commit ea5bbeeded5f84a71880e294b2ef03a296478642 Author: Drew Malzahn Date: Thu Nov 14 00:11:30 2024 -0500 Initial commit diff --git a/scalyfm.py b/scalyfm.py new file mode 100644 index 0000000..b0885e4 --- /dev/null +++ b/scalyfm.py @@ -0,0 +1,777 @@ + +import base64 +import cgi +import cgitb +import datetime +import json +import os +import re +import shutil +import socket +import sys +import time +import urllib.parse +from tempfile import TemporaryFile + +import flask +from flask import Blueprint, Flask, g, request, session + +import pycurl + +scalyfm = Blueprint("fm", __name__) + +# Default Configuration +CONFIG = { + "lang":"en", + "error_reporting": False, + "show_hidden": True, + "hide_Cols": False, + "calc_folder": False +} + +# TODO Artifact from PHP port. +GLOBALS = {} + +# TFM version +VERSION = '2.3.8' + +# Application Title +APP_TITLE = 'Tiny File Manager' + +# Auth with login/password (set true/false to enable/disable it) +# Is independent from IP white- and blacklisting +use_auth = True + +# Users: array('Username' => 'Password', 'Username2' => 'Password2', ...) +# Generate secure password hash - https://tinyfilemanager.github.io/docs/pwd.html +auth_users = { + 'admin': '$2y$10$/K.hjNr84lLNDt8fTXjoI.DBp6PpeyoJ.mGwrrLuCZfAwfSAGqhOW', # admin@123 + 'user': '$2y$10$Fg6Dz8oH9fPoZ2jJan5tZuv6Z4Kp7avtQ9bDfrdRntXtPeiMAZyGO' # 12345 +} + +# Readonly users (username array) +readonly_users = [ + 'user' +] + +# Possible rules are 'OFF', 'AND' or 'OR' +# OFF => Don't check connection IP, defaults to OFF +# AND => Connection must be on the whitelist, and not on the blacklist +# OR => Connection must be on the whitelist, or not on the blacklist +ip_ruleset = 'OFF' + +# Should users be notified of their block? +ip_silent = True + +# IP-addresses, both ipv4 and ipv6 +ip_whitelist = [ + '127.0.0.1', # local ipv4 + '::1' # local ipv6 +] + +# IP-addresses, both ipv4 and ipv6 +ip_blacklist = [ + '0.0.0.0', # non-routable meta ipv4 + '::' # non-routable meta ipv6 +] + +# user specific directories +# array('Username' => 'Directory path', 'Username2' => 'Directory path', ...) +directories_users = {} + +# Enable highlight.js (https:# highlightjs.org/) on view's page +use_highlightjs = True + +# highlight.js style +highlightjs_style = 'vs' + +# Enable ace.js (https:# ace.c9.io/) on view's page +edit_files = True + +# Default timezone for date() and time() - http:# php.net/manual/en/timezones.php +default_timezone = 'Etc/UTC' # UTC + +# Root path for file manager +# use absolute path of directory i.e: '/var/www/folder' or $_SERVER['DOCUMENT_ROOT'].'/folder' +# TODO still not sure this is right... Doesn't this allow the fm to see the script, meaning +# that someone could reclaim the source code and thus the auth_users dict? +root_path = os.path.dirname(os.path.abspath(__file__)) # $_SERVER['DOCUMENT_ROOT']; + +# Root url for links in file manager. Relative to $http_host. Variants: '', 'path/to/subfolder' +# Will not working if $root_path will be outside of server document root +root_url = '' + +# Server hostname. Can set manually if wrong +http_host = socket.getfqdn() # $_SERVER['HTTP_HOST']; + +# input encoding for iconv +iconv_input_encoding = 'UTF-8' + +# date() format for file modification date +datetime_format = "%d.%m.%y %H.%M" + +# allowed file extensions for upload and rename +# e.g. 'gif,png,jpg' +allowed_extensions = '' + +# Favicon path. This can be either a full url to an .PNG image, or a path based on the document root. +# full path, e.g http:# example.com/favicon.png +# local path, e.g images/icons/favicon.png +favicon_path = '?img=favicon' + +# Array of files and folders excluded from listing +# e.r array('myfile.html', 'personal-folder') +GLOBALS['exclude_items'] = [] + +# Online office Docs Viewer +# Availabe rules are 'google', 'microsoft' or false +# google => View documents using Google Docs Viewer +# microsoft => View documents using Microsoft Web Apps Viewer +# false => disable online dov viewer +GLOBALS['online_viewer'] = 'google' + +# Sticky Nav bar +# true => enable sticky header +# false => disable sticky header +sticky_navbar = True + +# max upload file size +MAX_UPLOAD_SIZE = '2048' + +# available languages +lang_list = { + 'en': 'English' +} + +_SERVER = {} + +# TODO Artifact from port; is this needed? +class StdClass: + def __init__(self): + self.name = None + self.type = None + +class FM_Config: + """Load and save configuration data.""" + + def __init__(self): + global root_path, root_url, CONFIG + fm_url = root_url + _SERVER["PHP_SELF"] + self.data = { + "lang": "en", + "error_reporting": True, + "show_hidden": False + } + data = None + try: + data = json.loads(CONFIG) # TODO + except (IOError, json.JSONDecodeError): + msg = "Tiny File Manager
Errror: Cannot load configuration" + if fm_url[-1] == "/": + fm_url = fm_url.rstrip("/") + msg += "
" + msg += "
Seems like you have a trailing slash on the URL." + msg += "
Try this link: {0}".format(fm_url) + + flask.flash(msg) + + if data is not None: + self.data = data + else: + self.save() + + def save(self): + fm_file = root_url + _SERVER["PHP_SELF"] + current_config = None + + with open(fm_file) as fobj: + current_config = json.load(fobj) + + current_config.update(self.data) + with open(fm_file, "w") as fobj: + json.dump(current_config, fobj) + +# Configuration +cfg = FM_Config() # TODO + +# Default language +lang = cfg.data.get("lang", "en") + +# Show or hide files and folders that starts with a dot +show_hidden_files = cfg.data.get("show_hidden", True) + +# PHP error reporting - false = Turns off Errors, true = Turns on Errors +report_errors = cfg.data.get('error_reporting', True) + +# Hide Permissions and Owner cols in file-listing +hide_Cols = cfg.data.get('hide_Cols', True) + +# Show Dirsize: true or speedup output: false +calc_folder = cfg.data.get('calc_folder', True) + +# **** HELPER FUNCTIONS *************************************************************** + +def fm_enc(*args): + pass + +def fm_rdelete(*args): + pass + +def fm_set_msg(*args): + pass + +def fm_clean_path(path, trim=True): + """Ensure that the given path is valid and free from extra slashes.""" + if trim: + path = path.strip() + + path = path.strip("\\/") # TODO + path = path.replace("../", "").replace("..\\", "") # TODO + if path == "..": + path = "" + + return path.replace("\\", "/") + +def fm_redirect(url, code=302): + print("302 Found") # TODO Where to put code? + print('Content-Type: text/html') + print('Location: %s' % url) + print() # HTTP says you have to have a blank line between headers and content + print('') + print(' ') + print(' ' % url) + print(' You are going to be redirected') + print(' ' ) + print(' ') + print(' Redirecting... Click here if you are not redirected' % url) + print(' ') + print('') + + sys.exit(0) + +# TODO This entire function +def fm_get_images(): + """Get base64-encoded images.""" + return { + 'favicon': """Qk04AgAAAAAAADYAAAAoAAAAEAAAABAAAAABABAAAAAAAAICAAASCwAAEgsAAAAAAAAAAAAAIQQhBCEEIQQhBCEEIQQhBCEEIQ + QhBCEEIQQhBCEEIQQhBCEEIQQhBHNO3n/ef95/vXetNSEEIQQhBCEEIQQhBCEEIQQhBCEEc07ef95/3n/ef95/1lohBCEEIQQhBCEEIQQhBCEEIQ + RzTt5/3n8hBDFG3n/efyEEIQQhBCEEIQQhBCEEIQQhBHNO3n/efyEEMUbef95/IQQhBCEEIQQhBCEEIQQhBCEErTVzTnNOIQQxRt5/3n8hBCEEIQ + QhBCEEIQQhBCEEIQQhBCEEIQQhBDFG3n/efyEEIQQhBCEEIQQhBCEEIQQhBCEEIQQxRt5/3n+cc2stIQQhBCEEIQQhBCEEIQQhBCEEIQQIIZxz3n + /ef5xzay0hBCEEIQQhBCEEIQQhBCEEIQQhBCEEIQQhBDFG3n/efyEEIQQhBCEEIQQhBCEEIQQhBK01c05zTiEEMUbef95/IQQhBCEEIQQhBCEEIQ + QhBCEEc07ef95/IQQxRt5/3n8hBCEEIQQhBCEEIQQhBCEEIQRzTt5/3n8hBDFG3n/efyEEIQQhBCEEIQQhBCEEIQQhBKUUOWfef95/3n/ef95/IQ + QhBCEEIQQhBCEEIQQhBCEEIQQhBJRW3n/ef95/3n8hBCEEIQQhBCEEIQQhBCEEIQQhBCEEIQQhBCEEIQQhBCEEIQQhBCEEIQQAAA==""" + } + +# TODO this entire function +def fm_show_images(img_name): + fstr = "%A, %d %M %Y %h:%m:%s GMT" + now = datetime.datetime.now() + base = datetime.datetime(now.year, now.month, now.day, 0, 0, 0) + mtime = base.strftime(fstr) + etime = (base + datetime.timedelta(day=1)).strftime(fstr) + + img_name = img_name.strip() + images = fm_get_images() + default_image = 'iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAYAAAAfFcSJAAAAEElEQVR42mL4//8/A0CAAQAI/AL+26JNFgAAAABJRU5ErkJggg==' + image = images.get(img_name, default_image) + image = base64.b64decode(image) + size = len(image) + + print("Cache-Control:") + print("Pragma:") + print(f"Last-Modified: {mtime}") + print(f"Expires: {etime}") + print(f"Content-Length: {size}") + print(f"Content-Type: image/png") + print(image) + +def password_verify(*args): + pass # TODO + +def password_hash(*args): + pass + +def fm_show_footer_login(*args): + pass + +def fm_show_header_login(*args): + pass + +def fm_show_message(*args): + pass + +def fm_get_translations(*args): + pass + +def fm_set_message(*args): + pass + +def trigger_error(*args): + pass + +def fm_rcopy(*args): + pass + +def fm_rename(*args): + pass + +# **** ROUTES *************************************************************** + +@scalyfm.route("/") +def scaly_root(): + global _SERVER, lang, show_hidden_files + + # NOTE: Kludgy, but makes the port easier. + # See: https://flask.palletsprojects.com/en/1.1.x/api/#flask.Request.url_root + _SERVER = { + "DOCUMENT_ROOT": os.path.dirname(os.path.abspath(__file__)), + "PHP_SELF": request.root, + "REMOTE_ADDR": request.remote_addr + } + + # TODO Wtf is this + E_USER_WARNING = 0 + + # TODO + # if report_errors: + # ini_set('error_reporting', E_ALL); + # ini_set('display_errors', 1); + # else: + # @ini_set('error_reporting', E_ALL); + # @ini_set('display_errors', 0); + + # TODO if fm included + # if FM_EMBED: + # use_auth = False; + # sticky_navbar = False; + # else: + # @set_time_limit(600); + + # date_default_timezone_set($default_timezone); + + # ini_set('default_charset', 'UTF-8'); + # if (version_compare(PHP_VERSION, '5.6.0', '<') && function_exists('mb_internal_encoding')) { + # mb_internal_encoding('UTF-8'); + # } + # if (function_exists('mb_regex_encoding')) { + # mb_regex_encoding('UTF-8'); + # } + + # session_cache_limiter(''); + # session_name(FM_SESSION_ID ); + # @session_start(); + + use_auth = not (auth_users == {}) + is_https = request.url.startswith("https") + + # update $root_url based on user specific directories + # TODO may not be needed with routing + if session["logged"] is not None and directories_users[session["logged"]] != {}: + wd = fm_clean_path(os.path.dirname(_SERVER["PHP_SELF"])) + root_url = root_url + wd + os.sep + directories_users[session["logged"]] + + # clean root_url + root_url = fm_clean_path(root_url) + + # abs path for site + if not FM_ROOT_URL: + FM_ROOT_URL = "{}://{}".format( + "https" if is_https else "http", + "/" if not root_url else root_url + ) + + if not FM_SELF_URL: + FM_SELF_URL = "{}://{}".format( + "https" if is_https else "http", + _SERVER["PHP_SELF"] + ) + + # logout + if "logout" in request.args: + # TODO Unset session? + flask.redirect(FM_SELF_URL) + + # Show image here + if "img" in request.args: + fm_show_image(request.get.args("img")) + + # Validate connection IP + if ip_ruleset: + client_ip = _SERVER["REMOTE_ADDR"] + proceed = False + whitelisted = client_ip in ip_whitelist + blacklisted = client_ip in ip_blacklist + + if ip_ruleset == "AND": + if whitelisted and not blacklisted: + proceed = True + + elif ip_ruleset == "OR": + if whitelisted and not blacklisted: + proceed = True + + if not proceed: + trigger_error(f'User connection denied from: {client_ip}', E_USER_WARNING) + + if not ip_silent: + fm_set_msg('Access denied. IP restriction applicable', 'error') + fm_show_header_login() + fm_show_message() + + # exit(); + + # Auth + if use_auth: + uname = request.post.args("fm_usr") + pwd = request.post.args("fm_pwd") + if "logged" in session and session["logged"] in auth_users: # TODO + # Logged in, don't do anything + pass + elif uname is not None and pwd is not None: + # Logging In + time.sleep(1) # TODO Why? preventing bruteforce? + + if uname in auth_users and password_verify(pwd, auth_users[uname]): + session["logged"] = uname + fm_set_msg("You are logged in!") + flask.redirect(FM_SELF_URL + "?p=") + else: + del session["logged"] + fm_set_msg("Login failed; Invalid username or password", "error") + flask.redirect("FM_SELF_URL") + else: + # Form + del session["logged"] # TODO ?? + fm_show_header_login() + fm_show_message() + + print("""
+
+
+
+
+ + + + + + +
+
+

+
+
+
+ +
+
+
+ —— © + CCP Programmers & Friends —— +
+
+
+
+
""") + + fm_show_footer_login() + # exit(); + + # update root path + if use_auth and "logged" in session: + root_path = directories_users.get(session["logged"], root_path) + + # clean and check $root_path + root_path = root_path.rstrip("\\/") + root_path = root_path.replace('\\', '/') + if not os.path.isdir(root_path): + print(f"

Root path \"{root_path}\" not found!

") + return + + if not FM_SHOW_HIDDEN: FM_SHOW_HIDDEN = show_hidden_files + if not FM_ROOT_PATH: FM_ROOT_PATH = root_path + if not FM_LANG: FM_LANG = lang + if not FM_EXTENSION: FM_EXTENSION = allowed_extensions + FM_READONLY = use_auth and readonly_users != [] and "logged" in session and session["logged"] in readonly_users + FM_IS_WIN = (os.name == "nt") + + # always use ?p= + if not request.get.args("p") and not request.files: + fm_redirect(FM_SELF_URL + "?p=") + + # get path + p = request.get.args("p", "") + + # clean path + p = fm_clean_path(p) + + # for ajax request - save + # TODO + # $input = file_get_contents('php://input'); + # $_POST = (strpos($input, 'ajax') != FALSE && strpos($input, 'save') != FALSE) ? json_decode($input, true) : $_POST; + + # instead globals vars + FM_PATH = p + FM_USE_AUTH = use_auth + FM_EDIT_FILE = edit_files + if not FM_ICONV_INPUT_ENC: FM_ICONV_INPUT_ENC = iconv_input_encoding + if not FM_USE_HIGHLIGHTJS: FM_USE_HIGHLIGHTJS = use_highlightjs + if not FM_HIGHLIGHTJS_STYLE: FM_HIGHLIGHTJS_STYLE = highlightjs_style + if not FM_DATETIME_FORMAT: FM_DATETIME_FORMAT = datetime_format + + # TODO ... what's the point? + del p + del use_auth + del iconv_input_encoding + del use_highlightjs + del highlightjs_style + + # *************************** ACTIONS *************************** + + # AJAX Request + if request.post.args("ajax") is not None and not FM_READONLY: + # save + if request.post.args("type") == "save": + # get current path + path = FM_ROOT_PATH + if FM_PATH != '': + path += '/' + FM_PATH + + # check path + if not os.path.isdir(path): + flask.redirect(FM_SELF_URL + '?p=') + + file = request.get.args("edit") + file = fm_clean_path(file) + file = file.replace("/", "") + if file == '' or not os.path.isfile(path + os.sep + file): + flask.flash('File not found', 'error') + flask.redirect(FM_SELF_URL + '?p=' + urllib.parse.urlencode(FM_PATH)) + + print('X-XSS-Protection: 0') + file_path = path + '/' + file + + writedata = request.post.args("content") + with open(file_path, "w") as fobj: + fobj.write(writedata) + + flask.flash('successful save!', 'alert') + # die(true); # TODO + return + + # backup files + if request.post.args("type") == "backup": + file = request.post.args("file") + path = request.post.args("path") + date = datetime.datetime.now().strftime("%d%M%Y-%H%i%s") # TODO + new_file = f"{file}-{date}.bak" + shutil.copy(path + os.sep + file, path + os.sep + new_file) # or die() # TODO + print("Backup {new_file} created!") # TODO + + # Save Config + if request.post.args("type") == "settings": + global cfg, report_errors, lang_list, hide_cols, calc_folder + new_lang = request.post.args("js-language") + fm_get_translations([]) # TODO + if new_lang not in lang_list: + new_lang = "en" + + erp = bool(request.post.args("js-error-report")) + shf = bool(request.post.args("js-show-hidden")) + hco = bool(request.post.args('js-hide-cols')) + caf = bool(request.post.args('js-calc-folder')) + + # TODO Wtf is the point? + cfg.data.update({ + "lang": new_lang, + "error_reporting": erp, + "show_hidden": shf, + "hide_Cols": hco, + "calc_folder": caf, + }) + + # TODO Why? + lang = new_lang + report_errors = erp + show_hidden_files = shf + hide_cols = hco + calc_folder = caf + + # new password hash + if request.post.args("type") == "pwdhash": + print(password_hash(request.post.args("inputPassword2"))) # TODO + + # upload using url + # TODO + if request.post.args("type") == "upload" and request.post.args("uploadurl") is not None: + path = FM_ROOT_PATH + if FM_PATH != '': + path += "/" + FM_PATH + + url = None + upload_url = request.post.args("uploadurl") + if upload_url is not None and re.match(r"^http(s)?://.+$", upload_url.rstrip("/")): + url = upload_url.rstrip("/") + + use_curl = False + temp_file = TemporaryFile(prefix="upload-") + fileinfo = { + "type": None, + # TODO Does this do what I actually think it does? + # $fileinfo->name = trim(basename($url), ".\x00..\x20"); + "name": os.path.basename(url).strip(".\x00..\x20") + } + + def event_callback(message): + # global callback # TODO ? + print(json.dumps(message)) + + def get_file_path(): + return path + os.sep + os.path.basename(fileinfo["name"]) + + err = False + if not url: + success = False + elif use_curl: + with open(temp_file, "w") as fp: + ch = pycurl.Curl() + ch.setopt(ch.URL, url) + ch.setopt(ch.CURLOPT_NOPROGRESS, False) + ch.setopt(ch.CURLOPT_FOLLOWLOCATION, True) + # NOTE: changed from CURLOPT_FILE in PHP + ch.setopt(ch.CURLOPT_WRITEDATA, fp) + success = ch.exec() + curl_info = ch.getinfo() + + if not success: + err = {"message": ch.curl_error() } + + ch.close() + + fileinfo.size = curl_info["size_download"] + fileinfo.type = curl_info["content_type"] + else: + # NOTE: Original code: + # + # $ctx = stream_context_create(); + # @$success = copy($url, $temp_file, $ctx); + # if (!$success) { + # $err = error_get_last(); + # } + # + # I think that this just downloads a file from url and puts it in temp_file... + + try: + resp = urllib.request.urlopen(url) + if resp.status != 200: + raise RuntimeError(f"HTTP request failed with error code {resp.status}") + + temp_file.write(resp.read()) + except (urllib.error.HTTPError, RuntimeError) as e: + err = repr(e) # TODO + + if success: + # TODO This is... weird. Better way to do this? I'm not sure it will even work + shutil.copy(temp_file.name, get_file_path()) + + if success: + event_callback({"done": fileinfo}) + else: + temp_file.close() + # unlink($temp_file); + if err: + err = {"message": "Invalid url parameter"} + + event_callback({"fail": err}) + + return + + # Delete file / folder + if "del" not in request.args and not FM_READONLY: + _del = fm_clean_path(request.args("del")).replace("/", "") + if _del not in (" ", "..", "."): + path = FM_ROOT_PATH + if FM_PATH != "": + path += os.sep + FM_PATH + + is_dir = os.path.isdir(path + os.sep + _del) + if fm_rdelete(path + os.sep + _del): + msg = 'Folder {} deleted' if is_dir else 'File {} deleted' + fm_set_msg(msg.format(fm_enc(_del))) + else: + msg = 'Folder {} not deleted' if is_dir else 'File {} not deleted' + fm_set_msg(msg.format(fm_enc(_del)), 'error') + else: + fm_set_msg('Wrong file or folder name', 'error') + + flask.redirect(FM_SELF_URL + '?p=' + urllib.parse.urlencode(FM_PATH)) + + # Copy folder / file + if ("copy" in request.args or "finish" in request.args) and not FM_READONLY: + # FROM + copy = fm_clean_path(request.args.get("copy")) + + # Check that it's not empty' + if not copy: + fm_set_msg("Source path is not defined", "error") + flask.redirect(FM_SELF_URL + "?p=" + urllib.parse.urlencode(FM_PATH)) + + # Get source absolute path + _from = FM_ROOT_PATH + "/" + copy + + # Get dest absolute path + dest = FM_ROOT_PATH + if FM_PATH != "": + dest += "/" + FM_PATH + + dest += "/" + os.path.basename(_from) + + # Check if we can move + move = "move" in request.args + + # Copy or move the file + if _from != dest: + msg_from = FM_PATH + os.sep + os.path.basename(_from) + msg_from = msg_from.strip(os.sep) + + if move: + rename = fm_rename(_from, dest) + if rename is not None: + fm_set_msg('Moved from {} to {}'.format(fm_enc(copy), fm_enc(msg_from))) + elif rename is None: + fm_set_msg('File or folder with this path already exists', 'alert') + else: + fm_set_msg('Error while moving from {} to {}'.format(fm_enc(copy), fm_enc(msg_from))) + else: + if fm_rcopy(_from, dest): + fm_set_msg('Copied from {} to {}'.format(fm_enc(copy), fm_enc(msg_from))) + else: + fm_set_msg("Error while copying from {} to {}".format(fm_enc(copy), fm_enc(msg_from)), "error") + else: + fm_set_msg('Paths must be not equal', 'alert') + + fm_redirect(FM_SELF_URL + "?p=" + urllib.parse.urlencode(FM_PATH)) + diff --git a/templates/editor.html b/templates/editor.html new file mode 100644 index 0000000..b08d04e --- /dev/null +++ b/templates/editor.html @@ -0,0 +1,51 @@ + + + diff --git a/tinyfilemanager.php b/tinyfilemanager.php new file mode 100644 index 0000000..e1eb8ff --- /dev/null +++ b/tinyfilemanager.php @@ -0,0 +1,3725 @@ + 'Password', 'Username2' => 'Password2', ...) +// Generate secure password hash - https://tinyfilemanager.github.io/docs/pwd.html +$auth_users = array( + 'admin' => '$2y$10$/K.hjNr84lLNDt8fTXjoI.DBp6PpeyoJ.mGwrrLuCZfAwfSAGqhOW', //admin@123 + 'user' => '$2y$10$Fg6Dz8oH9fPoZ2jJan5tZuv6Z4Kp7avtQ9bDfrdRntXtPeiMAZyGO' //12345 +); + +// Readonly users (username array) +$readonly_users = array( + 'user' +); + +// Possible rules are 'OFF', 'AND' or 'OR' +// OFF => Don't check connection IP, defaults to OFF +// AND => Connection must be on the whitelist, and not on the blacklist +// OR => Connection must be on the whitelist, or not on the blacklist +$ip_ruleset = 'OFF'; + +// Should users be notified of their block? +$ip_silent = true; + +// IP-addresses, both ipv4 and ipv6 +$ip_whitelist = array( + '127.0.0.1', // local ipv4 + '::1' // local ipv6 +); + +// IP-addresses, both ipv4 and ipv6 +$ip_blacklist = array( + '0.0.0.0', // non-routable meta ipv4 + '::' // non-routable meta ipv6 +); + +// user specific directories +// array('Username' => 'Directory path', 'Username2' => 'Directory path', ...) +$directories_users = array(); + +// Enable highlight.js (https://highlightjs.org/) on view's page +$use_highlightjs = true; + +// highlight.js style +$highlightjs_style = 'vs'; + +// Enable ace.js (https://ace.c9.io/) on view's page +$edit_files = true; + +// Default timezone for date() and time() - http://php.net/manual/en/timezones.php +$default_timezone = 'Etc/UTC'; // UTC + +// Root path for file manager +// use absolute path of directory i.e: '/var/www/folder' or $_SERVER['DOCUMENT_ROOT'].'/folder' +$root_path = $_SERVER['DOCUMENT_ROOT']; + +// Root url for links in file manager.Relative to $http_host. Variants: '', 'path/to/subfolder' +// Will not working if $root_path will be outside of server document root +$root_url = ''; + +// Server hostname. Can set manually if wrong +$http_host = $_SERVER['HTTP_HOST']; + +// input encoding for iconv +$iconv_input_encoding = 'UTF-8'; + +// date() format for file modification date +$datetime_format = 'd.m.y H:i'; + +// allowed file extensions for upload and rename +// e.g. 'gif,png,jpg' +$allowed_extensions = ''; + +// Favicon path. This can be either a full url to an .PNG image, or a path based on the document root. +// full path, e.g http://example.com/favicon.png +// local path, e.g images/icons/favicon.png +$favicon_path = '?img=favicon'; + +// Array of files and folders excluded from listing +// e.r array('myfile.html', 'personal-folder') +$GLOBALS['exclude_items'] = array(); + +// Online office Docs Viewer +// Availabe rules are 'google', 'microsoft' or false +// google => View documents using Google Docs Viewer +// microsoft => View documents using Microsoft Web Apps Viewer +// false => disable online dov viewer +$GLOBALS['online_viewer'] = 'google'; + +// Sticky Nav bar +// true => enable sticky header +// false => disable sticky header +$sticky_navbar = true; + +// max upload file size +define('MAX_UPLOAD_SIZE', '2048'); + +//--- EDIT BELOW CAREFULLY OR DO NOT EDIT AT ALL + +// private key and session name to store to the session +if ( !defined( 'FM_SESSION_ID')) { + define('FM_SESSION_ID', 'filemanager'); +} + +// Configuration +$cfg = new FM_Config(); + +// Default language +$lang = isset($cfg->data['lang']) ? $cfg->data['lang'] : 'en'; + +// Show or hide files and folders that starts with a dot +$show_hidden_files = isset($cfg->data['show_hidden']) ? $cfg->data['show_hidden'] : true; + +// PHP error reporting - false = Turns off Errors, true = Turns on Errors +$report_errors = isset($cfg->data['error_reporting']) ? $cfg->data['error_reporting'] : true; + +// Hide Permissions and Owner cols in file-listing +$hide_Cols = isset($cfg->data['hide_Cols']) ? $cfg->data['hide_Cols'] : true; + +// Show Dirsize: true or speedup output: false +$calc_folder = isset($cfg->data['calc_folder']) ? $cfg->data['calc_folder'] : true; + +//available languages +$lang_list = array( + 'en' => 'English' +); + +if ($report_errors == true) { + @ini_set('error_reporting', E_ALL); + @ini_set('display_errors', 1); +} else { + @ini_set('error_reporting', E_ALL); + @ini_set('display_errors', 0); +} + +// if fm included +if (defined('FM_EMBED')) { + $use_auth = false; + $sticky_navbar = false; +} else { + @set_time_limit(600); + + date_default_timezone_set($default_timezone); + + ini_set('default_charset', 'UTF-8'); + if (version_compare(PHP_VERSION, '5.6.0', '<') && function_exists('mb_internal_encoding')) { + mb_internal_encoding('UTF-8'); + } + if (function_exists('mb_regex_encoding')) { + mb_regex_encoding('UTF-8'); + } + + session_cache_limiter(''); + session_name(FM_SESSION_ID ); + @session_start(); +} + +if (empty($auth_users)) { + $use_auth = false; +} + +$is_https = isset($_SERVER['HTTPS']) && ($_SERVER['HTTPS'] == 'on' || $_SERVER['HTTPS'] == 1) + || isset($_SERVER['HTTP_X_FORWARDED_PROTO']) && $_SERVER['HTTP_X_FORWARDED_PROTO'] == 'https'; + +// update $root_url based on user specific directories +if (isset($_SESSION[FM_SESSION_ID]['logged']) && !empty($directories_users[$_SESSION[FM_SESSION_ID]['logged']])) { + $wd = fm_clean_path(dirname($_SERVER['PHP_SELF'])); + $root_url = $root_url.$wd.DIRECTORY_SEPARATOR.$directories_users[$_SESSION[FM_SESSION_ID]['logged']]; +} +// clean $root_url +$root_url = fm_clean_path($root_url); + +// abs path for site +defined('FM_ROOT_URL') || define('FM_ROOT_URL', ($is_https ? 'https' : 'http') . '://' . $http_host . (!empty($root_url) ? '/' . $root_url : '')); +defined('FM_SELF_URL') || define('FM_SELF_URL', ($is_https ? 'https' : 'http') . '://' . $http_host . $_SERVER['PHP_SELF']); + +// logout +if (isset($_GET['logout'])) { + unset($_SESSION[FM_SESSION_ID]['logged']); + fm_redirect(FM_SELF_URL); +} + +// Show image here +if (isset($_GET['img'])) { + fm_show_image($_GET['img']); +} + +// Validate connection IP +if($ip_ruleset != 'OFF'){ + $clientIp = $_SERVER['REMOTE_ADDR']; + + $proceed = false; + + $whitelisted = in_array($clientIp, $ip_whitelist); + $blacklisted = in_array($clientIp, $ip_blacklist); + + if($ip_ruleset == 'AND'){ + if($whitelisted == true && $blacklisted == false){ + $proceed = true; + } + } else + if($ip_ruleset == 'OR'){ + if($whitelisted == true || $blacklisted == false){ + $proceed = true; + } + } + + if($proceed == false){ + trigger_error('User connection denied from: ' . $clientIp, E_USER_WARNING); + + if($ip_silent == false){ + fm_set_msg('Access denied. IP restriction applicable', 'error'); + fm_show_header_login(); + fm_show_message(); + } + + exit(); + } +} + +// Auth +if ($use_auth) { + if (isset($_SESSION[FM_SESSION_ID]['logged'], $auth_users[$_SESSION[FM_SESSION_ID]['logged']])) { + // Logged + } elseif (isset($_POST['fm_usr'], $_POST['fm_pwd'])) { + // Logging In + sleep(1); + if(function_exists('password_verify')) { + if (isset($auth_users[$_POST['fm_usr']]) && isset($_POST['fm_pwd']) && password_verify($_POST['fm_pwd'], $auth_users[$_POST['fm_usr']])) { + $_SESSION[FM_SESSION_ID]['logged'] = $_POST['fm_usr']; + fm_set_msg('You are logged in'); + fm_redirect(FM_SELF_URL . '?p='); + } else { + unset($_SESSION[FM_SESSION_ID]['logged']); + fm_set_msg('Login failed. Invalid username or password', 'error'); + fm_redirect(FM_SELF_URL); + } + } else { + fm_set_msg('password_hash not supported, Upgrade PHP version', 'error');; + } + } else { + // Form + unset($_SESSION[FM_SESSION_ID]['logged']); + fm_show_header_login(); + fm_show_message(); + ?> +
+
+
+
+
+ + + + + + +
+
+

+
+
+
+ +
+
+
+ —— © + CCP Programmers —— +
+
+
+
+
+ + Root path \"{$root_path}\" not found!"; + exit; +} + +defined('FM_SHOW_HIDDEN') || define('FM_SHOW_HIDDEN', $show_hidden_files); +defined('FM_ROOT_PATH') || define('FM_ROOT_PATH', $root_path); +defined('FM_LANG') || define('FM_LANG', $lang); +defined('FM_EXTENSION') || define('FM_EXTENSION', $allowed_extensions); +define('FM_READONLY', $use_auth && !empty($readonly_users) && isset($_SESSION[FM_SESSION_ID]['logged']) && in_array($_SESSION[FM_SESSION_ID]['logged'], $readonly_users)); +define('FM_IS_WIN', DIRECTORY_SEPARATOR == '\\'); + +// always use ?p= +if (!isset($_GET['p']) && empty($_FILES)) { + fm_redirect(FM_SELF_URL . '?p='); +} + +// get path +$p = isset($_GET['p']) ? $_GET['p'] : (isset($_POST['p']) ? $_POST['p'] : ''); + +// clean path +$p = fm_clean_path($p); + +// for ajax request - save +$input = file_get_contents('php://input'); +$_POST = (strpos($input, 'ajax') != FALSE && strpos($input, 'save') != FALSE) ? json_decode($input, true) : $_POST; + +// instead globals vars +define('FM_PATH', $p); +define('FM_USE_AUTH', $use_auth); +define('FM_EDIT_FILE', $edit_files); +defined('FM_ICONV_INPUT_ENC') || define('FM_ICONV_INPUT_ENC', $iconv_input_encoding); +defined('FM_USE_HIGHLIGHTJS') || define('FM_USE_HIGHLIGHTJS', $use_highlightjs); +defined('FM_HIGHLIGHTJS_STYLE') || define('FM_HIGHLIGHTJS_STYLE', $highlightjs_style); +defined('FM_DATETIME_FORMAT') || define('FM_DATETIME_FORMAT', $datetime_format); + +unset($p, $use_auth, $iconv_input_encoding, $use_highlightjs, $highlightjs_style); + +/*************************** ACTIONS ***************************/ + +// AJAX Request +if (isset($_POST['ajax']) && !FM_READONLY) { + + // save + if (isset($_POST['type']) && $_POST['type'] == "save") { + // get current path + $path = FM_ROOT_PATH; + if (FM_PATH != '') { + $path .= '/' . FM_PATH; + } + // check path + if (!is_dir($path)) { + fm_redirect(FM_SELF_URL . '?p='); + } + $file = $_GET['edit']; + $file = fm_clean_path($file); + $file = str_replace('/', '', $file); + if ($file == '' || !is_file($path . '/' . $file)) { + fm_set_msg('File not found', 'error'); + fm_redirect(FM_SELF_URL . '?p=' . urlencode(FM_PATH)); + } + header('X-XSS-Protection:0'); + $file_path = $path . '/' . $file; + + $writedata = $_POST['content']; + $fd = fopen($file_path, "w"); + @fwrite($fd, $writedata); + fclose($fd); + fm_set_msg('successful save!', 'alert'); + die(true); + } + + // backup files + if (isset($_POST['type']) && $_POST['type'] == "backup") { + $file = $_POST['file']; + $path = $_POST['path']; + $date = date("dMy-His"); + $newFile = $file . '-' . $date . '.bak'; + copy($path . '/' . $file, $path . '/' . $newFile) or die("Unable to backup"); + echo "Backup $newFile Created"; + } + + // Save Config + if (isset($_POST['type']) && $_POST['type'] == "settings") { + global $cfg, $lang, $report_errors, $show_hidden_files, $lang_list, $hide_Cols, $calc_folder; + $newLng = $_POST['js-language']; + fm_get_translations([]); + if (!array_key_exists($newLng, $lang_list)) { + $newLng = 'en'; + } + + $erp = isset($_POST['js-error-report']) && $_POST['js-error-report'] == "true" ? true : false; + $shf = isset($_POST['js-show-hidden']) && $_POST['js-show-hidden'] == "true" ? true : false; + $hco = isset($_POST['js-hide-cols']) && $_POST['js-hide-cols'] == "true" ? true : false; + $caf = isset($_POST['js-calc-folder']) && $_POST['js-calc-folder'] == "true" ? true : false; + + if ($cfg->data['lang'] != $newLng) { + $cfg->data['lang'] = $newLng; + $lang = $newLng; + } + if ($cfg->data['error_reporting'] != $erp) { + $cfg->data['error_reporting'] = $erp; + $report_errors = $erp; + } + if ($cfg->data['show_hidden'] != $shf) { + $cfg->data['show_hidden'] = $shf; + $show_hidden_files = $shf; + } + if ($cfg->data['show_hidden'] != $shf) { + $cfg->data['show_hidden'] = $shf; + $show_hidden_files = $shf; + } + if ($cfg->data['hide_Cols'] != $hco) { + $cfg->data['hide_Cols'] = $hco; + $hide_Cols = $hco; + } + if ($cfg->data['calc_folder'] != $caf) { + $cfg->data['calc_folder'] = $caf; + $calc_folder = $caf; + } + $cfg->save(); + echo true; + } + + // new password hash + if (isset($_POST['type']) && $_POST['type'] == "pwdhash") { + $res = isset($_POST['inputPassword2']) && !empty($_POST['inputPassword2']) ? password_hash($_POST['inputPassword2'], PASSWORD_DEFAULT) : ''; + echo $res; + } + + //upload using url + if(isset($_POST['type']) && $_POST['type'] == "upload" && !empty($_REQUEST["uploadurl"])) { + $path = FM_ROOT_PATH; + if (FM_PATH != '') { + $path .= '/' . FM_PATH; + } + + $url = !empty($_REQUEST["uploadurl"]) && preg_match("|^http(s)?://.+$|", stripslashes($_REQUEST["uploadurl"])) ? stripslashes($_REQUEST["uploadurl"]) : null; + $use_curl = false; + $temp_file = tempnam(sys_get_temp_dir(), "upload-"); + $fileinfo = new stdClass(); + $fileinfo->name = trim(basename($url), ".\x00..\x20"); + + function event_callback ($message) { + global $callback; + echo json_encode($message); + } + + function get_file_path () { + global $path, $fileinfo, $temp_file; + return $path."/".basename($fileinfo->name); + } + + $err = false; + if (!$url) { + $success = false; + } else if ($use_curl) { + @$fp = fopen($temp_file, "w"); + @$ch = curl_init($url); + curl_setopt($ch, CURLOPT_NOPROGRESS, false ); + curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true); + curl_setopt($ch, CURLOPT_FILE, $fp); + @$success = curl_exec($ch); + $curl_info = curl_getinfo($ch); + if (!$success) { + $err = array("message" => curl_error($ch)); + } + @curl_close($ch); + fclose($fp); + $fileinfo->size = $curl_info["size_download"]; + $fileinfo->type = $curl_info["content_type"]; + } else { + $ctx = stream_context_create(); + @$success = copy($url, $temp_file, $ctx); + if (!$success) { + $err = error_get_last(); + } + } + + if ($success) { + $success = rename($temp_file, get_file_path()); + } + + if ($success) { + event_callback(array("done" => $fileinfo)); + } else { + unlink($temp_file); + if (!$err) { + $err = array("message" => "Invalid url parameter"); + } + event_callback(array("fail" => $err)); + } + } + + exit(); +} + +// Delete file / folder +if (isset($_GET['del']) && !FM_READONLY) { + $del = str_replace( '/', '', fm_clean_path( $_GET['del'] ) ); + if ($del != '' && $del != '..' && $del != '.') { + $path = FM_ROOT_PATH; + if (FM_PATH != '') { + $path .= '/' . FM_PATH; + } + $is_dir = is_dir($path . '/' . $del); + if (fm_rdelete($path . '/' . $del)) { + $msg = $is_dir ? 'Folder %s deleted' : 'File %s deleted'; + fm_set_msg(sprintf($msg, fm_enc($del))); + } else { + $msg = $is_dir ? 'Folder %s not deleted' : 'File %s not deleted'; + fm_set_msg(sprintf($msg, fm_enc($del)), 'error'); + } + } else { + fm_set_msg('Wrong file or folder name', 'error'); + } + fm_redirect(FM_SELF_URL . '?p=' . urlencode(FM_PATH)); +} + +// Create folder +if (isset($_GET['new']) && isset($_GET['type']) && !FM_READONLY) { + $type = $_GET['type']; + $new = str_replace( '/', '', fm_clean_path( strip_tags( $_GET['new'] ) ) ); + if ($new != '' && $new != '..' && $new != '.') { + $path = FM_ROOT_PATH; + if (FM_PATH != '') { + $path .= '/' . FM_PATH; + } + if ($_GET['type'] == "file") { + if (!file_exists($path . '/' . $new)) { + @fopen($path . '/' . $new, 'w') or die('Cannot open file: ' . $new); + fm_set_msg(sprintf('File %s created', fm_enc($new))); + } else { + fm_set_msg(sprintf('File %s already exists', fm_enc($new)), 'alert'); + } + } else { + if (fm_mkdir($path . '/' . $new, false) === true) { + fm_set_msg(sprintf('Folder %s created', $new)); + } elseif (fm_mkdir($path . '/' . $new, false) === $path . '/' . $new) { + fm_set_msg(sprintf('Folder %s already exists', fm_enc($new)), 'alert'); + } else { + fm_set_msg(sprintf('Folder %s not created', fm_enc($new)), 'error'); + } + } + } else { + fm_set_msg('Wrong folder name', 'error'); + } + fm_redirect(FM_SELF_URL . '?p=' . urlencode(FM_PATH)); +} + +// Copy folder / file +if (isset($_GET['copy'], $_GET['finish']) && !FM_READONLY) { + // from + $copy = $_GET['copy']; + $copy = fm_clean_path($copy); + // empty path + if ($copy == '') { + fm_set_msg('Source path not defined', 'error'); + fm_redirect(FM_SELF_URL . '?p=' . urlencode(FM_PATH)); + } + // abs path from + $from = FM_ROOT_PATH . '/' . $copy; + // abs path to + $dest = FM_ROOT_PATH; + if (FM_PATH != '') { + $dest .= '/' . FM_PATH; + } + $dest .= '/' . basename($from); + // move? + $move = isset($_GET['move']); + // copy/move + if ($from != $dest) { + $msg_from = trim(FM_PATH . '/' . basename($from), '/'); + if ($move) { + $rename = fm_rename($from, $dest); + if ($rename) { + fm_set_msg(sprintf('Moved from %s to %s', fm_enc($copy), fm_enc($msg_from))); + } elseif ($rename === null) { + fm_set_msg('File or folder with this path already exists', 'alert'); + } else { + fm_set_msg(sprintf('Error while moving from %s to %s', fm_enc($copy), fm_enc($msg_from)), 'error'); + } + } else { + if (fm_rcopy($from, $dest)) { + fm_set_msg(sprintf('Copied from %s to %s', fm_enc($copy), fm_enc($msg_from))); + } else { + fm_set_msg(sprintf('Error while copying from %s to %s', fm_enc($copy), fm_enc($msg_from)), 'error'); + } + } + } else { + fm_set_msg('Paths must be not equal', 'alert'); + } + fm_redirect(FM_SELF_URL . '?p=' . urlencode(FM_PATH)); +} + +// Mass copy files/ folders +if (isset($_POST['file'], $_POST['copy_to'], $_POST['finish']) && !FM_READONLY) { + // from + $path = FM_ROOT_PATH; + if (FM_PATH != '') { + $path .= '/' . FM_PATH; + } + // to + $copy_to_path = FM_ROOT_PATH; + $copy_to = fm_clean_path($_POST['copy_to']); + if ($copy_to != '') { + $copy_to_path .= '/' . $copy_to; + } + if ($path == $copy_to_path) { + fm_set_msg('Paths must be not equal', 'alert'); + fm_redirect(FM_SELF_URL . '?p=' . urlencode(FM_PATH)); + } + if (!is_dir($copy_to_path)) { + if (!fm_mkdir($copy_to_path, true)) { + fm_set_msg('Unable to create destination folder', 'error'); + fm_redirect(FM_SELF_URL . '?p=' . urlencode(FM_PATH)); + } + } + // move? + $move = isset($_POST['move']); + // copy/move + $errors = 0; + $files = $_POST['file']; + if (is_array($files) && count($files)) { + foreach ($files as $f) { + if ($f != '') { + // abs path from + $from = $path . '/' . $f; + // abs path to + $dest = $copy_to_path . '/' . $f; + // do + if ($move) { + $rename = fm_rename($from, $dest); + if ($rename === false) { + $errors++; + } + } else { + if (!fm_rcopy($from, $dest)) { + $errors++; + } + } + } + } + if ($errors == 0) { + $msg = $move ? 'Selected files and folders moved' : 'Selected files and folders copied'; + fm_set_msg($msg); + } else { + $msg = $move ? 'Error while moving items' : 'Error while copying items'; + fm_set_msg($msg, 'error'); + } + } else { + fm_set_msg('Nothing selected', 'alert'); + } + fm_redirect(FM_SELF_URL . '?p=' . urlencode(FM_PATH)); +} + +// Rename +if (isset($_GET['ren'], $_GET['to']) && !FM_READONLY) { + // old name + $old = $_GET['ren']; + $old = fm_clean_path($old); + $old = str_replace('/', '', $old); + // new name + $new = $_GET['to']; + $new = fm_clean_path(strip_tags($new)); + $new = str_replace('/', '', $new); + // path + $path = FM_ROOT_PATH; + if (FM_PATH != '') { + $path .= '/' . FM_PATH; + } + // rename + if ($old != '' && $new != '') { + if (fm_rename($path . '/' . $old, $path . '/' . $new)) { + fm_set_msg(sprintf('Renamed from %s to %s', fm_enc($old), fm_enc($new))); + } else { + fm_set_msg(sprintf('Error while renaming from %s to %s', fm_enc($old), fm_enc($new)), 'error'); + } + } else { + fm_set_msg('Names not set', 'error'); + } + fm_redirect(FM_SELF_URL . '?p=' . urlencode(FM_PATH)); +} + +// Download +if (isset($_GET['dl'])) { + $dl = $_GET['dl']; + $dl = fm_clean_path($dl); + $dl = str_replace('/', '', $dl); + $path = FM_ROOT_PATH; + if (FM_PATH != '') { + $path .= '/' . FM_PATH; + } + if ($dl != '' && is_file($path . '/' . $dl)) { + header('Content-Description: File Transfer'); + header('Content-Type: application/octet-stream'); + header('Content-Disposition: attachment; filename="' . basename($path . '/' . $dl) . '"'); + header('Content-Transfer-Encoding: binary'); + header('Connection: Keep-Alive'); + header('Expires: 0'); + header('Cache-Control: must-revalidate, post-check=0, pre-check=0'); + header('Pragma: public'); + header('Content-Length: ' . filesize($path . '/' . $dl)); + ob_end_clean(); + readfile($path . '/' . $dl); + exit; + } else { + fm_set_msg('File not found', 'error'); + fm_redirect(FM_SELF_URL . '?p=' . urlencode(FM_PATH)); + } +} + +// Upload +if (!empty($_FILES) && !FM_READONLY) { + $override_file_name = false; + $f = $_FILES; + $path = FM_ROOT_PATH; + $ds = DIRECTORY_SEPARATOR; + if (FM_PATH != '') { + $path .= '/' . FM_PATH; + } + + $errors = 0; + $uploads = 0; + $allowed = (FM_EXTENSION) ? explode(',', FM_EXTENSION) : false; + + $filename = $f['file']['name']; + $tmp_name = $f['file']['tmp_name']; + $ext = strtolower(pathinfo($filename, PATHINFO_EXTENSION)); + $isFileAllowed = ($allowed) ? in_array($ext, $allowed) : true; + + $targetPath = $path . $ds; + $fullPath = $path . '/' . $_REQUEST['fullpath']; + $folder = substr($fullPath, 0, strrpos($fullPath, "/")); + + if(file_exists ($fullPath) && !$override_file_name) { + $ext_1 = $ext ? '.'.$ext : ''; + $fullPath = str_replace($ext_1, '', $fullPath) .'_'. date('ymdHis'). $ext_1; + } + + if (!is_dir($folder)) { + $old = umask(0); + mkdir($folder, 0777, true); + umask($old); + } + + if (empty($f['file']['error']) && !empty($tmp_name) && $tmp_name != 'none' && $isFileAllowed) { + if (move_uploaded_file($tmp_name, $fullPath)) { + die('Successfully uploaded'); + } else { + die(sprintf('Error while uploading files. Uploaded files: %s', $uploads)); + } + } + exit(); +} + +// Mass deleting +if (isset($_POST['group'], $_POST['delete']) && !FM_READONLY) { + $path = FM_ROOT_PATH; + if (FM_PATH != '') { + $path .= '/' . FM_PATH; + } + + $errors = 0; + $files = $_POST['file']; + if (is_array($files) && count($files)) { + foreach ($files as $f) { + if ($f != '') { + $new_path = $path . '/' . $f; + if (!fm_rdelete($new_path)) { + $errors++; + } + } + } + if ($errors == 0) { + fm_set_msg('Selected files and folder deleted'); + } else { + fm_set_msg('Error while deleting items', 'error'); + } + } else { + fm_set_msg('Nothing selected', 'alert'); + } + + fm_redirect(FM_SELF_URL . '?p=' . urlencode(FM_PATH)); +} + +// Pack files +if (isset($_POST['group']) && (isset($_POST['zip']) || isset($_POST['tar'])) && !FM_READONLY) { + $path = FM_ROOT_PATH; + $ext = 'zip'; + if (FM_PATH != '') { + $path .= '/' . FM_PATH; + } + + //set pack type + $ext = isset($_POST['tar']) ? 'tar' : 'zip'; + + + if (($ext == "zip" && !class_exists('ZipArchive')) || ($ext == "tar" && !class_exists('PharData'))) { + fm_set_msg('Operations with archives are not available', 'error'); + fm_redirect(FM_SELF_URL . '?p=' . urlencode(FM_PATH)); + } + + $files = $_POST['file']; + if (!empty($files)) { + chdir($path); + + if (count($files) == 1) { + $one_file = reset($files); + $one_file = basename($one_file); + $zipname = $one_file . '_' . date('ymd_His') . '.'.$ext; + } else { + $zipname = 'archive_' . date('ymd_His') . '.'.$ext; + } + + if($ext == 'zip') { + $zipper = new FM_Zipper(); + $res = $zipper->create($zipname, $files); + } elseif ($ext == 'tar') { + $tar = new FM_Zipper_Tar(); + $res = $tar->create($zipname, $files); + } + + if ($res) { + fm_set_msg(sprintf('Archive %s created', fm_enc($zipname))); + } else { + fm_set_msg('Archive not created', 'error'); + } + } else { + fm_set_msg('Nothing selected', 'alert'); + } + + fm_redirect(FM_SELF_URL . '?p=' . urlencode(FM_PATH)); +} + +// Unpack +if (isset($_GET['unzip']) && !FM_READONLY) { + $unzip = $_GET['unzip']; + $unzip = fm_clean_path($unzip); + $unzip = str_replace('/', '', $unzip); + $isValid = false; + + $path = FM_ROOT_PATH; + if (FM_PATH != '') { + $path .= '/' . FM_PATH; + } + + if ($unzip != '' && is_file($path . '/' . $unzip)) { + $zip_path = $path . '/' . $unzip; + $ext = pathinfo($zip_path, PATHINFO_EXTENSION); + $isValid = true; + } else { + fm_set_msg('File not found', 'error'); + } + + + if (($ext == "zip" && !class_exists('ZipArchive')) || ($ext == "tar" && !class_exists('PharData'))) { + fm_set_msg('Operations with archives are not available', 'error'); + fm_redirect(FM_SELF_URL . '?p=' . urlencode(FM_PATH)); + } + + if ($isValid) { + //to folder + $tofolder = ''; + if (isset($_GET['tofolder'])) { + $tofolder = pathinfo($zip_path, PATHINFO_FILENAME); + if (fm_mkdir($path . '/' . $tofolder, true)) { + $path .= '/' . $tofolder; + } + } + + if($ext == "zip") { + $zipper = new FM_Zipper(); + $res = $zipper->unzip($zip_path, $path); + } elseif ($ext == "tar") { + $gzipper = new PharData($zip_path); + $res = $gzipper->extractTo($path); + } + + if ($res) { + fm_set_msg('Archive unpacked'); + } else { + fm_set_msg('Archive not unpacked', 'error'); + } + + } else { + fm_set_msg('File not found', 'error'); + } + fm_redirect(FM_SELF_URL . '?p=' . urlencode(FM_PATH)); +} + +// Change Perms (not for Windows) +if (isset($_POST['chmod']) && !FM_READONLY && !FM_IS_WIN) { + $path = FM_ROOT_PATH; + if (FM_PATH != '') { + $path .= '/' . FM_PATH; + } + + $file = $_POST['chmod']; + $file = fm_clean_path($file); + $file = str_replace('/', '', $file); + if ($file == '' || (!is_file($path . '/' . $file) && !is_dir($path . '/' . $file))) { + fm_set_msg('File not found', 'error'); + fm_redirect(FM_SELF_URL . '?p=' . urlencode(FM_PATH)); + } + + $mode = 0; + if (!empty($_POST['ur'])) { + $mode |= 0400; + } + if (!empty($_POST['uw'])) { + $mode |= 0200; + } + if (!empty($_POST['ux'])) { + $mode |= 0100; + } + if (!empty($_POST['gr'])) { + $mode |= 0040; + } + if (!empty($_POST['gw'])) { + $mode |= 0020; + } + if (!empty($_POST['gx'])) { + $mode |= 0010; + } + if (!empty($_POST['or'])) { + $mode |= 0004; + } + if (!empty($_POST['ow'])) { + $mode |= 0002; + } + if (!empty($_POST['ox'])) { + $mode |= 0001; + } + + if (@chmod($path . '/' . $file, $mode)) { + fm_set_msg('Permissions changed'); + } else { + fm_set_msg('Permissions not changed', 'error'); + } + + fm_redirect(FM_SELF_URL . '?p=' . urlencode(FM_PATH)); +} + +/*************************** /ACTIONS ***************************/ + +// get current path +$path = FM_ROOT_PATH; +if (FM_PATH != '') { + $path .= '/' . FM_PATH; +} + +// check path +if (!is_dir($path)) { + fm_redirect(FM_SELF_URL . '?p='); +} + +// get parent folder +$parent = fm_get_parent_path(FM_PATH); + +$objects = is_readable($path) ? scandir($path) : array(); +$folders = array(); +$files = array(); +if (is_array($objects)) { + foreach ($objects as $file) { + if ($file == '.' || $file == '..' && in_array($file, $GLOBALS['exclude_items'])) { + continue; + } + if (!FM_SHOW_HIDDEN && substr($file, 0, 1) === '.') { + continue; + } + $new_path = $path . '/' . $file; + if (@is_file($new_path) && !in_array($file, $GLOBALS['exclude_items'])) { + $files[] = $file; + } elseif (@is_dir($new_path) && $file != '.' && $file != '..' && !in_array($file, $GLOBALS['exclude_items'])) { + $folders[] = $file; + } + } +} + +if (!empty($files)) { + natcasesort($files); +} +if (!empty($folders)) { + natcasesort($folders); +} + +// upload form +if (isset($_GET['upload']) && !FM_READONLY) { + fm_show_header(); // HEADER + fm_show_nav_path(FM_PATH); // current path + ?> + + +
+ +
+
+ +
+
+

+ + : +

+ +
+
+
+
+
+
+
+ + + + +
+
+
+
+
+
+
+ + + ' . PHP_EOL; + } + ?> +

: , ', $copy_files) ?>

+

:
+ + / +

+

+

+   + +

+ +
+
+
+ +
+

Copying

+

+ Source path:
+ Destination folder: +

+

+ Copy   + Move   + Cancel +

+

Select folder

+ +
+ + +
+
+
+ + +
+
+
+ +
+ +
+ +
+
+ +
+ +
+
+ + +
+
+
+ +
+ +
+
+ + +
+
+
+ +
+ +
+
+ + +
+
+
+ +
+ +
+
+ + +
+
+
+ +
+
+ +
+
+ +
+
+
+
+ + +
+
+
+ + +
+
+
+
+

Tiny File Manager

+

Author: Prasath Mani

+

Mail Us: ccpprogrammers[at]gmail.com

+
+
+
+ +
+
+
+ +
+
+
+ +
+
+ +

""

+

+ Full path:
+ File + size: = 1000): ?> () +
+ MIME-type:
+ + Files in archive:
+ Total size:
+ Size in archive:
+ Compression: %
+ '; + } + // Text info + if ($is_text) { + $is_utf8 = fm_is_utf8($content); + if (function_exists('iconv')) { + if (!$is_utf8) { + $content = iconv(FM_ICONV_INPUT_ENC, 'UTF-8//IGNORE', $content); + } + } + echo 'Charset: ' . ($is_utf8 ? 'utf-8' : '8 bit') . '
'; + } + ?> +

+

+   + +   + +   + +   + + +   + +   + + +

+ '; + } else if($online_viewer == 'microsoft') { + echo ''; + } + } elseif ($is_zip) { + // ZIP content + if ($filenames !== false) { + echo ''; + foreach ($filenames as $fn) { + if ($fn['folder']) { + echo '' . fm_enc($fn['name']) . '
'; + } else { + echo $fn['name'] . ' (' . fm_get_filesize($fn['filesize']) . ')
'; + } + } + echo ''; + } else { + echo '

Error while fetching archive info

'; + } + } elseif ($is_image) { + // Image content + if (in_array($ext, array('gif', 'jpg', 'jpeg', 'png', 'bmp', 'ico', 'svg'))) { + echo '

'; + } + } elseif ($is_audio) { + // Audio content + echo '

'; + } elseif ($is_video) { + // Video content + echo '
'; + } elseif ($is_text) { + if (FM_USE_HIGHLIGHTJS) { + // highlight + $hljs_classes = array( + 'shtml' => 'xml', + 'htaccess' => 'apache', + 'phtml' => 'php', + 'lock' => 'json', + 'svg' => 'xml', + ); + $hljs_class = isset($hljs_classes[$ext]) ? 'lang-' . $hljs_classes[$ext] : 'lang-' . $ext; + if (empty($ext) || in_array(strtolower($file), fm_get_text_names()) || preg_match('#\.min\.(css|js)$#i', $file)) { + $hljs_class = 'nohighlight'; + } + $content = '
' . fm_enc($content) . '
'; + } elseif (in_array($ext, array('php', 'php4', 'php5', 'phtml', 'phps'))) { + // php highlight + $content = highlight_string($content, true); + } else { + $content = '
' . fm_enc($content) . '
'; + } + echo $content; + } + ?> +
+
+ +
+
+
+ +
+
+ + + + + + + + + + + +
+
+ ' . htmlspecialchars($content) . ''; + } elseif ($is_text) { + echo '
' . htmlspecialchars($content) . '
'; + } else { + fm_set_msg('FILE EXTENSION HAS NOT SUPPORTED', 'error'); + } + ?> +
+ +
+
+
+ +
+
+

+ Full path:
+

+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + +
+ +

+   + +

+
+
+
+
+ +
+ + +
+ + + + + + + + + + + + + + + + + + + + + + + + + + + '?'); + $group = array('name' => '?'); + } + ?> + + + + + + + + + + + + + '?'); + $group = array('name' => '?'); + } + ?> + + + + + + + + + + + + + + + + + + + + + + + + + + + +
+
+ + +
+
..
+
+ + +
+ 		+
+ ' . readlink($path . '/' . $f) . '' : '') ?>
+ 		+ + + + + + +
+
+ + +
+ 		+
+ ' . readlink($path . '/' . $f) . '' : '') ?>
+ 		+ + + + + + + + + + + +
+ '.fm_get_filesize($all_files_size).'' ?> + '.$num_files.'' ?> + '.$num_folders.'' ?> + '.fm_get_filesize(@memory_get_usage(true)).'' ?> + '.fm_get_filesize(@disk_free_space($path)) .' '.lng('FreeOf').' '.fm_get_filesize(@disk_total_space($path)).''; ?> +
+
+ +
+ +
+ +
+
Tiny File Manager
+ +
Tiny File Manager
+ +
+ +
+ += $time1 && $upd) { + return false; + } + } + $ok = copy($f1, $f2); + if ($ok) { + touch($f2, $time1); + } + return $ok; +} + +/** + * Get mime type + * @param string $file_path + * @return mixed|string + */ +function fm_get_mime_type($file_path) +{ + if (function_exists('finfo_open')) { + $finfo = finfo_open(FILEINFO_MIME_TYPE); + $mime = finfo_file($finfo, $file_path); + finfo_close($finfo); + return $mime; + } elseif (function_exists('mime_content_type')) { + return mime_content_type($file_path); + } elseif (!stristr(ini_get('disable_functions'), 'shell_exec')) { + $file = escapeshellarg($file_path); + $mime = shell_exec('file -bi ' . $file); + return $mime; + } else { + return '--'; + } +} + +/** + * HTTP Redirect + * @param string $url + * @param int $code + */ +function fm_redirect($url, $code = 302) +{ + header('Location: ' . $url, true, $code); + exit; +} + +/** + * Path traversal prevention and clean the url + * It replaces (consecutive) occurrences of / and \\ with whatever is in DIRECTORY_SEPARATOR, and processes /. and /.. fine. + * @param $path + * @return string + */ +function get_absolute_path($path) { + $path = str_replace(array('/', '\\'), DIRECTORY_SEPARATOR, $path); + $parts = array_filter(explode(DIRECTORY_SEPARATOR, $path), 'strlen'); + $absolutes = array(); + foreach ($parts as $part) { + if ('.' == $part) continue; + if ('..' == $part) { + array_pop($absolutes); + } else { + $absolutes[] = $part; + } + } + return implode(DIRECTORY_SEPARATOR, $absolutes); +} + +/** + * Clean path + * @param string $path + * @return string + */ +function fm_clean_path($path, $trim = true) +{ + $path = $trim ? trim($path) : $path; + $path = trim($path, '\\/'); + $path = str_replace(array('../', '..\\'), '', $path); + $path = get_absolute_path($path); + if ($path == '..') { + $path = ''; + } + return str_replace('\\', '/', $path); +} + +/** + * Get parent path + * @param string $path + * @return bool|string + */ +function fm_get_parent_path($path) +{ + $path = fm_clean_path($path); + if ($path != '') { + $array = explode('/', $path); + if (count($array) > 1) { + $array = array_slice($array, 0, -1); + return implode('/', $array); + } + return ''; + } + return false; +} + +/* + * get language translations from json file + * @param int $tr + * @return array + */ +function fm_get_translations($tr) { + try { + $content = @file_get_contents('translation.json'); + if($content !== FALSE) { + $lng = json_decode($content, TRUE); + global $lang_list; + foreach ($lng["language"] as $key => $value) + { + $code = $value["code"]; + $lang_list[$code] = $value["name"]; + if ($tr) + $tr[$code] = $value["translation"]; + } + return $tr; + } + + } + catch (Exception $e) { + echo $e; + } +} + +/** + * @param $file + * Recover all file sizes larger than > 2GB. + * Works on php 32bits and 64bits and supports linux + * @return int|string + */ +function fm_get_size($file) +{ + static $iswin; + if (!isset($iswin)) { + $iswin = (strtoupper(substr(PHP_OS, 0, 3)) == 'WIN'); + } + + static $exec_works; + if (!isset($exec_works)) { + $exec_works = (function_exists('exec') && !ini_get('safe_mode') && @exec('echo EXEC') == 'EXEC'); + } + + // try a shell command + if ($exec_works) { + $cmd = ($iswin) ? "for %F in (\"$file\") do @echo %~zF" : "stat -c%s \"$file\""; + @exec($cmd, $output); + if (is_array($output) && ctype_digit($size = trim(implode("\n", $output)))) { + return $size; + } + } + + // try the Windows COM interface + if ($iswin && class_exists("COM")) { + try { + $fsobj = new COM('Scripting.FileSystemObject'); + $f = $fsobj->GetFile( realpath($file) ); + $size = $f->Size; + } catch (Exception $e) { + $size = null; + } + if (ctype_digit($size)) { + return $size; + } + } + + // if all else fails + return filesize($file); +} + +/** + * Get nice filesize + * @param int $size + * @return string + */ +function fm_get_filesize($size) +{ + if ($size < 1000) { + return sprintf('%s B', $size); + } elseif (($size / 1024) < 1000) { + return sprintf('%s KB', round(($size / 1024), 2)); + } elseif (($size / 1024 / 1024) < 1000) { + return sprintf('%s MB', round(($size / 1024 / 1024), 2)); + } elseif (($size / 1024 / 1024 / 1024) < 1000) { + return sprintf('%s GB', round(($size / 1024 / 1024 / 1024), 2)); + } else { + return sprintf('%s TB', round(($size / 1024 / 1024 / 1024 / 1024), 2)); + } +} + +/** + * Get director total size + * @param string $directory + * @return string + */ +function fm_get_directorysize($directory) { + global $calc_folder; + if ($calc_folder==true) { // Slower output + $size = 0; $count= 0; $dirCount= 0; + foreach(new RecursiveIteratorIterator(new RecursiveDirectoryIterator($directory)) as $file) + if ($file->isFile()) + { $size+=$file->getSize(); + $count++; + } + else if ($file->isDir()) { $dirCount++; } + // return [$size, $count, $dirCount]; + return fm_get_filesize($size); + } + else return 'Folder'; // Quick output +} + +/** + * Get info about zip archive + * @param string $path + * @return array|bool + */ +function fm_get_zif_info($path, $ext) { + if ($ext == 'zip' && function_exists('zip_open')) { + $arch = zip_open($path); + if ($arch) { + $filenames = array(); + while ($zip_entry = zip_read($arch)) { + $zip_name = zip_entry_name($zip_entry); + $zip_folder = substr($zip_name, -1) == '/'; + $filenames[] = array( + 'name' => $zip_name, + 'filesize' => zip_entry_filesize($zip_entry), + 'compressed_size' => zip_entry_compressedsize($zip_entry), + 'folder' => $zip_folder + //'compression_method' => zip_entry_compressionmethod($zip_entry), + ); + } + zip_close($arch); + return $filenames; + } + } elseif($ext == 'tar' && class_exists('PharData')) { + $archive = new PharData($path); + $filenames = array(); + foreach(new RecursiveIteratorIterator($archive) as $file) { + $parent_info = $file->getPathInfo(); + $zip_name = str_replace("phar://".$path, '', $file->getPathName()); + $zip_name = substr($zip_name, ($pos = strpos($zip_name, '/')) !== false ? $pos + 1 : 0); + $zip_folder = $parent_info->getFileName(); + $zip_info = new SplFileInfo($file); + $filenames[] = array( + 'name' => $zip_name, + 'filesize' => $zip_info->getSize(), + 'compressed_size' => $file->getCompressedSize(), + 'folder' => $zip_folder + ); + } + return $filenames; + } + return false; +} + +/** + * Encode html entities + * @param string $text + * @return string + */ +function fm_enc($text) +{ + return htmlspecialchars($text, ENT_QUOTES, 'UTF-8'); +} + +/** + * Save message in session + * @param string $msg + * @param string $status + */ +function fm_set_msg($msg, $status = 'ok') +{ + $_SESSION[FM_SESSION_ID]['message'] = $msg; + $_SESSION[FM_SESSION_ID]['status'] = $status; +} + +/** + * Check if string is in UTF-8 + * @param string $string + * @return int + */ +function fm_is_utf8($string) +{ + return preg_match('//u', $string); +} + +/** + * Convert file name to UTF-8 in Windows + * @param string $filename + * @return string + */ +function fm_convert_win($filename) +{ + if (FM_IS_WIN && function_exists('iconv')) { + $filename = iconv(FM_ICONV_INPUT_ENC, 'UTF-8//IGNORE', $filename); + } + return $filename; +} + +/** + * @param $obj + * @return array + */ +function fm_object_to_array($obj) +{ + if (!is_object($obj) && !is_array($obj)) { + return $obj; + } + if (is_object($obj)) { + $obj = get_object_vars($obj); + } + return array_map('fm_object_to_array', $obj); +} + +/** + * Get CSS classname for file + * @param string $path + * @return string + */ +function fm_get_file_icon_class($path) +{ + // get extension + $ext = strtolower(pathinfo($path, PATHINFO_EXTENSION)); + + switch ($ext) { + case 'ico': + case 'gif': + case 'jpg': + case 'jpeg': + case 'jpc': + case 'jp2': + case 'jpx': + case 'xbm': + case 'wbmp': + case 'png': + case 'bmp': + case 'tif': + case 'tiff': + case 'svg': + $img = 'fa fa-picture-o'; + break; + case 'passwd': + case 'ftpquota': + case 'sql': + case 'js': + case 'json': + case 'sh': + case 'config': + case 'twig': + case 'tpl': + case 'md': + case 'gitignore': + case 'c': + case 'cpp': + case 'cs': + case 'py': + case 'map': + case 'lock': + case 'dtd': + $img = 'fa fa-file-code-o'; + break; + case 'txt': + case 'ini': + case 'conf': + case 'log': + case 'htaccess': + $img = 'fa fa-file-text-o'; + break; + case 'css': + case 'less': + case 'sass': + case 'scss': + $img = 'fa fa-css3'; + break; + case 'zip': + case 'rar': + case 'gz': + case 'tar': + case '7z': + $img = 'fa fa-file-archive-o'; + break; + case 'php': + case 'php4': + case 'php5': + case 'phps': + case 'phtml': + $img = 'fa fa-code'; + break; + case 'htm': + case 'html': + case 'shtml': + case 'xhtml': + $img = 'fa fa-html5'; + break; + case 'xml': + case 'xsl': + $img = 'fa fa-file-excel-o'; + break; + case 'wav': + case 'mp3': + case 'mp2': + case 'm4a': + case 'aac': + case 'ogg': + case 'oga': + case 'wma': + case 'mka': + case 'flac': + case 'ac3': + case 'tds': + $img = 'fa fa-music'; + break; + case 'm3u': + case 'm3u8': + case 'pls': + case 'cue': + $img = 'fa fa-headphones'; + break; + case 'avi': + case 'mpg': + case 'mpeg': + case 'mp4': + case 'm4v': + case 'flv': + case 'f4v': + case 'ogm': + case 'ogv': + case 'mov': + case 'mkv': + case '3gp': + case 'asf': + case 'wmv': + $img = 'fa fa-file-video-o'; + break; + case 'eml': + case 'msg': + $img = 'fa fa-envelope-o'; + break; + case 'xls': + case 'xlsx': + $img = 'fa fa-file-excel-o'; + break; + case 'csv': + $img = 'fa fa-file-text-o'; + break; + case 'bak': + $img = 'fa fa-clipboard'; + break; + case 'doc': + case 'docx': + $img = 'fa fa-file-word-o'; + break; + case 'ppt': + case 'pptx': + $img = 'fa fa-file-powerpoint-o'; + break; + case 'ttf': + case 'ttc': + case 'otf': + case 'woff': + case 'woff2': + case 'eot': + case 'fon': + $img = 'fa fa-font'; + break; + case 'pdf': + $img = 'fa fa-file-pdf-o'; + break; + case 'psd': + case 'ai': + case 'eps': + case 'fla': + case 'swf': + $img = 'fa fa-file-image-o'; + break; + case 'exe': + case 'msi': + $img = 'fa fa-file-o'; + break; + case 'bat': + $img = 'fa fa-terminal'; + break; + default: + $img = 'fa fa-info-circle'; + } + + return $img; +} + +/** + * Get image files extensions + * @return array + */ +function fm_get_image_exts() +{ + return array('ico', 'gif', 'jpg', 'jpeg', 'jpc', 'jp2', 'jpx', 'xbm', 'wbmp', 'png', 'bmp', 'tif', 'tiff', 'psd', 'svg'); +} + +/** + * Get video files extensions + * @return array + */ +function fm_get_video_exts() +{ + return array('webm', 'mp4', 'm4v', 'ogm', 'ogv', 'mov', 'mkv'); +} + +/** + * Get audio files extensions + * @return array + */ +function fm_get_audio_exts() +{ + return array('wav', 'mp3', 'ogg', 'm4a'); +} + +/** + * Get text file extensions + * @return array + */ +function fm_get_text_exts() +{ + return array( + 'txt', 'css', 'ini', 'conf', 'log', 'htaccess', 'passwd', 'ftpquota', 'sql', 'js', 'json', 'sh', 'config', + 'php', 'php4', 'php5', 'phps', 'phtml', 'htm', 'html', 'shtml', 'xhtml', 'xml', 'xsl', 'm3u', 'm3u8', 'pls', 'cue', + 'eml', 'msg', 'csv', 'bat', 'twig', 'tpl', 'md', 'gitignore', 'less', 'sass', 'scss', 'c', 'cpp', 'cs', 'py', + 'map', 'lock', 'dtd', 'svg', 'scss', 'asp', 'aspx', 'asx', 'asmx', 'ashx', 'jsx', 'jsp', 'jspx', 'cfm', 'cgi' + ); +} + +/** + * Get mime types of text files + * @return array + */ +function fm_get_text_mimes() +{ + return array( + 'application/xml', + 'application/javascript', + 'application/x-javascript', + 'image/svg+xml', + 'message/rfc822', + ); +} + +/** + * Get file names of text files w/o extensions + * @return array + */ +function fm_get_text_names() +{ + return array( + 'license', + 'readme', + 'authors', + 'contributors', + 'changelog', + ); +} + +/** + * Get online docs viewer supported files extensions + * @return array + */ +function fm_get_onlineViewer_exts() +{ + return array('doc', 'docx', 'xls', 'xlsx', 'pdf', 'ppt', 'pptx', 'ai', 'psd', 'dxf', 'xps', 'rar'); +} + +/** + * Class to work with zip files (using ZipArchive) + */ +class FM_Zipper +{ + private $zip; + + public function __construct() + { + $this->zip = new ZipArchive(); + } + + /** + * Create archive with name $filename and files $files (RELATIVE PATHS!) + * @param string $filename + * @param array|string $files + * @return bool + */ + public function create($filename, $files) + { + $res = $this->zip->open($filename, ZipArchive::CREATE); + if ($res !== true) { + return false; + } + if (is_array($files)) { + foreach ($files as $f) { + if (!$this->addFileOrDir($f)) { + $this->zip->close(); + return false; + } + } + $this->zip->close(); + return true; + } else { + if ($this->addFileOrDir($files)) { + $this->zip->close(); + return true; + } + return false; + } + } + + /** + * Extract archive $filename to folder $path (RELATIVE OR ABSOLUTE PATHS) + * @param string $filename + * @param string $path + * @return bool + */ + public function unzip($filename, $path) + { + $res = $this->zip->open($filename); + if ($res !== true) { + return false; + } + if ($this->zip->extractTo($path)) { + $this->zip->close(); + return true; + } + return false; + } + + /** + * Add file/folder to archive + * @param string $filename + * @return bool + */ + private function addFileOrDir($filename) + { + if (is_file($filename)) { + return $this->zip->addFile($filename); + } elseif (is_dir($filename)) { + return $this->addDir($filename); + } + return false; + } + + /** + * Add folder recursively + * @param string $path + * @return bool + */ + private function addDir($path) + { + if (!$this->zip->addEmptyDir($path)) { + return false; + } + $objects = scandir($path); + if (is_array($objects)) { + foreach ($objects as $file) { + if ($file != '.' && $file != '..') { + if (is_dir($path . '/' . $file)) { + if (!$this->addDir($path . '/' . $file)) { + return false; + } + } elseif (is_file($path . '/' . $file)) { + if (!$this->zip->addFile($path . '/' . $file)) { + return false; + } + } + } + } + return true; + } + return false; + } +} + +/** + * Class to work with Tar files (using PharData) + */ +class FM_Zipper_Tar +{ + private $tar; + + public function __construct() + { + $this->tar = null; + } + + /** + * Create archive with name $filename and files $files (RELATIVE PATHS!) + * @param string $filename + * @param array|string $files + * @return bool + */ + public function create($filename, $files) + { + $this->tar = new PharData($filename); + if (is_array($files)) { + foreach ($files as $f) { + if (!$this->addFileOrDir($f)) { + return false; + } + } + return true; + } else { + if ($this->addFileOrDir($files)) { + return true; + } + return false; + } + } + + /** + * Extract archive $filename to folder $path (RELATIVE OR ABSOLUTE PATHS) + * @param string $filename + * @param string $path + * @return bool + */ + public function unzip($filename, $path) + { + $res = $this->tar->open($filename); + if ($res !== true) { + return false; + } + if ($this->tar->extractTo($path)) { + return true; + } + return false; + } + + /** + * Add file/folder to archive + * @param string $filename + * @return bool + */ + private function addFileOrDir($filename) + { + if (is_file($filename)) { + return $this->tar->addFile($filename); + } elseif (is_dir($filename)) { + return $this->addDir($filename); + } + return false; + } + + /** + * Add folder recursively + * @param string $path + * @return bool + */ + private function addDir($path) + { + $objects = scandir($path); + if (is_array($objects)) { + foreach ($objects as $file) { + if ($file != '.' && $file != '..') { + if (is_dir($path . '/' . $file)) { + if (!$this->addDir($path . '/' . $file)) { + return false; + } + } elseif (is_file($path . '/' . $file)) { + try { + $this->tar->addFile($path . '/' . $file); + } catch (Exception $e) { + return false; + } + } + } + } + return true; + } + return false; + } +} + + + +/** + * Save Configuration + */ + class FM_Config +{ + var $data; + + function __construct() + { + global $root_path, $root_url, $CONFIG; + $fm_url = $root_url.$_SERVER["PHP_SELF"]; + $this->data = array( + 'lang' => 'en', + 'error_reporting' => true, + 'show_hidden' => true + ); + $data = false; + if (strlen($CONFIG)) { + $data = fm_object_to_array(json_decode($CONFIG)); + } else { + $msg = 'Tiny File Manager
Error: Cannot load configuration'; + if (substr($fm_url, -1) == '/') { + $fm_url = rtrim($fm_url, '/'); + $msg .= '
'; + $msg .= '
Seems like you have a trailing slash on the URL.'; + $msg .= '
Try this link: ' . $fm_url . ''; + } + die($msg); + } + if (is_array($data) && count($data)) $this->data = $data; + else $this->save(); + } + + function save() + { + global $root_path; + $fm_file = $root_path.$_SERVER["PHP_SELF"]; + $var_name = '$CONFIG'; + $var_value = var_export(json_encode($this->data), true); + $config_string = " + + ' . $_SESSION[FM_SESSION_ID]['message'] . '

'; + unset($_SESSION[FM_SESSION_ID]['message']); + unset($_SESSION[FM_SESSION_ID]['status']); + } +} + +/** + * Show page header in Login Form + */ +function fm_show_header_login() +{ +$sprites_ver = '20160315'; +header("Content-Type: text/html; charset=utf-8"); +header("Expires: Sat, 26 Jul 1997 05:00:00 GMT"); +header("Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0"); +header("Pragma: no-cache"); + +global $lang, $root_url, $favicon_path; +?> + + + + + + + + + + + <?php echo fm_enc(APP_TITLE) ?> + + + + +
+ + +
+ + + + + + + + + + + + + + + + <?php echo fm_enc(APP_TITLE) ?> + + + + + + + + + +
+ + + + + + + + +
+ + + + + + + + + + + + + + + + 'Qk04AgAAAAAAADYAAAAoAAAAEAAAABAAAAABABAAAAAAAAICAAASCwAAEgsAAAAAAAAAAAAAIQQhBCEEIQQhBCEEIQQhBCEEIQ + QhBCEEIQQhBCEEIQQhBCEEIQQhBHNO3n/ef95/vXetNSEEIQQhBCEEIQQhBCEEIQQhBCEEc07ef95/3n/ef95/1lohBCEEIQQhBCEEIQQhBCEEIQ + RzTt5/3n8hBDFG3n/efyEEIQQhBCEEIQQhBCEEIQQhBHNO3n/efyEEMUbef95/IQQhBCEEIQQhBCEEIQQhBCEErTVzTnNOIQQxRt5/3n8hBCEEIQ + QhBCEEIQQhBCEEIQQhBCEEIQQhBDFG3n/efyEEIQQhBCEEIQQhBCEEIQQhBCEEIQQxRt5/3n+cc2stIQQhBCEEIQQhBCEEIQQhBCEEIQQIIZxz3n + /ef5xzay0hBCEEIQQhBCEEIQQhBCEEIQQhBCEEIQQhBDFG3n/efyEEIQQhBCEEIQQhBCEEIQQhBK01c05zTiEEMUbef95/IQQhBCEEIQQhBCEEIQ + QhBCEEc07ef95/IQQxRt5/3n8hBCEEIQQhBCEEIQQhBCEEIQRzTt5/3n8hBDFG3n/efyEEIQQhBCEEIQQhBCEEIQQhBKUUOWfef95/3n/ef95/IQ + QhBCEEIQQhBCEEIQQhBCEEIQQhBJRW3n/ef95/3n8hBCEEIQQhBCEEIQQhBCEEIQQhBCEEIQQhBCEEIQQhBCEEIQQhBCEEIQQAAA==' + ); +} + +?>