projects / squasher.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 1aead60)
Fixed "Use of undefined constant" warnings
authorJean-Michel Vourgère <jvourger@greenpeace.org>
Thu, 23 Feb 2017 21:11:28 +0000 (10:11 +1300)
committerJean-Michel Vourgère <jvourger@greenpeace.org>
Thu, 23 Feb 2017 21:15:42 +0000 (10:15 +1300)
squasher.class.php patch | blob | history
squasher.php patch | blob | history

diff --git a/squasher.class.php b/squasher.class.php
index 3879f1ce5550c0adf41be5930fe67370a007c111..7f36d63468cdd313155ab5deeb01d2db99b80329 100644 (file)
--- a/squasher.class.php
+++ b/squasher.class.php
@@ -115,7 +115,7 @@ function get_users($user_level){
 
 function get_logs($type='all'){
        $q="SELECT log.* FROM log WHERE log.user_id != '1' and ip != '87.233.211.2' ";
-       if($_SESSION[creds][user_id] == 1)$q="SELECT log.* FROM log WHERE log.user_id != 'x' ";
+       if($_SESSION['creds']['user_id'] == 1)$q="SELECT log.* FROM log WHERE log.user_id != 'x' ";
        switch($type){
        case "delete":
                $q.= " and log.action = 'delete'";
@@ -142,34 +142,34 @@ function get_logs($type='all'){
        $order=" order by log.log_id desc ";
        $r = mysql_query($q.$today.$order);
        while($a = mysql_fetch_array($r)){
-               $qu="select users.user_name from users left join log on users.user_id = log.user_id where log.ip='{$a[ip]}' group by users.user_name";
+               $qu="select users.user_name from users left join log on users.user_id = log.user_id where log.ip='{".$a['ip']."}' group by users.user_name";
                $ru = mysql_query($qu);
-               $a[users_from_ip]=" | ";
-               while($au = mysql_fetch_array($ru))$a[users_from_ip].=$au[user_name]." | ";
+               $a['users_from_ip']=" | ";
+               while($au = mysql_fetch_array($ru))$a['users_from_ip'].=$au['user_name']." | ";
                $return['today'][$a['log_id']]=$a;
        }
        $r = mysql_query($q.$yesterday.$order);
        while($a = mysql_fetch_array($r)){
-               $qu="select users.user_name from users left join log on users.user_id = log.user_id where log.ip='{$a[ip]}' group by users.user_name";
+               $qu="select users.user_name from users left join log on users.user_id = log.user_id where log.ip='{".$a['ip']."}' group by users.user_name";
                $ru = mysql_query($qu);
-               $a[users_from_ip]=" | ";
-               while($au = mysql_fetch_array($ru))$a[users_from_ip].=$au[user_name]." | ";
+               $a['users_from_ip']=" | ";
+               while($au = mysql_fetch_array($ru))$a['users_from_ip'].=$au['user_name']." | ";
                $return['yesterday'][$a['log_id']]=$a;
        }
        $r = mysql_query($q.$lastweek.$order);
        while($a = mysql_fetch_array($r)){
-               $qu="select users.user_name from users left join log on users.user_id = log.user_id where log.ip='{$a[ip]}' group by users.user_name";
+               $qu="select users.user_name from users left join log on users.user_id = log.user_id where log.ip='{".$a['ip']."}' group by users.user_name";
                $ru = mysql_query($qu);
-               $a[users_from_ip]=" | ";
-               while($au = mysql_fetch_array($ru))$a[users_from_ip].=$au[user_name]." | ";
+               $a['users_from_ip']=" | ";
+               while($au = mysql_fetch_array($ru))$a['users_from_ip'].=$au['user_name']." | ";
                $return['lastweek'][$a['log_id']]=$a;
        }
        $r = mysql_query($q.$older.$order);
        while($a = mysql_fetch_array($r)){
-               $qu="select users.user_name from users left join log on users.user_id = log.user_id where log.ip='{$a[ip]}' group by users.user_name";
+               $qu="select users.user_name from users left join log on users.user_id = log.user_id where log.ip='{".$a['ip']."}' group by users.user_name";
                $ru = mysql_query($qu);
-               $a[users_from_ip]=" | ";
-               while($au = mysql_fetch_array($ru))$a[users_from_ip].=$au[user_name]." | ";
+               $a['users_from_ip']=" | ";
+               while($au = mysql_fetch_array($ru))$a['users_from_ip'].=$au['user_name']." | ";
                $return['older'][$a['log_id']]=$a;
        }
 
@@ -177,22 +177,22 @@ function get_logs($type='all'){
 }
 
 function insert_users($submitted,$admin_level){
-       $q = "INSERT INTO users (user_name,user_pass,user_level) values ('".$submitted[u][user_name]."','".md5($submitted[u][user_pass])."','".$submitted[u][user_level]."')";
+       $q = "INSERT INTO users (user_name,user_pass,user_level) values ('".$submitted['u']['user_name']."','".md5($submitted['u']['user_pass'])."','".$submitted['u']['user_level']."')";
        $r = mysql_query($q);
 }
 
 function update_users($submitted){
-       $q = "UPDATE users SET user_name = '".$submitted[u][user_name]."', user_pass = '".md5($submitted[u][user_pass])."', user_level = '".$submitted[u][user_level]."' WHERE user_id = '".$submitted[u][user_id]."'";
+       $q = "UPDATE users SET user_name = '".$submitted['u']['user_name']."', user_pass = '".md5($submitted['u']['user_pass'])."', user_level = '".$submitted['u']['user_level']."' WHERE user_id = '".$submitted['u']['user_id']."'";
        $r = mysql_query($q);
 }
 
 function disable_users($submitted){
-       $q = "UPDATE users SET user_name = '".$submitted[u][user_name]."', user_pass = '', user_level = '".$submitted[u][user_level]."' WHERE user_id = '".$submitted[u][user_id]."'";
+       $q = "UPDATE users SET user_name = '".$submitted['u']['user_name']."', user_pass = '', user_level = '".$submitted['u']['user_level']."' WHERE user_id = '".$submitted['u']['user_id']."'";
        $r = mysql_query($q);
 }
 
 function remove_users($submitted){
-       $q = "DELETE FROM users WHERE user_id = '".$submitted[u][user_id]."'";
+       $q = "DELETE FROM users WHERE user_id = '".$submitted['u']['user_id']."'";
        $r = mysql_query($q);
 }
 
@@ -247,7 +247,7 @@ function update_rights($submitted,$admin_level){
        $o = mysql_fetch_object($r);
        
        if ($o->result){
-               foreach ($submitted[m] AS $path => $access){
+               foreach ($submitted['m'] AS $path => $access){
                        $p_q = "SELECT count(*) result FROM user_rights WHERE user_id = '".$submitted['edited_user']."' AND folder_path = '".$path."'";
                        $p_r = mysql_query($p_q);
                        $p_o = mysql_fetch_object($p_r);
@@ -876,7 +876,7 @@ function print_files($path,$filename,$tovar = false){
                #Update DB
                $q="delete from file_hash where file_hash = '{$h}'";
                mysql_query($q);
-               $q="insert into log (hash,file,action,user_id,user_name,ip,date) values ('{$h}','{$filepath}','delete','".$s['user_id']."','".$s['user_name']."','".$_SERVER[REMOTE_ADDR]."',NOW())";
+               $q="insert into log (hash,file,action,user_id,user_name,ip,date) values ('{$h}','{$filepath}','delete','".$s['user_id']."','".$s['user_name']."','".$_SERVER['REMOTE_ADDR']."',NOW())";
                mysql_query($q);
 
                #Send debug mail
diff --git a/squasher.php b/squasher.php
index f8471ba158ce509b2791724f0f2bb4a83cf19464..9800b59a7ff3ca4ebdf5d37d2ab1a8ac00a9397e 100644 (file)
--- a/squasher.php
+++ b/squasher.php
@@ -1,5 +1,5 @@
 <?php
-if (!$_SESSION[creds][validated] && !isset($_GET['f']))exit();
+if (!$_SESSION['creds']['validated'] && !isset($_GET['f']))exit();
 
 require_once("squasher.class.php");
 
@@ -27,13 +27,13 @@ if ((isset($_GET['f']) && $_GET['f']!=NULL) || (isset($_GET['d']) && $_GET['d']!
 }
 
 //update folder rights if form is submitted
-if($submitted['edited_user'] > 0 && $submitted['formtype'] == 'folderrights') $squashweb->update_rights($submitted,$_SESSION[creds][user_level]);
+if($submitted['edited_user'] > 0 && $submitted['formtype'] == 'folderrights') $squashweb->update_rights($submitted,$_SESSION['creds']['user_level']);
 
 //set folder rights
 if (isset($_GET['f']) && $_GET['f']!=NULL){
        $squashweb->give_rights(2);
 }else{
-       $squashweb->give_rights($_SESSION[creds][user_id]);
+       $squashweb->give_rights($_SESSION['creds']['user_id']);
 }
 
 if (isset($_GET['f']) && $_GET['f']!=NULL){
@@ -42,7 +42,7 @@ if (isset($_GET['f']) && $_GET['f']!=NULL){
        $f_o = mysql_fetch_object($f_r);
 
        //log downloads
-       @mysql_query("INSERT INTO log (hash,file,action,user_id,user_name,ip,date) VALUES ('".$_GET['f']."','{$f_o->file}','download','".$_SESSION[creds][user_id]."','".$_SESSION[creds][user_name]."','".$_SERVER[REMOTE_ADDR]."',NOW())");
+       @mysql_query("INSERT INTO log (hash,file,action,user_id,user_name,ip,date) VALUES ('".$_GET['f']."','{$f_o->file}','download','".$_SESSION['creds']['user_id']."','".$_SESSION['creds']['user_name']."','".$_SERVER['REMOTE_ADDR']."',NOW())");
 
        $_hpath_arr=explode("/",$f_o->file);
        $file=array_pop($_hpath_arr); //Remove filename
@@ -82,90 +82,90 @@ if (isset($_GET['f']) && $_GET['f']!=NULL){
        //---------------------------------
 
 }elseif ($tools=="hide" && isset($_GET['h'])){
-       if ($_SESSION[creds][user_level] > 99){
+       if ($_SESSION['creds']['user_level'] > 99){
                $request = $squashweb->get_config($_GET['h']);
                $handle = fopen($request['path'].'/'.$request[2].'.hidden', 'x');
-               fwrite($handle, 'hidden by '.$_SESSION[creds][user_name]);
+               fwrite($handle, 'hidden by '.$_SESSION['creds']['user_name']);
                fclose($handle);
                $path=substr($request['path'],strlen($basedir));
                header( 'Location: '.$_SERVER['PHP_SELF'].'?path='.$path) ;
        }
 }elseif ($tools=="unhide" && isset($_GET['h'])){
-       if ($_SESSION[creds][user_level] > 99){
+       if ($_SESSION['creds']['user_level'] > 99){
                $request = $squashweb->get_config($_GET['h']);
                @unlink($request['path'].'/'.$request[2].'.hidden');
                $path=substr($request['path'],strlen($basedir));
                header( 'Location: '.$_SERVER['PHP_SELF'].'?path='.$path) ;
        }
 }elseif ($tools=="delete" && isset($_GET['h'])){
-       if ($_SESSION[creds][user_level] > 99){
+       if ($_SESSION['creds']['user_level'] > 99){
                if ($_GET['h'] == "multiple"){
                        $h_post = $_POST['h'];
                        foreach ($h_post as $h_key => $h){
                                $request = $squashweb->get_config($h);
-                               $squashweb->delete_file($h,$_SESSION[creds]);
+                               $squashweb->delete_file($h,$_SESSION['creds']);
                        }
                }else{
                        $h = $_GET['h'];
                        $request = $squashweb->get_config($h);
-                       $squashweb->delete_file($h,$_SESSION[creds]);
+                       $squashweb->delete_file($h,$_SESSION['creds']);
                }
                $path=substr($request['path'],strlen($basedir));
                header( 'Location: '.$_SERVER['PHP_SELF'].'?path='.$path);
        }
-}elseif ($_GET['tools']=='access' && $_SESSION[creds][user_level] > 100){
+}elseif ($_GET['tools']=='access' && $_SESSION['creds']['user_level'] > 100){
 
 require_once("smarty/Smarty.class.php");
 
 $smarty = new Smarty;
 
-       $smarty->assign('user_level',$_SESSION[creds][user_level]);
-       $smarty->assign('user_name',$_SESSION[creds][user_name]);
-       $smarty->assign('users',$squashweb->get_users($_SESSION[creds][user_level]));
+       $smarty->assign('user_level',$_SESSION['creds']['user_level']);
+       $smarty->assign('user_name',$_SESSION['creds']['user_name']);
+       $smarty->assign('users',$squashweb->get_users($_SESSION['creds']['user_level']));
 
        $smarty->assign('edited_user',$_GET['user']);
        
        $tree = $squashweb->show_rights_tree($path,0,$_GET['user']);
        
-       $smarty->assign('style',$tree[style]);
-       $smarty->assign('layout',$tree[layout]);
+       $smarty->assign('style',$tree['style']);
+       $smarty->assign('layout',$tree['layout']);
        
-       $smarty->assign('debug',$vars[debug]);
+       $smarty->assign('debug',$vars['debug']);
        $smarty->assign('folderrights',$squashweb->folderrights());
        $smarty->assign('userrights',$squashweb->userrights());
        $smarty->display('admin.tpl');
        
-}elseif ($_GET['tools']=='users' && $_SESSION[creds][user_level] > 100){
+}elseif ($_GET['tools']=='users' && $_SESSION['creds']['user_level'] > 100){
 
-if ($submitted[type]=="update"){$squashweb->update_users($submitted);}
-if ($submitted[type]=="disable"){$squashweb->disable_users($submitted);}
-if ($submitted[type]=="delete"){$squashweb->remove_users($submitted);}
-if ($submitted[type]=="new"){$squashweb->insert_users($submitted,$_SESSION[creds][user_level]);}
+if ($submitted['type']=="update"){$squashweb->update_users($submitted);}
+if ($submitted['type']=="disable"){$squashweb->disable_users($submitted);}
+if ($submitted['type']=="delete"){$squashweb->remove_users($submitted);}
+if ($submitted['type']=="new"){$squashweb->insert_users($submitted,$_SESSION['creds']['user_level']);}
 require_once("smarty/Smarty.class.php");
 
 $smarty = new Smarty;
 
-       $smarty->assign('user_level',$_SESSION[creds][user_level]);
-       $smarty->assign('user_name',$_SESSION[creds][user_name]);
-       $smarty->assign('users',$squashweb->get_users($_SESSION[creds][user_level]));
+       $smarty->assign('user_level',$_SESSION['creds']['user_level']);
+       $smarty->assign('user_name',$_SESSION['creds']['user_name']);
+       $smarty->assign('users',$squashweb->get_users($_SESSION['creds']['user_level']));
 
-       if ($_SESSION[creds][user_level] > 199){
+       if ($_SESSION['creds']['user_level'] > 199){
        $smarty->assign('user_levels', array(155 => 'admin' , 55 => 'user' ) );
        }else{
        $smarty->assign('user_levels', array(55 => 'user' ) );
        }
-       $smarty->assign('debug',$vars[debug]);
+       $smarty->assign('debug',$vars['debug']);
 
        $smarty->display('udmin.tpl');
 
-}elseif ($_GET['tools']=='logs' && $_SESSION[creds][user_level] > 100){
+}elseif ($_GET['tools']=='logs' && $_SESSION['creds']['user_level'] > 100){
        $logtype=($_GET['logtype']) ? $_GET['logtype'] : 'all';
        require_once("smarty/Smarty.class.php");
 
        $smarty = new Smarty;
 
-       $smarty->assign('user_level',$_SESSION[creds][user_level]);
-       $smarty->assign('user_name',$_SESSION[creds][user_name]);
+       $smarty->assign('user_level',$_SESSION['creds']['user_level']);
+       $smarty->assign('user_name',$_SESSION['creds']['user_name']);
        $smarty->assign('logtype',$logtype);
        $smarty->assign('logs',$squashweb->get_logs($logtype));
 
@@ -235,9 +235,9 @@ foreach (explode('/',$subf) AS $key => $value){
                $basepath[$bpath]=$value;
        }
 }
-$smarty->assign('debug',$vars[debug]);
-$smarty->assign('user_level',$_SESSION[creds][user_level]);
-$smarty->assign('user_name',$_SESSION[creds][user_name]);
+$smarty->assign('debug',$vars['debug']);
+$smarty->assign('user_level',$_SESSION['creds']['user_level']);
+$smarty->assign('user_name',$_SESSION['creds']['user_name']);
 $smarty->assign('folderrights',$squashweb->folderrights());
 
 $smarty->assign('squashed',$configs);
@@ -249,8 +249,8 @@ asort($subs);
 $smarty->assign('subfolders',$subs);
 
 //if($vars[debug])print_r($configs);
-if(!$vars[newtpl])$smarty->display('index.tpl'); //Display normal template
-if($vars[newtpl])$smarty->display('wip_massdelete.tpl'); //Display Work In Progress template
+if(!$vars['newtpl'])$smarty->display('index.tpl'); //Display normal template
+if($vars['newtpl'])$smarty->display('wip_massdelete.tpl'); //Display Work In Progress template
 
 }
 ?>
File squasher