Blame | Last modification | View Log | Download
<?php/************************************************************** TorrentFlux - PHP Torrent Manager* www.torrentflux.com**************************************************************//*This file is part of TorrentFlux.TorrentFlux is free software; you can redistribute it and/or modifyit under the terms of the GNU General Public License as published bythe Free Software Foundation; either version 2 of the License, or(at your option) any later version.TorrentFlux is distributed in the hope that it will be useful,but WITHOUT ANY WARRANTY; without even the implied warranty ofMERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See theGNU General Public License for more details.You should have received a copy of the GNU General Public Licensealong with TorrentFlux; if not, write to the Free SoftwareFoundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA*/include_once("config.php");include_once("functions.php");checkUserPath();// Setup some defaults if they are not set.$del = getRequestVar('del');$down = getRequestVar('down');$tar = getRequestVar('tar');$dir = stripslashes(urldecode(getRequestVar('dir')));// Are we to delete something?if ($del != ""){$current = "";// The following lines of code were suggested by Jody Steele jmlsteele@stfu.ca// this is so only the owner of the file(s) or admin can deleteif(IsAdmin($cfg["user"]) || preg_match("/^" . $cfg["user"] . "/",$del)){// Yes, then delete it// we need to strip slashes twice in some circumstances// Ex. If we are trying to delete test/tester's file/test.txt// $del will be "test/tester\\\'s file/test.txt"// one strip will give us "test/tester\'s file/test.txt// the second strip will give us the correct// "test/tester's file/test.txt"$del = stripslashes(stripslashes($del));if (!ereg("(\.\.\/)", $del)){avddelete($cfg["path"].$del);$arTemp = explode("/", $del);if (count($arTemp) > 1){array_pop($arTemp);$current = implode("/", $arTemp);}AuditAction($cfg["constants"]["fm_delete"], $del);}else{AuditAction($cfg["constants"]["error"], "ILLEGAL DELETE: ".$cfg['user']." tried to delete ".$del);}}else{AuditAction($cfg["constants"]["error"], "ILLEGAL DELETE: ".$cfg['user']." tried to delete ".$del);}header("Location: dir.php?dir=".urlencode($current));}// Are we to download something?if ($down != "" && $cfg["enable_file_download"]){$current = "";// Yes, then download it// we need to strip slashes twice in some circumstances// Ex. If we are trying to download test/tester's file/test.txt// $down will be "test/tester\\\'s file/test.txt"// one strip will give us "test/tester\'s file/test.txt// the second strip will give us the correct// "test/tester's file/test.txt"$down = stripslashes(stripslashes($down));if (!ereg("(\.\.\/)", $down)){$path = $cfg["path"].$down;$p = explode(".", $path);$pc = count($p);$f = explode("/", $path);$file = array_pop($f);$arTemp = explode("/", $down);if (count($arTemp) > 1){array_pop($arTemp);$current = implode("/", $arTemp);}if (file_exists($path)){header("Content-type: application/octet-stream\n");header("Content-disposition: attachment; filename=\"".$file."\"\n");header("Content-transfer-encoding: binary\n");header("Content-length: " . file_size($path) . "\n");// write the session to close so you can continue to browse on the site.session_write_close("TorrentFlux");//$fp = fopen($path, "r");$fp = popen("cat \"$path\"", "r");fpassthru($fp);pclose($fp);AuditAction($cfg["constants"]["fm_download"], $down);exit();}else{AuditAction($cfg["constants"]["error"], "File Not found for download: ".$cfg['user']." tried to download ".$down);}}else{AuditAction($cfg["constants"]["error"], "ILLEGAL DOWNLOAD: ".$cfg['user']." tried to download ".$down);}header("Location: dir.php?dir=".urlencode($current));}// Are we to download something?if ($tar != "" && $cfg["enable_file_download"]){$current = "";// Yes, then tar and download it// we need to strip slashes twice in some circumstances// Ex. If we are trying to download test/tester's file/test.txt// $down will be "test/tester\\\'s file/test.txt"// one strip will give us "test/tester\'s file/test.txt// the second strip will give us the correct// "test/tester's file/test.txt"$tar = stripslashes(stripslashes($tar));if (!ereg("(\.\.\/)", $tar)){// This prevents the script from getting killed off when running lengthy tar jobs.ini_set("max_execution_time", 3600);$tar = $cfg["path"].$tar;$arTemp = explode("/", $tar);if (count($arTemp) > 1){array_pop($arTemp);$current = implode("/", $arTemp);}// Find out if we're really trying to access a file within the// proper directory structure. Sadly, this way requires that $cfg["path"]// is a REAL path, not a symlinked one. Also check if $cfg["path"] is part// of the REAL path.if (is_dir($tar)){$sendname = basename($tar);switch ($cfg["package_type"]){Case "tar":$command = "tar cf - \"".addslashes($sendname)."\"";break;Case "zip":$command = "zip -0r - \"".addslashes($sendname)."\"";break;default:$cfg["package_type"] = "tar";$command = "tar cf - \"".addslashes($sendname)."\"";break;}// HTTP/1.0header("Pragma: no-cache");header("Content-Description: File Transfer");header("Content-Type: application/force-download");header('Content-Disposition: attachment; filename="'.$sendname.'.'.$cfg["package_type"].'"');// write the session to close so you can continue to browse on the site.session_write_close("TorrentFlux");// Make it a bit easier for tar/zip.chdir(dirname($tar));passthru($command);AuditAction($cfg["constants"]["fm_download"], $sendname.".".$cfg["package_type"]);exit();}else{AuditAction($cfg["constants"]["error"], "Illegal download: ".$cfg['user']." tried to download ".$tar);}}else{AuditAction($cfg["constants"]["error"], "ILLEGAL TAR DOWNLOAD: ".$cfg['user']." tried to download ".$tar);}header("Location: dir.php?dir=".urlencode($current));}if ($dir == ""){unset($dir);}if (isset($dir)){if (ereg("(\.\.)", $dir)){unset($dir);}else{$dir = $dir."/";}}DisplayHead(_DIRECTORYLIST);?><script language="JavaScript">function MakeTorrent(name_file){window.open (name_file,'_blank','toolbar=no,location=no,directories=no,status=no,menubar=no,scrollbars=yes,resizable=no,width=600,height=430')}function ConfirmDelete(file){return confirm("<?php echo _ABOUTTODELETE ?>: " + file)}</script><?phpdisplayDriveSpaceBar(getDriveSpace($cfg["path"]));echo "<br>";if(!isset($dir)) $dir = "";ListDirectory($cfg["path"].$dir);DisplayFoot();//**************************************************************************// ListDirectory()// This method reads files and directories in the specified path and// displayes them.function ListDirectory($dirName){global $dir, $cfg;$bgLight = $cfg["bgLight"];$bgDark = $cfg["bgDark"];$entrys = array();$bg = $bgLight;$dirName = stripslashes($dirName);if (isset($dir)){//setup default parent directory URL$parentURL = "dir.php";//get the real parentURLif (preg_match("/^(.+)\/.+$/",$dir,$matches) == 1){$parentURL="dir.php?dir=" . urlencode($matches[1]);}echo "<a href=\"" . $parentURL . "\"><img src=\"images/up_dir.gif\" width=16 height=16 title=\""._BACKTOPARRENT."\" border=0>["._BACKTOPARRENT."]</a>";}echo "<table cellpadding=2 width=740>";$handle = opendir($dirName);while($entry = readdir($handle)){$entrys[] = $entry;}natsort($entrys);foreach($entrys as $entry){if ($entry != "." && $entry != ".." && substr($entry, 0, 1) != "."){if (@is_dir($dirName.$entry)){echo "<tr bgcolor=\"".$bg."\"><td><a href=\"dir.php?dir=".urlencode($dir.$entry)."\"><img src=\"images/folder2.gif\" width=\"16\" height=\"16\" title=\"".$entry."\" border=\"0\" align=\"absmiddle\">".$entry."</a></td>";echo "<td> </td>";echo "<td> </td>";echo "<td align=\"right\">";if ($cfg["enable_maketorrent"]){echo "<a href=\"JavaScript:MakeTorrent('maketorrent.php?path=".urlencode($dir.$entry)."')\"><img src=\"images/make.gif\" width=16 height=16 title=\"Make Torrent\" border=0></a>";}if ($cfg["enable_file_download"]){echo "<a href=\"dir.php?tar=".urlencode($dir.$entry)."\"><img src=\"images/tar_down.gif\" width=16 height=16 title=\"Download as ".$cfg["package_type"]."\" border=0></a>";}// The following lines of code were suggested by Jody Steele jmlsteele@stfu.ca// this is so only the owner of the file(s) or admin can delete// only give admins and users who "own" this directory// the ability to delete sub directoriesif(IsAdmin($cfg["user"]) || preg_match("/^" . $cfg["user"] . "/",$dir)){echo "<a href=\"dir.php?del=".urlencode($dir.$entry)."\" onclick=\"return ConfirmDelete('".addslashes($entry)."')\"><img src=\"images/delete_on.gif\" width=16 height=16 title=\""._DELETE."\" border=0></a>";}else{echo " ";}echo "</td></tr>\n";if ($bg == $bgLight){$bg = $bgDark;}else{$bg = $bgLight;}}else{// Do nothing}}}closedir($handle);$entrys = array();$handle = opendir($dirName);while($entry = readdir($handle)){$entrys[] = $entry;}natsort($entrys);foreach($entrys as $entry){if ($entry != "." && $entry != ".."){if (@is_dir($dirName.$entry)){// Do nothing}else{$arStat = @lstat($dirName.$entry);$arStat[7] = ( $arStat[7] == 0 )? file_size( $dirName . $entry ) : $arStat[7];if (array_key_exists(10,$arStat)){$timeStamp = $arStat[10];}else{$timeStamp = "";}$fileSize = number_format(($arStat[7])/1024);// Code added by Remko Jantzen to assign an icon per file-type. But when not// available all stays the same.$image="images/time.gif";$imageOption="images/files/".getExtension($entry).".png";if (file_exists("./".$imageOption)){$image = $imageOption;}echo "<tr bgcolor=\"".$bg."\">";echo "<td>";// Can users download files?if ($cfg["enable_file_download"]){// Yes, let them downloadecho "<a href=\"dir.php?down=".urlencode($dir.$entry)."\" >";echo "<img src=\"".$image."\" width=\"16\" height=\"16\" alt=\"".$entry."\" border=\"0\"></a>";echo "<a href=\"dir.php?down=".urlencode($dir.$entry)."\" >".$entry."</a>";}else{// No, just show the nameecho "<img src=\"".$image."\" width=\"16\" height=\"16\" alt=\"".$entry."\" border=\"0\">";echo $entry;}echo "</td>";echo "<td align=\"right\">".$fileSize." KB</td>";echo "<td>".date("m-d-Y g:i a", $timeStamp)."</td>";echo "<td align=\"right\">";if( $cfg["enable_view_nfo"] && (( substr( strtolower($entry), -4 ) == ".nfo" ) || ( substr( strtolower($entry), -4 ) == ".txt" )) ){echo "<a href=\"viewnfo.php?path=".urlencode(addslashes($dir.$entry))."\"><img src=\"images/view_nfo.gif\" width=16 height=16 title=\"View '$entry'\" border=0></a>";}if ($cfg["enable_maketorrent"]){echo "<a href=\"JavaScript:MakeTorrent('maketorrent.php?path=".urlencode($dir.$entry)."')\"><img src=\"images/make.gif\" width=16 height=16 title=\"Make Torrent\" border=0></a>";}if ($cfg["enable_file_download"]){// Show the download buttonecho "<a href=\"dir.php?down=".urlencode($dir.$entry)."\" >";echo "<img src=\"images/download_owner.gif\" width=16 height=16 title=\"Download\" border=0>";echo "</a>";}// The following lines of code were suggested by Jody Steele jmlsteele@stfu.ca// this is so only the owner of the file(s) or admin can delete// only give admins and users who "own" this directory// the ability to delete filesif(IsAdmin($cfg["user"]) || preg_match("/^" . $cfg["user"] . "/",$dir)){echo "<a href=\"dir.php?del=".urlencode($dir.$entry)."\" onclick=\"return ConfirmDelete('".addslashes($entry)."')\"><img src=\"images/delete_on.gif\" width=16 height=16 title=\""._DELETE."\" border=0></a>";}else{echo " ";}echo "</td></tr>\n";if ($bg == $bgLight){$bg = $bgDark;}else{$bg = $bgLight;}}}}closedir($handle);echo "</table>";}// ***************************************************************************// ***************************************************************************// Checks for the location of the users directory// If it does not exist, then it creates it.function checkUserPath(){global $cfg;// is there a user dir?if (!is_dir($cfg["path"].$cfg["user"])){//Then create itmkdir($cfg["path"].$cfg["user"], 0777);}}// This function returns the extension of a given file.// Where the extension is the part after the last dot.// When no dot is found the noExtensionFile string is// returned. This should point to a 'unknown-type' image// time by default. This string is also returned when the// file starts with an dot.function getExtension($fileName){$noExtensionFile="unknown"; // The return when no extension is found//Prepare the loop to find an extension$length = -1*(strlen($fileName)); // The maximum negative value for $i$i=-1; //The counter which counts back to $length//Find the last dot in an stringwhile (substr($fileName,$i,1) != "." && $i > $length) {$i -= 1; }//Get the extension (with dot)$ext = substr($fileName,$i);//Decide what to return.if (substr($ext,0,1)==".") {$ext = substr($ext,((-1 * strlen($ext))+1)); } else {$ext = $noExtensionFile;}//Return the extensionreturn strtolower($ext);}?>