Security problem

Problems with the Windows version of XAMPP, questions, comments, and anything related.

Security problem

Postby Mustang » 24. September 2003 11:20

Im using Xamp and when i use a readdir script i see my whole harddisks with r/w privelleges

of course i dont want that, i just want to see the document_dir

is there a function that disallowes the script to read my whole harddisk?



Code: Select all
<?
include("config.php");
$version = "2.0";

header("Expires: Mon, 26 Jul 1997 05:00:00 GMT");
header("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT");
header("Cache-Control: no-store, no-cache, must-revalidate");
header("Cache-Control: post-check=0, pre-check=0", false);
header("Pragma: no-cache");

error_reporting(E_ALL);
if ($use_timeout) set_time_limit($timeout);
ob_implicit_flush();
@import_request_variables("gpc");
$PHP_SELF = $_SERVER['PHP_SELF'];

// Define variables
if (!isset($cookie_username))        $cookie_username        =        false;
if (!isset($cookie_password))        $cookie_password        =        false;
if (!isset($path))                $path                        =        false;
if (!isset($action))                $action                =        false;

if ($cookie_username == $username && md5($cookie_password) == md5($password))        // Maak cookie bij inloggen
{
 if ($auto_login)
 {
  setcookie("cookie_username", $username, time()+31536000);
  setcookie("cookie_password", md5($cookie_password), time()+31536000);
 }
 else
 {
  setcookie("cookie_username", $username);
  setcookie("cookie_password", md5($cookie_password));
 }
 header("Location: $PHP_SELF");
}

if ($action == "logout")  // Verwijder cookie bij uitloggen
{
 setcookie("cookie_username", "");
 setcookie("cookie_password", "");
 header("Location: $PHP_SELF");
}

function access_check($input_username, $input_password)
{
 global $use_login, $username, $password;

 if ($use_login && $input_username == $username && $input_password == md5($password))
  return 1;
 else if (!$use_login)
  return 1;
 else
  return 0;

}

$path = stripslashes($path);

if (stristr($path, "../") || stristr($path, "..\\")) // Protectie tegen hackers
 $path = false;

if ($home_dir) $home_dir = realpath($home_dir)."/";
else if (!$home_dir && $os == 2)
 $home_dir = dirname($SCRIPT_FILENAME)."/";

if ($path == "/" || $path == "./" || $path == "\\" || $path == ".\\")
 $path = false;

if (is_dir($home_dir.$path))
{
 foreach($ignore_directory_strings as $match)
  if (stristr(basename($path), $match))
   $action = "access_denied";
}
else if (is_file($home_dir.$path))
{
 foreach($ignore_file_strings as $match)
  if (stristr(basename($path), $match))
   $action = "access_denied";

 $ext = strtolower(substr(strrchr(basename($path), "."),1));
 foreach($ignore_file_extensions as $extension)
  if ($ext == $extension)
   $action = "access_denied";
}

print "<html>";
 print "<head>";
  print "<title>Online Edit Systeem V. 2</title>";
  print "<link rel='stylesheet' href='css.css' type='text/css'>";
 print "</head>";
 print "<body link='#0000FF' alink='#0000FF' vlink='#0000FF' bgcolor='#FFFFFF'><center>";
 print "<font class='headline'>Online Edit Systeem $version</font>";
 if ($use_login && $cookie_username && $cookie_password)
  print "<br><font class='logout'><a href='$PHP_SELF?action=logout'>.:Uitloggen:.</a></font>";
 print "<div class='line_top'>&nbsp;</div>";

if ($action == "access_denied")
{
 print "<a href='$PHP_SELF?path='>.:Terug:.</a><br><br>";
 print "<b>ERROR:</b> U heeft geen toegang.<br><br>";
 print "U heeft geen toegang tot deze directory/files.";
}

else if ($action == "rename_prompt" && $allow_rename && access_check($cookie_username, $cookie_password))
{
 print "<a href='$PHP_SELF?path=".htmlentities(rawurlencode(dirname($path)))."/'>.:Terug:.</a><br>";
 print "<form action='$PHP_SELF?action=rename' method=post>";
 print "Kies een nieuwe naam voor de directory of file:<br><br>";
 print "<input type=text size=30 name=newname value=\"".htmlentities(basename($home_dir.$path))."\">&nbsp;";
 print "<input type=submit value='Wijzig naam'>";
 print "<input type=hidden name=oldname value='".htmlentities(rawurlencode(basename($path)))."'>";
 print "<input type=hidden name=path value='".htmlentities(rawurlencode(dirname($path)))."'></form>";
}
else if ($action == "rename" && $allow_rename && access_check($cookie_username, $cookie_password))
{

 $path = stripslashes(rawurldecode($path));
 $oldname = stripslashes(rawurldecode($oldname));
 $newname = stripslashes(rawurldecode($newname));

 print "<a href='$PHP_SELF?path=".htmlentities(rawurlencode($path))."/'>.:Terug:.</a><br><br>";

 print "Directory of file wijzigen...<br>";
 if (file_exists($home_dir.$path."/".$newname))
  print "<font color='#CC0000'>Deze naam is al in gebruik.</font>";
 else
 {
  if (stristr($newname, "../") || stristr($newname, "..\\"))
   print "<font color='#CC0000'>Ongeldige directory of bestandsnaam.</font>";
  else if (@rename($home_dir.$path."/".$oldname, $home_dir.$path."/".$newname))
   print "<font color='#009900'>De naam is succesvol gewijzigd!</font>";
  else
   print "<font color='#CC0000'>Er is een fout opgetreden.</font>";
 }
}

else if ($action == "clear_temp" && $allow_view && access_check($cookie_username, $cookie_password))
{
 $open = opendir("./tmp/");
 while (($file = readdir($open)) != false)
  if (is_file("./tmp/$file")) @unlink("./tmp/$file");
 closedir($open);
 print "<a href='$PHP_SELF?path=".htmlentities(rawurlencode(dirname($path)))."/'>.:Terug:.</a><br><br>";
 print "Bezig met verwijderen van tijdelijke bestanden...<br>";
 print "<font color='#009900'>Tijdelijke bestanden zijn verwijderd!</font><br><br>";
 print "Klik op de link om terug te gaan.";
}
else if ($action == "view" && $allow_view && access_check($cookie_username, $cookie_password))
{
 if (!isset($zoom)) $zoom = false;
 if (!isset($zoom_factor)) $zoom_factor        = false;

 $tempname = $temp_dir.basename($path);
 if (!file_exists($tempname)) @copy($home_dir.$path, "$tempname");
 if (!($image = @getimagesize($tempname)))
 {
  print "<a href='$PHP_SELF?path=".htmlentities(rawurlencode(dirname($path)))."/'>.:Terug:.</a><br><br>";
  print "<font color='#CC0000'>Fout met openen van het plaatje.</font><br><br>";
  print "Dit kan komen doordat dit plaatje een ongeldige extensie heeft<br>";
  print "of er is geen lees en schrijf toegang tot deze map.<br>";
  print "Bekijk config.php voor meer informatie.";
 }
 else
 {
  if ($zoom == "in") $zoom_factor++;
  if ($zoom == "out") $zoom_factor--;

  if (!$zoom) $zoom = 0;
  if (!$zoom_factor) $zoom_factor = 0;

  $open = opendir(dirname($home_dir.$path));
  for($i=0;($file = readdir($open)) != false;$i++)
  {
   $ext = strtolower(substr(strrchr($file, "."),1));
   $is_image = false;
   foreach($image_files as $extension)
    if ($ext == $extension)
     $is_image = true;
   if (is_file(dirname($home_dir.$path)."/".$file) && $is_image)
    $files[$i] = $file;
  }
  closedir($open);
  @sort($files);

  if (count($files)>1)
  {
   for($i=0;$files[$i]!=basename($path);$i++);

   if ($i==0) $prev = $i+count($files)-1;
   else $prev = $i-1;
   if ($i==(count($files)-1)) $next = $i-count($files)+1;
   else $next = $i+1;
  }

  print "<br>";
  print "<table cellspacing=1 cellpadding=0 class='menu'>";
   if (count($files)>1) print "<td width=125><a href='$PHP_SELF?action=view&path=".htmlentities(rawurlencode(dirname($path)))."/".$files[$prev]."' class='menu'>&lt;&lt; Vorige</a></td>";
   else print "<td width=125><a href='$PHP_SELF?action=view&path=".htmlentities(rawurlencode($path))."' class='menu'>&lt;&lt; Vorige</a></td>";
   print "<td width=125><a href='$PHP_SELF?action=view&path=".htmlentities(rawurlencode($path))."&zoom=in&zoom_factor=$zoom_factor' class='menu'>::Inzoomen::</a></td>";
   print "<td width=125><a href='$PHP_SELF?action=clear_temp&path=".htmlentities(rawurlencode($path))."' class='menu'>::Terug::</a></td>";
   print "<td width=125><a href='$PHP_SELF?action=view&path=".htmlentities(rawurlencode($path))."&zoom=out&zoom_factor=$zoom_factor' class='menu'>::Uitzoomen::</a></td>";
   if (count($files)>1) print "<td width=125><a href='$PHP_SELF?action=view&path=".htmlentities(rawurlencode(dirname($path)))."/".$files[$next]."' class='menu'>Volgende &gt;&gt;</a></td>";
   else print "<td width=125><a href='$PHP_SELF?action=view&path=".htmlentities(rawurlencode($path))."' class='menu'>Volgende &gt;&gt;</a></td>";
  print "</tr></table><br>";

  print "<table width=600 cellspacing=0 cellpadding=0>";
   print "<tr class='bold'>";
    print "<td>Bestandsnaam</td>";
    print "<td align=center width=130>Echte grootte</td>";
    print "<td align=center width=130>Virtuele grootte</td>";
    print "<td align=center width=50>Schaal</td>";
   print "</tr><tr>";
    print "<td>".basename($path)."</td>";
    print "<td align=center width=130>$image[0]*$image[1]</td>";
    print "<td align=center width=130>".$image[0]*pow(2,$zoom_factor)."*".$image[1]*pow(2,$zoom_factor)."</td>";
    if (pow(2,$zoom_factor) >= 1)
     print "<td align=center width=50>".pow(2,$zoom_factor).":1</td>";
    else
     print "<td align=center width=50>1:".pow(2,-$zoom_factor)."</td>";
   print "</tr>";
  print "</table><br>";

  print "<img src='".dirname($tempname)."/".rawurlencode(basename($tempname))."' width='".$image[0]*pow(2,$zoom_factor)."' height='".$image[1]*pow(2,$zoom_factor)."'>";

 }
}

else if ($action == "upload_prompt" && $allow_upload && access_check($cookie_username, $cookie_password))
{
 print "<a href='$PHP_SELF?path=".htmlentities(rawurlencode($path))."'>.:Terug:.</a><br>";
 print "<form action='$PHP_SELF?action=upload' method=post enctype=multipart/form-data>";
 print "De bestanden worden geplaats in: <font color='#FF0000'>".htmlentities($home_dir.$path)."</font><br>";
 print "Selecteer de bestanden die je wilt uploaden:<br><br>";
 print "<table>";
  print "<tr><td>Bestand 1:</td><td><input type=file name=upload[] size=30></td></tr>";
  print "<tr><td>Bestand 2:</td><td><input type=file name=upload[] size=30></td></tr>";
  print "<tr><td>Bestand 3:</td><td><input type=file name=upload[] size=30></td></tr>";
  print "<tr><td>Bestand 4:</td><td><input type=file name=upload[] size=30></td></tr>";
 print "</table>";
 print "<input type=submit value=Upload><input type=hidden name=path value='".htmlentities(rawurlencode($path))."'>";
 print "</form>";
}
else if ($action == "upload" && $allow_upload && access_check($cookie_username, $cookie_password))
{
 $failed = false;
 $path = stripslashes(rawurldecode($path));

 print "<a href='$PHP_SELF?path=".htmlentities(rawurlencode($path))."'>.:Terug:.</a><br><br>";
 print "Bezig met uploaden...<br><br>";

 print "<table cellspacing=0 cellpadding=0>";
 for($i=0;$i<=3;$i++)
 {
  if (@move_uploaded_file($_FILES['upload']['tmp_name'][$i], $home_dir.$path.$_FILES['upload']['name'][$i]))
   print "<tr><td width='250'>Uploading ".$_FILES['upload']['name'][$i]."...</td><td width='50' align='center'>[<font color='#009900'>OK!</font>]</td></tr>";
  else if ($_FILES['upload']['name'][$i])
  {
   print "<tr><td width='250'>Uploading ".$_FILES['upload']['name'][$i]."...</td><td width='50' align='center'>[<font color='#CC0000'>ERROR!</font>]</td></tr>";
  $failed = true;
  }
 }
 print "</table><br>";

 if ($failed)
  print "<font color='#CC0000'>Sommige bestanden zijn niet gelukt.</font>";
 else
  print "<font color='#009900'>Alle bestanden zijn succesvol geupload!</font>";
}

else if ($action == "create_directory_prompt" && $allow_create && access_check($cookie_username, $cookie_password))
{
 print "<a href='$PHP_SELF?path=".htmlentities(rawurlencode($path))."'>.:Terug:.</a><br>";
 print "<form action='$PHP_SELF?action=create_directory' method=post>";
 print "De nieuwe directory wordt geplaatst in: <font color='#FF0000'>".htmlentities($home_dir.$path)."</font><br>";
 print "Kies een naam voor de nieuwe directory:<br><br>";
 print "<input type=text size=30 name=dirname>&nbsp;";
 print "<input type=submit value='Maak directory'>";
 print "<input type=hidden name=path value='".htmlentities(rawurlencode($path))."'></form>";
}
else if ($action == "create_directory" && $allow_create && access_check($cookie_username, $cookie_password))
{
 $path = stripslashes(rawurldecode($path));

 print "<a href='$PHP_SELF?path=".htmlentities(rawurlencode($path))."'>.:Terug:.</a><br><br>";
 print "Nieuwe directory maken...<br>";
 if (stristr($dirname, "../") || stristr($dirname, "..\\"))
  print "<font color='#CC0000'>Ongeldige directory naam.</font>";
 else if (file_exists($home_dir.$path.$dirname))
  print "<font color='#CC0000'>Deze naam is al in gebruik.</font>";
 else if (@mkdir($home_dir.$path.$dirname, 0700))
  print "<font color='#009900'>De directory is aangemaakt!</font>";
 else
  print "<font color='#CC0000'>De directory is niet aangemaakt.</font>";
}

else if ($action == "create_file_prompt" && $allow_create && access_check($cookie_username, $cookie_password))
{
 print "<a href='$PHP_SELF?path=".htmlentities(rawurlencode($path))."'>.:Terug:.</a><br>";
 print "<form action='$PHP_SELF?action=create_file' method=post>";
 print "Het nieuwe bestand wordt geplaatst in: <font color='#FF0000'>".htmlentities($home_dir.$path)."</font><br>";
 print "Kies een naam voor het nieuwe bestand:<br><br>";
 print "<input type=text size=30 name=filename>&nbsp;";
 print "<input type=submit value='Maak bestand'>";
 print "<input type=hidden name=path value='".htmlentities(rawurlencode($path))."'></form>";
}
else if ($action == "create_file" && $allow_create && access_check($cookie_username, $cookie_password))
{
 $path = stripslashes(rawurldecode($path));

 print "<a href='$PHP_SELF?path=".htmlentities(rawurlencode($path))."'>.:Terug:.</a><br><br>";
 print "Nieuw bestand aanmaken...<br>";
 if (file_exists($home_dir.$path.$filename))
  print "<font color='#CC0000'>Naam is al in gebruik.</font>";
 else
 {
  if (stristr($filename, "../") || stristr($filename, "..\\"))
   print "<font color='#CC0000'>Ongeldige naam.</font>";
  else if (@fopen($home_dir.$path.$filename, "w+"))
  {
   print "<font color='#009900'>Het bestand is aangemaakt!</font>";
   $file_created = true;
  }
  else
   print "<font color='#CC0000'>Het bestand is niet aangemaakt.</font>";
 }
 if ($file_created == true && $allow_edit) print "<br><br><a href='$PHP_SELF?action=edit&path=".htmlentities(rawurlencode($path.$filename))."'>.:Pas uw nieuwe bestand aan:.</a>";
}

else if ($action == "delete_directory_verify" && $allow_delete && access_check($cookie_username, $cookie_password))
{
 print "Weet u zeker dat u deze directory wilt verwijderen?<br><br>";
 print "<font color='#FF0000'>".htmlentities($home_dir.$path)."</font><br><br>";
 print "Onthoud dat de directory leeg moet zijn en dat<br>";
 print "u schrijf toegang moet hebben!<br><br>";
 print "<a href='$PHP_SELF?action=delete_directory&path=".htmlentities(rawurlencode($path))."'>Ja</a> of ";
 print "<a href='$PHP_SELF?path=".htmlentities(rawurlencode(dirname($path)))."/'>Annuleren</a>";
}
else if ($action == "delete_directory" && $allow_delete && access_check($cookie_username, $cookie_password))
{
 print "<a href='$PHP_SELF?path=".htmlentities(rawurlencode(dirname($path)))."/'>.:Terug:.</a><br><br>";
 print "Directory verwijderen...<br>";
 if (@rmdir($home_dir.$path))
  print "<font color='#009900'>Directory is verwijderd!</font>";
 else
 {
  print "<font color='#CC0000'>Directory is niet verwijderd.</font><br><br>";
  print "Weet u zeker dat deze directory leeg is<br>";
  print "en dat u schrijf toegang heeft?";
 }
}

else if ($action == "delete_file_verify" && $allow_delete && access_check($cookie_username, $cookie_password))
{
 print "Weet u zeker dat u dit bestand wilt verwijderen?<br><br>";
 print "<font color='#FF0000'>".htmlentities($home_dir.$path)."</font><br><br>";
 print "<a href='$PHP_SELF?action=delete_file&path=".htmlentities(rawurlencode($path))."'>Ja</a> of ";
 print "<a href='$PHP_SELF?path=".htmlentities(rawurlencode(dirname($path)))."/'>Annuleren</a>";
}
else if ($action == "delete_file" && $allow_delete && access_check($cookie_username, $cookie_password))
{
 print "<a href='$PHP_SELF?path=".htmlentities(rawurlencode(dirname($path)))."/'>.:Terug:.</a><br><br>";
 print "Bestand verwijderen...<br>";
 if (@unlink($home_dir.$path))
  print "<font color='#009900'>Bestand is verwijderd!</font>";
 else
 {
  print "<font color='#CC0000'>Bestand is niet verwijderd.</font><br><br>";
  print "Weet u zeker dat u schrijf toegang heeft<br>";
  print "en dat dit bestand niet is beveiligd?";
 }
}

else if ($action == "download_verify" && $allow_download && access_check($cookie_username, $cookie_password))
{
 print "Weet u zeker dat u dit bestand wilt downloaden?<br><br>";
 print "<font color='#FF0000'>".htmlentities($home_dir.$path)."</font><br><br>";
 print "<a href='$PHP_SELF?action=download&path=".htmlentities(rawurlencode($path))."'>Ja</a> of ";
 print "<a href='$PHP_SELF?path=".htmlentities(rawurlencode(dirname($path)))."/'>Annuleren</a>";
}
else if ($action == "download" && $allow_download && access_check($cookie_username, $cookie_password))
{
 print "<a href='$PHP_SELF?path=".htmlentities(rawurlencode(dirname($path)))."/'>.:Terug:.</a><br><br>";
 print "Bestand downloaden...<br>";
 if (@copy($home_dir.$path, $download_dir.basename($path)))
 {
  print "<font color='#009900'>Het bestand is verplaatst naar de download map!<br><br></font>";
  print "Klik op de onderstaande link om het te downloaden<br><br>";
    print "<a href='".$download_dir.rawurlencode(basename($path))."'>".$download_dir.basename($path)."</a>";
 }
 else
 {
  print "<font color='#CC0000'>Bestand kan niet worden verplaatst.</font><br><br>";
  print "Dit kan komen doordat er geen publieke toegang is<br>";
  print "controleer config.php voor meer informatie";
 }
}

else if ($action == "edit" && $allow_edit && access_check($cookie_username, $cookie_password))
{
 $path = stripslashes(rawurldecode($path));

 print "<form action='$PHP_SELF?action=save' method=post>";
 print "<a href='$PHP_SELF?path=".htmlentities(rawurlencode(dirname($path)))."/'>.:Terug:.</a><br>";
 print "<textarea cols=100 rows=27 name=text wrap=off>";

 $fp = fopen ($home_dir.$path, "rb");
 $text = fread ($fp, filesize($home_dir.$path));
 fclose ($fp);
 print htmlentities($text);

 print "</textarea>";
 print "<br><br><input type=hidden name=path value='".htmlentities(rawurlencode($path))."'>";
 print "<input type=reset value='Reset bestand'>&nbsp;<input type=submit value='Opslaan'>";
 print "</form>";
}
else if ($action == "save" && $allow_edit && access_check($cookie_username, $cookie_password))
{
 $path = stripslashes(rawurldecode($path));

 print "<a href='$PHP_SELF?path=".htmlentities(rawurlencode(dirname($path)))."/'>.:Terug:.</a><br><br>";
 print "Bestand opslaan...<br>";

 $fp = fopen ($home_dir.$path, "wb");
 $text = stripslashes($text);
 if (fwrite($fp, $text)!=-1)
  print "<font color='#009900'>Bestand is opgeslagen.</font>";
 else
  print "<font color='#CC0000'>Bestand is niet opgeslagen.</font>";
 fclose($fp);
}

else if (access_check($cookie_username, $cookie_password))
{

if (!$path && $os == "1" && !$home_dir)
 {
  print "<table class='list'>";
   print "<tr bgcolor='#CCCCCC'>";
    print "<td width=100>Schijf</b></td>";
    print "<td width=75 align=right>Vrij</b></td>";
    print "<td width=20 align=right>&nbsp;</b></td>";
    print "<td width=75 align=right>Totaal</b></td></td>";
   print "</tr>";

  for ($char='C';$char<=$max_drive;$char++)
  {
   if ($open = @opendir($char.":"))
    {
     $totalspace = number_format(round(disk_total_space($char.":")/1024/1024, 0), 0, ",", ".");
     $freespace = number_format(round(disk_free_space($char.":")/1024/1024, 0), 0, ",", ".");

     print "<tr>";
      print "<td width=20><a href='$PHP_SELF?path=$char:/'><img src='images/drive.gif' border=0>&nbsp;$char</td>";
      print "<td width=75 align=right>$freespace MB</td>";
      print "<td width=20 align=right>/</td>";
      print "<td width=75 align=right>$totalspace MB</td>";
     print "</tr>";

     closedir($open);
    }
  }
  print "</table>";
 }

else if (@opendir($home_dir.$path))
 {
  print "<font class='current'>Huidige directory: ".htmlentities($home_dir.$path)."</font></font><br><br>";

  print "<table cellspacing=1 cellpadding=0 class='menu'>";
   if ($allow_create) print "<td width=175><a href='$PHP_SELF?action=create_directory_prompt&path=".htmlentities(rawurlencode($path))."' class='menu'>::Maak nieuwe directory::</a></td>";
   if ($allow_create) print "<td width=175><a href='$PHP_SELF?action=create_file_prompt&path=".htmlentities(rawurlencode($path))."' class='menu'>::Maak nieuw bestand::</a></td>";
   if ($allow_upload) print "<td width=175><a href='$PHP_SELF?action=upload_prompt&path=".htmlentities(rawurlencode($path))."' class='menu'>::Upload bestanden::</a></td>";
  print "</tr></table><br>";

  print "<table border=1 bordercolor='#000000' cellspacing=0 cellpadding=5 class='list'>";
   print "<tr>";
    print "<td width=250 valign=top>";

     $open = opendir($home_dir.$path);
     for($i=0;($dir = readdir($open)) != false;$i++)
      if (is_dir($home_dir.$path.$dir) && $dir != "." && $dir != "..")
       $dirs[$i] = $dir;
     closedir($open);

     print "<table width=100% class='list'>";

      print "<tr class='info'>";
       print "<td width=20>&nbsp;</td>";
       print "<td>Directory naam</td>";
       if ($allow_rename) print "<td align='center' width=20>&nbsp;</td>";
       if ($allow_delete) print "<td align='center' width=20>&nbsp;</td>";
      print "</tr>";

      print "<tr>";
       print "<td width=20><a href='$PHP_SELF?path=".htmlentities(rawurlencode($path))."'><img src='images/folder.gif' border=0></a></td>";
       print "<td><a href='$PHP_SELF?path=".htmlentities(rawurlencode($path))."'>$current_name</a></td>";
       print "<td width=20 align=right>&nbsp;</td><td width=20 align=right>&nbsp;</td>";
      print "</tr>";

     $parent = dirname($path)."/";

      print "<tr>";
       print "<td width=20><a href='$PHP_SELF?path=".htmlentities(rawurlencode($parent))."'><img src='images/folder.gif' border=0></a></td>";
       print "<td><a href='$PHP_SELF?path=".htmlentities(rawurlencode($parent))."'>$parent_name</a></td>";
       print "<td width=20 align=right>&nbsp;</td><td width=20 align=right>&nbsp;</td>";
      print "</tr>";

     @sort($dirs);
     if ($dirs) foreach($dirs as $dir)
     {

      $ignore = false;

      foreach($ignore_directory_strings as $match)
       if (stristr($dir, $match))
        $ignore = true;

      if (!$ignore)
      {
       print "<tr>";
        print "<td width=20><a href='$PHP_SELF?path=".htmlentities(rawurlencode($path.$dir))."/'><img src='images/folder.gif' border=0 alt='Open'></a></td>";
        print "<td><a href='$PHP_SELF?path=".htmlentities(rawurlencode($path.$dir))."/'>".htmlentities($dir)."</a></td>";
        if ($allow_rename) print "<td width=20 align=center><a href='$PHP_SELF?action=rename_prompt&path=".htmlentities(rawurlencode($path.$dir))."/'><img src='images/rename.gif' border=0 alt='Wijzig naam'></a></td>";
        if ($allow_delete) print "<td width=20 align=center><a href='$PHP_SELF?action=delete_directory_verify&path=".htmlentities(rawurlencode($path.$dir))."/''><img src='images/delete.gif' border=0 alt='Verwijder directory'></a></td>";
       print "</tr>";
      }
     }

     print "</table>";
    print "&nbsp;</td>";

    $icon = false;
    $text = false;

    print "<td width=500 valign=top>";

     print "<table width=100% class='list'>";
      print "<tr class='info'>";
       print "<td width=20>&nbsp;</td>";
       print "<td>Bestandsnaam</td>";
       print "<td align='right' width=75>Grootte</td>";
       print "<td align='center' width=110>Wijzigingen</td>";
       if ($allow_rename) print "<td align='center' width=20>&nbsp;</td>";
       if ($allow_download) print "<td align='center' width=20>&nbsp;</td>";
       if ($allow_delete) print "<td align='center' width=20>&nbsp;</td>";
      print "</tr>";

     $open = opendir($home_dir.$path);
     for($i=0;($file = readdir($open)) != false;$i++)
      if (is_file($home_dir.$path.$file))
       $files[$i] = $file;
     closedir($open);
     @sort($files);

     if ($files) foreach($files as $file)
     {
      $ext = strtolower(substr(strrchr($file, "."),1));

      $ignore = false;

      foreach($ignore_file_strings as $match)
       if (stristr($file, $match))
        $ignore = true;

      foreach($ignore_file_extensions as $extension)
       if ($ext == $extension)
        $ignore = true;

      foreach($text_files as $extension)
      {
       if ($ext == $extension)
       {
        $icon = "<td width=20><a href='$PHP_SELF?action=edit&path=".htmlentities(rawurlencode($path.$file))."'><img src='images/text.gif' border=0 alt='Aanpassen'></a></td>";
        $text = "<td><a href='$PHP_SELF?action=edit&path=".htmlentities(rawurlencode($path.$file))."'>".htmlentities($file)."</a></td>";
       }
      }
      foreach($image_files as $extension)
      {
       if ($ext == $extension)
       {
        $icon = "<td width=20><a href='$PHP_SELF?action=view&path=".htmlentities(rawurlencode($path.$file))."'><img src='images/image2.gif' border=0 alt='Bekijk'></a></td>";
        $text = "<td><a href='$PHP_SELF?action=view&path=".htmlentities(rawurlencode($path.$file))."'>".htmlentities($file)."</a></td>";
       }
      }
      foreach($archive_files as $extension)
      {
       if ($ext == $extension)
        $icon = "<td width=20><img src='images/compressed.gif' alt='Gecomprimeerd'></a></td>";
      }
      foreach($sound_files as $extension)
      {
       if ($ext == $extension)
        $icon = "<td width=20><img src='images/sound2.gif' alt='Geluid'></a></td>";
      }
      foreach($binary_files as $extension)
      {
       if ($ext == $extension)
        $icon = "<td width=20><img src='images/binary.gif' alt='Binair'></a></td>";
      }

      if (!$ignore)
      {
       print "<tr>";

        if ($icon) print $icon;
        else print "<td width=20><img src='images/unknown.gif' alt='Onbekend'></td>";
        if ($text) print $text;
        else print "<td>".htmlentities($file)."</td>";

        print "<td width=75 align=right>";
         $filesize = filesize($home_dir.$path.$file);
         if ($filesize >= 1073741824) print number_format($filesize/1024/1024/1024, 2, ',', '.')."&nbsp;GB";
         else if ($filesize >= 1048576) print number_format($filesize/1024/1024, 2, ',', '.')."&nbsp;MB";
         else if ($filesize >= 1024) print number_format($filesize/1024, 2, ',', '.')."&nbsp;KB";
         else print number_format($filesize, 0, ',', '.')."&nbsp;B";
        print "</td>";

        $modified = date("H:i d-m-Y",filemtime($home_dir.$path.$file));
        print "<td width=110 align=right>$modified</td>";

        if ($allow_rename) print "<td width=20 align='center'><a href='$PHP_SELF?action=rename_prompt&path=".htmlentities(rawurlencode($path.$file))."'><img src='images/rename.gif' border=0 alt='Wijzig naam'></a></td>";
        if ($allow_download) print "<td width=20 align='center'><a href='$PHP_SELF?action=download_verify&path=".htmlentities(rawurlencode($path.$file))."'><img src='images/download.gif' border=0 alt='Download'></a></td>";
        if ($allow_delete) print "<td width=20 align='center'><a href='$PHP_SELF?action=delete_file_verify&path=".htmlentities(rawurlencode($path.$file))."'><img src='images/delete.gif' border=0 alt='Verwijder'></a></td>";
       print "</tr>";
      }
     $icon = false;
     $text = false;
     }
   print "</table>";
  print "&nbsp;</td></tr></table>";
 }

 else
 {
  print "<a href='$PHP_SELF?path='>.:Terug:.</a><br><br>";
  print "<b>ERROR:</b> Kan het pad niet openen.<br><br>";
  print "<font color='#CC0000'>".$home_dir.$path."</font>";
 }
}

else
{
 print "<font class='bold'>Inloggen:</font><br><br>";
 print "<table>";
 print "<form action='$PHP_SELF' method=post>";
  print "<tr>";
   print "<td>Gebruikersnaam:</td>";
   print "<td><input name='cookie_username' size=20></td>";
  print "</tr>";
  print "<tr>";
   print "<td>Wachtwoord:</td>";
   print "<td><input type='password' name='cookie_password' size=20></td>";
  print "</tr>";
  print "<tr>";
   print "<td>&nbsp;</td>";
   print "<td><input type=submit value=Login></td>";
  print "</tr>";
 print "</table></form>";
}
?>
Mustang
 

Return to XAMPP for Windows

Who is online

Users browsing this forum: No registered users and 139 guests