/******************************************************************************/ // common functions require_once 'inc/functions/functions.common.php'; // dir functions require_once 'inc/functions/functions.dir.php'; // is enabled ? if ($cfg["enable_rename"] != 1) { AuditAction($cfg["constants"]["error"], "ILLEGAL ACCESS: " . $cfg["user"] . " tried to use rename"); @error("rename is disabled. Action has been logged.", "", ""); } // init template-instance tmplInitializeInstance($cfg["theme"], "page.rename.tmpl"); // process move and set vars if (isset($_REQUEST['start']) && $_REQUEST['start'] == true) { $file = UrlHTMLSlashesDecode($_REQUEST['file']); $dir = UrlHTMLSlashesDecode($_REQUEST['dir']); $sourceDir = $cfg["path"] . $dir; // only valid dirs + entries with permission if (!(tfb_isValidPath($sourceDir) && tfb_isValidPath($sourceDir . $file) && isValidEntry($file) && hasPermission($dir, $cfg["user"], 'w'))) { AuditAction($cfg["constants"]["error"], "ILLEGAL RENAME: " . $cfg["user"] . " tried to rename " . $file . " in " . $dir); @error("Illegal rename. Action has been logged.", "", ""); } // template $tmpl->setvar('is_start', 1); $tmpl->setvar('file', $file); $tmpl->setvar('dir', $dir); $tmpl->setvar('_REN_FILE', $cfg['_REN_FILE']); $tmpl->setvar('_REN_STRING', $cfg['_REN_STRING']); } else { $file = tfb_getRequestVar('fileFrom'); $fileTo = tfb_getRequestVar('fileTo');
initRestrictedDirEntries(); // check incoming path checkIncomingPath(); // to be able to execute shell commands with utf8 accents if (isset($cfg['_LC_CTYPE'])) { setlocale(LC_CTYPE, $cfg['_LC_CTYPE']); //"fr_FR.UTF-8" or "de_DE.UTF-8" } // get request-vars $chmod = UrlHTMLSlashesDecode(tfb_getRequestVar('chmod')); $del = UrlHTMLSlashesDecode(tfb_getRequestVar('del')); $down = UrlHTMLSlashesDecode(tfb_getRequestVar('down')); $tar = UrlHTMLSlashesDecode(tfb_getRequestVar('tar')); $multidel = UrlHTMLSlashesDecode(tfb_getRequestVar('multidel')); $dir = UrlHTMLSlashesDecode(tfb_getRequestVar('dir')); $wget_url = UrlHTMLSlashesDecode(tfb_getRequestVar('wget_url')); // check dir-var if (tfb_isValidPath($dir) !== true) { AuditAction($cfg["constants"]["error"], "ILLEGAL DIR: " . $cfg["user"] . " tried to access " . $dir); @error("Invalid Dir", "index.php?iid=dir", "", array($dir)); } /******************************************************************************* * log history ******************************************************************************/ function getDownloadLogs($path) { global $cfg, $db; $srchAction = "File Download"; $sqlWhere = "file LIKE " . $db->qstr($path . "%") . " AND "; $sqlWhere .= "action LIKE " . $db->qstr($srchAction . "%") . " AND "; $sql = "SELECT user_id, file, max(time) as time FROM tf_log WHERE " . $sqlWhere . "action!=" . $db->qstr($cfg["constants"]["hit"]) . " GROUP BY user_id, file ORDER BY time desc";
@ob_end_clean(); @header("location: ../../index.php"); exit; } /******************************************************************************/ // common functions require_once 'inc/functions/functions.common.php'; // dir functions require_once 'inc/functions/functions.dir.php'; // is enabled ? if ($cfg["enable_view_nfo"] != 1) { AuditAction($cfg["constants"]["error"], "ILLEGAL ACCESS: " . $cfg["user"] . " tried to use nfo-viewer"); @error("nfo-viewer is disabled. Action has been logged.", "", ""); } // target $file = UrlHTMLSlashesDecode(tfb_getRequestVar("path")); $path = $cfg["path"] . $file; // only valid dirs + entries with permission if (!((tfb_isValidPath($path, ".nfo") || tfb_isValidPath($path, ".txt") || tfb_isValidPath($path, ".log")) && isValidEntry($file) && hasPermission($file, $cfg["user"], 'r'))) { AuditAction($cfg["constants"]["error"], "ILLEGAL NFO-ACCESS: " . $cfg["user"] . " tried to view " . $file); @error("Illegal access. Action has been logged.", "", ""); } // init template-instance tmplInitializeInstance($cfg["theme"], "page.viewnfo.tmpl"); // set vars $tmpl->setvar('file', $file); $folder = htmlspecialchars(substr($file, 0, strrpos($file, "/"))); $tmpl->setvar('folder', $folder); if ($fileHandle = @fopen($path, 'r')) { $output = ""; while (!@feof($fileHandle)) {
/******************************************************************************/ // common functions require_once 'inc/functions/functions.common.php'; // dir functions require_once 'inc/functions/functions.dir.php'; // config initRestrictedDirEntries(); // check incoming path checkIncomingPath(); // get request-vars $chmod = UrlHTMLSlashesDecode(tfb_getRequestVar('chmod')); $del = UrlHTMLSlashesDecode(tfb_getRequestVar('del')); $down = UrlHTMLSlashesDecode(tfb_getRequestVar('down')); $tar = UrlHTMLSlashesDecode(tfb_getRequestVar('tar')); $multidel = UrlHTMLSlashesDecode(tfb_getRequestVar('multidel')); $dir = UrlHTMLSlashesDecode(tfb_getRequestVar('dir')); // check dir-var if (tfb_isValidPath($dir) !== true) { AuditAction($cfg["constants"]["error"], "ILLEGAL DIR: " . $cfg["user"] . " tried to access " . $dir); @error("Invalid Dir", "index.php?iid=dir", "", array($dir)); } /******************************************************************************* * chmod ******************************************************************************/ if ($chmod != "") { // is enabled ? if ($cfg["dir_enable_chmod"] != 1) { AuditAction($cfg["constants"]["error"], "ILLEGAL ACCESS: " . $cfg["user"] . " tried to use chmod (" . $dir . ")"); @error("chmod is disabled", "index.php?iid=index", ""); } // only valid entry with permission