Example #1
0
/******************************************************************************/
// common functions
require_once 'inc/functions/functions.common.php';
// dir functions
require_once 'inc/functions/functions.dir.php';
// is enabled ?
if ($cfg["enable_rename"] != 1) {
    AuditAction($cfg["constants"]["error"], "ILLEGAL ACCESS: " . $cfg["user"] . " tried to use rename");
    @error("rename is disabled. Action has been logged.", "", "");
}
// init template-instance
tmplInitializeInstance($cfg["theme"], "page.rename.tmpl");
// process move and set vars
if (isset($_REQUEST['start']) && $_REQUEST['start'] == true) {
    $file = UrlHTMLSlashesDecode($_REQUEST['file']);
    $dir = UrlHTMLSlashesDecode($_REQUEST['dir']);
    $sourceDir = $cfg["path"] . $dir;
    // only valid dirs + entries with permission
    if (!(tfb_isValidPath($sourceDir) && tfb_isValidPath($sourceDir . $file) && isValidEntry($file) && hasPermission($dir, $cfg["user"], 'w'))) {
        AuditAction($cfg["constants"]["error"], "ILLEGAL RENAME: " . $cfg["user"] . " tried to rename " . $file . " in " . $dir);
        @error("Illegal rename. Action has been logged.", "", "");
    }
    // template
    $tmpl->setvar('is_start', 1);
    $tmpl->setvar('file', $file);
    $tmpl->setvar('dir', $dir);
    $tmpl->setvar('_REN_FILE', $cfg['_REN_FILE']);
    $tmpl->setvar('_REN_STRING', $cfg['_REN_STRING']);
} else {
    $file = tfb_getRequestVar('fileFrom');
    $fileTo = tfb_getRequestVar('fileTo');
Example #2
0
initRestrictedDirEntries();
// check incoming path
checkIncomingPath();
// to be able to execute shell commands with utf8 accents
if (isset($cfg['_LC_CTYPE'])) {
    setlocale(LC_CTYPE, $cfg['_LC_CTYPE']);
    //"fr_FR.UTF-8" or "de_DE.UTF-8"
}
// get request-vars
$chmod = UrlHTMLSlashesDecode(tfb_getRequestVar('chmod'));
$del = UrlHTMLSlashesDecode(tfb_getRequestVar('del'));
$down = UrlHTMLSlashesDecode(tfb_getRequestVar('down'));
$tar = UrlHTMLSlashesDecode(tfb_getRequestVar('tar'));
$multidel = UrlHTMLSlashesDecode(tfb_getRequestVar('multidel'));
$dir = UrlHTMLSlashesDecode(tfb_getRequestVar('dir'));
$wget_url = UrlHTMLSlashesDecode(tfb_getRequestVar('wget_url'));
// check dir-var
if (tfb_isValidPath($dir) !== true) {
    AuditAction($cfg["constants"]["error"], "ILLEGAL DIR: " . $cfg["user"] . " tried to access " . $dir);
    @error("Invalid Dir", "index.php?iid=dir", "", array($dir));
}
/*******************************************************************************
 * log history
 ******************************************************************************/
function getDownloadLogs($path)
{
    global $cfg, $db;
    $srchAction = "File Download";
    $sqlWhere = "file LIKE " . $db->qstr($path . "%") . " AND ";
    $sqlWhere .= "action LIKE " . $db->qstr($srchAction . "%") . " AND ";
    $sql = "SELECT user_id, file, max(time) as time FROM tf_log WHERE " . $sqlWhere . "action!=" . $db->qstr($cfg["constants"]["hit"]) . " GROUP BY user_id, file ORDER BY time desc";
Example #3
0
    @ob_end_clean();
    @header("location: ../../index.php");
    exit;
}
/******************************************************************************/
// common functions
require_once 'inc/functions/functions.common.php';
// dir functions
require_once 'inc/functions/functions.dir.php';
// is enabled ?
if ($cfg["enable_view_nfo"] != 1) {
    AuditAction($cfg["constants"]["error"], "ILLEGAL ACCESS: " . $cfg["user"] . " tried to use nfo-viewer");
    @error("nfo-viewer is disabled. Action has been logged.", "", "");
}
// target
$file = UrlHTMLSlashesDecode(tfb_getRequestVar("path"));
$path = $cfg["path"] . $file;
// only valid dirs + entries with permission
if (!((tfb_isValidPath($path, ".nfo") || tfb_isValidPath($path, ".txt") || tfb_isValidPath($path, ".log")) && isValidEntry($file) && hasPermission($file, $cfg["user"], 'r'))) {
    AuditAction($cfg["constants"]["error"], "ILLEGAL NFO-ACCESS: " . $cfg["user"] . " tried to view " . $file);
    @error("Illegal access. Action has been logged.", "", "");
}
// init template-instance
tmplInitializeInstance($cfg["theme"], "page.viewnfo.tmpl");
// set vars
$tmpl->setvar('file', $file);
$folder = htmlspecialchars(substr($file, 0, strrpos($file, "/")));
$tmpl->setvar('folder', $folder);
if ($fileHandle = @fopen($path, 'r')) {
    $output = "";
    while (!@feof($fileHandle)) {
Example #4
0
/******************************************************************************/
// common functions
require_once 'inc/functions/functions.common.php';
// dir functions
require_once 'inc/functions/functions.dir.php';
// config
initRestrictedDirEntries();
// check incoming path
checkIncomingPath();
// get request-vars
$chmod = UrlHTMLSlashesDecode(tfb_getRequestVar('chmod'));
$del = UrlHTMLSlashesDecode(tfb_getRequestVar('del'));
$down = UrlHTMLSlashesDecode(tfb_getRequestVar('down'));
$tar = UrlHTMLSlashesDecode(tfb_getRequestVar('tar'));
$multidel = UrlHTMLSlashesDecode(tfb_getRequestVar('multidel'));
$dir = UrlHTMLSlashesDecode(tfb_getRequestVar('dir'));
// check dir-var
if (tfb_isValidPath($dir) !== true) {
    AuditAction($cfg["constants"]["error"], "ILLEGAL DIR: " . $cfg["user"] . " tried to access " . $dir);
    @error("Invalid Dir", "index.php?iid=dir", "", array($dir));
}
/*******************************************************************************
 * chmod
 ******************************************************************************/
if ($chmod != "") {
    // is enabled ?
    if ($cfg["dir_enable_chmod"] != 1) {
        AuditAction($cfg["constants"]["error"], "ILLEGAL ACCESS: " . $cfg["user"] . " tried to use chmod (" . $dir . ")");
        @error("chmod is disabled", "index.php?iid=index", "");
    }
    // only valid entry with permission