$title: $desc ~ ERROR!\n"; print <<Error! This system has found backtracking slashes in the URL. Your IP has been reported to the system administrator. Account suspension could be nessesary. EOD; } if($action=="upload") { print << .progress { position:relative; width:400px; border: 1px solid #ddd; padding: 1px; border-radius: 3px; margin: auto; } .bar { background-color: #008000; width:0%; height:20px; border-radius: 3px; } .percent { position:absolute; display:inline-block; top:1px; left:48%; vertical-align: center; } #status { text-align: center; padding: 4px; } CSS; if(isset($_GET['p'])) { $path = $_GET['p']; if(stristr($path, "..") == true) { header("Location: ctrl.php?action=backtracking_error"); } else { print <<$title: $desc ~ upload

EOD; } } else { print <<$title: $desc ~ upload

EOD; } } // Create a new directory if($action=="newdir") { if(isset($_GET['p'])) { $path = $_GET['p']; if(stristr($path, "..") == true) { header("Location: ctrl.php?action=backtracking_error"); } else { print <<$title: $desc ~ new directory
Back to /$path

EOD; } } else { echo "
$title: $desc ~ new directory
\n"; print << Back to /

EOD; } } if($action=="donewdir") { if($_POST['dirname']!="") { if(isset($_GET['p'])) { $path = $_GET['p']; if(stristr($path, "..") == true) { header("Location: ctrl.php?action=backtracking_error"); } else { $dirname = $_POST['dirname']; $badchars = array("*", "'", "\"", "(", ")", "[", "]", "#", "$", "@", "!", "%", "^", "|", "+", "&", "="); $dirname = stripslashes(htmlentities(str_replace($badchars, '', $dirname))); if(stristr($dirname, "..") == true) { header("Location: ctrl.php?action=backtracking_error"); } if(file_exists("users/$username/$path/$dirname")) { echo "Error: Directory exists."; } else { if(!preg_match("/^[A-Za-z0-9-_]+$/", $dirname)) { echo "Only characters A-Z, 0-9, '_' and '-' in directory names"; } else { mkdir("users/$username/$path/$dirname", 0777); //file_put_contents("users/$username/$path/$dirname/index.html", ""); header("Location: ctrl.php?p=$path"); } } } } else { $dirname = $_POST['dirname']; $badchars = array("*", "'", "\"", "(", ")", "[", "]", "#", "$", "@", "!", "%", "^", "|", "+", "&", "="); $dirname = stripslashes(htmlentities(str_replace($badchars, '', $dirname))); if(file_exists("users/$username/$dirname")) { echo "Error: Directory exists."; } else { if(!preg_match("/^[A-Za-z0-9-_]+$/", $dirname)) { echo "Characters only A-Z, 0-9, '_' and '-' in directory names"; } else { mkdir("users/$username/$dirname", 0777); //file_put_contents("users/$username/$dirname/index.html", ""); header("Location: ctrl.php"); } } } } else { echo "Error: No directory name specified."; } } // Remove file methods if($action=="remove") { if(isset($_GET['p'])) { $path = $_GET['p']; if(stristr($path, "..") == true) { header("Location: ctrl.php?action=backtracking_error"); } else { if(is_dir("users/$username/$path")) { if(isset($_GET['rf'])) { $file = stripslashes(htmlentities($_GET['rf'])); if(stristr($file, "..") == true) { header("Location: ctrl.php?action=backtracking_error"); } else { $filesize = filesize("users/$username/$path/$file"); $usage = file_get_contents("users/$username.usage"); $usage = $usage - $filesize; if(file_exists("users/$username/$path/$file")) { file_put_contents("users/$username.usage", $usage); unlink("users/$username/$path/$file"); header("refresh: 0,url=ctrl.php?p=$path"); } else { echo "Error: File does not exist"; } } } else { echo "Error: No file specified\n"; }// Close rf check // }// Close is_dir check // header("refresh: 0,url=ctrl.php?p=$path"); } header("refresh: 0,url=ctrl.php?p=$path"); } else { if(isset($_GET['rf'])) { $file = stripslashes(htmlentities($_GET['rf'])); if(stristr($file, "..") == true) { header("Location: ctrl.php?action=backtracking_error"); } else { $filesize = filesize("users/$username/$file"); $usage = file_get_contents("users/$username.usage"); $usage = $usage - $filesize; if(file_exists("users/$username/$file")) { file_put_contents("users/$username.usage", $usage); // Remove file usage // Form database unlink("users/$username/$file"); // remove file // } // Close if, on to else // else { echo "Error: File does not exist"; // Report no file // } header("Location: ctrl.php"); // Redirect // } // END of else bracket // } // Close rf check // } // END of else bracket // } if($action=="removedir") { if(isset($_GET['d'])) { $dir = stripslashes(htmlentities($_GET['d']));; if(stristr($dir, "..") == true) { header("Location: ctrl.php?action=backtracking_error"); } else { if(is_dir("users/$username/$dir")) { $dircontent = opendir("users/$username/$dir"); while(false!==($getfile = readdir($dircontent))) { if($getfile!=".." && $getfile!=".") { $filesize = filesize("users/$username/$dir/$getfile"); $usage = file_get_contents("users/$username.usage"); $usage = $usage - $filesize; file_put_contents("users/$username.usage", $usage); unlink("users/$username/$dir/$getfile"); } } rmdir("users/$username/$dir"); header("Location: ctrl.php"); // Redirect to main // } else { echo "Error: specified path is not a real directory\n"; }// END of is_dir check // } // END of else // } else { echo "Error: No directory specified."; } } } else { echo "
$title: $desc ~ file tree
\n"; echo "
\n"; if(isset($_GET['p'])) { $path = stripslashes(htmlentities($_GET['p'])); echo "Home • \n"; echo "Back to / • \n"; echo "Upload • \n"; echo "Create Directory \n"; //echo "• Drive URL "; echo "• Web URLLogout"; } else { echo "Home • \n"; echo "Upload • \n"; echo "Create Directory \n"; //echo "• Drive URL "; echo "• Web URLLogout"; } //echo "• Drive URL"; echo "
"; $size = file_get_contents("users/$username.usage"); $size = tomb($size); $user_max_webspace = tomb($user_max_webspace); echo "$username ~ $size / $user_max_webspace"; echo "
\n"; echo "Your virtual disk files:
"; if(isset($_GET['p'])) { if(is_dir("users/$username/" . $_GET['p'])) { $path = stripslashes(htmlentities($_GET['p'])); $userdb = opendir("users/$username/$path"); } else { $undefined_var = ""; } } else { $userdb = opendir("users/$username"); } if(isset($userdb)) { while(false !== ($file = readdir($userdb))) { if(isset($path)) { if(is_dir("users/$username/$path/$file") && $file!=".." && $file!=".") { echo "Folder"; echo substr($file, 0, $strlength); if(strlen($file) > $strlength) { echo "..."; } echo "Delete Directory
\n"; } else if($file!=".." && $file!=".") { echo "File"; echo substr($file, 0, $strlength); if(strlen($file) > $strlength) { echo "..."; } echo "Delete File
\n"; } } else { if(is_dir("users/$username/$file") && $file!=".." && $file!=".") { echo "Folder"; echo substr($file, 0, $strlength); if(strlen($file) > $strlength) { echo "..."; } echo "Delete Directory
\n"; } else if($file!=".." && $file!=".") { echo "File"; echo substr($file, 0, $strlength); if(strlen($file) > $strlength) { echo "..."; } echo "Delete File
\n"; } } } } else { echo "Error: Directory not found"; } echo "\n
\n"; } include_once("footer.php"); ?>