function show_dir($dir, $pos = '', $files = array())
{
    $handle = @opendir($dir);
    if (is_resource($handle)) {
        while (($file = readdir($handle)) !== false) {
            if (preg_match('~^\\.{1,2}$~', $file)) {
                continue;
            }
            if (is_dir($dir . $file)) {
                $files = show_dir($dir . $file . '/', $dir . $file, $files);
            } else {
                $files[] = substr($pos, strpos($pos, '/') + 1) . '/' . $file;
            }
        }
        closedir($handle);
    }
    return $files;
}
function show_dir($dir, $pos = '', $files = array())
{
    global $gallery_config, $results, $images_per_loop, $albums_tree, $city_ids, $club_ids;
    $handle = @opendir($dir);
    if (is_resource($handle)) {
        while (($file = readdir($handle)) !== false && $images_per_loop < 10) {
            if (preg_match('~^\\.{1,2}$~', $file)) {
                continue;
            }
            $album_path = substr($dir . $file, strripos($dir . $file, 'massimport/') + 11);
            $album_path = explode('/', $album_path);
            if (is_dir($dir . $file)) {
                if (isset($album_path[0])) {
                    //echo $album_path[0] . '/';
                    if (!isset($albums_tree[$album_path[0]])) {
                        // Create album - City
                        $parent_id = 0;
                        $album = create_new_album($parent_id, $album_path[0], ALBUM_CAT);
                        $albums_tree[$album_path[0]] = array();
                        $city_ids[$album_path[0]] = $album;
                    }
                }
                if (isset($album_path[1])) {
                    //echo $album_path[1] . '/';
                    if (!isset($albums_tree[$album_path[0]][$album_path[1]])) {
                        // Create album - City > Club
                        $parent_id = $city_ids[$album_path[0]]['album_id'];
                        $album = create_new_album($parent_id, $album_path[1], ALBUM_CAT);
                        $albums_tree[$album_path[0]][$album_path[1]] = array();
                        $club_ids[$album_path[0]][$album_path[1]] = $album;
                    }
                }
                if (isset($album_path[2])) {
                    //echo $album_path[2] . '/';
                    if (!isset($albums_tree[$album_path[0]][$album_path[1]][$album_path[2]])) {
                        // Create album - City > Club > Date
                        $parent_id = $club_ids[$album_path[0]][$album_path[1]]['album_id'];
                        $album = create_new_album($parent_id, $album_path[2], ALBUM_UPLOAD);
                        $albums_tree[$album_path[0]][$album_path[1]][$album_path[2]] = $album;
                    }
                    //echo ' ' . $albums_tree[$album_path[0]][$album_path[1]][$album_path[2]];
                }
                //echo '<br />';
                $files = show_dir($dir . $file . '/', $dir . $file, $files);
            } else {
                //echo substr($pos, strpos($pos, '/') + 1) . '/' . $file . '<br />';
                if (substr(strtolower($file), '-4') == '.png' && $gallery_config['png_allowed'] || substr(strtolower($file), '-4') == '.gif' && $gallery_config['gif_allowed'] || substr(strtolower($file), '-4') == '.jpg' && $gallery_config['jpg_allowed']) {
                    if ($images_per_loop < 10) {
                        $results[] = utf8_encode($pos . '/' . $file);
                        $images_per_loop++;
                    }
                }
            }
        }
        closedir($handle);
    }
    return $files;
}
Example #3
0
            $files[$entry] = $entry;
        } else {
            if (is_dir($BASE_DIR . $FILE_ROOT . $entry) && substr($entry, 0, 1) != '.') {
                $folders[$entry] = $FILE_ROOT . $entry;
            }
        }
    }
    $d->close();
    if (count($folders) > 0 || count($files) > 0) {
        //now sort the folders and files by name.
        ksort($files);
        ksort($folders);
        draw_table_header();
        for ($i = 0; $i < count($folders); $i++) {
            $folder_name = key($folders);
            show_dir($folders[$folder_name], $folder_name);
            next($folders);
        }
        for ($i = 0; $i < count($files); $i++) {
            $file_name = key($files);
            show_file($files[$file_name]);
            if (($i + 1) % 4 == 0) {
                newRow();
            }
            next($files);
        }
        draw_table_footer();
    } else {
        draw_no_results();
    }
} else {
Example #4
0
            $file_inode = fileinode($file);
            $tbl_body .= "<td><input type='checkbox' name='file_cb[]' value='{$file_inode}' onclick='file_checked(this)' /></td>";
            $tbl_body .= "<td>" . date("Y-m-d H:i:s", filectime($file)) . "</td>";
            $tbl_body .= "<td><a href='{$file_url}' target='_blank'>" . basename($file) . "</a></td>";
            $tbl_body .= "<td>" . filesize($file) . "KB</td>";
            $tbl_body .= "<td><a href='javascript:void(0);' onclick='del_action(\"{$file}\");'>Delete</a></td>";
            //$tbl_body .= "<td><a href='./sendmail.php?file={$urlenc_file}' target='_blank'>Send Email</a></td>";
            $tbl_body .= "<td><a href='javascript:void(0);' onclick='send_action(\"{$file_inode}\");' target='_blank'>Send Email</a></td>";
            $tbl_body .= "</tr>";
        }
        $i++;
    }
    echo $tbl_body;
}
$host = "http://" . $_SERVER['SERVER_NAME'] . "/huahua/";
show_dir("store/", $host);
?>
	</tbody>

	<tfoot>
	</tfoot>

</table>
&nbsp;&nbsp;<input type="button" id="sendsel_btn" name="sendsel_btn" value="Send" onclick="sendsel_action()" />&nbsp;&nbsp;&nbsp;&nbsp;
<!--input type="button" id="deletesel_btn" name="deletesel_btn" value="Delete" onclick="deletesel_action()" /-->&nbsp;&nbsp;&nbsp;&nbsp;

</form>

<script src="js/jquery.js"></script>
<script src="js/jquery.blockUI.js"></script>
<script>
Example #5
0
function browser()
{
    global $conf;
    if (isset($_GET['path']) && !empty($_GET['path']) && is_dir(getcwd() . '/' . $conf['path'] . '/' . $_GET['path']) && $_GET['path'][0] != '.' && strpos($_GET['path'], '..') === false) {
        show_dir($_GET['path']);
    } else {
        show_dir();
    }
}
Example #6
0
<!DOCTYPE html>
<html>
	<head>
		<meta http-equiv="content-type" content="text/html;charset=utf-8">

<?php 
$host = "http://" . $_SERVER['SERVER_NAME'];
function show_dir($file_dir)
{
    $dir_hd = @opendir($file_dir) or die("can't open:{$file_dir}");
    while (($file = readdir($dir_hd)) !== false) {
        $file = $file_dir . "/" . $file;
        if (is_dir($file)) {
            // dir
        } else {
            echo "<a href='{$host}/{$file}'>" . basename($file) . "</a>" . "    " . filesize($file) . "KB</br>";
        }
    }
}
show_dir("./store/");
?>

	</head>
</html>

Example #7
0
$mp06610771 = prot('boinc_master', 'boinc_project', '0661 or 0771');
$mp06640775 = prot('boinc_master', 'boinc_project', '0664 or 0775');
$mm2555 = prot('boinc_master', 'boinc_master', '0555');
$mm6555 = prot('boinc_master', 'boinc_master', '0555+setuid+setgid');
$ua0555 = prot('(installing user)', 'admin', '0555');
$colors = array('ddddff', 'ccccff', 'bbbbff');
function show_dir($level, $name, $prot, $contents)
{
    global $colors;
    $color = $colors[$level];
    $x = "\n        <table bgcolor={$color} cellpadding=6 cellspacing=0 border=1 width=100%>\n        <tr>\n            <td valign=top><b>{$name}</b> <font size=-1>{$prot}</font></td><td valign=top>\n    ";
    for ($i = 0; $i < sizeof($contents); $i++) {
        if ($i) {
            $x .= '<br>';
        }
        $c = $contents[$i];
        $x .= $c;
    }
    $x .= "\n        </td></tr>\n        </table>\n    ";
    return $x;
}
function show_file($name, $prot)
{
    return "\n            {$name} <font size=-1>{$prot}</font><br>\n    ";
}
echo "\n\n<p>\nOur design uses two users and two groups,\nboth specially created for use by BOINC.\nThese users and groups are created by the installation process.\n<ul>\n<li>Group: <b>boinc_master</b>\n<li>Group: <b>boinc_project</b>\n<li>User: <b>boinc_master</b>\n<ul>\n<li>Primary group: <b>boinc_master</b>\n<li>Supplementary groups: none\n</ul>\n<li>User: <b>boinc_project</b>\n<ul>\n<li>Primary group: <b>boinc_project</b>\n<li>Supplementary groups: none\n</ul>\n</ul>\nOn Mac OS X, <b>boinc_project</b> and <b>boinc_master</b>\nare added to the Supplementary Groups Lists of those other users\nwho are members of group <b>admin</b>.\nThis gives admin users full access to all BOINC and project files.\n<p>\nThe following diagram shows user, group and permissions\nfor the BOINC file and directory tree:\n<p>\n";
echo show_dir(0, 'BOINC data', $mm0771, array(show_dir(1, 'projects', $mp0770, array(show_dir(2, 'setiathome.berkeley.edu', $mp0775, array(show_file('files created by BOINC Client', $mp06610771), show_file('files created by project apps', $pp06610771), show_file('running BOINC installer changes all files to', $mp06610771))))), show_dir(1, 'slots', $mp0770, array(show_dir(2, '0', $mp0775, array(show_file('files created by BOINC Client', $mp06610771), show_file('files created by project apps', $pp06610771), show_file('running BOINC installer changes all files to', $mp06610771))))), show_dir(1, 'switcher (directory)', $mm0550, array(show_file('switcher (executable)', $rm4050), show_file('setprojectgrp (executable)', $mp2500))), show_dir(1, 'locale', $mm0555, array(show_dir(2, 'de', $mm0555, array(show_file('BOINC Manager.mo', $mm0444), show_file('wxstd.mo', $mm0444))))), show_file('account_*.xml', $mm0660), show_file('acct_mgr_login.xml', $mm0660), show_file('client_state.xml', $mm0660), show_file('gui_rpc_auth.cfg', $mm0660), show_file('sched_reply*', $mm0660), show_file('sched_request*', $mm0660), show_file('ss_config.xml', $mm0664)));
echo "<br><br>";
echo show_dir(0, 'BOINC executables', $ua0555, array(show_file('BOINC Manager', $mm2555), show_file('BOINC Client', $mm6555), show_dir(1, 'screensaver (directory)', $ua0555, array(show_file('gfx_switcher (executable)', $rm4555)))));
echo "\n\n<p>Implementation notes:\n\n<ul>\n<li>BOINC Client runs setuid and setgid to <b>boinc_master:boinc_master</b>.  \n<li>BOINC Client uses the helper application <i>setprojectgrp</i> to \nset project and slot files and directories to group <b>boinc_project</b>.  \n<li>BOINC Client does not directly execute project applications.\nIt runs the helper application <i>switcher</i>, \npassing the request in the argument list.\n<i>switcher</i> runs setuid <b>root</b> and immediately changes its real and \neffective user ID and group ID to <b>boinc_project</b>,\nso all project applications inherit user and group <b>boinc_project</b>.  \nThis blocks project applications from accessing unauthorized files.\n<li>In most cases, it is best to avoid running setuid <b>root</b> because \nit can present a security risk.  In this case, however, this is necessary to \n<i>reduce</i> the risk because only the superuser can change the <i>real</i> \nuser and group of a process.  This prevents a malicious or malfunctioning \napplication from reverting to the user and group who launched BOINC, since any \nprocess can change its user and group back to the <i>real</i> user and \ngroup IDs.\n<li>BOINC's use of setuid <b>root</b> for the <i>switcher</i> application is \nsafe because:\n<ul>\n<li>The <i>switcher</i> application is inside the <i>switcher</i> directory.\nThis directory is accessible only by user and group <b>boinc_master</b>,\nso that project applications cannot modify the <i>switcher</i> \napplication's permissions or code.  This also prevents unauthorized users \nfrom using <i>switcher</i> to damage or manipulate project files.\n<li>The <i>switcher</i> application is readable and executable only by \ngroup <b>boinc_master</b>; all other access is forbidden.\n<li>When it is run, the <i>switcher</i> application immediately changes \nits real and effective user ID and group ID to <b>boinc_project</b>, disabling \nits superuser privileges.\n</ul>\n<li>As of BOINC Version 6.10.5, BOINC Manager no longer runs setgid to group \n<b>boinc_master</b>, because Mac OS 10.6 does not allow it.  So it can be run \nonly by users who are members of group <b>boinc_master</b>. By default, the \nBOINC installer automatically adds all users who are members of group \n<b>admin</b> to group <b>boinc_master</b>, and optionally adds non-admin \nusers to group <b>boinc_master</b>.  The Manager runs as the user who \nlaunched it, which is necessary for a number of GUI features to work correctly.  \nAlthough this means that BOINC Manager cannot modify files created by project \napplications, there is no need for it to do so.  \n<li>Starting with BOINC version 6.0, project science applications use a \nseparate companion application to display graphics.  These graphics \napplications are launched by the BOINC Manager when the user clicks on \nthe <i>Show Graphics</i> button.  Running the graphics application \nwith the BOINC Manager's user and group would be a security risk, so \nBOINC Manager uses the <i>switcher</i> application to launch them as \nuser and group <b>boinc_project</b>. \n<li>The screensaver also can run the graphics applications.  The Macintosh \nscreensaver is launched by the operating system, so it runs as the \ncurrently logged in user and group.  Since running the science projects' graphics applications \nwith this user and group would be a security risk, the screensaver has \nits own embedded helper application <i>gfx_switcher</i> which it uses to \nlaunch and kill the graphics applications.  \nLike the <i>switcher</i> application, <i>gfx_switcher</i> runs setuid \n<b>root</b> and immediately changes its real and effective user ID and \ngroup ID to <b>boinc_project</b>.\n<li>Starting with BOINC version 6.7, a default screenaver graphics application \nis provided with BOINC.  The screensaver (now more properly called the \n<b>screensaver coordinator</b>) runs the default graphics alternating with science \ngraphics applications according to a schedule set by the data file ss_config.xml.  \nThe default graphics are run also when no science graphics are available, such as \nwhen BOINC is suspended.  The default graphics executable is run as user and group \n<b>boinc_project</b>.  \n<li>The BOINC screensaver's use of setuid <b>root</b> for the \n<i>gfx_switcher</i> application is safe because:\n<ul>\n<li>When it is run, the <i>gfx_switcher</i> application immediately changes \nits real and effective user ID and group ID to <b>boinc_project</b>, disabling \nits superuser privileges.\n<li>The <i>gfx_switcher</i> application has very limited functionality.  It \naccepts only three commands as its first argument: \n<ul>\n<li><i>launch_gfx</i>: the second argument is the slot number.  It looks for \na soft-link named <b>graphics_app</b> in the specified slot directory and launches \nthe referenced graphics application as user and group <b>boinc_project</b>.\n<li><i>default_gfx</i>: launches the default graphics application <i>boincscr</i> \nin the BOINC data directory as user and group <b>boinc_project</b>.\n<li><i>kill_gfx</i>: the second argument is the process ID.  It kills the \napplication with the process ID; since it is running as user and group \n<b>boinc_project</b>, it can affect only processes belonging to that user.  \nThis is used to exit all screensaver graphics applications.</ul>\n</ul>\n<li>To hide account keys from unauthorized users, BOINC Client sets its umask \nto 006 and (as of versions 6.8.20 and 6.10.30) makes all *.xml files at the top level \ndirectory not world-readable (except ss_config.xml, which must be read by the \nscreensaver coordinator).  This means that third-party add-ons cannot read BOINC \ndata files; they must use GUI RPCs to access BOINC Data.  \n<li>BOINC sets the umask for project applications to 002; the default permissions \nfor all files and directories they create prevent modification outside the \n<b>boinc_project</b> user and group.  \n<li>Files written by projects are world-readable so that the BOINC Client can read \nthem.  But, starting with BOINC versions 6.8.20 and 6.10.30, the slots directory and the projects \ndirectory are executable (traversable) only by user boinc_master and group \nboinc_projects, to prevent unauthorized users from reading account keys from the \ninit_data.xml files. \n<li>Unauthorized users cannot modify BOINC or project files.\n<li>Users with admin access are members of groups <b>boinc_master</b>\nand <b>boinc_project</b> so that they do have \ndirect access to all BOINC and project files\nto simplify maintenance and administration.\n<li>The RPC password file <i>gui_rpc_auth.cfg</i>\nis accessible only by user and group <b>boinc_master</b>.\nIn other words, only BOINC Manager, BOINC Client and authorized \nusers can read or modify it, restricting access to those BOINC RPC functions \nwhich modify BOINC's operation.  \n<li>On Macintosh computers, the actual directory structures\nof the BOINC Manager application bundle and the screensaver bundle are \nmore complex than implied by the box <i>BOINC executables</i> in the \nBOINC tree diagram shown above.\n<li>Some Macintosh system administrators may wish to further limit which users\ncan perform BOINC Manager functions (Activity Menu, etc.).\nThis can be done by moving BOINC Manager out of the\n<b>/Applications</b> directory into a directory with restricted access.\n<li><b>Important information for project developers:</b> The BOINC \ninstaller traverses the BOINC Data directory and sets the users, groups and \npermissions of all files as shown in the above table.  This allows it to \nrepair corrupted permissions.  <b>Note</b> that the BOINC installer will \n<b>change all files and subdirectories</b> in the projects directory, the slots directory, and \nall their subdirectories to <b>user boinc_master</b> and \n<b>group boinc_project</b>.  This means that:\n<ul>\n<li>If a project file needs to be \nexecutable by another project file, its executable-by-group permission bit \n<b>must</b> be set.  The BOINC installer will <i>not</i> alter the \nexecutable-by-user and executable-by-group permission bits of files in these \ndirectories (though it will set these bits for the directories themselves.)\n<li>It is <b>critical</b> that all files and subdirectories under the projects \nand slots directories have both their read-by-owner <b>and</b> read-by-group \npermission bits set, and that all subdirectories have both their \nexecutable-by-owner and executable-by-group permission bits set.\n</ul>\n</ul>\n</p>\n";
page_tail();