X-Git-Url: https://git.nirgal.com/?p=squasher.git;a=blobdiff_plain;f=squasher.php;h=c403e9dab07b1b4a36be0b4d37cafec8ef9d234b;hp=658d888d50abec58d3f0f49f0c188f0bfa2ac562;hb=be62fed61f1c38ac1a023d90646ab6e17c7a0b92;hpb=de51d17e026e69a9070992d125ae85730815574f

diff --git a/squasher.php b/squasher.php
index 658d888..c403e9d 100644
--- a/squasher.php
+++ b/squasher.php
@@ -1,5 +1,6 @@
-<?
-if (!$_SESSION[creds][validated] && !isset($_GET['f']))exit();
+<?php
+if (!$_SESSION['creds']['validated'] && !isset($_GET['f']))
+	exit();
 
 require_once("squasher.class.php");
 
@@ -9,173 +10,183 @@ $squashweb->update_history();
 
 //set root directory
 $basedir = "../uploads";
-if (isset($_GET['path']) && $_GET['path']!=NULL && strlen($_GET['path'])!=1){
+if (isset($_GET['path']) && $_GET['path']!=NULL && strlen($_GET['path'])!=1) {
 	$subf = $_GET['path'];
 	$path = $basedir . $subf;
-}
-else{
+} else {
+	$subf = '/';
 	$path = $basedir;
 }
+
 $squashweb->set_root($basedir);
 
-if ((isset($_GET['f']) && $_GET['f']!=NULL) || (isset($_GET['d']) && $_GET['d']!=NULL) || $_GET['show_all']==true || $_GET['tools']=='hide' || $_GET['tools']=='unhide' || $_GET['tools']=='delete'){
+if (@$_GET['f'] || @$_GET['d']  || @$_GET['show_all']==true || @$_GET['tools']=='hide' || @$_GET['tools']=='unhide' || @$_GET['tools']=='delete') {
 	$getdeepfiles=true;
 	$populate=false;
-}else{
+} else {
 	$getdeepfiles=false;
 	$populate=true;
 }
 
-//update folder rights if form is submitted
-if($submitted['edited_user'] > 0 && $submitted['formtype'] == 'folderrights') $squashweb->update_rights($submitted,$_SESSION[creds][user_level]);
+//update folder rights if form is posted
+if (@$_POST['edited_user'] > 0 && @$_POST['formtype'] == 'folderrights')
+	$squashweb->update_rights($_POST['edited_user'], $_POST['m'], $_SESSION['creds']['user_level']);
 
 //set folder rights
-if (isset($_GET['f']) && $_GET['f']!=NULL){
-	$squashweb->give_rights(0);
-}else{
-	$squashweb->give_rights($_SESSION[creds][user_id]);
+if (@$_GET['f']) {
+	$squashweb->give_rights(2);
+} else {
+	$squashweb->give_rights($_SESSION['creds']['user_id']);
 }
 
-if (isset($_GET['f']) && $_GET['f']!=NULL){
-	$f_q = "SELECT * FROM file_hash WHERE md5_hash = '".$_GET['f']."'";
+if (@$_GET['f']) {
+	$f_q = "SELECT * FROM file_hash WHERE md5_hash = '".mysql_escape_string($_GET['f'])."'";
 	$f_r = mysql_query($f_q);
 	$f_o = mysql_fetch_object($f_r);
 
 	//log downloads
-	@mysql_query("INSERT INTO log (hash,file,action,user_id,user_name,ip,date) VALUES ('".$_GET['f']."','{$f_o->file}','download','".$_SESSION[creds][user_id]."','".$_SESSION[creds][user_name]."','".$_SERVER[REMOTE_ADDR]."',NOW())");
+	@mysql_query("INSERT INTO log (hash,file,action,user_id,user_name,ip,date) VALUES ('".mysql_escape_string($_GET['f'])."','".mysql_escape_string($f_o->file)."','download','".mysql_escape_string($_SESSION['creds']['user_id'])."','".mysql_escape_string($_SESSION['creds']['user_name'])."','".mysql_escape_string($_SERVER['REMOTE_ADDR'])."',NOW())");
 
-	$_hpath_arr=explode("/",$f_o->file);
+	$_hpath_arr=explode("/", $f_o->file);
 	$file=array_pop($_hpath_arr); //Remove filename
-	$path=implode("/",$_hpath_arr);
-	$squashweb->read_single_file($path,$file);
-	#$squashweb->read_directory($path,false,true,false,false);
-}else{
+	$path=implode("/", $_hpath_arr);
+	$squashweb->read_single_file($path, $file);
+	#$squashweb->read_directory($path, false, true, false, false);
+} else {
 	//parse folders for readable files
-	$squashweb->read_directory($path,true,true,$getdeepfiles,$populate);
+	$squashweb->read_directory($path, true, true, $getdeepfiles, $populate);
 }
 
 //check if a file is requested
-if (isset($_GET['f']) && $_GET['f']!=NULL){
+if (@$_GET['f']) {
 	//get the config of requested file
 	$request = $squashweb->get_config($_GET['f']);
-	
+
 	//------------------------------------
 	//-check-file-and-request-type--start-
 	//------------------------------------
-	if (strpos($request['mime'],'ideo') && isset($_GET['d'])){ //embed video
-		$squashweb->embed_video($_GET['f']);	
+	if (strpos($request['mime'],'ideo') && isset($_GET['d'])) { //embed video
+		$squashweb->embed_video($_GET['f']);
 	}
-	elseif (strpos($request['mime'],'ideo') && isset($_GET['x'])){	//show stream playlist
+	elseif (strpos($request['mime'],'ideo') && isset($_GET['x'])) {	//show stream playlist
 		$squashweb->create_playlist($_GET['f'],$_GET['x'],$request[2]);
 	}
-	else{	//show requested file
+	else {	//show requested file
 	#	header('Cache-control: private');
 		header('Content-Disposition: attachment; filename="'.$request[2].'"');
 		header("Content-Type: ".$request['mime']);
-		if($request[3])header('Content-Length: '.$request[3]);
+		if ($request[3])header('Content-Length: '.$request[3]);
 		#@ob_flush();
 		@flush();
-		$squashweb->print_files($request['path'],$request[2]);
+		$squashweb->print_files($request['path'], $request[2]);
 	}
 	//---------------------------------
 	//-check-file-and-request-type-end-
 	//---------------------------------
 
-}elseif ($tools=="hide" && isset($_GET['h'])){
-	if ($_SESSION[creds][user_level] > 99){
+} elseif (@$_GET['tools']=="hide" && @$_GET['h']) {
+	if ($_SESSION['creds']['user_level'] > 99) {
 		$request = $squashweb->get_config($_GET['h']);
 		$handle = fopen($request['path'].'/'.$request[2].'.hidden', 'x');
-		fwrite($handle, 'hidden by '.$_SESSION[creds][user_name]);
+		fwrite($handle, 'hidden by '.$_SESSION['creds']['user_name']);
 		fclose($handle);
-		$path=substr($request['path'],strlen($basedir));
+		$path=substr($request['path'], strlen($basedir));
 		header( 'Location: '.$_SERVER['PHP_SELF'].'?path='.$path) ;
 	}
-}elseif ($tools=="unhide" && isset($_GET['h'])){
-	if ($_SESSION[creds][user_level] > 99){
+} elseif (@$_GET['tools']=="unhide" && isset($_GET['h'])) {
+	if ($_SESSION['creds']['user_level'] > 99) {
 		$request = $squashweb->get_config($_GET['h']);
 		@unlink($request['path'].'/'.$request[2].'.hidden');
-		$path=substr($request['path'],strlen($basedir));
+		$path=substr($request['path'], strlen($basedir));
 		header( 'Location: '.$_SERVER['PHP_SELF'].'?path='.$path) ;
 	}
-}elseif ($tools=="delete" && isset($_GET['h'])){
-	if ($_SESSION[creds][user_level] > 99){
-		if ($_GET['h'] == "multiple"){
+} elseif (@$_GET['tools']=="delete" && isset($_GET['h'])) {
+	if ($_SESSION['creds']['user_level'] > 99) {
+		if ($_GET['h'] == "multiple") {
 			$h_post = $_POST['h'];
-			foreach ($h_post as $h_key => $h){
+			foreach ($h_post as $h_key => $h) {
 				$request = $squashweb->get_config($h);
-				$squashweb->delete_file($h,$_SESSION[creds]);
+				$squashweb->delete_file($h, $_SESSION['creds']);
 			}
-		}else{
+		} else {
 			$h = $_GET['h'];
 			$request = $squashweb->get_config($h);
-			$squashweb->delete_file($h,$_SESSION[creds]);
+			$squashweb->delete_file($h, $_SESSION['creds']);
 		}
-		$path=substr($request['path'],strlen($basedir));
+		$path=substr($request['path'], strlen($basedir));
 		header( 'Location: '.$_SERVER['PHP_SELF'].'?path='.$path);
 	}
-}elseif ($_GET['tools']=='access' && $_SESSION[creds][user_level] > 100){
-
-require_once("smarty/Smarty.class.php");
-
-$smarty = new Smarty;
-
-	$smarty->assign('user_level',$_SESSION[creds][user_level]);
-	$smarty->assign('user_name',$_SESSION[creds][user_name]);
-	$smarty->assign('users',$squashweb->get_users($_SESSION[creds][user_level]));
-
-	$smarty->assign('edited_user',$_GET['user']);
-	
-	$tree = $squashweb->show_rights_tree($path,0,$_GET['user']);
-	
-	$smarty->assign('style',$tree[style]);
-	$smarty->assign('layout',$tree[layout]);
-	
-	$smarty->assign('debug',$vars[debug]);
-	$smarty->assign('folderrights',$squashweb->folderrights());
-	$smarty->assign('userrights',$squashweb->userrights());
+} elseif (@$_GET['tools']=='access' && $_SESSION['creds']['user_level'] > 100) {
+
+	require_once(SQUASHER_SMARTY);
+
+	$smarty = new Smarty;
+
+	$smarty->assign('user_level', $_SESSION['creds']['user_level']);
+	$smarty->assign('user_name', $_SESSION['creds']['user_name']);
+	$smarty->assign('users', $squashweb->get_users($_SESSION['creds']['user_level']));
+
+	$smarty->assign('edited_user', @$_GET['user']);
+
+	$tree = $squashweb->show_rights_tree($path, 0, @$_GET['user']);
+
+	$smarty->assign('style', $tree['style']);
+	$smarty->assign('layout', $tree['layout']);
+
+	$smarty->assign('debug', @$_GET['debug']);
+	$smarty->assign('folderrights', $squashweb->folderrights());
+	$smarty->assign('userrights', $squashweb->userrights());
 	$smarty->display('admin.tpl');
-	
-}elseif ($_GET['tools']=='users' && $_SESSION[creds][user_level] > 100){
 
-if ($submitted[type]=="update"){$squashweb->update_users($submitted);}
-if ($submitted[type]=="disable"){$squashweb->disable_users($submitted);}
-if ($submitted[type]=="delete"){$squashweb->remove_users($submitted);}
-if ($submitted[type]=="new"){$squashweb->insert_users($submitted,$_SESSION[creds][user_level]);}
-require_once("smarty/Smarty.class.php");
+} elseif (@$_GET['tools']=='users' && $_SESSION['creds']['user_level'] > 100) {
+	$type = @$_POST['type'];
+	if ($type=="update")
+		$squashweb->update_users($_POST['u']);
+	if ($type=="disable")
+		$squashweb->disable_users($_POST['u']);
+	if ($type=="delete")
+		$squashweb->remove_users($_POST['u']);
+	if ($type=="new")
+		$squashweb->insert_users($_POST['u'], $_SESSION['creds']['user_level']);
+	require_once(SQUASHER_SMARTY);
 
-$smarty = new Smarty;
+	$smarty = new Smarty;
 
-	$smarty->assign('user_level',$_SESSION[creds][user_level]);
-	$smarty->assign('user_name',$_SESSION[creds][user_name]);
-	$smarty->assign('users',$squashweb->get_users($_SESSION[creds][user_level]));
+	$smarty->assign('user_level', $_SESSION['creds']['user_level']);
+	$smarty->assign('user_name', $_SESSION['creds']['user_name']);
+	$smarty->assign('users', $squashweb->get_users($_SESSION['creds']['user_level']));
 
-	if ($_SESSION[creds][user_level] > 199){
-	$smarty->assign('user_levels', array(155 => 'admin' , 55 => 'user' ) );
-	}else{
-	$smarty->assign('user_levels', array(55 => 'user' ) );
+	if ($_SESSION['creds']['user_level'] > 199) {
+		$smarty->assign('user_levels', array(155 => 'admin' , 55 => 'user' ) );
+	} else {
+		$smarty->assign('user_levels', array(55 => 'user' ) );
 	}
-	$smarty->assign('debug',$vars[debug]);
+	$smarty->assign('debug', @$_GET['debug']);
 
 	$smarty->display('udmin.tpl');
 
-}elseif ($_GET['tools']=='logs' && $_SESSION[creds][user_level] > 100){
-	$logtype=($_GET['logtype']) ? $_GET['logtype'] : 'all';
-	require_once("smarty/Smarty.class.php");
+} elseif (@$_GET['tools']=='logs' && $_SESSION['creds']['user_level'] > 100) {
+	$logtype=@$_GET['logtype'];
+	if (!$logtype)
+		$logtype = 'all';
+	require_once(SQUASHER_SMARTY);
 
 	$smarty = new Smarty;
 
-	$smarty->assign('user_level',$_SESSION[creds][user_level]);
-	$smarty->assign('user_name',$_SESSION[creds][user_name]);
-	$smarty->assign('logtype',$logtype);
-	$smarty->assign('logs',$squashweb->get_logs($logtype));
+	$smarty->assign('user_level', $_SESSION['creds']['user_level']);
+	$smarty->assign('user_name', $_SESSION['creds']['user_name']);
+	$smarty->assign('logtype', $logtype);
+	$smarty->assign('logs', $squashweb->get_logs($logtype));
 
+	$smarty->assign('debug', @$_GET['debug']);
 	$smarty->display('logs.tpl');
 
-}else{	//show overview
+} else {
+	//show overview
 
-require_once("smarty/Smarty.class.php");
+	require_once(SQUASHER_SMARTY);
 
-$smarty = new Smarty;
+	$smarty = new Smarty;
 
 	/***
 	*	$config:: array
@@ -187,70 +198,78 @@ $smarty = new Smarty;
 	*	[5]	->	chunkcount
 	*	[6]	->	CRC32 checksum
 	***/
-	
-$configs_num = $squashweb->get_configs();
-
-$configs_sorted = named_records_sort($configs_num,'lastchange',true);
-
-foreach ($configs_sorted AS $key => $value){
-	$configs[$key]['squashed'] = $value['squashed'];
-	$configs[$key]['version'] = $value[0];
-	//$configs[$key]['date'] = $value[1]; //removed because user local creation date is irrelevant
-	$configs[$key]['name'] = $value[2];
-	$configs[$key]['size'] = $value[3];
-	$configs[$key]['chunk_size'] = $value[4];
-	$configs[$key]['chunks'] = $value[5];
-	$configs[$key]['crc'] = $value[6];
-	$paths[substr($value['path'], strlen($basedir))]=array_pop(explode('/',$value['path']));
-	(strpos($value['mime'],'ideo')) ? $embedable=true : $embedable=false; 	
-	(@array_sum($value['stats']) == $value[5]) ? $finished=true : $finished=false;
-
-	$configs[$key]['embedable'] = $embedable;
-	$configs[$key]['finished'] = $finished;
-	$configs[$key]['mime'] = $value['mime'];
-	$configs[$key]['status'] = $value['status'];
-	$configs[$key]['hidden'] = $value['hidden'];
-	$configs[$key]['chunks_finished'] = @array_sum($value['stats']);
-	if($finished){
-		$configs[$key]['chunks_partial'] = $configs[$key]['chunks_finished'];
-	}else{
-		$continue=true;
-		foreach($value['stats'] AS $sk => $sv){
-			if($continue){
-				$configs[$key]['chunks_partial']=$configs[$key]['chunks_partial']+$sv;
-				if($sv != '1.00')$continue=false;
+
+	$configs_num = $squashweb->get_configs();
+
+	$configs_sorted = named_records_sort($configs_num, 'lastchange', true);
+
+	$configs = array();
+	$paths = array();
+
+	foreach ($configs_sorted as $key => $value) {
+		$configs[$key]['squashed'] = $value['squashed'];
+		$configs[$key]['version'] = $value[0];
+		//$configs[$key]['date'] = $value[1]; //removed because user local creation date is irrelevant
+		$configs[$key]['name'] = $value[2];
+		$configs[$key]['size'] = $value[3];
+		$configs[$key]['chunk_size'] = $value[4];
+		$configs[$key]['chunks'] = $value[5];
+		$configs[$key]['crc'] = $value[6];
+		$paths[substr($value['path'], strlen($basedir))]=array_pop(explode('/',$value['path']));
+		(strpos($value['mime'],'ideo')) ? $embedable=true : $embedable=false;
+		(@array_sum($value['stats']) == $value[5]) ? $finished=true : $finished=false;
+
+		$configs[$key]['embedable'] = $embedable;
+		$configs[$key]['finished'] = $finished;
+		$configs[$key]['mime'] = $value['mime'];
+		$configs[$key]['status'] = $value['status'];
+		$configs[$key]['hidden'] = $value['hidden'];
+		$configs[$key]['chunks_finished'] = @array_sum($value['stats']);
+		if ($finished) {
+			$configs[$key]['chunks_partial'] = $configs[$key]['chunks_finished'];
+		} else {
+			$continue = true;
+			foreach($value['stats'] as $sk => $sv) {
+				if ($continue) {
+					$configs[$key]['chunks_partial'] = $configs[$key]['chunks_partial']+$sv;
+					if ($sv != '1.00') $continue=false;
+				}
 			}
 		}
+		$configs[$key]['date'] = date('d.m.y - H:i:s - T', $value['added']);
+		$configs[$key]['lastchange'] = date('d.m.y - H:i:s - T', $value['lastchange']);
 	}
-	$configs[$key]['date'] = date('d.m.y - H:i:s - T',$value['added']);
-	$configs[$key]['lastchange'] = date('d.m.y - H:i:s - T',$value['lastchange']);
-}
 
 
-//set base folders
-	$basepath['/']='&nbsp;top&nbsp;';
-foreach (explode('/',$subf) AS $key => $value){
-	if ($value != ''){
-		$bpath.='/'.$value;
-		$basepath[$bpath]=$value;
+	//set base folders
+	$basepath['/'] = '&nbsp;top&nbsp;';
+	$bpath = '';
+	foreach (explode('/', $subf) as $key => $value) {
+		if ($value != '') {
+			$bpath .= '/'.$value;
+			$basepath[$bpath] = $value;
+		}
 	}
-}
-$smarty->assign('debug',$vars[debug]);
-$smarty->assign('user_level',$_SESSION[creds][user_level]);
-$smarty->assign('user_name',$_SESSION[creds][user_name]);
-$smarty->assign('folderrights',$squashweb->folderrights());
-
-$smarty->assign('squashed',$configs);
-$smarty->assign('paths',$paths);
-$smarty->assign('base',$basepath);
-$smarty->assign('currentfolder',$subf);
-$subs = $squashweb->subfolders();
-asort($subs);
-$smarty->assign('subfolders',$subs);
-
-//if($vars[debug])print_r($configs);
-if(!$vars[newtpl])$smarty->display('index.tpl'); //Display normal template
-if($vars[newtpl])$smarty->display('wip_massdelete.tpl'); //Display Work In Progress template
+	$smarty->assign('debug', @$_GET['debug']);
+	$smarty->assign('user_level', $_SESSION['creds']['user_level']);
+	$smarty->assign('user_name', $_SESSION['creds']['user_name']);
+	$smarty->assign('folderrights', $squashweb->folderrights());
+
+	$smarty->assign('squashed', $configs);
+	$smarty->assign('paths', $paths);
+	$smarty->assign('base', $basepath);
+	$smarty->assign('currentfolder', $subf);
+	$subs = $squashweb->subfolders();
+	if ($subs)
+		asort($subs);
+	$smarty->assign('subfolders', $subs);
+
+	//if(@$_GET[debug]) print_r($configs);
+	if (!@$_GET['newtpl'])
+		$smarty->display('index.tpl'); //Display normal template
+	else
+		$smarty->display('wip_massdelete.tpl'); //Display Work In Progress template
 
 }
+// vim: syntax=php ts=4 sw=4 sts=4 sr noet
 ?>