Subversion Repositories personal-webbase

<?php

//   -------------------------------------------------------------------------------

//  |                  net2ftp: a web based FTP client                              |

//  |              Copyright (c) 2003-2007 by David Gartner                         |

//  |                                                                               |

//  | This program is free software; you can redistribute it and/or                 |

//  | modify it under the terms of the GNU General Public License                   |

//  | as published by the Free Software Foundation; either version 2                |

//  | of the License, or (at your option) any later version.                        |

//  |                                                                               |

//   -------------------------------------------------------------------------------

// Make sure this file is included by net2ftp, not accessed directly

defined("NET2FTP") or die("Direct access to this location is not allowed.");

// -------------------------------------------------------------------------

// Overview of the code

// 1   Replace \' by ' (remove_magic_quotes)

// 2   Start the session

// 3   Register $_SERVER variables

// 4.1 Register main variables - POST method

// 4.2 Register main variables - GET method

// 5.1 Delete the session data when logging out

// 5.2 Redirect to login_small if session has expired

// 6   Register $_COOKIE variables

// 7   Determine the browser agent, version and platform

// -------------------------------------------------------------------------

// -------------------------------------------------------------------------

// 1 When a variable is submitted, quotes ' are replaced by backslash-quotes \'

// This function removes the extra backslash that is added

// -------------------------------------------------------------------------

if (get_magic_quotes_gpc() == 1) {

        remove_magic_quotes($_POST);

        remove_magic_quotes($_GET);

        remove_magic_quotes($_COOKIE);

}

// Do not add remove_magic_quotes for $GLOBALS because this would call the same

// function a second time, replacing \' by ' and \" by "

// -------------------------------------------------------------------------

// 2 Start the session

// -------------------------------------------------------------------------

if (function_exists("session_name") == false) {

        $net2ftp_result["success"]         = false;

        $net2ftp_result["error_message"]   = "Sessions are not supported on this server.";

        $net2ftp_result["debug_backtrace"] = debug_backtrace();

        logError();

        return false;

}

// Personal WebBase: Auskommentierung

/*

// PMA - Cookies are safer

ini_set("session.use_cookies", true);

// PMA - but not all user allow cookies

ini_set("session.use_only_cookies", false);

ini_set("session.use_trans_sid", true);

// PMA - Delete session/cookies when browser is closed

ini_set("session.cookie_lifetime", 0);

// PMA - Warn but dont work with bug

ini_set("session.bug_compat_42", false);

ini_set("session.bug_compat_warn", true);

// PMA - Use more secure session ids (with PHP 5)

if (version_compare(PHP_VERSION, "5.0.0", "ge") && substr(PHP_OS, 0, 3) != "WIN") {

        ini_set("session.hash_function", 1);

        ini_set("session.hash_bits_per_character", 6);

}

// PMA - [2006-01-25] Nicola Asuni - www.tecnick.com: maybe the PHP directive

// session.save_handler is set to another value like "user"

ini_set("session.save_handler", "files");

// Start the session

// PMA - On some servers (for example, sourceforge.net), we get a permission error on the session data directory, so prefix with @

@session_start();

// Check if the session ID and the IP address have changed

if (isset($_SESSION["net2ftp_session_id_new"]) == true)  { $_SESSION["net2ftp_session_id_old"]  = $_SESSION["net2ftp_session_id_new"]; }

else                                                     { $_SESSION["net2ftp_session_id_old"]  = ""; }

if (isset($_SESSION["net2ftp_remote_addr_new"]) == true) { $_SESSION["net2ftp_remote_addr_old"] = $_SESSION["net2ftp_remote_addr_new"]; }

else                                                     { $_SESSION["net2ftp_remote_addr_old"] = ""; }

$_SESSION["net2ftp_session_id_new"]  = session_id();

$_SESSION["net2ftp_remote_addr_new"] = $_SERVER["REMOTE_ADDR"];

*/

// Personal WebBase-Spezifischer Session-Abschnitt

 // http://de3.php.net/md5: Alexander Valyalkin

 function get_rnd_iv($iv_len)

 {

     $iv = '';

     while ($iv_len-- > 0) {

         $iv .= chr(mt_rand() & 0xff);

     }

     return $iv;

 }

 function ib_encrypt($plain_text, $password, $iv_len = 16)

 {

     $plain_text .= "\x13";

     $n = strlen($plain_text);

     if ($n % 16) $plain_text .= str_repeat("\0", 16 - ($n % 16));

     $i = 0;

     $enc_text = get_rnd_iv($iv_len);

     $iv = substr($password ^ $enc_text, 0, 512);

     while ($i < $n) {

         $block = substr($plain_text, $i, 16) ^ pack('H*', md5($iv));

         $enc_text .= $block;

         $iv = substr($block . $iv, 0, 512) ^ $password;

         $i += 16;

     }

     return base64_encode($enc_text);

 }

 function ib_decrypt($enc_text, $password, $iv_len = 16)

 {

     $enc_text = base64_decode($enc_text);

     $n = strlen($enc_text);

     $i = $iv_len;

     $plain_text = '';

     $iv = substr($password ^ substr($enc_text, 0, $iv_len), 0, 512);

     while ($i < $n) {

         $block = substr($enc_text, $i, 16);

         $plain_text .= $block ^ pack('H*', md5($iv));

         $iv = substr($block . $iv, 0, 512) ^ $password;

         $i += 16;

     }

     return preg_replace('/\\x13\\x00*$/', '', $plain_text);

 }

 define('WBLEGAL', '1');

 global $mysql_zugangsdaten;

 include '../../../includes/config.inc.php';

 if ((isset($lock)) && ($lock))

 {

   die('<h1>Personal WebBase ist gesperrt</h1>Die Variable &quot;$lock&quot; in &quot;includes/config.inc.php&quot; steht auf 1 bzw. true. Setzen Sie diese Variable erst auf 0, wenn das Hochladen der Dateien beim Installations- bzw. Updateprozess beendet ist. Wenn Sie Personal WebBase freigeben, bevor der Upload abgeschlossen ist, kann es zu einer Besch&auml;digung der Kundendatenbank kommen!');

 }

 //@ini_set('session.auto_start', 0);

 @ini_set('session.cache_expire', 180);

 @ini_set('session.use_trans_sid', 0);

 @ini_set('session.use_cookies', 1);

 @ini_set('session.use_only_cookies', 1);

 if ($force_ssl) @ini_set('session.cookie_secure', 1);

 @ini_set('session.cookie_lifetime', 0);

 @ini_set('session.gc_maxlifetime', 1440);

 @ini_set('session.bug_compat_42', 0);

 @ini_set('session.bug_compat_warn', 1);

 if (version_compare(PHP_VERSION, '5.0.0', 'ge') && substr(PHP_OS, 0, 3) != 'WIN')

 {

   @ini_set('session.hash_function', 1);

   @ini_set('session.hash_bits_per_character', 6);

 }

 @ini_set('session.save_handler', 'user');

 // @ini_set('session.save_path', '../../../includes/session/');

 //@ini_set('arg_separator.output', '&');

//@ini_set('url_rewriter.tags', 'a=href,area=href,frame=src,input=src,fieldset=');

 $ib_session_name = 'ironbase';

 @session_unset();

 @session_destroy();

 /* ib_newdatabasetable('sessions', $m2, 'SessionID', "varchar(255) NOT NULL",

                                      'LastUpdated', "datetime NOT NULL",

                                      'DataValue', "text"); */

 function sessao_open($aSavaPath, $aSessionName)

 {

        sessao_gc( ini_get('session.gc_maxlifetime') );

        return True;

 }

 function sessao_close()

 {

        return True;

 }

 function sessao_read( $aKey )

 {

        global $mysql_zugangsdaten;

        $ib_conn = @mysql_connect($mysql_zugangsdaten['server'], $mysql_zugangsdaten['username'], $mysql_zugangsdaten['passwort']);

        $ib_selc = @mysql_select_db($mysql_zugangsdaten['datenbank'], $ib_conn);

        $busca = mysql_query("SELECT `DataValue` FROM `".$mysql_zugangsdaten['praefix']."sessions` WHERE `SessionID` = '".mysql_real_escape_string($aKey)."'");

        if (mysql_num_rows($busca) == 0)

        {

              mysql_query("INSERT INTO `".$mysql_zugangsdaten['praefix']."sessions` (`SessionID`, `LastUpdated`, `DataValue`) VALUES ('".mysql_real_escape_string($aKey)."', NOW(), '')");

              @mysql_close($ib_conn);

              return '';

        }

        else

        {

              $r = mysql_fetch_array($busca);

              @mysql_close($ib_conn);

              return ib_decrypt($r['DataValue'], $mysql_zugangsdaten['username'].':'.$mysql_zugangsdaten['passwort']);

        }

 }

 function sessao_write( $aKey, $aVal )

 {

        global $mysql_zugangsdaten;

        $ib_conn = @mysql_connect($mysql_zugangsdaten['server'], $mysql_zugangsdaten['username'], $mysql_zugangsdaten['passwort']);

        $ib_selc = @mysql_select_db($mysql_zugangsdaten['datenbank'], $ib_conn);

        mysql_query("UPDATE `".$mysql_zugangsdaten['praefix']."sessions` SET `DataValue` = '".ib_encrypt($aVal, $mysql_zugangsdaten['username'].':'.$mysql_zugangsdaten['passwort'])."', `LastUpdated` = NOW() WHERE `SessionID` = '".mysql_real_escape_string($aKey)."'");

        @mysql_close($ib_conn);

        return True;

 }

 function sessao_destroy( $aKey )

 {

        global $mysql_zugangsdaten;

        $ib_conn = @mysql_connect($mysql_zugangsdaten['server'], $mysql_zugangsdaten['username'], $mysql_zugangsdaten['passwort']);

        $ib_selc = @mysql_select_db($mysql_zugangsdaten['datenbank'], $ib_conn);

        mysql_query("DELETE FROM `".$mysql_zugangsdaten['praefix']."sessions` WHERE `SessionID` = '".mysql_real_escape_string($aKey)."'");

        if (mysql_affected_rows() > 0)

          mysql_query("OPTIMIZE TABLE `".$mysql_zugangsdaten['praefix']."sessions`");

        @mysql_close($ib_conn);

        return True;

 }

 function sessao_gc( $aMaxLifeTime )

 {

        global $mysql_zugangsdaten;

        $ib_conn = @mysql_connect($mysql_zugangsdaten['server'], $mysql_zugangsdaten['username'], $mysql_zugangsdaten['passwort']);

        $ib_selc = @mysql_select_db($mysql_zugangsdaten['datenbank'], $ib_conn);

        mysql_query("DELETE FROM `".$mysql_zugangsdaten['praefix']."sessions` WHERE UNIX_TIMESTAMP(NOW()) - UNIX_TIMESTAMP(`LastUpdated`) > '".mysql_real_escape_string($aMaxLifeTime)."'");

        if (mysql_affected_rows() > 0)

          mysql_query("OPTIMIZE TABLE `".$mysql_zugangsdaten['praefix']."sessions`");

        @mysql_close($ib_conn);

        return True;

 }

 @session_set_save_handler("sessao_open", "sessao_close", "sessao_read", "sessao_write", "sessao_destroy", "sessao_gc");

 @session_name($ib_session_name);

 @session_start();

 if ($_SESSION['wb_user_type'] == '')

 {

 die('<script language="JavaScript">

 <!--

   alert("Sie sind nicht mehr in Personal WebBase eingeloggt!");

   parent.window.close();

 // -->

 </script>');

 }

 if (version_compare(PHP_VERSION, '5.1.2', 'lt') && isset($_COOKIE[$session_name]) && eregi("\r|\n", $_COOKIE[$session_name]))

 {

     die('Angriff');

 }

// http://lists.phpbar.de/pipermail/php/Week-of-Mon-20040322/007749.html

// Entnommen von functions.inc.php

function fetchip()

{

  $client_ip = (isset($_SERVER['HTTP_CLIENT_IP'])) ? $_SERVER['HTTP_CLIENT_IP'] : '';

  $x_forwarded_for = (isset($_SERVER['HTTP_X_FORWARDED_FOR'])) ? $_SERVER['HTTP_X_FORWARDED_FOR'] : '';

  $remote_addr = (isset($_SERVER['REMOTE_ADDR'])) ? $_SERVER['REMOTE_ADDR'] : '';

  if (!empty($client_ip))

  {

    $ip_expl = explode('.',$client_ip);

    $referer = explode('.',$remote_addr);

    if($referer[0] != $ip_expl[0])

    {

      $ip=array_reverse($ip_expl);

      $return=implode('.',$ip);

    }

    else

    {

      $return = $client_ip;

    }

  }

  else if (!empty($x_forwarded_for))

  {

    if(strstr($x_forwarded_for,','))

    {

      $ip_expl = explode(',',$x_forwarded_for);

      $return = end($ip_expl);

    }

    else

    {

      $return = $x_forwarded_for;

    }

  }

  else

  {

    $return = $remote_addr;

  }

  unset ($client_ip, $x_forwarded_for, $remote_addr, $ip_expl);

  return $return;

}

 $usedns = TRUE;

 $useragent = $_SERVER['HTTP_USER_AGENT'];

 $host = fetchip();

 if ($usedns) // <- war im Originalen $global['dns']... was soll das sein?!

   $dns = @gethostbyaddr($host);

 else

   $dns = $host;

 if ((isset($_SESSION['session_secured'])) && ($_SESSION['session_secured']))

 {

     if (

             (($_SESSION['host'] != $host) && !$usedns)

          || ($_SESSION['dns'] != $dns)

          || ($_SESSION['useragent'] != $useragent)

     ) {

         session_regenerate_id();

         session_unset();

     }

 } else {

     $_SESSION['host'] = $host;

     $_SESSION['dns'] = $dns;

     $_SESSION['useragent'] = $useragent;

     $_SESSION['session_secured'] = 1;

}

// Ende Personal WebBase-Abschnitt

// -------------------------------------------------------------------------

// 3 SERVER variabes

// -------------------------------------------------------------------------

if     (isset($_SERVER["SCRIPT_NAME"]) == true) { $net2ftp_globals["PHP_SELF"] = $_SERVER["SCRIPT_NAME"]; }

elseif (isset($_SERVER["PHP_SELF"]) == true)    { $net2ftp_globals["PHP_SELF"] = $_SERVER["PHP_SELF"]; }

else                                            { $net2ftp_globals["PHP_SELF"] = "index.php"; }

if (isset($_SERVER["HTTP_REFERER"]) == true)    { $net2ftp_globals["HTTP_REFERER"]    = $_SERVER["HTTP_REFERER"]; }

else                                            { $net2ftp_globals["HTTP_REFERER"]    = ""; }

if (isset($_SERVER["HTTP_USER_AGENT"]) == true) { $net2ftp_globals["HTTP_USER_AGENT"] = $_SERVER["HTTP_USER_AGENT"]; }

if (isset($_SERVER["REMOTE_ADDR"]) == true)     { $net2ftp_globals["REMOTE_ADDR"]     = $_SERVER["REMOTE_ADDR"]; }

if (isset($_SERVER["REMOTE_PORT"]) == true)     { $net2ftp_globals["REMOTE_PORT"]     = $_SERVER["REMOTE_PORT"]; }

// Action URL

// Note that later on in this file parameters may be appended to the action_url (for Mambo and Drupal)

$net2ftp_globals["action_url"] = $net2ftp_globals["PHP_SELF"];

// -------------------------------------------------------------------------

// 4 Register main variables

// -------------------------------------------------------------------------

// ----------------------------------------------

// FTP server

// ----------------------------------------------

if     (isset($_POST["ftpserver"]) == true) { $net2ftp_globals["ftpserver"] = validateFtpserver($_POST["ftpserver"]); }

elseif (isset($_GET["ftpserver"]) == true)  { $net2ftp_globals["ftpserver"] = validateFtpserver($_GET["ftpserver"]); }

else                                        { $net2ftp_globals["ftpserver"] = validateFtpserver(""); }

$net2ftp_globals["ftpserver_html"] = htmlEncode2($net2ftp_globals["ftpserver"]);

$net2ftp_globals["ftpserver_url"]  = urlEncode2($net2ftp_globals["ftpserver"]);

$net2ftp_globals["ftpserver_js"]   = javascriptEncode2($net2ftp_globals["ftpserver"]);

// ----------------------------------------------

// FTP server port

// ----------------------------------------------

if     (isset($_POST["ftpserverport"]) == true) { $net2ftp_globals["ftpserverport"] = validateFtpserverport($_POST["ftpserverport"]); }

elseif (isset($_GET["ftpserverport"]) == true)  { $net2ftp_globals["ftpserverport"] = validateFtpserverport($_GET["ftpserverport"]); }

else                                            { $net2ftp_globals["ftpserverport"] = validateFtpserverport(""); }

$net2ftp_globals["ftpserverport_html"] = htmlEncode2($net2ftp_globals["ftpserverport"]);

$net2ftp_globals["ftpserverport_url"]  = urlEncode2($net2ftp_globals["ftpserverport"]);

$net2ftp_globals["ftpserverport_js"]   = javascriptEncode2($net2ftp_globals["ftpserverport"]);

// ----------------------------------------------

// Username

// ----------------------------------------------

if     (isset($_POST["username"]) == true) { $net2ftp_globals["username"] = validateUsername($_POST["username"]); }

elseif (isset($_GET["username"]) == true)  { $net2ftp_globals["username"] = validateUsername($_GET["username"]); }

else                                       { $net2ftp_globals["username"] = validateUsername(""); }

$net2ftp_globals["username_html"] = htmlEncode2($net2ftp_globals["username"]);

$net2ftp_globals["username_url"]  = urlEncode2($net2ftp_globals["username"]);

$net2ftp_globals["username_js"]   = javascriptEncode2($net2ftp_globals["username"]);

// ----------------------------------------------

// Password

// ----------------------------------------------

// From login form

if (isset($_POST["password"]) == true) {

        $net2ftp_globals["password_encrypted"]  = encryptPassword(trim($_POST["password"]));

        $_SESSION["net2ftp_password_encrypted_" . $net2ftp_globals["ftpserver"] . $net2ftp_globals["username"]] = encryptPassword(trim($_POST["password"]));

}

// From the upload page (SWFUpload Flash applet)

elseif (isset($_GET["password_encrypted"]) == true) {

        $net2ftp_globals["password_encrypted"]  = trim($_GET["password_encrypted"]);

        $_SESSION["net2ftp_password_encrypted_" . $net2ftp_globals["ftpserver"] . $net2ftp_globals["username"]] = trim($_GET["password_encrypted"]);

}

// ----------------------------------------------

// Language

// ----------------------------------------------

if     (isset($_POST["language"]) == true) { $net2ftp_globals["language"] = validateLanguage($_POST["language"]); }

elseif (isset($_GET["language"]) == true)  { $net2ftp_globals["language"] = validateLanguage($_GET["language"]); }

else                                       { $net2ftp_globals["language"] = validateLanguage(""); }

$net2ftp_globals["language_html"] = htmlEncode2($net2ftp_globals["language"]);

$net2ftp_globals["language_url"]  = urlEncode2($net2ftp_globals["language"]);

$net2ftp_globals["language_js"]   = javascriptEncode2($net2ftp_globals["language"]);

// ----------------------------------------------

// Skin

// ----------------------------------------------

if     (isset($_POST["skin"]) == true) { $net2ftp_globals["skin"] = validateSkin($_POST["skin"]); }

elseif (isset($_GET["skin"]) == true)  { $net2ftp_globals["skin"] = validateSkin($_GET["skin"]); }

else                                   { $net2ftp_globals["skin"] = validateSkin(""); }

$net2ftp_globals["skin_html"] = htmlEncode2($net2ftp_globals["skin"]);

$net2ftp_globals["skin_url"]  = urlEncode2($net2ftp_globals["skin"]);

$net2ftp_globals["skin_js"]   = javascriptEncode2($net2ftp_globals["skin"]);

$skinArray = getSkinArray();

$net2ftp_globals["image_url"] = $skinArray[$net2ftp_globals["skin"]]["image_url"];

// ----------------------------------------------

// FTP mode

// ----------------------------------------------

if     (isset($_POST["ftpmode"]) == true) { $net2ftp_globals["ftpmode"] = validateFtpmode($_POST["ftpmode"]); }

elseif (isset($_GET["ftpmode"]) == true)  { $net2ftp_globals["ftpmode"] = validateFtpmode($_GET["ftpmode"]); }

else                                      { $net2ftp_globals["ftpmode"] = validateFtpmode(""); }

$net2ftp_globals["ftpmode_html"] = htmlEncode2($net2ftp_globals["ftpmode"]);

$net2ftp_globals["ftpmode_url"]  = urlEncode2($net2ftp_globals["ftpmode"]);

$net2ftp_globals["ftpmode_js"]   = javascriptEncode2($net2ftp_globals["ftpmode"]);

// ----------------------------------------------

// Passive mode

// ----------------------------------------------

if     (isset($_POST["passivemode"]) == true) { $net2ftp_globals["passivemode"] = validatePassivemode($_POST["passivemode"]); }

elseif (isset($_GET["passivemode"]) == true)  { $net2ftp_globals["passivemode"] = validatePassivemode($_GET["passivemode"]); }

else                                          { $net2ftp_globals["passivemode"] = validatePassivemode(""); }

$net2ftp_globals["passivemode_html"] = htmlEncode2($net2ftp_globals["passivemode"]);

$net2ftp_globals["passivemode_url"]  = urlEncode2($net2ftp_globals["passivemode"]);

$net2ftp_globals["passivemode_js"]   = javascriptEncode2($net2ftp_globals["passivemode"]);

// ----------------------------------------------

// SSL connect

// ----------------------------------------------

if     (isset($_POST["sslconnect"]) == true) { $net2ftp_globals["sslconnect"] = validateSslconnect($_POST["sslconnect"]); }

elseif (isset($_GET["sslconnect"]) == true)  { $net2ftp_globals["sslconnect"] = validateSslconnect($_GET["sslconnect"]); }

else                                         { $net2ftp_globals["sslconnect"] = validateSslconnect(""); }

$net2ftp_globals["sslconnect_html"] = htmlEncode2($net2ftp_globals["sslconnect"]);

$net2ftp_globals["sslconnect_url"]  = urlEncode2($net2ftp_globals["sslconnect"]);

$net2ftp_globals["sslconnect_js"]   = javascriptEncode2($net2ftp_globals["sslconnect"]);

// ----------------------------------------------

// View mode

// ----------------------------------------------

if     (isset($_POST["viewmode"]) == true) { $net2ftp_globals["viewmode"] = validateViewmode($_POST["viewmode"]); }

elseif (isset($_GET["viewmode"]) == true)  { $net2ftp_globals["viewmode"] = validateViewmode($_GET["viewmode"]); }

else                                       { $net2ftp_globals["viewmode"] = validateViewmode(""); }

$net2ftp_globals["viewmode_html"] = htmlEncode2($net2ftp_globals["viewmode"]);

$net2ftp_globals["viewmode_url"]  = urlEncode2($net2ftp_globals["viewmode"]);

$net2ftp_globals["viewmode_js"]   = javascriptEncode2($net2ftp_globals["viewmode"]);

// ----------------------------------------------

// Sort

// ----------------------------------------------

if     (isset($_POST["sort"]) == true) { $net2ftp_globals["sort"] = validateSort($_POST["sort"]); }

elseif (isset($_GET["sort"]) == true)  { $net2ftp_globals["sort"] = validateSort($_GET["sort"]); }

else                                   { $net2ftp_globals["sort"] = validateSort(""); }

$net2ftp_globals["sort_html"] = htmlEncode2($net2ftp_globals["sort"]);

$net2ftp_globals["sort_url"]  = urlEncode2($net2ftp_globals["sort"]);

$net2ftp_globals["sort_js"]   = javascriptEncode2($net2ftp_globals["sort"]);

// ----------------------------------------------

// Sort order

// ----------------------------------------------

if     (isset($_POST["sortorder"]) == true) { $net2ftp_globals["sortorder"] = validateSortorder($_POST["sortorder"]); }

elseif (isset($_GET["sortorder"]) == true)  { $net2ftp_globals["sortorder"] = validateSortorder($_GET["sortorder"]); }

else                                        { $net2ftp_globals["sortorder"] = validateSortorder(""); }

$net2ftp_globals["sortorder_html"] = htmlEncode2($net2ftp_globals["sortorder"]);

$net2ftp_globals["sortorder_url"]  = urlEncode2($net2ftp_globals["sortorder"]);

$net2ftp_globals["sortorder_js"]   = javascriptEncode2($net2ftp_globals["sortorder"]);

// ----------------------------------------------

// State

// ----------------------------------------------

if     (isset($_POST["state"]) == true) { $net2ftp_globals["state"] = validateState($_POST["state"]); }

elseif (isset($_GET["state"]) == true)  { $net2ftp_globals["state"] = validateState($_GET["state"]); }

else                                    { $net2ftp_globals["state"] = validateState(""); }

$net2ftp_globals["state_html"] = htmlEncode2($net2ftp_globals["state"]);

$net2ftp_globals["state_url"]  = urlEncode2($net2ftp_globals["state"]);

$net2ftp_globals["state_js"]   = javascriptEncode2($net2ftp_globals["state"]);

// ----------------------------------------------

// State2

// ----------------------------------------------

if     (isset($_POST["state2"]) == true) { $net2ftp_globals["state2"] = validateState2($_POST["state2"]); }

elseif (isset($_GET["state2"]) == true)  { $net2ftp_globals["state2"] = validateState2($_GET["state2"]); }

else                                     { $net2ftp_globals["state2"] = validateState2(""); }

$net2ftp_globals["state2_html"] = htmlEncode2($net2ftp_globals["state2"]);

$net2ftp_globals["state2_url"]  = urlEncode2($net2ftp_globals["state2"]);

$net2ftp_globals["state2_js"]   = javascriptEncode2($net2ftp_globals["state2"]);

// ----------------------------------------------

// Directory

// ----------------------------------------------

if     (isset($_POST["directory"]) == true) { $net2ftp_globals["directory"] = validateDirectory($_POST["directory"]); }

elseif (isset($_GET["directory"]) == true)  { $net2ftp_globals["directory"] = validateDirectory($_GET["directory"]); }

else                                        { $net2ftp_globals["directory"] = ""; }

$net2ftp_globals["directory_html"] = htmlEncode2($net2ftp_globals["directory"]);

$net2ftp_globals["directory_url"]  = urlEncode2($net2ftp_globals["directory"]);

$net2ftp_globals["directory_js"]   = javascriptEncode2($net2ftp_globals["directory"]);

// printdirectory

if ($net2ftp_globals["directory"] != "" && $net2ftp_globals["directory"] != "/") {

        $net2ftp_globals["printdirectory"] = $net2ftp_globals["directory"];

}

else {

        $net2ftp_globals["printdirectory"] = "/";

}

// ----------------------------------------------

// Entry

// ----------------------------------------------

if     (isset($_POST["entry"]) == true) { $net2ftp_globals["entry"] = validateEntry($_POST["entry"]); }

elseif (isset($_GET["entry"]) == true)  { $net2ftp_globals["entry"] = validateEntry($_GET["entry"]); }

else                                    { $net2ftp_globals["entry"] = ""; }

// Do not validate $entry when following symlinks, as this removes the -> symbol

// Validation of $entry is done in /modules/followsymlink/followsymlink.inc.php

if ($net2ftp_globals["state"] == "followsymlink") {

        if     (isset($_POST["entry"]) == true) { $net2ftp_globals["entry"] = $_POST["entry"]; }

        elseif (isset($_GET["entry"]) == true)  { $net2ftp_globals["entry"] = $_GET["entry"]; }

}

$net2ftp_globals["entry_html"] = htmlEncode2($net2ftp_globals["entry"]);

$net2ftp_globals["entry_url"]  = urlEncode2($net2ftp_globals["entry"]);

$net2ftp_globals["entry_js"]   = javascriptEncode2($net2ftp_globals["entry"]);

// ----------------------------------------------

// Screen

// ----------------------------------------------

if     (isset($_POST["screen"]) == true) { $net2ftp_globals["screen"] = validateScreen($_POST["screen"]); }

elseif (isset($_GET["screen"]) == true)  { $net2ftp_globals["screen"] = validateScreen($_GET["screen"]); }

else                                     { $net2ftp_globals["screen"] = validateScreen(""); }

$net2ftp_globals["screen_html"] = htmlEncode2($net2ftp_globals["screen"]);

$net2ftp_globals["screen_url"]  = urlEncode2($net2ftp_globals["screen"]);

$net2ftp_globals["screen_js"]   = javascriptEncode2($net2ftp_globals["screen"]);