Viewing file:  connector.php (3.54 KB) -rw-r--r--
Select action/file-type:
 (+) |  (+) |  (+) | Code (+) | Session (+) |  (+) | SDB (+) |  (+) |  (+) |  (+) |  (+) |  (+) |
<?php
/*
* FCKeditor - The text editor for Internet - http://www.fckeditor.net
* Copyright (C) 2003-2007 Frederico Caldeira Knabben
*
* == BEGIN LICENSE ==
*
* Licensed under the terms of any of the following licenses at your
* choice:
*
* - GNU General Public License Version 2 or later (the "GPL")
* http://www.gnu.org/licenses/gpl.html
*
* - GNU Lesser General Public License Version 2.1 or later (the "LGPL")
* http://www.gnu.org/licenses/lgpl.html
*
* - Mozilla Public License Version 1.1 or later (the "MPL")
* http://www.mozilla.org/MPL/MPL-1.1.html
*
* == END LICENSE ==
*
* This is the File Manager Connector for PHP.
*/
ob_start() ;
require('./config.php') ;
require('./util.php') ;
require('./io.php') ;
require('./basexml.php') ;
require('./commands.php') ;
require('./phpcompat.php') ;
if ( !$Config['Enabled'] )
SendError( 1, 'This connector is disabled. Please check the "editor/filemanager/connectors/php/config.php" file' ) ;
/////////////
require_once("../../../../../inc_config.php");
global $db_host,$db_user,$db_pass,$db_name;
$tmpdblink = @mysql_connect($db_host,$db_user,$db_pass) or die("Database error: Cannot establish connection.");
@mysql_select_db($db_name,$tmpdblink) or die("Database error: Cannot select database.");
if (isset($_COOKIE['login_user'])) {
$cookiecontent = $_COOKIE['login_user'];
$cookieitem = explode("#",$cookiecontent);
$cookie_id = intval($cookieitem[0]);
$cookie_user = $cookieitem[1]; //md5
$cookie_pass = $cookieitem[2]; //md5
//Database Account Control
$cookcheck = mysql_fetch_assoc(mysql_query("SELECT user,pass FROM memht_utenti WHERE id=$cookie_id AND rank>1"));
if ($cookcheck) {
$dblogin_user = $cookcheck['user'];
$dblogin_pass = $cookcheck['pass']; //md5
if ($cookie_user=!md5($dblogin_user) OR $cookie_pass=!$dblogin_pass) {
setcookie("login_user","",time()-31536000,"/"); //-1year
@mysql_close($tmpdblink);
die("Access Denied: This file is accessible only by administrators");
exit(); //2 is better than 1
}
}
} else {
@mysql_close($tmpdblink);
die("Access Denied: This file is accessible only by administrators");
exit(); //2 is better than 1
}
@mysql_close($tmpdblink);
/////////////
DoResponse() ;
function DoResponse()
{
if (!isset($_GET)) {
global $_GET;
}
if ( !isset( $_GET['Command'] ) || !isset( $_GET['Type'] ) || !isset( $_GET['CurrentFolder'] ) )
return ;
// Get the main request informaiton.
$sCommand = $_GET['Command'] ;
$sResourceType = $_GET['Type'] ;
$sCurrentFolder = GetCurrentFolder() ;
// Check if it is an allowed command
if ( ! IsAllowedCommand( $sCommand ) )
SendError( 1, 'The "' . $sCommand . '" command isn\'t allowed' ) ;
// Check if it is an allowed type.
if ( !IsAllowedType( $sResourceType ) )
SendError( 1, 'Invalid type specified ('.$sResourceType.')' ) ;
// File Upload doesn't have to Return XML, so it must be intercepted before anything.
if ( $sCommand == 'FileUpload' )
{
FileUpload( $sResourceType, $sCurrentFolder, $sCommand ) ;
return ;
}
CreateXmlHeader( $sCommand, $sResourceType, $sCurrentFolder ) ;
// Execute the required command.
switch ( $sCommand )
{
case 'GetFolders' :
GetFolders( $sResourceType, $sCurrentFolder ) ;
break ;
case 'GetFoldersAndFiles' :
GetFoldersAndFiles( $sResourceType, $sCurrentFolder ) ;
break ;
case 'CreateFolder' :
CreateFolder( $sResourceType, $sCurrentFolder ) ;
break ;
}
CreateXmlFooter() ;
exit ;
}
?>
|