Blame | Last modification | View Log | Download
<?php
/*************************************************************
* TorrentFlux - PHP Torrent Manager
* www.torrentflux.com
**************************************************************/
/*
This file is part of TorrentFlux.
TorrentFlux is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2 of the License, or
(at your option) any later version.
TorrentFlux is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with TorrentFlux; if not, write to the Free Software
Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
*/
include_once("config.php");
include_once("functions.php");
checkUserPath();
// Setup some defaults if they are not set.
$del = getRequestVar('del');
$down = getRequestVar('down');
$tar = getRequestVar('tar');
$dir = stripslashes(urldecode(getRequestVar('dir')));
// Are we to delete something?
if ($del != "")
{
$current = "";
// The following lines of code were suggested by Jody Steele jmlsteele@stfu.ca
// this is so only the owner of the file(s) or admin can delete
if(IsAdmin($cfg["user"]) || preg_match("/^" . $cfg["user"] . "/",$del))
{
// Yes, then delete it
// we need to strip slashes twice in some circumstances
// Ex. If we are trying to delete test/tester's file/test.txt
// $del will be "test/tester\\\'s file/test.txt"
// one strip will give us "test/tester\'s file/test.txt
// the second strip will give us the correct
// "test/tester's file/test.txt"
$del = stripslashes(stripslashes($del));
if (!ereg("(\.\.\/)", $del))
{
avddelete($cfg["path"].$del);
$arTemp = explode("/", $del);
if (count($arTemp) > 1)
{
array_pop($arTemp);
$current = implode("/", $arTemp);
}
AuditAction($cfg["constants"]["fm_delete"], $del);
}
else
{
AuditAction($cfg["constants"]["error"], "ILLEGAL DELETE: ".$cfg['user']." tried to delete ".$del);
}
}
else
{
AuditAction($cfg["constants"]["error"], "ILLEGAL DELETE: ".$cfg['user']." tried to delete ".$del);
}
header("Location: dir.php?dir=".urlencode($current));
}
// Are we to download something?
if ($down != "" && $cfg["enable_file_download"])
{
$current = "";
// Yes, then download it
// we need to strip slashes twice in some circumstances
// Ex. If we are trying to download test/tester's file/test.txt
// $down will be "test/tester\\\'s file/test.txt"
// one strip will give us "test/tester\'s file/test.txt
// the second strip will give us the correct
// "test/tester's file/test.txt"
$down = stripslashes(stripslashes($down));
if (!ereg("(\.\.\/)", $down))
{
$path = $cfg["path"].$down;
$p = explode(".", $path);
$pc = count($p);
$f = explode("/", $path);
$file = array_pop($f);
$arTemp = explode("/", $down);
if (count($arTemp) > 1)
{
array_pop($arTemp);
$current = implode("/", $arTemp);
}
if (file_exists($path))
{
header("Content-type: application/octet-stream\n");
header("Content-disposition: attachment; filename=\"".$file."\"\n");
header("Content-transfer-encoding: binary\n");
header("Content-length: " . file_size($path) . "\n");
// write the session to close so you can continue to browse on the site.
session_write_close("TorrentFlux");
//$fp = fopen($path, "r");
$fp = popen("cat \"$path\"", "r");
fpassthru($fp);
pclose($fp);
AuditAction($cfg["constants"]["fm_download"], $down);
exit();
}
else
{
AuditAction($cfg["constants"]["error"], "File Not found for download: ".$cfg['user']." tried to download ".$down);
}
}
else
{
AuditAction($cfg["constants"]["error"], "ILLEGAL DOWNLOAD: ".$cfg['user']." tried to download ".$down);
}
header("Location: dir.php?dir=".urlencode($current));
}
// Are we to download something?
if ($tar != "" && $cfg["enable_file_download"])
{
$current = "";
// Yes, then tar and download it
// we need to strip slashes twice in some circumstances
// Ex. If we are trying to download test/tester's file/test.txt
// $down will be "test/tester\\\'s file/test.txt"
// one strip will give us "test/tester\'s file/test.txt
// the second strip will give us the correct
// "test/tester's file/test.txt"
$tar = stripslashes(stripslashes($tar));
if (!ereg("(\.\.\/)", $tar))
{
// This prevents the script from getting killed off when running lengthy tar jobs.
ini_set("max_execution_time", 3600);
$tar = $cfg["path"].$tar;
$arTemp = explode("/", $tar);
if (count($arTemp) > 1)
{
array_pop($arTemp);
$current = implode("/", $arTemp);
}
// Find out if we're really trying to access a file within the
// proper directory structure. Sadly, this way requires that $cfg["path"]
// is a REAL path, not a symlinked one. Also check if $cfg["path"] is part
// of the REAL path.
if (is_dir($tar))
{
$sendname = basename($tar);
switch ($cfg["package_type"])
{
Case "tar":
$command = "tar cf - \"".addslashes($sendname)."\"";
break;
Case "zip":
$command = "zip -0r - \"".addslashes($sendname)."\"";
break;
default:
$cfg["package_type"] = "tar";
$command = "tar cf - \"".addslashes($sendname)."\"";
break;
}
// HTTP/1.0
header("Pragma: no-cache");
header("Content-Description: File Transfer");
header("Content-Type: application/force-download");
header('Content-Disposition: attachment; filename="'.$sendname.'.'.$cfg["package_type"].'"');
// write the session to close so you can continue to browse on the site.
session_write_close("TorrentFlux");
// Make it a bit easier for tar/zip.
chdir(dirname($tar));
passthru($command);
AuditAction($cfg["constants"]["fm_download"], $sendname.".".$cfg["package_type"]);
exit();
}
else
{
AuditAction($cfg["constants"]["error"], "Illegal download: ".$cfg['user']." tried to download ".$tar);
}
}
else
{
AuditAction($cfg["constants"]["error"], "ILLEGAL TAR DOWNLOAD: ".$cfg['user']." tried to download ".$tar);
}
header("Location: dir.php?dir=".urlencode($current));
}
if ($dir == "")
{
unset($dir);
}
if (isset($dir))
{
if (ereg("(\.\.)", $dir))
{
unset($dir);
}
else
{
$dir = $dir."/";
}
}
DisplayHead(_DIRECTORYLIST);
?>
<script language="JavaScript">
function MakeTorrent(name_file)
{
window.open (name_file,'_blank','toolbar=no,location=no,directories=no,status=no,menubar=no,scrollbars=yes,resizable=no,width=600,height=430')
}
function ConfirmDelete(file)
{
return confirm("<?php echo _ABOUTTODELETE ?>: " + file)
}
</script>
<?php
displayDriveSpaceBar(getDriveSpace($cfg["path"]));
echo "<br>";
if(!isset($dir)) $dir = "";
ListDirectory($cfg["path"].$dir);
DisplayFoot();
//**************************************************************************
// ListDirectory()
// This method reads files and directories in the specified path and
// displayes them.
function ListDirectory($dirName)
{
global $dir, $cfg;
$bgLight = $cfg["bgLight"];
$bgDark = $cfg["bgDark"];
$entrys = array();
$bg = $bgLight;
$dirName = stripslashes($dirName);
if (isset($dir))
{
//setup default parent directory URL
$parentURL = "dir.php";
//get the real parentURL
if (preg_match("/^(.+)\/.+$/",$dir,$matches) == 1)
{
$parentURL="dir.php?dir=" . urlencode($matches[1]);
}
echo "<a href=\"" . $parentURL . "\"><img src=\"images/up_dir.gif\" width=16 height=16 title=\""._BACKTOPARRENT."\" border=0>["._BACKTOPARRENT."]</a>";
}
echo "<table cellpadding=2 width=740>";
$handle = opendir($dirName);
while($entry = readdir($handle))
{
$entrys[] = $entry;
}
natsort($entrys);
foreach($entrys as $entry)
{
if ($entry != "." && $entry != ".." && substr($entry, 0, 1) != ".")
{
if (@is_dir($dirName.$entry))
{
echo "<tr bgcolor=\"".$bg."\"><td><a href=\"dir.php?dir=".urlencode($dir.$entry)."\"><img src=\"images/folder2.gif\" width=\"16\" height=\"16\" title=\"".$entry."\" border=\"0\" align=\"absmiddle\">".$entry."</a></td>";
echo "<td> </td>";
echo "<td> </td>";
echo "<td align=\"right\">";
if ($cfg["enable_maketorrent"])
{
echo "<a href=\"JavaScript:MakeTorrent('maketorrent.php?path=".urlencode($dir.$entry)."')\"><img src=\"images/make.gif\" width=16 height=16 title=\"Make Torrent\" border=0></a>";
}
if ($cfg["enable_file_download"])
{
echo "<a href=\"dir.php?tar=".urlencode($dir.$entry)."\"><img src=\"images/tar_down.gif\" width=16 height=16 title=\"Download as ".$cfg["package_type"]."\" border=0></a>";
}
// The following lines of code were suggested by Jody Steele jmlsteele@stfu.ca
// this is so only the owner of the file(s) or admin can delete
// only give admins and users who "own" this directory
// the ability to delete sub directories
if(IsAdmin($cfg["user"]) || preg_match("/^" . $cfg["user"] . "/",$dir))
{
echo "<a href=\"dir.php?del=".urlencode($dir.$entry)."\" onclick=\"return ConfirmDelete('".addslashes($entry)."')\"><img src=\"images/delete_on.gif\" width=16 height=16 title=\""._DELETE."\" border=0></a>";
}
else
{
echo " ";
}
echo "</td></tr>\n";
if ($bg == $bgLight)
{
$bg = $bgDark;
}
else
{
$bg = $bgLight;
}
}
else
{
// Do nothing
}
}
}
closedir($handle);
$entrys = array();
$handle = opendir($dirName);
while($entry = readdir($handle))
{
$entrys[] = $entry;
}
natsort($entrys);
foreach($entrys as $entry)
{
if ($entry != "." && $entry != "..")
{
if (@is_dir($dirName.$entry))
{
// Do nothing
}
else
{
$arStat = @lstat($dirName.$entry);
$arStat[7] = ( $arStat[7] == 0 )? file_size( $dirName . $entry ) : $arStat[7];
if (array_key_exists(10,$arStat))
{
$timeStamp = $arStat[10];
}
else
{
$timeStamp = "";
}
$fileSize = number_format(($arStat[7])/1024);
// Code added by Remko Jantzen to assign an icon per file-type. But when not
// available all stays the same.
$image="images/time.gif";
$imageOption="images/files/".getExtension($entry).".png";
if (file_exists("./".$imageOption))
{
$image = $imageOption;
}
echo "<tr bgcolor=\"".$bg."\">";
echo "<td>";
// Can users download files?
if ($cfg["enable_file_download"])
{
// Yes, let them download
echo "<a href=\"dir.php?down=".urlencode($dir.$entry)."\" >";
echo "<img src=\"".$image."\" width=\"16\" height=\"16\" alt=\"".$entry."\" border=\"0\"></a>";
echo "<a href=\"dir.php?down=".urlencode($dir.$entry)."\" >".$entry."</a>";
}
else
{
// No, just show the name
echo "<img src=\"".$image."\" width=\"16\" height=\"16\" alt=\"".$entry."\" border=\"0\">";
echo $entry;
}
echo "</td>";
echo "<td align=\"right\">".$fileSize." KB</td>";
echo "<td>".date("m-d-Y g:i a", $timeStamp)."</td>";
echo "<td align=\"right\">";
if( $cfg["enable_view_nfo"] && (( substr( strtolower($entry), -4 ) == ".nfo" ) || ( substr( strtolower($entry), -4 ) == ".txt" )) )
{
echo "<a href=\"viewnfo.php?path=".urlencode(addslashes($dir.$entry))."\"><img src=\"images/view_nfo.gif\" width=16 height=16 title=\"View '$entry'\" border=0></a>";
}
if ($cfg["enable_maketorrent"])
{
echo "<a href=\"JavaScript:MakeTorrent('maketorrent.php?path=".urlencode($dir.$entry)."')\"><img src=\"images/make.gif\" width=16 height=16 title=\"Make Torrent\" border=0></a>";
}
if ($cfg["enable_file_download"])
{
// Show the download button
echo "<a href=\"dir.php?down=".urlencode($dir.$entry)."\" >";
echo "<img src=\"images/download_owner.gif\" width=16 height=16 title=\"Download\" border=0>";
echo "</a>";
}
// The following lines of code were suggested by Jody Steele jmlsteele@stfu.ca
// this is so only the owner of the file(s) or admin can delete
// only give admins and users who "own" this directory
// the ability to delete files
if(IsAdmin($cfg["user"]) || preg_match("/^" . $cfg["user"] . "/",$dir))
{
echo "<a href=\"dir.php?del=".urlencode($dir.$entry)."\" onclick=\"return ConfirmDelete('".addslashes($entry)."')\"><img src=\"images/delete_on.gif\" width=16 height=16 title=\""._DELETE."\" border=0></a>";
}
else
{
echo " ";
}
echo "</td></tr>\n";
if ($bg == $bgLight)
{
$bg = $bgDark;
}
else
{
$bg = $bgLight;
}
}
}
}
closedir($handle);
echo "</table>";
}
// ***************************************************************************
// ***************************************************************************
// Checks for the location of the users directory
// If it does not exist, then it creates it.
function checkUserPath()
{
global $cfg;
// is there a user dir?
if (!is_dir($cfg["path"].$cfg["user"]))
{
//Then create it
mkdir($cfg["path"].$cfg["user"], 0777);
}
}
// This function returns the extension of a given file.
// Where the extension is the part after the last dot.
// When no dot is found the noExtensionFile string is
// returned. This should point to a 'unknown-type' image
// time by default. This string is also returned when the
// file starts with an dot.
function getExtension($fileName)
{
$noExtensionFile="unknown"; // The return when no extension is found
//Prepare the loop to find an extension
$length = -1*(strlen($fileName)); // The maximum negative value for $i
$i=-1; //The counter which counts back to $length
//Find the last dot in an string
while (substr($fileName,$i,1) != "." && $i > $length) {$i -= 1; }
//Get the extension (with dot)
$ext = substr($fileName,$i);
//Decide what to return.
if (substr($ext,0,1)==".") {$ext = substr($ext,((-1 * strlen($ext))+1)); } else {$ext = $noExtensionFile;}
//Return the extension
return strtolower($ext);
}
?>