."></div>\n";
                                        $layout .= "<div class='check_allow'><input name='m[".$name."]' value=1 type=radio ".$check_allow."></div>\n";
                                        $layout .= "<div class='check_all'><input name='m[".$name."]' value=2 type=radio ".$check_all."></div>\n";
                                        $sub_return = $this->show_rights_tree($filename,$depth+1,$userid);
-                                       if(is_array($style) && is_array($sub_return['style']))$style = $style + $sub_return['style'];
+                                       if (is_array($style) && is_array($sub_return['style']))
+                                               $style = $style + $sub_return['style'];
                                        $layout .= $sub_return['layout'];
-                               }}
+                               }
                        }
                }
-               if($f!=0)$layout .= "</div>";
+               if ($f!=0)
+                       $layout .= "</div>";
                $layout .= "</div>\n";
        }
 
@@ -328,44 +351,36 @@ function show_rights_tree($path,$depth=0,$userid=0){
        return $return;
 }
 
-function got_rights_path($needle,$haystack){
-       
-       if(!is_array($haystack)) $haystack = $this->folderrights;
-       foreach($haystack as $v){
-               if(!is_array($v)){
-                       if($needle == $v) return true;
-               }
-               else{
-                       if(is_in_array($needle, $v, $case_sensitive) === true) return true;
-               }
-       }
-       return false;
-}
+function got_rights_array($needle, $haystack='', $c=0) {
+       // used by:
+       // - read_single_file
+       // - read_directory
+       // - show_rights_tree
 
-function got_rights_array($needle,$haystack='',$c=0,$type='folderrights'){
+       if (!is_array($haystack))
+               $haystack = $this->folderrights;
+       if (substr($needle, 0, strlen($this->basepath)) == $this->basepath)
+               $needle=substr($needle,strlen($this->basepath));
 
-       if(!is_array($haystack)) eval('$haystack = $this->'.$type.';');
-       if(substr($needle,0,strlen($this->basepath))==$this->basepath) $needle=substr($needle,strlen($this->basepath));
+       // check root rights
+       if ($needle{0} == '/' && @$haystack['__access__'] == 2 )
+               return 2;
 
-       //if($needle{0}=='.')$needle=substr($needle,strlen($this->basepath));
+       // remove leading /
+       if ($needle{0}=='/')
+               $needle = substr($needle, 1);
 
-       //check root rights
-       if($needle{0}=='/' && $haystack['__access__'] == 2 ) return 2;
-
-       //check folder tights
-       if($needle{0}=='/')$needle=substr($needle,1);
-       
-       $needle_arr = explode('/',$needle);
+       $needle_arr = explode('/', $needle);
        $n = count($needle_arr);
-       $d = $c+1;
-
-       foreach($haystack as $k => $v){
-               if($needle_arr[$c] == $k){
-                       if(!is_array($v['__access__'])){
-                               if (($v['__access__'] == '@' || $v['__access__'] == 2)                     ) return 2;
-                               if (($v['__access__'] == '*' || $v['__access__'] == 1) && $d == $n ) return 1;
-                               if (($v['__access__'] == '#' || $v['__access__'] == 0) && $d == $n ) return 0;
-                       }else{
+       $d = $c + 1;
+
+       foreach ($haystack as $k => $v) {
+               if ($needle_arr[$c] == $k) {
+                       if (!is_array(@$v['__access__'])) {
+                               if ($v['__access__'] == 2             ) return 2;
+                               if ($v['__access__'] == 1 && $d == $n ) return 1;
+                               if ($v['__access__'] == 0 && $d == $n ) return 0;
+                       } else {
                                $return = $this->got_rights_array($needle, $v, $d);
                        }
                }
@@ -373,61 +388,73 @@ function got_rights_array($needle,$haystack='',$c=0,$type='folderrights'){
        return $return;
 }
 
-function got_rights_array_admin($needle,$haystack='',$c=0,$type='folderrights'){
+function got_rights_array_admin($needle, $haystack='', $c=0) {
+       // used by:
+       // - show_rights_tree
 
-       if(!is_array($haystack)) eval('$haystack = $this->'.$type.';');
-       if(substr($needle,0,strlen($this->basepath))==$this->basepath) $needle=substr($needle,strlen($this->basepath));
-       
-       //if($needle{0}=='.')$needle=substr($needle,strlen($this->basepath));
+       if (!is_array($haystack))
+               $haystack = $this->folderrights;
+       if (substr($needle, 0, strlen($this->basepath)) == $this->basepath)
+               $needle = substr($needle, strlen($this->basepath));
 
-       //check root rights
-       if($needle{0}=='/' && $haystack['__access__'] == 2 ) return 2;
+       // check root rights
+       if ($needle{0} == '/' && @$haystack['__access__'] == 2 )
+               return 2;
 
-       //check folder rights
-       if($needle{0}=='/')$needle=substr($needle,1);
+       // remove leading /
+       if ($needle{0} == '/')
+               $needle = substr($needle, 1);
 
-       $needle_arr = explode('/',$needle);
+       $needle_arr = explode('/', $needle);
        $n = count($needle_arr);
-       $d = $c+1;
+       $d = $c + 1;
        $return = 0;
 
-       if($c < $n){
-               if($haystack['__access__'] == 2)return $haystack['__access__'];
-               if(is_array($haystack[$needle_arr[$c]]))$return = $this->got_rights_array_admin($needle, $haystack[$needle_arr[$c]], $d);
-       }else{
-               if($haystack['__access__'] > 0)$return = $haystack['__access__'];
+       if ($c < $n) {
+               if (@$haystack['__access__'] == 2)
+                       return $haystack['__access__'];
+               if (is_array($haystack[$needle_arr[$c]]))
+                       $return = $this->got_rights_array_admin($needle, $haystack[$needle_arr[$c]], $d);
+       } else {
+               if (@$haystack['__access__'] > 0)
+                       $return = $haystack['__access__'];
        }
 
        return $return;
 }
 
-function got_rights_array_recursive($needle,$haystack='',$c=0,$type='folderrights'){
+function got_rights_array_recursive($needle, $haystack='', $c=0) {
+       // used by:
+       // - read_directory, for subfolders
+
+       if (!is_array($haystack))
+               $haystack = $this->folderrights;
+       if (substr($needle, 0, strlen($this->basepath)) == $this->basepath)
+               $needle=substr($needle, strlen($this->basepath));
 
-       if(!is_array($haystack)) eval('$haystack = $this->'.$type.';');
-       if(substr($needle,0,strlen($this->basepath))==$this->basepath) $needle=substr($needle,strlen($this->basepath));
-       
-       //if($needle{0}=='.')$needle=substr($needle,strlen($this->basepath));
+       // check root rights
+       if($needle{0}=='/' && @$haystack['__access__'] == 2 )
+               return 2;
 
-       //check root rights
-       if($needle{0}=='/' && $haystack['__access__'] == 2 ) return 2;
+       // check folder rights
+       if($needle{0}=='/')
+               $needle=substr($needle,1);
 
-       //check folder rights
-       if($needle{0}=='/')$needle=substr($needle,1);
-       
-       $needle_arr = explode('/',$needle);
+       $needle_arr = explode('/', $needle);
        $n = count($needle_arr);
-       $d = $c+1;
+       $d = $c + 1;
        $return = 0;
-       
-       foreach($haystack as $k => $v){
-               if($needle_arr[$c] == $k){
-                       if($c < $n){
-                               if($v['__access__'] == 2) $return = $return + $v['__access__'];
+
+       foreach($haystack as $k => $v) {
+               if ($c < sizeof($needle_arr) && $needle_arr[$c] == $k) {
+                       if ($c < $n) {
+                               if ($v['__access__'] == 2)
+                                       $return = $return + $v['__access__'];
                                $return = $return + $this->got_rights_array_recursive($needle, $v, $d);
-                       }else{
+                       } else {
                                $return = $return + $this->in_array_recursive($v);
                        }
-               }elseif($c == $n){
+               } elseif ($c == $n) {
                        $return = $return + $v['__access__'];
                        if($k != '__access__')$return = $return + $this->in_array_recursive($v);
                }
@@ -436,37 +463,47 @@ function got_rights_array_recursive($needle,$haystack='',$c=0,$type='folderright
        return $return;
 }
 
-function in_array_recursive($haystack){
+function in_array_recursive($haystack) {
        $return = 0;
-       if (is_array($haystack))foreach ($haystack as $key1 => $value1){
-               if (is_array($value1)){
-                       $return = $return + $this->in_array_recursive($value1);
-               }
-               elseif($value1 > 0){
-                       return $value1;
+       if (is_array($haystack)) {
+               foreach ($haystack as $key1 => $value1) {
+                       if (is_array($value1)) {
+                               $return = $return + $this->in_array_recursive($value1);
+                       }
+                       elseif ($value1 > 0) {
+                               return $value1;
+                       }
                }
        }
        return $return;
 }
 
-function read_single_file($path,$file){
+function read_single_file($path, $file) {
        $filename = $path."/".$file;
-       $i=0;
-       if ($this->got_rights_array($path) > 0){
-               if (is_file($filename.'.Completed'))$file.='.Completed';
-               if (is_file($filename.'.InProgress'))$file.='.InProgress';
-               if (is_file($filename.'.Starting'))$file.='.Starting';
-               if (is_file($filename.'.Processed'))$file.='.Processed';
-               $filename = $path."/".$file;
+       $i = 0;
+       if ($this->got_rights_array($path) > 0) {
+               if (is_file($filename.'.Completed'))
+                       $file.='.Completed';
+               if (is_file($filename.'.InProgress'))
+                       $file.='.InProgress';
+               if (is_file($filename.'.Starting'))
+                       $file.='.Starting';
+               if (is_file($filename.'.Processed'))
+                       $file.='.Processed';
+               $filename = $path . "/" . $file;
                $handle = @fopen($filename, "rb");
-               if (strpos($file,'.Completed') )$ext='.Completed';
-               if (strpos($file,'.InProgress'))$ext='.InProgress';
-               if (strpos($file,'.Starting')  )$ext='.Starting';
-               if (strpos($file,'.Processed') )$ext='.Processed';
-               $sub_pos=strpos($file,$ext);
-               $base_name=substr($file,0,$sub_pos);
+               if (strpos($file,'.Completed'))
+                       $ext='.Completed';
+               if (strpos($file,'.InProgress'))
+                       $ext='.InProgress';
+               if (strpos($file,'.Starting'))
+                       $ext='.Starting';
+               if (strpos($file,'.Processed'))
+                       $ext='.Processed';
+               $sub_pos = strpos($file, $ext);
+               $base_name = substr($file, 0, $sub_pos);
                $filecontent = @fread($handle, @filesize($filename));
-               $config[$i]=explode("\r\n",$filecontent);
+               $config[$i] = explode("\r\n", $filecontent);
                /***
                *       $config:: array
                *       [0]     ->      versioncode
@@ -477,19 +514,19 @@ function read_single_file($path,$file){
                *       [5]     ->      chunkcount
                *       [6]     ->      CRC32 checksum
                ***/
-               if (@filesize($filename) > 0){
-                       $h=md5($path."/".$config[$i][2]);
-                       $this->configs[$h]=$config[$i];
-                       $this->configs[$h]['squashed']=true;
-                       $this->configs[$h]['path']=$path;
-                       $this->configs[$h]['status']=substr($ext, 1);
-                       $this->configs[$h]['mime']=$this->set_mime($this->configs[$h][2]);
-                       $this->configs[$h]['hidden']= (is_file($path.'/'.$base_name.'.hidden')) ? true : false ;
+               if (@filesize($filename) > 0) {
+                       $h = md5($path."/".$config[$i][2]);
+                       $this->configs[$h] = $config[$i];
+                       $this->configs[$h]['squashed'] = true;
+                       $this->configs[$h]['path'] = $path;
+                       $this->configs[$h]['status'] = substr($ext, 1);
+                       $this->configs[$h]['mime'] = $this->set_mime($this->configs[$h][2]);
+                       $this->configs[$h]['hidden'] = (is_file($path.'/'.$base_name.'.hidden')) ? true : false ;
                        //to prevent dates of 1-1-1970 we set te dates of the config file
                        $this->configs[$h]['added'] = filectime($filename);
                        $this->configs[$h]['lastchange'] = filemtime($filename);
                        fclose($handle);
-                       $this->populate_stats($path,$h);
+                       $this->populate_stats($path, $h);
                        //insert hash in db
                        #$this->update_hash($h,$path."/".$config[$i][2]);
                        //check stats
@@ -499,53 +536,59 @@ function read_single_file($path,$file){
 }
 
 
-function read_directory($path,$getsubs=false,$getfirstfiles=true,$getdeepfiles=true,$populate=true){
+function read_directory($path, $getsubs=false, $getfirstfiles=true, $getdeepfiles=true, $populate=true) {
 
-       if ($dir = @opendir($path)){
-               $i=0;
-               $last=1;
-               while (false !== ($file = readdir($dir))){
-                       if (($file{0} !== ".") && substr($file,0,1) !== "SQ"){
+       if ($dir = @opendir($path)) {
+               $i = 0;
+               $last = 1;
+               while (false !== ($file = readdir($dir))) {
+                       if (($file{0} !== ".") && substr($file,0,1) !== "SQ") {
                                $filename = $path."/".$file;
-                               if (!is_file($filename) && !strpos($filename,'./uploads/recieving')){
-                                       if($getsubs){
-                                               if ($this->got_rights_array_recursive($filename) > 0){
-                                                       $key = substr($path,strlen($this->basepath)) . '/' . $file;
-                                                       $this->subfolders[$key]=$file;
+                               if (!is_file($filename) && strpos($filename, './uploads/recieving')===false) {
+                                       if ($getsubs) {
+                                               if ($this->got_rights_array_recursive($filename) > 0) {
+                                                       $key = substr($path, strlen($this->basepath)) . '/' . $file;
+                                                       $this->subfolders[$key] = $file;
                                                }
                                        }
-                                       if($getdeepfiles)$this->read_directory($filename,false,$getdeepfiles,$getdeepfiles,$populate);
-                               }elseif(strpos($filename,'./uploads/ftp')){ //ftp files
-                                       if ($this->got_rights_array($path) > 0 && !strpos($filename,'.hidden') ){
-                                               $h=md5($filename);
-                                               $name_only=substr($filename,strlen($path)+1);
-                                               $file_structure=explode('.',$name_only);
-                                               $ext=array_pop($file_structure);
-                                               $base_name=array_pop($file_structure);
-                                               $this->configs[$h]['path']=$path;
-                                               $this->configs[$h][0]='manual ftp';
-                                               $this->configs[$h][2]=$name_only;
-                                               $this->configs[$h][3]=filesize($filename);
-                                               $this->configs[$h]['added']=filectime($filename);
-                                               $this->configs[$h]['lastchange']=filemtime($filename);
-                                               $this->configs[$h]['status']='unknown';
-                                               $this->configs[$h]['squashed']=false;
-                                               $this->configs[$h]['mime']=$this->set_mime($name_only);
-                                               $this->configs[$h]['hidden']= (is_file($path.'/'.$base_name.'.hidden')) ? true : false ;
+                                       if ($getdeepfiles)
+                                               $this->read_directory($filename, false, $getdeepfiles, $getdeepfiles, $populate);
+                               } elseif (strpos($filename,'./uploads/ftp')) { //ftp files
+                                       if ($this->got_rights_array($path) > 0 && !strpos($filename, '.hidden') ) {
+                                               $h = md5($filename);
+                                               $name_only = substr($filename, strlen($path)+1);
+                                               $file_structure = explode('.', $name_only);
+                                               $ext = array_pop($file_structure);
+                                               $base_name = array_pop($file_structure);
+                                               $this->configs[$h]['path'] = $path;
+                                               $this->configs[$h][0] = 'manual ftp';
+                                               $this->configs[$h][2] = $name_only;
+                                               $this->configs[$h][3] = filesize($filename);
+                                               $this->configs[$h]['added'] = filectime($filename);
+                                               $this->configs[$h]['lastchange'] = filemtime($filename);
+                                               $this->configs[$h]['status'] = 'unknown';
+                                               $this->configs[$h]['squashed'] = false;
+                                               $this->configs[$h]['mime'] = $this->set_mime($name_only);
+                                               $this->configs[$h]['hidden'] = (is_file($path.'/'.$base_name.'.hidden')) ? true : false ;
                                        }
-                               }elseif($getfirstfiles){ //squashed files
-                                       if ($this->got_rights_array($path) > 0){
-                                               if (strpos($filename,'.Completed') || strpos($filename,'.InProgress') || strpos($filename,'.Starting') || strpos($filename,'.Processed')){
+                               } elseif ($getfirstfiles) {
+                                       //squashed files
+                                       if ($this->got_rights_array($path) > 0) {
+                                               if (strpos($filename, '.Completed') || strpos($filename, '.InProgress') || strpos($filename, '.Starting') || strpos($filename, '.Processed')) {
                                                        $i++;
                                                        $handle = @fopen($filename, "rb");
-                                                       if (strpos($file,'.Completed') )$ext='.Completed';
-                                                       if (strpos($file,'.InProgress'))$ext='.InProgress';
-                                                       if (strpos($file,'.Starting')  )$ext='.Starting';
-                                                       if (strpos($file,'.Processed') )$ext='.Processed';
-                                                       $sub_pos=strpos($file,$ext);
-                                                       $base_name=substr($file,0,$sub_pos);
+                                                       if (strpos($file,'.Completed'))
+                                                               $ext='.Completed';
+                                                       if (strpos($file,'.InProgress'))
+                                                               $ext='.InProgress';
+                                                       if (strpos($file,'.Starting'))
+                                                               $ext='.Starting';
+                                                       if (strpos($file,'.Processed'))
+                                                               $ext='.Processed';
+                                                       $sub_pos = strpos($file, $ext);
+                                                       $base_name = substr($file, 0, $sub_pos);
                                                        $filecontent = @fread($handle, @filesize($filename));
-                                                       $config[$i]=explode("\r\n",$filecontent);
+                                                       $config[$i] = explode("\r\n", $filecontent);
 
                                                        /***
                                                        *       $config:: array
@@ -558,21 +601,21 @@ function read_directory($path,$getsubs=false,$getfirstfiles=true,$getdeepfiles=t
                                                        *       [6]     ->      CRC32 checksum
                                                        ***/
 
-                                                       if (@filesize($filename) > 0){
-                                                               $h=md5($path."/".$config[$i][2]);
-                                                               $this->configs[$h]=$config[$i];
-                                                               $this->configs[$h]['squashed']=true;
-                                                               $this->configs[$h]['path']=$path;
-                                                               $this->configs[$h]['status']=substr($ext, 1);
-                                                               $this->configs[$h]['mime']=$this->set_mime($this->configs[$h][2]);
-                                                               $this->configs[$h]['hidden']= (is_file($path.'/'.$base_name.'.hidden')) ? true : false ;
+                                                       if (@filesize($filename) > 0) {
+                                                               $h = md5($path."/".$config[$i][2]);
+                                                               $this->configs[$h] = $config[$i];
+                                                               $this->configs[$h]['squashed'] = true;
+                                                               $this->configs[$h]['path'] = $path;
+                                                               $this->configs[$h]['status'] = substr($ext, 1);
+                                                               $this->configs[$h]['mime'] = $this->set_mime($this->configs[$h][2]);
+                                                               $this->configs[$h]['hidden'] = (is_file($path.'/'.$base_name.'.hidden')) ? true : false ;
                                                                //to prevent dates of 1-1-1970 we set te dates of the config file
                                                                $this->configs[$h]['added'] = filectime($filename);
                                                                $this->configs[$h]['lastchange'] = filemtime($filename);
                                                                fclose($handle);
-                                                               $this->populate_stats($path,$h);
+                                                               $this->populate_stats($path, $h);
                                                                //insert hash in db
-                                                               $this->update_hash($h,$path."/".$config[$i][2]);
+                                                               $this->update_hash($h, $path."/".$config[$i][2]);
                                                                //check stats
                                                                $this->check_stats($h);
                                                        }
@@ -584,72 +627,76 @@ function read_directory($path,$getsubs=false,$getfirstfiles=true,$getdeepfiles=t
        }
 }
 
-function check_stats($h){
+function check_stats($h) {
        $config = $this->get_config($h);
        $count = @array_sum($config['stats']);
-       if ($config['status']=='Completed' && $count != $config[5]){
+       if ($config['status']=='Completed' && $count != $config[5]) {
                $filepath=$config['path'].'/'.$config[2];
-               if($this->history[$h]['completed']=="1"){
+               if ($this->history[$h]['completed']=="1") {
                        //don't display broken file, remove it instead
                        unlink($config['path'].'/'.$config[2].'.Completed');
                        unset($this->configs[$h]);
 
-                       if (!$count)$count = 0;
-                       $m_subject="Squasher Debug: File Removed";
-                       $m_body="Upload removed: \n File: ".$config['path']."/".$config[2]." \n Status: ".$config['status']." \n Chunks: ".$count." out of ".$config[5];
-                       mail('jasper@netformatie.nl',$m_subject,$m_body,"From: support@netformatie.nl");
-                       $qlog="insert into log (hash,file,action,user_id,user_name,ip,date) values ('{$h}','{$filepath}','debug','-1','squasher-web','cleanup',NOW())";
+                       if (!$count)
+                               $count = 0;
+                       $m_subject = "Squasher Debug: File Removed";
+                       $m_body = "Upload removed: \n File: ".$config['path']."/".$config[2]." \n Status: ".$config['status']." \n Chunks: ".$count." out of ".$config[5];
+                       mail('jasper@netformatie.nl', $m_subject, $m_body, "From: support@netformatie.nl");
+                       $qlog = "INSERT INTO log (hash,file,action,user_id,user_name,ip,date) VALUES ('".mysql_escape_string($h)."','".mysql_escape_string($filepath)."','debug',-1,'squasher-web','cleanup',NOW())";
                        mysql_query($qlog);
-
-               }else{
+               } else {
                        //do move
-                       rename($config['path'].'/'.$config[2].'.Completed',$config['path'].'/'.$config[2].'.InProgress');
-                       $this->configs[$h]['status']='InProgress';
+                       rename($config['path'].'/'.$config[2].'.Completed', $config['path'].'/'.$config[2].'.InProgress');
+                       $this->configs[$h]['status'] = 'InProgress';
 
                        //mail n4m
-                       if (!$count)$count = 0;
-                       $m_subject="Squasher Debug: Upload Error";
-                       $m_body="Upload error: \n File: ".$config['path']."/".$config[2]." \n Status: ".$config['status']." \n Chunks: ".$count." out of ".$config[5];
-                       mail('support@netformatie.nl',$m_subject,$m_body,"From: squasher@netformatie.nl");
-                       mail('jan@netformatie.nl',$m_subject,$m_body,"From: support@netformatie.nl");
-                       mail('joop@netformatie.nl',$m_subject,$m_body,"From: support@netformatie.nl");
-                       mail('jasper@netformatie.nl',$m_subject,$m_body,"From: support@netformatie.nl");
+                       if (!$count)
+                               $count = 0;
+                       $m_subject = "Squasher Debug: Upload Error";
+                       $m_body = "Upload error: \n File: ".$config['path']."/".$config[2]." \n Status: ".$config['status']." \n Chunks: ".$count." out of ".$config[5];
+                       mail('support@netformatie.nl', $m_subject, $m_body, "From: squasher@netformatie.nl");
+                       mail('jan@netformatie.nl', $m_subject, $m_body, "From: support@netformatie.nl");
+                       mail('joop@netformatie.nl', $m_subject, $m_body, "From: support@netformatie.nl");
+                       mail('jasper@netformatie.nl', $m_subject, $m_body, "From: support@netformatie.nl");
 
                        //do sms
                        //wget -o/dev/null "http://www.mollie.nl/xml/sms/?username=netformatie&password=SMSdolsi&originator=Netformatie&recipients=${ENGINEER}&message=${CALLERID}";
 
                        //mail RO
-                       $ship=explode('/',$config['path']);
-                       if($ship[2] == 'myas' || $ship[2] == 'myez' || $ship[2] == 'myrw')mail('ro1@'.$ship[2].'.greenpeace.org','Squasher: '.$config[2].' resume request','The squasher server has detected an upload error. Please resume the squasher transmission for '.$config[2].' to correct this problem.',"From: support@netformatie.nl\nX-Priority: 1");
+                       $ship = explode('/',$config['path']);
+                       if ($ship[2] == 'myas' || $ship[2] == 'myez' || $ship[2] == 'myrw')
+                               mail('ro1@'.$ship[2].'.greenpeace.org','Squasher: '.$config[2].' resume request','The squasher server has detected an upload error. Please resume the squasher transmission for '.$config[2].' to correct this problem.',"From: support@netformatie.nl\nX-Priority: 1");
 
-                       $qlog="insert into log (hash,file,action,user_id,user_name,ip,date) values ('{$h}','{$filepath}','debug','-1','squasher-web','retry',NOW())";
+                       $qlog = "INSERT INTO log (hash,file,action,user_id,user_name,ip,date) VALUES ('".mysql_escape_string($h)."','".mysql_escape_string($filepath)."','debug',-1,'squasher-web','retry',NOW())";
                        mysql_query($qlog);
 
                }
-       }elseif($config['status']=='Completed' && $count == $config[5]){
-               if($this->history[$h]['completed']==0)mysql_query("UPDATE file_hash SET completed = 1 WHERE md5_hash = '".$h."'");
+       } elseif ($config['status']=='Completed' && $count == $config[5]) {
+               if ($this->history[$h]['completed']==0)
+                       mysql_query("UPDATE file_hash SET completed = 1 WHERE md5_hash = '".mysql_escape_string($h)."'");
        }
 }
 
-function update_hash($hash,$path){
-       $check_hash_query="select * from file_hash where md5_hash = '".$hash."'";
-       $check_hash_result=mysql_query($check_hash_query);
-       if(mysql_num_rows($check_hash_result) == 0){
-               $insert_hash_query="INSERT INTO file_hash (md5_hash,file) values ('".$hash."','".$path."')";
+function update_hash($hash, $path) {
+       $check_hash_query = "select * from file_hash where md5_hash = '".$hash."'";
+       $check_hash_result = mysql_query($check_hash_query);
+       if(mysql_num_rows($check_hash_result) == 0) {
+               $insert_hash_query = "INSERT INTO file_hash (md5_hash,file) values ('".mysql_escape_string($hash)."','".mysql_escape_string($path)."')";
                mysql_query($insert_hash_query);
        }
 }
 
-function path_to_arraystring($path,$arrayname){
-       $path_values = explode('/',$path);
+function path_to_arraystring($path, $arrayname) {
+       $path_values = explode('/', $path);
        $return = $arrayname;
-       foreach ($path_values AS $key => $value){
-               if ($value != '.' && $value != '')$return.= "['".$value."']";
+       foreach ($path_values AS $key => $value) {
+               if ($value != '.' && $value != '')
+                       $return.= "['".$value."']";
        }
        return $return;
 }
 
-function populate_stats($path,$h){
+function populate_stats($path, $h) {
        /***
        *       $config:: array
        *       [0]     ->      versioncode
@@ -662,101 +709,105 @@ function populate_stats($path,$h){
        ***/
        $config = $this->configs[$h];
 
-       $q = "SELECT * FROM file_hash WHERE md5_hash = '{$h}'";
+       $q = "SELECT * FROM file_hash WHERE md5_hash = '".mysql_escape_string($h)."'";
        $r = mysql_query($q);
        $o = mysql_fetch_object($r);
        $validated_chunks = $o->validated_chunks;
-       
-       if($this->history[$h]['completed']=="1"){
+
+       if ($this->history[$h]['completed']=="1") {
                $file_part = $path."/SQ".zfill(1,6)."-".$config[2];
-               if (!is_file($file_part))$file_part = $path."/SQ".zfill(1,3)."-".$config[2];
-               if (is_file($file_part)){
+               if (!is_file($file_part))
+                       $file_part = $path."/SQ".zfill(1,3)."-".$config[2];
+               if (is_file($file_part)) {
                        $this->configs[$h]['added'] = filectime($file_part);
                        $file_part = $path."/SQ".zfill($config[5],6)."-".$config[2];
-                       if (!is_file($file_part))$file_part = $path."/SQ".zfill($config[5],3)."-".$config[2];
-                       if (is_file($file_part)) $this->configs[$h]['lastchange'] = filemtime($file_part);
-                       for ($i=1;$i<=$config[5];$i++) 
-                       {
-                               $this->configs[$h]['stats'][$i]="1.00";
-                       }
-               }else{
+                       if (!is_file($file_part))
+                               $file_part = $path."/SQ".zfill($config[5],3)."-".$config[2];
+                       if (is_file($file_part))
+                               $this->configs[$h]['lastchange'] = filemtime($file_part);
+                       for ($i=1; $i<=$config[5]; $i++)
+                               $this->configs[$h]['stats'][$i] = "1.00";
+               } else {
                        //failsafe voor verwijderde bestanden
-                       mysql_query("UPDATE file_hash SET completed = 0 WHERE md5_hash = '".$h."'");
+                       mysql_query("UPDATE file_hash SET completed = 0 WHERE md5_hash = '".mysql_escape_string($h)."'");
                }
-       }else{
+       } else {
                $keep_validating = true;
-               for ($i=1;$i<=$config[5];$i++){
-                       if ($validated_chunks > $i){
+               for ($i=1; $i<=$config[5]; $i++) {
+                       if ($validated_chunks > $i) {
                                $this->configs[$h]['stats'][$i]="1.00";
-                       }else{
+                       } else {
                                $file_part = $path."/SQ".zfill($i,6)."-".$config[2];
-                               if (!is_file($file_part))$file_part = $path."/SQ".zfill($i,3)."-".$config[2];
-                               if (is_file($file_part)){
+                               if (!is_file($file_part))
+                                       $file_part = $path."/SQ".zfill($i,3)."-".$config[2];
+                               if (is_file($file_part)) {
                                        $handle = fopen($file_part, "rb");
                                        $size_this = filesize($file_part);
                                        $added = filectime($file_part);
                                        $last_changed = filemtime($file_part);
-                                       if ($this->configs[$h]['added'] > $added || !is_numeric($this->configs[$h]['added'])) $this->configs[$h]['added'] = $added;
-                                       if ($this->configs[$h]['lastchange'] < $last_changed) $this->configs[$h]['lastchange'] = $last_changed;
-                                       if ($i != $config[5]){
-                                               $this->configs[$h]['stats'][$i]=number_format((1/$config[4])*$size_this, 2, '.', '');
+                                       if ($this->configs[$h]['added'] > $added || !is_numeric($this->configs[$h]['added']))
+                                               $this->configs[$h]['added'] = $added;
+                                       if ($this->configs[$h]['lastchange'] < $last_changed)
+                                               $this->configs[$h]['lastchange'] = $last_changed;
+                                       if ($i != $config[5]) {
+                                               $this->configs[$h]['stats'][$i] = number_format((1/$config[4])*$size_this, 2, '.', '');
                                        //number_format((100/$config[4])*$size_this, 2, '.', '')."%";
                                        }else{
-                                               $this->configs[$h]['stats'][$i]=number_format((1/($config[3]-($config[4]*($config[5]-1))))*$size_this, 2, '.', '');
+                                               $this->configs[$h]['stats'][$i] = number_format((1/($config[3]-($config[4]*($config[5]-1))))*$size_this, 2, '.', '');
                                                //number_format((100/($config[3]-($config[4]*($config[5]-1))))*$size_this, 2, '.', '')."%";
                                        }
                                        fclose($handle);
-                                       if ($config[4] == $size_this && $keep_validating){
+                                       if ($config[4] == $size_this && $keep_validating) {
                                                $validated_chunks = $i;
-                                       }else{
+                                       } else {
                                                $keep_validating = false;
                                        }
-                               }else{
-                                       $this->configs[$h]['stats'][$i]="0.00";
+                               } else {
+                                       $this->configs[$h]['stats'][$i] = "0.00";
                                        //$this->configs[$h]['stats'][$i]="0.00%";
-                                       
+
                                }
                        }
                }
-               mysql_query("UPDATE file_hash SET validated_chunks = '{$validated_chunks}' WHERE md5_hash = '".$h."'");
+               mysql_query("UPDATE file_hash SET validated_chunks = '".mysql_escape_string($validated_chunks)."' WHERE md5_hash = '".mysql_escape_string($h)."'");
        }
 }
 
-function read_config($path,$filename){
-               if (is_file($path."/".$filename.".InProgress")){
-                       $config_handle = fopen($path."/".$filename.".InProgress","r");
-                       $conf_path=$path."/".$filename.".InProgress";
-               }elseif (is_file($path."/".$filename.".Completed" )){
-                       $config_handle = fopen($path."/".$filename.".Completed" ,"r");
-                       $conf_path=$path."/".$filename.".Completed";
-               }elseif (is_file($path."/".$filename.".Starting" )){
-                       $config_handle = fopen($path."/".$filename.".Starting"  ,"r");
-                       $conf_path=$path."/".$filename.".Starting";
-               }elseif (is_file($path."/".$filename.".Processed" )){
-                       $config_handle = fopen($path."/".$filename.".Processed" ,"r");
-                       $conf_path=$path."/".$filename.".Processed";
-               }else{
-                       return "Not Found";
-               }
-    $config_content = fread($config_handle, filesize($conf_path));
-               fclose($config_handle);
-               $config = explode("\n",$config_content);
-               
-               return $config;
+function read_config($path, $filename) {
+       if (is_file($path."/".$filename.".InProgress")) {
+               $config_handle = fopen($path."/".$filename.".InProgress", "r");
+               $conf_path=$path."/".$filename.".InProgress";
+       } elseif (is_file($path."/".$filename.".Completed" )) {
+               $config_handle = fopen($path."/".$filename.".Completed", "r");
+               $conf_path=$path."/".$filename.".Completed";
+       } elseif (is_file($path."/".$filename.".Starting" )) {
+               $config_handle = fopen($path."/".$filename.".Starting", "r");
+               $conf_path=$path."/".$filename.".Starting";
+       } elseif (is_file($path."/".$filename.".Processed" )) {
+               $config_handle = fopen($path."/".$filename.".Processed", "r");
+               $conf_path=$path."/".$filename.".Processed";
+       } else {
+               return "Not Found";
+       }
+       $config_content = fread($config_handle, filesize($conf_path));
+       fclose($config_handle);
+       $config = explode("\n", $config_content);
+
+       return $config;
 //             print_r($config);
 /*             $file_count = $config[5];
                $last=1;
-    for ($i=1;$i<=$file_count;$i++) 
+    for ($i=1; $i<=$file_count; $i++)
     {
        $file_part = $path."/SQ".zfill($i,6)."-".$filename;
        if (is_file($file_part))
        {
-        
+
         $handle = fopen($file_part, "rb");
-        $size_this = filesize($file_part);                                     
+        $size_this = filesize($file_part);
                                //$stats[$i]=round((100/$config[4])*$size_this)."%";
-                               if ((($size_this==$config[4] && ($last+1)==$i) )|| $i == $config[5]){
-                                       $merged_file.=fread($handle, filesize($file_part));                             
+                               if ((($size_this==$config[4] && ($last+1)==$i) )|| $i == $config[5]) {
+                                       $merged_file.=fread($handle, filesize($file_part));
                                        $last = $i;
                                }
         fclose($handle);
@@ -764,12 +815,12 @@ function read_config($path,$filename){
      }
      return $merged_file;
      */
-   }
+}
 
-function print_files($path,$filename,$tovar = false){
-       if(strpos($path,'./uploads/ftp')){
-               $filestring=$path.'/'.$filename;
-               if (is_file($filestring)){
+function print_files($path, $filename, $tovar=false) {
+       if (strpos($path, './uploads/ftp')) {
+               $filestring = $path.'/'.$filename;
+               if (is_file($filestring)) {
                        $handle = fopen($filestring, "rb");
                        while (!feof($handle))
                        {
@@ -778,20 +829,20 @@ function print_files($path,$filename,$tovar = false){
                                flush();
                        }
                }
-       }else{
-               if (is_file($path."/".$filename.".InProgress")){
-                       $config_handle = fopen($path."/".$filename.".InProgress","r");
+       } else {
+               if (is_file($path."/".$filename.".InProgress")) {
+                       $config_handle = fopen($path."/".$filename.".InProgress", "r");
                        $conf_path=$path."/".$filename.".InProgress";
-               }elseif (is_file($path."/".$filename.".Completed" )){
-                       $config_handle = fopen($path."/".$filename.".Completed" ,"r");
+               } elseif (is_file($path."/".$filename.".Completed" )) {
+                       $config_handle = fopen($path."/".$filename.".Completed""r");
                        $conf_path=$path."/".$filename.".Completed";
-               }elseif (is_file($path."/".$filename.".Starting" )){
-                       $config_handle = fopen($path."/".$filename.".Starting"  ,"r");
+               } elseif (is_file($path."/".$filename.".Starting" )) {
+                       $config_handle = fopen($path."/".$filename.".Starting""r");
                        $conf_path=$path."/".$filename.".Starting";
-               }elseif (is_file($path."/".$filename.".Processed" )){
-                       $config_handle = fopen($path."/".$filename.".Processed" ,"r");
+               } elseif (is_file($path."/".$filename.".Processed" )) {
+                       $config_handle = fopen($path."/".$filename.".Processed""r");
                        $conf_path=$path."/".$filename.".Processed";
-               }else{
+               } else{
                        return "Not Found";
                }
                $config_content = fread($config_handle, filesize($conf_path));
@@ -799,21 +850,22 @@ function print_files($path,$filename,$tovar = false){
                $config = explode("\n",$config_content);
 //             print_r($config);
                $file_count = $config[5];
-               $last=0;
-               $last_part_size=( $config[3] - ( ( $config[5] -1 ) * $config[4] ) );
-               for ($i=0;$i<=$file_count;$i++) 
+               $last = 0;
+               $last_part_size = ( $config[3] - ( ( $config[5] -1 ) * $config[4] ) );
+               for ($i=0;$i<=$file_count;$i++)
                {
                        $file_part = $path."/SQ".zfill($i,6)."-".$filename;
-                       if (!is_file($file_part))$file_part = $path."/SQ".zfill($i,3)."-".$filename;
+                       if (!is_file($file_part))
+                               $file_part = $path."/SQ".zfill($i,3)."-".$filename;
                        if (is_file($file_part))
                        {
                                $handle = fopen($file_part, "rb");
                                $size_this = filesize($file_part);
-                               if ( ( ( $size_this==$config[4] ) && ( ($last+1)==$i ) ) || ( ( $i == $config[5] ) && ( $size_this==$last_part_size ) && ( ($last+1)==$i ) ) ){
-                                       if ($tovar){
+                               if ( ( ( $size_this==$config[4] ) && ( ($last+1)==$i ) ) || ( ( $i == $config[5] ) && ( $size_this==$last_part_size ) && ( ($last+1)==$i ) ) ) {
+                                       if ($tovar) {
                                                $merged_file.=fread($handle, $size_this);
                                                $last = $i;
-                                       }else{                          
+                                       } else {
                                                while (!feof($handle))
                                                {
                                                        print(fread($handle, 4096));
@@ -826,89 +878,96 @@ function print_files($path,$filename,$tovar = false){
                                fclose($handle);
                        }
                }
-               if($tovar)return $merged_file;
+               if ($tovar)
+                       return $merged_file;
        }
 }
 
-       function check_md5($h){
-               $return=false;
-               $config=$this->configs[$h];
-               $var=$this->print_files($config['path'],$config[2],true);
-               $hash=md5($var);
-               if($hash==$config[6])$return=true;
-               
-               return $return;
-       }
+function check_md5($h) {
+       $return = false;
+       $config = $this->configs[$h];
+       $var = $this->print_files($config['path'], $config[2], true);
+       $hash = md5($var);
+       if ($hash==$config[6])
+               $return=true;
+
+       return $return;
+}
 
-       function file_crc($file_string){
+function file_crc($file_string) {
        //$file_string = file_get_contents($file);
 
        $crc = crc32($file_string);
        return sprintf("%u\n", $crc);
 }
 
-       function file_crc_debug($file){
+function file_crc_debug($file) {
        $file_string = file_get_contents($file);
 
        $crc = crc32($file_string);
        return sprintf("%u\n", $crc);
 }
 
-       function delete_file($h,$s){
-               $request = $this->get_config($h);
-               if(strpos($request['path'],'./uploads/ftp')){
-                       $filepath=$request['path'].'/'.$request[2];
-                       #remove file
-                       if(is_file($filepath))                          @unlink($filepath);
-                       if(is_file($filepath.'.hidden'))        @unlink($filepath.'.hidden');
-               }else{
-                       #remove fileparts
-                       for($i=0;$i<=$request[5];$i++){
-                               $part_six   = $request['path']."/SQ".zfill($i,6)."-".$request[2];
-                               $part_three = $request['path']."/SQ".zfill($i,3)."-".$request[2];
-                               if(is_file($part_six))          @unlink($part_six);
-                               if(is_file($part_three))        @unlink($part_six);
-                       }
-                       #remove config file
-                       if(is_file($request['path'].'/'.$request[2].'.hidden'))         @unlink($request['path'].'/'.$request[2].'.hidden');
-                       if(is_file($request['path'].'/'.$request[2].'.Completed'))      @unlink($request['path'].'/'.$request[2].'.Completed');
-                       if(is_file($request['path'].'/'.$request[2].'.InProgress'))     @unlink($request['path'].'/'.$request[2].'.InProgress');
-                       if(is_file($request['path'].'/'.$request[2].'.Processed'))      @unlink($request['path'].'/'.$request[2].'.Processed');
-                       if(is_file($request['path'].'/'.$request[2].'.Starting'))       @unlink($request['path'].'/'.$request[2].'.Starting');
+function delete_file($h, $s) {
+       $request = $this->get_config($h);
+       if (strpos($request['path'], './uploads/ftp')) {
+               $filepath=$request['path'].'/'.$request[2];
+               #remove file
+               if (is_file($filepath))
+                       @unlink($filepath);
+               if (is_file($filepath.'.hidden'))
+                       @unlink($filepath.'.hidden');
+       } else {
+               #remove fileparts
+               for ($i=0;$i<=$request[5];$i++) {
+                       $part_six   = $request['path']."/SQ".zfill($i,6)."-".$request[2];
+                       $part_three = $request['path']."/SQ".zfill($i,3)."-".$request[2];
+                       if (is_file($part_six))
+                               @unlink($part_six);
+                       if (is_file($part_three))
+                               @unlink($part_six);
                }
-
-               #Update DB
-               $q="delete from file_hash where file_hash = '{$h}'";
-               mysql_query($q);
-               $q="insert into log (hash,file,action,user_id,user_name,ip,date) values ('{$h}','{$filepath}','delete','".$s['user_id']."','".$s['user_name']."','".$_SERVER[REMOTE_ADDR]."',NOW())";
-               mysql_query($q);
-
-               #Send debug mail
-               $m_name=$s['user_name'];
-               $m_subject="Squasher Debug: File Deleted by {$m_name}";
-               $m_body="File Deleted: \n Requested by: {$m_name} \n File: {$filepath}";
-               mail('jasper@netformatie.nl',$m_subject,$m_body,"From: support@netformatie.nl");
+               #remove config file
+               if (is_file($request['path'].'/'.$request[2].'.hidden'))        @unlink($request['path'].'/'.$request[2].'.hidden');
+               if (is_file($request['path'].'/'.$request[2].'.Completed'))     @unlink($request['path'].'/'.$request[2].'.Completed');
+               if (is_file($request['path'].'/'.$request[2].'.InProgress'))@unlink($request['path'].'/'.$request[2].'.InProgress');
+               if (is_file($request['path'].'/'.$request[2].'.Processed'))     @unlink($request['path'].'/'.$request[2].'.Processed');
+               if (is_file($request['path'].'/'.$request[2].'.Starting'))      @unlink($request['path'].'/'.$request[2].'.Starting');
        }
 
-       function show_files() {
+       #Update DB
+       $q = "DELETE FROM file_hash WHERE file_hash = '".mysql_escape_string($h)."'";
+       mysql_query($q);
+       $q = "INSERT INTO log (hash,file,action,user_id,user_name,ip,date) VALUES ('".mysql_escape_string($h)."','".mysql_escape_string($filepath)."','delete',".(int)$s['user_id'].",'".mysql_escape_string($s['user_name'])."','".mysql_escape_string($_SERVER['REMOTE_ADDR'])."',NOW())";
+       mysql_query($q);
+
+       #Send debug mail
+       $m_name = $s['user_name'];
+       $m_subject = "Squasher Debug: File Deleted by {$m_name}";
+       $m_body = "File Deleted: \n Requested by: {$m_name} \n File: {$filepath}";
+       mail('jasper@netformatie.nl', $m_subject, $m_body, "From: support@netformatie.nl");
+}
+
+function show_files() {
 
        $path = "./uploads/";
 
-       if ($dir = opendir($path)){
-               $i=1;
-               $last=1;
-               $files=array();
-               $files_merged=array();
-               while (false !== ($file = readdir($dir))) 
+       if ($dir = opendir($path)) {
+               $i = 1;
+               $last = 1;
+               $files = array();
+               $files_merged = array();
+               while (false !== ($file = readdir($dir)))
                {
-                       if (($file !== ".") && ($file !== "..")) 
-                       { 
+                       if (($file !== ".") && ($file !== ".."))
+                       {
                                $filename = $path.$file;
                                $handle = fopen($filename, "rb");
                                $size_this = filesize($filename);
-                               if ($i==1) $size_first = $size_this;
+                               if ($i==1)
+                                       $size_first = $size_this;
                                $filecontent = fread($handle, filesize($filename));
-                               $files[$i++]=$filename;
+                               $files[$i++] = $filename;
                                $files_merged[$file_base][]=$filename;
                                fclose($handle);
                        }
@@ -920,82 +979,82 @@ function print_files($path,$filename,$tovar = false){
        echo "</pre>";
 }
 
-       function set_mime($filename){
-               $ext_arr = explode('.',$filename);
-               $ext = strtolower(array_pop($ext_arr));
-               switch($ext){
-                       case 'avi':
-                               $mime = 'video/avi';
-                               break;
-                       case 'mpeg':
-                       case 'mpg':
-                               $mime = 'video/mpeg';                                   //MPEG Video
-                               break;
-                       case 'exe':
-                       case 'bat':
-                       case 'doc':
-                       case 'xls':
-                               $mime = 'application/octet-stream';
-                               break;
-                       case 'gif':
-                               $mime = 'image/gif';                                    //GIF Image
-                               break;
-                       case 'jpg':
-                       case 'jpeg':
-                               $mime = 'image/jpeg';                                   //JPEG Image
-                               break;
-                       case 'png':
-                               $mime = 'image/png';                                    //PNG Image
-                               break;
-                       case 'wav':
-                       case 'wave':
-                               $mime = 'audio/wav';                                    //WAV Audio
-                               break;
-                       case 'mp3':
-                               $mime = 'audio/mpeg';                                   //MP3 Audio
-                               break;
-                       case 'mov':
-                               $mime   =       'video/mov';                                    //Quicktime Video
-                               break;
-                       case 'wmv':
-                               $mime   =       'video/x-ms-wmv';                       //Windows WMV video
-                               break;
-                       case 'wma':
-                               $mime   =       'audio/x-ms-wma';                       //Windows WMA audio
-                               break;
-                       case 'rm':
-                               $mime   =       'audio/x-realaudio';    //RealPlayer Audio/Video (.rm)
-                               break;
-                       case 'ram':
-                               $mime   =       'audio/x-pn-realaudio'; //RealPlayer Audio/Video (.ram)
-                               break;
-                       case 'pdf':
-                               $mime   =       'application/pdf';              //PDF Document
-                               break;
-                       case 'doc':
-                               $mime   =       'application/msword';   //MS Word .doc file
-                               break;
-                       case 'zip':
-                               $mime   =       'application/zip';              //Zip File
-                               break;
-                       default:
-                               $mime = 'application/octet-stream';
-                               break;                          
-               }
-               //$return['mime']=$mime;
-               //$return['ext']=$ext;
-               
-               return $mime;
+function set_mime($filename) {
+       $ext_arr = explode('.', $filename);
+       $ext = strtolower(array_pop($ext_arr));
+       switch($ext) {
+               case 'avi':
+                       $mime = 'video/avi';
+                       break;
+               case 'mpeg':
+               case 'mpg':
+                       $mime = 'video/mpeg';                                   //MPEG Video
+                       break;
+               case 'exe':
+               case 'bat':
+               case 'doc':
+               case 'xls':
+                       $mime = 'application/octet-stream';
+                       break;
+               case 'gif':
+                       $mime = 'image/gif';                                    //GIF Image
+                       break;
+               case 'jpg':
+               case 'jpeg':
+                       $mime = 'image/jpeg';                                   //JPEG Image
+                       break;
+               case 'png':
+                       $mime = 'image/png';                                    //PNG Image
+                       break;
+               case 'wav':
+               case 'wave':
+                       $mime = 'audio/wav';                                    //WAV Audio
+                       break;
+               case 'mp3':
+                       $mime = 'audio/mpeg';                                   //MP3 Audio
+                       break;
+               case 'mov':
+                       $mime = 'video/mov';                                    //Quicktime Video
+                       break;
+               case 'wmv':
+                       $mime = 'video/x-ms-wmv';                       //Windows WMV video
+                       break;
+               case 'wma':
+                       $mime = 'audio/x-ms-wma';                       //Windows WMA audio
+                       break;
+               case 'rm':
+                       $mime = 'audio/x-realaudio';    //RealPlayer Audio/Video (.rm)
+                       break;
+               case 'ram':
+                       $mime = 'audio/x-pn-realaudio'; //RealPlayer Audio/Video (.ram)
+                       break;
+               case 'pdf':
+                       $mime = 'application/pdf';              //PDF Document
+                       break;
+               case 'doc':
+                       $mime = 'application/msword';   //MS Word .doc file
+                       break;
+               case 'zip':
+                       $mime = 'application/zip';              //Zip File
+                       break;
+               default:
+                       $mime = 'application/octet-stream';
+                       break;
        }
-       
-       function embed_video($h){
+       //$return['mime']=$mime;
+       //$return['ext']=$ext;
+
+       return $mime;
+}
+
+function embed_video($h) {
        /*JASPER FIX, use config->systemurl */
                ?>
       <!-- begin embedded WindowsMedia file... -->
       <table border='0' cellpadding='0' align="center">
       <tr><td>
       <OBJECT id='mediaPlayer'
-      classid='CLSID:22d6f312-b0f6-11d0-94ab-0080c74c7e95' 
+      classid='CLSID:22d6f312-b0f6-11d0-94ab-0080c74c7e95'
       codebase='http://activex.microsoft.com/activex/controls/mplayer/en/nsmp2inf.cab#Version=5,1,52,701'
       standby='Loading Microsoft Windows Media Player components...' type='application/x-oleobject'>
       <param name='fileName' value="http://master.squasher.netformatie.nl/?x=asx&f=<?=$h;?>">
@@ -1007,8 +1066,8 @@ function print_files($path,$filename,$tovar = false){
                        <param name="BufferingTime" value="3">
       <EMBED type='application/x-mplayer2'
         pluginspage='http://microsoft.com/windows/mediaplayer/en/download/'
-        id='mediaPlayer' name='mediaPlayer' autosize='1' 
-        bgcolor='darkblue' showcontrols="true" showtracker='-1' 
+        id='mediaPlayer' name='mediaPlayer' autosize='1'
+        bgcolor='darkblue' showcontrols="true" showtracker='-1'
         showdisplay='0' showstatusbar='-1' videoborder3d='-1' width='480' height='320'
         src="http://master.squasher.netformatie.nl/?x=asx&f=<?=$h;?>" autostart="true" designtimesp='5311' loop="true">
       </EMBED>
@@ -1024,13 +1083,13 @@ function print_files($path,$filename,$tovar = false){
                <?
        }
 
-       function create_playlist($h,$t='asx',$title='Title'){
-               switch ($t){
+function create_playlist($h, $t='asx', $title='Title') {
+       switch ($t) {
 
-                       case 'asx':
+               case 'asx':
 
-header('Content-Disposition: attachment; filename="stream.asx"');
-echo '<ASX version="3.0">
+                       header('Content-Disposition: attachment; filename="stream.asx"');
+                       echo '<ASX version="3.0">
 <title>Squasher Streaming Video</title>
        <Entry>
                <title>Video Stream</title>
@@ -1038,27 +1097,26 @@ echo '<ASX version="3.0">
        </Entry>
 </ASX>';
 
-                               break;
-
-                       case 'vlc':
+                       break;
 
-header('Content-Disposition: attachment; filename="stream.'.$t.'"');
-echo '#EXTM3U
+               case 'vlc':
+                       header('Content-Disposition: attachment; filename="stream.'.$t.'"');
+                       echo '#EXTM3U
 #EXTINF:-1,Squasher Streaming Video - '.$title.'
 http://master.squasher.netformatie.nl/?a=x&f='.$h.'';
-                       
-                               break;
 
-                       case 'm3u':
-                       default:
+                       break;
 
-header('Content-Disposition: attachment; filename="stream.m3u"');
-echo '#EXTM3U
+               case 'm3u':
+               default:
+                       header('Content-Disposition: attachment; filename="stream.m3u"');
+                       echo '#EXTM3U
 #EXTINF:-1,Squasher Streaming Video - '.$title.'
 http://master.squasher.netformatie.nl/?a=x&f='.$h.'';
-                       
-                               break;
+
+                       break;
                }
        }
 }
+// vim: syntax=php ts=4 sw=4 sts=4 sr noet
 ?>