Zubrag.com
December 09, 2019, 07:50:25 AM *
Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
 
   Home   Help Search Login Register  
Pages: [1]
  Print  
Author Topic: File Manager  (Read 10206 times)
smithster
Web Trade Pro
Newbie
*
Posts: 27


WWW
« on: October 30, 2007, 07:19:07 PM »

Well it isn't one of your scripts, hence why I'm posting this in here.  I found this at another site but there is no forum and no way of seeking help on it.

Basically, it allows you to use file manager without the need to visit cpanel.  Only it doesn't work too well for me!!  It shows me all the files and folders on a page with the frames set out in the way that cpanel's file manager is set out.  Only it is very messed up and throws out an error also.  I wondered if you might be able to take a look at it.

Code:
<?php
//SEE README.txt
DEFINE('CP_USERNAME''user');
DEFINE('CP_PASSWORD''password');
DEFINE('CP_THEME''vertex');
DEFINE('CP_DOMAIN'$_SERVER['HTTP_HOST']);
DEFINE('DOC_ROOT'$_SERVER['DOCUMENT_ROOT']);
DEFINE('HIDE_ME'TRUE);
DEFINE('DYNAMIC_IMAGES'TRUE);
//END EDITABLE CONFIGURATION

DEFINE('FILEMAN_DIR'getcwd());
DEFINE('CP_FILEMAN_URL''https://'.CP_USERNAME.':'.CP_PASSWORD.'@'.CP_DOMAIN.':2083/frontend/'.CP_THEME.'/files/');

$qs '?';
$page2get '';


if(
DYNAMIC_IMAGES && isset($_GET['img'])){
  
$url CP_FILEMAN_URL;
  
$image =  $_GET['img'];

  if(
strpos($_GET['img'], '../') !== false){
    
$url str_replace('files/'''$url);
    
$image str_replace('../'''$image);
  }

  
$imgParts explode('.'$image);
  
$imgType $imgParts[count($imgParts)-1];
  
header("Content-type: image/$imgType");
  echo 
file_get_contents($url.$image);
  exit;
}

/*
cpanel sometimes does redirects after performing actions.
this produces 404 ErrorDocuments
this should catch those.
*/
if(isset($_SERVER['REDIRECT_URL'])) {
  
$page2get basename($_SERVER['REDIRECT_URL']);
  
$qs .= $_SERVER['REDIRECT_QUERY_STRING'];
}
else{
  
$page2get $_GET['cp'];
  
  if(!empty(
$_SERVER['QUERY_STRING'])){
  $qs .= str_replace('cp='.$page2get.'&'''$_SERVER['QUERY_STRING']);
  }
}

/*
just default to this dir in some weird case
*/
if($page2get == 'list.html' && empty($_GET['dir'])){
$qs .= 'dir='.DOC_ROOT;
}

$pageContent file_get_contents(CP_FILEMAN_URL.$page2get.$qs);

//replace anchor hrefs
$pattern '/href=".*?([a-zA-Z]+\.html)\?/';
$replace 'href="'.$_SERVER['PHP_SELF'].'?cp=$1&';
$pageContent preg_replace($pattern$replace$pageContent);

/*
add "cp" to forms, change POSTs to GETs
*/
if(strpos($pageContent'<form ') !== FALSE){
  if(
strpos($pageContent'method=POST') !== FALSE){
    
$pageContent str_replace('method=POST'''$pageContent);
  }
  
preg_match('/action="(.*?)"/'$pageContent$formAction);
  
$pageContent str_replace('</form>''<input type="hidden" name="cp" value="'.$formAction[1].'"></form>'$pageContent);
}

//replace img srcs
if(DYNAMIC_IMAGES){
  
$pageContent preg_replace('/src="(.*?images.*?)"/','src="fileman.php?img=$1"'$pageContent);
}

if(
HIDE_ME && $page2get == 'list.html' || $page2get == 'fileop.html'){

  
//if they got in the directory somehow, send em back to go
  
if($_GET['dir'] == FILEMAN_DIR || $_GET['dir'] == str_replace('public_html''www'FILEMAN_DIR)){
    
$qs '?cp='.$page2get;
    if(isset(
$_GET['fileop'])){
      
$qs .= '&fileop='.$_GET['fileop'];
    }
    if(isset(
$_GET['opfile'])){
       
$qs .= '&opfile='.$_GET['opfile'];
    }
    
header('Location: '.$_SERVER['PHP_SELF'].$qs);
    exit;
  }
  
  
$dirpattern '';
  if(
$page2get == 'list.html'){
    
$dirpattern '@^<tr>.*?target=infofr>'.basename(FILEMAN_DIR).'</a>.*?</tr>$@m';
  }
  elseif(
$page2get == 'fileop.html'){
    
$dirpattern '@^<br><a.*?target=infofr>'.basename(FILEMAN_DIR).'</a>$@m';
  }
  if(!empty(
$dirpattern)){
    
$pageContent preg_replace($dirpattern,'',$pageContent);
  }
}

echo 
$pageContent;
?>


If I run this, I get this error...
Warning: file_get_contents() [function.file-get-contents]: SSL: fatal protocol error in /home/psmith83/public_html/simplywebhost/cpanelswh/fmgr/fileman.php on line 59

I tried to see if I could use cURL with this but didn't get anywhere with it at all!

Logged

S
zubrag
Administrator
Hero Member
*****
Posts: 788


WWW
« Reply #1 on: October 31, 2007, 03:52:29 AM »

What if you change

DEFINE('CP_FILEMAN_URL', 'https://'.CP_USERNAME.':'.CP_PASSWORD.'@'.CP_DOMAIN.':2083/frontend/'.CP_THEME.'/files/');

to

DEFINE('CP_FILEMAN_URL', 'http://'.CP_USERNAME.':'.CP_PASSWORD.'@'.CP_DOMAIN.':2082/frontend/'.CP_THEME.'/files/');

It would not use https, but working via https seems to be causing problems for php on your server. Looks like PHP needs to be specifically compiled to support https.
Logged
smithster
Web Trade Pro
Newbie
*
Posts: 27


WWW
« Reply #2 on: October 31, 2007, 12:51:43 PM »

Thanks Zubrag, made that change, unfortunately it didn't improve anything.  In fact, nothing showed up at all.  Except the following error...

Warning: file_get_contents(http://...@www.simplywebhost.co.uk:2083/frontend/x/files/list.html?cp=list.htmldir=/home/psmith83/public_html/simplywebhost) [function.file-get-contents]: failed to open stream: HTTP request failed! HTTP/1.1 500 Internal Error in /home/psmith83/public_html/simplywebhost/cpanelswh/fmgr/fileman.php on line 59
Logged

S
zubrag
Administrator
Hero Member
*****
Posts: 788


WWW
« Reply #3 on: November 01, 2007, 06:52:14 AM »

Looks like file manager can only work via https Sad

What is the webserver? Apache or IIS? 

php documentation states

When using SSL, Microsoft IIS will violate the protocol by closing the connection without sending a close_notify indicator. PHP will report this as "SSL: Fatal Protocol Error" when you reach the end of the data. To workaround this, you should lower your error_reporting level not to include warnings. PHP 4.3.7 and higher can detect buggy IIS server software when you open the stream using the https:// wrapper and will suppress the warning for you. If you are using fsockopen() to create an ssl:// socket, you are responsible for detecting and suppressing the warning yourself.

Try adding php following code at the beginning of the script to suppress warnings and notices:
error_reporting(E_ALL ^ E_NOTICE ^ E_WARNING);
Logged
smithster
Web Trade Pro
Newbie
*
Posts: 27


WWW
« Reply #4 on: November 02, 2007, 05:16:06 AM »

Any possibilitys of you releasing a script that uses cpanel's filemanager Zubrag?  I think this script is just too insecure.  I can't even get it to use another directory as the root directory.  Currently, it just gives you access to absolutely everything!!!  Just no good!!
Logged

S
zubrag
Administrator
Hero Member
*****
Posts: 788


WWW
« Reply #5 on: November 02, 2007, 12:25:00 PM »

Unfortunately i lost my cpanel account after moving site to another server. Someone on the forum provided me with free access to cPanel to develop/test cPAnel scripts, but i have to find who and if account is still in place. I will not be able to develop more cpanel scripts without having access to cPanel Sad   Will check and post update here.
Logged
Pages: [1]
  Print  
 
Jump to:  

Powered by SMF 1.1.11 | SMF © 2006-2009, Simple Machines LLC