Menu
▾
▴
[Bobs-cvs] CVS: bobs admin.php,1.13,1.14 files.php,1.6,1.7 index.php,1.4,1.5 menu.php,1.6,1.7 stats.php,1.3,1.4 tree.php,1.4,1.5
|
From: Rene R. <ren...@us...> - 2002-10-26 02:01:40
|
Update of /cvsroot/bobs/bobs
In directory usw-pr-cvs1:/tmp/cvs-serv27654
Modified Files:
admin.php files.php index.php menu.php stats.php tree.php
Log Message:
Bobs should now run on php version from 4.0.6 to 4.2.x
several security issues were fixed. (debug flags and siteroot)
Minor fix in session management.
Index: admin.php
===================================================================
RCS file: /cvsroot/bobs/bobs/admin.php,v
retrieving revision 1.13
retrieving revision 1.14
diff -C2 -d -r1.13 -r1.14
*** admin.php 1 Sep 2002 02:22:36 -0000 1.13
--- admin.php 26 Oct 2002 02:01:34 -0000 1.14
***************
*** 3,8 ****
// BOBS Administration Interface
! if (isset($menu_bobs)){ // BOBS menu button pushed
! $bobsdir = dirname($PHP_SELF);
header("Location: $bobsdir"); // Redirect browser to BOBS main index
exit; // Make sure that code below does not get executed
--- 3,8 ----
// BOBS Administration Interface
! if (isset($_GET['menu_bobs'])){ // BOBS menu button pushed
! $bobsdir = dirname($_SERVER['PHP_SELF']);
header("Location: $bobsdir"); // Redirect browser to BOBS main index
exit; // Make sure that code below does not get executed
***************
*** 17,21 ****
// Logout selected, close the session
! if (isset($menu_logout)){
session_start();
session_unregister("admin");
--- 17,21 ----
// Logout selected, close the session
! if (isset($_GET['menu_logout'])){
session_start();
session_unregister("admin");
***************
*** 33,40 ****
--- 33,48 ----
$servercfg = new server(); // server configuration object
$serverlist = new selectlist("serverlist"); // Create the server list object
+ $_SESSION['admin'] = $admin;
+ $_SESSION['serverlist'] = $serverlist;
+ $_SESSION['servercfg'] = $servercfg;
}
+ $admin = &$_SESSION['admin'];
+ $servercfg = &$_SESSION['servercfg'];
+ $serverlist = &$_SESSION['serverlist'];
// Uncomment the following line for debugging
//$debug = 1;
+ // disable debug for now. It's not safe to do it this way, since user can add $debug without even logging in. (it reveals all passwords!)
+ unset($debug);
// Table border variable. Set to 1 for testing, otherwise set to 0.
***************
*** 59,97 ****
// $admin->puterrmsg();
// break;
! case (isset($menu_logout)): // logout button pressed
! case ($admin->check_admin($password) != "yes"): // not logged in
admin_login(); // login screen
break;
! case (isset($menu_servers)): // servers button pressed
! case (isset($login_button_OK)): // login OK button pressed
select_server(); // Server selection screen
break;
! case ($selectlist['name'] == "serverlist"): // Server list form action
! $itemval = $serverlist->getvalue($selectlist); // Get value of selected item
list($server_key, $server_name, $share_name)= split(",", $itemval[0], 3);
! switch ($serverlist->getaction($selectlist)) {
case ("Add"): // Create server button pressed
$servercfg->init_new_server($itemval[0], $itemval[1]);
// Init fields for new server
! edit_server("create", $itemval[0], $itemval[1]); // Server detail: create mode
break;
case ("Change"): // Change server button pressed
! edit_server("change", $server_name, $share_name); // Server detail: change mode
break;
case ("Delete"): // Delete server button pressed
! edit_server("delete", $server_name, $share_name); // Server detail: delete mode
break;
}
break;
! case (isset($edit_server_OK)): // On edit server detail already
! if (changed($settings) == TRUE){ // screen settings changed
! edit_server($mode_name, $server_name, $share_name); // redisplay edit server detail screen
} else { // screen settings did not change
! confirm_server($server_name, $share_name, $mode_name, $settings);
// confirm server changes screen
}
break;
! case (isset($save_changes)): // Commit the server changes to disk
! $servercfg->commit_changes($mode_name);
select_server(); // Back to server selection screen
break;
--- 67,105 ----
// $admin->puterrmsg();
// break;
! case (isset($_GET['menu_logout'])): // logout button pressed
! case ($admin->check_admin($_POST['password']) != "yes"): // not logged in
admin_login(); // login screen
break;
! case (isset($_GET['menu_servers'])): // servers button pressed
! case (isset($_POST['login_button_OK'])): // login OK button pressed
select_server(); // Server selection screen
break;
! case ($_POST['selectlist']['name'] == "serverlist"): // Server list form action
! $itemval = $serverlist->getvalue($_POST['selectlist']); // Get value of selected item
list($server_key, $server_name, $share_name)= split(",", $itemval[0], 3);
! switch ($serverlist->getaction($_POST['selectlist'])) {
case ("Add"): // Create server button pressed
$servercfg->init_new_server($itemval[0], $itemval[1]);
// Init fields for new server
! edit_server("create", $itemval[0], $itemval[1], $_POST['settings']); // Server detail: create mode
break;
case ("Change"): // Change server button pressed
! edit_server("change", $server_name, $share_name, $_POST['settings']); // Server detail: change mode
break;
case ("Delete"): // Delete server button pressed
! edit_server("delete", $server_name, $share_name, $_POST['settings']); // Server detail: delete mode
break;
}
break;
! case (isset($_POST['edit_server_OK'])): // On edit server detail already
! if (changed($_POST['settings']) == TRUE){ // screen settings changed
! edit_server($_POST['mode_name'], $_POST['server_name'], $_POST['share_name'], $_POST['settings']); // redisplay edit server detail screen
} else { // screen settings did not change
! confirm_server($_POST['server_name'], $_POST['share_name'], $_POST['mode_name'], $_POST['settings']);
// confirm server changes screen
}
break;
! case (isset($_POST['save_changes'])): // Commit the server changes to disk
! $servercfg->commit_changes($_POST['mode_name']);
select_server(); // Back to server selection screen
break;
***************
*** 132,136 ****
// variables outside scope of this function need to be declared as global
global $tableborder;
! global $PHP_SELF;
?>
<center><h2> Administrator Login </h2></center>
--- 140,144 ----
// variables outside scope of this function need to be declared as global
global $tableborder;
! $PHP_SELF = $_SERVER['PHP_SELF'];
?>
<center><h2> Administrator Login </h2></center>
***************
*** 165,169 ****
// variables outside scope of this function need to be declared as global
! global $tableborder, $PHP_SELF, $servercfg, $serverlist;
// Store the server field definitions
--- 173,178 ----
// variables outside scope of this function need to be declared as global
! global $tableborder, $servercfg, $serverlist;
! $PHP_SELF = $_SERVER['PHP_SELF'];
// Store the server field definitions
***************
*** 176,180 ****
<p><div class="instruction">Select a server to Change or Delete,
or type the name of a new Server/Share and click Create</div></p>
! <?
// Initialize the server list object
--- 185,189 ----
<p><div class="instruction">Select a server to Change or Delete,
or type the name of a new Server/Share and click Create</div></p>
! <?php
// Initialize the server list object
***************
*** 210,215 ****
// Used by: admin.php
// ----------------------------------------------------------------
! function edit_server($mode, $server, $share) {
! global $admin, $server_key, $settings, $tableborder;
// page heading
--- 219,225 ----
// Used by: admin.php
// ----------------------------------------------------------------
! function edit_server($mode, $server, $share, $settings) {
! global $admin, $server_key, $tableborder;
! $PHP_SELF = $_SERVER['PHP_SELF'];
// page heading
***************
*** 250,253 ****
--- 260,264 ----
function edit_server_detail($server, $mode, $settings) {
global $servercfg;
+ $PHP_SELF = $_SERVER['PHP_SELF'];
// Save server configuration in admin for use in other functions
Index: files.php
===================================================================
RCS file: /cvsroot/bobs/bobs/files.php,v
retrieving revision 1.6
retrieving revision 1.7
diff -C2 -d -r1.6 -r1.7
*** files.php 14 Sep 2002 13:53:23 -0000 1.6
--- files.php 26 Oct 2002 02:01:34 -0000 1.7
***************
*** 7,17 ****
*/
! $siteroot = getenv("DOCUMENT_ROOT") . dirname($PHP_SELF);
! require($siteroot . "/inc/config.php");
! require($siteroot . "/inc/class_backup.php");
! require($siteroot . "/inc/class_files.php");
! require($siteroot . "/inc/class_search.php");
! require($siteroot . "/inc/class_restore.php");
! require($siteroot . "/inc/class_db.php");
--- 7,16 ----
*/
! require("inc/config.php");
! require("inc/class_backup.php");
! require("inc/class_files.php");
! require("inc/class_search.php");
! require("inc/class_restore.php");
! require("inc/class_db.php");
***************
*** 20,24 ****
<html>
<head>
! <?php include($siteroot ."/js/selectall.js"); ?>
<title>Backupserver</title>
<link rel="STYLESHEET" href="look.css" type="text/css">
--- 19,23 ----
<html>
<head>
! <?php include("js/selectall.js"); ?>
<title>Backupserver</title>
<link rel="STYLESHEET" href="look.css" type="text/css">
***************
*** 27,37 ****
<?php
// get config from backup object
$config = $backup->get_config();
! $config["where"] = $where;
!
! if ( isset($restore) ) {
// create a restore object
--- 26,46 ----
<?php
+ // reference sessions variables we use
+ $backup = &$_SESSION['backup'];
+ $file = &$_SESSION['file'];
+
+ // variables passed through POSTs or GETs:
+ /*
+ show POST/GET
+ where POST/GET
+ files POST
+ restore POST
+ */
// get config from backup object
$config = $backup->get_config();
! $config["where"] = $_GET['where'];
! if ( isset($_POST['restore']) ) {
// create a restore object
***************
*** 39,47 ****
// save the path for later use
! $show = $path;
! if ( $restore == "add_files" ) {
// put files in restore list
! $html = $res->add_remove_files($files, "add");
echo "<b>Selected files were added to the restore queue</b><br>";
--- 48,56 ----
// save the path for later use
! $show = $_POST['show'];
! if ( $_POST['restore'] == "add_files" ) {
// put files in restore list
! $html = $res->add_remove_files($_POST['files'], "add");
echo "<b>Selected files were added to the restore queue</b><br>";
***************
*** 49,53 ****
// remove files from restore list
! $html = $res->add_remove_files($files, "remove");
echo "<b>Selected files were removed</b><br>";
--- 58,62 ----
// remove files from restore list
! $html = $res->add_remove_files($_POST['files'], "remove");
echo "<b>Selected files were removed</b><br>";
***************
*** 56,68 ****
}
! if ( isset($show) ) {
// show files in dir defined by $show
! // don't perform a new search when user requests a sort of the files
! if ( !isset($sort) ) {
// parse the path string
! $path = rawurldecode($show);
$path = rtrim($path, '|');
$path = explode('|', $path);
--- 65,83 ----
}
! if ( isset($show) || isset($_GET['show']) ) {
// show files in dir defined by $show
! // Perform a new search if the request was not a sort of the files
! if ( !isset($_GET['sort']) ) {
// parse the path string
! if ( isset($_POST['show']) ) {
! $path = rawurldecode($_POST['show']);
! $show = $_POST['show'];
! } else {
! $path = rawurldecode($_GET['show']);
! $show = $_GET['show'];
! }
$path = rtrim($path, '|');
$path = explode('|', $path);
***************
*** 73,83 ****
// unset previous file object if it exists
! session_unregister("file");
! if(!session_is_registered("file")) {
! //echo "was not registered";
$file = new files($config);
! $file->get_files($string, $where);
! session_register("file");
}
--- 88,97 ----
// unset previous file object if it exists
! unset($_SESSION['file']);
! if(!$_SESSION['file']) {
$file = new files($config);
! $file->get_files($string, $_GET['where']);
! $_SESSION['file'] = $file;
}
***************
*** 85,90 ****
// sort the files
! if ( isset($sort) ) {
! $file->sort_files($sort);
} else {
// default to sort by name if nothing was requested
--- 99,104 ----
// sort the files
! if ( isset($_GET['sort']) ) {
! $file->sort_files($_GET['sort']);
} else {
// default to sort by name if nothing was requested
***************
*** 94,114 ****
// get the file list in html and display it
$html = $file->files_show();
- // unset($file);
if ( $html == '' ) {
echo "No files were found in <b>$string</b>";
} else {
! if ( $where != "restore" ) {
! echo '<form name="filelist" action="files.php?where=' . $where . '" method="post">' . "\n";
echo '<input type="button" value=" Check All " onClick="this.value=check(this.form)">' . "\n";
echo '<input type="submit" value="Add selected files to queue">' . "\n";
echo '<input type="hidden" name="restore" value="add_files">' . "\n";
! echo '<input type="hidden" name="path" value="' . $show . '">' . "\n";
} else {
! echo '<form name="filelist" action="files.php?where=' . $where . '" method="post">' . "\n";
echo '<input type="button" value=" Check All " onClick="this.value=check(this.form)">' . "\n";
echo '<input type="submit" value="Remove selected files from queue">' . "\n";
echo '<input type="hidden" name="restore" value="remove_files">' . "\n";
! echo '<input type="hidden" name="path" value="' . $show . '">' . "\n";
}
echo "<p>Current location: <b>$string<br>";
--- 108,127 ----
// get the file list in html and display it
$html = $file->files_show();
if ( $html == '' ) {
echo "No files were found in <b>$string</b>";
} else {
! if ( $_GET['where'] != "restore" ) {
! echo '<form name="filelist" action="files.php?where=' . $_GET['where'] . '" method="post">' . "\n";
echo '<input type="button" value=" Check All " onClick="this.value=check(this.form)">' . "\n";
echo '<input type="submit" value="Add selected files to queue">' . "\n";
echo '<input type="hidden" name="restore" value="add_files">' . "\n";
! echo '<input type="hidden" name="show" value="' . $show . '">' . "\n";
} else {
! echo '<form name="filelist" action="files.php?where=' . $_GET['where'] . '" method="post">' . "\n";
echo '<input type="button" value=" Check All " onClick="this.value=check(this.form)">' . "\n";
echo '<input type="submit" value="Remove selected files from queue">' . "\n";
echo '<input type="hidden" name="restore" value="remove_files">' . "\n";
! echo '<input type="hidden" name="show" value="' . $show . '">' . "\n";
}
echo "<p>Current location: <b>$string<br>";
Index: index.php
===================================================================
RCS file: /cvsroot/bobs/bobs/index.php,v
retrieving revision 1.4
retrieving revision 1.5
diff -C2 -d -r1.4 -r1.5
*** index.php 1 Sep 2002 02:25:22 -0000 1.4
--- index.php 26 Oct 2002 02:01:35 -0000 1.5
***************
*** 7,40 ****
// this wil change to display a login of some type
! $siteroot = getenv("DOCUMENT_ROOT") . dirname($PHP_SELF);
!
! require($siteroot . '/inc/class_config.php');
! require($siteroot . '/inc/class_server.php');
session_start();
! if(!session_is_registered("srvcfg")) { // session/class name must be different than admin.php
! // to avoid conflicts when switching between the two.
$srvcfg = new server();
! session_register("srvcfg");
}
// check of user has submitted a login
! if ( isset($trylogin) ) {
! $result = $srvcfg->login($server, $loginname, $password);
}
// if the login was succesful then open the frames layout and continue
if ( $srvcfg->login_ok == "yes" ) {
! ?>
! <frameset ROWS="85,*">
! <frameset COLS="*,350">
<frame name="menu" src=menu.php>
<frame name="menu" src=stats.php>
</frameset>
! <frame name="workspace" src=workspace.php>
! </frameset>
! <?
}
-
?>
--- 7,47 ----
// this wil change to display a login of some type
! require('inc/class_config.php');
! require('inc/class_server.php');
! require('inc/class_backup.php');
! require('inc/config.php');
session_start();
! if ( !$_SESSION['srvcfg'] ) { // session/class name must be different than admin.php
! // to avoid conflicts when switching between the two.
$srvcfg = new server();
! $_SESSION['srvcfg'] = $srvcfg;
}
+ // reference the session
+ $srvcfg = &$_SESSION['srvcfg'];
// check of user has submitted a login
! if ( isset($_POST['trylogin']) ) {
! $result = $srvcfg->login($_POST['server'], $_POST['loginname'], $_POST['password']);
}
// if the login was succesful then open the frames layout and continue
if ( $srvcfg->login_ok == "yes" ) {
! // create a new object
! if( !$_SESSION['backup'] ) {
! //echo "umm... better register a session now..";
! $backup = new backup($sys_conf, $_SESSION['srvcfg']->get_config());
! $_SESSION['backup'] = $backup;
! }
! ?>
! <frameset ROWS="85,*">
! <frameset COLS="*,350">
<frame name="menu" src=menu.php>
<frame name="menu" src=stats.php>
+ </frameset>
+ <frame name="workspace" src=workspace.php>
</frameset>
! <?php
}
?>
Index: menu.php
===================================================================
RCS file: /cvsroot/bobs/bobs/menu.php,v
retrieving revision 1.6
retrieving revision 1.7
diff -C2 -d -r1.6 -r1.7
*** menu.php 14 Sep 2002 13:53:23 -0000 1.6
--- menu.php 26 Oct 2002 02:01:35 -0000 1.7
***************
*** 1,19 ****
<?php
! $siteroot = getenv("DOCUMENT_ROOT") . dirname($PHP_SELF);
! require($siteroot . "/inc/class_backup.php");
! require($siteroot . "/inc/class_config.php");
! require($siteroot . "/inc/class_server.php");
! require($siteroot . "/inc/config.php");
!
! session_start();
!
! // create a new object
! if(!session_is_registered("backup")) {
! //echo "umm... better register a session now..";
! $backup = new backup($sys_conf, $srvcfg->get_config());
! session_register("backup");
! }
!
?>
--- 1,5 ----
<?php
! // nothing to be done here
?>
Index: stats.php
===================================================================
RCS file: /cvsroot/bobs/bobs/stats.php,v
retrieving revision 1.3
retrieving revision 1.4
diff -C2 -d -r1.3 -r1.4
*** stats.php 8 Jul 2002 21:34:01 -0000 1.3
--- stats.php 26 Oct 2002 02:01:35 -0000 1.4
***************
*** 3,15 ****
// display status about shell scrips
! $siteroot = getenv("DOCUMENT_ROOT") . dirname($PHP_SELF);
!
! require($siteroot . "/inc/config.php");
! require($siteroot . "/inc/class_backup.php");
! //require($siteroot . "/inc/class_files.php");
! //require($siteroot . "/inc/class_search.php");
! //require($siteroot . "/inc/class_restore.php");
session_start();
// display status of shell scripts
--- 3,11 ----
// display status about shell scrips
! require("inc/config.php");
! require("inc/class_backup.php");
session_start();
+ $backup = &$_SESSION['backup'];
// display status of shell scripts
***************
*** 30,33 ****
--- 26,30 ----
echo "<b>" . date("F j, Y g:i:s a") . "</b><br>";
+ // FIXME: is this a security issue?
$shell = "tail -n 5 " . $backup->processdir . "/shstats\n";
$stats = `$shell`;
Index: tree.php
===================================================================
RCS file: /cvsroot/bobs/bobs/tree.php,v
retrieving revision 1.4
retrieving revision 1.5
diff -C2 -d -r1.4 -r1.5
*** tree.php 14 Sep 2002 13:53:23 -0000 1.4
--- tree.php 26 Oct 2002 02:01:35 -0000 1.5
***************
*** 3,38 ****
// tree.php
// definition: show dir trees
!
! $siteroot = getenv("DOCUMENT_ROOT") . dirname($PHP_SELF);
! require_once($siteroot . "/inc/config.php");
! require_once($siteroot . "/inc/class_backup.php");
! require_once($siteroot . "/inc/class_tree.php");
! require_once($siteroot . "/inc/class_db.php");
session_start();
! // create a new object
! if ( isset($where) ) {
$config = $backup->get_config();
! $config["where"] = $where;
}
! $treehref = dirname($PHP_SELF) . "/tree.php";
! $filehref = dirname($PHP_SELF) . "/files.php";
// target frame
$target = "files";
! if(!session_is_registered("htree")) {
! //echo "was not registered";
$htree = new tree($config, $treehref , $filehref, $target);
! session_register("htree");
}
// is the htree configured correctly or do we need to reconfigure
! if ( $htree->where != $where ) {
//echo "new configuration";
$config = $backup->get_config();
! $config[where] = $where;
$htree->tree($config, $treehref , $filehref, $target);
--- 3,44 ----
// tree.php
// definition: show dir trees
! require_once("inc/config.php");
! require_once("inc/class_backup.php");
! require_once("inc/class_tree.php");
! require_once("inc/class_db.php");
session_start();
! // reference the session varieables we use
! $backup = &$_SESSION['backup'];
! /* variables passed
! collapse
! expand
! where
! show
! */
!
! if ( isset($_GET['where']) ) {
$config = $backup->get_config();
! $config["where"] = $_GET['where'];
}
! $treehref = dirname($_SERVER['PHP_SELF']) . "/tree.php";
! $filehref = dirname($_SERVER['PHP_SELF']) . "/files.php";
// target frame
$target = "files";
! if(!$_SESSION["htree"]) {
$htree = new tree($config, $treehref , $filehref, $target);
! $_SESSION['htree'] = $htree;
}
+ $htree = &$_SESSION['htree'];
// is the htree configured correctly or do we need to reconfigure
! if ( $htree->where != $_GET['where'] ) {
//echo "new configuration";
$config = $backup->get_config();
! $config['where'] = $_GET['where'];
$htree->tree($config, $treehref , $filehref, $target);
***************
*** 50,70 ****
// browse dirs
! if (!isset($expand)) {
$expand = '';
}
! if (!isset($collapse)) {
$collapse = '';
}
! if (!isset($show)) {
$show = '';
}
! $result = $htree->dirtree_show($expand, $collapse);
echo $result;
-
- // check if we should kill this session
- if ( isset ($end_session) ) {
- session_unregister("htree");
- }
-
?>
</pre>
--- 56,70 ----
// browse dirs
! if (!isset($_GET['expand'])) {
$expand = '';
}
! if (!isset($_GET['collapse'])) {
$collapse = '';
}
! if (!isset($_GET['show'])) {
$show = '';
}
! $result = $htree->dirtree_show($_GET['expand'], $_GET['collapse']);
echo $result;
?>
</pre>
|
