From b63903dde073f987152ac6713fe269a08e7fbab4 Mon Sep 17 00:00:00 2001
From: Maxim Stewart <maximstewart1@gmail.com>
Date: Sat, 28 Jul 2018 22:55:02 -0500
Subject: [PATCH] Created extremely simple directory locking system.

---
 index.html                          |  1 +
 resources/js/ajax.js                | 25 ++++++++++++++++---------
 resources/js/passwordFieldInsert.js | 26 ++++++++++++++++++++++++++
 resources/js/xmlParser.js           |  8 +++++++-
 resources/php/config.php            |  4 +++-
 resources/php/filesystemActions.php |  2 +-
 resources/php/getDirList.php        | 26 +++++++++++++++++---------
 resources/php/lockedFolders.php     | 20 ++++++++++++++++++++
 8 files changed, 91 insertions(+), 21 deletions(-)
 create mode 100644 resources/js/passwordFieldInsert.js
 create mode 100644 resources/php/lockedFolders.php

diff --git a/index.html b/index.html
index f5e43d7..12dc572 100644
--- a/index.html
+++ b/index.html
@@ -59,6 +59,7 @@
         <iframe id="FormSubmitter" name="FormSubmitter" frameborder="0" ></iframe>
     </div>
 
+    <script type="text/javascript" src="resources/js/passwordFieldInsert.js" charset="utf-8"></script>
     <script type="text/javascript" src="resources/js/cookieHandler.js" charset="utf-8"></script>
     <script type="text/javascript" src="resources/js/xmlParser.js" charset="utf-8"></script>
     <script type="text/javascript" src="resources/js/ajax.js" charset="utf-8"></script>
diff --git a/resources/js/ajax.js b/resources/js/ajax.js
index 99c19b1..53618fa 100644
--- a/resources/js/ajax.js
+++ b/resources/js/ajax.js
@@ -14,6 +14,8 @@ if(typeof(EventSource) !== "undefined") {
 
 function getDir(query) {
     var formUlPth  = document.getElementById("DIRPATHUL");
+    var mergeType  = document.getElementById("MergeType");
+    var passwd = undefined;
     var path       = "";
     var cookies    = "";
     var dirCookie  = "";
@@ -46,19 +48,27 @@ function getDir(query) {
     }
 
     // Create path from array of items
-    for (pathNode of pathNodes) {
-        path += pathNode;
+    for (pathNode of pathNodes) { path += pathNode; }
+
+    try {
+        passwd = document.getElementById("PASSWD").value;
+    } catch (e) {
+        passwd = "";
     }
 
-    formUlPth.value = path; // Setup upload path for form
+    // Setup upload path for form and make a cookie for persistence during browser session....
+    formUlPth.value = path;
     path            = "dirQuery=" + encodeURIComponent(path);
+    document.cookie = path + "; expires=Sun, 31 Dec 2034 12:00:00 UTC";
+    path            +="&mergeType=" + mergeType.checked
+                    + "Here&passwd=" + passwd;
+
     process(path);
 }
 
 // Get dir info...
 function process(path) {
-    var mergeType = document.getElementById("MergeType");
-    var xhttp     = new XMLHttpRequest();                      // Create the xhttp object
+    var xhttp = new XMLHttpRequest();   // Create the xhttp object
 
     // This is actually run after open and send are done
     xhttp.onreadystatechange = function() {
@@ -76,8 +86,5 @@ function process(path) {
     xhttp.open("POST", "resources/php/getDirList.php", true);        // Open the connection
     xhttp.setRequestHeader("Content-type", "application/x-www-form-urlencoded");
     xhttp.overrideMimeType('application/xml');                       // Force return to be XML
-    xhttp.send(path + "&mergeType=" + mergeType.checked + "Here");   // Start the process
-
-    // Use a cookie for persistence during browser session....
-    document.cookie = path + "; expires=Sun, 31 Dec 2034 12:00:00 UTC";
+    xhttp.send(path);                                                // Start the process
 }
diff --git a/resources/js/passwordFieldInsert.js b/resources/js/passwordFieldInsert.js
new file mode 100644
index 0000000..5ba436a
--- /dev/null
+++ b/resources/js/passwordFieldInsert.js
@@ -0,0 +1,26 @@
+function createPassField(returnData) {
+    var msg = returnData.getElementsByTagName('MESSAGE')[0].innerHTML;
+    console.log("No PATH_HEAD tag in XML. Checking for error MESSAGE tag.");
+    console.log("Message:  " + msg);
+
+    insertArea.innerHTML  = "";
+    var passField         = document.createElement("INPUT");
+    var submitBttn        = document.createElement("BUTTON");
+    passField.id          = "PASSWD";
+    passField.type        = "password";
+    passField.placeholder = "Password...";
+    submitBttn.innerHTML  = "Submit";
+
+    passField.onkeyup = (eve) => {
+        if (eve.key == "Enter") {
+            getDir("./");
+        }
+    };
+
+    submitBttn.onclick = () => {
+        getDir("./");
+    };
+
+    insertArea.appendChild(passField);
+    insertArea.appendChild(submitBttn);
+}
diff --git a/resources/js/xmlParser.js b/resources/js/xmlParser.js
index 6c12954..3b77af5 100644
--- a/resources/js/xmlParser.js
+++ b/resources/js/xmlParser.js
@@ -1,7 +1,13 @@
 const insertArea = document.getElementById('dynDiv');
 
 async function updateHTMLDirList(returnData) {
-    var dirPath    = returnData.getElementsByTagName('PATH_HEAD')[0].innerHTML;
+    try {
+        var dirPath = returnData.getElementsByTagName('PATH_HEAD')[0].innerHTML;
+    } catch (e) {
+        createPassField(returnData);
+        return;
+    }
+
     var dirs       = returnData.getElementsByTagName('DIR');
     var videos     = returnData.getElementsByTagName('VID_FILE');
     var images     = returnData.getElementsByTagName('IMG_FILE');
diff --git a/resources/php/config.php b/resources/php/config.php
index e72e5c7..8d45570 100644
--- a/resources/php/config.php
+++ b/resources/php/config.php
@@ -1,12 +1,14 @@
 <?php
 
+$MEDIAPLAYER     = "mpv ";
 $MPLAYER_WH      = " -xy 1600 -geometry 50%:50% ";
-$MEDIAPLAYER     = "mplayer";
 $MUSICPLAYER     = "/opt/deadbeef/bin/deadbeef";
 $IMGVIEWER       = "mirage";
 $OFFICEPROG      = "libreoffice";
 $PDFVIEWER       = "evince";
 $TEXTVIEWER      = "leafpad";
 $FILEMANAGER     = "spacefm";
+$LOCKEDFOLDERS   = "./MEGA_Sync/222_Photos/Other/::::./MEGA_Sync/333_Movies-Music/Other/";
+$LOCKPASSWORD    = "1234";
 
 ?>
diff --git a/resources/php/filesystemActions.php b/resources/php/filesystemActions.php
index 605f700..b088366 100644
--- a/resources/php/filesystemActions.php
+++ b/resources/php/filesystemActions.php
@@ -102,7 +102,7 @@ function openFile($FILE) {
     $EXTNSN = strtolower(pathinfo($FILE, PATHINFO_EXTENSION));
 
     if (preg_match('(mkv|avi|flv|mov|m4v|mpg|wmv|mpeg|mp4|webm)', $EXTNSN) === 1) {
-        shell_exec($MEDIAPLAYER . $MPLAYER_WH . "\"" . $FILE . "\" > /dev/null &");
+        shell_exec($MEDIAPLAYER . "\"" . $FILE . "\" > /dev/null &");
     } else if (preg_match('(png|jpg|jpeg|gif)', $EXTNSN) === 1) {
         shell_exec($IMGVIEWER . ' "' . $FILE . '" > /dev/null &');
     } else if (preg_match('(psf|mp3|ogg|flac)', $EXTNSN) === 1) {
diff --git a/resources/php/getDirList.php b/resources/php/getDirList.php
index a7ee461..4136c92 100644
--- a/resources/php/getDirList.php
+++ b/resources/php/getDirList.php
@@ -3,16 +3,24 @@
 session_start();
 
 // Start of retrieving dir data
-function startListing($NEWPATH, $MERGESEASSONS) {
+function startListing($NEWPATH, $MERGESEASSONS, $PASSWD) {
     if (is_dir($NEWPATH)) {
-        $GeneratedXML = "<?xml version=\"1.0\" encoding=\"UTF-8\"?><DIR_LIST>"
-                        . "<PATH_HEAD>" . $NEWPATH . "</PATH_HEAD>";
-        $subPath = ""; // This is used for season scanning as a means of properly getting
-                       // the video src.... It's left blank when not in a sub dir
-        listDir($GeneratedXML, $NEWPATH, $MERGESEASSONS, $subPath);
+        include 'lockedFolders.php';
+        if (checkForLock($NEWPATH, $PASSWD) == false) {
+            $GeneratedXML = "<?xml version=\"1.0\" encoding=\"UTF-8\"?><DIR_LIST>"
+            . "<PATH_HEAD>" . $NEWPATH . "</PATH_HEAD>";
+            $subPath = ""; // This is used for season scanning as a means of properly getting
+            // the video src.... It's left blank when not in a sub dir
+            listDir($GeneratedXML, $NEWPATH, $MERGESEASSONS, $subPath);
 
-        $GeneratedXML .= "</DIR_LIST>";
-        echo $GeneratedXML;
+            $GeneratedXML .= "</DIR_LIST>";
+            echo $GeneratedXML;
+        } else {
+            $GeneratedXML = "<?xml version=\"1.0\" encoding=\"UTF-8\"?>"
+                          . "<MESSAGE>Folder is locked."
+                          . "</MESSAGE>";
+            echo $GeneratedXML;
+        }
     }
 }
 
@@ -67,7 +75,7 @@ function processItem(&$GeneratedXML, &$fullPath, &$fileName, $subPath) {
 // Determin action
 chdir("../../");
 if (isset($_POST['dirQuery'])) {
-    startListing(trim($_POST['dirQuery']), $_POST['mergeType']);
+    startListing(trim($_POST['dirQuery']), $_POST['mergeType'], $_POST['passwd']);
 } else {
     echo "<h2 class='error'>Error! Illegal Access Method!</h2>";
 }
diff --git a/resources/php/lockedFolders.php b/resources/php/lockedFolders.php
new file mode 100644
index 0000000..b5f4f29
--- /dev/null
+++ b/resources/php/lockedFolders.php
@@ -0,0 +1,20 @@
+<?php
+    // Check if sub folder is in locked folder
+    function checkForLock($NEWPATH, $PASSWD) {
+        include 'config.php';
+
+        $LOCKS = explode("::::", $LOCKEDFOLDERS);
+        $size  = sizeof($LOCKS);
+
+        for ($i = 0; $i < $size; $i++) {
+            if (strpos($NEWPATH, $LOCKS[$i]) !== false) {
+                if ($PASSWD == $LOCKPASSWORD) {
+                    return false;
+                } else {
+                    return true;
+                }
+            }
+        }
+    return false;
+    }
+?>