diff --git a/TODO b/TODO new file mode 100644 index 0000000..dfb2fe1 --- /dev/null +++ b/TODO @@ -0,0 +1,3 @@ +Check if paramters exist before accessing them + +Make the CSS pretty diff --git a/hiddenlisting.php b/hiddenlisting.php new file mode 100644 index 0000000..0fe5103 --- /dev/null +++ b/hiddenlisting.php @@ -0,0 +1,124 @@ + + + + <?php echo $site_name ?> + "> + + + + + $dir_){ + if($dir_ == $dir){ + $exists = true; + break; + } + } + + $psk = $_GET['psk']; + $psk_correct = false; + if($hid_dir_psk[$hid_dir_index] == $psk){ + $psk_correct = true; + } + + if(!$exists || !$psk_correct){ + echo <<< errorblock +
+

INCORRECT FOLDER OR PASSKEY, PLEASE CONTACT THE SYSTEM ADMINISTRATOR

+
+ errorblock; + exit(); + } + + if(!array_key_exists('path', $_GET)){ + $path = '/'; + } else { + $path = $_GET['path']; + } + + $elements = []; + if($handle = opendir($hid_dir_dirs[$hid_dir_index] . $path)){ + while(false !== ($entry = readdir($handle))){ + //exclude . and .. + if($entry != '.' && $entry != '..'){ + $elements[] = $entry; + } + } + } else { + echo <<< erroropendir +
+

ERROR OPENING DIRECTORY, PLEASE RELOAD THE PAGE

+

IF THE ISSUE PERSISTS, PLEASE CONTACT YOUR SYSTEM ADMINISTRATOR

+
+ erroropendir; + exit(); + } + + ?> +
+
+

+
+
+

Select a file to download, or a folder to view its contents

+ + + + + + + + + + + + + + + emptylisting; + } + foreach($elements as $i=>$currentfile){ + echo ""; + echo ""; + $fulldir = $hid_dir_dirs[$hid_dir_index] . $path . "/" . $currentfile; + if(is_dir($fulldir)){ + echo ""; + echo ""; + } else { + echo ""; + echo ""; + } + echo ""; + } + ?> + +
File NameLinkSize
Oops! This folder is empty...0
" . $currentfile . "View Directory" . foldersize($fulldir) . "Download" . listingsize($fulldir) . "
+
+
+ + + diff --git a/index.php b/index.php index d5f2fa3..67b7d52 100644 --- a/index.php +++ b/index.php @@ -2,25 +2,36 @@ <?php echo $site_name ?> + +
cardHead; @@ -96,6 +108,43 @@ echo '
'; } ?> + +
+
+

Access Hidden Directories

+
+
+ cardtop; + + if($useJavascript){ + echo <<< javascriptbox +

The server admin has enabled javascript. Type the name and password and click Goto Folder!

+
+ Folder Name:  + Password :  + +
+ + javascriptbox; + + } else { + echo '

The server admin has disabled javascript, therefore this is not dynamic. Please type the link in the URL and replace <name> with the directory name, and <password> with the password

'; + echo '

The link to copy is:

'; + echo $_SERVER['HTTP_HOST'] . "/hiddenlisting.php?folder=<name>&psk=<password>"; + + } + + echo <<< cardbottom +
+
+ cardbottom; + } + ?> +
+ diff --git a/listing.php b/listing.php index d2228d7..c7f9f20 100644 --- a/listing.php +++ b/listing.php @@ -2,20 +2,18 @@ <?php echo $site_name ?> diff --git a/var/config.def.php b/var/config.def.php index 4a41301..82f037a 100644 --- a/var/config.def.php +++ b/var/config.def.php @@ -40,7 +40,7 @@ * * Each variable in $dir_dirs will be a listing * on the main page under "folders" - * I recomend making a folder of symlinks to where the downloadable files are + * I recommend making a folder of symlinks to where the downloadable files are * * Each variable in $dir_names will be the title of the listing * These will appear on the left hand side and will be the name of the @@ -68,6 +68,51 @@ 'dir/books', ); + /* Hidden Directory Variables + * + * WARNING: I can't promise this is 100% secure against something like a brute + * force attack. PLEASE use secure passwords that are a decent length. The + * brute force speed is only limited by your keyspace, and there is no upper + * limit for the size of key that can be used. + * + * All Dirs here will not be available, and will require the user to know + * both the name of the folder, as well as the password. This does not use + * any databases + * + * If you would like to enable the use of javascript for dynamic links, change + * $useJavascript to yes, else keep it disabled. If you keep it disabled, + * users will have to type the url themselves. This keeps the application light, + * but removes some useability. + * + * Each variable in $hid_dir_names will be a folder that will be hidden + * This will need to be known in order to access the folder + * + * Each variable in $hid_dir_dirs is the location of the files for the + * corresponding $hid_dir_names entry. I recommend making sym links to the + * directories + * + * Each variable in $hid_dir_psk is the password for the corresponding + * $hid_dir_names entry. This will need to be know in order to access the folder + * + */ + + $isHidden = false; + $useJavascript = false; + + $hid_dir_names = array( + 'Root Directory', + ); + + $hid_dir_dirs = array( + 'dir/system_root', + ); + + $hid_dir_psk = array( + '$ecr3t', + ); + + + /* Link Tree * * My use case for this program is to be a NAS/Portal Page for my network, @@ -127,6 +172,16 @@ ' is asking for help with their homework from ', ); + /* Debug + * + * This is not recomneded for production enviroments. This will display + * information that could be useful to an attacker. Only use this + * if you are developing anything! + * + */ + + $isDebug = false; + //Be safe, check arrays if(empty($nav_names) or empty($nav_links)){ $isNav = false;