Call this v1.2.1! Bugfixes, and more
This commit is contained in:
Pentium44
parent
91a6409b1c
commit
6f55ba9a40
13
README
Executable file → Normal file
13
README
Executable file → Normal file
@ -1,13 +1,20 @@
|
||||
--- SOFM ---
|
||||
SOFM (Simple online file manager) is a file manager written in PHP.
|
||||
SOFM (Simple online file manager) is a file manager written in PHP.
|
||||
This software is released under the GPLv3.
|
||||
|
||||
--- Usage ---
|
||||
*Extract SOFM anywhere and chmod 776 users/
|
||||
*Extract SOFM anywhere and chmod 776 users/
|
||||
*Modify config.php to your standards.
|
||||
*Connect to SOFM from any web browser.
|
||||
|
||||
--- Changelog ---
|
||||
11/22/2020 - v1.2.1
|
||||
*CSS modifications
|
||||
*Directory creation bug fixes
|
||||
*Redirection fixes, navigation bar modifications
|
||||
*Check for directory backspacing (..)
|
||||
*Added file mimetypes for upload (extensions included)
|
||||
|
||||
11/4/2020 - v1.1.0
|
||||
*Other subtle CSS changes, W3S verified
|
||||
*Fixed some mimetypes, and added file extensions to database
|
||||
@ -21,4 +28,4 @@ This software is released under the GPLv3.
|
||||
*Modified header / footer files from parsing text to parsing via php for usage of the server side functions
|
||||
|
||||
--- Licensing and copyright:
|
||||
(C) Copyright 2014 Chris Dorman - Some rights reserved
|
||||
(C) Copyright 2014-2020 Chris Dorman - Some rights reserved
|
||||
|
||||
12
config.php
12
config.php
@ -1,18 +1,18 @@
|
||||
<?php
|
||||
|
||||
//$config_var[0] = "password"; // Registration validation key - not needed //
|
||||
$config_var[1] = "5368709120"; // Max virtual disk space usage - default 500MB //
|
||||
$config_var[2] = "157291000"; // Max file upload space - default 10MB //
|
||||
$config_var[3] = "SOFM"; // Title //
|
||||
$config_var[4] = "Simple Online File Manager"; // Description //
|
||||
$config_var[1] = "21474825485"; // Max virtual disk space usage - default 500MB //
|
||||
$config_var[2] = "367000000"; // Max file upload space - default 10MB //
|
||||
$config_var[3] = "Simple Online File Manager"; // Title //
|
||||
$config_var[4] = "Flat file multi user file manager with set usage and file upload restrictions"; // Description //
|
||||
|
||||
$title = $config_var[3];
|
||||
$desc = $config_var[4];
|
||||
$user_max_webspace = $config_var[1];
|
||||
$user_max_upload = $config_var[2];
|
||||
|
||||
$version = "v1.1.0"; // Current version ~ displayed in footer.
|
||||
$version = "v1.2.1"; // Current version ~ displayed in footer.
|
||||
// Allowed file extensions within array. Easy to handle as well as loop
|
||||
$allowedExts = array("gif", "jpeg", "jpg", "png", "bmp", "ico", "swf", "txt", "html", "htm", "xhtml", "css", "js", "c", "cpp", "lua", "py", "tar", "zip", "rar", "gz", "7z", "bz2", "tgz", "mp3", "mp4", "ogg", "wav", "ogv", "flv", "webm", "pdf", "json", "ttf", "rtf", "otf", "svg");
|
||||
$allowedExts = array("gif", "jpeg", "jpg", "png", "bmp", "ico", "swf", "txt", "html", "htm", "xhtml", "css", "js", "c", "cpp", "lua", "py", "tar", "zip", "rar", "gz", "7z", "bz2", "tgz", "mp3", "mp4", "ogg", "wav", "ogv", "flv", "webm", "pdf", "json", "ttf", "rtf", "otf", "svg", "bz", "sig", "sum", "tbz", "xz", "iso", "img", "apk");
|
||||
|
||||
?>
|
||||
|
||||
68
ctrl.php
68
ctrl.php
@ -22,6 +22,8 @@ if($password!=$user_password)
|
||||
header("Location: index.php");
|
||||
}
|
||||
|
||||
$strlength = "60";
|
||||
|
||||
// Check to see if someone is backtracking in pathfinder
|
||||
if(isset($_GET['p']))
|
||||
{
|
||||
@ -44,11 +46,11 @@ if(isset($_GET['f']))
|
||||
if(isset($_GET['p']))
|
||||
{
|
||||
$path = $_GET['p'];
|
||||
header("Location: users/$username/$path/$file");
|
||||
header("Location: https://ho.st.us.to/$username/$path/$file");
|
||||
}
|
||||
else
|
||||
{
|
||||
header("Location: users/$username/$file");
|
||||
header("Location: https://ho.st.us.to/$username/$file");
|
||||
}
|
||||
}
|
||||
|
||||
@ -312,15 +314,25 @@ EOD;
|
||||
$dirname = $_POST['dirname'];
|
||||
$badchars = array("*", "'", "\"", "(", ")", "[", "]", "#", "$", "@", "!", "%", "^", "|", "+", "&", "=");
|
||||
$dirname = stripslashes(htmlentities(str_replace($badchars, '', $dirname)));
|
||||
|
||||
if(stristr($dirname, "..") == true)
|
||||
{
|
||||
header("Location: ctrl.php?action=backtracking_error");
|
||||
}
|
||||
|
||||
if(file_exists("users/$username/$path/$dirname"))
|
||||
{
|
||||
echo "Error: Directory exists.";
|
||||
}
|
||||
else
|
||||
{
|
||||
mkdir("users/$username/$path/$dirname", 0777);
|
||||
//file_put_contents("users/$username/$path/$dirname/index.html", "<html><meta http-equiv='refresh' content='o;url=/'></html>");
|
||||
header("Location: ctrl.php?p=$path");
|
||||
if(!preg_match("/^[A-Za-z0-9-_]+$/", $dirname)) {
|
||||
echo "Only characters A-Z, 0-9, '_' and '-' in directory names";
|
||||
} else {
|
||||
mkdir("users/$username/$path/$dirname", 0777);
|
||||
//file_put_contents("users/$username/$path/$dirname/index.html", "<html><meta http-equiv='refresh' content='o;url=/'></html>");
|
||||
header("Location: ctrl.php?p=$path");
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
@ -335,9 +347,13 @@ EOD;
|
||||
}
|
||||
else
|
||||
{
|
||||
mkdir("users/$username/$dirname", 0777);
|
||||
//file_put_contents("users/$username/$dirname/index.html", "<html><meta http-equiv='refresh' content='o;url=/'></html>");
|
||||
header("Location: ctrl.php");
|
||||
if(!preg_match("/^[A-Za-z0-9-_]+$/", $dirname)) {
|
||||
echo "Characters only A-Z, 0-9, '_' and '-' in directory names";
|
||||
} else {
|
||||
mkdir("users/$username/$dirname", 0777);
|
||||
//file_put_contents("users/$username/$dirname/index.html", "<html><meta http-equiv='refresh' content='o;url=/'></html>");
|
||||
header("Location: ctrl.php");
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
@ -361,7 +377,7 @@ EOD;
|
||||
if(is_dir("users/$username/$path")) {
|
||||
if(isset($_GET['rf']))
|
||||
{
|
||||
$file = $_GET['rf'];
|
||||
$file = stripslashes(htmlentities($_GET['rf']));
|
||||
if(stristr($file, "..") == true)
|
||||
{
|
||||
header("Location: ctrl.php?action=backtracking_error");
|
||||
@ -375,7 +391,7 @@ EOD;
|
||||
{
|
||||
file_put_contents("users/$username.usage", $usage);
|
||||
unlink("users/$username/$path/$file");
|
||||
header("Location: ctrl.php");
|
||||
header("refresh: 0,url=ctrl.php?p=$path");
|
||||
}
|
||||
else
|
||||
{
|
||||
@ -387,15 +403,15 @@ EOD;
|
||||
}// Close rf check //
|
||||
|
||||
}// Close is_dir check //
|
||||
header("Location: ctrl.php");
|
||||
header("refresh: 0,url=ctrl.php?p=$path");
|
||||
}
|
||||
header("Location: ctrl.php");
|
||||
header("refresh: 0,url=ctrl.php?p=$path");
|
||||
}
|
||||
else
|
||||
{
|
||||
if(isset($_GET['rf']))
|
||||
{
|
||||
$file = $_GET['rf'];
|
||||
$file = stripslashes(htmlentities($_GET['rf']));
|
||||
if(stristr($file, "..") == true)
|
||||
{
|
||||
header("Location: ctrl.php?action=backtracking_error");
|
||||
@ -424,7 +440,7 @@ EOD;
|
||||
if($action=="removedir") {
|
||||
if(isset($_GET['d']))
|
||||
{
|
||||
$dir = $_GET['d'];
|
||||
$dir = stripslashes(htmlentities($_GET['d']));;
|
||||
if(stristr($dir, "..") == true)
|
||||
{
|
||||
header("Location: ctrl.php?action=backtracking_error");
|
||||
@ -464,7 +480,7 @@ else
|
||||
echo "<div id='ctrlnav'>\n";
|
||||
if(isset($_GET['p']))
|
||||
{
|
||||
$path = $_GET['p'];
|
||||
$path = stripslashes(htmlentities($_GET['p']));
|
||||
echo "<a href='index.php'>Home</a> • \n";
|
||||
echo "<a href='ctrl.php'>Back to /</a> • \n";
|
||||
echo "<a href='ctrl.php?action=upload&p=$path'>Upload</a> • \n";
|
||||
@ -494,7 +510,7 @@ else
|
||||
{
|
||||
if(is_dir("users/$username/" . $_GET['p']))
|
||||
{
|
||||
$path = $_GET['p'];
|
||||
$path = stripslashes(htmlentities($_GET['p']));
|
||||
$userdb = opendir("users/$username/$path");
|
||||
}
|
||||
else
|
||||
@ -514,22 +530,34 @@ else
|
||||
{
|
||||
if(is_dir("users/$username/$path/$file") && $file!=".." && $file!=".")
|
||||
{
|
||||
echo "<img src='data/img/folder.png' style='padding-right: 4px;' alt='Folder' /><a href='ctrl.php?p=$path/$file'>$file</a><a style='padding-left: 35px; float:right;' href='ctrl.php?action=removedir&d=$path/$file'>Delete Directory</a><br />\n";
|
||||
echo "<img src='data/img/folder.png' style='padding-right: 4px;' alt='Folder' /><a href='ctrl.php?p=$path/$file'>";
|
||||
echo substr($file, 0, $strlength);
|
||||
if(strlen($file) > $strlength) { echo "..."; }
|
||||
echo "</a><a style='padding-left: 35px; float:right;' href='ctrl.php?action=removedir&d=$path/$file'>Delete Directory</a><br />\n";
|
||||
}
|
||||
else if($file!=".." && $file!=".")
|
||||
{
|
||||
echo "<img src='data/img/file.png' style='padding-right: 4px;' alt='File' /><a href='ctrl.php?f=$path/$file'>$file</a><a style='padding-left: 35px; float:right;' href='ctrl.php?action=remove&rf=$path/$file'>Delete File</a><br />\n";
|
||||
echo "<img src='data/img/file.png' style='padding-right: 4px;' alt='File' /><a href='ctrl.php?f=$path/$file'>";
|
||||
echo substr($file, 0, $strlength);
|
||||
if(strlen($file) > $strlength) { echo "..."; }
|
||||
echo "</a><a style='padding-left: 35px; float:right;' href='ctrl.php?action=remove&p=$path&rf=$file'>Delete File</a><br />\n";
|
||||
}
|
||||
}
|
||||
else
|
||||
{
|
||||
if(is_dir("users/$username/$file") && $file!=".." && $file!=".")
|
||||
{
|
||||
echo "<img src='data/img/folder.png' style='padding-right: 4px;' alt='Folder' /><a href='ctrl.php?p=$file'>$file</a><a style='padding-left: 35px; float:right;' href='ctrl.php?action=removedir&d=$file'>Delete Directory</a><br />\n";
|
||||
echo "<img src='data/img/folder.png' style='padding-right: 4px;' alt='Folder' /><a href='ctrl.php?p=$file'>";
|
||||
echo substr($file, 0, $strlength);
|
||||
if(strlen($file) > $strlength) { echo "..."; }
|
||||
echo "</a><a style='padding-left: 35px; float:right;' href='ctrl.php?action=removedir&d=$file'>Delete Directory</a><br />\n";
|
||||
}
|
||||
else if($file!=".." && $file!=".")
|
||||
{
|
||||
echo "<img src='data/img/file.png' style='padding-right: 4px;' alt='File' /><a href='ctrl.php?f=$file'>$file</a><a style='padding-left: 35px; float:right;' href='ctrl.php?action=remove&rf=$file'>Delete File</a><br />\n";
|
||||
echo "<img src='data/img/file.png' style='padding-right: 4px;' alt='File' /><a href='ctrl.php?f=$file'>";
|
||||
echo substr($file, 0, $strlength);
|
||||
if(strlen($file) > $strlength) { echo "..."; }
|
||||
echo "</a><a style='padding-left: 35px; float:right;' href='ctrl.php?action=remove&rf=$file'>Delete File</a><br />\n";
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
26
data/log.txt
26
data/log.txt
@ -1,26 +0,0 @@
|
||||
Backtracking: 127.0.0.1Backtracking: 127.0.0.1
|
||||
Backtracking: 127.0.0.1
|
||||
Backtracking: 127.0.0.1
|
||||
Backtracking: 127.0.0.1
|
||||
Backtracking: 127.0.0.1
|
||||
Backtracking: 127.0.0.1
|
||||
Backtracking: 127.0.0.1
|
||||
Backtracking: 127.0.0.1
|
||||
Backtracking: 127.0.0.1
|
||||
Backtracking: 127.0.0.1
|
||||
Backtracking: 127.0.0.1
|
||||
Backtracking: 127.0.0.1
|
||||
Backtracking: 127.0.0.1
|
||||
Backtracking: 127.0.0.1
|
||||
Backtracking: 127.0.0.1
|
||||
Backtracking: 127.0.0.1
|
||||
Backtracking: 127.0.0.1
|
||||
Backtracking: 127.0.0.1
|
||||
Backtracking: 69.255.179.102
|
||||
Backtracking: 69.255.179.102
|
||||
Backtracking: 69.255.179.102
|
||||
Backtracking: 66.172.12.166
|
||||
Backtracking: 66.172.12.166
|
||||
Backtracking: 66.172.12.166
|
||||
Backtracking: 69.255.179.102
|
||||
Backtracking: 66.172.12.166
|
||||
@ -2,12 +2,12 @@
|
||||
include("config.php");
|
||||
?>
|
||||
|
||||
</div>
|
||||
<div class="footer">
|
||||
SOFM <?php echo $version; ?>, 2014-2020 • <a href="terms.php">Terms Of Service</a><br />Powered by:<br />
|
||||
<a href="https://freedns.afraid.org/"><img style="width:100px;" src="https://freedns.afraid.org/images/freedns_crop.png" /></a>
|
||||
<a href="https://letsencrypt.org/"><img style="width: 100px;" src="https://letsencrypt.org/images/le-logo-wide.png" /></a>
|
||||
<a href="http://jigsaw.w3.org/css-validator/validator?uri=hosting.cddo.cf&profile=css3svg"><img style="border:0;width:80px" src="http://jigsaw.w3.org/css-validator/images/vcss-blue" alt="Valid CSS!" /></a>
|
||||
</div>
|
||||
</div>
|
||||
</body>
|
||||
</html>
|
||||
|
||||
@ -2,11 +2,12 @@
|
||||
<!DOCTYPE html>
|
||||
<html lang="en-US">
|
||||
<head>
|
||||
<title>SOFM <?php echo $version; ?></title>
|
||||
<title>FreeHost ~ Free File/Web Hosting</title>
|
||||
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
|
||||
<meta name="description" content="Welcome to the world of ad-free, cost-free file / web hosting! 20GB user space included with a 350MB max file upload size! FreeHost is proudly powered by FreeDNS, LetsEncrypt, Freenom, and SOFM <?php echo $version; ?>" />
|
||||
<link rel="stylesheet" href="style.css" type="text/css">
|
||||
<script src="data/jquery.1.7.js"></script>
|
||||
<meta name="viewport" content="width=device-width, initial-scale=1">
|
||||
<meta name="viewport" content="width=device-width, initial-scale=.60, shrink-to-fit=yes">
|
||||
</head>
|
||||
<body>
|
||||
<div class="contain">
|
||||
|
||||
@ -50,14 +50,15 @@ echo "<div class='ptitle'>$title: $desc</div>\n";
|
||||
The shared location for each users static storage / web hosting is secured by SSL (https).
|
||||
The downside is, CGI is disabled for users. <?php echo $title; ?> is more-so here
|
||||
for static hosting, but do remember if you have a small repository, or want to use
|
||||
for mirroring FOSS (free and open source software); please feel to do so!<br /><br />
|
||||
for mirroring FOSS (free and open source software); please feel to do so! <br />
|
||||
<a href="https://ho.st.us.to/suckless">dl.suckless.org mirror</a> (example)<br /><br />
|
||||
If you're looking for FreeBox, we sincerely apologize for the shut-down of our free
|
||||
VPS hosting services... Due to DMCA contact over piracy of copywritten data, we've
|
||||
seized usage to all users. If you were using FreeBox for web hosting, freehost is
|
||||
VPS hosting services... Due to DMCA contact over piracy of copyrighted data, we've
|
||||
ceased usage to all users. If you were using FreeBox for web hosting, freehost is
|
||||
always an option.<br /><br />
|
||||
Remember, we charge absolutely no one, so if you like our services; please consider
|
||||
donating to cover a cup of coffee and maybe that internet bill!
|
||||
<br />
|
||||
<br /><br />
|
||||
<form action="https://www.paypal.com/donate" method="post" target="_top">
|
||||
<input type="hidden" name="cmd" value="_donations" />
|
||||
<input type="hidden" name="business" value="cdorm245@gmail.com" />
|
||||
|
||||
@ -33,7 +33,6 @@ else
|
||||
{
|
||||
echo "<div class='ptitle'>$title: $desc ~ register</div>\n";
|
||||
print <<<EOD
|
||||
<br /><br />
|
||||
<div class="form">
|
||||
<form method="post" action="create.php">
|
||||
<table>
|
||||
|
||||
@ -31,8 +31,9 @@ body {
|
||||
.contain {
|
||||
background: #161616;
|
||||
padding: 10px;
|
||||
min-width: 650px;
|
||||
max-width: 800px;
|
||||
min-width: 550px;
|
||||
max-width: 700px;
|
||||
width: 70%;
|
||||
margin: auto;
|
||||
border: solid 1px #222222;
|
||||
border-radius: 10px;
|
||||
@ -45,7 +46,8 @@ body {
|
||||
.footer {
|
||||
font-family: "DM Mono", sans-serif;
|
||||
text-align: center;
|
||||
padding: 4px;
|
||||
border-top: solid 1px #222222;
|
||||
padding-top: 4px;
|
||||
}
|
||||
|
||||
.indexl {
|
||||
@ -124,6 +126,5 @@ a:hover { color: #3377ff; }
|
||||
font-size: 16px;
|
||||
color: #dddddd;
|
||||
padding: 4px;
|
||||
width: 450px;
|
||||
text-align: center;
|
||||
}
|
||||
|
||||
@ -37,7 +37,12 @@ include_once("header.php");
|
||||
</tr>
|
||||
<tr>
|
||||
<td>
|
||||
If these rules are not followed, your account will be removed without warning.
|
||||
5: All files uploaded to FreeHost can be viewed by the outside world! By no means is this a secure place for file backups.
|
||||
</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td>
|
||||
By using FreeHost as a service, you agree to these terms of usage. If these rules are not followed, your account will be removed without warning.
|
||||
</td>
|
||||
</tr>
|
||||
</table>
|
||||
|
||||
@ -46,6 +46,7 @@ for($i=0; $i<count($_FILES["file"]["name"]); $i++)
|
||||
|| ($_FILES["file"]["type"][$i] == "text/css")
|
||||
|| ($_FILES["file"]["type"][$i] == "application/octet-stream")
|
||||
|| ($_FILES["file"]["type"][$i] == "text/html")
|
||||
|| ($_FILES["file"]["type"][$i] == "application/vnd.android.package-archive")
|
||||
|| ($_FILES["file"]["type"][$i] == "text/htm")
|
||||
|| ($_FILES["file"]["type"][$i] == "text/xhtml")
|
||||
|| ($_FILES["file"]["type"][$i] == "text/xml")
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user