Exemplo n.º 1
0
function net2ftp_module_printBody()
{
    // --------------
    // This function prints the browse screen ($state2=="main") or the directory popup screen ($state2=="popup")
    // For the browse screen ($state2=="main"), 2 template files are called
    // --------------
    // -------------------------------------------------------------------------
    // Global variables
    // -------------------------------------------------------------------------
    global $net2ftp_settings, $net2ftp_globals, $net2ftp_messages, $net2ftp_result;
    // -------------------------------------------------------------------------
    // Check if the directory name contains \' and if it does, print an error message
    // Note: these directories cannot be browsed, but can be deleted
    // -------------------------------------------------------------------------
    //	if (strstr($directory, "\'") != false) {
    //		$errormessage = __("Directories with names containing \' cannot be displayed correctly. They can only be deleted. Please go back and select another subdirectory.");
    //		setErrorVars(false, $errormessage, debug_backtrace(), __FILE__, __LINE__);
    //		return false;
    //	}
    // -------------------------------------------------------------------------
    // Variables
    // With status update if $state2=="main"
    // -------------------------------------------------------------------------
    // ------------------------------------
    // Open connection
    // ------------------------------------
    if ($net2ftp_globals["state2"] == "main") {
        setStatus(2, 10, __("Connecting to the FTP server"));
    }
    $conn_id = ftp_openconnection();
    if ($net2ftp_result["success"] == false) {
        return false;
    }
    // ------------------------------------
    // Get raw list of directories and files; parse the raw list and return a nice list
    // This function may change the current $directory; a warning message is returned in that case
    // ------------------------------------
    if ($net2ftp_globals["state2"] == "main") {
        setStatus(4, 10, __("Getting the list of directories and files"));
    }
    $list = ftp_getlist($conn_id, $net2ftp_globals["directory"]);
    if ($net2ftp_result["success"] == false) {
        return false;
    }
    // ------------------------------------
    // Close connection
    // ------------------------------------
    ftp_closeconnection($conn_id);
    // ------------------------------------
    // Sort the list
    // ------------------------------------
    $list_directories = sort_list($list["directories"]);
    $list_files = sort_list($list["files"]);
    $list_symlinks = sort_list($list["symlinks"]);
    $list_unrecognized = sort_list($list["unrecognized"]);
    $warning_directory = $list["stats"]["warnings"];
    $directory = $list["stats"]["newdirectory"];
    $directory_html = htmlEncode2($directory);
    $directory_url = urlEncode2($directory);
    $directory_js = javascriptEncode2($directory);
    $updirectory = upDir($directory);
    $updirectory_html = htmlEncode2($updirectory);
    $updirectory_url = urlEncode2($updirectory);
    $updirectory_js = javascriptEncode2($updirectory);
    // ------------------------------------
    // Calculate the list of HTTP URLs
    // ------------------------------------
    if ($net2ftp_globals["state2"] == "main") {
        $list_links_js = ftp2http($net2ftp_globals["directory"], $list_files, "no");
        $list_links_url = ftp2http($net2ftp_globals["directory"], $list_files, "yes");
    }
    // ------------------------------------
    // Consumption message
    // ------------------------------------
    $warning_consumption = "";
    if (checkConsumption() == false) {
        $warning_consumption .= "<b>" . __("Daily limit reached: you will not be able to transfer data") . "</b><br /><br />\n";
        $warning_consumption .= __("In order to guarantee the fair use of the web server for everyone, the data transfer volume and script execution time are limited per user, and per day. Once this limit is reached, you can still browse the FTP server but not transfer data to/from it.") . "<br /><br />\n";
        $warning_consumption .= __("If you need unlimited usage, please install net2ftp on your own web server.") . "<br />\n";
    }
    // ------------------------------------
    // Browse message
    // ------------------------------------
    if ($net2ftp_settings["message_browse"] != "" && $net2ftp_settings["message_browse"] != "Setting message_browse does not exist") {
        $warning_message = $net2ftp_settings["message_browse"];
    }
    // ------------------------------------
    // Directory tree
    // ------------------------------------
    $directory_exploded = explode("/", stripDirectory($directory));
    if ($directory != "/" && checkAuthorizedDirectory("/") == true) {
        $directory_tree = "<a href=\"javascript:submitBrowseForm('/','','browse','main');\">root</a> ";
    } else {
        $directory_tree = "root ";
    }
    $directory_goto = "";
    for ($i = 0; $i < sizeof($directory_exploded) - 1; $i++) {
        $directory_goto = glueDirectories($directory_goto, $directory_exploded[$i]);
        $directory_goto_url = urlEncode2($directory_goto);
        if (checkAuthorizedDirectory($directory_goto) == true) {
            $directory_tree .= "/<a href=\"javascript:submitBrowseForm('" . $directory_goto_url . "','','browse','main');\">" . htmlEncode2($directory_exploded[$i]) . "</a> ";
        } else {
            $directory_tree .= "/" . $directory_exploded[$i] . " ";
        }
    }
    $directory_tree .= "/" . $directory_exploded[sizeof($directory_exploded) - 1];
    // ------------------------------------
    // Language
    // ------------------------------------
    $language_onchange = "document.BrowseForm.language.value=document.forms['BrowseForm'].language2.options[document.forms['BrowseForm'].language2.selectedIndex].value; submitBrowseForm('{$directory_js}', '', 'browse', 'main');";
    // ------------------------------------
    // Skin
    // ------------------------------------
    $skin_onchange = "document.BrowseForm.skin.value=document.forms['BrowseForm'].skin2.options[document.forms['BrowseForm'].skin2.selectedIndex].value; submitBrowseForm('{$directory_js}', '', 'browse', 'main');";
    // ------------------------------------
    // $rowcounter counts the total nr of rows
    // ------------------------------------
    $rowcounter = 0;
    // ------------------------------------
    // Column spans
    // ------------------------------------
    $action_colspan = 1;
    if ($net2ftp_settings["functionuse_view"] == "yes") {
        $action_colspan++;
    }
    if ($net2ftp_settings["functionuse_edit"] == "yes") {
        $action_colspan++;
    }
    if ($net2ftp_settings["functionuse_update"] == "yes") {
        $action_colspan++;
    }
    // Total nr of columns
    $total_colspan = $action_colspan + 9;
    // ------------------------------------
    // Name, Type, Size, ...
    // Determine the sort criteria and direction (ascending/descending)
    // ------------------------------------
    $sortArray["dirfilename"]["text"] = __("Name");
    $sortArray["type"]["text"] = __("Type");
    $sortArray["size"]["text"] = __("Size");
    $sortArray["owner"]["text"] = __("Owner");
    $sortArray["group"]["text"] = __("Group");
    $sortArray["permissions"]["text"] = __("Perms");
    $sortArray["mtime"]["text"] = __("Mod Time");
    $icon_directory = $net2ftp_globals["application_rootdir_url"] . "/skins/" . $net2ftp_globals["skin"] . "/images/mime";
    // Loop over all the sort possibilities
    while (list($key, $value) = each($sortArray)) {
        // The list is sorted by the current $key
        // Print the icon representing the current sortorder
        // Print the link to sort using the other sortorder
        if ($net2ftp_globals["sort"] == $key) {
            // Ascending
            if ($net2ftp_globals["sortorder"] == "ascending") {
                $sortArray[$key]["title"] = __("Click to sort by %1\$s in descending order", $value["text"]);
                $sortArray[$key]["onclick"] = "do_sort('" . $key . "','descending');";
                $icon = "ascend.png";
                $alt = __("Ascending order");
            } else {
                $sortArray[$key]["title"] = __("Click to sort by %1\$s in ascending order", $value["text"]);
                $sortArray[$key]["onclick"] = "do_sort('" . $key . "','ascending');";
                $icon = "descend.png";
                $alt = __("Descending order");
            }
        } else {
            $sortArray[$key]["title"] = __("Click to sort by %1\$s in ascending order", $value["text"]);
            $sortArray[$key]["onclick"] = "do_sort('" . $key . "','ascending');";
            $icon = "";
            $alt = "";
        }
        // The icon to be printed is determined above
        // Now, print the full HTML depending on the browser agent, version and platform
        if ($icon != "") {
            if ($net2ftp_globals["browser_agent"] == "IE" && ($net2ftp_globals["browser_version"] == "5.5" || $net2ftp_globals["browser_version"] == "6") && $net2ftp_globals["browser_platform"] == "Win") {
                $sortArray[$key]["icon"] = "<img src=\"{$icon_directory}/spacer.gif\"   alt=\"{$alt}\" style=\"border: 0px; width: 16px; height: 16px; filter: progid:DXImageTransform.Microsoft.AlphaImageLoader(src='{$icon_directory}/{$icon}', sizingMethod='scale');\" />\n";
            } else {
                $sortArray[$key]["icon"] = "<img src=\"{$icon_directory}/{$icon}\"        alt=\"{$alt}\" style=\"border: 0px; width: 16px; height: 16px;\" />\n";
            }
        } else {
            $sortArray[$key]["icon"] = "";
        }
    }
    // ------------------------------------
    // popup - FormAndFieldname
    // ------------------------------------
    if (isset($_POST["FormAndFieldName"]) == true) {
        $FormAndFieldName = validateGenericInput($_POST["FormAndFieldName"]);
    } else {
        $FormAndFieldName = "";
    }
    // ------------------------------------
    // Action URL
    // Used for Up, Subdirectories, Files (download + actions)
    // ------------------------------------
    $action_url = printPHP_SELF("actions");
    // ------------------------------------
    // Data transfer statistics
    // Print this only if the consumption statistics are available (logging must be on, using a MySQL database)
    // ------------------------------------
    if (isset($net2ftp_globals["consumption_ipaddress_datatransfer"]) == true || isset($net2ftp_globals["consumption_ftpserver_datatransfer"]) == true) {
        $print_consumption = true;
        $consumption_ipaddress_datatransfer = formatFilesize($net2ftp_globals["consumption_ipaddress_datatransfer"]);
        $consumption_ftpserver_datatransfer = formatFilesize($net2ftp_globals["consumption_ftpserver_datatransfer"]);
    } else {
        $print_consumption = false;
    }
    // ------------------------------------
    // HTTP URL
    // ------------------------------------
    $list_files_tmp[1]["dirfilename_url"] = "";
    $httplink = ftp2http($directory, $list_files_tmp, "no");
    // -------------------------------------------------------------------------
    // Print the output - part 2
    // -------------------------------------------------------------------------
    if ($net2ftp_globals["state2"] == "main") {
        setStatus(6, 10, __("Printing the list of directories and files"));
        require_once $net2ftp_globals["application_skinsdir"] . "/" . $net2ftp_globals["skin"] . "/browse_main.template.php";
    } elseif ($net2ftp_globals["state2"] == "popup") {
        require_once $net2ftp_globals["application_skinsdir"] . "/" . $net2ftp_globals["skin"] . "/browse_popup.template.php";
    }
}
Exemplo n.º 2
0
function checkAuthorization($ftpserver, $ftpserverport, $directory, $username)
{
    // --------------
    // This function
    //    checks if the FTP server is in the list of those that may be accessed
    //    checks if the FTP server is in the list of those that may NOT be accessed
    //    checks if the IP address is in the list of banned IP addresses
    //    checks if the FTP server port is in the allowed range
    // If all is OK, then the user may continue...
    // --------------
    // -------------------------------------------------------------------------
    // Global variables
    // -------------------------------------------------------------------------
    global $net2ftp_globals, $net2ftp_settings, $net2ftp_result;
    // -------------------------------------------------------------------------
    // Check if the FTP server is in the list of those that may be accessed
    // -------------------------------------------------------------------------
    if ($net2ftp_settings["allowed_ftpservers"][1] != "ALL") {
        $result1 = array_search($ftpserver, $net2ftp_settings["allowed_ftpservers"]);
        if ($result1 == false) {
            $errormessage = __("The FTP server <b>%1\$s</b> is not in the list of allowed FTP servers.", $ftpserver);
            setErrorVars(false, $errormessage, debug_backtrace(), __FILE__, __LINE__);
            return false;
        }
    }
    // -------------------------------------------------------------------------
    // Check if the FTP server is in the list of those that may NOT be accessed
    // -------------------------------------------------------------------------
    if (isset($net2ftp_settings["banned_ftpservers"][1]) == true && $net2ftp_settings["banned_ftpservers"][1] != "NONE") {
        $result2 = array_search($ftpserver, $net2ftp_settings["banned_ftpservers"]);
        if ($result2 != false) {
            $errormessage = __("The FTP server <b>%1\$s</b> is in the list of banned FTP servers.", $ftpserver);
            setErrorVars(false, $errormessage, debug_backtrace(), __FILE__, __LINE__);
            return false;
        }
    }
    // -------------------------------------------------------------------------
    // Check if the FTP server port is OK
    // -------------------------------------------------------------------------
    // Do not perform this check if ALL ports are allowed
    if ($net2ftp_settings["allowed_ftpserverport"] != "ALL") {
        // Report the error if another port nr has been entered than the one which is allowed
        if ($ftpserverport != $net2ftp_settings["allowed_ftpserverport"]) {
            $errormessage = __("The FTP server port %1\$s may not be used.", $ftpserverport);
            setErrorVars(false, $errormessage, debug_backtrace(), __FILE__, __LINE__);
            return false;
        }
    }
    // -------------------------------------------------------------------------
    // Check if the IP address is in the list of those that may be used
    // -------------------------------------------------------------------------
    if ($net2ftp_settings["allowed_addresses"][1] != "ALL") {
        $result3 = false;
        for ($i = 1; $i <= sizeof($net2ftp_settings["allowed_addresses"]); $i++) {
            if (checkIPinNetwork($net2ftp_globals["REMOTE_ADDR"], $net2ftp_settings["allowed_addresses"][$i]) == true) {
                $result3 = true;
            }
        }
        if ($result3 == false) {
            $errormessage = __("Your IP address (%1\$s) is not in the list of allowed IP addresses.", $net2ftp_globals["REMOTE_ADDR"]);
            setErrorVars(false, $errormessage, debug_backtrace(), __FILE__, __LINE__);
            return false;
        }
    }
    // -------------------------------------------------------------------------
    // Check if the IP address is in the list of those that may NOT be used
    // -------------------------------------------------------------------------
    if (isset($net2ftp_settings["banned_addresses"][1]) == true && $net2ftp_settings["banned_addresses"][1] != "NONE") {
        $result4 = false;
        for ($i = 1; $i <= sizeof($net2ftp_settings["banned_addresses"]); $i++) {
            if (checkIPinNetwork($net2ftp_globals["REMOTE_ADDR"], $net2ftp_settings["banned_addresses"][$i]) == true) {
                $result4 = true;
            }
        }
        if ($result4 != false) {
            $errormessage = __("Your IP address (%1\$s) is in the list of banned IP addresses.", $net2ftp_globals["REMOTE_ADDR"]);
            setErrorVars(false, $errormessage, debug_backtrace(), __FILE__, __LINE__);
            return false;
        }
    }
    // -------------------------------------------------------------------------
    // Check if the directory is authorised:
    // 1 - Whether the current $directory name contains a banned keyword.
    // 2 - If the current $directory is a subdirectory of the homedirectory.
    //     The rootdirectory is first checked for the current user; if this is not set,
    //     the default rootdirectory is checked.
    // -------------------------------------------------------------------------
    $result4 = checkAuthorizedDirectory($directory);
    if ($net2ftp_result["success"] == false) {
        return false;
    }
    if ($result4 == false) {
        $net2ftp_globals["directory"] = $net2ftp_globals["homedirectory"];
        $net2ftp_globals["directory_html"] = htmlEncode2($net2ftp_globals["directory"]);
        $net2ftp_globals["directory_js"] = javascriptEncode2($net2ftp_globals["directory"]);
        if (strlen($net2ftp_globals["directory"]) > 0) {
            $net2ftp_globals["printdirectory"] = $net2ftp_globals["directory"];
        } else {
            $net2ftp_globals["printdirectory"] = "/";
        }
    }
    // -------------------------------------------------------------------------
    // If everything is OK, return true
    // -------------------------------------------------------------------------
    return true;
}