function getDav()
{
global $gbl, $sgbl, $login, $ghtml;
$string = null;
$bdir = "/home/httpd/{$this->main->nname}/__webdav";
lxfile_mkdir($bdir);
foreach ($this->main->__var_davuser as $k => $v) {
$file = get_file_from_path($k);
$file = "{$bdir}/{$file}";
$string .= "\t<Location {$k}>\n";
$string .= "\t\tDAV On\n";
$string .= "\t\tAuthType Basic\n";
$string .= "\t\tAuthName \"WebDAV Restricted\"\n";
$string .= "\t\tAuthUserFile {$file}\n";
$string .= "\t\t<Limit HEAD GET POST OPTIONS PROPFIND>\n";
$string .= "\t\t\tAllow from all\n";
$string .= "\t\t</Limit>\n";
$string .= "\t\t<Limit MKCOL PUT DELETE LOCK UNLOCK COPY MOVE PROPPATCH>\n";
$string .= "\t\t\tallow from all\n";
$string .= "\t\t</Limit>\n";
$string .= "\t\tRequire valid-user\n";
$string .= "\t</Location>\n\n";
}
return $string;
}
function getDav()
{
global $gbl, $sgbl, $login, $ghtml;
$string = null;
$bdir = "/home/httpd/{$this->main->nname}/__webdav";
lxfile_mkdir($bdir);
foreach ($this->main->__var_davuser as $k => $v) {
$file = get_file_from_path($k);
$dbf = "/tmp/{$file}.db";
$file = "{$bdir}/{$file}";
lxfile_touch($file);
$string .= "\$HTTP[\"url\"] =~ \"^{$k}(\$|/)\" {\n";
$string .= "webdav.activate = \"enable\"\n";
$string .= "webdav.is-readonly = \"disable\"\n";
$string .= "auth.backend = \"htpasswd\"\n";
$string .= "auth.backend.htpasswd.userfile = \"{$file}\"\n";
$string .= "webdav.sqlite-db-name = \"{$dbf}\"\n";
$string .= "auth.require = ( \"\" => ( \"method\" => \"basic\",\n";
$string .= "\"realm\" => \"webdav\",\n";
$string .= "\"require\" => \"valid-user\" ) )\n";
$string .= "}\n";
}
return $string;
}
function createHtpasswordFile($object, $sdir, $list)
{
$dir = "__path_httpd_root/{$object->main->getParentName()}/{$sdir}/";
$loc = $object->main->directory;
$file = get_file_from_path($loc);
$dirfile = "{$dir}/{$file}";
if (!lxfile_exists($dir)) {
lxfile_mkdir($dir);
lxfile_unix_chown($dir, $object->main->__var_username);
}
$fstr = null;
foreach ($list as $k => $p) {
$cr = crypt($p);
$fstr .= "{$k}:{$cr}\n";
}
dprint($fstr);
lfile_write_content($dirfile, $fstr, $object->main->__var_username);
lxfile_unix_chmod($dirfile, "0755");
}
check_status(ACCESS_GUEST);
function do_error($code, $str)
{
error_log($code . ' ' . $str . ' ' . filter_input(INPUT_SERVER, 'REMOTE_ADDR'));
set_status_header($code);
echo $str;
exit;
}
function get_file_from_path($path)
{
$match = [];
\preg_match('/\\d{4}\\/\\d{2}\\/\\d{2}\\/(pwg_representative\\/)?(\\d{14}-[0-9a-f]{8})/', $path, $match);
return isset($match[1]) ? $match[1] : null;
}
$path = filter_input(INPUT_SERVER, 'REQUEST_URI', FILTER_SANITIZE_URL);
$file_part = get_file_from_path($path);
if (!$file_part) {
do_error(400, 'Invalid request - path');
}
$query = 'SELECT * FROM ' . IMAGES_TABLE . ' WHERE path LIKE \'%' . pwg_db_real_escape_string($file_part) . '%\' LIMIT 1;';
$element_info = pwg_db_fetch_assoc(pwg_query($query));
if (empty($element_info)) {
//make sure reply is the same for forbidden and nonexisiting files
do_error(401, 'Access denied');
}
// $filter['visible_categories'] and $filter['visible_images']
// are not used because it's not necessary (filter <> restriction)
$query = '
SELECT id
FROM ' . CATEGORIES_TABLE . '
INNER JOIN ' . IMAGE_CATEGORY_TABLE . ' ON category_id = id
