Pentium44
/
SOFM
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Call this v1.0.1

master
Pentium44 2020-11-03 21:02:37 -08:00
commit 79d77f891b
22 changed files with 12061 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
README Executable file
View File

@ -0,0 +1,16 @@
--- SOFM ---
SOFM (Simple online file manager) is a file manager written in PHP.
This software is released under the GPLv3.
--- Usage ---
*Extract SOFM anywhere and chmod 776 users/
*Modify config.php to your standards.
*Connect to SOFM from any web browser.
--- Changelog ---
11/3/2020 -
*CSS cleanup, and re-work
*Modified header / footer files from parsing text to parsing via php for usage of the server side functions
--- Licensing and copyright:
(C) Copyright 2014 Chris Dorman - Some rights reserved

16
config.php Executable file
View File

@ -0,0 +1,16 @@
<?php
//$config_var[0] = "password"; // Registration validation key - not needed //
$config_var[1] = "5368709120"; // Max virtual disk space usage - default 500MB //
$config_var[2] = "52428800"; // Max file upload space - default 10MB //
$config_var[3] = "SOFM"; // Title //
$config_var[4] = "Simple Online File Manager"; // Description //
$title = $config_var[3];
$desc = $config_var[4];
$user_max_webspace = $config_var[1];
$user_max_upload = $config_var[2];
$version = "v1.0.1";
?>

59
create.php Executable file
View File

@ -0,0 +1,59 @@
<?php
include_once("config.php");
if(isset($config_var[0])) { $validation_key = $config_var[0]; }
if($_POST['filezusername']!="" && $_POST['filezpassword']!="" && $_POST['filezpasswordagain']!="")
{
$username = stripcslashes(htmlentities(str_replace($badchars, '', $_POST['filezusername'])));
$password = $_POST['filezpassword'];
$password_again = $_POST['filezpasswordagain'];
//$validation_input = $_POST['filezvalidation'];
if($password == $password_again)
{
if($password!="")
{
if($username!="")
{
if(!file_exists("users/$username.php"))
{
//if($validation_key==$validation_input)
//{
mkdir("users/$username", 0777);
//file_put_contents("users/$username/index.html", "<html><meta http-equiv='refresh' content='0;url=/'></html>");
file_put_contents("users/$username.php", "<?php\n \$user_password = \"$password\";\n ?>\n");
file_put_contents("users/$username.usage", "0");
exec("ln -s /opt/eeze/users/$username /opt/eezeusers/$username"); // create symlink to web server
header("Location: login.php");
//}
//else
//{
// header("Location: register.php?error=5");
//}
}
else
{
header("Location: register.php?error=4");
}
}
else
{
header("Location: register.php?error=1");
}
}
else
{
header("Location: register.php?error=2");
}
}
else
{
header("Location: register.php?error=3");
}
}
else
{
header("Location: register.php?error=8");
}
?>

543
ctrl.php Executable file
View File

@ -0,0 +1,543 @@
<?php
session_start();
include("config.php");
if(!isset($_SESSION['hostz-user']) or !isset($_SESSION['hostz-passwd'])) { header("Location: index.php"); }
$username = $_SESSION['hostz-user'];
$password = $_SESSION['hostz-passwd'];
//$page_title = "Drive";
//$indir = "true";
//include_once("../data/header.php");
include_once("header.php");
include("users/$username.php");
if($password!=$user_password)
{
$_SESSION['hostz-user'] = null;
$_SESSION['hostz-passwd'] = null;
header("Location: index.php");
}
// Check to see if someone is backtracking in pathfinder
if(isset($_GET['p']))
{
$path = $_GET['p'];
if(stristr($path, "..") == true)
{
header("Location: ctrl.php?action=backtracking_error");
}
}
// Check if usage is below 0, then set to 0
$user_usage = file_get_contents("users/$username.usage");
if($user_usage<0)
{
file_put_contents("users/$username.usage", "0");
}
if(isset($_GET['f']))
{
$file = $_GET['f'];
if(isset($_GET['p']))
{
$path = $_GET['p'];
header("Location: users/$username/$path/$file");
}
else
{
header("Location: users/$username/$file");
}
}
//
// Format Bytes to KBytes, MBytes, GBytes //
//
function tomb($size, $precision = 2)
{
$base = log($size) / log(1024);
$suffixes = array('', 'KB', 'MB', 'GB', 'TB');
return round(pow(1024, $base - floor($base)), $precision) . $suffixes[floor($base)];
}
//
//
// MAIN LOOP //
//
//
if(isset($_GET['action']))
{
$action = $_GET['action'];
if($action=="backtracking_error")
{
$ip = $_SERVER['REMOTE_ADDR'];
if(file_exists("data/log.txt"))
{
$oldcontent = file_get_contents("data/log.txt");
}
else
{
$oldcotent = "";
}
file_put_contents("data/log.txt", $oldcontent . "Backtracking: $ip\n");
echo "<div class='ptitle'>Control Panel - $username</div>\n";
print <<<EOD
<h2>Error!</h2>
This system has found backtracking slashes in the URL. Your IP has been reported to the system administrator. Account suspension could be nessesary.
EOD;
}
if($action=="upload") {
print <<<CSS
<style>
.progress { position:relative; width:400px; border: 1px solid #ddd; padding: 1px; border-radius: 3px; margin: auto; }
.bar { background-color: #008000; width:0%; height:20px; border-radius: 3px; }
.percent { position:absolute; display:inline-block; top:1px; left:48%; vertical-align: center; }
#status { text-align: center; padding: 4px; }
</style>
CSS;
if(isset($_GET['p']))
{
$path = $_GET['p'];
if(stristr($path, "..") == true)
{
header("Location: ctrl.php?action=backtracking_error");
}
else
{
print <<<EOD
<div class='ptitle'>Upload - $username</div>
<div id='ctrlnav'><a href='ctrl.php?p=$path'>Back to /$path</a>
<div class="progress">
<div class="bar"></div >
<div class="percent">0%</div >
</div>
<div id="status"></div>
</div>
<table style="margin:auto;">
<form action="upload.php?p=$path" method="post" enctype="multipart/form-data">
<tr>
<td>
<input type="file" name="file[]" id="file" multiple><br>
</td>
<td>
<input type="submit" name="submit" value="Upload">
</td>
</tr>
</form>
</table>
<script src="data/jquery.1.7.js"></script>
<script src="data/jquery.form.js"></script>
<script>
(function() {
var bar = $('.bar');
var percent = $('.percent');
var status = $('#status');
$('form').ajaxForm({
beforeSend: function() {
status.empty();
var percentVal = '0%';
bar.width(percentVal)
percent.html(percentVal);
},
uploadProgress: function(event, position, total, percentComplete) {
var percentVal = percentComplete + '%';
bar.width(percentVal)
percent.html(percentVal);
},
success: function() {
var percentVal = '100%';
bar.width(percentVal)
percent.html(percentVal);
},
complete: function(xhr) {
status.html(xhr.responseText);
}
});
})();
</script>
EOD;
}
}
else
{
print <<<EOD
<div class='ptitle'>Upload - $username</div>
<div id='ctrlnav'><a href="ctrl.php">Back to /</a>
<div class="progress">
<div class="bar"></div >
<div class="percent">0%</div >
</div>
<div id="status"></div>
</div>
<table style="margin:auto;">
<form action="upload.php" method="post" enctype="multipart/form-data">
<tr>
<td>
<input type="file" name="file[]" id="file" multiple><br>
</td>
<td>
<input type="submit" name="submit" value="Upload">
</td>
</tr>
</form>
</table>
<script src="data/jquery.1.7.js"></script>
<script src="data/jquery.form.js"></script>
<script>
(function() {
var bar = $('.bar');
var percent = $('.percent');
var status = $('#status');
$('form').ajaxForm({
beforeSend: function() {
status.empty();
var percentVal = '0%';
bar.width(percentVal)
percent.html(percentVal);
},
uploadProgress: function(event, position, total, percentComplete) {
var percentVal = percentComplete + '%';
bar.width(percentVal)
percent.html(percentVal);
},
success: function() {
var percentVal = '100%';
bar.width(percentVal)
percent.html(percentVal);
},
complete: function(xhr) {
status.html(xhr.responseText);
}
});
})();
</script>
EOD;
}
}
// Create a new directory
if($action=="newdir")
{
if(isset($_GET['p']))
{
$path = $_GET['p'];
if(stristr($path, "..") == true)
{
header("Location: ctrl.php?action=backtracking_error");
}
else
{
print <<<EOD
<div class='ptitle'>New Directory - $username</div>
<div id='ctrlnav'>
<a href='ctrl.php?p=$path'>Back to /$path</a>
<div class="form">
<form action="ctrl.php?action=donewdir&p=$path" method="post">
<label for="file">Directory Name:</label>
<input type="text" name="dirname" id="dirname"><br>
<input type="submit" name="submit" value="Create">
</form>
</div>
</div>
EOD;
}
}
else
{
print <<<EOD
<div class='ptitle'>New Directory - $username</div>
<div id='ctrlnav'>
<a href='ctrl.php'>Back to /</a>
<div class="form">
<form action="ctrl.php?action=donewdir" method="post">
<label for="file">Directory Name:</label>
<input type="text" name="dirname" id="dirname"><br>
<input type="submit" name="submit" value="Create">
</form>
</div>
EOD;
}
}
if($action=="donewdir")
{
if($_POST['dirname']!="")
{
if(isset($_GET['p']))
{
$path = $_GET['p'];
if(stristr($path, "..") == true)
{
header("Location: ctrl.php?action=backtracking_error");
}
else
{
$dirname = $_POST['dirname'];
$badchars = array("*", "'", "\"", "(", ")", "[", "]", "#", "$", "@", "!", "%", "^", "|", "+", "&", "=");
$dirname = stripslashes(htmlentities(str_replace($badchars, '', $dirname)));
if(file_exists("users/$username/$path/$dirname"))
{
echo "Error: Directory exists.";
}
else
{
mkdir("users/$username/$path/$dirname", 0777);
//file_put_contents("users/$username/$path/$dirname/index.html", "<html><meta http-equiv='refresh' content='o;url=/'></html>");
header("Location: ctrl.php");
}
}
}
else
{
$dirname = $_POST['dirname'];
$badchars = array("*", "'", "\"", "(", ")", "[", "]", "#", "$", "@", "!", "%", "^", "|", "+", "&", "=");
$dirname = stripslashes(htmlentities(str_replace($badchars, '', $dirname)));
if(file_exists("users/$username/$dirname"))
{
echo "Error: Directory exists.";
}
else
{
mkdir("users/$username/$dirname", 0777);
//file_put_contents("users/$username/$dirname/index.html", "<html><meta http-equiv='refresh' content='o;url=/'></html>");
header("Location: ctrl.php");
}
}
}
else
{
echo "Error: No directory name specified.";
}
}
// Remove file methods
if($action=="remove") {
if(isset($_GET['p']))
{
$path = $_GET['p'];
if(stristr($path, "..") == true)
{
header("Location: ctrl.php?action=backtracking_error");
}
else
{
if(is_dir("users/$username/$path")) {
if(isset($_GET['rf']))
{
$file = $_GET['rf'];
if(stristr($file, "..") == true)
{
header("Location: ctrl.php?action=backtracking_error");
}
else
{
$filesize = filesize("users/$username/$path/$file");
$usage = file_get_contents("users/$username.usage");
$usage = $usage - $filesize;
if(file_exists("users/$username/$path/$file"))
{
file_put_contents("users/$username.usage", $usage);
unlink("users/$username/$path/$file");
header("Location: ctrl.php");
}
else
{
echo "Error: File does not exist";
}
}
} else {
echo "Error: No file specified\n";
}// Close rf check //
}// Close is_dir check //
header("Location: ctrl.php");
}
header("Location: ctrl.php");
}
else
{
if(isset($_GET['rf']))
{
$file = $_GET['rf'];
if(stristr($file, "..") == true)
{
header("Location: ctrl.php?action=backtracking_error");
}
else
{
$filesize = filesize("users/$username/$file");
$usage = file_get_contents("users/$username.usage");
$usage = $usage - $filesize;
if(file_exists("users/$username/$file"))
{
file_put_contents("users/$username.usage", $usage); // Remove file usage
// Form database
unlink("users/$username/$file"); // remove file //
} // Close if, on to else //
else
{
echo "Error: File does not exist"; // Report no file //
}
header("Location: ctrl.php"); // Redirect //
} // END of else bracket //
} // Close rf check //
} // END of else bracket //
}
if($action=="removedir") {
if(isset($_GET['d']))
{
$dir = $_GET['d'];
if(stristr($dir, "..") == true)
{
header("Location: ctrl.php?action=backtracking_error");
}
else
{
if(is_dir("users/$username/$dir"))
{
$dircontent = opendir("users/$username/$dir");
while(false!==($getfile = readdir($dircontent)))
{
if($getfile!=".." && $getfile!=".")
{
$filesize = filesize("users/$username/$dir/$getfile");
$usage = file_get_contents("users/$username.usage");
$usage = $usage - $filesize;
file_put_contents("users/$username.usage", $usage);
unlink("users/$username/$dir/$getfile");
}
}
rmdir("users/$username/$dir");
header("Location: ctrl.php"); // Redirect to main //
} else {
echo "Error: specified path is not a real directory\n";
}// END of is_dir check //
} // END of else //
}
else
{
echo "Error: No directory specified.";
}
}
}
else
{
echo "<div class='ptitle'>Control Panel - $username</div>\n\n";
echo "<div id='ctrlnav'>\n";
if(isset($_GET['p']))
{
$path = $_GET['p'];
echo "<a href='ctrl.php'>Back to /</a> &bull; \n";
echo "<a href='ctrl.php?action=upload&p=$path'>Upload</a> &bull; \n";
echo "<a href='ctrl.php?action=newdir&p=$path'>Create Directory</a>\n";
echo "&bull; <a href='users/$username/$path'>Drive URL</a>";
echo "&bull; <a href='http://ho.st.us.to/$username/$path'>Short URL</a>";
}
else
{
echo "<a href='ctrl.php?action=upload'>Upload</a> &bull; \n";
echo "<a href='ctrl.php?action=newdir'>Create Directory</a>\n";
echo "&bull; <a href='users/$username/'>Drive URL</a>";
echo "&bull; <a href='http://ho.st.us.to/$username'>Short URL</a>";
}
//echo "&bull; <a href='users/$username/'>Drive URL</a>";
echo "<br />";
$size = file_get_contents("users/$username.usage");
$size = tomb($size);
$user_max_webspace = tomb($user_max_webspace);
echo "Usage: $size / $user_max_webspace";
echo "</div><div id='filelist'>\n";
echo "<u>Your virtual disk files:</u><br>";
if(isset($_GET['p']))
{
if(is_dir("users/$username/" . $_GET['p']))
{
$path = $_GET['p'];
$userdb = opendir("users/$username/$path");
}
else
{
$undefined_var = "";
}
}
else
{
$userdb = opendir("users/$username");
}
if(isset($userdb))
{
while(false !== ($file = readdir($userdb)))
{
if(isset($path))
{
if(is_dir("users/$username/$path/$file") && $file!=".." && $file!=".")
{
echo "<img src='data/img/folder.png' style='padding-right: 4px;' alt='Folder' /><a href='ctrl.php?p=$path/$file'>$file</a><a style='padding-left: 35px; float:right;' href='ctrl.php?action=removedir&d=$path/$file'>Delete Directory</a><br />\n";
}
else if($file!=".." && $file!=".")
{
echo "<img src='data/img/file.png' style='padding-right: 4px;' alt='File' /><a href='ctrl.php?f=$path/$file'>$file</a><a style='padding-left: 35px; float:right;' href='ctrl.php?action=remove&rf=$path/$file'>Delete File</a><br />\n";
}
}
else
{
if(is_dir("users/$username/$file") && $file!=".." && $file!=".")
{
echo "<img src='data/img/folder.png' style='padding-right: 4px;' alt='Folder' /><a href='ctrl.php?p=$file'>$file</a><a style='padding-left: 35px; float:right;' href='ctrl.php?action=removedir&d=$file'>Delete Directory</a><br />\n";
}
else if($file!=".." && $file!=".")
{
echo "<img src='data/img/file.png' style='padding-right: 4px;' alt='File' /><a href='ctrl.php?f=$file'>$file</a><a style='padding-left: 35px; float:right;' href='ctrl.php?action=remove&rf=$file'>Delete File</a><br />\n";
}
}
}
}
else
{
echo "Error: Directory not found";
}
echo "\n</div>\n";
}
include_once("footer.php");
?>

BIN
data/img/Thumbs.db Executable file
View File

Binary file not shown.

BIN
data/img/file.png Executable file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 461 B

BIN
data/img/folder.png Executable file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 3.0 KiB

9
data/img/index.html Executable file
View File

@ -0,0 +1,9 @@
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /data/img was not found on this server.</p>
<hr>
<address>Apache/2.2.22 (Ubuntu) Server at hostz.us.to Port 80</address>
</body></html>

3
data/index.html Executable file
View File

@ -0,0 +1,3 @@
<html>
<meta http-equiv="refresh" content="0;url=/">
</html>

9404
data/jquery.1.7.js Executable file
View File

File diff suppressed because it is too large Load Diff

1278
data/jquery.form.js Executable file
View File

File diff suppressed because it is too large Load Diff

26
data/log.txt Executable file
View File

@ -0,0 +1,26 @@
Backtracking: 127.0.0.1Backtracking: 127.0.0.1
Backtracking: 127.0.0.1
Backtracking: 127.0.0.1
Backtracking: 127.0.0.1
Backtracking: 127.0.0.1
Backtracking: 127.0.0.1
Backtracking: 127.0.0.1
Backtracking: 127.0.0.1
Backtracking: 127.0.0.1
Backtracking: 127.0.0.1
Backtracking: 127.0.0.1
Backtracking: 127.0.0.1
Backtracking: 127.0.0.1
Backtracking: 127.0.0.1
Backtracking: 127.0.0.1
Backtracking: 127.0.0.1
Backtracking: 127.0.0.1
Backtracking: 127.0.0.1
Backtracking: 69.255.179.102
Backtracking: 69.255.179.102
Backtracking: 69.255.179.102
Backtracking: 66.172.12.166
Backtracking: 66.172.12.166
Backtracking: 66.172.12.166
Backtracking: 69.255.179.102
Backtracking: 66.172.12.166

8
footer.php Executable file
View File

@ -0,0 +1,8 @@
<?php
include("config.php");
?>
</div>
<div class="footer">SOFM <?php echo $version; ?>, 2014-2020 &bull; <a href="terms.php">Terms Of Service</a></div>
</body>
</html>

16
header.php Executable file
View File

@ -0,0 +1,16 @@
<?php include("config.php"); session_start(); ?>
<!DOCTYPE html>
<html>
<head>
<title><?php echo $title; ?></title>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<link rel="stylesheet" href="style.css" type="text/css">
<script src="data/jquery.1.7.js"></script>
<meta name="viewport" content="width=device-width, initial-scale=1">
</head>
<body>
<div class="contain">
<div class="title"><?php echo $title . "<br />\n<div style='font-size: 20px;'>" . $desc . "</div>"; ?></div>
<br />

51
index.php Executable file
View File

@ -0,0 +1,51 @@
<?php
session_start();
include("config.php");
function tomb($size, $precision = 2)
{
$base = log($size) / log(1024);
$suffixes = array('', 'KB', 'MB', 'GB', 'TB');
return round(pow(1024, $base - floor($base)), $precision) . $suffixes[floor($base)];
}
$webspace = tomb($config_var[1]);
$max_upload = tomb($config_var[2]);
include_once("header.php");
?>
<div class="navbar">
<?php
if(!isset($_SESSION['hostz-user']) && !isset($_SESSION['hostz-passwd'])) {
?>
<a href="register.php">Register</a>&bull;<a href="login.php">Login</a>
<?php
} else {
?>
<a href="ctrl.php">My Drive</a>&bull;<a href="logout.php">Logout</a>
<?php
}
?>
</div>
<?php
print <<<EOD
<table style="margin:auto;">
<tr>
<td>
<div id="packages">
Web Space: $webspace<br>
Max Upload: $max_upload<br>
</div>
</td>
</tr>
</table>
EOD;
include_once("footer.php");
?>

138
login.php Executable file
View File

@ -0,0 +1,138 @@
<?php
session_start();
if(isset($_SESSION['hostz-user']) && isset($_SESSION['hostz-passwd'])) { header("Location: ctrl.php"); }
if(isset($_SESSION['hostz-vpspanel-user']) && isset($_SESSION['hostz-vpspanel-passwd'])) { header("Location: vps-panel.php"); }
//$header = file_get_contents("header.txt");
//echo $header;
//$page_title = "Drive";
//$indir = "true";
//include_once("../data/header.php");
include("config.php");
include_once("header.php");
echo "<div class='ptitle'>$title - Login</div>\n\n";
if(isset($_GET['action']))
{
$action = $_GET['action'];
if($action=="filehost")
{
if($_POST['hostzusername']!="" && $_POST['hostzpassword']!="")
{
$username = $_POST['hostzusername'];
if(file_exists("users/$username.php"))
{
$password = $_POST['hostzpassword'];
include("users/$username.php");
if($user_password==$password)
{
$_SESSION['hostz-user'] = $_POST['hostzusername'];
$_SESSION['hostz-passwd'] = $_POST['hostzpassword'];
echo "Logged in, <a href=\"ctrl.php\">Redirecting to control panel in 3 seconds</a><meta http-equiv='refresh' content='3;url=ctrl.php'>";
}
else
{
echo "Error: Wrong password";
}
}
else
{
echo "Error: User not found.";
}
}
else
{
echo "Error: No username or password provided";
}
}
/*if($action=="dovps")
{
if($_POST['vpsusername']!="" && $_POST['vpspassword']!="")
{
$username = $_POST['vpsusername'];
if(file_exists("vpsusers/$username.php"))
{
$password = md5(sha1($_POST['vpspassword']));
include("vpsusers/$username.php");
if($user_password==$password)
{
$_SESSION['hostz-vpspanel-user'] = $_POST['vpsusername'];
$_SESSION['hostz-vpspanel-passwd'] = $password;
echo "Logged in, <a href=\"vps-panel.php\">Redirecting to VPS panel in 3 seconds</a><meta http-equiv='refresh' content='3;url=vps-panel.php'>";
}
else
{
echo "Error: Wrong password";
}
}
else
{
echo "Error: User not found.";
}
}
else
{
echo "Error: No username or password provided";
}
}*/
}
/*else if(isset($_GET['vps'])) {
print <<<EOD
<div class="form">
<form method="post" action="login.php?action=dovps">
<table>
<tr>
<td>Username:</td>
<td><input type="text" name="vpsusername"></td>
</tr>
<tr>
<td>Password:</td>
<td><input type="password" name="vpspassword"></td>
</tr>
<tr>
<td>Go!</td>
<td><input type="submit" value="Login"></td>
</tr>
</table>
</form>
</div>
EOD;
}*/
else if(isset($_GET['filehost'])) {
print <<<EOD
<div class="form">
<form method="post" action="login.php?action=filehost">
<table>
<tr>
<td>Username:</td>
<td><input type="text" name="hostzusername"></td>
</tr>
<tr>
<td>Password:</td>
<td><input type="password" name="hostzpassword"></td>
</tr>
<tr>
<td>Go!</td>
<td><input type="submit" value="Login"></td>
</tr>
</table>
</form>
</div>
EOD;
} else {
print <<<EOD
<div class="indexl">
<a href="login.php?filehost">Login</a>
</div>
EOD;
}
include_once("footer.php");
?>

13
logout.php Executable file
View File

@ -0,0 +1,13 @@
<?php
session_start();
if(isset($_SESSION['hostz-user']) && isset($_SESSION['hostz-passwd']))
{
$_SESSION['hostz-user'] = null;
$_SESSION['hostz-passwd'] = null;
}
header("Location: index.php");
?>

115
register.php Executable file
View File

@ -0,0 +1,115 @@
<?php
session_start();
if(isset($_SESSION['hostz-user']) && isset($_SESSION['hostz-passwd'])) { header("Location: ctrl.php"); }
//$header = file_get_contents("header.txt");
//echo $header;
//$page_title = "Drive";
//$indir = "true";
//include_once("../data/header.php");
include("config.php");
include_once("header.php");
if(isset($_GET['error']))
{
$error = $_GET['error'];
if($error=="1") { echo "Error: No username provided."; }
if($error=="2") { echo "Error: No password provided."; }
if($error=="3") { echo "Error: Passwords provided did not mach."; }
if($error=="4") { echo "Error: Username in use."; }
//if($error=="5") { echo "Error: Invalid validation code"; }
if($error=="6") { echo "Error: No email provided."; }
if($error=="7") { echo "Error: Not a valid email address."; }
if($error=="8") { echo "Error: Register form not completely filled out."; }
if($error=="9") { echo "Error: VPS package not available at this time."; }
if($error=="10") { echo "Error: The provided email has already been registered with EEZE Host."; }
}
/*else if(isset($_GET['vps'])) {
print <<<EOD
<div class="form">
<form method="post" action="create.php?vps">
<table>
<tr>
<td>Email:</td>
<td><input type="text" name="email"></td>
</tr>
<tr>
<td>Username:</td>
<td><input type="text" name="username"></td>
</tr>
<tr>
<td>Password:</td>
<td><input type="password" name="password"></td>
</tr>
<tr>
<td>Confirm Password:</td>
<td><input type="password" name="passwordagain"></td>
</tr>
<tr>
<td>VPS Package:</td>
<td>
<select name="package">
<option value="1">VPS Package 1</option>
</select>
</td>
</tr>
<tr>
<td>Terms Of Service:</td>
<td>By signing up for this service, you are <br>agreeing to the <a href='terms.php'>Terms Of Service</a></td>
</tr>
<tr>
<td>Go!</td>
<td><input type="submit" value="Get Your VPS"></td>
</tr>
</table>
</form>
</div>
EOD;
}*/
else if(isset($_GET['filehost'])) {
print <<<EOD
<div class="form">
<form method="post" action="create.php">
<table>
<tr>
<td>Username:</td>
<td><input type="text" name="filezusername"></td>
</tr>
<tr>
<td>Password:</td>
<td><input type="password" name="filezpassword"></td>
</tr>
<tr>
<td>Confirm Password:</td>
<td><input type="password" name="filezpasswordagain"></td>
</tr>
<tr>
<td>Terms Of Service:</td>
<td>By signing up for this service, you are <br>agreeing to the <a href='terms.php'>Terms Of Service</a></td>
</tr>
<tr>
<td>Go!</td>
<td><input type="submit" value="Get Your Webspace"></td>
</tr>
</table>
</form>
</div>
EOD;
} else {
print <<<EOD
<div class="indexl">
<a href="register.php?filehost">Register</a>
</div>
EOD;
}
//include_once("../data/footer.php");
$footer = file_get_contents("footer.txt");
echo $footer;
?>

132
style.css Executable file
View File

@ -0,0 +1,132 @@
@import url(http://fonts.googleapis.com/css?family=Alef);
@import url(http://fonts.googleapis.com/css?family=Pontano+Sans);
body {
background-color: #000000;
font-family: "Pontano Sans", sans-serif;
font-size: 16px;
color: #f9f9f9;
margin: 0;
}
.ctrl_navbar {
padding: 4px;
background: #010101;
border: solid 1px #666666;
}
.title {
font-family: "Alef", "Pontano Sans", sans-serif;
font-size: 32px;
text-align: center;
min-width: 200px;
max-width: 600px;
margin: auto;
}
.ptitle {
font-size: 24px;
margin: auto;
text-align: center;
width: fit-content(20%);
}
.contain {
background: #545454;
padding: 10px;
min-width: 650px;
max-width: 800px;
margin: auto;
border: solid 1px #444444;
border-radius: 10px;
-webkit-border-radius: 10px;
-moz-border-radius: 10px;
-ms-border-radius: 10px;
box-shadow: 0px 0px 10px #000000;
}
.footer {
font-family: Alef, sans-serif;
text-align:center;
padding: 4px;
}
.indexl {
text-align: center;
font-size: 24px;
}
.indexl a {
padding: 0px;
padding-left: 4px;
padding-right: 4px;
border-radius: 5px;
background-color: #323232;
border: solid 1px #222222;
color: white;
text-decoration: none;
}
.indexl a:hover {
background-color: #323232;
border: solid 1px #222222;
color: #3377ff;
}
a { color: #aaaaaa; text-decoration: underline; transition: ease-in color .5s; }
a:hover { color: #3377ff; }
#ctrlnav {
text-align: center;
font-size: 16px;
color: #dddddd;
padding: 4px;
border-radius: 6px;
border: solid 1px #222222;
background-color: #323232;
text-decoration: none;
}
#ctrlnav a {
color: #3377ff;
text-decoration: none;
font-weight: bold;
}
#ctrlnav a:hover {
color: #aaaaaa;
}
#filelist {
padding: 14px;
font-size: 14px;
}
.navbar {
margin: 0 auto;
padding-bottom: 12px;
max-width: 1100px;
text-align: center;
}
.navbar a {
font-size: 22px;
padding-left: 8px;
padding-right: 8px;
color: #3377ff;
text-decoration: none;
}
.navbar a:hover {
color: #dddddd;
}
#packages {
font-size: 16px;
color: #dddddd;
padding: 4px;
border-radius: 6px;
border: solid 1px #222222;
background-color: #323232;
width: 230px;
}

47
terms.php Executable file
View File

@ -0,0 +1,47 @@
<?php
//$header = file_get_contents("header.txt");
//echo $header;
//$page_title = "Drive";
//$indir = "true";
//include_once("../data/header.php");
include("config.php");
include_once("header.php");
print <<<EOD
<div class='ptitle'>$title - Terms of Service</div>
<table>
<tr>
<td>
1: Copyrighted content is strictly forbidden!
</td>
</tr>
<tr>
<td>
2: Patching ".." into the control panel url is forbidden, and your external IP address will be logged.
</td>
</tr>
<tr>
<td>
3: Explicit content is forbidden.
</td>
</tr>
<tr>
<td>
4: Information that is not directly linked to you and is reported to us is forbidden. Be respectful to others.
</td>
</tr>
<tr>
<td>
If these rules are not followed, your account will be removed without warning.
</td>
</tr>
</table>
EOD;
include_once("footer.php");
?>

184
upload.php Executable file
View File

@ -0,0 +1,184 @@
<?php
session_start();
if(!isset($_SESSION['hostz-user']) or !isset($_SESSION['hostz-passwd'])) { exit(1); }
$username = $_SESSION['hostz-user'];
$password = $_SESSION['hostz-passwd'];
// check if user is valid
include_once("users/$username.php");
// config variables
include_once("config.php");
// get filesize for uploaded files
function tomb($size, $precision = 2)
{
$base = log($size) / log(1024);
$suffixes = array('', 'KB', 'MB', 'GB', 'TB');
return round(pow(1024, $base - floor($base)), $precision) . $suffixes[floor($base)];
}
if($password!=$user_password)
{
$_SESSION['hostz-user'] = null;
$_SESSION['hostz-passwd'] = null;
exit(1);
}
echo "<html>";
for($i=0; $i<count($_FILES["file"]["name"]); $i++)
{
$allowedExts = array("gif", "jpeg", "jpg", "png", "bmp", "ico", "swf", "txt", "html", "htm", "css", "js", "c", "cpp", "lua", "py", "tar", "zip", "rar", "gz", "7z", "bz2", "tgz", "mp3", "mp4", "ogg", "wav", "ogv", "flv", "webm", "oft", "pdf", "json", "ttf", "rtf", "oft", "svg");
$temp = explode(".", $_FILES["file"]["name"][$i]);
$extension = end($temp);
if ((($_FILES["file"]["type"][$i] == "image/gif")
|| ($_FILES["file"]["type"][$i] == "image/x-gif")
|| ($_FILES["file"]["type"][$i] == "image/jpeg")
|| ($_FILES["file"]["type"][$i] == "image/x-jpeg")
|| ($_FILES["file"]["type"][$i] == "image/x-jpg")
|| ($_FILES["file"]["type"][$i] == "image/jpg")
|| ($_FILES["file"]["type"][$i] == "image/pjpeg")
|| ($_FILES["file"]["type"][$i] == "image/x-png")
|| ($_FILES["file"]["type"][$i] == "image/bmp")
|| ($_FILES["file"]["type"][$i] == "image/x-icon")
|| ($_FILES["file"]["type"][$i] == "text/css")
|| ($_FILES["file"]["type"][$i] == "application/octet-stream")
|| ($_FILES["file"]["type"][$i] == "text/html")
|| ($_FILES["file"]["type"][$i] == "text/htm")
|| ($_FILES["file"]["type"][$i] == "text/plain")
|| ($_FILES["file"]["type"][$i] == "application/octet-stream")
|| ($_FILES["file"]["type"][$i] == "application/x-gunzip")
|| ($_FILES["file"]["type"][$i] == "application/x-gzip-compressed")
|| ($_FILES["file"]["type"][$i] == "application/x-rar-compressed")
|| ($_FILES["file"]["type"][$i] == "application/x-rar")
|| ($_FILES["file"]["type"][$i] == "application/octet-stream")
|| ($_FILES["file"]["type"][$i] == "application/x-7z-compressed")
|| ($_FILES["file"]["type"][$i] == "application/x-7z")
|| ($_FILES["file"]["type"][$i] == "application/x-compress")
|| ($_FILES["file"]["type"][$i] == "application/x-compressed")
|| ($_FILES["file"]["type"][$i] == "application/x-tar")
|| ($_FILES["file"]["type"][$i] == "application/x-tar-compressed")
|| ($_FILES["file"]["type"][$i] == "application/x-gtar")
|| ($_FILES["file"]["type"][$i] == "application/x-tgz")
|| ($_FILES["file"]["type"][$i] == "application/tgz")
|| ($_FILES["file"]["type"][$i] == "application/tar")
|| ($_FILES["file"]["type"][$i] == "application/gzip")
|| ($_FILES["file"]["type"][$i] == "application/x-gzip")
|| ($_FILES["file"]["type"][$i] == "application/x-zip")
|| ($_FILES["file"]["type"][$i] == "application/zip")
|| ($_FILES["file"]["type"][$i] == "application/x-zip-compressed")
|| ($_FILES["file"]["type"][$i] == "text/c")
|| ($_FILES["file"]["type"][$i] == "text/cpp")
|| ($_FILES["file"]["type"][$i] == "text/lua")
|| ($_FILES["file"]["type"][$i] == "text/py")
|| ($_FILES["file"]["type"][$i] == "text/x-lua")
|| ($_FILES["file"]["type"][$i] == "text/x-c")
|| ($_FILES["file"]["type"][$i] == "audio/mp3")
|| ($_FILES["file"]["type"][$i] == "audio/x-mp3")
|| ($_FILES["file"]["type"][$i] == "audio/mpeg")
|| ($_FILES["file"]["type"][$i] == "audio/x-mpeg")
|| ($_FILES["file"]["type"][$i] == "audio/mpeg3")
|| ($_FILES["file"]["type"][$i] == "audio/x-mpeg3")
|| ($_FILES["file"]["type"][$i] == "audio/wav")
|| ($_FILES["file"]["type"][$i] == "audio/wave")
|| ($_FILES["file"]["type"][$i] == "audio/x-wav")
|| ($_FILES["file"]["type"][$i] == "audio/ogg")
|| ($_FILES["file"]["type"][$i] == "audio/x-ogg")
|| ($_FILES["file"]["type"][$i] == "video/mp4")
|| ($_FILES["file"]["type"][$i] == "video/ogg")
|| ($_FILES["file"]["type"][$i] == "video/webm")
|| ($_FILES["file"]["type"][$i] == "application/json")
|| ($_FILES["file"]["type"][$i] == "application/pdf")
|| ($_FILES["file"]["type"][$i] == "image/svg+xml")
|| ($_FILES["file"]["type"][$i] == "application/rtf")
|| ($_FILES["file"]["type"][$i] == "text/ttf")
|| ($_FILES["file"]["type"][$i] == "text/otf")
|| ($_FILES["file"]["type"][$i] == "video/x-flv")
|| ($_FILES["file"]["type"][$i] == "video/mp4v-es")
|| ($_FILES["file"]["type"][$i] == "application/x-python")
|| ($_FILES["file"]["type"][$i] == "text/x-python")
|| ($_FILES["file"]["type"][$i] == "text/python")
|| ($_FILES["file"]["type"][$i] == "application/x-compressed")
|| ($_FILES["file"]["type"][$i] == "text/javascript")
|| ($_FILES["file"]["type"][$i] == "application/x-javascript")
|| ($_FILES["file"]["type"][$i] == "application/bzip2")
|| ($_FILES["file"]["type"][$i] == "application/x-bzip")
|| ($_FILES["file"]["type"][$i] == "application/x-bz2")
|| ($_FILES["file"]["type"][$i] == "application/octet")
|| ($_FILES["file"]["type"][$i] == "application/octet-stream")
|| ($_FILES["file"]["type"][$i] == "application/force-download")
|| ($_FILES["file"]["type"][$i] == "image/png")
|| ($_FILES["file"]["type"][$i] == ""))
&& ($_FILES["file"]["size"][$i] < $user_max_upload)
&& in_array(strtolower($extension), $allowedExts))
{
if ($_FILES["file"]["error"][$i] > 0)
{
echo $_FILES["file"]["name"][$i] . " - Return Code: " . $_FILES["file"]["error"][$i] . "<br>";
}
else
{
if(isset($_GET['p']))
{
$path = $_GET['p'];
if(stristr($path, "../") == true)
{
echo "<meta http-equiv='refresh' content='0;url=ctrl.php?action=backtracking_error'>";
}
else if (file_exists("users/$username/$path/" . $_FILES["file"]["name"][$i]))
{
echo "Error:" . $_FILES["file"]["name"][$i] . " file exists.<br>";
}
else
{
$usage = file_get_contents("users/$username.usage");
$usage = $usage + $_FILES["file"]["size"][$i];
if($usage > $user_max_webspace) {
echo "Error: Exceeding max webspace usage.<br>";
}
else
{
$filelist = file_get_contents("users/$username.files");
file_put_contents("users/$username.usage", $usage);
move_uploaded_file($_FILES["file"]["tmp_name"][$i],
"users/$username/$path/" . $_FILES["file"]["name"][$i]);
file_put_contents("users/$username.files", $_FILES["file"]["name"][$i] . "<br />\n" . $filelist);
echo "Success: " . $_FILES["file"]["name"][$i] . " Uploaded! Size: " . tomb($_FILES["file"]["size"][$i]) . "<br>";
}
}
}
else
{
if (file_exists("users/$username/" . $_FILES["file"]["name"][$i]))
{
echo "Error: " . $_FILES["file"]["name"][$i] . " exists.<br>";
}
else
{
$usage = file_get_contents("users/$username.usage");
$usage = $usage + $_FILES["file"]["size"][$i];
if($usage > $user_max_webspace) {
echo "Error: Exceeding max webspace usage.<br>";
}
else
{
file_put_contents("users/$username.usage", $usage);
move_uploaded_file($_FILES["file"]["tmp_name"][$i],
"users/$username/" . $_FILES["file"]["name"][$i]);
echo "Success: " . $_FILES["file"]["name"][$i] . " Uploaded! Size: " . tomb($_FILES["file"]["size"][$i]) . "<br>";
}
}
}
}
}
else
{
echo "Error: " . $_FILES["file"]["name"][$i] . " is too large, or is a invalid filetype";
}
}
echo "</html>";
?>

3
users/index.html Executable file
View File

@ -0,0 +1,3 @@
<html>
<meta http-equiv="refresh" content="0;url=/">
</html>