function bh_error($message, $type)
{
return bh_log($message, $type);
}
<?php
/*
* ByteHoard 2.1
* Copyright (c) Andrew Godwin & contributors 2004
*
* Module
* $Id: appearance.inc.php,v 1.1 2005/06/17 18:52:00 andrewgodwin Exp $
*
*/
#name Appearance Module
#author Andrew Godwin
#description Lets you choose between skins.
#iscore 1
if (!empty($_GET['setskin'])) {
bh_changeconfig("skin", $_GET['setskin']);
bh_changeconfig("layout", $_GET['setlayout']);
bh_log($bhlang['notice:skin_changed'], "BH_NOTICE");
$bhconfig['skin'] = $_GET['setskin'];
$bhconfig['layout'] = $_GET['setlayout'];
}
$layoutobj = new bhadminlayout("skinslist");
$skins = bh_getskins();
$layoutobj->content1 = $skins;
$layoutobj->content2 = $bhconfig['layout'] . "." . $bhconfig['skin'];
$layoutobj->title = $bhlang['title:appearance'];
$layoutobj->display();
$emailobj->subject = $_POST['filemail']['subject'];
$fileobj = new bhfile($filepath);
$filesize = bh_humanise_filesize($fileobj->fileinfo['filesize']);
$findarr = array("#DATE#", "#LINK#", "#SYSTEMNAME#", "#FILENAME#", "#FILESIZE#", "#MD5#");
$replarr = array(date("l dS F Y g:i A", $expires), bh_filelink_uri($filecode), $bhconfig['sitename'], bh_get_filename($filepath), $filesize, $fileobj->md5());
$emailobj->message = $_POST['filemail']['message'] . "\n\n" . str_replace($findarr, $replarr, $bhlang['email:filemail_footer']);
if (!empty($emailfrom)) {
$emailobj->from = $emailfrom;
}
$emailobj->send();
bh_log(str_replace("#EMAIL#", $email, $bhlang['notice:email_sent_to_#EMAIL#']), "BH_NOTICE");
}
}
}
} else {
bh_log($bhlang['error:expires_invalid'], "BH_ERROR");
}
}
}
# Open layout object
$layoutobj = new bhlayout("generic");
$layoutobj->title = $bhlang['title:filemail'];
$layoutobj->content1 = $str . "<br><br><a href='javascript:history.go(-1);'>" . $bhlang['button:back'] . "</a>";
$layoutobj->display();
} else {
$filename = bh_get_filename($filepath);
# Pass the filepath and filename to the layout.
# Open layout object
$layoutobj = new bhlayout("filelinkform");
# Generate the select box for the expiry time.
# Send the file listing to the layout, along with directory name
}
}
if ($_GET['action'] == "reject") {
$regrows = select_bhdb("registrations", array("regid" => $_GET['regid'], "username" => $_GET['username']), "");
if (empty($regrows)) {
log_bh($bhlang['error:registration_doesnt_exist'], "BH_ERROR");
} else {
# Delete the reg row
delete_bhdb("registrations", array("regid" => $_GET['regid'], "username" => $_GET['username']));
# Email the user
$emailobj = new bhemail($regrows[0]['email']);
$emailobj->subject = str_replace("#SITENAME#", $bhconfig['sitename'], $bhlang['emailsubject:registration_rejected']);
$emailobj->message = str_replace("#USERNAME#", $regrows[0]['username'], $bhlang['email:registration_rejected']);
$emailaway = $emailobj->send();
# All done. Say so.
bh_log(str_replace("#USER#", $_GET['username'], $bhlang['notice:#USER#_rejected']), "BH_NOTICE");
}
}
}
if ($bhconfig['signupmoderation'] == 0) {
$layout = new bhadminlayout("generic");
$layout->content1 = $bhlang['notice:registration_moderation_off'];
$layout->title = $bhlang['title:registrations_administration'];
$layout->display();
} else {
$layout = new bhadminlayout("regslist");
$registrations = select_bhdb("registrations", array("status" => "1"), "");
$layout->content1 = $registrations;
$layout->title = $bhlang['title:registrations_administration'];
$layout->display();
}
$page = $_GET['page'];
if (empty($page)) {
$page = $_POST['page'];
}
if (empty($page)) {
$page = "main";
}
if (!file_exists("modules/" . $page . ".inc.php")) {
bh_log($bhlang['error:page_not_exist'], "BH_NOPAGE");
$page = "error";
}
### OK, now do security checks.
# Usertype check
if (bh_checkmodulepermission($page, $bhcurrent['userobj']->type) == 0) {
bh_log($bhlang['error:access_denied'], "BH_ACCESS_DENIED");
bh_log($bhlang['error:access_denied'], "BH_ERROR");
$page = "error";
}
# fileperm check (if needed)
if (!empty($_GET['filepath'])) {
if (bh_checkmodulefilepath($page, $_GET['filepath'], $bhcurrent['userobj']->username) == 0) {
bh_log($bhlang['error:access_denied'], "BH_ACCESS_DENIED");
bh_log($bhlang['error:access_denied'], "BH_ERROR");
$page = "error";
}
}
# Pass control to the requested page
require "modules/" . $page . ".inc.php";
# The End.
?>
function readfile()
{
global $bhlang;
if ($this->is_dir() == false) {
readfile($this->absfilepath);
} else {
bh_log($bhlang['error:not_a_file'], "BH_INVALID_PATH");
}
}
} else {
# Tell them what they did wrong
bh_log($bhlang['error:old_password_invalid'], "BH_ERROR");
}
}
# See if there's an incoming profile change request
if (!empty($_POST['changeprofile'])) {
# Go through the options and add/update them
foreach ($_POST['changeprofile'] as $option => $value) {
$optionrows = select_bhdb("userinfo", array("username" => $bhsession['username'], "itemname" => $option), "");
if (empty($optionrows)) {
insert_bhdb("userinfo", array("username" => $bhsession['username'], "itemname" => $option, "itemcontent" => $value));
} else {
update_bhdb("userinfo", array("itemcontent" => $value), array("username" => $bhsession['username'], "itemname" => $option));
}
}
# Say it's updated
bh_log($bhlang['notice:profile_saved'], "BH_NOTICE");
}
# Get user profile info
$profilerows = select_bhdb("userinfo", array("username" => $bhsession['username']), "");
$profile = array();
foreach ($profilerows as $profilerow) {
$profile[$profilerow['itemname']] = $profilerow['itemcontent'];
}
# Open layout object
$layoutobj = new bhlayout("options");
# Send the content to the layout
$layoutobj->title = $bhlang['title:options'];
$layoutobj->content1 = $profile;
$layoutobj->display();
# Make it add info into the db.
$newfileobj = new bhfile($newfilepath);
unset($newfileobj);
bh_log(str_replace("#FILE#", $fileinfo['name'], $bhlang['notice:file_#FILE#_upload_success']), "BH_NOTICE");
bh_log(str_replace("#USER#", $bhsession['username'], str_replace("#FILE#", $newfilepath, $bhlang['log:#USER#_uploaded_#FILE#'])), "BH_FILE_UPLOAD");
}
} else {
# Error???
$newfilepath = bh_fpclean($infolder . "/" . $fileinfo['name']);
bh_add_logvars(array("file" => $fileinfo['name'], "user" => $bhsession['username'], "username" => $bhsession['username']));
bh_add_error($bhlang['notice:file_#FILE#_upload_failure']);
bh_add_log($bhlang['log:#USER#_failed_upload_#FILE#'], "BH_FILE_UPLOAD");
}
}
}
# Show directory where they went
$_GET['filepath'] = $infolder;
require "modules/viewdir.inc.php";
} else {
# Sorry, no access.
bh_log($bhlang['error:no_write_permission'], "BH_ACCESS_DENIED");
require "modules/error.inc.php";
}
} else {
$layoutobj = new bhlayout("uploadform");
# Send the file listing to the layout, along with directory name
$layoutobj->title = $bhlang['title:upload'];
$layoutobj->content1 = $bhlang['explain:upload'];
$layoutobj->filepath = $infolder;
$layoutobj->display();
}
<?php
/*
* ByteHoard 2.1
* Copyright (c) Andrew Godwin & contributors 2005
*
* Module
* $Id: filelinks.inc.php,v 1.1 2005/07/28 20:11:47 andrewgodwin Exp $
*
*/
#name File Links
#author Andrew Godwin
#description Lets the administrator delete a file link if necessary.
#iscore 1
if (!empty($_GET['deletelink'])) {
bh_filelink_remove($_GET['deletelink']);
bh_log($bhlang['notice:filelink_deleted'], "BH_NOTICE");
}
$flinks = select_bhdb("filecodes", "", "");
foreach ($flinks as $flink) {
$filecodes[$flink['username']][$flink['email']][$flink['filecode']] = $flink;
}
$layoutobj = new bhadminlayout("filelinks");
$layoutobj->content1 = $filecodes;
$layoutobj->title = $bhlang['title:filelinks'];
$layoutobj->display();
} else {
$quota = round($signup['quota'] * 1024 * 1024);
}
if ($signup['homedir'] == "/") {
$homedir = "/";
} else {
$homedir = "/" . $signup['username'];
}
# Yippee. Add them.
insert_bhdb("users", array("username" => $signup['username'], "password" => md5($signup['pass1']), "type" => $signup['type'], "homedir" => $homedir, "quota" => $quota));
# Add that extra info we got
insert_bhdb("userinfo", array("username" => $signup['username'], "itemname" => "fullname", "itemcontent" => $signup['fullname']));
insert_bhdb("userinfo", array("username" => $signup['username'], "itemname" => "email", "itemcontent" => $signup['email']));
# Add any group associations.
if (!empty($signup['groups'])) {
$groups = explode(",", $signup['groups']);
foreach ($groups as $group) {
$group = trim($group);
insert_bhdb("groups", array("username" => $signup['username'], "group" => $group, "status" => "1"));
}
}
bh_log($bhlang['notice:user_added'], BH_NOTICE);
# Redirect to user list
require "modules/users.inc.php";
}
}
} else {
$layout = new bhadminlayout("adduserform");
$layout->title = $bhlang['title:add_user'];
$layout->display();
}
{
global $bhconfig;
$str = "";
foreach ($types as $name => $type) {
$str .= $name . "@@@" . $type . ";;;";
}
$str = substr($str, 0, -3);
bh_changeconfig("types", $str);
}
if ($type['action'] == "add") {
if (empty($type['name']) || empty($type['size'])) {
bh_add_error($bhlang['error:missed_something']);
require "error.inc.php";
return;
}
$types[$type['name']] = 1024 * 1024 * $type['size'];
savetypes($types);
bh_log($bhlang['notice:type_updated'], "BH_NOTICE");
}
if ($type['action'] == "remove") {
if (empty($type['name'])) {
bh_add_error($bhlang['error:missed_something']);
require "error.inc.php";
return;
}
unset($types[$type['name']]);
savetypes($types);
}
$layout->content1 = $types;
$layout->title = $bhlang['title:types_administration'];
$layout->display();
} else {
# check if it's already at stage 1.
$regs1rows = select_bhdb("registrations", array("regid" => $_GET['confirmregid'], "username" => $_GET['username'], "status" => "0"), "");
if (empty($regs1rows)) {
# Open layout object
$layoutobj = new bhlayout("generic");
# Send the file listing to the layout, along with directory name
$layoutobj->title = $bhlang['title:signup'];
$layoutobj->content1 = "<br><br>" . $bhlang['notice:validation_already_done_pending_approval'];
$layoutobj->display();
} else {
# Up the reg row status
update_bhdb("registrations", array("status" => "1"), array("regid" => $_GET['confirmregid'], "username" => $_GET['username']));
# All done. Say so.
bh_log($bhlang['log:user_validated_'] . $username, "BH_SIGNUP_VALIDATED");
bh_log($bhlang['log:user_signup_m_pending_'] . $username, "BH_SIGNUP_M_PENDING");
# Open layout object
$layoutobj = new bhlayout("generic");
# Send the file listing to the layout, along with directory name
$layoutobj->title = $bhlang['title:signup'];
$layoutobj->content1 = "<br><br>" . $bhlang['notice:moderation_now_pending'];
$layoutobj->display();
}
}
}
} else {
# Open layout object
$layoutobj = new bhlayout("signup");
# Send the file listing to the layout, along with directory name
$layoutobj->title = $bhlang['title:signup'];
$layoutobj->content1 = array();
bh_die("error:filecode_invalid");
}
# Well, it must be valid.
$filepath = bh_filelink_destination($filecode);
$filename = bh_get_filename($filepath);
$fileobj = new bhfile($filepath);
$username = bh_filelink_get($filecode, "username");
$userobj = new bhuser($username);
$fullname = $userobj->userinfo['fullname'];
$emailfrom = $userobj->userinfo['email'];
# If it is a download:
if ($_GET['download'] == 1) {
$replarray1 = array("#FILELINK#", "#FILEPATH#", "#FILENAME#", "#IP#", "#TIME#", "#EMAIL#", "#EXPIRES#");
$replarray2 = array($filecode, $filepath, $filename, $_SERVER['REMOTE_ADDR'], date("l dS F Y g:i A"), bh_filelink_get($filecode, "email"), date("l dS F Y g:i A", bh_filelink_get($filecode, "expires")));
# Log it
bh_log(str_replace($replarray1, $replarray2, $bhlang['log:filelink_accessed']), "BH_FILELINK_ACCESSED");
# Email it ##
if (bh_filelink_get_notify($filecode) == 1) {
$username = bh_filelink_get($filecode, "username");
$userobj = new bhuser($username);
$emailobj = new bhemail($userobj->userinfo['email']);
$emailobj->subject = str_replace($replarray1, $replarray2, $bhlang['emailsubject:filemail_link_accessed']);
$emailobj->message = str_replace($replarray1, $replarray2, $bhlang['email:filemail_link_accessed']);
$emailobj->send();
}
#############
header("Content-type: " . $fileobj->mimetype());
header("Content-Disposition: attachment; filename=" . $filename);
header("Content-length: " . $fileobj->fileinfo['filesize']);
# IE SSL fix
header("Pragma: ");
return;
} else {
$quota = round($user['quota'] * 1024 * 1024);
}
}
# Update type & disabled
update_bhdb("users", array("type" => $user['type'], "disabled" => $user['disabled'], "quota" => $quota), array("username" => $editusername));
# If new password, update it
if (!empty($user['pass1'])) {
if ($user['pass1'] == $user['pass2']) {
update_bhdb("users", array("password" => md5($user['pass1'])), array("username" => $editusername));
bh_log($bhlang['notice:user_updated'], "BH_NOTICE");
require "modules/users.inc.php";
} else {
bh_log($bhlang['error:passwords_dont_match'], "BH_ERROR");
}
} else {
bh_log($bhlang['notice:user_updated'], "BH_NOTICE");
require "modules/users.inc.php";
}
} else {
$userobj = new bhuser($editusername);
$userobj->userinfo['type'] = $userobj->type;
$userobj->userinfo['disabled'] = $userobj->disabled;
$userobj->userinfo['quota'] = round($userobj->quota / (1024 * 1024), 2);
$layout = new bhadminlayout("edituser");
$layout->content1 = $editusername;
$layout->content2 = $userobj->userinfo;
$layout->title = $bhlang['title:editing_user_'] . $editusername;
$layout->display();
}
}
if (empty($infolder)) {
$infolder = $_POST['infolder'];
}
if (empty($infolder)) {
$infolder = $_SESSION['lastdir'];
}
if (empty($infolder)) {
$infolder = $bhcurrent['userobj']->homedir;
}
if (!empty($_POST['foldername'])) {
# Check they have permission to write in the folder
if (bh_checkrights(bh_fpclean($infolder), $bhsession['username']) >= 2) {
bh_mkdir(bh_fpclean($infolder . "/" . $_POST['foldername']));
$fileobj = new bhfile(bh_fpclean($infolder . "/" . $_POST['foldername']));
unset($fileobj);
bh_log($bhlang['notice:folder_created'], "BH_NOTICE");
bh_log(str_replace("#USER#", $bhsession['username'], str_replace("#FOLDER#", bh_fpclean($infolder . "/" . $_POST['foldername']), $bhlang['log:#USER#_created_#FOLDER#'])), "BH_FOLDER_CREATED");
$_GET['filepath'] = bh_fpclean($infolder . "/" . $_POST['foldername']);
require "modules/viewdir.inc.php";
} else {
bh_log($bhlang['error:access_denied'], "BH_ERROR");
bh_log(str_replace("#USER#", $bhsession['username'], str_replace("#PAGE#", $_SERVER['REQUEST_URI'], $bhlang['log:#USER#_denied_#PAGE#'])), "BH_ACCESS_DENIED");
require "modules/error.inc.php";
}
} else {
# Open layout object
$layoutobj = new bhlayout("addfolderform");
$layoutobj->filepath = $infolder;
$layoutobj->display();
}
#iscore 1
if (!empty($_POST['bhconfig'])) {
$newbhconfig = $_POST['bhconfig'];
foreach ($newbhconfig as $newvar => $newval) {
if ($newvar == "fileroot") {
if (substr($newval, -1) == "/") {
$newval = substr($newval, 0, -1);
}
}
bh_changeconfig($newvar, $newval);
}
bh_loadconfig();
bh_log($bhlang['notice:settings_saved'], "BH_NOTICE");
}
if (!empty($_GET['bhconfig'])) {
$newbhconfig = $_GET['bhconfig'];
foreach ($newbhconfig as $newvar => $newval) {
if ($newvar == "fileroot") {
if (substr($newval, -1) == "/") {
$newval = substr($newval, 0, -1);
}
}
bh_changeconfig($newvar, $newval);
}
bh_loadconfig();
bh_log($bhlang['notice:settings_saved'], "BH_NOTICE");
}
$layoutobj = new bhadminlayout("settings");
$layoutobj->content1 = $bhconfig;
$layoutobj->title = $bhlang['title:settings'];
$layoutobj->display();
} else {
$fileobj->set_userrights($_GET['username'], $_GET['user']);
bh_log($bhlang['notice:permissions_changed'], "BH_NOTICE");
}
}
# Group perms change
if (!empty($_GET['group']) || $_GET['group'] === "0") {
$fileobj->set_grouprights($_GET['groupname'], $_GET['group']);
bh_log($bhlang['notice:permissions_changed'], "BH_NOTICE");
}
# Public perms change
if ($_GET['public'] === "0" || $_GET['public'] === "1" || $_GET['public'] === "2") {
# Change the public permissions to whatever was sent
$fileobj->set_publicrights($_GET['public']);
# Display the message
bh_log($bhlang['notice:permissions_changed'], "BH_NOTICE");
}
# Get the users, groups and public permissions
$usersrights = $fileobj->usersrights();
$groupsrights = $fileobj->groupsrights();
$publicrights = $fileobj->publicrights();
# Open the layout
$layoutobj = new bhlayout("sharingfolder");
# Give it the content
$layoutobj->content1 = $usersrights;
$layoutobj->content2 = $groupsrights;
$layoutobj->content3 = $publicrights;
# And the name
$layoutobj->subtitle1 = $bhlang['title:sharing_'] . $filename;
# And the filepath
$layoutobj->filepath = $filepath;
# See if we need to log out
if (!empty($_GET['logout']) || $_GET['page'] == "logout") {
bh_log($bhlang['notice:logged_out'], "BH_NOTICE");
bh_log(str_replace("#USER#", $bhsession['username'], $bhlang['log:#USER#_logged_out']), "BH_LOGOUT");
$bhsession = bh_session_destroy();
# Get rid of the session
$_GET['page'] = "login";
}
# Set username
$bhcurrent['userobj'] = new bhuser($bhsession['username']);
if ($bhcurrent['userobj']->type != "admin") {
bh_log($bhlang['notice:you_must_be_admin'], "BH_WARNING");
$_GET['page'] = "login";
}
# OK, all loaded, check the page they requested.
$page = $_GET['page'];
if (empty($page)) {
$page = $_POST['page'];
}
if (empty($page)) {
$page = "main";
}
if (!file_exists("modules/" . $page . ".inc.php")) {
bh_log($bhlang['error:page_not_exist'], "BH_NOPAGE");
$page = "error";
}
# Pass control to the requested page
require "modules/" . $page . ".inc.php";
# The End.
?>
#description Deletes a user,
#iscore 1
$deleteusername = $_GET['username'];
if ($_POST['dodelete'] == 1) {
# Delete the user
delete_bhdb("users", array("username" => $deleteusername));
# Say so
bh_log($bhlang['notice:user_deleted'], "BH_NOTICE");
# Show user list
require "modules/users.inc.php";
} elseif ($_POST['dodelete'] == 2) {
# Delete the user
delete_bhdb("users", array("username" => $deleteusername));
# Get their files
$userfiles = bh_user_files($deleteusername);
# Delete zem.
foreach ($userfiles as $userfile) {
$userfileobj = new bhfile($userfile);
$userfileobj->deletefile();
unset($userfileobj);
}
# Say so
bh_log($bhlang['notice:user_and_files_deleted'], "BH_NOTICE");
# Show user list
require "modules/users.inc.php";
} else {
$layout = new bhadminlayout("deleteuserform");
$layout->content1 = $deleteusername;
$layout->title = $bhlang['title:delete_user'];
$layout->display();
}