Portions created by the Initial Developer are Copyright (C) 2008-2023 the Initial Developer. All Rights Reserved. Contributor(s): Mark J Crane James Rose */ //disable this feature exit; //includes files require_once dirname(__DIR__, 2) . "/resources/require.php"; require_once "resources/check_auth.php"; //check permissions if (permission_exists('edit_save')) { //access granted } else { echo "access denied"; exit; } //add multi-lingual support $language = new text; $text = $language->get(); //handle the directory and file $folder = $_REQUEST["folder"]; $folder = str_replace ("\\", "/", $folder); if (substr($folder, -1) != "/") { $folder = $folder.'/'; } $file = $_REQUEST["file"]; //write the file or show the html form if (strlen($folder) > 0 && strlen($file) > 0) { //compare the tokens $key_name = '/app/edit/file_new'; $hash = hash_hmac('sha256', $key_name, $_SESSION['keys'][$key_name]); if (!hash_equals($hash, $_POST['token'])) { echo "access denied"; exit; } //create new file $handle = fopen($folder.$file, 'wb') or die("Error!!"); $content = ""; fwrite($handle, $content); fclose($handle); header("Location: file_options.php"); } else { //create a token $key_name = '/app/edit/file_new'; $_SESSION['keys'][$key_name] = bin2hex(random_bytes(32)); $_SESSION['token'] = hash_hmac('sha256', $key_name, $_SESSION['keys'][$key_name]); //include the header require_once "header.php"; //show the content echo "
"; echo "
"; echo "
"; echo ""; echo " "; echo " "; echo " "; echo " "; echo " "; echo " "; echo "
Path:
".$folder.$file."
"; echo "
"; echo ""; echo " "; echo " "; echo " "; echo " "; echo " "; echo " "; echo " "; echo " "; echo " "; echo "
".$text['label-file-name']."
"; echo " "; echo " "; echo " "; echo "
"; echo "
"; echo "
"; require_once "footer.php"; }