ctrl.php 15 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574
  1. <?php
  2. session_start();
  3. include("config.php");
  4. if(!isset($_SESSION['hostz-user']) or !isset($_SESSION['hostz-passwd'])) { header("Location: index.php"); }
  5. $username = $_SESSION['hostz-user'];
  6. $password = $_SESSION['hostz-passwd'];
  7. //$page_title = "Drive";
  8. //$indir = "true";
  9. //include_once("../data/header.php");
  10. include_once("header.php");
  11. include("users/$username.php");
  12. if($password!=$user_password)
  13. {
  14. $_SESSION['hostz-user'] = null;
  15. $_SESSION['hostz-passwd'] = null;
  16. header("Location: index.php");
  17. }
  18. $strlength = "60";
  19. // Check to see if someone is backtracking in pathfinder
  20. if(isset($_GET['p']))
  21. {
  22. $path = $_GET['p'];
  23. if(stristr($path, "..") == true)
  24. {
  25. header("Location: ctrl.php?action=backtracking_error");
  26. }
  27. }
  28. // Check if usage is below 0, then set to 0
  29. $user_usage = file_get_contents("users/$username.usage");
  30. if($user_usage<0)
  31. {
  32. file_put_contents("users/$username.usage", "0");
  33. }
  34. if(isset($_GET['f']))
  35. {
  36. $file = $_GET['f'];
  37. if(isset($_GET['p']))
  38. {
  39. $path = $_GET['p'];
  40. header("Location: https://ho.st.us.to/$username/$path/$file");
  41. }
  42. else
  43. {
  44. header("Location: https://ho.st.us.to/$username/$file");
  45. }
  46. }
  47. //
  48. // Format Bytes to KBytes, MBytes, GBytes //
  49. //
  50. function tomb($size, $precision = 2)
  51. {
  52. $base = log($size) / log(1024);
  53. $suffixes = array('', 'KB', 'MB', 'GB', 'TB');
  54. return round(pow(1024, $base - floor($base)), $precision) . $suffixes[floor($base)];
  55. }
  56. //
  57. //
  58. // MAIN LOOP //
  59. //
  60. //
  61. if(isset($_GET['action']))
  62. {
  63. $action = $_GET['action'];
  64. if($action=="backtracking_error")
  65. {
  66. $ip = $_SERVER['REMOTE_ADDR'];
  67. if(file_exists("data/log.txt"))
  68. {
  69. $oldcontent = file_get_contents("data/log.txt");
  70. }
  71. else
  72. {
  73. $oldcotent = "";
  74. }
  75. file_put_contents("data/log.txt", $oldcontent . "Backtracking: $ip\n");
  76. echo "<div class='ptitle'>$title: $desc ~ ERROR!</div>\n";
  77. print <<<EOD
  78. <h2>Error!</h2>
  79. This system has found backtracking slashes in the URL. Your IP has been reported to the system administrator. Account suspension could be nessesary.
  80. EOD;
  81. }
  82. if($action=="upload") {
  83. print <<<CSS
  84. <style>
  85. .progress { position:relative; width:400px; border: 1px solid #ddd; padding: 1px; border-radius: 3px; margin: auto; }
  86. .bar { background-color: #008000; width:0%; height:20px; border-radius: 3px; }
  87. .percent { position:absolute; display:inline-block; top:1px; left:48%; vertical-align: center; }
  88. #status { text-align: center; padding: 4px; }
  89. </style>
  90. CSS;
  91. if(isset($_GET['p']))
  92. {
  93. $path = $_GET['p'];
  94. if(stristr($path, "..") == true)
  95. {
  96. header("Location: ctrl.php?action=backtracking_error");
  97. }
  98. else
  99. {
  100. print <<<EOD
  101. <div class='ptitle'>$title: $desc ~ upload</div>
  102. <div id='ctrlnav'><a href='ctrl.php?p=$path'>Back to /$path</a>
  103. <div class="progress">
  104. <div class="bar"></div >
  105. <div class="percent">0%</div >
  106. </div>
  107. <div id="status"></div>
  108. </div>
  109. <table style="margin:auto;">
  110. <form action="upload.php?p=$path" method="post" enctype="multipart/form-data">
  111. <tr>
  112. <td>
  113. <input type="file" name="file[]" id="file" multiple><br>
  114. </td>
  115. <td>
  116. <input type="submit" name="submit" value="Upload">
  117. </td>
  118. </tr>
  119. </form>
  120. </table>
  121. <script src="data/jquery.1.7.js"></script>
  122. <script src="data/jquery.form.js"></script>
  123. <script>
  124. (function() {
  125. var bar = $('.bar');
  126. var percent = $('.percent');
  127. var status = $('#status');
  128. $('form').ajaxForm({
  129. beforeSend: function() {
  130. status.empty();
  131. var percentVal = '0%';
  132. bar.width(percentVal)
  133. percent.html(percentVal);
  134. },
  135. uploadProgress: function(event, position, total, percentComplete) {
  136. var percentVal = percentComplete + '%';
  137. bar.width(percentVal)
  138. percent.html(percentVal);
  139. },
  140. success: function() {
  141. var percentVal = '100%';
  142. bar.width(percentVal)
  143. percent.html(percentVal);
  144. },
  145. complete: function(xhr) {
  146. status.html(xhr.responseText);
  147. }
  148. });
  149. })();
  150. </script>
  151. EOD;
  152. }
  153. }
  154. else
  155. {
  156. print <<<EOD
  157. <div class='ptitle'>$title: $desc ~ upload</div>
  158. <div id='ctrlnav'><a href="ctrl.php">Back to /</a>
  159. <div class="progress">
  160. <div class="bar"></div >
  161. <div class="percent">0%</div >
  162. </div>
  163. <div id="status"></div>
  164. </div>
  165. <table style="margin:auto;">
  166. <form action="upload.php" method="post" enctype="multipart/form-data">
  167. <tr>
  168. <td>
  169. <input type="file" name="file[]" id="file" multiple><br>
  170. </td>
  171. <td>
  172. <input type="submit" name="submit" value="Upload">
  173. </td>
  174. </tr>
  175. </form>
  176. </table>
  177. <script src="data/jquery.1.7.js"></script>
  178. <script src="data/jquery.form.js"></script>
  179. <script>
  180. (function() {
  181. var bar = $('.bar');
  182. var percent = $('.percent');
  183. var status = $('#status');
  184. $('form').ajaxForm({
  185. beforeSend: function() {
  186. status.empty();
  187. var percentVal = '0%';
  188. bar.width(percentVal)
  189. percent.html(percentVal);
  190. },
  191. uploadProgress: function(event, position, total, percentComplete) {
  192. var percentVal = percentComplete + '%';
  193. bar.width(percentVal)
  194. percent.html(percentVal);
  195. },
  196. success: function() {
  197. var percentVal = '100%';
  198. bar.width(percentVal)
  199. percent.html(percentVal);
  200. },
  201. complete: function(xhr) {
  202. status.html(xhr.responseText);
  203. }
  204. });
  205. })();
  206. </script>
  207. EOD;
  208. }
  209. }
  210. // Create a new directory
  211. if($action=="newdir")
  212. {
  213. if(isset($_GET['p']))
  214. {
  215. $path = $_GET['p'];
  216. if(stristr($path, "..") == true)
  217. {
  218. header("Location: ctrl.php?action=backtracking_error");
  219. }
  220. else
  221. {
  222. print <<<EOD
  223. <div class='ptitle'>$title: $desc ~ new directory</div>
  224. <div id='ctrlnav'>
  225. <a href='ctrl.php?p=$path'>Back to /$path</a>
  226. <div class="form">
  227. <form action="ctrl.php?action=donewdir&p=$path" method="post">
  228. <label for="file">Directory Name:</label>
  229. <input type="text" name="dirname" id="dirname"><br>
  230. <input type="submit" name="submit" value="Create">
  231. </form>
  232. </div>
  233. </div>
  234. EOD;
  235. }
  236. }
  237. else
  238. {
  239. echo "<div class='ptitle'>$title: $desc ~ new directory</div>\n";
  240. print <<<EOD
  241. <div id='ctrlnav'>
  242. <a href='ctrl.php'>Back to /</a>
  243. <div class="form">
  244. <form action="ctrl.php?action=donewdir" method="post">
  245. <label for="file">Directory Name:</label>
  246. <input type="text" name="dirname" id="dirname"><br>
  247. <input type="submit" name="submit" value="Create">
  248. </form>
  249. </div>
  250. EOD;
  251. }
  252. }
  253. if($action=="donewdir")
  254. {
  255. if($_POST['dirname']!="")
  256. {
  257. if(isset($_GET['p']))
  258. {
  259. $path = $_GET['p'];
  260. if(stristr($path, "..") == true)
  261. {
  262. header("Location: ctrl.php?action=backtracking_error");
  263. }
  264. else
  265. {
  266. $dirname = $_POST['dirname'];
  267. $badchars = array("*", "'", "\"", "(", ")", "[", "]", "#", "$", "@", "!", "%", "^", "|", "+", "&", "=");
  268. $dirname = stripslashes(htmlentities(str_replace($badchars, '', $dirname)));
  269. if(stristr($dirname, "..") == true)
  270. {
  271. header("Location: ctrl.php?action=backtracking_error");
  272. }
  273. if(file_exists("users/$username/$path/$dirname"))
  274. {
  275. echo "Error: Directory exists.";
  276. }
  277. else
  278. {
  279. if(!preg_match("/^[A-Za-z0-9-_]+$/", $dirname)) {
  280. echo "Only characters A-Z, 0-9, '_' and '-' in directory names";
  281. } else {
  282. mkdir("users/$username/$path/$dirname", 0777);
  283. //file_put_contents("users/$username/$path/$dirname/index.html", "<html><meta http-equiv='refresh' content='o;url=/'></html>");
  284. header("Location: ctrl.php?p=$path");
  285. }
  286. }
  287. }
  288. }
  289. else
  290. {
  291. $dirname = $_POST['dirname'];
  292. $badchars = array("*", "'", "\"", "(", ")", "[", "]", "#", "$", "@", "!", "%", "^", "|", "+", "&", "=");
  293. $dirname = stripslashes(htmlentities(str_replace($badchars, '', $dirname)));
  294. if(file_exists("users/$username/$dirname"))
  295. {
  296. echo "Error: Directory exists.";
  297. }
  298. else
  299. {
  300. if(!preg_match("/^[A-Za-z0-9-_]+$/", $dirname)) {
  301. echo "Characters only A-Z, 0-9, '_' and '-' in directory names";
  302. } else {
  303. mkdir("users/$username/$dirname", 0777);
  304. //file_put_contents("users/$username/$dirname/index.html", "<html><meta http-equiv='refresh' content='o;url=/'></html>");
  305. header("Location: ctrl.php");
  306. }
  307. }
  308. }
  309. }
  310. else
  311. {
  312. echo "Error: No directory name specified.";
  313. }
  314. }
  315. // Remove file methods
  316. if($action=="remove") {
  317. if(isset($_GET['p']))
  318. {
  319. $path = $_GET['p'];
  320. if(stristr($path, "..") == true)
  321. {
  322. header("Location: ctrl.php?action=backtracking_error");
  323. }
  324. else
  325. {
  326. if(is_dir("users/$username/$path")) {
  327. if(isset($_GET['rf']))
  328. {
  329. $file = stripslashes(htmlentities($_GET['rf']));
  330. if(stristr($file, "..") == true)
  331. {
  332. header("Location: ctrl.php?action=backtracking_error");
  333. }
  334. else
  335. {
  336. $filesize = filesize("users/$username/$path/$file");
  337. $usage = file_get_contents("users/$username.usage");
  338. $usage = $usage - $filesize;
  339. if(file_exists("users/$username/$path/$file"))
  340. {
  341. file_put_contents("users/$username.usage", $usage);
  342. unlink("users/$username/$path/$file");
  343. header("refresh: 0,url=ctrl.php?p=$path");
  344. }
  345. else
  346. {
  347. echo "Error: File does not exist";
  348. }
  349. }
  350. } else {
  351. echo "Error: No file specified\n";
  352. }// Close rf check //
  353. }// Close is_dir check //
  354. header("refresh: 0,url=ctrl.php?p=$path");
  355. }
  356. header("refresh: 0,url=ctrl.php?p=$path");
  357. }
  358. else
  359. {
  360. if(isset($_GET['rf']))
  361. {
  362. $file = stripslashes(htmlentities($_GET['rf']));
  363. if(stristr($file, "..") == true)
  364. {
  365. header("Location: ctrl.php?action=backtracking_error");
  366. }
  367. else
  368. {
  369. $filesize = filesize("users/$username/$file");
  370. $usage = file_get_contents("users/$username.usage");
  371. $usage = $usage - $filesize;
  372. if(file_exists("users/$username/$file"))
  373. {
  374. file_put_contents("users/$username.usage", $usage); // Remove file usage
  375. // Form database
  376. unlink("users/$username/$file"); // remove file //
  377. } // Close if, on to else //
  378. else
  379. {
  380. echo "Error: File does not exist"; // Report no file //
  381. }
  382. header("Location: ctrl.php"); // Redirect //
  383. } // END of else bracket //
  384. } // Close rf check //
  385. } // END of else bracket //
  386. }
  387. if($action=="removedir") {
  388. if(isset($_GET['d']))
  389. {
  390. $dir = stripslashes(htmlentities($_GET['d']));;
  391. if(stristr($dir, "..") == true)
  392. {
  393. header("Location: ctrl.php?action=backtracking_error");
  394. }
  395. else
  396. {
  397. if(is_dir("users/$username/$dir"))
  398. {
  399. $dircontent = opendir("users/$username/$dir");
  400. while(false!==($getfile = readdir($dircontent)))
  401. {
  402. if($getfile!=".." && $getfile!=".")
  403. {
  404. $filesize = filesize("users/$username/$dir/$getfile");
  405. $usage = file_get_contents("users/$username.usage");
  406. $usage = $usage - $filesize;
  407. file_put_contents("users/$username.usage", $usage);
  408. unlink("users/$username/$dir/$getfile");
  409. }
  410. }
  411. rmdir("users/$username/$dir");
  412. header("Location: ctrl.php"); // Redirect to main //
  413. } else {
  414. echo "Error: specified path is not a real directory\n";
  415. }// END of is_dir check //
  416. } // END of else //
  417. }
  418. else
  419. {
  420. echo "Error: No directory specified.";
  421. }
  422. }
  423. }
  424. else
  425. {
  426. echo "<div class='ptitle'>$title: $desc ~ file tree</div>\n";
  427. echo "<div id='ctrlnav'>\n";
  428. if(isset($_GET['p']))
  429. {
  430. $path = stripslashes(htmlentities($_GET['p']));
  431. echo "<a href='index.php'>Home</a> &bull; \n";
  432. echo "<a href='ctrl.php'>Back to /</a> &bull; \n";
  433. echo "<a href='ctrl.php?action=upload&p=$path'>Upload</a> &bull; \n";
  434. echo "<a href='ctrl.php?action=newdir&p=$path'>Create Directory</a> \n";
  435. //echo "&bull; <a href='users/$username/$path'>Drive URL</a> ";
  436. echo "&bull; <a href='https://ho.st.us.to/$username/$path'>Web URL</a> &bull; <a href='logout.php'>Logout</a>";
  437. }
  438. else
  439. {
  440. echo "<a href='index.php'>Home</a> &bull; \n";
  441. echo "<a href='ctrl.php?action=upload'>Upload</a> &bull; \n";
  442. echo "<a href='ctrl.php?action=newdir'>Create Directory</a> \n";
  443. //echo "&bull; <a href='users/$username/'>Drive URL</a> ";
  444. echo "&bull; <a href='https://ho.st.us.to/$username'>Web URL</a> &bull; <a href='logout.php'>Logout</a>";
  445. }
  446. //echo "&bull; <a href='users/$username/'>Drive URL</a>";
  447. echo "<br />";
  448. $size = file_get_contents("users/$username.usage");
  449. $size = tomb($size);
  450. $user_max_webspace = tomb($user_max_webspace);
  451. echo "$username ~ $size / $user_max_webspace";
  452. echo "</div><div id='filelist'>\n";
  453. echo "<u>Your virtual disk files:</u><br>";
  454. if(isset($_GET['p']))
  455. {
  456. if(is_dir("users/$username/" . $_GET['p']))
  457. {
  458. $path = stripslashes(htmlentities($_GET['p']));
  459. $userdb = opendir("users/$username/$path");
  460. }
  461. else
  462. {
  463. $undefined_var = "";
  464. }
  465. }
  466. else
  467. {
  468. $userdb = opendir("users/$username");
  469. }
  470. if(isset($userdb))
  471. {
  472. while(false !== ($file = readdir($userdb)))
  473. {
  474. if(isset($path))
  475. {
  476. if(is_dir("users/$username/$path/$file") && $file!=".." && $file!=".")
  477. {
  478. echo "<img src='data/img/folder.png' style='padding-right: 4px;' alt='Folder' /><a href='ctrl.php?p=$path/$file'>";
  479. echo substr($file, 0, $strlength);
  480. if(strlen($file) > $strlength) { echo "..."; }
  481. echo "</a><a style='padding-left: 35px; float:right;' href='ctrl.php?action=removedir&d=$path/$file'>Delete Directory</a><br />\n";
  482. }
  483. else if($file!=".." && $file!=".")
  484. {
  485. echo "<img src='data/img/file.png' style='padding-right: 4px;' alt='File' /><a href='ctrl.php?f=$path/$file'>";
  486. echo substr($file, 0, $strlength);
  487. if(strlen($file) > $strlength) { echo "..."; }
  488. echo "</a><a style='padding-left: 35px; float:right;' href='ctrl.php?action=remove&p=$path&rf=$file'>Delete File</a><br />\n";
  489. }
  490. }
  491. else
  492. {
  493. if(is_dir("users/$username/$file") && $file!=".." && $file!=".")
  494. {
  495. echo "<img src='data/img/folder.png' style='padding-right: 4px;' alt='Folder' /><a href='ctrl.php?p=$file'>";
  496. echo substr($file, 0, $strlength);
  497. if(strlen($file) > $strlength) { echo "..."; }
  498. echo "</a><a style='padding-left: 35px; float:right;' href='ctrl.php?action=removedir&d=$file'>Delete Directory</a><br />\n";
  499. }
  500. else if($file!=".." && $file!=".")
  501. {
  502. echo "<img src='data/img/file.png' style='padding-right: 4px;' alt='File' /><a href='ctrl.php?f=$file'>";
  503. echo substr($file, 0, $strlength);
  504. if(strlen($file) > $strlength) { echo "..."; }
  505. echo "</a><a style='padding-left: 35px; float:right;' href='ctrl.php?action=remove&rf=$file'>Delete File</a><br />\n";
  506. }
  507. }
  508. }
  509. }
  510. else
  511. {
  512. echo "Error: Directory not found";
  513. }
  514. echo "\n</div>\n";
  515. }
  516. include_once("footer.php");
  517. ?>