[HACK] File manager with webadmin.php

« [hack] Add flash to Posts, with Admin hack for easy entry :: [Hack] Debugging without the Hacking »
Author Message
c_r_t_
Posted: Fri Apr 28, 2006 14:03     Topic subject: [HACK] File manager with webadmin.php

I have integrated [url=http://wacker-welt.de/webadmin/]webadmin.php[/url] into the back-end as a file manager. I am not sure how useful this is since Phoenix already has a file manager, but I am so sick of people "persuading" me to switch to WordPress that I have decided to contribute whatever I have to the community. Hopefully someone will find it useful.

This hack was developed on v0.9.0.11.

1. Download [url=http://wacker-welt.de/webadmin/]webadmin.php[/url].

2. Add the lines enclosed between "B2EVO HACK" to webadmin.php (for login control and headers):

Code

/* Filenames related to the apache web server:
*/
$htaccess = '.htaccess';
$htpasswd = '.htpasswd';
 
/*-----------------B2EVO HACK---------------------*/
require_once( dirname(__FILE__). '/_header.php' );
require_once( dirname(__FILE__) . '/../conf/_admin.php' );
 
$admin_tab = 'uploads';
$admin_pagetitle = T_('File management');
require( dirname(__FILE__).'/_menutop.php' );
require( dirname(__FILE__).'/_menutop_end.php' );
 
$homedir = 'e:\your\b2evo\media\path';
 
/* ----------------END B2EVO HACK---------------- */
 
if (get_magic_quotes_gpc()) {

3. Add the lines enclosed between "B2EVO HACK" to webadmin.php, somewhere above "switch ($action)" (for preventing user from wandering outside the media folder):

Code

/*-----------------B2EVO HACK---------------------*/
if ( ( strpos($directory, $homedir) === FALSE
     || strpos($directory, $homedir) != 0  )
     || ( !empty($_REQUEST['destination']) && $action != 'rename'
     && ( strpos(addslash($_REQUEST['destination']), $homedir) === FALSE
     || strpos(addslash($_REQUEST['destination']), $homedir) != 0) ) )
{
   $directory = $homedir;
   listing_page('<tr id="error"><td>Permission denied</td></tr>');
 
}
/* ----------------END B2EVO HACK---------------- */
 
switch ($action) {
 
case 'view':

3. Upload the edited webadmin.php to your b2evo/admin folder.

4. Modify _menutop.php to show the file manager tab. Add the lines enclosed between "WEBADMIN HACK":

Code

if( $admin_tab == 'tools' )
  echo '<li class="current">';
else
  echo '<li>';
echo '<a href="tools.php" >', T_('Tools'), '</a></li>';
 
/*-----------------WEBADMIN HACK---------------------*/
if( $admin_tab == 'uploads' )
  echo '<li class="current">';
else
  echo '<li>';
echo '<a href="webadmin.php" >', T_('File Management'), '</a></li>';
/*-----------------END WEBADMIN HACK---------------------*/

That's all. You should be able to access the "File Management" tab after you login.

Back to top
 
wannhoff
Posted: Sat May 13, 2006 18:57

Hi, I want to use this hack in 0.91, but i´ve got en error with :
permission denied
where must i give the ftp--Login and passwords into??
without password my server will never give any informations to fileManager....

Back to top
 
c_r_t_
Posted: Mon May 15, 2006 05:49

Hi Wannhoff,

I think the login and password thingy is specific to apache servers. I am using IIS so I am not 100% sure how it works.

I suggest you try your server login name and password. If that does not work, try to add a line to webadmin.php:

Code

if (!empty($_SERVER['SERVER_SOFTWARE'])) {
  if (strtolower(substr($_SERVER['SERVER_SOFTWARE'], 0, 6)) == 'apache') {
    $apache = true;
  } else {
    $apache = false;
  }
} else {
  $apache = true;
}
//Add following line to disable authentication related to Apache server
$apache = false;

This should disable the authentication process related to Apache server. It should be safe if you have added the b2evo hack for login control.

I have not tested this yet because I am using IIS. Looking at the code it should not cause anything disastrous, but use at your own risk.

Back to top