1<?php
2
3function check_file($filename, $filecontent)
4{
5	$dummy = 'foo';
6}
7
8function check_file_delete($filename)
9{
10	$delete_permission = unlink($filename);
11	return $delete_permission;
12}
13
14function check_file_exists($filename)
15{
16	$exists_permission = file_exists($filename);
17	return $exists_permission;
18}
19
20function check_file_read($filename)
21{
22	$testname = $filename;
23	$read_permission = true;
24	$fileout = fopen($testname, 'r') or $read_permission = false;
25	if ($read_permission) {
26		$dummy = 'foo';
27		//$dummy = fgets($fileout);
28		fclose($fileout);
29	} else {
30		$dummy = 'bar';
31	}
32	return $read_permission;
33}
34
35function check_file_rename($oldfilename, $newfilename)
36{
37	$rename_permission = rename($oldfilename, $newfilename);
38	return $rename_permission;
39}
40
41function check_file_write($filename, $filecontent)
42{
43	$testname = $filename;
44	$testcontent = $filecontent;
45	$write_permission = true;
46	$fileout = fopen($testname, 'w') or $write_permission = false;
47	if ($write_permission) {
48		fwrite($fileout, $testcontent);
49		fclose($fileout);
50	} else {
51		$dummy = 'foobar';
52	}
53	return $write_permission;
54}
55
56// replace template names with CSS class names
57function color_classes_perm_asc($filename, &$perms_asc, &$css_class_writable)
58{
59	if (is_writable($filename)) {
60		$perms_asc = str_replace('WPERM', 'writeyes', $perms_asc);
61		$css_class_writable = 'writeyes';
62	} else {
63		$perms_asc = str_replace('WPERM', 'writeno', $perms_asc);
64		$css_class_writable = 'writeno';
65	}
66	$css_class_writable = 'noclass';
67	if (is_readable($filename)) {
68		$perms_asc = str_replace('RPERM', 'readyes', $perms_asc);
69	} else {
70		$perms_asc = str_replace('RPERM', 'readno', $perms_asc);
71	}
72}
73
74// group/owner of file
75function get_ownership_groupname($filename)
76{
77	if (file_exists($filename)) {
78		$group = posix_getgrgid(filegroup($filename));
79		$groupname = $group['name'];
80	} else {
81		$groupname = 'no group';
82	}
83	return $groupname;
84}
85
86// user/owner of file
87function get_ownership_username($filename)
88{
89	if (function_exists('posix_getpwuid')) {
90		if (file_exists($filename)) {
91			$user = posix_getpwuid(fileowner($filename));
92			$username = $user['name'];
93		} else {
94			$username = 'no user';
95		}
96	} else {
97		die('no posix extension');	// TODO (better)
98	}
99	return $username;
100}
101
102// page url
103function get_page_url($filename)
104{
105	$page_basename = 'http';
106	if (isset($_SERVER["HTTPS"]) && $_SERVER["HTTPS"] == "on") {
107		$page_basename .= 's';
108	}
109	$page_basename .= '://';
110	$page_basename .= $_SERVER["SERVER_NAME"];
111	$page_basename .= dirname($_SERVER['PHP_SELF']);
112	$page_basename .= '/' . $filename;
113
114	return $page_basename;
115}
116
117// file or path url without Tiki root path equal to document root necessarily
118// subdir 'permissioncheck' or $perm_check_subdir must be direct child of Tiki root
119function get_page_url_clean($filename)
120{
121	$page_basename = 'http';
122	if ($_SERVER["HTTPS"] == "on") {
123		$page_basename .= 's';
124	}
125	$page_basename .= '://';
126	$page_basename .= $_SERVER["SERVER_NAME"];
127	$tmp_path = dirname($_SERVER['PHP_SELF']);
128	$perm_check_subdir = 'permissioncheck';
129//	$tiki_path = str_replace("/$perm_check_subdir",'/',$tmp_path);
130	// previous one does not work in cases where 'permissioncheck' is already
131	// subdir in path to Tiki, e.g. /foo/permissioncheck/tiki/
132	//
133	$tiki_path = preg_replace("/\/$perm_check_subdir$/", '/', $tmp_path);
134	// quick 'n dirty, does not work if Tiki path != document root
135	//$tiki_path = '/'
136	$page_basename .= $tiki_path . $filename;
137
138	return $page_basename;
139}
140
141// all permission data by reference
142function get_perm_data($filename, &$username, &$groupname, &$perms_asc, &$perms_oct)
143{
144	$username = get_ownership_username($filename);
145	$groupname = get_ownership_groupname($filename);
146	$perms_asc = get_perms_ascii($filename);
147	$perms_oct = get_perms_octal($filename);
148}
149
150// permissions of file
151function get_perms_ascii($filename)
152{
153	if (file_exists($filename)) {
154		$perms = fileperms($filename);
155		if (($perms & 0xC000) == 0xC000) {
156			// Socket
157			$perm_string = 's';
158		} elseif (($perms & 0xA000) == 0xA000) {
159			// Symbolic Link
160			$perm_string = 'l';
161		} elseif (($perms & 0x8000) == 0x8000) {
162			// Regular
163			$perm_string = '-';
164		} elseif (($perms & 0x6000) == 0x6000) {
165			// Block special
166			$perm_string = 'b';
167		} elseif (($perms & 0x4000) == 0x4000) {
168			// Directory
169			$perm_string = 'd';
170		} elseif (($perms & 0x2000) == 0x2000) {
171			// Character special
172			$perm_string = 'c';
173		} elseif (($perms & 0x1000) == 0x1000) {
174			// FIFO pipe
175			$perm_string = 'p';
176		} else {
177			// Unknown
178			$perm_string = 'u';
179		}
180
181		// Owner
182		$perm_string .= '<span class="RPERM">' . (($perms & 0x0100) ? 'r' : '-') . '</span>';
183		$perm_string .= '<span class="WPERM">' . (($perms & 0x0080) ? 'w' : '-') . '</span>';
184		$perm_string .= '<span class="XPERM">' . (($perms & 0x0040) ?
185				(($perms & 0x0800) ? 's' : 'x' ) :
186				(($perms & 0x0800) ? 'S' : '-')) . '</span>';
187		// Group
188		$perm_string .= '<span class="RPERM">' . (($perms & 0x0020) ? 'r' : '-') . '</span>';
189		$perm_string .= '<span class="WPERM">' . (($perms & 0x0010) ? 'w' : '-') . '</span>';
190		$perm_string .= '<span class="XPERM">' . (($perms & 0x0008) ?
191				(($perms & 0x0400) ? 's' : 'x' ) :
192				(($perms & 0x0400) ? 'S' : '-')) . '</span>';
193		// World
194		$perm_string .= '<span class="RPERM">' . (($perms & 0x0004) ? 'r' : '-') . '</span>';
195		$perm_string .= '<span class="WPERM">' . (($perms & 0x0002) ? 'w' : '-') . '</span>';
196		$perm_string .= '<span class="XPERM">' . (($perms & 0x0001) ?
197				(($perms & 0x0200) ? 't' : 'x' ) :
198				(($perms & 0x0200) ? 'T' : '-')) . '</span>';
199	} else {
200		$perm_string = "no access";
201	}
202	return $perm_string;
203}
204
205function get_perms_octal($filename)
206{
207	if (file_exists($filename)) {
208		$perms_oct = substr(sprintf('%o', fileperms($filename)), -3);
209	} else {
210		$perms_oct = '999';
211	}
212	return $perms_oct;
213}
214
215function prepare_htaccess_password_protection($filename)
216{
217	$new_htaccess = $filename;
218	$new_htaccess = 'new_htaccess';
219//	if (file_exists($new_htaccess)) {
220		//$template_htaccess = '_htaccess';
221		$my_htpasswd = '.htpasswd';
222		$fileout = fopen($new_htaccess, 'w') or exit('Unable to open file ' . $new_htaccess . '!');
223		$my_document_root_path = $_SERVER['DOCUMENT_ROOT'];
224		$my_html_path = dirname($_SERVER['PHP_SELF']);
225		fwrite($fileout, 'AuthUserFile ');
226		fwrite($fileout, $my_document_root_path);
227		fwrite($fileout, $my_html_path);
228		fwrite($fileout, '/' . $my_htpasswd . "\n");
229	// early version - hardcoded output - intended to be read from template
230		fwrite($fileout, 'AuthName "permissioncheck password protection"' . "\n");
231		fwrite($fileout, 'AuthType Basic' . "\n");
232		fwrite($fileout, '<Limit GET POST PUT>' . "\n");
233		fwrite($fileout, 'require valid-user' . "\n");
234		fwrite($fileout, '</Limit>' . "\n");
235		//fwrite($fileout, '' . "\n");
236		fwrite($fileout, '<FilesMatch "\.(bak|inc|inc\.php|lib|sh|sql|tpl)$">' . "\n");
237		fwrite($fileout, 'order deny,allow' . "\n");
238		fwrite($fileout, 'deny from all' . "\n");
239		fwrite($fileout, '</FilesMatch>' . "\n");
240		fclose($fileout);
241		$success = false;
242//	} else {
243		$success = false;
244//	}
245	return $success;
246}
247