* @license GPLv3 * @copyright 2008 Masoud Gheysari M */ // -- CONFIG SECTION define(ROOT_PATH,'/home/groups/i/im/imgal/htdocs/'); // physical root path where you want to browse. define(SHOW_THUMBNAIL,true); // if set to true, imgal shows thumbnail for images. define(FAST_RENDER,false); // if set to true, thumbnail images will render more quickly but with less quality. define(HERO_PASSWORD,'imgal'); // password of the hero user (the superuser) who can upload files. define(MAX_THUMB_WIDTH,96); define(MAX_THUMB_HEIGHT,64); define(ICONS_PER_ROW,8); define(PREVIEW_TEXT_FILES,true);// should imgal preview text files. define(PREVIEW_HTML_FILES,true);// should imgal preview html files. define(PREVIEW_CODE_FILES,true);// should imgal preview code files. define(SHOW_NAMES_BESIDE,false);// should imgal show file/folder names beside icons (or below them). define(DOWNLOAD_ZIP_DIR,false); // directories can be downloaded as a zip file define(DOWNLOAD_TAR_DIR,true); // directories can be downloaded as a tar file define(TEMP_PATH,'./'); // temporary path for storing zipped files // -- END CONFIG SECTION define(IMGAL_VERSION,'imgal-0.6.9'); session_start(); $image_extensions=array('png','jpg','gif'); $text_extensions=array('txt','log','ini','bat','sh','nfo'); $html_extensions=array('htm','html'); $code_extensions=array('php'); $browsing=$_GET['path']; if(!isset($browsing)) $browsing='/'; if(strstr($browsing,'..')) // added for security. $browsing='/'; $browsing=str_replace('\\','/',$browsing); if(substr(ROOT_PATH,-1,1)=='/' || substr(ROOT_PATH,-1,1)=='\\') { // added to resolve possible error in mkdir() because of two slashes. $path=substr(ROOT_PATH,0,-1).$browsing; } else { $path=ROOT_PATH.$browsing; } if(substr($path,-1,1)=='/' || substr($path,-1,1)=='\\') $path=substr($path,0,-1); $path=make_physical_path($path); if(is_dir($path)) $path.='/'; $path=str_replace('\\','/',$path); $mode=$_GET['mode']; switch($mode) { case 'logout': session_unset(); $message='You have successfuly logged out from imgal.'; break; case 'login': if($_POST['password']==HERO_PASSWORD) { $_SESSION['username']='hero'; $message='You have successfuly logged in to imgal with HERO power!'; } else { $message='Invalid password for HERO (superuser).'; } break; case 'mkdir': if($_SESSION['username']!='hero') { $message='You must first log in with HERO user to make a directory.'; } else { $mkdir=get_file_path($path).$_POST['dir-name'];; if(@mkdir($mkdir)) { $message="Folder created succefully."; } else { $message="Possible make directory attack!"; } } break; case 'upload': if($_SESSION['username']!='hero') { $message='You must first log in with HERO user to upload a file.'; } else { $uploaddir=get_file_path($path); $uploadfile=$uploaddir.basename($_FILES['file-path']['name']); if(move_uploaded_file($_FILES['file-path']['tmp_name'], $uploadfile)) { $message="File is valid, and was successfully uploaded."; } else { $message="Possible file upload attack!"; } } break; case 'link': if($_SESSION['username']!='hero') { $message='You must first log in with HERO user to make a link.'; } else { $address=$_POST['address']; $address=str_replace('\\','/',$address); $file=fopen(get_file_path($path).get_file_name($address).'.imgal','w'); fwrite($file,$address); fclose($file); $message="File/Directory link created successfully."; } case 'thumb': if(is_image($path)) { switch (get_file_extension($path)) { case 'png': $im = imagecreatefrompng($path); break; case 'jpg': $im = imagecreatefromjpeg($path); break; case 'gif': $im = imagecreatefromgif($path); break; } if($im) { header("Content-Type: image/jpeg"); $width=imagesx($im); $height=imagesy($im); if($width/$height>MAX_THUMB_WIDTH/MAX_THUMB_HEIGHT) { $new_width=MAX_THUMB_WIDTH; $new_height=($height/$width)*MAX_THUMB_WIDTH; } else { $new_width=($width/$height)*MAX_THUMB_HEIGHT; $new_height=MAX_THUMB_HEIGHT; } if(FAST_RENDER) { $im2=imagecreate($new_width,$new_height); imagecopyresized($im2,$im,0,0,0,0,$new_width,$new_height,$width,$height); } else { $im2=imagecreatetruecolor($new_width,$new_height); imagecopyresampled($im2,$im,0,0,0,0,$new_width,$new_height,$width,$height); } imagejpeg($im2); } die(); } break; case 'image': if(is_image($path)) { header('Content-Disposition: attachment; filename="'.get_file_name($path).'"'); header('Content-Length: '.filesize($path)); readfile($path); die(); } break; case 'download': if(is_file($path)) { header('Content-Disposition: attachment; filename="'.get_file_name($path).'"'); header('Content-Length: '.filesize($path)); readfile($path); die(); } break; case 'download-zip': if(is_dir($path) && DOWNLOAD_ZIP_DIR) { $create_zip=new createZip($temp_path); $files=prepare_file_list($path); $create_zip->addDirectory(get_file_name($browsing).'/'); zip_add_files($create_zip,$files,get_file_name($browsing).'/'); $create_zip->prepareZippedfile(); $create_zip->forceDownload(get_file_name($browsing).'.zip'); die(); } break; case 'download-tar': if(is_dir($path) && DOWNLOAD_TAR_DIR) { $files=prepare_file_list($path,$tar_total_size); tar_add_files($files,get_file_name($browsing).'/',$files_list); generateTAR($files_list,$tar_total_size); die(); } break; case 'copy': if($_SESSION['username']!='hero') { $message='You must first log in with HERO user to copy a file.'; } else { $url = $_POST['copy-url']; $localfile = $path.get_file_name($url); if(copy($url, $localfile)) $message='File successfully copied to local server.'; else $message='Error in copying file.'; } case 'search': $find=$_POST['query']; $matches=array(); $files=prepare_file_list($path); search_add_files($browsing,$files,$files_list); foreach($files_list as $name=>$address) { if(($i=stripos(get_file_name($name),$find))!==false) { $matches[$name]=$address; } } break; } if(is_file($path)) { if(is_image($path)) { $file_path=get_file_path($path); $files=array(); if ($handle = opendir($file_path)) { while (false !== ($file = readdir($handle))) { if(is_file($file_path.'/'.$file) && in_array(get_file_extension($file),$image_extensions)) { $files[]=$file; } } closedir($handle); $current_image=array_search(get_file_name($path),$files); $total_images=sizeof($files); if($current_image>0) { $previous_file=$files[$current_image-1]; } if($current_image<$total_images) { $next_file=$files[$current_image+1]; } } generate_header(); echo '
'; echo make_image_in_frame($browsing,false); echo '
'; generate_footer(); die(); } elseif(is_text($path) && PREVIEW_TEXT_FILES) { generate_header(); echo '
';
			readfile($path);
			echo '
'; generate_footer(); die(); } elseif(is_html($path) && PREVIEW_HTML_FILES) { generate_header(); readfile($path); generate_footer(); die(); } elseif(is_code($path) && PREVIEW_CODE_FILES) { generate_header(); highlight_file($path); generate_footer(); die(); } else { header('Content-Disposition: attachment; filename="'.get_file_name($path).'"'); header('Content-Length: '.filesize($path)); readfile($path); die(); } } generate_header(); $dirs=array(); $files=array(); if($mode=='search' && $find) { $i=0; echo ''; foreach($matches as $name=>$address) { if($i>=ICONS_PER_ROW) { echo ''; $i=0; } echo ''; $i++; } echo '
'; if(!SHOW_NAMES_BESIDE) echo '
'; if(is_image($name) && SHOW_THUMBNAIL) { echo make_image_in_frame($name,true); } else { echo make_file_icon($name); } if(!SHOW_NAMES_BESIDE) echo '
'; '
'; } else { if ($handle = opendir($path)) { while (false !== ($file = readdir($handle))) { if(is_dir($path.$file)) { if($file!='.' && $file!='..') { $dirs[]=array('name'=>$file,'type'=>'p'); } } elseif(is_file($path.$file) && get_file_extension($path.$file)=='imgal') { $temp_path=make_physical_path(substr($path.$file,0,-6)); if(is_dir($temp_path)) { $dirs[]=array('name'=>substr($file,0,-6),'type'=>'v'); } else { $files[]=substr($file,0,-6); } } elseif(get_file_extension($path.$file)!='imgaltemp') { $files[]=$file; } } closedir($handle); sort($dirs); sort($files); $i=0; echo ''; foreach($dirs as $dir) { if($dir['type']=='p') { $icon='folder.png'; } else { $icon='vfolder.png'; } if($i>=ICONS_PER_ROW) { echo ''; $i=0; } echo ''; $i++; } foreach($files as $file) { if($i>=ICONS_PER_ROW) { echo ''; $i=0; } echo ''; $i++; } echo '
'; if(!SHOW_NAMES_BESIDE) echo '
'; echo ''; if(!SHOW_NAMES_BESIDE) echo '
'; echo ''.$dir['name'].''; if(!SHOW_NAMES_BESIDE) echo '
'; echo '
'; if(!SHOW_NAMES_BESIDE) echo '
'; if(is_image($file) && SHOW_THUMBNAIL) { echo make_image_in_frame($browsing.$file,true); } else { echo make_file_icon($browsing.$file); } if(!SHOW_NAMES_BESIDE) echo '
'; '
'; } } generate_footer(); function make_image_in_frame($image,$thumb=false) { global $browsing; $rtn =''; $rtn.=''; $rtn.='
'; if($thumb) $rtn.=''; else $rtn.=''; $rtn.=''; if(SHOW_NAMES_BESIDE) $rtn.=''.get_file_name($image).''; $rtn.='
'; if(!SHOW_NAMES_BESIDE) $rtn.=''.get_file_name($image).''; return $rtn; } function make_file_icon($path) { $file_extension=get_file_extension($path); if(file_exists(realpath("./images/mimetypes/$file_extension.png"))) $img=$file_extension.'.png'; else $img='file.png'; $rtn =''; if(!SHOW_NAMES_BESIDE) $rtn.='
'; $rtn.=''.get_file_name($path).''; return $rtn; } function is_image($path) { $file_extension=get_file_extension($path); return in_array($file_extension,$GLOBALS['image_extensions']); } function get_file_extension($path) { $dot_position=strrpos($path,'.')+1; $file_extension=strtolower(substr($path,$dot_position,strlen($path)-$dot_position)); return $file_extension; } function get_file_name($path) { for($i=0;$i'.IMGAL_VERSION.''; echo '
'; echo ''; echo '
'.IMGAL_VERSION.'
I\'m Image Gallery!
'; echo '
'; echo '
'; echo 'Currently Browsing:
'.$browsing.'
'; if($GLOBALS['message']) { echo 'Message:
'.$GLOBALS['message'].'
'; } echo '
'; echo ''; echo '
'; echo '
'; if(isset($total_images)) { echo 'Image
('.($current_image+1).' of '.$total_images.')
'; } elseif (is_text($path) || is_html($path) || is_code($path)) { echo 'Download this file'; } if (is_dir($path) && DOWNLOAD_ZIP_DIR) { echo 'Download this directory as a ZIP archive'; } if(is_dir($path) && DOWNLOAD_ZIP_DIR && DOWNLOAD_TAR_DIR) echo '
'; if (is_dir($path) && DOWNLOAD_TAR_DIR) { echo 'Download this directory as a TAR archive'; } echo '

'; if($browsing!='/' || ($mode=='search')) { if($i=strrpos(substr($browsing,0,-1),'/')) { $browsing_up=substr($browsing,0,$i).'/'; } else { $browsing_up='/'; } if($mode=='search') $browsing_up=$browsing; if($previous_file) { echo ''; } elseif(is_image($path)) { echo ''; } if($next_file) { echo ''; } elseif(is_image($path)) { echo ''; } echo ''; } echo '


'; } function generate_footer() { global $browsing; echo '
'; if($_SESSION['username']=='hero') { echo ''; } else { echo ''; } echo '
'; echo '
'; echo '
'; echo '
'; echo '
'; echo '
'; echo '
'; echo '
'; echo '
'; echo '
'; echo '
'; echo '
'; echo '
'; echo '

'; echo '
Log Out
'; echo '

'; echo '
'; echo '
'; echo 'Username: HERO / Password: '; echo '
'; echo '
'; echo ''; } function is_text($path) { $file_extension=get_file_extension($path); return in_array($file_extension,$GLOBALS['text_extensions']); } function is_html($path) { $file_extension=get_file_extension($path); return in_array($file_extension,$GLOBALS['html_extensions']); } function is_code($path) { $file_extension=get_file_extension($path); return in_array($file_extension,$GLOBALS['code_extensions']); } function make_physical_path($path) { $j=array(); if(!is_file($path) && !is_dir($path)) { for($i=0;$i<=strlen($path);$i++) { if(substr($path,$i,1)=='/' || $i==strlen($path)) $j[]=substr($path,0,$i); } foreach($j as $i) { if(is_file($i.'.imgal')) { $path=file_get_contents($i.'.imgal').substr($path,strlen($i)); return make_physical_path($path); break; } } } else { return $path; } } function prepare_file_list($path,&$tar_total_size=0) { $files=array(); if ($handle = opendir($path)) { while (false !== ($file = readdir($handle))) { if(is_file($path.'/'.$file)) { if(substr($file,-5,5)=='imgal') { $vir_name=substr($file,0,-6); $new_file=make_physical_path($path.'/'.$vir_name); if(is_file($new_file)) { if(substr($new_file,-10,10)!='.imgaltemp') { $files[$vir_name]=$new_file; $tar_total_size+= filesize($new_file)+ 1024-(filesize($new_file)%512); } } else { $files[$vir_name]=prepare_file_list($new_file,$tar_total_size); } } else { if(substr($file,-10,10)!='.imgaltemp') { $files[$file]=$path.'/'.$file; $tar_total_size+= filesize($path.'/'.$file)+ 1024-(filesize($path.'/'.$file)%512); } } } elseif(is_dir($path.'/'.$file) && $file!='.' && $file!='..') { $files[$file]=prepare_file_list($path.'/'.$file.'/',$tar_total_size); } } } return $files; } function search_add_files($browsing,$files,&$files_list) { foreach($files as $name=>$address) { if(is_array($address)) { search_add_files($browsing.'/'.$name,$address,$files_list); } else { $files_list[$browsing.'/'.$name]=$address; } } } function zip_add_files(&$create_zip,$files,$root_path='/') { foreach($files as $name=>$address) { if(is_array($address)) { $create_zip->addDirectory($root_path.$name.'/'); zip_add_files(&$create_zip,$address,$root_path.$name.'/'); } else { $create_zip->addFile(file_get_contents($address),$root_path.$name); } } } function tar_add_files($files,$root_path='/',&$files_list) { foreach($files as $name=>$address) { if(is_array($address)) { tar_add_files($address,$root_path.$name.'/',$files_list); } else { $files_list[$root_path.$name]=$address; } } } /** * Class to dynamically create a zip file (archive) * @author Rochak Chauhan, modified by: Masoud Gheysari M */ class createZip { public $compressedData = array(); public $centralDirectory = array(); // central directory public $endOfCentralDirectory = "\x50\x4b\x05\x06\x00\x00\x00\x00"; //end of Central directory record public $oldOffset = 0; public $temp_file_name; private $file; private $data_length; function createZip($temp_path) { $this->temp_file_name=$temp_path.rand(100000,999999).'.imgaltemp'; $this->file=fopen($this->temp_file_name,'w'); } public function addDirectory($directoryName) { $directoryName = str_replace("\\", "/", $directoryName); $feedArrayRow = "\x50\x4b\x03\x04"; $feedArrayRow .= "\x0a\x00"; $feedArrayRow .= "\x00\x00"; $feedArrayRow .= "\x00\x00"; $feedArrayRow .= "\x00\x00\x00\x00"; $feedArrayRow .= pack("V",0); $feedArrayRow .= pack("V",0); $feedArrayRow .= pack("V",0); $feedArrayRow .= pack("v", strlen($directoryName) ); $feedArrayRow .= pack("v", 0 ); $feedArrayRow .= $directoryName; $feedArrayRow .= pack("V",0); $feedArrayRow .= pack("V",0); $feedArrayRow .= pack("V",0); fwrite($this->file,$feedArrayRow); $this->data_length+=strlen($feedArrayRow); $newOffset = $this->data_length; $addCentralRecord = "\x50\x4b\x01\x02"; $addCentralRecord .="\x00\x00"; $addCentralRecord .="\x0a\x00"; $addCentralRecord .="\x00\x00"; $addCentralRecord .="\x00\x00"; $addCentralRecord .="\x00\x00\x00\x00"; $addCentralRecord .= pack("V",0); $addCentralRecord .= pack("V",0); $addCentralRecord .= pack("V",0); $addCentralRecord .= pack("v", strlen($directoryName) ); $addCentralRecord .= pack("v", 0 ); $addCentralRecord .= pack("v", 0 ); $addCentralRecord .= pack("v", 0 ); $addCentralRecord .= pack("v", 0 ); $ext = "\x00\x00\x10\x00"; $ext = "\xff\xff\xff\xff"; $addCentralRecord .= pack("V", 16 ); $addCentralRecord .= pack("V", $this -> oldOffset ); $this -> oldOffset = $newOffset; $addCentralRecord .= $directoryName; $this -> centralDirectory[] = $addCentralRecord; } public function addFile($data, $directoryName) { $directoryName = str_replace("\\", "/", $directoryName); $feedArrayRow = "\x50\x4b\x03\x04"; $feedArrayRow .= "\x14\x00"; $feedArrayRow .= "\x00\x00"; $feedArrayRow .= "\x08\x00"; $feedArrayRow .= "\x00\x00\x00\x00"; $uncompressedLength = strlen($data); $compression = crc32($data); $gzCompressedData = gzcompress($data); $gzCompressedData = substr( substr($gzCompressedData, 0, strlen($gzCompressedData) - 4), 2); $compressedLength = strlen($gzCompressedData); $feedArrayRow .= pack("V",$compression); $feedArrayRow .= pack("V",$compressedLength); $feedArrayRow .= pack("V",$uncompressedLength); $feedArrayRow .= pack("v", strlen($directoryName) ); $feedArrayRow .= pack("v", 0 ); $feedArrayRow .= $directoryName; $feedArrayRow .= $gzCompressedData; $feedArrayRow .= pack("V",$compression); $feedArrayRow .= pack("V",$compressedLength); $feedArrayRow .= pack("V",$uncompressedLength); fwrite($this->file,$feedArrayRow); $this->data_length+=strlen($feedArrayRow); $newOffset = $this->data_length; $addCentralRecord = "\x50\x4b\x01\x02"; $addCentralRecord .="\x00\x00"; $addCentralRecord .="\x14\x00"; $addCentralRecord .="\x00\x00"; $addCentralRecord .="\x08\x00"; $addCentralRecord .="\x00\x00\x00\x00"; $addCentralRecord .= pack("V",$compression); $addCentralRecord .= pack("V",$compressedLength); $addCentralRecord .= pack("V",$uncompressedLength); $addCentralRecord .= pack("v", strlen($directoryName) ); $addCentralRecord .= pack("v", 0 ); $addCentralRecord .= pack("v", 0 ); $addCentralRecord .= pack("v", 0 ); $addCentralRecord .= pack("v", 0 ); $addCentralRecord .= pack("V", 32 ); $addCentralRecord .= pack("V", $this -> oldOffset ); $this -> oldOffset = $newOffset; $addCentralRecord .= $directoryName; $this -> centralDirectory[] = $addCentralRecord; } public function prepareZippedfile() { $controlDirectory = implode("", $this -> centralDirectory); fwrite($this->file,$controlDirectory.$this->endOfCentralDirectory. pack("v", sizeof($this -> centralDirectory)). pack("v", sizeof($this -> centralDirectory)). pack("V", strlen($controlDirectory)). pack("V", $this->data_length)."\x00\x00"); fclose($this->file); } public function forceDownload($file_name) { $archiveName=$this->temp_file_name; $headerInfo = ''; if(ini_get('zlib.output_compression')) { ini_set('zlib.output_compression', 'Off'); } header("Pragma: public"); header("Expires: 0"); header("Cache-Control: must-revalidate, post-check=0, pre-check=0"); header("Cache-Control: private",false); header("Content-Type: application/zip"); header("Content-Disposition: attachment; filename=".$file_name.";" ); header("Content-Transfer-Encoding: binary"); header("Content-Length: ".filesize($archiveName)); readfile($archiveName); unlink($archiveName); } } /** * @author Josh Barger , modified by: Masoud Gheysari M * @copyright Copyright (C) 2002 Josh Barger */ function generateTAR($files_list,$tar_total_size) { header("Pragma: public"); header("Expires: 0"); header("Cache-Control: must-revalidate, post-check=0, pre-check=0"); header("Cache-Control: private",false); header("Content-Type: application/x-tar"); header("Content-Disposition: attachment; filename=".get_file_name($GLOBALS['browsing']).".tar;" ); header("Content-Transfer-Encoding: binary"); header("Content-Length: ".($tar_total_size+512)); foreach($files_list as $name => $address) { $header .= str_pad($name,100,chr(0)); $header .= str_pad(decoct('777'),7,"0",STR_PAD_LEFT) . chr(0); $header .= str_pad(decoct('0'),7,"0",STR_PAD_LEFT) . chr(0); $header .= str_pad(decoct('0'),7,"0",STR_PAD_LEFT) . chr(0); $header .= str_pad(decoct(filesize($address)),11,"0",STR_PAD_LEFT) . chr(0); $header .= str_pad(decoct(filectime($address)),11,"0",STR_PAD_LEFT) . chr(0); $header .= str_repeat(" ",8); $header .= "0"; $header .= str_repeat(chr(0),100); $header .= str_pad("ustar",6,chr(32)); $header .= chr(32) . chr(0); $header .= str_pad('root',32,chr(0)); $header .= str_pad('root',32,chr(0)); $header .= str_repeat(chr(0),8); $header .= str_repeat(chr(0),8); $header .= str_repeat(chr(0),155); $header .= str_repeat(chr(0),12); $checksum = str_pad(decoct(computeUnsignedChecksum($header)),6,"0",STR_PAD_LEFT); for($i=0; $i<6; $i++) { $header[(148 + $i)] = substr($checksum,$i,1); } $header[154] = chr(0); $header[155] = chr(32); echo $header; readfile($address); echo str_repeat(chr(0),512-(filesize($address)%512)); unset($header); } echo str_repeat(chr(0),512); } function computeUnsignedChecksum($bytestring) { for($i=0; $i<512; $i++) $unsigned_chksum += ord($bytestring[$i]); for($i=0; $i<8; $i++) $unsigned_chksum -= ord($bytestring[148 + $i]); $unsigned_chksum += ord(" ") * 8; return $unsigned_chksum; } ?>