X-Git-Url: https://git.nirgal.com/?p=squasher.git;a=blobdiff_plain;f=squasher.php;h=cfd2ade437535c65a6b34a9e17e4b7b2a56e46af;hp=bcd64a198cee433d5c9ee581d4bc67db5e824705;hb=a588460e07961ca2386becd30723f1701eab23af;hpb=0734b6f963e78531463fd66c7b9890fac36821d5 diff --git a/squasher.php b/squasher.php index bcd64a1..cfd2ade 100644 --- a/squasher.php +++ b/squasher.php @@ -14,12 +14,13 @@ if (isset($_GET['path']) && $_GET['path']!=NULL && strlen($_GET['path'])!=1) { $subf = $_GET['path']; $path = $basedir . $subf; } else { + $subf = '/'; $path = $basedir; } $squashweb->set_root($basedir); -if ((isset($_GET['f']) && $_GET['f']!=NULL) || (isset($_GET['d']) && $_GET['d']!=NULL) || $_GET['show_all']==true || $_GET['tools']=='hide' || $_GET['tools']=='unhide' || $_GET['tools']=='delete') { +if (@$_GET['f'] || @$_GET['tools']=='hide' || @$_GET['tools']=='unhide' || @$_GET['tools']=='delete') { $getdeepfiles=true; $populate=false; } else { @@ -27,24 +28,24 @@ if ((isset($_GET['f']) && $_GET['f']!=NULL) || (isset($_GET['d']) && $_GET['d']! $populate=true; } -//update folder rights if form is submitted -if ($submitted['edited_user'] > 0 && $submitted['formtype'] == 'folderrights') - $squashweb->update_rights($submitted,$_SESSION['creds']['user_level']); +//update folder rights if form is posted +if (@$_POST['edited_user'] > 0 && @$_POST['formtype'] == 'folderrights') + $squashweb->update_rights($_POST['edited_user'], $_POST['m'], $_SESSION['creds']['user_level']); //set folder rights -if (isset($_GET['f']) && $_GET['f']!=NULL) { +if (@$_GET['f']) { $squashweb->give_rights(2); } else { $squashweb->give_rights($_SESSION['creds']['user_id']); } -if (isset($_GET['f']) && $_GET['f']!=NULL) { - $f_q = "SELECT * FROM file_hash WHERE md5_hash = '".$_GET['f']."'"; +if (@$_GET['f']) { + $f_q = "SELECT * FROM file_hash WHERE md5_hash = '".mysql_escape_string($_GET['f'])."'"; $f_r = mysql_query($f_q); $f_o = mysql_fetch_object($f_r); //log downloads - @mysql_query("INSERT INTO log (hash,file,action,user_id,user_name,ip,date) VALUES ('".$_GET['f']."','{$f_o->file}','download','".$_SESSION['creds']['user_id']."','".$_SESSION['creds']['user_name']."','".$_SERVER['REMOTE_ADDR']."',NOW())"); + @mysql_query("INSERT INTO log (hash,file,action,user_id,user_name,ip,date) VALUES ('".mysql_escape_string($_GET['f'])."','".mysql_escape_string($f_o->file)."','download','".mysql_escape_string($_SESSION['creds']['user_id'])."','".mysql_escape_string($_SESSION['creds']['user_name'])."','".mysql_escape_string($_SERVER['REMOTE_ADDR'])."',NOW())"); $_hpath_arr=explode("/", $f_o->file); $file=array_pop($_hpath_arr); //Remove filename @@ -57,33 +58,21 @@ if (isset($_GET['f']) && $_GET['f']!=NULL) { } //check if a file is requested -if (isset($_GET['f']) && $_GET['f']!=NULL) { +if (@$_GET['f']) { //get the config of requested file $request = $squashweb->get_config($_GET['f']); - //------------------------------------ - //-check-file-and-request-type--start- - //------------------------------------ - if (strpos($request['mime'],'ideo') && isset($_GET['d'])) { //embed video - $squashweb->embed_video($_GET['f']); - } - elseif (strpos($request['mime'],'ideo') && isset($_GET['x'])) { //show stream playlist - $squashweb->create_playlist($_GET['f'],$_GET['x'],$request[2]); - } - else { //show requested file - # header('Cache-control: private'); - header('Content-Disposition: attachment; filename="'.$request[2].'"'); - header("Content-Type: ".$request['mime']); - if ($request[3])header('Content-Length: '.$request[3]); - #@ob_flush(); - @flush(); - $squashweb->print_files($request['path'], $request[2]); - } - //--------------------------------- - //-check-file-and-request-type-end- - //--------------------------------- - -} elseif ($tools=="hide" && isset($_GET['h'])) { + //show requested file + #header('Cache-control: private'); + header('Content-Disposition: attachment; filename="'.$request[2].'"'); + header("Content-Type: ".$request['mime']); + if ($request[3]) + header('Content-Length: '.$request[3]); + #@ob_flush(); + @flush(); + $squashweb->print_files($request['path'], $request[2]); + +} elseif (@$_GET['tools']=="hide" && @$_GET['h']) { if ($_SESSION['creds']['user_level'] > 99) { $request = $squashweb->get_config($_GET['h']); $handle = fopen($request['path'].'/'.$request[2].'.hidden', 'x'); @@ -92,14 +81,14 @@ if (isset($_GET['f']) && $_GET['f']!=NULL) { $path=substr($request['path'], strlen($basedir)); header( 'Location: '.$_SERVER['PHP_SELF'].'?path='.$path) ; } -} elseif ($tools=="unhide" && isset($_GET['h'])) { +} elseif (@$_GET['tools']=="unhide" && isset($_GET['h'])) { if ($_SESSION['creds']['user_level'] > 99) { $request = $squashweb->get_config($_GET['h']); @unlink($request['path'].'/'.$request[2].'.hidden'); $path=substr($request['path'], strlen($basedir)); header( 'Location: '.$_SERVER['PHP_SELF'].'?path='.$path) ; } -} elseif ($tools=="delete" && isset($_GET['h'])) { +} elseif (@$_GET['tools']=="delete" && isset($_GET['h'])) { if ($_SESSION['creds']['user_level'] > 99) { if ($_GET['h'] == "multiple") { $h_post = $_POST['h']; @@ -117,7 +106,7 @@ if (isset($_GET['f']) && $_GET['f']!=NULL) { } } elseif (@$_GET['tools']=='access' && $_SESSION['creds']['user_level'] > 100) { - require_once("smarty/Smarty.class.php"); + require_once(SQUASHER_SMARTY); $smarty = new Smarty; @@ -125,29 +114,29 @@ if (isset($_GET['f']) && $_GET['f']!=NULL) { $smarty->assign('user_name', $_SESSION['creds']['user_name']); $smarty->assign('users', $squashweb->get_users($_SESSION['creds']['user_level'])); - $smarty->assign('edited_user', $_GET['user']); + $smarty->assign('edited_user', @$_GET['user']); - $tree = $squashweb->show_rights_tree($path, 0, $_GET['user']); + $tree = $squashweb->show_rights_tree($path, 0, @$_GET['user']); $smarty->assign('style', $tree['style']); $smarty->assign('layout', $tree['layout']); - $smarty->assign('debug', $vars['debug']); + $smarty->assign('debug', @$_GET['debug']); $smarty->assign('folderrights', $squashweb->folderrights()); $smarty->assign('userrights', $squashweb->userrights()); $smarty->display('admin.tpl'); } elseif (@$_GET['tools']=='users' && $_SESSION['creds']['user_level'] > 100) { - - if ($submitted['type']=="update") - $squashweb->update_users($submitted); - if ($submitted['type']=="disable") - $squashweb->disable_users($submitted); - if ($submitted['type']=="delete") - $squashweb->remove_users($submitted); - if ($submitted['type']=="new") - $squashweb->insert_users($submitted, $_SESSION['creds']['user_level']); - require_once("smarty/Smarty.class.php"); + $type = @$_POST['type']; + if ($type=="update") + $squashweb->update_users($_POST['u']); + if ($type=="disable") + $squashweb->disable_users($_POST['u']); + if ($type=="delete") + $squashweb->remove_users($_POST['u']); + if ($type=="new") + $squashweb->insert_users($_POST['u'], $_SESSION['creds']['user_level']); + require_once(SQUASHER_SMARTY); $smarty = new Smarty; @@ -160,13 +149,15 @@ if (isset($_GET['f']) && $_GET['f']!=NULL) { } else { $smarty->assign('user_levels', array(55 => 'user' ) ); } - $smarty->assign('debug',$vars['debug']); + $smarty->assign('debug', @$_GET['debug']); $smarty->display('udmin.tpl'); -} elseif ($_GET['tools']=='logs' && $_SESSION['creds']['user_level'] > 100) { - $logtype=($_GET['logtype']) ? $_GET['logtype'] : 'all'; - require_once("smarty/Smarty.class.php"); +} elseif (@$_GET['tools']=='logs' && $_SESSION['creds']['user_level'] > 100) { + $logtype=@$_GET['logtype']; + if (!$logtype) + $logtype = 'all'; + require_once(SQUASHER_SMARTY); $smarty = new Smarty; @@ -175,12 +166,13 @@ if (isset($_GET['f']) && $_GET['f']!=NULL) { $smarty->assign('logtype', $logtype); $smarty->assign('logs', $squashweb->get_logs($logtype)); + $smarty->assign('debug', @$_GET['debug']); $smarty->display('logs.tpl'); } else { //show overview - require_once("smarty/Smarty.class.php"); + require_once(SQUASHER_SMARTY); $smarty = new Smarty; @@ -199,6 +191,9 @@ if (isset($_GET['f']) && $_GET['f']!=NULL) { $configs_sorted = named_records_sort($configs_num, 'lastchange', true); + $configs = array(); + $paths = array(); + foreach ($configs_sorted as $key => $value) { $configs[$key]['squashed'] = $value['squashed']; $configs[$key]['version'] = $value[0]; @@ -236,13 +231,14 @@ if (isset($_GET['f']) && $_GET['f']!=NULL) { //set base folders $basepath['/'] = ' top '; - foreach (explode('/',$subf) as $key => $value) { + $bpath = ''; + foreach (explode('/', $subf) as $key => $value) { if ($value != '') { $bpath .= '/'.$value; $basepath[$bpath] = $value; } } - $smarty->assign('debug', $vars['debug']); + $smarty->assign('debug', @$_GET['debug']); $smarty->assign('user_level', $_SESSION['creds']['user_level']); $smarty->assign('user_name', $_SESSION['creds']['user_name']); $smarty->assign('folderrights', $squashweb->folderrights()); @@ -252,14 +248,12 @@ if (isset($_GET['f']) && $_GET['f']!=NULL) { $smarty->assign('base', $basepath); $smarty->assign('currentfolder', $subf); $subs = $squashweb->subfolders(); - asort($subs); + if ($subs) + asort($subs); $smarty->assign('subfolders', $subs); - //if($vars[debug])print_r($configs); - if (!$vars['newtpl']) - $smarty->display('index.tpl'); //Display normal template - if ($vars['newtpl']) - $smarty->display('wip_massdelete.tpl'); //Display Work In Progress template + //if(@$_GET[debug]) print_r($configs); + $smarty->display('index.tpl'); //Display normal template } // vim: syntax=php ts=4 sw=4 sts=4 sr noet