Call this v1.2.1! Bugfixes, and more

2020-11-22 13:41:09 -08:00 · 2020-11-22 13:41:09 -08:00 · 6f55ba9a40
parent 91a6409b1c
commit 6f55ba9a40
11 changed files with 85 additions and 68 deletions
--- a/13
+++ b/13
@ -1,13 +1,20 @@
 --- SOFM ---
-SOFM (Simple online file manager) is a file manager written in PHP. 
+SOFM (Simple online file manager) is a file manager written in PHP.
 This software is released under the GPLv3.

 --- Usage ---
-*Extract SOFM anywhere and chmod 776 users/ 
+*Extract SOFM anywhere and chmod 776 users/
 *Modify config.php to your standards.
 *Connect to SOFM from any web browser.

 --- Changelog ---
+11/22/2020 - v1.2.1
+*CSS modifications
+*Directory creation bug fixes
+*Redirection fixes, navigation bar modifications
+*Check for directory backspacing (..)
+*Added file mimetypes for upload (extensions included)
+
 11/4/2020 - v1.1.0
 *Other subtle CSS changes, W3S verified
 *Fixed some mimetypes, and added file extensions to database
@ -21,4 +28,4 @@ This software is released under the GPLv3.
 *Modified header / footer files from parsing text to parsing via php for usage of the server side functions

 --- Licensing and copyright:
-(C) Copyright 2014 Chris Dorman - Some rights reserved
+(C) Copyright 2014-2020 Chris Dorman - Some rights reserved
--- a/config.php
+++ b/config.php
@ -1,18 +1,18 @@
 <?php

 //$config_var[0] = "password"; // Registration validation key - not needed //
-$config_var[1] = "5368709120"; // Max virtual disk space usage - default 500MB //
-$config_var[2] = "157291000"; // Max file upload space - default 10MB //
-$config_var[3] = "SOFM"; // Title //
-$config_var[4] = "Simple Online File Manager"; // Description //
+$config_var[1] = "21474825485"; // Max virtual disk space usage - default 500MB //
+$config_var[2] = "367000000"; // Max file upload space - default 10MB //
+$config_var[3] = "Simple Online File Manager"; // Title //
+$config_var[4] = "Flat file multi user file manager with set usage and file upload restrictions"; // Description //

 $title = $config_var[3];
 $desc = $config_var[4];
 $user_max_webspace = $config_var[1];
 $user_max_upload = $config_var[2];

-$version = "v1.1.0"; // Current version ~ displayed in footer.
+$version = "v1.2.1"; // Current version ~ displayed in footer.
 // Allowed file extensions within array. Easy to handle as well as loop
-$allowedExts = array("gif", "jpeg", "jpg", "png", "bmp", "ico", "swf", "txt", "html", "htm", "xhtml", "css", "js", "c", "cpp", "lua", "py", "tar", "zip", "rar", "gz", "7z", "bz2", "tgz", "mp3", "mp4", "ogg", "wav", "ogv", "flv", "webm", "pdf", "json", "ttf", "rtf", "otf", "svg");
+$allowedExts = array("gif", "jpeg", "jpg", "png", "bmp", "ico", "swf", "txt", "html", "htm", "xhtml", "css", "js", "c", "cpp", "lua", "py", "tar", "zip", "rar", "gz", "7z", "bz2", "tgz", "mp3", "mp4", "ogg", "wav", "ogv", "flv", "webm", "pdf", "json", "ttf", "rtf", "otf", "svg", "bz", "sig", "sum", "tbz", "xz", "iso", "img", "apk");

 ?>
--- a/ctrl.php
+++ b/ctrl.php
@ -22,6 +22,8 @@ if($password!=$user_password)
 	header("Location: index.php");
 }

+$strlength = "60";
+
 // Check to see if someone is backtracking in pathfinder
 if(isset($_GET['p']))
 {
@ -44,11 +46,11 @@ if(isset($_GET['f']))
 	if(isset($_GET['p']))
 	{
 		$path = $_GET['p'];
-		header("Location: users/$username/$path/$file");
+		header("Location: https://ho.st.us.to/$username/$path/$file");
 	}
 	else
 	{
-		header("Location: users/$username/$file");
+		header("Location: https://ho.st.us.to/$username/$file");
 	}
 }

@ -312,15 +314,25 @@ EOD;
 					$dirname = $_POST['dirname'];
 					$badchars = array("*", "'", "\"", "(", ")", "[", "]", "#", "$", "@", "!", "%", "^", "|", "+", "&", "=");
 					$dirname = stripslashes(htmlentities(str_replace($badchars, '', $dirname)));
+					
+					if(stristr($dirname, "..") == true)
+					{
+						header("Location: ctrl.php?action=backtracking_error");
+					}
+					
 					if(file_exists("users/$username/$path/$dirname"))
 					{
 						echo "Error: Directory exists.";
 					}
 					else
 					{
-						mkdir("users/$username/$path/$dirname", 0777);
-						//file_put_contents("users/$username/$path/$dirname/index.html", "<html><meta http-equiv='refresh' content='o;url=/'></html>");
-						header("Location: ctrl.php?p=$path");
+						if(!preg_match("/^[A-Za-z0-9-_]+$/", $dirname)) {
+							echo "Only characters A-Z, 0-9, '_' and '-' in directory names";
+						} else {
+							mkdir("users/$username/$path/$dirname", 0777);
+							//file_put_contents("users/$username/$path/$dirname/index.html", "<html><meta http-equiv='refresh' content='o;url=/'></html>");
+							header("Location: ctrl.php?p=$path");
+						}
 					}
 				}
 			}
@ -335,9 +347,13 @@ EOD;
 				}
 				else
 				{
-					mkdir("users/$username/$dirname", 0777);
-					//file_put_contents("users/$username/$dirname/index.html", "<html><meta http-equiv='refresh' content='o;url=/'></html>");
-					header("Location: ctrl.php");
+					if(!preg_match("/^[A-Za-z0-9-_]+$/", $dirname)) {
+						echo "Characters only A-Z, 0-9, '_' and '-' in directory names";
+					} else {
+						mkdir("users/$username/$dirname", 0777);
+						//file_put_contents("users/$username/$dirname/index.html", "<html><meta http-equiv='refresh' content='o;url=/'></html>");
+						header("Location: ctrl.php");
+					}
 				}
 			}
 		}
@ -361,7 +377,7 @@ EOD;
 				if(is_dir("users/$username/$path")) {
 				if(isset($_GET['rf']))
 				{
-					$file = $_GET['rf'];
+					$file = stripslashes(htmlentities($_GET['rf']));
 					if(stristr($file, "..") == true)
 					{
 						header("Location: ctrl.php?action=backtracking_error");
@ -375,7 +391,7 @@ EOD;
 						{
 							file_put_contents("users/$username.usage", $usage);
 							unlink("users/$username/$path/$file");
-							header("Location: ctrl.php");
+							header("refresh: 0,url=ctrl.php?p=$path");
 						}	
 						else
 						{
@ -387,15 +403,15 @@ EOD;
 				}// Close rf check //
 				
 				}// Close is_dir check //
-				header("Location: ctrl.php");
+				header("refresh: 0,url=ctrl.php?p=$path");
 			}
-			header("Location: ctrl.php");
+			header("refresh: 0,url=ctrl.php?p=$path");
 		}
 		else
 		{
 			if(isset($_GET['rf']))
 			{
-				$file = $_GET['rf'];
+				$file = stripslashes(htmlentities($_GET['rf']));
 				if(stristr($file, "..") == true)
 				{
 					header("Location: ctrl.php?action=backtracking_error");
@ -424,7 +440,7 @@ EOD;
 	if($action=="removedir") {
 		if(isset($_GET['d']))
 		{
-			$dir = $_GET['d'];
+			$dir = stripslashes(htmlentities($_GET['d']));;
 			if(stristr($dir, "..") == true)
 			{
 				header("Location: ctrl.php?action=backtracking_error");
@ -464,7 +480,7 @@ else
 	echo "<div id='ctrlnav'>\n";
 	if(isset($_GET['p']))
 	{
-		$path = $_GET['p'];
+		$path = stripslashes(htmlentities($_GET['p']));
 		echo "<a href='index.php'>Home</a> &bull; \n";
 		echo "<a href='ctrl.php'>Back to /</a> &bull; \n";
 		echo "<a href='ctrl.php?action=upload&p=$path'>Upload</a> &bull; \n";
@ -494,7 +510,7 @@ else
 	{
 		if(is_dir("users/$username/" . $_GET['p']))
 		{
-			$path = $_GET['p'];
+			$path = stripslashes(htmlentities($_GET['p']));
 			$userdb = opendir("users/$username/$path");
 		}
 		else
@ -514,22 +530,34 @@ else
 			{
 				if(is_dir("users/$username/$path/$file") && $file!=".." && $file!=".")
 				{
-					echo "<img src='data/img/folder.png' style='padding-right: 4px;' alt='Folder' /><a href='ctrl.php?p=$path/$file'>$file</a><a style='padding-left: 35px; float:right;' href='ctrl.php?action=removedir&d=$path/$file'>Delete Directory</a><br />\n";
+					echo "<img src='data/img/folder.png' style='padding-right: 4px;' alt='Folder' /><a href='ctrl.php?p=$path/$file'>";
+					echo substr($file, 0, $strlength);
+					if(strlen($file) > $strlength) { echo "..."; }
+					echo "</a><a style='padding-left: 35px; float:right;' href='ctrl.php?action=removedir&d=$path/$file'>Delete Directory</a><br />\n";
 				}
 				else if($file!=".." && $file!=".")
 				{
-					echo "<img src='data/img/file.png' style='padding-right: 4px;' alt='File' /><a href='ctrl.php?f=$path/$file'>$file</a><a style='padding-left: 35px; float:right;' href='ctrl.php?action=remove&rf=$path/$file'>Delete File</a><br />\n";
+					echo "<img src='data/img/file.png' style='padding-right: 4px;' alt='File' /><a href='ctrl.php?f=$path/$file'>";
+					echo substr($file, 0, $strlength);
+					if(strlen($file) > $strlength) { echo "..."; }
+					echo "</a><a style='padding-left: 35px; float:right;' href='ctrl.php?action=remove&p=$path&rf=$file'>Delete File</a><br />\n";
 				}
 			}
 			else
 			{
 				if(is_dir("users/$username/$file") && $file!=".." && $file!=".")
 				{
-					echo "<img src='data/img/folder.png' style='padding-right: 4px;' alt='Folder' /><a href='ctrl.php?p=$file'>$file</a><a style='padding-left: 35px; float:right;' href='ctrl.php?action=removedir&d=$file'>Delete Directory</a><br />\n";
+					echo "<img src='data/img/folder.png' style='padding-right: 4px;' alt='Folder' /><a href='ctrl.php?p=$file'>";
+					echo substr($file, 0, $strlength);
+					if(strlen($file) > $strlength) { echo "..."; }
+					echo "</a><a style='padding-left: 35px; float:right;' href='ctrl.php?action=removedir&d=$file'>Delete Directory</a><br />\n";
 				}
 				else if($file!=".." && $file!=".")
 				{
-					echo "<img src='data/img/file.png' style='padding-right: 4px;' alt='File' /><a href='ctrl.php?f=$file'>$file</a><a style='padding-left: 35px; float:right;' href='ctrl.php?action=remove&rf=$file'>Delete File</a><br />\n";
+					echo "<img src='data/img/file.png' style='padding-right: 4px;' alt='File' /><a href='ctrl.php?f=$file'>";
+					echo substr($file, 0, $strlength);
+					if(strlen($file) > $strlength) { echo "..."; }
+					echo "</a><a style='padding-left: 35px; float:right;' href='ctrl.php?action=remove&rf=$file'>Delete File</a><br />\n";
 				}
 			}
 		}
--- a/data/log.txt
+++ b/data/log.txt
@ -1,26 +0,0 @@
-Backtracking: 127.0.0.1Backtracking: 127.0.0.1
-Backtracking: 127.0.0.1
-Backtracking: 127.0.0.1
-Backtracking: 127.0.0.1
-Backtracking: 127.0.0.1
-Backtracking: 127.0.0.1
-Backtracking: 127.0.0.1
-Backtracking: 127.0.0.1
-Backtracking: 127.0.0.1
-Backtracking: 127.0.0.1
-Backtracking: 127.0.0.1
-Backtracking: 127.0.0.1
-Backtracking: 127.0.0.1
-Backtracking: 127.0.0.1
-Backtracking: 127.0.0.1
-Backtracking: 127.0.0.1
-Backtracking: 127.0.0.1
-Backtracking: 127.0.0.1
-Backtracking: 69.255.179.102
-Backtracking: 69.255.179.102
-Backtracking: 69.255.179.102
-Backtracking: 66.172.12.166
-Backtracking: 66.172.12.166
-Backtracking: 66.172.12.166
-Backtracking: 69.255.179.102
-Backtracking: 66.172.12.166
--- a/footer.php
+++ b/footer.php
@ -2,12 +2,12 @@
 include("config.php");
 ?>

-</div>
 <div class="footer">
 	SOFM <?php echo $version; ?>, 2014-2020 &bull; <a href="terms.php">Terms Of Service</a><br />Powered by:<br />
 	<a href="https://freedns.afraid.org/"><img style="width:100px;" src="https://freedns.afraid.org/images/freedns_crop.png" /></a>
 	<a href="https://letsencrypt.org/"><img style="width: 100px;" src="https://letsencrypt.org/images/le-logo-wide.png" /></a>
 	<a href="http://jigsaw.w3.org/css-validator/validator?uri=hosting.cddo.cf&profile=css3svg"><img style="border:0;width:80px" src="http://jigsaw.w3.org/css-validator/images/vcss-blue" alt="Valid CSS!" /></a>
 </div>
+</div>
 </body>
 </html>
--- a/header.php
+++ b/header.php
@ -2,11 +2,12 @@
 <!DOCTYPE html>
 <html lang="en-US">
 <head>
-	<title>SOFM <?php echo $version; ?></title>
+	<title>FreeHost ~ Free File/Web Hosting</title>
 	<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
+	<meta name="description" content="Welcome to the world of ad-free, cost-free file / web hosting! 20GB user space included with a 350MB max file upload size! FreeHost is proudly powered by FreeDNS, LetsEncrypt, Freenom, and SOFM <?php echo $version; ?>" />
 	<link rel="stylesheet" href="style.css" type="text/css">
 	<script src="data/jquery.1.7.js"></script>
-	<meta name="viewport" content="width=device-width, initial-scale=1">
+	<meta name="viewport" content="width=device-width, initial-scale=.60, shrink-to-fit=yes">
 </head>
 <body>
 <div class="contain">
--- a/index.php
+++ b/index.php
@ -50,14 +50,15 @@ echo "<div class='ptitle'>$title: $desc</div>\n";
 				The shared location for each users static storage / web hosting is secured by SSL (https).
 				The downside is, CGI is disabled for users. <?php echo $title; ?> is more-so here 
 				for static hosting, but do remember if you have a small repository, or want to use
-				for mirroring FOSS (free and open source software); please feel to do so!<br /><br />
+				for mirroring FOSS (free and open source software); please feel to do so! <br />
+				<a href="https://ho.st.us.to/suckless">dl.suckless.org mirror</a> (example)<br /><br />
 				If you're looking for FreeBox, we sincerely apologize for the shut-down of our free 
-				VPS hosting services... Due to DMCA contact over piracy of copywritten data, we've
-				seized usage to all users. If you were using FreeBox for web hosting, freehost is
+				VPS hosting services... Due to DMCA contact over piracy of copyrighted data, we've
+				ceased usage to all users. If you were using FreeBox for web hosting, freehost is
 				always an option.<br /><br />
 				Remember, we charge absolutely no one, so if you like our services; please consider 
 				donating to cover a cup of coffee and maybe that internet bill!
-				<br />
+				<br /><br />
 				<form action="https://www.paypal.com/donate" method="post" target="_top">
 					<input type="hidden" name="cmd" value="_donations" />
 					<input type="hidden" name="business" value="cdorm245@gmail.com" />
--- a/register.php
+++ b/register.php
@ -33,7 +33,6 @@ else
 {
 	echo "<div class='ptitle'>$title: $desc ~ register</div>\n";
 	print <<<EOD
-	<br /><br />
 	<div class="form">
 		<form method="post" action="create.php">
 		<table>
--- a/style.css
+++ b/style.css
@ -31,8 +31,9 @@ body {
 .contain {
 	background: #161616;
 	padding: 10px;
-	min-width: 650px;
-	max-width: 800px;
+	min-width: 550px;
+	max-width: 700px;
+	width: 70%;
 	margin: auto;
 	border: solid 1px #222222;
 	border-radius: 10px;
@ -45,7 +46,8 @@ body {
 .footer {
 	font-family: "DM Mono", sans-serif;
 	text-align: center;
-	padding: 4px;
+	border-top: solid 1px #222222;
+	padding-top: 4px;
 }

 .indexl {
@ -124,6 +126,5 @@ a:hover { color: #3377ff; }
 	font-size: 16px;
 	color: #dddddd;
 	padding: 4px;
-	width: 450px;
 	text-align: center;
 }
--- a/terms.php
+++ b/terms.php
@ -37,7 +37,12 @@ include_once("header.php");
 		</tr>
 		<tr>
 			<td>
-				If these rules are not followed, your account will be removed without warning.
+				5: All files uploaded to FreeHost can be viewed by the outside world! By no means is this a secure place for file backups.
+			</td>
+		</tr>
+		<tr>
+			<td>
+				By using FreeHost as a service, you agree to these terms of usage. If these rules are not followed, your account will be removed without warning.
 			</td>
 		</tr>
 		</table>
--- a/upload.php
+++ b/upload.php
@ -46,6 +46,7 @@ for($i=0; $i<count($_FILES["file"]["name"]); $i++)
 	|| ($_FILES["file"]["type"][$i] == "text/css")
 	|| ($_FILES["file"]["type"][$i] == "application/octet-stream")
 	|| ($_FILES["file"]["type"][$i] == "text/html")
+	|| ($_FILES["file"]["type"][$i] == "application/vnd.android.package-archive")
 	|| ($_FILES["file"]["type"][$i] == "text/htm")
 	|| ($_FILES["file"]["type"][$i] == "text/xhtml")
 	|| ($_FILES["file"]["type"][$i] == "text/xml")