home *** CD-ROM | disk | FTP | other *** search

---

/ Chip 2004 April / CMCD0404.ISO / Software / Freeware / Programare / groupoffice-com-2.01 / modules / filesystem / index.php

< prev

next >

Wrap

PHP Script  |  2004-03-08  |  18KB  |  615 lines

---

1. <?php
2. /*
3. Copyright Intermesh 2003
4. Author: Merijn Schering <mschering@intermesh.nl>
5. Version: 1.0 Release date: 08 July 2003
6.  
7. This program is free software; you can redistribute it and/or modify it
8. under the terms of the GNU General Public License as published by the
9. Free Software Foundation; either version 2 of the License, or (at your
10. option) any later version.
11. */
12.  
13. $popup_feedback = '';
14. $mode = isset($_REQUEST['mode']) ? $_REQUEST['mode'] : 'normal';
15.  
16. function access_denied_box($file)
17. {
18.     global $strAccessDenied;
19.     $string = "<script type=\"text/javascript\" language=\"javascript\">\n";
20.     $string .= "alert('".$strAccessDenied.": ".basename($file)."');\n";
21.     $string .=  "</script>\n";
22.     return $string;
23. }
24.  
25. function feedback($text)
26. {
27.     $string = "<script type=\"text/javascript\" language=\"javascript\">\n";
28.     $string .= 'alert("'.$text.'");';
29.     $string .= "</script>\n";
30.     return $string;
31. }
32. //set umask to 000 and remember the old umaks to reset it below
33. //umask must be 000 to create 777 files and folders
34. $old_umask = umask(000);
35.  
36. //basic group-office authentication
37. if (!defined('GO_LOADED'))
38. {
39.     require_once("../../Group-Office.php");
40. }
41. $GO_SECURITY->authenticate();
42. $GO_MODULES->authenticate('filesystem');
43. require($GO_LANGUAGE->get_language_file('filesystem'));
44.  
45. $GO_HANDLER = isset($GO_HANDLER) ? $GO_HANDLER : 'download.php';
46. $GO_MULTI_SELECT = isset($GO_MULTI_SELECT) ? $GO_MULTI_SELECT : true;
47.  
48. $target_frame = isset($target_frame) ? $target_frame : '_blank';
49.  
50. //set path to browse
51. $home_path = $GO_CONFIG->file_storage_path.$_SESSION['GO_SESSION']['username'];
52. $_SESSION['GO_FILESYSTEM_PATH'] = isset($_SESSION['GO_FILESYSTEM_PATH']) ? smartstrip($_SESSION['GO_FILESYSTEM_PATH']) : $home_path;
53. $path = isset($_REQUEST['path']) ? smartstrip($_REQUEST['path']) : $_SESSION['GO_FILESYSTEM_PATH'];
54. $urlencoded_path = urlencode($path);
55. $return_to_path = isset($_REQUEST['return_to_path']) ? smartstrip($_REQUEST['return_to_path']) : $path;
56.  
57. //create filesystem and filetypes object
58. require_once($GO_CONFIG->class_path.'filesystem.class.inc');
59. require_once($GO_CONFIG->class_path.'filetypes.class.inc');
60. $fs = new filesystem();
61. $filetypes = new filetypes();
62.  
63. //define task to peform
64. $task = isset($_REQUEST['task']) ? $_REQUEST['task'] : '';
65. $_SESSION['cut_files'] = isset($_SESSION['cut_files']) ? $_SESSION['cut_files'] : array();
66. $_SESSION['cut_folders'] = isset($_SESSION['cut_folders']) ? $_SESSION['cut_folders'] : array();
67. $_SESSION['copy_folders'] = isset($_SESSION['copy_folders']) ? $_SESSION['copy_folders'] : array();
68. $_SESSION['copy_files'] = isset($_SESSION['copy_files']) ? $_SESSION['copy_files'] : array();
69.  
70. //vars used to remember files that are to be overwritten or not
71. $overwrite_destination_path = isset($_POST['overwrite_destination_path']) ? smartstrip($_POST['overwrite_destination_path']) : '';
72. $overwrite_source_path = isset($_POST['overwrite_source_path']) ? smartstrip($_POST['overwrite_source_path']) : '';
73. $overwrite_all = (isset($_POST['overwrite_all']) && $_POST['overwrite_all'] == 'true') ? 'true': 'false';
74. $overwrite = isset($_POST['overwrite']) ? $_POST['overwrite'] : $overwrite_all;
75.  
76. //check read permissions and remember last browsed path
77. if (!$fs->has_read_permission($GO_SECURITY->user_id, $path))
78. {
79.     $_SESSION['GO_FILESYSTEM_PATH'] = $home_path;
80.     $task = 'access_denied';
81. }else
82. {
83.     $_SESSION['GO_FILESYSTEM_PATH'] = $path;
84. }
85.  
86. //cut paste or copy before output has started
87. switch ($task)
88. {
89.     case 'upload':
90.         if ($_SERVER['REQUEST_METHOD'] == 'POST')
91.         {
92.             $task = 'list';
93.             if (isset($_FILES['file']))
94.             {
95.                 $_SESSION['cut_files'] = array();
96.                 $_SESSION['cut_folders'] = array();
97.                 $_SESSION['copy_folders'] = array();
98.                 $_SESSION['copy_files'] = array();
99.                 for ($i=0;$i<count($_FILES['file']);$i++)
100.                 {
101.                     if (is_uploaded_file($_FILES['file']['tmp_name'][$i]))
102.                     {
103.                         $extension = get_extension($_FILES['file']['name'][$i]);
104.                         if (!$filetypes->get_type($extension))
105.                         {
106.                             $filetypes->add_type($extension, $_FILES['file']['type'][$i]);
107.                         }
108.  
109.                         if($fs->copy($_FILES['file']['tmp_name'][$i], $GO_CONFIG->tmpdir.'/'.$_FILES['file']['name'][$i]))
110.                         {
111.                             $_SESSION['copy_files'][] = $GO_CONFIG->tmpdir.'/'.$_FILES['file']['name'][$i];
112.                         }
113.                     }
114.                 }
115.  
116.                 while ($file = smartstrip(array_shift($_SESSION['copy_files'])))
117.                 {
118.                     $new_path = $path.'/'.basename($file);
119.                     if (!$fs->has_write_permission($GO_SECURITY->user_id, $path))
120.                     {
121.                         $popup_feedback .= access_denied_box($path);
122.                         break;
123.                     }elseif(file_exists($new_path))
124.                     {
125.                         if ($overwrite_destination_path == $new_path && $overwrite_all != 'true')
126.                         {
127.                             if ($overwrite == "true")
128.                             {
129.                                 $fs->copy($file, $new_path);
130.                             }
131.                         }else
132.                         {
133.                             array_unshift($_SESSION['copy_files'], $file);
134.                             $overwrite_source_path = $file;
135.                             $overwrite_destination_path = $new_path;
136.                             $task = 'overwrite';
137.                             break;
138.                         }
139.                     }else
140.                     {
141.                         $fs->copy($file, $path.'/'.basename($file));
142.                     }
143.                 }
144.             }else
145.             {
146.                 $task = 'upload';
147.                 $feedback = '<p class="Error">'.$fbNoFile.' '.format_size($GO_CONFIG->max_file_size).'</p>';
148.             }
149.         }
150.     break;
151.  
152.     case  'cut':
153.         $_SESSION['cut_files'] = isset($_POST['files']) ? $_POST['files'] : array();
154.         $_SESSION['cut_folders'] = isset($_POST['folders']) ? $_POST['folders'] : array();
155.         $_SESSION['copy_folders'] = array();
156.         $_SESSION['copy_files'] = array();
157.     break;
158.  
159.     case 'copy':
160.         $_SESSION['copy_files'] = isset($_POST['files']) ? $_POST['files'] : array();
161.         $_SESSION['copy_folders'] = isset($_POST['folders']) ? $_POST['folders'] : array();
162.         $_SESSION['cut_folders'] = array();
163.         $_SESSION['cut_files'] = array();
164.     break;
165.  
166.     case 'paste':
167.         while ($file = smartstrip(array_shift($_SESSION['cut_files'])))
168.         {
169.             if ($file != $path.'/'.basename($file))
170.             {
171.                 if (!$fs->has_write_permission($GO_SECURITY->user_id, $file))
172.                 {
173.                     $popup_feedback .= access_denied_box($file);
174.                     break;
175.                 }elseif(!$fs->has_write_permission($GO_SECURITY->user_id, $path))
176.                 {
177.                     $popup_feedback .= access_denied_box($path);
178.                     break;
179.                 }elseif(file_exists($path.'/'.basename($file)))
180.                 {
181.                     if ($overwrite_destination_path == $path.'/'.basename($file) || $overwrite_all == 'true')
182.                     {
183.                         if ($overwrite == "true")
184.                         {
185.                             $fs->move($file, $path.'/'.basename($file));
186.                         }
187.                     }else
188.                     {
189.                         array_unshift($_SESSION['cut_files'], $file);
190.                         $overwrite_source_path = $file;
191.                         $overwrite_destination_path = $path.'/'.basename($file);
192.                         $task = 'overwrite';
193.                         break;
194.                     }
195.                 }else
196.                 {
197.                     $fs->move($file, $path.'/'.basename($file));
198.                 }
199.             }
200.         }
201.         while ($file = smartstrip(array_shift($_SESSION['copy_files'])))
202.         {
203.             if ($file != $path.'/'.basename($file))
204.             {
205.                 if (!$fs->has_read_permission($GO_SECURITY->user_id, $file))
206.                 {
207.                     $popup_feedback .= access_denied_box($file);
208.                     break;
209.                 }elseif(!$fs->has_write_permission($GO_SECURITY->user_id, $path))
210.                 {
211.                     $popup_feedback .= access_denied_box($path);
212.                     break;
213.                 }elseif(file_exists($path.'/'.basename($file)))
214.                 {
215.                     if ($overwrite_destination_path == $path.'/'.basename($file) || $overwrite_all == 'true')
216.                     {
217.                         if ($overwrite == "true")
218.                         {
219.                             $fs->copy($file, $path.'/'.basename($file));
220.                         }
221.                     }else
222.                     {
223.                         array_unshift($_SESSION['copy_files'], $file);
224.                         $overwrite_source_path = $file;
225.                         $overwrite_destination_path = $path.'/'.basename($file);
226.                         $task = 'overwrite';
227.                         break;
228.                     }
229.                 }else
230.                 {
231.                     $fs->copy($file, $path.'/'.basename($file));
232.                 }
233.             }
234.         }
235.         while ($folder = smartstrip(array_shift($_SESSION['cut_folders'])))
236.         {
237.             if ($folder != $path.'/'.basename($folder))
238.             {
239.                 if (!$fs->has_write_permission($GO_SECURITY->user_id, $folder))
240.                 {
241.                     $popup_feedback .= access_denied_box($folder);
242.                     break;
243.                 }elseif(!$fs->has_write_permission($GO_SECURITY->user_id, $path))
244.                 {
245.                     $popup_feedback .= access_denied_box($path);
246.                     break;
247.                 }elseif(file_exists($path.'/'.basename($folder)))
248.                 {
249.                     if ($overwrite_destination_path == $path.'/'.basename($folder) || $overwrite_all == 'true')
250.                     {
251.                         if ($overwrite == "true")
252.                         {
253.                             $fs->move($folder, $path.'/'.basename($folder));
254.                         }
255.                     }else
256.                     {
257.                         array_unshift($_SESSION['cut_folders'], $folder);
258.                         $overwrite_source_path = $folder;
259.                         $overwrite_destination_path = $path.'/'.basename($folder);
260.                         $task = 'overwrite';
261.                         break;
262.                     }
263.                 }else
264.                 {
265.                     $fs->move($folder, $path.'/'.basename($folder));
266.                 }
267.             }
268.         }
269.         while ($folder = smartstrip(array_shift($_SESSION['copy_folders'])))
270.         {
271.             if ($folder != $path.'/'.basename($folder))
272.             {
273.                 if (!$fs->has_read_permission($GO_SECURITY->user_id, $folder))
274.                 {
275.                     $popup_feedback .= access_denied_box($folder);
276.                     break;
277.                 }elseif(!$fs->has_write_permission($GO_SECURITY->user_id, $path))
278.                 {
279.                     $popup_feedback .= access_denied_box($folder);
280.                     break;
281.                 }elseif(file_exists($path.'/'.basename($folder)))
282.                 {
283.                     if ($overwrite_destination_path == $path.'/'.basename($folder) || $overwrite_all == 'true')
284.                     {
285.                         if ($overwrite == "true")
286.                         {
287.                             $fs->copy($folder, $path.'/'.basename($folder));
288.                         }
289.                     }else
290.                     {
291.                         array_unshift($_SESSION['copy_folders'], $folder);
292.                         $overwrite_source_path = $folder;
293.                         $overwrite_destination_path = $path.'/'.basename($folder);
294.                         $task = 'overwrite';
295.                         break;
296.                     }
297.                 }else
298.                 {
299.                     $fs->copy($folder, $path.'/'.basename($folder));
300.                 }
301.             }
302.         }
303.     break;
304.  
305.     case 'properties':
306.         if (isset($_POST['name']))
307.         {
308.             $name = trim($_POST['name']);
309.             if(validate_input($name))
310.             {
311.                 if (isset($_POST['share_folder']) && !$fs->get_share($path))
312.                 {
313.                     $fs->add_share($GO_SECURITY->user_id, $path);
314.                 }else
315.                 {
316.                     if (!isset($_POST['share_folder']))
317.                     {
318.                         $fs->delete_share($path);
319.                     }
320.                 }
321.  
322.                 if (!$fs->has_write_permission($GO_SECURITY->user_id, $path))
323.                 {
324.                     $feedback = '<p class="Error">'.$strAccessDenied.'</p>';
325.                 }elseif ($name == '')
326.                 {
327.                     $feedback = '<p class="Error">'.$error_missing_field.'</p>';
328.                 }else
329.                 {
330.                     if ($_POST['extension'] != '')
331.                     {
332.                         $_POST['extension'] = '.'.$_POST['extension'];
333.                     }
334.                     $location = dirname($path);
335.                     $name = smartstrip($name);
336.                     $new_path = $location.'/'.$name.$_POST['extension'];
337.                     if($name.$_POST['extension'] != basename($path))
338.                     {
339.                         if (file_exists($new_path))
340.                         {
341.                             $feedback = '<p class="Error">'.$fbNameExists.'</p>';
342.                         }else
343.                         {
344.                             if ($fs->move($path, $new_path))
345.                             {
346.                                 if ($return_to_path == $path)
347.                                 {
348.                                     $return_to_path = $new_path;
349.                                 }
350.                                 $path = $new_path;
351.                                 $urlencoded_path = urlencode($path);
352.                             }
353.                         }
354.                     }
355.                 }
356.             }else
357.             {
358.                 $feedback = '<p class="Error">'.$invalid_chars .': " & ? / \</p>';
359.             }
360.             if ($_POST['close']=='true' && !isset($feedback))
361.             {
362.                 $path = $return_to_path;
363.                 $urlencoded_path = urlencode($path);
364.                 $task = '';
365.             }
366.  
367.         }
368.     break;
369.  
370.     case 'save_archive':
371.         if (isset($_POST['archive_files']))
372.         {
373.             $name = trim($_POST['name']);
374.             if ($name == '')
375.             {
376.                 $feedback = '<p class="Error">'.$error_missing_field.'</p>';
377.                 $task = 'create_archive';
378.             }else
379.             {
380.  
381.                 switch ($_POST['compression_type'])
382.                 {
383.                     case 'zip':
384.                         if (get_extension($name) != $_POST['compression_type'])
385.                         {
386.                             $name .= '.'.$_POST['compression_type'];
387.                         }
388.                         require($GO_CONFIG->class_path.'pclzip.class.inc');
389.                         $zip = new PclZip($path.$GO_CONFIG->slash.$name);
390.                         $zip->create($_POST['archive_files'], PCLZIP_OPT_REMOVE_PATH, $path);
391.                     break;
392.  
393.                     default:
394.                         if (get_extension($name) != $_POST['compression_type'])
395.                         {
396.                             $name .= '.tar.'.$_POST['compression_type'];
397.                         }
398.                         require($GO_CONFIG->class_path.'pearTar.class.inc');
399.                         $tar = new Archive_Tar($path.$GO_CONFIG->slash.$name, $_POST['compression_type']);
400.  
401.                         if (!$tar->createModify($_POST['archive_files'], '', $path.$GO_CONFIG->slash))
402.                         {
403.                             $feedback = '<p class="Error">'.$fb_failed_to_create.'</p>';
404.                             $task = 'create_archive';
405.                         }
406.                     break;
407.                 }
408.             }
409.         }
410.     break;
411.  
412.     case 'extract':
413.         if (isset($_POST['files']))
414.         {
415.             require($GO_CONFIG->class_path.'pearTar.class.inc');
416.             require($GO_CONFIG->class_path.'pclzip.class.inc');
417.             while ($file = array_shift($_POST['files']))
418.             {
419.                 if (strtolower(get_extension($file)) == 'zip')
420.                 {
421.                     $zip = new PclZip($file);
422.                     if (!$zip->extract(PCLZIP_OPT_PATH, $path, PCLZIP_OPT_SET_CHMOD, $GO_CONFIG->create_mode))
423.                     {
424.                         $popup_feedback .= feedback($zip->errorInfo(true));
425.                     }
426.                 }else
427.                 {
428.                     $tar = new Archive_Tar($file);
429.                     if(!$tar->extract($path))
430.                     {
431.                         $popup_feedback .= feedback($fb_failed_to_create.": '$file'");
432.                     }
433.                 }
434.             }
435.         }
436.     break;
437. }
438.  
439. $page_title = str_replace($GO_CONFIG->file_storage_path,$GO_CONFIG->slash,$path);
440.  
441. //remeber sorting of the list in a cookie
442. if (isset($_REQUEST['new_sort_field']))
443. {
444.     SetCookie("fs_sort_field",$_REQUEST['new_sort_field'],time()+3600*24*365,"/","",0);
445.     $_COOKIE['fs_sort_field'] = $_REQUEST['new_sort_field'];
446. }
447.  
448. if (isset($_REQUEST['new_sort_direction']))
449. {
450.     SetCookie("fs_sort_direction",$_REQUEST['new_sort_direction'],time()+3600*24*365,"/","",0);
451.     $_COOKIE['fs_sort_direction'] = $_REQUEST['new_sort_direction'];
452. }
453.  
454. require($GO_THEME->theme_path.'header.inc');
455.  
456. echo $popup_feedback;
457.  
458. echo '<form name="filesystem" method="post" action="'.$_SERVER['PHP_SELF'].'" enctype="multipart/form-data">';
459. echo '<input type="hidden" name="path" value="'.$path.'" />';
460. echo '<input type="hidden" name="return_to_path" value="'.$return_to_path.'" />';
461. echo '<input type="hidden" name="share_path" />';
462.  
463. switch ($task)
464. {
465.     case 'mail_files':
466.  
467.         $_SESSION['attach_array'] = array();
468.         $_SESSION['num_attach']=0;
469.         require($GO_CONFIG->class_path."email.class.inc");
470.         $email = new email();
471.         if (isset($_POST['files']))
472.         {
473.             while ($file = smartstrip(array_shift($_POST['files'])))
474.             {
475.                 if ($fs->has_read_permission($GO_SECURITY->user_id, $file))
476.                 {
477.                     $filename = basename($file);
478.                     $extension = get_extension($filename);
479.                     if (!$type = $filetypes->get_type($extension))
480.                     {
481.                         $type = $filetypes->add_type($extension);
482.                     }
483.  
484.                     $email->register_attachment($file, $filename, filesize($file), $type['mime']);
485.                 }else
486.                 {
487.                     $popup_feedback .= access_denied_box(basename($file));
488.                 }
489.             }
490.  
491.             $module = $GO_MODULES->get_module('email');
492.  
493.             echo '<script type="text/javascript" language="javascript">';
494.             echo 'popup("'.$GO_CONFIG->host.$module['path'].'send.php?email_file=true","650","580");';
495.             echo '</script>';
496.         }
497.         require('listview.inc');
498.     break;
499.  
500.     case 'delete':
501.         if (isset($_POST['files']))
502.         {
503.             for ($i=0;$i<count($_POST['files']);$i++)
504.             {
505.                 $file = smartstrip($_POST['files'][$i]);
506.                 if(!$fs->delete($file))
507.                 {
508.                     $popup_feedback .= access_denied_box(basename($file));
509.                 }
510.             }
511.         }
512.  
513.         if (isset($_POST['folders']))
514.         {
515.             for ($i=0;$i<count($_POST['folders']);$i++)
516.             {
517.                 $folder = smartstrip($_POST['folders'][$i]);
518.                 if(!$fs->delete($folder))
519.                 {
520.                     $popup_feedback .= access_denied_box(basename($folder));
521.                 }
522.             }
523.         }
524.         require('listview.inc');
525.     break;
526.  
527.     case 'access_denied':
528.         require($GO_CONFIG->root_path.'error_docs/401.inc');
529.     break;
530.  
531.     case 'new_folder':
532.         if ($_SERVER['REQUEST_METHOD'] == 'POST')
533.         {
534.             $name = smartstrip($_POST['name']);
535.             if ($name =='')
536.             {
537.                 $feedback = '<p class="Error">'.$error_missing_field.'</p>';
538.                 require('new_folder.inc');
539.             }elseif(!validate_input($name))
540.             {
541.                 $feedback = '<p class="Error">'.$invalid_chars .': " & ? / \</p>';
542.                 require('new_folder.inc');
543.             }elseif(file_exists($path.'/'.$name))
544.             {
545.                 $feedback = '<p class="Error">'.$fbFolderExists.'</p>';
546.                 require('new_folder.inc');
547.             }elseif(!@mkdir($path.'/'.$name, $GO_CONFIG->create_mode))
548.             {
549.                 $feedback = '<p class="Error">'.$strSaveError.'</p>';
550.                 require('new_folder.inc');
551.             }else
552.             {
553.                 require('listview.inc');
554.             }
555.         }else
556.         {
557.             if ($fs->has_write_permission($GO_SECURITY->user_id, $path))
558.             {
559.                 require('new_folder.inc');
560.             }else
561.             {
562.                 require($GO_CONFIG->root_path.'error_docs/401.inc');
563.             }
564.         }
565.     break;
566.  
567.     case 'upload':
568.         if ($fs->has_write_permission($GO_SECURITY->user_id, $path))
569.         {
570.             require('upload.inc');
571.         }else
572.         {
573.             require($GO_CONFIG->root_path.'error_docs/401.inc');
574.         }
575.     break;
576.  
577.     case 'overwrite':
578.         require('overwrite.inc');
579.     break;
580.  
581.     case 'properties':
582.         require('properties.inc');
583.     break;
584.  
585.     case 'read_permissions':
586.         require('read_permissions.inc');
587.     break;
588.  
589.     case 'write_permissions':
590.         require('write_permissions.inc');
591.     break;
592.  
593.     case 'shares':
594.         require('shares.inc');
595.     break;
596.  
597.     case 'search':
598.         require('search.inc');
599.     break;
600.  
601.     case 'create_archive':
602.         require('compress.inc');
603.     break;
604.  
605.     default:
606.         require($GO_CONFIG->root_path.$GO_MODULES->path.'listview.inc');
607.     break;
608.  
609. }
610.  
611. echo '</form>';
612.  
613. umask($old_umask);
614. require($GO_THEME->theme_path.'footer.inc');
615. ?>