| <?php
/*
* @package		MiwoFTP
* @copyright	Copyright (C) 2009-2014 Miwisoft, LLC. All rights reserved.
* @license		GNU General Public License version 2 or later
*
*/
// no direct access
defined('ABSPATH') or die('MIWI');
/*------------------------------------------------------------------------------
     The contents of this file are subject to the Mozilla Public License
     Version 1.1 (the "License"); you may not use this file except in
     compliance with the License. You may obtain a copy of the License at
     http://www.mozilla.org/MPL/
     Software distributed under the License is distributed on an "AS IS"
     basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See the
     License for the specific language governing rights and limitations
     under the License.
     The Original Code is fun_admin.php, released on 2003-03-31.
     The Initial Developer of the Original Code is The QuiX project.
     Alternatively, the contents of this file may be used under the terms
     of the GNU General Public License Version 2 or later (the "GPL"), in
     which case the provisions of the GPL are applicable instead of
     those above. If you wish to allow use of your version of this file only
     under the terms of the GPL and not to allow others to use
     your version of this file under the MPL, indicate your decision by
     deleting  the provisions above and replace  them with the notice and
     other provisions required by the GPL.  If you do not delete
     the provisions above, a recipient may use your version of this file
     under either the MPL or the GPL."
------------------------------------------------------------------------------*/
/*------------------------------------------------------------------------------
Author: The QuiX project
	[email protected] 
	http://www.quix.tk
	http://quixplorer.sourceforge.net
Comment:
	Administrative Functions
	
	Have Fun...
------------------------------------------------------------------------------*/
require MPATH_MIWOFTP_QX."/_include/permissions.php";
/**
 * Change Password & Manage Users Form
 */
function admin($admin, $dir)
{
	show_header($GLOBALS["messages"]["actadmin"]);
	
	// Javascript functions:
	include MPATH_MIWOFTP_QX."/_include/js_admin.php";
	
	// Change Password
	echo "<BR><HR width=\"95%\"><TABLE width=\"350\"><TR><TD colspan=\"2\" class=\"header\"><B>";
	echo $GLOBALS["messages"]["actchpwd"].":</B></TD></TR>\n";
	echo "<FORM name=\"chpwd\" action=\"".make_link("admin",$dir,NULL)."\" method=\"post\">\n";
	echo "<INPUT type=\"hidden\" name=\"action2\" value=\"chpwd\">\n";
	echo "<TR><TD>".$GLOBALS["messages"]["miscoldpass"].": </TD><TD align=\"right\">";
	echo "<INPUT type=\"password\" name=\"oldpwd\" size=\"25\"></TD></TR>\n";
	echo "<TR><TD>".$GLOBALS["messages"]["miscnewpass"].": </TD><TD align=\"right\">";
	echo "<INPUT type=\"password\" name=\"newpwd1\" size=\"25\"></TD></TR>\n";
	echo "<TR><TD>".$GLOBALS["messages"]["miscconfnewpass"].": </TD><TD align=\"right\">";
	echo "<INPUT type=\"password\" name=\"newpwd2\" size=\"25\"></TD></TR>\n";
	echo "<TR><TD colspan=\"2\" align=\"right\"><INPUT type=\"submit\" value=\"".$GLOBALS["messages"]["btnchange"];
	echo "\" onClick=\"return check_pwd();\">\n</TD></TR></FORM></TABLE>\n";
	
	// Edit / Add / Remove User
	if($admin)
	{
		echo "<HR width=\"95%\"><TABLE width=\"350\"><TR><TD colspan=\"6\" class=\"header\" nowrap>";
		echo "<B>".$GLOBALS["messages"]["actusers"].":</B></TD></TR>\n";
		echo "<TR><TD colspan=\"5\">".$GLOBALS["messages"]["miscuseritems"]."</TD></TR>\n";
		echo "<FORM name=\"userform\" action=\"".make_link("admin",$dir,NULL)."\" method=\"post\">\n";
		echo "<INPUT type=\"hidden\" name=\"action2\" value=\"edituser\">\n";
		$cnt=count($GLOBALS["users"]);
		for($i = 0; $i < $cnt; ++$i)
		{
			// Username & Home dir:
			$user=$GLOBALS["users"][$i][0];	if(strlen($user)>15) $user=substr($user,0,12)."...";
			$home=$GLOBALS["users"][$i][2];	if(strlen($home)>30) $home=substr($home,0,27)."...";
			
			echo "<TR><TD width=\"1%\"><INPUT TYPE=\"radio\" name=\"user\" value=\"";
			echo $GLOBALS["users"][$i][0]."\"".(($i==0)?" checked":"")."></TD>\n";
			echo "<TD width=\"30%\">".$user."</TD><TD width=\"60%\">".$home."</TD>\n";
			echo "<TD width=\"3%\">".($GLOBALS["users"][$i][4]?$GLOBALS["messages"]["miscyesno"][2]:
				$GLOBALS["messages"]["miscyesno"][3])."</TD>\n";
			echo "<TD width=\"3%\">".$GLOBALS["users"][$i][6]."</TD>\n";
			echo "<TD width=\"3%\">".($GLOBALS["users"][$i][7]?$GLOBALS["messages"]["miscyesno"][2]:
				$GLOBALS["messages"]["miscyesno"][3])."</TD></TR>\n";
		}
		echo "<TR><TD colspan=\"6\" align=\"right\">";
		echo "<input type=\"button\" value=\"".$GLOBALS["messages"]["btnadd"];
		echo "\" onClick=\"javascript:location='".make_link("admin",$dir,NULL)."&action2=adduser';\">\n";
		echo "<input type=\"button\" value=\"".$GLOBALS["messages"]["btnedit"];
		echo "\" onClick=\"javascript:Edit();\">\n";
		echo "<input type=\"button\" value=\"".$GLOBALS["messages"]["btnremove"];
		echo "\" onClick=\"javascript:Delete();\">\n</TD></TR></FORM></TABLE>\n";
	}
	
	echo "<HR width=\"95%\"><input type=\"button\" value=\"".$GLOBALS["messages"]["btnclose"];
	echo "\" onClick=\"javascript:location='".make_link("list",$dir,NULL)."';\"><BR><BR>\n";
?><script language="JavaScript1.2" type="text/javascript">
<!--
	if(document.chpwd) document.chpwd.oldpwd.focus();
// -->
</script><?php
}
/**
 * Change Password
 */
function changepwd ($dir)
{
	$pwd=md5(stripslashes($GLOBALS['__POST']["oldpwd"]));
	if($GLOBALS['__POST']["newpwd1"]!=$GLOBALS['__POST']["newpwd2"]) show_error($GLOBALS["error_msg"]["miscnopassmatch"]);
	
	$data=user_find($GLOBALS['__SESSION']["s_user"],$pwd);
	if($data==NULL) show_error($GLOBALS["error_msg"]["miscnouserpass"]);
	
	$data[1]=md5(stripslashes($GLOBALS['__POST']["newpwd1"]));
	if(!user_update($data[0],$data)) show_error($data[0].": ".$GLOBALS["error_msg"]["chpass"]);
	user_activate($data[0],NULL);
	
    miwoftp_redirect(make_link("list", $dir, NULL));
}
/**
 * Add User
 */
function adduser ($dir)
{
	if(isset($GLOBALS['__POST']["confirm"]) && $GLOBALS['__POST']["confirm"]=="true")
	{
		$user=stripslashes($GLOBALS['__POST']["user"]);
		if($user=="" || $GLOBALS['__POST']["home_dir"]=="") {
			show_error($GLOBALS["error_msg"]["miscfieldmissed"]);
		}
		if($GLOBALS['__POST']["pass1"]!=$GLOBALS['__POST']["pass2"]) show_error($GLOBALS["error_msg"]["miscnopassmatch"]);
		$data=user_find($user,NULL);
		if($data!=NULL) show_error($user.": ".$GLOBALS["error_msg"]["miscuserexist"]);
		
		// determine the user permissions
		$permissions = _eval_permissions();
		$data=array($user,md5(stripslashes($GLOBALS['__POST']["pass1"])),
			stripslashes($GLOBALS['__POST']["home_dir"]),stripslashes($GLOBALS['__POST']["home_url"]),
			$GLOBALS['__POST']["show_hidden"],stripslashes($GLOBALS['__POST']["no_access"]),
			$permissions, $GLOBALS['__POST']["active"]);
			
		if(!user_add($data)) show_error($user.": ".$GLOBALS["error_msg"]["adduser"]);
		header("location: ".make_link("admin",$dir,NULL));
		return;
	}
	
	show_header($GLOBALS["messages"]["actadmin"].": ".$GLOBALS["messages"]["miscadduser"]);
	
	// Javascript functions:
	include MPATH_MIWOFTP_QX."/_include/js_admin2.php";
	
	echo "<FORM name=\"adduser\" action=\"".make_link("admin",$dir,NULL)."&action2=adduser\" method=\"post\">\n";
	echo "<INPUT type=\"hidden\" name=\"confirm\" value=\"true\"><BR><TABLE width=\"450\">\n";
	echo "<TR><TD>".$GLOBALS["messages"]["miscusername"].":</TD>\n";
		echo "<TD align=\"right\"><INPUT type=\"text\" name=\"user\" size=\"30\"></TD></TR>\n";
	echo "<TR><TD>".$GLOBALS["messages"]["miscpassword"].":</TD>\n";
		echo "<TD align=\"right\"><INPUT type=\"password\" name=\"pass1\" size=\"30\"></TD></TR>\n";
	echo "<TR><TD>".$GLOBALS["messages"]["miscconfpass"].":</TD>\n";
		echo "<TD align=\"right\"><INPUT type=\"password\" name=\"pass2\" size=\"30\"></TD></TR>\n";
	echo "<TR><TD>".$GLOBALS["messages"]["mischomedir"].":</TD>\n";
		echo "<TD align=\"right\"><INPUT type=\"text\" name=\"home_dir\" size=\"30\" value=\"";
		echo $GLOBALS["home_dir"]."\"></TD></TR>\n";
	echo "<TR><TD>".$GLOBALS["messages"]["mischomeurl"].":</TD>\n";
		echo "<TD align=\"right\"><INPUT type=\"text\" name=\"home_url\" size=\"30\" value=\"";
		echo $GLOBALS["home_url"]."\"></TD></TR>\n";
	echo "<TR><TD>".$GLOBALS["messages"]["miscshowhidden"].":</TD>";
		echo "<TD align=\"right\"><SELECT name=\"show_hidden\">\n";
		echo "<OPTION value=\"0\">".$GLOBALS["messages"]["miscyesno"][1]."</OPTION>";
		echo "<OPTION value=\"1\">".$GLOBALS["messages"]["miscyesno"][0]."</OPTION>\n";
		echo "</SELECT></TD></TR>\n";
	echo "<TR><TD>".$GLOBALS["messages"]["mischidepattern"].":</TD>\n";
		echo "<TD align=\"right\"><INPUT type=\"text\" name=\"no_access\" size=\"30\" value=\"^\\.ht\"></TD></TR>\n";
	echo "<TR><TD>".$GLOBALS["messages"]["miscperms"].":</TD>";
	
	// Permission settings
	echo "<TD align=\"right\">\n";
	admin_print_permissions(NULL);
	echo "</TD></TR>\n";
	echo "<TR><TD>".$GLOBALS["messages"]["miscactive"].":</TD>";
		echo "<TD align=\"right\"><SELECT name=\"active\">\n";
		echo "<OPTION value=\"1\">".$GLOBALS["messages"]["miscyesno"][0]."</OPTION>";
		echo "<OPTION value=\"0\">".$GLOBALS["messages"]["miscyesno"][1]."</OPTION>\n";
		echo "</SELECT></TD></TR>\n";
	echo "<TR><TD colspan=\"2\" align=\"right\"><input type=\"submit\" value=\"".$GLOBALS["messages"]["btnadd"];
		echo "\" onClick=\"return check_pwd();\">\n<input type=\"button\" value=\"";
		echo $GLOBALS["messages"]["btncancel"]."\" onClick=\"javascript:location='";
		echo make_link("admin",$dir,NULL)."';\"></TD></TR></FORM></TABLE><BR>\n";
?><script language="JavaScript1.2" type="text/javascript">
<!--
	if(document.adduser) document.adduser.user.focus();
// -->
</script><?php
}
/**
 * edit user
 */
function edituser($dir)
{
	// Determine the user name from the post data	
	$user=stripslashes($GLOBALS['__POST']["user"]);
	// try to find the user
	$data=user_find($user,NULL);
	if($data==NULL) show_error($user.": ".$GLOBALS["error_msg"]["miscnofinduser"]);
	if($self=($user==$GLOBALS['__SESSION']["s_user"])) $dir="";
	
	if(isset($GLOBALS['__POST']["confirm"]) && $GLOBALS['__POST']["confirm"]=="true") 
	{
		$nuser=stripslashes($GLOBALS['__POST']["nuser"]);
		if($nuser=="" || $GLOBALS['__POST']["home_dir"]=="")
		{
			show_error($GLOBALS["error_msg"]["miscfieldmissed"]);
		}
		
		if(isset($GLOBALS['__POST']["chpass"]) &&
			$GLOBALS['__POST']["chpass"]=="true")
		{
			if($GLOBALS['__POST']["pass1"]!=$GLOBALS['__POST']["pass2"]) show_error($GLOBALS["error_msg"]["miscnopassmatch"]);
			$pass=md5(stripslashes($GLOBALS['__POST']["pass1"]));
		} else $pass=$data[1];
		
		if($self) $GLOBALS['__POST']["active"]=1;
	
		// determine the user permissions
		$permissions = _eval_permissions();
		// determine the new user data
		$data=array(
				$nuser,
				$pass,
				stripslashes($GLOBALS['__POST']["home_dir"]),
				stripslashes($GLOBALS['__POST']["home_url"]),
				$GLOBALS['__POST']["show_hidden"],
				stripslashes($GLOBALS['__POST']["no_access"]),
				$permissions,
				$GLOBALS['__POST']["active"]);
			
		if (!user_update($user,$data))
			show_error($user.": ".$GLOBALS["error_msg"]["saveuser"]);
		if ($self)
			user_activate($nuser, NULL);
		
        miwoftp_redirect(make_link("list", $dir, NULL));
		return;
	}
	
	show_header($GLOBALS["messages"]["actadmin"].": ".sprintf($GLOBALS["messages"]["miscedituser"],$data[0]));
	
	// Javascript functions:
	include MPATH_MIWOFTP_QX."/_include/js_admin3.php";
	
	echo "<FORM name=\"edituser\" action=\"".make_link("admin",$dir,NULL)."&action2=edituser\" method=\"post\">\n";
	echo "<INPUT type=\"hidden\" name=\"confirm\" value=\"true\"><INPUT type=\"hidden\" name=\"user\" value=\"".$data[0]."\">\n";
	echo "<BR><TABLE width=\"450\">\n";
	echo "<TR><TD>".$GLOBALS["messages"]["miscusername"].":</TD>\n";
		echo "<TD align=\"right\"><INPUT type\"text\" name=\"nuser\" size=\"30\" value=\"";
		echo $data[0]."\"></TD></TR>\n";
	echo "<TR><TD>".$GLOBALS["messages"]["miscconfpass"].":</TD>\n";
		echo "<TD align=\"right\"><INPUT type=\"password\" name=\"pass1\" size=\"30\"></TD></TR>\n";
	echo "<TR><TD>".$GLOBALS["messages"]["miscconfnewpass"].":</TD>\n";
		echo "<TD align=\"right\"><INPUT type=\"password\" name=\"pass2\" size=\"30\"></TD></TR>\n";
	echo "<TR><TD>".$GLOBALS["messages"]["miscchpass"].":</TD>\n";
		echo "<TD align=\"right\"><INPUT type=\"checkbox\" name=\"chpass\" value=\"true\"></TD></TR>\n";
	echo "<TR><TD>".$GLOBALS["messages"]["mischomedir"].":</TD>\n";	
		echo "<TD align=\"right\"><INPUT type=\"text\" name=\"home_dir\" size=\"30\" value=\"";
		echo $data[2]."\"></TD></TR>\n";
	echo "<TR><TD>".$GLOBALS["messages"]["mischomeurl"].":</TD>\n";	
		echo "<TD align=\"right\"><INPUT type=\"text\" name=\"home_url\" size=\"30\" value=\"";
		echo $data[3]."\"></TD></TR>\n";
	echo "<TR><TD>".$GLOBALS["messages"]["miscshowhidden"].":</TD>";
		echo "<TD align=\"right\"><SELECT name=\"show_hidden\">\n";
		echo "<OPTION value=\"0\">".$GLOBALS["messages"]["miscyesno"][1]."</OPTION>";
		echo "<OPTION value=\"1\"".($data[4]?" selected ":"").">";
		echo $GLOBALS["messages"]["miscyesno"][0]."</OPTION>\n";
		echo "</SELECT></TD></TR>\n";
	echo "<TR><TD>".$GLOBALS["messages"]["mischidepattern"].":</TD>\n";
		echo "<TD align=\"right\"><INPUT type=\"text\" name=\"no_access\" size=\"30\" value=\"";
		echo $data[5]."\"></TD></TR>\n";
	echo "<TR><TD>".$GLOBALS["messages"]["miscperms"].":</TD>\n";
	// print out the extended permission table of the user permission
	echo "<TD align=\"right\">\n";
	admin_print_permissions($data[0]);
	echo "</TD></TR>\n";
	echo "<TR><TD>".$GLOBALS["messages"]["miscactive"].":</TD>";
		echo "<TD align=\"right\"><SELECT name=\"active\"".($self?" DISABLED ":"").">\n";
		echo "<OPTION value=\"1\">".$GLOBALS["messages"]["miscyesno"][0]."</OPTION>";
		echo "<OPTION value=\"0\"".($data[7]?"":" selected ").">";
		echo $GLOBALS["messages"]["miscyesno"][1]."</OPTION>\n";
		echo "</SELECT></TD></TR>\n";
	echo "<TR><TD colspan=\"2\" align=\"right\"><input type=\"submit\" value=\"".$GLOBALS["messages"]["btnsave"];
		echo "\" onClick=\"return check_pwd();\">\n<input type=\"button\" value=\"";
		echo $GLOBALS["messages"]["btncancel"]."\" onClick=\"javascript:location='";
		echo make_link("admin",$dir,NULL)."';\"></TD></TR></FORM></TABLE><BR>\n";
}
/**
 * remove user
 */
function removeuser($dir)
{
	$user=stripslashes($GLOBALS['__POST']["user"]);
	if($user==$GLOBALS['__SESSION']["s_user"]) show_error($GLOBALS["error_msg"]["miscselfremove"]);
	if(!user_remove($user)) show_error($user.": ".$GLOBALS["error_msg"]["deluser"]);
	
    miwoftp_redirect(make_link("list", $dir, NULL));
}
//------------------------------------------------------------------------------
function show_admin($dir)
{
	$admin = permissions_grant(NULL, NULL, "admin");
	
	if (!login_ok())
		show_error($GLOBALS["error_msg"]["miscnofunc"]);
	if (!$admin && !permissions_grant(NULL, NULL, "password"))
		show_error($GLOBALS["error_msg"]["accessfunc"]);
	
	if(isset($GLOBALS['__GET']["action2"])) $action2 = $GLOBALS['__GET']["action2"];
	elseif(isset($GLOBALS['__POST']["action2"])) $action2 = $GLOBALS['__POST']["action2"];
	else $action2="";
	
	switch($action2) {
	case "chpwd":
		changepwd($dir);
	break;
	case "adduser":
		if(!$admin) show_error($GLOBALS["error_msg"]["accessfunc"]);
		adduser($dir);
	break;
	case "edituser":
		if(!$admin) show_error($GLOBALS["error_msg"]["accessfunc"]);
		edituser($dir);
	break;
	case "rmuser":
		if(!$admin) show_error($GLOBALS["error_msg"]["accessfunc"]);
		removeuser($dir);
	break;
	default:
		admin($admin,$dir);
	}
}
//------------------------------------------------------------------------------
/**
	print out the html permission table to modify user permissions.
	the name of the permission values are determined via the language
	interface. In case of there is no entry in the language table for
	this permission, the function uses the original permission name.
*/
function admin_print_permissions ($username)
{
	$permvalues = permissions_get();
	echo "<TABLE>";
	foreach ($permvalues as $name => $value)
	{
		// determine wether the option is already set
		$checked = permissions_grant_user($username, NULL, NULL, $name) ? "checked" : "";
		$disabled = (($username == "admin") && ($name == "admin")) ? "disabled" : "";
		$desc = $GLOBALS["messages"]["miscpermissions"][$name][0];
		$tooltip = $GLOBALS["messages"]["miscpermissions"][$name][1];
		echo "<TR><TD>\n";
		echo "\t\t<INPUT type=\"checkbox\" title=\"$tooltip\" name=\"permsettings[]\" value=\"$value\" $checked $disabled >\n";
		echo isset($desc) ? $desc : $name;
		echo "</INPUT>";
		echo "</TR></TD>";
	}
	echo "</TABLE>";
}
/**
  this function evaluates the changed permissions out of the html input form and convert this permissions
  into the permission values for storing them into the user database.
*/
function	_eval_permissions ()
{
	$perms = $GLOBALS['__POST']["permsettings"];
	$permissions = 0;
	if (!isset($perms))
		return $permissions;
	foreach ($perms as $values)
	{
		$permissions += $values;
	}
	return $permissions;
}
?>
 |