index.php

CMS系统 提供学习研究修改最好了 比流行的一些CMS简单 但是更容易理解 是帮助你学习PHPCMS系统的好东东哦

<?php
//include/get_ride_of_magic_quotes.php:

/*
* Copyright (c) 2004 Heiko Rutenbeck <bzrudi@tuxpower.de>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
*  (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
*/

/**
* This file removes the magic quotes
* always include this file with *include_once* to prevent multiple remove of magic quotes!
*
* Magic-quotes was added to reduce code written by beginners from being dangerous.
* If you disable magic quotes, you must be very careful
* to protect yourself from SQL injection attacks.
* For details see http://www.php.net/manual/en/function.get-magic-quotes-gpc.php
*
* @author  flo
*/

/**
* Disabling magic quotes at runtime
* for example fread()
*/
set_magic_quotes_runtime(0);

/**
 * PHP 5.x workarround to prevent strftime notices about unset timezone
 */
if(check_php_version('5.1.0')) {
	$time_zone = date_default_timezone_get();
	date_default_timezone_set($time_zone);
	}

/**
* Remove magic quotes for get, post and cookie data
* We can't disable it, because we are already too late
* It could also be done with a directive in a .htaccess file
* (php_value magic_quotes_gpc 0)
*/
if (get_magic_quotes_gpc()) {
	function stripslashes_deep($value)
	{
		$value = is_array($value) ?
			array_map('stripslashes_deep', $value) :
			stripslashes($value);
		
		return $value;
	}
	
	$_POST = array_map('stripslashes_deep', $_POST);
	$_GET = array_map('stripslashes_deep', $_GET);
	$_COOKIE = array_map('stripslashes_deep', $_COOKIE);
	$_REQUEST = array_map('stripslashes_deep', $_REQUEST);
	
	/**
	* http://php3.de/manual/de/features.file-upload.php
	* Note that with magic_quotes_gpc on, the uploaded filename
	* has backslashes added *but the tmp_name does not*.
	* On Windows where the tmp_name path includes backslashes,
	* you *must not* run stripslashes() on the tmp_name,
	* so keep that in mind when de-magic_quotes-izing your input.
	*
	* -> do not stripslashes on whole array, but only on $_FILES[*]['name']
	*/
	foreach($_FILES AS $key=>$value)
	{
		$_FILES[$key]['name'] = stripslashes($_FILES[$key]['name']);
	}
} 
?>


<?php

// -------------------------------------------------------------------------------
//
// FSGuide
//
// (c) 2003, Tamas TURCSANYI
// contact: trajic [at] demoscene [dot] hu
//
// http://fsguide.sourceforge.net
// modified, extended to work with LinPHA, bzrudi71
// removed all code for the "right" windows as it is not required for LinPHA
// -------------------------------------------------------------------------------

/**
* TOP_DIR not defined because of security, this file has to be included from admin.php and nothing else
*/
require(TOP_DIR.'/plugins/ftp/includes/config.inc.php');
require(TOP_DIR.'/plugins/ftp/includes/predefine.inc.php');
init();

$todo = '';
if (isset($_REQUEST['todo']))
  $todo = htmlspecialchars($_REQUEST['todo']);

switch($todo) {
	case 'delete':
		execute_action('delete'); display();
	break;
	case 'mkdir_form':
		$message .= mkdir_form($dirleft); display();
	break;
	case 'createdir':
    	create_directory(); display();
	break;
	case 'upload_form':
		uploadform($dirleft);
	break;
	case 'upload':
		upload(); display();
	break;
	case 'copy_form':
		copy_form(); display();
	break;
	case 'docopy':
		copy_recursive(); display();
	break;
	case 'rename_form':
		rename_form(); display();
	break;
	case 'dorename':
		dorename($_POST['originame'],$default['STARTDIR_LEFT'].'/'.$_POST['rename_to']); display();
	break;
	case 'openfile':
		display_file($_REQUEST['f']);
	break;
	case 'edit':
		edit_file($_REQUEST['f']);
	break;
	case 'save_textfile':
		save_textfile(); display();
	break;
	case 'save_binaryfile':
		save_binaryfile(); display();
	break;
	case 'change_perm_form':
		change_perm_form(); display();
	break;
	case 'change_perm':
		change_perm(); display();
	break;
	default:
		display();
	break;
}

// ----------------------------------------------------------------------------
function fsguideErrorHandler ($errno, $errstr, $errfile, $errline) {

if(strpos($errstr, "PHP_SELF") === false){
  if ( !isset( $GLOBALS['message'] ) )
    $GLOBALS['message']  = "<LI>" . $errstr . NL;
  else
    $GLOBALS['message'] .= "<LI>" . $errstr . NL;

  if ( defined( 'DISPLAY_ERRORS' ) )
    echo "<LI>" . $errstr . NL;
}
}

// ----------------------------------------------------------------------------
function change_perm_form()
{
	global $submit_button_folder, $str_change_perm, $str_read, $str_write, $str_execute, $str_owner, $str_group, $str_all_other;

	$perm = get_readable_fileperms($_REQUEST['f']);
	
	(substr($perm, 1, 1)!="-" ? $ur = 1 : '');
	(substr($perm, 2, 1)!="-" ? $uw = 1 : '');
	(substr($perm, 3, 1)!="-" ? $ux = 1 : '');
	(substr($perm, 4, 1)!="-" ? $gr = 1 : '');
	(substr($perm, 5, 1)!="-" ? $gw = 1 : '');
	(substr($perm, 6, 1)!="-" ? $gx = 1 : '');
	(substr($perm, 7, 1)!="-" ? $or = 1 : '');
	(substr($perm, 8, 1)!="-" ? $ow = 1 : '');
	(substr($perm, 9, 1)!="-" ? $ox = 1 : '');


?>

    <form action="<?php echo htmlspecialchars($_SERVER['PHP_SELF'],ENT_QUOTES); ?>?page=ftp" method="post">
    <FIELDSET>
		<LEGEND><?php echo $str_change_perm.' '.$_REQUEST['f']; ?></LEGEND>

	<table border="1" cellpadding="0" cellspacing="0">
		<tr>
			<td width="100">&nbsp;</td>
			<td class='admintable' width="75"><?php echo $str_read; ?></td>
			<td class='admintable' width="75"><?php echo $str_write; ?></td>
			<td class='admintable' width="75"><?php echo $str_execute; ?></td>
		</tr>
		<tr>
			<td class='admintable'><?php echo $str_owner; ?></td>
			<td><input name="ur" type="checkbox" value="4"<?=(isset($ur) ? ' checked' : '')?>></td>
			<td><input name="uw" type="checkbox" value="2"<?=(isset($uw) ? ' checked' : '')?>></td>
			<td><input name="ux" type="checkbox" value="1"<?=(isset($ux) ? ' checked' : '')?>></td>
		</tr>
		<tr>
			<td class='admintable'><?php echo $str_group; ?></td>
			<td><input name="gr" type="checkbox" value="4"<?=(isset($gr) ? ' checked' : '')?>></td>
			<td><input name="gw" type="checkbox" value="2"<?=(isset($gw) ? ' checked' : '')?>></td>
			<td><input name="gx" type="checkbox" value="1"<?=(isset($gx) ? ' checked' : '')?>></td>
		</tr>
		<tr>
			<td class='admintable'><?php echo $str_all_other; ?></td>
			<td><input name="or" type="checkbox" value="4"<?=(isset($or) ? ' checked' : '')?>></td>
			<td><input name="ow" type="checkbox" value="2"<?=(isset($ow) ? ' checked' : '')?>></td>
			<td><input name="ox" type="checkbox" value="1"<?=(isset($ox) ? ' checked' : '')?>></td>
		</tr>
	</table>
	<br />
	<input type="Submit" name="Submit" value="<?php echo $submit_button_folder; ?>">

	<input type="hidden" name="todo" value="change_perm">
	<?php echo getparams(); ?>
    </FIELDSET>
	</FORM>

<?php
}

function change_perm()
{
	global $new_perms_success_msg, $str_error_changing_perm;

	isset($_POST['ur']) ? $ur = $_POST['ur'] : $ur = 0;
	isset($_POST['uw']) ? $uw = $_POST['uw'] : $uw = 0;
	isset($_POST['ux']) ? $ux = $_POST['ux'] : $ux = 0;
	isset($_POST['gr']) ? $gr = $_POST['gr'] : $gr = 0;
	isset($_POST['gw']) ? $gw = $_POST['gw'] : $gw = 0;
	isset($_POST['gx']) ? $gx = $_POST['gx'] : $gx = 0;
	isset($_POST['or']) ? $or = $_POST['or'] : $or = 0;
	isset($_POST['ow']) ? $ow = $_POST['ow'] : $ow = 0;
	isset($_POST['ox']) ? $ox = $_POST['ox'] : $ox = 0;

	$u = $ur+$uw+$ux;
	$g = $gr+$gw+$gx;
	$o = $or+$ow+$ox;
	
	$mode = $u.$g.$o;
	
	echo '<div align="center"><h1>';
	if(chmod($_REQUEST['f'],intval($mode,8)))
	{
        linpha_log('filemanager','notice','User '.$_SESSION['user_name'].": changed directory permissions of (".$_REQUEST['f'].")");
		echo $new_perms_success_msg;
	}
	else
	{
		echo $str_error_changing_perm;
        linpha_log('filemanager','warning',
            'User '.$_SESSION['user_name'].": failed to change permissions of (".$_REQUEST['f'].")");
	}
	echo '</h1></div>';
}

// ----------------------------------------------------------------------------
function copy_form()
{
	global $dirleft, $default, $str_copy, $str_copy_to;

	$filelist = filelist();
	if(isset($filelist[0])) {
		$filename = $filelist[0][0];
	}
	if (isset($filename))
	{
		$originame = $dirleft.'/'.$filename;
?>
	<form action='<?php echo htmlspecialchars($_SERVER['PHP_SELF'],ENT_QUOTES); ?>?page=ftp' method='POST'>
	<fieldset>
		<legend><?php printf($str_copy_to,$originame); ?></legend>
		<font class="mono"><?php echo $default['STARTDIR_LEFT']; ?>/</font>
		<input type='text' name='copy_to' value='<?php echo str_replace($default['STARTDIR_LEFT'].'/','',$dirleft.'/'); ?>'>
		<input type='hidden' name='todo' value='docopy'>
		<input type='hidden' name='originame' value='<?php echo htmlspecialchars($originame,ENT_QUOTES); ?>'>
		<input type='submit' name='Submit' value='<?php echo $str_copy; ?>'>
		<?php echo getparams(); ?>
	</fieldset>
	</form>
<?php
	}
}

function copy_recursive()
{
	global $default;

	/**
	* don't allow in parent directories!
	*/
	if(strpos($_POST['copy_to'],'..') === false)
	{
		copy_r($_POST['originame'],$default['STARTDIR_LEFT'].'/'.$_POST['copy_to']);
        linpha_log('filemanager','notice',
            'User '.$_SESSION['user_name'].": made copy of (".$_POST['originame'].") => (".$_POST['copy_to'].")");
	}
	else
	{
		die(pageheader() . STR_ACCESS_DENIED . pagefooter());
        linpha_log('filemanager','warning',
            'User '.$_SESSION['user_name'].": tried copy of (".$_POST['originame'].") => (".$_POST['copy_to'].") failed");
	}
	
}

// ----------------------------------------------------------------------------
function rename_form()
{
	global $dirleft, $default, $str_rename_to;

	$filelist = filelist();
	if(isset($filelist[0])) {
		$filename = $filelist[0][0];
	}
	if (isset($filename))
	{
		$originame = $dirleft.'/'.$filename;
?>
	<form action='<?php echo htmlspecialchars($_SERVER['PHP_SELF'],ENT_QUOTES); ?>?page=ftp' method='POST'>
	<fieldset>
		<legend><?php printf($str_rename_to,$originame); ?></legend>
		<font class="mono"><?php echo $default['STARTDIR_LEFT']; ?>/</font>
		<input type='text' name='rename_to' value='<?php echo str_replace($default['STARTDIR_LEFT'].'/','',$originame); ?>'>
		<input type='hidden' name='todo' value='dorename'>
		<input type='hidden' name='originame' value='<?php echo htmlspecialchars($originame); ?>'>
		<input type='submit' name='Submit' value='<?php echo STR_RENAME; ?>'>
		<?php echo getparams(); ?>
	</fieldset>
	</form>
<?php
	}
}

function dorename()
{
	global $default;

	if(strpos($_POST['rename_to'],'..') === false)	// don't allow renames to other than allowed directories
	{
		rename( $_POST['originame'] , $default['STARTDIR_LEFT'].'/'.$_POST['rename_to']);
        linpha_log('filemanager','notice',
            'User '.$_SESSION['user_name'].": renamed (".$_POST['originame'].") => (".$_POST['rename_to'].")");
		/**
		* rename folder in database
		*/
		rename_folder_in_db($_POST['originame'], $default['STARTDIR_LEFT'].'/'.$_POST['rename_to']);
	}
	else
	{
		die(pageheader() . STR_ACCESS_DENIED . pagefooter());
        linpha_log('filemanager','warning',
            'User '.$_SESSION['user_name'].": tried to rename (".$_POST['originame'].") => (".$_POST['rename_to'].") failed");
	}
}

// ----------------------------------------------------------------------------
function mkdir_form($parentdir)