Skip to content

Branch for small issue #612

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
fho4abcd merged 2 commits into from
Mar 20, 2026
Merged

Branch for small issue #612

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
882057b
Update cnv_csv_to_iso program
fho4abcd Mar 18, 2026
5dae3be
Check valid IP extended
fho4abcd Mar 20, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Binary file modified www/cgi-bin_Linux/cnv_csv_to_iso
View file
Open in desktop
Binary file not shown.
23 changes: 22 additions & 1 deletion www/htdocs/central/common/header.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,7 @@
2025-12-23 fho4abcd Update for HTML5: html tag with language+ update meta tags. Remove timestamp from css link
Note that everything was and is cached
Note that a timestamp on css files does not prevent caching of included files
2026-03-20 fho4abcd. Add client IP check. Fires normally only in case of a hack
*/
if (isset($charset))
$content_charset = $charset;
Expand Down Expand Up @@ -75,4 +76,24 @@
<?php
include("css_settings.php");
?>
</head>
</head>
<?php
/*
Check Client IP if a database is set for all scripts except the home page
*/
$including_file = pathinfo(debug_backtrace()[0]['file'])['basename'];
if ( $including_file != "homepage.php") {
if ( isset($arrHttp['base'])) {
include ("inc_ip_check.php");
$clientIP = getClientIP();
if ( checkClientIP( $clientIP, $arrHttp['base'] ) === false ) {?>
<div id="ip_not_allowed" style="width: 100%; background-color: #ffc107; text-align: center;">
<?php
echo "Client IP (".$clientIP.") is invalid for database ".$arrHttp['base'] ."<br>Attempt to hack ??<br>";
?>
</div><?php
unset( $arrHttp['base'] );
exit;
}
}
}
141 changes: 83 additions & 58 deletions www/htdocs/central/dbadmin/dirtree.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,7 @@
20220203 fho4abcd Typo + improve folder selection and do not screw up $arrHttp["base"]
20220630 fho4abcd Back to Home if $arrHttp["base"] not set or lost. Loosing is easy due to the dozens of forms.Improve html
20250204 fho4abcd Improve UTF-8 display
20260320 fho4abcd Removed deprecated error level E_STRICT + repair losing database by expand action + include IP check
*/
/*
This program is free software; you can redistribute it and/or
Expand Down Expand Up @@ -183,7 +184,7 @@
\-------/
*/
session_start();
error_reporting(E_ALL ^ E_NOTICE ^ E_WARNING ^E_STRICT);
error_reporting(E_ALL ^ E_NOTICE ^ E_WARNING );
$arrHttp=Array();
include("../common/get_post.php");
//foreach ($arrHttp as $var=>$value) echo "$var=$value<br>";
Expand All @@ -198,6 +199,12 @@
}
include("../config.php");
include("../common/inc_nodb_lang.php");
// in case of expanding a folder the ip check is already done
if (! isset($arrHttp["folder"])){
include ("../common/inc_ip_check.php");
$_SESSION["clientIP"] = getClientIP();
}

$_SESSION["root_base"]=$db_path;
$_SESSION["dir_base"]="";
if (isset($arrHttp["folder"])){
Expand All @@ -214,12 +221,12 @@
if (isset($def["DIRTREE_EXT"]))
$_POST['FILE_EXTENSION']=$def["DIRTREE_EXT"];
// debug dumps
/* foreach ($arrHttp as $var=>$value) echo "$var = $value<br>";
echo "Session:<br>";
foreach ($_SESSION as $var=>$value) echo "$var = $value<br>";
echo "<br>root_base=".$_SESSION["root_base"]."<br>dir_base=". $_SESSION["dir_base"]."<br>";
/* echo "<br>=== Arrhttp in dirtree:===<br>";
foreach ($arrHttp as $var=>$value) echo "$var = $value<br>";
echo "<br>=== Session in dirtree:===<br>";
foreach ($_SESSION as $var=>$value) { echo "var=".$var."<br>";var_dump($value);echo "<br>";}
echo "<br><br>root_base=".$_SESSION["root_base"]."<br>dir_base=". $_SESSION["dir_base"]."<br><br>";
*/
//
$_POST['File_Extension']=$_POST['FILE_EXTENSION'];
include("../lang/admin.php");
include("../lang/dbadmin.php");
Expand All @@ -229,11 +236,16 @@

global $encabezado;
$encabezado="";
// Next lines ensures that standard actions keep their folder and database
if ( isset($arrHttp["folder"]) ) $encabezado.="&folder=".$arrHttp["folder"];
if ( isset($arrHttp["base"]) ) $encabezado.="&base=".$arrHttp["base"];
if ( isset($arrHttp["retorno"]) ) $encabezado.="&retorno=".$arrHttp["retorno"];

if (!isset($_REQUEST["ACTION"])) $_REQUEST["ACTION"]="";
if ($_REQUEST["ACTION"]!="downloadfile1"){
include("../common/header.php");
if (isset($arrHttp["encabezado"])){
$encabezado="&encabezado=s";
$encabezado.="&encabezado=s";
}
EncabezadoPagina();
}
Expand Down Expand Up @@ -2640,6 +2652,7 @@ function switchvalue(one,two) {

Function COLUMN_FILENAMES($NODE, $BGC, $FGC) {
global $encabezado;
$clientIP=$_SESSION["clientIP"];
/*
This function write the data in the column filenames of the dirtreeview table.
*/
Expand Down Expand Up @@ -2668,6 +2681,7 @@ function switchvalue(one,two) {
$J = $I;
$I = $I + 1;
} While (($I <= $_SESSION['Numfile']) && ($_SESSION['Level_Tree'][$I-1] > 1));

For ($I = 1;$I < $_SESSION['Level_Tree'][$NODE];$I++) {
If (($LEVEL_NODE[$I] == 1) || ($NODE > $_SESSION['Last_Level_Node'][$I])) {
Echo "<img SRC='img/dirtree/tree_space.gif' height='18' width='18' border='0' vspace='0' hspace='0' align='left'>";
Expand All @@ -2692,72 +2706,83 @@ function switchvalue(one,two) {


} Else { // it is not a file then it is a directory
If ($NODE == $_SESSION['Numfile']) {
Echo "<img SRC='img/dirtree/tree_end.gif' height='18' width='18' border='0' vspace='0' hspace='0' align='left'>";
Echo "</a>";
Echo "<a href=" . $_SERVER['PHP_SELF'] . "?ACTION=dirfunction&NODE=" . $NODE . "&FILE_EXTENSION=" . $_SESSION['File_Extension'] . "$encabezado>";
Echo "<img SRC='img/dirtree/tree_upload.gif' alt=" . "Dir Functions" . " height='18' width='18' border='0' vspace='0' hspace='0' align='left'>";
} Else {
If ($_SESSION['Father'] [$NODE + 1] == $NODE) { // has childs
If ($_SESSION['Opened_Folder'][$NODE] == 0) { // closed NODE (folder)
Echo "<a href=" . $_SERVER['PHP_SELF'] . "?ACTION=expand&NODE=" . $NODE . "&FILE_EXTENSION=" . $_SESSION['File_Extension'] . "$encabezado>";
If ($NODE == $_SESSION['Last_Level_Node'][$_SESSION['Level_Tree'][$NODE]]) {
Echo "<img SRC='img/dirtree/tree_plus_end.gif' alt='Expand' height='18' width='18' border='0' vspace='0' hspace='0' align='left'>";
} Else {
$I = $NODE + 1;
While ($I <= $_SESSION['Numfile']) {
If ($_SESSION['Level_Tree'][$I] < $_SESSION['Level_Tree'][$NODE]) {
Echo "<img SRC='img/dirtree/tree_plus_end.gif' alt='Expand' height='18' width='18' border='0' vspace='0' hspace='0' align='left'>";
Break;
} Else {
If ($_SESSION['Level_Tree'][$I] == $_SESSION['Level_Tree'][$NODE]) {
Echo "<img SRC='img/dirtree/tree_plus.gif' alt='Expand' height='18' width='18' border='0' vspace='0' hspace='0' align='left'>";
// Check for invalid IP
if ( (!isset($_SESSION["dir_base"]) || $_SESSION["dir_base"]=="" ) &&
$_SESSION['Folder_Type'] [$NODE] == "Folder" &&
$_SESSION['Level_Tree'][$NODE]==1 &&
checkClientIP( $clientIP, $_SESSION['Folder_Name'] [$NODE] ) === false ) {
echo "<img SRC='img/dirtree/tree_split.gif' height='18' width='18' border='0' vspace='0' hspace='0' align='left'>";
echo "<img SRC='img/dirtree/tree_closed.gif' height='18' width='18' border='0' vspace='0' hspace='0' align='left'>";
echo "Invalid Client IP (".$clientIP.") ";
} else {
If ($NODE == $_SESSION['Numfile']) {
Echo "<img SRC='img/dirtree/tree_end.gif' height='18' width='18' border='0' vspace='0' hspace='0' align='left'>";
Echo "</a>";
Echo "<a href=" . $_SERVER['PHP_SELF'] . "?ACTION=dirfunction&NODE=" . $NODE . "&FILE_EXTENSION=" . $_SESSION['File_Extension'] . "$encabezado>";
Echo "<img SRC='img/dirtree/tree_upload.gif' alt=" . "Dir Functions" . " height='18' width='18' border='0' vspace='0' hspace='0' align='left'>";
} Else {
If ($_SESSION['Father'] [$NODE + 1] == $NODE) { // has childs
If ($_SESSION['Opened_Folder'][$NODE] == 0) { // closed NODE (folder)
Echo "<a href=" . $_SERVER['PHP_SELF'] . "?ACTION=expand&NODE=" . $NODE . "&FILE_EXTENSION=" . $_SESSION['File_Extension'] . "$encabezado>";
If ($NODE == $_SESSION['Last_Level_Node'][$_SESSION['Level_Tree'][$NODE]]) {
Echo "<img SRC='img/dirtree/tree_plus_end.gif' alt='Expand' height='18' width='18' border='0' vspace='0' hspace='0' align='left'>";
} Else {
$I = $NODE + 1;
While ($I <= $_SESSION['Numfile']) {
If ($_SESSION['Level_Tree'][$I] < $_SESSION['Level_Tree'][$NODE]) {
Echo "<img SRC='img/dirtree/tree_plus_end.gif' alt='Expand' height='18' width='18' border='0' vspace='0' hspace='0' align='left'>";
Break;
} Else {
If ($_SESSION['Level_Tree'][$I] == $_SESSION['Level_Tree'][$NODE]) {
Echo "<img SRC='img/dirtree/tree_plus.gif' alt='Expand' height='18' width='18' border='0' vspace='0' hspace='0' align='left'>";
Break;
}
}
$I++;
}
$I++;
}
}
If ($_SESSION['Children_Files'] [$NODE] != 0) {
Echo "<img SRC='img/dirtree/tree_haschild.gif' height='18' width='18' border='0' vspace='0' hspace='0' align='left'>";
} Else {
Echo "<img SRC='img/dirtree/tree_closed.gif' height='18' width='18' border='0' vspace='0' hspace='0' align='left'>";
}
} Else { // opened NODE (folder)
Echo "<a href=" . $_SERVER['PHP_SELF'] . "?ACTION=collapse&NODE=" . $NODE . "&FILE_EXTENSION=" . $_SESSION['File_Extension'] . ">";
If ($NODE == $_SESSION['Last_Level_Node'][$_SESSION['Level_Tree'][$NODE]]) {
Echo "<img SRC='img/dirtree/tree_minus_end.gif' alt='Collapse' height='18' width='18' border='0' vspace='0' hspace='0' align='left'>";
} Else {
$I = $NODE + 1;
While ($I <= $_SESSION['Numfile']) {
If ($_SESSION['Level_Tree'][$I] < $_SESSION['Level_Tree'][$NODE]) {
Echo "<img SRC='img/dirtree/tree_minus_end.gif' alt='Collapse' height='18' width='18' border='0' vspace='0' hspace='0' align='left'>";
Break;
} Else {
If ($_SESSION['Level_Tree'][$I] == $_SESSION['Level_Tree'][$NODE]) {
Echo "<img SRC='img/dirtree/tree_minus.gif' alt='Collapse' height='18' width='18' border='0' vspace='0' hspace='0' align='left'>";
If ($_SESSION['Children_Files'] [$NODE] != 0) {
Echo "<img SRC='img/dirtree/tree_haschild.gif' height='18' width='18' border='0' vspace='0' hspace='0' align='left'>";
} Else {
Echo "<img SRC='img/dirtree/tree_closed.gif' height='18' width='18' border='0' vspace='0' hspace='0' align='left'>";
}
} Else { // opened NODE (folder)
Echo "<a href=" . $_SERVER['PHP_SELF'] . "?ACTION=collapse&NODE=" . $NODE . "&FILE_EXTENSION=" . $_SESSION['File_Extension'] . ">";
If ($NODE == $_SESSION['Last_Level_Node'][$_SESSION['Level_Tree'][$NODE]]) {
Echo "<img SRC='img/dirtree/tree_minus_end.gif' alt='Collapse' height='18' width='18' border='0' vspace='0' hspace='0' align='left'>";
} Else {
$I = $NODE + 1;
While ($I <= $_SESSION['Numfile']) {
If ($_SESSION['Level_Tree'][$I] < $_SESSION['Level_Tree'][$NODE]) {
Echo "<img SRC='img/dirtree/tree_minus_end.gif' alt='Collapse' height='18' width='18' border='0' vspace='0' hspace='0' align='left'>";
Break;
} Else {
If ($_SESSION['Level_Tree'][$I] == $_SESSION['Level_Tree'][$NODE]) {
Echo "<img SRC='img/dirtree/tree_minus.gif' alt='Collapse' height='18' width='18' border='0' vspace='0' hspace='0' align='left'>";
Break;
}
}
$I++;
}
$I++;
}
Echo "</a>";
Echo "<a href=" . $_SERVER['PHP_SELF'] . "?ACTION=dirfunction&NODE=" . $NODE . "&FILE_EXTENSION=" . $_SESSION['File_Extension'] . "$encabezado>";
Echo "<img SRC='img/dirtree/tree_upload.gif' alt=" . "Dir Functions" . " height='18' width='18' border='0' vspace='0' hspace='0' align='left'>";
}
} Else { // has no childs
If ($_SESSION['Level_Tree'][$NODE + 1] < $_SESSION['Level_Tree'][$NODE]) {
Echo "<img SRC='img/dirtree/tree_end.gif' height='18' width='18' border='0' vspace='0' hspace='0' align='left'>";
} Else {
Echo "<img SRC='img/dirtree/tree_split.gif' height='18' width='18' border='0' vspace='0' hspace='0' align='left'>";
}
Echo "</a>";
Echo "<a href=" . $_SERVER['PHP_SELF'] . "?ACTION=dirfunction&NODE=" . $NODE . "&FILE_EXTENSION=" . $_SESSION['File_Extension'] . "$encabezado>";
Echo "<img SRC='img/dirtree/tree_upload.gif' alt=" . "Dir Functions" . " height='18' width='18' border='0' vspace='0' hspace='0' align='left'>";
}
} Else { // has no childs
If ($_SESSION['Level_Tree'][$NODE + 1] < $_SESSION['Level_Tree'][$NODE]) {
Echo "<img SRC='img/dirtree/tree_end.gif' height='18' width='18' border='0' vspace='0' hspace='0' align='left'>";
} Else {
Echo "<img SRC='img/dirtree/tree_split.gif' height='18' width='18' border='0' vspace='0' hspace='0' align='left'>";
}
Echo "</a>";
Echo "<a href=" . $_SERVER['PHP_SELF'] . "?ACTION=dirfunction&NODE=" . $NODE . "&FILE_EXTENSION=" . $_SESSION['File_Extension'] . "$encabezado>";
Echo "<img SRC='img/dirtree/tree_upload.gif' alt=" . "Dir Functions" . " height='18' width='18' border='0' vspace='0' hspace='0' align='left'>";
}
}
}

// after the levels were indented , continue with the current node name
Echo "</a>";
If ($_SESSION['Folder_Type'] [$NODE] == "File") {
Expand Down Expand Up @@ -2787,7 +2812,7 @@ function switchvalue(one,two) {
Echo "<img SRC='img/dirtree/n_preview.gif' border='0' vspace='0' hspace='0' align='left'>";
}
}
Echo "<img SRC='img/dirtree/tree_space.gif' height='18' width='9' border='0' vspace='0' hspace='0' align='left'>";
Echo "<img SRC='img/dirtree/tree_space.gif' height='18' width='9' border='0' vspace='0' hspace='0' align='left'>";
Echo $_SESSION['Folder_Name'] [$NODE];
Echo "</font></td>";
Echo "<td bgcolor=" . $BGC . ">&nbsp;</td>";
Expand Down