Plume CMS PHP Cross Reference Content Management Systems

Source: /manager/tools/htaccess/index.php - 267 lines - 9864 bytes - Text - Print

Description: Load the language object for the plugin: $m->user->lang : current language of the user. 'htaccess' : the current plugin.

   1  <?php
   2  /*
   3  # ***** BEGIN LICENSE BLOCK *****
   4  # This file is part of Plume CMS, a website management application.
   5  # Copyright (C) 2001-2006 Loic d'Anterroches and contributors.
   6  #
   7  # Plume CMS is free software; you can redistribute it and/or modify
   8  # it under the terms of the GNU General Public License as published by
   9  # the Free Software Foundation; either version 2 of the License, or
  10  # (at your option) any later version.
  11  #
  12  # Plume CMS is distributed in the hope that it will be useful,
  13  # but WITHOUT ANY WARRANTY; without even the implied warranty of
  14  # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  15  # GNU General Public License for more details.
  16  #
  17  # You should have received a copy of the GNU General Public License
  18  # along with this program; if not, write to the Free Software
  19  # Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
  20  #
  21  # ***** END LICENSE BLOCK ***** */
  22  
  23  include_once dirname(__FILE__).'/class.htaccess.php';
  24  
  25  /**
  26   * Load the language object for the plugin: 
  27   *   $m->user->lang : current language of the user.
  28   *   'htaccess' : the current plugin.
  29   */ 
  30  $m->l10n->loadPlugin($m->user->lang, 'htaccess');
  31  
  32  /* load the config file of the current website. Note that the error message uses
  33  the language file from the manager, as this error can be found somewhere else */
  34  /*
  35  if (file_exists($_PX_config['manager_path'].'/conf/configweb_'.$_SESSION['website_id'].'.php')) {
  36      include($_PX_config['manager_path'].'/conf/configweb_'.$_SESSION['website_id'].'.php');
  37  } else {
  38      $m->setError(sprintf( __('Error: Configuration file of the website(<strong>%s</strong>) not available.'),$_PX_config['manager_path'].'/conf/configweb_'.$_SESSION['website_id'].'.php'), 500);
  39  }
  40  */
  41  
  42  /* =================================================================
  43   *                   Process block
  44   * =================================================================
  45   */
  46  $is_writable = false;
  47  $is_dir      = true;
  48  $rep_list    = array();
  49  $is_secured  = false;
  50  $px_users    = array();
  51  $px_zonename = '';
  52  $err         = '';
  53  $px_password = '';
  54  $px_user     = '';
  55  
  56  /* find the folder to secure */
  57  if (false === $m->error()):
  58  $up_dir = config::f('xmedia_root'); 
  59  if (!empty($_REQUEST['dir'])) {
  60      $current_dir = str_replace('\\','',$_REQUEST['dir']);
  61      $current_dir = str_replace('..','',$current_dir);
  62      $current_dir = preg_replace( '#(/)+#', '/', $current_dir); 
  63      $current_dir = preg_replace( '#^(/)+#', '', $current_dir); 
  64      $current_dir = preg_replace( '#(/)+$#', '', $current_dir);
  65      if (!empty($current_dir)) 
  66          $current_dir .= '/'; 
  67  } else {
  68      $current_dir = '';
  69  }
  70  /* check rights on the folder */
  71  if(is_dir($up_dir.'/'.$current_dir))
  72  {
  73      if (is_writable($up_dir.'/'.$current_dir)) {
  74          $is_writable = true;
  75      } else {
  76          $m->setError(sprintf( __('Error: The system has no write access to the folder <strong>%s</strong>. Check the permissions.'),$_PX_website_config['rel_url_files'].'/'.$current_dir), 500);
  77          
  78      }
  79  }
  80  else {
  81      $m->setError(sprintf( __('Error: The folder <strong>%s</strong> does not exist.'),$_PX_website_config['rel_url_files'].'/'.$current_dir), 500);
  82      $is_dir = false;
  83  }
  84  
  85  if ($is_dir) {
  86      $D = dir($up_dir.'/'.$current_dir);
  87      while(false !== ($entry = $D->read())) {
  88          if (is_dir($up_dir.'/'.$current_dir.$entry) && ($entry != 'thumb') && $entry != '.' && $entry != '..') {
  89              $rep_list[] = $entry;
  90          }
  91      }
  92      $D->close();
  93  }
  94  
  95  if ($current_dir != '') {
  96      $ht = new htaccess();
  97      $is_secured = $ht->isSecured($up_dir.'/'.$current_dir);
  98      if ($is_secured) {
  99          $px_users = $ht->getUsers();
 100          $px_zonename = $ht->getZoneName();
 101      }        
 102  }
 103  
 104  /* create a new zone */
 105  if ($is_dir && $is_writable && $current_dir != '' && !empty($_POST['createzone'])) {
 106      if (!empty($_POST['new_zone'])) {
 107          $zone = str_replace('"','',$_POST['new_zone']);
 108          $ht = new htaccess();
 109          $ht->setAuthName($zone);
 110          $ht->setFHtaccess($up_dir.'/'.$current_dir.'.htaccess');
 111          $ht->setFPasswd($up_dir.'/'.$current_dir.'.htpasswd');
 112          $ht->addLogin();
 113          $msg =  __('Zone successfully created.');
 114          header('Location: tools.php?p=htaccess&dir='.rawurlencode($current_dir).'&msg='.rawurlencode($msg));
 115          exit();
 116      }
 117  }
 118  
 119  /* add a user for this zone */
 120  if ($is_dir && $is_writable && $current_dir != '' && !empty($_POST['adduser'])) {
 121      $px_password = trim($_POST['new_password']);
 122      $px_user     = trim($_POST['new_user']);
 123      if (preg_match('/\s/', $px_password) or preg_match('/\s/', $px_user) 
 124          or preg_match('/[^0-9a-zA-Z]/', $px_password)
 125          or preg_match('/[^0-9a-zA-Z]/', $px_user)
 126          or strlen($px_password) == 0 or strlen($px_user) == 0) {
 127          $err =  __('Username and password must contain only letters and digits without spaces.');
 128      
 129      } else {
 130          $ht = new htaccess();
 131          $ht->setFHtaccess($up_dir.'/'.$current_dir.'.htaccess');
 132          $ht->setFPasswd($up_dir.'/'.$current_dir.'.htpasswd');
 133          if (false !== $ht->addUser($px_user, $px_password)) {
 134              $msg =  __('User successfully added.');
 135              header('Location: tools.php?p=htaccess&dir='.rawurlencode($current_dir).'&msg='.rawurlencode($msg));
 136              exit();
 137              
 138          } else {
 139              $err =  __('Error while adding the user.');
 140          }
 141      }
 142  }
 143  
 144  /* delete a user of this zone */
 145  if ($is_dir && $is_writable && $current_dir != '' && !empty($_REQUEST['u'])) {
 146      $px_user = trim($_REQUEST['u']);
 147      $ht = new htaccess();
 148      $ht->setFHtaccess($up_dir.'/'.$current_dir.'.htaccess');
 149      $ht->setFPasswd($up_dir.'/'.$current_dir.'.htpasswd');
 150      if (false !== $ht->delUser($px_user)) {
 151          $msg =  __('User successfully deleted.');
 152          header('Location: tools.php?p=htaccess&dir='.rawurlencode($current_dir).'&msg='.rawurlencode($msg));
 153          exit();
 154      } else {
 155          $err =  __('Error while deleting the user.');
 156      }
 157  }
 158  
 159  /* delete a zone */
 160  if ($is_dir && $is_writable && $current_dir != '' && !empty($_REQUEST['del'])) {
 161      $ht = new htaccess();
 162      $ht->setFHtaccess($up_dir.'/'.$current_dir.'.htaccess');
 163      $ht->setFPasswd($up_dir.'/'.$current_dir.'.htpasswd');
 164      $ht->delLogin();
 165      $msg =  __('Zone successfully deleted.');
 166      header('Location: tools.php?p=htaccess&dir='.rawurlencode($current_dir).'&msg='.rawurlencode($msg));
 167      exit();
 168  }
 169  
 170  endif; //end of if (false === $m->error()):
 171  
 172  
 173  if ($err != '') {
 174      echo '<div class="erreur"><p><strong>'. __('Error(s):').'</strong></p>'.$err.'</div>';
 175  }
 176  
 177  /*==============================================================================
 178   Display block
 179  ==============================================================================*/
 180  ?>
 181  
 182  
 183  <h1><?php  echo __('Files and images access manager'); ?></h1>
 184  
 185  <?php
 186  /* display the list of the subdirectories */
 187  if ($is_dir) {
 188  
 189      echo '<p>'.sprintf( __('You are in the folder <strong>%s</strong>'), $_PX_website_config['rel_url_files'].'/'.$current_dir).'</p>'."\n\n";
 190      
 191      /* propose to do something only if writable and not the root document folder */
 192      if ($is_writable && ($current_dir != '') && $is_secured) {
 193          /* secured, show the list of users, the name of the zone, propose to delete the protection */
 194          echo '<p class="button">'.sprintf( __('Zone <strong>%s</strong>.'), $px_zonename);
 195          echo ' [<strong><a href="tools.php?p=htaccess&amp;dir='.rawurlencode($current_dir).'&amp;del=1" '.
 196              'onclick="return window.confirm(\''. __('Are you sure you want to delete this zone ?').'\')">'. __('Delete this zone').'</a></strong>]';
 197          echo '</p>';
 198          if (count($px_users)) {
 199              echo '<p><strong>'. __('List of the users').'</strong></p>'."\n";
 200              echo '<ul>'."\n";
 201              reset($px_users); 
 202              while (list ($k, $v) = each ($px_users))  {
 203                  echo '<li>'.$v.' <a href="tools.php?p=htaccess&amp;dir='.$current_dir.'&amp;u='.$v.'" onclick="return window.confirm(\''. __('Are you sure you want to delete this user?').'\')"><img src="tools/htaccess/themes/'.$_px_ptheme.'/delete.png" alt="'. __('Delete').'" /></a></li>'."\n";
 204              }    
 205              echo '</ul>'."\n";            
 206          }
 207          /* propose to add a user */
 208          ?>
 209          
 210          <form action='tools.php' method='POST'>
 211          <input type='hidden' name='dir' value='<?php echo $current_dir; ?>' />
 212          <input type='hidden' name='p' value='htaccess' />
 213          <p>
 214          <span class="nowrap"><label for="new_user"
 215          style="display:inline"><?php  echo __('User to add:'); ?></label>
 216          <?php echo form::textField('new_user', 8, 8, $px_user, '', ''); ?>
 217          <label for="new_password"
 218          style="display:inline"><?php  echo __('Password:'); ?></label>
 219          <?php echo form::textField('new_password', 15, 15, $px_password, '', ''); ?>
 220          <input name="adduser" type="submit" class="submit" value="<?php  echo __('Add'); ?>" />
 221          </span></p>
 222            </form>                
 223          <?php
 224      } elseif ($is_writable && ($current_dir != '') && !$is_secured) {
 225          /* propose to add a protected zone */
 226          ?>
 227          <form action='tools.php' method='POST'>
 228          <input type='hidden' name='dir' value='<?php echo $current_dir; ?>' />
 229          <input type='hidden' name='p' value='htaccess' />
 230          <p>
 231          <span class="nowrap"><label for="new_zone"
 232          style="display:inline"><?php  echo __('New protected zone:'); ?></label>
 233          <?php echo form::textField('new_zone', 30, 30, '', '', ''); ?>
 234          <input name="createzone" type="submit" class="submit" value="<?php  echo __('Create the zone'); ?>" />
 235          </span></p>
 236            </form>
 237          
 238          
 239          
 240          <?php
 241      
 242      }
 243      
 244      echo '<div class="resourcebox">';        
 245      echo '<h2>'. __('Navigation').'</h2>'."\n\n";
 246          
 247      $open = false;
 248      if (strlen($current_dir) > 0) {
 249          $open = true;
 250          $parent_dir = getParentDir($current_dir);
 251          echo '<ul class="folders"><li><a href="tools.php?p=htaccess&amp;dir='.$parent_dir.'">..</a></li>'."\n";
 252      }
 253      if (count($rep_list)) {
 254          if (!$open) {
 255              echo '<ul class="folders">'."\n";
 256              $open = true;
 257          }
 258          reset($rep_list); 
 259          while (list ($k, $v) = each ($rep_list))  {
 260              echo '<li><a href="tools.php?p=htaccess&amp;dir='.$current_dir.$v.'/">'.$v.'</a></li>'."\n";
 261          }            
 262      }
 263      if ($open) echo "</ul>\n\n";
 264      echo '</div>';
 265  
 266  }    
 267  ?>

title

Description

title

Description

title

Description

title

title

Body