<?

php
/*
* webadmin.php - a simple Web-based file manager
* Copyright (C) 2004 Daniel Wacker <daniel.wacker@web.de>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
*
* ------------------------------------------------------------------------* While using this script, do NOT navigate with your browser's back and
* forward buttons! Always open files in a new browser tab!
* ------------------------------------------------------------------------*
* This is Version 0.9, revision 10
* =========================================================================
*
* Changes of revision 10
* <alex-smirnov@web.de>
*
added Russian translation
* <daniel.wacker@web.de>
*
added </td> to achieve valid XHTML (thanks to Marc Magos)
*
improved delete function
* <ava@asl.se>
*
new list order: folders first
*
* Changes of revision 9
* <daniel.wacker@web.de>
*
added workaround for directory listing, if lstat() is disabled
*
fixed permisson of uploaded files (thanks to Stephan Duffner)
*
* Changes of revision 8
* <okankan@stud.sdu.edu.tr>
*
added Turkish translation
* <j@kub.cz>
*
added Czech translation
* <daniel.wacker@web.de>
*
improved charset handling
*
* Changes of revision 7
* <szuniga@vtr.net>
*
added Spanish translation
* <lars@soelgaard.net>
*
added Danish translation
* <daniel.wacker@web.de>
*
improved rename dialog
*
* Changes of revision 6

*
*
*
*
*
*
*
*
*
*
*
*
*
*
*
*
*
*
*
*
*
*
*
*
*
*
*
*
*
*
*
*
*
*
*
*
*
*
*
*
*
*
*
*
/*

<nederkoorn@tiscali.nl>
added Dutch translation

/*
*
*
*
*
*
*
*
*
*
*
*

Your
'en'
'de'
'fr'
'it'
'nl'
'se'
'sp'
'dk'
'tr'
'cs'
'ru'

Changes of revision 5
<daniel.wacker@web.de>
added language auto select
fixed symlinks in directory listing
removed word-wrap in edit textarea
Changes of revision 4
<daloan@guideo.fr>
added French translation
<anders@wiik.cc>
added Swedish translation
Changes of revision 3
<nzunta@gabriele-erba.it>
improved Italian translation
Changes of revision 2
<daniel.wacker@web.de>
got images work in some old browsers
fixed creation of directories
fixed files deletion
improved path handling
added missing word 'not_created'
<till@tuxen.de>
improved human readability of file sizes
<nzunta@gabriele-erba.it>
added Italian translation
Changes of revision 1
<daniel.wacker@web.de>
webadmin.php completely rewritten:
- clean XHTML/CSS output
- several files selectable
- support for windows servers
- no more treeview, because
- webadmin.php is a >simple< file manager
- performance problems (too much additional code)
- I don't like: frames, java-script, to reload after every treeview-click
- execution of shell scripts
- introduced revision numbers
------------------------------------------------------------------------- */
language:
- English
- German
- French
- Italian
- Dutch
- Swedish
- Spanish
- Danish
- Turkish
- Czech
- Russian

* 'auto' - autoselect
*/
$lang = 'auto';
/* Charset of output:
* possible values are described in the charset table at
* http://www.php.net/manual/en/function.htmlentities.php
* 'auto' - use the same charset as the words of my language are encoded
*/
$site_charset = 'auto';
/* Homedir:
* For example: './' - the script's directory
*/
$homedir = './';
/* Size of the edit textarea
*/
$editcols = 80;
$editrows = 25;
/* ------------------------------------------* Optional configuration (remove # to enable)
*/
/* Permission of created directories:
* For example: 0705 would be 'drwx---r-x'.
*/
# $dirpermission = 0705;
/* Permission of created files:
* For example: 0604 would be '-rw----r--'.
*/
# $filepermission = 0604;
/* Filenames related to the apache web server:
*/
$htaccess = '.htaccess';
$htpasswd = '.htpasswd';
/* ------------------------------------------------------------------------- */
if (get_magic_quotes_gpc()) {
array_walk($_GET, 'strip');
array_walk($_POST, 'strip');
array_walk($_REQUEST, 'strip');
}
if (array_key_exists('image', $_GET)) {
header('Content-Type: image/gif');
die(getimage($_GET['image']));
}
if (!function_exists('lstat')) {
function lstat ($filename) {
return stat($filename);
}
}

$delim = DIRECTORY_SEPARATOR;
if (function_exists('php_uname')) {
$win = (strtoupper(substr(PHP_OS, 0, 3)) === 'WIN') ? true : false;
} else {
$win = ($delim == '\') ? true : false;
}
if (!empty($_SERVER['PATH_TRANSLATED'])) {
$scriptdir = dirname($_SERVER['PATH_TRANSLATED']);
} elseif (!empty($_SERVER['SCRIPT_FILENAME'])) {
$scriptdir = dirname($_SERVER['SCRIPT_FILENAME']);
} elseif (function_exists('getcwd')) {
$scriptdir = getcwd();
} else {
$scriptdir = '.';
}
$homedir = relative2absolute($homedir, $scriptdir);
$dir = (array_key_exists('dir', $_REQUEST)) ? $_REQUEST['dir'] : $homedir;
if (array_key_exists('olddir', $_POST) && !path_is_relative($_POST['olddir'])) {
$dir = relative2absolute($dir, $_POST['olddir']);
}
$directory = simplify_path(addslash($dir));
$files = array();
$action = '';
if (!empty($_POST['submit_all'])) {
$action = $_POST['action_all'];
for ($i = 0; $i < $_POST['num']; $i++) {
if (array_key_exists("checked$i", $_POST) && $_POST["checked$i"] ==
'true') {
$files[] = $_POST["file$i"];
}
}
} elseif (!empty($_REQUEST['action'])) {
$action = $_REQUEST['action'];
$files[] = relative2absolute($_REQUEST['file'], $directory);
} elseif (!empty($_POST['submit_upload']) && !empty($_FILES['upload']['name'])) {
$files[] = $_FILES['upload'];
$action = 'upload';
} elseif (array_key_exists('num', $_POST)) {
for ($i = 0; $i < $_POST['num']; $i++) {
if (array_key_exists("submit$i", $_POST)) break;
}
if ($i < $_POST['num']) {
$action = $_POST["action$i"];
$files[] = $_POST["file$i"];
}
}
if (empty($action) && (!empty($_POST['submit_create']) ||
(array_key_exists('focus', $_POST) && $_POST['focus'] == 'create')) && !
empty($_POST['create_name'])) {
$files[] = relative2absolute($_POST['create_name'], $directory);
switch ($_POST['create_type']) {

case 'directory':
$action = 'create_directory';
break;
case 'file':
$action = 'create_file';
}

}
if (sizeof($files) == 0) $action = ''; else $file = reset($files);
if ($lang == 'auto') {
if (array_key_exists('HTTP_ACCEPT_LANGUAGE', $_SERVER) &&
strlen($_SERVER['HTTP_ACCEPT_LANGUAGE']) >= 2) {
$lang = substr($_SERVER['HTTP_ACCEPT_LANGUAGE'], 0, 2);
} else {
$lang = 'en';
}
}
$words = getwords($lang);
if ($site_charset == 'auto') {
$site_charset = $word_charset;
}
$cols = ($win) ? 4 : 7;
if (!isset($dirpermission)) {
$dirpermission = (function_exists('umask')) ? (0777 & ~umask()) : 0755;
}
if (!isset($filepermission)) {
$filepermission = (function_exists('umask')) ? (0666 & ~umask()) : 0644;
}
if (!empty($_SERVER['SCRIPT_NAME'])) {
$self = html(basename($_SERVER['SCRIPT_NAME']));
} elseif (!empty($_SERVER['PHP_SELF'])) {
$self = html(basename($_SERVER['PHP_SELF']));
} else {
$self = '';
}
if (!empty($_SERVER['SERVER_SOFTWARE'])) {
if (strtolower(substr($_SERVER['SERVER_SOFTWARE'], 0, 6)) == 'apache') {
$apache = true;
} else {
$apache = false;
}
} else {
$apache = true;
}
switch ($action) {
case 'view':
if (is_script($file)) {
/* highlight_file is a mess! */

ob_start();
highlight_file($file);
$src = ereg_replace('<font color="([^"]*)">', '<span style="color:
">', ob_get_contents());
$src = str_replace(array('</font>', "\r", "\n"), array('</span>', '',
''), $src);
ob_end_clean();

'</h2>

html_header();
echo '<h2 style="text-align: left; margin-bottom: 0">' . html($file) .

<hr />
<table>
<tr>
<td style="text-align: right; vertical-align: top; color: gray; padding-right:
3pt; border-right: 1px solid gray">
<pre style="margin-top: 0"><code>';
for ($i = 1; $i <= sizeof(file($file)); $i++) echo "$i\n";
echo '</code></pre>
</td>
<td style="text-align: left; vertical-align: top; padding-left: 3pt">
<pre style="margin-top: 0">' . $src . '</pre>
</td>
</tr>
</table>
';
html_footer();
} else {
header('Content-Type: ' . getmimetype($file));
header('Content-Disposition: filename=' . basename($file));
readfile($file);
}
break;
case 'download':

';');

header('Pragma: public');
header('Expires: 0');
header('Cache-Control: must-revalidate, post-check=0, pre-check=0');
header('Content-Type: ' . getmimetype($file));
header('Content-Disposition: attachment; filename=' . basename($file) .
header('Content-Length: ' . filesize($file));
readfile($file);
break;

case 'upload':
$dest = relative2absolute($file['name'], $directory);
if (@file_exists($dest)) {
listing_page(error('already_exists', $dest));
} elseif (@move_uploaded_file($file['tmp_name'], $dest)) {
@chmod($dest, $filepermission);
listing_page(notice('uploaded', $file['name']));
} else {
listing_page(error('not_uploaded', $file['name']));
}
break;
case 'create_directory':
if (@file_exists($file)) {
listing_page(error('already_exists', $file));
} else {
$old = @umask(0777 & ~$dirpermission);
if (@mkdir($file, $dirpermission)) {
listing_page(notice('created', $file));
} else {
listing_page(error('not_created', $file));
}
@umask($old);
}
break;
case 'create_file':
if (@file_exists($file)) {
listing_page(error('already_exists', $file));
} else {
$old = @umask(0777 & ~$filepermission);
if (@touch($file)) {
edit($file);
} else {
listing_page(error('not_created', $file));
}
@umask($old);
}
break;
case 'execute':
chdir(dirname($file));
$output = array();
$retval = 0;
exec('echo "./' . basename($file) . '" | /bin/sh', $output, $retval);
$error = ($retval == 0) ? false : true;

if (sizeof($output) == 0) $output = array('<' . $words['no_output'] . '>');
if ($error) {
listing_page(error('not_executed', $file, implode("\n", $output)));
} else {
listing_page(notice('executed', $file, implode("\n", $output)));
}
break;
case 'delete':
if (!empty($_POST['no'])) {
listing_page();
} elseif (!empty($_POST['yes'])) {
$failure = array();
$success = array();
foreach ($files as $file) {
if (del($file)) {
$success[] = $file;
} else {
$failure[] = $file;
}
}
$message = '';
if (sizeof($failure) > 0) {
$message = error('not_deleted', implode("\n", $failure));
}
if (sizeof($success) > 0) {
$message .= notice('deleted', implode("\n", $success));
}
listing_page($message);
} else {
html_header();
echo '<form action="' . $self . '" method="post">
<table class="dialog">
<tr>
<td class="dialog">
';
request_dump();
<p>

echo "\t<b>" . word('really_delete') . '</b>

';
foreach ($files as $file) {
echo "\t" . html($file) . "<br />\n";
}
echo '

</p>

<hr />
<input type="submit" name="no" value="' . word('no') . '" id="red_button" />
<input type="submit" name="yes" value="' . word('yes') . '"
id="green_button" style="margin-left: 50px" />
</td>
</tr>
</table>
</form>
';
html_footer();
}
break;
case 'rename':
if (!empty($_POST['destination'])) {
$dest = relative2absolute($_POST['destination'], $directory);
if (!@file_exists($dest) && @rename($file, $dest)) {
listing_page(notice('renamed', $file, $dest));
} else {
listing_page(error('not_renamed', $file, $dest));
}
} else {
$name = basename($file);
html_header();
echo '<form action="' . $self . '" method="post">
<table class="dialog">
<tr>
<td class="dialog">
<input type="hidden" name="action" value="rename" />
<input type="hidden" name="file" value="' . html($file) . '" />
<input type="hidden" name="dir" value="' . html($directory) . '" />
<b>' . word('rename_file') . '</b>
<p>' . html($file) . '</p>
<b>' . substr($file, 0, strlen($file) - strlen($name)) . '</b>
<input type="text" name="destination" size="' . textfieldsize($name) . '"
value="' . html($name) . '" />
<hr />
<input type="submit" value="' . word('rename') . '" />
</td>
</tr>
</table>
<p><a href="' . $self . '?dir=' . urlencode($directory) . '">[ ' . word('back') .
' ]</a></p>
</form>

';
html_footer();
}
break;
case 'move':
if (!empty($_POST['destination'])) {
$dest = relative2absolute($_POST['destination'], $directory);
$failure = array();
$success = array();
foreach ($files as $file) {
$filename = substr($file, strlen($directory));
$d = $dest . $filename;
if (!@file_exists($d) && @rename($file, $d)) {
$success[] = $file;
} else {
$failure[] = $file;
}
}
$message = '';
if (sizeof($failure) > 0) {
$message = error('not_moved', implode("\n", $failure), $dest);
}
if (sizeof($success) > 0) {
$message .= notice('moved', implode("\n", $success), $dest);
}
listing_page($message);
} else {
html_header();
echo '<form action="' . $self . '" method="post">
<table class="dialog">
<tr>
<td class="dialog">
';
request_dump();
<p>

echo "\t<b>" . word('move_files') . '</b>

';
foreach ($files as $file) {
echo "\t" . html($file) . "<br />\n";
}

echo '
</p>
<hr />
' . word('destination') . ':
<input type="text" name="destination" size="' . textfieldsize($directory) .
'" value="' . html($directory) . '" />
<input type="submit" value="' . word('move') . '" />
</td>
</tr>
</table>
<p><a href="' . $self . '?dir=' . urlencode($directory) . '">[ ' . word('back') .
' ]</a></p>
</form>
';
html_footer();
}
break;
case 'copy':
if (!empty($_POST['destination'])) {
$dest = relative2absolute($_POST['destination'], $directory);
if (@is_dir($dest)) {
$failure = array();
$success = array();
foreach ($files as $file) {
$filename = substr($file, strlen($directory));
$d = addslash($dest) . $filename;
if (!@is_dir($file) && !@file_exists($d) && @copy($file,
$d)) {

}

$success[] = $file;
} else {
$failure[] = $file;
}

$message = '';
if (sizeof($failure) > 0) {
$message = error('not_copied', implode("\n", $failure),
$dest);

$dest);

}
if (sizeof($success) > 0) {
$message .= notice('copied', implode("\n", $success),
}
listing_page($message);

} else {
if (!@file_exists($dest) && @copy($file, $dest)) {
listing_page(notice('copied', $file, $dest));
} else {
listing_page(error('not_copied', $file, $dest));
}
}
} else {
html_header();
echo '<form action="' . $self . '" method="post">
<table class="dialog">
<tr>
<td class="dialog">
';
request_dump();
<p>

echo "\n<b>" . word('copy_files') . '</b>

';
foreach ($files as $file) {
echo "\t" . html($file) . "<br />\n";
}
echo '
</p>
<hr />
' . word('destination') . ':
<input type="text" name="destination" size="' . textfieldsize($directory) .
'" value="' . html($directory) . '" />
<input type="submit" value="' . word('copy') . '" />
</td>
</tr>
</table>
<p><a href="' . $self . '?dir=' . urlencode($directory) . '">[ ' . word('back') .
' ]</a></p>
</form>
';
html_footer();
}
break;
case 'create_symlink':
if (!empty($_POST['destination'])) {

$dest = relative2absolute($_POST['destination'], $directory);
if (substr($dest, -1, 1) == $delim) $dest .= basename($file);
if (!empty($_POST['relative'])) $file =
absolute2relative(addslash(dirname($dest)), $file);
if (!@file_exists($dest) && @symlink($file, $dest)) {
listing_page(notice('symlinked', $file, $dest));
} else {
listing_page(error('not_symlinked', $file, $dest));
}
} else {
html_header();
echo '<form action="' . $self . '" method="post">
<table class="dialog" id="symlink">
<tr>
<td style="vertical-align: top">' . word('destination') . ': </td>
<td>
<b>' . html($file) . '</b><br />
<input type="checkbox" name="relative" value="yes"
id="checkbox_relative" checked="checked" style="margin-top: 1ex" />
<label for="checkbox_relative">' . word('relative') . '</label>
<input type="hidden" name="action" value="create_symlink" />
<input type="hidden" name="file" value="' . html($file) . '" />
<input type="hidden" name="dir" value="' . html($directory) . '" />
</td>
</tr>
<tr>
<td>' . word('symlink') . ': </td>
<td>
<input type="text" name="destination" size="' .
textfieldsize($directory) . '" value="' . html($directory) . '" />
<input type="submit" value="' . word('create_symlink') . '" />
</td>
</tr>
</table>
<p><a href="' . $self . '?dir=' . urlencode($directory) . '">[ ' . word('back') .
' ]</a></p>
</form>
';
html_footer();
}
break;
case 'edit':
if (!empty($_POST['save'])) {

$content = str_replace("\r\n", "\n", $_POST['content']);
if (($f = @fopen($file, 'w')) && @fwrite($f, $content) !== false &&
@fclose($f)) {
listing_page(notice('saved', $file));
} else {
listing_page(error('not_saved', $file));
}
} else {
if (@is_readable($file) && @is_writable($file)) {
edit($file);
} else {
listing_page(error('not_edited', $file));
}
}
break;
case 'permission':
if (!empty($_POST['set'])) {
$mode = 0;
if (!empty($_POST['ur'])) $mode |=
$mode |= 0200; if (!empty($_POST['ux'])) $mode
if (!empty($_POST['gr'])) $mode |=
$mode |= 0020; if (!empty($_POST['gx'])) $mode
if (!empty($_POST['or'])) $mode |=
$mode |= 0002; if (!empty($_POST['ox'])) $mode

0400; if (!empty($_POST['uw']))
|= 0100;
0040; if (!empty($_POST['gw']))
|= 0010;
0004; if (!empty($_POST['ow']))
|= 0001;

if (@chmod($file, $mode)) {
listing_page(notice('permission_set', $file, decoct($mode)));
} else {
listing_page(error('permission_not_set', $file, decoct($mode)));
}
} else {
html_header();
$mode = fileperms($file);
echo '<form action="' . $self . '" method="post">
<table class="dialog">
<tr>
<td class="dialog">
<p style="margin: 0">' . phrase('permission_for', $file) . '</p>
<hr />
<table id="permission">
<tr>

</tr>
<tr>

echo
echo
echo

echo
echo
echo

echo
echo
echo

<td></td>
<td style="border-right: 1px solid black">' . word('owner') . '</td>
<td style="border-right: 1px solid black">' . word('group') . '</td>
<td>' . word('other') . '</td>

<td style="text-align: right">' . word('read') . ':</td>
<td><input type="checkbox" name="ur" value="1"'; if ($mode &
' checked="checked"'; echo ' /></td>
<td><input type="checkbox" name="gr" value="1"'; if ($mode &
' checked="checked"'; echo ' /></td>
<td><input type="checkbox" name="or" value="1"'; if ($mode &
' checked="checked"'; echo ' /></td>
</tr>
<tr>
<td style="text-align: right">' . word('write') . ':</td>
<td><input type="checkbox" name="uw" value="1"'; if ($mode &
' checked="checked"'; echo ' /></td>
<td><input type="checkbox" name="gw" value="1"'; if ($mode &
' checked="checked"'; echo ' /></td>
<td><input type="checkbox" name="ow" value="1"'; if ($mode &
' checked="checked"'; echo ' /></td>
</tr>
<tr>
<td style="text-align: right">' . word('execute') . ':</td>
<td><input type="checkbox" name="ux" value="1"'; if ($mode &
' checked="checked"'; echo ' /></td>
<td><input type="checkbox" name="gx" value="1"'; if ($mode &
' checked="checked"'; echo ' /></td>
<td><input type="checkbox" name="ox" value="1"'; if ($mode &
' checked="checked"'; echo ' /></td>
</tr>
</table>

00400)
00040)
00004)

00200)
00020)
00002)

00100)
00010)
00001)

<hr />
<input type="submit" name="set" value="' . word('set') . '" />
<input type="hidden" name="action" value="permission" />
<input type="hidden" name="file" value="' . html($file) . '" />
<input type="hidden" name="dir" value="' . html($directory) . '" />
</td>
</tr>
</table>
<p><a href="' . $self . '?dir=' . urlencode($directory) . '">[ ' . word('back') .
' ]</a></p>
</form>
';
html_footer();
}
break;

default:
listing_page();
}
/* ------------------------------------------------------------------------- */
function getlist ($directory) {
global $delim, $win;
if ($d = @opendir($directory)) {
while (($filename = @readdir($d)) !== false) {
$path = $directory . $filename;
if ($stat = @lstat($path)) {
$file = array(
'filename'
'path'
'is_file'
'is_dir'
'is_link'
'is_readable'
'is_writable'
'size'
'permission'
'owner'
'group'
'mtime'
'atime'
'ctime'
);

=>
=>
=>
=>
=>
=>
=>
=>
=>
=>
=>
=>
=>
=>

$filename,
$path,
@is_file($path),
@is_dir($path),
@is_link($path),
@is_readable($path),
@is_writable($path),
$stat['size'],
$stat['mode'],
$stat['uid'],
$stat['gid'],
@filemtime($path),
@fileatime($path),
@filectime($path)

if ($file['is_dir']) {
$file['is_executable'] = @file_exists($path . $delim
. '.');

} else {
if (!$win) {
$file['is_executable'] = @is_executable($path);
} else {
$file['is_executable'] = true;
}
}
if ($file['is_link']) $file['target'] = @readlink($path);

if (function_exists('posix_getpwuid')) $file['owner_name']
= @reset(posix_getpwuid($file['owner']));
if (function_exists('posix_getgrgid')) $file['group_name']
= @reset(posix_getgrgid($file['group']));
$files[] = $file;
}

}
return $files;
} else {
return false;
}
}
function sortlist ($list, $key, $reverse) {
$dirs = array();
$files = array();
for ($i = 0; $i < sizeof($list); $i++) {
if ($list[$i]['is_dir']) $dirs[] = $list[$i];
else $files[] = $list[$i];
}
quicksort($dirs, 0, sizeof($dirs) - 1, $key);
if ($reverse) $dirs = array_reverse($dirs);
quicksort($files, 0, sizeof($files) - 1, $key);
if ($reverse) $files = array_reverse($files);
return array_merge($dirs, $files);
}
function quicksort (&$array, $first, $last, $key) {
if ($first < $last) {
$cmp = $array[floor(($first + $last) / 2)][$key];
$l = $first;
$r = $last;
while ($l <= $r) {
while ($array[$l][$key] < $cmp) $l++;
while ($array[$r][$key] > $cmp) $r--;
if ($l <= $r) {
$tmp = $array[$l];
$array[$l] = $array[$r];
$array[$r] = $tmp;
$l++;
$r--;
}
}

quicksort($array, $first, $r, $key);
quicksort($array, $l, $last, $key);
}
}
function permission_octal2string ($mode) {
if (($mode & 0xC000) === 0xC000) {
$type = 's';
} elseif (($mode & 0xA000) === 0xA000)
$type = 'l';
} elseif (($mode & 0x8000) === 0x8000)
$type = '-';
} elseif (($mode & 0x6000) === 0x6000)
$type = 'b';
} elseif (($mode & 0x4000) === 0x4000)
$type = 'd';
} elseif (($mode & 0x2000) === 0x2000)
$type = 'c';
} elseif (($mode & 0x1000) === 0x1000)
$type = 'p';
} else {
$type = '?';
}
$owner = ($mode & 00400) ? 'r'
$owner .= ($mode & 00200) ? 'w'
if ($mode & 0x800) {
$owner .= ($mode & 00100)
} else {
$owner .= ($mode & 00100)
}
$group = ($mode & 00040) ? 'r'
$group .= ($mode & 00020) ? 'w'
if ($mode & 0x400) {
$group .= ($mode & 00010)
} else {
$group .= ($mode & 00010)
}
$other = ($mode & 00004) ? 'r'
$other .= ($mode & 00002) ? 'w'
if ($mode & 0x200) {
$other .= ($mode & 00001)
} else {
$other .= ($mode & 00001)
}

{
{
{
{
{
{

: '-';
: '-';
? 's' : 'S';
? 'x' : '-';
: '-';
: '-';
? 's' : 'S';
? 'x' : '-';
: '-';
: '-';
? 't' : 'T';
? 'x' : '-';

return $type . $owner . $group . $other;
}
function is_script ($filename) {
return ereg('\.php$|\.php3$|\.php4$|\.php5$', $filename);
}

function getmimetype ($filename)
static $mimes = array(
'\.jpg$|\.jpeg$' =>
'\.gif$'
=>
'\.png$'
=>
'\.html$|\.html$' =>
'\.txt$|\.asc$'
=>
'\.xml$|\.xsl$'
=>
'\.pdf$'
=>
);

{
'image/jpeg',
'image/gif',
'image/png',
'text/html',
'text/plain',
'application/xml',
'application/pdf'

foreach ($mimes as $regex => $mime) {
if (eregi($regex, $filename)) return $mime;
}
// return 'application/octet-stream';
return 'text/plain';
}
function del ($file) {
global $delim;
if (!file_exists($file)) return false;
if (@is_dir($file) && !@is_link($file)) {
$success = false;
if (@rmdir($file)) {
$success = true;
} elseif ($dir = @opendir($file)) {
$success = true;
while (($f = readdir($dir)) !== false) {
if ($f != '.' && $f != '..' && !del($file . $delim . $f)) {
$success = false;
}
}
closedir($dir);
if ($success) $success = @rmdir($file);
}
return $success;
}
return @unlink($file);
}
function addslash ($directory) {

global $delim;
if (substr($directory, -1, 1) != $delim) {
return $directory . $delim;
} else {
return $directory;
}
}
function relative2absolute ($string, $directory) {
if (path_is_relative($string)) {
return simplify_path(addslash($directory) . $string);
} else {
return simplify_path($string);
}
}
function path_is_relative ($path) {
global $win;
if ($win) {
return (substr($path, 1, 1) != ':');
} else {
return (substr($path, 0, 1) != '/');
}
}
function absolute2relative ($directory, $target) {
global $delim;
$path = '';
while ($directory != $target) {
if ($directory == substr($target, 0, strlen($directory))) {
$path .= substr($target, strlen($directory));
break;
} else {
$path .= '..' . $delim;
$directory = substr($directory, 0, strrpos(substr($directory, 0,
-1), $delim) + 1);
}
}
if ($path == '') $path = '.';
return $path;
}
function simplify_path ($path) {
global $delim;
if (@file_exists($path) && function_exists('realpath') && @realpath($path) !
= '') {
$path = realpath($path);
if (@is_dir($path)) {

}

return addslash($path);
} else {
return $path;
}

$pattern

= $delim . '.' . $delim;

if (@is_dir($path)) {
$path = addslash($path);
}
while (strpos($path, $pattern) !== false) {
$path = str_replace($pattern, $delim, $path);
}
$e = addslashes($delim);
$regex = $e . '((\.[^\.' . $e . '][^' . $e . ']*)|(\.\.[^' . $e . ']+)|
([^\.][^' . $e . ']*))' . $e . '\.\.' . $e;
while (ereg($regex, $path)) {
$path = ereg_replace($regex, $delim, $path);
}
return $path;
}
function human_filesize ($filesize) {
$suffices = 'kMGTPE';
$n = 0;
while ($filesize >= 1000) {
$filesize /= 1024;
$n++;
}
$filesize = round($filesize, 3 - strpos($filesize, '.'));
if (strpos($filesize, '.') !== false) {
while (in_array(substr($filesize, -1, 1), array('0', '.'))) {
$filesize = substr($filesize, 0, strlen($filesize) - 1);
}
}
$suffix = (($n == 0) ? '' : substr($suffices, $n - 1, 1));
return $filesize . " {$suffix}B";
}
function strip (&$str) {
$str = stripslashes($str);
}
/* ------------------------------------------------------------------------- */

function listing_page ($message = null) {
global $self, $directory, $sort, $reverse;
html_header();
$list = getlist($directory);
if (array_key_exists('sort', $_GET)) $sort = $_GET['sort']; else $sort =
'filename';
if (array_key_exists('reverse', $_GET) && $_GET['reverse'] == 'true')
$reverse = true; else $reverse = false;
$list = sortlist($list, $sort, $reverse);
echo '<h1 style="margin-bottom: 0">webadmin.php</h1>
<form enctype="multipart/form-data" action="' . $self . '" method="post">
<table id="main">
';
directory_choice();
if (!empty($message)) {
spacer();
echo $message;
}
if (@is_writable($directory)) {
upload_box();
create_box();
} else {
spacer();
}
if ($list) {
listing($list);
} else {
echo error('not_readable', $directory);
}
echo '</table>
</form>
';
html_footer();
}
function listing ($list) {
global $directory, $homedir, $sort, $reverse, $win, $cols, $date_format,
$self;
echo '<tr class="listing">
<th style="text-align: center; vertical-align: middle"><img src="' . $self .
'?image=smiley" alt="smiley" /></th>

';
column_title('filename', $sort, $reverse);
column_title('size', $sort, $reverse);
if (!$win) {
column_title('permission', $sort, $reverse);
column_title('owner', $sort, $reverse);
column_title('group', $sort, $reverse);
}
</tr>
';

echo '

<th class="functions">' . word('functions') . '</th>

for ($i = 0; $i < sizeof($list); $i++) {
$file = $list[$i];
$timestamps = 'mtime: ' . date($date_format, $file['mtime']) . ', ';
$timestamps .= 'atime: ' . date($date_format, $file['atime']) . ', ';
$timestamps .= 'ctime: ' . date($date_format, $file['ctime']);
echo '<tr class="listing">
<td class="checkbox"><input type="checkbox" name="checked' . $i . '"
value="true" onfocus="activate(

other

Related Interests

)" /></td>
<td class="filename" title="' . html($timestamps) . '">';
if ($file['is_link']) {
echo '<img src="' . $self . '?image=link" alt="link" /> ';
echo html($file['filename']) . ' &rarr; ';
$real_file = relative2absolute($file['target'], $directory);
if (@is_readable($real_file)) {
if (@is_dir($real_file)) {
echo '[ <a href="' . $self . '?dir=' .
urlencode($real_file) . '">' . html($file['target']) . '</a> ]';
} else {
echo '<a href="' . $self . '?action=view&amp;file=' .
urlencode($real_file) . '">' . html($file['target']) . '</a>';
}
} else {
echo html($file['target']);
}
} elseif ($file['is_dir']) {
echo '<img src="' . $self . '?image=folder" alt="folder" /> [ ';
if ($win || $file['is_executable']) {
echo '<a href="' . $self . '?dir=' .
urlencode($file['path']) . '">' . html($file['filename']) . '</a>';
} else {
echo html($file['filename']);
}
echo ' ]';
} else {

if (substr($file['filename'], 0, 1) == '.') {
echo '<img src="' . $self . '?image=hidden_file"
alt="hidden file" /> ';
} else {
echo '<img src="' . $self . '?image=file" alt="file" /> ';
}
if ($file['is_file'] && $file['is_readable']) {
echo '<a href="' . $self . '?action=view&amp;file=' .
urlencode($file['path']) . '">' . html($file['filename']) . '</a>';
} else {
echo html($file['filename']);
}
}
if ($file['size'] >= 1000) {
$human = ' title="' . human_filesize($file['size']) . '"';
} else {
$human = '';
}
echo "</td>\n";
echo "\t<td class=###BOT_TEXT###quot;size###BOT_TEXT###quot;$human>{$file['size']} B</td>\n";
if (!$win) {
echo "\t<td class=###BOT_TEXT###quot;permission###BOT_TEXT###quot; title=###BOT_TEXT###quot;" .
decoct($file['permission']) . '">';
$l = !$file['is_link'] && (!function_exists('posix_getuid') ||
$file['owner'] == posix_getuid());
if ($l) echo '<a href="' . $self . '?action=permission&amp;file='
. urlencode($file['path']) . '&amp;dir=' . urlencode($directory) . '">';
echo html(permission_octal2string($file['permission']));
if ($l) echo '</a>';
echo "</td>\n";
if (array_key_exists('owner_name', $file)) {
echo "\t<td class=###BOT_TEXT###quot;owner###BOT_TEXT###quot; title=###BOT_TEXT###quot;uid:
{$file['owner']}###BOT_TEXT###quot;>{$file['owner_name']}</td>\n";
} else {
echo "\t<td class=###BOT_TEXT###quot;owner###BOT_TEXT###quot;>{$file['owner']}</td>\n";
}
if (array_key_exists('group_name', $file)) {
echo "\t<td class=###BOT_TEXT###quot;group###BOT_TEXT###quot; title=###BOT_TEXT###quot;gid:
{$file['group']}###BOT_TEXT###quot;>{$file['group_name']}</td>\n";
} else {
echo "\t<td class=###BOT_TEXT###quot;group###BOT_TEXT###quot;>{$file['group']}</td>\n";
}
}
echo '

<td class="functions">

<input type="hidden" name="file' . $i . '" value="' .
html($file['path']) . '" />
';
$actions = array();
if (function_exists('symlink')) {
$actions[] = 'create_symlink';
}
if (@is_writable(dirname($file['path']))) {
$actions[] = 'delete';
$actions[] = 'rename';
$actions[] = 'move';
}
if ($file['is_file'] && $file['is_readable']) {
$actions[] = 'copy';
$actions[] = 'download';
if ($file['is_writable']) $actions[] = 'edit';
}
if (!$win && function_exists('exec') && $file['is_file'] &&
$file['is_executable'] && file_exists('/bin/sh')) {
$actions[] = 'execute';
}
if (sizeof($actions) > 0) {
echo '

size="1">

<select class="small" name="action' . $i . '"

<option value="">' . str_repeat('&nbsp;', 30) . '</option>

';

"</option>\n";

foreach ($actions as $action) {
echo "\t\t<option value=###BOT_TEXT###quot;$action###BOT_TEXT###quot;>" . word($action) .
}

echo '
</select>
<input class="small" type="submit" name="submit' . $i . '" value=" &gt;
" onfocus="activate(

Related Interests

other

Related Interests

)" />
';
}
echo '

</td>

</tr>
';
}
echo '<tr class="listing_footer">
<td style="text-align: right; vertical-align: top"><img src="' . $self .
'?image=arrow" alt="&gt;" /></td>
<td colspan="' . ($cols - 1) . '">
<input type="hidden" name="num" value="' . sizeof($list) . '" />
<input type="hidden" name="focus" value="" />
<input type="hidden" name="olddir" value="' . html($directory) . '" />
';
$actions = array();

if (@is_writable(dirname($file['path']))) {
$actions[] = 'delete';
$actions[] = 'move';
}
$actions[] = 'copy';

';

echo '
<select class="small" name="action_all" size="1">
<option value="">' . str_repeat('&nbsp;', 30) . '</option>
foreach ($actions as $action) {
echo "\t\t<option value=###BOT_TEXT###quot;$action###BOT_TEXT###quot;>" . word($action) . "</option>\n";
}

echo '
</select>
<input class="small" type="submit" name="submit_all" value=" &gt; "
onfocus="activate(

Related Interests

other

Related Interests

)" />
</td>
</tr>
';
}
function column_title ($column, $sort, $reverse) {
global $self, $directory;
$d = 'dir=' . urlencode($directory) . '&amp;';
if ($sort == $column) {
if (!$reverse) {
$r = '&amp;reverse=true';
$arr = ' &and;';
} else {
$arr = ' &or;';
}
} else {
$r = '';
}
echo "\t<th class=###BOT_TEXT###quot;$column###BOT_TEXT###quot;><a href=###BOT_TEXT###quot;$self?{$d}sort=$column$r###BOT_TEXT###quot;>" .
word($column) . "</a>$arr</th>\n";
}
function directory_choice () {
global $directory, $homedir, $cols, $self;
echo '<tr>
<td colspan="' . $cols . '" id="directory">
<a href="' . $self . '?dir=' . urlencode($homedir) . '">' .
word('directory') . '</a>:
<input type="text" name="dir" size="' . textfieldsize($directory) . '"
value="' . html($directory) . '" onfocus="activate(

Related Interests

directory

Related Interests

)" />
<input type="submit" name="changedir" value="' . word('change') . '"
onfocus="activate(

Related Interests

directory

Related Interests