Permalink
Find file
d266dbf Jun 26, 2016
@Self-Evident @rocktronica
executable file 4973 lines (3685 sloc) 197 KB
<?php ob_start(); mb_internal_encoding('utf-8'); $MESSAGE = ""; //initialize $MESSAGE here so can .= at any point later.
// OneFileCMS - github.com/Self-Evident/OneFileCMS
$OFCMS_version = '3.5.21';
//******************************************************************************
//Some basic security & error log settings
//
ini_set('session.use_trans_sid', 0); //make sure URL supplied SESSID's are not used
ini_set('session.use_only_cookies', 1); //make sure URL supplied SESSID's are not used
error_reporting(E_ALL & ~E_STRICT); //(E_ALL &~ E_STRICT) for everything, 0 for none.
ini_set('display_errors', 'on');
ini_set('log_errors' , 'off');
ini_set('error_log' , $_SERVER['SCRIPT_FILENAME'].'.ERROR.log');
//
//Determine good folder for session file. Default is /tmp/, which is not secure.
//session_save_path('/home/content/username/tmp/'); //##### or: ini_set('session.save_path', 'some/safe/path/')
//******************************************************************************
/*******************************************************************************
Except where noted otherwise:
Copyright © 2009-2012 https://github.com/rocktronica
Copyright © 2012- https://github.com/Self-Evident
Under the following terms (an "MIT" License):
Permission is hereby granted, free of charge, to any person obtaining a copy of
this software and associated documentation files (the "Software"), to deal in
the Software without restriction, including without limitation the rights to
use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies
of the Software, and to permit persons to whom the Software is furnished to do
so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in all
copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
SOFTWARE.
*******************************************************************************/
/*******************************************************************************
A portion of this software is copyright under terms of the "BSD" license (below).
The copyright holders of that portion are indicated near where that portion is included.
(Search for references to the BSD license)
Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions are met:
* Redistributions of source code must retain the above copyright
notice, this list of conditions and the following disclaimer.
* Redistributions in binary form must reproduce the above copyright
notice, this list of conditions and the following disclaimer in the
documentation and/or other materials provided with the distribution.
* Neither the name of the author or copyright holder, nor the
names of its contributors may be used to endorse or promote products
derived from this software without specific prior written permission.
THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER BE LIABLE FOR ANY
DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
(INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*******************************************************************************/
// CONFIGURABLE OPTIONS ********************************************************
$MAIN_TITLE = "OneFileCMS";
$USERNAME = "username";
$HASHWORD = "18350bc2181858e679605434735b1c2db6e7e4bb72b50a6d93d9ad1362f3e1c2";
//$HASHWORD = "18350bc2181858e679605434735b1c2db6e7e4bb72b50a6d93d9ad1362f3e1c2"; //"password" with $PRE_ITERATIONS = 1000
$SALT = 'somerandomsalt';
$MAX_ATTEMPTS = 3; //Max failed login attempts before LOGIN_DELAY starts.
$LOGIN_DELAY = 10; //In seconds.
$MAX_IDLE_TIME = 600; //In seconds. 600 = 10 minutes. Other PHP settings (like gc) may limit its max effective value.
$TO_WARNING = 120; //In seconds. When idle time remaining is less than this value, a TimeOut warning is displayed.
$LOG_LOGINS = true; //Keep log of login attempts.
$MAIN_WIDTH = '810px'; //Width of main <div> defining page layout. Can be px, pt, em, or %. Assumes px otherwise.
$WIDE_VIEW_WIDTH = '97%'; //Width to set Edit page if [Wide View] is clicked. Can be px, pt, em, or %. Assumes px otherwise.
$LINE_WRAP = "on"; //"on", or (anything else) = "off". Default for edit page. Once on page, line-wrap can toggle on/off.
$TAB_SIZE = 8; //Some browsers recognize a css tab-size. Some don't (IE/Edge, as of mid-2016).
$MAX_EDIT_SIZE = 200000; // Edit gets flaky with large files in some browsers. Trial and error your's.
$MAX_VIEW_SIZE = 1000000; // If file > $MAX_EDIT_SIZE, don't even view in OneFileCMS.
// The default max view size is completely arbitrary. Basically, it was 2am, and seemed like a good idea at the time.
$MAX_IMG_W = 810; //Max width (in px) to display images. (main width is 810)
$MAX_IMG_H = 1000; //Max height (in px). I don't know, it just looks reasonable.
$UPLOAD_FIELDS = 10; //Number of upload fields on Upload File(s) page. Max value is ini_get('max_file_uploads').
$FAVICON = "favicon.ico"; //Path is relative to root of website.
$EXCLUDED_FILES = ""; //csv list of filenames to exclude from directory listings- CaSe sEnsiTive!
$EDIT_FILES = "svg,asp,cfg,conf,csv,css,dtd,htm,html,xhtml,htaccess,ini,js,log,markdown,md,php,pl,txt,text"; //Editable file types.
$SHOW_FILES = "*"; // Shown types; only files of the given types should show up in the file-listing
// Use $SHOW_FILES exactly like $EDIT_FILES: a list of extensions separated by commas.
// If $SHOW_FILES is set to null - by intention or by error - only folders will be shown.
// If $SHOW_FILES is set to the *-wildcard (the default), all files will show up.
// If $SHOW_FILES is set to "html,htm" for example, only file with the extension "html" or "htm" will get listed.
$SHOW_IMGS = "jpg,gif,png,bmp,ico"; //image types to display on edit page.
//File types (extensions). _ftypes & _fclass must have the same number of values. bin is default.
$FILE_TYPES = "bin,z,gz,7z,zip,jpg,gif,png,bmp,ico,svg,asp,cfg,conf,csv,css,dtd,htm,html,xhtml,htaccess,ini,js,log,markdown,md,php,pl,txt,text";
//Cooresponding file classes to _ftypes - used to determine icons for directory listing.
$FILE_CLASSES = "bin,z,z ,z ,z ,img,img,img,img,img,svg,txt,txt,cfg ,txt,css,txt,htm,htm ,htm ,txt ,txt,txt,txt,txt ,txt,php,php,txt,txt";
$EX = '<b>( ! )</b> '; //EXclaimation point "icon" Used in $MESSAGE's
$PAGEUPDOWN = 10; //Number of rows to jump using Page Up/Page Down keys on directory listing.
$SESSION_NAME = 'OFCMS'; //Name of session cookie. Change if using multiple copies of OneFileCMS concurrently.
//Restrict access to a particular folder. Leave empty for access to entire website.
// "some/path/" is relative to root of website (with no leading slash).
//$ACCESS_ROOT = 'some/path/';
//URL of optional external style sheet. Used as an href in <link ...>
//If file is not found, or is incomplete, built-in defaults will be used.
//$CSS_FILE = 'OneFileCMS.css';
//Notes for $LANGUAGE_FILE, $WYSIWYG_PLUGIN, and $CONFIG_FILE:
//
// Filename paths can be:
// 1) Absolute to the filesystem: "/some/path/from/system/root/somefile.php" or
// 2) Relative to root of website: "some/path/from/web/root/somefile.php"
//Name of optional external language file. If file is not found, the built-in defaults will be used.
//$LANGUAGE_FILE = "OneFileCMS.LANG.EN.php";
//Init file for optional external wysiwyg editor.
//Sample init files are availble in the "extras\" folder of the OneFileCMS repo, but the actual editors are not.
//$WYSIWYG_PLUGIN = 'plugins/plugin-tinymce_init.php';
//$WYSIWYG_PLUGIN = 'plugins/plugin-ckeditor_init.php';
//Name of optional external config file. Any settings it contains will supersede those above.
//See the sample file in the OneFileCMS github repo for format example.
//$CONFIG_FILE = 'OneFileCMS.config.SAMPLE.php';
//end CONFIGURABLE OPTIoNS *****************************************************
function System_Setup() {//*****************************************************
global $_, $MAX_IDLE_TIME, $LOGIN_ATTEMPTS, $LOGIN_DELAYED,
$MAIN_WIDTH, $WIDE_VIEW_WIDTH, $MAX_EDIT_SIZE, $MAX_VIEW_SIZE, $EXCLUDED_FILES, $TAB_SIZE,
$EDIT_FILES, $SHOW_FILES, $SHOW_IMGS, $FILE_TYPES, $FILE_CLASSES,
$SHOWALLFILES, $ETYPES, $STYPES, $ITYPES, $FTYPES, $FCLASSES, $EXCLUDED_LIST,
$LANGUAGE_FILE, $ACCESS_ROOT, $ACCESS_ROOT_len, $WYSIWYG_PLUGIN, $WYSIWYG_VALID, $WYSIWYG_PLUGIN_OS,
$INVALID_CHARS, $WHSPC_SLASH, $VALID_PAGES, $LOGIN_LOG_url, $LOGIN_LOG_file,
$ONESCRIPT, $ONESCRIPT_file, $ONESCRIPT_backup, $ONESCRIPT_file_backup,
$CONFIG_backup, $CONFIG_FILE, $CONFIG_FILE_backup, $VALID_CONFIG_FILE,
$DOC_ROOT, $DOC_ROOT_OS, $WEB_ROOT, $WEBSITE, $PRE_ITERATIONS, $EX, $MESSAGE, $ENC_OS,
$DELAY_Expired_Reload, $DELAY_Sort_and_Show_msgs, $DELAY_Start_Countdown, $DELAY_final_messages, $MIN_DIR_ITEMS;
//Requires PHP 5.1 or newer, due to changes in explode() (and maybe others).
define('PHP_VERSION_ID_REQUIRED',50100); //Ex: 5.1.23 is 50123
define('PHP_VERSION_REQUIRED' ,'5.1 + '); //Used in exit() message.
//The predefined constant PHP_VERSION_ID has only been available since 5.2.7.
//So, if needed, convert PHP_VERSION (a string) to PHP_VERSION_ID (an integer).
//Ex: 5.1.23 converts to 50123.
if (!defined('PHP_VERSION_ID')) {
$phpversion = explode('.', PHP_VERSION);
define('PHP_VERSION_ID', ($phpversion[0] * 10000 + $phpversion[1] * 100 + $phpversion[2]));
}
if( PHP_VERSION_ID < PHP_VERSION_ID_REQUIRED ) {
exit( 'PHP '.PHP_VERSION.'<br>'.hsc($_['OFCMS_requires']).' '.PHP_VERSION_REQUIRED );
}
mb_detect_order("UTF-8, ASCII, Windows-1252, ISO-8859-1");
//Get server's File System encoding. Windows NTFS uses ISO-8859-1 / Windows-1252.
//Needed when working with non-ascii filenames.
if (php_uname("s") == 'Windows NT') {$ENC_OS = 'Windows-1252';}
else {$ENC_OS = 'UTF-8';}
$DOC_ROOT = $_SERVER['DOCUMENT_ROOT'].'/'; //root folder of website.
$DOC_ROOT_OS = Convert_encoding($DOC_ROOT);
//Allow OneFileCMS.php to be started from any dir on the site.
//This also effects the path in an include("path/somefile.php")
chdir($DOC_ROOT);
$INVALID_CHARS = '< > ? * : " | / \\'; //Illegal characters for file & folder names. Space deliminated.
$WHSPC_SLASH = "\x00..\x20/"; //Whitespace & forward slash. For trimming file & folder name inputs.
$WEB_ROOT = basename($DOC_ROOT).'/'; //Used only for screen output - Non-url use.
$WEBSITE = $_SERVER['HTTP_HOST'].'/';
$ONESCRIPT = URLencode_path($_SERVER['SCRIPT_NAME']); //Used for URL's in HTML attributes
$ONESCRIPT_file = $_SERVER['SCRIPT_FILENAME']; //Non-url file system use.
$ONESCRIPT_backup = $ONESCRIPT.'-BACKUP.txt'; //used for p/w & u/n updates.
$ONESCRIPT_file_backup = $ONESCRIPT_file.'-BACKUP.txt'; //used for p/w & u/n updates.
$LOGIN_ATTEMPTS = $ONESCRIPT_file.'.invalid_login_attempts';//Non-url file system use.
$LOGIN_LOG_url = $ONESCRIPT.'-LOGIN.log';
$LOGIN_LOG_file = $ONESCRIPT_file.'-LOGIN.log';
//If specified & found, include $CONFIG_FILE.
$VALID_CONFIG_FILE = 0;
if (isset($CONFIG_FILE)) {
$CONFIG_FILE_OS = Convert_encoding($CONFIG_FILE);
if (is_file($CONFIG_FILE_OS)) {
$VALID_CONFIG_FILE = 1;
include($CONFIG_FILE_OS);
$CONFIG_backup = URLencode_path($CONFIG_FILE).'-BACKUP.txt'; //used for p/w & u/n updates.
$CONFIG_FILE_backup = $CONFIG_FILE.'-BACKUP.txt'; //used for p/w & u/n updates.
}
else {
$MESSAGE .= $EX.'<b>$CONFIG_FILE '.hsc($_['Not_found']).':</b> '.$CONFIG_FILE.'<br>';
$CONFIG_FILE = $CONFIG_FILE_OS = '';
}
}
//If specified, check for & load $LANGUAGE_FILE
if (isset($LANGUAGE_FILE)) {
$LANGUAGE_FILE_OS = Convert_encoding($LANGUAGE_FILE);
if (is_file($LANGUAGE_FILE_OS)) {include($LANGUAGE_FILE_OS);}
}
//If specified, validate $WYSIWYG_PLUGIN. Actual include() is at end of OneFileCMS.
$WYSIWYG_VALID = 0; //Default to invalid.
if (isset($WYSIWYG_PLUGIN)) {
$WYSIWYG_PLUGIN_OS = Convert_encoding($WYSIWYG_PLUGIN); //Also used for include()
if (is_file($WYSIWYG_PLUGIN_OS)) { $WYSIWYG_VALID = 1; }
}
//If specified, clean up & validate $ACCESS_ROOT
if (!isset($ACCESS_ROOT)) { $ACCESS_ROOT = ''; } //At least make sure it's set.
$ACCESS_ROOT_OS = Convert_encoding($ACCESS_ROOT);
if (!is_dir($DOC_ROOT_OS.$ACCESS_ROOT_OS) || (Check_path($ACCESS_ROOT,1) === false) ) {
$MESSAGE .= __LINE__.$EX.'<b>$ACCESS_ROOT '.hsc($_['Invalid_path']).': </b>'.$ACCESS_ROOT.'<br>';
$ACCESS_ROOT = $ACCESS_ROOT_OS = '';
}
if ($ACCESS_ROOT != '') {
$ACCESS_ROOT = trim($ACCESS_ROOT, ' /').'/'; //make sure only a single trailing '/'
$ACCESS_ROOT_OS = Convert_encoding($ACCESS_ROOT);
}
$ACCESS_ROOT_enc = mb_detect_encoding($ACCESS_ROOT);
$ACCESS_ROOT_len = mb_strlen($ACCESS_ROOT, $ACCESS_ROOT_enc);
$MAIN_WIDTH = validate_units($MAIN_WIDTH);
$WIDE_VIEW_WIDTH = validate_units($WIDE_VIEW_WIDTH);
//Just some basic validation. The 80 is just a round number that seems reasonable.
$TAB_SIZE = intval($TAB_SIZE);
if (($TAB_SIZE < 1) || ($TAB_SIZE > 80)) { $TAB_SIZE = 8; }
ini_set('session.gc_maxlifetime', $MAX_IDLE_TIME + 100); //in case the default is less.
$VALID_PAGES = array("login","logout","admin","hash","changepw","changeun","index","edit","upload","uploaded","newfile","renamefile","copyfile","deletefile","deletefolder","newfolder","renamefolder","copyfolder","mcdaction", "phpinfo", "raw_view");
//Make arrays out of a few config variables for actual use later.
//First, remove spaces and make lowercase (for *types).
$SHOWALLFILES = $STYPES = false;
if ($SHOW_FILES == '*') { $SHOWALLFILES = true; }
else { $STYPES = explode(',', mb_strtolower(str_replace(' ', '', $SHOW_FILES))); }//shown file types
$ETYPES = explode(',', mb_strtolower(str_replace(' ', '', $EDIT_FILES))); //editable file types
$ITYPES = explode(',', mb_strtolower(str_replace(' ', '', $SHOW_IMGS))); //images types to display
$FTYPES = explode(',', mb_strtolower(str_replace(' ', '', $FILE_TYPES))); //file types with icons
$FCLASSES = explode(',', mb_strtolower(str_replace(' ', '', $FILE_CLASSES))); //for file types with icons
$EXCLUDED_LIST = explode(',', str_replace(' ', '', $EXCLUDED_FILES));
//A few variables for values that were otherwise hardcoded in js.
//$DELAY_... values are in milliseconds.
//The values were determined thru quick experimentation, and may be tweaked if desired, except as noted.
$DELAY_Sort_and_Show_msgs = 20; //Needed so "Working..." message shows during directory sorts. Mostly for Firefox.
$DELAY_Start_Countdown = 25; //Needs to be > than $Sort_and_Show_msgs. Used in Timeout_Timer().
$DELAY_final_messages = 25; //Needs to be > than $Sort_and_Show_msgs. Delays final Display_Messages().
$DELAY_Expired_Reload = 10000; //Delay from Session Expired to page load of login screen. Ten seconds, but can be less/more.
$MIN_DIR_ITEMS = 25; //Minimum number of directory items before "Working..." message is needed/displayed.
//Validate wide_view cookie...
if ( !isset($_COOKIE['wide_view']) || ($_COOKIE['wide_view'] !== "on") ) {
$_COOKIE['wide_view'] = "off";
}
//Used in hashit() and js_hash_scripts(). IE<9 is WAY slow, so keep it low.
//For 200 iterations: (time on IE8) > (37 x time on FF). And the difference grows with the iterations.
//If you change this, or any other aspect of either hashit() or js_hash_scripts(), do so while logged in.
//Then, manually update your password as instructed on the Admin/Generate Hash page.
$PRE_ITERATIONS = 1000;
}//end System_Setup() //*******************************************************
function Default_Language() { // ***********************************************
global $_;
// OneFileCMS Language Settings v3.5.21
$_['LANGUAGE'] = 'English';
$_['LANG'] = 'EN';
// If no translation or value is desired for a particular setting, do not delete
// the actual setting variable, just set it to an empty string.
// For example: $_['some_unused_setting'] = '';
//
// Remember to slash-escape any single quotes that may be within the text: \'
// The back-slash itself may or may not also need to be escaped: \\
//
// If present as a trailing comment, "## NT ##" means 'Needs Translation'.
//
// These first few settings control a few font and layout settings.
// In some instances, some langauges may use significantly longer words or phrases than others.
// So, a smaller font or less spacing may be desirable in those places to preserve page layout.
$_['front_links_font_size'] = '1.0em'; //Buttons on Index page.
$_['front_links_margin_L'] = '1.0em';
$_['MCD_margin_R'] = '1.0em'; //[Move] [Copy] [Delete] buttons
$_['button_font_size'] = '0.9em'; //Buttons on Edit page.
$_['button_margin_L'] = '0.7em';
$_['button_padding'] = '4px 4px 4px 4px'; //T R B L ,or, V H if only two values.
$_['image_info_font_size'] = '1em'; //show_img_msg_01 & _02
$_['image_info_pos'] = ''; //If 1 or true, moves the info down a line for more space.
$_['select_all_label_size'] = '.84em'; //Font size of $_['Select_All']
$_['select_all_label_width'] = '72px'; //Width of space for $_['Select_All']
$_['HTML'] = 'HTML';
$_['WYSIWYG'] = 'WYSIWYG';
$_['Admin'] = 'Admin';
$_['bytes'] = 'bytes';
$_['Cancel'] = 'Cancel';
$_['cancelled'] = 'cancelled';
$_['Close'] = 'Close';
$_['Copy'] = 'Copy';
$_['Copied'] = 'Copied';
$_['Create'] = 'Create';
$_['Date'] = 'Date';
$_['Delete'] = 'Delete';
$_['DELETE'] = 'DELETE';
$_['Deleted'] = 'Deleted';
$_['Edit'] = 'Edit';
$_['Enter'] = 'Enter';
$_['Error'] = 'Error';
$_['errors'] = 'errors';
$_['ext'] = '.ext'; //## NT ## filename[.ext]ension
$_['File'] = 'File';
$_['files'] = 'files';
$_['Folder'] = 'Folder';
$_['folders'] = 'folders';
$_['From'] = 'From';
$_['Hash'] = 'Hash';
$_['Move'] = 'Move';
$_['Moved'] = 'Moved';
$_['Name'] = 'Name';
$_['on'] = 'on';
$_['off'] = 'off';
$_['Password'] = 'Password';
$_['Rename'] = 'Rename';
$_['reset'] = 'Reset';
$_['save_1'] = 'Save';
$_['save_2'] = 'SAVE CHANGES';
$_['Size'] = 'Size';
$_['Source'] = 'Source';
$_['successful'] = 'successful';
$_['To'] = 'To';
$_['Upload'] = 'Upload';
$_['Username'] = 'Username';
$_['View'] = 'View';
$_['Working'] = 'Working - please wait...';
$_['Log_In'] = 'Log In';
$_['Log_Out'] = 'Log Out';
$_['Admin_Options'] = 'Administration Options';
$_['Are_you_sure'] = 'Are you sure?';
$_['View_Raw'] = 'View Raw'; //## NT ### as of 3.5.07
$_['Open_View'] = 'Open/View in browser window';
$_['Edit_View'] = 'Edit / View';
$_['Wide_View'] = 'Wide View';
$_['Normal_View'] = 'Normal View';
$_['Word_Wrap'] = 'Word Wrap'; //## NT ## as of 3.5.19
$_['Line_Wrap'] = 'Line Wrap'; //## NT ## as of 3.5.20
$_['Upload_File'] = 'Upload File';
$_['New_File'] = 'New File';
$_['Ren_Move'] = 'Rename / Move';
$_['Ren_Moved'] = 'Renamed / Moved';
$_['folders_first'] = 'folders first'; //## NT ##
$_['folders_first_info'] = 'Sort folders first, but don\'t change primary sort.'; //## NT ##
$_['New_Folder'] = 'New Folder';
$_['Ren_Folder'] = 'Rename / Move Folder';
$_['Submit'] = 'Submit Request';
$_['Move_Files'] = 'Move File(s)';
$_['Copy_Files'] = 'Copy File(s)';
$_['Del_Files'] = 'Delete File(s)';
$_['Selected_Files'] = 'Selected Folders and Files';
$_['Select_All'] = 'Select All';
$_['Clear_All'] = 'Clear All';
$_['New_Location'] = 'New Location';
$_['No_files'] = 'No files selected.';
$_['Not_found'] = 'Not found';
$_['Invalid_path'] = 'Invalid path';
$_['verify_msg_01'] = 'Session expired.';
$_['verify_msg_02'] = 'INVALID POST';
$_['get_get_msg_01'] = 'File does not exist:';
$_['get_get_msg_02'] = 'Invalid page request:';
$_['check_path_msg_02'] = '"dot" or "dot dot" path segments are not permitted.';
$_['check_path_msg_03'] = 'Path or filename contains an invalid character:';
$_['ord_msg_01'] = 'A file with that name already exists in the target directory.';
$_['ord_msg_02'] = 'Saving as';
$_['rCopy_msg_01'] = 'A folder can not be copied into one of its own sub-folders.';
$_['show_img_msg_01'] = 'Image shown at ~';
$_['show_img_msg_02'] = '% of full size (W x H =';
$_['hash_txt_01'] = 'The hashes generated by this page may be used to manually update $HASHWORD in OneFileCMS, or in an external config file. In either case, make sure you remember the password used to generate the hash!';
$_['hash_txt_06'] = 'Type your desired password in the input field above and hit Enter.';
$_['hash_txt_07'] = 'The hash will be displayed in a yellow message box above that.';
$_['hash_txt_08'] = 'Copy and paste the new hash to the $HASHWORD variable in the config section.';
$_['hash_txt_09'] = 'Make sure to copy ALL of, and ONLY, the hash (no leading or trailing spaces etc).';
$_['hash_txt_10'] = 'A double-click should select it...';
$_['hash_txt_12'] = 'When ready, logout and login.';
$_['pass_to_hash'] = 'Password to hash:';
$_['Generate_Hash'] = 'Generate Hash';
$_['login_txt_01'] = 'Username:';
$_['login_txt_02'] = 'Password:';
$_['login_msg_01a'] = 'There have been';
$_['login_msg_01b'] = 'invalid login attempts.';
$_['login_msg_02a'] = 'Please wait';
$_['login_msg_02b'] = 'seconds to try again.';
$_['login_msg_03'] = 'INVALID LOGIN ATTEMPT #';
$_['edit_note_00'] = 'NOTES:';
$_['edit_note_01a'] = 'Remember- ';
$_['edit_note_01b'] = 'is';
$_['edit_note_02'] = 'So save changes before the clock runs out, or the changes will be lost!';
$_['edit_note_03'] = 'With some browsers, such as Chrome, if you click the browser [Back] then browser [Forward], the file state may not be accurate. To correct, click the browser\'s [Reload].';
$_['edit_h2_1'] = 'Viewing:';
$_['edit_h2_2'] = 'Editing:';
$_['edit_txt_00'] = 'Edit disabled.'; //## NT ## as of 3.5.07
$_['edit_txt_01'] = 'Non-text or unkown file type. Edit disabled.';
$_['edit_txt_02'] = 'File possibly contains an invalid character. Edit and view disabled.';
$_['edit_txt_03'] = 'htmlspecialchars() returned an empty string from what may be an otherwise valid file.';
$_['edit_txt_04'] = 'This behavior can be inconsistant from version to version of php.';
$_['too_large_to_edit_01'] = 'Edit disabled. Filesize >';
$_['too_large_to_edit_02'] = 'Some browsers (ie: IE) bog down or become unstable while editing a large file in an HTML <textarea>.';
$_['too_large_to_edit_03'] = 'Adjust $MAX_EDIT_SIZE in the configuration section of OneFileCMS as needed.';
$_['too_large_to_edit_04'] = 'A simple trial and error test can determine a practical limit for a given browser/computer.';
$_['too_large_to_view_01'] = 'View disabled. Filesize >';
$_['too_large_to_view_02'] = 'Click [View Raw] to view the raw/"plain text" file contents in a seperate browser window.'; //** NT ** changed wording as of 3.5.07
$_['too_large_to_view_03'] = 'Adjust $MAX_VIEW_SIZE in the configuration section of OneFileCMS as needed.';
$_['too_large_to_view_04'] = '(The default value for $MAX_VIEW_SIZE is completely arbitrary, and may be adjusted as desired.)';
$_['meta_txt_01'] = 'Filesize:';
$_['meta_txt_03'] = 'Updated:';
$_['edit_msg_01'] = 'File saved:';
$_['edit_msg_02'] = 'bytes written.';
$_['edit_msg_03'] = 'There was an error saving file.';
$_['upload_txt_03'] = 'Maximum size of each file:';
$_['upload_txt_01'] = '(php.ini: upload_max_filesize)';
$_['upload_txt_04'] = 'Maximum total upload size:';
$_['upload_txt_02'] = '(php.ini: post_max_size)';
$_['upload_txt_05'] = 'For uploaded files that already exist: ';
$_['upload_txt_06'] = 'Rename (to filename.ext.001 etc...)';
$_['upload_txt_07'] = 'Overwrite';
$_['upload_err_01'] = 'Error 1: File too large. From php.ini:';
$_['upload_err_02'] = 'Error 2: File too large. (Exceeds MAX_FILE_SIZE HTML form element)';
$_['upload_err_03'] = 'Error 3: The uploaded file was only partially uploaded.';
$_['upload_err_04'] = 'Error 4: No file was uploaded.';
$_['upload_err_05'] = 'Error 5:';
$_['upload_err_06'] = 'Error 6: Missing a temporary folder.';
$_['upload_err_07'] = 'Error 7: Failed to write file to disk.';
$_['upload_err_08'] = 'Error 8: A PHP extension stopped the file upload.';
$_['upload_error_01a'] = 'Upload Error. Total POST data (mostly filesize) exceeded post_max_size =';
$_['upload_error_01b'] = '(from php.ini)';
$_['upload_msg_02'] = 'Destination folder invalid:';
$_['upload_msg_03'] = 'Upload cancelled.';
$_['upload_msg_04'] = 'Uploading:';
$_['upload_msg_05'] = 'Upload successful!';
$_['upload_msg_06'] = 'Upload failed:';
$_['upload_msg_07'] = 'A pre-existing file was overwritten.';
$_['new_file_txt_01'] = 'File or Folder will be created in the current folder.';
$_['new_file_txt_02'] = 'Some invalid characters are:';
$_['new_file_msg_01'] = 'File or folder not created:';
$_['new_file_msg_02'] = 'Name contains an invalid character:';
$_['new_file_msg_04'] = 'File or folder already exists:';
$_['new_file_msg_05'] = 'Created file:';
$_['new_file_msg_07'] = 'Created folder:';
$_['CRM_txt_02'] = 'The new location must already exist.';
$_['CRM_txt_04'] = 'New Name';
$_['CRM_msg_01'] = 'Error - new parent location does not exist:';
$_['CRM_msg_02'] = 'Error - source file does not exist:';
$_['CRM_msg_03'] = 'Error - new file or folder already exists:';
$_['CRM_msg_05'] = 'Error during';
$_['delete_msg_03'] = 'Delete error:';
$_['session_warning'] = 'Warning: Session timeout soon!';
$_['session_expired'] = 'SESSION EXPIRED';
$_['unload_unsaved'] = ' Unsaved changes will be lost!';
$_['confirm_reset'] = 'Reset file and loose unsaved changes?';
$_['OFCMS_requires'] = 'OneFileCMS requires PHP';
$_['logout_msg'] = 'You have successfully logged out.';
$_['edit_caution_01'] = 'CAUTION'; //##### No longer used as of 3.5.07
$_['edit_caution_02'] = 'You are viewing the active copy of OneFileCMS.'; //## NT ## changed wording 3.5.07
$_['time_out_txt'] = 'Session time out in:';
$_['error_reporting_01'] = 'Display errors is';
$_['error_reporting_02'] = 'Log errors is';
$_['error_reporting_03'] = 'Error reporting is set to';
$_['error_reporting_04'] = 'Showing error types';
$_['error_reporting_05'] = 'Unexpected early output';
$_['error_reporting_06'] = '(nothing, not even white-space, should have been output yet)';
$_['admin_txt_00'] = 'Old Backup Found';
$_['admin_txt_01'] = 'A backup file was created in case of an error during a username or password change. Therefore, it may contain old information and should be deleted if not needed. In any case, it will be automatically overwritten on the next password or username change.';
$_['admin_txt_02'] = 'General Information';
$_['admin_txt_14'] = 'For a small improvement to security, change the default salt and/or method used by OneFileCMS to hash the password (and keep them secret, of course). Every little bit helps...';
$_['admin_txt_16'] = 'OneFileCMS can not be used to edit itself directly. However, you can make a copy and edit it.'; //## NT ## Changed wording in 3.5.07
$_['pw_current'] = 'Current Password';
$_['pw_change'] = 'Change Password';
$_['pw_new'] = 'New Password';
$_['pw_confirm'] = 'Confirm New Password';
$_['un_change'] = 'Change Username';
$_['un_new'] = 'New Username';
$_['un_confirm'] = 'Confirm New Username';
$_['pw_txt_02'] = 'Password / Username rules:';
$_['pw_txt_04'] = 'Case-sensitive: "A" =/= "a"';
$_['pw_txt_06'] = 'Must contain at least one non-space character.';
$_['pw_txt_08'] = 'May contain spaces in the middle. Ex: "This is a password or username!"';
$_['pw_txt_10'] = 'Leading and trailing spaces are ignored.';
$_['pw_txt_12'] = 'In recording the change, only one file is updated: either the active copy of OneFileCMS, or - if specified, an external configuration file.';
$_['pw_txt_14'] = 'If an incorrect current password is entered, you will be logged out, but you may log back in.';
$_['change_pw_01'] = 'Password changed!';
$_['change_pw_02'] = 'Password NOT changed.';
$_['change_pw_03'] = 'Incorrect current password. Login to try again.';
$_['change_pw_04'] = '"New" and "Confirm New" values do not match.';
$_['change_pw_05'] = 'Updating';
$_['change_pw_06'] = 'external config file';
$_['change_pw_07'] = 'All fields are required.';
$_['change_un_01'] = 'Username changed!';
$_['change_un_02'] = 'Username NOT changed.';
$_['update_failed'] = 'Update failed - could not save file.';
$_['mcd_msg_01'] = 'file(s) and/or folder(s) moved.'; //#####
$_['mcd_msg_02'] = 'file(s) and/or folder(s) copied.'; //#####
$_['mcd_msg_03'] = 'file(s) and/or folder(s) deleted.'; //#####
}//end Default_Language() //****************************************************
function validate_units($cssvalue) {//******************************************
//Determine if valid units are set for $cssvalue: px, pt, em, or %.
$main_units = mb_substr($cssvalue, -2);
if ( ($main_units != "px") && ($main_units != "pt") && ($main_units != "em") && (mb_substr($cssvalue, -1) != '%')) {
$cssvalue = ($cssvalue * 1).'px'; //If not, assume px.
}
return $cssvalue;
}//end validate_units() //******************************************************
function hsc($input) {//********************************************************
$enc = mb_detect_encoding($input); //It should always be UTF-8 (or ASCII), but, just in case...
if ($enc == 'ASCII') {$enc = 'UTF-8';} //htmlspecialchars() doesn't recognize "ASCII"
return htmlspecialchars($input, ENT_QUOTES, $enc);
}//end hsc() //*****************************************************************
function Convert_encoding($string, $to_enc = "") {//****************************
global $ENC_OS;
//mb_convert_encoding($string, $to_enc, $from_enc)
if ($to_enc == 'UTF-8') {return mb_convert_encoding($string, 'UTF-8', $ENC_OS);} // Convert to UTF-8
else /* default */ {return mb_convert_encoding($string, $ENC_OS, 'UTF-8');} // Convert to server's/OS's filesystem enc
}//end Convert_encoding() //****************************************************
function Session_Startup() {//**************************************************
global $SESSION_NAME, $page, $VALID_POST;
$limit = 0; //0 = session.
$path = '';
$domain = ''; // '' = hostname
$https = false;
$httponly = true; //true = unaccessable via javascript. Some XSS protection.
session_set_cookie_params($limit, $path, $domain, $https, $httponly);
session_name($SESSION_NAME);
session_start();
//Set initial defaults...
$page = 'login';
$VALID_POST = 0;
if ( !isset($_SESSION['valid']) ) { $_SESSION['valid'] = 0; }
//Logging in?
if ( isset($_POST['username']) && isset($_POST['password']) ) { Login_response(); }
session_regenerate_id(true); //Helps prevent session fixation & hijacking.
if ( $_SESSION['valid'] ) { Verify_IDLE_POST_etc(); }
$_SESSION['nuonce'] = sha1(mt_rand().microtime()); //provided in <forms> to verify POST
}//end Session_Startup() //*****************************************************
function Verify_IDLE_POST_etc() {//*********************************************
global $_, $page, $EX, $MESSAGE, $VALID_POST, $MAX_IDLE_TIME;
//Verify consistant user agent. This is set during login. (every little bit helps every little bit)
if ( !isset($_SESSION['user_agent']) || ($_SESSION['user_agent'] != $_SERVER['HTTP_USER_AGENT']) ) { Logout(); }
//Check idle time
if ( isset($_SESSION['last_active_time']) ) {
$idle_time = ( time() - $_SESSION['last_active_time'] );
if ( $idle_time > $MAX_IDLE_TIME ) {
Logout();
$MESSAGE .= hsc($_['verify_msg_01']).'<br>';
return;
}
}
$_SESSION['last_active_time'] = time();
//If POSTing, verify...
if ( isset($_POST['nuonce']) ) {
if ( $_POST['nuonce'] == $_SESSION['nuonce'] ) {
$VALID_POST = 1;
}else{ //If it exists but doesn't match - something's wrong. Probably a page reload.
$page = "index";
$_POST = "";
$MESSAGE .= $EX.'<b>'.hsc($_['verify_msg_02']).'</b><br>';
}
}
}//end Verify_IDLE_POST_etc() //************************************************
function hashit($key,$pre = false) {//******************************************
//This is the super-secret stuff - Keep it secret, keep it safe!
//If you change anything here, or the $SALT, manually update the hash for your password from the Generate Hash page.
global $SALT, $PRE_ITERATIONS;
$hash = trim($key); // trim off leading & trailing whitespace.
//Generally, the "pre-hash" is done client-side during a login attempt, or when changing p/w or u/n.
//However, if generating a hash from the Hash_Page(), do the "pre-hash" now.
if ($pre) { for ( $x=0; $x < $PRE_ITERATIONS; $x++ ) {$hash = hash('sha256', $hash.$SALT);} }
for ( $x=0; $x < 10001; $x++ ) { $hash = hash('sha256', $hash.$SALT); }
return $hash;
}//end hashit() //**************************************************************
function Error_reporting_status_and_early_output($show_status = 0, $show_types = 0) {//
//Display the status of error_reporting(), and ini_get() of display_errors & log_errors.
//Also displays any early output caught by ob_start().
global $_, $early_output;
$E_level = error_reporting();
$E_types = '';
$spc = ' &nbsp; '; // or '<br>' or PHP_EOL or whatever...
if ( $E_level & 1 ) { $E_types .= 'E_ERROR' .$spc; }
if ( $E_level & 2 ) { $E_types .= 'E_WARNING' .$spc; }
if ( $E_level & 4 ) { $E_types .= 'E_PARSE' .$spc; }
if ( $E_level & 8 ) { $E_types .= 'E_NOTICE' .$spc; }
if ( $E_level & 16 ) { $E_types .= 'E_CORE_ERROR' .$spc; }
if ( $E_level & 32 ) { $E_types .= 'E_CORE_WARNING' .$spc; }
if ( $E_level & 64 ) { $E_types .= 'E_COMPILE_ERROR' .$spc; }
if ( $E_level & 128 ) { $E_types .= 'E_COMPILE_WARNING' .$spc; }
if ( $E_level & 256 ) { $E_types .= 'E_USER_ERROR' .$spc; }
if ( $E_level & 512 ) { $E_types .= 'E_USER_WARNING' .$spc; }
if ( $E_level & 1024 ) { $E_types .= 'E_USER_NOTICE' .$spc; }
if ( $E_level & 2048 ) { $E_types .= 'E_STRICT' .$spc; }
if ( $E_level & 4096 ) { $E_types .= 'E_RECOVERABLE_ERROR'.$spc; }
if ( $E_level & 8192 ) { $E_types .= 'E_DEPRECATED' .$spc; }
if ( $E_level & 16384 ) { $E_types .= 'E_USER_DEPRECATED' .$spc; }
if ( $show_status && ( (error_reporting() != 0) ||
(ini_get('display_errors') == 'on') ||
(ini_get('log_errors') == 'on') ) )
{
?> <style>
.E_box {margin: 0; background-color: #F00; font-size: 1em; color: white;
padding: 2px 5px 2px 5px; border: 1px solid white; }
</style>
<?php
echo '<p class="E_box"><b>PHP '.PHP_VERSION.$spc;
echo hsc($_['error_reporting_01']).': '.ini_get('display_errors').'.'.$spc;
echo hsc($_['error_reporting_02']).': '.ini_get('log_errors') .'.'.$spc;
echo hsc($_['error_reporting_03']).': '.error_reporting() .'.'.$spc;
echo 'E_ALL = '.E_ALL.$spc.'</b>';
if ($show_types) {
echo '<br><b>'.hsc($_['error_reporting_04']).': </b>';
echo '<span style="font: 400 .8em arial">'.$E_types.'</span>';
}
echo '</p>';
}//end if (error reporting on)
//$early_output is contents of ob_get_clean(), just before page output.
if (mb_strlen($early_output) > 0 ) {
echo '<pre style="background-color: #F00; border: 0px solid #F00;"><b>';
echo hsc($_['error_reporting_05']).'</b> ';
echo hsc($_['error_reporting_06']).'<b>:</b> ';
echo '<span style="background-color: white; border: 1px solid white">';
echo hsc($early_output).'</span></pre>';
}
}//end Error_reporting_status_and_early_output() //*****************************
function Update_Recent_Pages() {//**********************************************
global $page;
if (!isset($_SESSION['recent_pages'])) { $_SESSION['recent_pages'] = array($page); }
$pages = count($_SESSION['recent_pages']);
//Only update if actually a new page
if ( $page != $_SESSION['recent_pages'][0] ) {
array_unshift($_SESSION['recent_pages'], $page);
$pages = count($_SESSION['recent_pages']);
}
//Only need 3 most recent pages (increase if needed)
if ($pages > 3) { array_pop($_SESSION['recent_pages']); }
}//end Update_Recent_Pages() //*************************************************
function undo_magic_quotes() {//************************************************
function strip_array($var) {
//stripslashes() also handles cases when magic_quotes_sybase is on.
if (is_array($var)) {return array_map("strip_array", $var); }
else {return stripslashes($var); }
}//end strip_array()
if (get_magic_quotes_gpc()) {
if (isset($_GET)) { $_GET = strip_array($_GET); }
if (isset($_POST)) { $_POST = strip_array($_POST); }
if (isset($_COOKIE)) { $_COOKIE = strip_array($_COOKIE); }
}
}//end undo_magic_quotes() //***************************************************
function Validate_params() {//**************************************************
global $_, $ipath, $filename, $page, $param1, $param2, $param3, $IS_OFCMS, $EX, $MESSAGE;
//Pages that require a valid $filename
$file_pages = array("edit", "renamefile", "copyfile", "deletefile");
//Make sure $filename & $page go together
if ( ($filename != "") && !in_array($page, $file_pages) ) { $filename = ""; }
if ( ($filename == "") && in_array($page, $file_pages) ) { $page = "index"; }
//Init $param's used in <a> href's & <form> actions
$param1 = '?i='.URLencode_path($ipath); //$param1 must not be blank.
if ($filename == "") { $param2 = ""; } else { $param2 = '&amp;f='.rawurlencode(basename($filename)); }
if ($page == "" ) { $param3 = ""; } else { $param3 = '&amp;p='.$page; }
//Used to restrict edit/del/etc. on active copy of OneFileCMS.
$IS_OFCMS = 0;
if ($filename == trim($_SERVER['SCRIPT_NAME'], '/')) { $IS_OFCMS = true; }
}//end Validate_params() //*****************************************************
function Valid_Path($path, $gotoroot=true) {//**********************************
//$gotoroot: if true, return to index page of $ACCESS_ROOT.
global $ipath, $ipath_OS, $filename, $param1, $param2, $param3, $ACCESS_ROOT, $ACCESS_ROOT_len, $MESSAGE;
//Limit access to the folder $ACCESS_ROOT:
//$ACCESS_ROOT = some/root/path/
//$path = some/root/path/...(or deeper) : good
//$path = some/root/ : bad
//$path = some/other/path/ : bad
$path_len = mb_strlen($path);
$path_root = mb_substr($path, 0, $ACCESS_ROOT_len);
$good_path = false;
if (isset($_SESSION['admin_page']) && $_SESSION['admin_page']) {
//Permit Admin actions: changing p/w, u/n, viewing OneFile...
$ACCESS_ROOT == '';
return true;
}
elseif ( $path_len < $ACCESS_ROOT_len ) { $good_path = false; }
else { $good_path = ($path_root == $ACCESS_ROOT); }
if (!$good_path && $gotoroot) {
$ipath = $ACCESS_ROOT;
$ipath_OS = Convert_encoding($ipath);
$filename = '';
//$page = 'index'; //#### If set to index here, can't logout.
$param1 = '?i='.$ipath;
$param2 = '';
$param3 = '';
$_GET = '';
$_POST = '';
}
return $good_path;
}//end Valid_Path() //**********************************************************
function Get_GET() {//**** Get URL passed parameters ***************************
global $_, $ipath, $ipath_OS, $filename, $filename_OS, $page, $VALID_PAGES, $EX, $MESSAGE;
// i=some/path/, f=somefile.xyz, p=somepage, m=somemessage
// $ipath = i , $filename = $ipath.f , $page = p , $MESSAGE
// (NOTE: in some functions $filename = just the file's name, ie: $_GET['f'], with no path/)
//##### (Normalize $filename program-wide??)
// Perform initial, basic, validation.
// Get_GET() should not be called unless $_SESSION['valid'] == 1 (or true)
//Initialize & validate $ipath
$ipath = $ipath_OS = "";
if (isset($_GET["i"])) {
$ipath = Check_path($_GET["i"],1);
$ipath_OS = Convert_encoding($ipath);
if ( $ipath === false || !is_dir($ipath_OS)) { $ipath = $ipath_OS = ''; }
}
//Initialize & validate $filename
if (isset($_GET["f"])) { $filename = $ipath.$_GET["f"]; } else { $filename = ""; }
$filename_OS = Convert_encoding($filename);
if ( ($filename != "") && !is_file($filename_OS) ) {
$MESSAGE .= $EX.'<b>'.hsc($_['get_get_msg_01']).'</b> ';
$MESSAGE .= hsc(dir_name($filename)).'<b>'.hsc(basename($filename)).'</b><br>';
$filename = $filename_OS = "";
}
//Initialize & validate $page
if (isset($_GET["p"])) { $page = $_GET["p"]; } else { $page = "index"; }
if (!in_array($page, $VALID_PAGES)) {
$MESSAGE .= $EX.hsc($_['get_get_msg_02']).' <b>'.hsc($page).'</b><br>';
$page = "index"; //If invalid $_GET["p"]
}
//Sanitize any message. Initialized on line 1 / top of this file.
if (isset($_GET["m"])) { $MESSAGE .= hsc($_GET["m"]); }
}//end Get_GET() //*************************************************************
function Verify_Page_Conditions() {//*******************************************
global $_, $ONESCRIPT_file, $ipath, $ipath_OS, $param1, $filename, $filename_OS, $page, $EX, $MESSAGE,
$VALID_POST, $IS_OFCMS;
//If exited admin pages, restore $ipath
if ( ($page == "index") && $_SESSION['admin_page'] ) {
//...unless clicked www/some/path/ from edit or copy page while in admin pages.
if ( ($_SESSION['recent_pages'][0] != 'edit') && ($_SESSION['recent_pages'][0] != 'copyfile') ){
$ipath = $_SESSION['admin_ipath'];
$param1 = '?i='.URLencode_path($ipath);
}
$_SESSION['admin_page'] = false;
$_SESSION['admin_ipath'] = '';
}
//Don't load login screen when already in a valid session.
//$_SESSION['valid'] may be false after Respond_to_POST()
elseif ( ($page == "login") && $_SESSION['valid'] ) { $page = "index"; }
elseif ( $page == "logout" ) {
Logout();
$MESSAGE .= hsc($_['logout_msg']);
}
//Don't load rename or delete folder pages at webroot.
elseif ( ($page == "deletefolder" || $page == "renamefolder") && ($ipath == "") ) {
$page = "index";
}
//Prep MCD_Page() to delete a single folder selected via (x) icon on index page.
elseif ($page == "deletefolder") {
$_POST['files'][1] = basename($ipath); //Must precede next line (change of $ipath).
$ipath = dir_name($ipath);
$ipath_OS = Convert_encoding($ipath);
$param1 = '?i='.$ipath;
}
//There must be at least one 'file', and 'mcdaction' must = "move", "copy", or "delete"
elseif ($page == "mcdaction") {
if (!isset($_POST['mcdaction'] )) { $page = "index"; }
elseif (!isset($_POST['files']) ) { $page = "index"; }
elseif ( ($_POST['mcdaction'] != "move") && ($_POST['mcdaction'] != "copy") && ($_POST['mcdaction'] != "delete") ) {
$page = "index";
}
}
//if size of $_POST > post_max_size, PHP only returns empty $_POST & $_FILE arrays.
elseif ( ($page == "uploaded") && !$VALID_POST ) {
$MESSAGE .= $EX.'<b> '.hsc($_['upload_error_01a']).' '.ini_get('post_max_size').'</b> '.hsc($_['upload_error_01b']).'<br>';
$page = "index";
}
//[View Raw] file contents in a browser window (in plain text, NOT HTML).
if ($page == "raw_view"){
ob_start();
$raw_contents = file_get_contents($filename_OS);
$file_ENC = mb_detect_encoding($raw_contents); //ASCII, UTF-8, etc...
header('Content-type: text/plain; charset=utf-8');
echo mb_convert_encoding($raw_contents, 'UTF-8', $file_ENC);
die;
}
}//end Verify_Page_Conditions() //**********************************************
function has_invalid_char($string) {//******************************************
global $INVALID_CHARS;
$INVALID_CHARS_array = explode(' ', $INVALID_CHARS);
foreach ($INVALID_CHARS_array as $bad_char) {
if (mb_strpos($string, $bad_char) !== false) { return true; }
}
return false;
}//end has_invalid_char() //****************************************************
function URLencode_path($path){ // don't encode the forward slashes ************
$path = str_replace('\\','/',$path); //Make sure all forward slashes.
$TS = ''; // Trailing Slash/
if (mb_substr($path, -1) == '/' ) { $TS = '/'; } //start with a $TS?
$path_array = explode('/',$path);
$path = "";
foreach ($path_array as $level) { $path .= rawurlencode($level).'/'; }
$path = rtrim($path,'/').$TS; //end with $TS only if started with one
return $path;
}//end URLencode_path() //******************************************************
function dir_name($path) {//****************************************************
//Modified dirname().
$parent = dirname($path);
if ($parent == "." || $parent == "/" || $parent == '\\' || $parent == "") { return ""; }
else { return $parent.'/'; }
}//end dir_name() //************************************************************
function Check_path($path, $show_msg = false) {//*******************************
// check for invalid characters & "dot" or "dot dot" path segments.
// Does NOT check if exists - only if of valid construction.
global $_, $MESSAGE, $EX, $INVALID_CHARS, $WHSPC_SLASH;
$path = str_replace('\\','/',$path); //Make sure all forward slashes.
$path = trim($path, $WHSPC_SLASH); // trim whitespace & slashes
if ( ($path == "") || ($path == ".") ){ return ""; } // At root.
$err_msg = "";
$errors = 0;
$pathparts = explode( '/', $path);
foreach ($pathparts as $part) {
//Check for any '.' and '..' parts of the path to protect directories outside webroot.
//They also cause issues in <h2>www / current / path /</h2>
if ( ($part == '.') || ($part == '..') ) {
$err_msg .= $EX.' <b>'.hsc($_['check_path_msg_02']).'</b><br>';
$errors++;
break;
}
//Check for invalid characters
$invalid_chars = str_replace(' /','',$INVALID_CHARS); //The forward slash is not present, or invalid, at this point.
if ( has_invalid_char($part) ) {
$err_msg .= $EX.' <b>'.hsc($_['check_path_msg_03']).' &nbsp; <span class="mono"> '.$invalid_chars.'</span></b><br>';
$errors++;
break;
}
}
if ($errors > 0) {
if ($show_msg) { $MESSAGE .= $err_msg; }
return false;
}
return $path.'/';
}//end Check_path() //**********************************************************
function Sort_Seperate($path, $full_list) {//***********************************
//Sort list, then seperate folders & files
natcasesort($full_list);
$files= array();
$folders= array();
$F=1; $D=1; //indexes
foreach ( $full_list as $item ) {
if ( ($item == '.') || ($item == '..') || ($item == "")){ continue; }
$fullpath_OS = Convert_encoding($path.$item);
if (is_dir($fullpath_OS)) { $folders[$D++] = $item; }
else { $files[$F++] = $item; }
}
return array_merge($folders, $files);
}//end Sort_Seperate() //*******************************************************
function add_serial_num($filename, &$msg) {//***********************************
//if file_exists(file.txt), add serial# to filename until it doesn't
//ie: file.txt.001, file.txt.002, file.txt.003 etc...
global $_, $EX;
$ordinal = 0;
//Convert $filename to server's File Syetem encoding
$savefile = $filename;
$savefile_OS = Convert_encoding($savefile);
if (file_exists($savefile_OS)) {
$msg .= $EX.hsc($_['ord_msg_01']).'<br>';
while (file_exists($savefile_OS)) {
$ordinal = sprintf("%03d", ++$ordinal); // 001, 002, 003, etc...
$savefile = $filename.'.'.$ordinal;
$savefile_OS = Convert_encoding($savefile);
}
$msg .= '<b>'.hsc($_['ord_msg_02']).':</b> <span class="filename">'.hsc(basename($savefile)).'</span>';
}
return $savefile;
}//end add_serial_num() //******************************************************
function supports_svg() {//*****************************************************
//IE < 9 is the only browser checked for currently.
//EX: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0)
$USER_AGENT = $_SERVER['HTTP_USER_AGENT'];
$pos_MSIE = mb_strpos($USER_AGENT, 'MSIE ');
$old_ie = false;
if ($pos_MSIE !== false) {
$ie_ver = mb_substr($USER_AGENT, ($pos_MSIE+5), 1);
$old_ie = ( $ie_ver < 9 );
}
return !$old_ie;
}//end supports_svg() //********************************************************
function rCopy( $old_path, $new_path ) {//**************************************
global $_, $WHSPC_SLASH, $EX, $MESSAGE;
//Recursively copy $old_path to $new_path
//Both $old_ & $new_path must ALREADY be in OS/file system's encoding.
//(ie: usually UTF-8, but often ISO-8859-1 for Windows.)
//Return number of successful copy's + mkdir's, or 0 on error.
//$old_path & $new_path must already be in OS/filesystem's file name encoding
//Avoid a bottomless pit of sub-directories:
// ok: copy root/1/ to root/1/Copy_of_1/
//NOT OK: copy root/1/ to root/1/2/Copy_of_1/
//
$error_code = 0;
//First, trim / and white-space that will mess up strlen() check.
$old_path = trim($old_path,$WHSPC_SLASH);
$new_path = trim($new_path,$WHSPC_SLASH);
//
$test_path = dirname($new_path);
while (mb_strlen($test_path) >= mb_strlen($old_path)) {
$test_path = dirname($test_path);
if ( $test_path == $old_path ) {
$MESSAGE .= $EX.' <b>'.hsc($_['rCopy_msg_01']).'</b><br>';
return 0;
}
}
if ( is_file($old_path) ) { return (copy($old_path, $new_path)*1); }
if ( is_dir($old_path) ) {
$dir_list = scandir($old_path); //MUST come before mkdir().
$error_code = (mkdir($new_path, 0755)*1);
if ( sizeof($dir_list) > 0 ) {
foreach ( $dir_list as $file ) {
if ( $file == "." || $file == ".." ) { continue; }
$error_code += rCopy( $old_path.'/'.$file, $new_path.'/'.$file);
}
}
return $error_code;
}
return 0; //$old_path doesn't exist, or, I don't know what it is.
}//end rCopy() //***************************************************************
function rDel($path) {//********************************************************
//Recursively delete $path & all sub-folders & files.
//Returns number of successful unlinks & rmdirs.
$path = trim($path, '/'); //Protect against deleting files outside of webroot.
if ($path == "") { $path = '.'; }
$path_OS = Convert_encoding($path);
$count = 0;
if ( is_file($path_OS) ) { return (unlink($path_OS)*1); }
if ( is_dir($path_OS) ) {
$dir_list = scandir($path_OS);
foreach ( $dir_list as $dir_item ) {
$dir_item_OS = Convert_encoding($dir_item);
if ( ($dir_item == '.') || ($dir_item =='..') ) {continue;}
$count += rDel($path.'/'.$dir_item);
}
$count += rmdir($path_OS);
return $count;
}
return false; //$path doesn't exists, or, I don't know what it is...
}//end rDel() //****************************************************************
function Current_Path_Header() {//**********************************************
// Current path. ie: webroot/current/path/
// Each level is a link to that level.
global $ONESCRIPT, $ipath, $WEB_ROOT, $ACCESS_ROOT, $ACCESS_ROOT_len, $TABINDEX, $MESSAGE;
$unaccessable = '';
$_1st_accessable = trim($WEB_ROOT, ' /');
$remaining_path = trim(mb_substr($ipath, $ACCESS_ROOT_len), ' /');
if ($ACCESS_ROOT != '') {
$unaccessable = dirname($ACCESS_ROOT);
$_1st_accessable = basename($ACCESS_ROOT);
if ($unaccessable == '.') { $unaccessable = $WEB_ROOT; }
else { $unaccessable = $WEB_ROOT.dirname($ACCESS_ROOT).'/'; }
$unaccessable = '&nbsp;'.hsc(trim(str_replace('/', ' / ',$unaccessable)));
}
echo '<h2 id="path_header">';
//Root (or $ACCESS_ROOT) folder of web site.
$p1 = '?i='.URLencode_path($ACCESS_ROOT);
echo $unaccessable.'<a id=path_0 tabindex='.$TABINDEX++.' href="'.$ONESCRIPT.$p1.'" class="path">'.hsc($_1st_accessable).'</a>/';
$x=0; //need here for focus() in case at webroot.
if ($remaining_path != "" ) { //if not at root, show the rest
$path_levels = explode("/",trim($remaining_path,'/') );
$levels = count($path_levels); //If levels=3, indexes = 0, 1, 2 etc...
$current_path = "";
for ($x=0; $x < $levels; $x++) {
$current_path .= $path_levels[$x].'/';
$p1 = '?i='.URLencode_path($ACCESS_ROOT.$current_path);
echo '<a id="path_'.($x+1).'" tabindex='.$TABINDEX++.' href="'.$ONESCRIPT.$p1.'" class="path">';
echo hsc($path_levels[$x]).'</a>/';
}
}//end if(not at root)
echo '</h2>';
}//end Current_Path_Header() //*************************************************
function Page_Header() {//******************************************************
global $_, $DOC_ROOT, $ONESCRIPT, $page, $WEBSITE, $MAIN_TITLE, $OFCMS_version, $FAVICON, $TABINDEX, $MESSAGE;
$TABINDEX = 1; //Initial tabindex
$favicon_img = '';
if (file_exists($DOC_ROOT.trim($FAVICON,'/'))) {
$favicon_img = '<img src="/'.URLencode_path($FAVICON).'" alt="">';
}
echo '<div id="header">';
echo '<a href="'.$ONESCRIPT.'" id="logo" tabindex='.$TABINDEX++.'>'.hsc($MAIN_TITLE).'</a> '.$OFCMS_version.' ';
$on_php = '('.hsc($_['on']).'&nbsp;php&nbsp;'.phpversion().')';
if ($_SESSION["valid"]) { $on_php = '<a id=on_php tabindex='.$TABINDEX++.' href="'.$ONESCRIPT.'?p=phpinfo'.'" target=_blank>'.$on_php.'</a>';}
echo $on_php;
echo '<div class="nav">';
echo '<b><a id=website href="/" tabindex='.$TABINDEX++.' target="_blank">'.$favicon_img.' '.hsc($WEBSITE).'</a></b>';
if ($page != "login") { echo ' | <a id=logout tabindex='.$TABINDEX++.' href="'.$ONESCRIPT.'?p=logout">'.hsc($_['Log_Out']).'</a>'; }
echo '</div><div class=clear></div>';
echo '</div>';//<!-- end header -->
}//end Page_Header() //*********************************************************
function Cancel_Submit_Buttons($submit_label) {//*******************************
//$submit_label = Rename, Copy, Delete, etc...
global $_, $ONESCRIPT, $ipath, $param1, $param2, $page;
$params = $param1.$param2.'&amp;p='. $_SESSION['recent_pages'][1]; //.'&amp;m='.hsc($_['cancelled']) not sure I like this.
?>
<p>
<button type="button" class="button" id="cancel" onclick="parent.location = '<?php echo $ONESCRIPT.$params ?>'">
<?php echo hsc($_['Cancel']) ?></button>
<button type="submit" class="button" id="submitty" style="margin-left: 1em;"><?php echo hsc($submit_label);?></button>
<script>document.getElementById("cancel").focus();</script>
<?php
}//end Cancel_Submit_Buttons() //***********************************************
function show_image() {//*******************************************************
global $_, $filename, $MAX_IMG_W, $MAX_IMG_H;
$IMG = $filename;
$img_info = getimagesize($IMG);
$W=0; $H=1; //indexes for $img_info[]
$SCALE = 1; $SCALE_W = 1; $SCALE_H = 1;
if ($img_info[$W] > $MAX_IMG_W) { $SCALE_W = ( $MAX_IMG_W/$img_info[$W] );}
if ($img_info[$H] > $MAX_IMG_H) { $SCALE_H = ( $MAX_IMG_H/$img_info[$H] );}
//Set $SCALE to the more restrictive scale.
if ( $SCALE_W > $SCALE_H ) { $SCALE = $SCALE_H; } //ex: if (.90 > .50)
else { $SCALE = $SCALE_W; } //If _H >= _W, or both are 1
//For languages with longer words that don't fit next to [Wide] & [Close] buttons.
if ($_['image_info_pos']){ echo '<div class=clear></div>'."\n"; }
echo '<p class="image_info">';
echo hsc($_['show_img_msg_01']).round($SCALE*100).
hsc($_['show_img_msg_02']).' '.$img_info[0].' x '.$img_info[1].').</p>';
echo '<div class=clear></div>'."\n";
echo '<a href="/'.URLencode_path($IMG).'" target="_blank">'."\n";
echo '<img src="/'.URLencode_path($IMG).'" width="'.($img_info[$W] * $SCALE).'"></a>'."\n";
}//end show_image() //**********************************************************
function Timeout_Timer($COUNT, $ID, $ACTION="") {//*****************************
global $DELAY_Start_Countdown;
return '<script>setTimeout(\'Start_Countdown('.$COUNT.',"'.$ID.'","'.$ACTION.'")\','.$DELAY_Start_Countdown.');</script>';
}//end Timeout_Timer() //*******************************************************
function Init_Macros() {//**** ($varibale="some reusable chunk of code")********
global $_, $ONESCRIPT, $param1, $param2, $INPUT_NUONCE, $FORM_COMMON, $PWUN_RULES;
$INPUT_NUONCE = '<input type="hidden" name="nuonce" value="'.$_SESSION['nuonce'].'">'."\n";
$FORM_COMMON = '<form method="post" action="'.$ONESCRIPT.$param1.$param2.'">'.$INPUT_NUONCE."\n";
$PWUN_RULES = '<p>'.hsc($_['pw_txt_02']);
$PWUN_RULES .= '<ol><li>'.hsc($_['pw_txt_04']).'<li>'.hsc($_['pw_txt_06']);
$PWUN_RULES .= '<li>'.hsc($_['pw_txt_10']).'<li>'.hsc($_['pw_txt_08']).'</ol>';
}//end Init_Macros() //*********************************************************
function Init_ICONS() {//********************************************************
global $ICONS;
//*********************************************************************
function icon_txt($border='#333', $lines='#000', $fill='#FFF', $extra1="", $extra2=""){
return '<svg version="1.1" width="14" height="16">'.
'<rect x = "0" y = "0" width = "14" height = "16" fill="'.$fill.'" stroke="'.$border.'" stroke-width="2" />'.$extra2.
'<line x1="3" y1="3.5" x2="11" y2="3.5" stroke="'.$lines.'" stroke-width=".6"/>'.
'<line x1="3" y1="6.5" x2="11" y2="6.5" stroke="'.$lines.'" stroke-width=".6"/>'.
'<line x1="3" y1="9.5" x2="11" y2="9.5" stroke="'.$lines.'" stroke-width=".6"/>'.
'<line x1="3" y1="12.5" x2="11" y2="12.5" stroke="'.$lines.'" stroke-width=".6"/>'.$extra1.'</svg>';
}//end icon_txt() //***************************************************
function icon_folder($extra = "") {//**********************************
return '<svg version="1.1" width="18" height="14"><g transform="translate(0,0)">'.
'<path d="M0.5, 1 L8,1 L9,2 L9,3 L16.5,3 L17,3.5 L17,13.5 L.5,13.5 L.5,.5" '.
'fill="#F0CD28" stroke="rgb(200,170,15)" stroke-width="1" />'.
'<path d="M1.5, 8 L7, 8 L8.5,6.3 L16,6.3 L7.5, 6.3 L6.5,7.5 L1.5,7.5" '.
'fill="transparent" stroke="white" stroke-width="1" />'.
'<path d="M1.5,13 L1.5,2 L7.5,2 L8.5,3 L8.5,4 L15.5,4 L16,4.5 L16,13" '.
'fill="transparent" stroke="white" stroke-width="1" />'.
$extra.'</g></svg>';
}//end icon_folder() //************************************************
//Some common components
$circle_x = '<circle cx="5" cy="5" r="5" stroke="#D00" stroke-width="1.3" fill="#D00"/>'.
'<line x1="2.5" y1="2.5" x2="7.5" y2="7.5" stroke="white" stroke-width="1.5"/>'.
'<line x1="7.5" y1="2.5" x2="2.5" y2="7.5" stroke="white" stroke-width="1.5"/>';
$circle_plus = '<circle cx="5" cy="5" r="5" stroke="#080" stroke-width="0" fill="#080"/>'.
'<line x1="2" y1="5" x2="8" y2="5" stroke="white" stroke-width="1.5" />'.
'<line x1="5" y1="2" x2="5" y2="8" stroke="white" stroke-width="1.5" />';
$circle_plus_rev = '<circle cx="5" cy="5" r="5" stroke="#080" stroke-width="1.3" fill="white"/>'.
'<line x1="2" y1="5" x2="8" y2="5" stroke="#080" stroke-width="1.5" />'.
'<line x1="5" y1="2" x2="5" y2="8" stroke="#080" stroke-width="1.5" />';
$pencil = '<polygon points="2,0 9,7 7,9 0,2" stroke-width="1" stroke="darkgoldenrod" fill="rgb(246,222,100)"/>'.
'<path d="M0,2 L0,0 L2,0" stroke="tan" stroke-width="1" fill="tan"/>'.
'<path d="M0,1.5 L0,0 L1.5,0" stroke="black" stroke-width="1.5" fill="transparent"/>'.
'<line x1="7.3" y1="10" x2="10" y2="7.3" stroke="silver" stroke-width="1"/>'.
'<line x1="8.1" y1="10.8" x2="10.8" y2="8.1" stroke="red" stroke-width="1"/>';
$img_0 = '<rect x="0" y="0" width="14" height="16" fill="#FF8" stroke="#44F" stroke-width="2"/>'.
'<rect x="2" y="2" width="5" height="5" fill="#F66" stroke-width="0" />'.
'<rect x="7.5" y="6" width="5" height="5" fill="#6F6" stroke-width="0" />'.
'<rect x="2" y="10" width="5" height="5" fill="#66F" stroke-width="0" />';
$arc_arrow = '<path d="M 3.5,12 a 30,30 0 0,1 9,-9 l -1.5,-2.4 l 6,1.3 l -1.6,6 l -1.5,-2.4'.
' a 30,30 0 0,0 -9,6.5 Z" fill="white" stroke="blue" stroke-width="1.1" />';
$up_arrow = '<polygon points="6,0 12,6 8,6 8,11 4,11 4,6 0,6" stroke-width="1" stroke="white" fill="green" />';
$zero = '<rect x="0" y="0" width="3" height="6" fill="transparent" stroke="#555" stroke-width="1" />';
$one = '<line x1="0" y1="-.5" x2="0" y2="6.5" stroke="#555" stroke-width="1"/>';
$extra_up = '<g transform="scale(1.1) translate(1.75,4)">'.$up_arrow.'</g>';
$extra_new = '<g transform="translate(4,6)">'.$circle_plus.'</g>';
$extra_z = '<text x="4" y="12" style="font-size:8pt;font-weight:900;fill:blue ;font-family:Arial;">z</text>';
//The icons
$ICONS['bin'] = '<svg version="1.1" width="14" height="16">'.
'<g transform="translate( 0.5,0.5)">'.$one .'</g>'.
'<g transform="translate( 3.5,0.5)">'.$zero.'</g>'.'<g transform="translate( 9.5,0.5)">'.$one .'</g>'.
'<g transform="translate(12.5,0.5)">'.$one .'</g>'.'<g transform="translate( 0.5,9.5)">'.$zero.'</g>'.
'<g transform="translate( 6.5,9.5)">'.$one .'</g>'.'<g transform="translate( 9.5,9.5)">'.$zero.'</g>'.
'</svg>';
$ICONS['z'] = icon_txt('#333','#FFF','#FFF',$extra_z);
$ICONS['img'] = '<svg version="1.1" width="14" height="16">'.$img_0.'</svg>';
$ICONS['svg'] = icon_txt('#333', '#444', '#FFF', "", $img_0);
$ICONS['txt'] = icon_txt('#333', '#000', '#FFF');
$ICONS['htm'] = icon_txt('#444', '#222', '#FABEAA'); //rgb(250,190,170)
$ICONS['php'] = icon_txt('#333', '#111', '#C3C3FF'); //rgb(195,195,225)
$ICONS['css'] = icon_txt('#333', '#111', '#FFE1A5'); //rgb(255,225,165)
$ICONS['cfg'] = icon_txt('#444', '#111', '#DDD');
$ICONS['dir'] = icon_folder();
$ICONS['folder'] = icon_folder();
$ICONS['folder_new'] = icon_folder('<g transform="translate(7.5,4)">'.$circle_plus.'</g>');
$ICONS['upload'] = icon_txt('#333', 'black', 'white', $extra_up);
$ICONS['file_new'] = icon_txt('#444', 'black', 'white', $extra_new);
$ICONS['ren_mov'] = icon_folder('<g transform="translate(2.5,3)">'.$pencil.'</g>'.$arc_arrow);
$ICONS['move'] = icon_folder($arc_arrow);
$ICONS['copy'] = '<svg version="1.1" width="12" height="14"><g transform="translate(1,2)">'.$circle_plus_rev.'</g></svg>';
$ICONS['delete'] = '<svg version="1.1" width="12" height="14"><g transform="translate(1,2)">'.$circle_x.'</g></svg>';
$ICONS['up_dir'] = icon_folder('<g transform="scale(1.1) translate(1.75,2) rotate(-45, 5, 5)">'.$up_arrow.'</g>');
if (!supports_svg()) { //Text "icons" if SVG not supported. Mostly for IE < 9
foreach ($ICONS as $key=> $value) { $ICONS[$key] = ""; }
$ICONS['up_dir'] = '[&lt;]';
$ICONS['dir'] = '[+]';
$ICONS['folder'] = '[+]';
$ICONS['ren_mov'] = '<span class="RCD1 R">&gt;</span>';
$ICONS['move'] = '<span class="RCD1 R">&gt;</span>';
$ICONS['copy'] = '<span class="RCD1 C">+</span>';
$ICONS['delete'] = '<span class="RCD1 D">x</span>';
}
}//end Init_ICONS() {//*********************************************************
function List_File($file, $file_url) {//****************************************
global $_, $ONESCRIPT, $ICONS;
$file_OS = Convert_encoding($file);
clearstatcache ();
$href = $ONESCRIPT.'?i='.dir_name(trim($file_url,'/')).'&amp;f='.basename($file_url);
$edit_link = '<a href="'.$href.'&amp;p=edit'.'" id="old_backup">'.hsc(basename($file)).'</a>';
?>
<tr>
<td><a href="<?php echo $href.'&amp;p=deletefile' ?>" class="button" id="del_backup">
<?php echo $ICONS['delete'].'&nbsp;'.hsc($_['Delete']) ?></a></td>
<td class="file_name"><?php echo $edit_link; ?></td>
<td class="meta_T file_size">&nbsp; <?php echo number_format(filesize($file_OS)); ?> B </td>
<td class="meta_T file_time"> &nbsp;<script>FileTimeStamp(<?php echo filemtime($file_OS); ?>, 1, 0, 1);</script></td>
</tr>
<?php
}//end List_File() //***********************************************************
function List_Backups_and_Logs() {//********************************************
global $_, $ONESCRIPT_backup, $ONESCRIPT_file, $ONESCRIPT_file_backup,
$CONFIG_backup, $CONFIG_FILE_backup, $LOGIN_LOG_url, $LOGIN_LOG_file;
//Indicate if a login log or backups (from a prior p/w or u/n change) exist.
$CONFIG_FILE_backup_OS = Convert_encoding($CONFIG_FILE_backup);
$ONESCRIPT_file_backup_OS = Convert_encoding($ONESCRIPT_file_backup);
$LOGIN_LOG_file_OS = Convert_encoding($LOGIN_LOG_file);
clearstatcache ();
$backup_found = $log_found = false;
if (is_file($ONESCRIPT_file_backup_OS) || is_file($CONFIG_FILE_backup_OS) ) { $backup_found = true; }
if (is_file($LOGIN_LOG_file_OS)) { $log_found = true; }
if ( $backup_found || $log_found ) {
echo '<table class="index_T">';
if ($log_found) { List_File($LOGIN_LOG_file, $LOGIN_LOG_url); }
if (is_file($ONESCRIPT_file_backup_OS)) { List_File($ONESCRIPT_file_backup, $ONESCRIPT_backup); }
if (is_file($CONFIG_FILE_backup_OS)) { List_File($CONFIG_FILE_backup, $CONFIG_backup); }
echo '</table>';
if ($backup_found) {
echo '<p style="margin-top: .5em"><b>'.hsc($_['admin_txt_00']).'</b></p>';
echo '<p>'.hsc($_['admin_txt_01']);
}
echo '<hr>';
}//end of check for backup
}//end List_Backups_and_Logs() //***********************************************
function Admin_Page() {//*******************************************************
global $_, $ONESCRIPT, $ipath, $filename, $param1, $param2, $MAIN_TITLE;
// Restore/Preserve $ipath prior to admin page in case OneFileCMS is edited (which would change $ipath).
if ( $_SESSION['admin_page'] ) { $ipath = $_SESSION['admin_ipath'];
$param1 = '?i='.URLencode_path($ipath); }
else { $_SESSION['admin_page'] = true;
$_SESSION['admin_ipath'] = $ipath; }
// [Close] returns to either the index or edit page.
$params = "";
if ($filename != "") { $params = $param2.'&amp;p=edit'; }
$button_attribs = '<button type="button" class="button" onclick="parent.location =\''.$ONESCRIPT;
$edit_params = '?i='.dir_name($ONESCRIPT).'&amp;f='.basename($ONESCRIPT).'&amp;p=edit';
echo '<h2>'.hsc($_['Admin_Options']).'</h2>';
echo '<span class="admin_buttons">';
echo $button_attribs.$param1.$params.'\'" id="close">'.hsc($_['Close']).'</button>';
echo $button_attribs.$param1.'&amp;p=changepw\'">'.hsc($_['pw_change']).'</button>';
echo $button_attribs.$param1.'&amp;p=changeun\'">'.hsc($_['un_change']).'</button>';
echo $button_attribs.$param1.'&amp;p=hash\'">'.hsc($_['Generate_Hash']).'</button>';
echo $button_attribs.$edit_params.'\'">'.hsc($_['View'].' '.$MAIN_TITLE).'</button>';
echo '</span>';
echo '<div class="info">';
List_Backups_and_Logs();
echo '<p><b>'.hsc($_['admin_txt_02']).'</b>';
echo '<p>' .hsc($_['admin_txt_16']);
echo '<p>'.hsc($_['admin_txt_14']);
echo '</div>'; //end class=info
echo '<script>document.getElementById("close").focus();</script>';
}//end Admin_Page() //**********************************************************
function Hash_Page() {//********************************************************
global $_, $ONESCRIPT, $param1, $param3, $INPUT_NUONCE, $PWUN_RULES;
if (!isset($_POST['whattohash'])) { $_POST['whattohash'] = ''; }
?>
<style>#message_box {font-family: courier; min-height: 3.1em;}</style>
<h2><?php echo hsc($_['Generate_Hash']) ?></h2>
<form id="hash" name="hash" method="post" action="<?php echo $ONESCRIPT.$param1.$param3; ?>">
<?php echo $INPUT_NUONCE; ?>
<?php echo hsc($_['pass_to_hash']) ?>
<input type="text" name="whattohash" id="whattohash" value="<?php echo hsc($_POST['whattohash']) ?>">
<p><?php Cancel_Submit_Buttons($_['Generate_Hash']) ?>
<script>document.getElementById('whattohash').focus()</script>
</form>
<div class="info">
<p><?php echo hsc($_['hash_txt_01']) ?><br>
<ol><li><?php echo hsc($_['hash_txt_06']) ?><br>
<?php echo hsc($_['hash_txt_07']) ?>
<li><?php echo hsc($_['hash_txt_08']) ?><br>
<?php echo hsc($_['hash_txt_09']) ?><br>
<?php echo hsc($_['hash_txt_10']) ?><br>
<li><?php echo hsc($_['hash_txt_12']) ?>
</ol>
<?php echo $PWUN_RULES ?>
</div>
<?php
}//end Hash_Page() //***********************************************************
function Hash_response() {//****************************************************
global $_, $MESSAGE;
$_POST['whattohash'] = trim($_POST['whattohash']); // trim whitespace.
//Ignore/don't hash an empty string - passwords can't be blank.
if ($_POST['whattohash'] == "") { return; }
//The second parameter to hashit(), 1, tells hashit() to also do the "pre-hash", which is
//normally done client-side during a login attempt, p/w change, or u/n change.
$MESSAGE .= hsc($_['Password']).': '.hsc($_POST['whattohash']).'<br>';
$MESSAGE .= hsc($_['Hash']).': '.hashit($_POST['whattohash'], 1).'<br>';
}//end Hash_response() //*******************************************************
//******************************************************************************
function Change_PWUN_Page($pwun, $type, $page_title, $label_new, $label_confirm) {
//$pwun must = "pw" or "un"
global $_, $EX, $ONESCRIPT, $param1, $param2, $param3, $INPUT_NUONCE, $PWUN_RULES;
$params = $param1.$param2.'&amp;p='. $_SESSION['recent_pages'][1];
?>
<?php //preserve space for message_box even when there's no message. ?>
<style>#message_box {min-height: 2em;}</style>
<h2><?php echo hsc($page_title) ?></h2>
<form id="change" method="post" action="<?php echo $ONESCRIPT.$param1.$param3; ?>">
<input type="hidden" name="<?php echo $pwun ?>" value="">
<?php echo $INPUT_NUONCE; ?>
<p><?php echo hsc($_['pw_current']) ?><br>
<input type="password" name="password" id="password" value="">
<p><?php echo hsc($label_new) ?><br>
<input type="<?php echo $type ?>" name="new1" id="new1" value="">
<p><?php echo hsc($label_confirm) ?><br>
<input type="<?php echo $type ?>" name="new2" id="new2" value="">
<p><input type="button" class="button" id="cancel" value="<?php echo hsc($_['Cancel']) ?>"
onclick="parent.location = '<?php echo $ONESCRIPT.$params ?>'">
<input type="button" class="button" id="submitty" value="<?php echo hsc($_['Submit']) ?>" style="margin-left: 1em;">
<script>document.getElementById('password').focus()</script>
</form>
<div class="info">
<?php echo $PWUN_RULES ?>
<p><?php echo hsc($_['pw_txt_12']) ?>
<p><?php echo hsc($_['pw_txt_14']) ?>
</div>
<?php
//Note: The button with id="submitty" above must NOT be of type="submit",
//NOR have an id="submit", or the event_scripts won't work.
pwun_event_scripts('change', 'submitty', $pwun); //Doesn't work if an id="submit"
js_hash_scripts();
}//end Change_PWUN_Page() //****************************************************
//******************************************************************************
function Update_config($search_for, $replace_with, $search_file, $backup_file) {
global $_, $EX, $MESSAGE;
$search_file_OS = Convert_encoding($search_file);
$backup_file_OS = Convert_encoding($backup_file);
if ( !is_file($search_file_OS) ) {
$MESSAGE .= $EX.' <b>'.hsc($_['Not_found']).': </b>'.hsc($search_file).'<br>';
return false;
}
//Read file into an array for searching.
$search_lines = file($search_file_OS, FILE_IGNORE_NEW_LINES);
//Search start of each $line in (array)$search_lines for (string)$search_for.
//If match found, replace $line with $replace_with, end search.
$search_len = mb_strlen($search_for);
$found = false;
foreach ($search_lines as $key => $line) {
if ( mb_substr($line,0,$search_len) == $search_for ) {
$found = true;
$search_lines[$key] = $replace_with;
break 1; //only replace first occurrance of $search_for
}
}
//This should not happen, but just in case...
if (!$found){ $MESSAGE .= $EX.' <b>'.hsc($_['Not_found']).': </b>'.hsc($search_for).'<br>'; return false; }
copy($search_file_OS, $backup_file_OS); // Just in case...
$updated_contents = implode("\n", $search_lines);
if (file_put_contents($search_file_OS, $updated_contents, LOCK_EX) === false) {
$MESSAGE .= $EX.'<b>'.hsc($_['update_failed']).'</b><br>';
return false;
}else {return true;}
}//end Update_config() //*******************************************************
function Change_PWUN_response($PWUN, $msg) {//**********************************
//Update $USERNAME or $HASHWORD. Default $page = changepw or changeun
global $_, $ONESCRIPT, $USERNAME, $HASHWORD, $EX, $MESSAGE, $page,
$ONESCRIPT_file, $ONESCRIPT_file_backup, $CONFIG_FILE, $CONFIG_FILE_backup, $VALID_CONFIG_FILE;
// trim white-space from input values
$current_pass = trim($_POST['password']);
$new_pwun = trim($_POST['new1']);
$confirm_pwun = trim($_POST['new2']);
$error_msg = $EX.'<b>'.hsc($msg).'</b> ';
//If all fields are blank, do nothing.
if ( ($current_pass == "") && ($new_pwun == "") && ($confirm_pwun == "") ) {
return;
}
//If any field is blank...
elseif ( ($current_pass == "") || ($new_pwun == "") || ($confirm_pwun == "") ) {
$MESSAGE .= $error_msg.hsc($_['change_pw_07']).'<br>';
}
//If new & Confirm values don't match...
elseif ($new_pwun != $confirm_pwun) {
$MESSAGE .= $error_msg.hsc($_['change_pw_04']).'<br>';
}
//If incorrect current p/w, logout. (new == confirm at this point)
elseif (hashit($current_pass) != $HASHWORD) {
$MESSAGE .= $error_msg.'<br>'.hsc($_['change_pw_03']).'<br>';
Logout();
}
//Else change username or password
else {
if ($PWUN == "pw") {
$search_for = '$HASHWORD '; //include space after $HASHWORD
$replace_with = '$HASHWORD = "'.hashit($new_pwun).'";';
$success_msg = '<b>'.hsc($_['change_pw_01']).'</b>';
}else { //$PWUN = "un"
$search_for = '$USERNAME '; //include space after $USERNAME
$replace_with = '$USERNAME = "'.$new_pwun.'";';
$success_msg = '<b>'.hsc($_['change_un_01']).'</b>';
}
//If specified & it exists, update external config file.
if ( $VALID_CONFIG_FILE ) {
$MESSAGE .= hsc($_['change_pw_05']).' '.hsc($_['change_pw_06']).'. . . ';
$updated = Update_config($search_for, $replace_with, $CONFIG_FILE, $CONFIG_FILE_backup);
}else{ //Update OneFileCMS
$MESSAGE .= hsc($_['change_pw_05']).' OneFileCMS . . . ';
$updated = Update_config($search_for, $replace_with, $ONESCRIPT_file, $ONESCRIPT_file_backup);
}
if ($updated === false) { $MESSAGE .= $error_msg.'<br>'; }
else { $MESSAGE .= $success_msg.'<br>'; }
$page = "admin"; //Return to Admin page.
}
}//end Change_PWUN_response() //************************************************
function Logout() {//***********************************************************
global $page;
session_regenerate_id(true);
session_unset();
session_destroy();
session_write_close();
unset($_GET);
unset($_POST);
$_SESSION = array();
$_SESSION['valid'] = 0;
$page = 'login';
}//end Logout() //**************************************************************
function Login_Page() {//*******************************************************
global $_, $ONESCRIPT;
?>
<?php //preserve space for message_box even when there's no message. ?>
<style>#message_box {height: 3.1em;}</style>
<h2><?php echo hsc($_['Log_In']) ?></h2>
<form method="post" id="login_form" name="login_form" action="<?php echo $ONESCRIPT; ?>">
<label for ="username"><?php echo hsc($_['login_txt_01']) ?></label>
<input name="username" type="text" id="username">
<label for ="password"><?php echo hsc($_['login_txt_02']) ?></label>
<input name="password" type="password" id="password">
<input type="button" class="button" id="login" value="<?php echo hsc($_['Enter']) ?>">
</form>
<script>document.getElementById('username').focus();</script>
<?php
//Note: The "login" button above must NOT be of type="submit", NOR have an id="submit", or the event_scripts won't work.
pwun_event_scripts('login_form', 'login');
js_hash_scripts();
}//end Login_Page() //**********************************************************
function Login_response() {//***************************************************
global $_, $EX, $ONESCRIPT_file, $MESSAGE, $page, $USERNAME, $HASHWORD,
$LOGIN_ATTEMPTS, $MAX_ATTEMPTS, $LOGIN_DELAY, $LOGIN_DELAYED, $LOG_LOGINS, $LOGIN_LOG_file;
$_SESSION = array(); //make sure it's empty
$_SESSION['valid'] = 0; //Default to failed login.
$attempts = 0;
$elapsed = 0;
$LOGIN_ATTEMPTS = Convert_encoding($LOGIN_ATTEMPTS); //$LOGIN_ATTEMPTS only used for filesystem access.
$LOGIN_DELAYED = 0; //used to start Countdown at end of file
//Check for prior login attempts (but don't increment count just yet)
if (is_file($LOGIN_ATTEMPTS)) {
$attempts = (int)file_get_contents($LOGIN_ATTEMPTS);
$elapsed = time() - filemtime($LOGIN_ATTEMPTS);
}
if ($attempts > 0) { $MESSAGE .= '<b>'.hsc($_['login_msg_01a']).' '.$attempts.' '.hsc($_['login_msg_01b']).'</b><br>'; }
if ( ($attempts >= $MAX_ATTEMPTS) && ($elapsed < $LOGIN_DELAY) ){
$LOGIN_DELAYED = ($LOGIN_DELAY - $elapsed);
$MESSAGE .= hsc($_['login_msg_02a']).' <span id=timer0></span> '.hsc($_['login_msg_02b']);
return;
}
//Trim any incidental whitespace before validating.
$_POST['password'] = trim($_POST['password']);
$_POST['username'] = trim($_POST['username']);
//validate login.
if ( ($_POST['password'] == "") || ($_POST['username'] == "") ) {
return; //Ignore login attempt if either username or password is blank.
}elseif ( (hashit($_POST['password']) == $HASHWORD) && ($_POST['username'] == $USERNAME) ) {
session_regenerate_id(true);
$_SESSION['user_agent'] = $_SERVER['HTTP_USER_AGENT']; //for user consistancy check.
$_SESSION['valid'] = 1;
$page = "index";
if ( is_file($LOGIN_ATTEMPTS) ) { unlink($LOGIN_ATTEMPTS); } //delete count/file of $LOGIN_ATTEMPTS
}else{
file_put_contents($LOGIN_ATTEMPTS, ++$attempts); //increment attempts
$MESSAGE = $EX.'<b>'.hsc($_['login_msg_03']).$attempts.'</b><br>';
if ($attempts >= $MAX_ATTEMPTS) {
$LOGIN_DELAYED = $LOGIN_DELAY;
$MESSAGE .= hsc($_['login_msg_02a']).' <span id=timer0></span> '.hsc($_['login_msg_02b']);
}
}
//Log login attempts
if ($LOG_LOGINS) {
$log_file = Convert_encoding($LOGIN_LOG_file);
$pass_fail = $_SESSION['valid'].' ';
$timestamp = date("Y-m-d H:i:s").' ';
$client_IP = $_SERVER['REMOTE_ADDR'].' ';
$client_port = $_SERVER['REMOTE_PORT'].' ';
$client = '"'.$_SERVER['HTTP_USER_AGENT'].'"';
file_put_contents($log_file, $pass_fail.$timestamp.$client_IP.$client_port.$client."\n",FILE_APPEND);
}//
}//end Login_response() //******************************************************
function Create_Table_for_Listing() {//*****************************************
global$_, $ONEFILECMS, $ipath, $ipath_OS, $DOC_ROOT_OS, $ICONS, $TABINDEX, $ACCESS_ROOT;
//Header row: | Select All|[ ]|[X](folders first) Name (ext) | Size | Date |
$new_path = URLencode_path(dir_name($ipath)); //for "../" entry in dir list.
$new_path_OS = $DOC_ROOT_OS.dir_name($ipath_OS);//.dir_name($ipath_OS);
//<input hidden> is a dummy input to make sure files[] is always an array for Select_All() & Confirm_Ready().
?>
<INPUT TYPE=hidden NAME="files[]" VALUE="">
<?php //RE: $TABINDEX's below
// In order to have ['Name'] (it's background) expand to fill available space in header,
// (ext) is float'ed right, but has to be listed first, before ['Name'].
// However, tabindex's need to be in order as displayed, not in order as listed in source.
?>
<table class="index_T">
<tr>
<th colspan=3><LABEL for=select_all_ckbox id=select_all_label><?php echo hsc($_['Select_All']) ?></LABEL></th>
<th><div class=ckbox>
<INPUT id=select_all_ckbox tabindex=<?php echo $TABINDEX++ ?> TYPE=checkbox NAME=select_all VALUE=select_all>
</div>
</th>
<th class=file_name>
<div id=ff_ckbox_div class=ckbox>
<INPUT tabindex=<?php echo $TABINDEX++?> TYPE=checkbox id=folders_first_ckbox NAME=folders_first VALUE=folders_first checked>
</div>
<label for=folders_first_ckbox id=folders_first_label title="<?php echo hsc($_['folders_first_info']) ?>">
(<?php echo hsc($_['folders_first']) ?>)
</label>
<a tabindex=<?php echo ($TABINDEX + 1)?> href="#" id=header_sorttype>(<?php echo hsc($_['ext']) ?>)</a>
<a tabindex=<?php echo $TABINDEX++?> href="#" id=header_filename><?php echo hsc($_['Name']) ?></a>
<?php $TABINDEX++ // ?>
</th>
<th class=file_size><a tabindex=<?php echo $TABINDEX++?> href="#" id=header_filesize><?php echo hsc($_['Size']." (".$_['bytes'].")") ?></a></th>
<th class=file_time><a tabindex=<?php echo $TABINDEX++?> href="#" id=header_filedate><?php echo hsc($_['Date']) ?></a></th>
</tr>
<tr><?php // "../" directory entry ?>
<td colspan=4></td>
<td>
<?php if ($ipath == $ACCESS_ROOT) {
echo '<a id=f0c4 tabindex='.$TABINDEX++.'>&nbsp;</a>';
}
else {
echo '<a id=f0c4 tabindex='.$TABINDEX++.' href="'.$ONEFILECMS.'?i='.$new_path.'">'.$ICONS['up_dir'].' <b>..</b> /</a>'; //#### '.$ICONS['up_dir'].'
}
?> </td>
<td></td>
<td></td>
<tr>
<?php //Directory & footer content will be inserted later. ?>
<tbody id=DIRECTORY_LISTING></tbody>
<tr><td id=DIRECTORY_FOOTER colspan=7></td></tr>
</table>
<?php
}//Create_Table_for_Listing() //************************************************
function Get_DIRECTORY_DATA($raw_list) {//**************************************
global $_, $ONESCRIPT, $ipath, $ipath_OS, $param1, $ICONS, $MESSAGE,
$FTYPES, $FCLASSES, $EXCLUDED_LIST, $STYPES, $SHOWALLFILES,
$DIRECTORY_COUNT, $DIRECTORY_DATA, $ENC_OS;
//Doesn't use global $filename or $filename_OS in this function (because they shouldn't exist on the Index page)
//$filename below is JUST the file's name. In other functions, it's the full/path/filename
$DIRECTORY_COUNT = 0; //final count to exclude . & .., and possibly $excluded file names
foreach ($raw_list as $raw_filename) { //$raw_list is in server's File System encoding
if ( ($raw_filename == '.') || ($raw_filename == '..') ) {continue;}
$filename_OS = $ipath_OS.$raw_filename; //for is_dir() & file_exists() below
//Normalize filename encoding for general use & display. (UTF-8, which may not be same as the server's File System)
if ($ENC_OS == 'UTF-8') {$filename = $raw_filename;}
else {$filename = Convert_encoding($raw_filename,'UTF-8');}
//Get file .ext & check against $STYPES (files types to show)
$filename_parts = explode(".", mb_strtolower($filename));
//Check for no $ext: "filename" or ".filename"
$segments = count($filename_parts);
if( $segments === 1 || (($segments === 2) && ($filename_parts[0] === "")) ) {
$ext = '';
} else { $ext = end($filename_parts); }
//Check $filename & $ext against white & black lists. If not to be shown, get next $filename...
if (!is_dir($filename_OS)) {
if ($SHOWALLFILES || in_array($ext, $STYPES)) { $SHOWTYPE = TRUE; } else { $SHOWTYPE = FALSE; }
if (in_array($filename, $EXCLUDED_LIST)) { $excluded = TRUE; } else { $excluded = FALSE; }
if ( !$SHOWTYPE || in_array($filename, $EXCLUDED_LIST) ) { continue; }
}
//Used to hide rename & delete options for active copy of OneFileCMS.
$IS_OFCMS = 0;
if ( $ipath.$filename == trim($_SERVER['SCRIPT_NAME'], '/') ) { $IS_OFCMS = 1; }
//Set icon type based on if dir, or file type ($ext).
if (is_dir($filename_OS)) { $type = 'dir'; }
else { $type = $FCLASSES[array_search($ext, $FTYPES)]; }
//Determine icon to show
if (in_array($type,$FCLASSES)) { $icon = $ICONS[$type];}
elseif ($type == 'dir') { $icon = $ICONS['folder']; }
else { $icon = $ICONS['bin']; } //default
//Get file size & date.
$file_size_raw = filesize($filename_OS);
$file_time_raw = filemtime($filename_OS);
//Store data
$DIRECTORY_DATA[$DIRECTORY_COUNT] = array('', '', 0, 0, 0, '');
$DIRECTORY_DATA[$DIRECTORY_COUNT][0] = $type; //used to determine icon & f_or_f
$DIRECTORY_DATA[$DIRECTORY_COUNT][1] = $filename;
$DIRECTORY_DATA[$DIRECTORY_COUNT][2] = $file_size_raw;
$DIRECTORY_DATA[$DIRECTORY_COUNT][3] = $file_time_raw;
$DIRECTORY_DATA[$DIRECTORY_COUNT][4] = $IS_OFCMS; //If = 1, Don't show ren, del, ckbox.
$DIRECTORY_DATA[$DIRECTORY_COUNT][5] = $ext;
$DIRECTORY_COUNT++;
}//end foreach file
return $DIRECTORY_COUNT;
}//end Get_DIRECTORY_DATA() //**************************************************
function Send_directory_data_to_js() {//****************************************
global $DIRECTORY_DATA, $DIRECTORY_COUNT;
//"send" DIRECTORY_DATA to javascript.
$data_for_js = "<script>\n";
$row = 0; //index after filter of . & ..
for ($x = 0; $x < $DIRECTORY_COUNT; $x++) {
$filename = $DIRECTORY_DATA[$x][1];
if ( ($filename != '.') && ($filename != '..') ) {; // skip . & ..
$data_for_js .= 'DIRECTORY_DATA['.$row++.'] = [';
$data_for_js .= '"' .$DIRECTORY_DATA[$x][0].'"'; // "type"
$data_for_js .= ', "'.addslashes($DIRECTORY_DATA[$x][1]).'"'; // "file name"
$data_for_js .= ', ' .$DIRECTORY_DATA[$x][2]; // filesize
$data_for_js .= ', ' .$DIRECTORY_DATA[$x][3]; // timestamp
$data_for_js .= ', ' .$DIRECTORY_DATA[$x][4]; // is_ofcms
$data_for_js .= ', "'.addslashes($DIRECTORY_DATA[$x][5]).'"'; // "ext"
$data_for_js .= "];\n";
}//end skip . & ..
}//end for x
$data_for_js .= "var DIRECTORY_ITEMS = DIRECTORY_DATA.length;\n";
$data_for_js .= "</script>\n";
echo $data_for_js;
}//end Send_directory_data_to_js() {//******************************************
function Index_Page_buttons_top($file_count) {//********************************
global $_, $ONESCRIPT, $param1, $ICONS, $TABINDEX;
echo '<div id=index_page_buttons>'."\n";
echo '<div id=mcd_submit>'."\n";
if ($file_count > 0) {
$onclick_m = 'onclick="Confirm_Submit( \'move\'); "';
$onclick_c = 'onclick="Confirm_Submit( \'copy\'); "';
$onclick_d = 'onclick="Confirm_Submit( \'delete\' );"';
echo '<button id=b1 tabindex='.$TABINDEX++.' type=button '.$onclick_m.'>'.$ICONS['move' ].hsc($_['Move'] )."</button\n>";
echo '<button id=b2 tabindex='.$TABINDEX++.' type=button '.$onclick_c.'>'.$ICONS['copy' ].hsc($_['Copy'] )."</button\n>";
echo '<button id=b3 tabindex='.$TABINDEX++.' type=button '.$onclick_d.'>'.$ICONS['delete'].hsc($_['Delete'])."</button\n>";
}
echo '</div>'."\n"; //end mcd_submit
echo '<div class="front_links">'."\n";
echo '<a id=b4 tabindex='.$TABINDEX++.' href="'.$ONESCRIPT.$param1.'&amp;p=newfolder">'.$ICONS['folder_new'].hsc($_['New_Folder']) .'</a>';
echo '<a id=b5 tabindex='.$TABINDEX++.' href="'.$ONESCRIPT.$param1.'&amp;p=newfile">' .$ICONS['file_new'] .hsc($_['New_File']) .'</a>';
echo '<a id=b6 tabindex='.$TABINDEX++.' href="'.$ONESCRIPT.$param1.'&amp;p=upload">' .$ICONS['upload'] .hsc($_['Upload_File']).'</a>';
echo '</div>'; //end front_links
echo '</div>'."\n"; //end index_page_buttons
} //end Index_Page_buttons_top() //*********************************************
function Index_Page() {//*******************************************************
global $ONESCRIPT, $ipath_OS, $param1;
init_ICONS_js();
$raw_list = scandir('./'.$ipath_OS); //Get current directory list (unsorted)
$file_count = Get_DIRECTORY_DATA($raw_list);
//<form> to contain directory, including buttons at top.
echo '<form method="post" name="mcdselect" action="'.$ONESCRIPT.$param1.'&amp;p=mcdaction">';
echo '<input type="hidden" name="mcdaction" value="">'; //along with $page, affects response
Index_Page_buttons_top($file_count);
Create_Table_for_Listing(); //sets up table with empty <tbody></tbody>
echo "</form>\n";
Index_Page_scripts();
Send_directory_data_to_js();
Index_Page_events();
}//end Index_Page() //**********************************************************
function Edit_Page_buttons_top($text_editable,$file_ENC) {//********************
global $_, $ONESCRIPT, $param1, $param2, $filename, $filename_OS, $IS_OFCMS,
$WYSIWYG_VALID, $EDIT_WYSIWYG, $WYSIWYG_label, $MESSAGE;
clearstatcache ();
//[View Raw] button.
if ($text_editable) {
$view_raw_button = '<button type=button id=view_raw class=button>'.hsc('View Raw')."</button>\n";
} else {$view_raw_button = '';}
//[Wide View] / [Normal View] button. Label is what button will do, not an indicator the current state.
if ($_COOKIE['wide_view'] === "on") { $wv_label = hsc($_['Normal_View']); }
else { $wv_label = hsc($_['Wide_View']); }
$wide_view_button = "<button type=button id=wide_view class=button value={$_COOKIE['wide_view']}>$wv_label</button>\n";
//[Edit WYSIWYG] / [Edit Source] button.
$WYSIWYG_button = '';
if ($text_editable && $WYSIWYG_VALID && !$IS_OFCMS) { //Only show when needed/applicable
//Set current mode for Edit page, and label for [Edit WYSIWIG/Source] button
if ( isset($_COOKIE['edit_wysiwyg']) && ($_COOKIE['edit_wysiwyg'] == '1')) {
$EDIT_WYSIWYG = '1'; $WYSIWYG_label = $_['Source']; } //wysiwyg mode
else { $EDIT_WYSIWYG = '0'; $WYSIWYG_label = $_['WYSIWYG']; } //plain text mode
$WYSIWYG_button = '<button type=button id=edit_WYSIWYG class=button>';
$WYSIWYG_button .= hsc($_['Edit']).' '.hsc($WYSIWYG_label).'</button>';
}
//[Close] button
$close_button = '<button type=button id=close1 class=button>'.hsc($_['Close']).'</button>';
?>
<div class="edit_btns_top">
<div class="file_meta">
<span class="file_size">
<?php echo hsc($_['meta_txt_01']).' '.number_format(filesize($filename_OS)).' '.hsc($_['bytes']); ?>
</span> &nbsp;
<span class="file_time">
<?php echo hsc($_['meta_txt_03']).' <script>FileTimeStamp('.filemtime($filename_OS).', 1, 1, 1);</script>'; ?>
<?php echo '&nbsp; '.$file_ENC; ?>
</span><br>
</div>
<div class="buttons_right">
<?php echo $view_raw_button ?>
<?php echo $wide_view_button ?>
<?php echo $WYSIWYG_button ?>
<?php echo $close_button ?>
</div>
<div class=clear></div>
</div>
<?php
}//end Edit_Page_buttons_top() //***********************************************
function Edit_Page_buttons($text_editable, $too_large_to_edit) {//**************
global $_, $MESSAGE, $ICONS, $MAX_IDLE_TIME, $IS_OFCMS, $WYSIWYG_VALID, $EDIT_WYSIWYG;
//Using ckeditor WYSIWYG editor, <input type=reset> button doesn't work. (I don't know why.)
$reset_button = '<input type=reset id="reset" class=button value="'.hsc($_['reset']).'" onclick="return Reset_File();">';
if ($WYSIWYG_VALID && $EDIT_WYSIWYG) {$reset_button = '';}
echo '<div class="edit_btns_bottom">';
if ($text_editable && !$too_large_to_edit && !$IS_OFCMS) { //Show save & reset only if editable file
echo '<span id=timer1 class="timer"></span>';
echo '<button type="submit" class="button" id="save_file">'.hsc($_['save_1']).'</button>'; //Submit Button
echo $reset_button;
}//end if editable
function RCD_button($action, $icon, $label) {//***************
global $ICONS;
echo '<button type=button id="'.$action.'_btn" class="button RCD">'.$ICONS[$icon].'&nbsp;'.hsc($label).'</button>';
}//end RCD_button() //****************************************
//Don't show [Rename] or [Delete] if viewing OneFileCMS itself.
if (!$IS_OFCMS) { RCD_button('renamefile', 'ren_mov', $_['Ren_Move']); }
/*Always show Copy*/ { RCD_button('copyfile' , 'copy' , $_['Copy']); }
if (!$IS_OFCMS) { RCD_button('deletefile', 'delete' , $_['Delete']); }
echo '</div>';
}//end Edit_Page_buttons() //***************************************************
//******************************************************************************
function Edit_Page_form($ext, $text_editable, $too_large_to_edit, $too_large_to_view, $file_ENC){
global $_, $ONESCRIPT, $param1, $param2, $param3, $filename, $filename_OS, $ITYPES, $INPUT_NUONCE, $EX, $MESSAGE,
$FILECONTENTS, $WYSIWYG_VALID, $EDIT_WYSIWYG, $IS_OFCMS, $MAX_EDIT_SIZE, $MAX_VIEW_SIZE, $LINE_WRAP;
//Line-wrap on or off? $LINE_WRAP default value set in configuration section.
//Used to set initial value of on/off button below textarea. A default value is in config section.
if (isset($_COOKIE['line_wrap'])) {
if (($_COOKIE['line_wrap'] === "on") || ($_COOKIE['line_wrap'] === "off")) {
$LINE_WRAP = $_COOKIE['line_wrap'];
}
}
$too_large_to_edit_message =
'<b>'.hsc($_['too_large_to_edit_01']).' '.number_format($MAX_EDIT_SIZE).' '.hsc($_['bytes']).'</b><br>'.
hsc($_['too_large_to_edit_02']).'<br>'.hsc($_['too_large_to_edit_03']).'<br>'.hsc($_['too_large_to_edit_04']);
$too_large_to_view_message =
'<b>'.hsc($_['too_large_to_view_01']).' '.number_format($MAX_VIEW_SIZE).' '.hsc($_['bytes']).'</b><br>'.
hsc($_['too_large_to_view_02']).'<br>'.hsc($_['too_large_to_view_03']).'<br>';
echo "\n".'<form id=edit_form name=edit_form method=post action="'.$ONESCRIPT.$param1.$param2.$param3.'">'."\n";
echo $INPUT_NUONCE;
Edit_Page_buttons_top($text_editable, $file_ENC);
if ( !in_array( mb_strtolower($ext), $ITYPES) ) { //If non-image...
//Did htmlspecialchars return an empty string from a non-empty file?
$bad_chars = ( ($FILECONTENTS == "") && (filesize($filename_OS) > 0) );
if (!$text_editable) { $MESSAGE .= hsc($_['edit_txt_01']).'<br><br>'; }
elseif ( $text_editable && $too_large_to_view ) {
echo '<p class="message_box_contents">'.$too_large_to_view_message.'</p>';
} else {
if ($IS_OFCMS || $too_large_to_edit) {$readonly = "readonly";} else {$readonly = "";}
if ( $too_large_to_edit ) { $MESSAGE .= $too_large_to_edit_message; }
if ($bad_chars){ //Show message: may be a bad character in file
echo '<pre class="edit_disabled">'.$EX.hsc($_['edit_txt_02']).'<br>';
echo hsc($_['edit_txt_03']).'<br>';
echo hsc($_['edit_txt_04']).'<br></pre>'."\n";
}else{ //show editable <textarea>
//<input name=filename> is used only to signal an Edit_response().
echo '<input type=hidden name=filename value="'.rawurlencode($filename).'">';
echo "<div id=wrapper_linenums_editor>\n";
echo "<div id=line_numbers tabindex='-1'><div id=line_1>1</div><div id=line_0></div></div>\n";
echo "<textarea $readonly id=file_editor name=contents cols=70 rows=25>$FILECONTENTS</textarea>\n";
echo "</div>\n";
$wrap_on_off = hsc($_['Line_Wrap'])." ";
$wrap_on_off .= "<span id=w_on>" .hsc($_['on']) ."</span>/";
$wrap_on_off .= "<span id=w_off>".hsc($_['off'])."</span>";
echo "<button type=button class=button id=toggle_wrap name=toggle_wrap value=$LINE_WRAP>$wrap_on_off</button>";
}
}//end if/elseif...
}//end if non-image
Edit_Page_buttons($text_editable, $too_large_to_edit);
echo "\n</form>\n";
Edit_Page_scripts();
if ( !$IS_OFCMS && $text_editable && !$too_large_to_edit && !$bad_chars ) {Edit_Page_Notes();}
}//end Edit_Page_form() //******************************************************
function Edit_Page_Notes() {//**************************************************
global $_, $MAX_IDLE_TIME;
$SEC = $MAX_IDLE_TIME;
$HRS = floor($SEC/3600);
$SEC = fmod($SEC,3600);
$MIN = floor($SEC/60); if ($MIN < 10) { $MIN = "0".$MIN; };
$SEC = fmod($SEC,60); if ($SEC < 10) { $SEC = "0".$SEC; };
$HRS_MIN_SEC = $HRS.':'.$MIN.':'.$SEC;
?>
<div id="edit_notes">
<div class="notes"><?php echo hsc($_['edit_note_00']) ?></div>
<div class="notes"><b>1)
<?php echo hsc($_['edit_note_01a']).' $MAX_IDLE_TIME '.hsc($_['edit_note_01b']) ?>
<?php echo ' '.$HRS_MIN_SEC.'. '.hsc($_['edit_note_02']) ?></b>
</div>
<div class="notes"><b>2) </b> <?php echo hsc($_['edit_note_03']) ?></div>
</div>
<?php
}//end Edit_Page_Notes() //*****************************************************
function Edit_Page() {//********************************************************
global $_, $filename, $filename_OS, $FILECONTENTS, $ETYPES, $ITYPES, $EX, $MESSAGE, $page,
$MAX_EDIT_SIZE, $MAX_VIEW_SIZE, $WYSIWYG_VALID, $IS_OFCMS;
$filename_parts = explode(".", mb_strtolower($filename));
$ext = end($filename_parts);
//Determine if a text editable file type
if ( in_array($ext, $ETYPES) ) { $text_editable = TRUE; }
else { $text_editable = FALSE; }
$too_large_to_edit = (filesize($filename_OS) > $MAX_EDIT_SIZE);
$too_large_to_view = (filesize($filename_OS) > $MAX_VIEW_SIZE);
//Don't load $WYSIWYG_PLUGIN if not needed
if (!$text_editable || $too_large_to_edit) {$WYSIWYG_VALID = 0;}
//Get file contents
if (($text_editable && !$too_large_to_view) || $IS_OFCMS) {
$raw_contents = file_get_contents($filename_OS);
$file_ENC = mb_detect_encoding($raw_contents); //ASCII, UTF-8, ISO-8859-1, etc...
if ($file_ENC != 'UTF-8') { $raw_contents = mb_convert_encoding($raw_contents, 'UTF-8', $file_ENC); }
}else{
$file_ENC = "";
$raw_contents = "";
}
if (PHP_VERSION_ID < 50400) { $FILECONTENTS = hsc($raw_contents); }
else { $FILECONTENTS = htmlspecialchars($raw_contents,ENT_SUBSTITUTE | ENT_QUOTES, 'UTF-8'); }
if ($too_large_to_view || !$text_editable) { $header2 = "";}
elseif ($text_editable && !$too_large_to_edit && !$IS_OFCMS) { $header2 = hsc($_['edit_h2_2']); }
else { $header2 = hsc($_['edit_h2_1']); }
echo '<h2 id="edit_header">'.$header2.' ';
echo '<a class="h2_filename" href="/'.URLencode_path($filename).'" target="_blank" title="'.hsc($_['Open_View']).'">';
echo hsc(basename($filename)).'</a>';
echo '</h2>'."\n";
Edit_Page_form($ext, $text_editable, $too_large_to_edit, $too_large_to_view, $file_ENC);
if ( in_array( $ext, $ITYPES) ) { show_image(); } //If image, show below the [Rename/Move] [Copy] [Delete] buttons
echo '<div class=clear></div>';
//If viewing OneFileCMS itself, show Edit Disabled message.
if ($IS_OFCMS && $page == "edit") {
$MESSAGE .= '<style>.message_box_contents {background: red;}</style>';
$MESSAGE .= '<style>#message_box {color: white;} </style>';
$MESSAGE .= '<b>'.$EX.hsc($_['edit_caution_02']).' &nbsp; '.$_['edit_txt_00'].'</b><br>';
}
}//end Edit_Page() //***********************************************************
function Edit_response() {//***If on Edit page, and [Save] clicked *************
global $_, $EX, $MESSAGE, $filename, $filename_OS;
$contents = $_POST['contents'];
$contents = str_replace("\r\n", "\n", $contents); //Normalize EOL
$contents = str_replace("\r" , "\n", $contents); //Normalize EOL
$bytes = file_put_contents($filename_OS, $contents);
if ($bytes !== false) {
$MESSAGE .= '<b>'.hsc($_['edit_msg_01']).' '.number_format($bytes).' '.hsc($_['edit_msg_02']).'</b><br>';
}else{
$MESSAGE .= $EX.'<b>'.hsc($_['edit_msg_03']).'</b><br>';
}
}//end Edit_response() //*******************************************************
function Upload_Page() {//******************************************************
global $_, $ONESCRIPT, $ipath, $param1, $INPUT_NUONCE, $UPLOAD_FIELDS, $MAIN_WIDTH;
$max_file_uploads = ini_get('max_file_uploads');
if ($max_file_uploads < 1) { $max_file_uploads = $UPLOAD_FIELDS; }
if ($max_file_uploads < $UPLOAD_FIELDS) { $UPLOAD_FIELDS = $max_file_uploads; }
//$main_width is used below to determine size (width) of <input type=file> in FF.
$main_width = $MAIN_WIDTH * 1; //set in config section. Default is 810px.
$main_units = mb_substr($MAIN_WIDTH, -2); //should be px, pt, or em.
//convert to px. 16px = 12pt = 1em
if ( $main_units == "em") { $main_width = $main_width * 16 ; }
elseif ( $main_units == "pt") { $main_width = $main_width * (16 / 12); }
echo '<h2>'.hsc($_['Upload_File']).'</h2>';
echo '<p>';
echo hsc($_['upload_txt_03']).' '.ini_get('upload_max_filesize').' '.hsc($_['upload_txt_01']).'<br>';
echo hsc($_['upload_txt_04']).' '.ini_get('post_max_size') .' '.hsc($_['upload_txt_02']).'<br>';
echo '<form enctype="multipart/form-data" action="'.$ONESCRIPT.$param1.'&amp;p=uploaded" method="post">';
echo $INPUT_NUONCE;
echo '<div class="action"><LABEL>'.hsc($_['upload_txt_05']).'</LABEL></div>';
echo '<div class="ren_over">'; //So <LABEL>'s wrap w/o word breaks if $MAIN_WIDTH is narrow.
echo '<label><INPUT TYPE=radio NAME=ifexists VALUE=rename checked> '.hsc($_['upload_txt_06']).'</label>';
echo '<label><INPUT TYPE=radio NAME=ifexists VALUE=overwrite > '.hsc($_['upload_txt_07']).'</label>';
echo '</div>';
for ($x = 0; $x < $UPLOAD_FIELDS; $x++) {
//size attibute is for FF (and is not em, px, pt, or %).
//width attribute is for IE & Chrome, and can be set via css (in style_sheet()).
//In FF, width of <input type="file" size=1> is 121px. If size=2, width = 128, etc. The base value is 114px.
echo '<input type="file" name="upload_file[]" size="'.floor(($main_width - 114) / 7).'"><br>'."\n";
}
echo '<p>';
Cancel_Submit_Buttons($_['Upload']);
echo "\n</form>\n";
}//end Upload_Page() //*********************************************************
function Upload_response() {//**************************************************
global $_, $ipath, $ipath_OS, $page, $EX, $MESSAGE, $UPLOAD_FIELDS;
$page = "index"; //return to index.
$filecount = 0;
foreach ($_FILES['upload_file']['name'] as $N => $name) {
if ($name == "") { continue; } //ignore empty upload fields
$filecount++;
$filename_up = $ipath.$_FILES['upload_file']['name'][$N]; //just filename, no path.
$filename_OS = Convert_encoding($filename_up);
$savefile_msg = '';
$MAXUP1 = ini_get('upload_max_filesize');
//$MAXUP2 = ''; //number_format($_POST['MAX_FILE_SIZE']).' '.hsc($_['bytes']);
$ERROR = $_FILES['upload_file']['error'][$N];
if ( $ERROR == 1 ){ $ERRMSG = hsc($_['upload_err_01']).' upload_max_filesize = '.$MAXUP1;}
elseif (($ERROR > 1) && ($ERROR < 9)) { $ERRMSG = hsc($_['upload_err_0'.$ERROR]); }
else { $ERRMSG = ''; }
if ( ($ipath === false) || (($ipath != "") && !is_dir($ipath_OS))) {
$MESSAGE .= $EX.'<b>'.hsc($_['upload_msg_02']).'</b><br>';
$MESSAGE .= '<span class="filename">'.hsc($ipath).'</span></b><br>';
$MESSAGE .= hsc($_['upload_msg_03']).'</b><br>';
}else{
$MESSAGE .= '<b>'.hsc($_['upload_msg_04']).'</b> <span class="filename">'.hsc(basename($filename_up)).'</span><br>';
if ( isset($_POST['ifexists']) && ($_POST['ifexists'] == 'overwrite') ) {
if (is_file($filename_OS)) { $savefile_msg .= hsc($_['upload_msg_07']) ; }
}else{ //rename to "file.etc.001" etc...
$filename_up = add_serial_num($filename_up, $savefile_msg);
}
$filename_OS = Convert_encoding($filename_up);
if(move_uploaded_file($_FILES['upload_file']['tmp_name'][$N], $filename_OS)) {
$MESSAGE .= '<b>'.hsc($_['upload_msg_05']).'</b> '.$savefile_msg.'<br>';
} else{
$MESSAGE .= '<b>'.$EX.hsc($_['upload_msg_06']).'</b> '.$ERRMSG.'</b><br>';
}
}
}//end foreach $_FILES
if ($filecount == 0) { $page = "upload"; } //If nothing selected, just reload Upload page.
}//end Upload_response() //*****************************************************
function New_Page($title, $new_f_or_f) {//**********************************************
global $_, $FORM_COMMON, $INVALID_CHARS;
echo '<h2>'.hsc($title).'</h2>';
echo $FORM_COMMON;
echo '<p>'.hsc($_['new_file_txt_01'].' '.$_['new_file_txt_02']);
echo '<span class="mono"> '.hsc($INVALID_CHARS).'</span></p>';
echo '<input type="text" name="'.$new_f_or_f.'" id="'.$new_f_or_f.'" value=""><p>';
Cancel_Submit_Buttons($_['Create']);
echo "\n</form>\n";
}//end New_Page() //************************************************************
function New_response($post, $isfile) {//***************************************
global $_, $ipath, $ipath_OS, $filename, $filename_OS, $page, $param1, $param2, $param3, $MESSAGE, $EX, $INVALID_CHARS, $WHSPC_SLASH;
$page = "index"; //Return to index if folder, or on error.
$new_name = trim($_POST[$post], $WHSPC_SLASH); //Trim whitespace & slashes.
$filename = $ipath.$new_name;
$filename_OS = Convert_encoding($filename);
if ($isfile) { $f_or_f = "file"; }
else { $f_or_f = "folder"; }
$msg_new = '<span class="filename">'.hsc($new_name).'</span><br>';
if (has_invalid_char($new_name)){
$MESSAGE .= $EX.'<b>'.hsc($_['new_file_msg_01']).'</b> '.$msg_new;
$MESSAGE .= '<b>'.hsc($_['new_file_msg_02']).'<span class="mono"> '.hsc($INVALID_CHARS).'</span></b>';
}elseif ($new_name == ""){ //No new name given.
$page = "new".$f_or_f;
$param3 = '&amp;p=index'; //For [Cancel] button
}elseif (file_exists($filename_OS)) { //Does file or folder already exist ?
$MESSAGE .= $EX.'<b>'.hsc($_['new_file_msg_04']).' '.$msg_new;
}elseif ($isfile && touch($filename_OS) ) { //Create File
$MESSAGE .= '<b>'.hsc($_['new_file_msg_05']).'</b> '.$msg_new; //New File success.
$page = "edit"; //Return to edit page.
$param2 = '&amp;f='.rawurlencode(basename($filename)); //for Edit_Page() buttons
$param3 = '&amp;p=edit'; //for Edit_Page() buttons
}elseif (!$isfile && mkdir($filename_OS,0755)) { //Create Folder
$MESSAGE .= '<b>'.hsc($_['new_file_msg_07']).'</b> '.$msg_new; //New folder success
$ipath = $filename; //return to new folder
$ipath_OS = Convert_encoding($filename);
$param1 = '?i='.URLencode_path($ipath);
}else{
$MESSAGE .= $EX.'<b>'.hsc($_['new_file_msg_01']).':</b><br>'.$msg_new; //'Error - new file not created:'
}
}//end New_response() //********************************************************
function Set_Input_width() {//**************************************************
global $_, $WEB_ROOT, $MAIN_WIDTH, $ACCESS_ROOT;
// (width of <input type=text>) = $MAIN_WIDTH - (Width of <label>) - (width of <span>$WEB_ROOT</span>)
// $MAIN_WIDTH: Set in config section, may be in em, px, pt, or %. Ignoring % for now.
// Width of 1 character = .625em = 10px = 7.5pt (1em = 16px = 12pt)
$main_units = mb_substr($MAIN_WIDTH, -2);
$main_width = $MAIN_WIDTH * 1;
$root_width = mb_strlen($WEB_ROOT.$ACCESS_ROOT);
$label_width = mb_strlen($_['New_Location']);
//convert to em
$root_width *= .625;
$label_width *= .625;
if ( $main_units == "px") { $main_width = $main_width / 16 ; }
elseif ( $main_units == "pt") { $main_width = $main_width / 12 ; }
//The .4 at the end is needed for some rounding erros above. Or something... I don't know.
$input_type_text_width = ($main_width - $label_width - $root_width - .4).'em';
echo '<style>input[type="text"] {width: '.$input_type_text_width.';}';
echo 'label {display: inline-block; width: '.$label_width.'em; }</style>';
}//end Set_Input_width() //*****************************************************
function CRM_Page($action, $title, $action_id, $old_full_name) {//*******************
//$action = 'Copy' or 'Rename'.
//$action_id = 'copy_file' or 'rename_file'
global $_, $WEB_ROOT, $ipath, $param1, $filename, $FORM_COMMON, $ACCESS_ROOT, $ACCESS_PATH;
$new_full_name = $old_full_name; //default
if (is_dir(Convert_encoding($old_full_name))) {
$param1 = '?i='.dir_name($ipath); //If dir, return to parent on [Cancel]
$ACCESS_PATH = dir_name($ACCESS_PATH);
}
Set_Input_width();
echo '<h2>'.hsc($action.' '.$title).'</h2>';
echo $FORM_COMMON;
echo '<input type="hidden" name="'.hsc($action_id).'" value="'.hsc($action_id).'">';
echo '<input type="hidden" name=old_full_name value="'.hsc($old_full_name).'">';
echo '<label>'.hsc($_['CRM_txt_04']).':</label>';
echo '<input type=text name=new_name id=new_name value="'.hsc(basename($new_full_name)).'"><br>';
echo '<label>'.hsc($_['New_Location']).':</label>';
echo '<span class="web_root">'.hsc($WEB_ROOT.$ACCESS_ROOT).'</span>';
echo '<input type=text name=new_location id=new_location value="'.hsc($ACCESS_PATH).'"><br>';
echo '('.hsc($_['CRM_txt_02']).')<p>';
Cancel_Submit_Buttons($action);
echo "\n</form>\n";
}//end CRM_Page() //************************************************************
function CRM_response($action, $msg1, $show_message = 3) {//********************
//$action = 'rCopy' or 'rename'. Returns 0 if successful, 1 on error.
//$show_message: 0 = none; 1 = errors only; 2 = successes only; 3 = all messages (default).
global $_, $ONESCRIPT, $ipath, $ipath_OS, $filename, $page, $param1, $param2, $param3,
$MESSAGE, $EX, $INVALID_CHARS, $WHSPC_SLASH;
$old_full_name = trim($_POST['old_full_name'], $WHSPC_SLASH); //Trim whitespace & slashes.
$new_name_only = trim($_POST['new_name'], $WHSPC_SLASH);
$new_location = trim($_POST['new_location'], $WHSPC_SLASH);
if ($new_location != "") { $new_location .= '/'; }
$new_full_name = $new_location.$new_name_only;
$filename = $old_full_name; //default if error.
//for function calls that access the server file system, such as rCopy, rename, file_exists, etc...
$old_full_name_OS = Convert_encoding($old_full_name);
$new_full_name_OS = Convert_encoding($new_full_name);
$new_location_OS = Convert_encoding($new_location);
$isfile = 0; if (is_file($old_full_name_OS)) { $isfile = 1;} //File or folder?
//Common message lines
$com_msg = '<div id="message_left">'.hsc($_['From']).'<br>'.hsc($_['To']).'</div>';
$com_msg .= '<b>: </b><span class="filename">'.hsc($old_full_name).'</span><br>';
$com_msg .= '<b>: </b><span class="filename">'.hsc($new_full_name).'</span><br>';
$bad_name = ""; //bad file or folder name (can be either old_ or new_)
$err_msg = ''; //Error message.
$scs_msg = ''; //Success message.
$error_code = 0; //1 = success (no error), 0 = an error. Used for return value.