From 6717eb0b1c5827fd1555130c95050676dad3c9fa Mon Sep 17 00:00:00 2001
From: GM-Script-Writer-62850 <pqwoerituytrueiwoq@gmail.com>
Date: Mon, 1 Jul 2013 15:48:14 -0400
Subject: [PATCH] features+fixes+cleanup

---
 .htaccess      |   3 +-
 README         |   2 +-
 download.php   |   9 ++--
 inc/footer.php |   5 +-
 inc/header.php |  29 ++++++-----
 inc/index.php  |  14 ++++++
 inc/login.php  | 133 +++++++++++++++++++++++++++++++++++++++++++++++++
 inc/main.js    |  31 ++++++++++++
 inc/paper.php  |   2 +-
 inc/style.php  |  31 ++++++++----
 index.php      |  30 ++++++-----
 11 files changed, 245 insertions(+), 44 deletions(-)
 create mode 100644 inc/index.php
 create mode 100644 inc/login.php

diff --git a/.htaccess b/.htaccess
index 03670b3..f7605b6 100644
--- a/.htaccess
+++ b/.htaccess
@@ -1,4 +1,5 @@
-ErrorDocument 404 /
+ErrorDocument 403 /inc/
+ErrorDocument 404 /inc/
 
 # I will leave these here for you to enable
 # ErrorDocument 401 https://i.chzbgr.com/maxW500/1935027968/hE19A8C6D/
diff --git a/README b/README
index 5134a65..f4af0a9 100644
--- a/README
+++ b/README
@@ -5,7 +5,7 @@ Based on Linux Scanner Server 1.2 Beta
 
 Released under the GPL 2.0
 
-Last Update: 06/30/2013 (Month/Day/Year)
+Last Update: 07/01/2013 (Month/Day/Year)
 For Version: 1.3-6
 
 Change Log:
diff --git a/download.php b/download.php
index 56517b5..de72094 100644
--- a/download.php
+++ b/download.php
@@ -14,7 +14,7 @@ function ext2mime($ext){
 function returnFile($in,$out,$ext){
 	header("Pragma: public");
 	header("Content-type: ".ext2mime($ext));
-	header('Content-Disposition: attachment; filename="'.$out.'"');
+	header('Content-Disposition: attachment; filename="'.addslashes($out).'"');
 	if(is_file($in)){
 		header('Content-Length: '.filesize($in));
 		readfile($in);
@@ -25,7 +25,7 @@ function returnFile($in,$out,$ext){
 	}
 }
 if(isset($_GET['file'])){
-	if(strrpos($_GET['file'], "/")>-1)
+	if(strpos($_GET['file'], "/")>-1)
 		$_GET['file']=substr($_GET['file'],strrpos($_GET['file'],"/")+1);
 }
 if(isset($_GET['downloadServer'])){
@@ -74,10 +74,9 @@ function returnFile($in,$out,$ext){
 else if(isset($_GET['file'])){
 	if(file_exists("scans/".$_GET['file'])){
 		if(isset($_GET['compress'])){
-			$name=substr($_GET['file'],0,strrpos($_GET['file'],"."));
 			$file='/tmp/download-'.md5(time().rand()).'.zip';
-			shell_exec("cd \"scans\" && zip -r \"$file\" \"".$_GET['file']."\"");
-			returnFile($file,"$name.zip",'zip');
+			shell_exec("cd \"scans\" && zip -r \"$file\" \"".addslashes($_GET['file'])."\"");
+			returnFile($file,substr($_GET['file'],0,strrpos($_GET['file'],".")),'zip');
 			@unlink($file);
 		}
 		else{
diff --git a/inc/footer.php b/inc/footer.php
index 8306a8c..1032e55 100755
--- a/inc/footer.php
+++ b/inc/footer.php
@@ -1,5 +1,6 @@
+<?php $path=is_numeric($GLOBALS['PAGE'])?'/':''; ?>
 <div id="footer">
-<p><small><a class="tool" target="_blank" href="https://github.com/GM-Script-Writer-62850/PHP-Scanner-Server/issues"><?php echo html($GLOBALS['NAME']); ?><span class="tip">Help and Support</span></a> version <a class="tool" href="download.php?ver=<?php echo html($GLOBALS['VER']); ?>&downloadServer"><?php echo $GLOBALS['VER']; ?><span class="tip">Download</span></a> is
-running on <a href="/"><?php echo html($_SERVER['SERVER_NAME']); ?></a> and there are <a href="index.php?page=About">release notes</a> advailable.</small></p>
+<p><small><a class="tool" target="_blank" href="https://github.com/GM-Script-Writer-62850/PHP-Scanner-Server/issues"><?php echo html($GLOBALS['NAME']); ?><span class="tip">Help and Support</span></a> version <a class="tool" href="<?php echo $path; ?>download.php?ver=<?php echo html($GLOBALS['VER']); ?>&downloadServer"><?php echo $GLOBALS['VER']; ?><span class="tip">Download</span></a> is
+running on <a href="/"><?php echo html($_SERVER['SERVER_NAME']); ?></a> and there are <a href="<?php echo $path; ?>index.php?page=About">release notes</a> advailable.</small></p>
 </div>
 </div>
diff --git a/inc/header.php b/inc/header.php
index 91f7e32..d66d2e0 100755
--- a/inc/header.php
+++ b/inc/header.php
@@ -1,8 +1,9 @@
+<?php $path=is_numeric($GLOBALS['PAGE'])?'/':''; ?>
 <head>
 <meta http-equiv="Content-type" content="text/html; charset=UTF-8"/>
 <!--[if IE]><meta http-equiv="X-UA-Compatible" content="chrome=1"><![endif]-->
-<title><?php echo $GLOBALS['NAME']; ?> ~ <?php echo $GLOBALS['PAGE']; ?></title>
-<link id="style" rel="stylesheet" href="inc/style.php<?php
+<title><?php echo $GLOBALS['NAME']; ?> ~ <?php echo $GLOBALS['PAGE']; ?> - <?php echo $page; ?></title>
+<link id="style" rel="stylesheet" href="<?php echo $path; ?>inc/style.php<?php
 if(isset($_COOKIE["colors"])){
 	echo "?colors=".rawurlencode($_COOKIE["colors"]);
 }
@@ -11,11 +12,11 @@
 if($GLOBALS['PAGE']=='Config')
 	echo '<link id="style_new" rel="stylesheet" href="inc/style.php'.(isset($_COOKIE["colors"])?'?colors='.$_COOKIE["colors"]:'').'" type="text/css"/>';
 ?>
-<link rel="shortcut icon" href="inc/images/favicon.png"/>
-<link rel="stylesheet" type="text/css" href="jquery.imgareaselect-0.9.10/css/imgareaselect-animated.css"/>
-<script type="text/javascript" src="jquery.imgareaselect-0.9.10/scripts/jquery.min.js"></script>
-<script type="text/javascript" src="jquery.imgareaselect-0.9.10/scripts/jquery.imgareaselect.pack.js"></script>
-<script type="text/javascript" src="inc/main.js"></script>
+<link rel="shortcut icon" href="<?php echo $path; ?>inc/images/favicon.png"/>
+<link rel="stylesheet" type="text/css" href="<?php echo $path; ?>jquery.imgareaselect-0.9.10/css/imgareaselect-animated.css"/>
+<script type="text/javascript" src="<?php echo $path; ?>jquery.imgareaselect-0.9.10/scripts/jquery.min.js"></script>
+<script type="text/javascript" src="<?php echo $path; ?>jquery.imgareaselect-0.9.10/scripts/jquery.imgareaselect.pack.js"></script>
+<script type="text/javascript" src="<?php echo $path; ?>inc/main.js"></script>
 <!--[if lt IE 9]><script type="text/javascript">TC='innerText';</script>
 <style type="text/css">.imgareaselect-handle,.imgareaselect-outer{filter:alpha(opacity=50);}</style><![endif]-->
 </head>
@@ -26,7 +27,7 @@
 <div id="header">
 
 <div class="tab<?php echo in_array($GLOBALS['PAGE'],Array("Config","About","Paper Manager","Access Enabler","Device Notes","Parallel-Form"))?' active':''; ?>">
-<a href="index.php?page=Config">Configure</a>
+<a href="<?php echo $path; ?>index.php?page=Config">Configure</a>
 <div class="topleft top"></div>
 <div class="bottomleft bottom"></div>
 <div class="topright top"></div>
@@ -34,7 +35,7 @@
 </div>
 
 <div class="tab<?php echo in_array($GLOBALS['PAGE'],Array("Scans","View","Edit"))?' active':''; ?>">
-<a href="index.php?page=Scans">Scanned Files</a>
+<a href="<?php echo $path; ?>index.php?page=Scans">Scanned Files</a>
 <div class="topleft top"></div>
 <div class="bottomleft bottom"></div>
 <div class="topright top"></div>
@@ -42,15 +43,19 @@
 </div>
 
 <div class="tab<?php echo $GLOBALS['PAGE']=="Scan"?' active':''; ?>">
-<a href="index.php?page=Scan">Use Scanner</a>
+<a href="<?php echo $path; ?>index.php?page=Scan">Use Scanner</a>
 <div class="topleft top"></div>
 <div class="bottomleft bottom"></div>
 <div class="topright top"></div>
 <div class="bottomright right bottom"></div>
 </div>
 
-<div class="tab">
+<div class="tab<?php echo $GLOBALS['PAGE']=="Login"||is_numeric($GLOBALS['PAGE'])?' active':''; ?>">
 <a href="/"><?php echo $_SERVER['SERVER_NAME']; ?></a>
+<div class="topleft top"></div>
+<div class="bottomleft bottom"></div>
+<div class="topright top"></div>
+<div class="bottomright bottom"></div>
 </div>
 
 </div>
@@ -60,7 +65,7 @@
 <noscript id="nojs">
 <div style="height:auto;" class="message">
 <h2>JavaScript Disabled</h2>
-<p>This application requires JavaScript to function. Please enable JavaScript, then reload this page.</p>
+<p>This application requires JavaScript to function. Please enable JavaScript, then reload this page.<?php echo $GLOBALS['PAGE']=='Login'?'<br/><b>LOGIN REQUIRES JAVASCRIPT</b>':''; ?></p>
 </div>
 </noscript>
 
diff --git a/inc/index.php b/inc/index.php
new file mode 100644
index 0000000..cb6d824
--- /dev/null
+++ b/inc/index.php
@@ -0,0 +1,14 @@
+<?php
+function html($X){
+	return htmlspecialchars($X);// Name is too long and subject to frequent typos
+}
+$PAGE=http_response_code();
+$NAME="PHP Scanner Server";
+$VER="1.3-7_dev";
+$page="Error";
+include("header.php");
+?>
+<div class="box box-full"><h2>HTTP Status Code: <?php echo $PAGE; ?></h2><p style="text-align:center"><?php echo $PAGE==200?'Ok, you found me':'That is a error'; ?></p></div>
+<?php
+include("footer.php");
+?></body></html>
diff --git a/inc/login.php b/inc/login.php
new file mode 100644
index 0000000..ce91122
--- /dev/null
+++ b/inc/login.php
@@ -0,0 +1,133 @@
+<?php
+if(isset($_POST['json'])&&!isset($PAGE)){
+	$file='../config/.htaccess';
+	if(!is_file($file)){// For security reasons
+		$file=@fopen($file,'w+');
+		@fwrite($file,"<files \"accounts.json\">\n\tDeny from all\n</files>\n");// Options All -Indexes\n
+		@fclose($file);
+	}
+	function Allow(){
+		setcookie("Authenticated",true,time()+86400,"/",$_SERVER['SERVER_NAME']);
+	}
+	$file="../config/accounts.json";
+	$json=json_decode(is_file($file)?file_get_contents($file):'{}');
+	
+	$mode=$_POST["mode"];
+	$user=$_POST["name"];
+	$pass=$_POST["pass"];
+	
+	if(strlen($user)==0)
+		die('{"message":"You must have a name","error":true}');
+	if($mode=="login"){
+		if(isset($json->{$user})){
+			if($json->{$user}->{"md5"}==md5($pass)){
+				$msg="You are now logged in";
+				Allow();
+			}
+			else
+				die('{"message":"Invalid password","error":true}');
+		}
+		else
+			die('{"message":"Invalid User Name","error":true}');
+	}
+	else if($mode=="create"){
+		if(isset($json->{$user})){
+			die('{"message":"The user name \''.$user.'\' is taken","error":true}');
+		}
+		if(!isset($json->{"root"})&&$user=='root'){
+			if($pass!=$_POST["auth"])
+				die('{"message":"Authorization was unsuccessful","error":true}');
+			$json->{"root"}=array("md5" => md5($pass) );
+			$msg="The user '$user' has been created. DON'T FORGET YOUR PASSWORD, YOU SHOULD KNOW BETTER";
+		}
+		else if(isset($json->{'root'})){
+			if(md5($_POST["auth"])==$json->{"root"}->{"md5"}){
+				$json->{$user}=array("md5" => md5($pass) );
+				$msg="The user '$user' has been created";
+			}
+		}
+		else
+			die('{"message":"Authorization was unsuccessful","error":true}');
+		Allow();
+	}
+	else if($mode=="forgot"){
+		if(!isset($json->{$user}))
+			die('{"message":"Invalid User Name","error":true}');
+		if(!isset($json->{'root'}))
+			$json->{"root"}=array( "md5" => null );
+		if($json->{"root"}->{"md5"}!=md5($_POST["auth"]))
+			die('{"message":"Authorization was unsuccessful","error":true}');
+		$json->{$user}->{"md5"}=md5($pass);
+		if(strlen($_POST["newp"])==0){
+			unset($json->{$user});
+			$msg="The user '$user' has been deleted";
+		}
+		else
+			$msg="'$user' now has a new password";
+		Allow();
+	}
+	else if($mode=="change"){
+		if(!isset($json->{$user}))
+			die('{"message":"Invalid User Name","error":true}');
+		if($json->{$user}->{"md5"}==md5($pass))
+			$json->{$user}->{"md5"}=md5($_POST["newp"]);
+		else
+			die('{"message":"Invalid password","error":true}');
+		if(strlen($_POST["newp"])==0){
+			unset($json->{$user});
+			$msg="The user '$user' has been deleted";
+		}
+		else
+			$msg="'$user' now has a new password";
+		Allow();
+	}
+	else
+		die('{"message":"What mode?","error":true}');
+	if($mode!="login"){
+		$file=@fopen($file,'w+');
+		@fwrite($file,json_encode($json));
+		@fclose($file);
+		if(is_bool($file))
+			die(json_encode(array("message" => "Unable to create <code>$file</code>, go read the instructions.", "error" => true)));
+	}
+	die(json_encode(array("message" => $msg, "error" => false)));
+}
+else if(isset($_GET['nojs']))
+	header("Location: http://www.enable-javascript.com/");
+?><div class="box box-full dualForm"><h2>Authorization Required</h2>
+<form action="/inc/login.php?nojs=true" method="POST" onsubmit="return login(this);">
+<h3>Login</h3><p>
+<input type="hidden" name="mode" value="login"/>
+<span>User Name:</span><input type="text" name="name"/><br/>
+<span>Password:</span><input type="password" name="pass"/><br/>
+<input type="submit" value="Login"/>
+</p></form>
+<form class="m" action="/inc/login.php" method="POST" onsubmit="return login(this);" autocomplete="off">
+<h3>Create Account</h3><p>
+<input type="hidden" name="mode" value="create"/>
+<span>User Name:</span><input type="text" name="name"/></span><br/>
+<span>Password:</span><input type="password" name="pass"/><br/>
+<span>Authorization:</span><input type="password" name="auth"/><br/>
+<input type="submit" value="Register"/>
+</p></form>
+</div>
+
+<div class="box box-full dualForm"><h2>Account Recovery</h2>
+<form action="/inc/login.php?nojs=true" method="POST" onsubmit="return login(this);" autocomplete="off">
+<h3>Change Password</h3><p>
+<input type="hidden" name="mode" value="change"/>
+<span>User Name:</span><input type="text" name="name"/><br/>
+<span>Old Password:</span><input type="password" name="pass"/><br/>
+<span>New Password:</span><input type="password" name="newp"/><br/>
+<input type="submit" value="Change"/>
+</p></form>
+<form class="m" action="/inc/login.php?nojs=true" method="POST" onsubmit="return login(this);" autocomplete="off">
+<h3>Forgot Password</h3><p>
+<input type="hidden" name="mode" value="forgot"/>
+<span>User Name:</span><input type="text" name="name"/></span><br/>
+<span>New Password:</span><input type="password" name="pass"/><br/>
+<span>Authorization:</span><input type="password" name="auth"/><br/>
+<input type="submit" value="Change"/>
+</p></form>
+<div class="footer">Leave 'New Password' blank to delete the account</div>
+</div>
diff --git a/inc/main.js b/inc/main.js
index 1158678..96ae7fd 100755
--- a/inc/main.js
+++ b/inc/main.js
@@ -1037,3 +1037,34 @@ function enableColumns(ele,e){ // They work flawlessly in Firefox so it does not
 			'You can try them out by clicking <span class="tool"><a href="#" onclick="return enableColumns(\''+ele+'\',this);">here</a><span class="tip">Enable</span></span>.<br/>'+
 			'Oh, and by the way they work in <a href="http://www.mozilla.org/en-US/firefox/all.html" target="_blank">Firefox</a> flawlessly.','center',-1);
 }
+function login(form){
+	if(typeof XMLHttpRequest!='function')
+		return printMsg('Error','Your browser does not support <a href="http://www.w3schools.com/xml/xml_http.asp" target="_blank">XMLHttpRequest</a>, so you can not use this feature','center',0);
+	var httpRequest = new XMLHttpRequest();
+	httpRequest.onreadystatechange = function(){
+		if(httpRequest.readyState==4){
+			if(httpRequest.status==200){
+				var json=parseJSON(httpRequest.responseText);
+				printMsg(json["error"]?'Error':'Success',json["message"]+(json["error"]?'':"<br/>You may now access the server by clicking links"),'center',0);
+			}
+			else{
+				printMsg('Sending Error','Got a '+httpRequest.status+' error<br/>If you don\'t know what that means and want to know click <a target="_blank" href="http://www.w3.org/Protocols/HTTP/HTRESP.html">here</a>.','center',0);
+			}
+			sendE(getID('email-'+now).nextSibling,'click');
+		}
+	};
+	httpRequest.open('POST', "inc/login.php");
+	var params = "json=1"+
+		"&mode="+encodeURIComponent(form.mode.value)+
+		"&name="+encodeURIComponent(form.name.value)+
+		"&pass="+encodeURIComponent(form.pass.value);
+	if(form.auth)
+		params+="&auth="+encodeURIComponent(form.auth.value);
+	if(form.newp)
+		params+="&newp="+encodeURIComponent(form.newp.value);
+	httpRequest.setRequestHeader("Content-type", "application/x-www-form-urlencoded");
+	httpRequest.setRequestHeader("Content-length", params.length);
+	httpRequest.setRequestHeader("Connection", "close");
+	httpRequest.send(params);
+	return false;
+}
diff --git a/inc/paper.php b/inc/paper.php
index 7dc5e14..c125543 100644
--- a/inc/paper.php
+++ b/inc/paper.php
@@ -68,7 +68,7 @@
 else
 	enableColumns("paper-list",null);
 </script>
-<div id="paperForm" class="box box-full"><h2>New Paper Maker</h2><form action="index.php?page=Paper%20Manager" method="POST"><p>
+<div class="box box-full dualForm"><h2>New Paper Maker</h2><form action="index.php?page=Paper%20Manager" method="POST"><p>
 <span>Paper Name:</span><input type="text" name="add"/><br/>
 <span>Paper Width:</span><input type="text" name="width"/> inches<br/>
 <span>Paper Height:</span><input type="text" name="height"/> inches<br/>
diff --git a/inc/style.php b/inc/style.php
index 8b72c8a..18a3ab2 100755
--- a/inc/style.php
+++ b/inc/style.php
@@ -1,7 +1,7 @@
 <?php
 // Chrome's and IE's css columns break things
-header('Content-type: text/css');
 $expires=86400;//24 hrs
+header('Content-type: text/css');
 header("Pragma: public");
 header("Cache-Control: maxage=".$expires);
 header('Expires: '.gmdate('D, d M Y H:i:s',time()+$expires).' GMT');
@@ -62,7 +62,7 @@
 	}
 }
 
-body, #header, #message table, .side_box, .side_box h2, #preview, #preview_links img, #preview_img p, #preview h2, .box, .box img, .box pre.border, .box h2, #footer, #debug pre, .tab.active > div.top {
+body, #header, #message table, .side_box, .side_box h2, #preview, #preview_links img, #preview_img p, #preview h2, .box, .box img, .box pre.border, .box h2, #footer, #debug pre, .tab.active > div.top, .dualForm .footer {
 	-moz-transition-property: background, border, color;
 	-moz-transition-duration: <?php echo $transitionTime; ?>;
 	-o-transition-property: background, border, color;
@@ -123,12 +123,14 @@
 	border-radius: 5px;
 	color: #ffffff;
 	display: none;
-	left: 105%;
 	padding: 5px;
 	font-family: sans-serif;
 	font-size: 12px;
 	position: absolute;
-	bottom: 50%;
+	left: 101%;
+	left: calc(100% + 1px);
+	bottom: 101%;
+	bottom: calc(100% + 1px);
 	z-index: 1;
 	white-space: nowrap;
 	text-decoration: none;
@@ -141,7 +143,7 @@
 
 #container {
 	width: 735px;
-	height: 100%;
+	/*height: 100%;*/
 	margin: auto;
 	padding: 0.5em;
 	text-align: left;
@@ -590,6 +592,10 @@
 	background: #<?php echo $BG_COLOR; ?>;
 }
 
+.box h3 {
+	text-align: center;
+}
+
 .box p {
 	margin: 5px;/*5px 10px 5px 5px*/
 }
@@ -647,24 +653,31 @@
 	margin: 1px 0 -2px 1px;
 }
 
-#paperForm form {
+.dualForm form {
 	float: left;
 	width: 50%;
 }
 
-#paperForm form.m {
+.dualForm form.m {
 	border-left: 1px solid #<?php echo $BG_COLOR; ?>;
 	margin-left: -1px;
 }
 
-#paperForm form span {
+.dualForm form span {
 	width: 100px;
 	display: inline-block;
 }
-#paperForm form input[type="text"] {
+.dualForm form input[type="text"] {
 	width: 125px;
 }
 
+.dualForm .footer {
+	width: 100%;
+	border-top: 1px solid #<?php echo $BG_COLOR; ?>;
+	display: inline-block;
+	text-align: center;
+}
+
 #text-editor {
 	text-align: center;
 }
diff --git a/index.php b/index.php
index 365302f..36c01bb 100644
--- a/index.php
+++ b/index.php
@@ -4,6 +4,7 @@
 $Fortune=true;// Enable/disable fortunes in the debug console
 $ExtraScanners=false;// Adds sample scanners from ./inc/scanhelp/
 $CheckForUpdates=true;// Enables auto update checking
+$RequireLogin=false;// Require user to login (A 'geek' could bypass this without too much trouble using JavaScript); Create the user 'root' 1st, also Authorization is root's password
 // Sorry for the lack of explanations in the code feel free to ask what something does
 
 $NAME="PHP Scanner Server";
@@ -98,7 +99,7 @@ function Update_Links($l,$p) { # Change the Preview Pane image links via JavaScr
 	echo '<script type="text/javascript" src="inc/previewlinks.php?page='.html($p).'&file='.html($l).'"></script>';
 }
 
-function InsertHeader($l) { # Spit out HTML header
+function InsertHeader($page) { # Spit out HTML header
 	include "inc/header.php";
 }
 
@@ -247,10 +248,19 @@ function quit(){
 	}
 }
 
+# ****************
+# Login Page
+# ****************
+if(($RequireLogin&&!isset($_COOKIE['Authenticated']))||$PAGE=='Login'){
+	$PAGE='Login';
+	InsertHeader('Authenticate Required');
+	include('inc/login.php');
+	Footer();
+}
 # ****************
 # All Scans Page
 # ****************
-if($PAGE=="Scans"){
+else if($PAGE=="Scans"){
 	InsertHeader("Scanned Images");
 
 	# Delete selected scanned image
@@ -345,7 +355,7 @@ function quit(){
 				$sheet[3]=$sheet[1];
 				$sheet[1]=$tmp;
 			}
-			$PAPER->{$sheet[0]}=json_decode('{"height":'.$sheet[3].',"width":'.$sheet[1].'}');
+			$PAPER->{$sheet[0]}=array("height" => $sheet[3], "width" => $sheet[1]);
 		}
 
 		if(SaveFile("config/paper.json",json_encode($PAPER))){
@@ -415,7 +425,7 @@ function quit(){
 				$help=file_get_contents('inc/scanhelp/'.$val);
 				$help=substr($help,strpos($help,'Options specific to device `')+28);
 				$help=substr($help,0,strpos($help,"':"));
-				$OP[$ct]=json_decode('{"ID":'.$ct.',"INUSE":0,"DEVICE":"'.$help.'","NAME":"'.$val.'"}');
+				$OP[$ct]=array("ID" => $ct, "INUSE" => 0, "DEVICE" => $help, "NAME" => $val);
 				$FakeCt++;
 			}
 		}
@@ -833,20 +843,14 @@ function quit(){
 	if(strlen($SAVEAS)>0){ # Save settings to conf file
 		if(strlen($SET_SAVE)>0){
 			$ACTION="Save Set";
-			$SCANNER=addslashes($SCANNER);
-			$SIZE=addslashes($SIZE);
-			$QUALITY=addslashes($QUALITY);
-			$ORNT=addslashes($ORNT);
-			$MODE=addslashes($MODE);
-			$FILETYPE=addslashes($FILETYPE);
+			$setting=array("scanner" => $SCANNER, "source" => $SOURCE, "duplex" => $DUPLEX, "quality" => $QUALITY, "size" => $SIZE ,"ornt" => $ORNT, "mode" => "$MODE", "bright" => $BRIGHT, "contrast" => $CONTRAST, "rotate" => $ROTATE, "scale" => $SCALE, "filetype" => $FILETYPE, "lang" => $LANG);
 			if(file_exists("config/settings.json")){
 				$file=json_decode(file_get_contents("config/settings.json"));
-				$file->{$SET_SAVE}=json_decode("{\"scanner\":$SCANNER,\"source\":\"$SOURCE\",\"duplex\":\"$DUPLEX\",\"quality\":$QUALITY,\"size\":\"$SIZE\",\"ornt\":\"$ORNT\",\"mode\":\"$MODE\",\"bright\":$BRIGHT,\"contrast\":$CONTRAST,\"rotate\":$ROTATE,\"scale\":$SCALE,\"filetype\":\"$FILETYPE\",\"lang\":\"$LANG\"}");
+				$file->{$SET_SAVE}=$setting;
 				SaveFile("config/settings.json",json_encode($file));
 			}
 			else{
-				$line='{"'.$SET_SAVE.'":{"scanner":'.$SCANNER.',"quality":'.$QUALITY.',"size":"'.$SIZE.'","ornt":"'.$ORNT.'","mode":"'.$MODE.'","bright":'.$BRIGHT.',"contrast":'.$CONTRAST.',"rotate":'.$ROTATE.',"scale":'.$SCALE.',"filetype":"'.$FILETYPE.'","lang":"'.$LANG.'"}}';
-				if(!SaveFile("config/settings.json",$line)){
+				if(!SaveFile("config/settings.json",$json_encode(array($SET_SAVE => $setting)))){
 					Print_Message("Permission Error:","<code>$user</code> does not have permission to write files to the <code>".getcwd()."/config</code> folder.<br/>$notes",'center');
 				}
 			}