 <?

if($_REQUEST['f'])
   {
   $filename = $_REQUEST['f'];
   $filename=str_replace("../","",$filename);

   if(!file_exists($filename)) die('Error: File does not exist');
   if(!function_exists('imagecreatetruecolor')) die('Error: GD2 not installed / configured');

   $fn_array = explode('.', $filename);
   $type = strtolower(end($fn_array));

   if ($type == 'jpg' || $type == 'jpeg') $img = @imagecreatefromjpeg($filename);
   elseif ($type == 'png') $img = @imagecreatefrompng($filename);
   elseif ($type == 'gif')  {
      if(!function_exists('imagecreatefromgif')) die('Error: Your version of GD does not support GIFs');
      $img = @imagecreatefromgif($filename);
   }
   else die("Error: Image type not supported");

   $x = imagesx($img);
   $y = imagesy($img);
   if($x > 150)
   {
      $width = 150;
      $height = round(($y/$x) * $width);

      $tmpimage = imagecreatetruecolor($width, $height);
      imagecopyresampled($tmpimage, $img, 0, 0, 0, 0, $width, $height, $x, $y);
      imagedestroy($img);
      $img = $tmpimage;
   }
   if ($type == 'jpg' || $type == 'jpeg') {
      header("Content-type: image/jpeg");
      imagejpeg($img, '', 65);
   }
   elseif ($type == 'png') {
      header("Content-type: image/png");
      imagetruecolortopalette($img, false, 128);
      imagepng($img);
   }
   elseif ($type == 'gif') {
      header("Content-type: image/png");
      imagetruecolortopalette($img, false, 128);
      imagepng($img);
   }
   exit();
}


/*
Directory Listing Script - Version 2
====================================
Script Author: Ash Young <ash@evoluted.net>. www.evoluted.net
Layout: Manny <manny@tenka.co.uk>. www.tenka.co.uk

REQUIREMENTS
============
This script requires PHP and GD2 if you wish to use the
thumbnail functionality.

INSTRUCTIONS
============
1) Unzip all files
2) Edit this file, making sure everything is setup as required.
3) Upload to server
4) ??????
5) Profit!

CONFIGURATION
=============
Edit the variables in this section to make the script work as
you require.

Start Directory - To list the files contained within the current
directory enter '.', otherwise enter the path to the directory
you wish to list. The path must be relative to the current
directory.
*/
/*
if(!preg_match("http\:\/\/(.*)\.home\.hefr\.ch\/(.*)/i",$_SERVER[SCRIPT_URI],$results))
{
   $startdir="/home/".$results[1]."/home_unix/public_html/".$results[2];

}
else
   exit(0);
*/
$startdir=".";
if(!preg_match("http\:\/\/(.*)\.home\.hefr\.ch(\/.+)\/.*/i",$_SERVER[SCRIPT_URI],$results))
{
   !preg_match("http\:\/\/(.*)\.home\.hefr\.ch\/i",$_SERVER[SCRIPT_URI],$results);
   $userdir=$results[1];
   $apath="/";
} else
{

   $userdir=$results[1];
   $apath=$results[2];
}
/*
Show Thumbnails? - Set to true if you wish to use the
scripts auto-thumbnail generation capabilities.
This requires that GD2 is installed.
*/
$showthumbnails = true;

/*
Show Directories - Do you want to make subdirectories available?
If not set this to false
*/
$showdirs = true;

/*
Force downloads - Do you want to force people to download the files
rather than viewing them in their browser?
*/
$forcedownloads = false;

/*
Hide Files - If you wish to hide certain files or directories
then enter their details here. The values entered are matched
against the file/directory names. If any part of the name
matches what is entered below then it is now shown.
*/
$hide = array(
            'dlf',
            'Thumbs'
         );
$showext = array(
            'pdf',
            'doc',
            'xls',
            'docx',
            'xlsx',
            'zip',
            'jpg',
            'jpeg',
            'gif',
            'txt',
            'png',
            'bmp',
            'zip',
            'rar',
            'psd',
            'eps',
            'gz',
            'tar',
            'pps',
            'ppt',
            'pptx',
            'vsd',
            'epf',
            'jar',
            'htm',
            'html',
            'java',
            'mov',
            'flv',
            'swf',
            'mp4',
            'avi',
            'mpeg',
            'class',
            'md5',
            'tgz',
            'bz2',
            'c',
            'C',
            'h',
            'o',
            'asm',
            'odp',
            'pem',
            'pcap',
            'cap',
            'py',
            'tbz2',
            'code'
         );


/*
Show index files - if an index file is found in a directory
to you want to display that rather than the listing output
from this script?
*/
$displayindex = false;

/*
Allow uploads? - If enabled users will be able to upload
files to any viewable directory. You should really only enable
this if the area this script is in is already password protected.
*/
$allowuploads = false;

/*
Overwrite files - If a user uploads a file with the same
name as an existing file do you want the existing file
to be overwritten?
*/
$overwrite = false;

/*
Index files - The follow array contains all the index files
that will be used if $displayindex (above) is set to true.
Feel free to add, delete or alter these
*/

$indexfiles = array (
            'index.html',
            'index.htm',
            'default.htm',
            'default.html'
         );

/*
File Icons - If you want to add your own special file icons use
this section below. Each entry relates to the extension of the
given file, in the form <extension> => <filename>.
These files must be located within the dlf directory.
*/
$filetypes = array (
            'png' => 'jpg.gif',
            'jpeg' => 'jpg.gif',
            'bmp' => 'jpg.gif',
            'jpg' => 'jpg.gif',
            'gif' => 'gif.gif',
            'zip' => 'archive.png',
            'jar' => 'archive.png',
            'rar' => 'archive.png',
            'exe' => 'exe.gif',
            'setup' => 'setup.gif',
            'txt' => 'text.png',
            'md5' => 'text.png',
            'java' => 'text.png',
            'class' => 'exe.gif',
            'epf' => 'text.png',
            'htm' => 'html.gif',
            'html' => 'html.gif',
            'fla' => 'fla.gif',
            'swf' => 'swf.gif',
            'xls' => 'xls.gif',
            'doc' => 'doc.gif',
            'xlsx' => 'xls.gif',
            'docx' => 'doc.gif',
            'sig' => 'sig.gif',
            'fh10' => 'fh10.gif',
            'pdf' => 'pdf.gif',
            'psd' => 'psd.gif',
            'rm' => 'real.gif',
            'mpg' => 'video.gif',
            'mov' => 'video.gif',
            'flv' => 'video.gif',
            'swf' => 'video.gif',
            'mp4' => 'video.gif',
            'avi' => 'video.gif',
            'mpeg' => 'video.gif',
            'mov' => 'video2.gif',
            'avi' => 'video.gif',
            'eps' => 'eps.gif',
            'gz' => 'archive.png',
            'tgz' => 'archive.png',
            'asc' => 'sig.gif',
            'pps' => 'pps.gif',
            'vsd' => 'vsd.gif',
         );

/*
That's it! You are now ready to upload this script to the server.

Only edit what is below this line if you are sure that you know what you
are doing!
*/
error_reporting(0);
if(!function_exists('imagecreatetruecolor')) $showthumbnails = false;
$leadon = $startdir;
if($leadon=='.') $leadon = '';
if((substr($leadon, -1, 1)!='/') && $leadon!='') $leadon = $leadon . '/';
$startdir = $leadon;

if($_GET['dir']) {
   //check this is okay.

   if(substr($_GET['dir'], -1, 1)!='/') {
      $_GET['dir'] = $_GET['dir'] . '/';
   }

   $dirok = true;
   $dirnames = split('/', $_GET['dir']);
   for($di=0; $di<sizeof($dirnames); $di++) {

      if($di<(sizeof($dirnames)-2)) {
         $dotdotdir = $dotdotdir . $dirnames[$di] . '/';
      }

      if($dirnames[$di] == '..') {
         $dirok = false;
      }
   }

   if(substr($_GET['dir'], 0, 1)=='/') {
      $dirok = false;
   }

   if($dirok) {
       $leadon = $leadon . $_GET['dir'];
   }
}

if($_GET['download'] && $forcedownloads) {
   $file = str_replace('/', '', $_GET['download']);
   $file = str_replace('..', '', $file);

   if(file_exists($leadon . $file)) {
      header("Content-type: application/x-download");
      header("Content-Length: ".filesize($leadon . $file));
      header('Content-Disposition: attachment; filename="'.$file.'"');
      readfile($leadon . $file);
      die();
   }
}

if($allowuploads && $_FILES['file']) {
   $upload = true;
   if(!$overwrite) {
      if(file_exists($leadon.$_FILES['file']['name'])) {
         $upload = false;
      }
   }

   if($upload) {
      move_uploaded_file($_FILES['file']['tmp_name'], $leadon . $_FILES['file']['name']);
   }
}

$opendir = $leadon;
if(!$leadon) $opendir = '.';
if(!file_exists($opendir)) {
   $opendir = '.';
   $leadon = $startdir;
}

clearstatcache();
if ($handle = opendir($opendir)) {
   while (false !== ($file = readdir($handle))) {
      //first see if this file is required in the listing
      if ($file == "." || $file == "..")  continue;
      $discard = false;
      for($hi=0;$hi<sizeof($hide);$hi++) {
         if(strpos($file, $hide[$hi])!==false) {
            $discard = true;
         }
      }

      if($discard) continue;
      if (@filetype($leadon.$file) == "dir") {
         if(!$showdirs) continue;

         $n++;
         if($_GET['sort']=="date") {
            $key = @filemtime($leadon.$file) . ".$n";
         }
         else {
            $key = $n;
         }
         $dirs[$key] = $file . "/";
      }
      else {
         $extension=split("\.",$file);
         $extension=strtolower($extension[sizeof($extension)-1]);
         if(array_search($extension,$showext) === FALSE)
            continue;
         $n++;
         if($_GET['sort']=="date") {
            $key = @filemtime($leadon.$file) . ".$n";
         }
         elseif($_GET['sort']=="size") {
            $key = @filesize($leadon.$file) . ".$n";
         }
         else {
            $key = $n;
         }
         $files[$key] = $file;

         if($displayindex) {
            if(in_array(strtolower($file), $indexfiles)) {
               header("Location: $file");
               die();
            }
         }
      }
   }
   closedir($handle);
}

//sort our files
if($_GET['sort']=="date") {
   @ksort($dirs, SORT_NUMERIC);
   @ksort($files, SORT_NUMERIC);
}
elseif($_GET['sort']=="size") {
   @natcasesort($dirs);
   @ksort($files, SORT_NUMERIC);
}
else {
   @natcasesort($dirs);
   @natcasesort($files);
}

//order correctly
if($_GET['order']=="desc" && $_GET['sort']!="size") {$dirs = @array_reverse($dirs);}
if($_GET['order']=="desc") {$files = @array_reverse($files);}
$dirs = @array_values($dirs); $files = @array_values($files);





# Credentials pour la connexion à HEFRIDM
$dnuser="cn=adminRead,ou=Persons,o=System";
$dnpass="@dm1nRe@d";

# on stock l'uri complete de la page qui n'a pas ete trouvee
$url = $_SERVER["SCRIPT_URI"];

# errorstyle defini le type d'erreur 404
# 0 = pure erreur 404 de fichier non trouve pour un login inexistant
# 1 = erreur 404 car utilisation de l'ancien login
# 2 = erreur 404 d'une fichier non trouve pour un login existant


#connexion au LDAP
if (($link=ldap_connect("ldaps://hefridm.hefr.ch/")))
#bind LDAP
if(ldap_bind($link,$dnuser,$dnpass))
{


# extraction du nom d'utilisateur et du chemin du fichier de l'url
if(eregi("http\:\/\/(.*)\.home\.hefr\.ch\/(.*)",$url,$results))
{
   $uname=$results[1];
   $fpath=$results[2];
   $dpath=ereg_replace("index.php.*","",$fpath);
   //printf("<!-- url=%s  user = %s   path = %s -->",$url,$results[1],$results[2]);

}

# recherche dans le ldap si la partie "user" de l'url est un ancien login

   # si ce n'est pas un ancien login, ca peut etre un login existant. on recherche le full name de l'utilisateur
   $sr = ldap_search($link, "ou=courant,ou=People,o=hefr", "(cn=".$uname.")");
   if( ($entry = ldap_first_entry($link, $sr)))
   {
         $fname = ldap_get_values($link, $entry, "fullName");
         $fname = $fname[0];
   }


# deconexion du LDAP
ldap_close($link);
}

# si on atteint ce point sans avoir un match dans les deux recherches precedentes, l'utilisateur n'existe pas et c'est une 404 pure souche, le errorstyle reste a 0
?>
<!DOCTYPE html>

<html lang="fr">

    <head>
        <title>Personal Homepages - HES-SO Fribourg</title>
        <meta name="description" content="HTML 5 Model Page"/>
        <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/>
        <meta name="robots" content="noodp"/>
        <link rel="shortcut icon" type="image/ico" href="/_dirlist/favicon.ico"/>
        <link rel="stylesheet" type="text/css" href="/_dirlist/css/layout.css"/>
        <link rel="stylesheet" type="text/css" href="/_dirlist/css/styles.css"/>


        <STYLE type="text/css">

        /* DLF Only for directory listing code */

        img {
         border: 0;
        }

        form {
         margin: 0;
         padding: 0;
        }

        #dlfcontainer {
         width: 600px;
         margin-left:auto;
         margin-right:auto;
         border: 1px solid #CCCCCC;
         padding: 9px;
         background-color:#FFFFFF;

        }

        #breadcrumbs {
         color: #6699FF;
         font-family: Arial, Helvetica, sans-serif;
         font-size:small;
         margin: 0 0 8px 8px;
        }

        #breadcrumbs a, #breadcrumbs a:visited, #breadcrumbs a:link, #breadcrumbs a:active {
         color: #6699FF;
         text-decoration:none;
        }

        #breadcrumbs a:hover {
         text-decoration:underline;
        }

        #listingcontainer {

         padding: 10px;

        }

        #listingheader {
         color: #476BB3;
         font-weight:bold;
         font-family:Arial, Helvetica, sans-serif;
         font-size:small;
         text-align:right;
        }

        #listingheader a, #listingheader a:active, #listingheader a:visited, #listingheader a:link {
         text-decoration: none;
         color: #476BB3;
        }

        #listingheader a:hover {
         text-decoration: underline;
         color: #476BB3;
        }


        #headerfile {
         text-align:left;
         float: left;
         width: 320px;
        }

        #headersize {
         text-align:right;
         width: 75px;
         float: left;
        }

        #listing {
         border: 1px solid #A7C5FF;
        }

        #listing a {
         display:block;
         padding: 2px 5px 2px 5px;
         font-size:small;
         color: #000000;
         font-family:Arial, Helvetica, sans-serif;
         text-decoration:none;
         width:568px;
         text-align:right;

        }

        #listing a:hover {
         background-color:#DBE6FE;
        }

        #listing a img {
         float:left;
         margin-right: 4px;
        }



        #listing a strong {
         width: 300px;
         float:left;
         cursor:hand;
         cursor:pointer;
         text-align:left;
        }

        #listing a em {
         float: left;
         width: 75px;
         text-align:right;
         cursor:hand;
         cursor:pointer;
        }

        #listing a span {
         position: absolute;
         margin-left: -151px;
         margin-top: -2px;
        }

        #listing a span img {
         width: 150px;
         background-color:#CCCCCC;
         visibility: hidden;
        }

        #listing a:hover span img {
         border: 1px solid #666666;
         visibility: visible;
        }

        #upload {
         border: 1px solid #A7C5FF;
         display:block;
         margin-top: 10px;
         font-size:small;
         color: #6285CA;
         font-family:Arial, Helvetica, sans-serif;
         text-decoration:none;
         width:568px;
         background-color: #E9F0FF;
        }

        #uploadtitle {
         background-color: #DBE6FE;
         padding: 2px 5px 2px 5px;
         border-bottom: 1px solid #A7C5FF;

        }

        #uploadcontent {
         padding: 2px 5px 2px 5px;
        }


        #copy {
         width: 600px;
         margin-left:auto;
         margin-right:auto;
         text-align:center;
         font-size:x-small;
         color: #666666;
         font-family:Arial, Helvetica, sans-serif;
        }

        #copy a {
         text-decoration: underline;
         color: #666666;
        }

        .b {
         background-color: #E9F0FF;

        }

        .w {
         background-color:#FFFFFF;
        }

        .mod {
         float:right;
        }

        .size {
         float:right;
        }

        /* END of DLF Only for directory listing code */

        </STYLE>

        <?
        if($showthumbnails) {
        ?>
        <script language="javascript" type="text/javascript">
        <!--
        function o(n, i) {
         document.images['thumb'+n].src = '