features+fixes+cleanup

.htaccess

@@ -1,4 +1,5 @@
-ErrorDocument 404 /
+ErrorDocument 403 /inc/
+ErrorDocument 404 /inc/
 
 # I will leave these here for you to enable
 # ErrorDocument 401 https://i.chzbgr.com/maxW500/1935027968/hE19A8C6D/

README

@@ -5,7 +5,7 @@ Based on Linux Scanner Server 1.2 Beta
 
 Released under the GPL 2.0
 
-Last Update: 06/30/2013 (Month/Day/Year)
+Last Update: 07/01/2013 (Month/Day/Year)
 For Version: 1.3-6
 
 Change Log:

download.php

@@ -14,7 +14,7 @@ function ext2mime($ext){
 function returnFile($in,$out,$ext){
 	header("Pragma: public");
 	header("Content-type: ".ext2mime($ext));
-	header('Content-Disposition: attachment; filename="'.$out.'"');
+	header('Content-Disposition: attachment; filename="'.addslashes($out).'"');
 	if(is_file($in)){
 		header('Content-Length: '.filesize($in));
 		readfile($in);
@@ -25,7 +25,7 @@ function returnFile($in,$out,$ext){
 	}
 }
 if(isset($_GET['file'])){
-	if(strrpos($_GET['file'], "/")>-1)
+	if(strpos($_GET['file'], "/")>-1)
 		$_GET['file']=substr($_GET['file'],strrpos($_GET['file'],"/")+1);
 }
 if(isset($_GET['downloadServer'])){
@@ -74,10 +74,9 @@ function returnFile($in,$out,$ext){
 else if(isset($_GET['file'])){
 	if(file_exists("scans/".$_GET['file'])){
 		if(isset($_GET['compress'])){
-			$name=substr($_GET['file'],0,strrpos($_GET['file'],"."));
 			$file='/tmp/download-'.md5(time().rand()).'.zip';
-			shell_exec("cd \"scans\" && zip -r \"$file\" \"".$_GET['file']."\"");
-			returnFile($file,"$name.zip",'zip');
+			shell_exec("cd \"scans\" && zip -r \"$file\" \"".addslashes($_GET['file'])."\"");
+			returnFile($file,substr($_GET['file'],0,strrpos($_GET['file'],".")),'zip');
 			@unlink($file);
 		}
 		else{

inc/footer.php

@@ -1,5 +1,6 @@
+<?php $path=is_numeric($GLOBALS['PAGE'])?'/':''; ?>
 <div id="footer">
-<p><small><a class="tool" target="_blank" href="https://github.com/GM-Script-Writer-62850/PHP-Scanner-Server/issues"><?php echo html($GLOBALS['NAME']); ?><span class="tip">Help and Support</span></a> version <a class="tool" href="download.php?ver=<?php echo html($GLOBALS['VER']); ?>&downloadServer"><?php echo $GLOBALS['VER']; ?><span class="tip">Download</span></a> is
-running on <a href="/"><?php echo html($_SERVER['SERVER_NAME']); ?></a> and there are <a href="index.php?page=About">release notes</a> advailable.</small></p>
+<p><small><a class="tool" target="_blank" href="https://github.com/GM-Script-Writer-62850/PHP-Scanner-Server/issues"><?php echo html($GLOBALS['NAME']); ?><span class="tip">Help and Support</span></a> version <a class="tool" href="<?php echo $path; ?>download.php?ver=<?php echo html($GLOBALS['VER']); ?>&downloadServer"><?php echo $GLOBALS['VER']; ?><span class="tip">Download</span></a> is
+running on <a href="/"><?php echo html($_SERVER['SERVER_NAME']); ?></a> and there are <a href="<?php echo $path; ?>index.php?page=About">release notes</a> advailable.</small></p>
 </div>
 </div>

inc/header.php

@@ -1,8 +1,9 @@
+<?php $path=is_numeric($GLOBALS['PAGE'])?'/':''; ?>
 <head>
 <meta http-equiv="Content-type" content="text/html; charset=UTF-8"/>
 <!--[if IE]><meta http-equiv="X-UA-Compatible" content="chrome=1"><![endif]-->
-<title><?php echo $GLOBALS['NAME']; ?> ~ <?php echo $GLOBALS['PAGE']; ?></title>
-<link id="style" rel="stylesheet" href="inc/style.php<?php
+<title><?php echo $GLOBALS['NAME']; ?> ~ <?php echo $GLOBALS['PAGE']; ?> - <?php echo $page; ?></title>
+<link id="style" rel="stylesheet" href="<?php echo $path; ?>inc/style.php<?php
 if(isset($_COOKIE["colors"])){
 	echo "?colors=".rawurlencode($_COOKIE["colors"]);
 }
@@ -11,11 +12,11 @@
 if($GLOBALS['PAGE']=='Config')
 	echo '<link id="style_new" rel="stylesheet" href="inc/style.php'.(isset($_COOKIE["colors"])?'?colors='.$_COOKIE["colors"]:'').'" type="text/css"/>';
 ?>
-<link rel="shortcut icon" href="inc/images/favicon.png"/>
-<link rel="stylesheet" type="text/css" href="jquery.imgareaselect-0.9.10/css/imgareaselect-animated.css"/>
-<script type="text/javascript" src="jquery.imgareaselect-0.9.10/scripts/jquery.min.js"></script>
-<script type="text/javascript" src="jquery.imgareaselect-0.9.10/scripts/jquery.imgareaselect.pack.js"></script>
-<script type="text/javascript" src="inc/main.js"></script>
+<link rel="shortcut icon" href="<?php echo $path; ?>inc/images/favicon.png"/>
+<link rel="stylesheet" type="text/css" href="<?php echo $path; ?>jquery.imgareaselect-0.9.10/css/imgareaselect-animated.css"/>
+<script type="text/javascript" src="<?php echo $path; ?>jquery.imgareaselect-0.9.10/scripts/jquery.min.js"></script>
+<script type="text/javascript" src="<?php echo $path; ?>jquery.imgareaselect-0.9.10/scripts/jquery.imgareaselect.pack.js"></script>
+<script type="text/javascript" src="<?php echo $path; ?>inc/main.js"></script>
 <!--[if lt IE 9]><script type="text/javascript">TC='innerText';</script>
 <style type="text/css">.imgareaselect-handle,.imgareaselect-outer{filter:alpha(opacity=50);}</style><![endif]-->
 </head>
@@ -26,31 +27,35 @@
 <div id="header">
 
 <div class="tab<?php echo in_array($GLOBALS['PAGE'],Array("Config","About","Paper Manager","Access Enabler","Device Notes","Parallel-Form"))?' active':''; ?>">
-<a href="index.php?page=Config">Configure</a>
+<a href="<?php echo $path; ?>index.php?page=Config">Configure</a>
 <div class="topleft top"></div>
 <div class="bottomleft bottom"></div>
 <div class="topright top"></div>
 <div class="bottomright bottom"></div>
 </div>
 
 <div class="tab<?php echo in_array($GLOBALS['PAGE'],Array("Scans","View","Edit"))?' active':''; ?>">
-<a href="index.php?page=Scans">Scanned Files</a>
+<a href="<?php echo $path; ?>index.php?page=Scans">Scanned Files</a>
 <div class="topleft top"></div>
 <div class="bottomleft bottom"></div>
 <div class="topright top"></div>
 <div class="bottomright bottom"></div>
 </div>
 
 <div class="tab<?php echo $GLOBALS['PAGE']=="Scan"?' active':''; ?>">
-<a href="index.php?page=Scan">Use Scanner</a>
+<a href="<?php echo $path; ?>index.php?page=Scan">Use Scanner</a>
 <div class="topleft top"></div>
 <div class="bottomleft bottom"></div>
 <div class="topright top"></div>
 <div class="bottomright right bottom"></div>
 </div>
 
-<div class="tab">
+<div class="tab<?php echo $GLOBALS['PAGE']=="Login"||is_numeric($GLOBALS['PAGE'])?' active':''; ?>">
 <a href="/"><?php echo $_SERVER['SERVER_NAME']; ?></a>
+<div class="topleft top"></div>
+<div class="bottomleft bottom"></div>
+<div class="topright top"></div>
+<div class="bottomright bottom"></div>
 </div>
 
 </div>
@@ -60,7 +65,7 @@
 <noscript id="nojs">
 <div style="height:auto;" class="message">
 <h2>JavaScript Disabled</h2>
-<p>This application requires JavaScript to function. Please enable JavaScript, then reload this page.</p>
+<p>This application requires JavaScript to function. Please enable JavaScript, then reload this page.<?php echo $GLOBALS['PAGE']=='Login'?'<br/><b>LOGIN REQUIRES JAVASCRIPT</b>':''; ?></p>
 </div>
 </noscript>
 

inc/index.php

@@ -0,0 +1,14 @@
+<?php
+function html($X){
+	return htmlspecialchars($X);// Name is too long and subject to frequent typos
+}
+$PAGE=http_response_code();
+$NAME="PHP Scanner Server";
+$VER="1.3-7_dev";
+$page="Error";
+include("header.php");
+?>
+<div class="box box-full"><h2>HTTP Status Code: <?php echo $PAGE; ?></h2><p style="text-align:center"><?php echo $PAGE==200?'Ok, you found me':'That is a error'; ?></p></div>
+<?php
+include("footer.php");
+?></body></html>

inc/login.php

@@ -0,0 +1,133 @@
+<?php
+if(isset($_POST['json'])&&!isset($PAGE)){
+	$file='../config/.htaccess';
+	if(!is_file($file)){// For security reasons
+		$file=@fopen($file,'w+');
+		@fwrite($file,"<files \"accounts.json\">\n\tDeny from all\n</files>\n");// Options All -Indexes\n
+		@fclose($file);
+	}
+	function Allow(){
+		setcookie("Authenticated",true,time()+86400,"/",$_SERVER['SERVER_NAME']);
+	}
+	$file="../config/accounts.json";
+	$json=json_decode(is_file($file)?file_get_contents($file):'{}');
+
+	$mode=$_POST["mode"];
+	$user=$_POST["name"];
+	$pass=$_POST["pass"];
+
+	if(strlen($user)==0)
+		die('{"message":"You must have a name","error":true}');
+	if($mode=="login"){
+		if(isset($json->{$user})){
+			if($json->{$user}->{"md5"}==md5($pass)){
+				$msg="You are now logged in";
+				Allow();
+			}
+			else
+				die('{"message":"Invalid password","error":true}');
+		}
+		else
+			die('{"message":"Invalid User Name","error":true}');
+	}
+	else if($mode=="create"){
+		if(isset($json->{$user})){
+			die('{"message":"The user name \''.$user.'\' is taken","error":true}');
+		}
+		if(!isset($json->{"root"})&&$user=='root'){
+			if($pass!=$_POST["auth"])
+				die('{"message":"Authorization was unsuccessful","error":true}');
+			$json->{"root"}=array("md5" => md5($pass) );
+			$msg="The user '$user' has been created. DON'T FORGET YOUR PASSWORD, YOU SHOULD KNOW BETTER";
+		}
+		else if(isset($json->{'root'})){
+			if(md5($_POST["auth"])==$json->{"root"}->{"md5"}){
+				$json->{$user}=array("md5" => md5($pass) );
+				$msg="The user '$user' has been created";
+			}
+		}
+		else
+			die('{"message":"Authorization was unsuccessful","error":true}');
+		Allow();
+	}
+	else if($mode=="forgot"){
+		if(!isset($json->{$user}))
+			die('{"message":"Invalid User Name","error":true}');
+		if(!isset($json->{'root'}))
+			$json->{"root"}=array( "md5" => null );
+		if($json->{"root"}->{"md5"}!=md5($_POST["auth"]))
+			die('{"message":"Authorization was unsuccessful","error":true}');
+		$json->{$user}->{"md5"}=md5($pass);
+		if(strlen($_POST["newp"])==0){
+			unset($json->{$user});
+			$msg="The user '$user' has been deleted";
+		}
+		else
+			$msg="'$user' now has a new password";
+		Allow();
+	}
+	else if($mode=="change"){
+		if(!isset($json->{$user}))
+			die('{"message":"Invalid User Name","error":true}');
+		if($json->{$user}->{"md5"}==md5($pass))
+			$json->{$user}->{"md5"}=md5($_POST["newp"]);
+		else
+			die('{"message":"Invalid password","error":true}');
+		if(strlen($_POST["newp"])==0){
+			unset($json->{$user});
+			$msg="The user '$user' has been deleted";
+		}
+		else
+			$msg="'$user' now has a new password";
+		Allow();
+	}
+	else
+		die('{"message":"What mode?","error":true}');
+	if($mode!="login"){
+		$file=@fopen($file,'w+');
+		@fwrite($file,json_encode($json));
+		@fclose($file);
+		if(is_bool($file))
+			die(json_encode(array("message" => "Unable to create <code>$file</code>, go read the instructions.", "error" => true)));
+	}
+	die(json_encode(array("message" => $msg, "error" => false)));
+}
+else if(isset($_GET['nojs']))
+	header("Location: http://www.enable-javascript.com/");
+?><div class="box box-full dualForm"><h2>Authorization Required</h2>
+<form action="/inc/login.php?nojs=true" method="POST" onsubmit="return login(this);">
+<h3>Login</h3><p>
+<input type="hidden" name="mode" value="login"/>
+<span>User Name:</span><input type="text" name="name"/><br/>
+<span>Password:</span><input type="password" name="pass"/><br/>
+<input type="submit" value="Login"/>
+</p></form>
+<form class="m" action="/inc/login.php" method="POST" onsubmit="return login(this);" autocomplete="off">
+<h3>Create Account</h3><p>
+<input type="hidden" name="mode" value="create"/>
+<span>User Name:</span><input type="text" name="name"/></span><br/>
+<span>Password:</span><input type="password" name="pass"/><br/>
+<span>Authorization:</span><input type="password" name="auth"/><br/>
+<input type="submit" value="Register"/>
+</p></form>
+</div>
+
+<div class="box box-full dualForm"><h2>Account Recovery</h2>
+<form action="/inc/login.php?nojs=true" method="POST" onsubmit="return login(this);" autocomplete="off">
+<h3>Change Password</h3><p>
+<input type="hidden" name="mode" value="change"/>
+<span>User Name:</span><input type="text" name="name"/><br/>
+<span>Old Password:</span><input type="password" name="pass"/><br/>
+<span>New Password:</span><input type="password" name="newp"/><br/>
+<input type="submit" value="Change"/>
+</p></form>
+<form class="m" action="/inc/login.php?nojs=true" method="POST" onsubmit="return login(this);" autocomplete="off">
+<h3>Forgot Password</h3><p>
+<input type="hidden" name="mode" value="forgot"/>
+<span>User Name:</span><input type="text" name="name"/></span><br/>
+<span>New Password:</span><input type="password" name="pass"/><br/>
+<span>Authorization:</span><input type="password" name="auth"/><br/>
+<input type="submit" value="Change"/>
+</p></form>
+<div class="footer">Leave 'New Password' blank to delete the account</div>
+</div>

inc/main.js

@@ -1037,3 +1037,34 @@ function enableColumns(ele,e){ // They work flawlessly in Firefox so it does not
 			'You can try them out by clicking <span class="tool"><a href="#" onclick="return enableColumns(\''+ele+'\',this);">here</a><span class="tip">Enable</span></span>.<br/>'+
 			'Oh, and by the way they work in <a href="http://www.mozilla.org/en-US/firefox/all.html" target="_blank">Firefox</a> flawlessly.','center',-1);
 }
+function login(form){
+	if(typeof XMLHttpRequest!='function')
+		return printMsg('Error','Your browser does not support <a href="http://www.w3schools.com/xml/xml_http.asp" target="_blank">XMLHttpRequest</a>, so you can not use this feature','center',0);
+	var httpRequest = new XMLHttpRequest();
+	httpRequest.onreadystatechange = function(){
+		if(httpRequest.readyState==4){
+			if(httpRequest.status==200){
+				var json=parseJSON(httpRequest.responseText);
+				printMsg(json["error"]?'Error':'Success',json["message"]+(json["error"]?'':"<br/>You may now access the server by clicking links"),'center',0);
+			}
+			else{
+				printMsg('Sending Error','Got a '+httpRequest.status+' error<br/>If you don\'t know what that means and want to know click <a target="_blank" href="http://www.w3.org/Protocols/HTTP/HTRESP.html">here</a>.','center',0);
+			}
+			sendE(getID('email-'+now).nextSibling,'click');
+		}
+	};
+	httpRequest.open('POST', "inc/login.php");
+	var params = "json=1"+
+		"&mode="+encodeURIComponent(form.mode.value)+
+		"&name="+encodeURIComponent(form.name.value)+
+		"&pass="+encodeURIComponent(form.pass.value);
+	if(form.auth)
+		params+="&auth="+encodeURIComponent(form.auth.value);
+	if(form.newp)
+		params+="&newp="+encodeURIComponent(form.newp.value);
+	httpRequest.setRequestHeader("Content-type", "application/x-www-form-urlencoded");
+	httpRequest.setRequestHeader("Content-length", params.length);
+	httpRequest.setRequestHeader("Connection", "close");
+	httpRequest.send(params);
+	return false;
+}

inc/paper.php

@@ -68,7 +68,7 @@
 else
 	enableColumns("paper-list",null);
 </script>
-<div id="paperForm" class="box box-full"><h2>New Paper Maker</h2><form action="index.php?page=Paper%20Manager" method="POST"><p>
+<div class="box box-full dualForm"><h2>New Paper Maker</h2><form action="index.php?page=Paper%20Manager" method="POST"><p>
 <span>Paper Name:</span><input type="text" name="add"/><br/>
 <span>Paper Width:</span><input type="text" name="width"/> inches<br/>
 <span>Paper Height:</span><input type="text" name="height"/> inches<br/>