rocksolid-light/Rocksolid_Light/spoolnews/files.php

<?php
include "config.inc.php";
include "newsportal.php";

$logfile = $logdir . '/files.log';

if (isset($_COOKIE['tzo'])) {
    $offset = $_COOKIE['tzo'];
} else {
    $offset = $CONFIG['timezone'];
}
if ((isset($_REQUEST['command']) && $_REQUEST['command'] == 'Show') && password_verify($CONFIG['thissitekey'], $_REQUEST['key'])) {
    $getfilename = $spooldir . '/upload/' . $_REQUEST['showfile'];
    ob_clean();
    header('Content-type: ' . $_REQUEST['contenttype']);
    header('Content-disposition: filename="' . $_REQUEST['showfilename'] . '"');
    file_put_contents($logfile, "\n" . format_log_date() . " Requesting: " . $_REQUEST['showfile'], FILE_APPEND);
    readfile($getfilename);
    exit(0);
}
$title .= ' - Browse files';
include "head.inc";

if (disable_page_by_user_agent($client_device, "bot", "Files")) {
    echo "<center>Page Disabled</center>";
    include "tail.inc";
    exit();
}

echo '<h1 class="np_thread_headline">';
echo '<a href="../spoolnews/files.php" target=' . $frame['menu'] . '>files</a> / ';
if(isset($_COOKIE['mail_name'])) {
    echo htmlspecialchars($_COOKIE['mail_name']);
}
echo '</h1>';
echo '<table cellpadding="0" cellspacing="0" class="np_buttonbar"><tr>';
// Browse button
echo '<td>';
echo '<form target="' . $frame['content'] . '" method="post" action="files.php">';
echo '<input name="command" type="hidden" id="command" value="Browse" readonly="readonly">';
echo '<button class="np_button_link" type="submit">Browse</button>';
echo '</form>';
echo '</td>';
// Upload button
echo '<td>';
echo '<form target="' . $frame['content'] . '" method="post" action="upload.php">';
echo '<input name="command" type="hidden" id="command" value="Upload" readonly="readonly">';
echo '<button class="np_button_link" type="submit">Upload</button>';
echo '</form>';
echo '</td>';
echo '<td width=100%></td></tr></table>';
echo '<hr>';

$directory = $spooldir . '/upload/';
$users = array();
if (is_dir($directory)) {
    if ($user_dir = opendir($directory)) {
        while (($user_list = readdir($user_dir)) !== false) {
            if ($user_list == '.' || $user_list == '..') {
                continue;
            }
            $users[] = $user_list;
        }
        closedir($user_dir);
    }
}
sort($users);
$found = 0;
if (count($users) > 0) {
    echo "<strong><small>Select a user directory to browse:</small></strong>";
    echo '<form name="browse" method="post" action="files.php" enctype="multipart/form-data">';
    echo '<input name="command" type="hidden" id="command" value="Browse" readonly="readonly">';
    echo '<input type="hidden" name="key" value="' . password_hash($CONFIG['thissitekey'], PASSWORD_DEFAULT) . '">';
    echo '<select name="listbox">';
    foreach ($users as $user) {
        $num = count(scandir($spooldir . '/upload/' . $user . '/')) - 2;
        if ($user == $_POST['listbox']) {
            echo '<option value="' . $user . '" selected="selected">' . $user . ' (' . $num . ' files)</option>';
            $found = 1;
        } else {
            echo '<option value="' . $user . '">' . $user . ' (' . $num . ' files)</option>';
        }
    }
    echo '</select>';
    echo '<input type="submit" name="Submit" value="Browse">';
    echo '</form>';
}

if ($found == 1 && password_verify($CONFIG['thissitekey'], $_REQUEST['key'])) {
    display_user_files($_POST['listbox'], $offset);
}

function display_user_files($user, $offset)
{
    global $CONFIG, $spooldir, $text_header;
    $directory = $spooldir . '/upload/' . $user . '/';
    if (is_dir($directory)) {
        $files = scandir($directory);
    }
    natcasesort($files);
    echo '<table cellspacing="0" class="np_thread_table">';
    echo '<tr class="np_thread_head"><td class="np_thread_head">Filename</td><td>File Type</td><td>Date</td></tr>';
    $i = 0;
    foreach ($files as $file) {
        if ($file == '.' || $file == '..') {
            continue;
        }
        $lineclass = "np_thread_line" . (($i % 2) + 1);
        $thisfile = $spooldir . '/upload/' . $user . '/' . $file;
        // Use local timezone if possible
        $ts = new DateTime(date("D, j M Y H:i T", filectime($thisfile)), new DateTimeZone('UTC'));
        $ts->add(DateInterval::createFromDateString($offset . ' minutes'));

        if ($offset != 0) {
            $newdate = $ts->format('j M Y');
        } else {
            $newdate = $ts->format('j M Y T');
        }
        unset($ts);
        echo '<tr class="' . $lineclass . '">';
        $mime = mime_content_type($thisfile);
        // Link
        echo '<td class="' . $lineclass . '">';
        echo '<form action="files.php" method="post" target="rslight_view">';
        echo '<button class="np_filename_button_link" type="submit">' . $file . '</button>';
        echo '<input type="hidden" name="showfile" value="' . $user . '/' . $file . '"/>';
        echo '<input type="hidden" name="showfilename" value="' . $file . '"/>';
        echo '<input type="hidden" name="key" value="' . password_hash($CONFIG['thissitekey'], PASSWORD_DEFAULT) . '">';
        echo '<input type="hidden" name="contenttype" value="' . $mime . '">';
        echo '<input name="command" type="hidden" id="command" value="Show" readonly="readonly">';
        echo '</form>';
        echo '</td>';
        echo '<td class="' . $lineclass . '"><span class="np_thread_line_text">' . $mime . '</span></td>';
        echo '<td class="' . $lineclass . '"><span class="np_thread_line_text">' . $newdate . '</span></td>';
        echo '</tr>';
        $i ++;
    }
    echo '</table>';
}
Add file upload/download features 2021-05-13 11:24:54 +02:00			`<?php`
			`include "config.inc.php";`
			`include "newsportal.php";`

Only changes to indentation. No other changes. 2023-08-20 00:33:05 +02:00			`$logfile = $logdir . '/files.log';`
Add logging to files feature 2021-06-01 02:09:52 +02:00
Only changes to indentation. No other changes. 2023-08-20 00:33:05 +02:00			`if (isset($_COOKIE['tzo'])) {`
			`$offset = $_COOKIE['tzo'];`
			`} else {`
			`$offset = $CONFIG['timezone'];`
			`}`
			`if ((isset($_REQUEST['command']) && $_REQUEST['command'] == 'Show') && password_verify($CONFIG['thissitekey'], $_REQUEST['key'])) {`
			`$getfilename = $spooldir . '/upload/' . $_REQUEST['showfile'];`
Some code cleanup, including fixing attachments display. 2024-03-02 04:03:16 +01:00			`ob_clean();`
Only changes to indentation. No other changes. 2023-08-20 00:33:05 +02:00			`header('Content-type: ' . $_REQUEST['contenttype']);`
			`header('Content-disposition: filename="' . $_REQUEST['showfilename'] . '"');`
			`file_put_contents($logfile, "\n" . format_log_date() . " Requesting: " . $_REQUEST['showfile'], FILE_APPEND);`
Some code cleanup, including fixing attachments display. 2024-03-02 04:03:16 +01:00			`readfile($getfilename);`
Add file upload/download features 2021-05-13 11:24:54 +02:00			`exit(0);`
Only changes to indentation. No other changes. 2023-08-20 00:33:05 +02:00			`}`
			`$title .= ' - Browse files';`
Add file upload/download features 2021-05-13 11:24:54 +02:00			`include "head.inc";`
Begin adding ability to modify layout, etc. based on User-Agent. 2023-09-04 15:06:43 +02:00
			`if (disable_page_by_user_agent($client_device, "bot", "Files")) {`
			`echo "<center>Page Disabled</center>";`
			`include "tail.inc";`
			`exit();`
			`}`

Only changes to indentation. No other changes. 2023-08-20 00:33:05 +02:00			`echo '<h1 class="np_thread_headline">';`
			`echo '<a href="../spoolnews/files.php" target=' . $frame['menu'] . '>files</a> / ';`
Check if logged in before trying to display username in files.php. 2024-03-02 02:39:12 +01:00			`if(isset($_COOKIE['mail_name'])) {`
			`echo htmlspecialchars($_COOKIE['mail_name']);`
			`}`
			`echo '</h1>';`
Only changes to indentation. No other changes. 2023-08-20 00:33:05 +02:00			`echo '<table cellpadding="0" cellspacing="0" class="np_buttonbar"><tr>';`
Clean up file section interface a bit 2021-06-09 08:56:22 +02:00			`// Browse button`
Only changes to indentation. No other changes. 2023-08-20 00:33:05 +02:00			`echo '<td>';`
			`echo '<form target="' . $frame['content'] . '" method="post" action="files.php">';`
			`echo '<input name="command" type="hidden" id="command" value="Browse" readonly="readonly">';`
			`echo '<button class="np_button_link" type="submit">Browse</button>';`
			`echo '</form>';`
			`echo '</td>';`
Clean up file section interface a bit 2021-06-09 08:56:22 +02:00			`// Upload button`
Only changes to indentation. No other changes. 2023-08-20 00:33:05 +02:00			`echo '<td>';`
			`echo '<form target="' . $frame['content'] . '" method="post" action="upload.php">';`
			`echo '<input name="command" type="hidden" id="command" value="Upload" readonly="readonly">';`
			`echo '<button class="np_button_link" type="submit">Upload</button>';`
			`echo '</form>';`
			`echo '</td>';`
			`echo '<td width=100%></td></tr></table>';`
			`echo '<hr>';`
Clean up file section interface a bit 2021-06-09 08:56:22 +02:00
Only changes to indentation. No other changes. 2023-08-20 00:33:05 +02:00			`$directory = $spooldir . '/upload/';`
			`$users = array();`
			`if (is_dir($directory)) {`
			`if ($user_dir = opendir($directory)) {`
			`while (($user_list = readdir($user_dir)) !== false) {`
			`if ($user_list == '.' \|\| $user_list == '..') {`
			`continue;`
			`}`
			`$users[] = $user_list;`
Add file upload/download features 2021-05-13 11:24:54 +02:00			`}`
Only changes to indentation. No other changes. 2023-08-20 00:33:05 +02:00			`closedir($user_dir);`
Add file upload/download features 2021-05-13 11:24:54 +02:00			`}`
Only changes to indentation. No other changes. 2023-08-20 00:33:05 +02:00			`}`
			`sort($users);`
			`$found = 0;`
			`if (count($users) > 0) {`
Clean up file section interface a bit 2021-06-09 08:56:22 +02:00			`echo "<strong><small>Select a user directory to browse:</small></strong>";`
Add file upload/download features 2021-05-13 11:24:54 +02:00			`echo '<form name="browse" method="post" action="files.php" enctype="multipart/form-data">';`
			`echo '<input name="command" type="hidden" id="command" value="Browse" readonly="readonly">';`
Only changes to indentation. No other changes. 2023-08-20 00:33:05 +02:00			`echo '<input type="hidden" name="key" value="' . password_hash($CONFIG['thissitekey'], PASSWORD_DEFAULT) . '">';`
			`echo '<select name="listbox">';`
			`foreach ($users as $user) {`
			`$num = count(scandir($spooldir . '/upload/' . $user . '/')) - 2;`
			`if ($user == $_POST['listbox']) {`
			`echo '<option value="' . $user . '" selected="selected">' . $user . ' (' . $num . ' files)</option>';`
			`$found = 1;`
			`} else {`
			`echo '<option value="' . $user . '">' . $user . ' (' . $num . ' files)</option>';`
			`}`
Add file upload/download features 2021-05-13 11:24:54 +02:00			`}`
			`echo '</select>';`
			`echo '<input type="submit" name="Submit" value="Browse">';`
			`echo '</form>';`
Only changes to indentation. No other changes. 2023-08-20 00:33:05 +02:00			`}`
Add file upload/download features 2021-05-13 11:24:54 +02:00
Only changes to indentation. No other changes. 2023-08-20 00:33:05 +02:00			`if ($found == 1 && password_verify($CONFIG['thissitekey'], $_REQUEST['key'])) {`
Use sitekey for input verification instead of admin key 2021-05-15 10:51:39 +02:00			`display_user_files($_POST['listbox'], $offset);`
Only changes to indentation. No other changes. 2023-08-20 00:33:05 +02:00			`}`
Add file upload/download features 2021-05-13 11:24:54 +02:00
Only changes to indentation. No other changes. 2023-08-20 00:33:05 +02:00			`function display_user_files($user, $offset)`
			`{`
			`global $CONFIG, $spooldir, $text_header;`
			`$directory = $spooldir . '/upload/' . $user . '/';`
			`if (is_dir($directory)) {`
			`$files = scandir($directory);`
Add file upload/download features 2021-05-13 11:24:54 +02:00			`}`
Only changes to indentation. No other changes. 2023-08-20 00:33:05 +02:00			`natcasesort($files);`
			`echo '<table cellspacing="0" class="np_thread_table">';`
			`echo '<tr class="np_thread_head"><td class="np_thread_head">Filename</td><td>File Type</td><td>Date</td></tr>';`
			`$i = 0;`
			`foreach ($files as $file) {`
			`if ($file == '.' \|\| $file == '..') {`
			`continue;`
			`}`
			`$lineclass = "np_thread_line" . (($i % 2) + 1);`
			`$thisfile = $spooldir . '/upload/' . $user . '/' . $file;`
			`// Use local timezone if possible`
			`$ts = new DateTime(date("D, j M Y H:i T", filectime($thisfile)), new DateTimeZone('UTC'));`
			`$ts->add(DateInterval::createFromDateString($offset . ' minutes'));`

			`if ($offset != 0) {`
			`$newdate = $ts->format('j M Y');`
			`} else {`
			`$newdate = $ts->format('j M Y T');`
			`}`
			`unset($ts);`
			`echo '<tr class="' . $lineclass . '">';`
			`$mime = mime_content_type($thisfile);`
			`// Link`
			`echo '<td class="' . $lineclass . '">';`
			`echo '<form action="files.php" method="post" target="rslight_view">';`
			`echo '<button class="np_filename_button_link" type="submit">' . $file . '</button>';`
			`echo '<input type="hidden" name="showfile" value="' . $user . '/' . $file . '"/>';`
			`echo '<input type="hidden" name="showfilename" value="' . $file . '"/>';`
			`echo '<input type="hidden" name="key" value="' . password_hash($CONFIG['thissitekey'], PASSWORD_DEFAULT) . '">';`
			`echo '<input type="hidden" name="contenttype" value="' . $mime . '">';`
			`echo '<input name="command" type="hidden" id="command" value="Show" readonly="readonly">';`
			`echo '</form>';`
			`echo '</td>';`
			`echo '<td class="' . $lineclass . '"><span class="np_thread_line_text">' . $mime . '</span></td>';`
			`echo '<td class="' . $lineclass . '"><span class="np_thread_line_text">' . $newdate . '</span></td>';`
			`echo '</tr>';`
			`$i ++;`
Add file upload/download features 2021-05-13 11:24:54 +02:00			`}`
Only changes to indentation. No other changes. 2023-08-20 00:33:05 +02:00			`echo '</table>';`
Some code cleanup, including fixing attachments display. 2024-03-02 04:03:16 +01:00			`}`