<?php include "rbfminc/config.php"; //include "rbfminc/session.php"; require_once('config.inc'); require("guiconfig.inc"); include("head.inc"); global $config; if('ok' == 'ok'){ set_time_limit(1800); //30 min include "rbfminc/functions.php"; clearstatcache (); $_GET['p'] = urldecode($_GET['p']); if($_COOKIE['current_folder']){ $initial_folder_cookie = $_COOKIE['current_folder']; } if($_GET['url_field']){ setcookie('url_field', $_GET['url_field']); $url_field = $_GET['url_field']; }else{ $url_field = $_COOKIE['url_field']; } if($_GET['p']){ if(substr($_GET['p'], -1) != "/"){$_GET['p'] = $_GET['p']."/";} $current_folder = $_GET['p']; }elseif($initial_folder_cookie and file_exists($initial_folder_cookie)){ if(substr($initial_folder_cookie, -1) != "/"){$initial_folder_cookie = $initial_folder_cookie."/";} $current_folder = $initial_folder_cookie; }elseif($initial_folder and file_exists($initial_folder)){ if(substr($initial_folder, -1) != "/"){$initial_folder = $initial_folder."/";} $current_folder = $initial_folder; }else{ $current_folder = $_SERVER['DOCUMENT_ROOT']."/"; } if($only_below and strlen($current_folder) < strlen($initial_folder)){ setcookie('current_folder', '', time()-3600); header("Location: file_manager.php"); exit(); } //setcookie('current_folder', $current_folder); if(substr($current_folder, 0, strlen($_SERVER['DOCUMENT_ROOT'])) == $_SERVER['DOCUMENT_ROOT']){ $url_path = "http://".$_SERVER['HTTP_HOST']."/".substr($current_folder, strlen($_SERVER['DOCUMENT_ROOT'])); } if($_POST['save_file'] == 'save_file' and $_GET['f']){ if($handle = fopen($current_folder.$_GET['f'] , 'w')){ if (fwrite($handle, stripslashes($_POST['file_content'])) === FALSE) { $alert_info .= "Cannot write to file ({$current_folder}{$_GET['f']})"; }else{ $alert_info .= "File ({$current_folder}{$_GET['f']}) successfully saved"; $redirect = "file_manager.php?p=".urlencode($current_folder); } }else{ $alert_info .= "Invalid file!!!"; } } if($_POST['upload_file'] == 'upload_file'){ if($_FILES['file']['error'] == 8){ $alert_info .= "File upload stopped by extension!!!"; } if($_FILES['file']['error'] == 7){ $alert_info .= "Failed to write file to disk!!!"; } if($_FILES['file']['error'] == 6){ $alert_info .= "Missing a temporary folder!!!"; } if($_FILES['file']['error'] == 4){ $alert_info .= "No image was uploaded!!!"; } if($_FILES['file']['error'] == 3){ $alert_info .= "The uploaded file was only partially uploaded!!!"; } if($_FILES['file']['error'] == 2){ $alert_info .= "The uploaded file exceeds the MAX_FILE_SIZE!!!"; } if($_FILES['file']['error'] == 1){ $alert_info .= "The uploaded file exceeds the upload_max_filesize!!!"; } if(!$alert_info){ if(file_exists($current_folder.$_FILES['file']['name']) and !$_POST['replace_file']){ $alert_info .= "A file with the same name already exist in this folder\\nTo replace this file check \"Replace existing file\" in upload form!"; $redirect = "file_manager.php?p=".urlencode($current_folder); }else{ if(!@move_uploaded_file($_FILES["file"]["tmp_name"], $current_folder.$_FILES['file']['name'])){ $alert_info .= "Failed to upload file!!!"; }else{ $alert_info .= "File successfully uploaded!"; $redirect = "file_manager.php?p=".urlencode($current_folder); } } } } if($_GET['do'] == 'delete' and $_GET['file'] and $_GET['type'] == 'file'){ if(file_exists($current_folder.$_GET['file'])){ if(!@unlink($current_folder.$_GET['file'])){ $alert_info = "You cannot delete this file\\nThe relevant permissions must permit this."; }else{ $alert_info = "File deleted"; $redirect = "file_manager.php?p=".urlencode($current_folder); } }else{ $alert_info = "You cannot delete this file\\nInvalid file"; } } if($_GET['do'] == 'delete' and $_GET['file'] and $_GET['type'] == 'directory'){ if(file_exists($current_folder.$_GET['file'])){ if(!RecursiveFolderDelete($current_folder.$_GET['file'])){ $alert_info = "You cannot delete this directory\\nThe relevant permissions must permit this."; }else{ $alert_info = "Folder deleted"; $redirect = "file_manager.php?p=".urlencode($current_folder); } }else{ $alert_info = "You cannot delete this directory\\nInvalid directory"; } } if($_POST['create_folder'] == "Create folder"){ if(@mkdir($current_folder.$_POST['folder_name'])){ $alert_info = "Folder created successfully!"; }else{ $alert_info = "Invalid folder bane!"; } } preg_match_all("/\//", $current_folder, $m); if(count($m[0]) > 1){ $up_one_level = " ondblclick=\"document.location='{$_SERVER['PHP_SELF']}?p=".urlencode(substr($current_folder, 0, strrpos(substr($current_folder, 0, -1), "/"))."/")."'\""; } if ($handle = @opendir($current_folder)) { while (false !== ($folder_content = readdir($handle))) { if(is_dir($current_folder.'/'.$folder_content) and $folder_content!='.' and $folder_content!='..'){ $folders[] = $folder_content; }elseif(!is_dir($current_folder.'/'.$folder_content) and $folder!='.' and $folder_content!='..'){ $files[] = $folder_content; } } closedir($handle); }else{ $error = "<h1 style='color:red' align='center'>Invalid directory</h1>"; } $container .= " <table border=\"0\" cellspacing=\"1\" cellpadding=\"1\" class=\"list\" width=\"100%\"> <tr> <th style='padding:0;width:18px'> </th> <th>Name</th> <!--<th> </th>--> <th> </th> <th> </th> <th> </th> <th> </th> <th> </th> <th>Ext.</th> <th>Size</th> <th>Date</th> <th>Attributes</th> </tr> <tr> <td style='padding:0;width:18px' title=\"UP one level\"><img width='16' height='16' src='rbfmimg/folder.png' alt='F'{$up_one_level} /></td> <td colspan=\"11\"><b title=\"UP one level\"{$up_one_level}>[..]</b></td> </tr> "; $id = 1; if(is_array($folders)){ array_multisort($folders, SORT_ASC, SORT_REGULAR); foreach($folders as $v){ if($v){ $vf = $v.'/'; $last_updated_time = date("Y.m.d H:i:s", filemtime($current_folder.$v)); $fileperms = GetFilePerms($current_folder.$v); if($url_path){ $browser = "<a href='{$url_path}{$v}' target='_blank'><img src='rbfmimg/ico_open_as_web.png' border='0' width='16' height='16' alt='W' title='Open as web page' /></a>"; if($url_field){ $use_url = "<img src='rbfmimg/ico_use_file.png' border='0' width='16' height='16' alt='U' title='Use URL ({$url_path}{$v})' onclick=\"window.opener.document.getElementById('{$url_field}').value='{$url_path}{$v}'; window.close()\" style='cursor: pointer' />"; }else{ $use_url = "<img src='rbfmimg/ico_use_file_inactive.png' border='0' width='16' height='16' alt='U' title='Use URL (Inactive!!!)' />"; } }else{ $browser = " "; $use_url = "<img src='rbfmimg/ico_use_file_inactive.png' border='0' width='16' height='16' alt='U' title='Use URL (Inactive!!!)' />"; } $container .= " <tr> <td style='padding:0;width:18px'> <img width='16' height='16' src='rbfmimg/folder.png' alt='Folder' ondblclick=\"document.location='{$_SERVER['PHP_SELF']}?p=".urlencode($current_folder.$vf)."'\" /> </td> <td> <div style='padding-top:2px;' id='f{$id}' ondblclick=\"document.location='{$_SERVER['PHP_SELF']}?p=".urlencode($current_folder.$vf)."'\" > {$v} </div> <form class='rename_field' id='r{$id}' name=\"form{$id}\" method=\"post\" action=\"rbfminc/rename.php\" target=\"results\" onsubmit=\" this.n.blur(); return false \" > <input class='input_name rename_input' name=\"n\" type='text' value='{$v}' id='rf{$id}' onblur=\" document.form{$id}.submit(); document.getElementById('f{$id}').style.display = 'block'; document.getElementById('r{$id}').style.display = 'none'; document.getElementById('f{$id}').innerHTML = this.value; document.form{$id}.o.value = this.value; \" /> <input name=\"cf\" type=\"hidden\" value=\"{$current_folder}\" /> <input name=\"o\" type=\"hidden\" value=\"{$v}\" /> <input name=\"t\" type=\"hidden\" value=\"d\" /> <input name=\"submitS\" type=\"submit\" value=\"submitS\" style='display: none; width:0;height:0' onsubmit=\"this.n.blur(); return false\" /> </form> </td> <!--<td>{$use_url}</td>--> <td>{$browser}</td> <td> </td> <td> <img width='16' height='16' src='rbfmimg/ico_rename.png' alt='Rename' title='Rename' onclick=\" document.getElementById('r{$id}').style.display = 'block'; document.getElementById('f{$id}').style.display = 'none'; document.getElementById('rf{$id}').focus(); document.getElementById('rf{$id}').select() \" /> </td> <td> </td> <td> <img width='16' height='16' src='rbfmimg/ico_delete.png' alt='D' title='Delete' onclick=\" if( confirm('Delete folder "{$v}"?') && confirm('You cannot undo this operation!!!') && confirm('To delete this folder "{$v}" press OK\\nTo cancel this operation press CANCEL') ){ document.location = 'file_manager.php?p=".urlencode($current_folder)."&do=delete&file=".urlencode($v)."&type=directory' } \" /> </td> <td class='srow'> </td> <td><b><DIR></b></td> <td class='srow'>{$last_updated_time}</td> <td class='fileperms'>{$fileperms}</td> </tr> "; $id++; } } } if(is_array($files)){ array_multisort($files, SORT_ASC, SORT_REGULAR); foreach($files as $v){ if($v){ $extension = substr(strrchr($v, "."), 1); $file_image = "ico_file.png"; if($extension == 'php' or $extension == 'php3'){$file_image = "ico_php.png";} if( $extension == 'htm' or $extension == 'HTM' or $extension == 'html' or $extension == 'HTML' ){$file_image = "ico_html.png";} if( $extension == 'jpg' or $extension == 'JPG' or $extension == 'jpeg' or $extension == 'JPEG' or $extension == 'gif' or $extension == 'GIF' or $extension == 'png' or $extension == 'PNG' ){$file_image = "ico_picture.png";} $last_updated_time = date("Y.m.d H:i:s", filemtime($current_folder.$v)); $file_size = roundsize(filesize($current_folder.$v)); if( $extension == 'txt' or $extension == 'inc' or $extension == 'sh' or $extension == 'js' or $extension == 'xml' or $extension == 'conf' or $extension == 'config' or $extension == 'ini' or $extension == 'php' or $extension == 'php3' or $extension == 'htm' or $extension == 'HTM' or $extension == 'html' or $extension == 'HTML' or $extension == 'css' or $extension == 'CSS' ){ $edit_file_content = "<a href='file_manager.php?p=".urlencode($current_folder)."&f=".urlencode($v)."&do=edit#file_edit'><img width='16' height='16' src='rbfmimg/ico_script_edit.png' alt='Edit' title='View/Edit' border='0' /></a>"; }else{ $edit_file_content = " "; } $fileperms = GetFilePerms($current_folder.$v); if($url_path){ $browser = "<a href='{$url_path}{$v}' target='_blank'><img src='rbfmimg/ico_open_as_web.png' border='0' width='16' height='16' alt='W' title='Open as web page' /></a>"; if($url_field){ $use_url = "<img src='rbfmimg/ico_use_file.png' border='0' width='16' height='16' alt='U' title='Use URL ({$url_path}{$v})' onclick=\"window.opener.document.getElementById('{$url_field}').value='{$url_path}{$v}'; window.close()\" style='cursor: pointer' />"; }else{ $use_url = "<img src='rbfmimg/ico_use_file_inactive.png' border='0' width='16' height='16' alt='U' title='Use URL (Inactive!!!)' />"; } }else{ $browser = " "; $use_url = "<img src='rbfmimg/ico_use_file_inactive.png' border='0' width='16' height='16' alt='U' title='Use URL (Inactive!!!)' />"; } $container .= " <tr> <td style='padding:0;width:18px'> <img width='16' height='16' src='rbfmimg/{$file_image}' alt='File' ondblclick=\"document.location = 'rbfminc/download.php?p=".urlencode($current_folder)."&file_name=".urlencode($v)."'\" /> </td> <td> <div style='padding-top:2px;' id='f{$id}' ondblclick=\"document.location = 'rbfminc/download.php?p=".urlencode($current_folder)."&file_name=".urlencode($v)."'\" > {$v} </div> <form class='rename_field' id='r{$id}' name=\"form{$id}\" method=\"post\" action=\"rbfminc/rename.php\" target=\"results\" onsubmit=\"this.n.blur(); return false\" > <input name=\"cf\" type=\"hidden\" value=\"{$current_folder}\" /> <input name=\"o\" type=\"hidden\" value=\"{$v}\" /> <input name=\"t\" type=\"hidden\" value=\"f\" /> <input class='input_name' name=\"n\" type='text' value='{$v}' id='rf{$id}' onblur=\" document.form{$id}.submit(); document.getElementById('f{$id}').style.display = 'block'; document.getElementById('r{$id}').style.display = 'none'; document.getElementById('f{$id}').innerHTML = this.value; document.form{$id}.o.value = this.value; \" /> <input name=\"submitS\" type=\"submit\" value=\"submitS\" style='display: none; width:0;height:0' onsubmit=\"this.n.blur(); return false\" /> </form> </td> <!--<td>{$use_url}</td>--> <td>{$browser}</td> <td> <a href='rbfminc/download.php?p=".urlencode($current_folder)."&file_name=".urlencode($v)."'><img width='16' height='16' src='rbfmimg/ico_download.png' alt='Download' title='Download' border='0' /></a> </td> <td> <img width='16' height='16' src='rbfmimg/ico_rename.png' alt='Rename' title='Rename' onclick=\"document.getElementById('f{$id}').style.display = 'none'; document.getElementById('r{$id}').style.display = 'block'; document.getElementById('rf{$id}').focus(); document.getElementById('rf{$id}').select()\" /> </td> <td>{$edit_file_content}</td> <td> <img width='16' height='16' src='rbfmimg/ico_delete.png' alt='D' title='Delete' onclick=\" if( confirm('Delete file "{$v}"?') && confirm('You cannot undo this operation!!!') && confirm('To delete this file "{$v}" press OK\\nTo cancel this operation press CANCEL') ){ document.location = 'file_manager.php?p=".urlencode($current_folder)."&do=delete&file=".urlencode($v)."&type=file' } \" /> </td> <td class='srow'>{$extension}</td> <td>{$file_size}</td> <td class='srow'>{$last_updated_time}</td> <td class='fileperms'>{$fileperms}</td> </tr> "; $id++; } } } $container .= "</table>"; $container = preg_replace("/\s+/m", " ", $container); ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <?php include("fbegin.inc"); ?> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <title>File editor</title> <link href="rbfminc/file_editor_style.css" rel="stylesheet" type="text/css" /> </head> <body> <?php echo $security_issues; ?> <div class="file_editor"> <div class="header"> </div> <form id="path" name="path" method="get" action="" class="path"> <input type="text" name="p" id="location" value="<?php echo $current_folder; ?>" /> <img src="rbfmimg/go.png" name="go" width="35" height="18" id="go" alt="go" title="go" /> </form> <div class="url_path">URL path: <a href='<?php echo $url_path; ?>' target="_blank"><?php echo $url_path; ?></a></div> <div class="container"> <?php echo $container; ?> <?php echo $error; ?> </div> <form action="" method="post" enctype="multipart/form-data" name="form_upload" id="form_upload" class="form_upload"> Upload a file in current folder: <input type="file" name="file" id="file" /> <input name="replace_file" type="checkbox" value="1" /> Replace existing file <input type="submit" name="upload" id="upload" value="Upload" /> <input name="upload_file" type="hidden" id="upload_file" value="upload_file" /> </form> <form action="" method="post" enctype="multipart/form-data" name="form_upload" id="form_upload" class="form_upload"> Create new folder here; Folder name: <input name="folder_name" type="text" style="width:290px" /> <input type="submit" name="create_folder" id="create_folder" value="Create folder" /> </form> <iframe name="results", frameborder="0" scrolling="auto" class='results'></iframe> <div align="center" style="margin-top:5px"> [ <img src="rbfmimg/ico_open_as_web.png" width="16" height="16" align="middle" /> OPEN IN BROWSER ] [ <img src="rbfmimg/ico_download.png" width="16" height="16" align="middle" /> DOWNLOAD ] [ <img src="rbfmimg/ico_rename.png" width="16" height="16" align="middle" /> RENAME ] [ <img src="rbfmimg/ico_script_edit.png" width="16" height="16" align="middle" /> VIEW/EDIT ] [ <img src="rbfmimg/ico_delete.png" width="16" height="16" align="middle" /> DELETE ] </div> <?php if($_GET['do'] == 'edit'){ $file_content = file_get_contents($current_folder.$_GET['f']); echo " <form id=\"form_edit\" name=\"form_edit\" method=\"post\" action=\"\" style='width: 670px;margin: 10px auto 0;border-top: 1px #999999 solid'> <a name='file_edit'></a> File: <b>{$current_folder}{$_GET['f']}</b><br /> <textarea name=\"file_content\" id=\"file_content\" cols=\"\" rows=\"\" style='width: 99%; height: 400px'>".htmlentities ($file_content)."</textarea><br /> <input name=\"save\" type=\"submit\" value=\"Save\" /> <input name=\"close\" type=\"button\" value=\"Close file editor\" onclick=\"document.location = 'file_manager.php?f=".urlencode($current_folder)."'\" /> <input name=\"save_file\" type=\"hidden\" value=\"save_file\" /> </form> "; } ?> <div class="footer"></div> </div> <small>Created by <a href="http://www.tomschaefer.org/pfsense">TomSchaefer</a></small> <?php if($alert_info){ echo " <script language=\"javascript\"> alert('{$alert_info}'); </script> "; } if($redirect){ echo " <script language=\"javascript\"> document.location = '{$redirect}'; </script> "; } ?> <?php include("fend.inc"); ?> </body> </html> <?php }else{ ?> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <title>Login</title> <style type="text/css"> <!-- body,td,th,input { font-family: Arial, Helvetica, sans-serif; font-size: 12px; } body { background-color: #EEEEEE; } --> </style></head> <body><br /><br /><br /><br /> <div class="login"> <div style="color:red" align="center"><?php echo $error_message; ?></div> <form id="login_form" name="login_form" method="post" action=""> <table border="0" align="center" cellpadding="4" cellspacing="0" bgcolor="#FFFFFF" style="border:1px solid #999999; padding:10px"> <tr> <td align="right">Username:</td> <td><input type="text" name="username" id="username" class="login_input" style="width:230px" /></td> </tr> <tr> <td align="right">Password:</td> <td><input type="password" name="password" id="password" class="login_input" style="width:100px" /> </td> </tr> <tr> <td colspan="2" align="right"><input type="submit" name="button" id="button" value="Login »" /></td> </tr> </table> <input name="login" type="hidden" value="login" /> </form> </div> </body> </html> <?php } ?>