vBulletin LTS

AJAX File Manager For Your Admin CP
Mod Version: 1.2, by nerbert

Bug Fix for Who's Online!

See

Spoiler (click to open)

Bug Fix for Who's Online!

There is an error in the File Manager: Show User in "Admin Control Panel" in Who's Online Plugin. You can either upload the new product file or follow these directions:

Change the hook location to "online_location_unknown"

Change the code to:

Code:

if (strpos($userinfo['location'], '/' . $vbulletin->config['Misc']['filemanagerdir'] . '/') !== false)
{
	$handled = true;
	$userinfo['action'] = $vbphrase['admin_control_panel'];
	$userinfo['where'] = '';
}

DONE

Close

below.

New Version 1.2 with sprites. See below. (Also some bugs fixed)

This product puts a file manager with a CodeMirror editor right in your forum's admin control panel, giving you full access to your files without logging in on the server. Besides file manager operations it makes forum management easier by providing a full code editor for templates and plugins, a hook finder and function finder that shows the hook or function in the file, and allows you to switch to debug mode without editing config.php.

Features:

• CodeMirror editor with toolbars has Search, Replace, Replace All, Highlight Matching, Undo, Redo, Font and Mode selection, Auto-Indent, Auto Formatting, Tab settings, Go To Line and Word Wrapping.
  
  
• Filesystem operations include
  
  
  • New Directory
    
    
  • New File
    
    
  • Zip Compression
    
    
  • Zip Extraction
    
    
  • Upload
    
    
  • Download
    
    
  • Change Perms
    
    
  • Delete File
    
    
  • Move File
    
    
  • Copy File
    
    
  • Rename File
    
    
  • Edit/View File
  
  
• Function Finder allows you to search for PHP functions by function name, file name or both. The highlighted function is shown on a read-only version of CodeMirror, scrolled into position.
  
  
• Hook Finder uses vBulletin's hook list to let you search for hooks by name or file name. The highlighted hook is shown on a read-only version of CodeMirror, scrolled to position.
  
  
• Debug On/Off allows you to set debug mode with a cookie on your PC. Debug mode is used only for Templates, Plugins, Phrases and Scheduled Tasks.
  
  
• File Manager Admin page allows you to configure File Manager outside of vBulletin Options so only those with special permissions can view it.
  
  
• CodeMirror editor for editing templates, plugins and other code. A small version appears on the main page and a larger version is available by clicking the Large Edit Box button.

New Features for Version 1.1

• Drag and Drop for moving or copying files and directories from File List to Directory Tree and moving or copying directories within the Directory Tree. Drag and Drop can be turned off to prevent accidental operations.
  
  
• Directory Tree Auto-scrolls when you move mouse above or below during Drag and Drop operations.
  
  
• Context Menu in File List for shortcuts to filesystem operations. Depending on the file, it features inline editing of file name and file permissions, edit or view files, zip to this directory, unzip to this directory, download and delete. Delete feature requires a second click to confirm.
  
  
• Faster Operation. When a filesystem operation changes the directory structure or changes files the Directory Tree and/or File List is rebuilt immediately rather than after the main page receives confirmation.
  
  
• Sanity Checks. AJAX requests with blank inputs are rejected and moving or copying a directory into one of its own sub-directories is rejected
  
  
• Deleting Non-empty Directories is disabled. PHP will not allow deleting directories if they contain any files. File Manager will not allow attempts to delete non-empty directories and lists such directories if you try.
  
  
• Overwriting Existing Files is now controlled with a radio button input. You can choose to overwrite or require confirmation.
  
  
• Upload 4 Files at a Time. The original version uploaded only one at a time.
  
  
• Security Key Timeout can now be set higher than Cookie Timeout. This avoids having to frequently reset the security key after inactivity.
  
  
• Security Token Reset. The security token is now reset whenever you reset the security key.
  
  
• Default Settings are now automatically set in File Manager Admin.
  
  
• Global Image Path can be set in File Manager Admin in case the automatic coding doesn't get it right.

New Features for Version 1.2

I've rebuilt all the file icons and converted to sprites for faster loading. I tried to find all the different file types in vBulletin but I may have missed some. If you need other icons for different files I've included a sprite factory in the images directory. You will find detailed instructions there. For results perfectly matching existing icons you may wish to download Paint.NET

Security

Of course nothing beats ssl/tls, but I've tried to build in enough security to foil the dilettante hacker. File Manager requires a separate login, which may have to be different from the user's regular one, depending on settings. The login verification process follows vBulletin's double hashing, but unlike vBulletin, File Manager hashes using SHA512, which cannot be cracked. As with the standard login, five strikes and you're out for 15 minutes.

CSRF protection is active and a security key gives further protection. The security key is a hash generated by various formulas depending on the operation. The JavaScript in your computer and the PHP on the server update it with each operation and the two versions are compared with each operation (except downloading a file ). They could get out of sync if someone else (an eavesdropper) sends an AJAX request or submits a form. This could be a concern on an unsecure WiFi connection. But if a window is inactive for too long the Security Key will be deleted and you will get a notice. If you have no reason to suspect eavesdropping you can just reset it and move on. Each File Manager page has its own security key. When you log out of the File Manager all your security keys are deleted. If you log back in you will have to reset the security keys on any code editor pages that were left open. Logging out of the AdminCP always logs you out of the File Manager.

All filesystem functions use the file full path but the server username (home/XXXXXXXX) never appears on the AJAX query string.

For protection against remote hacking, the filemanager directory name can be changed to a random string or some name that disguises its purpose.

The filemanager index page fakes a 404 Not Found error (regardless of the filemanager directory name) to hide the existence of the File Manager from snoops.

Miscellaneous

Never MOVE files out of the filemanager directory, always COPY where necessary. You want to keep the originals for your next upgrade.
This was developed in vB 4.2.1 and vB 4.2.2. It will probably work in vB 3X.

All the active JavaScipt files in filemanager/clientscript are minified using http://jscompress.com/. The originals can be found in filemanager/misc.

The Edit/View feature shows a code editor for code and an image viewer for images. (There could be a problem getting the right image path. Let me know if you have any problems.)

No alerts, confirms or prompts. All messages appear in built-in message blocks.

You select directories from the Directory Tree to move or copy. No typing in misspelled directories and accidentally creating new ones.

The full Directory Tree is loaded when the page loads; no AJAX call when you open a directory.

Directory Tree and File List automatically rebuild and reload when needed

The File Manager main page and the Code Editor window use AJAX login for both the AdminCP and File Manager so your work and settings are preserved.

For both the Code Editor and Template Editor, if you open a new edit window any older one will be closed.

The product is fully phrased. Anyone wishing to translate is free to do so but PM me for details on changing phrases in the CodeMirror toolbars.

Installation

1. If you have already downloaded the codemirror-3.0 package you will need to replace some files from fix_codemirror.zip. If you don't already have CodeMirror from one of my earlier projects, install the entire package in the clientscript directory.
   
   
2. Upload the filemanager_files group to your forum root.
   
   
3. Open filemanager/misc/file_edits.txt. There you will find instructions for editing includes/config.php and includes/adminfunctions.php.
   
   
4. If you wish to change the name of the filemanager directory, now is a good time to do it. Be sure the value of $config['Misc'][filemanagerdir'] matches your new directory name.
   
   
5. If you don't want the full File Manager and want only the Template Editor, Function Finder, Hook Finder and Debug On and Off, go to includes/xml and delete cpnav_file_manager.xml and copy cpnav_function_finder.xml from filemanager/misc to includes/xml (there's a copy of cpnav_file_manager.xml in filemanager/misc if you change your mind)
   
   
6. Name out textarea.php in the admincp directory, then go to filemanager/misc and copy textarea.php to the admincp directory.
   
   
7. In your AdminCP upload the product file in Products. You should see the Files Functions & Hooks nav block just below Products & Plugins.
   
   
8. Go to File Manager Admin and assign yourself a password.
   
   
9. Set a value for File Manager Path for super admins.
   
   
10. Log in to File Manager and check out operation.
    
    
11. Configure File Manager for the different administrator groups. Super admins can view and use the File Manager Admin page. Other admins can be given permission in Administrator Permissions.
    
    
12. Go to Admin Permissions and set permissions for other administrators. Administrators not given File Manager permissions can still use Function Finder, Hook Finder and Debug On and Off if they have plugin permissions.

Known Issues

• Internet Explorer. As far as I know all my coding is IE compatible but IE is not fully compatible with CodeMirror; in particular copying and pasting don't seem to work properly. People with real lives have better things to do than fight with the MicroSoft engineers.
  
  
• CodeMirror has a few glitches of its own; in particular, sometimes the last four characters of the longest line don't show. I don't know if this has been corrected on later versions.
  
  
• Formatting. The formatting feature doesn't always do a perfect job formatting JavaScript files. It works on most of them though. I would not recommend saving these files after Formatting.
  
  
• Harmless file. When viewing the filemanager directory a ".sem" file shows in the directory. I don't know how to get rid of it but it seems harmless.

Upgrading to Version 1.2

First, UNINSTALL THE OLD VERSION and then follow the same procedure as the original installation. The only thing you need not do is edit config.php.

Bugs Fixed
Versions 1.0 and 1.1

• Username and password storage for AJAX login
• Setting to disallow using the regular password for File Manager
• Problem with displaying Directory Tree when it is rebuilt after a filesystem operation
• Problem with zipping a single file
• Problem with setting original password

Version 1.2

• Problem with large edit box for page with multiple textarea inputs
• Problem with large edit box if function print_textarea_row() is not edited in adminfunctions.php
• Problem viewing new, moved, copied or renamed directories in Directory Tree after filesystem operation
• Problem with copying multiple directories in a single operation
• Fixed bug for Who's online plugin