############################################################# # # # Version 1.00 (by Preston Lord) # # zipur@ebboard.ca # # # # This is a free script that allows management of an # # iHTML Server. To inatll follow the directions below. # # # ############################################################# DESCRIPTION: iFILE_GUI is a server-side tool that can be used through a remote browser to make use of the file management tags in iHTML(www.ihtml.com). This util can be used with multiple user levels and securities to allow a complete roll-out for file management for you sites and clients. You can create and manage user accounts with the following abilities: -Allow multiple directory path access -Limit to certain directories -Limit to certain folder size -Hide full server paths -Restrict users to upload & maintain certain file extensions -Allow users to view only certain file extensions -Restrict Users -Folder Access -New, Copy, Delete, Move, Rename, Zip -File Access -New, Copy, Delete, Move, Rename, Download, Zip Unzip, Edit, Upload -If allowed, users can zip and unzip files on the server right through their browser!!! -User logging is integrated to allow you to keep an eye on how users are using this utility. You can specify joint logs or individula logs per user. -The Admin allows for easy user setup and maintenance. -You can even specify different email addresses for support for each user account. -SEE THE "SETTINGS EXPLAINED" at the end of this file. REQUIREMENTS: -iHTML ENTERPRISE PLUS(latest version) -The following tags have to be enabled on your server: iCOPYFILE iDOWNLOAD iFILE iFILEINFO iGETMIMEFILE SECURITY CONCERNS: -iFILE_GUI checks all variables for possible hacks including use of the following in filenames and navigation bars: " ' ` : .. // < > By removing these characters you are limited to creating files and folders within your allowed folders only. **** WARNING **** iFILE_GUI can admin any server that it is uploaded to. This is a great utility for admins to use and offer to clients, BUT if a user gets this util and uploads it to your server with them as the admin, they will be able to admin your entire server!! GNU GENERAL PUBLIC LICENSE Everyone is permitted to copy and distribute verbatim copies of this license document, but changing it is not allowed. Current version can be downloaded from www.ihtmlvault.com or email zipur@ebboard.ca for a copy. INSTALL WIN32/LINUX Copy all the files to a directory on your server. Secure the ifile_gui_users folder with authentication from your webserver. If you want to rename the main file ifile_gui.ihtml you will have to edit that file and change the "thisfilename" variable. Also change the "thisfilename" variable in the the file ifile_gui_users/ifile_gui_admin.ihtml. Then change the index file to redirect to the new filename. Edit the file ifile_gui_users/ifile_gui_defaults.inc to the suggested defaults when creating new users The default login for admin is Admin:Admin. MAKE SURE YOU CHANGE THIS PASSWORD!!! Now you can login and create and manage accounts. SETTINGS EXPLAINED Each user has a list of settings that control their abilities. Below is a description of how these settings affect iFILE-GUI and the security risks involved in certain usage. USERNAME This is the login name that the user will type in to gain access to their iFILE_GUI account. PASSWORD This is the password that the user will have to type to gain access to their account. This password is encrypted using MD5 and stored in the users file. LOG Enabling this feature will log all actions by the user to the specified file. DEFAULT PATH The default path is the starting point for the user. This is a folder somewhere on your server. Example: f:/website/htdocs/users/zipur/ LIMIT PATHS This setting is used to limit the allowed paths of your users. Example: c:/,f:/ Limits users to only using f:/ and c:/ They can access all files and directories in their limit paths. ie. c:/winnt/system32/ Example: f:/website/htdocs/users/zipur/,f:/website/htdocs/users/preston/ Limits the user to using either folder and all files amd subdirectories within them. NOTE: The limit paths MUST allow access to the specified default path. If the Limit Paths is the same as Default Path then the servers full path will be hidden. Example: DEFAULT PATH= f:/website/htdocs/users/zipur/ LIMIT PATHS = f:/website/htdocs/users/zipur/ LIMIT TO SIZE This feature allows you to restrict users to a limited folder size. For example if this is set to 10 (MB) then users will be limited to only having 10MB total server space. 0=DISABLED NOTE: If this is enabled, users will be restricted to their default path and all full server paths will be hidden. WARNING!!! The folder size routine is designed for small folder structures and will crash if you attempt to use it for large directories. Example: f:/website/htdocs/users/zipur/ <---- this is ok f:/ <---- this would be really bad if there is a lot of data on drive f:/ SUPPORT EMAIL Support email is a setting that just puts a support link on the iFILE_GUI for your users to click on for support. Leave blank if you wish to remove it. ALLOWED UPLOAD EXTENSIONS This option restricts not only which file types users can upload, but also strops them from changing, copying, or deleting any file types not in the list. Example: .gif,.jpg,.htm,.js,.txt The above example would allow users to manipulate and upload any file of the listed types. Example: *.* Allow full functionality with all file types. ONLY VIEW EXTENSIONS This setting will restrict users from seeing files. Example: *.gif,.jpg,.txt The above example would limit users to only seeing files of the listed types. WARNING!!! This is only for filtering, not security. Users will still be able to copy over files they cannot see in their allowed paths. This feature should be set to work with the allowed upload extensions. Example: ALLOWED UPLOAD EXTENSIONS = .gif,.jpg,.htm,.js,.txt ONLY VIEW EXTENSIONS = *.* Example: ALLOWED UPLOAD EXTENSIONS = .gif,.jpg,.htm,.js,.txt ONLY VIEW EXTENSIONS = .gif,.jpg,.htm,.js,.txt FOLDER SECURITY -Folder Access -New, Copy, Delete, Move, Rename (self explanitory) -Zip (allow bzip(bz2) of folders) -Recursive Delete ***WARNING*** If enabled, users can delete entire directory structures with a single click. Imagine the command "Delete c:\winnt\" :( FILE SECURITY -File Access -New, Copy, Delete, Move, Rename, Download, Edit, Upload (self explanitory) -Zip (allow bzip(bz2) of files) -Unzip (allow un-bzip(bz2) of files bzip file only) iFILE_GUI comes with no warranties and in no way is Preston Lord responsible for any mis-use of this program. BUGS: >>> Report bugs to zipur@ebboard.ca I hope you appreciate and enjoy the FREE iFILE_GUI Utility!