debianforum.de - Eintrag ansehen

NoPaste

XmasCLOUD

von uname

SNIPPET_TEXT:

<?php
//Default Configuration
$CONFIG = '{"lang":"en","error_reporting":false,"show_hidden":false,"hide_Cols":false,"theme":"light"}';
/**
* H3K | Tiny File Manager V2.5.2
* @author Prasath Mani | CCP Programmers
* @email ccpprogrammers@gmail.com
* @github https://github.com/prasathmani/tinyfilemanager
* @link https://tinyfilemanager.github.io
*/
//TFM version
define('VERSION', '2.5.2');
//Application Title
//define('APP_TITLE', 'Tiny File Manager');
define('APP_TITLE', 'XmasCLOUD'); // XmasCLOUD
// --- EDIT BELOW CONFIGURATION CAREFULLY ---
// Auth with login/password
// set true/false to enable/disable it
// Is independent from IP white- and blacklisting
$use_auth = false; // xmascloud
// Login user name and password
// Users: array('Username' => 'Password', 'Username2' => 'Password2', ...)
// Generate secure password hash - https://tinyfilemanager.github.io/docs/pwd.html
$auth_users = array(
'admin' => '$2y$10$/K.hjNr84lLNDt8fTXjoI.DBp6PpeyoJ.mGwrrLuCZfAwfSAGqhOW', //admin@123
'user' => '$2y$10$Fg6Dz8oH9fPoZ2jJan5tZuv6Z4Kp7avtQ9bDfrdRntXtPeiMAZyGO' //12345
);
// Readonly users
// e.g. array('users', 'guest', ...)
$readonly_users = array(
'user'
);
// Global readonly, including when auth is not being used
$global_readonly = false; // XmasCLOUD
// user specific directories
// array('Username' => 'Directory path', 'Username2' => 'Directory path', ...)
$directories_users = array();
// Enable highlight.js (https://highlightjs.org/) on view's page
$use_highlightjs = true;
// highlight.js style
// for dark theme use 'ir-black'
$highlightjs_style = 'vs';
// Enable ace.js (https://ace.c9.io/) on view's page
$edit_files = true;
// Default timezone for date() and time()
// Doc - http://php.net/manual/en/timezones.php
//$default_timezone = 'Etc/UTC'; // UTC
$default_timezone = "Europe/Berlin"; // XmasCLOUD
// Root path for file manager
// use absolute path of directory i.e: '/var/www/folder' or $_SERVER['DOCUMENT_ROOT'].'/folder'
// $root_path = $_SERVER['DOCUMENT_ROOT'];
$root_path = $_SERVER['DOCUMENT_ROOT'] . '/xmascloud/'; // XmasCLOUD
// Root url for links in file manager.Relative to $http_host. Variants: '', 'path/to/subfolder'
// Will not working if $root_path will be outside of server document root
$root_url = 'xmascloud'; // XmasCLOUD
// Server hostname. Can set manually if wrong
// $_SERVER['HTTP_HOST'].'/folder'
$http_host = $_SERVER['HTTP_HOST'];
// input encoding for iconv
$iconv_input_encoding = 'UTF-8';
// date() format for file modification date
// Doc - https://www.php.net/manual/en/function.date.php
$datetime_format = 'm/d/Y g:i A';
// Allowed file extensions for create and rename files
// e.g. 'txt,html,css,js'
// $allowed_file_extensions = ''; // XmasCLOUD
$allowed_file_extensions = 'webm,jpg,png,bmp,ico,csv,dbf,dif,doc,docm,docx,dot,dotm,dotx,emf,emf,gif,htm,html,mht,mhtml,mp3,mp4 ,odp ,ods,odt,pdf,pot,potm,potx,ppa,ppam,pps,ppsm,ppsx,ppt,pptm,pptx,prm,rtf,rtf,slk,thmx,tif,txt,wmf,wmv,wps,xla,xlam,xls,xlsb,xlsm,xlsx,xlt,xltm,xltx,xlw,xml,xps,xps';
// Allowed file extensions for upload files
// e.g. 'gif,png,jpg,html,txt'
// $allowed_upload_extensions = ''; // XmasCLOUD
$allowed_upload_extensions = 'webm,jpg,png,bmp,ico,csv,dbf,dif,doc,docm,docx,dot,dotm,dotx,emf,emf,gif,htm,html,mht,mhtml,mp3,mp4 ,odp ,ods,odt,pdf,pot,potm,potx,ppa,ppam,pps,ppsm,ppsx,ppt,pptm,pptx,prm,rtf,rtf,slk,thmx,tif,txt,wmf,wmv,wps,xla,xlam,xls,xlsb,xlsm,xlsx,xlt,xltm,xltx,xlw,xml,xps,xps';
// Favicon path. This can be either a full url to an .PNG image, or a path based on the document root.
// full path, e.g http://example.com/favicon.png
// local path, e.g images/icons/favicon.png
$favicon_path = '';
// Files and folders to excluded from listing
// e.g. array('myfile.html', 'personal-folder', '*.php', ...)
$exclude_items = array();
// Online office Docs Viewer
// Availabe rules are 'google', 'microsoft' or false
// Google => View documents using Google Docs Viewer
// Microsoft => View documents using Microsoft Web Apps Viewer
// false => disable online doc viewer
$online_viewer = false; // xmascloud
// Sticky Nav bar
// true => enable sticky header
// false => disable sticky header
$sticky_navbar = true;
// Maximum file upload size
// Increase the following values in php.ini to work properly
// memory_limit, upload_max_filesize, post_max_size
$max_upload_size_bytes = 5000000000; // size 5,000,000,000 bytes (~5GB)
// Possible rules are 'OFF', 'AND' or 'OR'
// OFF => Don't check connection IP, defaults to OFF
// AND => Connection must be on the whitelist, and not on the blacklist
// OR => Connection must be on the whitelist, or not on the blacklist
$ip_ruleset = 'OFF';
// Should users be notified of their block?
$ip_silent = true;
// IP-addresses, both ipv4 and ipv6
$ip_whitelist = array(
'127.0.0.1', // local ipv4
'::1' // local ipv6
);
// IP-addresses, both ipv4 and ipv6
$ip_blacklist = array(
'0.0.0.0', // non-routable meta ipv4
'::' // non-routable meta ipv6
);
// if User has the external config file, try to use it to override the default config above [config.php]
// sample config - https://tinyfilemanager.github.io/config-sample.txt
$config_file = __DIR__.'/config.php';
if (is_readable($config_file)) {
@include($config_file);
}
// --- EDIT BELOW CAREFULLY OR DO NOT EDIT AT ALL ---
// max upload file size
define('MAX_UPLOAD_SIZE', $max_upload_size_bytes);
// private key and session name to store to the session
if ( !defined( 'FM_SESSION_ID')) {
define('FM_SESSION_ID', 'filemanager');
}
// Configuration
$cfg = new FM_Config();
// Default language
$lang = isset($cfg->data['lang']) ? $cfg->data['lang'] : 'en';
// Show or hide files and folders that starts with a dot
$show_hidden_files = isset($cfg->data['show_hidden']) ? $cfg->data['show_hidden'] : true;
// PHP error reporting - false = Turns off Errors, true = Turns on Errors
$report_errors = isset($cfg->data['error_reporting']) ? $cfg->data['error_reporting'] : true;
// Hide Permissions and Owner cols in file-listing
$hide_Cols = isset($cfg->data['hide_Cols']) ? $cfg->data['hide_Cols'] : true;
// Theme
$theme = isset($cfg->data['theme']) ? $cfg->data['theme'] : 'light';
define('FM_THEME', $theme);
//available languages
$lang_list = array(
'en' => 'English'
);
if ($report_errors == true) {
@ini_set('error_reporting', E_ALL);
@ini_set('display_errors', 1);
} else {
@ini_set('error_reporting', E_ALL);
@ini_set('display_errors', 0);
}
// if fm included
if (defined('FM_EMBED')) {
$use_auth = false;
$sticky_navbar = false;
} else {
@set_time_limit(600);
date_default_timezone_set($default_timezone);
ini_set('default_charset', 'UTF-8');
if (version_compare(PHP_VERSION, '5.6.0', '<') && function_exists('mb_internal_encoding')) {
mb_internal_encoding('UTF-8');
}
if (function_exists('mb_regex_encoding')) {
mb_regex_encoding('UTF-8');
}
session_cache_limiter('');
session_name(FM_SESSION_ID );
function session_error_handling_function($code, $msg, $file, $line) {
// Permission denied for default session, try to create a new one
if ($code == 2) {
session_abort();
session_id(session_create_id());
@session_start();
}
}
set_error_handler('session_error_handling_function');
session_start();
restore_error_handler();
}
//Genrating CSRF Token
if (empty($_SESSION['token'])) {
$_SESSION['token'] = bin2hex(random_bytes(32));
}
if (empty($auth_users)) {
$use_auth = false;
}
$is_https = isset($_SERVER['HTTPS']) && ($_SERVER['HTTPS'] == 'on' || $_SERVER['HTTPS'] == 1)
|| isset($_SERVER['HTTP_X_FORWARDED_PROTO']) && $_SERVER['HTTP_X_FORWARDED_PROTO'] == 'https';
// update $root_url based on user specific directories
if (isset($_SESSION[FM_SESSION_ID]['logged']) && !empty($directories_users[$_SESSION[FM_SESSION_ID]['logged']])) {
$wd = fm_clean_path(dirname($_SERVER['PHP_SELF']));
$root_url = $root_url.$wd.DIRECTORY_SEPARATOR.$directories_users[$_SESSION[FM_SESSION_ID]['logged']];
}
// clean $root_url
$root_url = fm_clean_path($root_url);
// abs path for site
defined('FM_ROOT_URL') || define('FM_ROOT_URL', ($is_https ? 'https' : 'http') . '://' . $http_host . (!empty($root_url) ? '/' . $root_url : ''));
defined('FM_SELF_URL') || define('FM_SELF_URL', ($is_https ? 'https' : 'http') . '://' . $http_host . $_SERVER['PHP_SELF']);
// logout
if (isset($_GET['logout'])) {
unset($_SESSION[FM_SESSION_ID]['logged']);
unset( $_SESSION['token']);
fm_redirect(FM_SELF_URL);
}
// Validate connection IP
if ($ip_ruleset != 'OFF') {
function getClientIP() {
if (array_key_exists('HTTP_CF_CONNECTING_IP', $_SERVER)) {
return $_SERVER["HTTP_CF_CONNECTING_IP"];
}else if (array_key_exists('HTTP_X_FORWARDED_FOR', $_SERVER)) {
return $_SERVER["HTTP_X_FORWARDED_FOR"];
}else if (array_key_exists('REMOTE_ADDR', $_SERVER)) {
return $_SERVER['REMOTE_ADDR'];
}else if (array_key_exists('HTTP_CLIENT_IP', $_SERVER)) {
return $_SERVER['HTTP_CLIENT_IP'];
}
return '';
}
$clientIp = getClientIP();
$proceed = false;
$whitelisted = in_array($clientIp, $ip_whitelist);
$blacklisted = in_array($clientIp, $ip_blacklist);
if($ip_ruleset == 'AND'){
if($whitelisted == true && $blacklisted == false){
$proceed = true;
}
} else
if($ip_ruleset == 'OR'){
if($whitelisted == true || $blacklisted == false){
$proceed = true;
}
}
if($proceed == false){
trigger_error('User connection denied from: ' . $clientIp, E_USER_WARNING);
if($ip_silent == false){
fm_set_msg(lng('Access denied. IP restriction applicable'), 'error');
fm_show_header_login();
fm_show_message();
}
exit();
}
}
// Checking if the user is logged in or not. If not, it will show the login form.
if ($use_auth) {
if (isset($_SESSION[FM_SESSION_ID]['logged'], $auth_users[$_SESSION[FM_SESSION_ID]['logged']])) {
// Logged
} elseif (isset($_POST['fm_usr'], $_POST['fm_pwd'], $_POST['token'])) {
// Logging In
sleep(1);
if(function_exists('password_verify')) {
if (isset($auth_users[$_POST['fm_usr']]) && isset($_POST['fm_pwd']) && password_verify($_POST['fm_pwd'], $auth_users[$_POST['fm_usr']]) && verifyToken($_POST['token'])) {
$_SESSION[FM_SESSION_ID]['logged'] = $_POST['fm_usr'];
fm_set_msg(lng('You are logged in'));
fm_redirect(FM_ROOT_URL . $_SERVER['REQUEST_URI']);
} else {
unset($_SESSION[FM_SESSION_ID]['logged']);
fm_set_msg(lng('Login failed. Invalid username or password'), 'error');
fm_redirect(FM_ROOT_URL . $_SERVER['REQUEST_URI']);
}
} else {
fm_set_msg(lng('password_hash not supported, Upgrade PHP version'), 'error');;
}
} else {
// Form
unset($_SESSION[FM_SESSION_ID]['logged']);
fm_show_header_login();
?>
<section class="h-100">
<div class="container h-100">
<div class="row justify-content-md-center h-100">
<div class="card-wrapper">
<div class="card fat <?php echo fm_get_theme(); ?>">
<div class="card-body">
<form class="form-signin" action="" method="post" autocomplete="off">
<div class="mb-3">
<div class="brand">
<svg version="1.0" xmlns="http://www.w3.org/2000/svg" M1008 width="100%" height="80px" viewBox="0 0 238.000000 140.000000" aria-label="H3K Tiny File Manager">
<g transform="translate(0.000000,140.000000) scale(0.100000,-0.100000)" fill="#000000" stroke="none">
<path d="M160 700 l0 -600 110 0 110 0 0 260 0 260 70 0 70 0 0 -260 0 -260 110 0 110 0 0 600 0 600 -110 0 -110 0 0 -260 0 -260 -70 0 -70 0 0 260 0 260 -110 0 -110 0 0 -600z"/>
<path fill="#003500" d="M1008 1227 l-108 -72 0 -117 0 -118 110 0 110 0 0 110 0 110 70 0 70 0 0 -180 0 -180 -125 0 c-69 0 -125 -3 -125 -6 0 -3 23 -39 52 -80 l52 -74 73 0 73 0 0 -185 0 -185 -70 0 -70 0 0 115 0 115 -110 0 -110 0 0 -190 0 -190 181 0 181 0 109 73 108 72 1 181 0 181 -69 48 -68 49 68 50 69 49 0 249 0 248 -182 -1 -183 0 -107 -72z"/>
<path d="M1640 700 l0 -600 110 0 110 0 0 208 0 208 35 34 35 34 35 -34 35 -34 0 -208 0 -208 110 0 110 0 0 212 0 213 -87 87 -88 88 88 88 87 87 0 213 0 212 -110 0 -110 0 0 -208 0 -208 -70 -69 -70 -69 0 277 0 277 -110 0 -110 0 0 -600z"/></g>
</svg>
</div>
<div class="text-center">
<h1 class="card-title"><?php echo APP_TITLE; ?></h1>
</div>
</div>
<hr />
<div class="mb-3">
<label for="fm_usr" class="pb-2"><?php echo lng('Username'); ?></label>
<input type="text" class="form-control" id="fm_usr" name="fm_usr" required autofocus>
</div>
<div class="mb-3">
<label for="fm_pwd" class="pb-2"><?php echo lng('Password'); ?></label>
<input type="password" class="form-control" id="fm_pwd" name="fm_pwd" required>
</div>
<div class="mb-3">
<?php fm_show_message(); ?>
</div>
<input type="hidden" name="token" value="<?php echo htmlentities($_SESSION['token']); ?>" />
<div class="mb-3">
<button type="submit" class="btn btn-success btn-block w-100 mt-4" role="button">
<?php echo lng('Login'); ?>
</button>
</div>
</form>
</div>
</div>
<div class="footer text-center">
—— ©
<a href="https://tinyfilemanager.github.io/" target="_blank" class="text-decoration-none text-muted" data-version="<?php echo VERSION; ?>">CCP Programmers</a> ——
</div>
</div>
</div>
</div>
</section>
<?php
fm_show_footer_login();
exit;
}
}
// update root path
if ($use_auth && isset($_SESSION[FM_SESSION_ID]['logged'])) {
$root_path = isset($directories_users[$_SESSION[FM_SESSION_ID]['logged']]) ? $directories_users[$_SESSION[FM_SESSION_ID]['logged']] : $root_path;
}
// clean and check $root_path
$root_path = rtrim($root_path, '\\/');
$root_path = str_replace('\\', '/', $root_path);
if (!@is_dir($root_path)) {
echo "<h1>".lng('Root path')." \"{$root_path}\" ".lng('not found!')." </h1>";
exit;
}
defined('FM_SHOW_HIDDEN') || define('FM_SHOW_HIDDEN', $show_hidden_files);
defined('FM_ROOT_PATH') || define('FM_ROOT_PATH', $root_path);
defined('FM_LANG') || define('FM_LANG', $lang);
defined('FM_FILE_EXTENSION') || define('FM_FILE_EXTENSION', $allowed_file_extensions);
defined('FM_UPLOAD_EXTENSION') || define('FM_UPLOAD_EXTENSION', $allowed_upload_extensions);
defined('FM_EXCLUDE_ITEMS') || define('FM_EXCLUDE_ITEMS', (version_compare(PHP_VERSION, '7.0.0', '<') ? serialize($exclude_items) : $exclude_items));
defined('FM_DOC_VIEWER') || define('FM_DOC_VIEWER', $online_viewer);
define('FM_READONLY', $global_readonly || ($use_auth && !empty($readonly_users) && isset($_SESSION[FM_SESSION_ID]['logged']) && in_array($_SESSION[FM_SESSION_ID]['logged'], $readonly_users)));
define('FM_IS_WIN', DIRECTORY_SEPARATOR == '\\');
// always use ?p=
if (!isset($_GET['p']) && empty($_FILES)) {
fm_redirect(FM_SELF_URL . '?p=');
}
// get path
$p = isset($_GET['p']) ? $_GET['p'] : (isset($_POST['p']) ? $_POST['p'] : '');
// clean path // XmasCLOUD
$p = fm_clean_path($p);
if (!$p) {
exit;
}
// for ajax request - save
$input = file_get_contents('php://input');
$_POST = (strpos($input, 'ajax') != FALSE && strpos($input, 'save') != FALSE) ? json_decode($input, true) : $_POST;
// instead globals vars
define('FM_PATH', $p);
define('FM_USE_AUTH', $use_auth);
define('FM_EDIT_FILE', $edit_files);
defined('FM_ICONV_INPUT_ENC') || define('FM_ICONV_INPUT_ENC', $iconv_input_encoding);
defined('FM_USE_HIGHLIGHTJS') || define('FM_USE_HIGHLIGHTJS', $use_highlightjs);
defined('FM_HIGHLIGHTJS_STYLE') || define('FM_HIGHLIGHTJS_STYLE', $highlightjs_style);
defined('FM_DATETIME_FORMAT') || define('FM_DATETIME_FORMAT', $datetime_format);
unset($p, $use_auth, $iconv_input_encoding, $use_highlightjs, $highlightjs_style);
/*************************** ACTIONS ***************************/
// Handle all AJAX Request
if (isset($_SESSION[FM_SESSION_ID]['logged'], $auth_users[$_SESSION[FM_SESSION_ID]['logged']]) && isset($_POST['ajax'], $_POST['token']) && !FM_READONLY) {
if(!verifyToken($_POST['token'])) {
header('HTTP/1.0 401 Unauthorized');
die("Invalid Token.");
}
//search : get list of files from the current folder
if(isset($_POST['type']) && $_POST['type']=="search") {
$dir = $_POST['path'] == "." ? '': $_POST['path'];
$response = scan(fm_clean_path($dir), $_POST['content']);
echo json_encode($response);
exit();
}
// save editor file
if (isset($_POST['type']) && $_POST['type'] == "save") {
// get current path
$path = FM_ROOT_PATH;
if (FM_PATH != '') {
$path .= '/' . FM_PATH;
}
// check path
if (!is_dir($path)) {
fm_redirect(FM_SELF_URL . '?p=');
}
$file = $_GET['edit'];
$file = fm_clean_path($file);
$file = str_replace('/', '', $file);
if ($file == '' || !is_file($path . '/' . $file)) {
fm_set_msg(lng('File not found'), 'error');
$FM_PATH=FM_PATH; fm_redirect(FM_SELF_URL . '?p=' . urlencode($FM_PATH));
}
header('X-XSS-Protection:0');
$file_path = $path . '/' . $file;
$writedata = $_POST['content'];
$fd = fopen($file_path, "w");
$write_results = @fwrite($fd, $writedata);
fclose($fd);
if ($write_results === false){
header("HTTP/1.1 500 Internal Server Error");
die("Could Not Write File! - Check Permissions / Ownership");
}
die(true);
}
// backup files
if (isset($_POST['type']) && $_POST['type'] == "backup" && !empty($_POST['file'])) {
$fileName = fm_clean_path($_POST['file']);
$fullPath = FM_ROOT_PATH . '/';
if (!empty($_POST['path'])) {
$relativeDirPath = fm_clean_path($_POST['path']);
$fullPath .= "{$relativeDirPath}/";
}
$date = date("dMy-His");
$newFileName = "{$fileName}-{$date}.bak";
$fullyQualifiedFileName = $fullPath . $fileName;
try {
if (!file_exists($fullyQualifiedFileName)) {
throw new Exception("File {$fileName} not found");
}
if (copy($fullyQualifiedFileName, $fullPath . $newFileName)) {
echo "Backup {$newFileName} created";
} else {
throw new Exception("Could not copy file {$fileName}");
}
} catch (Exception $e) {
echo $e->getMessage();
}
}
// Save Config
if (isset($_POST['type']) && $_POST['type'] == "settings") {
global $cfg, $lang, $report_errors, $show_hidden_files, $lang_list, $hide_Cols, $theme;
$newLng = $_POST['js-language'];
fm_get_translations([]);
if (!array_key_exists($newLng, $lang_list)) {
$newLng = 'en';
}
$erp = isset($_POST['js-error-report']) && $_POST['js-error-report'] == "true" ? true : false;
$shf = isset($_POST['js-show-hidden']) && $_POST['js-show-hidden'] == "true" ? true : false;
$hco = isset($_POST['js-hide-cols']) && $_POST['js-hide-cols'] == "true" ? true : false;
$te3 = $_POST['js-theme-3'];
if ($cfg->data['lang'] != $newLng) {
$cfg->data['lang'] = $newLng;
$lang = $newLng;
}
if ($cfg->data['error_reporting'] != $erp) {
$cfg->data['error_reporting'] = $erp;
$report_errors = $erp;
}
if ($cfg->data['show_hidden'] != $shf) {
$cfg->data['show_hidden'] = $shf;
$show_hidden_files = $shf;
}
if ($cfg->data['show_hidden'] != $shf) {
$cfg->data['show_hidden'] = $shf;
$show_hidden_files = $shf;
}
if ($cfg->data['hide_Cols'] != $hco) {
$cfg->data['hide_Cols'] = $hco;
$hide_Cols = $hco;
}
if ($cfg->data['theme'] != $te3) {
$cfg->data['theme'] = $te3;
$theme = $te3;
}
$cfg->save();
echo true;
}
// new password hash
if (isset($_POST['type']) && $_POST['type'] == "pwdhash") {
$res = isset($_POST['inputPassword2']) && !empty($_POST['inputPassword2']) ? password_hash($_POST['inputPassword2'], PASSWORD_DEFAULT) : '';
echo $res;
}
//upload using url
if(isset($_POST['type']) && $_POST['type'] == "upload" && !empty($_REQUEST["uploadurl"])) {
$path = FM_ROOT_PATH;
if (FM_PATH != '') {
$path .= '/' . FM_PATH;
}
function event_callback ($message) {
global $callback;
echo json_encode($message);
}
function get_file_path () {
global $path, $fileinfo, $temp_file;
return $path."/".basename($fileinfo->name);
}
$url = !empty($_REQUEST["uploadurl"]) && preg_match("|^http(s)?://.+$|", stripslashes($_REQUEST["uploadurl"])) ? stripslashes($_REQUEST["uploadurl"]) : null;
//prevent 127.* domain and known ports
$domain = parse_url($url, PHP_URL_HOST);
$port = parse_url($url, PHP_URL_PORT);
$knownPorts = [22, 23, 25, 3306];
if (preg_match("/^localhost$|^127(?:\.[0-9]+){0,2}\.[0-9]+$|^(?:0*\:)*?:?0*1$/i", $domain) || in_array($port, $knownPorts)) {
$err = array("message" => "URL is not allowed");
event_callback(array("fail" => $err));
exit();
}
$use_curl = false;
$temp_file = tempnam(sys_get_temp_dir(), "upload-");
$fileinfo = new stdClass();
$fileinfo->name = trim(basename($url), ".\x00..\x20");
$allowed = (FM_UPLOAD_EXTENSION) ? explode(',', FM_UPLOAD_EXTENSION) : false;
$ext = strtolower(pathinfo($fileinfo->name, PATHINFO_EXTENSION));
$isFileAllowed = ($allowed) ? in_array($ext, $allowed) : true;
$err = false;
if(!$isFileAllowed) {
$err = array("message" => "File extension is not allowed");
event_callback(array("fail" => $err));
exit();
}
if (!$url) {
$success = false;
} else if ($use_curl) {
@$fp = fopen($temp_file, "w");
@$ch = curl_init($url);
curl_setopt($ch, CURLOPT_NOPROGRESS, false );
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true);
curl_setopt($ch, CURLOPT_FILE, $fp);
@$success = curl_exec($ch);
$curl_info = curl_getinfo($ch);
if (!$success) {
$err = array("message" => curl_error($ch));
}
@curl_close($ch);
fclose($fp);
$fileinfo->size = $curl_info["size_download"];
$fileinfo->type = $curl_info["content_type"];
} else {
$ctx = stream_context_create();
@$success = copy($url, $temp_file, $ctx);
if (!$success) {
$err = error_get_last();
}
}
if ($success) {
$success = rename($temp_file, strtok(get_file_path(), '?'));
}
if ($success) {
event_callback(array("done" => $fileinfo));
} else {
unlink($temp_file);
if (!$err) {
$err = array("message" => "Invalid url parameter");
}
event_callback(array("fail" => $err));
}
}
exit();
}
// Delete file / folder
if (isset($_GET['del'], $_POST['token']) && !FM_READONLY) {
$del = str_replace( '/', '', fm_clean_path( $_GET['del'] ) );
if ($del != '' && $del != '..' && $del != '.' && verifyToken($_POST['token'])) {
$path = FM_ROOT_PATH;
if (FM_PATH != '') {
$path .= '/' . FM_PATH;
}
$is_dir = is_dir($path . '/' . $del);
if (fm_rdelete($path . '/' . $del)) {
$msg = $is_dir ? lng('Folder').' <b>%s</b> '.lng('Deleted') : lng('File').' <b>%s</b> '.lng('Deleted');
fm_set_msg(sprintf($msg, fm_enc($del)));
} else {
$msg = $is_dir ? lng('Folder').' <b>%s</b> '.lng('not deleted') : lng('File').' <b>%s</b> '.lng('not deleted');
fm_set_msg(sprintf($msg, fm_enc($del)), 'error');
}
} else {
fm_set_msg(lng('Invalid file or folder name'), 'error');
}
$FM_PATH=FM_PATH; fm_redirect(FM_SELF_URL . '?p=' . urlencode($FM_PATH));
}
// Create a new file/folder
if (isset($_POST['newfilename'], $_POST['newfile'], $_POST['token']) && !FM_READONLY) {
$type = urldecode($_POST['newfile']);
$new = str_replace( '/', '', fm_clean_path( strip_tags( $_POST['newfilename'] ) ) );
if (fm_isvalid_filename($new) && $new != '' && $new != '..' && $new != '.' && verifyToken($_POST['token'])) {
$path = FM_ROOT_PATH;
if (FM_PATH != '') {
$path .= '/' . FM_PATH;
}
if ($type == "file") {
if (!file_exists($path . '/' . $new)) {
if(fm_is_valid_ext($new)) {
@fopen($path . '/' . $new, 'w') or die('Cannot open file: ' . $new);
fm_set_msg(sprintf(lng('File').' <b>%s</b> '.lng('Created'), fm_enc($new)));
} else {
fm_set_msg(lng('File extension is not allowed'), 'error');
}
} else {
fm_set_msg(sprintf(lng('File').' <b>%s</b> '.lng('already exists'), fm_enc($new)), 'alert');
}
} else {
if (fm_mkdir($path . '/' . $new, false) === true) {
fm_set_msg(sprintf(lng('Folder').' <b>%s</b> '.lng('Created'), $new));
} elseif (fm_mkdir($path . '/' . $new, false) === $path . '/' . $new) {
fm_set_msg(sprintf(lng('Folder').' <b>%s</b> '.lng('already exists'), fm_enc($new)), 'alert');
} else {
fm_set_msg(sprintf(lng('Folder').' <b>%s</b> '.lng('not created'), fm_enc($new)), 'error');
}
}
} else {
fm_set_msg(lng('Invalid characters in file or folder name'), 'error');
}
$FM_PATH=FM_PATH; fm_redirect(FM_SELF_URL . '?p=' . urlencode($FM_PATH));
}
// Copy folder / file
if (isset($_GET['copy'], $_GET['finish']) && !FM_READONLY) {
// from
$copy = urldecode($_GET['copy']);
$copy = fm_clean_path($copy);
// empty path
if ($copy == '') {
fm_set_msg(lng('Source path not defined'), 'error');
$FM_PATH=FM_PATH; fm_redirect(FM_SELF_URL . '?p=' . urlencode($FM_PATH));
}
// abs path from
$from = FM_ROOT_PATH . '/' . $copy;
// abs path to
$dest = FM_ROOT_PATH;
if (FM_PATH != '') {
$dest .= '/' . FM_PATH;
}
$dest .= '/' . basename($from);
// move?
$move = isset($_GET['move']);
$move = fm_clean_path(urldecode($move));
// copy/move/duplicate
if ($from != $dest) {
$msg_from = trim(FM_PATH . '/' . basename($from), '/');
if ($move) { // Move and to != from so just perform move
$rename = fm_rename($from, $dest);
if ($rename) {
fm_set_msg(sprintf(lng('Moved from').' <b>%s</b> '.lng('to').' <b>%s</b>', fm_enc($copy), fm_enc($msg_from)));
} elseif ($rename === null) {
fm_set_msg(lng('File or folder with this path already exists'), 'alert');
} else {
fm_set_msg(sprintf(lng('Error while moving from').' <b>%s</b> '.lng('to').' <b>%s</b>', fm_enc($copy), fm_enc($msg_from)), 'error');
}
} else { // Not move and to != from so copy with original name
if (fm_rcopy($from, $dest)) {
fm_set_msg(sprintf(lng('Copied from').' <b>%s</b> '.lng('to').' <b>%s</b>', fm_enc($copy), fm_enc($msg_from)));
} else {
fm_set_msg(sprintf(lng('Error while copying from').' <b>%s</b> '.lng('to').' <b>%s</b>', fm_enc($copy), fm_enc($msg_from)), 'error');
}
}
} else {
if (!$move){ //Not move and to = from so duplicate
$msg_from = trim(FM_PATH . '/' . basename($from), '/');
$fn_parts = pathinfo($from);
$extension_suffix = '';
if(!is_dir($from)){
$extension_suffix = '.'.$fn_parts['extension'];
}
//Create new name for duplicate
$fn_duplicate = $fn_parts['dirname'].'/'.$fn_parts['filename'].'-'.date('YmdHis').$extension_suffix;
$loop_count = 0;
$max_loop = 1000;
// Check if a file with the duplicate name already exists, if so, make new name (edge case...)
while(file_exists($fn_duplicate) & $loop_count < $max_loop){
$fn_parts = pathinfo($fn_duplicate);
$fn_duplicate = $fn_parts['dirname'].'/'.$fn_parts['filename'].'-copy'.$extension_suffix;
$loop_count++;
}
if (fm_rcopy($from, $fn_duplicate, False)) {
fm_set_msg(sprintf('Copyied from <b>%s</b> to <b>%s</b>', fm_enc($copy), fm_enc($fn_duplicate)));
} else {
fm_set_msg(sprintf('Error while copying from <b>%s</b> to <b>%s</b>', fm_enc($copy), fm_enc($fn_duplicate)), 'error');
}
}
else{
fm_set_msg(lng('Paths must be not equal'), 'alert');
}
}
$FM_PATH=FM_PATH; fm_redirect(FM_SELF_URL . '?p=' . urlencode($FM_PATH));
}
// Mass copy files/ folders
if (isset($_POST['file'], $_POST['copy_to'], $_POST['finish'], $_POST['token']) && !FM_READONLY) {
if(!verifyToken($_POST['token'])) {
fm_set_msg(lng('Invalid Token.'), 'error');
}
// from
$path = FM_ROOT_PATH;
if (FM_PATH != '') {
$path .= '/' . FM_PATH;
}
// to
$copy_to_path = FM_ROOT_PATH;
$copy_to = fm_clean_path($_POST['copy_to']);
if ($copy_to != '') {
$copy_to_path .= '/' . $copy_to;
}
if ($path == $copy_to_path) {
fm_set_msg(lng('Paths must be not equal'), 'alert');
$FM_PATH=FM_PATH; fm_redirect(FM_SELF_URL . '?p=' . urlencode($FM_PATH));
}
if (!is_dir($copy_to_path)) {
if (!fm_mkdir($copy_to_path, true)) {
fm_set_msg('Unable to create destination folder', 'error');
$FM_PATH=FM_PATH; fm_redirect(FM_SELF_URL . '?p=' . urlencode($FM_PATH));
}
}
// move?
$move = isset($_POST['move']);
// copy/move
$errors = 0;
$files = $_POST['file'];
if (is_array($files) && count($files)) {
foreach ($files as $f) {
if ($f != '') {
$f = fm_clean_path($f);
// abs path from
$from = $path . '/' . $f;
// abs path to
$dest = $copy_to_path . '/' . $f;
// do
if ($move) {
$rename = fm_rename($from, $dest);
if ($rename === false) {
$errors++;
}
} else {
if (!fm_rcopy($from, $dest)) {
$errors++;
}
}
}
}
if ($errors == 0) {
$msg = $move ? 'Selected files and folders moved' : 'Selected files and folders copied';
fm_set_msg($msg);
} else {
$msg = $move ? 'Error while moving items' : 'Error while copying items';
fm_set_msg($msg, 'error');
}
} else {
fm_set_msg(lng('Nothing selected'), 'alert');
}
$FM_PATH=FM_PATH; fm_redirect(FM_SELF_URL . '?p=' . urlencode($FM_PATH));
}
// Rename
if (isset($_POST['rename_from'], $_POST['rename_to'], $_POST['token']) && !FM_READONLY) {
if(!verifyToken($_POST['token'])) {
fm_set_msg("Invalid Token.", 'error');
}
// old name
$old = urldecode($_POST['rename_from']);
$old = fm_clean_path($old);
$old = str_replace('/', '', $old);
// new name
$new = urldecode($_POST['rename_to']);
$new = fm_clean_path(strip_tags($new));
$new = str_replace('/', '', $new);
// path
$path = FM_ROOT_PATH;
if (FM_PATH != '') {
$path .= '/' . FM_PATH;
}
// rename
if (fm_isvalid_filename($new) && $old != '' && $new != '') {
if (fm_rename($path . '/' . $old, $path . '/' . $new)) {
fm_set_msg(sprintf(lng('Renamed from').' <b>%s</b> '. lng('to').' <b>%s</b>', fm_enc($old), fm_enc($new)));
} else {
fm_set_msg(sprintf(lng('Error while renaming from').' <b>%s</b> '. lng('to').' <b>%s</b>', fm_enc($old), fm_enc($new)), 'error');
}
} else {
fm_set_msg(lng('Invalid characters in file name'), 'error');
}
$FM_PATH=FM_PATH; fm_redirect(FM_SELF_URL . '?p=' . urlencode($FM_PATH));
}
// Download
if (isset($_GET['dl'], $_POST['token'])) {
if(!verifyToken($_POST['token'])) {
fm_set_msg("Invalid Token.", 'error');
}
$dl = urldecode($_GET['dl']);
$dl = fm_clean_path($dl);
$dl = str_replace('/', '', $dl);
$path = FM_ROOT_PATH;
if (FM_PATH != '') {
$path .= '/' . FM_PATH;
}
if ($dl != '' && is_file($path . '/' . $dl)) {
fm_download_file($path . '/' . $dl, $dl, 1024);
exit;
} else {
fm_set_msg(lng('File not found'), 'error');
$FM_PATH=FM_PATH; fm_redirect(FM_SELF_URL . '?p=' . urlencode($FM_PATH));
}
}
// Upload
if (!empty($_FILES) && !FM_READONLY) {
if(isset($_POST['token'])) {
if(!verifyToken($_POST['token'])) {
$response = array ('status' => 'error','info' => "Invalid Token.");
echo json_encode($response); exit();
}
} else {
$response = array ('status' => 'error','info' => "Token Missing.");
echo json_encode($response); exit();
}
$override_file_name = false;
$chunkIndex = $_POST['dzchunkindex'];
$chunkTotal = $_POST['dztotalchunkcount'];
$fullPathInput = fm_clean_path($_REQUEST['fullpath']);
$f = $_FILES;
$path = FM_ROOT_PATH;
$ds = DIRECTORY_SEPARATOR;
if (FM_PATH != '') {
$path .= '/' . FM_PATH;
}
$errors = 0;
$uploads = 0;
$allowed = (FM_UPLOAD_EXTENSION) ? explode(',', FM_UPLOAD_EXTENSION) : false;
$response = array (
'status' => 'error',
'info' => 'Oops! Try again'
);
$filename = $f['file']['name'];
$tmp_name = $f['file']['tmp_name'];
$ext = pathinfo($filename, PATHINFO_FILENAME) != '' ? strtolower(pathinfo($filename, PATHINFO_EXTENSION)) : '';
$isFileAllowed = ($allowed) ? in_array($ext, $allowed) : true;
if(!fm_isvalid_filename($filename) && !fm_isvalid_filename($fullPathInput)) {
$response = array (
'status' => 'error',
'info' => "Invalid File name!",
);
echo json_encode($response); exit();
}
$targetPath = $path . $ds;
if ( is_writable($targetPath) ) {
$fullPath = $path . '/' . basename($fullPathInput);
$folder = substr($fullPath, 0, strrpos($fullPath, "/"));
if(file_exists ($fullPath) && !$override_file_name && !$chunks) {
$ext_1 = $ext ? '.'.$ext : '';
$fullPath = $path . '/' . basename($fullPathInput, $ext_1) .'_'. date('ymdHis'). $ext_1;
}
if (!is_dir($folder)) {
$old = umask(0);
mkdir($folder, 0777, true);
umask($old);
}
if (empty($f['file']['error']) && !empty($tmp_name) && $tmp_name != 'none' && $isFileAllowed) {
if ($chunkTotal){
$out = @fopen("{$fullPath}.part", $chunkIndex == 0 ? "wb" : "ab");
if ($out) {
$in = @fopen($tmp_name, "rb");
if ($in) {
while ($buff = fread($in, 4096)) { fwrite($out, $buff); }
$response = array (
'status' => 'success',
'info' => "file upload successful"
);
} else {
$response = array (
'status' => 'error',
'info' => "failed to open output stream",
'errorDetails' => error_get_last()
);
}
@fclose($in);
@fclose($out);
@unlink($tmp_name);
$response = array (
'status' => 'success',
'info' => "file upload successful"
);
} else {
$response = array (
'status' => 'error',
'info' => "failed to open output stream"
);
}
if ($chunkIndex == $chunkTotal - 1) {
rename("{$fullPath}.part", $fullPath);
}
} else if (move_uploaded_file($tmp_name, $fullPath)) {
// Be sure that the file has been uploaded
if ( file_exists($fullPath) ) {
$response = array (
'status' => 'success',
'info' => "file upload successful"
);
} else {
$response = array (
'status' => 'error',
'info' => 'Couldn\'t upload the requested file.'
);
}
} else {
$response = array (
'status' => 'error',
'info' => "Error while uploading files. Uploaded files $uploads",
);
}
}
} else {
$response = array (
'status' => 'error',
'info' => 'The specified folder for upload isn\'t writeable.'
);
}
// Return the response
echo json_encode($response);
exit();
}
// Mass deleting
if (isset($_POST['group'], $_POST['delete'], $_POST['token']) && !FM_READONLY) {
if(!verifyToken($_POST['token'])) {
fm_set_msg(lng("Invalid Token."), 'error');
}
$path = FM_ROOT_PATH;
if (FM_PATH != '') {
$path .= '/' . FM_PATH;
}
$errors = 0;
$files = $_POST['file'];
if (is_array($files) && count($files)) {
foreach ($files as $f) {
if ($f != '') {
$new_path = $path . '/' . $f;
if (!fm_rdelete($new_path)) {
$errors++;
}
}
}
if ($errors == 0) {
fm_set_msg(lng('Selected files and folder deleted'));
} else {
fm_set_msg(lng('Error while deleting items'), 'error');
}
} else {
fm_set_msg(lng('Nothing selected'), 'alert');
}
$FM_PATH=FM_PATH; fm_redirect(FM_SELF_URL . '?p=' . urlencode($FM_PATH));
}
// Pack files zip, tar
if (isset($_POST['group'], $_POST['token']) && (isset($_POST['zip']) || isset($_POST['tar'])) && !FM_READONLY) {
if(!verifyToken($_POST['token'])) {
fm_set_msg(lng("Invalid Token."), 'error');
}
$path = FM_ROOT_PATH;
$ext = 'zip';
if (FM_PATH != '') {
$path .= '/' . FM_PATH;
}
//set pack type
$ext = isset($_POST['tar']) ? 'tar' : 'zip';
if (($ext == "zip" && !class_exists('ZipArchive')) || ($ext == "tar" && !class_exists('PharData'))) {
fm_set_msg(lng('Operations with archives are not available'), 'error');
$FM_PATH=FM_PATH; fm_redirect(FM_SELF_URL . '?p=' . urlencode($FM_PATH));
}
$files = $_POST['file'];
if (!empty($files)) {
chdir($path);
if (count($files) == 1) {
$one_file = reset($files);
$one_file = basename($one_file);
$zipname = $one_file . '_' . date('ymd_His') . '.'.$ext;
} else {
$zipname = 'archive_' . date('ymd_His') . '.'.$ext;
}
if($ext == 'zip') {
$zipper = new FM_Zipper();
$res = $zipper->create($zipname, $files);
} elseif ($ext == 'tar') {
$tar = new FM_Zipper_Tar();
$res = $tar->create($zipname, $files);
}
if ($res) {
fm_set_msg(sprintf(lng('Archive').' <b>%s</b> '.lng('Created'), fm_enc($zipname)));
} else {
fm_set_msg(lng('Archive not created'), 'error');
}
} else {
fm_set_msg(lng('Nothing selected'), 'alert');
}
$FM_PATH=FM_PATH; fm_redirect(FM_SELF_URL . '?p=' . urlencode($FM_PATH));
}
// Unpack zip, tar
if (isset($_POST['unzip'], $_POST['token']) && !FM_READONLY) {
if(!verifyToken($_POST['token'])) {
fm_set_msg(lng("Invalid Token."), 'error');
}
$unzip = urldecode($_POST['unzip']);
$unzip = fm_clean_path($unzip);
$unzip = str_replace('/', '', $unzip);
$isValid = false;
$path = FM_ROOT_PATH;
if (FM_PATH != '') {
$path .= '/' . FM_PATH;
}
if ($unzip != '' && is_file($path . '/' . $unzip)) {
$zip_path = $path . '/' . $unzip;
$ext = pathinfo($zip_path, PATHINFO_EXTENSION);
$isValid = true;
} else {
fm_set_msg(lng('File not found'), 'error');
}
if (($ext == "zip" && !class_exists('ZipArchive')) || ($ext == "tar" && !class_exists('PharData'))) {
fm_set_msg(lng('Operations with archives are not available'), 'error');
$FM_PATH=FM_PATH; fm_redirect(FM_SELF_URL . '?p=' . urlencode($FM_PATH));
}
if ($isValid) {
//to folder
$tofolder = '';
if (isset($_POST['tofolder'])) {
$tofolder = pathinfo($zip_path, PATHINFO_FILENAME);
if (fm_mkdir($path . '/' . $tofolder, true)) {
$path .= '/' . $tofolder;
}
}
if($ext == "zip") {
$zipper = new FM_Zipper();
$res = $zipper->unzip($zip_path, $path);
} elseif ($ext == "tar") {
try {
$gzipper = new PharData($zip_path);
if (@$gzipper->extractTo($path,null, true)) {
$res = true;
} else {
$res = false;
}
} catch (Exception $e) {
//TODO:: need to handle the error
$res = true;
}
}
if ($res) {
fm_set_msg(lng('Archive unpacked'));
} else {
fm_set_msg(lng('Archive not unpacked'), 'error');
}
} else {
fm_set_msg(lng('File not found'), 'error');
}
$FM_PATH=FM_PATH; fm_redirect(FM_SELF_URL . '?p=' . urlencode($FM_PATH));
}
// Change Perms (not for Windows)
if (isset($_POST['chmod'], $_POST['token']) && !FM_READONLY && !FM_IS_WIN) {
if(!verifyToken($_POST['token'])) {
fm_set_msg(lng("Invalid Token."), 'error');
}
$path = FM_ROOT_PATH;
if (FM_PATH != '') {
$path .= '/' . FM_PATH;
}
$file = $_POST['chmod'];
$file = fm_clean_path($file);
$file = str_replace('/', '', $file);
if ($file == '' || (!is_file($path . '/' . $file) && !is_dir($path . '/' . $file))) {
fm_set_msg(lng('File not found'), 'error');
$FM_PATH=FM_PATH; fm_redirect(FM_SELF_URL . '?p=' . urlencode($FM_PATH));
}
$mode = 0;
if (!empty($_POST['ur'])) {
$mode |= 0400;
}
if (!empty($_POST['uw'])) {
$mode |= 0200;
}
if (!empty($_POST['ux'])) {
$mode |= 0100;
}
if (!empty($_POST['gr'])) {
$mode |= 0040;
}
if (!empty($_POST['gw'])) {
$mode |= 0020;
}
if (!empty($_POST['gx'])) {
$mode |= 0010;
}
if (!empty($_POST['or'])) {
$mode |= 0004;
}
if (!empty($_POST['ow'])) {
$mode |= 0002;
}
if (!empty($_POST['ox'])) {
$mode |= 0001;
}
if (@chmod($path . '/' . $file, $mode)) {
fm_set_msg(lng('Permissions changed'));
} else {
fm_set_msg(lng('Permissions not changed'), 'error');
}
$FM_PATH=FM_PATH; fm_redirect(FM_SELF_URL . '?p=' . urlencode($FM_PATH));
}
/*************************** ACTIONS ***************************/
// get current path
$path = FM_ROOT_PATH;
if (FM_PATH != '') {
$path .= '/' . FM_PATH;
}
// check path
if (!is_dir($path)) {
fm_redirect(FM_SELF_URL . '?p=');
}
// get parent folder
$parent = fm_get_parent_path(FM_PATH);
$objects = is_readable($path) ? scandir($path) : array();
$folders = array();
$files = array();
$current_path = array_slice(explode("/",$path), -1)[0];
if (is_array($objects) && fm_is_exclude_items($current_path)) {
foreach ($objects as $file) {
if ($file == '.' || $file == '..') {
continue;
}
if (!FM_SHOW_HIDDEN && substr($file, 0, 1) === '.') {
continue;
}
$new_path = $path . '/' . $file;
if (@is_file($new_path) && fm_is_exclude_items($file)) {
$files[] = $file;
} elseif (@is_dir($new_path) && $file != '.' && $file != '..' && fm_is_exclude_items($file)) {
$folders[] = $file;
}
}
}
if (!empty($files)) {
natcasesort($files);
}
if (!empty($folders)) {
natcasesort($folders);
}
// upload form
if (isset($_GET['upload']) && !FM_READONLY) {
fm_show_header(); // HEADER
fm_show_nav_path(FM_PATH); // current path
//get the allowed file extensions
function getUploadExt() {
$extArr = explode(',', FM_UPLOAD_EXTENSION);
if(FM_UPLOAD_EXTENSION && $extArr) {
array_walk($extArr, function(&$x) {$x = ".$x";});
return implode(',', $extArr);
}
return '';
}
?>
<link href="https://cdnjs.cloudflare.com/ajax/libs/dropzone/5.9.3/min/dropzone.min.css" rel="stylesheet">
<div class="path">
<div class="card mb-2 fm-upload-wrapper <?php echo fm_get_theme(); ?>">
<div class="card-header">
<ul class="nav nav-tabs card-header-tabs">
<li class="nav-item">
<a class="nav-link active" href="#fileUploader" data-target="#fileUploader"><i class="fa fa-arrow-circle-o-up"></i> <?php echo lng('UploadingFiles') ?></a>
</li>
<li class="nav-item">
<a class="nav-link" href="#urlUploader" class="js-url-upload" data-target="#urlUploader"><i class="fa fa-link"></i> <?php echo lng('Upload from URL') ?></a>
</li>
</ul>
</div>
<div class="card-body">
<p class="card-text">
<a href="?p=<?php echo FM_PATH ?>" class="float-right"><i class="fa fa-chevron-circle-left go-back"></i> <?php echo lng('Back')?></a>
<strong><?php echo lng('DestinationFolder') ?></strong>: <?php echo fm_enc(fm_convert_win(FM_PATH)) ?>
</p>
<form action="<?php echo htmlspecialchars(FM_SELF_URL) . '?p=' . fm_enc(FM_PATH) ?>" class="dropzone card-tabs-container" id="fileUploader" enctype="multipart/form-data">
<input type="hidden" name="p" value="<?php echo fm_enc(FM_PATH) ?>">
<input type="hidden" name="fullpath" id="fullpath" value="<?php echo fm_enc(FM_PATH) ?>">
<input type="hidden" name="token" value="<?php echo $_SESSION['token']; ?>">
<div class="fallback">
<input name="file" type="file" multiple/>
</div>
</form>
<div class="upload-url-wrapper card-tabs-container hidden" id="urlUploader">
<form id="js-form-url-upload" class="row row-cols-lg-auto g-3 align-items-center" onsubmit="return upload_from_url(this);" method="POST" action="">
<input type="hidden" name="type" value="upload" aria-label="hidden" aria-hidden="true">
<input type="url" placeholder="URL" name="uploadurl" required class="form-control" style="width: 80%">
<input type="hidden" name="token" value="<?php echo $_SESSION['token']; ?>">
<button type="submit" class="btn btn-primary ms-3"><?php echo lng('Upload') ?></button>
<div class="lds-facebook"><div></div><div></div><div></div></div>
</form>
<div id="js-url-upload__list" class="col-9 mt-3"></div>
</div>
</div>
</div>
</div>
<script src="https://cdnjs.cloudflare.com/ajax/libs/dropzone/5.9.3/min/dropzone.min.js"></script>
<script>
Dropzone.options.fileUploader = {
chunking: true,
chunkSize: 2000000, // chunk size 2,000,000 bytes (~2MB)
forceChunking: true,
retryChunks: true,
retryChunksLimit: 3,
parallelUploads: 1,
parallelChunkUploads: false,
timeout: 120000,
maxFilesize: "<?php echo MAX_UPLOAD_SIZE; ?>",
acceptedFiles : "<?php echo getUploadExt() ?>",
init: function () {
this.on("sending", function (file, xhr, formData) {
let _path = (file.fullPath) ? file.fullPath : file.name;
document.getElementById("fullpath").value = _path;
xhr.ontimeout = (function() {
toast('Error: Server Timeout');
});
}).on("success", function (res) {
let _response = JSON.parse(res.xhr.response);
if(_response.status == "error") {
toast(_response.info);
}
}).on("error", function(file, response) {
toast(response);
});
}
}
</script>
<?php
fm_show_footer();
exit;
}
// copy form POST
if (isset($_POST['copy']) && !FM_READONLY) {
$copy_files = isset($_POST['file']) ? $_POST['file'] : null;
if (!is_array($copy_files) || empty($copy_files)) {
fm_set_msg(lng('Nothing selected'), 'alert');
$FM_PATH=FM_PATH; fm_redirect(FM_SELF_URL . '?p=' . urlencode($FM_PATH));
}
fm_show_header(); // HEADER
fm_show_nav_path(FM_PATH); // current path
?>
<div class="path">
<div class="card <?php echo fm_get_theme(); ?>">
<div class="card-header">
<h6><?php echo lng('Copying') ?></h6>
</div>
<div class="card-body">
<form action="" method="post">
<input type="hidden" name="p" value="<?php echo fm_enc(FM_PATH) ?>">
<input type="hidden" name="finish" value="1">
<?php
foreach ($copy_files as $cf) {
echo '<input type="hidden" name="file[]" value="' . fm_enc($cf) . '">' . PHP_EOL;
}
?>
<p class="break-word"><strong><?php echo lng('Files') ?></strong>: <b><?php echo implode('</b>, <b>', $copy_files) ?></b></p>
<p class="break-word"><strong><?php echo lng('SourceFolder') ?></strong>: <?php echo fm_enc(fm_convert_win(FM_ROOT_PATH . '/' . FM_PATH)) ?><br>
<label for="inp_copy_to"><strong><?php echo lng('DestinationFolder') ?></strong>:</label>
<?php echo FM_ROOT_PATH ?>/<input type="text" name="copy_to" id="inp_copy_to" value="<?php echo fm_enc(FM_PATH) ?>">
</p>
<p class="custom-checkbox custom-control"><input type="checkbox" name="move" value="1" id="js-move-files" class="custom-control-input"><label for="js-move-files" class="custom-control-label ms-2"> <?php echo lng('Move') ?></label></p>
<p>
<b><a href="?p=<?php echo urlencode(FM_PATH) ?>" class="btn btn-outline-danger"><i class="fa fa-times-circle"></i> <?php echo lng('Cancel') ?></a></b> 
<input type="hidden" name="token" value="<?php echo $_SESSION['token']; ?>">
<button type="submit" class="btn btn-success"><i class="fa fa-check-circle"></i> <?php echo lng('Copy') ?></button>
</p>
</form>
</div>
</div>
</div>
<?php
fm_show_footer();
exit;
}
// copy form
if (isset($_GET['copy']) && !isset($_GET['finish']) && !FM_READONLY) {
$copy = $_GET['copy'];
$copy = fm_clean_path($copy);
if ($copy == '' || !file_exists(FM_ROOT_PATH . '/' . $copy)) {
fm_set_msg(lng('File not found'), 'error');
$FM_PATH=FM_PATH; fm_redirect(FM_SELF_URL . '?p=' . urlencode($FM_PATH));
}
fm_show_header(); // HEADER
fm_show_nav_path(FM_PATH); // current path
?>
<div class="path">
<p><b>Copying</b></p>
<p class="break-word">
<strong>Source path:</strong> <?php echo fm_enc(fm_convert_win(FM_ROOT_PATH . '/' . $copy)) ?><br>
<strong>Destination folder:</strong> <?php echo fm_enc(fm_convert_win(FM_ROOT_PATH . '/' . FM_PATH)) ?>
</p>
<p>
<b><a href="?p=<?php echo urlencode(FM_PATH) ?>&copy=<?php echo urlencode($copy) ?>&finish=1"><i class="fa fa-check-circle"></i> Copy</a></b>  
<b><a href="?p=<?php echo urlencode(FM_PATH) ?>&copy=<?php echo urlencode($copy) ?>&finish=1&move=1"><i class="fa fa-check-circle"></i> Move</a></b>  
<b><a href="?p=<?php echo urlencode(FM_PATH) ?>" class="text-danger"><i class="fa fa-times-circle"></i> Cancel</a></b>
</p>
<p><i><?php echo lng('Select folder') ?></i></p>
<ul class="folders break-word">
<?php
if ($parent !== false) {
?>
<li><a href="?p=<?php echo urlencode($parent) ?>&copy=<?php echo urlencode($copy) ?>"><i class="fa fa-chevron-circle-left"></i> ..</a></li>
<?php
}
foreach ($folders as $f) {
?>
<li>
<a href="?p=<?php echo urlencode(trim(FM_PATH . '/' . $f, '/')) ?>&copy=<?php echo urlencode($copy) ?>"><i class="fa fa-folder-o"></i> <?php echo fm_convert_win($f) ?></a></li>
<?php
}
?>
</ul>
</div>
<?php
fm_show_footer();
exit;
}
if (isset($_GET['settings']) && !FM_READONLY) {
fm_show_header(); // HEADER
fm_show_nav_path(FM_PATH); // current path
global $cfg, $lang, $lang_list;
?>
<div class="col-md-8 offset-md-2 pt-3">
<div class="card mb-2 <?php echo fm_get_theme(); ?>">
<h6 class="card-header d-flex justify-content-between">
<span><i class="fa fa-cog"></i> <?php echo lng('Settings') ?></span>
<a href="?p=<?php echo FM_PATH ?>" class="text-danger"><i class="fa fa-times-circle-o"></i> <?php echo lng('Cancel')?></a>
</h6>
<div class="card-body">
<form id="js-settings-form" action="" method="post" data-type="ajax" onsubmit="return save_settings(this)">
<input type="hidden" name="type" value="settings" aria-label="hidden" aria-hidden="true">
<div class="form-group row">
<label for="js-language" class="col-sm-3 col-form-label"><?php echo lng('Language') ?></label>
<div class="col-sm-5">
<select class="form-select" id="js-language" name="js-language">
<?php
function getSelected($l) {
global $lang;
return ($lang == $l) ? 'selected' : '';
}
foreach ($lang_list as $k => $v) {
echo "<option value='$k' ".getSelected($k).">$v</option>";
}
?>
</select>
</div>
</div>
<div class="mt-3 mb-3 row ">
<label for="js-error-report" class="col-sm-3 col-form-label"><?php echo lng('ErrorReporting') ?></label>
<div class="col-sm-9">
<div class="form-check form-switch">
<input class="form-check-input" type="checkbox" role="switch" id="js-error-report" name="js-error-report" value="true" <?php echo $report_errors ? 'checked' : ''; ?> />
</div>
</div>
</div>
<div class="mb-3 row">
<label for="js-show-hidden" class="col-sm-3 col-form-label"><?php echo lng('ShowHiddenFiles') ?></label>
<div class="col-sm-9">
<div class="form-check form-switch">
<input class="form-check-input" type="checkbox" role="switch" id="js-show-hidden" name="js-show-hidden" value="true" <?php echo $show_hidden_files ? 'checked' : ''; ?> />
</div>
</div>
</div>
<div class="mb-3 row">
<label for="js-hide-cols" class="col-sm-3 col-form-label"><?php echo lng('HideColumns') ?></label>
<div class="col-sm-9">
<div class="form-check form-switch">
<input class="form-check-input" type="checkbox" role="switch" id="js-hide-cols" name="js-hide-cols" value="true" <?php echo $hide_Cols ? 'checked' : ''; ?> />
</div>
</div>
</div>
<div class="mb-3 row">
<label for="js-3-1" class="col-sm-3 col-form-label"><?php echo lng('Theme') ?></label>
<div class="col-sm-5">
<select class="form-select w-100" id="js-3-0" name="js-theme-3">
<option value='light' <?php if($theme == "light"){echo "selected";} ?>><?php echo lng('light') ?></option>
<option value='dark' <?php if($theme == "dark"){echo "selected";} ?>><?php echo lng('dark') ?></option>
</select>
</div>
</div>
<div class="mb-3 row">
<div class="col-sm-10">
<button type="submit" class="btn btn-success"> <i class="fa fa-check-circle"></i> <?php echo lng('Save'); ?></button>
</div>
</div>
</form>
</div>
</div>
</div>
<?php
fm_show_footer();
exit;
}
if (isset($_GET['help'])) {
fm_show_header(); // HEADER
fm_show_nav_path(FM_PATH); // current path
global $cfg, $lang;
?>
<div class="col-md-8 offset-md-2 pt-3">
<div class="card mb-2 <?php echo fm_get_theme(); ?>">
<h6 class="card-header d-flex justify-content-between">
<span><i class="fa fa-exclamation-circle"></i> <?php echo lng('Help') ?></span>
<a href="?p=<?php echo FM_PATH ?>" class="text-danger"><i class="fa fa-times-circle-o"></i> <?php echo lng('Cancel')?></a>
</h6>
<div class="card-body">
<div class="row">
<div class="col-xs-12 col-sm-6">
<p><h3><a href="https://github.com/prasathmani/tinyfilemanager" target="_blank" class="app-v-title"> Tiny File Manager <?php echo VERSION; ?></a></h3></p>
<p>Author: Prasath Mani</p>
<p>Mail Us: <a href="mailto:ccpprogrammers@gmail.com">ccpprogrammers[at]gmail.com</a> </p>
</div>
<div class="col-xs-12 col-sm-6">
<div class="card">
<ul class="list-group list-group-flush">
<li class="list-group-item"><a href="https://github.com/prasathmani/tinyfilemanager/wiki" target="_blank"><i class="fa fa-question-circle"></i> <?php echo lng('Help Documents') ?> </a> </li>
<li class="list-group-item"><a href="https://github.com/prasathmani/tinyfilemanager/issues" target="_blank"><i class="fa fa-bug"></i> <?php echo lng('Report Issue') ?></a></li>
<?php if(!FM_READONLY) { ?>
<li class="list-group-item"><a href="javascript:show_new_pwd();"><i class="fa fa-lock"></i> <?php echo lng('Generate new password hash') ?></a></li>
<?php } ?>
</ul>
</div>
</div>
</div>
<div class="row js-new-pwd hidden mt-2">
<div class="col-12">
<form class="form-inline" onsubmit="return new_password_hash(this)" method="POST" action="">
<input type="hidden" name="type" value="pwdhash" aria-label="hidden" aria-hidden="true">
<div class="form-group mb-2">
<label for="staticEmail2"><?php echo lng('Generate new password hash') ?></label>
</div>
<div class="form-group mx-sm-3 mb-2">
<label for="inputPassword2" class="sr-only"><?php echo lng('Password') ?></label>
<input type="text" class="form-control btn-sm" id="inputPassword2" name="inputPassword2" placeholder="<?php echo lng('Password') ?>" required>
</div>
<button type="submit" class="btn btn-success btn-sm mb-2"><?php echo lng('Generate') ?></button>
</form>
<textarea class="form-control" rows="2" readonly id="js-pwd-result"></textarea>
</div>
</div>
</div>
</div>
</div>
<?php
fm_show_footer();
exit;
}
// file viewer
if (isset($_GET['view'])) {
$file = $_GET['view'];
$file = fm_clean_path($file, false);
$file = str_replace('/', '', $file);
if ($file == '' || !is_file($path . '/' . $file) || in_array($file, $GLOBALS['exclude_items'])) {
fm_set_msg(lng('File not found'), 'error');
$FM_PATH=FM_PATH; fm_redirect(FM_SELF_URL . '?p=' . urlencode($FM_PATH));
}
fm_show_header(); // HEADER
fm_show_nav_path(FM_PATH); // current path
$file_url = FM_ROOT_URL . fm_convert_win((FM_PATH != '' ? '/' . FM_PATH : '') . '/' . $file);
$file_path = $path . '/' . $file;
$ext = strtolower(pathinfo($file_path, PATHINFO_EXTENSION));
$mime_type = fm_get_mime_type($file_path);
$filesize_raw = fm_get_size($file_path);
$filesize = fm_get_filesize($filesize_raw);
$is_zip = false;
$is_gzip = false;
$is_image = false;
$is_audio = false;
$is_video = false;
$is_text = false;
$is_onlineViewer = false;
$view_title = 'File';
$filenames = false; // for zip
$content = ''; // for text
$online_viewer = strtolower(FM_DOC_VIEWER);
if($online_viewer && $online_viewer !== 'false' && in_array($ext, fm_get_onlineViewer_exts())){
$is_onlineViewer = true;
}
elseif ($ext == 'zip' || $ext == 'tar') {
$is_zip = true;
$view_title = 'Archive';
$filenames = fm_get_zif_info($file_path, $ext);
} elseif (in_array($ext, fm_get_image_exts())) {
$is_image = true;
$view_title = 'Image';
} elseif (in_array($ext, fm_get_audio_exts())) {
$is_audio = true;
$view_title = 'Audio';
} elseif (in_array($ext, fm_get_video_exts())) {
$is_video = true;
$view_title = 'Video';
} elseif (in_array($ext, fm_get_text_exts()) || substr($mime_type, 0, 4) == 'text' || in_array($mime_type, fm_get_text_mimes())) {
$is_text = true;
$content = file_get_contents($file_path);
}
?>
<div class="row">
<div class="col-12">
<p class="break-word"><b><?php echo lng($view_title) ?> "<?php echo fm_enc(fm_convert_win($file)) ?>"</b></p>
<p class="break-word">
<strong>Full path:</strong> <?php echo fm_enc(fm_convert_win($file_path)) ?><br>
<strong>File size:</strong> <?php echo ($filesize_raw <= 1000) ? "$filesize_raw bytes" : $filesize; ?><br>
<strong>MIME-type:</strong> <?php echo $mime_type ?><br>
<?php
// ZIP info
if (($is_zip || $is_gzip) && $filenames !== false) {
$total_files = 0;
$total_comp = 0;
$total_uncomp = 0;
foreach ($filenames as $fn) {
if (!$fn['folder']) {
$total_files++;
}
$total_comp += $fn['compressed_size'];
$total_uncomp += $fn['filesize'];
}
?>
<?php echo lng('Files in archive') ?>: <?php echo $total_files ?><br>
<?php echo lng('Total size') ?>: <?php echo fm_get_filesize($total_uncomp) ?><br>
<?php echo lng('Size in archive') ?>: <?php echo fm_get_filesize($total_comp) ?><br>
<?php echo lng('Compression') ?>: <?php echo round(($total_comp / max($total_uncomp, 1)) * 100) ?>%<br>
<?php
}
// Image info
if ($is_image) {
$image_size = getimagesize($file_path);
echo lng('Image sizes').': ' . (isset($image_size[0]) ? $image_size[0] : '0') . ' x ' . (isset($image_size[1]) ? $image_size[1] : '0') . '<br>';
}
// Text info
if ($is_text) {
$is_utf8 = fm_is_utf8($content);
if (function_exists('iconv')) {
if (!$is_utf8) {
$content = iconv(FM_ICONV_INPUT_ENC, 'UTF-8//IGNORE', $content);
}
}
echo '<strong>'.lng('Charset').':</strong> ' . ($is_utf8 ? 'utf-8' : '8 bit') . '<br>';
}
?>
</p>
<div class="d-flex align-items-center mb-3">
<form method="post" class="d-inline ms-2" action="?p=<?php echo urlencode(FM_PATH) ?>&dl=<?php echo urlencode($file) ?>">
<input type="hidden" name="token" value="<?php echo $_SESSION['token']; ?>">
<button type="submit" class="btn btn-link text-decoration-none fw-bold p-0"><i class="fa fa-cloud-download"></i> <?php echo lng('Download') ?></button>  
</form>
<b class="ms-2"><a href="<?php echo fm_enc($file_url) ?>" target="_blank"><i class="fa fa-external-link-square"></i> <?php echo lng('Open') ?></a></b>
<?php
// ZIP actions
if (!FM_READONLY && ($is_zip || $is_gzip) && $filenames !== false) {
$zip_name = pathinfo($file_path, PATHINFO_FILENAME);
?>
<form method="post" class="d-inline ms-2">
<input type="hidden" name="token" value="<?php echo $_SESSION['token']; ?>">
<input type="hidden" name="unzip" value="<?php echo urlencode($file); ?>">
<button type="submit" class="btn btn-link text-decoration-none fw-bold p-0" style="font-size: 14px;"><i class="fa fa-check-circle"></i> <?php echo lng('UnZip') ?></button>
</form> 
<form method="post" class="d-inline ms-2">
<input type="hidden" name="token" value="<?php echo $_SESSION['token']; ?>">
<input type="hidden" name="unzip" value="<?php echo urlencode($file); ?>">
<input type="hidden" name="tofolder" value="1">
<button type="submit" class="btn btn-link text-decoration-none fw-bold p-0" style="font-size: 14px;" title="UnZip to <?php echo fm_enc($zip_name) ?>"><i class="fa fa-check-circle"></i> <?php echo lng('UnZipToFolder') ?></button>
</form> 
<?php
}
if ($is_text && !FM_READONLY) {
?>
<b class="ms-2"><a href="?p=<?php echo urlencode(trim(FM_PATH)) ?>&edit=<?php echo urlencode($file) ?>" class="edit-file"><i class="fa fa-pencil-square"></i> <?php echo lng('Edit') ?>
</a></b>  
<b class="ms-2"><a href="?p=<?php echo urlencode(trim(FM_PATH)) ?>&edit=<?php echo urlencode($file) ?>&env=ace"
class="edit-file"><i class="fa fa-pencil-square-o"></i> <?php echo lng('AdvancedEditor') ?>
</a></b>  
<?php } ?>
<b class="ms-2"><a href="?p=<?php echo urlencode(FM_PATH) ?>"><i class="fa fa-chevron-circle-left go-back"></i> <?php echo lng('Back') ?></a></b>
</div>
<?php
if($is_onlineViewer) {
if($online_viewer == 'google') {
echo '<iframe src="https://docs.google.com/viewer?embedded=true&hl=en&url=' . fm_enc($file_url) . '" frameborder="no" style="width:100%;min-height:460px"></iframe>';
} else if($online_viewer == 'microsoft') {
echo '<iframe src="https://view.officeapps.live.com/op/embed.aspx?src=' . fm_enc($file_url) . '" frameborder="no" style="width:100%;min-height:460px"></iframe>';
}
} elseif ($is_zip) {
// ZIP content
if ($filenames !== false) {
echo '<code class="maxheight">';
foreach ($filenames as $fn) {
if ($fn['folder']) {
echo '<b>' . fm_enc($fn['name']) . '</b><br>';
} else {
echo $fn['name'] . ' (' . fm_get_filesize($fn['filesize']) . ')<br>';
}
}
echo '</code>';
} else {
echo '<p>'.lng('Error while fetching archive info').'</p>';
}
} elseif ($is_image) {
// Image content
if (in_array($ext, array('gif', 'jpg', 'jpeg', 'png', 'bmp', 'ico', 'svg', 'webp', 'avif'))) {
echo '<p><img src="' . fm_enc($file_url) . '" alt="image" class="preview-img-container" class="preview-img"></p>';
}
} elseif ($is_audio) {
// Audio content
echo '<p><audio src="' . fm_enc($file_url) . '" controls preload="metadata"></audio></p>';
} elseif ($is_video) {
// Video content
echo '<div class="preview-video"><video src="' . fm_enc($file_url) . '" width="640" height="360" controls preload="metadata"></video></div>';
} elseif ($is_text) {
if (FM_USE_HIGHLIGHTJS) {
// highlight
$hljs_classes = array(
'shtml' => 'xml',
'htaccess' => 'apache',
'phtml' => 'php',
'lock' => 'json',
'svg' => 'xml',
);
$hljs_class = isset($hljs_classes[$ext]) ? 'lang-' . $hljs_classes[$ext] : 'lang-' . $ext;
if (empty($ext) || in_array(strtolower($file), fm_get_text_names()) || preg_match('#\.min\.(css|js)$#i', $file)) {
$hljs_class = 'nohighlight';
}
$content = '<pre class="with-hljs"><code class="' . $hljs_class . '">' . fm_enc($content) . '</code></pre>';
} elseif (in_array($ext, array('php', 'php4', 'php5', 'phtml', 'phps'))) {
// php highlight
$content = highlight_string($content, true);
} else {
$content = '<pre>' . fm_enc($content) . '</pre>';
}
echo $content;
}
?>
</div>
</div>
<?php
fm_show_footer();
exit;
}
// file editor
if (isset($_GET['edit']) && !FM_READONLY) {
$file = $_GET['edit'];
$file = fm_clean_path($file, false);
$file = str_replace('/', '', $file);
if ($file == '' || !is_file($path . '/' . $file) || in_array($file, $GLOBALS['exclude_items'])) {
fm_set_msg(lng('File not found'), 'error');
$FM_PATH=FM_PATH; fm_redirect(FM_SELF_URL . '?p=' . urlencode($FM_PATH));
}
$editFile = ' : <i><b>'. $file. '</b></i>';
header('X-XSS-Protection:0');
fm_show_header(); // HEADER
fm_show_nav_path(FM_PATH); // current path
$file_url = FM_ROOT_URL . fm_convert_win((FM_PATH != '' ? '/' . FM_PATH : '') . '/' . $file);
$file_path = $path . '/' . $file;
// normal editer
$isNormalEditor = true;
if (isset($_GET['env'])) {
if ($_GET['env'] == "ace") {
$isNormalEditor = false;
}
}
// Save File
if (isset($_POST['savedata'])) {
$writedata = $_POST['savedata'];
$fd = fopen($file_path, "w");
@fwrite($fd, $writedata);
fclose($fd);
fm_set_msg(lng('File Saved Successfully'));
}
$ext = strtolower(pathinfo($file_path, PATHINFO_EXTENSION));
$mime_type = fm_get_mime_type($file_path);
$filesize = filesize($file_path);
$is_text = false;
$content = ''; // for text
if (in_array($ext, fm_get_text_exts()) || substr($mime_type, 0, 4) == 'text' || in_array($mime_type, fm_get_text_mimes())) {
$is_text = true;
$content = file_get_contents($file_path);
}
?>
<div class="path">
<div class="row">
<div class="col-xs-12 col-sm-5 col-lg-6 pt-1">
<div class="btn-toolbar" role="toolbar">
<?php if (!$isNormalEditor) { ?>
<div class="btn-group js-ace-toolbar">
<button data-cmd="none" data-option="fullscreen" class="btn btn-sm btn-outline-secondary" id="js-ace-fullscreen" title="<?php echo lng('Fullscreen') ?>"><i class="fa fa-expand" title="<?php echo lng('Fullscreen') ?>"></i></button>
<button data-cmd="find" class="btn btn-sm btn-outline-secondary" id="js-ace-search" title="<?php echo lng('Search') ?>"><i class="fa fa-search" title="<?php echo lng('Search') ?>"></i></button>
<button data-cmd="undo" class="btn btn-sm btn-outline-secondary" id="js-ace-undo" title="<?php echo lng('Undo') ?>"><i class="fa fa-undo" title="<?php echo lng('Undo') ?>"></i></button>
<button data-cmd="redo" class="btn btn-sm btn-outline-secondary" id="js-ace-redo" title="<?php echo lng('Redo') ?>"><i class="fa fa-repeat" title="<?php echo lng('Redo') ?>"></i></button>
<button data-cmd="none" data-option="wrap" class="btn btn-sm btn-outline-secondary" id="js-ace-wordWrap" title="<?php echo lng('Word Wrap') ?>"><i class="fa fa-text-width" title="<?php echo lng('Word Wrap') ?>"></i></button>
<select id="js-ace-mode" data-type="mode" title="<?php echo lng('Select Document Type') ?>" class="btn-outline-secondary border-start-0 d-none d-md-block"><option>-- <?php echo lng('Select Mode') ?> --</option></select>
<select id="js-ace-theme" data-type="theme" title="<?php echo lng('Select Theme') ?>" class="btn-outline-secondary border-start-0 d-none d-lg-block"><option>-- <?php echo lng('Select Theme') ?> --</option></select>
<select id="js-ace-fontSize" data-type="fontSize" title="<?php echo lng('Select Font Size') ?>" class="btn-outline-secondary border-start-0 d-none d-lg-block"><option>-- <?php echo lng('Select Font Size') ?> --</option></select>
</div>
<?php } ?>
</div>
</div>
<div class="edit-file-actions col-xs-12 col-sm-7 col-lg-6 text-end pt-1">
<a title="<?php echo lng('Back') ?>" class="btn btn-sm btn-outline-primary" href="?p=<?php echo urlencode(trim(FM_PATH)) ?>&view=<?php echo urlencode($file) ?>"><i class="fa fa-reply-all"></i> <?php echo lng('Back') ?></a>
<a title="<?php echo lng('BackUp') ?>" class="btn btn-sm btn-outline-primary" href="javascript:void(0);" onclick="backup('<?php echo urlencode(trim(FM_PATH)) ?>','<?php echo urlencode($file) ?>')"><i class="fa fa-database"></i> <?php echo lng('BackUp') ?></a>
<?php if ($is_text) { ?>
<?php if ($isNormalEditor) { ?>
<a title="Advanced" class="btn btn-sm btn-outline-primary" href="?p=<?php echo urlencode(trim(FM_PATH)) ?>&edit=<?php echo urlencode($file) ?>&env=ace"><i class="fa fa-pencil-square-o"></i> <?php echo lng('AdvancedEditor') ?></a>
<button type="button" class="btn btn-sm btn-success" name="Save" data-url="<?php echo fm_enc($file_url) ?>" onclick="edit_save(this,'nrl')"><i class="fa fa-floppy-o"></i> Save
</button>
<?php } else { ?>
<a title="Plain Editor" class="btn btn-sm btn-outline-primary" href="?p=<?php echo urlencode(trim(FM_PATH)) ?>&edit=<?php echo urlencode($file) ?>"><i class="fa fa-text-height"></i> <?php echo lng('NormalEditor') ?></a>
<button type="button" class="btn btn-sm btn-success" name="Save" data-url="<?php echo fm_enc($file_url) ?>" onclick="edit_save(this,'ace')"><i class="fa fa-floppy-o"></i> <?php echo lng('Save') ?>
</button>
<?php } ?>
<?php } ?>
</div>
</div>
<?php
if ($is_text && $isNormalEditor) {
echo '<textarea class="mt-2" id="normal-editor" rows="33" cols="120" style="width: 99.5%;">' . htmlspecialchars($content) . '</textarea>';
echo '<script>document.addEventListener("keydown", function(e) {if ((window.navigator.platform.match("Mac") ? e.metaKey : e.ctrlKey) && e.keyCode == 83) { e.preventDefault();edit_save(this,"nrl");}}, false);</script>';
} elseif ($is_text) {
echo '<div id="editor" contenteditable="true">' . htmlspecialchars($content) . '</div>';
} else {
fm_set_msg(lng('FILE EXTENSION HAS NOT SUPPORTED'), 'error');
}
?>
</div>
<?php
fm_show_footer();
exit;
}
// chmod (not for Windows)
if (isset($_GET['chmod']) && !FM_READONLY && !FM_IS_WIN) {
$file = $_GET['chmod'];
$file = fm_clean_path($file);
$file = str_replace('/', '', $file);
if ($file == '' || (!is_file($path . '/' . $file) && !is_dir($path . '/' . $file))) {
fm_set_msg(lng('File not found'), 'error');
$FM_PATH=FM_PATH; fm_redirect(FM_SELF_URL . '?p=' . urlencode($FM_PATH));
}
fm_show_header(); // HEADER
fm_show_nav_path(FM_PATH); // current path
$file_url = FM_ROOT_URL . (FM_PATH != '' ? '/' . FM_PATH : '') . '/' . $file;
$file_path = $path . '/' . $file;
$mode = fileperms($path . '/' . $file);
?>
<div class="path">
<div class="card mb-2 <?php echo fm_get_theme(); ?>">
<h6 class="card-header">
<?php echo lng('ChangePermissions') ?>
</h6>
<div class="card-body">
<p class="card-text">
Full path: <?php echo $file_path ?><br>
</p>
<form action="" method="post">
<input type="hidden" name="p" value="<?php echo fm_enc(FM_PATH) ?>">
<input type="hidden" name="chmod" value="<?php echo fm_enc($file) ?>">
<table class="table compact-table <?php echo fm_get_theme(); ?>">
<tr>
<td></td>
<td><b><?php echo lng('Owner') ?></b></td>
<td><b><?php echo lng('Group') ?></b></td>
<td><b><?php echo lng('Other') ?></b></td>
</tr>
<tr>
<td style="text-align: right"><b><?php echo lng('Read') ?></b></td>
<td><label><input type="checkbox" name="ur" value="1"<?php echo ($mode & 00400) ? ' checked' : '' ?>></label></td>
<td><label><input type="checkbox" name="gr" value="1"<?php echo ($mode & 00040) ? ' checked' : '' ?>></label></td>
<td><label><input type="checkbox" name="or" value="1"<?php echo ($mode & 00004) ? ' checked' : '' ?>></label></td>
</tr>
<tr>
<td style="text-align: right"><b><?php echo lng('Write') ?></b></td>
<td><label><input type="checkbox" name="uw" value="1"<?php echo ($mode & 00200) ? ' checked' : '' ?>></label></td>
<td><label><input type="checkbox" name="gw" value="1"<?php echo ($mode & 00020) ? ' checked' : '' ?>></label></td>
<td><label><input type="checkbox" name="ow" value="1"<?php echo ($mode & 00002) ? ' checked' : '' ?>></label></td>
</tr>
<tr>
<td style="text-align: right"><b><?php echo lng('Execute') ?></b></td>
<td><label><input type="checkbox" name="ux" value="1"<?php echo ($mode & 00100) ? ' checked' : '' ?>></label></td>
<td><label><input type="checkbox" name="gx" value="1"<?php echo ($mode & 00010) ? ' checked' : '' ?>></label></td>
<td><label><input type="checkbox" name="ox" value="1"<?php echo ($mode & 00001) ? ' checked' : '' ?>></label></td>
</tr>
</table>
<p>
<input type="hidden" name="token" value="<?php echo $_SESSION['token']; ?>">
<b><a href="?p=<?php echo urlencode(FM_PATH) ?>" class="btn btn-outline-primary"><i class="fa fa-times-circle"></i> <?php echo lng('Cancel') ?></a></b> 
<button type="submit" class="btn btn-success"><i class="fa fa-check-circle"></i> <?php echo lng('Change') ?></button>
</p>
</form>
</div>
</div>
</div>
<?php
fm_show_footer();
exit;
}
// --- TINYFILEMANAGER MAIN ---
fm_show_header(); // HEADER
fm_show_nav_path(FM_PATH); // current path
// show alert messages
fm_show_message();
$num_files = count($files);
$num_folders = count($folders);
$all_files_size = 0;
$tableTheme = (FM_THEME == "dark") ? "text-white bg-dark table-dark" : "bg-white";
?>
<form action="" method="post" class="pt-3">
<input type="hidden" name="p" value="<?php echo fm_enc(FM_PATH) ?>">
<input type="hidden" name="group" value="1">
<input type="hidden" name="token" value="<?php echo $_SESSION['token']; ?>">
<div class="table-responsive">
<table class="table table-bordered table-hover table-sm <?php echo $tableTheme; ?>" id="main-table">
<thead class="thead-white">
<tr>
<?php if (!FM_READONLY): ?>
<th style="width:3%" class="custom-checkbox-header">
<div class="custom-control custom-checkbox">
<input type="checkbox" class="custom-control-input" id="js-select-all-items" onclick="checkbox_toggle()">
<label class="custom-control-label" for="js-select-all-items"></label>
</div>
</th><?php endif; ?>
<th><?php echo lng('Name') ?></th>
<th><?php echo lng('Size') ?></th>
<th><?php echo lng('Modified') ?></th>
<?php if (!FM_IS_WIN && !$hide_Cols): ?>
<th><?php echo lng('Perms') ?></th>
<th><?php echo lng('Owner') ?></th><?php endif; ?>
<th><?php echo lng('Actions') ?></th>
</tr>
</thead>
<?php
// link to parent folder
if ($parent !== false) {
?>
<tr><?php if (!FM_READONLY): ?>
<td class="nosort"></td><?php endif; ?>
<td class="border-0" data-sort><a href="?p=<?php echo urlencode($parent) ?>"><i class="fa fa-chevron-circle-left go-back"></i> ..</a></td>
<td class="border-0" data-order></td>
<td class="border-0" data-order></td>
<td class="border-0"></td>
<?php if (!FM_IS_WIN && !$hide_Cols) { ?>
<td class="border-0"></td>
<td class="border-0"></td>
<?php } ?>
</tr>
<?php
}
$ii = 3399;
foreach ($folders as $f) {
$is_link = is_link($path . '/' . $f);
$img = $is_link ? 'icon-link_folder' : 'fa fa-folder-o';
$modif_raw = filemtime($path . '/' . $f);
$modif = date(FM_DATETIME_FORMAT, $modif_raw);
$date_sorting = strtotime(date("F d Y H:i:s.", $modif_raw));
$filesize_raw = "";
$filesize = lng('Folder');
$perms = substr(decoct(fileperms($path . '/' . $f)), -4);
if (function_exists('posix_getpwuid') && function_exists('posix_getgrgid')) {
$owner = posix_getpwuid(fileowner($path . '/' . $f));
$group = posix_getgrgid(filegroup($path . '/' . $f));
} else {
$owner = array('name' => '?');
$group = array('name' => '?');
}
?>
<tr>
<?php if (!FM_READONLY): ?>
<td class="custom-checkbox-td">
<div class="custom-control custom-checkbox">
<input type="checkbox" class="custom-control-input" id="<?php echo $ii ?>" name="file[]" value="<?php echo fm_enc($f) ?>">
<label class="custom-control-label" for="<?php echo $ii ?>"></label>
</div>
</td><?php endif; ?>
<td data-sort=<?php echo fm_convert_win(fm_enc($f)) ?>>
<div class="filename"><a href="?p=<?php echo urlencode(trim(FM_PATH . '/' . $f, '/')) ?>"><i class="<?php echo $img ?>"></i> <?php echo fm_convert_win(fm_enc($f)) ?>
</a><?php echo($is_link ? ' → <i>' . readlink($path . '/' . $f) . '</i>' : '') ?></div>
</td>
<td data-order="a-<?php echo str_pad($filesize_raw, 18, "0", STR_PAD_LEFT);?>">
<?php echo $filesize; ?>
</td>
<td data-order="a-<?php echo $date_sorting;?>"><?php echo $modif ?></td>
<?php if (!FM_IS_WIN && !$hide_Cols): ?>
<td><?php if (!FM_READONLY): ?><a title="Change Permissions" href="?p=<?php echo urlencode(FM_PATH) ?>&chmod=<?php echo urlencode($f) ?>"><?php echo $perms ?></a><?php else: ?><?php echo $perms ?><?php endif; ?>
</td>
<td><?php echo $owner['name'] . ':' . $group['name'] ?></td>
<?php endif; ?>
<td class="inline-actions"><?php if (!FM_READONLY): ?>
<a title="<?php echo lng('Delete')?>" href="?p=<?php echo urlencode(FM_PATH) ?>&del=<?php echo urlencode($f) ?>" onclick="confirmDailog(event, '1028','<?php echo lng('Delete').' '.lng('Folder'); ?>','<?php echo urlencode($f) ?>', this.href);"> <i class="fa fa-trash-o" aria-hidden="true"></i></a>
<a title="<?php echo lng('Rename')?>" href="#" onclick="rename('<?php echo fm_enc(addslashes(FM_PATH)) ?>', '<?php echo fm_enc(addslashes($f)) ?>');return false;"><i class="fa fa-pencil-square-o" aria-hidden="true"></i></a>
<a title="<?php echo lng('CopyTo')?>..." href="?p=&copy=<?php echo urlencode(trim(FM_PATH . '/' . $f, '/')) ?>"><i class="fa fa-files-o" aria-hidden="true"></i></a>
<?php endif; ?>
<a title="<?php echo lng('DirectLink')?>" href="<?php echo fm_enc(FM_ROOT_URL . (FM_PATH != '' ? '/' . FM_PATH : '') . '/' . $f . '/') ?>" target="_blank"><i class="fa fa-link" aria-hidden="true"></i></a>
</td>
</tr>
<?php
flush();
$ii++;
}
$ik = 6070;
foreach ($files as $f) {
$is_link = is_link($path . '/' . $f);
$img = $is_link ? 'fa fa-file-text-o' : fm_get_file_icon_class($path . '/' . $f);
$modif_raw = filemtime($path . '/' . $f);
$modif = date(FM_DATETIME_FORMAT, $modif_raw);
$date_sorting = strtotime(date("F d Y H:i:s.", $modif_raw));
$filesize_raw = fm_get_size($path . '/' . $f);
$filesize = fm_get_filesize($filesize_raw);
$filelink = '?p=' . urlencode(FM_PATH) . '&view=' . urlencode($f);
$all_files_size += $filesize_raw;
$perms = substr(decoct(fileperms($path . '/' . $f)), -4);
if (function_exists('posix_getpwuid') && function_exists('posix_getgrgid')) {
$owner = posix_getpwuid(fileowner($path . '/' . $f));
$group = posix_getgrgid(filegroup($path . '/' . $f));
} else {
$owner = array('name' => '?');
$group = array('name' => '?');
}
?>
<tr>
<?php if (!FM_READONLY): ?>
<td class="custom-checkbox-td">
<div class="custom-control custom-checkbox">
<input type="checkbox" class="custom-control-input" id="<?php echo $ik ?>" name="file[]" value="<?php echo fm_enc($f) ?>">
<label class="custom-control-label" for="<?php echo $ik ?>"></label>
</div>
</td><?php endif; ?>
<td data-sort=<?php echo fm_enc($f) ?>>
<div class="filename">
<?php
if (in_array(strtolower(pathinfo($f, PATHINFO_EXTENSION)), array('gif', 'jpg', 'jpeg', 'png', 'bmp', 'ico', 'svg', 'webp', 'avif'))): ?>
<?php $imagePreview = fm_enc(FM_ROOT_URL . (FM_PATH != '' ? '/' . FM_PATH : '') . '/' . $f); ?>
<a href="<?php echo $filelink ?>" data-preview-image="<?php echo $imagePreview ?>" title="<?php echo fm_enc($f) ?>">
<?php else: ?>
<a href="<?php echo $filelink ?>" title="<?php echo $f ?>">
<?php endif; ?>
<i class="<?php echo $img ?>"></i> <?php echo fm_convert_win(fm_enc($f)) ?>
</a>
<?php echo($is_link ? ' → <i>' . readlink($path . '/' . $f) . '</i>' : '') ?>
</div>
</td>
<td data-order="b-<?php echo str_pad($filesize_raw, 18, "0", STR_PAD_LEFT); ?>"><span title="<?php printf('%s bytes', $filesize_raw) ?>">
<?php echo $filesize; ?>
</span></td>
<td data-order="b-<?php echo $date_sorting;?>"><?php echo $modif ?></td>
<?php if (!FM_IS_WIN && !$hide_Cols): ?>
<td><?php if (!FM_READONLY): ?><a title="<?php echo 'Change Permissions' ?>" href="?p=<?php echo urlencode(FM_PATH) ?>&chmod=<?php echo urlencode($f) ?>"><?php echo $perms ?></a><?php else: ?><?php echo $perms ?><?php endif; ?>
</td>
<td><?php echo fm_enc($owner['name'] . ':' . $group['name']) ?></td>
<?php endif; ?>
<td class="inline-actions">
<?php if (!FM_READONLY): ?>
<a title="<?php echo lng('Delete') ?>" href="?p=<?php echo urlencode(FM_PATH) ?>&del=<?php echo urlencode($f) ?>" onclick="confirmDailog(event, 1209, '<?php echo lng('Delete').' '.lng('File'); ?>','<?php echo urlencode($f); ?>', this.href);"> <i class="fa fa-trash-o"></i></a>
<a title="<?php echo lng('Rename') ?>" href="#" onclick="rename('<?php echo fm_enc(addslashes(FM_PATH)) ?>', '<?php echo fm_enc(addslashes($f)) ?>');return false;"><i class="fa fa-pencil-square-o"></i></a>
<a title="<?php echo lng('CopyTo') ?>..."
href="?p=<?php echo urlencode(FM_PATH) ?>&copy=<?php echo urlencode(trim(FM_PATH . '/' . $f, '/')) ?>"><i class="fa fa-files-o"></i></a>
<?php endif; ?>
<a title="<?php echo lng('DirectLink') ?>" href="<?php echo fm_enc(FM_ROOT_URL . (FM_PATH != '' ? '/' . FM_PATH : '') . '/' . $f) ?>" target="_blank"><i class="fa fa-link"></i></a>
<a title="<?php echo lng('Download') ?>" href="?p=<?php echo urlencode(FM_PATH) ?>&dl=<?php echo urlencode($f) ?>" onclick="confirmDailog(event, 1211, '<?php echo lng('Download'); ?>','<?php echo urlencode($f); ?>', this.href);"><i class="fa fa-download"></i></a>
</td>
</tr>
<?php
flush();
$ik++;
}
if (empty($folders) && empty($files)) { ?>
<tfoot>
<tr><?php if (!FM_READONLY): ?>
<td></td><?php endif; ?>
<td colspan="<?php echo (!FM_IS_WIN && !$hide_Cols) ? '6' : '4' ?>"><em><?php echo lng('Folder is empty') ?></em></td>
</tr>
</tfoot>
<?php
} else { ?>
<tfoot>
<tr>
<td class="gray" colspan="<?php echo (!FM_IS_WIN && !$hide_Cols) ? (FM_READONLY ? '6' :'7') : (FM_READONLY ? '4' : '5') ?>">
<?php echo lng('FullSize').': <span class="badge text-bg-light border-radius-0">'.fm_get_filesize($all_files_size).'</span>' ?>
<?php echo lng('File').': <span class="badge text-bg-light border-radius-0">'.$num_files.'</span>' ?>
<?php echo lng('Folder').': <span class="badge text-bg-light border-radius-0">'.$num_folders.'</span>' ?>
</td>
</tr>
</tfoot>
<?php } ?>
</table>
</div>
<div class="row">
<?php if (!FM_READONLY): ?>
<div class="col-xs-12 col-sm-9">
<ul class="list-inline footer-action">
<li class="list-inline-item"> <a href="#/select-all" class="btn btn-small btn-outline-primary btn-2" onclick="select_all();return false;"><i class="fa fa-check-square"></i> <?php echo lng('SelectAll') ?> </a></li>
<li class="list-inline-item"><a href="#/unselect-all" class="btn btn-small btn-outline-primary btn-2" onclick="unselect_all();return false;"><i class="fa fa-window-close"></i> <?php echo lng('UnSelectAll') ?> </a></li>
<li class="list-inline-item"><a href="#/invert-all" class="btn btn-small btn-outline-primary btn-2" onclick="invert_all();return false;"><i class="fa fa-th-list"></i> <?php echo lng('InvertSelection') ?> </a></li>
<li class="list-inline-item"><input type="submit" class="hidden" name="delete" id="a-delete" value="Delete" onclick="return confirm('<?php echo lng('Delete selected files and folders?'); ?>')">
<a href="javascript:document.getElementById('a-delete').click();" class="btn btn-small btn-outline-primary btn-2"><i class="fa fa-trash"></i> <?php echo lng('Delete') ?> </a></li>
<li class="list-inline-item"><input type="submit" class="hidden" name="zip" id="a-zip" value="zip" onclick="return confirm('<?php echo lng('Create archive?'); ?>')">
<a href="javascript:document.getElementById('a-zip').click();" class="btn btn-small btn-outline-primary btn-2"><i class="fa fa-file-archive-o"></i> <?php echo lng('Zip') ?> </a></li>
<li class="list-inline-item"><input type="submit" class="hidden" name="tar" id="a-tar" value="tar" onclick="return confirm('<?php echo lng('Create archive?'); ?>')">
<a href="javascript:document.getElementById('a-tar').click();" class="btn btn-small btn-outline-primary btn-2"><i class="fa fa-file-archive-o"></i> <?php echo lng('Tar') ?> </a></li>
<li class="list-inline-item"><input type="submit" class="hidden" name="copy" id="a-copy" value="Copy">
<a href="javascript:document.getElementById('a-copy').click();" class="btn btn-small btn-outline-primary btn-2"><i class="fa fa-files-o"></i> <?php echo lng('Copy') ?> </a></li>
</ul>
</div>
<div class="col-3 d-none d-sm-block"><a href="https://tinyfilemanager.github.io" target="_blank" class="float-right text-muted">Tiny File Manager <?php echo VERSION; ?></a></div>
<?php else: ?>
<div class="col-12"><a href="https://tinyfilemanager.github.io" target="_blank" class="float-right text-muted">Tiny File Manager <?php echo VERSION; ?></a></div>
<?php endif; ?>
</div>
</form>