defining page layout. Can be px, pt, em, or %. Assumes px otherwise.
$WIDE_VIEW_WIDTH = '97%'; //Width to set Edit page if [Wide View] is clicked. Can be px, pt, em, or %. Assumes px otherwise.
$WORD_WRAP = "on"; //"on" or (anything else) =="off". Word-wrap state on page load of edit page. Once on page, word-wrap can toggle on/off.
$TAB_SIZE = 8; //Some browsers recognize a css tab-size. Some don't. If your's doesn't, LEAVE AT 8. (IE/Edge, as of mid-2016)
$MAX_EDIT_SIZE = 200000; // Edit gets flaky with large files in some browsers. Trial and error your's.
$MAX_VIEW_SIZE = 1000000; // If file > $MAX_EDIT_SIZE, don't even view in OneFileCMS.
// The default max view size is completely arbitrary. Basically, it was 2am, and seemed like a good idea at the time.
$MAX_IMG_W = 810; //Max width (in px) to display images. (main width is 810)
$MAX_IMG_H = 1000; //Max height (in px). I don't know, it just looks reasonable.
$UPLOAD_FIELDS = 10; //Number of upload fields on Upload File(s) page. Max value is ini_get('max_file_uploads').
$FAVICON = "favicon.ico"; //Path is relative to root of website.
$EXCLUDED_FILES = ""; //csv list of filenames to exclude from directory listings- CaSe sEnsiTive!
$EDIT_FILES = "svg,asp,cfg,conf,csv,css,dtd,htm,html,xhtml,htaccess,ini,js,log,markdown,md,php,pl,txt,text"; //Editable file types.
$SHOW_FILES = "*"; // Shown types; only files of the given types should show up in the file-listing
// Use $SHOW_FILES exactly like $EDIT_FILES: a list of extensions separated by commas.
// If $SHOW_FILES is set to null - by intention or by error - only folders will be shown.
// If $SHOW_FILES is set to the *-wildcard (the default), all files will show up.
// If $SHOW_FILES is set to "html,htm" for example, only file with the extension "html" or "htm" will get listed.
$SHOW_IMGS = "jpg,gif,png,bmp,ico"; //image types to display on edit page.
//File types (extensions). _ftypes & _fclass must have the same number of values. bin is default.
$FILE_TYPES = "bin,z,gz,7z,zip,jpg,gif,png,bmp,ico,svg,asp,cfg,conf,csv,css,dtd,htm,html,xhtml,htaccess,ini,js,log,markdown,md,php,pl,txt,text";
//Cooresponding file classes to _ftypes - used to determine icons for directory listing.
$FILE_CLASSES = "bin,z,z ,z ,z ,img,img,img,img,img,svg,txt,txt,cfg ,txt,css,txt,htm,htm ,htm ,txt ,txt,txt,txt,txt ,txt,php,php,txt,txt";
$EX = '( ! ) '; //EXclaimation point "icon" Used in $MESSAGE's
$PAGEUPDOWN = 10; //Number of rows to jump using Page Up/Page Down keys on directory listing.
$SESSION_NAME = 'OFCMS'; //Name of session cookie. Change if using multiple copies of OneFileCMS concurrently.
//Restrict access to a particular folder. Leave empty for access to entire website.
// "some/path/" is relative to root of website (with no leading slash).
//$ACCESS_ROOT = 'some/path/';
//URL of optional external style sheet. Used as an href in
//If file is not found, or is incomplete, built-in defaults will be used.
//$CSS_FILE = 'OneFileCMS.css';
//Notes for $LANGUAGE_FILE, $WYSIWYG_PLUGIN, and $CONFIG_FILE:
//
// Filename paths can be:
// 1) Absolute to the filesystem: "/some/path/from/system/root/somefile.php" or
// 2) Relative to root of website: "some/path/from/web/root/somefile.php"
//Name of optional external language file. If file is not found, the built-in defaults will be used.
//$LANGUAGE_FILE = "OneFileCMS.LANG.EN.php";
//Init file for optional external wysiwyg editor.
//Sample init files are availble in the "extras\" folder of the OneFileCMS repo, but the actual editors are not.
//$WYSIWYG_PLUGIN = 'plugins/plugin-tinymce_init.php';
//$WYSIWYG_PLUGIN = 'plugins/plugin-ckeditor_init.php';
//Name of optional external config file. Any settings it contains will supersede those above.
//See the sample file in the OneFileCMS github repo for format example.
//$CONFIG_FILE = 'OneFileCMS.config.SAMPLE.php';
//end CONFIGURABLE OPTIoNS *****************************************************
function System_Setup() {//*****************************************************
global $_, $MAX_IDLE_TIME, $LOGIN_ATTEMPTS, $LOGIN_DELAYED,
$MAIN_WIDTH, $WIDE_VIEW_WIDTH, $MAX_EDIT_SIZE, $MAX_VIEW_SIZE, $EXCLUDED_FILES,
$EDIT_FILES, $SHOW_FILES, $SHOW_IMGS, $FILE_TYPES, $FILE_CLASSES,
$SHOWALLFILES, $ETYPES, $STYPES, $ITYPES, $FTYPES, $FCLASSES, $EXCLUDED_LIST,
$LANGUAGE_FILE, $ACCESS_ROOT, $ACCESS_ROOT_len, $WYSIWYG_PLUGIN, $WYSIWYG_VALID, $WYSIWYG_PLUGIN_OS,
$INVALID_CHARS, $WHSPC_SLASH, $VALID_PAGES, $LOGIN_LOG_url, $LOGIN_LOG_file,
$ONESCRIPT, $ONESCRIPT_file, $ONESCRIPT_backup, $ONESCRIPT_file_backup,
$CONFIG_backup, $CONFIG_FILE, $CONFIG_FILE_backup, $VALID_CONFIG_FILE,
$DOC_ROOT, $DOC_ROOT_OS, $WEB_ROOT, $WEBSITE, $PRE_ITERATIONS, $EX, $MESSAGE, $ENC_OS,
$DELAY_Expired_Reload, $DELAY_Sort_and_Show_msgs, $DELAY_Start_Countdown, $DELAY_final_messages, $MIN_DIR_ITEMS;
//Requires PHP 5.1 or newer, due to changes in explode() (and maybe others).
define('PHP_VERSION_ID_REQUIRED',50100); //Ex: 5.1.23 is 50123
define('PHP_VERSION_REQUIRED' ,'5.1 + '); //Used in exit() message.
//The predefined constant PHP_VERSION_ID has only been available since 5.2.7.
//So, if needed, convert PHP_VERSION (a string) to PHP_VERSION_ID (an integer).
//Ex: 5.1.23 converts to 50123.
if (!defined('PHP_VERSION_ID')) {
$phpversion = explode('.', PHP_VERSION);
define('PHP_VERSION_ID', ($phpversion[0] * 10000 + $phpversion[1] * 100 + $phpversion[2]));
}
if( PHP_VERSION_ID < PHP_VERSION_ID_REQUIRED ) {
exit( 'PHP '.PHP_VERSION.' '.hsc($_['OFCMS_requires']).' '.PHP_VERSION_REQUIRED );
}
mb_detect_order("UTF-8, ASCII, Windows-1252, ISO-8859-1");
//Get server's File System encoding. Windows NTFS uses ISO-8859-1 / Windows-1252.
//Needed when working with non-ascii filenames.
if (php_uname("s") == 'Windows NT') {$ENC_OS = 'Windows-1252';}
else {$ENC_OS = 'UTF-8';}
$DOC_ROOT = $_SERVER['DOCUMENT_ROOT'].'/'; //root folder of website.
$DOC_ROOT_OS = Convert_encoding($DOC_ROOT);
//Allow OneFileCMS.php to be started from any dir on the site.
//This also effects the path in an include("path/somefile.php")
chdir($DOC_ROOT);
$INVALID_CHARS = '< > ? * : " | / \\'; //Illegal characters for file & folder names. Space deliminated.
$WHSPC_SLASH = "\x00..\x20/"; //Whitespace & forward slash. For trimming file & folder name inputs.
$WEB_ROOT = basename($DOC_ROOT).'/'; //Used only for screen output - Non-url use.
$WEBSITE = $_SERVER['HTTP_HOST'].'/';
$ONESCRIPT = URLencode_path($_SERVER['SCRIPT_NAME']); //Used for URL's in HTML attributes
$ONESCRIPT_file = $_SERVER['SCRIPT_FILENAME']; //Non-url file system use.
$ONESCRIPT_backup = $ONESCRIPT.'-BACKUP.txt'; //used for p/w & u/n updates.
$ONESCRIPT_file_backup = $ONESCRIPT_file.'-BACKUP.txt'; //used for p/w & u/n updates.
$LOGIN_ATTEMPTS = $ONESCRIPT_file.'.invalid_login_attempts';//Non-url file system use.
$LOGIN_LOG_url = $ONESCRIPT.'-LOGIN.log';
$LOGIN_LOG_file = $ONESCRIPT_file.'-LOGIN.log';
//If specified & found, include $CONFIG_FILE.
$VALID_CONFIG_FILE = 0;
if (isset($CONFIG_FILE)) {
$CONFIG_FILE_OS = Convert_encoding($CONFIG_FILE);
if (is_file($CONFIG_FILE_OS)) {
$VALID_CONFIG_FILE = 1;
include($CONFIG_FILE_OS);
$CONFIG_backup = URLencode_path($CONFIG_FILE).'-BACKUP.txt'; //used for p/w & u/n updates.
$CONFIG_FILE_backup = $CONFIG_FILE.'-BACKUP.txt'; //used for p/w & u/n updates.
}
else {
$MESSAGE .= $EX.'$CONFIG_FILE '.hsc($_['Not_found']).': '.$CONFIG_FILE.' ';
$CONFIG_FILE = $CONFIG_FILE_OS = '';
}
}
//If specified, check for & load $LANGUAGE_FILE
if (isset($LANGUAGE_FILE)) {
$LANGUAGE_FILE_OS = Convert_encoding($LANGUAGE_FILE);
if (is_file($LANGUAGE_FILE_OS)) {include($LANGUAGE_FILE_OS);}
}
//If specified, validate $WYSIWYG_PLUGIN. Actual include() is at end of OneFileCMS.
$WYSIWYG_VALID = 0; //Default to invalid.
if (isset($WYSIWYG_PLUGIN)) {
$WYSIWYG_PLUGIN_OS = Convert_encoding($WYSIWYG_PLUGIN); //Also used for include()
if (is_file($WYSIWYG_PLUGIN_OS)) { $WYSIWYG_VALID = 1; }
}
//If specified, clean up & validate $ACCESS_ROOT
if (!isset($ACCESS_ROOT)) { $ACCESS_ROOT = ''; } //At least make sure it's set.
$ACCESS_ROOT_OS = Convert_encoding($ACCESS_ROOT);
if (!is_dir($DOC_ROOT_OS.$ACCESS_ROOT_OS) || (Check_path($ACCESS_ROOT,1) === false) ) {
$MESSAGE .= __LINE__.$EX.'$ACCESS_ROOT '.hsc($_['Invalid_path']).': '.$ACCESS_ROOT.' ';
$ACCESS_ROOT = $ACCESS_ROOT_OS = '';
}
if ($ACCESS_ROOT != '') {
$ACCESS_ROOT = trim($ACCESS_ROOT, ' /').'/'; //make sure only a single trailing '/'
$ACCESS_ROOT_OS = Convert_encoding($ACCESS_ROOT);
}
$ACCESS_ROOT_enc = mb_detect_encoding($ACCESS_ROOT);
$ACCESS_ROOT_len = mb_strlen($ACCESS_ROOT, $ACCESS_ROOT_enc);
$MAIN_WIDTH = validate_units($MAIN_WIDTH);
$WIDE_VIEW_WIDTH = validate_units($WIDE_VIEW_WIDTH);
ini_set('session.gc_maxlifetime', $MAX_IDLE_TIME + 100); //in case the default is less.
$VALID_PAGES = array("login","logout","admin","hash","changepw","changeun","index","edit","upload","uploaded","newfile","renamefile","copyfile","deletefile","deletefolder","newfolder","renamefolder","copyfolder","mcdaction", "phpinfo", "raw_view");
//Make arrays out of a few config variables for actual use later.
//First, remove spaces and make lowercase (for *types).
$SHOWALLFILES = $STYPES = false;
if ($SHOW_FILES == '*') { $SHOWALLFILES = true; }
else { $STYPES = explode(',', mb_strtolower(str_replace(' ', '', $SHOW_FILES))); }//shown file types
$ETYPES = explode(',', mb_strtolower(str_replace(' ', '', $EDIT_FILES))); //editable file types
$ITYPES = explode(',', mb_strtolower(str_replace(' ', '', $SHOW_IMGS))); //images types to display
$FTYPES = explode(',', mb_strtolower(str_replace(' ', '', $FILE_TYPES))); //file types with icons
$FCLASSES = explode(',', mb_strtolower(str_replace(' ', '', $FILE_CLASSES))); //for file types with icons
$EXCLUDED_LIST = explode(',', str_replace(' ', '', $EXCLUDED_FILES));
//A few variables for values that were otherwise hardcoded in js.
//$DELAY_... values are in milliseconds.
//The values were determined thru quick experimentation, and may be tweaked if desired, except as noted.
$DELAY_Sort_and_Show_msgs = 20; //Needed so "Working..." message shows during directory sorts. Mostly for Firefox.
$DELAY_Start_Countdown = 25; //Needs to be > than $Sort_and_Show_msgs. Used in Timeout_Timer().
$DELAY_final_messages = 25; //Needs to be > than $Sort_and_Show_msgs. Delays final Display_Messages().
$DELAY_Expired_Reload = 10000; //Delay from Session Expired to page load of login screen. Ten seconds, but can be less/more.
$MIN_DIR_ITEMS = 25; //Minimum number of directory items before "Working..." message is needed/displayed.
//Used in hashit() and js_hash_scripts(). IE<9 is WAY slow, so keep it low.
//For 200 iterations: (time on IE8) > (37 x time on FF). And the difference grows with the iterations.
//If you change this, or any other aspect of either hashit() or js_hash_scripts(), do so while logged in.
//Then, manually update your password as instructed on the Admin/Generate Hash page.
$PRE_ITERATIONS = 1000;
}//end System_Setup() //*******************************************************
function Default_Language() { // ***********************************************
global $_;
// OneFileCMS Language Settings v3.5.19
$_['LANGUAGE'] = 'English';
$_['LANG'] = 'EN';
// If no translation or value is desired for a particular setting, do not delete
// the actual setting variable, just set it to an empty string.
// For example: $_['some_unused_setting'] = '';
//
// Remember to slash-escape any single quotes that may be within the text: \'
// The back-slash itself may or may not also need to be escaped: \\
//
// If present as a trailing comment, "## NT ##" means 'Needs Translation'.
//
// These first few settings control a few font and layout settings.
// In some instances, some langauges may use significantly longer words or phrases than others.
// So, a smaller font or less spacing may be desirable in those places to preserve page layout.
$_['front_links_font_size'] = '1.0em'; //Buttons on Index page.
$_['front_links_margin_L'] = '1.0em';
$_['MCD_margin_R'] = '1.0em'; //[Move] [Copy] [Delete] buttons
$_['button_font_size'] = '0.9em'; //Buttons on Edit page.
$_['button_margin_L'] = '0.7em';
$_['button_padding'] = '4px 4px 4px 4px'; //T R B L
$_['image_info_font_size'] = '1em'; //show_img_msg_01 & _02
$_['image_info_pos'] = ''; //If 1 or true, moves the info down a line for more space.
$_['select_all_label_size'] = '.84em'; //Font size of $_['Select_All']
$_['select_all_label_width'] = '72px'; //Width of space for $_['Select_All']
$_['HTML'] = 'HTML';
$_['WYSIWYG'] = 'WYSIWYG';
$_['Admin'] = 'Admin';
$_['bytes'] = 'bytes';
$_['Cancel'] = 'Cancel';
$_['cancelled'] = 'cancelled'; //## NT ## as of 3.5.07
$_['Close'] = 'Close';
$_['Copy'] = 'Copy';
$_['Copied'] = 'Copied';
$_['Create'] = 'Create';
$_['Date'] = 'Date';
$_['Delete'] = 'Delete';
$_['DELETE'] = 'DELETE';
$_['Deleted'] = 'Deleted';
$_['Edit'] = 'Edit';
$_['Enter'] = 'Enter';
$_['Error'] = 'Error';
$_['errors'] = 'errors';
$_['ext'] = '.ext'; //## NT ## filename[.ext]ension
$_['File'] = 'File';
$_['files'] = 'files';
$_['Folder'] = 'Folder';
$_['folders'] = 'folders';
$_['From'] = 'From';
$_['Hash'] = 'Hash';
$_['Move'] = 'Move';
$_['Moved'] = 'Moved';
$_['Name'] = 'Name';
$_['on'] = 'on';
$_['off'] = 'off'; //## NT ## as of 3.5.19
$_['Password'] = 'Password';
$_['Rename'] = 'Rename';
$_['reset'] = 'Reset';
$_['save_1'] = 'Save';
$_['save_2'] = 'SAVE CHANGES';
$_['Size'] = 'Size';
$_['Source'] = 'Source';
$_['successful'] = 'successful';
$_['To'] = 'To';
$_['Upload'] = 'Upload';
$_['Username'] = 'Username';
$_['View'] = 'View';
$_['Working'] = 'Working - please wait...';
$_['Log_In'] = 'Log In';
$_['Log_Out'] = 'Log Out';
$_['Admin_Options'] = 'Administration Options';
$_['Are_you_sure'] = 'Are you sure?';
$_['View_Raw'] = 'View Raw'; //## NT ### as of 3.5.07
$_['Open_View'] = 'Open/View in browser window';
$_['Edit_View'] = 'Edit / View';
$_['Wide_View'] = 'Wide View';
$_['Normal_View'] = 'Normal View';
$_['Word_Wrap'] = 'Word Wrap'; //## NT ## as of 3.5.19
$_['Upload_File'] = 'Upload File';
$_['New_File'] = 'New File';
$_['Ren_Move'] = 'Rename / Move';
$_['Ren_Moved'] = 'Renamed / Moved';
$_['folders_first'] = 'folders first'; //## NT ##
$_['folders_first_info'] = 'Sort folders first, but don\'t change primary sort.'; //## NT ##
$_['New_Folder'] = 'New Folder';
$_['Ren_Folder'] = 'Rename / Move Folder';
$_['Submit'] = 'Submit Request';
$_['Move_Files'] = 'Move File(s)';
$_['Copy_Files'] = 'Copy File(s)';
$_['Del_Files'] = 'Delete File(s)';
$_['Selected_Files'] = 'Selected Folders and Files';
$_['Select_All'] = 'Select All';
$_['Clear_All'] = 'Clear All';
$_['New_Location'] = 'New Location';
$_['No_files'] = 'No files selected.';
$_['Not_found'] = 'Not found';
$_['Invalid_path'] = 'Invalid path';
$_['verify_msg_01'] = 'Session expired.';
$_['verify_msg_02'] = 'INVALID POST';
$_['get_get_msg_01'] = 'File does not exist:';
$_['get_get_msg_02'] = 'Invalid page request:';
$_['check_path_msg_02'] = '"dot" or "dot dot" path segments are not permitted.';
$_['check_path_msg_03'] = 'Path or filename contains an invalid character:';
$_['ord_msg_01'] = 'A file with that name already exists in the target directory.';
$_['ord_msg_02'] = 'Saving as';
$_['rCopy_msg_01'] = 'A folder can not be copied into one of its own sub-folders.';
$_['show_img_msg_01'] = 'Image shown at ~';
$_['show_img_msg_02'] = '% of full size (W x H =';
$_['hash_txt_01'] = 'The hashes generated by this page may be used to manually update $HASHWORD in OneFileCMS, or in an external config file. In either case, make sure you remember the password used to generate the hash!';
$_['hash_txt_06'] = 'Type your desired password in the input field above and hit Enter.';
$_['hash_txt_07'] = 'The hash will be displayed in a yellow message box above that.';
$_['hash_txt_08'] = 'Copy and paste the new hash to the $HASHWORD variable in the config section.';
$_['hash_txt_09'] = 'Make sure to copy ALL of, and ONLY, the hash (no leading or trailing spaces etc).';
$_['hash_txt_10'] = 'A double-click should select it...';
$_['hash_txt_12'] = 'When ready, logout and login.';
$_['pass_to_hash'] = 'Password to hash:';
$_['Generate_Hash'] = 'Generate Hash';
$_['login_txt_01'] = 'Username:';
$_['login_txt_02'] = 'Password:';
$_['login_msg_01a'] = 'There have been';
$_['login_msg_01b'] = 'invalid login attempts.';
$_['login_msg_02a'] = 'Please wait';
$_['login_msg_02b'] = 'seconds to try again.';
$_['login_msg_03'] = 'INVALID LOGIN ATTEMPT #';
$_['edit_note_00'] = 'NOTES:';
$_['edit_note_01a'] = 'Remember- ';
$_['edit_note_01b'] = 'is';
$_['edit_note_02'] = 'So save changes before the clock runs out, or the changes will be lost!';
$_['edit_note_03'] = 'With some browsers, such as Chrome, if you click the browser [Back] then browser [Forward], the file state may not be accurate. To correct, click the browser\'s [Reload].';
$_['edit_h2_1'] = 'Viewing:';
$_['edit_h2_2'] = 'Editing:';
$_['edit_txt_00'] = 'Edit disabled.'; //## NT ## as of 3.5.07
$_['edit_txt_01'] = 'Non-text or unkown file type. Edit disabled.';
$_['edit_txt_02'] = 'File possibly contains an invalid character. Edit and view disabled.';
$_['edit_txt_03'] = 'htmlspecialchars() returned an empty string from what may be an otherwise valid file.';
$_['edit_txt_04'] = 'This behavior can be inconsistant from version to version of php.';
$_['too_large_to_edit_01'] = 'Edit disabled. Filesize >';
$_['too_large_to_edit_02'] = 'Some browsers (ie: IE) bog down or become unstable while editing a large file in an HTML
';
}//end if (error reporting on)
//$early_output is contents of ob_get_clean(), just before page output.
if (mb_strlen($early_output) > 0 ) {
echo '