This repository has been archived on 2024-04-08. You can view files and clone it, but cannot push or open issues or pull requests.
khosb/htaccess_index.php

266 lines
12 KiB
PHP
Raw Normal View History

<?php
ob_start();
# Define the file types
$_IncludeFiles = Array ( 'htm', 'html', 'php', 'php3', 'php4', 'phtml', 'inc', 'phps' );
$_VirtualFiles = Array ( 'cgi', 'shtml', 'pl' );
$_PassFiles = Array
(
Array ('name' => 'jpg', 'type' => 'image/jpeg', 'disposition' => 'inline'),
Array ('name' => 'jpeg', 'type' => 'image/jpeg', 'disposition' => 'inline'),
Array ('name' => 'jpe', 'type' => 'image/jpeg', 'disposition' => 'inline'),
Array ('name' => 'gif', 'type' => 'image/gif', 'disposition' => 'inline'),
Array ('name' => 'bmp', 'type' => 'image/bmp', 'disposition' => 'inline'),
Array ('name' => 'tif', 'type' => 'image/tif', 'disposition' => 'inline'),
Array ('name' => 'png', 'type' => 'image/png', 'disposition' => 'inline'),
Array ('name' => 'wbmp', 'type' => 'image/vnd.wap.wbmp', 'disposition' => 'inline'),
Array ('name' => 'pdf', 'type' => 'application/pdf', 'disposition' => 'inline'),
Array ('name' => 'exe', 'type' => 'application/octet-stream', 'disposition'=> 'attatchment'),
Array ('name' => 'zip', 'type' => 'application/x-zip', 'disposition' => 'attatchment'),
Array ('name' => 'gzip', 'type' => 'application/gzip', 'disposition' => 'attatchment'),
Array ('name' => 'tgz', 'type' => 'application/tgz', 'disposition' => 'attatchment'),
Array ('name' => 'gz', 'type' => 'application/gz', 'disposition' => 'attatchment'),
Array ('name' => 'doc', 'type' => 'application/ms-word', 'disposition' => 'inline'),
Array ('name' => 'xls', 'type' => 'application/ms-excel', 'disposition' => 'inline'),
Array ('name' => 'csv', 'type' => 'application/ms-excel', 'disposition' => 'inline'),
Array ('name' => 'swf', 'type' => 'application/x-shockwave-flash', 'disposition' => 'inline'),
Array ('name' => 'txt', 'type' => 'text/plain', 'disposition' => 'inline'),
Array ('name' => 'text', 'type' => 'text/plain', 'disposition' => 'inline'),
Array ('name' => 'rtf', 'type' => 'text/richtext', 'disposition' => 'inline'),
Array ('name' => 'xml', 'type' => 'text/xml', 'disposition' => 'inline'),
Array ('name' => 'css', 'type' => 'text/css', 'disposition' => 'inline'),
Array ('name' => 'js', 'type' => 'text/plain', 'disposition' => 'inline'),
Array ('name' => 'wml', 'type' => 'text/vnd.wap.wml', 'disposition' => 'inline'),
Array ('name' => 'avi', 'type' => 'video/avi', 'disposition' => 'attatchment'),
Array ('name' => 'mpg', 'type' => 'video/mpeg', 'disposition' => 'attatchment'),
Array ('name' => 'mpeg', 'type' => 'video/mpeg', 'disposition' => 'attatchment'),
Array ('name' => 'mpe', 'type' => 'video/mpeg', 'disposition' => 'attatchment'),
Array ('name' => 'wmv', 'type' => 'video/x-ms-wmv', 'disposition' => 'attatchment'),
Array ('name' => 'asf', 'type' => 'video/x-ms-asf', 'disposition' => 'attatchment')
);
# Load the config file:
require_once('config.inc.php');
# Require the needed files...
require_once(PATH_ADODB . 'adodb.inc.php');
require_once(PATH_CORE . 'auth.inc.php');
require_once(PATH_CORE . 'database.inc.php');
require_once(PATH_CORE . 'method.inc.php');
require_once(PATH_CORE . 'session.inc.php');
require_once(PATH_CORE . 'translate.inc.php');
require_once(PATH_CORE . 'setup.inc.php');
require_once(PATH_CORE . 'vars.inc.php');
require_once(PATH_CORE . 'xml.inc.php');
## Path to the error file
define ( 'ERROR_GIF', PATH_THEMES.DEF_THEME_N.'/images/htaccess_error.gif' );
# start the debugger
$C_debug = new CORE_debugger;
# initialize the GET/POST vars
$C_vars = new CORE_vars;
$VAR = $C_vars->f;
# initialize the site setup
$C_setup = new CORE_setup;
# initialize the session handler
$C_sess = new CORE_session;
# define the other session variables as constants
$C_sess->session_constant();
# initialize the translation handler
$C_translate = new CORE_translate;
# update the session constants
$C_sess->session_constant_log();
# initialze the authentication handler
$force = false;
$C_auth = new CORE_auth ($force);
########################################################################
# Verify the User's Access
$authorized = false;
if(defined("SESS_LOGGED"))
if(SESS_LOGGED == "1" && check_auth($VAR['_HTACCESS_ID']))
$authorized = true;
############################################################################
## If this was a GET:
if ( isset($REQUEST_URI ) )
{
$ARRAY = explode ( '?', $REQUEST_URI);
$REQUEST_URI = $ARRAY[0] ;
}
## Define global system vars...
if(!isset($DOCUMENT_ROOT)) $DOCUMENT_ROOT = $_SERVER["DOCUMENT_ROOT"];
if(!isset($REQUEST_URI)) $REQUEST_URI = $_SERVER["REQUEST_URI"];
if(!isset($SCRIPT_FILENAME)) $SCRIPT_FILENAME = $_SERVER["SCRIPT_FILENAME"];
############################################################################
### Check if File Exists:
if (file_exists($DOCUMENT_ROOT.$REQUEST_URI) &&
($SCRIPT_FILENAME != $DOCUMENT_ROOT.$REQUEST_URI) &&
($REQUEST_URI != "/") &&
(!ereg( '[////]{2,}$', $REQUEST_URI ) ) )
{
$url = $REQUEST_URI;
########################################################################
# Check Passthu File Types:
for ($i=0; $i<count($_PassFiles); $i++)
{
$ext = substr (strrchr ($DOCUMENT_ROOT.$url, "."), 1);
if ( strtolower ( $ext ) == $_PassFiles[$i]["name"] )
{
if ($authorized)
{
# determine the filename:
$ext1 = $_PassFiles[$i]['name'];
@$arr2 = explode('/', $REQUEST_URI);
$file_name = 'download.'.$ext1;
for($ii=0; $ii<count($arr2); $ii++)
$file_name = $arr2[$ii];
# Set the correct header info:
header("Content-type: " . $_PassFiles[$i]['type']);
header("Content-Disposition: " . $_PassFiles[$i]['disposition'] . ";filename=$file_name");
header("Cache-Control: no-store, no-cache, must-revalidate");
header("Cache-Control: post-check=0, pre-check=0", false);
header("Pragma: no-cache");
@readfile ($DOCUMENT_ROOT.$url, "r");
exit();
}
else
{
# Display the error gif:
header("Content-type: image/gif");
header("Content-Disposition: inline;filename=error.gif");
header("Cache-Control: no-store, no-cache, must-revalidate");
header("Cache-Control: post-check=0, pre-check=0", false);
header("Pragma: no-cache");
@readfile (ERROR_GIF, "r");
exit();
}
}
}
########################################################################
# Check Include File Types:
for ($i=0; $i<count($_IncludeFiles); $i++)
{
$ext = substr (strrchr ($DOCUMENT_ROOT.$url, "."), 1);
if ( strtolower ( $ext ) == $_IncludeFiles[$i] )
{
if ($authorized)
{
## run:
include_once ( $DOCUMENT_ROOT.$url );
exit();
}
else
{
## forward to login page:
header("Location: ".URL."?_page=account:login_htaccess&_htaccess_id=" . $VAR['_HTACCESS_ID'] . '&_htaccess_dir_id=' . $VAR['_HTACCESS_DIR_ID']);
}
}
}
########################################################################
# Check Virtual File Types:
for ($i=0; $i<count($_VirtualFiles); $i++)
{
$ext = substr (strrchr ($DOCUMENT_ROOT.$url, "."), 1);
if ( strtolower ( $ext ) == $_VirtualFiles[$i] )
{
virtual ( $DOCUMENT_ROOT.$url . "?" . $variables); // < needs some work!
exit();
}
}
}
########################################################################
### Load the index file:
$url=strip_tags($REQUEST_URI);
$url_array=explode("/",$url);
array_shift($url_array);
if ( $authorized ) {
if(!empty($url_array) && file_exists($DOCUMENT_ROOT.$url.INDEX_FILE) ) {
include(INDEX_FILE);
exit();
} else {
## Locate the index file, if any
for($i=0; $i<count($_IncludeFiles); $i++) {
if(file_exists($DOCUMENT_ROOT.$url.'index.'.$_IncludeFiles[$i])) {
include($DOCUMENT_ROOT.$url.'index.'.$_IncludeFiles[$i]);
exit();
}
}
## No index located!
echo "<BR><BR><B><CENTER>PAGE NOT FOUND</CENTER></B>";
exit();
}
} else {
## forward to login page:
header("Location: ".URL."?_page=account:login_htaccess&_htaccess_id=" . $VAR['_HTACCESS_ID'] . '&_htaccess_dir_id=' . $VAR['_HTACCESS_DIR_ID']);
exit();
}
########################################################################
# Filetype not defined, force download:
header("Pragma: public");
header("Expires: 0");
header("Cache-Control: must-revalidate, post-check=0, pre-check=0");
header("Content-Type: application/force-download");
header("Content-Type: application/octet-stream");
header("Content-Type: application/download");
header("Content-Disposition: attachment; filename=".@basename($DOCUMENT_ROOT.$url).";");
header("Content-Transfer-Encoding: binary");
header("Content-Length: ".@filesize($DOCUMENT_ROOT.$url));
@readfile("$DOCUMENT_ROOT.$url");
exit();
##############################
## Check Authentication ##
##############################
function check_auth($id)
{
### Check if user is a member of one of the authorized groups:
$db = &DB();
$sql = 'SELECT status,group_avail FROM ' . AGILE_DB_PREFIX . 'htaccess WHERE
site_id = ' . $db->qstr(DEFAULT_SITE) . ' AND
status = ' . $db->qstr('1') . ' AND
id = ' . $db->qstr($id);
$result = $db->Execute($sql);
if($result->RecordCount() > 0) {
global $C_auth;
@$arr = unserialize($result->fields['group_avail']);
for($i=0; $i<count($arr); $i++)
if($C_auth->auth_group_by_id($arr[$i]))
return true;
}
return false;
}
ob_end_flush();
?>