Removed most of the execution notices
authorJean-Michel Vourgère <jvourger@greenpeace.org>
Fri, 24 Feb 2017 17:17:39 +0000 (06:17 +1300)
committerJean-Michel Vourgère <jvourger@greenpeace.org>
Fri, 24 Feb 2017 21:44:28 +0000 (10:44 +1300)
index.php
squasher.class.php
squasher.php

index d092dd6df90c422195b8ab96c28dc8e49da0e803..d733f0ba64f08b863b96e08e6d2d69459a016a69 100644 (file)
--- a/index.php
+++ b/index.php
@@ -4,26 +4,19 @@ require_once("include/connect.inc.php");
 
 require_once("squasher.class.php");
 
-$vars['debug'] = $_GET['debug'];
-$vars['newtpl'] = $_GET['newtpl'];
-$tools = $_GET['tools'];
-
-foreach($_POST AS $key => $value)
-       $submitted[$key]=$value;
-
 $salt = md5($_SERVER['REMOTE_ADDR']."|".$_SERVER['HTTP_USER_AGENT']);
 
-if ($tools=="logout"){
+if (@$_GET['tools']=="logout"){
        session_destroy();
        $_SESSION['creds']['validated'] = false;
        header( 'Location: '.$_SERVER['PHP_SELF'] ) ;
 }
 
-if (!$_SESSION['creds']['validated']){
-       validate_user($_POST['user'], $_POST['pass'], $salt);
+if (!@$_SESSION['creds']['validated']){
+       validate_user(@$_POST['user'], @$_POST['pass'], $salt);
 }
 
-if ($_SESSION['creds']['validated'] || isset($_GET['f'])) {
+if ($_SESSION['creds']['validated'] || @$_GET['f']) {
 //if ($_SESSION['creds']['validated']){
        //load squasher
        include("squasher.php");
@@ -34,8 +27,8 @@ if ($_SESSION['creds']['validated'] || isset($_GET['f'])) {
 
        $smarty = new Smarty;
 
-       $smarty->assign('salt',$salt);
-       $smarty->assign('debug',$debug);
+       $smarty->assign('salt', $salt);
+       $smarty->assign('debug', @$_GET['debug']);
        $smarty->display('login.tpl');
 }
 // vim: syntax=php ts=4 sw=4 sts=4 sr noet
index c831fea68e140a77a0ea754419e7a3cc75803854..6648595d37e0e4ff4859f71ab05b69373a8c6e1d 100644 (file)
@@ -46,13 +46,12 @@ function validate_user($username, $password, $salt) {
 class squashweb {
 
 var $basepath;
-var $configs;
-var $stats;
-var $files;
-var $subfolders;
+var $configs = array();
+var $files = array();
+var $subfolders = array();
 var $folderrights;
 var $userrights;
-var $history;
+var $history = array();
 
 function set_root($root) {
        $this->basepath = $root;
@@ -89,20 +88,6 @@ function update_history() {
        }
 }
 
-function got_rights_checkbox($needle) {
-       $result = $this->got_rights_array($needle,'',0,'userrights');
-       switch($result) {
-               case 0:
-                       $return = '';
-                       break;
-               case 1:
-               case 2:
-                       $return = 'checked';
-                       break;
-       }
-       return $return;
-}
-
 function get_users($user_level) {
        $q = "SELECT * FROM users WHERE user_level < '".$user_level."' order by user_name asc";
        $r = mysql_query($q);
@@ -146,6 +131,7 @@ function get_logs($type='all') {
 
        $order=" order by log.log_id desc ";
        $r = mysql_query($q.$today.$order);
+       $return = array();
        while($a = mysql_fetch_array($r)) {
                $qu="select users.user_name from users left join log on users.user_id = log.user_id where log.ip='{".$a['ip']."}' group by users.user_name";
                $ru = mysql_query($qu);
@@ -185,34 +171,45 @@ function get_logs($type='all') {
        return $return;
 }
 
-function insert_users($submitted, $admin_level) {
-       $q = "INSERT INTO users (user_name,user_pass,user_level) values ('".$submitted['u']['user_name']."','".md5($submitted['u']['user_pass'])."','".$submitted['u']['user_level']."')";
+function insert_users($u, $admin_level) {
+       $q = "INSERT INTO users (user_name,user_pass,user_level) VALUES ('".$u['user_name']."','".md5($u['user_pass'])."','".$u['user_level']."')";
        $r = mysql_query($q);
 }
 
-function update_users($submitted) {
-       $q = "UPDATE users SET user_name = '".$submitted['u']['user_name']."', user_pass = '".md5($submitted['u']['user_pass'])."', user_level = '".$submitted['u']['user_level']."' WHERE user_id = '".$submitted['u']['user_id']."'";
-       $r = mysql_query($q);
+function update_users($u) {
+       if (@$u['user_name']) {
+               $q = "UPDATE users SET user_name = '".$u['user_name']."' WHERE user_id = '".$u['user_id']."'";
+               $r = mysql_query($q);
+       }
+       if (@$u['user_pass']) {
+               $q = "UPDATE users SET user_pass = '".md5($u['user_pass'])."' WHERE user_id = '".$u['user_id']."'";
+               $r = mysql_query($q);
+       }
+       if (@$u['user_level']) {
+               $q = "UPDATE users SET user_level = '".$u['user_level']."' WHERE user_id = '".$u['user_id']."'";
+               $r = mysql_query($q);
+       }
 }
 
-function disable_users($submitted) {
-       $q = "UPDATE users SET user_name = '".$submitted['u']['user_name']."', user_pass = '', user_level = '".$submitted['u']['user_level']."' WHERE user_id = '".$submitted['u']['user_id']."'";
+function disable_users($u) {
+       $q = "UPDATE users SET user_name = '".$u['user_name']."', user_pass = '', user_level = '".$u['user_level']."' WHERE user_id = '".$u['user_id']."'";
        $r = mysql_query($q);
 }
 
-function remove_users($submitted) {
-       $q = "DELETE FROM users WHERE user_id = '".$submitted['u']['user_id']."'";
+function remove_users($u) {
+       $q = "DELETE FROM users WHERE user_id = '".$u['user_id']."'";
        $r = mysql_query($q);
 }
 
-function give_rights($user_id, $type='folderrights') {
+function get_rights($user_id) {
+       $result = array();
 
        $q = "SELECT folder_path, access FROM user_rights WHERE user_id = '".$user_id."'";
        $r = mysql_query($q);
        while ($o = mysql_fetch_object($r)) {
 
                //clean vars
-               $arr_string = '$this->'.$type;
+               $arr_string = '$result';
 
                //get foldernames from path
                if ($o->folder_path != '/') {
@@ -228,43 +225,32 @@ function give_rights($user_id, $type='folderrights') {
                }
                $arr_string .= "['__access__']";
 
-               //choose access icon
-               // access = # --deny-all
-               // access = * --allow-dir-only
-               // access = @ --allow-inc-subs
-/*             switch($o->access) {
-                       case 0 :
-                               $icon = '#';
-                               break;
-                       case 1 :
-                               $icon = '*';
-                               break;
-                       case 2 :
-                               $icon = '@';
-                               break;
-               }*/
-               //echo $arr_string." = '".$icon."'\n";
-               //echo $arr_string." = '".$o->access."';";
                eval($arr_string." = '".$o->access."';");
        }
+       return $result;
+}
 
-       return $this->folderrights;
+function give_rights($user_id, $type='folderrights') {
+       if ($type=='folderrights')
+               $this->folderrights = $this->get_rights($user_id);
+       else // $type=='userrights'
+               $this->userrights = $this->get_rights($user_id);
 }
 
-function update_rights($submitted, $admin_level) {
-       $q = "SELECT count(*) result FROM users WHERE user_id = '".$submitted['edited_user']."' AND user_level < '".$admin_level."'";
+function update_rights($edited_user, $m, $admin_level) {
+       $q = "SELECT count(*) result FROM users WHERE user_id = '".$edited_user."' AND user_level < '".$admin_level."'";
        $r = mysql_query($q);
        $o = mysql_fetch_object($r);
 
        if ($o->result) {
-               foreach ($submitted['m'] AS $path => $access) {
-                       $p_q = "SELECT count(*) result FROM user_rights WHERE user_id = '".$submitted['edited_user']."' AND folder_path = '".$path."'";
+               foreach ($m AS $path => $access) {
+                       $p_q = "SELECT count(*) result FROM user_rights WHERE user_id = '".$edited_user."' AND folder_path = '".$path."'";
                        $p_r = mysql_query($p_q);
                        $p_o = mysql_fetch_object($p_r);
                        if ($p_o->result == 1)
-                               mysql_query("UPDATE user_rights SET access = ".$access." WHERE folder_path = '".$path."' AND user_id = '".$submitted['edited_user']."'");
+                               mysql_query("UPDATE user_rights SET access = ".$access." WHERE folder_path = '".$path."' AND user_id = '".$edited_user."'");
                        if ($p_o->result == 0)
-                               mysql_query("INSERT INTO user_rights (user_id,folder_path,access) values ('".$submitted['edited_user']."','".$path."','".$access."') ");
+                               mysql_query("INSERT INTO user_rights (user_id,folder_path,access) values ('".$edited_user."','".$path."','".$access."') ");
                }
        }
 }
@@ -277,22 +263,23 @@ function show_rights_tree($path, $depth=0, $userid=0) {
        if ($depth==0)
                $this->give_rights($userid, 'userrights');
 
-       // access = # | 0 --deny-all
-       // access = * | 1 --allow-dir-only
-       // access = @ | 2 --allow-inc-subs
+       // access = 0 --deny-all
+       // access = 1 --allow-dir-only
+       // access = 2 --allow-inc-subs
 
-       for ($i=0;$depth > $i; $i++)
+       $layout = '';
+       $style = '';
+
+       for ($i=0; $i<$depth; $i++)
                $layout .= " ";
        if ($dir = opendir($path)) {
                $layout .= "<div style='clear:both;' >\n";
-               $f=0;
+               $f = 0;
                while (false !== ($file = readdir($dir))) {
-                       $files_array[]=$file;
+                       $files_array[] = $file;
                }
                asort($files_array);
                foreach ($files_array as $f_index => $file) {
-//             while (false !== ($file = readdir($dir)))
-//             {
                        if (($file{0} !== ".") && ($file !== ".."))
                        {
                                $filename = $path."/".$file;
@@ -300,8 +287,7 @@ function show_rights_tree($path, $depth=0, $userid=0) {
                                        $f++;
                                        if (substr($filename,0,strlen($this->basepath))==$this->basepath)
                                                $name = substr($filename,strlen($this->basepath));
-                                       //$check = $this->got_rights_checkbox($filename);
-                                       $check = $this->got_rights_array_admin($filename, '', 0, 'userrights');
+                                       $check = $this->got_rights_array_admin($filename, $this->userrights);
                                        $check_all = '';
                                        $check_allow = '';
                                        $check_deny = '';
@@ -344,48 +330,35 @@ function show_rights_tree($path, $depth=0, $userid=0) {
        return $return;
 }
 
-function got_rights_path($needle, $haystack) {
-       if (!is_array($haystack))
-               $haystack = $this->folderrights;
-       foreach($haystack as $v) {
-               if (!is_array($v)) {
-                       if ($needle == $v)
-                               return true;
-               } else {
-                       if (is_in_array($needle, $v, $case_sensitive) === true)
-                               return true;
-               }
-       }
-       return false;
-}
+function got_rights_array($needle, $haystack='', $c=0) {
+       // used by:
+       // - read_single_file
+       // - read_directory
+       // - show_rights_tree
 
-function got_rights_array($needle, $haystack='', $c=0, $type='folderrights') {
        if (!is_array($haystack))
-               eval('$haystack = $this->'.$type.';');
+               $haystack = $this->folderrights;
        if (substr($needle, 0, strlen($this->basepath)) == $this->basepath)
                $needle=substr($needle,strlen($this->basepath));
 
-       //if ($needle{0}=='.')
-       //      $needle=substr($needle, strlen($this->basepath));
-
-       //check root rights
-       if ($needle{0}=='/' && $haystack['__access__'] == 2 )
+       // check root rights
+       if ($needle{0} == '/' && @$haystack['__access__'] == 2 )
                return 2;
 
-       //check folder tights
+       // remove leading /
        if ($needle{0}=='/')
-               $needle=substr($needle,1);
+               $needle = substr($needle, 1);
 
-       $needle_arr = explode('/',$needle);
+       $needle_arr = explode('/', $needle);
        $n = count($needle_arr);
-       $d = $c+1;
+       $d = $c + 1;
 
        foreach ($haystack as $k => $v) {
                if ($needle_arr[$c] == $k) {
-                       if (!is_array($v['__access__'])) {
-                               if (($v['__access__'] == '@' || $v['__access__'] == 2)                     ) return 2;
-                               if (($v['__access__'] == '*' || $v['__access__'] == 1) && $d == $n ) return 1;
-                               if (($v['__access__'] == '#' || $v['__access__'] == 0) && $d == $n ) return 0;
+                       if (!is_array(@$v['__access__'])) {
+                               if ($v['__access__'] == 2             ) return 2;
+                               if ($v['__access__'] == 1 && $d == $n ) return 1;
+                               if ($v['__access__'] == 0 && $d == $n ) return 0;
                        } else {
                                $return = $this->got_rights_array($needle, $v, $d);
                        }
@@ -394,67 +367,65 @@ function got_rights_array($needle, $haystack='', $c=0, $type='folderrights') {
        return $return;
 }
 
-function got_rights_array_admin($needle, $haystack='', $c=0, $type='folderrights') {
+function got_rights_array_admin($needle, $haystack='', $c=0) {
+       // used by:
+       // - show_rights_tree
 
        if (!is_array($haystack))
-               eval('$haystack = $this->'.$type.';');
+               $haystack = $this->folderrights;
        if (substr($needle, 0, strlen($this->basepath)) == $this->basepath)
                $needle = substr($needle, strlen($this->basepath));
 
-       //if ($needle{0}=='.')
-       //      $needle=substr($needle,strlen($this->basepath));
-
-       //check root rights
-       if ($needle{0}=='/' && $haystack['__access__'] == 2 )
+       // check root rights
+       if ($needle{0} == '/' && @$haystack['__access__'] == 2 )
                return 2;
 
-       //check folder rights
-       if ($needle{0}=='/')
-               $needle=substr($needle, 1);
+       // remove leading /
+       if ($needle{0} == '/')
+               $needle = substr($needle, 1);
 
-       $needle_arr = explode('/',$needle);
+       $needle_arr = explode('/', $needle);
        $n = count($needle_arr);
-       $d = $c+1;
+       $d = $c + 1;
        $return = 0;
 
        if ($c < $n) {
-               if ($haystack['__access__'] == 2)
+               if (@$haystack['__access__'] == 2)
                        return $haystack['__access__'];
                if (is_array($haystack[$needle_arr[$c]]))
                        $return = $this->got_rights_array_admin($needle, $haystack[$needle_arr[$c]], $d);
        } else {
-               if ($haystack['__access__'] > 0)
+               if (@$haystack['__access__'] > 0)
                        $return = $haystack['__access__'];
        }
 
        return $return;
 }
 
-function got_rights_array_recursive($needle, $haystack='', $c=0, $type='folderrights') {
+function got_rights_array_recursive($needle, $haystack='', $c=0) {
+       // used by:
+       // - read_directory, for subfolders
 
        if (!is_array($haystack))
-               eval('$haystack = $this->'.$type.';');
+               $haystack = $this->folderrights;
        if (substr($needle, 0, strlen($this->basepath)) == $this->basepath)
                $needle=substr($needle, strlen($this->basepath));
 
-       //if($needle{0}=='.')
-       //      $needle=substr($needle,strlen($this->basepath));
-
-       //check root rights
-       if($needle{0}=='/' && $haystack['__access__'] == 2 )
+       // check root rights
+       if($needle{0}=='/' && @$haystack['__access__'] == 2 )
                return 2;
 
-       //check folder rights
+       // check folder rights
        if($needle{0}=='/')
                $needle=substr($needle,1);
 
        $needle_arr = explode('/', $needle);
        $n = count($needle_arr);
-       $d = $c+1;
+       $d = $c + 1;
        $return = 0;
 
        foreach($haystack as $k => $v) {
-               if ($needle_arr[$c] == $k) {
+               if ($c < sizeof($needle_arr) && $needle_arr[$c] == $k) {
                        if ($c < $n) {
                                if ($v['__access__'] == 2)
                                        $return = $return + $v['__access__'];
@@ -552,14 +523,15 @@ function read_directory($path, $getsubs=false, $getfirstfiles=true, $getdeepfile
                while (false !== ($file = readdir($dir))) {
                        if (($file{0} !== ".") && substr($file,0,1) !== "SQ") {
                                $filename = $path."/".$file;
-                               if (!is_file($filename) && !strpos($filename, './uploads/recieving')) {
+                               if (!is_file($filename) && strpos($filename, './uploads/recieving')===false) {
                                        if ($getsubs) {
                                                if ($this->got_rights_array_recursive($filename) > 0) {
-                                                       $key = substr($path,strlen($this->basepath)) . '/' . $file;
+                                                       $key = substr($path, strlen($this->basepath)) . '/' . $file;
                                                        $this->subfolders[$key] = $file;
                                                }
                                        }
-                                       if ($getdeepfiles)$this->read_directory($filename, false, $getdeepfiles, $getdeepfiles, $populate);
+                                       if ($getdeepfiles)
+                                               $this->read_directory($filename, false, $getdeepfiles, $getdeepfiles, $populate);
                                } elseif (strpos($filename,'./uploads/ftp')) { //ftp files
                                        if ($this->got_rights_array($path) > 0 && !strpos($filename, '.hidden') ) {
                                                $h = md5($filename);
@@ -578,7 +550,8 @@ function read_directory($path, $getsubs=false, $getfirstfiles=true, $getdeepfile
                                                $this->configs[$h]['mime'] = $this->set_mime($name_only);
                                                $this->configs[$h]['hidden'] = (is_file($path.'/'.$base_name.'.hidden')) ? true : false ;
                                        }
-                               } elseif ($getfirstfiles) { //squashed files
+                               } elseif ($getfirstfiles) {
+                                       //squashed files
                                        if ($this->got_rights_array($path) > 0) {
                                                if (strpos($filename, '.Completed') || strpos($filename, '.InProgress') || strpos($filename, '.Starting') || strpos($filename, '.Processed')) {
                                                        $i++;
index bcd64a198cee433d5c9ee581d4bc67db5e824705..2e71b8f66db2550d7975ddd3c1711e2ea5c7ded6 100644 (file)
@@ -14,12 +14,13 @@ if (isset($_GET['path']) && $_GET['path']!=NULL && strlen($_GET['path'])!=1) {
        $subf = $_GET['path'];
        $path = $basedir . $subf;
 } else {
+       $subf = '/';
        $path = $basedir;
 }
 
 $squashweb->set_root($basedir);
 
-if ((isset($_GET['f']) && $_GET['f']!=NULL) || (isset($_GET['d']) && $_GET['d']!=NULL) || $_GET['show_all']==true || $_GET['tools']=='hide' || $_GET['tools']=='unhide' || $_GET['tools']=='delete') {
+if (@$_GET['f'] || @$_GET['d']  || @$_GET['show_all']==true || @$_GET['tools']=='hide' || @$_GET['tools']=='unhide' || @$_GET['tools']=='delete') {
        $getdeepfiles=true;
        $populate=false;
 } else {
@@ -27,18 +28,18 @@ if ((isset($_GET['f']) && $_GET['f']!=NULL) || (isset($_GET['d']) && $_GET['d']!
        $populate=true;
 }
 
-//update folder rights if form is submitted
-if ($submitted['edited_user'] > 0 && $submitted['formtype'] == 'folderrights')
-       $squashweb->update_rights($submitted,$_SESSION['creds']['user_level']);
+//update folder rights if form is posted
+if (@$_POST['edited_user'] > 0 && @$_POST['formtype'] == 'folderrights')
+       $squashweb->update_rights($_POST['edited_user'], $_POST['m'], $_SESSION['creds']['user_level']);
 
 //set folder rights
-if (isset($_GET['f']) && $_GET['f']!=NULL) {
+if (@$_GET['f']) {
        $squashweb->give_rights(2);
 } else {
        $squashweb->give_rights($_SESSION['creds']['user_id']);
 }
 
-if (isset($_GET['f']) && $_GET['f']!=NULL) {
+if (@$_GET['f']) {
        $f_q = "SELECT * FROM file_hash WHERE md5_hash = '".$_GET['f']."'";
        $f_r = mysql_query($f_q);
        $f_o = mysql_fetch_object($f_r);
@@ -57,7 +58,7 @@ if (isset($_GET['f']) && $_GET['f']!=NULL) {
 }
 
 //check if a file is requested
-if (isset($_GET['f']) && $_GET['f']!=NULL) {
+if (@$_GET['f']) {
        //get the config of requested file
        $request = $squashweb->get_config($_GET['f']);
 
@@ -83,7 +84,7 @@ if (isset($_GET['f']) && $_GET['f']!=NULL) {
        //-check-file-and-request-type-end-
        //---------------------------------
 
-} elseif ($tools=="hide" && isset($_GET['h'])) {
+} elseif (@$_GET['tools']=="hide" && @$_GET['h']) {
        if ($_SESSION['creds']['user_level'] > 99) {
                $request = $squashweb->get_config($_GET['h']);
                $handle = fopen($request['path'].'/'.$request[2].'.hidden', 'x');
@@ -92,14 +93,14 @@ if (isset($_GET['f']) && $_GET['f']!=NULL) {
                $path=substr($request['path'], strlen($basedir));
                header( 'Location: '.$_SERVER['PHP_SELF'].'?path='.$path) ;
        }
-} elseif ($tools=="unhide" && isset($_GET['h'])) {
+} elseif (@$_GET['tools']=="unhide" && isset($_GET['h'])) {
        if ($_SESSION['creds']['user_level'] > 99) {
                $request = $squashweb->get_config($_GET['h']);
                @unlink($request['path'].'/'.$request[2].'.hidden');
                $path=substr($request['path'], strlen($basedir));
                header( 'Location: '.$_SERVER['PHP_SELF'].'?path='.$path) ;
        }
-} elseif ($tools=="delete" && isset($_GET['h'])) {
+} elseif (@$_GET['tools']=="delete" && isset($_GET['h'])) {
        if ($_SESSION['creds']['user_level'] > 99) {
                if ($_GET['h'] == "multiple") {
                        $h_post = $_POST['h'];
@@ -125,28 +126,28 @@ if (isset($_GET['f']) && $_GET['f']!=NULL) {
        $smarty->assign('user_name', $_SESSION['creds']['user_name']);
        $smarty->assign('users', $squashweb->get_users($_SESSION['creds']['user_level']));
 
-       $smarty->assign('edited_user', $_GET['user']);
+       $smarty->assign('edited_user', @$_GET['user']);
 
-       $tree = $squashweb->show_rights_tree($path, 0, $_GET['user']);
+       $tree = $squashweb->show_rights_tree($path, 0, @$_GET['user']);
 
        $smarty->assign('style', $tree['style']);
        $smarty->assign('layout', $tree['layout']);
 
-       $smarty->assign('debug', $vars['debug']);
+       $smarty->assign('debug', @$_GET['debug']);
        $smarty->assign('folderrights', $squashweb->folderrights());
        $smarty->assign('userrights', $squashweb->userrights());
        $smarty->display('admin.tpl');
 
 } elseif (@$_GET['tools']=='users' && $_SESSION['creds']['user_level'] > 100) {
-
-       if ($submitted['type']=="update")
-               $squashweb->update_users($submitted);
-       if ($submitted['type']=="disable")
-               $squashweb->disable_users($submitted);
-       if ($submitted['type']=="delete")
-               $squashweb->remove_users($submitted);
-       if ($submitted['type']=="new")
-               $squashweb->insert_users($submitted, $_SESSION['creds']['user_level']);
+       $type = @$_POST['type'];
+       if ($type=="update")
+               $squashweb->update_users($_POST['u']);
+       if ($type=="disable")
+               $squashweb->disable_users($_POST['u']);
+       if ($type=="delete")
+               $squashweb->remove_users($_POST['u']);
+       if ($type=="new")
+               $squashweb->insert_users($_POST['u'], $_SESSION['creds']['user_level']);
        require_once("smarty/Smarty.class.php");
 
        $smarty = new Smarty;
@@ -160,12 +161,14 @@ if (isset($_GET['f']) && $_GET['f']!=NULL) {
        } else {
                $smarty->assign('user_levels', array(55 => 'user' ) );
        }
-       $smarty->assign('debug',$vars['debug']);
+       $smarty->assign('debug', @$_GET['debug']);
 
        $smarty->display('udmin.tpl');
 
-} elseif ($_GET['tools']=='logs' && $_SESSION['creds']['user_level'] > 100) {
-       $logtype=($_GET['logtype']) ? $_GET['logtype'] : 'all';
+} elseif (@$_GET['tools']=='logs' && $_SESSION['creds']['user_level'] > 100) {
+       $logtype=@$_GET['logtype'];
+       if (!$logtype)
+               $logtype = 'all';
        require_once("smarty/Smarty.class.php");
 
        $smarty = new Smarty;
@@ -175,6 +178,7 @@ if (isset($_GET['f']) && $_GET['f']!=NULL) {
        $smarty->assign('logtype', $logtype);
        $smarty->assign('logs', $squashweb->get_logs($logtype));
 
+       $smarty->assign('debug', @$_GET['debug']);
        $smarty->display('logs.tpl');
 
 } else {
@@ -199,6 +203,9 @@ if (isset($_GET['f']) && $_GET['f']!=NULL) {
 
        $configs_sorted = named_records_sort($configs_num, 'lastchange', true);
 
+       $configs = array();
+       $paths = array();
+
        foreach ($configs_sorted as $key => $value) {
                $configs[$key]['squashed'] = $value['squashed'];
                $configs[$key]['version'] = $value[0];
@@ -236,13 +243,14 @@ if (isset($_GET['f']) && $_GET['f']!=NULL) {
 
        //set base folders
        $basepath['/'] = '&nbsp;top&nbsp;';
-       foreach (explode('/',$subf) as $key => $value) {
+       $bpath = '';
+       foreach (explode('/', $subf) as $key => $value) {
                if ($value != '') {
                        $bpath .= '/'.$value;
                        $basepath[$bpath] = $value;
                }
        }
-       $smarty->assign('debug', $vars['debug']);
+       $smarty->assign('debug', @$_GET['debug']);
        $smarty->assign('user_level', $_SESSION['creds']['user_level']);
        $smarty->assign('user_name', $_SESSION['creds']['user_name']);
        $smarty->assign('folderrights', $squashweb->folderrights());
@@ -252,13 +260,14 @@ if (isset($_GET['f']) && $_GET['f']!=NULL) {
        $smarty->assign('base', $basepath);
        $smarty->assign('currentfolder', $subf);
        $subs = $squashweb->subfolders();
-       asort($subs);
+       if ($subs)
+               asort($subs);
        $smarty->assign('subfolders', $subs);
 
-       //if($vars[debug])print_r($configs);
-       if (!$vars['newtpl'])
+       //if(@$_GET[debug]) print_r($configs);
+       if (!@$_GET['newtpl'])
                $smarty->display('index.tpl'); //Display normal template
-       if ($vars['newtpl'])
+       else
                $smarty->display('wip_massdelete.tpl'); //Display Work In Progress template
 
 }