isDir() ? rmdir((string)$f) : unlink((string)$f); rmdir($path); } // ════ SISTEMA DE ICONOS SVG ════ function icon(string $name, int $size = 16, string $color = 'currentColor'): string { static $p = [ 'folder' => '', 'folder-plus' => '', 'file' => '', 'file-text' => '', 'archive' => '', 'image' => '', 'code' => '', 'database' => '', 'monitor' => '', 'music' => '', 'video' => '', 'smartphone' => '', 'lock' => '', 'unlock' => '', 'upload' => '', 'download' => '', 'trash' => '', 'edit' => '', 'users' => '', 'user-plus' => '', 'user-x' => '', 'key' => '', 'log-out' => '', 'plus' => '', 'home' => '', 'chevron-r' => '', 'check' => '', 'x' => '', 'shield' => '', 'eye' => '', 'globe' => '', 'refresh' => '', 'alert' => '', ]; $path = $p[$name] ?? $p['file']; return '' . $path . ''; } function fileIcon(string $name, bool $isDir, int $size = 18, string $color = 'currentColor'): string { if ($isDir) return icon('folder', $size, $color); static $m = [ 'pdf'=>'file-text','doc'=>'file-text','docx'=>'file-text','odt'=>'file-text', 'xls'=>'file-text','xlsx'=>'file-text','csv'=>'file-text', 'ppt'=>'file-text','pptx'=>'file-text', 'zip'=>'archive','rar'=>'archive','7z'=>'archive','gz'=>'archive','tar'=>'archive', 'jpg'=>'image','jpeg'=>'image','png'=>'image','gif'=>'image','svg'=>'image','webp'=>'image', 'mp4'=>'video','avi'=>'video','mkv'=>'video','mov'=>'video','wmv'=>'video', 'mp3'=>'music','wav'=>'music','ogg'=>'music','flac'=>'music', 'php'=>'code','js'=>'code','ts'=>'code','css'=>'code','html'=>'code','htm'=>'code', 'py'=>'code','rb'=>'code','sh'=>'code', 'mdb'=>'database','sql'=>'database','db'=>'database','sqlite'=>'database', 'exe'=>'monitor','msi'=>'monitor','bat'=>'monitor','cmd'=>'monitor', 'apk'=>'smartphone', ]; $ext = strtolower(pathinfo($name, PATHINFO_EXTENSION)); return icon($m[$ext] ?? 'file', $size, $color); } // ════ GESTIÓN DE .htpasswd ════ function htFile(): string { return BASE_DIR . DIRECTORY_SEPARATOR . 'secret' . DIRECTORY_SEPARATOR . '.htpasswd'; } function htRead(): array { if (!file_exists(htFile())) return []; $users = []; foreach (file(htFile(), FILE_IGNORE_NEW_LINES | FILE_SKIP_EMPTY_LINES) as $line) { $parts = explode(':', $line, 2); if (count($parts) === 2) $users[trim($parts[0])] = trim($parts[1]); } return $users; } function htWrite(array $users): void { $dir = dirname(htFile()); if (!is_dir($dir)) @mkdir($dir, 0755, true); $out = ''; foreach ($users as $u => $h) $out .= trim($u) . ':' . trim($h) . "\n"; file_put_contents(htFile(), $out); @chmod(htFile(), 0644); } function htSetUser(string $u, string $pass): void { $users = htRead(); // Bcrypt cost=10 (compatible con todas las versiones de Apache 2.4+), // password_hash() genera $2y$ que es exactamente lo que Apache espera. $users[$u] = password_hash($pass, PASSWORD_BCRYPT, ['cost' => 10]); htWrite($users); } function htDelUser(string $u): void { $users = htRead(); unset($users[$u]); htWrite($users); } function folderUser(string $absDir): ?string { $ht = $absDir . DIRECTORY_SEPARATOR . '.htaccess'; if (!file_exists($ht)) return null; return preg_match('/^\s*Require\s+user\s+(\S+)/im', file_get_contents($ht), $m) ? $m[1] : null; } function folderSetUser(string $absDir, string $u): bool { // Carpeta privada con auth: el cliente autenticado DEBE poder ver el listing // (mod_autoindex). FancyIndexing hace el listado mucho más prolijo. $content = "AuthUserFile /home/alpha2000/public_html/sistemas/secret/.htpasswd\n" . "AuthName \"ALPHA2000\"\n" . "AuthType Basic\n" . "Require user $u\n" . "Options +Indexes\n" . "IndexOptions FancyIndexing HTMLTable VersionSort FoldersFirst IgnoreCase NameWidth=* SuppressDescription SuppressIcon\n" . "IndexIgnore .htaccess .htpasswd .DS_Store Thumbs.db\n"; $path = $absDir . DIRECTORY_SEPARATOR . '.htaccess'; $ok = @file_put_contents($path, $content) !== false; if ($ok) @chmod($path, 0644); return $ok; } function folderRemoveUser(string $absDir): bool { // "Sin contraseña" = carpeta pública navegable. // +Indexes para que el listado funcione (sin esto + sin index = 403). // El .htaccess se mantiene para que la carpeta siga apareciendo en el panel // de Permisos y se le pueda reasignar un usuario fácilmente más adelante. $path = $absDir . DIRECTORY_SEPARATOR . '.htaccess'; $content = "Options +Indexes\n" . "IndexOptions FancyIndexing HTMLTable VersionSort FoldersFirst IgnoreCase NameWidth=* SuppressDescription SuppressIcon\n" . "IndexIgnore .htaccess .htpasswd .DS_Store Thumbs.db\n"; $ok = @file_put_contents($path, $content) !== false; if ($ok) @chmod($path, 0644); return $ok; } function htUserFolders(): array { $result = []; foreach (allPrivateDirs() as $dir) { if ($dir['user']) $result[$dir['user']][] = $dir['name']; } return $result; } /** Returns all dirs with .htaccess, up to 2 levels deep */ function allPrivateDirs(): array { $skip = ['secret', '.git', '.well-known']; $result = []; $scan = function(string $absBase, string $relBase, int $depth) use (&$scan, $skip, &$result) { if ($depth > 1) return; foreach (new DirectoryIterator($absBase) as $item) { if (!$item->isDir() || $item->isDot()) continue; $name = $item->getFilename(); if (in_array($name, $skip) || $name[0] === '.') continue; $abs = $item->getPathname(); $rel = ($relBase ? $relBase . '/' : '') . $name; if (file_exists($abs . DIRECTORY_SEPARATOR . '.htaccess')) { $result[] = [ 'rel' => $rel, 'abs' => $abs, 'name' => $name, 'user' => folderUser($abs), ]; } $scan($abs, $rel, $depth + 1); } }; $scan(BASE_DIR, '', 0); usort($result, fn($a,$b) => strcasecmp($a['rel'], $b['rel'])); return $result; } // ════════════════════════════════════════════════════════════ // SETUP (primera ejecución) // ════════════════════════════════════════════════════════════ $needsSetup = !file_exists(CONFIG_FILE); $setupError = null; if ($needsSetup) { if ($_SERVER['REQUEST_METHOD'] === 'POST' && isset($_POST['setup'])) { $su = trim($_POST['su'] ?? ''); $sp = $_POST['sp'] ?? ''; $sp2 = $_POST['sp2'] ?? ''; if (!$su) $setupError = 'El usuario no puede estar vacío.'; elseif (strlen($sp) < 6) $setupError = 'La contraseña debe tener al menos 6 caracteres.'; elseif ($sp !== $sp2) $setupError = 'Las contraseñas no coinciden.'; if (!$setupError) { $hash = password_hash($sp, PASSWORD_BCRYPT, ['cost' => 12]); $php = "" . var_export($su, true) . ",'hash'=>" . var_export($hash, true) . "];\n"; file_put_contents(CONFIG_FILE, $php); header('Location: index.php'); exit; } } ?> Configuración inicial

Configuración inicial

Creá el usuario administrador para comenzar.

$tmp) { if ($_FILES['files']['error'][$i] === UPLOAD_ERR_OK) { $name = preg_replace('/[^\w.\-\ ]/', '_', $_FILES['files']['name'][$i]); $dest = $absDir . DIRECTORY_SEPARATOR . $name; move_uploaded_file($tmp, $dest); } } header('Location: index.php' . $back); exit; } // — MKDIR — if ($action === 'mkdir' && $_SERVER['REQUEST_METHOD'] === 'POST') { requireAdmin(); checkCsrf(); $name = preg_replace('/[^\w.\-\ ]/', '_', trim($_POST['name'] ?? '')); if ($name) { $np = $absDir . DIRECTORY_SEPARATOR . $name; if (!file_exists($np)) { mkdir($np, 0755, true); if (!empty($_POST['private'])) file_put_contents($np . '/.htaccess', "Options -Indexes\n"); } } header('Location: index.php' . $back); exit; } // — DELETE — if ($action === 'delete' && $_SERVER['REQUEST_METHOD'] === 'POST') { requireAdmin(); checkCsrf(); $abs = safeResolve($relDir . '/' . basename($_POST['file'] ?? '')); if ($abs && $abs !== BASE_DIR) { is_dir($abs) ? rrmdir($abs) : unlink($abs); } header('Location: index.php' . $back); exit; } // — RENAME — if ($action === 'rename' && $_SERVER['REQUEST_METHOD'] === 'POST') { requireAdmin(); checkCsrf(); $absOld = safeResolve($relDir . '/' . basename($_POST['file'] ?? '')); $new = preg_replace('/[^\w.\-\ ]/', '_', trim($_POST['newname'] ?? '')); if ($absOld && $new) rename($absOld, dirname($absOld) . DIRECTORY_SEPARATOR . $new); header('Location: index.php' . $back); exit; } // — TOGGLE PRIVADO — if ($action === 'toggleprivate' && $_SERVER['REQUEST_METHOD'] === 'POST') { requireAdmin(); checkCsrf(); $abs = safeResolve($relDir . '/' . basename($_POST['file'] ?? '')); if ($abs && is_dir($abs)) { $ht = $abs . DIRECTORY_SEPARATOR . '.htaccess'; file_exists($ht) ? unlink($ht) : file_put_contents($ht, "Options -Indexes\n"); } header('Location: index.php' . $back); exit; } // — PASSWD ADD / CHANGE — if ($action === 'passwd_add' && $_SERVER['REQUEST_METHOD'] === 'POST') { requireAdmin(); checkCsrf(); $pu = trim($_POST['pu'] ?? ''); $pp = $_POST['pp'] ?? ''; $pp2 = $_POST['pp2'] ?? ''; $perr = ''; $pok = ''; if (!preg_match('/^[\w.\-]{2,32}$/', $pu)) $perr = 'Usuario inválido (solo letras, números, guión bajo, punto o guión, 2-32 chars).'; elseif (strlen($pp) < 8) $perr = 'La contraseña debe tener al menos 8 caracteres.'; elseif ($pp !== $pp2) $perr = 'Las contraseñas no coinciden.'; if (!$perr) { $existed = isset(htRead()[$pu]); htSetUser($pu, $pp); $pok = $existed ? "Contraseña de \"$pu\" actualizada." : "Usuario \"$pu\" creado."; } $qs = $perr ? '&err=' . eu($perr) : '&ok=' . eu($pok); header('Location: index.php?page=users' . $qs); exit; } // — PASSWD DEL — if ($action === 'passwd_del' && $_SERVER['REQUEST_METHOD'] === 'POST') { requireAdmin(); checkCsrf(); $pu = trim($_POST['pu'] ?? ''); $qs = ''; if ($pu && isset(htRead()[$pu])) { htDelUser($pu); $qs = '&ok=' . eu("Usuario \"$pu\" eliminado."); } header('Location: index.php?page=users' . $qs); exit; } // — ASIGNAR CARPETA A USUARIO — if ($action === 'passwd_folder' && $_SERVER['REQUEST_METHOD'] === 'POST') { requireAdmin(); checkCsrf(); $pf = trim($_POST['pf'] ?? ''); $pu = trim($_POST['pu'] ?? ''); $abs = $pf ? safeResolve($pf) : null; $err = ''; $ok = ''; if (!$abs || !is_dir($abs)) { $err = "Carpeta no encontrada: " . $pf; } else { $wrote = $pu ? folderSetUser($abs, $pu) : folderRemoveUser($abs); if (!$wrote) { $err = "No se pudo escribir .htaccess en '$pf'. " . "Verificá que el directorio sea escribible por el usuario de PHP."; } else { $ok = $pu ? "Carpeta \"$pf\" protegida con usuario \"$pu\"." : "Carpeta \"$pf\" sin contraseña (pública)."; } } $qs = $err ? '&err=' . eu($err) : '&ok=' . eu($ok); header('Location: index.php?page=users' . $qs); exit; } // ════════════════════════════════════════════════════════════ // PREPARAR DATOS DE VISTA // ════════════════════════════════════════════════════════════ $accessDenied = ($absDir !== BASE_DIR) && isPrivate($absDir) && !isAdmin(); $isRoot = ($absDir === BASE_DIR); $entries = $publicEntries = $privateEntries = []; if (!$accessDenied && $page !== 'users') { foreach (scandir($absDir) ?: [] as $entry) { if (in_array($entry, $HIDDEN) || $entry[0] === '.') continue; $abs = $absDir . DIRECTORY_SEPARATOR . $entry; $isDir = is_dir($abs); $isPriv = $isDir && isPrivate($abs); if ($isPriv && !isAdmin() && $isRoot) continue; $row = [ 'name' => $entry, 'isDir' => $isDir, 'isPriv' => $isPriv, 'size' => $isDir ? null : filesize($abs), 'mtime' => filemtime($abs), ]; $entries[] = $row; if ($isRoot) { $isPriv ? $privateEntries[] = $row : $publicEntries[] = $row; } } $cmp = fn($a,$b) => $b['isDir'] <=> $a['isDir'] ?: strcasecmp($a['name'], $b['name']); usort($entries, $cmp); usort($publicEntries, $cmp); usort($privateEntries, $cmp); } // Breadcrumb $breadcrumb = [['label' => 'Inicio', 'path' => '', 'icon' => true]]; if ($relDir) { $acc = ''; foreach (explode('/', $relDir) as $bp) { $acc .= ($acc ? '/' : '') . $bp; $breadcrumb[] = ['label' => $bp, 'path' => $acc, 'icon' => false]; } } ?> <?= h(APP_TITLE) ?>
1 || $page): ?>
Salir Iniciar sesión
Hacé clic o arrastrá archivos aquí
Máximo por archivo
Usuarios
'; exit_body(); } $htUsers = htRead(); $userFolders = htUserFolders(); $allDirs = allPrivateDirs(); $htErr = $_GET['err'] ?? ''; $htOk = $_GET['ok'] ?? ''; ?>
Gestión de usuarios
Administrá credenciales de acceso y permisos por carpeta
Agregar / actualizar usuario
Usuarios registrados

Sin usuarios registrados

$uHash): ?>
Permisos por carpeta

No hay carpetas privadas configuradas

/
Acceso General

Sin elementos públicos

Acceso Privado

Sin carpetas privadas

Nombre Tamaño Modificado Acciones
Volver

Carpeta vacía
'; echo '' . fileIcon($e['name'], $e['isDir'], 32, $iconColor) . ''; echo '' . h(strtolower($label)) . ''; if ($e['isPriv']) echo '' . icon('lock', 11, '#f59e0b') . ''; if (isAdmin()) { echo '
'; if ($e['isDir']) { echo '
'; echo ''; echo ''; echo ''; echo ''; echo '
'; } $confirmMsg = 'Eliminar ' . addslashes($e['name']) . '? Esta acción no se puede deshacer.'; echo '
'; echo ''; echo ''; echo ''; echo ''; echo '
'; echo '
'; } echo ''; } function exit_body(): void { echo "\n\n"; exit; } ?>