From b88f7d50a4c58d36d3805883c7bf5eb2220db322 Mon Sep 17 00:00:00 2001 From: Florin-Ciprian Bodin Date: Sat, 25 Nov 2023 23:11:20 +0200 Subject: [PATCH] Update Admin.php for class request() --- classes/Admin.php | 312 ++++++++++++++++++++++++---------------------- 1 file changed, 162 insertions(+), 150 deletions(-) diff --git a/classes/Admin.php b/classes/Admin.php index 53218fd..6b5da92 100644 --- a/classes/Admin.php +++ b/classes/Admin.php @@ -1,11 +1,10 @@ user_exists($username)) + if (!$accounts->user_exists($username)) { throw new ExceptionDisplay('Cannot change password: username does not exist.'); } - if (!$accounts -> is_valid_user(new User($username, sha1($old_pass)))) + if (!$accounts->is_valid_user(new User($username, sha1($old_pass)))) { throw new ExceptionDisplay('Incorrect old password.'); } global $config; - $h = @fopen($config -> __get('user_list'), 'wb'); + $h = @fopen($config->__get('user_list'), 'wb'); if ($h === false) { throw new ExceptionDisplay("Could not open file $user_list for writing." @@ -208,11 +207,11 @@ class Admin } foreach ($accounts as $this_user) { - if (strcasecmp($this_user -> username, $username) === 0) + if (strcasecmp($this_user->username, $username) === 0) { - $this_user = new User($username, sha1($new_pass1), $this_user -> level, $this_user -> home_dir); + $this_user = new User($username, sha1($new_pass1), $this_user->level, $this_user->home_dir); } - fwrite($h, $this_user -> __toString()); + fwrite($h, $this_user->__toString()); } fclose($h); $_SESSION['password'] = sha1($new_pass1); @@ -232,12 +231,12 @@ class Admin throw new ExceptionDisplay('Invalid user level.'); } $accounts = new Accounts(); - if (!$accounts -> user_exists($username)) + if (!$accounts->user_exists($username)) { throw new ExceptionDisplay('Cannot change level: username does not exist.'); } global $config; - $h = @fopen($config -> __get('user_list'), 'wb'); + $h = @fopen($config->__get('user_list'), 'wb'); if ($h === false) { throw new ExceptionDisplay("Could not open file $user_list for writing." @@ -245,11 +244,11 @@ class Admin } foreach ($accounts as $this_user) { - if (strcasecmp($this_user -> username, $username) === 0) + if (strcasecmp($this_user->username, $username) === 0) { - $this_user = new User($username, $this_user -> sha1_pass, $new_level, $this_user -> home_dir); + $this_user = new User($username, $this_user->sha1_pass, $new_level, $this_user->home_dir); } - fwrite($h, $this_user -> __toString()); + fwrite($h, $this_user->__toString()); } fclose($h); throw new ExceptionDisplay('User level successfully changed.'); @@ -281,18 +280,18 @@ class Admin } } $list = new Accounts(); - if ($list -> user_exists($username)) + if ($list->user_exists($username)) { throw new ExceptionDisplay('This username already exists.'); } global $config; - $h = @fopen($config -> __get('user_list'), 'ab'); + $h = @fopen($config->__get('user_list'), 'ab'); if ($h === false) { throw new ExceptionDisplay('User list file could not be opened for writing.'); } $new_user = new User($username, sha1($pass1), $level, $home_dir); - fwrite($h, $new_user -> __toString()); + fwrite($h, $new_user->__toString()); fclose($h); throw new ExceptionDisplay('User successfully added.'); } @@ -303,12 +302,12 @@ class Admin private static function del_user($username) { $accounts = new Accounts(); - if (!$accounts -> user_exists($username)) + if (!$accounts->user_exists($username)) { throw new ExceptionDisplay('Cannot delete user: username does not exist.'); } global $config; - $h = @fopen($config -> __get('user_list'), 'wb'); + $h = @fopen($config->__get('user_list'), 'wb'); if ($h === false) { throw new ExceptionDisplay("Could not open file $user_list for writing." @@ -316,9 +315,9 @@ class Admin } foreach ($accounts as $this_user) { - if (strcasecmp($this_user -> username, $username) !== 0) + if (strcasecmp($this_user->username, $username) !== 0) { - fwrite($h, $this_user -> __toString()); + fwrite($h, $this_user->__toString()); } } fclose($h); @@ -334,8 +333,12 @@ class Admin { throw new ExceptionDisplay('You must be logged in to access this section.'); } - $this -> level = $current_user -> level; - $this -> username = $current_user -> username; + $this->level = $current_user->level; + $this->username = $current_user->username; + + global $request, $words; + $this->request = is_object($request) ? $request : new RequestVars('', false); + $this->language = $words; } /** @@ -348,12 +351,12 @@ class Admin if (in_array(strtolower($action), $mod_actions)) { - if ($this -> level < MODERATOR) + if ($this->level < MODERATOR) { throw new ExceptionDisplay('You must be a moderator to access this section.'); } } - else if ($this -> level < ADMIN) + else if ($this->level < ADMIN) { throw new ExceptionDisplay('You must be an administrator to access this section.'); } @@ -397,31 +400,29 @@ class Admin global $config; if (DOWNLOAD_COUNT) { - self::update_file_info($config -> __get('download_count'), $old, $new); + self::update_file_info($config->__get('download_count'), $old, $new); } if (DESCRIPTION_FILE) { - self::update_file_info($config -> __get('description_file'), $old, $new); + self::update_file_info($config->__get('description_file'), $old, $new); } throw new ExceptionDisplay('File renamed successfully.'); } throw new ExceptionDisplay('Error renaming file.'); } global $words, $subdir; - throw new ExceptionDisplay('

' . $words -> __get('renaming') - . ' ' . Url::html_output($_GET['filename']) - . '

' . $words -> __get('new filename') - . ':
(' - . $words -> __get('you can also move the file by specifying a path') - . ')

' - . '' - . '' - . '

'); + throw new ExceptionDisplay('

' . $words->__get('renaming') . ' ' . Url::html_output($_GET['filename']) . '

+

' . $words->__get('new filename') . ':
+ (' . $words->__get('you can also move the file by specifying a path') . ')

+
+

+ ' . ' + + ' . ' + ' . ' + +

+
'); } case 'delete': { @@ -454,15 +455,10 @@ class Admin } global $words, $subdir; throw new ExceptionDisplay('

' - . $words -> __get('are you sure you want to delete the file') - . ' ' . Url::html_output($_GET['filename']) . '?

' - . '

' - . '' - . '

'); + . $words->__get('are you sure you want to delete the file') . ' ' . Url::html_output($_GET['filename']) . '?

' + . '

' + . '' + . '

'); } case 'add_user': { @@ -472,29 +468,29 @@ class Admin $_POST['pass2'], (int)$_POST['level'], $_POST['home_dir']); } global $words; - throw new ExceptionDisplay($words -> __get('add user') + throw new ExceptionDisplay($words->__get('add user') . ':

' - . $words -> __get('username') . ':
' - . $words -> __get('password') . ':
' - . $words -> __get('password') . ':
' - . $words -> __get('level') . ':

Home Directory: ' + . Url::html_output($this->request->server('PHP_SELF')) . '?action=add_user">

' + . $words->__get('username') . ':
' + . $words->__get('password') . ':
' + . $words->__get('password') . ':
' + . $words->__get('level') . ':

Home Directory: ' . '
(leave blank to use the default base directory)

'); + . $words->__get('add user') . '" />

'); } case 'change_password': { if (isset($_POST['pass1'], $_POST['pass2'], $_POST['old_pass'])) { - self::change_password($this -> username, $_POST['old_pass'], + self::change_password($this->username, $_POST['old_pass'], $_POST['pass1'], $_POST['pass2']); } throw new ExceptionDisplay('
+ . Url::html_output($this->request->server('PHP_SELF')) . '?action=change_password">

Old password:
New password:
New password:

@@ -508,18 +504,18 @@ class Admin } $accounts = new Accounts(); $out = ' + . Url::html_output($this->request->server('PHP_SELF')) . '?action=change_user_level">

Select user:

Select new level:

'); + . $words->__get('guest') . '

'); } case 'del_user': { @@ -531,23 +527,23 @@ class Admin } global $words; throw new ExceptionDisplay('

' - . $words -> __get('are you sure you want to remove the user') + . $words->__get('are you sure you want to remove the user') . ' '.$_POST['username'] . '?

' - . '
' + . '' . '

'); + . $words->__get('yes, delete') . '" />

'); } global $words; $accounts = new Accounts(); - $out = '

' . $words -> __get('select user to remove') - . ':

'); + throw new ExceptionDisplay($out . '

'); } case 'edit_description': { @@ -558,11 +554,11 @@ class Admin if (isset($_GET['description'])) { global $descriptions, $config; - if (DESCRIPTION_FILE && $descriptions -> is_set($filename)) + if (DESCRIPTION_FILE && $descriptions->is_set($filename)) //if it's already set, update the old description { //update the new description on disk - $h = @fopen($config -> __get('description_file'), 'wb'); + $h = @fopen($config->__get('description_file'), 'wb'); if ($h === false) { throw new ExceptionDisplay('Could not open description file for writing.' . ' Make sure PHP has write permission to this file.'); @@ -574,12 +570,12 @@ class Admin fclose($h); //update the new description in memory - $descriptions -> set($filename, $_GET['description']); + $descriptions->set($filename, $_GET['description']); } else if ($_GET['description'] != '') //if it's not set, add it to the end { - $h = @fopen($config -> __get('description_file'), 'ab'); + $h = @fopen($config->__get('description_file'), 'ab'); if ($h === false) { throw new ExceptionDisplay('Could not open description file for writing.' . ' Make sure PHP has write permission to this file.'); @@ -588,24 +584,24 @@ class Admin fclose($h); //read the description file with the updated data - $descriptions = new ConfigData($config -> __get('description_file')); + $descriptions = new ConfigData($config->__get('description_file')); } } else { global $words, $subdir, $descriptions; - $current_desc = (DESCRIPTION_FILE && $descriptions -> is_set($filename) ? $descriptions -> __get($filename) : ''); + $current_desc = (DESCRIPTION_FILE && $descriptions->is_set($filename) ? $descriptions->__get($filename) : ''); throw new ExceptionDisplay('

' - . $words -> __get('enter the new description for the file') + . $words->__get('enter the new description for the file') . ' ' . Url::html_output($_GET['filename']) - . ':

' . '

'); + . $words->__get('change') . '" />

'); } } else @@ -624,7 +620,7 @@ class Admin if (isset($_GET['add']) && $_GET['add'] != '') { global $config; - $h = @fopen($config -> __get('hidden_files'), 'ab'); + $h = @fopen($config->__get('hidden_files'), 'ab'); if ($h === false) { throw new ExceptionDisplay('Unable to open hidden files list for writing.'); @@ -636,7 +632,7 @@ class Admin if (isset($_GET['remove'])) { global $config; - $h = @fopen($config -> __get('hidden_files'), 'wb'); + $h = @fopen($config->__get('hidden_files'), 'wb'); if ($h === false) { throw new ExceptionDisplay('Unable to open hidden files list for writing.'); @@ -652,23 +648,23 @@ class Admin throw new ExceptionDisplay('Hidden file removed.'); } global $words; - $str = '

' . $words -> __get('add a new hidden file') . ':

' + $str = '

' . $words->__get('add a new hidden file') . ':

' . '

You can also use wildcards (?, *, +) for each entry.
' . 'If you want to do the opposite of "hidden files" - show only certain files - ' . 'put a colon in front of those entries.

' + . Url::html_output($this->request->server('PHP_SELF')) . '">

' . '

'; + . $words->__get('add') . '" />

'; - $str .= '

' . $words -> __get('remove a hidden file') + $str .= '

' . $words->__get('remove a hidden file') . ':

'; foreach ($hidden_list as $hid) { $str .= ''; } $str .= '

'; + . $words->__get('remove') . '" />

'; throw new ExceptionDisplay($str); } case 'edit_banned': @@ -677,10 +673,11 @@ class Admin { throw new ExceptionDisplay('The banning system is not in use. To enable it, reconfigure the script.'); } + if (isset($_GET['add']) && $_GET['add'] != '') { global $config; - $h = @fopen($config -> __get('banned_list'), 'ab'); + $h = @fopen($config->__get('banned_list'), 'ab'); if ($h === false) { throw new ExceptionDisplay('Unable to open banned_list for writing.'); @@ -689,14 +686,18 @@ class Admin fclose($h); throw new ExceptionDisplay('Ban added.'); } + if (isset($_GET['remove'])) { global $b_list, $config; - $h = @fopen($config -> __get('banned_list'), 'wb'); + + $h = @fopen($config->__get('banned_list'), 'wb'); + if ($h === false) { throw new ExceptionDisplay('Unable to open banned_list for writing.'); } + foreach ($b_list as $ban) { if ($ban != $_GET['remove']) @@ -707,21 +708,32 @@ class Admin fclose($h); throw new ExceptionDisplay('Ban removed.'); } - global $b_list, $words; - $str = '

' . $words -> __get('add a new ban') . ':

' - . '

'; - $str .= '

' - . $words -> __get('remove a ban') . ':

' . ' + + +

+
'; + $str .= '
+

' . $words->__get('remove a ban') . ':

+
+

+

'; + $str .= ' + + + +

+ '; throw new ExceptionDisplay($str); } case 'stats': @@ -731,7 +743,7 @@ class Admin throw new ExceptionDisplay('The logging system has not been enabled.'); } $stats = new Stats(); - $stats -> display(); + $stats->display(); break; } case 'view_log': @@ -743,14 +755,14 @@ class Admin global $log; if (isset($_GET['num'])) { - $log -> display((int)$_GET['num']); + $log->display((int)$_GET['num']); } - global $words; - throw new ExceptionDisplay($words -> __get('how many entries would you like to view') - . '?
' . '
'); + . $words->__get('view') . '" />'); } case 'create_dir': { @@ -765,11 +777,11 @@ class Admin else { global $words, $subdir; - throw new ExceptionDisplay('

' . $words -> __get('enter the new name') + throw new ExceptionDisplay('

' . $words->__get('enter the new name') . ':

' + . Url::html_output($this->request->server('PHP_SELF')) . '">

' . '

'); } break; @@ -786,7 +798,7 @@ class Admin

Enter the name of the remote file you would like to copy:

-
+

http:// @@ -838,7 +850,7 @@ class Admin { unset($_SESSION['ftp']); $text = '

Logout successful. Go back.

'; } else if (isset($_SESSION['ftp'])) @@ -859,7 +871,7 @@ class Admin { global $dir; $name = rawurldecode($_GET['filename']); - $ftp -> put_file($dir . $name, Item::get_basename($name)); + $ftp->put_file($dir . $name, Item::get_basename($name)); throw new ExceptionDisplay('File successfully transferred to FTP server.'); } if (isset($_GET['transfer']) && $_GET['transfer'] != '') @@ -867,36 +879,36 @@ class Admin { global $dir; $name = rawurldecode($_GET['transfer']); - $ftp -> get_file($dir . Item::get_basename($name), $name); + $ftp->get_file($dir . Item::get_basename($name), $name); throw new ExceptionDisplay('File successfully transferred from FTP server.'); } global $words; - $text = '

Logout of FTP server -
request->server('PHP_SELF')) . '?dir=' . rawurlencode($subdir) . '">Back to index.

'; } else { $text = '

FTP server: @@ -907,7 +919,7 @@ class Admin (Leave these blank to login anonymously)

Directory:

-

Back to index.

'; } echo new Display($text); @@ -925,49 +937,49 @@ class Admin */ public function __toString() { - global $words, $subdir; + global $words, $subdir, $request; $str = ''; //only ADMIN accounts - if ($this -> level >= ADMIN) $str = ' + if ($this->level >= ADMIN) $str = '

- ' - . $words -> __get('reconfigure script') . ' + ' + . $words->__get('reconfigure script') . '

- ' - . $words -> __get('edit list of hidden files') . ' -
' - . $words -> __get('edit ban list') . ' + ' + . $words->__get('edit list of hidden files') . ' +
' + . $words->__get('edit ban list') . '

- ' . $words -> __get('create new directory in this folder') - . '
' . $words -> __get('copy url') . ' + ' . $words->__get('create new directory in this folder') + . '
' . $words->__get('copy url') . '

- ' - . $words -> __get('view entries from log file') . ' -
' - . $words -> __get('view statistics from log file') . ' + ' + . $words->__get('view entries from log file') . ' +
' + . $words->__get('view statistics from log file') . '

- ' - . $words -> __get('add new user') . ' -
' - . $words -> __get('delete user') . ' -
+ ' + . $words->__get('add new user') . ' +
' + . $words->__get('delete user') . ' +
Change a user\'s level

'; //MODERATOR and ADMIN accounts - if ($this -> level >= MODERATOR) $str .= ' + if ($this->level >= MODERATOR) $str .= '

- + Change your password

- request->server('PHP_SELF')) . '?action=ftp&dir=' . rawurlencode($subdir) . '" class="autoindex_a">FTP browser

'; return $str;