//filemanager_title:"Filemanager" ,
//filemanager_access_key:"myPrivateKey" ,
// ...
define('USE_ACCESS_KEYS', True);
// TRUE or FALSE
// add access keys eg: array('myPrivateKey', 'someoneElseKey');
// keys should only containt (a-z A-Z 0-9 \ . _ -) characters
// if you are integrating lets say to a cms for admins, i recommend making keys randomized something like this:
// $username = '******';
// $salt = 'dsflFWR9u2xQa' (a hard coded string)
// $akey = md5($username.$salt);
// DO NOT use 'key' as access key!
// Keys are CASE SENSITIVE!
// connect to mysql using PDO
$pdo = new PDO("mysql:dbname={$dbname};host={$host}", $user, $password);
$um = new userMgr($pdo);
$um->setInnerFetchMode(PDO::FETCH_ASSOC);
$allUid = $um->getAllUid();
$access_keys = array();
if (is_array($allUid)) {
foreach ($allUid as $key => $value) {
array_push($access_keys, $value['uid']);
}
}
array_push($access_keys, 'test');
foreach ($access_keys as $key => $value) {
if (!file_exists($current_path . $value)) {
mkdir($current_path . $value);
}
}
//--------------------------------------------------------------------------------------------------------
$commonDir = $_GET['akey'];
}
$_SESSION['uuid'] = $uuid;
//现在每页已有的文件数
if (!isset($_SESSION['current_file_count'])) {
$_SESSION['current_file_count'] = 20;
}
// $_SESSION['current_file_count']=20;
// echo "<script>alert('{$_SESSION['current_file_count']}')</script>";
//每次加载的文件递增数
if (!isset($_SESSION['file_load_step'])) {
$_SESSION['file_load_step'] = 10;
}
//connect to mysql
$pdo = new PDO("mysql:dbname={$dbname};host={$host}", 'doc', 'doc');
$user = new userMgr($pdo);
$fm = new fileMgr($pdo);
$userPrivilege = $user->getPrivilege($uuid);
$userPrivilege = $userPrivilege['privilege'];
if ($userPrivilege === '0' || !$userPrivilege) {
$delete_files = FALSE;
$create_folders = TRUE;
$delete_folders = FALSE;
$rename_files = FALSE;
$rename_folders = FALSE;
$copy_cut_files = FALSE;
// for copy/cut files
$copy_cut_dirs = FALSE;
// for copy/cut directories
$preview_text_files = TRUE;
// eg.: txt, log etc.
include 'config/config.php';
if ($_SESSION['RF']["verify"] != "RESPONSIVEfilemanager") {
die('forbiden');
}
include 'include/utils.php';
if (isset($_POST['path'])) {
$storeFolder = $_POST['path'];
$storeFolderThumb = $_POST['path_thumb'];
} else {
$storeFolder = $current_path . $_POST["fldr"];
// correct for when IE is in Compatibility mode
$storeFolderThumb = $thumbs_base_path . $_POST["fldr"];
}
$pdo = new PDO("mysql:dbname={$dbname};host={$host}", $user, $password);
$fm = new fileMgr($pdo);
$u = new userMgr($pdo);
$uid = $_SESSION['uuid'];
$tags = "0";
$path_pos = strpos($storeFolder, $current_path);
$thumb_pos = strpos($storeFolderThumb, $thumbs_base_path);
if ($path_pos !== 0 || $thumb_pos !== 0 || strpos($storeFolderThumb, '../', strlen($thumbs_base_path)) !== FALSE || strpos($storeFolderThumb, './', strlen($thumbs_base_path)) !== FALSE || strpos($storeFolder, '../', strlen($current_path)) !== FALSE || strpos($storeFolder, './', strlen($current_path)) !== FALSE) {
die('wrong path');
}
$path = $storeFolder;
$cycle = TRUE;
$max_cycles = 50;
$i = 0;
while ($cycle && $i < $max_cycles) {
$i++;
if ($path == $current_path) {
$cycle = FALSE;