From 04f8f5db1aceea13ce5091cf4a911d862f38a03f Mon Sep 17 00:00:00 2001
From: Yehuda Eisenberg <32451776+YehudaEi@users.noreply.github.com>
Date: Tue, 10 Nov 2020 19:11:50 +0200
Subject: [PATCH] =?UTF-8?q?Add=20secret=20mode=20=F0=9F=A5=B3=F0=9F=8E=8A?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
---
SysManager.php | 284 ++++++++++++++++++++++++++-----------------------
1 file changed, 149 insertions(+), 135 deletions(-)
diff --git a/SysManager.php b/SysManager.php
index db5c50a..784ea36 100644
--- a/SysManager.php
+++ b/SysManager.php
@@ -3,6 +3,7 @@
define('DONT_SHOW', array('.', '..', ".htaccess", "readme.md"));
define('DS', DIRECTORY_SEPARATOR);
define('BASE_PATH', __DIR__ . DS . "data" . DS);
+define('BASE_PATH_SF', __DIR__ . DS . "Secret-Folder" . DS);
define('BASE_URL', ($_SERVER['REQUEST_SCHEME'] ?? ($_SERVER['HTTPS'] == "on" ? "https" : "http")) . "://" . $_SERVER['HTTP_HOST'] . dirname($_SERVER['SCRIPT_NAME']) . "/");
session_name('FileServerMng');
@@ -10,8 +11,10 @@
if(file_exists(substr(BASE_PATH, 0, -1)) && !is_dir(substr(BASE_PATH, 0, -1))) die("Fatal Error!");
if(!is_dir(BASE_PATH)) mkdir(BASE_PATH);
+if(!is_dir(BASE_PATH_SF)) mkdir(BASE_PATH_SF);
if(!file_exists(BASE_PATH . '.htaccess')) file_put_contents(BASE_PATH . '.htaccess', 'deny from all');
-if(!file_exists(__DIR__ . DS . '.htaccess')) file_put_contents(__DIR__ . DS . '.htaccess', "RewriteEngine on\nRewriteCond %{REQUEST_FILENAME} !-f\nRewriteCond %{REQUEST_FILENAME} !-d\nRewriteRule ^(.*)$ /SysManager.php?file=$1 [NC,L,QSA]");
+if(!file_exists(BASE_PATH_SF . '.htaccess')) file_put_contents(BASE_PATH_SF . '.htaccess', 'deny from all');
+if(!file_exists(__DIR__ . DS . '.htaccess')) file_put_contents(__DIR__ . DS . '.htaccess', "DirectoryIndex index.php\nRewriteEngine on\nRewriteCond %{REQUEST_FILENAME} !-f\nRewriteCond %{REQUEST_FILENAME} !-d\nRewriteRule ^(.*)$ /SysManager.php?file=$1 [NC,L,QSA]");
$users = array(
'admin' => password_hash('admin@123', PASSWORD_DEFAULT),
@@ -79,10 +82,118 @@ function del($path){
}
return false;
}
-function getFakePath($path){
- $res = cleanPath(substr($path, strlen(BASE_PATH)));
+function getFakePath($path, $secretMode){
+ $res = cleanPath(substr($path, strlen($secretMode ? BASE_PATH_SF : BASE_PATH)));
return empty($res) ? "/" : $res;
}
+function printHeader($path, $secretMode = false){
+ echo "
Hello " . htmlspecialchars($_SESSION['FileServerMngUser']['logged']) . ".
+ [home]
+ [logout]
+ [upload]
+ [public files] " : "?act=secret'>secret files] ") . "
+ [create folder]
+ Secret Mode: " . ($secretMode ? "ON" : "OFF") . "
+
+ ";
+}
+function printFilesTable($path, $isLogged, $secretMode = false){
+?>
+
+
+
+ Yehuda's Files Server π | <?php echo empty($path) ? "home" : $path; ?>
+
+
+
+
+
+ReadMe:
";
+ include 'md-parser.php'; //Download from https://github.com/erusev/parsedown
+
+ $Parsedown = new Parsedown();
+ $Parsedown->setSafeMode(true);
+
+ echo $Parsedown->text(file_get_contents(($secretMode ? BASE_PATH_SF : BASE_PATH) . $path . DS . 'readme.md'));
+
+ echo "
";
+}
+?>
+
+
+
+Hello " . htmlspecialchars($_SERVER['PHP_AUTH_USER']) . ". [logout] [home]";
-
if(is_dir($file)){
$name = $file;
}
else{
header('location: ' . BASE_URL);
}
+ printHeader(getFakePath($file, $secretMode), $secretMode);
echo '';
}
}
elseif($act == "upload"){
- $file = BASE_PATH . $file;
+ $file = ($secretMode ? BASE_PATH_SF : BASE_PATH) . $file;
if(isset($_FILES["fileToUpload"]) && count($_FILES["fileToUpload"]["size"]) > 0){
if(is_dir($file)){
- if(isset($_POST['password']))
+ if(isset($_POST['secret']))
$targetDir = __DIR__ . DS . "p-f" . DS;
else{
- if(is_dir(BASE_PATH . cleanPath($_POST['dir']))){
- $targetDir = BASE_PATH . cleanPath($_POST['dir']);
+ if(is_dir(($secretMode ? BASE_PATH_SF : BASE_PATH) . cleanPath($_POST['dir']))){
+ $targetDir = ($secretMode ? BASE_PATH_SF : BASE_PATH) . cleanPath($_POST['dir']);
}
else
$targetDir = $file;
@@ -189,46 +300,50 @@ function getFakePath($path){
for($i = 0; $i < count($_FILES["fileToUpload"]["size"]); $i++){
$targetFile = $targetDir . basename($_FILES["fileToUpload"]["name"][$i]);
if((!$override && file_exists($targetFile)) || ($override && is_dir($targetFile)))
- echo 'File Already Exists! ('.htmlspecialchars(getFakePath($targetFile)).')
[go back]
';
+ echo 'File Already Exists! ('.htmlspecialchars(getFakePath($targetFile, $secretMode)).')
[go back]
';
else{
move_uploaded_file($_FILES['fileToUpload']["tmp_name"][$i], $targetFile);
if(file_exists($targetFile))
- echo 'Upload Success! ('.htmlspecialchars(getFakePath($targetFile)).')
[go back]
';
+ echo 'Upload Success! ('.htmlspecialchars(getFakePath($targetFile, $secretMode)).')
[go back]
';
else
- echo 'Upload Failed! ('.htmlspecialchars(getFakePath($targetFile)).')
[go back]
';
+ echo 'Upload Failed! ('.htmlspecialchars(getFakePath($targetFile, $secretMode)).')
[go back]
';
}
}
}
}
else{
- echo "Hello " . htmlspecialchars($_SERVER['PHP_AUTH_USER']) . ". [logout] [home]
";
-
if(is_dir($file)){
$name = $file;
}
else{
header('location: ' . BASE_URL);
}
+ printHeader(getFakePath($file, $secretMode), $secretMode);
echo '';
}
}
- elseif($act == "password"){
- die("In Building...");
+ elseif($act == "secret"){
+ $_SESSION['secretMode'] = true;
+ header('location: ' . BASE_URL);
+ }
+ elseif($act == "public"){
+ $_SESSION['secretMode'] = false;
+ header('location: ' . BASE_URL);
}
elseif($act == "rename"){
- $oldName = BASE_PATH . $file;
+ $oldName = ($secretMode ? BASE_PATH_SF : BASE_PATH) . $file;
if(isset($_POST['newName']) && $_POST['newName']){
if(file_exists($oldName) || is_dir($oldName)){
- if((!in_array(basename($oldName), DONT_SHOW) || basename($oldName) == 'readme.md') && $oldName != BASE_PATH){
+ if((!in_array(basename($oldName), DONT_SHOW) || basename($oldName) == 'readme.md') && $oldName != ($secretMode ? BASE_PATH_SF : BASE_PATH)){
$newName = dirname($oldName) . DS . basename($_POST['newName']);
if(file_exists($newName) || is_dir($newName)){
@@ -247,27 +362,26 @@ function getFakePath($path){
}
}
else{
- echo "Hello " . htmlspecialchars($_SERVER['PHP_AUTH_USER']) . ". [logout] [home]
";
-
if(file_exists($oldName) || is_dir($oldName)){
$name = $oldName;
}
else{
header('location: ' . BASE_URL);
}
+ printHeader((is_dir($file) ? getFakePath($file, $secretMode) : getFakePath(dirname($file))), $secretMode);
echo '';
}
}
elseif($act == "delete"){
- $file = BASE_PATH . $file;
+ $file = ($secretMode ? BASE_PATH_SF : BASE_PATH) . $file;
if(isset($_POST['delete']) && $_POST['delete']){
if(file_exists($file) || is_dir($file)){
- if((!in_array(basename($file), DONT_SHOW) || basename($file) == 'readme.md') && $file != BASE_PATH){
+ if((!in_array(basename($file), DONT_SHOW) || basename($file) == 'readme.md') && $file != ($secretMode ? BASE_PATH_SF : BASE_PATH)){
del($file);
if(!file_exists($file))
echo 'Delete Success!
[go back]
';
@@ -279,16 +393,15 @@ function getFakePath($path){
}
}
else{
- echo "Hello " . htmlspecialchars($_SERVER['PHP_AUTH_USER']) . ". [logout] [home]
";
-
if(file_exists($file) || is_dir($file)){
$name = $file;
}
else{
header('location: ' . BASE_URL);
}
+ printHeader((is_dir($file) ? getFakePath($file, $secretMode) : getFakePath(dirname($file), $secretMode)), $secretMode);
echo '';
}
@@ -310,110 +423,11 @@ function getFakePath($path){
die();
}
-if(is_dir(BASE_PATH . $file)){
-?>
-
-
- Yehuda's Files Server π | <?php echo empty($file) ? "home" : $file; ?>
-
-
-
- Hello " . htmlspecialchars($_SERVER['PHP_AUTH_USER']) . ".
- [logout]
- [upload]
- [password files]
- [create folder]
-
- "; ?>
-
-ReadMe:
";
- include 'md-parser.php'; //Download from https://github.com/erusev/parsedown
-
- $Parsedown = new Parsedown();
- $Parsedown->setSafeMode(true);
-
- echo $Parsedown->text(file_get_contents(BASE_PATH . $file . DS . 'readme.md'));
-
- echo "
";
+if(is_dir(($secretMode ? BASE_PATH_SF : BASE_PATH) . $file)){
+ printFilesTable($file, $isLogged, $secretMode);
}
-?>
-
-
-
-
-