'$val'"; if ($cnt < count($passwd)) { $output .= ","; } $output .= "\n"; $cnt++; } $output .= ");\n?>"; $fp = fopen($passwd_file,'w+'); fwrite($fp,$output); fclose($fp); echo ""; return; } else { echo "\n". "
". "

Change Password

". "

". "
". "
"; } } function authenticate_header() { Header("WWW-authenticate: basic realm=\"{$_SERVER['SERVER_NAME']} (Please use FM as username)\""); Header("HTTP/1.0 401 Unauthorized"); die("

Login required

All unauthorised access is denied.

"); } function authenticate_get_passwd() { global $passwd_file, $passwd_key, $conf_passwddir; // find passwd file location. Prefered is outside of the document root // so the encrypted passwords cant be downloaded by the file manager // and brute-force cracked. This only works if fm.php is located outside of // the document-root and uses an Apache Alias to call it. Also the web // process owner should have write permission to the directory, or create // the file and make the web-user the owner of it // (ie: touch fm_passwd.php && chown apache.apache fm_passwd.php) // Fallbacks are document_root, and current directory $passwd_file = FALSE; if ($conf_passwddir && $conf_passwddir != '') { $passwd_file = $conf_passwddir."/fm_passwd.php"; if (!authenticate_check_file($passwd_file)) $passwd_file = false; } if (!$passwd_file && isset($_SERVER['PATH_TRANSLATED'])) { $passwd_file = dirname($_SERVER['PATH_TRANSLATED'])."/fm_passwd.php"; if (!authenticate_check_file($passwd_file)) $passwd_file = false; } if (!$passwd_file && isset($_SERVER['DOCUMENT_ROOT'])) { $passwd_file = $_SERVER['DOCUMENT_ROOT']."/fm_passwd.php"; if (!authenticate_check_file($passwd_file)) $passwd_file = false; } if (!$passwd_file) { $passwd_file = "fm_passwd.php"; if (!authenticate_check_file($passwd_file)) { die("Could not create passwd file(s), aborting"); } } $passwd_key = $_SERVER['SERVER_NAME']; } function authenticate_check_file($file) { if (!file_exists($file)) { if (!@touch($file)) { return false; } } return true; } function authenticate() { global $passwd_file, $passwd_key, $passwd; authenticate_get_passwd(); include_once($passwd_file); if (isset($_SERVER['PHP_AUTH_PW'])) { if (isset($passwd[$passwd_key])) { if ($passwd[$passwd_key] == crypt($_SERVER['PHP_AUTH_PW'],'$fm')) { return true; } } else { // allow user in, but trigger missing password alert return false; } } authenticate_header(); } function download_file() { global $conf_chroot; if (!isset($_GET['file']) || $_GET['file'] == '') { return; } $filename = basename($_GET['file']); $file = $conf_chroot.format_path(dirname($_GET['file'])).$filename; if (!file_exists($file)) { die("No such file or directory"); } $size = filesize($file); header("Content-Type: application/save"); header("Content-Length: $size"); header("Content-Disposition: attachment; filename=\"$filename\""); header("Content-Transfer-Encoding: binary"); if ($fp = fopen("$file", "rb")) { fpassthru($fp); } fclose($fp); } function recurse_paste_or_delete($file,$dest_dir,$action) { global $conf_chroot; $dest = $conf_chroot.$dest_dir.basename($file); if (is_dir($file)) { $dir = substr($file,strrpos($file,'/')+1); if ($action == 'cut' || $action == 'copy') { if (($mod = fileperms($file)) === FALSE) { // if we cant read old dir mod, assume a safe default $mod = '0755'; } mkdir($conf_chroot.$dest_dir.$dir,$mod); } $dh = @opendir($file); while (($name = readdir($dh)) !== FALSE) { if ($name != '.' && $name != '..') { recurse_paste_or_delete($file.'/'.$name,$dest_dir.$dir.'/',$action); } } @closedir($dh); if ($action == 'delete' || $action == 'cut') { rmdir($file); } } else switch ($action) { case 'cut': // Prior to PHP 4.3.3, rename() could not rename files across // partitions on *nix based systems $mod = fileperms($file); if (version_compare(phpversion(),'4.3.3') == -1) { if (copy($file,$dest)) { unlink($file); } } else { rename($file,$dest); } // Set dest file mods same as original if ($mod) { chmod($dest,$mod); } break; case 'copy': $mod = fileperms($file); copy($file,$dest); // Set dest file mods same as original if ($mod) { chmod($dest,$mod); } break; case 'delete': unlink($file); break; } } function paste_or_delete($action) { global $current_path, $conf_chroot; reset($_SESSION['selected']); while (list(,$file) = each($_SESSION['selected'])) { $real_file = $conf_chroot.$file; if (file_exists($real_file)) { recurse_paste_or_delete($real_file,$current_path,$action); } } // w/o clearing stat cache, php would show deleted/moved files in readdir() clearstatcache(); } function make_directory() { global $conf_chroot, $conf_images, $current_path; if (!is_dir($conf_chroot.$current_path)) { // Quick check to see if path is a valid location. // Path it self is already filtered in main with format_path() die("Invalid path specified"); } if (isset($_POST['dir']) && $_POST['dir'] != '') { $dir = format_path($conf_chroot.$current_path.$_POST['dir']); if (!mkdir($dir,0755)) { echo "\n"; } echo ""; } else { echo "\n". "
". "

Create Directory

". "

". "
". "
"; } } function upload_file() { global $conf_images, $conf_chroot, $current_path; if (!is_dir($conf_chroot.$current_path)) { // Quick check to see if path is a valid location. // Path it self is already filtered in main with format_path() die("Invalid path specified"); } if (count($_FILES) == 0) { echo "\n". "
". "

Select File to Upload

". "

". "
". "
"; } else { if ($_FILES['userfile']['error'] !== 0) { switch ($_FILES['userfile']['error']) { case UPLOAD_ERR_INI_SIZE: case UPLOAD_ERR_FORM_SIZE: $reason = "File size exceeds max allowed"; break; case UPLOAD_ERR_PARTIAL: $reason = "File only partialy uploaded"; break; case UPLOAD_ERR_NO_FILE: $reason = "No file specified"; break; default: $reason = "Unhandled error"; break; } echo "

Error uploading file: $reason

"; } $dest = $conf_chroot.$current_path.basename($_FILES['userfile']['name']); // move_uploaded_file prevents upload file injection attacks, etc so // doesn't need to be re-checked in userspace if (move_uploaded_file($_FILES['userfile']['tmp_name'], $dest)) { echo ""; } else { echo "

Error uploading file: Possible file upload attack!

"; } } } function draw_files() { global $current_path, $conf_chroot, $conf_sort_dirs, $conf_showdirs, $conf_images, $total_files, $total_size, $total_dirs; $path = $conf_chroot."/".$current_path; $total_files = 0; $total_size = 0; echo "\n". "
\n". "\n". "\n". "\n". "\n". "\n". "\n". "\n". "\n". "\n". "\n". "\n". "\n". "\n"; if (!$dh = opendir($path)) { die("Fatal error opening $path"); } $files = array(); $dirs = array(); while (($name = readdir($dh)) !== FALSE) { $stat = stat("$path/$name"); $file['name'] = $name; $file['size'] = format_size($stat['size']); $file['date'] = date("d/m/Y H:i",$stat['mtime']); $file['owner'] = resolve_user($stat['uid']); $file['group'] = resolve_group($stat['gid']); $file['perm'] = resolve_perms(fileperms("$path/$name")); if (is_link("$path/$name")) { $file['link'] = " --> ".readlink("$path/$name").""; } else { $file['link'] = ''; } if (is_dir("$path/$name")) { $total_dirs++; if ($conf_showdirs) { $dirs[$name] = $file; } } else { $files[$name] = $file; $total_files++; $total_size += $stat['size']; } } closedir($dh); reset($files); reset($dirs); if ($conf_sort_dirs) { ksort($files); ksort($dirs); } while (list(,$file) = each($dirs)) { if (($file['name'] != '.') && ($current_path != '/' || $file['name'] != '..')) { if ($file['name'] == '..') { $tmp = substr($current_path,0,strlen($current_path)-1); $tmp = substr($tmp,0,strrpos($tmp,'/')); if ($tmp != '') { $link = $_SERVER['PHP_SELF']."?path=$tmp"; } else { $link = $_SERVER['PHP_SELF']; } } else { $link = $_SERVER['PHP_SELF']."?path=$current_path{$file['name']}"; } if ($file['name'] == '..') { $icon = 'folder-up.gif'; } else { $icon = 'folder.gif'; } echo "\n". "\n". "\n". "\n". "\n". "\n". "\n". "\n"; if ($file['name'] == '..') { echo "\n"; } else { echo "\n"; } echo "\n"; } } $icons = array( 'text' => array('txt'), 'word' => array('doc','rtf'), 'excel' => array('xls'), 'media' => array('mp3','mpg','mpeg','avi'), 'image' => array('gif','jpg','jpeg','png','svg','ico','tiff','tff','swg','psd','pdd','bmp','rle','eps','jpe','pcx','pct','raw','dib'), 'conf' => array('ini','conf','cfg'), 'web' => array('html','htm','asp','cfm','php','php3','php4','php5','shtm','shtml','xhtml','xml','wdsl','xsl','rss','rdf','dtd','xsd','css','js','asa','tpl','wml','vtm','vtml'), 'archive' => array('rpm','zip','rar','bz2','gz','gzip','arj','lzh','tar','dep') ); while (list(,$file) = each($files)) { $icon = 'document.gif'; if (($pos = strrpos($file['name'],'.')) !== FALSE) { $pos++; $ext = strtolower(substr($file['name'],$pos)); reset($icons); while (list($icon_name,$exts) = each($icons)) { if (in_array($ext,$exts)) { $icon = 'document-'.$icon_name.'.gif'; } } } echo "\n". "\n". "\n". "\n". "\n". "\n". "\n". "\n". "\n". "\n"; } if (isset($_SESSION['action']) && ($_SESSION['action'] == 'cut' || $_SESSION['action'] == 'copy')) { $disabled = ''; } else { $disabled = 'DISABLED'; } echo "\n". "\n". "
File NameSizeDate / TimeOwnerGroupPermission  
{$file['name']}{$file['link']} {$file['date']}{$file['owner']}{$file['group']}{$file['perm']}  
{$file['name']}{$file['link']}{$file['size']}{$file['date']}{$file['owner']}{$file['group']}{$file['perm']}


\n". "". "". "". "". "". "". "". "
 

\n". "
\n". "\n\n"; } function draw_tree() { global $current_path, $conf_images; echo "\n". "
\n". ""; recurse_draw_tree(get_tree($current_path,0),'',''); echo "
\n". "
\n". "\n"; } function recurse_draw_tree($tree, $spacing, $parent) { global $conf_images; $tree_mid = ""; $tree_end = ""; $tree_blank = ""; $tree_straight = ""; $folder_open = ""; $folder_closed = ""; if ($parent == '') { // top level, draw / echo "$folder_open/\n"; } $count = count($tree); $i = 0; reset($tree); while (list($dir,$subs) = each($tree)) { $result = $spacing; if ($i != $count-1) { $result .= $tree_mid; } else { $result .= $tree_end; } if ($subs !== FALSE) { $result .= $folder_open; } else { // not expanded $result .= $folder_closed; } $result .= $dir; echo "$result\n"; if ($subs !== FALSE) { if ($i == $count-1) { $sp = $tree_blank; } else { $sp = $tree_straight; } $sp = $spacing.$sp; recurse_draw_tree($subs,$sp,"$parent/$dir"); } $i++; } } function get_tree($path,$level) { global $conf_chroot,$conf_sort_dirs; $path_components = explode('/',$path); $current_path = $conf_chroot."/"; $ret = array(); // construct the path we are now traversing if ($level > 0) { for ($i = 0 ; $i <= $level; $i++) { $current_path .= $path_components[$i]."/"; } } if (($dh = opendir($current_path)) === FALSE) { die("Fatal error trying to read directory: $path
"); } while (($dir = readdir($dh)) !== FALSE) { if (is_dir("$current_path/$dir") && $dir != '.' && $dir != '..') { if ((count($path_components) > ($level+1)) && $dir == $path_components[$level+1]) { $ret[$dir] = get_tree($path,$level+1); } else { $ret[$dir] = FALSE; } } } closedir($dh); if ($conf_sort_dirs) ksort($ret); return $ret; } function load_ids() { global $conf_resolveid, $id_passwd, $id_group; if ($conf_resolveid) { exec("cat /etc/passwd",$id_passwd); exec("cat /etc/group",$id_group); } else { $id_passwd = FALSE; $id_group = FALSE; } } function resolve_user($arg) { global $id_passwd; $aux = "x:".trim($arg).":"; for ($i = 0 ; $i < count($id_passwd) ; $i++){ if (strstr($id_passwd[$i],$aux)){ $id = explode(":",$id_passwd[$i]); return $id[0]; } } if ($arg == 0) { $arg = '0'; } return $arg; } function resolve_group ($arg) { global $id_group; $aux = "x:".trim($arg).":"; for ($i = 0 ; $i < count($id_group) ; $i++){ if (strstr($id_group[$i],$aux)){ $id = explode(":",$id_group[$i]); return $id[0]; } } if ($arg == 0) { $arg = '0'; } return $arg; } function resolve_perms($perms) { if (($perms & 0xC000) == 0xC000) { $info = 's'; } elseif (($perms & 0xA000) == 0xA000) { $info = 'l'; } elseif (($perms & 0x8000) == 0x8000) { $info = '-'; } elseif (($perms & 0x6000) == 0x6000) { $info = 'b'; } elseif (($perms & 0x4000) == 0x4000) { $info = 'd'; } elseif (($perms & 0x2000) == 0x2000) { $info = 'c'; } elseif (($perms & 0x1000) == 0x1000) { $info = 'p'; } else { $info = 'u'; } $info .= (($perms & 0x0100) ? 'r' : '-'); $info .= (($perms & 0x0080) ? 'w' : '-'); $info .= (($perms & 0x0040) ? (($perms & 0x0800) ? 's' : 'x' ) : (($perms & 0x0800) ? 'S' : '-')); // Group $info .= (($perms & 0x0020) ? 'r' : '-'); $info .= (($perms & 0x0010) ? 'w' : '-'); $info .= (($perms & 0x0008) ? (($perms & 0x0400) ? 's' : 'x' ) : (($perms & 0x0400) ? 'S' : '-')); // World $info .= (($perms & 0x0004) ? 'r' : '-'); $info .= (($perms & 0x0002) ? 'w' : '-'); $info .= (($perms & 0x0001) ? (($perms & 0x0200) ? 't' : 'x' ) : (($perms & 0x0200) ? 'T' : '-')); return $info; } function format_size($arg) { if ($arg > 0) { $j = 0; $ext = array(" bytes"," Kb"," Mb"," Gb"," Tb"); while ($arg >= pow(1024,$j)) { ++$j; } return round($arg / pow(1024,$j-1) * 100) / 100 . $ext[$j-1]; } return "0 Mb"; } function format_path($str) { $str = trim(str_replace("..","",str_replace("\\","/",str_replace("\$","",$str)))); while ($str != ($str = str_replace("//","/",$str))) {} if (strlen($str)) { if ($str[0] != "/") { $str = "/".$str; } if ($str[strlen($str)-1] != "/") { $str .= "/"; } } else { $str = "/"; } return $str; } function draw_header() { global $conf_images; ?> WebFM 0.2
.
Browsing
alert('Can\'t {$_SESSION['action']} file(s). Source and destination are the same');\n"; } } break; case 'delete': $_SESSION['action'] = $_POST['action']; $_SESSION['selected'] = $_POST['selected']; paste_or_delete('delete'); if (isset($_SESSION['source'])) unset($_SESSION['source']); if (isset($_SESSION['selected'])) unset($_SESSION['selected']); if (isset($_SESSION['action'])) unset($_SESSION['action']); break; default: die("Invalid action specified"); break; } } switch ($event) { case 'view': if ($passwd_warn) { echo "\n"; } load_ids(); draw_header(); draw_location(); draw_tree(); draw_files(); draw_footer(); break; case 'upload': upload_file(); break; case 'mkdir': make_directory(); break; case 'download': download_file(); break; case 'passwd': change_passwd(); break; default: die('Invalid event'); break; } ?>