isAdmin( $_SESSION['user_id'] ); if($isAdmin) $home_cfg = $db->getGameHome($home_id); else $home_cfg = $db->getUserGameHome($_SESSION['user_id'],$home_id); if ($home_cfg === FALSE) { print_failure( get_lang("no_access_to_home") ); return; } if ( preg_match("/f/",$home_cfg['access_rights']) != 1 ) { print_failure( get_lang("no_rights") ); echo "
<< ". get_lang("back") ."
"; return; } litefm_check($home_id); $remote = new OGPRemoteLibrary($home_cfg['agent_ip'], $home_cfg['agent_port'], $home_cfg['encryption_key'], $home_cfg['timeout']); $os_string = $remote->what_os(); $os = preg_match("/Linux/i", $os_string) ? "linux" : "windows"; // We must always add the home directory to the fm_cwd so that user // can not go out of the homedir. $path = clean_path($home_cfg['home_path']."/".@$_SESSION['fm_cwd_'.$home_id]); if (!$remote->rfile_exists($path)) { while(!$remote->rfile_exists($path)) { $_SESSION['fm_cwd_'.$home_id] = dirname($_SESSION['fm_cwd_'.$home_id]); $path = clean_path($home_cfg['home_path']."/".@$_SESSION['fm_cwd_'.$home_id]); if($path == clean_path($home_cfg['home_path']."/")) { print_failure(get_lang_f("dir_not_found",$path)); echo "
<< ". back ."
"; return; } } } // Get File Operations Keys $fo_keys = get_file_operations_keys(); // Get File Operations Settings $fo = get_fo_settings($settings,$fo_keys); $upload_folder_path = "modules/litefm/uploads/home_id_$home_id"; // PHP post_max_size handling $PMS_bytes = return_bytes(ini_get('post_max_size')); if(isset($_SERVER['CONTENT_LENGTH']) AND $_SERVER['CONTENT_LENGTH'] > $PMS_bytes and $fo['upload'] == "1") { $error['post_max_size'] = "The uploaded file(s) size exceed the post_max_size directive in php.ini (".ini_get('post_max_size').")."; echo json_encode( array( 'error' => $error ) ); } // Get web to agent transfer progress elseif( isset( $_GET['pid'] ) and $_GET['pid'] != "" and $fo['upload'] == "1" ) { $bytes = $_GET['size']; $totalsize = $bytes / 1024; $filename = $_GET['filename']; $kbytes = $remote->rsync_progress( clean_path( $path."/".$filename ) ); list($totalsize,$mbytes,$pct) = explode(";",do_progress($kbytes,$totalsize)); $totalmbytes = round($totalsize / 1024, 2); $pct = $pct > 100 ? 100 : $pct; $complete = false; if ( $remote->is_file_download_in_progress( $_GET['pid'] ) == 0 ) { $dest_file_path = clean_path( $upload_folder_path . "/" . $filename . ".txt" ); unlink($dest_file_path); $directory = dir($upload_folder_path); $directory_empty = TRUE; while ((FALSE !== ($item = $directory->read())) && ( ! isset($directory_not_empty))) { if ($item != '.' && $item != '..') { $directory_empty = FALSE; } } $directory->close(); if( $directory_empty ) rmdir( $upload_folder_path ); $db->logger(get_lang("upload_complete") . ": " . clean_path( $path . "/" . $filename )); $complete = true; } echo json_encode(array('pct' => $pct, 'complete' => $complete)); } // Upload File(s) elseif( isset( $_POST['upload'] ) and $fo['upload'] == "1" ) { $error = FALSE; foreach ( $_FILES['files']['error'] as $i => $error_code ) { if($error_code > 0) { $error['error_message'][$i] = codeToMessage($error_code,$_FILES['files']['name'][$i]); } } if( is_array($error) ) { echo json_encode( array( 'error' => $error ) ); } // Save uploaded file to the website and start file download from the agent else { if( ! file_exists( $upload_folder_path ) ) { if( ! mkdir($upload_folder_path, 0777, true) ) { echo json_encode(array('error' => get_lang_f('can_not_create_upload_folder_path', "\n(".$upload_folder_path.")" ))); return; } } $count = 0; $s = ( isset($_SERVER['HTTPS']) and get_true_boolean($_SERVER['HTTPS']) ) ? "s" : ""; $p = (isset($_SERVER['SERVER_PORT']) and $_SERVER['SERVER_PORT'] != "80") ? ":".$_SERVER['SERVER_PORT'] : ""; $serverName = $_SERVER["SERVER_NAME"]; if(empty($serverName) || $serverName == "_"){ $serverName = $_SERVER['HTTP_HOST']; } $url = 'http'.$s.'://'.$serverName.$p.$_SERVER['SCRIPT_NAME']; // loop all files foreach ( $_FILES['files']['name'] as $i => $name ) { // if file not uploaded then skip it if ( !is_uploaded_file($_FILES['files']['tmp_name'][$i]) ) continue; // now we can move uploaded files $bad_chars = preg_replace( "/([[:alnum:]_\.-]*)/", "", $_FILES['files']['name'][$i] ); $bad_arr = str_split( $bad_chars ); $filename = str_replace( $bad_arr, "", $_FILES['files']['name'][$i] ); $dest_file_path = clean_path( $upload_folder_path . "/" . $filename . ".txt" ); $file_url = str_replace( "home.php", $dest_file_path, $url ); if( file_exists( $dest_file_path ) ) unlink($dest_file_path); if( move_uploaded_file( $_FILES["files"]["tmp_name"][$i], $dest_file_path ) ) { $remote_file_path = clean_path( $path . "/" . $filename ); if( $remote->rfile_exists($remote_file_path) ) $remote->shell_action('remove_file', $remote_file_path); $pid = $remote->start_file_download( $file_url, $path, $filename ); $files[$count] = array('filename' => $filename, 'size' => $_FILES['files']['size'][$i], 'pid' => $pid); $count++; } } echo json_encode(array('count' => $count, 'files' => $files)); } } // Create Folder elseif( isset( $_POST['create_folder'] ) and $fo['create_folder'] == "1" ) { $folder_name = stripslashes($_POST['folder_name']); $folder_path = clean_path( $path . "/" . $folder_name ); $remote->shell_action('create_dir', $folder_path); $db->logger( get_lang("create_folder") . ": " . $folder_path ); } // Delete File(s) elseif( isset( $_POST['remove'] ) and $fo['remove'] == "1" ) { if( isset($_SESSION['fm_files_'.$home_id]) and !empty($_SESSION['fm_files_'.$home_id]) ) { $files = ""; foreach($_POST['items'] as $item) { if(isset($_SESSION['fm_files_'.$home_id][$item])) { if(!validate_path($_SESSION['fm_files_'.$home_id][$item])){ print_failure(get_lang("unallowed_char") . " : " . htmlspecialchars($_SESSION['fm_files_'.$home_id][$item])); continue; } $item_path = clean_path( $path . "/" . $_SESSION['fm_files_'.$home_id][$item] ); if(preg_match("/\/\.\.\/|\||;/", $item_path)) { print_failure(get_lang("unallowed_char") . " : " . htmlspecialchars($_SESSION['fm_files_'.$home_id][$item])); continue; } $files .= $item_path.";"; } } echo $files; if($files != "") { $remote->shell_action('remove_recursive', $files); $files = str_replace('" "','"
"',$files); $db->logger( get_lang("remove") . ": " . $files ); } } } // Rename File(s)/Folder(s) elseif( isset( $_POST['rename'] ) and $fo['rename'] == "1" ) { if( isset($_SESSION['fm_files_'.$home_id]) and !empty($_SESSION['fm_files_'.$home_id]) ) { foreach($_POST['items'] as $i => $item) { if(isset($_SESSION['fm_files_'.$home_id][$item])) { if(!validate_path($_SESSION['fm_files_'.$home_id][$item])){ print_failure(get_lang("unallowed_char") . " : " . htmlspecialchars($_SESSION['fm_files_'.$home_id][$item])); continue; } $item_path = clean_path( $path . "/" . $_SESSION['fm_files_'.$home_id][$item] ); if(preg_match("/\/\.\.\/|\||;/", $item_path)) { print_failure(get_lang("unallowed_char") . " : " . htmlspecialchars($_SESSION['fm_files_'.$home_id][$item])); continue; } $new_item = removeInvalidFileNameCharacters(stripslashes($_POST['values'][$i])); $new_item_path = clean_path( $path . "/" . $new_item ); if ($item_path != $new_item_path) { $remote->shell_action('rename', "$item_path;$new_item_path"); $db->logger( get_lang("rename") . ": $item_path " . get_lang("to") . " $new_item_path" ); } } } } } // Move Files/Folders elseif( isset( $_POST['move'] ) and $fo['move'] == "1" ) { $selected_path = preg_replace("#[/\.\./]+#","/", stripslashes($_POST['selected_path'])); $destination = clean_path($home_cfg['home_path']. "/" . $selected_path); if($path != $destination) { if($remote->rfile_exists($destination)) { foreach($_POST['items'] as $item) { if(isset($_SESSION['fm_files_'.$home_id][$item])) { if(!validate_path($_SESSION['fm_files_'.$home_id][$item])){ print_failure(get_lang("unallowed_char") . " : " . htmlspecialchars($_SESSION['fm_files_'.$home_id][$item])); continue; } $item_path = clean_path( $path . "/" . $_SESSION['fm_files_'.$home_id][$item] ); if(preg_match("/\/\.\.\/|\||;/", $item_path)) { print_failure(get_lang("unallowed_char") . " : " . htmlspecialchars($_SESSION['fm_files_'.$home_id][$item])); continue; } $destination = clean_path($destination . "/."); $remote->shell_action('move', "$item_path;$destination"); $db->logger( get_lang("move") . ": $item_path " . get_lang("to") . " $destination" ); } } } } } // Copy Files/Folders elseif( isset( $_POST['copy'] ) and $fo['copy'] == "1" ) { $selected_path = preg_replace("#[/\.\./]+#","/", stripslashes($_POST['selected_path'])); $destination = clean_path($home_cfg['home_path']. "/" . $selected_path); if($path != $destination) { if($remote->rfile_exists($destination)) { foreach($_POST['items'] as $item) { if(isset($_SESSION['fm_files_'.$home_id][$item])) { if(!validate_path($_SESSION['fm_files_'.$home_id][$item])){ print_failure(get_lang("unallowed_char") . " : " . htmlspecialchars($_SESSION['fm_files_'.$home_id][$item])); continue; } $item_path = clean_path( $path . "/" . $_SESSION['fm_files_'.$home_id][$item] ); if(preg_match("/\/\.\.\/|\||;/", $item_path)) { print_failure(get_lang("unallowed_char") . " : " . htmlspecialchars($_SESSION['fm_files_'.$home_id][$item])); continue; } $destination = clean_path($destination . "/."); $remote->shell_action('copy', "$item_path;$destination"); $db->logger( get_lang("copy") . ": $item_path " . get_lang("to") . " $destination" ); } } } } } // Compress Files/Folders elseif( isset( $_POST['compress'] ) and $fo['compress'] == "1" ) { $files_w_path = ''; $items = ''; foreach($_POST['items'] as $item) { if(isset($_SESSION['fm_files_'.$home_id][$item])) { if(!validate_path($_SESSION['fm_files_'.$home_id][$item])){ print_failure(get_lang("unallowed_char") . " : " . htmlspecialchars($_SESSION['fm_files_'.$home_id][$item])); continue; } $item_path = clean_path( $path . "/" . $_SESSION['fm_files_'.$home_id][$item] ); if(preg_match("/\/\.\.\/|\||;/", $item_path)) { print_failure(get_lang("unallowed_char") . " : " . htmlspecialchars($_SESSION['fm_files_'.$home_id][$item])); continue; } $files_w_path .= $item_path.'
'; $items .= $_SESSION['fm_files_'.$home_id][$item].'\n'; } } if($items != '') { $remote->compress_files($items,$path,$_POST['archive_name'],$_POST['archive_type']); $db->logger( get_lang("compress") . " " . $_POST['archive_type'] . ":
$files_w_path" ); } } // uncompress elseif( isset( $_POST['uncompress'] ) and $fo['uncompress'] == "1" ) { $selected_path = preg_replace("#[/\.\./]+#","/", stripslashes($_POST['selected_path'])); $destination = clean_path($home_cfg['home_path']. "/" . $selected_path); if($remote->rfile_exists($destination)) { foreach($_POST['items'] as $item) { if(isset($_SESSION['fm_files_'.$home_id][$item])) { if(!validate_path($_SESSION['fm_files_'.$home_id][$item])){ print_failure(get_lang("unallowed_char") . " : " . htmlspecialchars($_SESSION['fm_files_'.$home_id][$item])); continue; } $file_location = clean_path( $path . "/" . $_SESSION['fm_files_'.$home_id][$item] ); if(preg_match("/\/\.\.\/|\||;/", $file_location)) { print_failure(get_lang("unallowed_char") . " : " . htmlspecialchars($_SESSION['fm_files_'.$home_id][$item])); continue; } $remote->uncompress_file($file_location, $destination); $db->logger( get_lang("uncompress") . ": $file_location " . to . " $destination." ); } } } } // Create file elseif( isset( $_POST['create_file'] ) and $fo['create_file'] == "1" ) { $file_name = removeInvalidFileNameCharacters(stripslashes($_POST['file_name'])); $destination = clean_path( $path . "/" . $file_name); $remote->shell_action('touch', $destination); $db->logger( get_lang("create_file") . ": $destination" ); } // Send by email elseif( isset( $_POST['send_by_email'] ) and $fo['send_by_email'] == "1" ) { $archive_name = $_POST['archive_name']; $archive_type = $_POST['archive_type']; $subject = $_POST['subject']; $message = $_POST['message']; $dest_email = $_POST['dest_email']; $items = ''; foreach($_POST['items'] as $item) { if(isset($_SESSION['fm_files_'.$home_id][$item])) { if(!validate_path($_SESSION['fm_files_'.$home_id][$item])){ print_failure(get_lang("unallowed_char") . " : " . htmlspecialchars($_SESSION['fm_files_'.$home_id][$item])); continue; } $item_path = clean_path( $path . "/" . $_SESSION['fm_files_'.$home_id][$item] ); if(preg_match("/\/\.\.\/|\||;/", $item_path)) { print_failure(get_lang("unallowed_char") . " : " . htmlspecialchars($_SESSION['fm_files_'.$home_id][$item])); continue; } $items .= $_SESSION['fm_files_'.$home_id][$item].'\n'; } } if($items != '') { $retval = $remote->compress_files($items,$path,$archive_name,$archive_type); $archive = clean_path( $path . "/" . $archive_name . "." . $archive_type ); if( $retval == 0 ) { do{ $size1 = $remote->shell_action('size', $archive); sleep( 2 ); $size2 = $remote->shell_action('size', $archive); }while($size1 != $size2); } if( $retval != -1 and $remote->rfile_exists($archive) ) { $mail_retval = $remote->exec( "(echo '" . esc_squote($message) . "' | mutt -a '" . esc_squote($archive) . "' -s '" . esc_squote($subject) . "' -- '" . esc_squote($dest_email) . "');echo \$?" ); if($mail_retval == 0) { echo get_lang("mail_sent_successfully"); $db->logger( get_lang("send_by_email") . ": '$archive'
Subject: '$subject'
to: '$dest_email'" ); } else { echo "The email could not be sent,\n". "the package mutt or mutt-patched (a mail client)\n". "must be installed, and postfix should be configured\n". "in order to send large files."; } } } } // Secure File elseif( isset( $_POST['secure_file'] ) and $isAdmin ) { if(isset($_SESSION['fm_files_'.$home_id][$_POST['item']])) { if(preg_match("/\/\.\.\/|\||;/", $_SESSION['fm_files_'.$home_id][$_POST['item']])) { print_failure(get_lang("unallowed_char") . " : " . htmlspecialchars($_SESSION['fm_files_'.$home_id][$_POST['item']])); return; } if($_POST['set_attr'] == '+i' or $_POST['set_attr'] == '-i') { $type = $_POST['set_attr'] == '+i' ? get_lang("chattr_locked") : get_lang("chattr_unlocked"); $action = "chattr".$_POST['set_attr']; $file_path = clean_path( $path . "/" . $_SESSION['fm_files_'.$home_id][$_POST['item']] ); $remote->secure_path($action, $file_path); $db->logger( "$type: $file_path" ); } } } else { ?> "; echo empty($home_cfg['home_name']) ? get_lang("not_available") : htmlentities($home_cfg['home_name']); echo ""; $_SESSION['fm_files_'.$home_id] = array(); $show_path = (isset($_SESSION['fm_cwd_'.$home_id])) ? clean_path($_SESSION['fm_cwd_'.$home_id]) : "/"; if($isAdmin) $show_path = clean_path($home_cfg['home_path'].$show_path); echo "
<< ". get_lang("back") ."
"; if ($remote->rfile_exists($path)) { echo "\n". "". "

". get_lang_f('currently_viewing',$show_path)."

\n"; echo "
\n"; foreach($fo_keys as $key) { if($fo[$key] == "1") echo "
 ".get_lang($key)."
\n"; } echo "
\n"; $dirlist = $remote->remote_dirlistfm($path); if (!is_array($dirlist)) { if(isset($_SESSION['fm_cwd_'.$home_id])) { unset($_SESSION['fm_cwd_'.$home_id]); $view->refresh("?m=litefm&home_id=$home_id",0); return; } else { print_failure( get_lang("failed_list") ); return; } } if ( empty($dirlist) ) { echo "\n". show_back($home_id)."
"; echo "

" . get_lang("empty_directory") . "

"; } else { echo "\n" .show_back($home_id). "\n\n\n"; if( $os == "linux" ) echo "\n"; echo "\n\n\n"; $i = 0; if(isset($dirlist['directorys']) and is_array($dirlist['directorys'])) { $dirlist['directorys'] = array_orderby($dirlist['directorys'], 'filename', SORT_ASC); foreach($dirlist['directorys'] as $directory) { $directory['filename'] = removeInvalidFileNameCharacters($directory['filename']); echo "\n". "". ""; if( $os == "linux" ) echo ""; echo "\n". "\n"; $_SESSION['fm_files_'.$home_id][$i] = $directory['filename']; $i++; } } if(isset($dirlist['files']) and is_array($dirlist['files'])) { $dirlist['files'] = array_orderby($dirlist['files'], 'filename', SORT_ASC); foreach($dirlist['files'] as $file) { if(stripos($file['filename'], "OGP_HOME_") !== false && stripos($file['filename'], $home_id . "_startup_scr.sh") !== false){ continue; } $file['filename'] = removeInvalidFileNameCharacters($file['filename']); if( $os == "linux" ) { if($isAdmin){ $secureFile = "". "$secureFile\n"; echo "\n"; $_SESSION['fm_files_'.$home_id][$i] = $file['filename']; $i++; } } if(isset($dirlist['binarys']) and is_array($dirlist['binarys'])) { $dirlist['binarys'] = array_orderby($dirlist['binarys'], 'filename', SORT_ASC); foreach($dirlist['binarys'] as $binary) { $binary['filename'] = removeInvalidFileNameCharacters($binary['filename']); if( $os == "linux" ) { if($isAdmin){ $secureFile = "". "$secureFile\n"; echo "\n"; $_SESSION['fm_files_'.$home_id][$i] = $binary['filename']; $i++; } } echo "
". "". "". get_lang("filename") ."". get_lang("filesecure") ."". get_lang("filesize") ." [". get_lang("bytes") ."]". get_lang("owner") ." ". get_lang("group") ."
". "\n". "". "\"Directory\" ". "". $directory['filename'] . "-- " . $directory['user'] . " " . $directory['group']. "
\n". "
". "\n". ""; echo "\"Text ". "". get_lang("button_edit") ."". "" .$file['filename'] . " ". "" . $file['size'] . " " . $file['user'] . " " . $file['group']. "
\n". "
". "\n". ""; echo "\"Binary ". "" .$binary['filename'] . " ". "" . $binary['size'] . "" . $binary['user'] . " " . $binary['group']. "
\n"; } } echo "
<< ". get_lang("back") ."
"; // Dialog translation && info $user = $db->getUserById($_SESSION['user_id']); echo "
"; } } ?>