From f8c9cee4df136e004a08ac10b6a45982aa450c0e Mon Sep 17 00:00:00 2001
From: Self-Evident <selfevidenttruths@mail.com>
Date: Thu, 5 Apr 2012 13:29:44 -0400
Subject: [PATCH 001/228] milli -vs- micro in footer

---
 onefilecms.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/onefilecms.php b/onefilecms.php
index d279242..d418044 100644
--- a/onefilecms.php
+++ b/onefilecms.php
@@ -514,7 +514,7 @@ function getmicrotime() { list($usec, $sec) = explode(" ", microtime()); return
 
 <div class="footer">
 	<p><?php echo $config_footer; if ($_SESSION['onefilecms_valid'] == "1") { ?> Rendered in <?php 
-	$endtime = getmicrotime(); echo round(($endtime-$starttime)*1000000); ?> milliseconds.<?php } ?></p>
+	$endtime = getmicrotime(); echo round(($endtime-$starttime)*1000000); ?> microseconds.<?php } ?></p>
 </div>
 
 </div>

From 7749e808d5b3aa2520306d9ff3a2040c4d69dd5d Mon Sep 17 00:00:00 2001
From: Self-Evident <selfevidenttruths@mail.com>
Date: Thu, 5 Apr 2012 18:09:50 -0400
Subject: [PATCH 002/228] Implemented $config_localcss

---
 onefilecms.php | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/onefilecms.php b/onefilecms.php
index d418044..eccab1e 100644
--- a/onefilecms.php
+++ b/onefilecms.php
@@ -10,7 +10,7 @@
 $config_footer = date("Y")." <a href='http://onefilecms.com/'>OneFileCMS</a>.";
 $config_disabled = "bmp,ico,gif,jpg,png,psd,zip";
 $config_excluded = "onefilecms.php,favicon,.htaccess";
-
+$config_localcss = "onefilecms.css";
 $version = "1.1.6"; // ONEFILECMS_BEGIN
 
 if( phpversion() < '5.0.0' ) { exit("OneFileCMS requires PHP5 to operate. Please contact your host to upgrade your PHP installation."); };
@@ -185,8 +185,8 @@ function getmicrotime() { list($usec, $sec) = explode(" ", microtime()); return
 <meta name="robots" content="noindex">
 <title><?php echo $config_title; ?> - <?php echo $pagetitle; ?></title>
 <link href="<?php 
-	if (file_exists("onefilecms.css")) {
-		echo "onefilecms.css";
+	if (file_exists($config_localcss)) {
+		echo $config_localcss;
 	} else {
 		echo "http://onefilecms.com/style.css";
 	}

From 65607d5d62b7bdf37a1f51d3cf824a0ca1953ac1 Mon Sep 17 00:00:00 2001
From: Self-Evident <selfevidenttruths@mail.com>
Date: Thu, 5 Apr 2012 18:31:47 -0400
Subject: [PATCH 003/228] path/breadcrumb link spaces. Moved spaces around " /
 " to inside path link.

---
 onefilecms.php | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)
 mode change 100644 => 100755 onefilecms.php

diff --git a/onefilecms.php b/onefilecms.php
old mode 100644
new mode 100755
index eccab1e..ca856c7
--- a/onefilecms.php
+++ b/onefilecms.php
@@ -308,16 +308,16 @@ function getmicrotime() { list($usec, $sec) = explode(" ", microtime()); return
 		if ($varvar == "") { 
 			echo $path_levels[0]; // if at root, no need for link.
 		} else {
-			echo '<a href="'.$_SERVER["SCRIPT_NAME"].'" class="path">'.$path_levels[0].'</a> / ';
+			echo '<a href="'.$_SERVER["SCRIPT_NAME"].'" class="path"> '.$path_levels[0].' </a>/';
 		}
 		$current_path = "";
 		for ($x=1; $x < $levels-1; $x++) {
-			if ($x !== 1){ $current_path .= ' / '; }
+			if ($x !== 1){ $current_path .= '/'; }
 			$current_path = $current_path.$path_levels[$x];
-			echo '<a href="',  $_SERVER["SCRIPT_NAME"],  '?i=',  $current_path,  '" class="path">';
-			echo $path_levels[$x],  '</a> / ';
+			echo '<a href="'.$_SERVER["SCRIPT_NAME"].'?i='.$current_path.'" class="path"> ';
+			echo ' '.$path_levels[$x].' </a>/';
 		}
-		echo $path_levels[$x].' /'; // last item is current dir. No link needed.
+		echo ' '.$path_levels[$x].' /'; // last item is current dir. No link needed.
 	?></h2>
 
 	<p class="index_folders">

From e477434ae9149c1b81bf235d22075bb73b965d72 Mon Sep 17 00:00:00 2001
From: Self-Evident <selfevidenttruths@mail.com>
Date: Thu, 5 Apr 2012 18:48:18 -0400
Subject: [PATCH 004/228] .path:hover style to hightlight links in
 path/to/current/index

---
 onefilecms.css | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)
 mode change 100644 => 100755 onefilecms.css

diff --git a/onefilecms.css b/onefilecms.css
old mode 100644
new mode 100755
index bff5def..708f7ba
--- a/onefilecms.css
+++ b/onefilecms.css
@@ -291,4 +291,11 @@ a.back {
 .page_login .container, .page_logout .container {
 	width: 356px;
 	margin-top: 60px;
-}
\ No newline at end of file
+}
+
+
+/* --- path/to/current/index --- */
+
+.path { border: 1px solid  transparent; }
+	
+.path:hover { border: 1px solid #807568; background-color: #fffbce; }

From 3eac1c354afe8536ae29138bf80dbebf4ac291d5 Mon Sep 17 00:00:00 2001
From: Self-Evident <selfevidenttruths@mail.com>
Date: Thu, 5 Apr 2012 19:19:20 -0400
Subject: [PATCH 005/228] a:hover highlighting, tweaked spacing on
 index_folders & front_links

---
 onefilecms.css | 28 ++++++++++++++--------------
 1 file changed, 14 insertions(+), 14 deletions(-)

diff --git a/onefilecms.css b/onefilecms.css
index 708f7ba..f12873c 100755
--- a/onefilecms.css
+++ b/onefilecms.css
@@ -48,9 +48,9 @@ body {
 h2,h3,p,ul,table { margin-bottom: 10px; }
 p, li {line-height: 1.4em; }
 form p { margin-bottom: 5px; }
-a { color: #774200; text-decoration: none; }
+a { color: #774200; text-decoration: none; border: 1px solid  transparent; }
 a:hover { color: #976322; }
-a:hover { color: #995400; }
+a:hover { color: #995400; border: 1px solid #807568; background-color: #fffbce; }
 h2 { font-size: 20px; }
 h3 { font-size: 18px; margin-top: 15px; }
 em, i { font-style: italic; }
@@ -146,11 +146,11 @@ pre {
 	display: inline-block;
 	font-size: 16px;
 	margin-right: 15px;
-	padding-left: 21px;
+	padding: 2px 4px 2px 20px;/* padding-left: 21px;*/
 	display: inline-block;
-	background: url("http://onefilecms.com/images/silk_folder.png") no-repeat;
+	background: url("http://onefilecms.com/images/silk_folder.png") 0 2px no-repeat;
 }
-
+.index_folders a:hover { background-color: #fffbce; }
 /* --- list view --- */
 
 ul.list {
@@ -199,7 +199,7 @@ ul.list .meta span {
 
 .front_links { clear: both; }
 
-.front_links a {
+.front_links a { padding: 3px;
 	font-size: 16px;
 	margin-right: 15px;
 	padding-left: 21px;
@@ -207,14 +207,14 @@ ul.list .meta span {
 	display: inline-block;
 }
 
-.front_links a.settings { background: url("http://onefilecms.com/images/silk_settings.png") no-repeat; }
-.front_links a.new { background: url("http://onefilecms.com/images/silk_new.png") no-repeat; }
-.front_links a.newfolder { background: url("http://onefilecms.com/images/silk_newfolder.png") no-repeat; }
-.front_links a.deletefolder { background: url("http://onefilecms.com/images/silk_deletefolder.png") no-repeat; }
-.front_links a.renamefolder { background: url("http://onefilecms.com/images/silk_renamefolder.png") no-repeat; }
-.front_links a.upload { background: url("http://onefilecms.com/images/silk_upload.png") no-repeat; }
-.front_links a.other { background: url("http://onefilecms.com/images/silk_other.png") no-repeat; }
-
+.front_links a.settings { background: url("http://onefilecms.com/images/silk_settings.png") 0 3px no-repeat; }
+.front_links a.new { background: url("http://onefilecms.com/images/silk_new.png") 0 3px no-repeat; }
+.front_links a.newfolder { background: url("http://onefilecms.com/images/silk_newfolder.png") 0 2px no-repeat; }
+.front_links a.deletefolder { background: url("http://onefilecms.com/images/silk_deletefolder.png") 0 2px no-repeat; }
+.front_links a.renamefolder { background: url("http://onefilecms.com/images/silk_renamefolder.png") 0 2px no-repeat; }
+.front_links a.upload { background: url("http://onefilecms.com/images/silk_upload.png") 0 3px no-repeat; }
+.front_links a.other { background: url("http://onefilecms.com/images/silk_other.png") 0 3px no-repeat; }
+.front_links a:hover { border: 1px solid #807568; background-color: #fffbce; }
 form .meta { z-index: -1; }
 
 .textinput {

From c6ae3a59c26d9b3fa25f614573744f46b331bd7a Mon Sep 17 00:00:00 2001
From: Self-Evident <selfevidenttruths@mail.com>
Date: Thu, 5 Apr 2012 20:08:49 -0400
Subject: [PATCH 006/228] Changed "Back" link to [Close] button on Edit page.

---
 onefilecms.css | 12 ++++++------
 onefilecms.php |  8 ++++----
 2 files changed, 10 insertions(+), 10 deletions(-)

diff --git a/onefilecms.css b/onefilecms.css
index f12873c..a80e714 100755
--- a/onefilecms.css
+++ b/onefilecms.css
@@ -146,7 +146,7 @@ pre {
 	display: inline-block;
 	font-size: 16px;
 	margin-right: 15px;
-	padding: 2px 4px 2px 20px;/* padding-left: 21px;*/
+	padding: 2px 4px 2px 20px;
 	display: inline-block;
 	background: url("http://onefilecms.com/images/silk_folder.png") 0 2px no-repeat;
 }
@@ -280,11 +280,11 @@ h1 a:visited { color: #0F0901; }
 
 /* --- edit --- */
 
-a.back {
-	float: right;
-	margin-top: -24px;
-	font-size: 16px;
-}
+#edit_header {float: left;}
+
+.close {float: right;}
+
+
 
 /* --- log in --- */
 
diff --git a/onefilecms.php b/onefilecms.php
index ca856c7..a97b5a3 100755
--- a/onefilecms.php
+++ b/onefilecms.php
@@ -267,9 +267,9 @@ function getmicrotime() { list($usec, $sec) = explode(" ", microtime()); return
 
 // EDIT
 if ($page == "edit") { ?>
-	<h2>Edit &ldquo;<a href="<?php echo $filename; ?>"><?php echo $filename; ?></a>&rdquo;</h2>
-	<a href="<?php echo $_SERVER["SCRIPT_NAME"]; ?>?i=<?php echo substr($_GET["f"],0,strrpos($_GET["f"],"/")); ?>" class="back">Back</a>
+	<h2 id="edit_header">Edit &ldquo;<a href="<?php echo $filename; ?>"><?php echo $filename; ?></a>&rdquo;</h2>
 	<form method="post" action="<?php echo $_SERVER["SCRIPT_NAME"]; ?>?f=<?php echo $filename; ?>">
+	<input type="button" class="button close" name="close" value="Close" onclick="parent.location='<?php echo $ONESCRIPT.'?i='.substr($_GET["f"],0,strrpos($_GET["f"],"/")); ?>'" />
 		<input type="hidden" name="sessionid" value="<?php echo session_id(); ?>" />
 		<?php $lfile = strtolower($filename);
 		if (strpos($config_disabled,end(explode(".", $lfile)))) { ?>
@@ -290,8 +290,8 @@ function getmicrotime() { list($usec, $sec) = explode(" ", microtime()); return
 			<input type="button" class="button" name="rename_file" value="Rename/Move" onclick="parent.location='<?php echo $_SERVER["SCRIPT_NAME"]; ?>?r=<?php echo $filename; ?>'" />
 			<input type="button" class="button" name="delete_file" value="Delete" onclick="parent.location='<?php echo $_SERVER["SCRIPT_NAME"]; ?>?d=<?php echo $filename; ?>'" />
 			<input type="button" class="button" name="copy_file" value="Copy" onclick="parent.location='<?php echo $_SERVER["SCRIPT_NAME"]; ?>?c=<?php echo $filename; ?>'" />
-		</p>
-		<div class="meta">
+			<input type="button" class="button" name="close" value="Close" onclick="parent.location='<?php echo $ONESCRIPT.'?i='.substr($_GET["f"],0,strrpos($_GET["f"],"/")); ?>'" />
+		</p><div class="meta">
 			<p><i>File Size:</i> <?php echo round(filesize($filename)/1000,2); ?> kb - 
 			<i>Last Updated:</i> <?php echo date("n/j/y g:ia", filemtime($filename)); ?></p>
 		</div>

From 2408bdf0677d149e52c972285ad6c4e1665aec84 Mon Sep 17 00:00:00 2001
From: Self-Evident <selfevidenttruths@mail.com>
Date: Thu, 5 Apr 2012 20:33:11 -0400
Subject: [PATCH 007/228] Added function Cancel_Submit_Buttons($submit_label).
 But not yet used.

---
 onefilecms.php | 32 ++++++++++++++++++++++++++++++++
 1 file changed, 32 insertions(+)

diff --git a/onefilecms.php b/onefilecms.php
index a97b5a3..11692b6 100755
--- a/onefilecms.php
+++ b/onefilecms.php
@@ -18,6 +18,38 @@
 function getmicrotime() { list($usec, $sec) = explode(" ", microtime()); return ((float)$usec + (float)$sec); }
 $starttime = getmicrotime();
 
+
+
+/***********************************************************************/
+function Cancel_Submit_Buttons($submit_label) { 
+	global $ONESCRIPT, $varvar;
+
+	// [Cancel] returns to either the current/path, or current/path/file
+	if (isset($_GET["i"])){
+		$ipath = '?i='.rtrim($_GET["i"],"/");
+		
+	}else if   ( isset($_GET["c"]) ) {
+		$ipath = '?f='.$_GET["c"];
+		
+	}else if   ( isset($_GET["d"]) ) {
+		$ipath = '?f='.$_GET["d"];
+
+	}else if   ( isset($_GET["r"]) ) {
+		$ipath = '?f='.$_GET["r"];
+		
+	}else{
+		$ipath = rtrim($varvar,"/");
+	}//end if
+?>
+	<p>
+		<input type="button" class="button" name="cancel" value="Cancel" onclick="parent.location='<?php echo $ONESCRIPT.$ipath; ?>'"/>
+		<input type="submit" class="button" value="<?php echo $submit_label;?>" id="action" style="margin-left: 2.5em;">
+	</p>
+<?php }
+/**********************************************************************/
+
+
+
 session_start();
 if (isset($_POST["onefilecms_username"])) { $_SESSION['onefilecms_username'] = $_POST["onefilecms_username"]; }
 if (isset($_POST["onefilecms_password"])) { $_SESSION['onefilecms_password'] = $_POST["onefilecms_password"]; }

From dfe6dd356fb45ba70fe6807fd2c979e5a28e4b5c Mon Sep 17 00:00:00 2001
From: Self-Evident <selfevidenttruths@mail.com>
Date: Thu, 5 Apr 2012 23:34:08 -0400
Subject: [PATCH 008/228] Added $ONESCRIPT = $_SERVER["SCRIPT_NAME"] global
 variable. Used in Cancel_Submit_Buttons($button_label), [Cancel] button. Will
 be used to in place of $_SERVER["SCRIPT_NAME"] thru-out later.

---
 onefilecms.php | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/onefilecms.php b/onefilecms.php
index 11692b6..eb6a187 100755
--- a/onefilecms.php
+++ b/onefilecms.php
@@ -10,7 +10,7 @@
 $config_footer = date("Y")." <a href='http://onefilecms.com/'>OneFileCMS</a>.";
 $config_disabled = "bmp,ico,gif,jpg,png,psd,zip";
 $config_excluded = "onefilecms.php,favicon,.htaccess";
-$config_localcss = "onefilecms.css";
+$config_localcss = "onefilecms.css";   $ONESCRIPT = $_SERVER[�SCRIPT_NAME�];
 $version = "1.1.6"; // ONEFILECMS_BEGIN
 
 if( phpversion() < '5.0.0' ) { exit("OneFileCMS requires PHP5 to operate. Please contact your host to upgrade your PHP installation."); };
@@ -21,7 +21,7 @@ function getmicrotime() { list($usec, $sec) = explode(" ", microtime()); return
 
 
 /***********************************************************************/
-function Cancel_Submit_Buttons($submit_label) { 
+function Cancel_Submit_Buttons($button_label) { 
 	global $ONESCRIPT, $varvar;
 
 	// [Cancel] returns to either the current/path, or current/path/file
@@ -43,7 +43,7 @@ function Cancel_Submit_Buttons($submit_label) {
 ?>
 	<p>
 		<input type="button" class="button" name="cancel" value="Cancel" onclick="parent.location='<?php echo $ONESCRIPT.$ipath; ?>'"/>
-		<input type="submit" class="button" value="<?php echo $submit_label;?>" id="action" style="margin-left: 2.5em;">
+		<input type="submit" class="button" value="<?php echo $button_label;?>" id="action" style="margin-left: 2.5em;">
 	</p>
 <?php }
 /**********************************************************************/

From 5dbe33a644c4d52d733057246dee17378aeac9d6 Mon Sep 17 00:00:00 2001
From: Self-Evident <selfevidenttruths@mail.com>
Date: Thu, 5 Apr 2012 23:50:16 -0400
Subject: [PATCH 009/228] Added Cancel_Submit_Buttons('Action') to pages with
 actions such as Copy, Rename, Delete, etc... Primarily adds a [Cancel] button
 to those pages

---
 onefilecms.php | 20 ++++++++++----------
 1 file changed, 10 insertions(+), 10 deletions(-)

diff --git a/onefilecms.php b/onefilecms.php
index eb6a187..ee657a0 100755
--- a/onefilecms.php
+++ b/onefilecms.php
@@ -263,7 +263,7 @@ function Cancel_Submit_Buttons($button_label) {
 			<label for="copy_filename">New filename:</label>
 			<input type="text" name="copy_filename" id="copy_filename" class="textinput" value="<?php echo $slug."_".date("mdyHi").$extension; ?>" />
 		</p>
-		<p><input type="submit" class="button" value="Copy" /></p>
+		<p>	<?php Cancel_Submit_Buttons("Copy"); ?>	</p>
 	</form>
 <?php };
 
@@ -276,8 +276,8 @@ function Cancel_Submit_Buttons($button_label) {
 		<input type="hidden" name="sessionid" value="<?php echo session_id(); ?>" />
 		<p>
 			<input type="hidden" name="delete_filename" value="<?php echo $filename; ?>" />
-			<input type="submit" class="button" name="delete_file" value="Yes" />
-			<input type="button" class="button" name="cancel" value="No" onclick="parent.location='<?php echo $_SERVER["SCRIPT_NAME"]; ?>'" />
+			<?php Cancel_Submit_Buttons("DELETE"); ?>
+
 		</p>
 	</form>
 <?php };
@@ -291,8 +291,8 @@ function Cancel_Submit_Buttons($button_label) {
 		<input type="hidden" name="sessionid" value="<?php echo session_id(); ?>" />
 		<p>
 			<input type="hidden" name="delete_foldername" value="<?php echo $_GET["i"]; ?>" />
-			<input type="submit" class="button" name="delete_folder" value="Yes" />
-			<input type="button" class="button" name="cancel" value="No" onclick="parent.location='<?php echo $_SERVER["SCRIPT_NAME"]."?i=".substr_replace($_GET["i"],"",-1); ?>'" />
+			<?php Cancel_Submit_Buttons("DELETE"); ?>
+
 		</p>
 	</form>
 <?php };
@@ -445,7 +445,7 @@ function Cancel_Submit_Buttons($button_label) {
 				<label for="new_filename">New filename: </label>
 				<input type="text" name="new_filename" id="new_filename" class="textinput" value="<?php echo $_GET["i"]; ?>" />
 			</p>
-			<p><input type="submit" class="button" value="Create" /></p>
+			<p>	<?php Cancel_Submit_Buttons("Create"); ?> </p>
 		</form>
 <?php };
 
@@ -461,7 +461,7 @@ function Cancel_Submit_Buttons($button_label) {
 			<label for="new_folder">Folder name: </label>
 			<input type="text" name="new_folder" id="new_folder" class="textinput" value="<?php echo $_GET["i"]; ?>" />
 		</p>
-		<p><input type="submit" class="button" value="Create" /></p>
+		<p>	<?php Cancel_Submit_Buttons("Create"); ?> </p>
 	</form>
 <?php };
 
@@ -502,7 +502,7 @@ function Cancel_Submit_Buttons($button_label) {
 			<label for="rename_filename">New filename:</label>
 			<input type="text" name="rename_filename" id="rename_filename" class="textinput" value="<?php echo $filename; ?>" />
 		</p>
-		<p><input type="submit" class="button" value="Rename" /></p>
+		<p><?php Cancel_Submit_Buttons("Rename"); ?></p>
 	</form>
 <?php };
 
@@ -520,7 +520,7 @@ function Cancel_Submit_Buttons($button_label) {
 			<label for="rename_foldername">New name:</label>
 			<input type="text" name="rename_foldername" id="rename_foldername" class="textinput" value="<?php echo $_GET["i"]; ?>" />
 		</p>
-		<p><input type="submit" class="button" value="Rename"></p>
+		<p><?php Cancel_Submit_Buttons("Rename"); ?></p>
 	</form>
 <?php };
 
@@ -540,7 +540,7 @@ function Cancel_Submit_Buttons($button_label) {
 			<label for="upload_filename">File:</label>
 			<input name="upload_filename" type="file" />
 		</p>
-		<p><input type="submit" class="button" value="Upload" /></p>
+		<p><?php Cancel_Submit_Buttons("Upload"); ?></p>
 	</form>
 <?php } ?>
 

From 8e3c6b4d0d785a8f0256d07b28f5cd8c50fce479 Mon Sep 17 00:00:00 2001
From: Self-Evident <selfevidenttruths@mail.com>
Date: Fri, 6 Apr 2012 01:27:10 -0400
Subject: [PATCH 010/228] Tweaked spacing around nav links: Visit Site | Index
 | Log Out

---
 onefilecms.css | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/onefilecms.css b/onefilecms.css
index a80e714..009456d 100755
--- a/onefilecms.css
+++ b/onefilecms.css
@@ -273,11 +273,11 @@ h1 a:visited { color: #0F0901; }
 	font-size: 14px;
 }
 
-.nav a {
+.nav a { border: 1px solid transparent;
 	font-weight: bold;
-	text-decoration: none;
+	text-decoration: none; 	padding: .2em .5em .2em .5em ;
 }
-
+.nav a:hover { color: #995400; border: 1px solid #807568; background-color: #fffbce; }
 /* --- edit --- */
 
 #edit_header {float: left;}

From 7edf810aa5b8f0bac1116e27bf328aedae5117ce Mon Sep 17 00:00:00 2001
From: Self-Evident <selfevidenttruths@mail.com>
Date: Fri, 6 Apr 2012 01:44:44 -0400
Subject: [PATCH 011/228] Added .index_folders { min-height: 2em; } In folders
 with no sub-folders, just keeps some space between path/to/current/folder/
 and list of files

---
 onefilecms.css | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/onefilecms.css b/onefilecms.css
index 009456d..f075979 100755
--- a/onefilecms.css
+++ b/onefilecms.css
@@ -141,7 +141,7 @@ pre {
 	overflow: hidden;
 	line-height: 1.1em;
 }
-
+.index_folders { min-height: 2em; }
 .index_folders a {
 	display: inline-block;
 	font-size: 16px;

From 99a7749d16e99c690afe9c23468ae525d1430712 Mon Sep 17 00:00:00 2001
From: Self-Evident <selfevidenttruths@mail.com>
Date: Sat, 7 Apr 2012 02:44:27 -0400
Subject: [PATCH 012/228] Improved check for invalid pages (?p=), lines 69-77.
 If ?p=SomethingInvalid, seemed to only load site root. Now loads with
 ?p=index

---
 onefilecms.php | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/onefilecms.php b/onefilecms.php
index ee657a0..2310d21 100755
--- a/onefilecms.php
+++ b/onefilecms.php
@@ -10,7 +10,7 @@
 $config_footer = date("Y")." <a href='http://onefilecms.com/'>OneFileCMS</a>.";
 $config_disabled = "bmp,ico,gif,jpg,png,psd,zip";
 $config_excluded = "onefilecms.php,favicon,.htaccess";
-$config_localcss = "onefilecms.css";   $ONESCRIPT = $_SERVER[�SCRIPT_NAME�];
+$config_localcss = "onefilecms.css";   $ONESCRIPT = $_SERVER["SCRIPT_NAME"];
 $version = "1.1.6"; // ONEFILECMS_BEGIN
 
 if( phpversion() < '5.0.0' ) { exit("OneFileCMS requires PHP5 to operate. Please contact your host to upgrade your PHP installation."); };
@@ -68,13 +68,13 @@ function Cancel_Submit_Buttons($button_label) {
 global $page; $page = "index";
 if (isset($_GET["p"])) {
 	// redirect on invalid page attempts
+	$page = $_GET["p"];
 	if (!in_array(strtolower($_GET["p"]), array(
-		"copy","delete","error","deletefolder","edit","folder","index","login","logout","new","other","rename","renamefolder","upload"
-	))) {
-		header("Location: /");
-		exit("Invalid parameter. <a href='".$_SERVER["SCRIPT_NAME"]."'>Continue</a>.");
+		"copy","delete","error","deletefolder","edit","folder","index","login","logout","new","other","rename","renamefolder","upload"	)))
+	{
+		header("Location: ".$ONESCRIPT);
+		$page = "index";
 	}
-	$page = $_GET["p"];
 }
 if ($_GET["p"] == "other") {$pagetitle = "Other"; }
 if ($_GET["p"] == "login") {$pagetitle = "Log In"; }

From b59388e8b408b19056828a1def6f55c7f63822a5 Mon Sep 17 00:00:00 2001
From: Self-Evident <selfevidenttruths@mail.com>
Date: Sat, 7 Apr 2012 03:19:01 -0400
Subject: [PATCH 013/228] Improved check for a valid session.

---
 onefilecms.php | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/onefilecms.php b/onefilecms.php
index 2310d21..23eea3b 100755
--- a/onefilecms.php
+++ b/onefilecms.php
@@ -51,21 +51,21 @@ function Cancel_Submit_Buttons($button_label) {
 
 
 session_start();
+global $page; $page = "index";
+
 if (isset($_POST["onefilecms_username"])) { $_SESSION['onefilecms_username'] = $_POST["onefilecms_username"]; }
 if (isset($_POST["onefilecms_password"])) { $_SESSION['onefilecms_password'] = $_POST["onefilecms_password"]; }
 if (($_SESSION['onefilecms_username'] == $config_username) and ($_SESSION['onefilecms_password'] == $config_password || md5($_SESSION['onefilecms_password']) == $config_password)) {
 	$_SESSION['onefilecms_valid'] = "1";
 } else {
 	$_SESSION['onefilecms_valid'] = "0";
-	if ($_GET["p"] !== "login") {
-		header("Location: ".$_SERVER["php_self"]."?p=login");
-		exit("Invalid session. <a href='".$_SERVER["php_self"]."?p=login'>Please log in</a>.");
-	}
+	$page = "login";
 }
 
+
 global $pagetitle; $pagetitle = "/";
 if ((isset($_GET["i"])) && ($_GET["i"] !== "")) { $pagetitle = "/".$_GET["i"]."/"; }
-global $page; $page = "index";
+
 if (isset($_GET["p"])) {
 	// redirect on invalid page attempts
 	$page = $_GET["p"];

From 696073a3228bf74880b0300d7f410fb889b300cf Mon Sep 17 00:00:00 2001
From: Self-Evident <selfevidenttruths@mail.com>
Date: Sat, 7 Apr 2012 03:44:46 -0400
Subject: [PATCH 014/228] Added check if ?p=login and already a valid session
 (hit back on browser), then don't display login page.

---
 onefilecms.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/onefilecms.php b/onefilecms.php
index 23eea3b..39fa1b7 100755
--- a/onefilecms.php
+++ b/onefilecms.php
@@ -62,10 +62,8 @@ function Cancel_Submit_Buttons($button_label) {
 	$page = "login";
 }
 
-
 global $pagetitle; $pagetitle = "/";
 if ((isset($_GET["i"])) && ($_GET["i"] !== "")) { $pagetitle = "/".$_GET["i"]."/"; }
-
 if (isset($_GET["p"])) {
 	// redirect on invalid page attempts
 	$page = $_GET["p"];
@@ -76,6 +74,8 @@ function Cancel_Submit_Buttons($button_label) {
 		$page = "index";
 	}
 }
+if ( ($page == "login") and ($_SESSION['onefilecms_valid']) ) {$page = "index"; header("Location: ".$ONESCRIPT);};
+
 if ($_GET["p"] == "other") {$pagetitle = "Other"; }
 if ($_GET["p"] == "login") {$pagetitle = "Log In"; }
 if ($_GET["p"] == "logout") {$pagetitle = "Log Out"; $_SESSION['onefilecms_valid'] = "0"; session_destroy(); }

From 7c436d0be981bf11b76224454bf673d58b3749ae Mon Sep 17 00:00:00 2001
From: Self-Evident <selfevidenttruths@mail.com>
Date: Sat, 7 Apr 2012 09:40:37 -0400
Subject: [PATCH 015/228] Replaced all occurences $_SERVER["SCRIPT_NAME"] of
 with $ONESCRIPT. Makes lines a bit shorter, and is a bit easier to read. 
 Well, to me, at least.

---
 onefilecms.php | 54 +++++++++++++++++++++++++-------------------------
 1 file changed, 27 insertions(+), 27 deletions(-)

diff --git a/onefilecms.php b/onefilecms.php
index 39fa1b7..4286f27 100755
--- a/onefilecms.php
+++ b/onefilecms.php
@@ -230,15 +230,15 @@ function Cancel_Submit_Buttons($button_label) {
 <div class="container">
 
 <div class="header">
-	<h1><a href="<?php echo $_SERVER["SCRIPT_NAME"]; ?>" class="<?php echo 
+	<h1><a href="<?php echo $ONESCRIPT; ?>" class="<?php echo 
 	strtolower(ereg_replace("[^A-Za-z0-9]", "", $config_title)); ?>"><?php echo $config_title; 
 	?></a></h1>
 	<?php if ((isset($_SESSION['onefilecms_valid'])) && ($_SESSION['onefilecms_valid'] == 
 	"1")) { ?>
 		<div class="nav">
 			<a href="/">Visit Site</a> | 
-			<a href="<?php echo $_SERVER["SCRIPT_NAME"]; ?>">Index</a> | 
-			<a href="<?php echo $_SERVER["SCRIPT_NAME"]; ?>?p=logout">Log Out</a>
+			<a href="<?php echo $ONESCRIPT; ?>">Index</a> | 
+			<a href="<?php echo $ONESCRIPT; ?>?p=logout">Log Out</a>
 		</div>
 	<?php } ?>
 </div>
@@ -252,7 +252,7 @@ function Cancel_Submit_Buttons($button_label) {
 	$varvar = "?i=".substr($_GET["c"],0,strrpos($_GET["c"],"/")); ?>
 	<h2>Copy &ldquo;<a href="<?php echo $filename; ?>"><?php echo $filename; ?></a>&rdquo;</h2>
 	<p>Existing files with the same filename are automatically overwritten... Be careful!</p>
-	<form method="post" id="new" action="<?php echo $_SERVER["SCRIPT_NAME"].$varvar; ?>">
+	<form method="post" id="new" action="<?php echo $ONESCRIPT.$varvar; ?>">
 		<input type="hidden" name="sessionid" value="<?php echo session_id(); ?>" />
 		<p>
 			<label>Old filename:</label>
@@ -272,7 +272,7 @@ function Cancel_Submit_Buttons($button_label) {
 	$varvar = "?i=".substr($_GET["d"],0,strrpos($_GET["d"],"/")); ?>
 	<h2>Delete &ldquo;<a href="<?php echo $filename; ?>"><?php echo $filename; ?></a>&rdquo;</h2>
 	<p>Are you sure?</p>
-	<form method="post" action="<?php echo $_SERVER["SCRIPT_NAME"].$varvar; ?>">
+	<form method="post" action="<?php echo $ONESCRIPT.$varvar; ?>">
 		<input type="hidden" name="sessionid" value="<?php echo session_id(); ?>" />
 		<p>
 			<input type="hidden" name="delete_filename" value="<?php echo $filename; ?>" />
@@ -287,7 +287,7 @@ function Cancel_Submit_Buttons($button_label) {
 	$varvar = "?i=".substr($_GET["i"],0,strrpos(substr_replace($_GET["i"],"",-1),"/")); ?>
 	<h2>Delete Folder &ldquo;<?php echo $_GET["i"]; ?>&rdquo;</h2>
 	<p>Folders have to be empty before they can be deleted.</p>
-	<form method="post" action="<?php echo $_SERVER["SCRIPT_NAME"].$varvar; ?>">
+	<form method="post" action="<?php echo $ONESCRIPT.$varvar; ?>">
 		<input type="hidden" name="sessionid" value="<?php echo session_id(); ?>" />
 		<p>
 			<input type="hidden" name="delete_foldername" value="<?php echo $_GET["i"]; ?>" />
@@ -300,7 +300,7 @@ function Cancel_Submit_Buttons($button_label) {
 // EDIT
 if ($page == "edit") { ?>
 	<h2 id="edit_header">Edit &ldquo;<a href="<?php echo $filename; ?>"><?php echo $filename; ?></a>&rdquo;</h2>
-	<form method="post" action="<?php echo $_SERVER["SCRIPT_NAME"]; ?>?f=<?php echo $filename; ?>">
+	<form method="post" action="<?php echo $ONESCRIPT; ?>?f=<?php echo $filename; ?>">
 	<input type="button" class="button close" name="close" value="Close" onclick="parent.location='<?php echo $ONESCRIPT.'?i='.substr($_GET["f"],0,strrpos($_GET["f"],"/")); ?>'" />
 		<input type="hidden" name="sessionid" value="<?php echo session_id(); ?>" />
 		<?php $lfile = strtolower($filename);
@@ -319,9 +319,9 @@ function Cancel_Submit_Buttons($button_label) {
 			<p class="buttons_right">
 				<input type="submit" class="button" name="save_file" id="save_file" value="Save" />
 		<?php } ?>
-			<input type="button" class="button" name="rename_file" value="Rename/Move" onclick="parent.location='<?php echo $_SERVER["SCRIPT_NAME"]; ?>?r=<?php echo $filename; ?>'" />
-			<input type="button" class="button" name="delete_file" value="Delete" onclick="parent.location='<?php echo $_SERVER["SCRIPT_NAME"]; ?>?d=<?php echo $filename; ?>'" />
-			<input type="button" class="button" name="copy_file" value="Copy" onclick="parent.location='<?php echo $_SERVER["SCRIPT_NAME"]; ?>?c=<?php echo $filename; ?>'" />
+			<input type="button" class="button" name="rename_file" value="Rename/Move" onclick="parent.location='<?php echo $ONESCRIPT; ?>?r=<?php echo $filename; ?>'" />
+			<input type="button" class="button" name="delete_file" value="Delete" onclick="parent.location='<?php echo $ONESCRIPT; ?>?d=<?php echo $filename; ?>'" />
+			<input type="button" class="button" name="copy_file" value="Copy" onclick="parent.location='<?php echo $ONESCRIPT; ?>?c=<?php echo $filename; ?>'" />
 			<input type="button" class="button" name="close" value="Close" onclick="parent.location='<?php echo $ONESCRIPT.'?i='.substr($_GET["f"],0,strrpos($_GET["f"],"/")); ?>'" />
 		</p><div class="meta">
 			<p><i>File Size:</i> <?php echo round(filesize($filename)/1000,2); ?> kb - 
@@ -340,13 +340,13 @@ function Cancel_Submit_Buttons($button_label) {
 		if ($varvar == "") { 
 			echo $path_levels[0]; // if at root, no need for link.
 		} else {
-			echo '<a href="'.$_SERVER["SCRIPT_NAME"].'" class="path"> '.$path_levels[0].' </a>/';
+			echo '<a href="'.$ONESCRIPT.'" class="path"> '.$path_levels[0].' </a>/';
 		}
 		$current_path = "";
 		for ($x=1; $x < $levels-1; $x++) {
 			if ($x !== 1){ $current_path .= '/'; }
 			$current_path = $current_path.$path_levels[$x];
-			echo '<a href="'.$_SERVER["SCRIPT_NAME"].'?i='.$current_path.'" class="path"> ';
+			echo '<a href="'.$ONESCRIPT.'?i='.$current_path.'" class="path"> ';
 			echo ' '.$path_levels[$x].' </a>/';
 		}
 		echo ' '.$path_levels[$x].' /'; // last item is current dir. No link needed.
@@ -357,7 +357,7 @@ function Cancel_Submit_Buttons($button_label) {
 		$files = glob($varvar."*",GLOB_ONLYDIR);
 		sort($files);
 		foreach ($files as $file) { ?>
-			<a href="<?php echo $_SERVER["SCRIPT_NAME"]; ?>?i=<?php echo $file; ?>" class="folder"><?php echo basename($file); ?></a>
+			<a href="<?php echo $ONESCRIPT; ?>?i=<?php echo $file; ?>" class="folder"><?php echo basename($file); ?></a>
 		<?php } ?>
 	</p>
 	<div style="clear:both;"></div>
@@ -386,7 +386,7 @@ function Cancel_Submit_Buttons($button_label) {
 				if (strrpos($lfile,".css")) { $file_class = "css"; };
 				if (strrpos($lfile,".php")) { $file_class = "php"; }; ?>
 					<li>
-						<a href="<?php echo $_SERVER["SCRIPT_NAME"]; ?>?f=<?php 
+						<a href="<?php echo $ONESCRIPT; ?>?f=<?php 
 						echo $file; ?>" class="<?php echo $file_class ?>"><?php 
 						echo basename($file); ?></a>
 						<div class="meta">
@@ -400,19 +400,19 @@ function Cancel_Submit_Buttons($button_label) {
 		} ?>
 	</ul>
 	<p class="front_links">
-		<a href="<?php echo $_SERVER["SCRIPT_NAME"]; ?>?p=new&amp;i=<?php echo $varvar; ?>" class="new">New File</a>
-		<a href="<?php echo $_SERVER["SCRIPT_NAME"]; ?>?p=folder&amp;i=<?php echo $varvar; ?>" class="newfolder">New Folder</a><?php if ($varvar !== "") { ?>
-		<a href="<?php echo $_SERVER["SCRIPT_NAME"]; ?>?p=deletefolder&amp;i=<?php echo $varvar; ?>" class="deletefolder">Delete Folder</a>
-		<a href="<?php echo $_SERVER["SCRIPT_NAME"]; ?>?p=renamefolder&amp;i=<?php echo $varvar; ?>" class="renamefolder">Rename Folder</a><?php } ?>
-		<a href="<?php echo $_SERVER["SCRIPT_NAME"]; ?>?p=upload&amp;i=<?php echo $varvar; ?>" class="upload">Upload File</a>
-		<a href="<?php echo $_SERVER["SCRIPT_NAME"]; ?>?p=other" class="other">Other</a>
+		<a href="<?php echo $ONESCRIPT; ?>?p=new&amp;i=<?php echo $varvar; ?>" class="new">New File</a>
+		<a href="<?php echo $ONESCRIPT; ?>?p=folder&amp;i=<?php echo $varvar; ?>" class="newfolder">New Folder</a><?php if ($varvar !== "") { ?>
+		<a href="<?php echo $ONESCRIPT; ?>?p=deletefolder&amp;i=<?php echo $varvar; ?>" class="deletefolder">Delete Folder</a>
+		<a href="<?php echo $ONESCRIPT; ?>?p=renamefolder&amp;i=<?php echo $varvar; ?>" class="renamefolder">Rename Folder</a><?php } ?>
+		<a href="<?php echo $ONESCRIPT; ?>?p=upload&amp;i=<?php echo $varvar; ?>" class="upload">Upload File</a>
+		<a href="<?php echo $ONESCRIPT; ?>?p=other" class="other">Other</a>
 	</p>
 <?php };
 
 // LOG IN
 if ($page == "login") { ?>
 	<h2>Log In</h2>
-	<form method="post" action="<?php echo $_SERVER["SCRIPT_NAME"]; ?>">
+	<form method="post" action="<?php echo $ONESCRIPT; ?>">
 		<p>
 			<label for="onefilecms_username">Username:</label>
 			<input type="text" name="onefilecms_username" id="onefilecms_username" class="textinput" />
@@ -439,7 +439,7 @@ function Cancel_Submit_Buttons($button_label) {
 		<h2>New File</h2>
 		<p>Existing files with the same name will not be overwritten.</p>
 		<form method="post" id="new" action="<?php echo
-		$_SERVER["SCRIPT_NAME"].substr_replace($varvar,"",-1); ?>">
+		$ONESCRIPT.substr_replace($varvar,"",-1); ?>">
 			<input type="hidden" name="sessionid" value="<?php echo session_id(); ?>" />
 			<p>
 				<label for="new_filename">New filename: </label>
@@ -455,7 +455,7 @@ function Cancel_Submit_Buttons($button_label) {
 	if (isset($_GET["i"])) { $varvar = "?i=".$_GET["i"]; }?>
 	<h2>New Folder</h2>
 	<p>Existing folders with the same name will not be overwritten.</p>
-	<form method="post" action="<?php echo $_SERVER["SCRIPT_NAME"].substr_replace($varvar,"",-1); ?>">
+	<form method="post" action="<?php echo $ONESCRIPT.substr_replace($varvar,"",-1); ?>">
 		<input type="hidden" name="sessionid" value="<?php echo session_id(); ?>" />
 		<p>
 			<label for="new_folder">Folder name: </label>
@@ -475,7 +475,7 @@ function Cancel_Submit_Buttons($button_label) {
 	<pre><code>This site powered by &#60;a href="http://onefilecms.com/"&#62;OneFileCMS&#60;/a&#62;.</code></pre>
 	<h3>Admin Link</h3>
 	<p>Add this to your footer (or something) for lazy/forgetful admins. They'll still have to know the username and password, of course.</p>
-	<pre><code>[&#60;a href="<?php echo $_SERVER["SCRIPT_NAME"]; ?>"&#62;Admin&#60;/a&#62;]</code></pre>
+	<pre><code>[&#60;a href="<?php echo $ONESCRIPT; ?>"&#62;Admin&#60;/a&#62;]</code></pre>
 	<?php if (strlen($config_password) != 32) { ?>
 		<h3>Password Hash</h3>
 		<p>By the way, MD5 hash of your currently configured password is: <em><?php echo md5($config_password) ?></em>
@@ -491,7 +491,7 @@ function Cancel_Submit_Buttons($button_label) {
 	careful!</p>
 	<p>To move a file, preface its name with the folder's name, as in 
 	"<i>foldername/filename.txt</i>." The folder must already exist.</p>
-	<form method="post" action="<?php echo $_SERVER["SCRIPT_NAME"].$varvar;	?>">
+	<form method="post" action="<?php echo $ONESCRIPT.$varvar;	?>">
 		<input type="hidden" name="sessionid" value="<?php echo session_id(); ?>" />
 		<p>
 			<label>Old filename:</label>
@@ -510,7 +510,7 @@ function Cancel_Submit_Buttons($button_label) {
 if ($page == "renamefolder") {
 	$varvar = "?i=".substr($_GET["i"],0,strrpos(substr_replace($_GET["i"],"",-1),"/")); ?>
 	<h2>Rename Folder &ldquo;<?php echo $_GET["i"]; ?>&rdquo;</h2>
-	<form method="post" action="<?php echo $_SERVER["SCRIPT_NAME"].$varvar; ?>">
+	<form method="post" action="<?php echo $ONESCRIPT.$varvar; ?>">
 		<input type="hidden" name="sessionid" value="<?php echo session_id(); ?>" />
 		<p>
 			<label>Old name:</label><input type="hidden" name="old_foldername" value="<?php echo $_GET["i"]; ?>" />
@@ -529,7 +529,7 @@ function Cancel_Submit_Buttons($button_label) {
 	$varvar = ""; if (isset($_GET["i"])) { $varvar = "?i=".$_GET["i"]; } ?>
 	<h2>Upload</h2>
 	<form enctype="multipart/form-data" action="<?php echo
-	$_SERVER["SCRIPT_NAME"].substr_replace($varvar,"",-1); ?>" method="post">
+	$ONESCRIPT.substr_replace($varvar,"",-1); ?>" method="post">
 		<input type="hidden" name="sessionid" value="<?php echo session_id(); ?>" />
 		<input type="hidden" name="MAX_FILE_SIZE" value="100000" />
 		<p>

From 59e7cb46e647fd0694ee0e88dffd7e1eb2f5bbe1 Mon Sep 17 00:00:00 2001
From: Self-Evident <selfevidenttruths@mail.com>
Date: Mon, 9 Apr 2012 13:17:13 -0400
Subject: [PATCH 016/228] Changed where .css is hosted. Moved Upload link.

---
 onefilecms.php | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/onefilecms.php b/onefilecms.php
index 4286f27..00469be 100755
--- a/onefilecms.php
+++ b/onefilecms.php
@@ -220,7 +220,7 @@ function Cancel_Submit_Buttons($button_label) {
 	if (file_exists($config_localcss)) {
 		echo $config_localcss;
 	} else {
-		echo "http://onefilecms.com/style.css";
+		echo "http://self-evident.github.com/OneFileCMS/onefilecms.css";
 	}
 ?>" type="text/css" rel="stylesheet" media="screen" />
 </head>
@@ -400,11 +400,11 @@ function Cancel_Submit_Buttons($button_label) {
 		} ?>
 	</ul>
 	<p class="front_links">
+		<a href="<?php echo $ONESCRIPT; ?>?p=upload&amp;i=<?php echo $varvar; ?>" class="upload">Upload File</a>
 		<a href="<?php echo $ONESCRIPT; ?>?p=new&amp;i=<?php echo $varvar; ?>" class="new">New File</a>
 		<a href="<?php echo $ONESCRIPT; ?>?p=folder&amp;i=<?php echo $varvar; ?>" class="newfolder">New Folder</a><?php if ($varvar !== "") { ?>
 		<a href="<?php echo $ONESCRIPT; ?>?p=deletefolder&amp;i=<?php echo $varvar; ?>" class="deletefolder">Delete Folder</a>
 		<a href="<?php echo $ONESCRIPT; ?>?p=renamefolder&amp;i=<?php echo $varvar; ?>" class="renamefolder">Rename Folder</a><?php } ?>
-		<a href="<?php echo $ONESCRIPT; ?>?p=upload&amp;i=<?php echo $varvar; ?>" class="upload">Upload File</a>
 		<a href="<?php echo $ONESCRIPT; ?>?p=other" class="other">Other</a>
 	</p>
 <?php };
@@ -538,7 +538,7 @@ function Cancel_Submit_Buttons($button_label) {
 		</p>
 		<p>
 			<label for="upload_filename">File:</label>
-			<input name="upload_filename" type="file" />
+			<input name="upload_filename" type="file" size="93"/>
 		</p>
 		<p><?php Cancel_Submit_Buttons("Upload"); ?></p>
 	</form>

From 3eefa9ae3fd53b27ee58b4c9e1afd0abd354ccde Mon Sep 17 00:00:00 2001
From: Self-Evident <selfevidenttruths@mail.com>
Date: Tue, 10 Apr 2012 00:56:11 -0400
Subject: [PATCH 017/228] Style sheet icons now hosted on
 self-evident.github.com

---
 onefilecms.css | 34 +++++++++++++++++-----------------
 1 file changed, 17 insertions(+), 17 deletions(-)

diff --git a/onefilecms.css b/onefilecms.css
index f075979..2a39307 100755
--- a/onefilecms.css
+++ b/onefilecms.css
@@ -15,7 +15,7 @@ h1,h2,h3,h4,h5,h6{font-weight: bold;}
 body {
 	font-size: 12px;
 	line-height: 20px;
-	background: #d5d0cc url("/images/background.jpg") top center no-repeat;
+	background: #d5d0cc;
 	font-family: sans-serif;
 	color: #0F0901;
 }
@@ -95,11 +95,11 @@ pre {
 	border-bottom: 1px solid #807568;
 }
 
-#message p {
+#message p {font-size: 1.3em;
 	margin: 0;
 	padding: 5px 5px 5px 30px;
 	border: 1px solid #807568;
-	background: #fff000 url("http://onefilecms.com/images/silk_error.png") 10px 5px no-repeat;
+	background: #fff000 url("http://self-evident.github.com/OneFileCMS/images/silk_error.png") 10px 5px no-repeat;
 }
 
 /* --- INDEX --- */
@@ -119,15 +119,15 @@ pre {
 	padding: 7px 5px 7px 35px;
 	border: 1px solid #807568;
 	text-decoration: none;
-	background: white url("http://onefilecms.com/images/silk_file.png") 10px 10px no-repeat;
+	background: white url("http://self-evident.github.com/OneFileCMS/images/silk_file.png") 10px 10px no-repeat;
 	overflow: hidden;
 	line-height: 1em;
 }
 
 
-.index a.css { background: white url("http://onefilecms.com/images/silk_css.png") 10px 10px no-repeat; }
-.index a.img { background: white url("http://onefilecms.com/images/silk_image.png") 10px 10px no-repeat; }
-.index a.php { background: white url("http://onefilecms.com/images/silk_php.png") 10px 10px no-repeat; }
+.index a.css { background: white url("http://self-evident.github.com/OneFileCMS/images/silk_css.png") 10px 10px no-repeat; }
+.index a.img { background: white url("http://self-evident.github.com/OneFileCMS/images/silk_image.png") 10px 10px no-repeat; }
+.index a.php { background: white url("http://self-evident.github.com/OneFileCMS/images/silk_php.png") 10px 10px no-repeat; }
 
 .index a:hover {
 	background-color: #fffbce;
@@ -148,7 +148,7 @@ pre {
 	margin-right: 15px;
 	padding: 2px 4px 2px 20px;
 	display: inline-block;
-	background: url("http://onefilecms.com/images/silk_folder.png") 0 2px no-repeat;
+	background: url("http://self-evident.github.com/OneFileCMS/images/silk_folder.png") 0 2px no-repeat;
 }
 .index_folders a:hover { background-color: #fffbce; }
 /* --- list view --- */
@@ -207,20 +207,20 @@ ul.list .meta span {
 	display: inline-block;
 }
 
-.front_links a.settings { background: url("http://onefilecms.com/images/silk_settings.png") 0 3px no-repeat; }
-.front_links a.new { background: url("http://onefilecms.com/images/silk_new.png") 0 3px no-repeat; }
-.front_links a.newfolder { background: url("http://onefilecms.com/images/silk_newfolder.png") 0 2px no-repeat; }
-.front_links a.deletefolder { background: url("http://onefilecms.com/images/silk_deletefolder.png") 0 2px no-repeat; }
-.front_links a.renamefolder { background: url("http://onefilecms.com/images/silk_renamefolder.png") 0 2px no-repeat; }
-.front_links a.upload { background: url("http://onefilecms.com/images/silk_upload.png") 0 3px no-repeat; }
-.front_links a.other { background: url("http://onefilecms.com/images/silk_other.png") 0 3px no-repeat; }
+.front_links a.settings { background: url("http://self-evident.github.com/OneFileCMS/images/silk_settings.png") 0 3px no-repeat; }
+.front_links a.new { background: url("http://self-evident.github.com/OneFileCMS/images/silk_new.png") 0 3px no-repeat; }
+.front_links a.newfolder { background: url("http://self-evident.github.com/OneFileCMS/images/silk_newfolder.png") 0 2px no-repeat; }
+.front_links a.deletefolder { background: url("http://self-evident.github.com/OneFileCMS/images/silk_deletefolder.png") 0 2px no-repeat; }
+.front_links a.renamefolder { background: url("http://self-evident.github.com/OneFileCMS/images/silk_renamefolder.png") 0 2px no-repeat; }
+.front_links a.upload { background: url("http://self-evident.github.com/OneFileCMS/images/silk_upload.png") 0 3px no-repeat; }
+.front_links a.other { background: url("http://self-evident.github.com/OneFileCMS/images/silk_other.png") 0 3px no-repeat; }
 .front_links a:hover { border: 1px solid #807568; background-color: #fffbce; }
 form .meta { z-index: -1; }
 
 .textinput {
 	border: 1px solid #807568;
 	padding: 2px;
-	width: 350px;
+	width: 650px;
 	font: 12px/18px "Courier New", Courier, monospace;
 }
 
@@ -257,7 +257,7 @@ h1 a {
 }
 
 h1 a.onefilecms {
-	background: url("http://onefilecms.com/images/logo.gif") top left no-repeat;
+	background: url("http://self-evident.github.com/OneFileCMS/images/logo.gif") top left no-repeat;
 	width: 208px;
 	height: 29px;
 	display: block;

From f591686cdc8019a31e288dab1a7dea0c254080f6 Mon Sep 17 00:00:00 2001
From: Self-Evident <selfevidenttruths@mail.com>
Date: Tue, 10 Apr 2012 13:51:26 -0400
Subject: [PATCH 018/228] Removed superfluous START, FINISH, & microtime lines
 & footer.

---
 onefilecms.css |  602 ++++++++++++-------------
 onefilecms.php | 1167 ++++++++++++++++++++++++------------------------
 2 files changed, 881 insertions(+), 888 deletions(-)

diff --git a/onefilecms.css b/onefilecms.css
index 2a39307..60bb25f 100755
--- a/onefilecms.css
+++ b/onefilecms.css
@@ -1,301 +1,301 @@
-/* --- reset --- */
-
-html,body,div,span,applet,object,iframe,h1,h2,h3,h4,h5,h6,p,blockquote,pre,a,abbr,acronym,address,big,
-cite,code,del,dfn,em,font,img,ins,kbd,q,s,samp,small,strike,strong,sub,sup,tt,var,dl,dt,dd,ol,ul,li,
-fieldset,form,label,legend,table,caption,tbody,tfoot,thead,tr,th,td{border:0;outline:0;font-weight:inherit;font-style:inherit;font-size:100%;font-family:inherit;vertical-align:baseline;margin:0;padding:0;}
-:focus{outline:0;}
-ol,ul{list-style:none;}
-table{border-collapse:separate;border-spacing:0;}
-caption,th,td{text-align:left;font-weight:400;}
-blockquote:before,blockquote:after,q:before,q:after{content:"";}
-blockquote,q{quotes:"" "";}
-div{position: relative;}
-h1,h2,h3,h4,h5,h6{font-weight: bold;}
-
-body {
-	font-size: 12px;
-	line-height: 20px;
-	background: #d5d0cc;
-	font-family: sans-serif;
-	color: #0F0901;
-}
-
-/* --- layout --- */
-
-.container {
-	width: 800px;
-	padding: 0 10px;
-	margin: 20px auto;
-}
-
-.header {
-	margin-bottom: 10px;
-	padding-bottom: 10px;
-	border-bottom: 1px solid #807568;
-	color: #676767;
-	position: relative;
-}
-
-.footer {
-	margin-top: 10px;
-	padding-top: 10px;
-	border-top: 1px solid #807568;
-	clear: both;
-}
-
-/* --- general formatting --- */
-
-h2,h3,p,ul,table { margin-bottom: 10px; }
-p, li {line-height: 1.4em; }
-form p { margin-bottom: 5px; }
-a { color: #774200; text-decoration: none; border: 1px solid  transparent; }
-a:hover { color: #976322; }
-a:hover { color: #995400; border: 1px solid #807568; background-color: #fffbce; }
-h2 { font-size: 20px; }
-h3 { font-size: 18px; margin-top: 15px; }
-em, i { font-style: italic; }
-strong { font-weight: bold; }
-
-label {
-	font-size: 14px;
-	font-style: italic;
-	width: 110px;
-	display: inline-block;
-}
-
-pre {
-	background: white;
-	border: 1px solid #807568;
-	line-height: 1.25em;
-	overflow: auto
-	overflow-Y: hidden;
-	padding: 10px;
-	margin: 5px 0 10px 0;
-	overflow: hidden;
-}
-
-.page_login label {
-	display: block;
-	margin-bottom: 2px;
-}
-
-.alignleft {
-	margin: 0 10px 10px 0;
-	float: left;
-}
-
-.left70 {
-	width: 70px;
-	display: inline-block;
-}
-
-#message {
-	margin-bottom: 10px;
-	padding-bottom: 10px;
-	border-bottom: 1px solid #807568;
-}
-
-#message p {font-size: 1.3em;
-	margin: 0;
-	padding: 5px 5px 5px 30px;
-	border: 1px solid #807568;
-	background: #fff000 url("http://self-evident.github.com/OneFileCMS/images/silk_error.png") 10px 5px no-repeat;
-}
-
-/* --- INDEX --- */
-
-.index { width: 810px; }
-
-.index li {
-	margin: 0 10px 10px 0;
-	width: 192.5px;
-	float: left;
-	position: relative;
-}
-
-.index a {
-	height: 28px;
-	display: block;
-	padding: 7px 5px 7px 35px;
-	border: 1px solid #807568;
-	text-decoration: none;
-	background: white url("http://self-evident.github.com/OneFileCMS/images/silk_file.png") 10px 10px no-repeat;
-	overflow: hidden;
-	line-height: 1em;
-}
-
-
-.index a.css { background: white url("http://self-evident.github.com/OneFileCMS/images/silk_css.png") 10px 10px no-repeat; }
-.index a.img { background: white url("http://self-evident.github.com/OneFileCMS/images/silk_image.png") 10px 10px no-repeat; }
-.index a.php { background: white url("http://self-evident.github.com/OneFileCMS/images/silk_php.png") 10px 10px no-repeat; }
-
-.index a:hover {
-	background-color: #fffbce;
-	border: 1px solid #969376;
-}
-
-.index .meta {
-	font-size: 11px;
-	height: 25px;
-	margin-top: 3px;
-	overflow: hidden;
-	line-height: 1.1em;
-}
-.index_folders { min-height: 2em; }
-.index_folders a {
-	display: inline-block;
-	font-size: 16px;
-	margin-right: 15px;
-	padding: 2px 4px 2px 20px;
-	display: inline-block;
-	background: url("http://self-evident.github.com/OneFileCMS/images/silk_folder.png") 0 2px no-repeat;
-}
-.index_folders a:hover { background-color: #fffbce; }
-/* --- list view --- */
-
-ul.list {
-	width: 100%;
-	margin-bottom: 31px;
-}
-
-ul.index.list * {
-	width: auto;
-	height: auto;
-	padding: 0;
-	margin: 0;
-	display: visible;
-	line-height: 21px;
-}
-
-ul.index.list li {
-	float: none;
-	clear: both;
-}
-
-ul.index.list li a {
-	display: block;
-	float: left;
-	background-color: transparent;
-	background-position: top left;
-	border: none;
-	width: 200px;
-	text-indent: 26px;
-}
-
-ul.list .meta {
-	display: block;
-	float: left;
-	height: auto;
-}
-
-ul.list .meta br { display: none; }
-
-ul.list .meta span {
-	display: block;
-	float: left;
-	width: 200px;
-}
-
-
-.front_links { clear: both; }
-
-.front_links a { padding: 3px;
-	font-size: 16px;
-	margin-right: 15px;
-	padding-left: 21px;
-	height: 16px;
-	display: inline-block;
-}
-
-.front_links a.settings { background: url("http://self-evident.github.com/OneFileCMS/images/silk_settings.png") 0 3px no-repeat; }
-.front_links a.new { background: url("http://self-evident.github.com/OneFileCMS/images/silk_new.png") 0 3px no-repeat; }
-.front_links a.newfolder { background: url("http://self-evident.github.com/OneFileCMS/images/silk_newfolder.png") 0 2px no-repeat; }
-.front_links a.deletefolder { background: url("http://self-evident.github.com/OneFileCMS/images/silk_deletefolder.png") 0 2px no-repeat; }
-.front_links a.renamefolder { background: url("http://self-evident.github.com/OneFileCMS/images/silk_renamefolder.png") 0 2px no-repeat; }
-.front_links a.upload { background: url("http://self-evident.github.com/OneFileCMS/images/silk_upload.png") 0 3px no-repeat; }
-.front_links a.other { background: url("http://self-evident.github.com/OneFileCMS/images/silk_other.png") 0 3px no-repeat; }
-.front_links a:hover { border: 1px solid #807568; background-color: #fffbce; }
-form .meta { z-index: -1; }
-
-.textinput {
-	border: 1px solid #807568;
-	padding: 2px;
-	width: 650px;
-	font: 12px/18px "Courier New", Courier, monospace;
-}
-
-textarea.textinput {
-	width: 794px;
-	height: 550px;
-}
-
-textarea.disabled { height: 50px; }
-
-.buttons_right { float: right;}
-.buttons_right .button { margin-left: 7px; }
-.buttons_left { float: left;}
-.buttons_left .button { margin-right: 7px; }
-
-.button {
-	border: 1px solid #807568;
-	padding: 4px 10px;
-	background-color: #d4d4d4;
-	cursor: pointer;
-	font-size: 14px;
-	font-family: sans-serif;
-}
-
-.button:hover { background-color: #eaeaea; }
-.button[disabled]:hover { background-color: #d4d4d4; }
-
-/* --- header --- */
-
-h1 a {
-	font-size: 28px;
-	text-decoration: none;
-	color: #0F0901;
-}
-
-h1 a.onefilecms {
-	background: url("http://self-evident.github.com/OneFileCMS/images/logo.gif") top left no-repeat;
-	width: 208px;
-	height: 29px;
-	display: block;
-	text-indent: -2000px;
-}
-
-h1 a:visited { color: #0F0901; }
-
-.nav {
-	position: absolute;
-	bottom: 12px;
-	right: 0;
-	font-size: 14px;
-}
-
-.nav a { border: 1px solid transparent;
-	font-weight: bold;
-	text-decoration: none; 	padding: .2em .5em .2em .5em ;
-}
-.nav a:hover { color: #995400; border: 1px solid #807568; background-color: #fffbce; }
-/* --- edit --- */
-
-#edit_header {float: left;}
-
-.close {float: right;}
-
-
-
-/* --- log in --- */
-
-.page_login .container, .page_logout .container {
-	width: 356px;
-	margin-top: 60px;
-}
-
-
-/* --- path/to/current/index --- */
-
-.path { border: 1px solid  transparent; }
-	
-.path:hover { border: 1px solid #807568; background-color: #fffbce; }
+/* --- reset --- */
+
+html,body,div,span,applet,object,iframe,h1,h2,h3,h4,h5,h6,p,blockquote,pre,a,abbr,acronym,address,big,
+cite,code,del,dfn,em,font,img,ins,kbd,q,s,samp,small,strike,strong,sub,sup,tt,var,dl,dt,dd,ol,ul,li,
+fieldset,form,label,legend,table,caption,tbody,tfoot,thead,tr,th,td{border:0;outline:0;font-weight:inherit;font-style:inherit;font-size:100%;font-family:inherit;vertical-align:baseline;margin:0;padding:0;}
+:focus{outline:0;}
+ol,ul{list-style:none;}
+table{border-collapse:separate;border-spacing:0;}
+caption,th,td{text-align:left;font-weight:400;}
+blockquote:before,blockquote:after,q:before,q:after{content:"";}
+blockquote,q{quotes:"" "";}
+div{position: relative;}
+h1,h2,h3,h4,h5,h6{font-weight: bold;}
+
+body {
+	font-size: 12px;
+	line-height: 20px;
+	background: #d5d0cc;
+	font-family: sans-serif;
+	color: #0F0901;
+}
+
+/* --- layout --- */
+
+.container {
+	width: 800px;
+	padding: 0 10px;
+	margin: 20px auto;
+}
+
+.header {
+	margin-bottom: 10px;
+	padding-bottom: 10px;
+	border-bottom: 1px solid #807568;
+	color: #676767;
+	position: relative;
+}
+
+.footer { /*
+	margin-top: 10px;
+	padding-top: 10px;
+	border-top: 0px solid #807568;
+	clear: both;  */
+}
+
+/* --- general formatting --- */
+
+h2,h3,p,ul,table { margin-bottom: 10px; }
+p, li {line-height: 1.4em; }
+form p { margin-bottom: 5px; }
+a { color: #774200; text-decoration: none; border: 1px solid  transparent; }
+a:hover { color: #976322; }
+a:hover { color: #995400; border: 1px solid #807568; background-color: #fffbce; }
+h2 { font-size: 20px; }
+h3 { font-size: 18px; margin-top: 15px; }
+em, i { font-style: italic; }
+strong { font-weight: bold; }
+
+label {
+	font-size: 14px;
+	font-style: italic;
+	width: 110px;
+	display: inline-block;
+}
+
+pre {
+	background: white;
+	border: 1px solid #807568;
+	line-height: 1.25em;
+	overflow: auto
+	overflow-Y: hidden;
+	padding: 10px;
+	margin: 5px 0 10px 0;
+	overflow: hidden;
+}
+
+.page_login label {
+	display: block;
+	margin-bottom: 2px;
+}
+
+.alignleft {
+	margin: 0 10px 10px 0;
+	float: left;
+}
+
+.left70 {
+	width: 70px;
+	display: inline-block;
+}
+
+#message {
+	margin-bottom: 10px;
+	padding-bottom: 10px;
+	border-bottom: 1px solid #807568;
+}
+
+#message p {font-size: 1.3em;
+	margin: 0;
+	padding: 5px 5px 5px 30px;
+	border: 1px solid #807568;
+	background: #fff000 url("http://self-evident.github.com/OneFileCMS/images/silk_error.png") 10px 5px no-repeat;
+}
+
+/* --- INDEX --- */
+
+.index { width: 810px; }
+
+.index li {
+	margin: 0 10px 10px 0;
+	width: 192.5px;
+	float: left;
+	position: relative;
+}
+
+.index a {
+	height: 28px;
+	display: block;
+	padding: 7px 5px 7px 35px;
+	border: 1px solid #807568;
+	text-decoration: none;
+	background: white url("http://self-evident.github.com/OneFileCMS/images/silk_file.png") 10px 10px no-repeat;
+	overflow: hidden;
+	line-height: 1em;
+}
+
+
+.index a.css { background: white url("http://self-evident.github.com/OneFileCMS/images/silk_css.png") 10px 10px no-repeat; }
+.index a.img { background: white url("http://self-evident.github.com/OneFileCMS/images/silk_image.png") 10px 10px no-repeat; }
+.index a.php { background: white url("http://self-evident.github.com/OneFileCMS/images/silk_php.png") 10px 10px no-repeat; }
+
+.index a:hover {
+	background-color: #fffbce;
+	border: 1px solid #969376;
+}
+
+.index .meta {
+	font-size: 11px;
+	height: 25px;
+	margin-top: 3px;
+	overflow: hidden;
+	line-height: 1.1em;
+}
+.index_folders { min-height: 2em; }
+.index_folders a {
+	display: inline-block;
+	font-size: 16px;
+	margin-right: 15px;
+	padding: 2px 4px 2px 20px;
+	display: inline-block;
+	background: url("http://self-evident.github.com/OneFileCMS/images/silk_folder.png") 0 2px no-repeat;
+}
+.index_folders a:hover { background-color: #fffbce; }
+/* --- list view --- */
+
+ul.list {
+	width: 100%;
+	margin-bottom: 31px;
+}
+
+ul.index.list * {
+	width: auto;
+	height: auto;
+	padding: 0;
+	margin: 0;
+	display: visible;
+	line-height: 21px;
+}
+
+ul.index.list li {
+	float: none;
+	clear: both;
+}
+
+ul.index.list li a {
+	display: block;
+	float: left;
+	background-color: transparent;
+	background-position: top left;
+	border: none;
+	width: 200px;
+	text-indent: 26px;
+}
+
+ul.list .meta {
+	display: block;
+	float: left;
+	height: auto;
+}
+
+ul.list .meta br { display: none; }
+
+ul.list .meta span {
+	display: block;
+	float: left;
+	width: 200px;
+}
+
+
+.front_links { clear: both; }
+
+.front_links a { padding: 3px;
+	font-size: 16px;
+	margin-right: 15px;
+	padding-left: 21px;
+	height: 16px;
+	display: inline-block;
+}
+
+.front_links a.settings { background: url("http://self-evident.github.com/OneFileCMS/images/silk_settings.png") 0 3px no-repeat; }
+.front_links a.new { background: url("http://self-evident.github.com/OneFileCMS/images/silk_new.png") 0 3px no-repeat; }
+.front_links a.newfolder { background: url("http://self-evident.github.com/OneFileCMS/images/silk_newfolder.png") 0 2px no-repeat; }
+.front_links a.deletefolder { background: url("http://self-evident.github.com/OneFileCMS/images/silk_deletefolder.png") 0 2px no-repeat; }
+.front_links a.renamefolder { background: url("http://self-evident.github.com/OneFileCMS/images/silk_renamefolder.png") 0 2px no-repeat; }
+.front_links a.upload { background: url("http://self-evident.github.com/OneFileCMS/images/silk_upload.png") 0 3px no-repeat; }
+.front_links a.other { background: url("http://self-evident.github.com/OneFileCMS/images/silk_other.png") 0 3px no-repeat; }
+.front_links a:hover { border: 1px solid #807568; background-color: #fffbce; }
+form .meta { z-index: -1; }
+
+.textinput {
+	border: 1px solid #807568;
+	padding: 2px;
+	width: 650px;
+	font: 12px/18px "Courier New", Courier, monospace;
+}
+
+textarea.textinput {
+	width: 794px;
+	height: 550px;
+}
+
+textarea.disabled { height: 50px; }
+
+.buttons_right { float: right;}
+.buttons_right .button { margin-left: 7px; }
+.buttons_left { float: left;}
+.buttons_left .button { margin-right: 7px; }
+
+.button {
+	border: 1px solid #807568;
+	padding: 4px 10px;
+	background-color: #d4d4d4;
+	cursor: pointer;
+	font-size: 14px;
+	font-family: sans-serif;
+}
+
+.button:hover { background-color: #eaeaea; }
+.button[disabled]:hover { background-color: #d4d4d4; }
+
+/* --- header --- */
+
+h1 a {
+	font-size: 28px;
+	text-decoration: none;
+	color: #0F0901;
+}
+
+h1 a.onefilecms {
+	background: url("http://self-evident.github.com/OneFileCMS/images/logo.gif") top left no-repeat;
+	width: 208px;
+	height: 29px;
+	display: block;
+	text-indent: -2000px;
+}
+
+h1 a:visited { color: #0F0901; }
+
+.nav {
+	position: absolute;
+	bottom: 12px;
+	right: 0;
+	font-size: 14px;
+}
+
+.nav a { border: 1px solid transparent;
+	font-weight: bold;
+	text-decoration: none; 	padding: .2em .5em .2em .5em ;
+}
+.nav a:hover { color: #995400; border: 1px solid #807568; background-color: #fffbce; }
+/* --- edit --- */
+
+#edit_header {float: left;}
+
+.close {float: right;}
+
+
+
+/* --- log in --- */
+
+.page_login .container, .page_logout .container {
+	width: 356px;
+	margin-top: 60px;
+}
+
+
+/* --- path/to/current/index --- */
+
+.path { border: 1px solid  transparent; }
+	
+.path:hover { border: 1px solid #807568; background-color: #fffbce; }
diff --git a/onefilecms.php b/onefilecms.php
index 00469be..a2a91d0 100755
--- a/onefilecms.php
+++ b/onefilecms.php
@@ -1,588 +1,581 @@
-<?php
-
-// OneFileCMS - http://onefilecms.com/
-
-// CONFIGURATION INFO
-$config_username = "username";
-$config_password = "password";
-$config_hint = "";
-$config_title = "OneFileCMS";
-$config_footer = date("Y")." <a href='http://onefilecms.com/'>OneFileCMS</a>.";
-$config_disabled = "bmp,ico,gif,jpg,png,psd,zip";
-$config_excluded = "onefilecms.php,favicon,.htaccess";
-$config_localcss = "onefilecms.css";   $ONESCRIPT = $_SERVER["SCRIPT_NAME"];
-$version = "1.1.6"; // ONEFILECMS_BEGIN
-
-if( phpversion() < '5.0.0' ) { exit("OneFileCMS requires PHP5 to operate. Please contact your host to upgrade your PHP installation."); };
-
-function getmicrotime() { list($usec, $sec) = explode(" ", microtime()); return ((float)$usec + (float)$sec); }
-$starttime = getmicrotime();
-
-
-
-/***********************************************************************/
-function Cancel_Submit_Buttons($button_label) { 
-	global $ONESCRIPT, $varvar;
-
-	// [Cancel] returns to either the current/path, or current/path/file
-	if (isset($_GET["i"])){
-		$ipath = '?i='.rtrim($_GET["i"],"/");
-		
-	}else if   ( isset($_GET["c"]) ) {
-		$ipath = '?f='.$_GET["c"];
-		
-	}else if   ( isset($_GET["d"]) ) {
-		$ipath = '?f='.$_GET["d"];
-
-	}else if   ( isset($_GET["r"]) ) {
-		$ipath = '?f='.$_GET["r"];
-		
-	}else{
-		$ipath = rtrim($varvar,"/");
-	}//end if
-?>
-	<p>
-		<input type="button" class="button" name="cancel" value="Cancel" onclick="parent.location='<?php echo $ONESCRIPT.$ipath; ?>'"/>
-		<input type="submit" class="button" value="<?php echo $button_label;?>" id="action" style="margin-left: 2.5em;">
-	</p>
-<?php }
-/**********************************************************************/
-
-
-
-session_start();
-global $page; $page = "index";
-
-if (isset($_POST["onefilecms_username"])) { $_SESSION['onefilecms_username'] = $_POST["onefilecms_username"]; }
-if (isset($_POST["onefilecms_password"])) { $_SESSION['onefilecms_password'] = $_POST["onefilecms_password"]; }
-if (($_SESSION['onefilecms_username'] == $config_username) and ($_SESSION['onefilecms_password'] == $config_password || md5($_SESSION['onefilecms_password']) == $config_password)) {
-	$_SESSION['onefilecms_valid'] = "1";
-} else {
-	$_SESSION['onefilecms_valid'] = "0";
-	$page = "login";
-}
-
-global $pagetitle; $pagetitle = "/";
-if ((isset($_GET["i"])) && ($_GET["i"] !== "")) { $pagetitle = "/".$_GET["i"]."/"; }
-if (isset($_GET["p"])) {
-	// redirect on invalid page attempts
-	$page = $_GET["p"];
-	if (!in_array(strtolower($_GET["p"]), array(
-		"copy","delete","error","deletefolder","edit","folder","index","login","logout","new","other","rename","renamefolder","upload"	)))
-	{
-		header("Location: ".$ONESCRIPT);
-		$page = "index";
-	}
-}
-if ( ($page == "login") and ($_SESSION['onefilecms_valid']) ) {$page = "index"; header("Location: ".$ONESCRIPT);};
-
-if ($_GET["p"] == "other") {$pagetitle = "Other"; }
-if ($_GET["p"] == "login") {$pagetitle = "Log In"; }
-if ($_GET["p"] == "logout") {$pagetitle = "Log Out"; $_SESSION['onefilecms_valid'] = "0"; session_destroy(); }
-if ($_GET["i"] == "") { unset($_GET["i"]); }
-
-// entitize get params
-foreach ($_GET as $name => $value) {
-	$_GET[$name] = htmlentities($value);
-}
-
-// COPY FILE
-if (isset($_GET["c"])) {
-	$filename = $_GET["c"]; $pagetitle = "Copy &ldquo;".$filename."&rdquo;";  $page = "copy";
-}
-
-if (isset($_POST["copy_filename"]) && $_SESSION['onefilecms_valid'] = "1" && $_POST["sessionid"] == session_id()) {
-	$old_filename = $_POST["old_filename"];
-	$filename = $_POST["copy_filename"];
-	copy($old_filename, $filename);
-	$message = $old_filename." copied successfully to ".$filename.".";
-}
-
-// DELETE FILE
-if (isset($_GET["d"])) {
-	$filename = $_GET["d"];
-	$pagetitle = "Delete &ldquo;".$filename."&rdquo;";
-	$page = "delete";
-}
-if (isset($_POST["delete_filename"]) && $_SESSION['onefilecms_valid'] = "1" && $_POST["sessionid"] == session_id()) {
-	$filename = $_POST["delete_filename"];
-	unlink($filename);
-	$message = $filename." successfully deleted.";
-}
-
-// DELETE FOLDER
-if ($_GET["p"] == "deletefolder") {
-	$pagetitle = "Delete Folder &ldquo;".$_GET["i"]."&rdquo;";
-}
-if (isset($_POST["delete_foldername"]) && $_SESSION['onefilecms_valid'] = "1" && $_POST["sessionid"] == session_id()) {
-	$foldername = $_POST["delete_foldername"];
-	if (@rmdir($foldername)) {
-		$message = $foldername." successfully deleted.";
-	} else {
-		$message = "That folder is not empty.";
-	}
-}
-
-// EDIT
-if (isset($_POST["filename"]) && $_SESSION['onefilecms_valid'] = "1" && $_POST["sessionid"] == session_id()) {
-	$filename = $_POST["filename"];
-	$content = stripslashes($_POST["content"]);
-	$fp = @fopen($filename, "w");
-	if ($fp) {
-		fwrite($fp, $content);
-		fclose($fp);
-	}
-	$message = $filename." saved successfully.";
-}
-if (isset($_GET["f"])) {
-	$filename = stripslashes($_GET["f"]);
-	if (file_exists($filename)) {
-		$page = "edit";
-		$pagetitle = "Edit &ldquo;".$filename."&rdquo;";
-		$fp = @fopen($filename, "r");
-		if (filesize($filename) !== 0) {
-			$loadcontent = fread($fp, filesize($filename));
-			$loadcontent = htmlspecialchars($loadcontent);
-		}
-		fclose($fp);
-	} else {
-		$page = "error";
-		unset ($filename);
-		$message = "File does not exist.";
-	}
-}
-// NEW FILE
-if ($_GET["p"] == "new") {$pagetitle = "New File"; }
-if (isset($_POST["new_filename"]) && $_SESSION['onefilecms_valid'] = "1" && $_POST["sessionid"] == session_id()) {
-	$filename = $_POST["new_filename"];
-	if (file_exists($filename)) {
-		$message = $filename." not created. A file with that name already exists.";
-	} else {
-		$handle = fopen($filename, 'w') or die("can't open file");
-		fclose($handle);
-		$message = $filename." created successfully.";
-	}
-}
-// NEW FOLDER
-if ($_GET["p"] == "folder") {$pagetitle = "New Folder"; }
-if (isset($_POST["new_folder"]) && $_SESSION['onefilecms_valid'] = "1" && $_POST["sessionid"] == session_id()) {
-	$foldername = $_POST["new_folder"];
-	if (!is_dir($foldername)) {
-		mkdir($foldername);
-		$message = $foldername." created successfully.";
-	} else {
-		$message = "A folder by that name already exists.";
-	}
-}
-// RENAME FILE
-if (isset($_GET["r"])) {
-	$filename = $_GET["r"];
-	$pagetitle = "Rename &ldquo;".$filename."&rdquo;";
-	$page = "rename";
-}
-if (isset($_POST["rename_filename"]) && $_SESSION['onefilecms_valid'] = "1" && $_POST["sessionid"] == session_id()) {
-	$old_filename = $_POST["old_filename"];
-	$filename = $_POST["rename_filename"];
-	rename($old_filename, $filename);
-	$message = $old_filename." successfully renamed to ".$filename.".";
-}
-// RENAME FOLDER
-if ($_GET["p"] == "renamefolder") {$pagetitle = "Rename Folder &ldquo;".$_GET["i"]."&rdquo;"; }
-if (isset($_POST["rename_foldername"]) && $_SESSION['onefilecms_valid'] = "1" && $_POST["sessionid"] == session_id()) {
-	$old_foldername = $_POST["old_foldername"];
-	$foldername = $_POST["rename_foldername"];
-	if (rename($old_foldername, $foldername)) {
-		$message = $old_foldername." unsuccessfully renamed to ".$foldername.".";
-	} else {
-		$message = "There was an error. Try again and/or contact your admin.";
-	}
-}
-// UPLOAD FILE
-if ($_GET["p"] == "upload") {$pagetitle = "Upload File"; }
-if (isset($_FILES['upload_filename']['name']) && $_SESSION['onefilecms_valid'] = "1" && $_POST["sessionid"] == session_id()) {
-	$filename = $_FILES['upload_filename']['name'];
-	$destination = $_POST["upload_destination"];
-	if(move_uploaded_file($_FILES['upload_filename']['tmp_name'],
-	$destination.basename($filename))) {
-		$message = basename($filename)." uploaded successfully to ".$destination.".";
-	} else{
-		$message = "There was an error. Try again and/or contact your admin.";
-	}
-}
-
-?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml">
-<head>
-<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
-<meta name="robots" content="noindex">
-<title><?php echo $config_title; ?> - <?php echo $pagetitle; ?></title>
-<link href="<?php 
-	if (file_exists($config_localcss)) {
-		echo $config_localcss;
-	} else {
-		echo "http://self-evident.github.com/OneFileCMS/onefilecms.css";
-	}
-?>" type="text/css" rel="stylesheet" media="screen" />
-</head>
-
-<body class="page_<?php echo $page; ?>">
-
-<div class="container">
-
-<div class="header">
-	<h1><a href="<?php echo $ONESCRIPT; ?>" class="<?php echo 
-	strtolower(ereg_replace("[^A-Za-z0-9]", "", $config_title)); ?>"><?php echo $config_title; 
-	?></a></h1>
-	<?php if ((isset($_SESSION['onefilecms_valid'])) && ($_SESSION['onefilecms_valid'] == 
-	"1")) { ?>
-		<div class="nav">
-			<a href="/">Visit Site</a> | 
-			<a href="<?php echo $ONESCRIPT; ?>">Index</a> | 
-			<a href="<?php echo $ONESCRIPT; ?>?p=logout">Log Out</a>
-		</div>
-	<?php } ?>
-</div>
-
-<?php if (isset($message)) {?><div id="message"><p><?php echo $message; ?></p></div><?php };
-
-// COPY FILE
-if ($page == "copy") { 
-	$extension = strrchr($filename, ".");
-	$slug = substr($filename, 0, strlen($filename) - strlen($extension));
-	$varvar = "?i=".substr($_GET["c"],0,strrpos($_GET["c"],"/")); ?>
-	<h2>Copy &ldquo;<a href="<?php echo $filename; ?>"><?php echo $filename; ?></a>&rdquo;</h2>
-	<p>Existing files with the same filename are automatically overwritten... Be careful!</p>
-	<form method="post" id="new" action="<?php echo $ONESCRIPT.$varvar; ?>">
-		<input type="hidden" name="sessionid" value="<?php echo session_id(); ?>" />
-		<p>
-			<label>Old filename:</label>
-			<input type="hidden" name="old_filename" value="<?php echo $filename; ?>" />
-			<input type="text" name="dummy" value="<?php echo $filename; ?>" class="textinput" disabled="disabled" />
-		</p>
-		<p>
-			<label for="copy_filename">New filename:</label>
-			<input type="text" name="copy_filename" id="copy_filename" class="textinput" value="<?php echo $slug."_".date("mdyHi").$extension; ?>" />
-		</p>
-		<p>	<?php Cancel_Submit_Buttons("Copy"); ?>	</p>
-	</form>
-<?php };
-
-// DELETE FILE
-if ($page == "delete") {
-	$varvar = "?i=".substr($_GET["d"],0,strrpos($_GET["d"],"/")); ?>
-	<h2>Delete &ldquo;<a href="<?php echo $filename; ?>"><?php echo $filename; ?></a>&rdquo;</h2>
-	<p>Are you sure?</p>
-	<form method="post" action="<?php echo $ONESCRIPT.$varvar; ?>">
-		<input type="hidden" name="sessionid" value="<?php echo session_id(); ?>" />
-		<p>
-			<input type="hidden" name="delete_filename" value="<?php echo $filename; ?>" />
-			<?php Cancel_Submit_Buttons("DELETE"); ?>
-
-		</p>
-	</form>
-<?php };
-
-// DELETE FOLDER
-if ($page == "deletefolder") {
-	$varvar = "?i=".substr($_GET["i"],0,strrpos(substr_replace($_GET["i"],"",-1),"/")); ?>
-	<h2>Delete Folder &ldquo;<?php echo $_GET["i"]; ?>&rdquo;</h2>
-	<p>Folders have to be empty before they can be deleted.</p>
-	<form method="post" action="<?php echo $ONESCRIPT.$varvar; ?>">
-		<input type="hidden" name="sessionid" value="<?php echo session_id(); ?>" />
-		<p>
-			<input type="hidden" name="delete_foldername" value="<?php echo $_GET["i"]; ?>" />
-			<?php Cancel_Submit_Buttons("DELETE"); ?>
-
-		</p>
-	</form>
-<?php };
-
-// EDIT
-if ($page == "edit") { ?>
-	<h2 id="edit_header">Edit &ldquo;<a href="<?php echo $filename; ?>"><?php echo $filename; ?></a>&rdquo;</h2>
-	<form method="post" action="<?php echo $ONESCRIPT; ?>?f=<?php echo $filename; ?>">
-	<input type="button" class="button close" name="close" value="Close" onclick="parent.location='<?php echo $ONESCRIPT.'?i='.substr($_GET["f"],0,strrpos($_GET["f"],"/")); ?>'" />
-		<input type="hidden" name="sessionid" value="<?php echo session_id(); ?>" />
-		<?php $lfile = strtolower($filename);
-		if (strpos($config_disabled,end(explode(".", $lfile)))) { ?>
-			<p>
-				<textarea name="content" class="textinput disabled" cols="70" rows="25" disabled="disabled">Disabled.</textarea>
-			</p>
-			<p class="buttons_right">
-				<input type="submit" class="button" name="save_file" value="Save" 
-				disabled="disabled" />
-		<?php } else { ?>
-			<p>
-				<input type="hidden" name="filename" id="filename" class="textinput" value="<?php echo $filename; ?>" />
-				<textarea name="content" class="textinput" cols="70" rows="25"><?php echo $loadcontent; ?></textarea>
-			</p>
-			<p class="buttons_right">
-				<input type="submit" class="button" name="save_file" id="save_file" value="Save" />
-		<?php } ?>
-			<input type="button" class="button" name="rename_file" value="Rename/Move" onclick="parent.location='<?php echo $ONESCRIPT; ?>?r=<?php echo $filename; ?>'" />
-			<input type="button" class="button" name="delete_file" value="Delete" onclick="parent.location='<?php echo $ONESCRIPT; ?>?d=<?php echo $filename; ?>'" />
-			<input type="button" class="button" name="copy_file" value="Copy" onclick="parent.location='<?php echo $ONESCRIPT; ?>?c=<?php echo $filename; ?>'" />
-			<input type="button" class="button" name="close" value="Close" onclick="parent.location='<?php echo $ONESCRIPT.'?i='.substr($_GET["f"],0,strrpos($_GET["f"],"/")); ?>'" />
-		</p><div class="meta">
-			<p><i>File Size:</i> <?php echo round(filesize($filename)/1000,2); ?> kb - 
-			<i>Last Updated:</i> <?php echo date("n/j/y g:ia", filemtime($filename)); ?></p>
-		</div>
-	</form>
-	<div style="clear:both;"></div>
-<?php };
-
-// INDEX
-if ($page == "index") { $varvar = "";
-	if (isset($_GET["i"])) { $varvar = $_GET["i"]."/"; } ?> 
-	<h2><?php $full_path = basename(getcwd()).'/'.$_GET["i"];
-		$path_levels = explode("/",$full_path);
-		$levels = count($path_levels);
-		if ($varvar == "") { 
-			echo $path_levels[0]; // if at root, no need for link.
-		} else {
-			echo '<a href="'.$ONESCRIPT.'" class="path"> '.$path_levels[0].' </a>/';
-		}
-		$current_path = "";
-		for ($x=1; $x < $levels-1; $x++) {
-			if ($x !== 1){ $current_path .= '/'; }
-			$current_path = $current_path.$path_levels[$x];
-			echo '<a href="'.$ONESCRIPT.'?i='.$current_path.'" class="path"> ';
-			echo ' '.$path_levels[$x].' </a>/';
-		}
-		echo ' '.$path_levels[$x].' /'; // last item is current dir. No link needed.
-	?></h2>
-
-	<p class="index_folders">
-		<?php
-		$files = glob($varvar."*",GLOB_ONLYDIR);
-		sort($files);
-		foreach ($files as $file) { ?>
-			<a href="<?php echo $ONESCRIPT; ?>?i=<?php echo $file; ?>" class="folder"><?php echo basename($file); ?></a>
-		<?php } ?>
-	</p>
-	<div style="clear:both;"></div>
-	<ul class="index <?php echo $_COOKIE['index_display']; ?>">
-		<?php $files = glob($varvar."{,.}*", GLOB_BRACE); sort($files);
-		foreach ($files as $file) {
-			$excludeme = 0;
-			$config_excludeds = explode(",", $config_excluded);
-			foreach ($config_excludeds as $config_exclusion) {
-				if (strrpos(basename($file),$config_exclusion) !== False && 
-				strrpos(basename($file),$config_exclusion) !== "") { 
-					$excludeme = 1;
-				}
-			}
-			if (!is_dir($file) && $excludeme == 0) {
-				$file_class = "";
-				$lfile = strtolower($file);
-				if (
-					(strrpos(strtolower($lfile),".jpg")) || 
-					(strrpos($lfile,".gif")) || 
-					(strrpos($lfile,".png")) || 
-					(strrpos($lfile,".ico"))
-				) {
-					$file_class = "img";
-				};
-				if (strrpos($lfile,".css")) { $file_class = "css"; };
-				if (strrpos($lfile,".php")) { $file_class = "php"; }; ?>
-					<li>
-						<a href="<?php echo $ONESCRIPT; ?>?f=<?php 
-						echo $file; ?>" class="<?php echo $file_class ?>"><?php 
-						echo basename($file); ?></a>
-						<div class="meta">
-							<span><i>File Size:</i> <?php echo 
-							round(filesize($file)/1000,2);?> kb<br /></span>
-							<span><i>Last Updated:</i> <?php echo 
-							date("n/j/y g:ia", filemtime($file)); ?></span>
-						</div>
-					</li>
-			<?php }
-		} ?>
-	</ul>
-	<p class="front_links">
-		<a href="<?php echo $ONESCRIPT; ?>?p=upload&amp;i=<?php echo $varvar; ?>" class="upload">Upload File</a>
-		<a href="<?php echo $ONESCRIPT; ?>?p=new&amp;i=<?php echo $varvar; ?>" class="new">New File</a>
-		<a href="<?php echo $ONESCRIPT; ?>?p=folder&amp;i=<?php echo $varvar; ?>" class="newfolder">New Folder</a><?php if ($varvar !== "") { ?>
-		<a href="<?php echo $ONESCRIPT; ?>?p=deletefolder&amp;i=<?php echo $varvar; ?>" class="deletefolder">Delete Folder</a>
-		<a href="<?php echo $ONESCRIPT; ?>?p=renamefolder&amp;i=<?php echo $varvar; ?>" class="renamefolder">Rename Folder</a><?php } ?>
-		<a href="<?php echo $ONESCRIPT; ?>?p=other" class="other">Other</a>
-	</p>
-<?php };
-
-// LOG IN
-if ($page == "login") { ?>
-	<h2>Log In</h2>
-	<form method="post" action="<?php echo $ONESCRIPT; ?>">
-		<p>
-			<label for="onefilecms_username">Username:</label>
-			<input type="text" name="onefilecms_username" id="onefilecms_username" class="textinput" />
-		</p>
-		<p>
-			<label for="onefilecms_password">Password:</label>
-			<input type="password" name="onefilecms_password" id="onefilecms_password" class="textinput" />
-		</p>
-		<?php if ($config_hint !== "") { ?><p><i>Hint:</i> <?php echo $config_hint; ?></p><?php } ?>
-		<p><input type="submit" class="button" value="Enter" /></p>
-	</form>
-<?php };
-
-// LOG OUT
-if ($page == "logout") { ?>
-	<h2>Log Out</h2>
-	<p>You have successfully been logged out and may close this window.</p>
-<?php };
-
-// NEW FILE
-if ($page == "new") {
-	$varvar = "";
-	if (isset($_GET["i"])) { $varvar = "?i=".$_GET["i"]; }?>
-		<h2>New File</h2>
-		<p>Existing files with the same name will not be overwritten.</p>
-		<form method="post" id="new" action="<?php echo
-		$ONESCRIPT.substr_replace($varvar,"",-1); ?>">
-			<input type="hidden" name="sessionid" value="<?php echo session_id(); ?>" />
-			<p>
-				<label for="new_filename">New filename: </label>
-				<input type="text" name="new_filename" id="new_filename" class="textinput" value="<?php echo $_GET["i"]; ?>" />
-			</p>
-			<p>	<?php Cancel_Submit_Buttons("Create"); ?> </p>
-		</form>
-<?php };
-
-// NEW FOLDER
-if ($page == "folder") {
-	$varvar = "";
-	if (isset($_GET["i"])) { $varvar = "?i=".$_GET["i"]; }?>
-	<h2>New Folder</h2>
-	<p>Existing folders with the same name will not be overwritten.</p>
-	<form method="post" action="<?php echo $ONESCRIPT.substr_replace($varvar,"",-1); ?>">
-		<input type="hidden" name="sessionid" value="<?php echo session_id(); ?>" />
-		<p>
-			<label for="new_folder">Folder name: </label>
-			<input type="text" name="new_folder" id="new_folder" class="textinput" value="<?php echo $_GET["i"]; ?>" />
-		</p>
-		<p>	<?php Cancel_Submit_Buttons("Create"); ?> </p>
-	</form>
-<?php };
-
-// OTHER
-if ($page == "other") { ?>
-	<h2>Other</h2>
-	<h3>Check for Updates</h3>
-	<p>Future versions of OneFileCMS will have a one-click upgrade process. For now, though, you have to <a href="http://onefilecms.com/download.php?v=<?php echo $version; ?>">click this link</a>. You are using version <?php echo $version; ?>.</p>
-	<h3>Want some good Karma?</h3>
-	<p>Let people know you use OneFileCMS by putting this in your footer:</p>
-	<pre><code>This site powered by &#60;a href="http://onefilecms.com/"&#62;OneFileCMS&#60;/a&#62;.</code></pre>
-	<h3>Admin Link</h3>
-	<p>Add this to your footer (or something) for lazy/forgetful admins. They'll still have to know the username and password, of course.</p>
-	<pre><code>[&#60;a href="<?php echo $ONESCRIPT; ?>"&#62;Admin&#60;/a&#62;]</code></pre>
-	<?php if (strlen($config_password) != 32) { ?>
-		<h3>Password Hash</h3>
-		<p>By the way, MD5 hash of your currently configured password is: <em><?php echo md5($config_password) ?></em>
-	<?php } ?>
-<?php };
-
-// RENAME FILE
-if ($page == "rename") {
-	$varvar = "?i=".substr($_GET["r"],0,strrpos($_GET["r"],"/")); ?>
-	<h2>Rename &ldquo;<a href="<?php echo $filename; ?>"><?php echo $filename; 
-	?></a>&rdquo;</h2>
-	<p>Existing files with the same filename are automatically overwritten... Be 
-	careful!</p>
-	<p>To move a file, preface its name with the folder's name, as in 
-	"<i>foldername/filename.txt</i>." The folder must already exist.</p>
-	<form method="post" action="<?php echo $ONESCRIPT.$varvar;	?>">
-		<input type="hidden" name="sessionid" value="<?php echo session_id(); ?>" />
-		<p>
-			<label>Old filename:</label>
-			<input type="hidden" name="old_filename" value="<?php echo $filename; ?>" />
-			<input type="text" name="dummy" value="<?php echo $filename; ?>" class="textinput" disabled="disabled" />
-		</p>
-		<p>
-			<label for="rename_filename">New filename:</label>
-			<input type="text" name="rename_filename" id="rename_filename" class="textinput" value="<?php echo $filename; ?>" />
-		</p>
-		<p><?php Cancel_Submit_Buttons("Rename"); ?></p>
-	</form>
-<?php };
-
-// RENAME FOLDER
-if ($page == "renamefolder") {
-	$varvar = "?i=".substr($_GET["i"],0,strrpos(substr_replace($_GET["i"],"",-1),"/")); ?>
-	<h2>Rename Folder &ldquo;<?php echo $_GET["i"]; ?>&rdquo;</h2>
-	<form method="post" action="<?php echo $ONESCRIPT.$varvar; ?>">
-		<input type="hidden" name="sessionid" value="<?php echo session_id(); ?>" />
-		<p>
-			<label>Old name:</label><input type="hidden" name="old_foldername" value="<?php echo $_GET["i"]; ?>" />
-			<input type="text" name="dummy" value="<?php echo $_GET["i"]; ?>" class="textinput" disabled="disabled" />
-		</p>
-		<p>
-			<label for="rename_foldername">New name:</label>
-			<input type="text" name="rename_foldername" id="rename_foldername" class="textinput" value="<?php echo $_GET["i"]; ?>" />
-		</p>
-		<p><?php Cancel_Submit_Buttons("Rename"); ?></p>
-	</form>
-<?php };
-
-// UPLOAD FILE
-if ($page == "upload") {
-	$varvar = ""; if (isset($_GET["i"])) { $varvar = "?i=".$_GET["i"]; } ?>
-	<h2>Upload</h2>
-	<form enctype="multipart/form-data" action="<?php echo
-	$ONESCRIPT.substr_replace($varvar,"",-1); ?>" method="post">
-		<input type="hidden" name="sessionid" value="<?php echo session_id(); ?>" />
-		<input type="hidden" name="MAX_FILE_SIZE" value="100000" />
-		<p>
-			<label for="upload_destination">Destination:</label>
-			<input type="text" name="upload_destination" value="<?php echo $_GET["i"]; ?>" class="textinput" />
-		</p>
-		<p>
-			<label for="upload_filename">File:</label>
-			<input name="upload_filename" type="file" size="93"/>
-		</p>
-		<p><?php Cancel_Submit_Buttons("Upload"); ?></p>
-	</form>
-<?php } ?>
-
-<div class="footer">
-	<p><?php echo $config_footer; if ($_SESSION['onefilecms_valid'] == "1") { ?> Rendered in <?php 
-	$endtime = getmicrotime(); echo round(($endtime-$starttime)*1000000); ?> microseconds.<?php } ?></p>
-</div>
-
-</div>
-
-<script src="//ajax.googleapis.com/ajax/libs/jquery/1.7/jquery.min.js"></script>
-<script type="text/javascript">
-
-	$.fn.ready(function(){
-	
-		var $message = $("#message"),
-		    $save_file = $("#save_file");
-		if ( $message.length > 0 ) { $message.animate({opacity: 1.0}, 3000).fadeOut(); };
-		
-		$(".button:visible:enabled:first").focus();
-		$(".textinput:visible:enabled:first").focus();
-		
-		$(".page_edit .textinput").bind("change keyup", function (e) {
-			key = e.which+" ";
-			badkeys = "224 16 17 18 37 38 39 40 ";
-			if ((badkeys.indexOf(key) == "-1") && ($save_file.val() !== "Save!")) {
-				$save_file.val("Save!");
-				document.title = document.title + " *";
-				$(".page_edit h2").append(" *");
-			}
-		});
-		
-		$(".page_edit form").submit(function() { $save_file.val("Save"); });
-		window.onbeforeunload = function () {
-			if ($save_file.val() == "Save!") {
-				return "Any changes you've made will be lost!";
-			}
-		};
-	
-	});
-
-</script>
-
-</body>
+<?php
+
+// OneFileCMS - http://onefilecms.com/
+
+// CONFIGURATION INFO
+$config_username = "username";
+$config_password = "password";
+$config_hint = "";
+$config_title = "OneFileCMS";
+$config_footer = date("Y")." <a href='http://onefilecms.com/'>OneFileCMS</a>.";
+$config_disabled = "bmp,ico,gif,jpg,png,psd,zip";
+$config_excluded = "onefilecms.php,favicon,.htaccess";
+$config_localcss = "onefilecms.css";   $ONESCRIPT = $_SERVER["SCRIPT_NAME"];
+$version = "1.1.6"; // ONEFILECMS_BEGIN
+
+if( phpversion() < '5.0.0' ) { exit("OneFileCMS requires PHP5 to operate. Please contact your host to upgrade your PHP installation."); };
+
+/***********************************************************************/
+function Cancel_Submit_Buttons($button_label) { 
+	global $ONESCRIPT, $varvar;
+
+	// [Cancel] returns to either the current/path, or current/path/file
+	if (isset($_GET["i"])){
+		$ipath = '?i='.rtrim($_GET["i"],"/");
+		
+	}else if   ( isset($_GET["c"]) ) {
+		$ipath = '?f='.$_GET["c"];
+		
+	}else if   ( isset($_GET["d"]) ) {
+		$ipath = '?f='.$_GET["d"];
+
+	}else if   ( isset($_GET["r"]) ) {
+		$ipath = '?f='.$_GET["r"];
+		
+	}else{
+		$ipath = rtrim($varvar,"/");
+	}//end if
+?>
+	<p>
+		<input type="button" class="button" name="cancel" value="Cancel" onclick="parent.location='<?php echo $ONESCRIPT.$ipath; ?>'"/>
+		<input type="submit" class="button" value="<?php echo $button_label;?>" id="action" style="margin-left: 2.5em;">
+	</p>
+<?php }
+/**********************************************************************/
+
+
+
+session_start();
+global $page; $page = "index";
+
+if (isset($_POST["onefilecms_username"])) { $_SESSION['onefilecms_username'] = $_POST["onefilecms_username"]; }
+if (isset($_POST["onefilecms_password"])) { $_SESSION['onefilecms_password'] = $_POST["onefilecms_password"]; }
+if (($_SESSION['onefilecms_username'] == $config_username) and ($_SESSION['onefilecms_password'] == $config_password || md5($_SESSION['onefilecms_password']) == $config_password)) {
+	$_SESSION['onefilecms_valid'] = "1";
+} else {
+	$_SESSION['onefilecms_valid'] = "0";
+	$page = "login";
+}
+
+global $pagetitle; $pagetitle = "/";
+if ((isset($_GET["i"])) && ($_GET["i"] !== "")) { $pagetitle = "/".$_GET["i"]."/"; }
+if (isset($_GET["p"])) {
+	// redirect on invalid page attempts
+	$page = $_GET["p"];
+	if (!in_array(strtolower($_GET["p"]), array(
+		"copy","delete","error","deletefolder","edit","folder","index","login","logout","new","other","rename","renamefolder","upload"	)))
+	{
+		header("Location: ".$ONESCRIPT);
+		$page = "index";
+	}
+}
+if ( ($page == "login") and ($_SESSION['onefilecms_valid']) ) {$page = "index"; header("Location: ".$ONESCRIPT);};
+
+if ($_GET["p"] == "other") {$pagetitle = "Other"; }
+if ($_GET["p"] == "login") {$pagetitle = "Log In"; }
+if ($_GET["p"] == "logout") {$pagetitle = "Log Out"; $_SESSION['onefilecms_valid'] = "0"; session_destroy(); }
+if ($_GET["i"] == "") { unset($_GET["i"]); }
+
+// entitize get params
+foreach ($_GET as $name => $value) {
+	$_GET[$name] = htmlentities($value);
+}
+
+// COPY FILE
+if (isset($_GET["c"])) {
+	$filename = $_GET["c"]; $pagetitle = "Copy &ldquo;".$filename."&rdquo;";  $page = "copy";
+}
+
+if (isset($_POST["copy_filename"]) && $_SESSION['onefilecms_valid'] = "1" && $_POST["sessionid"] == session_id()) {
+	$old_filename = $_POST["old_filename"];
+	$filename = $_POST["copy_filename"];
+	copy($old_filename, $filename);
+	$message = $old_filename." copied successfully to ".$filename.".";
+}
+
+// DELETE FILE
+if (isset($_GET["d"])) {
+	$filename = $_GET["d"];
+	$pagetitle = "Delete &ldquo;".$filename."&rdquo;";
+	$page = "delete";
+}
+if (isset($_POST["delete_filename"]) && $_SESSION['onefilecms_valid'] = "1" && $_POST["sessionid"] == session_id()) {
+	$filename = $_POST["delete_filename"];
+	unlink($filename);
+	$message = $filename." successfully deleted.";
+}
+
+// DELETE FOLDER
+if ($_GET["p"] == "deletefolder") {
+	$pagetitle = "Delete Folder &ldquo;".$_GET["i"]."&rdquo;";
+}
+if (isset($_POST["delete_foldername"]) && $_SESSION['onefilecms_valid'] = "1" && $_POST["sessionid"] == session_id()) {
+	$foldername = $_POST["delete_foldername"];
+	if (@rmdir($foldername)) {
+		$message = $foldername." successfully deleted.";
+	} else {
+		$message = "That folder is not empty.";
+	}
+}
+
+// EDIT
+if (isset($_POST["filename"]) && $_SESSION['onefilecms_valid'] = "1" && $_POST["sessionid"] == session_id()) {
+	$filename = $_POST["filename"];
+	$content = stripslashes($_POST["content"]);
+	$fp = @fopen($filename, "w");
+	if ($fp) {
+		fwrite($fp, $content);
+		fclose($fp);
+	}
+	$message = $filename." saved successfully.";
+}
+if (isset($_GET["f"])) {
+	$filename = stripslashes($_GET["f"]);
+	if (file_exists($filename)) {
+		$page = "edit";
+		$pagetitle = "Edit &ldquo;".$filename."&rdquo;";
+		$fp = @fopen($filename, "r");
+		if (filesize($filename) !== 0) {
+			$loadcontent = fread($fp, filesize($filename));
+			$loadcontent = htmlspecialchars($loadcontent);
+		}
+		fclose($fp);
+	} else {
+		$page = "error";
+		unset ($filename);
+		$message = "File does not exist.";
+	}
+}
+// NEW FILE
+if ($_GET["p"] == "new") {$pagetitle = "New File"; }
+if (isset($_POST["new_filename"]) && $_SESSION['onefilecms_valid'] = "1" && $_POST["sessionid"] == session_id()) {
+	$filename = $_POST["new_filename"];
+	if (file_exists($filename)) {
+		$message = $filename." not created. A file with that name already exists.";
+	} else {
+		$handle = fopen($filename, 'w') or die("can't open file");
+		fclose($handle);
+		$message = $filename." created successfully.";
+	}
+}
+// NEW FOLDER
+if ($_GET["p"] == "folder") {$pagetitle = "New Folder"; }
+if (isset($_POST["new_folder"]) && $_SESSION['onefilecms_valid'] = "1" && $_POST["sessionid"] == session_id()) {
+	$foldername = $_POST["new_folder"];
+	if (!is_dir($foldername)) {
+		mkdir($foldername);
+		$message = $foldername." created successfully.";
+	} else {
+		$message = "A folder by that name already exists.";
+	}
+}
+// RENAME FILE
+if (isset($_GET["r"])) {
+	$filename = $_GET["r"];
+	$pagetitle = "Rename &ldquo;".$filename."&rdquo;";
+	$page = "rename";
+}
+if (isset($_POST["rename_filename"]) && $_SESSION['onefilecms_valid'] = "1" && $_POST["sessionid"] == session_id()) {
+	$old_filename = $_POST["old_filename"];
+	$filename = $_POST["rename_filename"];
+	rename($old_filename, $filename);
+	$message = $old_filename." successfully renamed to ".$filename.".";
+}
+// RENAME FOLDER
+if ($_GET["p"] == "renamefolder") {$pagetitle = "Rename Folder &ldquo;".$_GET["i"]."&rdquo;"; }
+if (isset($_POST["rename_foldername"]) && $_SESSION['onefilecms_valid'] = "1" && $_POST["sessionid"] == session_id()) {
+	$old_foldername = $_POST["old_foldername"];
+	$foldername = $_POST["rename_foldername"];
+	if (rename($old_foldername, $foldername)) {
+		$message = $old_foldername." unsuccessfully renamed to ".$foldername.".";
+	} else {
+		$message = "There was an error. Try again and/or contact your admin.";
+	}
+}
+// UPLOAD FILE
+if ($_GET["p"] == "upload") {$pagetitle = "Upload File"; }
+if (isset($_FILES['upload_filename']['name']) && $_SESSION['onefilecms_valid'] = "1" && $_POST["sessionid"] == session_id()) {
+	$filename = $_FILES['upload_filename']['name'];
+	$destination = $_POST["upload_destination"];
+	if(move_uploaded_file($_FILES['upload_filename']['tmp_name'],
+	$destination.basename($filename))) {
+		$message = basename($filename)." uploaded successfully to ".$destination.".";
+	} else{
+		$message = "There was an error. Try again and/or contact your admin.";
+	}
+}
+
+?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml">
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
+<meta name="robots" content="noindex">
+<title><?php echo $config_title; ?> - <?php echo $pagetitle; ?></title>
+<link href="<?php 
+	if (file_exists($config_localcss)) {
+		echo $config_localcss;
+	} else {
+		echo "http://self-evident.github.com/OneFileCMS/onefilecms.css";
+	}
+?>" type="text/css" rel="stylesheet" media="screen" />
+</head>
+
+<body class="page_<?php echo $page; ?>">
+
+<div class="container">
+
+<div class="header">
+	<h1><a href="<?php echo $ONESCRIPT; ?>" class="<?php echo 
+	strtolower(ereg_replace("[^A-Za-z0-9]", "", $config_title)); ?>"><?php echo $config_title; 
+	?></a></h1>
+	<?php if ((isset($_SESSION['onefilecms_valid'])) && ($_SESSION['onefilecms_valid'] == 
+	"1")) { ?>
+		<div class="nav">
+			<a href="/">Visit Site</a> | 
+			<a href="<?php echo $ONESCRIPT; ?>">Index</a> | 
+			<a href="<?php echo $ONESCRIPT; ?>?p=logout">Log Out</a>
+		</div>
+	<?php } ?>
+</div>
+
+<?php if (isset($message)) {?><div id="message"><p><?php echo $message; ?></p></div><?php };
+
+// COPY FILE
+if ($page == "copy") { 
+	$extension = strrchr($filename, ".");
+	$slug = substr($filename, 0, strlen($filename) - strlen($extension));
+	$varvar = "?i=".substr($_GET["c"],0,strrpos($_GET["c"],"/")); ?>
+	<h2>Copy &ldquo;<a href="<?php echo $filename; ?>"><?php echo $filename; ?></a>&rdquo;</h2>
+	<p>Existing files with the same filename are automatically overwritten... Be careful!</p>
+	<form method="post" id="new" action="<?php echo $ONESCRIPT.$varvar; ?>">
+		<input type="hidden" name="sessionid" value="<?php echo session_id(); ?>" />
+		<p>
+			<label>Old filename:</label>
+			<input type="hidden" name="old_filename" value="<?php echo $filename; ?>" />
+			<input type="text" name="dummy" value="<?php echo $filename; ?>" class="textinput" disabled="disabled" />
+		</p>
+		<p>
+			<label for="copy_filename">New filename:</label>
+			<input type="text" name="copy_filename" id="copy_filename" class="textinput" value="<?php echo $slug."_".date("mdyHi").$extension; ?>" />
+		</p>
+		<p>	<?php Cancel_Submit_Buttons("Copy"); ?>	</p>
+	</form>
+<?php };
+
+// DELETE FILE
+if ($page == "delete") {
+	$varvar = "?i=".substr($_GET["d"],0,strrpos($_GET["d"],"/")); ?>
+	<h2>Delete &ldquo;<a href="<?php echo $filename; ?>"><?php echo $filename; ?></a>&rdquo;</h2>
+	<p>Are you sure?</p>
+	<form method="post" action="<?php echo $ONESCRIPT.$varvar; ?>">
+		<input type="hidden" name="sessionid" value="<?php echo session_id(); ?>" />
+		<p>
+			<input type="hidden" name="delete_filename" value="<?php echo $filename; ?>" />
+			<?php Cancel_Submit_Buttons("DELETE"); ?>
+
+		</p>
+	</form>
+<?php };
+
+// DELETE FOLDER
+if ($page == "deletefolder") {
+	$varvar = "?i=".substr($_GET["i"],0,strrpos(substr_replace($_GET["i"],"",-1),"/")); ?>
+	<h2>Delete Folder &ldquo;<?php echo $_GET["i"]; ?>&rdquo;</h2>
+	<p>Folders have to be empty before they can be deleted.</p>
+	<form method="post" action="<?php echo $ONESCRIPT.$varvar; ?>">
+		<input type="hidden" name="sessionid" value="<?php echo session_id(); ?>" />
+		<p>
+			<input type="hidden" name="delete_foldername" value="<?php echo $_GET["i"]; ?>" />
+			<?php Cancel_Submit_Buttons("DELETE"); ?>
+
+		</p>
+	</form>
+<?php };
+
+// EDIT
+if ($page == "edit") { ?>
+	<h2 id="edit_header">Edit &ldquo;<a href="<?php echo $filename; ?>"><?php echo $filename; ?></a>&rdquo;</h2>
+	<form method="post" action="<?php echo $ONESCRIPT; ?>?f=<?php echo $filename; ?>">
+	<input type="button" class="button close" name="close" value="Close" onclick="parent.location='<?php echo $ONESCRIPT.'?i='.substr($_GET["f"],0,strrpos($_GET["f"],"/")); ?>'" />
+		<input type="hidden" name="sessionid" value="<?php echo session_id(); ?>" />
+		<?php $lfile = strtolower($filename);
+		if (strpos($config_disabled,end(explode(".", $lfile)))) { ?>
+			<p>
+				<textarea name="content" class="textinput disabled" cols="70" rows="25" disabled="disabled">Disabled.</textarea>
+			</p>
+			<p class="buttons_right">
+				<input type="submit" class="button" name="save_file" value="Save" 
+				disabled="disabled" />
+		<?php } else { ?>
+			<p>
+				<input type="hidden" name="filename" id="filename" class="textinput" value="<?php echo $filename; ?>" />
+				<textarea name="content" class="textinput" cols="70" rows="25"><?php echo $loadcontent; ?></textarea>
+			</p>
+			<p class="buttons_right">
+				<input type="submit" class="button" name="save_file" id="save_file" value="Save" />
+		<?php } ?>
+			<input type="button" class="button" name="rename_file" value="Rename/Move" onclick="parent.location='<?php echo $ONESCRIPT; ?>?r=<?php echo $filename; ?>'" />
+			<input type="button" class="button" name="delete_file" value="Delete" onclick="parent.location='<?php echo $ONESCRIPT; ?>?d=<?php echo $filename; ?>'" />
+			<input type="button" class="button" name="copy_file" value="Copy" onclick="parent.location='<?php echo $ONESCRIPT; ?>?c=<?php echo $filename; ?>'" />
+			<input type="button" class="button" name="close" value="Close" onclick="parent.location='<?php echo $ONESCRIPT.'?i='.substr($_GET["f"],0,strrpos($_GET["f"],"/")); ?>'" />
+		</p><div class="meta">
+			<p><i>File Size:</i> <?php echo round(filesize($filename)/1000,2); ?> kb - 
+			<i>Last Updated:</i> <?php echo date("n/j/y g:ia", filemtime($filename)); ?></p>
+		</div>
+	</form>
+	<div style="clear:both;"></div>
+<?php };
+
+// INDEX
+if ($page == "index") { $varvar = "";
+	if (isset($_GET["i"])) { $varvar = $_GET["i"]."/"; } ?> 
+	<h2><?php $full_path = basename(getcwd()).'/'.$_GET["i"];
+		$path_levels = explode("/",$full_path);
+		$levels = count($path_levels);
+		if ($varvar == "") { 
+			echo $path_levels[0]; // if at root, no need for link.
+		} else {
+			echo '<a href="'.$ONESCRIPT.'" class="path"> '.$path_levels[0].' </a>/';
+		}
+		$current_path = "";
+		for ($x=1; $x < $levels-1; $x++) {
+			if ($x !== 1){ $current_path .= '/'; }
+			$current_path = $current_path.$path_levels[$x];
+			echo '<a href="'.$ONESCRIPT.'?i='.$current_path.'" class="path"> ';
+			echo ' '.$path_levels[$x].' </a>/';
+		}
+		echo ' '.$path_levels[$x].' /'; // last item is current dir. No link needed.
+	?></h2>
+
+	<p class="index_folders">
+		<?php
+		$files = glob($varvar."*",GLOB_ONLYDIR);
+		sort($files);
+		foreach ($files as $file) { ?>
+			<a href="<?php echo $ONESCRIPT; ?>?i=<?php echo $file; ?>" class="folder"><?php echo basename($file); ?></a>
+		<?php } ?>
+	</p>
+	<div style="clear:both;"></div>
+	<ul class="index <?php echo $_COOKIE['index_display']; ?>">
+		<?php $files = glob($varvar."{,.}*", GLOB_BRACE); sort($files);
+		foreach ($files as $file) {
+			$excludeme = 0;
+			$config_excludeds = explode(",", $config_excluded);
+			foreach ($config_excludeds as $config_exclusion) {
+				if (strrpos(basename($file),$config_exclusion) !== False && 
+				strrpos(basename($file),$config_exclusion) !== "") { 
+					$excludeme = 1;
+				}
+			}
+			if (!is_dir($file) && $excludeme == 0) {
+				$file_class = "";
+				$lfile = strtolower($file);
+				if (
+					(strrpos(strtolower($lfile),".jpg")) || 
+					(strrpos($lfile,".gif")) || 
+					(strrpos($lfile,".png")) || 
+					(strrpos($lfile,".ico"))
+				) {
+					$file_class = "img";
+				};
+				if (strrpos($lfile,".css")) { $file_class = "css"; };
+				if (strrpos($lfile,".php")) { $file_class = "php"; }; ?>
+					<li>
+						<a href="<?php echo $ONESCRIPT; ?>?f=<?php 
+						echo $file; ?>" class="<?php echo $file_class ?>"><?php 
+						echo basename($file); ?></a>
+						<div class="meta">
+							<span><i>File Size:</i> <?php echo 
+							round(filesize($file)/1000,2);?> kb<br /></span>
+							<span><i>Last Updated:</i> <?php echo 
+							date("n/j/y g:ia", filemtime($file)); ?></span>
+						</div>
+					</li>
+			<?php }
+		} ?>
+	</ul>
+	<p class="front_links">
+		<a href="<?php echo $ONESCRIPT; ?>?p=upload&amp;i=<?php echo $varvar; ?>" class="upload">Upload File</a>
+		<a href="<?php echo $ONESCRIPT; ?>?p=new&amp;i=<?php echo $varvar; ?>" class="new">New File</a>
+		<a href="<?php echo $ONESCRIPT; ?>?p=folder&amp;i=<?php echo $varvar; ?>" class="newfolder">New Folder</a><?php if ($varvar !== "") { ?>
+		<a href="<?php echo $ONESCRIPT; ?>?p=deletefolder&amp;i=<?php echo $varvar; ?>" class="deletefolder">Delete Folder</a>
+		<a href="<?php echo $ONESCRIPT; ?>?p=renamefolder&amp;i=<?php echo $varvar; ?>" class="renamefolder">Rename Folder</a><?php } ?>
+		<a href="<?php echo $ONESCRIPT; ?>?p=other" class="other">Other</a>
+	</p>
+<?php };
+
+// LOG IN
+if ($page == "login") { ?>
+	<h2>Log In</h2>
+	<form method="post" action="<?php echo $ONESCRIPT; ?>">
+		<p>
+			<label for="onefilecms_username">Username:</label>
+			<input type="text" name="onefilecms_username" id="onefilecms_username" class="textinput" />
+		</p>
+		<p>
+			<label for="onefilecms_password">Password:</label>
+			<input type="password" name="onefilecms_password" id="onefilecms_password" class="textinput" />
+		</p>
+		<?php if ($config_hint !== "") { ?><p><i>Hint:</i> <?php echo $config_hint; ?></p><?php } ?>
+		<p><input type="submit" class="button" value="Enter" /></p>
+	</form>
+<?php };
+
+// LOG OUT
+if ($page == "logout") { ?>
+	<h2>Log Out</h2>
+	<p>You have successfully been logged out and may close this window.</p>
+<?php };
+
+// NEW FILE
+if ($page == "new") {
+	$varvar = "";
+	if (isset($_GET["i"])) { $varvar = "?i=".$_GET["i"]; }?>
+		<h2>New File</h2>
+		<p>Existing files with the same name will not be overwritten.</p>
+		<form method="post" id="new" action="<?php echo
+		$ONESCRIPT.substr_replace($varvar,"",-1); ?>">
+			<input type="hidden" name="sessionid" value="<?php echo session_id(); ?>" />
+			<p>
+				<label for="new_filename">New filename: </label>
+				<input type="text" name="new_filename" id="new_filename" class="textinput" value="<?php echo $_GET["i"]; ?>" />
+			</p>
+			<p>	<?php Cancel_Submit_Buttons("Create"); ?> </p>
+		</form>
+<?php };
+
+// NEW FOLDER
+if ($page == "folder") {
+	$varvar = "";
+	if (isset($_GET["i"])) { $varvar = "?i=".$_GET["i"]; }?>
+	<h2>New Folder</h2>
+	<p>Existing folders with the same name will not be overwritten.</p>
+	<form method="post" action="<?php echo $ONESCRIPT.substr_replace($varvar,"",-1); ?>">
+		<input type="hidden" name="sessionid" value="<?php echo session_id(); ?>" />
+		<p>
+			<label for="new_folder">Folder name: </label>
+			<input type="text" name="new_folder" id="new_folder" class="textinput" value="<?php echo $_GET["i"]; ?>" />
+		</p>
+		<p>	<?php Cancel_Submit_Buttons("Create"); ?> </p>
+	</form>
+<?php };
+
+// OTHER
+if ($page == "other") { ?>
+	<h2>Other</h2>
+	<h3>Check for Updates</h3>
+	<p>Future versions of OneFileCMS will have a one-click upgrade process. For now, though, you have to <a href="http://onefilecms.com/download.php?v=<?php echo $version; ?>">click this link</a>. You are using version <?php echo $version; ?>.</p>
+	<h3>Want some good Karma?</h3>
+	<p>Let people know you use OneFileCMS by putting this in your footer:</p>
+	<pre><code>This site powered by &#60;a href="http://onefilecms.com/"&#62;OneFileCMS&#60;/a&#62;.</code></pre>
+	<h3>Admin Link</h3>
+	<p>Add this to your footer (or something) for lazy/forgetful admins. They'll still have to know the username and password, of course.</p>
+	<pre><code>[&#60;a href="<?php echo $ONESCRIPT; ?>"&#62;Admin&#60;/a&#62;]</code></pre>
+	<?php if (strlen($config_password) != 32) { ?>
+		<h3>Password Hash</h3>
+		<p>By the way, MD5 hash of your currently configured password is: <em><?php echo md5($config_password) ?></em>
+	<?php } ?>
+<?php };
+
+// RENAME FILE
+if ($page == "rename") {
+	$varvar = "?i=".substr($_GET["r"],0,strrpos($_GET["r"],"/")); ?>
+	<h2>Rename &ldquo;<a href="<?php echo $filename; ?>"><?php echo $filename; 
+	?></a>&rdquo;</h2>
+	<p>Existing files with the same filename are automatically overwritten... Be 
+	careful!</p>
+	<p>To move a file, preface its name with the folder's name, as in 
+	"<i>foldername/filename.txt</i>." The folder must already exist.</p>
+	<form method="post" action="<?php echo $ONESCRIPT.$varvar;	?>">
+		<input type="hidden" name="sessionid" value="<?php echo session_id(); ?>" />
+		<p>
+			<label>Old filename:</label>
+			<input type="hidden" name="old_filename" value="<?php echo $filename; ?>" />
+			<input type="text" name="dummy" value="<?php echo $filename; ?>" class="textinput" disabled="disabled" />
+		</p>
+		<p>
+			<label for="rename_filename">New filename:</label>
+			<input type="text" name="rename_filename" id="rename_filename" class="textinput" value="<?php echo $filename; ?>" />
+		</p>
+		<p><?php Cancel_Submit_Buttons("Rename"); ?></p>
+	</form>
+<?php };
+
+// RENAME FOLDER
+if ($page == "renamefolder") {
+	$varvar = "?i=".substr($_GET["i"],0,strrpos(substr_replace($_GET["i"],"",-1),"/")); ?>
+	<h2>Rename Folder &ldquo;<?php echo $_GET["i"]; ?>&rdquo;</h2>
+	<form method="post" action="<?php echo $ONESCRIPT.$varvar; ?>">
+		<input type="hidden" name="sessionid" value="<?php echo session_id(); ?>" />
+		<p>
+			<label>Old name:</label><input type="hidden" name="old_foldername" value="<?php echo $_GET["i"]; ?>" />
+			<input type="text" name="dummy" value="<?php echo $_GET["i"]; ?>" class="textinput" disabled="disabled" />
+		</p>
+		<p>
+			<label for="rename_foldername">New name:</label>
+			<input type="text" name="rename_foldername" id="rename_foldername" class="textinput" value="<?php echo $_GET["i"]; ?>" />
+		</p>
+		<p><?php Cancel_Submit_Buttons("Rename"); ?></p>
+	</form>
+<?php };
+
+// UPLOAD FILE
+if ($page == "upload") {
+	$varvar = ""; if (isset($_GET["i"])) { $varvar = "?i=".$_GET["i"]; } ?>
+	<h2>Upload</h2>
+	<form enctype="multipart/form-data" action="<?php echo
+	$ONESCRIPT.substr_replace($varvar,"",-1); ?>" method="post">
+		<input type="hidden" name="sessionid" value="<?php echo session_id(); ?>" />
+		<input type="hidden" name="MAX_FILE_SIZE" value="100000" />
+		<p>
+			<label for="upload_destination">Destination:</label>
+			<input type="text" name="upload_destination" value="<?php echo $_GET["i"]; ?>" class="textinput" />
+		</p>
+		<p>
+			<label for="upload_filename">File:</label>
+			<input name="upload_filename" type="file" size="93"/>
+		</p>
+		<p><?php Cancel_Submit_Buttons("Upload"); ?></p>
+	</form>
+<?php } ?>
+
+<div class="footer">
+</div>
+
+</div>
+
+<script src="//ajax.googleapis.com/ajax/libs/jquery/1.7/jquery.min.js"></script>
+<script type="text/javascript">
+
+	$.fn.ready(function(){
+	
+		var $message = $("#message"),
+		    $save_file = $("#save_file");
+		if ( $message.length > 0 ) { $message.animate({opacity: 1.0}, 3000).fadeOut(); };
+		
+		$(".button:visible:enabled:first").focus();
+		$(".textinput:visible:enabled:first").focus();
+		
+		$(".page_edit .textinput").bind("change keyup", function (e) {
+			key = e.which+" ";
+			badkeys = "224 16 17 18 37 38 39 40 ";
+			if ((badkeys.indexOf(key) == "-1") && ($save_file.val() !== "Save!")) {
+				$save_file.val("Save!");
+				document.title = document.title + " *";
+				$(".page_edit h2").append(" *");
+			}
+		});
+		
+		$(".page_edit form").submit(function() { $save_file.val("Save"); });
+		window.onbeforeunload = function () {
+			if ($save_file.val() == "Save!") {
+				return "Any changes you've made will be lost!";
+			}
+		};
+	
+	});
+
+</script>
+
+</body>
 </html>
\ No newline at end of file

From c8c39d92e149064633c7215de5a3968182cc8fa0 Mon Sep 17 00:00:00 2001
From: Self-Evident <selfevidenttruths@mail.com>
Date: Tue, 10 Apr 2012 14:08:47 -0400
Subject: [PATCH 019/228] Tweaked login screen fields. Removed hint.

---
 onefilecms.css | 15 +++++++++++++--
 onefilecms.php |  8 ++++----
 2 files changed, 17 insertions(+), 6 deletions(-)

diff --git a/onefilecms.css b/onefilecms.css
index 60bb25f..568db96 100755
--- a/onefilecms.css
+++ b/onefilecms.css
@@ -289,11 +289,22 @@ h1 a:visited { color: #0F0901; }
 /* --- log in --- */
 
 .page_login .container, .page_logout .container {
-	width: 356px;
-	margin-top: 60px;
+	margin-top: 5em;
+	border    : 1px solid #807568;
+	padding   : 1em;
+	width     : 360px;
 }
 
 
+.login_input {
+	border  : 1px solid #807568;
+	padding : 2px 0px 2px 2px;
+	width   : 356px;
+	font    : 1.3em Courier;
+}
+
+
+
 /* --- path/to/current/index --- */
 
 .path { border: 1px solid  transparent; }
diff --git a/onefilecms.php b/onefilecms.php
index a2a91d0..0d29de0 100755
--- a/onefilecms.php
+++ b/onefilecms.php
@@ -410,14 +410,14 @@ function Cancel_Submit_Buttons($button_label) {
 	<form method="post" action="<?php echo $ONESCRIPT; ?>">
 		<p>
 			<label for="onefilecms_username">Username:</label>
-			<input type="text" name="onefilecms_username" id="onefilecms_username" class="textinput" />
+			<input type="text" name="onefilecms_username" id="onefilecms_username" class="login_input" />
 		</p>
 		<p>
 			<label for="onefilecms_password">Password:</label>
-			<input type="password" name="onefilecms_password" id="onefilecms_password" class="textinput" />
+			<input type="password" name="onefilecms_password" id="onefilecms_password" class="login_input" />
 		</p>
-		<?php if ($config_hint !== "") { ?><p><i>Hint:</i> <?php echo $config_hint; ?></p><?php } ?>
-		<p><input type="submit" class="button" value="Enter" /></p>
+			
+		<input type="submit" class="button" value="Enter" />
 	</form>
 <?php };
 

From 31e5b3d6d0b09cec6be719c494d77b3f9ff7ec78 Mon Sep 17 00:00:00 2001
From: Self-Evident <selfevidenttruths@mail.com>
Date: Tue, 10 Apr 2012 20:18:03 -0400
Subject: [PATCH 020/228] Tweaked Other page,  header & nav links, footer.
 Mostly styling changes, but some minor rewording. Removed use of logo.gif.
 Using styled text now. Message box that confirms success/failure of actions
 no longer fades out.

---
 onefilecms.css | 61 ++++++++++++++++++++++++++++++++++++--------------
 onefilecms.php | 37 +++++++++++++++---------------
 2 files changed, 63 insertions(+), 35 deletions(-)

diff --git a/onefilecms.css b/onefilecms.css
index 568db96..ffa8434 100755
--- a/onefilecms.css
+++ b/onefilecms.css
@@ -29,19 +29,22 @@ body {
 }
 
 .header {
-	margin-bottom: 10px;
-	padding-bottom: 10px;
-	border-bottom: 1px solid #807568;
+	margin-bottom: 1em; padding-bottom: .9em;
+	border-bottom: 1px solid #807568; /*using <hr>. Styles at bottom of this file*/
 	color: #676767;
 	position: relative;
 }
 
-.footer { /*
+
+#logo {font-family: 'Trebuchet MS', sans-serif; font-size:2.9em; font-weight: bold; color: black;}
+
+
+.footer { /************************
 	margin-top: 10px;
 	padding-top: 10px;
-	border-top: 0px solid #807568;
-	clear: both;  */
-}
+	border-top: 01px solid #807568;    /*using <hr>. Styles at bottom of this file
+	clear: both;  ****************/
+	}
 
 /* --- general formatting --- */
 
@@ -267,17 +270,25 @@ h1 a.onefilecms {
 h1 a:visited { color: #0F0901; }
 
 .nav {
-	position: absolute;
-	bottom: 12px;
-	right: 0;
-	font-size: 14px;
-}
+	float     : right;
+	display   : inline-block;
+	margin-top: 1.2em;
+	font-size :  1em;
+	}
+
+.nav a {
+	border: 1px solid transparent;
+	font-weight : bold;
+	padding     : .0em;
+	padding-top   : .2em;
+	padding-left  : .6em;
+	padding-right : .6em;
+	padding-bottom: .1em;
+	}
+
+.nav a:hover {border: 01px solid #807568;}
+
 
-.nav a { border: 1px solid transparent;
-	font-weight: bold;
-	text-decoration: none; 	padding: .2em .5em .2em .5em ;
-}
-.nav a:hover { color: #995400; border: 1px solid #807568; background-color: #fffbce; }
 /* --- edit --- */
 
 #edit_header {float: left;}
@@ -310,3 +321,19 @@ h1 a:visited { color: #0F0901; }
 .path { border: 1px solid  transparent; }
 	
 .path:hover { border: 1px solid #807568; background-color: #fffbce; }
+
+
+hr { 
+	line-height  : 0;
+	font-size    : 1px;
+	display : block;
+	position: relative;
+	padding : 0;
+	margin  : 8px auto;
+	width   : 100%;
+	clear   : both;
+	border  : none;
+	border-top   : 1px solid #807568;
+	Xborder-bottom: 1px solid #eee;
+	overflow: visible;
+	}
diff --git a/onefilecms.php b/onefilecms.php
index 0d29de0..4fb235e 100755
--- a/onefilecms.php
+++ b/onefilecms.php
@@ -3,15 +3,16 @@
 // OneFileCMS - http://onefilecms.com/
 
 // CONFIGURATION INFO
+$version         = "1.1.7.BETA"; // ONEFILECMS_BEGIN
+$ONESCRIPT       = $_SERVER["SCRIPT_NAME"];
 $config_username = "username";
 $config_password = "password";
-$config_hint = "";
-$config_title = "OneFileCMS";
-$config_footer = date("Y")." <a href='http://onefilecms.com/'>OneFileCMS</a>.";
+$config_hint     = ""; //Not currently used
+$config_title    = "OneFileCMS";
+$config_footer   = date("Y")." <a href='http://onefilecms.com/'>OneFileCMS</a>.";
 $config_disabled = "bmp,ico,gif,jpg,png,psd,zip";
 $config_excluded = "onefilecms.php,favicon,.htaccess";
-$config_localcss = "onefilecms.css";   $ONESCRIPT = $_SERVER["SCRIPT_NAME"];
-$version = "1.1.6"; // ONEFILECMS_BEGIN
+$config_localcss = "onefilecms.css";
 
 if( phpversion() < '5.0.0' ) { exit("OneFileCMS requires PHP5 to operate. Please contact your host to upgrade your PHP installation."); };
 
@@ -225,11 +226,10 @@ function Cancel_Submit_Buttons($button_label) {
 <div class="container">
 
 <div class="header">
-	<h1><a href="<?php echo $ONESCRIPT; ?>" class="<?php echo 
-	strtolower(ereg_replace("[^A-Za-z0-9]", "", $config_title)); ?>"><?php echo $config_title; 
-	?></a></h1>
-	<?php if ((isset($_SESSION['onefilecms_valid'])) && ($_SESSION['onefilecms_valid'] == 
-	"1")) { ?>
+
+	<?php echo '<a href="', $ONESCRIPT, '" id="logo" >', $config_title; ?></a>
+
+	<?php if ((isset($_SESSION['onefilecms_valid'])) && ($_SESSION['onefilecms_valid'] == "1")) { ?>
 		<div class="nav">
 			<a href="/">Visit Site</a> | 
 			<a href="<?php echo $ONESCRIPT; ?>">Index</a> | 
@@ -238,6 +238,7 @@ function Cancel_Submit_Buttons($button_label) {
 	<?php } ?>
 </div>
 
+
 <?php if (isset($message)) {?><div id="message"><p><?php echo $message; ?></p></div><?php };
 
 // COPY FILE
@@ -463,18 +464,18 @@ function Cancel_Submit_Buttons($button_label) {
 // OTHER
 if ($page == "other") { ?>
 	<h2>Other</h2>
+
 	<h3>Check for Updates</h3>
-	<p>Future versions of OneFileCMS will have a one-click upgrade process. For now, though, you have to <a href="http://onefilecms.com/download.php?v=<?php echo $version; ?>">click this link</a>. You are using version <?php echo $version; ?>.</p>
+	<p>You are using version <?php echo $version; ?>.<br>
+	Future versions of OneFileCMS may have a one-click upgrade process. For now, though, you have to <a href="http://onefilecms.com/download.php?v=<?php echo $version; ?>">&gt;click this link&lt;</a>.</p>
+
 	<h3>Want some good Karma?</h3>
 	<p>Let people know you use OneFileCMS by putting this in your footer:</p>
-	<pre><code>This site powered by &#60;a href="http://onefilecms.com/"&#62;OneFileCMS&#60;/a&#62;.</code></pre>
+	<pre><code>This site managed with &#60;a href="http://onefilecms.com/"&#62;OneFileCMS&#60;/a&#62;.</code></pre>
+
 	<h3>Admin Link</h3>
 	<p>Add this to your footer (or something) for lazy/forgetful admins. They'll still have to know the username and password, of course.</p>
 	<pre><code>[&#60;a href="<?php echo $ONESCRIPT; ?>"&#62;Admin&#60;/a&#62;]</code></pre>
-	<?php if (strlen($config_password) != 32) { ?>
-		<h3>Password Hash</h3>
-		<p>By the way, MD5 hash of your currently configured password is: <em><?php echo md5($config_password) ?></em>
-	<?php } ?>
 <?php };
 
 // RENAME FILE
@@ -539,7 +540,7 @@ function Cancel_Submit_Buttons($button_label) {
 	</form>
 <?php } ?>
 
-<div class="footer">
+<div class="footer"> <hr>
 </div>
 
 </div>
@@ -551,7 +552,7 @@ function Cancel_Submit_Buttons($button_label) {
 	
 		var $message = $("#message"),
 		    $save_file = $("#save_file");
-		if ( $message.length > 0 ) { $message.animate({opacity: 1.0}, 3000).fadeOut(); };
+		//if ( $message.length > 0 ) { $message.animate({opacity: 1.0}, 3000).fadeOut(); };
 		
 		$(".button:visible:enabled:first").focus();
 		$(".textinput:visible:enabled:first").focus();

From 90b4e6d26908f35f703179b361bf7499a3712d21 Mon Sep 17 00:00:00 2001
From: Self-Evident <selfevidenttruths@mail.com>
Date: Tue, 10 Apr 2012 20:55:02 -0400
Subject: [PATCH 021/228] Added config variables and improved check for local
 .css

---
 onefilecms.php | 38 ++++++++++++++++++++++++++------------
 1 file changed, 26 insertions(+), 12 deletions(-)

diff --git a/onefilecms.php b/onefilecms.php
index 4fb235e..c59e684 100755
--- a/onefilecms.php
+++ b/onefilecms.php
@@ -1,20 +1,28 @@
 <?php
-
 // OneFileCMS - http://onefilecms.com/
 
+if( phpversion() < '5.0.0' ) { exit("OneFileCMS requires PHP5 to operate. Please contact your host to upgrade your PHP installation."); };
+
 // CONFIGURATION INFO
 $version         = "1.1.7.BETA"; // ONEFILECMS_BEGIN
 $ONESCRIPT       = $_SERVER["SCRIPT_NAME"];
 $config_username = "username";
 $config_password = "password";
-$config_hint     = ""; //Not currently used
+//$config_hint     = ""; //Not currently used
 $config_title    = "OneFileCMS";
 $config_footer   = date("Y")." <a href='http://onefilecms.com/'>OneFileCMS</a>.";
 $config_disabled = "bmp,ico,gif,jpg,png,psd,zip";
 $config_excluded = "onefilecms.php,favicon,.htaccess";
-$config_localcss = "onefilecms.css";
+$config_csslocal  = "_onefilecms/onefilecms.css"; //Relative to site URL root. Don't use leading '/'.
+$config_csshosted = "http://self-evident.github.com/OneFileCMS/onefilecms.css";
+
+
+
+
+//Allows OneFileCMS.php to be started from any dir on the site.
+chdir($_SERVER["DOCUMENT_ROOT"]);
+
 
-if( phpversion() < '5.0.0' ) { exit("OneFileCMS requires PHP5 to operate. Please contact your host to upgrade your PHP installation."); };
 
 /***********************************************************************/
 function Cancel_Submit_Buttons($button_label) { 
@@ -208,19 +216,25 @@ function Cancel_Submit_Buttons($button_label) {
 
 ?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
 <html xmlns="http://www.w3.org/1999/xhtml">
+
 <head>
+
 <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
 <meta name="robots" content="noindex">
-<title><?php echo $config_title; ?> - <?php echo $pagetitle; ?></title>
-<link href="<?php 
-	if (file_exists($config_localcss)) {
-		echo $config_localcss;
-	} else {
-		echo "http://self-evident.github.com/OneFileCMS/onefilecms.css";
-	}
-?>" type="text/css" rel="stylesheet" media="screen" />
+
+<title><?php echo $config_title.' - '.$pagetitle; ?></title>
+
+<?php 
+$STYLE_SHEET = '/'.$config_csslocal;
+//Check for local style sheet
+if (!file_exists($config_csslocal)) { $STYLE_SHEET = $config_csshosted; }
+?>
+
+<link href="<?php echo $STYLE_SHEET;?>" type="text/css" rel="stylesheet" />
+
 </head>
 
+
 <body class="page_<?php echo $page; ?>">
 
 <div class="container">

From 78482baa1ebf807f495b11bd83e15493040cb323 Mon Sep 17 00:00:00 2001
From: Self-Evident <selfevidenttruths@mail.com>
Date: Tue, 10 Apr 2012 22:28:32 -0400
Subject: [PATCH 022/228] Added a couple Edit disabled file types. Ck for local
 jquery. Code formating.

---
 onefilecms.php | 148 +++++++++++++++++++++++++++++++++++--------------
 1 file changed, 106 insertions(+), 42 deletions(-)

diff --git a/onefilecms.php b/onefilecms.php
index c59e684..37e4ae2 100755
--- a/onefilecms.php
+++ b/onefilecms.php
@@ -4,19 +4,20 @@
 if( phpversion() < '5.0.0' ) { exit("OneFileCMS requires PHP5 to operate. Please contact your host to upgrade your PHP installation."); };
 
 // CONFIGURATION INFO
-$version         = "1.1.7.BETA"; // ONEFILECMS_BEGIN
-$ONESCRIPT       = $_SERVER["SCRIPT_NAME"];
-$config_username = "username";
-$config_password = "password";
+$version          = "1.1.7.BETA"; // ONEFILECMS_BEGIN
+$ONESCRIPT        = $_SERVER["SCRIPT_NAME"];
+$config_username  = "username";
+$config_password  = "password";
 //$config_hint     = ""; //Not currently used
-$config_title    = "OneFileCMS";
-$config_footer   = date("Y")." <a href='http://onefilecms.com/'>OneFileCMS</a>.";
-$config_disabled = "bmp,ico,gif,jpg,png,psd,zip";
-$config_excluded = "onefilecms.php,favicon,.htaccess";
-$config_csslocal  = "_onefilecms/onefilecms.css"; //Relative to site URL root. Don't use leading '/'.
+$config_title     = "OneFileCMS";
+$config_footer    = date("Y")." <a href='http://onefilecms.com/'>OneFileCMS</a>.";
+$config_disabled  = "bmp,ico,gif,jpg,png,psd,zip,exe,swf";
+$config_excluded  = "onefilecms.php,favicon,.htaccess";
+$config_LOCAL     = "_onefilecms/";  //local directory for icons, .css, .js, etc...
+$config_csslocal  = $config_LOCAL."onefilecms.css"; //Relative to site URL root. Don't use leading '/'.
 $config_csshosted = "http://self-evident.github.com/OneFileCMS/onefilecms.css";
-
-
+$config_JQlocal   = $config_LOCAL."jquery.min.js";
+$config_JQhosted  = "http://ajax.googleapis.com/ajax/libs/jquery/1.7/jquery.min.js";
 
 
 //Allows OneFileCMS.php to be started from any dir on the site.
@@ -24,7 +25,7 @@
 
 
 
-/***********************************************************************/
+//******************************************************************************
 function Cancel_Submit_Buttons($button_label) { 
 	global $ONESCRIPT, $varvar;
 
@@ -50,10 +51,10 @@ function Cancel_Submit_Buttons($button_label) {
 		<input type="submit" class="button" value="<?php echo $button_label;?>" id="action" style="margin-left: 2.5em;">
 	</p>
 <?php }
-/**********************************************************************/
 
 
 
+//******************************************************************************
 session_start();
 global $page; $page = "index";
 
@@ -85,12 +86,16 @@ function Cancel_Submit_Buttons($button_label) {
 if ($_GET["p"] == "logout") {$pagetitle = "Log Out"; $_SESSION['onefilecms_valid'] = "0"; session_destroy(); }
 if ($_GET["i"] == "") { unset($_GET["i"]); }
 
-// entitize get params
+
+
+// entitize get params *********************************************************
 foreach ($_GET as $name => $value) {
 	$_GET[$name] = htmlentities($value);
 }
 
-// COPY FILE
+
+
+// COPY FILE *******************************************************************
 if (isset($_GET["c"])) {
 	$filename = $_GET["c"]; $pagetitle = "Copy &ldquo;".$filename."&rdquo;";  $page = "copy";
 }
@@ -102,7 +107,9 @@ function Cancel_Submit_Buttons($button_label) {
 	$message = $old_filename." copied successfully to ".$filename.".";
 }
 
-// DELETE FILE
+
+
+// DELETE FILE *****************************************************************
 if (isset($_GET["d"])) {
 	$filename = $_GET["d"];
 	$pagetitle = "Delete &ldquo;".$filename."&rdquo;";
@@ -114,7 +121,9 @@ function Cancel_Submit_Buttons($button_label) {
 	$message = $filename." successfully deleted.";
 }
 
-// DELETE FOLDER
+
+
+// DELETE FOLDER ***************************************************************
 if ($_GET["p"] == "deletefolder") {
 	$pagetitle = "Delete Folder &ldquo;".$_GET["i"]."&rdquo;";
 }
@@ -127,7 +136,9 @@ function Cancel_Submit_Buttons($button_label) {
 	}
 }
 
-// EDIT
+
+
+// EDIT ************************************************************************
 if (isset($_POST["filename"]) && $_SESSION['onefilecms_valid'] = "1" && $_POST["sessionid"] == session_id()) {
 	$filename = $_POST["filename"];
 	$content = stripslashes($_POST["content"]);
@@ -155,7 +166,10 @@ function Cancel_Submit_Buttons($button_label) {
 		$message = "File does not exist.";
 	}
 }
-// NEW FILE
+
+
+
+// NEW FILE ********************************************************************
 if ($_GET["p"] == "new") {$pagetitle = "New File"; }
 if (isset($_POST["new_filename"]) && $_SESSION['onefilecms_valid'] = "1" && $_POST["sessionid"] == session_id()) {
 	$filename = $_POST["new_filename"];
@@ -167,7 +181,10 @@ function Cancel_Submit_Buttons($button_label) {
 		$message = $filename." created successfully.";
 	}
 }
-// NEW FOLDER
+
+
+
+// NEW FOLDER ******************************************************************
 if ($_GET["p"] == "folder") {$pagetitle = "New Folder"; }
 if (isset($_POST["new_folder"]) && $_SESSION['onefilecms_valid'] = "1" && $_POST["sessionid"] == session_id()) {
 	$foldername = $_POST["new_folder"];
@@ -178,7 +195,10 @@ function Cancel_Submit_Buttons($button_label) {
 		$message = "A folder by that name already exists.";
 	}
 }
-// RENAME FILE
+
+
+
+// RENAME FILE *****************************************************************
 if (isset($_GET["r"])) {
 	$filename = $_GET["r"];
 	$pagetitle = "Rename &ldquo;".$filename."&rdquo;";
@@ -190,7 +210,10 @@ function Cancel_Submit_Buttons($button_label) {
 	rename($old_filename, $filename);
 	$message = $old_filename." successfully renamed to ".$filename.".";
 }
-// RENAME FOLDER
+
+
+
+// RENAME FOLDER ***************************************************************
 if ($_GET["p"] == "renamefolder") {$pagetitle = "Rename Folder &ldquo;".$_GET["i"]."&rdquo;"; }
 if (isset($_POST["rename_foldername"]) && $_SESSION['onefilecms_valid'] = "1" && $_POST["sessionid"] == session_id()) {
 	$old_foldername = $_POST["old_foldername"];
@@ -201,7 +224,10 @@ function Cancel_Submit_Buttons($button_label) {
 		$message = "There was an error. Try again and/or contact your admin.";
 	}
 }
-// UPLOAD FILE
+
+
+
+// UPLOAD FILE *****************************************************************
 if ($_GET["p"] == "upload") {$pagetitle = "Upload File"; }
 if (isset($_FILES['upload_filename']['name']) && $_SESSION['onefilecms_valid'] = "1" && $_POST["sessionid"] == session_id()) {
 	$filename = $_FILES['upload_filename']['name'];
@@ -214,6 +240,8 @@ function Cancel_Submit_Buttons($button_label) {
 	}
 }
 
+
+//******************************************************************************
 ?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
 <html xmlns="http://www.w3.org/1999/xhtml">
 
@@ -255,7 +283,9 @@ function Cancel_Submit_Buttons($button_label) {
 
 <?php if (isset($message)) {?><div id="message"><p><?php echo $message; ?></p></div><?php };
 
-// COPY FILE
+
+
+// COPY FILE *******************************************************************
 if ($page == "copy") { 
 	$extension = strrchr($filename, ".");
 	$slug = substr($filename, 0, strlen($filename) - strlen($extension));
@@ -277,7 +307,9 @@ function Cancel_Submit_Buttons($button_label) {
 	</form>
 <?php };
 
-// DELETE FILE
+
+
+// DELETE FILE *****************************************************************
 if ($page == "delete") {
 	$varvar = "?i=".substr($_GET["d"],0,strrpos($_GET["d"],"/")); ?>
 	<h2>Delete &ldquo;<a href="<?php echo $filename; ?>"><?php echo $filename; ?></a>&rdquo;</h2>
@@ -292,7 +324,9 @@ function Cancel_Submit_Buttons($button_label) {
 	</form>
 <?php };
 
-// DELETE FOLDER
+
+
+// DELETE FOLDER ***************************************************************
 if ($page == "deletefolder") {
 	$varvar = "?i=".substr($_GET["i"],0,strrpos(substr_replace($_GET["i"],"",-1),"/")); ?>
 	<h2>Delete Folder &ldquo;<?php echo $_GET["i"]; ?>&rdquo;</h2>
@@ -307,7 +341,9 @@ function Cancel_Submit_Buttons($button_label) {
 	</form>
 <?php };
 
-// EDIT
+
+
+// EDIT ************************************************************************
 if ($page == "edit") { ?>
 	<h2 id="edit_header">Edit &ldquo;<a href="<?php echo $filename; ?>"><?php echo $filename; ?></a>&rdquo;</h2>
 	<form method="post" action="<?php echo $ONESCRIPT; ?>?f=<?php echo $filename; ?>">
@@ -341,9 +377,13 @@ function Cancel_Submit_Buttons($button_label) {
 	<div style="clear:both;"></div>
 <?php };
 
-// INDEX
+
+
+// INDEX ***********************************************************************
 if ($page == "index") { $varvar = "";
-	if (isset($_GET["i"])) { $varvar = $_GET["i"]."/"; } ?> 
+	if (isset($_GET["i"])) { $varvar = $_GET["i"]."/"; } ?>
+
+	<!-- docroot/path/current/index -->
 	<h2><?php $full_path = basename(getcwd()).'/'.$_GET["i"];
 		$path_levels = explode("/",$full_path);
 		$levels = count($path_levels);
@@ -362,6 +402,7 @@ function Cancel_Submit_Buttons($button_label) {
 		echo ' '.$path_levels[$x].' /'; // last item is current dir. No link needed.
 	?></h2>
 
+
 	<p class="index_folders">
 		<?php
 		$files = glob($varvar."*",GLOB_ONLYDIR);
@@ -370,6 +411,8 @@ function Cancel_Submit_Buttons($button_label) {
 			<a href="<?php echo $ONESCRIPT; ?>?i=<?php echo $file; ?>" class="folder"><?php echo basename($file); ?></a>
 		<?php } ?>
 	</p>
+	
+	
 	<div style="clear:both;"></div>
 	<ul class="index <?php echo $_COOKIE['index_display']; ?>">
 		<?php $files = glob($varvar."{,.}*", GLOB_BRACE); sort($files);
@@ -419,7 +462,9 @@ function Cancel_Submit_Buttons($button_label) {
 	</p>
 <?php };
 
-// LOG IN
+
+
+// LOG IN **********************************************************************
 if ($page == "login") { ?>
 	<h2>Log In</h2>
 	<form method="post" action="<?php echo $ONESCRIPT; ?>">
@@ -436,13 +481,17 @@ function Cancel_Submit_Buttons($button_label) {
 	</form>
 <?php };
 
-// LOG OUT
+
+
+// LOG OUT *********************************************************************
 if ($page == "logout") { ?>
 	<h2>Log Out</h2>
 	<p>You have successfully been logged out and may close this window.</p>
 <?php };
 
-// NEW FILE
+
+
+// NEW FILE ********************************************************************
 if ($page == "new") {
 	$varvar = "";
 	if (isset($_GET["i"])) { $varvar = "?i=".$_GET["i"]; }?>
@@ -459,7 +508,9 @@ function Cancel_Submit_Buttons($button_label) {
 		</form>
 <?php };
 
-// NEW FOLDER
+
+
+// NEW FOLDER ******************************************************************
 if ($page == "folder") {
 	$varvar = "";
 	if (isset($_GET["i"])) { $varvar = "?i=".$_GET["i"]; }?>
@@ -475,7 +526,9 @@ function Cancel_Submit_Buttons($button_label) {
 	</form>
 <?php };
 
-// OTHER
+
+
+// OTHER ***********************************************************************
 if ($page == "other") { ?>
 	<h2>Other</h2>
 
@@ -492,7 +545,9 @@ function Cancel_Submit_Buttons($button_label) {
 	<pre><code>[&#60;a href="<?php echo $ONESCRIPT; ?>"&#62;Admin&#60;/a&#62;]</code></pre>
 <?php };
 
-// RENAME FILE
+
+
+// RENAME FILE *****************************************************************
 if ($page == "rename") {
 	$varvar = "?i=".substr($_GET["r"],0,strrpos($_GET["r"],"/")); ?>
 	<h2>Rename &ldquo;<a href="<?php echo $filename; ?>"><?php echo $filename; 
@@ -516,7 +571,9 @@ function Cancel_Submit_Buttons($button_label) {
 	</form>
 <?php };
 
-// RENAME FOLDER
+
+
+// RENAME FOLDER ***************************************************************
 if ($page == "renamefolder") {
 	$varvar = "?i=".substr($_GET["i"],0,strrpos(substr_replace($_GET["i"],"",-1),"/")); ?>
 	<h2>Rename Folder &ldquo;<?php echo $_GET["i"]; ?>&rdquo;</h2>
@@ -534,7 +591,9 @@ function Cancel_Submit_Buttons($button_label) {
 	</form>
 <?php };
 
-// UPLOAD FILE
+
+
+// UPLOAD FILE *****************************************************************
 if ($page == "upload") {
 	$varvar = ""; if (isset($_GET["i"])) { $varvar = "?i=".$_GET["i"]; } ?>
 	<h2>Upload</h2>
@@ -559,9 +618,16 @@ function Cancel_Submit_Buttons($button_label) {
 
 </div>
 
-<script src="//ajax.googleapis.com/ajax/libs/jquery/1.7/jquery.min.js"></script>
-<script type="text/javascript">
 
+
+<?php //************************************************************************
+$JQUERY = '/'.$config_JQlocal;
+//Check for local copy of jquery
+if (!file_exists($config_JQlocal)) { $JQUERY = $config_JQhosted; }
+?>
+
+<script src="<?php echo $JQUERY; ?>"></script>
+<script type="text/javascript">
 	$.fn.ready(function(){
 	
 		var $message = $("#message"),
@@ -587,10 +653,8 @@ function Cancel_Submit_Buttons($button_label) {
 				return "Any changes you've made will be lost!";
 			}
 		};
-	
 	});
-
 </script>
 
 </body>
-</html>
\ No newline at end of file
+</html>

From 81afb0a71fd37e947e3b8e74f0bd9e71db38c738 Mon Sep 17 00:00:00 2001
From: Self-Evident <selfevidenttruths@mail.com>
Date: Wed, 11 Apr 2012 01:21:08 -0400
Subject: [PATCH 023/228] Formated/added spacing & "//comments **********"  to
 improve readability. Fixed link for "root/path/file.ext" on Edit, Delete,
 Copy, Rename File pages   (It wasn't working after implemented
 "chdir(DOCUMENT_ROOT)" <b>$filename</b> in $messages Tweaked wording on Other
 page a bit.

---
 onefilecms.css |  7 +++--
 onefilecms.php | 83 +++++++++++++++++++++++++++++---------------------
 2 files changed, 52 insertions(+), 38 deletions(-)

diff --git a/onefilecms.css b/onefilecms.css
index ffa8434..e27f62a 100755
--- a/onefilecms.css
+++ b/onefilecms.css
@@ -224,7 +224,7 @@ form .meta { z-index: -1; }
 	border: 1px solid #807568;
 	padding: 2px;
 	width: 650px;
-	font: 12px/18px "Courier New", Courier, monospace;
+	font: 1.3em "Courier New", Courier, monospace;
 }
 
 textarea.textinput {
@@ -272,8 +272,8 @@ h1 a:visited { color: #0F0901; }
 .nav {
 	float     : right;
 	display   : inline-block;
-	margin-top: 1.2em;
-	font-size :  1em;
+	margin-top: .8em;
+	font-size :  1.2em;
 	}
 
 .nav a {
@@ -323,6 +323,7 @@ h1 a:visited { color: #0F0901; }
 .path:hover { border: 1px solid #807568; background-color: #fffbce; }
 
 
+/* --- --- --- */
 hr { 
 	line-height  : 0;
 	font-size    : 1px;
diff --git a/onefilecms.php b/onefilecms.php
index 37e4ae2..87dface 100755
--- a/onefilecms.php
+++ b/onefilecms.php
@@ -12,7 +12,7 @@
 $config_title     = "OneFileCMS";
 $config_footer    = date("Y")." <a href='http://onefilecms.com/'>OneFileCMS</a>.";
 $config_disabled  = "bmp,ico,gif,jpg,png,psd,zip,exe,swf";
-$config_excluded  = "onefilecms.php,favicon,.htaccess";
+$config_excluded  = ""; //files to exclude from directory listings
 $config_LOCAL     = "_onefilecms/";  //local directory for icons, .css, .js, etc...
 $config_csslocal  = $config_LOCAL."onefilecms.css"; //Relative to site URL root. Don't use leading '/'.
 $config_csshosted = "http://self-evident.github.com/OneFileCMS/onefilecms.css";
@@ -104,7 +104,7 @@ function Cancel_Submit_Buttons($button_label) {
 	$old_filename = $_POST["old_filename"];
 	$filename = $_POST["copy_filename"];
 	copy($old_filename, $filename);
-	$message = $old_filename." copied successfully to ".$filename.".";
+	$message = '<b>'.$old_filename."</b> copied successfully to <b>".$filename."</b>.";
 }
 
 
@@ -118,7 +118,7 @@ function Cancel_Submit_Buttons($button_label) {
 if (isset($_POST["delete_filename"]) && $_SESSION['onefilecms_valid'] = "1" && $_POST["sessionid"] == session_id()) {
 	$filename = $_POST["delete_filename"];
 	unlink($filename);
-	$message = $filename." successfully deleted.";
+	$message = '<b>'.$filename."</b> successfully deleted.";
 }
 
 
@@ -130,7 +130,7 @@ function Cancel_Submit_Buttons($button_label) {
 if (isset($_POST["delete_foldername"]) && $_SESSION['onefilecms_valid'] = "1" && $_POST["sessionid"] == session_id()) {
 	$foldername = $_POST["delete_foldername"];
 	if (@rmdir($foldername)) {
-		$message = $foldername." successfully deleted.";
+		$message = '<b>'.$foldername."</b> successfully deleted.";
 	} else {
 		$message = "That folder is not empty.";
 	}
@@ -147,7 +147,7 @@ function Cancel_Submit_Buttons($button_label) {
 		fwrite($fp, $content);
 		fclose($fp);
 	}
-	$message = $filename." saved successfully.";
+	$message = '<b>'.$filename."</b> saved successfully.";
 }
 if (isset($_GET["f"])) {
 	$filename = stripslashes($_GET["f"]);
@@ -174,11 +174,11 @@ function Cancel_Submit_Buttons($button_label) {
 if (isset($_POST["new_filename"]) && $_SESSION['onefilecms_valid'] = "1" && $_POST["sessionid"] == session_id()) {
 	$filename = $_POST["new_filename"];
 	if (file_exists($filename)) {
-		$message = $filename." not created. A file with that name already exists.";
+		$message = '<b>'.$filename."</b> not created. A file with that name already exists.";
 	} else {
 		$handle = fopen($filename, 'w') or die("can't open file");
 		fclose($handle);
-		$message = $filename." created successfully.";
+		$message = '<b>'.$filename."</b> created successfully.";
 	}
 }
 
@@ -190,7 +190,7 @@ function Cancel_Submit_Buttons($button_label) {
 	$foldername = $_POST["new_folder"];
 	if (!is_dir($foldername)) {
 		mkdir($foldername);
-		$message = $foldername." created successfully.";
+		$message = '<b>'.$foldername."</b> created successfully.";
 	} else {
 		$message = "A folder by that name already exists.";
 	}
@@ -208,7 +208,7 @@ function Cancel_Submit_Buttons($button_label) {
 	$old_filename = $_POST["old_filename"];
 	$filename = $_POST["rename_filename"];
 	rename($old_filename, $filename);
-	$message = $old_filename." successfully renamed to ".$filename.".";
+	$message = '<b>'.$old_filename."</b> successfully renamed to <b>".$filename."</b>.";
 }
 
 
@@ -219,7 +219,7 @@ function Cancel_Submit_Buttons($button_label) {
 	$old_foldername = $_POST["old_foldername"];
 	$foldername = $_POST["rename_foldername"];
 	if (rename($old_foldername, $foldername)) {
-		$message = $old_foldername." unsuccessfully renamed to ".$foldername.".";
+		$message = '<b>'.$old_foldername."</b> unsuccessfully renamed to <b>".$foldername."</b>.";
 	} else {
 		$message = "There was an error. Try again and/or contact your admin.";
 	}
@@ -234,13 +234,14 @@ function Cancel_Submit_Buttons($button_label) {
 	$destination = $_POST["upload_destination"];
 	if(move_uploaded_file($_FILES['upload_filename']['tmp_name'],
 	$destination.basename($filename))) {
-		$message = basename($filename)." uploaded successfully to ".$destination.".";
+		$message = '<b>'.basename($filename)."</b> uploaded successfully to <b>".$destination."</b>.";
 	} else{
 		$message = "There was an error. Try again and/or contact your admin.";
 	}
 }
 
 
+
 //******************************************************************************
 ?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
 <html xmlns="http://www.w3.org/1999/xhtml">
@@ -281,7 +282,7 @@ function Cancel_Submit_Buttons($button_label) {
 </div>
 
 
-<?php if (isset($message)) {?><div id="message"><p><?php echo $message; ?></p></div><?php };
+<?php if (isset($message)) { echo '<div id="message"><p>'.$message.'</p></div>'; };
 
 
 
@@ -290,7 +291,7 @@ function Cancel_Submit_Buttons($button_label) {
 	$extension = strrchr($filename, ".");
 	$slug = substr($filename, 0, strlen($filename) - strlen($extension));
 	$varvar = "?i=".substr($_GET["c"],0,strrpos($_GET["c"],"/")); ?>
-	<h2>Copy &ldquo;<a href="<?php echo $filename; ?>"><?php echo $filename; ?></a>&rdquo;</h2>
+	<h2>Copy &ldquo;<a href="/<?php echo $filename; ?> "> <?php echo $filename; ?> </a> &rdquo;</h2>
 	<p>Existing files with the same filename are automatically overwritten... Be careful!</p>
 	<form method="post" id="new" action="<?php echo $ONESCRIPT.$varvar; ?>">
 		<input type="hidden" name="sessionid" value="<?php echo session_id(); ?>" />
@@ -312,8 +313,10 @@ function Cancel_Submit_Buttons($button_label) {
 // DELETE FILE *****************************************************************
 if ($page == "delete") {
 	$varvar = "?i=".substr($_GET["d"],0,strrpos($_GET["d"],"/")); ?>
-	<h2>Delete &ldquo;<a href="<?php echo $filename; ?>"><?php echo $filename; ?></a>&rdquo;</h2>
+	<h2>Delete &ldquo;<a href="/<?php echo $filename; ?> " >
+	<?php echo $filename; ?></a>&rdquo;</h2>
 	<p>Are you sure?</p>
+
 	<form method="post" action="<?php echo $ONESCRIPT.$varvar; ?>">
 		<input type="hidden" name="sessionid" value="<?php echo session_id(); ?>" />
 		<p>
@@ -345,8 +348,12 @@ function Cancel_Submit_Buttons($button_label) {
 
 // EDIT ************************************************************************
 if ($page == "edit") { ?>
-	<h2 id="edit_header">Edit &ldquo;<a href="<?php echo $filename; ?>"><?php echo $filename; ?></a>&rdquo;</h2>
-	<form method="post" action="<?php echo $ONESCRIPT; ?>?f=<?php echo $filename; ?>">
+	<h2 id="edit_header">Edit &ldquo;
+	<a href="/<?php echo $filename; ?>" >
+	<?php echo $filename; ?>
+	</a>&rdquo;</h2>
+
+	<form method="post" action="<?php echo $ONESCRIPT.'?f='.$filename; ?>">
 	<input type="button" class="button close" name="close" value="Close" onclick="parent.location='<?php echo $ONESCRIPT.'?i='.substr($_GET["f"],0,strrpos($_GET["f"],"/")); ?>'" />
 		<input type="hidden" name="sessionid" value="<?php echo session_id(); ?>" />
 		<?php $lfile = strtolower($filename);
@@ -365,10 +372,10 @@ function Cancel_Submit_Buttons($button_label) {
 			<p class="buttons_right">
 				<input type="submit" class="button" name="save_file" id="save_file" value="Save" />
 		<?php } ?>
-			<input type="button" class="button" name="rename_file" value="Rename/Move" onclick="parent.location='<?php echo $ONESCRIPT; ?>?r=<?php echo $filename; ?>'" />
-			<input type="button" class="button" name="delete_file" value="Delete" onclick="parent.location='<?php echo $ONESCRIPT; ?>?d=<?php echo $filename; ?>'" />
-			<input type="button" class="button" name="copy_file" value="Copy" onclick="parent.location='<?php echo $ONESCRIPT; ?>?c=<?php echo $filename; ?>'" />
-			<input type="button" class="button" name="close" value="Close" onclick="parent.location='<?php echo $ONESCRIPT.'?i='.substr($_GET["f"],0,strrpos($_GET["f"],"/")); ?>'" />
+			<input type="button" class="button" name="rename_file" value="Rename/Move" onclick="parent.location='<?php echo $ONESCRIPT.'?r='.$filename; ?>'" />
+			<input type="button" class="button" name="delete_file" value="Delete"      onclick="parent.location='<?php echo $ONESCRIPT.'?d='.$filename; ?>'" />
+			<input type="button" class="button" name="copy_file"   value="Copy"        onclick="parent.location='<?php echo $ONESCRIPT.'?c='.$filename; ?>'" />
+			<input type="button" class="button" name="close"       value="Close"       onclick="parent.location='<?php echo $ONESCRIPT.'?i='.substr($_GET["f"],0,strrpos($_GET["f"],"/")); ?>'" />
 		</p><div class="meta">
 			<p><i>File Size:</i> <?php echo round(filesize($filename)/1000,2); ?> kb - 
 			<i>Last Updated:</i> <?php echo date("n/j/y g:ia", filemtime($filename)); ?></p>
@@ -408,8 +415,8 @@ function Cancel_Submit_Buttons($button_label) {
 		$files = glob($varvar."*",GLOB_ONLYDIR);
 		sort($files);
 		foreach ($files as $file) { ?>
-			<a href="<?php echo $ONESCRIPT; ?>?i=<?php echo $file; ?>" class="folder"><?php echo basename($file); ?></a>
-		<?php } ?>
+			<a href="<?php echo $ONESCRIPT.'?i='.$file.'" class="folder">'.basename($file).'</a>';
+		} ?>
 	</p>
 	
 	
@@ -439,25 +446,29 @@ function Cancel_Submit_Buttons($button_label) {
 				if (strrpos($lfile,".css")) { $file_class = "css"; };
 				if (strrpos($lfile,".php")) { $file_class = "php"; }; ?>
 					<li>
-						<a href="<?php echo $ONESCRIPT; ?>?f=<?php 
-						echo $file; ?>" class="<?php echo $file_class ?>"><?php 
+						<a href="<?php echo $ONESCRIPT.'?f='.$file.'" class=" '.$file_class.'">';
 						echo basename($file); ?></a>
 						<div class="meta">
-							<span><i>File Size:</i> <?php echo 
-							round(filesize($file)/1000,2);?> kb<br /></span>
-							<span><i>Last Updated:</i> <?php echo 
-							date("n/j/y g:ia", filemtime($file)); ?></span>
+							<span><i>File Size:</i>
+							<?php echo round(filesize($file)/1000,2);?> kb<br /></span>
+							<span><i>Last Updated:</i>
+							<?php echo date("n/j/y g:ia", filemtime($file)); ?></span>
 						</div>
 					</li>
 			<?php }
 		} ?>
 	</ul>
 	<p class="front_links">
-		<a href="<?php echo $ONESCRIPT; ?>?p=upload&amp;i=<?php echo $varvar; ?>" class="upload">Upload File</a>
-		<a href="<?php echo $ONESCRIPT; ?>?p=new&amp;i=<?php echo $varvar; ?>" class="new">New File</a>
-		<a href="<?php echo $ONESCRIPT; ?>?p=folder&amp;i=<?php echo $varvar; ?>" class="newfolder">New Folder</a><?php if ($varvar !== "") { ?>
-		<a href="<?php echo $ONESCRIPT; ?>?p=deletefolder&amp;i=<?php echo $varvar; ?>" class="deletefolder">Delete Folder</a>
-		<a href="<?php echo $ONESCRIPT; ?>?p=renamefolder&amp;i=<?php echo $varvar; ?>" class="renamefolder">Rename Folder</a><?php } ?>
+		<a href="<?php echo $ONESCRIPT.'?p=upload&amp;i='.$varvar; ?>" class="upload">Upload File</a>
+		<a href="<?php echo $ONESCRIPT.'?p=new&amp;i='.$varvar; ?>"    class="new">New File</a>
+		<a href="<?php echo $ONESCRIPT.'?p=folder&amp;i='.$varvar; ?>" class="newfolder">
+		New Folder</a>
+		<?php if ($varvar !== "") { ?>
+			<a href="<?php echo $ONESCRIPT.'?p=deletefolder&amp;i='.$varvar; ?>" class="deletefolder">
+			Delete Folder</a>
+			<a href="<?php echo $ONESCRIPT.'?p=renamefolder&amp;i='.$varvar; ?>" class="renamefolder">
+			Rename Folder</a>
+		<?php } ?>
 		<a href="<?php echo $ONESCRIPT; ?>?p=other" class="other">Other</a>
 	</p>
 <?php };
@@ -534,7 +545,8 @@ function Cancel_Submit_Buttons($button_label) {
 
 	<h3>Check for Updates</h3>
 	<p>You are using version <?php echo $version; ?>.<br>
-	Future versions of OneFileCMS may have a one-click upgrade process. For now, though, you have to <a href="http://onefilecms.com/download.php?v=<?php echo $version; ?>">&gt;click this link&lt;</a>.</p>
+	Future versions of OneFileCMS may have a one-click upgrade process.
+	For now, though,<a href="https://github.com/Self-Evident/OneFileCMS">&gt;check here&lt;</a> for current versions.</p>
 
 	<h3>Want some good Karma?</h3>
 	<p>Let people know you use OneFileCMS by putting this in your footer:</p>
@@ -550,7 +562,7 @@ function Cancel_Submit_Buttons($button_label) {
 // RENAME FILE *****************************************************************
 if ($page == "rename") {
 	$varvar = "?i=".substr($_GET["r"],0,strrpos($_GET["r"],"/")); ?>
-	<h2>Rename &ldquo;<a href="<?php echo $filename; ?>"><?php echo $filename; 
+	<h2>Rename &ldquo;<a href="/<?php echo $filename; ?>"><?php echo $filename; 
 	?></a>&rdquo;</h2>
 	<p>Existing files with the same filename are automatically overwritten... Be 
 	careful!</p>
@@ -632,6 +644,7 @@ function Cancel_Submit_Buttons($button_label) {
 	
 		var $message = $("#message"),
 		    $save_file = $("#save_file");
+		//This line fades out the message after specified time (3000 = 3 seconds)
 		//if ( $message.length > 0 ) { $message.animate({opacity: 1.0}, 3000).fadeOut(); };
 		
 		$(".button:visible:enabled:first").focus();

From 18c4ef715dbb7059f81e95b95d500024ae4803e6 Mon Sep 17 00:00:00 2001
From: Self-Evident <selfevidenttruths@mail.com>
Date: Thu, 12 Apr 2012 22:11:13 -0400
Subject: [PATCH 024/228] Improved  path/to/current/folder/  breadcrumb links.

---
 onefilecms.css | 13 ++++++++++++-
 onefilecms.php | 50 ++++++++++++++++++++++++++++++++------------------
 2 files changed, 44 insertions(+), 19 deletions(-)

diff --git a/onefilecms.css b/onefilecms.css
index e27f62a..fa00570 100755
--- a/onefilecms.css
+++ b/onefilecms.css
@@ -1,5 +1,10 @@
-/* --- reset --- */
 
+
+
+
+
+
+/* --- reset --- */
 html,body,div,span,applet,object,iframe,h1,h2,h3,h4,h5,h6,p,blockquote,pre,a,abbr,acronym,address,big,
 cite,code,del,dfn,em,font,img,ins,kbd,q,s,samp,small,strike,strong,sub,sup,tt,var,dl,dt,dd,ol,ul,li,
 fieldset,form,label,legend,table,caption,tbody,tfoot,thead,tr,th,td{border:0;outline:0;font-weight:inherit;font-style:inherit;font-size:100%;font-family:inherit;vertical-align:baseline;margin:0;padding:0;}
@@ -46,6 +51,12 @@ body {
 	clear: both;  ****************/
 	}
 
+
+
+
+
+
+
 /* --- general formatting --- */
 
 h2,h3,p,ul,table { margin-bottom: 10px; }
diff --git a/onefilecms.php b/onefilecms.php
index 87dface..c82d81c 100755
--- a/onefilecms.php
+++ b/onefilecms.php
@@ -1,6 +1,9 @@
 <?php
 // OneFileCMS - http://onefilecms.com/
 
+
+
+
 if( phpversion() < '5.0.0' ) { exit("OneFileCMS requires PHP5 to operate. Please contact your host to upgrade your PHP installation."); };
 
 // CONFIGURATION INFO
@@ -17,8 +20,8 @@
 $config_csslocal  = $config_LOCAL."onefilecms.css"; //Relative to site URL root. Don't use leading '/'.
 $config_csshosted = "http://self-evident.github.com/OneFileCMS/onefilecms.css";
 $config_JQlocal   = $config_LOCAL."jquery.min.js";
-$config_JQhosted  = "http://ajax.googleapis.com/ajax/libs/jquery/1.7/jquery.min.js";
-
+$config_JQhosted  = "http://code.jquery.com/jquery-1.7.2.min.js";
+//$config_JQhosted  = "http://ajax.googleapis.com/ajax/libs/jquery/1.7/jquery.min.js";
 
 //Allows OneFileCMS.php to be started from any dir on the site.
 chdir($_SERVER["DOCUMENT_ROOT"]);
@@ -263,13 +266,11 @@ function Cancel_Submit_Buttons($button_label) {
 
 </head>
 
-
 <body class="page_<?php echo $page; ?>">
 
 <div class="container">
 
 <div class="header">
-
 	<?php echo '<a href="', $ONESCRIPT, '" id="logo" >', $config_title; ?></a>
 
 	<?php if ((isset($_SESSION['onefilecms_valid'])) && ($_SESSION['onefilecms_valid'] == "1")) { ?>
@@ -282,6 +283,7 @@ function Cancel_Submit_Buttons($button_label) {
 </div>
 
 
+
 <?php if (isset($message)) { echo '<div id="message"><p>'.$message.'</p></div>'; };
 
 
@@ -387,39 +389,48 @@ function Cancel_Submit_Buttons($button_label) {
 
 
 // INDEX ***********************************************************************
-if ($page == "index") { $varvar = "";
-	if (isset($_GET["i"])) { $varvar = $_GET["i"]."/"; } ?>
+if ($page == "index") {
+	$varvar = "";
+	if (isset($_GET["i"])) { $varvar = $_GET["i"]."/"; }
+
+ 	// Current path. ie: docroot/current/path/ 
+	// Each level is a link to that level.
+	echo '<h2>';
+		$full_path = basename(getcwd());
+		if (isset($_GET["i"])) { $full_path = basename(getcwd()).'/'.$_GET["i"]; }
 
-	<!-- docroot/path/current/index -->
-	<h2><?php $full_path = basename(getcwd()).'/'.$_GET["i"];
 		$path_levels = explode("/",$full_path);
-		$levels = count($path_levels);
-		if ($varvar == "") { 
-			echo $path_levels[0]; // if at root, no need for link.
+		$levels = count($path_levels); //If levels=3, indexes = 0, 1, 2  etc...
+
+		//docroot folder of site
+		if ($_GET["i"] == "") { 
+			echo $path_levels[0].' /'; // if at root, no need for link.
 		} else {
 			echo '<a href="'.$ONESCRIPT.'" class="path"> '.$path_levels[0].' </a>/';
 		}
-		$current_path = "";
-		for ($x=1; $x < $levels-1; $x++) {
+
+		//Remainder of current/path
+		for ($x=1; $x < $levels; $x++) {
 			if ($x !== 1){ $current_path .= '/'; }
 			$current_path = $current_path.$path_levels[$x];
 			echo '<a href="'.$ONESCRIPT.'?i='.$current_path.'" class="path"> ';
-			echo ' '.$path_levels[$x].' </a>/';
+			echo ' '.$path_levels[$x]." </a>/";
 		}
-		echo ' '.$path_levels[$x].' /'; // last item is current dir. No link needed.
 	?></h2>
 
 
+	<!--===== List folders/sub-directores =====-->
 	<p class="index_folders">
 		<?php
 		$files = glob($varvar."*",GLOB_ONLYDIR);
 		sort($files);
-		foreach ($files as $file) { ?>
-			<a href="<?php echo $ONESCRIPT.'?i='.$file.'" class="folder">'.basename($file).'</a>';
+		foreach ($files as $file) {
+			echo '<a href="'.$ONESCRIPT.'?i='.$file.'" class="folder">'.basename($file).'</a>';
 		} ?>
 	</p>
 	
-	
+
+	<!--============= List files ==============-->
 	<div style="clear:both;"></div>
 	<ul class="index <?php echo $_COOKIE['index_display']; ?>">
 		<?php $files = glob($varvar."{,.}*", GLOB_BRACE); sort($files);
@@ -458,6 +469,8 @@ function Cancel_Submit_Buttons($button_label) {
 			<?php }
 		} ?>
 	</ul>
+
+	<!--=== Upload/New/Rename/Copy/etc... links ===-->
 	<p class="front_links">
 		<a href="<?php echo $ONESCRIPT.'?p=upload&amp;i='.$varvar; ?>" class="upload">Upload File</a>
 		<a href="<?php echo $ONESCRIPT.'?p=new&amp;i='.$varvar; ?>"    class="new">New File</a>
@@ -626,6 +639,7 @@ function Cancel_Submit_Buttons($button_label) {
 <?php } ?>
 
 <div class="footer"> <hr>
+
 </div>
 
 </div>

From 7896d929cee4d6feb8f73f0e5d3fb9e5e5dac9bd Mon Sep 17 00:00:00 2001
From: Self-Evident <selfevidenttruths@mail.com>
Date: Thu, 12 Apr 2012 22:24:59 -0400
Subject: [PATCH 025/228] Added license & copyright info.

---
 OneFileCMS.License.BSD.txt | 29 +++++++++++++++++++++++++++++
 OneFileCMS.License.MIT.txt | 22 ++++++++++++++++++++++
 onefilecms.css             |  8 ++++----
 onefilecms.php             |  6 +++---
 4 files changed, 58 insertions(+), 7 deletions(-)
 create mode 100755 OneFileCMS.License.BSD.txt
 create mode 100755 OneFileCMS.License.MIT.txt

diff --git a/OneFileCMS.License.BSD.txt b/OneFileCMS.License.BSD.txt
new file mode 100755
index 0000000..c33a683
--- /dev/null
+++ b/OneFileCMS.License.BSD.txt
@@ -0,0 +1,29 @@
+OneFileCMS
+
+Copyright � 2009-2012 https://github.com/rocktronica
+Copyright � 2012-     https://github.com/Self-Evident  David W. Gay
+
+(Based on the BSD new/3-clause license)
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions are met:
+    * Redistributions of source code must retain the above copyright
+      notice, this list of conditions and the following disclaimer.
+    * Redistributions in binary form must reproduce the above copyright
+      notice, this list of conditions and the following disclaimer in the
+      documentation and/or other materials provided with the distribution.
+    * Neither the name of the author or copyright holder, nor the
+      names of its contributors may be used to endorse or promote products
+      derived from this software without specific prior written permission.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER BE LIABLE FOR ANY
+DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+(INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
diff --git a/OneFileCMS.License.MIT.txt b/OneFileCMS.License.MIT.txt
new file mode 100755
index 0000000..d9e8e69
--- /dev/null
+++ b/OneFileCMS.License.MIT.txt
@@ -0,0 +1,22 @@
+OneFileCMS
+
+Copyright © 2009-2012 https://github.com/rocktronica
+Copyright © 2012-     https://github.com/Self-Evident  David W. Gay
+
+Permission is hereby granted, free of charge, to any person obtaining a copy of
+this software and associated documentation files (the "Software"), to deal in
+the Software without restriction, including without limitation the rights to
+use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies
+of the Software, and to permit persons to whom the Software is furnished to do
+so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.
diff --git a/onefilecms.css b/onefilecms.css
index fa00570..640f9df 100755
--- a/onefilecms.css
+++ b/onefilecms.css
@@ -1,7 +1,7 @@
-
-
-
-
+/* OneFileCMS - http://onefilecms.com/
+ * 
+ * For license & copyright info, see OneFileCMS.License.BSD.txt 
+ */ 
 
 
 /* --- reset --- */
diff --git a/onefilecms.php b/onefilecms.php
index c82d81c..ec7d085 100755
--- a/onefilecms.php
+++ b/onefilecms.php
@@ -1,7 +1,7 @@
 <?php
 // OneFileCMS - http://onefilecms.com/
-
-
+// 
+// For license & copyright info, see OneFileCMS.License.BSD.txt
 
 
 if( phpversion() < '5.0.0' ) { exit("OneFileCMS requires PHP5 to operate. Please contact your host to upgrade your PHP installation."); };
@@ -639,7 +639,7 @@ function Cancel_Submit_Buttons($button_label) {
 <?php } ?>
 
 <div class="footer"> <hr>
-
+(Icons courtesy of <a href="http://www.famfamfam.com/lab/icons/silk/" target="_BLANK">FAMFAMFAM</a>)
 </div>
 
 </div>

From baa3dbe5840423037d64fb9fe8da61ad7202014c Mon Sep 17 00:00:00 2001
From: Self-Evident <selfevidenttruths@mail.com>
Date: Thu, 12 Apr 2012 22:36:07 -0400
Subject: [PATCH 026/228] Version 1.1.7

---
 onefilecms.css  | 14 +++++++-------
 onefilecms.php  |  6 ++++--
 readme.markdown |  4 ++++
 3 files changed, 15 insertions(+), 9 deletions(-)

diff --git a/onefilecms.css b/onefilecms.css
index 640f9df..8415d33 100755
--- a/onefilecms.css
+++ b/onefilecms.css
@@ -1,5 +1,5 @@
 /* OneFileCMS - http://onefilecms.com/
- * 
+ * Version 1.1.7 
  * For license & copyright info, see OneFileCMS.License.BSD.txt 
  */ 
 
@@ -44,17 +44,17 @@ body {
 #logo {font-family: 'Trebuchet MS', sans-serif; font-size:2.9em; font-weight: bold; color: black;}
 
 
-.footer { /************************
+.footer {
+	color: #777;
+	/*****************
 	margin-top: 10px;
 	padding-top: 10px;
 	border-top: 01px solid #807568;    /*using <hr>. Styles at bottom of this file
-	clear: both;  ****************/
+	clear: both;
+	*****************/
 	}
 
-
-
-
-
+.footer a{ color: rgb(157, 124, 83);}  /*rgb(157, 124, 83)*/
 
 
 /* --- general formatting --- */
diff --git a/onefilecms.php b/onefilecms.php
index ec7d085..d4b56d3 100755
--- a/onefilecms.php
+++ b/onefilecms.php
@@ -1,13 +1,13 @@
 <?php
 // OneFileCMS - http://onefilecms.com/
-// 
+// Version 1.1.7 
 // For license & copyright info, see OneFileCMS.License.BSD.txt
 
 
 if( phpversion() < '5.0.0' ) { exit("OneFileCMS requires PHP5 to operate. Please contact your host to upgrade your PHP installation."); };
 
 // CONFIGURATION INFO
-$version          = "1.1.7.BETA"; // ONEFILECMS_BEGIN
+$version          = "1.1.7"; // ONEFILECMS_BEGIN
 $ONESCRIPT        = $_SERVER["SCRIPT_NAME"];
 $config_username  = "username";
 $config_password  = "password";
@@ -638,6 +638,8 @@ function Cancel_Submit_Buttons($button_label) {
 	</form>
 <?php } ?>
 
+
+
 <div class="footer"> <hr>
 (Icons courtesy of <a href="http://www.famfamfam.com/lab/icons/silk/" target="_BLANK">FAMFAMFAM</a>)
 </div>
diff --git a/readme.markdown b/readme.markdown
index 7737d2d..fd8c9f9 100644
--- a/readme.markdown
+++ b/readme.markdown
@@ -80,6 +80,10 @@ It isn't entirely necessary, but it does nice little progressive enhancements li
 
 ## Change Log
 
+### 1.1.7
+
+- Added [Cancel] button to most screens. Numerous minor UI & code tweaks/improvements.  Changed where .css is hosted (may change back later).  Removed "Rendered in (microseconds)...".  Added license info & copyright notice.
+
 ### 1.1.6
 
 - Breadcrumb navigation (courtesy of [Self-Evident](https://github.com/Self-Evident/)), CSS file and some minor changes to it<br />

From f079c93ae16c5aa5ebadc1f524f3fe4c7c6b83b1 Mon Sep 17 00:00:00 2001
From: Self-Evident <selfevidenttruths@mail.com>
Date: Wed, 18 Apr 2012 01:31:16 -0400
Subject: [PATCH 027/228] Added notes regarding future changes/improvements.

---
 readme.markdown | 15 ++++++++++++++-
 1 file changed, 14 insertions(+), 1 deletion(-)

diff --git a/readme.markdown b/readme.markdown
index fd8c9f9..17649be 100644
--- a/readme.markdown
+++ b/readme.markdown
@@ -142,4 +142,17 @@ Written in PHP, XHTML, CSS, and [jQuery](http://jquery.com/). Icons by [famfamfa
 
 Available under the MIT and BSD license.
 
-To report a bug or request a feature, please file an issue via Github. Forks encouraged!
\ No newline at end of file
+To report a bug or request a feature, please file an issue via Github. Forks encouraged!
+
+##Needed/potential/upcoming improvements
+
+- Prompt to prevent automatic overwrite when uploading or renaming files.
+- Check size of file to upload, verify under max post/upload limits.
+- Option to switch between original OneFileCMS view and a common list view.
+  (in the works)
+- Embed css and remove or swtich to svg icons to create a true "OneFileCMS"
+  (in the works)
+- Remove use of jquery.
+  Used to detect if file being edited, set focus form fields, (more?)
+  (in the works)
+- Multiple login names

From adb3f40ac64a54da66aef17ad68518b25416d525 Mon Sep 17 00:00:00 2001
From: Self-Evident <selfevidenttruths@mail.com>
Date: Wed, 18 Apr 2012 01:49:42 -0400
Subject: [PATCH 028/228] Cleared .gitignore

---
 .gitignore | 1 -
 1 file changed, 1 deletion(-)

diff --git a/.gitignore b/.gitignore
index b1dd607..e69de29 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1 +0,0 @@
-onefilecms2.esproj
\ No newline at end of file

From bf2070a6385eca88092a8b071b27555cee82a7bd Mon Sep 17 00:00:00 2001
From: Self-Evident <selfevidenttruths@mail.com>
Date: Fri, 20 Apr 2012 13:36:05 -0400
Subject: [PATCH 029/228] Removed "Other" page. Some minor code formatting.

---
 onefilecms.php | 30 ++++--------------------------
 1 file changed, 4 insertions(+), 26 deletions(-)

diff --git a/onefilecms.php b/onefilecms.php
index d4b56d3..6946764 100755
--- a/onefilecms.php
+++ b/onefilecms.php
@@ -76,7 +76,7 @@ function Cancel_Submit_Buttons($button_label) {
 	// redirect on invalid page attempts
 	$page = $_GET["p"];
 	if (!in_array(strtolower($_GET["p"]), array(
-		"copy","delete","error","deletefolder","edit","folder","index","login","logout","new","other","rename","renamefolder","upload"	)))
+		"copy","delete","error","deletefolder","edit","folder","index","login","logout","new","rename","renamefolder","upload"	)))
 	{
 		header("Location: ".$ONESCRIPT);
 		$page = "index";
@@ -84,7 +84,6 @@ function Cancel_Submit_Buttons($button_label) {
 }
 if ( ($page == "login") and ($_SESSION['onefilecms_valid']) ) {$page = "index"; header("Location: ".$ONESCRIPT);};
 
-if ($_GET["p"] == "other") {$pagetitle = "Other"; }
 if ($_GET["p"] == "login") {$pagetitle = "Log In"; }
 if ($_GET["p"] == "logout") {$pagetitle = "Log Out"; $_SESSION['onefilecms_valid'] = "0"; session_destroy(); }
 if ($_GET["i"] == "") { unset($_GET["i"]); }
@@ -482,7 +481,6 @@ function Cancel_Submit_Buttons($button_label) {
 			<a href="<?php echo $ONESCRIPT.'?p=renamefolder&amp;i='.$varvar; ?>" class="renamefolder">
 			Rename Folder</a>
 		<?php } ?>
-		<a href="<?php echo $ONESCRIPT; ?>?p=other" class="other">Other</a>
 	</p>
 <?php };
 
@@ -552,31 +550,12 @@ function Cancel_Submit_Buttons($button_label) {
 
 
 
-// OTHER ***********************************************************************
-if ($page == "other") { ?>
-	<h2>Other</h2>
-
-	<h3>Check for Updates</h3>
-	<p>You are using version <?php echo $version; ?>.<br>
-	Future versions of OneFileCMS may have a one-click upgrade process.
-	For now, though,<a href="https://github.com/Self-Evident/OneFileCMS">&gt;check here&lt;</a> for current versions.</p>
-
-	<h3>Want some good Karma?</h3>
-	<p>Let people know you use OneFileCMS by putting this in your footer:</p>
-	<pre><code>This site managed with &#60;a href="http://onefilecms.com/"&#62;OneFileCMS&#60;/a&#62;.</code></pre>
-
-	<h3>Admin Link</h3>
-	<p>Add this to your footer (or something) for lazy/forgetful admins. They'll still have to know the username and password, of course.</p>
-	<pre><code>[&#60;a href="<?php echo $ONESCRIPT; ?>"&#62;Admin&#60;/a&#62;]</code></pre>
-<?php };
-
-
 
 // RENAME FILE *****************************************************************
 if ($page == "rename") {
 	$varvar = "?i=".substr($_GET["r"],0,strrpos($_GET["r"],"/")); ?>
-	<h2>Rename &ldquo;<a href="/<?php echo $filename; ?>"><?php echo $filename; 
-	?></a>&rdquo;</h2>
+	<h2>Rename &ldquo;<a href="/<?php echo $filename; ?>">
+	<?php echo $filename; ?></a>&rdquo;</h2>
 	<p>Existing files with the same filename are automatically overwritten... Be 
 	careful!</p>
 	<p>To move a file, preface its name with the folder's name, as in 
@@ -622,8 +601,7 @@ function Cancel_Submit_Buttons($button_label) {
 if ($page == "upload") {
 	$varvar = ""; if (isset($_GET["i"])) { $varvar = "?i=".$_GET["i"]; } ?>
 	<h2>Upload</h2>
-	<form enctype="multipart/form-data" action="<?php echo
-	$ONESCRIPT.substr_replace($varvar,"",-1); ?>" method="post">
+	<form enctype="multipart/form-data" action="<?php echo $ONESCRIPT.substr_replace($varvar,"",-1); ?>" method="post">
 		<input type="hidden" name="sessionid" value="<?php echo session_id(); ?>" />
 		<input type="hidden" name="MAX_FILE_SIZE" value="100000" />
 		<p>

From 0bb9b952a16e88b5084e66cc0feb868d9f72980f Mon Sep 17 00:00:00 2001
From: Self-Evident <selfevidenttruths@mail.com>
Date: Fri, 20 Apr 2012 13:47:25 -0400
Subject: [PATCH 030/228] Added [Close] button function.  Used on Edit page.
 Also, added / after folder names in list/ of/ folders/.

---
 onefilecms.php | 51 +++++++++++++++++++++++++++-----------------------
 1 file changed, 28 insertions(+), 23 deletions(-)

diff --git a/onefilecms.php b/onefilecms.php
index 6946764..8a61857 100755
--- a/onefilecms.php
+++ b/onefilecms.php
@@ -29,31 +29,34 @@
 
 
 //******************************************************************************
+// Functions
+
+function Close_Button($classes) {
+	echo '<input type="button" class="button '.$classes.'" name="close" value="Close" onclick="parent.location=\'';
+	echo $ONESCRIPT.'?i='.substr($_GET["f"],0,strrpos($_GET["f"],"/")).'\'" />';
+}
+
+
 function Cancel_Submit_Buttons($button_label) { 
 	global $ONESCRIPT, $varvar;
 
 	// [Cancel] returns to either the current/path, or current/path/file
-	if (isset($_GET["i"])){
-		$ipath = '?i='.rtrim($_GET["i"],"/");
-		
-	}else if   ( isset($_GET["c"]) ) {
-		$ipath = '?f='.$_GET["c"];
-		
-	}else if   ( isset($_GET["d"]) ) {
-		$ipath = '?f='.$_GET["d"];
-
-	}else if   ( isset($_GET["r"]) ) {
-		$ipath = '?f='.$_GET["r"];
-		
-	}else{
-		$ipath = rtrim($varvar,"/");
-	}//end if
-?>
+	if (isset($_GET["i"])){ $ipath = '?i='.rtrim($_GET["i"],"/"); }
+		else if ( isset($_GET["c"]) ) { $ipath = '?f='.$_GET["c"]; }
+		else if ( isset($_GET["d"]) ) { $ipath = '?f='.$_GET["d"]; }
+		else if ( isset($_GET["r"]) ) { $ipath = '?f='.$_GET["r"]; }
+		else{                           $ipath = rtrim($varvar,"/");
+	}//end if/else if
+
+	?>
 	<p>
 		<input type="button" class="button" name="cancel" value="Cancel" onclick="parent.location='<?php echo $ONESCRIPT.$ipath; ?>'"/>
-		<input type="submit" class="button" value="<?php echo $button_label;?>" id="action" style="margin-left: 2.5em;">
+		<input type="submit" class="button" value="<?php echo $button_label;?>" style="margin-left: 2.5em;">
 	</p>
-<?php }
+	<?php
+}// End Cancel_Submit_Buttons()
+
+// End of funtions *************************************************************
 
 
 
@@ -355,7 +358,7 @@ function Cancel_Submit_Buttons($button_label) {
 	</a>&rdquo;</h2>
 
 	<form method="post" action="<?php echo $ONESCRIPT.'?f='.$filename; ?>">
-	<input type="button" class="button close" name="close" value="Close" onclick="parent.location='<?php echo $ONESCRIPT.'?i='.substr($_GET["f"],0,strrpos($_GET["f"],"/")); ?>'" />
+		<?php Close_Button("close"); ?>
 		<input type="hidden" name="sessionid" value="<?php echo session_id(); ?>" />
 		<?php $lfile = strtolower($filename);
 		if (strpos($config_disabled,end(explode(".", $lfile)))) { ?>
@@ -376,10 +379,11 @@ function Cancel_Submit_Buttons($button_label) {
 			<input type="button" class="button" name="rename_file" value="Rename/Move" onclick="parent.location='<?php echo $ONESCRIPT.'?r='.$filename; ?>'" />
 			<input type="button" class="button" name="delete_file" value="Delete"      onclick="parent.location='<?php echo $ONESCRIPT.'?d='.$filename; ?>'" />
 			<input type="button" class="button" name="copy_file"   value="Copy"        onclick="parent.location='<?php echo $ONESCRIPT.'?c='.$filename; ?>'" />
-			<input type="button" class="button" name="close"       value="Close"       onclick="parent.location='<?php echo $ONESCRIPT.'?i='.substr($_GET["f"],0,strrpos($_GET["f"],"/")); ?>'" />
+			<?php Close_Button(""); ?>
 		</p><div class="meta">
-			<p><i>File Size:</i> <?php echo round(filesize($filename)/1000,2); ?> kb - 
-			<i>Last Updated:</i> <?php echo date("n/j/y g:ia", filemtime($filename)); ?></p>
+			<p>File Size: <?php echo number_format(filesize($filename)); ?> &nbsp; &ndash; &nbsp;
+			   Updated: <?php echo date("Y-m-d\, h:ia", filemtime($filename)); ?>
+			</p>
 		</div>
 	</form>
 	<div style="clear:both;"></div>
@@ -424,11 +428,12 @@ function Cancel_Submit_Buttons($button_label) {
 		$files = glob($varvar."*",GLOB_ONLYDIR);
 		sort($files);
 		foreach ($files as $file) {
-			echo '<a href="'.$ONESCRIPT.'?i='.$file.'" class="folder">'.basename($file).'</a>';
+			echo '<a href="'.$ONESCRIPT.'?i='.$file.'" class="folder">'.basename($file).' /</a>';
 		} ?>
 	</p>
 	
 
+
 	<!--============= List files ==============-->
 	<div style="clear:both;"></div>
 	<ul class="index <?php echo $_COOKIE['index_display']; ?>">

From a3839e1bef82133c02c9cbd1c2a4104d708bd2a9 Mon Sep 17 00:00:00 2001
From: David <selfevidenttruths@mail.com>
Date: Fri, 20 Apr 2012 16:51:05 -0400
Subject: [PATCH 031/228] switched to generic custom icons. Also, added a
 couple file types/ icons cleared/emptied footer removed cookie reference
 (wasn't used) tweaked some styles Some code (css & php) formatting

---
 onefilecms.css | 295 ++++++++++++++++++++++++++++---------------------
 onefilecms.php |  17 +--
 2 files changed, 180 insertions(+), 132 deletions(-)

diff --git a/onefilecms.css b/onefilecms.css
index 8415d33..c5c1645 100755
--- a/onefilecms.css
+++ b/onefilecms.css
@@ -4,48 +4,77 @@
  */ 
 
 
+/* #774200 #807568 #976322 #995400 #d4d4d4 #0F0901
+   rgb(157, 124, 83) rgb(157, 124, 83)
+ */
+
 /* --- reset --- */
 html,body,div,span,applet,object,iframe,h1,h2,h3,h4,h5,h6,p,blockquote,pre,a,abbr,acronym,address,big,
 cite,code,del,dfn,em,font,img,ins,kbd,q,s,samp,small,strike,strong,sub,sup,tt,var,dl,dt,dd,ol,ul,li,
-fieldset,form,label,legend,table,caption,tbody,tfoot,thead,tr,th,td{border:0;outline:0;font-weight:inherit;font-style:inherit;font-size:100%;font-family:inherit;vertical-align:baseline;margin:0;padding:0;}
+fieldset,form,label,legend,table,caption,tbody,tfoot,thead,tr,th,td
+	{
+	border : 0;
+	outline: 0;
+	margin : 0;
+	padding: 0;
+	font-weight: inherit;
+	font-style : inherit;
+	font-size  : 100%;
+	font-family: inherit;
+	vertical-align: baseline;
+	}
+
 :focus{outline:0;}
+
 ol,ul{list-style:none;}
+
 table{border-collapse:separate;border-spacing:0;}
+
 caption,th,td{text-align:left;font-weight:400;}
+
 blockquote:before,blockquote:after,q:before,q:after{content:"";}
 blockquote,q{quotes:"" "";}
+
 div{position: relative;}
+
 h1,h2,h3,h4,h5,h6{font-weight: bold;}
 
 body {
-	font-size: 12px;
-	line-height: 20px;
+	font-size: 1em;
 	background: #d5d0cc;
 	font-family: sans-serif;
-	color: #0F0901;
-}
+	}
+
 
 /* --- layout --- */
 
 .container {
-	width: 800px;
-	padding: 0 10px;
-	margin: 20px auto;
-}
+	border : 0px solid #807568;
+	width  : 810px;
+	margin : 0em auto;
+	}
+
 
 .header {
-	margin-bottom: 1em; padding-bottom: .9em;
-	border-bottom: 1px solid #807568; /*using <hr>. Styles at bottom of this file*/
-	color: #676767;
-	position: relative;
-}
+	border-bottom : 1px solid #807568;
+	padding: 04px 0px 04px 0px;
+	margin : 0;
+	margin-bottom : .5em;
+	}
 
 
-#logo {font-family: 'Trebuchet MS', sans-serif; font-size:2.9em; font-weight: bold; color: black;}
+#logo {
+	font-family: 'Trebuchet MS', sans-serif;
+	font-size:2.2em;
+	font-weight: bold;
+	color: black;
+	padding: .1em;
+	}
 
 
 .footer {
 	color: #777;
+	font-size: .7em;
 	/*****************
 	margin-top: 10px;
 	padding-top: 10px;
@@ -60,22 +89,35 @@ body {
 /* --- general formatting --- */
 
 h2,h3,p,ul,table { margin-bottom: 10px; }
-p, li {line-height: 1.4em; }
+
+Xp, li {line-height: 1.4em; }
+
 form p { margin-bottom: 5px; }
-a { color: #774200; text-decoration: none; border: 1px solid  transparent; }
-a:hover { color: #976322; }
-a:hover { color: #995400; border: 1px solid #807568; background-color: #fffbce; }
+
+a { border: 1px solid transparent; color: rgb(100,45,0); text-decoration: none; }
+
+a:hover {
+	border: 1px solid #807568;
+	Xcolor: #995400;
+	background-color: #fffbce;
+	}
+
 h2 { font-size: 20px; }
+
 h3 { font-size: 18px; margin-top: 15px; }
+
+h4 { font-size: 1.3em; margin-bottom: .2em; font-weight: normal;}
+
 em, i { font-style: italic; }
+
 strong { font-weight: bold; }
 
 label {
-	font-size: 14px;
-	font-style: italic;
-	width: 110px;
 	display: inline-block;
-}
+	width  : 7em;
+	font-size : 14px;
+	font-style: italic;
+	}
 
 pre {
 	background: white;
@@ -86,35 +128,39 @@ pre {
 	padding: 10px;
 	margin: 5px 0 10px 0;
 	overflow: hidden;
-}
+	}
 
 .page_login label {
 	display: block;
 	margin-bottom: 2px;
-}
+	}
 
 .alignleft {
 	margin: 0 10px 10px 0;
 	float: left;
-}
+	}
 
 .left70 {
 	width: 70px;
 	display: inline-block;
-}
+	}
 
 #message {
-	margin-bottom: 10px;
-	padding-bottom: 10px;
-	border-bottom: 1px solid #807568;
-}
+	margin-bottom: .5em;
+	Xpadding-bottom: 10px;
+	Xborder-bottom : 1px solid #807568;
+	}
 
-#message p {font-size: 1.3em;
+#message p {
 	margin: 0;
 	padding: 5px 5px 5px 30px;
 	border: 1px solid #807568;
-	background: #fff000 url("http://self-evident.github.com/OneFileCMS/images/silk_error.png") 10px 5px no-repeat;
-}
+	font-family: Lucida Console, "Courier New" ;
+	font-size: .95em;
+	line-height: 1em;
+	background: #fff000;
+	}
+
 
 /* --- INDEX --- */
 
@@ -125,7 +171,7 @@ pre {
 	width: 192.5px;
 	float: left;
 	position: relative;
-}
+	}
 
 .index a {
 	height: 28px;
@@ -133,20 +179,39 @@ pre {
 	padding: 7px 5px 7px 35px;
 	border: 1px solid #807568;
 	text-decoration: none;
-	background: white url("http://self-evident.github.com/OneFileCMS/images/silk_file.png") 10px 10px no-repeat;
+	background: white url("http://self-evident.github.com/OneFileCMS/images/file-2.png") 10px 10px no-repeat;
 	overflow: hidden;
 	line-height: 1em;
-}
+	}
 
 
-.index a.css { background: white url("http://self-evident.github.com/OneFileCMS/images/silk_css.png") 10px 10px no-repeat; }
-.index a.img { background: white url("http://self-evident.github.com/OneFileCMS/images/silk_image.png") 10px 10px no-repeat; }
-.index a.php { background: white url("http://self-evident.github.com/OneFileCMS/images/silk_php.png") 10px 10px no-repeat; }
+.index a.css { background: white url("http://self-evident.github.com/OneFileCMS/images/file-2s.png") 10px 10px no-repeat; }
+.index a.img { background: white url("http://self-evident.github.com/OneFileCMS/images/img-2.png") 10px 10px no-repeat; }
+.index a.php { background: white url("http://self-evident.github.com/OneFileCMS/images/file-2p.png") 10px 10px no-repeat; }
 
 .index a:hover {
 	background-color: #fffbce;
 	border: 1px solid #969376;
-}
+	}
+
+
+/* File size & date */
+
+.meta_size {
+	Xwidth         : 9em;
+	padding-left  :  1em;
+	padding-right : .5em;
+	text-align    : right;
+    font-size     : .8em; color: #333;
+	}
+
+.meta_time {
+	width         : 12em;
+	padding-right : .5em;
+	text-align    : right;
+	font-size     : .8em; color: #333;
+	}
+
 
 .index .meta {
 	font-size: 11px;
@@ -154,94 +219,69 @@ pre {
 	margin-top: 3px;
 	overflow: hidden;
 	line-height: 1.1em;
-}
-.index_folders { min-height: 2em; }
-.index_folders a {
-	display: inline-block;
-	font-size: 16px;
-	margin-right: 15px;
-	padding: 2px 4px 2px 20px;
-	display: inline-block;
-	background: url("http://self-evident.github.com/OneFileCMS/images/silk_folder.png") 0 2px no-repeat;
-}
-.index_folders a:hover { background-color: #fffbce; }
-/* --- list view --- */
-
-ul.list {
-	width: 100%;
-	margin-bottom: 31px;
-}
-
-ul.index.list * {
-	width: auto;
-	height: auto;
-	padding: 0;
-	margin: 0;
-	display: visible;
-	line-height: 21px;
-}
+	}
+
 
-ul.index.list li {
-	float: none;
-	clear: both;
-}
 
-ul.index.list li a {
-	display: block;
-	float: left;
-	background-color: transparent;
-	background-position: top left;
-	border: none;
-	width: 200px;
-	text-indent: 26px;
-}
+.index_folders {
+	min-height: 1.4em; 
+	margin-bottom: .2em
+	}
 
-ul.list .meta {
-	display: block;
-	float: left;
-	height: auto;
-}
+.index_folders a { Xborder: 1px solid black;
+	display      : inline-block;
+	line-height  : 1.1em;
+	font-size    : 1em;
+	margin-right : .6em;
+	padding      : 2px 4px 2px 20px;
+	padding-left : 25px;
+	padding-right:  .5em;
+	padding-top  : .1em;
+	padding-bottom : .1em;
+	background : url("http://self-evident.github.com/OneFileCMS/images/folder-2.png") 4px 3px no-repeat;
+	}
 
-ul.list .meta br { display: none; }
+.index_folders a:hover { background-color: #fffbce; }
 
-ul.list .meta span {
-	display: block;
-	float: left;
-	width: 200px;
-}
 
+/*  [Upload File] [New File] [New Folder] etc... */
 
 .front_links { clear: both; }
 
-.front_links a { padding: 3px;
+.front_links a {
+	border: 1px solid #807568;
 	font-size: 16px;
 	margin-right: 15px;
-	padding-left: 21px;
+	padding: 3px 5px 5px 21px; /*T R B L*/
 	height: 16px;
 	display: inline-block;
-}
+	}
+
+.front_links a.upload       { background: url("http://self-evident.github.com/OneFileCMS/images/upload.png") 3px      3px no-repeat; }
+.front_links a.new          { background: url("http://self-evident.github.com/OneFileCMS/images/file-new-2.png")      3px 4px no-repeat; }
+.front_links a.newfolder    { background: url("http://self-evident.github.com/OneFileCMS/images/folder-new-2.png")    2px 5px no-repeat; }
+.front_links a.renamefolder { background: url("http://self-evident.github.com/OneFileCMS/images/folder-rename-1.png") 1px 4px no-repeat; }
+.front_links a.deletefolder { background: url("http://self-evident.github.com/OneFileCMS/images/folder-del-3.png")    1px 5px no-repeat; }
+.front_links a.settings     { background: url("http://self-evident.github.com/OneFileCMS/images/settings.png")        2px 3px no-repeat; }
+
+.front_links a:hover        { border: 1px solid #807568; background-color: #fffbce; }
 
-.front_links a.settings { background: url("http://self-evident.github.com/OneFileCMS/images/silk_settings.png") 0 3px no-repeat; }
-.front_links a.new { background: url("http://self-evident.github.com/OneFileCMS/images/silk_new.png") 0 3px no-repeat; }
-.front_links a.newfolder { background: url("http://self-evident.github.com/OneFileCMS/images/silk_newfolder.png") 0 2px no-repeat; }
-.front_links a.deletefolder { background: url("http://self-evident.github.com/OneFileCMS/images/silk_deletefolder.png") 0 2px no-repeat; }
-.front_links a.renamefolder { background: url("http://self-evident.github.com/OneFileCMS/images/silk_renamefolder.png") 0 2px no-repeat; }
-.front_links a.upload { background: url("http://self-evident.github.com/OneFileCMS/images/silk_upload.png") 0 3px no-repeat; }
-.front_links a.other { background: url("http://self-evident.github.com/OneFileCMS/images/silk_other.png") 0 3px no-repeat; }
-.front_links a:hover { border: 1px solid #807568; background-color: #fffbce; }
 form .meta { z-index: -1; }
 
 .textinput {
 	border: 1px solid #807568;
 	padding: 2px;
 	width: 650px;
-	font: 1.3em "Courier New", Courier, monospace;
-}
+	font: 1em "Courier New", Courier, monospace;
+	}
 
 textarea.textinput {
-	width: 794px;
-	height: 550px;
-}
+	font  : 1em "Courier New", Courier, monospace;
+	margin: 0 0 .5em 0; /*T R B L*/
+	width : 99.5%;
+	height: 30em;
+	height: 30em;
+	}
 
 textarea.disabled { height: 50px; }
 
@@ -257,34 +297,22 @@ textarea.disabled { height: 50px; }
 	cursor: pointer;
 	font-size: 14px;
 	font-family: sans-serif;
-}
+	}
 
 .button:hover { background-color: #eaeaea; }
 .button[disabled]:hover { background-color: #d4d4d4; }
 
-/* --- header --- */
 
-h1 a {
-	font-size: 28px;
-	text-decoration: none;
-	color: #0F0901;
-}
+#action {color: white; background-color: rgb(235,70,70); font-weight: 700;}
 
-h1 a.onefilecms {
-	background: url("http://self-evident.github.com/OneFileCMS/images/logo.gif") top left no-repeat;
-	width: 208px;
-	height: 29px;
-	display: block;
-	text-indent: -2000px;
-}
 
-h1 a:visited { color: #0F0901; }
+/* --- header --- */
 
 .nav {
 	float     : right;
 	display   : inline-block;
-	margin-top: .8em;
-	font-size :  1.2em;
+	margin-top: 1.6em;
+	font-size : 1em;
 	}
 
 .nav a {
@@ -300,6 +328,23 @@ h1 a:visited { color: #0F0901; }
 .nav a:hover {border: 01px solid #807568;}
 
 
+h1 a {
+	font-size: 28px;
+	text-decoration: none;
+	color: #0F0901;
+	}
+
+h1 a.onefilecms {
+	width: 208px;
+	height: 29px;
+	display: block;
+	text-indent: -2000px;
+	}
+
+h1 a:visited { color: #0F0901; }
+
+
+
 /* --- edit --- */
 
 #edit_header {float: left;}
@@ -322,7 +367,7 @@ h1 a:visited { color: #0F0901; }
 	border  : 1px solid #807568;
 	padding : 2px 0px 2px 2px;
 	width   : 356px;
-	font    : 1.3em Courier;
+	font    : 1em Courier;
 }
 
 
diff --git a/onefilecms.php b/onefilecms.php
index 8a61857..6552db3 100755
--- a/onefilecms.php
+++ b/onefilecms.php
@@ -14,6 +14,7 @@
 //$config_hint     = ""; //Not currently used
 $config_title     = "OneFileCMS";
 $config_footer    = date("Y")." <a href='http://onefilecms.com/'>OneFileCMS</a>.";
+
 $config_disabled  = "bmp,ico,gif,jpg,png,psd,zip,exe,swf";
 $config_excluded  = ""; //files to exclude from directory listings
 $config_LOCAL     = "_onefilecms/";  //local directory for icons, .css, .js, etc...
@@ -436,7 +437,7 @@ function Cancel_Submit_Buttons($button_label) {
 
 	<!--============= List files ==============-->
 	<div style="clear:both;"></div>
-	<ul class="index <?php echo $_COOKIE['index_display']; ?>">
+	<ul class="index">
 		<?php $files = glob($varvar."{,.}*", GLOB_BRACE); sort($files);
 		foreach ($files as $file) {
 			$excludeme = 0;
@@ -459,7 +460,10 @@ function Cancel_Submit_Buttons($button_label) {
 					$file_class = "img";
 				};
 				if (strrpos($lfile,".css")) { $file_class = "css"; };
-				if (strrpos($lfile,".php")) { $file_class = "php"; }; ?>
+				if (strrpos($lfile,".php")) { $file_class = "php"; };
+				if (strrpos($lfile,".htm")) { $file_class = "htm"; };
+				if (strrpos($lfile,".html")) { $file_class = "htm"; };
+		?>
 					<li>
 						<a href="<?php echo $ONESCRIPT.'?f='.$file.'" class=" '.$file_class.'">';
 						echo basename($file); ?></a>
@@ -524,8 +528,7 @@ function Cancel_Submit_Buttons($button_label) {
 	if (isset($_GET["i"])) { $varvar = "?i=".$_GET["i"]; }?>
 		<h2>New File</h2>
 		<p>Existing files with the same name will not be overwritten.</p>
-		<form method="post" id="new" action="<?php echo
-		$ONESCRIPT.substr_replace($varvar,"",-1); ?>">
+		<form method="post" id="new" action="<?php echo $ONESCRIPT.substr_replace($varvar,"",-1); ?>">
 			<input type="hidden" name="sessionid" value="<?php echo session_id(); ?>" />
 			<p>
 				<label for="new_filename">New filename: </label>
@@ -559,8 +562,7 @@ function Cancel_Submit_Buttons($button_label) {
 // RENAME FILE *****************************************************************
 if ($page == "rename") {
 	$varvar = "?i=".substr($_GET["r"],0,strrpos($_GET["r"],"/")); ?>
-	<h2>Rename &ldquo;<a href="/<?php echo $filename; ?>">
-	<?php echo $filename; ?></a>&rdquo;</h2>
+	<h2>Rename &ldquo;<a href="/<?php echo $filename; ?>">	<?php echo $filename; ?> </a>&rdquo;</h2>
 	<p>Existing files with the same filename are automatically overwritten... Be 
 	careful!</p>
 	<p>To move a file, preface its name with the folder's name, as in 
@@ -624,7 +626,7 @@ function Cancel_Submit_Buttons($button_label) {
 
 
 <div class="footer"> <hr>
-(Icons courtesy of <a href="http://www.famfamfam.com/lab/icons/silk/" target="_BLANK">FAMFAMFAM</a>)
+
 </div>
 
 </div>
@@ -643,6 +645,7 @@ function Cancel_Submit_Buttons($button_label) {
 	
 		var $message = $("#message"),
 		    $save_file = $("#save_file");
+
 		//This line fades out the message after specified time (3000 = 3 seconds)
 		//if ( $message.length > 0 ) { $message.animate({opacity: 1.0}, 3000).fadeOut(); };
 		

From 22a3afc502bfac25ad8c5f7025a4be3ae8a1a5c8 Mon Sep 17 00:00:00 2001
From: Self-Evident <selfevidenttruths@mail.com>
Date: Sat, 21 Apr 2012 15:36:35 -0400
Subject: [PATCH 032/228] Changed $loadcontent to $filecontent.  Seems more
 intuitive.

---
 onefilecms.php | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/onefilecms.php b/onefilecms.php
index 6552db3..c9ff8eb 100755
--- a/onefilecms.php
+++ b/onefilecms.php
@@ -162,8 +162,8 @@ function Cancel_Submit_Buttons($button_label) {
 		$pagetitle = "Edit &ldquo;".$filename."&rdquo;";
 		$fp = @fopen($filename, "r");
 		if (filesize($filename) !== 0) {
-			$loadcontent = fread($fp, filesize($filename));
-			$loadcontent = htmlspecialchars($loadcontent);
+			$filecontent = fread($fp, filesize($filename));
+			$filecontent = htmlspecialchars($filecontent);
 		}
 		fclose($fp);
 	} else {
@@ -372,7 +372,7 @@ function Cancel_Submit_Buttons($button_label) {
 		<?php } else { ?>
 			<p>
 				<input type="hidden" name="filename" id="filename" class="textinput" value="<?php echo $filename; ?>" />
-				<textarea name="content" class="textinput" cols="70" rows="25"><?php echo $loadcontent; ?></textarea>
+				<textarea name="content" class="textinput" cols="70" rows="25"><?php echo $filecontent; ?></textarea>
 			</p>
 			<p class="buttons_right">
 				<input type="submit" class="button" name="save_file" id="save_file" value="Save" />

From 3d1dcec7d7b978d4df86c4d7e9e6b86800dcf5e3 Mon Sep 17 00:00:00 2001
From: Self-Evident <selfevidenttruths@mail.com>
Date: Sun, 22 Apr 2012 00:45:56 -0400
Subject: [PATCH 033/228] Corrected/improved handling of local -vs- hosted
 css... This will ultimately be for naught, once the CSS is embedded. But, I
 just can't leave well enought alone...

---
 onefilecms.php | 36 ++++++++++++++++++++++++------------
 1 file changed, 24 insertions(+), 12 deletions(-)

diff --git a/onefilecms.php b/onefilecms.php
index c9ff8eb..5ef230d 100755
--- a/onefilecms.php
+++ b/onefilecms.php
@@ -6,6 +6,9 @@
 
 if( phpversion() < '5.0.0' ) { exit("OneFileCMS requires PHP5 to operate. Please contact your host to upgrade your PHP installation."); };
 
+$CWD              = $CWD = str_replace("\\","/",getcwd());
+$DOC_ROOT         = $_SERVER["DOCUMENT_ROOT"];
+
 // CONFIGURATION INFO
 $version          = "1.1.7"; // ONEFILECMS_BEGIN
 $ONESCRIPT        = $_SERVER["SCRIPT_NAME"];
@@ -14,18 +17,19 @@
 //$config_hint     = ""; //Not currently used
 $config_title     = "OneFileCMS";
 $config_footer    = date("Y")." <a href='http://onefilecms.com/'>OneFileCMS</a>.";
-
 $config_disabled  = "bmp,ico,gif,jpg,png,psd,zip,exe,swf";
 $config_excluded  = ""; //files to exclude from directory listings
-$config_LOCAL     = "_onefilecms/";  //local directory for icons, .css, .js, etc...
-$config_csslocal  = $config_LOCAL."onefilecms.css"; //Relative to site URL root. Don't use leading '/'.
+
+$config_LOCAL     = "/onefilecms/";  //local directory for icons, .css, .js, etc...
+$config_csslocal  = "onefilecms.css";                 //Relative to this file.
+//$config_csslocal  = $config_LOCAL."onefilecms.css"; //Relative to site URL root.
 $config_csshosted = "http://self-evident.github.com/OneFileCMS/onefilecms.css";
-$config_JQlocal   = $config_LOCAL."jquery.min.js";
+$config_JQlocal   = "jquery.min.js";
 $config_JQhosted  = "http://code.jquery.com/jquery-1.7.2.min.js";
 //$config_JQhosted  = "http://ajax.googleapis.com/ajax/libs/jquery/1.7/jquery.min.js";
 
 //Allows OneFileCMS.php to be started from any dir on the site.
-chdir($_SERVER["DOCUMENT_ROOT"]);
+chdir($DOC_ROOT);
 
 
 
@@ -259,11 +263,19 @@ function Cancel_Submit_Buttons($button_label) {
 
 <title><?php echo $config_title.' - '.$pagetitle; ?></title>
 
-<?php 
-$STYLE_SHEET = '/'.$config_csslocal;
-//Check for local style sheet
-if (!file_exists($config_csslocal)) { $STYLE_SHEET = $config_csshosted; }
-?>
+
+<?php //*** Determine if using a local or a hosted style sheet ***
+
+$STYLE_SHEET = $config_csslocal;
+$ROOT = $DOC_ROOT; 
+
+// If csslocal has a leading /, assume it's location relative to $DOC_ROOT
+// If it has no leading /, assume it is relative to this file.
+if (substr($config_csslocal,0,1) != "/"){ $ROOT = $CWD.'/'; }
+
+//Check for local style sheet. If not found, use hosted copy.
+if (!file_exists($ROOT.$config_csslocal)) { $STYLE_SHEET = $config_csshosted; }
+//***************************************************************?>
 
 <link href="<?php echo $STYLE_SHEET;?>" type="text/css" rel="stylesheet" />
 
@@ -634,9 +646,9 @@ function Cancel_Submit_Buttons($button_label) {
 
 
 <?php //************************************************************************
-$JQUERY = '/'.$config_JQlocal;
 //Check for local copy of jquery
-if (!file_exists($config_JQlocal)) { $JQUERY = $config_JQhosted; }
+$JQUERY = $config_JQlocal;
+if (!file_exists($DOC_ROOT.$config_JQlocal)) { $JQUERY = $config_JQhosted; }
 ?>
 
 <script src="<?php echo $JQUERY; ?>"></script>

From ac1d79dbf7b02dc485576b437b11d2052943618b Mon Sep 17 00:00:00 2001
From: Self-Evident <selfevidenttruths@mail.com>
Date: Sun, 22 Apr 2012 02:49:36 -0400
Subject: [PATCH 034/228] Switched from $config_disabled to $config_editable. 
 And, of course, some minor code spacing/formatting in // Edit sections.

---
 onefilecms.php | 33 +++++++++++++++++++++------------
 1 file changed, 21 insertions(+), 12 deletions(-)

diff --git a/onefilecms.php b/onefilecms.php
index 5ef230d..976a147 100755
--- a/onefilecms.php
+++ b/onefilecms.php
@@ -17,12 +17,12 @@
 //$config_hint     = ""; //Not currently used
 $config_title     = "OneFileCMS";
 $config_footer    = date("Y")." <a href='http://onefilecms.com/'>OneFileCMS</a>.";
-$config_disabled  = "bmp,ico,gif,jpg,png,psd,zip,exe,swf";
+$config_editable  = "html,htm,php,css,txt,text,conf,ini,csv";
 $config_excluded  = ""; //files to exclude from directory listings
 
 $config_LOCAL     = "/onefilecms/";  //local directory for icons, .css, .js, etc...
-$config_csslocal  = "onefilecms.css";                 //Relative to this file.
-//$config_csslocal  = $config_LOCAL."onefilecms.css"; //Relative to site URL root.
+$config_csslocal  = "onefilecms.css";    //Relative to this file.
+//$config_csslocal  ="/onefilecms.css";  //Relative to site URL root.
 $config_csshosted = "http://self-evident.github.com/OneFileCMS/onefilecms.css";
 $config_JQlocal   = "jquery.min.js";
 $config_JQhosted  = "http://code.jquery.com/jquery-1.7.2.min.js";
@@ -149,6 +149,8 @@ function Cancel_Submit_Buttons($button_label) {
 
 
 // EDIT ************************************************************************
+
+//*** If on Edit page, and [Save] clicked:
 if (isset($_POST["filename"]) && $_SESSION['onefilecms_valid'] = "1" && $_POST["sessionid"] == session_id()) {
 	$filename = $_POST["filename"];
 	$content = stripslashes($_POST["content"]);
@@ -158,7 +160,9 @@ function Cancel_Submit_Buttons($button_label) {
 		fclose($fp);
 	}
 	$message = '<b>'.$filename."</b> saved successfully.";
-}
+}//***
+
+//*** If in directory list, and a filename is clicked:
 if (isset($_GET["f"])) {
 	$filename = stripslashes($_GET["f"]);
 	if (file_exists($filename)) {
@@ -175,7 +179,7 @@ function Cancel_Submit_Buttons($button_label) {
 		unset ($filename);
 		$message = "File does not exist.";
 	}
-}
+}//***
 
 
 
@@ -252,6 +256,7 @@ function Cancel_Submit_Buttons($button_label) {
 
 
 
+//******************************************************************************
 //******************************************************************************
 ?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
 <html xmlns="http://www.w3.org/1999/xhtml">
@@ -365,23 +370,26 @@ function Cancel_Submit_Buttons($button_label) {
 
 // EDIT ************************************************************************
 if ($page == "edit") { ?>
-	<h2 id="edit_header">Edit &ldquo;
-	<a href="/<?php echo $filename; ?>" >
-	<?php echo $filename; ?>
+	<h2 id="edit_header">Edit &ldquo;<a href="/<?php echo $filename; ?>" > 
+	 <?php echo $filename; ?> 
 	</a>&rdquo;</h2>
 
 	<form method="post" action="<?php echo $ONESCRIPT.'?f='.$filename; ?>">
 		<?php Close_Button("close"); ?>
 		<input type="hidden" name="sessionid" value="<?php echo session_id(); ?>" />
-		<?php $lfile = strtolower($filename);
-		if (strpos($config_disabled,end(explode(".", $lfile)))) { ?>
+
+		<?php
+		$ext = end( explode(".", strtolower($filename)) );
+		if (strpos($config_editable,$ext) === false) { ?>
 			<p>
-				<textarea name="content" class="textinput disabled" cols="70" rows="25" disabled="disabled">Disabled.</textarea>
+				<textarea name="content" class="textinput disabled" cols="70" rows="25" disabled="disabled">Non-text or unkown file type. Edit disabled.
+				</textarea>
 			</p>
 			<p class="buttons_right">
 				<input type="submit" class="button" name="save_file" value="Save" 
 				disabled="disabled" />
 		<?php } else { ?>
+
 			<p>
 				<input type="hidden" name="filename" id="filename" class="textinput" value="<?php echo $filename; ?>" />
 				<textarea name="content" class="textinput" cols="70" rows="25"><?php echo $filecontent; ?></textarea>
@@ -389,11 +397,12 @@ function Cancel_Submit_Buttons($button_label) {
 			<p class="buttons_right">
 				<input type="submit" class="button" name="save_file" id="save_file" value="Save" />
 		<?php } ?>
+
 			<input type="button" class="button" name="rename_file" value="Rename/Move" onclick="parent.location='<?php echo $ONESCRIPT.'?r='.$filename; ?>'" />
 			<input type="button" class="button" name="delete_file" value="Delete"      onclick="parent.location='<?php echo $ONESCRIPT.'?d='.$filename; ?>'" />
 			<input type="button" class="button" name="copy_file"   value="Copy"        onclick="parent.location='<?php echo $ONESCRIPT.'?c='.$filename; ?>'" />
 			<?php Close_Button(""); ?>
-		</p><div class="meta">
+			</p><div class="meta">
 			<p>File Size: <?php echo number_format(filesize($filename)); ?> &nbsp; &ndash; &nbsp;
 			   Updated: <?php echo date("Y-m-d\, h:ia", filemtime($filename)); ?>
 			</p>

From 3e44c1a28d57fa977c9d27c2073c1c136b928a4d Mon Sep 17 00:00:00 2001
From: Self-Evident <selfevidenttruths@mail.com>
Date: Sun, 22 Apr 2012 10:03:28 -0400
Subject: [PATCH 035/228] in .css, added a couple file type icons; added styles
 for table list format Code to select table list format not yet in .php

---
 onefilecms.css | 49 ++++++++++++++++++++++++++++++++++++++++++++++---
 1 file changed, 46 insertions(+), 3 deletions(-)

diff --git a/onefilecms.css b/onefilecms.css
index c5c1645..9254d56 100755
--- a/onefilecms.css
+++ b/onefilecms.css
@@ -41,7 +41,7 @@ h1,h2,h3,h4,h5,h6{font-weight: bold;}
 
 body {
 	font-size: 1em;
-	background: #d5d0cc;
+	background: #d5d0cc; background: cyan;
 	font-family: sans-serif;
 	}
 
@@ -179,15 +179,17 @@ pre {
 	padding: 7px 5px 7px 35px;
 	border: 1px solid #807568;
 	text-decoration: none;
-	background: white url("http://self-evident.github.com/OneFileCMS/images/file-2.png") 10px 10px no-repeat;
+	background: white url("http://self-evident.github.com/OneFileCMS/images/binary-3.png") 10px 10px no-repeat;
 	overflow: hidden;
 	line-height: 1em;
 	}
 
 
+.index a.img { background: white url("http://self-evident.github.com/OneFileCMS/images/img-2.png")   10px 10px no-repeat; }
+.index a.txt { background: white url("http://self-evident.github.com/OneFileCMS/images/file-2.png")  10px 10px no-repeat; }
 .index a.css { background: white url("http://self-evident.github.com/OneFileCMS/images/file-2s.png") 10px 10px no-repeat; }
-.index a.img { background: white url("http://self-evident.github.com/OneFileCMS/images/img-2.png") 10px 10px no-repeat; }
 .index a.php { background: white url("http://self-evident.github.com/OneFileCMS/images/file-2p.png") 10px 10px no-repeat; }
+.index a.htm { background: white url("http://self-evident.github.com/OneFileCMS/images/file-2h.png") 10px 10px no-repeat; }
 
 .index a:hover {
 	background-color: #fffbce;
@@ -195,6 +197,47 @@ pre {
 	}
 
 
+/* --- INDEX directory listing, table format --- */
+table.index_T {
+	min-width: 30em;
+	font-size: .95em;
+	border-style: outset;
+	border-width: 1px;
+	border-color: #807568;
+	border-collapse: collapse;
+	margin-bottom: .7em;
+	background-color:white;
+	}
+	
+table.index_T td { 
+	border-width: 1px;
+	border-color: silver;
+	border-style: inset;
+	vertical-align:middle;
+	}
+
+.index_T a { 
+	height : 1em;
+	display: block;
+	padding: .2em 1em .3em 1.6em;
+	color: rgb(100,45,0);
+	border : none;
+	background : url("http://self-evident.github.com/OneFileCMS/images/binary-3.png") 3px no-repeat;
+	overflow   : hidden;
+	}
+
+/*	background : url("http://self-evident.github.com/OneFileCMS/images/silk_file.png") 4px no-repeat;*/
+
+.index_T a.txt { background: url("http://self-evident.github.com/OneFileCMS/images/file-2.png")  3px no-repeat; }
+.index_T a.htm { background: url("http://self-evident.github.com/OneFileCMS/images/file-2h.png") 3px no-repeat; }
+.index_T a.css { background: url("http://self-evident.github.com/OneFileCMS/images/file-2s.png") 3px no-repeat; }
+.index_T a.php { background: url("http://self-evident.github.com/OneFileCMS/images/file-2p.png") 3px no-repeat; }
+.index_T a.cnf { background: url("http://self-evident.github.com/OneFileCMS/images/file-2.png")  3px no-repeat; }
+.index_T a.img { background: url("http://self-evident.github.com/OneFileCMS/images/img-2.png")   3px no-repeat; }
+
+.index_T a:hover { background-color: #FFF573; } /*#fffbce #969376; rgb(255,245,115);*/
+
+
 /* File size & date */
 
 .meta_size {

From c906d6db2d57230035ca59ca5a6cd11e42b0bad5 Mon Sep 17 00:00:00 2001
From: Self-Evident <selfevidenttruths@mail.com>
Date: Sun, 22 Apr 2012 14:52:11 -0400
Subject: [PATCH 036/228] Improved how file type icons are determined &
 assigned. File size is now just in bytes, not kB

---
 onefilecms.css | 32 +++++++++++++++++---------------
 onefilecms.php | 50 +++++++++++++++++++++++++++-----------------------
 2 files changed, 44 insertions(+), 38 deletions(-)

diff --git a/onefilecms.css b/onefilecms.css
index 9254d56..638db89 100755
--- a/onefilecms.css
+++ b/onefilecms.css
@@ -41,7 +41,7 @@ h1,h2,h3,h4,h5,h6{font-weight: bold;}
 
 body {
 	font-size: 1em;
-	background: #d5d0cc; background: cyan;
+	background: #d5d0cc;
 	font-family: sans-serif;
 	}
 
@@ -179,17 +179,18 @@ pre {
 	padding: 7px 5px 7px 35px;
 	border: 1px solid #807568;
 	text-decoration: none;
-	background: white url("http://self-evident.github.com/OneFileCMS/images/binary-3.png") 10px 10px no-repeat;
+	background: white url("http://self-evident.github.com/OneFileCMS/images/file-bin.png") 3px no-repeat;
 	overflow: hidden;
 	line-height: 1em;
 	}
 
-
-.index a.img { background: white url("http://self-evident.github.com/OneFileCMS/images/img-2.png")   10px 10px no-repeat; }
-.index a.txt { background: white url("http://self-evident.github.com/OneFileCMS/images/file-2.png")  10px 10px no-repeat; }
-.index a.css { background: white url("http://self-evident.github.com/OneFileCMS/images/file-2s.png") 10px 10px no-repeat; }
-.index a.php { background: white url("http://self-evident.github.com/OneFileCMS/images/file-2p.png") 10px 10px no-repeat; }
-.index a.htm { background: white url("http://self-evident.github.com/OneFileCMS/images/file-2h.png") 10px 10px no-repeat; }
+.index a.bin { background:white url("http://self-evident.github.com/OneFileCMS/images/file-bin.png") 3px no-repeat; }
+.index a.img { background:white url("http://self-evident.github.com/OneFileCMS/images/file-img.png") 3px no-repeat; }
+.index a.txt { background:white url("http://self-evident.github.com/OneFileCMS/images/file-txt.png") 3px no-repeat; }
+.index a.cfg { background:white url("http://self-evident.github.com/OneFileCMS/images/file-cfg.png") 3px no-repeat; }
+.index a.css { background:white url("http://self-evident.github.com/OneFileCMS/images/file-css.png") 3px no-repeat; }
+.index a.htm { background:white url("http://self-evident.github.com/OneFileCMS/images/file-htm.png") 3px no-repeat; }
+.index a.php { background:white url("http://self-evident.github.com/OneFileCMS/images/file-php.png") 3px no-repeat; }
 
 .index a:hover {
 	background-color: #fffbce;
@@ -222,18 +223,19 @@ table.index_T td {
 	padding: .2em 1em .3em 1.6em;
 	color: rgb(100,45,0);
 	border : none;
-	background : url("http://self-evident.github.com/OneFileCMS/images/binary-3.png") 3px no-repeat;
+	background : url("http://self-evident.github.com/OneFileCMS/images/file-bin.png") 3px no-repeat;
 	overflow   : hidden;
 	}
 
 /*	background : url("http://self-evident.github.com/OneFileCMS/images/silk_file.png") 4px no-repeat;*/
 
-.index_T a.txt { background: url("http://self-evident.github.com/OneFileCMS/images/file-2.png")  3px no-repeat; }
-.index_T a.htm { background: url("http://self-evident.github.com/OneFileCMS/images/file-2h.png") 3px no-repeat; }
-.index_T a.css { background: url("http://self-evident.github.com/OneFileCMS/images/file-2s.png") 3px no-repeat; }
-.index_T a.php { background: url("http://self-evident.github.com/OneFileCMS/images/file-2p.png") 3px no-repeat; }
-.index_T a.cnf { background: url("http://self-evident.github.com/OneFileCMS/images/file-2.png")  3px no-repeat; }
-.index_T a.img { background: url("http://self-evident.github.com/OneFileCMS/images/img-2.png")   3px no-repeat; }
+.index_T a.txt { background: url("http://self-evident.github.com/OneFileCMS/images/file-txt.png") 3px no-repeat; }
+.index_T a.htm { background: url("http://self-evident.github.com/OneFileCMS/images/file-htm.png") 3px no-repeat; }
+.index_T a.css { background: url("http://self-evident.github.com/OneFileCMS/images/file-css.png") 3px no-repeat; }
+.index_T a.php { background: url("http://self-evident.github.com/OneFileCMS/images/file-php.png") 3px no-repeat; }
+.index_T a.cfg { background: url("http://self-evident.github.com/OneFileCMS/images/file-cfg.png") 3px no-repeat; }
+.index_T a.img { background: url("http://self-evident.github.com/OneFileCMS/images/file-img.png") 3px no-repeat; }
+.index_T a.bin { background: url("http://self-evident.github.com/OneFileCMS/images/file-bin.png") 3px no-repeat; }
 
 .index_T a:hover { background-color: #FFF573; } /*#fffbce #969376; rgb(255,245,115);*/
 
diff --git a/onefilecms.php b/onefilecms.php
index 976a147..fdeff47 100755
--- a/onefilecms.php
+++ b/onefilecms.php
@@ -1,25 +1,27 @@
 <?php
 // OneFileCMS - http://onefilecms.com/
-// Version 1.1.7 
 // For license & copyright info, see OneFileCMS.License.BSD.txt
 
+$version = "1.1.7";
+
 
 if( phpversion() < '5.0.0' ) { exit("OneFileCMS requires PHP5 to operate. Please contact your host to upgrade your PHP installation."); };
 
-$CWD              = $CWD = str_replace("\\","/",getcwd());
-$DOC_ROOT         = $_SERVER["DOCUMENT_ROOT"];
+
+$ONESCRIPT = $_SERVER["SCRIPT_NAME"];
+$DOC_ROOT  = $_SERVER["DOCUMENT_ROOT"];
+$CWD       = str_replace("\\","/",getcwd());
+
 
 // CONFIGURATION INFO
-$version          = "1.1.7"; // ONEFILECMS_BEGIN
-$ONESCRIPT        = $_SERVER["SCRIPT_NAME"];
 $config_username  = "username";
 $config_password  = "password";
-//$config_hint     = ""; //Not currently used
 $config_title     = "OneFileCMS";
 $config_footer    = date("Y")." <a href='http://onefilecms.com/'>OneFileCMS</a>.";
 $config_editable  = "html,htm,php,css,txt,text,conf,ini,csv";
 $config_excluded  = ""; //files to exclude from directory listings
-
+$config_ftypes    = "jpg,gif,png,bmp,ico,txt,cvs,css,php,htm,html,cfg,conf"; //used to select file icon
+$config_fclass    = "img,img,img,img,img,txt,txt,css,php,htm,htm,cfg,cfg";   //used to select file icon
 $config_LOCAL     = "/onefilecms/";  //local directory for icons, .css, .js, etc...
 $config_csslocal  = "onefilecms.css";    //Relative to this file.
 //$config_csslocal  ="/onefilecms.css";  //Relative to site URL root.
@@ -28,6 +30,13 @@
 $config_JQhosted  = "http://code.jquery.com/jquery-1.7.2.min.js";
 //$config_JQhosted  = "http://ajax.googleapis.com/ajax/libs/jquery/1.7/jquery.min.js";
 
+
+//Make arrays out of a couple $config_variables.  They are used in // Index
+//Above, however, it's easier to config/change a simple string.
+$ftypes   = (explode(",", strtolower($config_ftypes)));
+$fclasses = (explode(",", strtolower($config_fclass)));
+
+
 //Allows OneFileCMS.php to be started from any dir on the site.
 chdir($DOC_ROOT);
 
@@ -469,34 +478,29 @@ function Cancel_Submit_Buttons($button_label) {
 					$excludeme = 1;
 				}
 			}
+			
 			if (!is_dir($file) && $excludeme == 0) {
+			
+				//Determine file type & set cooresponding class.
 				$file_class = "";
-				$lfile = strtolower($file);
-				if (
-					(strrpos(strtolower($lfile),".jpg")) || 
-					(strrpos($lfile,".gif")) || 
-					(strrpos($lfile,".png")) || 
-					(strrpos($lfile,".ico"))
-				) {
-					$file_class = "img";
-				};
-				if (strrpos($lfile,".css")) { $file_class = "css"; };
-				if (strrpos($lfile,".php")) { $file_class = "php"; };
-				if (strrpos($lfile,".htm")) { $file_class = "htm"; };
-				if (strrpos($lfile,".html")) { $file_class = "htm"; };
+				$ext = end( explode(".", strtolower($file)) );
+
+				for ($x=0; $x < count($ftypes); $x++ ){
+					if ($ext == $ftypes[$x]){ $file_class = $fclasses[$x]; } 
+				}
 		?>
 					<li>
 						<a href="<?php echo $ONESCRIPT.'?f='.$file.'" class=" '.$file_class.'">';
 						echo basename($file); ?></a>
 						<div class="meta">
 							<span><i>File Size:</i>
-							<?php echo round(filesize($file)/1000,2);?> kb<br /></span>
+							<?php echo number_format(filesize($file)).""; ?><br /></span>
 							<span><i>Last Updated:</i>
 							<?php echo date("n/j/y g:ia", filemtime($file)); ?></span>
 						</div>
 					</li>
-			<?php }
-		} ?>
+			<?php } ?>
+		<?php } ?>
 	</ul>
 
 	<!--=== Upload/New/Rename/Copy/etc... links ===-->

From bbf7a9855dc2c9486d6205f03cc7329d96e5b398 Mon Sep 17 00:00:00 2001
From: Self-Evident <selfevidenttruths@mail.com>
Date: Mon, 23 Apr 2012 19:08:46 -0400
Subject: [PATCH 037/228] Added List view/table format, and $VIEW_MODE to
 select List or BLOCK view. Version 1.1.8

---
 onefilecms.php | 86 ++++++++++++++++++++++++++++++++++++++++++++++----
 1 file changed, 79 insertions(+), 7 deletions(-)

diff --git a/onefilecms.php b/onefilecms.php
index fdeff47..c102de1 100755
--- a/onefilecms.php
+++ b/onefilecms.php
@@ -2,7 +2,7 @@
 // OneFileCMS - http://onefilecms.com/
 // For license & copyright info, see OneFileCMS.License.BSD.txt
 
-$version = "1.1.7";
+$version = "1.1.8";
 
 
 if( phpversion() < '5.0.0' ) { exit("OneFileCMS requires PHP5 to operate. Please contact your host to upgrade your PHP installation."); };
@@ -30,6 +30,7 @@
 $config_JQhosted  = "http://code.jquery.com/jquery-1.7.2.min.js";
 //$config_JQhosted  = "http://ajax.googleapis.com/ajax/libs/jquery/1.7/jquery.min.js";
 
+$VIEW_MODE        = "LIST"; // or BLOCK   (Actually, anything =/= BLOCK == LIST)
 
 //Make arrays out of a couple $config_variables.  They are used in // Index
 //Above, however, it's easier to config/change a simple string.
@@ -278,8 +279,7 @@ function Cancel_Submit_Buttons($button_label) {
 <title><?php echo $config_title.' - '.$pagetitle; ?></title>
 
 
-<?php //*** Determine if using a local or a hosted style sheet ***
-
+<?php //*** local or a hosted style sheet? **********************
 $STYLE_SHEET = $config_csslocal;
 $ROOT = $DOC_ROOT; 
 
@@ -305,7 +305,6 @@ function Cancel_Submit_Buttons($button_label) {
 	<?php if ((isset($_SESSION['onefilecms_valid'])) && ($_SESSION['onefilecms_valid'] == "1")) { ?>
 		<div class="nav">
 			<a href="/">Visit Site</a> | 
-			<a href="<?php echo $ONESCRIPT; ?>">Index</a> | 
 			<a href="<?php echo $ONESCRIPT; ?>?p=logout">Log Out</a>
 		</div>
 	<?php } ?>
@@ -465,10 +464,15 @@ function Cancel_Submit_Buttons($button_label) {
 	
 
 
-	<!--============= List files ==============-->
+	<!--============== List files - BLOCK view ===============-->
+	<?php
+	function list_BLOCK_view() {
+	global $varvar, $config_excluded, $ftypes, $fclasses ; 
+	 ?>
 	<div style="clear:both;"></div>
 	<ul class="index">
 		<?php $files = glob($varvar."{,.}*", GLOB_BRACE); sort($files);
+
 		foreach ($files as $file) {
 			$excludeme = 0;
 			$config_excludeds = explode(",", $config_excluded);
@@ -480,7 +484,6 @@ function Cancel_Submit_Buttons($button_label) {
 			}
 			
 			if (!is_dir($file) && $excludeme == 0) {
-			
 				//Determine file type & set cooresponding class.
 				$file_class = "";
 				$ext = end( explode(".", strtolower($file)) );
@@ -489,7 +492,7 @@ function Cancel_Submit_Buttons($button_label) {
 					if ($ext == $ftypes[$x]){ $file_class = $fclasses[$x]; } 
 				}
 		?>
-					<li>
+					<li><?php //****** Actual file name & info ******/ ?>
 						<a href="<?php echo $ONESCRIPT.'?f='.$file.'" class=" '.$file_class.'">';
 						echo basename($file); ?></a>
 						<div class="meta">
@@ -502,6 +505,75 @@ function Cancel_Submit_Buttons($button_label) {
 			<?php } ?>
 		<?php } ?>
 	</ul>
+	<?php }//end list_BLOCK_view() ?>
+
+
+
+
+	<?php //<!--======== List files in vertical table ========-->
+	function list_view() {
+	
+	global $varvar, $config_excluded, $ftypes, $fclasses ; 
+	
+	$files = glob($varvar."{,.}*", GLOB_BRACE);
+	sort($files);
+	$files_count = count($files);
+	$fc = 0;
+
+	echo '<table class="index_T">';
+		foreach ($files as $file) {
+			$fc++;
+			$excludeme = 0;
+			$config_excludeds = explode(",", $config_excluded);
+			
+			foreach ($config_excludeds as $config_exclusion) {
+				if (strrpos(basename($file),$config_exclusion) !== False && 
+				strrpos(basename($file),$config_exclusion) !== "") { 
+					$excludeme = 1;
+				}
+			}
+			
+			if (!is_dir($file) && $excludeme == 0) {
+			
+				//Determine file type & set cooresponding class.
+				$file_class = "";
+				$ext = end( explode(".", strtolower($file)) );
+
+				for ($x=0; $x < count($ftypes); $x++ ){
+					if ($ext == $ftypes[$x]){ $file_class = $fclasses[$x]; } 
+				}
+		?>
+					<tr>
+						<td>
+							<?php echo "<a href='", $ONESCRIPT,"?f=", $file, "'"; ?>
+							<?php echo "class='",  $file_class, "'>", basename($file), "</a>"; ?>
+						</td>
+						<td class="meta_size">
+							<?php echo number_format(filesize($file)).""; ?> B
+						</td>
+						<td class="meta_time">
+							<?php echo date("Y-m-d", filemtime($file)); ?> &nbsp;
+							<?php echo date("h:ia" , filemtime($file)); ?>
+						</td>
+					</tr>
+		<?php 
+			}//end if !is_dir
+		}//end foreach file
+		?>
+	</table>
+	<?php }//end list_view()
+	// <!--===== End of directory listing in vertical table =====-->
+	?>
+
+
+
+<?php 
+	if ($VIEW_MODE == "BLOCK"){ list_BLOCK_view(); }
+	else                      { list_view();       }
+ ?>
+
+
+
 
 	<!--=== Upload/New/Rename/Copy/etc... links ===-->
 	<p class="front_links">

From 13a55dd5cb81fcd55bcdb572c57286637bb2316a Mon Sep 17 00:00:00 2001
From: Self-Evident <selfevidenttruths@mail.com>
Date: Mon, 23 Apr 2012 19:16:50 -0400
Subject: [PATCH 038/228] Version 1.1.8

---
 readme.markdown | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/readme.markdown b/readme.markdown
index 17649be..2d03135 100644
--- a/readme.markdown
+++ b/readme.markdown
@@ -80,6 +80,11 @@ It isn't entirely necessary, but it does nice little progressive enhancements li
 
 ## Change Log
 
+### 1.1.8  
+
+- Added a table list view option (default).  Either List or original "Block" view selectable with $VIEW_MODE variable. (On screen selection in the works)
+- (And, of course, numerous other code tweaks/improvements.
+
 ### 1.1.7
 
 - Added [Cancel] button to most screens. Numerous minor UI & code tweaks/improvements.  Changed where .css is hosted (may change back later).  Removed "Rendered in (microseconds)...".  Added license info & copyright notice.

From 636644b3b8f9c5ef0e9f17b187e414b20d520cc5 Mon Sep 17 00:00:00 2001
From: Self-Evident <selfevidenttruths@mail.com>
Date: Tue, 24 Apr 2012 14:58:43 -0400
Subject: [PATCH 039/228] Added/improved styles to improve keyboard
 tab-navigation & selection.

---
 onefilecms.css | 86 ++++++++++++++++++++++----------------------------
 1 file changed, 38 insertions(+), 48 deletions(-)

diff --git a/onefilecms.css b/onefilecms.css
index 638db89..c244efb 100755
--- a/onefilecms.css
+++ b/onefilecms.css
@@ -6,6 +6,7 @@
 
 /* #774200 #807568 #976322 #995400 #d4d4d4 #0F0901
    rgb(157, 124, 83) rgb(157, 124, 83)
+   rgb(255,250,150) #fffbce #969376 rgb(255,245,115)
  */
 
 /* --- reset --- */
@@ -83,7 +84,6 @@ body {
 	*****************/
 	}
 
-.footer a{ color: rgb(157, 124, 83);}  /*rgb(157, 124, 83)*/
 
 
 /* --- general formatting --- */
@@ -95,12 +95,9 @@ Xp, li {line-height: 1.4em; }
 form p { margin-bottom: 5px; }
 
 a { border: 1px solid transparent; color: rgb(100,45,0); text-decoration: none; }
+a:hover { border: 1px solid #807568; background-color: rgb(255,250,150); }
+a:focus { border: 1px solid #807568; background-color: rgb(255,250,150); }
 
-a:hover {
-	border: 1px solid #807568;
-	Xcolor: #995400;
-	background-color: #fffbce;
-	}
 
 h2 { font-size: 20px; }
 
@@ -147,10 +144,9 @@ pre {
 
 #message {
 	margin-bottom: .5em;
-	Xpadding-bottom: 10px;
-	Xborder-bottom : 1px solid #807568;
+	min-height: 1.7em;  /* Leaves space when on edit page with no message. */
 	}
-
+	
 #message p {
 	margin: 0;
 	padding: 5px 5px 5px 30px;
@@ -179,7 +175,7 @@ pre {
 	padding: 7px 5px 7px 35px;
 	border: 1px solid #807568;
 	text-decoration: none;
-	background: white url("http://self-evident.github.com/OneFileCMS/images/file-bin.png") 3px no-repeat;
+	background: #F8F8F8 url("http://self-evident.github.com/OneFileCMS/images/file-bin.png") 3px no-repeat;
 	overflow: hidden;
 	line-height: 1em;
 	}
@@ -192,10 +188,9 @@ pre {
 .index a.htm { background:white url("http://self-evident.github.com/OneFileCMS/images/file-htm.png") 3px no-repeat; }
 .index a.php { background:white url("http://self-evident.github.com/OneFileCMS/images/file-php.png") 3px no-repeat; }
 
-.index a:hover {
-	background-color: #fffbce;
-	border: 1px solid #969376;
-	}
+.index a:hover { background-color: rgb(255,250,150); }
+.index a:focus { background-color: rgb(255,250,150); }
+
 
 
 /* --- INDEX directory listing, table format --- */
@@ -207,21 +202,23 @@ table.index_T {
 	border-color: #807568;
 	border-collapse: collapse;
 	margin-bottom: .7em;
-	background-color:white;
+	background-color: #F8F8F8;
 	}
 	
+table.index_T  tr:hover { border: 1px solid #807568; }
+
 table.index_T td { 
-	border-width: 1px;
-	border-color: silver;
-	border-style: inset;
-	vertical-align:middle;
+	border-width  : 1px;
+	border-color  : silver;
+	border-style  : inset;
+	vertical-align: middle;
 	}
 
 .index_T a { 
 	height : 1em;
 	display: block;
 	padding: .2em 1em .3em 1.6em;
-	color: rgb(100,45,0);
+	color  : rgb(100,45,0);
 	border : none;
 	background : url("http://self-evident.github.com/OneFileCMS/images/file-bin.png") 3px no-repeat;
 	overflow   : hidden;
@@ -237,7 +234,9 @@ table.index_T td {
 .index_T a.img { background: url("http://self-evident.github.com/OneFileCMS/images/file-img.png") 3px no-repeat; }
 .index_T a.bin { background: url("http://self-evident.github.com/OneFileCMS/images/file-bin.png") 3px no-repeat; }
 
-.index_T a:hover { background-color: #FFF573; } /*#fffbce #969376; rgb(255,245,115);*/
+.index_T a:hover { background-color: rgb(255,250,150); }
+.index_T a:focus { background-color: rgb(255,250,150); }
+
 
 
 /* File size & date */
@@ -273,7 +272,7 @@ table.index_T td {
 	margin-bottom: .2em
 	}
 
-.index_folders a { Xborder: 1px solid black;
+.index_folders a {
 	display      : inline-block;
 	line-height  : 1.1em;
 	font-size    : 1em;
@@ -286,7 +285,9 @@ table.index_T td {
 	background : url("http://self-evident.github.com/OneFileCMS/images/folder-2.png") 4px 3px no-repeat;
 	}
 
-.index_folders a:hover { background-color: #fffbce; }
+.index_folders a:hover { background-color: rgb(255,250,150); }
+.index_folders a:focus { background-color: rgb(255,250,150); }
+
 
 
 /*  [Upload File] [New File] [New Folder] etc... */
@@ -309,7 +310,9 @@ table.index_T td {
 .front_links a.deletefolder { background: url("http://self-evident.github.com/OneFileCMS/images/folder-del-3.png")    1px 5px no-repeat; }
 .front_links a.settings     { background: url("http://self-evident.github.com/OneFileCMS/images/settings.png")        2px 3px no-repeat; }
 
-.front_links a:hover        { border: 1px solid #807568; background-color: #fffbce; }
+.front_links a:hover  { background-color: rgb(255,250,150); }
+.front_links a:focus  { background-color: rgb(255,250,150); }
+
 
 form .meta { z-index: -1; }
 
@@ -321,7 +324,8 @@ form .meta { z-index: -1; }
 	}
 
 textarea.textinput {
-	font  : 1em "Courier New", Courier, monospace;
+	border: 1px solid #999;
+	font  : .95em "Courier New", Courier, monospace;
 	margin: 0 0 .5em 0; /*T R B L*/
 	width : 99.5%;
 	height: 30em;
@@ -330,6 +334,13 @@ textarea.textinput {
 
 textarea.disabled { height: 50px; }
 
+textarea:focus { border: 1px solid #Faa; }
+
+
+input:focus { background-color: #fffbce; }
+/* input[type="button"]:focus { background-color: #fffbce; } */
+
+
 .buttons_right { float: right;}
 .buttons_right .button { margin-left: 7px; }
 .buttons_left { float: left;}
@@ -370,23 +381,8 @@ textarea.disabled { height: 50px; }
 	padding-bottom: .1em;
 	}
 
-.nav a:hover {border: 01px solid #807568;}
-
-
-h1 a {
-	font-size: 28px;
-	text-decoration: none;
-	color: #0F0901;
-	}
-
-h1 a.onefilecms {
-	width: 208px;
-	height: 29px;
-	display: block;
-	text-indent: -2000px;
-	}
-
-h1 a:visited { color: #0F0901; }
+.nav a:hover { border: 1px solid #807568; }
+.nav a:focus { border: 1px solid #807568; }
 
 
 
@@ -417,12 +413,6 @@ h1 a:visited { color: #0F0901; }
 
 
 
-/* --- path/to/current/index --- */
-
-.path { border: 1px solid  transparent; }
-	
-.path:hover { border: 1px solid #807568; background-color: #fffbce; }
-
 
 /* --- --- --- */
 hr { 

From eea0647881746b3ec1538b89bce5356bcd8aadb6 Mon Sep 17 00:00:00 2001
From: Self-Evident <selfevidenttruths@mail.com>
Date: Tue, 24 Apr 2012 16:07:24 -0400
Subject: [PATCH 040/228] Improved Edit page on-screen feedback of file state. 
  Using custom javascript in lieu of jquery.   Removed all use of & links to
 jquery (to help achieve a true "OneFileCMS")   Added reset button to revert
 changes, but stay on page.   Added .cfg file type to $config_editable.

---
 onefilecms.php | 181 ++++++++++++++++++++++++++++++-------------------
 1 file changed, 111 insertions(+), 70 deletions(-)

diff --git a/onefilecms.php b/onefilecms.php
index c102de1..0bfb863 100755
--- a/onefilecms.php
+++ b/onefilecms.php
@@ -14,25 +14,22 @@
 
 
 // CONFIGURATION INFO
+$VIEW_MODE        = "LIST"; // or BLOCK   (Actually, anything =/= BLOCK == LIST)
 $config_username  = "username";
 $config_password  = "password";
 $config_title     = "OneFileCMS";
-$config_footer    = date("Y")." <a href='http://onefilecms.com/'>OneFileCMS</a>.";
-$config_editable  = "html,htm,php,css,txt,text,conf,ini,csv";
+
+$config_editable  = "html,htm,php,css,txt,text,cfg,conf,ini,csv";
 $config_excluded  = ""; //files to exclude from directory listings
-$config_ftypes    = "jpg,gif,png,bmp,ico,txt,cvs,css,php,htm,html,cfg,conf"; //used to select file icon
-$config_fclass    = "img,img,img,img,img,txt,txt,css,php,htm,htm,cfg,cfg";   //used to select file icon
 $config_LOCAL     = "/onefilecms/";  //local directory for icons, .css, .js, etc...
 $config_csslocal  = "onefilecms.css";    //Relative to this file.
 //$config_csslocal  ="/onefilecms.css";  //Relative to site URL root.
 $config_csshosted = "http://self-evident.github.com/OneFileCMS/onefilecms.css";
-$config_JQlocal   = "jquery.min.js";
-$config_JQhosted  = "http://code.jquery.com/jquery-1.7.2.min.js";
-//$config_JQhosted  = "http://ajax.googleapis.com/ajax/libs/jquery/1.7/jquery.min.js";
 
-$VIEW_MODE        = "LIST"; // or BLOCK   (Actually, anything =/= BLOCK == LIST)
+$config_ftypes    = "jpg,gif,png,bmp,ico,txt,cvs,css,php,htm,html,cfg,conf"; //used to select file icon
+$config_fclass    = "img,img,img,img,img,txt,txt,css,php,htm,htm,cfg,cfg";   //used to select file icon
 
-//Make arrays out of a couple $config_variables.  They are used in // Index
+//Make arrays out of a couple $config_variables.  They are used in // Index .
 //Above, however, it's easier to config/change a simple string.
 $ftypes   = (explode(",", strtolower($config_ftypes)));
 $fclasses = (explode(",", strtolower($config_fclass)));
@@ -65,9 +62,10 @@ function Cancel_Submit_Buttons($button_label) {
 
 	?>
 	<p>
-		<input type="button" class="button" name="cancel" value="Cancel" onclick="parent.location='<?php echo $ONESCRIPT.$ipath; ?>'"/>
-		<input type="submit" class="button" value="<?php echo $button_label;?>" style="margin-left: 2.5em;">
+		<input type="button" class="button" id="cancel" name="cancel" value="Cancel" onclick="parent.location='<?php echo $ONESCRIPT.$ipath; ?>'"/>
+		<input type="submit" class="button" value="<?php echo $button_label;?>" style="margin-left: 1.3em;">
 	</p>
+	<script>document.getElementById('cancel').focus();</script>
 	<?php
 }// End Cancel_Submit_Buttons()
 
@@ -312,7 +310,11 @@ function Cancel_Submit_Buttons($button_label) {
 
 
 
-<?php if (isset($message)) { echo '<div id="message"><p>'.$message.'</p></div>'; };
+<?php //********** Notification of action success or failure. **********
+if (isset($message)) { echo '<div id="message"><p>'.$message.'</p></div>'; };
+
+// On Edit page only, preserve vertical spacing for message even when not there.
+if (!isset($message) && ($page == "edit")) { echo '<div id="message"></div>'; };
 
 
 
@@ -378,12 +380,14 @@ function Cancel_Submit_Buttons($button_label) {
 
 // EDIT ************************************************************************
 if ($page == "edit") { ?>
+
 	<h2 id="edit_header">Edit &ldquo;<a href="/<?php echo $filename; ?>" > 
 	 <?php echo $filename; ?> 
 	</a>&rdquo;</h2>
 
-	<form method="post" action="<?php echo $ONESCRIPT.'?f='.$filename; ?>">
+	<form id="edit_file" name="edit_file" method="post" action="<?php echo $ONESCRIPT.'?f='.$filename; ?>">
 		<?php Close_Button("close"); ?>
+		<script>document.edit_file.elements[0].focus();</script>
 		<input type="hidden" name="sessionid" value="<?php echo session_id(); ?>" />
 
 		<?php
@@ -394,18 +398,17 @@ function Cancel_Submit_Buttons($button_label) {
 				</textarea>
 			</p>
 			<p class="buttons_right">
-				<input type="submit" class="button" name="save_file" value="Save" 
-				disabled="disabled" />
+				<input type="submit" class="button" name="save_file" value="Save" disabled="disabled" />
 		<?php } else { ?>
 
 			<p>
 				<input type="hidden" name="filename" id="filename" class="textinput" value="<?php echo $filename; ?>" />
-				<textarea name="content" class="textinput" cols="70" rows="25"><?php echo $filecontent; ?></textarea>
+				<textarea id="file_content" onkeyup="Check_for_changes(event);" name="content" class="textinput" cols="70" rows="25"><?php echo $filecontent; ?></textarea>
 			</p>
 			<p class="buttons_right">
-				<input type="submit" class="button" name="save_file" id="save_file" value="Save" />
+				<input type="submit" class="button" name="save_file" id="save_file" value="Save"  onclick="submitted = true;" disabled="disabled" />
 		<?php } ?>
-
+			<input type="button" class="button" id="reset"  value="Reset - loose changes" onclick="Reset_File()" disabled="disabled" />
 			<input type="button" class="button" name="rename_file" value="Rename/Move" onclick="parent.location='<?php echo $ONESCRIPT.'?r='.$filename; ?>'" />
 			<input type="button" class="button" name="delete_file" value="Delete"      onclick="parent.location='<?php echo $ONESCRIPT.'?d='.$filename; ?>'" />
 			<input type="button" class="button" name="copy_file"   value="Copy"        onclick="parent.location='<?php echo $ONESCRIPT.'?c='.$filename; ?>'" />
@@ -417,11 +420,79 @@ function Cancel_Submit_Buttons($button_label) {
 		</div>
 	</form>
 	<div style="clear:both;"></div>
-<?php };
 
 
 
-// INDEX ***********************************************************************
+	<!--========== Provide feedback re: unsaved changes ==========-->
+	<script>
+	var File_to_Edit = document.getElementById('file_content');
+	var start_value = File_to_Edit.value;
+	var submitted = false
+	var changed   = false;
+
+	document.getElementById('file_content').style.backgroundColor = "#efe";  //light green
+
+
+	function Reset_file_status_indicators() {
+		changed = false;
+		document.getElementById('file_content').style.backgroundColor = "#eFe";  //light green
+		document.getElementById('save_file').style.backgroundColor = "";
+		document.getElementById('save_file').disabled = "disabled";
+		document.getElementById('save_file').value = "Save";
+		document.getElementById('reset').disabled = "disabled";
+	}
+
+	window.onbeforeunload = function() {
+		if ( changed && !submitted) { 
+			//FF4+ Ingores the supplied msg below & only uses a system msg for the prompt.
+			return "You are about to leave this page -  unsaved changes will be lost!";
+		}
+	}
+
+	window.onunload = function() {
+		//without this, a browser back then forward would reload file with local/
+		// unsaved changes, but with a green b/g as tho that's the file's contents.
+		if (!submitted) { Reset_file_status_indicators(); }
+	}
+
+	function Check_for_changes(event){
+		var keycode=event.keyCode? event.keyCode : event.charCode;
+		changed = (File_to_Edit.value != start_value);
+		if (changed){
+			document.getElementById('message').innerHTML = " ";
+			document.getElementById('file_content').style.backgroundColor    = "#Fee";  //light red
+			document.getElementById('save_file').style.backgroundColor = "#Fee";  //light red
+			document.getElementById('save_file').disabled = "";
+			document.getElementById('reset').disabled = "";
+			document.getElementById('save_file').value = "SAVE";
+		}else{
+			Reset_file_status_indicators()
+		}
+	}
+
+	//Reset textarea value to when page was loaded.
+	//Used by [Reset] button, and when page unloads (browser back, etc). 
+	//Needed becuase if the page is reloaded (ctl-r, or browser back/forward, etc.), 
+	//the text stays changed, but "changed" gets set to false, which looses warning.
+	function Reset_File() {
+		if (changed) {
+			if ( !(confirm("! Reset file and loose unsaved changes? !")) ) { return; }
+		}
+		Reset_file_status_indicators();
+		File_to_Edit.value = start_value;
+		document.edit_file.elements[0].focus();
+	}
+	</script>
+
+<?php }; //End Edit page **************************************************** ?>
+
+
+
+
+
+
+
+<?php // INDEX *****************************************************************
 if ($page == "index") {
 	$varvar = "";
 	if (isset($_GET["i"])) { $varvar = $_GET["i"]."/"; }
@@ -505,8 +576,7 @@ function list_BLOCK_view() {
 			<?php } ?>
 		<?php } ?>
 	</ul>
-	<?php }//end list_BLOCK_view() ?>
-
+	<?php }//end list_BLOCK_view() ===========================-->?>
 
 
 
@@ -534,15 +604,15 @@ function list_view() {
 			}
 			
 			if (!is_dir($file) && $excludeme == 0) {
-			
+				
 				//Determine file type & set cooresponding class.
 				$file_class = "";
 				$ext = end( explode(".", strtolower($file)) );
-
+				
 				for ($x=0; $x < count($ftypes); $x++ ){
 					if ($ext == $ftypes[$x]){ $file_class = $fclasses[$x]; } 
 				}
-		?>
+	?>
 					<tr>
 						<td>
 							<?php echo "<a href='", $ONESCRIPT,"?f=", $file, "'"; ?>
@@ -567,11 +637,10 @@ function list_view() {
 
 
 
-<?php 
-	if ($VIEW_MODE == "BLOCK"){ list_BLOCK_view(); }
-	else                      { list_view();       }
- ?>
-
+	<?php //<!-- Determine view mode, list files. ====================-->
+		if ($VIEW_MODE == "BLOCK"){ list_BLOCK_view(); }
+		else                      { list_view();       }
+	?>
 
 
 
@@ -589,6 +658,8 @@ function list_view() {
 		<?php } ?>
 	</p>
 <?php };
+// End of Index (file listing) page ********************************************
+
 
 
 
@@ -607,10 +678,12 @@ function list_view() {
 			
 		<input type="submit" class="button" value="Enter" />
 	</form>
+	<script>document.getElementById('onefilecms_username').focus();</script>
 <?php };
 
 
 
+
 // LOG OUT *********************************************************************
 if ($page == "logout") { ?>
 	<h2>Log Out</h2>
@@ -619,6 +692,7 @@ function list_view() {
 
 
 
+
 // NEW FILE ********************************************************************
 if ($page == "new") {
 	$varvar = "";
@@ -637,6 +711,7 @@ function list_view() {
 
 
 
+
 // NEW FOLDER ******************************************************************
 if ($page == "folder") {
 	$varvar = "";
@@ -681,6 +756,7 @@ function list_view() {
 
 
 
+
 // RENAME FOLDER ***************************************************************
 if ($page == "renamefolder") {
 	$varvar = "?i=".substr($_GET["i"],0,strrpos(substr_replace($_GET["i"],"",-1),"/")); ?>
@@ -701,6 +777,7 @@ function list_view() {
 
 
 
+
 // UPLOAD FILE *****************************************************************
 if ($page == "upload") {
 	$varvar = ""; if (isset($_GET["i"])) { $varvar = "?i=".$_GET["i"]; } ?>
@@ -722,51 +799,15 @@ function list_view() {
 
 
 
-<div class="footer"> <hr>
-
-</div>
 
+<div class="footer">
+	<hr>
 </div>
 
 
+</div>
 
-<?php //************************************************************************
-//Check for local copy of jquery
-$JQUERY = $config_JQlocal;
-if (!file_exists($DOC_ROOT.$config_JQlocal)) { $JQUERY = $config_JQhosted; }
-?>
-
-<script src="<?php echo $JQUERY; ?>"></script>
-<script type="text/javascript">
-	$.fn.ready(function(){
-	
-		var $message = $("#message"),
-		    $save_file = $("#save_file");
-
-		//This line fades out the message after specified time (3000 = 3 seconds)
-		//if ( $message.length > 0 ) { $message.animate({opacity: 1.0}, 3000).fadeOut(); };
-		
-		$(".button:visible:enabled:first").focus();
-		$(".textinput:visible:enabled:first").focus();
-		
-		$(".page_edit .textinput").bind("change keyup", function (e) {
-			key = e.which+" ";
-			badkeys = "224 16 17 18 37 38 39 40 ";
-			if ((badkeys.indexOf(key) == "-1") && ($save_file.val() !== "Save!")) {
-				$save_file.val("Save!");
-				document.title = document.title + " *";
-				$(".page_edit h2").append(" *");
-			}
-		});
-		
-		$(".page_edit form").submit(function() { $save_file.val("Save"); });
-		window.onbeforeunload = function () {
-			if ($save_file.val() == "Save!") {
-				return "Any changes you've made will be lost!";
-			}
-		};
-	});
-</script>
 
 </body>
 </html>
+

From 27c3d4389303ad790494db0497da75e5ec39d852 Mon Sep 17 00:00:00 2001
From: Self-Evident <selfevidenttruths@mail.com>
Date: Tue, 24 Apr 2012 21:00:12 -0400
Subject: [PATCH 041/228] Version 1.1.9

---
 onefilecms.php  |  2 +-
 readme.markdown | 70 +++++++++++++++++++++++++++----------------------
 2 files changed, 40 insertions(+), 32 deletions(-)

diff --git a/onefilecms.php b/onefilecms.php
index 0bfb863..1f5b218 100755
--- a/onefilecms.php
+++ b/onefilecms.php
@@ -2,7 +2,7 @@
 // OneFileCMS - http://onefilecms.com/
 // For license & copyright info, see OneFileCMS.License.BSD.txt
 
-$version = "1.1.8";
+$version = "1.1.9";
 
 
 if( phpversion() < '5.0.0' ) { exit("OneFileCMS requires PHP5 to operate. Please contact your host to upgrade your PHP installation."); };
diff --git a/readme.markdown b/readme.markdown
index 2d03135..568b8e2 100644
--- a/readme.markdown
+++ b/readme.markdown
@@ -2,55 +2,60 @@
 
 ## Yeah, it's exactly what you think.
 
-![OneFileCMS](http://onefilecms.com/images/screenshots/branded_index.jpg)
+Main screen:
+![OneFileCMS](http://self-evident.github.com/OneFileCMS/images/OneFileCMS_screenshot.png)
+
+Edit screen:
+![OneFileCMS](http://self-evident.github.com/OneFileCMS/images/OneFileCMS_screenshot_edit.png)
+
 
 OneFileCMS is just that. It's a flat, light, one file CMS (Content Management System) entirely contained in an easy-to-implement, highly customizable, database-less PHP script.
 
 Coupling a utilitarian code editor with all the basic necessities of an FTP application, OneFileCMS can maintain a whole website completely in-browser without any external programs.
 
-**Demo**: [http://php.opensourcecms.com/scripts/details.php?scriptid=340](http://php.opensourcecms.com/scripts/details.php?scriptid=340)
+## Demo
+
+- Just download & try the current version - it's one file!
 
 ## Features
  
-- Validating, semantic, and commented markup. Tested in FF, Safari, and IE7/IE8.
-- Possibly the easiest installation process ever
-- All the basic features of an FTP application like renaming, deleting, copying, and uploading<br />
+- All the basic features of an FTP application like renaming, deleting, copying, and uploading
   _(Of course, for more complex processes like batch renaming or mass uploads/deletions, you're going to want to break out an actual FTP program.)_
-- Gracefully degrading CSS and Javascript
-- 100% re-brandable with title/footer text stored in variables and a modifiable filename
-- Externally hosted CSS and images for smaller file size<br />
-  _(But you can switch it out to your own stylesheet if you need to!)_
 - Smart alert if you try to leave without saving your edits
+- Gracefully degrading CSS and Javascript
+- Easily re-brandable via the title text stored in a configurable variable, and a modifiable filename.
+- Externally hosted CSS and images.
+  _(Of course, you can switch it out to your own stylesheet if you need to!)_
+- Possibly the easiest installation process ever!
 
 ## Installation
 
-Download [this file](https://raw.github.com/rocktronica/OneFileCMS/master/onefilecms.php).
+1) Download [this file](https://raw.github.com/Self-Evident/OneFileCMS/master/onefilecms.php).
+
 
-Your username and password are inlined. Edit them to something less obvious.
+2) Set your username and password - edit them to something less obvious.
 
     // CONFIGURATION INFO
     $config_username = "username";
     $config_password = "password";
 
-Optional variables thereafter: password hint, title, footer text, filetypes to disable, and filenames to ignore
-
-You can also change the name of the file to something else. Be careful making it a folder's default file; your server may get stuck in redirects.
-
-Upload!
+3) Upload!
 
 Depending on how your stack is set up, you may also have to modify the file permissions of your site's folders to allow OneFileCMS to modify and create files. ([More about that here.](http://catcode.com/teachmod/)) Make sure onefilecms.php and its parent folder are allowed to execute, with CHMOD at 777 or 755. Check with your host if you're not sure, and be aware of any inherent security concerns.
 
+You can also change the name of OneFileCMS.php to something else. _(Be careful making it a folder's default file: your server may get stuck in redirects.)_
+
 ## FAQ
 
 ### Where's the WYSIWYG? What about syntax highlighting?
 
-WYSWIWYG editors have been requested but probably won’t ever come standard, as they’d bloat the system out and/or make it more than one file, sort of defeating the novelty. Plus, if you’re working in PHP or non-HTML code, they're generally more hindrance than anything else.
+WYSWIWYG editors have been requested, but probably won’t ever come standard, as they’d bloat the system out and/or make it more than one file, sort of defeating the point of OneFileCMS. Plus, if you’re working in PHP or non-HTML code, they're generally more of a hindrance than anything else.
 
-Just because I don't want to do it, though, doesn't mean it's impossible. About halfway through, look for this line (If you're searching for it, it's the second instance):
+Just because I don't want to do it, though, doesn't mean it's impossible.  Look for the second instance of this line:
 
     // EDIT
 
-This is the edit page code. Its textareas can be modified to work with whatever editor you like. If the editor is initiated via jQuery, you can call it in the jQ code in the footer.
+This is the edit page code. Its textarea can be modified to work with whatever editor you like. 
 
 ### I found something that could be better. Can I suggest it to you?
 
@@ -64,22 +69,27 @@ Everything's welcome!
 
 ### This is basically just a file manager with a text editor. Why is it being called a Content Management System?
 
-Because "OneFileFileManagerTextEditor" doesn't quite have the same ring to it, duh.
+Because "OneFileFileManagerTextEditor" just doesn't have the same ring to it...
 
 ### Multi-Language Support?
 
-Maybe later!
+Probably not.
 
 ### Can I have more than one username/password?
 
 The reason there isn't default support for multiple users is that all of their info will have to be stored together, more or less in plain text, at the top of onefilecms.php. Giving people different usernames and passwords then is sort of futile, since everyone who can log in can view onefilecms's source and config variables. (This answer kind of ignores MD5 hashes but is valid for most considerations.) 
 
-### Is the JavaScript at the end of file really needed? When I remove it, everything works fine.
+### Is the JavaScript in the middle of the file really needed? When I remove it, everything seems to work fine.
 
-It isn't entirely necessary, but it does nice little progressive enhancements like warn if you try to leave w/o saving and stuff like that. Feel free to take it out if you're trying to trim down your figure.
+It isn't entirely necessary, but it does provide nice enhancements, like warning you if you try to leave without saving changes, and stuff like that. 
 
 ## Change Log
 
+### 1.1.9
+
+- Improved Edit page & screen feedback of file state (changed/unchanged).
+- Removed use of jquery in move towards a true "OneFileCMS".
+
 ### 1.1.8  
 
 - Added a table list view option (default).  Either List or original "Block" view selectable with $VIEW_MODE variable. (On screen selection in the works)
@@ -137,27 +147,25 @@ It isn't entirely necessary, but it does nice little progressive enhancements li
 
 ## Requirements
 
-- UNIX/Linux host, Apache
 - PHP5 (PHP4 untested)
 - File permission privileges
 
 ## Credit, License, Et Cetera
 
-Written in PHP, XHTML, CSS, and [jQuery](http://jquery.com/). Icons by [famfamfam](http://www.famfamfam.com/).
+Written in PHP, JavaScript, XHTML and CSS.
 
 Available under the MIT and BSD license.
 
+Icons for versions thru 1.1.6 by [famfamfam](http://www.famfamfam.com/).
+
 To report a bug or request a feature, please file an issue via Github. Forks encouraged!
 
 ##Needed/potential/upcoming improvements
 
 - Prompt to prevent automatic overwrite when uploading or renaming files.
-- Check size of file to upload, verify under max post/upload limits.
 - Option to switch between original OneFileCMS view and a common list view.
-  (in the works)
+  Currently accomplished with a config variable. Working on a 
 - Embed css and remove or swtich to svg icons to create a true "OneFileCMS"
   (in the works)
-- Remove use of jquery.
-  Used to detect if file being edited, set focus form fields, (more?)
-  (in the works)
-- Multiple login names
+- Check size of file to upload, verify under max post/upload limits.
+- Multiple login names?

From 387be8ef479252ee69ad74eac1f1ab2d17585514 Mon Sep 17 00:00:00 2001
From: Self-Evident <selfevidenttruths@mail.com>
Date: Sat, 28 Apr 2012 12:39:21 -0400
Subject: [PATCH 042/228] Version 1.2.0 File list sorted with out regard to
 case. Improved Edit page feedback indicators & actions. Improved file date
 shown on Index & Edit pages.     Uses javascript to format time value from
 server     now shows in user's local time (well, on my machine it does:)    
 (May update later to show time in GMT instead.  Or not..) Added dismiss
 "button" [X] to message box. Rearranged a few styles in the .css a bit,  and
 some other code spacing etc. />  to just > In readme, changed XHTML to just
 HTML. Now <!DOCTYPE html>

---
 onefilecms.css  | 156 +++++++++++++----------
 onefilecms.php  | 321 ++++++++++++++++++++++++++++++++----------------
 readme.markdown |  15 ++-
 3 files changed, 320 insertions(+), 172 deletions(-)

diff --git a/onefilecms.css b/onefilecms.css
index c244efb..4cffb8e 100755
--- a/onefilecms.css
+++ b/onefilecms.css
@@ -4,11 +4,13 @@
  */ 
 
 
-/* #774200 #807568 #976322 #995400 #d4d4d4 #0F0901
+/* #774200 #807568 #976322 #995400 #d4d4d4 #0F0901 #eaeaea rgb(255,250,150)
    rgb(157, 124, 83) rgb(157, 124, 83)
-   rgb(255,250,150) #fffbce #969376 rgb(255,245,115)
+   rgb(255,250,150) rgb(255,250,150) #969376 rgb(255,245,115)
  */
 
+
+
 /* --- reset --- */
 html,body,div,span,applet,object,iframe,h1,h2,h3,h4,h5,h6,p,blockquote,pre,a,abbr,acronym,address,big,
 cite,code,del,dfn,em,font,img,ins,kbd,q,s,samp,small,strike,strong,sub,sup,tt,var,dl,dt,dd,ol,ul,li,
@@ -25,6 +27,25 @@ fieldset,form,label,legend,table,caption,tbody,tfoot,thead,tr,th,td
 	vertical-align: baseline;
 	}
 
+
+
+
+/* --- general formatting --- */
+
+body {
+	font-size: 1em;
+	background: #d5d0cc;
+	font-family: sans-serif;
+	}
+
+h2,h3,p,ul,table { margin-bottom: 10px; }
+
+em, i { font-style: italic; }
+
+strong { font-weight: bold; }
+
+li {line-height: 1.4em; }
+
 :focus{outline:0;}
 
 ol,ul{list-style:none;}
@@ -39,14 +60,40 @@ blockquote,q{quotes:"" "";}
 div{position: relative;}
 
 h1,h2,h3,h4,h5,h6{font-weight: bold;}
+h2 { font-size: 20px; }
+h3 { font-size: 18px; margin-top: 15px; }
+h4 { font-size: 1.3em; margin-bottom: .2em; font-weight: normal;}
 
-body {
-	font-size: 1em;
-	background: #d5d0cc;
-	font-family: sans-serif;
+a { border: 1px solid transparent; color: rgb(100,45,0); text-decoration: none; }
+a:hover { border: 1px solid #807568; background-color: rgb(255,250,150); }
+a:focus { border: 1px solid #807568; background-color: rgb(255,250,150); }
+
+form p { margin-bottom: 5px; }
+
+
+label {
+	display: inline-block;
+	width  : 7em;
+	font-size : 14px;
+	font-style: italic;
 	}
 
 
+pre {
+	background: white;
+	border: 1px solid #807568;
+	line-height: 1.25em;
+	overflow: auto
+	overflow-Y: hidden;
+	padding: 10px;
+	margin: 5px 0 10px 0;
+	overflow: hidden;
+	}
+
+
+
+
+
 /* --- layout --- */
 
 .container {
@@ -86,47 +133,6 @@ body {
 
 
 
-/* --- general formatting --- */
-
-h2,h3,p,ul,table { margin-bottom: 10px; }
-
-Xp, li {line-height: 1.4em; }
-
-form p { margin-bottom: 5px; }
-
-a { border: 1px solid transparent; color: rgb(100,45,0); text-decoration: none; }
-a:hover { border: 1px solid #807568; background-color: rgb(255,250,150); }
-a:focus { border: 1px solid #807568; background-color: rgb(255,250,150); }
-
-
-h2 { font-size: 20px; }
-
-h3 { font-size: 18px; margin-top: 15px; }
-
-h4 { font-size: 1.3em; margin-bottom: .2em; font-weight: normal;}
-
-em, i { font-style: italic; }
-
-strong { font-weight: bold; }
-
-label {
-	display: inline-block;
-	width  : 7em;
-	font-size : 14px;
-	font-style: italic;
-	}
-
-pre {
-	background: white;
-	border: 1px solid #807568;
-	line-height: 1.25em;
-	overflow: auto
-	overflow-Y: hidden;
-	padding: 10px;
-	margin: 5px 0 10px 0;
-	overflow: hidden;
-	}
-
 .page_login label {
 	display: block;
 	margin-bottom: 2px;
@@ -143,13 +149,12 @@ pre {
 	}
 
 #message {
-	margin-bottom: .5em;
-	min-height: 1.7em;  /* Leaves space when on edit page with no message. */
+	min-height: 1.7em; /* Leave space when message is blank. Used by Edit page */
 	}
-	
+
 #message p {
 	margin: 0;
-	padding: 5px 5px 5px 30px;
+	padding: 4px 0px 4px .5em;
 	border: 1px solid #807568;
 	font-family: Lucida Console, "Courier New" ;
 	font-size: .95em;
@@ -157,6 +162,10 @@ pre {
 	background: #fff000;
 	}
 
+#message span { float: right; }
+
+#message a { padding: 4px 1px 4px 1px; border-right: none; } /*T R B L*/
+
 
 /* --- INDEX --- */
 
@@ -164,13 +173,13 @@ pre {
 
 .index li {
 	margin: 0 10px 10px 0;
-	width: 192.5px;
+	width: 260px;
 	float: left;
 	position: relative;
 	}
 
 .index a {
-	height: 28px;
+	height: 20px;
 	display: block;
 	padding: 7px 5px 7px 35px;
 	border: 1px solid #807568;
@@ -242,26 +251,28 @@ table.index_T td {
 /* File size & date */
 
 .meta_size {
-	Xwidth         : 9em;
-	padding-left  :  1em;
+	min-width     : 6em;
 	padding-right : .5em;
 	text-align    : right;
-    font-size     : .8em; color: #333;
+	font-family   : courier;
+    font-size     : .9em;
+	color         : #333;
 	}
 
 .meta_time {
-	width         : 12em;
+	width         : 13em;
 	padding-right : .5em;
 	text-align    : right;
-	font-size     : .8em; color: #333;
+	font-family   : courier;
+	font-size     : .9em;
+	color         : #333;
 	}
 
 
 .index .meta {
-	font-size: 11px;
+	font-size: .9em;
 	height: 25px;
 	margin-top: 3px;
-	overflow: hidden;
 	line-height: 1.1em;
 	}
 
@@ -337,8 +348,10 @@ textarea.disabled { height: 50px; }
 textarea:focus { border: 1px solid #Faa; }
 
 
-input:focus { background-color: #fffbce; }
-/* input[type="button"]:focus { background-color: #fffbce; } */
+input:focus { background-color: rgb(255,250,150); }
+/* input[type="button"]:focus { background-color: rgb(255,250,150); } */
+
+input:hover { background-color: rgb(255,250,150); }
 
 
 .buttons_right { float: right;}
@@ -355,9 +368,15 @@ input:focus { background-color: #fffbce; }
 	font-family: sans-serif;
 	}
 
-.button:hover { background-color: #eaeaea; }
+.Xbutton:hover { background-color: rgb(255,250,150); } 
 .button[disabled]:hover { background-color: #d4d4d4; }
 
+/*
+#Xsave_file         { border: 1px solid red; }
+#save_file a:hover { background-color: rgb(255,250,150); border: 1px solid red; }
+#save_file a:focus { background-color: rgb(255,250,150); border: 1px solid red; }
+*/
+
 
 #action {color: white; background-color: rgb(235,70,70); font-weight: 700;}
 
@@ -388,11 +407,17 @@ input:focus { background-color: #fffbce; }
 
 /* --- edit --- */
 
-#edit_header {float: left;}
+#edit_header  {margin: 0;}
 
-.close {float: right;}
+#edit_form    {margin: 0;}
 
+#file_content {height: 24em; }
 
+#file_meta	  {float: left;  margin-top: .5em; width: 700px; border: 0px solid red; }
+
+.close        {float: right; margin-bottom: .5em;}
+
+#edit_note    {font-size: .8em; color: #444 ;margin-top: 1em;}
 
 /* --- log in --- */
 
@@ -413,7 +438,6 @@ input:focus { background-color: #fffbce; }
 
 
 
-
 /* --- --- --- */
 hr { 
 	line-height  : 0;
diff --git a/onefilecms.php b/onefilecms.php
index 1f5b218..da8b174 100755
--- a/onefilecms.php
+++ b/onefilecms.php
@@ -2,32 +2,28 @@
 // OneFileCMS - http://onefilecms.com/
 // For license & copyright info, see OneFileCMS.License.BSD.txt
 
-$version = "1.1.9";
+$version = "1.2.0";
 
 
 if( phpversion() < '5.0.0' ) { exit("OneFileCMS requires PHP5 to operate. Please contact your host to upgrade your PHP installation."); };
 
 
-$ONESCRIPT = $_SERVER["SCRIPT_NAME"];
-$DOC_ROOT  = $_SERVER["DOCUMENT_ROOT"];
-$CWD       = str_replace("\\","/",getcwd());
-
-
-// CONFIGURATION INFO
+// CONFIGURABLE INFO
 $VIEW_MODE        = "LIST"; // or BLOCK   (Actually, anything =/= BLOCK == LIST)
 $config_username  = "username";
 $config_password  = "password";
 $config_title     = "OneFileCMS";
 
-$config_editable  = "html,htm,php,css,txt,text,cfg,conf,ini,csv";
-$config_excluded  = ""; //files to exclude from directory listings
 $config_LOCAL     = "/onefilecms/";  //local directory for icons, .css, .js, etc...
 $config_csslocal  = "onefilecms.css";    //Relative to this file.
 //$config_csslocal  ="/onefilecms.css";  //Relative to site URL root.
 $config_csshosted = "http://self-evident.github.com/OneFileCMS/onefilecms.css";
 
+$config_editable  = "html,htm,php,css,txt,text,cfg,conf,ini,csv";
+$config_excluded  = ""; //files to exclude from directory listings
 $config_ftypes    = "jpg,gif,png,bmp,ico,txt,cvs,css,php,htm,html,cfg,conf"; //used to select file icon
 $config_fclass    = "img,img,img,img,img,txt,txt,css,php,htm,htm,cfg,cfg";   //used to select file icon
+// END CONFIGURABLE INFO
 
 //Make arrays out of a couple $config_variables.  They are used in // Index .
 //Above, however, it's easier to config/change a simple string.
@@ -35,6 +31,11 @@
 $fclasses = (explode(",", strtolower($config_fclass)));
 
 
+$ONESCRIPT = $_SERVER["SCRIPT_NAME"];
+$DOC_ROOT  = $_SERVER["DOCUMENT_ROOT"];
+$CWD       = str_replace("\\","/",getcwd());
+
+
 //Allows OneFileCMS.php to be started from any dir on the site.
 chdir($DOC_ROOT);
 
@@ -45,7 +46,7 @@
 
 function Close_Button($classes) {
 	echo '<input type="button" class="button '.$classes.'" name="close" value="Close" onclick="parent.location=\'';
-	echo $ONESCRIPT.'?i='.substr($_GET["f"],0,strrpos($_GET["f"],"/")).'\'" />';
+	echo $ONESCRIPT.'?i='.substr($_GET["f"],0,strrpos($_GET["f"],"/")).'\'">';
 }
 
 
@@ -62,7 +63,7 @@ function Cancel_Submit_Buttons($button_label) {
 
 	?>
 	<p>
-		<input type="button" class="button" id="cancel" name="cancel" value="Cancel" onclick="parent.location='<?php echo $ONESCRIPT.$ipath; ?>'"/>
+		<input type="button" class="button" id="cancel" name="cancel" value="Cancel" onclick="parent.location='<?php echo $ONESCRIPT.$ipath; ?>'">
 		<input type="submit" class="button" value="<?php echo $button_label;?>" style="margin-left: 1.3em;">
 	</p>
 	<script>document.getElementById('cancel').focus();</script>
@@ -264,14 +265,18 @@ function Cancel_Submit_Buttons($button_label) {
 
 
 
+
+
 //******************************************************************************
 //******************************************************************************
-?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+?><!DOCTYPE html>
+<!-- DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"-->
+
 <html xmlns="http://www.w3.org/1999/xhtml">
 
 <head>
 
-<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
+<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
 <meta name="robots" content="noindex">
 
 <title><?php echo $config_title.' - '.$pagetitle; ?></title>
@@ -289,7 +294,60 @@ function Cancel_Submit_Buttons($button_label) {
 if (!file_exists($ROOT.$config_csslocal)) { $STYLE_SHEET = $config_csshosted; }
 //***************************************************************?>
 
-<link href="<?php echo $STYLE_SHEET;?>" type="text/css" rel="stylesheet" />
+<link href="<?php echo $STYLE_SHEET;?>" type="text/css" rel="stylesheet">
+
+
+
+
+
+<?php //===================================================================== ?>
+<?php if ( ($page == "index") || ($page == "edit") ) { //load script ?>
+
+<script>//Dispaly file's timestamp in user's local time 
+
+function pad(num){ 
+	if ( num < 10 ){ num = "0" + num; }
+	return num
+}
+
+
+function FileTimeStamp(php_filemtime, show_offset){
+
+	//php's filemtime returns seconds, javascript's date() uses milliseconds.
+	var FileMTime = php_filemtime * 1000; 
+
+	var TIMESTAMP  = new Date(FileMTime);
+	var YEAR  = TIMESTAMP.getFullYear();
+	var	MONTH = pad(TIMESTAMP.getMonth() + 1);
+	var DATE  = pad(TIMESTAMP.getDate());
+	var HOURS = TIMESTAMP.getHours();
+	var MINS  = pad(TIMESTAMP.getMinutes());
+	var SECS  = pad(TIMESTAMP.getSeconds());
+
+	if( HOURS < 12){ AMPM = "am"; }
+	else           { AMPM = "pm"; HOURS = HOURS - 12; }
+	HOURS = pad(HOURS);
+
+	var GMT_offset = -(TIMESTAMP.getTimezoneOffset()); //Yes, I know - seems wrong, but it's works.
+
+	if (GMT_offset < 0) { NEG=-1; SIGN="-"; } else { NEG=1; SIGN="+"; } 
+
+	var offset_HOURS = Math.floor(NEG*GMT_offset/60);
+	var offset_MINS  = pad( NEG * GMT_offset % 60 );
+	var offset_FULL  = "UTC " + SIGN + offset_HOURS + ":" + offset_MINS;
+
+	if (show_offset){ var DATETIME = YEAR+"-"+MONTH+"-"+DATE+" &nbsp;"+HOURS+":"+MINS+" "+AMPM+" ("+offset_FULL+")"; }
+	else            { var DATETIME = YEAR+"-"+MONTH+"-"+DATE+" &nbsp;"+HOURS+":"+MINS+" "+AMPM; }
+	
+	document.write( DATETIME );
+
+}//end FileTimeStamp(php_filemtime)
+</script>
+<?php }//end if (index or edit), load script ================================ ?>
+
+
+
+
 
 </head>
 
@@ -298,7 +356,7 @@ function Cancel_Submit_Buttons($button_label) {
 <div class="container">
 
 <div class="header">
-	<?php echo '<a href="', $ONESCRIPT, '" id="logo" >', $config_title; ?></a>
+	<?php echo '<a href="', $ONESCRIPT, '" id="logo">', $config_title; ?></a>
 
 	<?php if ((isset($_SESSION['onefilecms_valid'])) && ($_SESSION['onefilecms_valid'] == "1")) { ?>
 		<div class="nav">
@@ -310,14 +368,22 @@ function Cancel_Submit_Buttons($button_label) {
 
 
 
-<?php //********** Notification of action success or failure. **********
-if (isset($message)) { echo '<div id="message"><p>'.$message.'</p></div>'; };
 
-// On Edit page only, preserve vertical spacing for message even when not there.
+<?php //********** Notification of action success or failure. **********
+if (isset($message)) { ?>
+	<div id="message"><p><?php echo $message ;?>
+	<!-- [X] to dismiss message box -->	
+	<span><a href='<?php echo $ONESCRIPT.'?f='.$_GET["f"]; ?>'
+	onclick='document.getElementById("message").innerHTML = " ";return false'>
+	[X]</a></span></p></div>
+<?php }
+
+// On Edit page only, preserve vertical spacing for message even when empty.
 if (!isset($message) && ($page == "edit")) { echo '<div id="message"></div>'; };
 
 
 
+
 // COPY FILE *******************************************************************
 if ($page == "copy") { 
 	$extension = strrchr($filename, ".");
@@ -326,15 +392,15 @@ function Cancel_Submit_Buttons($button_label) {
 	<h2>Copy &ldquo;<a href="/<?php echo $filename; ?> "> <?php echo $filename; ?> </a> &rdquo;</h2>
 	<p>Existing files with the same filename are automatically overwritten... Be careful!</p>
 	<form method="post" id="new" action="<?php echo $ONESCRIPT.$varvar; ?>">
-		<input type="hidden" name="sessionid" value="<?php echo session_id(); ?>" />
+		<input type="hidden" name="sessionid" value="<?php echo session_id(); ?>">
 		<p>
 			<label>Old filename:</label>
-			<input type="hidden" name="old_filename" value="<?php echo $filename; ?>" />
-			<input type="text" name="dummy" value="<?php echo $filename; ?>" class="textinput" disabled="disabled" />
+			<input type="hidden" name="old_filename" value="<?php echo $filename; ?>">
+			<input type="text" name="dummy" value="<?php echo $filename; ?>" class="textinput" disabled="disabled">
 		</p>
 		<p>
 			<label for="copy_filename">New filename:</label>
-			<input type="text" name="copy_filename" id="copy_filename" class="textinput" value="<?php echo $slug."_".date("mdyHi").$extension; ?>" />
+			<input type="text" name="copy_filename" id="copy_filename" class="textinput" value="<?php echo $slug."_".date("mdyHi").$extension; ?>">
 		</p>
 		<p>	<?php Cancel_Submit_Buttons("Copy"); ?>	</p>
 	</form>
@@ -345,14 +411,14 @@ function Cancel_Submit_Buttons($button_label) {
 // DELETE FILE *****************************************************************
 if ($page == "delete") {
 	$varvar = "?i=".substr($_GET["d"],0,strrpos($_GET["d"],"/")); ?>
-	<h2>Delete &ldquo;<a href="/<?php echo $filename; ?> " >
+	<h2>Delete &ldquo;<a href="/<?php echo $filename; ?> ">
 	<?php echo $filename; ?></a>&rdquo;</h2>
 	<p>Are you sure?</p>
 
 	<form method="post" action="<?php echo $ONESCRIPT.$varvar; ?>">
-		<input type="hidden" name="sessionid" value="<?php echo session_id(); ?>" />
+		<input type="hidden" name="sessionid" value="<?php echo session_id(); ?>">
 		<p>
-			<input type="hidden" name="delete_filename" value="<?php echo $filename; ?>" />
+			<input type="hidden" name="delete_filename" value="<?php echo $filename; ?>">
 			<?php Cancel_Submit_Buttons("DELETE"); ?>
 
 		</p>
@@ -367,9 +433,9 @@ function Cancel_Submit_Buttons($button_label) {
 	<h2>Delete Folder &ldquo;<?php echo $_GET["i"]; ?>&rdquo;</h2>
 	<p>Folders have to be empty before they can be deleted.</p>
 	<form method="post" action="<?php echo $ONESCRIPT.$varvar; ?>">
-		<input type="hidden" name="sessionid" value="<?php echo session_id(); ?>" />
+		<input type="hidden" name="sessionid" value="<?php echo session_id(); ?>">
 		<p>
-			<input type="hidden" name="delete_foldername" value="<?php echo $_GET["i"]; ?>" />
+			<input type="hidden" name="delete_foldername" value="<?php echo $_GET["i"]; ?>">
 			<?php Cancel_Submit_Buttons("DELETE"); ?>
 
 		</p>
@@ -381,14 +447,21 @@ function Cancel_Submit_Buttons($button_label) {
 // EDIT ************************************************************************
 if ($page == "edit") { ?>
 
-	<h2 id="edit_header">Edit &ldquo;<a href="/<?php echo $filename; ?>" > 
-	 <?php echo $filename; ?> 
+	<h2 id="edit_header">Edit &ldquo;<a href="/<?php echo $filename; ?>"> 
+	<?php echo $filename; ?> 
 	</a>&rdquo;</h2>
 
-	<form id="edit_file" name="edit_file" method="post" action="<?php echo $ONESCRIPT.'?f='.$filename; ?>">
+	<form id="edit_form" name="edit_form" method="post" action="<?php echo $ONESCRIPT.'?f='.$filename; ?>">
+
+		<p id="file_meta">
+		<span class="meta_size">Size<b>: </b> <?php echo number_format(filesize($filename)); ?> bytes</span> &nbsp; &nbsp; 
+		<span class="meta_time">Updated<b>: </b><script>FileTimeStamp(<?php echo filemtime($filename); ?>, 1);</script></span><br>
+	
+		</p>
+
 		<?php Close_Button("close"); ?>
-		<script>document.edit_file.elements[0].focus();</script>
-		<input type="hidden" name="sessionid" value="<?php echo session_id(); ?>" />
+		<script>document.edit_form.elements[0].focus();</script>
+		<input type="hidden" name="sessionid" value="<?php echo session_id(); ?>">
 
 		<?php
 		$ext = end( explode(".", strtolower($filename)) );
@@ -398,90 +471,133 @@ function Cancel_Submit_Buttons($button_label) {
 				</textarea>
 			</p>
 			<p class="buttons_right">
-				<input type="submit" class="button" name="save_file" value="Save" disabled="disabled" />
+				<input type="submit" class="button" name="save_file" value="Save" disabled="disabled">
+				<input type="button" class="button" id="reset"  value="Reset - loose changes" disabled="disabled">
 		<?php } else { ?>
 
 			<p>
-				<input type="hidden" name="filename" id="filename" class="textinput" value="<?php echo $filename; ?>" />
+				<input type="hidden" name="filename" id="filename" class="textinput" value="<?php echo $filename; ?>">
 				<textarea id="file_content" onkeyup="Check_for_changes(event);" name="content" class="textinput" cols="70" rows="25"><?php echo $filecontent; ?></textarea>
 			</p>
 			<p class="buttons_right">
-				<input type="submit" class="button" name="save_file" id="save_file" value="Save"  onclick="submitted = true;" disabled="disabled" />
+				<input type="submit" class="button" name="save_file" id="save_file" value="Save"  onclick="submitted = true;"  disabled="disabled">
+				<input type="button" class="button" id="reset"  value="Reset - loose changes" onclick="Reset_File()"  disabled="disabled">
 		<?php } ?>
-			<input type="button" class="button" id="reset"  value="Reset - loose changes" onclick="Reset_File()" disabled="disabled" />
-			<input type="button" class="button" name="rename_file" value="Rename/Move" onclick="parent.location='<?php echo $ONESCRIPT.'?r='.$filename; ?>'" />
-			<input type="button" class="button" name="delete_file" value="Delete"      onclick="parent.location='<?php echo $ONESCRIPT.'?d='.$filename; ?>'" />
-			<input type="button" class="button" name="copy_file"   value="Copy"        onclick="parent.location='<?php echo $ONESCRIPT.'?c='.$filename; ?>'" />
+		
+			<input type="button" class="button" name="rename_file" value="Rename/Move" onclick="parent.location='<?php echo $ONESCRIPT.'?r='.$filename; ?>'">
+			<input type="button" class="button" name="delete_file" value="Delete"      onclick="parent.location='<?php echo $ONESCRIPT.'?d='.$filename; ?>'">
+			<input type="button" class="button" name="copy_file"   value="Copy"        onclick="parent.location='<?php echo $ONESCRIPT.'?c='.$filename; ?>'">
 			<?php Close_Button(""); ?>
-			</p><div class="meta">
-			<p>File Size: <?php echo number_format(filesize($filename)); ?> &nbsp; &ndash; &nbsp;
-			   Updated: <?php echo date("Y-m-d\, h:ia", filemtime($filename)); ?>
 			</p>
-		</div>
 	</form>
 	<div style="clear:both;"></div>
+	<div id="edit_note">
+	NOTE: On some browsers, such as Chrome, if you click the browser [Back] then browser [Forward] (or vice versa), the file state may not be accurate.  To correct, click the browser's [Reload].
+	</div>
 
 
 
-	<!--========== Provide feedback re: unsaved changes ==========-->
+	<!--======== Provide feedback re: unsaved changes ========-->
 	<script>
-	var File_to_Edit = document.getElementById('file_content');
-	var start_value = File_to_Edit.value;
-	var submitted = false
-	var changed   = false;
+	    
+	var File_textarea    = document.getElementById('file_content');
+	var Save_File_button = document.getElementById('save_file');
+	var Reset_button     = document.getElementById('reset');
+
+	var start_value = File_textarea.value;
+	var submitted   = false
+	var changed     = false;
+
+
+
+	// The following events only apply when the element is active.
+	// [Save] is disabled unless there are changes to the open file.
+	Save_File_button.onfocus = function() {Save_File_button.style.backgroundColor = "rgb(255,250,150)";}
+	Save_File_button.onblur  = function() {Save_File_button.style.backgroundColor ="#Fee";}
+	Save_File_button.onmouseover = function() {Save_File_button.style.backgroundColor = "rgb(255,250,150)";}
+	Save_File_button.onmouseout  = function() {Save_File_button.style.backgroundColor = "#Fee";}
 
-	document.getElementById('file_content').style.backgroundColor = "#efe";  //light green
 
 
 	function Reset_file_status_indicators() {
 		changed = false;
-		document.getElementById('file_content').style.backgroundColor = "#eFe";  //light green
-		document.getElementById('save_file').style.backgroundColor = "";
-		document.getElementById('save_file').disabled = "disabled";
-		document.getElementById('save_file').value = "Save";
-		document.getElementById('reset').disabled = "disabled";
+		File_textarea.style.backgroundColor = "#eFe";  //light green
+		Save_File_button.style.backgroundColor = "";
+		Save_File_button.style.borderColor = "";
+		Save_File_button.style.borderWidth = "1px";
+		Save_File_button.disabled = "disabled";
+		Save_File_button.value = "Save";
+		Reset_button.disabled = "disabled";
+		File_textarea.focus();
 	}
 
+
 	window.onbeforeunload = function() {
 		if ( changed && !submitted) { 
 			//FF4+ Ingores the supplied msg below & only uses a system msg for the prompt.
-			return "You are about to leave this page -  unsaved changes will be lost!";
+			return "               Unsaved changes will be lost!";
 		}
 	}
 
+
 	window.onunload = function() {
 		//without this, a browser back then forward would reload file with local/
 		// unsaved changes, but with a green b/g as tho that's the file's contents.
-		if (!submitted) { Reset_file_status_indicators(); }
+		if (!submitted) {
+			File_textarea.value = start_value;
+			Reset_file_status_indicators();
+		}
+	}
+
+
+	//With selStart & selEnd == 0, moves cursor to start of text field.
+	function setSelRange(inputEl, selStart, selEnd) { 
+		if (inputEl.setSelectionRange) { 
+			inputEl.focus(); 
+			inputEl.setSelectionRange(selStart, selEnd); 
+		} else if (inputEl.createTextRange) { 
+			var range = inputEl.createTextRange(); 
+			range.collapse(true); 
+			range.moveEnd('character', selEnd); 
+			range.moveStart('character', selStart); 
+			range.select(); 
+		} 
 	}
 
+
 	function Check_for_changes(event){
 		var keycode=event.keyCode? event.keyCode : event.charCode;
-		changed = (File_to_Edit.value != start_value);
+		changed = (File_textarea.value != start_value);
 		if (changed){
-			document.getElementById('message').innerHTML = " ";
-			document.getElementById('file_content').style.backgroundColor    = "#Fee";  //light red
-			document.getElementById('save_file').style.backgroundColor = "#Fee";  //light red
-			document.getElementById('save_file').disabled = "";
-			document.getElementById('reset').disabled = "";
-			document.getElementById('save_file').value = "SAVE";
+			document.getElementById('message').innerHTML = " "; // Must have a space, or it won't clear the msg.
+			File_textarea.style.backgroundColor = "#Fee";  //light red
+			Save_File_button.style.backgroundColor ="#Fee";
+			Save_File_button.style.borderColor = "#F44";   //less light red
+			Save_File_button.style.borderWidth = "1px";
+			Save_File_button.disabled = "";
+			Reset_button.disabled = "";
+			Save_File_button.value = "SAVE CHANGES!";
 		}else{
 			Reset_file_status_indicators()
 		}
 	}
 
+
 	//Reset textarea value to when page was loaded.
 	//Used by [Reset] button, and when page unloads (browser back, etc). 
 	//Needed becuase if the page is reloaded (ctl-r, or browser back/forward, etc.), 
 	//the text stays changed, but "changed" gets set to false, which looses warning.
 	function Reset_File() {
 		if (changed) {
-			if ( !(confirm("! Reset file and loose unsaved changes? !")) ) { return; }
+			if ( !(confirm("Reset file and loose unsaved changes?")) ) { return; }
 		}
+		File_textarea.value = start_value;
 		Reset_file_status_indicators();
-		File_to_Edit.value = start_value;
-		document.edit_file.elements[0].focus();
+		setSelRange(File_textarea, 0, 0) //MOve cursor to start of textarea.
 	}
+	
+	
+	Reset_file_status_indicators()
 	</script>
 
 <?php }; //End Edit page **************************************************** ?>
@@ -491,7 +607,6 @@ function Reset_File() {
 
 
 
-
 <?php // INDEX *****************************************************************
 if ($page == "index") {
 	$varvar = "";
@@ -527,7 +642,7 @@ function Reset_File() {
 	<p class="index_folders">
 		<?php
 		$files = glob($varvar."*",GLOB_ONLYDIR);
-		sort($files);
+		natcasesort($files);
 		foreach ($files as $file) {
 			echo '<a href="'.$ONESCRIPT.'?i='.$file.'" class="folder">'.basename($file).' /</a>';
 		} ?>
@@ -537,16 +652,19 @@ function Reset_File() {
 
 	<!--============== List files - BLOCK view ===============-->
 	<?php
-	function list_BLOCK_view() {
+	function BLOCK_view() {
 	global $varvar, $config_excluded, $ftypes, $fclasses ; 
 	 ?>
 	<div style="clear:both;"></div>
 	<ul class="index">
-		<?php $files = glob($varvar."{,.}*", GLOB_BRACE); sort($files);
+		<?php
+		$files = glob($varvar."{,.}*", GLOB_BRACE);
+		natcasesort($files); //sort w/o regard to case.
 
 		foreach ($files as $file) {
 			$excludeme = 0;
 			$config_excludeds = explode(",", $config_excluded);
+
 			foreach ($config_excludeds as $config_exclusion) {
 				if (strrpos(basename($file),$config_exclusion) !== False && 
 				strrpos(basename($file),$config_exclusion) !== "") { 
@@ -567,16 +685,16 @@ function list_BLOCK_view() {
 						<a href="<?php echo $ONESCRIPT.'?f='.$file.'" class=" '.$file_class.'">';
 						echo basename($file); ?></a>
 						<div class="meta">
-							<span><i>File Size:</i>
-							<?php echo number_format(filesize($file)).""; ?><br /></span>
-							<span><i>Last Updated:</i>
-							<?php echo date("n/j/y g:ia", filemtime($file)); ?></span>
+							<span><i>File Size:</i> 
+							<?php echo number_format(filesize($file)); ?><br></span>
+							<span><i>Updated:</i> 
+							<script>FileTimeStamp(<?php echo filemtime($file); ?>);</script></span>
 						</div>
 					</li>
 			<?php } ?>
 		<?php } ?>
 	</ul>
-	<?php }//end list_BLOCK_view() ===========================-->?>
+	<?php }//end BLOCK_view() ===========================-->?>
 
 
 
@@ -586,9 +704,7 @@ function list_view() {
 	global $varvar, $config_excluded, $ftypes, $fclasses ; 
 	
 	$files = glob($varvar."{,.}*", GLOB_BRACE);
-	sort($files);
-	$files_count = count($files);
-	$fc = 0;
+	natcasesort($files);
 
 	echo '<table class="index_T">';
 		foreach ($files as $file) {
@@ -618,12 +734,11 @@ function list_view() {
 							<?php echo "<a href='", $ONESCRIPT,"?f=", $file, "'"; ?>
 							<?php echo "class='",  $file_class, "'>", basename($file), "</a>"; ?>
 						</td>
-						<td class="meta_size">
+						<td class="meta_size">&nbsp;
 							<?php echo number_format(filesize($file)).""; ?> B
 						</td>
-						<td class="meta_time">
-							<?php echo date("Y-m-d", filemtime($file)); ?> &nbsp;
-							<?php echo date("h:ia" , filemtime($file)); ?>
+						<td class="meta_time"> &nbsp;
+							<script>FileTimeStamp(<?php echo filemtime($file); ?>);</script>
 						</td>
 					</tr>
 		<?php 
@@ -638,8 +753,8 @@ function list_view() {
 
 
 	<?php //<!-- Determine view mode, list files. ====================-->
-		if ($VIEW_MODE == "BLOCK"){ list_BLOCK_view(); }
-		else                      { list_view();       }
+		if ($VIEW_MODE == "BLOCK"){ BLOCK_view(); }
+		else                      { list_view();  }
 	?>
 
 
@@ -669,14 +784,14 @@ function list_view() {
 	<form method="post" action="<?php echo $ONESCRIPT; ?>">
 		<p>
 			<label for="onefilecms_username">Username:</label>
-			<input type="text" name="onefilecms_username" id="onefilecms_username" class="login_input" />
+			<input type="text" name="onefilecms_username" id="onefilecms_username" class="login_input">
 		</p>
 		<p>
 			<label for="onefilecms_password">Password:</label>
-			<input type="password" name="onefilecms_password" id="onefilecms_password" class="login_input" />
+			<input type="password" name="onefilecms_password" id="onefilecms_password" class="login_input">
 		</p>
 			
-		<input type="submit" class="button" value="Enter" />
+		<input type="submit" class="button" value="Enter">
 	</form>
 	<script>document.getElementById('onefilecms_username').focus();</script>
 <?php };
@@ -700,10 +815,10 @@ function list_view() {
 		<h2>New File</h2>
 		<p>Existing files with the same name will not be overwritten.</p>
 		<form method="post" id="new" action="<?php echo $ONESCRIPT.substr_replace($varvar,"",-1); ?>">
-			<input type="hidden" name="sessionid" value="<?php echo session_id(); ?>" />
+			<input type="hidden" name="sessionid" value="<?php echo session_id(); ?>">
 			<p>
 				<label for="new_filename">New filename: </label>
-				<input type="text" name="new_filename" id="new_filename" class="textinput" value="<?php echo $_GET["i"]; ?>" />
+				<input type="text" name="new_filename" id="new_filename" class="textinput" value="<?php echo $_GET["i"]; ?>">
 			</p>
 			<p>	<?php Cancel_Submit_Buttons("Create"); ?> </p>
 		</form>
@@ -719,10 +834,10 @@ function list_view() {
 	<h2>New Folder</h2>
 	<p>Existing folders with the same name will not be overwritten.</p>
 	<form method="post" action="<?php echo $ONESCRIPT.substr_replace($varvar,"",-1); ?>">
-		<input type="hidden" name="sessionid" value="<?php echo session_id(); ?>" />
+		<input type="hidden" name="sessionid" value="<?php echo session_id(); ?>">
 		<p>
 			<label for="new_folder">Folder name: </label>
-			<input type="text" name="new_folder" id="new_folder" class="textinput" value="<?php echo $_GET["i"]; ?>" />
+			<input type="text" name="new_folder" id="new_folder" class="textinput" value="<?php echo $_GET["i"]; ?>">
 		</p>
 		<p>	<?php Cancel_Submit_Buttons("Create"); ?> </p>
 	</form>
@@ -740,15 +855,15 @@ function list_view() {
 	<p>To move a file, preface its name with the folder's name, as in 
 	"<i>foldername/filename.txt</i>." The folder must already exist.</p>
 	<form method="post" action="<?php echo $ONESCRIPT.$varvar;	?>">
-		<input type="hidden" name="sessionid" value="<?php echo session_id(); ?>" />
+		<input type="hidden" name="sessionid" value="<?php echo session_id(); ?>">
 		<p>
 			<label>Old filename:</label>
-			<input type="hidden" name="old_filename" value="<?php echo $filename; ?>" />
-			<input type="text" name="dummy" value="<?php echo $filename; ?>" class="textinput" disabled="disabled" />
+			<input type="hidden" name="old_filename" value="<?php echo $filename; ?>">
+			<input type="text" name="dummy" value="<?php echo $filename; ?>" class="textinput" disabled="disabled">
 		</p>
 		<p>
 			<label for="rename_filename">New filename:</label>
-			<input type="text" name="rename_filename" id="rename_filename" class="textinput" value="<?php echo $filename; ?>" />
+			<input type="text" name="rename_filename" id="rename_filename" class="textinput" value="<?php echo $filename; ?>">
 		</p>
 		<p><?php Cancel_Submit_Buttons("Rename"); ?></p>
 	</form>
@@ -762,14 +877,14 @@ function list_view() {
 	$varvar = "?i=".substr($_GET["i"],0,strrpos(substr_replace($_GET["i"],"",-1),"/")); ?>
 	<h2>Rename Folder &ldquo;<?php echo $_GET["i"]; ?>&rdquo;</h2>
 	<form method="post" action="<?php echo $ONESCRIPT.$varvar; ?>">
-		<input type="hidden" name="sessionid" value="<?php echo session_id(); ?>" />
+		<input type="hidden" name="sessionid" value="<?php echo session_id(); ?>">
 		<p>
-			<label>Old name:</label><input type="hidden" name="old_foldername" value="<?php echo $_GET["i"]; ?>" />
-			<input type="text" name="dummy" value="<?php echo $_GET["i"]; ?>" class="textinput" disabled="disabled" />
+			<label>Old name:</label><input type="hidden" name="old_foldername" value="<?php echo $_GET["i"]; ?>">
+			<input type="text" name="dummy" value="<?php echo $_GET["i"]; ?>" class="textinput" disabled="disabled">
 		</p>
 		<p>
 			<label for="rename_foldername">New name:</label>
-			<input type="text" name="rename_foldername" id="rename_foldername" class="textinput" value="<?php echo $_GET["i"]; ?>" />
+			<input type="text" name="rename_foldername" id="rename_foldername" class="textinput" value="<?php echo $_GET["i"]; ?>">
 		</p>
 		<p><?php Cancel_Submit_Buttons("Rename"); ?></p>
 	</form>
@@ -783,15 +898,15 @@ function list_view() {
 	$varvar = ""; if (isset($_GET["i"])) { $varvar = "?i=".$_GET["i"]; } ?>
 	<h2>Upload</h2>
 	<form enctype="multipart/form-data" action="<?php echo $ONESCRIPT.substr_replace($varvar,"",-1); ?>" method="post">
-		<input type="hidden" name="sessionid" value="<?php echo session_id(); ?>" />
-		<input type="hidden" name="MAX_FILE_SIZE" value="100000" />
+		<input type="hidden" name="sessionid" value="<?php echo session_id(); ?>">
+		<input type="hidden" name="MAX_FILE_SIZE" value="100000">
 		<p>
 			<label for="upload_destination">Destination:</label>
-			<input type="text" name="upload_destination" value="<?php echo $_GET["i"]; ?>" class="textinput" />
+			<input type="text" name="upload_destination" value="<?php echo $_GET["i"]; ?>" class="textinput">
 		</p>
 		<p>
 			<label for="upload_filename">File:</label>
-			<input name="upload_filename" type="file" size="93"/>
+			<input name="upload_filename" type="file" size="93">
 		</p>
 		<p><?php Cancel_Submit_Buttons("Upload"); ?></p>
 	</form>
diff --git a/readme.markdown b/readme.markdown
index 568b8e2..cdeaefd 100644
--- a/readme.markdown
+++ b/readme.markdown
@@ -85,6 +85,14 @@ It isn't entirely necessary, but it does provide nice enhancements, like warning
 
 ## Change Log
 
+### 1.2.0
+
+- List of files now sorted alphabetically, without regard to case.
+- Further improved Edit page & screen feedback of file state (changed/unchanged).
+- Added [X] dismiss button on message box
+- File date shown on Index & Edit pages is now in user's local time.
+- Moved from xhtml to html syntax & doctype.
+
 ### 1.1.9
 
 - Improved Edit page & screen feedback of file state (changed/unchanged).
@@ -152,7 +160,7 @@ It isn't entirely necessary, but it does provide nice enhancements, like warning
 
 ## Credit, License, Et Cetera
 
-Written in PHP, JavaScript, XHTML and CSS.
+Written in PHP, JavaScript, HTML and CSS.
 
 Available under the MIT and BSD license.
 
@@ -162,9 +170,10 @@ To report a bug or request a feature, please file an issue via Github. Forks enc
 
 ##Needed/potential/upcoming improvements
 
+- With Chrome, and possibly Safari, issue with Edit page: Clicking browser [back] & then browser [forward],  with file changed and not saved. On return (after [forward] clicked), file still has changes, but indicators are green (saved/unchanged). Does not affect FF 7+ or IE 8+.
 - Prompt to prevent automatic overwrite when uploading or renaming files.
-- Option to switch between original OneFileCMS view and a common list view.
-  Currently accomplished with a config variable. Working on a 
+- Clickable option to switch between original OneFileCMS view and a common list view.
+  (Currently accomplished with a config variable.)
 - Embed css and remove or swtich to svg icons to create a true "OneFileCMS"
   (in the works)
 - Check size of file to upload, verify under max post/upload limits.

From a0443ce96f3aaad269d8cdb336d44115e3582c91 Mon Sep 17 00:00:00 2001
From: Self-Evident <selfevidenttruths@mail.com>
Date: Sun, 29 Apr 2012 21:55:07 -0400
Subject: [PATCH 043/228] Added svg as an editable file type. Some code & css
 improvment to Edit & Index pages. Added $config_itypes (image types) in prep
 for future enhancement.

---
 onefilecms.css | 38 +++++++++++++++----------------
 onefilecms.php | 62 ++++++++++++++++++++++++--------------------------
 2 files changed, 48 insertions(+), 52 deletions(-)

diff --git a/onefilecms.css b/onefilecms.css
index 4cffb8e..bf6301e 100755
--- a/onefilecms.css
+++ b/onefilecms.css
@@ -132,21 +132,17 @@ pre {
 	}
 
 
-
 .page_login label {
 	display: block;
 	margin-bottom: 2px;
 	}
 
+
 .alignleft {
 	margin: 0 10px 10px 0;
 	float: left;
 	}
 
-.left70 {
-	width: 70px;
-	display: inline-block;
-	}
 
 #message {
 	min-height: 1.7em; /* Leave space when message is blank. Used by Edit page */
@@ -167,6 +163,7 @@ pre {
 #message a { padding: 4px 1px 4px 1px; border-right: none; } /*T R B L*/
 
 
+
 /* --- INDEX --- */
 
 .index { width: 810px; }
@@ -196,6 +193,7 @@ pre {
 .index a.css { background:white url("http://self-evident.github.com/OneFileCMS/images/file-css.png") 3px no-repeat; }
 .index a.htm { background:white url("http://self-evident.github.com/OneFileCMS/images/file-htm.png") 3px no-repeat; }
 .index a.php { background:white url("http://self-evident.github.com/OneFileCMS/images/file-php.png") 3px no-repeat; }
+.index a.svg { background:white url("http://self-evident.github.com/OneFileCMS/images/file-svg.png") 3px no-repeat; }
 
 .index a:hover { background-color: rgb(255,250,150); }
 .index a:focus { background-color: rgb(255,250,150); }
@@ -242,6 +240,7 @@ table.index_T td {
 .index_T a.cfg { background: url("http://self-evident.github.com/OneFileCMS/images/file-cfg.png") 3px no-repeat; }
 .index_T a.img { background: url("http://self-evident.github.com/OneFileCMS/images/file-img.png") 3px no-repeat; }
 .index_T a.bin { background: url("http://self-evident.github.com/OneFileCMS/images/file-bin.png") 3px no-repeat; }
+.index_T a.svg { background: url("http://self-evident.github.com/OneFileCMS/images/file-svg.png") 3px no-repeat; }
 
 .index_T a:hover { background-color: rgb(255,250,150); }
 .index_T a:focus { background-color: rgb(255,250,150); }
@@ -252,32 +251,31 @@ table.index_T td {
 
 .meta_size {
 	min-width     : 6em;
+	}
+
+.meta_time {
+	width         : 13em;
+	}
+
+.meta {
+	height        : 25px;
+	line-height   : 1.1em;
+	font-size     : .9em;
+	margin-top    : 3px;
 	padding-right : .5em;
-	text-align    : right;
-	font-family   : courier;
     font-size     : .9em;
 	color         : #333;
 	}
 
-.meta_time {
-	width         : 13em;
+.meta_T {
 	padding-right : .5em;
 	text-align    : right;
 	font-family   : courier;
-	font-size     : .9em;
+    font-size     : .9em;
 	color         : #333;
 	}
 
 
-.index .meta {
-	font-size: .9em;
-	height: 25px;
-	margin-top: 3px;
-	line-height: 1.1em;
-	}
-
-
-
 .index_folders {
 	min-height: 1.4em; 
 	margin-bottom: .2em
@@ -413,7 +411,7 @@ input:hover { background-color: rgb(255,250,150); }
 
 #file_content {height: 24em; }
 
-#file_meta	  {float: left;  margin-top: .5em; width: 700px; border: 0px solid red; }
+.file_meta	  {float: left;  margin-top: .5em;}
 
 .close        {float: right; margin-bottom: .5em;}
 
diff --git a/onefilecms.php b/onefilecms.php
index da8b174..3b77daf 100755
--- a/onefilecms.php
+++ b/onefilecms.php
@@ -14,21 +14,23 @@
 $config_password  = "password";
 $config_title     = "OneFileCMS";
 
-$config_LOCAL     = "/onefilecms/";  //local directory for icons, .css, .js, etc...
+$config_LOCAL     = "/onefilecms/";      //local directory for icons, .css, .js, etc...
 $config_csslocal  = "onefilecms.css";    //Relative to this file.
 //$config_csslocal  ="/onefilecms.css";  //Relative to site URL root.
 $config_csshosted = "http://self-evident.github.com/OneFileCMS/onefilecms.css";
 
-$config_editable  = "html,htm,php,css,txt,text,cfg,conf,ini,csv";
+$config_editable  = "html,htm,php,css,txt,text,cfg,conf,ini,csv,svg";
 $config_excluded  = ""; //files to exclude from directory listings
-$config_ftypes    = "jpg,gif,png,bmp,ico,txt,cvs,css,php,htm,html,cfg,conf"; //used to select file icon
-$config_fclass    = "img,img,img,img,img,txt,txt,css,php,htm,htm,cfg,cfg";   //used to select file icon
+$config_itypes    = "jpg,gif,png,bmp,ico";  // Can be displayed on edit page.
+$config_ftypes    = "jpg,gif,png,bmp,ico,svg,txt,cvs,css,php,htm,html,cfg,conf"; //used to select file icon
+$config_fclass    = "img,img,img,img,img,svg,txt,txt,css,php,htm,htm,cfg,cfg";   //used to select file icon
 // END CONFIGURABLE INFO
 
 //Make arrays out of a couple $config_variables.  They are used in // Index .
 //Above, however, it's easier to config/change a simple string.
 $ftypes   = (explode(",", strtolower($config_ftypes)));
 $fclasses = (explode(",", strtolower($config_fclass)));
+$itypes   = (explode(",", strtolower($config_itypes)));
 
 
 $ONESCRIPT = $_SERVER["SCRIPT_NAME"];
@@ -47,7 +49,8 @@
 function Close_Button($classes) {
 	echo '<input type="button" class="button '.$classes.'" name="close" value="Close" onclick="parent.location=\'';
 	echo $ONESCRIPT.'?i='.substr($_GET["f"],0,strrpos($_GET["f"],"/")).'\'">';
-}
+	?><script>document.edit_form.elements[0].focus();</script><?php // focus on [Close]
+}// End Close_Button()
 
 
 function Cancel_Submit_Buttons($button_label) { 
@@ -420,7 +423,6 @@ function FileTimeStamp(php_filemtime, show_offset){
 		<p>
 			<input type="hidden" name="delete_filename" value="<?php echo $filename; ?>">
 			<?php Cancel_Submit_Buttons("DELETE"); ?>
-
 		</p>
 	</form>
 <?php };
@@ -437,7 +439,6 @@ function FileTimeStamp(php_filemtime, show_offset){
 		<p>
 			<input type="hidden" name="delete_foldername" value="<?php echo $_GET["i"]; ?>">
 			<?php Cancel_Submit_Buttons("DELETE"); ?>
-
 		</p>
 	</form>
 <?php };
@@ -445,56 +446,53 @@ function FileTimeStamp(php_filemtime, show_offset){
 
 
 // EDIT ************************************************************************
-if ($page == "edit") { ?>
+if ($page == "edit") {
 
+	$ext = end( explode(".", strtolower($filename)) );
+ ?>
 	<h2 id="edit_header">Edit &ldquo;<a href="/<?php echo $filename; ?>"> 
 	<?php echo $filename; ?> 
 	</a>&rdquo;</h2>
 
 	<form id="edit_form" name="edit_form" method="post" action="<?php echo $ONESCRIPT.'?f='.$filename; ?>">
 
-		<p id="file_meta">
+		<p class="file_meta">
 		<span class="meta_size">Size<b>: </b> <?php echo number_format(filesize($filename)); ?> bytes</span> &nbsp; &nbsp; 
 		<span class="meta_time">Updated<b>: </b><script>FileTimeStamp(<?php echo filemtime($filename); ?>, 1);</script></span><br>
-	
 		</p>
 
 		<?php Close_Button("close"); ?>
-		<script>document.edit_form.elements[0].focus();</script>
 		<input type="hidden" name="sessionid" value="<?php echo session_id(); ?>">
 
 		<?php
-		$ext = end( explode(".", strtolower($filename)) );
 		if (strpos($config_editable,$ext) === false) { ?>
 			<p>
 				<textarea name="content" class="textinput disabled" cols="70" rows="25" disabled="disabled">Non-text or unkown file type. Edit disabled.
 				</textarea>
 			</p>
-			<p class="buttons_right">
-				<input type="submit" class="button" name="save_file" value="Save" disabled="disabled">
-				<input type="button" class="button" id="reset"  value="Reset - loose changes" disabled="disabled">
 		<?php } else { ?>
-
 			<p>
 				<input type="hidden" name="filename" id="filename" class="textinput" value="<?php echo $filename; ?>">
 				<textarea id="file_content" onkeyup="Check_for_changes(event);" name="content" class="textinput" cols="70" rows="25"><?php echo $filecontent; ?></textarea>
 			</p>
-			<p class="buttons_right">
-				<input type="submit" class="button" name="save_file" id="save_file" value="Save"  onclick="submitted = true;"  disabled="disabled">
-				<input type="button" class="button" id="reset"  value="Reset - loose changes" onclick="Reset_File()"  disabled="disabled">
-		<?php } ?>
-		
-			<input type="button" class="button" name="rename_file" value="Rename/Move" onclick="parent.location='<?php echo $ONESCRIPT.'?r='.$filename; ?>'">
-			<input type="button" class="button" name="delete_file" value="Delete"      onclick="parent.location='<?php echo $ONESCRIPT.'?d='.$filename; ?>'">
-			<input type="button" class="button" name="copy_file"   value="Copy"        onclick="parent.location='<?php echo $ONESCRIPT.'?c='.$filename; ?>'">
-			<?php Close_Button(""); ?>
-			</p>
+		<?php } ?>	
+
+		<p class="buttons_right">
+		<input type="submit" class="button" name="save_file" id="save_file" value="Save"  onclick="submitted = true;"  disabled="disabled">
+		<input type="button" class="button" id="reset"  value="Reset - loose changes" onclick="Reset_File()"  disabled="disabled">
+		<input type="button" class="button" name="rename_file" value="Rename/Move" onclick="parent.location='<?php echo $ONESCRIPT.'?r='.$filename; ?>'">
+		<input type="button" class="button" name="delete_file" value="Delete"      onclick="parent.location='<?php echo $ONESCRIPT.'?d='.$filename; ?>'">
+		<input type="button" class="button" name="copy_file"   value="Copy"        onclick="parent.location='<?php echo $ONESCRIPT.'?c='.$filename; ?>'">
+		<?php Close_Button(""); ?>
+		</p>
 	</form>
 	<div style="clear:both;"></div>
-	<div id="edit_note">
-	NOTE: On some browsers, such as Chrome, if you click the browser [Back] then browser [Forward] (or vice versa), the file state may not be accurate.  To correct, click the browser's [Reload].
-	</div>
 
+	<?php if (strpos($config_editable,$ext) !== false) { ?>
+		<div id="edit_note">
+		NOTE: On some browsers, such as Chrome, if you click the browser [Back] then browser [Forward] (or vice versa), the file state may not be accurate.  To correct, click the browser's [Reload].
+		</div>
+	<?php } ?>
 
 
 	<!--======== Provide feedback re: unsaved changes ========-->
@@ -528,7 +526,7 @@ function Reset_file_status_indicators() {
 		Save_File_button.disabled = "disabled";
 		Save_File_button.value = "Save";
 		Reset_button.disabled = "disabled";
-		File_textarea.focus();
+		//File_textarea.focus();
 	}
 
 
@@ -734,10 +732,10 @@ function list_view() {
 							<?php echo "<a href='", $ONESCRIPT,"?f=", $file, "'"; ?>
 							<?php echo "class='",  $file_class, "'>", basename($file), "</a>"; ?>
 						</td>
-						<td class="meta_size">&nbsp;
+						<td class="meta_T meta_size">&nbsp;
 							<?php echo number_format(filesize($file)).""; ?> B
 						</td>
-						<td class="meta_time"> &nbsp;
+						<td class="meta_T meta_time"> &nbsp;
 							<script>FileTimeStamp(<?php echo filemtime($file); ?>);</script>
 						</td>
 					</tr>

From 635bf87828e28fa04a4cf843b0c2404bbae3c338 Mon Sep 17 00:00:00 2001
From: Self-Evident <selfevidenttruths@mail.com>
Date: Mon, 30 Apr 2012 14:19:17 -0400
Subject: [PATCH 044/228] NOTICE: SECURITY HOLE!

---
 readme.markdown | 19 +++++++++++++++++++
 1 file changed, 19 insertions(+)

diff --git a/readme.markdown b/readme.markdown
index cdeaefd..1945104 100644
--- a/readme.markdown
+++ b/readme.markdown
@@ -1,3 +1,22 @@
+# NOTICE - SECURITY HOLE!
+
+## April 30, 2012
+
+## Versions affected
+
+- 1.1.7 and newer.  Version 1.1.6 is believed to be safe.
+
+## Brief description:
+
+- No login required if a file and path is known.
+  EX:  http:// yourdomain.com/onefilecms.php?f=some/path/to/file.txt
+
+- File edit, rename, move, and copy still work in this way, without login.
+
+## Cause
+- Me. I just noticed the problem.  Some edit between 1.1.6 and now introduced the hole.
+
+
 # OneFileCMS
 
 ## Yeah, it's exactly what you think.

From 591348e34a55605f397e4723c2bb1f4e1b73bb68 Mon Sep 17 00:00:00 2001
From: David <selfevidenttruths@mail.com>
Date: Mon, 30 Apr 2012 16:20:26 -0400
Subject: [PATCH 045/228] Version 1.2.1 (security fix)

---
 onefilecms.css  | 6 +++---
 onefilecms.php  | 8 +++++++-
 readme.markdown | 9 +++++++--
 3 files changed, 17 insertions(+), 6 deletions(-)

diff --git a/onefilecms.css b/onefilecms.css
index bf6301e..a592f97 100755
--- a/onefilecms.css
+++ b/onefilecms.css
@@ -1,5 +1,5 @@
 /* OneFileCMS - http://onefilecms.com/
- * Version 1.1.7 
+ * Version 1.2.1
  * For license & copyright info, see OneFileCMS.License.BSD.txt 
  */ 
 
@@ -409,9 +409,9 @@ input:hover { background-color: rgb(255,250,150); }
 
 #edit_form    {margin: 0;}
 
-#file_content {height: 24em; }
+#file_content {height: 24em;}
 
-.file_meta	  {float: left;  margin-top: .5em;}
+.file_meta	  {float: left;  margin-top: .5em; font-size: .9em; color: #333; font-family: courier;}
 
 .close        {float: right; margin-bottom: .5em;}
 
diff --git a/onefilecms.php b/onefilecms.php
index 3b77daf..6c37e4f 100755
--- a/onefilecms.php
+++ b/onefilecms.php
@@ -2,7 +2,7 @@
 // OneFileCMS - http://onefilecms.com/
 // For license & copyright info, see OneFileCMS.License.BSD.txt
 
-$version = "1.2.0";
+$version = "1.2.1";
 
 
 if( phpversion() < '5.0.0' ) { exit("OneFileCMS requires PHP5 to operate. Please contact your host to upgrade your PHP installation."); };
@@ -88,6 +88,12 @@ function Cancel_Submit_Buttons($button_label) {
 } else {
 	$_SESSION['onefilecms_valid'] = "0";
 	$page = "login";
+	$_GET["p"] = "login";
+	unset($_GET["c"]);
+	unset($_GET["d"]);
+	unset($_GET["f"]);
+	unset($_GET["i"]);
+	unset($_GET["r"]);
 }
 
 global $pagetitle; $pagetitle = "/";
diff --git a/readme.markdown b/readme.markdown
index 1945104..d6b1321 100644
--- a/readme.markdown
+++ b/readme.markdown
@@ -1,10 +1,11 @@
-# NOTICE - SECURITY HOLE!
+# NOTICE - SECURITY HOLE! (Fixed in version 1.2.1)
 
 ## April 30, 2012
 
 ## Versions affected
 
-- 1.1.7 and newer.  Version 1.1.6 is believed to be safe.
+- 1.1.7 thru 1.2.0
+- Versions 1.1.6 and 1.2.1 are believed to be safe.
 
 ## Brief description:
 
@@ -104,6 +105,10 @@ It isn't entirely necessary, but it does provide nice enhancements, like warning
 
 ## Change Log
 
+### 1.2.1
+
+- Fixed security hole that affected versions 1.1.7 - 1.2.0.
+
 ### 1.2.0
 
 - List of files now sorted alphabetically, without regard to case.

From 6449d59b2829ff8144998097165a791d0c0d2a50 Mon Sep 17 00:00:00 2001
From: Self-Evident <selfevidenttruths@mail.com>
Date: Tue, 1 May 2012 00:32:14 -0400
Subject: [PATCH 046/228] Version 1.2.2 Images are now <a>displayed</a> on edit
 page instead of disabled textarea. Logout page now just a message on login
 page. Moved php misc functions to after session_start() section. Changed Edit
 pagetitle from Edit to View/Edit... In <h2> on edit page, changed Edit to
 File.  Some files, like images, aren't editable. <script> for edit page
 enhancements loads only on editable files.

---
 onefilecms.php | 191 +++++++++++++++++++++++++++++++------------------
 1 file changed, 122 insertions(+), 69 deletions(-)

diff --git a/onefilecms.php b/onefilecms.php
index 6c37e4f..634d136 100755
--- a/onefilecms.php
+++ b/onefilecms.php
@@ -2,7 +2,7 @@
 // OneFileCMS - http://onefilecms.com/
 // For license & copyright info, see OneFileCMS.License.BSD.txt
 
-$version = "1.2.1";
+$version = "1.2.2";
 
 
 if( phpversion() < '5.0.0' ) { exit("OneFileCMS requires PHP5 to operate. Please contact your host to upgrade your PHP installation."); };
@@ -43,39 +43,6 @@
 
 
 
-//******************************************************************************
-// Functions
-
-function Close_Button($classes) {
-	echo '<input type="button" class="button '.$classes.'" name="close" value="Close" onclick="parent.location=\'';
-	echo $ONESCRIPT.'?i='.substr($_GET["f"],0,strrpos($_GET["f"],"/")).'\'">';
-	?><script>document.edit_form.elements[0].focus();</script><?php // focus on [Close]
-}// End Close_Button()
-
-
-function Cancel_Submit_Buttons($button_label) { 
-	global $ONESCRIPT, $varvar;
-
-	// [Cancel] returns to either the current/path, or current/path/file
-	if (isset($_GET["i"])){ $ipath = '?i='.rtrim($_GET["i"],"/"); }
-		else if ( isset($_GET["c"]) ) { $ipath = '?f='.$_GET["c"]; }
-		else if ( isset($_GET["d"]) ) { $ipath = '?f='.$_GET["d"]; }
-		else if ( isset($_GET["r"]) ) { $ipath = '?f='.$_GET["r"]; }
-		else{                           $ipath = rtrim($varvar,"/");
-	}//end if/else if
-
-	?>
-	<p>
-		<input type="button" class="button" id="cancel" name="cancel" value="Cancel" onclick="parent.location='<?php echo $ONESCRIPT.$ipath; ?>'">
-		<input type="submit" class="button" value="<?php echo $button_label;?>" style="margin-left: 1.3em;">
-	</p>
-	<script>document.getElementById('cancel').focus();</script>
-	<?php
-}// End Cancel_Submit_Buttons()
-
-// End of funtions *************************************************************
-
-
 
 //******************************************************************************
 session_start();
@@ -83,6 +50,7 @@ function Cancel_Submit_Buttons($button_label) {
 
 if (isset($_POST["onefilecms_username"])) { $_SESSION['onefilecms_username'] = $_POST["onefilecms_username"]; }
 if (isset($_POST["onefilecms_password"])) { $_SESSION['onefilecms_password'] = $_POST["onefilecms_password"]; }
+
 if (($_SESSION['onefilecms_username'] == $config_username) and ($_SESSION['onefilecms_password'] == $config_password || md5($_SESSION['onefilecms_password']) == $config_password)) {
 	$_SESSION['onefilecms_valid'] = "1";
 } else {
@@ -98,6 +66,7 @@ function Cancel_Submit_Buttons($button_label) {
 
 global $pagetitle; $pagetitle = "/";
 if ((isset($_GET["i"])) && ($_GET["i"] !== "")) { $pagetitle = "/".$_GET["i"]."/"; }
+
 if (isset($_GET["p"])) {
 	// redirect on invalid page attempts
 	$page = $_GET["p"];
@@ -108,11 +77,22 @@ function Cancel_Submit_Buttons($button_label) {
 		$page = "index";
 	}
 }
+
 if ( ($page == "login") and ($_SESSION['onefilecms_valid']) ) {$page = "index"; header("Location: ".$ONESCRIPT);};
 
-if ($_GET["p"] == "login") {$pagetitle = "Log In"; }
-if ($_GET["p"] == "logout") {$pagetitle = "Log Out"; $_SESSION['onefilecms_valid'] = "0"; session_destroy(); }
+if ($_GET["p"] == "login") { $pagetitle = "Log In"; }
+
+if ($_GET["p"] == "logout") {
+	$page = "login";
+	$pagetitle = "Log Out";
+	$_SESSION['onefilecms_valid'] = "0";
+	session_destroy();
+	$message = 'You have successfully logged out.';
+}
+
 if ($_GET["i"] == "") { unset($_GET["i"]); }
+// End session startup**********************************************************
+
 
 
 
@@ -123,6 +103,43 @@ function Cancel_Submit_Buttons($button_label) {
 
 
 
+
+//******************************************************************************
+// Misc Functions
+
+function Close_Button($classes) {
+	echo '<input type="button" class="button '.$classes.'" name="close" value="Close" onclick="parent.location=\'';
+	echo $ONESCRIPT.'?i='.substr($_GET["f"],0,strrpos($_GET["f"],"/")).'\'">';
+	?><script>document.edit_form.elements[1].focus();</script><?php // focus on [Close]
+}// End Close_Button()
+
+
+function Cancel_Submit_Buttons($button_label) { 
+	global $ONESCRIPT, $varvar;
+
+	// [Cancel] returns to either the current/path, or current/path/file
+	if (isset($_GET["i"])){ $ipath = '?i='.rtrim($_GET["i"],"/"); }
+		else if ( isset($_GET["c"]) ) { $ipath = '?f='.$_GET["c"]; }
+		else if ( isset($_GET["d"]) ) { $ipath = '?f='.$_GET["d"]; }
+		else if ( isset($_GET["r"]) ) { $ipath = '?f='.$_GET["r"]; }
+		else{                           $ipath = rtrim($varvar,"/");
+	}//end if/else if
+
+	?>
+	<p>
+		<input type="button" class="button" id="cancel" name="cancel" value="Cancel" onclick="parent.location='<?php echo $ONESCRIPT.$ipath; ?>'">
+		<input type="submit" class="button" value="<?php echo $button_label;?>" style="margin-left: 1.3em;">
+	</p>
+	<script>document.getElementById('cancel').focus();</script>
+	<?php
+}// End Cancel_Submit_Buttons()
+
+// End of misc funtions ********************************************************
+
+
+
+
+
 // COPY FILE *******************************************************************
 if (isset($_GET["c"])) {
 	$filename = $_GET["c"]; $pagetitle = "Copy &ldquo;".$filename."&rdquo;";  $page = "copy";
@@ -185,7 +202,7 @@ function Cancel_Submit_Buttons($button_label) {
 	$filename = stripslashes($_GET["f"]);
 	if (file_exists($filename)) {
 		$page = "edit";
-		$pagetitle = "Edit &ldquo;".$filename."&rdquo;";
+		$pagetitle = "View/Edit &ldquo;".$filename."&rdquo;";
 		$fp = @fopen($filename, "r");
 		if (filesize($filename) !== 0) {
 			$filecontent = fread($fp, filesize($filename));
@@ -447,7 +464,7 @@ function FileTimeStamp(php_filemtime, show_offset){
 			<?php Cancel_Submit_Buttons("DELETE"); ?>
 		</p>
 	</form>
-<?php };
+<?php }; 
 
 
 
@@ -455,8 +472,38 @@ function FileTimeStamp(php_filemtime, show_offset){
 if ($page == "edit") {
 
 	$ext = end( explode(".", strtolower($filename)) );
- ?>
-	<h2 id="edit_header">Edit &ldquo;<a href="/<?php echo $filename; ?>"> 
+
+
+	function show_image(){ //************************
+		global $CWD, $filename;
+		$IMG = $filename;
+		//$IMG = $DOC_ROOT.$_GET[f];
+		$img_info = getimagesize($IMG);
+		$MAX_IMG_W   = 800;   // width of display area in OneFileCMS
+		$MAX_IMG_H   = 1000;  // I don't know, it just looks reasonable.
+
+		$W=0; $H=1;
+		$SCALE=1; $TOOWIDE = 0; $TOOHIGH = 0;
+		if ($img_info[$W] > $MAX_IMG_W) { $TOOWIDE = ( $MAX_IMG_W/$img_info[$W] );}
+		if ($img_info[$H] > $MAX_IMG_H) { $TOOHIGH = ( $MAX_IMG_H/$img_info[$H] );}
+
+		if ($TOOHIGH || $TOOWIDE) {
+			if     (!$TOOWIDE)           {$SCALE = $TOOHIGH;}
+			elseif (!$TOOHIGH)           {$SCALE = $TOOWIDE;}
+			elseif ($TOOHIGH > $TOOWIDE) {$SCALE = $TOOWIDE;}
+			else                         {$SCALE = $TOOHIGH;}
+		}
+
+		echo '<p class="file_meta">'.$img_info[3];
+		echo ' (Image shown at ~'. round($SCALE*100) .'% of full size.)</p>';
+		echo '<div style="clear:both;"></div>';
+		echo '<a href="/' . $IMG . '">';
+		echo '<img src="/'.$IMG.'"  height="'.$img_info[$H]*$SCALE.'"></a>';
+	}// end show_image() ****************************
+?>
+
+
+	<h2 id="edit_header">File: &ldquo;<a href="/<?php echo $filename; ?>"> 
 	<?php echo $filename; ?> 
 	</a>&rdquo;</h2>
 
@@ -466,23 +513,26 @@ function FileTimeStamp(php_filemtime, show_offset){
 		<span class="meta_size">Size<b>: </b> <?php echo number_format(filesize($filename)); ?> bytes</span> &nbsp; &nbsp; 
 		<span class="meta_time">Updated<b>: </b><script>FileTimeStamp(<?php echo filemtime($filename); ?>, 1);</script></span><br>
 		</p>
-
-		<?php Close_Button("close"); ?>
+		
 		<input type="hidden" name="sessionid" value="<?php echo session_id(); ?>">
-
-		<?php
-		if (strpos($config_editable,$ext) === false) { ?>
-			<p>
+		<?php Close_Button("close"); ?><div style="clear:both;"></div>
+		
+		<?php function show_textarea(){ global $filename, $filecontent, $ext, $config_editable;
+			if (strpos($config_editable,$ext) === false) {
+			?>	<p>
 				<textarea name="content" class="textinput disabled" cols="70" rows="25" disabled="disabled">Non-text or unkown file type. Edit disabled.
 				</textarea>
-			</p>
-		<?php } else { ?>
-			<p>
+				</p>
+			<?php } else { ?>
+				<p>
 				<input type="hidden" name="filename" id="filename" class="textinput" value="<?php echo $filename; ?>">
 				<textarea id="file_content" onkeyup="Check_for_changes(event);" name="content" class="textinput" cols="70" rows="25"><?php echo $filecontent; ?></textarea>
-			</p>
-		<?php } ?>	
-
+				</p>
+			<?php } //end if-else?>	
+		<?php  } //show_textarea() ?>
+		
+		<?php if (strpos($config_itypes,$ext) === false) { show_textarea(); } ?>
+		
 		<p class="buttons_right">
 		<input type="submit" class="button" name="save_file" id="save_file" value="Save"  onclick="submitted = true;"  disabled="disabled">
 		<input type="button" class="button" id="reset"  value="Reset - loose changes" onclick="Reset_File()"  disabled="disabled">
@@ -494,6 +544,8 @@ function FileTimeStamp(php_filemtime, show_offset){
 	</form>
 	<div style="clear:both;"></div>
 
+	<?php if (strpos($config_itypes,$ext) !== false) { show_image(); } ?>
+
 	<?php if (strpos($config_editable,$ext) !== false) { ?>
 		<div id="edit_note">
 		NOTE: On some browsers, such as Chrome, if you click the browser [Back] then browser [Forward] (or vice versa), the file state may not be accurate.  To correct, click the browser's [Reload].
@@ -501,6 +553,7 @@ function FileTimeStamp(php_filemtime, show_offset){
 	<?php } ?>
 
 
+	<?php if (strpos($config_editable,$ext) !== false) { //if editable file...?>
 	<!--======== Provide feedback re: unsaved changes ========-->
 	<script>
 	    
@@ -603,15 +656,16 @@ function Reset_File() {
 	
 	Reset_file_status_indicators()
 	</script>
+	<?php } //end if editable, include this <script>...</script>
 
-<?php }; //End Edit page **************************************************** ?>
+}; //End Edit page *************************************************************
 
 
 
 
 
 
-<?php // INDEX *****************************************************************
+// INDEX ***********************************************************************
 if ($page == "index") {
 	$varvar = "";
 	if (isset($_GET["i"])) { $varvar = $_GET["i"]."/"; }
@@ -654,8 +708,8 @@ function Reset_File() {
 	
 
 
-	<!--============== List files - BLOCK view ===============-->
-	<?php
+
+	<?php // <!--============== List files - BLOCK view ===============-->
 	function BLOCK_view() {
 	global $varvar, $config_excluded, $ftypes, $fclasses ; 
 	 ?>
@@ -698,7 +752,7 @@ function BLOCK_view() {
 			<?php } ?>
 		<?php } ?>
 	</ul>
-	<?php }//end BLOCK_view() ===========================-->?>
+	<?php }//end BLOCK_view() ==============================-->?>
 
 
 
@@ -750,8 +804,7 @@ function list_view() {
 		}//end foreach file
 		?>
 	</table>
-	<?php }//end list_view()
-	// <!--===== End of directory listing in vertical table =====-->
+	<?php }//end list_view() =================================-->
 	?>
 
 
@@ -776,8 +829,16 @@ function list_view() {
 			Rename Folder</a>
 		<?php } ?>
 	</p>
-<?php };
-// End of Index (file listing) page ********************************************
+
+<?php }; // End of Index (file listing) page ***********************************
+
+
+
+
+// LOG OUT *********************************************************************
+if ($page == "logout") {
+	$page = "login"; 
+}
 
 
 
@@ -803,14 +864,6 @@ function list_view() {
 
 
 
-// LOG OUT *********************************************************************
-if ($page == "logout") { ?>
-	<h2>Log Out</h2>
-	<p>You have successfully been logged out and may close this window.</p>
-<?php };
-
-
-
 
 // NEW FILE ********************************************************************
 if ($page == "new") {

From 28c8fafe9df617763616c09e1afd0afde858f989 Mon Sep 17 00:00:00 2001
From: Self-Evident <selfevidenttruths@mail.com>
Date: Wed, 2 May 2012 02:32:06 -0400
Subject: [PATCH 047/228] Fixed check for local css. If not found, loads hosted
 copy. A little general code cleanup/improvement.

---
 onefilecms.php  | 35 ++++++++++++++++++-----------------
 readme.markdown |  7 ++++++-
 2 files changed, 24 insertions(+), 18 deletions(-)

diff --git a/onefilecms.php b/onefilecms.php
index 634d136..6eb09ea 100755
--- a/onefilecms.php
+++ b/onefilecms.php
@@ -19,6 +19,9 @@
 //$config_csslocal  ="/onefilecms.css";  //Relative to site URL root.
 $config_csshosted = "http://self-evident.github.com/OneFileCMS/onefilecms.css";
 
+$MAX_IMG_W   = 810;   // Max width to display images. (page container = 810)
+$MAX_IMG_H   = 1000;  // Max height.  I don't know, it just looks reasonable.
+
 $config_editable  = "html,htm,php,css,txt,text,cfg,conf,ini,csv,svg";
 $config_excluded  = ""; //files to exclude from directory listings
 $config_itypes    = "jpg,gif,png,bmp,ico";  // Can be displayed on edit page.
@@ -26,6 +29,8 @@
 $config_fclass    = "img,img,img,img,img,svg,txt,txt,css,php,htm,htm,cfg,cfg";   //used to select file icon
 // END CONFIGURABLE INFO
 
+
+
 //Make arrays out of a couple $config_variables.  They are used in // Index .
 //Above, however, it's easier to config/change a simple string.
 $ftypes   = (explode(",", strtolower($config_ftypes)));
@@ -142,7 +147,7 @@ function Cancel_Submit_Buttons($button_label) {
 
 // COPY FILE *******************************************************************
 if (isset($_GET["c"])) {
-	$filename = $_GET["c"]; $pagetitle = "Copy &ldquo;".$filename."&rdquo;";  $page = "copy";
+	$page = "copy"; $filename = $_GET["c"]; $pagetitle = "Copy &ldquo;".$filename."&rdquo;";
 }
 
 if (isset($_POST["copy_filename"]) && $_SESSION['onefilecms_valid'] = "1" && $_POST["sessionid"] == session_id()) {
@@ -156,10 +161,9 @@ function Cancel_Submit_Buttons($button_label) {
 
 // DELETE FILE *****************************************************************
 if (isset($_GET["d"])) {
-	$filename = $_GET["d"];
-	$pagetitle = "Delete &ldquo;".$filename."&rdquo;";
-	$page = "delete";
+	$page = "delete"; $filename = $_GET["d"]; $pagetitle = "Delete &ldquo;".$filename."&rdquo;";
 }
+
 if (isset($_POST["delete_filename"]) && $_SESSION['onefilecms_valid'] = "1" && $_POST["sessionid"] == session_id()) {
 	$filename = $_POST["delete_filename"];
 	unlink($filename);
@@ -317,7 +321,7 @@ function Cancel_Submit_Buttons($button_label) {
 if (substr($config_csslocal,0,1) != "/"){ $ROOT = $CWD.'/'; }
 
 //Check for local style sheet. If not found, use hosted copy.
-if (!file_exists($ROOT.$config_csslocal)) { $STYLE_SHEET = $config_csshosted; }
+if (!file_exists($ROOT.$config_csslocal) || is_dir($ROOT.$config_csslocal)) { $STYLE_SHEET = $config_csshosted; }
 //***************************************************************?>
 
 <link href="<?php echo $STYLE_SHEET;?>" type="text/css" rel="stylesheet">
@@ -475,15 +479,13 @@ function FileTimeStamp(php_filemtime, show_offset){
 
 
 	function show_image(){ //************************
-		global $CWD, $filename;
+		global $filename, $MAX_IMG_W, $MAX_IMG_H;
+		
 		$IMG = $filename;
-		//$IMG = $DOC_ROOT.$_GET[f];
 		$img_info = getimagesize($IMG);
-		$MAX_IMG_W   = 800;   // width of display area in OneFileCMS
-		$MAX_IMG_H   = 1000;  // I don't know, it just looks reasonable.
 
 		$W=0; $H=1;
-		$SCALE=1; $TOOWIDE = 0; $TOOHIGH = 0;
+		$SCALE = 1; $TOOWIDE = 0; $TOOHIGH = 0;
 		if ($img_info[$W] > $MAX_IMG_W) { $TOOWIDE = ( $MAX_IMG_W/$img_info[$W] );}
 		if ($img_info[$H] > $MAX_IMG_H) { $TOOHIGH = ( $MAX_IMG_H/$img_info[$H] );}
 
@@ -799,12 +801,12 @@ function list_view() {
 							<script>FileTimeStamp(<?php echo filemtime($file); ?>);</script>
 						</td>
 					</tr>
-		<?php 
+	<?php 
 			}//end if !is_dir
 		}//end foreach file
-		?>
-	</table>
-	<?php }//end list_view() =================================-->
+	echo '</table>';
+	
+	}//end list_view() =================================-->
 	?>
 
 
@@ -820,8 +822,7 @@ function list_view() {
 	<p class="front_links">
 		<a href="<?php echo $ONESCRIPT.'?p=upload&amp;i='.$varvar; ?>" class="upload">Upload File</a>
 		<a href="<?php echo $ONESCRIPT.'?p=new&amp;i='.$varvar; ?>"    class="new">New File</a>
-		<a href="<?php echo $ONESCRIPT.'?p=folder&amp;i='.$varvar; ?>" class="newfolder">
-		New Folder</a>
+		<a href="<?php echo $ONESCRIPT.'?p=folder&amp;i='.$varvar; ?>" class="newfolder">New Folder</a>
 		<?php if ($varvar !== "") { ?>
 			<a href="<?php echo $ONESCRIPT.'?p=deletefolder&amp;i='.$varvar; ?>" class="deletefolder">
 			Delete Folder</a>
@@ -973,7 +974,7 @@ function list_view() {
 
 
 <div class="footer">
-	<hr>
+	<hr><br><br>
 </div>
 
 
diff --git a/readme.markdown b/readme.markdown
index d6b1321..7a45c3a 100644
--- a/readme.markdown
+++ b/readme.markdown
@@ -5,7 +5,7 @@
 ## Versions affected
 
 - 1.1.7 thru 1.2.0
-- Versions 1.1.6 and 1.2.1 are believed to be safe.
+- Versions 1.1.6 and 1.2.1 + are believed to be safe.
 
 ## Brief description:
 
@@ -105,6 +105,11 @@ It isn't entirely necessary, but it does provide nice enhancements, like warning
 
 ## Change Log
 
+### 1.2.2
+
+- On "Edit" page, images are now displayed directly, instead of a disabled textarea.
+- Logout page replaced with standard "alert" message on login screen.
+
 ### 1.2.1
 
 - Fixed security hole that affected versions 1.1.7 - 1.2.0.

From 7674472735b2943eda5aec06062fa0449743d4ce Mon Sep 17 00:00:00 2001
From: David <selfevidenttruths@mail.com>
Date: Wed, 2 May 2012 16:10:02 -0400
Subject: [PATCH 048/228] Minor wording/markdown tweaks...

---
 readme.markdown | 16 +++++++++++-----
 1 file changed, 11 insertions(+), 5 deletions(-)

diff --git a/readme.markdown b/readme.markdown
index 7a45c3a..a55bb59 100644
--- a/readme.markdown
+++ b/readme.markdown
@@ -1,22 +1,28 @@
 # NOTICE - SECURITY HOLE! (Fixed in version 1.2.1)
 
-## April 30, 2012
+### April 30, 2012
 
 ## Versions affected
 
 - 1.1.7 thru 1.2.0
-- Versions 1.1.6 and 1.2.1 + are believed to be safe.
+
+## Versions *Un* affected / fixed
+
+- Version 1.1.6
+- Versions 1.2.1 and newer
 
 ## Brief description:
 
 - No login required if a file and path is known.
   EX:  http:// yourdomain.com/onefilecms.php?f=some/path/to/file.txt
 
-- File edit, rename, move, and copy still work in this way, without login.
+- File edit, rename, move, and copy work in this way, without login.
 
 ## Cause
-- Me. I just noticed the problem.  Some edit between 1.1.6 and now introduced the hole.
 
+- Me. I just noticed the problem.  Some edit after 1.1.6 introduced the hole.
+
+--------------------------------------------------------------------------------
 
 # OneFileCMS
 
@@ -39,7 +45,7 @@ Coupling a utilitarian code editor with all the basic necessities of an FTP appl
 
 ## Features
  
-- All the basic features of an FTP application like renaming, deleting, copying, and uploading
+- All the basic features of an FTP application like renaming, deleting, copying, and uploading  
   _(Of course, for more complex processes like batch renaming or mass uploads/deletions, you're going to want to break out an actual FTP program.)_
 - Smart alert if you try to leave without saving your edits
 - Gracefully degrading CSS and Javascript

From ced554dde4e3f4abf75869fb6b9b6ea728cab01f Mon Sep 17 00:00:00 2001
From: Self-Evident <selfevidenttruths@mail.com>
Date: Wed, 2 May 2012 18:23:56 -0400
Subject: [PATCH 049/228] Added .gitignore to .gitignore

---
 .gitignore | 1 +
 1 file changed, 1 insertion(+)

diff --git a/.gitignore b/.gitignore
index e69de29..6c7b69a 100644
--- a/.gitignore
+++ b/.gitignore
@@ -0,0 +1 @@
+.gitignore

From 47b9d25faa9f7764e92f014e3d8a779577cf4fae Mon Sep 17 00:00:00 2001
From: Self-Evident <selfevidenttruths@mail.com>
Date: Wed, 2 May 2012 23:55:50 -0400
Subject: [PATCH 050/228] Version 1.2.3 - some minor css adjustments.

---
 onefilecms.css | 34 ++++++++++++----------------------
 1 file changed, 12 insertions(+), 22 deletions(-)

diff --git a/onefilecms.css b/onefilecms.css
index a592f97..1351582 100755
--- a/onefilecms.css
+++ b/onefilecms.css
@@ -1,5 +1,5 @@
 /* OneFileCMS - http://onefilecms.com/
- * Version 1.2.1
+ * Version 1.2.3
  * For license & copyright info, see OneFileCMS.License.BSD.txt 
  */ 
 
@@ -32,11 +32,7 @@ fieldset,form,label,legend,table,caption,tbody,tfoot,thead,tr,th,td
 
 /* --- general formatting --- */
 
-body {
-	font-size: 1em;
-	background: #d5d0cc;
-	font-family: sans-serif;
-	}
+body { font-size: 1em; background: #d5d0cc; font-family: sans-serif; }
 
 h2,h3,p,ul,table { margin-bottom: 10px; }
 
@@ -249,13 +245,9 @@ table.index_T td {
 
 /* File size & date */
 
-.meta_size {
-	min-width     : 6em;
-	}
+.meta_size { min-width: 6em; }
 
-.meta_time {
-	width         : 13em;
-	}
+.meta_time { width    : 13em;}
 
 .meta {
 	height        : 25px;
@@ -282,15 +274,13 @@ table.index_T td {
 	}
 
 .index_folders a {
+	Xborder       : 1px solid gray;
 	display      : inline-block;
 	line-height  : 1.1em;
 	font-size    : 1em;
 	margin-right : .6em;
-	padding      : 2px 4px 2px 20px;
-	padding-left : 25px;
-	padding-right:  .5em;
-	padding-top  : .1em;
-	padding-bottom : .1em;
+	margin-bottom: .3em;
+	padding      : .1em .4em .1em 25px; /*TRBL*/
 	background : url("http://self-evident.github.com/OneFileCMS/images/folder-2.png") 4px 3px no-repeat;
 	}
 
@@ -352,22 +342,22 @@ input:focus { background-color: rgb(255,250,150); }
 input:hover { background-color: rgb(255,250,150); }
 
 
-.buttons_right { float: right;}
+.buttons_right         { float: right; }
 .buttons_right .button { margin-left: 7px; }
-.buttons_left { float: left;}
-.buttons_left .button { margin-right: 7px; }
+.buttons_left          { float: left; }
+.buttons_left  .button { margin-right: 7px; }
 
 .button {
 	border: 1px solid #807568;
 	padding: 4px 10px;
 	background-color: #d4d4d4;
 	cursor: pointer;
-	font-size: 14px;
+	font-size: .9em;
 	font-family: sans-serif;
 	}
 
 .Xbutton:hover { background-color: rgb(255,250,150); } 
-.button[disabled]:hover { background-color: #d4d4d4; }
+.button[disabled]:hover { background-color: #d4d4d4; cursor:default }
 
 /*
 #Xsave_file         { border: 1px solid red; }

From f4ac14c040473c177620d943b50ab9cf04686e15 Mon Sep 17 00:00:00 2001
From: Self-Evident <selfevidenttruths@mail.com>
Date: Thu, 3 May 2012 00:19:49 -0400
Subject: [PATCH 051/228] Version 1.2.3

---
 onefilecms.php  | 2 +-
 readme.markdown | 9 +++++++--
 2 files changed, 8 insertions(+), 3 deletions(-)

diff --git a/onefilecms.php b/onefilecms.php
index 6eb09ea..fceb5b6 100755
--- a/onefilecms.php
+++ b/onefilecms.php
@@ -2,7 +2,7 @@
 // OneFileCMS - http://onefilecms.com/
 // For license & copyright info, see OneFileCMS.License.BSD.txt
 
-$version = "1.2.2";
+$version = "1.2.3";
 
 
 if( phpversion() < '5.0.0' ) { exit("OneFileCMS requires PHP5 to operate. Please contact your host to upgrade your PHP installation."); };
diff --git a/readme.markdown b/readme.markdown
index a55bb59..142dfe7 100644
--- a/readme.markdown
+++ b/readme.markdown
@@ -1,7 +1,7 @@
-# NOTICE - SECURITY HOLE! (Fixed in version 1.2.1)
-
 ### April 30, 2012
 
+# NOTICE - SECURITY HOLE! (Fixed in version 1.2.1)
+
 ## Versions affected
 
 - 1.1.7 thru 1.2.0
@@ -111,6 +111,11 @@ It isn't entirely necessary, but it does provide nice enhancements, like warning
 
 ## Change Log
 
+### 1.2.3
+
+- Fixed check for local css. If not found, loads hosted copy. 
+  (This will soon be a moot point...)
+
 ### 1.2.2
 
 - On "Edit" page, images are now displayed directly, instead of a disabled textarea.

From 0f7373b089f1dd349e9fab313eefcb558cc10d69 Mon Sep 17 00:00:00 2001
From: Self-Evident <selfevidenttruths@mail.com>
Date: Thu, 3 May 2012 23:21:35 -0400
Subject: [PATCH 052/228] Minor code spacing/formatting to .css

---
 onefilecms.css | 35 ++++++++---------------------------
 1 file changed, 8 insertions(+), 27 deletions(-)

diff --git a/onefilecms.css b/onefilecms.css
index 1351582..561f185 100755
--- a/onefilecms.css
+++ b/onefilecms.css
@@ -116,33 +116,17 @@ pre {
 	}
 
 
-.footer {
-	color: #777;
-	font-size: .7em;
-	/*****************
-	margin-top: 10px;
-	padding-top: 10px;
-	border-top: 01px solid #807568;    /*using <hr>. Styles at bottom of this file
-	clear: both;
-	*****************/
-	}
+.footer { color: #777; font-size: .7em; }
 
 
-.page_login label {
-	display: block;
-	margin-bottom: 2px;
-	}
+.page_login label { display: block; margin-bottom: 2px; }
 
 
-.alignleft {
-	margin: 0 10px 10px 0;
-	float: left;
-	}
+.alignleft { margin: 0 10px 10px 0; float: left; }
 
 
-#message {
-	min-height: 1.7em; /* Leave space when message is blank. Used by Edit page */
-	}
+/* Leave space when message is blank. Used by Edit page */
+#message { min-height: 1.7em; }
 
 #message p {
 	margin: 0;
@@ -268,10 +252,7 @@ table.index_T td {
 	}
 
 
-.index_folders {
-	min-height: 1.4em; 
-	margin-bottom: .2em
-	}
+.index_folders { min-height: 1.4em;  margin-bottom: .2em; }
 
 .index_folders a {
 	Xborder       : 1px solid gray;
@@ -414,7 +395,7 @@ input:hover { background-color: rgb(255,250,150); }
 	border    : 1px solid #807568;
 	padding   : 1em;
 	width     : 360px;
-}
+	}
 
 
 .login_input {
@@ -422,7 +403,7 @@ input:hover { background-color: rgb(255,250,150); }
 	padding : 2px 0px 2px 2px;
 	width   : 356px;
 	font    : 1em Courier;
-}
+	}
 
 
 

From 5a634ed0bfebb1c72122a00b7b75848ebfcae1b0 Mon Sep 17 00:00:00 2001
From: Self-Evident <selfevidenttruths@mail.com>
Date: Sat, 5 May 2012 21:48:40 -0400
Subject: [PATCH 053/228] Version 1.2.4 Made function to select style sheet 
 (to prepare for a true "OneFileCMS") Made function to load
 <script>timestamp()...</script> Basic $_GET["i"] cleanup & check in session
 startup. Improved [Cancel] button - returns to prior page. Removed "error"
 from list of valid pages. (...it isn't.) Set default page title to
 $_SERVER['SERVER_NAME'] Shorted page titles- removed $filename. Now just
 "Copy", or "Delete", etc. Rename Folder returns to index of new folder
 (instead of parent). Improved several $message's. For several actions (new
 folder, new file, etc), made sure when   successful to return to the
 new/destination directory.

---
 onefilecms.php  | 351 +++++++++++++++++++++++++++++-------------------
 readme.markdown |   6 +-
 2 files changed, 217 insertions(+), 140 deletions(-)

diff --git a/onefilecms.php b/onefilecms.php
index fceb5b6..9f2fa1a 100755
--- a/onefilecms.php
+++ b/onefilecms.php
@@ -2,7 +2,7 @@
 // OneFileCMS - http://onefilecms.com/
 // For license & copyright info, see OneFileCMS.License.BSD.txt
 
-$version = "1.2.3";
+$version = "1.2.4";
 
 
 if( phpversion() < '5.0.0' ) { exit("OneFileCMS requires PHP5 to operate. Please contact your host to upgrade your PHP installation."); };
@@ -52,6 +52,7 @@
 //******************************************************************************
 session_start();
 global $page; $page = "index";
+global $pagetitle; $pagetitle = $_SERVER['SERVER_NAME'];
 
 if (isset($_POST["onefilecms_username"])) { $_SESSION['onefilecms_username'] = $_POST["onefilecms_username"]; }
 if (isset($_POST["onefilecms_password"])) { $_SESSION['onefilecms_password'] = $_POST["onefilecms_password"]; }
@@ -69,21 +70,29 @@
 	unset($_GET["r"]);
 }
 
-global $pagetitle; $pagetitle = "/";
-if ((isset($_GET["i"])) && ($_GET["i"] !== "")) { $pagetitle = "/".$_GET["i"]."/"; }
-
 if (isset($_GET["p"])) {
 	// redirect on invalid page attempts
 	$page = $_GET["p"];
 	if (!in_array(strtolower($_GET["p"]), array(
-		"copy","delete","error","deletefolder","edit","folder","index","login","logout","new","rename","renamefolder","upload"	)))
+		"copy","delete","deletefolder","edit","folder","index","login","logout","new","rename","renamefolder","upload"	)))
 	{
 		header("Location: ".$ONESCRIPT);
 		$page = "index";
 	}
 }
 
-if ( ($page == "login") and ($_SESSION['onefilecms_valid']) ) {$page = "index"; header("Location: ".$ONESCRIPT);};
+//Check if "i" path exists & trim trailing slashes ///
+if (isset($_GET["i"])) {
+	$_GET["i"] = rtrim($_GET["i"],"/");
+	if (!file_exists($_GET["i"])) { $message = "Does not exist: ".$_GET["i"]; unset($_GET['p']);}
+	while (!is_dir($_GET["i"])) { $_GET["i"] = dirname($_GET["i"]); }
+	if ($_GET["i"] == '.') {unset($_GET["i"]);}
+}
+
+if ( ($page == "login") and ($_SESSION['onefilecms_valid']) ) {	
+	$page = "index";
+	header("Location: ".$ONESCRIPT);
+}
 
 if ($_GET["p"] == "login") { $pagetitle = "Log In"; }
 
@@ -101,10 +110,8 @@
 
 
 
-// entitize get params *********************************************************
-foreach ($_GET as $name => $value) {
-	$_GET[$name] = htmlentities($value);
-}
+// entitize $_GET params *******************************************************
+foreach ($_GET as $name => $value) { $_GET[$name] = htmlentities($value); }
 
 
 
@@ -112,23 +119,23 @@
 //******************************************************************************
 // Misc Functions
 
-function Close_Button($classes) {
+
+function Close_Button($classes) { //********************
 	echo '<input type="button" class="button '.$classes.'" name="close" value="Close" onclick="parent.location=\'';
 	echo $ONESCRIPT.'?i='.substr($_GET["f"],0,strrpos($_GET["f"],"/")).'\'">';
 	?><script>document.edit_form.elements[1].focus();</script><?php // focus on [Close]
-}// End Close_Button()
+}// End Close_Button() //*******************************
 
 
-function Cancel_Submit_Buttons($button_label) { 
+function Cancel_Submit_Buttons($button_label) { //******
 	global $ONESCRIPT, $varvar;
 
 	// [Cancel] returns to either the current/path, or current/path/file
-	if (isset($_GET["i"])){ $ipath = '?i='.rtrim($_GET["i"],"/"); }
-		else if ( isset($_GET["c"]) ) { $ipath = '?f='.$_GET["c"]; }
-		else if ( isset($_GET["d"]) ) { $ipath = '?f='.$_GET["d"]; }
-		else if ( isset($_GET["r"]) ) { $ipath = '?f='.$_GET["r"]; }
-		else{                           $ipath = rtrim($varvar,"/");
-	}//end if/else if
+	if      ( isset($_GET["c"]) ) { $ipath = '?f='.$_GET["c"]; }
+	else if ( isset($_GET["d"]) ) { $ipath = '?f='.$_GET["d"]; }
+	else if ( isset($_GET["r"]) ) { $ipath = '?f='.$_GET["r"]; }
+	else if	( isset($_GET["i"]) ) { $ipath = '?i='.rtrim($_GET["i"],"/"); }
+	else    {                       $ipath = rtrim($varvar,"/"); }//end if/else
 
 	?>
 	<p>
@@ -137,7 +144,54 @@ function Cancel_Submit_Buttons($button_label) {
 	</p>
 	<script>document.getElementById('cancel').focus();</script>
 	<?php
-}// End Cancel_Submit_Buttons()
+}// End Cancel_Submit_Buttons() //**********************
+
+
+function message_box() { //*****************************
+	global $message, $page, $ONESCRIPT;
+
+	if (isset($message)) {
+	?>
+		<div id="message"><p>
+		<!-- [X] to dismiss message box -->	
+		<span><a href='<?php echo $ONESCRIPT.'?f='.$_GET["f"]; ?>'
+		onclick='document.getElementById("message").innerHTML = " ";return false'>
+		[X]</a>
+		</span>
+		<?php echo $message.PHP_EOL ;?>
+		</p></div>
+	<?php } else {
+		// On Edit page only, preserve vertical spacing for message even when empty.
+		if ($page == "edit") { echo '<div id="message"></div>';}
+	} //end isset($message)
+} //end message_box()  *********************************
+
+
+function show_image(){ //************************
+	global $filename, $MAX_IMG_W, $MAX_IMG_H;
+	
+	$IMG = $filename;
+	$img_info = getimagesize($IMG);
+
+	$W=0; $H=1;
+	$SCALE = 1; $TOOWIDE = 0; $TOOHIGH = 0;
+	if ($img_info[$W] > $MAX_IMG_W) { $TOOWIDE = ( $MAX_IMG_W/$img_info[$W] );}
+	if ($img_info[$H] > $MAX_IMG_H) { $TOOHIGH = ( $MAX_IMG_H/$img_info[$H] );}
+	
+	if ($TOOHIGH || $TOOWIDE) {
+		if     (!$TOOWIDE)           {$SCALE = $TOOHIGH;}
+		elseif (!$TOOHIGH)           {$SCALE = $TOOWIDE;}
+		elseif ($TOOHIGH > $TOOWIDE) {$SCALE = $TOOWIDE;}
+		else                         {$SCALE = $TOOHIGH;}
+	}
+
+	echo '<p class="file_meta">';
+	echo 'Image shown at ~'. round($SCALE*100) .'% of full size ('.$img_info[3].').</p>';
+	echo '<div style="clear:both;"></div>';
+	echo '<a href="/' . $IMG . '">';
+	echo '<img src="/'.$IMG.'"  height="'.$img_info[$H]*$SCALE.'"></a>';
+}// end show_image() ****************************
+
 
 // End of misc funtions ********************************************************
 
@@ -147,41 +201,41 @@ function Cancel_Submit_Buttons($button_label) {
 
 // COPY FILE *******************************************************************
 if (isset($_GET["c"])) {
-	$page = "copy"; $filename = $_GET["c"]; $pagetitle = "Copy &ldquo;".$filename."&rdquo;";
+	$page = "copy"; $filename = $_GET["c"]; $pagetitle = "Copy";
 }
 
 if (isset($_POST["copy_filename"]) && $_SESSION['onefilecms_valid'] = "1" && $_POST["sessionid"] == session_id()) {
 	$old_filename = $_POST["old_filename"];
 	$filename = $_POST["copy_filename"];
 	copy($old_filename, $filename);
-	$message = '<b>'.$old_filename."</b> copied successfully to <b>".$filename."</b>.";
+	$message = '<b>"'.$old_filename.'"</b> copied successfully to <b>"'.$filename.'"</b>.';
 }
 
 
 
 // DELETE FILE *****************************************************************
 if (isset($_GET["d"])) {
-	$page = "delete"; $filename = $_GET["d"]; $pagetitle = "Delete &ldquo;".$filename."&rdquo;";
+	$page = "delete"; $filename = $_GET["d"]; $pagetitle = "Delete";
 }
 
 if (isset($_POST["delete_filename"]) && $_SESSION['onefilecms_valid'] = "1" && $_POST["sessionid"] == session_id()) {
 	$filename = $_POST["delete_filename"];
 	unlink($filename);
-	$message = '<b>'.$filename."</b> successfully deleted.";
+	$message = '<b>"'.$filename.'"</b> successfully deleted.';
 }
 
 
 
 // DELETE FOLDER ***************************************************************
 if ($_GET["p"] == "deletefolder") {
-	$pagetitle = "Delete Folder &ldquo;".$_GET["i"]."&rdquo;";
+	$pagetitle = "Delete Folder";
 }
 if (isset($_POST["delete_foldername"]) && $_SESSION['onefilecms_valid'] = "1" && $_POST["sessionid"] == session_id()) {
 	$foldername = $_POST["delete_foldername"];
 	if (@rmdir($foldername)) {
-		$message = '<b>'.$foldername."</b> successfully deleted.";
+		$message = '<b>"'.$foldername.'"</b> successfully deleted.';
 	} else {
-		$message = "That folder is not empty.";
+		$message = '<b>(!) "'.$foldername.'"</b> is not empty, or other error occurred.';
 	}
 }
 
@@ -198,7 +252,7 @@ function Cancel_Submit_Buttons($button_label) {
 		fwrite($fp, $content);
 		fclose($fp);
 	}
-	$message = '<b>'.$filename."</b> saved successfully.";
+	$message = '<b>"'.$filename.'"</b> saved successfully.';
 }//***
 
 //*** If in directory list, and a filename is clicked:
@@ -206,7 +260,7 @@ function Cancel_Submit_Buttons($button_label) {
 	$filename = stripslashes($_GET["f"]);
 	if (file_exists($filename)) {
 		$page = "edit";
-		$pagetitle = "View/Edit &ldquo;".$filename."&rdquo;";
+		$pagetitle = "Edit/View File";
 		$fp = @fopen($filename, "r");
 		if (filesize($filename) !== 0) {
 			$filecontent = fread($fp, filesize($filename));
@@ -214,9 +268,9 @@ function Cancel_Submit_Buttons($button_label) {
 		}
 		fclose($fp);
 	} else {
-		$page = "error";
+		$page = "index";
+		$message = '<b>"'.$filename.'"</b> does not exist.';
 		unset ($filename);
-		$message = "File does not exist.";
 	}
 }//***
 
@@ -227,11 +281,12 @@ function Cancel_Submit_Buttons($button_label) {
 if (isset($_POST["new_filename"]) && $_SESSION['onefilecms_valid'] = "1" && $_POST["sessionid"] == session_id()) {
 	$filename = $_POST["new_filename"];
 	if (file_exists($filename)) {
-		$message = '<b>'.$filename."</b> not created. A file with that name already exists.";
+		$message = '<b>"'.$filename.'"</b> not created. A file with that name already exists.';
 	} else {
 		$handle = fopen($filename, 'w') or die("can't open file");
 		fclose($handle);
-		$message = '<b>'.$filename."</b> created successfully.";
+		$message = '<b>"'.$filename.'"</b> created successfully.';
+		$_GET["i"] = dirname($filename); //return to file's directory.
 	}
 }
 
@@ -243,9 +298,10 @@ function Cancel_Submit_Buttons($button_label) {
 	$foldername = $_POST["new_folder"];
 	if (!is_dir($foldername)) {
 		mkdir($foldername);
-		$message = '<b>'.$foldername."</b> created successfully.";
+		$message = '<b>"'.$foldername.'"</b> created successfully.';
+		$_GET["i"] = $foldername;  //change to new directory
 	} else {
-		$message = "A folder by that name already exists.";
+		$message = 'A folder by that name already exists.';
 	}
 }
 
@@ -254,25 +310,39 @@ function Cancel_Submit_Buttons($button_label) {
 // RENAME FILE *****************************************************************
 if (isset($_GET["r"])) {
 	$filename = $_GET["r"];
-	$pagetitle = "Rename &ldquo;".$filename."&rdquo;";
+	$pagetitle = "Rename File";
 	$page = "rename";
 }
 if (isset($_POST["rename_filename"]) && $_SESSION['onefilecms_valid'] = "1" && $_POST["sessionid"] == session_id()) {
 	$old_filename = $_POST["old_filename"];
 	$filename = $_POST["rename_filename"];
+
+	//Removed any trailing slashes
+	while (substr($filename, -1) == '/') { $filename = rtrim($filename, '/'); }
+
 	rename($old_filename, $filename);
-	$message = '<b>'.$old_filename."</b> successfully renamed to <b>".$filename."</b>.";
+	$message = 'Successfully renamed: <br><b>"'.$old_filename.'"</b> <br>To:</br> <b>"'.$filename.'"</b>';
 }
 
 
 
 // RENAME FOLDER ***************************************************************
-if ($_GET["p"] == "renamefolder") {$pagetitle = "Rename Folder &ldquo;".$_GET["i"]."&rdquo;"; }
+if ($_GET["p"] == "renamefolder") {$pagetitle = "Rename Folder"; }
 if (isset($_POST["rename_foldername"]) && $_SESSION['onefilecms_valid'] = "1" && $_POST["sessionid"] == session_id()) {
 	$old_foldername = $_POST["old_foldername"];
 	$foldername = $_POST["rename_foldername"];
+
+	//Removed any trailing slashes
+	while (substr($old_foldername, -1) == '/') {
+		$old_foldername = rtrim($old_foldername, '/');
+	}
+	while (substr($foldername, -1) == '/') {
+		$foldername = rtrim($foldername, '/');
+	}
+
 	if (rename($old_foldername, $foldername)) {
-		$message = '<b>'.$old_foldername."</b> unsuccessfully renamed to <b>".$foldername."</b>.";
+		$message = 'Successfully renamed: <br><b>"'.$old_foldername.'"</b><br>To:<br><b>"'.$foldername.'"</b>.';
+		$_GET["i"] = $foldername;  //return to new folder
 	} else {
 		$message = "There was an error. Try again and/or contact your admin.";
 	}
@@ -284,35 +354,43 @@ function Cancel_Submit_Buttons($button_label) {
 if ($_GET["p"] == "upload") {$pagetitle = "Upload File"; }
 if (isset($_FILES['upload_filename']['name']) && $_SESSION['onefilecms_valid'] = "1" && $_POST["sessionid"] == session_id()) {
 	$filename = $_FILES['upload_filename']['name'];
+	$newfilename = $filename;
 	$destination = $_POST["upload_destination"];
-	if(move_uploaded_file($_FILES['upload_filename']['tmp_name'],
-	$destination.basename($filename))) {
-		$message = '<b>'.basename($filename)."</b> uploaded successfully to <b>".$destination."</b>.";
-	} else{
-		$message = "There was an error. Try again and/or contact your admin.";
+	$destintaion = rtrim($destination,"/").'/';  //make sure only a single trailing slash
+	$savefile = $destination.$filename;
+
+	//if file_exists(), serialize filename until it doesn't
+	$serialize = 0;
+	$message   = 'Uploading: <b>"'.$filename.'"</b> to <b>"'.$destination.'"</b><br>';
+	if (file_exists($savefile)) {
+		$message .= 'However, a file with that name already exists in the target directory.<br>';
+		$savefile_info = pathinfo($savefile);
 	}
-}
-
-
-
+	while (file_exists($savefile)) {
+		$serialize = sprintf("%04d", ++$serialize); //  0001, 0002, 0003, etc...
+		$newfilename = $savefile_info['filename'].'.'.$serialize.'.'.$savefile_info['extension'];
+		$savefile = $destination . $newfilename;
+	}
+	$message .= 'Saving as: <b>"</b>'.'<b>'.$newfilename.'"</b>';
+	//end serialize filename *****************************/
 
+	if(move_uploaded_file($_FILES['upload_filename']['tmp_name'], $savefile)) {
+		$message .= '<br>Upload successful.';
+		$_GET["i"] = rtrim($destination,"/");
+	} else{
+		$message .= "<br><b>(!) There was an error.</b> Try again and/or contact your host admin.";
+	}
+} //end Upload file
 
-//******************************************************************************
-//******************************************************************************
-?><!DOCTYPE html>
-<!-- DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"-->
 
-<html xmlns="http://www.w3.org/1999/xhtml">
 
-<head>
 
-<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
-<meta name="robots" content="noindex">
 
-<title><?php echo $config_title.' - '.$pagetitle; ?></title>
 
 
-<?php //*** local or a hosted style sheet? **********************
+//*** local or a hosted style sheet? *******************************************
+function style_sheet() {
+global $DOC_ROOT, $config_csslocal, $CWD;
 $STYLE_SHEET = $config_csslocal;
 $ROOT = $DOC_ROOT; 
 
@@ -322,16 +400,20 @@ function Cancel_Submit_Buttons($button_label) {
 
 //Check for local style sheet. If not found, use hosted copy.
 if (!file_exists($ROOT.$config_csslocal) || is_dir($ROOT.$config_csslocal)) { $STYLE_SHEET = $config_csshosted; }
-//***************************************************************?>
 
-<link href="<?php echo $STYLE_SHEET;?>" type="text/css" rel="stylesheet">
+
+?> <link href="<?php echo $STYLE_SHEET;?>" type="text/css" rel="stylesheet"> <?php
+}//end style_sheet() ***********************************************************
+
+
 
 
 
 
 
-<?php //===================================================================== ?>
-<?php if ( ($page == "index") || ($page == "edit") ) { //load script ?>
+
+//******************************************************************************
+function time_stamp_scripts() {  ?>
 
 <script>//Dispaly file's timestamp in user's local time 
 
@@ -373,12 +455,37 @@ function FileTimeStamp(php_filemtime, show_offset){
 
 }//end FileTimeStamp(php_filemtime)
 </script>
-<?php }//end if (index or edit), load script ================================ ?>
+<?php }//end time_stamp_scripts() **********************************************
+
+
+
+
 
 
 
 
 
+
+
+//******************************************************************************
+//******************************************************************************
+?><!DOCTYPE html>
+
+<html>
+
+<head>
+
+<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
+<meta name="robots" content="noindex">
+
+<title><?php echo $config_title.' - '.$pagetitle; ?></title>
+
+
+<?php style_sheet(); ?>
+
+
+<?php if ( ($page == "index") || ($page == "edit") ) { time_stamp_scripts(); } ?>
+
 </head>
 
 <body class="page_<?php echo $page; ?>">
@@ -397,23 +504,13 @@ function FileTimeStamp(php_filemtime, show_offset){
 </div>
 
 
+<?php message_box(); ?>
 
 
-<?php //********** Notification of action success or failure. **********
-if (isset($message)) { ?>
-	<div id="message"><p><?php echo $message ;?>
-	<!-- [X] to dismiss message box -->	
-	<span><a href='<?php echo $ONESCRIPT.'?f='.$_GET["f"]; ?>'
-	onclick='document.getElementById("message").innerHTML = " ";return false'>
-	[X]</a></span></p></div>
-<?php }
-
-// On Edit page only, preserve vertical spacing for message even when empty.
-if (!isset($message) && ($page == "edit")) { echo '<div id="message"></div>'; };
-
 
 
 
+<?php
 // COPY FILE *******************************************************************
 if ($page == "copy") { 
 	$extension = strrchr($filename, ".");
@@ -434,11 +531,13 @@ function FileTimeStamp(php_filemtime, show_offset){
 		</p>
 		<p>	<?php Cancel_Submit_Buttons("Copy"); ?>	</p>
 	</form>
-<?php };
+<?php }; ?>
 
 
 
-// DELETE FILE *****************************************************************
+
+
+<?php // DELETE FILE ***********************************************************
 if ($page == "delete") {
 	$varvar = "?i=".substr($_GET["d"],0,strrpos($_GET["d"],"/")); ?>
 	<h2>Delete &ldquo;<a href="/<?php echo $filename; ?> ">
@@ -452,11 +551,12 @@ function FileTimeStamp(php_filemtime, show_offset){
 			<?php Cancel_Submit_Buttons("DELETE"); ?>
 		</p>
 	</form>
-<?php };
+<?php }; ?>
 
 
 
-// DELETE FOLDER ***************************************************************
+
+<?php // DELETE FOLDER *********************************************************
 if ($page == "deletefolder") {
 	$varvar = "?i=".substr($_GET["i"],0,strrpos(substr_replace($_GET["i"],"",-1),"/")); ?>
 	<h2>Delete Folder &ldquo;<?php echo $_GET["i"]; ?>&rdquo;</h2>
@@ -468,43 +568,16 @@ function FileTimeStamp(php_filemtime, show_offset){
 			<?php Cancel_Submit_Buttons("DELETE"); ?>
 		</p>
 	</form>
-<?php }; 
+<?php }; ?>
 
 
 
-// EDIT ************************************************************************
+
+<?php // EDIT ******************************************************************
 if ($page == "edit") {
 
 	$ext = end( explode(".", strtolower($filename)) );
-
-
-	function show_image(){ //************************
-		global $filename, $MAX_IMG_W, $MAX_IMG_H;
-		
-		$IMG = $filename;
-		$img_info = getimagesize($IMG);
-
-		$W=0; $H=1;
-		$SCALE = 1; $TOOWIDE = 0; $TOOHIGH = 0;
-		if ($img_info[$W] > $MAX_IMG_W) { $TOOWIDE = ( $MAX_IMG_W/$img_info[$W] );}
-		if ($img_info[$H] > $MAX_IMG_H) { $TOOHIGH = ( $MAX_IMG_H/$img_info[$H] );}
-
-		if ($TOOHIGH || $TOOWIDE) {
-			if     (!$TOOWIDE)           {$SCALE = $TOOHIGH;}
-			elseif (!$TOOHIGH)           {$SCALE = $TOOWIDE;}
-			elseif ($TOOHIGH > $TOOWIDE) {$SCALE = $TOOWIDE;}
-			else                         {$SCALE = $TOOHIGH;}
-		}
-
-		echo '<p class="file_meta">'.$img_info[3];
-		echo ' (Image shown at ~'. round($SCALE*100) .'% of full size.)</p>';
-		echo '<div style="clear:both;"></div>';
-		echo '<a href="/' . $IMG . '">';
-		echo '<img src="/'.$IMG.'"  height="'.$img_info[$H]*$SCALE.'"></a>';
-	}// end show_image() ****************************
 ?>
-
-
 	<h2 id="edit_header">File: &ldquo;<a href="/<?php echo $filename; ?>"> 
 	<?php echo $filename; ?> 
 	</a>&rdquo;</h2>
@@ -660,14 +733,14 @@ function Reset_File() {
 	</script>
 	<?php } //end if editable, include this <script>...</script>
 
-}; //End Edit page *************************************************************
+}; //End Edit page ***********************************************************?>
 
 
 
 
 
 
-// INDEX ***********************************************************************
+<?php // INDEX *****************************************************************
 if ($page == "index") {
 	$varvar = "";
 	if (isset($_GET["i"])) { $varvar = $_GET["i"]."/"; }
@@ -701,13 +774,14 @@ function Reset_File() {
 	<!--===== List folders/sub-directores =====-->
 	<p class="index_folders">
 		<?php
-		$files = glob($varvar."*",GLOB_ONLYDIR);
-		natcasesort($files);
-		foreach ($files as $file) {
-			echo '<a href="'.$ONESCRIPT.'?i='.$file.'" class="folder">'.basename($file).' /</a>';
+		$folders = glob($varvar."*",GLOB_ONLYDIR);
+		natcasesort($folders);
+		foreach ($folders as $folder) {
+			echo '<a href="'.$ONESCRIPT.'?i='.$folder.'" class="index_folder">';
+
+			echo basename($folder).' /</a>';
 		} ?>
 	</p>
-	
 
 
 
@@ -761,7 +835,7 @@ function BLOCK_view() {
 	<?php //<!--======== List files in vertical table ========-->
 	function list_view() {
 	
-	global $varvar, $config_excluded, $ftypes, $fclasses ; 
+	global $ONESCRIPT, $varvar, $config_excluded, $ftypes, $fclasses;
 	
 	$files = glob($varvar."{,.}*", GLOB_BRACE);
 	natcasesort($files);
@@ -791,8 +865,8 @@ function list_view() {
 	?>
 					<tr>
 						<td>
-							<?php echo "<a href='", $ONESCRIPT,"?f=", $file, "'"; ?>
-							<?php echo "class='",  $file_class, "'>", basename($file), "</a>"; ?>
+							<?php echo "<a href='", $ONESCRIPT, "?f=", $file, "'"; ?>
+							<?php echo 'class="',  $file_class, '">', basename($file), '</a>'; ?>
 						</td>
 						<td class="meta_T meta_size">&nbsp;
 							<?php echo number_format(filesize($file)).""; ?> B
@@ -831,20 +905,18 @@ function list_view() {
 		<?php } ?>
 	</p>
 
-<?php }; // End of Index (file listing) page ***********************************
+<?php }; // End of Index (file listing) page *********************************?>
 
 
 
 
-// LOG OUT *********************************************************************
-if ($page == "logout") {
-	$page = "login"; 
-}
+<?php // LOG OUT ***************************************************************
+if ($page == "logout") { $page = "login"; } ?>
 
 
 
 
-// LOG IN **********************************************************************
+<?php // LOG IN ****************************************************************
 if ($page == "login") { ?>
 	<h2>Log In</h2>
 	<form method="post" action="<?php echo $ONESCRIPT; ?>">
@@ -860,13 +932,13 @@ function list_view() {
 		<input type="submit" class="button" value="Enter">
 	</form>
 	<script>document.getElementById('onefilecms_username').focus();</script>
-<?php };
+<?php }; ?>
 
 
 
 
 
-// NEW FILE ********************************************************************
+<?php // NEW FILE **************************************************************
 if ($page == "new") {
 	$varvar = "";
 	if (isset($_GET["i"])) { $varvar = "?i=".$_GET["i"]; }?>
@@ -876,16 +948,16 @@ function list_view() {
 			<input type="hidden" name="sessionid" value="<?php echo session_id(); ?>">
 			<p>
 				<label for="new_filename">New filename: </label>
-				<input type="text" name="new_filename" id="new_filename" class="textinput" value="<?php echo $_GET["i"]; ?>">
+				<input type="text" name="new_filename" id="new_filename" class="textinput" value="<?php echo $_GET["i"]; ?>/">
 			</p>
 			<p>	<?php Cancel_Submit_Buttons("Create"); ?> </p>
 		</form>
-<?php };
+<?php }; ?>
 
 
 
 
-// NEW FOLDER ******************************************************************
+<?PHP // NEW FOLDER ************************************************************
 if ($page == "folder") {
 	$varvar = "";
 	if (isset($_GET["i"])) { $varvar = "?i=".$_GET["i"]; }?>
@@ -895,16 +967,16 @@ function list_view() {
 		<input type="hidden" name="sessionid" value="<?php echo session_id(); ?>">
 		<p>
 			<label for="new_folder">Folder name: </label>
-			<input type="text" name="new_folder" id="new_folder" class="textinput" value="<?php echo $_GET["i"]; ?>">
+			<input type="text" name="new_folder" id="new_folder" class="textinput" value="<?php echo $_GET["i"]; ?>/">
 		</p>
 		<p>	<?php Cancel_Submit_Buttons("Create"); ?> </p>
 	</form>
-<?php };
+<?php }; ?>
 
 
 
 
-// RENAME FILE *****************************************************************
+<?php // RENAME FILE ***********************************************************
 if ($page == "rename") {
 	$varvar = "?i=".substr($_GET["r"],0,strrpos($_GET["r"],"/")); ?>
 	<h2>Rename &ldquo;<a href="/<?php echo $filename; ?>">	<?php echo $filename; ?> </a>&rdquo;</h2>
@@ -925,14 +997,15 @@ function list_view() {
 		</p>
 		<p><?php Cancel_Submit_Buttons("Rename"); ?></p>
 	</form>
-<?php };
+<?php }; ?>
 
 
 
 
-// RENAME FOLDER ***************************************************************
+<?php // RENAME FOLDER *********************************************************
 if ($page == "renamefolder") {
-	$varvar = "?i=".substr($_GET["i"],0,strrpos(substr_replace($_GET["i"],"",-1),"/")); ?>
+	$varvar = "?i=".substr($_GET["i"],0,strrpos(substr_replace($_GET["i"],"",-1),"/"));
+?>
 	<h2>Rename Folder &ldquo;<?php echo $_GET["i"]; ?>&rdquo;</h2>
 	<form method="post" action="<?php echo $ONESCRIPT.$varvar; ?>">
 		<input type="hidden" name="sessionid" value="<?php echo session_id(); ?>">
@@ -946,12 +1019,12 @@ function list_view() {
 		</p>
 		<p><?php Cancel_Submit_Buttons("Rename"); ?></p>
 	</form>
-<?php };
+<?php }; ?>
 
 
 
 
-// UPLOAD FILE *****************************************************************
+<?php // UPLOAD FILE ***********************************************************
 if ($page == "upload") {
 	$varvar = ""; if (isset($_GET["i"])) { $varvar = "?i=".$_GET["i"]; } ?>
 	<h2>Upload</h2>
@@ -960,7 +1033,7 @@ function list_view() {
 		<input type="hidden" name="MAX_FILE_SIZE" value="100000">
 		<p>
 			<label for="upload_destination">Destination:</label>
-			<input type="text" name="upload_destination" value="<?php echo $_GET["i"]; ?>" class="textinput">
+			<input type="text" name="upload_destination" value="<?php echo $_GET["i"]; ?>/" class="textinput">
 		</p>
 		<p>
 			<label for="upload_filename">File:</label>
diff --git a/readme.markdown b/readme.markdown
index 142dfe7..2ae5f5f 100644
--- a/readme.markdown
+++ b/readme.markdown
@@ -45,7 +45,7 @@ Coupling a utilitarian code editor with all the basic necessities of an FTP appl
 
 ## Features
  
-- All the basic features of an FTP application like renaming, deleting, copying, and uploading  
+- All the basic features of an FTP application like renaming, deleting, copying, and uploading
   _(Of course, for more complex processes like batch renaming or mass uploads/deletions, you're going to want to break out an actual FTP program.)_
 - Smart alert if you try to leave without saving your edits
 - Gracefully degrading CSS and Javascript
@@ -111,6 +111,10 @@ It isn't entirely necessary, but it does provide nice enhancements, like warning
 
 ## Change Log
 
+### 1.2.4
+
+- Mostly a bunch of code modifications/improvements.
+
 ### 1.2.3
 
 - Fixed check for local css. If not found, loads hosted copy. 

From 35037853e94cea1b06526e797590fdbb86feb4d8 Mon Sep 17 00:00:00 2001
From: Self-Evident <selfevidenttruths@mail.com>
Date: Mon, 7 May 2012 02:06:00 -0400
Subject: [PATCH 054/228] Version 1.2.5 Added js to list of editable file
 types. Added Check_ipath() Added is_empty($path). Will be used by Delete
 Folder. In message_box(), changed href in <a>    From:   '?f='.$_GET["f"]  
 To:   '?'.$_SERVER['QUERY_STRING'] Some general code spacing in prep for
 upcoming changes.

---
 onefilecms.css |  9 +++++----
 onefilecms.php | 48 +++++++++++++++++++++++++++++++++++++++---------
 2 files changed, 44 insertions(+), 13 deletions(-)

diff --git a/onefilecms.css b/onefilecms.css
index 561f185..a5e324a 100755
--- a/onefilecms.css
+++ b/onefilecms.css
@@ -1,5 +1,5 @@
 /* OneFileCMS - http://onefilecms.com/
- * Version 1.2.3
+ * Version 1.2.5
  * For license & copyright info, see OneFileCMS.License.BSD.txt 
  */ 
 
@@ -34,7 +34,8 @@ fieldset,form,label,legend,table,caption,tbody,tfoot,thead,tr,th,td
 
 body { font-size: 1em; background: #d5d0cc; font-family: sans-serif; }
 
-h2,h3,p,ul,table { margin-bottom: 10px; }
+p, h3,ul,table { margin-bottom: .5em; }
+h2 {margin-bottom: .2em;}
 
 em, i { font-style: italic; }
 
@@ -126,7 +127,7 @@ pre {
 
 
 /* Leave space when message is blank. Used by Edit page */
-#message { min-height: 1.7em; }
+#message { min-height: 1.7em; margin-bottom: .3em;}
 
 #message p {
 	margin: 0;
@@ -252,7 +253,7 @@ table.index_T td {
 	}
 
 
-.index_folders { min-height: 1.4em;  margin-bottom: .2em; }
+.index_folders { min-height: 1.7em;  margin-bottom: .2em; }
 
 .index_folders a {
 	Xborder       : 1px solid gray;
diff --git a/onefilecms.php b/onefilecms.php
index 9f2fa1a..43b1718 100755
--- a/onefilecms.php
+++ b/onefilecms.php
@@ -2,7 +2,7 @@
 // OneFileCMS - http://onefilecms.com/
 // For license & copyright info, see OneFileCMS.License.BSD.txt
 
-$version = "1.2.4";
+$version = "1.2.5";
 
 
 if( phpversion() < '5.0.0' ) { exit("OneFileCMS requires PHP5 to operate. Please contact your host to upgrade your PHP installation."); };
@@ -22,7 +22,7 @@
 $MAX_IMG_W   = 810;   // Max width to display images. (page container = 810)
 $MAX_IMG_H   = 1000;  // Max height.  I don't know, it just looks reasonable.
 
-$config_editable  = "html,htm,php,css,txt,text,cfg,conf,ini,csv,svg";
+$config_editable  = "html,htm,php,css,js,txt,text,cfg,conf,ini,csv,svg";
 $config_excluded  = ""; //files to exclude from directory listings
 $config_itypes    = "jpg,gif,png,bmp,ico";  // Can be displayed on edit page.
 $config_ftypes    = "jpg,gif,png,bmp,ico,svg,txt,cvs,css,php,htm,html,cfg,conf"; //used to select file icon
@@ -82,12 +82,15 @@
 }
 
 //Check if "i" path exists & trim trailing slashes ///
-if (isset($_GET["i"])) {
-	$_GET["i"] = rtrim($_GET["i"],"/");
-	if (!file_exists($_GET["i"])) { $message = "Does not exist: ".$_GET["i"]; unset($_GET['p']);}
-	while (!is_dir($_GET["i"])) { $_GET["i"] = dirname($_GET["i"]); }
-	if ($_GET["i"] == '.') {unset($_GET["i"]);}
-}
+function Check_ipath() { global $message;
+	if (isset($_GET["i"])) {
+		$_GET["i"] = rtrim($_GET["i"],"/");
+		if (!is_dir($_GET["i"])) { $message = "Does not exist: ".$_GET["i"]; }
+		while (!is_dir($_GET["i"])) { $_GET["i"] = dirname($_GET["i"]); }
+		if ($_GET["i"] == '.') {unset($_GET["i"]);}
+	}
+}//end Check_ipath()
+Check_ipath();
 
 if ( ($page == "login") and ($_SESSION['onefilecms_valid']) ) {	
 	$page = "index";
@@ -120,6 +123,15 @@
 // Misc Functions
 
 
+function is_empty($path){
+	$empty = false;
+	$dh = opendir($path);
+	for($i = 3; $i; $i--) { $empty = (readdir($dh) === FALSE); }
+	closedir($dh);
+	return $empty;
+}//end is_emtpy()
+
+
 function Close_Button($classes) { //********************
 	echo '<input type="button" class="button '.$classes.'" name="close" value="Close" onclick="parent.location=\'';
 	echo $ONESCRIPT.'?i='.substr($_GET["f"],0,strrpos($_GET["f"],"/")).'\'">';
@@ -154,7 +166,7 @@ function message_box() { //*****************************
 	?>
 		<div id="message"><p>
 		<!-- [X] to dismiss message box -->	
-		<span><a href='<?php echo $ONESCRIPT.'?f='.$_GET["f"]; ?>'
+		<span><a href='<?php echo $ONESCRIPT.'?'.$_SERVER['QUERY_STRING']; ?>'
 		onclick='document.getElementById("message").innerHTML = " ";return false'>
 		[X]</a>
 		</span>
@@ -230,6 +242,11 @@ function show_image(){ //************************
 if ($_GET["p"] == "deletefolder") {
 	$pagetitle = "Delete Folder";
 }
+
+
+
+
+
 if (isset($_POST["delete_foldername"]) && $_SESSION['onefilecms_valid'] = "1" && $_POST["sessionid"] == session_id()) {
 	$foldername = $_POST["delete_foldername"];
 	if (@rmdir($foldername)) {
@@ -241,6 +258,8 @@ function show_image(){ //************************
 
 
 
+
+
 // EDIT ************************************************************************
 
 //*** If on Edit page, and [Save] clicked:
@@ -255,6 +274,9 @@ function show_image(){ //************************
 	$message = '<b>"'.$filename.'"</b> saved successfully.';
 }//***
 
+
+
+
 //*** If in directory list, and a filename is clicked:
 if (isset($_GET["f"])) {
 	$filename = stripslashes($_GET["f"]);
@@ -280,6 +302,7 @@ function show_image(){ //************************
 if ($_GET["p"] == "new") {$pagetitle = "New File"; }
 if (isset($_POST["new_filename"]) && $_SESSION['onefilecms_valid'] = "1" && $_POST["sessionid"] == session_id()) {
 	$filename = $_POST["new_filename"];
+
 	if (file_exists($filename)) {
 		$message = '<b>"'.$filename.'"</b> not created. A file with that name already exists.';
 	} else {
@@ -296,12 +319,14 @@ function show_image(){ //************************
 if ($_GET["p"] == "folder") {$pagetitle = "New Folder"; }
 if (isset($_POST["new_folder"]) && $_SESSION['onefilecms_valid'] = "1" && $_POST["sessionid"] == session_id()) {
 	$foldername = $_POST["new_folder"];
+
 	if (!is_dir($foldername)) {
 		mkdir($foldername);
 		$message = '<b>"'.$foldername.'"</b> created successfully.';
 		$_GET["i"] = $foldername;  //change to new directory
 	} else {
 		$message = 'A folder by that name already exists.';
+
 	}
 }
 
@@ -326,12 +351,16 @@ function show_image(){ //************************
 
 
 
+
+
 // RENAME FOLDER ***************************************************************
 if ($_GET["p"] == "renamefolder") {$pagetitle = "Rename Folder"; }
 if (isset($_POST["rename_foldername"]) && $_SESSION['onefilecms_valid'] = "1" && $_POST["sessionid"] == session_id()) {
+
 	$old_foldername = $_POST["old_foldername"];
 	$foldername = $_POST["rename_foldername"];
 
+
 	//Removed any trailing slashes
 	while (substr($old_foldername, -1) == '/') {
 		$old_foldername = rtrim($old_foldername, '/');
@@ -353,6 +382,7 @@ function show_image(){ //************************
 // UPLOAD FILE *****************************************************************
 if ($_GET["p"] == "upload") {$pagetitle = "Upload File"; }
 if (isset($_FILES['upload_filename']['name']) && $_SESSION['onefilecms_valid'] = "1" && $_POST["sessionid"] == session_id()) {
+
 	$filename = $_FILES['upload_filename']['name'];
 	$newfilename = $filename;
 	$destination = $_POST["upload_destination"];

From 01fc3bb446653967f48fc3760b92fa2f50655741 Mon Sep 17 00:00:00 2001
From: Self-Evident <selfevidenttruths@mail.com>
Date: Mon, 7 May 2012 03:43:44 -0400
Subject: [PATCH 055/228] Version 1.2.6 Added $version after Logo Added favicon
 img & HTTP_HOST (name of web site) after Logo Tweaked wording on Delete
 Folder "..." ? page. Removed Block View (trimming down code a bit) Use
 (!is_empty($_GET["i"]) before Delete Folder screen.   (if not empty, returns
 to same folder, instead of parent.) Improved New File response code a bit
 Improved New Folder response code a bit Tweaked Rename File $message.

---
 onefilecms.php | 133 +++++++++++++++++++------------------------------
 1 file changed, 51 insertions(+), 82 deletions(-)

diff --git a/onefilecms.php b/onefilecms.php
index 43b1718..2e6700f 100755
--- a/onefilecms.php
+++ b/onefilecms.php
@@ -2,18 +2,18 @@
 // OneFileCMS - http://onefilecms.com/
 // For license & copyright info, see OneFileCMS.License.BSD.txt
 
-$version = "1.2.5";
+$version = "1.2.6";
 
 
 if( phpversion() < '5.0.0' ) { exit("OneFileCMS requires PHP5 to operate. Please contact your host to upgrade your PHP installation."); };
 
 
+
 // CONFIGURABLE INFO
-$VIEW_MODE        = "LIST"; // or BLOCK   (Actually, anything =/= BLOCK == LIST)
+
 $config_username  = "username";
 $config_password  = "password";
 $config_title     = "OneFileCMS";
-
 $config_LOCAL     = "/onefilecms/";      //local directory for icons, .css, .js, etc...
 $config_csslocal  = "onefilecms.css";    //Relative to this file.
 //$config_csslocal  ="/onefilecms.css";  //Relative to site URL root.
@@ -42,13 +42,13 @@
 $DOC_ROOT  = $_SERVER["DOCUMENT_ROOT"];
 $CWD       = str_replace("\\","/",getcwd());
 
-
 //Allows OneFileCMS.php to be started from any dir on the site.
 chdir($DOC_ROOT);
 
 
 
 
+
 //******************************************************************************
 session_start();
 global $page; $page = "index";
@@ -240,16 +240,18 @@ function show_image(){ //************************
 
 // DELETE FOLDER ***************************************************************
 if ($_GET["p"] == "deletefolder") {
-	$pagetitle = "Delete Folder";
+	if (!is_empty($_GET["i"])){
+		$message = '<b>(!) Folder is not empty.</b>  Folders must be empty before they can be deleted.<br>';
+		$page = "index";
+		}
+	else { $pagetitle = "Delete Folder"; }
 }
 
-
-
-
-
 if (isset($_POST["delete_foldername"]) && $_SESSION['onefilecms_valid'] = "1" && $_POST["sessionid"] == session_id()) {
 	$foldername = $_POST["delete_foldername"];
+	$_GET["i"] = $foldername;
 	if (@rmdir($foldername)) {
+		$_GET["i"] = dirname($foldername);
 		$message = '<b>"'.$foldername.'"</b> successfully deleted.';
 	} else {
 		$message = '<b>(!) "'.$foldername.'"</b> is not empty, or other error occurred.';
@@ -258,8 +260,6 @@ function show_image(){ //************************
 
 
 
-
-
 // EDIT ************************************************************************
 
 //*** If on Edit page, and [Save] clicked:
@@ -270,13 +270,12 @@ function show_image(){ //************************
 	if ($fp) {
 		fwrite($fp, $content);
 		fclose($fp);
+		$message = '<b>"'.$filename.'"</b> saved successfully.';
+	}else{
+		$message = '<b>(!) There was an error saving file.';
 	}
-	$message = '<b>"'.$filename.'"</b> saved successfully.';
 }//***
 
-
-
-
 //*** If in directory list, and a filename is clicked:
 if (isset($_GET["f"])) {
 	$filename = stripslashes($_GET["f"]);
@@ -301,10 +300,10 @@ function show_image(){ //************************
 // NEW FILE ********************************************************************
 if ($_GET["p"] == "new") {$pagetitle = "New File"; }
 if (isset($_POST["new_filename"]) && $_SESSION['onefilecms_valid'] = "1" && $_POST["sessionid"] == session_id()) {
-	$filename = $_POST["new_filename"];
-
+	$filename  = $_POST["new_filename"];
+	$_GET["i"] = $filename; Check_ipath();
 	if (file_exists($filename)) {
-		$message = '<b>"'.$filename.'"</b> not created. A file with that name already exists.';
+		$message = '<b>(!) "'.$filename.'"</b> not created. A file with that name already exists.';
 	} else {
 		$handle = fopen($filename, 'w') or die("can't open file");
 		fclose($handle);
@@ -319,14 +318,14 @@ function show_image(){ //************************
 if ($_GET["p"] == "folder") {$pagetitle = "New Folder"; }
 if (isset($_POST["new_folder"]) && $_SESSION['onefilecms_valid'] = "1" && $_POST["sessionid"] == session_id()) {
 	$foldername = $_POST["new_folder"];
-
+	$_GET["i"] = $foldername; Check_ipath();
 	if (!is_dir($foldername)) {
 		mkdir($foldername);
 		$message = '<b>"'.$foldername.'"</b> created successfully.';
 		$_GET["i"] = $foldername;  //change to new directory
 	} else {
-		$message = 'A folder by that name already exists.';
-
+		$message  = '<b>(!)</b> Folder already exists: ';
+		$message .= '<b>'.$foldername.'</b>';
 	}
 }
 
@@ -346,13 +345,13 @@ function show_image(){ //************************
 	while (substr($filename, -1) == '/') { $filename = rtrim($filename, '/'); }
 
 	rename($old_filename, $filename);
-	$message = 'Successfully renamed: <br><b>"'.$old_filename.'"</b> <br>To:</br> <b>"'.$filename.'"</b>';
+	$message  = 'Successfully renamed: <br>';
+	$message .='<b>"'.$old_filename.'"</b> <br>To:<br>';
+	$message .='<b>"'.$filename.'"</b>';
 }
 
 
 
-
-
 // RENAME FOLDER ***************************************************************
 if ($_GET["p"] == "renamefolder") {$pagetitle = "Rename Folder"; }
 if (isset($_POST["rename_foldername"]) && $_SESSION['onefilecms_valid'] = "1" && $_POST["sessionid"] == session_id()) {
@@ -495,6 +494,25 @@ function FileTimeStamp(php_filemtime, show_offset){
 
 
 
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
 
 
 //******************************************************************************
@@ -524,16 +542,18 @@ function FileTimeStamp(php_filemtime, show_offset){
 
 <div class="header">
 	<?php echo '<a href="', $ONESCRIPT, '" id="logo">', $config_title; ?></a>
-
+	<?php echo $version; ?>
+	
 	<?php if ((isset($_SESSION['onefilecms_valid'])) && ($_SESSION['onefilecms_valid'] == "1")) { ?>
 		<div class="nav">
-			<a href="/">Visit Site</a> | 
+			<a href="/"><img src="/favicon.ico">&nbsp; <b><?php echo $_SERVER["HTTP_HOST"]; ?>/</b>  &nbsp;- &nbsp;  Visit Site</a> |
 			<a href="<?php echo $ONESCRIPT; ?>?p=logout">Log Out</a>
 		</div>
 	<?php } ?>
 </div>
 
 
+
 <?php message_box(); ?>
 
 
@@ -589,13 +609,12 @@ function FileTimeStamp(php_filemtime, show_offset){
 <?php // DELETE FOLDER *********************************************************
 if ($page == "deletefolder") {
 	$varvar = "?i=".substr($_GET["i"],0,strrpos(substr_replace($_GET["i"],"",-1),"/")); ?>
-	<h2>Delete Folder &ldquo;<?php echo $_GET["i"]; ?>&rdquo;</h2>
-	<p>Folders have to be empty before they can be deleted.</p>
+	<h2>Delete Folder &nbsp;&ldquo; <?php echo $_GET["i"]; ?>/ &rdquo; &nbsp;?</h2>
 	<form method="post" action="<?php echo $ONESCRIPT.$varvar; ?>">
 		<input type="hidden" name="sessionid" value="<?php echo session_id(); ?>">
 		<p>
-			<input type="hidden" name="delete_foldername" value="<?php echo $_GET["i"]; ?>">
-			<?php Cancel_Submit_Buttons("DELETE"); ?>
+		<input type="hidden" name="delete_foldername" value="<?php echo $_GET["i"]; ?>">
+		<?php Cancel_Submit_Buttons("DELETE"); ?>
 		</p>
 	</form>
 <?php }; ?>
@@ -815,53 +834,6 @@ function Reset_File() {
 
 
 
-	<?php // <!--============== List files - BLOCK view ===============-->
-	function BLOCK_view() {
-	global $varvar, $config_excluded, $ftypes, $fclasses ; 
-	 ?>
-	<div style="clear:both;"></div>
-	<ul class="index">
-		<?php
-		$files = glob($varvar."{,.}*", GLOB_BRACE);
-		natcasesort($files); //sort w/o regard to case.
-
-		foreach ($files as $file) {
-			$excludeme = 0;
-			$config_excludeds = explode(",", $config_excluded);
-
-			foreach ($config_excludeds as $config_exclusion) {
-				if (strrpos(basename($file),$config_exclusion) !== False && 
-				strrpos(basename($file),$config_exclusion) !== "") { 
-					$excludeme = 1;
-				}
-			}
-			
-			if (!is_dir($file) && $excludeme == 0) {
-				//Determine file type & set cooresponding class.
-				$file_class = "";
-				$ext = end( explode(".", strtolower($file)) );
-
-				for ($x=0; $x < count($ftypes); $x++ ){
-					if ($ext == $ftypes[$x]){ $file_class = $fclasses[$x]; } 
-				}
-		?>
-					<li><?php //****** Actual file name & info ******/ ?>
-						<a href="<?php echo $ONESCRIPT.'?f='.$file.'" class=" '.$file_class.'">';
-						echo basename($file); ?></a>
-						<div class="meta">
-							<span><i>File Size:</i> 
-							<?php echo number_format(filesize($file)); ?><br></span>
-							<span><i>Updated:</i> 
-							<script>FileTimeStamp(<?php echo filemtime($file); ?>);</script></span>
-						</div>
-					</li>
-			<?php } ?>
-		<?php } ?>
-	</ul>
-	<?php }//end BLOCK_view() ==============================-->?>
-
-
-
 	<?php //<!--======== List files in vertical table ========-->
 	function list_view() {
 	
@@ -915,11 +887,8 @@ function list_view() {
 
 
 
-	<?php //<!-- Determine view mode, list files. ====================-->
-		if ($VIEW_MODE == "BLOCK"){ BLOCK_view(); }
-		else                      { list_view();  }
-	?>
-
+	<?php list_view(); ?>
+	
 
 
 	<!--=== Upload/New/Rename/Copy/etc... links ===-->

From 26d061694364f4e63b449bef1934bf52e2bb5918 Mon Sep 17 00:00:00 2001
From: David <selfevidenttruths@mail.com>
Date: Mon, 7 May 2012 13:56:22 -0400
Subject: [PATCH 056/228] Version 1.2.7 Delete File   - Added error response if
 unlink failed. Rename Folder - Simplified removal of trailing slashes Rename
 Folder - returns to index of new folder if rename successfull, parent
 otherwise. Upload File   - Improved error response if no file selected for
 upload. Delete File   - Simplified how $varvar set Delete Folder - Simplified
 how $varvar set Rename FOlder - Simplified how $varvar set Edit page - [Save]
 & [Reset] no longer disabled until <javascript> loads/runs. [Rename Folder]
 moved to before [Delete Folder] Upload File   - Improved/corrected URL for
 <form> action.

---
 onefilecms.php | 109 +++++++++++++++++++++++++++----------------------
 1 file changed, 60 insertions(+), 49 deletions(-)

diff --git a/onefilecms.php b/onefilecms.php
index 2e6700f..bb072c6 100755
--- a/onefilecms.php
+++ b/onefilecms.php
@@ -2,7 +2,7 @@
 // OneFileCMS - http://onefilecms.com/
 // For license & copyright info, see OneFileCMS.License.BSD.txt
 
-$version = "1.2.6";
+$version = "1.2.7";
 
 
 if( phpversion() < '5.0.0' ) { exit("OneFileCMS requires PHP5 to operate. Please contact your host to upgrade your PHP installation."); };
@@ -193,7 +193,7 @@ function show_image(){ //************************
 	if ($TOOHIGH || $TOOWIDE) {
 		if     (!$TOOWIDE)           {$SCALE = $TOOHIGH;}
 		elseif (!$TOOHIGH)           {$SCALE = $TOOWIDE;}
-		elseif ($TOOHIGH > $TOOWIDE) {$SCALE = $TOOWIDE;}
+		elseif ($TOOHIGH > $TOOWIDE) {$SCALE = $TOOWIDE;} //ex:if (.90 > .50)
 		else                         {$SCALE = $TOOHIGH;}
 	}
 
@@ -232,8 +232,12 @@ function show_image(){ //************************
 
 if (isset($_POST["delete_filename"]) && $_SESSION['onefilecms_valid'] = "1" && $_POST["sessionid"] == session_id()) {
 	$filename = $_POST["delete_filename"];
-	unlink($filename);
-	$message = '<b>"'.$filename.'"</b> successfully deleted.';
+
+	if (unlink($filename)) {
+		$message = '<b>"'.$filename.'"</b> successfully deleted.';
+	}else{
+		$message = '<b>(!) Error deleting "'.$filename.'"</b>.';
+	}
 }
 
 
@@ -357,22 +361,20 @@ function show_image(){ //************************
 if (isset($_POST["rename_foldername"]) && $_SESSION['onefilecms_valid'] = "1" && $_POST["sessionid"] == session_id()) {
 
 	$old_foldername = $_POST["old_foldername"];
-	$foldername = $_POST["rename_foldername"];
-
+	$foldername     = $_POST["rename_foldername"];
+	$_GET["i"]      = $old_foldername;
+	Check_ipath();
 
 	//Removed any trailing slashes
-	while (substr($old_foldername, -1) == '/') {
-		$old_foldername = rtrim($old_foldername, '/');
-	}
-	while (substr($foldername, -1) == '/') {
-		$foldername = rtrim($foldername, '/');
-	}
+	$old_foldername = rtrim($old_foldername, '/');
+	$foldername = rtrim($foldername, '/');
 
 	if (rename($old_foldername, $foldername)) {
-		$message = 'Successfully renamed: <br><b>"'.$old_foldername.'"</b><br>To:<br><b>"'.$foldername.'"</b>.';
+		$message  = 'Successfully renamed: <br><b>"'.$old_foldername.'"</b><br>';
+		$message .= 'To:<br><b>"'.$foldername.'"</b>.';
 		$_GET["i"] = $foldername;  //return to new folder
 	} else {
-		$message = "There was an error. Try again and/or contact your admin.";
+		$message = "<b>(!)</b> There was an error during rename. Try again and/or contact your admin.";
 	}
 }
 
@@ -382,32 +384,38 @@ function show_image(){ //************************
 if ($_GET["p"] == "upload") {$pagetitle = "Upload File"; }
 if (isset($_FILES['upload_filename']['name']) && $_SESSION['onefilecms_valid'] = "1" && $_POST["sessionid"] == session_id()) {
 
-	$filename = $_FILES['upload_filename']['name'];
+	$filename    = $_FILES['upload_filename']['name'];
 	$newfilename = $filename;
 	$destination = $_POST["upload_destination"];
 	$destintaion = rtrim($destination,"/").'/';  //make sure only a single trailing slash
-	$savefile = $destination.$filename;
-
-	//if file_exists(), serialize filename until it doesn't
-	$serialize = 0;
-	$message   = 'Uploading: <b>"'.$filename.'"</b> to <b>"'.$destination.'"</b><br>';
-	if (file_exists($savefile)) {
-		$message .= 'However, a file with that name already exists in the target directory.<br>';
-		$savefile_info = pathinfo($savefile);
-	}
-	while (file_exists($savefile)) {
-		$serialize = sprintf("%04d", ++$serialize); //  0001, 0002, 0003, etc...
-		$newfilename = $savefile_info['filename'].'.'.$serialize.'.'.$savefile_info['extension'];
-		$savefile = $destination . $newfilename;
-	}
-	$message .= 'Saving as: <b>"</b>'.'<b>'.$newfilename.'"</b>';
-	//end serialize filename *****************************/
-
-	if(move_uploaded_file($_FILES['upload_filename']['tmp_name'], $savefile)) {
-		$message .= '<br>Upload successful.';
-		$_GET["i"] = rtrim($destination,"/");
-	} else{
-		$message .= "<br><b>(!) There was an error.</b> Try again and/or contact your host admin.";
+	$savefile    = $destination.$filename;
+	$_GET["i"]   = rtrim($destination,"/");
+
+	if (($filename == "")){ 
+		$message = "<b>(!) No file selected for upload... </b>";
+	}else{
+		$message   = 'Uploading: <b>"'.$filename.'"</b> to <b>"'.$destination.'"</b>';
+		
+		//if file_exists(), serialize filename until it doesn't
+		$serialize = 0;
+		if (file_exists($savefile)) {
+			$message .= '<br><b>(!)</b> A file with that name already exists in the target directory.<br>';
+			$savefile_info = pathinfo($savefile);
+
+			while (file_exists($savefile)) {
+				$serialize = sprintf("%04d", ++$serialize); //  0001, 0002, 0003, etc...
+				$newfilename = $savefile_info['filename'].'.'.$serialize.'.'.$savefile_info['extension'];
+				$savefile = $destination . $newfilename;
+			}
+			$message .= 'Saving as: <b>"</b>'.'<b>'.$newfilename.'"</b>';
+		}
+		//end serialize filename *****************************/
+
+		if(move_uploaded_file($_FILES['upload_filename']['tmp_name'], $savefile)) {
+			$message .= '<br>Upload successful.';
+		} else{
+			$message .= "<br><b>(!) There was an error.</b> Try again and/or contact your host admin.";
+		}
 	}
 } //end Upload file
 
@@ -589,8 +597,9 @@ function FileTimeStamp(php_filemtime, show_offset){
 
 <?php // DELETE FILE ***********************************************************
 if ($page == "delete") {
-	$varvar = "?i=".substr($_GET["d"],0,strrpos($_GET["d"],"/")); ?>
-	<h2>Delete &ldquo;<a href="/<?php echo $filename; ?> ">
+	$varvar = '?i='.dirname($_GET["d"]); 
+
+?>	<h2>Delete &ldquo;<a href="/<?php echo $filename; ?> ">
 	<?php echo $filename; ?></a>&rdquo;</h2>
 	<p>Are you sure?</p>
 
@@ -608,8 +617,9 @@ function FileTimeStamp(php_filemtime, show_offset){
 
 <?php // DELETE FOLDER *********************************************************
 if ($page == "deletefolder") {
-	$varvar = "?i=".substr($_GET["i"],0,strrpos(substr_replace($_GET["i"],"",-1),"/")); ?>
-	<h2>Delete Folder &nbsp;&ldquo; <?php echo $_GET["i"]; ?>/ &rdquo; &nbsp;?</h2>
+	$varvar = "?i=".substr($_GET["i"],0,strrpos(substr_replace($_GET["i"],"",-1),"/"));
+
+?>	<h2>Delete Folder &nbsp;&ldquo; <?php echo $_GET["i"]; ?>/ &rdquo; &nbsp;?</h2>
 	<form method="post" action="<?php echo $ONESCRIPT.$varvar; ?>">
 		<input type="hidden" name="sessionid" value="<?php echo session_id(); ?>">
 		<p>
@@ -658,8 +668,8 @@ function FileTimeStamp(php_filemtime, show_offset){
 		<?php if (strpos($config_itypes,$ext) === false) { show_textarea(); } ?>
 		
 		<p class="buttons_right">
-		<input type="submit" class="button" name="save_file" id="save_file" value="Save"  onclick="submitted = true;"  disabled="disabled">
-		<input type="button" class="button" id="reset"  value="Reset - loose changes" onclick="Reset_File()"  disabled="disabled">
+		<input type="submit" class="button" name="save_file" id="save_file" value="Save"  onclick="submitted = true;">
+		<input type="button" class="button" id="reset"  value="Reset - loose changes" onclick="Reset_File()">
 		<input type="button" class="button" name="rename_file" value="Rename/Move" onclick="parent.location='<?php echo $ONESCRIPT.'?r='.$filename; ?>'">
 		<input type="button" class="button" name="delete_file" value="Delete"      onclick="parent.location='<?php echo $ONESCRIPT.'?d='.$filename; ?>'">
 		<input type="button" class="button" name="copy_file"   value="Copy"        onclick="parent.location='<?php echo $ONESCRIPT.'?c='.$filename; ?>'">
@@ -897,10 +907,10 @@ function list_view() {
 		<a href="<?php echo $ONESCRIPT.'?p=new&amp;i='.$varvar; ?>"    class="new">New File</a>
 		<a href="<?php echo $ONESCRIPT.'?p=folder&amp;i='.$varvar; ?>" class="newfolder">New Folder</a>
 		<?php if ($varvar !== "") { ?>
-			<a href="<?php echo $ONESCRIPT.'?p=deletefolder&amp;i='.$varvar; ?>" class="deletefolder">
-			Delete Folder</a>
 			<a href="<?php echo $ONESCRIPT.'?p=renamefolder&amp;i='.$varvar; ?>" class="renamefolder">
 			Rename Folder</a>
+			<a href="<?php echo $ONESCRIPT.'?p=deletefolder&amp;i='.$varvar; ?>" class="deletefolder">
+			Delete Folder</a>
 		<?php } ?>
 	</p>
 
@@ -1003,7 +1013,7 @@ function list_view() {
 
 <?php // RENAME FOLDER *********************************************************
 if ($page == "renamefolder") {
-	$varvar = "?i=".substr($_GET["i"],0,strrpos(substr_replace($_GET["i"],"",-1),"/"));
+	$varvar = '?i='.$_GET["i"];
 ?>
 	<h2>Rename Folder &ldquo;<?php echo $_GET["i"]; ?>&rdquo;</h2>
 	<form method="post" action="<?php echo $ONESCRIPT.$varvar; ?>">
@@ -1025,9 +1035,10 @@ function list_view() {
 
 <?php // UPLOAD FILE ***********************************************************
 if ($page == "upload") {
-	$varvar = ""; if (isset($_GET["i"])) { $varvar = "?i=".$_GET["i"]; } ?>
-	<h2>Upload</h2>
-	<form enctype="multipart/form-data" action="<?php echo $ONESCRIPT.substr_replace($varvar,"",-1); ?>" method="post">
+	$varvar = ""; if (isset($_GET["i"])) { $varvar = "?i=".$_GET["i"]; }
+	
+?>	<h2>Upload</h2>
+	<form enctype="multipart/form-data" action="<?php echo $ONESCRIPT.$varvar; ?>" method="post">
 		<input type="hidden" name="sessionid" value="<?php echo session_id(); ?>">
 		<input type="hidden" name="MAX_FILE_SIZE" value="100000">
 		<p>

From 58557347f1ba1469c2ad3e1bcec513b999144e66 Mon Sep 17 00:00:00 2001
From: Self-Evident <selfevidenttruths@mail.com>
Date: Tue, 8 May 2012 20:07:01 -0400
Subject: [PATCH 057/228] Version 1.2.8 Simplified variable/s for style sheet:
 $config_style_sheet Deleted style_sheet() as superfluous Added show_favicon()
 to confirm it exists. Renamed variable values for $page & ?p=, from "folder"
 to "newfolder" Tweaked $message line hieght. Improved Copy File response code
 & $message. Adjusted Delete File $message. Adjusted Delete Folder $message.
 Adjusted New Folder $message. Adjusted Rename File $message. Adjusted Rename
 Folder $message. Adjusted Upload File $message. Wrapped edit page
 <javascript> into a php function, moved above <html>

---
 onefilecms.css  |  62 ++------
 onefilecms.php  | 376 ++++++++++++++++++++++++------------------------
 readme.markdown |   6 +-
 3 files changed, 195 insertions(+), 249 deletions(-)
 mode change 100644 => 100755 readme.markdown

diff --git a/onefilecms.css b/onefilecms.css
index a5e324a..e83f15c 100755
--- a/onefilecms.css
+++ b/onefilecms.css
@@ -1,5 +1,5 @@
 /* OneFileCMS - http://onefilecms.com/
- * Version 1.2.5
+ * Version 1.2.8
  * For license & copyright info, see OneFileCMS.License.BSD.txt 
  */ 
 
@@ -15,17 +15,9 @@
 html,body,div,span,applet,object,iframe,h1,h2,h3,h4,h5,h6,p,blockquote,pre,a,abbr,acronym,address,big,
 cite,code,del,dfn,em,font,img,ins,kbd,q,s,samp,small,strike,strong,sub,sup,tt,var,dl,dt,dd,ol,ul,li,
 fieldset,form,label,legend,table,caption,tbody,tfoot,thead,tr,th,td
-	{
-	border : 0;
-	outline: 0;
-	margin : 0;
-	padding: 0;
-	font-weight: inherit;
-	font-style : inherit;
-	font-size  : 100%;
-	font-family: inherit;
-	vertical-align: baseline;
-	}
+{border : 0;  outline: 0; margin : 0; padding: 0; 
+font-family: inherit; font-weight: inherit; font-style : inherit;
+font-size  : 100%; vertical-align: baseline; }
 
 
 
@@ -90,7 +82,6 @@ pre {
 
 
 
-
 /* --- layout --- */
 
 .container {
@@ -135,50 +126,13 @@ pre {
 	border: 1px solid #807568;
 	font-family: Lucida Console, "Courier New" ;
 	font-size: .95em;
-	line-height: 1em;
+	line-height: 1.2em;
 	background: #fff000;
 	}
 
 #message span { float: right; }
 
-#message a { padding: 4px 1px 4px 1px; border-right: none; } /*T R B L*/
-
-
-
-/* --- INDEX --- */
-
-.index { width: 810px; }
-
-.index li {
-	margin: 0 10px 10px 0;
-	width: 260px;
-	float: left;
-	position: relative;
-	}
-
-.index a {
-	height: 20px;
-	display: block;
-	padding: 7px 5px 7px 35px;
-	border: 1px solid #807568;
-	text-decoration: none;
-	background: #F8F8F8 url("http://self-evident.github.com/OneFileCMS/images/file-bin.png") 3px no-repeat;
-	overflow: hidden;
-	line-height: 1em;
-	}
-
-.index a.bin { background:white url("http://self-evident.github.com/OneFileCMS/images/file-bin.png") 3px no-repeat; }
-.index a.img { background:white url("http://self-evident.github.com/OneFileCMS/images/file-img.png") 3px no-repeat; }
-.index a.txt { background:white url("http://self-evident.github.com/OneFileCMS/images/file-txt.png") 3px no-repeat; }
-.index a.cfg { background:white url("http://self-evident.github.com/OneFileCMS/images/file-cfg.png") 3px no-repeat; }
-.index a.css { background:white url("http://self-evident.github.com/OneFileCMS/images/file-css.png") 3px no-repeat; }
-.index a.htm { background:white url("http://self-evident.github.com/OneFileCMS/images/file-htm.png") 3px no-repeat; }
-.index a.php { background:white url("http://self-evident.github.com/OneFileCMS/images/file-php.png") 3px no-repeat; }
-.index a.svg { background:white url("http://self-evident.github.com/OneFileCMS/images/file-svg.png") 3px no-repeat; }
-
-.index a:hover { background-color: rgb(255,250,150); }
-.index a:focus { background-color: rgb(255,250,150); }
-
+#message a { padding: 6px 1px 5px 1px; border-right: none; } /*T R B L*/
 
 
 /* --- INDEX directory listing, table format --- */
@@ -256,7 +210,7 @@ table.index_T td {
 .index_folders { min-height: 1.7em;  margin-bottom: .2em; }
 
 .index_folders a {
-	Xborder       : 1px solid gray;
+	border       : 1px solid #807568;
 	display      : inline-block;
 	line-height  : 1.1em;
 	font-size    : 1em;
@@ -391,7 +345,7 @@ input:hover { background-color: rgb(255,250,150); }
 
 /* --- log in --- */
 
-.page_login .container, .page_logout .container {
+.page_login .container {
 	margin-top: 5em;
 	border    : 1px solid #807568;
 	padding   : 1em;
diff --git a/onefilecms.php b/onefilecms.php
index bb072c6..3f41aca 100755
--- a/onefilecms.php
+++ b/onefilecms.php
@@ -2,7 +2,7 @@
 // OneFileCMS - http://onefilecms.com/
 // For license & copyright info, see OneFileCMS.License.BSD.txt
 
-$version = "1.2.7";
+$version = "1.2.8";
 
 
 if( phpversion() < '5.0.0' ) { exit("OneFileCMS requires PHP5 to operate. Please contact your host to upgrade your PHP installation."); };
@@ -14,14 +14,15 @@
 $config_username  = "username";
 $config_password  = "password";
 $config_title     = "OneFileCMS";
-$config_LOCAL     = "/onefilecms/";      //local directory for icons, .css, .js, etc...
-$config_csslocal  = "onefilecms.css";    //Relative to this file.
-//$config_csslocal  ="/onefilecms.css";  //Relative to site URL root.
-$config_csshosted = "http://self-evident.github.com/OneFileCMS/onefilecms.css";
+
+$config_style_sheet = "onefilecms.css";  //Relative to this file.
+//$config_style_sheet ="/onefilecms.css";  //Relative to site URL root.
+//$config_style_sheet = "http://self-evident.github.com/OneFileCMS/onefilecms.css";
 
 $MAX_IMG_W   = 810;   // Max width to display images. (page container = 810)
 $MAX_IMG_H   = 1000;  // Max height.  I don't know, it just looks reasonable.
 
+$config_favicon   = "/favicon.ico";
 $config_editable  = "html,htm,php,css,js,txt,text,cfg,conf,ini,csv,svg";
 $config_excluded  = ""; //files to exclude from directory listings
 $config_itypes    = "jpg,gif,png,bmp,ico";  // Can be displayed on edit page.
@@ -39,8 +40,8 @@
 
 
 $ONESCRIPT = $_SERVER["SCRIPT_NAME"];
-$DOC_ROOT  = $_SERVER["DOCUMENT_ROOT"];
-$CWD       = str_replace("\\","/",getcwd());
+$DOC_ROOT  = $_SERVER["DOCUMENT_ROOT"].'/';
+$WEBSITE   = $_SERVER["HTTP_HOST"];
 
 //Allows OneFileCMS.php to be started from any dir on the site.
 chdir($DOC_ROOT);
@@ -74,7 +75,7 @@
 	// redirect on invalid page attempts
 	$page = $_GET["p"];
 	if (!in_array(strtolower($_GET["p"]), array(
-		"copy","delete","deletefolder","edit","folder","index","login","logout","new","rename","renamefolder","upload"	)))
+		"copy","delete","deletefolder","edit","newfolder","index","login","logout","new","rename","renamefolder","upload"	)))
 	{
 		header("Location: ".$ONESCRIPT);
 		$page = "index";
@@ -101,7 +102,7 @@ function Check_ipath() { global $message;
 
 if ($_GET["p"] == "logout") {
 	$page = "login";
-	$pagetitle = "Log Out";
+	$pagetitle = "Login";
 	$_SESSION['onefilecms_valid'] = "0";
 	session_destroy();
 	$message = 'You have successfully logged out.';
@@ -122,7 +123,6 @@ function Check_ipath() { global $message;
 //******************************************************************************
 // Misc Functions
 
-
 function is_empty($path){
 	$empty = false;
 	$dh = opendir($path);
@@ -132,6 +132,7 @@ function is_empty($path){
 }//end is_emtpy()
 
 
+
 function Close_Button($classes) { //********************
 	echo '<input type="button" class="button '.$classes.'" name="close" value="Close" onclick="parent.location=\'';
 	echo $ONESCRIPT.'?i='.substr($_GET["f"],0,strrpos($_GET["f"],"/")).'\'">';
@@ -139,6 +140,7 @@ function Close_Button($classes) { //********************
 }// End Close_Button() //*******************************
 
 
+
 function Cancel_Submit_Buttons($button_label) { //******
 	global $ONESCRIPT, $varvar;
 
@@ -159,8 +161,9 @@ function Cancel_Submit_Buttons($button_label) { //******
 }// End Cancel_Submit_Buttons() //**********************
 
 
+
 function message_box() { //*****************************
-	global $message, $page, $ONESCRIPT;
+	global $ONESCRIPT, $message, $page;
 
 	if (isset($message)) {
 	?>
@@ -179,7 +182,8 @@ function message_box() { //*****************************
 } //end message_box()  *********************************
 
 
-function show_image(){ //************************
+
+function show_image(){ //*******************************
 	global $filename, $MAX_IMG_W, $MAX_IMG_H;
 	
 	$IMG = $filename;
@@ -202,16 +206,26 @@ function show_image(){ //************************
 	echo '<div style="clear:both;"></div>';
 	echo '<a href="/' . $IMG . '">';
 	echo '<img src="/'.$IMG.'"  height="'.$img_info[$H]*$SCALE.'"></a>';
-}// end show_image() ****************************
+}// end show_image() ***********************************
 
 
+
+function show_favicon(){
+	global $config_favicon, $DOC_ROOT;
+	if (file_exists($DOC_ROOT.$config_favicon)) { 
+		echo '<img src="'.$config_favicon.'" alt="">'; 
+	}
+}// end show_favicon()
+
 // End of misc funtions ********************************************************
 
 
 
 
 
-// COPY FILE *******************************************************************
+
+
+// COPY FILE response code *****************************************************
 if (isset($_GET["c"])) {
 	$page = "copy"; $filename = $_GET["c"]; $pagetitle = "Copy";
 }
@@ -219,13 +233,20 @@ function show_image(){ //************************
 if (isset($_POST["copy_filename"]) && $_SESSION['onefilecms_valid'] = "1" && $_POST["sessionid"] == session_id()) {
 	$old_filename = $_POST["old_filename"];
 	$filename = $_POST["copy_filename"];
-	copy($old_filename, $filename);
-	$message = '<b>"'.$old_filename.'"</b> copied successfully to <b>"'.$filename.'"</b>.';
-}
+
+	if (copy($old_filename, $filename)){ 
+		$message  = '<b>"'.$old_filename.'"</b><br>';
+		$message .= ' --- successfully copied to ---<br>';
+		$message .= '<b>"'.$filename.'"</b>.';
+	}else{
+		$message .= '<b>(!) Error copying file:<br>"'.$filename.'"</b>.';
+	}
+}//end COPY FILE response code *************************************************
+
 
 
 
-// DELETE FILE *****************************************************************
+// DELETE FILE response code ***************************************************
 if (isset($_GET["d"])) {
 	$page = "delete"; $filename = $_GET["d"]; $pagetitle = "Delete";
 }
@@ -234,15 +255,16 @@ function show_image(){ //************************
 	$filename = $_POST["delete_filename"];
 
 	if (unlink($filename)) {
-		$message = '<b>"'.$filename.'"</b> successfully deleted.';
+		$message = '"<b>'.basename($filename).'</b>" successfully deleted.';
 	}else{
 		$message = '<b>(!) Error deleting "'.$filename.'"</b>.';
 	}
-}
+}//end DELETE FILE response code ***********************************************
+
 
 
 
-// DELETE FOLDER ***************************************************************
+// DELETE FOLDER response code *************************************************
 if ($_GET["p"] == "deletefolder") {
 	if (!is_empty($_GET["i"])){
 		$message = '<b>(!) Folder is not empty.</b>  Folders must be empty before they can be deleted.<br>';
@@ -256,15 +278,16 @@ function show_image(){ //************************
 	$_GET["i"] = $foldername;
 	if (@rmdir($foldername)) {
 		$_GET["i"] = dirname($foldername);
-		$message = '<b>"'.$foldername.'"</b> successfully deleted.';
+		$message = '"<b>'.basename($foldername).'/</b>" successfully deleted.';
 	} else {
-		$message = '<b>(!) "'.$foldername.'"</b> is not empty, or other error occurred.';
+		$message = '<b>(!) "'.$foldername.'/"</b> is not empty, or other error occurred.';
 	}
-}
+}//end DELETE FOLDER response code *********************************************
+
 
 
 
-// EDIT ************************************************************************
+// EDIT Page response code *****************************************************
 
 //*** If on Edit page, and [Save] clicked:
 if (isset($_POST["filename"]) && $_SESSION['onefilecms_valid'] = "1" && $_POST["sessionid"] == session_id()) {
@@ -298,10 +321,12 @@ function show_image(){ //************************
 		unset ($filename);
 	}
 }//***
+//End Edit page response code **************************************************
 
 
 
-// NEW FILE ********************************************************************
+
+// NEW FILE response code ******************************************************
 if ($_GET["p"] == "new") {$pagetitle = "New File"; }
 if (isset($_POST["new_filename"]) && $_SESSION['onefilecms_valid'] = "1" && $_POST["sessionid"] == session_id()) {
 	$filename  = $_POST["new_filename"];
@@ -311,31 +336,33 @@ function show_image(){ //************************
 	} else {
 		$handle = fopen($filename, 'w') or die("can't open file");
 		fclose($handle);
-		$message = '<b>"'.$filename.'"</b> created successfully.';
+		$message = '"<b>'.$filename.'</b>" created successfully.';
 		$_GET["i"] = dirname($filename); //return to file's directory.
 	}
-}
+}//end NEW FILE response code **************************************************
 
 
 
-// NEW FOLDER ******************************************************************
-if ($_GET["p"] == "folder") {$pagetitle = "New Folder"; }
+
+// NEW FOLDER response code ****************************************************
+if ($_GET["p"] == "newfolder") {$pagetitle = "New Folder"; }
 if (isset($_POST["new_folder"]) && $_SESSION['onefilecms_valid'] = "1" && $_POST["sessionid"] == session_id()) {
 	$foldername = $_POST["new_folder"];
 	$_GET["i"] = $foldername; Check_ipath();
 	if (!is_dir($foldername)) {
 		mkdir($foldername);
-		$message = '<b>"'.$foldername.'"</b> created successfully.';
+		$message = '"<b>'.$foldername.'/</b>" created successfully.';
 		$_GET["i"] = $foldername;  //change to new directory
 	} else {
 		$message  = '<b>(!)</b> Folder already exists: ';
-		$message .= '<b>'.$foldername.'</b>';
+		$message .= '<b>'.$foldername.'/</b>';
 	}
-}
+}//end NEW FOLDER response code ************************************************
 
 
 
-// RENAME FILE *****************************************************************
+
+// RENAME FILE response code ***************************************************
 if (isset($_GET["r"])) {
 	$filename = $_GET["r"];
 	$pagetitle = "Rename File";
@@ -346,41 +373,44 @@ function show_image(){ //************************
 	$filename = $_POST["rename_filename"];
 
 	//Removed any trailing slashes
-	while (substr($filename, -1) == '/') { $filename = rtrim($filename, '/'); }
+	$filename = rtrim($filename, '/');
 
 	rename($old_filename, $filename);
-	$message  = 'Successfully renamed: <br>';
-	$message .='<b>"'.$old_filename.'"</b> <br>To:<br>';
-	$message .='<b>"'.$filename.'"</b>';
-}
+	$message .= '"<b>'.$old_filename.'</b>"<br>';
+	$message .= ' &nbsp; successfully renamed to:<br>';
+	$message .= '"<b>'.$filename.'</b>"';
+}//end RENAME FILE response code ***********************************************
 
 
 
-// RENAME FOLDER ***************************************************************
+
+// RENAME FOLDER response code *************************************************
 if ($_GET["p"] == "renamefolder") {$pagetitle = "Rename Folder"; }
-if (isset($_POST["rename_foldername"]) && $_SESSION['onefilecms_valid'] = "1" && $_POST["sessionid"] == session_id()) {
+if (isset($_POST["new_foldername"]) && $_SESSION['onefilecms_valid'] = "1" && $_POST["sessionid"] == session_id()) {
 
 	$old_foldername = $_POST["old_foldername"];
-	$foldername     = $_POST["rename_foldername"];
+	$new_foldername = $_POST["new_foldername"];
 	$_GET["i"]      = $old_foldername;
 	Check_ipath();
 
 	//Removed any trailing slashes
 	$old_foldername = rtrim($old_foldername, '/');
-	$foldername = rtrim($foldername, '/');
+	$new_foldername = rtrim($new_foldername, '/');
 
-	if (rename($old_foldername, $foldername)) {
-		$message  = 'Successfully renamed: <br><b>"'.$old_foldername.'"</b><br>';
-		$message .= 'To:<br><b>"'.$foldername.'"</b>.';
-		$_GET["i"] = $foldername;  //return to new folder
+	if (rename($old_foldername, $new_foldername)) {
+		$message .= '<b>"'.$old_foldername.'/"</b><br>';
+		$message .= ' &nbsp; successfully renamed to:<br>';
+		$message .= '<b>"'.$new_foldername.'/"</b>';
+		$_GET["i"] = $new_foldername;  //return to new folder
 	} else {
 		$message = "<b>(!)</b> There was an error during rename. Try again and/or contact your admin.";
 	}
-}
+}//end RENAME FOLDER response code *********************************************
+
 
 
 
-// UPLOAD FILE *****************************************************************
+// UPLOAD FILE response code ***************************************************
 if ($_GET["p"] == "upload") {$pagetitle = "Upload File"; }
 if (isset($_FILES['upload_filename']['name']) && $_SESSION['onefilecms_valid'] = "1" && $_POST["sessionid"] == session_id()) {
 
@@ -414,10 +444,10 @@ function show_image(){ //************************
 		if(move_uploaded_file($_FILES['upload_filename']['tmp_name'], $savefile)) {
 			$message .= '<br>Upload successful.';
 		} else{
-			$message .= "<br><b>(!) There was an error.</b> Try again and/or contact your host admin.";
+			$message .= "<br><b>(!) There was an error.</b> Upload or rename may have failed.";
 		}
 	}
-} //end Upload file
+} //end Upload file response code **********************************************
 
 
 
@@ -425,22 +455,6 @@ function show_image(){ //************************
 
 
 
-//*** local or a hosted style sheet? *******************************************
-function style_sheet() {
-global $DOC_ROOT, $config_csslocal, $CWD;
-$STYLE_SHEET = $config_csslocal;
-$ROOT = $DOC_ROOT; 
-
-// If csslocal has a leading /, assume it's location relative to $DOC_ROOT
-// If it has no leading /, assume it is relative to this file.
-if (substr($config_csslocal,0,1) != "/"){ $ROOT = $CWD.'/'; }
-
-//Check for local style sheet. If not found, use hosted copy.
-if (!file_exists($ROOT.$config_csslocal) || is_dir($ROOT.$config_csslocal)) { $STYLE_SHEET = $config_csshosted; }
-
-
-?> <link href="<?php echo $STYLE_SHEET;?>" type="text/css" rel="stylesheet"> <?php
-}//end style_sheet() ***********************************************************
 
 
 
@@ -497,26 +511,112 @@ function FileTimeStamp(php_filemtime, show_offset){
 
 
 
+function Edit_Page_javascript() { //********************************************
+?>
+	<!--======== Provide feedback re: unsaved changes ========-->
+	<script>
+	    
+	var File_textarea    = document.getElementById('file_content');
+	var Save_File_button = document.getElementById('save_file');
+	var Reset_button     = document.getElementById('reset');
 
+	var start_value = File_textarea.value;
+	var submitted   = false
+	var changed     = false;
 
 
 
+	// The following events only apply when the element is active.
+	// [Save] is disabled unless there are changes to the open file.
+	Save_File_button.onfocus = function() {Save_File_button.style.backgroundColor = "rgb(255,250,150)";}
+	Save_File_button.onblur  = function() {Save_File_button.style.backgroundColor ="#Fee";}
+	Save_File_button.onmouseover = function() {Save_File_button.style.backgroundColor = "rgb(255,250,150)";}
+	Save_File_button.onmouseout  = function() {Save_File_button.style.backgroundColor = "#Fee";}
 
 
 
+	function Reset_file_status_indicators() {
+		changed = false;
+		File_textarea.style.backgroundColor = "#eFe";  //light green
+		Save_File_button.style.backgroundColor = "";
+		Save_File_button.style.borderColor = "";
+		Save_File_button.style.borderWidth = "1px";
+		Save_File_button.disabled = "disabled";
+		Save_File_button.value = "Save";
+		Reset_button.disabled = "disabled";
+		//File_textarea.focus();
+	}
 
 
+	window.onbeforeunload = function() {
+		if ( changed && !submitted) { 
+			//FF4+ Ingores the supplied msg below & only uses a system msg for the prompt.
+			return "               Unsaved changes will be lost!";
+		}
+	}
 
 
+	window.onunload = function() {
+		//without this, a browser back then forward would reload file with local/
+		// unsaved changes, but with a green b/g as tho that's the file's contents.
+		if (!submitted) {
+			File_textarea.value = start_value;
+			Reset_file_status_indicators();
+		}
+	}
 
 
+	//With selStart & selEnd == 0, moves cursor to start of text field.
+	function setSelRange(inputEl, selStart, selEnd) { 
+		if (inputEl.setSelectionRange) { 
+			inputEl.focus(); 
+			inputEl.setSelectionRange(selStart, selEnd); 
+		} else if (inputEl.createTextRange) { 
+			var range = inputEl.createTextRange(); 
+			range.collapse(true); 
+			range.moveEnd('character', selEnd); 
+			range.moveStart('character', selStart); 
+			range.select(); 
+		} 
+	}
 
 
+	function Check_for_changes(event){
+		var keycode=event.keyCode? event.keyCode : event.charCode;
+		changed = (File_textarea.value != start_value);
+		if (changed){
+			document.getElementById('message').innerHTML = " "; // Must have a space, or it won't clear the msg.
+			File_textarea.style.backgroundColor = "#Fee";  //light red
+			Save_File_button.style.backgroundColor ="#Fee";
+			Save_File_button.style.borderColor = "#F44";   //less light red
+			Save_File_button.style.borderWidth = "1px";
+			Save_File_button.disabled = "";
+			Reset_button.disabled = "";
+			Save_File_button.value = "SAVE CHANGES!";
+		}else{
+			Reset_file_status_indicators()
+		}
+	}
 
 
+	//Reset textarea value to when page was loaded.
+	//Used by [Reset] button, and when page unloads (browser back, etc). 
+	//Needed becuase if the page is reloaded (ctl-r, or browser back/forward, etc.), 
+	//the text stays changed, but "changed" gets set to false, which looses warning.
+	function Reset_File() {
+		if (changed) {
+			if ( !(confirm("Reset file and loose unsaved changes?")) ) { return; }
+		}
+		File_textarea.value = start_value;
+		Reset_file_status_indicators();
+		setSelRange(File_textarea, 0, 0) //MOve cursor to start of textarea.
+	}
+	
+	
+	Reset_file_status_indicators()
+	</script>
 
-
-
+<?php }//End Edit_Page_javascript() ********************************************
 
 
 
@@ -528,17 +628,15 @@ function FileTimeStamp(php_filemtime, show_offset){
 ?><!DOCTYPE html>
 
 <html>
-
 <head>
 
-<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
-<meta name="robots" content="noindex">
-
 <title><?php echo $config_title.' - '.$pagetitle; ?></title>
 
+<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
+<meta name="robots" content="noindex">
 
-<?php style_sheet(); ?>
-
+<?php //style_sheet(); ?>
+<link href="<?php echo $config_style_sheet;?>" type="text/css" rel="stylesheet">
 
 <?php if ( ($page == "index") || ($page == "edit") ) { time_stamp_scripts(); } ?>
 
@@ -554,12 +652,13 @@ function FileTimeStamp(php_filemtime, show_offset){
 	
 	<?php if ((isset($_SESSION['onefilecms_valid'])) && ($_SESSION['onefilecms_valid'] == "1")) { ?>
 		<div class="nav">
-			<a href="/"><img src="/favicon.ico">&nbsp; <b><?php echo $_SERVER["HTTP_HOST"]; ?>/</b>  &nbsp;- &nbsp;  Visit Site</a> |
+			<a href="/"><?php show_favicon(); ?>&nbsp; 
+			<b><?php echo $WEBSITE; ?>/</b>  &nbsp;- &nbsp;
+			Visit Site</a> |
 			<a href="<?php echo $ONESCRIPT; ?>?p=logout">Log Out</a>
 		</div>
 	<?php } ?>
-</div>
-
+</div><!-- end header -->
 
 
 <?php message_box(); ?>
@@ -680,119 +779,14 @@ function FileTimeStamp(php_filemtime, show_offset){
 
 	<?php if (strpos($config_itypes,$ext) !== false) { show_image(); } ?>
 
-	<?php if (strpos($config_editable,$ext) !== false) { ?>
+	<?php if (strpos($config_editable,$ext) !== false) { //if editable file..?>
+		<?php Edit_Page_javascript(); ?>
 		<div id="edit_note">
 		NOTE: On some browsers, such as Chrome, if you click the browser [Back] then browser [Forward] (or vice versa), the file state may not be accurate.  To correct, click the browser's [Reload].
 		</div>
-	<?php } ?>
-
-
-	<?php if (strpos($config_editable,$ext) !== false) { //if editable file...?>
-	<!--======== Provide feedback re: unsaved changes ========-->
-	<script>
-	    
-	var File_textarea    = document.getElementById('file_content');
-	var Save_File_button = document.getElementById('save_file');
-	var Reset_button     = document.getElementById('reset');
-
-	var start_value = File_textarea.value;
-	var submitted   = false
-	var changed     = false;
-
-
-
-	// The following events only apply when the element is active.
-	// [Save] is disabled unless there are changes to the open file.
-	Save_File_button.onfocus = function() {Save_File_button.style.backgroundColor = "rgb(255,250,150)";}
-	Save_File_button.onblur  = function() {Save_File_button.style.backgroundColor ="#Fee";}
-	Save_File_button.onmouseover = function() {Save_File_button.style.backgroundColor = "rgb(255,250,150)";}
-	Save_File_button.onmouseout  = function() {Save_File_button.style.backgroundColor = "#Fee";}
-
-
-
-	function Reset_file_status_indicators() {
-		changed = false;
-		File_textarea.style.backgroundColor = "#eFe";  //light green
-		Save_File_button.style.backgroundColor = "";
-		Save_File_button.style.borderColor = "";
-		Save_File_button.style.borderWidth = "1px";
-		Save_File_button.disabled = "disabled";
-		Save_File_button.value = "Save";
-		Reset_button.disabled = "disabled";
-		//File_textarea.focus();
-	}
-
-
-	window.onbeforeunload = function() {
-		if ( changed && !submitted) { 
-			//FF4+ Ingores the supplied msg below & only uses a system msg for the prompt.
-			return "               Unsaved changes will be lost!";
-		}
-	}
-
-
-	window.onunload = function() {
-		//without this, a browser back then forward would reload file with local/
-		// unsaved changes, but with a green b/g as tho that's the file's contents.
-		if (!submitted) {
-			File_textarea.value = start_value;
-			Reset_file_status_indicators();
-		}
-	}
-
-
-	//With selStart & selEnd == 0, moves cursor to start of text field.
-	function setSelRange(inputEl, selStart, selEnd) { 
-		if (inputEl.setSelectionRange) { 
-			inputEl.focus(); 
-			inputEl.setSelectionRange(selStart, selEnd); 
-		} else if (inputEl.createTextRange) { 
-			var range = inputEl.createTextRange(); 
-			range.collapse(true); 
-			range.moveEnd('character', selEnd); 
-			range.moveStart('character', selStart); 
-			range.select(); 
-		} 
-	}
-
-
-	function Check_for_changes(event){
-		var keycode=event.keyCode? event.keyCode : event.charCode;
-		changed = (File_textarea.value != start_value);
-		if (changed){
-			document.getElementById('message').innerHTML = " "; // Must have a space, or it won't clear the msg.
-			File_textarea.style.backgroundColor = "#Fee";  //light red
-			Save_File_button.style.backgroundColor ="#Fee";
-			Save_File_button.style.borderColor = "#F44";   //less light red
-			Save_File_button.style.borderWidth = "1px";
-			Save_File_button.disabled = "";
-			Reset_button.disabled = "";
-			Save_File_button.value = "SAVE CHANGES!";
-		}else{
-			Reset_file_status_indicators()
-		}
-	}
-
-
-	//Reset textarea value to when page was loaded.
-	//Used by [Reset] button, and when page unloads (browser back, etc). 
-	//Needed becuase if the page is reloaded (ctl-r, or browser back/forward, etc.), 
-	//the text stays changed, but "changed" gets set to false, which looses warning.
-	function Reset_File() {
-		if (changed) {
-			if ( !(confirm("Reset file and loose unsaved changes?")) ) { return; }
-		}
-		File_textarea.value = start_value;
-		Reset_file_status_indicators();
-		setSelRange(File_textarea, 0, 0) //MOve cursor to start of textarea.
-	}
-	
-	
-	Reset_file_status_indicators()
-	</script>
-	<?php } //end if editable, include this <script>...</script>
+	<?php } //end if editable ?>
 
-}; //End Edit page ***********************************************************?>
+<?php }; //End Edit page *****************************************************?>
 
 
 
@@ -905,7 +899,7 @@ function list_view() {
 	<p class="front_links">
 		<a href="<?php echo $ONESCRIPT.'?p=upload&amp;i='.$varvar; ?>" class="upload">Upload File</a>
 		<a href="<?php echo $ONESCRIPT.'?p=new&amp;i='.$varvar; ?>"    class="new">New File</a>
-		<a href="<?php echo $ONESCRIPT.'?p=folder&amp;i='.$varvar; ?>" class="newfolder">New Folder</a>
+		<a href="<?php echo $ONESCRIPT.'?p=newfolder&amp;i='.$varvar; ?>" class="newfolder">New Folder</a>
 		<?php if ($varvar !== "") { ?>
 			<a href="<?php echo $ONESCRIPT.'?p=renamefolder&amp;i='.$varvar; ?>" class="renamefolder">
 			Rename Folder</a>
@@ -967,7 +961,7 @@ function list_view() {
 
 
 <?PHP // NEW FOLDER ************************************************************
-if ($page == "folder") {
+if ($page == "newfolder") {
 	$varvar = "";
 	if (isset($_GET["i"])) { $varvar = "?i=".$_GET["i"]; }?>
 	<h2>New Folder</h2>
@@ -1023,8 +1017,8 @@ function list_view() {
 			<input type="text" name="dummy" value="<?php echo $_GET["i"]; ?>" class="textinput" disabled="disabled">
 		</p>
 		<p>
-			<label for="rename_foldername">New name:</label>
-			<input type="text" name="rename_foldername" id="rename_foldername" class="textinput" value="<?php echo $_GET["i"]; ?>">
+			<label for="new_foldername">New name:</label>
+			<input type="text" name="new_foldername" id="new_foldername" class="textinput" value="<?php echo $_GET["i"]; ?>">
 		</p>
 		<p><?php Cancel_Submit_Buttons("Rename"); ?></p>
 	</form>
diff --git a/readme.markdown b/readme.markdown
old mode 100644
new mode 100755
index 2ae5f5f..257e7ac
--- a/readme.markdown
+++ b/readme.markdown
@@ -111,9 +111,9 @@ It isn't entirely necessary, but it does provide nice enhancements, like warning
 
 ## Change Log
 
-### 1.2.4
+### 1.2.4 - 1.2.8
 
-- Mostly a bunch of code modifications/improvements.
+- Mostly just a bunch of code modifications/improvements.
 
 ### 1.2.3
 
@@ -216,8 +216,6 @@ To report a bug or request a feature, please file an issue via Github. Forks enc
 
 - With Chrome, and possibly Safari, issue with Edit page: Clicking browser [back] & then browser [forward],  with file changed and not saved. On return (after [forward] clicked), file still has changes, but indicators are green (saved/unchanged). Does not affect FF 7+ or IE 8+.
 - Prompt to prevent automatic overwrite when uploading or renaming files.
-- Clickable option to switch between original OneFileCMS view and a common list view.
-  (Currently accomplished with a config variable.)
 - Embed css and remove or swtich to svg icons to create a true "OneFileCMS"
   (in the works)
 - Check size of file to upload, verify under max post/upload limits.

From 923e11f5648bc148fbfaa4c07ad1df5d7ce7eead Mon Sep 17 00:00:00 2001
From: Self-Evident <selfevidenttruths@mail.com>
Date: Tue, 8 May 2012 20:46:04 -0400
Subject: [PATCH 058/228] Version 1.2.9 Copy File page, "simplified" how $slug
 is generated. Buttons on Edit page- removed unused name attributes. Use id if
 needed. Edit page- cleaned up a tiny bit. Copy File, Delete Folder, Edit, New
 File, New Folder, Rename File   - adjusted how $varvar is determined.
 Corrected/normalized form action url among pages.

---
 onefilecms.php | 59 +++++++++++++++++++++++++++-----------------------
 1 file changed, 32 insertions(+), 27 deletions(-)

diff --git a/onefilecms.php b/onefilecms.php
index 3f41aca..dc7ed90 100755
--- a/onefilecms.php
+++ b/onefilecms.php
@@ -2,7 +2,7 @@
 // OneFileCMS - http://onefilecms.com/
 // For license & copyright info, see OneFileCMS.License.BSD.txt
 
-$version = "1.2.8";
+$version = "1.2.9";
 
 
 if( phpversion() < '5.0.0' ) { exit("OneFileCMS requires PHP5 to operate. Please contact your host to upgrade your PHP installation."); };
@@ -670,11 +670,15 @@ function Reset_File() {
 <?php
 // COPY FILE *******************************************************************
 if ($page == "copy") { 
-	$extension = strrchr($filename, ".");
-	$slug = substr($filename, 0, strlen($filename) - strlen($extension));
-	$varvar = "?i=".substr($_GET["c"],0,strrpos($_GET["c"],"/")); ?>
+
+	$extension    = strrchr($filename, ".");
+	$slug         = dirname($filename).'/'.pathinfo($filename,PATHINFO_FILENAME);
+	$varvar       = "?i=".dirname($_GET["c"]);
+	$new_filename = $slug."_COPY_".date("YmdHi").$extension;
+?>
 	<h2>Copy &ldquo;<a href="/<?php echo $filename; ?> "> <?php echo $filename; ?> </a> &rdquo;</h2>
-	<p>Existing files with the same filename are automatically overwritten... Be careful!</p>
+	<p><b>( ! )</b> Existing files with the same filename are automatically overwritten... Be careful!</p>
+
 	<form method="post" id="new" action="<?php echo $ONESCRIPT.$varvar; ?>">
 		<input type="hidden" name="sessionid" value="<?php echo session_id(); ?>">
 		<p>
@@ -684,7 +688,8 @@ function Reset_File() {
 		</p>
 		<p>
 			<label for="copy_filename">New filename:</label>
-			<input type="text" name="copy_filename" id="copy_filename" class="textinput" value="<?php echo $slug."_".date("mdyHi").$extension; ?>">
+			<input type="text" name="copy_filename" id="copy_filename" 
+			       class="textinput" value="<?php echo $new_filename; ?>">
 		</p>
 		<p>	<?php Cancel_Submit_Buttons("Copy"); ?>	</p>
 	</form>
@@ -734,24 +739,23 @@ function Reset_File() {
 <?php // EDIT ******************************************************************
 if ($page == "edit") {
 
+	$varvar = '?f='.$filename;
 	$ext = end( explode(".", strtolower($filename)) );
 ?>
 	<h2 id="edit_header">File: &ldquo;<a href="/<?php echo $filename; ?>"> 
 	<?php echo $filename; ?> 
 	</a>&rdquo;</h2>
 
-	<form id="edit_form" name="edit_form" method="post" action="<?php echo $ONESCRIPT.'?f='.$filename; ?>">
-
+	<form id="edit_form" name="edit_form" method="post" action="<?php echo $ONESCRIPT.$varvar; ?>">
 		<p class="file_meta">
 		<span class="meta_size">Size<b>: </b> <?php echo number_format(filesize($filename)); ?> bytes</span> &nbsp; &nbsp; 
 		<span class="meta_time">Updated<b>: </b><script>FileTimeStamp(<?php echo filemtime($filename); ?>, 1);</script></span><br>
 		</p>
-		
 		<input type="hidden" name="sessionid" value="<?php echo session_id(); ?>">
 		<?php Close_Button("close"); ?><div style="clear:both;"></div>
 		
-		<?php function show_textarea(){ global $filename, $filecontent, $ext, $config_editable;
-			if (strpos($config_editable,$ext) === false) {
+		<?php if (strpos($config_itypes,$ext) === false) { //If non-image, show textarea
+			if (strpos($config_editable,$ext) === false) { //
 			?>	<p>
 				<textarea name="content" class="textinput disabled" cols="70" rows="25" disabled="disabled">Non-text or unkown file type. Edit disabled.
 				</textarea>
@@ -761,17 +765,15 @@ function Reset_File() {
 				<input type="hidden" name="filename" id="filename" class="textinput" value="<?php echo $filename; ?>">
 				<textarea id="file_content" onkeyup="Check_for_changes(event);" name="content" class="textinput" cols="70" rows="25"><?php echo $filecontent; ?></textarea>
 				</p>
-			<?php } //end if-else?>	
-		<?php  } //show_textarea() ?>
-		
-		<?php if (strpos($config_itypes,$ext) === false) { show_textarea(); } ?>
+			<?php } //end if editable ?>	
+		<?php  } //end if non-image, show textarea ?>
 		
 		<p class="buttons_right">
-		<input type="submit" class="button" name="save_file" id="save_file" value="Save"  onclick="submitted = true;">
-		<input type="button" class="button" id="reset"  value="Reset - loose changes" onclick="Reset_File()">
-		<input type="button" class="button" name="rename_file" value="Rename/Move" onclick="parent.location='<?php echo $ONESCRIPT.'?r='.$filename; ?>'">
-		<input type="button" class="button" name="delete_file" value="Delete"      onclick="parent.location='<?php echo $ONESCRIPT.'?d='.$filename; ?>'">
-		<input type="button" class="button" name="copy_file"   value="Copy"        onclick="parent.location='<?php echo $ONESCRIPT.'?c='.$filename; ?>'">
+		<input type="submit" class="button" value="Save"                  onclick="submitted = true;" id="save_file">
+		<input type="button" class="button" value="Reset - loose changes" onclick="Reset_File()"      id="reset">
+		<input type="button" class="button" value="Rename/Move"           onclick="parent.location='<?php echo $ONESCRIPT.'?r='.$filename; ?>'">
+		<input type="button" class="button" value="Delete"                onclick="parent.location='<?php echo $ONESCRIPT.'?d='.$filename; ?>'">
+		<input type="button" class="button" value="Copy"                  onclick="parent.location='<?php echo $ONESCRIPT.'?c='.$filename; ?>'">
 		<?php Close_Button(""); ?>
 		</p>
 	</form>
@@ -944,10 +946,11 @@ function list_view() {
 <?php // NEW FILE **************************************************************
 if ($page == "new") {
 	$varvar = "";
-	if (isset($_GET["i"])) { $varvar = "?i=".$_GET["i"]; }?>
+	if (isset($_GET["i"])) { $varvar = "?i=".$_GET["i"]; }
+?>
 		<h2>New File</h2>
 		<p>Existing files with the same name will not be overwritten.</p>
-		<form method="post" id="new" action="<?php echo $ONESCRIPT.substr_replace($varvar,"",-1); ?>">
+		<form method="post" id="new" action="<?php echo $ONESCRIPT.$varvar; ?>">
 			<input type="hidden" name="sessionid" value="<?php echo session_id(); ?>">
 			<p>
 				<label for="new_filename">New filename: </label>
@@ -963,10 +966,11 @@ function list_view() {
 <?PHP // NEW FOLDER ************************************************************
 if ($page == "newfolder") {
 	$varvar = "";
-	if (isset($_GET["i"])) { $varvar = "?i=".$_GET["i"]; }?>
+	if (isset($_GET["i"])) { $varvar = "?i=".$_GET["i"]; }
+?>
 	<h2>New Folder</h2>
 	<p>Existing folders with the same name will not be overwritten.</p>
-	<form method="post" action="<?php echo $ONESCRIPT.substr_replace($varvar,"",-1); ?>">
+	<form method="post" action="<?php echo $ONESCRIPT.$varvar; ?>">
 		<input type="hidden" name="sessionid" value="<?php echo session_id(); ?>">
 		<p>
 			<label for="new_folder">Folder name: </label>
@@ -981,12 +985,13 @@ function list_view() {
 
 <?php // RENAME FILE ***********************************************************
 if ($page == "rename") {
-	$varvar = "?i=".substr($_GET["r"],0,strrpos($_GET["r"],"/")); ?>
+	$varvar = "?i=".dirname($_GET["r"]);
+?>
 	<h2>Rename &ldquo;<a href="/<?php echo $filename; ?>">	<?php echo $filename; ?> </a>&rdquo;</h2>
-	<p>Existing files with the same filename are automatically overwritten... Be 
-	careful!</p>
+	<p>Existing files with the same filename are automatically overwritten... Be careful!</p>
 	<p>To move a file, preface its name with the folder's name, as in 
 	"<i>foldername/filename.txt</i>." The folder must already exist.</p>
+
 	<form method="post" action="<?php echo $ONESCRIPT.$varvar;	?>">
 		<input type="hidden" name="sessionid" value="<?php echo session_id(); ?>">
 		<p>

From f9858ec468c5b5f73b5cac38e7c7b1559deb4d62 Mon Sep 17 00:00:00 2001
From: Self-Evident <selfevidenttruths@mail.com>
Date: Thu, 10 May 2012 17:31:17 -0400
Subject: [PATCH 059/228] Version 1.3.0 Code for pages now in functions:  
 Login_Page(), Edit_Page(), Index_Page(), Upload_Page(), New_File_Page(),  
 Copy_File_Page(), Rename_File_Page(), Delete_File_Page(),
 Delete_Folder_Page()   New_Folder_Page(), Rename_Folder_Page()   -Overall,
 added a couple dozed lines to the code, but it's easier to manage. Added
 <script> after [Save] & [Reset] buttons to disable by default   (Other script
 enables when file changes)   (Using js to set attribute instead of directly
 in <input> tag in case no js.) Rearranged order of _Page functions a bit. 
 Because I wanted to. Fixed isssue with Upload/New/Rename/Copy/etc links on
 root of site when i=  (blank) Updated Readme.markdown

---
 onefilecms.css  |   2 +-
 onefilecms.php  | 917 +++++++++++++++++++++++++-----------------------
 readme.markdown |  10 +-
 3 files changed, 482 insertions(+), 447 deletions(-)

diff --git a/onefilecms.css b/onefilecms.css
index e83f15c..d12d6bf 100755
--- a/onefilecms.css
+++ b/onefilecms.css
@@ -1,5 +1,5 @@
 /* OneFileCMS - http://onefilecms.com/
- * Version 1.2.8
+ * Version 1.3.0
  * For license & copyright info, see OneFileCMS.License.BSD.txt 
  */ 
 
diff --git a/onefilecms.php b/onefilecms.php
index dc7ed90..b63f6e0 100755
--- a/onefilecms.php
+++ b/onefilecms.php
@@ -2,7 +2,7 @@
 // OneFileCMS - http://onefilecms.com/
 // For license & copyright info, see OneFileCMS.License.BSD.txt
 
-$version = "1.2.9";
+$version = "1.3.0";
 
 
 if( phpversion() < '5.0.0' ) { exit("OneFileCMS requires PHP5 to operate. Please contact your host to upgrade your PHP installation."); };
@@ -22,17 +22,17 @@
 $MAX_IMG_W   = 810;   // Max width to display images. (page container = 810)
 $MAX_IMG_H   = 1000;  // Max height.  I don't know, it just looks reasonable.
 
-$config_favicon   = "/favicon.ico";
+$config_favicon   = "/favicon.ico";
 $config_editable  = "html,htm,php,css,js,txt,text,cfg,conf,ini,csv,svg";
 $config_excluded  = ""; //files to exclude from directory listings
 $config_itypes    = "jpg,gif,png,bmp,ico";  // Can be displayed on edit page.
-$config_ftypes    = "jpg,gif,png,bmp,ico,svg,txt,cvs,css,php,htm,html,cfg,conf"; //used to select file icon
-$config_fclass    = "img,img,img,img,img,svg,txt,txt,css,php,htm,htm,cfg,cfg";   //used to select file icon
+$config_ftypes    = "jpg,gif,png,bmp,ico,svg,txt,cvs,css,php,htm,html,cfg,conf,js"; //used to select file icon
+$config_fclass    = "img,img,img,img,img,svg,txt,txt,css,php,htm,htm,cfg,cfg,txt";  //used to select file icon
 // END CONFIGURABLE INFO
 
 
 
-//Make arrays out of a couple $config_variables.  They are used in // Index .
+//Make arrays out of a few $config_variables.  They are used in Index_Page() .
 //Above, however, it's easier to config/change a simple string.
 $ftypes   = (explode(",", strtolower($config_ftypes)));
 $fclasses = (explode(",", strtolower($config_fclass)));
@@ -246,6 +246,7 @@ function show_favicon(){
 
 
 
+
 // DELETE FILE response code ***************************************************
 if (isset($_GET["d"])) {
 	$page = "delete"; $filename = $_GET["d"]; $pagetitle = "Delete";
@@ -264,6 +265,7 @@ function show_favicon(){
 
 
 
+
 // DELETE FOLDER response code *************************************************
 if ($_GET["p"] == "deletefolder") {
 	if (!is_empty($_GET["i"])){
@@ -287,6 +289,7 @@ function show_favicon(){
 
 
 
+
 // EDIT Page response code *****************************************************
 
 //*** If on Edit page, and [Save] clicked:
@@ -326,6 +329,7 @@ function show_favicon(){
 
 
 
+
 // NEW FILE response code ******************************************************
 if ($_GET["p"] == "new") {$pagetitle = "New File"; }
 if (isset($_POST["new_filename"]) && $_SESSION['onefilecms_valid'] = "1" && $_POST["sessionid"] == session_id()) {
@@ -344,6 +348,7 @@ function show_favicon(){
 
 
 
+
 // NEW FOLDER response code ****************************************************
 if ($_GET["p"] == "newfolder") {$pagetitle = "New Folder"; }
 if (isset($_POST["new_folder"]) && $_SESSION['onefilecms_valid'] = "1" && $_POST["sessionid"] == session_id()) {
@@ -362,6 +367,7 @@ function show_favicon(){
 
 
 
+
 // RENAME FILE response code ***************************************************
 if (isset($_GET["r"])) {
 	$filename = $_GET["r"];
@@ -384,6 +390,7 @@ function show_favicon(){
 
 
 
+
 // RENAME FOLDER response code *************************************************
 if ($_GET["p"] == "renamefolder") {$pagetitle = "Rename Folder"; }
 if (isset($_POST["new_foldername"]) && $_SESSION['onefilecms_valid'] = "1" && $_POST["sessionid"] == session_id()) {
@@ -410,6 +417,7 @@ function show_favicon(){
 
 
 
+
 // UPLOAD FILE response code ***************************************************
 if ($_GET["p"] == "upload") {$pagetitle = "Upload File"; }
 if (isset($_FILES['upload_filename']['name']) && $_SESSION['onefilecms_valid'] = "1" && $_POST["sessionid"] == session_id()) {
@@ -458,219 +466,255 @@ function show_favicon(){
 
 
 
+function Login_Page() { //******************************************************
+	global $ONESCRIPT;
+?>
+	<h2>Log In</h2>
+	<form method="post" action="<?php echo $ONESCRIPT; ?>">
+		<p>
+			<label for="onefilecms_username">Username:</label>
+			<input type="text" name="onefilecms_username" id="onefilecms_username" class="login_input">
+		</p>
+		<p>
+			<label for="onefilecms_password">Password:</label>
+			<input type="password" name="onefilecms_password" id="onefilecms_password" class="login_input">
+		</p>
+			
+		<input type="submit" class="button" value="Enter">
+	</form>
+	<script>document.getElementById('onefilecms_username').focus();</script>
+<?php } //end Login_Page() *****************************************************
 
 
 
 
 
-//******************************************************************************
-function time_stamp_scripts() {  ?>
+function list_files() { // ...in a vertical table ******************************
+	
+global $ONESCRIPT, $varvar, $config_excluded, $ftypes, $fclasses;
+	
+$files = glob($varvar."{,.}*", GLOB_BRACE);
+natcasesort($files);
+
+echo '<table class="index_T">';
+	foreach ($files as $file) {
+		$fc++;
+		$excludeme = 0;
+		$config_excludeds = explode(",", $config_excluded);
+			
+		foreach ($config_excludeds as $config_exclusion) {
+			if (strrpos(basename($file),$config_exclusion) !== False && 
+			strrpos(basename($file),$config_exclusion) !== "") { 
+				$excludeme = 1;
+			}
+		}
 
-<script>//Dispaly file's timestamp in user's local time 
+		if (!is_dir($file) && $excludeme == 0) {
+			
+			//Determine file type & set cooresponding class.
+			$file_class = "";
+			$ext = end( explode(".", strtolower($file)) );
+			
+			for ($x=0; $x < count($ftypes); $x++ ){
+				if ($ext == $ftypes[$x]){ $file_class = $fclasses[$x]; } 
+			}
+?>
+			<tr>
+				<td>
+					<?php echo "<a href='", $ONESCRIPT, "?f=", $file, "'"; ?>
+					<?php echo 'class="',  $file_class, '">', basename($file), '</a>'; ?>
+				</td>
+				<td class="meta_T meta_size">&nbsp;
+					<?php echo number_format(filesize($file)).""; ?> B
+				</td>
+				<td class="meta_T meta_time"> &nbsp;
+					<script>FileTimeStamp(<?php echo filemtime($file); ?>);</script>
+				</td>
+			</tr>
+<?php 
+		}//end if !is_dir
+	}//end foreach file
+echo '</table>';
+}//end list_files() ************************************************************
 
-function pad(num){ 
-	if ( num < 10 ){ num = "0" + num; }
-	return num
-}
 
 
-function FileTimeStamp(php_filemtime, show_offset){
 
-	//php's filemtime returns seconds, javascript's date() uses milliseconds.
-	var FileMTime = php_filemtime * 1000; 
 
-	var TIMESTAMP  = new Date(FileMTime);
-	var YEAR  = TIMESTAMP.getFullYear();
-	var	MONTH = pad(TIMESTAMP.getMonth() + 1);
-	var DATE  = pad(TIMESTAMP.getDate());
-	var HOURS = TIMESTAMP.getHours();
-	var MINS  = pad(TIMESTAMP.getMinutes());
-	var SECS  = pad(TIMESTAMP.getSeconds());
+function Index_Page(){ //*******************************************************
+	global $ONESCRIPT, $varvar, $config_excluded, $ftypes, $fclasses;
+	$varvar = ""; //must be global - also used in list_files()
+	if (isset($_GET["i"])) { $varvar = $_GET["i"]."/"; }
 
-	if( HOURS < 12){ AMPM = "am"; }
-	else           { AMPM = "pm"; HOURS = HOURS - 12; }
-	HOURS = pad(HOURS);
+ 	// Current path. ie: docroot/current/path/ 
+	// Each level is a link to that level.
+	echo '<h2>';
+		$full_path = basename(getcwd());
+		if (isset($_GET["i"])) { $full_path = basename(getcwd()).'/'.$_GET["i"]; }
 
-	var GMT_offset = -(TIMESTAMP.getTimezoneOffset()); //Yes, I know - seems wrong, but it's works.
+		$path_levels = explode("/",$full_path);
+		$levels = count($path_levels); //If levels=3, indexes = 0, 1, 2  etc...
 
-	if (GMT_offset < 0) { NEG=-1; SIGN="-"; } else { NEG=1; SIGN="+"; } 
+		//docroot folder of site
+		if ($_GET["i"] == "") { 
+			echo $path_levels[0].' /'; // if at root, no need for link.
+		} else {
+			echo '<a href="'.$ONESCRIPT.'" class="path"> '.$path_levels[0].' </a>/';
+		}
 
-	var offset_HOURS = Math.floor(NEG*GMT_offset/60);
-	var offset_MINS  = pad( NEG * GMT_offset % 60 );
-	var offset_FULL  = "UTC " + SIGN + offset_HOURS + ":" + offset_MINS;
+		//Remainder of current/path
+		for ($x=1; $x < $levels; $x++) {
+			if ($x !== 1){ $current_path .= '/'; }
+			$current_path = $current_path.$path_levels[$x];
+			echo '<a href="'.$ONESCRIPT.'?i='.$current_path.'" class="path"> ';
+			echo ' '.$path_levels[$x]." </a>/";
+		}
+	?></h2>
 
-	if (show_offset){ var DATETIME = YEAR+"-"+MONTH+"-"+DATE+" &nbsp;"+HOURS+":"+MINS+" "+AMPM+" ("+offset_FULL+")"; }
-	else            { var DATETIME = YEAR+"-"+MONTH+"-"+DATE+" &nbsp;"+HOURS+":"+MINS+" "+AMPM; }
+	<!--==== List folders/sub-directores ====-->
+	<p class="index_folders">
+		<?php
+		$folders = glob($varvar."*",GLOB_ONLYDIR);
+		natcasesort($folders);
+		foreach ($folders as $folder) {
+			echo '<a href="'.$ONESCRIPT.'?i='.$folder.'" class="index_folder">';
+
+			echo basename($folder).' /</a>';
+		} ?>
+	</p>
+
+	<?php list_files(); //******************* ?>
 	
-	document.write( DATETIME );
+	<!-- Upload/New/Rename/Copy/etc... links -->
+	<p class="front_links">
+		<a href="<?php echo $ONESCRIPT.'?p=upload&amp;i='.$varvar; ?>"    class="upload">Upload File</a>
+		<a href="<?php echo $ONESCRIPT.'?p=new&amp;i='.$varvar; ?>"       class="new">New File</a>
+		<a href="<?php echo $ONESCRIPT.'?p=newfolder&amp;i='.$varvar; ?>" class="newfolder">New Folder</a>
+		<?php if ($varvar !== "") { ?>
+			<a href="<?php echo $ONESCRIPT.'?p=renamefolder&amp;i='.$varvar; ?>" class="renamefolder">
+			Rename Folder</a>
+			<a href="<?php echo $ONESCRIPT.'?p=deletefolder&amp;i='.$varvar; ?>" class="deletefolder">
+			Delete Folder</a>
+		<?php } ?>
+	</p>
+<?php
+}//end Index_Page()*************************************************************
 
-}//end FileTimeStamp(php_filemtime)
-</script>
-<?php }//end time_stamp_scripts() **********************************************
 
 
 
 
-function Edit_Page_javascript() { //********************************************
+
+function Edit_Page() { //*******************************************************
+	global $ONESCRIPT, $varvar, $filename, $filecontent, $config_editable, $config_itypes;
+	$varvar = '?f='.$filename;
+	$ext = end( explode(".", strtolower($filename)) );
 ?>
-	<!--======== Provide feedback re: unsaved changes ========-->
-	<script>
-	    
-	var File_textarea    = document.getElementById('file_content');
-	var Save_File_button = document.getElementById('save_file');
-	var Reset_button     = document.getElementById('reset');
+	<h2 id="edit_header">File: &ldquo;<a href="/<?php echo $filename; ?>"> 
+	<?php echo $filename; ?> 
+	</a>&rdquo;</h2>
 
-	var start_value = File_textarea.value;
-	var submitted   = false
-	var changed     = false;
+	<form id="edit_form" name="edit_form" method="post" action="<?php echo $ONESCRIPT.$varvar; ?>">
+		<p class="file_meta">
+		<span class="meta_size">Size<b>: </b> <?php echo number_format(filesize($filename)); ?> bytes</span> &nbsp; &nbsp; 
+		<span class="meta_time">Updated<b>: </b><script>FileTimeStamp(<?php echo filemtime($filename); ?>, 1);</script></span><br>
+		</p>
+		<input type="hidden" name="sessionid" value="<?php echo session_id(); ?>">
+		<?php Close_Button("close"); ?><div style="clear:both;"></div>
+		
+		<?php if (strpos($config_itypes,$ext) === false) { //If non-image, show textarea
+			if (strpos($config_editable,$ext) === false) { //
+			?>	<p>
+				<textarea id="disabled_content" class="textinput disabled" cols="70" rows="3" disabled="disabled">Non-text or unkown file type. Edit disabled.</textarea>
+				</p>
+			<?php } else { ?>
+				<p>
+				<input type="hidden" name="filename" id="filename" class="textinput" value="<?php echo $filename; ?>">
+				<textarea id="file_content" onkeyup="Check_for_changes(event);" name="content" class="textinput" cols="70" rows="25"><?php echo $filecontent; ?></textarea>
+				</p>
+			<?php } //end if editable ?>	
+		<?php  } //end if non-image, show textarea ?>
+		
+		<p class="buttons_right">
+		<input type="submit" class="button" value="Save"                  onclick="submitted = true;" id="save_file">
+		<input type="button" class="button" value="Reset - loose changes" onclick="Reset_File()"      id="reset">
+		<script>
+			document.getElementById('save_file').disabled = "disabled";
+			document.getElementById('reset').disabled     = "disabled";
+		</script>
+		<input type="button" class="button" value="Rename/Move"           onclick="parent.location='<?php echo $ONESCRIPT.'?r='.$filename; ?>'">
+		<input type="button" class="button" value="Delete"                onclick="parent.location='<?php echo $ONESCRIPT.'?d='.$filename; ?>'">
+		<input type="button" class="button" value="Copy"                  onclick="parent.location='<?php echo $ONESCRIPT.'?c='.$filename; ?>'">
+		<?php Close_Button(""); ?>
+		</p>
+	</form>
+	<div style="clear:both;"></div>
 
+	<?php if (strpos($config_itypes,$ext) !== false) { show_image(); } ?>
 
+	<?php if (strpos($config_editable,$ext) !== false) { //if editable file..?>
+		<?php Edit_Page_javascript(); ?>
+		<div id="edit_note">
+		NOTE: On some browsers, such as Chrome, if you click the browser [Back] then browser [Forward] (or vice versa), the file state may not be accurate.  To correct, click the browser's [Reload].
+		</div>
+	<?php } //end if editable ?>
 
-	// The following events only apply when the element is active.
-	// [Save] is disabled unless there are changes to the open file.
-	Save_File_button.onfocus = function() {Save_File_button.style.backgroundColor = "rgb(255,250,150)";}
-	Save_File_button.onblur  = function() {Save_File_button.style.backgroundColor ="#Fee";}
-	Save_File_button.onmouseover = function() {Save_File_button.style.backgroundColor = "rgb(255,250,150)";}
-	Save_File_button.onmouseout  = function() {Save_File_button.style.backgroundColor = "#Fee";}
+<?php }; //End Edit_Page *******************************************************
 
 
 
-	function Reset_file_status_indicators() {
-		changed = false;
-		File_textarea.style.backgroundColor = "#eFe";  //light green
-		Save_File_button.style.backgroundColor = "";
-		Save_File_button.style.borderColor = "";
-		Save_File_button.style.borderWidth = "1px";
-		Save_File_button.disabled = "disabled";
-		Save_File_button.value = "Save";
-		Reset_button.disabled = "disabled";
-		//File_textarea.focus();
-	}
 
 
-	window.onbeforeunload = function() {
-		if ( changed && !submitted) { 
-			//FF4+ Ingores the supplied msg below & only uses a system msg for the prompt.
-			return "               Unsaved changes will be lost!";
-		}
-	}
 
+function Upload_Page() { //*****************************************************
+	global $ONESCRIPT, $varvar;
+	$varvar = ""; if (isset($_GET["i"])) { $varvar = "?i=".$_GET["i"]; }
+?>
+	<h2>Upload</h2>
+	<form enctype="multipart/form-data" action="<?php echo $ONESCRIPT.$varvar; ?>" method="post">
+		<input type="hidden" name="sessionid" value="<?php echo session_id(); ?>">
+		<input type="hidden" name="MAX_FILE_SIZE" value="100000">
+		<p>
+			<label for="upload_destination">Destination:</label>
+			<input type="text" name="upload_destination" value="<?php echo $_GET["i"]; ?>/" class="textinput">
+		</p>
+		<p>
+			<label for="upload_filename">File:</label>
+			<input name="upload_filename" type="file" size="93">
+		</p>
+		<p><?php Cancel_Submit_Buttons("Upload"); ?></p>
+	</form>
+<?php } //end Upload_Page() ****************************************************
 
-	window.onunload = function() {
-		//without this, a browser back then forward would reload file with local/
-		// unsaved changes, but with a green b/g as tho that's the file's contents.
-		if (!submitted) {
-			File_textarea.value = start_value;
-			Reset_file_status_indicators();
-		}
-	}
 
 
-	//With selStart & selEnd == 0, moves cursor to start of text field.
-	function setSelRange(inputEl, selStart, selEnd) { 
-		if (inputEl.setSelectionRange) { 
-			inputEl.focus(); 
-			inputEl.setSelectionRange(selStart, selEnd); 
-		} else if (inputEl.createTextRange) { 
-			var range = inputEl.createTextRange(); 
-			range.collapse(true); 
-			range.moveEnd('character', selEnd); 
-			range.moveStart('character', selStart); 
-			range.select(); 
-		} 
-	}
 
 
-	function Check_for_changes(event){
-		var keycode=event.keyCode? event.keyCode : event.charCode;
-		changed = (File_textarea.value != start_value);
-		if (changed){
-			document.getElementById('message').innerHTML = " "; // Must have a space, or it won't clear the msg.
-			File_textarea.style.backgroundColor = "#Fee";  //light red
-			Save_File_button.style.backgroundColor ="#Fee";
-			Save_File_button.style.borderColor = "#F44";   //less light red
-			Save_File_button.style.borderWidth = "1px";
-			Save_File_button.disabled = "";
-			Reset_button.disabled = "";
-			Save_File_button.value = "SAVE CHANGES!";
-		}else{
-			Reset_file_status_indicators()
-		}
-	}
-
-
-	//Reset textarea value to when page was loaded.
-	//Used by [Reset] button, and when page unloads (browser back, etc). 
-	//Needed becuase if the page is reloaded (ctl-r, or browser back/forward, etc.), 
-	//the text stays changed, but "changed" gets set to false, which looses warning.
-	function Reset_File() {
-		if (changed) {
-			if ( !(confirm("Reset file and loose unsaved changes?")) ) { return; }
-		}
-		File_textarea.value = start_value;
-		Reset_file_status_indicators();
-		setSelRange(File_textarea, 0, 0) //MOve cursor to start of textarea.
-	}
-	
-	
-	Reset_file_status_indicators()
-	</script>
-
-<?php }//End Edit_Page_javascript() ********************************************
+function New_File_Page() { //***************************************************
+	global $ONESCRIPT, $varvar;
+	$varvar = "";
+	if (isset($_GET["i"])) { $varvar = "?i=".$_GET["i"]; }
+?>
+		<h2>New File</h2>
+		<p>Existing files with the same name will not be overwritten.</p>
+		<form method="post" id="new" action="<?php echo $ONESCRIPT.$varvar; ?>">
+			<input type="hidden" name="sessionid" value="<?php echo session_id(); ?>">
+			<p>
+				<label for="new_filename">New filename: </label>
+				<input type="text" name="new_filename" id="new_filename" class="textinput" value="<?php echo $_GET["i"]; ?>/">
+			</p>
+			<p>	<?php Cancel_Submit_Buttons("Create"); ?> </p>
+		</form>
+<?php
+}//end New_File_Page()**********************************************************
 
 
 
 
 
-
-//******************************************************************************
-//******************************************************************************
-?><!DOCTYPE html>
-
-<html>
-<head>
-
-<title><?php echo $config_title.' - '.$pagetitle; ?></title>
-
-<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
-<meta name="robots" content="noindex">
-
-<?php //style_sheet(); ?>
-<link href="<?php echo $config_style_sheet;?>" type="text/css" rel="stylesheet">
-
-<?php if ( ($page == "index") || ($page == "edit") ) { time_stamp_scripts(); } ?>
-
-</head>
-
-<body class="page_<?php echo $page; ?>">
-
-<div class="container">
-
-<div class="header">
-	<?php echo '<a href="', $ONESCRIPT, '" id="logo">', $config_title; ?></a>
-	<?php echo $version; ?>
+function Copy_File_Page(){ //***************************************************
+	global $ONESCRIPT, $varvar, $filename;
 	
-	<?php if ((isset($_SESSION['onefilecms_valid'])) && ($_SESSION['onefilecms_valid'] == "1")) { ?>
-		<div class="nav">
-			<a href="/"><?php show_favicon(); ?>&nbsp; 
-			<b><?php echo $WEBSITE; ?>/</b>  &nbsp;- &nbsp;
-			Visit Site</a> |
-			<a href="<?php echo $ONESCRIPT; ?>?p=logout">Log Out</a>
-		</div>
-	<?php } ?>
-</div><!-- end header -->
-
-
-<?php message_box(); ?>
-
-
-
-
-
-<?php
-// COPY FILE *******************************************************************
-if ($page == "copy") { 
-
 	$extension    = strrchr($filename, ".");
 	$slug         = dirname($filename).'/'.pathinfo($filename,PATHINFO_FILENAME);
 	$varvar       = "?i=".dirname($_GET["c"]);
@@ -693,18 +737,46 @@ class="textinput" value="<?php echo $new_filename; ?>">
 		</p>
 		<p>	<?php Cancel_Submit_Buttons("Copy"); ?>	</p>
 	</form>
-<?php }; ?>
+<?php }//end Copy_File_Page() **************************************************
 
 
 
 
 
-<?php // DELETE FILE ***********************************************************
-if ($page == "delete") {
-	$varvar = '?i='.dirname($_GET["d"]); 
+function Rename_File_Page() { //************************************************
+	global $ONESCRIPT, $varvar, $filename;
+	$varvar = "?i=".dirname($_GET["r"]);
+?>
+	<h2>Rename &ldquo;<a href="/<?php echo $filename; ?>">	<?php echo $filename; ?> </a>&rdquo;</h2>
+	<p>Existing files with the same filename are automatically overwritten... Be careful!</p>
+	<p>To move a file, preface its name with the folder's name, as in 
+	"<i>foldername/filename.txt</i>." The folder must already exist.</p>
 
-?>	<h2>Delete &ldquo;<a href="/<?php echo $filename; ?> ">
-	<?php echo $filename; ?></a>&rdquo;</h2>
+	<form method="post" action="<?php echo $ONESCRIPT.$varvar;	?>">
+		<input type="hidden" name="sessionid" value="<?php echo session_id(); ?>">
+		<p>
+			<label>Old filename:</label>
+			<input type="hidden" name="old_filename" value="<?php echo $filename; ?>">
+			<input type="text" name="dummy" value="<?php echo $filename; ?>" class="textinput" disabled="disabled">
+		</p>
+		<p>
+			<label for="rename_filename">New filename:</label>
+			<input type="text" name="rename_filename" id="rename_filename" class="textinput" value="<?php echo $filename; ?>">
+		</p>
+		<p><?php Cancel_Submit_Buttons("Rename"); ?></p>
+	</form>
+<?php } //end Rename_File_Page() ***********************************************
+
+
+
+
+
+function Delete_File_Page() { //************************************************
+	global $ONESCRIPT, $varvar, $filename;
+	$varvar = '?i='.dirname($_GET["d"]); 
+?>
+	<h2>Delete &ldquo;<a href="/<?php echo $filename; ?>">
+	<?php echo $filename; ?></a> &rdquo; ?</h2>
 	<p>Are you sure?</p>
 
 	<form method="post" action="<?php echo $ONESCRIPT.$varvar; ?>">
@@ -714,355 +786,312 @@ class="textinput" value="<?php echo $new_filename; ?>">
 			<?php Cancel_Submit_Buttons("DELETE"); ?>
 		</p>
 	</form>
-<?php }; ?>
+<?php } //end Delete_File_Page() ***********************************************
 
 
 
 
-<?php // DELETE FOLDER *********************************************************
-if ($page == "deletefolder") {
-	$varvar = "?i=".substr($_GET["i"],0,strrpos(substr_replace($_GET["i"],"",-1),"/"));
 
-?>	<h2>Delete Folder &nbsp;&ldquo; <?php echo $_GET["i"]; ?>/ &rdquo; &nbsp;?</h2>
+function New_Folder_Page() { //*************************************************
+	global $ONESCRIPT, $varvar;
+	$varvar = "";
+	if (isset($_GET["i"])) { $varvar = "?i=".$_GET["i"]; }
+?>
+	<h2>New Folder</h2>
+	<p>Existing folders with the same name will not be overwritten.</p>
 	<form method="post" action="<?php echo $ONESCRIPT.$varvar; ?>">
 		<input type="hidden" name="sessionid" value="<?php echo session_id(); ?>">
 		<p>
-		<input type="hidden" name="delete_foldername" value="<?php echo $_GET["i"]; ?>">
-		<?php Cancel_Submit_Buttons("DELETE"); ?>
+			<label for="new_folder">Folder name: </label>
+			<input type="text" name="new_folder" id="new_folder" class="textinput" value="<?php echo $_GET["i"]; ?>/">
 		</p>
+		<p>	<?php Cancel_Submit_Buttons("Create"); ?> </p>
 	</form>
-<?php }; ?>
+<?php } // end New_Folder_Page() ***********************************************
 
 
 
 
-<?php // EDIT ******************************************************************
-if ($page == "edit") {
 
-	$varvar = '?f='.$filename;
-	$ext = end( explode(".", strtolower($filename)) );
+function Rename_Folder_Page() { //**********************************************
+	global $ONESCRIPT, $varvar;
+	$varvar = '?i='.$_GET["i"];
 ?>
-	<h2 id="edit_header">File: &ldquo;<a href="/<?php echo $filename; ?>"> 
-	<?php echo $filename; ?> 
-	</a>&rdquo;</h2>
-
-	<form id="edit_form" name="edit_form" method="post" action="<?php echo $ONESCRIPT.$varvar; ?>">
-		<p class="file_meta">
-		<span class="meta_size">Size<b>: </b> <?php echo number_format(filesize($filename)); ?> bytes</span> &nbsp; &nbsp; 
-		<span class="meta_time">Updated<b>: </b><script>FileTimeStamp(<?php echo filemtime($filename); ?>, 1);</script></span><br>
+	<h2>Rename Folder &ldquo;<?php echo $_GET["i"]; ?>&rdquo;</h2>
+	<form method="post" action="<?php echo $ONESCRIPT.$varvar; ?>">
+		<input type="hidden" name="sessionid" value="<?php echo session_id(); ?>">
+		<p>
+			<label>Old name:</label><input type="hidden" name="old_foldername" value="<?php echo $_GET["i"]; ?>">
+			<input type="text" name="dummy" value="<?php echo $_GET["i"]; ?>" class="textinput" disabled="disabled">
 		</p>
+		<p>
+			<label for="new_foldername">New name:</label>
+			<input type="text" name="new_foldername" id="new_foldername" class="textinput" value="<?php echo $_GET["i"]; ?>">
+		</p>
+		<p><?php Cancel_Submit_Buttons("Rename"); ?></p>
+	</form>
+<?php } //end Rename_Folder_Page() *********************************************
+
+
+
+
+
+function Delete_Folder_Page(){ //***********************************************
+	global $ONESCRIPT, $varvar;
+	$varvar = "?i=".dirname($_GET['i']);
+?>
+	<h2>Delete Folder &nbsp;&ldquo; <?php echo $_GET["i"]; ?>/ &rdquo; &nbsp;?</h2>
+	<form method="post" action="<?php echo $ONESCRIPT.$varvar; ?>">
 		<input type="hidden" name="sessionid" value="<?php echo session_id(); ?>">
-		<?php Close_Button("close"); ?><div style="clear:both;"></div>
-		
-		<?php if (strpos($config_itypes,$ext) === false) { //If non-image, show textarea
-			if (strpos($config_editable,$ext) === false) { //
-			?>	<p>
-				<textarea name="content" class="textinput disabled" cols="70" rows="25" disabled="disabled">Non-text or unkown file type. Edit disabled.
-				</textarea>
-				</p>
-			<?php } else { ?>
-				<p>
-				<input type="hidden" name="filename" id="filename" class="textinput" value="<?php echo $filename; ?>">
-				<textarea id="file_content" onkeyup="Check_for_changes(event);" name="content" class="textinput" cols="70" rows="25"><?php echo $filecontent; ?></textarea>
-				</p>
-			<?php } //end if editable ?>	
-		<?php  } //end if non-image, show textarea ?>
-		
-		<p class="buttons_right">
-		<input type="submit" class="button" value="Save"                  onclick="submitted = true;" id="save_file">
-		<input type="button" class="button" value="Reset - loose changes" onclick="Reset_File()"      id="reset">
-		<input type="button" class="button" value="Rename/Move"           onclick="parent.location='<?php echo $ONESCRIPT.'?r='.$filename; ?>'">
-		<input type="button" class="button" value="Delete"                onclick="parent.location='<?php echo $ONESCRIPT.'?d='.$filename; ?>'">
-		<input type="button" class="button" value="Copy"                  onclick="parent.location='<?php echo $ONESCRIPT.'?c='.$filename; ?>'">
-		<?php Close_Button(""); ?>
+		<p>
+		<input type="hidden" name="delete_foldername" value="<?php echo $_GET["i"]; ?>">
+		<?php Cancel_Submit_Buttons("DELETE"); ?>
 		</p>
 	</form>
-	<div style="clear:both;"></div>
+<?php } //end Delete_Folder_Page() //*******************************************
 
-	<?php if (strpos($config_itypes,$ext) !== false) { show_image(); } ?>
 
-	<?php if (strpos($config_editable,$ext) !== false) { //if editable file..?>
-		<?php Edit_Page_javascript(); ?>
-		<div id="edit_note">
-		NOTE: On some browsers, such as Chrome, if you click the browser [Back] then browser [Forward] (or vice versa), the file state may not be accurate.  To correct, click the browser's [Reload].
-		</div>
-	<?php } //end if editable ?>
 
-<?php }; //End Edit page *****************************************************?>
 
 
 
 
 
 
-<?php // INDEX *****************************************************************
-if ($page == "index") {
-	$varvar = "";
-	if (isset($_GET["i"])) { $varvar = $_GET["i"]."/"; }
 
- 	// Current path. ie: docroot/current/path/ 
-	// Each level is a link to that level.
-	echo '<h2>';
-		$full_path = basename(getcwd());
-		if (isset($_GET["i"])) { $full_path = basename(getcwd()).'/'.$_GET["i"]; }
+function Load_Selected_Page(){ //***********************************************
+	global $page;
+	if ($page == "login")        { Login_Page();         }
+	if ($page == "index")        { Index_Page();         }
+	if ($page == "edit")         { Edit_Page();          }
+	if ($page == "upload")       { Upload_Page();        }
+	if ($page == "new")          { New_File_Page();      }
+	if ($page == "copy")         { Copy_File_Page();     }
+	if ($page == "rename")       { Rename_File_Page();   }
+	if ($page == "delete")       { Delete_File_Page();   }
+	if ($page == "newfolder")    { New_Folder_Page();    }
+	if ($page == "renamefolder") { Rename_Folder_Page(); }
+	if ($page == "deletefolder") { Delete_Folder_Page(); }
+}//end Load_Selected_Page() ****************************************************
 
-		$path_levels = explode("/",$full_path);
-		$levels = count($path_levels); //If levels=3, indexes = 0, 1, 2  etc...
 
-		//docroot folder of site
-		if ($_GET["i"] == "") { 
-			echo $path_levels[0].' /'; // if at root, no need for link.
-		} else {
-			echo '<a href="'.$ONESCRIPT.'" class="path"> '.$path_levels[0].' </a>/';
-		}
 
-		//Remainder of current/path
-		for ($x=1; $x < $levels; $x++) {
-			if ($x !== 1){ $current_path .= '/'; }
-			$current_path = $current_path.$path_levels[$x];
-			echo '<a href="'.$ONESCRIPT.'?i='.$current_path.'" class="path"> ';
-			echo ' '.$path_levels[$x]." </a>/";
-		}
-	?></h2>
 
 
-	<!--===== List folders/sub-directores =====-->
-	<p class="index_folders">
-		<?php
-		$folders = glob($varvar."*",GLOB_ONLYDIR);
-		natcasesort($folders);
-		foreach ($folders as $folder) {
-			echo '<a href="'.$ONESCRIPT.'?i='.$folder.'" class="index_folder">';
 
-			echo basename($folder).' /</a>';
-		} ?>
-	</p>
 
 
 
-	<?php //<!--======== List files in vertical table ========-->
-	function list_view() {
-	
-	global $ONESCRIPT, $varvar, $config_excluded, $ftypes, $fclasses;
-	
-	$files = glob($varvar."{,.}*", GLOB_BRACE);
-	natcasesort($files);
-
-	echo '<table class="index_T">';
-		foreach ($files as $file) {
-			$fc++;
-			$excludeme = 0;
-			$config_excludeds = explode(",", $config_excluded);
-			
-			foreach ($config_excludeds as $config_exclusion) {
-				if (strrpos(basename($file),$config_exclusion) !== False && 
-				strrpos(basename($file),$config_exclusion) !== "") { 
-					$excludeme = 1;
-				}
-			}
-			
-			if (!is_dir($file) && $excludeme == 0) {
-				
-				//Determine file type & set cooresponding class.
-				$file_class = "";
-				$ext = end( explode(".", strtolower($file)) );
-				
-				for ($x=0; $x < count($ftypes); $x++ ){
-					if ($ext == $ftypes[$x]){ $file_class = $fclasses[$x]; } 
-				}
-	?>
-					<tr>
-						<td>
-							<?php echo "<a href='", $ONESCRIPT, "?f=", $file, "'"; ?>
-							<?php echo 'class="',  $file_class, '">', basename($file), '</a>'; ?>
-						</td>
-						<td class="meta_T meta_size">&nbsp;
-							<?php echo number_format(filesize($file)).""; ?> B
-						</td>
-						<td class="meta_T meta_time"> &nbsp;
-							<script>FileTimeStamp(<?php echo filemtime($file); ?>);</script>
-						</td>
-					</tr>
-	<?php 
-			}//end if !is_dir
-		}//end foreach file
-	echo '</table>';
-	
-	}//end list_view() =================================-->
-	?>
 
+//******************************************************************************
+function time_stamp_scripts() {  ?>
+
+<script>//Dispaly file's timestamp in user's local time 
+
+function pad(num){ 
+	if ( num < 10 ){ num = "0" + num; }
+	return num
+}
 
 
-	<?php list_view(); ?>
+function FileTimeStamp(php_filemtime, show_offset){
+
+	//php's filemtime returns seconds, javascript's date() uses milliseconds.
+	var FileMTime = php_filemtime * 1000; 
+
+	var TIMESTAMP  = new Date(FileMTime);
+	var YEAR  = TIMESTAMP.getFullYear();
+	var	MONTH = pad(TIMESTAMP.getMonth() + 1);
+	var DATE  = pad(TIMESTAMP.getDate());
+	var HOURS = TIMESTAMP.getHours();
+	var MINS  = pad(TIMESTAMP.getMinutes());
+	var SECS  = pad(TIMESTAMP.getSeconds());
+
+	if( HOURS < 12){ AMPM = "am"; }
+	else           { AMPM = "pm"; HOURS = HOURS - 12; }
+	HOURS = pad(HOURS);
+
+	var GMT_offset = -(TIMESTAMP.getTimezoneOffset()); //Yes, I know - seems wrong, but it's works.
+
+	if (GMT_offset < 0) { NEG=-1; SIGN="-"; } else { NEG=1; SIGN="+"; } 
+
+	var offset_HOURS = Math.floor(NEG*GMT_offset/60);
+	var offset_MINS  = pad( NEG * GMT_offset % 60 );
+	var offset_FULL  = "UTC " + SIGN + offset_HOURS + ":" + offset_MINS;
+
+	if (show_offset){ var DATETIME = YEAR+"-"+MONTH+"-"+DATE+" &nbsp;"+HOURS+":"+MINS+" "+AMPM+" ("+offset_FULL+")"; }
+	else            { var DATETIME = YEAR+"-"+MONTH+"-"+DATE+" &nbsp;"+HOURS+":"+MINS+" "+AMPM; }
 	
+	document.write( DATETIME );
 
+}//end FileTimeStamp(php_filemtime)
+</script>
+<?php }//end time_stamp_scripts() **********************************************
 
-	<!--=== Upload/New/Rename/Copy/etc... links ===-->
-	<p class="front_links">
-		<a href="<?php echo $ONESCRIPT.'?p=upload&amp;i='.$varvar; ?>" class="upload">Upload File</a>
-		<a href="<?php echo $ONESCRIPT.'?p=new&amp;i='.$varvar; ?>"    class="new">New File</a>
-		<a href="<?php echo $ONESCRIPT.'?p=newfolder&amp;i='.$varvar; ?>" class="newfolder">New Folder</a>
-		<?php if ($varvar !== "") { ?>
-			<a href="<?php echo $ONESCRIPT.'?p=renamefolder&amp;i='.$varvar; ?>" class="renamefolder">
-			Rename Folder</a>
-			<a href="<?php echo $ONESCRIPT.'?p=deletefolder&amp;i='.$varvar; ?>" class="deletefolder">
-			Delete Folder</a>
-		<?php } ?>
-	</p>
 
-<?php }; // End of Index (file listing) page *********************************?>
 
 
+function Edit_Page_javascript() { //********************************************
+?>
+	<!--======== Provide feedback re: unsaved changes ========-->
+	<script>
+	    
+	var File_textarea    = document.getElementById('file_content');
+	var Save_File_button = document.getElementById('save_file');
+	var Reset_button     = document.getElementById('reset');
 
+	var start_value = File_textarea.value;
+	var submitted   = false
+	var changed     = false;
 
-<?php // LOG OUT ***************************************************************
-if ($page == "logout") { $page = "login"; } ?>
 
 
+	// The following events only apply when the element is active.
+	// [Save] is disabled unless there are changes to the open file.
+	Save_File_button.onfocus = function() {Save_File_button.style.backgroundColor = "rgb(255,250,150)";}
+	Save_File_button.onblur  = function() {Save_File_button.style.backgroundColor ="#Fee";}
+	Save_File_button.onmouseover = function() {Save_File_button.style.backgroundColor = "rgb(255,250,150)";}
+	Save_File_button.onmouseout  = function() {Save_File_button.style.backgroundColor = "#Fee";}
 
 
-<?php // LOG IN ****************************************************************
-if ($page == "login") { ?>
-	<h2>Log In</h2>
-	<form method="post" action="<?php echo $ONESCRIPT; ?>">
-		<p>
-			<label for="onefilecms_username">Username:</label>
-			<input type="text" name="onefilecms_username" id="onefilecms_username" class="login_input">
-		</p>
-		<p>
-			<label for="onefilecms_password">Password:</label>
-			<input type="password" name="onefilecms_password" id="onefilecms_password" class="login_input">
-		</p>
-			
-		<input type="submit" class="button" value="Enter">
-	</form>
-	<script>document.getElementById('onefilecms_username').focus();</script>
-<?php }; ?>
 
+	function Reset_file_status_indicators() {
+		changed = false;
+		File_textarea.style.backgroundColor = "#eFe";  //light green
+		Save_File_button.style.backgroundColor = "";
+		Save_File_button.style.borderColor = "";
+		Save_File_button.style.borderWidth = "1px";
+		Save_File_button.disabled = "disabled";
+		Save_File_button.value = "Save";
+		Reset_button.disabled = "disabled";
+		//File_textarea.focus();
+	}
 
 
+	window.onbeforeunload = function() {
+		if ( changed && !submitted) { 
+			//FF4+ Ingores the supplied msg below & only uses a system msg for the prompt.
+			return "               Unsaved changes will be lost!";
+		}
+	}
 
 
-<?php // NEW FILE **************************************************************
-if ($page == "new") {
-	$varvar = "";
-	if (isset($_GET["i"])) { $varvar = "?i=".$_GET["i"]; }
-?>
-		<h2>New File</h2>
-		<p>Existing files with the same name will not be overwritten.</p>
-		<form method="post" id="new" action="<?php echo $ONESCRIPT.$varvar; ?>">
-			<input type="hidden" name="sessionid" value="<?php echo session_id(); ?>">
-			<p>
-				<label for="new_filename">New filename: </label>
-				<input type="text" name="new_filename" id="new_filename" class="textinput" value="<?php echo $_GET["i"]; ?>/">
-			</p>
-			<p>	<?php Cancel_Submit_Buttons("Create"); ?> </p>
-		</form>
-<?php }; ?>
+	window.onunload = function() {
+		//without this, a browser back then forward would reload file with local/
+		// unsaved changes, but with a green b/g as tho that's the file's contents.
+		if (!submitted) {
+			File_textarea.value = start_value;
+			Reset_file_status_indicators();
+		}
+	}
 
 
+	//With selStart & selEnd == 0, moves cursor to start of text field.
+	function setSelRange(inputEl, selStart, selEnd) { 
+		if (inputEl.setSelectionRange) { 
+			inputEl.focus(); 
+			inputEl.setSelectionRange(selStart, selEnd); 
+		} else if (inputEl.createTextRange) { 
+			var range = inputEl.createTextRange(); 
+			range.collapse(true); 
+			range.moveEnd('character', selEnd); 
+			range.moveStart('character', selStart); 
+			range.select(); 
+		} 
+	}
 
 
-<?PHP // NEW FOLDER ************************************************************
-if ($page == "newfolder") {
-	$varvar = "";
-	if (isset($_GET["i"])) { $varvar = "?i=".$_GET["i"]; }
-?>
-	<h2>New Folder</h2>
-	<p>Existing folders with the same name will not be overwritten.</p>
-	<form method="post" action="<?php echo $ONESCRIPT.$varvar; ?>">
-		<input type="hidden" name="sessionid" value="<?php echo session_id(); ?>">
-		<p>
-			<label for="new_folder">Folder name: </label>
-			<input type="text" name="new_folder" id="new_folder" class="textinput" value="<?php echo $_GET["i"]; ?>/">
-		</p>
-		<p>	<?php Cancel_Submit_Buttons("Create"); ?> </p>
-	</form>
-<?php }; ?>
+	function Check_for_changes(event){
+		var keycode=event.keyCode? event.keyCode : event.charCode;
+		changed = (File_textarea.value != start_value);
+		if (changed){
+			document.getElementById('message').innerHTML = " "; // Must have a space, or it won't clear the msg.
+			File_textarea.style.backgroundColor = "#Fee";  //light red
+			Save_File_button.style.backgroundColor ="#Fee";
+			Save_File_button.style.borderColor = "#F44";   //less light red
+			Save_File_button.style.borderWidth = "1px";
+			Save_File_button.disabled = "";
+			Reset_button.disabled = "";
+			Save_File_button.value = "SAVE CHANGES!";
+		}else{
+			Reset_file_status_indicators()
+		}
+	}
 
 
+	//Reset textarea value to when page was loaded.
+	//Used by [Reset] button, and when page unloads (browser back, etc). 
+	//Needed becuase if the page is reloaded (ctl-r, or browser back/forward, etc.), 
+	//the text stays changed, but "changed" gets set to false, which looses warning.
+	function Reset_File() {
+		if (changed) {
+			if ( !(confirm("Reset file and loose unsaved changes?")) ) { return; }
+		}
+		File_textarea.value = start_value;
+		Reset_file_status_indicators();
+		setSelRange(File_textarea, 0, 0) //MOve cursor to start of textarea.
+	}
+	
+	
+	Reset_file_status_indicators()
+	</script>
 
+<?php }//End Edit_Page_javascript() ********************************************
 
-<?php // RENAME FILE ***********************************************************
-if ($page == "rename") {
-	$varvar = "?i=".dirname($_GET["r"]);
-?>
-	<h2>Rename &ldquo;<a href="/<?php echo $filename; ?>">	<?php echo $filename; ?> </a>&rdquo;</h2>
-	<p>Existing files with the same filename are automatically overwritten... Be careful!</p>
-	<p>To move a file, preface its name with the folder's name, as in 
-	"<i>foldername/filename.txt</i>." The folder must already exist.</p>
 
-	<form method="post" action="<?php echo $ONESCRIPT.$varvar;	?>">
-		<input type="hidden" name="sessionid" value="<?php echo session_id(); ?>">
-		<p>
-			<label>Old filename:</label>
-			<input type="hidden" name="old_filename" value="<?php echo $filename; ?>">
-			<input type="text" name="dummy" value="<?php echo $filename; ?>" class="textinput" disabled="disabled">
-		</p>
-		<p>
-			<label for="rename_filename">New filename:</label>
-			<input type="text" name="rename_filename" id="rename_filename" class="textinput" value="<?php echo $filename; ?>">
-		</p>
-		<p><?php Cancel_Submit_Buttons("Rename"); ?></p>
-	</form>
-<?php }; ?>
 
 
 
 
-<?php // RENAME FOLDER *********************************************************
-if ($page == "renamefolder") {
-	$varvar = '?i='.$_GET["i"];
-?>
-	<h2>Rename Folder &ldquo;<?php echo $_GET["i"]; ?>&rdquo;</h2>
-	<form method="post" action="<?php echo $ONESCRIPT.$varvar; ?>">
-		<input type="hidden" name="sessionid" value="<?php echo session_id(); ?>">
-		<p>
-			<label>Old name:</label><input type="hidden" name="old_foldername" value="<?php echo $_GET["i"]; ?>">
-			<input type="text" name="dummy" value="<?php echo $_GET["i"]; ?>" class="textinput" disabled="disabled">
-		</p>
-		<p>
-			<label for="new_foldername">New name:</label>
-			<input type="text" name="new_foldername" id="new_foldername" class="textinput" value="<?php echo $_GET["i"]; ?>">
-		</p>
-		<p><?php Cancel_Submit_Buttons("Rename"); ?></p>
-	</form>
-<?php }; ?>
+//******************************************************************************
+//******************************************************************************
+?><!DOCTYPE html>
 
+<html>
+<head>
 
+<title><?php echo $config_title.' - '.$pagetitle; ?></title>
 
+<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
+<meta name="robots" content="noindex">
 
-<?php // UPLOAD FILE ***********************************************************
-if ($page == "upload") {
-	$varvar = ""; if (isset($_GET["i"])) { $varvar = "?i=".$_GET["i"]; }
+<?php //style_sheet(); ?>
+<link href="<?php echo $config_style_sheet;?>" type="text/css" rel="stylesheet">
+
+<?php if ( ($page == "index") || ($page == "edit") ) { time_stamp_scripts(); } ?>
+
+</head>
+
+<body class="page_<?php echo $page; ?>">
+
+<div class="container">
+
+<div class="header">
+	<?php echo '<a href="', $ONESCRIPT, '" id="logo">', $config_title; ?></a>
+	<?php echo $version; ?>
 	
-?>	<h2>Upload</h2>
-	<form enctype="multipart/form-data" action="<?php echo $ONESCRIPT.$varvar; ?>" method="post">
-		<input type="hidden" name="sessionid" value="<?php echo session_id(); ?>">
-		<input type="hidden" name="MAX_FILE_SIZE" value="100000">
-		<p>
-			<label for="upload_destination">Destination:</label>
-			<input type="text" name="upload_destination" value="<?php echo $_GET["i"]; ?>/" class="textinput">
-		</p>
-		<p>
-			<label for="upload_filename">File:</label>
-			<input name="upload_filename" type="file" size="93">
-		</p>
-		<p><?php Cancel_Submit_Buttons("Upload"); ?></p>
-	</form>
-<?php } ?>
+	<?php if ((isset($_SESSION['onefilecms_valid'])) && ($_SESSION['onefilecms_valid'] == "1")) { ?>
+		<div class="nav">
+			<a href="/"><?php show_favicon(); ?>&nbsp; 
+			<b><?php echo $WEBSITE; ?>/</b>  &nbsp;- &nbsp;
+			Visit Site</a> |
+			<a href="<?php echo $ONESCRIPT; ?>?p=logout">Log Out</a>
+		</div>
+	<?php } ?>
+</div><!-- end header -->
 
 
+<?php message_box(); ?>
 
 
-<div class="footer">
-	<hr><br><br>
-</div>
+<?php Load_Selected_Page(); ?>
 
 
+<div class="footer">
+	<hr><br><br>
 </div>
 
+</div><!-- end container -->
 
 </body>
 </html>
-
diff --git a/readme.markdown b/readme.markdown
index 257e7ac..354b05c 100755
--- a/readme.markdown
+++ b/readme.markdown
@@ -1,3 +1,5 @@
+# Current "stable" version: 1.2.3
+--------------------------------------------------------------------------------
 ### April 30, 2012
 
 # NOTICE - SECURITY HOLE! (Fixed in version 1.2.1)
@@ -111,9 +113,13 @@ It isn't entirely necessary, but it does provide nice enhancements, like warning
 
 ## Change Log
 
-### 1.2.4 - 1.2.8
+### 1.2.4 - 1.3.0
 
-- Mostly just a bunch of code modifications/improvements.
+- DO NOT USE THESE VERSIONS!
+- Mostly just a bunch of code modifications.
+- These versions have issues, primarily when on the home/root page your site, 
+  and attempting to [Upload File],  [New File], [New Folder], or when editing
+  a file.
 
 ### 1.2.3
 

From 591e896cf9de6ad35c9126d2ae8e0719ad3e17db Mon Sep 17 00:00:00 2001
From: David <selfevidenttruths@mail.com>
Date: Fri, 18 May 2012 15:29:28 -0400
Subject: [PATCH 060/228] Version 1.4.0 Substantial code reorganization &
 improvements.

---
 onefilecms.css  |  141 ++++---
 onefilecms.php  | 1034 +++++++++++++++++++++++++----------------------
 readme.markdown |   21 +-
 3 files changed, 629 insertions(+), 567 deletions(-)

diff --git a/onefilecms.css b/onefilecms.css
index d12d6bf..a960a00 100755
--- a/onefilecms.css
+++ b/onefilecms.css
@@ -1,11 +1,11 @@
 /* OneFileCMS - http://onefilecms.com/
- * Version 1.3.0
+ * Version 1.4.0
  * For license & copyright info, see OneFileCMS.License.BSD.txt 
  */ 
 
 
-/* #774200 #807568 #976322 #995400 #d4d4d4 #0F0901 #eaeaea rgb(255,250,150)
-   rgb(157, 124, 83) rgb(157, 124, 83)
+/* #d5d0cc #774200 #807568 #976322 #995400 #d4d4d4 #0F0901 #eaeaea
+   rgb(255,250,150) rgb(157, 124, 83) rgb(157, 124, 83)
    rgb(255,250,150) rgb(255,250,150) #969376 rgb(255,245,115)
  */
 
@@ -15,7 +15,7 @@
 html,body,div,span,applet,object,iframe,h1,h2,h3,h4,h5,h6,p,blockquote,pre,a,abbr,acronym,address,big,
 cite,code,del,dfn,em,font,img,ins,kbd,q,s,samp,small,strike,strong,sub,sup,tt,var,dl,dt,dd,ol,ul,li,
 fieldset,form,label,legend,table,caption,tbody,tfoot,thead,tr,th,td
-{border : 0;  outline: 0; margin : 0; padding: 0; 
+{border : 0;  outline: 0; margin : 0; padding: 0;
 font-family: inherit; font-weight: inherit; font-style : inherit;
 font-size  : 100%; vertical-align: baseline; }
 
@@ -24,10 +24,16 @@ font-size  : 100%; vertical-align: baseline; }
 
 /* --- general formatting --- */
 
-body { font-size: 1em; background: #d5d0cc; font-family: sans-serif; }
+body { font-size: 1em; background: #DDD; font-family: sans-serif; }
 
-p, h3,ul,table { margin-bottom: .5em; }
-h2 {margin-bottom: .2em;}
+p, table { margin-bottom: .5em; }
+
+div{position: relative;}
+
+h1,h2,h3,h4,h5,h6{font-weight: bold;}
+h2 { font-size: 20px; margin: 0 1em .2em 0;} /*TRBL*/
+h3 { font-size: 18px; margin-top: 15px; }
+h4 { font-size: 1.3em; margin-bottom: .2em; font-weight: normal;}
 
 em, i { font-style: italic; }
 
@@ -46,13 +52,6 @@ caption,th,td{text-align:left;font-weight:400;}
 blockquote:before,blockquote:after,q:before,q:after{content:"";}
 blockquote,q{quotes:"" "";}
 
-div{position: relative;}
-
-h1,h2,h3,h4,h5,h6{font-weight: bold;}
-h2 { font-size: 20px; }
-h3 { font-size: 18px; margin-top: 15px; }
-h4 { font-size: 1.3em; margin-bottom: .2em; font-weight: normal;}
-
 a { border: 1px solid transparent; color: rgb(100,45,0); text-decoration: none; }
 a:hover { border: 1px solid #807568; background-color: rgb(255,250,150); }
 a:focus { border: 1px solid #807568; background-color: rgb(255,250,150); }
@@ -60,12 +59,7 @@ a:focus { border: 1px solid #807568; background-color: rgb(255,250,150); }
 form p { margin-bottom: 5px; }
 
 
-label {
-	display: inline-block;
-	width  : 7em;
-	font-size : 14px;
-	font-style: italic;
-	}
+label { display: inline-block; width : 7em; font-size : 1em; }
 
 
 pre {
@@ -80,8 +74,6 @@ pre {
 	}
 
 
-
-
 /* --- layout --- */
 
 .container {
@@ -111,28 +103,36 @@ pre {
 .footer { color: #777; font-size: .7em; }
 
 
-.page_login label { display: block; margin-bottom: 2px; }
+.alignleft { margin: 0 10px 10px 0; float: left; }
+
 
+.dirname { font-weight: 400; }
 
-.alignleft { margin: 0 10px 10px 0; float: left; }
+.filename {
+	border: 1px solid #807568;
+	padding: .1em .2em .1em .2em;
+	font-weight: 700;
+	font-family: courier;
+	background-color: #EEE;
+	}
 
 
-/* Leave space when message is blank. Used by Edit page */
-#message { min-height: 1.7em; margin-bottom: .3em;}
+#message {margin: .5em 0;}
 
 #message p {
 	margin: 0;
 	padding: 4px 0px 4px .5em;
 	border: 1px solid #807568;
-	font-family: Lucida Console, "Courier New" ;
-	font-size: .95em;
+	Xfont-family: courier;
+	font-size: 1em;
 	line-height: 1.2em;
 	background: #fff000;
 	}
 
 #message span { float: right; }
 
-#message a { padding: 6px 1px 5px 1px; border-right: none; } /*T R B L*/
+/* #message a { font-family: Courier; font-size: 1.2em; padding: 4px 2px 3px 2px; border-right: none;} */
+#message a { padding: 5px 4px 5px 4px; border-right: none; } /*T R B L */
 
 
 /* --- INDEX directory listing, table format --- */
@@ -144,7 +144,7 @@ table.index_T {
 	border-color: #807568;
 	border-collapse: collapse;
 	margin-bottom: .7em;
-	background-color: #F8F8F8;
+	background-color: #FdFdFd;
 	}
 	
 table.index_T  tr:hover { border: 1px solid #807568; }
@@ -166,7 +166,6 @@ table.index_T td {
 	overflow   : hidden;
 	}
 
-/*	background : url("http://self-evident.github.com/OneFileCMS/images/silk_file.png") 4px no-repeat;*/
 
 .index_T a.txt { background: url("http://self-evident.github.com/OneFileCMS/images/file-txt.png") 3px no-repeat; }
 .index_T a.htm { background: url("http://self-evident.github.com/OneFileCMS/images/file-htm.png") 3px no-repeat; }
@@ -210,13 +209,13 @@ table.index_T td {
 .index_folders { min-height: 1.7em;  margin-bottom: .2em; }
 
 .index_folders a {
-	border       : 1px solid #807568;
+	Xborder       : 1px solid #807568;
 	display      : inline-block;
-	line-height  : 1.1em;
+	line-height  : 1em;
 	font-size    : 1em;
 	margin-right : .6em;
-	margin-bottom: .3em;
-	padding      : .1em .4em .1em 25px; /*TRBL*/
+	margin-bottom: .1em;
+	padding      : 3px .4em 3px 25px; /*TRBL*/
 	background : url("http://self-evident.github.com/OneFileCMS/images/folder-2.png") 4px 3px no-repeat;
 	}
 
@@ -238,27 +237,28 @@ table.index_T td {
 	display: inline-block;
 	}
 
-.front_links a.upload       { background: url("http://self-evident.github.com/OneFileCMS/images/upload.png") 3px      3px no-repeat; }
-.front_links a.new          { background: url("http://self-evident.github.com/OneFileCMS/images/file-new-2.png")      3px 4px no-repeat; }
-.front_links a.newfolder    { background: url("http://self-evident.github.com/OneFileCMS/images/folder-new-2.png")    2px 5px no-repeat; }
-.front_links a.renamefolder { background: url("http://self-evident.github.com/OneFileCMS/images/folder-rename-1.png") 1px 4px no-repeat; }
-.front_links a.deletefolder { background: url("http://self-evident.github.com/OneFileCMS/images/folder-del-3.png")    1px 5px no-repeat; }
-.front_links a.settings     { background: url("http://self-evident.github.com/OneFileCMS/images/settings.png")        2px 3px no-repeat; }
+.front_links a.upload       { background: #EEE url("http://self-evident.github.com/OneFileCMS/images/upload.png") 3px      3px no-repeat; }
+.front_links a.new          { background: #EEE url("http://self-evident.github.com/OneFileCMS/images/file-new-2.png")      3px 4px no-repeat; }
+.front_links a.newfolder    { background: #EEE url("http://self-evident.github.com/OneFileCMS/images/folder-new-2.png")    2px 5px no-repeat; }
+.front_links a.renamefolder { background: #EEE url("http://self-evident.github.com/OneFileCMS/images/folder-rename-1.png") 1px 4px no-repeat; }
+.front_links a.deletefolder { background: #EEE url("http://self-evident.github.com/OneFileCMS/images/folder-del-3.png")    1px 5px no-repeat; }
 
 .front_links a:hover  { background-color: rgb(255,250,150); }
 .front_links a:focus  { background-color: rgb(255,250,150); }
 
 
-form .meta { z-index: -1; }
-
-.textinput {
+input[type="text"] {
 	border: 1px solid #807568;
 	padding: 2px;
-	width: 650px;
+	width: 630px;
 	font: 1em "Courier New", Courier, monospace;
 	}
 
-textarea.textinput {
+input.textinput1 { width: 20em; }
+
+input.textinput2 { width: 40em; }
+
+textarea {
 	border: 1px solid #999;
 	font  : .95em "Courier New", Courier, monospace;
 	margin: 0 0 .5em 0; /*T R B L*/
@@ -267,16 +267,20 @@ textarea.textinput {
 	height: 30em;
 	}
 
-textarea.disabled { height: 50px; }
+textarea[disabled ]{ width : 99.5%; height: 50px; }
 
 textarea:focus { border: 1px solid #Faa; }
 
 
 input:focus { background-color: rgb(255,250,150); }
-/* input[type="button"]:focus { background-color: rgb(255,250,150); } */
 
 input:hover { background-color: rgb(255,250,150); }
 
+input[readonly]       { color: #333; background-color: #EEE; }
+input[disabled]       { color: #555; background-color: #EEE; }
+input[disabled]:hover { background-color: rgb(236,233,216);  } 
+input[disabled]:hover { background-color: rgb(236,233,216);  } 
+
 
 .buttons_right         { float: right; }
 .buttons_right .button { margin-left: 7px; }
@@ -286,21 +290,13 @@ input:hover { background-color: rgb(255,250,150); }
 .button {
 	border: 1px solid #807568;
 	padding: 4px 10px;
-	background-color: #d4d4d4;
+	background-color: #EEE;  /*#d4d4d4*/
 	cursor: pointer;
 	font-size: .9em;
 	font-family: sans-serif;
 	}
 
-.Xbutton:hover { background-color: rgb(255,250,150); } 
-.button[disabled]:hover { background-color: #d4d4d4; cursor:default }
-
-/*
-#Xsave_file         { border: 1px solid red; }
-#save_file a:hover { background-color: rgb(255,250,150); border: 1px solid red; }
-#save_file a:focus { background-color: rgb(255,250,150); border: 1px solid red; }
-*/
-
+.button[disabled]  { color: #777; background-color: #EEE; }
 
 #action {color: white; background-color: rgb(235,70,70); font-weight: 700;}
 
@@ -343,23 +339,26 @@ input:hover { background-color: rgb(255,250,150); }
 
 #edit_note    {font-size: .8em; color: #444 ;margin-top: 1em;}
 
+
+
 /* --- log in --- */
 
-.page_login .container {
-	margin-top: 5em;
-	border    : 1px solid #807568;
-	padding   : 1em;
-	width     : 360px;
+.login_page {
+	margin  : 5em auto;
+	border  : 1px solid #807568;
+	padding : 1em;
+	width   : 360px;
 	}
 
-
 .login_input {
 	border  : 1px solid #807568;
 	padding : 2px 0px 2px 2px;
 	width   : 356px;
-	font    : 1em Courier;
+	font    : 1em "Courier New";
 	}
 
+input[type="text"].login_input { width   : 354px; }
+
 
 
 /* --- --- --- */
@@ -377,3 +376,15 @@ hr {
 	Xborder-bottom: 1px solid #eee;
 	overflow: visible;
 	}
+
+.web_root { font:1.2em Courier; }
+
+.sure { margin: .5em 0em .5em 0; }
+
+.verify {
+	border: 1px solid #807568;
+	color: #333;
+	background-color: #FEE;
+	padding: 2px .3em;
+	font: 1.2em Courier;
+	}
diff --git a/onefilecms.php b/onefilecms.php
index b63f6e0..a70b929 100755
--- a/onefilecms.php
+++ b/onefilecms.php
@@ -2,15 +2,13 @@
 // OneFileCMS - http://onefilecms.com/
 // For license & copyright info, see OneFileCMS.License.BSD.txt
 
-$version = "1.3.0";
+$version = "1.4.0";
 
 
 if( phpversion() < '5.0.0' ) { exit("OneFileCMS requires PHP5 to operate. Please contact your host to upgrade your PHP installation."); };
 
 
-
-// CONFIGURABLE INFO
-
+// CONFIGURABLE INFO ***********************************************************
 $config_username  = "username";
 $config_password  = "password";
 $config_title     = "OneFileCMS";
@@ -28,7 +26,7 @@
 $config_itypes    = "jpg,gif,png,bmp,ico";  // Can be displayed on edit page.
 $config_ftypes    = "jpg,gif,png,bmp,ico,svg,txt,cvs,css,php,htm,html,cfg,conf,js"; //used to select file icon
 $config_fclass    = "img,img,img,img,img,svg,txt,txt,css,php,htm,htm,cfg,cfg,txt";  //used to select file icon
-// END CONFIGURABLE INFO
+// END CONFIGURABLE INFO *******************************************************
 
 
 
@@ -39,10 +37,16 @@
 $itypes   = (explode(",", strtolower($config_itypes)));
 
 
+$valid_pages = array("login","logout","index","edit","upload","new","copy","rename","delete","newfolder","renamefolder","deletefolder" );
+
 $ONESCRIPT = $_SERVER["SCRIPT_NAME"];
 $DOC_ROOT  = $_SERVER["DOCUMENT_ROOT"].'/';
+$WEB_ROOT  = basename($DOC_ROOT).'/';
 $WEBSITE   = $_SERVER["HTTP_HOST"];
 
+$pagetitle = $_SERVER['SERVER_NAME'];
+
+
 //Allows OneFileCMS.php to be started from any dir on the site.
 chdir($DOC_ROOT);
 
@@ -52,70 +56,76 @@
 
 //******************************************************************************
 session_start();
-global $page; $page = "index";
-global $pagetitle; $pagetitle = $_SERVER['SERVER_NAME'];
-
-if (isset($_POST["onefilecms_username"])) { $_SESSION['onefilecms_username'] = $_POST["onefilecms_username"]; }
-if (isset($_POST["onefilecms_password"])) { $_SESSION['onefilecms_password'] = $_POST["onefilecms_password"]; }
-
-if (($_SESSION['onefilecms_username'] == $config_username) and ($_SESSION['onefilecms_password'] == $config_password || md5($_SESSION['onefilecms_password']) == $config_password)) {
-	$_SESSION['onefilecms_valid'] = "1";
-} else {
-	$_SESSION['onefilecms_valid'] = "0";
-	$page = "login";
-	$_GET["p"] = "login";
-	unset($_GET["c"]);
-	unset($_GET["d"]);
-	unset($_GET["f"]);
-	unset($_GET["i"]);
-	unset($_GET["r"]);
-}
 
-if (isset($_GET["p"])) {
-	// redirect on invalid page attempts
-	$page = $_GET["p"];
-	if (!in_array(strtolower($_GET["p"]), array(
-		"copy","delete","deletefolder","edit","newfolder","index","login","logout","new","rename","renamefolder","upload"	)))
-	{
-		header("Location: ".$ONESCRIPT);
-		$page = "index";
+//*** Verify session *******************
+if (isset($_POST["username"])) { $_SESSION['username'] = $_POST["username"]; }
+if (isset($_POST["password"])) { $_SESSION['password'] = $_POST["password"]; }
+
+if (($_SESSION['username'] == $config_username) and
+   ( $_SESSION['password'] == $config_password || md5($_SESSION['password']) == $config_password))
+     { $_SESSION['valid'] = "1"; $page = "index"; }
+else { $_SESSION['valid'] = "0"; $page = "login"; unset($_GET["p"]); }
+
+
+
+//*** entitize $_GET params ************
+foreach ($_GET as $name => $value) { $_GET[$name] = htmlentities($value); }
+
+
+
+//*** Clean up & check a path **********
+function Check_path($path) { // returns first valid path in some/supplied/path/
+	global $message; 
+	$nopath = $path; //used for message if supplied $path doesn't exist.
+	$path = str_replace('\\','/',$path);   //Make sure all forward slashes.
+	$path = trim($path,"/ ."); // trim leading & trailing slashes, dots, and spaces
+
+	//Remove any '.' and '..' parts of the path. (More reliable than str_replace.)
+	$pathparts = explode( '/', $path);
+	$len       = count($pathparts);
+	$path      = "";  //Cleaned path.
+	for ($x=0 ; $x < $len; $x++  ) {
+		if ( !(($pathparts[$x] == '..') && (!$pathparts[$x] == '.')) ) {
+			$path .= $pathparts[$x].'/';
+		}
 	}
-}
+	$path = trim($path,"/"); // Remove -for now- final trailing slash.
+
+	if (strlen($path) < 1) { $path = ""; }
+	else {
+		if (!is_dir($path) && (strlen($message) < 1))
+			{ $message .= "<b>(!)</b> Directory does not exist: ".$nopath.'<br>'; }
 
-//Check if "i" path exists & trim trailing slashes ///
-function Check_ipath() { global $message;
-	if (isset($_GET["i"])) {
-		$_GET["i"] = rtrim($_GET["i"],"/");
-		if (!is_dir($_GET["i"])) { $message = "Does not exist: ".$_GET["i"]; }
-		while (!is_dir($_GET["i"])) { $_GET["i"] = dirname($_GET["i"]); }
-		if ($_GET["i"] == '.') {unset($_GET["i"]);}
+		while ( (strlen($path) > 0) && (!is_dir($path)) ) {
+			$path = dirname($path);
+		}
+		$path = $path.'/';
+		if ($path == './') { $path = ""; }
 	}
-}//end Check_ipath()
-Check_ipath();
+	return $path; 
+}//end Check_path() ********************
 
-if ( ($page == "login") and ($_SESSION['onefilecms_valid']) ) {	
-	$page = "index";
-	header("Location: ".$ONESCRIPT);
-}
 
-if ($_GET["p"] == "login") { $pagetitle = "Log In"; }
 
-if ($_GET["p"] == "logout") {
-	$page = "login";
-	$pagetitle = "Login";
-	$_SESSION['onefilecms_valid'] = "0";
-	session_destroy();
-	$message = 'You have successfully logged out.';
-}
+//*** Get main parameters **************
+if (isset($_GET["i"])) { $ipath    = Check_path($_GET["i"]); }else{ $ipath    = ""; }
+if (isset($_GET["f"])) { $filename = $ipath.$_GET["f"]; }else{ $filename = ""; }
+if (isset($_GET["p"])) { $page     = $_GET["p"]; } // default $page set above
 
-if ($_GET["i"] == "") { unset($_GET["i"]); }
-// End session startup**********************************************************
+$varvar = "?i=".$ipath;
 
 
 
+//*** Verify valid $page ***************
+if ($page != "") {
+	if (!in_array(strtolower($page), $valid_pages)) {
+		header("Location: ".$ONESCRIPT); // redirect on invalid page attempts
+		$page = "index";
+	}
+}
+//
+//End session startup***********************************************************
 
-// entitize $_GET params *******************************************************
-foreach ($_GET as $name => $value) { $_GET[$name] = htmlentities($value); }
 
 
 
@@ -123,67 +133,115 @@ function Check_ipath() { global $message;
 //******************************************************************************
 // Misc Functions
 
-function is_empty($path){
-	$empty = false;
-	$dh = opendir($path);
-	for($i = 3; $i; $i--) { $empty = (readdir($dh) === FALSE); }
-	closedir($dh);
-	return $empty;
-}//end is_emtpy()
 
+function Current_Path_Header(){ //**************************
+ 	// Current path. ie: webroot/current/path/ 
+	// Each level is a link to that level.
 
+	global $ONESCRIPT, $ipath, $WEB_ROOT;
 
-function Close_Button($classes) { //********************
-	echo '<input type="button" class="button '.$classes.'" name="close" value="Close" onclick="parent.location=\'';
-	echo $ONESCRIPT.'?i='.substr($_GET["f"],0,strrpos($_GET["f"],"/")).'\'">';
-	?><script>document.edit_form.elements[1].focus();</script><?php // focus on [Close]
-}// End Close_Button() //*******************************
+	echo '<h2>';
+		$path_levels  = explode("/",trim($ipath,'/') );
+		$levels = count($path_levels); //If levels=3, indexes = 0, 1, 2  etc... 
+		if ($ipath == "" ){ $levels = 0;} //if at root
+		$current_path = "";
 
+		//Root folder of web site.
+		echo '<a href="'.$ONESCRIPT.'" class="path"> '.trim($WEB_ROOT, '/').' </a>/';
 
+		//Remainder of current/path
+		for ($x=0; $x < $levels; $x++) {
+			$current_path .= $path_levels[$x].'/';
+			echo '<a href="'.$ONESCRIPT.'?i='.$current_path.'" class="path"> ';
+			echo ' '.$path_levels[$x]." </a>/";
+		}
+	echo '</h2>';
+}//end Current_Path_Header() //*****************************
 
-function Cancel_Submit_Buttons($button_label) { //******
-	global $ONESCRIPT, $varvar;
 
-	// [Cancel] returns to either the current/path, or current/path/file
-	if      ( isset($_GET["c"]) ) { $ipath = '?f='.$_GET["c"]; }
-	else if ( isset($_GET["d"]) ) { $ipath = '?f='.$_GET["d"]; }
-	else if ( isset($_GET["r"]) ) { $ipath = '?f='.$_GET["r"]; }
-	else if	( isset($_GET["i"]) ) { $ipath = '?i='.rtrim($_GET["i"],"/"); }
-	else    {                       $ipath = rtrim($varvar,"/"); }//end if/else
 
-	?>
-	<p>
-		<input type="button" class="button" id="cancel" name="cancel" value="Cancel" onclick="parent.location='<?php echo $ONESCRIPT.$ipath; ?>'">
-		<input type="submit" class="button" value="<?php echo $button_label;?>" style="margin-left: 1.3em;">
-	</p>
-	<script>document.getElementById('cancel').focus();</script>
-	<?php
-}// End Cancel_Submit_Buttons() //**********************
+function is_empty($path){ //********************************
+	$empty = false;
+	$dh = opendir($path);
+	for($i = 3; $i; $i--) { $empty = (readdir($dh) === FALSE); }
+	closedir($dh);
+	return $empty;
+}//end is_emtpy() //****************************************
 
 
 
-function message_box() { //*****************************
+function message_box() { //*********************************
 	global $ONESCRIPT, $message, $page;
 
 	if (isset($message)) {
-	?>
+?>
 		<div id="message"><p>
 		<!-- [X] to dismiss message box -->	
-		<span><a href='<?php echo $ONESCRIPT.'?'.$_SERVER['QUERY_STRING']; ?>'
+		<span><a id="dismiss" href='<?php echo $ONESCRIPT.$varvar; ?>'
 		onclick='document.getElementById("message").innerHTML = " ";return false'>
 		[X]</a>
 		</span>
 		<?php echo $message.PHP_EOL ;?>
 		</p></div>
-	<?php } else {
-		// On Edit page only, preserve vertical spacing for message even when empty.
-		if ($page == "edit") { echo '<div id="message"></div>';}
+		<script>document.getElementById("dismiss").focus();</script>
+<?php
+	}   //The else is needed or some of the Edit Page javascript feedback fails.
+		else { echo '<div id="message"></div>'; 
 	} //end isset($message)
-} //end message_box()  *********************************
+}//end message_box()  **************************************
 
 
 
-function show_image(){ //*******************************
+function Upload_New_Rename_Delete_Links() { //**************
+	global $ONESCRIPT, $ipath, $varvar;
+?>
+	<!-- Upload/New/Rename/Copy/etc... links -->
+	<p class="front_links">
+		<a href="<?php echo $ONESCRIPT.$varvar.'&amp;p=upload'; ?>"    class="upload"   >Upload File</a>
+		<a href="<?php echo $ONESCRIPT.$varvar.'&amp;p=new'; ?>"       class="new"      >New File</a>
+		<a href="<?php echo $ONESCRIPT.$varvar.'&amp;p=newfolder'; ?>" class="newfolder">New Folder</a>
+		<?php if ($ipath !== "") { ?>
+			<a href="<?php echo $ONESCRIPT.$varvar.'&amp;p=renamefolder'; ?>" class="renamefolder">
+			Rename Folder</a>
+			<a href="<?php echo $ONESCRIPT.$varvar.'&amp;p=deletefolder'; ?>" class="deletefolder">
+			Delete Folder</a>
+		<?php } ?>
+	</p>
+<?php
+}//end Upload_New_Rename_Delete_Links()  *******************
+
+
+
+function Close_Button($classes) { //************************
+	global $ONESCRIPT, $ipath, $varvar;
+	echo '<input type="button" class="button '.$classes.'" name="close" value="Close" onclick="parent.location=\'';
+	echo $ONESCRIPT.$varvar.'\'">';
+	?><script>document.edit_form.elements[1].focus();</script><?php // focus on [Close]
+}// End Close_Button() //***********************************
+
+
+
+function Cancel_Submit_Buttons($submit_label, $focus) { //**
+	//$submit_label = Rename, Copy, Delete, etc...
+	//$focus: if==1 or TRUE, set focus() to cancel button.
+	global $ONESCRIPT, $ipath, $varvar, $filename, $page;
+
+	// [Cancel] returns to either the current/path, or current/path/file
+	if ($filename != "") { $varvar .= '&f='.basename($filename).'&p='.edit; }
+?>
+	<p>
+		<input type="button" class="button" id="cancel" name="cancel" value="Cancel"
+			onclick="parent.location='<?php echo $ONESCRIPT.$varvar; ?>'">
+		<input type="submit" class="button" value="<?php echo $submit_label;?>" style="margin-left: 1.3em;">
+	</p>
+<?php
+	if ($focus != ""){ echo '<script>document.getElementById("'.$focus.'").focus();</script>'; }
+
+}// End Cancel_Submit_Buttons() //**************************
+
+
+
+function show_image(){ //***********************************
 	global $filename, $MAX_IMG_W, $MAX_IMG_H;
 	
 	$IMG = $filename;
@@ -206,261 +264,77 @@ function show_image(){ //*******************************
 	echo '<div style="clear:both;"></div>';
 	echo '<a href="/' . $IMG . '">';
 	echo '<img src="/'.$IMG.'"  height="'.$img_info[$H]*$SCALE.'"></a>';
-}// end show_image() ***********************************
+}// end show_image() ***************************************
 
 
 
-function show_favicon(){
-	global $config_favicon, $DOC_ROOT;
-	if (file_exists($DOC_ROOT.$config_favicon)) { 
-		echo '<img src="'.$config_favicon.'" alt="">'; 
-	}
-}// end show_favicon()
+//if file_exists(), ordinalize filename until it doesn't ***
+function ordinalize($destination,$filename, &$message) {
 
-// End of misc funtions ********************************************************
+	$ordinal   = 0;
+	$savefile = $destination.$filename;
 
+	if (file_exists($savefile)) {
 
+		$message .= '<br><b>(!)</b> A file with that name already exists in the target directory.<br>';
+		$savefile_info = pathinfo($savefile);
 
+		while (file_exists($savefile)) {
 
+			$ordinal = sprintf("%03d", ++$ordinal); //  001, 002, 003, etc...
+			$newfilename = $savefile_info['filename'].'.'.$ordinal.'.'.$savefile_info['extension'];
+			$savefile = $destination.$newfilename;
 
-
-
-// COPY FILE response code *****************************************************
-if (isset($_GET["c"])) {
-	$page = "copy"; $filename = $_GET["c"]; $pagetitle = "Copy";
-}
-
-if (isset($_POST["copy_filename"]) && $_SESSION['onefilecms_valid'] = "1" && $_POST["sessionid"] == session_id()) {
-	$old_filename = $_POST["old_filename"];
-	$filename = $_POST["copy_filename"];
-
-	if (copy($old_filename, $filename)){ 
-		$message  = '<b>"'.$old_filename.'"</b><br>';
-		$message .= ' --- successfully copied to ---<br>';
-		$message .= '<b>"'.$filename.'"</b>.';
-	}else{
-		$message .= '<b>(!) Error copying file:<br>"'.$filename.'"</b>.';
-	}
-}//end COPY FILE response code *************************************************
-
-
-
-
-
-// DELETE FILE response code ***************************************************
-if (isset($_GET["d"])) {
-	$page = "delete"; $filename = $_GET["d"]; $pagetitle = "Delete";
-}
-
-if (isset($_POST["delete_filename"]) && $_SESSION['onefilecms_valid'] = "1" && $_POST["sessionid"] == session_id()) {
-	$filename = $_POST["delete_filename"];
-
-	if (unlink($filename)) {
-		$message = '"<b>'.basename($filename).'</b>" successfully deleted.';
-	}else{
-		$message = '<b>(!) Error deleting "'.$filename.'"</b>.';
-	}
-}//end DELETE FILE response code ***********************************************
-
-
-
-
-
-// DELETE FOLDER response code *************************************************
-if ($_GET["p"] == "deletefolder") {
-	if (!is_empty($_GET["i"])){
-		$message = '<b>(!) Folder is not empty.</b>  Folders must be empty before they can be deleted.<br>';
-		$page = "index";
 		}
-	else { $pagetitle = "Delete Folder"; }
-}
-
-if (isset($_POST["delete_foldername"]) && $_SESSION['onefilecms_valid'] = "1" && $_POST["sessionid"] == session_id()) {
-	$foldername = $_POST["delete_foldername"];
-	$_GET["i"] = $foldername;
-	if (@rmdir($foldername)) {
-		$_GET["i"] = dirname($foldername);
-		$message = '"<b>'.basename($foldername).'/</b>" successfully deleted.';
-	} else {
-		$message = '<b>(!) "'.$foldername.'/"</b> is not empty, or other error occurred.';
-	}
-}//end DELETE FOLDER response code *********************************************
-
-
-
-
-
-// EDIT Page response code *****************************************************
-
-//*** If on Edit page, and [Save] clicked:
-if (isset($_POST["filename"]) && $_SESSION['onefilecms_valid'] = "1" && $_POST["sessionid"] == session_id()) {
-	$filename = $_POST["filename"];
-	$content = stripslashes($_POST["content"]);
-	$fp = @fopen($filename, "w");
-	if ($fp) {
-		fwrite($fp, $content);
-		fclose($fp);
-		$message = '<b>"'.$filename.'"</b> saved successfully.';
-	}else{
-		$message = '<b>(!) There was an error saving file.';
-	}
-}//***
-
-//*** If in directory list, and a filename is clicked:
-if (isset($_GET["f"])) {
-	$filename = stripslashes($_GET["f"]);
-	if (file_exists($filename)) {
-		$page = "edit";
-		$pagetitle = "Edit/View File";
-		$fp = @fopen($filename, "r");
-		if (filesize($filename) !== 0) {
-			$filecontent = fread($fp, filesize($filename));
-			$filecontent = htmlspecialchars($filecontent);
-		}
-		fclose($fp);
-	} else {
-		$page = "index";
-		$message = '<b>"'.$filename.'"</b> does not exist.';
-		unset ($filename);
-	}
-}//***
-//End Edit page response code **************************************************
-
-
-
-
-
-// NEW FILE response code ******************************************************
-if ($_GET["p"] == "new") {$pagetitle = "New File"; }
-if (isset($_POST["new_filename"]) && $_SESSION['onefilecms_valid'] = "1" && $_POST["sessionid"] == session_id()) {
-	$filename  = $_POST["new_filename"];
-	$_GET["i"] = $filename; Check_ipath();
-	if (file_exists($filename)) {
-		$message = '<b>(!) "'.$filename.'"</b> not created. A file with that name already exists.';
-	} else {
-		$handle = fopen($filename, 'w') or die("can't open file");
-		fclose($handle);
-		$message = '"<b>'.$filename.'</b>" created successfully.';
-		$_GET["i"] = dirname($filename); //return to file's directory.
+		$message .= 'Saving as: <b>"</b>'.'<b>'.$newfilename.'"</b>';
 	}
-}//end NEW FILE response code **************************************************
+	return $savefile;
+}//end ordinalize filename *********************************
 
 
 
-
-
-// NEW FOLDER response code ****************************************************
-if ($_GET["p"] == "newfolder") {$pagetitle = "New Folder"; }
-if (isset($_POST["new_folder"]) && $_SESSION['onefilecms_valid'] = "1" && $_POST["sessionid"] == session_id()) {
-	$foldername = $_POST["new_folder"];
-	$_GET["i"] = $foldername; Check_ipath();
-	if (!is_dir($foldername)) {
-		mkdir($foldername);
-		$message = '"<b>'.$foldername.'/</b>" created successfully.';
-		$_GET["i"] = $foldername;  //change to new directory
-	} else {
-		$message  = '<b>(!)</b> Folder already exists: ';
-		$message .= '<b>'.$foldername.'/</b>';
+function show_favicon(){
+	global $config_favicon, $DOC_ROOT;
+	if (file_exists($DOC_ROOT.$config_favicon)) { 
+		echo '<img src="'.$config_favicon.'" alt="">'; 
 	}
-}//end NEW FOLDER response code ************************************************
-
-
-
-
-
-// RENAME FILE response code ***************************************************
-if (isset($_GET["r"])) {
-	$filename = $_GET["r"];
-	$pagetitle = "Rename File";
-	$page = "rename";
-}
-if (isset($_POST["rename_filename"]) && $_SESSION['onefilecms_valid'] = "1" && $_POST["sessionid"] == session_id()) {
-	$old_filename = $_POST["old_filename"];
-	$filename = $_POST["rename_filename"];
-
-	//Removed any trailing slashes
-	$filename = rtrim($filename, '/');
-
-	rename($old_filename, $filename);
-	$message .= '"<b>'.$old_filename.'</b>"<br>';
-	$message .= ' &nbsp; successfully renamed to:<br>';
-	$message .= '"<b>'.$filename.'</b>"';
-}//end RENAME FILE response code ***********************************************
-
+}// end show_favicon()
 
+//
+// End of misc funtions ********************************************************
 
 
 
-// RENAME FOLDER response code *************************************************
-if ($_GET["p"] == "renamefolder") {$pagetitle = "Rename Folder"; }
-if (isset($_POST["new_foldername"]) && $_SESSION['onefilecms_valid'] = "1" && $_POST["sessionid"] == session_id()) {
 
-	$old_foldername = $_POST["old_foldername"];
-	$new_foldername = $_POST["new_foldername"];
-	$_GET["i"]      = $old_foldername;
-	Check_ipath();
-
-	//Removed any trailing slashes
-	$old_foldername = rtrim($old_foldername, '/');
-	$new_foldername = rtrim($new_foldername, '/');
-
-	if (rename($old_foldername, $new_foldername)) {
-		$message .= '<b>"'.$old_foldername.'/"</b><br>';
-		$message .= ' &nbsp; successfully renamed to:<br>';
-		$message .= '<b>"'.$new_foldername.'/"</b>';
-		$_GET["i"] = $new_foldername;  //return to new folder
-	} else {
-		$message = "<b>(!)</b> There was an error during rename. Try again and/or contact your admin.";
-	}
-}//end RENAME FOLDER response code *********************************************
 
+//Don't load login screen if already in a valid session *************
+if (($page == "login") and ($_SESSION['valid'])) { $page = "index"; }
 
 
 
 
-// UPLOAD FILE response code ***************************************************
-if ($_GET["p"] == "upload") {$pagetitle = "Upload File"; }
-if (isset($_FILES['upload_filename']['name']) && $_SESSION['onefilecms_valid'] = "1" && $_POST["sessionid"] == session_id()) {
-
-	$filename    = $_FILES['upload_filename']['name'];
-	$newfilename = $filename;
-	$destination = $_POST["upload_destination"];
-	$destintaion = rtrim($destination,"/").'/';  //make sure only a single trailing slash
-	$savefile    = $destination.$filename;
-	$_GET["i"]   = rtrim($destination,"/");
-
-	if (($filename == "")){ 
-		$message = "<b>(!) No file selected for upload... </b>";
-	}else{
-		$message   = 'Uploading: <b>"'.$filename.'"</b> to <b>"'.$destination.'"</b>';
-		
-		//if file_exists(), serialize filename until it doesn't
-		$serialize = 0;
-		if (file_exists($savefile)) {
-			$message .= '<br><b>(!)</b> A file with that name already exists in the target directory.<br>';
-			$savefile_info = pathinfo($savefile);
-
-			while (file_exists($savefile)) {
-				$serialize = sprintf("%04d", ++$serialize); //  0001, 0002, 0003, etc...
-				$newfilename = $savefile_info['filename'].'.'.$serialize.'.'.$savefile_info['extension'];
-				$savefile = $destination . $newfilename;
-			}
-			$message .= 'Saving as: <b>"</b>'.'<b>'.$newfilename.'"</b>';
-		}
-		//end serialize filename *****************************/
-
-		if(move_uploaded_file($_FILES['upload_filename']['tmp_name'], $savefile)) {
-			$message .= '<br>Upload successful.';
-		} else{
-			$message .= "<br><b>(!) There was an error.</b> Upload or rename may have failed.";
-		}
-	}
-} //end Upload file response code **********************************************
+if ($page == "login")        { $pagetitle = "Log In";         }
+if ($page == "edit")         { $pagetitle = "Edit/View File"; }
+if ($page == "upload")       { $pagetitle = "Upload File";    }
+if ($page == "new")          { $pagetitle = "New File";       }
+if ($page == "copy" )        { $pagetitle = "Copy";           }
+if ($page == "rename")       { $pagetitle = "Rename File";    }
+if ($page == "delete")       { $pagetitle = "Delete";         }
+if ($page == "newfolder")    { $pagetitle = "New Folder";     }
+if ($page == "renamefolder") { $pagetitle = "Rename Folder";  }
+if ($page == "deletefolder") { $pagetitle = "Delete Folder";  }
 
 
 
 
 
+//Logout ***********************************************************************
+if ($page == "logout") {
+	$page = "login";  $pagetitle = "Login";
+	$_SESSION['valid'] = "0";
+	session_destroy();
+	$message = 'You have successfully logged out.';
+}//*****************************************************************************
 
 
 
@@ -472,45 +346,56 @@ function Login_Page() { //******************************************************
 	<h2>Log In</h2>
 	<form method="post" action="<?php echo $ONESCRIPT; ?>">
 		<p>
-			<label for="onefilecms_username">Username:</label>
-			<input type="text" name="onefilecms_username" id="onefilecms_username" class="login_input">
+			<label for="username">Username:</label>
+			<input type="text" name="username" id="username" class="login_input" >
 		</p>
 		<p>
-			<label for="onefilecms_password">Password:</label>
-			<input type="password" name="onefilecms_password" id="onefilecms_password" class="login_input">
+			<label for="password">Password:</label>
+			<input type="password" name="password" id="password" class="login_input">
 		</p>
 			
 		<input type="submit" class="button" value="Enter">
 	</form>
-	<script>document.getElementById('onefilecms_username').focus();</script>
+	<script>document.getElementById('username').focus();</script>
 <?php } //end Login_Page() *****************************************************
 
 
 
 
 
+// Login Page response message**************************************************
+if (isset($_POST["username"])) {
+	if (($_SESSION['username'] != $config_username) || ($_SESSION['password'] != $config_password))
+		{ $message = "<b>(!) INVALID LOGIN ATTEMPT</b>"; }
+}//end Login Page response message**********************************************
+
+
+
+
+
+
 function list_files() { // ...in a vertical table ******************************
-	
-global $ONESCRIPT, $varvar, $config_excluded, $ftypes, $fclasses;
-	
-$files = glob($varvar."{,.}*", GLOB_BRACE);
-natcasesort($files);
+//called from Index Page
+
+	global $ONESCRIPT, $WEB_ROOT, $ipath, $varvar, $config_excluded, $ftypes, $fclasses;
 
-echo '<table class="index_T">';
+	$files = scandir('./'.$ipath);
+	natcasesort($files);
+
+	echo '<table class="index_T">';
 	foreach ($files as $file) {
 		$fc++;
 		$excludeme = 0;
 		$config_excludeds = explode(",", $config_excluded);
-			
+		
 		foreach ($config_excludeds as $config_exclusion) {
 			if (strrpos(basename($file),$config_exclusion) !== False && 
 			strrpos(basename($file),$config_exclusion) !== "") { 
 				$excludeme = 1;
 			}
 		}
-
-		if (!is_dir($file) && $excludeme == 0) {
-			
+		
+		if (!is_dir($ipath.$file) && $excludeme == 0) {
 			//Determine file type & set cooresponding class.
 			$file_class = "";
 			$ext = end( explode(".", strtolower($file)) );
@@ -520,15 +405,14 @@ function list_files() { // ...in a vertical table ******************************
 			}
 ?>
 			<tr>
-				<td>
-					<?php echo "<a href='", $ONESCRIPT, "?f=", $file, "'"; ?>
-					<?php echo 'class="',  $file_class, '">', basename($file), '</a>'; ?>
+				<td><?php echo '<a href="'.$ONESCRIPT.$varvar.'&amp;f='.$file.'&amp;p=edit'.'"'; ?>
+					<?php echo 'class="',  $file_class, '">', $file, '</a>'; ?>
 				</td>
 				<td class="meta_T meta_size">&nbsp;
-					<?php echo number_format(filesize($file)).""; ?> B
+					<?php echo number_format(filesize($ipath.$file)).""; ?> B
 				</td>
 				<td class="meta_T meta_time"> &nbsp;
-					<script>FileTimeStamp(<?php echo filemtime($file); ?>);</script>
+					<script>FileTimeStamp(<?php echo filemtime($ipath.$file); ?>);</script>
 				</td>
 			</tr>
 <?php 
@@ -542,95 +426,70 @@ function list_files() { // ...in a vertical table ******************************
 
 
 function Index_Page(){ //*******************************************************
-	global $ONESCRIPT, $varvar, $config_excluded, $ftypes, $fclasses;
-	$varvar = ""; //must be global - also used in list_files()
-	if (isset($_GET["i"])) { $varvar = $_GET["i"]."/"; }
-
- 	// Current path. ie: docroot/current/path/ 
-	// Each level is a link to that level.
-	echo '<h2>';
-		$full_path = basename(getcwd());
-		if (isset($_GET["i"])) { $full_path = basename(getcwd()).'/'.$_GET["i"]; }
-
-		$path_levels = explode("/",$full_path);
-		$levels = count($path_levels); //If levels=3, indexes = 0, 1, 2  etc...
-
-		//docroot folder of site
-		if ($_GET["i"] == "") { 
-			echo $path_levels[0].' /'; // if at root, no need for link.
-		} else {
-			echo '<a href="'.$ONESCRIPT.'" class="path"> '.$path_levels[0].' </a>/';
-		}
-
-		//Remainder of current/path
-		for ($x=1; $x < $levels; $x++) {
-			if ($x !== 1){ $current_path .= '/'; }
-			$current_path = $current_path.$path_levels[$x];
-			echo '<a href="'.$ONESCRIPT.'?i='.$current_path.'" class="path"> ';
-			echo ' '.$path_levels[$x]." </a>/";
-		}
-	?></h2>
+	global $ONESCRIPT, $WEB_ROOT, $ipath, $config_excluded, $ftypes, $fclasses;
 
+	Upload_New_Rename_Delete_Links();
+?>
 	<!--==== List folders/sub-directores ====-->
-	<p class="index_folders">
-		<?php
-		$folders = glob($varvar."*",GLOB_ONLYDIR);
+<?php
+	echo '<p class="index_folders">';
+		$folders = glob($ipath."*",GLOB_ONLYDIR);
 		natcasesort($folders);
 		foreach ($folders as $folder) {
-			echo '<a href="'.$ONESCRIPT.'?i='.$folder.'" class="index_folder">';
-
+			echo '<a href="'.$ONESCRIPT.'?i='.$folder.'/" class="index_folder">';
 			echo basename($folder).' /</a>';
-		} ?>
-	</p>
+		}
+	echo '</p>';
 
-	<?php list_files(); //******************* ?>
-	
-	<!-- Upload/New/Rename/Copy/etc... links -->
-	<p class="front_links">
-		<a href="<?php echo $ONESCRIPT.'?p=upload&amp;i='.$varvar; ?>"    class="upload">Upload File</a>
-		<a href="<?php echo $ONESCRIPT.'?p=new&amp;i='.$varvar; ?>"       class="new">New File</a>
-		<a href="<?php echo $ONESCRIPT.'?p=newfolder&amp;i='.$varvar; ?>" class="newfolder">New Folder</a>
-		<?php if ($varvar !== "") { ?>
-			<a href="<?php echo $ONESCRIPT.'?p=renamefolder&amp;i='.$varvar; ?>" class="renamefolder">
-			Rename Folder</a>
-			<a href="<?php echo $ONESCRIPT.'?p=deletefolder&amp;i='.$varvar; ?>" class="deletefolder">
-			Delete Folder</a>
-		<?php } ?>
-	</p>
-<?php
-}//end Index_Page()*************************************************************
+	list_files();
+
+	Upload_New_Rename_Delete_Links();
 
+}//end Index_Page()*************************************************************
 
 
 
 
 
 function Edit_Page() { //*******************************************************
-	global $ONESCRIPT, $varvar, $filename, $filecontent, $config_editable, $config_itypes;
-	$varvar = '?f='.$filename;
-	$ext = end( explode(".", strtolower($filename)) );
+	global $ONESCRIPT, $ipath, $varvar, $filename, $filecontent, $ftypes, $config_editable, $config_itypes;
+
+	$varvar2 = $varvar.'&amp;p=edit';
+	$varvar3 = $varvar.'&amp;f='.basename($filename);
+	
+	//Determine if editable file type
+	$ext = end( explode(".", strtolower($filename) ) );
+	$editable = FALSE;
+	if (in_array($ext, $ftypes)) { $editable = TRUE; };
 ?>
-	<h2 id="edit_header">File: &ldquo;<a href="/<?php echo $filename; ?>"> 
-	<?php echo $filename; ?> 
-	</a>&rdquo;</h2>
+	<h2 id="edit_header">Edit/View:
+	<a class="filename" href="/<?php echo $filename; ?>"><?php echo basename($filename); ?></a>
+	</h2>
 
-	<form id="edit_form" name="edit_form" method="post" action="<?php echo $ONESCRIPT.$varvar; ?>">
+	<form id="edit_form" name="edit_form" method="post" action="<?php echo $ONESCRIPT.$varvar2; ?>">
 		<p class="file_meta">
 		<span class="meta_size">Size<b>: </b> <?php echo number_format(filesize($filename)); ?> bytes</span> &nbsp; &nbsp; 
 		<span class="meta_time">Updated<b>: </b><script>FileTimeStamp(<?php echo filemtime($filename); ?>, 1);</script></span><br>
 		</p>
 		<input type="hidden" name="sessionid" value="<?php echo session_id(); ?>">
 		<?php Close_Button("close"); ?><div style="clear:both;"></div>
-		
+
 		<?php if (strpos($config_itypes,$ext) === false) { //If non-image, show textarea
-			if (strpos($config_editable,$ext) === false) { //
+			if (!$editable) { // If non-text file, disable textarea
 			?>	<p>
-				<textarea id="disabled_content" class="textinput disabled" cols="70" rows="3" disabled="disabled">Non-text or unkown file type. Edit disabled.</textarea>
+				<textarea id="disabled_content" cols="70" rows="3"
+				disabled="disabled">Non-text or unkown file type. Edit disabled.</textarea>
 				</p>
-			<?php } else { ?>
-				<p>
+			<?php } else {
+				$fp = @fopen($filename, "r");
+				if (filesize($filename) !== 0) {
+					$filecontent = fread($fp, filesize($filename));
+					$filecontent = htmlspecialchars($filecontent);
+				}
+				fclose($fp);
+			?>	<p>
 				<input type="hidden" name="filename" id="filename" class="textinput" value="<?php echo $filename; ?>">
-				<textarea id="file_content" onkeyup="Check_for_changes(event);" name="content" class="textinput" cols="70" rows="25"><?php echo $filecontent; ?></textarea>
+				<textarea id="file_content" name="content" class="textinput" cols="70" rows="25" onkeyup="Check_for_changes(event);"><?php echo $filecontent; ?></textarea>
 				</p>
 			<?php } //end if editable ?>	
 		<?php  } //end if non-image, show textarea ?>
@@ -639,12 +498,14 @@ function Edit_Page() { //*******************************************************
 		<input type="submit" class="button" value="Save"                  onclick="submitted = true;" id="save_file">
 		<input type="button" class="button" value="Reset - loose changes" onclick="Reset_File()"      id="reset">
 		<script>
+			//Setting disabled here instead of via input attribute in case js is disabled.
+			//If js is disabled, use would be unable to save changes.
 			document.getElementById('save_file').disabled = "disabled";
 			document.getElementById('reset').disabled     = "disabled";
 		</script>
-		<input type="button" class="button" value="Rename/Move"           onclick="parent.location='<?php echo $ONESCRIPT.'?r='.$filename; ?>'">
-		<input type="button" class="button" value="Delete"                onclick="parent.location='<?php echo $ONESCRIPT.'?d='.$filename; ?>'">
-		<input type="button" class="button" value="Copy"                  onclick="parent.location='<?php echo $ONESCRIPT.'?c='.$filename; ?>'">
+		<input type="button" class="button" value="Rename/Move" onclick="parent.location='<?php echo $ONESCRIPT.$varvar3.'&amp;p=rename'; ?>'">
+		<input type="button" class="button" value="Copy"        onclick="parent.location='<?php echo $ONESCRIPT.$varvar3.'&amp;p=copy'  ; ?>'">
+		<input type="button" class="button" value="Delete"      onclick="parent.location='<?php echo $ONESCRIPT.$varvar3.'&amp;p=delete'; ?>'">
 		<?php Close_Button(""); ?>
 		</p>
 	</form>
@@ -666,23 +527,37 @@ function Edit_Page() { //*******************************************************
 
 
 
+// EDIT Page response code *****************************************************
+//*** If on Edit page, and [Save] clicked:
+if ( $page == "edit" && isset($_POST["filename"]) && $_SESSION['valid'] = "1" && $_POST["sessionid"] == session_id()) {
+	$filename = $_POST["filename"];
+	$content = $_POST["content"];
+	$fp = @fopen($filename, "w");
+	if ($fp) {
+		fwrite($fp, $content);
+		fclose($fp);
+		$message = '<b>"'.$filename.'"</b> saved...';
+		$page == "edit";
+	}else{
+		$message = '<b>(!) There was an error saving file.</b>';
+	}
+}//end EDIT Page response code**************************************************
+
+
+
+
+
+
 function Upload_Page() { //*****************************************************
-	global $ONESCRIPT, $varvar;
-	$varvar = ""; if (isset($_GET["i"])) { $varvar = "?i=".$_GET["i"]; }
+	global $ONESCRIPT, $ipath, $varvar;
 ?>
-	<h2>Upload</h2>
+	<h2>Upload File</h2>
 	<form enctype="multipart/form-data" action="<?php echo $ONESCRIPT.$varvar; ?>" method="post">
 		<input type="hidden" name="sessionid" value="<?php echo session_id(); ?>">
 		<input type="hidden" name="MAX_FILE_SIZE" value="100000">
-		<p>
-			<label for="upload_destination">Destination:</label>
-			<input type="text" name="upload_destination" value="<?php echo $_GET["i"]; ?>/" class="textinput">
-		</p>
-		<p>
-			<label for="upload_filename">File:</label>
-			<input name="upload_filename" type="file" size="93">
-		</p>
-		<p><?php Cancel_Submit_Buttons("Upload"); ?></p>
+		<input type="hidden" name="upload_destination" value="<?php echo $ipath; ?>" >
+		<input name="upload_filename" type="file" size="100">
+		<p><?php Cancel_Submit_Buttons("Upload","cancel"); ?></p>
 	</form>
 <?php } //end Upload_Page() ****************************************************
 
@@ -690,20 +565,43 @@ function Upload_Page() { //*****************************************************
 
 
 
+// UPLOAD FILE response code ***************************************************
+if (isset($_FILES['upload_filename']['name']) && $_SESSION['valid'] = "1" && $_POST["sessionid"] == session_id()) {
+
+	$filename    = $_FILES['upload_filename']['name'];
+	$destination = Check_path($_POST["upload_destination"]);
+
+	if (($filename == "")){ 
+		$message = "<b>(!) No file selected for upload... </b>";
+	}elseif (($destination != "") && !is_dir($_POST["upload_destination"])) {
+		$message .= '<b>(!)</b> Destination folder does not exist: <br><b>';
+		$message .= ''.$WEB_ROOT.$destination.'</b><br><b>Upload cancelled.</b>';
+	}else{
+		$message .= 'Uploading: <b>"'.$filename.'"</b> to <b>"'.$WEB_ROOT.$destination.'"</b>';
+		
+		$savefile = ordinalize($destination, $filename, $message);
+
+		if(move_uploaded_file($_FILES['upload_filename']['tmp_name'], $savefile)) {
+			$message .= '<br>Upload successful.';
+		} else{
+			$message .= "<br><b>(!) There was an error.</b> Upload or rename may have failed.";
+		}
+	}
+} //end Upload file response code **********************************************
+
+
+
+
+
+
 function New_File_Page() { //***************************************************
-	global $ONESCRIPT, $varvar;
-	$varvar = "";
-	if (isset($_GET["i"])) { $varvar = "?i=".$_GET["i"]; }
+	global $ONESCRIPT, $WEB_ROOT, $ipath, $varvar;
 ?>
-		<h2>New File</h2>
-		<p>Existing files with the same name will not be overwritten.</p>
-		<form method="post" id="new" action="<?php echo $ONESCRIPT.$varvar; ?>">
+		<h2 style="float: left;">New File</h2>
+		<form method="post" action="<?php echo $ONESCRIPT.$varvar; ?>">
 			<input type="hidden" name="sessionid" value="<?php echo session_id(); ?>">
-			<p>
-				<label for="new_filename">New filename: </label>
-				<input type="text" name="new_filename" id="new_filename" class="textinput" value="<?php echo $_GET["i"]; ?>/">
-			</p>
-			<p>	<?php Cancel_Submit_Buttons("Create"); ?> </p>
+			<input type="text" name="new_filename" id="new_filename" class="textinput1" value="">
+			<p>	<?php Cancel_Submit_Buttons("Create","new_filename"); ?> </p>
 		</form>
 <?php
 }//end New_File_Page()**********************************************************
@@ -712,58 +610,102 @@ function New_File_Page() { //***************************************************
 
 
 
+// NEW FILE response code ******************************************************
+if (isset($_POST["new_filename"]) && $_SESSION['valid'] = "1" && $_POST["sessionid"] == session_id()) {
+
+	$filename = $ipath.trim($_POST["new_filename"],'/ '); //trim spaces & slashes
+	$savefile = $DOC_ROOT.$filename;
+
+	if (($_POST["new_filename"] == "")){ 
+		$message = "<b>(!) New file not created - no filename given... </b>";
+	}elseif (file_exists($savefile)) {
+		$message = '<b>(!) "'.$filename.'"</b> not created. A file with that name already exists.';
+	} else {
+		$handle = fopen($savefile, 'w') or die("can't open file");
+		fclose($handle);
+		$message = '"<b>'.$filename.'</b>"successfully created.';
+		$ipath = Check_path(dirname($filename)); //if changed, return to new dir.
+		$varvar = "?i=".$ipath;
+	}
+}//end NEW FILE response code **************************************************
+
+
+
+
+
+
 function Copy_File_Page(){ //***************************************************
-	global $ONESCRIPT, $varvar, $filename;
-	
-	$extension    = strrchr($filename, ".");
-	$slug         = dirname($filename).'/'.pathinfo($filename,PATHINFO_FILENAME);
-	$varvar       = "?i=".dirname($_GET["c"]);
-	$new_filename = $slug."_COPY_".date("YmdHi").$extension;
+	global $ONESCRIPT, $WEB_ROOT, $ipath, $varvar, $filename;
+
+	$new_filename = ordinalize($ipath, basename($filename));
 ?>
-	<h2>Copy &ldquo;<a href="/<?php echo $filename; ?> "> <?php echo $filename; ?> </a> &rdquo;</h2>
-	<p><b>( ! )</b> Existing files with the same filename are automatically overwritten... Be careful!</p>
+	<h2>Copy File</h2>
 
 	<form method="post" id="new" action="<?php echo $ONESCRIPT.$varvar; ?>">
 		<input type="hidden" name="sessionid" value="<?php echo session_id(); ?>">
 		<p>
 			<label>Old filename:</label>
+			<span class="web_root"><?php echo $WEB_ROOT; ?></span>
 			<input type="hidden" name="old_filename" value="<?php echo $filename; ?>">
-			<input type="text" name="dummy" value="<?php echo $filename; ?>" class="textinput" disabled="disabled">
+			<input type="text"   name="dummy" value="<?php echo $filename; ?>" disabled="disabled">
 		</p>
 		<p>
 			<label for="copy_filename">New filename:</label>
+			<span class="web_root"><?php echo $WEB_ROOT; ?></span>
 			<input type="text" name="copy_filename" id="copy_filename" 
-			       class="textinput" value="<?php echo $new_filename; ?>">
+				  class="textinput" value="<?php echo $new_filename; ?>">
 		</p>
-		<p>	<?php Cancel_Submit_Buttons("Copy"); ?>	</p>
+		<p><?php Cancel_Submit_Buttons("Copy","copy_filename"); ?></p>
 	</form>
 <?php }//end Copy_File_Page() **************************************************
 
 
 
 
+	
+// COPY FILE response code *****************************************************
+if (isset($_POST["copy_filename"]) && $_SESSION['valid'] = "1" && $_POST["sessionid"] == session_id()) {
+	$old_filename = $_POST["old_filename"];
+	$new_filename = $_POST["copy_filename"];
+
+	if (file_exists($new_filename)) {
+		$message = '<b>(!) "'.$new_filename.'"</b> not created.<br>A file with that name already exists.';
+		$page = "edit";
+		$filename = basename($old_filename);
+	}elseif (copy($old_filename, $new_filename)){ 
+		$message  = '<b>"'.$old_filename.'"</b><br>';
+		$message .= ' --- successfully copied to ---<br>';
+		$message .= '<b>"'.$new_filename.'"</b>';
+	}else{
+		$message .= '<b>(!) Error copying file:<br>"'.$new_filename.'"</b>';
+	}
+}//end COPY FILE response code *************************************************
+
+
+
+
 
 function Rename_File_Page() { //************************************************
-	global $ONESCRIPT, $varvar, $filename;
-	$varvar = "?i=".dirname($_GET["r"]);
+	global $ONESCRIPT, $WEB_ROOT, $ipath, $varvar, $filename;
 ?>
-	<h2>Rename &ldquo;<a href="/<?php echo $filename; ?>">	<?php echo $filename; ?> </a>&rdquo;</h2>
-	<p>Existing files with the same filename are automatically overwritten... Be careful!</p>
-	<p>To move a file, preface its name with the folder's name, as in 
-	"<i>foldername/filename.txt</i>." The folder must already exist.</p>
+	<h2>Rename/Move File</h2>
 
-	<form method="post" action="<?php echo $ONESCRIPT.$varvar;	?>">
+	<p>To move a file, change the folder's name, as in 
+	"newfolder/filename.txt". The new folder must already exist.</p>
+
+	<form method="post" action="<?php echo $ONESCRIPT.$varvar; ?>">
 		<input type="hidden" name="sessionid" value="<?php echo session_id(); ?>">
 		<p>
 			<label>Old filename:</label>
-			<input type="hidden" name="old_filename" value="<?php echo $filename; ?>">
-			<input type="text" name="dummy" value="<?php echo $filename; ?>" class="textinput" disabled="disabled">
+			<span class="web_root"><?php echo $WEB_ROOT; ?></span>
+			<input type="text" name="old_filename" value="<?php echo $filename; ?>" class="textinput" readonly="readonly">
 		</p>
 		<p>
 			<label for="rename_filename">New filename:</label>
+			<span class="web_root"><?php echo $WEB_ROOT; ?></span>
 			<input type="text" name="rename_filename" id="rename_filename" class="textinput" value="<?php echo $filename; ?>">
 		</p>
-		<p><?php Cancel_Submit_Buttons("Rename"); ?></p>
+		<p><?php Cancel_Submit_Buttons("Rename", "rename_filename"); ?></p>
 	</form>
 <?php } //end Rename_File_Page() ***********************************************
 
@@ -771,20 +713,40 @@ function Rename_File_Page() { //************************************************
 
 
 
+// RENAME FILE response code ***************************************************
+if (isset($_POST["rename_filename"]) && $_SESSION['valid'] = "1" && $_POST["sessionid"] == session_id()) {
+	$old_filename = $_POST["old_filename"];
+	$new_filename = trim($_POST["rename_filename"], '/');
+
+
+	if (file_exists($new_filename)) {
+		$message .= '<b>(!) Error renaming or moving file : '.$old_filename.'</b><br>';
+		$message .= '<b>(!) Target filename already exists: '.$new_filename.'</b><br>';
+	}elseif (rename($old_filename, $new_filename)) {
+		$message .= '<b>"'.$old_filename.'</b>"<br>';
+		$message .= ' --- successfully renamed to ---<br>';
+		$message .= '<b>"'.$new_filename.'</b>"<br>';
+	}else{
+		$message .= '<b>(!) Error renaming/moving file from:<br>"'.$old_filename.'"</b>';
+		$message .= '<b>(!) To:<br>"'.$new_filename.'"</b>';
+	}
+}//end RENAME FILE response code ***********************************************
+
+
+
+
+
 function Delete_File_Page() { //************************************************
-	global $ONESCRIPT, $varvar, $filename;
-	$varvar = '?i='.dirname($_GET["d"]); 
+	global $ONESCRIPT, $WEB_ROOT, $ipath, $varvar, $filename;
 ?>
-	<h2>Delete &ldquo;<a href="/<?php echo $filename; ?>">
-	<?php echo $filename; ?></a> &rdquo; ?</h2>
-	<p>Are you sure?</p>
+	<h2 style="float: left;">Delete File</h2>
 
 	<form method="post" action="<?php echo $ONESCRIPT.$varvar; ?>">
 		<input type="hidden" name="sessionid" value="<?php echo session_id(); ?>">
-		<p>
-			<input type="hidden" name="delete_filename" value="<?php echo $filename; ?>">
-			<?php Cancel_Submit_Buttons("DELETE"); ?>
-		</p>
+		<input type="hidden" name="delete_filename" value="<?php echo $filename; ?>" >
+		<span class="verify"><?php echo basename($filename); ?></span>
+		<p class="sure"><b>Are you sure?</b></p>
+		<?php Cancel_Submit_Buttons("DELETE", "cancel"); ?>
 	</form>
 <?php } //end Delete_File_Page() ***********************************************
 
@@ -792,20 +754,30 @@ function Delete_File_Page() { //************************************************
 
 
 
+// DELETE FILE response code ***************************************************
+if (isset($_POST["delete_filename"]) && $_SESSION['valid'] = "1" && $_POST["sessionid"] == session_id()) {
+	$filename = $_POST["delete_filename"];
+
+	if (unlink($filename)) {
+		$message = '"<b>'.basename($filename).'</b>" successfully deleted.';
+	}else{
+		$message = '<b>(!) Error deleting "'.$filename.'"</b>.';
+	}
+}//end DELETE FILE response code ***********************************************
+
+
+
+
+
 function New_Folder_Page() { //*************************************************
-	global $ONESCRIPT, $varvar;
-	$varvar = "";
-	if (isset($_GET["i"])) { $varvar = "?i=".$_GET["i"]; }
+	global $ONESCRIPT, $WEB_ROOT, $ipath, $varvar;
 ?>
-	<h2>New Folder</h2>
-	<p>Existing folders with the same name will not be overwritten.</p>
+	<h2 style="float: left;">New Folder</h2>
 	<form method="post" action="<?php echo $ONESCRIPT.$varvar; ?>">
 		<input type="hidden" name="sessionid" value="<?php echo session_id(); ?>">
-		<p>
-			<label for="new_folder">Folder name: </label>
-			<input type="text" name="new_folder" id="new_folder" class="textinput" value="<?php echo $_GET["i"]; ?>/">
-		</p>
-		<p>	<?php Cancel_Submit_Buttons("Create"); ?> </p>
+		<input type="text" name="new_folder" id="new_folder" class="textinput1" value="">
+		<p><?php Cancel_Submit_Buttons("Create","new_folder"); ?></p>
+		
 	</form>
 <?php } // end New_Folder_Page() ***********************************************
 
@@ -813,22 +785,47 @@ function New_Folder_Page() { //*************************************************
 
 
 
+// NEW FOLDER response code ****************************************************
+if (isset($_POST["new_folder"]) && $_SESSION['valid'] = "1" && $_POST["sessionid"] == session_id()) {
+
+	$new_folder = $ipath.trim($_POST["new_folder"],"/").'/'; //make sure only has a single trailing slash.
+
+
+	if ($_POST["new_folder"] == ""){ 
+		$message .= "<b>(!) New folder not created - no name given... </b>";
+	}elseif (is_dir($new_folder)) {
+		$message .= '<b>(!) Folder already exists: ';
+		$message .= ''.$new_folder.'</b>';
+	}elseif (mkdir($new_folder)) {
+		$message .= 'Folder "<b>'.basename($new_folder).'</b>" successfully created.';
+		$ipath   = $new_folder;  //cd to new folder
+		$varvar = "?i=".$ipath;
+	}else{
+		$message .= "<b>(!) Error- new folder not created.</b>";
+	}
+}//end NEW FOLDER response code ************************************************
+
+
+
+
+
 function Rename_Folder_Page() { //**********************************************
-	global $ONESCRIPT, $varvar;
-	$varvar = '?i='.$_GET["i"];
+	global $ONESCRIPT, $WEB_ROOT, $ipath, $varvar;
 ?>
-	<h2>Rename Folder &ldquo;<?php echo $_GET["i"]; ?>&rdquo;</h2>
+	<h2>Rename Folder</h2>
 	<form method="post" action="<?php echo $ONESCRIPT.$varvar; ?>">
 		<input type="hidden" name="sessionid" value="<?php echo session_id(); ?>">
 		<p>
-			<label>Old name:</label><input type="hidden" name="old_foldername" value="<?php echo $_GET["i"]; ?>">
-			<input type="text" name="dummy" value="<?php echo $_GET["i"]; ?>" class="textinput" disabled="disabled">
+			<label>Old name:</label><input type="hidden" name="old_foldername" value="<?php echo $ipath; ?>">
+			<span class="web_root"><?php echo $WEB_ROOT.Check_path(dirname($ipath)); ?></span>
+			<input type="text" name="dummy" value="<?php echo basename($ipath); ?>" class="textinput1" disabled="disabled">
 		</p>
 		<p>
 			<label for="new_foldername">New name:</label>
-			<input type="text" name="new_foldername" id="new_foldername" class="textinput" value="<?php echo $_GET["i"]; ?>">
+			<span class="web_root"><?php echo $WEB_ROOT.Check_path(dirname($ipath)); ?></span>
+			<input type="text" name="new_foldername" id="new_foldername" class="textinput1" value="<?php echo basename($ipath); ?>">
 		</p>
-		<p><?php Cancel_Submit_Buttons("Rename"); ?></p>
+		<p><?php Cancel_Submit_Buttons("Rename","new_foldername"); ?></p>
 	</form>
 <?php } //end Rename_Folder_Page() *********************************************
 
@@ -836,17 +833,45 @@ function Rename_Folder_Page() { //**********************************************
 
 
 
+// RENAME FOLDER response code *************************************************
+if (isset($_POST["new_foldername"]) && $_SESSION['valid'] = "1" && $_POST["sessionid"] == session_id()) {
+
+	$old_foldername = $_POST["old_foldername"]; // entire old $ipath
+	$new_foldername = $_POST["new_foldername"]; // not entire path - only end foldername
+
+	//Removed any trailing slashes
+	$new_foldername = Check_path(dirname($old_foldername)).trim($new_foldername, '/');
+
+	if (file_exists($new_foldername)) {
+		$message .= '<b>(!) Error renaming folder- target name already exists:</b><br>';
+		$message .= '<b>&nbsp; &nbsp; '.$WEB_ROOT.$new_foldername.'</b><br>';
+	}elseif (rename($old_foldername, $new_foldername)) {
+		$message .= '<b>"'.$old_foldername.'</b>"<br>';
+		$message .= ' --- successfully renamed to ---<br>';
+		$message .= '<b>"'.$new_foldername.'/</b>"<br>';
+		$ipath    = Check_path($new_foldername); //Return to new folder
+		$varvar = "?i=".$ipath;
+	} else {
+		$message = "<b>(!)</b> There was an error during rename. Try again and/or contact your admin.";
+	}
+}//end RENAME FOLDER response code *********************************************
+
+
+
+
+
 function Delete_Folder_Page(){ //***********************************************
-	global $ONESCRIPT, $varvar;
-	$varvar = "?i=".dirname($_GET['i']);
+	global $ONESCRIPT, $WEB_ROOT, $ipath, $varvar;
 ?>
-	<h2>Delete Folder &nbsp;&ldquo; <?php echo $_GET["i"]; ?>/ &rdquo; &nbsp;?</h2>
+	<br><h2>Delete Folder</h2>
+
 	<form method="post" action="<?php echo $ONESCRIPT.$varvar; ?>">
 		<input type="hidden" name="sessionid" value="<?php echo session_id(); ?>">
-		<p>
-		<input type="hidden" name="delete_foldername" value="<?php echo $_GET["i"]; ?>">
-		<?php Cancel_Submit_Buttons("DELETE"); ?>
-		</p>
+		<input type="hidden" name="delete_foldername" value="<?php echo $ipath; ?>" >
+		<span class="web_root"><?php echo $WEB_ROOT.Check_path(dirname($ipath)); ?></span>
+		<span class="verify"><?php echo basename($ipath); ?></span> /
+		<p class="sure"><b>Are you sure?</b></p>
+		<?php Cancel_Submit_Buttons("DELETE", "cancel"); ?>
 	</form>
 <?php } //end Delete_Folder_Page() //*******************************************
 
@@ -854,6 +879,28 @@ function Delete_Folder_Page(){ //***********************************************
 
 
 
+// DELETE FOLDER response code *************************************************
+if ( ($page == "deletefolder") && !is_empty($ipath) ) {
+	$message = '<b>(!) Folder not empty.</b>  Folders must be empty before they can be deleted.<br>';
+	$page = "index";
+}
+
+if (isset($_POST["delete_foldername"]) && $_SESSION['valid'] = "1" && $_POST["sessionid"] == session_id()) {
+
+	$page = "index"; //Return to index
+	$foldername = trim($_POST["delete_foldername"], '/');
+
+	if (@rmdir($foldername)) {
+		$message = 'Folder "<b>'.basename($foldername).'</b>" successfully deleted.';
+		$ipath = Check_path($foldername);
+		$varvar = "?i=".$ipath;
+	} else {
+		$message .= '<b>(!) "'.$foldername.'/"</b> an error occurred during delete.';
+	}
+}//end DELETE FOLDER response code *********************************************
+
+
+
 
 
 
@@ -863,7 +910,7 @@ function Load_Selected_Page(){ //***********************************************
 	global $page;
 	if ($page == "login")        { Login_Page();         }
 	if ($page == "index")        { Index_Page();         }
-	if ($page == "edit")         { Edit_Page();          }
+	if ($page == "edit")         { $pagetitle = "Edit/View File"; Edit_Page();}
 	if ($page == "upload")       { Upload_Page();        }
 	if ($page == "new")          { New_File_Page();      }
 	if ($page == "copy")         { Copy_File_Page();     }
@@ -884,7 +931,7 @@ function Load_Selected_Page(){ //***********************************************
 
 
 //******************************************************************************
-function time_stamp_scripts() {  ?>
+function Time_Stamp_javascripts() {  ?>
 
 <script>//Dispaly file's timestamp in user's local time 
 
@@ -926,7 +973,8 @@ function FileTimeStamp(php_filemtime, show_offset){
 
 }//end FileTimeStamp(php_filemtime)
 </script>
-<?php }//end time_stamp_scripts() **********************************************
+<?php }//end Time_Stamp_javascripts() **********************************************
+
 
 
 
@@ -1032,7 +1080,6 @@ function Reset_File() {
 		setSelRange(File_textarea, 0, 0) //MOve cursor to start of textarea.
 	}
 	
-	
 	Reset_file_status_indicators()
 	</script>
 
@@ -1042,7 +1089,6 @@ function Reset_File() {
 
 
 
-
 //******************************************************************************
 //******************************************************************************
 ?><!DOCTYPE html>
@@ -1058,19 +1104,22 @@ function Reset_File() {
 <?php //style_sheet(); ?>
 <link href="<?php echo $config_style_sheet;?>" type="text/css" rel="stylesheet">
 
-<?php if ( ($page == "index") || ($page == "edit") ) { time_stamp_scripts(); } ?>
+<?php if ( (1) || ($page == "index") || ($page == "edit") ) { Time_Stamp_javascripts(); } ?>
 
 </head>
 
-<body class="page_<?php echo $page; ?>">
+<body>
 
-<div class="container">
+<?php
+if ($page == "login"){ echo '<div class="login_page">'; }
+				 else{ echo '<div class="container">';}
+?>
 
 <div class="header">
 	<?php echo '<a href="', $ONESCRIPT, '" id="logo">', $config_title; ?></a>
 	<?php echo $version; ?>
 	
-	<?php if ((isset($_SESSION['onefilecms_valid'])) && ($_SESSION['onefilecms_valid'] == "1")) { ?>
+	<?php if ($_SESSION['valid'] == "1") { ?>
 		<div class="nav">
 			<a href="/"><?php show_favicon(); ?>&nbsp; 
 			<b><?php echo $WEBSITE; ?>/</b>  &nbsp;- &nbsp;
@@ -1080,13 +1129,12 @@ function Reset_File() {
 	<?php } ?>
 </div><!-- end header -->
 
-
 <?php message_box(); ?>
 
+<?php if ( $page != "login" ){Current_Path_Header(); } ?>
 
 <?php Load_Selected_Page(); ?>
 
-
 <div class="footer">
 	<hr><br><br>
 </div>
diff --git a/readme.markdown b/readme.markdown
index 354b05c..df01f7f 100755
--- a/readme.markdown
+++ b/readme.markdown
@@ -1,5 +1,9 @@
-# Current "stable" version: 1.2.3
+### May 18, 2012
+
+# Current stable version: 1.4.0
+
 --------------------------------------------------------------------------------
+
 ### April 30, 2012
 
 # NOTICE - SECURITY HOLE! (Fixed in version 1.2.1)
@@ -49,8 +53,7 @@ Coupling a utilitarian code editor with all the basic necessities of an FTP appl
  
 - All the basic features of an FTP application like renaming, deleting, copying, and uploading
   _(Of course, for more complex processes like batch renaming or mass uploads/deletions, you're going to want to break out an actual FTP program.)_
-- Smart alert if you try to leave without saving your edits
-- Gracefully degrading CSS and Javascript
+- Alert if you try to leave without saving your edits
 - Easily re-brandable via the title text stored in a configurable variable, and a modifiable filename.
 - Externally hosted CSS and images.
   _(Of course, you can switch it out to your own stylesheet if you need to!)_
@@ -107,19 +110,19 @@ Probably not.
 
 The reason there isn't default support for multiple users is that all of their info will have to be stored together, more or less in plain text, at the top of onefilecms.php. Giving people different usernames and passwords then is sort of futile, since everyone who can log in can view onefilecms's source and config variables. (This answer kind of ignores MD5 hashes but is valid for most considerations.) 
 
-### Is the JavaScript in the middle of the file really needed? When I remove it, everything seems to work fine.
+## Change Log
 
-It isn't entirely necessary, but it does provide nice enhancements, like warning you if you try to leave without saving changes, and stuff like that. 
 
-## Change Log
+### 1.4.0
+
+- Substantial code reorganization & updates.
+
 
 ### 1.2.4 - 1.3.0
 
 - DO NOT USE THESE VERSIONS!
 - Mostly just a bunch of code modifications.
-- These versions have issues, primarily when on the home/root page your site, 
-  and attempting to [Upload File],  [New File], [New Folder], or when editing
-  a file.
+- These versions have issues, primarily when on the home/root page your site. 
 
 ### 1.2.3
 

From a96a214f3254357a35a52821f6823cda4f7ff9f5 Mon Sep 17 00:00:00 2001
From: David <selfevidenttruths@mail.com>
Date: Sun, 20 May 2012 18:01:35 -0400
Subject: [PATCH 061/228] Version 1.5.0 Style sheet now embedded - external
 .css no longer needed Improved $excluded logic Improve Edit Page "if
 editable" & "if image" logic

---
 onefilecms.php | 579 ++++++++++++++++++++++++++++++++++++++++---------
 1 file changed, 479 insertions(+), 100 deletions(-)

diff --git a/onefilecms.php b/onefilecms.php
index a70b929..8014312 100755
--- a/onefilecms.php
+++ b/onefilecms.php
@@ -2,10 +2,10 @@
 // OneFileCMS - http://onefilecms.com/
 // For license & copyright info, see OneFileCMS.License.BSD.txt
 
-$version = "1.4.0";
+$version = '1.5';
 
 
-if( phpversion() < '5.0.0' ) { exit("OneFileCMS requires PHP5 to operate. Please contact your host to upgrade your PHP installation."); };
+if( phpversion() < '5.0.0' ) { exit("OneFileCMS requires PHP5 to operate (v5.4 recommended). Please contact your host to upgrade your PHP installation."); };
 
 
 // CONFIGURABLE INFO ***********************************************************
@@ -13,38 +13,36 @@
 $config_password  = "password";
 $config_title     = "OneFileCMS";
 
-$config_style_sheet = "onefilecms.css";  //Relative to this file.
-//$config_style_sheet ="/onefilecms.css";  //Relative to site URL root.
-//$config_style_sheet = "http://self-evident.github.com/OneFileCMS/onefilecms.css";
-
 $MAX_IMG_W   = 810;   // Max width to display images. (page container = 810)
 $MAX_IMG_H   = 1000;  // Max height.  I don't know, it just looks reasonable.
 
 $config_favicon   = "/favicon.ico";
-$config_editable  = "html,htm,php,css,js,txt,text,cfg,conf,ini,csv,svg";
-$config_excluded  = ""; //files to exclude from directory listings
-$config_itypes    = "jpg,gif,png,bmp,ico";  // Can be displayed on edit page.
-$config_ftypes    = "jpg,gif,png,bmp,ico,svg,txt,cvs,css,php,htm,html,cfg,conf,js"; //used to select file icon
-$config_fclass    = "img,img,img,img,img,svg,txt,txt,css,php,htm,htm,cfg,cfg,txt";  //used to select file icon
+$config_excluded  = ""; //files to exclude from directory listings- CaSe sensaTive!
+
+$config_etypes = "html,htm,xhtml,php,css,js,txt,text,cfg,conf,ini,csv,svg"; //lowercase, no spaces!
+$config_itypes = "jpg,gif,png,bmp,ico"; //lowercase, no spaces!
+$config_ftypes = "jpg,gif,png,bmp,ico,svg,txt,cvs,css,php,ini,cfg,conf,js,htm,html"; //lowercase, no spaces!
+$config_fclass = "img,img,img,img,img,svg,txt,txt,css,php,txt,cfg,cfg,txt,htm,htm";  //lowercase, no spaces!
 // END CONFIGURABLE INFO *******************************************************
 
 
 
-//Make arrays out of a few $config_variables.  They are used in Index_Page() .
+//Make arrays out of a few $config_variables for actual use later.
 //Above, however, it's easier to config/change a simple string.
-$ftypes   = (explode(",", strtolower($config_ftypes)));
-$fclasses = (explode(",", strtolower($config_fclass)));
-$itypes   = (explode(",", strtolower($config_itypes)));
-
+$etypes   = (explode(",", strtolower($config_etypes))); //editable file types
+$itypes   = (explode(",", strtolower($config_itypes))); //images types to display
+$ftypes   = (explode(",", strtolower($config_ftypes))); //file types with icons
+$fclasses = (explode(",", strtolower($config_fclass))); //for file types with icons
+$excluded_list = (explode(",", $config_excluded));
 
-$valid_pages = array("login","logout","index","edit","upload","new","copy","rename","delete","newfolder","renamefolder","deletefolder" );
 
 $ONESCRIPT = $_SERVER["SCRIPT_NAME"];
 $DOC_ROOT  = $_SERVER["DOCUMENT_ROOT"].'/';
 $WEB_ROOT  = basename($DOC_ROOT).'/';
 $WEBSITE   = $_SERVER["HTTP_HOST"];
+$pagetitle = $_SERVER['SERVER_NAME']; //Default value. May be changed per page.
 
-$pagetitle = $_SERVER['SERVER_NAME'];
+$valid_pages = array("login","logout","index","edit","upload","new","copy","rename","delete","newfolder","renamefolder","deletefolder" );
 
 
 //Allows OneFileCMS.php to be started from any dir on the site.
@@ -176,38 +174,37 @@ function message_box() { //*********************************
 	if (isset($message)) {
 ?>
 		<div id="message"><p>
-		<!-- [X] to dismiss message box -->	
-		<span><a id="dismiss" href='<?php echo $ONESCRIPT.$varvar; ?>'
-		onclick='document.getElementById("message").innerHTML = " ";return false'>
-		[X]</a>
+		<span><!-- [X] to dismiss message box -->	
+			<a id="dismiss" href='<?php echo $ONESCRIPT.$varvar; ?>'
+			onclick='document.getElementById("message").innerHTML = " ";return false'>
+			[X]</a>
 		</span>
 		<?php echo $message.PHP_EOL ;?>
 		</p></div>
 		<script>document.getElementById("dismiss").focus();</script>
 <?php
-	}   //The else is needed or some of the Edit Page javascript feedback fails.
-		else { echo '<div id="message"></div>'; 
+	}else {
+		echo '<div id="message"></div>'; // Needed on Edit page to keep js feedback from failing
 	} //end isset($message)
+	
+	// Used on Edit Page to preserve vertical spacing.
+	if ($page == "edit") {echo '<style>#message { min-height: 1.8em; }</style>';}
 }//end message_box()  **************************************
 
 
 
 function Upload_New_Rename_Delete_Links() { //**************
 	global $ONESCRIPT, $ipath, $varvar;
-?>
-	<!-- Upload/New/Rename/Copy/etc... links -->
-	<p class="front_links">
-		<a href="<?php echo $ONESCRIPT.$varvar.'&amp;p=upload'; ?>"    class="upload"   >Upload File</a>
-		<a href="<?php echo $ONESCRIPT.$varvar.'&amp;p=new'; ?>"       class="new"      >New File</a>
-		<a href="<?php echo $ONESCRIPT.$varvar.'&amp;p=newfolder'; ?>" class="newfolder">New Folder</a>
-		<?php if ($ipath !== "") { ?>
-			<a href="<?php echo $ONESCRIPT.$varvar.'&amp;p=renamefolder'; ?>" class="renamefolder">
-			Rename Folder</a>
-			<a href="<?php echo $ONESCRIPT.$varvar.'&amp;p=deletefolder'; ?>" class="deletefolder">
-			Delete Folder</a>
-		<?php } ?>
-	</p>
-<?php
+
+	echo '<p class="front_links">';
+	echo '<a href="'.$ONESCRIPT.$varvar.'&amp;p=upload"    class="upload" >Upload File</a>';
+	echo '<a href="'.$ONESCRIPT.$varvar.'&amp;p=new"       class="new" >New File</a>'   ;
+	echo '<a href="'.$ONESCRIPT.$varvar.'&amp;p=newfolder" class="newfolder" >New Folder</a>' ;
+	if ($ipath !== "") {
+		echo '<a href="'.$ONESCRIPT.$varvar.'&amp;p=renamefolder" class="renamefolder" >Rename Folder</a>';
+		echo '<a href="'.$ONESCRIPT.$varvar.'&amp;p=deletefolder" class="deletefolder" >Delete Folder</a>';
+	}
+	echo '</p>';
 }//end Upload_New_Rename_Delete_Links()  *******************
 
 
@@ -377,36 +374,31 @@ function Login_Page() { //******************************************************
 function list_files() { // ...in a vertical table ******************************
 //called from Index Page
 
-	global $ONESCRIPT, $WEB_ROOT, $ipath, $varvar, $config_excluded, $ftypes, $fclasses;
+	global $ONESCRIPT, $ipath, $varvar, $ftypes, $fclasses, $excluded_list;
 
 	$files = scandir('./'.$ipath);
 	natcasesort($files);
 
 	echo '<table class="index_T">';
 	foreach ($files as $file) {
-		$fc++;
-		$excludeme = 0;
-		$config_excludeds = explode(",", $config_excluded);
 		
-		foreach ($config_excludeds as $config_exclusion) {
-			if (strrpos(basename($file),$config_exclusion) !== False && 
-			strrpos(basename($file),$config_exclusion) !== "") { 
-				$excludeme = 1;
-			}
-		}
+		$excluded = FALSE;
+		if (in_array(basename($file), $excluded_list)) { $excluded = TRUE; };
+		
+		if (!is_dir($ipath.$file) && !$excluded) {
 		
-		if (!is_dir($ipath.$file) && $excludeme == 0) {
 			//Determine file type & set cooresponding class.
 			$file_class = "";
 			$ext = end( explode(".", strtolower($file)) );
-			
 			for ($x=0; $x < count($ftypes); $x++ ){
 				if ($ext == $ftypes[$x]){ $file_class = $fclasses[$x]; } 
 			}
 ?>
 			<tr>
-				<td><?php echo '<a href="'.$ONESCRIPT.$varvar.'&amp;f='.$file.'&amp;p=edit'.'"'; ?>
+				<td>
+					<?php echo '<a href="'.$ONESCRIPT.$varvar.'&amp;f='.$file.'&amp;p=edit" '; ?>
 					<?php echo 'class="',  $file_class, '">', $file, '</a>'; ?>
+
 				</td>
 				<td class="meta_T meta_size">&nbsp;
 					<?php echo number_format(filesize($ipath.$file)).""; ?> B
@@ -426,21 +418,21 @@ function list_files() { // ...in a vertical table ******************************
 
 
 function Index_Page(){ //*******************************************************
-	global $ONESCRIPT, $WEB_ROOT, $ipath, $config_excluded, $ftypes, $fclasses;
+	global $ONESCRIPT, $ipath;
 
-	Upload_New_Rename_Delete_Links();
-?>
-	<!--==== List folders/sub-directores ====-->
-<?php
+	//<!--==== List folders/sub-directores ====-->
 	echo '<p class="index_folders">';
 		$folders = glob($ipath."*",GLOB_ONLYDIR);
 		natcasesort($folders);
 		foreach ($folders as $folder) {
 			echo '<a href="'.$ONESCRIPT.'?i='.$folder.'/" class="index_folder">';
+
 			echo basename($folder).' /</a>';
 		}
 	echo '</p>';
 
+	Upload_New_Rename_Delete_Links();
+
 	list_files();
 
 	Upload_New_Rename_Delete_Links();
@@ -452,7 +444,7 @@ function Index_Page(){ //*******************************************************
 
 
 function Edit_Page() { //*******************************************************
-	global $ONESCRIPT, $ipath, $varvar, $filename, $filecontent, $ftypes, $config_editable, $config_itypes;
+	global $ONESCRIPT, $ipath, $varvar, $filename, $filecontent, $etypes, $itypes, $ftypes;
 
 	$varvar2 = $varvar.'&amp;p=edit';
 	$varvar3 = $varvar.'&amp;f='.basename($filename);
@@ -460,13 +452,13 @@ function Edit_Page() { //*******************************************************
 	//Determine if editable file type
 	$ext = end( explode(".", strtolower($filename) ) );
 	$editable = FALSE;
-	if (in_array($ext, $ftypes)) { $editable = TRUE; };
+	if (in_array(strtolower($ext), $etypes)) { $editable = TRUE; };
 ?>
 	<h2 id="edit_header">Edit/View:
-	<a class="filename" href="/<?php echo $filename; ?>"><?php echo basename($filename); ?></a>
+	<a class="filename" href="/<?php echo $filename.'">'.basename($filename) ?></a>
 	</h2>
 
-	<form id="edit_form" name="edit_form" method="post" action="<?php echo $ONESCRIPT.$varvar2; ?>">
+	<form id="edit_form" name="edit_form" method="post" action="<?php echo $ONESCRIPT.$varvar2 ?>">
 		<p class="file_meta">
 		<span class="meta_size">Size<b>: </b> <?php echo number_format(filesize($filename)); ?> bytes</span> &nbsp; &nbsp; 
 		<span class="meta_time">Updated<b>: </b><script>FileTimeStamp(<?php echo filemtime($filename); ?>, 1);</script></span><br>
@@ -474,7 +466,7 @@ function Edit_Page() { //*******************************************************
 		<input type="hidden" name="sessionid" value="<?php echo session_id(); ?>">
 		<?php Close_Button("close"); ?><div style="clear:both;"></div>
 
-		<?php if (strpos($config_itypes,$ext) === false) { //If non-image, show textarea
+		<?php if ( !in_array( strtolower($ext), $itypes) ) { //If non-image, show textarea
 			if (!$editable) { // If non-text file, disable textarea
 			?>	<p>
 				<textarea id="disabled_content" cols="70" rows="3"
@@ -499,7 +491,7 @@ function Edit_Page() { //*******************************************************
 		<input type="button" class="button" value="Reset - loose changes" onclick="Reset_File()"      id="reset">
 		<script>
 			//Setting disabled here instead of via input attribute in case js is disabled.
-			//If js is disabled, use would be unable to save changes.
+			//If js is disabled, user would be unable to save changes.
 			document.getElementById('save_file').disabled = "disabled";
 			document.getElementById('reset').disabled     = "disabled";
 		</script>
@@ -510,17 +502,15 @@ function Edit_Page() { //*******************************************************
 		</p>
 	</form>
 	<div style="clear:both;"></div>
+<?php
+	if ( in_array( strtolower($ext), $itypes) ) { show_image(); }
 
-	<?php if (strpos($config_itypes,$ext) !== false) { show_image(); } ?>
-
-	<?php if (strpos($config_editable,$ext) !== false) { //if editable file..?>
-		<?php Edit_Page_javascript(); ?>
-		<div id="edit_note">
-		NOTE: On some browsers, such as Chrome, if you click the browser [Back] then browser [Forward] (or vice versa), the file state may not be accurate.  To correct, click the browser's [Reload].
-		</div>
-	<?php } //end if editable ?>
+	if ($editable) {
+		Edit_Page_scripts();
+		echo '<div id="edit_note">NOTE: On some browsers, such as Chrome, if you click the browser [Back] then browser [Forward] (or vice versa), the file state may not be accurate.  To correct, click the browser\'s [Reload].</div>';
+	} //end if editable
 
-<?php }; //End Edit_Page *******************************************************
+}//End Edit_Page ***************************************************************
 
 
 
@@ -626,6 +616,7 @@ function New_File_Page() { //***************************************************
 		$message = '"<b>'.$filename.'</b>"successfully created.';
 		$ipath = Check_path(dirname($filename)); //if changed, return to new dir.
 		$varvar = "?i=".$ipath;
+		$page = "edit";
 	}
 }//end NEW FILE response code **************************************************
 
@@ -669,9 +660,10 @@ class="textinput" value="<?php echo $new_filename; ?>">
 	$new_filename = $_POST["copy_filename"];
 
 	if (file_exists($new_filename)) {
-		$message = '<b>(!) "'.$new_filename.'"</b> not created.<br>A file with that name already exists.';
+		$message .= '<b>(!) Error copying file - target filename already exists:<br>';
+		$message .= '(!) '.$new_filename.'</b>';
 		$page = "edit";
-		$filename = basename($old_filename);
+		$filename = $old_filename;
 	}elseif (copy($old_filename, $new_filename)){ 
 		$message  = '<b>"'.$old_filename.'"</b><br>';
 		$message .= ' --- successfully copied to ---<br>';
@@ -718,14 +710,20 @@ function Rename_File_Page() { //************************************************
 	$old_filename = $_POST["old_filename"];
 	$new_filename = trim($_POST["rename_filename"], '/');
 
-
+	$page = "edit"; //return to edit page
+	
 	if (file_exists($new_filename)) {
-		$message .= '<b>(!) Error renaming or moving file : '.$old_filename.'</b><br>';
-		$message .= '<b>(!) Target filename already exists: '.$new_filename.'</b><br>';
+		$message .= '<b>(!) Error renaming or moving file - target filename already exists:<br>';
+		$message .= '(!) '.$new_filename.'</b>';
+		$page = "edit";
+		$filename = $old_filename;
 	}elseif (rename($old_filename, $new_filename)) {
 		$message .= '<b>"'.$old_filename.'</b>"<br>';
 		$message .= ' --- successfully renamed to ---<br>';
 		$message .= '<b>"'.$new_filename.'</b>"<br>';
+		$filename = $new_filename;
+		$ipath = Check_path(dirname($filename)); //if changed, return to new dir.
+		$varvar = '?i='.$ipath;
 	}else{
 		$message .= '<b>(!) Error renaming/moving file from:<br>"'.$old_filename.'"</b>';
 		$message .= '<b>(!) To:<br>"'.$new_filename.'"</b>';
@@ -762,6 +760,7 @@ function Delete_File_Page() { //************************************************
 		$message = '"<b>'.basename($filename).'</b>" successfully deleted.';
 	}else{
 		$message = '<b>(!) Error deleting "'.$filename.'"</b>.';
+		$page = "edit";
 	}
 }//end DELETE FILE response code ***********************************************
 
@@ -892,7 +891,7 @@ function Delete_Folder_Page(){ //***********************************************
 
 	if (@rmdir($foldername)) {
 		$message = 'Folder "<b>'.basename($foldername).'</b>" successfully deleted.';
-		$ipath = Check_path($foldername);
+		$ipath = Check_path($foldername); //Return to parent dir.
 		$varvar = "?i=".$ipath;
 	} else {
 		$message .= '<b>(!) "'.$foldername.'/"</b> an error occurred during delete.';
@@ -903,14 +902,11 @@ function Delete_Folder_Page(){ //***********************************************
 
 
 
-
-
-
 function Load_Selected_Page(){ //***********************************************
 	global $page;
 	if ($page == "login")        { Login_Page();         }
 	if ($page == "index")        { Index_Page();         }
-	if ($page == "edit")         { $pagetitle = "Edit/View File"; Edit_Page();}
+	if ($page == "edit")         { Edit_Page();          }
 	if ($page == "upload")       { Upload_Page();        }
 	if ($page == "new")          { New_File_Page();      }
 	if ($page == "copy")         { Copy_File_Page();     }
@@ -926,12 +922,8 @@ function Load_Selected_Page(){ //***********************************************
 
 
 
-
-
-
-
 //******************************************************************************
-function Time_Stamp_javascripts() {  ?>
+function Time_Stamp_scripts() {  ?>
 
 <script>//Dispaly file's timestamp in user's local time 
 
@@ -973,13 +965,13 @@ function FileTimeStamp(php_filemtime, show_offset){
 
 }//end FileTimeStamp(php_filemtime)
 </script>
-<?php }//end Time_Stamp_javascripts() **********************************************
+<?php }//end Time_Stamp_scripts() ******************************************
 
 
 
 
 
-function Edit_Page_javascript() { //********************************************
+function Edit_Page_scripts() { //********************************************
 ?>
 	<!--======== Provide feedback re: unsaved changes ========-->
 	<script>
@@ -1083,7 +1075,395 @@ function Reset_File() {
 	Reset_file_status_indicators()
 	</script>
 
-<?php }//End Edit_Page_javascript() ********************************************
+<?php }//End Edit_Page_scripts() ********************************************
+
+
+
+
+
+function style_sheet(){ //****************************************************?>
+<style>
+/* --- reset --- */
+html,body,div,span,applet,object,iframe,h1,h2,h3,h4,h5,h6,p,blockquote,pre,a,abbr,acronym,address,big,
+cite,code,del,dfn,em,font,img,ins,kbd,q,s,samp,small,strike,strong,sub,sup,tt,var,dl,dt,dd,ol,ul,li,
+fieldset,form,label,legend,table,caption,tbody,tfoot,thead,tr,th,td
+{border : 0;  outline: 0; margin : 0; padding: 0;
+font-family: inherit; font-weight: inherit; font-style : inherit;
+font-size  : 100%; vertical-align: baseline; }
+
+
+
+/* --- general formatting --- */
+
+body { font-size: 1em; background: #DDD; font-family: sans-serif; }
+
+p, table { margin-bottom: .5em; }
+
+div{position: relative;}
+
+h1,h2,h3,h4,h5,h6{font-weight: bold;}
+h2 { font-size: 20px; margin: 0 1em .2em 0;} /*TRBL*/
+h3 { font-size: 18px; margin-top: 15px; }
+h4 { font-size: 1.3em; margin-bottom: .2em; font-weight: normal;}
+
+em, i { font-style: italic; }
+
+strong { font-weight: bold; }
+
+li {line-height: 1.4em; }
+
+:focus{outline:0;}
+
+ol,ul{list-style:none;}
+
+table{border-collapse:separate;border-spacing:0;}
+
+caption,th,td{text-align:left;font-weight:400;}
+
+blockquote:before,blockquote:after,q:before,q:after{content:"";}
+blockquote,q{quotes:"" "";}
+
+a { border: 1px solid transparent; color: rgb(100,45,0); text-decoration: none; }
+a:hover { border: 1px solid #807568; background-color: rgb(255,250,150); }
+a:focus { border: 1px solid #807568; background-color: rgb(255,250,150); }
+
+form p { margin-bottom: 5px; }
+
+
+label { display: inline-block; width : 7em; font-size : 1em; }
+
+
+
+pre {
+	background: white;
+	border: 1px solid #807568;
+	line-height: 1.25em;
+	overflow: auto
+	overflow-Y: hidden;
+	padding: 10px;
+	margin: 5px 0 10px 0;
+	overflow: hidden;
+	}
+
+
+/* --- layout --- */
+
+.container {
+	border : 0px solid #807568;
+	width  : 810px;
+	margin : 0em auto;
+	}
+
+
+.header {
+	border-bottom : 1px solid #807568;
+	padding: 04px 0px 04px 0px;
+	margin : 0;
+	margin-bottom : .5em;
+	}
+
+
+#logo {
+	font-family: 'Trebuchet MS', sans-serif;
+	font-size:2.2em;
+	font-weight: bold;
+	color: black;
+	padding: .1em;
+	}
+
+
+.footer { color: #777; font-size: .7em; }
+
+
+.alignleft { margin: 0 10px 10px 0; float: left; }
+
+
+.dirname { font-weight: 400; }
+
+.filename {
+	border: 1px solid #807568;
+	padding: .1em .2em .1em .2em;
+	font-weight: 700;
+	font-family: courier;
+	background-color: #EEE;
+	}
+
+/* Preserve space when message is dismissed.*/
+#message { margin-bottom: .5em;}
+
+#message p {
+	margin: 0;
+	padding: 4px 0px 4px .5em;
+	border: 1px solid #807568;
+	Xfont-family: courier;
+	font-size: 1em;
+	line-height: 1.2em;
+	background: #fff000;
+	}
+
+#message span { float: right; }
+
+#message #dismiss { padding: 5px 4px 5px 4px; border-right: none; } /*TRBL */ /*font-family: Courier; font-size: 1.2em;*/
+
+
+/* --- INDEX directory listing, table format --- */
+table.index_T {
+	min-width: 30em;
+	font-size: .95em;
+	border-style: outset;
+	border-width: 1px;
+	border-color: #807568;
+	border-collapse: collapse;
+	margin-bottom: .7em;
+	background-color: #FdFdFd;
+	}
+	
+table.index_T  tr:hover { border: 1px solid #807568; }
+
+table.index_T td { 
+	border-width  : 1px;
+	border-color  : silver;
+	border-style  : inset;
+	vertical-align: middle;
+	}
+
+.index_T a { 
+	height : 1em;
+	display: block;
+	padding: .2em 1em .3em 1.6em;
+	color  : rgb(100,45,0);
+	border : none;
+	background : url("http://self-evident.github.com/OneFileCMS/images/file-bin.png") 3px no-repeat;
+	overflow   : hidden;
+	}
+
+
+.index_T a.txt { background: url("http://self-evident.github.com/OneFileCMS/images/file-txt.png") 3px no-repeat; }
+.index_T a.htm { background: url("http://self-evident.github.com/OneFileCMS/images/file-htm.png") 3px no-repeat; }
+.index_T a.css { background: url("http://self-evident.github.com/OneFileCMS/images/file-css.png") 3px no-repeat; }
+.index_T a.php { background: url("http://self-evident.github.com/OneFileCMS/images/file-php.png") 3px no-repeat; }
+.index_T a.cfg { background: url("http://self-evident.github.com/OneFileCMS/images/file-cfg.png") 3px no-repeat; }
+.index_T a.img { background: url("http://self-evident.github.com/OneFileCMS/images/file-img.png") 3px no-repeat; }
+.index_T a.bin { background: url("http://self-evident.github.com/OneFileCMS/images/file-bin.png") 3px no-repeat; }
+.index_T a.svg { background: url("http://self-evident.github.com/OneFileCMS/images/file-svg.png") 3px no-repeat; }
+
+.index_T a:hover { background-color: rgb(255,250,150); }
+.index_T a:focus { background-color: rgb(255,250,150); }
+
+
+
+/* File size & date */
+
+.meta_size { min-width: 6em; }
+
+.meta_time { width    : 13em;}
+
+.meta {
+	height        : 25px;
+	line-height   : 1.1em;
+	font-size     : .9em;
+	margin-top    : 3px;
+	padding-right : .5em;
+    font-size     : .9em;
+	color         : #333;
+	}
+
+.meta_T {
+	padding-right : .5em;
+	text-align    : right;
+	font-family   : courier;
+    font-size     : .9em;
+	color         : #333;
+	}
+
+
+.index_folders { min-height: 1.7em;  margin-bottom: .2em; }
+
+.index_folders a {
+	Xborder       : 1px solid #807568;
+	display      : inline-block;
+	line-height  : 1em;
+	font-size    : 1em;
+	margin-right : .6em;
+	margin-bottom: .1em;
+	padding      : 3px .4em 3px 25px; /*TRBL*/
+	background : url("http://self-evident.github.com/OneFileCMS/images/folder-2.png") 4px 3px no-repeat;
+	}
+
+.index_folders a:hover { background-color: rgb(255,250,150); }
+.index_folders a:focus { background-color: rgb(255,250,150); }
+
+
+
+/*  [Upload File] [New File] [New Folder] etc... */
+
+.front_links { clear: both; }
+
+.front_links a {
+	display: inline-block;
+	border : 1px solid #807568;
+	height      : 16px;
+	font-size   : 16px;
+	margin-right: 15px;
+	padding     : 3px 5px 5px 21px; /*TRBL*/
+	background-color: #EEE;
+	}
+
+.front_links a.upload       { background: #EEE url("http://self-evident.github.com/OneFileCMS/images/upload.png") 3px      3px no-repeat; }
+.front_links a.new          { background: #EEE url("http://self-evident.github.com/OneFileCMS/images/file-new-2.png")      3px 4px no-repeat; }
+.front_links a.newfolder    { background: #EEE url("http://self-evident.github.com/OneFileCMS/images/folder-new-2.png")    2px 5px no-repeat; }
+.front_links a.renamefolder { background: #EEE url("http://self-evident.github.com/OneFileCMS/images/folder-rename-1.png") 1px 4px no-repeat; }
+.front_links a.deletefolder { background: #EEE url("http://self-evident.github.com/OneFileCMS/images/folder-del-3.png")    1px 5px no-repeat; }
+
+.front_links a:hover  { background-color: rgb(255,250,150); }
+.front_links a:focus  { background-color: rgb(255,250,150); }
+
+
+input[type="text"] {
+	border: 1px solid #807568;
+	padding: 2px;
+	width: 630px;
+	font: 1em "Courier New", Courier, monospace;
+	}
+
+input.textinput1 { width: 20em; }
+
+input.textinput2 { width: 40em; }
+
+textarea {
+	border: 1px solid #999;
+	font  : .95em "Courier New", Courier, monospace;
+	margin: 0 0 .5em 0; /*T R B L*/
+	width : 99.5%;
+	height: 30em;
+	height: 30em;
+	}
+
+textarea[disabled ]{ width : 99.5%; height: 50px; }
+
+textarea:focus { border: 1px solid #Faa; }
+
+
+input:focus { background-color: rgb(255,250,150); }
+
+input:hover { background-color: rgb(255,250,150); }
+
+input[readonly]       { color: #333; background-color: #EEE; }
+input[disabled]       { color: #555; background-color: #EEE; }
+input[disabled]:hover { background-color: rgb(236,233,216);  } 
+input[disabled]:hover { background-color: rgb(236,233,216);  } 
+
+
+.buttons_right         { float: right; }
+.buttons_right .button { margin-left: 7px; }
+.buttons_left          { float: left; }
+.buttons_left  .button { margin-right: 7px; }
+
+.button {
+	border : 1px solid #807568;
+	padding: 4px 10px;
+	cursor : pointer;
+	color      : black;
+	font-size  : .9em;
+	font-family: sans-serif;
+	background-color: #EEE;  /*#d4d4d4*/
+	}
+
+.button[disabled]  { color: #777; background-color: #EEE; }
+
+
+/* --- header --- */
+
+.nav {
+	float     : right;
+	display   : inline-block;
+	margin-top: 1.6em;
+	font-size : 1em;
+	}
+
+.nav a {
+	border: 1px solid transparent;
+	font-weight : bold;
+	padding     : .0em;
+	padding-top   : .2em;
+	padding-left  : .6em;
+	padding-right : .6em;
+	padding-bottom: .1em;
+	}
+
+.nav a:hover { border: 1px solid #807568; }
+.nav a:focus { border: 1px solid #807568; }
+
+
+
+/* --- edit --- */
+
+#edit_header  {margin: 0;}
+
+#edit_form    {margin: 0;}
+
+#file_content {height: 24em;}
+
+.file_meta	  {float: left;  margin-top: .5em; font-size: .9em; color: #333; font-family: courier;}
+
+.close        {float: right; margin-bottom: .5em;}
+
+#edit_note    {font-size: .8em; color: #444 ;margin-top: 1em;}
+
+
+
+/* --- log in --- */
+
+.login_page {
+	margin  : 5em auto;
+	border  : 1px solid #807568;
+	padding : 1em;
+	width   : 360px;
+	}
+
+.login_input {
+	border  : 1px solid #807568;
+	padding : 2px 0px 2px 2px;
+	width   : 356px;
+	font    : 1em "Courier New";
+	}
+
+input[type="text"].login_input { width   : 354px; }
+
+
+
+/* --- --- --- */
+hr { 
+	line-height  : 0;
+	font-size    : 1px;
+	display : block;
+	position: relative;
+	padding : 0;
+	margin  : 8px auto;
+	width   : 100%;
+	clear   : both;
+	border  : none;
+	border-top   : 1px solid #807568;
+	Xborder-bottom: 1px solid #eee;
+	overflow: visible;
+	}
+
+.web_root { font:1.2em Courier; }
+
+.sure { margin: .5em 0em .5em 0; }
+
+.verify {
+	border: 1px solid #807568;
+	color: #333;
+	background-color: #FEE;
+	padding: 2px .3em;
+	font: 1.2em Courier;
+	}
+
+
+</style>
+<?php }//end style_sheet() *****************************************************
+
 
 
 
@@ -1096,15 +1476,14 @@ function Reset_File() {
 <html>
 <head>
 
-<title><?php echo $config_title.' - '.$pagetitle; ?></title>
+<title><?php echo $config_title.' - '.$pagetitle ?></title>
 
 <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
 <meta name="robots" content="noindex">
 
-<?php //style_sheet(); ?>
-<link href="<?php echo $config_style_sheet;?>" type="text/css" rel="stylesheet">
+<?php style_sheet(); ?>
 
-<?php if ( (1) || ($page == "index") || ($page == "edit") ) { Time_Stamp_javascripts(); } ?>
+<?php if ( ($page == "index") || ($page == "edit") ) { Time_Stamp_scripts(); } ?>
 
 </head>
 
@@ -1112,7 +1491,7 @@ function Reset_File() {
 
 <?php
 if ($page == "login"){ echo '<div class="login_page">'; }
-				 else{ echo '<div class="container">';}
+				 else{ echo '<div class="container">';  }
 ?>
 
 <div class="header">
@@ -1121,19 +1500,19 @@ function Reset_File() {
 	
 	<?php if ($_SESSION['valid'] == "1") { ?>
 		<div class="nav">
-			<a href="/"><?php show_favicon(); ?>&nbsp; 
-			<b><?php echo $WEBSITE; ?>/</b>  &nbsp;- &nbsp;
+			<a href="/"><?php show_favicon() ?>&nbsp; 
+			<b><?php echo $WEBSITE ?>/</b>  &nbsp;- &nbsp;
 			Visit Site</a> |
-			<a href="<?php echo $ONESCRIPT; ?>?p=logout">Log Out</a>
+			<a href="<?php echo $ONESCRIPT ?>?p=logout">Log Out</a>
 		</div>
 	<?php } ?>
 </div><!-- end header -->
 
-<?php message_box(); ?>
+<?php message_box() ?>
 
-<?php if ( $page != "login" ){Current_Path_Header(); } ?>
+<?php if ( $page != "login" ){ Current_Path_Header(); } ?>
 
-<?php Load_Selected_Page(); ?>
+<?php Load_Selected_Page() ?>
 
 <div class="footer">
 	<hr><br><br>

From 6055e82b177a6d26bcd757f1ac7b9a52b66f9f96 Mon Sep 17 00:00:00 2001
From: David <selfevidenttruths@mail.com>
Date: Sun, 20 May 2012 18:08:15 -0400
Subject: [PATCH 062/228] Version 2.0 - OneFileCMS "Lite" - No Icons First true
 one file OneFileCMS

---
 onefilecms.php | 138 +++++++++++++++++++++----------------------------
 1 file changed, 60 insertions(+), 78 deletions(-)

diff --git a/onefilecms.php b/onefilecms.php
index 8014312..100e937 100755
--- a/onefilecms.php
+++ b/onefilecms.php
@@ -2,7 +2,7 @@
 // OneFileCMS - http://onefilecms.com/
 // For license & copyright info, see OneFileCMS.License.BSD.txt
 
-$version = '1.5';
+$version = '"Lite" (v2.0)';
 
 
 if( phpversion() < '5.0.0' ) { exit("OneFileCMS requires PHP5 to operate (v5.4 recommended). Please contact your host to upgrade your PHP installation."); };
@@ -110,7 +110,7 @@ function Check_path($path) { // returns first valid path in some/supplied/path/
 if (isset($_GET["f"])) { $filename = $ipath.$_GET["f"]; }else{ $filename = ""; }
 if (isset($_GET["p"])) { $page     = $_GET["p"]; } // default $page set above
 
-$varvar = "?i=".$ipath;
+$param1 = "?i=".$ipath;
 
 
 
@@ -175,8 +175,8 @@ function message_box() { //*********************************
 ?>
 		<div id="message"><p>
 		<span><!-- [X] to dismiss message box -->	
-			<a id="dismiss" href='<?php echo $ONESCRIPT.$varvar; ?>'
-			onclick='document.getElementById("message").innerHTML = " ";return false'>
+			<a id="dismiss" href='<?php echo $ONESCRIPT.$param1; ?>'
+			onclick='document.getElementById("message").innerHTML = " ";return false;'>
 			[X]</a>
 		</span>
 		<?php echo $message.PHP_EOL ;?>
@@ -194,15 +194,15 @@ function message_box() { //*********************************
 
 
 function Upload_New_Rename_Delete_Links() { //**************
-	global $ONESCRIPT, $ipath, $varvar;
+	global $ONESCRIPT, $ipath, $param1;
 
 	echo '<p class="front_links">';
-	echo '<a href="'.$ONESCRIPT.$varvar.'&amp;p=upload"    class="upload" >Upload File</a>';
-	echo '<a href="'.$ONESCRIPT.$varvar.'&amp;p=new"       class="new" >New File</a>'   ;
-	echo '<a href="'.$ONESCRIPT.$varvar.'&amp;p=newfolder" class="newfolder" >New Folder</a>' ;
+	echo '<a href="'.$ONESCRIPT.$param1.'&amp;p=upload">Upload File</a>';
+	echo '<a href="'.$ONESCRIPT.$param1.'&amp;p=new">New File</a>'   ;
+	echo '<a href="'.$ONESCRIPT.$param1.'&amp;p=newfolder">New Folder</a>' ;
 	if ($ipath !== "") {
-		echo '<a href="'.$ONESCRIPT.$varvar.'&amp;p=renamefolder" class="renamefolder" >Rename Folder</a>';
-		echo '<a href="'.$ONESCRIPT.$varvar.'&amp;p=deletefolder" class="deletefolder" >Delete Folder</a>';
+		echo '<a href="'.$ONESCRIPT.$param1.'&amp;p=renamefolder">Rename Folder</a>';
+		echo '<a href="'.$ONESCRIPT.$param1.'&amp;p=deletefolder">Delete Folder</a>';
 	}
 	echo '</p>';
 }//end Upload_New_Rename_Delete_Links()  *******************
@@ -210,9 +210,9 @@ function Upload_New_Rename_Delete_Links() { //**************
 
 
 function Close_Button($classes) { //************************
-	global $ONESCRIPT, $ipath, $varvar;
+	global $ONESCRIPT, $ipath, $param1;
 	echo '<input type="button" class="button '.$classes.'" name="close" value="Close" onclick="parent.location=\'';
-	echo $ONESCRIPT.$varvar.'\'">';
+	echo $ONESCRIPT.$param1.'\'">';
 	?><script>document.edit_form.elements[1].focus();</script><?php // focus on [Close]
 }// End Close_Button() //***********************************
 
@@ -221,14 +221,14 @@ function Close_Button($classes) { //************************
 function Cancel_Submit_Buttons($submit_label, $focus) { //**
 	//$submit_label = Rename, Copy, Delete, etc...
 	//$focus: if==1 or TRUE, set focus() to cancel button.
-	global $ONESCRIPT, $ipath, $varvar, $filename, $page;
+	global $ONESCRIPT, $ipath, $param1, $filename, $page;
 
 	// [Cancel] returns to either the current/path, or current/path/file
-	if ($filename != "") { $varvar .= '&f='.basename($filename).'&p='.edit; }
+	if ($filename != "") { $param1 .= '&f='.basename($filename).'&p='.edit; }
 ?>
 	<p>
 		<input type="button" class="button" id="cancel" name="cancel" value="Cancel"
-			onclick="parent.location='<?php echo $ONESCRIPT.$varvar; ?>'">
+			onclick="parent.location='<?php echo $ONESCRIPT.$param1; ?>'">
 		<input type="submit" class="button" value="<?php echo $submit_label;?>" style="margin-left: 1.3em;">
 	</p>
 <?php
@@ -374,7 +374,7 @@ function Login_Page() { //******************************************************
 function list_files() { // ...in a vertical table ******************************
 //called from Index Page
 
-	global $ONESCRIPT, $ipath, $varvar, $ftypes, $fclasses, $excluded_list;
+	global $ONESCRIPT, $ipath, $param1, $ftypes, $fclasses, $excluded_list;
 
 	$files = scandir('./'.$ipath);
 	natcasesort($files);
@@ -386,19 +386,19 @@ function list_files() { // ...in a vertical table ******************************
 		if (in_array(basename($file), $excluded_list)) { $excluded = TRUE; };
 		
 		if (!is_dir($ipath.$file) && !$excluded) {
-		
-			//Determine file type & set cooresponding class.
-			$file_class = "";
+
+			//Determine file type & set cooresponding icon type.
+			$type = "bin"; //default
 			$ext = end( explode(".", strtolower($file)) );
 			for ($x=0; $x < count($ftypes); $x++ ){
-				if ($ext == $ftypes[$x]){ $file_class = $fclasses[$x]; } 
+				if ($ext == $ftypes[$x]){ $type = $fclasses[$x]; } 
 			}
 ?>
 			<tr>
 				<td>
-					<?php echo '<a href="'.$ONESCRIPT.$varvar.'&amp;f='.$file.'&amp;p=edit" '; ?>
-					<?php echo 'class="',  $file_class, '">', $file, '</a>'; ?>
+					<?php echo '<a href="'.$ONESCRIPT.$param1.'&amp;f='.$file.'&amp;p=edit" >'; ?>
 
+					<?php echo  $file, '</a>'; ?>
 				</td>
 				<td class="meta_T meta_size">&nbsp;
 					<?php echo number_format(filesize($ipath.$file)).""; ?> B
@@ -408,7 +408,7 @@ function list_files() { // ...in a vertical table ******************************
 				</td>
 			</tr>
 <?php 
-		}//end if !is_dir
+		}//end if !is_dir...
 	}//end foreach file
 echo '</table>';
 }//end list_files() ************************************************************
@@ -425,7 +425,7 @@ function Index_Page(){ //*******************************************************
 		$folders = glob($ipath."*",GLOB_ONLYDIR);
 		natcasesort($folders);
 		foreach ($folders as $folder) {
-			echo '<a href="'.$ONESCRIPT.'?i='.$folder.'/" class="index_folder">';
+			echo '<a href="'.$ONESCRIPT.'?i='.$folder.'/">';
 
 			echo basename($folder).' /</a>';
 		}
@@ -444,10 +444,10 @@ function Index_Page(){ //*******************************************************
 
 
 function Edit_Page() { //*******************************************************
-	global $ONESCRIPT, $ipath, $varvar, $filename, $filecontent, $etypes, $itypes, $ftypes;
+	global $ONESCRIPT, $ipath, $param1, $filename, $filecontent, $etypes, $itypes, $ftypes;
 
-	$varvar2 = $varvar.'&amp;p=edit';
-	$varvar3 = $varvar.'&amp;f='.basename($filename);
+	$param2 = $param1.'&amp;f='.basename($filename);
+	$param3 = $param1.'&amp;f='.basename($filename).'&amp;p=edit';
 	
 	//Determine if editable file type
 	$ext = end( explode(".", strtolower($filename) ) );
@@ -458,7 +458,7 @@ function Edit_Page() { //*******************************************************
 	<a class="filename" href="/<?php echo $filename.'">'.basename($filename) ?></a>
 	</h2>
 
-	<form id="edit_form" name="edit_form" method="post" action="<?php echo $ONESCRIPT.$varvar2 ?>">
+	<form id="edit_form" name="edit_form" method="post" action="<?php echo $ONESCRIPT.$param3 ?>">
 		<p class="file_meta">
 		<span class="meta_size">Size<b>: </b> <?php echo number_format(filesize($filename)); ?> bytes</span> &nbsp; &nbsp; 
 		<span class="meta_time">Updated<b>: </b><script>FileTimeStamp(<?php echo filemtime($filename); ?>, 1);</script></span><br>
@@ -495,9 +495,9 @@ function Edit_Page() { //*******************************************************
 			document.getElementById('save_file').disabled = "disabled";
 			document.getElementById('reset').disabled     = "disabled";
 		</script>
-		<input type="button" class="button" value="Rename/Move" onclick="parent.location='<?php echo $ONESCRIPT.$varvar3.'&amp;p=rename'; ?>'">
-		<input type="button" class="button" value="Copy"        onclick="parent.location='<?php echo $ONESCRIPT.$varvar3.'&amp;p=copy'  ; ?>'">
-		<input type="button" class="button" value="Delete"      onclick="parent.location='<?php echo $ONESCRIPT.$varvar3.'&amp;p=delete'; ?>'">
+		<input type="button" class="button" value="Rename/Move" onclick="parent.location='<?php echo $ONESCRIPT.$param3.'&amp;p=rename'; ?>'">
+		<input type="button" class="button" value="Copy"        onclick="parent.location='<?php echo $ONESCRIPT.$param3.'&amp;p=copy'  ; ?>'">
+		<input type="button" class="button" value="Delete"      onclick="parent.location='<?php echo $ONESCRIPT.$param3.'&amp;p=delete'; ?>'">
 		<?php Close_Button(""); ?>
 		</p>
 	</form>
@@ -539,10 +539,10 @@ function Edit_Page() { //*******************************************************
 
 
 function Upload_Page() { //*****************************************************
-	global $ONESCRIPT, $ipath, $varvar;
+	global $ONESCRIPT, $ipath, $param1;
 ?>
 	<h2>Upload File</h2>
-	<form enctype="multipart/form-data" action="<?php echo $ONESCRIPT.$varvar; ?>" method="post">
+	<form enctype="multipart/form-data" action="<?php echo $ONESCRIPT.$param1; ?>" method="post">
 		<input type="hidden" name="sessionid" value="<?php echo session_id(); ?>">
 		<input type="hidden" name="MAX_FILE_SIZE" value="100000">
 		<input type="hidden" name="upload_destination" value="<?php echo $ipath; ?>" >
@@ -585,10 +585,10 @@ function Upload_Page() { //*****************************************************
 
 
 function New_File_Page() { //***************************************************
-	global $ONESCRIPT, $WEB_ROOT, $ipath, $varvar;
+	global $ONESCRIPT, $WEB_ROOT, $ipath, $param1;
 ?>
 		<h2 style="float: left;">New File</h2>
-		<form method="post" action="<?php echo $ONESCRIPT.$varvar; ?>">
+		<form method="post" action="<?php echo $ONESCRIPT.$param1; ?>">
 			<input type="hidden" name="sessionid" value="<?php echo session_id(); ?>">
 			<input type="text" name="new_filename" id="new_filename" class="textinput1" value="">
 			<p>	<?php Cancel_Submit_Buttons("Create","new_filename"); ?> </p>
@@ -615,7 +615,7 @@ function New_File_Page() { //***************************************************
 		fclose($handle);
 		$message = '"<b>'.$filename.'</b>"successfully created.';
 		$ipath = Check_path(dirname($filename)); //if changed, return to new dir.
-		$varvar = "?i=".$ipath;
+		$param1 = "?i=".$ipath;
 		$page = "edit";
 	}
 }//end NEW FILE response code **************************************************
@@ -626,13 +626,13 @@ function New_File_Page() { //***************************************************
 
 
 function Copy_File_Page(){ //***************************************************
-	global $ONESCRIPT, $WEB_ROOT, $ipath, $varvar, $filename;
+	global $ONESCRIPT, $WEB_ROOT, $ipath, $param1, $filename;
 
 	$new_filename = ordinalize($ipath, basename($filename));
 ?>
 	<h2>Copy File</h2>
 
-	<form method="post" id="new" action="<?php echo $ONESCRIPT.$varvar; ?>">
+	<form method="post" id="new" action="<?php echo $ONESCRIPT.$param1; ?>">
 		<input type="hidden" name="sessionid" value="<?php echo session_id(); ?>">
 		<p>
 			<label>Old filename:</label>
@@ -678,14 +678,14 @@ class="textinput" value="<?php echo $new_filename; ?>">
 
 
 function Rename_File_Page() { //************************************************
-	global $ONESCRIPT, $WEB_ROOT, $ipath, $varvar, $filename;
+	global $ONESCRIPT, $WEB_ROOT, $ipath, $param1, $filename;
 ?>
 	<h2>Rename/Move File</h2>
 
 	<p>To move a file, change the folder's name, as in 
 	"newfolder/filename.txt". The new folder must already exist.</p>
 
-	<form method="post" action="<?php echo $ONESCRIPT.$varvar; ?>">
+	<form method="post" action="<?php echo $ONESCRIPT.$param1; ?>">
 		<input type="hidden" name="sessionid" value="<?php echo session_id(); ?>">
 		<p>
 			<label>Old filename:</label>
@@ -711,7 +711,7 @@ function Rename_File_Page() { //************************************************
 	$new_filename = trim($_POST["rename_filename"], '/');
 
 	$page = "edit"; //return to edit page
-	
+
 	if (file_exists($new_filename)) {
 		$message .= '<b>(!) Error renaming or moving file - target filename already exists:<br>';
 		$message .= '(!) '.$new_filename.'</b>';
@@ -723,7 +723,7 @@ function Rename_File_Page() { //************************************************
 		$message .= '<b>"'.$new_filename.'</b>"<br>';
 		$filename = $new_filename;
 		$ipath = Check_path(dirname($filename)); //if changed, return to new dir.
-		$varvar = '?i='.$ipath;
+		$param1 = '?i='.$ipath;
 	}else{
 		$message .= '<b>(!) Error renaming/moving file from:<br>"'.$old_filename.'"</b>';
 		$message .= '<b>(!) To:<br>"'.$new_filename.'"</b>';
@@ -735,11 +735,11 @@ function Rename_File_Page() { //************************************************
 
 
 function Delete_File_Page() { //************************************************
-	global $ONESCRIPT, $WEB_ROOT, $ipath, $varvar, $filename;
+	global $ONESCRIPT, $WEB_ROOT, $ipath, $param1, $filename;
 ?>
 	<h2 style="float: left;">Delete File</h2>
 
-	<form method="post" action="<?php echo $ONESCRIPT.$varvar; ?>">
+	<form method="post" action="<?php echo $ONESCRIPT.$param1; ?>">
 		<input type="hidden" name="sessionid" value="<?php echo session_id(); ?>">
 		<input type="hidden" name="delete_filename" value="<?php echo $filename; ?>" >
 		<span class="verify"><?php echo basename($filename); ?></span>
@@ -769,10 +769,10 @@ function Delete_File_Page() { //************************************************
 
 
 function New_Folder_Page() { //*************************************************
-	global $ONESCRIPT, $WEB_ROOT, $ipath, $varvar;
+	global $ONESCRIPT, $WEB_ROOT, $ipath, $param1;
 ?>
 	<h2 style="float: left;">New Folder</h2>
-	<form method="post" action="<?php echo $ONESCRIPT.$varvar; ?>">
+	<form method="post" action="<?php echo $ONESCRIPT.$param1; ?>">
 		<input type="hidden" name="sessionid" value="<?php echo session_id(); ?>">
 		<input type="text" name="new_folder" id="new_folder" class="textinput1" value="">
 		<p><?php Cancel_Submit_Buttons("Create","new_folder"); ?></p>
@@ -798,7 +798,7 @@ function New_Folder_Page() { //*************************************************
 	}elseif (mkdir($new_folder)) {
 		$message .= 'Folder "<b>'.basename($new_folder).'</b>" successfully created.';
 		$ipath   = $new_folder;  //cd to new folder
-		$varvar = "?i=".$ipath;
+		$param1 = "?i=".$ipath;
 	}else{
 		$message .= "<b>(!) Error- new folder not created.</b>";
 	}
@@ -809,10 +809,10 @@ function New_Folder_Page() { //*************************************************
 
 
 function Rename_Folder_Page() { //**********************************************
-	global $ONESCRIPT, $WEB_ROOT, $ipath, $varvar;
+	global $ONESCRIPT, $WEB_ROOT, $ipath, $param1;
 ?>
 	<h2>Rename Folder</h2>
-	<form method="post" action="<?php echo $ONESCRIPT.$varvar; ?>">
+	<form method="post" action="<?php echo $ONESCRIPT.$param1; ?>">
 		<input type="hidden" name="sessionid" value="<?php echo session_id(); ?>">
 		<p>
 			<label>Old name:</label><input type="hidden" name="old_foldername" value="<?php echo $ipath; ?>">
@@ -849,7 +849,7 @@ function Rename_Folder_Page() { //**********************************************
 		$message .= ' --- successfully renamed to ---<br>';
 		$message .= '<b>"'.$new_foldername.'/</b>"<br>';
 		$ipath    = Check_path($new_foldername); //Return to new folder
-		$varvar = "?i=".$ipath;
+		$param1 = "?i=".$ipath;
 	} else {
 		$message = "<b>(!)</b> There was an error during rename. Try again and/or contact your admin.";
 	}
@@ -860,11 +860,11 @@ function Rename_Folder_Page() { //**********************************************
 
 
 function Delete_Folder_Page(){ //***********************************************
-	global $ONESCRIPT, $WEB_ROOT, $ipath, $varvar;
+	global $ONESCRIPT, $WEB_ROOT, $ipath, $param1;
 ?>
 	<br><h2>Delete Folder</h2>
 
-	<form method="post" action="<?php echo $ONESCRIPT.$varvar; ?>">
+	<form method="post" action="<?php echo $ONESCRIPT.$param1; ?>">
 		<input type="hidden" name="sessionid" value="<?php echo session_id(); ?>">
 		<input type="hidden" name="delete_foldername" value="<?php echo $ipath; ?>" >
 		<span class="web_root"><?php echo $WEB_ROOT.Check_path(dirname($ipath)); ?></span>
@@ -892,7 +892,7 @@ function Delete_Folder_Page(){ //***********************************************
 	if (@rmdir($foldername)) {
 		$message = 'Folder "<b>'.basename($foldername).'</b>" successfully deleted.';
 		$ipath = Check_path($foldername); //Return to parent dir.
-		$varvar = "?i=".$ipath;
+		$param1 = "?i=".$ipath;
 	} else {
 		$message .= '<b>(!) "'.$foldername.'/"</b> an error occurred during delete.';
 	}
@@ -1132,7 +1132,7 @@ function style_sheet(){ //****************************************************?>
 
 label { display: inline-block; width : 7em; font-size : 1em; }
 
-
+svg { margin: 0; padding: 0; }
 
 pre {
 	background: white;
@@ -1230,23 +1230,12 @@ function style_sheet(){ //****************************************************?>
 .index_T a { 
 	height : 1em;
 	display: block;
-	padding: .2em 1em .3em 1.6em;
+	padding: .2em 1em .3em .3em;
 	color  : rgb(100,45,0);
 	border : none;
-	background : url("http://self-evident.github.com/OneFileCMS/images/file-bin.png") 3px no-repeat;
 	overflow   : hidden;
 	}
 
-
-.index_T a.txt { background: url("http://self-evident.github.com/OneFileCMS/images/file-txt.png") 3px no-repeat; }
-.index_T a.htm { background: url("http://self-evident.github.com/OneFileCMS/images/file-htm.png") 3px no-repeat; }
-.index_T a.css { background: url("http://self-evident.github.com/OneFileCMS/images/file-css.png") 3px no-repeat; }
-.index_T a.php { background: url("http://self-evident.github.com/OneFileCMS/images/file-php.png") 3px no-repeat; }
-.index_T a.cfg { background: url("http://self-evident.github.com/OneFileCMS/images/file-cfg.png") 3px no-repeat; }
-.index_T a.img { background: url("http://self-evident.github.com/OneFileCMS/images/file-img.png") 3px no-repeat; }
-.index_T a.bin { background: url("http://self-evident.github.com/OneFileCMS/images/file-bin.png") 3px no-repeat; }
-.index_T a.svg { background: url("http://self-evident.github.com/OneFileCMS/images/file-svg.png") 3px no-repeat; }
-
 .index_T a:hover { background-color: rgb(255,250,150); }
 .index_T a:focus { background-color: rgb(255,250,150); }
 
@@ -1286,8 +1275,7 @@ function style_sheet(){ //****************************************************?>
 	font-size    : 1em;
 	margin-right : .6em;
 	margin-bottom: .1em;
-	padding      : 3px .4em 3px 25px; /*TRBL*/
-	background : url("http://self-evident.github.com/OneFileCMS/images/folder-2.png") 4px 3px no-repeat;
+	padding      : 3px .4em 3px 5px; /*TRBL*/
 	}
 
 .index_folders a:hover { background-color: rgb(255,250,150); }
@@ -1302,19 +1290,13 @@ function style_sheet(){ //****************************************************?>
 .front_links a {
 	display: inline-block;
 	border : 1px solid #807568;
-	height      : 16px;
-	font-size   : 16px;
-	margin-right: 15px;
-	padding     : 3px 5px 5px 21px; /*TRBL*/
+	height      : 1em;
+	font-size   : 1em;
+	margin-right: 1em;
+	padding     : 3px 5px 5px 4px; /*TRBL*/
 	background-color: #EEE;
 	}
 
-.front_links a.upload       { background: #EEE url("http://self-evident.github.com/OneFileCMS/images/upload.png") 3px      3px no-repeat; }
-.front_links a.new          { background: #EEE url("http://self-evident.github.com/OneFileCMS/images/file-new-2.png")      3px 4px no-repeat; }
-.front_links a.newfolder    { background: #EEE url("http://self-evident.github.com/OneFileCMS/images/folder-new-2.png")    2px 5px no-repeat; }
-.front_links a.renamefolder { background: #EEE url("http://self-evident.github.com/OneFileCMS/images/folder-rename-1.png") 1px 4px no-repeat; }
-.front_links a.deletefolder { background: #EEE url("http://self-evident.github.com/OneFileCMS/images/folder-del-3.png")    1px 5px no-repeat; }
-
 .front_links a:hover  { background-color: rgb(255,250,150); }
 .front_links a:focus  { background-color: rgb(255,250,150); }
 

From f53270f2bc25e51bb3300e0797681ce1d0d59502 Mon Sep 17 00:00:00 2001
From: David <selfevidenttruths@mail.com>
Date: Sun, 20 May 2012 18:10:09 -0400
Subject: [PATCH 063/228] Version 3.0 Same as 2.0, with SVG icons.

---
 onefilecms.php  | 249 +++++++++++++++++++++++++++++++++++++++++++++---
 readme.markdown |  87 +++++++++++++----
 2 files changed, 304 insertions(+), 32 deletions(-)

diff --git a/onefilecms.php b/onefilecms.php
index 100e937..bbb331a 100755
--- a/onefilecms.php
+++ b/onefilecms.php
@@ -2,7 +2,7 @@
 // OneFileCMS - http://onefilecms.com/
 // For license & copyright info, see OneFileCMS.License.BSD.txt
 
-$version = '"Lite" (v2.0)';
+$version = '3.0';
 
 
 if( phpversion() < '5.0.0' ) { exit("OneFileCMS requires PHP5 to operate (v5.4 recommended). Please contact your host to upgrade your PHP installation."); };
@@ -176,7 +176,7 @@ function message_box() { //*********************************
 		<div id="message"><p>
 		<span><!-- [X] to dismiss message box -->	
 			<a id="dismiss" href='<?php echo $ONESCRIPT.$param1; ?>'
-			onclick='document.getElementById("message").innerHTML = " ";return false;'>
+ 			onclick='document.getElementById("message").innerHTML = " ";return false;'>
 			[X]</a>
 		</span>
 		<?php echo $message.PHP_EOL ;?>
@@ -197,12 +197,12 @@ function Upload_New_Rename_Delete_Links() { //**************
 	global $ONESCRIPT, $ipath, $param1;
 
 	echo '<p class="front_links">';
-	echo '<a href="'.$ONESCRIPT.$param1.'&amp;p=upload">Upload File</a>';
-	echo '<a href="'.$ONESCRIPT.$param1.'&amp;p=new">New File</a>'   ;
-	echo '<a href="'.$ONESCRIPT.$param1.'&amp;p=newfolder">New Folder</a>' ;
+	echo '<a href="'.$ONESCRIPT.$param1.'&amp;p=upload">'   ; svg_icon_upload()    ; echo 'Upload File</a>';
+	echo '<a href="'.$ONESCRIPT.$param1.'&amp;p=new">'      ; svg_icon_new_file()  ; echo 'New File</a>'   ;
+	echo '<a href="'.$ONESCRIPT.$param1.'&amp;p=newfolder">'; svg_icon_new_folder(); echo 'New Folder</a>' ;
 	if ($ipath !== "") {
-		echo '<a href="'.$ONESCRIPT.$param1.'&amp;p=renamefolder">Rename Folder</a>';
-		echo '<a href="'.$ONESCRIPT.$param1.'&amp;p=deletefolder">Delete Folder</a>';
+		echo '<a href="'.$ONESCRIPT.$param1.'&amp;p=renamefolder">'; svg_icon_rename_folder();echo 'Rename Folder</a>';
+		echo '<a href="'.$ONESCRIPT.$param1.'&amp;p=deletefolder">'; svg_icon_del_folder();   echo 'Delete Folder</a>';
 	}
 	echo '</p>';
 }//end Upload_New_Rename_Delete_Links()  *******************
@@ -304,6 +304,233 @@ function show_favicon(){
 
 
 
+function svg_icon_bin(){ //***************************************************?>
+<svg  id="bin" xmlns="http://www.w3.org/2000/svg" version="1.1" width="14" height="16" Xshape-rendering="crispEdges">
+	<g transform="translate( 0.5,0.5)"><line x1="0" y1="-.5"   x2="0" y2="6.5"  stroke="#555" stroke-width="1"/></g>
+	<g transform="translate( 2.5,0.5)"><rect x="0"  y="0"  width="3" height="6" fill="white" stroke="#555" stroke-width="1" /></g>
+	<g transform="translate( 8.5,0.5)"><line x1="0" y1="-.5"   x2="0" y2="6.5"  stroke="#555" stroke-width="1"/></g>
+	<g transform="translate(11.5,0.5)"><line x1="0" y1="-.5"   x2="0" y2="6.5"  stroke="#555" stroke-width="1"/></g>
+	<g transform="translate( 0.5,9.5)"><rect x="0"  y="0"  width="3" height="6" fill="white" stroke="#555" stroke-width="1" /></g>
+	<g transform="translate( 6.5,9.5)"><line x1="0" y1="-.5"   x2="0" y2="6.5"  stroke="#555" stroke-width="1"/></g>
+	<g transform="translate( 8.5,9.5)"><rect x="0"  y="0"  width="3" height="6" fill="white" stroke="#555" stroke-width="1" /></g>
+</svg>
+<?php } //end svg_icon_bin() ***************************************************
+
+
+function svg_icon_img(){ //***************************************************?>
+<svg xmlns="http://www.w3.org/2000/svg" version="1.1" width="14" height="16" shape-rendering="crispEdges">
+	<rect x="0"    y="0"   width="14" height="16" fill="#FF8" stroke="RGB(140,140,255)" stroke-width="2" />
+	<rect x="2"    y="2"   width="5"  height="5"  fill="#F88" stroke-width="0" />
+	<rect x="7.5"  y="6"   width="5"  height="5"  fill="#8F8" stroke-width="0" />
+	<rect x="2"    y="10"  width="5"  height="5"  fill="#88F" stroke-width="0" />
+</svg>
+<?php } //end svg_icon_img() ***************************************************
+
+
+
+function svg_icon_svg(){ //***************************************************?>
+<svg xmlns="http://www.w3.org/2000/svg" version="1.1" width="14" height="16" shape-rendering="crispEdges">
+	<rect x="0"    y="0"   width="14" height="16" fill="#FF8" stroke="RGB(140,140,255)" stroke-width="2" />
+	<rect x="2"    y="2"   width="5"  height="5"  fill="#F88" stroke-width="0" />
+	<rect x="7.5"  y="6"   width="5"  height="5"  fill="#8F8" stroke-width="0" />
+	<rect x="2"    y="10"  width="5"  height="5"  fill="#88F" stroke-width="0" />
+	<line x1="3" y1="3.5"  x2="11" y2="3.5"  stroke="#888" stroke-width=".6"/>
+	<line x1="3" y1="6.5"  x2="11" y2="6.5"  stroke="#888" stroke-width=".6"/>
+	<line x1="3" y1="9.5"  x2="11" y2="9.5"  stroke="#888" stroke-width=".6"/>
+	<line x1="3" y1="12.5" x2="11" y2="12.5" stroke="#888" stroke-width=".6"/>
+</svg>
+<?php } //end svg_icon_img() ***************************************************
+
+
+
+function svg_icon_txt(){ //***************************************************?>
+<svg xmlns="http://www.w3.org/2000/svg" version="1.1" width="14" height="16">
+	<rect x = "0" y = "0" width = "14" height = "16" fill="white" stroke="#333" stroke-width="2" />
+	<line x1="3" y1="3.5"  x2="11" y2="3.5"  stroke="black" stroke-width=".6"/>
+	<line x1="3" y1="6.5"  x2="11" y2="6.5"  stroke="black" stroke-width=".6"/>
+	<line x1="3" y1="9.5"  x2="11" y2="9.5"  stroke="black" stroke-width=".6"/>
+	<line x1="3" y1="12.5" x2="11" y2="12.5" stroke="black" stroke-width=".6"/>
+</svg>
+<?php } //end svg_icon_txt() ***************************************************
+
+
+
+function svg_icon_htm(){ //***************************************************?>
+<svg xmlns="http://www.w3.org/2000/svg" version="1.1" width="14" height="16">
+	<rect x = "0" y = "0" width = "14" height = "16" fill="rgb(250,190,170)" stroke="#444" stroke-width="2" />
+	<line x1="3" y1="3.5"  x2="11" y2="3.5"  stroke="black" stroke-width=".6"/>
+	<line x1="3" y1="6.5"  x2="11" y2="6.5"  stroke="black" stroke-width=".6"/>
+	<line x1="3" y1="9.5"  x2="11" y2="9.5"  stroke="black" stroke-width=".6"/>
+	<line x1="3" y1="12.5" x2="11" y2="12.5" stroke="black" stroke-width=".6"/>
+</svg>
+<?php } //end svg_icon_htm() ***************************************************
+
+
+
+function svg_icon_cfg(){ //***************************************************?>
+<svg xmlns="http://www.w3.org/2000/svg" version="1.1" width="14" height="16">
+	<rect x="0"  y="0"  width="14"  height="16"  fill="#DDD" stroke="#444" stroke-width="2" />
+	<line x1="3" y1="3.5"  x2="11" y2="3.5"  stroke="black" stroke-width=".6"/>
+	<line x1="3" y1="6.5"  x2="11" y2="6.5"  stroke="black" stroke-width=".6"/>
+	<line x1="3" y1="9.5"  x2="11" y2="9.5"  stroke="black" stroke-width=".6"/>
+	<line x1="3" y1="12.5" x2="11" y2="12.5" stroke="black" stroke-width=".6"/>
+</svg>
+<?php } //end svg_icon_cfg() ***************************************************
+
+
+
+function svg_icon_php(){ //***************************************************?>
+<svg xmlns="http://www.w3.org/2000/svg" version="1.1" width="14" height="16">
+	<rect x="0" y = "0" width = "14" height = "16" fill="rgb(195,195,225)" stroke="#444" stroke-width="2" />
+	<line x1="3" y1="3.5"  x2="11" y2="3.5"  stroke="black" stroke-width=".6"/>
+	<line x1="3" y1="6.5"  x2="11" y2="6.5"  stroke="black" stroke-width=".6"/>
+	<line x1="3" y1="9.5"  x2="11" y2="9.5"  stroke="black" stroke-width=".6"/>
+	<line x1="3" y1="12.5" x2="11" y2="12.5" stroke="black" stroke-width=".6"/>
+</svg>
+<?php } //end svg_icon_php() ***************************************************
+
+
+
+function svg_icon_css(){ //***************************************************?>
+<svg xmlns="http://www.w3.org/2000/svg" version="1.1" width="14" height="16">
+	<rect x="0"  y="0"  width="14"  height="16"  fill="rgb(255,225,165)" stroke="#444" stroke-width="2" />
+	<line x1="3" y1="3.5"  x2="11" y2="3.5"  stroke="black" stroke-width=".6"/>
+	<line x1="3" y1="6.5"  x2="11" y2="6.5"  stroke="black" stroke-width=".6"/>
+	<line x1="3" y1="9.5"  x2="11" y2="9.5"  stroke="black" stroke-width=".6"/>
+	<line x1="3" y1="12.5" x2="11" y2="12.5" stroke="black" stroke-width=".6"/>
+</svg>
+<?php } //end svg_icon_css() ***************************************************
+
+
+
+function svg_icon_upload(){ //************************************************?>
+<svg xmlns="http://www.w3.org/2000/svg" version="1.1" width="14" height="16" >
+	<path d="M0,0 L14,0 L14,8 M14,12 L14,16 L12,16 M7,16 L0,16 L0,0" fill="white" stroke="#444" stroke-width="2" />
+	<line x1="3" y1="3.5"  x2="11" y2="3.5"  stroke="black" stroke-width=".6"/>
+	<line x1="3" y1="6.5"  x2="7"  y2="6.5"  stroke="black" stroke-width=".6"/>
+	<line x1="3" y1="9.5"  x2="4"  y2="9.5"  stroke="black" stroke-width=".6"/>
+	<line x1="3" y1="12.5" x2="7"  y2="12.5" stroke="black" stroke-width=".6"/>
+	<g transform="translate(5,6)">
+	  <polygon points="4.5,0  9,5  0,5" stroke-width="0" stroke="white" fill="green" shape-rendering="crispEdges"/>
+	  <line x1="4.5" y1="5" x2="4.5"  y2="10" stroke="green" fill="green" stroke-width="3" shape-rendering="crispEdges"/>
+	</g>
+</svg>
+<?php } //end svg_icon_upload() ************************************************
+
+
+
+function svg_icon_new_file(){ //**********************************************?>
+<svg xmlns="http://www.w3.org/2000/svg" version="1.1" width="14" height="16" >
+	<rect x = "0" y = "0" width = "14" height = "16" fill="white" stroke="#444" stroke-width = "2" />
+	<line x1="3" y1="3.5"  x2="11" y2="3.5"  stroke="black" stroke-width=".5"/>
+	<line x1="3" y1="6.5"  x2="11" y2="6.5"  stroke="black" stroke-width=".5"/>
+	<line x1="3" y1="9.5"  x2="11" y2="9.5"  stroke="black" stroke-width=".5"/>
+	<line x1="3" y1="12.5" x2="11" y2="12.5" stroke="black" stroke-width=".5"/>
+	<g transform="translate(4,6)">
+	  <circle cx="5" cy="5" r="5" stroke="black" stroke-width="0" fill="#080"/>
+	  <line x1="2" y1="5" x2="8" y2="5" stroke="white" stroke-width="1.5" shape-rendering="crispEdges"/>
+	  <line x1="5" y1="2" x2="5" y2="8" stroke="white" stroke-width="1.5" shape-rendering="crispEdges"/>
+	</g>
+</svg>
+<?php } //end svg_icon_new_file() **********************************************
+
+
+
+function svg_icon_del_file(){ //**********************************************?>
+<svg xmlns="http://www.w3.org/2000/svg" version="1.1" width="14" height="16">
+	<rect x = "0" y = "0" width = "14" height = "16" fill="white" stroke="#444" stroke-width = "2" />
+	<line x1="3" y1="3.5"  x2="11" y2="3.5"  stroke="black" stroke-width=".5" />
+	<line x1="3" y1="6.5"  x2="11" y2="6.5"  stroke="black" stroke-width=".5" />
+	<line x1="3" y1="9.5"  x2="11" y2="9.5"  stroke="black" stroke-width=".5" />
+	<line x1="3" y1="12.5" x2="11" y2="12.5" stroke="black" stroke-width=".5" />
+	<g transform="translate(4,6)">
+	<circle cx="5" cy="5" r="5" stroke="black" stroke-width="0" fill="#D00"/>
+	<line x1="2.5" y1="2.5" x2="7.5" y2="7.5" stroke="white" stroke-width="1.5"/>
+	<line x1="7.5" y1="2.5" x2="2.5" y2="7.5" stroke="white" stroke-width="1.5"/>
+	<g>
+</svg>
+<?php } //end svg_icon_del_file() **********************************************
+
+
+
+function svg_icon_folder(){ //************************************************?>
+<svg xmlns="http://www.w3.org/2000/svg" version="1.1" width="18" height="14">
+	<path  d="M0.5, 1  L8,  1  L9,  2    L9,3     L16.5,3  L17,3.5  L17,13.5  L.5,13.5  L.5,.5" fill="#FBE47b" stroke="#F0CD28" stroke-width="1" />
+	<path  d="M1.5, 8  L7,  8  L8.5,6.3  L16,6.3  L7.5, 6.3   L6.5,7.5  L1.5,7.5"  fill="transparent" stroke="white" stroke-width="1" />
+	<path  d="M1.5,13  L1.5,2  L7.5,2    L8.5,3   L8.5, 4  L15.5,4 L16,4.5  L16,13" fill="transparent" stroke="white" stroke-width="1"/>
+</svg>
+<?php } //end svg_icon_folder() ************************************************
+
+
+
+function svg_icon_new_folder(){ //********************************************?>
+<svg xmlns="http://www.w3.org/2000/svg" version="1.1" width="18" height="14">
+	<path  d="M0.5, 1  L8,  1  L9,  2    L9,3     L16.5,3  L17,3.5  L17,13.5  L.5,13.5  L.5,.5" fill="#FBE47b" stroke="#F0CD28" stroke-width="1" />
+	<path  d="M1.5, 8  L7,  8  L8.5,6.3  L16,6.3  L7.5, 6.3   L6.5,7.5  L1.5,7.5"  fill="transparent" stroke="white" stroke-width="1" />
+	<path  d="M1.5,13  L1.5,2  L7.5,2    L8.5,3   L8.5, 4  L15.5,4 L16,4.5  L16,13" fill="transparent" stroke="white" stroke-width="1"/>
+	<g transform="translate(7.5,4)">
+	  <circle cx="5" cy="5" r="5" stroke="black" stroke-width="0" fill="#080"/>
+	  <line x1="2" y1="5" x2="8" y2="5" stroke="white" stroke-width="1.5" shape-rendering="crispEdges"/>
+	  <line x1="5" y1="2" x2="5" y2="8" stroke="white" stroke-width="1.5" shape-rendering="crispEdges"/>
+	</g>
+</svg>
+<?php } //end svg_icon_new_folder() ********************************************
+
+
+
+function svg_icon_rename_folder(){ //*****************************************?>
+<svg xmlns="http://www.w3.org/2000/svg" version="1.1" width="18" height="14">
+	<path  d="M0.5, 1  L8,  1  L9,  2    L9,3     L16.5,3  L17,3.5  L17,13.5  L.5,13.5  L.5,.5" fill="#FBE47b" stroke="#F0CD28" stroke-width="1" />
+	<path  d="M1.5, 8  L7,  8  L8.5,6.3  L16,6.3  L7.5, 6.3   L6.5,7.5  L1.5,7.5"  fill="transparent" stroke="white" stroke-width="1" />
+	<path  d="M1.5,13  L1.5,2  L7.5,2    L8.5,3   L8.5, 4  L15.5,4 L16,4.5  L16,13" fill="transparent" stroke="white" stroke-width="1"/>
+	<g transform="translate(6,3)">
+	  <polygon points="2,0 9,7 7,9 0,2" stroke-width="1" stroke="darkgoldenrod" fill="rgb(246,222,100)"/>
+	  <path  d="M0,2   L0,0  L2,0"      stroke="tan" fill="tan" stroke-width="1"  shape-rendering="crispEdges"/>
+	  <path  d="M0,1.5   L0,0  L1.5,0"      stroke="black" fill="transparent" stroke-width="1"  shape-rendering="crispEdges"/>
+	  <line x1="7.3" y1="10"  x2="10" y2="7.3"  stroke="silver" stroke-width="1"/>
+	  <line x1="8.1" y1="10.8"  x2="10.8" y2="8.1"  stroke="red" stroke-width="1"/>
+	</g>
+</svg>
+<?php } //end svg_icon_() ***************************************************
+
+
+
+function svg_icon_del_folder(){ //********************************************?>
+<svg xmlns="http://www.w3.org/2000/svg" version="1.1" width="18" height="14">
+	<path  d="M0.5, 1  L8,  1  L9,  2    L9,3     L16.5,3  L17,3.5  L17,13.5  L.5,13.5  L.5,.5" fill="#FBE47b" stroke="#F0CD28" stroke-width="1" />
+	<path  d="M1.5, 8  L7,  8  L8.5,6.3  L16,6.3  L7.5, 6.3   L6.5,7.5  L1.5,7.5"  fill="transparent" stroke="white" stroke-width="1" />
+	<path  d="M1.5,13  L1.5,2  L7.5,2    L8.5,3   L8.5, 4  L15.5,4 L16,4.5  L16,13" fill="transparent" stroke="white" stroke-width="1"/>
+	<g transform="translate(7.5,4)">
+	  <circle cx="5" cy="5" r="5" stroke="black" stroke-width="0" fill="#D00"/>
+	  <line x1="2.5" y1="2.5" x2="7.5" y2="7.5" stroke="white" stroke-width="1.5"/>
+	  <line x1="7.5" y1="2.5" x2="2.5" y2="7.5" stroke="white" stroke-width="1.5"/>
+	</g>
+</svg>
+<?php } //end svg_icon_del_folder() ********************************************
+
+
+
+function show_icon($type){ //***************************************************
+	if ($type == 'bin') { svg_icon_bin(); }
+	if ($type == 'img') { svg_icon_img(); }
+	if ($type == 'svg') { svg_icon_svg(); }
+	if ($type == 'txt') { svg_icon_txt(); }
+	if ($type == 'htm') { svg_icon_htm(); }
+	if ($type == 'cfg') { svg_icon_cfg(); }
+	if ($type == 'php') { svg_icon_php(); }
+	if ($type == 'css') { svg_icon_css(); }
+	if ($type == 'upload')        { svg_icon_upload();     }
+	if ($type == 'new_file')      { svg_icon_new_file();   }
+	if ($type == 'del_file')      { svg_icon_del_file();   }
+	if ($type == 'folder')        { svg_icon_folder();     }
+	if ($type == 'new_folder')    { svg_icon_new_folder(); }
+	if ($type == 'rename_folder') { svg_icon_rename_folder(); }
+	if ($type == 'del_folder')    { svg_icon_del_folder(); }
+}//end show_icon() *************************************************************
+
+
+
+
 //Don't load login screen if already in a valid session *************
 if (($page == "login") and ($_SESSION['valid'])) { $page = "index"; }
 
@@ -397,7 +624,7 @@ function list_files() { // ...in a vertical table ******************************
 			<tr>
 				<td>
 					<?php echo '<a href="'.$ONESCRIPT.$param1.'&amp;f='.$file.'&amp;p=edit" >'; ?>
-
+					<span class="icon"><?php show_icon($type); ?></span>
 					<?php echo  $file, '</a>'; ?>
 				</td>
 				<td class="meta_T meta_size">&nbsp;
@@ -426,7 +653,7 @@ function Index_Page(){ //*******************************************************
 		natcasesort($folders);
 		foreach ($folders as $folder) {
 			echo '<a href="'.$ONESCRIPT.'?i='.$folder.'/">';
-
+			svg_icon_folder();
 			echo basename($folder).' /</a>';
 		}
 	echo '</p>';
@@ -711,7 +938,7 @@ function Rename_File_Page() { //************************************************
 	$new_filename = trim($_POST["rename_filename"], '/');
 
 	$page = "edit"; //return to edit page
-
+	
 	if (file_exists($new_filename)) {
 		$message .= '<b>(!) Error renaming or moving file - target filename already exists:<br>';
 		$message .= '(!) '.$new_filename.'</b>';
@@ -1442,7 +1669,7 @@ function style_sheet(){ //****************************************************?>
 	font: 1.2em Courier;
 	}
 
-
+.icon {float: left; margin: 0 5px 0 0;}
 </style>
 <?php }//end style_sheet() *****************************************************
 
diff --git a/readme.markdown b/readme.markdown
index df01f7f..3126e80 100755
--- a/readme.markdown
+++ b/readme.markdown
@@ -1,6 +1,10 @@
-### May 18, 2012
+### May 20, 2012
 
-# Current stable version: 1.4.0
+# Current stable versions: 1.5, 2.0, & 3.0
+
+- 3.0: "Full" version - uses svg icons
+- 2.0: "Lite" version - uses no icons.
+- 1.5: style sheet is now part of onfilecms.php file, but still uses external icons.
 
 --------------------------------------------------------------------------------
 
@@ -32,7 +36,7 @@
 
 # OneFileCMS
 
-## Yeah, it's exactly what you think.
+## Yes, that's exactly what it is!
 
 Main screen:
 ![OneFileCMS](http://self-evident.github.com/OneFileCMS/images/OneFileCMS_screenshot.png)
@@ -54,16 +58,13 @@ Coupling a utilitarian code editor with all the basic necessities of an FTP appl
 - All the basic features of an FTP application like renaming, deleting, copying, and uploading
   _(Of course, for more complex processes like batch renaming or mass uploads/deletions, you're going to want to break out an actual FTP program.)_
 - Alert if you try to leave without saving your edits
-- Easily re-brandable via the title text stored in a configurable variable, and a modifiable filename.
-- Externally hosted CSS and images.
-  _(Of course, you can switch it out to your own stylesheet if you need to!)_
+- Easily modifiable & re-brandable.
 - Possibly the easiest installation process ever!
 
 ## Installation
 
 1) Download [this file](https://raw.github.com/Self-Evident/OneFileCMS/master/onefilecms.php).
 
-
 2) Set your username and password - edit them to something less obvious.
 
     // CONFIGURATION INFO
@@ -72,7 +73,7 @@ Coupling a utilitarian code editor with all the basic necessities of an FTP appl
 
 3) Upload!
 
-Depending on how your stack is set up, you may also have to modify the file permissions of your site's folders to allow OneFileCMS to modify and create files. ([More about that here.](http://catcode.com/teachmod/)) Make sure onefilecms.php and its parent folder are allowed to execute, with CHMOD at 777 or 755. Check with your host if you're not sure, and be aware of any inherent security concerns.
+Depending on how your web stack is set up, you may also have to modify the file permissions of your site's folders to allow OneFileCMS to modify and create files. ([More about that here.](http://catcode.com/teachmod/)) Make sure onefilecms.php and its parent folder are allowed to execute, with CHMOD at 755. Check with your host if you're not sure, and be aware of any inherent security concerns.
 
 You can also change the name of OneFileCMS.php to something else. _(Be careful making it a folder's default file: your server may get stuck in redirects.)_
 
@@ -80,27 +81,23 @@ You can also change the name of OneFileCMS.php to something else. _(Be careful m
 
 ### Where's the WYSIWYG? What about syntax highlighting?
 
-WYSWIWYG editors have been requested, but probably won’t ever come standard, as they’d bloat the system out and/or make it more than one file, sort of defeating the point of OneFileCMS. Plus, if you’re working in PHP or non-HTML code, they're generally more of a hindrance than anything else.
-
-Just because I don't want to do it, though, doesn't mean it's impossible.  Look for the second instance of this line:
-
-    // EDIT
+WYSWIWYG editors have been requested, but probably won’t become standard, as they’d bloat the system out and/or make it more than one file, sort of defeating the point of OneFileCMS. Plus, if you’re working in PHP or non-HTML code, they're generally more of a hindrance than anything else.
 
-This is the edit page code. Its textarea can be modified to work with whatever editor you like. 
+Just because I don't want to do it, though, doesn't mean it's impossible.  Look for the Edit_Page() function. Its textarea can be modified to work with whatever editor you like. 
 
 ### I found something that could be better. Can I suggest it to you?
 
 Yes, of course, you can!
 
-I may not have the bandwidth to implement every feature, but I'll do what I can. If it's urgent, contact me.
+I may not have the time/bandwidthinclination to implement every feature, but I'll do what I can. If it's urgent, contact me.
 
 Otherwise, try [forking the file and submitting your changes to me](https://github.com/blog/844-forking-with-the-edit-button).
 
 Everything's welcome!
 
-### This is basically just a file manager with a text editor. Why is it being called a Content Management System?
+### This is basically just a file manager with a text editor. Why is it being a Content Management System?
 
-Because "OneFileFileManagerTextEditor" just doesn't have the same ring to it...
+Well, because "OneFileFileManagerTextEditor" just doesn't have the same ring to it...
 
 ### Multi-Language Support?
 
@@ -112,6 +109,22 @@ The reason there isn't default support for multiple users is that all of their i
 
 ## Change Log
 
+### 3.0
+
+- Implemented svg icons
+
+
+### 2.0
+
+- OneFileCMS is now actually ONE FILE! No external style sheets or icons.
+  __(Of course, external style sheets & icons can be added back in, if you like.)__
+
+- This is OneFileCMS "Lite", and will be maintained along with v3.0
+
+### 1.5 
+
+- Style sheet is now part of onfilecms.php file, but still uses external icons.
+- Some minor logic improvements on Edit & Index pages.
 
 ### 1.4.0
 
@@ -208,8 +221,11 @@ The reason there isn't default support for multiple users is that all of their i
 
 ## Requirements
 
-- PHP5 (PHP4 untested)
+- PHP 5.4
+  __(Older 5.x versions may work, but there will be issues editing files with back slashes.  See php docs on magic_quotes_gpc & stripslashes().)__
 - File permission privileges
+- Javascript enabled browswer
+- (and, if you use IE, IE9+ for svg support if using OneFileCMS 3.0+) 
 
 ## Credit, License, Et Cetera
 
@@ -224,8 +240,37 @@ To report a bug or request a feature, please file an issue via Github. Forks enc
 ##Needed/potential/upcoming improvements
 
 - With Chrome, and possibly Safari, issue with Edit page: Clicking browser [back] & then browser [forward],  with file changed and not saved. On return (after [forward] clicked), file still has changes, but indicators are green (saved/unchanged). Does not affect FF 7+ or IE 8+.
-- Prompt to prevent automatic overwrite when uploading or renaming files.
-- Embed css and remove or swtich to svg icons to create a true "OneFileCMS"
-  (in the works)
 - Check size of file to upload, verify under max post/upload limits.
 - Multiple login names?
+
+
+--------------------------------------------------------------------------------
+
+### General layout/structure of OneFileCMS.php
+
+Configurable Info
+Setup a few general & global values.
+Session start
+Misc functions
+svg_icons_...() functions
+Set page title
+Logout response
+Login_Page() function
+list_files() function
+Index_Page() function
+
+<page...>() functions
+<page...>   response code
+...(Edit_Page(), Upload_,
+   New_File_, Copy_, Rename_File_, Delete_File_, 
+   New_Folder_, Rename_Folder_, Delete_Folder_)...
+
+Load_Selected_Page() function
+Time_Stamp_scripts() function
+Edit_Page_script() function
+style_sheet() function
+<html>
+...
+Load_Selected_Page()
+...
+</html>

From b6f87f4ee05ab467230efa0b3f7dc114d14ecd63 Mon Sep 17 00:00:00 2001
From: David <selfevidenttruths@mail.com>
Date: Sun, 20 May 2012 18:50:45 -0400
Subject: [PATCH 064/228] Version 3.0 Tweekin' the readme...

---
 readme.markdown | 62 ++++++++++++++++++++++++++-----------------------
 1 file changed, 33 insertions(+), 29 deletions(-)

diff --git a/readme.markdown b/readme.markdown
index 3126e80..76409ed 100755
--- a/readme.markdown
+++ b/readme.markdown
@@ -221,8 +221,8 @@ The reason there isn't default support for multiple users is that all of their i
 
 ## Requirements
 
-- PHP 5.4
-  __(Older 5.x versions may work, but there will be issues editing files with back slashes.  See php docs on magic_quotes_gpc & stripslashes().)__
+- PHP 5.4  
+  (Older 5.x versions may work, but there will be issues editing files with back slashes.  See php docs on magic_quotes_gpc & stripslashes().)
 - File permission privileges
 - Javascript enabled browswer
 - (and, if you use IE, IE9+ for svg support if using OneFileCMS 3.0+) 
@@ -247,30 +247,34 @@ To report a bug or request a feature, please file an issue via Github. Forks enc
 --------------------------------------------------------------------------------
 
 ### General layout/structure of OneFileCMS.php
-
-Configurable Info
-Setup a few general & global values.
-Session start
-Misc functions
-svg_icons_...() functions
-Set page title
-Logout response
-Login_Page() function
-list_files() function
-Index_Page() function
-
-<page...>() functions
-<page...>   response code
-...(Edit_Page(), Upload_,
-   New_File_, Copy_, Rename_File_, Delete_File_, 
-   New_Folder_, Rename_Folder_, Delete_Folder_)...
-
-Load_Selected_Page() function
-Time_Stamp_scripts() function
-Edit_Page_script() function
-style_sheet() function
-<html>
-...
-Load_Selected_Page()
-...
-</html>
+  
+Configurable Info  
+Setup a few general & global values.  
+Session start  
+Misc functions  
+svg\_icons\_...() functions  
+Set page title  
+Logout response  
+Login\_Page() function  
+list\_files() function  
+Index\_Page() function  
+&lt;page...&gt;() functions  
+&lt;page...&gt;   response code  
+&nbsp; &nbsp; Edit\_Page()...   
+&nbsp; &nbsp; Upload\_  
+&nbsp; &nbsp; New\_File\_  
+&nbsp; &nbsp; Copy\_  
+&nbsp; &nbsp; Rename\_File\_  
+&nbsp; &nbsp; Delete\_File\_   
+&nbsp; &nbsp; New\_Folder\_   
+&nbsp; &nbsp; Rename\_Folder\_  
+&nbsp; &nbsp; Delete\_Folder\_  
+Load\_Selected\_Page() function  
+Time\_Stamp\_scripts() function  
+Edit\_Page\_script() function  
+style\_sheet() function  
+&lt;html&gt;  
+...  
+Load\_Selected\_Page()  
+...  
+&lt;/html&gt;  

From 3df53cf24678861dfb52a285dcce90cf21c08fe1 Mon Sep 17 00:00:00 2001
From: David <selfevidenttruths@mail.com>
Date: Mon, 21 May 2012 17:12:23 -0400
Subject: [PATCH 065/228] Version 3.0 Minor readme update: notes about file &
 folder name issues, and simple data/error checking.

---
 readme.markdown | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/readme.markdown b/readme.markdown
index 76409ed..c38d3d8 100755
--- a/readme.markdown
+++ b/readme.markdown
@@ -239,6 +239,8 @@ To report a bug or request a feature, please file an issue via Github. Forks enc
 
 ##Needed/potential/upcoming improvements
 
+- Be aware that, currently, only some very basic & rudimentary data & error checking is performed.
+- Partly as a consequence of the precedeing note, also be aware that there are issues with folder & file names containing special chars (&,%, etc...).  
 - With Chrome, and possibly Safari, issue with Edit page: Clicking browser [back] & then browser [forward],  with file changed and not saved. On return (after [forward] clicked), file still has changes, but indicators are green (saved/unchanged). Does not affect FF 7+ or IE 8+.
 - Check size of file to upload, verify under max post/upload limits.
 - Multiple login names?

From fd4aaf76c23dfc63a92ee0efaad23c473648835e Mon Sep 17 00:00:00 2001
From: David <selfevidenttruths@mail.com>
Date: Tue, 29 May 2012 19:02:51 -0400
Subject: [PATCH 066/228] Version 3.1 Reorganized the code a bit. Response code
 sections to New/Rename/COpy/etc.._Page posts are now functions() Consolidated
 A few _Page & _response functions Improved (slightly) file/folder name
 validation Added MIT license text directly to top of onefilecms.php

---
 onefilecms.php  | 1062 ++++++++++++++++++++++-------------------------
 readme.markdown |   39 +-
 2 files changed, 521 insertions(+), 580 deletions(-)

diff --git a/onefilecms.php b/onefilecms.php
index bbb331a..da25a76 100755
--- a/onefilecms.php
+++ b/onefilecms.php
@@ -1,8 +1,33 @@
 <?php
 // OneFileCMS - http://onefilecms.com/
-// For license & copyright info, see OneFileCMS.License.BSD.txt
 
-$version = '3.0';
+$version = '3.1';
+
+/*******************************************************************************
+Copyright � 2009-2012 https://github.com/rocktronica
+Copyright � 2012-     https://github.com/Self-Evident  David W. Gay
+
+This software is copyright under terms of the "MIT" license:
+
+Permission is hereby granted, free of charge, to any person obtaining a copy of
+this software and associated documentation files (the "Software"), to deal in
+the Software without restriction, including without limitation the rights to
+use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies
+of the Software, and to permit persons to whom the Software is furnished to do
+so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.
+*******************************************************************************/
+
 
 
 if( phpversion() < '5.0.0' ) { exit("OneFileCMS requires PHP5 to operate (v5.4 recommended). Please contact your host to upgrade your PHP installation."); };
@@ -27,103 +52,112 @@
 
 
 
-//Make arrays out of a few $config_variables for actual use later.
-//Above, however, it's easier to config/change a simple string.
-$etypes   = (explode(",", strtolower($config_etypes))); //editable file types
-$itypes   = (explode(",", strtolower($config_itypes))); //images types to display
-$ftypes   = (explode(",", strtolower($config_ftypes))); //file types with icons
-$fclasses = (explode(",", strtolower($config_fclass))); //for file types with icons
-$excluded_list = (explode(",", $config_excluded));
 
 
-$ONESCRIPT = $_SERVER["SCRIPT_NAME"];
-$DOC_ROOT  = $_SERVER["DOCUMENT_ROOT"].'/';
-$WEB_ROOT  = basename($DOC_ROOT).'/';
-$WEBSITE   = $_SERVER["HTTP_HOST"];
-$pagetitle = $_SERVER['SERVER_NAME']; //Default value. May be changed per page.
-
-$valid_pages = array("login","logout","index","edit","upload","new","copy","rename","delete","newfolder","renamefolder","deletefolder" );
+//******************************************************************************
+session_start();  $SID = session_id();
 
+if (isset($_POST["username"])) { $_SESSION['username'] = $_POST["username"]; }
+if (isset($_POST["password"])) { $_SESSION['password'] = $_POST["password"]; }
 
-//Allows OneFileCMS.php to be started from any dir on the site.
-chdir($DOC_ROOT);
+if (($_SESSION['username'] == $config_username) and ( $_SESSION['password'] == $config_password ))
+     { $_SESSION['valid'] = "1"; $page = "index"; }
+else { $_SESSION['valid'] = "0"; $page = "login"; unset($_GET["p"]); session_destroy() ;}
 
 
+$VALID_POST = ($_SESSION['valid'] == "1" && $_POST["sessionid"] == session_id());
 
 
+chdir($_SERVER["DOCUMENT_ROOT"]); //Allow OneFileCMS.php to be started from any dir on the site.
+//
+//End session startup***********************************************************
 
-//******************************************************************************
-session_start();
 
-//*** Verify session *******************
-if (isset($_POST["username"])) { $_SESSION['username'] = $_POST["username"]; }
-if (isset($_POST["password"])) { $_SESSION['password'] = $_POST["password"]; }
 
-if (($_SESSION['username'] == $config_username) and
-   ( $_SESSION['password'] == $config_password || md5($_SESSION['password']) == $config_password))
-     { $_SESSION['valid'] = "1"; $page = "index"; }
-else { $_SESSION['valid'] = "0"; $page = "login"; unset($_GET["p"]); }
 
 
+// A couple functions needed early *********************************************
+//
 
-//*** entitize $_GET params ************
-foreach ($_GET as $name => $value) { $_GET[$name] = htmlentities($value); }
+function URLencode_path($path){ // don't encode the forward slashes
+	$TS = '';
+	if (substr($path, -1) == '/' ) { $TS = '/'; } //start with a trailing slash?
+	$path_array = explode('/',$path);
+	$path = "";
+	foreach ($path_array as $level) { $path .= rawurlencode($level).'/'; }
+	$path = rtrim($path,'/').$TS;  //end with trailing slash only if started with one
+	return $path;
+}//end URLencode_path($path)
 
 
 
 //*** Clean up & check a path **********
 function Check_path($path) { // returns first valid path in some/supplied/path/
 	global $message; 
-	$nopath = $path; //used for message if supplied $path doesn't exist.
+	$invalidpath = $path; //used for message if supplied $path doesn't exist.
 	$path = str_replace('\\','/',$path);   //Make sure all forward slashes.
-	$path = trim($path,"/ ."); // trim leading & trailing slashes, dots, and spaces
+	$path = trim($path,"/ ."); // trim slashes, dots, and spaces
 
-	//Remove any '.' and '..' parts of the path. (More reliable than str_replace.)
+	//Remove any '.' and '..' parts of the path.  Causes issues in <h2>www \ current \ path \</h2>
 	$pathparts = explode( '/', $path);
 	$len       = count($pathparts);
 	$path      = "";  //Cleaned path.
-	for ($x=0 ; $x < $len; $x++  ) {
-		if ( !(($pathparts[$x] == '..') && (!$pathparts[$x] == '.')) ) {
-			$path .= $pathparts[$x].'/';
-		}
+	foreach ($pathparts as $value) { //(More reliable than str_replace(entire_string).)
+		if ( !(($value == '.') && (!value == '..')) ) { $path .= $value.'/'; }
 	}
+
 	$path = trim($path,"/"); // Remove -for now- final trailing slash.
 
-	if (strlen($path) < 1) { $path = ""; }
+	if (strlen($path) < 1) { return ""; } //If at site root
 	else {
 		if (!is_dir($path) && (strlen($message) < 1))
-			{ $message .= "<b>(!)</b> Directory does not exist: ".$nopath.'<br>'; }
+			{ $message .= "<b>(!)</b> Directory does not exist: ".htmlentities($invalidpath).'<br>'; }
 
 		while ( (strlen($path) > 0) && (!is_dir($path)) ) {
 			$path = dirname($path);
 		}
+
 		$path = $path.'/';
-		if ($path == './') { $path = ""; }
+		if ($path == './') { $path = ""; } // ./ means path not found, so clear for root.
 	}
+
 	return $path; 
 }//end Check_path() ********************
+//end a couple functions needed early ******************************************
+
 
 
 
-//*** Get main parameters **************
-if (isset($_GET["i"])) { $ipath    = Check_path($_GET["i"]); }else{ $ipath    = ""; }
-if (isset($_GET["f"])) { $filename = $ipath.$_GET["f"]; }else{ $filename = ""; }
-if (isset($_GET["p"])) { $page     = $_GET["p"]; } // default $page set above
 
-$param1 = "?i=".$ipath;
+//******************************************************************************
+//Some global values
+//
+//Make arrays out of a few $config_variables for actual use later.
+//Above, however, it's easier to config/change a simple string.
+$etypes   = (explode(",", strtolower($config_etypes))); //editable file types
+$itypes   = (explode(",", strtolower($config_itypes))); //images types to display
+$ftypes   = (explode(",", strtolower($config_ftypes))); //file types with icons
+$fclasses = (explode(",", strtolower($config_fclass))); //for file types with icons
+$excluded_list = (explode(",", $config_excluded));
 
 
+$ONESCRIPT = URLencode_path($_SERVER["SCRIPT_NAME"]);
+$DOC_ROOT  = $_SERVER["DOCUMENT_ROOT"].'/';
+$WEB_ROOT  = URLencode_path(basename($DOC_ROOT)).'/';
+$WEBSITE   = ''.$_SERVER["HTTP_HOST"].'/';
+
+
+$valid_pages = array("login","logout","index","edit","upload","newfile","copy","rename","delete","newfolder","renamefolder","deletefolder" );
 
-//*** Verify valid $page ***************
-if ($page != "") {
-	if (!in_array(strtolower($page), $valid_pages)) {
-		header("Location: ".$ONESCRIPT); // redirect on invalid page attempts
-		$page = "index";
-	}
-}
-//
-//End session startup***********************************************************
 
+//*** Get main parameters **************
+if (isset($_GET["i"])) { $ipath    = Check_path($_GET["i"]); }else{ $ipath = ""; }
+if (isset($_GET["f"])) { $filename = $ipath.$_GET["f"]; }else{ $filename = ""; }
+if (isset($_GET["p"])) { $page     = $_GET["p"]; } // default $page set above
+
+$param1 = '?i='.URLencode_path($ipath);
+
+//******************************************************************************
 
 
 
@@ -145,13 +179,13 @@ function Current_Path_Header(){ //**************************
 		$current_path = "";
 
 		//Root folder of web site.
-		echo '<a href="'.$ONESCRIPT.'" class="path"> '.trim($WEB_ROOT, '/').' </a>/';
+		echo '<a href="'.$ONESCRIPT.'" class="path"> '.htmlentities(trim($WEB_ROOT, '/')).' </a>/';
 
 		//Remainder of current/path
 		for ($x=0; $x < $levels; $x++) {
 			$current_path .= $path_levels[$x].'/';
-			echo '<a href="'.$ONESCRIPT.'?i='.$current_path.'" class="path"> ';
-			echo ' '.$path_levels[$x]." </a>/";
+			echo '<a href="'.$ONESCRIPT.'?i='.URLencode_path($current_path).'" class="path"> ';
+			echo ' '.htmlentities($path_levels[$x])." </a>/";
 		}
 	echo '</h2>';
 }//end Current_Path_Header() //*****************************
@@ -198,10 +232,10 @@ function Upload_New_Rename_Delete_Links() { //**************
 
 	echo '<p class="front_links">';
 	echo '<a href="'.$ONESCRIPT.$param1.'&amp;p=upload">'   ; svg_icon_upload()    ; echo 'Upload File</a>';
-	echo '<a href="'.$ONESCRIPT.$param1.'&amp;p=new">'      ; svg_icon_new_file()  ; echo 'New File</a>'   ;
+	echo '<a href="'.$ONESCRIPT.$param1.'&amp;p=newfile">'  ; svg_icon_new_file()  ; echo 'New File</a>'   ;
 	echo '<a href="'.$ONESCRIPT.$param1.'&amp;p=newfolder">'; svg_icon_new_folder(); echo 'New Folder</a>' ;
 	if ($ipath !== "") {
-		echo '<a href="'.$ONESCRIPT.$param1.'&amp;p=renamefolder">'; svg_icon_rename_folder();echo 'Rename Folder</a>';
+		echo '<a href="'.$ONESCRIPT.$param1.'&amp;p=renamefolder">'; svg_icon_ren_folder();echo 'Rename/Move Folder</a>';
 		echo '<a href="'.$ONESCRIPT.$param1.'&amp;p=deletefolder">'; svg_icon_del_folder();   echo 'Delete Folder</a>';
 	}
 	echo '</p>';
@@ -220,11 +254,11 @@ function Close_Button($classes) { //************************
 
 function Cancel_Submit_Buttons($submit_label, $focus) { //**
 	//$submit_label = Rename, Copy, Delete, etc...
-	//$focus: if==1 or TRUE, set focus() to cancel button.
+	//$focus is ID of element to receive focus(). (element may be outside this function)
 	global $ONESCRIPT, $ipath, $param1, $filename, $page;
 
 	// [Cancel] returns to either the current/path, or current/path/file
-	if ($filename != "") { $param1 .= '&f='.basename($filename).'&p='.edit; }
+	if ($filename != "") { $param1 .= '&f='.rawurlencode(basename($filename)).'&p='.edit; }
 ?>
 	<p>
 		<input type="button" class="button" id="cancel" name="cancel" value="Cancel"
@@ -259,14 +293,15 @@ function show_image(){ //***********************************
 	echo '<p class="file_meta">';
 	echo 'Image shown at ~'. round($SCALE*100) .'% of full size ('.$img_info[3].').</p>';
 	echo '<div style="clear:both;"></div>';
-	echo '<a href="/' . $IMG . '">';
-	echo '<img src="/'.$IMG.'"  height="'.$img_info[$H]*$SCALE.'"></a>';
+	echo '<a href="/' .URLencode_path($IMG). '">';
+	echo '<img src="/'.urlencode_path($IMG).'"  height="'.$img_info[$H]*$SCALE.'"></a>';
 }// end show_image() ***************************************
 
 
 
 //if file_exists(), ordinalize filename until it doesn't ***
-function ordinalize($destination,$filename, &$message) {
+function ordinalize($destination,$filename) {
+	global $message;
 
 	$ordinal   = 0;
 	$savefile = $destination.$filename;
@@ -277,23 +312,21 @@ function ordinalize($destination,$filename, &$message) {
 		$savefile_info = pathinfo($savefile);
 
 		while (file_exists($savefile)) {
-
 			$ordinal = sprintf("%03d", ++$ordinal); //  001, 002, 003, etc...
 			$newfilename = $savefile_info['filename'].'.'.$ordinal.'.'.$savefile_info['extension'];
 			$savefile = $destination.$newfilename;
-
 		}
-		$message .= 'Saving as: <b>"</b>'.'<b>'.$newfilename.'"</b>';
+		$message .= 'Saving as: "<b>'.htmlentities($newfilename).'</b>"';
 	}
 	return $savefile;
-}//end ordinalize filename *********************************
+}//end ordinalize() filename *********************************
 
 
 
 function show_favicon(){
 	global $config_favicon, $DOC_ROOT;
 	if (file_exists($DOC_ROOT.$config_favicon)) { 
-		echo '<img src="'.$config_favicon.'" alt="">'; 
+		echo '<img src="'.URLencode_path($config_favicon).'" alt="">'; 
 	}
 }// end show_favicon()
 
@@ -304,6 +337,33 @@ function show_favicon(){
 
 
 
+//A few macros ($varibale="some common chunk of code")**************************
+
+$INPUT_SESSIONID = '<input type="hidden" name="sessionid" value="'.$SID.'">';
+$FORM_COMMON = '<form method="post" action="'.$ONESCRIPT.$param1.'">'.$INPUT_SESSIONID;
+
+$SVG_icon_txt_lines = '<line x1="3" y1="3.5"  x2="11" y2="3.5"  stroke="black" stroke-width=".6"/>
+	<line x1="3" y1="6.5"  x2="11" y2="6.5"  stroke="black" stroke-width=".6"/>
+	<line x1="3" y1="9.5"  x2="11" y2="9.5"  stroke="black" stroke-width=".6"/>
+	<line x1="3" y1="12.5" x2="11" y2="12.5" stroke="black" stroke-width=".6"/>';
+
+$SVG_icon_folder = '<path  d="M0.5, 1  L8,  1  L9,  2    L9,3     L16.5,3  L17,3.5  L17,13.5  L.5,13.5  L.5,.5" fill="#FBE47b" stroke="#F0CD28" stroke-width="1" />
+	<path  d="M1.5, 8  L7,  8  L8.5,6.3  L16,6.3  L7.5, 6.3   L6.5,7.5  L1.5,7.5"  fill="transparent" stroke="white" stroke-width="1" />
+	<path  d="M1.5,13  L1.5,2  L7.5,2    L8.5,3   L8.5, 4  L15.5,4 L16,4.5  L16,13" fill="transparent" stroke="white" stroke-width="1"/>';
+
+$SVG_icon_circle_plus = '<circle cx="5" cy="5" r="5" stroke="black" stroke-width="0" fill="#080"/>
+	  <line x1="2" y1="5" x2="8" y2="5" stroke="white" stroke-width="1.5" shape-rendering="crispEdges"/>
+	  <line x1="5" y1="2" x2="5" y2="8" stroke="white" stroke-width="1.5" shape-rendering="crispEdges"/>';
+
+$SVG_icon_circle_x = '<circle cx="5" cy="5" r="5" stroke="black" stroke-width="0" fill="#D00"/>
+	<line x1="2.5" y1="2.5" x2="7.5" y2="7.5" stroke="white" stroke-width="1.5"/>
+	<line x1="7.5" y1="2.5" x2="2.5" y2="7.5" stroke="white" stroke-width="1.5"/>';
+//******************************************************************************
+
+
+
+
+
 function svg_icon_bin(){ //***************************************************?>
 <svg  id="bin" xmlns="http://www.w3.org/2000/svg" version="1.1" width="14" height="16" Xshape-rendering="crispEdges">
 	<g transform="translate( 0.5,0.5)"><line x1="0" y1="-.5"   x2="0" y2="6.5"  stroke="#555" stroke-width="1"/></g>
@@ -317,6 +377,7 @@ function svg_icon_bin(){ //***************************************************?>
 <?php } //end svg_icon_bin() ***************************************************
 
 
+
 function svg_icon_img(){ //***************************************************?>
 <svg xmlns="http://www.w3.org/2000/svg" version="1.1" width="14" height="16" shape-rendering="crispEdges">
 	<rect x="0"    y="0"   width="14" height="16" fill="#FF8" stroke="RGB(140,140,255)" stroke-width="2" />
@@ -343,61 +404,51 @@ function svg_icon_svg(){ //***************************************************?>
 
 
 
-function svg_icon_txt(){ //***************************************************?>
+function svg_icon_txt(){ //*****************************************************
+global $SVG_icon_txt_lines; ?>
 <svg xmlns="http://www.w3.org/2000/svg" version="1.1" width="14" height="16">
 	<rect x = "0" y = "0" width = "14" height = "16" fill="white" stroke="#333" stroke-width="2" />
-	<line x1="3" y1="3.5"  x2="11" y2="3.5"  stroke="black" stroke-width=".6"/>
-	<line x1="3" y1="6.5"  x2="11" y2="6.5"  stroke="black" stroke-width=".6"/>
-	<line x1="3" y1="9.5"  x2="11" y2="9.5"  stroke="black" stroke-width=".6"/>
-	<line x1="3" y1="12.5" x2="11" y2="12.5" stroke="black" stroke-width=".6"/>
+	<?php echo $SVG_icon_txt_lines; ?>
 </svg>
 <?php } //end svg_icon_txt() ***************************************************
 
 
 
-function svg_icon_htm(){ //***************************************************?>
+function svg_icon_htm(){ //*****************************************************
+global $SVG_icon_txt_lines; ?>
 <svg xmlns="http://www.w3.org/2000/svg" version="1.1" width="14" height="16">
 	<rect x = "0" y = "0" width = "14" height = "16" fill="rgb(250,190,170)" stroke="#444" stroke-width="2" />
-	<line x1="3" y1="3.5"  x2="11" y2="3.5"  stroke="black" stroke-width=".6"/>
-	<line x1="3" y1="6.5"  x2="11" y2="6.5"  stroke="black" stroke-width=".6"/>
-	<line x1="3" y1="9.5"  x2="11" y2="9.5"  stroke="black" stroke-width=".6"/>
-	<line x1="3" y1="12.5" x2="11" y2="12.5" stroke="black" stroke-width=".6"/>
+	<?php echo $SVG_icon_txt_lines; ?>
 </svg>
 <?php } //end svg_icon_htm() ***************************************************
 
 
 
-function svg_icon_cfg(){ //***************************************************?>
+function svg_icon_cfg(){ //*****************************************************
+global $SVG_icon_txt_lines; ?>
 <svg xmlns="http://www.w3.org/2000/svg" version="1.1" width="14" height="16">
 	<rect x="0"  y="0"  width="14"  height="16"  fill="#DDD" stroke="#444" stroke-width="2" />
-	<line x1="3" y1="3.5"  x2="11" y2="3.5"  stroke="black" stroke-width=".6"/>
-	<line x1="3" y1="6.5"  x2="11" y2="6.5"  stroke="black" stroke-width=".6"/>
-	<line x1="3" y1="9.5"  x2="11" y2="9.5"  stroke="black" stroke-width=".6"/>
-	<line x1="3" y1="12.5" x2="11" y2="12.5" stroke="black" stroke-width=".6"/>
+	<?php echo $SVG_icon_txt_lines; ?>
 </svg>
 <?php } //end svg_icon_cfg() ***************************************************
 
 
 
-function svg_icon_php(){ //***************************************************?>
+function svg_icon_php(){ //*****************************************************
+global $SVG_icon_txt_lines; ?>
 <svg xmlns="http://www.w3.org/2000/svg" version="1.1" width="14" height="16">
 	<rect x="0" y = "0" width = "14" height = "16" fill="rgb(195,195,225)" stroke="#444" stroke-width="2" />
-	<line x1="3" y1="3.5"  x2="11" y2="3.5"  stroke="black" stroke-width=".6"/>
-	<line x1="3" y1="6.5"  x2="11" y2="6.5"  stroke="black" stroke-width=".6"/>
-	<line x1="3" y1="9.5"  x2="11" y2="9.5"  stroke="black" stroke-width=".6"/>
-	<line x1="3" y1="12.5" x2="11" y2="12.5" stroke="black" stroke-width=".6"/>
+	<?php echo $SVG_icon_txt_lines; ?>
 </svg>
 <?php } //end svg_icon_php() ***************************************************
 
 
 
-function svg_icon_css(){ //***************************************************?>
+function svg_icon_css(){ //*****************************************************
+global $SVG_icon_txt_lines; ?>
 <svg xmlns="http://www.w3.org/2000/svg" version="1.1" width="14" height="16">
 	<rect x="0"  y="0"  width="14"  height="16"  fill="rgb(255,225,165)" stroke="#444" stroke-width="2" />
-	<line x1="3" y1="3.5"  x2="11" y2="3.5"  stroke="black" stroke-width=".6"/>
-	<line x1="3" y1="6.5"  x2="11" y2="6.5"  stroke="black" stroke-width=".6"/>
-	<line x1="3" y1="9.5"  x2="11" y2="9.5"  stroke="black" stroke-width=".6"/>
-	<line x1="3" y1="12.5" x2="11" y2="12.5" stroke="black" stroke-width=".6"/>
+	<?php echo $SVG_icon_txt_lines; ?>
 </svg>
 <?php } //end svg_icon_css() ***************************************************
 
@@ -419,70 +470,57 @@ function svg_icon_upload(){ //************************************************?>
 
 
 
-function svg_icon_new_file(){ //**********************************************?>
+function svg_icon_new_file(){ //************************************************
+global $SVG_icon_txt_lines, $SVG_icon_circle_plus; ?>
 <svg xmlns="http://www.w3.org/2000/svg" version="1.1" width="14" height="16" >
 	<rect x = "0" y = "0" width = "14" height = "16" fill="white" stroke="#444" stroke-width = "2" />
-	<line x1="3" y1="3.5"  x2="11" y2="3.5"  stroke="black" stroke-width=".5"/>
-	<line x1="3" y1="6.5"  x2="11" y2="6.5"  stroke="black" stroke-width=".5"/>
-	<line x1="3" y1="9.5"  x2="11" y2="9.5"  stroke="black" stroke-width=".5"/>
-	<line x1="3" y1="12.5" x2="11" y2="12.5" stroke="black" stroke-width=".5"/>
+	<?php echo $SVG_icon_txt_lines; ?>
 	<g transform="translate(4,6)">
-	  <circle cx="5" cy="5" r="5" stroke="black" stroke-width="0" fill="#080"/>
-	  <line x1="2" y1="5" x2="8" y2="5" stroke="white" stroke-width="1.5" shape-rendering="crispEdges"/>
-	  <line x1="5" y1="2" x2="5" y2="8" stroke="white" stroke-width="1.5" shape-rendering="crispEdges"/>
+		<?php echo $SVG_icon_circle_plus; ?>
 	</g>
 </svg>
 <?php } //end svg_icon_new_file() **********************************************
 
 
 
-function svg_icon_del_file(){ //**********************************************?>
+function svg_icon_del_file(){ //************************************************
+global $SVG_icon_txt_lines, $SVG_icon_circle_x; ?>
 <svg xmlns="http://www.w3.org/2000/svg" version="1.1" width="14" height="16">
 	<rect x = "0" y = "0" width = "14" height = "16" fill="white" stroke="#444" stroke-width = "2" />
-	<line x1="3" y1="3.5"  x2="11" y2="3.5"  stroke="black" stroke-width=".5" />
-	<line x1="3" y1="6.5"  x2="11" y2="6.5"  stroke="black" stroke-width=".5" />
-	<line x1="3" y1="9.5"  x2="11" y2="9.5"  stroke="black" stroke-width=".5" />
-	<line x1="3" y1="12.5" x2="11" y2="12.5" stroke="black" stroke-width=".5" />
+	<?php echo $SVG_icon_txt_lines; ?>
 	<g transform="translate(4,6)">
-	<circle cx="5" cy="5" r="5" stroke="black" stroke-width="0" fill="#D00"/>
-	<line x1="2.5" y1="2.5" x2="7.5" y2="7.5" stroke="white" stroke-width="1.5"/>
-	<line x1="7.5" y1="2.5" x2="2.5" y2="7.5" stroke="white" stroke-width="1.5"/>
+		<?php echo $SVG_icon_circle_x; ?>
 	<g>
 </svg>
 <?php } //end svg_icon_del_file() **********************************************
 
 
 
-function svg_icon_folder(){ //************************************************?>
+function svg_icon_folder(){ //**************************************************
+global $SVG_icon_folder; ?>
 <svg xmlns="http://www.w3.org/2000/svg" version="1.1" width="18" height="14">
-	<path  d="M0.5, 1  L8,  1  L9,  2    L9,3     L16.5,3  L17,3.5  L17,13.5  L.5,13.5  L.5,.5" fill="#FBE47b" stroke="#F0CD28" stroke-width="1" />
-	<path  d="M1.5, 8  L7,  8  L8.5,6.3  L16,6.3  L7.5, 6.3   L6.5,7.5  L1.5,7.5"  fill="transparent" stroke="white" stroke-width="1" />
-	<path  d="M1.5,13  L1.5,2  L7.5,2    L8.5,3   L8.5, 4  L15.5,4 L16,4.5  L16,13" fill="transparent" stroke="white" stroke-width="1"/>
+	<?php echo $SVG_icon_folder; ?>
 </svg>
 <?php } //end svg_icon_folder() ************************************************
 
 
 
-function svg_icon_new_folder(){ //********************************************?>
+function svg_icon_new_folder(){ //**********************************************
+global $SVG_icon_folder, $SVG_icon_circle_plus; ?>
 <svg xmlns="http://www.w3.org/2000/svg" version="1.1" width="18" height="14">
-	<path  d="M0.5, 1  L8,  1  L9,  2    L9,3     L16.5,3  L17,3.5  L17,13.5  L.5,13.5  L.5,.5" fill="#FBE47b" stroke="#F0CD28" stroke-width="1" />
-	<path  d="M1.5, 8  L7,  8  L8.5,6.3  L16,6.3  L7.5, 6.3   L6.5,7.5  L1.5,7.5"  fill="transparent" stroke="white" stroke-width="1" />
-	<path  d="M1.5,13  L1.5,2  L7.5,2    L8.5,3   L8.5, 4  L15.5,4 L16,4.5  L16,13" fill="transparent" stroke="white" stroke-width="1"/>
+	<?php echo $SVG_icon_folder; ?>
 	<g transform="translate(7.5,4)">
-	  <circle cx="5" cy="5" r="5" stroke="black" stroke-width="0" fill="#080"/>
-	  <line x1="2" y1="5" x2="8" y2="5" stroke="white" stroke-width="1.5" shape-rendering="crispEdges"/>
-	  <line x1="5" y1="2" x2="5" y2="8" stroke="white" stroke-width="1.5" shape-rendering="crispEdges"/>
+		<?php echo $SVG_icon_circle_plus; ?>
 	</g>
 </svg>
 <?php } //end svg_icon_new_folder() ********************************************
 
 
 
-function svg_icon_rename_folder(){ //*****************************************?>
+function svg_icon_ren_folder(){ //*******************************************
+global $SVG_icon_folder; ?>
 <svg xmlns="http://www.w3.org/2000/svg" version="1.1" width="18" height="14">
-	<path  d="M0.5, 1  L8,  1  L9,  2    L9,3     L16.5,3  L17,3.5  L17,13.5  L.5,13.5  L.5,.5" fill="#FBE47b" stroke="#F0CD28" stroke-width="1" />
-	<path  d="M1.5, 8  L7,  8  L8.5,6.3  L16,6.3  L7.5, 6.3   L6.5,7.5  L1.5,7.5"  fill="transparent" stroke="white" stroke-width="1" />
-	<path  d="M1.5,13  L1.5,2  L7.5,2    L8.5,3   L8.5, 4  L15.5,4 L16,4.5  L16,13" fill="transparent" stroke="white" stroke-width="1"/>
+	<?php echo $SVG_icon_folder; ?>
 	<g transform="translate(6,3)">
 	  <polygon points="2,0 9,7 7,9 0,2" stroke-width="1" stroke="darkgoldenrod" fill="rgb(246,222,100)"/>
 	  <path  d="M0,2   L0,0  L2,0"      stroke="tan" fill="tan" stroke-width="1"  shape-rendering="crispEdges"/>
@@ -491,25 +529,23 @@ function svg_icon_rename_folder(){ //*****************************************?>
 	  <line x1="8.1" y1="10.8"  x2="10.8" y2="8.1"  stroke="red" stroke-width="1"/>
 	</g>
 </svg>
-<?php } //end svg_icon_() ***************************************************
+<?php } //end svg_icon_ren_folder() *****************************************
 
 
 
-function svg_icon_del_folder(){ //********************************************?>
+function svg_icon_del_folder(){ //**********************************************
+global $SVG_icon_folder, $SVG_icon_circle_x; ?>
 <svg xmlns="http://www.w3.org/2000/svg" version="1.1" width="18" height="14">
-	<path  d="M0.5, 1  L8,  1  L9,  2    L9,3     L16.5,3  L17,3.5  L17,13.5  L.5,13.5  L.5,.5" fill="#FBE47b" stroke="#F0CD28" stroke-width="1" />
-	<path  d="M1.5, 8  L7,  8  L8.5,6.3  L16,6.3  L7.5, 6.3   L6.5,7.5  L1.5,7.5"  fill="transparent" stroke="white" stroke-width="1" />
-	<path  d="M1.5,13  L1.5,2  L7.5,2    L8.5,3   L8.5, 4  L15.5,4 L16,4.5  L16,13" fill="transparent" stroke="white" stroke-width="1"/>
+	<?php echo $SVG_icon_folder; ?>
 	<g transform="translate(7.5,4)">
-	  <circle cx="5" cy="5" r="5" stroke="black" stroke-width="0" fill="#D00"/>
-	  <line x1="2.5" y1="2.5" x2="7.5" y2="7.5" stroke="white" stroke-width="1.5"/>
-	  <line x1="7.5" y1="2.5" x2="2.5" y2="7.5" stroke="white" stroke-width="1.5"/>
+		<?php echo $SVG_icon_circle_x; ?>
 	</g>
 </svg>
 <?php } //end svg_icon_del_folder() ********************************************
 
 
 
+
 function show_icon($type){ //***************************************************
 	if ($type == 'bin') { svg_icon_bin(); }
 	if ($type == 'img') { svg_icon_img(); }
@@ -519,53 +555,21 @@ function show_icon($type){ //***************************************************
 	if ($type == 'cfg') { svg_icon_cfg(); }
 	if ($type == 'php') { svg_icon_php(); }
 	if ($type == 'css') { svg_icon_css(); }
-	if ($type == 'upload')        { svg_icon_upload();     }
-	if ($type == 'new_file')      { svg_icon_new_file();   }
-	if ($type == 'del_file')      { svg_icon_del_file();   }
-	if ($type == 'folder')        { svg_icon_folder();     }
-	if ($type == 'new_folder')    { svg_icon_new_folder(); }
-	if ($type == 'rename_folder') { svg_icon_rename_folder(); }
-	if ($type == 'del_folder')    { svg_icon_del_folder(); }
+	if ($type == 'upload')     { svg_icon_upload();     }
+	if ($type == 'new_file')   { svg_icon_new_file();   }
+	if ($type == 'del_file')   { svg_icon_del_file();   }
+	if ($type == 'folder')     { svg_icon_folder();     }
+	if ($type == 'new_folder') { svg_icon_new_folder(); }
+	if ($type == 'ren_folder') { svg_icon_ren_folder(); }
+	if ($type == 'del_folder') { svg_icon_del_folder(); }
 }//end show_icon() *************************************************************
 
 
 
 
-//Don't load login screen if already in a valid session *************
-if (($page == "login") and ($_SESSION['valid'])) { $page = "index"; }
-
-
-
-
-if ($page == "login")        { $pagetitle = "Log In";         }
-if ($page == "edit")         { $pagetitle = "Edit/View File"; }
-if ($page == "upload")       { $pagetitle = "Upload File";    }
-if ($page == "new")          { $pagetitle = "New File";       }
-if ($page == "copy" )        { $pagetitle = "Copy";           }
-if ($page == "rename")       { $pagetitle = "Rename File";    }
-if ($page == "delete")       { $pagetitle = "Delete";         }
-if ($page == "newfolder")    { $pagetitle = "New Folder";     }
-if ($page == "renamefolder") { $pagetitle = "Rename Folder";  }
-if ($page == "deletefolder") { $pagetitle = "Delete Folder";  }
-
-
-
-
-
-//Logout ***********************************************************************
-if ($page == "logout") {
-	$page = "login";  $pagetitle = "Login";
-	$_SESSION['valid'] = "0";
-	session_destroy();
-	$message = 'You have successfully logged out.';
-}//*****************************************************************************
-
-
-
-
 
 function Login_Page() { //******************************************************
-	global $ONESCRIPT;
+	global $ONESCRIPT, $message;
 ?>
 	<h2>Log In</h2>
 	<form method="post" action="<?php echo $ONESCRIPT; ?>">
@@ -587,17 +591,6 @@ function Login_Page() { //******************************************************
 
 
 
-// Login Page response message**************************************************
-if (isset($_POST["username"])) {
-	if (($_SESSION['username'] != $config_username) || ($_SESSION['password'] != $config_password))
-		{ $message = "<b>(!) INVALID LOGIN ATTEMPT</b>"; }
-}//end Login Page response message**********************************************
-
-
-
-
-
-
 function list_files() { // ...in a vertical table ******************************
 //called from Index Page
 
@@ -623,9 +616,9 @@ function list_files() { // ...in a vertical table ******************************
 ?>
 			<tr>
 				<td>
-					<?php echo '<a href="'.$ONESCRIPT.$param1.'&amp;f='.$file.'&amp;p=edit" >'; ?>
+					<?php echo '<a href="'.$ONESCRIPT.$param1.'&amp;f='.rawurlencode($file).'&amp;p=edit" >'; ?>
 					<span class="icon"><?php show_icon($type); ?></span>
-					<?php echo  $file, '</a>'; ?>
+					<?php echo  htmlentities($file), '</a>'; ?>
 				</td>
 				<td class="meta_T meta_size">&nbsp;
 					<?php echo number_format(filesize($ipath.$file)).""; ?> B
@@ -652,9 +645,9 @@ function Index_Page(){ //*******************************************************
 		$folders = glob($ipath."*",GLOB_ONLYDIR);
 		natcasesort($folders);
 		foreach ($folders as $folder) {
-			echo '<a href="'.$ONESCRIPT.'?i='.$folder.'/">';
+			echo '<a href="'.$ONESCRIPT.'?i='.URLencode_path($folder).'/">'.PHP_EOL;
 			svg_icon_folder();
-			echo basename($folder).' /</a>';
+			echo htmlentities(basename($folder)).' /</a>';
 		}
 	echo '</p>';
 
@@ -671,66 +664,66 @@ function Index_Page(){ //*******************************************************
 
 
 function Edit_Page() { //*******************************************************
-	global $ONESCRIPT, $ipath, $param1, $filename, $filecontent, $etypes, $itypes, $ftypes;
+	global $ONESCRIPT, $ipath, $param1, $filename, $filecontent, $etypes, $itypes, $ftypes, $INPUT_SESSIONID;
 
-	$param2 = $param1.'&amp;f='.basename($filename);
-	$param3 = $param1.'&amp;f='.basename($filename).'&amp;p=edit';
+	$param2 = $param1.'&amp;f='.rawurlencode(basename($filename));
+	$param3 = $param2.'&amp;p=edit';
 	
-	//Determine if editable file type
+	//Determine if text/editable file type
 	$ext = end( explode(".", strtolower($filename) ) );
-	$editable = FALSE;
-	if (in_array(strtolower($ext), $etypes)) { $editable = TRUE; };
+	$editable = FALSE;  if (in_array($ext, $etypes)) { $editable = TRUE; };
 ?>
 	<h2 id="edit_header">Edit/View:
-	<a class="filename" href="/<?php echo $filename.'">'.basename($filename) ?></a>
+	<a class="filename" href="/<?php echo URLencode_path($filename).'">'.htmlentities(basename($filename)) ?></a>
 	</h2>
 
 	<form id="edit_form" name="edit_form" method="post" action="<?php echo $ONESCRIPT.$param3 ?>">
+		<?php echo $INPUT_SESSIONID; ?>
 		<p class="file_meta">
 		<span class="meta_size">Size<b>: </b> <?php echo number_format(filesize($filename)); ?> bytes</span> &nbsp; &nbsp; 
 		<span class="meta_time">Updated<b>: </b><script>FileTimeStamp(<?php echo filemtime($filename); ?>, 1);</script></span><br>
 		</p>
-		<input type="hidden" name="sessionid" value="<?php echo session_id(); ?>">
-		<?php Close_Button("close"); ?><div style="clear:both;"></div>
+		<?php Close_Button("close"); ?>
 
 		<?php if ( !in_array( strtolower($ext), $itypes) ) { //If non-image, show textarea
 			if (!$editable) { // If non-text file, disable textarea
 			?>	<p>
-				<textarea id="disabled_content" cols="70" rows="3"
+				<textarea id="disabled_content" cols="70" rows="3" 
 				disabled="disabled">Non-text or unkown file type. Edit disabled.</textarea>
 				</p>
-			<?php } else {
+			<?php }else{
 				$fp = @fopen($filename, "r");
-				if (filesize($filename) !== 0) {
-					$filecontent = fread($fp, filesize($filename));
-					$filecontent = htmlspecialchars($filecontent);
-				}
+				$filecontent = htmlspecialchars(fread($fp, filesize($filename)));
 				fclose($fp);
 			?>	<p>
-				<input type="hidden" name="filename" id="filename" class="textinput" value="<?php echo $filename; ?>">
-				<textarea id="file_content" name="content" class="textinput" cols="70" rows="25" onkeyup="Check_for_changes(event);"><?php echo $filecontent; ?></textarea>
+				<input type="hidden" name="filename" id="filename" value="<?php echo htmlspecialchars($filename); ?>">
+				<textarea id="file_content" name="content" cols="70" rows="25"
+				onkeyup="Check_for_changes(event);"><?php echo $filecontent; ?></textarea>
 				</p>
 			<?php } //end if editable ?>	
 		<?php  } //end if non-image, show textarea ?>
-		
+
+		<div style="clear:both;"></div>
 		<p class="buttons_right">
-		<input type="submit" class="button" value="Save"                  onclick="submitted = true;" id="save_file">
-		<input type="button" class="button" value="Reset - loose changes" onclick="Reset_File()"      id="reset">
-		<script>
-			//Setting disabled here instead of via input attribute in case js is disabled.
-			//If js is disabled, user would be unable to save changes.
-			document.getElementById('save_file').disabled = "disabled";
-			document.getElementById('reset').disabled     = "disabled";
-		</script>
-		<input type="button" class="button" value="Rename/Move" onclick="parent.location='<?php echo $ONESCRIPT.$param3.'&amp;p=rename'; ?>'">
-		<input type="button" class="button" value="Copy"        onclick="parent.location='<?php echo $ONESCRIPT.$param3.'&amp;p=copy'  ; ?>'">
-		<input type="button" class="button" value="Delete"      onclick="parent.location='<?php echo $ONESCRIPT.$param3.'&amp;p=delete'; ?>'">
+		<?php if ($editable) { //Show save & reset only if editable file ?> 
+			<input type="submit" class="button" value="Save"                  onclick="submitted = true;" id="save_file">
+			<input type="button" class="button" value="Reset - loose changes" onclick="Reset_File()"      id="reset">
+			<script>
+				//Set disabled here instead of via input attribute in case js is disabled.
+				//If js is disabled, user would be unable to save changes.
+				document.getElementById('save_file').disabled = "disabled";
+				document.getElementById('reset').disabled     = "disabled";
+			</script>
+		<?php } ?>
+		<input type="button" class="button" value="Rename/Move" onclick="parent.location='<?php echo $ONESCRIPT.$param2.'&amp;p=rename'; ?>'">
+		<input type="button" class="button" value="Copy"        onclick="parent.location='<?php echo $ONESCRIPT.$param2.'&amp;p=copy'  ; ?>'">
+		<input type="button" class="button" value="Delete"      onclick="parent.location='<?php echo $ONESCRIPT.$param2.'&amp;p=delete'; ?>'">
 		<?php Close_Button(""); ?>
 		</p>
 	</form>
 	<div style="clear:both;"></div>
 <?php
-	if ( in_array( strtolower($ext), $itypes) ) { show_image(); }
+	if ( in_array( $ext, $itypes) ) { show_image(); }
 
 	if ($editable) {
 		Edit_Page_scripts();
@@ -743,38 +736,34 @@ function Edit_Page() { //*******************************************************
 
 
 
-
-// EDIT Page response code *****************************************************
-//*** If on Edit page, and [Save] clicked:
-if ( $page == "edit" && isset($_POST["filename"]) && $_SESSION['valid'] = "1" && $_POST["sessionid"] == session_id()) {
-	$filename = $_POST["filename"];
-	$content = $_POST["content"];
+function Edit_Page_response(){ //***If on Edit page, and [Save] clicked ********
+	global $filename, $content, $message;
+	$filename = htmlspecialchars_decode($_POST["filename"]);
+	$content = htmlspecialchars_decode($_POST["content"]);
 	$fp = @fopen($filename, "w");
 	if ($fp) {
 		fwrite($fp, $content);
 		fclose($fp);
-		$message = '<b>"'.$filename.'"</b> saved...';
-		$page == "edit";
+		$message = '<b>File saved...</b>';
 	}else{
 		$message = '<b>(!) There was an error saving file.</b>';
 	}
-}//end EDIT Page response code**************************************************
-
+}//end Edit_Page_response() ****************************************************
 
 
 
 
 
 function Upload_Page() { //*****************************************************
-	global $ONESCRIPT, $ipath, $param1;
+	global $ONESCRIPT, $ipath, $param1, $INPUT_SESSIONID;
 ?>
 	<h2>Upload File</h2>
 	<form enctype="multipart/form-data" action="<?php echo $ONESCRIPT.$param1; ?>" method="post">
-		<input type="hidden" name="sessionid" value="<?php echo session_id(); ?>">
+		<?php echo $INPUT_SESSIONID; ?>
 		<input type="hidden" name="MAX_FILE_SIZE" value="100000">
-		<input type="hidden" name="upload_destination" value="<?php echo $ipath; ?>" >
-		<input name="upload_filename" type="file" size="100">
-		<p><?php Cancel_Submit_Buttons("Upload","cancel"); ?></p>
+		<input type="hidden" name="upload_destination" value="<?php echo htmlspecialchars($ipath); ?>" >
+		<input name="upload_file" type="file" size="100">
+		<?php Cancel_Submit_Buttons("Upload","cancel"); ?>
 	</form>
 <?php } //end Upload_Page() ****************************************************
 
@@ -782,29 +771,27 @@ function Upload_Page() { //*****************************************************
 
 
 
-// UPLOAD FILE response code ***************************************************
-if (isset($_FILES['upload_filename']['name']) && $_SESSION['valid'] = "1" && $_POST["sessionid"] == session_id()) {
-
-	$filename    = $_FILES['upload_filename']['name'];
-	$destination = Check_path($_POST["upload_destination"]);
+function Upload_File_response() { //********************************************
+	global $filename, $message, $page;
+	$filename    = $_FILES['upload_file']['name'];
+	$destination = htmlspecialchars_decode(Check_path($_POST["upload_destination"]));
+	$page = "index";
 
 	if (($filename == "")){ 
 		$message = "<b>(!) No file selected for upload... </b>";
-	}elseif (($destination != "") && !is_dir($_POST["upload_destination"])) {
+	}elseif (($destination != "") && !is_dir($destination)) {
 		$message .= '<b>(!)</b> Destination folder does not exist: <br><b>';
-		$message .= ''.$WEB_ROOT.$destination.'</b><br><b>Upload cancelled.</b>';
+		$message .= ''.htmlentities($WEB_ROOT.$destination).'</b><br><b>Upload cancelled.</b>';
 	}else{
-		$message .= 'Uploading: <b>"'.$filename.'"</b> to <b>"'.$WEB_ROOT.$destination.'"</b>';
-		
-		$savefile = ordinalize($destination, $filename, $message);
-
-		if(move_uploaded_file($_FILES['upload_filename']['tmp_name'], $savefile)) {
+		$message .= 'Uploading: "<b>'.htmlentities($filename).'</b>"...';
+		$savefile = ordinalize($destination, $filename);
+		if(move_uploaded_file($_FILES['upload_file']['tmp_name'], $savefile)) {
 			$message .= '<br>Upload successful.';
 		} else{
-			$message .= "<br><b>(!) There was an error.</b> Upload or rename may have failed.";
+			$message .= '<br><b>(!) There was an error.</b> Upload or rename may have failed.';
 		}
 	}
-} //end Upload file response code **********************************************
+}//end Upload_File_response() **************************************************
 
 
 
@@ -812,14 +799,13 @@ function Upload_Page() { //*****************************************************
 
 
 function New_File_Page() { //***************************************************
-	global $ONESCRIPT, $WEB_ROOT, $ipath, $param1;
+	global $FORM_COMMON;
 ?>
-		<h2 style="float: left;">New File</h2>
-		<form method="post" action="<?php echo $ONESCRIPT.$param1; ?>">
-			<input type="hidden" name="sessionid" value="<?php echo session_id(); ?>">
-			<input type="text" name="new_filename" id="new_filename" class="textinput1" value="">
-			<p>	<?php Cancel_Submit_Buttons("Create","new_filename"); ?> </p>
-		</form>
+	<h2>New File</h2>
+	<?php echo $FORM_COMMON ?>
+		<input type="text" name="new_file" id="new_file" value="">
+		<?php Cancel_Submit_Buttons("Create","new_file"); ?>
+	</form>
 <?php
 }//end New_File_Page()**********************************************************
 
@@ -827,149 +813,112 @@ function New_File_Page() { //***************************************************
 
 
 
-// NEW FILE response code ******************************************************
-if (isset($_POST["new_filename"]) && $_SESSION['valid'] = "1" && $_POST["sessionid"] == session_id()) {
-
-	$filename = $ipath.trim($_POST["new_filename"],'/ '); //trim spaces & slashes
+function New_File_response() { //***********************************************
+	global $ipath, $filename, $page, $message;
+	$new_name = $_POST["new_file"];
+	$FS = strpos($new_name, '/');
+	$filename = $ipath.trim($new_name,'/ '); //trim spaces & slashes
 	$savefile = $DOC_ROOT.$filename;
-
-	if (($_POST["new_filename"] == "")){ 
-		$message = "<b>(!) New file not created - no filename given... </b>";
+	$page = "index"; // return to index if new file fails
+	
+	if ( $FS !== false){
+		$message .= '<b>('.$FS.') File not created.</b> Filename contains invalid character(s) (forward slash): <br>';
+		$message .= '<b>'.htmlentities($new_name).'</b>';
+	}elseif (($_POST["new_file"] == "")){ 
+		$message = "<b>(!) New file not created - no filename given.</b>";
 	}elseif (file_exists($savefile)) {
-		$message = '<b>(!) "'.$filename.'"</b> not created. A file with that name already exists.';
-	} else {
-		$handle = fopen($savefile, 'w') or die("can't open file");
+		$message = '<b>(!) "'.htmlentities(basename($filename)).'"</b> not created. A file with that name already exists.';
+	}elseif ($handle = fopen($savefile, 'w')) {
 		fclose($handle);
-		$message = '"<b>'.$filename.'</b>"successfully created.';
-		$ipath = Check_path(dirname($filename)); //if changed, return to new dir.
-		$param1 = "?i=".$ipath;
-		$page = "edit";
-	}
-}//end NEW FILE response code **************************************************
-
-
-
-
-
-
-function Copy_File_Page(){ //***************************************************
-	global $ONESCRIPT, $WEB_ROOT, $ipath, $param1, $filename;
-
-	$new_filename = ordinalize($ipath, basename($filename));
-?>
-	<h2>Copy File</h2>
-
-	<form method="post" id="new" action="<?php echo $ONESCRIPT.$param1; ?>">
-		<input type="hidden" name="sessionid" value="<?php echo session_id(); ?>">
-		<p>
-			<label>Old filename:</label>
-			<span class="web_root"><?php echo $WEB_ROOT; ?></span>
-			<input type="hidden" name="old_filename" value="<?php echo $filename; ?>">
-			<input type="text"   name="dummy" value="<?php echo $filename; ?>" disabled="disabled">
-		</p>
-		<p>
-			<label for="copy_filename">New filename:</label>
-			<span class="web_root"><?php echo $WEB_ROOT; ?></span>
-			<input type="text" name="copy_filename" id="copy_filename" 
-				  class="textinput" value="<?php echo $new_filename; ?>">
-		</p>
-		<p><?php Cancel_Submit_Buttons("Copy","copy_filename"); ?></p>
-	</form>
-<?php }//end Copy_File_Page() **************************************************
-
-
-
-
-	
-// COPY FILE response code *****************************************************
-if (isset($_POST["copy_filename"]) && $_SESSION['valid'] = "1" && $_POST["sessionid"] == session_id()) {
-	$old_filename = $_POST["old_filename"];
-	$new_filename = $_POST["copy_filename"];
-
-	if (file_exists($new_filename)) {
-		$message .= '<b>(!) Error copying file - target filename already exists:<br>';
-		$message .= '(!) '.$new_filename.'</b>';
+		$message = '"<b>'.htmlentities(basename($filename)).'</b>" successfully created.';
+		$ipath    = Check_path(dirname($filename)); //if changed, return to new dir.
+		$param1   = '?i='.URLencode_path($ipath);
 		$page = "edit";
-		$filename = $old_filename;
-	}elseif (copy($old_filename, $new_filename)){ 
-		$message  = '<b>"'.$old_filename.'"</b><br>';
-		$message .= ' --- successfully copied to ---<br>';
-		$message .= '<b>"'.$new_filename.'"</b>';
-	}else{
-		$message .= '<b>(!) Error copying file:<br>"'.$new_filename.'"</b>';
+	}else {
+		$message .= "<b>(!) ERROR - can't open or create file:<br>";
+		$message .= htmlentities($filename);
 	}
-}//end COPY FILE response code *************************************************
+}//end New_File_response() *****************************************************
 
 
 
 
 
-function Rename_File_Page() { //************************************************
-	global $ONESCRIPT, $WEB_ROOT, $ipath, $param1, $filename;
+function Copy_Ren_Move_Page($action, $title, $name_id, $isfile) { //******
+	//$action = 'Copy' or 'Rename'. $isfile = 1 if acting on a file, not a folder
+	global $WEB_ROOT, $ipath, $filename, $FORM_COMMON;
+	if ($isfile) { $old_name = $filename; }else{ $old_name = $ipath; }
+	if ($isfile) { $new_name = $filename; }else{ $new_name = $ipath; }
+	if ($action == "Copy" ) { $new_name = ordinalize($ipath, basename($filename)); }
 ?>
-	<h2>Rename/Move File</h2>
-
-	<p>To move a file, change the folder's name, as in 
-	"newfolder/filename.txt". The new folder must already exist.</p>
-
-	<form method="post" action="<?php echo $ONESCRIPT.$param1; ?>">
-		<input type="hidden" name="sessionid" value="<?php echo session_id(); ?>">
+	<h2><?php echo $action.' '.$title ?></h2>
+	<p>To move a file or folder, change the path/to/folder/or_file. The new location must already exist.</p>
+	<?php echo $FORM_COMMON ?>
 		<p>
-			<label>Old filename:</label>
-			<span class="web_root"><?php echo $WEB_ROOT; ?></span>
-			<input type="text" name="old_filename" value="<?php echo $filename; ?>" class="textinput" readonly="readonly">
+			<label>Old name:</label>
+			<span class="web_root"><?php echo htmlentities($WEB_ROOT); ?></span>
+			<input type="text" name="old_name" 
+				value="<?php echo htmlspecialchars($old_name); ?>" readonly="readonly">
 		</p>
 		<p>
-			<label for="rename_filename">New filename:</label>
-			<span class="web_root"><?php echo $WEB_ROOT; ?></span>
-			<input type="text" name="rename_filename" id="rename_filename" class="textinput" value="<?php echo $filename; ?>">
+			<label>New name:</label>
+			<span class="web_root"><?php echo htmlentities($WEB_ROOT); ?></span>
+			<input type="text" name="<?php echo $name_id ?>" id="<?php echo $name_id ?>" 	
+				value="<?php echo htmlspecialchars($new_name); ?>">
 		</p>
-		<p><?php Cancel_Submit_Buttons("Rename", "rename_filename"); ?></p>
+		<?php Cancel_Submit_Buttons($action, $name_id); ?>
 	</form>
-<?php } //end Rename_File_Page() ***********************************************
+<?php } //end Copy_Ren_Move_Page() *********************************************
 
 
 
 
 
-// RENAME FILE response code ***************************************************
-if (isset($_POST["rename_filename"]) && $_SESSION['valid'] = "1" && $_POST["sessionid"] == session_id()) {
-	$old_filename = $_POST["old_filename"];
-	$new_filename = trim($_POST["rename_filename"], '/');
 
-	$page = "edit"; //return to edit page
+//******************************************************************************
+function Copy_Ren_Move_response($old_name, $new_name, $action, $msg1, $msg2, $isfile){
+	//$action = 'copy' or 'rename'. $isfile = 1 if acting on a file, not a folder
+	global $WEB_ROOT, $ipath, $param1, $message, $page, $filename;
+
+	$old_name = htmlspecialchars_decode(trim($old_name,'/ '));
+	$new_name = htmlspecialchars_decode(trim($new_name,'/ '));
+	$new_location = dirname($new_name);
+	$filename = $old_name; //default if error
+	$page = "index"; //Return to index if folder
+	if ($isfile) { $page = "edit"; }//return to edit page if a file
 	
-	if (file_exists($new_filename)) {
-		$message .= '<b>(!) Error renaming or moving file - target filename already exists:<br>';
-		$message .= '(!) '.$new_filename.'</b>';
-		$page = "edit";
-		$filename = $old_filename;
-	}elseif (rename($old_filename, $new_filename)) {
-		$message .= '<b>"'.$old_filename.'</b>"<br>';
-		$message .= ' --- successfully renamed to ---<br>';
-		$message .= '<b>"'.$new_filename.'</b>"<br>';
-		$filename = $new_filename;
-		$ipath = Check_path(dirname($filename)); //if changed, return to new dir.
-		$param1 = '?i='.$ipath;
+	if ( !is_dir($new_location) ){
+		$message .= '<b>(!) '.$msg1.' Error - new parent location does not exist:</b><br>';
+		$message .= $WEB_ROOT.$new_location.'/<br>';
+	}elseif (file_exists($new_name)) {
+		$message .= '<b>(!) '.$msg1.' Error - target filename already exists:<br>';
+		$message .= ''.htmlentities($WEB_ROOT.$new_name).'</b>';
+	}elseif ($action($old_name, $new_name)) {
+		$message .= '<b>'.htmlentities($WEB_ROOT.$old_name).'</b><br>';
+		$message .= ' --- Successfully '.$msg2.' to ---<br>';
+		$message .= '<b>'.htmlentities($WEB_ROOT.$new_name).'</b>';
+		$filename = $new_name; //so edit page knows what to edit
+		if ($isfile) { $ipath = Check_path(dirname($filename)); } //if changed,
+		else         { $ipath = Check_path($filename); }          //return to new dir.
+		$param1   = '?i='.URLencode_path($ipath);
 	}else{
-		$message .= '<b>(!) Error renaming/moving file from:<br>"'.$old_filename.'"</b>';
-		$message .= '<b>(!) To:<br>"'.$new_filename.'"</b>';
+		$message .= '<b>'.htmlentities($WEB_ROOT.$old_name).'</b><br>';
+		$message .= '<b>(!) Error durring '.$msg1.' from the above to the following:</b><br>';
+		$message .= '<b>'.htmlentities($WEB_ROOT.$new_name).'</b>';
 	}
-}//end RENAME FILE response code ***********************************************
+}//end Copy_Ren_Move_response() ************************************************
 
 
 
 
 
 function Delete_File_Page() { //************************************************
-	global $ONESCRIPT, $WEB_ROOT, $ipath, $param1, $filename;
+	global $filename, $FORM_COMMON;
 ?>
-	<h2 style="float: left;">Delete File</h2>
-
-	<form method="post" action="<?php echo $ONESCRIPT.$param1; ?>">
-		<input type="hidden" name="sessionid" value="<?php echo session_id(); ?>">
-		<input type="hidden" name="delete_filename" value="<?php echo $filename; ?>" >
-		<span class="verify"><?php echo basename($filename); ?></span>
+	<h2>Delete File</h2>
+	<?php echo $FORM_COMMON ?>
+		<input type="hidden" name="delete_file" value="<?php echo htmlspecialchars($filename); ?>" >
+		<span class="verify"><?php echo htmlentities(basename($filename)); ?></span>
 		<p class="sure"><b>Are you sure?</b></p>
 		<?php Cancel_Submit_Buttons("DELETE", "cancel"); ?>
 	</form>
@@ -979,31 +928,31 @@ function Delete_File_Page() { //************************************************
 
 
 
-// DELETE FILE response code ***************************************************
-if (isset($_POST["delete_filename"]) && $_SESSION['valid'] = "1" && $_POST["sessionid"] == session_id()) {
-	$filename = $_POST["delete_filename"];
+function Delete_File_response(){ //*********************************************
+	global $filename, $message, $page;
+
+	$page = "index"; //Return to index
+	$filename = htmlspecialchars_decode($_POST["delete_file"]);
 
 	if (unlink($filename)) {
-		$message = '"<b>'.basename($filename).'</b>" successfully deleted.';
+		$message .= '"<b>'.htmlentities(basename($filename)).'</b>" successfully deleted.';
 	}else{
-		$message = '<b>(!) Error deleting "'.$filename.'"</b>.';
+		$message .= '<b>(!) Error deleting "'.htmlentities($filename).'"</b>.';
 		$page = "edit";
 	}
-}//end DELETE FILE response code ***********************************************
+}//end Delete_File_response() **************************************************
 
 
 
 
 
 function New_Folder_Page() { //*************************************************
-	global $ONESCRIPT, $WEB_ROOT, $ipath, $param1;
+	global $FORM_COMMON;
 ?>
-	<h2 style="float: left;">New Folder</h2>
-	<form method="post" action="<?php echo $ONESCRIPT.$param1; ?>">
-		<input type="hidden" name="sessionid" value="<?php echo session_id(); ?>">
-		<input type="text" name="new_folder" id="new_folder" class="textinput1" value="">
-		<p><?php Cancel_Submit_Buttons("Create","new_folder"); ?></p>
-		
+	<h2>New Folder</h2>
+	<?php echo $FORM_COMMON ?>
+		<input type="text" name="new_folder" id="new_folder" value="">
+		<?php Cancel_Submit_Buttons("Create","new_folder"); ?>
 	</form>
 <?php } // end New_Folder_Page() ***********************************************
 
@@ -1011,153 +960,181 @@ function New_Folder_Page() { //*************************************************
 
 
 
-// NEW FOLDER response code ****************************************************
-if (isset($_POST["new_folder"]) && $_SESSION['valid'] = "1" && $_POST["sessionid"] == session_id()) {
+function New_Folder_response(){ //**********************************************
+	global $message, $ipath, $param1, $page;
 
-	$new_folder = $ipath.trim($_POST["new_folder"],"/").'/'; //make sure only has a single trailing slash.
+	$page = "index"; //Return to index
+	$new_name = trim($_POST["new_folder"],'/ ');
+	$invalid_characters = '< > ? * : " | / \\';
+	$invalid_char_array = explode(' ', $invalid_characters);
+	foreach ($invalid_char_array as $bad_char) {
+		if (strpos($new_name, $bad_char) !== false) { $invalid = true; }
+	}
 
+	 //Trim spaces, and make sure only has a single trailing slash.
+	$new_folder = $ipath.trim($_POST["new_folder"],"/ ").'/';
 
-	if ($_POST["new_folder"] == ""){ 
+	if ($invalid){
+		$message .= '<b>(!) Error-</b> new name may not contain invalid character(s): <b>'.htmlentities($invalid_characters).'</b><br>';
+		$message .= '<b>'.htmlentities($new_name).'<b>';
+	}elseif ($_POST["new_folder"] == ""){ 
 		$message .= "<b>(!) New folder not created - no name given... </b>";
 	}elseif (is_dir($new_folder)) {
 		$message .= '<b>(!) Folder already exists: ';
-		$message .= ''.$new_folder.'</b>';
+		$message .= ''.htmlentities($new_folder).'</b>';
 	}elseif (mkdir($new_folder)) {
-		$message .= 'Folder "<b>'.basename($new_folder).'</b>" successfully created.';
-		$ipath   = $new_folder;  //cd to new folder
-		$param1 = "?i=".$ipath;
+		$message .= 'Folder "<b>'.htmlentities(basename($new_folder)).'</b>" successfully created.';
+		$ipath  = $new_folder;  //return to new folder
+		$param1 = '?i='.URLencode_path($ipath);
 	}else{
-		$message .= "<b>(!) Error- new folder not created.</b>";
+		$message .= '<b>(!) Error- new folder not created: </b><br>';
+		$message .= htmlentities($WEB_ROOT.dirname($new_folder)).'/<b>'.htmlentities(basename($new_folder)).'/</b><br>';
+		if ( !is_dir(dirname($new_folder)) ) { $message .= '&nbsp; <b>Parent folder must already exist.</b>';}
 	}
-}//end NEW FOLDER response code ************************************************
+}//end New_Folder_response *****************************************************
 
 
 
 
 
-function Rename_Folder_Page() { //**********************************************
-	global $ONESCRIPT, $WEB_ROOT, $ipath, $param1;
+function Delete_Folder_Page(){ //***********************************************
+	global $WEB_ROOT, $ipath, $FORM_COMMON;
 ?>
-	<h2>Rename Folder</h2>
-	<form method="post" action="<?php echo $ONESCRIPT.$param1; ?>">
-		<input type="hidden" name="sessionid" value="<?php echo session_id(); ?>">
-		<p>
-			<label>Old name:</label><input type="hidden" name="old_foldername" value="<?php echo $ipath; ?>">
-			<span class="web_root"><?php echo $WEB_ROOT.Check_path(dirname($ipath)); ?></span>
-			<input type="text" name="dummy" value="<?php echo basename($ipath); ?>" class="textinput1" disabled="disabled">
-		</p>
-		<p>
-			<label for="new_foldername">New name:</label>
-			<span class="web_root"><?php echo $WEB_ROOT.Check_path(dirname($ipath)); ?></span>
-			<input type="text" name="new_foldername" id="new_foldername" class="textinput1" value="<?php echo basename($ipath); ?>">
-		</p>
-		<p><?php Cancel_Submit_Buttons("Rename","new_foldername"); ?></p>
+	<h2>Delete Folder</h2>
+	<?php echo $FORM_COMMON ?>
+		<input type="hidden" name="delete_folder" value="<?php echo htmlspecialchars($ipath); ?>" >
+		<span class="web_root"><?php echo htmlentities($WEB_ROOT.Check_path(dirname($ipath))); ?></span>
+		<span class="verify"><?php echo htmlentities(basename($ipath)); ?></span> /
+		<p class="sure"><b>Are you sure?</b></p>
+		<?php Cancel_Submit_Buttons("DELETE", "cancel"); ?>
 	</form>
-<?php } //end Rename_Folder_Page() *********************************************
+<?php } //end Delete_Folder_Page() //*******************************************
 
 
 
 
 
-// RENAME FOLDER response code *************************************************
-if (isset($_POST["new_foldername"]) && $_SESSION['valid'] = "1" && $_POST["sessionid"] == session_id()) {
+function Delete_Folder_response() { //******************************************
+	global $ipath, $param1, $page, $message;
+	$page = "index"; //Return to index
+	$foldername = htmlspecialchars_decode(trim($_POST["delete_folder"], '/'));
+
+	if ( !is_empty($ipath) ) {
+		$message .= '<b>(!) Folder not empty. &nbsp; Folders must be empty before they can be deleted.</b>';
+	}elseif (@rmdir($foldername)) {
+		$message .= 'Folder "<b>'.htmlentities(basename($foldername)).'</b>" successfully deleted.';
+		$ipath  = Check_path($foldername); //Return to parent dir.
+		$param1 = '?i='.URLencode_path($ipath);
+	}else {
+		$message .= '<b>(!) "'.htmlentities($foldername).'/"</b> an error occurred during delete.';
+	}
+}//end Delete_Folder_response() ************************************************
 
-	$old_foldername = $_POST["old_foldername"]; // entire old $ipath
-	$new_foldername = $_POST["new_foldername"]; // not entire path - only end foldername
 
-	//Removed any trailing slashes
-	$new_foldername = Check_path(dirname($old_foldername)).trim($new_foldername, '/');
 
-	if (file_exists($new_foldername)) {
-		$message .= '<b>(!) Error renaming folder- target name already exists:</b><br>';
-		$message .= '<b>&nbsp; &nbsp; '.$WEB_ROOT.$new_foldername.'</b><br>';
-	}elseif (rename($old_foldername, $new_foldername)) {
-		$message .= '<b>"'.$old_foldername.'</b>"<br>';
-		$message .= ' --- successfully renamed to ---<br>';
-		$message .= '<b>"'.$new_foldername.'/</b>"<br>';
-		$ipath    = Check_path($new_foldername); //Return to new folder
-		$param1 = "?i=".$ipath;
-	} else {
-		$message = "<b>(!)</b> There was an error during rename. Try again and/or contact your admin.";
-	}
-}//end RENAME FOLDER response code *********************************************
 
 
+// Login Page response message**************************************************
+if (isset($_POST["username"])) {
+	if (($_SESSION['username'] != $config_username) || ($_SESSION['password'] != $config_password))
+		{ $message = "<b>(!) INVALID LOGIN ATTEMPT</b>"; }
+}//end Login Page response message**********************************************
 
 
 
-function Delete_Folder_Page(){ //***********************************************
-	global $ONESCRIPT, $WEB_ROOT, $ipath, $param1;
-?>
-	<br><h2>Delete Folder</h2>
 
-	<form method="post" action="<?php echo $ONESCRIPT.$param1; ?>">
-		<input type="hidden" name="sessionid" value="<?php echo session_id(); ?>">
-		<input type="hidden" name="delete_foldername" value="<?php echo $ipath; ?>" >
-		<span class="web_root"><?php echo $WEB_ROOT.Check_path(dirname($ipath)); ?></span>
-		<span class="verify"><?php echo basename($ipath); ?></span> /
-		<p class="sure"><b>Are you sure?</b></p>
-		<?php Cancel_Submit_Buttons("DELETE", "cancel"); ?>
-	</form>
-<?php } //end Delete_Folder_Page() //*******************************************
 
+//Logout ***********************************************************************
+if ($page == "logout") {
+	$page = "login";
+	$_SESSION['valid'] = "0";
+	session_destroy();
+	$message = 'You have successfully logged out.';
+}//*****************************************************************************
 
 
 
 
-// DELETE FOLDER response code *************************************************
-if ( ($page == "deletefolder") && !is_empty($ipath) ) {
-	$message = '<b>(!) Folder not empty.</b>  Folders must be empty before they can be deleted.<br>';
-	$page = "index";
-}
 
-if (isset($_POST["delete_foldername"]) && $_SESSION['valid'] = "1" && $_POST["sessionid"] == session_id()) {
+if ($VALID_POST) { //***********************************************************
+	if (isset($_FILES['upload_file']['name'])) { Upload_File_response(); }
+	if (isset($_POST["filename"]     )) { Edit_Page_response(); }
+	if (isset($_POST["new_file"]     )) { New_File_response(); }
+	if (isset($_POST["copy_file"]    )) { Copy_Ren_Move_response($_POST[ "old_name"], $_POST["copy_file"], 'copy', 'Copy', 'Copied', 1); } 
+	if (isset($_POST["rename_file"]  )) { Copy_Ren_Move_response($_POST[ "old_name"], $_POST["rename_file"], 'rename', 'Rename/Move', 'Renamed/Moved', 1); } 
+	if (isset($_POST["delete_file"]  )) { Delete_File_response(); }
+	if (isset($_POST["new_folder"]   )) { New_Folder_response(); }
+	if (isset($_POST["rename_folder"])) { Copy_Ren_Move_response($_POST[ "old_name"], $_POST["rename_folder"], 'rename', 'Rename/Move', 'Renamed/Moved', 0); } 
+	if (isset($_POST["delete_folder"])) { Delete_Folder_response(); }
+}//end if ($VALID_POST) ********************************************************
 
-	$page = "index"; //Return to index
-	$foldername = trim($_POST["delete_foldername"], '/');
-
-	if (@rmdir($foldername)) {
-		$message = 'Folder "<b>'.basename($foldername).'</b>" successfully deleted.';
-		$ipath = Check_path($foldername); //Return to parent dir.
-		$param1 = "?i=".$ipath;
-	} else {
-		$message .= '<b>(!) "'.$foldername.'/"</b> an error occurred during delete.';
+
+
+
+
+//<title>$pagetitle</title>*****************************************************
+if     ($page == "login")        { $pagetitle = "Log In";         }
+elseif ($page == "edit")         { $pagetitle = "Edit/View File"; }
+elseif ($page == "upload")       { $pagetitle = "Upload File";    }
+elseif ($page == "newfile")      { $pagetitle = "New File";       }
+elseif ($page == "copy" )        { $pagetitle = "Copy";           }
+elseif ($page == "rename")       { $pagetitle = "Rename File";    }
+elseif ($page == "delete")       { $pagetitle = "Delete";         }
+elseif ($page == "newfolder")    { $pagetitle = "New Folder";     }
+elseif ($page == "renamefolder") { $pagetitle = "Rename Folder";  }
+elseif ($page == "deletefolder") { $pagetitle = "Delete Folder";  }
+else                  { $pagetitle = $_SERVER['SERVER_NAME']; }
+//******************************************************************************
+
+
+
+
+
+//*** Verify valid $page *******************************************************
+if ($page != "") {
+	if (!in_array(strtolower($page), $valid_pages)) {
+		header("Location: ".$ONESCRIPT); // redirect on invalid page attempts
+		$page = "index";
 	}
-}//end DELETE FOLDER response code *********************************************
+}
+if ( ($page == "deletefolder") && !is_empty($ipath) ) {
+	$message = '<b>(!) Folder not empty. &nbsp; Folders must be empty before they can be deleted.</b>';
+	$page = "index";
+}
+//Don't load login screen if already in a valid session 
+if (($page == "login") and ($_SESSION['valid'])) { $page = "index"; }
+//******************************************************************************
 
 
 
 
 
 function Load_Selected_Page(){ //***********************************************
-	global $page;
-	if ($page == "login")        { Login_Page();         }
-	if ($page == "index")        { Index_Page();         }
-	if ($page == "edit")         { Edit_Page();          }
-	if ($page == "upload")       { Upload_Page();        }
-	if ($page == "new")          { New_File_Page();      }
-	if ($page == "copy")         { Copy_File_Page();     }
-	if ($page == "rename")       { Rename_File_Page();   }
-	if ($page == "delete")       { Delete_File_Page();   }
-	if ($page == "newfolder")    { New_Folder_Page();    }
-	if ($page == "renamefolder") { Rename_Folder_Page(); }
-	if ($page == "deletefolder") { Delete_Folder_Page(); }
+	global $ONESCRIPT, $page, $valid_pages;
+
+	if     ($page == "login")        { Login_Page();         }
+	elseif ($page == "edit")         { Edit_Page();          }
+	elseif ($page == "upload")       { Upload_Page();        }
+	elseif ($page == "newfile")      { New_File_Page();      }
+	elseif ($page == "copy")         { Copy_Ren_Move_Page('Copy', 'File', 'copy_file', 1); }
+	elseif ($page == "rename")       { Copy_Ren_Move_Page('Rename', 'File', 'rename_file', 1); }
+	elseif ($page == "delete")       { Delete_File_Page();   }
+	elseif ($page == "newfolder")    { New_Folder_Page();    }
+	elseif ($page == "renamefolder") { Copy_Ren_Move_Page('Rename', 'Folder', 'rename_folder', 0); }
+	elseif ($page == "deletefolder") { Delete_Folder_Page(); }
+	else                             { Index_Page();         } //default
 }//end Load_Selected_Page() ****************************************************
 
 
 
 
 
-
 //******************************************************************************
 function Time_Stamp_scripts() {  ?>
 
 <script>//Dispaly file's timestamp in user's local time 
 
-function pad(num){ 
-	if ( num < 10 ){ num = "0" + num; }
-	return num
-}
+function pad(num){ if ( num < 10 ){ num = "0" + num; }; return num; }
 
 
 function FileTimeStamp(php_filemtime, show_offset){
@@ -1185,8 +1162,8 @@ function FileTimeStamp(php_filemtime, show_offset){
 	var offset_MINS  = pad( NEG * GMT_offset % 60 );
 	var offset_FULL  = "UTC " + SIGN + offset_HOURS + ":" + offset_MINS;
 
-	if (show_offset){ var DATETIME = YEAR+"-"+MONTH+"-"+DATE+" &nbsp;"+HOURS+":"+MINS+" "+AMPM+" ("+offset_FULL+")"; }
-	else            { var DATETIME = YEAR+"-"+MONTH+"-"+DATE+" &nbsp;"+HOURS+":"+MINS+" "+AMPM; }
+	if (show_offset){ var DATETIME = YEAR+"-"+MONTH+"-"+DATE+" &nbsp;"+HOURS+":"+MINS+":"+SECS+" "+AMPM+" ("+offset_FULL+")"; }
+	else            { var DATETIME = YEAR+"-"+MONTH+"-"+DATE+" &nbsp;"+HOURS+":"+MINS+":"+SECS+" "+AMPM; }
 	
 	document.write( DATETIME );
 
@@ -1314,62 +1291,45 @@ function style_sheet(){ //****************************************************?>
 html,body,div,span,applet,object,iframe,h1,h2,h3,h4,h5,h6,p,blockquote,pre,a,abbr,acronym,address,big,
 cite,code,del,dfn,em,font,img,ins,kbd,q,s,samp,small,strike,strong,sub,sup,tt,var,dl,dt,dd,ol,ul,li,
 fieldset,form,label,legend,table,caption,tbody,tfoot,thead,tr,th,td
-{border : 0;  outline: 0; margin : 0; padding: 0;
+{ border : 0; outline: 0; margin : 0; padding: 0;
 font-family: inherit; font-weight: inherit; font-style : inherit;
 font-size  : 100%; vertical-align: baseline; }
 
 
-
 /* --- general formatting --- */
 
 body { font-size: 1em; background: #DDD; font-family: sans-serif; }
 
-p, table { margin-bottom: .5em; }
-
-div{position: relative;}
-
-h1,h2,h3,h4,h5,h6{font-weight: bold;}
-h2 { font-size: 20px; margin: 0 1em .2em 0;} /*TRBL*/
-h3 { font-size: 18px; margin-top: 15px; }
-h4 { font-size: 1.3em; margin-bottom: .2em; font-weight: normal;}
-
-em, i { font-style: italic; }
+p, table { margin-bottom: .5em; margin-top: .5em;}
 
-strong { font-weight: bold; }
+div { position: relative; }
 
-li {line-height: 1.4em; }
+h1,h2,h3,h4,h5,h6 { font-weight: bold; }
+h2, h3 { font-size: 1.2em; margin: .5em 1em .5em 0; } /*TRBL*/
 
-:focus{outline:0;}
+i, em     { font-style : italic; }
+b, strong { font-weight: bold;   }
 
-ol,ul{list-style:none;}
+:focus { outline:0; }
 
-table{border-collapse:separate;border-spacing:0;}
+table { border-collapse:separate; border-spacing:0; }
+th,td { text-align:left; font-weight:400; }
 
-caption,th,td{text-align:left;font-weight:400;}
-
-blockquote:before,blockquote:after,q:before,q:after{content:"";}
-blockquote,q{quotes:"" "";}
-
-a { border: 1px solid transparent; color: rgb(100,45,0); text-decoration: none; }
+a       { border: 1px solid transparent; color: rgb(100,45,0); text-decoration: none; }
 a:hover { border: 1px solid #807568; background-color: rgb(255,250,150); }
 a:focus { border: 1px solid #807568; background-color: rgb(255,250,150); }
 
-form p { margin-bottom: 5px; }
-
+form p { margin-bottom: .3em; }
 
-label { display: inline-block; width : 7em; font-size : 1em; }
+label { display: inline-block; width : 6em; font-size : 1em; }
 
 svg { margin: 0; padding: 0; }
 
-pre {
+pre { /*Used when trouble shooting around test output*/
 	background: white;
 	border: 1px solid #807568;
-	line-height: 1.25em;
-	overflow: auto
-	overflow-Y: hidden;
-	padding: 10px;
-	margin: 5px 0 10px 0;
-	overflow: hidden;
+	padding: .5em;
+	margin: 0;
 	}
 
 
@@ -1384,9 +1344,8 @@ function style_sheet(){ //****************************************************?>
 
 .header {
 	border-bottom : 1px solid #807568;
-	padding: 04px 0px 04px 0px;
-	margin : 0;
-	margin-bottom : .5em;
+	padding: 04px 0px 01px 0px;
+	margin : 0 0 .5em 0;
 	}
 
 
@@ -1398,15 +1357,6 @@ function style_sheet(){ //****************************************************?>
 	padding: .1em;
 	}
 
-
-.footer { color: #777; font-size: .7em; }
-
-
-.alignleft { margin: 0 10px 10px 0; float: left; }
-
-
-.dirname { font-weight: 400; }
-
 .filename {
 	border: 1px solid #807568;
 	padding: .1em .2em .1em .2em;
@@ -1470,19 +1420,9 @@ function style_sheet(){ //****************************************************?>
 
 /* File size & date */
 
-.meta_size { min-width: 6em; }
-
-.meta_time { width    : 13em;}
+.meta_size { min-width:  6em; }
 
-.meta {
-	height        : 25px;
-	line-height   : 1.1em;
-	font-size     : .9em;
-	margin-top    : 3px;
-	padding-right : .5em;
-    font-size     : .9em;
-	color         : #333;
-	}
+.meta_time { min-width: 15em; }
 
 .meta_T {
 	padding-right : .5em;
@@ -1531,24 +1471,19 @@ function style_sheet(){ //****************************************************?>
 input[type="text"] {
 	border: 1px solid #807568;
 	padding: 2px;
-	width: 630px;
+	width: 40em;
 	font: 1em "Courier New", Courier, monospace;
 	}
 
-input.textinput1 { width: 20em; }
-
-input.textinput2 { width: 40em; }
-
 textarea {
 	border: 1px solid #999;
 	font  : .95em "Courier New", Courier, monospace;
-	margin: 0 0 .5em 0; /*T R B L*/
+	margin: 0 0 0 0; /*T R B L*/
 	width : 99.5%;
 	height: 30em;
-	height: 30em;
 	}
 
-textarea[disabled ]{ width : 99.5%; height: 50px; }
+textarea[disabled] { width : 99.5%; height: 50px; background-color: #EEE; color: #777;}
 
 textarea:focus { border: 1px solid #Faa; }
 
@@ -1565,8 +1500,7 @@ function style_sheet(){ //****************************************************?>
 
 .buttons_right         { float: right; }
 .buttons_right .button { margin-left: 7px; }
-.buttons_left          { float: left; }
-.buttons_left  .button { margin-right: 7px; }
+
 
 .button {
 	border : 1px solid #807568;
@@ -1604,7 +1538,6 @@ function style_sheet(){ //****************************************************?>
 .nav a:focus { border: 1px solid #807568; }
 
 
-
 /* --- edit --- */
 
 #edit_header  {margin: 0;}
@@ -1626,10 +1559,12 @@ function style_sheet(){ //****************************************************?>
 .login_page {
 	margin  : 5em auto;
 	border  : 1px solid #807568;
-	padding : 1em;
+	padding : 1em 1em 0 1em;
 	width   : 360px;
 	}
 
+.login_page .nav { margin-top: .5em; }
+
 .login_input {
 	border  : 1px solid #807568;
 	padding : 2px 0px 2px 2px;
@@ -1637,18 +1572,17 @@ function style_sheet(){ //****************************************************?>
 	font    : 1em "Courier New";
 	}
 
-input[type="text"].login_input { width   : 354px; }
-
+.login_page input[type="text"]{ width   : 354px; }
 
 
 /* --- --- --- */
 hr { 
 	line-height  : 0;
-	font-size    : 1px;
+	Xfont-size    : 1px;
 	display : block;
 	position: relative;
 	padding : 0;
-	margin  : 8px auto;
+	margin  : 1em auto;
 	width   : 100%;
 	clear   : both;
 	border  : none;
@@ -1659,17 +1593,19 @@ function style_sheet(){ //****************************************************?>
 
 .web_root { font:1.2em Courier; }
 
-.sure { margin: .5em 0em .5em 0; }
-
 .verify {
 	border: 1px solid #807568;
 	color: #333;
 	background-color: #FEE;
-	padding: 2px .3em;
+	padding: .1em .2em;
 	font: 1.2em Courier;
 	}
 
+.sure { margin: .7em 0em .5em 0; }
+
 .icon {float: left; margin: 0 5px 0 0;}
+
+.H2_LEFT { float: left; }
 </style>
 <?php }//end style_sheet() *****************************************************
 
@@ -1686,7 +1622,6 @@ function style_sheet(){ //****************************************************?>
 <head>
 
 <title><?php echo $config_title.' - '.$pagetitle ?></title>
-
 <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
 <meta name="robots" content="noindex">
 
@@ -1700,34 +1635,31 @@ function style_sheet(){ //****************************************************?>
 
 <?php
 if ($page == "login"){ echo '<div class="login_page">'; }
-				 else{ echo '<div class="container">';  }
+				 else{ echo '<div class="container" >'; }
 ?>
 
 <div class="header">
 	<?php echo '<a href="', $ONESCRIPT, '" id="logo">', $config_title; ?></a>
 	<?php echo $version; ?>
-	
-	<?php if ($_SESSION['valid'] == "1") { ?>
-		<div class="nav">
-			<a href="/"><?php show_favicon() ?>&nbsp; 
-			<b><?php echo $WEBSITE ?>/</b>  &nbsp;- &nbsp;
-			Visit Site</a> |
-			<a href="<?php echo $ONESCRIPT ?>?p=logout">Log Out</a>
-		</div>
-	<?php } ?>
-</div><!-- end header -->
 
-<?php message_box() ?>
+	<div class="nav">
+		<a href="/" target="_blank"><?php show_favicon() ?>&nbsp; 
+		<b><?php echo htmlentities($WEBSITE) ?></b>  &nbsp;- &nbsp;
+		Visit Site</a>
+		<?php if ($page != "login") { ?>
+		| <a href="<?php echo $ONESCRIPT ?>?p=logout">Log Out</a>
+		<?php } ?>
+	</div><div style="clear:both;"></div>
+</div><!-- end header -->
 
 <?php if ( $page != "login" ){ Current_Path_Header(); } ?>
 
-<?php Load_Selected_Page() ?>
+<?php message_box() ?>
 
-<div class="footer">
-	<hr><br><br>
-</div>
+<?php Load_Selected_Page() ?>
 
-</div><!-- end container -->
+<hr>
+</div><!-- end container/login_page -->
 
 </body>
 </html>
diff --git a/readme.markdown b/readme.markdown
index c38d3d8..ef37fa6 100755
--- a/readme.markdown
+++ b/readme.markdown
@@ -1,8 +1,8 @@
-### May 20, 2012
+### May 29, 2012
 
-# Current stable versions: 1.5, 2.0, & 3.0
+# Current stable versions: 1.5, 2.0, & 3.1
 
-- 3.0: "Full" version - uses svg icons
+- 3.1: "Full" version - uses svg icons
 - 2.0: "Lite" version - uses no icons.
 - 1.5: style sheet is now part of onfilecms.php file, but still uses external icons.
 
@@ -10,7 +10,7 @@
 
 ### April 30, 2012
 
-# NOTICE - SECURITY HOLE! (Fixed in version 1.2.1)
+## NOTICE - SECURITY HOLE! (Fixed in version 1.2.1)
 
 ## Versions affected
 
@@ -109,11 +109,15 @@ The reason there isn't default support for multiple users is that all of their i
 
 ## Change Log
 
+### 3.1
+
+- (Very) moderate data validation improvements.
+- Reorganized & funcionalized() most of the code.
+
 ### 3.0
 
 - Implemented svg icons
 
-
 ### 2.0
 
 - OneFileCMS is now actually ONE FILE! No external style sheets or icons.
@@ -231,7 +235,7 @@ The reason there isn't default support for multiple users is that all of their i
 
 Written in PHP, JavaScript, HTML and CSS.
 
-Available under the MIT and BSD license.
+Available under the MIT and BSD licenses.
 
 Icons for versions thru 1.1.6 by [famfamfam](http://www.famfamfam.com/).
 
@@ -251,31 +255,36 @@ To report a bug or request a feature, please file an issue via Github. Forks enc
 ### General layout/structure of OneFileCMS.php
   
 Configurable Info  
-Setup a few general & global values.  
 Session start  
+A few functions needed early  
+A few global values.  
 Misc functions  
+A few macros ($vars = "common chunks of code")
 svg\_icons\_...() functions  
-Set page title  
-Logout response  
 Login\_Page() function  
 list\_files() function  
 Index\_Page() function  
-&lt;page...&gt;() functions  
-&lt;page...&gt;   response code  
+&lt;page...&gt;_Page() functions  
+&lt;page...&gt;_response() functions 
 &nbsp; &nbsp; Edit\_Page()...   
 &nbsp; &nbsp; Upload\_  
 &nbsp; &nbsp; New\_File\_  
-&nbsp; &nbsp; Copy\_  
-&nbsp; &nbsp; Rename\_File\_  
-&nbsp; &nbsp; Delete\_File\_   
+&nbsp; &nbsp; Copy_Ren_Move\_  
+&nbsp; &nbsp; Delete\_File\_  
 &nbsp; &nbsp; New\_Folder\_   
-&nbsp; &nbsp; Rename\_Folder\_  
 &nbsp; &nbsp; Delete\_Folder\_  
+Invalid Login response  
+Logout response  
+If ($VALID\_POST), do \_response  
+Set page title  
+Verify valid $page  
 Load\_Selected\_Page() function  
 Time\_Stamp\_scripts() function  
 Edit\_Page\_script() function  
 style\_sheet() function  
 &lt;html&gt;  
+.  
+.. (head, body, etc...)  
 ...  
 Load\_Selected\_Page()  
 ...  

From 3c680927ad3cfe170d7ed6f5ef3866a328fe8a7d Mon Sep 17 00:00:00 2001
From: David <selfevidenttruths@mail.com>
Date: Wed, 30 May 2012 17:32:47 -0400
Subject: [PATCH 067/228] Version 3.1.1 Fixed minor issue regarding
 htmlspecialchars and $filecontent on edit page. Default behavior of
 htmlspecialchars has changed from my local version of php. (now using
 ENT_SUBSTITUTE flag) Also switched to file_get_contents()

---
 onefilecms.php  | 24 ++++++++++--------------
 readme.markdown | 16 ++++++++++------
 2 files changed, 20 insertions(+), 20 deletions(-)

diff --git a/onefilecms.php b/onefilecms.php
index da25a76..c5f9425 100755
--- a/onefilecms.php
+++ b/onefilecms.php
@@ -1,7 +1,7 @@
 <?php
 // OneFileCMS - http://onefilecms.com/
 
-$version = '3.1';
+$version = '3.1.1';
 
 /*******************************************************************************
 Copyright � 2009-2012 https://github.com/rocktronica
@@ -685,17 +685,15 @@ function Edit_Page() { //*******************************************************
 		</p>
 		<?php Close_Button("close"); ?>
 
-		<?php if ( !in_array( strtolower($ext), $itypes) ) { //If non-image, show textarea
+<?php	if ( !in_array( strtolower($ext), $itypes) ) { //If non-image, show textarea
 			if (!$editable) { // If non-text file, disable textarea
-			?>	<p>
+?>			<p>
 				<textarea id="disabled_content" cols="70" rows="3" 
 				disabled="disabled">Non-text or unkown file type. Edit disabled.</textarea>
 				</p>
-			<?php }else{
-				$fp = @fopen($filename, "r");
-				$filecontent = htmlspecialchars(fread($fp, filesize($filename)));
-				fclose($fp);
-			?>	<p>
+<?php 		}else{
+				$filecontent = htmlspecialchars(file_get_contents($filename), ENT_SUBSTITUTE,'UTF-8');
+?>			<p>
 				<input type="hidden" name="filename" id="filename" value="<?php echo htmlspecialchars($filename); ?>">
 				<textarea id="file_content" name="content" cols="70" rows="25"
 				onkeyup="Check_for_changes(event);"><?php echo $filecontent; ?></textarea>
@@ -739,7 +737,7 @@ function Edit_Page() { //*******************************************************
 function Edit_Page_response(){ //***If on Edit page, and [Save] clicked ********
 	global $filename, $content, $message;
 	$filename = htmlspecialchars_decode($_POST["filename"]);
-	$content = htmlspecialchars_decode($_POST["content"]);
+	$content  = htmlspecialchars_decode($_POST["content"]);
 	$fp = @fopen($filename, "w");
 	if ($fp) {
 		fwrite($fp, $content);
@@ -797,7 +795,6 @@ function Upload_File_response() { //********************************************
 
 
 
-
 function New_File_Page() { //***************************************************
 	global $FORM_COMMON;
 ?>
@@ -884,8 +881,7 @@ function Copy_Ren_Move_response($old_name, $new_name, $action, $msg1, $msg2, $is
 	$new_name = htmlspecialchars_decode(trim($new_name,'/ '));
 	$new_location = dirname($new_name);
 	$filename = $old_name; //default if error
-	$page = "index"; //Return to index if folder
-	if ($isfile) { $page = "edit"; }//return to edit page if a file
+	if ($isfile) { $page = "edit"; }else{ $page = "index"; }
 	
 	if ( !is_dir($new_location) ){
 		$message .= '<b>(!) '.$msg1.' Error - new parent location does not exist:</b><br>';
@@ -1083,7 +1079,7 @@ function Delete_Folder_response() { //******************************************
 elseif ($page == "newfolder")    { $pagetitle = "New Folder";     }
 elseif ($page == "renamefolder") { $pagetitle = "Rename Folder";  }
 elseif ($page == "deletefolder") { $pagetitle = "Delete Folder";  }
-else                  { $pagetitle = $_SERVER['SERVER_NAME']; }
+else                             { $pagetitle = $_SERVER['SERVER_NAME']; }
 //******************************************************************************
 
 
@@ -1365,7 +1361,6 @@ function style_sheet(){ //****************************************************?>
 	background-color: #EEE;
 	}
 
-/* Preserve space when message is dismissed.*/
 #message { margin-bottom: .5em;}
 
 #message p {
@@ -1634,6 +1629,7 @@ function style_sheet(){ //****************************************************?>
 <body>
 
 <?php
+
 if ($page == "login"){ echo '<div class="login_page">'; }
 				 else{ echo '<div class="container" >'; }
 ?>
diff --git a/readme.markdown b/readme.markdown
index ef37fa6..7638b7e 100755
--- a/readme.markdown
+++ b/readme.markdown
@@ -1,10 +1,10 @@
 ### May 29, 2012
 
-# Current stable versions: 1.5, 2.0, & 3.1
+# Current stable versions: 1.5, 2.0, & 3.1.1
 
-- 3.1: "Full" version - uses svg icons
-- 2.0: "Lite" version - uses no icons.
-- 1.5: style sheet is now part of onfilecms.php file, but still uses external icons.
+- 3.1.1: "Full" version - uses svg icons
+- 2.0  : "Lite" version - uses no icons.
+- 1.5  : style sheet is now part of onfilecms.php file, but still uses external icons.
 
 --------------------------------------------------------------------------------
 
@@ -109,6 +109,10 @@ The reason there isn't default support for multiple users is that all of their i
 
 ## Change Log
 
+### 3.1.1
+
+	Fixed minor issue with data encoding of file to exit in <textarea>
+
 ### 3.1
 
 - (Very) moderate data validation improvements.
@@ -259,13 +263,13 @@ Session start
 A few functions needed early  
 A few global values.  
 Misc functions  
-A few macros ($vars = "common chunks of code")
+A few macros (common chunks of code)  
 svg\_icons\_...() functions  
 Login\_Page() function  
 list\_files() function  
 Index\_Page() function  
 &lt;page...&gt;_Page() functions  
-&lt;page...&gt;_response() functions 
+&lt;page...&gt;_response() functions  
 &nbsp; &nbsp; Edit\_Page()...   
 &nbsp; &nbsp; Upload\_  
 &nbsp; &nbsp; New\_File\_  

From 2e0f7ff43f57e1b67841b794d8340cccbb86e78a Mon Sep 17 00:00:00 2001
From: Self-Evident <selfevidenttruths@mail.com>
Date: Sun, 3 Jun 2012 11:39:01 -0400
Subject: [PATCH 068/228] Version 3.1.2 Normalized/tweaked a few $messages.
 ordinalize: changed how $message passed. $EX (EXclaimation point) global var
 for (!) "icon" in $message. When $e/i/ftypes (etc) arrays, removed spaces
 first. Validating $_GET[f] before assigning to $filename. Slightly improved
 Current_path_header(). Cleaned up show_icon($type){} - had some non-file file
 types... Rearranged a couple Misc functions.

---
 onefilecms.php | 243 ++++++++++++++++++++++++-------------------------
 1 file changed, 121 insertions(+), 122 deletions(-)

diff --git a/onefilecms.php b/onefilecms.php
index c5f9425..38dcf2e 100755
--- a/onefilecms.php
+++ b/onefilecms.php
@@ -1,7 +1,7 @@
 <?php
 // OneFileCMS - http://onefilecms.com/
 
-$version = '3.1.1';
+$version = '3.1.2'; //2012-06-03
 
 /*******************************************************************************
 Copyright � 2009-2012 https://github.com/rocktronica
@@ -41,13 +41,18 @@
 $MAX_IMG_W   = 810;   // Max width to display images. (page container = 810)
 $MAX_IMG_H   = 1000;  // Max height.  I don't know, it just looks reasonable.
 
+
+
+
 $config_favicon   = "/favicon.ico";
 $config_excluded  = ""; //files to exclude from directory listings- CaSe sensaTive!
 
-$config_etypes = "html,htm,xhtml,php,css,js,txt,text,cfg,conf,ini,csv,svg"; //lowercase, no spaces!
-$config_itypes = "jpg,gif,png,bmp,ico"; //lowercase, no spaces!
-$config_ftypes = "jpg,gif,png,bmp,ico,svg,txt,cvs,css,php,ini,cfg,conf,js,htm,html"; //lowercase, no spaces!
-$config_fclass = "img,img,img,img,img,svg,txt,txt,css,php,txt,cfg,cfg,txt,htm,htm";  //lowercase, no spaces!
+$config_etypes = "html,htm,xhtml,php,css,js,txt,text,cfg,conf,ini,csv,svg"; //Editable file types.
+$config_itypes = "jpg,gif,png,bmp,ico"; //image types to display on edit page.
+$config_ftypes = "bin,jpg,gif,png,bmp,ico,svg,txt,cvs,css,php,ini,cfg,conf,asp,js ,htm,html"; // _ftype & _fclass must have same
+$config_fclass = "bin,img,img,img,img,img,svg,txt,txt,css,php,txt,cfg,cfg ,txt,txt,htm,htm";  // number of values. bin is default.
+
+$EX = '<b>( ! )</b>'; //"EXclaimation point" icon Used in $message's
 // END CONFIGURABLE INFO *******************************************************
 
 
@@ -93,7 +98,7 @@ function URLencode_path($path){ // don't encode the forward slashes
 
 //*** Clean up & check a path **********
 function Check_path($path) { // returns first valid path in some/supplied/path/
-	global $message; 
+	global $message, $EX;
 	$invalidpath = $path; //used for message if supplied $path doesn't exist.
 	$path = str_replace('\\','/',$path);   //Make sure all forward slashes.
 	$path = trim($path,"/ ."); // trim slashes, dots, and spaces
@@ -111,7 +116,7 @@ function Check_path($path) { // returns first valid path in some/supplied/path/
 	if (strlen($path) < 1) { return ""; } //If at site root
 	else {
 		if (!is_dir($path) && (strlen($message) < 1))
-			{ $message .= "<b>(!)</b> Directory does not exist: ".htmlentities($invalidpath).'<br>'; }
+			{ $message .= $EX.' <b>Directory does not exist: '.htmlentities($invalidpath).'</b><br>'; }
 
 		while ( (strlen($path) > 0) && (!is_dir($path)) ) {
 			$path = dirname($path);
@@ -130,42 +135,80 @@ function Check_path($path) { // returns first valid path in some/supplied/path/
 
 
 //******************************************************************************
-//Some global values
+//Some global values & $_GET parameters
 //
-//Make arrays out of a few $config_variables for actual use later.
-//Above, however, it's easier to config/change a simple string.
-$etypes   = (explode(",", strtolower($config_etypes))); //editable file types
-$itypes   = (explode(",", strtolower($config_itypes))); //images types to display
-$ftypes   = (explode(",", strtolower($config_ftypes))); //file types with icons
-$fclasses = (explode(",", strtolower($config_fclass))); //for file types with icons
-$excluded_list = (explode(",", $config_excluded));
-
-
 $ONESCRIPT = URLencode_path($_SERVER["SCRIPT_NAME"]);
 $DOC_ROOT  = $_SERVER["DOCUMENT_ROOT"].'/';
 $WEB_ROOT  = URLencode_path(basename($DOC_ROOT)).'/';
-$WEBSITE   = ''.$_SERVER["HTTP_HOST"].'/';
+$WEBSITE   = $_SERVER["HTTP_HOST"].'/';
+
+//Make arrays out of a few $config_variables for actual use later.
+//Also, remove spaces and make lowercase.
+$etypes   = explode(',', strtolower(str_replace(' ', '', $config_etypes))); //editable file types
+$itypes   = explode(',', strtolower(str_replace(' ', '', $config_itypes))); //images types to display
+$ftypes   = explode(',', strtolower(str_replace(' ', '', $config_ftypes))); //file types with icons
+$fclasses = explode(',', strtolower(str_replace(' ', '', $config_fclass))); //for file types with icons
+$excluded_list = (explode(",", $config_excluded));
 
 
 $valid_pages = array("login","logout","index","edit","upload","newfile","copy","rename","delete","newfolder","renamefolder","deletefolder" );
 
 
-//*** Get main parameters **************
+//*** Get main parameters 
 if (isset($_GET["i"])) { $ipath    = Check_path($_GET["i"]); }else{ $ipath = ""; }
-if (isset($_GET["f"])) { $filename = $ipath.$_GET["f"]; }else{ $filename = ""; }
+
+if (isset($_GET["f"])) {
+	$filename = $ipath.$_GET["f"];
+	if ( !is_file($filename) ) { $message .= $EX.' <b>File does not exist: '.$filename.'</b><br>'; $filename = ""; }
+}else{ $filename = ""; }
+
 if (isset($_GET["p"])) { $page     = $_GET["p"]; } // default $page set above
 
 $param1 = '?i='.URLencode_path($ipath);
-
 //******************************************************************************
 
 
 
 
+
 //******************************************************************************
 // Misc Functions
 
 
+function is_empty($path){ //********************************
+	$empty = false;
+	$dh = opendir($path);
+	for($i = 3; $i; $i--) { $empty = (readdir($dh) === FALSE); }
+	closedir($dh);
+	return $empty;
+}//end is_emtpy() //****************************************
+
+
+
+//if file_exists(), ordinalize filename until it doesn't ***
+function ordinalize($destination,$filename, &$msg) {
+	global $EX;
+
+	$ordinal   = 0;
+	$savefile = $destination.$filename;
+
+	if (file_exists($savefile)) {
+
+		$msg .= $EX.' A file with that name already exists in the target directory.<br>';
+		$savefile_info = pathinfo($savefile);
+
+		while (file_exists($savefile)) {
+			$ordinal = sprintf("%03d", ++$ordinal); //  001, 002, 003, etc...
+			$newfilename = $savefile_info['filename'].'.'.$ordinal.'.'.$savefile_info['extension'];
+			$savefile = $destination.$newfilename;
+		}
+		$msg .= 'Saving as: "<b>'.htmlentities($newfilename).'</b>"';
+	}
+	return $savefile;
+}//end ordinalize() filename *******************************
+
+
+
 function Current_Path_Header(){ //**************************
  	// Current path. ie: webroot/current/path/ 
 	// Each level is a link to that level.
@@ -173,35 +216,25 @@ function Current_Path_Header(){ //**************************
 	global $ONESCRIPT, $ipath, $WEB_ROOT;
 
 	echo '<h2>';
-		$path_levels  = explode("/",trim($ipath,'/') );
-		$levels = count($path_levels); //If levels=3, indexes = 0, 1, 2  etc... 
-		if ($ipath == "" ){ $levels = 0;} //if at root
-		$current_path = "";
-
 		//Root folder of web site.
 		echo '<a href="'.$ONESCRIPT.'" class="path"> '.htmlentities(trim($WEB_ROOT, '/')).' </a>/';
 
-		//Remainder of current/path
-		for ($x=0; $x < $levels; $x++) {
-			$current_path .= $path_levels[$x].'/';
-			echo '<a href="'.$ONESCRIPT.'?i='.URLencode_path($current_path).'" class="path"> ';
-			echo ' '.htmlentities($path_levels[$x])." </a>/";
-		}
+		if ($ipath != "" ) { //if not at root, show the rest
+			$path_levels  = explode("/",trim($ipath,'/') );
+			$levels = count($path_levels); //If levels=3, indexes = 0, 1, 2  etc... 
+			$current_path = "";
+
+			for ($x=0; $x < $levels; $x++) {
+				$current_path .= $path_levels[$x].'/';
+				echo '<a href="'.$ONESCRIPT.'?i='.URLencode_path($current_path).'" class="path"> ';
+				echo ' '.htmlentities($path_levels[$x])." </a>/";
+			}
+		}//end if (not at root)
 	echo '</h2>';
 }//end Current_Path_Header() //*****************************
 
 
 
-function is_empty($path){ //********************************
-	$empty = false;
-	$dh = opendir($path);
-	for($i = 3; $i; $i--) { $empty = (readdir($dh) === FALSE); }
-	closedir($dh);
-	return $empty;
-}//end is_emtpy() //****************************************
-
-
-
 function message_box() { //*********************************
 	global $ONESCRIPT, $message, $page;
 
@@ -221,7 +254,7 @@ function message_box() { //*********************************
 		echo '<div id="message"></div>'; // Needed on Edit page to keep js feedback from failing
 	} //end isset($message)
 	
-	// Used on Edit Page to preserve vertical spacing.
+	// Used on Edit Page to preserve vertical spacing, so edit area doesn't jump as much.
 	if ($page == "edit") {echo '<style>#message { min-height: 1.8em; }</style>';}
 }//end message_box()  **************************************
 
@@ -229,12 +262,11 @@ function message_box() { //*********************************
 
 function Upload_New_Rename_Delete_Links() { //**************
 	global $ONESCRIPT, $ipath, $param1;
-
 	echo '<p class="front_links">';
 	echo '<a href="'.$ONESCRIPT.$param1.'&amp;p=upload">'   ; svg_icon_upload()    ; echo 'Upload File</a>';
 	echo '<a href="'.$ONESCRIPT.$param1.'&amp;p=newfile">'  ; svg_icon_new_file()  ; echo 'New File</a>'   ;
 	echo '<a href="'.$ONESCRIPT.$param1.'&amp;p=newfolder">'; svg_icon_new_folder(); echo 'New Folder</a>' ;
-	if ($ipath !== "") {
+	if ($ipath !== "") { //if at root, don't show Rename & Delete links
 		echo '<a href="'.$ONESCRIPT.$param1.'&amp;p=renamefolder">'; svg_icon_ren_folder();echo 'Rename/Move Folder</a>';
 		echo '<a href="'.$ONESCRIPT.$param1.'&amp;p=deletefolder">'; svg_icon_del_folder();   echo 'Delete Folder</a>';
 	}
@@ -299,30 +331,6 @@ function show_image(){ //***********************************
 
 
 
-//if file_exists(), ordinalize filename until it doesn't ***
-function ordinalize($destination,$filename) {
-	global $message;
-
-	$ordinal   = 0;
-	$savefile = $destination.$filename;
-
-	if (file_exists($savefile)) {
-
-		$message .= '<br><b>(!)</b> A file with that name already exists in the target directory.<br>';
-		$savefile_info = pathinfo($savefile);
-
-		while (file_exists($savefile)) {
-			$ordinal = sprintf("%03d", ++$ordinal); //  001, 002, 003, etc...
-			$newfilename = $savefile_info['filename'].'.'.$ordinal.'.'.$savefile_info['extension'];
-			$savefile = $destination.$newfilename;
-		}
-		$message .= 'Saving as: "<b>'.htmlentities($newfilename).'</b>"';
-	}
-	return $savefile;
-}//end ordinalize() filename *********************************
-
-
-
 function show_favicon(){
 	global $config_favicon, $DOC_ROOT;
 	if (file_exists($DOC_ROOT.$config_favicon)) { 
@@ -331,14 +339,13 @@ function show_favicon(){
 }// end show_favicon()
 
 //
-// End of misc funtions ********************************************************
+// End of misc functions ********************************************************
 
 
 
 
 
 //A few macros ($varibale="some common chunk of code")**************************
-
 $INPUT_SESSIONID = '<input type="hidden" name="sessionid" value="'.$SID.'">';
 $FORM_COMMON = '<form method="post" action="'.$ONESCRIPT.$param1.'">'.$INPUT_SESSIONID;
 
@@ -547,21 +554,15 @@ function svg_icon_del_folder(){ //**********************************************
 
 
 function show_icon($type){ //***************************************************
-	if ($type == 'bin') { svg_icon_bin(); }
-	if ($type == 'img') { svg_icon_img(); }
-	if ($type == 'svg') { svg_icon_svg(); }
-	if ($type == 'txt') { svg_icon_txt(); }
-	if ($type == 'htm') { svg_icon_htm(); }
-	if ($type == 'cfg') { svg_icon_cfg(); }
-	if ($type == 'php') { svg_icon_php(); }
-	if ($type == 'css') { svg_icon_css(); }
-	if ($type == 'upload')     { svg_icon_upload();     }
-	if ($type == 'new_file')   { svg_icon_new_file();   }
-	if ($type == 'del_file')   { svg_icon_del_file();   }
-	if ($type == 'folder')     { svg_icon_folder();     }
-	if ($type == 'new_folder') { svg_icon_new_folder(); }
-	if ($type == 'ren_folder') { svg_icon_ren_folder(); }
-	if ($type == 'del_folder') { svg_icon_del_folder(); }
+	if     ($type == 'bin') { svg_icon_bin(); }
+	elseif ($type == 'img') { svg_icon_img(); }
+	elseif ($type == 'svg') { svg_icon_svg(); }
+	elseif ($type == 'txt') { svg_icon_txt(); }
+	elseif ($type == 'htm') { svg_icon_htm(); }
+	elseif ($type == 'php') { svg_icon_php(); }
+	elseif ($type == 'css') { svg_icon_css(); }
+	elseif ($type == 'cfg') { svg_icon_cfg(); }
+	else                    { svg_icon_bin(); } //default
 }//end show_icon() *************************************************************
 
 
@@ -735,7 +736,7 @@ function Edit_Page() { //*******************************************************
 
 
 function Edit_Page_response(){ //***If on Edit page, and [Save] clicked ********
-	global $filename, $content, $message;
+	global $filename, $message, $EX;
 	$filename = htmlspecialchars_decode($_POST["filename"]);
 	$content  = htmlspecialchars_decode($_POST["content"]);
 	$fp = @fopen($filename, "w");
@@ -744,7 +745,7 @@ function Edit_Page_response(){ //***If on Edit page, and [Save] clicked ********
 		fclose($fp);
 		$message = '<b>File saved...</b>';
 	}else{
-		$message = '<b>(!) There was an error saving file.</b>';
+		$message = $EX.' <b>There was an error saving file.</b>';
 	}
 }//end Edit_Page_response() ****************************************************
 
@@ -770,23 +771,23 @@ function Upload_Page() { //*****************************************************
 
 
 function Upload_File_response() { //********************************************
-	global $filename, $message, $page;
+	global $filename, $message, $EX, $page;
 	$filename    = $_FILES['upload_file']['name'];
 	$destination = htmlspecialchars_decode(Check_path($_POST["upload_destination"]));
 	$page = "index";
 
 	if (($filename == "")){ 
-		$message = "<b>(!) No file selected for upload... </b>";
+		$message = $EX.' <b>No file selected for upload... </b>';
 	}elseif (($destination != "") && !is_dir($destination)) {
-		$message .= '<b>(!)</b> Destination folder does not exist: <br><b>';
+		$message .= $EX.' Destination folder does not exist: <br><b>';
 		$message .= ''.htmlentities($WEB_ROOT.$destination).'</b><br><b>Upload cancelled.</b>';
 	}else{
 		$message .= 'Uploading: "<b>'.htmlentities($filename).'</b>"...';
-		$savefile = ordinalize($destination, $filename);
+		$savefile = ordinalize($destination, $filename, $savefile_msg);
 		if(move_uploaded_file($_FILES['upload_file']['tmp_name'], $savefile)) {
-			$message .= '<br>Upload successful.';
+			$message .= '<br>Upload successful.'.$savefile_msg;
 		} else{
-			$message .= '<br><b>(!) There was an error.</b> Upload or rename may have failed.';
+			$message .= '<br>'.$EX.' <b>There was an error.</b> Upload or rename may have failed.';
 		}
 	}
 }//end Upload_File_response() **************************************************
@@ -811,28 +812,28 @@ function New_File_Page() { //***************************************************
 
 
 function New_File_response() { //***********************************************
-	global $ipath, $filename, $page, $message;
+	global $ipath, $filename, $page, $message, $EX;
 	$new_name = $_POST["new_file"];
 	$FS = strpos($new_name, '/');
 	$filename = $ipath.trim($new_name,'/ '); //trim spaces & slashes
-	$savefile = $DOC_ROOT.$filename;
+	$savefile = $filename;
 	$page = "index"; // return to index if new file fails
 	
 	if ( $FS !== false){
 		$message .= '<b>('.$FS.') File not created.</b> Filename contains invalid character(s) (forward slash): <br>';
 		$message .= '<b>'.htmlentities($new_name).'</b>';
 	}elseif (($_POST["new_file"] == "")){ 
-		$message = "<b>(!) New file not created - no filename given.</b>";
+		$message = $EX.' <b>New file not created - no filename given.</b>';
 	}elseif (file_exists($savefile)) {
-		$message = '<b>(!) "'.htmlentities(basename($filename)).'"</b> not created. A file with that name already exists.';
+		$message = $EX.' <b>"'.htmlentities(basename($filename)).'"</b> not created. A file with that name already exists.';
 	}elseif ($handle = fopen($savefile, 'w')) {
 		fclose($handle);
-		$message = '"<b>'.htmlentities(basename($filename)).'</b>" successfully created.';
+		$message = 'Created file: <b>'.htmlentities(basename($filename)).'</b>';
 		$ipath    = Check_path(dirname($filename)); //if changed, return to new dir.
 		$param1   = '?i='.URLencode_path($ipath);
 		$page = "edit";
 	}else {
-		$message .= "<b>(!) ERROR - can't open or create file:<br>";
+		$message .= $EX.' <b>ERROR - can\'t open or create file:<br>';
 		$message .= htmlentities($filename);
 	}
 }//end New_File_response() *****************************************************
@@ -846,7 +847,7 @@ function Copy_Ren_Move_Page($action, $title, $name_id, $isfile) { //******
 	global $WEB_ROOT, $ipath, $filename, $FORM_COMMON;
 	if ($isfile) { $old_name = $filename; }else{ $old_name = $ipath; }
 	if ($isfile) { $new_name = $filename; }else{ $new_name = $ipath; }
-	if ($action == "Copy" ) { $new_name = ordinalize($ipath, basename($filename)); }
+	if ($action == "Copy" ) { $new_name = ordinalize($ipath, basename($filename), $msg); }
 ?>
 	<h2><?php echo $action.' '.$title ?></h2>
 	<p>To move a file or folder, change the path/to/folder/or_file. The new location must already exist.</p>
@@ -875,7 +876,7 @@ function Copy_Ren_Move_Page($action, $title, $name_id, $isfile) { //******
 //******************************************************************************
 function Copy_Ren_Move_response($old_name, $new_name, $action, $msg1, $msg2, $isfile){
 	//$action = 'copy' or 'rename'. $isfile = 1 if acting on a file, not a folder
-	global $WEB_ROOT, $ipath, $param1, $message, $page, $filename;
+	global $WEB_ROOT, $ipath, $param1, $message, $EX, $page, $filename;
 
 	$old_name = htmlspecialchars_decode(trim($old_name,'/ '));
 	$new_name = htmlspecialchars_decode(trim($new_name,'/ '));
@@ -884,10 +885,10 @@ function Copy_Ren_Move_response($old_name, $new_name, $action, $msg1, $msg2, $is
 	if ($isfile) { $page = "edit"; }else{ $page = "index"; }
 	
 	if ( !is_dir($new_location) ){
-		$message .= '<b>(!) '.$msg1.' Error - new parent location does not exist:</b><br>';
+		$message .= $EX.' <b>'.$msg1.' Error - new parent location does not exist:</b><br>';
 		$message .= $WEB_ROOT.$new_location.'/<br>';
 	}elseif (file_exists($new_name)) {
-		$message .= '<b>(!) '.$msg1.' Error - target filename already exists:<br>';
+		$message .= $EX.' <b>'.$msg1.' Error - target filename already exists:<br>';
 		$message .= ''.htmlentities($WEB_ROOT.$new_name).'</b>';
 	}elseif ($action($old_name, $new_name)) {
 		$message .= '<b>'.htmlentities($WEB_ROOT.$old_name).'</b><br>';
@@ -899,7 +900,7 @@ function Copy_Ren_Move_response($old_name, $new_name, $action, $msg1, $msg2, $is
 		$param1   = '?i='.URLencode_path($ipath);
 	}else{
 		$message .= '<b>'.htmlentities($WEB_ROOT.$old_name).'</b><br>';
-		$message .= '<b>(!) Error durring '.$msg1.' from the above to the following:</b><br>';
+		$message .= $EX.' <b>Error durring '.$msg1.' from the above to the following:</b><br>';
 		$message .= '<b>'.htmlentities($WEB_ROOT.$new_name).'</b>';
 	}
 }//end Copy_Ren_Move_response() ************************************************
@@ -925,15 +926,15 @@ function Delete_File_Page() { //************************************************
 
 
 function Delete_File_response(){ //*********************************************
-	global $filename, $message, $page;
+	global $filename, $message, $EX, $page;
 
 	$page = "index"; //Return to index
 	$filename = htmlspecialchars_decode($_POST["delete_file"]);
 
 	if (unlink($filename)) {
-		$message .= '"<b>'.htmlentities(basename($filename)).'</b>" successfully deleted.';
+		$message .= 'Deleted file: <b>'.htmlentities(basename($filename)).'</b>';
 	}else{
-		$message .= '<b>(!) Error deleting "'.htmlentities($filename).'"</b>.';
+		$message .= $EX.' <b>Error deleting "'.htmlentities($filename).'"</b>.';
 		$page = "edit";
 	}
 }//end Delete_File_response() **************************************************
@@ -957,7 +958,7 @@ function New_Folder_Page() { //*************************************************
 
 
 function New_Folder_response(){ //**********************************************
-	global $message, $ipath, $param1, $page;
+	global $message, $EX, $ipath, $param1, $page;
 
 	$page = "index"; //Return to index
 	$new_name = trim($_POST["new_folder"],'/ ');
@@ -971,19 +972,19 @@ function New_Folder_response(){ //**********************************************
 	$new_folder = $ipath.trim($_POST["new_folder"],"/ ").'/';
 
 	if ($invalid){
-		$message .= '<b>(!) Error-</b> new name may not contain invalid character(s): <b>'.htmlentities($invalid_characters).'</b><br>';
+		$message .= $EX.' <b>Error-</b> new name may not contain invalid character(s): <b>'.htmlentities($invalid_characters).'</b><br>';
 		$message .= '<b>'.htmlentities($new_name).'<b>';
 	}elseif ($_POST["new_folder"] == ""){ 
-		$message .= "<b>(!) New folder not created - no name given... </b>";
+		$message .= $EX.' <b>New folder not created - no name given... </b>';
 	}elseif (is_dir($new_folder)) {
-		$message .= '<b>(!) Folder already exists: ';
-		$message .= ''.htmlentities($new_folder).'</b>';
+		$message .= $EX.' <b>Folder already exists: ';
+		$message .= htmlentities($new_folder).'</b>';
 	}elseif (mkdir($new_folder)) {
-		$message .= 'Folder "<b>'.htmlentities(basename($new_folder)).'</b>" successfully created.';
+		$message .= 'Created folder <b>'.htmlentities(basename($new_folder)).'</b>';
 		$ipath  = $new_folder;  //return to new folder
 		$param1 = '?i='.URLencode_path($ipath);
 	}else{
-		$message .= '<b>(!) Error- new folder not created: </b><br>';
+		$message .= $EX.' <b>Error- new folder not created: </b><br>';
 		$message .= htmlentities($WEB_ROOT.dirname($new_folder)).'/<b>'.htmlentities(basename($new_folder)).'/</b><br>';
 		if ( !is_dir(dirname($new_folder)) ) { $message .= '&nbsp; <b>Parent folder must already exist.</b>';}
 	}
@@ -1011,18 +1012,18 @@ function Delete_Folder_Page(){ //***********************************************
 
 
 function Delete_Folder_response() { //******************************************
-	global $ipath, $param1, $page, $message;
+	global $ipath, $param1, $page, $message, $EX;
 	$page = "index"; //Return to index
 	$foldername = htmlspecialchars_decode(trim($_POST["delete_folder"], '/'));
 
 	if ( !is_empty($ipath) ) {
-		$message .= '<b>(!) Folder not empty. &nbsp; Folders must be empty before they can be deleted.</b>';
+		$message .= $EX.' <b>Folder not empty. &nbsp; Folders must be empty before they can be deleted.</b>';
 	}elseif (@rmdir($foldername)) {
-		$message .= 'Folder "<b>'.htmlentities(basename($foldername)).'</b>" successfully deleted.';
+		$message .= 'Deleted folder: <b>'.htmlentities(basename($foldername)).'</b>';
 		$ipath  = Check_path($foldername); //Return to parent dir.
 		$param1 = '?i='.URLencode_path($ipath);
 	}else {
-		$message .= '<b>(!) "'.htmlentities($foldername).'/"</b> an error occurred during delete.';
+		$message .= $EX.' <b>"'.htmlentities($foldername).'/"</b> an error occurred during delete.';
 	}
 }//end Delete_Folder_response() ************************************************
 
@@ -1106,7 +1107,7 @@ function Delete_Folder_response() { //******************************************
 
 
 function Load_Selected_Page(){ //***********************************************
-	global $ONESCRIPT, $page, $valid_pages;
+	global $ONESCRIPT, $page;
 
 	if     ($page == "login")        { Login_Page();         }
 	elseif ($page == "edit")         { Edit_Page();          }
@@ -1600,7 +1601,6 @@ function style_sheet(){ //****************************************************?>
 
 .icon {float: left; margin: 0 5px 0 0;}
 
-.H2_LEFT { float: left; }
 </style>
 <?php }//end style_sheet() *****************************************************
 
@@ -1629,7 +1629,6 @@ function style_sheet(){ //****************************************************?>
 <body>
 
 <?php
-
 if ($page == "login"){ echo '<div class="login_page">'; }
 				 else{ echo '<div class="container" >'; }
 ?>

From 34928beed8471433303a0775fe3c0d15c20565a8 Mon Sep 17 00:00:00 2001
From: Self-Evident <selfevidenttruths@mail.com>
Date: Sun, 3 Jun 2012 13:46:45 -0400
Subject: [PATCH 069/228] Version 3.1.3 Some misc css cleanup & tweakin'
 Switched from disabled <textarea> to <p.. class=edit_disabled> On Edit page,
 filename link now opens in new window. Renamed icon functions:
 svg_icon_new_file to svg_icon_file_new, etc... Added class="icon" to <svg>
 icons, removed <span class="icon">...</span> Simplified how icon types are
 selected & assigned in index list Consolidated some repeated SVG code into
 functions and/or macros Moved invalid login response to session_start section

---
 onefilecms.php | 336 +++++++++++++++++++++----------------------------
 1 file changed, 144 insertions(+), 192 deletions(-)

diff --git a/onefilecms.php b/onefilecms.php
index 38dcf2e..8da9a75 100755
--- a/onefilecms.php
+++ b/onefilecms.php
@@ -1,7 +1,7 @@
 <?php
 // OneFileCMS - http://onefilecms.com/
 
-$version = '3.1.2'; //2012-06-03
+$version = '3.1.3';
 
 /*******************************************************************************
 Copyright � 2009-2012 https://github.com/rocktronica
@@ -62,8 +62,13 @@
 //******************************************************************************
 session_start();  $SID = session_id();
 
-if (isset($_POST["username"])) { $_SESSION['username'] = $_POST["username"]; }
-if (isset($_POST["password"])) { $_SESSION['password'] = $_POST["password"]; }
+if ( isset($_POST["username"]) || isset($_POST["password"]) ) {
+	$_SESSION['username'] = $_POST["username"];
+	$_SESSION['password'] = $_POST["password"];
+
+	if (($_POST["username"] != $config_username) || ($_POST["password"] != $config_password))
+		{ $message = $EX.' <b>INVALID LOGIN ATTEMPT</b>'; }
+}
 
 if (($_SESSION['username'] == $config_username) and ( $_SESSION['password'] == $config_password ))
      { $_SESSION['valid'] = "1"; $page = "index"; }
@@ -81,8 +86,8 @@
 
 
 
-// A couple functions needed early *********************************************
-//
+//******************************************************************************
+// A couple functions needed early
 
 function URLencode_path($path){ // don't encode the forward slashes
 	$TS = '';
@@ -264,11 +269,11 @@ function Upload_New_Rename_Delete_Links() { //**************
 	global $ONESCRIPT, $ipath, $param1;
 	echo '<p class="front_links">';
 	echo '<a href="'.$ONESCRIPT.$param1.'&amp;p=upload">'   ; svg_icon_upload()    ; echo 'Upload File</a>';
-	echo '<a href="'.$ONESCRIPT.$param1.'&amp;p=newfile">'  ; svg_icon_new_file()  ; echo 'New File</a>'   ;
-	echo '<a href="'.$ONESCRIPT.$param1.'&amp;p=newfolder">'; svg_icon_new_folder(); echo 'New Folder</a>' ;
+	echo '<a href="'.$ONESCRIPT.$param1.'&amp;p=newfile">'  ; svg_icon_file_new()  ; echo 'New File</a>'   ;
+	echo '<a href="'.$ONESCRIPT.$param1.'&amp;p=newfolder">'; svg_icon_folder_new(); echo 'New Folder</a>' ;
 	if ($ipath !== "") { //if at root, don't show Rename & Delete links
-		echo '<a href="'.$ONESCRIPT.$param1.'&amp;p=renamefolder">'; svg_icon_ren_folder();echo 'Rename/Move Folder</a>';
-		echo '<a href="'.$ONESCRIPT.$param1.'&amp;p=deletefolder">'; svg_icon_del_folder();   echo 'Delete Folder</a>';
+		echo '<a href="'.$ONESCRIPT.$param1.'&amp;p=renamefolder">'; svg_icon_folder_ren();echo 'Rename/Move Folder</a>';
+		echo '<a href="'.$ONESCRIPT.$param1.'&amp;p=deletefolder">'; svg_icon_folder_del();   echo 'Delete Folder</a>';
 	}
 	echo '</p>';
 }//end Upload_New_Rename_Delete_Links()  *******************
@@ -323,7 +328,7 @@ function show_image(){ //***********************************
 	}
 
 	echo '<p class="file_meta">';
-	echo 'Image shown at ~'. round($SCALE*100) .'% of full size ('.$img_info[3].').</p>';
+	echo 'Image shown at ~'. round($SCALE*100) .'% of full size.<br>('.$img_info[3].')</p>';
 	echo '<div style="clear:both;"></div>';
 	echo '<a href="/' .URLencode_path($IMG). '">';
 	echo '<img src="/'.urlencode_path($IMG).'"  height="'.$img_info[$H]*$SCALE.'"></a>';
@@ -345,210 +350,162 @@ function show_favicon(){
 
 
 
-//A few macros ($varibale="some common chunk of code")**************************
-$INPUT_SESSIONID = '<input type="hidden" name="sessionid" value="'.$SID.'">';
+//A few macros ($varibale="some reusable chunk of code")************************
+$INPUT_SESSIONID = '<input type="hidden" name="sessionid" value="'.$SID.'">'.PHP_EOL;
 $FORM_COMMON = '<form method="post" action="'.$ONESCRIPT.$param1.'">'.$INPUT_SESSIONID;
 
-$SVG_icon_txt_lines = '<line x1="3" y1="3.5"  x2="11" y2="3.5"  stroke="black" stroke-width=".6"/>
-	<line x1="3" y1="6.5"  x2="11" y2="6.5"  stroke="black" stroke-width=".6"/>
-	<line x1="3" y1="9.5"  x2="11" y2="9.5"  stroke="black" stroke-width=".6"/>
-	<line x1="3" y1="12.5" x2="11" y2="12.5" stroke="black" stroke-width=".6"/>';
-
-$SVG_icon_folder = '<path  d="M0.5, 1  L8,  1  L9,  2    L9,3     L16.5,3  L17,3.5  L17,13.5  L.5,13.5  L.5,.5" fill="#FBE47b" stroke="#F0CD28" stroke-width="1" />
-	<path  d="M1.5, 8  L7,  8  L8.5,6.3  L16,6.3  L7.5, 6.3   L6.5,7.5  L1.5,7.5"  fill="transparent" stroke="white" stroke-width="1" />
-	<path  d="M1.5,13  L1.5,2  L7.5,2    L8.5,3   L8.5, 4  L15.5,4 L16,4.5  L16,13" fill="transparent" stroke="white" stroke-width="1"/>';
-
 $SVG_icon_circle_plus = '<circle cx="5" cy="5" r="5" stroke="black" stroke-width="0" fill="#080"/>
-	  <line x1="2" y1="5" x2="8" y2="5" stroke="white" stroke-width="1.5" shape-rendering="crispEdges"/>
-	  <line x1="5" y1="2" x2="5" y2="8" stroke="white" stroke-width="1.5" shape-rendering="crispEdges"/>';
+	  <line x1="2" y1="5" x2="8" y2="5" stroke="white" stroke-width="1.5" />
+	  <line x1="5" y1="2" x2="5" y2="8" stroke="white" stroke-width="1.5" />';
 
 $SVG_icon_circle_x = '<circle cx="5" cy="5" r="5" stroke="black" stroke-width="0" fill="#D00"/>
 	<line x1="2.5" y1="2.5" x2="7.5" y2="7.5" stroke="white" stroke-width="1.5"/>
 	<line x1="7.5" y1="2.5" x2="2.5" y2="7.5" stroke="white" stroke-width="1.5"/>';
-//******************************************************************************
 
+$SVG_icon_pencil = '<polygon points="2,0 9,7 7,9 0,2" stroke-width="1" stroke="darkgoldenrod" fill="rgb(246,222,100)"/>
+	  <path  d="M0,2   L0,0  L2,0"      stroke="tan" fill="tan" stroke-width="1" />
+	  <path  d="M0,1.5   L0,0  L1.5,0"      stroke="black" fill="transparent" stroke-width="1" />
+	  <line x1="7.3" y1="10"  x2="10" y2="7.3"  stroke="silver" stroke-width="1"/>
+	  <line x1="8.1" y1="10.8"  x2="10.8" y2="8.1"  stroke="red" stroke-width="1"/>';
 
+$SVG_icon_img_0 = '<rect x="0"    y="0"   width="14" height="16" fill="#FF8" stroke="#44F" stroke-width="2" />
+	<rect x="2"    y="2"   width="5"  height="5"  fill="#F66" stroke-width="0" />
+	<rect x="7.5"  y="6"   width="5"  height="5"  fill="#6F6" stroke-width="0" />
+	<rect x="2"    y="10"  width="5"  height="5"  fill="#66F" stroke-width="0" />';
+//******************************************************************************
 
 
 
-function svg_icon_bin(){ //***************************************************?>
-<svg  id="bin" xmlns="http://www.w3.org/2000/svg" version="1.1" width="14" height="16" Xshape-rendering="crispEdges">
-	<g transform="translate( 0.5,0.5)"><line x1="0" y1="-.5"   x2="0" y2="6.5"  stroke="#555" stroke-width="1"/></g>
-	<g transform="translate( 2.5,0.5)"><rect x="0"  y="0"  width="3" height="6" fill="white" stroke="#555" stroke-width="1" /></g>
-	<g transform="translate( 8.5,0.5)"><line x1="0" y1="-.5"   x2="0" y2="6.5"  stroke="#555" stroke-width="1"/></g>
-	<g transform="translate(11.5,0.5)"><line x1="0" y1="-.5"   x2="0" y2="6.5"  stroke="#555" stroke-width="1"/></g>
-	<g transform="translate( 0.5,9.5)"><rect x="0"  y="0"  width="3" height="6" fill="white" stroke="#555" stroke-width="1" /></g>
-	<g transform="translate( 6.5,9.5)"><line x1="0" y1="-.5"   x2="0" y2="6.5"  stroke="#555" stroke-width="1"/></g>
-	<g transform="translate( 8.5,9.5)"><rect x="0"  y="0"  width="3" height="6" fill="white" stroke="#555" stroke-width="1" /></g>
-</svg>
-<?php } //end svg_icon_bin() ***************************************************
 
 
+function svg_icon_bin(){ //*****************************************************
+$zero = '<rect x="0"  y="0"  width="3" height="6" fill="transparent" stroke="#555" stroke-width="1" />';
+$one  = '<line x1="0" y1="-.5"   x2="0" y2="6.5"  stroke="#555" stroke-width="1"/>';
+?><svg class="icon" xmlns="http://www.w3.org/2000/svg" version="1.1" width="14" height="16">
+	<g transform="translate( 0.5,0.5)"><?php echo $one  ?></g>
+	<g transform="translate( 3.5,0.5)"><?php echo $zero ?></g>
+	<g transform="translate( 9.5,0.5)"><?php echo $one  ?></g>
+	<g transform="translate(12.5,0.5)"><?php echo $one  ?></g>
+	<g transform="translate( 0.5,9.5)"><?php echo $zero ?></g>
+	<g transform="translate( 6.5,9.5)"><?php echo $one  ?></g>
+	<g transform="translate( 9.5,9.5)"><?php echo $zero ?></g>
+</svg><?php 
+} //end svg_icon_bin() *********************************************************
 
-function svg_icon_img(){ //***************************************************?>
-<svg xmlns="http://www.w3.org/2000/svg" version="1.1" width="14" height="16" shape-rendering="crispEdges">
-	<rect x="0"    y="0"   width="14" height="16" fill="#FF8" stroke="RGB(140,140,255)" stroke-width="2" />
-	<rect x="2"    y="2"   width="5"  height="5"  fill="#F88" stroke-width="0" />
-	<rect x="7.5"  y="6"   width="5"  height="5"  fill="#8F8" stroke-width="0" />
-	<rect x="2"    y="10"  width="5"  height="5"  fill="#88F" stroke-width="0" />
-</svg>
-<?php } //end svg_icon_img() ***************************************************
 
 
+function svg_icon_img(){ //*****************************************************
+global $SVG_icon_img_0;
+?><svg class="icon icon_file" xmlns="http://www.w3.org/2000/svg" version="1.1" width="14" height="16">
+	<?php echo $SVG_icon_img_0 ?>
+</svg><?php 
+} //end svg_icon_img() *********************************************************
 
-function svg_icon_svg(){ //***************************************************?>
-<svg xmlns="http://www.w3.org/2000/svg" version="1.1" width="14" height="16" shape-rendering="crispEdges">
-	<rect x="0"    y="0"   width="14" height="16" fill="#FF8" stroke="RGB(140,140,255)" stroke-width="2" />
-	<rect x="2"    y="2"   width="5"  height="5"  fill="#F88" stroke-width="0" />
-	<rect x="7.5"  y="6"   width="5"  height="5"  fill="#8F8" stroke-width="0" />
-	<rect x="2"    y="10"  width="5"  height="5"  fill="#88F" stroke-width="0" />
-	<line x1="3" y1="3.5"  x2="11" y2="3.5"  stroke="#888" stroke-width=".6"/>
-	<line x1="3" y1="6.5"  x2="11" y2="6.5"  stroke="#888" stroke-width=".6"/>
-	<line x1="3" y1="9.5"  x2="11" y2="9.5"  stroke="#888" stroke-width=".6"/>
-	<line x1="3" y1="12.5" x2="11" y2="12.5" stroke="#888" stroke-width=".6"/>
-</svg>
-<?php } //end svg_icon_img() ***************************************************
 
 
+function svg_icon_svg(){ //*****************************************************
+global $SVG_icon_img_0;
+?><svg class="icon icon_file" xmlns="http://www.w3.org/2000/svg" version="1.1" width="14" height="16">
+	<?php echo $SVG_icon_img_0 ?>
+	<line x1="3" y1="3.5"  x2="11" y2="3.5"  stroke="#444" stroke-width=".6"/>
+	<line x1="3" y1="6.5"  x2="11" y2="6.5"  stroke="#444" stroke-width=".6"/>
+	<line x1="3" y1="9.5"  x2="11" y2="9.5"  stroke="#444" stroke-width=".6"/>
+	<line x1="3" y1="12.5" x2="11" y2="12.5" stroke="#444" stroke-width=".6"/>
+</svg><?php 
+} //end svg_icon_img() *********************************************************
 
-function svg_icon_txt(){ //*****************************************************
-global $SVG_icon_txt_lines; ?>
-<svg xmlns="http://www.w3.org/2000/svg" version="1.1" width="14" height="16">
-	<rect x = "0" y = "0" width = "14" height = "16" fill="white" stroke="#333" stroke-width="2" />
-	<?php echo $SVG_icon_txt_lines; ?>
-</svg>
-<?php } //end svg_icon_txt() ***************************************************
 
 
+function svg_icon_txt_0($border, $lines, $fill, $extra){ //*********************
+?><svg class="icon icon_file" xmlns="http://www.w3.org/2000/svg" version="1.1" width="14" height="16">
+	<rect x = "0" y = "0" width = "14" height = "16" 
+		fill="<?php echo $fill ?>" stroke="<?php echo $border ?>" stroke-width="2" />
+	<line x1="3" y1="3.5"  x2="11" y2="3.5"  stroke="<?php echo $lines ?>" stroke-width=".6"/>
+	<line x1="3" y1="6.5"  x2="11" y2="6.5"  stroke="<?php echo $lines ?>" stroke-width=".6"/>
+	<line x1="3" y1="9.5"  x2="11" y2="9.5"  stroke="<?php echo $lines ?>" stroke-width=".6"/>
+	<line x1="3" y1="12.5" x2="11" y2="12.5" stroke="<?php echo $lines ?>" stroke-width=".6"/>
+	<?php echo $extra ?>
+</svg><?php 
+} //end svg_icon_txt() *********************************************************
 
-function svg_icon_htm(){ //*****************************************************
-global $SVG_icon_txt_lines; ?>
-<svg xmlns="http://www.w3.org/2000/svg" version="1.1" width="14" height="16">
-	<rect x = "0" y = "0" width = "14" height = "16" fill="rgb(250,190,170)" stroke="#444" stroke-width="2" />
-	<?php echo $SVG_icon_txt_lines; ?>
-</svg>
-<?php } //end svg_icon_htm() ***************************************************
 
 
+function svg_icon_txt(){ svg_icon_txt_0('#333', '#000', '#FFF', ''); } //*******
 
-function svg_icon_cfg(){ //*****************************************************
-global $SVG_icon_txt_lines; ?>
-<svg xmlns="http://www.w3.org/2000/svg" version="1.1" width="14" height="16">
-	<rect x="0"  y="0"  width="14"  height="16"  fill="#DDD" stroke="#444" stroke-width="2" />
-	<?php echo $SVG_icon_txt_lines; ?>
-</svg>
-<?php } //end svg_icon_cfg() ***************************************************
+function svg_icon_htm(){ svg_icon_txt_0('#444', '#222', '#FABEAA', ''); } //**** rgb(250,190,170)
 
+function svg_icon_php(){ svg_icon_txt_0('#333', '#111', '#C3C3FF', ''); } //**** rgb(195,195,225)
 
+function svg_icon_css(){ svg_icon_txt_0('#333', '#111', '#FFE1A5', ''); } //**** rgb(255,225,165)
 
-function svg_icon_php(){ //*****************************************************
-global $SVG_icon_txt_lines; ?>
-<svg xmlns="http://www.w3.org/2000/svg" version="1.1" width="14" height="16">
-	<rect x="0" y = "0" width = "14" height = "16" fill="rgb(195,195,225)" stroke="#444" stroke-width="2" />
-	<?php echo $SVG_icon_txt_lines; ?>
-</svg>
-<?php } //end svg_icon_php() ***************************************************
+function svg_icon_cfg(){ svg_icon_txt_0('#444', '#111', '#DDD', ''); } //*******
 
 
 
-function svg_icon_css(){ //*****************************************************
-global $SVG_icon_txt_lines; ?>
-<svg xmlns="http://www.w3.org/2000/svg" version="1.1" width="14" height="16">
-	<rect x="0"  y="0"  width="14"  height="16"  fill="rgb(255,225,165)" stroke="#444" stroke-width="2" />
-	<?php echo $SVG_icon_txt_lines; ?>
-</svg>
-<?php } //end svg_icon_css() ***************************************************
+function svg_icon_upload(){ //**************************************************
+	$extra = '<g transform="scale(1.1) translate(1.75,4)">
+		<polygon points="6,0  12,6  8,6  8,11  4,11  4,6  0,6" 
+		stroke-width="1" stroke="white" fill="green" /></g>';
+	svg_icon_txt_0('#333', 'black', 'white', $extra);
+} //end svg_icon_upload() ******************************************************
 
 
 
-function svg_icon_upload(){ //************************************************?>
-<svg xmlns="http://www.w3.org/2000/svg" version="1.1" width="14" height="16" >
-	<path d="M0,0 L14,0 L14,8 M14,12 L14,16 L12,16 M7,16 L0,16 L0,0" fill="white" stroke="#444" stroke-width="2" />
-	<line x1="3" y1="3.5"  x2="11" y2="3.5"  stroke="black" stroke-width=".6"/>
-	<line x1="3" y1="6.5"  x2="7"  y2="6.5"  stroke="black" stroke-width=".6"/>
-	<line x1="3" y1="9.5"  x2="4"  y2="9.5"  stroke="black" stroke-width=".6"/>
-	<line x1="3" y1="12.5" x2="7"  y2="12.5" stroke="black" stroke-width=".6"/>
-	<g transform="translate(5,6)">
-	  <polygon points="4.5,0  9,5  0,5" stroke-width="0" stroke="white" fill="green" shape-rendering="crispEdges"/>
-	  <line x1="4.5" y1="5" x2="4.5"  y2="10" stroke="green" fill="green" stroke-width="3" shape-rendering="crispEdges"/>
-	</g>
-</svg>
-<?php } //end svg_icon_upload() ************************************************
+function svg_icon_file_new(){ //************************************************
+	global $SVG_icon_circle_plus;
+	$extra = '<g transform="translate(4,6)">'.$SVG_icon_circle_plus.'</g>';
+	svg_icon_txt_0('#444', 'black', 'white', $extra);
+} //end svg_icon_file_new() ****************************************************
 
 
 
-function svg_icon_new_file(){ //************************************************
-global $SVG_icon_txt_lines, $SVG_icon_circle_plus; ?>
-<svg xmlns="http://www.w3.org/2000/svg" version="1.1" width="14" height="16" >
-	<rect x = "0" y = "0" width = "14" height = "16" fill="white" stroke="#444" stroke-width = "2" />
-	<?php echo $SVG_icon_txt_lines; ?>
-	<g transform="translate(4,6)">
-		<?php echo $SVG_icon_circle_plus; ?>
-	</g>
-</svg>
-<?php } //end svg_icon_new_file() **********************************************
+function svg_icon_file_del(){ //************************************************
+global $SVG_icon_circle_x;
+	$extra = '<g transform="translate(4,6)">'.$SVG_icon_circle_x.'</g>';
+	svg_icon_txt_0('#444', 'black', 'white', $extra);
+} //end svg_icon_file_del() ****************************************************
 
 
 
-function svg_icon_del_file(){ //************************************************
-global $SVG_icon_txt_lines, $SVG_icon_circle_x; ?>
-<svg xmlns="http://www.w3.org/2000/svg" version="1.1" width="14" height="16">
-	<rect x = "0" y = "0" width = "14" height = "16" fill="white" stroke="#444" stroke-width = "2" />
-	<?php echo $SVG_icon_txt_lines; ?>
-	<g transform="translate(4,6)">
-		<?php echo $SVG_icon_circle_x; ?>
-	<g>
-</svg>
-<?php } //end svg_icon_del_file() **********************************************
+function svg_icon_folder_0($extra){ //******************************************
+?><svg class="icon icon_fldr" xmlns="http://www.w3.org/2000/svg" version="1.1" width="18" height="14">
+	<path  d="M0.5, 1  L8,1  L9,2  L9,3  L16.5,3  L17,3.5  L17,13.5  L.5,13.5  L.5,.5" 
+			fill="#FBE47b" stroke="#F0CD28" stroke-width="1" />
+	<path  d="M1.5, 8  L7, 8  L8.5,6.3  L16,6.3  L7.5, 6.3   L6.5,7.5  L1.5,7.5" 
+			fill="transparent" stroke="white" stroke-width="1" />
+	<path  d="M1.5,13  L1.5,2  L7.5,2  L8.5,3  L8.5,4  L15.5,4 L16,4.5  L16,13"  
+			fill="transparent" stroke="white" stroke-width="1" />
+	<?php echo $extra ?>
+</svg><?php 
+} //end svg_icon_folder() ******************************************************
 
 
 
-function svg_icon_folder(){ //**************************************************
-global $SVG_icon_folder; ?>
-<svg xmlns="http://www.w3.org/2000/svg" version="1.1" width="18" height="14">
-	<?php echo $SVG_icon_folder; ?>
-</svg>
-<?php } //end svg_icon_folder() ************************************************
+function svg_icon_folder(){ svg_icon_folder_0(''); } //*************************
 
 
 
-function svg_icon_new_folder(){ //**********************************************
-global $SVG_icon_folder, $SVG_icon_circle_plus; ?>
-<svg xmlns="http://www.w3.org/2000/svg" version="1.1" width="18" height="14">
-	<?php echo $SVG_icon_folder; ?>
-	<g transform="translate(7.5,4)">
-		<?php echo $SVG_icon_circle_plus; ?>
-	</g>
-</svg>
-<?php } //end svg_icon_new_folder() ********************************************
+function svg_icon_folder_new(){ //**********************************************
+	global $SVG_icon_circle_plus;
+	$extra = '<g transform="translate(7.5,4)">'.$SVG_icon_circle_plus.'</g>';
+	svg_icon_folder_0($extra);
+} //end svg_icon_folder_new() **************************************************
 
 
 
-function svg_icon_ren_folder(){ //*******************************************
-global $SVG_icon_folder; ?>
-<svg xmlns="http://www.w3.org/2000/svg" version="1.1" width="18" height="14">
-	<?php echo $SVG_icon_folder; ?>
-	<g transform="translate(6,3)">
-	  <polygon points="2,0 9,7 7,9 0,2" stroke-width="1" stroke="darkgoldenrod" fill="rgb(246,222,100)"/>
-	  <path  d="M0,2   L0,0  L2,0"      stroke="tan" fill="tan" stroke-width="1"  shape-rendering="crispEdges"/>
-	  <path  d="M0,1.5   L0,0  L1.5,0"      stroke="black" fill="transparent" stroke-width="1"  shape-rendering="crispEdges"/>
-	  <line x1="7.3" y1="10"  x2="10" y2="7.3"  stroke="silver" stroke-width="1"/>
-	  <line x1="8.1" y1="10.8"  x2="10.8" y2="8.1"  stroke="red" stroke-width="1"/>
-	</g>
-</svg>
-<?php } //end svg_icon_ren_folder() *****************************************
+function svg_icon_folder_ren(){ //**********************************************
+	global $SVG_icon_pencil;
+	$extra = '<g transform="translate(6,3)">'.$SVG_icon_pencil.'</g>';
+	svg_icon_folder_0($extra);
+} //end svg_icon_folder_ren() **************************************************
 
 
 
-function svg_icon_del_folder(){ //**********************************************
-global $SVG_icon_folder, $SVG_icon_circle_x; ?>
-<svg xmlns="http://www.w3.org/2000/svg" version="1.1" width="18" height="14">
-	<?php echo $SVG_icon_folder; ?>
-	<g transform="translate(7.5,4)">
-		<?php echo $SVG_icon_circle_x; ?>
-	</g>
-</svg>
-<?php } //end svg_icon_del_folder() ********************************************
+function svg_icon_folder_del(){ //**********************************************
+	global $SVG_icon_circle_x; 
+	$extra = '<g transform="translate(7.5,4)">'.$SVG_icon_circle_x.'</g>';
+	svg_icon_folder_0($extra);
+} //end svg_icon_folder_del() **************************************************
 
 
 
@@ -609,20 +566,17 @@ function list_files() { // ...in a vertical table ******************************
 		if (!is_dir($ipath.$file) && !$excluded) {
 
 			//Determine file type & set cooresponding icon type.
-			$type = "bin"; //default
 			$ext = end( explode(".", strtolower($file)) );
-			for ($x=0; $x < count($ftypes); $x++ ){
-				if ($ext == $ftypes[$x]){ $type = $fclasses[$x]; } 
-			}
+			$type = $fclasses[array_search($ext, $ftypes)];
 ?>
 			<tr>
 				<td>
 					<?php echo '<a href="'.$ONESCRIPT.$param1.'&amp;f='.rawurlencode($file).'&amp;p=edit" >'; ?>
-					<span class="icon"><?php show_icon($type); ?></span>
+					<?php show_icon($type); ?>
 					<?php echo  htmlentities($file), '</a>'; ?>
 				</td>
 				<td class="meta_T meta_size">&nbsp;
-					<?php echo number_format(filesize($ipath.$file)).""; ?> B
+					<?php echo number_format(filesize($ipath.$file)); ?> B
 				</td>
 				<td class="meta_T meta_time"> &nbsp;
 					<script>FileTimeStamp(<?php echo filemtime($ipath.$file); ?>);</script>
@@ -631,7 +585,7 @@ function list_files() { // ...in a vertical table ******************************
 <?php 
 		}//end if !is_dir...
 	}//end foreach file
-echo '</table>';
+	echo '</table>';
 }//end list_files() ************************************************************
 
 
@@ -675,7 +629,7 @@ function Edit_Page() { //*******************************************************
 	$editable = FALSE;  if (in_array($ext, $etypes)) { $editable = TRUE; };
 ?>
 	<h2 id="edit_header">Edit/View:
-	<a class="filename" href="/<?php echo URLencode_path($filename).'">'.htmlentities(basename($filename)) ?></a>
+	<a class="filename" href="/<?php echo URLencode_path($filename).'"  target="_blank">'.htmlentities(basename($filename)) ?></a>
 	</h2>
 
 	<form id="edit_form" name="edit_form" method="post" action="<?php echo $ONESCRIPT.$param3 ?>">
@@ -685,16 +639,15 @@ function Edit_Page() { //*******************************************************
 		<span class="meta_time">Updated<b>: </b><script>FileTimeStamp(<?php echo filemtime($filename); ?>, 1);</script></span><br>
 		</p>
 		<?php Close_Button("close"); ?>
-
+		<div style="clear:both;"></div>
+		
 <?php	if ( !in_array( strtolower($ext), $itypes) ) { //If non-image, show textarea
+
 			if (!$editable) { // If non-text file, disable textarea
-?>			<p>
-				<textarea id="disabled_content" cols="70" rows="3" 
-				disabled="disabled">Non-text or unkown file type. Edit disabled.</textarea>
-				</p>
+?>				<p class="edit_disabled">Non-text or unkown file type. Edit disabled.<br><br></p>
 <?php 		}else{
 				$filecontent = htmlspecialchars(file_get_contents($filename), ENT_SUBSTITUTE,'UTF-8');
-?>			<p>
+?>				<p>
 				<input type="hidden" name="filename" id="filename" value="<?php echo htmlspecialchars($filename); ?>">
 				<textarea id="file_content" name="content" cols="70" rows="25"
 				onkeyup="Check_for_changes(event);"><?php echo $filecontent; ?></textarea>
@@ -980,7 +933,7 @@ function New_Folder_response(){ //**********************************************
 		$message .= $EX.' <b>Folder already exists: ';
 		$message .= htmlentities($new_folder).'</b>';
 	}elseif (mkdir($new_folder)) {
-		$message .= 'Created folder <b>'.htmlentities(basename($new_folder)).'</b>';
+		$message .= 'Created folder: <b>'.htmlentities(basename($new_folder)).'</b>';
 		$ipath  = $new_folder;  //return to new folder
 		$param1 = '?i='.URLencode_path($ipath);
 	}else{
@@ -1031,16 +984,6 @@ function Delete_Folder_response() { //******************************************
 
 
 
-// Login Page response message**************************************************
-if (isset($_POST["username"])) {
-	if (($_SESSION['username'] != $config_username) || ($_SESSION['password'] != $config_password))
-		{ $message = "<b>(!) INVALID LOGIN ATTEMPT</b>"; }
-}//end Login Page response message**********************************************
-
-
-
-
-
 //Logout ***********************************************************************
 if ($page == "logout") {
 	$page = "login";
@@ -1448,8 +1391,6 @@ function style_sheet(){ //****************************************************?>
 
 /*  [Upload File] [New File] [New Folder] etc... */
 
-.front_links { clear: both; }
-
 .front_links a {
 	display: inline-block;
 	border : 1px solid #807568;
@@ -1460,6 +1401,9 @@ function style_sheet(){ //****************************************************?>
 	background-color: #EEE;
 	}
 
+.front_links a .icon_fldr {margin : 1.5px 5px 0 0; }
+.front_links a .icon_file {margin : 1.0px 5px 0 0; }
+
 .front_links a:hover  { background-color: rgb(255,250,150); }
 .front_links a:focus  { background-color: rgb(255,250,150); }
 
@@ -1479,7 +1423,15 @@ function style_sheet(){ //****************************************************?>
 	height: 30em;
 	}
 
-textarea[disabled] { width : 99.5%; height: 50px; background-color: #EEE; color: #777;}
+.edit_disabled { 
+	border : 1px solid #807568;
+	width  : 99%;
+	padding: .2em;
+	margin : 0;
+	color: #444;
+	background-color: #F8F8F8;
+	line-height: 1.4em;
+	}
 
 textarea:focus { border: 1px solid #Faa; }
 
@@ -1542,7 +1494,7 @@ function style_sheet(){ //****************************************************?>
 
 #file_content {height: 24em;}
 
-.file_meta	  {float: left;  margin-top: .5em; font-size: .9em; color: #333; font-family: courier;}
+.file_meta	  {float: left;  margin-top: .5em; font-size: 1em; color: #333; font-family: courier;}
 
 .close        {float: right; margin-bottom: .5em;}
 
@@ -1590,16 +1542,16 @@ function style_sheet(){ //****************************************************?>
 .web_root { font:1.2em Courier; }
 
 .verify {
-	border: 1px solid #807568;
+	border: 1px solid #F44;
 	color: #333;
-	background-color: #FEE;
+	background-color: #FFE7E7;
 	padding: .1em .2em;
 	font: 1.2em Courier;
 	}
 
 .sure { margin: .7em 0em .5em 0; }
 
-.icon {float: left; margin: 0 5px 0 0;}
+.icon {float: left; margin: 0 .3em 0 0;}
 
 </style>
 <?php }//end style_sheet() *****************************************************

From 3882c62db23737672ac40dbafc04103dacd1800a Mon Sep 17 00:00:00 2001
From: Self-Evident <selfevidenttruths@mail.com>
Date: Sun, 3 Jun 2012 19:29:44 -0400
Subject: [PATCH 070/228] Version 3.1.4 Added basic validation of "f"
 (filename) parameter. Moved validation for $page up to where GET param's are
 got. Added max file size checks to upload page & response. Added error code
 responses to upload message.

---
 onefilecms.php | 93 ++++++++++++++++++++++++++++++++++----------------
 1 file changed, 63 insertions(+), 30 deletions(-)

diff --git a/onefilecms.php b/onefilecms.php
index 8da9a75..cc555f5 100755
--- a/onefilecms.php
+++ b/onefilecms.php
@@ -1,7 +1,7 @@
 <?php
 // OneFileCMS - http://onefilecms.com/
 
-$version = '3.1.3';
+$version = '3.1.4'; // 20-06-03 19:30
 
 /*******************************************************************************
 Copyright � 2009-2012 https://github.com/rocktronica
@@ -159,15 +159,17 @@ function Check_path($path) { // returns first valid path in some/supplied/path/
 $valid_pages = array("login","logout","index","edit","upload","newfile","copy","rename","delete","newfolder","renamefolder","deletefolder" );
 
 
-//*** Get main parameters 
-if (isset($_GET["i"])) { $ipath    = Check_path($_GET["i"]); }else{ $ipath = ""; }
+//*** Get main parameters: i="some/path/", f="somefile.xyz", p="somepage"
+if (isset($_GET["i"])) { $ipath = Check_path($_GET["i"]); }else{ $ipath = ""; }
 
 if (isset($_GET["f"])) {
 	$filename = $ipath.$_GET["f"];
-	if ( !is_file($filename) ) { $message .= $EX.' <b>File does not exist: '.$filename.'</b><br>'; $filename = ""; }
+	if ( !is_file($filename) ) {
+		$message .= $EX.' <b>File does not exist: '.$filename.'</b><br>'; $filename = "";
+	}
 }else{ $filename = ""; }
 
-if (isset($_GET["p"])) { $page     = $_GET["p"]; } // default $page set above
+if (isset($_GET["p"])) { $page = $_GET["p"]; } // default $page set above
 
 $param1 = '?i='.URLencode_path($ipath);
 //******************************************************************************
@@ -176,6 +178,33 @@ function Check_path($path) { // returns first valid path in some/supplied/path/
 
 
 
+//*** Verify valid $page *******************************************************
+
+if ($page != "") {
+	if (!in_array(strtolower($page), $valid_pages)) {
+		header("Location: ".$ONESCRIPT); // redirect on invalid page attempts
+		$page = "index";
+	}
+}
+
+
+//Don't load login screen if already in a valid session 
+if ( ($page == "login") and ($_SESSION['valid']) ) { $page = "index"; }
+
+
+if ( ($page == "deletefolder") && !is_empty($ipath) ) {
+	$message = $EX.' <b>Folder not empty. &nbsp; Folders must be empty before they can be deleted.</b>';
+	$page = "index";
+}
+
+
+if ( $page == "edit" && !is_file($filename) ) { $page = "index"; }
+//******************************************************************************
+
+
+
+
+
 //******************************************************************************
 // Misc Functions
 
@@ -708,11 +737,21 @@ function Edit_Page_response(){ //***If on Edit page, and [Save] clicked ********
 
 function Upload_Page() { //*****************************************************
 	global $ONESCRIPT, $ipath, $param1, $INPUT_SESSIONID;
+
+	//Determine $MAX_FILE_SIZE to upload
+	$UMF = ini_get('upload_max_filesize'); //assumes  it's < post_max_size. If not, oh well.
+	$KMB = strtoupper(substr($UMF, -1));
+
+	if     ($KMB == "K") { $MAX_FILE_SIZE = $UMF * 1024; }
+	elseif ($KMB == "M") { $MAX_FILE_SIZE = $UMF * 1048576; }
+	elseif ($KMB == "G") { $MAX_FILE_SIZE = $UMF * 1073741824; }
+	else                 { $MAX_FILE_SIZE = $UMF; }
 ?>
 	<h2>Upload File</h2>
+	<p>Note: Maximum upload file size is: <?php echo $UMF; ?></p>
 	<form enctype="multipart/form-data" action="<?php echo $ONESCRIPT.$param1; ?>" method="post">
 		<?php echo $INPUT_SESSIONID; ?>
-		<input type="hidden" name="MAX_FILE_SIZE" value="100000">
+		<input type="hidden" name="MAX_FILE_SIZE" value="<?php echo $MAX_FILE_SIZE ?>"> 
 		<input type="hidden" name="upload_destination" value="<?php echo htmlspecialchars($ipath); ?>" >
 		<input name="upload_file" type="file" size="100">
 		<?php Cancel_Submit_Buttons("Upload","cancel"); ?>
@@ -727,20 +766,33 @@ function Upload_File_response() { //********************************************
 	global $filename, $message, $EX, $page;
 	$filename    = $_FILES['upload_file']['name'];
 	$destination = htmlspecialchars_decode(Check_path($_POST["upload_destination"]));
-	$page = "index";
+	$page  = "index";
+	$MAXUP1 = ini_get('upload_max_filesize');
+	$MAXUP2 = number_format ($_POST['MAX_FILE_SIZE']).' bytes';
+	$ERROR = $_FILES['upload_file']['error'];
+
+	if     ( $ERROR == 1 ){ $ERRMSG = 'File too large.  upload_max_filesize = '.$MAXUP1.' (From php.ini)';}
+	elseif ( $ERROR == 2 ){ $ERRMSG = 'File too large.  $MAX_FILE_SIZE = '.$MAXUP2.' (From OneFileCMS)';}
+	elseif ( $ERROR == 3 ){ $ERRMSG = 'The uploaded file was only partially uploaded.'; }
+	elseif ( $ERROR == 4 ){ $ERRMSG = 'No file was uploaded. '; }
+	elseif ( $ERROR == 5 ){ $ERRMSG = ''; }
+	elseif ( $ERROR == 6 ){ $ERRMSG = 'Missing a temporary folder.'; }
+	elseif ( $ERROR == 7 ){ $ERRMSG = 'Failed to write file to disk.'; }
+	elseif ( $ERROR == 8 ){ $ERRMSG = 'A PHP extension stopped the file upload.'; }
+	else                  { $ERRMSG = ''; }
 
 	if (($filename == "")){ 
-		$message = $EX.' <b>No file selected for upload... </b>';
+		$message .= $EX.' <b>No file selected for upload... </b>';
 	}elseif (($destination != "") && !is_dir($destination)) {
 		$message .= $EX.' Destination folder does not exist: <br><b>';
-		$message .= ''.htmlentities($WEB_ROOT.$destination).'</b><br><b>Upload cancelled.</b>';
+		$message .= htmlentities($WEB_ROOT.$destination).'</b><br><b>Upload cancelled.</b>';
 	}else{
 		$message .= 'Uploading: "<b>'.htmlentities($filename).'</b>"...';
 		$savefile = ordinalize($destination, $filename, $savefile_msg);
 		if(move_uploaded_file($_FILES['upload_file']['tmp_name'], $savefile)) {
-			$message .= '<br>Upload successful.'.$savefile_msg;
+			$message .= '<br>Upload successful! '.$savefile_msg;
 		} else{
-			$message .= '<br>'.$EX.' <b>There was an error.</b> Upload or rename may have failed.';
+			$message .= '<br>'.$EX.' <b>Error '.$ERROR.' - Upload failed: </b>'.$ERRMSG.'';
 		}
 	}
 }//end Upload_File_response() **************************************************
@@ -1030,25 +1082,6 @@ function Delete_Folder_response() { //******************************************
 
 
 
-//*** Verify valid $page *******************************************************
-if ($page != "") {
-	if (!in_array(strtolower($page), $valid_pages)) {
-		header("Location: ".$ONESCRIPT); // redirect on invalid page attempts
-		$page = "index";
-	}
-}
-if ( ($page == "deletefolder") && !is_empty($ipath) ) {
-	$message = '<b>(!) Folder not empty. &nbsp; Folders must be empty before they can be deleted.</b>';
-	$page = "index";
-}
-//Don't load login screen if already in a valid session 
-if (($page == "login") and ($_SESSION['valid'])) { $page = "index"; }
-//******************************************************************************
-
-
-
-
-
 function Load_Selected_Page(){ //***********************************************
 	global $ONESCRIPT, $page;
 

From 64e03a3d82167c0c683def98a34fa820ef09ac50 Mon Sep 17 00:00:00 2001
From: David <selfevidenttruths@mail.com>
Date: Mon, 4 Jun 2012 17:49:20 -0400
Subject: [PATCH 071/228] Version 3.1.5 Edit/View Page: Added file size checks.
 Edit page was becoming the Blob, so I broke it up into three functions.

---
 onefilecms.php  | 187 ++++++++++++++++++++++++++----------------------
 readme.markdown |  35 ++++++---
 2 files changed, 124 insertions(+), 98 deletions(-)

diff --git a/onefilecms.php b/onefilecms.php
index cc555f5..5241e13 100755
--- a/onefilecms.php
+++ b/onefilecms.php
@@ -1,7 +1,7 @@
 <?php
-// OneFileCMS - http://onefilecms.com/
+// OneFileCMS - github.com/Self-Evident/OneFileCMS
 
-$version = '3.1.4'; // 20-06-03 19:30
+$version = '3.1.5'; //
 
 /*******************************************************************************
 Copyright � 2009-2012 https://github.com/rocktronica
@@ -30,7 +30,8 @@
 
 
 
-if( phpversion() < '5.0.0' ) { exit("OneFileCMS requires PHP5 to operate (v5.4 recommended). Please contact your host to upgrade your PHP installation."); };
+if( phpversion() < '5.0.0' ) { exit("OneFileCMS requires PHP5 to operate - and version 5.4 is recommended."); }
+
 
 
 // CONFIGURABLE INFO ***********************************************************
@@ -41,9 +42,9 @@
 $MAX_IMG_W   = 810;   // Max width to display images. (page container = 810)
 $MAX_IMG_H   = 1000;  // Max height.  I don't know, it just looks reasonable.
 
-
-
-
+$MAX_EDIT_SIZE = 150000;  // Edit gets flaky with large files in some browsers.  Trial and error your's.
+$MAX_VIEW_SIZE = 1000000; //If file > $MAX_EDIT_SIZE, don't even view in OneFileCMS.
+                          // The max view size is completely arbitray. It was 2am and seemed like a good idea at the time.
 $config_favicon   = "/favicon.ico";
 $config_excluded  = ""; //files to exclude from directory listings- CaSe sensaTive!
 
@@ -58,7 +59,6 @@
 
 
 
-
 //******************************************************************************
 session_start();  $SID = session_id();
 
@@ -79,13 +79,11 @@
 
 
 chdir($_SERVER["DOCUMENT_ROOT"]); //Allow OneFileCMS.php to be started from any dir on the site.
-//
 //End session startup***********************************************************
 
 
 
 
-
 //******************************************************************************
 // A couple functions needed early
 
@@ -138,7 +136,6 @@ function Check_path($path) { // returns first valid path in some/supplied/path/
 
 
 
-
 //******************************************************************************
 //Some global values & $_GET parameters
 //
@@ -177,7 +174,6 @@ function Check_path($path) { // returns first valid path in some/supplied/path/
 
 
 
-
 //*** Verify valid $page *******************************************************
 
 if ($page != "") {
@@ -204,7 +200,6 @@ function Check_path($path) { // returns first valid path in some/supplied/path/
 
 
 
-
 //******************************************************************************
 // Misc Functions
 
@@ -378,7 +373,6 @@ function show_favicon(){
 
 
 
-
 //A few macros ($varibale="some reusable chunk of code")************************
 $INPUT_SESSIONID = '<input type="hidden" name="sessionid" value="'.$SID.'">'.PHP_EOL;
 $FORM_COMMON = '<form method="post" action="'.$ONESCRIPT.$param1.'">'.$INPUT_SESSIONID;
@@ -406,7 +400,6 @@ function show_favicon(){
 
 
 
-
 function svg_icon_bin(){ //*****************************************************
 $zero = '<rect x="0"  y="0"  width="3" height="6" fill="transparent" stroke="#555" stroke-width="1" />';
 $one  = '<line x1="0" y1="-.5"   x2="0" y2="6.5"  stroke="#555" stroke-width="1"/>';
@@ -554,7 +547,6 @@ function show_icon($type){ //***************************************************
 
 
 
-
 function Login_Page() { //******************************************************
 	global $ONESCRIPT, $message;
 ?>
@@ -577,7 +569,6 @@ function Login_Page() { //******************************************************
 
 
 
-
 function list_files() { // ...in a vertical table ******************************
 //called from Index Page
 
@@ -620,7 +611,6 @@ function list_files() { // ...in a vertical table ******************************
 
 
 
-
 function Index_Page(){ //*******************************************************
 	global $ONESCRIPT, $ipath;
 
@@ -646,77 +636,122 @@ function Index_Page(){ //*******************************************************
 
 
 
+function Edit_Page_Buttons($text_editable, $too_large_to_edit) { //*************
+	global $ONESCRIPT, $param2;
+?>
+	<p class="buttons_right">
+	<?php if ($text_editable && !$too_large_to_edit) { //Show save & reset only if editable file ?> 
+		<input type="submit" class="button" value="Save"                  onclick="submitted = true;" id="save_file">
+		<input type="button" class="button" value="Reset - loose changes" onclick="Reset_File()"      id="reset">
+		<script>
+			//Set disabled here instead of via input attribute in case js is disabled.
+			//If js is disabled, user would be unable to save changes.
+			document.getElementById('save_file').disabled = "disabled";
+			document.getElementById('reset').disabled     = "disabled";
+		</script>
+	<?php } ?>
+	<input type="button" class="button" value="Rename/Move" onclick="parent.location='<?php echo $ONESCRIPT.$param2.'&amp;p=rename'; ?>'">
+	<input type="button" class="button" value="Copy"        onclick="parent.location='<?php echo $ONESCRIPT.$param2.'&amp;p=copy'  ; ?>'">
+	<input type="button" class="button" value="Delete"      onclick="parent.location='<?php echo $ONESCRIPT.$param2.'&amp;p=delete'; ?>'">
+	<?php Close_Button(""); ?>
+	</p>
+<?php
+}//end Edit_Page_Buttons()******************************************************
+
 
-function Edit_Page() { //*******************************************************
-	global $ONESCRIPT, $ipath, $param1, $filename, $filecontent, $etypes, $itypes, $ftypes, $INPUT_SESSIONID;
+
+
+//******************************************************************************
+function Edit_Page_form($ext, $text_editable, $too_large_to_edit, $large_file_message1){ 
+	global $ONESCRIPT, $param1, $param2, $filename, $itypes, $INPUT_SESSIONID;
 
 	$param2 = $param1.'&amp;f='.rawurlencode(basename($filename));
 	$param3 = $param2.'&amp;p=edit';
-	
-	//Determine if text/editable file type
-	$ext = end( explode(".", strtolower($filename) ) );
-	$editable = FALSE;  if (in_array($ext, $etypes)) { $editable = TRUE; };
+	clearstatcache ();
 ?>
-	<h2 id="edit_header">Edit/View:
-	<a class="filename" href="/<?php echo URLencode_path($filename).'"  target="_blank">'.htmlentities(basename($filename)) ?></a>
-	</h2>
-
 	<form id="edit_form" name="edit_form" method="post" action="<?php echo $ONESCRIPT.$param3 ?>">
 		<?php echo $INPUT_SESSIONID; ?>
 		<p class="file_meta">
-		<span class="meta_size">Size<b>: </b> <?php echo number_format(filesize($filename)); ?> bytes</span> &nbsp; &nbsp; 
-		<span class="meta_time">Updated<b>: </b><script>FileTimeStamp(<?php echo filemtime($filename); ?>, 1);</script></span><br>
+		<span class="meta_size">Filesize: <?php echo number_format(filesize($filename)); ?> bytes</span> &nbsp; 
+		<span class="meta_time">Updated: <script>FileTimeStamp(<?php echo filemtime($filename); ?>, 1);</script></span><br>
 		</p>
 		<?php Close_Button("close"); ?>
 		<div style="clear:both;"></div>
-		
-<?php	if ( !in_array( strtolower($ext), $itypes) ) { //If non-image, show textarea
+<?php
+		if ( !in_array( strtolower($ext), $itypes) ) { //If non-image, show textarea
+
+			if (!$text_editable) { // If non-text file, disable textarea
+				echo '<p class="edit_disabled">Non-text or unkown file type. Edit disabled.<br><br></p>';
+
+			}elseif ( $too_large_to_edit ) {
+ 				echo '<p class="edit_disabled">'.$large_file_message1.'</p>';
 
-			if (!$editable) { // If non-text file, disable textarea
-?>				<p class="edit_disabled">Non-text or unkown file type. Edit disabled.<br><br></p>
-<?php 		}else{
+			}else{
 				$filecontent = htmlspecialchars(file_get_contents($filename), ENT_SUBSTITUTE,'UTF-8');
-?>				<p>
-				<input type="hidden" name="filename" id="filename" value="<?php echo htmlspecialchars($filename); ?>">
-				<textarea id="file_content" name="content" cols="70" rows="25"
-				onkeyup="Check_for_changes(event);"><?php echo $filecontent; ?></textarea>
-				</p>
-			<?php } //end if editable ?>	
-		<?php  } //end if non-image, show textarea ?>
+				echo '<input type="hidden" name="filename" id="filename" value="'.htmlspecialchars($filename).'">';
+				echo '<textarea id="file_content" name="content" cols="70" rows="25"
+					onkeyup="Check_for_changes(event);">'.$filecontent.'</textarea>';
+			} //end if !editable /else...
+		} //end if non-image, show textarea
+
+		Edit_Page_Buttons($text_editable, $too_large_to_edit);
+?>
+	</form> 
+<?php }//end Edit_Page_form() **************************************************
+
+
+
+
+function Edit_Page() { //*******************************************************
+	global $filename, $filecontent, $etypes, $itypes, $MAX_EDIT_SIZE, $MAX_VIEW_SIZE;
+
+	//Determine if text editable file type
+	$ext = end( explode(".", strtolower($filename) ) );
+	if (in_array($ext, $etypes)) { $text_editable = TRUE;  }
+	else                         { $text_editable = FALSE; }
+	
+	$too_large_to_edit = (filesize($filename) > $MAX_EDIT_SIZE);
+	$too_large_to_view = (filesize($filename) > $MAX_VIEW_SIZE);
+	
+	if ($too_large_to_edit){$header2 = "Viewing: ";}
+	else                   {$header2 = "Editing: ";}
+
+	$large_file_message1 = 
+'<b>Edit disabled. Filesize &gt; '.number_format($MAX_EDIT_SIZE).' bytes.</b> ($MAX_EDIT_SIZE)<br>
+Some browsers (on my PC) bog down or become unstable while editing a large file in an HTML &lt;textarea&gt;.<br>
+$MAX_EDIT_SIZE is in the configuration section of OneFileCMS, and may be adjusted as needed.<br>
+A simple trial and error test can determine a practical limit for a given browser/computer.';
+	$large_file_message2 = 
+'<b>View disabled. Filesize &gt; '.number_format($MAX_VIEW_SIZE).' bytes.</b> ($MAX_VIEW_SIZE)<br>
+Click the the file name above to view normally in a browser window.<br>
+(The default value for $MAX_VIEW_SIZE is completely arbitrary, and may be adjusted as desired to suit individual perceptions of neccessity.)';
+
+	echo '<h2 id="edit_header">'.$header2;
+	echo '<a class="filename" href="/'.URLencode_path($filename).'" target="_blank">'.htmlentities(basename($filename)).'</a>';
+	echo '</h2>';
+
+	Edit_Page_form($ext, $text_editable, $too_large_to_edit, $large_file_message1);
 
-		<div style="clear:both;"></div>
-		<p class="buttons_right">
-		<?php if ($editable) { //Show save & reset only if editable file ?> 
-			<input type="submit" class="button" value="Save"                  onclick="submitted = true;" id="save_file">
-			<input type="button" class="button" value="Reset - loose changes" onclick="Reset_File()"      id="reset">
-			<script>
-				//Set disabled here instead of via input attribute in case js is disabled.
-				//If js is disabled, user would be unable to save changes.
-				document.getElementById('save_file').disabled = "disabled";
-				document.getElementById('reset').disabled     = "disabled";
-			</script>
-		<?php } ?>
-		<input type="button" class="button" value="Rename/Move" onclick="parent.location='<?php echo $ONESCRIPT.$param2.'&amp;p=rename'; ?>'">
-		<input type="button" class="button" value="Copy"        onclick="parent.location='<?php echo $ONESCRIPT.$param2.'&amp;p=copy'  ; ?>'">
-		<input type="button" class="button" value="Delete"      onclick="parent.location='<?php echo $ONESCRIPT.$param2.'&amp;p=delete'; ?>'">
-		<?php Close_Button(""); ?>
-		</p>
-	</form>
-	<div style="clear:both;"></div>
-<?php
 	if ( in_array( $ext, $itypes) ) { show_image(); }
 
-	if ($editable) {
+	echo '<div style="clear:both;"></div>';
+
+	if ( $text_editable && $too_large_to_edit && !$too_large_to_view ) {
+		$filecontent = htmlspecialchars(file_get_contents($filename), ENT_SUBSTITUTE,'UTF-8');
+		echo '<pre class="edit_disabled view_file">'.$filecontent.'</pre>';
+	}elseif ( $text_editable && $too_large_to_view ){
+		echo '<p class="edit_disabled">'.$large_file_message2.'</p>';
+	}
+	
+	if ($text_editable && !$too_large_to_edit) {
 		Edit_Page_scripts();
 		echo '<div id="edit_note">NOTE: On some browsers, such as Chrome, if you click the browser [Back] then browser [Forward] (or vice versa), the file state may not be accurate.  To correct, click the browser\'s [Reload].</div>';
-	} //end if editable
-
+	}
 }//End Edit_Page ***************************************************************
 
 
 
 
-
 function Edit_Page_response(){ //***If on Edit page, and [Save] clicked ********
 	global $filename, $message, $EX;
 	$filename = htmlspecialchars_decode($_POST["filename"]);
@@ -734,7 +769,6 @@ function Edit_Page_response(){ //***If on Edit page, and [Save] clicked ********
 
 
 
-
 function Upload_Page() { //*****************************************************
 	global $ONESCRIPT, $ipath, $param1, $INPUT_SESSIONID;
 
@@ -761,7 +795,6 @@ function Upload_Page() { //*****************************************************
 
 
 
-
 function Upload_File_response() { //********************************************
 	global $filename, $message, $EX, $page;
 	$filename    = $_FILES['upload_file']['name'];
@@ -800,7 +833,6 @@ function Upload_File_response() { //********************************************
 
 
 
-
 function New_File_Page() { //***************************************************
 	global $FORM_COMMON;
 ?>
@@ -815,7 +847,6 @@ function New_File_Page() { //***************************************************
 
 
 
-
 function New_File_response() { //***********************************************
 	global $ipath, $filename, $page, $message, $EX;
 	$new_name = $_POST["new_file"];
@@ -846,7 +877,6 @@ function New_File_response() { //***********************************************
 
 
 
-
 function Copy_Ren_Move_Page($action, $title, $name_id, $isfile) { //******
 	//$action = 'Copy' or 'Rename'. $isfile = 1 if acting on a file, not a folder
 	global $WEB_ROOT, $ipath, $filename, $FORM_COMMON;
@@ -876,8 +906,6 @@ function Copy_Ren_Move_Page($action, $title, $name_id, $isfile) { //******
 
 
 
-
-
 //******************************************************************************
 function Copy_Ren_Move_response($old_name, $new_name, $action, $msg1, $msg2, $isfile){
 	//$action = 'copy' or 'rename'. $isfile = 1 if acting on a file, not a folder
@@ -913,7 +941,6 @@ function Copy_Ren_Move_response($old_name, $new_name, $action, $msg1, $msg2, $is
 
 
 
-
 function Delete_File_Page() { //************************************************
 	global $filename, $FORM_COMMON;
 ?>
@@ -929,7 +956,6 @@ function Delete_File_Page() { //************************************************
 
 
 
-
 function Delete_File_response(){ //*********************************************
 	global $filename, $message, $EX, $page;
 
@@ -947,7 +973,6 @@ function Delete_File_response(){ //*********************************************
 
 
 
-
 function New_Folder_Page() { //*************************************************
 	global $FORM_COMMON;
 ?>
@@ -961,7 +986,6 @@ function New_Folder_Page() { //*************************************************
 
 
 
-
 function New_Folder_response(){ //**********************************************
 	global $message, $EX, $ipath, $param1, $page;
 
@@ -998,7 +1022,6 @@ function New_Folder_response(){ //**********************************************
 
 
 
-
 function Delete_Folder_Page(){ //***********************************************
 	global $WEB_ROOT, $ipath, $FORM_COMMON;
 ?>
@@ -1015,7 +1038,6 @@ function Delete_Folder_Page(){ //***********************************************
 
 
 
-
 function Delete_Folder_response() { //******************************************
 	global $ipath, $param1, $page, $message, $EX;
 	$page = "index"; //Return to index
@@ -1035,7 +1057,6 @@ function Delete_Folder_response() { //******************************************
 
 
 
-
 //Logout ***********************************************************************
 if ($page == "logout") {
 	$page = "login";
@@ -1047,7 +1068,6 @@ function Delete_Folder_response() { //******************************************
 
 
 
-
 if ($VALID_POST) { //***********************************************************
 	if (isset($_FILES['upload_file']['name'])) { Upload_File_response(); }
 	if (isset($_POST["filename"]     )) { Edit_Page_response(); }
@@ -1063,7 +1083,6 @@ function Delete_Folder_response() { //******************************************
 
 
 
-
 //<title>$pagetitle</title>*****************************************************
 if     ($page == "login")        { $pagetitle = "Log In";         }
 elseif ($page == "edit")         { $pagetitle = "Edit/View File"; }
@@ -1081,7 +1100,6 @@ function Delete_Folder_response() { //******************************************
 
 
 
-
 function Load_Selected_Page(){ //***********************************************
 	global $ONESCRIPT, $page;
 
@@ -1101,7 +1119,6 @@ function Load_Selected_Page(){ //***********************************************
 
 
 
-
 //******************************************************************************
 function Time_Stamp_scripts() {  ?>
 
@@ -1147,7 +1164,6 @@ function FileTimeStamp(php_filemtime, show_offset){
 
 
 
-
 function Edit_Page_scripts() { //********************************************
 ?>
 	<!--======== Provide feedback re: unsaved changes ========-->
@@ -1257,7 +1273,6 @@ function Reset_File() {
 
 
 
-
 function style_sheet(){ //****************************************************?>
 <style>
 /* --- reset --- */
@@ -1592,8 +1607,6 @@ function style_sheet(){ //****************************************************?>
 
 
 
-
-
 //******************************************************************************
 //******************************************************************************
 ?><!DOCTYPE html>
diff --git a/readme.markdown b/readme.markdown
index 7638b7e..7e51603 100755
--- a/readme.markdown
+++ b/readme.markdown
@@ -1,6 +1,6 @@
 ### May 29, 2012
 
-# Current stable versions: 1.5, 2.0, & 3.1.1
+# Current stable versions: 1.5, 2.0, & 3.1.5
 
 - 3.1.1: "Full" version - uses svg icons
 - 2.0  : "Lite" version - uses no icons.
@@ -109,9 +109,19 @@ The reason there isn't default support for multiple users is that all of their i
 
 ## Change Log
 
+
+
+
+### 3.1.2 thru 3.1.5
+
+- Added file size limits to the Edit/View page. (Some browsers don't like large files in an HTML textarea.
+- Added some data validation to _GET parameters
+- Some misc code cleanup & organization etc.
+- And other misc stuff...
+
 ### 3.1.1
 
-	Fixed minor issue with data encoding of file to exit in <textarea>
+- Fixed minor issue with data encoding of file to exit in <textarea>
 
 ### 3.1
 
@@ -230,14 +240,16 @@ The reason there isn't default support for multiple users is that all of their i
 ## Requirements
 
 - PHP 5.4  
-  (Older 5.x versions may work, but there will be issues editing files with back slashes.  See php docs on magic_quotes_gpc & stripslashes().)
-- File permission privileges
+  (Older 5.x versions may work, but there will be issues editing files with back slashes, among other things.  See php docs on magic_quotes_gpc & stripslashes().)
+- File permission privileges on your host
 - Javascript enabled browswer
-- (and, if you use IE, IE9+ for svg support if using OneFileCMS 3.0+) 
+- And, for OneFileCMS 3+, a browser that supports inline SVG.
 
 ## Credit, License, Et Cetera
 
-Written in PHP, JavaScript, HTML and CSS.
+Original concept and development by github.com/rocktronica
+
+Written in PHP, JavaScript, HTML, CSS, and SVG.
 
 Available under the MIT and BSD licenses.
 
@@ -247,8 +259,9 @@ To report a bug or request a feature, please file an issue via Github. Forks enc
 
 ##Needed/potential/upcoming improvements
 
-- Be aware that, currently, only some very basic & rudimentary data & error checking is performed.
-- Partly as a consequence of the precedeing note, also be aware that there are issues with folder & file names containing special chars (&,%, etc...).  
+- Connection is not encrypted (doesn't use SSL), so passwords & usernames are sent in clear text during login.
+- Be aware that only some very basic & rudimentary data & error checking is performed.  
+  On Windows, for instance, it's possible to create folders that are subsequently inaccessible and undeletable by Windows.  (Yea, I found out the hard way...)
 - With Chrome, and possibly Safari, issue with Edit page: Clicking browser [back] & then browser [forward],  with file changed and not saved. On return (after [forward] clicked), file still has changes, but indicators are green (saved/unchanged). Does not affect FF 7+ or IE 8+.
 - Check size of file to upload, verify under max post/upload limits.
 - Multiple login names?
@@ -263,13 +276,13 @@ Session start
 A few functions needed early  
 A few global values.  
 Misc functions  
-A few macros (common chunks of code)  
+A few macros (reusable chunks of code)  
 svg\_icons\_...() functions  
 Login\_Page() function  
 list\_files() function  
 Index\_Page() function  
-&lt;page...&gt;_Page() functions  
-&lt;page...&gt;_response() functions  
+&lt;...page&gt;_Page() functions  
+&lt;...page&gt;_response() functions  
 &nbsp; &nbsp; Edit\_Page()...   
 &nbsp; &nbsp; Upload\_  
 &nbsp; &nbsp; New\_File\_  

From 00c8d3609bb9e67cdc4e3bd22ec1b6b9fab00072 Mon Sep 17 00:00:00 2001
From: Self-Evident <selfevidenttruths@mail.com>
Date: Mon, 4 Jun 2012 23:55:45 -0400
Subject: [PATCH 072/228] Version 3.1.6 New_File_response(): Removed use of
 superfluous "$savefile". Copy_Ren_Move_response(): Improved error check.
 Minor tweaks to Delete_Folder_page & _response. New_Folder(): improved check
 for a few invalid characters. New_File(): added check for a few invalid
 characters. In above ()'s, adjusted/imporoved $message's.

---
 .gitignore     |   1 -
 onefilecms.php | 164 +++++++++++++++++++++++++++----------------------
 2 files changed, 92 insertions(+), 73 deletions(-)
 delete mode 100644 .gitignore

diff --git a/.gitignore b/.gitignore
deleted file mode 100644
index 6c7b69a..0000000
--- a/.gitignore
+++ /dev/null
@@ -1 +0,0 @@
-.gitignore
diff --git a/onefilecms.php b/onefilecms.php
index 5241e13..a4c367e 100755
--- a/onefilecms.php
+++ b/onefilecms.php
@@ -1,7 +1,7 @@
 <?php
 // OneFileCMS - github.com/Self-Evident/OneFileCMS
 
-$version = '3.1.5'; //
+$version = '3.1.6'; //2012-06-04
 
 /*******************************************************************************
 Copyright � 2009-2012 https://github.com/rocktronica
@@ -155,20 +155,22 @@ function Check_path($path) { // returns first valid path in some/supplied/path/
 
 $valid_pages = array("login","logout","index","edit","upload","newfile","copy","rename","delete","newfolder","renamefolder","deletefolder" );
 
+$INVALID_CHARS = '< > ? * : " | / \\'; //Illegal characters for file/folder names. (Space deliminated)
+$INVALID_CHARS_array = explode(' ', $INVALID_CHARS);
 
-//*** Get main parameters: i="some/path/", f="somefile.xyz", p="somepage"
-if (isset($_GET["i"])) { $ipath = Check_path($_GET["i"]); }else{ $ipath = ""; }
+//*** Get main parameters: i=some/path/,  f=somefile.xyz,  p=somepage
+	if (isset($_GET["i"])) { $ipath = Check_path($_GET["i"]); }else{ $ipath = ""; }
 
-if (isset($_GET["f"])) {
-	$filename = $ipath.$_GET["f"];
-	if ( !is_file($filename) ) {
-		$message .= $EX.' <b>File does not exist: '.$filename.'</b><br>'; $filename = "";
-	}
-}else{ $filename = ""; }
+	if (isset($_GET["f"])) {
+		$filename = $ipath.$_GET["f"];
+		if ( !is_file($filename) && $_SESSION['valid'] )//Don't set $message for login page.
+			{ $message .= $EX.' <b>File does not exist:</b> '.htmlentities($filename).'<br>'; }
+		if ( !is_file($filename) ) { $filename = ""; $page = "index"; }
+	}else{ $filename = ""; }
 
-if (isset($_GET["p"])) { $page = $_GET["p"]; } // default $page set above
+	if (isset($_GET["p"])) { $page = $_GET["p"]; } // default $page set in session startup
 
-$param1 = '?i='.URLencode_path($ipath);
+	$param1 = '?i='.URLencode_path($ipath);
 //******************************************************************************
 
 
@@ -270,7 +272,7 @@ function message_box() { //*********************************
 	if (isset($message)) {
 ?>
 		<div id="message"><p>
-		<span><!-- [X] to dismiss message box -->	
+		<span id="Xbox"><!-- [X] to dismiss message box -->	
 			<a id="dismiss" href='<?php echo $ONESCRIPT.$param1; ?>'
  			onclick='document.getElementById("message").innerHTML = " ";return false;'>
 			[X]</a>
@@ -564,7 +566,8 @@ function Login_Page() { //******************************************************
 		<input type="submit" class="button" value="Enter">
 	</form>
 	<script>document.getElementById('username').focus();</script>
-<?php } //end Login_Page() *****************************************************
+<?php
+} //end Login_Page() ***********************************************************
 
 
 
@@ -697,7 +700,8 @@ function Edit_Page_form($ext, $text_editable, $too_large_to_edit, $large_file_me
 		Edit_Page_Buttons($text_editable, $too_large_to_edit);
 ?>
 	</form> 
-<?php }//end Edit_Page_form() **************************************************
+<?php 
+}//end Edit_Page_form() ********************************************************
 
 
 
@@ -790,7 +794,8 @@ function Upload_Page() { //*****************************************************
 		<input name="upload_file" type="file" size="100">
 		<?php Cancel_Submit_Buttons("Upload","cancel"); ?>
 	</form>
-<?php } //end Upload_Page() ****************************************************
+<?php 
+} //end Upload_Page() **********************************************************
 
 
 
@@ -834,43 +839,49 @@ function Upload_File_response() { //********************************************
 
 
 function New_File_Page() { //***************************************************
-	global $FORM_COMMON;
+	global $FORM_COMMON, $INVALID_CHARS;
 ?>
 	<h2>New File</h2>
 	<?php echo $FORM_COMMON ?>
+		<p>File will be created in the current folder. &nbsp;
+		Some invalid characters are: <span class="mono"><?php echo htmlentities($INVALID_CHARS) ?></span></p>
 		<input type="text" name="new_file" id="new_file" value="">
 		<?php Cancel_Submit_Buttons("Create","new_file"); ?>
 	</form>
-<?php
+<?php 
 }//end New_File_Page()**********************************************************
 
 
 
 
 function New_File_response() { //***********************************************
-	global $ipath, $filename, $page, $message, $EX;
-	$new_name = $_POST["new_file"];
-	$FS = strpos($new_name, '/');
-	$filename = $ipath.trim($new_name,'/ '); //trim spaces & slashes
-	$savefile = $filename;
+	global $ipath, $filename, $page, $message, $EX, $INVALID_CHARS, $INVALID_CHARS_array;
+
+	$new_name = trim($_POST["new_file"],'/ '); //Trim spaces and slashes.
+	$filename = $ipath.$new_name;
 	$page = "index"; // return to index if new file fails
 	
-	if ( $FS !== false){
-		$message .= '<b>('.$FS.') File not created.</b> Filename contains invalid character(s) (forward slash): <br>';
-		$message .= '<b>'.htmlentities($new_name).'</b>';
-	}elseif (($_POST["new_file"] == "")){ 
-		$message = $EX.' <b>New file not created - no filename given.</b>';
-	}elseif (file_exists($savefile)) {
-		$message = $EX.' <b>"'.htmlentities(basename($filename)).'"</b> not created. A file with that name already exists.';
-	}elseif ($handle = fopen($savefile, 'w')) {
+	foreach ($INVALID_CHARS_array as $bad_char) {
+		if (strpos($new_name, $bad_char) !== false) { $invalid = true; }
+	}
+
+	if ($invalid){
+		$message .= $EX.' <b>New file not created:</b> '.htmlentities($new_name).'<br>'.
+			'<b> &nbsp; &nbsp; &nbsp; Name contains invalid character(s): '.
+			'<span class="mono">'.htmlentities($INVALID_CHARS).'</span></b>';
+	}elseif ($new_name == ""){ 
+		$message .= $EX.' <b>New file not created -</b> no name given';
+	}elseif (file_exists($filename)) {
+		$message .= $EX.' <b>File already exists: ';
+		$message .= htmlentities($new_name).'</b>';
+	}elseif ($handle = fopen($filename, 'w')) {
 		fclose($handle);
-		$message = 'Created file: <b>'.htmlentities(basename($filename)).'</b>';
-		$ipath    = Check_path(dirname($filename)); //if changed, return to new dir.
+		$message .= '<b>Created file:</b> '.htmlentities($new_name);
+		$page     = "edit";
 		$param1   = '?i='.URLencode_path($ipath);
-		$page = "edit";
-	}else {
-		$message .= $EX.' <b>ERROR - can\'t open or create file:<br>';
-		$message .= htmlentities($filename);
+	}else{
+		$message .= $EX.' <b>Error - new file not created:<br>';
+		$message .= htmlentities($new_name);
 	}
 }//end New_File_response() *****************************************************
 
@@ -901,7 +912,8 @@ function Copy_Ren_Move_Page($action, $title, $name_id, $isfile) { //******
 		</p>
 		<?php Cancel_Submit_Buttons($action, $name_id); ?>
 	</form>
-<?php } //end Copy_Ren_Move_Page() *********************************************
+<?php 
+} //end Copy_Ren_Move_Page() ***************************************************
 
 
 
@@ -919,13 +931,16 @@ function Copy_Ren_Move_response($old_name, $new_name, $action, $msg1, $msg2, $is
 	
 	if ( !is_dir($new_location) ){
 		$message .= $EX.' <b>'.$msg1.' Error - new parent location does not exist:</b><br>';
-		$message .= $WEB_ROOT.$new_location.'/<br>';
+		$message .= htmlentities($WEB_ROOT.$new_location).'/<br>';
+	}elseif ( !file_exists($filename) ){
+		$message .= $EX.' <b>'.$msg1.' Error - Source file does not exist:</b><br>';
+		$message .= htmlentities($filename);
 	}elseif (file_exists($new_name)) {
 		$message .= $EX.' <b>'.$msg1.' Error - target filename already exists:<br>';
-		$message .= ''.htmlentities($WEB_ROOT.$new_name).'</b>';
+		$message .= htmlentities($WEB_ROOT.$new_name).'</b>';
 	}elseif ($action($old_name, $new_name)) {
 		$message .= '<b>'.htmlentities($WEB_ROOT.$old_name).'</b><br>';
-		$message .= ' --- Successfully '.$msg2.' to ---<br>';
+		$message .= ' --- '.$msg2.' to ---<br>';
 		$message .= '<b>'.htmlentities($WEB_ROOT.$new_name).'</b>';
 		$filename = $new_name; //so edit page knows what to edit
 		if ($isfile) { $ipath = Check_path(dirname($filename)); } //if changed,
@@ -951,7 +966,8 @@ function Delete_File_Page() { //************************************************
 		<p class="sure"><b>Are you sure?</b></p>
 		<?php Cancel_Submit_Buttons("DELETE", "cancel"); ?>
 	</form>
-<?php } //end Delete_File_Page() ***********************************************
+<?php 
+} //end Delete_File_Page() *****************************************************
 
 
 
@@ -963,7 +979,7 @@ function Delete_File_response(){ //*********************************************
 	$filename = htmlspecialchars_decode($_POST["delete_file"]);
 
 	if (unlink($filename)) {
-		$message .= 'Deleted file: <b>'.htmlentities(basename($filename)).'</b>';
+		$message .= '<b>Deleted file:</b> '.htmlentities(basename($filename));
 	}else{
 		$message .= $EX.' <b>Error deleting "'.htmlentities($filename).'"</b>.';
 		$page = "edit";
@@ -974,48 +990,50 @@ function Delete_File_response(){ //*********************************************
 
 
 function New_Folder_Page() { //*************************************************
-	global $FORM_COMMON;
+	global $FORM_COMMON, $INVALID_CHARS;
 ?>
 	<h2>New Folder</h2>
 	<?php echo $FORM_COMMON ?>
+		<p>Folder will be created in the current folder. &nbsp;
+		Some invalid characters are: <span class="mono"><?php echo htmlentities($INVALID_CHARS) ?></span></p>
 		<input type="text" name="new_folder" id="new_folder" value="">
 		<?php Cancel_Submit_Buttons("Create","new_folder"); ?>
 	</form>
-<?php } // end New_Folder_Page() ***********************************************
+<?php 
+} //end New_Folder_Page() ******************************************************
 
 
 
 
 function New_Folder_response(){ //**********************************************
-	global $message, $EX, $ipath, $param1, $page;
+	global $ipath, $param1, $page, $message, $EX, $INVALID_CHARS, $INVALID_CHARS_array;
 
-	$page = "index"; //Return to index
-	$new_name = trim($_POST["new_folder"],'/ ');
-	$invalid_characters = '< > ? * : " | / \\';
-	$invalid_char_array = explode(' ', $invalid_characters);
-	foreach ($invalid_char_array as $bad_char) {
+	$new_name = trim($_POST["new_folder"],'/ '); //Trim spaces, and make sure only has a single trailing slash.
+
+	foreach ($INVALID_CHARS_array as $bad_char) {
 		if (strpos($new_name, $bad_char) !== false) { $invalid = true; }
 	}
+	$page = "index"; //Return to index
 
-	 //Trim spaces, and make sure only has a single trailing slash.
-	$new_folder = $ipath.trim($_POST["new_folder"],"/ ").'/';
+	$new_ipath = $ipath.$new_name.'/';
 
 	if ($invalid){
-		$message .= $EX.' <b>Error-</b> new name may not contain invalid character(s): <b>'.htmlentities($invalid_characters).'</b><br>';
-		$message .= '<b>'.htmlentities($new_name).'<b>';
-	}elseif ($_POST["new_folder"] == ""){ 
-		$message .= $EX.' <b>New folder not created - no name given... </b>';
-	}elseif (is_dir($new_folder)) {
+		$message .= $EX.' <b>New folder not created:</b> '.htmlentities($new_name).'<br>'.
+			'<b> &nbsp; &nbsp; &nbsp; Name contains invalid character(s): '.
+			'<span class="mono">'.htmlentities($INVALID_CHARS).'</span></b>';
+	}elseif ($new_name == ""){ 
+		$message .= $EX.' <b>New folder not created - no name given.</b>';
+	}elseif (is_dir($new_ipath)) {
 		$message .= $EX.' <b>Folder already exists: ';
-		$message .= htmlentities($new_folder).'</b>';
-	}elseif (mkdir($new_folder)) {
-		$message .= 'Created folder: <b>'.htmlentities(basename($new_folder)).'</b>';
-		$ipath  = $new_folder;  //return to new folder
-		$param1 = '?i='.URLencode_path($ipath);
+		$message .= htmlentities($new_ipath).'</b>';
+	}elseif (mkdir($new_ipath)) {
+
+		$message .= '<b>Created folder:</b> '.htmlentities($new_name);
+		$ipath    = $new_ipath;  //return to new folder
+		$param1   = '?i='.URLencode_path($ipath);
 	}else{
-		$message .= $EX.' <b>Error- new folder not created: </b><br>';
-		$message .= htmlentities($WEB_ROOT.dirname($new_folder)).'/<b>'.htmlentities(basename($new_folder)).'/</b><br>';
-		if ( !is_dir(dirname($new_folder)) ) { $message .= '&nbsp; <b>Parent folder must already exist.</b>';}
+		$message .= $EX.' <b>Error - new folder not created: </b><br>';
+		$message .= htmlentities($new_name);
 	}
 }//end New_Folder_response *****************************************************
 
@@ -1028,12 +1046,13 @@ function Delete_Folder_Page(){ //***********************************************
 	<h2>Delete Folder</h2>
 	<?php echo $FORM_COMMON ?>
 		<input type="hidden" name="delete_folder" value="<?php echo htmlspecialchars($ipath); ?>" >
-		<span class="web_root"><?php echo htmlentities($WEB_ROOT.Check_path(dirname($ipath))); ?></span>
-		<span class="verify"><?php echo htmlentities(basename($ipath)); ?></span> /
+		<span class="web_root"><?php echo htmlentities($WEB_ROOT.Check_path(dirname($ipath))); ?></span><span 
+		class="verify"><?php echo htmlentities(basename($ipath)); ?></span> /
 		<p class="sure"><b>Are you sure?</b></p>
 		<?php Cancel_Submit_Buttons("DELETE", "cancel"); ?>
 	</form>
-<?php } //end Delete_Folder_Page() //*******************************************
+<?php 
+} //end Delete_Folder_Page() //*************************************************
 
 
 
@@ -1045,8 +1064,9 @@ function Delete_Folder_response() { //******************************************
 
 	if ( !is_empty($ipath) ) {
 		$message .= $EX.' <b>Folder not empty. &nbsp; Folders must be empty before they can be deleted.</b>';
+		$page = "index";
 	}elseif (@rmdir($foldername)) {
-		$message .= 'Deleted folder: <b>'.htmlentities(basename($foldername)).'</b>';
+		$message .= '<b>Deleted folder:</b> '.htmlentities(basename($foldername));
 		$ipath  = Check_path($foldername); //Return to parent dir.
 		$param1 = '?i='.URLencode_path($ipath);
 	}else {
@@ -1365,9 +1385,9 @@ function style_sheet(){ //****************************************************?>
 	background: #fff000;
 	}
 
-#message span { float: right; }
+#message #Xbox { float: right; }
 
-#message #dismiss { padding: 5px 4px 5px 4px; border-right: none; } /*TRBL */ /*font-family: Courier; font-size: 1.2em;*/
+#message #dismiss { padding: 5px 4px 5px 4px; border-right: none; } /*TRBL*/ /*font-family: Courier; font-size: 1.2em;*/
 
 
 /* --- INDEX directory listing, table format --- */
@@ -1601,6 +1621,7 @@ function style_sheet(){ //****************************************************?>
 
 .icon {float: left; margin: 0 .3em 0 0;}
 
+.mono {font-family: courier;}
 </style>
 <?php }//end style_sheet() *****************************************************
 
@@ -1623,7 +1644,6 @@ function style_sheet(){ //****************************************************?>
 <?php if ( ($page == "index") || ($page == "edit") ) { Time_Stamp_scripts(); } ?>
 
 </head>
-
 <body>
 
 <?php

From 6217a6d8d38e514d7593d2ae55253ca6a8fff6ed Mon Sep 17 00:00:00 2001
From: Self-Evident <selfevidenttruths@mail.com>
Date: Tue, 5 Jun 2012 17:19:44 -0400
Subject: [PATCH 073/228] Version 3.1.7 Made (almost) rest of code functions:
 session startup, get params, etc.. Moved all logic to just ahead of <html>
 Copy_Ren_Move_Page(): Tweaked spacing on rendered page Due to various
 filename style considerations, simplified ordinalize():    now returns: 
 somefile.ext.001    indstead of:  somefile.001.ext

---
 onefilecms.php | 354 +++++++++++++++++++++++++------------------------
 1 file changed, 182 insertions(+), 172 deletions(-)

diff --git a/onefilecms.php b/onefilecms.php
index a4c367e..de9c30b 100755
--- a/onefilecms.php
+++ b/onefilecms.php
@@ -1,7 +1,7 @@
 <?php
 // OneFileCMS - github.com/Self-Evident/OneFileCMS
 
-$version = '3.1.6'; //2012-06-04
+$version = '3.1.7';
 
 /*******************************************************************************
 Copyright � 2009-2012 https://github.com/rocktronica
@@ -46,7 +46,7 @@
 $MAX_VIEW_SIZE = 1000000; //If file > $MAX_EDIT_SIZE, don't even view in OneFileCMS.
                           // The max view size is completely arbitray. It was 2am and seemed like a good idea at the time.
 $config_favicon   = "/favicon.ico";
-$config_excluded  = ""; //files to exclude from directory listings- CaSe sensaTive!
+$config_excluded  = ""; //files to exclude from directory listings- CaSe sEnsaTive!
 
 $config_etypes = "html,htm,xhtml,php,css,js,txt,text,cfg,conf,ini,csv,svg"; //Editable file types.
 $config_itypes = "jpg,gif,png,bmp,ico"; //image types to display on edit page.
@@ -60,34 +60,80 @@
 
 
 //******************************************************************************
-session_start();  $SID = session_id();
+//Some global values
 
-if ( isset($_POST["username"]) || isset($_POST["password"]) ) {
-	$_SESSION['username'] = $_POST["username"];
-	$_SESSION['password'] = $_POST["password"];
+$ONESCRIPT = URLencode_path($_SERVER["SCRIPT_NAME"]);
+$DOC_ROOT  = $_SERVER["DOCUMENT_ROOT"].'/';
+$WEB_ROOT  = URLencode_path(basename($DOC_ROOT)).'/';
+$WEBSITE   = $_SERVER["HTTP_HOST"].'/';
 
-	if (($_POST["username"] != $config_username) || ($_POST["password"] != $config_password))
-		{ $message = $EX.' <b>INVALID LOGIN ATTEMPT</b>'; }
-}
+//Make arrays out of a few $config_variables for actual use later.
+//Also, remove spaces and make lowercase.
+$etypes   = explode(',', strtolower(str_replace(' ', '', $config_etypes))); //editable file types
+$itypes   = explode(',', strtolower(str_replace(' ', '', $config_itypes))); //images types to display
+$ftypes   = explode(',', strtolower(str_replace(' ', '', $config_ftypes))); //file types with icons
+$fclasses = explode(',', strtolower(str_replace(' ', '', $config_fclass))); //for file types with icons
+$excluded_list = (explode(",", $config_excluded));
+
+
+$valid_pages = array("login","logout","index","edit","upload","newfile","copy","rename","delete","newfolder","renamefolder","deletefolder" );
+
+$INVALID_CHARS = '< > ? * : " | / \\'; //Illegal characters for file/folder names. (Space deliminated)
+$INVALID_CHARS_array = explode(' ', $INVALID_CHARS);
+//******************************************************************************
 
-if (($_SESSION['username'] == $config_username) and ( $_SESSION['password'] == $config_password ))
-     { $_SESSION['valid'] = "1"; $page = "index"; }
-else { $_SESSION['valid'] = "0"; $page = "login"; unset($_GET["p"]); session_destroy() ;}
 
 
-$VALID_POST = ($_SESSION['valid'] == "1" && $_POST["sessionid"] == session_id());
 
+function Session_Startup() {//**************************************************
+	global $config_username, $config_password, $message , $page, $VALID_POST;
 
-chdir($_SERVER["DOCUMENT_ROOT"]); //Allow OneFileCMS.php to be started from any dir on the site.
-//End session startup***********************************************************
+	session_start();
 
+	if ( isset($_POST["username"]) || isset($_POST["password"]) ) {
+		$_SESSION['username'] = $_POST["username"];
+		$_SESSION['password'] = $_POST["password"];
 
+		if (($_POST["username"] != $config_username) || ($_POST["password"] != $config_password))
+			{ $message = $EX.' <b>INVALID LOGIN ATTEMPT</b>'; }
+	}
 
+	if (($_SESSION['username'] == $config_username) and ( $_SESSION['password'] == $config_password ))
+		 { $_SESSION['valid'] = "1"; $page = "index"; }
+	else { $_SESSION['valid'] = "0"; $page = "login"; unset($_GET["p"]); session_destroy() ;}
+
+
+	$VALID_POST = ($_SESSION['valid'] == "1" && $_POST["sessionid"] == session_id());
+
+
+	chdir($_SERVER["DOCUMENT_ROOT"]); //Allow OneFileCMS.php to be started from any dir on the site.
+}//End Session_Startup() *******************************************************
+
+
+
+
+function Get_GET() { //*** Get main parameters *********************************
+	// i=some/path/,  f=somefile.xyz,  p=somepage
+	global $ipath, $filename, $page, $param1, $message, $EX;
+
+	if (isset($_GET["i"])) { $ipath = Check_path($_GET["i"]); }else{ $ipath = ""; }
+
+	if (isset($_GET["f"])) {
+		$filename = $ipath.$_GET["f"];
+		if ( !is_file($filename) && $_SESSION['valid'] )//Don't set $message for login page.
+			{ $message .= $EX.' <b>File does not exist:</b> '.htmlentities($filename).'<br>'; }
+		if ( !is_file($filename) ) { $filename = ""; $page = "index"; }
+	}else{ $filename = ""; }
+
+	if (isset($_GET["p"])) { $page = $_GET["p"]; } // default $page set in session startup
+
+	$param1 = '?i='.URLencode_path($ipath);
+}//end Get_GET()****************************************************************
 
-//******************************************************************************
-// A couple functions needed early
 
-function URLencode_path($path){ // don't encode the forward slashes
+
+
+function URLencode_path($path){ // don't encode the forward slashes ************
 	$TS = '';
 	if (substr($path, -1) == '/' ) { $TS = '/'; } //start with a trailing slash?
 	$path_array = explode('/',$path);
@@ -95,11 +141,11 @@ function URLencode_path($path){ // don't encode the forward slashes
 	foreach ($path_array as $level) { $path .= rawurlencode($level).'/'; }
 	$path = rtrim($path,'/').$TS;  //end with trailing slash only if started with one
 	return $path;
-}//end URLencode_path($path)
+}//end URLencode_path($path) ***************************************************
+
 
 
 
-//*** Clean up & check a path **********
 function Check_path($path) { // returns first valid path in some/supplied/path/
 	global $message, $EX;
 	$invalidpath = $path; //used for message if supplied $path doesn't exist.
@@ -130,94 +176,25 @@ function Check_path($path) { // returns first valid path in some/supplied/path/
 	}
 
 	return $path; 
-}//end Check_path() ********************
-//end a couple functions needed early ******************************************
-
-
-
-
-//******************************************************************************
-//Some global values & $_GET parameters
-//
-$ONESCRIPT = URLencode_path($_SERVER["SCRIPT_NAME"]);
-$DOC_ROOT  = $_SERVER["DOCUMENT_ROOT"].'/';
-$WEB_ROOT  = URLencode_path(basename($DOC_ROOT)).'/';
-$WEBSITE   = $_SERVER["HTTP_HOST"].'/';
-
-//Make arrays out of a few $config_variables for actual use later.
-//Also, remove spaces and make lowercase.
-$etypes   = explode(',', strtolower(str_replace(' ', '', $config_etypes))); //editable file types
-$itypes   = explode(',', strtolower(str_replace(' ', '', $config_itypes))); //images types to display
-$ftypes   = explode(',', strtolower(str_replace(' ', '', $config_ftypes))); //file types with icons
-$fclasses = explode(',', strtolower(str_replace(' ', '', $config_fclass))); //for file types with icons
-$excluded_list = (explode(",", $config_excluded));
-
-
-$valid_pages = array("login","logout","index","edit","upload","newfile","copy","rename","delete","newfolder","renamefolder","deletefolder" );
-
-$INVALID_CHARS = '< > ? * : " | / \\'; //Illegal characters for file/folder names. (Space deliminated)
-$INVALID_CHARS_array = explode(' ', $INVALID_CHARS);
-
-//*** Get main parameters: i=some/path/,  f=somefile.xyz,  p=somepage
-	if (isset($_GET["i"])) { $ipath = Check_path($_GET["i"]); }else{ $ipath = ""; }
-
-	if (isset($_GET["f"])) {
-		$filename = $ipath.$_GET["f"];
-		if ( !is_file($filename) && $_SESSION['valid'] )//Don't set $message for login page.
-			{ $message .= $EX.' <b>File does not exist:</b> '.htmlentities($filename).'<br>'; }
-		if ( !is_file($filename) ) { $filename = ""; $page = "index"; }
-	}else{ $filename = ""; }
-
-	if (isset($_GET["p"])) { $page = $_GET["p"]; } // default $page set in session startup
-
-	$param1 = '?i='.URLencode_path($ipath);
-//******************************************************************************
-
+}//end Check_path() ************************************************************
 
 
 
-//*** Verify valid $page *******************************************************
 
-if ($page != "") {
-	if (!in_array(strtolower($page), $valid_pages)) {
-		header("Location: ".$ONESCRIPT); // redirect on invalid page attempts
-		$page = "index";
-	}
-}
-
-
-//Don't load login screen if already in a valid session 
-if ( ($page == "login") and ($_SESSION['valid']) ) { $page = "index"; }
-
-
-if ( ($page == "deletefolder") && !is_empty($ipath) ) {
-	$message = $EX.' <b>Folder not empty. &nbsp; Folders must be empty before they can be deleted.</b>';
-	$page = "index";
-}
-
-
-if ( $page == "edit" && !is_file($filename) ) { $page = "index"; }
-//******************************************************************************
-
-
-
-
-//******************************************************************************
-// Misc Functions
-
-
-function is_empty($path){ //********************************
+function is_empty($path){ //****************************************************
 	$empty = false;
 	$dh = opendir($path);
 	for($i = 3; $i; $i--) { $empty = (readdir($dh) === FALSE); }
 	closedir($dh);
 	return $empty;
-}//end is_emtpy() //****************************************
+}//end is_emtpy() //************************************************************
+
 
 
 
-//if file_exists(), ordinalize filename until it doesn't ***
-function ordinalize($destination,$filename, &$msg) {
+function ordinalize($destination,$filename, &$msg) { //*************************
+//if file_exists(file.txt), ordinalize filename until it doesn't
+//ie: file.txt.001,  file.txt.002, file.txt.003  etc...
 	global $EX;
 
 	$ordinal   = 0;
@@ -226,21 +203,20 @@ function ordinalize($destination,$filename, &$msg) {
 	if (file_exists($savefile)) {
 
 		$msg .= $EX.' A file with that name already exists in the target directory.<br>';
-		$savefile_info = pathinfo($savefile);
 
 		while (file_exists($savefile)) {
 			$ordinal = sprintf("%03d", ++$ordinal); //  001, 002, 003, etc...
-			$newfilename = $savefile_info['filename'].'.'.$ordinal.'.'.$savefile_info['extension'];
-			$savefile = $destination.$newfilename;
+			$savefile = $destination.$filename.'.'.$ordinal;
 		}
-		$msg .= 'Saving as: "<b>'.htmlentities($newfilename).'</b>"';
+		$msg .= 'Saving as: "<b>'.htmlentities(basename($savefile)).'</b>"';
 	}
 	return $savefile;
-}//end ordinalize() filename *******************************
+}//end ordinalize() filename ***************************************************
 
 
 
-function Current_Path_Header(){ //**************************
+
+function Current_Path_Header(){ //**********************************************
  	// Current path. ie: webroot/current/path/ 
 	// Each level is a link to that level.
 
@@ -262,17 +238,18 @@ function Current_Path_Header(){ //**************************
 			}
 		}//end if (not at root)
 	echo '</h2>';
-}//end Current_Path_Header() //*****************************
+}//end Current_Path_Header() //*************************************************
+
 
 
 
-function message_box() { //*********************************
+function message_box() { //*****************************************************
 	global $ONESCRIPT, $message, $page;
 
 	if (isset($message)) {
 ?>
 		<div id="message"><p>
-		<span id="Xbox"><!-- [X] to dismiss message box -->	
+		<span id="Xbox"><!-- [X] to dismiss message box -->
 			<a id="dismiss" href='<?php echo $ONESCRIPT.$param1; ?>'
  			onclick='document.getElementById("message").innerHTML = " ";return false;'>
 			[X]</a>
@@ -287,11 +264,12 @@ function message_box() { //*********************************
 	
 	// Used on Edit Page to preserve vertical spacing, so edit area doesn't jump as much.
 	if ($page == "edit") {echo '<style>#message { min-height: 1.8em; }</style>';}
-}//end message_box()  **************************************
+}//end message_box()  **********************************************************
+
 
 
 
-function Upload_New_Rename_Delete_Links() { //**************
+function Upload_New_Rename_Delete_Links() { //**********************************
 	global $ONESCRIPT, $ipath, $param1;
 	echo '<p class="front_links">';
 	echo '<a href="'.$ONESCRIPT.$param1.'&amp;p=upload">'   ; svg_icon_upload()    ; echo 'Upload File</a>';
@@ -302,20 +280,22 @@ function Upload_New_Rename_Delete_Links() { //**************
 		echo '<a href="'.$ONESCRIPT.$param1.'&amp;p=deletefolder">'; svg_icon_folder_del();   echo 'Delete Folder</a>';
 	}
 	echo '</p>';
-}//end Upload_New_Rename_Delete_Links()  *******************
+}//end Upload_New_Rename_Delete_Links()  ***************************************
 
 
 
-function Close_Button($classes) { //************************
+
+function Close_Button($classes) { //********************************************
 	global $ONESCRIPT, $ipath, $param1;
 	echo '<input type="button" class="button '.$classes.'" name="close" value="Close" onclick="parent.location=\'';
 	echo $ONESCRIPT.$param1.'\'">';
 	?><script>document.edit_form.elements[1].focus();</script><?php // focus on [Close]
-}// End Close_Button() //***********************************
+}// End Close_Button() //*******************************************************
+
 
 
 
-function Cancel_Submit_Buttons($submit_label, $focus) { //**
+function Cancel_Submit_Buttons($submit_label, $focus) { //**********************
 	//$submit_label = Rename, Copy, Delete, etc...
 	//$focus is ID of element to receive focus(). (element may be outside this function)
 	global $ONESCRIPT, $ipath, $param1, $filename, $page;
@@ -331,11 +311,12 @@ function Cancel_Submit_Buttons($submit_label, $focus) { //**
 <?php
 	if ($focus != ""){ echo '<script>document.getElementById("'.$focus.'").focus();</script>'; }
 
-}// End Cancel_Submit_Buttons() //**************************
+}// End Cancel_Submit_Buttons() //**********************************************
+
 
 
 
-function show_image(){ //***********************************
+function show_image(){ //*******************************************************
 	global $filename, $MAX_IMG_W, $MAX_IMG_H;
 	
 	$IMG = $filename;
@@ -358,25 +339,27 @@ function show_image(){ //***********************************
 	echo '<div style="clear:both;"></div>';
 	echo '<a href="/' .URLencode_path($IMG). '">';
 	echo '<img src="/'.urlencode_path($IMG).'"  height="'.$img_info[$H]*$SCALE.'"></a>';
-}// end show_image() ***************************************
+}// end show_image() ***********************************************************
 
 
 
-function show_favicon(){
+
+function show_favicon(){ //*****************************************************
 	global $config_favicon, $DOC_ROOT;
 	if (file_exists($DOC_ROOT.$config_favicon)) { 
 		echo '<img src="'.URLencode_path($config_favicon).'" alt="">'; 
 	}
-}// end show_favicon()
+}// end show_favicon() *********************************************************
+
 
-//
-// End of misc functions ********************************************************
 
 
+function Init_Macros(){ //*** ($varibale="some reusable chunk of code")*********
 
+global 	$ONESCRIPT, $param1, $INPUT_SESSIONID, $FORM_COMMON, 
+		$SVG_icon_circle_plus, $SVG_icon_circle_x, $SVG_icon_pencil, $SVG_icon_img_0;
 
-//A few macros ($varibale="some reusable chunk of code")************************
-$INPUT_SESSIONID = '<input type="hidden" name="sessionid" value="'.$SID.'">'.PHP_EOL;
+$INPUT_SESSIONID = '<input type="hidden" name="sessionid" value="'.session_id().'">'.PHP_EOL;
 $FORM_COMMON = '<form method="post" action="'.$ONESCRIPT.$param1.'">'.$INPUT_SESSIONID;
 
 $SVG_icon_circle_plus = '<circle cx="5" cy="5" r="5" stroke="black" stroke-width="0" fill="#080"/>
@@ -397,7 +380,7 @@ function show_favicon(){
 	<rect x="2"    y="2"   width="5"  height="5"  fill="#F66" stroke-width="0" />
 	<rect x="7.5"  y="6"   width="5"  height="5"  fill="#6F6" stroke-width="0" />
 	<rect x="2"    y="10"  width="5"  height="5"  fill="#66F" stroke-width="0" />';
-//******************************************************************************
+}//end Init_Macros() ***********************************************************
 
 
 
@@ -501,7 +484,7 @@ function svg_icon_folder_0($extra){ //******************************************
 			fill="transparent" stroke="white" stroke-width="1" />
 	<?php echo $extra ?>
 </svg><?php 
-} //end svg_icon_folder() ******************************************************
+} //end svg_icon_folder_0() ****************************************************
 
 
 
@@ -566,7 +549,7 @@ function Login_Page() { //******************************************************
 		<input type="submit" class="button" value="Enter">
 	</form>
 	<script>document.getElementById('username').focus();</script>
-<?php
+<?php 
 } //end Login_Page() ***********************************************************
 
 
@@ -864,7 +847,7 @@ function New_File_response() { //***********************************************
 	foreach ($INVALID_CHARS_array as $bad_char) {
 		if (strpos($new_name, $bad_char) !== false) { $invalid = true; }
 	}
-
+
 	if ($invalid){
 		$message .= $EX.' <b>New file not created:</b> '.htmlentities($new_name).'<br>'.
 			'<b> &nbsp; &nbsp; &nbsp; Name contains invalid character(s): '.
@@ -900,14 +883,13 @@ function Copy_Ren_Move_Page($action, $title, $name_id, $isfile) { //******
 	<?php echo $FORM_COMMON ?>
 		<p>
 			<label>Old name:</label>
-			<span class="web_root"><?php echo htmlentities($WEB_ROOT); ?></span>
-			<input type="text" name="old_name" 
-				value="<?php echo htmlspecialchars($old_name); ?>" readonly="readonly">
+			<span class="web_root"><?php echo htmlentities($WEB_ROOT); ?></span><input type="text" 
+				name="old_name" value="<?php echo htmlspecialchars($old_name); ?>" readonly="readonly">
 		</p>
 		<p>
 			<label>New name:</label>
-			<span class="web_root"><?php echo htmlentities($WEB_ROOT); ?></span>
-			<input type="text" name="<?php echo $name_id ?>" id="<?php echo $name_id ?>" 	
+			<span class="web_root"><?php echo htmlentities($WEB_ROOT); ?></span><input type="text" 
+				name="<?php echo $name_id ?>" id="<?php echo $name_id ?>" 
 				value="<?php echo htmlspecialchars($new_name); ?>">
 		</p>
 		<?php Cancel_Submit_Buttons($action, $name_id); ?>
@@ -933,7 +915,7 @@ function Copy_Ren_Move_response($old_name, $new_name, $action, $msg1, $msg2, $is
 		$message .= $EX.' <b>'.$msg1.' Error - new parent location does not exist:</b><br>';
 		$message .= htmlentities($WEB_ROOT.$new_location).'/<br>';
 	}elseif ( !file_exists($filename) ){
-		$message .= $EX.' <b>'.$msg1.' Error - Source file does not exist:</b><br>';
+		$message .= $EX.' <b>'.$msg1.' Error - source file does not exist:</b><br>';
 		$message .= htmlentities($filename);
 	}elseif (file_exists($new_name)) {
 		$message .= $EX.' <b>'.$msg1.' Error - target filename already exists:<br>';
@@ -1077,45 +1059,21 @@ function Delete_Folder_response() { //******************************************
 
 
 
-//Logout ***********************************************************************
-if ($page == "logout") {
-	$page = "login";
-	$_SESSION['valid'] = "0";
-	session_destroy();
-	$message = 'You have successfully logged out.';
-}//*****************************************************************************
-
+function Page_Title(){ //***<title>Page_Title()</title>*************************
+	global $page;
 
-
-
-if ($VALID_POST) { //***********************************************************
-	if (isset($_FILES['upload_file']['name'])) { Upload_File_response(); }
-	if (isset($_POST["filename"]     )) { Edit_Page_response(); }
-	if (isset($_POST["new_file"]     )) { New_File_response(); }
-	if (isset($_POST["copy_file"]    )) { Copy_Ren_Move_response($_POST[ "old_name"], $_POST["copy_file"], 'copy', 'Copy', 'Copied', 1); } 
-	if (isset($_POST["rename_file"]  )) { Copy_Ren_Move_response($_POST[ "old_name"], $_POST["rename_file"], 'rename', 'Rename/Move', 'Renamed/Moved', 1); } 
-	if (isset($_POST["delete_file"]  )) { Delete_File_response(); }
-	if (isset($_POST["new_folder"]   )) { New_Folder_response(); }
-	if (isset($_POST["rename_folder"])) { Copy_Ren_Move_response($_POST[ "old_name"], $_POST["rename_folder"], 'rename', 'Rename/Move', 'Renamed/Moved', 0); } 
-	if (isset($_POST["delete_folder"])) { Delete_Folder_response(); }
-}//end if ($VALID_POST) ********************************************************
-
-
-
-
-//<title>$pagetitle</title>*****************************************************
-if     ($page == "login")        { $pagetitle = "Log In";         }
-elseif ($page == "edit")         { $pagetitle = "Edit/View File"; }
-elseif ($page == "upload")       { $pagetitle = "Upload File";    }
-elseif ($page == "newfile")      { $pagetitle = "New File";       }
-elseif ($page == "copy" )        { $pagetitle = "Copy";           }
-elseif ($page == "rename")       { $pagetitle = "Rename File";    }
-elseif ($page == "delete")       { $pagetitle = "Delete";         }
-elseif ($page == "newfolder")    { $pagetitle = "New Folder";     }
-elseif ($page == "renamefolder") { $pagetitle = "Rename Folder";  }
-elseif ($page == "deletefolder") { $pagetitle = "Delete Folder";  }
-else                             { $pagetitle = $_SERVER['SERVER_NAME']; }
-//******************************************************************************
+	if     ($page == "login")        { return "Log In";         }
+	elseif ($page == "edit")         { return "Edit/View File"; }
+	elseif ($page == "upload")       { return "Upload File";    }
+	elseif ($page == "newfile")      { return "New File";       }
+	elseif ($page == "copy" )        { return "Copy";           }
+	elseif ($page == "rename")       { return "Rename File";    }
+	elseif ($page == "delete")       { return "Delete";         }
+	elseif ($page == "newfolder")    { return "New Folder";     }
+	elseif ($page == "renamefolder") { return "Rename Folder";  }
+	elseif ($page == "deletefolder") { return "Delete Folder";  }
+	else                             { return $_SERVER['SERVER_NAME']; }
+}//end Page_Title() ************************************************************
 
 
 
@@ -1491,17 +1449,19 @@ function style_sheet(){ //****************************************************?>
 	height: 30em;
 	}
 
+textarea:focus { border: 1px solid #Faa; }
+
 .edit_disabled { 
 	border : 1px solid #807568;
 	width  : 99%;
 	padding: .2em;
 	margin : 0;
 	color: #444;
-	background-color: #F8F8F8;
+	background-color: #F0F0F0;
 	line-height: 1.4em;
 	}
 
-textarea:focus { border: 1px solid #Faa; }
+.view_file {font-family: courier; font-size: .9em; background-color: #F8F8F8;}
 
 
 input:focus { background-color: rgb(255,250,150); }
@@ -1517,7 +1477,6 @@ function style_sheet(){ //****************************************************?>
 .buttons_right         { float: right; }
 .buttons_right .button { margin-left: 7px; }
 
-
 .button {
 	border : 1px solid #807568;
 	padding: 4px 10px;
@@ -1628,6 +1587,56 @@ function style_sheet(){ //****************************************************?>
 
 
 
+//******************************************************************************
+//******************************************************************************
+//Begin logic to determine page action
+
+
+Session_Startup(); //***********************************************************
+
+Get_GET();         //***********************************************************
+
+Init_Macros();     //***********************************************************
+
+
+
+
+if ($VALID_POST) { //***********************************************************
+	if     (isset($_FILES['upload_file']['name'])) { Upload_File_response(); }
+	elseif (isset($_POST["filename"]     )) { Edit_Page_response(); }
+	elseif (isset($_POST["new_file"]     )) { New_File_response(); }
+	elseif (isset($_POST["copy_file"]    )) { Copy_Ren_Move_response($_POST[ "old_name"], $_POST["copy_file"], 'copy', 'Copy', 'Copied', 1); } 
+	elseif (isset($_POST["rename_file"]  )) { Copy_Ren_Move_response($_POST[ "old_name"], $_POST["rename_file"], 'rename', 'Rename/Move', 'Renamed/Moved', 1); } 
+	elseif (isset($_POST["delete_file"]  )) { Delete_File_response(); }
+	elseif (isset($_POST["new_folder"]   )) { New_Folder_response(); }
+	elseif (isset($_POST["rename_folder"])) { Copy_Ren_Move_response($_POST[ "old_name"], $_POST["rename_folder"], 'rename', 'Rename/Move', 'Renamed/Moved', 0); } 
+	elseif (isset($_POST["delete_folder"])) { Delete_Folder_response(); }
+}//end if ($VALID_POST) ********************************************************
+
+
+
+
+//*** Verify valid $page and/or $filename **************************************
+
+if (!in_array(strtolower($page), $valid_pages)) { $page = "index"; }
+
+//Don't load login screen if already in a valid session 
+if ( ($page == "login") and ($_SESSION['valid']) ) { $page = "index"; }
+
+if ( $page == "edit" && !is_file($filename) ) { $page = "index"; }
+
+if ($page == "logout") { $page = "login"; $_SESSION['valid'] = "0";	session_destroy();
+	$message = 'You have successfully logged out.'; }
+
+if ( ($page == "deletefolder") && !is_empty($ipath) ) { //Don't load delete page if can't delete.
+	$message = $EX.' <b>Folder not empty. &nbsp; Folders must be empty before they can be deleted.</b>';
+	$page = "index";
+}
+//******************************************************************************
+
+
+
+
 //******************************************************************************
 //******************************************************************************
 ?><!DOCTYPE html>
@@ -1635,7 +1644,8 @@ function style_sheet(){ //****************************************************?>
 <html>
 <head>
 
-<title><?php echo $config_title.' - '.$pagetitle ?></title>
+<title><?php echo $config_title.' - '.Page_Title() ?></title>
+
 <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
 <meta name="robots" content="noindex">
 

From 122218805fbdf5032ead8b8418b52e4b23c4e2c3 Mon Sep 17 00:00:00 2001
From: David <selfevidenttruths@mail.com>
Date: Tue, 5 Jun 2012 18:13:22 -0400
Subject: [PATCH 074/228] Version 3.1.7 Updated readme & added
 OneFileCMS_structure.txt

---
 OneFileCMS_structure.txt |  77 ++++++++++++++++
 readme.markdown          | 193 ++++++++++++++++-----------------------
 2 files changed, 156 insertions(+), 114 deletions(-)
 create mode 100755 OneFileCMS_structure.txt

diff --git a/OneFileCMS_structure.txt b/OneFileCMS_structure.txt
new file mode 100755
index 0000000..4d29e80
--- /dev/null
+++ b/OneFileCMS_structure.txt
@@ -0,0 +1,77 @@
+CONFIGURATION SECTION
+
+SOME STANDARD GLOBAL VARIABLES
+
+MISC FUNCTIONS:
+	Session_Startup()
+	Get_GET()
+	URLencode_path()
+	Check_path()
+	is_empty()
+	ordinalize()
+	Current_Path_Header()
+	message_box()
+	Upload_New_Rename_Delete_Links()
+	Close_Button()
+	Cancel_Submit_Buttons()
+	show_image()
+	show_favicon()
+	Init_Macros()
+
+SVG ICON FUNCTIONS:
+	svg_icon_bin()
+	svg_icon_img()
+	svg_icon_svg()
+	svg_icon_txt_0()
+	svg_icon_txt()
+	svg_icon_htm()
+	svg_icon_php()
+	svg_icon_css()
+	svg_icon_cfg()
+	svg_icon_upload()
+	svg_icon_file_new()
+	svg_icon_file_del()
+	svg_icon_folder_0()
+	svg_icon_folder()
+	svg_icon_folder_new()
+	svg_icon_folder_ren()
+	svg_icon_folder_del()
+	show_icon()
+
+PAGE & RESPONSE FUNCTIONS:
+	Login_Page()
+	list_files()
+	Index_Page()
+	Edit_Page_Buttons()
+	Edit_Page_form()
+	Edit_Page()
+	Edit_Page_response()
+	Upload_Page()
+	Upload_File_response()
+	New_File_Page()
+	New_File_response() 
+	Copy_Ren_Move_Page()
+	Copy_Ren_Move_response()
+	Delete_File_Page()
+	Delete_File_response()
+	New_Folder_Page()
+	New_Folder_response()
+	Delete_Folder_Page()
+	Delete_Folder_response() 
+	Page_Title()
+	Load_Selected_Page()
+
+JAVASCRIPT & STYLESHEET FUNCTIONS:
+	Time_Stamp_scripts() //Javascript functions
+	Edit_Page_scripts()  //Javascript functions
+	style_sheet()        //css
+	
+LOGIC TO DETERMINE PAGE ACTION
+	Call Session_Startup()
+	Call Get_GET()
+	Call Init_Macros()
+	If VALID_POST 
+		Do $_POST['someaction'] (<someaction>_response)
+	Validate $page to show
+	
+GENERATE ACTUAL <HTML>...
diff --git a/readme.markdown b/readme.markdown
index 7e51603..5bb7eb2 100755
--- a/readme.markdown
+++ b/readme.markdown
@@ -1,39 +1,13 @@
-### May 29, 2012
+### June 05, 2012
 
-# Current stable versions: 1.5, 2.0, & 3.1.5
+# Current stable versions: 1.5, "Lite" 2.1.7, 3.1.7
 
-- 3.1.1: "Full" version - uses svg icons
-- 2.0  : "Lite" version - uses no icons.
+- 3.0+ : "Full" version - uses svg icons
+- 2.0+ : "Lite" version - uses no icons.
 - 1.5  : style sheet is now part of onfilecms.php file, but still uses external icons.
 
 --------------------------------------------------------------------------------
 
-### April 30, 2012
-
-## NOTICE - SECURITY HOLE! (Fixed in version 1.2.1)
-
-## Versions affected
-
-- 1.1.7 thru 1.2.0
-
-## Versions *Un* affected / fixed
-
-- Version 1.1.6
-- Versions 1.2.1 and newer
-
-## Brief description:
-
-- No login required if a file and path is known.
-  EX:  http:// yourdomain.com/onefilecms.php?f=some/path/to/file.txt
-
-- File edit, rename, move, and copy work in this way, without login.
-
-## Cause
-
-- Me. I just noticed the problem.  Some edit after 1.1.6 introduced the hole.
-
---------------------------------------------------------------------------------
-
 # OneFileCMS
 
 ## Yes, that's exactly what it is!
@@ -47,11 +21,11 @@ Edit screen:
 
 OneFileCMS is just that. It's a flat, light, one file CMS (Content Management System) entirely contained in an easy-to-implement, highly customizable, database-less PHP script.
 
-Coupling a utilitarian code editor with all the basic necessities of an FTP application, OneFileCMS can maintain a whole website completely in-browser without any external programs.
+Coupling a utilitarian code editor with basic file managing functions, OneFileCMS can maintain a whole website completely in-browser without any external programs.
 
 ## Demo
 
-- Just download & try the current version - it's one file!
+- Just download & try the current stable version - it's one file!
 
 ## Features
  
@@ -71,46 +45,107 @@ Coupling a utilitarian code editor with all the basic necessities of an FTP appl
     $config_username = "username";
     $config_password = "password";
 
-3) Upload!
+3) Upload to anywhere on your site!
 
 Depending on how your web stack is set up, you may also have to modify the file permissions of your site's folders to allow OneFileCMS to modify and create files. ([More about that here.](http://catcode.com/teachmod/)) Make sure onefilecms.php and its parent folder are allowed to execute, with CHMOD at 755. Check with your host if you're not sure, and be aware of any inherent security concerns.
 
-You can also change the name of OneFileCMS.php to something else. _(Be careful making it a folder's default file: your server may get stuck in redirects.)_
+You can also change the file name of OneFileCMS.php to something else, such as "Admin.php" . _(Be careful making it a folder's default file: your server may get stuck in redirects.)_
 
 ## FAQ
 
 ### Where's the WYSIWYG? What about syntax highlighting?
 
-WYSWIWYG editors have been requested, but probably won’t become standard, as they’d bloat the system out and/or make it more than one file, sort of defeating the point of OneFileCMS. Plus, if you’re working in PHP or non-HTML code, they're generally more of a hindrance than anything else.
+WYSWIWYG editors have been requested, but probably won’t become standard, as they’d probably make it more than one file, sort of defeating the point of OneFileCMS. Plus, if you’re working in PHP or non-HTML code, they're can be more of a hindrance than an asset.
 
-Just because I don't want to do it, though, doesn't mean it's impossible.  Look for the Edit_Page() function. Its textarea can be modified to work with whatever editor you like. 
+However, just because I don't want to do it, doesn't mean it's impossible.  Look for the Edit_Page_form() function. Its textarea can be modified to work with whatever editor you like. 
 
 ### I found something that could be better. Can I suggest it to you?
 
-Yes, of course, you can!
+Yes, of course!
 
-I may not have the time/bandwidthinclination to implement every feature, but I'll do what I can. If it's urgent, contact me.
+I may not have the time/bandwidth/inclination to implement every feature, but I'll do what I can. If it's urgent, contact me.  
 
 Otherwise, try [forking the file and submitting your changes to me](https://github.com/blog/844-forking-with-the-edit-button).
 
-Everything's welcome!
-
-### This is basically just a file manager with a text editor. Why is it being a Content Management System?
+### This is basically just a file manager with a text editor. Why is it being called a Content Management System?
 
 Well, because "OneFileFileManagerTextEditor" just doesn't have the same ring to it...
 
 ### Multi-Language Support?
 
-Probably not.
+Probably not, as that would also most likely make it more than "OneFile".
 
 ### Can I have more than one username/password?
 
-The reason there isn't default support for multiple users is that all of their info will have to be stored together, more or less in plain text, at the top of onefilecms.php. Giving people different usernames and passwords then is sort of futile, since everyone who can log in can view onefilecms's source and config variables. (This answer kind of ignores MD5 hashes but is valid for most considerations.) 
+The reason there isn't default support for multiple users is that all of their info will have to be stored together, more or less in plain text, at the top of onefilecms.php. Giving people different usernames and passwords then is sort of futile, since everyone who can log in can view onefilecms's source and config variables.   
 
-## Change Log
+However, "it's on my to-do list!"...
+
+## Requirements
+
+- PHP 5.4  
+  (Older 5.x versions may work, but there will be issues editing files with back slashes, among other things.  See php docs on magic_quotes_gpc & stripslashes().)
+- File permission privileges on your host
+- Javascript enabled browswer
+- And, for OneFileCMS 3+, a browser that supports inline SVG.
 
+## Credit, License, Et Cetera
+
+Original concept and development by github.com/rocktronica
+
+Written in PHP, JavaScript, HTML, CSS, and SVG.
+
+Available under the MIT and BSD licenses.
+
+Icons for versions thru 1.1.6 by [famfamfam](http://www.famfamfam.com/).
+
+To report a bug or request a feature, please file an issue via Github. Forks encouraged!
+
+##Needed/potential/upcoming improvements
+
+- Connection is not encrypted (doesn't use SSL), so passwords & usernames are sent in clear text during login.
+- Be aware that only some very basic & rudimentary data & error checking is performed.  
+  On Windows, for instance, it's possible to create folders that are subsequently inaccessible and undeletable by Windows.  (Yea, I found out the hard way...)
+- With Chrome, and possibly Safari, issue with Edit page: Clicking browser [back] & then browser [forward],  with file changed and not saved. On return (after [forward] clicked), file still has changes, but indicators are green (saved/unchanged). Does not affect FF 7+ or IE 8+.
+- Multiple login names.
+- Anything else?
+
+--------------------------------------------------------------------------------
+
+### General layout/structure of OneFileCMS.php
+  
+CONFIGURATION SECTION  
+  
+SOME STANDARD GLOBAL VARIABLES  
+  
+SESSION & MISC FUNCTIONS  
+  
+SVG ICON FUNCTIONS  
+  
+PAGE & RESPONSE FUNCTIONS  
+    Index, Upload, New, Copy, Rename, etc...  
+  
+JAVASCRIPT & STYLESHEET FUNCTIONS  
+  
+LOGIC TO DETERMINE PAGE ACTION  
+    Call Session\_Startup()  
+    Call Get\_GET()  
+    Call Init\_Macros()  
+    If $VALID\_POST, do $\_POST['someaction']  
+    Validate which $page to show  
+  
+GENERATE THE PAGE  
+    &lt;HTML&gt;  
+  
+    ...  
+    Load_Selected_Page($page)  
+    ...  
+  
+    &lt;/HTML&gt;  
 
+--------------------------------------------------------------------------------
 
+## Change Log
 
 ### 3.1.2 thru 3.1.5
 
@@ -236,73 +271,3 @@ The reason there isn't default support for multiple users is that all of their i
 ### 1.0 (9/5/09)
 
 - Launch!
-
-## Requirements
-
-- PHP 5.4  
-  (Older 5.x versions may work, but there will be issues editing files with back slashes, among other things.  See php docs on magic_quotes_gpc & stripslashes().)
-- File permission privileges on your host
-- Javascript enabled browswer
-- And, for OneFileCMS 3+, a browser that supports inline SVG.
-
-## Credit, License, Et Cetera
-
-Original concept and development by github.com/rocktronica
-
-Written in PHP, JavaScript, HTML, CSS, and SVG.
-
-Available under the MIT and BSD licenses.
-
-Icons for versions thru 1.1.6 by [famfamfam](http://www.famfamfam.com/).
-
-To report a bug or request a feature, please file an issue via Github. Forks encouraged!
-
-##Needed/potential/upcoming improvements
-
-- Connection is not encrypted (doesn't use SSL), so passwords & usernames are sent in clear text during login.
-- Be aware that only some very basic & rudimentary data & error checking is performed.  
-  On Windows, for instance, it's possible to create folders that are subsequently inaccessible and undeletable by Windows.  (Yea, I found out the hard way...)
-- With Chrome, and possibly Safari, issue with Edit page: Clicking browser [back] & then browser [forward],  with file changed and not saved. On return (after [forward] clicked), file still has changes, but indicators are green (saved/unchanged). Does not affect FF 7+ or IE 8+.
-- Check size of file to upload, verify under max post/upload limits.
-- Multiple login names?
-
-
---------------------------------------------------------------------------------
-
-### General layout/structure of OneFileCMS.php
-  
-Configurable Info  
-Session start  
-A few functions needed early  
-A few global values.  
-Misc functions  
-A few macros (reusable chunks of code)  
-svg\_icons\_...() functions  
-Login\_Page() function  
-list\_files() function  
-Index\_Page() function  
-&lt;...page&gt;_Page() functions  
-&lt;...page&gt;_response() functions  
-&nbsp; &nbsp; Edit\_Page()...   
-&nbsp; &nbsp; Upload\_  
-&nbsp; &nbsp; New\_File\_  
-&nbsp; &nbsp; Copy_Ren_Move\_  
-&nbsp; &nbsp; Delete\_File\_  
-&nbsp; &nbsp; New\_Folder\_   
-&nbsp; &nbsp; Delete\_Folder\_  
-Invalid Login response  
-Logout response  
-If ($VALID\_POST), do \_response  
-Set page title  
-Verify valid $page  
-Load\_Selected\_Page() function  
-Time\_Stamp\_scripts() function  
-Edit\_Page\_script() function  
-style\_sheet() function  
-&lt;html&gt;  
-.  
-.. (head, body, etc...)  
-...  
-Load\_Selected\_Page()  
-...  
-&lt;/html&gt;  

From 7615c73626c4819255744124b3616c9fcdd50192 Mon Sep 17 00:00:00 2001
From: David <selfevidenttruths@mail.com>
Date: Fri, 8 Jun 2012 18:16:09 -0400
Subject: [PATCH 075/228] Version 3.1.8 Stopped using ENT_SUBSTITUTE on
 Edit_Page_form <textarea>, as only available since 5.4. Stopped using
 htmlspecialchars_decode on POST data in .._response() functions.  - Per PHP
 docs, not needed. On Edit_Page_response, switched from fwrite() to
 file_put_contents() Added function to deal with magic_quotes. Added a few
 PHP_EOL's to help read source during trouble shooting. Changed .edit_disabled
 b/g & font colors. Added check if specialchars returns an empty string due to
 invalid characters. Minorr typo in Copy_Ren_Mov_response() $message...

---
 OneFileCMS_structure.txt |   1 +
 onefilecms.php           | 131 ++++++++++++++++++++++++---------------
 readme.markdown          |  18 +++---
 3 files changed, 91 insertions(+), 59 deletions(-)

diff --git a/OneFileCMS_structure.txt b/OneFileCMS_structure.txt
index 4d29e80..a3f2b5f 100755
--- a/OneFileCMS_structure.txt
+++ b/OneFileCMS_structure.txt
@@ -4,6 +4,7 @@ SOME STANDARD GLOBAL VARIABLES
 
 MISC FUNCTIONS:
 	Session_Startup()
+	undo_magic_quotes()
 	Get_GET()
 	URLencode_path()
 	Check_path()
diff --git a/onefilecms.php b/onefilecms.php
index de9c30b..faeefe0 100755
--- a/onefilecms.php
+++ b/onefilecms.php
@@ -1,11 +1,11 @@
 <?php
 // OneFileCMS - github.com/Self-Evident/OneFileCMS
 
-$version = '3.1.7';
+$version = '3.1.8';
 
 /*******************************************************************************
-Copyright � 2009-2012 https://github.com/rocktronica
-Copyright � 2012-     https://github.com/Self-Evident  David W. Gay
+Copyright © 2009-2012 https://github.com/rocktronica
+Copyright © 2012-     https://github.com/Self-Evident  David W. Gay
 
 This software is copyright under terms of the "MIT" license:
 
@@ -30,7 +30,7 @@
 
 
 
-if( phpversion() < '5.0.0' ) { exit("OneFileCMS requires PHP5 to operate - and version 5.4 is recommended."); }
+if( phpversion() < '5.0.0' ) { exit("OneFileCMS requires PHP5 to operate. Tested on 5.3.3 & 5.4"); }
 
 
 
@@ -90,6 +90,8 @@ function Session_Startup() {//**************************************************
 
 	session_start();
 
+	undo_magic_quotes();
+
 	if ( isset($_POST["username"]) || isset($_POST["password"]) ) {
 		$_SESSION['username'] = $_POST["username"];
 		$_SESSION['password'] = $_POST["password"];
@@ -112,6 +114,23 @@ function Session_Startup() {//**************************************************
 
 
 
+function undo_magic_quotes(){ //************************************************
+
+	function strip_array($var) {
+		if (is_array($var)) {return array_map("strip_array", $var); }
+		else                {return stripslashes($var); }
+	} //Note: stripslashes also handles cases when magic_quotes_sybase is on.
+
+	if (get_magic_quotes_gpc()) {
+		$_GET     = strip_array($_GET);
+		$_POST    = strip_array($_POST);
+		$_COOKIE  = strip_array($_COOKIE);
+	}
+}//end undo_magic_quotes() *****************************************************
+
+
+
+
 function Get_GET() { //*** Get main parameters *********************************
 	// i=some/path/,  f=somefile.xyz,  p=somepage
 	global $ipath, $filename, $page, $param1, $message, $EX;
@@ -134,12 +153,12 @@ function Get_GET() { //*** Get main parameters *********************************
 
 
 function URLencode_path($path){ // don't encode the forward slashes ************
-	$TS = '';
-	if (substr($path, -1) == '/' ) { $TS = '/'; } //start with a trailing slash?
+	$TS = '';  // Trailing Slash/
+	if (substr($path, -1) == '/' ) { $TS = '/'; } //start with a $TS?
 	$path_array = explode('/',$path);
 	$path = "";
 	foreach ($path_array as $level) { $path .= rawurlencode($level).'/'; }
-	$path = rtrim($path,'/').$TS;  //end with trailing slash only if started with one
+	$path = rtrim($path,'/').$TS;  //end with $TS only if started with one
 	return $path;
 }//end URLencode_path($path) ***************************************************
 
@@ -224,7 +243,7 @@ function Current_Path_Header(){ //**********************************************
 
 	echo '<h2>';
 		//Root folder of web site.
-		echo '<a href="'.$ONESCRIPT.'" class="path"> '.htmlentities(trim($WEB_ROOT, '/')).' </a>/';
+		echo '<a href="'.$ONESCRIPT.'" class="path"> '.htmlentities(trim($WEB_ROOT, '/')).' </a>/'.PHP_EOL;
 
 		if ($ipath != "" ) { //if not at root, show the rest
 			$path_levels  = explode("/",trim($ipath,'/') );
@@ -234,7 +253,7 @@ function Current_Path_Header(){ //**********************************************
 			for ($x=0; $x < $levels; $x++) {
 				$current_path .= $path_levels[$x].'/';
 				echo '<a href="'.$ONESCRIPT.'?i='.URLencode_path($current_path).'" class="path"> ';
-				echo ' '.htmlentities($path_levels[$x])." </a>/";
+				echo ' '.htmlentities($path_levels[$x]).' </a>/'.PHP_EOL;
 			}
 		}//end if (not at root)
 	echo '</h2>';
@@ -287,8 +306,8 @@ function Upload_New_Rename_Delete_Links() { //**********************************
 
 function Close_Button($classes) { //********************************************
 	global $ONESCRIPT, $ipath, $param1;
-	echo '<input type="button" class="button '.$classes.'" name="close" value="Close" onclick="parent.location=\'';
-	echo $ONESCRIPT.$param1.'\'">';
+	echo '<input type="button" class="button '.$classes.'" name="close" value="Close" 
+		onclick="parent.location=\''.$ONESCRIPT.$param1.'\'">';
 	?><script>document.edit_form.elements[1].focus();</script><?php // focus on [Close]
 }// End Close_Button() //*******************************************************
 
@@ -336,9 +355,9 @@ function show_image(){ //*******************************************************
 
 	echo '<p class="file_meta">';
 	echo 'Image shown at ~'. round($SCALE*100) .'% of full size.<br>('.$img_info[3].')</p>';
-	echo '<div style="clear:both;"></div>';
-	echo '<a href="/' .URLencode_path($IMG). '">';
-	echo '<img src="/'.urlencode_path($IMG).'"  height="'.$img_info[$H]*$SCALE.'"></a>';
+	echo '<div style="clear:both;"></div>'.PHP_EOL;
+	echo '<a href="/' .URLencode_path($IMG). '" target="_blank">'.PHP_EOL;
+	echo '<img src="/'.URLencode_path($IMG).'"  height="'.$img_info[$H]*$SCALE.'"></a>'.PHP_EOL;
 }// end show_image() ***********************************************************
 
 
@@ -648,8 +667,8 @@ function Edit_Page_Buttons($text_editable, $too_large_to_edit) { //*************
 
 
 //******************************************************************************
-function Edit_Page_form($ext, $text_editable, $too_large_to_edit, $large_file_message1){ 
-	global $ONESCRIPT, $param1, $param2, $filename, $itypes, $INPUT_SESSIONID;
+function Edit_Page_form($ext, $text_editable, $too_large_to_edit, $too_large_to_edit_message){ 
+	global $ONESCRIPT, $param1, $param2, $filename, $itypes, $INPUT_SESSIONID, $EX, $message;
 
 	$param2 = $param1.'&amp;f='.rawurlencode(basename($filename));
 	$param3 = $param2.'&amp;p=edit';
@@ -670,17 +689,31 @@ function Edit_Page_form($ext, $text_editable, $too_large_to_edit, $large_file_me
 				echo '<p class="edit_disabled">Non-text or unkown file type. Edit disabled.<br><br></p>';
 
 			}elseif ( $too_large_to_edit ) {
- 				echo '<p class="edit_disabled">'.$large_file_message1.'</p>';
+ 				echo '<p class="edit_disabled">'.$too_large_to_edit_message.'</p>';
 
 			}else{
-				$filecontent = htmlspecialchars(file_get_contents($filename), ENT_SUBSTITUTE,'UTF-8');
-				echo '<input type="hidden" name="filename" id="filename" value="'.htmlspecialchars($filename).'">';
-				echo '<textarea id="file_content" name="content" cols="70" rows="25"
-					onkeyup="Check_for_changes(event);">'.$filecontent.'</textarea>';
+				$filecontent = htmlspecialchars(file_get_contents($filename));
+				$bad_chars = ($filecontent == "" && filesize($filename) > 0);
+				
+				if ($bad_chars){ //did specialchars return an empty string?
+					echo '<pre class="edit_disabled">'.$EX.' File contains an invalid character. Edit and view disabled.<br>';
+					echo ' htmlspecialchars() returned and empty string from what <i>may be</i> an otherwise valid file.<br>';
+					echo ' This behavior can be inconsistant from version to version (of php).<br></pre>';
+				}else{
+					echo '<input type="hidden" name="filename" id="filename" value="'.htmlspecialchars($filename).'">';
+					echo '<textarea id="file_content" name="content" cols="70" rows="25"
+						onkeyup="Check_for_changes(event);">'.$filecontent.'</textarea>';
+				}
 			} //end if !editable /else...
 		} //end if non-image, show textarea
 
 		Edit_Page_Buttons($text_editable, $too_large_to_edit);
+
+	if ($text_editable && !$too_large_to_edit && !$bad_chars) {
+		Edit_Page_scripts();
+		echo '<div style="clear:both;"></div>';
+		echo '<div id="edit_note">NOTE: On some browsers, such as Chrome, if you click the browser [Back] then browser [Forward] (or vice versa), the file state may not be accurate.  To correct, click the browser\'s [Reload].</div>';
+	}
 ?>
 	</form> 
 <?php 
@@ -703,37 +736,34 @@ function Edit_Page() { //*******************************************************
 	if ($too_large_to_edit){$header2 = "Viewing: ";}
 	else                   {$header2 = "Editing: ";}
 
-	$large_file_message1 = 
-'<b>Edit disabled. Filesize &gt; '.number_format($MAX_EDIT_SIZE).' bytes.</b> ($MAX_EDIT_SIZE)<br>
+	$too_large_to_edit_message = 
+'<b>Edit disabled. Filesize &gt; '.number_format($MAX_EDIT_SIZE).' bytes.</b><br>
 Some browsers (on my PC) bog down or become unstable while editing a large file in an HTML &lt;textarea&gt;.<br>
-$MAX_EDIT_SIZE is in the configuration section of OneFileCMS, and may be adjusted as needed.<br>
+Adjust $MAX_EDIT_SIZE in the configuration section of OneFileCMS as needed.<br>
 A simple trial and error test can determine a practical limit for a given browser/computer.';
-	$large_file_message2 = 
-'<b>View disabled. Filesize &gt; '.number_format($MAX_VIEW_SIZE).' bytes.</b> ($MAX_VIEW_SIZE)<br>
+	$too_large_to_view_message = 
+'<b>View disabled. Filesize &gt; '.number_format($MAX_VIEW_SIZE).' bytes.</b><br>
 Click the the file name above to view normally in a browser window.<br>
+Adjust $MAX_VIEW_SIZE in the configuration section of OneFileCMS as needed.<br>
 (The default value for $MAX_VIEW_SIZE is completely arbitrary, and may be adjusted as desired to suit individual perceptions of neccessity.)';
 
 	echo '<h2 id="edit_header">'.$header2;
 	echo '<a class="filename" href="/'.URLencode_path($filename).'" target="_blank">'.htmlentities(basename($filename)).'</a>';
-	echo '</h2>';
+	echo '</h2>'.PHP_EOL;
 
-	Edit_Page_form($ext, $text_editable, $too_large_to_edit, $large_file_message1);
+	Edit_Page_form($ext, $text_editable, $too_large_to_edit, $too_large_to_edit_message);
 
 	if ( in_array( $ext, $itypes) ) { show_image(); }
 
 	echo '<div style="clear:both;"></div>';
 
 	if ( $text_editable && $too_large_to_edit && !$too_large_to_view ) {
-		$filecontent = htmlspecialchars(file_get_contents($filename), ENT_SUBSTITUTE,'UTF-8');
+		$filecontent = htmlspecialchars(file_get_contents($filename), ENT_COMPAT,'UTF-8');
 		echo '<pre class="edit_disabled view_file">'.$filecontent.'</pre>';
 	}elseif ( $text_editable && $too_large_to_view ){
-		echo '<p class="edit_disabled">'.$large_file_message2.'</p>';
-	}
-	
-	if ($text_editable && !$too_large_to_edit) {
-		Edit_Page_scripts();
-		echo '<div id="edit_note">NOTE: On some browsers, such as Chrome, if you click the browser [Back] then browser [Forward] (or vice versa), the file state may not be accurate.  To correct, click the browser\'s [Reload].</div>';
+		echo '<p class="edit_disabled">'.$too_large_to_view_message.'</p>';
 	}
+
 }//End Edit_Page ***************************************************************
 
 
@@ -741,13 +771,13 @@ function Edit_Page() { //*******************************************************
 
 function Edit_Page_response(){ //***If on Edit page, and [Save] clicked ********
 	global $filename, $message, $EX;
-	$filename = htmlspecialchars_decode($_POST["filename"]);
-	$content  = htmlspecialchars_decode($_POST["content"]);
-	$fp = @fopen($filename, "w");
-	if ($fp) {
-		fwrite($fp, $content);
-		fclose($fp);
-		$message = '<b>File saved...</b>';
+	$filename = $_POST["filename"];
+	$content  = $_POST["content"];
+
+	$bytes = file_put_contents($filename, $content);
+
+	if ($bytes !== false) {
+		$message = '<b>File saved: '.$bytes.' bytes written.</b>';
 	}else{
 		$message = $EX.' <b>There was an error saving file.</b>';
 	}
@@ -786,7 +816,7 @@ function Upload_Page() { //*****************************************************
 function Upload_File_response() { //********************************************
 	global $filename, $message, $EX, $page;
 	$filename    = $_FILES['upload_file']['name'];
-	$destination = htmlspecialchars_decode(Check_path($_POST["upload_destination"]));
+	$destination = Check_path($_POST["upload_destination"]);
 	$page  = "index";
 	$MAXUP1 = ini_get('upload_max_filesize');
 	$MAXUP2 = number_format ($_POST['MAX_FILE_SIZE']).' bytes';
@@ -905,8 +935,8 @@ function Copy_Ren_Move_response($old_name, $new_name, $action, $msg1, $msg2, $is
 	//$action = 'copy' or 'rename'. $isfile = 1 if acting on a file, not a folder
 	global $WEB_ROOT, $ipath, $param1, $message, $EX, $page, $filename;
 
-	$old_name = htmlspecialchars_decode(trim($old_name,'/ '));
-	$new_name = htmlspecialchars_decode(trim($new_name,'/ '));
+	$old_name = trim($old_name,'/ ');
+	$new_name = trim($new_name,'/ ');
 	$new_location = dirname($new_name);
 	$filename = $old_name; //default if error
 	if ($isfile) { $page = "edit"; }else{ $page = "index"; }
@@ -930,7 +960,7 @@ function Copy_Ren_Move_response($old_name, $new_name, $action, $msg1, $msg2, $is
 		$param1   = '?i='.URLencode_path($ipath);
 	}else{
 		$message .= '<b>'.htmlentities($WEB_ROOT.$old_name).'</b><br>';
-		$message .= $EX.' <b>Error durring '.$msg1.' from the above to the following:</b><br>';
+		$message .= $EX.' <b>Error during '.$msg1.' from the above to the following:</b><br>';
 		$message .= '<b>'.htmlentities($WEB_ROOT.$new_name).'</b>';
 	}
 }//end Copy_Ren_Move_response() ************************************************
@@ -958,7 +988,7 @@ function Delete_File_response(){ //*********************************************
 	global $filename, $message, $EX, $page;
 
 	$page = "index"; //Return to index
-	$filename = htmlspecialchars_decode($_POST["delete_file"]);
+	$filename = $_POST["delete_file"];
 
 	if (unlink($filename)) {
 		$message .= '<b>Deleted file:</b> '.htmlentities(basename($filename));
@@ -1042,7 +1072,7 @@ class="verify"><?php echo htmlentities(basename($ipath)); ?></span> /
 function Delete_Folder_response() { //******************************************
 	global $ipath, $param1, $page, $message, $EX;
 	$page = "index"; //Return to index
-	$foldername = htmlspecialchars_decode(trim($_POST["delete_folder"], '/'));
+	$foldername = trim($_POST["delete_folder"], '/');
 
 	if ( !is_empty($ipath) ) {
 		$message .= $EX.' <b>Folder not empty. &nbsp; Folders must be empty before they can be deleted.</b>';
@@ -1456,8 +1486,7 @@ function style_sheet(){ //****************************************************?>
 	width  : 99%;
 	padding: .2em;
 	margin : 0;
-	color: #444;
-	background-color: #F0F0F0;
+	background-color: #FFF000;
 	line-height: 1.4em;
 	}
 
@@ -1664,7 +1693,7 @@ function style_sheet(){ //****************************************************?>
 <div class="header">
 	<?php echo '<a href="', $ONESCRIPT, '" id="logo">', $config_title; ?></a>
 	<?php echo $version; ?>
-
+	(on&nbsp;php&nbsp;<?php echo phpversion(); ?>)
 	<div class="nav">
 		<a href="/" target="_blank"><?php show_favicon() ?>&nbsp; 
 		<b><?php echo htmlentities($WEBSITE) ?></b>  &nbsp;- &nbsp;
diff --git a/readme.markdown b/readme.markdown
index 5bb7eb2..2ec523e 100755
--- a/readme.markdown
+++ b/readme.markdown
@@ -1,10 +1,9 @@
-### June 05, 2012
+### June 08, 2012
 
-# Current stable versions: 1.5, "Lite" 2.1.7, 3.1.7
+# Current stable version: 3.1.8
 
 - 3.0+ : "Full" version - uses svg icons
 - 2.0+ : "Lite" version - uses no icons.
-- 1.5  : style sheet is now part of onfilecms.php file, but still uses external icons.
 
 --------------------------------------------------------------------------------
 
@@ -83,8 +82,8 @@ However, "it's on my to-do list!"...
 
 ## Requirements
 
-- PHP 5.4  
-  (Older 5.x versions may work, but there will be issues editing files with back slashes, among other things.  See php docs on magic_quotes_gpc & stripslashes().)
+- PHP 5.2+
+  (Only tested on versions 5.2.17, 5.3.3, 5.4, and 5.4.3)
 - File permission privileges on your host
 - Javascript enabled browswer
 - And, for OneFileCMS 3+, a browser that supports inline SVG.
@@ -136,17 +135,20 @@ LOGIC TO DETERMINE PAGE ACTION
   
 GENERATE THE PAGE  
     &lt;HTML&gt;  
-  
     ...  
-    Load_Selected_Page($page)  
+    Load\_Selected\_Page($page)  
     ...  
-  
     &lt;/HTML&gt;  
 
 --------------------------------------------------------------------------------
 
 ## Change Log
 
+###3.1.6 thru 3.1.8
+
+- Converted bulk of rest of code into functions (easier to work with)
+- Resolved issue (I hope) with differing versions of PHP and how magic_quotes & stripslashes are handeled.
+
 ### 3.1.2 thru 3.1.5
 
 - Added file size limits to the Edit/View page. (Some browsers don't like large files in an HTML textarea.

From dbaba0baa916337cc1a399d8a1cd21a4e2246554 Mon Sep 17 00:00:00 2001
From: Self-Evident <selfevidenttruths@mail.com>
Date: Thu, 14 Jun 2012 11:03:05 -0400
Subject: [PATCH 076/228] Version 3.1.8.1 Removed Close_Button() - just using
 actual code inline. Tweaked Edit_Page_Buttons() Minor improvement to max
 upload file size check. Minor improvement to Copy_Ren_Move_response() Minor
 improvement & additions to how $page is verified just before <html>. Red
 $message when editing OneFileCMS itself.

---
 onefilecms.php | 229 +++++++++++++++++++++++++++++++++++++------------
 1 file changed, 175 insertions(+), 54 deletions(-)

diff --git a/onefilecms.php b/onefilecms.php
index faeefe0..f6318ac 100755
--- a/onefilecms.php
+++ b/onefilecms.php
@@ -1,7 +1,7 @@
 <?php
 // OneFileCMS - github.com/Self-Evident/OneFileCMS
 
-$version = '3.1.8';
+$version = '3.1.8.1';
 
 /*******************************************************************************
 Copyright © 2009-2012 https://github.com/rocktronica
@@ -29,16 +29,17 @@
 *******************************************************************************/
 
 
-
 if( phpversion() < '5.0.0' ) { exit("OneFileCMS requires PHP5 to operate. Tested on 5.3.3 & 5.4"); }
 
-
-
 // CONFIGURABLE INFO ***********************************************************
 $config_username  = "username";
 $config_password  = "password";
 $config_title     = "OneFileCMS";
 
+
+
+
+
 $MAX_IMG_W   = 810;   // Max width to display images. (page container = 810)
 $MAX_IMG_H   = 1000;  // Max height.  I don't know, it just looks reasonable.
 
@@ -62,6 +63,11 @@
 //******************************************************************************
 //Some global values
 
+
+
+
+
+
 $ONESCRIPT = URLencode_path($_SERVER["SCRIPT_NAME"]);
 $DOC_ROOT  = $_SERVER["DOCUMENT_ROOT"].'/';
 $WEB_ROOT  = URLencode_path(basename($DOC_ROOT)).'/';
@@ -75,7 +81,6 @@
 $fclasses = explode(',', strtolower(str_replace(' ', '', $config_fclass))); //for file types with icons
 $excluded_list = (explode(",", $config_excluded));
 
-
 $valid_pages = array("login","logout","index","edit","upload","newfile","copy","rename","delete","newfolder","renamefolder","deletefolder" );
 
 $INVALID_CHARS = '< > ? * : " | / \\'; //Illegal characters for file/folder names. (Space deliminated)
@@ -92,10 +97,14 @@ function Session_Startup() {//**************************************************
 
 	undo_magic_quotes();
 
+
+
 	if ( isset($_POST["username"]) || isset($_POST["password"]) ) {
 		$_SESSION['username'] = $_POST["username"];
 		$_SESSION['password'] = $_POST["password"];
 
+
+
 		if (($_POST["username"] != $config_username) || ($_POST["password"] != $config_password))
 			{ $message = $EX.' <b>INVALID LOGIN ATTEMPT</b>'; }
 	}
@@ -104,16 +113,26 @@ function Session_Startup() {//**************************************************
 		 { $_SESSION['valid'] = "1"; $page = "index"; }
 	else { $_SESSION['valid'] = "0"; $page = "login"; unset($_GET["p"]); session_destroy() ;}
 
-
 	$VALID_POST = ($_SESSION['valid'] == "1" && $_POST["sessionid"] == session_id());
 
-
 	chdir($_SERVER["DOCUMENT_ROOT"]); //Allow OneFileCMS.php to be started from any dir on the site.
 }//End Session_Startup() *******************************************************
 
 
 
 
+
+
+
+
+
+
+
+
+
+
+
+
 function undo_magic_quotes(){ //************************************************
 
 	function strip_array($var) {
@@ -147,6 +166,8 @@ function Get_GET() { //*** Get main parameters *********************************
 	if (isset($_GET["p"])) { $page = $_GET["p"]; } // default $page set in session startup
 
 	$param1 = '?i='.URLencode_path($ipath);
+
+
 }//end Get_GET()****************************************************************
 
 
@@ -304,12 +325,12 @@ function Upload_New_Rename_Delete_Links() { //**********************************
 
 
 
-function Close_Button($classes) { //********************************************
-	global $ONESCRIPT, $ipath, $param1;
-	echo '<input type="button" class="button '.$classes.'" name="close" value="Close" 
-		onclick="parent.location=\''.$ONESCRIPT.$param1.'\'">';
-	?><script>document.edit_form.elements[1].focus();</script><?php // focus on [Close]
-}// End Close_Button() //*******************************************************
+
+
+
+
+
+
 
 
 
@@ -551,6 +572,60 @@ function show_icon($type){ //***************************************************
 
 
 
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
 function Login_Page() { //******************************************************
 	global $ONESCRIPT, $message;
 ?>
@@ -642,7 +717,8 @@ function Index_Page(){ //*******************************************************
 
 
 function Edit_Page_Buttons($text_editable, $too_large_to_edit) { //*************
-	global $ONESCRIPT, $param2;
+	global $ONESCRIPT, $param1, $param2;
+	$ACTION = "parent.location = '".$ONESCRIPT.$param1.$param2.'&amp;p=';
 ?>
 	<p class="buttons_right">
 	<?php if ($text_editable && !$too_large_to_edit) { //Show save & reset only if editable file ?> 
@@ -655,10 +731,10 @@ function Edit_Page_Buttons($text_editable, $too_large_to_edit) { //*************
 			document.getElementById('reset').disabled     = "disabled";
 		</script>
 	<?php } ?>
-	<input type="button" class="button" value="Rename/Move" onclick="parent.location='<?php echo $ONESCRIPT.$param2.'&amp;p=rename'; ?>'">
-	<input type="button" class="button" value="Copy"        onclick="parent.location='<?php echo $ONESCRIPT.$param2.'&amp;p=copy'  ; ?>'">
-	<input type="button" class="button" value="Delete"      onclick="parent.location='<?php echo $ONESCRIPT.$param2.'&amp;p=delete'; ?>'">
-	<?php Close_Button(""); ?>
+	<input type="button" class="button" value="Rename/Move" onclick="<?php echo $ACTION.'rename' ?>'">
+	<input type="button" class="button" value="Copy"        onclick="<?php echo $ACTION.'copy' ?>'  ">
+	<input type="button" class="button" value="Delete"      onclick="<?php echo $ACTION.'delete' ?>'">
+	<input type="button" class="button close" value="Close" onclick="parent.location = '<?php echo $ONESCRIPT.$param1 ?>'">
 	</p>
 <?php
 }//end Edit_Page_Buttons()******************************************************
@@ -680,7 +756,8 @@ function Edit_Page_form($ext, $text_editable, $too_large_to_edit, $too_large_to_
 		<span class="meta_size">Filesize: <?php echo number_format(filesize($filename)); ?> bytes</span> &nbsp; 
 		<span class="meta_time">Updated: <script>FileTimeStamp(<?php echo filemtime($filename); ?>, 1);</script></span><br>
 		</p>
-		<?php Close_Button("close"); ?>
+		<input type="button" id="close1" class="button close" value="Close" onclick="parent.location = '<?php echo $ONESCRIPT.$param1 ?>'">
+		<script>document.getElementById('close1').focus();</script>
 		<div style="clear:both;"></div>
 <?php
 		if ( !in_array( strtolower($ext), $itypes) ) { //If non-image, show textarea
@@ -711,7 +788,6 @@ function Edit_Page_form($ext, $text_editable, $too_large_to_edit, $too_large_to_
 
 	if ($text_editable && !$too_large_to_edit && !$bad_chars) {
 		Edit_Page_scripts();
-		echo '<div style="clear:both;"></div>';
 		echo '<div id="edit_note">NOTE: On some browsers, such as Chrome, if you click the browser [Back] then browser [Forward] (or vice versa), the file state may not be accurate.  To correct, click the browser\'s [Reload].</div>';
 	}
 ?>
@@ -790,21 +866,30 @@ function Upload_Page() { //*****************************************************
 	global $ONESCRIPT, $ipath, $param1, $INPUT_SESSIONID;
 
 	//Determine $MAX_FILE_SIZE to upload
-	$UMF = ini_get('upload_max_filesize'); //assumes  it's < post_max_size. If not, oh well.
-	$KMB = strtoupper(substr($UMF, -1));
-
-	if     ($KMB == "K") { $MAX_FILE_SIZE = $UMF * 1024; }
-	elseif ($KMB == "M") { $MAX_FILE_SIZE = $UMF * 1048576; }
-	elseif ($KMB == "G") { $MAX_FILE_SIZE = $UMF * 1073741824; }
-	else                 { $MAX_FILE_SIZE = $UMF; }
+	$upload_max_filesize = ini_get('upload_max_filesize'); //This should be < post_max_size,
+	$post_max_size       = ini_get('post_max_size');       //but, just in case, check both...
+
+	function shorthand_to_int($SHORTHAND){ //*******************
+		$KMG = strtoupper(substr($SHORTHAND, -1));
+		if     ($KMG == "K") { return $SHORTHAND * 1024; }
+		elseif ($KMG == "M") { return $SHORTHAND * 1048576; }
+		elseif ($KMG == "G") { return $SHORTHAND * 1073741824; }
+		else                 { return $SHORTHAND; }
+	}//end function shorthand_to_int() *************************
+
+	$UMF = shorthand_to_int($upload_max_filesize);
+	$PMS = shorthand_to_int($post_max_size);
+
+	if ($UMF <= $PMS){ $MAX_FILE_SIZE = $UMF; $max_msg = $upload_max_filesize.' &nbsp; per upload_max_filesize in php.ini.'; }
+	else             { $MAX_FILE_SIZE = $PMS; $max_msg = $post_max_size.' &nbsp; per post_max_size in php.ini'; }
 ?>
 	<h2>Upload File</h2>
-	<p>Note: Maximum upload file size is: <?php echo $UMF; ?></p>
-	<form enctype="multipart/form-data" action="<?php echo $ONESCRIPT.$param1; ?>" method="post">
+	<p>Note: Maximum upload file size is: <?php echo $max_msg; ?></p>
+	<form enctype="multipart/form-data" action="<?php echo $ONESCRIPT.$param1; ?>&amp;p=uploaded" method="post">
 		<?php echo $INPUT_SESSIONID; ?>
 		<input type="hidden" name="MAX_FILE_SIZE" value="<?php echo $MAX_FILE_SIZE ?>"> 
 		<input type="hidden" name="upload_destination" value="<?php echo htmlspecialchars($ipath); ?>" >
-		<input name="upload_file" type="file" size="100">
+		<input type="file"   name="upload_file" id="upload_file" size="100">
 		<?php Cancel_Submit_Buttons("Upload","cancel"); ?>
 	</form>
 <?php 
@@ -822,14 +907,14 @@ function Upload_File_response() { //********************************************
 	$MAXUP2 = number_format ($_POST['MAX_FILE_SIZE']).' bytes';
 	$ERROR = $_FILES['upload_file']['error'];
 
-	if     ( $ERROR == 1 ){ $ERRMSG = 'File too large.  upload_max_filesize = '.$MAXUP1.' (From php.ini)';}
-	elseif ( $ERROR == 2 ){ $ERRMSG = 'File too large.  $MAX_FILE_SIZE = '.$MAXUP2.' (From OneFileCMS)';}
-	elseif ( $ERROR == 3 ){ $ERRMSG = 'The uploaded file was only partially uploaded.'; }
-	elseif ( $ERROR == 4 ){ $ERRMSG = 'No file was uploaded. '; }
-	elseif ( $ERROR == 5 ){ $ERRMSG = ''; }
-	elseif ( $ERROR == 6 ){ $ERRMSG = 'Missing a temporary folder.'; }
-	elseif ( $ERROR == 7 ){ $ERRMSG = 'Failed to write file to disk.'; }
-	elseif ( $ERROR == 8 ){ $ERRMSG = 'A PHP extension stopped the file upload.'; }
+	if     ( $ERROR == 1 ){ $ERRMSG = 'Error 1: File too large.  upload_max_filesize = '.$MAXUP1.' (From php.ini)';}
+	elseif ( $ERROR == 2 ){ $ERRMSG = 'Error 2: File too large.  $MAX_FILE_SIZE = '.$MAXUP2.' (From OneFileCMS)';}
+	elseif ( $ERROR == 3 ){ $ERRMSG = 'Error 3: The uploaded file was only partially uploaded.'; }
+	elseif ( $ERROR == 4 ){ $ERRMSG = 'Error 4: No file was uploaded. '; }
+	elseif ( $ERROR == 5 ){ $ERRMSG = 'Error 5. '; }
+	elseif ( $ERROR == 6 ){ $ERRMSG = 'Error 6: Missing a temporary folder.'; }
+	elseif ( $ERROR == 7 ){ $ERRMSG = 'Error 7: Failed to write file to disk.'; }
+	elseif ( $ERROR == 8 ){ $ERRMSG = 'Error 8: A PHP extension stopped the file upload.'; }
 	else                  { $ERRMSG = ''; }
 
 	if (($filename == "")){ 
@@ -843,7 +928,7 @@ function Upload_File_response() { //********************************************
 		if(move_uploaded_file($_FILES['upload_file']['tmp_name'], $savefile)) {
 			$message .= '<br>Upload successful! '.$savefile_msg;
 		} else{
-			$message .= '<br>'.$EX.' <b>Error '.$ERROR.' - Upload failed: </b>'.$ERRMSG.'';
+			$message .= '<br>'.$EX.' <b> Upload failed: </b>'.$ERRMSG.'';
 		}
 	}
 }//end Upload_File_response() **************************************************
@@ -874,6 +959,7 @@ function New_File_response() { //***********************************************
 	$filename = $ipath.$new_name;
 	$page = "index"; // return to index if new file fails
 	
+	$invalid = false;
 	foreach ($INVALID_CHARS_array as $bad_char) {
 		if (strpos($new_name, $bad_char) !== false) { $invalid = true; }
 	}
@@ -958,6 +1044,8 @@ function Copy_Ren_Move_response($old_name, $new_name, $action, $msg1, $msg2, $is
 		if ($isfile) { $ipath = Check_path(dirname($filename)); } //if changed,
 		else         { $ipath = Check_path($filename); }          //return to new dir.
 		$param1   = '?i='.URLencode_path($ipath);
+
+
 	}else{
 		$message .= '<b>'.htmlentities($WEB_ROOT.$old_name).'</b><br>';
 		$message .= $EX.' <b>Error during '.$msg1.' from the above to the following:</b><br>';
@@ -1022,6 +1110,7 @@ function New_Folder_response(){ //**********************************************
 
 	$new_name = trim($_POST["new_folder"],'/ '); //Trim spaces, and make sure only has a single trailing slash.
 
+
 	foreach ($INVALID_CHARS_array as $bad_char) {
 		if (strpos($new_name, $bad_char) !== false) { $invalid = true; }
 	}
@@ -1093,6 +1182,7 @@ function Page_Title(){ //***<title>Page_Title()</title>*************************
 	global $page;
 
 	if     ($page == "login")        { return "Log In";         }
+
 	elseif ($page == "edit")         { return "Edit/View File"; }
 	elseif ($page == "upload")       { return "Upload File";    }
 	elseif ($page == "newfile")      { return "New File";       }
@@ -1112,6 +1202,7 @@ function Load_Selected_Page(){ //***********************************************
 	global $ONESCRIPT, $page;
 
 	if     ($page == "login")        { Login_Page();         }
+
 	elseif ($page == "edit")         { Edit_Page();          }
 	elseif ($page == "upload")       { Upload_Page();        }
 	elseif ($page == "newfile")      { New_File_Page();      }
@@ -1290,10 +1381,7 @@ function style_sheet(){ //****************************************************?>
 { border : 0; outline: 0; margin : 0; padding: 0;
 font-family: inherit; font-weight: inherit; font-style : inherit;
 font-size  : 100%; vertical-align: baseline; }
-
-
 /* --- general formatting --- */
-
 body { font-size: 1em; background: #DDD; font-family: sans-serif; }
 
 p, table { margin-bottom: .5em; margin-top: .5em;}
@@ -1554,7 +1642,7 @@ function style_sheet(){ //****************************************************?>
 
 .close        {float: right; margin-bottom: .5em;}
 
-#edit_note    {font-size: .8em; color: #444 ;margin-top: 1em;}
+#edit_note    {font-size: .8em; color: #444 ;margin-top: 1em; clear:both;}
 
 
 
@@ -1610,6 +1698,21 @@ function style_sheet(){ //****************************************************?>
 .icon {float: left; margin: 0 .3em 0 0;}
 
 .mono {font-family: courier;}
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
 </style>
 <?php }//end style_sheet() *****************************************************
 
@@ -1621,6 +1724,8 @@ function style_sheet(){ //****************************************************?>
 //Begin logic to determine page action
 
 
+
+
 Session_Startup(); //***********************************************************
 
 Get_GET();         //***********************************************************
@@ -1632,6 +1737,7 @@ function style_sheet(){ //****************************************************?>
 
 if ($VALID_POST) { //***********************************************************
 	if     (isset($_FILES['upload_file']['name'])) { Upload_File_response(); }
+
 	elseif (isset($_POST["filename"]     )) { Edit_Page_response(); }
 	elseif (isset($_POST["new_file"]     )) { New_File_response(); }
 	elseif (isset($_POST["copy_file"]    )) { Copy_Ren_Move_response($_POST[ "old_name"], $_POST["copy_file"], 'copy', 'Copy', 'Copied', 1); } 
@@ -1647,20 +1753,32 @@ function style_sheet(){ //****************************************************?>
 
 //*** Verify valid $page and/or $filename **************************************
 
-if (!in_array(strtolower($page), $valid_pages)) { $page = "index"; }
+if     (!in_array(strtolower($page), $valid_pages))   { $page = "index"; }
 
-//Don't load login screen if already in a valid session 
-if ( ($page == "login") and ($_SESSION['valid']) ) { $page = "index"; }
+        //Don't load login screen if already in a valid session.
+elseif ( ($page == "login") && ($_SESSION['valid']) ) { $page = "index"; }
 
-if ( $page == "edit" && !is_file($filename) ) { $page = "index"; }
+		//Don't load edit page if $filename doesn't exist.
+elseif ( ($page == "edit")  && !is_file($filename) )  { $page = "index"; }
 
-if ($page == "logout") { $page = "login"; $_SESSION['valid'] = "0";	session_destroy();
-	$message = 'You have successfully logged out.'; }
+elseif ($page == "logout") { $page = "login"; $_SESSION['valid'] = "0";	session_destroy();
+		$message .= 'You have successfully logged out.'; }
+
+		//Don't load delete page if folder not empty.
+elseif ( ($page == "deletefolder") && !is_empty($ipath) ) {
+	   $message .= $EX.' <b>Folder not empty. &nbsp; Folders must be empty before they can be deleted.</b>';
+	   $page = "index";}
+
+		//if size of $_POST > post_max_size, PHP only returns empty $_POST & $_FILE arrays.
+elseif ($page == "uploaded" && !$VALID_POST){
+	   $message .= $EX.'<b> Upload Error.  Total POST data (mostly filesize) exceeded post_max_size = '.ini_get('post_max_size').' (from php.ini).</b>';
+	   $page = "index";}
+
+elseif ( ($page == "edit") && ($filename == trim($ONESCRIPT, '/')) ) { 
+	   if ( $message == "" ){ $BR = ""; }else{ $BR = '<br>';}
+	   $message .= '<style>#message p {background: red; color: white;}</style>';
+	   $message .= $BR.$EX.' <b>CAUTION '.$EX.' You are editing the active copy of OneFileCMS - BACK IT UP &amp; BE CAREFUL !!</b>'; }
 
-if ( ($page == "deletefolder") && !is_empty($ipath) ) { //Don't load delete page if can't delete.
-	$message = $EX.' <b>Folder not empty. &nbsp; Folders must be empty before they can be deleted.</b>';
-	$page = "index";
-}
 //******************************************************************************
 
 
@@ -1710,8 +1828,11 @@ function style_sheet(){ //****************************************************?>
 
 <?php Load_Selected_Page() ?>
 
+
+
+
+
 <hr>
 </div><!-- end container/login_page -->
-
 </body>
 </html>

From 4812b92ffac8a4742bc7a73db5675e1bff9e8ef8 Mon Sep 17 00:00:00 2001
From: Self-Evident <selfevidenttruths@mail.com>
Date: Thu, 14 Jun 2012 11:16:30 -0400
Subject: [PATCH 077/228] Version 3.1.8.2 Added default $param2 & $param3 in
 Get_GET().   Mostly for [X] box href when onclick (js) is not working. In
 current / path / folder : spacing around / now in css, instead of in
 code/html.   Removed a couple PHP_EOL's as they slightly messed up spacing.
 Added css for file upload <input> element. Cleaned up "Reset" part of style
 sheet.

---
 onefilecms.php | 42 +++++++++++++++++++++---------------------
 1 file changed, 21 insertions(+), 21 deletions(-)

diff --git a/onefilecms.php b/onefilecms.php
index f6318ac..39d4383 100755
--- a/onefilecms.php
+++ b/onefilecms.php
@@ -1,7 +1,7 @@
 <?php
 // OneFileCMS - github.com/Self-Evident/OneFileCMS
 
-$version = '3.1.8.1';
+$version = '3.1.8.2';
 
 /*******************************************************************************
 Copyright © 2009-2012 https://github.com/rocktronica
@@ -152,7 +152,7 @@ function strip_array($var) {
 
 function Get_GET() { //*** Get main parameters *********************************
 	// i=some/path/,  f=somefile.xyz,  p=somepage
-	global $ipath, $filename, $page, $param1, $message, $EX;
+	global $ipath, $filename, $page, $param1, $param2, $param3, $message, $EX;
 
 	if (isset($_GET["i"])) { $ipath = Check_path($_GET["i"]); }else{ $ipath = ""; }
 
@@ -166,8 +166,8 @@ function Get_GET() { //*** Get main parameters *********************************
 	if (isset($_GET["p"])) { $page = $_GET["p"]; } // default $page set in session startup
 
 	$param1 = '?i='.URLencode_path($ipath);
-
-
+	if ($filename == "") { $param2 = ""; }else{ $param2 = '&amp;f='.rawurlencode(basename($filename)); }
+	if ($page == ""    ) { $param3 = ""; }else{ $param3 = '&amp;p='.$page; }
 }//end Get_GET()****************************************************************
 
 
@@ -264,7 +264,7 @@ function Current_Path_Header(){ //**********************************************
 
 	echo '<h2>';
 		//Root folder of web site.
-		echo '<a href="'.$ONESCRIPT.'" class="path"> '.htmlentities(trim($WEB_ROOT, '/')).' </a>/'.PHP_EOL;
+		echo '<a href="'.$ONESCRIPT.'" class="path"> '.htmlentities(trim($WEB_ROOT, '/')).'</a>/';
 
 		if ($ipath != "" ) { //if not at root, show the rest
 			$path_levels  = explode("/",trim($ipath,'/') );
@@ -273,8 +273,8 @@ function Current_Path_Header(){ //**********************************************
 
 			for ($x=0; $x < $levels; $x++) {
 				$current_path .= $path_levels[$x].'/';
-				echo '<a href="'.$ONESCRIPT.'?i='.URLencode_path($current_path).'" class="path"> ';
-				echo ' '.htmlentities($path_levels[$x]).' </a>/'.PHP_EOL;
+				echo '<a href="'.$ONESCRIPT.'?i='.URLencode_path($current_path).'" class="path">';
+				echo htmlentities($path_levels[$x]).'</a>/';
 			}
 		}//end if (not at root)
 	echo '</h2>';
@@ -284,13 +284,13 @@ function Current_Path_Header(){ //**********************************************
 
 
 function message_box() { //*****************************************************
-	global $ONESCRIPT, $message, $page;
+	global $ONESCRIPT, $param1, $param2, $param3, $message, $page;
 
 	if (isset($message)) {
 ?>
 		<div id="message"><p>
 		<span id="Xbox"><!-- [X] to dismiss message box -->
-			<a id="dismiss" href='<?php echo $ONESCRIPT.$param1; ?>'
+			<a id="dismiss" href='<?php echo $ONESCRIPT.$param1.$param2.$param3; ?>'
  			onclick='document.getElementById("message").innerHTML = " ";return false;'>
 			[X]</a>
 		</span>
@@ -303,7 +303,7 @@ function message_box() { //*****************************************************
 	} //end isset($message)
 	
 	// Used on Edit Page to preserve vertical spacing, so edit area doesn't jump as much.
-	if ($page == "edit") {echo '<style>#message { min-height: 1.8em; }</style>';}
+	if ($page == "edit") {echo '<style>#message { min-height: 1.86em; }</style>';}
 }//end message_box()  **********************************************************
 
 
@@ -1375,13 +1375,13 @@ function Reset_File() {
 function style_sheet(){ //****************************************************?>
 <style>
 /* --- reset --- */
-html,body,div,span,applet,object,iframe,h1,h2,h3,h4,h5,h6,p,blockquote,pre,a,abbr,acronym,address,big,
-cite,code,del,dfn,em,font,img,ins,kbd,q,s,samp,small,strike,strong,sub,sup,tt,var,dl,dt,dd,ol,ul,li,
-fieldset,form,label,legend,table,caption,tbody,tfoot,thead,tr,th,td
-{ border : 0; outline: 0; margin : 0; padding: 0;
+* { border : 0; outline: 0; margin : 0; padding: 0;
 font-family: inherit; font-weight: inherit; font-style : inherit;
 font-size  : 100%; vertical-align: baseline; }
+
+
 /* --- general formatting --- */
+
 body { font-size: 1em; background: #DDD; font-family: sans-serif; }
 
 p, table { margin-bottom: .5em; margin-top: .5em;}
@@ -1699,18 +1699,18 @@ function style_sheet(){ //****************************************************?>
 
 .mono {font-family: courier;}
 
+#upload_file {
+	border: 1px solid #807568;
+	padding: 2px;
+	width: 50em;
+	Xfont: 1em "Courier New", Courier, monospace;
+	}
 
 
 
 
 
-
-
-
-
-
-
-
+.path {padding: 3px 5px 3px 5px} /*TRBL*/
 
 
 </style>

From 03e53139346a2b6b9d8436674d4f263e8de6c125 Mon Sep 17 00:00:00 2001
From: Self-Evident <selfevidenttruths@mail.com>
Date: Thu, 14 Jun 2012 11:27:17 -0400
Subject: [PATCH 078/228] Version 3.1.8.3 Moved primary php version check to
 area with other page logic,   and define a version constant in Global
 section. Reworked the Edit Page code a bit, including:   Check PHP version to
 determine params for htmlspecialchars on Edit_Page().   Clearstatcache on
 Edit_Page()

---
 onefilecms.php | 55 ++++++++++++++++++++++++++------------------------
 1 file changed, 29 insertions(+), 26 deletions(-)

diff --git a/onefilecms.php b/onefilecms.php
index 39d4383..49d5af5 100755
--- a/onefilecms.php
+++ b/onefilecms.php
@@ -1,7 +1,7 @@
 <?php
 // OneFileCMS - github.com/Self-Evident/OneFileCMS
 
-$version = '3.1.8.2';
+$version = '3.1.8.3';
 
 /*******************************************************************************
 Copyright © 2009-2012 https://github.com/rocktronica
@@ -29,7 +29,7 @@
 *******************************************************************************/
 
 
-if( phpversion() < '5.0.0' ) { exit("OneFileCMS requires PHP5 to operate. Tested on 5.3.3 & 5.4"); }
+
 
 // CONFIGURABLE INFO ***********************************************************
 $config_username  = "username";
@@ -44,8 +44,8 @@
 $MAX_IMG_H   = 1000;  // Max height.  I don't know, it just looks reasonable.
 
 $MAX_EDIT_SIZE = 150000;  // Edit gets flaky with large files in some browsers.  Trial and error your's.
-$MAX_VIEW_SIZE = 1000000; //If file > $MAX_EDIT_SIZE, don't even view in OneFileCMS.
-                          // The max view size is completely arbitray. It was 2am and seemed like a good idea at the time.
+$MAX_VIEW_SIZE = 1000000; // If file > $MAX_EDIT_SIZE, don't even view in OneFileCMS.
+                          // The max view size is completely arbitrary. It was 2am and seemed like a good idea at the time.
 $config_favicon   = "/favicon.ico";
 $config_excluded  = ""; //files to exclude from directory listings- CaSe sEnsaTive!
 
@@ -61,12 +61,12 @@
 
 
 //******************************************************************************
-//Some global values
-
-
-
-
+//Some global system values
 
+if (!defined('PHP_VERSION_ID')) {            //PHP_VERSION_ID only available since 5.2.7
+    $phpversion = explode('.', PHP_VERSION); //PHP_VERSION, however, should be available even in older versions.
+    define('PHP_VERSION_ID', ($phpversion[0] * 10000 + $phpversion[1] * 100 + $phpversion[2]));
+}
 
 $ONESCRIPT = URLencode_path($_SERVER["SCRIPT_NAME"]);
 $DOC_ROOT  = $_SERVER["DOCUMENT_ROOT"].'/';
@@ -744,21 +744,11 @@ function Edit_Page_Buttons($text_editable, $too_large_to_edit) { //*************
 
 //******************************************************************************
 function Edit_Page_form($ext, $text_editable, $too_large_to_edit, $too_large_to_edit_message){ 
-	global $ONESCRIPT, $param1, $param2, $filename, $itypes, $INPUT_SESSIONID, $EX, $message;
-
-	$param2 = $param1.'&amp;f='.rawurlencode(basename($filename));
-	$param3 = $param2.'&amp;p=edit';
+	global $ONESCRIPT, $param1, $param2, $param3, $filename, $itypes, $INPUT_SESSIONID, $EX, $message;
 	clearstatcache ();
 ?>
-	<form id="edit_form" name="edit_form" method="post" action="<?php echo $ONESCRIPT.$param3 ?>">
+	<form id="edit_form" name="edit_form" method="post" action="<?php echo $ONESCRIPT.$param1.$param2.$param3 ?>">
 		<?php echo $INPUT_SESSIONID; ?>
-		<p class="file_meta">
-		<span class="meta_size">Filesize: <?php echo number_format(filesize($filename)); ?> bytes</span> &nbsp; 
-		<span class="meta_time">Updated: <script>FileTimeStamp(<?php echo filemtime($filename); ?>, 1);</script></span><br>
-		</p>
-		<input type="button" id="close1" class="button close" value="Close" onclick="parent.location = '<?php echo $ONESCRIPT.$param1 ?>'">
-		<script>document.getElementById('close1').focus();</script>
-		<div style="clear:both;"></div>
 <?php
 		if ( !in_array( strtolower($ext), $itypes) ) { //If non-image, show textarea
 
@@ -769,17 +759,21 @@ function Edit_Page_form($ext, $text_editable, $too_large_to_edit, $too_large_to_
  				echo '<p class="edit_disabled">'.$too_large_to_edit_message.'</p>';
 
 			}else{
-				$filecontent = htmlspecialchars(file_get_contents($filename));
+				if (PHP_VERSION_ID  < 50400) {  // 5.4.0
+					$filecontent = htmlspecialchars(file_get_contents($filename));
+				}else{
+					$filecontent = htmlspecialchars(file_get_contents($filename),ENT_SUBSTITUTE);
+				}
 				$bad_chars = ($filecontent == "" && filesize($filename) > 0);
-				
+
 				if ($bad_chars){ //did specialchars return an empty string?
 					echo '<pre class="edit_disabled">'.$EX.' File contains an invalid character. Edit and view disabled.<br>';
 					echo ' htmlspecialchars() returned and empty string from what <i>may be</i> an otherwise valid file.<br>';
-					echo ' This behavior can be inconsistant from version to version (of php).<br></pre>';
+					echo ' This behavior can be inconsistant from version to version of php.<br></pre>';
 				}else{
 					echo '<input type="hidden" name="filename" id="filename" value="'.htmlspecialchars($filename).'">';
 					echo '<textarea id="file_content" name="content" cols="70" rows="25"
-						onkeyup="Check_for_changes(event);">'.$filecontent.'</textarea>';
+						onkeyup="Check_for_changes(event);">'.$filecontent.'</textarea>'.PHP_EOL;
 				}
 			} //end if !editable /else...
 		} //end if non-image, show textarea
@@ -799,7 +793,7 @@ function Edit_Page_form($ext, $text_editable, $too_large_to_edit, $too_large_to_
 
 
 function Edit_Page() { //*******************************************************
-	global $filename, $filecontent, $etypes, $itypes, $MAX_EDIT_SIZE, $MAX_VIEW_SIZE;
+	global $ONESCRIPT, $param1, $filename, $filecontent, $etypes, $itypes, $MAX_EDIT_SIZE, $MAX_VIEW_SIZE;
 
 	//Determine if text editable file type
 	$ext = end( explode(".", strtolower($filename) ) );
@@ -826,7 +820,16 @@ function Edit_Page() { //*******************************************************
 	echo '<h2 id="edit_header">'.$header2;
 	echo '<a class="filename" href="/'.URLencode_path($filename).'" target="_blank">'.htmlentities(basename($filename)).'</a>';
 	echo '</h2>'.PHP_EOL;
+?>
+	<p class="file_meta">
+	<span class="meta_size">Filesize: <?php echo number_format(filesize($filename)); ?> bytes</span> &nbsp; 
+	<span class="meta_time">Updated: <script>FileTimeStamp(<?php echo filemtime($filename); ?>, 1);</script></span><br>
+	</p>
 
+	<input type="button" id="close1" class="button close" value="Close" onclick="parent.location = '<?php echo $ONESCRIPT.$param1 ?>'">
+	<script>document.getElementById('close1').focus();</script>
+	<div style="clear:both;"></div>
+<?php
 	Edit_Page_form($ext, $text_editable, $too_large_to_edit, $too_large_to_edit_message);
 
 	if ( in_array( $ext, $itypes) ) { show_image(); }

From 8abaca41a2dbfb4dffd5dc9a158ea7bb62762e92 Mon Sep 17 00:00:00 2001
From: Self-Evident <selfevidenttruths@mail.com>
Date: Thu, 14 Jun 2012 16:20:08 -0400
Subject: [PATCH 079/228] Version 3.1.9 OneFileCMS can now store a password
 hash instead of the plain text password itself.   Added Hash_Page() &
 _response() Minor fix to Upload_Page_response() Updated readme

---
 OneFileCMS_structure.txt |   5 +-
 onefilecms.php           | 212 +++++++++++++++++++--------------------
 readme.markdown          |  19 ++--
 3 files changed, 123 insertions(+), 113 deletions(-)

diff --git a/OneFileCMS_structure.txt b/OneFileCMS_structure.txt
index a3f2b5f..f674c03 100755
--- a/OneFileCMS_structure.txt
+++ b/OneFileCMS_structure.txt
@@ -4,6 +4,7 @@ SOME STANDARD GLOBAL VARIABLES
 
 MISC FUNCTIONS:
 	Session_Startup()
+	hashit()
 	undo_magic_quotes()
 	Get_GET()
 	URLencode_path()
@@ -13,7 +14,6 @@ MISC FUNCTIONS:
 	Current_Path_Header()
 	message_box()
 	Upload_New_Rename_Delete_Links()
-	Close_Button()
 	Cancel_Submit_Buttons()
 	show_image()
 	show_favicon()
@@ -40,6 +40,8 @@ SVG ICON FUNCTIONS:
 	show_icon()
 
 PAGE & RESPONSE FUNCTIONS:
+	Hash_Page()
+	Hash_Page_response()
 	Login_Page()
 	list_files()
 	Index_Page()
@@ -68,6 +70,7 @@ JAVASCRIPT & STYLESHEET FUNCTIONS:
 	style_sheet()        //css
 	
 LOGIC TO DETERMINE PAGE ACTION
+	Verify good PHP version
 	Call Session_Startup()
 	Call Get_GET()
 	Call Init_Macros()
diff --git a/onefilecms.php b/onefilecms.php
index 49d5af5..3dd860b 100755
--- a/onefilecms.php
+++ b/onefilecms.php
@@ -1,7 +1,7 @@
 <?php
 // OneFileCMS - github.com/Self-Evident/OneFileCMS
 
-$version = '3.1.8.3';
+$version = '3.1.9';
 
 /*******************************************************************************
 Copyright © 2009-2012 https://github.com/rocktronica
@@ -32,13 +32,13 @@
 
 
 // CONFIGURABLE INFO ***********************************************************
-$config_username  = "username";
-$config_password  = "password";
-$config_title     = "OneFileCMS";
-
-
+$USERNAME = 'username';
 
+$PASSWORD = 'password'; //If using $HASHWORD, you may leave this value empty.
+$USE_HASH = 0 ; // If = 0, use $PASSWORD. If = 1, use $HASHWORD. 
+$HASHWORD = 'ff20c771cd8b39d848aa3bb631e880ece7682f98164d5446699cee1b6486fdb3'; //default hash for "password"
 
+$config_title     = "OneFileCMS";
 
 $MAX_IMG_W   = 810;   // Max width to display images. (page container = 810)
 $MAX_IMG_H   = 1000;  // Max height.  I don't know, it just looks reasonable.
@@ -73,6 +73,11 @@
 $WEB_ROOT  = URLencode_path(basename($DOC_ROOT)).'/';
 $WEBSITE   = $_SERVER["HTTP_HOST"].'/';
 
+$valid_pages = array("hash", "login","logout","index","edit","upload","uploaded","newfile","copy","rename","delete","newfolder","renamefolder","deletefolder" );
+
+$INVALID_CHARS = '< > ? * : " | / \\'; //Illegal characters for file/folder names. (Space deliminated)
+$INVALID_CHARS_array = explode(' ', $INVALID_CHARS);
+
 //Make arrays out of a few $config_variables for actual use later.
 //Also, remove spaces and make lowercase.
 $etypes   = explode(',', strtolower(str_replace(' ', '', $config_etypes))); //editable file types
@@ -80,36 +85,31 @@
 $ftypes   = explode(',', strtolower(str_replace(' ', '', $config_ftypes))); //file types with icons
 $fclasses = explode(',', strtolower(str_replace(' ', '', $config_fclass))); //for file types with icons
 $excluded_list = (explode(",", $config_excluded));
-
-$valid_pages = array("login","logout","index","edit","upload","newfile","copy","rename","delete","newfolder","renamefolder","deletefolder" );
-
-$INVALID_CHARS = '< > ? * : " | / \\'; //Illegal characters for file/folder names. (Space deliminated)
-$INVALID_CHARS_array = explode(' ', $INVALID_CHARS);
 //******************************************************************************
 
 
 
 
 function Session_Startup() {//**************************************************
-	global $config_username, $config_password, $message , $page, $VALID_POST;
+	global $USERNAME, $PASSWORD, $HASHWORD, $USE_HASH, $SALT, $message , $page, $VALID_POST;
 
 	session_start();
 
 	undo_magic_quotes();
 
-
+	if ($USE_HASH){ $PASS = $HASHWORD; }else{ $PASS = $PASSWORD; }
 
 	if ( isset($_POST["username"]) || isset($_POST["password"]) ) {
 		$_SESSION['username'] = $_POST["username"];
-		$_SESSION['password'] = $_POST["password"];
-
 
+		if ($USE_HASH) { $_SESSION['password'] = hashit($_POST["password"]); }
+		else           { $_SESSION['password'] =        $_POST["password"];  }
 
-		if (($_POST["username"] != $config_username) || ($_POST["password"] != $config_password))
-			{ $message = $EX.' <b>INVALID LOGIN ATTEMPT</b>'; }
+		if (($_SESSION['username'] != $USERNAME) || ($_SESSION['password'] != $PASS))
+			{ $message .= $EX.' <b>INVALID LOGIN ATTEMPT</b>'; }
 	}
 
-	if (($_SESSION['username'] == $config_username) and ( $_SESSION['password'] == $config_password ))
+	if (($_SESSION['username'] == $USERNAME) && ( $_SESSION['password'] == $PASS ))
 		 { $_SESSION['valid'] = "1"; $page = "index"; }
 	else { $_SESSION['valid'] = "0"; $page = "login"; unset($_GET["p"]); session_destroy() ;}
 
@@ -121,14 +121,14 @@ function Session_Startup() {//**************************************************
 
 
 
-
-
-
-
-
-
-
-
+function hashit($key){ //*******************************************************
+	//This is the super-secret stuff - don't tell anyone!!
+	//If you change anything here, redo the hash for your password.
+	$hash = hash('sha256', trim($key).$salt); // trim off leading & trailing spaces.
+	$salt = 'somerandomesalt';
+	for ( $x=0; $x < 1000; $x++ ) { $hash = hash('sha256', $hash.$salt); }
+	return $hash;
+}//end hashit() ****************************************************************
 
 
 
@@ -338,16 +338,16 @@ function Upload_New_Rename_Delete_Links() { //**********************************
 function Cancel_Submit_Buttons($submit_label, $focus) { //**********************
 	//$submit_label = Rename, Copy, Delete, etc...
 	//$focus is ID of element to receive focus(). (element may be outside this function)
-	global $ONESCRIPT, $ipath, $param1, $filename, $page;
+	global $ONESCRIPT, $ipath, $param1, $param2, $filename, $page;
 
-	// [Cancel] returns to either the current/path, or current/path/file
-	if ($filename != "") { $param1 .= '&f='.rawurlencode(basename($filename)).'&p='.edit; }
+	// [Cancel] returns to either the index, or edit page.
+	if ($filename == "") {$params = "";}else{ $params .= $param2.'&amp;p=edit'; }
 ?>
-	<p>
-		<input type="button" class="button" id="cancel" name="cancel" value="Cancel"
-			onclick="parent.location='<?php echo $ONESCRIPT.$param1; ?>'">
-		<input type="submit" class="button" value="<?php echo $submit_label;?>" style="margin-left: 1.3em;">
-	</p>
+	<p></p>
+	<input type="button" class="button" id="cancel" name="cancel" value="Cancel"
+		onclick="parent.location = '<?php echo $ONESCRIPT.$param1.$params ?>'">
+	<input type="submit" class="button" value="<?php echo $submit_label;?>" style="margin-left: 1.3em;">
+
 <?php
 	if ($focus != ""){ echo '<script>document.getElementById("'.$focus.'").focus();</script>'; }
 
@@ -396,11 +396,11 @@ function show_favicon(){ //*****************************************************
 
 function Init_Macros(){ //*** ($varibale="some reusable chunk of code")*********
 
-global 	$ONESCRIPT, $param1, $INPUT_SESSIONID, $FORM_COMMON, 
+global 	$ONESCRIPT, $param1, $param2, $INPUT_SESSIONID, $FORM_COMMON, 
 		$SVG_icon_circle_plus, $SVG_icon_circle_x, $SVG_icon_pencil, $SVG_icon_img_0;
 
 $INPUT_SESSIONID = '<input type="hidden" name="sessionid" value="'.session_id().'">'.PHP_EOL;
-$FORM_COMMON = '<form method="post" action="'.$ONESCRIPT.$param1.'">'.$INPUT_SESSIONID;
+$FORM_COMMON = '<form method="post" action="'.$ONESCRIPT.$param1.$param2.'">'.$INPUT_SESSIONID;
 
 $SVG_icon_circle_plus = '<circle cx="5" cy="5" r="5" stroke="black" stroke-width="0" fill="#080"/>
 	  <line x1="2" y1="5" x2="8" y2="5" stroke="white" stroke-width="1.5" />
@@ -572,56 +572,56 @@ function show_icon($type){ //***************************************************
 
 
 
+function Hash_Page() { //******************************************************
+	global $DOC_ROOT, $ONESCRIPT, $param1, $message, $INPUT_SESSIONID, $config_title;
+	$params = '?i='.dirname($ONESCRIPT).'&amp;f='.basename($ONESCRIPT).'&amp;p=edit';
+?>
+	<style>#message {font-family: courier; min-height: 3.1em;}
+	li {margin-left: 2em}</style>
 
+	<h2>Generate a Password Hash</h2>
+	
+	<form id="hash" name="hash" method="post" action="<?php echo $ONESCRIPT.$param1.'&amp;p=hash'; ?>">
+		<?php echo $INPUT_SESSIONID; ?>
+		Password to hash:
+		<input type="text" name="whattohash" id="whattohash" value="<?php echo htmlspecialchars($_POST["whattohash"]) ?>">
+		<?php Cancel_Submit_Buttons('Generate hash', 'whattohash') ?>
+ 		<a class="button edit_onefile" href="<?php echo $ONESCRIPT.$params; ?>" >Edit &nbsp;<?php echo $config_title ?></a>
+	</form>
 
+	<div class="info">
+ 	<p>There are two ways to change your OneFileCMS password:<br>
+	<p>
+	1) Simply use the $PASSWORD config variable to store your desired password, and set $USE_HASH = 0 (zero).<br>
+	2) Or, use $HASHWORD to store the hash of your password, and set $USE_HASH = 1.<br>
+
+	<p>Keep in mind that due to a number of widely varied considerations, this is largely an academic excersize.<br>
+	In other words, take the idea that this adds much of an improvement to security with a grain of cryptographic salt...*<br>
+	<p>Anyway, to use the $HASHWORD password option:
+	<ol><li>Type your desired password in the input field above and hit Enter.<br>
+			The hash will be displayed in a yellow message box above that.
+		<li>Copy and paste the new hash to the $HASHWORD variable in the config section.<br>
+			'Make sure the hash ends up in quotes.'<br>
+			Make sure to copy ALL of, and ONLY, the hash (no spaces etc). A double-click should select it...
+		<li>Make sure $USE_HASH is set to 1 (or true).
+		<li>When ready, logout and login.
+	</ol>
+	<p>You can use OneFileCMS to edit itself.  However, be sure to have a backup ready for the inevitable tupo...
+	<p>*Note: While still largely academic, you can improve security a bit more by changing the default salt and/or method used by OneFileCMS to hash the password (and keep 'em secret, of course).<br>
+	PS: Everything I know about security - you just read...
+	</div>
+<?php 
+} //end Hash_Page() ************************************************************
 
 
 
 
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
+function Hash_Page_response() { //**********************************************
+	global $SALT, $message;
+	$_POST['whattohash'] = trim($_POST['whattohash']); // trim leading & trailing spaces.
+	$message .= 'Password: '.$_POST['whattohash'].'<br>';
+	$message .= 'Hash &nbsp; &nbsp;: '.hashit($_POST["whattohash"]);
+} //end Hash_Page_response() ***************************************************
 
 
 
@@ -956,7 +956,7 @@ function New_File_Page() { //***************************************************
 
 
 function New_File_response() { //***********************************************
-	global $ipath, $filename, $page, $message, $EX, $INVALID_CHARS, $INVALID_CHARS_array;
+	global $ipath, $param2, $filename, $page, $message, $EX, $INVALID_CHARS, $INVALID_CHARS_array;
 
 	$new_name = trim($_POST["new_file"],'/ '); //Trim spaces and slashes.
 	$filename = $ipath.$new_name;
@@ -980,7 +980,7 @@ function New_File_response() { //***********************************************
 		fclose($handle);
 		$message .= '<b>Created file:</b> '.htmlentities($new_name);
 		$page     = "edit";
-		$param1   = '?i='.URLencode_path($ipath);
+		$param2   = '&amp;f='.rawurlencode(basename($filename));// for Edit_Page() buttons
 	}else{
 		$message .= $EX.' <b>Error - new file not created:<br>';
 		$message .= htmlentities($new_name);
@@ -1022,7 +1022,7 @@ function Copy_Ren_Move_Page($action, $title, $name_id, $isfile) { //******
 //******************************************************************************
 function Copy_Ren_Move_response($old_name, $new_name, $action, $msg1, $msg2, $isfile){
 	//$action = 'copy' or 'rename'. $isfile = 1 if acting on a file, not a folder
-	global $WEB_ROOT, $ipath, $param1, $message, $EX, $page, $filename;
+	global $WEB_ROOT, $ipath, $param1, $param2, $message, $EX, $page, $filename;
 
 	$old_name = trim($old_name,'/ ');
 	$new_name = trim($new_name,'/ ');
@@ -1047,8 +1047,8 @@ function Copy_Ren_Move_response($old_name, $new_name, $action, $msg1, $msg2, $is
 		if ($isfile) { $ipath = Check_path(dirname($filename)); } //if changed,
 		else         { $ipath = Check_path($filename); }          //return to new dir.
 		$param1   = '?i='.URLencode_path($ipath);
-
-
+		$param2   = '&amp;f='.rawurlencode(basename($filename));
+		$param3   = '&amp;p=edit';
 	}else{
 		$message .= '<b>'.htmlentities($WEB_ROOT.$old_name).'</b><br>';
 		$message .= $EX.' <b>Error during '.$msg1.' from the above to the following:</b><br>';
@@ -1113,7 +1113,7 @@ function New_Folder_response(){ //**********************************************
 
 	$new_name = trim($_POST["new_folder"],'/ '); //Trim spaces, and make sure only has a single trailing slash.
 
-
+	$invalid = false;
 	foreach ($INVALID_CHARS_array as $bad_char) {
 		if (strpos($new_name, $bad_char) !== false) { $invalid = true; }
 	}
@@ -1185,7 +1185,7 @@ function Page_Title(){ //***<title>Page_Title()</title>*************************
 	global $page;
 
 	if     ($page == "login")        { return "Log In";         }
-
+	elseif ($page == "hash")         { return "Hash";           }
 	elseif ($page == "edit")         { return "Edit/View File"; }
 	elseif ($page == "upload")       { return "Upload File";    }
 	elseif ($page == "newfile")      { return "New File";       }
@@ -1205,7 +1205,7 @@ function Load_Selected_Page(){ //***********************************************
 	global $ONESCRIPT, $page;
 
 	if     ($page == "login")        { Login_Page();         }
-
+	elseif ($page == "hash")         { Hash_Page();          }
 	elseif ($page == "edit")         { Edit_Page();          }
 	elseif ($page == "upload")       { Upload_Page();        }
 	elseif ($page == "newfile")      { New_File_Page();      }
@@ -1709,13 +1709,13 @@ function style_sheet(){ //****************************************************?>
 	Xfont: 1em "Courier New", Courier, monospace;
 	}
 
+#admin {padding: .3em;}
 
-
-
+.info {margin-top: .7em; background: #f9f9f9; padding: .2em .5em;}
 
 .path {padding: 3px 5px 3px 5px} /*TRBL*/
 
-
+.edit_onefile {padding: 5px; float: right;}
 </style>
 <?php }//end style_sheet() *****************************************************
 
@@ -1727,7 +1727,7 @@ function style_sheet(){ //****************************************************?>
 //Begin logic to determine page action
 
 
-
+if( PHP_VERSION_ID < 50000 ) { exit("OneFileCMS requires PHP5 to operate. Tested on versions 5.2.17, 5.3.3 & 5.4"); }
 
 Session_Startup(); //***********************************************************
 
@@ -1740,13 +1740,13 @@ function style_sheet(){ //****************************************************?>
 
 if ($VALID_POST) { //***********************************************************
 	if     (isset($_FILES['upload_file']['name'])) { Upload_File_response(); }
-
+	elseif (isset($_POST["whattohash"]   )) { Hash_Page_response(); }
 	elseif (isset($_POST["filename"]     )) { Edit_Page_response(); }
-	elseif (isset($_POST["new_file"]     )) { New_File_response(); }
+	elseif (isset($_POST["new_file"]     )) { New_File_response();  }
 	elseif (isset($_POST["copy_file"]    )) { Copy_Ren_Move_response($_POST[ "old_name"], $_POST["copy_file"], 'copy', 'Copy', 'Copied', 1); } 
 	elseif (isset($_POST["rename_file"]  )) { Copy_Ren_Move_response($_POST[ "old_name"], $_POST["rename_file"], 'rename', 'Rename/Move', 'Renamed/Moved', 1); } 
 	elseif (isset($_POST["delete_file"]  )) { Delete_File_response(); }
-	elseif (isset($_POST["new_folder"]   )) { New_Folder_response(); }
+	elseif (isset($_POST["new_folder"]   )) { New_Folder_response();  }
 	elseif (isset($_POST["rename_folder"])) { Copy_Ren_Move_response($_POST[ "old_name"], $_POST["rename_folder"], 'rename', 'Rename/Move', 'Renamed/Moved', 0); } 
 	elseif (isset($_POST["delete_folder"])) { Delete_Folder_response(); }
 }//end if ($VALID_POST) ********************************************************
@@ -1806,17 +1806,16 @@ function style_sheet(){ //****************************************************?>
 </head>
 <body>
 
-<?php
-if ($page == "login"){ echo '<div class="login_page">'; }
-				 else{ echo '<div class="container" >'; }
+<?php if ($page == "login"){ echo '<div class="login_page">'; }
+      else                 { echo '<div class="container" >'; }
 ?>
 
 <div class="header">
-	<?php echo '<a href="', $ONESCRIPT, '" id="logo">', $config_title; ?></a>
-	<?php echo $version; ?>
-	(on&nbsp;php&nbsp;<?php echo phpversion(); ?>)
+	<a href="<?php echo $ONESCRIPT.'" id="logo">'.$config_title; ?></a>
+	<?php echo $version.' (on&nbsp;php&nbsp'.phpversion().')'; ?>
+
 	<div class="nav">
-		<a href="/" target="_blank"><?php show_favicon() ?>&nbsp; 
+		<a href="/" target="_blank"><?php show_favicon() ?>&nbsp;
 		<b><?php echo htmlentities($WEBSITE) ?></b>  &nbsp;- &nbsp;
 		Visit Site</a>
 		<?php if ($page != "login") { ?>
@@ -1825,17 +1824,18 @@ function style_sheet(){ //****************************************************?>
 	</div><div style="clear:both;"></div>
 </div><!-- end header -->
 
-<?php if ( $page != "login" ){ Current_Path_Header(); } ?>
+<?php if ( $page != "login"  &&  $page != "hash" ){ Current_Path_Header(); } ?>
 
 <?php message_box() ?>
 
 <?php Load_Selected_Page() ?>
 
+<hr>
 
+<?php if ( ($page != "hash") && ($_SESSION['valid']) ){ 
+		echo '<a id="admin" href="'.$ONESCRIPT.$param1.'&amp;p=hash">Admin</a>'; }
+?>
 
-
-
-<hr>
 </div><!-- end container/login_page -->
 </body>
 </html>
diff --git a/readme.markdown b/readme.markdown
index 2ec523e..f85be6d 100755
--- a/readme.markdown
+++ b/readme.markdown
@@ -1,6 +1,6 @@
-### June 08, 2012
+### June 14, 2012
 
-# Current stable version: 3.1.8
+# Current stable version: 3.1.9
 
 - 3.0+ : "Full" version - uses svg icons
 - 2.0+ : "Lite" version - uses no icons.
@@ -41,8 +41,8 @@ Coupling a utilitarian code editor with basic file managing functions, OneFileCM
 2) Set your username and password - edit them to something less obvious.
 
     // CONFIGURATION INFO
-    $config_username = "username";
-    $config_password = "password";
+    $USERNAME = "username";
+    $PASSWORD = "password";
 
 3) Upload to anywhere on your site!
 
@@ -102,10 +102,11 @@ To report a bug or request a feature, please file an issue via Github. Forks enc
 
 ##Needed/potential/upcoming improvements
 
+- With Chrome, and possibly Safari, issue with Edit page: Clicking browser [back] & then browser [forward],  with file changed and not saved. On return (after [forward] clicked), file still has changes, but indicators are green (saved/unchanged). Does not affect FF 7+ or IE 8+.
+- Issue with Chrome's XSS filter: Editing some legitimate files with OneFileCMS will trigger the filter and disable most javascript provided functionallity, but only while on edit page of such a file.
 - Connection is not encrypted (doesn't use SSL), so passwords & usernames are sent in clear text during login.
 - Be aware that only some very basic & rudimentary data & error checking is performed.  
   On Windows, for instance, it's possible to create folders that are subsequently inaccessible and undeletable by Windows.  (Yea, I found out the hard way...)
-- With Chrome, and possibly Safari, issue with Edit page: Clicking browser [back] & then browser [forward],  with file changed and not saved. On return (after [forward] clicked), file still has changes, but indicators are green (saved/unchanged). Does not affect FF 7+ or IE 8+.
 - Multiple login names.
 - Anything else?
 
@@ -144,7 +145,13 @@ GENERATE THE PAGE
 
 ## Change Log
 
-###3.1.6 thru 3.1.8
+### 3.1.9
+
+- Password may now be stored as an encrypted hash, instead of in plain text.
+- Added an "Admin" page to generate password hashes.
+- A bunch of other code tweakin' & improvements.
+
+### 3.1.6 thru 3.1.8
 
 - Converted bulk of rest of code into functions (easier to work with)
 - Resolved issue (I hope) with differing versions of PHP and how magic_quotes & stripslashes are handeled.

From 13f9ecfc3963e1e0e1e0b49be246dcaca12c00ed Mon Sep 17 00:00:00 2001
From: Self-Evident <selfevidenttruths@mail.com>
Date: Sun, 17 Jun 2012 13:50:05 -0400
Subject: [PATCH 080/228] Version 3.1.9.01 Improved session_startup() login
 logic a bit. No longer storing username or hash/pass-word in $_SESSION. Using
 $_SESSION[valid] to indicated session state (good/bad). widened .login_page
 10px config_info spacing. Prep for coming changes.

---
 onefilecms.php | 39 ++++++++++++++++++++-------------------
 1 file changed, 20 insertions(+), 19 deletions(-)

diff --git a/onefilecms.php b/onefilecms.php
index 3dd860b..1f32fa0 100755
--- a/onefilecms.php
+++ b/onefilecms.php
@@ -1,7 +1,7 @@
 <?php
 // OneFileCMS - github.com/Self-Evident/OneFileCMS
 
-$version = '3.1.9';
+$version = '3.1.9.01';
 
 /*******************************************************************************
 Copyright © 2009-2012 https://github.com/rocktronica
@@ -32,13 +32,16 @@
 
 
 // CONFIGURABLE INFO ***********************************************************
+$config_title     = "OneFileCMS";
+
 $USERNAME = 'username';
 
-$PASSWORD = 'password'; //If using $HASHWORD, you may leave this value empty.
-$USE_HASH = 0 ; // If = 0, use $PASSWORD. If = 1, use $HASHWORD. 
+$PASSWORD = ''; //If using $HASHWORD, you may leave this value empty.
+$USE_HASH = 1 ; // If = 0, use $PASSWORD. If = 1, use $HASHWORD. 
 $HASHWORD = 'ff20c771cd8b39d848aa3bb631e880ece7682f98164d5446699cee1b6486fdb3'; //default hash for "password"
 
-$config_title     = "OneFileCMS";
+
+
 
 $MAX_IMG_W   = 810;   // Max width to display images. (page container = 810)
 $MAX_IMG_H   = 1000;  // Max height.  I don't know, it just looks reasonable.
@@ -91,27 +94,25 @@
 
 
 function Session_Startup() {//**************************************************
-	global $USERNAME, $PASSWORD, $HASHWORD, $USE_HASH, $SALT, $message , $page, $VALID_POST;
+	global $USERNAME, $PASSWORD, $HASHWORD, $USE_HASH, $message , $page, $VALID_POST;
 
 	session_start();
 
 	undo_magic_quotes();
 
-	if ($USE_HASH){ $PASS = $HASHWORD; }else{ $PASS = $PASSWORD; }
-
 	if ( isset($_POST["username"]) || isset($_POST["password"]) ) {
-		$_SESSION['username'] = $_POST["username"];
+		if ($USE_HASH){ $VALID_PASSWORD = (hashit($_POST['password'] == $HASHWORD)); }
+		else          { $VALID_PASSWORD = (       $_POST['password'] == $PASSWORD);  }
 
-		if ($USE_HASH) { $_SESSION['password'] = hashit($_POST["password"]); }
-		else           { $_SESSION['password'] =        $_POST["password"];  }
-
-		if (($_SESSION['username'] != $USERNAME) || ($_SESSION['password'] != $PASS))
-			{ $message .= $EX.' <b>INVALID LOGIN ATTEMPT</b>'; }
+		if (($_POST["username"] == $USERNAME) && $VALID_PASSWORD ) {
+			$_SESSION['valid'] = "1"; $page = "index";
+		}else{
+			$_SESSION['valid'] = "0"; $page = "login"; unset($_GET["p"]); session_destroy();
+			$message .= $EX.' <b>INVALID LOGIN ATTEMPT</b>';
+		}
 	}
 
-	if (($_SESSION['username'] == $USERNAME) && ( $_SESSION['password'] == $PASS ))
-		 { $_SESSION['valid'] = "1"; $page = "index"; }
-	else { $_SESSION['valid'] = "0"; $page = "login"; unset($_GET["p"]); session_destroy() ;}
+	if (!$_SESSION['valid']) { session_destroy(); $page = login; }
 
 	$VALID_POST = ($_SESSION['valid'] == "1" && $_POST["sessionid"] == session_id());
 
@@ -1655,7 +1656,7 @@ function style_sheet(){ //****************************************************?>
 	margin  : 5em auto;
 	border  : 1px solid #807568;
 	padding : 1em 1em 0 1em;
-	width   : 360px;
+	width   : 370px;
 	}
 
 .login_page .nav { margin-top: .5em; }
@@ -1663,11 +1664,11 @@ function style_sheet(){ //****************************************************?>
 .login_input {
 	border  : 1px solid #807568;
 	padding : 2px 0px 2px 2px;
-	width   : 356px;
+	width   : 366px;
 	font    : 1em "Courier New";
 	}
 
-.login_page input[type="text"]{ width   : 354px; }
+.login_page input[type="text"]{ width   : 364px; }
 
 
 /* --- --- --- */

From ae76a8e8700c82addf8c24c060917b403eb17d54 Mon Sep 17 00:00:00 2001
From: Self-Evident <selfevidenttruths@mail.com>
Date: Sun, 17 Jun 2012 14:00:03 -0400
Subject: [PATCH 081/228] Version 3.1.9.02 Using session_regenerate_id(true) if
 login succeeds or fails. If invalid session or logout, "destroy" sessoin...
 Check for consistant HTTP_USER_AGENT Changed default session_name() Moved
 clearstatcache from Edit_form_page() to Edit_Page(). Moved call to
 undo_magic_quotes() to Get_GET() Tweaked .edit_disabled font color

---
 onefilecms.php | 42 +++++++++++++++++++++++++++++-------------
 1 file changed, 29 insertions(+), 13 deletions(-)

diff --git a/onefilecms.php b/onefilecms.php
index 1f32fa0..637174d 100755
--- a/onefilecms.php
+++ b/onefilecms.php
@@ -1,7 +1,7 @@
 <?php
 // OneFileCMS - github.com/Self-Evident/OneFileCMS
 
-$version = '3.1.9.01';
+$version = '3.1.9.02';
 
 /*******************************************************************************
 Copyright © 2009-2012 https://github.com/rocktronica
@@ -36,8 +36,8 @@
 
 $USERNAME = 'username';
 
-$PASSWORD = ''; //If using $HASHWORD, you may leave this value empty.
-$USE_HASH = 1 ; // If = 0, use $PASSWORD. If = 1, use $HASHWORD. 
+$PASSWORD = 'password'; //If using $HASHWORD, you may leave this value empty.
+$USE_HASH = 0 ; // If = 0, use $PASSWORD. If = 1, use $HASHWORD. 
 $HASHWORD = 'ff20c771cd8b39d848aa3bb631e880ece7682f98164d5446699cee1b6486fdb3'; //default hash for "password"
 
 
@@ -96,25 +96,34 @@
 function Session_Startup() {//**************************************************
 	global $USERNAME, $PASSWORD, $HASHWORD, $USE_HASH, $message , $page, $VALID_POST;
 
+	session_name('OFCMS'); //Change from default ('PHPSESSID')
 	session_start();
 
-	undo_magic_quotes();
-
+	//Validate login
 	if ( isset($_POST["username"]) || isset($_POST["password"]) ) {
 		if ($USE_HASH){ $VALID_PASSWORD = (hashit($_POST['password'] == $HASHWORD)); }
-		else          { $VALID_PASSWORD = (       $_POST['password'] == $PASSWORD);  }
+		else          { $VALID_PASSWORD = (       $_POST['password'] == $PASSWORD) ; }
 
 		if (($_POST["username"] == $USERNAME) && $VALID_PASSWORD ) {
+			session_regenerate_id(true);
 			$_SESSION['valid'] = "1"; $page = "index";
+			$_SESSION['HTTP_USER_AGENT'] = $_SERVER['HTTP_USER_AGENT'];
 		}else{
-			$_SESSION['valid'] = "0"; $page = "login"; unset($_GET["p"]); session_destroy();
+			$_SESSION['valid'] = "0";
 			$message .= $EX.' <b>INVALID LOGIN ATTEMPT</b>';
 		}
 	}
 
-	if (!$_SESSION['valid']) { session_destroy(); $page = login; }
+	//Just a minor user consistancy check... (every little bit helps a little)
+	if ($_SERVER["HTTP_USER_AGENT"] != $_SESSION['HTTP_USER_AGENT']) { $_SESSION['valid'] = 0; }
+
+	if (!$_SESSION['valid']) {
+		session_regenerate_id(true);
+		session_unset(); session_destroy(); session_write_close();
+		$page = login; unset($_GET); unset($_POST);
+	}
 
-	$VALID_POST = ($_SESSION['valid'] == "1" && $_POST["sessionid"] == session_id());
+	$VALID_POST = ($_SESSION['valid'] && $_POST["sessionid"] == session_id());
 
 	chdir($_SERVER["DOCUMENT_ROOT"]); //Allow OneFileCMS.php to be started from any dir on the site.
 }//End Session_Startup() *******************************************************
@@ -123,7 +132,7 @@ function Session_Startup() {//**************************************************
 
 
 function hashit($key){ //*******************************************************
-	//This is the super-secret stuff - don't tell anyone!!
+	//This is the super-secret stuff - Keep it secret, keep it safe!
 	//If you change anything here, redo the hash for your password.
 	$hash = hash('sha256', trim($key).$salt); // trim off leading & trailing spaces.
 	$salt = 'somerandomesalt';
@@ -155,6 +164,8 @@ function Get_GET() { //*** Get main parameters *********************************
 	// i=some/path/,  f=somefile.xyz,  p=somepage
 	global $ipath, $filename, $page, $param1, $param2, $param3, $message, $EX;
 
+	undo_magic_quotes();
+
 	if (isset($_GET["i"])) { $ipath = Check_path($_GET["i"]); }else{ $ipath = ""; }
 
 	if (isset($_GET["f"])) {
@@ -746,7 +757,6 @@ function Edit_Page_Buttons($text_editable, $too_large_to_edit) { //*************
 //******************************************************************************
 function Edit_Page_form($ext, $text_editable, $too_large_to_edit, $too_large_to_edit_message){ 
 	global $ONESCRIPT, $param1, $param2, $param3, $filename, $itypes, $INPUT_SESSIONID, $EX, $message;
-	clearstatcache ();
 ?>
 	<form id="edit_form" name="edit_form" method="post" action="<?php echo $ONESCRIPT.$param1.$param2.$param3 ?>">
 		<?php echo $INPUT_SESSIONID; ?>
@@ -783,7 +793,10 @@ function Edit_Page_form($ext, $text_editable, $too_large_to_edit, $too_large_to_
 
 	if ($text_editable && !$too_large_to_edit && !$bad_chars) {
 		Edit_Page_scripts();
-		echo '<div id="edit_note">NOTE: On some browsers, such as Chrome, if you click the browser [Back] then browser [Forward] (or vice versa), the file state may not be accurate.  To correct, click the browser\'s [Reload].</div>';
+		echo '<div id="edit_note">NOTES:<ol>';
+		echo '<li>On some browsers, such as Chrome, if you click the browser [Back] then browser [Forward] (or vice versa), the file state may not be accurate.  To correct, click the browser\'s [Reload].';
+		echo '<li>Under certain circumstances, Chrome\'s XSS filters may disable some javascript in a page if it even <i>appears</i> to contain inline javascript.  This can affect certain features of the OneFileCMS edit page when editing files that actually contain such code, such as OneFileCMS itself.  However, these files can still be edited and saved with OneFileCMS.  The primary function lost is the incidental change of background colors (red/green) indicating whether or not the file has unsaved changes.  The issue will be noticed after the first save of such a file.';
+		echo '</div>';
 	}
 ?>
 	</form> 
@@ -795,6 +808,7 @@ function Edit_Page_form($ext, $text_editable, $too_large_to_edit, $too_large_to_
 
 function Edit_Page() { //*******************************************************
 	global $ONESCRIPT, $param1, $filename, $filecontent, $etypes, $itypes, $MAX_EDIT_SIZE, $MAX_VIEW_SIZE;
+	clearstatcache ();
 
 	//Determine if text editable file type
 	$ext = end( explode(".", strtolower($filename) ) );
@@ -1578,7 +1592,7 @@ function style_sheet(){ //****************************************************?>
 	width  : 99%;
 	padding: .2em;
 	margin : 0;
-	background-color: #FFF000;
+	background-color: #FFF000; color: #333;
 	line-height: 1.4em;
 	}
 
@@ -1766,6 +1780,8 @@ function style_sheet(){ //****************************************************?>
 elseif ( ($page == "edit")  && !is_file($filename) )  { $page = "index"; }
 
 elseif ($page == "logout") { $page = "login"; $_SESSION['valid'] = "0";	session_destroy();
+		session_regenerate_id(true);
+		session_unset(); session_destroy(); session_write_close();// setcookie(session_name(),'',0,'/');
 		$message .= 'You have successfully logged out.'; }
 
 		//Don't load delete page if folder not empty.

From e59507ce73895dd3dde48e8308c9ff280adee90f Mon Sep 17 00:00:00 2001
From: Self-Evident <selfevidenttruths@mail.com>
Date: Mon, 18 Jun 2012 00:11:11 -0400
Subject: [PATCH 082/228] Version 3.1.9.03 After x number of failed login
 attempts, delay next attempt. Created Login_response() & cleaned up
 Session_Startup(). Created Logout() & steps for a more secure & reliable
 logout. Tweaked some css Moved basic check for $valid_pages to Get_GET().
 Minor fix: after New File created, Edit page opens, type stuff, [Save].  -
 Was returning to Index, instead of back to Edit page.

---
 onefilecms.php | 120 +++++++++++++++++++++++++++++--------------------
 1 file changed, 71 insertions(+), 49 deletions(-)

diff --git a/onefilecms.php b/onefilecms.php
index 637174d..aa8d283 100755
--- a/onefilecms.php
+++ b/onefilecms.php
@@ -1,7 +1,7 @@
 <?php
 // OneFileCMS - github.com/Self-Evident/OneFileCMS
 
-$version = '3.1.9.02';
+$version = '3.1.9.03';
 
 /*******************************************************************************
 Copyright © 2009-2012 https://github.com/rocktronica
@@ -40,8 +40,8 @@
 $USE_HASH = 0 ; // If = 0, use $PASSWORD. If = 1, use $HASHWORD. 
 $HASHWORD = 'ff20c771cd8b39d848aa3bb631e880ece7682f98164d5446699cee1b6486fdb3'; //default hash for "password"
 
-
-
+$MAX_ATTEMPTS = 3;  //Max failed login attempts before LOGIN_DELAY starts.
+$LOGIN_DELAY  = 30; //In seconds.
 
 $MAX_IMG_W   = 810;   // Max width to display images. (page container = 810)
 $MAX_IMG_H   = 1000;  // Max height.  I don't know, it just looks reasonable.
@@ -78,8 +78,8 @@
 
 $valid_pages = array("hash", "login","logout","index","edit","upload","uploaded","newfile","copy","rename","delete","newfolder","renamefolder","deletefolder" );
 
-$INVALID_CHARS = '< > ? * : " | / \\'; //Illegal characters for file/folder names. (Space deliminated)
-$INVALID_CHARS_array = explode(' ', $INVALID_CHARS);
+$INVALID_CHARS = '< > ? * : " | / \\'; //Illegal characters for file/folder names.
+$INVALID_CHARS_array = explode(' ', $INVALID_CHARS); // (Space deliminated)
 
 //Make arrays out of a few $config_variables for actual use later.
 //Also, remove spaces and make lowercase.
@@ -94,34 +94,18 @@
 
 
 function Session_Startup() {//**************************************************
-	global $USERNAME, $PASSWORD, $HASHWORD, $USE_HASH, $message , $page, $VALID_POST;
+	global $USERNAME, $PASSWORD, $USE_HASH, $HASHWORD, $message , $page, $VALID_POST;
 
 	session_name('OFCMS'); //Change from default ('PHPSESSID')
 	session_start();
 
-	//Validate login
-	if ( isset($_POST["username"]) || isset($_POST["password"]) ) {
-		if ($USE_HASH){ $VALID_PASSWORD = (hashit($_POST['password'] == $HASHWORD)); }
-		else          { $VALID_PASSWORD = (       $_POST['password'] == $PASSWORD) ; }
-
-		if (($_POST["username"] == $USERNAME) && $VALID_PASSWORD ) {
-			session_regenerate_id(true);
-			$_SESSION['valid'] = "1"; $page = "index";
-			$_SESSION['HTTP_USER_AGENT'] = $_SERVER['HTTP_USER_AGENT'];
-		}else{
-			$_SESSION['valid'] = "0";
-			$message .= $EX.' <b>INVALID LOGIN ATTEMPT</b>';
-		}
-	}
+	//If logging in, validate
+	if ( isset($_POST["username"]) || isset($_POST["password"]) ) { Login_response(); }
 
 	//Just a minor user consistancy check... (every little bit helps a little)
-	if ($_SERVER["HTTP_USER_AGENT"] != $_SESSION['HTTP_USER_AGENT']) { $_SESSION['valid'] = 0; }
+	if ( $_SESSION['USER_AGENT'] != md5($_SERVER["HTTP_USER_AGENT"])) { $_SESSION['valid'] = 0; }
 
-	if (!$_SESSION['valid']) {
-		session_regenerate_id(true);
-		session_unset(); session_destroy(); session_write_close();
-		$page = login; unset($_GET); unset($_POST);
-	}
+	if (!$_SESSION['valid']) { Logout(); }
 
 	$VALID_POST = ($_SESSION['valid'] && $_POST["sessionid"] == session_id());
 
@@ -131,6 +115,55 @@ function Session_Startup() {//**************************************************
 
 
 
+function Logout(){ //**************************************************
+	global $page;
+	session_regenerate_id(true);
+	session_unset();
+	session_destroy();
+	session_write_close();
+	unset($_GET);
+	unset($_POST);
+	$page = login;
+}//end Logout() *******************************************************
+
+
+
+
+function Login_response() { //**************************************************
+	global $USERNAME, $PASSWORD, $USE_HASH, $HASHWORD, $MAX_ATTEMPTS, $LOGIN_DELAY, $message, $EX, $page, $DOC_ROOT;
+
+	$Login_Attempts = $DOC_ROOT.trim($_SERVER["SCRIPT_NAME"],'/').'.invalid_login_attempts';
+	$attempts       = (int)file_get_contents($Login_Attempts) + 1;
+	clearstatcache();
+	$elapsed        = time() - filemtime($Login_Attempts);
+
+	if ( ($attempts > $MAX_ATTEMPTS) && ($elapsed < $LOGIN_DELAY) ){
+		$message  = $EX.' <b>Too many invalid login attempts. </b><br>Please wait ';
+		$message .= ($LOGIN_DELAY - $elapsed) .' seconds to try again.';
+		$_SESSION['valid'] = '0';
+		return 0;
+	}
+
+	if ($USE_HASH){ $VALID_PASSWORD = (hashit($_POST['password']) == $HASHWORD); }
+	else          { $VALID_PASSWORD = (       $_POST['password']  == $PASSWORD); }
+
+	//Validate login attempt
+	if ( $VALID_PASSWORD && ($_POST['username'] == $USERNAME) ) {
+		session_regenerate_id(true);
+		$_SESSION['USER_AGENT'] = md5($_SERVER['HTTP_USER_AGENT']); //for simple user consistancy check later.
+		$_SESSION['valid'] = '1';
+		$page = "index";
+		unlink($Login_Attempts); //delete invalid login count file
+	}else{
+		Logout();
+		$message .= $EX.' <b>INVALID LOGIN ATTEMPT # '.$attempts.'</b> ';
+		file_put_contents($Login_Attempts, $attempts);
+	}
+}//end Login_response() //******************************************************
+
+
+
+
 function hashit($key){ //*******************************************************
 	//This is the super-secret stuff - Keep it secret, keep it safe!
 	//If you change anything here, redo the hash for your password.
@@ -162,7 +195,7 @@ function strip_array($var) {
 
 function Get_GET() { //*** Get main parameters *********************************
 	// i=some/path/,  f=somefile.xyz,  p=somepage
-	global $ipath, $filename, $page, $param1, $param2, $param3, $message, $EX;
+	global $ipath, $filename, $page, $valid_pages, $param1, $param2, $param3, $message, $EX;
 
 	undo_magic_quotes();
 
@@ -175,7 +208,8 @@ function Get_GET() { //*** Get main parameters *********************************
 		if ( !is_file($filename) ) { $filename = ""; $page = "index"; }
 	}else{ $filename = ""; }
 
-	if (isset($_GET["p"])) { $page = $_GET["p"]; } // default $page set in session startup
+	if (isset($_GET["p"])) { $page = $_GET["p"]; } 
+	if (!in_array(strtolower($page), $valid_pages)) { $page = "index"; }
 
 	$param1 = '?i='.URLencode_path($ipath);
 	if ($filename == "") { $param2 = ""; }else{ $param2 = '&amp;f='.rawurlencode(basename($filename)); }
@@ -337,16 +371,6 @@ function Upload_New_Rename_Delete_Links() { //**********************************
 
 
 
-
-
-
-
-
-
-
-
-
-
 function Cancel_Submit_Buttons($submit_label, $focus) { //**********************
 	//$submit_label = Rename, Copy, Delete, etc...
 	//$focus is ID of element to receive focus(). (element may be outside this function)
@@ -823,7 +847,7 @@ function Edit_Page() { //*******************************************************
 
 	$too_large_to_edit_message = 
 '<b>Edit disabled. Filesize &gt; '.number_format($MAX_EDIT_SIZE).' bytes.</b><br>
-Some browsers (on my PC) bog down or become unstable while editing a large file in an HTML &lt;textarea&gt;.<br>
+Some browsers (ie: IE) bog down or become unstable while editing a large file in an HTML &lt;textarea&gt;.<br>
 Adjust $MAX_EDIT_SIZE in the configuration section of OneFileCMS as needed.<br>
 A simple trial and error test can determine a practical limit for a given browser/computer.';
 	$too_large_to_view_message = 
@@ -971,7 +995,7 @@ function New_File_Page() { //***************************************************
 
 
 function New_File_response() { //***********************************************
-	global $ipath, $param2, $filename, $page, $message, $EX, $INVALID_CHARS, $INVALID_CHARS_array;
+	global $ipath, $param2, $param3, $filename, $page, $message, $EX, $INVALID_CHARS, $INVALID_CHARS_array;
 
 	$new_name = trim($_POST["new_file"],'/ '); //Trim spaces and slashes.
 	$filename = $ipath.$new_name;
@@ -996,6 +1020,7 @@ function New_File_response() { //***********************************************
 		$message .= '<b>Created file:</b> '.htmlentities($new_name);
 		$page     = "edit";
 		$param2   = '&amp;f='.rawurlencode(basename($filename));// for Edit_Page() buttons
+		$param3   = '&amp;p=edit';                              // for Edit_Page() buttons 
 	}else{
 		$message .= $EX.' <b>Error - new file not created:<br>';
 		$message .= htmlentities($new_name);
@@ -1423,7 +1448,7 @@ function style_sheet(){ //****************************************************?>
 
 form p { margin-bottom: .3em; }
 
-label { display: inline-block; width : 6em; font-size : 1em; }
+label { display: inline-block; width : 6em; font-size : 1em; font-weight: bold; }
 
 svg { margin: 0; padding: 0; }
 
@@ -1573,7 +1598,7 @@ function style_sheet(){ //****************************************************?>
 input[type="text"] {
 	border: 1px solid #807568;
 	padding: 2px;
-	width: 40em;
+	width: 50em;
 	font: 1em "Courier New", Courier, monospace;
 	}
 
@@ -1701,7 +1726,7 @@ function style_sheet(){ //****************************************************?>
 	overflow: visible;
 	}
 
-.web_root { font:1.2em Courier; }
+.web_root { font:1em Courier; }
 
 .verify {
 	border: 1px solid #F44;
@@ -1771,17 +1796,14 @@ function style_sheet(){ //****************************************************?>
 
 //*** Verify valid $page and/or $filename **************************************
 
-if     (!in_array(strtolower($page), $valid_pages))   { $page = "index"; }
-
         //Don't load login screen if already in a valid session.
-elseif ( ($page == "login") && ($_SESSION['valid']) ) { $page = "index"; }
+if     ( ($page == "login") && ($_SESSION['valid']) ) { $page = "index"; }
 
 		//Don't load edit page if $filename doesn't exist.
 elseif ( ($page == "edit")  && !is_file($filename) )  { $page = "index"; }
 
-elseif ($page == "logout") { $page = "login"; $_SESSION['valid'] = "0";	session_destroy();
-		session_regenerate_id(true);
-		session_unset(); session_destroy(); session_write_close();// setcookie(session_name(),'',0,'/');
+elseif ($page == "logout") {
+		Logout();
 		$message .= 'You have successfully logged out.'; }
 
 		//Don't load delete page if folder not empty.

From ea431d37c287a90a9bdbaff7bac1062b95596534 Mon Sep 17 00:00:00 2001
From: Self-Evident <SelfEvidentTruths@mail.com>
Date: Mon, 18 Jun 2012 17:49:52 -0300
Subject: [PATCH 083/228] Error/warning messages are shown...

---
 readme.markdown | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/readme.markdown b/readme.markdown
index f85be6d..76f9e7a 100755
--- a/readme.markdown
+++ b/readme.markdown
@@ -1,4 +1,10 @@
-### June 14, 2012
+### June 18, 2012
+
+## error/warning messages get displayed.
+
+- Evidently, default PHP error/warning levels are not the same as what my test setup uses. That is, you may get a bumnch of warnings during failed login attempts, among other things.  THey are nothing to worry about (probably).  Anyway, to disable the warnings, add the following line to the top of onefilecms.php:  
+error_reporting(0);  
+
 
 # Current stable version: 3.1.9
 

From 532613fd0586e11baaccc5da1c22ccbb2154c1d5 Mon Sep 17 00:00:00 2001
From: Self-Evident <selfevidenttruths@mail.com>
Date: Tue, 19 Jun 2012 22:35:29 -0400
Subject: [PATCH 084/228] Version 3.1.9.04 Added .$param2 to Admin link so
 [Cancel] from Hash page returns to  either Edit page or Index, as
 appropriate. Removed "Visit Site" text since the favicon & URL of the site
 being managed are shown. In hashit(), moved $salt line up, as it was after
 it's first use. Edit_Page_response(), on $message lines, changed  =  to  .=
 In Logout() - Missing quotes: $page = 'login' Renamed Upload_File_Response()
 to just Upload_response() Added ini_set('display_errors', 'off');

---
 onefilecms.php | 27 ++++++++++++++-------------
 1 file changed, 14 insertions(+), 13 deletions(-)

diff --git a/onefilecms.php b/onefilecms.php
index aa8d283..e4cf222 100755
--- a/onefilecms.php
+++ b/onefilecms.php
@@ -1,7 +1,7 @@
 <?php
 // OneFileCMS - github.com/Self-Evident/OneFileCMS
 
-$version = '3.1.9.03';
+$version = '3.1.9.04';
 
 /*******************************************************************************
 Copyright © 2009-2012 https://github.com/rocktronica
@@ -29,6 +29,7 @@
 *******************************************************************************/
 
 
+ini_set('display_errors', 'off');
 
 
 // CONFIGURABLE INFO ***********************************************************
@@ -43,6 +44,7 @@
 $MAX_ATTEMPTS = 3;  //Max failed login attempts before LOGIN_DELAY starts.
 $LOGIN_DELAY  = 30; //In seconds.
 
+
 $MAX_IMG_W   = 810;   // Max width to display images. (page container = 810)
 $MAX_IMG_H   = 1000;  // Max height.  I don't know, it just looks reasonable.
 
@@ -115,7 +117,7 @@ function Session_Startup() {//**************************************************
 
 
 
-function Logout(){ //**************************************************
+function Logout(){ //***********************************************************
 	global $page;
 	session_regenerate_id(true);
 	session_unset();
@@ -123,8 +125,8 @@ function Logout(){ //**************************************************
 	session_write_close();
 	unset($_GET);
 	unset($_POST);
-	$page = login;
-}//end Logout() *******************************************************
+	$page = 'login';
+}//end Logout() ****************************************************************
 
 
 
@@ -167,8 +169,8 @@ function Login_response() { //**************************************************
 function hashit($key){ //*******************************************************
 	//This is the super-secret stuff - Keep it secret, keep it safe!
 	//If you change anything here, redo the hash for your password.
-	$hash = hash('sha256', trim($key).$salt); // trim off leading & trailing spaces.
 	$salt = 'somerandomesalt';
+	$hash = hash('sha256', trim($key).$salt); // trim off leading & trailing spaces.
 	for ( $x=0; $x < 1000; $x++ ) { $hash = hash('sha256', $hash.$salt); }
 	return $hash;
 }//end hashit() ****************************************************************
@@ -895,9 +897,9 @@ function Edit_Page_response(){ //***If on Edit page, and [Save] clicked ********
 	$bytes = file_put_contents($filename, $content);
 
 	if ($bytes !== false) {
-		$message = '<b>File saved: '.$bytes.' bytes written.</b>';
+		$message .= '<b>File saved: '.$bytes.' bytes written.</b>';
 	}else{
-		$message = $EX.' <b>There was an error saving file.</b>';
+		$message .= $EX.' <b>There was an error saving file.</b>';
 	}
 }//end Edit_Page_response() ****************************************************
 
@@ -940,7 +942,7 @@ function shorthand_to_int($SHORTHAND){ //*******************
 
 
 
-function Upload_File_response() { //********************************************
+function Upload_response() { //********************************************
 	global $filename, $message, $EX, $page;
 	$filename    = $_FILES['upload_file']['name'];
 	$destination = Check_path($_POST["upload_destination"]);
@@ -973,7 +975,7 @@ function Upload_File_response() { //********************************************
 			$message .= '<br>'.$EX.' <b> Upload failed: </b>'.$ERRMSG.'';
 		}
 	}
-}//end Upload_File_response() **************************************************
+}//end Upload_response() **************************************************
 
 
 
@@ -1779,7 +1781,7 @@ function style_sheet(){ //****************************************************?>
 
 
 if ($VALID_POST) { //***********************************************************
-	if     (isset($_FILES['upload_file']['name'])) { Upload_File_response(); }
+	if     (isset($_FILES['upload_file']['name'])) { Upload_response(); }
 	elseif (isset($_POST["whattohash"]   )) { Hash_Page_response(); }
 	elseif (isset($_POST["filename"]     )) { Edit_Page_response(); }
 	elseif (isset($_POST["new_file"]     )) { New_File_response();  }
@@ -1855,8 +1857,7 @@ function style_sheet(){ //****************************************************?>
 
 	<div class="nav">
 		<a href="/" target="_blank"><?php show_favicon() ?>&nbsp;
-		<b><?php echo htmlentities($WEBSITE) ?></b>  &nbsp;- &nbsp;
-		Visit Site</a>
+		<b><?php echo htmlentities($WEBSITE) ?></b></a>
 		<?php if ($page != "login") { ?>
 		| <a href="<?php echo $ONESCRIPT ?>?p=logout">Log Out</a>
 		<?php } ?>
@@ -1872,7 +1873,7 @@ function style_sheet(){ //****************************************************?>
 <hr>
 
 <?php if ( ($page != "hash") && ($_SESSION['valid']) ){ 
-		echo '<a id="admin" href="'.$ONESCRIPT.$param1.'&amp;p=hash">Admin</a>'; }
+		echo '<a id="admin" href="'.$ONESCRIPT.$param1.$param2.'&amp;p=hash">Admin</a>'; }
 ?>
 
 </div><!-- end container/login_page -->

From a0a0abff8c7efa12d6b9f56b0a7d88c6013899ab Mon Sep 17 00:00:00 2001
From: Self-Evident <selfevidenttruths@mail.com>
Date: Sat, 23 Jun 2012 13:17:27 -0400
Subject: [PATCH 085/228] Version 3.1.9.05 ini_set() some basic security &
 error log settings near the top. Moved $SALT back to config section Improved
 check of if editing OneFileCMS & path/filename has urlencoded characters.
 Redid hash for "password" due to hashit() fix in 3.1.9.03
 session_set_cookie_params()   $httponly = true; session_regenerate_id(true)
 every page load. I've read it's a good idea - maybe. Moved Login_Response()
 down to after Login_Page(). Moved Logout() down to before Login_Page().
 Increased height of Edit page <textarea> Tweaked Notes: on Edit page. Updated
 OneFileCMS_structure.txt

---
 OneFileCMS_structure.txt |  12 +++-
 onefilecms.php           | 142 +++++++++++++++++++++++----------------
 2 files changed, 94 insertions(+), 60 deletions(-)

diff --git a/OneFileCMS_structure.txt b/OneFileCMS_structure.txt
index f674c03..8ec7ef5 100755
--- a/OneFileCMS_structure.txt
+++ b/OneFileCMS_structure.txt
@@ -1,6 +1,10 @@
+LICENSE
+
+SOME BASIC SECURITY & ERROR LOG SETTINGS
+
 CONFIGURATION SECTION
 
-SOME STANDARD GLOBAL VARIABLES
+OTHER GLOBAL VALUES
 
 MISC FUNCTIONS:
 	Session_Startup()
@@ -42,7 +46,9 @@ SVG ICON FUNCTIONS:
 PAGE & RESPONSE FUNCTIONS:
 	Hash_Page()
 	Hash_Page_response()
+	Logout()
 	Login_Page()
+	Login_Page_response()
 	list_files()
 	Index_Page()
 	Edit_Page_Buttons()
@@ -50,7 +56,7 @@ PAGE & RESPONSE FUNCTIONS:
 	Edit_Page()
 	Edit_Page_response()
 	Upload_Page()
-	Upload_File_response()
+	Upload_response()
 	New_File_Page()
 	New_File_response() 
 	Copy_Ren_Move_Page()
@@ -78,4 +84,4 @@ LOGIC TO DETERMINE PAGE ACTION
 		Do $_POST['someaction'] (<someaction>_response)
 	Validate $page to show
 	
-GENERATE ACTUAL <HTML>...
+GENERATE/OUTPUT <HTML>...
diff --git a/onefilecms.php b/onefilecms.php
index e4cf222..efaceae 100755
--- a/onefilecms.php
+++ b/onefilecms.php
@@ -1,7 +1,7 @@
 <?php
 // OneFileCMS - github.com/Self-Evident/OneFileCMS
 
-$version = '3.1.9.04';
+$version = '3.1.9.05';
 
 /*******************************************************************************
 Copyright © 2009-2012 https://github.com/rocktronica
@@ -29,7 +29,19 @@
 *******************************************************************************/
 
 
+
+
+//Some basic security & error log settings
+ini_set('session.use_trans_sid', 0);    //make sure ULR supplied SESSID's are not used
+ini_set('session.use_only_cookies', 1); //Only defaults to 1 (enabled) from 5.3 on
 ini_set('display_errors', 'off');
+ini_set('log_errors'    , 'off'); //Ok to turn on for trouble-shooting.
+ini_set('error_log'     , $_SERVER['SCRIPT_FILENAME'].'.log');
+error_reporting(E_ALL &~ E_STRICT);
+//Determine good folder for session file? Default is the system tmp/, which is not secure.
+//session_save_path($safepath)  or  ini_set('session.save_path', $safepath) 
+
+
 
 
 // CONFIGURABLE INFO ***********************************************************
@@ -39,18 +51,19 @@
 
 $PASSWORD = 'password'; //If using $HASHWORD, you may leave this value empty.
 $USE_HASH = 0 ; // If = 0, use $PASSWORD. If = 1, use $HASHWORD. 
-$HASHWORD = 'ff20c771cd8b39d848aa3bb631e880ece7682f98164d5446699cee1b6486fdb3'; //default hash for "password"
+$HASHWORD = 'c3e70af96ab1bfc5669280e98b438e1a8c08ca5e0bb3354c05ceaa6f339fd3f6'; //hash for "password"
+$SALT     = 'somerandomsalt';
 
 $MAX_ATTEMPTS = 3;  //Max failed login attempts before LOGIN_DELAY starts.
 $LOGIN_DELAY  = 30; //In seconds.
 
 
-$MAX_IMG_W   = 810;   // Max width to display images. (page container = 810)
-$MAX_IMG_H   = 1000;  // Max height.  I don't know, it just looks reasonable.
+$MAX_IMG_W   = 810;  // Max width to display images. (page container = 810)
+$MAX_IMG_H   = 1000; // Max height.  I don't know, it just looks reasonable.
 
 $MAX_EDIT_SIZE = 150000;  // Edit gets flaky with large files in some browsers.  Trial and error your's.
 $MAX_VIEW_SIZE = 1000000; // If file > $MAX_EDIT_SIZE, don't even view in OneFileCMS.
-                          // The max view size is completely arbitrary. It was 2am and seemed like a good idea at the time.
+                          // The default max view size is completely arbitrary. It was 2am and seemed like a good idea at the time.
 $config_favicon   = "/favicon.ico";
 $config_excluded  = ""; //files to exclude from directory listings- CaSe sEnsaTive!
 
@@ -60,6 +73,8 @@
 $config_fclass = "bin,img,img,img,img,img,svg,txt,txt,css,php,txt,cfg,cfg ,txt,txt,htm,htm";  // number of values. bin is default.
 
 $EX = '<b>( ! )</b>'; //"EXclaimation point" icon Used in $message's
+
+
 // END CONFIGURABLE INFO *******************************************************
 
 
@@ -68,6 +83,9 @@
 //******************************************************************************
 //Some global system values
 
+
+
+//PHP_VERSION_ID is better/easier to use when checking current version (it's an actual number, not a string)
 if (!defined('PHP_VERSION_ID')) {            //PHP_VERSION_ID only available since 5.2.7
     $phpversion = explode('.', PHP_VERSION); //PHP_VERSION, however, should be available even in older versions.
     define('PHP_VERSION_ID', ($phpversion[0] * 10000 + $phpversion[1] * 100 + $phpversion[2]));
@@ -78,6 +96,7 @@
 $WEB_ROOT  = URLencode_path(basename($DOC_ROOT)).'/';
 $WEBSITE   = $_SERVER["HTTP_HOST"].'/';
 
+
 $valid_pages = array("hash", "login","logout","index","edit","upload","uploaded","newfile","copy","rename","delete","newfolder","renamefolder","deletefolder" );
 
 $INVALID_CHARS = '< > ? * : " | / \\'; //Illegal characters for file/folder names.
@@ -98,6 +117,13 @@
 function Session_Startup() {//**************************************************
 	global $USERNAME, $PASSWORD, $USE_HASH, $HASHWORD, $message , $page, $VALID_POST;
 
+	$limit    = 0; //0 = session.  
+	$path     = dirname($_SERVER['SCRIPT_NAME']);
+	$domain   = ''; // '' = hostname
+	$https    = false; 
+	$httponly = true;//true = unaccessable via javascript. Some XSS protection.
+	session_set_cookie_params($limit, $path, $domain, $https, $httponly);
+
 	session_name('OFCMS'); //Change from default ('PHPSESSID')
 	session_start();
 
@@ -111,57 +137,10 @@ function Session_Startup() {//**************************************************
 
 	$VALID_POST = ($_SESSION['valid'] && $_POST["sessionid"] == session_id());
 
-	chdir($_SERVER["DOCUMENT_ROOT"]); //Allow OneFileCMS.php to be started from any dir on the site.
-}//End Session_Startup() *******************************************************
-
-
-
-
-function Logout(){ //***********************************************************
-	global $page;
 	session_regenerate_id(true);
-	session_unset();
-	session_destroy();
-	session_write_close();
-	unset($_GET);
-	unset($_POST);
-	$page = 'login';
-}//end Logout() ****************************************************************
-
-
-
 
-function Login_response() { //**************************************************
-	global $USERNAME, $PASSWORD, $USE_HASH, $HASHWORD, $MAX_ATTEMPTS, $LOGIN_DELAY, $message, $EX, $page, $DOC_ROOT;
-
-	$Login_Attempts = $DOC_ROOT.trim($_SERVER["SCRIPT_NAME"],'/').'.invalid_login_attempts';
-	$attempts       = (int)file_get_contents($Login_Attempts) + 1;
-	clearstatcache();
-	$elapsed        = time() - filemtime($Login_Attempts);
-
-	if ( ($attempts > $MAX_ATTEMPTS) && ($elapsed < $LOGIN_DELAY) ){
-		$message  = $EX.' <b>Too many invalid login attempts. </b><br>Please wait ';
-		$message .= ($LOGIN_DELAY - $elapsed) .' seconds to try again.';
-		$_SESSION['valid'] = '0';
-		return 0;
-	}
-
-	if ($USE_HASH){ $VALID_PASSWORD = (hashit($_POST['password']) == $HASHWORD); }
-	else          { $VALID_PASSWORD = (       $_POST['password']  == $PASSWORD); }
-
-	//Validate login attempt
-	if ( $VALID_PASSWORD && ($_POST['username'] == $USERNAME) ) {
-		session_regenerate_id(true);
-		$_SESSION['USER_AGENT'] = md5($_SERVER['HTTP_USER_AGENT']); //for simple user consistancy check later.
-		$_SESSION['valid'] = '1';
-		$page = "index";
-		unlink($Login_Attempts); //delete invalid login count file
-	}else{
-		Logout();
-		$message .= $EX.' <b>INVALID LOGIN ATTEMPT # '.$attempts.'</b> ';
-		file_put_contents($Login_Attempts, $attempts);
-	}
-}//end Login_response() //******************************************************
+	chdir($_SERVER["DOCUMENT_ROOT"]); //Allow OneFileCMS.php to be started from any dir on the site.
+}//End Session_Startup() *******************************************************
 
 
 
@@ -664,6 +643,20 @@ function Hash_Page_response() { //**********************************************
 
 
 
+function Logout(){ //***********************************************************
+	global $page;
+	session_regenerate_id(true);
+	session_unset();
+	session_destroy();
+	session_write_close();
+	unset($_GET);
+	unset($_POST);
+	$page = 'login';
+}//end Logout() ****************************************************************
+
+
+
+
 function Login_Page() { //******************************************************
 	global $ONESCRIPT, $message;
 ?>
@@ -687,6 +680,41 @@ function Login_Page() { //******************************************************
 
 
 
+function Login_response() { //**************************************************
+	global $USERNAME, $PASSWORD, $USE_HASH, $HASHWORD, $MAX_ATTEMPTS, $LOGIN_DELAY, $message, $EX, $page, $DOC_ROOT;
+
+	$Login_Attempts = $DOC_ROOT.trim($_SERVER["SCRIPT_NAME"],'/').'.invalid_login_attempts';
+	$attempts       = (int)file_get_contents($Login_Attempts) + 1;
+	clearstatcache();
+	$elapsed        = time() - filemtime($Login_Attempts);
+
+	if ( ($attempts > $MAX_ATTEMPTS) && ($elapsed < $LOGIN_DELAY) ){
+		$message  = $EX.' <b>Too many invalid login attempts. </b><br>Please wait ';
+		$message .= ($LOGIN_DELAY - $elapsed) .' seconds to try again.';
+		$_SESSION['valid'] = '0';
+		return 0;
+	}
+
+	if ($USE_HASH){ $VALID_PASSWORD = (hashit($_POST['password']) == $HASHWORD); }
+	else          { $VALID_PASSWORD = (       $_POST['password']  == $PASSWORD); }
+
+	//Validate login attempt
+	if ( $VALID_PASSWORD && ($_POST['username'] == $USERNAME) ) {
+		session_regenerate_id(true);
+		$_SESSION['USER_AGENT'] = md5($_SERVER['HTTP_USER_AGENT']); //for simple user consistancy check later.
+		$_SESSION['valid'] = '1';
+		$page = "index";
+		unlink($Login_Attempts); //delete invalid login count file
+	}else{
+		Logout();
+		$message .= $EX.' <b>INVALID LOGIN ATTEMPT # '.$attempts.'</b> ';
+		file_put_contents($Login_Attempts, $attempts);
+	}
+}//end Login_response() //******************************************************
+
+
+
+
 function list_files() { // ...in a vertical table ******************************
 //called from Index Page
 
@@ -821,7 +849,7 @@ function Edit_Page_form($ext, $text_editable, $too_large_to_edit, $too_large_to_
 		Edit_Page_scripts();
 		echo '<div id="edit_note">NOTES:<ol>';
 		echo '<li>On some browsers, such as Chrome, if you click the browser [Back] then browser [Forward] (or vice versa), the file state may not be accurate.  To correct, click the browser\'s [Reload].';
-		echo '<li>Under certain circumstances, Chrome\'s XSS filters may disable some javascript in a page if it even <i>appears</i> to contain inline javascript.  This can affect certain features of the OneFileCMS edit page when editing files that actually contain such code, such as OneFileCMS itself.  However, these files can still be edited and saved with OneFileCMS.  The primary function lost is the incidental change of background colors (red/green) indicating whether or not the file has unsaved changes.  The issue will be noticed after the first save of such a file.';
+		echo '<li>Chrome\'s XSS filters may disable some javascript in a page if it even <i>appears</i> to contain inline javascript in certain places.  This can affect some features of the OneFileCMS edit page when editing files that actually contain such code, such as OneFileCMS itself.  However, these files can still be edited and saved with OneFileCMS.  The primary function lost is the incidental change of background colors (red/green) indicating whether or not the file has unsaved changes.  The issue will be noticed after the first save of such a file.';
 		echo '</div>';
 	}
 ?>
@@ -1681,7 +1709,7 @@ function style_sheet(){ //****************************************************?>
 
 #edit_form    {margin: 0;}
 
-#file_content {height: 24em;}
+#file_content {height: 30em;}
 
 .file_meta	  {float: left;  margin-top: .5em; font-size: 1em; color: #333; font-family: courier;}
 
@@ -1818,7 +1846,7 @@ function style_sheet(){ //****************************************************?>
 	   $message .= $EX.'<b> Upload Error.  Total POST data (mostly filesize) exceeded post_max_size = '.ini_get('post_max_size').' (from php.ini).</b>';
 	   $page = "index";}
 
-elseif ( ($page == "edit") && ($filename == trim($ONESCRIPT, '/')) ) { 
+elseif ( ($page == "edit") && ($filename == trim(rawurldecode($ONESCRIPT), '/')) ) { 
 	   if ( $message == "" ){ $BR = ""; }else{ $BR = '<br>';}
 	   $message .= '<style>#message p {background: red; color: white;}</style>';
 	   $message .= $BR.$EX.' <b>CAUTION '.$EX.' You are editing the active copy of OneFileCMS - BACK IT UP &amp; BE CAREFUL !!</b>'; }

From 59daa939c77c74938abffca605d58e7db03f6e1c Mon Sep 17 00:00:00 2001
From: David <selfevidenttruths@mail.com>
Date: Sat, 23 Jun 2012 17:11:18 -0400
Subject: [PATCH 086/228] Version 3.1.9.06 Acutally implemented use of $SALT...
 Added if(isset) checks to undo_magic_quotes() Added check for MAX_IDLE_TIME
 Added note on max idle time to bottom of Edit page. In
 Cancel_Submit_Buttons(), ($params .=)  to just  ($params =) Replaced
 session_id() in hidden <input>'s with another nonce. Improved some default
 logic (valid, page, etc...) Tweaked img info displayed with show_img().

---
 onefilecms.php  | 191 +++++++++++++++++++++++++++++-------------------
 readme.markdown |  43 +++++++----
 2 files changed, 143 insertions(+), 91 deletions(-)

diff --git a/onefilecms.php b/onefilecms.php
index efaceae..4f5af6c 100755
--- a/onefilecms.php
+++ b/onefilecms.php
@@ -1,7 +1,7 @@
-<?php
+<?php 
 // OneFileCMS - github.com/Self-Evident/OneFileCMS
 
-$version = '3.1.9.05';
+$version = '3.1.9.06';
 
 /*******************************************************************************
 Copyright © 2009-2012 https://github.com/rocktronica
@@ -38,7 +38,7 @@
 ini_set('log_errors'    , 'off'); //Ok to turn on for trouble-shooting.
 ini_set('error_log'     , $_SERVER['SCRIPT_FILENAME'].'.log');
 error_reporting(E_ALL &~ E_STRICT);
-//Determine good folder for session file? Default is the system tmp/, which is not secure.
+//Determine good folder for session file? Default is tmp/, which is not secure.
 //session_save_path($safepath)  or  ini_set('session.save_path', $safepath) 
 
 
@@ -54,10 +54,10 @@
 $HASHWORD = 'c3e70af96ab1bfc5669280e98b438e1a8c08ca5e0bb3354c05ceaa6f339fd3f6'; //hash for "password"
 $SALT     = 'somerandomsalt';
 
-$MAX_ATTEMPTS = 3;  //Max failed login attempts before LOGIN_DELAY starts.
-$LOGIN_DELAY  = 30; //In seconds.
-
-
+$MAX_ATTEMPTS  = 3;   //Max failed login attempts before LOGIN_DELAY starts.
+$LOGIN_DELAY   = 10;  //In seconds.
+$MAX_IDLE_TIME = 600; //In seconds. 600 = 10 minutes.  Other PHP settings can limit its max effective value.
+                      //  For instance, 24 minutes is the PHP default for garbage collection.
 $MAX_IMG_W   = 810;  // Max width to display images. (page container = 810)
 $MAX_IMG_H   = 1000; // Max height.  I don't know, it just looks reasonable.
 
@@ -74,7 +74,7 @@
 
 $EX = '<b>( ! )</b>'; //"EXclaimation point" icon Used in $message's
 
-
+$SESSION_NAME = 'OFCMS'; //Also the cookie name. Don't use default ('PHPSESSID')
 // END CONFIGURABLE INFO *******************************************************
 
 
@@ -83,11 +83,11 @@
 //******************************************************************************
 //Some global system values
 
-
+ini_set('session.gc_maxlifetime', $MAX_IDLE_TIME); //in case the default is less.
 
 //PHP_VERSION_ID is better/easier to use when checking current version (it's an actual number, not a string)
 if (!defined('PHP_VERSION_ID')) {            //PHP_VERSION_ID only available since 5.2.7
-    $phpversion = explode('.', PHP_VERSION); //PHP_VERSION, however, should be available even in older versions.
+    $phpversion = explode('.', PHP_VERSION); //PHP_VERSION, however, available even in older versions. (but it's a string)
     define('PHP_VERSION_ID', ($phpversion[0] * 10000 + $phpversion[1] * 100 + $phpversion[2]));
 }
 
@@ -95,7 +95,7 @@
 $DOC_ROOT  = $_SERVER["DOCUMENT_ROOT"].'/';
 $WEB_ROOT  = URLencode_path(basename($DOC_ROOT)).'/';
 $WEBSITE   = $_SERVER["HTTP_HOST"].'/';
-
+$LOGIN_ATTEMPTS = $DOC_ROOT.trim($_SERVER["SCRIPT_NAME"],'/').'.invalid_login_attempts';
 
 $valid_pages = array("hash", "login","logout","index","edit","upload","uploaded","newfile","copy","rename","delete","newfolder","renamefolder","deletefolder" );
 
@@ -115,7 +115,7 @@
 
 
 function Session_Startup() {//**************************************************
-	global $USERNAME, $PASSWORD, $USE_HASH, $HASHWORD, $message , $page, $VALID_POST;
+	global $USERNAME, $PASSWORD, $USE_HASH, $HASHWORD, $EX, $message , $page, $VALID_POST, $MAX_IDLE_TIME, $SESSION_NAME;
 
 	$limit    = 0; //0 = session.  
 	$path     = dirname($_SERVER['SCRIPT_NAME']);
@@ -124,20 +124,44 @@ function Session_Startup() {//**************************************************
 	$httponly = true;//true = unaccessable via javascript. Some XSS protection.
 	session_set_cookie_params($limit, $path, $domain, $https, $httponly);
 
-	session_name('OFCMS'); //Change from default ('PHPSESSID')
+	session_name($SESSION_NAME);
 	session_start();
 
-	//If logging in, validate
+	//Set primary defaults...
+	$page = 'login'; 
+	if ( !isset($_SESSION['valid']) ) { $_SESSION['valid'] = 0; }
+
+	//Logging in?
 	if ( isset($_POST["username"]) || isset($_POST["password"]) ) { Login_response(); }
 
-	//Just a minor user consistancy check... (every little bit helps a little)
-	if ( $_SESSION['USER_AGENT'] != md5($_SERVER["HTTP_USER_AGENT"])) { $_SESSION['valid'] = 0; }
+	//Verify consistant user agent... (every little bit helps a little bit) 
+	if ( $_SESSION['valid'] && ($_SESSION['USER_AGENT'] != $_SERVER['HTTP_USER_AGENT']) ) { Logout(); return; }
 
-	if (!$_SESSION['valid']) { Logout(); }
+	//Check idle time
+ 	if ( $_SESSION['valid'] && isset($_SESSION['last_active_time']) ) {
+		$idle_time = ( time() - $_SESSION['last_active_time'] );
+		if ( $_SESSION['valid'] && ($idle_time > $MAX_IDLE_TIME) ) {
+			Logout();
+			$message .= 'Max idle time exceeded... <br>';
+			return;
+		}
+	}
+	$_SESSION['last_active_time'] = time() ;
 
-	$VALID_POST = ($_SESSION['valid'] && $_POST["sessionid"] == session_id());
+	//If POSTing, verify...
+	$VALID_POST = 0; //Default until verified otherwise
+	if ( $_SESSION['valid'] && isset($_POST['nuonce']) ) { 
+		if ( $_POST['nuonce'] == $_SESSION['nuonce'] ) {
+			$VALID_POST = 1;
+		}else{
+			Logout();
+			$message .= $EX.' <b>INVALID POST</b><br>';
+			return;
+		}
+	}
 
 	session_regenerate_id(true);
+	$_SESSION['nuonce'] = sha1(mt_rand().microtime()); //provided in <forms> to verify POST
 
 	chdir($_SERVER["DOCUMENT_ROOT"]); //Allow OneFileCMS.php to be started from any dir on the site.
 }//End Session_Startup() *******************************************************
@@ -147,10 +171,10 @@ function Session_Startup() {//**************************************************
 
 function hashit($key){ //*******************************************************
 	//This is the super-secret stuff - Keep it secret, keep it safe!
-	//If you change anything here, redo the hash for your password.
-	$salt = 'somerandomesalt';
-	$hash = hash('sha256', trim($key).$salt); // trim off leading & trailing spaces.
-	for ( $x=0; $x < 1000; $x++ ) { $hash = hash('sha256', $hash.$salt); }
+	//If you change anything here, or the $SALT, redo the hash for your password.
+	global $SALT;
+	$hash = hash('sha256', trim($key).$SALT); // trim off leading & trailing spaces.
+	for ( $x=0; $x < 1000; $x++ ) { $hash = hash('sha256', $hash.$SALT); }
 	return $hash;
 }//end hashit() ****************************************************************
 
@@ -165,9 +189,9 @@ function strip_array($var) {
 	} //Note: stripslashes also handles cases when magic_quotes_sybase is on.
 
 	if (get_magic_quotes_gpc()) {
-		$_GET     = strip_array($_GET);
-		$_POST    = strip_array($_POST);
-		$_COOKIE  = strip_array($_COOKIE);
+		if (isset($_GET))    { $_GET     = strip_array($_GET);    }
+		if (isset($_POST))   { $_POST    = strip_array($_POST);   }
+		if (isset($_COOKIE)) { $_COOKIE  = strip_array($_COOKIE); }
 	}
 }//end undo_magic_quotes() *****************************************************
 
@@ -184,7 +208,7 @@ function Get_GET() { //*** Get main parameters *********************************
 
 	if (isset($_GET["f"])) {
 		$filename = $ipath.$_GET["f"];
-		if ( !is_file($filename) && $_SESSION['valid'] )//Don't set $message for login page.
+		if ( !is_file($filename) && $_SESSION['valid'] )//Set $message except for login page.
 			{ $message .= $EX.' <b>File does not exist:</b> '.htmlentities($filename).'<br>'; }
 		if ( !is_file($filename) ) { $filename = ""; $page = "index"; }
 	}else{ $filename = ""; }
@@ -358,7 +382,7 @@ function Cancel_Submit_Buttons($submit_label, $focus) { //**********************
 	global $ONESCRIPT, $ipath, $param1, $param2, $filename, $page;
 
 	// [Cancel] returns to either the index, or edit page.
-	if ($filename == "") {$params = "";}else{ $params .= $param2.'&amp;p=edit'; }
+	if ($filename == "") {$params = "";}else{ $params = $param2.'&amp;p=edit'; }
 ?>
 	<p></p>
 	<input type="button" class="button" id="cancel" name="cancel" value="Cancel"
@@ -391,8 +415,8 @@ function show_image(){ //*******************************************************
 		else                         {$SCALE = $TOOHIGH;}
 	}
 
-	echo '<p class="file_meta">';
-	echo 'Image shown at ~'. round($SCALE*100) .'% of full size.<br>('.$img_info[3].')</p>';
+	echo '<p Xclass="file_meta">';
+	echo 'Image shown at ~'. round($SCALE*100) .'% of full size (W x H = '.$img_info[0].' x '.$img_info[1].').</p>';
 	echo '<div style="clear:both;"></div>'.PHP_EOL;
 	echo '<a href="/' .URLencode_path($IMG). '" target="_blank">'.PHP_EOL;
 	echo '<img src="/'.URLencode_path($IMG).'"  height="'.$img_info[$H]*$SCALE.'"></a>'.PHP_EOL;
@@ -416,7 +440,7 @@ function Init_Macros(){ //*** ($varibale="some reusable chunk of code")*********
 global 	$ONESCRIPT, $param1, $param2, $INPUT_SESSIONID, $FORM_COMMON, 
 		$SVG_icon_circle_plus, $SVG_icon_circle_x, $SVG_icon_pencil, $SVG_icon_img_0;
 
-$INPUT_SESSIONID = '<input type="hidden" name="sessionid" value="'.session_id().'">'.PHP_EOL;
+$INPUT_SESSIONID = '<input type="hidden" name="nuonce" value="'.$_SESSION['nuonce'].'">'.PHP_EOL;
 $FORM_COMMON = '<form method="post" action="'.$ONESCRIPT.$param1.$param2.'">'.$INPUT_SESSIONID;
 
 $SVG_icon_circle_plus = '<circle cx="5" cy="5" r="5" stroke="black" stroke-width="0" fill="#080"/>
@@ -590,7 +614,7 @@ function show_icon($type){ //***************************************************
 
 
 function Hash_Page() { //******************************************************
-	global $DOC_ROOT, $ONESCRIPT, $param1, $message, $INPUT_SESSIONID, $config_title;
+	global $DOC_ROOT, $ONESCRIPT, $param1, $param2, $message, $INPUT_SESSIONID, $config_title;
 	$params = '?i='.dirname($ONESCRIPT).'&amp;f='.basename($ONESCRIPT).'&amp;p=edit';
 ?>
 	<style>#message {font-family: courier; min-height: 3.1em;}
@@ -612,8 +636,10 @@ function Hash_Page() { //******************************************************
 	1) Simply use the $PASSWORD config variable to store your desired password, and set $USE_HASH = 0 (zero).<br>
 	2) Or, use $HASHWORD to store the hash of your password, and set $USE_HASH = 1.<br>
 
-	<p>Keep in mind that due to a number of widely varied considerations, this is largely an academic excersize.<br>
-	In other words, take the idea that this adds much of an improvement to security with a grain of cryptographic salt...*<br>
+	<p>Keep in mind that due to a number of widely varied considerations, this is largely an academic excersize. 
+	That is, take the idea that this adds much of an improvement to security with a grain of cryptographic salt.
+	However, it does eleminate the storage of your password in plain text, which is definitely an improvement.*
+
 	<p>Anyway, to use the $HASHWORD password option:
 	<ol><li>Type your desired password in the input field above and hit Enter.<br>
 			The hash will be displayed in a yellow message box above that.
@@ -623,8 +649,9 @@ function Hash_Page() { //******************************************************
 		<li>Make sure $USE_HASH is set to 1 (or true).
 		<li>When ready, logout and login.
 	</ol>
-	<p>You can use OneFileCMS to edit itself.  However, be sure to have a backup ready for the inevitable tupo...
-	<p>*Note: While still largely academic, you can improve security a bit more by changing the default salt and/or method used by OneFileCMS to hash the password (and keep 'em secret, of course).<br>
+	<p>You can use OneFileCMS to edit itself.  However, be sure to have a backup ready for the inevitable ytpo...
+	<p>
+	*For another small improvement to security, change the default salt and/or method used by OneFileCMS to hash the password (and keep 'em secret, of course).  Remever, every little bit helps...<br>
 	PS: Everything I know about security - you just read...
 	</div>
 <?php 
@@ -651,12 +678,14 @@ function Logout(){ //***********************************************************
 	session_write_close();
 	unset($_GET);
 	unset($_POST);
+	$_SESSION['valid'] = 0;
 	$page = 'login';
 }//end Logout() ****************************************************************
 
 
 
 
+
 function Login_Page() { //******************************************************
 	global $ONESCRIPT, $message;
 ?>
@@ -681,34 +710,40 @@ function Login_Page() { //******************************************************
 
 
 function Login_response() { //**************************************************
-	global $USERNAME, $PASSWORD, $USE_HASH, $HASHWORD, $MAX_ATTEMPTS, $LOGIN_DELAY, $message, $EX, $page, $DOC_ROOT;
+	global $USERNAME, $PASSWORD, $USE_HASH, $HASHWORD, $MAX_ATTEMPTS, $LOGIN_DELAY, 
+		   $EX, $message, $page, $LOGIN_ATTEMPTS;
+
+	$_SESSION['valid'] = 0; // Default to failed login.
 
-	$Login_Attempts = $DOC_ROOT.trim($_SERVER["SCRIPT_NAME"],'/').'.invalid_login_attempts';
-	$attempts       = (int)file_get_contents($Login_Attempts) + 1;
+	if (!is_file($LOGIN_ATTEMPTS)) { file_put_contents($LOGIN_ATTEMPTS, 0); }
+	$attempts          = (int)file_get_contents($LOGIN_ATTEMPTS); //Don't increment yet...
 	clearstatcache();
-	$elapsed        = time() - filemtime($Login_Attempts);
+	$elapsed           = time() - filemtime($LOGIN_ATTEMPTS);
 
-	if ( ($attempts > $MAX_ATTEMPTS) && ($elapsed < $LOGIN_DELAY) ){
-		$message  = $EX.' <b>Too many invalid login attempts. </b><br>Please wait ';
-		$message .= ($LOGIN_DELAY - $elapsed) .' seconds to try again.';
-		$_SESSION['valid'] = '0';
-		return 0;
+	if ( ($attempts >= $MAX_ATTEMPTS) && ($elapsed < $LOGIN_DELAY) ){ //if already > max, 
+		$message .= $EX.' <b>Too many invalid login attempts. ('.$attempts.')</b><br>';
+		$message .= 'Please wait '.($LOGIN_DELAY - $elapsed) .' seconds to try again. ';
+		return;
 	}
 
+	//Validate login attempt
 	if ($USE_HASH){ $VALID_PASSWORD = (hashit($_POST['password']) == $HASHWORD); }
 	else          { $VALID_PASSWORD = (       $_POST['password']  == $PASSWORD); }
 
-	//Validate login attempt
 	if ( $VALID_PASSWORD && ($_POST['username'] == $USERNAME) ) {
 		session_regenerate_id(true);
-		$_SESSION['USER_AGENT'] = md5($_SERVER['HTTP_USER_AGENT']); //for simple user consistancy check later.
-		$_SESSION['valid'] = '1';
+		$_SESSION['USER_AGENT'] = $_SERVER['HTTP_USER_AGENT']; //for simple user consistancy check later.
+		$_SESSION['valid'] = 1;
 		$page = "index";
-		unlink($Login_Attempts); //delete invalid login count file
+		unlink($LOGIN_ATTEMPTS); //delete invalid attempt count file
 	}else{
-		Logout();
-		$message .= $EX.' <b>INVALID LOGIN ATTEMPT # '.$attempts.'</b> ';
-		file_put_contents($Login_Attempts, $attempts);
+		file_put_contents($LOGIN_ATTEMPTS, ++$attempts); //increment & save attempt
+		if ($attempts >= $MAX_ATTEMPTS) {
+			$message .= $EX.' <b>INVALID LOGIN ATTEMPT #'.$attempts.'</b><br>';
+			$message .= 'Please wait '.$LOGIN_DELAY.' seconds to try again. ';
+		}else{
+			$message .= $EX.' <b>INVALID LOGIN ATTEMPT #'.$attempts.'</b> ';
+		}
 	}
 }//end Login_response() //******************************************************
 
@@ -738,8 +773,7 @@ function list_files() { // ...in a vertical table ******************************
 			<tr>
 				<td>
 					<?php echo '<a href="'.$ONESCRIPT.$param1.'&amp;f='.rawurlencode($file).'&amp;p=edit" >'; ?>
-					<?php show_icon($type); ?>
-					<?php echo  htmlentities($file), '</a>'; ?>
+					<?php show_icon($type); echo  htmlentities($file), '</a>'; ?>
 				</td>
 				<td class="meta_T meta_size">&nbsp;
 					<?php echo number_format(filesize($ipath.$file)); ?> B
@@ -810,7 +844,7 @@ function Edit_Page_Buttons($text_editable, $too_large_to_edit) { //*************
 
 //******************************************************************************
 function Edit_Page_form($ext, $text_editable, $too_large_to_edit, $too_large_to_edit_message){ 
-	global $ONESCRIPT, $param1, $param2, $param3, $filename, $itypes, $INPUT_SESSIONID, $EX, $message;
+	global $ONESCRIPT, $param1, $param2, $param3, $filename, $itypes, $INPUT_SESSIONID, $EX, $message, $MAX_IDLE_TIME;
 ?>
 	<form id="edit_form" name="edit_form" method="post" action="<?php echo $ONESCRIPT.$param1.$param2.$param3 ?>">
 		<?php echo $INPUT_SESSIONID; ?>
@@ -848,9 +882,16 @@ function Edit_Page_form($ext, $text_editable, $too_large_to_edit, $too_large_to_
 	if ($text_editable && !$too_large_to_edit && !$bad_chars) {
 		Edit_Page_scripts();
 		echo '<div id="edit_note">NOTES:<ol>';
-		echo '<li>On some browsers, such as Chrome, if you click the browser [Back] then browser [Forward] (or vice versa), the file state may not be accurate.  To correct, click the browser\'s [Reload].';
-		echo '<li>Chrome\'s XSS filters may disable some javascript in a page if it even <i>appears</i> to contain inline javascript in certain places.  This can affect some features of the OneFileCMS edit page when editing files that actually contain such code, such as OneFileCMS itself.  However, these files can still be edited and saved with OneFileCMS.  The primary function lost is the incidental change of background colors (red/green) indicating whether or not the file has unsaved changes.  The issue will be noticed after the first save of such a file.';
-		echo '</div>';
+		//$MAX_IDLE_MINUTES = (round($MAX_IDLE_TIME/60)).' minutes '.(fmod($MAX_IDLE_TIME,60)).' seconds.';
+		$MAX_IDLE_MINUTES = round($MAX_IDLE_TIME/60,1);
+?>
+		<li><b>Remember- your $MAX_IDLE_TIME is <?php echo $MAX_IDLE_MINUTES ?> minutes.</b>
+		(Page time: <script>FileTimeStamp(<?php echo time(); ?>, 0)</script>)<br>
+		In other words, if you are making changes, <b>save your file at least that often, or the changes will be lost</b>.
+		<li>On some browsers, such as Chrome, if you click the browser [Back] then browser [Forward] (or vice versa), the file state may not be accurate.  To correct, click the browser's [Reload].
+		<li>Under certain circumstances, Chrome's XSS filters may disable some javascript in a page if the page even <i>appears</i> to contain inline javascript.  This can affect certain features of the OneFileCMS edit page when editing files that actually contain such code, such as OneFileCMS itself.  However, such files can still be edited and saved with OneFileCMS.  The primary function lost is the incidental change of background colors (red/green) indicating whether or not the file has unsaved changes.  The issue will not be noticed after the first save of such a file.
+		</div>
+<?php
 	}
 ?>
 	</form> 
@@ -1799,29 +1840,27 @@ function style_sheet(){ //****************************************************?>
 
 if( PHP_VERSION_ID < 50000 ) { exit("OneFileCMS requires PHP5 to operate. Tested on versions 5.2.17, 5.3.3 & 5.4"); }
 
-Session_Startup(); //***********************************************************
-
-Get_GET();         //***********************************************************
-
-Init_Macros();     //***********************************************************
+Session_Startup(); 
 
+if ($_SESSION['valid']) {
 
+	Get_GET();  
 
+	Init_Macros();
 
-if ($VALID_POST) { //***********************************************************
-	if     (isset($_FILES['upload_file']['name'])) { Upload_response(); }
-	elseif (isset($_POST["whattohash"]   )) { Hash_Page_response(); }
-	elseif (isset($_POST["filename"]     )) { Edit_Page_response(); }
-	elseif (isset($_POST["new_file"]     )) { New_File_response();  }
-	elseif (isset($_POST["copy_file"]    )) { Copy_Ren_Move_response($_POST[ "old_name"], $_POST["copy_file"], 'copy', 'Copy', 'Copied', 1); } 
-	elseif (isset($_POST["rename_file"]  )) { Copy_Ren_Move_response($_POST[ "old_name"], $_POST["rename_file"], 'rename', 'Rename/Move', 'Renamed/Moved', 1); } 
-	elseif (isset($_POST["delete_file"]  )) { Delete_File_response(); }
-	elseif (isset($_POST["new_folder"]   )) { New_Folder_response();  }
-	elseif (isset($_POST["rename_folder"])) { Copy_Ren_Move_response($_POST[ "old_name"], $_POST["rename_folder"], 'rename', 'Rename/Move', 'Renamed/Moved', 0); } 
-	elseif (isset($_POST["delete_folder"])) { Delete_Folder_response(); }
-}//end if ($VALID_POST) ********************************************************
-
-
+	if ($VALID_POST) { //*******************************************************
+		if     (isset($_FILES['upload_file']['name'])) { Upload_response(); }
+		elseif (isset($_POST["whattohash"]   )) { Hash_Page_response();   }
+		elseif (isset($_POST["filename"]     )) { Edit_Page_response();   }
+		elseif (isset($_POST["new_file"]     )) { New_File_response();    }
+		elseif (isset($_POST["copy_file"]    )) { Copy_Ren_Move_response($_POST[ "old_name"], $_POST["copy_file"], 'copy', 'Copy', 'Copied', 1); } 
+		elseif (isset($_POST["rename_file"]  )) { Copy_Ren_Move_response($_POST[ "old_name"], $_POST["rename_file"], 'rename', 'Rename/Move', 'Renamed/Moved', 1); } 
+		elseif (isset($_POST["delete_file"]  )) { Delete_File_response(); }
+		elseif (isset($_POST["new_folder"]   )) { New_Folder_response();  }
+		elseif (isset($_POST["rename_folder"])) { Copy_Ren_Move_response($_POST[ "old_name"], $_POST["rename_folder"], 'rename', 'Rename/Move', 'Renamed/Moved', 0); } 
+		elseif (isset($_POST["delete_folder"])) { Delete_Folder_response(); }
+	}//end if ($VALID_POST) ****************************************************
+}
 
 
 //*** Verify valid $page and/or $filename **************************************
diff --git a/readme.markdown b/readme.markdown
index 76f9e7a..aabc424 100755
--- a/readme.markdown
+++ b/readme.markdown
@@ -1,12 +1,24 @@
-### June 18, 2012
-
-## error/warning messages get displayed.
-
-- Evidently, default PHP error/warning levels are not the same as what my test setup uses. That is, you may get a bumnch of warnings during failed login attempts, among other things.  THey are nothing to worry about (probably).  Anyway, to disable the warnings, add the following line to the top of onefilecms.php:  
-error_reporting(0);  
-
-
-# Current stable version: 3.1.9
+### June 23, 2012
+
+Most of the recent changes have been to increase login and session security. However, I'm slowly learning that there's only so much that can be done, particulary when the base connection is un-encrypted.   Online security, it seems, is a nebulous subject of a rather dubious nature.  Never-the-less, I have tried to do those things that can be done.  
+
+So, for those that care, here is a synopsis of the measures that have been employed:
+- A password's hash can now be stored by OneFileCMS, instead of the plain text password.  
+  (The plain text method remains an option for those that just don't care. )
+- A Login delay is triggered after too many invalid attempts.
+- Adjustable max idle time before auto-logout.
+- Check consistancy of user agent during session.
+- Generation of a new session id after login or logout.
+- Set session.use_only_cookies == true.
+- Use httponly cookies
+- Ability to modify the default salt and password hash method.  
+  (Since OneFileCMS is open source, this is recommended)
+    
+Now, keep in mind that while, individually, any one of these measures may not provide much security, collectivly, they're a little better than nothing.  
+  
+Lastly, always remember that some of the most important security measures concern user behavior - such as avoiding the use of un-encrypted wifi connections...
+  
+# Current stable version: 3.1.9.06
 
 - 3.0+ : "Full" version - uses svg icons
 - 2.0+ : "Lite" version - uses no icons.
@@ -60,7 +72,7 @@ You can also change the file name of OneFileCMS.php to something else, such as "
 
 ### Where's the WYSIWYG? What about syntax highlighting?
 
-WYSWIWYG editors have been requested, but probably won’t become standard, as they’d probably make it more than one file, sort of defeating the point of OneFileCMS. Plus, if you’re working in PHP or non-HTML code, they're can be more of a hindrance than an asset.
+WYSWIWYG editors have been requested, but probably won’t become standard, as they’d probably make it more than one file, sort of defeating the "OneFile" point. Plus, if you’re working in PHP or non-HTML code, they're can be more of a hindrance than an asset.
 
 However, just because I don't want to do it, doesn't mean it's impossible.  Look for the Edit_Page_form() function. Its textarea can be modified to work with whatever editor you like. 
 
@@ -82,9 +94,9 @@ Probably not, as that would also most likely make it more than "OneFile".
 
 ### Can I have more than one username/password?
 
-The reason there isn't default support for multiple users is that all of their info will have to be stored together, more or less in plain text, at the top of onefilecms.php. Giving people different usernames and passwords then is sort of futile, since everyone who can log in can view onefilecms's source and config variables.   
-
-However, "it's on my to-do list!"...
+Well, indirectly - yes: Upload or create addional copies of OneFileCMS, but give them different file names.(ie: OneFile1.php and OneFile2.php etc...)  Then, with each copy, maintain different user names and passwords.  Also, so one user does not log out the other, change the session names set in session_startup().  
+  
+Now, since there is no data base or other means of granular control and acess logging, multiple users may be kind of pointless.  On the other hand, having at least one working backup copy of OneFileCMS available is recommended in case the primary copy get's corrupted.
 
 ## Requirements
 
@@ -110,8 +122,9 @@ To report a bug or request a feature, please file an issue via Github. Forks enc
 
 - With Chrome, and possibly Safari, issue with Edit page: Clicking browser [back] & then browser [forward],  with file changed and not saved. On return (after [forward] clicked), file still has changes, but indicators are green (saved/unchanged). Does not affect FF 7+ or IE 8+.
 - Issue with Chrome's XSS filter: Editing some legitimate files with OneFileCMS will trigger the filter and disable most javascript provided functionallity, but only while on edit page of such a file.
-- Connection is not encrypted (doesn't use SSL), so passwords & usernames are sent in clear text during login.
-- Be aware that only some very basic & rudimentary data & error checking is performed.  
+- Connection is not encrypted (doesn't use SSL), so passwords & usernames are sent in clear text during login.  
+  (However, this is true of most online login systems, unless SSL or the like is employed.)
+- Be aware that only some very basic data & error checking is performed.  (But, it's getting better...)  
   On Windows, for instance, it's possible to create folders that are subsequently inaccessible and undeletable by Windows.  (Yea, I found out the hard way...)
 - Multiple login names.
 - Anything else?

From 0ddf952156f44e5af2ffac43a324c9ff60856b8c Mon Sep 17 00:00:00 2001
From: Self-Evident <selfevidenttruths@mail.com>
Date: Sun, 24 Jun 2012 20:43:08 -0400
Subject: [PATCH 087/228] Version 3.1.9.07 On Index page, set focus() to
 current folder in path/to/current/[folder] In Time_Stamp_Scripts(), added
 option to show only time (no date). Corrected a minor time bug in
 Time_Stamp_scripts() Renamed a comple _response functions for naming
 consistancy.

---
 onefilecms.php | 74 ++++++++++++++++++++++++++++----------------------
 1 file changed, 42 insertions(+), 32 deletions(-)

diff --git a/onefilecms.php b/onefilecms.php
index 4f5af6c..112774e 100755
--- a/onefilecms.php
+++ b/onefilecms.php
@@ -1,7 +1,7 @@
 <?php 
 // OneFileCMS - github.com/Self-Evident/OneFileCMS
 
-$version = '3.1.9.06';
+$version = '3.1.9.07';
 
 /*******************************************************************************
 Copyright © 2009-2012 https://github.com/rocktronica
@@ -34,10 +34,10 @@
 //Some basic security & error log settings
 ini_set('session.use_trans_sid', 0);    //make sure ULR supplied SESSID's are not used
 ini_set('session.use_only_cookies', 1); //Only defaults to 1 (enabled) from 5.3 on
+error_reporting(0); // or (E_ALL &~ E_STRICT) if display and/or log are on.
 ini_set('display_errors', 'off');
 ini_set('log_errors'    , 'off'); //Ok to turn on for trouble-shooting.
 ini_set('error_log'     , $_SERVER['SCRIPT_FILENAME'].'.log');
-error_reporting(E_ALL &~ E_STRICT);
 //Determine good folder for session file? Default is tmp/, which is not secure.
 //session_save_path($safepath)  or  ini_set('session.save_path', $safepath) 
 
@@ -85,7 +85,7 @@
 
 ini_set('session.gc_maxlifetime', $MAX_IDLE_TIME); //in case the default is less.
 
-//PHP_VERSION_ID is better/easier to use when checking current version (it's an actual number, not a string)
+//PHP_VERSION_ID is better to use when checking current version as it's an actual number, not a string.
 if (!defined('PHP_VERSION_ID')) {            //PHP_VERSION_ID only available since 5.2.7
     $phpversion = explode('.', PHP_VERSION); //PHP_VERSION, however, available even in older versions. (but it's a string)
     define('PHP_VERSION_ID', ($phpversion[0] * 10000 + $phpversion[1] * 100 + $phpversion[2]));
@@ -127,8 +127,9 @@ function Session_Startup() {//**************************************************
 	session_name($SESSION_NAME);
 	session_start();
 
-	//Set primary defaults...
+	//Set initial defaults...
 	$page = 'login'; 
+	$VALID_POST = 0;
 	if ( !isset($_SESSION['valid']) ) { $_SESSION['valid'] = 0; }
 
 	//Logging in?
@@ -149,7 +150,6 @@ function Session_Startup() {//**************************************************
 	$_SESSION['last_active_time'] = time() ;
 
 	//If POSTing, verify...
-	$VALID_POST = 0; //Default until verified otherwise
 	if ( $_SESSION['valid'] && isset($_POST['nuonce']) ) { 
 		if ( $_POST['nuonce'] == $_SESSION['nuonce'] ) {
 			$VALID_POST = 1;
@@ -315,7 +315,8 @@ function Current_Path_Header(){ //**********************************************
 
 	echo '<h2>';
 		//Root folder of web site.
-		echo '<a href="'.$ONESCRIPT.'" class="path"> '.htmlentities(trim($WEB_ROOT, '/')).'</a>/';
+		echo '<a id="path_0" href="'.$ONESCRIPT.'" class="path"> '.htmlentities(trim($WEB_ROOT, '/')).'</a>/';
+		$x=0; //need here for focus() in case at webroot.
 
 		if ($ipath != "" ) { //if not at root, show the rest
 			$path_levels  = explode("/",trim($ipath,'/') );
@@ -324,11 +325,12 @@ function Current_Path_Header(){ //**********************************************
 
 			for ($x=0; $x < $levels; $x++) {
 				$current_path .= $path_levels[$x].'/';
-				echo '<a href="'.$ONESCRIPT.'?i='.URLencode_path($current_path).'" class="path">';
+				echo '<a id="path_'.($x+1).'" href="'.$ONESCRIPT.'?i='.URLencode_path($current_path).'" class="path">';
 				echo htmlentities($path_levels[$x]).'</a>/';
 			}
 		}//end if (not at root)
 	echo '</h2>';
+	echo '<script>document.getElementById("path_'.$x.'").focus();</script>';
 }//end Current_Path_Header() //*************************************************
 
 
@@ -367,8 +369,8 @@ function Upload_New_Rename_Delete_Links() { //**********************************
 	echo '<a href="'.$ONESCRIPT.$param1.'&amp;p=newfile">'  ; svg_icon_file_new()  ; echo 'New File</a>'   ;
 	echo '<a href="'.$ONESCRIPT.$param1.'&amp;p=newfolder">'; svg_icon_folder_new(); echo 'New Folder</a>' ;
 	if ($ipath !== "") { //if at root, don't show Rename & Delete links
-		echo '<a href="'.$ONESCRIPT.$param1.'&amp;p=renamefolder">'; svg_icon_folder_ren();echo 'Rename/Move Folder</a>';
-		echo '<a href="'.$ONESCRIPT.$param1.'&amp;p=deletefolder">'; svg_icon_folder_del();   echo 'Delete Folder</a>';
+		echo '<a href="'.$ONESCRIPT.$param1.'&amp;p=renamefolder">'; svg_icon_folder_ren(); echo 'Rename/Move Folder</a>';
+		echo '<a href="'.$ONESCRIPT.$param1.'&amp;p=deletefolder">'; svg_icon_folder_del(); echo 'Delete Folder</a>';
 	}
 	echo '</p>';
 }//end Upload_New_Rename_Delete_Links()  ***************************************
@@ -660,12 +662,12 @@ function Hash_Page() { //******************************************************
 
 
 
-function Hash_Page_response() { //**********************************************
+function Hash_response() { //***************************************************
 	global $SALT, $message;
 	$_POST['whattohash'] = trim($_POST['whattohash']); // trim leading & trailing spaces.
 	$message .= 'Password: '.$_POST['whattohash'].'<br>';
 	$message .= 'Hash &nbsp; &nbsp;: '.hashit($_POST["whattohash"]);
-} //end Hash_Page_response() ***************************************************
+} //end Hash_response() ********************************************************
 
 
 
@@ -779,7 +781,7 @@ function list_files() { // ...in a vertical table ******************************
 					<?php echo number_format(filesize($ipath.$file)); ?> B
 				</td>
 				<td class="meta_T meta_time"> &nbsp;
-					<script>FileTimeStamp(<?php echo filemtime($ipath.$file); ?>);</script>
+					<script>FileTimeStamp(<?php echo filemtime($ipath.$file); ?>, 1, 0);</script>
 				</td>
 			</tr>
 <?php 
@@ -886,8 +888,9 @@ function Edit_Page_form($ext, $text_editable, $too_large_to_edit, $too_large_to_
 		$MAX_IDLE_MINUTES = round($MAX_IDLE_TIME/60,1);
 ?>
 		<li><b>Remember- your $MAX_IDLE_TIME is <?php echo $MAX_IDLE_MINUTES ?> minutes.</b>
-		(Page time: <script>FileTimeStamp(<?php echo time(); ?>, 0)</script>)<br>
+		(Page time: <script>FileTimeStamp(<?php echo time(); ?>, 0, 0)</script>)<br>
 		In other words, if you are making changes, <b>save your file at least that often, or the changes will be lost</b>.
+
 		<li>On some browsers, such as Chrome, if you click the browser [Back] then browser [Forward] (or vice versa), the file state may not be accurate.  To correct, click the browser's [Reload].
 		<li>Under certain circumstances, Chrome's XSS filters may disable some javascript in a page if the page even <i>appears</i> to contain inline javascript.  This can affect certain features of the OneFileCMS edit page when editing files that actually contain such code, such as OneFileCMS itself.  However, such files can still be edited and saved with OneFileCMS.  The primary function lost is the incidental change of background colors (red/green) indicating whether or not the file has unsaved changes.  The issue will not be noticed after the first save of such a file.
 		</div>
@@ -933,7 +936,7 @@ function Edit_Page() { //*******************************************************
 ?>
 	<p class="file_meta">
 	<span class="meta_size">Filesize: <?php echo number_format(filesize($filename)); ?> bytes</span> &nbsp; 
-	<span class="meta_time">Updated: <script>FileTimeStamp(<?php echo filemtime($filename); ?>, 1);</script></span><br>
+	<span class="meta_time">Updated: <script>FileTimeStamp(<?php echo filemtime($filename); ?>, 1, 1);</script></span><br>
 	</p>
 
 	<input type="button" id="close1" class="button close" value="Close" onclick="parent.location = '<?php echo $ONESCRIPT.$param1 ?>'">
@@ -958,7 +961,7 @@ function Edit_Page() { //*******************************************************
 
 
 
-function Edit_Page_response(){ //***If on Edit page, and [Save] clicked ********
+function Edit_response(){ //***If on Edit page, and [Save] clicked *************
 	global $filename, $message, $EX;
 	$filename = $_POST["filename"];
 	$content  = $_POST["content"];
@@ -970,7 +973,7 @@ function Edit_Page_response(){ //***If on Edit page, and [Save] clicked ********
 	}else{
 		$message .= $EX.' <b>There was an error saving file.</b>';
 	}
-}//end Edit_Page_response() ****************************************************
+}//end Edit_response() *********************************************************
 
 
 
@@ -1011,7 +1014,7 @@ function shorthand_to_int($SHORTHAND){ //*******************
 
 
 
-function Upload_response() { //********************************************
+function Upload_response() { //*************************************************
 	global $filename, $message, $EX, $page;
 	$filename    = $_FILES['upload_file']['name'];
 	$destination = Check_path($_POST["upload_destination"]);
@@ -1044,7 +1047,7 @@ function Upload_response() { //********************************************
 			$message .= '<br>'.$EX.' <b> Upload failed: </b>'.$ERRMSG.'';
 		}
 	}
-}//end Upload_response() **************************************************
+}//end Upload_response() *******************************************************
 
 
 
@@ -1101,7 +1104,7 @@ function New_File_response() { //***********************************************
 
 
 
-function Copy_Ren_Move_Page($action, $title, $name_id, $isfile) { //******
+function Copy_Ren_Move_Page($action, $title, $name_id, $isfile) { //************
 	//$action = 'Copy' or 'Rename'. $isfile = 1 if acting on a file, not a folder
 	global $WEB_ROOT, $ipath, $filename, $FORM_COMMON;
 	if ($isfile) { $old_name = $filename; }else{ $old_name = $ipath; }
@@ -1340,7 +1343,7 @@ function Time_Stamp_scripts() {  ?>
 function pad(num){ if ( num < 10 ){ num = "0" + num; }; return num; }
 
 
-function FileTimeStamp(php_filemtime, show_offset){
+function FileTimeStamp(php_filemtime, show_date, show_offset){
 
 	//php's filemtime returns seconds, javascript's date() uses milliseconds.
 	var FileMTime = php_filemtime * 1000; 
@@ -1353,8 +1356,9 @@ function FileTimeStamp(php_filemtime, show_offset){
 	var MINS  = pad(TIMESTAMP.getMinutes());
 	var SECS  = pad(TIMESTAMP.getSeconds());
 
-	if( HOURS < 12){ AMPM = "am"; }
-	else           { AMPM = "pm"; HOURS = HOURS - 12; }
+	if ( HOURS < 12) { AMPM = "am"; }
+	else             { AMPM = "pm"; }
+	if ( HOURS > 12 ) {HOURS = HOURS - 12; }
 	HOURS = pad(HOURS);
 
 	var GMT_offset = -(TIMESTAMP.getTimezoneOffset()); //Yes, I know - seems wrong, but it's works.
@@ -1365,9 +1369,13 @@ function FileTimeStamp(php_filemtime, show_offset){
 	var offset_MINS  = pad( NEG * GMT_offset % 60 );
 	var offset_FULL  = "UTC " + SIGN + offset_HOURS + ":" + offset_MINS;
 
-	if (show_offset){ var DATETIME = YEAR+"-"+MONTH+"-"+DATE+" &nbsp;"+HOURS+":"+MINS+":"+SECS+" "+AMPM+" ("+offset_FULL+")"; }
-	else            { var DATETIME = YEAR+"-"+MONTH+"-"+DATE+" &nbsp;"+HOURS+":"+MINS+":"+SECS+" "+AMPM; }
-	
+	FULLDATE = YEAR + "-" + MONTH + "-" + DATE;
+	FULLTIME = HOURS + ":" + MINS + ":" + SECS + " " + AMPM;
+
+	var               DATETIME = FULLTIME;
+	if (show_date)  { DATETIME = FULLDATE + " &nbsp;" + FULLTIME;}
+	if (show_offset){ DATETIME += " ("+offset_FULL+")"; }
+		
 	document.write( DATETIME );
 
 }//end FileTimeStamp(php_filemtime)
@@ -1490,8 +1498,8 @@ function style_sheet(){ //****************************************************?>
 <style>
 /* --- reset --- */
 * { border : 0; outline: 0; margin : 0; padding: 0;
-font-family: inherit; font-weight: inherit; font-style : inherit;
-font-size  : 100%; vertical-align: baseline; }
+    font-family: inherit; font-weight: inherit; font-style : inherit;
+    font-size  : 100%; vertical-align: baseline; }
 
 
 /* --- general formatting --- */
@@ -1827,7 +1835,9 @@ function style_sheet(){ //****************************************************?>
 .path {padding: 3px 5px 3px 5px} /*TRBL*/
 
 .edit_onefile {padding: 5px; float: right;}
+
 </style>
+
 <?php }//end style_sheet() *****************************************************
 
 
@@ -1850,13 +1860,13 @@ function style_sheet(){ //****************************************************?>
 
 	if ($VALID_POST) { //*******************************************************
 		if     (isset($_FILES['upload_file']['name'])) { Upload_response(); }
-		elseif (isset($_POST["whattohash"]   )) { Hash_Page_response();   }
-		elseif (isset($_POST["filename"]     )) { Edit_Page_response();   }
-		elseif (isset($_POST["new_file"]     )) { New_File_response();    }
+		elseif (isset($_POST["whattohash"]   )) { Hash_response();          }
+		elseif (isset($_POST["filename"]     )) { Edit_response();          }
+		elseif (isset($_POST["new_file"]     )) { New_File_response();      }
 		elseif (isset($_POST["copy_file"]    )) { Copy_Ren_Move_response($_POST[ "old_name"], $_POST["copy_file"], 'copy', 'Copy', 'Copied', 1); } 
 		elseif (isset($_POST["rename_file"]  )) { Copy_Ren_Move_response($_POST[ "old_name"], $_POST["rename_file"], 'rename', 'Rename/Move', 'Renamed/Moved', 1); } 
-		elseif (isset($_POST["delete_file"]  )) { Delete_File_response(); }
-		elseif (isset($_POST["new_folder"]   )) { New_Folder_response();  }
+		elseif (isset($_POST["delete_file"]  )) { Delete_File_response();   }
+		elseif (isset($_POST["new_folder"]   )) { New_Folder_response();    }
 		elseif (isset($_POST["rename_folder"])) { Copy_Ren_Move_response($_POST[ "old_name"], $_POST["rename_folder"], 'rename', 'Rename/Move', 'Renamed/Moved', 0); } 
 		elseif (isset($_POST["delete_folder"])) { Delete_Folder_response(); }
 	}//end if ($VALID_POST) ****************************************************

From 727cf074bdc254b13946be9fdafef145e7ed7cf8 Mon Sep 17 00:00:00 2001
From: Self-Evident <selfevidenttruths@mail.com>
Date: Mon, 25 Jun 2012 20:00:01 -0400
Subject: [PATCH 088/228] Version 3.2.0 Added a countdown timer to session
 time-out. Edit page: corrected & reworded notes. Tweaked css for .path
 Tweaked textarea colors Tweaked css for Close buttons Renamed list_files() to
 List_Files() Fixed minor display glitch with 2nd [Close] on Edit Page when
 using Chrome. Some rework to Edit_Page_Buttons() buttonts Updated readme &
 _structure files

---
 OneFileCMS_structure.txt |   8 +-
 onefilecms.php           | 167 ++++++++++++++++++++++++++++-----------
 readme.markdown          |  16 +++-
 3 files changed, 142 insertions(+), 49 deletions(-)

diff --git a/OneFileCMS_structure.txt b/OneFileCMS_structure.txt
index 8ec7ef5..9b89851 100755
--- a/OneFileCMS_structure.txt
+++ b/OneFileCMS_structure.txt
@@ -21,6 +21,7 @@ MISC FUNCTIONS:
 	Cancel_Submit_Buttons()
 	show_image()
 	show_favicon()
+	Timeout_Timer()
 	Init_Macros()
 
 SVG ICON FUNCTIONS:
@@ -71,9 +72,10 @@ PAGE & RESPONSE FUNCTIONS:
 	Load_Selected_Page()
 
 JAVASCRIPT & STYLESHEET FUNCTIONS:
-	Time_Stamp_scripts() //Javascript functions
-	Edit_Page_scripts()  //Javascript functions
-	style_sheet()        //css
+	Timer_scripts()
+	Time_Stamp_scripts()
+	Edit_Page_scripts()
+	style_sheet()
 	
 LOGIC TO DETERMINE PAGE ACTION
 	Verify good PHP version
diff --git a/onefilecms.php b/onefilecms.php
index 112774e..e82a4d0 100755
--- a/onefilecms.php
+++ b/onefilecms.php
@@ -1,7 +1,7 @@
 <?php 
 // OneFileCMS - github.com/Self-Evident/OneFileCMS
 
-$version = '3.1.9.07';
+$version = '3.2.0';
 
 /*******************************************************************************
 Copyright © 2009-2012 https://github.com/rocktronica
@@ -57,7 +57,7 @@
 $MAX_ATTEMPTS  = 3;   //Max failed login attempts before LOGIN_DELAY starts.
 $LOGIN_DELAY   = 10;  //In seconds.
 $MAX_IDLE_TIME = 600; //In seconds. 600 = 10 minutes.  Other PHP settings can limit its max effective value.
-                      //  For instance, 24 minutes is the PHP default for garbage collection.
+					  //  For instance, 24 minutes is the PHP default for garbage collection.
 $MAX_IMG_W   = 810;  // Max width to display images. (page container = 810)
 $MAX_IMG_H   = 1000; // Max height.  I don't know, it just looks reasonable.
 
@@ -437,13 +437,34 @@ function show_favicon(){ //*****************************************************
 
 
 
+function Timeout_Timer($TIMER, $CLASS) { //***************************************************
+	global $MAX_IDLE_TIME;
+?> 
+	<span id='<?php echo $TIMER ?>' class='<?php echo $CLASS ?>'></span>
+	<script>
+		// Setup the countdown timer
+		var SESSION_last_active_time = <?php echo $_SESSION['last_active_time'] ?>;
+		var MAX_IDLE_TIME = <?php echo $MAX_IDLE_TIME ?>; //value also used in timer()
+		var countdown = MAX_IDLE_TIME;  //start value for countdown
+		var Timer = document.getElementById("<?php echo $TIMER ?>");
+		UpdateTimer(); //initialize display
+
+		//start the timer()
+		var counter = setInterval("timer()",1000); //1000 = 1 second 
+	</script>
+<?php
+} //end Timeout_Timer() //******************************************************
+
+
+
+
 function Init_Macros(){ //*** ($varibale="some reusable chunk of code")*********
 
-global 	$ONESCRIPT, $param1, $param2, $INPUT_SESSIONID, $FORM_COMMON, 
+global 	$ONESCRIPT, $param1, $param2, $INPUT_NUONCE, $FORM_COMMON, 
 		$SVG_icon_circle_plus, $SVG_icon_circle_x, $SVG_icon_pencil, $SVG_icon_img_0;
 
-$INPUT_SESSIONID = '<input type="hidden" name="nuonce" value="'.$_SESSION['nuonce'].'">'.PHP_EOL;
-$FORM_COMMON = '<form method="post" action="'.$ONESCRIPT.$param1.$param2.'">'.$INPUT_SESSIONID;
+$INPUT_NUONCE = '<input type="hidden" name="nuonce" value="'.$_SESSION['nuonce'].'">'.PHP_EOL;
+$FORM_COMMON = '<form method="post" action="'.$ONESCRIPT.$param1.$param2.'">'.$INPUT_NUONCE;
 
 $SVG_icon_circle_plus = '<circle cx="5" cy="5" r="5" stroke="black" stroke-width="0" fill="#080"/>
 	  <line x1="2" y1="5" x2="8" y2="5" stroke="white" stroke-width="1.5" />
@@ -616,7 +637,7 @@ function show_icon($type){ //***************************************************
 
 
 function Hash_Page() { //******************************************************
-	global $DOC_ROOT, $ONESCRIPT, $param1, $param2, $message, $INPUT_SESSIONID, $config_title;
+	global $DOC_ROOT, $ONESCRIPT, $param1, $param2, $message, $INPUT_NUONCE, $config_title;
 	$params = '?i='.dirname($ONESCRIPT).'&amp;f='.basename($ONESCRIPT).'&amp;p=edit';
 ?>
 	<style>#message {font-family: courier; min-height: 3.1em;}
@@ -625,7 +646,7 @@ function Hash_Page() { //******************************************************
 	<h2>Generate a Password Hash</h2>
 	
 	<form id="hash" name="hash" method="post" action="<?php echo $ONESCRIPT.$param1.'&amp;p=hash'; ?>">
-		<?php echo $INPUT_SESSIONID; ?>
+		<?php echo $INPUT_NUONCE; ?>
 		Password to hash:
 		<input type="text" name="whattohash" id="whattohash" value="<?php echo htmlspecialchars($_POST["whattohash"]) ?>">
 		<?php Cancel_Submit_Buttons('Generate hash', 'whattohash') ?>
@@ -752,7 +773,7 @@ function Login_response() { //**************************************************
 
 
 
-function list_files() { // ...in a vertical table ******************************
+function List_Files() { // ...in a vertical table ******************************
 //called from Index Page
 
 	global $ONESCRIPT, $ipath, $param1, $ftypes, $fclasses, $excluded_list;
@@ -788,7 +809,7 @@ function list_files() { // ...in a vertical table ******************************
 		}//end if !is_dir...
 	}//end foreach file
 	echo '</table>';
-}//end list_files() ************************************************************
+}//end List_Files() ************************************************************
 
 
 
@@ -809,7 +830,7 @@ function Index_Page(){ //*******************************************************
 
 	Upload_New_Rename_Delete_Links();
 
-	list_files();
+	List_Files();
 
 	Upload_New_Rename_Delete_Links();
 
@@ -820,7 +841,8 @@ function Index_Page(){ //*******************************************************
 
 function Edit_Page_Buttons($text_editable, $too_large_to_edit) { //*************
 	global $ONESCRIPT, $param1, $param2;
-	$ACTION = "parent.location = '".$ONESCRIPT.$param1.$param2.'&amp;p=';
+	$Button = '<input type="button" class="button" value=';
+	$ACTION = 'onclick="parent.location = \''.$ONESCRIPT.$param1.$param2.'&amp;p=';
 ?>
 	<p class="buttons_right">
 	<?php if ($text_editable && !$too_large_to_edit) { //Show save & reset only if editable file ?> 
@@ -833,10 +855,10 @@ function Edit_Page_Buttons($text_editable, $too_large_to_edit) { //*************
 			document.getElementById('reset').disabled     = "disabled";
 		</script>
 	<?php } ?>
-	<input type="button" class="button" value="Rename/Move" onclick="<?php echo $ACTION.'rename' ?>'">
-	<input type="button" class="button" value="Copy"        onclick="<?php echo $ACTION.'copy' ?>'  ">
-	<input type="button" class="button" value="Delete"      onclick="<?php echo $ACTION.'delete' ?>'">
-	<input type="button" class="button close" value="Close" onclick="parent.location = '<?php echo $ONESCRIPT.$param1 ?>'">
+	<?php echo $Button.'"Rename/Move" '.$ACTION ?>rename'">
+	<?php echo $Button.'"Copy"        '.$ACTION ?>copy'"  >
+	<?php echo $Button.'"Delete"      '.$ACTION ?>delete'">
+	<?php echo $Button.'"Close"       ' ?>onclick="parent.location = '<?php echo $ONESCRIPT.$param1 ?>'">
 	</p>
 <?php
 }//end Edit_Page_Buttons()******************************************************
@@ -846,10 +868,10 @@ function Edit_Page_Buttons($text_editable, $too_large_to_edit) { //*************
 
 //******************************************************************************
 function Edit_Page_form($ext, $text_editable, $too_large_to_edit, $too_large_to_edit_message){ 
-	global $ONESCRIPT, $param1, $param2, $param3, $filename, $itypes, $INPUT_SESSIONID, $EX, $message, $MAX_IDLE_TIME;
+	global $ONESCRIPT, $param1, $param2, $param3, $filename, $itypes, $INPUT_NUONCE, $EX, $message, $MAX_IDLE_TIME;
 ?>
 	<form id="edit_form" name="edit_form" method="post" action="<?php echo $ONESCRIPT.$param1.$param2.$param3 ?>">
-		<?php echo $INPUT_SESSIONID; ?>
+		<?php echo $INPUT_NUONCE; ?>
 <?php
 		if ( !in_array( strtolower($ext), $itypes) ) { //If non-image, show textarea
 
@@ -883,16 +905,20 @@ function Edit_Page_form($ext, $text_editable, $too_large_to_edit, $too_large_to_
 
 	if ($text_editable && !$too_large_to_edit && !$bad_chars) {
 		Edit_Page_scripts();
-		echo '<div id="edit_note">NOTES:<ol>';
-		//$MAX_IDLE_MINUTES = (round($MAX_IDLE_TIME/60)).' minutes '.(fmod($MAX_IDLE_TIME,60)).' seconds.';
-		$MAX_IDLE_MINUTES = round($MAX_IDLE_TIME/60,1);
+		$SEC = fmod($MAX_IDLE_TIME,60);  if ($SEC == 0) { $SEC = "00"; };
+		$MIN = floor($MAX_IDLE_TIME/60); if ($MIN == 0) { $MIN = "00"; };
+		$MAX_MIN_SEC = $MIN.':'.$SEC;
 ?>
-		<li><b>Remember- your $MAX_IDLE_TIME is <?php echo $MAX_IDLE_MINUTES ?> minutes.</b>
-		(Page time: <script>FileTimeStamp(<?php echo time(); ?>, 0, 0)</script>)<br>
-		In other words, if you are making changes, <b>save your file at least that often, or the changes will be lost</b>.
+		<div id="edit_notes">NOTES:<ol>
+		<li><b>Remember- your $MAX_IDLE_TIME is <?php echo $MAX_MIN_SEC ?>.
+		<?php Timeout_Timer('timer', 'xtra'); ?> <?php // Countdown to session timeout...?>
+		So save changes before the clock runs out, or the changes will be lost!</b><br>
+
+		<?php //The following line is just a static time stamp of when the idle time runs out. ?>
+		<?php //echo '<b class="xtra">&nbsp;<script>FileTimeStamp('.(time()+$MAX_IDLE_TIME).', 0, 0)</script>  </b>,'?>
 
 		<li>On some browsers, such as Chrome, if you click the browser [Back] then browser [Forward] (or vice versa), the file state may not be accurate.  To correct, click the browser's [Reload].
-		<li>Under certain circumstances, Chrome's XSS filters may disable some javascript in a page if the page even <i>appears</i> to contain inline javascript.  This can affect certain features of the OneFileCMS edit page when editing files that actually contain such code, such as OneFileCMS itself.  However, such files can still be edited and saved with OneFileCMS.  The primary function lost is the incidental change of background colors (red/green) indicating whether or not the file has unsaved changes.  The issue will not be noticed after the first save of such a file.
+		<li>Chrome's XSS filters may disable some javascript in a page if the page even <i>appears</i> to contain inline javascript in certain contexts.  This can affect some features of the OneFileCMS edit page when editing files that legitimately contain such code, such as OneFileCMS itself.  However, such files can still be edited and saved with OneFileCMS.  The primary function lost is the incidental change of background colors (red/green) indicating whether or not the file has unsaved changes.  The issue will be noticed after the first save of such a file.
 		</div>
 <?php
 	}
@@ -939,7 +965,7 @@ function Edit_Page() { //*******************************************************
 	<span class="meta_time">Updated: <script>FileTimeStamp(<?php echo filemtime($filename); ?>, 1, 1);</script></span><br>
 	</p>
 
-	<input type="button" id="close1" class="button close" value="Close" onclick="parent.location = '<?php echo $ONESCRIPT.$param1 ?>'">
+	<input type="button" id="close1" class="button" value="Close" onclick="parent.location = '<?php echo $ONESCRIPT.$param1 ?>'">
 	<script>document.getElementById('close1').focus();</script>
 	<div style="clear:both;"></div>
 <?php
@@ -979,7 +1005,7 @@ function Edit_response(){ //***If on Edit page, and [Save] clicked *************
 
 
 function Upload_Page() { //*****************************************************
-	global $ONESCRIPT, $ipath, $param1, $INPUT_SESSIONID;
+	global $ONESCRIPT, $ipath, $param1, $INPUT_NUONCE;
 
 	//Determine $MAX_FILE_SIZE to upload
 	$upload_max_filesize = ini_get('upload_max_filesize'); //This should be < post_max_size,
@@ -1002,7 +1028,7 @@ function shorthand_to_int($SHORTHAND){ //*******************
 	<h2>Upload File</h2>
 	<p>Note: Maximum upload file size is: <?php echo $max_msg; ?></p>
 	<form enctype="multipart/form-data" action="<?php echo $ONESCRIPT.$param1; ?>&amp;p=uploaded" method="post">
-		<?php echo $INPUT_SESSIONID; ?>
+		<?php echo $INPUT_NUONCE; ?>
 		<input type="hidden" name="MAX_FILE_SIZE" value="<?php echo $MAX_FILE_SIZE ?>"> 
 		<input type="hidden" name="upload_destination" value="<?php echo htmlspecialchars($ipath); ?>" >
 		<input type="file"   name="upload_file" id="upload_file" size="100">
@@ -1335,13 +1361,53 @@ function Load_Selected_Page(){ //***********************************************
 
 
 
-//******************************************************************************
-function Time_Stamp_scripts() {  ?>
-
-<script>//Dispaly file's timestamp in user's local time 
+function Timer_scripts() { //***************************************************
+?><script>
 
+//pad() is also used by the Time_Stamp_scripts()
 function pad(num){ if ( num < 10 ){ num = "0" + num; }; return num; }
 
+function UpdateTimer() {
+
+	var Seconds = countdown ;
+
+	var Days = Math.floor(Seconds / 86400); Seconds = Seconds % 86400;
+	var Hours = Math.floor(Seconds / 3600); Seconds = Seconds % 3600;
+	var Minutes = Math.floor(Seconds / 60); Seconds = Seconds % 60;
+
+	if (Days == 0) { Days = "" }else{ Days = Days + "d :"}
+	if (Days == 0 && Hours == 0){ Hours = ""}else{ Hours = pad(Hours) + ":"}
+
+	var Time_Left = Days + Hours + pad(Minutes) + ":" + pad(Seconds);
+
+	Timer.innerHTML = Time_Left;
+}
+
+
+function timer() {
+
+	//If your pc was suspended or hibernated, the js timer doesn't know that...
+	//This will also account for poor timing by the timer() & setInterval()...
+	current_time = Math.round(new Date().getTime()/1000); //js uses milliseconds
+	if ( (SESSION_last_active_time + MAX_IDLE_TIME) < current_time ) { countdown = 0 ; }
+
+	if ( --countdown < 1) {
+		Timer.innerHTML = 'SESSION EXPIRED';
+		alert('The session was terminated due to inactivity.');
+		clearInterval(counter);
+		return;
+	}
+	UpdateTimer();
+}
+</script>
+<?php }//end Timer_scripts() ***************************************************
+
+
+
+
+function Time_Stamp_scripts() { //**********************************************
+?>
+<script>//Dispaly file's timestamp in user's local time 
 
 function FileTimeStamp(php_filemtime, show_date, show_offset){
 
@@ -1380,12 +1446,12 @@ function FileTimeStamp(php_filemtime, show_date, show_offset){
 
 }//end FileTimeStamp(php_filemtime)
 </script>
-<?php }//end Time_Stamp_scripts() ******************************************
+<?php }//end Time_Stamp_scripts() **********************************************
 
 
 
 
-function Edit_Page_scripts() { //********************************************
+function Edit_Page_scripts() { //***********************************************
 ?>
 	<!--======== Provide feedback re: unsaved changes ========-->
 	<script>
@@ -1411,7 +1477,7 @@ function Edit_Page_scripts() { //********************************************
 
 	function Reset_file_status_indicators() {
 		changed = false;
-		File_textarea.style.backgroundColor = "#eFe";  //light green
+		File_textarea.style.backgroundColor = "#F6FFF6";  //light green
 		Save_File_button.style.backgroundColor = "";
 		Save_File_button.style.borderColor = "";
 		Save_File_button.style.borderWidth = "1px";
@@ -1488,8 +1554,7 @@ function Reset_File() {
 	
 	Reset_file_status_indicators()
 	</script>
-
-<?php }//End Edit_Page_scripts() ********************************************
+<?php }//End Edit_Page_scripts() ***********************************************
 
 
 
@@ -1689,7 +1754,7 @@ function style_sheet(){ //****************************************************?>
 	height: 30em;
 	}
 
-textarea:focus { border: 1px solid #Faa; }
+textarea:focus { border: 1px solid #Fdd; }
 
 .edit_disabled { 
 	border : 1px solid #807568;
@@ -1714,7 +1779,7 @@ function style_sheet(){ //****************************************************?>
 
 
 .buttons_right         { float: right; }
-.buttons_right .button { margin-left: 7px; }
+.buttons_right .button { margin-left: .5em; }
 
 .button {
 	border : 1px solid #807568;
@@ -1762,9 +1827,9 @@ function style_sheet(){ //****************************************************?>
 
 .file_meta	  {float: left;  margin-top: .5em; font-size: 1em; color: #333; font-family: courier;}
 
-.close        {float: right; margin-bottom: .5em;}
+#close1       {float: right; margin-bottom: .5em;}
 
-#edit_note    {font-size: .8em; color: #444 ;margin-top: 1em; clear:both;}
+#edit_notes   {font-size: .8em; color: #333 ;margin-top: 1em; clear:both;}
 
 
 
@@ -1832,12 +1897,16 @@ function style_sheet(){ //****************************************************?>
 
 .info {margin-top: .7em; background: #f9f9f9; padding: .2em .5em;}
 
-.path {padding: 3px 5px 3px 5px} /*TRBL*/
+.path {padding: 1px 5px 1px 5px} /*TRBL*/
 
 .edit_onefile {padding: 5px; float: right;}
 
-</style>
+.xtra {color: red; background: white; font-weight: bold;}
 
+#timer {border: 1px solid gray; padding: .1em .5em;}
+
+.timeout {float:right; font-size: .95em; color: #333}
+</style>
 <?php }//end style_sheet() *****************************************************
 
 
@@ -1921,6 +1990,8 @@ function style_sheet(){ //****************************************************?>
 
 <?php if ( ($page == "index") || ($page == "edit") ) { Time_Stamp_scripts(); } ?>
 
+<?php Timer_scripts() ?>
+
 </head>
 <body>
 
@@ -1949,8 +2020,16 @@ function style_sheet(){ //****************************************************?>
 
 <hr>
 
-<?php if ( ($page != "hash") && ($_SESSION['valid']) ){ 
-		echo '<a id="admin" href="'.$ONESCRIPT.$param1.$param2.'&amp;p=hash">Admin</a>'; }
+<?php
+//Admin link
+if ( ($page != "hash") && ($_SESSION['valid']) ){
+echo '<a id="admin" href="'.$ONESCRIPT.$param1.$param2.'&amp;p=hash">Admin</a>'; }
+
+//Countdown timer...
+if ( $page != "edit" && $page != login) {
+	Timeout_Timer('timer', 'timeout');
+	echo '<span class="timeout">Session time out in:&nbsp;</span>';
+} 
 ?>
 
 </div><!-- end container/login_page -->
diff --git a/readme.markdown b/readme.markdown
index aabc424..36ed610 100755
--- a/readme.markdown
+++ b/readme.markdown
@@ -1,5 +1,11 @@
-### June 23, 2012
+### June 25, 2012
 
+### Unable to upload current version to the download page.
+
+- If you are interested in obtaining the current version - 3.2.0, just get it from the list of project files.  For some reason, whenever I try to upload it to the download page, I get the error:  
+  "Something went wrong that shouldn't have. Please try again or contact support if the problem persists."  
+  
+  
 Most of the recent changes have been to increase login and session security. However, I'm slowly learning that there's only so much that can be done, particulary when the base connection is un-encrypted.   Online security, it seems, is a nebulous subject of a rather dubious nature.  Never-the-less, I have tried to do those things that can be done.  
 
 So, for those that care, here is a synopsis of the measures that have been employed:
@@ -18,7 +24,7 @@ Now, keep in mind that while, individually, any one of these measures may not pr
   
 Lastly, always remember that some of the most important security measures concern user behavior - such as avoiding the use of un-encrypted wifi connections...
   
-# Current stable version: 3.1.9.06
+# Current stable version: 3.2.0
 
 - 3.0+ : "Full" version - uses svg icons
 - 2.0+ : "Lite" version - uses no icons.
@@ -164,6 +170,12 @@ GENERATE THE PAGE
 
 ## Change Log
 
+### 3.2.0
+
+- Added a few security improvements.
+- Added "timeout" timer as a warning to save edits before they're lost.
+
+
 ### 3.1.9
 
 - Password may now be stored as an encrypted hash, instead of in plain text.

From 453be0b5dcdaa5765b223a09d35241acde80ec70 Mon Sep 17 00:00:00 2001
From: David <selfevidenttruths@mail.com>
Date: Wed, 27 Jun 2012 17:00:25 -0400
Subject: [PATCH 089/228] Version 3.2.0 Fixin' file timestamps (bringin'  'em
 back from the future)  (Don't know how they got there...)

---
 OneFileCMS_structure.txt | 16 +++++++++-------
 onefilecms.php           |  1 +
 readme.markdown          |  1 +
 3 files changed, 11 insertions(+), 7 deletions(-)

diff --git a/OneFileCMS_structure.txt b/OneFileCMS_structure.txt
index 9b89851..1773e5e 100755
--- a/OneFileCMS_structure.txt
+++ b/OneFileCMS_structure.txt
@@ -8,6 +8,7 @@ OTHER GLOBAL VALUES
 
 MISC FUNCTIONS:
 	Session_Startup()
+        Verify_IDLE_POST_etc()
 	hashit()
 	undo_magic_quotes()
 	Get_GET()
@@ -56,17 +57,17 @@ PAGE & RESPONSE FUNCTIONS:
 	Edit_Page_form()
 	Edit_Page()
 	Edit_Page_response()
-	Upload_Page()
+	Upload_Page()
 	Upload_response()
-	New_File_Page()
+	New_File_Page()
 	New_File_response() 
-	Copy_Ren_Move_Page()
+	Copy_Ren_Move_Page()
 	Copy_Ren_Move_response()
-	Delete_File_Page()
+	Delete_File_Page()
 	Delete_File_response()
-	New_Folder_Page()
+	New_Folder_Page()
 	New_Folder_response()
-	Delete_Folder_Page()
+	Delete_Folder_Page()
 	Delete_Folder_response() 
 	Page_Title()
 	Load_Selected_Page()
@@ -86,4 +87,5 @@ LOGIC TO DETERMINE PAGE ACTION
 		Do $_POST['someaction'] (<someaction>_response)
 	Validate $page to show
 	
-GENERATE/OUTPUT <HTML>...
+GENERATE/OUTPUT <HTML>...  
+  
diff --git a/onefilecms.php b/onefilecms.php
index e82a4d0..3d5542b 100755
--- a/onefilecms.php
+++ b/onefilecms.php
@@ -2035,3 +2035,4 @@ function style_sheet(){ //****************************************************?>
 </div><!-- end container/login_page -->
 </body>
 </html>
+ 
\ No newline at end of file
diff --git a/readme.markdown b/readme.markdown
index 36ed610..6b821ba 100755
--- a/readme.markdown
+++ b/readme.markdown
@@ -311,3 +311,4 @@ GENERATE THE PAGE
 ### 1.0 (9/5/09)
 
 - Launch!
+ 
\ No newline at end of file

From 0fb7ae4fa035b99f5384d872e9a1c4a73394e932 Mon Sep 17 00:00:00 2001
From: David <selfevidenttruths@mail.com>
Date: Thu, 28 Jun 2012 18:03:52 -0400
Subject: [PATCH 090/228] Version 3.2.01 Improved Timeout_Timer(), & adjusted
 css classes Session_Startup: split up & created Verify_IDLE_POST_etc().
 Edit_Page(): Minor correction to max idle time as displayed. Edit_Page():
 Moved 2nd countdown timer to next to [Save]. Login_response(): Ignore login
 attempt if both u/n & p/w are blank. Login_response(): Improved logic of
 login delay messages. Login_response(): Removed clearstatcache().  Shouldn't
 be needed. Login_response(): Added $_SESSION = array(); Login_response():
 Added Timeout_Timer to "Please wait..." $message Some css tweakin'
 Updated/improved various //comments

---
 OneFileCMS_structure.txt |   4 +-
 onefilecms.php           | 309 ++++++++++++++++++++-------------------
 readme.markdown          |  24 ++-
 3 files changed, 169 insertions(+), 168 deletions(-)

diff --git a/OneFileCMS_structure.txt b/OneFileCMS_structure.txt
index 1773e5e..3f59ff9 100755
--- a/OneFileCMS_structure.txt
+++ b/OneFileCMS_structure.txt
@@ -8,7 +8,7 @@ OTHER GLOBAL VALUES
 
 MISC FUNCTIONS:
 	Session_Startup()
-        Verify_IDLE_POST_etc()
+	Verify_IDLE_POST_etc()
 	hashit()
 	undo_magic_quotes()
 	Get_GET()
@@ -51,7 +51,7 @@ PAGE & RESPONSE FUNCTIONS:
 	Logout()
 	Login_Page()
 	Login_Page_response()
-	list_files()
+	List_Files()
 	Index_Page()
 	Edit_Page_Buttons()
 	Edit_Page_form()
diff --git a/onefilecms.php b/onefilecms.php
index 3d5542b..cc225b9 100755
--- a/onefilecms.php
+++ b/onefilecms.php
@@ -1,7 +1,7 @@
 <?php 
 // OneFileCMS - github.com/Self-Evident/OneFileCMS
 
-$version = '3.2.0';
+$version = '3.2.1';
 
 /*******************************************************************************
 Copyright © 2009-2012 https://github.com/rocktronica
@@ -56,7 +56,7 @@
 
 $MAX_ATTEMPTS  = 3;   //Max failed login attempts before LOGIN_DELAY starts.
 $LOGIN_DELAY   = 10;  //In seconds.
-$MAX_IDLE_TIME = 600; //In seconds. 600 = 10 minutes.  Other PHP settings can limit its max effective value.
+$MAX_IDLE_TIME = 600; //In seconds. 600 = 10 minutes.  Other PHP settings may limit its max effective value.
 					  //  For instance, 24 minutes is the PHP default for garbage collection.
 $MAX_IMG_W   = 810;  // Max width to display images. (page container = 810)
 $MAX_IMG_H   = 1000; // Max height.  I don't know, it just looks reasonable.
@@ -72,10 +72,10 @@
 $config_ftypes = "bin,jpg,gif,png,bmp,ico,svg,txt,cvs,css,php,ini,cfg,conf,asp,js ,htm,html"; // _ftype & _fclass must have same
 $config_fclass = "bin,img,img,img,img,img,svg,txt,txt,css,php,txt,cfg,cfg ,txt,txt,htm,htm";  // number of values. bin is default.
 
-$EX = '<b>( ! )</b>'; //"EXclaimation point" icon Used in $message's
+$EX = '<b>( ! )</b>'; //EXclaimation point "icon" Used in $message's
 
-$SESSION_NAME = 'OFCMS'; //Also the cookie name. Don't use default ('PHPSESSID')
-// END CONFIGURABLE INFO *******************************************************
+$SESSION_NAME = 'OFCMS'; //Also the cookie name. Change if using multiple copies of OneFileCMS.
+// End CONFIGURABLE INFO *******************************************************
 
 
 
@@ -83,7 +83,7 @@
 //******************************************************************************
 //Some global system values
 
-ini_set('session.gc_maxlifetime', $MAX_IDLE_TIME); //in case the default is less.
+ini_set('session.gc_maxlifetime', $MAX_IDLE_TIME + 100); //in case the default is less.
 
 //PHP_VERSION_ID is better to use when checking current version as it's an actual number, not a string.
 if (!defined('PHP_VERSION_ID')) {            //PHP_VERSION_ID only available since 5.2.7
@@ -116,7 +116,7 @@
 
 function Session_Startup() {//**************************************************
 	global $USERNAME, $PASSWORD, $USE_HASH, $HASHWORD, $EX, $message , $page, $VALID_POST, $MAX_IDLE_TIME, $SESSION_NAME;
-
+ 
 	$limit    = 0; //0 = session.  
 	$path     = dirname($_SERVER['SCRIPT_NAME']);
 	$domain   = ''; // '' = hostname
@@ -135,36 +135,45 @@ function Session_Startup() {//**************************************************
 	//Logging in?
 	if ( isset($_POST["username"]) || isset($_POST["password"]) ) { Login_response(); }
 
+	session_regenerate_id(true); //Helps prevent session fixation & hijacking.
+
+	if ( $_SESSION['valid'] ) { Verify_IDLE_POST_etc(); }
+	
+	$_SESSION['nuonce'] = sha1(mt_rand().microtime()); //provided in <forms> to verify POST
+
+	chdir($_SERVER["DOCUMENT_ROOT"]); //Allow OneFileCMS.php to be started from any dir on the site.
+}//End Session_Startup() *******************************************************
+
+
+
+
+function Verify_IDLE_POST_etc() { //********************************************
+	global $EX, $message, $VALID_POST, $MAX_IDLE_TIME;
+
 	//Verify consistant user agent... (every little bit helps a little bit) 
-	if ( $_SESSION['valid'] && ($_SESSION['USER_AGENT'] != $_SERVER['HTTP_USER_AGENT']) ) { Logout(); return; }
+	if ( ($_SESSION['USER_AGENT'] != $_SERVER['HTTP_USER_AGENT']) ) { Logout(); }
 
 	//Check idle time
- 	if ( $_SESSION['valid'] && isset($_SESSION['last_active_time']) ) {
+ 	if ( isset($_SESSION['last_active_time']) ) {
 		$idle_time = ( time() - $_SESSION['last_active_time'] );
 		if ( $_SESSION['valid'] && ($idle_time > $MAX_IDLE_TIME) ) {
 			Logout();
-			$message .= 'Max idle time exceeded... <br>';
-			return;
+			$message .= 'Session expired. <br>';
 		}
 	}
-	$_SESSION['last_active_time'] = time() ;
+
+	$_SESSION['last_active_time'] = time();
 
 	//If POSTing, verify...
-	if ( $_SESSION['valid'] && isset($_POST['nuonce']) ) { 
+	if ( isset($_POST['nuonce']) ) { 
 		if ( $_POST['nuonce'] == $_SESSION['nuonce'] ) {
 			$VALID_POST = 1;
 		}else{
 			Logout();
 			$message .= $EX.' <b>INVALID POST</b><br>';
-			return;
 		}
 	}
-
-	session_regenerate_id(true);
-	$_SESSION['nuonce'] = sha1(mt_rand().microtime()); //provided in <forms> to verify POST
-
-	chdir($_SERVER["DOCUMENT_ROOT"]); //Allow OneFileCMS.php to be started from any dir on the site.
-}//End Session_Startup() *******************************************************
+}//end Verify_IDLE_POST_etc() //************************************************
 
 
 
@@ -243,7 +252,7 @@ function Check_path($path) { // returns first valid path in some/supplied/path/
 	$path = str_replace('\\','/',$path);   //Make sure all forward slashes.
 	$path = trim($path,"/ ."); // trim slashes, dots, and spaces
 
-	//Remove any '.' and '..' parts of the path.  Causes issues in <h2>www \ current \ path \</h2>
+	//Remove any '.' and '..' parts of the path.  Causes issues in <h2>www / current / path /</h2>
 	$pathparts = explode( '/', $path);
 	$len       = count($pathparts);
 	$path      = "";  //Cleaned path.
@@ -386,14 +395,13 @@ function Cancel_Submit_Buttons($submit_label, $focus) { //**********************
 	// [Cancel] returns to either the index, or edit page.
 	if ($filename == "") {$params = "";}else{ $params = $param2.'&amp;p=edit'; }
 ?>
-	<p></p>
+	<p> 
 	<input type="button" class="button" id="cancel" name="cancel" value="Cancel"
 		onclick="parent.location = '<?php echo $ONESCRIPT.$param1.$params ?>'">
 	<input type="submit" class="button" value="<?php echo $submit_label;?>" style="margin-left: 1.3em;">
-
-<?php
+<?php 
 	if ($focus != ""){ echo '<script>document.getElementById("'.$focus.'").focus();</script>'; }
-
+	//Do not close the <p> tag yet/here. Need to leave it open for edit btn on hash page.
 }// End Cancel_Submit_Buttons() //**********************************************
 
 
@@ -437,23 +445,13 @@ function show_favicon(){ //*****************************************************
 
 
 
-function Timeout_Timer($TIMER, $CLASS) { //***************************************************
-	global $MAX_IDLE_TIME;
-?> 
-	<span id='<?php echo $TIMER ?>' class='<?php echo $CLASS ?>'></span>
-	<script>
-		// Setup the countdown timer
-		var SESSION_last_active_time = <?php echo $_SESSION['last_active_time'] ?>;
-		var MAX_IDLE_TIME = <?php echo $MAX_IDLE_TIME ?>; //value also used in timer()
-		var countdown = MAX_IDLE_TIME;  //start value for countdown
-		var Timer = document.getElementById("<?php echo $TIMER ?>");
-		UpdateTimer(); //initialize display
-
-		//start the timer()
-		var counter = setInterval("timer()",1000); //1000 = 1 second 
-	</script>
-<?php
-} //end Timeout_Timer() //******************************************************
+function Timeout_Timer($COUNT, $ID, $CLASS, $ACTION) { //************************
+
+	return 	'<script>'.
+			'Start_Countdown('.$COUNT.', "'.$ID.'", "'.$CLASS.'", "'.$ACTION.'");'.
+			'</script>';
+
+} //end Timeout_Timer() **************************************************
 
 
 
@@ -661,7 +659,7 @@ function Hash_Page() { //******************************************************
 
 	<p>Keep in mind that due to a number of widely varied considerations, this is largely an academic excersize. 
 	That is, take the idea that this adds much of an improvement to security with a grain of cryptographic salt.
-	However, it does eleminate the storage of your password in plain text, which is definitely an improvement.*
+	However, it does eleminate the storage of your password in plain text, which is always a good thing.*
 
 	<p>Anyway, to use the $HASHWORD password option:
 	<ol><li>Type your desired password in the input field above and hit Enter.<br>
@@ -693,7 +691,7 @@ function Hash_response() { //***************************************************
 
 
 
-function Logout(){ //***********************************************************
+function Logout() { //**********************************************************
 	global $page;
 	session_regenerate_id(true);
 	session_unset();
@@ -708,7 +706,6 @@ function Logout(){ //***********************************************************
 
 
 
-
 function Login_Page() { //******************************************************
 	global $ONESCRIPT, $message;
 ?>
@@ -723,7 +720,7 @@ function Login_Page() { //******************************************************
 			<input type="password" name="password" id="password" class="login_input">
 		</p>
 			
-		<input type="submit" class="button" value="Enter">
+		<p><input type="submit" class="button" value="Enter"></p>
 	</form>
 	<script>document.getElementById('username').focus();</script>
 <?php 
@@ -736,36 +733,36 @@ function Login_response() { //**************************************************
 	global $USERNAME, $PASSWORD, $USE_HASH, $HASHWORD, $MAX_ATTEMPTS, $LOGIN_DELAY, 
 		   $EX, $message, $page, $LOGIN_ATTEMPTS;
 
-	$_SESSION['valid'] = 0; // Default to failed login.
+	$_SESSION = array();    //make sure it's empty
+	$_SESSION['valid'] = 0; //Default to failed login.
 
 	if (!is_file($LOGIN_ATTEMPTS)) { file_put_contents($LOGIN_ATTEMPTS, 0); }
-	$attempts          = (int)file_get_contents($LOGIN_ATTEMPTS); //Don't increment yet...
-	clearstatcache();
-	$elapsed           = time() - filemtime($LOGIN_ATTEMPTS);
+	$attempts = (int)file_get_contents($LOGIN_ATTEMPTS); //Don't increment yet...
+	$elapsed  = time() - filemtime($LOGIN_ATTEMPTS);
 
-	if ( ($attempts >= $MAX_ATTEMPTS) && ($elapsed < $LOGIN_DELAY) ){ //if already > max, 
-		$message .= $EX.' <b>Too many invalid login attempts. ('.$attempts.')</b><br>';
-		$message .= 'Please wait '.($LOGIN_DELAY - $elapsed) .' seconds to try again. ';
+	if ($attempts > 0) { $message .= '<b>There have been '.$attempts.' invalid login attempts.</b><br>';}
+	if ( ($attempts >= $MAX_ATTEMPTS) && ($elapsed < $LOGIN_DELAY) ){
+		$message .= 'Please wait '.Timeout_Timer(($LOGIN_DELAY - $elapsed), 'timer0', '', '').' seconds to try again. ';
 		return;
 	}
 
-	//Validate login attempt
-	if ($USE_HASH){ $VALID_PASSWORD = (hashit($_POST['password']) == $HASHWORD); }
-	else          { $VALID_PASSWORD = (       $_POST['password']  == $PASSWORD); }
+	//Validate password
+	if ($USE_HASH) { $VALID_PASSWORD = (hashit($_POST['password']) == $HASHWORD); }
+	else           { $VALID_PASSWORD = (       $_POST['password']  == $PASSWORD); }
 
-	if ( $VALID_PASSWORD && ($_POST['username'] == $USERNAME) ) {
+	//validate login.  Ignore attempt if username & password are blank. 
+	if ( ($_POST['password'] == "") && ($_POST['username'] == "") )  { return;
+	}elseif ( $VALID_PASSWORD && ($_POST['username'] == $USERNAME) ) {
 		session_regenerate_id(true);
-		$_SESSION['USER_AGENT'] = $_SERVER['HTTP_USER_AGENT']; //for simple user consistancy check later.
+		$_SESSION['USER_AGENT'] = $_SERVER['HTTP_USER_AGENT']; //for user consistancy check.
 		$_SESSION['valid'] = 1;
 		$page = "index";
 		unlink($LOGIN_ATTEMPTS); //delete invalid attempt count file
 	}else{
 		file_put_contents($LOGIN_ATTEMPTS, ++$attempts); //increment & save attempt
+		$message  = $EX.' <b>INVALID LOGIN ATTEMPT #'.$attempts.'</b><br>';
 		if ($attempts >= $MAX_ATTEMPTS) {
-			$message .= $EX.' <b>INVALID LOGIN ATTEMPT #'.$attempts.'</b><br>';
-			$message .= 'Please wait '.$LOGIN_DELAY.' seconds to try again. ';
-		}else{
-			$message .= $EX.' <b>INVALID LOGIN ATTEMPT #'.$attempts.'</b> ';
+			$message .= 'Please wait '.Timeout_Timer($LOGIN_DELAY, 'timer0', '', '').' seconds to try again. ';
 		}
 	}
 }//end Login_response() //******************************************************
@@ -840,12 +837,13 @@ function Index_Page(){ //*******************************************************
 
 
 function Edit_Page_Buttons($text_editable, $too_large_to_edit) { //*************
-	global $ONESCRIPT, $param1, $param2;
+	global $ONESCRIPT, $param1, $param2, $MAX_IDLE_TIME;
 	$Button = '<input type="button" class="button" value=';
 	$ACTION = 'onclick="parent.location = \''.$ONESCRIPT.$param1.$param2.'&amp;p=';
 ?>
 	<p class="buttons_right">
 	<?php if ($text_editable && !$too_large_to_edit) { //Show save & reset only if editable file ?> 
+		<?php echo Timeout_Timer($MAX_IDLE_TIME, 'timer1','timer xtra', 'LOGOUT'); ?>
 		<input type="submit" class="button" value="Save"                  onclick="submitted = true;" id="save_file">
 		<input type="button" class="button" value="Reset - loose changes" onclick="Reset_File()"      id="reset">
 		<script>
@@ -903,26 +901,26 @@ function Edit_Page_form($ext, $text_editable, $too_large_to_edit, $too_large_to_
 
 		Edit_Page_Buttons($text_editable, $too_large_to_edit);
 
-	if ($text_editable && !$too_large_to_edit && !$bad_chars) {
-		Edit_Page_scripts();
-		$SEC = fmod($MAX_IDLE_TIME,60);  if ($SEC == 0) { $SEC = "00"; };
-		$MIN = floor($MAX_IDLE_TIME/60); if ($MIN == 0) { $MIN = "00"; };
-		$MAX_MIN_SEC = $MIN.':'.$SEC;
+		if ($text_editable && !$too_large_to_edit && !$bad_chars) {
+			Edit_Page_scripts();
+			$SEC = $MAX_IDLE_TIME;
+			$HRS = floor($SEC/3600);
+			$SEC = fmod($SEC,3600);
+			$MIN = floor($SEC/60);   if ($MIN < 10) { $MIN = "0".$MIN; };
+			$SEC = fmod($SEC,60);    if ($SEC < 10) { $SEC = "0".$SEC; };
+			$HRS_MIN_SEC = $HRS.':'.$MIN.':'.$SEC;
 ?>
-		<div id="edit_notes">NOTES:<ol>
-		<li><b>Remember- your $MAX_IDLE_TIME is <?php echo $MAX_MIN_SEC ?>.
-		<?php Timeout_Timer('timer', 'xtra'); ?> <?php // Countdown to session timeout...?>
-		So save changes before the clock runs out, or the changes will be lost!</b><br>
+			<div id="edit_notes">NOTES:<ol>
+			<li><b>Remember- your $MAX_IDLE_TIME is <?php echo $HRS_MIN_SEC ?>.
+			So save changes before the clock runs out, or the changes will be lost!</b><br>
 
-		<?php //The following line is just a static time stamp of when the idle time runs out. ?>
-		<?php //echo '<b class="xtra">&nbsp;<script>FileTimeStamp('.(time()+$MAX_IDLE_TIME).', 0, 0)</script>  </b>,'?>
+			<?php //The following line is just a static time stamp of when the idle time runs out. ?>
+			<?php //echo '<b class="xtra">&nbsp;<script>FileTimeStamp('.(time()+$MAX_IDLE_TIME).', 0, 0)</script>  </b>,'?>
 
-		<li>On some browsers, such as Chrome, if you click the browser [Back] then browser [Forward] (or vice versa), the file state may not be accurate.  To correct, click the browser's [Reload].
-		<li>Chrome's XSS filters may disable some javascript in a page if the page even <i>appears</i> to contain inline javascript in certain contexts.  This can affect some features of the OneFileCMS edit page when editing files that legitimately contain such code, such as OneFileCMS itself.  However, such files can still be edited and saved with OneFileCMS.  The primary function lost is the incidental change of background colors (red/green) indicating whether or not the file has unsaved changes.  The issue will be noticed after the first save of such a file.
-		</div>
-<?php
-	}
-?>
+			<li>On some browsers, such as Chrome, if you click the browser [Back] then browser [Forward] (or vice versa), the file state may not be accurate.  To correct, click the browser's [Reload].
+			<li>Chrome's XSS filters may disable some javascript in a page if the page even <i>appears</i> to contain inline javascript in certain contexts.  This can affect some features of the OneFileCMS edit page when editing files that legitimately contain such code, such as OneFileCMS itself.  However, such files can still be edited and saved with OneFileCMS.  The primary function lost is the incidental change of background colors (red/green) indicating whether or not the file has unsaved changes.  The issue will be noticed after the first save of such a file.
+			</div>
+		<?php } ?>
 	</form> 
 <?php 
 }//end Edit_Page_form() ********************************************************
@@ -1206,7 +1204,7 @@ function Delete_File_Page() { //************************************************
 	<?php echo $FORM_COMMON ?>
 		<input type="hidden" name="delete_file" value="<?php echo htmlspecialchars($filename); ?>" >
 		<span class="verify"><?php echo htmlentities(basename($filename)); ?></span>
-		<p class="sure"><b>Are you sure?</b></p>
+		<p><b>Are you sure?</b></p>
 		<?php Cancel_Submit_Buttons("DELETE", "cancel"); ?>
 	</form>
 <?php 
@@ -1292,7 +1290,7 @@ function Delete_Folder_Page(){ //***********************************************
 		<input type="hidden" name="delete_folder" value="<?php echo htmlspecialchars($ipath); ?>" >
 		<span class="web_root"><?php echo htmlentities($WEB_ROOT.Check_path(dirname($ipath))); ?></span><span 
 		class="verify"><?php echo htmlentities(basename($ipath)); ?></span> /
-		<p class="sure"><b>Are you sure?</b></p>
+		<p><b>Are you sure?</b></p>
 		<?php Cancel_Submit_Buttons("DELETE", "cancel"); ?>
 	</form>
 <?php 
@@ -1362,42 +1360,49 @@ function Load_Selected_Page(){ //***********************************************
 
 
 function Timer_scripts() { //***************************************************
-?><script>
-
+?>
+<script>
 //pad() is also used by the Time_Stamp_scripts()
 function pad(num){ if ( num < 10 ){ num = "0" + num; }; return num; }
 
-function UpdateTimer() {
-
-	var Seconds = countdown ;
 
-	var Days = Math.floor(Seconds / 86400); Seconds = Seconds % 86400;
+function FormatTime(Seconds) {
 	var Hours = Math.floor(Seconds / 3600); Seconds = Seconds % 3600;
 	var Minutes = Math.floor(Seconds / 60); Seconds = Seconds % 60;
+	if ((Hours == 0) && (Minutes == 0)) { Minutes = "" } else { Minutes = pad(Minutes) }
+	if (Hours == 0) { Hours = ""} else { Hours = pad(Hours) + ":"}
 
-	if (Days == 0) { Days = "" }else{ Days = Days + "d :"}
-	if (Days == 0 && Hours == 0){ Hours = ""}else{ Hours = pad(Hours) + ":"}
-
-	var Time_Left = Days + Hours + pad(Minutes) + ":" + pad(Seconds);
-
-	Timer.innerHTML = Time_Left;
+	return (Hours + Minutes + ":" + pad(Seconds));
 }
 
 
-function timer() {
+function Countdown(count, End_Time, Timer_ID, Timer_CLASS, Action){
+	var Timer        = document.getElementById(Timer_ID);
+	var Current_Time = Math.round(new Date().getTime()/1000); //js uses milliseconds
+	    count        = End_Time - Current_Time;
+	var params = count + ', "' + End_Time + '", "' + Timer_ID + '", "' + Timer_CLASS + '", "' + Action + '"';
 
-	//If your pc was suspended or hibernated, the js timer doesn't know that...
-	//This will also account for poor timing by the timer() & setInterval()...
-	current_time = Math.round(new Date().getTime()/1000); //js uses milliseconds
-	if ( (SESSION_last_active_time + MAX_IDLE_TIME) < current_time ) { countdown = 0 ; }
+	Timer.innerHTML = FormatTime(count);
 
-	if ( --countdown < 1) {
-		Timer.innerHTML = 'SESSION EXPIRED';
-		alert('The session was terminated due to inactivity.');
-		clearInterval(counter);
+	if ( count < 1 ) {
+		if ( Action == 'LOGOUT') { 
+			Timer.innerHTML = 'SESSION EXPIRED';
+			//Load login screen, but delay first to make sure really expired:
+			setTimeout('window.location = window.location.pathname',3000); //1000 = 1 second
+		}
 		return;
 	}
-	UpdateTimer();
+	setTimeout('Countdown(' + params + ')',1000);
+}
+
+
+function Start_Countdown(count, ID, CLASS, Action){
+	document.write('<span id="' + ID + '"  class="' + CLASS + '"></span>');
+
+	var Time_Start  = Math.round(new Date().getTime()/1000);
+	var Time_End    = Time_Start + count;
+
+	Countdown(count, Time_End, ID, CLASS, Action); //(seconds to count, id of element)
 }
 </script>
 <?php }//end Timer_scripts() ***************************************************
@@ -1571,7 +1576,7 @@ function style_sheet(){ //****************************************************?>
 
 body { font-size: 1em; background: #DDD; font-family: sans-serif; }
 
-p, table { margin-bottom: .5em; margin-top: .5em;}
+p, table { margin-bottom: .8em; margin-top: .8em;}
 
 div { position: relative; }
 
@@ -1596,7 +1601,7 @@ function style_sheet(){ //****************************************************?>
 
 svg { margin: 0; padding: 0; }
 
-pre { /*Used when trouble shooting around test output*/
+pre { /*Used around test output when trouble shooting*/
 	background: white;
 	border: 1px solid #807568;
 	padding: .5em;
@@ -1838,7 +1843,7 @@ function style_sheet(){ //****************************************************?>
 .login_page {
 	margin  : 5em auto;
 	border  : 1px solid #807568;
-	padding : 1em 1em 0 1em;
+	padding : .5em 1em .6em 1em;
 	width   : 370px;
 	}
 
@@ -1854,14 +1859,22 @@ function style_sheet(){ //****************************************************?>
 .login_page input[type="text"]{ width   : 364px; }
 
 
-/* --- --- --- */
-hr { 
+
+#upload_file {
+	border: 1px solid #807568;
+	padding: 2px;
+	width: 50em;
+	Xfont: 1em "Courier New", Courier, monospace;
+	}
+
+
+hr { /*-- -- -- -- -- -- --*/
 	line-height  : 0;
 	Xfont-size    : 1px;
 	display : block;
 	position: relative;
 	padding : 0;
-	margin  : 1em auto;
+	margin  : .8em auto;
 	width   : 100%;
 	clear   : both;
 	border  : none;
@@ -1870,8 +1883,6 @@ function style_sheet(){ //****************************************************?>
 	overflow: visible;
 	}
 
-.web_root { font:1em Courier; }
-
 .verify {
 	border: 1px solid #F44;
 	color: #333;
@@ -1880,30 +1891,23 @@ function style_sheet(){ //****************************************************?>
 	font: 1.2em Courier;
 	}
 
-.sure { margin: .7em 0em .5em 0; }
+#admin {padding: .3em;}
+
+.web_root { font:1em Courier; }
 
 .icon {float: left; margin: 0 .3em 0 0;}
 
 .mono {font-family: courier;}
 
-#upload_file {
-	border: 1px solid #807568;
-	padding: 2px;
-	width: 50em;
-	Xfont: 1em "Courier New", Courier, monospace;
-	}
-
-#admin {padding: .3em;}
-
 .info {margin-top: .7em; background: #f9f9f9; padding: .2em .5em;}
 
 .path {padding: 1px 5px 1px 5px} /*TRBL*/
 
 .edit_onefile {padding: 5px; float: right;}
 
-.xtra {color: red; background: white; font-weight: bold;}
+.xtra {color: red; background: #EEE;}
 
-#timer {border: 1px solid gray; padding: .1em .5em;}
+.timer {border: 1px solid gray; padding: 3px .5em 4px .5em;}
 
 .timeout {float:right; font-size: .95em; color: #333}
 </style>
@@ -1939,37 +1943,37 @@ function style_sheet(){ //****************************************************?>
 		elseif (isset($_POST["rename_folder"])) { Copy_Ren_Move_response($_POST[ "old_name"], $_POST["rename_folder"], 'rename', 'Rename/Move', 'Renamed/Moved', 0); } 
 		elseif (isset($_POST["delete_folder"])) { Delete_Folder_response(); }
 	}//end if ($VALID_POST) ****************************************************
-}
 
 
-//*** Verify valid $page and/or $filename **************************************
+	//*** Verify valid $page and/or $filename **********************************
 
-        //Don't load login screen if already in a valid session.
-if     ( ($page == "login") && ($_SESSION['valid']) ) { $page = "index"; }
+		//Don't load login screen if already in a valid session.
+	if     ( $_SESSION['valid'] && ($page == "login") )  { $page = "index"; }
 
 		//Don't load edit page if $filename doesn't exist.
-elseif ( ($page == "edit")  && !is_file($filename) )  { $page = "index"; }
+	elseif ( ($page == "edit")  && !is_file($filename) ) { $page = "index"; }
 
-elseif ($page == "logout") {
+	elseif ($page == "logout") {
 		Logout();
 		$message .= 'You have successfully logged out.'; }
 
 		//Don't load delete page if folder not empty.
-elseif ( ($page == "deletefolder") && !is_empty($ipath) ) {
-	   $message .= $EX.' <b>Folder not empty. &nbsp; Folders must be empty before they can be deleted.</b>';
-	   $page = "index";}
+	elseif ( ($page == "deletefolder") && !is_empty($ipath) ) {
+		$message .= $EX.' <b>Folder not empty. &nbsp; Folders must be empty before they can be deleted.</b>';
+		$page = "index";}
 
 		//if size of $_POST > post_max_size, PHP only returns empty $_POST & $_FILE arrays.
-elseif ($page == "uploaded" && !$VALID_POST){
-	   $message .= $EX.'<b> Upload Error.  Total POST data (mostly filesize) exceeded post_max_size = '.ini_get('post_max_size').' (from php.ini).</b>';
-	   $page = "index";}
-
-elseif ( ($page == "edit") && ($filename == trim(rawurldecode($ONESCRIPT), '/')) ) { 
-	   if ( $message == "" ){ $BR = ""; }else{ $BR = '<br>';}
-	   $message .= '<style>#message p {background: red; color: white;}</style>';
-	   $message .= $BR.$EX.' <b>CAUTION '.$EX.' You are editing the active copy of OneFileCMS - BACK IT UP &amp; BE CAREFUL !!</b>'; }
-
-//******************************************************************************
+	elseif ($page == "uploaded" && !$VALID_POST){
+		$message .= $EX.'<b> Upload Error.  Total POST data (mostly filesize) exceeded post_max_size = '.ini_get('post_max_size').' (from php.ini).</b>';
+		$page = "index";}
+
+	elseif ( ($page == "edit") && ($filename == trim(rawurldecode($ONESCRIPT), '/')) ) { 
+		if ( $message == "" ) { $BR = ""; } else { $BR = '<br>';}
+		$message .= '<style>#message p {background: red; color: white;}</style>';
+		$message .= $BR.$EX.' <b>CAUTION '.$EX.' You are editing the active copy of OneFileCMS - BACK IT UP &amp; BE CAREFUL !!</b>';
+	}
+	//**************************************************************************
+}//end if $_SESSION[valid] *****************************************************
 
 
 
@@ -1988,10 +1992,10 @@ function style_sheet(){ //****************************************************?>
 
 <?php style_sheet(); ?>
 
-<?php if ( ($page == "index") || ($page == "edit") ) { Time_Stamp_scripts(); } ?>
-
 <?php Timer_scripts() ?>
 
+<?php if ( ($page == "index") || ($page == "edit") ) { Time_Stamp_scripts(); } ?>
+
 </head>
 <body>
 
@@ -2012,27 +2016,26 @@ function style_sheet(){ //****************************************************?>
 	</div><div style="clear:both;"></div>
 </div><!-- end header -->
 
-<?php if ( $page != "login"  &&  $page != "hash" ){ Current_Path_Header(); } ?>
+<?php if ( $page != "login"  &&  $page != "hash" ) { Current_Path_Header(); } ?>
 
 <?php message_box() ?>
 
 <?php Load_Selected_Page() ?>
 
-<hr>
+<?php if ($page != "login") { echo '<hr>'; } ?>
 
 <?php
 //Admin link
-if ( ($page != "hash") && ($_SESSION['valid']) ){
-echo '<a id="admin" href="'.$ONESCRIPT.$param1.$param2.'&amp;p=hash">Admin</a>'; }
+if ( ($page != "login") && ($page != "hash") ){
+echo '<p><a id="admin" href="'.$ONESCRIPT.$param1.$param2.'&amp;p=hash">Admin</a>'; }
 
 //Countdown timer...
-if ( $page != "edit" && $page != login) {
-	Timeout_Timer('timer', 'timeout');
+if ( $page != "login" ) {
+	echo Timeout_Timer($MAX_IDLE_TIME, 'timer0', 'timer timeout', 'LOGOUT');
 	echo '<span class="timeout">Session time out in:&nbsp;</span>';
-} 
+}
 ?>
 
 </div><!-- end container/login_page -->
 </body>
 </html>
- 
\ No newline at end of file
diff --git a/readme.markdown b/readme.markdown
index 6b821ba..4b8e2a7 100755
--- a/readme.markdown
+++ b/readme.markdown
@@ -1,10 +1,4 @@
-### June 25, 2012
-
-### Unable to upload current version to the download page.
-
-- If you are interested in obtaining the current version - 3.2.0, just get it from the list of project files.  For some reason, whenever I try to upload it to the download page, I get the error:  
-  "Something went wrong that shouldn't have. Please try again or contact support if the problem persists."  
-  
+### June 28, 2012
   
 Most of the recent changes have been to increase login and session security. However, I'm slowly learning that there's only so much that can be done, particulary when the base connection is un-encrypted.   Online security, it seems, is a nebulous subject of a rather dubious nature.  Never-the-less, I have tried to do those things that can be done.  
 
@@ -24,10 +18,10 @@ Now, keep in mind that while, individually, any one of these measures may not pr
   
 Lastly, always remember that some of the most important security measures concern user behavior - such as avoiding the use of un-encrypted wifi connections...
   
-# Current stable version: 3.2.0
+# Current stable version: 3.2.1
 
-- 3.0+ : "Full" version - uses svg icons
-- 2.0+ : "Lite" version - uses no icons.
+- 3+ : "Full" version - uses svg icons
+- 2+ : "Lite" version - uses no icons.
 
 --------------------------------------------------------------------------------
 
@@ -100,9 +94,9 @@ Probably not, as that would also most likely make it more than "OneFile".
 
 ### Can I have more than one username/password?
 
-Well, indirectly - yes: Upload or create addional copies of OneFileCMS, but give them different file names.(ie: OneFile1.php and OneFile2.php etc...)  Then, with each copy, maintain different user names and passwords.  Also, so one user does not log out the other, change the session names set in session_startup().  
+Yes!  Well, sort of, indirectly.  Upload or create addional copies of OneFileCMS, but give them different file names.(ie: OneFile1.php and OneFile2.php etc...)  Then, with each copy, maintain different user names and passwords.  Also, so one user does not log out the other, change the session names.  
   
-Now, since there is no data base or other means of granular control and acess logging, multiple users may be kind of pointless.  On the other hand, having at least one working backup copy of OneFileCMS available is recommended in case the primary copy get's corrupted.
+Now, since there is no data base or other means of granular control and acess logging, multiple users may be kind of pointless.  On the other hand, having at least one working backup copy of OneFileCMS available is recommended in case the primary copy gets corrupted.
 
 ## Requirements
 
@@ -170,6 +164,11 @@ GENERATE THE PAGE
 
 ## Change Log
 
+### 3.2.1
+
+- Added timer to "Please wait..." message after too many invalid login attempts.
+- Mostly some misc code cleanup & improvement.
+	
 ### 3.2.0
 
 - Added a few security improvements.
@@ -311,4 +310,3 @@ GENERATE THE PAGE
 ### 1.0 (9/5/09)
 
 - Launch!
- 
\ No newline at end of file

From ec2eb2c25b3db7d7fe482f877bccf17f4804eb11 Mon Sep 17 00:00:00 2001
From: David <selfevidenttruths@mail.com>
Date: Thu, 28 Jun 2012 18:05:49 -0400
Subject: [PATCH 091/228] "Lite" Version 2.2.1

---
 onefilecms_lite.php | 1876 +++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 1876 insertions(+)
 create mode 100755 onefilecms_lite.php

diff --git a/onefilecms_lite.php b/onefilecms_lite.php
new file mode 100755
index 0000000..7d23883
--- /dev/null
+++ b/onefilecms_lite.php
@@ -0,0 +1,1876 @@
+<?php 
+// OneFileCMS - github.com/Self-Evident/OneFileCMS
+
+$version = '"Lite" 2.2.1';
+
+/*******************************************************************************
+Copyright © 2009-2012 https://github.com/rocktronica
+Copyright © 2012-     https://github.com/Self-Evident  David W. Gay
+
+This software is copyright under terms of the "MIT" license:
+
+Permission is hereby granted, free of charge, to any person obtaining a copy of
+this software and associated documentation files (the "Software"), to deal in
+the Software without restriction, including without limitation the rights to
+use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies
+of the Software, and to permit persons to whom the Software is furnished to do
+so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.
+*******************************************************************************/
+
+
+
+
+//Some basic security & error log settings
+ini_set('session.use_trans_sid', 0);    //make sure ULR supplied SESSID's are not used
+ini_set('session.use_only_cookies', 1); //Only defaults to 1 (enabled) from 5.3 on
+error_reporting(0); // or (E_ALL &~ E_STRICT) if display and/or log are on.
+ini_set('display_errors', 'off');
+ini_set('log_errors'    , 'off'); //Ok to turn on for trouble-shooting.
+ini_set('error_log'     , $_SERVER['SCRIPT_FILENAME'].'.log');
+//Determine good folder for session file? Default is tmp/, which is not secure.
+//session_save_path($safepath)  or  ini_set('session.save_path', $safepath) 
+
+
+
+
+// CONFIGURABLE INFO ***********************************************************
+$config_title     = "OneFileCMS";
+
+$USERNAME = 'username';
+
+$PASSWORD = 'password'; //If using $HASHWORD, you may leave this value empty.
+$USE_HASH = 0 ; // If = 0, use $PASSWORD. If = 1, use $HASHWORD. 
+$HASHWORD = 'c3e70af96ab1bfc5669280e98b438e1a8c08ca5e0bb3354c05ceaa6f339fd3f6'; //hash for "password"
+$SALT     = 'somerandomsalt';
+
+$MAX_ATTEMPTS  = 3;   //Max failed login attempts before LOGIN_DELAY starts.
+$LOGIN_DELAY   = 10;  //In seconds.
+$MAX_IDLE_TIME = 600; //In seconds. 600 = 10 minutes.  Other PHP settings may limit its max effective value.
+					  //  For instance, 24 minutes is the PHP default for garbage collection.
+$MAX_IMG_W   = 810;  // Max width to display images. (page container = 810)
+$MAX_IMG_H   = 1000; // Max height.  I don't know, it just looks reasonable.
+
+$MAX_EDIT_SIZE = 150000;  // Edit gets flaky with large files in some browsers.  Trial and error your's.
+$MAX_VIEW_SIZE = 1000000; // If file > $MAX_EDIT_SIZE, don't even view in OneFileCMS.
+                          // The default max view size is completely arbitrary. It was 2am and seemed like a good idea at the time.
+$config_favicon   = "/favicon.ico";
+$config_excluded  = ""; //files to exclude from directory listings- CaSe sEnsaTive!
+
+$config_etypes = "html,htm,xhtml,php,css,js,txt,text,cfg,conf,ini,csv,svg"; //Editable file types.
+$config_itypes = "jpg,gif,png,bmp,ico"; //image types to display on edit page.
+
+
+
+$EX = '<b>( ! )</b>'; //EXclaimation point "icon" Used in $message's
+
+$SESSION_NAME = 'OFCMS'; //Also the cookie name. Change if using multiple copies of OneFileCMS.
+// End CONFIGURABLE INFO *******************************************************
+
+
+
+
+//******************************************************************************
+//Some global system values
+
+ini_set('session.gc_maxlifetime', $MAX_IDLE_TIME + 100); //in case the default is less.
+
+//PHP_VERSION_ID is better to use when checking current version as it's an actual number, not a string.
+if (!defined('PHP_VERSION_ID')) {            //PHP_VERSION_ID only available since 5.2.7
+    $phpversion = explode('.', PHP_VERSION); //PHP_VERSION, however, available even in older versions. (but it's a string)
+    define('PHP_VERSION_ID', ($phpversion[0] * 10000 + $phpversion[1] * 100 + $phpversion[2]));
+}
+
+$ONESCRIPT = URLencode_path($_SERVER["SCRIPT_NAME"]);
+$DOC_ROOT  = $_SERVER["DOCUMENT_ROOT"].'/';
+$WEB_ROOT  = URLencode_path(basename($DOC_ROOT)).'/';
+$WEBSITE   = $_SERVER["HTTP_HOST"].'/';
+$LOGIN_ATTEMPTS = $DOC_ROOT.trim($_SERVER["SCRIPT_NAME"],'/').'.invalid_login_attempts';
+
+$valid_pages = array("hash", "login","logout","index","edit","upload","uploaded","newfile","copy","rename","delete","newfolder","renamefolder","deletefolder" );
+
+$INVALID_CHARS = '< > ? * : " | / \\'; //Illegal characters for file/folder names.
+$INVALID_CHARS_array = explode(' ', $INVALID_CHARS); // (Space deliminated)
+
+//Make arrays out of a few $config_variables for actual use later.
+//Also, remove spaces and make lowercase.
+$etypes   = explode(',', strtolower(str_replace(' ', '', $config_etypes))); //editable file types
+$itypes   = explode(',', strtolower(str_replace(' ', '', $config_itypes))); //images types to display
+
+
+$excluded_list = (explode(",", $config_excluded));
+//******************************************************************************
+
+
+
+
+function Session_Startup() {//**************************************************
+	global $USERNAME, $PASSWORD, $USE_HASH, $HASHWORD, $EX, $message , $page, $VALID_POST, $MAX_IDLE_TIME, $SESSION_NAME;
+ 
+	$limit    = 0; //0 = session.  
+	$path     = dirname($_SERVER['SCRIPT_NAME']);
+	$domain   = ''; // '' = hostname
+	$https    = false; 
+	$httponly = true;//true = unaccessable via javascript. Some XSS protection.
+	session_set_cookie_params($limit, $path, $domain, $https, $httponly);
+
+	session_name($SESSION_NAME);
+	session_start();
+
+	//Set initial defaults...
+	$page = 'login'; 
+	$VALID_POST = 0;
+	if ( !isset($_SESSION['valid']) ) { $_SESSION['valid'] = 0; }
+
+	//Logging in?
+	if ( isset($_POST["username"]) || isset($_POST["password"]) ) { Login_response(); }
+
+	session_regenerate_id(true); //Helps prevent session fixation & hijacking.
+
+	if ( $_SESSION['valid'] ) { Verify_IDLE_POST_etc(); }
+	
+	$_SESSION['nuonce'] = sha1(mt_rand().microtime()); //provided in <forms> to verify POST
+
+	chdir($_SERVER["DOCUMENT_ROOT"]); //Allow OneFileCMS.php to be started from any dir on the site.
+}//End Session_Startup() *******************************************************
+
+
+
+
+function Verify_IDLE_POST_etc() { //********************************************
+	global $EX, $message, $VALID_POST, $MAX_IDLE_TIME;
+
+	//Verify consistant user agent... (every little bit helps a little bit) 
+	if ( ($_SESSION['USER_AGENT'] != $_SERVER['HTTP_USER_AGENT']) ) { Logout(); }
+
+	//Check idle time
+ 	if ( isset($_SESSION['last_active_time']) ) {
+		$idle_time = ( time() - $_SESSION['last_active_time'] );
+		if ( $_SESSION['valid'] && ($idle_time > $MAX_IDLE_TIME) ) {
+			Logout();
+			$message .= 'Session expired. <br>';
+		}
+	}
+
+	$_SESSION['last_active_time'] = time();
+
+	//If POSTing, verify...
+	if ( isset($_POST['nuonce']) ) { 
+		if ( $_POST['nuonce'] == $_SESSION['nuonce'] ) {
+			$VALID_POST = 1;
+		}else{
+			Logout();
+			$message .= $EX.' <b>INVALID POST</b><br>';
+		}
+	}
+}//end Verify_IDLE_POST_etc() //************************************************
+
+
+
+
+function hashit($key){ //*******************************************************
+	//This is the super-secret stuff - Keep it secret, keep it safe!
+	//If you change anything here, or the $SALT, redo the hash for your password.
+	global $SALT;
+	$hash = hash('sha256', trim($key).$SALT); // trim off leading & trailing spaces.
+	for ( $x=0; $x < 1000; $x++ ) { $hash = hash('sha256', $hash.$SALT); }
+	return $hash;
+}//end hashit() ****************************************************************
+
+
+
+
+function undo_magic_quotes(){ //************************************************
+
+	function strip_array($var) {
+		if (is_array($var)) {return array_map("strip_array", $var); }
+		else                {return stripslashes($var); }
+	} //Note: stripslashes also handles cases when magic_quotes_sybase is on.
+
+	if (get_magic_quotes_gpc()) {
+		if (isset($_GET))    { $_GET     = strip_array($_GET);    }
+		if (isset($_POST))   { $_POST    = strip_array($_POST);   }
+		if (isset($_COOKIE)) { $_COOKIE  = strip_array($_COOKIE); }
+	}
+}//end undo_magic_quotes() *****************************************************
+
+
+
+
+function Get_GET() { //*** Get main parameters *********************************
+	// i=some/path/,  f=somefile.xyz,  p=somepage
+	global $ipath, $filename, $page, $valid_pages, $param1, $param2, $param3, $message, $EX;
+
+	undo_magic_quotes();
+
+	if (isset($_GET["i"])) { $ipath = Check_path($_GET["i"]); }else{ $ipath = ""; }
+
+	if (isset($_GET["f"])) {
+		$filename = $ipath.$_GET["f"];
+		if ( !is_file($filename) && $_SESSION['valid'] )//Set $message except for login page.
+			{ $message .= $EX.' <b>File does not exist:</b> '.htmlentities($filename).'<br>'; }
+		if ( !is_file($filename) ) { $filename = ""; $page = "index"; }
+	}else{ $filename = ""; }
+
+	if (isset($_GET["p"])) { $page = $_GET["p"]; } 
+	if (!in_array(strtolower($page), $valid_pages)) { $page = "index"; }
+
+	$param1 = '?i='.URLencode_path($ipath);
+	if ($filename == "") { $param2 = ""; }else{ $param2 = '&amp;f='.rawurlencode(basename($filename)); }
+	if ($page == ""    ) { $param3 = ""; }else{ $param3 = '&amp;p='.$page; }
+}//end Get_GET()****************************************************************
+
+
+
+
+function URLencode_path($path){ // don't encode the forward slashes ************
+	$TS = '';  // Trailing Slash/
+	if (substr($path, -1) == '/' ) { $TS = '/'; } //start with a $TS?
+	$path_array = explode('/',$path);
+	$path = "";
+	foreach ($path_array as $level) { $path .= rawurlencode($level).'/'; }
+	$path = rtrim($path,'/').$TS;  //end with $TS only if started with one
+	return $path;
+}//end URLencode_path($path) ***************************************************
+
+
+
+
+function Check_path($path) { // returns first valid path in some/supplied/path/
+	global $message, $EX;
+	$invalidpath = $path; //used for message if supplied $path doesn't exist.
+	$path = str_replace('\\','/',$path);   //Make sure all forward slashes.
+	$path = trim($path,"/ ."); // trim slashes, dots, and spaces
+
+	//Remove any '.' and '..' parts of the path.  Causes issues in <h2>www / current / path /</h2>
+	$pathparts = explode( '/', $path);
+	$len       = count($pathparts);
+	$path      = "";  //Cleaned path.
+	foreach ($pathparts as $value) { //(More reliable than str_replace(entire_string).)
+		if ( !(($value == '.') && (!value == '..')) ) { $path .= $value.'/'; }
+	}
+
+	$path = trim($path,"/"); // Remove -for now- final trailing slash.
+
+	if (strlen($path) < 1) { return ""; } //If at site root
+	else {
+		if (!is_dir($path) && (strlen($message) < 1))
+			{ $message .= $EX.' <b>Directory does not exist: '.htmlentities($invalidpath).'</b><br>'; }
+
+		while ( (strlen($path) > 0) && (!is_dir($path)) ) {
+			$path = dirname($path);
+		}
+
+		$path = $path.'/';
+		if ($path == './') { $path = ""; } // ./ means path not found, so clear for root.
+	}
+
+	return $path; 
+}//end Check_path() ************************************************************
+
+
+
+
+function is_empty($path){ //****************************************************
+	$empty = false;
+	$dh = opendir($path);
+	for($i = 3; $i; $i--) { $empty = (readdir($dh) === FALSE); }
+	closedir($dh);
+	return $empty;
+}//end is_emtpy() //************************************************************
+
+
+
+
+function ordinalize($destination,$filename, &$msg) { //*************************
+//if file_exists(file.txt), ordinalize filename until it doesn't
+//ie: file.txt.001,  file.txt.002, file.txt.003  etc...
+	global $EX;
+
+	$ordinal   = 0;
+	$savefile = $destination.$filename;
+
+	if (file_exists($savefile)) {
+
+		$msg .= $EX.' A file with that name already exists in the target directory.<br>';
+
+		while (file_exists($savefile)) {
+			$ordinal = sprintf("%03d", ++$ordinal); //  001, 002, 003, etc...
+			$savefile = $destination.$filename.'.'.$ordinal;
+		}
+		$msg .= 'Saving as: "<b>'.htmlentities(basename($savefile)).'</b>"';
+	}
+	return $savefile;
+}//end ordinalize() filename ***************************************************
+
+
+
+
+function Current_Path_Header(){ //**********************************************
+ 	// Current path. ie: webroot/current/path/ 
+	// Each level is a link to that level.
+
+	global $ONESCRIPT, $ipath, $WEB_ROOT;
+
+	echo '<h2>';
+		//Root folder of web site.
+		echo '<a id="path_0" href="'.$ONESCRIPT.'" class="path"> '.htmlentities(trim($WEB_ROOT, '/')).'</a>/';
+		$x=0; //need here for focus() in case at webroot.
+
+		if ($ipath != "" ) { //if not at root, show the rest
+			$path_levels  = explode("/",trim($ipath,'/') );
+			$levels = count($path_levels); //If levels=3, indexes = 0, 1, 2  etc... 
+			$current_path = "";
+
+			for ($x=0; $x < $levels; $x++) {
+				$current_path .= $path_levels[$x].'/';
+				echo '<a id="path_'.($x+1).'" href="'.$ONESCRIPT.'?i='.URLencode_path($current_path).'" class="path">';
+				echo htmlentities($path_levels[$x]).'</a>/';
+			}
+		}//end if (not at root)
+	echo '</h2>';
+	echo '<script>document.getElementById("path_'.$x.'").focus();</script>';
+}//end Current_Path_Header() //*************************************************
+
+
+
+
+function message_box() { //*****************************************************
+	global $ONESCRIPT, $param1, $param2, $param3, $message, $page;
+
+	if (isset($message)) {
+?>
+		<div id="message"><p>
+		<span id="Xbox"><!-- [X] to dismiss message box -->
+			<a id="dismiss" href='<?php echo $ONESCRIPT.$param1.$param2.$param3; ?>'
+ 			onclick='document.getElementById("message").innerHTML = " ";return false;'>
+			[X]</a>
+		</span>
+		<?php echo $message.PHP_EOL ;?>
+		</p></div>
+		<script>document.getElementById("dismiss").focus();</script>
+<?php
+	}else {
+		echo '<div id="message"></div>'; // Needed on Edit page to keep js feedback from failing
+	} //end isset($message)
+	
+	// Used on Edit Page to preserve vertical spacing, so edit area doesn't jump as much.
+	if ($page == "edit") {echo '<style>#message { min-height: 1.86em; }</style>';}
+}//end message_box()  **********************************************************
+
+
+
+
+function Upload_New_Rename_Delete_Links() { //**********************************
+	global $ONESCRIPT, $ipath, $param1;
+	echo '<p class="front_links">';
+	echo '<a href="'.$ONESCRIPT.$param1.'&amp;p=upload">'   ; echo 'Upload File</a>';
+	echo '<a href="'.$ONESCRIPT.$param1.'&amp;p=newfile">'  ; echo 'New File</a>'   ;
+	echo '<a href="'.$ONESCRIPT.$param1.'&amp;p=newfolder">'; echo 'New Folder</a>' ;
+	if ($ipath !== "") { //if at root, don't show Rename & Delete links
+		echo '<a href="'.$ONESCRIPT.$param1.'&amp;p=renamefolder">'; echo 'Rename/Move Folder</a>';
+		echo '<a href="'.$ONESCRIPT.$param1.'&amp;p=deletefolder">'; echo 'Delete Folder</a>';
+	}
+	echo '</p>';
+}//end Upload_New_Rename_Delete_Links()  ***************************************
+
+
+
+
+function Cancel_Submit_Buttons($submit_label, $focus) { //**********************
+	//$submit_label = Rename, Copy, Delete, etc...
+	//$focus is ID of element to receive focus(). (element may be outside this function)
+	global $ONESCRIPT, $ipath, $param1, $param2, $filename, $page;
+
+	// [Cancel] returns to either the index, or edit page.
+	if ($filename == "") {$params = "";}else{ $params = $param2.'&amp;p=edit'; }
+?>
+	<p> 
+	<input type="button" class="button" id="cancel" name="cancel" value="Cancel"
+		onclick="parent.location = '<?php echo $ONESCRIPT.$param1.$params ?>'">
+	<input type="submit" class="button" value="<?php echo $submit_label;?>" style="margin-left: 1.3em;">
+<?php 
+	if ($focus != ""){ echo '<script>document.getElementById("'.$focus.'").focus();</script>'; }
+	//Do not close the <p> tag yet/here. Need to leave it open for edit btn on hash page.
+}// End Cancel_Submit_Buttons() //**********************************************
+
+
+
+
+function show_image(){ //*******************************************************
+	global $filename, $MAX_IMG_W, $MAX_IMG_H;
+	
+	$IMG = $filename;
+	$img_info = getimagesize($IMG);
+
+	$W=0; $H=1;
+	$SCALE = 1; $TOOWIDE = 0; $TOOHIGH = 0;
+	if ($img_info[$W] > $MAX_IMG_W) { $TOOWIDE = ( $MAX_IMG_W/$img_info[$W] );}
+	if ($img_info[$H] > $MAX_IMG_H) { $TOOHIGH = ( $MAX_IMG_H/$img_info[$H] );}
+	
+	if ($TOOHIGH || $TOOWIDE) {
+		if     (!$TOOWIDE)           {$SCALE = $TOOHIGH;}
+		elseif (!$TOOHIGH)           {$SCALE = $TOOWIDE;}
+		elseif ($TOOHIGH > $TOOWIDE) {$SCALE = $TOOWIDE;} //ex:if (.90 > .50)
+		else                         {$SCALE = $TOOHIGH;}
+	}
+
+	echo '<p Xclass="file_meta">';
+	echo 'Image shown at ~'. round($SCALE*100) .'% of full size (W x H = '.$img_info[0].' x '.$img_info[1].').</p>';
+	echo '<div style="clear:both;"></div>'.PHP_EOL;
+	echo '<a href="/' .URLencode_path($IMG). '" target="_blank">'.PHP_EOL;
+	echo '<img src="/'.URLencode_path($IMG).'"  height="'.$img_info[$H]*$SCALE.'"></a>'.PHP_EOL;
+}// end show_image() ***********************************************************
+
+
+
+
+function show_favicon(){ //*****************************************************
+	global $config_favicon, $DOC_ROOT;
+	if (file_exists($DOC_ROOT.$config_favicon)) { 
+		echo '<img src="'.URLencode_path($config_favicon).'" alt="">'; 
+	}
+}// end show_favicon() *********************************************************
+
+
+
+
+function Timeout_Timer($COUNT, $ID, $CLASS, $ACTION) { //************************
+
+	return 	'<script>'.
+			'Start_Countdown('.$COUNT.', "'.$ID.'", "'.$CLASS.'", "'.$ACTION.'");'.
+			'</script>';
+
+} //end Timeout_Timer() **************************************************
+
+
+
+
+function Init_Macros(){ //*** ($varibale="some reusable chunk of code")*********
+
+global 	$ONESCRIPT, $param1, $param2, $INPUT_NUONCE, $FORM_COMMON;
+
+
+$INPUT_NUONCE = '<input type="hidden" name="nuonce" value="'.$_SESSION['nuonce'].'">'.PHP_EOL;
+$FORM_COMMON = '<form method="post" action="'.$ONESCRIPT.$param1.$param2.'">'.$INPUT_NUONCE;
+
+}//end Init_Macros() ***********************************************************
+
+
+
+
+function Hash_Page() { //******************************************************
+	global $DOC_ROOT, $ONESCRIPT, $param1, $param2, $message, $INPUT_NUONCE, $config_title;
+	$params = '?i='.dirname($ONESCRIPT).'&amp;f='.basename($ONESCRIPT).'&amp;p=edit';
+?>
+	<style>#message {font-family: courier; min-height: 3.1em;}
+	li {margin-left: 2em}</style>
+
+	<h2>Generate a Password Hash</h2>
+	
+	<form id="hash" name="hash" method="post" action="<?php echo $ONESCRIPT.$param1.'&amp;p=hash'; ?>">
+		<?php echo $INPUT_NUONCE; ?>
+		Password to hash:
+		<input type="text" name="whattohash" id="whattohash" value="<?php echo htmlspecialchars($_POST["whattohash"]) ?>">
+		<?php Cancel_Submit_Buttons('Generate hash', 'whattohash') ?>
+ 		<a class="button edit_onefile" href="<?php echo $ONESCRIPT.$params; ?>" >Edit &nbsp;<?php echo $config_title ?></a>
+	</form>
+
+	<div class="info">
+ 	<p>There are two ways to change your OneFileCMS password:<br>
+	<p>
+	1) Simply use the $PASSWORD config variable to store your desired password, and set $USE_HASH = 0 (zero).<br>
+	2) Or, use $HASHWORD to store the hash of your password, and set $USE_HASH = 1.<br>
+
+	<p>Keep in mind that due to a number of widely varied considerations, this is largely an academic excersize. 
+	That is, take the idea that this adds much of an improvement to security with a grain of cryptographic salt.
+	However, it does eleminate the storage of your password in plain text, which is always a good thing.*
+
+	<p>Anyway, to use the $HASHWORD password option:
+	<ol><li>Type your desired password in the input field above and hit Enter.<br>
+			The hash will be displayed in a yellow message box above that.
+		<li>Copy and paste the new hash to the $HASHWORD variable in the config section.<br>
+			'Make sure the hash ends up in quotes.'<br>
+			Make sure to copy ALL of, and ONLY, the hash (no spaces etc). A double-click should select it...
+		<li>Make sure $USE_HASH is set to 1 (or true).
+		<li>When ready, logout and login.
+	</ol>
+	<p>You can use OneFileCMS to edit itself.  However, be sure to have a backup ready for the inevitable ytpo...
+	<p>
+	*For another small improvement to security, change the default salt and/or method used by OneFileCMS to hash the password (and keep 'em secret, of course).  Remever, every little bit helps...<br>
+	PS: Everything I know about security - you just read...
+	</div>
+<?php 
+} //end Hash_Page() ************************************************************
+
+
+
+
+function Hash_response() { //***************************************************
+	global $SALT, $message;
+	$_POST['whattohash'] = trim($_POST['whattohash']); // trim leading & trailing spaces.
+	$message .= 'Password: '.$_POST['whattohash'].'<br>';
+	$message .= 'Hash &nbsp; &nbsp;: '.hashit($_POST["whattohash"]);
+} //end Hash_response() ********************************************************
+
+
+
+
+function Logout() { //**********************************************************
+	global $page;
+	session_regenerate_id(true);
+	session_unset();
+	session_destroy();
+	session_write_close();
+	unset($_GET);
+	unset($_POST);
+	$_SESSION['valid'] = 0;
+	$page = 'login';
+}//end Logout() ****************************************************************
+
+
+
+
+function Login_Page() { //******************************************************
+	global $ONESCRIPT, $message;
+?>
+	<h2>Log In</h2>
+	<form method="post" action="<?php echo $ONESCRIPT; ?>">
+		<p>
+			<label for="username">Username:</label>
+			<input type="text" name="username" id="username" class="login_input" >
+		</p>
+		<p>
+			<label for="password">Password:</label>
+			<input type="password" name="password" id="password" class="login_input">
+		</p>
+			
+		<p><input type="submit" class="button" value="Enter"></p>
+	</form>
+	<script>document.getElementById('username').focus();</script>
+<?php 
+} //end Login_Page() ***********************************************************
+
+
+
+
+function Login_response() { //**************************************************
+	global $USERNAME, $PASSWORD, $USE_HASH, $HASHWORD, $MAX_ATTEMPTS, $LOGIN_DELAY, 
+		   $EX, $message, $page, $LOGIN_ATTEMPTS;
+
+	$_SESSION = array();    //make sure it's empty
+	$_SESSION['valid'] = 0; //Default to failed login.
+
+	if (!is_file($LOGIN_ATTEMPTS)) { file_put_contents($LOGIN_ATTEMPTS, 0); }
+	$attempts = (int)file_get_contents($LOGIN_ATTEMPTS); //Don't increment yet...
+	$elapsed  = time() - filemtime($LOGIN_ATTEMPTS);
+
+	if ($attempts > 0) { $message .= '<b>There have been '.$attempts.' invalid login attempts.</b><br>';}
+	if ( ($attempts >= $MAX_ATTEMPTS) && ($elapsed < $LOGIN_DELAY) ){
+		$message .= 'Please wait '.Timeout_Timer(($LOGIN_DELAY - $elapsed), 'timer0', '', '').' seconds to try again. ';
+		return;
+	}
+
+	//Validate password
+	if ($USE_HASH) { $VALID_PASSWORD = (hashit($_POST['password']) == $HASHWORD); }
+	else           { $VALID_PASSWORD = (       $_POST['password']  == $PASSWORD); }
+
+	//validate login.  Ignore attempt if username & password are blank. 
+	if ( ($_POST['password'] == "") && ($_POST['username'] == "") )  { return;
+	}elseif ( $VALID_PASSWORD && ($_POST['username'] == $USERNAME) ) {
+		session_regenerate_id(true);
+		$_SESSION['USER_AGENT'] = $_SERVER['HTTP_USER_AGENT']; //for user consistancy check.
+		$_SESSION['valid'] = 1;
+		$page = "index";
+		unlink($LOGIN_ATTEMPTS); //delete invalid attempt count file
+	}else{
+		file_put_contents($LOGIN_ATTEMPTS, ++$attempts); //increment & save attempt
+		$message  = $EX.' <b>INVALID LOGIN ATTEMPT #'.$attempts.'</b><br>';
+		if ($attempts >= $MAX_ATTEMPTS) {
+			$message .= 'Please wait '.Timeout_Timer($LOGIN_DELAY, 'timer0', '', '').' seconds to try again. ';
+		}
+	}
+}//end Login_response() //******************************************************
+
+
+
+
+function List_Files() { // ...in a vertical table ******************************
+//called from Index Page
+
+	global $ONESCRIPT, $ipath, $param1, $ftypes, $fclasses, $excluded_list;
+
+	$files = scandir('./'.$ipath);
+	natcasesort($files);
+
+	echo '<table class="index_T">';
+	foreach ($files as $file) {
+		
+		$excluded = FALSE;
+		if (in_array(basename($file), $excluded_list)) { $excluded = TRUE; };
+		
+		if (!is_dir($ipath.$file) && !$excluded) {
+
+
+
+
+?>
+			<tr>
+				<td>
+					<?php echo '<a href="'.$ONESCRIPT.$param1.'&amp;f='.rawurlencode($file).'&amp;p=edit" >'; ?>
+					<?php echo  htmlentities($file), '</a>'; ?>
+				</td>
+				<td class="meta_T meta_size">&nbsp;
+					<?php echo number_format(filesize($ipath.$file)); ?> B
+				</td>
+				<td class="meta_T meta_time"> &nbsp;
+					<script>FileTimeStamp(<?php echo filemtime($ipath.$file); ?>, 1, 0);</script>
+				</td>
+			</tr>
+<?php 
+		}//end if !is_dir...
+	}//end foreach file
+	echo '</table>';
+}//end List_Files() ************************************************************
+
+
+
+
+function Index_Page(){ //*******************************************************
+	global $ONESCRIPT, $ipath;
+
+	//<!--==== List folders/sub-directores ====-->
+	echo '<p class="index_folders">';
+		$folders = glob($ipath."*",GLOB_ONLYDIR);
+		natcasesort($folders);
+		foreach ($folders as $folder) {
+			echo '<a href="'.$ONESCRIPT.'?i='.URLencode_path($folder).'/">'.PHP_EOL;
+
+			echo htmlentities(basename($folder)).' /</a>';
+		}
+	echo '</p>';
+
+	Upload_New_Rename_Delete_Links();
+
+	List_Files();
+
+	Upload_New_Rename_Delete_Links();
+
+}//end Index_Page()*************************************************************
+
+
+
+
+function Edit_Page_Buttons($text_editable, $too_large_to_edit) { //*************
+	global $ONESCRIPT, $param1, $param2, $MAX_IDLE_TIME;
+	$Button = '<input type="button" class="button" value=';
+	$ACTION = 'onclick="parent.location = \''.$ONESCRIPT.$param1.$param2.'&amp;p=';
+?>
+	<p class="buttons_right">
+	<?php if ($text_editable && !$too_large_to_edit) { //Show save & reset only if editable file ?> 
+		<?php echo Timeout_Timer($MAX_IDLE_TIME, 'timer1','timer xtra', 'LOGOUT'); ?>
+		<input type="submit" class="button" value="Save"                  onclick="submitted = true;" id="save_file">
+		<input type="button" class="button" value="Reset - loose changes" onclick="Reset_File()"      id="reset">
+		<script>
+			//Set disabled here instead of via input attribute in case js is disabled.
+			//If js is disabled, user would be unable to save changes.
+			document.getElementById('save_file').disabled = "disabled";
+			document.getElementById('reset').disabled     = "disabled";
+		</script>
+	<?php } ?>
+	<?php echo $Button.'"Rename/Move" '.$ACTION ?>rename'">
+	<?php echo $Button.'"Copy"        '.$ACTION ?>copy'"  >
+	<?php echo $Button.'"Delete"      '.$ACTION ?>delete'">
+	<?php echo $Button.'"Close"       ' ?>onclick="parent.location = '<?php echo $ONESCRIPT.$param1 ?>'">
+	</p>
+<?php
+}//end Edit_Page_Buttons()******************************************************
+
+
+
+
+//******************************************************************************
+function Edit_Page_form($ext, $text_editable, $too_large_to_edit, $too_large_to_edit_message){ 
+	global $ONESCRIPT, $param1, $param2, $param3, $filename, $itypes, $INPUT_NUONCE, $EX, $message, $MAX_IDLE_TIME;
+?>
+	<form id="edit_form" name="edit_form" method="post" action="<?php echo $ONESCRIPT.$param1.$param2.$param3 ?>">
+		<?php echo $INPUT_NUONCE; ?>
+<?php
+		if ( !in_array( strtolower($ext), $itypes) ) { //If non-image, show textarea
+
+			if (!$text_editable) { // If non-text file, disable textarea
+				echo '<p class="edit_disabled">Non-text or unkown file type. Edit disabled.<br><br></p>';
+
+			}elseif ( $too_large_to_edit ) {
+ 				echo '<p class="edit_disabled">'.$too_large_to_edit_message.'</p>';
+
+			}else{
+				if (PHP_VERSION_ID  < 50400) {  // 5.4.0
+					$filecontent = htmlspecialchars(file_get_contents($filename));
+				}else{
+					$filecontent = htmlspecialchars(file_get_contents($filename),ENT_SUBSTITUTE);
+				}
+				$bad_chars = ($filecontent == "" && filesize($filename) > 0);
+
+				if ($bad_chars){ //did specialchars return an empty string?
+					echo '<pre class="edit_disabled">'.$EX.' File contains an invalid character. Edit and view disabled.<br>';
+					echo ' htmlspecialchars() returned and empty string from what <i>may be</i> an otherwise valid file.<br>';
+					echo ' This behavior can be inconsistant from version to version of php.<br></pre>';
+				}else{
+					echo '<input type="hidden" name="filename" id="filename" value="'.htmlspecialchars($filename).'">';
+					echo '<textarea id="file_content" name="content" cols="70" rows="25"
+						onkeyup="Check_for_changes(event);">'.$filecontent.'</textarea>'.PHP_EOL;
+				}
+			} //end if !editable /else...
+		} //end if non-image, show textarea
+
+		Edit_Page_Buttons($text_editable, $too_large_to_edit);
+
+		if ($text_editable && !$too_large_to_edit && !$bad_chars) {
+			Edit_Page_scripts();
+			$SEC = $MAX_IDLE_TIME;
+			$HRS = floor($SEC/3600);
+			$SEC = fmod($SEC,3600);
+			$MIN = floor($SEC/60);   if ($MIN < 10) { $MIN = "0".$MIN; };
+			$SEC = fmod($SEC,60);    if ($SEC < 10) { $SEC = "0".$SEC; };
+			$HRS_MIN_SEC = $HRS.':'.$MIN.':'.$SEC;
+?>
+			<div id="edit_notes">NOTES:<ol>
+			<li><b>Remember- your $MAX_IDLE_TIME is <?php echo $HRS_MIN_SEC ?>.
+			So save changes before the clock runs out, or the changes will be lost!</b><br>
+
+			<?php //The following line is just a static time stamp of when the idle time runs out. ?>
+			<?php //echo '<b class="xtra">&nbsp;<script>FileTimeStamp('.(time()+$MAX_IDLE_TIME).', 0, 0)</script>  </b>,'?>
+
+			<li>On some browsers, such as Chrome, if you click the browser [Back] then browser [Forward] (or vice versa), the file state may not be accurate.  To correct, click the browser's [Reload].
+			<li>Chrome's XSS filters may disable some javascript in a page if the page even <i>appears</i> to contain inline javascript in certain contexts.  This can affect some features of the OneFileCMS edit page when editing files that legitimately contain such code, such as OneFileCMS itself.  However, such files can still be edited and saved with OneFileCMS.  The primary function lost is the incidental change of background colors (red/green) indicating whether or not the file has unsaved changes.  The issue will be noticed after the first save of such a file.
+			</div>
+		<?php } ?>
+	</form> 
+<?php 
+}//end Edit_Page_form() ********************************************************
+
+
+
+
+function Edit_Page() { //*******************************************************
+	global $ONESCRIPT, $param1, $filename, $filecontent, $etypes, $itypes, $MAX_EDIT_SIZE, $MAX_VIEW_SIZE;
+	clearstatcache ();
+
+	//Determine if text editable file type
+	$ext = end( explode(".", strtolower($filename) ) );
+	if (in_array($ext, $etypes)) { $text_editable = TRUE;  }
+	else                         { $text_editable = FALSE; }
+	
+	$too_large_to_edit = (filesize($filename) > $MAX_EDIT_SIZE);
+	$too_large_to_view = (filesize($filename) > $MAX_VIEW_SIZE);
+	
+	if ($too_large_to_edit){$header2 = "Viewing: ";}
+	else                   {$header2 = "Editing: ";}
+
+	$too_large_to_edit_message = 
+'<b>Edit disabled. Filesize &gt; '.number_format($MAX_EDIT_SIZE).' bytes.</b><br>
+Some browsers (ie: IE) bog down or become unstable while editing a large file in an HTML &lt;textarea&gt;.<br>
+Adjust $MAX_EDIT_SIZE in the configuration section of OneFileCMS as needed.<br>
+A simple trial and error test can determine a practical limit for a given browser/computer.';
+	$too_large_to_view_message = 
+'<b>View disabled. Filesize &gt; '.number_format($MAX_VIEW_SIZE).' bytes.</b><br>
+Click the the file name above to view normally in a browser window.<br>
+Adjust $MAX_VIEW_SIZE in the configuration section of OneFileCMS as needed.<br>
+(The default value for $MAX_VIEW_SIZE is completely arbitrary, and may be adjusted as desired to suit individual perceptions of neccessity.)';
+
+	echo '<h2 id="edit_header">'.$header2;
+	echo '<a class="filename" href="/'.URLencode_path($filename).'" target="_blank">'.htmlentities(basename($filename)).'</a>';
+	echo '</h2>'.PHP_EOL;
+?>
+	<p class="file_meta">
+	<span class="meta_size">Filesize: <?php echo number_format(filesize($filename)); ?> bytes</span> &nbsp; 
+	<span class="meta_time">Updated: <script>FileTimeStamp(<?php echo filemtime($filename); ?>, 1, 1);</script></span><br>
+	</p>
+
+	<input type="button" id="close1" class="button" value="Close" onclick="parent.location = '<?php echo $ONESCRIPT.$param1 ?>'">
+	<script>document.getElementById('close1').focus();</script>
+	<div style="clear:both;"></div>
+<?php
+	Edit_Page_form($ext, $text_editable, $too_large_to_edit, $too_large_to_edit_message);
+
+	if ( in_array( $ext, $itypes) ) { show_image(); }
+
+	echo '<div style="clear:both;"></div>';
+
+	if ( $text_editable && $too_large_to_edit && !$too_large_to_view ) {
+		$filecontent = htmlspecialchars(file_get_contents($filename), ENT_COMPAT,'UTF-8');
+		echo '<pre class="edit_disabled view_file">'.$filecontent.'</pre>';
+	}elseif ( $text_editable && $too_large_to_view ){
+		echo '<p class="edit_disabled">'.$too_large_to_view_message.'</p>';
+	}
+
+}//End Edit_Page ***************************************************************
+
+
+
+
+function Edit_response(){ //***If on Edit page, and [Save] clicked *************
+	global $filename, $message, $EX;
+	$filename = $_POST["filename"];
+	$content  = $_POST["content"];
+
+	$bytes = file_put_contents($filename, $content);
+
+	if ($bytes !== false) {
+		$message .= '<b>File saved: '.$bytes.' bytes written.</b>';
+	}else{
+		$message .= $EX.' <b>There was an error saving file.</b>';
+	}
+}//end Edit_response() *********************************************************
+
+
+
+
+function Upload_Page() { //*****************************************************
+	global $ONESCRIPT, $ipath, $param1, $INPUT_NUONCE;
+
+	//Determine $MAX_FILE_SIZE to upload
+	$upload_max_filesize = ini_get('upload_max_filesize'); //This should be < post_max_size,
+	$post_max_size       = ini_get('post_max_size');       //but, just in case, check both...
+
+	function shorthand_to_int($SHORTHAND){ //*******************
+		$KMG = strtoupper(substr($SHORTHAND, -1));
+		if     ($KMG == "K") { return $SHORTHAND * 1024; }
+		elseif ($KMG == "M") { return $SHORTHAND * 1048576; }
+		elseif ($KMG == "G") { return $SHORTHAND * 1073741824; }
+		else                 { return $SHORTHAND; }
+	}//end function shorthand_to_int() *************************
+
+	$UMF = shorthand_to_int($upload_max_filesize);
+	$PMS = shorthand_to_int($post_max_size);
+
+	if ($UMF <= $PMS){ $MAX_FILE_SIZE = $UMF; $max_msg = $upload_max_filesize.' &nbsp; per upload_max_filesize in php.ini.'; }
+	else             { $MAX_FILE_SIZE = $PMS; $max_msg = $post_max_size.' &nbsp; per post_max_size in php.ini'; }
+?>
+	<h2>Upload File</h2>
+	<p>Note: Maximum upload file size is: <?php echo $max_msg; ?></p>
+	<form enctype="multipart/form-data" action="<?php echo $ONESCRIPT.$param1; ?>&amp;p=uploaded" method="post">
+		<?php echo $INPUT_NUONCE; ?>
+		<input type="hidden" name="MAX_FILE_SIZE" value="<?php echo $MAX_FILE_SIZE ?>"> 
+		<input type="hidden" name="upload_destination" value="<?php echo htmlspecialchars($ipath); ?>" >
+		<input type="file"   name="upload_file" id="upload_file" size="100">
+		<?php Cancel_Submit_Buttons("Upload","cancel"); ?>
+	</form>
+<?php 
+} //end Upload_Page() **********************************************************
+
+
+
+
+function Upload_response() { //*************************************************
+	global $filename, $message, $EX, $page;
+	$filename    = $_FILES['upload_file']['name'];
+	$destination = Check_path($_POST["upload_destination"]);
+	$page  = "index";
+	$MAXUP1 = ini_get('upload_max_filesize');
+	$MAXUP2 = number_format ($_POST['MAX_FILE_SIZE']).' bytes';
+	$ERROR = $_FILES['upload_file']['error'];
+
+	if     ( $ERROR == 1 ){ $ERRMSG = 'Error 1: File too large.  upload_max_filesize = '.$MAXUP1.' (From php.ini)';}
+	elseif ( $ERROR == 2 ){ $ERRMSG = 'Error 2: File too large.  $MAX_FILE_SIZE = '.$MAXUP2.' (From OneFileCMS)';}
+	elseif ( $ERROR == 3 ){ $ERRMSG = 'Error 3: The uploaded file was only partially uploaded.'; }
+	elseif ( $ERROR == 4 ){ $ERRMSG = 'Error 4: No file was uploaded. '; }
+	elseif ( $ERROR == 5 ){ $ERRMSG = 'Error 5. '; }
+	elseif ( $ERROR == 6 ){ $ERRMSG = 'Error 6: Missing a temporary folder.'; }
+	elseif ( $ERROR == 7 ){ $ERRMSG = 'Error 7: Failed to write file to disk.'; }
+	elseif ( $ERROR == 8 ){ $ERRMSG = 'Error 8: A PHP extension stopped the file upload.'; }
+	else                  { $ERRMSG = ''; }
+
+	if (($filename == "")){ 
+		$message .= $EX.' <b>No file selected for upload... </b>';
+	}elseif (($destination != "") && !is_dir($destination)) {
+		$message .= $EX.' Destination folder does not exist: <br><b>';
+		$message .= htmlentities($WEB_ROOT.$destination).'</b><br><b>Upload cancelled.</b>';
+	}else{
+		$message .= 'Uploading: "<b>'.htmlentities($filename).'</b>"...';
+		$savefile = ordinalize($destination, $filename, $savefile_msg);
+		if(move_uploaded_file($_FILES['upload_file']['tmp_name'], $savefile)) {
+			$message .= '<br>Upload successful! '.$savefile_msg;
+		} else{
+			$message .= '<br>'.$EX.' <b> Upload failed: </b>'.$ERRMSG.'';
+		}
+	}
+}//end Upload_response() *******************************************************
+
+
+
+
+function New_File_Page() { //***************************************************
+	global $FORM_COMMON, $INVALID_CHARS;
+?>
+	<h2>New File</h2>
+	<?php echo $FORM_COMMON ?>
+		<p>File will be created in the current folder. &nbsp;
+		Some invalid characters are: <span class="mono"><?php echo htmlentities($INVALID_CHARS) ?></span></p>
+		<input type="text" name="new_file" id="new_file" value="">
+		<?php Cancel_Submit_Buttons("Create","new_file"); ?>
+	</form>
+<?php 
+}//end New_File_Page()**********************************************************
+
+
+
+
+function New_File_response() { //***********************************************
+	global $ipath, $param2, $param3, $filename, $page, $message, $EX, $INVALID_CHARS, $INVALID_CHARS_array;
+
+	$new_name = trim($_POST["new_file"],'/ '); //Trim spaces and slashes.
+	$filename = $ipath.$new_name;
+	$page = "index"; // return to index if new file fails
+	
+	$invalid = false;
+	foreach ($INVALID_CHARS_array as $bad_char) {
+		if (strpos($new_name, $bad_char) !== false) { $invalid = true; }
+	}
+
+	if ($invalid){
+		$message .= $EX.' <b>New file not created:</b> '.htmlentities($new_name).'<br>'.
+			'<b> &nbsp; &nbsp; &nbsp; Name contains invalid character(s): '.
+			'<span class="mono">'.htmlentities($INVALID_CHARS).'</span></b>';
+	}elseif ($new_name == ""){ 
+		$message .= $EX.' <b>New file not created -</b> no name given';
+	}elseif (file_exists($filename)) {
+		$message .= $EX.' <b>File already exists: ';
+		$message .= htmlentities($new_name).'</b>';
+	}elseif ($handle = fopen($filename, 'w')) {
+		fclose($handle);
+		$message .= '<b>Created file:</b> '.htmlentities($new_name);
+		$page     = "edit";
+		$param2   = '&amp;f='.rawurlencode(basename($filename));// for Edit_Page() buttons
+		$param3   = '&amp;p=edit';                              // for Edit_Page() buttons 
+	}else{
+		$message .= $EX.' <b>Error - new file not created:<br>';
+		$message .= htmlentities($new_name);
+	}
+}//end New_File_response() *****************************************************
+
+
+
+
+function Copy_Ren_Move_Page($action, $title, $name_id, $isfile) { //************
+	//$action = 'Copy' or 'Rename'. $isfile = 1 if acting on a file, not a folder
+	global $WEB_ROOT, $ipath, $filename, $FORM_COMMON;
+	if ($isfile) { $old_name = $filename; }else{ $old_name = $ipath; }
+	if ($isfile) { $new_name = $filename; }else{ $new_name = $ipath; }
+	if ($action == "Copy" ) { $new_name = ordinalize($ipath, basename($filename), $msg); }
+?>
+	<h2><?php echo $action.' '.$title ?></h2>
+	<p>To move a file or folder, change the path/to/folder/or_file. The new location must already exist.</p>
+	<?php echo $FORM_COMMON ?>
+		<p>
+			<label>Old name:</label>
+			<span class="web_root"><?php echo htmlentities($WEB_ROOT); ?></span><input type="text" 
+				name="old_name" value="<?php echo htmlspecialchars($old_name); ?>" readonly="readonly">
+		</p>
+		<p>
+			<label>New name:</label>
+			<span class="web_root"><?php echo htmlentities($WEB_ROOT); ?></span><input type="text" 
+				name="<?php echo $name_id ?>" id="<?php echo $name_id ?>" 
+				value="<?php echo htmlspecialchars($new_name); ?>">
+		</p>
+		<?php Cancel_Submit_Buttons($action, $name_id); ?>
+	</form>
+<?php 
+} //end Copy_Ren_Move_Page() ***************************************************
+
+
+
+
+//******************************************************************************
+function Copy_Ren_Move_response($old_name, $new_name, $action, $msg1, $msg2, $isfile){
+	//$action = 'copy' or 'rename'. $isfile = 1 if acting on a file, not a folder
+	global $WEB_ROOT, $ipath, $param1, $param2, $message, $EX, $page, $filename;
+
+	$old_name = trim($old_name,'/ ');
+	$new_name = trim($new_name,'/ ');
+	$new_location = dirname($new_name);
+	$filename = $old_name; //default if error
+	if ($isfile) { $page = "edit"; }else{ $page = "index"; }
+	
+	if ( !is_dir($new_location) ){
+		$message .= $EX.' <b>'.$msg1.' Error - new parent location does not exist:</b><br>';
+		$message .= htmlentities($WEB_ROOT.$new_location).'/<br>';
+	}elseif ( !file_exists($filename) ){
+		$message .= $EX.' <b>'.$msg1.' Error - source file does not exist:</b><br>';
+		$message .= htmlentities($filename);
+	}elseif (file_exists($new_name)) {
+		$message .= $EX.' <b>'.$msg1.' Error - target filename already exists:<br>';
+		$message .= htmlentities($WEB_ROOT.$new_name).'</b>';
+	}elseif ($action($old_name, $new_name)) {
+		$message .= '<b>'.htmlentities($WEB_ROOT.$old_name).'</b><br>';
+		$message .= ' --- '.$msg2.' to ---<br>';
+		$message .= '<b>'.htmlentities($WEB_ROOT.$new_name).'</b>';
+		$filename = $new_name; //so edit page knows what to edit
+		if ($isfile) { $ipath = Check_path(dirname($filename)); } //if changed,
+		else         { $ipath = Check_path($filename); }          //return to new dir.
+		$param1   = '?i='.URLencode_path($ipath);
+		$param2   = '&amp;f='.rawurlencode(basename($filename));
+		$param3   = '&amp;p=edit';
+	}else{
+		$message .= '<b>'.htmlentities($WEB_ROOT.$old_name).'</b><br>';
+		$message .= $EX.' <b>Error during '.$msg1.' from the above to the following:</b><br>';
+		$message .= '<b>'.htmlentities($WEB_ROOT.$new_name).'</b>';
+	}
+}//end Copy_Ren_Move_response() ************************************************
+
+
+
+
+function Delete_File_Page() { //************************************************
+	global $filename, $FORM_COMMON;
+?>
+	<h2>Delete File</h2>
+	<?php echo $FORM_COMMON ?>
+		<input type="hidden" name="delete_file" value="<?php echo htmlspecialchars($filename); ?>" >
+		<span class="verify"><?php echo htmlentities(basename($filename)); ?></span>
+		<p><b>Are you sure?</b></p>
+		<?php Cancel_Submit_Buttons("DELETE", "cancel"); ?>
+	</form>
+<?php 
+} //end Delete_File_Page() *****************************************************
+
+
+
+
+function Delete_File_response(){ //*********************************************
+	global $filename, $message, $EX, $page;
+
+	$page = "index"; //Return to index
+	$filename = $_POST["delete_file"];
+
+	if (unlink($filename)) {
+		$message .= '<b>Deleted file:</b> '.htmlentities(basename($filename));
+	}else{
+		$message .= $EX.' <b>Error deleting "'.htmlentities($filename).'"</b>.';
+		$page = "edit";
+	}
+}//end Delete_File_response() **************************************************
+
+
+
+
+function New_Folder_Page() { //*************************************************
+	global $FORM_COMMON, $INVALID_CHARS;
+?>
+	<h2>New Folder</h2>
+	<?php echo $FORM_COMMON ?>
+		<p>Folder will be created in the current folder. &nbsp;
+		Some invalid characters are: <span class="mono"><?php echo htmlentities($INVALID_CHARS) ?></span></p>
+		<input type="text" name="new_folder" id="new_folder" value="">
+		<?php Cancel_Submit_Buttons("Create","new_folder"); ?>
+	</form>
+<?php 
+} //end New_Folder_Page() ******************************************************
+
+
+
+
+function New_Folder_response(){ //**********************************************
+	global $ipath, $param1, $page, $message, $EX, $INVALID_CHARS, $INVALID_CHARS_array;
+
+	$new_name = trim($_POST["new_folder"],'/ '); //Trim spaces, and make sure only has a single trailing slash.
+
+	$invalid = false;
+	foreach ($INVALID_CHARS_array as $bad_char) {
+		if (strpos($new_name, $bad_char) !== false) { $invalid = true; }
+	}
+	$page = "index"; //Return to index
+
+	$new_ipath = $ipath.$new_name.'/';
+
+	if ($invalid){
+		$message .= $EX.' <b>New folder not created:</b> '.htmlentities($new_name).'<br>'.
+			'<b> &nbsp; &nbsp; &nbsp; Name contains invalid character(s): '.
+			'<span class="mono">'.htmlentities($INVALID_CHARS).'</span></b>';
+	}elseif ($new_name == ""){ 
+		$message .= $EX.' <b>New folder not created - no name given.</b>';
+	}elseif (is_dir($new_ipath)) {
+		$message .= $EX.' <b>Folder already exists: ';
+		$message .= htmlentities($new_ipath).'</b>';
+	}elseif (mkdir($new_ipath)) {
+
+		$message .= '<b>Created folder:</b> '.htmlentities($new_name);
+		$ipath    = $new_ipath;  //return to new folder
+		$param1   = '?i='.URLencode_path($ipath);
+	}else{
+		$message .= $EX.' <b>Error - new folder not created: </b><br>';
+		$message .= htmlentities($new_name);
+	}
+}//end New_Folder_response *****************************************************
+
+
+
+
+function Delete_Folder_Page(){ //***********************************************
+	global $WEB_ROOT, $ipath, $FORM_COMMON;
+?>
+	<h2>Delete Folder</h2>
+	<?php echo $FORM_COMMON ?>
+		<input type="hidden" name="delete_folder" value="<?php echo htmlspecialchars($ipath); ?>" >
+		<span class="web_root"><?php echo htmlentities($WEB_ROOT.Check_path(dirname($ipath))); ?></span><span 
+		class="verify"><?php echo htmlentities(basename($ipath)); ?></span> /
+		<p><b>Are you sure?</b></p>
+		<?php Cancel_Submit_Buttons("DELETE", "cancel"); ?>
+	</form>
+<?php 
+} //end Delete_Folder_Page() //*************************************************
+
+
+
+
+function Delete_Folder_response() { //******************************************
+	global $ipath, $param1, $page, $message, $EX;
+	$page = "index"; //Return to index
+	$foldername = trim($_POST["delete_folder"], '/');
+
+	if ( !is_empty($ipath) ) {
+		$message .= $EX.' <b>Folder not empty. &nbsp; Folders must be empty before they can be deleted.</b>';
+		$page = "index";
+	}elseif (@rmdir($foldername)) {
+		$message .= '<b>Deleted folder:</b> '.htmlentities(basename($foldername));
+		$ipath  = Check_path($foldername); //Return to parent dir.
+		$param1 = '?i='.URLencode_path($ipath);
+	}else {
+		$message .= $EX.' <b>"'.htmlentities($foldername).'/"</b> an error occurred during delete.';
+	}
+}//end Delete_Folder_response() ************************************************
+
+
+
+
+function Page_Title(){ //***<title>Page_Title()</title>*************************
+	global $page;
+
+	if     ($page == "login")        { return "Log In";         }
+	elseif ($page == "hash")         { return "Hash";           }
+	elseif ($page == "edit")         { return "Edit/View File"; }
+	elseif ($page == "upload")       { return "Upload File";    }
+	elseif ($page == "newfile")      { return "New File";       }
+	elseif ($page == "copy" )        { return "Copy";           }
+	elseif ($page == "rename")       { return "Rename File";    }
+	elseif ($page == "delete")       { return "Delete";         }
+	elseif ($page == "newfolder")    { return "New Folder";     }
+	elseif ($page == "renamefolder") { return "Rename Folder";  }
+	elseif ($page == "deletefolder") { return "Delete Folder";  }
+	else                             { return $_SERVER['SERVER_NAME']; }
+}//end Page_Title() ************************************************************
+
+
+
+
+function Load_Selected_Page(){ //***********************************************
+	global $ONESCRIPT, $page;
+
+	if     ($page == "login")        { Login_Page();         }
+	elseif ($page == "hash")         { Hash_Page();          }
+	elseif ($page == "edit")         { Edit_Page();          }
+	elseif ($page == "upload")       { Upload_Page();        }
+	elseif ($page == "newfile")      { New_File_Page();      }
+	elseif ($page == "copy")         { Copy_Ren_Move_Page('Copy', 'File', 'copy_file', 1); }
+	elseif ($page == "rename")       { Copy_Ren_Move_Page('Rename', 'File', 'rename_file', 1); }
+	elseif ($page == "delete")       { Delete_File_Page();   }
+	elseif ($page == "newfolder")    { New_Folder_Page();    }
+	elseif ($page == "renamefolder") { Copy_Ren_Move_Page('Rename', 'Folder', 'rename_folder', 0); }
+	elseif ($page == "deletefolder") { Delete_Folder_Page(); }
+	else                             { Index_Page();         } //default
+}//end Load_Selected_Page() ****************************************************
+
+
+
+
+function Timer_scripts() { //***************************************************
+?>
+<script>
+//pad() is also used by the Time_Stamp_scripts()
+function pad(num){ if ( num < 10 ){ num = "0" + num; }; return num; }
+
+
+function FormatTime(Seconds) {
+	var Hours = Math.floor(Seconds / 3600); Seconds = Seconds % 3600;
+	var Minutes = Math.floor(Seconds / 60); Seconds = Seconds % 60;
+	if ((Hours == 0) && (Minutes == 0)) { Minutes = "" } else { Minutes = pad(Minutes) }
+	if (Hours == 0) { Hours = ""} else { Hours = pad(Hours) + ":"}
+
+	return (Hours + Minutes + ":" + pad(Seconds));
+}
+
+
+function Countdown(count, End_Time, Timer_ID, Timer_CLASS, Action){
+	var Timer        = document.getElementById(Timer_ID);
+	var Current_Time = Math.round(new Date().getTime()/1000); //js uses milliseconds
+	    count        = End_Time - Current_Time;
+	var params = count + ', "' + End_Time + '", "' + Timer_ID + '", "' + Timer_CLASS + '", "' + Action + '"';
+
+	Timer.innerHTML = FormatTime(count);
+
+	if ( count < 1 ) {
+		if ( Action == 'LOGOUT') { 
+			Timer.innerHTML = 'SESSION EXPIRED';
+			//Load login screen, but delay first to make sure really expired:
+			setTimeout('window.location = window.location.pathname',3000); //1000 = 1 second
+		}
+		return;
+	}
+	setTimeout('Countdown(' + params + ')',1000);
+}
+
+
+function Start_Countdown(count, ID, CLASS, Action){
+	document.write('<span id="' + ID + '"  class="' + CLASS + '"></span>');
+
+	var Time_Start  = Math.round(new Date().getTime()/1000);
+	var Time_End    = Time_Start + count;
+
+	Countdown(count, Time_End, ID, CLASS, Action); //(seconds to count, id of element)
+}
+</script>
+<?php }//end Timer_scripts() ***************************************************
+
+
+
+
+function Time_Stamp_scripts() { //**********************************************
+?>
+<script>//Dispaly file's timestamp in user's local time 
+
+function FileTimeStamp(php_filemtime, show_date, show_offset){
+
+	//php's filemtime returns seconds, javascript's date() uses milliseconds.
+	var FileMTime = php_filemtime * 1000; 
+
+	var TIMESTAMP  = new Date(FileMTime);
+	var YEAR  = TIMESTAMP.getFullYear();
+	var	MONTH = pad(TIMESTAMP.getMonth() + 1);
+	var DATE  = pad(TIMESTAMP.getDate());
+	var HOURS = TIMESTAMP.getHours();
+	var MINS  = pad(TIMESTAMP.getMinutes());
+	var SECS  = pad(TIMESTAMP.getSeconds());
+
+	if ( HOURS < 12) { AMPM = "am"; }
+	else             { AMPM = "pm"; }
+	if ( HOURS > 12 ) {HOURS = HOURS - 12; }
+	HOURS = pad(HOURS);
+
+	var GMT_offset = -(TIMESTAMP.getTimezoneOffset()); //Yes, I know - seems wrong, but it's works.
+
+	if (GMT_offset < 0) { NEG=-1; SIGN="-"; } else { NEG=1; SIGN="+"; } 
+
+	var offset_HOURS = Math.floor(NEG*GMT_offset/60);
+	var offset_MINS  = pad( NEG * GMT_offset % 60 );
+	var offset_FULL  = "UTC " + SIGN + offset_HOURS + ":" + offset_MINS;
+
+	FULLDATE = YEAR + "-" + MONTH + "-" + DATE;
+	FULLTIME = HOURS + ":" + MINS + ":" + SECS + " " + AMPM;
+
+	var               DATETIME = FULLTIME;
+	if (show_date)  { DATETIME = FULLDATE + " &nbsp;" + FULLTIME;}
+	if (show_offset){ DATETIME += " ("+offset_FULL+")"; }
+		
+	document.write( DATETIME );
+
+}//end FileTimeStamp(php_filemtime)
+</script>
+<?php }//end Time_Stamp_scripts() **********************************************
+
+
+
+
+function Edit_Page_scripts() { //***********************************************
+?>
+	<!--======== Provide feedback re: unsaved changes ========-->
+	<script>
+	    
+	var File_textarea    = document.getElementById('file_content');
+	var Save_File_button = document.getElementById('save_file');
+	var Reset_button     = document.getElementById('reset');
+
+	var start_value = File_textarea.value;
+	var submitted   = false
+	var changed     = false;
+
+
+
+	// The following events only apply when the element is active.
+	// [Save] is disabled unless there are changes to the open file.
+	Save_File_button.onfocus = function() {Save_File_button.style.backgroundColor = "rgb(255,250,150)";}
+	Save_File_button.onblur  = function() {Save_File_button.style.backgroundColor ="#Fee";}
+	Save_File_button.onmouseover = function() {Save_File_button.style.backgroundColor = "rgb(255,250,150)";}
+	Save_File_button.onmouseout  = function() {Save_File_button.style.backgroundColor = "#Fee";}
+
+
+
+	function Reset_file_status_indicators() {
+		changed = false;
+		File_textarea.style.backgroundColor = "#F6FFF6";  //light green
+		Save_File_button.style.backgroundColor = "";
+		Save_File_button.style.borderColor = "";
+		Save_File_button.style.borderWidth = "1px";
+		Save_File_button.disabled = "disabled";
+		Save_File_button.value = "Save";
+		Reset_button.disabled = "disabled";
+		//File_textarea.focus();
+	}
+
+
+	window.onbeforeunload = function() {
+		if ( changed && !submitted) { 
+			//FF4+ Ingores the supplied msg below & only uses a system msg for the prompt.
+			return "               Unsaved changes will be lost!";
+		}
+	}
+
+
+	window.onunload = function() {
+		//without this, a browser back then forward would reload file with local/
+		// unsaved changes, but with a green b/g as tho that's the file's contents.
+		if (!submitted) {
+			File_textarea.value = start_value;
+			Reset_file_status_indicators();
+		}
+	}
+
+
+	//With selStart & selEnd == 0, moves cursor to start of text field.
+	function setSelRange(inputEl, selStart, selEnd) { 
+		if (inputEl.setSelectionRange) { 
+			inputEl.focus(); 
+			inputEl.setSelectionRange(selStart, selEnd); 
+		} else if (inputEl.createTextRange) { 
+			var range = inputEl.createTextRange(); 
+			range.collapse(true); 
+			range.moveEnd('character', selEnd); 
+			range.moveStart('character', selStart); 
+			range.select(); 
+		} 
+	}
+
+
+	function Check_for_changes(event){
+		var keycode=event.keyCode? event.keyCode : event.charCode;
+		changed = (File_textarea.value != start_value);
+		if (changed){
+			document.getElementById('message').innerHTML = " "; // Must have a space, or it won't clear the msg.
+			File_textarea.style.backgroundColor = "#Fee";  //light red
+			Save_File_button.style.backgroundColor ="#Fee";
+			Save_File_button.style.borderColor = "#F44";   //less light red
+			Save_File_button.style.borderWidth = "1px";
+			Save_File_button.disabled = "";
+			Reset_button.disabled = "";
+			Save_File_button.value = "SAVE CHANGES!";
+		}else{
+			Reset_file_status_indicators()
+		}
+	}
+
+
+	//Reset textarea value to when page was loaded.
+	//Used by [Reset] button, and when page unloads (browser back, etc). 
+	//Needed becuase if the page is reloaded (ctl-r, or browser back/forward, etc.), 
+	//the text stays changed, but "changed" gets set to false, which looses warning.
+	function Reset_File() {
+		if (changed) {
+			if ( !(confirm("Reset file and loose unsaved changes?")) ) { return; }
+		}
+		File_textarea.value = start_value;
+		Reset_file_status_indicators();
+		setSelRange(File_textarea, 0, 0) //MOve cursor to start of textarea.
+	}
+	
+	Reset_file_status_indicators()
+	</script>
+<?php }//End Edit_Page_scripts() ***********************************************
+
+
+
+
+function style_sheet(){ //****************************************************?>
+<style>
+/* --- reset --- */
+* { border : 0; outline: 0; margin : 0; padding: 0;
+    font-family: inherit; font-weight: inherit; font-style : inherit;
+    font-size  : 100%; vertical-align: baseline; }
+
+
+/* --- general formatting --- */
+
+body { font-size: 1em; background: #DDD; font-family: sans-serif; }
+
+p, table { margin-bottom: .8em; margin-top: .8em;}
+
+div { position: relative; }
+
+h1,h2,h3,h4,h5,h6 { font-weight: bold; }
+h2, h3 { font-size: 1.2em; margin: .5em 1em .5em 0; } /*TRBL*/
+
+i, em     { font-style : italic; }
+b, strong { font-weight: bold;   }
+
+:focus { outline:0; }
+
+table { border-collapse:separate; border-spacing:0; }
+th,td { text-align:left; font-weight:400; }
+
+a       { border: 1px solid transparent; color: rgb(100,45,0); text-decoration: none; }
+a:hover { border: 1px solid #807568; background-color: rgb(255,250,150); }
+a:focus { border: 1px solid #807568; background-color: rgb(255,250,150); }
+
+form p { margin-bottom: .3em; }
+
+label { display: inline-block; width : 6em; font-size : 1em; font-weight: bold; }
+
+svg { margin: 0; padding: 0; }
+
+pre { /*Used around test output when trouble shooting*/
+	background: white;
+	border: 1px solid #807568;
+	padding: .5em;
+	margin: 0;
+	}
+
+
+/* --- layout --- */
+
+.container {
+	border : 0px solid #807568;
+	width  : 810px;
+	margin : 0em auto;
+	}
+
+
+.header {
+	border-bottom : 1px solid #807568;
+	padding: 04px 0px 01px 0px;
+	margin : 0 0 .5em 0;
+	}
+
+
+#logo {
+	font-family: 'Trebuchet MS', sans-serif;
+	font-size:2.2em;
+	font-weight: bold;
+	color: black;
+	padding: .1em;
+	}
+
+.filename {
+	border: 1px solid #807568;
+	padding: .1em .2em .1em .2em;
+	font-weight: 700;
+	font-family: courier;
+	background-color: #EEE;
+	}
+
+#message { margin-bottom: .5em;}
+
+#message p {
+	margin: 0;
+	padding: 4px 0px 4px .5em;
+	border: 1px solid #807568;
+	Xfont-family: courier;
+	font-size: 1em;
+	line-height: 1.2em;
+	background: #fff000;
+	}
+
+#message #Xbox { float: right; }
+
+#message #dismiss { padding: 5px 4px 5px 4px; border-right: none; } /*TRBL*/ /*font-family: Courier; font-size: 1.2em;*/
+
+
+/* --- INDEX directory listing, table format --- */
+table.index_T {
+	min-width: 30em;
+	font-size: .95em;
+	border-style: outset;
+	border-width: 1px;
+	border-color: #807568;
+	border-collapse: collapse;
+	margin-bottom: .7em;
+	background-color: #FdFdFd;
+	}
+	
+table.index_T  tr:hover { border: 1px solid #807568; }
+
+table.index_T td { 
+	border-width  : 1px;
+	border-color  : silver;
+	border-style  : inset;
+	vertical-align: middle;
+	}
+
+.index_T a { 
+	height : 1em;
+	display: block;
+	padding: .2em 1em .3em .3em;
+	color  : rgb(100,45,0);
+	border : none;
+	overflow   : hidden;
+	}
+
+.index_T a:hover { background-color: rgb(255,250,150); }
+.index_T a:focus { background-color: rgb(255,250,150); }
+
+
+
+/* File size & date */
+
+.meta_size { min-width:  6em; }
+
+.meta_time { min-width: 15em; }
+
+.meta_T {
+	padding-right : .5em;
+	text-align    : right;
+	font-family   : courier;
+    font-size     : .9em;
+	color         : #333;
+	}
+
+
+.index_folders { min-height: 1.7em;  margin-bottom: .2em; }
+
+.index_folders a {
+	Xborder       : 1px solid #807568;
+	display      : inline-block;
+	line-height  : 1em;
+	font-size    : 1em;
+	margin-right : .6em;
+	margin-bottom: .1em;
+	padding      : 3px .4em 3px 5px; /*TRBL*/
+	}
+
+.index_folders a:hover { background-color: rgb(255,250,150); }
+.index_folders a:focus { background-color: rgb(255,250,150); }
+
+
+
+/*  [Upload File] [New File] [New Folder] etc... */
+
+.front_links a {
+	display: inline-block;
+	border : 1px solid #807568;
+	height      : 1em;
+	font-size   : 1em;
+	margin-right: 1em;
+	padding     : 3px 5px 5px 4px; /*TRBL*/
+	background-color: #EEE;
+	}
+
+
+
+
+.front_links a:hover  { background-color: rgb(255,250,150); }
+.front_links a:focus  { background-color: rgb(255,250,150); }
+
+
+input[type="text"] {
+	border: 1px solid #807568;
+	padding: 2px;
+	width: 50em;
+	font: 1em "Courier New", Courier, monospace;
+	}
+
+textarea {
+	border: 1px solid #999;
+	font  : .95em "Courier New", Courier, monospace;
+	margin: 0 0 0 0; /*T R B L*/
+	width : 99.5%;
+	height: 30em;
+	}
+
+textarea:focus { border: 1px solid #Fdd; }
+
+.edit_disabled { 
+	border : 1px solid #807568;
+	width  : 99%;
+	padding: .2em;
+	margin : 0;
+	background-color: #FFF000; color: #333;
+	line-height: 1.4em;
+	}
+
+.view_file {font-family: courier; font-size: .9em; background-color: #F8F8F8;}
+
+
+input:focus { background-color: rgb(255,250,150); }
+
+input:hover { background-color: rgb(255,250,150); }
+
+input[readonly]       { color: #333; background-color: #EEE; }
+input[disabled]       { color: #555; background-color: #EEE; }
+input[disabled]:hover { background-color: rgb(236,233,216);  } 
+input[disabled]:hover { background-color: rgb(236,233,216);  } 
+
+
+.buttons_right         { float: right; }
+.buttons_right .button { margin-left: .5em; }
+
+.button {
+	border : 1px solid #807568;
+	padding: 4px 10px;
+	cursor : pointer;
+	color      : black;
+	font-size  : .9em;
+	font-family: sans-serif;
+	background-color: #EEE;  /*#d4d4d4*/
+	}
+
+.button[disabled]  { color: #777; background-color: #EEE; }
+
+
+/* --- header --- */
+
+.nav {
+	float     : right;
+	display   : inline-block;
+	margin-top: 1.6em;
+	font-size : 1em;
+	}
+
+.nav a {
+	border: 1px solid transparent;
+	font-weight : bold;
+	padding     : .0em;
+	padding-top   : .2em;
+	padding-left  : .6em;
+	padding-right : .6em;
+	padding-bottom: .1em;
+	}
+
+.nav a:hover { border: 1px solid #807568; }
+.nav a:focus { border: 1px solid #807568; }
+
+
+/* --- edit --- */
+
+#edit_header  {margin: 0;}
+
+#edit_form    {margin: 0;}
+
+#file_content {height: 30em;}
+
+.file_meta	  {float: left;  margin-top: .5em; font-size: 1em; color: #333; font-family: courier;}
+
+#close1       {float: right; margin-bottom: .5em;}
+
+#edit_notes   {font-size: .8em; color: #333 ;margin-top: 1em; clear:both;}
+
+
+
+/* --- log in --- */
+
+.login_page {
+	margin  : 5em auto;
+	border  : 1px solid #807568;
+	padding : .5em 1em .6em 1em;
+	width   : 370px;
+	}
+
+.login_page .nav { margin-top: .5em; }
+
+.login_input {
+	border  : 1px solid #807568;
+	padding : 2px 0px 2px 2px;
+	width   : 366px;
+	font    : 1em "Courier New";
+	}
+
+.login_page input[type="text"]{ width   : 364px; }
+
+
+
+#upload_file {
+	border: 1px solid #807568;
+	padding: 2px;
+	width: 50em;
+	Xfont: 1em "Courier New", Courier, monospace;
+	}
+
+
+hr { /*-- -- -- -- -- -- --*/
+	line-height  : 0;
+	Xfont-size    : 1px;
+	display : block;
+	position: relative;
+	padding : 0;
+	margin  : .8em auto;
+	width   : 100%;
+	clear   : both;
+	border  : none;
+	border-top   : 1px solid #807568;
+	Xborder-bottom: 1px solid #eee;
+	overflow: visible;
+	}
+
+.verify {
+	border: 1px solid #F44;
+	color: #333;
+	background-color: #FFE7E7;
+	padding: .1em .2em;
+	font: 1.2em Courier;
+	}
+
+#admin {padding: .3em;}
+
+.web_root { font:1em Courier; }
+
+
+
+.mono {font-family: courier;}
+
+.info {margin-top: .7em; background: #f9f9f9; padding: .2em .5em;}
+
+.path {padding: 1px 5px 1px 5px} /*TRBL*/
+
+.edit_onefile {padding: 5px; float: right;}
+
+.xtra {color: red; background: #EEE;}
+
+.timer {border: 1px solid gray; padding: 3px .5em 4px .5em;}
+
+.timeout {float:right; font-size: .95em; color: #333}
+</style>
+<?php }//end style_sheet() *****************************************************
+
+
+
+
+//******************************************************************************
+//******************************************************************************
+//Begin logic to determine page action
+
+
+if( PHP_VERSION_ID < 50000 ) { exit("OneFileCMS requires PHP5 to operate. Tested on versions 5.2.17, 5.3.3 & 5.4"); }
+
+Session_Startup(); 
+
+if ($_SESSION['valid']) {
+
+	Get_GET();  
+
+	Init_Macros();
+
+	if ($VALID_POST) { //*******************************************************
+		if     (isset($_FILES['upload_file']['name'])) { Upload_response(); }
+		elseif (isset($_POST["whattohash"]   )) { Hash_response();          }
+		elseif (isset($_POST["filename"]     )) { Edit_response();          }
+		elseif (isset($_POST["new_file"]     )) { New_File_response();      }
+		elseif (isset($_POST["copy_file"]    )) { Copy_Ren_Move_response($_POST[ "old_name"], $_POST["copy_file"], 'copy', 'Copy', 'Copied', 1); } 
+		elseif (isset($_POST["rename_file"]  )) { Copy_Ren_Move_response($_POST[ "old_name"], $_POST["rename_file"], 'rename', 'Rename/Move', 'Renamed/Moved', 1); } 
+		elseif (isset($_POST["delete_file"]  )) { Delete_File_response();   }
+		elseif (isset($_POST["new_folder"]   )) { New_Folder_response();    }
+		elseif (isset($_POST["rename_folder"])) { Copy_Ren_Move_response($_POST[ "old_name"], $_POST["rename_folder"], 'rename', 'Rename/Move', 'Renamed/Moved', 0); } 
+		elseif (isset($_POST["delete_folder"])) { Delete_Folder_response(); }
+	}//end if ($VALID_POST) ****************************************************
+
+
+	//*** Verify valid $page and/or $filename **********************************
+
+		//Don't load login screen if already in a valid session.
+	if     ( $_SESSION['valid'] && ($page == "login") )  { $page = "index"; }
+
+		//Don't load edit page if $filename doesn't exist.
+	elseif ( ($page == "edit")  && !is_file($filename) ) { $page = "index"; }
+
+	elseif ($page == "logout") {
+		Logout();
+		$message .= 'You have successfully logged out.'; }
+
+		//Don't load delete page if folder not empty.
+	elseif ( ($page == "deletefolder") && !is_empty($ipath) ) {
+		$message .= $EX.' <b>Folder not empty. &nbsp; Folders must be empty before they can be deleted.</b>';
+		$page = "index";}
+
+		//if size of $_POST > post_max_size, PHP only returns empty $_POST & $_FILE arrays.
+	elseif ($page == "uploaded" && !$VALID_POST){
+		$message .= $EX.'<b> Upload Error.  Total POST data (mostly filesize) exceeded post_max_size = '.ini_get('post_max_size').' (from php.ini).</b>';
+		$page = "index";}
+
+	elseif ( ($page == "edit") && ($filename == trim(rawurldecode($ONESCRIPT), '/')) ) { 
+		if ( $message == "" ) { $BR = ""; } else { $BR = '<br>';}
+		$message .= '<style>#message p {background: red; color: white;}</style>';
+		$message .= $BR.$EX.' <b>CAUTION '.$EX.' You are editing the active copy of OneFileCMS - BACK IT UP &amp; BE CAREFUL !!</b>';
+	}
+	//**************************************************************************
+}//end if $_SESSION[valid] *****************************************************
+
+
+
+
+//******************************************************************************
+//******************************************************************************
+?><!DOCTYPE html>
+
+<html>
+<head>
+
+<title><?php echo $config_title.' - '.Page_Title() ?></title>
+
+<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
+<meta name="robots" content="noindex">
+
+<?php style_sheet(); ?>
+
+<?php Timer_scripts() ?>
+
+<?php if ( ($page == "index") || ($page == "edit") ) { Time_Stamp_scripts(); } ?>
+
+</head>
+<body>
+
+<?php if ($page == "login"){ echo '<div class="login_page">'; }
+      else                 { echo '<div class="container" >'; }
+?>
+
+<div class="header">
+	<a href="<?php echo $ONESCRIPT.'" id="logo">'.$config_title; ?></a>
+	<?php echo $version.' (on&nbsp;php&nbsp'.phpversion().')'; ?>
+
+	<div class="nav">
+		<a href="/" target="_blank"><?php show_favicon() ?>&nbsp;
+		<b><?php echo htmlentities($WEBSITE) ?></b></a>
+		<?php if ($page != "login") { ?>
+		| <a href="<?php echo $ONESCRIPT ?>?p=logout">Log Out</a>
+		<?php } ?>
+	</div><div style="clear:both;"></div>
+</div><!-- end header -->
+
+<?php if ( $page != "login"  &&  $page != "hash" ) { Current_Path_Header(); } ?>
+
+<?php message_box() ?>
+
+<?php Load_Selected_Page() ?>
+
+<?php if ($page != "login") { echo '<hr>'; } ?>
+
+<?php
+//Admin link
+if ( ($page != "login") && ($page != "hash") ){
+echo '<p><a id="admin" href="'.$ONESCRIPT.$param1.$param2.'&amp;p=hash">Admin</a>'; }
+
+//Countdown timer...
+if ( $page != "login" ) {
+	echo Timeout_Timer($MAX_IDLE_TIME, 'timer0', 'timer timeout', 'LOGOUT');
+	echo '<span class="timeout">Session time out in:&nbsp;</span>';
+}
+?>
+
+</div><!-- end container/login_page -->
+</body>
+</html>

From 5648bcd9f9d2c0601684b4816a7fe19e311551ae Mon Sep 17 00:00:00 2001
From: David <selfevidenttruths@mail.com>
Date: Thu, 28 Jun 2012 18:09:12 -0400
Subject: [PATCH 092/228] Version 3.2.1 Minor readme update.

---
 readme.markdown | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/readme.markdown b/readme.markdown
index 4b8e2a7..84bfad1 100755
--- a/readme.markdown
+++ b/readme.markdown
@@ -1,5 +1,7 @@
+# Current stable version: 3.2.1
+
 ### June 28, 2012
-  
+
 Most of the recent changes have been to increase login and session security. However, I'm slowly learning that there's only so much that can be done, particulary when the base connection is un-encrypted.   Online security, it seems, is a nebulous subject of a rather dubious nature.  Never-the-less, I have tried to do those things that can be done.  
 
 So, for those that care, here is a synopsis of the measures that have been employed:
@@ -18,8 +20,6 @@ Now, keep in mind that while, individually, any one of these measures may not pr
   
 Lastly, always remember that some of the most important security measures concern user behavior - such as avoiding the use of un-encrypted wifi connections...
   
-# Current stable version: 3.2.1
-
 - 3+ : "Full" version - uses svg icons
 - 2+ : "Lite" version - uses no icons.
 

From 530c6c6ada4c3c270f9a162557a2b702a8967c3c Mon Sep 17 00:00:00 2001
From: David <selfevidenttruths@mail.com>
Date: Sun, 1 Jul 2012 17:02:40 -0400
Subject: [PATCH 093/228] Version 3.2.2 Thanks to github.com/codeless for
 adding a configurable "whitelist" of files to show. Added .log to editable
 file types. Converted CRLF's to just LF's - cut 2040 bytes! :) Some minor
 code restructure in List_Files() (mostly to satisfy the OCD in me...) Tweaked
 Timer color when < 2:00. In Verify_IDLE_POST_etc(), removed a ['valid']
 check, as it's redundant there. Hash_Page():added if
 (!isset($_POST['whattohash']))... Hash_response(): Removed $SALT reference as
 it wasn't used. Hash_response(): Added htmlspecialchars!

---
 onefilecms.php  | 4097 ++++++++++++++++++++++++-----------------------
 readme.markdown |   19 +-
 2 files changed, 2070 insertions(+), 2046 deletions(-)

diff --git a/onefilecms.php b/onefilecms.php
index cc225b9..63bb75b 100755
--- a/onefilecms.php
+++ b/onefilecms.php
@@ -1,2041 +1,2058 @@
-<?php 
-// OneFileCMS - github.com/Self-Evident/OneFileCMS
-
-$version = '3.2.1';
-
-/*******************************************************************************
-Copyright © 2009-2012 https://github.com/rocktronica
-Copyright © 2012-     https://github.com/Self-Evident  David W. Gay
-
-This software is copyright under terms of the "MIT" license:
-
-Permission is hereby granted, free of charge, to any person obtaining a copy of
-this software and associated documentation files (the "Software"), to deal in
-the Software without restriction, including without limitation the rights to
-use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies
-of the Software, and to permit persons to whom the Software is furnished to do
-so, subject to the following conditions:
-
-The above copyright notice and this permission notice shall be included in all
-copies or substantial portions of the Software.
-
-THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
-IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
-FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
-AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
-LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
-OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
-SOFTWARE.
-*******************************************************************************/
-
-
-
-
-//Some basic security & error log settings
-ini_set('session.use_trans_sid', 0);    //make sure ULR supplied SESSID's are not used
-ini_set('session.use_only_cookies', 1); //Only defaults to 1 (enabled) from 5.3 on
-error_reporting(0); // or (E_ALL &~ E_STRICT) if display and/or log are on.
-ini_set('display_errors', 'off');
-ini_set('log_errors'    , 'off'); //Ok to turn on for trouble-shooting.
-ini_set('error_log'     , $_SERVER['SCRIPT_FILENAME'].'.log');
-//Determine good folder for session file? Default is tmp/, which is not secure.
-//session_save_path($safepath)  or  ini_set('session.save_path', $safepath) 
-
-
-
-
-// CONFIGURABLE INFO ***********************************************************
+<?php 
+// OneFileCMS - github.com/Self-Evident/OneFileCMS
+
+$version = '3.2.2';
+
+/*******************************************************************************
+Copyright © 2009-2012 https://github.com/rocktronica
+Copyright © 2012-     https://github.com/Self-Evident  David W. Gay
+
+This software is copyright under terms of the "MIT" license:
+
+Permission is hereby granted, free of charge, to any person obtaining a copy of
+this software and associated documentation files (the "Software"), to deal in
+the Software without restriction, including without limitation the rights to
+use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies
+of the Software, and to permit persons to whom the Software is furnished to do
+so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.
+*******************************************************************************/
+
+
+
+
+//Some basic security & error log settings
+ini_set('session.use_trans_sid', 0);    //make sure URL supplied SESSID's are not used
+ini_set('session.use_only_cookies', 1); //Only defaults to 1 (enabled) from 5.3 on
+error_reporting(E_ALL &~ E_STRICT); //0, or (E_ALL &~ E_STRICT) if display and/or log are on.
+ini_set('display_errors', 'off');
+ini_set('log_errors'    , 'off'); //Ok to turn on for trouble-shooting.
+ini_set('error_log'     , $_SERVER['SCRIPT_FILENAME'].'.log');
+//Determine good folder for session file? Default is tmp/, which is not secure.
+//session_save_path($safepath)  or  ini_set('session.save_path', $safepath) 
+
+
+
+
+// CONFIGURABLE INFO ***********************************************************
 $config_title     = "OneFileCMS";
-
-$USERNAME = 'username';
-
-$PASSWORD = 'password'; //If using $HASHWORD, you may leave this value empty.
-$USE_HASH = 0 ; // If = 0, use $PASSWORD. If = 1, use $HASHWORD. 
-$HASHWORD = 'c3e70af96ab1bfc5669280e98b438e1a8c08ca5e0bb3354c05ceaa6f339fd3f6'; //hash for "password"
-$SALT     = 'somerandomsalt';
-
-$MAX_ATTEMPTS  = 3;   //Max failed login attempts before LOGIN_DELAY starts.
-$LOGIN_DELAY   = 10;  //In seconds.
-$MAX_IDLE_TIME = 600; //In seconds. 600 = 10 minutes.  Other PHP settings may limit its max effective value.
-					  //  For instance, 24 minutes is the PHP default for garbage collection.
-$MAX_IMG_W   = 810;  // Max width to display images. (page container = 810)
-$MAX_IMG_H   = 1000; // Max height.  I don't know, it just looks reasonable.
-
-$MAX_EDIT_SIZE = 150000;  // Edit gets flaky with large files in some browsers.  Trial and error your's.
-$MAX_VIEW_SIZE = 1000000; // If file > $MAX_EDIT_SIZE, don't even view in OneFileCMS.
-                          // The default max view size is completely arbitrary. It was 2am and seemed like a good idea at the time.
-$config_favicon   = "/favicon.ico";
-$config_excluded  = ""; //files to exclude from directory listings- CaSe sEnsaTive!
-
-$config_etypes = "html,htm,xhtml,php,css,js,txt,text,cfg,conf,ini,csv,svg"; //Editable file types.
-$config_itypes = "jpg,gif,png,bmp,ico"; //image types to display on edit page.
-$config_ftypes = "bin,jpg,gif,png,bmp,ico,svg,txt,cvs,css,php,ini,cfg,conf,asp,js ,htm,html"; // _ftype & _fclass must have same
-$config_fclass = "bin,img,img,img,img,img,svg,txt,txt,css,php,txt,cfg,cfg ,txt,txt,htm,htm";  // number of values. bin is default.
-
-$EX = '<b>( ! )</b>'; //EXclaimation point "icon" Used in $message's
-
-$SESSION_NAME = 'OFCMS'; //Also the cookie name. Change if using multiple copies of OneFileCMS.
-// End CONFIGURABLE INFO *******************************************************
-
-
-
-
-//******************************************************************************
-//Some global system values
-
-ini_set('session.gc_maxlifetime', $MAX_IDLE_TIME + 100); //in case the default is less.
-
-//PHP_VERSION_ID is better to use when checking current version as it's an actual number, not a string.
-if (!defined('PHP_VERSION_ID')) {            //PHP_VERSION_ID only available since 5.2.7
-    $phpversion = explode('.', PHP_VERSION); //PHP_VERSION, however, available even in older versions. (but it's a string)
-    define('PHP_VERSION_ID', ($phpversion[0] * 10000 + $phpversion[1] * 100 + $phpversion[2]));
-}
-
-$ONESCRIPT = URLencode_path($_SERVER["SCRIPT_NAME"]);
-$DOC_ROOT  = $_SERVER["DOCUMENT_ROOT"].'/';
-$WEB_ROOT  = URLencode_path(basename($DOC_ROOT)).'/';
-$WEBSITE   = $_SERVER["HTTP_HOST"].'/';
-$LOGIN_ATTEMPTS = $DOC_ROOT.trim($_SERVER["SCRIPT_NAME"],'/').'.invalid_login_attempts';
-
-$valid_pages = array("hash", "login","logout","index","edit","upload","uploaded","newfile","copy","rename","delete","newfolder","renamefolder","deletefolder" );
-
-$INVALID_CHARS = '< > ? * : " | / \\'; //Illegal characters for file/folder names.
-$INVALID_CHARS_array = explode(' ', $INVALID_CHARS); // (Space deliminated)
-
-//Make arrays out of a few $config_variables for actual use later.
-//Also, remove spaces and make lowercase.
-$etypes   = explode(',', strtolower(str_replace(' ', '', $config_etypes))); //editable file types
-$itypes   = explode(',', strtolower(str_replace(' ', '', $config_itypes))); //images types to display
-$ftypes   = explode(',', strtolower(str_replace(' ', '', $config_ftypes))); //file types with icons
-$fclasses = explode(',', strtolower(str_replace(' ', '', $config_fclass))); //for file types with icons
-$excluded_list = (explode(",", $config_excluded));
-//******************************************************************************
-
-
-
-
-function Session_Startup() {//**************************************************
-	global $USERNAME, $PASSWORD, $USE_HASH, $HASHWORD, $EX, $message , $page, $VALID_POST, $MAX_IDLE_TIME, $SESSION_NAME;
- 
-	$limit    = 0; //0 = session.  
-	$path     = dirname($_SERVER['SCRIPT_NAME']);
-	$domain   = ''; // '' = hostname
-	$https    = false; 
-	$httponly = true;//true = unaccessable via javascript. Some XSS protection.
-	session_set_cookie_params($limit, $path, $domain, $https, $httponly);
-
-	session_name($SESSION_NAME);
-	session_start();
-
-	//Set initial defaults...
-	$page = 'login'; 
-	$VALID_POST = 0;
-	if ( !isset($_SESSION['valid']) ) { $_SESSION['valid'] = 0; }
-
-	//Logging in?
-	if ( isset($_POST["username"]) || isset($_POST["password"]) ) { Login_response(); }
-
-	session_regenerate_id(true); //Helps prevent session fixation & hijacking.
-
-	if ( $_SESSION['valid'] ) { Verify_IDLE_POST_etc(); }
-	
-	$_SESSION['nuonce'] = sha1(mt_rand().microtime()); //provided in <forms> to verify POST
-
-	chdir($_SERVER["DOCUMENT_ROOT"]); //Allow OneFileCMS.php to be started from any dir on the site.
-}//End Session_Startup() *******************************************************
-
-
-
-
-function Verify_IDLE_POST_etc() { //********************************************
-	global $EX, $message, $VALID_POST, $MAX_IDLE_TIME;
-
-	//Verify consistant user agent... (every little bit helps a little bit) 
-	if ( ($_SESSION['USER_AGENT'] != $_SERVER['HTTP_USER_AGENT']) ) { Logout(); }
-
-	//Check idle time
- 	if ( isset($_SESSION['last_active_time']) ) {
-		$idle_time = ( time() - $_SESSION['last_active_time'] );
-		if ( $_SESSION['valid'] && ($idle_time > $MAX_IDLE_TIME) ) {
-			Logout();
-			$message .= 'Session expired. <br>';
-		}
-	}
-
-	$_SESSION['last_active_time'] = time();
-
-	//If POSTing, verify...
-	if ( isset($_POST['nuonce']) ) { 
-		if ( $_POST['nuonce'] == $_SESSION['nuonce'] ) {
-			$VALID_POST = 1;
-		}else{
-			Logout();
-			$message .= $EX.' <b>INVALID POST</b><br>';
-		}
-	}
-}//end Verify_IDLE_POST_etc() //************************************************
-
-
-
-
-function hashit($key){ //*******************************************************
-	//This is the super-secret stuff - Keep it secret, keep it safe!
-	//If you change anything here, or the $SALT, redo the hash for your password.
-	global $SALT;
-	$hash = hash('sha256', trim($key).$SALT); // trim off leading & trailing spaces.
-	for ( $x=0; $x < 1000; $x++ ) { $hash = hash('sha256', $hash.$SALT); }
-	return $hash;
-}//end hashit() ****************************************************************
-
-
-
-
-function undo_magic_quotes(){ //************************************************
-
-	function strip_array($var) {
-		if (is_array($var)) {return array_map("strip_array", $var); }
-		else                {return stripslashes($var); }
-	} //Note: stripslashes also handles cases when magic_quotes_sybase is on.
-
-	if (get_magic_quotes_gpc()) {
-		if (isset($_GET))    { $_GET     = strip_array($_GET);    }
-		if (isset($_POST))   { $_POST    = strip_array($_POST);   }
-		if (isset($_COOKIE)) { $_COOKIE  = strip_array($_COOKIE); }
-	}
-}//end undo_magic_quotes() *****************************************************
-
-
-
-
-function Get_GET() { //*** Get main parameters *********************************
-	// i=some/path/,  f=somefile.xyz,  p=somepage
-	global $ipath, $filename, $page, $valid_pages, $param1, $param2, $param3, $message, $EX;
-
-	undo_magic_quotes();
-
-	if (isset($_GET["i"])) { $ipath = Check_path($_GET["i"]); }else{ $ipath = ""; }
-
-	if (isset($_GET["f"])) {
-		$filename = $ipath.$_GET["f"];
-		if ( !is_file($filename) && $_SESSION['valid'] )//Set $message except for login page.
-			{ $message .= $EX.' <b>File does not exist:</b> '.htmlentities($filename).'<br>'; }
-		if ( !is_file($filename) ) { $filename = ""; $page = "index"; }
-	}else{ $filename = ""; }
-
-	if (isset($_GET["p"])) { $page = $_GET["p"]; } 
-	if (!in_array(strtolower($page), $valid_pages)) { $page = "index"; }
-
-	$param1 = '?i='.URLencode_path($ipath);
-	if ($filename == "") { $param2 = ""; }else{ $param2 = '&amp;f='.rawurlencode(basename($filename)); }
-	if ($page == ""    ) { $param3 = ""; }else{ $param3 = '&amp;p='.$page; }
-}//end Get_GET()****************************************************************
-
-
-
-
-function URLencode_path($path){ // don't encode the forward slashes ************
-	$TS = '';  // Trailing Slash/
-	if (substr($path, -1) == '/' ) { $TS = '/'; } //start with a $TS?
-	$path_array = explode('/',$path);
-	$path = "";
-	foreach ($path_array as $level) { $path .= rawurlencode($level).'/'; }
-	$path = rtrim($path,'/').$TS;  //end with $TS only if started with one
-	return $path;
-}//end URLencode_path($path) ***************************************************
-
-
-
-
-function Check_path($path) { // returns first valid path in some/supplied/path/
-	global $message, $EX;
-	$invalidpath = $path; //used for message if supplied $path doesn't exist.
-	$path = str_replace('\\','/',$path);   //Make sure all forward slashes.
-	$path = trim($path,"/ ."); // trim slashes, dots, and spaces
-
-	//Remove any '.' and '..' parts of the path.  Causes issues in <h2>www / current / path /</h2>
-	$pathparts = explode( '/', $path);
-	$len       = count($pathparts);
-	$path      = "";  //Cleaned path.
-	foreach ($pathparts as $value) { //(More reliable than str_replace(entire_string).)
-		if ( !(($value == '.') && (!value == '..')) ) { $path .= $value.'/'; }
-	}
-
-	$path = trim($path,"/"); // Remove -for now- final trailing slash.
-
-	if (strlen($path) < 1) { return ""; } //If at site root
-	else {
-		if (!is_dir($path) && (strlen($message) < 1))
-			{ $message .= $EX.' <b>Directory does not exist: '.htmlentities($invalidpath).'</b><br>'; }
-
-		while ( (strlen($path) > 0) && (!is_dir($path)) ) {
-			$path = dirname($path);
-		}
-
-		$path = $path.'/';
-		if ($path == './') { $path = ""; } // ./ means path not found, so clear for root.
-	}
-
-	return $path; 
-}//end Check_path() ************************************************************
-
-
-
-
-function is_empty($path){ //****************************************************
-	$empty = false;
-	$dh = opendir($path);
-	for($i = 3; $i; $i--) { $empty = (readdir($dh) === FALSE); }
-	closedir($dh);
-	return $empty;
-}//end is_emtpy() //************************************************************
-
-
-
-
-function ordinalize($destination,$filename, &$msg) { //*************************
-//if file_exists(file.txt), ordinalize filename until it doesn't
-//ie: file.txt.001,  file.txt.002, file.txt.003  etc...
-	global $EX;
-
-	$ordinal   = 0;
-	$savefile = $destination.$filename;
-
-	if (file_exists($savefile)) {
-
-		$msg .= $EX.' A file with that name already exists in the target directory.<br>';
-
-		while (file_exists($savefile)) {
-			$ordinal = sprintf("%03d", ++$ordinal); //  001, 002, 003, etc...
-			$savefile = $destination.$filename.'.'.$ordinal;
-		}
-		$msg .= 'Saving as: "<b>'.htmlentities(basename($savefile)).'</b>"';
-	}
-	return $savefile;
-}//end ordinalize() filename ***************************************************
-
-
-
-
-function Current_Path_Header(){ //**********************************************
- 	// Current path. ie: webroot/current/path/ 
-	// Each level is a link to that level.
-
-	global $ONESCRIPT, $ipath, $WEB_ROOT;
-
-	echo '<h2>';
-		//Root folder of web site.
-		echo '<a id="path_0" href="'.$ONESCRIPT.'" class="path"> '.htmlentities(trim($WEB_ROOT, '/')).'</a>/';
-		$x=0; //need here for focus() in case at webroot.
-
-		if ($ipath != "" ) { //if not at root, show the rest
-			$path_levels  = explode("/",trim($ipath,'/') );
-			$levels = count($path_levels); //If levels=3, indexes = 0, 1, 2  etc... 
-			$current_path = "";
-
-			for ($x=0; $x < $levels; $x++) {
-				$current_path .= $path_levels[$x].'/';
-				echo '<a id="path_'.($x+1).'" href="'.$ONESCRIPT.'?i='.URLencode_path($current_path).'" class="path">';
-				echo htmlentities($path_levels[$x]).'</a>/';
-			}
-		}//end if (not at root)
-	echo '</h2>';
-	echo '<script>document.getElementById("path_'.$x.'").focus();</script>';
-}//end Current_Path_Header() //*************************************************
-
-
-
-
-function message_box() { //*****************************************************
-	global $ONESCRIPT, $param1, $param2, $param3, $message, $page;
-
-	if (isset($message)) {
-?>
-		<div id="message"><p>
-		<span id="Xbox"><!-- [X] to dismiss message box -->
-			<a id="dismiss" href='<?php echo $ONESCRIPT.$param1.$param2.$param3; ?>'
- 			onclick='document.getElementById("message").innerHTML = " ";return false;'>
-			[X]</a>
-		</span>
-		<?php echo $message.PHP_EOL ;?>
-		</p></div>
-		<script>document.getElementById("dismiss").focus();</script>
-<?php
-	}else {
-		echo '<div id="message"></div>'; // Needed on Edit page to keep js feedback from failing
-	} //end isset($message)
-	
-	// Used on Edit Page to preserve vertical spacing, so edit area doesn't jump as much.
-	if ($page == "edit") {echo '<style>#message { min-height: 1.86em; }</style>';}
-}//end message_box()  **********************************************************
-
-
-
-
-function Upload_New_Rename_Delete_Links() { //**********************************
-	global $ONESCRIPT, $ipath, $param1;
-	echo '<p class="front_links">';
-	echo '<a href="'.$ONESCRIPT.$param1.'&amp;p=upload">'   ; svg_icon_upload()    ; echo 'Upload File</a>';
-	echo '<a href="'.$ONESCRIPT.$param1.'&amp;p=newfile">'  ; svg_icon_file_new()  ; echo 'New File</a>'   ;
-	echo '<a href="'.$ONESCRIPT.$param1.'&amp;p=newfolder">'; svg_icon_folder_new(); echo 'New Folder</a>' ;
-	if ($ipath !== "") { //if at root, don't show Rename & Delete links
-		echo '<a href="'.$ONESCRIPT.$param1.'&amp;p=renamefolder">'; svg_icon_folder_ren(); echo 'Rename/Move Folder</a>';
-		echo '<a href="'.$ONESCRIPT.$param1.'&amp;p=deletefolder">'; svg_icon_folder_del(); echo 'Delete Folder</a>';
-	}
-	echo '</p>';
-}//end Upload_New_Rename_Delete_Links()  ***************************************
-
-
-
-
-function Cancel_Submit_Buttons($submit_label, $focus) { //**********************
-	//$submit_label = Rename, Copy, Delete, etc...
-	//$focus is ID of element to receive focus(). (element may be outside this function)
-	global $ONESCRIPT, $ipath, $param1, $param2, $filename, $page;
-
-	// [Cancel] returns to either the index, or edit page.
-	if ($filename == "") {$params = "";}else{ $params = $param2.'&amp;p=edit'; }
-?>
-	<p> 
-	<input type="button" class="button" id="cancel" name="cancel" value="Cancel"
-		onclick="parent.location = '<?php echo $ONESCRIPT.$param1.$params ?>'">
-	<input type="submit" class="button" value="<?php echo $submit_label;?>" style="margin-left: 1.3em;">
-<?php 
-	if ($focus != ""){ echo '<script>document.getElementById("'.$focus.'").focus();</script>'; }
-	//Do not close the <p> tag yet/here. Need to leave it open for edit btn on hash page.
-}// End Cancel_Submit_Buttons() //**********************************************
-
-
-
-
-function show_image(){ //*******************************************************
-	global $filename, $MAX_IMG_W, $MAX_IMG_H;
-	
-	$IMG = $filename;
-	$img_info = getimagesize($IMG);
-
-	$W=0; $H=1;
-	$SCALE = 1; $TOOWIDE = 0; $TOOHIGH = 0;
-	if ($img_info[$W] > $MAX_IMG_W) { $TOOWIDE = ( $MAX_IMG_W/$img_info[$W] );}
-	if ($img_info[$H] > $MAX_IMG_H) { $TOOHIGH = ( $MAX_IMG_H/$img_info[$H] );}
-	
-	if ($TOOHIGH || $TOOWIDE) {
-		if     (!$TOOWIDE)           {$SCALE = $TOOHIGH;}
-		elseif (!$TOOHIGH)           {$SCALE = $TOOWIDE;}
-		elseif ($TOOHIGH > $TOOWIDE) {$SCALE = $TOOWIDE;} //ex:if (.90 > .50)
-		else                         {$SCALE = $TOOHIGH;}
-	}
-
-	echo '<p Xclass="file_meta">';
-	echo 'Image shown at ~'. round($SCALE*100) .'% of full size (W x H = '.$img_info[0].' x '.$img_info[1].').</p>';
-	echo '<div style="clear:both;"></div>'.PHP_EOL;
-	echo '<a href="/' .URLencode_path($IMG). '" target="_blank">'.PHP_EOL;
-	echo '<img src="/'.URLencode_path($IMG).'"  height="'.$img_info[$H]*$SCALE.'"></a>'.PHP_EOL;
-}// end show_image() ***********************************************************
-
-
-
-
-function show_favicon(){ //*****************************************************
-	global $config_favicon, $DOC_ROOT;
-	if (file_exists($DOC_ROOT.$config_favicon)) { 
-		echo '<img src="'.URLencode_path($config_favicon).'" alt="">'; 
-	}
-}// end show_favicon() *********************************************************
-
-
-
-
-function Timeout_Timer($COUNT, $ID, $CLASS, $ACTION) { //************************
-
-	return 	'<script>'.
-			'Start_Countdown('.$COUNT.', "'.$ID.'", "'.$CLASS.'", "'.$ACTION.'");'.
-			'</script>';
-
-} //end Timeout_Timer() **************************************************
-
-
-
-
-function Init_Macros(){ //*** ($varibale="some reusable chunk of code")*********
-
-global 	$ONESCRIPT, $param1, $param2, $INPUT_NUONCE, $FORM_COMMON, 
-		$SVG_icon_circle_plus, $SVG_icon_circle_x, $SVG_icon_pencil, $SVG_icon_img_0;
-
-$INPUT_NUONCE = '<input type="hidden" name="nuonce" value="'.$_SESSION['nuonce'].'">'.PHP_EOL;
-$FORM_COMMON = '<form method="post" action="'.$ONESCRIPT.$param1.$param2.'">'.$INPUT_NUONCE;
-
-$SVG_icon_circle_plus = '<circle cx="5" cy="5" r="5" stroke="black" stroke-width="0" fill="#080"/>
-	  <line x1="2" y1="5" x2="8" y2="5" stroke="white" stroke-width="1.5" />
-	  <line x1="5" y1="2" x2="5" y2="8" stroke="white" stroke-width="1.5" />';
-
-$SVG_icon_circle_x = '<circle cx="5" cy="5" r="5" stroke="black" stroke-width="0" fill="#D00"/>
-	<line x1="2.5" y1="2.5" x2="7.5" y2="7.5" stroke="white" stroke-width="1.5"/>
-	<line x1="7.5" y1="2.5" x2="2.5" y2="7.5" stroke="white" stroke-width="1.5"/>';
-
-$SVG_icon_pencil = '<polygon points="2,0 9,7 7,9 0,2" stroke-width="1" stroke="darkgoldenrod" fill="rgb(246,222,100)"/>
-	  <path  d="M0,2   L0,0  L2,0"      stroke="tan" fill="tan" stroke-width="1" />
-	  <path  d="M0,1.5   L0,0  L1.5,0"      stroke="black" fill="transparent" stroke-width="1" />
-	  <line x1="7.3" y1="10"  x2="10" y2="7.3"  stroke="silver" stroke-width="1"/>
-	  <line x1="8.1" y1="10.8"  x2="10.8" y2="8.1"  stroke="red" stroke-width="1"/>';
-
-$SVG_icon_img_0 = '<rect x="0"    y="0"   width="14" height="16" fill="#FF8" stroke="#44F" stroke-width="2" />
-	<rect x="2"    y="2"   width="5"  height="5"  fill="#F66" stroke-width="0" />
-	<rect x="7.5"  y="6"   width="5"  height="5"  fill="#6F6" stroke-width="0" />
-	<rect x="2"    y="10"  width="5"  height="5"  fill="#66F" stroke-width="0" />';
-}//end Init_Macros() ***********************************************************
-
-
-
-
-function svg_icon_bin(){ //*****************************************************
-$zero = '<rect x="0"  y="0"  width="3" height="6" fill="transparent" stroke="#555" stroke-width="1" />';
-$one  = '<line x1="0" y1="-.5"   x2="0" y2="6.5"  stroke="#555" stroke-width="1"/>';
-?><svg class="icon" xmlns="http://www.w3.org/2000/svg" version="1.1" width="14" height="16">
-	<g transform="translate( 0.5,0.5)"><?php echo $one  ?></g>
-	<g transform="translate( 3.5,0.5)"><?php echo $zero ?></g>
-	<g transform="translate( 9.5,0.5)"><?php echo $one  ?></g>
-	<g transform="translate(12.5,0.5)"><?php echo $one  ?></g>
-	<g transform="translate( 0.5,9.5)"><?php echo $zero ?></g>
-	<g transform="translate( 6.5,9.5)"><?php echo $one  ?></g>
-	<g transform="translate( 9.5,9.5)"><?php echo $zero ?></g>
-</svg><?php 
-} //end svg_icon_bin() *********************************************************
-
-
-
-function svg_icon_img(){ //*****************************************************
-global $SVG_icon_img_0;
-?><svg class="icon icon_file" xmlns="http://www.w3.org/2000/svg" version="1.1" width="14" height="16">
-	<?php echo $SVG_icon_img_0 ?>
-</svg><?php 
-} //end svg_icon_img() *********************************************************
-
-
-
-function svg_icon_svg(){ //*****************************************************
-global $SVG_icon_img_0;
-?><svg class="icon icon_file" xmlns="http://www.w3.org/2000/svg" version="1.1" width="14" height="16">
-	<?php echo $SVG_icon_img_0 ?>
-	<line x1="3" y1="3.5"  x2="11" y2="3.5"  stroke="#444" stroke-width=".6"/>
-	<line x1="3" y1="6.5"  x2="11" y2="6.5"  stroke="#444" stroke-width=".6"/>
-	<line x1="3" y1="9.5"  x2="11" y2="9.5"  stroke="#444" stroke-width=".6"/>
-	<line x1="3" y1="12.5" x2="11" y2="12.5" stroke="#444" stroke-width=".6"/>
-</svg><?php 
-} //end svg_icon_img() *********************************************************
-
-
-
-function svg_icon_txt_0($border, $lines, $fill, $extra){ //*********************
-?><svg class="icon icon_file" xmlns="http://www.w3.org/2000/svg" version="1.1" width="14" height="16">
-	<rect x = "0" y = "0" width = "14" height = "16" 
-		fill="<?php echo $fill ?>" stroke="<?php echo $border ?>" stroke-width="2" />
-	<line x1="3" y1="3.5"  x2="11" y2="3.5"  stroke="<?php echo $lines ?>" stroke-width=".6"/>
-	<line x1="3" y1="6.5"  x2="11" y2="6.5"  stroke="<?php echo $lines ?>" stroke-width=".6"/>
-	<line x1="3" y1="9.5"  x2="11" y2="9.5"  stroke="<?php echo $lines ?>" stroke-width=".6"/>
-	<line x1="3" y1="12.5" x2="11" y2="12.5" stroke="<?php echo $lines ?>" stroke-width=".6"/>
-	<?php echo $extra ?>
-</svg><?php 
-} //end svg_icon_txt() *********************************************************
-
-
-
-function svg_icon_txt(){ svg_icon_txt_0('#333', '#000', '#FFF', ''); } //*******
-
-function svg_icon_htm(){ svg_icon_txt_0('#444', '#222', '#FABEAA', ''); } //**** rgb(250,190,170)
-
-function svg_icon_php(){ svg_icon_txt_0('#333', '#111', '#C3C3FF', ''); } //**** rgb(195,195,225)
-
-function svg_icon_css(){ svg_icon_txt_0('#333', '#111', '#FFE1A5', ''); } //**** rgb(255,225,165)
-
-function svg_icon_cfg(){ svg_icon_txt_0('#444', '#111', '#DDD', ''); } //*******
-
-
-
-function svg_icon_upload(){ //**************************************************
-	$extra = '<g transform="scale(1.1) translate(1.75,4)">
-		<polygon points="6,0  12,6  8,6  8,11  4,11  4,6  0,6" 
-		stroke-width="1" stroke="white" fill="green" /></g>';
-	svg_icon_txt_0('#333', 'black', 'white', $extra);
-} //end svg_icon_upload() ******************************************************
-
-
-
-function svg_icon_file_new(){ //************************************************
-	global $SVG_icon_circle_plus;
-	$extra = '<g transform="translate(4,6)">'.$SVG_icon_circle_plus.'</g>';
-	svg_icon_txt_0('#444', 'black', 'white', $extra);
-} //end svg_icon_file_new() ****************************************************
-
-
-
-function svg_icon_file_del(){ //************************************************
-global $SVG_icon_circle_x;
-	$extra = '<g transform="translate(4,6)">'.$SVG_icon_circle_x.'</g>';
-	svg_icon_txt_0('#444', 'black', 'white', $extra);
-} //end svg_icon_file_del() ****************************************************
-
-
-
-function svg_icon_folder_0($extra){ //******************************************
-?><svg class="icon icon_fldr" xmlns="http://www.w3.org/2000/svg" version="1.1" width="18" height="14">
-	<path  d="M0.5, 1  L8,1  L9,2  L9,3  L16.5,3  L17,3.5  L17,13.5  L.5,13.5  L.5,.5" 
-			fill="#FBE47b" stroke="#F0CD28" stroke-width="1" />
-	<path  d="M1.5, 8  L7, 8  L8.5,6.3  L16,6.3  L7.5, 6.3   L6.5,7.5  L1.5,7.5" 
-			fill="transparent" stroke="white" stroke-width="1" />
-	<path  d="M1.5,13  L1.5,2  L7.5,2  L8.5,3  L8.5,4  L15.5,4 L16,4.5  L16,13"  
-			fill="transparent" stroke="white" stroke-width="1" />
-	<?php echo $extra ?>
-</svg><?php 
-} //end svg_icon_folder_0() ****************************************************
-
-
-
-function svg_icon_folder(){ svg_icon_folder_0(''); } //*************************
-
-
-
-function svg_icon_folder_new(){ //**********************************************
-	global $SVG_icon_circle_plus;
-	$extra = '<g transform="translate(7.5,4)">'.$SVG_icon_circle_plus.'</g>';
-	svg_icon_folder_0($extra);
-} //end svg_icon_folder_new() **************************************************
-
-
-
-function svg_icon_folder_ren(){ //**********************************************
-	global $SVG_icon_pencil;
-	$extra = '<g transform="translate(6,3)">'.$SVG_icon_pencil.'</g>';
-	svg_icon_folder_0($extra);
-} //end svg_icon_folder_ren() **************************************************
-
-
-
-function svg_icon_folder_del(){ //**********************************************
-	global $SVG_icon_circle_x; 
-	$extra = '<g transform="translate(7.5,4)">'.$SVG_icon_circle_x.'</g>';
-	svg_icon_folder_0($extra);
-} //end svg_icon_folder_del() **************************************************
-
-
-
-
-function show_icon($type){ //***************************************************
-	if     ($type == 'bin') { svg_icon_bin(); }
-	elseif ($type == 'img') { svg_icon_img(); }
-	elseif ($type == 'svg') { svg_icon_svg(); }
-	elseif ($type == 'txt') { svg_icon_txt(); }
-	elseif ($type == 'htm') { svg_icon_htm(); }
-	elseif ($type == 'php') { svg_icon_php(); }
-	elseif ($type == 'css') { svg_icon_css(); }
-	elseif ($type == 'cfg') { svg_icon_cfg(); }
-	else                    { svg_icon_bin(); } //default
-}//end show_icon() *************************************************************
-
-
-
-
-function Hash_Page() { //******************************************************
-	global $DOC_ROOT, $ONESCRIPT, $param1, $param2, $message, $INPUT_NUONCE, $config_title;
-	$params = '?i='.dirname($ONESCRIPT).'&amp;f='.basename($ONESCRIPT).'&amp;p=edit';
-?>
-	<style>#message {font-family: courier; min-height: 3.1em;}
-	li {margin-left: 2em}</style>
-
-	<h2>Generate a Password Hash</h2>
-	
-	<form id="hash" name="hash" method="post" action="<?php echo $ONESCRIPT.$param1.'&amp;p=hash'; ?>">
-		<?php echo $INPUT_NUONCE; ?>
-		Password to hash:
-		<input type="text" name="whattohash" id="whattohash" value="<?php echo htmlspecialchars($_POST["whattohash"]) ?>">
-		<?php Cancel_Submit_Buttons('Generate hash', 'whattohash') ?>
- 		<a class="button edit_onefile" href="<?php echo $ONESCRIPT.$params; ?>" >Edit &nbsp;<?php echo $config_title ?></a>
-	</form>
-
-	<div class="info">
- 	<p>There are two ways to change your OneFileCMS password:<br>
-	<p>
-	1) Simply use the $PASSWORD config variable to store your desired password, and set $USE_HASH = 0 (zero).<br>
-	2) Or, use $HASHWORD to store the hash of your password, and set $USE_HASH = 1.<br>
-
-	<p>Keep in mind that due to a number of widely varied considerations, this is largely an academic excersize. 
-	That is, take the idea that this adds much of an improvement to security with a grain of cryptographic salt.
-	However, it does eleminate the storage of your password in plain text, which is always a good thing.*
-
-	<p>Anyway, to use the $HASHWORD password option:
-	<ol><li>Type your desired password in the input field above and hit Enter.<br>
-			The hash will be displayed in a yellow message box above that.
-		<li>Copy and paste the new hash to the $HASHWORD variable in the config section.<br>
-			'Make sure the hash ends up in quotes.'<br>
-			Make sure to copy ALL of, and ONLY, the hash (no spaces etc). A double-click should select it...
-		<li>Make sure $USE_HASH is set to 1 (or true).
-		<li>When ready, logout and login.
-	</ol>
-	<p>You can use OneFileCMS to edit itself.  However, be sure to have a backup ready for the inevitable ytpo...
-	<p>
-	*For another small improvement to security, change the default salt and/or method used by OneFileCMS to hash the password (and keep 'em secret, of course).  Remever, every little bit helps...<br>
-	PS: Everything I know about security - you just read...
-	</div>
-<?php 
-} //end Hash_Page() ************************************************************
-
-
-
-
-function Hash_response() { //***************************************************
-	global $SALT, $message;
-	$_POST['whattohash'] = trim($_POST['whattohash']); // trim leading & trailing spaces.
-	$message .= 'Password: '.$_POST['whattohash'].'<br>';
-	$message .= 'Hash &nbsp; &nbsp;: '.hashit($_POST["whattohash"]);
-} //end Hash_response() ********************************************************
-
-
-
-
-function Logout() { //**********************************************************
-	global $page;
-	session_regenerate_id(true);
-	session_unset();
-	session_destroy();
-	session_write_close();
-	unset($_GET);
-	unset($_POST);
-	$_SESSION['valid'] = 0;
-	$page = 'login';
-}//end Logout() ****************************************************************
-
-
-
-
-function Login_Page() { //******************************************************
-	global $ONESCRIPT, $message;
-?>
-	<h2>Log In</h2>
-	<form method="post" action="<?php echo $ONESCRIPT; ?>">
-		<p>
-			<label for="username">Username:</label>
-			<input type="text" name="username" id="username" class="login_input" >
-		</p>
-		<p>
-			<label for="password">Password:</label>
-			<input type="password" name="password" id="password" class="login_input">
-		</p>
-			
-		<p><input type="submit" class="button" value="Enter"></p>
-	</form>
-	<script>document.getElementById('username').focus();</script>
-<?php 
-} //end Login_Page() ***********************************************************
-
-
-
-
-function Login_response() { //**************************************************
-	global $USERNAME, $PASSWORD, $USE_HASH, $HASHWORD, $MAX_ATTEMPTS, $LOGIN_DELAY, 
-		   $EX, $message, $page, $LOGIN_ATTEMPTS;
-
-	$_SESSION = array();    //make sure it's empty
-	$_SESSION['valid'] = 0; //Default to failed login.
-
-	if (!is_file($LOGIN_ATTEMPTS)) { file_put_contents($LOGIN_ATTEMPTS, 0); }
-	$attempts = (int)file_get_contents($LOGIN_ATTEMPTS); //Don't increment yet...
-	$elapsed  = time() - filemtime($LOGIN_ATTEMPTS);
-
-	if ($attempts > 0) { $message .= '<b>There have been '.$attempts.' invalid login attempts.</b><br>';}
-	if ( ($attempts >= $MAX_ATTEMPTS) && ($elapsed < $LOGIN_DELAY) ){
-		$message .= 'Please wait '.Timeout_Timer(($LOGIN_DELAY - $elapsed), 'timer0', '', '').' seconds to try again. ';
-		return;
-	}
-
-	//Validate password
-	if ($USE_HASH) { $VALID_PASSWORD = (hashit($_POST['password']) == $HASHWORD); }
-	else           { $VALID_PASSWORD = (       $_POST['password']  == $PASSWORD); }
-
-	//validate login.  Ignore attempt if username & password are blank. 
-	if ( ($_POST['password'] == "") && ($_POST['username'] == "") )  { return;
-	}elseif ( $VALID_PASSWORD && ($_POST['username'] == $USERNAME) ) {
-		session_regenerate_id(true);
-		$_SESSION['USER_AGENT'] = $_SERVER['HTTP_USER_AGENT']; //for user consistancy check.
-		$_SESSION['valid'] = 1;
-		$page = "index";
-		unlink($LOGIN_ATTEMPTS); //delete invalid attempt count file
-	}else{
-		file_put_contents($LOGIN_ATTEMPTS, ++$attempts); //increment & save attempt
-		$message  = $EX.' <b>INVALID LOGIN ATTEMPT #'.$attempts.'</b><br>';
-		if ($attempts >= $MAX_ATTEMPTS) {
-			$message .= 'Please wait '.Timeout_Timer($LOGIN_DELAY, 'timer0', '', '').' seconds to try again. ';
-		}
-	}
-}//end Login_response() //******************************************************
-
-
-
-
-function List_Files() { // ...in a vertical table ******************************
-//called from Index Page
-
-	global $ONESCRIPT, $ipath, $param1, $ftypes, $fclasses, $excluded_list;
-
-	$files = scandir('./'.$ipath);
-	natcasesort($files);
-
-	echo '<table class="index_T">';
-	foreach ($files as $file) {
-		
-		$excluded = FALSE;
-		if (in_array(basename($file), $excluded_list)) { $excluded = TRUE; };
-		
-		if (!is_dir($ipath.$file) && !$excluded) {
-
-			//Determine file type & set cooresponding icon type.
-			$ext = end( explode(".", strtolower($file)) );
-			$type = $fclasses[array_search($ext, $ftypes)];
-?>
-			<tr>
-				<td>
-					<?php echo '<a href="'.$ONESCRIPT.$param1.'&amp;f='.rawurlencode($file).'&amp;p=edit" >'; ?>
-					<?php show_icon($type); echo  htmlentities($file), '</a>'; ?>
-				</td>
-				<td class="meta_T meta_size">&nbsp;
-					<?php echo number_format(filesize($ipath.$file)); ?> B
-				</td>
-				<td class="meta_T meta_time"> &nbsp;
-					<script>FileTimeStamp(<?php echo filemtime($ipath.$file); ?>, 1, 0);</script>
-				</td>
-			</tr>
-<?php 
-		}//end if !is_dir...
-	}//end foreach file
-	echo '</table>';
-}//end List_Files() ************************************************************
-
-
-
-
-function Index_Page(){ //*******************************************************
-	global $ONESCRIPT, $ipath;
-
-	//<!--==== List folders/sub-directores ====-->
-	echo '<p class="index_folders">';
-		$folders = glob($ipath."*",GLOB_ONLYDIR);
-		natcasesort($folders);
-		foreach ($folders as $folder) {
-			echo '<a href="'.$ONESCRIPT.'?i='.URLencode_path($folder).'/">'.PHP_EOL;
-			svg_icon_folder();
-			echo htmlentities(basename($folder)).' /</a>';
-		}
-	echo '</p>';
-
-	Upload_New_Rename_Delete_Links();
-
-	List_Files();
-
-	Upload_New_Rename_Delete_Links();
-
-}//end Index_Page()*************************************************************
-
-
-
-
-function Edit_Page_Buttons($text_editable, $too_large_to_edit) { //*************
-	global $ONESCRIPT, $param1, $param2, $MAX_IDLE_TIME;
-	$Button = '<input type="button" class="button" value=';
-	$ACTION = 'onclick="parent.location = \''.$ONESCRIPT.$param1.$param2.'&amp;p=';
-?>
-	<p class="buttons_right">
-	<?php if ($text_editable && !$too_large_to_edit) { //Show save & reset only if editable file ?> 
-		<?php echo Timeout_Timer($MAX_IDLE_TIME, 'timer1','timer xtra', 'LOGOUT'); ?>
-		<input type="submit" class="button" value="Save"                  onclick="submitted = true;" id="save_file">
-		<input type="button" class="button" value="Reset - loose changes" onclick="Reset_File()"      id="reset">
-		<script>
-			//Set disabled here instead of via input attribute in case js is disabled.
-			//If js is disabled, user would be unable to save changes.
-			document.getElementById('save_file').disabled = "disabled";
-			document.getElementById('reset').disabled     = "disabled";
-		</script>
-	<?php } ?>
-	<?php echo $Button.'"Rename/Move" '.$ACTION ?>rename'">
-	<?php echo $Button.'"Copy"        '.$ACTION ?>copy'"  >
-	<?php echo $Button.'"Delete"      '.$ACTION ?>delete'">
-	<?php echo $Button.'"Close"       ' ?>onclick="parent.location = '<?php echo $ONESCRIPT.$param1 ?>'">
-	</p>
-<?php
-}//end Edit_Page_Buttons()******************************************************
-
-
-
-
-//******************************************************************************
-function Edit_Page_form($ext, $text_editable, $too_large_to_edit, $too_large_to_edit_message){ 
-	global $ONESCRIPT, $param1, $param2, $param3, $filename, $itypes, $INPUT_NUONCE, $EX, $message, $MAX_IDLE_TIME;
-?>
-	<form id="edit_form" name="edit_form" method="post" action="<?php echo $ONESCRIPT.$param1.$param2.$param3 ?>">
-		<?php echo $INPUT_NUONCE; ?>
-<?php
-		if ( !in_array( strtolower($ext), $itypes) ) { //If non-image, show textarea
-
-			if (!$text_editable) { // If non-text file, disable textarea
-				echo '<p class="edit_disabled">Non-text or unkown file type. Edit disabled.<br><br></p>';
-
-			}elseif ( $too_large_to_edit ) {
- 				echo '<p class="edit_disabled">'.$too_large_to_edit_message.'</p>';
-
-			}else{
-				if (PHP_VERSION_ID  < 50400) {  // 5.4.0
-					$filecontent = htmlspecialchars(file_get_contents($filename));
-				}else{
-					$filecontent = htmlspecialchars(file_get_contents($filename),ENT_SUBSTITUTE);
-				}
-				$bad_chars = ($filecontent == "" && filesize($filename) > 0);
-
-				if ($bad_chars){ //did specialchars return an empty string?
-					echo '<pre class="edit_disabled">'.$EX.' File contains an invalid character. Edit and view disabled.<br>';
-					echo ' htmlspecialchars() returned and empty string from what <i>may be</i> an otherwise valid file.<br>';
-					echo ' This behavior can be inconsistant from version to version of php.<br></pre>';
-				}else{
-					echo '<input type="hidden" name="filename" id="filename" value="'.htmlspecialchars($filename).'">';
-					echo '<textarea id="file_content" name="content" cols="70" rows="25"
-						onkeyup="Check_for_changes(event);">'.$filecontent.'</textarea>'.PHP_EOL;
-				}
-			} //end if !editable /else...
-		} //end if non-image, show textarea
-
-		Edit_Page_Buttons($text_editable, $too_large_to_edit);
-
-		if ($text_editable && !$too_large_to_edit && !$bad_chars) {
-			Edit_Page_scripts();
-			$SEC = $MAX_IDLE_TIME;
-			$HRS = floor($SEC/3600);
-			$SEC = fmod($SEC,3600);
-			$MIN = floor($SEC/60);   if ($MIN < 10) { $MIN = "0".$MIN; };
-			$SEC = fmod($SEC,60);    if ($SEC < 10) { $SEC = "0".$SEC; };
-			$HRS_MIN_SEC = $HRS.':'.$MIN.':'.$SEC;
-?>
-			<div id="edit_notes">NOTES:<ol>
-			<li><b>Remember- your $MAX_IDLE_TIME is <?php echo $HRS_MIN_SEC ?>.
-			So save changes before the clock runs out, or the changes will be lost!</b><br>
-
-			<?php //The following line is just a static time stamp of when the idle time runs out. ?>
-			<?php //echo '<b class="xtra">&nbsp;<script>FileTimeStamp('.(time()+$MAX_IDLE_TIME).', 0, 0)</script>  </b>,'?>
-
-			<li>On some browsers, such as Chrome, if you click the browser [Back] then browser [Forward] (or vice versa), the file state may not be accurate.  To correct, click the browser's [Reload].
-			<li>Chrome's XSS filters may disable some javascript in a page if the page even <i>appears</i> to contain inline javascript in certain contexts.  This can affect some features of the OneFileCMS edit page when editing files that legitimately contain such code, such as OneFileCMS itself.  However, such files can still be edited and saved with OneFileCMS.  The primary function lost is the incidental change of background colors (red/green) indicating whether or not the file has unsaved changes.  The issue will be noticed after the first save of such a file.
-			</div>
-		<?php } ?>
-	</form> 
-<?php 
-}//end Edit_Page_form() ********************************************************
-
-
-
-
-function Edit_Page() { //*******************************************************
-	global $ONESCRIPT, $param1, $filename, $filecontent, $etypes, $itypes, $MAX_EDIT_SIZE, $MAX_VIEW_SIZE;
-	clearstatcache ();
-
-	//Determine if text editable file type
-	$ext = end( explode(".", strtolower($filename) ) );
-	if (in_array($ext, $etypes)) { $text_editable = TRUE;  }
-	else                         { $text_editable = FALSE; }
-	
-	$too_large_to_edit = (filesize($filename) > $MAX_EDIT_SIZE);
-	$too_large_to_view = (filesize($filename) > $MAX_VIEW_SIZE);
-	
-	if ($too_large_to_edit){$header2 = "Viewing: ";}
-	else                   {$header2 = "Editing: ";}
-
-	$too_large_to_edit_message = 
-'<b>Edit disabled. Filesize &gt; '.number_format($MAX_EDIT_SIZE).' bytes.</b><br>
-Some browsers (ie: IE) bog down or become unstable while editing a large file in an HTML &lt;textarea&gt;.<br>
-Adjust $MAX_EDIT_SIZE in the configuration section of OneFileCMS as needed.<br>
-A simple trial and error test can determine a practical limit for a given browser/computer.';
-	$too_large_to_view_message = 
-'<b>View disabled. Filesize &gt; '.number_format($MAX_VIEW_SIZE).' bytes.</b><br>
-Click the the file name above to view normally in a browser window.<br>
-Adjust $MAX_VIEW_SIZE in the configuration section of OneFileCMS as needed.<br>
-(The default value for $MAX_VIEW_SIZE is completely arbitrary, and may be adjusted as desired to suit individual perceptions of neccessity.)';
-
-	echo '<h2 id="edit_header">'.$header2;
-	echo '<a class="filename" href="/'.URLencode_path($filename).'" target="_blank">'.htmlentities(basename($filename)).'</a>';
-	echo '</h2>'.PHP_EOL;
-?>
-	<p class="file_meta">
-	<span class="meta_size">Filesize: <?php echo number_format(filesize($filename)); ?> bytes</span> &nbsp; 
-	<span class="meta_time">Updated: <script>FileTimeStamp(<?php echo filemtime($filename); ?>, 1, 1);</script></span><br>
-	</p>
-
-	<input type="button" id="close1" class="button" value="Close" onclick="parent.location = '<?php echo $ONESCRIPT.$param1 ?>'">
-	<script>document.getElementById('close1').focus();</script>
-	<div style="clear:both;"></div>
-<?php
-	Edit_Page_form($ext, $text_editable, $too_large_to_edit, $too_large_to_edit_message);
-
-	if ( in_array( $ext, $itypes) ) { show_image(); }
-
-	echo '<div style="clear:both;"></div>';
-
-	if ( $text_editable && $too_large_to_edit && !$too_large_to_view ) {
-		$filecontent = htmlspecialchars(file_get_contents($filename), ENT_COMPAT,'UTF-8');
-		echo '<pre class="edit_disabled view_file">'.$filecontent.'</pre>';
-	}elseif ( $text_editable && $too_large_to_view ){
-		echo '<p class="edit_disabled">'.$too_large_to_view_message.'</p>';
-	}
-
-}//End Edit_Page ***************************************************************
-
-
-
-
-function Edit_response(){ //***If on Edit page, and [Save] clicked *************
-	global $filename, $message, $EX;
-	$filename = $_POST["filename"];
-	$content  = $_POST["content"];
-
-	$bytes = file_put_contents($filename, $content);
-
-	if ($bytes !== false) {
-		$message .= '<b>File saved: '.$bytes.' bytes written.</b>';
-	}else{
-		$message .= $EX.' <b>There was an error saving file.</b>';
-	}
-}//end Edit_response() *********************************************************
-
-
-
-
-function Upload_Page() { //*****************************************************
-	global $ONESCRIPT, $ipath, $param1, $INPUT_NUONCE;
-
-	//Determine $MAX_FILE_SIZE to upload
-	$upload_max_filesize = ini_get('upload_max_filesize'); //This should be < post_max_size,
-	$post_max_size       = ini_get('post_max_size');       //but, just in case, check both...
-
-	function shorthand_to_int($SHORTHAND){ //*******************
-		$KMG = strtoupper(substr($SHORTHAND, -1));
-		if     ($KMG == "K") { return $SHORTHAND * 1024; }
-		elseif ($KMG == "M") { return $SHORTHAND * 1048576; }
-		elseif ($KMG == "G") { return $SHORTHAND * 1073741824; }
-		else                 { return $SHORTHAND; }
-	}//end function shorthand_to_int() *************************
-
-	$UMF = shorthand_to_int($upload_max_filesize);
-	$PMS = shorthand_to_int($post_max_size);
-
-	if ($UMF <= $PMS){ $MAX_FILE_SIZE = $UMF; $max_msg = $upload_max_filesize.' &nbsp; per upload_max_filesize in php.ini.'; }
-	else             { $MAX_FILE_SIZE = $PMS; $max_msg = $post_max_size.' &nbsp; per post_max_size in php.ini'; }
-?>
-	<h2>Upload File</h2>
-	<p>Note: Maximum upload file size is: <?php echo $max_msg; ?></p>
-	<form enctype="multipart/form-data" action="<?php echo $ONESCRIPT.$param1; ?>&amp;p=uploaded" method="post">
-		<?php echo $INPUT_NUONCE; ?>
-		<input type="hidden" name="MAX_FILE_SIZE" value="<?php echo $MAX_FILE_SIZE ?>"> 
-		<input type="hidden" name="upload_destination" value="<?php echo htmlspecialchars($ipath); ?>" >
-		<input type="file"   name="upload_file" id="upload_file" size="100">
-		<?php Cancel_Submit_Buttons("Upload","cancel"); ?>
-	</form>
-<?php 
-} //end Upload_Page() **********************************************************
-
-
-
-
-function Upload_response() { //*************************************************
-	global $filename, $message, $EX, $page;
-	$filename    = $_FILES['upload_file']['name'];
-	$destination = Check_path($_POST["upload_destination"]);
-	$page  = "index";
-	$MAXUP1 = ini_get('upload_max_filesize');
-	$MAXUP2 = number_format ($_POST['MAX_FILE_SIZE']).' bytes';
-	$ERROR = $_FILES['upload_file']['error'];
-
-	if     ( $ERROR == 1 ){ $ERRMSG = 'Error 1: File too large.  upload_max_filesize = '.$MAXUP1.' (From php.ini)';}
-	elseif ( $ERROR == 2 ){ $ERRMSG = 'Error 2: File too large.  $MAX_FILE_SIZE = '.$MAXUP2.' (From OneFileCMS)';}
-	elseif ( $ERROR == 3 ){ $ERRMSG = 'Error 3: The uploaded file was only partially uploaded.'; }
-	elseif ( $ERROR == 4 ){ $ERRMSG = 'Error 4: No file was uploaded. '; }
-	elseif ( $ERROR == 5 ){ $ERRMSG = 'Error 5. '; }
-	elseif ( $ERROR == 6 ){ $ERRMSG = 'Error 6: Missing a temporary folder.'; }
-	elseif ( $ERROR == 7 ){ $ERRMSG = 'Error 7: Failed to write file to disk.'; }
-	elseif ( $ERROR == 8 ){ $ERRMSG = 'Error 8: A PHP extension stopped the file upload.'; }
-	else                  { $ERRMSG = ''; }
-
-	if (($filename == "")){ 
-		$message .= $EX.' <b>No file selected for upload... </b>';
-	}elseif (($destination != "") && !is_dir($destination)) {
-		$message .= $EX.' Destination folder does not exist: <br><b>';
-		$message .= htmlentities($WEB_ROOT.$destination).'</b><br><b>Upload cancelled.</b>';
-	}else{
-		$message .= 'Uploading: "<b>'.htmlentities($filename).'</b>"...';
-		$savefile = ordinalize($destination, $filename, $savefile_msg);
-		if(move_uploaded_file($_FILES['upload_file']['tmp_name'], $savefile)) {
-			$message .= '<br>Upload successful! '.$savefile_msg;
-		} else{
-			$message .= '<br>'.$EX.' <b> Upload failed: </b>'.$ERRMSG.'';
-		}
-	}
-}//end Upload_response() *******************************************************
-
-
-
-
-function New_File_Page() { //***************************************************
-	global $FORM_COMMON, $INVALID_CHARS;
-?>
-	<h2>New File</h2>
-	<?php echo $FORM_COMMON ?>
-		<p>File will be created in the current folder. &nbsp;
-		Some invalid characters are: <span class="mono"><?php echo htmlentities($INVALID_CHARS) ?></span></p>
-		<input type="text" name="new_file" id="new_file" value="">
-		<?php Cancel_Submit_Buttons("Create","new_file"); ?>
-	</form>
-<?php 
-}//end New_File_Page()**********************************************************
-
-
-
-
-function New_File_response() { //***********************************************
-	global $ipath, $param2, $param3, $filename, $page, $message, $EX, $INVALID_CHARS, $INVALID_CHARS_array;
-
-	$new_name = trim($_POST["new_file"],'/ '); //Trim spaces and slashes.
-	$filename = $ipath.$new_name;
-	$page = "index"; // return to index if new file fails
-	
-	$invalid = false;
-	foreach ($INVALID_CHARS_array as $bad_char) {
-		if (strpos($new_name, $bad_char) !== false) { $invalid = true; }
-	}
-
-	if ($invalid){
-		$message .= $EX.' <b>New file not created:</b> '.htmlentities($new_name).'<br>'.
-			'<b> &nbsp; &nbsp; &nbsp; Name contains invalid character(s): '.
-			'<span class="mono">'.htmlentities($INVALID_CHARS).'</span></b>';
-	}elseif ($new_name == ""){ 
-		$message .= $EX.' <b>New file not created -</b> no name given';
-	}elseif (file_exists($filename)) {
-		$message .= $EX.' <b>File already exists: ';
-		$message .= htmlentities($new_name).'</b>';
-	}elseif ($handle = fopen($filename, 'w')) {
-		fclose($handle);
-		$message .= '<b>Created file:</b> '.htmlentities($new_name);
-		$page     = "edit";
-		$param2   = '&amp;f='.rawurlencode(basename($filename));// for Edit_Page() buttons
-		$param3   = '&amp;p=edit';                              // for Edit_Page() buttons 
-	}else{
-		$message .= $EX.' <b>Error - new file not created:<br>';
-		$message .= htmlentities($new_name);
-	}
-}//end New_File_response() *****************************************************
-
-
-
-
-function Copy_Ren_Move_Page($action, $title, $name_id, $isfile) { //************
-	//$action = 'Copy' or 'Rename'. $isfile = 1 if acting on a file, not a folder
-	global $WEB_ROOT, $ipath, $filename, $FORM_COMMON;
-	if ($isfile) { $old_name = $filename; }else{ $old_name = $ipath; }
-	if ($isfile) { $new_name = $filename; }else{ $new_name = $ipath; }
-	if ($action == "Copy" ) { $new_name = ordinalize($ipath, basename($filename), $msg); }
-?>
-	<h2><?php echo $action.' '.$title ?></h2>
-	<p>To move a file or folder, change the path/to/folder/or_file. The new location must already exist.</p>
-	<?php echo $FORM_COMMON ?>
-		<p>
-			<label>Old name:</label>
-			<span class="web_root"><?php echo htmlentities($WEB_ROOT); ?></span><input type="text" 
-				name="old_name" value="<?php echo htmlspecialchars($old_name); ?>" readonly="readonly">
-		</p>
-		<p>
-			<label>New name:</label>
-			<span class="web_root"><?php echo htmlentities($WEB_ROOT); ?></span><input type="text" 
-				name="<?php echo $name_id ?>" id="<?php echo $name_id ?>" 
-				value="<?php echo htmlspecialchars($new_name); ?>">
-		</p>
-		<?php Cancel_Submit_Buttons($action, $name_id); ?>
-	</form>
-<?php 
-} //end Copy_Ren_Move_Page() ***************************************************
-
-
-
-
-//******************************************************************************
-function Copy_Ren_Move_response($old_name, $new_name, $action, $msg1, $msg2, $isfile){
-	//$action = 'copy' or 'rename'. $isfile = 1 if acting on a file, not a folder
-	global $WEB_ROOT, $ipath, $param1, $param2, $message, $EX, $page, $filename;
-
-	$old_name = trim($old_name,'/ ');
-	$new_name = trim($new_name,'/ ');
-	$new_location = dirname($new_name);
-	$filename = $old_name; //default if error
-	if ($isfile) { $page = "edit"; }else{ $page = "index"; }
-	
-	if ( !is_dir($new_location) ){
-		$message .= $EX.' <b>'.$msg1.' Error - new parent location does not exist:</b><br>';
-		$message .= htmlentities($WEB_ROOT.$new_location).'/<br>';
-	}elseif ( !file_exists($filename) ){
-		$message .= $EX.' <b>'.$msg1.' Error - source file does not exist:</b><br>';
-		$message .= htmlentities($filename);
-	}elseif (file_exists($new_name)) {
-		$message .= $EX.' <b>'.$msg1.' Error - target filename already exists:<br>';
-		$message .= htmlentities($WEB_ROOT.$new_name).'</b>';
-	}elseif ($action($old_name, $new_name)) {
-		$message .= '<b>'.htmlentities($WEB_ROOT.$old_name).'</b><br>';
-		$message .= ' --- '.$msg2.' to ---<br>';
-		$message .= '<b>'.htmlentities($WEB_ROOT.$new_name).'</b>';
-		$filename = $new_name; //so edit page knows what to edit
-		if ($isfile) { $ipath = Check_path(dirname($filename)); } //if changed,
-		else         { $ipath = Check_path($filename); }          //return to new dir.
-		$param1   = '?i='.URLencode_path($ipath);
-		$param2   = '&amp;f='.rawurlencode(basename($filename));
-		$param3   = '&amp;p=edit';
-	}else{
-		$message .= '<b>'.htmlentities($WEB_ROOT.$old_name).'</b><br>';
-		$message .= $EX.' <b>Error during '.$msg1.' from the above to the following:</b><br>';
-		$message .= '<b>'.htmlentities($WEB_ROOT.$new_name).'</b>';
-	}
-}//end Copy_Ren_Move_response() ************************************************
-
-
-
-
-function Delete_File_Page() { //************************************************
-	global $filename, $FORM_COMMON;
-?>
-	<h2>Delete File</h2>
-	<?php echo $FORM_COMMON ?>
-		<input type="hidden" name="delete_file" value="<?php echo htmlspecialchars($filename); ?>" >
-		<span class="verify"><?php echo htmlentities(basename($filename)); ?></span>
-		<p><b>Are you sure?</b></p>
-		<?php Cancel_Submit_Buttons("DELETE", "cancel"); ?>
-	</form>
-<?php 
-} //end Delete_File_Page() *****************************************************
-
-
-
-
-function Delete_File_response(){ //*********************************************
-	global $filename, $message, $EX, $page;
-
-	$page = "index"; //Return to index
-	$filename = $_POST["delete_file"];
-
-	if (unlink($filename)) {
-		$message .= '<b>Deleted file:</b> '.htmlentities(basename($filename));
-	}else{
-		$message .= $EX.' <b>Error deleting "'.htmlentities($filename).'"</b>.';
-		$page = "edit";
-	}
-}//end Delete_File_response() **************************************************
-
-
-
-
-function New_Folder_Page() { //*************************************************
-	global $FORM_COMMON, $INVALID_CHARS;
-?>
-	<h2>New Folder</h2>
-	<?php echo $FORM_COMMON ?>
-		<p>Folder will be created in the current folder. &nbsp;
-		Some invalid characters are: <span class="mono"><?php echo htmlentities($INVALID_CHARS) ?></span></p>
-		<input type="text" name="new_folder" id="new_folder" value="">
-		<?php Cancel_Submit_Buttons("Create","new_folder"); ?>
-	</form>
-<?php 
-} //end New_Folder_Page() ******************************************************
-
-
-
-
-function New_Folder_response(){ //**********************************************
-	global $ipath, $param1, $page, $message, $EX, $INVALID_CHARS, $INVALID_CHARS_array;
-
-	$new_name = trim($_POST["new_folder"],'/ '); //Trim spaces, and make sure only has a single trailing slash.
-
-	$invalid = false;
-	foreach ($INVALID_CHARS_array as $bad_char) {
-		if (strpos($new_name, $bad_char) !== false) { $invalid = true; }
-	}
-	$page = "index"; //Return to index
-
-	$new_ipath = $ipath.$new_name.'/';
-
-	if ($invalid){
-		$message .= $EX.' <b>New folder not created:</b> '.htmlentities($new_name).'<br>'.
-			'<b> &nbsp; &nbsp; &nbsp; Name contains invalid character(s): '.
-			'<span class="mono">'.htmlentities($INVALID_CHARS).'</span></b>';
-	}elseif ($new_name == ""){ 
-		$message .= $EX.' <b>New folder not created - no name given.</b>';
-	}elseif (is_dir($new_ipath)) {
-		$message .= $EX.' <b>Folder already exists: ';
-		$message .= htmlentities($new_ipath).'</b>';
-	}elseif (mkdir($new_ipath)) {
-
-		$message .= '<b>Created folder:</b> '.htmlentities($new_name);
-		$ipath    = $new_ipath;  //return to new folder
-		$param1   = '?i='.URLencode_path($ipath);
-	}else{
-		$message .= $EX.' <b>Error - new folder not created: </b><br>';
-		$message .= htmlentities($new_name);
-	}
-}//end New_Folder_response *****************************************************
-
-
-
-
-function Delete_Folder_Page(){ //***********************************************
-	global $WEB_ROOT, $ipath, $FORM_COMMON;
-?>
-	<h2>Delete Folder</h2>
-	<?php echo $FORM_COMMON ?>
-		<input type="hidden" name="delete_folder" value="<?php echo htmlspecialchars($ipath); ?>" >
-		<span class="web_root"><?php echo htmlentities($WEB_ROOT.Check_path(dirname($ipath))); ?></span><span 
-		class="verify"><?php echo htmlentities(basename($ipath)); ?></span> /
-		<p><b>Are you sure?</b></p>
-		<?php Cancel_Submit_Buttons("DELETE", "cancel"); ?>
-	</form>
-<?php 
-} //end Delete_Folder_Page() //*************************************************
-
-
-
-
-function Delete_Folder_response() { //******************************************
-	global $ipath, $param1, $page, $message, $EX;
-	$page = "index"; //Return to index
-	$foldername = trim($_POST["delete_folder"], '/');
-
-	if ( !is_empty($ipath) ) {
-		$message .= $EX.' <b>Folder not empty. &nbsp; Folders must be empty before they can be deleted.</b>';
-		$page = "index";
-	}elseif (@rmdir($foldername)) {
-		$message .= '<b>Deleted folder:</b> '.htmlentities(basename($foldername));
-		$ipath  = Check_path($foldername); //Return to parent dir.
-		$param1 = '?i='.URLencode_path($ipath);
-	}else {
-		$message .= $EX.' <b>"'.htmlentities($foldername).'/"</b> an error occurred during delete.';
-	}
-}//end Delete_Folder_response() ************************************************
-
-
-
-
-function Page_Title(){ //***<title>Page_Title()</title>*************************
-	global $page;
-
-	if     ($page == "login")        { return "Log In";         }
-	elseif ($page == "hash")         { return "Hash";           }
-	elseif ($page == "edit")         { return "Edit/View File"; }
-	elseif ($page == "upload")       { return "Upload File";    }
-	elseif ($page == "newfile")      { return "New File";       }
-	elseif ($page == "copy" )        { return "Copy";           }
-	elseif ($page == "rename")       { return "Rename File";    }
-	elseif ($page == "delete")       { return "Delete";         }
-	elseif ($page == "newfolder")    { return "New Folder";     }
-	elseif ($page == "renamefolder") { return "Rename Folder";  }
-	elseif ($page == "deletefolder") { return "Delete Folder";  }
-	else                             { return $_SERVER['SERVER_NAME']; }
-}//end Page_Title() ************************************************************
-
-
-
-
-function Load_Selected_Page(){ //***********************************************
-	global $ONESCRIPT, $page;
-
-	if     ($page == "login")        { Login_Page();         }
-	elseif ($page == "hash")         { Hash_Page();          }
-	elseif ($page == "edit")         { Edit_Page();          }
-	elseif ($page == "upload")       { Upload_Page();        }
-	elseif ($page == "newfile")      { New_File_Page();      }
-	elseif ($page == "copy")         { Copy_Ren_Move_Page('Copy', 'File', 'copy_file', 1); }
-	elseif ($page == "rename")       { Copy_Ren_Move_Page('Rename', 'File', 'rename_file', 1); }
-	elseif ($page == "delete")       { Delete_File_Page();   }
-	elseif ($page == "newfolder")    { New_Folder_Page();    }
-	elseif ($page == "renamefolder") { Copy_Ren_Move_Page('Rename', 'Folder', 'rename_folder', 0); }
-	elseif ($page == "deletefolder") { Delete_Folder_Page(); }
-	else                             { Index_Page();         } //default
-}//end Load_Selected_Page() ****************************************************
-
-
-
-
-function Timer_scripts() { //***************************************************
-?>
-<script>
-//pad() is also used by the Time_Stamp_scripts()
-function pad(num){ if ( num < 10 ){ num = "0" + num; }; return num; }
-
-
-function FormatTime(Seconds) {
-	var Hours = Math.floor(Seconds / 3600); Seconds = Seconds % 3600;
-	var Minutes = Math.floor(Seconds / 60); Seconds = Seconds % 60;
-	if ((Hours == 0) && (Minutes == 0)) { Minutes = "" } else { Minutes = pad(Minutes) }
-	if (Hours == 0) { Hours = ""} else { Hours = pad(Hours) + ":"}
-
-	return (Hours + Minutes + ":" + pad(Seconds));
-}
-
-
-function Countdown(count, End_Time, Timer_ID, Timer_CLASS, Action){
-	var Timer        = document.getElementById(Timer_ID);
-	var Current_Time = Math.round(new Date().getTime()/1000); //js uses milliseconds
-	    count        = End_Time - Current_Time;
-	var params = count + ', "' + End_Time + '", "' + Timer_ID + '", "' + Timer_CLASS + '", "' + Action + '"';
-
-	Timer.innerHTML = FormatTime(count);
-
-	if ( count < 1 ) {
-		if ( Action == 'LOGOUT') { 
-			Timer.innerHTML = 'SESSION EXPIRED';
-			//Load login screen, but delay first to make sure really expired:
-			setTimeout('window.location = window.location.pathname',3000); //1000 = 1 second
-		}
-		return;
-	}
-	setTimeout('Countdown(' + params + ')',1000);
-}
-
-
-function Start_Countdown(count, ID, CLASS, Action){
-	document.write('<span id="' + ID + '"  class="' + CLASS + '"></span>');
-
-	var Time_Start  = Math.round(new Date().getTime()/1000);
-	var Time_End    = Time_Start + count;
-
-	Countdown(count, Time_End, ID, CLASS, Action); //(seconds to count, id of element)
-}
-</script>
-<?php }//end Timer_scripts() ***************************************************
-
-
-
-
-function Time_Stamp_scripts() { //**********************************************
-?>
-<script>//Dispaly file's timestamp in user's local time 
-
-function FileTimeStamp(php_filemtime, show_date, show_offset){
-
-	//php's filemtime returns seconds, javascript's date() uses milliseconds.
-	var FileMTime = php_filemtime * 1000; 
-
-	var TIMESTAMP  = new Date(FileMTime);
-	var YEAR  = TIMESTAMP.getFullYear();
-	var	MONTH = pad(TIMESTAMP.getMonth() + 1);
-	var DATE  = pad(TIMESTAMP.getDate());
-	var HOURS = TIMESTAMP.getHours();
-	var MINS  = pad(TIMESTAMP.getMinutes());
-	var SECS  = pad(TIMESTAMP.getSeconds());
-
-	if ( HOURS < 12) { AMPM = "am"; }
-	else             { AMPM = "pm"; }
-	if ( HOURS > 12 ) {HOURS = HOURS - 12; }
-	HOURS = pad(HOURS);
-
-	var GMT_offset = -(TIMESTAMP.getTimezoneOffset()); //Yes, I know - seems wrong, but it's works.
-
-	if (GMT_offset < 0) { NEG=-1; SIGN="-"; } else { NEG=1; SIGN="+"; } 
-
-	var offset_HOURS = Math.floor(NEG*GMT_offset/60);
-	var offset_MINS  = pad( NEG * GMT_offset % 60 );
-	var offset_FULL  = "UTC " + SIGN + offset_HOURS + ":" + offset_MINS;
-
-	FULLDATE = YEAR + "-" + MONTH + "-" + DATE;
-	FULLTIME = HOURS + ":" + MINS + ":" + SECS + " " + AMPM;
-
-	var               DATETIME = FULLTIME;
-	if (show_date)  { DATETIME = FULLDATE + " &nbsp;" + FULLTIME;}
-	if (show_offset){ DATETIME += " ("+offset_FULL+")"; }
-		
-	document.write( DATETIME );
-
-}//end FileTimeStamp(php_filemtime)
-</script>
-<?php }//end Time_Stamp_scripts() **********************************************
-
-
-
-
-function Edit_Page_scripts() { //***********************************************
-?>
-	<!--======== Provide feedback re: unsaved changes ========-->
-	<script>
-	    
-	var File_textarea    = document.getElementById('file_content');
-	var Save_File_button = document.getElementById('save_file');
-	var Reset_button     = document.getElementById('reset');
-
-	var start_value = File_textarea.value;
-	var submitted   = false
-	var changed     = false;
-
-
-
-	// The following events only apply when the element is active.
-	// [Save] is disabled unless there are changes to the open file.
-	Save_File_button.onfocus = function() {Save_File_button.style.backgroundColor = "rgb(255,250,150)";}
-	Save_File_button.onblur  = function() {Save_File_button.style.backgroundColor ="#Fee";}
-	Save_File_button.onmouseover = function() {Save_File_button.style.backgroundColor = "rgb(255,250,150)";}
-	Save_File_button.onmouseout  = function() {Save_File_button.style.backgroundColor = "#Fee";}
-
-
-
-	function Reset_file_status_indicators() {
-		changed = false;
-		File_textarea.style.backgroundColor = "#F6FFF6";  //light green
-		Save_File_button.style.backgroundColor = "";
-		Save_File_button.style.borderColor = "";
-		Save_File_button.style.borderWidth = "1px";
-		Save_File_button.disabled = "disabled";
-		Save_File_button.value = "Save";
-		Reset_button.disabled = "disabled";
-		//File_textarea.focus();
-	}
-
-
-	window.onbeforeunload = function() {
-		if ( changed && !submitted) { 
-			//FF4+ Ingores the supplied msg below & only uses a system msg for the prompt.
-			return "               Unsaved changes will be lost!";
-		}
-	}
-
-
-	window.onunload = function() {
-		//without this, a browser back then forward would reload file with local/
-		// unsaved changes, but with a green b/g as tho that's the file's contents.
-		if (!submitted) {
-			File_textarea.value = start_value;
-			Reset_file_status_indicators();
-		}
-	}
-
-
-	//With selStart & selEnd == 0, moves cursor to start of text field.
-	function setSelRange(inputEl, selStart, selEnd) { 
-		if (inputEl.setSelectionRange) { 
-			inputEl.focus(); 
-			inputEl.setSelectionRange(selStart, selEnd); 
-		} else if (inputEl.createTextRange) { 
-			var range = inputEl.createTextRange(); 
-			range.collapse(true); 
-			range.moveEnd('character', selEnd); 
-			range.moveStart('character', selStart); 
-			range.select(); 
-		} 
-	}
-
-
-	function Check_for_changes(event){
-		var keycode=event.keyCode? event.keyCode : event.charCode;
-		changed = (File_textarea.value != start_value);
-		if (changed){
-			document.getElementById('message').innerHTML = " "; // Must have a space, or it won't clear the msg.
-			File_textarea.style.backgroundColor = "#Fee";  //light red
-			Save_File_button.style.backgroundColor ="#Fee";
-			Save_File_button.style.borderColor = "#F44";   //less light red
-			Save_File_button.style.borderWidth = "1px";
-			Save_File_button.disabled = "";
-			Reset_button.disabled = "";
-			Save_File_button.value = "SAVE CHANGES!";
-		}else{
-			Reset_file_status_indicators()
-		}
-	}
-
-
-	//Reset textarea value to when page was loaded.
-	//Used by [Reset] button, and when page unloads (browser back, etc). 
-	//Needed becuase if the page is reloaded (ctl-r, or browser back/forward, etc.), 
-	//the text stays changed, but "changed" gets set to false, which looses warning.
-	function Reset_File() {
-		if (changed) {
-			if ( !(confirm("Reset file and loose unsaved changes?")) ) { return; }
-		}
-		File_textarea.value = start_value;
-		Reset_file_status_indicators();
-		setSelRange(File_textarea, 0, 0) //MOve cursor to start of textarea.
-	}
-	
-	Reset_file_status_indicators()
-	</script>
-<?php }//End Edit_Page_scripts() ***********************************************
-
-
-
-
-function style_sheet(){ //****************************************************?>
-<style>
-/* --- reset --- */
-* { border : 0; outline: 0; margin : 0; padding: 0;
-    font-family: inherit; font-weight: inherit; font-style : inherit;
-    font-size  : 100%; vertical-align: baseline; }
-
-
-/* --- general formatting --- */
-
-body { font-size: 1em; background: #DDD; font-family: sans-serif; }
-
-p, table { margin-bottom: .8em; margin-top: .8em;}
-
-div { position: relative; }
-
-h1,h2,h3,h4,h5,h6 { font-weight: bold; }
-h2, h3 { font-size: 1.2em; margin: .5em 1em .5em 0; } /*TRBL*/
-
-i, em     { font-style : italic; }
-b, strong { font-weight: bold;   }
-
-:focus { outline:0; }
-
-table { border-collapse:separate; border-spacing:0; }
-th,td { text-align:left; font-weight:400; }
-
-a       { border: 1px solid transparent; color: rgb(100,45,0); text-decoration: none; }
-a:hover { border: 1px solid #807568; background-color: rgb(255,250,150); }
-a:focus { border: 1px solid #807568; background-color: rgb(255,250,150); }
-
-form p { margin-bottom: .3em; }
-
-label { display: inline-block; width : 6em; font-size : 1em; font-weight: bold; }
-
-svg { margin: 0; padding: 0; }
-
-pre { /*Used around test output when trouble shooting*/
-	background: white;
-	border: 1px solid #807568;
-	padding: .5em;
-	margin: 0;
-	}
-
-
-/* --- layout --- */
-
-.container {
-	border : 0px solid #807568;
-	width  : 810px;
-	margin : 0em auto;
-	}
-
-
-.header {
-	border-bottom : 1px solid #807568;
-	padding: 04px 0px 01px 0px;
-	margin : 0 0 .5em 0;
-	}
-
-
-#logo {
-	font-family: 'Trebuchet MS', sans-serif;
-	font-size:2.2em;
-	font-weight: bold;
-	color: black;
-	padding: .1em;
-	}
-
-.filename {
-	border: 1px solid #807568;
-	padding: .1em .2em .1em .2em;
-	font-weight: 700;
-	font-family: courier;
-	background-color: #EEE;
-	}
-
-#message { margin-bottom: .5em;}
-
-#message p {
-	margin: 0;
-	padding: 4px 0px 4px .5em;
-	border: 1px solid #807568;
-	Xfont-family: courier;
-	font-size: 1em;
-	line-height: 1.2em;
-	background: #fff000;
-	}
-
-#message #Xbox { float: right; }
-
-#message #dismiss { padding: 5px 4px 5px 4px; border-right: none; } /*TRBL*/ /*font-family: Courier; font-size: 1.2em;*/
-
-
-/* --- INDEX directory listing, table format --- */
-table.index_T {
-	min-width: 30em;
-	font-size: .95em;
-	border-style: outset;
-	border-width: 1px;
-	border-color: #807568;
-	border-collapse: collapse;
-	margin-bottom: .7em;
-	background-color: #FdFdFd;
-	}
-	
-table.index_T  tr:hover { border: 1px solid #807568; }
-
-table.index_T td { 
-	border-width  : 1px;
-	border-color  : silver;
-	border-style  : inset;
-	vertical-align: middle;
-	}
-
-.index_T a { 
-	height : 1em;
-	display: block;
-	padding: .2em 1em .3em .3em;
-	color  : rgb(100,45,0);
-	border : none;
-	overflow   : hidden;
-	}
-
-.index_T a:hover { background-color: rgb(255,250,150); }
-.index_T a:focus { background-color: rgb(255,250,150); }
-
-
-
-/* File size & date */
-
-.meta_size { min-width:  6em; }
-
-.meta_time { min-width: 15em; }
-
-.meta_T {
-	padding-right : .5em;
-	text-align    : right;
-	font-family   : courier;
-    font-size     : .9em;
-	color         : #333;
-	}
-
-
-.index_folders { min-height: 1.7em;  margin-bottom: .2em; }
-
-.index_folders a {
-	Xborder       : 1px solid #807568;
-	display      : inline-block;
-	line-height  : 1em;
-	font-size    : 1em;
-	margin-right : .6em;
-	margin-bottom: .1em;
-	padding      : 3px .4em 3px 5px; /*TRBL*/
-	}
-
-.index_folders a:hover { background-color: rgb(255,250,150); }
-.index_folders a:focus { background-color: rgb(255,250,150); }
-
-
-
-/*  [Upload File] [New File] [New Folder] etc... */
-
-.front_links a {
-	display: inline-block;
-	border : 1px solid #807568;
-	height      : 1em;
-	font-size   : 1em;
-	margin-right: 1em;
-	padding     : 3px 5px 5px 4px; /*TRBL*/
-	background-color: #EEE;
-	}
-
-.front_links a .icon_fldr {margin : 1.5px 5px 0 0; }
-.front_links a .icon_file {margin : 1.0px 5px 0 0; }
-
-.front_links a:hover  { background-color: rgb(255,250,150); }
-.front_links a:focus  { background-color: rgb(255,250,150); }
-
-
-input[type="text"] {
-	border: 1px solid #807568;
-	padding: 2px;
-	width: 50em;
-	font: 1em "Courier New", Courier, monospace;
-	}
-
-textarea {
-	border: 1px solid #999;
-	font  : .95em "Courier New", Courier, monospace;
-	margin: 0 0 0 0; /*T R B L*/
-	width : 99.5%;
-	height: 30em;
-	}
-
-textarea:focus { border: 1px solid #Fdd; }
-
-.edit_disabled { 
-	border : 1px solid #807568;
-	width  : 99%;
-	padding: .2em;
-	margin : 0;
-	background-color: #FFF000; color: #333;
-	line-height: 1.4em;
-	}
-
-.view_file {font-family: courier; font-size: .9em; background-color: #F8F8F8;}
-
-
-input:focus { background-color: rgb(255,250,150); }
-
-input:hover { background-color: rgb(255,250,150); }
-
-input[readonly]       { color: #333; background-color: #EEE; }
-input[disabled]       { color: #555; background-color: #EEE; }
-input[disabled]:hover { background-color: rgb(236,233,216);  } 
-input[disabled]:hover { background-color: rgb(236,233,216);  } 
-
-
-.buttons_right         { float: right; }
-.buttons_right .button { margin-left: .5em; }
-
-.button {
-	border : 1px solid #807568;
-	padding: 4px 10px;
-	cursor : pointer;
-	color      : black;
-	font-size  : .9em;
-	font-family: sans-serif;
-	background-color: #EEE;  /*#d4d4d4*/
-	}
-
-.button[disabled]  { color: #777; background-color: #EEE; }
-
-
-/* --- header --- */
-
-.nav {
-	float     : right;
-	display   : inline-block;
-	margin-top: 1.6em;
-	font-size : 1em;
-	}
-
-.nav a {
-	border: 1px solid transparent;
-	font-weight : bold;
-	padding     : .0em;
-	padding-top   : .2em;
-	padding-left  : .6em;
-	padding-right : .6em;
-	padding-bottom: .1em;
-	}
-
-.nav a:hover { border: 1px solid #807568; }
-.nav a:focus { border: 1px solid #807568; }
-
-
-/* --- edit --- */
-
-#edit_header  {margin: 0;}
-
-#edit_form    {margin: 0;}
-
-#file_content {height: 30em;}
-
-.file_meta	  {float: left;  margin-top: .5em; font-size: 1em; color: #333; font-family: courier;}
-
-#close1       {float: right; margin-bottom: .5em;}
-
-#edit_notes   {font-size: .8em; color: #333 ;margin-top: 1em; clear:both;}
-
-
-
-/* --- log in --- */
-
-.login_page {
-	margin  : 5em auto;
-	border  : 1px solid #807568;
-	padding : .5em 1em .6em 1em;
-	width   : 370px;
-	}
-
-.login_page .nav { margin-top: .5em; }
-
-.login_input {
-	border  : 1px solid #807568;
-	padding : 2px 0px 2px 2px;
-	width   : 366px;
-	font    : 1em "Courier New";
-	}
-
-.login_page input[type="text"]{ width   : 364px; }
-
-
-
-#upload_file {
-	border: 1px solid #807568;
-	padding: 2px;
-	width: 50em;
-	Xfont: 1em "Courier New", Courier, monospace;
-	}
-
-
-hr { /*-- -- -- -- -- -- --*/
-	line-height  : 0;
-	Xfont-size    : 1px;
-	display : block;
-	position: relative;
-	padding : 0;
-	margin  : .8em auto;
-	width   : 100%;
-	clear   : both;
-	border  : none;
-	border-top   : 1px solid #807568;
-	Xborder-bottom: 1px solid #eee;
-	overflow: visible;
-	}
-
-.verify {
-	border: 1px solid #F44;
-	color: #333;
-	background-color: #FFE7E7;
-	padding: .1em .2em;
-	font: 1.2em Courier;
-	}
-
-#admin {padding: .3em;}
-
-.web_root { font:1em Courier; }
-
-.icon {float: left; margin: 0 .3em 0 0;}
-
-.mono {font-family: courier;}
-
-.info {margin-top: .7em; background: #f9f9f9; padding: .2em .5em;}
-
-.path {padding: 1px 5px 1px 5px} /*TRBL*/
-
-.edit_onefile {padding: 5px; float: right;}
-
-.xtra {color: red; background: #EEE;}
-
-.timer {border: 1px solid gray; padding: 3px .5em 4px .5em;}
-
-.timeout {float:right; font-size: .95em; color: #333}
-</style>
-<?php }//end style_sheet() *****************************************************
-
-
-
-
-//******************************************************************************
-//******************************************************************************
-//Begin logic to determine page action
-
-
-if( PHP_VERSION_ID < 50000 ) { exit("OneFileCMS requires PHP5 to operate. Tested on versions 5.2.17, 5.3.3 & 5.4"); }
-
-Session_Startup(); 
-
-if ($_SESSION['valid']) {
-
-	Get_GET();  
-
-	Init_Macros();
-
-	if ($VALID_POST) { //*******************************************************
-		if     (isset($_FILES['upload_file']['name'])) { Upload_response(); }
-		elseif (isset($_POST["whattohash"]   )) { Hash_response();          }
-		elseif (isset($_POST["filename"]     )) { Edit_response();          }
-		elseif (isset($_POST["new_file"]     )) { New_File_response();      }
-		elseif (isset($_POST["copy_file"]    )) { Copy_Ren_Move_response($_POST[ "old_name"], $_POST["copy_file"], 'copy', 'Copy', 'Copied', 1); } 
-		elseif (isset($_POST["rename_file"]  )) { Copy_Ren_Move_response($_POST[ "old_name"], $_POST["rename_file"], 'rename', 'Rename/Move', 'Renamed/Moved', 1); } 
-		elseif (isset($_POST["delete_file"]  )) { Delete_File_response();   }
-		elseif (isset($_POST["new_folder"]   )) { New_Folder_response();    }
-		elseif (isset($_POST["rename_folder"])) { Copy_Ren_Move_response($_POST[ "old_name"], $_POST["rename_folder"], 'rename', 'Rename/Move', 'Renamed/Moved', 0); } 
-		elseif (isset($_POST["delete_folder"])) { Delete_Folder_response(); }
-	}//end if ($VALID_POST) ****************************************************
-
-
-	//*** Verify valid $page and/or $filename **********************************
-
-		//Don't load login screen if already in a valid session.
-	if     ( $_SESSION['valid'] && ($page == "login") )  { $page = "index"; }
-
-		//Don't load edit page if $filename doesn't exist.
-	elseif ( ($page == "edit")  && !is_file($filename) ) { $page = "index"; }
-
-	elseif ($page == "logout") {
-		Logout();
-		$message .= 'You have successfully logged out.'; }
-
-		//Don't load delete page if folder not empty.
-	elseif ( ($page == "deletefolder") && !is_empty($ipath) ) {
-		$message .= $EX.' <b>Folder not empty. &nbsp; Folders must be empty before they can be deleted.</b>';
-		$page = "index";}
-
-		//if size of $_POST > post_max_size, PHP only returns empty $_POST & $_FILE arrays.
-	elseif ($page == "uploaded" && !$VALID_POST){
-		$message .= $EX.'<b> Upload Error.  Total POST data (mostly filesize) exceeded post_max_size = '.ini_get('post_max_size').' (from php.ini).</b>';
-		$page = "index";}
-
-	elseif ( ($page == "edit") && ($filename == trim(rawurldecode($ONESCRIPT), '/')) ) { 
-		if ( $message == "" ) { $BR = ""; } else { $BR = '<br>';}
-		$message .= '<style>#message p {background: red; color: white;}</style>';
-		$message .= $BR.$EX.' <b>CAUTION '.$EX.' You are editing the active copy of OneFileCMS - BACK IT UP &amp; BE CAREFUL !!</b>';
-	}
-	//**************************************************************************
-}//end if $_SESSION[valid] *****************************************************
-
-
-
-
-//******************************************************************************
-//******************************************************************************
-?><!DOCTYPE html>
-
-<html>
-<head>
-
-<title><?php echo $config_title.' - '.Page_Title() ?></title>
-
-<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
-<meta name="robots" content="noindex">
-
-<?php style_sheet(); ?>
-
-<?php Timer_scripts() ?>
-
-<?php if ( ($page == "index") || ($page == "edit") ) { Time_Stamp_scripts(); } ?>
-
-</head>
-<body>
-
-<?php if ($page == "login"){ echo '<div class="login_page">'; }
-      else                 { echo '<div class="container" >'; }
-?>
-
-<div class="header">
-	<a href="<?php echo $ONESCRIPT.'" id="logo">'.$config_title; ?></a>
-	<?php echo $version.' (on&nbsp;php&nbsp'.phpversion().')'; ?>
-
-	<div class="nav">
-		<a href="/" target="_blank"><?php show_favicon() ?>&nbsp;
-		<b><?php echo htmlentities($WEBSITE) ?></b></a>
-		<?php if ($page != "login") { ?>
-		| <a href="<?php echo $ONESCRIPT ?>?p=logout">Log Out</a>
-		<?php } ?>
-	</div><div style="clear:both;"></div>
-</div><!-- end header -->
-
-<?php if ( $page != "login"  &&  $page != "hash" ) { Current_Path_Header(); } ?>
-
-<?php message_box() ?>
-
-<?php Load_Selected_Page() ?>
-
-<?php if ($page != "login") { echo '<hr>'; } ?>
-
-<?php
-//Admin link
-if ( ($page != "login") && ($page != "hash") ){
-echo '<p><a id="admin" href="'.$ONESCRIPT.$param1.$param2.'&amp;p=hash">Admin</a>'; }
-
-//Countdown timer...
-if ( $page != "login" ) {
-	echo Timeout_Timer($MAX_IDLE_TIME, 'timer0', 'timer timeout', 'LOGOUT');
-	echo '<span class="timeout">Session time out in:&nbsp;</span>';
-}
-?>
-
-</div><!-- end container/login_page -->
-</body>
-</html>
+
+$USERNAME = 'username';
+
+$PASSWORD = 'password'; //If using $HASHWORD, you may leave this value empty.
+$USE_HASH = 0 ; // If = 0, use $PASSWORD. If = 1, use $HASHWORD. 
+$HASHWORD = 'c3e70af96ab1bfc5669280e98b438e1a8c08ca5e0bb3354c05ceaa6f339fd3f6'; //hash for "password"
+$SALT     = 'somerandomsalt';
+
+$MAX_ATTEMPTS  = 3;   //Max failed login attempts before LOGIN_DELAY starts.
+$LOGIN_DELAY   = 30;  //In seconds.
+$MAX_IDLE_TIME = 600; //In seconds. 600 = 10 minutes.  Other PHP settings may limit its max effective value.
+					  //  For instance, 24 minutes is the PHP default for garbage collection.
+$MAX_IMG_W   = 810;  // Max width to display images. (page container = 810)
+$MAX_IMG_H   = 1000; // Max height.  I don't know, it just looks reasonable.
+
+$MAX_EDIT_SIZE = 150000;  // Edit gets flaky with large files in some browsers.  Trial and error your's.
+$MAX_VIEW_SIZE = 1000000; // If file > $MAX_EDIT_SIZE, don't even view in OneFileCMS.
+                          // The default max view size is completely arbitrary. It was 2am and seemed like a good idea at the time.
+$config_favicon   = "/favicon.ico";
+$config_excluded  = ""; //files to exclude from directory listings- CaSe sEnsaTive!
+
+$config_etypes = "html,htm,xhtml,php,css,js,txt,text,cfg,conf,ini,csv,svg,log"; //Editable file types.
+$config_stypes = "*"; // Shown types; only files of the given types should show up in the file-listing
+	// Use $config_stypes exactly like $config_etypes (list of extensions separated by semicolons).
+	// If $config_stypes is set to null - by intention or by error - OFCMS will only display folders.
+	// If $config_stypes is set to the *-wildcard (as per default), all files will show up.
+	// If $config_stypes is set to "html,htm" for example, only file with the extension "html" or "htm" will get listed.
+
+$config_itypes = "jpg,gif,png,bmp,ico"; //image types to display on edit page.
+$config_ftypes = "bin,jpg,gif,png,bmp,ico,svg,txt,cvs,css,php,ini,cfg,conf,asp,js ,htm,html"; // _ftype & _fclass must have same
+$config_fclass = "bin,img,img,img,img,img,svg,txt,txt,css,php,txt,cfg,cfg ,txt,txt,htm,htm";  // number of values. bin is default.
+
+$EX = '<b>( ! )</b>'; //EXclaimation point "icon" Used in $message's
+
+$SESSION_NAME = 'OFCMS'; //Also the cookie name. Change if using multiple copies of OneFileCMS.
+// End CONFIGURABLE INFO *******************************************************
+
+
+
+
+//******************************************************************************
+//Some global system values
+
+ini_set('session.gc_maxlifetime', $MAX_IDLE_TIME + 100); //in case the default is less.
+
+//PHP_VERSION_ID is better to use when checking current version as it's an actual number, not a string.
+if (!defined('PHP_VERSION_ID')) {            //PHP_VERSION_ID only available since 5.2.7
+    $phpversion = explode('.', PHP_VERSION); //PHP_VERSION, however, available even in older versions. (but it's a string)
+    define('PHP_VERSION_ID', ($phpversion[0] * 10000 + $phpversion[1] * 100 + $phpversion[2]));
+}
+
+$ONESCRIPT = URLencode_path($_SERVER["SCRIPT_NAME"]);
+$DOC_ROOT  = $_SERVER["DOCUMENT_ROOT"].'/';
+$WEB_ROOT  = URLencode_path(basename($DOC_ROOT)).'/';
+$WEBSITE   = $_SERVER["HTTP_HOST"].'/';
+$LOGIN_ATTEMPTS = $DOC_ROOT.trim($_SERVER["SCRIPT_NAME"],'/').'.invalid_login_attempts';
+
+$valid_pages = array("hash", "login","logout","index","edit","upload","uploaded","newfile","copy","rename","delete","newfolder","renamefolder","deletefolder" );
+
+$INVALID_CHARS = '< > ? * : " | / \\'; //Illegal characters for file/folder names.
+$INVALID_CHARS_array = explode(' ', $INVALID_CHARS); // (Space deliminated)
+
+//Make arrays out of a few $config_variables for actual use later.
+//Also, remove spaces and make lowercase.
+$SHOWALLFILES = $stypes = false;
+  if ($config_stypes == '*') { $SHOWALLFILES = true; }
+  else { $stypes   = explode(',', strtolower(str_replace(' ', '', $config_stypes))); }//shown file types
+$etypes   = explode(',', strtolower(str_replace(' ', '', $config_etypes))); //editable file types
+$itypes   = explode(',', strtolower(str_replace(' ', '', $config_itypes))); //images types to display
+$ftypes   = explode(',', strtolower(str_replace(' ', '', $config_ftypes))); //file types with icons
+$fclasses = explode(',', strtolower(str_replace(' ', '', $config_fclass))); //for file types with icons
+$excluded_list = (explode(",", $config_excluded));
+//******************************************************************************
+
+
+
+
+function Session_Startup() {//**************************************************
+	global $USERNAME, $PASSWORD, $USE_HASH, $HASHWORD, $page, $VALID_POST, $MAX_IDLE_TIME, $SESSION_NAME;
+ 
+	$limit    = 0; //0 = session.  
+	$path     = dirname($_SERVER['SCRIPT_NAME']);
+	$domain   = ''; // '' = hostname
+	$https    = false; 
+	$httponly = true;//true = unaccessable via javascript. Some XSS protection.
+	session_set_cookie_params($limit, $path, $domain, $https, $httponly);
+
+	session_name($SESSION_NAME);
+	session_start();
+
+	//Set initial defaults...
+	$page = 'login'; 
+	$VALID_POST = 0;
+	if ( !isset($_SESSION['valid']) ) { $_SESSION['valid'] = 0; }
+
+	//Logging in?
+	if ( isset($_POST["username"]) || isset($_POST["password"]) ) { Login_response(); }
+
+	session_regenerate_id(true); //Helps prevent session fixation & hijacking.
+
+	if ( $_SESSION['valid'] ) { Verify_IDLE_POST_etc(); }
+	
+	$_SESSION['nuonce'] = sha1(mt_rand().microtime()); //provided in <forms> to verify POST
+
+	chdir($_SERVER["DOCUMENT_ROOT"]); //Allow OneFileCMS.php to be started from any dir on the site.
+}//End Session_Startup() *******************************************************
+
+
+
+
+function Verify_IDLE_POST_etc() { //********************************************
+	global $EX, $message, $VALID_POST, $MAX_IDLE_TIME;
+
+	//Verify consistant user agent... (every little bit helps a little bit) 
+	if ( ($_SESSION['USER_AGENT'] != $_SERVER['HTTP_USER_AGENT']) ) { Logout(); }
+
+	//Check idle time
+ 	if ( isset($_SESSION['last_active_time']) ) {
+		$idle_time = ( time() - $_SESSION['last_active_time'] );
+		if ( $idle_time > $MAX_IDLE_TIME ) {
+			Logout();
+			$message .= 'Session expired. <br>';
+		}
+	}
+
+	$_SESSION['last_active_time'] = time();
+
+	//If POSTing, verify...
+	if ( isset($_POST['nuonce']) ) { 
+		if ( $_POST['nuonce'] == $_SESSION['nuonce'] ) {
+			$VALID_POST = 1;
+		}else{
+			Logout();
+			$message .= $EX.' <b>INVALID POST</b><br>';
+		}
+	}
+}//end Verify_IDLE_POST_etc() //************************************************
+
+
+
+
+function hashit($key){ //*******************************************************
+	//This is the super-secret stuff - Keep it secret, keep it safe!
+	//If you change anything here, or the $SALT, redo the hash for your password.
+	global $SALT;
+	$hash = hash('sha256', trim($key).$SALT); // trim off leading & trailing spaces.
+	for ( $x=0; $x < 1000; $x++ ) { $hash = hash('sha256', $hash.$SALT); }
+	return $hash;
+}//end hashit() ****************************************************************
+
+
+
+
+function undo_magic_quotes(){ //************************************************
+
+	function strip_array($var) {
+		if (is_array($var)) {return array_map("strip_array", $var); }
+		else                {return stripslashes($var); }
+	} //Note: stripslashes also handles cases when magic_quotes_sybase is on.
+
+	if (get_magic_quotes_gpc()) {
+		if (isset($_GET))    { $_GET     = strip_array($_GET);    }
+		if (isset($_POST))   { $_POST    = strip_array($_POST);   }
+		if (isset($_COOKIE)) { $_COOKIE  = strip_array($_COOKIE); }
+	}
+}//end undo_magic_quotes() *****************************************************
+
+
+
+
+function Get_GET() { //*** Get main parameters *********************************
+	// i=some/path/,  f=somefile.xyz,  p=somepage
+	global $ipath, $filename, $page, $valid_pages, $param1, $param2, $param3, $message, $EX;
+
+	undo_magic_quotes();
+
+	if (isset($_GET["i"])) { $ipath = Check_path($_GET["i"]); }else{ $ipath = ""; }
+
+	if (isset($_GET["f"])) {
+		$filename = $ipath.$_GET["f"];
+		if ( !is_file($filename) ) { $filename = ""; $page = "index"; }
+		if ( !is_file($filename) && $_SESSION['valid'] )//Set $message except for login page.
+			{ $message .= $EX.' <b>File does not exist:</b> '.htmlentities($filename).'<br>'; }
+	}else{ $filename = ""; }
+
+	if (isset($_GET["p"])) { $page = $_GET["p"]; } 
+	if (!in_array(strtolower($page), $valid_pages)) { $page = "index"; }
+
+	$param1 = '?i='.URLencode_path($ipath);
+	if ($filename == "") { $param2 = ""; }else{ $param2 = '&amp;f='.rawurlencode(basename($filename)); }
+	if ($page == ""    ) { $param3 = ""; }else{ $param3 = '&amp;p='.$page; }
+}//end Get_GET()****************************************************************
+
+
+
+
+function URLencode_path($path){ // don't encode the forward slashes ************
+	$TS = '';  // Trailing Slash/
+	if (substr($path, -1) == '/' ) { $TS = '/'; } //start with a $TS?
+	$path_array = explode('/',$path);
+	$path = "";
+	foreach ($path_array as $level) { $path .= rawurlencode($level).'/'; }
+	$path = rtrim($path,'/').$TS;  //end with $TS only if started with one
+	return $path;
+}//end URLencode_path($path) ***************************************************
+
+
+
+
+function Check_path($path) { // returns first valid path in some/supplied/path/
+	global $message, $EX;
+	$invalidpath = $path; //used for message if supplied $path doesn't exist.
+	$path = str_replace('\\','/',$path);   //Make sure all forward slashes.
+	$path = trim($path,"/ ."); // trim slashes, dots, and spaces
+
+	//Remove any '.' and '..' parts of the path.  Causes issues in <h2>www / current / path /</h2>
+	$pathparts = explode( '/', $path);
+	$len       = count($pathparts);
+	$path      = "";  //Cleaned path.
+	foreach ($pathparts as $value) { //(More reliable than str_replace(entire_string).)
+		if ( !(($value == '.') && (!value == '..')) ) { $path .= $value.'/'; }
+	}
+
+	$path = trim($path,"/"); // Remove -for now- final trailing slash.
+
+	if (strlen($path) < 1) { return ""; } //If at site root
+	else {
+		if (!is_dir($path) && (strlen($message) < 1))
+			{ $message .= $EX.' <b>Directory does not exist: '.htmlentities($invalidpath).'</b><br>'; }
+
+		while ( (strlen($path) > 0) && (!is_dir($path)) ) {
+			$path = dirname($path);
+		}
+
+		$path = $path.'/';
+		if ($path == './') { $path = ""; } // ./ means path not found, so clear for root.
+	}
+
+	return $path; 
+}//end Check_path() ************************************************************
+
+
+
+
+function is_empty($path){ //****************************************************
+	$empty = false;
+	$dh = opendir($path);
+	for($i = 3; $i; $i--) { $empty = (readdir($dh) === FALSE); }
+	closedir($dh);
+	return $empty;
+}//end is_empty() //************************************************************
+
+
+
+
+function ordinalize($destination,$filename, &$msg) { //*************************
+//if file_exists(file.txt), ordinalize filename until it doesn't
+//ie: file.txt.001,  file.txt.002, file.txt.003  etc...
+	global $EX;
+
+	$ordinal   = 0;
+	$savefile = $destination.$filename;
+
+	if (file_exists($savefile)) {
+
+		$msg .= $EX.' A file with that name already exists in the target directory.<br>';
+
+		while (file_exists($savefile)) {
+			$ordinal = sprintf("%03d", ++$ordinal); //  001, 002, 003, etc...
+			$savefile = $destination.$filename.'.'.$ordinal;
+		}
+		$msg .= 'Saving as: "<b>'.htmlentities(basename($savefile)).'</b>"';
+	}
+	return $savefile;
+}//end ordinalize() filename ***************************************************
+
+
+
+
+function Current_Path_Header(){ //**********************************************
+ 	// Current path. ie: webroot/current/path/ 
+	// Each level is a link to that level.
+
+	global $ONESCRIPT, $ipath, $WEB_ROOT;
+
+	echo '<h2>';
+		//Root folder of web site.
+		echo '<a id="path_0" href="'.$ONESCRIPT.'" class="path"> '.htmlentities(trim($WEB_ROOT, '/')).'</a>/';
+		$x=0; //need here for focus() in case at webroot.
+
+		if ($ipath != "" ) { //if not at root, show the rest
+			$path_levels  = explode("/",trim($ipath,'/') );
+			$levels = count($path_levels); //If levels=3, indexes = 0, 1, 2  etc... 
+			$current_path = "";
+
+			for ($x=0; $x < $levels; $x++) {
+				$current_path .= $path_levels[$x].'/';
+				echo '<a id="path_'.($x+1).'" href="'.$ONESCRIPT.'?i='.URLencode_path($current_path).'" class="path">';
+				echo htmlentities($path_levels[$x]).'</a>/';
+			}
+		}//end if (not at root)
+	echo '</h2>';
+	echo '<script>document.getElementById("path_'.$x.'").focus();</script>';
+}//end Current_Path_Header() //*************************************************
+
+
+
+
+function message_box() { //*****************************************************
+	global $ONESCRIPT, $param1, $param2, $param3, $message, $page;
+
+	if (isset($message)) {
+?>
+		<div id="message"><p>
+		<span id="Xbox"><!-- [X] to dismiss message box -->
+			<a id="dismiss" href='<?php echo $ONESCRIPT.$param1.$param2.$param3; ?>'
+ 			onclick='document.getElementById("message").innerHTML = " ";return false;'>
+			[X]</a>
+		</span>
+		<?php echo $message.PHP_EOL ;?>
+		</p></div>
+		<script>document.getElementById("dismiss").focus();</script>
+<?php
+	}else {
+		echo '<div id="message"></div>'; // Needed on Edit page to keep js feedback from failing
+	} //end isset($message)
+	
+	// Used on Edit Page to preserve vertical spacing, so edit area doesn't jump as much.
+	if ($page == "edit") {echo '<style>#message { min-height: 1.86em; }</style>';}
+}//end message_box()  **********************************************************
+
+
+
+
+function Upload_New_Rename_Delete_Links() { //**********************************
+	global $ONESCRIPT, $ipath, $param1;
+	echo '<p class="front_links">';
+	echo '<a href="'.$ONESCRIPT.$param1.'&amp;p=upload">'   ; svg_icon_upload()    ; echo 'Upload File</a>';
+	echo '<a href="'.$ONESCRIPT.$param1.'&amp;p=newfile">'  ; svg_icon_file_new()  ; echo 'New File</a>'   ;
+	echo '<a href="'.$ONESCRIPT.$param1.'&amp;p=newfolder">'; svg_icon_folder_new(); echo 'New Folder</a>' ;
+	if ($ipath !== "") { //if at root, don't show Rename & Delete links
+		echo '<a href="'.$ONESCRIPT.$param1.'&amp;p=renamefolder">'; svg_icon_folder_ren(); echo 'Rename/Move Folder</a>';
+		echo '<a href="'.$ONESCRIPT.$param1.'&amp;p=deletefolder">'; svg_icon_folder_del(); echo 'Delete Folder</a>';
+	}
+	echo '</p>';
+}//end Upload_New_Rename_Delete_Links()  ***************************************
+
+
+
+
+function Cancel_Submit_Buttons($submit_label, $focus) { //**********************
+	//$submit_label = Rename, Copy, Delete, etc...
+	//$focus is ID of element to receive focus(). (element may be outside this function)
+	global $ONESCRIPT, $ipath, $param1, $param2, $filename, $page;
+
+	// [Cancel] returns to either the index, or edit page.
+	if ($filename == "") {$params = "";}else{ $params = $param2.'&amp;p=edit'; }
+?>
+	<p> 
+	<input type="button" class="button" id="cancel" name="cancel" value="Cancel"
+		onclick="parent.location = '<?php echo $ONESCRIPT.$param1.$params ?>'">
+	<input type="submit" class="button" value="<?php echo $submit_label;?>" style="margin-left: 1.3em;">
+<?php 
+	if ($focus != ""){ echo '<script>document.getElementById("'.$focus.'").focus();</script>'; }
+	//Do not close the <p> tag yet/here. Need to leave it open for edit btn on hash page.
+}// End Cancel_Submit_Buttons() //**********************************************
+
+
+
+
+function show_image(){ //*******************************************************
+	global $filename, $MAX_IMG_W, $MAX_IMG_H;
+	
+	$IMG = $filename;
+	$img_info = getimagesize($IMG);
+
+	$W=0; $H=1; //indexes for $img_info[]
+	$SCALE = 1; $TOOWIDE = 0; $TOOHIGH = 0;
+	if ($img_info[$W] > $MAX_IMG_W) { $TOOWIDE = ( $MAX_IMG_W/$img_info[$W] );}
+	if ($img_info[$H] > $MAX_IMG_H) { $TOOHIGH = ( $MAX_IMG_H/$img_info[$H] );}
+	
+	if ($TOOHIGH || $TOOWIDE) {
+		if     (!$TOOWIDE)           {$SCALE = $TOOHIGH;}
+		elseif (!$TOOHIGH)           {$SCALE = $TOOWIDE;}
+		elseif ($TOOHIGH > $TOOWIDE) {$SCALE = $TOOWIDE;} //ex: if (.90 > .50)
+		else                         {$SCALE = $TOOHIGH;}
+	}
+
+	echo '<p Xclass="file_meta">';
+	echo 'Image shown at ~'. round($SCALE*100) .'% of full size (W x H = '.$img_info[0].' x '.$img_info[1].').</p>';
+	echo '<div style="clear:both;"></div>'.PHP_EOL;
+	echo '<a href="/' .URLencode_path($IMG). '" target="_blank">'.PHP_EOL;
+	echo '<img src="/'.URLencode_path($IMG).'"  height="'.$img_info[$H]*$SCALE.'"></a>'.PHP_EOL;
+}// end show_image() ***********************************************************
+
+
+
+
+function show_favicon(){ //*****************************************************
+	global $config_favicon, $DOC_ROOT;
+	if (file_exists($DOC_ROOT.$config_favicon)) { 
+		echo '<img src="'.URLencode_path($config_favicon).'" alt="">'; 
+	}
+}// end show_favicon() *********************************************************
+
+
+
+
+function Timeout_Timer($COUNT, $ID, $CLASS, $ACTION) { //************************
+
+	return 	'<script>'.
+			'Start_Countdown('.$COUNT.', "'.$ID.'", "'.$CLASS.'", "'.$ACTION.'");'.
+			'</script>';
+
+} //end Timeout_Timer() **************************************************
+
+
+
+
+function Init_Macros(){ //*** ($varibale="some reusable chunk of code")*********
+
+global 	$ONESCRIPT, $param1, $param2, $INPUT_NUONCE, $FORM_COMMON, 
+		$SVG_icon_circle_plus, $SVG_icon_circle_x, $SVG_icon_pencil, $SVG_icon_img_0;
+
+$INPUT_NUONCE = '<input type="hidden" name="nuonce" value="'.$_SESSION['nuonce'].'">'.PHP_EOL;
+$FORM_COMMON = '<form method="post" action="'.$ONESCRIPT.$param1.$param2.'">'.$INPUT_NUONCE;
+
+$SVG_icon_circle_plus = '<circle cx="5" cy="5" r="5" stroke="black" stroke-width="0" fill="#080"/>
+	  <line x1="2" y1="5" x2="8" y2="5" stroke="white" stroke-width="1.5" />
+	  <line x1="5" y1="2" x2="5" y2="8" stroke="white" stroke-width="1.5" />';
+
+$SVG_icon_circle_x = '<circle cx="5" cy="5" r="5" stroke="black" stroke-width="0" fill="#D00"/>
+	<line x1="2.5" y1="2.5" x2="7.5" y2="7.5" stroke="white" stroke-width="1.5"/>
+	<line x1="7.5" y1="2.5" x2="2.5" y2="7.5" stroke="white" stroke-width="1.5"/>';
+
+$SVG_icon_pencil = '<polygon points="2,0 9,7 7,9 0,2" stroke-width="1" stroke="darkgoldenrod" fill="rgb(246,222,100)"/>
+	  <path  d="M0,2   L0,0  L2,0"      stroke="tan" fill="tan" stroke-width="1" />
+	  <path  d="M0,1.5   L0,0  L1.5,0"      stroke="black" fill="transparent" stroke-width="1" />
+	  <line x1="7.3" y1="10"  x2="10" y2="7.3"  stroke="silver" stroke-width="1"/>
+	  <line x1="8.1" y1="10.8"  x2="10.8" y2="8.1"  stroke="red" stroke-width="1"/>';
+
+$SVG_icon_img_0 = '<rect x="0"    y="0"   width="14" height="16" fill="#FF8" stroke="#44F" stroke-width="2" />
+	<rect x="2"    y="2"   width="5"  height="5"  fill="#F66" stroke-width="0" />
+	<rect x="7.5"  y="6"   width="5"  height="5"  fill="#6F6" stroke-width="0" />
+	<rect x="2"    y="10"  width="5"  height="5"  fill="#66F" stroke-width="0" />';
+}//end Init_Macros() ***********************************************************
+
+
+
+
+function svg_icon_bin(){ //*****************************************************
+$zero = '<rect x="0"  y="0"  width="3" height="6" fill="transparent" stroke="#555" stroke-width="1" />';
+$one  = '<line x1="0" y1="-.5"   x2="0" y2="6.5"  stroke="#555" stroke-width="1"/>';
+?><svg class="icon" xmlns="http://www.w3.org/2000/svg" version="1.1" width="14" height="16">
+	<g transform="translate( 0.5,0.5)"><?php echo $one  ?></g>
+	<g transform="translate( 3.5,0.5)"><?php echo $zero ?></g>
+	<g transform="translate( 9.5,0.5)"><?php echo $one  ?></g>
+	<g transform="translate(12.5,0.5)"><?php echo $one  ?></g>
+	<g transform="translate( 0.5,9.5)"><?php echo $zero ?></g>
+	<g transform="translate( 6.5,9.5)"><?php echo $one  ?></g>
+	<g transform="translate( 9.5,9.5)"><?php echo $zero ?></g>
+</svg><?php 
+} //end svg_icon_bin() *********************************************************
+
+
+
+function svg_icon_img(){ //*****************************************************
+global $SVG_icon_img_0;
+?><svg class="icon icon_file" xmlns="http://www.w3.org/2000/svg" version="1.1" width="14" height="16">
+	<?php echo $SVG_icon_img_0 ?>
+</svg><?php 
+} //end svg_icon_img() *********************************************************
+
+
+
+function svg_icon_svg(){ //*****************************************************
+global $SVG_icon_img_0;
+?><svg class="icon icon_file" xmlns="http://www.w3.org/2000/svg" version="1.1" width="14" height="16">
+	<?php echo $SVG_icon_img_0 ?>
+	<line x1="3" y1="3.5"  x2="11" y2="3.5"  stroke="#444" stroke-width=".6"/>
+	<line x1="3" y1="6.5"  x2="11" y2="6.5"  stroke="#444" stroke-width=".6"/>
+	<line x1="3" y1="9.5"  x2="11" y2="9.5"  stroke="#444" stroke-width=".6"/>
+	<line x1="3" y1="12.5" x2="11" y2="12.5" stroke="#444" stroke-width=".6"/>
+</svg><?php 
+} //end svg_icon_img() *********************************************************
+
+
+
+function svg_icon_txt_0($border, $lines, $fill, $extra){ //*********************
+?><svg class="icon icon_file" xmlns="http://www.w3.org/2000/svg" version="1.1" width="14" height="16">
+	<rect x = "0" y = "0" width = "14" height = "16" 
+		fill="<?php echo $fill ?>" stroke="<?php echo $border ?>" stroke-width="2" />
+	<line x1="3" y1="3.5"  x2="11" y2="3.5"  stroke="<?php echo $lines ?>" stroke-width=".6"/>
+	<line x1="3" y1="6.5"  x2="11" y2="6.5"  stroke="<?php echo $lines ?>" stroke-width=".6"/>
+	<line x1="3" y1="9.5"  x2="11" y2="9.5"  stroke="<?php echo $lines ?>" stroke-width=".6"/>
+	<line x1="3" y1="12.5" x2="11" y2="12.5" stroke="<?php echo $lines ?>" stroke-width=".6"/>
+	<?php echo $extra ?>
+</svg><?php 
+} //end svg_icon_txt() *********************************************************
+
+
+
+function svg_icon_txt(){ svg_icon_txt_0('#333', '#000', '#FFF', ''); } //*******
+
+function svg_icon_htm(){ svg_icon_txt_0('#444', '#222', '#FABEAA', ''); } //**** rgb(250,190,170)
+
+function svg_icon_php(){ svg_icon_txt_0('#333', '#111', '#C3C3FF', ''); } //**** rgb(195,195,225)
+
+function svg_icon_css(){ svg_icon_txt_0('#333', '#111', '#FFE1A5', ''); } //**** rgb(255,225,165)
+
+function svg_icon_cfg(){ svg_icon_txt_0('#444', '#111', '#DDD', ''); } //*******
+
+
+
+function svg_icon_upload(){ //**************************************************
+	$extra = '<g transform="scale(1.1) translate(1.75,4)">
+		<polygon points="6,0  12,6  8,6  8,11  4,11  4,6  0,6" 
+		stroke-width="1" stroke="white" fill="green" /></g>';
+	svg_icon_txt_0('#333', 'black', 'white', $extra);
+} //end svg_icon_upload() ******************************************************
+
+
+
+function svg_icon_file_new(){ //************************************************
+	global $SVG_icon_circle_plus;
+	$extra = '<g transform="translate(4,6)">'.$SVG_icon_circle_plus.'</g>';
+	svg_icon_txt_0('#444', 'black', 'white', $extra);
+} //end svg_icon_file_new() ****************************************************
+
+
+
+function svg_icon_file_del(){ //************************************************
+global $SVG_icon_circle_x;
+	$extra = '<g transform="translate(4,6)">'.$SVG_icon_circle_x.'</g>';
+	svg_icon_txt_0('#444', 'black', 'white', $extra);
+} //end svg_icon_file_del() ****************************************************
+
+
+
+function svg_icon_folder_0($extra){ //******************************************
+?><svg class="icon icon_fldr" xmlns="http://www.w3.org/2000/svg" version="1.1" width="18" height="14">
+	<path  d="M0.5, 1  L8,1  L9,2  L9,3  L16.5,3  L17,3.5  L17,13.5  L.5,13.5  L.5,.5" 
+			fill="#FBE47b" stroke="#F0CD28" stroke-width="1" />
+	<path  d="M1.5, 8  L7, 8  L8.5,6.3  L16,6.3  L7.5, 6.3   L6.5,7.5  L1.5,7.5" 
+			fill="transparent" stroke="white" stroke-width="1" />
+	<path  d="M1.5,13  L1.5,2  L7.5,2  L8.5,3  L8.5,4  L15.5,4 L16,4.5  L16,13"  
+			fill="transparent" stroke="white" stroke-width="1" />
+	<?php echo $extra ?>
+</svg><?php 
+} //end svg_icon_folder_0() ****************************************************
+
+
+
+function svg_icon_folder(){ svg_icon_folder_0(''); } //*************************
+
+
+
+function svg_icon_folder_new(){ //**********************************************
+	global $SVG_icon_circle_plus;
+	$extra = '<g transform="translate(7.5,4)">'.$SVG_icon_circle_plus.'</g>';
+	svg_icon_folder_0($extra);
+} //end svg_icon_folder_new() **************************************************
+
+
+
+function svg_icon_folder_ren(){ //**********************************************
+	global $SVG_icon_pencil;
+	$extra = '<g transform="translate(6,3)">'.$SVG_icon_pencil.'</g>';
+	svg_icon_folder_0($extra);
+} //end svg_icon_folder_ren() **************************************************
+
+
+
+function svg_icon_folder_del(){ //**********************************************
+	global $SVG_icon_circle_x; 
+	$extra = '<g transform="translate(7.5,4)">'.$SVG_icon_circle_x.'</g>';
+	svg_icon_folder_0($extra);
+} //end svg_icon_folder_del() **************************************************
+
+
+
+
+function show_icon($type){ //***************************************************
+	if     ($type == 'bin') { svg_icon_bin(); }
+	elseif ($type == 'img') { svg_icon_img(); }
+	elseif ($type == 'svg') { svg_icon_svg(); }
+	elseif ($type == 'txt') { svg_icon_txt(); }
+	elseif ($type == 'htm') { svg_icon_htm(); }
+	elseif ($type == 'php') { svg_icon_php(); }
+	elseif ($type == 'css') { svg_icon_css(); }
+	elseif ($type == 'cfg') { svg_icon_cfg(); }
+	else                    { svg_icon_bin(); } //default
+}//end show_icon() *************************************************************
+
+
+
+
+function Hash_Page() { //******************************************************
+	global $DOC_ROOT, $ONESCRIPT, $param1, $param2, $message, $INPUT_NUONCE, $config_title;
+	$params = '?i='.dirname($ONESCRIPT).'&amp;f='.basename($ONESCRIPT).'&amp;p=edit';
+	if (!isset($_POST['whattohash'])) { $_POST['whattohash'] = ''; }
+?>
+	<style>#message {font-family: courier; min-height: 3.1em;}
+	li {margin-left: 2em}</style>
+
+	<h2>Generate a Password Hash</h2>
+	
+	<form id="hash" name="hash" method="post" action="<?php echo $ONESCRIPT.$param1.'&amp;p=hash'; ?>">
+		<?php echo $INPUT_NUONCE; ?>
+		Password to hash:
+		<input type="text" name="whattohash" id="whattohash" value="<?php echo htmlspecialchars($_POST["whattohash"]) ?>">
+		<?php Cancel_Submit_Buttons('Generate hash', 'whattohash') ?>
+ 		<a class="button edit_onefile" href="<?php echo $ONESCRIPT.$params; ?>" >Edit &nbsp;<?php echo $config_title ?></a>
+	</form>
+
+	<div class="info">
+ 	<p>There are two ways to change your OneFileCMS password:<br>
+	<p>
+	1) Use the $PASSWORD config variable to store your desired password, and set $USE_HASH = 0 (zero).<br>
+	2) Or, use $HASHWORD to store the hash of your password, and set $USE_HASH = 1.<br>
+
+	<p>Keep in mind that due to a number of widely varied considerations, this is largely an academic excersize. 
+	That is, take the idea that this adds much of an improvement to security with a grain of cryptographic salt.
+	However, it does eleminate the storage of your password in plain text, which is a good thing*
+
+	<p>Anyway, to use the $HASHWORD password option:
+	<ol><li>Type your desired password in the input field above and hit Enter.<br>
+			The hash will be displayed in a yellow message box above that.
+		<li>Copy and paste the new hash to the $HASHWORD variable in the config section.<br>
+			'Make sure the hash ends up in quotes.'<br>
+			Make sure to copy ALL of, and ONLY, the hash (no spaces etc). A double-click should select it...
+		<li>Make sure $USE_HASH is set to 1 (or true).
+		<li>When ready, logout and login.
+	</ol>
+	<p>You can use OneFileCMS to edit itself.  However, be sure to have a backup ready for the inevitable ytpo...
+	<p>
+	*For another small improvement to security, change the default salt and/or method used by OneFileCMS to hash the password (and keep 'em secret, of course).  Remever, every little bit helps...<br>
+	PS: Everything I know about security - you just read...
+	</div>
+<?php 
+} //end Hash_Page() ************************************************************
+
+
+
+
+function Hash_response() { //***************************************************
+	global $message;
+	$_POST['whattohash'] = trim($_POST['whattohash']); // trim leading & trailing spaces.
+	$message .= 'Password: '.htmlspecialchars($_POST['whattohash']).'<br>';
+	$message .= 'Hash &nbsp; &nbsp;: '.htmlspecialchars(hashit($_POST["whattohash"]));
+} //end Hash_response() ********************************************************
+
+
+
+
+function Logout() { //**********************************************************
+	global $page;
+	session_regenerate_id(true);
+	session_unset();
+	session_destroy();
+	session_write_close();
+	unset($_GET);
+	unset($_POST);
+	$_SESSION['valid'] = 0;
+	$page = 'login';
+}//end Logout() ****************************************************************
+
+
+
+
+function Login_Page() { //******************************************************
+	global $ONESCRIPT, $message;
+?>
+	<h2>Log In</h2>
+	<form method="post" action="<?php echo $ONESCRIPT; ?>">
+		<p>
+			<label for="username">Username:</label>
+			<input type="text" name="username" id="username" class="login_input" >
+		</p>
+		<p>
+			<label for="password">Password:</label>
+			<input type="password" name="password" id="password" class="login_input">
+		</p>
+			
+		<p><input type="submit" class="button" value="Enter"></p>
+	</form>
+	<script>document.getElementById('username').focus();</script>
+<?php 
+} //end Login_Page() ***********************************************************
+
+
+
+
+function Login_response() { //**************************************************
+	global $USERNAME, $PASSWORD, $USE_HASH, $HASHWORD, $MAX_ATTEMPTS, $LOGIN_DELAY, 
+		   $EX, $message, $page, $LOGIN_ATTEMPTS;
+
+	$_SESSION = array();    //make sure it's empty
+	$_SESSION['valid'] = 0; //Default to failed login.
+
+	if (!is_file($LOGIN_ATTEMPTS)) { file_put_contents($LOGIN_ATTEMPTS, 0); }
+	$attempts = (int)file_get_contents($LOGIN_ATTEMPTS); //Don't increment yet...
+	$elapsed  = time() - filemtime($LOGIN_ATTEMPTS);
+
+	if ($attempts > 0) { $message .= '<b>There have been '.$attempts.' invalid login attempts.</b><br>';}
+	if ( ($attempts >= $MAX_ATTEMPTS) && ($elapsed < $LOGIN_DELAY) ){
+		$message .= 'Please wait '.Timeout_Timer(($LOGIN_DELAY - $elapsed), 'timer0', '', '').' seconds to try again. ';
+		return;
+	}
+
+	//Validate password
+	if ($USE_HASH) { $VALID_PASSWORD = (hashit($_POST['password']) == $HASHWORD); }
+	else           { $VALID_PASSWORD = (       $_POST['password']  == $PASSWORD); }
+
+	//validate login.  Ignore attempt if username & password are blank. 
+	if ( ($_POST['password'] == "") && ($_POST['username'] == "") )  { return;
+	}elseif ( $VALID_PASSWORD && ($_POST['username'] == $USERNAME) ) {
+		session_regenerate_id(true);
+		$_SESSION['USER_AGENT'] = $_SERVER['HTTP_USER_AGENT']; //for user consistancy check.
+		$_SESSION['valid'] = 1;
+		$page = "index";
+		unlink($LOGIN_ATTEMPTS); //delete invalid attempt count file
+	}else{
+		file_put_contents($LOGIN_ATTEMPTS, ++$attempts); //increment & save attempt
+		$message  = $EX.' <b>INVALID LOGIN ATTEMPT #'.$attempts.'</b><br>';
+		if ($attempts >= $MAX_ATTEMPTS) {
+			$message .= 'Please wait '.Timeout_Timer($LOGIN_DELAY, 'timer0', '', '').' seconds to try again. ';
+		}
+	}
+}//end Login_response() //******************************************************
+
+
+
+
+function List_Files() { // ...in a vertical table ******************************
+//called from Index Page
+
+	global $ONESCRIPT, $ipath, $param1, $ftypes, $fclasses, $excluded_list, $stypes, $SHOWALLFILES;
+
+	$files = scandir('./'.$ipath);
+	natcasesort($files);
+
+	echo '<table class="index_T">';
+	foreach ($files as $file) {
+		
+		$excluded = FALSE;
+		if (in_array(basename($file), $excluded_list)) { $excluded = TRUE; };
+
+		//Get file type & check against $stypes (files types to show)
+		$ext = end( explode(".", strtolower($file)) );
+		if ($SHOWALLFILES || in_array($ext, $stypes)) { $SHOWTYPE = TRUE; } else { $SHOWTYPE = FALSE; }
+		
+		if ( $SHOWTYPE && !is_dir($ipath.$file) && !$excluded ) {
+			
+			//Set icon type based on file type ($ext).
+			$type = $fclasses[array_search($ext, $ftypes)];
+?>
+			<tr>
+				<td>
+					<?php echo '<a href="'.$ONESCRIPT.$param1.'&amp;f='.rawurlencode($file).'&amp;p=edit" >'; ?>
+					<?php show_icon($type); echo  htmlentities($file), '</a>'; ?>
+				</td>
+				<td class="meta_T meta_size">&nbsp;
+					<?php echo number_format(filesize($ipath.$file)); ?> B
+				</td>
+				<td class="meta_T meta_time"> &nbsp;
+					<script>FileTimeStamp(<?php echo filemtime($ipath.$file); ?>, 1, 0);</script>
+				</td>
+			</tr>
+<?php 
+		}//end if !is_dir...
+	}//end foreach file
+	echo '</table>';
+}//end List_Files() ************************************************************
+
+
+
+
+function Index_Page(){ //*******************************************************
+	global $ONESCRIPT, $ipath;
+
+	//<!--==== List folders/sub-directores ====-->
+	echo '<p class="index_folders">';
+		$folders = glob($ipath."*",GLOB_ONLYDIR);
+		natcasesort($folders);
+		foreach ($folders as $folder) {
+			echo '<a href="'.$ONESCRIPT.'?i='.URLencode_path($folder).'/">'.PHP_EOL;
+			svg_icon_folder();
+			echo htmlentities(basename($folder)).' /</a>';
+		}
+	echo '</p>';
+
+	Upload_New_Rename_Delete_Links();
+
+	List_Files();
+
+	Upload_New_Rename_Delete_Links();
+
+}//end Index_Page()*************************************************************
+
+
+
+
+function Edit_Page_Buttons($text_editable, $too_large_to_edit) { //*************
+	global $ONESCRIPT, $param1, $param2, $MAX_IDLE_TIME;
+	$Button = '<input type="button" class="button" value=';
+	$ACTION = 'onclick="parent.location = \''.$ONESCRIPT.$param1.$param2.'&amp;p=';
+?>
+	<p class="buttons_right">
+	<?php if ($text_editable && !$too_large_to_edit) { //Show save & reset only if editable file ?> 
+		<?php echo Timeout_Timer($MAX_IDLE_TIME, 'timer1','timer xtra', 'LOGOUT'); ?>
+		<input type="submit" class="button" value="Save"                  onclick="submitted = true;" id="save_file">
+		<input type="button" class="button" value="Reset - loose changes" onclick="Reset_File()"      id="reset">
+		<script>
+			//Set disabled here instead of via input attribute in case js is disabled.
+			//If js is disabled, user would be unable to save changes.
+			document.getElementById('save_file').disabled = "disabled";
+			document.getElementById('reset').disabled     = "disabled";
+		</script>
+	<?php } ?>
+	<?php echo $Button.'"Rename/Move" '.$ACTION ?>rename'">
+	<?php echo $Button.'"Copy"        '.$ACTION ?>copy'"  >
+	<?php echo $Button.'"Delete"      '.$ACTION ?>delete'">
+	<?php echo $Button.'"Close"       ' ?>onclick="parent.location = '<?php echo $ONESCRIPT.$param1 ?>'">
+	</p>
+<?php
+}//end Edit_Page_Buttons()******************************************************
+
+
+
+
+//******************************************************************************
+function Edit_Page_form($ext, $text_editable, $too_large_to_edit, $too_large_to_edit_message){ 
+	global $ONESCRIPT, $param1, $param2, $param3, $filename, $itypes, $INPUT_NUONCE, $EX, $message, $MAX_IDLE_TIME;
+?>
+	<form id="edit_form" name="edit_form" method="post" action="<?php echo $ONESCRIPT.$param1.$param2.$param3 ?>">
+		<?php echo $INPUT_NUONCE; ?>
+<?php
+		if ( !in_array( strtolower($ext), $itypes) ) { //If non-image, show textarea
+
+			if (!$text_editable) { // If non-text file, disable textarea
+				echo '<p class="edit_disabled">Non-text or unkown file type. Edit disabled.<br><br></p>';
+
+			}elseif ( $too_large_to_edit ) {
+ 				echo '<p class="edit_disabled">'.$too_large_to_edit_message.'</p>';
+
+			}else{
+				if (PHP_VERSION_ID  < 50400) {  // 5.4.0
+					$filecontent = htmlspecialchars(file_get_contents($filename));
+				}else{
+					$filecontent = htmlspecialchars(file_get_contents($filename),ENT_SUBSTITUTE);
+				}
+				$bad_chars = ($filecontent == "" && filesize($filename) > 0);
+
+				if ($bad_chars){ //did specialchars return an empty string?
+					echo '<pre class="edit_disabled">'.$EX.' File contains an invalid character. Edit and view disabled.<br>';
+					echo ' htmlspecialchars() returned and empty string from what <i>may be</i> an otherwise valid file.<br>';
+					echo ' This behavior can be inconsistant from version to version of php.<br></pre>';
+				}else{
+					echo '<input type="hidden" name="filename" id="filename" value="'.htmlspecialchars($filename).'">';
+					echo '<textarea id="file_content" name="content" cols="70" rows="25"
+						onkeyup="Check_for_changes(event);">'.$filecontent.'</textarea>'.PHP_EOL;
+				}
+			} //end if !editable /else...
+		} //end if non-image, show textarea
+
+		Edit_Page_Buttons($text_editable, $too_large_to_edit);
+
+		if ($text_editable && !$too_large_to_edit && !$bad_chars) {
+			Edit_Page_scripts();
+			$SEC = $MAX_IDLE_TIME;
+			$HRS = floor($SEC/3600);
+			$SEC = fmod($SEC,3600);
+			$MIN = floor($SEC/60);   if ($MIN < 10) { $MIN = "0".$MIN; };
+			$SEC = fmod($SEC,60);    if ($SEC < 10) { $SEC = "0".$SEC; };
+			$HRS_MIN_SEC = $HRS.':'.$MIN.':'.$SEC;
+?>
+			<div id="edit_notes">NOTES:<ol>
+			<li><b>Remember- your $MAX_IDLE_TIME is <?php echo $HRS_MIN_SEC ?>.
+			So save changes before the clock runs out, or the changes will be lost!</b><br>
+
+			<?php //The following line is just a static time stamp of when the idle time runs out. ?>
+			<?php //echo '<b class="xtra">&nbsp;<script>FileTimeStamp('.(time()+$MAX_IDLE_TIME).', 0, 0)</script>  </b>,'?>
+
+			<li>On some browsers, such as Chrome, if you click the browser [Back] then browser [Forward] (or vice versa), the file state may not be accurate.  To correct, click the browser's [Reload].
+			<li>Chrome's XSS filters may disable some javascript in a page if the page even <i>appears</i> to contain inline javascript in certain contexts.  This can affect some features of the OneFileCMS edit page when editing files that legitimately contain such code, such as OneFileCMS itself.  However, such files can still be edited and saved with OneFileCMS.  The primary function lost is the incidental change of background colors (red/green) indicating whether or not the file has unsaved changes.  The issue will be noticed after the first save of such a file.
+			</div>
+		<?php } ?>
+	</form> 
+<?php 
+}//end Edit_Page_form() ********************************************************
+
+
+
+
+function Edit_Page() { //*******************************************************
+	global $ONESCRIPT, $param1, $filename, $filecontent, $etypes, $itypes, $MAX_EDIT_SIZE, $MAX_VIEW_SIZE;
+	clearstatcache ();
+
+	//Determine if text editable file type
+	$ext = end( explode(".", strtolower($filename) ) );
+	if (in_array($ext, $etypes)) { $text_editable = TRUE;  }
+	else                         { $text_editable = FALSE; }
+	
+	$too_large_to_edit = (filesize($filename) > $MAX_EDIT_SIZE);
+	$too_large_to_view = (filesize($filename) > $MAX_VIEW_SIZE);
+	
+	if ($too_large_to_edit){$header2 = "Viewing: ";}
+	else                   {$header2 = "Editing: ";}
+
+	$too_large_to_edit_message = 
+'<b>Edit disabled. Filesize &gt; '.number_format($MAX_EDIT_SIZE).' bytes.</b><br>
+Some browsers (ie: IE) bog down or become unstable while editing a large file in an HTML &lt;textarea&gt;.<br>
+Adjust $MAX_EDIT_SIZE in the configuration section of OneFileCMS as needed.<br>
+A simple trial and error test can determine a practical limit for a given browser/computer.';
+	$too_large_to_view_message = 
+'<b>View disabled. Filesize &gt; '.number_format($MAX_VIEW_SIZE).' bytes.</b><br>
+Click the the file name above to view normally in a browser window.<br>
+Adjust $MAX_VIEW_SIZE in the configuration section of OneFileCMS as needed.<br>
+(The default value for $MAX_VIEW_SIZE is completely arbitrary, and may be adjusted as desired to suit individual perceptions of neccessity.)';
+
+	echo '<h2 id="edit_header">'.$header2;
+	echo '<a class="filename" href="/'.URLencode_path($filename).'" target="_blank">'.htmlentities(basename($filename)).'</a>';
+	echo '</h2>'.PHP_EOL;
+?>
+	<p class="file_meta">
+	<span class="meta_size">Filesize: <?php echo number_format(filesize($filename)); ?> bytes</span> &nbsp; 
+	<span class="meta_time">Updated: <script>FileTimeStamp(<?php echo filemtime($filename); ?>, 1, 1);</script></span><br>
+	</p>
+
+	<input type="button" id="close1" class="button" value="Close" onclick="parent.location = '<?php echo $ONESCRIPT.$param1 ?>'">
+	<script>document.getElementById('close1').focus();</script>
+	<div style="clear:both;"></div>
+<?php
+	Edit_Page_form($ext, $text_editable, $too_large_to_edit, $too_large_to_edit_message);
+
+	if ( in_array( $ext, $itypes) ) { show_image(); }
+
+	echo '<div style="clear:both;"></div>';
+
+	if ( $text_editable && $too_large_to_edit && !$too_large_to_view ) {
+		$filecontent = htmlspecialchars(file_get_contents($filename), ENT_COMPAT,'UTF-8');
+		echo '<pre class="edit_disabled view_file">'.$filecontent.'</pre>';
+	}elseif ( $text_editable && $too_large_to_view ){
+		echo '<p class="edit_disabled">'.$too_large_to_view_message.'</p>';
+	}
+
+}//End Edit_Page ***************************************************************
+
+
+
+
+function Edit_response(){ //***If on Edit page, and [Save] clicked *************
+	global $filename, $message, $EX;
+	$filename = $_POST["filename"];
+	$content  = $_POST["content"];
+
+	$bytes = file_put_contents($filename, $content);
+
+	if ($bytes !== false) {
+		$message .= '<b>File saved: '.$bytes.' bytes written.</b>';
+	}else{
+		$message .= $EX.' <b>There was an error saving file.</b>';
+	}
+}//end Edit_response() *********************************************************
+
+
+
+
+function Upload_Page() { //*****************************************************
+	global $ONESCRIPT, $ipath, $param1, $INPUT_NUONCE;
+
+	//Determine $MAX_FILE_SIZE to upload
+	$upload_max_filesize = ini_get('upload_max_filesize'); //This should be < post_max_size,
+	$post_max_size       = ini_get('post_max_size');       //but, just in case, check both...
+
+	function shorthand_to_int($SHORTHAND){ //*******************
+		$KMG = strtoupper(substr($SHORTHAND, -1));
+		if     ($KMG == "K") { return $SHORTHAND * 1024; }
+		elseif ($KMG == "M") { return $SHORTHAND * 1048576; }
+		elseif ($KMG == "G") { return $SHORTHAND * 1073741824; }
+		else                 { return $SHORTHAND; }
+	}//end function shorthand_to_int() *************************
+
+	$UMF = shorthand_to_int($upload_max_filesize);
+	$PMS = shorthand_to_int($post_max_size);
+
+	if ($UMF <= $PMS){ $MAX_FILE_SIZE = $UMF; $max_msg = $upload_max_filesize.' &nbsp; per upload_max_filesize in php.ini.'; }
+	else             { $MAX_FILE_SIZE = $PMS; $max_msg = $post_max_size.' &nbsp; per post_max_size in php.ini'; }
+?>
+	<h2>Upload File</h2>
+	<p>Note: Maximum upload file size is: <?php echo $max_msg; ?></p>
+	<form enctype="multipart/form-data" action="<?php echo $ONESCRIPT.$param1; ?>&amp;p=uploaded" method="post">
+		<?php echo $INPUT_NUONCE; ?>
+		<input type="hidden" name="MAX_FILE_SIZE" value="<?php echo $MAX_FILE_SIZE ?>"> 
+		<input type="hidden" name="upload_destination" value="<?php echo htmlspecialchars($ipath); ?>" >
+		<input type="file"   name="upload_file" id="upload_file" size="100">
+		<?php Cancel_Submit_Buttons("Upload","cancel"); ?>
+	</form>
+<?php 
+} //end Upload_Page() **********************************************************
+
+
+
+
+function Upload_response() { //*************************************************
+	global $filename, $message, $EX, $page;
+	$filename    = $_FILES['upload_file']['name'];
+	$destination = Check_path($_POST["upload_destination"]);
+	$page  = "index";
+	$MAXUP1 = ini_get('upload_max_filesize');
+	$MAXUP2 = number_format ($_POST['MAX_FILE_SIZE']).' bytes';
+	$ERROR = $_FILES['upload_file']['error'];
+
+	if     ( $ERROR == 1 ){ $ERRMSG = 'Error 1: File too large.  upload_max_filesize = '.$MAXUP1.' (From php.ini)';}
+	elseif ( $ERROR == 2 ){ $ERRMSG = 'Error 2: File too large.  $MAX_FILE_SIZE = '.$MAXUP2.' (From OneFileCMS)';}
+	elseif ( $ERROR == 3 ){ $ERRMSG = 'Error 3: The uploaded file was only partially uploaded.'; }
+	elseif ( $ERROR == 4 ){ $ERRMSG = 'Error 4: No file was uploaded. '; }
+	elseif ( $ERROR == 5 ){ $ERRMSG = 'Error 5. '; }
+	elseif ( $ERROR == 6 ){ $ERRMSG = 'Error 6: Missing a temporary folder.'; }
+	elseif ( $ERROR == 7 ){ $ERRMSG = 'Error 7: Failed to write file to disk.'; }
+	elseif ( $ERROR == 8 ){ $ERRMSG = 'Error 8: A PHP extension stopped the file upload.'; }
+	else                  { $ERRMSG = ''; }
+
+	if (($filename == "")){ 
+		$message .= $EX.' <b>No file selected for upload... </b>';
+	}elseif (($destination != "") && !is_dir($destination)) {
+		$message .= $EX.' Destination folder does not exist: <br><b>';
+		$message .= htmlentities($WEB_ROOT.$destination).'</b><br><b>Upload cancelled.</b>';
+	}else{
+		$message .= 'Uploading: "<b>'.htmlentities($filename).'</b>"...';
+		$savefile = ordinalize($destination, $filename, $savefile_msg);
+		if(move_uploaded_file($_FILES['upload_file']['tmp_name'], $savefile)) {
+			$message .= '<br>Upload successful! '.$savefile_msg;
+		} else{
+			$message .= '<br>'.$EX.' <b> Upload failed: </b>'.$ERRMSG.'';
+		}
+	}
+}//end Upload_response() *******************************************************
+
+
+
+
+function New_File_Page() { //***************************************************
+	global $FORM_COMMON, $INVALID_CHARS;
+?>
+	<h2>New File</h2>
+	<?php echo $FORM_COMMON ?>
+		<p>File will be created in the current folder. &nbsp;
+		Some invalid characters are: <span class="mono"><?php echo htmlentities($INVALID_CHARS) ?></span></p>
+		<input type="text" name="new_file" id="new_file" value="">
+		<?php Cancel_Submit_Buttons("Create","new_file"); ?>
+	</form>
+<?php 
+}//end New_File_Page()**********************************************************
+
+
+
+
+function New_File_response() { //***********************************************
+	global $ipath, $param2, $param3, $filename, $page, $message, $EX, $INVALID_CHARS, $INVALID_CHARS_array;
+
+	$new_name = trim($_POST["new_file"],'/ '); //Trim spaces and slashes.
+	$filename = $ipath.$new_name;
+	$page = "index"; // return to index if new file fails
+	
+	$invalid = false;
+	foreach ($INVALID_CHARS_array as $bad_char) {
+		if (strpos($new_name, $bad_char) !== false) { $invalid = true; }
+	}
+
+	if ($invalid){
+		$message .= $EX.' <b>New file not created:</b> '.htmlentities($new_name).'<br>'.
+			'<b> &nbsp; &nbsp; &nbsp; Name contains invalid character(s): '.
+			'<span class="mono">'.htmlentities($INVALID_CHARS).'</span></b>';
+	}elseif ($new_name == ""){ 
+		$message .= $EX.' <b>New file not created -</b> no name given';
+	}elseif (file_exists($filename)) {
+		$message .= $EX.' <b>File already exists: ';
+		$message .= htmlentities($new_name).'</b>';
+	}elseif ($handle = fopen($filename, 'w')) {
+		fclose($handle);
+		$message .= '<b>Created file:</b> '.htmlentities($new_name);
+		$page     = "edit";
+		$param2   = '&amp;f='.rawurlencode(basename($filename));// for Edit_Page() buttons
+		$param3   = '&amp;p=edit';                              // for Edit_Page() buttons 
+	}else{
+		$message .= $EX.' <b>Error - new file not created:<br>';
+		$message .= htmlentities($new_name);
+	}
+}//end New_File_response() *****************************************************
+
+
+
+
+function Copy_Ren_Move_Page($action, $title, $name_id, $isfile) { //************
+	//$action = 'Copy' or 'Rename'. $isfile = 1 if acting on a file, not a folder
+	global $WEB_ROOT, $ipath, $filename, $FORM_COMMON;
+	if ($isfile) { $old_name = $filename; }else{ $old_name = $ipath; }
+	if ($isfile) { $new_name = $filename; }else{ $new_name = $ipath; }
+	if ($action == "Copy" ) { $new_name = ordinalize($ipath, basename($filename), $msg); }
+?>
+	<h2><?php echo $action.' '.$title ?></h2>
+	<p>To move a file or folder, change the path/to/folder/or_file. The new location must already exist.</p>
+	<?php echo $FORM_COMMON ?>
+		<p>
+			<label>Old name:</label>
+			<span class="web_root"><?php echo htmlentities($WEB_ROOT); ?></span><input type="text" 
+				name="old_name" value="<?php echo htmlspecialchars($old_name); ?>" readonly="readonly">
+		</p>
+		<p>
+			<label>New name:</label>
+			<span class="web_root"><?php echo htmlentities($WEB_ROOT); ?></span><input type="text" 
+				name="<?php echo $name_id ?>" id="<?php echo $name_id ?>" 
+				value="<?php echo htmlspecialchars($new_name); ?>">
+		</p>
+		<?php Cancel_Submit_Buttons($action, $name_id); ?>
+	</form>
+<?php 
+} //end Copy_Ren_Move_Page() ***************************************************
+
+
+
+
+//******************************************************************************
+function Copy_Ren_Move_response($old_name, $new_name, $action, $msg1, $msg2, $isfile){
+	//$action = 'copy' or 'rename'. $isfile = 1 if acting on a file, not a folder
+	global $WEB_ROOT, $ipath, $param1, $param2, $message, $EX, $page, $filename;
+
+	$old_name = trim($old_name,'/ ');
+	$new_name = trim($new_name,'/ ');
+	$new_location = dirname($new_name);
+	$filename = $old_name; //default if error
+	if ($isfile) { $page = "edit"; }else{ $page = "index"; }
+	
+	if ( !is_dir($new_location) ){
+		$message .= $EX.' <b>'.$msg1.' Error - new parent location does not exist:</b><br>';
+		$message .= htmlentities($WEB_ROOT.$new_location).'/<br>';
+	}elseif ( !file_exists($filename) ){
+		$message .= $EX.' <b>'.$msg1.' Error - source file does not exist:</b><br>';
+		$message .= htmlentities($filename);
+	}elseif (file_exists($new_name)) {
+		$message .= $EX.' <b>'.$msg1.' Error - target filename already exists:<br>';
+		$message .= htmlentities($WEB_ROOT.$new_name).'</b>';
+	}elseif ($action($old_name, $new_name)) {
+		$message .= '<b>'.htmlentities($WEB_ROOT.$old_name).'</b><br>';
+		$message .= ' --- '.$msg2.' to ---<br>';
+		$message .= '<b>'.htmlentities($WEB_ROOT.$new_name).'</b>';
+		$filename = $new_name; //so edit page knows what to edit
+		if ($isfile) { $ipath = Check_path(dirname($filename)); } //if changed,
+		else         { $ipath = Check_path($filename); }          //return to new dir.
+		$param1   = '?i='.URLencode_path($ipath);
+		$param2   = '&amp;f='.rawurlencode(basename($filename));
+		$param3   = '&amp;p=edit';
+	}else{
+		$message .= '<b>'.htmlentities($WEB_ROOT.$old_name).'</b><br>';
+		$message .= $EX.' <b>Error during '.$msg1.' from the above to the following:</b><br>';
+		$message .= '<b>'.htmlentities($WEB_ROOT.$new_name).'</b>';
+	}
+}//end Copy_Ren_Move_response() ************************************************
+
+
+
+
+function Delete_File_Page() { //************************************************
+	global $filename, $FORM_COMMON;
+?>
+	<h2>Delete File</h2>
+	<?php echo $FORM_COMMON ?>
+		<input type="hidden" name="delete_file" value="<?php echo htmlspecialchars($filename); ?>" >
+		<span class="verify"><?php echo htmlentities(basename($filename)); ?></span>
+		<p><b>Are you sure?</b></p>
+		<?php Cancel_Submit_Buttons("DELETE", "cancel"); ?>
+	</form>
+<?php 
+} //end Delete_File_Page() *****************************************************
+
+
+
+
+function Delete_File_response(){ //*********************************************
+	global $filename, $message, $EX, $page;
+
+	$page = "index"; //Return to index
+	$filename = $_POST["delete_file"];
+
+	if (unlink($filename)) {
+		$message .= '<b>Deleted file:</b> '.htmlentities(basename($filename));
+	}else{
+		$message .= $EX.' <b>Error deleting "'.htmlentities($filename).'"</b>.';
+		$page = "edit";
+	}
+}//end Delete_File_response() **************************************************
+
+
+
+
+function New_Folder_Page() { //*************************************************
+	global $FORM_COMMON, $INVALID_CHARS;
+?>
+	<h2>New Folder</h2>
+	<?php echo $FORM_COMMON ?>
+		<p>Folder will be created in the current folder. &nbsp;
+		Some invalid characters are: <span class="mono"><?php echo htmlentities($INVALID_CHARS) ?></span></p>
+		<input type="text" name="new_folder" id="new_folder" value="">
+		<?php Cancel_Submit_Buttons("Create","new_folder"); ?>
+	</form>
+<?php 
+} //end New_Folder_Page() ******************************************************
+
+
+
+
+function New_Folder_response(){ //**********************************************
+	global $ipath, $param1, $page, $message, $EX, $INVALID_CHARS, $INVALID_CHARS_array;
+
+	$new_name = trim($_POST["new_folder"],'/ '); //Trim spaces, and make sure only has a single trailing slash.
+
+	$invalid = false;
+	foreach ($INVALID_CHARS_array as $bad_char) {
+		if (strpos($new_name, $bad_char) !== false) { $invalid = true; }
+	}
+	$page = "index"; //Return to index
+
+	$new_ipath = $ipath.$new_name.'/';
+
+	if ($invalid){
+		$message .= $EX.' <b>New folder not created:</b> '.htmlentities($new_name).'<br>'.
+			'<b> &nbsp; &nbsp; &nbsp; Name contains invalid character(s): '.
+			'<span class="mono">'.htmlentities($INVALID_CHARS).'</span></b>';
+	}elseif ($new_name == ""){ 
+		$message .= $EX.' <b>New folder not created - no name given.</b>';
+	}elseif (is_dir($new_ipath)) {
+		$message .= $EX.' <b>Folder already exists: ';
+		$message .= htmlentities($new_ipath).'</b>';
+	}elseif (mkdir($new_ipath)) {
+		$message .= '<b>Created folder:</b> '.htmlentities($new_name);
+		$ipath    = $new_ipath;  //return to new folder
+		$param1   = '?i='.URLencode_path($ipath);
+	}else{
+		$message .= $EX.' <b>Error - new folder not created: </b><br>';
+		$message .= htmlentities($new_name);
+	}
+}//end New_Folder_response *****************************************************
+
+
+
+
+function Delete_Folder_Page(){ //***********************************************
+	global $WEB_ROOT, $ipath, $FORM_COMMON;
+?>
+	<h2>Delete Folder</h2>
+	<?php echo $FORM_COMMON ?>
+		<input type="hidden" name="delete_folder" value="<?php echo htmlspecialchars($ipath); ?>" >
+		<span class="web_root"><?php echo htmlentities($WEB_ROOT.Check_path(dirname($ipath))); ?></span><span 
+		class="verify"><?php echo htmlentities(basename($ipath)); ?></span> /
+		<p><b>Are you sure?</b></p>
+		<?php Cancel_Submit_Buttons("DELETE", "cancel"); ?>
+	</form>
+<?php 
+} //end Delete_Folder_Page() //*************************************************
+
+
+
+
+function Delete_Folder_response() { //******************************************
+	global $ipath, $param1, $page, $message, $EX;
+	$page = "index"; //Return to index
+	$foldername = trim($_POST["delete_folder"], '/');
+
+	if ( !is_empty($ipath) ) {
+		$message .= $EX.' <b>Folder not empty. &nbsp; Folders must be empty before they can be deleted.</b>';
+		$page = "index";
+	}elseif (@rmdir($foldername)) {
+		$message .= '<b>Deleted folder:</b> '.htmlentities(basename($foldername));
+		$ipath  = Check_path($foldername); //Return to parent dir.
+		$param1 = '?i='.URLencode_path($ipath);
+	}else {
+		$message .= $EX.' <b>"'.htmlentities($foldername).'/"</b> an error occurred during delete.';
+	}
+}//end Delete_Folder_response() ************************************************
+
+
+
+
+function Page_Title(){ //***<title>Page_Title()</title>*************************
+	global $page;
+
+	if     ($page == "login")        { return "Log In";         }
+	elseif ($page == "hash")         { return "Hash";           }
+	elseif ($page == "edit")         { return "Edit/View File"; }
+	elseif ($page == "upload")       { return "Upload File";    }
+	elseif ($page == "newfile")      { return "New File";       }
+	elseif ($page == "copy" )        { return "Copy";           }
+	elseif ($page == "rename")       { return "Rename File";    }
+	elseif ($page == "delete")       { return "Delete";         }
+	elseif ($page == "newfolder")    { return "New Folder";     }
+	elseif ($page == "renamefolder") { return "Rename Folder";  }
+	elseif ($page == "deletefolder") { return "Delete Folder";  }
+	else                             { return $_SERVER['SERVER_NAME']; }
+}//end Page_Title() ************************************************************
+
+
+
+
+function Load_Selected_Page(){ //***********************************************
+	global $ONESCRIPT, $page;
+
+	if     ($page == "login")        { Login_Page();         }
+	elseif ($page == "hash")         { Hash_Page();          }
+	elseif ($page == "edit")         { Edit_Page();          }
+	elseif ($page == "upload")       { Upload_Page();        }
+	elseif ($page == "newfile")      { New_File_Page();      }
+	elseif ($page == "copy")         { Copy_Ren_Move_Page('Copy', 'File', 'copy_file', 1); }
+	elseif ($page == "rename")       { Copy_Ren_Move_Page('Rename', 'File', 'rename_file', 1); }
+	elseif ($page == "delete")       { Delete_File_Page();   }
+	elseif ($page == "newfolder")    { New_Folder_Page();    }
+	elseif ($page == "renamefolder") { Copy_Ren_Move_Page('Rename', 'Folder', 'rename_folder', 0); }
+	elseif ($page == "deletefolder") { Delete_Folder_Page(); }
+	else                             { Index_Page();         } //default
+}//end Load_Selected_Page() ****************************************************
+
+
+
+
+function Timer_scripts() { //***************************************************
+?>
+<script>
+//pad() is also used by the Time_Stamp_scripts()
+function pad(num){ if ( num < 10 ){ num = "0" + num; }; return num; }
+
+
+function FormatTime(Seconds) {
+	var Hours = Math.floor(Seconds / 3600); Seconds = Seconds % 3600;
+	var Minutes = Math.floor(Seconds / 60); Seconds = Seconds % 60;
+	if ((Hours == 0) && (Minutes == 0)) { Minutes = "" } else { Minutes = pad(Minutes) }
+	if (Hours == 0) { Hours = ""} else { Hours = pad(Hours) + ":"}
+
+	return (Hours + Minutes + ":" + pad(Seconds));
+}
+
+
+function Countdown(count, End_Time, Timer_ID, Timer_CLASS, Action){
+	var Timer        = document.getElementById(Timer_ID);
+	var Current_Time = Math.round(new Date().getTime()/1000); //js uses milliseconds
+	    count        = End_Time - Current_Time;
+	var params = count + ', "' + End_Time + '", "' + Timer_ID + '", "' + Timer_CLASS + '", "' + Action + '"';
+
+	Timer.innerHTML = FormatTime(count);
+
+	if ( (count < 120) && (Action != "") ) { //Two minute warning...
+		Timer.style.backgroundColor = "white";
+		Timer.style.color = "red";
+		Timer.style.fontWeight = "900";
+	}
+
+	if ( count < 1 ) {
+		if ( Action == 'LOGOUT') { 
+			Timer.innerHTML = 'SESSION EXPIRED';
+			//Load login screen, but delay first to make sure really expired:
+			setTimeout('window.location = window.location.pathname',3000); //1000 = 1 second
+		}
+		return;
+	}
+	setTimeout('Countdown(' + params + ')',1000);
+}
+
+
+function Start_Countdown(count, ID, CLASS, Action){
+	document.write('<span id="' + ID + '"  class="' + CLASS + '"></span>');
+
+	var Time_Start  = Math.round(new Date().getTime()/1000);
+	var Time_End    = Time_Start + count;
+
+	Countdown(count, Time_End, ID, CLASS, Action); //(seconds to count, id of element)
+}
+</script>
+<?php }//end Timer_scripts() ***************************************************
+
+
+
+
+function Time_Stamp_scripts() { //**********************************************
+?>
+<script>//Dispaly file's timestamp in user's local time 
+
+function FileTimeStamp(php_filemtime, show_date, show_offset){
+
+	//php's filemtime returns seconds, javascript's date() uses milliseconds.
+	var FileMTime = php_filemtime * 1000; 
+
+	var TIMESTAMP  = new Date(FileMTime);
+	var YEAR  = TIMESTAMP.getFullYear();
+	var	MONTH = pad(TIMESTAMP.getMonth() + 1);
+	var DATE  = pad(TIMESTAMP.getDate());
+	var HOURS = TIMESTAMP.getHours();
+	var MINS  = pad(TIMESTAMP.getMinutes());
+	var SECS  = pad(TIMESTAMP.getSeconds());
+
+	if ( HOURS < 12) { AMPM = "am"; }
+	else             { AMPM = "pm"; }
+	if ( HOURS > 12 ) {HOURS = HOURS - 12; }
+	HOURS = pad(HOURS);
+
+	var GMT_offset = -(TIMESTAMP.getTimezoneOffset()); //Yes, I know - seems wrong, but it's works.
+
+	if (GMT_offset < 0) { NEG=-1; SIGN="-"; } else { NEG=1; SIGN="+"; } 
+
+	var offset_HOURS = Math.floor(NEG*GMT_offset/60);
+	var offset_MINS  = pad( NEG * GMT_offset % 60 );
+	var offset_FULL  = "UTC " + SIGN + offset_HOURS + ":" + offset_MINS;
+
+	FULLDATE = YEAR + "-" + MONTH + "-" + DATE;
+	FULLTIME = HOURS + ":" + MINS + ":" + SECS + " " + AMPM;
+
+	var               DATETIME = FULLTIME;
+	if (show_date)  { DATETIME = FULLDATE + " &nbsp;" + FULLTIME;}
+	if (show_offset){ DATETIME += " ("+offset_FULL+")"; }
+		
+	document.write( DATETIME );
+
+}//end FileTimeStamp(php_filemtime)
+</script>
+<?php }//end Time_Stamp_scripts() **********************************************
+
+
+
+
+function Edit_Page_scripts() { //***********************************************
+?>
+	<!--======== Provide feedback re: unsaved changes ========-->
+	<script>
+	    
+	var File_textarea    = document.getElementById('file_content');
+	var Save_File_button = document.getElementById('save_file');
+	var Reset_button     = document.getElementById('reset');
+
+	var start_value = File_textarea.value;
+	var submitted   = false
+	var changed     = false;
+
+
+
+	// The following events only apply when the element is active.
+	// [Save] is disabled unless there are changes to the open file.
+	Save_File_button.onfocus = function() {Save_File_button.style.backgroundColor = "rgb(255,250,150)";}
+	Save_File_button.onblur  = function() {Save_File_button.style.backgroundColor ="#Fee";}
+	Save_File_button.onmouseover = function() {Save_File_button.style.backgroundColor = "rgb(255,250,150)";}
+	Save_File_button.onmouseout  = function() {Save_File_button.style.backgroundColor = "#Fee";}
+
+
+
+	function Reset_file_status_indicators() {
+		changed = false;
+		File_textarea.style.backgroundColor = "#F6FFF6";  //light green
+		Save_File_button.style.backgroundColor = "";
+		Save_File_button.style.borderColor = "";
+		Save_File_button.style.borderWidth = "1px";
+		Save_File_button.disabled = "disabled";
+		Save_File_button.value = "Save";
+		Reset_button.disabled = "disabled";
+		//File_textarea.focus();
+	}
+
+
+	window.onbeforeunload = function() {
+		if ( changed && !submitted) { 
+			//FF4+ Ingores the supplied msg below & only uses a system msg for the prompt.
+			return "               Unsaved changes will be lost!";
+		}
+	}
+
+
+	window.onunload = function() {
+		//without this, a browser back then forward would reload file with local/
+		// unsaved changes, but with a green b/g as tho that's the file's contents.
+		if (!submitted) {
+			File_textarea.value = start_value;
+			Reset_file_status_indicators();
+		}
+	}
+
+
+	//With selStart & selEnd == 0, moves cursor to start of text field.
+	function setSelRange(inputEl, selStart, selEnd) { 
+		if (inputEl.setSelectionRange) { 
+			inputEl.focus(); 
+			inputEl.setSelectionRange(selStart, selEnd); 
+		} else if (inputEl.createTextRange) { 
+			var range = inputEl.createTextRange(); 
+			range.collapse(true); 
+			range.moveEnd('character', selEnd); 
+			range.moveStart('character', selStart); 
+			range.select(); 
+		} 
+	}
+
+
+	function Check_for_changes(event){
+		var keycode=event.keyCode? event.keyCode : event.charCode;
+		changed = (File_textarea.value != start_value);
+		if (changed){
+			document.getElementById('message').innerHTML = " "; // Must have a space, or it won't clear the msg.
+			File_textarea.style.backgroundColor = "#Fee";  //light red
+			Save_File_button.style.backgroundColor ="#Fee";
+			Save_File_button.style.borderColor = "#F44";   //less light red
+			Save_File_button.style.borderWidth = "1px";
+			Save_File_button.disabled = "";
+			Reset_button.disabled = "";
+			Save_File_button.value = "SAVE CHANGES!";
+		}else{
+			Reset_file_status_indicators()
+		}
+	}
+
+
+	//Reset textarea value to when page was loaded.
+	//Used by [Reset] button, and when page unloads (browser back, etc). 
+	//Needed becuase if the page is reloaded (ctl-r, or browser back/forward, etc.), 
+	//the text stays changed, but "changed" gets set to false, which looses warning.
+	function Reset_File() {
+		if (changed) {
+			if ( !(confirm("Reset file and loose unsaved changes?")) ) { return; }
+		}
+		File_textarea.value = start_value;
+		Reset_file_status_indicators();
+		setSelRange(File_textarea, 0, 0) //MOve cursor to start of textarea.
+	}
+	
+	Reset_file_status_indicators()
+	</script>
+<?php }//End Edit_Page_scripts() ***********************************************
+
+
+
+
+function style_sheet(){ //****************************************************?>
+<style>
+/* --- reset --- */
+* { border : 0; outline: 0; margin : 0; padding: 0;
+    font-family: inherit; font-weight: inherit; font-style : inherit;
+    font-size  : 100%; vertical-align: baseline; }
+
+
+/* --- general formatting --- */
+
+body { font-size: 1em; background: #DDD; font-family: sans-serif; }
+
+p, table { margin-bottom: .8em; margin-top: .8em;}
+
+div { position: relative; }
+
+h1,h2,h3,h4,h5,h6 { font-weight: bold; }
+h2, h3 { font-size: 1.2em; margin: .5em 1em .5em 0; } /*TRBL*/
+
+i, em     { font-style : italic; }
+b, strong { font-weight: bold;   }
+
+:focus { outline:0; }
+
+table { border-collapse:separate; border-spacing:0; }
+th,td { text-align:left; font-weight:400; }
+
+a       { border: 1px solid transparent; color: rgb(100,45,0); text-decoration: none; }
+a:hover { border: 1px solid #807568; background-color: rgb(255,250,150); }
+a:focus { border: 1px solid #807568; background-color: rgb(255,250,150); }
+
+form p { margin-bottom: .3em; }
+
+label { display: inline-block; width : 6em; font-size : 1em; font-weight: bold; }
+
+svg { margin: 0; padding: 0; }
+
+pre { /*Used around test output when trouble shooting*/
+	background: white;
+	border: 1px solid #807568;
+	padding: .5em;
+	margin: 0;
+	}
+
+
+/* --- layout --- */
+
+.container {
+	border : 0px solid #807568;
+	width  : 810px;
+	margin : 0em auto;
+	}
+
+
+.header {
+	border-bottom : 1px solid #807568;
+	padding: 04px 0px 01px 0px;
+	margin : 0 0 .5em 0;
+	}
+
+
+#logo {
+	font-family: 'Trebuchet MS', sans-serif;
+	font-size:2.2em;
+	font-weight: bold;
+	color: black;
+	padding: .1em;
+	}
+
+.filename {
+	border: 1px solid #807568;
+	padding: .1em .2em .1em .2em;
+	font-weight: 700;
+	font-family: courier;
+	background-color: #EEE;
+	}
+
+#message { margin-bottom: .5em;}
+
+#message p {
+	margin: 0;
+	padding: 4px 0px 4px .5em;
+	border: 1px solid #807568;
+	Xfont-family: courier;
+	font-size: 1em;
+	line-height: 1.2em;
+	background: #fff000;
+	}
+
+#message #Xbox { float: right; }
+
+#message #dismiss { padding: 5px 4px 5px 4px; border-right: none; } /*TRBL*/ /*font-family: Courier; font-size: 1.2em;*/
+
+
+/* --- INDEX directory listing, table format --- */
+table.index_T {
+	min-width: 30em;
+	font-size: .95em;
+	border-style: outset;
+	border-width: 1px;
+	border-color: #807568;
+	border-collapse: collapse;
+	margin-bottom: .7em;
+	background-color: #FdFdFd;
+	}
+	
+table.index_T  tr:hover { border: 1px solid #807568; }
+
+table.index_T td { 
+	border-width  : 1px;
+	border-color  : silver;
+	border-style  : inset;
+	vertical-align: middle;
+	}
+
+.index_T a { 
+	height : 1em;
+	display: block;
+	padding: .2em 1em .3em .3em;
+	color  : rgb(100,45,0);
+	border : none;
+	overflow   : hidden;
+	}
+
+.index_T a:hover { background-color: rgb(255,250,150); }
+.index_T a:focus { background-color: rgb(255,250,150); }
+
+
+
+/* File size & date */
+
+.meta_size { min-width:  6em; }
+
+.meta_time { min-width: 15em; }
+
+.meta_T {
+	padding-right : .5em;
+	text-align    : right;
+	font-family   : courier;
+    font-size     : .9em;
+	color         : #333;
+	}
+
+
+.index_folders { min-height: 1.7em;  margin-bottom: .2em; }
+
+.index_folders a {
+	Xborder       : 1px solid #807568;
+	display      : inline-block;
+	line-height  : 1em;
+	font-size    : 1em;
+	margin-right : .6em;
+	margin-bottom: .1em;
+	padding      : 3px .4em 3px 5px; /*TRBL*/
+	}
+
+.index_folders a:hover { background-color: rgb(255,250,150); }
+.index_folders a:focus { background-color: rgb(255,250,150); }
+
+
+
+/*  [Upload File] [New File] [New Folder] etc... */
+
+.front_links a {
+	display: inline-block;
+	border : 1px solid #807568;
+	height      : 1em;
+	font-size   : 1em;
+	margin-right: 1em;
+	padding     : 3px 5px 5px 4px; /*TRBL*/
+	background-color: #EEE;
+	}
+
+.front_links a .icon_fldr {margin : 1.5px 5px 0 0; }
+.front_links a .icon_file {margin : 1.0px 5px 0 0; }
+
+.front_links a:hover  { background-color: rgb(255,250,150); }
+.front_links a:focus  { background-color: rgb(255,250,150); }
+
+
+input[type="text"] {
+	border: 1px solid #807568;
+	padding: 2px;
+	width: 50em;
+	font: 1em "Courier New", Courier, monospace;
+	}
+
+textarea {
+	border: 1px solid #999;
+	font  : .95em "Courier New", Courier, monospace;
+	margin: 0 0 0 0; /*T R B L*/
+	width : 99.5%;
+	height: 30em;
+	}
+
+textarea:focus { border: 1px solid #Fdd; }
+
+.edit_disabled { 
+	border : 1px solid #807568;
+	width  : 99%;
+	padding: .2em;
+	margin : 0;
+	background-color: #FFF000; color: #333;
+	line-height: 1.4em;
+	}
+
+.view_file {font-family: courier; font-size: .9em; background-color: #F8F8F8;}
+
+
+input:focus { background-color: rgb(255,250,150); }
+
+input:hover { background-color: rgb(255,250,150); }
+
+input[readonly]       { color: #333; background-color: #EEE; }
+input[disabled]       { color: #555; background-color: #EEE; }
+input[disabled]:hover { background-color: rgb(236,233,216);  } 
+input[disabled]:hover { background-color: rgb(236,233,216);  } 
+
+
+.buttons_right         { float: right; }
+.buttons_right .button { margin-left: .5em; }
+
+.button {
+	border : 1px solid #807568;
+	padding: 4px 10px;
+	cursor : pointer;
+	color      : black;
+	font-size  : .9em;
+	font-family: sans-serif;
+	background-color: #EEE;  /*#d4d4d4*/
+	}
+
+.button[disabled]  { color: #777; background-color: #EEE; }
+
+
+/* --- header --- */
+
+.nav {
+	float     : right;
+	display   : inline-block;
+	margin-top: 1.6em;
+	font-size : 1em;
+	}
+
+.nav a {
+	border: 1px solid transparent;
+	font-weight : bold;
+	padding     : .0em;
+	padding-top   : .2em;
+	padding-left  : .6em;
+	padding-right : .6em;
+	padding-bottom: .1em;
+	}
+
+.nav a:hover { border: 1px solid #807568; }
+.nav a:focus { border: 1px solid #807568; }
+
+
+/* --- edit --- */
+
+#edit_header  {margin: 0;}
+
+#edit_form    {margin: 0;}
+
+#file_content {height: 30em;}
+
+.file_meta	  {float: left;  margin-top: .5em; font-size: 1em; color: #333; font-family: courier;}
+
+#close1       {float: right; margin-bottom: .5em;}
+
+#edit_notes   {font-size: .8em; color: #333 ;margin-top: 1em; clear:both;}
+
+
+
+/* --- log in --- */
+
+.login_page {
+	margin  : 5em auto;
+	border  : 1px solid #807568;
+	padding : .5em 1em .6em 1em;
+	width   : 370px;
+	}
+
+.login_page .nav { margin-top: .5em; }
+
+.login_input {
+	border  : 1px solid #807568;
+	padding : 2px 0px 2px 2px;
+	width   : 366px;
+	font    : 1em courier;
+	}
+
+.login_page input[type="text"]{ width   : 364px; }
+
+
+
+#upload_file {
+	border: 1px solid #807568;
+	padding: 2px;
+	width: 50em;
+	}
+
+
+hr { /*-- -- -- -- -- -- --*/
+	line-height  : 0;
+	Xfont-size    : 1px;
+	display : block;
+	position: relative;
+	padding : 0;
+	margin  : .8em auto;
+	width   : 100%;
+	clear   : both;
+	border  : none;
+	border-top   : 1px solid #807568;
+	Xborder-bottom: 1px solid #eee;
+	overflow: visible;
+	}
+
+.verify {
+	border: 1px solid #F44;
+	color: #333;
+	background-color: #FFE7E7;
+	padding: .1em .2em;
+	font: 1.2em Courier;
+	}
+
+#admin {padding: .3em;}
+
+.web_root { font:1em Courier; }
+
+.icon {float: left; margin: 0 .3em 0 0;}
+
+.mono {font-family: courier;}
+
+.info {margin-top: .7em; background: #f9f9f9; padding: .2em .5em;}
+
+.path {padding: 1px 5px 1px 5px} /*TRBL*/
+
+.edit_onefile {padding: 5px; float: right;}
+
+.xtra {color: red; background: #EEE;}
+
+.timer {border: 1px solid gray; padding: 3px .5em 4px .5em;}
+
+.timeout {float:right; font-size: .95em; color: #333}
+</style>
+<?php }//end style_sheet() *****************************************************
+
+
+
+
+//******************************************************************************
+//******************************************************************************
+//Begin logic to determine page action
+
+
+if( PHP_VERSION_ID < 50000 ) { exit("OneFileCMS requires PHP5 to operate. Tested on versions 5.2.17, 5.3.3 & 5.4"); }
+
+Session_Startup(); 
+
+if ($_SESSION['valid']) {
+
+	Get_GET();  
+
+	Init_Macros();
+
+	if ($VALID_POST) { //*******************************************************
+		if     (isset($_FILES['upload_file']['name'])) { Upload_response(); }
+		elseif (isset($_POST["whattohash"]   )) { Hash_response();          }
+		elseif (isset($_POST["filename"]     )) { Edit_response();          }
+		elseif (isset($_POST["new_file"]     )) { New_File_response();      }
+		elseif (isset($_POST["copy_file"]    )) { Copy_Ren_Move_response($_POST[ "old_name"], $_POST["copy_file"], 'copy', 'Copy', 'Copied', 1); } 
+		elseif (isset($_POST["rename_file"]  )) { Copy_Ren_Move_response($_POST[ "old_name"], $_POST["rename_file"], 'rename', 'Rename/Move', 'Renamed/Moved', 1); } 
+		elseif (isset($_POST["delete_file"]  )) { Delete_File_response();   }
+		elseif (isset($_POST["new_folder"]   )) { New_Folder_response();    }
+		elseif (isset($_POST["rename_folder"])) { Copy_Ren_Move_response($_POST[ "old_name"], $_POST["rename_folder"], 'rename', 'Rename/Move', 'Renamed/Moved', 0); } 
+		elseif (isset($_POST["delete_folder"])) { Delete_Folder_response(); }
+	}//end if ($VALID_POST) ****************************************************
+
+
+	//*** Verify valid $page and/or $filename **********************************
+
+		//Don't load login screen if already in a valid session.
+	if     ( $_SESSION['valid'] && ($page == "login") )  { $page = "index"; }
+
+		//Don't load edit page if $filename doesn't exist.
+	elseif ( ($page == "edit")  && !is_file($filename) ) { $page = "index"; }
+
+	elseif ($page == "logout") {
+		Logout();
+		$message .= 'You have successfully logged out.'; }
+
+		//Don't load delete page if folder not empty.
+	elseif ( ($page == "deletefolder") && !is_empty($ipath) ) {
+		$message .= $EX.' <b>Folder not empty. &nbsp; Folders must be empty before they can be deleted.</b>';
+		$page = "index";}
+
+		//if size of $_POST > post_max_size, PHP only returns empty $_POST & $_FILE arrays.
+	elseif ($page == "uploaded" && !$VALID_POST){
+		$message .= $EX.'<b> Upload Error.  Total POST data (mostly filesize) exceeded post_max_size = '.ini_get('post_max_size').' (from php.ini).</b>';
+		$page = "index";}
+
+	elseif ( ($page == "edit") && ($filename == trim(rawurldecode($ONESCRIPT), '/')) ) { 
+		if ( $message == "" ) { $BR = ""; } else { $BR = '<br>';}
+		$message .= '<style>#message p {background: red; color: white;}</style>';
+		$message .= $BR.$EX.' <b>CAUTION '.$EX.' You are editing the active copy of OneFileCMS - BACK IT UP &amp; BE CAREFUL !!</b>';
+	}
+	//**************************************************************************
+}//end if $_SESSION[valid] *****************************************************
+
+
+
+
+//******************************************************************************
+//******************************************************************************
+?><!DOCTYPE html>
+
+<html>
+<head>
+
+<title><?php echo $config_title.' - '.Page_Title() ?></title>
+
+<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
+<meta name="robots" content="noindex">
+
+<?php style_sheet(); ?>
+
+<?php Timer_scripts() ?>
+
+<?php if ( ($page == "index") || ($page == "edit") ) { Time_Stamp_scripts(); } ?>
+
+</head>
+<body>
+
+<?php if ($page == "login"){ echo '<div class="login_page">'; }
+      else                 { echo '<div class="container" >'; }
+?>
+
+<div class="header">
+	<a href="<?php echo $ONESCRIPT.'" id="logo">'.$config_title; ?></a>
+	<?php echo $version.' (on&nbsp;php&nbsp'.phpversion().')'; ?>
+
+	<div class="nav">
+		<a href="/" target="_blank"><?php show_favicon() ?>&nbsp;
+		<b><?php echo htmlentities($WEBSITE) ?></b></a>
+		<?php if ($page != "login") { ?>
+		| <a href="<?php echo $ONESCRIPT ?>?p=logout">Log Out</a>
+		<?php } ?>
+	</div><div style="clear:both;"></div>
+</div><!-- end header -->
+
+<?php if ( $page != "login"  &&  $page != "hash" ) { Current_Path_Header(); } ?>
+
+<?php message_box() ?>
+
+<?php Load_Selected_Page() ?>
+
+<?php if ($page != "login") { echo '<hr>'; } ?>
+
+<?php
+//Admin link
+if ( ($page != "login") && ($page != "hash") ){
+echo '<p><a id="admin" href="'.$ONESCRIPT.$param1.$param2.'&amp;p=hash">Admin</a>'; }
+
+//Countdown timer...
+if ( $page != "login" ) {
+	echo Timeout_Timer($MAX_IDLE_TIME, 'timer0', 'timer timeout', 'LOGOUT');
+	echo '<span class="timeout">Session time out in:&nbsp;</span>';
+}
+?>
+
+</div><!-- end container/login_page -->
+</body>
+</html>
diff --git a/readme.markdown b/readme.markdown
index 84bfad1..b74729e 100755
--- a/readme.markdown
+++ b/readme.markdown
@@ -1,6 +1,6 @@
-# Current stable version: 3.2.1
+# Current stable version: 3.2.2
 
-### June 28, 2012
+### July 1, 2012
 
 Most of the recent changes have been to increase login and session security. However, I'm slowly learning that there's only so much that can be done, particulary when the base connection is un-encrypted.   Online security, it seems, is a nebulous subject of a rather dubious nature.  Never-the-less, I have tried to do those things that can be done.  
 
@@ -72,7 +72,7 @@ You can also change the file name of OneFileCMS.php to something else, such as "
 
 ### Where's the WYSIWYG? What about syntax highlighting?
 
-WYSWIWYG editors have been requested, but probably won’t become standard, as they’d probably make it more than one file, sort of defeating the "OneFile" point. Plus, if you’re working in PHP or non-HTML code, they're can be more of a hindrance than an asset.
+WYSWIWYG editors have been requested, but probably won't become standard, as they'd probably make it more than one file, sort of defeating the "OneFile" point. Plus, if you're working in PHP or non-HTML code, they're can be more of a hindrance than an asset.
 
 However, just because I don't want to do it, doesn't mean it's impossible.  Look for the Edit_Page_form() function. Its textarea can be modified to work with whatever editor you like. 
 
@@ -96,7 +96,7 @@ Probably not, as that would also most likely make it more than "OneFile".
 
 Yes!  Well, sort of, indirectly.  Upload or create addional copies of OneFileCMS, but give them different file names.(ie: OneFile1.php and OneFile2.php etc...)  Then, with each copy, maintain different user names and passwords.  Also, so one user does not log out the other, change the session names.  
   
-Now, since there is no data base or other means of granular control and acess logging, multiple users may be kind of pointless.  On the other hand, having at least one working backup copy of OneFileCMS available is recommended in case the primary copy gets corrupted.
+Now, since there is no database or other means of granular control and acess logging, multiple users may be kind of pointless.  On the other hand, having at least one working backup copy of OneFileCMS available is recommended in case the primary copy gets corrupted.
 
 ## Requirements
 
@@ -121,12 +121,12 @@ To report a bug or request a feature, please file an issue via Github. Forks enc
 ##Needed/potential/upcoming improvements
 
 - With Chrome, and possibly Safari, issue with Edit page: Clicking browser [back] & then browser [forward],  with file changed and not saved. On return (after [forward] clicked), file still has changes, but indicators are green (saved/unchanged). Does not affect FF 7+ or IE 8+.
-- Issue with Chrome's XSS filter: Editing some legitimate files with OneFileCMS will trigger the filter and disable most javascript provided functionallity, but only while on edit page of such a file.
+- Issue with Chrome's XSS filter: Editing some legitimate files with OneFileCMS will trigger the filter and disable much of the javascript provided functionallity, but only while on edit page with such a file, and only after a [Save].
 - Connection is not encrypted (doesn't use SSL), so passwords & usernames are sent in clear text during login.  
   (However, this is true of most online login systems, unless SSL or the like is employed.)
 - Be aware that only some very basic data & error checking is performed.  (But, it's getting better...)  
   On Windows, for instance, it's possible to create folders that are subsequently inaccessible and undeletable by Windows.  (Yea, I found out the hard way...)
-- Multiple login names.
+- Multiple languages support
 - Anything else?
 
 --------------------------------------------------------------------------------
@@ -164,6 +164,13 @@ GENERATE THE PAGE
 
 ## Change Log
 
+### 3.2.2
+
+- Thanks to github.com/codeless: added a configurable whitelist of files to show.
+- Fixed minor issue on hash page (needed htmlspecialchars)
+- And, of course, various style & code tweaks.
+
+
 ### 3.2.1
 
 - Added timer to "Please wait..." message after too many invalid login attempts.

From fa4d5c1e6ba81bf889028ee20fffab160d09d08e Mon Sep 17 00:00:00 2001
From: David <selfevidenttruths@mail.com>
Date: Thu, 5 Jul 2012 17:25:47 -0400
Subject: [PATCH 094/228] Version 3.2.2.1 Added ability to process a config
 file. (courtesy gitghub/codeless)

---
 onefilecms.php  | 32 +++++++++++++++++++++++++++++++-
 readme.markdown | 11 +++++++++++
 2 files changed, 42 insertions(+), 1 deletion(-)

diff --git a/onefilecms.php b/onefilecms.php
index 63bb75b..9d08e55 100755
--- a/onefilecms.php
+++ b/onefilecms.php
@@ -1,7 +1,7 @@
 <?php 
 // OneFileCMS - github.com/Self-Evident/OneFileCMS
 
-$version = '3.2.2';
+$version = '3.2.2.1';
 
 /*******************************************************************************
 Copyright © 2009-2012 https://github.com/rocktronica
@@ -86,6 +86,36 @@
 
 
 
+// PROCESSING CONFIGURATION FILE ***********************************************
+# Check if a configuration file does exist:
+$config_file = 'ofcms.ini';
+if (is_file($config_file)) {
+	# Parse file
+	$settings = parse_ini_file($config_file);
+
+	# Configure, which variables can get overwritten by the config file:
+	$overwritable_variables = array(
+		'config_title',
+		'USERNAME',
+		'PASSWORD',
+		'USE_HASH',
+		'HASHWORD',
+		'SALT',
+		'config_stypes');
+
+	# Loop through options and overwrite default configuration
+	foreach($settings as $key => $value) {
+		# Check if variable can get overwritten:
+		if (in_array($key, $overwritable_variables)) {
+			$GLOBALS[$key] = $value;
+		}
+	}
+}
+// End PROCESSING CONFIGURATION FILE *******************************************
+
+
+
+
 //******************************************************************************
 //Some global system values
 
diff --git a/readme.markdown b/readme.markdown
index b74729e..bfcfede 100755
--- a/readme.markdown
+++ b/readme.markdown
@@ -1,4 +1,8 @@
+<<<<<<< HEAD
 # Current stable version: 3.2.2
+=======
+# Current stable version: 3.2.3
+>>>>>>> 4c97063efc47e8bb1c0789f620e88d2dcf2c5427
 
 ### July 1, 2012
 
@@ -164,6 +168,13 @@ GENERATE THE PAGE
 
 ## Change Log
 
+<<<<<<< HEAD
+=======
+### 3.2.3
+
+- Added support for a configuration file (ofcms.ini)
+
+>>>>>>> 4c97063efc47e8bb1c0789f620e88d2dcf2c5427
 ### 3.2.2
 
 - Thanks to github.com/codeless: added a configurable whitelist of files to show.

From 7c5ae85e5860deb1c6d87328fc41f9b8fddb1d90 Mon Sep 17 00:00:00 2001
From: David <selfevidenttruths@mail.com>
Date: Thu, 5 Jul 2012 18:00:10 -0400
Subject: [PATCH 095/228] Version 3.2.3 Login_response(): Improved use of
 $LOGIN_ATTEMPTS. Tweaked some css. Renamed file_content to file_contents. 
 (It just bugged me) Improved $too_large_... logic. Edit_Page(): Added [Wide
 View] button. (Includes some js) Split out Edit_Page_Notes() from
 Edit_Page_form()

---
 onefilecms.php  | 224 ++++++++++++++++++++++++++++--------------------
 readme.markdown |  48 ++++-------
 2 files changed, 145 insertions(+), 127 deletions(-)

diff --git a/onefilecms.php b/onefilecms.php
index 9d08e55..ffc5e0f 100755
--- a/onefilecms.php
+++ b/onefilecms.php
@@ -1,7 +1,7 @@
 <?php 
 // OneFileCMS - github.com/Self-Evident/OneFileCMS
 
-$version = '3.2.2.1';
+$version = '3.2.3';
 
 /*******************************************************************************
 Copyright © 2009-2012 https://github.com/rocktronica
@@ -33,13 +33,13 @@
 
 //Some basic security & error log settings
 ini_set('session.use_trans_sid', 0);    //make sure URL supplied SESSID's are not used
-ini_set('session.use_only_cookies', 1); //Only defaults to 1 (enabled) from 5.3 on
+ini_set('session.use_only_cookies', 1); //make sure URL supplied SESSID's are not used
 error_reporting(E_ALL &~ E_STRICT); //0, or (E_ALL &~ E_STRICT) if display and/or log are on.
 ini_set('display_errors', 'off');
 ini_set('log_errors'    , 'off'); //Ok to turn on for trouble-shooting.
 ini_set('error_log'     , $_SERVER['SCRIPT_FILENAME'].'.log');
 //Determine good folder for session file? Default is tmp/, which is not secure.
-//session_save_path($safepath)  or  ini_set('session.save_path', $safepath) 
+//session_save_path($safepath)  or  ini_set('session.save_path', $safepath)
 
 
 
@@ -55,7 +55,7 @@
 $SALT     = 'somerandomsalt';
 
 $MAX_ATTEMPTS  = 3;   //Max failed login attempts before LOGIN_DELAY starts.
-$LOGIN_DELAY   = 30;  //In seconds.
+$LOGIN_DELAY   = 10;  //In seconds.
 $MAX_IDLE_TIME = 600; //In seconds. 600 = 10 minutes.  Other PHP settings may limit its max effective value.
 					  //  For instance, 24 minutes is the PHP default for garbage collection.
 $MAX_IMG_W   = 810;  // Max width to display images. (page container = 810)
@@ -93,7 +93,7 @@
 	# Parse file
 	$settings = parse_ini_file($config_file);
 
-	# Configure, which variables can get overwritten by the config file:
+	# Configure which variables can get overwritten by the config file:
 	$overwritable_variables = array(
 		'config_title',
 		'USERNAME',
@@ -466,7 +466,7 @@ function show_image(){ //*******************************************************
 
 	echo '<p Xclass="file_meta">';
 	echo 'Image shown at ~'. round($SCALE*100) .'% of full size (W x H = '.$img_info[0].' x '.$img_info[1].').</p>';
-	echo '<div style="clear:both;"></div>'.PHP_EOL;
+	echo '<div style="clear:both"></div>'.PHP_EOL;
 	echo '<a href="/' .URLencode_path($IMG). '" target="_blank">'.PHP_EOL;
 	echo '<img src="/'.URLencode_path($IMG).'"  height="'.$img_info[$H]*$SCALE.'"></a>'.PHP_EOL;
 }// end show_image() ***********************************************************
@@ -699,20 +699,20 @@ function Hash_Page() { //******************************************************
 
 	<p>Keep in mind that due to a number of widely varied considerations, this is largely an academic excersize. 
 	That is, take the idea that this adds much of an improvement to security with a grain of cryptographic salt.
-	However, it does eleminate the storage of your password in plain text, which is a good thing*
+	However, it does eleminate the storage of your password in plain text, which is a good thing.
 
 	<p>Anyway, to use the $HASHWORD password option:
 	<ol><li>Type your desired password in the input field above and hit Enter.<br>
 			The hash will be displayed in a yellow message box above that.
 		<li>Copy and paste the new hash to the $HASHWORD variable in the config section.<br>
-			'Make sure the hash ends up in quotes.'<br>
-			Make sure to copy ALL of, and ONLY, the hash (no spaces etc). A double-click should select it...
+			Make sure to copy ALL of, and ONLY, the hash (no leading or trailing spaces etc).<br>
+			A double-click should select it...<br>
 		<li>Make sure $USE_HASH is set to 1 (or true).
 		<li>When ready, logout and login.
 	</ol>
 	<p>You can use OneFileCMS to edit itself.  However, be sure to have a backup ready for the inevitable ytpo...
 	<p>
-	*For another small improvement to security, change the default salt and/or method used by OneFileCMS to hash the password (and keep 'em secret, of course).  Remever, every little bit helps...<br>
+	For another small improvement to security, change the default salt and/or method used by OneFileCMS to hash the password (and keep 'em secret, of course).  Remever, every little bit helps...<br>
 	PS: Everything I know about security - you just read...
 	</div>
 <?php 
@@ -775,10 +775,13 @@ function Login_response() { //**************************************************
 
 	$_SESSION = array();    //make sure it's empty
 	$_SESSION['valid'] = 0; //Default to failed login.
+	$attempts = 0;
+	$elapsed  = 0;
 
-	if (!is_file($LOGIN_ATTEMPTS)) { file_put_contents($LOGIN_ATTEMPTS, 0); }
-	$attempts = (int)file_get_contents($LOGIN_ATTEMPTS); //Don't increment yet...
-	$elapsed  = time() - filemtime($LOGIN_ATTEMPTS);
+	if (is_file($LOGIN_ATTEMPTS)) { //Check for prior failed attempts
+		$attempts = (int)file_get_contents($LOGIN_ATTEMPTS); //Don't increment yet...
+		$elapsed  = time() - filemtime($LOGIN_ATTEMPTS);
+	}
 
 	if ($attempts > 0) { $message .= '<b>There have been '.$attempts.' invalid login attempts.</b><br>';}
 	if ( ($attempts >= $MAX_ATTEMPTS) && ($elapsed < $LOGIN_DELAY) ){
@@ -791,13 +794,13 @@ function Login_response() { //**************************************************
 	else           { $VALID_PASSWORD = (       $_POST['password']  == $PASSWORD); }
 
 	//validate login.  Ignore attempt if username & password are blank. 
-	if ( ($_POST['password'] == "") && ($_POST['username'] == "") )  { return;
+	if ( ($_POST['password'] == "") && ($_POST['username'] == "") )  { ; //
 	}elseif ( $VALID_PASSWORD && ($_POST['username'] == $USERNAME) ) {
 		session_regenerate_id(true);
 		$_SESSION['USER_AGENT'] = $_SERVER['HTTP_USER_AGENT']; //for user consistancy check.
 		$_SESSION['valid'] = 1;
 		$page = "index";
-		unlink($LOGIN_ATTEMPTS); //delete invalid attempt count file
+		if ( is_file($LOGIN_ATTEMPTS) ) { unlink($LOGIN_ATTEMPTS); } //delete invalid attempt count file
 	}else{
 		file_put_contents($LOGIN_ATTEMPTS, ++$attempts); //increment & save attempt
 		$message  = $EX.' <b>INVALID LOGIN ATTEMPT #'.$attempts.'</b><br>';
@@ -884,9 +887,9 @@ function Edit_Page_Buttons($text_editable, $too_large_to_edit) { //*************
 	$Button = '<input type="button" class="button" value=';
 	$ACTION = 'onclick="parent.location = \''.$ONESCRIPT.$param1.$param2.'&amp;p=';
 ?>
-	<p class="buttons_right">
+	<div class="edit_btns_bottom">
 	<?php if ($text_editable && !$too_large_to_edit) { //Show save & reset only if editable file ?> 
-		<?php echo Timeout_Timer($MAX_IDLE_TIME, 'timer1','timer xtra', 'LOGOUT'); ?>
+		<?php echo Timeout_Timer($MAX_IDLE_TIME, 'timer1','timer', 'LOGOUT'); ?>
 		<input type="submit" class="button" value="Save"                  onclick="submitted = true;" id="save_file">
 		<input type="button" class="button" value="Reset - loose changes" onclick="Reset_File()"      id="reset">
 		<script>
@@ -900,13 +903,40 @@ function Edit_Page_Buttons($text_editable, $too_large_to_edit) { //*************
 	<?php echo $Button.'"Copy"        '.$ACTION ?>copy'"  >
 	<?php echo $Button.'"Delete"      '.$ACTION ?>delete'">
 	<?php echo $Button.'"Close"       ' ?>onclick="parent.location = '<?php echo $ONESCRIPT.$param1 ?>'">
-	</p>
+	</div>
 <?php
 }//end Edit_Page_Buttons()******************************************************
 
 
 
 
+function Edit_Page_Notes() { //*************************************************
+	global $MAX_IDLE_TIME;
+			$SEC = $MAX_IDLE_TIME;
+			$HRS = floor($SEC/3600);
+			$SEC = fmod($SEC,3600);
+			$MIN = floor($SEC/60);   if ($MIN < 10) { $MIN = "0".$MIN; };
+			$SEC = fmod($SEC,60);    if ($SEC < 10) { $SEC = "0".$SEC; };
+			$HRS_MIN_SEC = $HRS.':'.$MIN.':'.$SEC;
+?>
+			<div id="edit_notes">NOTES:
+			<ol>
+			<li><b>Remember- your $MAX_IDLE_TIME is <?php echo $HRS_MIN_SEC ?>.
+			So save changes before the clock runs out, or the changes will be lost!</b><br>
+
+			<?php //The following line is just a static time stamp of when the idle time runs out. ?>
+			<?php //echo '<b>&nbsp;<script>FileTimeStamp('.(time()+$MAX_IDLE_TIME).', 0, 0)</script>  </b>,'?>
+
+			<li>On some browsers, such as Chrome, if you click the browser [Back] then browser [Forward] (or vice versa), the file state may not be accurate.  To correct, click the browser's [Reload].
+			<li>Chrome's XSS filters may disable some javascript in a page if the page even <i>appears</i> to contain inline javascript in certain contexts.  This can affect some features of the OneFileCMS edit page when editing files that legitimately contain such code, such as OneFileCMS itself.  However, such files can still be edited and saved with OneFileCMS.  The primary function lost is the incidental change of background colors (red/green) indicating whether or not the file has unsaved changes.  The issue will be noticed after the first save of such a file.
+			</ol>
+			</div>
+<?php 
+}//end Edit_Page_Notes() { //***************************************************
+
+
+
+
 //******************************************************************************
 function Edit_Page_form($ext, $text_editable, $too_large_to_edit, $too_large_to_edit_message){ 
 	global $ONESCRIPT, $param1, $param2, $param3, $filename, $itypes, $INPUT_NUONCE, $EX, $message, $MAX_IDLE_TIME;
@@ -914,9 +944,9 @@ function Edit_Page_form($ext, $text_editable, $too_large_to_edit, $too_large_to_
 	<form id="edit_form" name="edit_form" method="post" action="<?php echo $ONESCRIPT.$param1.$param2.$param3 ?>">
 		<?php echo $INPUT_NUONCE; ?>
 <?php
-		if ( !in_array( strtolower($ext), $itypes) ) { //If non-image, show textarea
+		if ( !in_array( strtolower($ext), $itypes) ) { //If non-image...
 
-			if (!$text_editable) { // If non-text file, disable textarea
+			if (!$text_editable) { // If non-text file...
 				echo '<p class="edit_disabled">Non-text or unkown file type. Edit disabled.<br><br></p>';
 
 			}elseif ( $too_large_to_edit ) {
@@ -930,13 +960,13 @@ function Edit_Page_form($ext, $text_editable, $too_large_to_edit, $too_large_to_
 				}
 				$bad_chars = ($filecontent == "" && filesize($filename) > 0);
 
-				if ($bad_chars){ //did specialchars return an empty string?
+				if ($bad_chars){ //did htmlspecialchars return an empty string?
 					echo '<pre class="edit_disabled">'.$EX.' File contains an invalid character. Edit and view disabled.<br>';
 					echo ' htmlspecialchars() returned and empty string from what <i>may be</i> an otherwise valid file.<br>';
 					echo ' This behavior can be inconsistant from version to version of php.<br></pre>';
 				}else{
 					echo '<input type="hidden" name="filename" id="filename" value="'.htmlspecialchars($filename).'">';
-					echo '<textarea id="file_content" name="content" cols="70" rows="25"
+					echo '<textarea id="file_contents" name="content" cols="70" rows="25"
 						onkeyup="Check_for_changes(event);">'.$filecontent.'</textarea>'.PHP_EOL;
 				}
 			} //end if !editable /else...
@@ -944,28 +974,10 @@ function Edit_Page_form($ext, $text_editable, $too_large_to_edit, $too_large_to_
 
 		Edit_Page_Buttons($text_editable, $too_large_to_edit);
 
-		if ($text_editable && !$too_large_to_edit && !$bad_chars) {
-			Edit_Page_scripts();
-			$SEC = $MAX_IDLE_TIME;
-			$HRS = floor($SEC/3600);
-			$SEC = fmod($SEC,3600);
-			$MIN = floor($SEC/60);   if ($MIN < 10) { $MIN = "0".$MIN; };
-			$SEC = fmod($SEC,60);    if ($SEC < 10) { $SEC = "0".$SEC; };
-			$HRS_MIN_SEC = $HRS.':'.$MIN.':'.$SEC;
-?>
-			<div id="edit_notes">NOTES:<ol>
-			<li><b>Remember- your $MAX_IDLE_TIME is <?php echo $HRS_MIN_SEC ?>.
-			So save changes before the clock runs out, or the changes will be lost!</b><br>
-
-			<?php //The following line is just a static time stamp of when the idle time runs out. ?>
-			<?php //echo '<b class="xtra">&nbsp;<script>FileTimeStamp('.(time()+$MAX_IDLE_TIME).', 0, 0)</script>  </b>,'?>
-
-			<li>On some browsers, such as Chrome, if you click the browser [Back] then browser [Forward] (or vice versa), the file state may not be accurate.  To correct, click the browser's [Reload].
-			<li>Chrome's XSS filters may disable some javascript in a page if the page even <i>appears</i> to contain inline javascript in certain contexts.  This can affect some features of the OneFileCMS edit page when editing files that legitimately contain such code, such as OneFileCMS itself.  However, such files can still be edited and saved with OneFileCMS.  The primary function lost is the incidental change of background colors (red/green) indicating whether or not the file has unsaved changes.  The issue will be noticed after the first save of such a file.
-			</div>
-		<?php } ?>
-	</form> 
-<?php 
+		Edit_Page_scripts();
+?>	</form>
+<?php
+	if ($text_editable && !$too_large_to_edit && !$bad_chars) { Edit_Page_Notes(); }
 }//end Edit_Page_form() ********************************************************
 
 
@@ -977,14 +989,14 @@ function Edit_Page() { //*******************************************************
 
 	//Determine if text editable file type
 	$ext = end( explode(".", strtolower($filename) ) );
-	if (in_array($ext, $etypes)) { $text_editable = TRUE;  }
-	else                         { $text_editable = FALSE; }
+	if ( in_array($ext, $etypes) ) { $text_editable = TRUE;  }
+	else                           { $text_editable = FALSE; }
 	
 	$too_large_to_edit = (filesize($filename) > $MAX_EDIT_SIZE);
 	$too_large_to_view = (filesize($filename) > $MAX_VIEW_SIZE);
 	
-	if ($too_large_to_edit){$header2 = "Viewing: ";}
-	else                   {$header2 = "Editing: ";}
+	if ( $too_large_to_edit ) { $header2 = "Viewing: "; }
+	else                      { $header2 = "Editing: "; }
 
 	$too_large_to_edit_message = 
 '<b>Edit disabled. Filesize &gt; '.number_format($MAX_EDIT_SIZE).' bytes.</b><br>
@@ -993,36 +1005,44 @@ function Edit_Page() { //*******************************************************
 A simple trial and error test can determine a practical limit for a given browser/computer.';
 	$too_large_to_view_message = 
 '<b>View disabled. Filesize &gt; '.number_format($MAX_VIEW_SIZE).' bytes.</b><br>
-Click the the file name above to view normally in a browser window.<br>
+Click the the file name above to view as normally rendered in a browser window.<br>
 Adjust $MAX_VIEW_SIZE in the configuration section of OneFileCMS as needed.<br>
-(The default value for $MAX_VIEW_SIZE is completely arbitrary, and may be adjusted as desired to suit individual perceptions of neccessity.)';
+(The default value is completely arbitrary, and may be adjusted as desired to suit individual perceptions of reality.)';
 
 	echo '<h2 id="edit_header">'.$header2;
 	echo '<a class="filename" href="/'.URLencode_path($filename).'" target="_blank">'.htmlentities(basename($filename)).'</a>';
 	echo '</h2>'.PHP_EOL;
 ?>
-	<p class="file_meta">
-	<span class="meta_size">Filesize: <?php echo number_format(filesize($filename)); ?> bytes</span> &nbsp; 
-	<span class="meta_time">Updated: <script>FileTimeStamp(<?php echo filemtime($filename); ?>, 1, 1);</script></span><br>
-	</p>
-
-	<input type="button" id="close1" class="button" value="Close" onclick="parent.location = '<?php echo $ONESCRIPT.$param1 ?>'">
-	<script>document.getElementById('close1').focus();</script>
-	<div style="clear:both;"></div>
+	<div class="edit_btns_top">
+		<div class="file_meta">
+			<span class="meta_size">Filesize: <?php echo number_format(filesize($filename)); ?> bytes</span> &nbsp; 
+			<span class="meta_time">Updated: <script>FileTimeStamp(<?php echo filemtime($filename); ?>, 1, 1);</script></span><br>
+		</div>
+
+		<div class="buttons_right">
+			<?php if ( $text_editable ) { ?>
+				<input type="button" id="wide_view" class="button" value="Wide View" onclick="Wide_View();">
+			<?php } ?>
+			<input type="button" id="close1" class="button" value="Close" 
+				onclick="parent.location = '<?php echo $ONESCRIPT.$param1 ?>'">
+			<script>document.getElementById('close1').focus();</script>
+		</div>
+		<div style="clear:both"></div>
+	</div>
 <?php
 	Edit_Page_form($ext, $text_editable, $too_large_to_edit, $too_large_to_edit_message);
-
+	
 	if ( in_array( $ext, $itypes) ) { show_image(); }
 
-	echo '<div style="clear:both;"></div>';
+	echo '<div style="clear:both"></div>';
 
-	if ( $text_editable && $too_large_to_edit && !$too_large_to_view ) {
+	if     ( $text_editable && $too_large_to_view ) {
+		echo '<p class="edit_disabled">'.$too_large_to_view_message.'</p>';
+	}
+	elseif ( $text_editable && $too_large_to_edit ){ 
 		$filecontent = htmlspecialchars(file_get_contents($filename), ENT_COMPAT,'UTF-8');
 		echo '<pre class="edit_disabled view_file">'.$filecontent.'</pre>';
-	}elseif ( $text_editable && $too_large_to_view ){
-		echo '<p class="edit_disabled">'.$too_large_to_view_message.'</p>';
 	}
-
 }//End Edit_Page ***************************************************************
 
 
@@ -1453,7 +1473,8 @@ function Start_Countdown(count, ID, CLASS, Action){
 	Countdown(count, Time_End, ID, CLASS, Action); //(seconds to count, id of element)
 }
 </script>
-<?php }//end Timer_scripts() ***************************************************
+<?php 
+}//end Timer_scripts() *********************************************************
 
 
 
@@ -1475,8 +1496,7 @@ function FileTimeStamp(php_filemtime, show_date, show_offset){
 	var MINS  = pad(TIMESTAMP.getMinutes());
 	var SECS  = pad(TIMESTAMP.getSeconds());
 
-	if ( HOURS < 12) { AMPM = "am"; }
-	else             { AMPM = "pm"; }
+	if ( HOURS < 12) { AMPM = "am"; } else { AMPM = "pm"; }
 	if ( HOURS > 12 ) {HOURS = HOURS - 12; }
 	HOURS = pad(HOURS);
 
@@ -1499,7 +1519,8 @@ function FileTimeStamp(php_filemtime, show_date, show_offset){
 
 }//end FileTimeStamp(php_filemtime)
 </script>
-<?php }//end Time_Stamp_scripts() **********************************************
+<?php 
+}//end Time_Stamp_scripts() ****************************************************
 
 
 
@@ -1508,16 +1529,30 @@ function Edit_Page_scripts() { //***********************************************
 ?>
 	<!--======== Provide feedback re: unsaved changes ========-->
 	<script>
-	    
-	var File_textarea    = document.getElementById('file_content');
+	
+	var File_textarea    = document.getElementById('file_contents');
 	var Save_File_button = document.getElementById('save_file');
 	var Reset_button     = document.getElementById('reset');
+	var Main_div		 = document.getElementById('main');
+	var Wide_View_button = document.getElementById('wide_view');
 
+	var main_width_default = Main_div.style.width ;
 	var start_value = File_textarea.value;
 	var submitted   = false
 	var changed     = false;
 
 
+	function Wide_View() {
+		//File_textarea.style.width = '100%';
+		if (Main_div.style.width == '95%') {
+			Main_div.style.width = main_width_default;
+			Wide_View_button.value = 'Wide View';
+		}else{
+			Main_div.style.width = '95%';
+			Wide_View_button.value = 'Normal View';
+		}
+	}
+
 
 	// The following events only apply when the element is active.
 	// [Save] is disabled unless there are changes to the open file.
@@ -1602,12 +1637,13 @@ function Reset_File() {
 		}
 		File_textarea.value = start_value;
 		Reset_file_status_indicators();
-		setSelRange(File_textarea, 0, 0) //MOve cursor to start of textarea.
+		setSelRange(File_textarea, 0, 0) //Move cursor to start of textarea.
 	}
 	
 	Reset_file_status_indicators()
 	</script>
-<?php }//End Edit_Page_scripts() ***********************************************
+<?php 
+}//End Edit_Page_scripts() *****************************************************
 
 
 
@@ -1662,7 +1698,7 @@ function style_sheet(){ //****************************************************?>
 .container {
 	border : 0px solid #807568;
 	width  : 810px;
-	margin : 0em auto;
+	margin : 0 auto 2em auto;
 	}
 
 
@@ -1799,21 +1835,11 @@ function style_sheet(){ //****************************************************?>
 	font: 1em "Courier New", Courier, monospace;
 	}
 
-textarea {
-	border: 1px solid #999;
-	font  : .95em "Courier New", Courier, monospace;
-	margin: 0 0 0 0; /*T R B L*/
-	width : 99.5%;
-	height: 30em;
-	}
-
-textarea:focus { border: 1px solid #Fdd; }
-
 .edit_disabled { 
 	border : 1px solid #807568;
 	width  : 99%;
 	padding: .2em;
-	margin : 0;
+	margin : .5em 0 0 0;
 	background-color: #FFF000; color: #333;
 	line-height: 1.4em;
 	}
@@ -1876,11 +1902,17 @@ function style_sheet(){ //****************************************************?>
 
 #edit_form    {margin: 0;}
 
-#file_content {height: 30em;}
+#file_contents {
+	border: 1px solid #999;
+	font  : .95em "Courier New", Courier, monospace;
+	margin: 0 0 0 0; /*T R B L*/
+	width : 99.7%;
+	height: 30em;
+}
 
-.file_meta	  {float: left;  margin-top: .5em; font-size: 1em; color: #333; font-family: courier;}
+#file_contents:focus { border: 1px solid #Fdd; }
 
-#close1       {float: right; margin-bottom: .5em;}
+.file_meta	  {float: left;  margin-top: .5em; font-size: 1em; color: #333; } /*font-family: courier;*/
 
 #edit_notes   {font-size: .8em; color: #333 ;margin-top: 1em; clear:both;}
 
@@ -1952,13 +1984,17 @@ function style_sheet(){ //****************************************************?>
 
 .edit_onefile {padding: 5px; float: right;}
 
-.xtra {color: red; background: #EEE;}
-
 .timer {border: 1px solid gray; padding: 3px .5em 4px .5em;}
 
-.timeout {float:right; font-size: .95em; color: #333}
+.timeout {float:right; font-size: .95em; color: #333; }
+
+.edit_btns_top    { margin: .2em 0 .5em 0;}
+
+.edit_btns_bottom { margin: .6em 0 0 0; float: right; }
+.edit_btns_bottom .button { margin-left: .5em; }
 </style>
-<?php }//end style_sheet() *****************************************************
+<?php 
+}//end style_sheet() ***********************************************************
 
 
 
@@ -2046,8 +2082,8 @@ function style_sheet(){ //****************************************************?>
 </head>
 <body>
 
-<?php if ($page == "login"){ echo '<div class="login_page">'; }
-      else                 { echo '<div class="container" >'; }
+<?php if ($page == "login"){ echo '<div id="main" class="login_page">'; }
+      else                 { echo '<div id="main" class="container" >'; }
 ?>
 
 <div class="header">
@@ -2060,7 +2096,7 @@ function style_sheet(){ //****************************************************?>
 		<?php if ($page != "login") { ?>
 		| <a href="<?php echo $ONESCRIPT ?>?p=logout">Log Out</a>
 		<?php } ?>
-	</div><div style="clear:both;"></div>
+	</div><div style="clear:both"></div>
 </div><!-- end header -->
 
 <?php if ( $page != "login"  &&  $page != "hash" ) { Current_Path_Header(); } ?>
diff --git a/readme.markdown b/readme.markdown
index bfcfede..d233b09 100755
--- a/readme.markdown
+++ b/readme.markdown
@@ -1,32 +1,12 @@
-<<<<<<< HEAD
-# Current stable version: 3.2.2
-=======
 # Current stable version: 3.2.3
->>>>>>> 4c97063efc47e8bb1c0789f620e88d2dcf2c5427
 
-### July 1, 2012
+### July 5, 2012
 
-Most of the recent changes have been to increase login and session security. However, I'm slowly learning that there's only so much that can be done, particulary when the base connection is un-encrypted.   Online security, it seems, is a nebulous subject of a rather dubious nature.  Never-the-less, I have tried to do those things that can be done.  
-
-So, for those that care, here is a synopsis of the measures that have been employed:
-- A password's hash can now be stored by OneFileCMS, instead of the plain text password.  
-  (The plain text method remains an option for those that just don't care. )
-- A Login delay is triggered after too many invalid attempts.
-- Adjustable max idle time before auto-logout.
-- Check consistancy of user agent during session.
-- Generation of a new session id after login or logout.
-- Set session.use_only_cookies == true.
-- Use httponly cookies
-- Ability to modify the default salt and password hash method.  
-  (Since OneFileCMS is open source, this is recommended)
-    
-Now, keep in mind that while, individually, any one of these measures may not provide much security, collectivly, they're a little better than nothing.  
+Partly to prepare for future capabilities, the ability to process an exteranal config file was added.  It is not required, so OneFileCMS is still one file,  but it adds some flexibility.  
   
-Lastly, always remember that some of the most important security measures concern user behavior - such as avoiding the use of un-encrypted wifi connections...
+Most of the recent changes have been to increase login and session security. However, I'm slowly learning that there's only so much that can be done, particulary when the base connection is un-encrypted.   Online security, it seems, is a nebulous subject of a rather dubious nature.  Never-the-less, I have tried to do those things that can be done.  
+However, always remember that of the most important security measures concern user behavior - such as avoiding the use of un-encrypted wifi connections...
   
-- 3+ : "Full" version - uses svg icons
-- 2+ : "Lite" version - uses no icons.
-
 --------------------------------------------------------------------------------
 
 # OneFileCMS
@@ -52,7 +32,9 @@ Coupling a utilitarian code editor with basic file managing functions, OneFileCM
  
 - All the basic features of an FTP application like renaming, deleting, copying, and uploading
   _(Of course, for more complex processes like batch renaming or mass uploads/deletions, you're going to want to break out an actual FTP program.)_
-- Alert if you try to leave without saving your edits
+- Alert if you try to leave without saving your edits.
+- A Login delay after too many invalid attempts.
+- Adjustable idle time before auto-logout.
 - Easily modifiable & re-brandable.
 - Possibly the easiest installation process ever!
 
@@ -94,7 +76,7 @@ Well, because "OneFileFileManagerTextEditor" just doesn't have the same ring to
 
 ### Multi-Language Support?
 
-Probably not, as that would also most likely make it more than "OneFile".
+Possibly! (But not yet...)
 
 ### Can I have more than one username/password?
 
@@ -124,13 +106,13 @@ To report a bug or request a feature, please file an issue via Github. Forks enc
 
 ##Needed/potential/upcoming improvements
 
+- Multiple languages support
 - With Chrome, and possibly Safari, issue with Edit page: Clicking browser [back] & then browser [forward],  with file changed and not saved. On return (after [forward] clicked), file still has changes, but indicators are green (saved/unchanged). Does not affect FF 7+ or IE 8+.
 - Issue with Chrome's XSS filter: Editing some legitimate files with OneFileCMS will trigger the filter and disable much of the javascript provided functionallity, but only while on edit page with such a file, and only after a [Save].
 - Connection is not encrypted (doesn't use SSL), so passwords & usernames are sent in clear text during login.  
   (However, this is true of most online login systems, unless SSL or the like is employed.)
 - Be aware that only some very basic data & error checking is performed.  (But, it's getting better...)  
   On Windows, for instance, it's possible to create folders that are subsequently inaccessible and undeletable by Windows.  (Yea, I found out the hard way...)
-- Multiple languages support
 - Anything else?
 
 --------------------------------------------------------------------------------
@@ -168,13 +150,13 @@ GENERATE THE PAGE
 
 ## Change Log
 
-<<<<<<< HEAD
-=======
 ### 3.2.3
 
-- Added support for a configuration file (ofcms.ini)
+- Thanks to github.com/codeless: added the ability to process a seperate config file.  
+  (This is just an option for flexibility, and is not required)
+- Added a [Wide View] button to Edit page.
+- Some minor code improvement & css tweaking.
 
->>>>>>> 4c97063efc47e8bb1c0789f620e88d2dcf2c5427
 ### 3.2.2
 
 - Thanks to github.com/codeless: added a configurable whitelist of files to show.
@@ -201,12 +183,12 @@ GENERATE THE PAGE
 
 ### 3.1.6 thru 3.1.8
 
-- Converted bulk of rest of code into functions (easier to work with)
+- Converted bulk of rest of code into functions (easier to work with).
 - Resolved issue (I hope) with differing versions of PHP and how magic_quotes & stripslashes are handeled.
 
 ### 3.1.2 thru 3.1.5
 
-- Added file size limits to the Edit/View page. (Some browsers don't like large files in an HTML textarea.
+- Added file size limits to the Edit/View page. (Some browsers don't like large files in an HTML textarea.)
 - Added some data validation to _GET parameters
 - Some misc code cleanup & organization etc.
 - And other misc stuff...

From 3351ec98f676bee71800f46e204dfc543a7bfb08 Mon Sep 17 00:00:00 2001
From: David <selfevidenttruths@mail.com>
Date: Thu, 5 Jul 2012 19:09:31 -0400
Subject: [PATCH 096/228] Version 3.2.3 Minor ytpo...

---
 readme.markdown | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/readme.markdown b/readme.markdown
index d233b09..5e43155 100755
--- a/readme.markdown
+++ b/readme.markdown
@@ -2,7 +2,7 @@
 
 ### July 5, 2012
 
-Partly to prepare for future capabilities, the ability to process an exteranal config file was added.  It is not required, so OneFileCMS is still one file,  but it adds some flexibility.  
+Partly to prepare for future capabilities, the ability to process an external config file was added.  It is not required, so OneFileCMS is still one file,  but it adds some flexibility.  
   
 Most of the recent changes have been to increase login and session security. However, I'm slowly learning that there's only so much that can be done, particulary when the base connection is un-encrypted.   Online security, it seems, is a nebulous subject of a rather dubious nature.  Never-the-less, I have tried to do those things that can be done.  
 However, always remember that of the most important security measures concern user behavior - such as avoiding the use of un-encrypted wifi connections...

From b20e3ba2352908b33c565b83b79708580750d4e5 Mon Sep 17 00:00:00 2001
From: David <selfevidenttruths@mail.com>
Date: Sat, 7 Jul 2012 14:02:14 -0400
Subject: [PATCH 097/228] Version 3.2.4 BETA Beta version for testing
 multi-language support.

---
 onefilecms_3.2.04.BETA.php | 2348 ++++++++++++++++++++++++++++++++++++
 1 file changed, 2348 insertions(+)
 create mode 100755 onefilecms_3.2.04.BETA.php

diff --git a/onefilecms_3.2.04.BETA.php b/onefilecms_3.2.04.BETA.php
new file mode 100755
index 0000000..34280a3
--- /dev/null
+++ b/onefilecms_3.2.04.BETA.php
@@ -0,0 +1,2348 @@
+<?php 
+// OneFileCMS - github.com/Self-Evident/OneFileCMS
+
+$version = '<font color="red"><b>3.2.4 BETA</b></font>'; //#####
+
+/*******************************************************************************
+Copyright © 2009-2012 https://github.com/rocktronica
+Copyright © 2012-     https://github.com/Self-Evident  David W. Gay
+
+This software is copyright under terms of the "MIT" license:
+
+Permission is hereby granted, free of charge, to any person obtaining a copy of
+this software and associated documentation files (the "Software"), to deal in
+the Software without restriction, including without limitation the rights to
+use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies
+of the Software, and to permit persons to whom the Software is furnished to do
+so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.
+*******************************************************************************/
+
+
+
+
+//Some basic security & error log settings
+ini_set('session.use_trans_sid', 0);    //make sure URL supplied SESSID's are not used
+ini_set('session.use_only_cookies', 1); //make sure URL supplied SESSID's are not used
+error_reporting(E_ALL &~ E_STRICT); //0, or (E_ALL &~ E_STRICT) if display and/or log are on.
+ini_set('display_errors', 'off');
+ini_set('log_errors'    , 'off'); //Ok to turn on for trouble-shooting.
+ini_set('error_log'     , $_SERVER['SCRIPT_FILENAME'].'.log');
+//Determine good folder for session file? Default is tmp/, which is not secure.
+//session_save_path($safepath)  or  ini_set('session.save_path', $safepath)
+
+
+
+
+// CONFIGURABLE INFO ***********************************************************
+$config_title     = "OneFileCMS";
+
+$USERNAME = 'username';
+
+$PASSWORD = 'password'; //If using $HASHWORD, you may leave this value empty.
+$USE_HASH = 0 ; // If = 0, use $PASSWORD. If = 1, use $HASHWORD. 
+$HASHWORD = 'c3e70af96ab1bfc5669280e98b438e1a8c08ca5e0bb3354c05ceaa6f339fd3f6'; //hash for "password"
+$SALT     = 'somerandomsalt';
+
+$MAX_ATTEMPTS  = 3;   //Max failed login attempts before LOGIN_DELAY starts.
+$LOGIN_DELAY   = 10;  //In seconds.
+$MAX_IDLE_TIME = 600; //In seconds. 600 = 10 minutes.  Other PHP settings may limit its max effective value.
+					  //  For instance, 24 minutes is the PHP default for garbage collection.
+$MAX_IMG_W   = 810;  // Max width to display images. (page container = 810)
+$MAX_IMG_H   = 1000; // Max height.  I don't know, it just looks reasonable.
+
+$MAX_EDIT_SIZE = 150000;  // Edit gets flaky with large files in some browsers.  Trial and error your's.
+$MAX_VIEW_SIZE = 1000000; // If file > $MAX_EDIT_SIZE, don't even view in OneFileCMS.
+                          // The default max view size is completely arbitrary. It was 2am and seemed like a good idea at the time.
+$config_favicon   = "/favicon.ico";
+$config_excluded  = ""; //files to exclude from directory listings- CaSe sEnsaTive!
+
+$config_etypes = "html,htm,xhtml,php,css,js,txt,text,cfg,conf,ini,csv,svg,log"; //Editable file types.
+$config_stypes = "*"; // Shown types; only files of the given types should show up in the file-listing
+	// Use $config_stypes exactly like $config_etypes (list of extensions separated by semicolons).
+	// If $config_stypes is set to null - by intention or by error - OFCMS will only display folders.
+	// If $config_stypes is set to the *-wildcard (as per default), all files will show up.
+	// If $config_stypes is set to "html,htm" for example, only file with the extension "html" or "htm" will get listed.
+
+$config_itypes = "jpg,gif,png,bmp,ico"; //image types to display on edit page.
+$config_ftypes = "bin,jpg,gif,png,bmp,ico,svg,txt,cvs,css,php,ini,cfg,conf,asp,js ,htm,html"; // _ftype & _fclass must have same
+$config_fclass = "bin,img,img,img,img,img,svg,txt,txt,css,php,txt,cfg,cfg ,txt,txt,htm,htm";  // number of values. bin is default.
+
+$EX = '<b>( ! )</b> '; //EXclaimation point "icon" Used in $message's
+
+$SESSION_NAME = 'OFCMS'; //Also the cookie name. Change if using multiple copies of OneFileCMS.
+// End CONFIGURABLE INFO *******************************************************
+
+
+
+
+// PROCESS CONFIGURATION FILE **************************************************
+# Check if a configuration file does exist:
+$config_file = 'ofcms.ini';
+if (is_file($config_file)) {
+	# Parse file
+	$settings = parse_ini_file($config_file);
+
+	# Configure which variables can get overwritten by the config file:
+	$overwritable_variables = array(
+		'config_title',
+		'USERNAME',
+		'PASSWORD',
+		'USE_HASH',
+		'HASHWORD',
+		'SALT',
+		'config_stypes');
+
+	# Loop through options and overwrite default configuration
+	foreach($settings as $key => $value) {
+		# Check if variable can get overwritten:
+		if (in_array($key, $overwritable_variables)) {
+			$GLOBALS[$key] = $value;
+		}
+	}
+}
+// End PROCESS CONFIGURATION FILE **********************************************
+
+
+
+
+//******************************************************************************
+//Some global system values
+
+ini_set('session.gc_maxlifetime', $MAX_IDLE_TIME + 100); //in case the default is less.
+
+//PHP_VERSION_ID is better to use when checking current version as it's an actual number, not a string.
+if (!defined('PHP_VERSION_ID')) {            //PHP_VERSION_ID only available since 5.2.7
+    $phpversion = explode('.', PHP_VERSION); //PHP_VERSION, however, available even in older versions. (but it's a string)
+    define('PHP_VERSION_ID', ($phpversion[0] * 10000 + $phpversion[1] * 100 + $phpversion[2]));
+}
+
+$ONESCRIPT = URLencode_path($_SERVER["SCRIPT_NAME"]);
+$DOC_ROOT  = $_SERVER["DOCUMENT_ROOT"].'/';
+$WEB_ROOT  = URLencode_path(basename($DOC_ROOT)).'/';
+$WEBSITE   = $_SERVER["HTTP_HOST"].'/';
+$LOGIN_ATTEMPTS = $DOC_ROOT.trim($_SERVER["SCRIPT_NAME"],'/').'.invalid_login_attempts';
+
+$valid_pages = array("hash", "login","logout","index","edit","upload","uploaded","newfile","copy","rename","delete","newfolder","renamefolder","deletefolder" );
+
+$INVALID_CHARS = '< > ? * : " | / \\'; //Illegal characters for file/folder names.
+$INVALID_CHARS_array = explode(' ', $INVALID_CHARS); // (Space deliminated)
+
+//Make arrays out of a few $config_variables for actual use later.
+//Also, remove spaces and make lowercase.
+$SHOWALLFILES = $stypes = false;
+  if ($config_stypes == '*') { $SHOWALLFILES = true; }
+  else { $stypes   = explode(',', strtolower(str_replace(' ', '', $config_stypes))); }//shown file types
+$etypes   = explode(',', strtolower(str_replace(' ', '', $config_etypes))); //editable file types
+$itypes   = explode(',', strtolower(str_replace(' ', '', $config_itypes))); //images types to display
+$ftypes   = explode(',', strtolower(str_replace(' ', '', $config_ftypes))); //file types with icons
+$fclasses = explode(',', strtolower(str_replace(' ', '', $config_fclass))); //for file types with icons
+$excluded_list = (explode(",", $config_excluded));
+//******************************************************************************
+
+
+
+
+//******************************************************************************
+// Language: English
+//
+$_['Upload_File'] = 'Upload File';
+$_['New_File']    = 'New File';
+$_['Ren_Move']    = 'Rename/Move';
+$_['Ren_Moved']   = 'Renamed/Moved';
+$_['New_Folder']  = 'New Folder';
+$_['Ren_Folder']  = 'Rename/Move Folder';
+$_['Del_Folder']  = 'Delete Folder';
+
+$_['Admin']  = 'Admin';
+$_['Enter']  = 'Enter';
+$_['Edit']   = 'Edit';
+$_['Close']  = 'Close';
+$_['Cancel'] = 'Cancel';
+$_['Upload'] = 'Upload';
+$_['Create'] = 'Create';
+$_['Copy']   = 'Copy';
+$_['Copied'] = 'Copied';
+$_['Rename'] = 'Rename';
+$_['Delete'] = 'Delete';
+$_['DELETE'] = 'DELETE';
+$_['File']   = 'File';
+$_['Folder'] = 'Folder';
+
+$_['Log_In']  = 'Log In';
+$_['Log_Out'] = 'Log Out';
+$_['Hash']    = 'Hash';
+$_['Generate_Hash'] = 'Generate Hash';
+
+$_['save_1']     = 'Save';
+$_['save_2']     = 'SAVE CHANGES!';
+$_['reset']      = 'Reset - loose changes';
+$_['Wide_View']  = 'Wide View';
+$_['Normal_View'] = 'Normal View';
+
+$_['on']    = 'on';
+$_['bytes_01'] = ' bytes.';
+
+$_['verify_msg_01'] = 'Session expired.';
+$_['verify_msg_02'] = 'INVALID POST';
+
+$_['get_get_msg_01'] = 'File does not exist:';
+
+$_['check_path_msg_01'] = 'Directory does not exist: ';
+
+$_['ord_msg_01'] = 'A file with that name already exists in the target directory.';
+$_['ord_msg_02'] = 'Saving as';
+
+$_['show_img_msg_01'] = 'Image shown at ~';
+$_['show_img_msg_02'] = '% of full size (W x H = ';
+
+$_['hash_h2'] = 'Generate a Password Hash';
+$_['hash_txt_01'] = 'There are two ways to change your OneFileCMS password:';
+$_['hash_txt_02'] = '1) Use the $PASSWORD config variable to store your desired password, and set $USE_HASH = 0 (zero).';
+$_['hash_txt_03'] = '2) Or, use $HASHWORD to store the hash of your password, and set $USE_HASH = 1.';
+$_['hash_txt_04'] = 'Keep in mind that due to a number of widely varied considerations, this is largely an academic excersize. That is, take the idea that this adds much of an improvement to security with a grain of cryptographic salt.	However, it does eleminate the storage of your password in plain text, which is a good thing.';
+$_['hash_txt_05'] = 'Anyway, to use the $HASHWORD password option:';
+$_['hash_txt_06'] = 'Type your desired password in the input field above and hit Enter.';
+$_['hash_txt_07'] = 'The hash will be displayed in a yellow message box above that.';
+$_['hash_txt_08'] = 'Copy and paste the new hash to the $HASHWORD variable in the config section.';
+$_['hash_txt_09'] = 'Make sure to copy ALL of, and ONLY, the hash (no leading or trailing spaces etc).';
+$_['hash_txt_10'] = 'A double-click should select it...';
+$_['hash_txt_11'] = 'Make sure $USE_HASH is set to 1 (or true).';
+$_['hash_txt_12'] = 'When ready, logout and login.';
+$_['hash_txt_13'] = 'You can use OneFileCMS to edit itself.  However, be sure to have a backup ready for the inevitable ytpo...';
+$_['hash_txt_14'] = 'For another small improvement to security, change the default salt and/or method used by OneFileCMS to hash the password (and keep \'em secret, of course).  Remever, every little bit helps...';
+
+$_['hash_msg_01'] = 'Password: ';
+$_['hash_msg_02'] = 'Hash &nbsp; &nbsp;: ';
+
+$_['login_h2'] = 'Log In';
+$_['login_txt_01'] = 'Username:';
+$_['login_txt_02'] = 'Password:';
+
+$_['login_msg_01a'] = 'There have been';
+$_['login_msg_01b'] = 'invalid login attempts.';
+$_['login_msg_02a'] = 'Please wait';
+$_['login_msg_02b'] = 'seconds to try again.';
+$_['login_msg_03']  = 'INVALID LOGIN ATTEMPT #';
+
+$_['edit_notes_00']  = 'NOTES:';
+$_['edit_note_01a'] = 'Remember- your ';
+$_['edit_note_01b'] = ' is ';
+$_['edit_note_02'] = 'So save changes before the clock runs out, or the changes will be lost!';
+$_['edit_note_03'] = 'some browsers, such as Chrome, if you click the browser [Back] then browser [Forward] (or vice versa), the file state may not be accurate.  To correct, click the browser\'s [Reload].';
+$_['edit_note_04'] = 'Chrome\'s XSS filters may disable some javascript in a page if the page even <i>appears</i> to contain inline javascript in certain contexts.  This can affect some features of the OneFileCMS edit page when editing files that legitimately contain such code, such as OneFileCMS itself.  However, such files can still be edited and saved with OneFileCMS.  The primary function lost is the incidental change of background colors (red/green) indicating whether or not the file has unsaved changes.  The issue will be noticed after the first save of such a file.';
+
+$_['edit_h2_1'] = 'Viewing: ';
+$_['edit_h2_2'] = 'Editing: ';
+$_['edit_txt_01'] = 'Non-text or unkown file type. Edit disabled.';
+$_['edit_txt_02'] = 'File possibly contains an invalid character. Edit and view disabled.';
+$_['edit_txt_03'] = 'htmlspecialchars() returned and empty string from what <i>may be</i> an otherwise valid file.';
+$_['edit_txt_04'] = 'This behavior can be inconsistant from version to version of php.';
+
+$_['too_large_to_edit_01a'] = 'Edit disabled. Filesize &gt; ';
+$_['too_large_to_edit_01b'] = $_['bytes_01'];
+$_['too_large_to_edit_02'] = 'Some browsers (ie: IE) bog down or become unstable while editing a large file in an HTML &lt;textarea&gt;.';
+$_['too_large_to_edit_03'] = 'Adjust $MAX_EDIT_SIZE in the configuration section of OneFileCMS as needed.';
+$_['too_large_to_edit_04'] = 'A simple trial and error test can determine a practical limit for a given browser/computer.';
+
+$_['too_large_to_view_01a'] = 'View disabled. Filesize &gt; ';
+$_['too_large_to_view_01b'] = $_['bytes_01'];
+$_['too_large_to_view_02'] = 'Click the the file name above to view as normally rendered in a browser window.';
+$_['too_large_to_view_03'] = 'Adjust $MAX_VIEW_SIZE in the configuration section of OneFileCMS as needed.';
+$_['too_large_to_view_04'] = '(The default value for $MAX_VIEW_SIZE is completely arbitrary, and may be adjusted as desired.)';
+
+$_['meta_txt_01'] = 'Filesize: ';
+$_['meta_txt_02'] = $_['bytes_01'];
+$_['meta_txt_03'] = 'Updated: ';
+
+$_['edit_msg_01'] = 'File saved: ';
+$_['edit_msg_02'] = 'bytes written.';
+$_['edit_msg_03'] = 'There was an error saving file.';
+
+$_['upload_h2'] = 'Upload File';
+$_['upload_txt_01'] = '&nbsp; per upload_max_filesize in php.ini.';
+$_['upload_txt_02'] = 'per post_max_size in php.ini';
+$_['upload_txt_03'] = 'Note: Maximum upload file size is: ';
+
+$_['upload_err_01a'] = 'Error 1: File too large.  ';
+$_['upload_err_01b'] = ' (From php.ini)';
+$_['upload_err_02a'] = 'Error 2: File too large.  ';
+$_['upload_err_02b'] = ' (From OneFileCMS)';
+$_['upload_err_03']  = 'Error 3: The uploaded file was only partially uploaded.';
+$_['upload_err_04']  = 'Error 4: No file was uploaded.';
+$_['upload_err_05']  = 'Error 5:';
+$_['upload_err_06']  = 'Error 6: Missing a temporary folder.';
+$_['upload_err_07']  = 'Error 7: Failed to write file to disk.';
+$_['upload_err_08']  = 'Error 8: A PHP extension stopped the file upload.';
+
+$_['upload_msg_01'] = 'No file selected for upload.';
+$_['upload_msg_02'] = 'Destination folder does not exist: ';
+$_['upload_msg_03'] = 'Upload cancelled.';
+$_['upload_msg_04'] = 'Uploading: ';
+$_['upload_msg_05'] = 'Upload successful! ';
+$_['upload_msg_06'] = 'Upload failed: ';
+
+$_['new_file_h2'] = 'New File';
+$_['new_file_txt_01'] = 'File will be created in the current folder. &nbsp;';
+$_['new_file_txt_02'] = 'Some invalid characters are: ';
+
+$_['new_file_msg_01'] = 'New file not created:';
+$_['new_file_msg_02'] = 'Name contains invalid character(s): ';
+$_['new_file_msg_03'] = 'New file not created - no name given';
+$_['new_file_msg_04'] = 'File already exists: ';
+$_['new_file_msg_05'] = 'Created file:';
+$_['new_file_msg_06'] = 'Error - new file not created:';
+
+$_['CRM_txt_01']  = 'To move a file or folder, change the path/to/folder/or_file. The new location must already exist.';
+$_['CRM_txt_02']  = 'Old name:';
+$_['CRM_txt_03']  = 'New name:';
+
+$_['CRM_msg_01'] = ' Error - new parent location does not exist:';
+$_['CRM_msg_02'] = ' Error - source file does not exist:';
+$_['CRM_msg_03'] = ' Error - target filename already exists:';
+$_['CRM_msg_04'] = ' to ';
+$_['CRM_msg_05a'] = 'Error during ';
+$_['CRM_msg_05b'] = ' from the above to the following:';
+
+$_['delete_h2'] = 'Delete File';
+$_['delete_txt_01'] = 'Are you sure?';
+
+$_['delete_msg_01'] = 'Deleted file:';
+$_['delete_msg_02'] = 'Error deleting ';
+
+$_['new_folder_h2'] = 'New Folder';
+$_['new_folder_txt_1'] = 'Folder will be created in the current folder. &nbsp;';
+$_['new_folder_txt_2'] = 'Some invalid characters are: ';
+
+$_['new_folder_msg_01'] = 'New folder not created:';
+$_['new_folder_msg_02'] = 'Name contains invalid character(s): ';
+$_['new_folder_msg_03'] = 'New folder not created - no name given.';
+$_['new_folder_msg_04'] = 'Folder already exists: ';
+$_['new_folder_msg_05'] = 'Created folder:';
+$_['new_folder_msg_06'] = 'Error - new folder not created: ';
+
+$_['delete_folder_h2'] = 'Delete Folder';
+$_['delete_folder_txt_01'] = 'Are you sure?';
+
+$_['delete_folder_msg_01'] = 'Folder not empty. &nbsp; Folders must be empty before they can be deleted.';
+$_['delete_folder_msg_02'] = 'Deleted folder:';
+$_['delete_folder_msg_03'] = 'an error occurred during delete.';
+
+$_['page_title_login']      = 'Log In';
+$_['page_title_hash']       = 'Hash Page';
+$_['page_title_edit']       = 'Edit/View File';
+$_['page_title_upload']     = 'Upload File';
+$_['page_title_new_file']   = 'New File';
+$_['page_title_copy']       = 'Copy File';
+$_['page_title_ren']        = 'Rename File';
+$_['page_title_del']        = 'Delete File';
+$_['page_title_folder_new'] = 'New Folder';
+$_['page_title_folder_ren'] = 'Rename/Move Folder';
+$_['page_title_folder_del'] = 'Delete Folder';
+
+$_['session_expired'] = 'SESSION EXPIRED';
+$_['unload_unsaved']  = '               Unsaved changes will be lost!';
+$_['confirm_reset']   = 'Reset file and loose unsaved changes?';
+
+$_['OFCMS_requires']  = 'OneFileCMS requires PHP5 to operate. Tested on versions 5.2.17, 5.3.3 & 5.4';
+
+$_['logout_msg']       = 'You have successfully logged out.';
+$_['folder_del_msg']   = 'Folder not empty. &nbsp; Folders must be empty before they can be deleted.';
+$_['upload_error_01a'] = ' Upload Error.  Total POST data (mostly filesize) exceeded post_max_size = ';
+$_['upload_error_01b'] = ' (from php.ini)';
+$_['edit_caution_01']  = 'CAUTION ';
+$_['edit_caution_02']  = ' You are editing the active copy of OneFileCMS - BACK IT UP &amp; BE CAREFUL !!';
+
+$_['time_out_txt'] = 'Session time out in:';
+//******************************************************************************
+
+
+
+
+function Session_Startup() {//**************************************************
+	global $USERNAME, $PASSWORD, $USE_HASH, $HASHWORD, $page, $VALID_POST, $MAX_IDLE_TIME, $SESSION_NAME;
+ 
+	$limit    = 0; //0 = session.  
+	$path     = dirname($_SERVER['SCRIPT_NAME']);
+	$domain   = ''; // '' = hostname
+	$https    = false; 
+	$httponly = true;//true = unaccessable via javascript. Some XSS protection.
+	session_set_cookie_params($limit, $path, $domain, $https, $httponly);
+
+	session_name($SESSION_NAME);
+	session_start();
+
+	//Set initial defaults...
+	$page = 'login'; 
+	$VALID_POST = 0;
+	if ( !isset($_SESSION['valid']) ) { $_SESSION['valid'] = 0; }
+
+	//Logging in?
+	if ( isset($_POST["username"]) || isset($_POST["password"]) ) { Login_response(); }
+
+	session_regenerate_id(true); //Helps prevent session fixation & hijacking.
+
+	if ( $_SESSION['valid'] ) { Verify_IDLE_POST_etc(); }
+	
+	$_SESSION['nuonce'] = sha1(mt_rand().microtime()); //provided in <forms> to verify POST
+
+	chdir($_SERVER["DOCUMENT_ROOT"]); //Allow OneFileCMS.php to be started from any dir on the site.
+}//End Session_Startup() *******************************************************
+
+
+
+
+function Verify_IDLE_POST_etc() { //********************************************
+	global $_, $EX, $message, $VALID_POST, $MAX_IDLE_TIME;
+
+	//Verify consistant user agent... (every little bit helps a little bit) 
+	if ( ($_SESSION['USER_AGENT'] != $_SERVER['HTTP_USER_AGENT']) ) { Logout(); }
+
+	//Check idle time
+ 	if ( isset($_SESSION['last_active_time']) ) {
+		$idle_time = ( time() - $_SESSION['last_active_time'] );
+		if ( $idle_time > $MAX_IDLE_TIME ) {
+			Logout();
+			$message .= $_['verify_msg_01'].'<br>';
+		}
+	}
+
+	$_SESSION['last_active_time'] = time();
+
+	//If POSTing, verify...
+	if ( isset($_POST['nuonce']) ) { 
+		if ( $_POST['nuonce'] == $_SESSION['nuonce'] ) {
+			$VALID_POST = 1;
+		}else{
+			Logout();
+			$message .= $EX.'<b>'.$_['verify_msg_02'].'</b><br>';
+		}
+	}
+}//end Verify_IDLE_POST_etc() //************************************************
+
+
+
+
+function hashit($key){ //*******************************************************
+	//This is the super-secret stuff - Keep it secret, keep it safe!
+	//If you change anything here, or the $SALT, redo the hash for your password.
+	global $SALT;
+	$hash = hash('sha256', trim($key).$SALT); // trim off leading & trailing spaces.
+	for ( $x=0; $x < 1000; $x++ ) { $hash = hash('sha256', $hash.$SALT); }
+	return $hash;
+}//end hashit() ****************************************************************
+
+
+
+
+function undo_magic_quotes(){ //************************************************
+
+	function strip_array($var) {
+		if (is_array($var)) {return array_map("strip_array", $var); }
+		else                {return stripslashes($var); }
+	} //Note: stripslashes also handles cases when magic_quotes_sybase is on.
+
+	if (get_magic_quotes_gpc()) {
+		if (isset($_GET))    { $_GET     = strip_array($_GET);    }
+		if (isset($_POST))   { $_POST    = strip_array($_POST);   }
+		if (isset($_COOKIE)) { $_COOKIE  = strip_array($_COOKIE); }
+	}
+}//end undo_magic_quotes() *****************************************************
+
+
+
+
+function Get_GET() { //*** Get main parameters *********************************
+	// i=some/path/,  f=somefile.xyz,  p=somepage
+	global $_, $ipath, $filename, $page, $valid_pages, $param1, $param2, $param3, $message, $EX;
+
+	undo_magic_quotes();
+
+	if (isset($_GET["i"])) { $ipath = Check_path($_GET["i"]); }else{ $ipath = ""; }
+
+	if (isset($_GET["f"])) {
+		$filename = $ipath.$_GET["f"];
+		if ( !is_file($filename) && $_SESSION['valid'] )//Set $message except for login page.
+			{ $message .= $EX.'<b>'.$_['get_get_msg_01'].'</b> '.htmlentities($filename).'<br>'; }
+		if ( !is_file($filename) ) { $filename = ""; $page = "index"; }
+	}else{ $filename = ""; }
+
+	if (isset($_GET["p"])) { $page = $_GET["p"]; } 
+	if (!in_array(strtolower($page), $valid_pages)) { $page = "index"; }
+
+	$param1 = '?i='.URLencode_path($ipath);
+	if ($filename == "") { $param2 = ""; }else{ $param2 = '&amp;f='.rawurlencode(basename($filename)); }
+	if ($page == ""    ) { $param3 = ""; }else{ $param3 = '&amp;p='.$page; }
+}//end Get_GET()****************************************************************
+
+
+
+
+function URLencode_path($path){ // don't encode the forward slashes ************
+	$TS = '';  // Trailing Slash/
+	if (substr($path, -1) == '/' ) { $TS = '/'; } //start with a $TS?
+	$path_array = explode('/',$path);
+	$path = "";
+	foreach ($path_array as $level) { $path .= rawurlencode($level).'/'; }
+	$path = rtrim($path,'/').$TS;  //end with $TS only if started with one
+	return $path;
+}//end URLencode_path($path) ***************************************************
+
+
+
+
+function Check_path($path) { // returns first valid path in some/supplied/path/
+	global  $_, $message, $EX;
+	$invalidpath = $path; //used for message if supplied $path doesn't exist.
+	$path = str_replace('\\','/',$path);   //Make sure all forward slashes.
+	$path = trim($path,"/ ."); // trim slashes, dots, and spaces
+
+	//Remove any '.' and '..' parts of the path.  Causes issues in <h2>www / current / path /</h2>
+	$pathparts = explode( '/', $path);
+	$len       = count($pathparts);
+	$path      = "";  //Cleaned path.
+	foreach ($pathparts as $value) { //(More reliable than str_replace(entire_string).)
+		if ( !(($value == '.') && (!value == '..')) ) { $path .= $value.'/'; }
+	}
+
+	$path = trim($path,"/"); // Remove -for now- final trailing slash.
+
+	if (strlen($path) < 1) { return ""; } //If at site root
+	else {
+		if (!is_dir($path) && (strlen($message) < 1))
+			{ $message .= $EX.'<b>'.$_['check_path_msg_01'].'</b>'.htmlentities($invalidpath).'<br>'; }
+
+		while ( (strlen($path) > 0) && (!is_dir($path)) ) {
+			$path = dirname($path);
+		}
+
+		$path = $path.'/';
+		if ($path == './') { $path = ""; } // ./ means path not found, so clear for root.
+	}
+
+	return $path; 
+}//end Check_path() ************************************************************
+
+
+
+
+function is_empty($path){ //****************************************************
+	$empty = false;
+	$dh = opendir($path);
+	for($i = 3; $i; $i--) { $empty = (readdir($dh) === FALSE); }
+	closedir($dh);
+	return $empty;
+}//end is_empty() //************************************************************
+
+
+
+
+function ordinalize($destination,$filename, &$msg) { //*************************
+//if file_exists(file.txt), ordinalize filename until it doesn't
+//ie: file.txt.001,  file.txt.002, file.txt.003  etc...
+	global $_, $EX;
+
+	$ordinal   = 0;
+	$savefile = $destination.$filename;
+
+	if (file_exists($savefile)) {
+
+		$msg .= $EX.$_['ord_msg_01'].'<br>';
+
+		while (file_exists($savefile)) {
+			$ordinal = sprintf("%03d", ++$ordinal); //  001, 002, 003, etc...
+			$savefile = $destination.$filename.'.'.$ordinal;
+		}
+		$msg .= $_['ord_msg_02'].'"<b>'.htmlentities(basename($savefile)).'</b>"';
+	}
+	return $savefile;
+}//end ordinalize() filename ***************************************************
+
+
+
+
+function Current_Path_Header(){ //**********************************************
+ 	// Current path. ie: webroot/current/path/ 
+	// Each level is a link to that level.
+
+	global $ONESCRIPT, $ipath, $WEB_ROOT;
+
+	echo '<h2>';
+		//Root folder of web site.
+		echo '<a id="path_0" href="'.$ONESCRIPT.'" class="path"> '.htmlentities(trim($WEB_ROOT, '/')).'</a>/';
+		$x=0; //need here for focus() in case at webroot.
+
+		if ($ipath != "" ) { //if not at root, show the rest
+			$path_levels  = explode("/",trim($ipath,'/') );
+			$levels = count($path_levels); //If levels=3, indexes = 0, 1, 2  etc... 
+			$current_path = "";
+
+			for ($x=0; $x < $levels; $x++) {
+				$current_path .= $path_levels[$x].'/';
+				echo '<a id="path_'.($x+1).'" href="'.$ONESCRIPT.'?i='.URLencode_path($current_path).'" class="path">';
+				echo htmlentities($path_levels[$x]).'</a>/';
+			}
+		}//end if (not at root)
+	echo '</h2>';
+	echo '<script>document.getElementById("path_'.$x.'").focus();</script>';
+}//end Current_Path_Header() //*************************************************
+
+
+
+
+function message_box() { //*****************************************************
+	global $ONESCRIPT, $param1, $param2, $param3, $message, $page;
+
+	if (isset($message)) {
+?>
+		<div id="message"><p>
+		<span id="Xbox"><!-- [X] to dismiss message box -->
+			<a id="dismiss" href='<?php echo $ONESCRIPT.$param1.$param2.$param3; ?>'
+ 			onclick='document.getElementById("message").innerHTML = " ";return false;'>
+			[X]</a>
+		</span>
+		<?php echo $message.PHP_EOL ;?>
+		</p></div>
+		<script>document.getElementById("dismiss").focus();</script>
+<?php
+	}else {
+		echo '<div id="message"></div>'; // Needed on Edit page to keep js feedback from failing
+	} //end isset($message)
+	
+	// Used on Edit Page to preserve vertical spacing, so edit area doesn't jump as much.
+	if ($page == "edit") {echo '<style>#message { min-height: 1.86em; }</style>';}
+}//end message_box()  **********************************************************
+
+
+
+
+function Upload_New_Rename_Delete_Links() { //**********************************
+	global $_, $ONESCRIPT, $ipath, $param1;
+	echo '<p class="front_links">';
+	echo '<a href="'.$ONESCRIPT.$param1.'&amp;p=upload">'   ; svg_icon_upload()    ; echo $_['Upload_File'].'</a>';
+	echo '<a href="'.$ONESCRIPT.$param1.'&amp;p=newfile">'  ; svg_icon_file_new()  ; echo $_['New_File']   .'</a>';
+	echo '<a href="'.$ONESCRIPT.$param1.'&amp;p=newfolder">'; svg_icon_folder_new(); echo $_['New_Folder'] .'</a>';
+	if ($ipath !== "") { //if at root, don't show Rename & Delete links
+		echo '<a href="'.$ONESCRIPT.$param1.'&amp;p=renamefolder">'; svg_icon_folder_ren(); echo $_['Ren_Folder'].'</a>';
+		echo '<a href="'.$ONESCRIPT.$param1.'&amp;p=deletefolder">'; svg_icon_folder_del(); echo $_['Del_Folder'].'</a>';
+	}
+	echo '</p>';
+}//end Upload_New_Rename_Delete_Links()  ***************************************
+
+
+
+
+function Cancel_Submit_Buttons($submit_label, $focus) { //**********************
+	//$submit_label = Rename, Copy, Delete, etc...
+	//$focus is ID of element to receive focus(). (element may be outside this function)
+	global $_, $ONESCRIPT, $ipath, $param1, $param2, $filename, $page;
+
+	// [Cancel] returns to either the index, or edit page.
+	if ($filename == "") {$params = "";}else{ $params = $param2.'&amp;p=edit'; }
+?>
+	<p> 
+	<input type="button" class="button" id="cancel" name="cancel" value="<?php echo $_['Cancel'] ?>"
+		onclick="parent.location = '<?php echo $ONESCRIPT.$param1.$params ?>'">
+	<input type="submit" class="button" value="<?php echo $submit_label;?>" style="margin-left: 1.3em;">
+<?php 
+	if ($focus != ""){ echo '<script>document.getElementById("'.$focus.'").focus();</script>'; }
+	//Do not close the <p> tag yet/here. Need to leave it open for edit btn on hash page.
+}// End Cancel_Submit_Buttons() //**********************************************
+
+
+
+
+function show_image(){ //*******************************************************
+	global $_, $filename, $MAX_IMG_W, $MAX_IMG_H;
+	
+	$IMG = $filename;
+	$img_info = getimagesize($IMG);
+
+	$W=0; $H=1; //indexes for $img_info[]
+	$SCALE = 1; $TOOWIDE = 0; $TOOHIGH = 0;
+	if ($img_info[$W] > $MAX_IMG_W) { $TOOWIDE = ( $MAX_IMG_W/$img_info[$W] );}
+	if ($img_info[$H] > $MAX_IMG_H) { $TOOHIGH = ( $MAX_IMG_H/$img_info[$H] );}
+	
+	if ($TOOHIGH || $TOOWIDE) {
+		if     (!$TOOWIDE)           {$SCALE = $TOOHIGH;}
+		elseif (!$TOOHIGH)           {$SCALE = $TOOWIDE;}
+		elseif ($TOOHIGH > $TOOWIDE) {$SCALE = $TOOWIDE;} //ex: if (.90 > .50)
+		else                         {$SCALE = $TOOHIGH;}
+	}
+
+	echo '<p>';
+	echo $_['show_img_msg_01']. round($SCALE*100) .$_['show_img_msg_02'].$img_info[0].' x '.$img_info[1].').</p>';
+	echo '<div style="clear:both"></div>'.PHP_EOL;
+	echo '<a href="/' .URLencode_path($IMG). '" target="_blank">'.PHP_EOL;
+	echo '<img src="/'.URLencode_path($IMG).'"  height="'.$img_info[$H]*$SCALE.'"></a>'.PHP_EOL;
+}// end show_image() ***********************************************************
+
+
+
+
+function show_favicon(){ //*****************************************************
+	global $config_favicon, $DOC_ROOT;
+	if (file_exists($DOC_ROOT.$config_favicon)) { 
+		echo '<img src="'.URLencode_path($config_favicon).'" alt="">'; 
+	}
+}// end show_favicon() *********************************************************
+
+
+
+
+function Timeout_Timer($COUNT, $ID, $CLASS, $ACTION) { //************************
+
+	return 	'<script>'.
+			'Start_Countdown('.$COUNT.', "'.$ID.'", "'.$CLASS.'", "'.$ACTION.'");'.
+			'</script>';
+
+} //end Timeout_Timer() **************************************************
+
+
+
+
+function Init_Macros(){ //*** ($varibale="some reusable chunk of code")*********
+
+global 	$ONESCRIPT, $param1, $param2, $INPUT_NUONCE, $FORM_COMMON, 
+		$SVG_icon_circle_plus, $SVG_icon_circle_x, $SVG_icon_pencil, $SVG_icon_img_0;
+
+$INPUT_NUONCE = '<input type="hidden" name="nuonce" value="'.$_SESSION['nuonce'].'">'.PHP_EOL;
+$FORM_COMMON = '<form method="post" action="'.$ONESCRIPT.$param1.$param2.'">'.$INPUT_NUONCE;
+
+$SVG_icon_circle_plus = '<circle cx="5" cy="5" r="5" stroke="black" stroke-width="0" fill="#080"/>
+	  <line x1="2" y1="5" x2="8" y2="5" stroke="white" stroke-width="1.5" />
+	  <line x1="5" y1="2" x2="5" y2="8" stroke="white" stroke-width="1.5" />';
+
+$SVG_icon_circle_x = '<circle cx="5" cy="5" r="5" stroke="black" stroke-width="0" fill="#D00"/>
+	<line x1="2.5" y1="2.5" x2="7.5" y2="7.5" stroke="white" stroke-width="1.5"/>
+	<line x1="7.5" y1="2.5" x2="2.5" y2="7.5" stroke="white" stroke-width="1.5"/>';
+
+$SVG_icon_pencil = '<polygon points="2,0 9,7 7,9 0,2" stroke-width="1" stroke="darkgoldenrod" fill="rgb(246,222,100)"/>
+	  <path  d="M0,2   L0,0  L2,0"      stroke="tan" fill="tan" stroke-width="1" />
+	  <path  d="M0,1.5   L0,0  L1.5,0"      stroke="black" fill="transparent" stroke-width="1" />
+	  <line x1="7.3" y1="10"  x2="10" y2="7.3"  stroke="silver" stroke-width="1"/>
+	  <line x1="8.1" y1="10.8"  x2="10.8" y2="8.1"  stroke="red" stroke-width="1"/>';
+
+$SVG_icon_img_0 = '<rect x="0"    y="0"   width="14" height="16" fill="#FF8" stroke="#44F" stroke-width="2" />
+	<rect x="2"    y="2"   width="5"  height="5"  fill="#F66" stroke-width="0" />
+	<rect x="7.5"  y="6"   width="5"  height="5"  fill="#6F6" stroke-width="0" />
+	<rect x="2"    y="10"  width="5"  height="5"  fill="#66F" stroke-width="0" />';
+}//end Init_Macros() ***********************************************************
+
+
+
+
+function svg_icon_bin(){ //*****************************************************
+$zero = '<rect x="0"  y="0"  width="3" height="6" fill="transparent" stroke="#555" stroke-width="1" />';
+$one  = '<line x1="0" y1="-.5"   x2="0" y2="6.5"  stroke="#555" stroke-width="1"/>';
+?><svg class="icon" xmlns="http://www.w3.org/2000/svg" version="1.1" width="14" height="16">
+	<g transform="translate( 0.5,0.5)"><?php echo $one  ?></g>
+	<g transform="translate( 3.5,0.5)"><?php echo $zero ?></g>
+	<g transform="translate( 9.5,0.5)"><?php echo $one  ?></g>
+	<g transform="translate(12.5,0.5)"><?php echo $one  ?></g>
+	<g transform="translate( 0.5,9.5)"><?php echo $zero ?></g>
+	<g transform="translate( 6.5,9.5)"><?php echo $one  ?></g>
+	<g transform="translate( 9.5,9.5)"><?php echo $zero ?></g>
+</svg><?php 
+} //end svg_icon_bin() *********************************************************
+
+
+
+function svg_icon_img(){ //*****************************************************
+global $SVG_icon_img_0;
+?><svg class="icon icon_file" xmlns="http://www.w3.org/2000/svg" version="1.1" width="14" height="16">
+	<?php echo $SVG_icon_img_0 ?>
+</svg><?php 
+} //end svg_icon_img() *********************************************************
+
+
+
+function svg_icon_svg(){ //*****************************************************
+global $SVG_icon_img_0;
+?><svg class="icon icon_file" xmlns="http://www.w3.org/2000/svg" version="1.1" width="14" height="16">
+	<?php echo $SVG_icon_img_0 ?>
+	<line x1="3" y1="3.5"  x2="11" y2="3.5"  stroke="#444" stroke-width=".6"/>
+	<line x1="3" y1="6.5"  x2="11" y2="6.5"  stroke="#444" stroke-width=".6"/>
+	<line x1="3" y1="9.5"  x2="11" y2="9.5"  stroke="#444" stroke-width=".6"/>
+	<line x1="3" y1="12.5" x2="11" y2="12.5" stroke="#444" stroke-width=".6"/>
+</svg><?php 
+} //end svg_icon_img() *********************************************************
+
+
+
+function svg_icon_txt_0($border, $lines, $fill, $extra){ //*********************
+?><svg class="icon icon_file" xmlns="http://www.w3.org/2000/svg" version="1.1" width="14" height="16">
+	<rect x = "0" y = "0" width = "14" height = "16" 
+		fill="<?php echo $fill ?>" stroke="<?php echo $border ?>" stroke-width="2" />
+	<line x1="3" y1="3.5"  x2="11" y2="3.5"  stroke="<?php echo $lines ?>" stroke-width=".6"/>
+	<line x1="3" y1="6.5"  x2="11" y2="6.5"  stroke="<?php echo $lines ?>" stroke-width=".6"/>
+	<line x1="3" y1="9.5"  x2="11" y2="9.5"  stroke="<?php echo $lines ?>" stroke-width=".6"/>
+	<line x1="3" y1="12.5" x2="11" y2="12.5" stroke="<?php echo $lines ?>" stroke-width=".6"/>
+	<?php echo $extra ?>
+</svg><?php 
+} //end svg_icon_txt() *********************************************************
+
+
+
+function svg_icon_txt(){ svg_icon_txt_0('#333', '#000', '#FFF', ''); } //*******
+
+function svg_icon_htm(){ svg_icon_txt_0('#444', '#222', '#FABEAA', ''); } //**** rgb(250,190,170)
+
+function svg_icon_php(){ svg_icon_txt_0('#333', '#111', '#C3C3FF', ''); } //**** rgb(195,195,225)
+
+function svg_icon_css(){ svg_icon_txt_0('#333', '#111', '#FFE1A5', ''); } //**** rgb(255,225,165)
+
+function svg_icon_cfg(){ svg_icon_txt_0('#444', '#111', '#DDD', ''); } //*******
+
+
+
+function svg_icon_upload(){ //**************************************************
+	$extra = '<g transform="scale(1.1) translate(1.75,4)">
+		<polygon points="6,0  12,6  8,6  8,11  4,11  4,6  0,6" 
+		stroke-width="1" stroke="white" fill="green" /></g>';
+	svg_icon_txt_0('#333', 'black', 'white', $extra);
+} //end svg_icon_upload() ******************************************************
+
+
+
+function svg_icon_file_new(){ //************************************************
+	global $SVG_icon_circle_plus;
+	$extra = '<g transform="translate(4,6)">'.$SVG_icon_circle_plus.'</g>';
+	svg_icon_txt_0('#444', 'black', 'white', $extra);
+} //end svg_icon_file_new() ****************************************************
+
+
+
+function svg_icon_file_del(){ //************************************************
+global $SVG_icon_circle_x;
+	$extra = '<g transform="translate(4,6)">'.$SVG_icon_circle_x.'</g>';
+	svg_icon_txt_0('#444', 'black', 'white', $extra);
+} //end svg_icon_file_del() ****************************************************
+
+
+
+function svg_icon_folder_0($extra){ //******************************************
+?><svg class="icon icon_fldr" xmlns="http://www.w3.org/2000/svg" version="1.1" width="18" height="14">
+	<path  d="M0.5, 1  L8,1  L9,2  L9,3  L16.5,3  L17,3.5  L17,13.5  L.5,13.5  L.5,.5" 
+			fill="#FBE47b" stroke="#F0CD28" stroke-width="1" />
+	<path  d="M1.5, 8  L7, 8  L8.5,6.3  L16,6.3  L7.5, 6.3   L6.5,7.5  L1.5,7.5" 
+			fill="transparent" stroke="white" stroke-width="1" />
+	<path  d="M1.5,13  L1.5,2  L7.5,2  L8.5,3  L8.5,4  L15.5,4 L16,4.5  L16,13"  
+			fill="transparent" stroke="white" stroke-width="1" />
+	<?php echo $extra ?>
+</svg><?php 
+} //end svg_icon_folder_0() ****************************************************
+
+
+
+function svg_icon_folder(){ svg_icon_folder_0(''); } //*************************
+
+
+
+function svg_icon_folder_new(){ //**********************************************
+	global $SVG_icon_circle_plus;
+	$extra = '<g transform="translate(7.5,4)">'.$SVG_icon_circle_plus.'</g>';
+	svg_icon_folder_0($extra);
+} //end svg_icon_folder_new() **************************************************
+
+
+
+function svg_icon_folder_ren(){ //**********************************************
+	global $SVG_icon_pencil;
+	$extra = '<g transform="translate(6,3)">'.$SVG_icon_pencil.'</g>';
+	svg_icon_folder_0($extra);
+} //end svg_icon_folder_ren() **************************************************
+
+
+
+function svg_icon_folder_del(){ //**********************************************
+	global $SVG_icon_circle_x; 
+	$extra = '<g transform="translate(7.5,4)">'.$SVG_icon_circle_x.'</g>';
+	svg_icon_folder_0($extra);
+} //end svg_icon_folder_del() **************************************************
+
+
+
+
+function show_icon($type){ //***************************************************
+	if     ($type == 'bin') { svg_icon_bin(); }
+	elseif ($type == 'img') { svg_icon_img(); }
+	elseif ($type == 'svg') { svg_icon_svg(); }
+	elseif ($type == 'txt') { svg_icon_txt(); }
+	elseif ($type == 'htm') { svg_icon_htm(); }
+	elseif ($type == 'php') { svg_icon_php(); }
+	elseif ($type == 'css') { svg_icon_css(); }
+	elseif ($type == 'cfg') { svg_icon_cfg(); }
+	else                    { svg_icon_bin(); } //default
+}//end show_icon() *************************************************************
+
+
+
+
+function Hash_Page() { //******************************************************
+	global $_, $DOC_ROOT, $ONESCRIPT, $param1, $param2, $message, $INPUT_NUONCE, $config_title;
+	$params = '?i='.dirname($ONESCRIPT).'&amp;f='.basename($ONESCRIPT).'&amp;p=edit';
+	if (!isset($_POST['whattohash'])) { $_POST['whattohash'] = ''; }
+?>
+	<style>#message {font-family: courier; min-height: 3.1em;}
+	li {margin-left: 2em}</style>
+
+	<h2><?php echo $_['hash_h2'] ?></h2>
+	
+	<form id="hash" name="hash" method="post" action="<?php echo $ONESCRIPT.$param1.'&amp;p=hash'; ?>">
+		<?php echo $INPUT_NUONCE; ?>
+		Password to hash:
+		<input type="text" name="whattohash" id="whattohash" value="<?php echo htmlspecialchars($_POST["whattohash"]) ?>">
+		<?php Cancel_Submit_Buttons($_['Generate_Hash'], 'whattohash') ?>
+ 		<a class="button edit_onefile" href="<?php echo $ONESCRIPT.$params; ?>" ><?php echo $_['Edit'].' '.$config_title ?></a>
+	</form>
+
+	<div class="info">
+ 	<p><?php echo $_['hash_txt_01'] ?><br>
+	<p>
+	<?php echo $_['hash_txt_02'] ?><br>
+	<?php echo $_['hash_txt_03'] ?><br>
+
+	<p><?php echo $_['hash_txt_04'] ?>
+
+	<p><?php echo $_['hash_txt_05'] ?>
+	<ol><li><?php echo $_['hash_txt_06'] ?><br>
+			<?php echo $_['hash_txt_07'] ?>
+		<li><?php echo $_['hash_txt_08'] ?><br>
+			<?php echo $_['hash_txt_09'] ?><br>
+			<?php echo $_['hash_txt_10'] ?><br>
+		<li><?php echo $_['hash_txt_11'] ?>
+		<li><?php echo $_['hash_txt_12'] ?>
+	</ol>
+	<p><?php echo $_['hash_txt_13'] ?>
+	<p>
+	<?php echo $_['hash_txt_14'] ?>
+
+	</div>
+<?php 
+} //end Hash_Page() ************************************************************
+
+
+
+
+function Hash_response() { //***************************************************
+	global $_, $message;
+	$_POST['whattohash'] = trim($_POST['whattohash']); // trim leading & trailing spaces.
+	$message .= $_['hash_msg_01'].htmlspecialchars($_POST['whattohash']).'<br>';
+	$message .= $_['hash_msg_02'].htmlspecialchars(hashit($_POST["whattohash"]));
+} //end Hash_response() ********************************************************
+
+
+
+
+function Logout() { //**********************************************************
+	global $page;
+	session_regenerate_id(true);
+	session_unset();
+	session_destroy();
+	session_write_close();
+	unset($_GET);
+	unset($_POST);
+	$_SESSION['valid'] = 0;
+	$page = 'login';
+}//end Logout() ****************************************************************
+
+
+
+
+function Login_Page() { //******************************************************
+	global $_, $ONESCRIPT, $message;
+?>
+	<h2><?php echo $_['login_h2'] ?></h2>
+	<form method="post" action="<?php echo $ONESCRIPT; ?>">
+		<p>
+			<label for="username"><?php echo $_['login_txt_01'] ?></label>
+			<input type="text" name="username" id="username" class="login_input" >
+		</p>
+		<p>
+			<label for="password"><?php echo $_['login_txt_02'] ?></label>
+			<input type="password" name="password" id="password" class="login_input">
+		</p>
+			
+		<p><input type="submit" class="button" value="<?php echo $_['Enter'] ?>"></p>
+	</form>
+	<script>document.getElementById('username').focus();</script>
+<?php 
+} //end Login_Page() ***********************************************************
+
+
+
+
+function Login_response() { //**************************************************
+	global $_, $EX, $message, $page, $LOGIN_ATTEMPTS, 
+		   $USERNAME, $PASSWORD, $USE_HASH, $HASHWORD, $MAX_ATTEMPTS, $LOGIN_DELAY;
+
+	$_SESSION = array();    //make sure it's empty
+	$_SESSION['valid'] = 0; //Default to failed login.
+	$attempts = 0;
+	$elapsed  = 0;
+
+	if (is_file($LOGIN_ATTEMPTS)) { //Check for prior failed attempts
+		$attempts = (int)file_get_contents($LOGIN_ATTEMPTS); //Don't increment yet...
+		$elapsed  = time() - filemtime($LOGIN_ATTEMPTS);
+	}
+
+	if ($attempts > 0) { $message .= '<b>'.$_['login_msg_01a'].' '.$attempts.' '.$_['login_msg_01b'].'</b><br>';}
+	if ( ($attempts >= $MAX_ATTEMPTS) && ($elapsed < $LOGIN_DELAY) ){
+		$message .= $_['login_msg_02a'].' '.Timeout_Timer(($LOGIN_DELAY - $elapsed), 'timer0', '', '').' '.$_['login_msg_02b'];
+		return;
+	}
+
+	//Validate password
+	if ($USE_HASH) { $VALID_PASSWORD = (hashit($_POST['password']) == $HASHWORD); }
+	else           { $VALID_PASSWORD = (       $_POST['password']  == $PASSWORD); }
+
+	//validate login.  Ignore attempt if username & password are blank. 
+	if ( ($_POST['password'] == "") && ($_POST['username'] == "") )  { ; //
+	}elseif ( $VALID_PASSWORD && ($_POST['username'] == $USERNAME) ) {
+		session_regenerate_id(true);
+		$_SESSION['USER_AGENT'] = $_SERVER['HTTP_USER_AGENT']; //for user consistancy check.
+		$_SESSION['valid'] = 1;
+		$page = "index";
+		if ( is_file($LOGIN_ATTEMPTS) ) { unlink($LOGIN_ATTEMPTS); } //delete invalid attempts count file
+	}else{
+		file_put_contents($LOGIN_ATTEMPTS, ++$attempts); //increment & save attempt
+		$message  = $EX.'<b>'.$_['login_msg_03'].$attempts.'</b><br>';
+		if ($attempts >= $MAX_ATTEMPTS) {
+			$message .= $_['login_msg_02a'].' '.Timeout_Timer($LOGIN_DELAY, 'timer0', '', '').' '.$_['login_msg_02b'];
+		}
+	}
+}//end Login_response() //******************************************************
+
+
+
+
+function List_Files() { // ...in a vertical table ******************************
+//called from Index Page
+
+	global $ONESCRIPT, $ipath, $param1, $ftypes, $fclasses, $excluded_list, $stypes, $SHOWALLFILES;
+
+	$files = scandir('./'.$ipath);
+	natcasesort($files);
+
+	echo '<table class="index_T">';
+	foreach ($files as $file) {
+		
+		$excluded = FALSE;
+		if (in_array(basename($file), $excluded_list)) { $excluded = TRUE; };
+
+		//Get file type & check against $stypes (files types to show)
+		$ext = end( explode(".", strtolower($file)) );
+		if ($SHOWALLFILES || in_array($ext, $stypes)) { $SHOWTYPE = TRUE; } else { $SHOWTYPE = FALSE; }
+		
+		if ( $SHOWTYPE && !is_dir($ipath.$file) && !$excluded ) {
+			
+			//Set icon type based on file type ($ext).
+			$type = $fclasses[array_search($ext, $ftypes)];
+?>
+			<tr>
+				<td>
+					<?php echo '<a href="'.$ONESCRIPT.$param1.'&amp;f='.rawurlencode($file).'&amp;p=edit" >'; ?>
+					<?php show_icon($type); echo  htmlentities($file), '</a>'; ?>
+				</td>
+				<td class="meta_T meta_size">&nbsp;
+					<?php echo number_format(filesize($ipath.$file)); ?> B
+				</td>
+				<td class="meta_T meta_time"> &nbsp;
+					<script>FileTimeStamp(<?php echo filemtime($ipath.$file); ?>, 1, 0);</script>
+				</td>
+			</tr>
+<?php 
+		}//end if !is_dir...
+	}//end foreach file
+	echo '</table>';
+}//end List_Files() ************************************************************
+
+
+
+
+function Index_Page(){ //*******************************************************
+	global $ONESCRIPT, $ipath;
+
+	//<!--==== List folders/sub-directores ====-->
+	echo '<p class="index_folders">';
+		$folders = glob($ipath."*",GLOB_ONLYDIR);
+		natcasesort($folders);
+		foreach ($folders as $folder) {
+			echo '<a href="'.$ONESCRIPT.'?i='.URLencode_path($folder).'/">'.PHP_EOL;
+			svg_icon_folder();
+			echo htmlentities(basename($folder)).' /</a>';
+		}
+	echo '</p>';
+
+	Upload_New_Rename_Delete_Links();
+
+	List_Files();
+
+	Upload_New_Rename_Delete_Links();
+
+}//end Index_Page()*************************************************************
+
+
+
+
+function Edit_Page_buttons_top($text_editable){ //******************************
+	global $_, $ONESCRIPT, $param1, $filename;
+?>
+	<div class="edit_btns_top">
+		<div class="file_meta">
+			<span class="meta_size">
+				<?php echo $_['meta_txt_01'].number_format(filesize($filename)).' '.$_['meta_txt_02']; ?>
+			</span> &nbsp; 
+			<span class="meta_time">
+				<?php echo $_['meta_txt_03'] ?><script>FileTimeStamp(<?php echo filemtime($filename); ?>, 1, 1);</script>
+			</span><br>
+		</div>
+
+		<div class="buttons_right">
+			<?php if ( $text_editable ) { ?>
+				<input type="button" id="wide_view" class="button" value="<?php echo $_['Wide_View'] ?>" onclick="Wide_View();">
+			<?php } ?>
+			<input type="button" id="close1" class="button" value="<?php echo $_['Close'] ?>" 
+				onclick="parent.location = '<?php echo $ONESCRIPT.$param1 ?>'">
+			<script>document.getElementById('close1').focus();</script>
+		</div>
+		<div style="clear:both"></div>
+	</div>
+<?php 
+}//end Edit_Page_buttons_top(){ //**********************************************
+
+
+
+
+function Edit_Page_buttons($text_editable, $too_large_to_edit) { //*************
+	global $_, $ONESCRIPT, $param1, $param2, $MAX_IDLE_TIME;
+	$Button = '<input type="button" class="button" value="';
+	$ACTION = '" onclick="parent.location = \''.$ONESCRIPT.$param1.$param2.'&amp;p=';
+?>
+	<div class="edit_btns_bottom">
+	<?php if ($text_editable && !$too_large_to_edit) { //Show save & reset only if editable file ?> 
+		<?php echo Timeout_Timer($MAX_IDLE_TIME, 'timer1','timer', 'LOGOUT'); ?>
+		<input type="submit" class="button" value="Save"                  onclick="submitted = true;" id="save_file">
+		<input type="button" class="button" value="Reset - loose changes" onclick="Reset_File()"      id="reset">
+		<script>
+			//Set disabled here instead of via input attribute in case js is disabled.
+			//If js is disabled, user would be unable to save changes.
+			document.getElementById('save_file').disabled = "disabled";
+			document.getElementById('reset').disabled     = "disabled";
+		</script>
+	<?php } ?>
+	<?php echo $Button.$_['Ren_Move'].$ACTION ?>rename'">
+	<?php echo $Button.$_['Copy']    .$ACTION ?>copy'"  >
+	<?php echo $Button.$_['Delete']  .$ACTION ?>delete'">
+	<?php echo $Button.$_['Close'] ?>" onclick="parent.location = '<?php echo $ONESCRIPT.$param1 ?>'">
+	</div>
+<?php
+}//end Edit_Page_buttons()******************************************************
+
+
+
+
+//******************************************************************************
+function Edit_Page_form($ext, $text_editable, $too_large_to_edit, $too_large_to_edit_message){ 
+	global $_, $ONESCRIPT, $param1, $param2, $param3, $filename, $itypes, $INPUT_NUONCE, $EX, $message, $MAX_IDLE_TIME;
+?>
+	<form id="edit_form" name="edit_form" method="post" action="<?php echo $ONESCRIPT.$param1.$param2.$param3 ?>">
+		<?php echo $INPUT_NUONCE; ?>
+<?php
+		if ( !in_array( strtolower($ext), $itypes) ) { //If non-image...
+
+			if (!$text_editable) { // If non-text file...
+				echo '<p class="edit_disabled">'.$_['edit_txt_01'].'<br><br></p>';
+
+			}elseif ( $too_large_to_edit ) {
+ 				echo '<p class="edit_disabled">'.$too_large_to_edit_message.'</p>';
+
+			}else{
+				if (PHP_VERSION_ID  < 50400) {  // 5.4.0
+					$filecontent = htmlspecialchars(file_get_contents($filename));
+				}else{
+					$filecontent = htmlspecialchars(file_get_contents($filename),ENT_SUBSTITUTE);
+				}
+				$bad_chars = ($filecontent == "" && filesize($filename) > 0);
+
+				if ($bad_chars){ //did htmlspecialchars return an empty string?
+					echo '<pre class="edit_disabled">'.$EX.$_['edit_txt_02'].'<br>';
+					echo $_['edit_txt_03'].'<br>';
+					echo $_['edit_txt_04'].'<br></pre>';
+				}else{
+					echo '<input type="hidden" name="filename" id="filename" value="'.htmlspecialchars($filename).'">';
+					echo '<textarea id="file_contents" name="content" cols="70" rows="25"
+						onkeyup="Check_for_changes(event);">'.$filecontent.'</textarea>'.PHP_EOL;
+				}
+			} //end if !editable /else...
+		} //end if non-image, show textarea
+
+		Edit_Page_buttons($text_editable, $too_large_to_edit);
+
+		Edit_Page_scripts();
+?>	</form>
+<?php
+	if ($text_editable && !$too_large_to_edit && !$bad_chars) { Edit_Page_Notes(); }
+}//end Edit_Page_form() ********************************************************
+
+
+
+
+function Edit_Page_Notes() { //*************************************************
+	global $_, $MAX_IDLE_TIME;
+			$SEC = $MAX_IDLE_TIME;
+			$HRS = floor($SEC/3600);
+			$SEC = fmod($SEC,3600);
+			$MIN = floor($SEC/60);   if ($MIN < 10) { $MIN = "0".$MIN; };
+			$SEC = fmod($SEC,60);    if ($SEC < 10) { $SEC = "0".$SEC; };
+			$HRS_MIN_SEC = $HRS.':'.$MIN.':'.$SEC;
+?>
+			<div id="edit_notes">
+				<div class="notes"><?php echo $_['edit_notes_00'] ?></div>
+				<div class="notes"><b>1)
+					<?php echo $_['edit_note_01a'].'$MAX_IDLE_TIME '.$_['edit_note_01b'] ?>
+					<?php echo ' '.$HRS_MIN_SEC.'. '.$_['edit_note_02'] ?></b>
+				</div>
+				<div class="notes"><b>2) </b> <?php echo $_['edit_note_03'] ?></div>
+				<div class="notes"><b>3) </b> <?php echo $_['edit_note_04'] ?></div>
+			</div>
+<?php 
+}//end Edit_Page_Notes() { //***************************************************
+
+
+
+
+function Edit_Page() { //*******************************************************
+	global $_, $ONESCRIPT, $param1, $filename, $filecontent, $etypes, $itypes, $MAX_EDIT_SIZE, $MAX_VIEW_SIZE;
+	clearstatcache ();
+
+	//Determine if text editable file type
+	$ext = end( explode(".", strtolower($filename) ) );
+	if ( in_array($ext, $etypes) ) { $text_editable = TRUE;  }
+	else                           { $text_editable = FALSE; }
+	
+	$too_large_to_edit = (filesize($filename) > $MAX_EDIT_SIZE);
+	$too_large_to_view = (filesize($filename) > $MAX_VIEW_SIZE);
+	
+	if ( $too_large_to_edit ) { $header2 = $_['edit_h2_1']; }
+	else                      { $header2 = $_['edit_h2_2']; }
+
+	$too_large_to_edit_message = 
+'<b>'.$_['too_large_to_edit_01a'].number_format($MAX_EDIT_SIZE).' '.$_['too_large_to_edit_01b'].'</b><br>'.
+$_['too_large_to_edit_02'].'<br>'.$_['too_large_to_edit_03'].'<br>'.$_['too_large_to_edit_04'];
+
+	$too_large_to_view_message = 
+'<b>'.$_['too_large_to_view_01a'].number_format($MAX_VIEW_SIZE).' '.$_['too_large_to_view_01b'].'</b><br>'.
+$_['too_large_to_view_02'].'<br>'.$_['too_large_to_view_03'].'<br>'.$_['too_large_to_view_04'];
+
+	echo '<h2 id="edit_header">'.$header2;
+	echo '<a class="filename" href="/'.URLencode_path($filename).'" target="_blank">'.htmlentities(basename($filename)).'</a>';
+	echo '</h2>'.PHP_EOL;
+
+	Edit_Page_buttons_top($text_editable);
+
+	Edit_Page_form($ext, $text_editable, $too_large_to_edit, $too_large_to_edit_message);
+	
+	if ( in_array( $ext, $itypes) ) { show_image(); }
+
+	echo '<div style="clear:both"></div>';
+
+	if     ( $text_editable && $too_large_to_view ) {
+		echo '<p class="edit_disabled">'.$too_large_to_view_message.'</p>';
+	}
+	elseif ( $text_editable && $too_large_to_edit ){ 
+		$filecontent = htmlspecialchars(file_get_contents($filename), ENT_COMPAT,'UTF-8');
+		echo '<pre class="edit_disabled view_file">'.$filecontent.'</pre>';
+	}
+}//End Edit_Page ***************************************************************
+
+
+
+
+function Edit_response(){ //***If on Edit page, and [Save] clicked *************
+	global $_, $EX, $message, $filename;
+	$filename = $_POST["filename"];
+	$content  = $_POST["content"];
+
+	$bytes = file_put_contents($filename, $content);
+
+	if ($bytes !== false) {
+		$message .= '<b>'.$_['edit_msg_01'].' '.$bytes.' '.$_['edit_msg_02'].'</b>';
+	}else{
+		$message .= $EX.'<b>'.$_['edit_msg_03'].'</b>';
+	}
+}//end Edit_response() *********************************************************
+
+
+
+
+function Upload_Page() { //*****************************************************
+	global $_, $ONESCRIPT, $ipath, $param1, $INPUT_NUONCE;
+
+	//Determine $MAX_FILE_SIZE to upload
+	$upload_max_filesize = ini_get('upload_max_filesize'); //This should be < post_max_size,
+	$post_max_size       = ini_get('post_max_size');       //but, just in case, check both...
+
+	function shorthand_to_int($SHORTHAND){ //*******************
+		$KMG = strtoupper(substr($SHORTHAND, -1));
+		if     ($KMG == "K") { return $SHORTHAND * 1024; }
+		elseif ($KMG == "M") { return $SHORTHAND * 1048576; }
+		elseif ($KMG == "G") { return $SHORTHAND * 1073741824; }
+		else                 { return $SHORTHAND; }
+	}//end function shorthand_to_int() *************************
+
+	$UMF = shorthand_to_int($upload_max_filesize);
+	$PMS = shorthand_to_int($post_max_size);
+
+	if ($UMF <= $PMS){ $MAX_FILE_SIZE = $UMF; $max_msg = $upload_max_filesize.' '.$_['upload_txt_01']; }
+	else             { $MAX_FILE_SIZE = $PMS; $max_msg = $post_max_size      .' '.$_['upload_txt_02']; }
+?>
+	<h2><?php echo $_['upload_h2'] ?></h2>
+	<p><?php echo $_['upload_txt_03'].$max_msg; ?></p>
+	<form enctype="multipart/form-data" action="<?php echo $ONESCRIPT.$param1; ?>&amp;p=uploaded" method="post">
+		<?php echo $INPUT_NUONCE; ?>
+		<input type="hidden" name="MAX_FILE_SIZE" value="<?php echo $MAX_FILE_SIZE ?>"> 
+		<input type="hidden" name="upload_destination" value="<?php echo htmlspecialchars($ipath); ?>" >
+		<input type="file"   name="upload_file" id="upload_file" size="100">
+		<?php Cancel_Submit_Buttons($_['Upload'],"cancel"); ?>
+	</form>
+<?php 
+} //end Upload_Page() **********************************************************
+
+
+
+
+function Upload_response() { //*************************************************
+	global $_, $filename, $message, $EX, $page;
+	$filename    = $_FILES['upload_file']['name'];
+	$destination = Check_path($_POST["upload_destination"]);
+	$page  = "index";
+	$MAXUP1 = ini_get('upload_max_filesize');
+	$MAXUP2 = number_format($_POST['MAX_FILE_SIZE']).$_['bytes_01'];
+	$ERROR = $_FILES['upload_file']['error'];
+
+	if     ( $ERROR == 1 ){ $ERRMSG = $_['upload_err_01a'].' upload_max_filesize = '.$MAXUP1.' '.$_['upload_err_01b'];}
+	elseif ( $ERROR == 2 ){ $ERRMSG = $_['upload_err_02a'].' $MAX_FILE_SIZE = '     .$MAXUP2.' '.$_['upload_err_02b'];}
+	elseif ( $ERROR == 3 ){ $ERRMSG = $_['upload_err_03']; }
+	elseif ( $ERROR == 4 ){ $ERRMSG = $_['upload_err_04']; }
+	elseif ( $ERROR == 5 ){ $ERRMSG = $_['upload_err_05']; }
+	elseif ( $ERROR == 6 ){ $ERRMSG = $_['upload_err_06']; }
+	elseif ( $ERROR == 7 ){ $ERRMSG = $_['upload_err_07']; }
+	elseif ( $ERROR == 8 ){ $ERRMSG = $_['upload_err_08']; }
+	else                  { $ERRMSG = ''; }
+
+	if (($filename == "")){ 
+		$message .= $EX.'<b>'.$_['upload_msg_01'].'</b>';
+	}elseif (($destination != "") && !is_dir($destination)) {
+		$message .= $EX.$_['upload_msg_02'].'<br><b>';
+		$message .= htmlentities($WEB_ROOT.$destination).'</b><br>'.$_['upload_msg_03'].'</b>';
+	}else{
+		$message .= $_['upload_msg_04'].' "<b>'.htmlentities($filename).'</b>"...';
+		$savefile = ordinalize($destination, $filename, $savefile_msg);
+		if(move_uploaded_file($_FILES['upload_file']['tmp_name'], $savefile)) {
+			$message .= '<br>'.$_['upload_msg_05'].' '.$savefile_msg;
+		} else{
+			$message .= '<br>'.$EX.'<b>'.$_['upload_msg_06'].'</b> '.$ERRMSG.'';
+		}
+	}
+}//end Upload_response() *******************************************************
+
+
+
+
+function New_File_Page() { //***************************************************
+	global $_, $FORM_COMMON, $INVALID_CHARS;
+?>
+	<h2><?php echo $_['new_file_h2'] ?></h2>
+	<?php echo $FORM_COMMON ?>
+		<p><?php echo $_['new_file_txt_01'] . $_['new_file_txt_02'] ?>
+		<span class="mono"><?php echo htmlentities($INVALID_CHARS) ?></span></p>
+		<input type="text" name="new_file" id="new_file" value="">
+		<?php Cancel_Submit_Buttons($_['Create'],"new_file"); ?>
+	</form>
+<?php 
+}//end New_File_Page()**********************************************************
+
+
+
+
+function New_File_response() { //***********************************************
+	global $_, $ipath, $param2, $param3, $filename, $page, $message, $EX, $INVALID_CHARS, $INVALID_CHARS_array;
+
+	$new_name = trim($_POST["new_file"],'/ '); //Trim spaces and slashes.
+	$filename = $ipath.$new_name;
+	$page = "index"; // return to index if new file fails
+	
+	$invalid = false;
+	foreach ($INVALID_CHARS_array as $bad_char) {
+		if (strpos($new_name, $bad_char) !== false) { $invalid = true; }
+	}
+
+	if ($invalid){
+		$message .= $EX.'<b>'.$_['new_file_msg_01'].'</b> '.htmlentities($new_name).'<br>'.
+			'<b> &nbsp; &nbsp; &nbsp; '.$_['new_file_msg_02'].
+			'<span class="mono">'.htmlentities($INVALID_CHARS).'</span></b>';
+	}elseif ($new_name == ""){ 
+		$message .= $EX.'<b>'.$_['new_file_msg_03'].'</b>';
+	}elseif (file_exists($filename)) {
+		$message .= $EX.'<b>'.$_['new_file_msg_04'];
+		$message .= htmlentities($new_name).'</b>';
+	}elseif ($handle = fopen($filename, 'w')) {
+		fclose($handle);
+		$message .= '<b>'.$_['new_file_msg_05'].'</b> '.htmlentities($new_name);
+		$page     = "edit";
+		$param2   = '&amp;f='.rawurlencode(basename($filename));// for Edit_Page() buttons
+		$param3   = '&amp;p=edit';                              // for Edit_Page() buttons 
+	}else{
+		$message .= $EX.'<b>'.$_['new_file_msg_06'];
+		$message .= htmlentities($new_name);
+	}
+}//end New_File_response() *****************************************************
+
+
+
+
+function Copy_Ren_Move_Page($action, $title, $name_id, $isfile) { //************
+	//$action = 'Copy' or 'Rename'. $isfile = 1 if acting on a file, not a folder
+	global $_, $WEB_ROOT, $ipath, $filename, $FORM_COMMON;
+	if ($isfile) { $old_name = $filename; }else{ $old_name = $ipath; }
+	if ($isfile) { $new_name = $filename; }else{ $new_name = $ipath; }
+	//if ($action == "Copy" ) { $new_name = ordinalize($ipath, basename($filename), $msg); }
+?>
+	<h2><?php echo $action.' '.$title ?></h2>
+	<p><?php echo $_['CRM_txt_01'] ?></p>
+	<?php echo $FORM_COMMON ?>
+		<p>
+			<label><?php echo $_['CRM_txt_02'] ?></label>
+			<span class="web_root"><?php echo htmlentities($WEB_ROOT); ?></span><input type="text" 
+				name="old_name" value="<?php echo htmlspecialchars($old_name); ?>" readonly="readonly">
+		</p>
+		<p>
+			<label><?php echo $_['CRM_txt_03'] ?></label>
+			<span class="web_root"><?php echo htmlentities($WEB_ROOT); ?></span><input type="text" 
+				name="<?php echo $name_id ?>" id="<?php echo $name_id ?>" 
+				value="<?php echo htmlspecialchars($new_name); ?>">
+		</p>
+		<?php Cancel_Submit_Buttons($action, $name_id); ?>
+	</form>
+<?php 
+} //end Copy_Ren_Move_Page() ***************************************************
+
+
+
+
+//******************************************************************************
+function Copy_Ren_Move_response($old_name, $new_name, $action, $msg1, $msg2, $isfile){
+	//$action = 'copy' or 'rename'. $isfile = 1 if acting on a file, not a folder
+	global $_, $WEB_ROOT, $ipath, $param1, $param2, $message, $EX, $page, $filename;
+
+	$old_name = trim($old_name,'/ ');
+	$new_name = trim($new_name,'/ ');
+	$new_location = dirname($new_name);
+	$filename = $old_name; //default if error
+	if ($isfile) { $page = "edit"; }else{ $page = "index"; }
+	
+	if ( !is_dir($new_location) ){
+		$message .= $EX.'<b>'.$msg1.' '.$_['CRM_msg_01'].'</b><br>';
+		$message .= htmlentities($WEB_ROOT.$new_location).'/<br>';
+	}elseif ( !file_exists($filename) ){
+		$message .= $EX.'<b>'.$msg1.' '.$_['CRM_msg_02'].'</b><br>';
+		$message .= htmlentities($filename);
+	}elseif (file_exists($new_name)) {
+		$message .= $EX.'<b>'.$msg1.' '.$_['CRM_msg_03'].'<br>';
+		$message .= htmlentities($WEB_ROOT.$new_name).'</b>';
+	}elseif ($action($old_name, $new_name)) {
+		$message .= '<b>'.htmlentities($WEB_ROOT.$old_name).'</b><br>';
+		$message .= ' --- '.$msg2.' '.$_['CRM_msg_04'].' ---<br>';
+		$message .= '<b>'.htmlentities($WEB_ROOT.$new_name).'</b>';
+		$filename = $new_name; //so edit page knows what to edit
+		if ($isfile) { $ipath = Check_path(dirname($filename)); } //if changed,
+		else         { $ipath = Check_path($filename); }          //return to new dir.
+		$param1   = '?i='.URLencode_path($ipath);
+		$param2   = '&amp;f='.rawurlencode(basename($filename));
+		$param3   = '&amp;p=edit';
+	}else{
+		$message .= '<b>'.htmlentities($WEB_ROOT.$old_name).'</b><br>';
+		$message .= $EX.'<b>'.$_['CRM_msg_05a'].' '.$msg1.' '.$_['CRM_msg_05b'].'</b><br>';
+		$message .= '<b>'.htmlentities($WEB_ROOT.$new_name).'</b>';
+	}
+}//end Copy_Ren_Move_response() ************************************************
+
+
+
+
+function Delete_File_Page() { //************************************************
+	global $_, $filename, $FORM_COMMON;
+?>
+	<h2><?php echo $_['delete_h2'] ?></h2>
+	<?php echo $FORM_COMMON ?>
+		<input type="hidden" name="delete_file" value="<?php echo htmlspecialchars($filename); ?>" >
+		<span class="verify"><?php echo htmlentities(basename($filename)); ?></span>
+		<p><b><?php echo $_['delete_txt_01'] ?></b></p>
+		<?php Cancel_Submit_Buttons($_['DELETE'], "cancel"); ?>
+	</form>
+<?php 
+} //end Delete_File_Page() *****************************************************
+
+
+
+
+function Delete_File_response(){ //*********************************************
+	global $_, $filename, $message, $EX, $page;
+
+	$page = "index"; //Return to index
+	$filename = $_POST["delete_file"];
+
+	if (unlink($filename)) {
+		$message .= '<b>'.$_['delete_msg_01'].' '.htmlentities(basename($filename)).'</b>';
+	}else{
+		$message .= $EX.'<b>'.$_['delete_msg_02'].' "'.htmlentities($filename).'"</b>.';
+		$page = "edit";
+	}
+}//end Delete_File_response() **************************************************
+
+
+
+
+function New_Folder_Page() { //*************************************************
+	global $_, $FORM_COMMON, $INVALID_CHARS;
+?>
+	<h2><?php echo $_['new_folder_h2'] ?></h2>
+	<?php echo $FORM_COMMON ?>
+		<p><?php echo $_['new_folder_txt_1'] ?>
+		<?php echo $_['new_folder_txt_2'] ?> <span class="mono"><?php echo htmlentities($INVALID_CHARS) ?></span></p>
+		<input type="text" name="new_folder" id="new_folder" value="">
+		<?php Cancel_Submit_Buttons($_['Create'],"new_folder"); ?>
+	</form>
+<?php 
+} //end New_Folder_Page() ******************************************************
+
+
+
+
+function New_Folder_response(){ //**********************************************
+	global $_, $ipath, $param1, $page, $message, $EX, $INVALID_CHARS, $INVALID_CHARS_array;
+
+	$new_name = trim($_POST["new_folder"],'/ '); //Trim spaces, and make sure only has a single trailing slash.
+
+	$invalid = false;
+	foreach ($INVALID_CHARS_array as $bad_char) {
+		if (strpos($new_name, $bad_char) !== false) { $invalid = true; }
+	}
+	$page = "index"; //Return to index
+
+	$new_ipath = $ipath.$new_name.'/';
+
+	if ($invalid){
+		$message .= $EX.'<b>'.$_['new_folder_msg_01'].'</b> '.htmlentities($new_name).'<br>'.
+			'<b>'.$_['new_folder_msg_02'].
+			'<span class="mono">'.htmlentities($INVALID_CHARS).'</span></b>';
+	}elseif ($new_name == ""){ 
+		$message .= $EX.'<b>'.$_['new_folder_msg_03'].'</b>';
+	}elseif (is_dir($new_ipath)) {
+		$message .= $EX.'<b>'.$_['new_folder_msg_04'].' ';
+		$message .= htmlentities($new_ipath).'</b>';
+	}elseif (mkdir($new_ipath)) {
+		$message .= '<b>'.$_['new_folder_msg_05'].'</b> '.htmlentities($new_name);
+		$ipath    = $new_ipath;  //return to new folder
+		$param1   = '?i='.URLencode_path($ipath);
+	}else{
+		$message .= $EX.'<b>'.$_['new_folder_msg_06'].' </b><br>';
+		$message .= htmlentities($new_name);
+	}
+}//end New_Folder_response *****************************************************
+
+
+
+
+function Delete_Folder_Page(){ //***********************************************
+	global $_, $WEB_ROOT, $ipath, $FORM_COMMON;
+?>
+	<h2><?php echo $_['delete_folder_h2'] ?></h2>
+	<?php echo $FORM_COMMON ?>
+		<input type="hidden" name="delete_folder" value="<?php echo htmlspecialchars($ipath); ?>" >
+		<span class="web_root"><?php echo htmlentities($WEB_ROOT.Check_path(dirname($ipath))); ?></span><span 
+		class="verify"><?php echo htmlentities(basename($ipath)); ?></span> /
+		<p><b><?php echo $_['delete_folder_txt_01'] ?></b></p>
+		<?php Cancel_Submit_Buttons($_['DELETE'], "cancel"); ?>
+	</form>
+<?php 
+} //end Delete_Folder_Page() //*************************************************
+
+
+
+
+function Delete_Folder_response() { //******************************************
+	global $ipath, $param1, $page, $message, $EX;
+	$page = "index"; //Return to index
+	$foldername = trim($_POST["delete_folder"], '/');
+
+	if ( !is_empty($ipath) ) {
+		$message .= $EX.'<b>'.$_['delete_folder_msg_01'].'</b>';
+		$page = "index";
+	}elseif (@rmdir($foldername)) {
+		$message .= '<b>'.$_['delete_folder_msg_02'].'</b> '.htmlentities(basename($foldername));
+		$ipath  = Check_path($foldername); //Return to parent dir.
+		$param1 = '?i='.URLencode_path($ipath);
+	}else {
+		$message .= $EX.'<b>"'.htmlentities($foldername).'/"</b> '.$_['delete_folder_msg_03'];
+	}
+}//end Delete_Folder_response() ************************************************
+
+
+
+
+function Page_Title(){ //***<title>Page_Title()</title>*************************
+	global $_, $page;
+
+	if     ($page == "login")        { return $_['page_title_login'];     }
+	elseif ($page == "hash")         { return $_['page_title_hash'];      }
+	elseif ($page == "edit")         { return $_['page_title_edit'];      }
+	elseif ($page == "upload")       { return $_['page_title_upload'];    }
+	elseif ($page == "newfile")      { return $_['page_title_new_file'];  }
+	elseif ($page == "copy" )        { return $_['page_title_copy'];      }
+	elseif ($page == "rename")       { return $_['page_title_ren'];       }
+	elseif ($page == "delete")       { return $_['page_title_del'];       }
+	elseif ($page == "newfolder")    { return $_['page_title_folder_new'];}
+	elseif ($page == "renamefolder") { return $_['page_title_folder_ren'];}
+	elseif ($page == "deletefolder") { return $_['page_title_folder_del'];}
+	else                             { return $_SERVER['SERVER_NAME']; }
+}//end Page_Title() ************************************************************
+
+
+
+
+function Load_Selected_Page(){ //***********************************************
+	global $_, $ONESCRIPT, $page;
+
+	if     ($page == "login")        { Login_Page();         }
+	elseif ($page == "hash")         { Hash_Page();          }
+	elseif ($page == "edit")         { Edit_Page();          }
+	elseif ($page == "upload")       { Upload_Page();        }
+	elseif ($page == "newfile")      { New_File_Page();      }
+	elseif ($page == "copy")         { Copy_Ren_Move_Page($_['Copy'],   $_['File'], 'copy_file', 1); }
+	elseif ($page == "rename")       { Copy_Ren_Move_Page($_['Rename'], $_['File'], 'rename_file', 1); }
+	elseif ($page == "delete")       { Delete_File_Page();   }
+	elseif ($page == "newfolder")    { New_Folder_Page();    }
+	elseif ($page == "renamefolder") { Copy_Ren_Move_Page($_['Rename'], $_['Folder'], 'rename_folder', 0); }
+	elseif ($page == "deletefolder") { Delete_Folder_Page(); }
+	else                             { Index_Page();         } //default
+}//end Load_Selected_Page() ****************************************************
+
+
+
+
+function Timer_scripts() { //***************************************************
+	global $_;
+?>
+<script>
+//pad() is also used by the Time_Stamp_scripts()
+function pad(num){ if ( num < 10 ){ num = "0" + num; }; return num; }
+
+
+function FormatTime(Seconds) {
+	var Hours = Math.floor(Seconds / 3600); Seconds = Seconds % 3600;
+	var Minutes = Math.floor(Seconds / 60); Seconds = Seconds % 60;
+	if ((Hours == 0) && (Minutes == 0)) { Minutes = "" } else { Minutes = pad(Minutes) }
+	if (Hours == 0) { Hours = ""} else { Hours = pad(Hours) + ":"}
+
+	return (Hours + Minutes + ":" + pad(Seconds));
+}
+
+
+function Countdown(count, End_Time, Timer_ID, Timer_CLASS, Action){
+	var Timer        = document.getElementById(Timer_ID);
+	var Current_Time = Math.round(new Date().getTime()/1000); //js uses milliseconds
+	    count        = End_Time - Current_Time;
+	var params = count + ', "' + End_Time + '", "' + Timer_ID + '", "' + Timer_CLASS + '", "' + Action + '"';
+
+	Timer.innerHTML = FormatTime(count);
+
+	if ( (count < 120) && (Action != "") ) { //Two minute warning...
+		Timer.style.backgroundColor = "white";
+		Timer.style.color = "red";
+		Timer.style.fontWeight = "900";
+	}
+
+	if ( count < 1 ) {
+		if ( Action == 'LOGOUT') { 
+			Timer.innerHTML = '<?php echo $_['session_expired'] ?>';
+			//Load login screen, but delay first to make sure really expired:
+			setTimeout('window.location = window.location.pathname',3000); //1000 = 1 second
+		}
+		return;
+	}
+	setTimeout('Countdown(' + params + ')',1000);
+}
+
+
+function Start_Countdown(count, ID, CLASS, Action){
+	document.write('<span id="' + ID + '"  class="' + CLASS + '"></span>');
+
+	var Time_Start  = Math.round(new Date().getTime()/1000);
+	var Time_End    = Time_Start + count;
+
+	Countdown(count, Time_End, ID, CLASS, Action); //(seconds to count, id of element)
+}
+</script>
+<?php 
+}//end Timer_scripts() *********************************************************
+
+
+
+
+function Time_Stamp_scripts() { //**********************************************
+?>
+<script>//Dispaly file's timestamp in user's local time 
+
+function FileTimeStamp(php_filemtime, show_date, show_offset){
+
+	//php's filemtime returns seconds, javascript's date() uses milliseconds.
+	var FileMTime = php_filemtime * 1000; 
+
+	var TIMESTAMP  = new Date(FileMTime);
+	var YEAR  = TIMESTAMP.getFullYear();
+	var	MONTH = pad(TIMESTAMP.getMonth() + 1);
+	var DATE  = pad(TIMESTAMP.getDate());
+	var HOURS = TIMESTAMP.getHours();
+	var MINS  = pad(TIMESTAMP.getMinutes());
+	var SECS  = pad(TIMESTAMP.getSeconds());
+
+	if ( HOURS < 12) { AMPM = "am"; } else { AMPM = "pm"; }
+	if ( HOURS > 12 ) {HOURS = HOURS - 12; }
+	HOURS = pad(HOURS);
+
+	var GMT_offset = -(TIMESTAMP.getTimezoneOffset()); //Yes, I know - seems wrong, but it's works.
+
+	if (GMT_offset < 0) { NEG=-1; SIGN="-"; } else { NEG=1; SIGN="+"; } 
+
+	var offset_HOURS = Math.floor(NEG*GMT_offset/60);
+	var offset_MINS  = pad( NEG * GMT_offset % 60 );
+	var offset_FULL  = "UTC " + SIGN + offset_HOURS + ":" + offset_MINS;
+
+	FULLDATE = YEAR + "-" + MONTH + "-" + DATE;
+	FULLTIME = HOURS + ":" + MINS + ":" + SECS + " " + AMPM;
+
+	var               DATETIME = FULLTIME;
+	if (show_date)  { DATETIME = FULLDATE + " &nbsp;" + FULLTIME;}
+	if (show_offset){ DATETIME += " ("+offset_FULL+")"; }
+		
+	document.write( DATETIME );
+
+}//end FileTimeStamp(php_filemtime)
+</script>
+<?php 
+}//end Time_Stamp_scripts() ****************************************************
+
+
+
+
+function Edit_Page_scripts() { //***********************************************
+	global $_;
+?>
+	<!--======== Provide feedback re: unsaved changes ========-->
+	<script>
+	
+	var File_textarea    = document.getElementById('file_contents');
+	var Save_File_button = document.getElementById('save_file');
+	var Reset_button     = document.getElementById('reset');
+	var Main_div		 = document.getElementById('main');
+	var Wide_View_button = document.getElementById('wide_view');
+
+	var main_width_default = Main_div.style.width ;
+	var start_value = File_textarea.value;
+	var submitted   = false
+	var changed     = false;
+
+
+	function Wide_View() {
+		File_textarea.style.width = '99.8%';
+		if (Main_div.style.width == '95%') {
+			Main_div.style.width = main_width_default;
+			Wide_View_button.value = '<?php echo $_['Wide_View'] ?>';
+		}else{
+			Main_div.style.width = '95%';
+			Wide_View_button.value = '<?php echo $_['Normal_View'] ?>';
+		}
+	}
+
+
+	// The following events only apply when the element is active.
+	// [Save] is disabled unless there are changes to the open file.
+	Save_File_button.onfocus = function() {Save_File_button.style.backgroundColor = "rgb(255,250,150)";}
+	Save_File_button.onblur  = function() {Save_File_button.style.backgroundColor ="#Fee";}
+	Save_File_button.onmouseover = function() {Save_File_button.style.backgroundColor = "rgb(255,250,150)";}
+	Save_File_button.onmouseout  = function() {Save_File_button.style.backgroundColor = "#Fee";}
+
+
+
+	function Reset_file_status_indicators() {
+		changed = false;
+		File_textarea.style.backgroundColor = "#F6FFF6";  //light green
+		Save_File_button.style.backgroundColor = "";
+		Save_File_button.style.borderColor = "";
+		Save_File_button.style.borderWidth = "1px";
+		Save_File_button.disabled = "disabled";
+		Save_File_button.value = "Save";
+		Reset_button.disabled = "disabled";
+	}
+
+
+	window.onbeforeunload = function() {
+		if ( changed && !submitted) { 
+			//FF4+ Ingores the supplied msg below & only uses a system msg for the prompt.
+			return "<?php echo $_['unload_unsaved'] ?>";
+		}
+	}
+
+
+	window.onunload = function() {
+		//without this, a browser back then forward would reload file with local/
+		// unsaved changes, but with a green b/g as tho that's the file's contents.
+		if (!submitted) {
+			File_textarea.value = start_value;
+			Reset_file_status_indicators();
+		}
+	}
+
+
+	//With selStart & selEnd == 0, moves cursor to start of text field.
+	function setSelRange(inputEl, selStart, selEnd) { 
+		if (inputEl.setSelectionRange) { 
+			inputEl.focus(); 
+			inputEl.setSelectionRange(selStart, selEnd); 
+		} else if (inputEl.createTextRange) { 
+			var range = inputEl.createTextRange(); 
+			range.collapse(true); 
+			range.moveEnd('character', selEnd); 
+			range.moveStart('character', selStart); 
+			range.select(); 
+		} 
+	}
+
+
+	function Check_for_changes(event){
+		var keycode=event.keyCode? event.keyCode : event.charCode;
+		changed = (File_textarea.value != start_value);
+		if (changed){
+			document.getElementById('message').innerHTML = " "; // Must have a space, or it won't clear the msg.
+			File_textarea.style.backgroundColor = "#Fee";  //light red
+			Save_File_button.style.backgroundColor ="#Fee";
+			Save_File_button.style.borderColor = "#F44";   //less light red
+			Save_File_button.style.borderWidth = "1px";
+			Save_File_button.disabled = "";
+			Reset_button.disabled = "";
+			Save_File_button.value = "SAVE CHANGES!";
+		}else{
+			Reset_file_status_indicators()
+		}
+	}
+
+
+	//Reset textarea value to when page was loaded.
+	//Used by [Reset] button, and when page unloads (browser back, etc). 
+	//Needed becuase if the page is reloaded (ctl-r, or browser back/forward, etc.), 
+	//the text stays changed, but "changed" gets set to false, which looses warning.
+	function Reset_File() {
+		if (changed) {
+			if ( !(confirm("<?php echo $_['confirm_reset'] ?>")) ) { return; }
+		}
+		File_textarea.value = start_value;
+		Reset_file_status_indicators();
+		setSelRange(File_textarea, 0, 0) //Move cursor to start of textarea.
+	}
+	
+	Reset_file_status_indicators()
+	</script>
+<?php 
+}//End Edit_Page_scripts() *****************************************************
+
+
+
+
+function style_sheet(){ //****************************************************?>
+<style>
+/* --- reset --- */
+* { border : 0; outline: 0; margin : 0; padding: 0;
+    font-family: inherit; font-weight: inherit; font-style : inherit;
+    font-size  : 100%; vertical-align: baseline; }
+
+
+/* --- general formatting --- */
+
+body { font-size: 1em; background: #DDD; font-family: sans-serif; }
+
+p, table { margin-bottom: .8em; margin-top: .8em;}
+
+div { position: relative; }
+
+h1,h2,h3,h4,h5,h6 { font-weight: bold; }
+h2, h3 { font-size: 1.2em; margin: .5em 1em .5em 0; } /*TRBL*/
+
+i, em     { font-style : italic; }
+b, strong { font-weight: bold;   }
+
+:focus { outline:0; }
+
+table { border-collapse:separate; border-spacing:0; }
+th,td { text-align:left; font-weight:400; }
+
+a       { border: 1px solid transparent; color: rgb(100,45,0); text-decoration: none; }
+a:hover { border: 1px solid #807568; background-color: rgb(255,250,150); }
+a:focus { border: 1px solid #807568; background-color: rgb(255,250,150); }
+
+form p { margin-bottom: .3em; }
+
+label { display: inline-block; width : 6em; font-size : 1em; font-weight: bold; }
+
+svg { margin: 0; padding: 0; }
+
+pre { /*Used around test output when trouble shooting*/
+	background: white;
+	border: 1px solid #807568;
+	padding: .5em;
+	margin: 0;
+	}
+
+
+/* --- layout --- */
+
+.container {
+	border : 0px solid #807568;
+	width  : 810px;
+	margin : 0 auto 2em auto;
+	}
+
+
+.header {
+	border-bottom : 1px solid #807568;
+	padding: 04px 0px 01px 0px;
+	margin : 0 0 .5em 0;
+	}
+
+
+#logo {
+	font-family: 'Trebuchet MS', sans-serif;
+	font-size:2.2em;
+	font-weight: bold;
+	color: black;
+	padding: .1em;
+	}
+
+.filename {
+	border: 1px solid #807568;
+	padding: .1em .2em .1em .2em;
+	font-weight: 700;
+	font-family: courier;
+	background-color: #EEE;
+	}
+
+#message { margin-bottom: .5em;}
+
+#message p {
+	margin: 0;
+	padding: 4px 0px 4px .5em;
+	border: 1px solid #807568;
+	Xfont-family: courier;
+	font-size: 1em;
+	line-height: 1.2em;
+	background: #fff000;
+	}
+
+#message #Xbox { float: right; }
+
+#message #dismiss { padding: 5px 4px 5px 4px; border-right: none; } /*TRBL*/ /*font-family: Courier; font-size: 1.2em;*/
+
+
+/* --- INDEX directory listing, table format --- */
+table.index_T {
+	min-width: 30em;
+	font-size: .95em;
+	border-style: outset;
+	border-width: 1px;
+	border-color: #807568;
+	border-collapse: collapse;
+	margin-bottom: .7em;
+	background-color: #FdFdFd;
+	}
+	
+table.index_T  tr:hover { border: 1px solid #807568; }
+
+table.index_T td { 
+	border-width  : 1px;
+	border-color  : silver;
+	border-style  : inset;
+	vertical-align: middle;
+	}
+
+.index_T a { 
+	height : 1em;
+	display: block;
+	padding: .2em 1em .3em .3em;
+	color  : rgb(100,45,0);
+	border : none;
+	overflow   : hidden;
+	}
+
+.index_T a:hover { background-color: rgb(255,250,150); }
+.index_T a:focus { background-color: rgb(255,250,150); }
+
+
+
+/* File size & date */
+
+.meta_size { min-width:  6em; }
+
+.meta_time { min-width: 15em; }
+
+.meta_T {
+	padding-right : .5em;
+	text-align    : right;
+	font-family   : courier;
+    font-size     : .9em;
+	color         : #333;
+	}
+
+
+.index_folders { min-height: 1.7em;  margin-bottom: .2em; }
+
+.index_folders a {
+	Xborder       : 1px solid #807568;
+	display      : inline-block;
+	line-height  : 1em;
+	font-size    : 1em;
+	margin-right : .6em;
+	margin-bottom: .1em;
+	padding      : 3px .4em 3px 5px; /*TRBL*/
+	}
+
+.index_folders a:hover { background-color: rgb(255,250,150); }
+.index_folders a:focus { background-color: rgb(255,250,150); }
+
+
+
+/*  [Upload File] [New File] [New Folder] etc... */
+
+.front_links a {
+	display: inline-block;
+	border : 1px solid #807568;
+	height      : 1em;
+	font-size   : 1em;
+	margin-right: 1em;
+	padding     : 3px 5px 5px 4px; /*TRBL*/
+	background-color: #EEE;
+	}
+
+.front_links a .icon_fldr {margin : 1.5px 5px 0 0; }
+.front_links a .icon_file {margin : 1.0px 5px 0 0; }
+
+.front_links a:hover  { background-color: rgb(255,250,150); }
+.front_links a:focus  { background-color: rgb(255,250,150); }
+
+
+input[type="text"] {
+	border: 1px solid #807568;
+	padding: 2px;
+	width: 50em;
+	font: 1em "Courier New", Courier, monospace;
+	}
+
+.edit_disabled { 
+	border : 1px solid #807568;
+	width  : 99%;
+	padding: .2em;
+	margin : .5em 0 0 0;
+	background-color: #FFF000; color: #333;
+	line-height: 1.4em;
+	}
+
+.view_file {font-family: courier; font-size: .9em; background-color: #F8F8F8;}
+
+
+input:focus { background-color: rgb(255,250,150); }
+
+input:hover { background-color: rgb(255,250,150); }
+
+input[readonly]       { color: #333; background-color: #EEE; }
+input[disabled]       { color: #555; background-color: #EEE; }
+input[disabled]:hover { background-color: rgb(236,233,216);  } 
+input[disabled]:hover { background-color: rgb(236,233,216);  } 
+
+
+.buttons_right         { float: right; }
+.buttons_right .button { margin-left: .5em; }
+
+.button {
+	border : 1px solid #807568;
+	padding: 4px 10px;
+	cursor : pointer;
+	color      : black;
+	font-size  : .9em;
+	font-family: sans-serif;
+	background-color: #EEE;  /*#d4d4d4*/
+	}
+
+.button[disabled]  { color: #777; background-color: #EEE; }
+
+
+/* --- header --- */
+
+.nav {
+	float     : right;
+	display   : inline-block;
+	margin-top: 1.6em;
+	font-size : 1em;
+	}
+
+.nav a {
+	border: 1px solid transparent;
+	font-weight : bold;
+	padding     : .0em;
+	padding-top   : .2em;
+	padding-left  : .6em;
+	padding-right : .6em;
+	padding-bottom: .1em;
+	}
+
+.nav a:hover { border: 1px solid #807568; }
+.nav a:focus { border: 1px solid #807568; }
+
+
+/* --- edit --- */
+
+#edit_header  {margin: 0;}
+
+#edit_form    {margin: 0;}
+
+#file_contents {
+	border: 1px solid #999;
+	font  : .95em "Courier New", Courier, monospace;
+	margin: 0 0 0 0; /*T R B L*/
+	width : 99.8%;
+	height: 32em;
+}
+
+#file_contents:focus { border: 1px solid #Fdd; }
+
+.file_meta	  {float: left;  margin-top: .5em; font-size: 1em; color: #333; } /*font-family: courier;*/
+
+#edit_notes   {font-size: .8em; color: #333 ;margin-top: 1em; clear:both;}
+
+.notes {margin-bottom: .4em;}
+
+
+/* --- log in --- */
+
+.login_page {
+	margin  : 5em auto;
+	border  : 1px solid #807568;
+	padding : .5em 1em .6em 1em;
+	width   : 370px;
+	}
+
+.login_page .nav { margin-top: .5em; }
+
+.login_input {
+	border  : 1px solid #807568;
+	padding : 2px 0px 2px 2px;
+	width   : 366px;
+	font    : 1em courier;
+	}
+
+.login_page input[type="text"]{ width   : 364px; }
+
+
+
+#upload_file {
+	border: 1px solid #807568;
+	padding: 2px;
+	width: 50em;
+	}
+
+
+hr { /*-- -- -- -- -- -- --*/
+	line-height  : 0;
+	Xfont-size    : 1px;
+	display : block;
+	position: relative;
+	padding : 0;
+	margin  : .8em auto;
+	width   : 100%;
+	clear   : both;
+	border  : none;
+	border-top   : 1px solid #807568;
+	Xborder-bottom: 1px solid #eee;
+	overflow: visible;
+	}
+
+.verify {
+	border: 1px solid #F44;
+	color: #333;
+	background-color: #FFE7E7;
+	padding: .1em .2em;
+	font: 1.2em Courier;
+	}
+
+#admin {padding: .3em;}
+
+.web_root { font:1em Courier; }
+
+.icon {float: left; margin: 0 .3em 0 0;}
+
+.mono {font-family: courier;}
+
+.info {margin-top: .7em; background: #f9f9f9; padding: .2em .5em;}
+
+.path {padding: 1px 5px 1px 5px} /*TRBL*/
+
+.edit_onefile {padding: 5px; float: right;}
+
+.timer {border: 1px solid gray; padding: 3px .5em 4px .5em;}
+
+.timeout {float:right; font-size: .95em; color: #333; }
+
+.edit_btns_top    { margin: .2em 0 .5em 0;}
+
+.edit_btns_bottom { margin: .6em 0 0 0; float: right; }
+.edit_btns_bottom .button { margin-left: .5em; }
+</style>
+<?php 
+}//end style_sheet() ***********************************************************
+
+
+
+
+//******************************************************************************
+//******************************************************************************
+//Begin logic to determine page action
+
+
+if( PHP_VERSION_ID < 50000 ) { exit("OneFileCMS requires PHP5 to operate. Tested on versions 5.2.17, 5.3.3 & 5.4"); }
+
+Session_Startup(); 
+
+if ($_SESSION['valid']) {
+
+	Get_GET();  
+
+	Init_Macros();
+
+	if ($VALID_POST) { //*******************************************************
+		if     (isset($_FILES['upload_file']['name'])) { Upload_response(); }
+		elseif (isset($_POST["whattohash"]   )) { Hash_response();          }
+		elseif (isset($_POST["filename"]     )) { Edit_response();          }
+		elseif (isset($_POST["new_file"]     )) { New_File_response();      }
+		elseif (isset($_POST["copy_file"]    )) { Copy_Ren_Move_response($_POST[ "old_name"], $_POST["copy_file"], 'copy', $_['Copy'], $_['Copied'], 1); } 
+		elseif (isset($_POST["rename_file"]  )) { Copy_Ren_Move_response($_POST[ "old_name"], $_POST["rename_file"],   'rename', $_['Ren_Move'], $_['Ren_Moved'], 1); } 
+		elseif (isset($_POST["delete_file"]  )) { Delete_File_response();   }
+		elseif (isset($_POST["new_folder"]   )) { New_Folder_response();    }
+		elseif (isset($_POST["rename_folder"])) { Copy_Ren_Move_response($_POST[ "old_name"], $_POST["rename_folder"], 'rename', $_['Ren_Move'], $_['Ren_Moved'], 0); } 
+		elseif (isset($_POST["delete_folder"])) { Delete_Folder_response(); }
+	}//end if ($VALID_POST) ****************************************************
+
+
+	//*** Verify valid $page and/or $filename **********************************
+
+		//Don't load login screen if already in a valid session.
+	if     ( $_SESSION['valid'] && ($page == "login") )  { $page = "index"; }
+
+		//Don't load edit page if $filename doesn't exist.
+	elseif ( ($page == "edit")  && !is_file($filename) ) { $page = "index"; }
+
+	elseif ($page == "logout") {
+		Logout();
+		$message .= $_['logout_msg']; }
+
+		//Don't load delete page if folder not empty.
+	elseif ( ($page == "deletefolder") && !is_empty($ipath) ) {
+		$message .= $EX.'<b>'.$_['folder_del_msg'].'</b>';
+		$page = "index";}
+
+		//if size of $_POST > post_max_size, PHP only returns empty $_POST & $_FILE arrays.
+	elseif ($page == "uploaded" && !$VALID_POST){
+		$message .= $EX.'<b>'.$_['upload_error_01a'].ini_get('post_max_size').'</b> '.$_['upload_error_01b'].'';
+		$page = "index";}
+
+	elseif ( ($page == "edit") && ($filename == trim(rawurldecode($ONESCRIPT), '/')) ) { 
+		if ( $message == "" ) { $BR = ""; } else { $BR = '<br>';}
+		$message .= '<style>#message p {background: red; color: white;}</style>';
+		$message .= $BR.$EX.'<b>'.$_['edit_caution_01'].' '.$EX.$_['edit_caution_02'].'</b>';
+	}
+	//**************************************************************************
+}//end if $_SESSION[valid] *****************************************************
+
+
+
+
+//******************************************************************************
+//******************************************************************************
+?><!DOCTYPE html>
+
+<html>
+<head>
+
+<title><?php echo $config_title.' - '.Page_Title() ?></title>
+
+<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
+<meta name="robots" content="noindex">
+
+<?php style_sheet(); ?>
+
+<?php Timer_scripts() ?>
+
+<?php if ( ($page == "index") || ($page == "edit") ) { Time_Stamp_scripts(); } ?>
+
+</head>
+<body>
+
+<?php if ($page == "login"){ echo '<div id="main" class="login_page">'; }
+      else                 { echo '<div id="main" class="container" >'; }
+?>
+
+<div class="header">
+	<a href="<?php echo $ONESCRIPT.'" id="logo">'.$config_title; ?></a>
+	<?php echo $version.' ('.$_['on'].'&nbsp;php&nbsp'.phpversion().')'; ?>
+
+	<div class="nav">
+		<a href="/" target="_blank"><?php show_favicon() ?>&nbsp;
+		<b><?php echo htmlentities($WEBSITE) ?></b></a>
+		<?php if ($page != "login") { ?>
+		| <a href="<?php echo $ONESCRIPT ?>?p=logout"><?php echo $_['Log_Out'] ?></a>
+		<?php } ?>
+	</div><div style="clear:both"></div>
+</div><!-- end header -->
+
+<?php if ( $page != "login"  &&  $page != "hash" ) { Current_Path_Header(); } ?>
+
+<?php message_box() ?>
+
+<?php Load_Selected_Page() ?>
+
+<?php
+//Countdown timer...
+if ( $page != "login" ) { 
+	echo '<hr>';
+	echo Timeout_Timer($MAX_IDLE_TIME, 'timer0', 'timer timeout', 'LOGOUT');
+	echo '<span class="timeout">'.$_['time_out_txt'].' </span>';
+}
+
+//Admin link
+if ( ($page != "login") && ($page != "hash") ){
+	echo '<p><a id="admin" href="'.$ONESCRIPT.$param1.$param2.'&amp;p=hash">'.$_['Admin'].'</a>';
+}
+?>
+
+</div><!-- end container/login_page -->
+</body>
+</html>

From a97b0b7f47dbc146544dfefa4fc97abca887d546 Mon Sep 17 00:00:00 2001
From: David <selfevidenttruths@mail.com>
Date: Tue, 10 Jul 2012 17:07:01 -0400
Subject: [PATCH 098/228] Version 3.3.0 Setup muli-languages support. (Now just
 need some translations...) Created hsc() to do htmlspecialchars()  - saves 13
 bytes with use use!  :) Get_GET(): moved part with $message up so $message is
 not lost (by filename=""). Split out Edit_Page_buttons_top() from
 Edit_Page(). Fixed minor issue with [Wide View] Adjusted some css

---
 OneFileCMS.LANG.EN.ini     |  222 ++++
 onefilecms.php             |  862 ++++++++-----
 onefilecms_3.2.04.BETA.php | 2348 ------------------------------------
 onefilecms_lite.php        | 1876 ----------------------------
 readme.markdown            |   55 +-
 5 files changed, 805 insertions(+), 4558 deletions(-)
 create mode 100755 OneFileCMS.LANG.EN.ini
 delete mode 100755 onefilecms_3.2.04.BETA.php
 delete mode 100755 onefilecms_lite.php

diff --git a/OneFileCMS.LANG.EN.ini b/OneFileCMS.LANG.EN.ini
new file mode 100755
index 0000000..18685a5
--- /dev/null
+++ b/OneFileCMS.LANG.EN.ini
@@ -0,0 +1,222 @@
+;///////////////////////////////////////////////////////////////////////////////
+;// OneFileCMS Language Settings
+
+LANGUAGE = "English"
+
+;// These are the default values included directly in onefilecms.php.
+;//
+;// If no translation or value is desired for a particular setting, do not delete
+;// the actual setting variable, just set it to an empty string.
+;// For example:  some_unused_setting = ""
+;//
+;// Remember to slash-escape double quotes that may be within a value:  \"
+;// And, if the these settings are set directly in Default_Language() in onefilecms.php,
+;// single quotes must also be escaped:   \'
+
+Upload_File = "Upload File"
+New_File    = "New File"
+Ren_Move    = "Rename/Move"
+Ren_Moved   = "Renamed/Moved"
+New_Folder  = "New Folder"
+Ren_Folder  = "Rename/Move Folder"
+Del_Folder  = "Delete Folder"
+
+Admin  = "Admin"
+Enter  = "Enter"
+Edit   = "Edit"
+Close  = "Close"
+Cancel = "Cancel"
+Upload = "Upload"
+Create = "Create"
+Copy   = "Copy"
+Copied = "Copied"
+Rename = "Rename"
+Delete = "Delete"
+DELETE = "DELETE"
+File   = "File"
+Folder = "Folder"
+
+Log_In  = "Log In"
+Log_Out = "Log Out"
+Hash    = "Hash"
+Generate_Hash = "Generate Hash"
+
+save_1      = "Save"
+save_2      = "SAVE CHANGES!"
+reset       = "Reset - loose changes"
+Wide_View   = "Wide View"
+Normal_View = "Normal View"
+
+on_      = "on"
+
+verify_msg_01 = "Session expired."
+verify_msg_02 = "INVALID POST"
+
+get_get_msg_01 = "File does not exist:"
+
+check_path_msg_01 = "Directory does not exist: "
+
+ord_msg_01 = "A file with that name already exists in the target directory."
+ord_msg_02 = "Saving as"
+
+show_img_msg_01 = "Image shown at ~"
+show_img_msg_02 = "% of full size (W x H = "
+
+hash_h2 = "Generate a Password Hash"
+hash_txt_01 = "There are two ways to change your OneFileCMS password:"
+hash_txt_02 = "1) Use the $PASSWORD config variable to store your desired password, and set $USE_HASH = 0 (zero)."
+hash_txt_03 = "2) Or, use $HASHWORD to store the hash of your password, and set $USE_HASH = 1."
+hash_txt_04 = "Keep in mind that due to a number of widely varied considerations, this is largely an academic excersize. That is, take the idea that this adds much of an improvement to security with a grain of cryptographic salt.	However, it does eleminate the storage of your password in plain text, which is a good thing."
+hash_txt_05 = "Anyway, to use the $HASHWORD password option:"
+hash_txt_06 = "Type your desired password in the input field above and hit Enter."
+hash_txt_07 = "The hash will be displayed in a yellow message box above that."
+hash_txt_08 = "Copy and paste the new hash to the $HASHWORD variable in the config section."
+hash_txt_09 = "Make sure to copy ALL of, and ONLY, the hash (no leading or trailing spaces etc)."
+hash_txt_10 = "A double-click should select it..."
+hash_txt_11 = "Make sure $USE_HASH is set to 1 (or true)."
+hash_txt_12 = "When ready, logout and login."
+hash_txt_13 = "You can use OneFileCMS to edit itself.  However, be sure to have a backup ready for the inevitable ytpo..."
+hash_txt_14 = "For another small improvement to security, change the default salt and/or method used by OneFileCMS to hash the password (and keep \'em secret, of course).  Remever, every little bit helps..."
+
+hash_msg_01 = "Password: "
+hash_msg_02 = "Hash    : "
+
+login_h2 = "Log In"
+login_txt_01 = "Username:"
+login_txt_02 = "Password:"
+
+login_msg_01a = "There have been"
+login_msg_01b = "invalid login attempts."
+login_msg_02a = "Please wait"
+login_msg_02b = "seconds to try again."
+login_msg_03  = "INVALID LOGIN ATTEMPT #"
+
+edit_notes_00  = "NOTES:"
+edit_note_01a = "Remember- your "
+edit_note_01b = " is "
+edit_note_02 = "So save changes before the clock runs out, or the changes will be lost!"
+edit_note_03 = "some browsers, such as Chrome, if you click the browser [Back] then browser [Forward] (or vice versa), the file state may not be accurate.  To correct, click the browser\'s [Reload]."
+edit_note_04 = "Chrome'\s XSS filters may disable some javascript in a page if the page even appears to contain inline javascript in certain contexts.  This can affect some features of the OneFileCMS edit page when editing files that legitimately contain such code, such as OneFileCMS itself.  However, such files can still be edited and saved with OneFileCMS.  The primary function lost is the incidental change of background colors (red/green) indicating whether or not the file has unsaved changes.  The issue will be noticed after the first save of such a file."
+
+edit_h2_1 = "Viewing: "
+edit_h2_2 = "Editing: "
+edit_txt_01 = "Non-text or unkown file type. Edit disabled."
+edit_txt_02 = "File possibly contains an invalid character. Edit and view disabled."
+edit_txt_03 = "htmlspecialchars() returned and empty string from what may be an otherwise valid file."
+edit_txt_04 = "This behavior can be inconsistant from version to version of php."
+
+too_large_to_edit_01a = "Edit disabled. Filesize > "
+too_large_to_edit_01b = " bytes."
+too_large_to_edit_02 = "Some browsers (ie: IE) bog down or become unstable while editing a large file in an HTML <textarea>."
+too_large_to_edit_03 = "Adjust $MAX_EDIT_SIZE in the configuration section of OneFileCMS as needed."
+too_large_to_edit_04 = "A simple trial and error test can determine a practical limit for a given browser/computer."
+
+too_large_to_view_01a = "View disabled. Filesize > "
+too_large_to_view_01b = " bytes."
+too_large_to_view_02 = "Click the the file name above to view as normally rendered in a browser window."
+too_large_to_view_03 = "Adjust $MAX_VIEW_SIZE in the configuration section of OneFileCMS as needed."
+too_large_to_view_04 = "(The default value for $MAX_VIEW_SIZE is completely arbitrary, and may be adjusted as desired.)"
+
+meta_txt_01 = "Filesize: "
+meta_txt_02 = " bytes."
+meta_txt_03 = "Updated: "
+
+edit_msg_01 = "File saved: "
+edit_msg_02 = "bytes written."
+edit_msg_03 = "There was an error saving file."
+
+upload_h2 = "Upload File"
+upload_txt_01 = "  per upload_max_filesize in php.ini."
+upload_txt_02 = "per post_max_size in php.ini"
+upload_txt_03 = "Note: Maximum upload file size is: "
+
+upload_err_01a = "Error 1: File too large.  "
+upload_err_01b = " (From php.ini)"
+upload_err_02a = "Error 2: File too large.  "
+upload_err_02b = " (From OneFileCMS)"
+upload_err_03  = "Error 3: The uploaded file was only partially uploaded."
+upload_err_04  = "Error 4: No file was uploaded."
+upload_err_05  = "Error 5:"
+upload_err_06  = "Error 6: Missing a temporary folder."
+upload_err_07  = "Error 7: Failed to write file to disk."
+upload_err_08  = "Error 8: A PHP extension stopped the file upload."
+
+upload_msg_01 = "No file selected for upload."
+upload_msg_02 = "Destination folder does not exist: "
+upload_msg_03 = "Upload cancelled."
+upload_msg_04 = "Uploading: "
+upload_msg_05 = "Upload successful! "
+upload_msg_06 = "Upload failed: "
+
+new_file_h2 = "New File"
+new_file_txt_01 = "File will be created in the current folder.  "
+new_file_txt_02 = "Some invalid characters are: "
+
+new_file_msg_01 = "New file not created:"
+new_file_msg_02 = "Name contains invalid character(s): "
+new_file_msg_03 = "New file not created - no name given"
+new_file_msg_04 = "File already exists: "
+new_file_msg_05 = "Created file:"
+new_file_msg_06 = "Error - new file not created:"
+
+CRM_txt_01  = "To move a file or folder, change the path/to/folder/or_file. The new location must already exist."
+CRM_txt_02  = "Old name:"
+CRM_txt_03  = "New name:"
+
+CRM_msg_01 = " Error - new parent location does not exist:"
+CRM_msg_02 = " Error - source file does not exist:"
+CRM_msg_03 = " Error - target filename already exists:"
+CRM_msg_04 = " to "
+CRM_msg_05a = "Error during "
+CRM_msg_05b = " from the above to the following:"
+
+delete_h2 = "Delete File"
+delete_txt_01 = "Are you sure?"
+
+delete_msg_01 = "Deleted file:"
+delete_msg_02 = "Error deleting "
+
+new_folder_h2 = "New Folder"
+new_folder_txt_1 = "Folder will be created in the current folder.  "
+new_folder_txt_2 = "Some invalid characters are: "
+
+new_folder_msg_01 = "New folder not created:"
+new_folder_msg_02 = "Name contains invalid character(s): "
+new_folder_msg_03 = "New folder not created - no name given."
+new_folder_msg_04 = "Folder already exists: "
+new_folder_msg_05 = "Created folder:"
+new_folder_msg_06 = "Error - new folder not created: "
+
+delete_folder_h2 = "Delete Folder"
+delete_folder_txt_01 = "Are you sure?"
+
+delete_folder_msg_01 = "Folder not empty.   Folders must be empty before they can be deleted."
+delete_folder_msg_02 = "Deleted folder:"
+delete_folder_msg_03 = "an error occurred during delete."
+
+page_title_login      = "Log In"
+page_title_hash       = "Hash Page"
+page_title_edit       = "Edit/View File"
+page_title_upload     = "Upload File"
+page_title_new_file   = "New File"
+page_title_copy       = "Copy File"
+page_title_ren        = "Rename File"
+page_title_del        = "Delete File"
+page_title_folder_new = "New Folder"
+page_title_folder_ren = "Rename/Move Folder"
+page_title_folder_del = "Delete Folder"
+
+session_expired = "SESSION EXPIRED"
+unload_unsaved  = "               Unsaved changes will be lost!"
+confirm_reset   = "Reset file and loose unsaved changes?"
+
+OFCMS_requires  = "OneFileCMS requires PHP5 to operate. Tested on versions 5.2.17, 5.3.3 & 5.4"
+
+logout_msg       = "You have successfully logged out."
+folder_del_msg   = "Folder not empty.   Folders must be empty before they can be deleted."
+upload_error_01a = " Upload Error.  Total POST data (mostly filesize) exceeded post_max_size = "
+upload_error_01b = " (from php.ini)"
+edit_caution_01  = "CAUTION "
+edit_caution_02  = " You are editing the active copy of OneFileCMS - BACK IT UP & BE CAREFUL !!"
+
+time_out_txt = "Session time out in:"
diff --git a/onefilecms.php b/onefilecms.php
index ffc5e0f..ce73eaf 100755
--- a/onefilecms.php
+++ b/onefilecms.php
@@ -1,7 +1,7 @@
 <?php 
 // OneFileCMS - github.com/Self-Evident/OneFileCMS
 
-$version = '3.2.3';
+$version = '3.3.0';
 
 /*******************************************************************************
 Copyright © 2009-2012 https://github.com/rocktronica
@@ -34,9 +34,9 @@
 //Some basic security & error log settings
 ini_set('session.use_trans_sid', 0);    //make sure URL supplied SESSID's are not used
 ini_set('session.use_only_cookies', 1); //make sure URL supplied SESSID's are not used
-error_reporting(E_ALL &~ E_STRICT); //0, or (E_ALL &~ E_STRICT) if display and/or log are on.
-ini_set('display_errors', 'off');
-ini_set('log_errors'    , 'off'); //Ok to turn on for trouble-shooting.
+error_reporting(0); //0 for none, or (E_ALL &~ E_STRICT) if display and/or log are on.
+ini_set('display_errors', 'off'); //Ok to turn on for trouble-shooting.
+ini_set('log_errors'    , 'off');
 ini_set('error_log'     , $_SERVER['SCRIPT_FILENAME'].'.log');
 //Determine good folder for session file? Default is tmp/, which is not secure.
 //session_save_path($safepath)  or  ini_set('session.save_path', $safepath)
@@ -54,6 +54,8 @@
 $HASHWORD = 'c3e70af96ab1bfc5669280e98b438e1a8c08ca5e0bb3354c05ceaa6f339fd3f6'; //hash for "password"
 $SALT     = 'somerandomsalt';
 
+$LANGUAGE = ""; //Filename of language settings. Leave blank for built-in default.
+
 $MAX_ATTEMPTS  = 3;   //Max failed login attempts before LOGIN_DELAY starts.
 $LOGIN_DELAY   = 10;  //In seconds.
 $MAX_IDLE_TIME = 600; //In seconds. 600 = 10 minutes.  Other PHP settings may limit its max effective value.
@@ -78,17 +80,18 @@
 $config_ftypes = "bin,jpg,gif,png,bmp,ico,svg,txt,cvs,css,php,ini,cfg,conf,asp,js ,htm,html"; // _ftype & _fclass must have same
 $config_fclass = "bin,img,img,img,img,img,svg,txt,txt,css,php,txt,cfg,cfg ,txt,txt,htm,htm";  // number of values. bin is default.
 
-$EX = '<b>( ! )</b>'; //EXclaimation point "icon" Used in $message's
+$EX = '<b>( ! )</b> '; //EXclaimation point "icon" Used in $message's
 
 $SESSION_NAME = 'OFCMS'; //Also the cookie name. Change if using multiple copies of OneFileCMS.
+
+$config_file = 'ofcms.ini'; //External config file, if there is one.
 // End CONFIGURABLE INFO *******************************************************
 
 
 
 
-// PROCESSING CONFIGURATION FILE ***********************************************
-# Check if a configuration file does exist:
-$config_file = 'ofcms.ini';
+// PROCESS CONFIGURATION FILE **************************************************
+# Check for an external configuration file:
 if (is_file($config_file)) {
 	# Parse file
 	$settings = parse_ini_file($config_file);
@@ -101,6 +104,7 @@
 		'USE_HASH',
 		'HASHWORD',
 		'SALT',
+		'LANGUAGE',
 		'config_stypes');
 
 	# Loop through options and overwrite default configuration
@@ -111,7 +115,7 @@
 		}
 	}
 }
-// End PROCESSING CONFIGURATION FILE *******************************************
+// End PROCESS CONFIGURATION FILE **********************************************
 
 
 
@@ -153,6 +157,241 @@
 
 
 
+function hsc($input) { return htmlspecialchars($input); }// end hsc() **********
+
+
+
+
+function Default_Language() { // ***********************************************
+
+	return('
+
+LANGUAGE = "English (default)"
+
+;// These are the default values included directly in onefilecms.php.
+;//
+;// If no translation or value is desired for a particular setting, do not delete
+;// the actual setting variable, just set it to an empty string.
+;// For example:  some_unused_setting = ""
+;//
+;// Remember to slash-escape double quotes that may be within a value:  \"
+;// And, if the these settings are set directly in Default_Language() in onefilecms.php,
+;// single quotes must also be escaped:   \'
+
+Upload_File = "Upload File"
+New_File    = "New File"
+Ren_Move    = "Rename/Move"
+Ren_Moved   = "Renamed/Moved"
+New_Folder  = "New Folder"
+Ren_Folder  = "Rename/Move Folder"
+Del_Folder  = "Delete Folder"
+
+Admin  = "Admin"
+Enter  = "Enter"
+Edit   = "Edit"
+Close  = "Close"
+Cancel = "Cancel"
+Upload = "Upload"
+Create = "Create"
+Copy   = "Copy"
+Copied = "Copied"
+Rename = "Rename"
+Delete = "Delete"
+DELETE = "DELETE"
+File   = "File"
+Folder = "Folder"
+
+Log_In  = "Log In"
+Log_Out = "Log Out"
+Hash    = "Hash"
+Generate_Hash = "Generate Hash"
+
+save_1      = "Save"
+save_2      = "SAVE CHANGES!"
+reset       = "Reset - loose changes"
+Wide_View   = "Wide View"
+Normal_View = "Normal View"
+
+on_      = "on"
+
+verify_msg_01 = "Session expired."
+verify_msg_02 = "INVALID POST"
+
+get_get_msg_01 = "File does not exist:"
+
+check_path_msg_01 = "Directory does not exist: "
+
+ord_msg_01 = "A file with that name already exists in the target directory."
+ord_msg_02 = "Saving as"
+
+show_img_msg_01 = "Image shown at ~"
+show_img_msg_02 = "% of full size (W x H = "
+
+hash_h2 = "Generate a Password Hash"
+hash_txt_01 = "There are two ways to change your OneFileCMS password:"
+hash_txt_02 = "1) Use the $PASSWORD config variable to store your desired password, and set $USE_HASH = 0 (zero)."
+hash_txt_03 = "2) Or, use $HASHWORD to store the hash of your password, and set $USE_HASH = 1."
+hash_txt_04 = "Keep in mind that due to a number of widely varied considerations, this is largely an academic excersize. That is, take the idea that this adds much of an improvement to security with a grain of cryptographic salt.	However, it does eleminate the storage of your password in plain text, which is a good thing."
+hash_txt_05 = "Anyway, to use the $HASHWORD password option:"
+hash_txt_06 = "Type your desired password in the input field above and hit Enter."
+hash_txt_07 = "The hash will be displayed in a yellow message box above that."
+hash_txt_08 = "Copy and paste the new hash to the $HASHWORD variable in the config section."
+hash_txt_09 = "Make sure to copy ALL of, and ONLY, the hash (no leading or trailing spaces etc)."
+hash_txt_10 = "A double-click should select it..."
+hash_txt_11 = "Make sure $USE_HASH is set to 1 (or true)."
+hash_txt_12 = "When ready, logout and login."
+hash_txt_13 = "You can use OneFileCMS to edit itself.  However, be sure to have a backup ready for the inevitable ytpo..."
+hash_txt_14 = "For another small improvement to security, change the default salt and/or method used by OneFileCMS to hash the password (and keep \'em secret, of course).  Remever, every little bit helps..."
+
+hash_msg_01 = "Password: "
+hash_msg_02 = "Hash    : "
+
+login_h2 = "Log In"
+login_txt_01 = "Username:"
+login_txt_02 = "Password:"
+
+login_msg_01a = "There have been "
+login_msg_01b = "invalid login attempts."
+login_msg_02a = "Please wait"
+login_msg_02b = "seconds to try again."
+login_msg_03  = "INVALID LOGIN ATTEMPT #"
+
+edit_notes_00  = "NOTES:"
+edit_note_01a = "Remember- your "
+edit_note_01b = " is "
+edit_note_02 = "So save changes before the clock runs out, or the changes will be lost!"
+edit_note_03 = "some browsers, such as Chrome, if you click the browser [Back] then browser [Forward] (or vice versa), the file state may not be accurate.  To correct, click the browser\'s [Reload]."
+edit_note_04 = "Chrome\'s XSS filters may disable some javascript in a page if the page even appears to contain inline javascript in certain contexts.  This can affect some features of the OneFileCMS edit page when editing files that legitimately contain such code, such as OneFileCMS itself.  However, such files can still be edited and saved with OneFileCMS.  The primary function lost is the incidental change of background colors (red/green) indicating whether or not the file has unsaved changes.  The issue will be noticed after the first save of such a file."
+
+edit_h2_1 = "Viewing: "
+edit_h2_2 = "Editing: "
+edit_txt_01 = "Non-text or unkown file type. Edit disabled."
+edit_txt_02 = "File possibly contains an invalid character. Edit and view disabled."
+edit_txt_03 = "htmlspecialchars() returned and empty string from what may be an otherwise valid file."
+edit_txt_04 = "This behavior can be inconsistant from version to version of php."
+
+too_large_to_edit_01a = "Edit disabled. Filesize > "
+too_large_to_edit_01b = " bytes."
+too_large_to_edit_02 = "Some browsers (ie: IE) bog down or become unstable while editing a large file in an HTML <textarea>."
+too_large_to_edit_03 = "Adjust $MAX_EDIT_SIZE in the configuration section of OneFileCMS as needed."
+too_large_to_edit_04 = "A simple trial and error test can determine a practical limit for a given browser/computer."
+
+too_large_to_view_01a = "View disabled. Filesize > "
+too_large_to_view_01b = " bytes."
+too_large_to_view_02 = "Click the the file name above to view as normally rendered in a browser window."
+too_large_to_view_03 = "Adjust $MAX_VIEW_SIZE in the configuration section of OneFileCMS as needed."
+too_large_to_view_04 = "(The default value for $MAX_VIEW_SIZE is completely arbitrary, and may be adjusted as desired.)"
+
+meta_txt_01 = "Filesize: "
+meta_txt_02 = " bytes."
+meta_txt_03 = "Updated: "
+
+edit_msg_01 = "File saved: "
+edit_msg_02 = "bytes written."
+edit_msg_03 = "There was an error saving file."
+
+upload_h2 = "Upload File"
+upload_txt_01 = "  per upload_max_filesize in php.ini."
+upload_txt_02 = "per post_max_size in php.ini"
+upload_txt_03 = "Note: Maximum upload file size is: "
+
+upload_err_01a = "Error 1: File too large.  "
+upload_err_01b = " (From php.ini)"
+upload_err_02a = "Error 2: File too large.  "
+upload_err_02b = " (From OneFileCMS)"
+upload_err_03  = "Error 3: The uploaded file was only partially uploaded."
+upload_err_04  = "Error 4: No file was uploaded."
+upload_err_05  = "Error 5:"
+upload_err_06  = "Error 6: Missing a temporary folder."
+upload_err_07  = "Error 7: Failed to write file to disk."
+upload_err_08  = "Error 8: A PHP extension stopped the file upload."
+
+upload_msg_01 = "No file selected for upload."
+upload_msg_02 = "Destination folder does not exist: "
+upload_msg_03 = "Upload cancelled."
+upload_msg_04 = "Uploading: "
+upload_msg_05 = "Upload successful! "
+upload_msg_06 = "Upload failed: "
+
+new_file_h2 = "New File"
+new_file_txt_01 = "File will be created in the current folder.  "
+new_file_txt_02 = "Some invalid characters are: "
+
+new_file_msg_01 = "New file not created:"
+new_file_msg_02 = "Name contains invalid character(s): "
+new_file_msg_03 = "New file not created - no name given"
+new_file_msg_04 = "File already exists: "
+new_file_msg_05 = "Created file:"
+new_file_msg_06 = "Error - new file not created:"
+
+CRM_txt_01  = "To move a file or folder, change the path/to/folder/or_file. The new location must already exist."
+CRM_txt_02  = "Old name:"
+CRM_txt_03  = "New name:"
+
+CRM_msg_01 = " Error - new parent location does not exist:"
+CRM_msg_02 = " Error - source file does not exist:"
+CRM_msg_03 = " Error - target filename already exists:"
+CRM_msg_04 = " to "
+CRM_msg_05a = "Error during "
+CRM_msg_05b = " from the above to the following:"
+
+delete_h2 = "Delete File"
+delete_txt_01 = "Are you sure?"
+
+delete_msg_01 = "Deleted file:"
+delete_msg_02 = "Error deleting "
+
+new_folder_h2 = "New Folder"
+new_folder_txt_1 = "Folder will be created in the current folder.  "
+new_folder_txt_2 = "Some invalid characters are: "
+
+new_folder_msg_01 = "New folder not created:"
+new_folder_msg_02 = "Name contains invalid character(s): "
+new_folder_msg_03 = "New folder not created - no name given."
+new_folder_msg_04 = "Folder already exists: "
+new_folder_msg_05 = "Created folder:"
+new_folder_msg_06 = "Error - new folder not created: "
+
+delete_folder_h2 = "Delete Folder"
+delete_folder_txt_01 = "Are you sure?"
+
+delete_folder_msg_01 = "Folder not empty.   Folders must be empty before they can be deleted."
+delete_folder_msg_02 = "Deleted folder:"
+delete_folder_msg_03 = "an error occurred during delete."
+
+page_title_login      = "Log In"
+page_title_hash       = "Hash Page"
+page_title_edit       = "Edit/View File"
+page_title_upload     = "Upload File"
+page_title_new_file   = "New File"
+page_title_copy       = "Copy File"
+page_title_ren        = "Rename File"
+page_title_del        = "Delete File"
+page_title_folder_new = "New Folder"
+page_title_folder_ren = "Rename/Move Folder"
+page_title_folder_del = "Delete Folder"
+
+session_expired = "SESSION EXPIRED"
+unload_unsaved  = "               Unsaved changes will be lost!"
+confirm_reset   = "Reset file and loose unsaved changes?"
+
+OFCMS_requires  = "OneFileCMS requires PHP5 to operate. Tested on versions 5.2.17, 5.3.3 & 5.4"
+
+logout_msg       = "You have successfully logged out."
+folder_del_msg   = "Folder not empty.   Folders must be empty before they can be deleted."
+upload_error_01a = " Upload Error.  Total POST data (mostly filesize) exceeded post_max_size = "
+upload_error_01b = " (from php.ini)"
+edit_caution_01  = "CAUTION "
+edit_caution_02  = " You are editing the active copy of OneFileCMS - BACK IT UP & BE CAREFUL !!"
+
+time_out_txt = "Session time out in:"
+
+	'); //end return('language string')
+}//end Default_Language() ******************************************************
+
+
+
+
 function Session_Startup() {//**************************************************
 	global $USERNAME, $PASSWORD, $USE_HASH, $HASHWORD, $page, $VALID_POST, $MAX_IDLE_TIME, $SESSION_NAME;
  
@@ -187,7 +426,7 @@ function Session_Startup() {//**************************************************
 
 
 function Verify_IDLE_POST_etc() { //********************************************
-	global $EX, $message, $VALID_POST, $MAX_IDLE_TIME;
+	global $_, $EX, $message, $VALID_POST, $MAX_IDLE_TIME;
 
 	//Verify consistant user agent... (every little bit helps a little bit) 
 	if ( ($_SESSION['USER_AGENT'] != $_SERVER['HTTP_USER_AGENT']) ) { Logout(); }
@@ -197,7 +436,7 @@ function Verify_IDLE_POST_etc() { //********************************************
 		$idle_time = ( time() - $_SESSION['last_active_time'] );
 		if ( $idle_time > $MAX_IDLE_TIME ) {
 			Logout();
-			$message .= 'Session expired. <br>';
+			$message .= hsc($_['verify_msg_01']).'<br>';
 		}
 	}
 
@@ -209,7 +448,7 @@ function Verify_IDLE_POST_etc() { //********************************************
 			$VALID_POST = 1;
 		}else{
 			Logout();
-			$message .= $EX.' <b>INVALID POST</b><br>';
+			$message .= $EX.'<b>'.hsc($_['verify_msg_02']).'</b><br>';
 		}
 	}
 }//end Verify_IDLE_POST_etc() //************************************************
@@ -248,7 +487,7 @@ function strip_array($var) {
 
 function Get_GET() { //*** Get main parameters *********************************
 	// i=some/path/,  f=somefile.xyz,  p=somepage
-	global $ipath, $filename, $page, $valid_pages, $param1, $param2, $param3, $message, $EX;
+	global $_, $ipath, $filename, $page, $valid_pages, $param1, $param2, $param3, $message, $EX;
 
 	undo_magic_quotes();
 
@@ -256,9 +495,9 @@ function Get_GET() { //*** Get main parameters *********************************
 
 	if (isset($_GET["f"])) {
 		$filename = $ipath.$_GET["f"];
-		if ( !is_file($filename) ) { $filename = ""; $page = "index"; }
 		if ( !is_file($filename) && $_SESSION['valid'] )//Set $message except for login page.
-			{ $message .= $EX.' <b>File does not exist:</b> '.htmlentities($filename).'<br>'; }
+			{ $message .= $EX.'<b>'.hsc($_['get_get_msg_01']).'</b> '.htmlentities($filename).'<br>'; }
+		if ( !is_file($filename) ) { $filename = ""; $page = "index"; }
 	}else{ $filename = ""; }
 
 	if (isset($_GET["p"])) { $page = $_GET["p"]; } 
@@ -286,7 +525,7 @@ function URLencode_path($path){ // don't encode the forward slashes ************
 
 
 function Check_path($path) { // returns first valid path in some/supplied/path/
-	global $message, $EX;
+	global  $_, $message, $EX;
 	$invalidpath = $path; //used for message if supplied $path doesn't exist.
 	$path = str_replace('\\','/',$path);   //Make sure all forward slashes.
 	$path = trim($path,"/ ."); // trim slashes, dots, and spaces
@@ -304,7 +543,7 @@ function Check_path($path) { // returns first valid path in some/supplied/path/
 	if (strlen($path) < 1) { return ""; } //If at site root
 	else {
 		if (!is_dir($path) && (strlen($message) < 1))
-			{ $message .= $EX.' <b>Directory does not exist: '.htmlentities($invalidpath).'</b><br>'; }
+			{ $message .= $EX.'<b>'.hsc($_['check_path_msg_01']).'</b>'.htmlentities($invalidpath).'<br>'; }
 
 		while ( (strlen($path) > 0) && (!is_dir($path)) ) {
 			$path = dirname($path);
@@ -334,20 +573,20 @@ function is_empty($path){ //****************************************************
 function ordinalize($destination,$filename, &$msg) { //*************************
 //if file_exists(file.txt), ordinalize filename until it doesn't
 //ie: file.txt.001,  file.txt.002, file.txt.003  etc...
-	global $EX;
+	global $_, $EX;
 
 	$ordinal   = 0;
 	$savefile = $destination.$filename;
 
 	if (file_exists($savefile)) {
 
-		$msg .= $EX.' A file with that name already exists in the target directory.<br>';
+		$msg .= $EX.hsc($_['ord_msg_01']).'<br>';
 
 		while (file_exists($savefile)) {
 			$ordinal = sprintf("%03d", ++$ordinal); //  001, 002, 003, etc...
 			$savefile = $destination.$filename.'.'.$ordinal;
 		}
-		$msg .= 'Saving as: "<b>'.htmlentities(basename($savefile)).'</b>"';
+		$msg .= hsc($_['ord_msg_02']).'"<b>'.htmlentities(basename($savefile)).'</b>"';
 	}
 	return $savefile;
 }//end ordinalize() filename ***************************************************
@@ -411,14 +650,14 @@ function message_box() { //*****************************************************
 
 
 function Upload_New_Rename_Delete_Links() { //**********************************
-	global $ONESCRIPT, $ipath, $param1;
+	global $_, $ONESCRIPT, $ipath, $param1;
 	echo '<p class="front_links">';
-	echo '<a href="'.$ONESCRIPT.$param1.'&amp;p=upload">'   ; svg_icon_upload()    ; echo 'Upload File</a>';
-	echo '<a href="'.$ONESCRIPT.$param1.'&amp;p=newfile">'  ; svg_icon_file_new()  ; echo 'New File</a>'   ;
-	echo '<a href="'.$ONESCRIPT.$param1.'&amp;p=newfolder">'; svg_icon_folder_new(); echo 'New Folder</a>' ;
+	echo '<a href="'.$ONESCRIPT.$param1.'&amp;p=upload">'   ; svg_icon_upload()    ; echo hsc($_['Upload_File']).'</a>';
+	echo '<a href="'.$ONESCRIPT.$param1.'&amp;p=newfile">'  ; svg_icon_file_new()  ; echo hsc($_['New_File'])   .'</a>';
+	echo '<a href="'.$ONESCRIPT.$param1.'&amp;p=newfolder">'; svg_icon_folder_new(); echo hsc($_['New_Folder']) .'</a>';
 	if ($ipath !== "") { //if at root, don't show Rename & Delete links
-		echo '<a href="'.$ONESCRIPT.$param1.'&amp;p=renamefolder">'; svg_icon_folder_ren(); echo 'Rename/Move Folder</a>';
-		echo '<a href="'.$ONESCRIPT.$param1.'&amp;p=deletefolder">'; svg_icon_folder_del(); echo 'Delete Folder</a>';
+		echo '<a href="'.$ONESCRIPT.$param1.'&amp;p=renamefolder">'; svg_icon_folder_ren(); echo hsc($_['Ren_Folder']).'</a>';
+		echo '<a href="'.$ONESCRIPT.$param1.'&amp;p=deletefolder">'; svg_icon_folder_del(); echo hsc($_['Del_Folder']).'</a>';
 	}
 	echo '</p>';
 }//end Upload_New_Rename_Delete_Links()  ***************************************
@@ -429,13 +668,13 @@ function Upload_New_Rename_Delete_Links() { //**********************************
 function Cancel_Submit_Buttons($submit_label, $focus) { //**********************
 	//$submit_label = Rename, Copy, Delete, etc...
 	//$focus is ID of element to receive focus(). (element may be outside this function)
-	global $ONESCRIPT, $ipath, $param1, $param2, $filename, $page;
+	global $_, $ONESCRIPT, $ipath, $param1, $param2, $filename, $page;
 
 	// [Cancel] returns to either the index, or edit page.
 	if ($filename == "") {$params = "";}else{ $params = $param2.'&amp;p=edit'; }
 ?>
 	<p> 
-	<input type="button" class="button" id="cancel" name="cancel" value="Cancel"
+	<input type="button" class="button" id="cancel" name="cancel" value="<?php echo hsc($_['Cancel']) ?>"
 		onclick="parent.location = '<?php echo $ONESCRIPT.$param1.$params ?>'">
 	<input type="submit" class="button" value="<?php echo $submit_label;?>" style="margin-left: 1.3em;">
 <?php 
@@ -447,7 +686,7 @@ function Cancel_Submit_Buttons($submit_label, $focus) { //**********************
 
 
 function show_image(){ //*******************************************************
-	global $filename, $MAX_IMG_W, $MAX_IMG_H;
+	global $_, $filename, $MAX_IMG_W, $MAX_IMG_H;
 	
 	$IMG = $filename;
 	$img_info = getimagesize($IMG);
@@ -464,8 +703,8 @@ function show_image(){ //*******************************************************
 		else                         {$SCALE = $TOOHIGH;}
 	}
 
-	echo '<p Xclass="file_meta">';
-	echo 'Image shown at ~'. round($SCALE*100) .'% of full size (W x H = '.$img_info[0].' x '.$img_info[1].').</p>';
+	echo '<p>';
+	echo hsc($_['show_img_msg_01']). round($SCALE*100) .hsc($_['show_img_msg_02']).$img_info[0].' x '.$img_info[1].').</p>';
 	echo '<div style="clear:both"></div>'.PHP_EOL;
 	echo '<a href="/' .URLencode_path($IMG). '" target="_blank">'.PHP_EOL;
 	echo '<img src="/'.URLencode_path($IMG).'"  height="'.$img_info[$H]*$SCALE.'"></a>'.PHP_EOL;
@@ -674,46 +913,44 @@ function show_icon($type){ //***************************************************
 
 
 function Hash_Page() { //******************************************************
-	global $DOC_ROOT, $ONESCRIPT, $param1, $param2, $message, $INPUT_NUONCE, $config_title;
+	global $_, $DOC_ROOT, $ONESCRIPT, $param1, $param2, $message, $INPUT_NUONCE, $config_title;
 	$params = '?i='.dirname($ONESCRIPT).'&amp;f='.basename($ONESCRIPT).'&amp;p=edit';
 	if (!isset($_POST['whattohash'])) { $_POST['whattohash'] = ''; }
 ?>
 	<style>#message {font-family: courier; min-height: 3.1em;}
 	li {margin-left: 2em}</style>
 
-	<h2>Generate a Password Hash</h2>
+	<h2><?php echo hsc($_['hash_h2']) ?></h2>
 	
 	<form id="hash" name="hash" method="post" action="<?php echo $ONESCRIPT.$param1.'&amp;p=hash'; ?>">
 		<?php echo $INPUT_NUONCE; ?>
 		Password to hash:
-		<input type="text" name="whattohash" id="whattohash" value="<?php echo htmlspecialchars($_POST["whattohash"]) ?>">
-		<?php Cancel_Submit_Buttons('Generate hash', 'whattohash') ?>
- 		<a class="button edit_onefile" href="<?php echo $ONESCRIPT.$params; ?>" >Edit &nbsp;<?php echo $config_title ?></a>
+		<input type="text" name="whattohash" id="whattohash" value="<?php echo hsc($_POST["whattohash"]) ?>">
+		<?php Cancel_Submit_Buttons(hsc($_['Generate_Hash']), 'whattohash') ?>
+ 		<a class="button edit_onefile" href="<?php echo $ONESCRIPT.$params; ?>" ><?php echo hsc($_['Edit']).' '.$config_title ?></a>
 	</form>
 
 	<div class="info">
- 	<p>There are two ways to change your OneFileCMS password:<br>
+ 	<p><?php echo hsc($_['hash_txt_01']) ?><br>
 	<p>
-	1) Use the $PASSWORD config variable to store your desired password, and set $USE_HASH = 0 (zero).<br>
-	2) Or, use $HASHWORD to store the hash of your password, and set $USE_HASH = 1.<br>
-
-	<p>Keep in mind that due to a number of widely varied considerations, this is largely an academic excersize. 
-	That is, take the idea that this adds much of an improvement to security with a grain of cryptographic salt.
-	However, it does eleminate the storage of your password in plain text, which is a good thing.
-
-	<p>Anyway, to use the $HASHWORD password option:
-	<ol><li>Type your desired password in the input field above and hit Enter.<br>
-			The hash will be displayed in a yellow message box above that.
-		<li>Copy and paste the new hash to the $HASHWORD variable in the config section.<br>
-			Make sure to copy ALL of, and ONLY, the hash (no leading or trailing spaces etc).<br>
-			A double-click should select it...<br>
-		<li>Make sure $USE_HASH is set to 1 (or true).
-		<li>When ready, logout and login.
+	<?php echo hsc($_['hash_txt_02']) ?><br>
+	<?php echo hsc($_['hash_txt_03']) ?><br>
+
+	<p><?php echo hsc($_['hash_txt_04']) ?>
+
+	<p><?php echo hsc($_['hash_txt_05']) ?>
+	<ol><li><?php echo hsc($_['hash_txt_06']) ?><br>
+			<?php echo hsc($_['hash_txt_07']) ?>
+		<li><?php echo hsc($_['hash_txt_08']) ?><br>
+			<?php echo hsc($_['hash_txt_09']) ?><br>
+			<?php echo hsc($_['hash_txt_10']) ?><br>
+		<li><?php echo hsc($_['hash_txt_11']) ?>
+		<li><?php echo hsc($_['hash_txt_12']) ?>
 	</ol>
-	<p>You can use OneFileCMS to edit itself.  However, be sure to have a backup ready for the inevitable ytpo...
+	<p><?php echo hsc($_['hash_txt_13']) ?>
 	<p>
-	For another small improvement to security, change the default salt and/or method used by OneFileCMS to hash the password (and keep 'em secret, of course).  Remever, every little bit helps...<br>
-	PS: Everything I know about security - you just read...
+	<?php echo hsc($_['hash_txt_14']) ?>
+
 	</div>
 <?php 
 } //end Hash_Page() ************************************************************
@@ -722,10 +959,10 @@ function Hash_Page() { //******************************************************
 
 
 function Hash_response() { //***************************************************
-	global $message;
+	global $_, $message;
 	$_POST['whattohash'] = trim($_POST['whattohash']); // trim leading & trailing spaces.
-	$message .= 'Password: '.htmlspecialchars($_POST['whattohash']).'<br>';
-	$message .= 'Hash &nbsp; &nbsp;: '.htmlspecialchars(hashit($_POST["whattohash"]));
+	$message .= hsc($_['hash_msg_01']).hsc($_POST['whattohash']).'<br>';
+	$message .= hsc($_['hash_msg_02']).hashit($_POST["whattohash"]);
 } //end Hash_response() ********************************************************
 
 
@@ -747,20 +984,15 @@ function Logout() { //**********************************************************
 
 
 function Login_Page() { //******************************************************
-	global $ONESCRIPT, $message;
+	global $_, $ONESCRIPT, $message;
 ?>
-	<h2>Log In</h2>
+	<h2><?php echo hsc($_['login_h2']) ?></h2>
 	<form method="post" action="<?php echo $ONESCRIPT; ?>">
-		<p>
-			<label for="username">Username:</label>
-			<input type="text" name="username" id="username" class="login_input" >
-		</p>
-		<p>
-			<label for="password">Password:</label>
-			<input type="password" name="password" id="password" class="login_input">
-		</p>
-			
-		<p><input type="submit" class="button" value="Enter"></p>
+		<label for="username"><?php echo hsc($_['login_txt_01']) ?></label>
+		<input type="text" name="username" id="username" class="login_input" >
+		<label for="password"><?php echo hsc($_['login_txt_02']) ?></label>
+		<input type="password" name="password" id="password" class="login_input">
+		<input type="submit" class="button" value="<?php echo hsc($_['Enter']) ?>">
 	</form>
 	<script>document.getElementById('username').focus();</script>
 <?php 
@@ -770,8 +1002,8 @@ function Login_Page() { //******************************************************
 
 
 function Login_response() { //**************************************************
-	global $USERNAME, $PASSWORD, $USE_HASH, $HASHWORD, $MAX_ATTEMPTS, $LOGIN_DELAY, 
-		   $EX, $message, $page, $LOGIN_ATTEMPTS;
+	global $_, $EX, $message, $page, $LOGIN_ATTEMPTS, 
+		   $USERNAME, $PASSWORD, $USE_HASH, $HASHWORD, $MAX_ATTEMPTS, $LOGIN_DELAY;
 
 	$_SESSION = array();    //make sure it's empty
 	$_SESSION['valid'] = 0; //Default to failed login.
@@ -783,9 +1015,9 @@ function Login_response() { //**************************************************
 		$elapsed  = time() - filemtime($LOGIN_ATTEMPTS);
 	}
 
-	if ($attempts > 0) { $message .= '<b>There have been '.$attempts.' invalid login attempts.</b><br>';}
+	if ($attempts > 0) { $message .= '<b>'.hsc($_['login_msg_01a']).' '.$attempts.' '.hsc($_['login_msg_01b']).'</b><br>';}
 	if ( ($attempts >= $MAX_ATTEMPTS) && ($elapsed < $LOGIN_DELAY) ){
-		$message .= 'Please wait '.Timeout_Timer(($LOGIN_DELAY - $elapsed), 'timer0', '', '').' seconds to try again. ';
+		$message .= hsc($_['login_msg_02a']).' '.Timeout_Timer(($LOGIN_DELAY - $elapsed), 'timer0', '', '').' '.hsc($_['login_msg_02b']);
 		return;
 	}
 
@@ -800,12 +1032,12 @@ function Login_response() { //**************************************************
 		$_SESSION['USER_AGENT'] = $_SERVER['HTTP_USER_AGENT']; //for user consistancy check.
 		$_SESSION['valid'] = 1;
 		$page = "index";
-		if ( is_file($LOGIN_ATTEMPTS) ) { unlink($LOGIN_ATTEMPTS); } //delete invalid attempt count file
+		if ( is_file($LOGIN_ATTEMPTS) ) { unlink($LOGIN_ATTEMPTS); } //delete invalid attempts count file
 	}else{
 		file_put_contents($LOGIN_ATTEMPTS, ++$attempts); //increment & save attempt
-		$message  = $EX.' <b>INVALID LOGIN ATTEMPT #'.$attempts.'</b><br>';
+		$message  = $EX.'<b>'.hsc($_['login_msg_03']).$attempts.'</b><br>';
 		if ($attempts >= $MAX_ATTEMPTS) {
-			$message .= 'Please wait '.Timeout_Timer($LOGIN_DELAY, 'timer0', '', '').' seconds to try again. ';
+			$message .= hsc($_['login_msg_02a']).' '.Timeout_Timer($LOGIN_DELAY, 'timer0', '', '').' '.hsc($_['login_msg_02b']);
 		}
 	}
 }//end Login_response() //******************************************************
@@ -882,10 +1114,39 @@ function Index_Page(){ //*******************************************************
 
 
 
-function Edit_Page_Buttons($text_editable, $too_large_to_edit) { //*************
-	global $ONESCRIPT, $param1, $param2, $MAX_IDLE_TIME;
-	$Button = '<input type="button" class="button" value=';
-	$ACTION = 'onclick="parent.location = \''.$ONESCRIPT.$param1.$param2.'&amp;p=';
+function Edit_Page_buttons_top($text_editable){ //******************************
+	global $_, $ONESCRIPT, $param1, $filename;
+?>
+	<div class="edit_btns_top">
+		<div class="file_meta">
+			<span class="meta_size">
+				<?php echo hsc($_['meta_txt_01']).number_format(filesize($filename)).' '.hsc($_['meta_txt_02']); ?>
+			</span> &nbsp; 
+			<span class="meta_time">
+				<?php echo hsc($_['meta_txt_03']) ?><script>FileTimeStamp(<?php echo filemtime($filename); ?>, 1, 1);</script>
+			</span><br>
+		</div>
+
+		<div class="buttons_right">
+			<?php if ( $text_editable ) { ?>
+				<input type="button" id="wide_view" class="button" value="<?php echo hsc($_['Wide_View']) ?>" onclick="Wide_View();">
+			<?php } ?>
+			<input type="button" id="close1" class="button" value="<?php echo hsc($_['Close']) ?>" 
+				onclick="parent.location = '<?php echo $ONESCRIPT.$param1 ?>'">
+			<script>document.getElementById('close1').focus();</script>
+		</div>
+		<div style="clear:both"></div>
+	</div>
+<?php 
+}//end Edit_Page_buttons_top(){ //**********************************************
+
+
+
+
+function Edit_Page_buttons($text_editable, $too_large_to_edit) { //*************
+	global $_, $ONESCRIPT, $param1, $param2, $MAX_IDLE_TIME;
+	$Button = '<input type="button" class="button" value="';
+	$ACTION = '" onclick="parent.location = \''.$ONESCRIPT.$param1.$param2.'&amp;p=';
 ?>
 	<div class="edit_btns_bottom">
 	<?php if ($text_editable && !$too_large_to_edit) { //Show save & reset only if editable file ?> 
@@ -899,47 +1160,20 @@ function Edit_Page_Buttons($text_editable, $too_large_to_edit) { //*************
 			document.getElementById('reset').disabled     = "disabled";
 		</script>
 	<?php } ?>
-	<?php echo $Button.'"Rename/Move" '.$ACTION ?>rename'">
-	<?php echo $Button.'"Copy"        '.$ACTION ?>copy'"  >
-	<?php echo $Button.'"Delete"      '.$ACTION ?>delete'">
-	<?php echo $Button.'"Close"       ' ?>onclick="parent.location = '<?php echo $ONESCRIPT.$param1 ?>'">
+	<?php echo $Button.hsc($_['Ren_Move']).$ACTION ?>rename'">
+	<?php echo $Button.hsc($_['Copy'])    .$ACTION ?>copy'"  >
+	<?php echo $Button.hsc($_['Delete'])  .$ACTION ?>delete'">
+	<?php echo $Button.hsc($_['Close']) ?>" onclick="parent.location = '<?php echo $ONESCRIPT.$param1 ?>'">
 	</div>
 <?php
-}//end Edit_Page_Buttons()******************************************************
-
-
-
-
-function Edit_Page_Notes() { //*************************************************
-	global $MAX_IDLE_TIME;
-			$SEC = $MAX_IDLE_TIME;
-			$HRS = floor($SEC/3600);
-			$SEC = fmod($SEC,3600);
-			$MIN = floor($SEC/60);   if ($MIN < 10) { $MIN = "0".$MIN; };
-			$SEC = fmod($SEC,60);    if ($SEC < 10) { $SEC = "0".$SEC; };
-			$HRS_MIN_SEC = $HRS.':'.$MIN.':'.$SEC;
-?>
-			<div id="edit_notes">NOTES:
-			<ol>
-			<li><b>Remember- your $MAX_IDLE_TIME is <?php echo $HRS_MIN_SEC ?>.
-			So save changes before the clock runs out, or the changes will be lost!</b><br>
-
-			<?php //The following line is just a static time stamp of when the idle time runs out. ?>
-			<?php //echo '<b>&nbsp;<script>FileTimeStamp('.(time()+$MAX_IDLE_TIME).', 0, 0)</script>  </b>,'?>
-
-			<li>On some browsers, such as Chrome, if you click the browser [Back] then browser [Forward] (or vice versa), the file state may not be accurate.  To correct, click the browser's [Reload].
-			<li>Chrome's XSS filters may disable some javascript in a page if the page even <i>appears</i> to contain inline javascript in certain contexts.  This can affect some features of the OneFileCMS edit page when editing files that legitimately contain such code, such as OneFileCMS itself.  However, such files can still be edited and saved with OneFileCMS.  The primary function lost is the incidental change of background colors (red/green) indicating whether or not the file has unsaved changes.  The issue will be noticed after the first save of such a file.
-			</ol>
-			</div>
-<?php 
-}//end Edit_Page_Notes() { //***************************************************
+}//end Edit_Page_buttons()******************************************************
 
 
 
 
 //******************************************************************************
 function Edit_Page_form($ext, $text_editable, $too_large_to_edit, $too_large_to_edit_message){ 
-	global $ONESCRIPT, $param1, $param2, $param3, $filename, $itypes, $INPUT_NUONCE, $EX, $message, $MAX_IDLE_TIME;
+	global $_, $ONESCRIPT, $param1, $param2, $param3, $filename, $itypes, $INPUT_NUONCE, $EX, $message, $MAX_IDLE_TIME;
 ?>
 	<form id="edit_form" name="edit_form" method="post" action="<?php echo $ONESCRIPT.$param1.$param2.$param3 ?>">
 		<?php echo $INPUT_NUONCE; ?>
@@ -947,32 +1181,32 @@ function Edit_Page_form($ext, $text_editable, $too_large_to_edit, $too_large_to_
 		if ( !in_array( strtolower($ext), $itypes) ) { //If non-image...
 
 			if (!$text_editable) { // If non-text file...
-				echo '<p class="edit_disabled">Non-text or unkown file type. Edit disabled.<br><br></p>';
+				echo '<p class="edit_disabled">'.hsc($_['edit_txt_01']).'<br><br></p>';
 
 			}elseif ( $too_large_to_edit ) {
  				echo '<p class="edit_disabled">'.$too_large_to_edit_message.'</p>';
 
 			}else{
 				if (PHP_VERSION_ID  < 50400) {  // 5.4.0
-					$filecontent = htmlspecialchars(file_get_contents($filename));
+					$filecontent = hsc(file_get_contents($filename));
 				}else{
-					$filecontent = htmlspecialchars(file_get_contents($filename),ENT_SUBSTITUTE);
+					$filecontent = hsc(file_get_contents($filename),ENT_SUBSTITUTE);
 				}
 				$bad_chars = ($filecontent == "" && filesize($filename) > 0);
 
 				if ($bad_chars){ //did htmlspecialchars return an empty string?
-					echo '<pre class="edit_disabled">'.$EX.' File contains an invalid character. Edit and view disabled.<br>';
-					echo ' htmlspecialchars() returned and empty string from what <i>may be</i> an otherwise valid file.<br>';
-					echo ' This behavior can be inconsistant from version to version of php.<br></pre>';
+					echo '<pre class="edit_disabled">'.$EX.hsc($_['edit_txt_02']).'<br>';
+					echo hsc($_['edit_txt_03']).'<br>';
+					echo hsc($_['edit_txt_04']).'<br></pre>';
 				}else{
-					echo '<input type="hidden" name="filename" id="filename" value="'.htmlspecialchars($filename).'">';
+					echo '<input type="hidden" name="filename" id="filename" value="'.hsc($filename).'">';
 					echo '<textarea id="file_contents" name="content" cols="70" rows="25"
 						onkeyup="Check_for_changes(event);">'.$filecontent.'</textarea>'.PHP_EOL;
 				}
-			} //end if !editable /else...
-		} //end if non-image, show textarea
+			} //end if non-text file...
+		} //end if non-image
 
-		Edit_Page_Buttons($text_editable, $too_large_to_edit);
+		Edit_Page_buttons($text_editable, $too_large_to_edit);
 
 		Edit_Page_scripts();
 ?>	</form>
@@ -983,8 +1217,32 @@ function Edit_Page_form($ext, $text_editable, $too_large_to_edit, $too_large_to_
 
 
 
+function Edit_Page_Notes() { //*************************************************
+	global $_, $MAX_IDLE_TIME;
+			$SEC = $MAX_IDLE_TIME;
+			$HRS = floor($SEC/3600);
+			$SEC = fmod($SEC,3600);
+			$MIN = floor($SEC/60);   if ($MIN < 10) { $MIN = "0".$MIN; };
+			$SEC = fmod($SEC,60);    if ($SEC < 10) { $SEC = "0".$SEC; };
+			$HRS_MIN_SEC = $HRS.':'.$MIN.':'.$SEC;
+?>
+			<div id="edit_notes">
+				<div class="notes"><?php echo hsc($_['edit_notes_00']) ?></div>
+				<div class="notes"><b>1)
+					<?php echo hsc($_['edit_note_01a']).'$MAX_IDLE_TIME '.hsc($_['edit_note_01b']) ?>
+					<?php echo ' '.$HRS_MIN_SEC.'. '.hsc($_['edit_note_02']) ?></b>
+				</div>
+				<div class="notes"><b>2) </b> <?php echo hsc($_['edit_note_03']) ?></div>
+				<div class="notes"><b>3) </b> <?php echo hsc($_['edit_note_04']) ?></div>
+			</div>
+<?php 
+}//end Edit_Page_Notes() { //***************************************************
+
+
+
+
 function Edit_Page() { //*******************************************************
-	global $ONESCRIPT, $param1, $filename, $filecontent, $etypes, $itypes, $MAX_EDIT_SIZE, $MAX_VIEW_SIZE;
+	global $_, $ONESCRIPT, $param1, $filename, $filecontent, $etypes, $itypes, $MAX_EDIT_SIZE, $MAX_VIEW_SIZE;
 	clearstatcache ();
 
 	//Determine if text editable file type
@@ -995,41 +1253,23 @@ function Edit_Page() { //*******************************************************
 	$too_large_to_edit = (filesize($filename) > $MAX_EDIT_SIZE);
 	$too_large_to_view = (filesize($filename) > $MAX_VIEW_SIZE);
 	
-	if ( $too_large_to_edit ) { $header2 = "Viewing: "; }
-	else                      { $header2 = "Editing: "; }
+	if ( $too_large_to_edit ) { $header2 = hsc($_['edit_h2_1']); }
+	else                      { $header2 = hsc($_['edit_h2_2']); }
 
 	$too_large_to_edit_message = 
-'<b>Edit disabled. Filesize &gt; '.number_format($MAX_EDIT_SIZE).' bytes.</b><br>
-Some browsers (ie: IE) bog down or become unstable while editing a large file in an HTML &lt;textarea&gt;.<br>
-Adjust $MAX_EDIT_SIZE in the configuration section of OneFileCMS as needed.<br>
-A simple trial and error test can determine a practical limit for a given browser/computer.';
+'<b>'.hsc($_['too_large_to_edit_01a']).number_format($MAX_EDIT_SIZE).' '.hsc($_['too_large_to_edit_01b']).'</b><br>'.
+hsc($_['too_large_to_edit_02']).'<br>'.hsc($_['too_large_to_edit_03']).'<br>'.hsc($_['too_large_to_edit_04']);
+
 	$too_large_to_view_message = 
-'<b>View disabled. Filesize &gt; '.number_format($MAX_VIEW_SIZE).' bytes.</b><br>
-Click the the file name above to view as normally rendered in a browser window.<br>
-Adjust $MAX_VIEW_SIZE in the configuration section of OneFileCMS as needed.<br>
-(The default value is completely arbitrary, and may be adjusted as desired to suit individual perceptions of reality.)';
+'<b>'.hsc($_['too_large_to_view_01a']).number_format($MAX_VIEW_SIZE).' '.hsc($_['too_large_to_view_01b']).'</b><br>'.
+hsc($_['too_large_to_view_02']).'<br>'.hsc($_['too_large_to_view_03']).'<br>'.hsc($_['too_large_to_view_04']);
 
 	echo '<h2 id="edit_header">'.$header2;
 	echo '<a class="filename" href="/'.URLencode_path($filename).'" target="_blank">'.htmlentities(basename($filename)).'</a>';
 	echo '</h2>'.PHP_EOL;
-?>
-	<div class="edit_btns_top">
-		<div class="file_meta">
-			<span class="meta_size">Filesize: <?php echo number_format(filesize($filename)); ?> bytes</span> &nbsp; 
-			<span class="meta_time">Updated: <script>FileTimeStamp(<?php echo filemtime($filename); ?>, 1, 1);</script></span><br>
-		</div>
 
-		<div class="buttons_right">
-			<?php if ( $text_editable ) { ?>
-				<input type="button" id="wide_view" class="button" value="Wide View" onclick="Wide_View();">
-			<?php } ?>
-			<input type="button" id="close1" class="button" value="Close" 
-				onclick="parent.location = '<?php echo $ONESCRIPT.$param1 ?>'">
-			<script>document.getElementById('close1').focus();</script>
-		</div>
-		<div style="clear:both"></div>
-	</div>
-<?php
+	Edit_Page_buttons_top($text_editable);
+
 	Edit_Page_form($ext, $text_editable, $too_large_to_edit, $too_large_to_edit_message);
 	
 	if ( in_array( $ext, $itypes) ) { show_image(); }
@@ -1040,7 +1280,7 @@ function Edit_Page() { //*******************************************************
 		echo '<p class="edit_disabled">'.$too_large_to_view_message.'</p>';
 	}
 	elseif ( $text_editable && $too_large_to_edit ){ 
-		$filecontent = htmlspecialchars(file_get_contents($filename), ENT_COMPAT,'UTF-8');
+		$filecontent = hsc(file_get_contents($filename), ENT_COMPAT,'UTF-8');
 		echo '<pre class="edit_disabled view_file">'.$filecontent.'</pre>';
 	}
 }//End Edit_Page ***************************************************************
@@ -1049,16 +1289,16 @@ function Edit_Page() { //*******************************************************
 
 
 function Edit_response(){ //***If on Edit page, and [Save] clicked *************
-	global $filename, $message, $EX;
+	global $_, $EX, $message, $filename;
 	$filename = $_POST["filename"];
 	$content  = $_POST["content"];
 
 	$bytes = file_put_contents($filename, $content);
 
 	if ($bytes !== false) {
-		$message .= '<b>File saved: '.$bytes.' bytes written.</b>';
+		$message .= '<b>'.hsc($_['edit_msg_01']).' '.$bytes.' '.hsc($_['edit_msg_02']).'</b>';
 	}else{
-		$message .= $EX.' <b>There was an error saving file.</b>';
+		$message .= $EX.'<b>'.hsc($_['edit_msg_03']).'</b>';
 	}
 }//end Edit_response() *********************************************************
 
@@ -1066,7 +1306,7 @@ function Edit_response(){ //***If on Edit page, and [Save] clicked *************
 
 
 function Upload_Page() { //*****************************************************
-	global $ONESCRIPT, $ipath, $param1, $INPUT_NUONCE;
+	global $_, $ONESCRIPT, $ipath, $param1, $INPUT_NUONCE;
 
 	//Determine $MAX_FILE_SIZE to upload
 	$upload_max_filesize = ini_get('upload_max_filesize'); //This should be < post_max_size,
@@ -1083,17 +1323,17 @@ function shorthand_to_int($SHORTHAND){ //*******************
 	$UMF = shorthand_to_int($upload_max_filesize);
 	$PMS = shorthand_to_int($post_max_size);
 
-	if ($UMF <= $PMS){ $MAX_FILE_SIZE = $UMF; $max_msg = $upload_max_filesize.' &nbsp; per upload_max_filesize in php.ini.'; }
-	else             { $MAX_FILE_SIZE = $PMS; $max_msg = $post_max_size.' &nbsp; per post_max_size in php.ini'; }
+	if ($UMF <= $PMS){ $MAX_FILE_SIZE = $UMF; $max_msg = $upload_max_filesize.' '.hsc($_['upload_txt_01']); }
+	else             { $MAX_FILE_SIZE = $PMS; $max_msg = $post_max_size      .' '.hsc($_['upload_txt_02']); }
 ?>
-	<h2>Upload File</h2>
-	<p>Note: Maximum upload file size is: <?php echo $max_msg; ?></p>
+	<h2><?php echo hsc($_['upload_h2']) ?></h2>
+	<p><?php echo hsc($_['upload_txt_03']).$max_msg; ?></p>
 	<form enctype="multipart/form-data" action="<?php echo $ONESCRIPT.$param1; ?>&amp;p=uploaded" method="post">
 		<?php echo $INPUT_NUONCE; ?>
 		<input type="hidden" name="MAX_FILE_SIZE" value="<?php echo $MAX_FILE_SIZE ?>"> 
-		<input type="hidden" name="upload_destination" value="<?php echo htmlspecialchars($ipath); ?>" >
+		<input type="hidden" name="upload_destination" value="<?php echo hsc($ipath); ?>" >
 		<input type="file"   name="upload_file" id="upload_file" size="100">
-		<?php Cancel_Submit_Buttons("Upload","cancel"); ?>
+		<?php Cancel_Submit_Buttons(hsc($_['Upload']),"cancel"); ?>
 	</form>
 <?php 
 } //end Upload_Page() **********************************************************
@@ -1102,36 +1342,36 @@ function shorthand_to_int($SHORTHAND){ //*******************
 
 
 function Upload_response() { //*************************************************
-	global $filename, $message, $EX, $page;
+	global $_, $filename, $message, $EX, $page;
 	$filename    = $_FILES['upload_file']['name'];
 	$destination = Check_path($_POST["upload_destination"]);
 	$page  = "index";
 	$MAXUP1 = ini_get('upload_max_filesize');
-	$MAXUP2 = number_format ($_POST['MAX_FILE_SIZE']).' bytes';
+	$MAXUP2 = number_format($_POST['MAX_FILE_SIZE']).hsc($_['bytes_01']);
 	$ERROR = $_FILES['upload_file']['error'];
 
-	if     ( $ERROR == 1 ){ $ERRMSG = 'Error 1: File too large.  upload_max_filesize = '.$MAXUP1.' (From php.ini)';}
-	elseif ( $ERROR == 2 ){ $ERRMSG = 'Error 2: File too large.  $MAX_FILE_SIZE = '.$MAXUP2.' (From OneFileCMS)';}
-	elseif ( $ERROR == 3 ){ $ERRMSG = 'Error 3: The uploaded file was only partially uploaded.'; }
-	elseif ( $ERROR == 4 ){ $ERRMSG = 'Error 4: No file was uploaded. '; }
-	elseif ( $ERROR == 5 ){ $ERRMSG = 'Error 5. '; }
-	elseif ( $ERROR == 6 ){ $ERRMSG = 'Error 6: Missing a temporary folder.'; }
-	elseif ( $ERROR == 7 ){ $ERRMSG = 'Error 7: Failed to write file to disk.'; }
-	elseif ( $ERROR == 8 ){ $ERRMSG = 'Error 8: A PHP extension stopped the file upload.'; }
+	if     ( $ERROR == 1 ){ $ERRMSG = hsc($_['upload_err_01a']).' upload_max_filesize = '.$MAXUP1.' '.hsc($_['upload_err_01b']);}
+	elseif ( $ERROR == 2 ){ $ERRMSG = hsc($_['upload_err_02a']).' $MAX_FILE_SIZE = '     .$MAXUP2.' '.hsc($_['upload_err_02b']);}
+	elseif ( $ERROR == 3 ){ $ERRMSG = hsc($_['upload_err_03']); }
+	elseif ( $ERROR == 4 ){ $ERRMSG = hsc($_['upload_err_04']); }
+	elseif ( $ERROR == 5 ){ $ERRMSG = hsc($_['upload_err_05']); }
+	elseif ( $ERROR == 6 ){ $ERRMSG = hsc($_['upload_err_06']); }
+	elseif ( $ERROR == 7 ){ $ERRMSG = hsc($_['upload_err_07']); }
+	elseif ( $ERROR == 8 ){ $ERRMSG = hsc($_['upload_err_08']); }
 	else                  { $ERRMSG = ''; }
 
 	if (($filename == "")){ 
-		$message .= $EX.' <b>No file selected for upload... </b>';
+		$message .= $EX.'<b>'.hsc($_['upload_msg_01']).'</b>';
 	}elseif (($destination != "") && !is_dir($destination)) {
-		$message .= $EX.' Destination folder does not exist: <br><b>';
-		$message .= htmlentities($WEB_ROOT.$destination).'</b><br><b>Upload cancelled.</b>';
+		$message .= $EX.hsc($_['upload_msg_02']).'<br><b>';
+		$message .= htmlentities($WEB_ROOT.$destination).'</b><br>'.hsc($_['upload_msg_03']).'</b>';
 	}else{
-		$message .= 'Uploading: "<b>'.htmlentities($filename).'</b>"...';
+		$message .= hsc($_['upload_msg_04']).' "<b>'.htmlentities($filename).'</b>"...';
 		$savefile = ordinalize($destination, $filename, $savefile_msg);
 		if(move_uploaded_file($_FILES['upload_file']['tmp_name'], $savefile)) {
-			$message .= '<br>Upload successful! '.$savefile_msg;
+			$message .= '<br>'.hsc($_['upload_msg_05']).' '.$savefile_msg;
 		} else{
-			$message .= '<br>'.$EX.' <b> Upload failed: </b>'.$ERRMSG.'';
+			$message .= '<br>'.$EX.'<b>'.hsc($_['upload_msg_06']).'</b> '.$ERRMSG.'';
 		}
 	}
 }//end Upload_response() *******************************************************
@@ -1140,14 +1380,14 @@ function Upload_response() { //*************************************************
 
 
 function New_File_Page() { //***************************************************
-	global $FORM_COMMON, $INVALID_CHARS;
+	global $_, $FORM_COMMON, $INVALID_CHARS;
 ?>
-	<h2>New File</h2>
+	<h2><?php echo hsc($_['new_file_h2']) ?></h2>
 	<?php echo $FORM_COMMON ?>
-		<p>File will be created in the current folder. &nbsp;
-		Some invalid characters are: <span class="mono"><?php echo htmlentities($INVALID_CHARS) ?></span></p>
+		<p><?php echo hsc($_['new_file_txt_01']) . hsc($_['new_file_txt_02']) ?>
+		<span class="mono"><?php echo htmlentities($INVALID_CHARS) ?></span></p>
 		<input type="text" name="new_file" id="new_file" value="">
-		<?php Cancel_Submit_Buttons("Create","new_file"); ?>
+		<?php Cancel_Submit_Buttons(hsc($_['Create']),"new_file"); ?>
 	</form>
 <?php 
 }//end New_File_Page()**********************************************************
@@ -1156,7 +1396,7 @@ function New_File_Page() { //***************************************************
 
 
 function New_File_response() { //***********************************************
-	global $ipath, $param2, $param3, $filename, $page, $message, $EX, $INVALID_CHARS, $INVALID_CHARS_array;
+	global $_, $ipath, $param2, $param3, $filename, $page, $message, $EX, $INVALID_CHARS, $INVALID_CHARS_array;
 
 	$new_name = trim($_POST["new_file"],'/ '); //Trim spaces and slashes.
 	$filename = $ipath.$new_name;
@@ -1168,22 +1408,22 @@ function New_File_response() { //***********************************************
 	}
 
 	if ($invalid){
-		$message .= $EX.' <b>New file not created:</b> '.htmlentities($new_name).'<br>'.
-			'<b> &nbsp; &nbsp; &nbsp; Name contains invalid character(s): '.
+		$message .= $EX.'<b>'.hsc($_['new_file_msg_01']).'</b> '.htmlentities($new_name).'<br>'.
+			'<b> &nbsp; &nbsp; &nbsp; '.hsc($_['new_file_msg_02']).
 			'<span class="mono">'.htmlentities($INVALID_CHARS).'</span></b>';
 	}elseif ($new_name == ""){ 
-		$message .= $EX.' <b>New file not created -</b> no name given';
+		$message .= $EX.'<b>'.hsc($_['new_file_msg_03']).'</b>';
 	}elseif (file_exists($filename)) {
-		$message .= $EX.' <b>File already exists: ';
+		$message .= $EX.'<b>'.hsc($_['new_file_msg_04']);
 		$message .= htmlentities($new_name).'</b>';
 	}elseif ($handle = fopen($filename, 'w')) {
 		fclose($handle);
-		$message .= '<b>Created file:</b> '.htmlentities($new_name);
+		$message .= '<b>'.hsc($_['new_file_msg_05']).'</b> '.htmlentities($new_name);
 		$page     = "edit";
 		$param2   = '&amp;f='.rawurlencode(basename($filename));// for Edit_Page() buttons
 		$param3   = '&amp;p=edit';                              // for Edit_Page() buttons 
 	}else{
-		$message .= $EX.' <b>Error - new file not created:<br>';
+		$message .= $EX.'<b>'.hsc($_['new_file_msg_06']);
 		$message .= htmlentities($new_name);
 	}
 }//end New_File_response() *****************************************************
@@ -1193,24 +1433,24 @@ function New_File_response() { //***********************************************
 
 function Copy_Ren_Move_Page($action, $title, $name_id, $isfile) { //************
 	//$action = 'Copy' or 'Rename'. $isfile = 1 if acting on a file, not a folder
-	global $WEB_ROOT, $ipath, $filename, $FORM_COMMON;
+	global $_, $WEB_ROOT, $ipath, $filename, $FORM_COMMON;
 	if ($isfile) { $old_name = $filename; }else{ $old_name = $ipath; }
 	if ($isfile) { $new_name = $filename; }else{ $new_name = $ipath; }
-	if ($action == "Copy" ) { $new_name = ordinalize($ipath, basename($filename), $msg); }
+	//if ($action == "Copy" ) { $new_name = ordinalize($ipath, basename($filename), $msg); }
 ?>
 	<h2><?php echo $action.' '.$title ?></h2>
-	<p>To move a file or folder, change the path/to/folder/or_file. The new location must already exist.</p>
+	<p><?php echo hsc($_['CRM_txt_01']) ?></p>
 	<?php echo $FORM_COMMON ?>
 		<p>
-			<label>Old name:</label>
+			<label><?php echo hsc($_['CRM_txt_02']) ?></label>
 			<span class="web_root"><?php echo htmlentities($WEB_ROOT); ?></span><input type="text" 
-				name="old_name" value="<?php echo htmlspecialchars($old_name); ?>" readonly="readonly">
+				name="old_name" value="<?php echo hsc($old_name); ?>" readonly="readonly">
 		</p>
 		<p>
-			<label>New name:</label>
+			<label><?php echo hsc($_['CRM_txt_03']) ?></label>
 			<span class="web_root"><?php echo htmlentities($WEB_ROOT); ?></span><input type="text" 
 				name="<?php echo $name_id ?>" id="<?php echo $name_id ?>" 
-				value="<?php echo htmlspecialchars($new_name); ?>">
+				value="<?php echo hsc($new_name); ?>">
 		</p>
 		<?php Cancel_Submit_Buttons($action, $name_id); ?>
 	</form>
@@ -1223,7 +1463,7 @@ function Copy_Ren_Move_Page($action, $title, $name_id, $isfile) { //************
 //******************************************************************************
 function Copy_Ren_Move_response($old_name, $new_name, $action, $msg1, $msg2, $isfile){
 	//$action = 'copy' or 'rename'. $isfile = 1 if acting on a file, not a folder
-	global $WEB_ROOT, $ipath, $param1, $param2, $message, $EX, $page, $filename;
+	global $_, $WEB_ROOT, $ipath, $param1, $param2, $message, $EX, $page, $filename;
 
 	$old_name = trim($old_name,'/ ');
 	$new_name = trim($new_name,'/ ');
@@ -1232,17 +1472,17 @@ function Copy_Ren_Move_response($old_name, $new_name, $action, $msg1, $msg2, $is
 	if ($isfile) { $page = "edit"; }else{ $page = "index"; }
 	
 	if ( !is_dir($new_location) ){
-		$message .= $EX.' <b>'.$msg1.' Error - new parent location does not exist:</b><br>';
+		$message .= $EX.'<b>'.$msg1.' '.hsc($_['CRM_msg_01']).'</b><br>';
 		$message .= htmlentities($WEB_ROOT.$new_location).'/<br>';
 	}elseif ( !file_exists($filename) ){
-		$message .= $EX.' <b>'.$msg1.' Error - source file does not exist:</b><br>';
+		$message .= $EX.'<b>'.$msg1.' '.hsc($_['CRM_msg_02']).'</b><br>';
 		$message .= htmlentities($filename);
 	}elseif (file_exists($new_name)) {
-		$message .= $EX.' <b>'.$msg1.' Error - target filename already exists:<br>';
+		$message .= $EX.'<b>'.$msg1.' '.hsc($_['CRM_msg_03']).'<br>';
 		$message .= htmlentities($WEB_ROOT.$new_name).'</b>';
 	}elseif ($action($old_name, $new_name)) {
 		$message .= '<b>'.htmlentities($WEB_ROOT.$old_name).'</b><br>';
-		$message .= ' --- '.$msg2.' to ---<br>';
+		$message .= ' --- '.$msg2.' '.hsc($_['CRM_msg_04']).' ---<br>';
 		$message .= '<b>'.htmlentities($WEB_ROOT.$new_name).'</b>';
 		$filename = $new_name; //so edit page knows what to edit
 		if ($isfile) { $ipath = Check_path(dirname($filename)); } //if changed,
@@ -1252,7 +1492,7 @@ function Copy_Ren_Move_response($old_name, $new_name, $action, $msg1, $msg2, $is
 		$param3   = '&amp;p=edit';
 	}else{
 		$message .= '<b>'.htmlentities($WEB_ROOT.$old_name).'</b><br>';
-		$message .= $EX.' <b>Error during '.$msg1.' from the above to the following:</b><br>';
+		$message .= $EX.'<b>'.hsc($_['CRM_msg_05a']).' '.$msg1.' '.hsc($_['CRM_msg_05b']).'</b><br>';
 		$message .= '<b>'.htmlentities($WEB_ROOT.$new_name).'</b>';
 	}
 }//end Copy_Ren_Move_response() ************************************************
@@ -1261,14 +1501,14 @@ function Copy_Ren_Move_response($old_name, $new_name, $action, $msg1, $msg2, $is
 
 
 function Delete_File_Page() { //************************************************
-	global $filename, $FORM_COMMON;
+	global $_, $filename, $FORM_COMMON;
 ?>
-	<h2>Delete File</h2>
+	<h2><?php echo hsc($_['delete_h2']) ?></h2>
 	<?php echo $FORM_COMMON ?>
-		<input type="hidden" name="delete_file" value="<?php echo htmlspecialchars($filename); ?>" >
+		<input type="hidden" name="delete_file" value="<?php echo hsc($filename); ?>" >
 		<span class="verify"><?php echo htmlentities(basename($filename)); ?></span>
-		<p><b>Are you sure?</b></p>
-		<?php Cancel_Submit_Buttons("DELETE", "cancel"); ?>
+		<p><b><?php echo hsc($_['delete_txt_01']) ?></b></p>
+		<?php Cancel_Submit_Buttons(hsc($_['DELETE']), "cancel"); ?>
 	</form>
 <?php 
 } //end Delete_File_Page() *****************************************************
@@ -1277,15 +1517,15 @@ function Delete_File_Page() { //************************************************
 
 
 function Delete_File_response(){ //*********************************************
-	global $filename, $message, $EX, $page;
+	global $_, $filename, $message, $EX, $page;
 
 	$page = "index"; //Return to index
 	$filename = $_POST["delete_file"];
 
 	if (unlink($filename)) {
-		$message .= '<b>Deleted file:</b> '.htmlentities(basename($filename));
+		$message .= '<b>'.hsc($_['delete_msg_01']).' '.htmlentities(basename($filename)).'</b>';
 	}else{
-		$message .= $EX.' <b>Error deleting "'.htmlentities($filename).'"</b>.';
+		$message .= $EX.'<b>'.hsc($_['delete_msg_02']).' "'.htmlentities($filename).'"</b>.';
 		$page = "edit";
 	}
 }//end Delete_File_response() **************************************************
@@ -1294,14 +1534,14 @@ function Delete_File_response(){ //*********************************************
 
 
 function New_Folder_Page() { //*************************************************
-	global $FORM_COMMON, $INVALID_CHARS;
+	global $_, $FORM_COMMON, $INVALID_CHARS;
 ?>
-	<h2>New Folder</h2>
+	<h2><?php echo hsc($_['new_folder_h2']) ?></h2>
 	<?php echo $FORM_COMMON ?>
-		<p>Folder will be created in the current folder. &nbsp;
-		Some invalid characters are: <span class="mono"><?php echo htmlentities($INVALID_CHARS) ?></span></p>
+		<p><?php echo hsc($_['new_folder_txt_1']) ?>
+		<?php echo hsc($_['new_folder_txt_2']) ?> <span class="mono"><?php echo htmlentities($INVALID_CHARS) ?></span></p>
 		<input type="text" name="new_folder" id="new_folder" value="">
-		<?php Cancel_Submit_Buttons("Create","new_folder"); ?>
+		<?php Cancel_Submit_Buttons(hsc($_['Create']),"new_folder"); ?>
 	</form>
 <?php 
 } //end New_Folder_Page() ******************************************************
@@ -1310,7 +1550,7 @@ function New_Folder_Page() { //*************************************************
 
 
 function New_Folder_response(){ //**********************************************
-	global $ipath, $param1, $page, $message, $EX, $INVALID_CHARS, $INVALID_CHARS_array;
+	global $_, $ipath, $param1, $page, $message, $EX, $INVALID_CHARS, $INVALID_CHARS_array;
 
 	$new_name = trim($_POST["new_folder"],'/ '); //Trim spaces, and make sure only has a single trailing slash.
 
@@ -1323,20 +1563,20 @@ function New_Folder_response(){ //**********************************************
 	$new_ipath = $ipath.$new_name.'/';
 
 	if ($invalid){
-		$message .= $EX.' <b>New folder not created:</b> '.htmlentities($new_name).'<br>'.
-			'<b> &nbsp; &nbsp; &nbsp; Name contains invalid character(s): '.
+		$message .= $EX.'<b>'.hsc($_['new_folder_msg_01']).'</b> '.htmlentities($new_name).'<br>'.
+			'<b>'.hsc($_['new_folder_msg_02']).
 			'<span class="mono">'.htmlentities($INVALID_CHARS).'</span></b>';
 	}elseif ($new_name == ""){ 
-		$message .= $EX.' <b>New folder not created - no name given.</b>';
+		$message .= $EX.'<b>'.hsc($_['new_folder_msg_03']).'</b>';
 	}elseif (is_dir($new_ipath)) {
-		$message .= $EX.' <b>Folder already exists: ';
+		$message .= $EX.'<b>'.hsc($_['new_folder_msg_04']).' ';
 		$message .= htmlentities($new_ipath).'</b>';
 	}elseif (mkdir($new_ipath)) {
-		$message .= '<b>Created folder:</b> '.htmlentities($new_name);
+		$message .= '<b>'.hsc($_['new_folder_msg_05']).'</b> '.htmlentities($new_name);
 		$ipath    = $new_ipath;  //return to new folder
 		$param1   = '?i='.URLencode_path($ipath);
 	}else{
-		$message .= $EX.' <b>Error - new folder not created: </b><br>';
+		$message .= $EX.'<b>'.hsc($_['new_folder_msg_06']).' </b><br>';
 		$message .= htmlentities($new_name);
 	}
 }//end New_Folder_response *****************************************************
@@ -1345,15 +1585,15 @@ function New_Folder_response(){ //**********************************************
 
 
 function Delete_Folder_Page(){ //***********************************************
-	global $WEB_ROOT, $ipath, $FORM_COMMON;
+	global $_, $WEB_ROOT, $ipath, $FORM_COMMON;
 ?>
-	<h2>Delete Folder</h2>
+	<h2><?php echo hsc($_['delete_folder_h2']) ?></h2>
 	<?php echo $FORM_COMMON ?>
-		<input type="hidden" name="delete_folder" value="<?php echo htmlspecialchars($ipath); ?>" >
+		<input type="hidden" name="delete_folder" value="<?php echo hsc($ipath); ?>" >
 		<span class="web_root"><?php echo htmlentities($WEB_ROOT.Check_path(dirname($ipath))); ?></span><span 
 		class="verify"><?php echo htmlentities(basename($ipath)); ?></span> /
-		<p><b>Are you sure?</b></p>
-		<?php Cancel_Submit_Buttons("DELETE", "cancel"); ?>
+		<p><b><?php echo hsc($_['delete_folder_txt_01']) ?></b></p>
+		<?php Cancel_Submit_Buttons(hsc($_['DELETE']), "cancel"); ?>
 	</form>
 <?php 
 } //end Delete_Folder_Page() //*************************************************
@@ -1367,14 +1607,14 @@ function Delete_Folder_response() { //******************************************
 	$foldername = trim($_POST["delete_folder"], '/');
 
 	if ( !is_empty($ipath) ) {
-		$message .= $EX.' <b>Folder not empty. &nbsp; Folders must be empty before they can be deleted.</b>';
+		$message .= $EX.'<b>'.hsc($_['delete_folder_msg_01']).'</b>';
 		$page = "index";
 	}elseif (@rmdir($foldername)) {
-		$message .= '<b>Deleted folder:</b> '.htmlentities(basename($foldername));
+		$message .= '<b>'.hsc($_['delete_folder_msg_02']).'</b> '.htmlentities(basename($foldername));
 		$ipath  = Check_path($foldername); //Return to parent dir.
 		$param1 = '?i='.URLencode_path($ipath);
 	}else {
-		$message .= $EX.' <b>"'.htmlentities($foldername).'/"</b> an error occurred during delete.';
+		$message .= $EX.'<b>"'.htmlentities($foldername).'/"</b> '.hsc($_['delete_folder_msg_03']);
 	}
 }//end Delete_Folder_response() ************************************************
 
@@ -1382,19 +1622,19 @@ function Delete_Folder_response() { //******************************************
 
 
 function Page_Title(){ //***<title>Page_Title()</title>*************************
-	global $page;
-
-	if     ($page == "login")        { return "Log In";         }
-	elseif ($page == "hash")         { return "Hash";           }
-	elseif ($page == "edit")         { return "Edit/View File"; }
-	elseif ($page == "upload")       { return "Upload File";    }
-	elseif ($page == "newfile")      { return "New File";       }
-	elseif ($page == "copy" )        { return "Copy";           }
-	elseif ($page == "rename")       { return "Rename File";    }
-	elseif ($page == "delete")       { return "Delete";         }
-	elseif ($page == "newfolder")    { return "New Folder";     }
-	elseif ($page == "renamefolder") { return "Rename Folder";  }
-	elseif ($page == "deletefolder") { return "Delete Folder";  }
+	global $_, $page;
+
+	if     ($page == "login")        { return hsc($_['page_title_login']);     }
+	elseif ($page == "hash")         { return hsc($_['page_title_hash']);      }
+	elseif ($page == "edit")         { return hsc($_['page_title_edit']);      }
+	elseif ($page == "upload")       { return hsc($_['page_title_upload']);    }
+	elseif ($page == "newfile")      { return hsc($_['page_title_new_file']);  }
+	elseif ($page == "copy" )        { return hsc($_['page_title_copy']);      }
+	elseif ($page == "rename")       { return hsc($_['page_title_ren']);       }
+	elseif ($page == "delete")       { return hsc($_['page_title_del']);       }
+	elseif ($page == "newfolder")    { return hsc($_['page_title_folder_new']);}
+	elseif ($page == "renamefolder") { return hsc($_['page_title_folder_ren']);}
+	elseif ($page == "deletefolder") { return hsc($_['page_title_folder_del']);}
 	else                             { return $_SERVER['SERVER_NAME']; }
 }//end Page_Title() ************************************************************
 
@@ -1402,18 +1642,18 @@ function Page_Title(){ //***<title>Page_Title()</title>*************************
 
 
 function Load_Selected_Page(){ //***********************************************
-	global $ONESCRIPT, $page;
+	global $_, $ONESCRIPT, $page;
 
 	if     ($page == "login")        { Login_Page();         }
 	elseif ($page == "hash")         { Hash_Page();          }
 	elseif ($page == "edit")         { Edit_Page();          }
 	elseif ($page == "upload")       { Upload_Page();        }
 	elseif ($page == "newfile")      { New_File_Page();      }
-	elseif ($page == "copy")         { Copy_Ren_Move_Page('Copy', 'File', 'copy_file', 1); }
-	elseif ($page == "rename")       { Copy_Ren_Move_Page('Rename', 'File', 'rename_file', 1); }
+	elseif ($page == "copy")         { Copy_Ren_Move_Page(hsc($_['Copy']),   hsc($_['File']), 'copy_file', 1); }
+	elseif ($page == "rename")       { Copy_Ren_Move_Page(hsc($_['Rename']), hsc($_['File']), 'rename_file', 1); }
 	elseif ($page == "delete")       { Delete_File_Page();   }
 	elseif ($page == "newfolder")    { New_Folder_Page();    }
-	elseif ($page == "renamefolder") { Copy_Ren_Move_Page('Rename', 'Folder', 'rename_folder', 0); }
+	elseif ($page == "renamefolder") { Copy_Ren_Move_Page(hsc($_['Rename']), hsc($_['Folder']), 'rename_folder', 0); }
 	elseif ($page == "deletefolder") { Delete_Folder_Page(); }
 	else                             { Index_Page();         } //default
 }//end Load_Selected_Page() ****************************************************
@@ -1422,6 +1662,7 @@ function Load_Selected_Page(){ //***********************************************
 
 
 function Timer_scripts() { //***************************************************
+	global $_;
 ?>
 <script>
 //pad() is also used by the Time_Stamp_scripts()
@@ -1454,7 +1695,7 @@ function Countdown(count, End_Time, Timer_ID, Timer_CLASS, Action){
 
 	if ( count < 1 ) {
 		if ( Action == 'LOGOUT') { 
-			Timer.innerHTML = 'SESSION EXPIRED';
+			Timer.innerHTML = '<?php echo addslashes($_['session_expired']) ?>';
 			//Load login screen, but delay first to make sure really expired:
 			setTimeout('window.location = window.location.pathname',3000); //1000 = 1 second
 		}
@@ -1526,33 +1767,31 @@ function FileTimeStamp(php_filemtime, show_date, show_offset){
 
 
 function Edit_Page_scripts() { //***********************************************
+	global $_;
 ?>
 	<!--======== Provide feedback re: unsaved changes ========-->
 	<script>
-	
-	var File_textarea    = document.getElementById('file_contents');
-	var Save_File_button = document.getElementById('save_file');
-	var Reset_button     = document.getElementById('reset');
+	// a few var's for Wide_View()
 	var Main_div		 = document.getElementById('main');
 	var Wide_View_button = document.getElementById('wide_view');
-
 	var main_width_default = Main_div.style.width ;
-	var start_value = File_textarea.value;
-	var submitted   = false
-	var changed     = false;
-
 
 	function Wide_View() {
-		//File_textarea.style.width = '100%';
+		if ( File_textarea != null ) { File_textarea.style.width = '99.8%'; }
+		
 		if (Main_div.style.width == '95%') {
 			Main_div.style.width = main_width_default;
-			Wide_View_button.value = 'Wide View';
+			Wide_View_button.value = "<?php echo addslashes($_['Wide_View'])?>"; //'<?php echo $_['Wide_View'] ?>';
 		}else{
 			Main_div.style.width = '95%';
-			Wide_View_button.value = 'Normal View';
+			Wide_View_button.value = '<?php echo addslashes($_['Normal_View']) ?>';
 		}
 	}
 
+	var File_textarea    = document.getElementById('file_contents');
+	var Save_File_button = document.getElementById('save_file');
+	var Reset_button     = document.getElementById('reset');
+	var start_value      = File_textarea.value;
 
 	// The following events only apply when the element is active.
 	// [Save] is disabled unless there are changes to the open file.
@@ -1562,6 +1801,8 @@ function Wide_View() {
 	Save_File_button.onmouseout  = function() {Save_File_button.style.backgroundColor = "#Fee";}
 
 
+	var submitted   = false;
+	var changed     = false;
 
 	function Reset_file_status_indicators() {
 		changed = false;
@@ -1572,14 +1813,13 @@ function Reset_file_status_indicators() {
 		Save_File_button.disabled = "disabled";
 		Save_File_button.value = "Save";
 		Reset_button.disabled = "disabled";
-		//File_textarea.focus();
 	}
 
 
 	window.onbeforeunload = function() {
 		if ( changed && !submitted) { 
 			//FF4+ Ingores the supplied msg below & only uses a system msg for the prompt.
-			return "               Unsaved changes will be lost!";
+			return "<?php echo addslashes($_['unload_unsaved']) ?>";
 		}
 	}
 
@@ -1633,14 +1873,14 @@ function Check_for_changes(event){
 	//the text stays changed, but "changed" gets set to false, which looses warning.
 	function Reset_File() {
 		if (changed) {
-			if ( !(confirm("Reset file and loose unsaved changes?")) ) { return; }
+			if ( !(confirm("<?php echo addslashes($_['confirm_reset']) ?>")) ) { return; }
 		}
 		File_textarea.value = start_value;
 		Reset_file_status_indicators();
 		setSelRange(File_textarea, 0, 0) //Move cursor to start of textarea.
 	}
-	
-	Reset_file_status_indicators()
+
+	Reset_file_status_indicators();
 	</script>
 <?php 
 }//End Edit_Page_scripts() *****************************************************
@@ -1651,7 +1891,7 @@ function Reset_File() {
 function style_sheet(){ //****************************************************?>
 <style>
 /* --- reset --- */
-* { border : 0; outline: 0; margin : 0; padding: 0;
+* { border : 0; outline: 0; margin: 0; padding: 0;
     font-family: inherit; font-weight: inherit; font-style : inherit;
     font-size  : 100%; vertical-align: baseline; }
 
@@ -1660,7 +1900,7 @@ function style_sheet(){ //****************************************************?>
 
 body { font-size: 1em; background: #DDD; font-family: sans-serif; }
 
-p, table { margin-bottom: .8em; margin-top: .8em;}
+p, table { margin-bottom: .6em;}
 
 div { position: relative; }
 
@@ -1711,7 +1951,7 @@ function style_sheet(){ //****************************************************?>
 
 #logo {
 	font-family: 'Trebuchet MS', sans-serif;
-	font-size:2.2em;
+	font-size:2em;
 	font-weight: bold;
 	color: black;
 	padding: .1em;
@@ -1827,25 +2067,16 @@ function style_sheet(){ //****************************************************?>
 .front_links a:hover  { background-color: rgb(255,250,150); }
 .front_links a:focus  { background-color: rgb(255,250,150); }
 
+input { margin-bottom: .6em; }
 
 input[type="text"] {
 	border: 1px solid #807568;
+	margin-bottom: .6em;
 	padding: 2px;
 	width: 50em;
 	font: 1em "Courier New", Courier, monospace;
 	}
 
-.edit_disabled { 
-	border : 1px solid #807568;
-	width  : 99%;
-	padding: .2em;
-	margin : .5em 0 0 0;
-	background-color: #FFF000; color: #333;
-	line-height: 1.4em;
-	}
-
-.view_file {font-family: courier; font-size: .9em; background-color: #F8F8F8;}
-
 
 input:focus { background-color: rgb(255,250,150); }
 
@@ -1878,7 +2109,7 @@ function style_sheet(){ //****************************************************?>
 .nav {
 	float     : right;
 	display   : inline-block;
-	margin-top: 1.6em;
+	margin-top: 1.35em;
 	font-size : 1em;
 	}
 
@@ -1902,12 +2133,23 @@ function style_sheet(){ //****************************************************?>
 
 #edit_form    {margin: 0;}
 
+.edit_disabled { 
+	border : 1px solid #807568;
+	width  : 99%;
+	padding: .2em;
+	margin : .5em 0 0 0;
+	background-color: #FFF000; color: #333;
+	line-height: 1.4em;
+	}
+
+.view_file { font: .9em Courier; background-color: #F8F8F8; }
+
 #file_contents {
 	border: 1px solid #999;
-	font  : .95em "Courier New", Courier, monospace;
-	margin: 0 0 0 0; /*T R B L*/
-	width : 99.7%;
-	height: 30em;
+	font  : .9em Courier;
+	margin: 0 0 .6em 0;
+	width : 99.8%;
+	height: 32em;
 }
 
 #file_contents:focus { border: 1px solid #Fdd; }
@@ -1916,6 +2158,7 @@ function style_sheet(){ //****************************************************?>
 
 #edit_notes   {font-size: .8em; color: #333 ;margin-top: 1em; clear:both;}
 
+.notes {margin-bottom: .4em;}
 
 
 /* --- log in --- */
@@ -1923,7 +2166,7 @@ function style_sheet(){ //****************************************************?>
 .login_page {
 	margin  : 5em auto;
 	border  : 1px solid #807568;
-	padding : .5em 1em .6em 1em;
+	padding : .5em 1em .2em 1em;
 	width   : 370px;
 	}
 
@@ -1942,6 +2185,7 @@ function style_sheet(){ //****************************************************?>
 
 #upload_file {
 	border: 1px solid #807568;
+	margin-bottom: .6em;
 	padding: 2px;
 	width: 50em;
 	}
@@ -1953,7 +2197,7 @@ function style_sheet(){ //****************************************************?>
 	display : block;
 	position: relative;
 	padding : 0;
-	margin  : .8em auto;
+	margin  : .6em auto;
 	width   : 100%;
 	clear   : both;
 	border  : none;
@@ -1990,7 +2234,7 @@ function style_sheet(){ //****************************************************?>
 
 .edit_btns_top    { margin: .2em 0 .5em 0;}
 
-.edit_btns_bottom { margin: .6em 0 0 0; float: right; }
+.edit_btns_bottom { float: right; }
 .edit_btns_bottom .button { margin-left: .5em; }
 </style>
 <?php 
@@ -2006,6 +2250,12 @@ function style_sheet(){ //****************************************************?>
 
 if( PHP_VERSION_ID < 50000 ) { exit("OneFileCMS requires PHP5 to operate. Tested on versions 5.2.17, 5.3.3 & 5.4"); }
 
+
+// Load language settings
+if ( is_file($LANGUAGE) ) { $_ = parse_ini_file($LANGUAGE); }
+else                      { $_ = parse_ini_string(Default_Language()); }
+
+
 Session_Startup(); 
 
 if ($_SESSION['valid']) {
@@ -2019,11 +2269,11 @@ function style_sheet(){ //****************************************************?>
 		elseif (isset($_POST["whattohash"]   )) { Hash_response();          }
 		elseif (isset($_POST["filename"]     )) { Edit_response();          }
 		elseif (isset($_POST["new_file"]     )) { New_File_response();      }
-		elseif (isset($_POST["copy_file"]    )) { Copy_Ren_Move_response($_POST[ "old_name"], $_POST["copy_file"], 'copy', 'Copy', 'Copied', 1); } 
-		elseif (isset($_POST["rename_file"]  )) { Copy_Ren_Move_response($_POST[ "old_name"], $_POST["rename_file"], 'rename', 'Rename/Move', 'Renamed/Moved', 1); } 
+		elseif (isset($_POST["copy_file"]    )) { Copy_Ren_Move_response($_POST[ "old_name"], $_POST["copy_file"], 'copy', hsc($_['Copy']), hsc($_['Copied']), 1); } 
+		elseif (isset($_POST["rename_file"]  )) { Copy_Ren_Move_response($_POST[ "old_name"], $_POST["rename_file"],   'rename', hsc($_['Ren_Move']), hsc($_['Ren_Moved']), 1); } 
 		elseif (isset($_POST["delete_file"]  )) { Delete_File_response();   }
 		elseif (isset($_POST["new_folder"]   )) { New_Folder_response();    }
-		elseif (isset($_POST["rename_folder"])) { Copy_Ren_Move_response($_POST[ "old_name"], $_POST["rename_folder"], 'rename', 'Rename/Move', 'Renamed/Moved', 0); } 
+		elseif (isset($_POST["rename_folder"])) { Copy_Ren_Move_response($_POST[ "old_name"], $_POST["rename_folder"], 'rename', hsc($_['Ren_Move']), hsc($_['Ren_Moved']), 0); } 
 		elseif (isset($_POST["delete_folder"])) { Delete_Folder_response(); }
 	}//end if ($VALID_POST) ****************************************************
 
@@ -2038,22 +2288,22 @@ function style_sheet(){ //****************************************************?>
 
 	elseif ($page == "logout") {
 		Logout();
-		$message .= 'You have successfully logged out.'; }
+		$message .= hsc($_['logout_msg']); }
 
 		//Don't load delete page if folder not empty.
 	elseif ( ($page == "deletefolder") && !is_empty($ipath) ) {
-		$message .= $EX.' <b>Folder not empty. &nbsp; Folders must be empty before they can be deleted.</b>';
+		$message .= $EX.'<b>'.hsc($_['folder_del_msg']).'</b>';
 		$page = "index";}
 
 		//if size of $_POST > post_max_size, PHP only returns empty $_POST & $_FILE arrays.
 	elseif ($page == "uploaded" && !$VALID_POST){
-		$message .= $EX.'<b> Upload Error.  Total POST data (mostly filesize) exceeded post_max_size = '.ini_get('post_max_size').' (from php.ini).</b>';
+		$message .= $EX.'<b>'.hsc($_['upload_error_01a']).ini_get('post_max_size').'</b> '.hsc($_['upload_error_01b']).'';
 		$page = "index";}
 
 	elseif ( ($page == "edit") && ($filename == trim(rawurldecode($ONESCRIPT), '/')) ) { 
 		if ( $message == "" ) { $BR = ""; } else { $BR = '<br>';}
 		$message .= '<style>#message p {background: red; color: white;}</style>';
-		$message .= $BR.$EX.' <b>CAUTION '.$EX.' You are editing the active copy of OneFileCMS - BACK IT UP &amp; BE CAREFUL !!</b>';
+		$message .= $EX.'<b>'.hsc($_['edit_caution_01']).' '.$EX.hsc($_['edit_caution_02']).'</b>';
 	}
 	//**************************************************************************
 }//end if $_SESSION[valid] *****************************************************
@@ -2088,13 +2338,13 @@ function style_sheet(){ //****************************************************?>
 
 <div class="header">
 	<a href="<?php echo $ONESCRIPT.'" id="logo">'.$config_title; ?></a>
-	<?php echo $version.' (on&nbsp;php&nbsp'.phpversion().')'; ?>
+	<?php echo $version.' ('.hsc($_['on_']).'&nbsp;php&nbsp'.phpversion().')'; ?>
 
 	<div class="nav">
 		<a href="/" target="_blank"><?php show_favicon() ?>&nbsp;
 		<b><?php echo htmlentities($WEBSITE) ?></b></a>
 		<?php if ($page != "login") { ?>
-		| <a href="<?php echo $ONESCRIPT ?>?p=logout">Log Out</a>
+		| <a href="<?php echo $ONESCRIPT ?>?p=logout"><?php echo hsc($_['Log_Out']) ?></a>
 		<?php } ?>
 	</div><div style="clear:both"></div>
 </div><!-- end header -->
@@ -2105,17 +2355,17 @@ function style_sheet(){ //****************************************************?>
 
 <?php Load_Selected_Page() ?>
 
-<?php if ($page != "login") { echo '<hr>'; } ?>
-
 <?php
-//Admin link
-if ( ($page != "login") && ($page != "hash") ){
-echo '<p><a id="admin" href="'.$ONESCRIPT.$param1.$param2.'&amp;p=hash">Admin</a>'; }
-
 //Countdown timer...
-if ( $page != "login" ) {
+if ( $page != "login" ) { 
+	echo '<hr>';
 	echo Timeout_Timer($MAX_IDLE_TIME, 'timer0', 'timer timeout', 'LOGOUT');
-	echo '<span class="timeout">Session time out in:&nbsp;</span>';
+	echo '<span class="timeout">'.hsc($_['time_out_txt']).' </span>';
+}
+
+//Admin link
+if ( ($page != "login") && ($page != "hash") ){
+	echo '<a id="admin" href="'.$ONESCRIPT.$param1.$param2.'&amp;p=hash">'.hsc($_['Admin']).'</a>';
 }
 ?>
 
diff --git a/onefilecms_3.2.04.BETA.php b/onefilecms_3.2.04.BETA.php
deleted file mode 100755
index 34280a3..0000000
--- a/onefilecms_3.2.04.BETA.php
+++ /dev/null
@@ -1,2348 +0,0 @@
-<?php 
-// OneFileCMS - github.com/Self-Evident/OneFileCMS
-
-$version = '<font color="red"><b>3.2.4 BETA</b></font>'; //#####
-
-/*******************************************************************************
-Copyright © 2009-2012 https://github.com/rocktronica
-Copyright © 2012-     https://github.com/Self-Evident  David W. Gay
-
-This software is copyright under terms of the "MIT" license:
-
-Permission is hereby granted, free of charge, to any person obtaining a copy of
-this software and associated documentation files (the "Software"), to deal in
-the Software without restriction, including without limitation the rights to
-use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies
-of the Software, and to permit persons to whom the Software is furnished to do
-so, subject to the following conditions:
-
-The above copyright notice and this permission notice shall be included in all
-copies or substantial portions of the Software.
-
-THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
-IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
-FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
-AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
-LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
-OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
-SOFTWARE.
-*******************************************************************************/
-
-
-
-
-//Some basic security & error log settings
-ini_set('session.use_trans_sid', 0);    //make sure URL supplied SESSID's are not used
-ini_set('session.use_only_cookies', 1); //make sure URL supplied SESSID's are not used
-error_reporting(E_ALL &~ E_STRICT); //0, or (E_ALL &~ E_STRICT) if display and/or log are on.
-ini_set('display_errors', 'off');
-ini_set('log_errors'    , 'off'); //Ok to turn on for trouble-shooting.
-ini_set('error_log'     , $_SERVER['SCRIPT_FILENAME'].'.log');
-//Determine good folder for session file? Default is tmp/, which is not secure.
-//session_save_path($safepath)  or  ini_set('session.save_path', $safepath)
-
-
-
-
-// CONFIGURABLE INFO ***********************************************************
-$config_title     = "OneFileCMS";
-
-$USERNAME = 'username';
-
-$PASSWORD = 'password'; //If using $HASHWORD, you may leave this value empty.
-$USE_HASH = 0 ; // If = 0, use $PASSWORD. If = 1, use $HASHWORD. 
-$HASHWORD = 'c3e70af96ab1bfc5669280e98b438e1a8c08ca5e0bb3354c05ceaa6f339fd3f6'; //hash for "password"
-$SALT     = 'somerandomsalt';
-
-$MAX_ATTEMPTS  = 3;   //Max failed login attempts before LOGIN_DELAY starts.
-$LOGIN_DELAY   = 10;  //In seconds.
-$MAX_IDLE_TIME = 600; //In seconds. 600 = 10 minutes.  Other PHP settings may limit its max effective value.
-					  //  For instance, 24 minutes is the PHP default for garbage collection.
-$MAX_IMG_W   = 810;  // Max width to display images. (page container = 810)
-$MAX_IMG_H   = 1000; // Max height.  I don't know, it just looks reasonable.
-
-$MAX_EDIT_SIZE = 150000;  // Edit gets flaky with large files in some browsers.  Trial and error your's.
-$MAX_VIEW_SIZE = 1000000; // If file > $MAX_EDIT_SIZE, don't even view in OneFileCMS.
-                          // The default max view size is completely arbitrary. It was 2am and seemed like a good idea at the time.
-$config_favicon   = "/favicon.ico";
-$config_excluded  = ""; //files to exclude from directory listings- CaSe sEnsaTive!
-
-$config_etypes = "html,htm,xhtml,php,css,js,txt,text,cfg,conf,ini,csv,svg,log"; //Editable file types.
-$config_stypes = "*"; // Shown types; only files of the given types should show up in the file-listing
-	// Use $config_stypes exactly like $config_etypes (list of extensions separated by semicolons).
-	// If $config_stypes is set to null - by intention or by error - OFCMS will only display folders.
-	// If $config_stypes is set to the *-wildcard (as per default), all files will show up.
-	// If $config_stypes is set to "html,htm" for example, only file with the extension "html" or "htm" will get listed.
-
-$config_itypes = "jpg,gif,png,bmp,ico"; //image types to display on edit page.
-$config_ftypes = "bin,jpg,gif,png,bmp,ico,svg,txt,cvs,css,php,ini,cfg,conf,asp,js ,htm,html"; // _ftype & _fclass must have same
-$config_fclass = "bin,img,img,img,img,img,svg,txt,txt,css,php,txt,cfg,cfg ,txt,txt,htm,htm";  // number of values. bin is default.
-
-$EX = '<b>( ! )</b> '; //EXclaimation point "icon" Used in $message's
-
-$SESSION_NAME = 'OFCMS'; //Also the cookie name. Change if using multiple copies of OneFileCMS.
-// End CONFIGURABLE INFO *******************************************************
-
-
-
-
-// PROCESS CONFIGURATION FILE **************************************************
-# Check if a configuration file does exist:
-$config_file = 'ofcms.ini';
-if (is_file($config_file)) {
-	# Parse file
-	$settings = parse_ini_file($config_file);
-
-	# Configure which variables can get overwritten by the config file:
-	$overwritable_variables = array(
-		'config_title',
-		'USERNAME',
-		'PASSWORD',
-		'USE_HASH',
-		'HASHWORD',
-		'SALT',
-		'config_stypes');
-
-	# Loop through options and overwrite default configuration
-	foreach($settings as $key => $value) {
-		# Check if variable can get overwritten:
-		if (in_array($key, $overwritable_variables)) {
-			$GLOBALS[$key] = $value;
-		}
-	}
-}
-// End PROCESS CONFIGURATION FILE **********************************************
-
-
-
-
-//******************************************************************************
-//Some global system values
-
-ini_set('session.gc_maxlifetime', $MAX_IDLE_TIME + 100); //in case the default is less.
-
-//PHP_VERSION_ID is better to use when checking current version as it's an actual number, not a string.
-if (!defined('PHP_VERSION_ID')) {            //PHP_VERSION_ID only available since 5.2.7
-    $phpversion = explode('.', PHP_VERSION); //PHP_VERSION, however, available even in older versions. (but it's a string)
-    define('PHP_VERSION_ID', ($phpversion[0] * 10000 + $phpversion[1] * 100 + $phpversion[2]));
-}
-
-$ONESCRIPT = URLencode_path($_SERVER["SCRIPT_NAME"]);
-$DOC_ROOT  = $_SERVER["DOCUMENT_ROOT"].'/';
-$WEB_ROOT  = URLencode_path(basename($DOC_ROOT)).'/';
-$WEBSITE   = $_SERVER["HTTP_HOST"].'/';
-$LOGIN_ATTEMPTS = $DOC_ROOT.trim($_SERVER["SCRIPT_NAME"],'/').'.invalid_login_attempts';
-
-$valid_pages = array("hash", "login","logout","index","edit","upload","uploaded","newfile","copy","rename","delete","newfolder","renamefolder","deletefolder" );
-
-$INVALID_CHARS = '< > ? * : " | / \\'; //Illegal characters for file/folder names.
-$INVALID_CHARS_array = explode(' ', $INVALID_CHARS); // (Space deliminated)
-
-//Make arrays out of a few $config_variables for actual use later.
-//Also, remove spaces and make lowercase.
-$SHOWALLFILES = $stypes = false;
-  if ($config_stypes == '*') { $SHOWALLFILES = true; }
-  else { $stypes   = explode(',', strtolower(str_replace(' ', '', $config_stypes))); }//shown file types
-$etypes   = explode(',', strtolower(str_replace(' ', '', $config_etypes))); //editable file types
-$itypes   = explode(',', strtolower(str_replace(' ', '', $config_itypes))); //images types to display
-$ftypes   = explode(',', strtolower(str_replace(' ', '', $config_ftypes))); //file types with icons
-$fclasses = explode(',', strtolower(str_replace(' ', '', $config_fclass))); //for file types with icons
-$excluded_list = (explode(",", $config_excluded));
-//******************************************************************************
-
-
-
-
-//******************************************************************************
-// Language: English
-//
-$_['Upload_File'] = 'Upload File';
-$_['New_File']    = 'New File';
-$_['Ren_Move']    = 'Rename/Move';
-$_['Ren_Moved']   = 'Renamed/Moved';
-$_['New_Folder']  = 'New Folder';
-$_['Ren_Folder']  = 'Rename/Move Folder';
-$_['Del_Folder']  = 'Delete Folder';
-
-$_['Admin']  = 'Admin';
-$_['Enter']  = 'Enter';
-$_['Edit']   = 'Edit';
-$_['Close']  = 'Close';
-$_['Cancel'] = 'Cancel';
-$_['Upload'] = 'Upload';
-$_['Create'] = 'Create';
-$_['Copy']   = 'Copy';
-$_['Copied'] = 'Copied';
-$_['Rename'] = 'Rename';
-$_['Delete'] = 'Delete';
-$_['DELETE'] = 'DELETE';
-$_['File']   = 'File';
-$_['Folder'] = 'Folder';
-
-$_['Log_In']  = 'Log In';
-$_['Log_Out'] = 'Log Out';
-$_['Hash']    = 'Hash';
-$_['Generate_Hash'] = 'Generate Hash';
-
-$_['save_1']     = 'Save';
-$_['save_2']     = 'SAVE CHANGES!';
-$_['reset']      = 'Reset - loose changes';
-$_['Wide_View']  = 'Wide View';
-$_['Normal_View'] = 'Normal View';
-
-$_['on']    = 'on';
-$_['bytes_01'] = ' bytes.';
-
-$_['verify_msg_01'] = 'Session expired.';
-$_['verify_msg_02'] = 'INVALID POST';
-
-$_['get_get_msg_01'] = 'File does not exist:';
-
-$_['check_path_msg_01'] = 'Directory does not exist: ';
-
-$_['ord_msg_01'] = 'A file with that name already exists in the target directory.';
-$_['ord_msg_02'] = 'Saving as';
-
-$_['show_img_msg_01'] = 'Image shown at ~';
-$_['show_img_msg_02'] = '% of full size (W x H = ';
-
-$_['hash_h2'] = 'Generate a Password Hash';
-$_['hash_txt_01'] = 'There are two ways to change your OneFileCMS password:';
-$_['hash_txt_02'] = '1) Use the $PASSWORD config variable to store your desired password, and set $USE_HASH = 0 (zero).';
-$_['hash_txt_03'] = '2) Or, use $HASHWORD to store the hash of your password, and set $USE_HASH = 1.';
-$_['hash_txt_04'] = 'Keep in mind that due to a number of widely varied considerations, this is largely an academic excersize. That is, take the idea that this adds much of an improvement to security with a grain of cryptographic salt.	However, it does eleminate the storage of your password in plain text, which is a good thing.';
-$_['hash_txt_05'] = 'Anyway, to use the $HASHWORD password option:';
-$_['hash_txt_06'] = 'Type your desired password in the input field above and hit Enter.';
-$_['hash_txt_07'] = 'The hash will be displayed in a yellow message box above that.';
-$_['hash_txt_08'] = 'Copy and paste the new hash to the $HASHWORD variable in the config section.';
-$_['hash_txt_09'] = 'Make sure to copy ALL of, and ONLY, the hash (no leading or trailing spaces etc).';
-$_['hash_txt_10'] = 'A double-click should select it...';
-$_['hash_txt_11'] = 'Make sure $USE_HASH is set to 1 (or true).';
-$_['hash_txt_12'] = 'When ready, logout and login.';
-$_['hash_txt_13'] = 'You can use OneFileCMS to edit itself.  However, be sure to have a backup ready for the inevitable ytpo...';
-$_['hash_txt_14'] = 'For another small improvement to security, change the default salt and/or method used by OneFileCMS to hash the password (and keep \'em secret, of course).  Remever, every little bit helps...';
-
-$_['hash_msg_01'] = 'Password: ';
-$_['hash_msg_02'] = 'Hash &nbsp; &nbsp;: ';
-
-$_['login_h2'] = 'Log In';
-$_['login_txt_01'] = 'Username:';
-$_['login_txt_02'] = 'Password:';
-
-$_['login_msg_01a'] = 'There have been';
-$_['login_msg_01b'] = 'invalid login attempts.';
-$_['login_msg_02a'] = 'Please wait';
-$_['login_msg_02b'] = 'seconds to try again.';
-$_['login_msg_03']  = 'INVALID LOGIN ATTEMPT #';
-
-$_['edit_notes_00']  = 'NOTES:';
-$_['edit_note_01a'] = 'Remember- your ';
-$_['edit_note_01b'] = ' is ';
-$_['edit_note_02'] = 'So save changes before the clock runs out, or the changes will be lost!';
-$_['edit_note_03'] = 'some browsers, such as Chrome, if you click the browser [Back] then browser [Forward] (or vice versa), the file state may not be accurate.  To correct, click the browser\'s [Reload].';
-$_['edit_note_04'] = 'Chrome\'s XSS filters may disable some javascript in a page if the page even <i>appears</i> to contain inline javascript in certain contexts.  This can affect some features of the OneFileCMS edit page when editing files that legitimately contain such code, such as OneFileCMS itself.  However, such files can still be edited and saved with OneFileCMS.  The primary function lost is the incidental change of background colors (red/green) indicating whether or not the file has unsaved changes.  The issue will be noticed after the first save of such a file.';
-
-$_['edit_h2_1'] = 'Viewing: ';
-$_['edit_h2_2'] = 'Editing: ';
-$_['edit_txt_01'] = 'Non-text or unkown file type. Edit disabled.';
-$_['edit_txt_02'] = 'File possibly contains an invalid character. Edit and view disabled.';
-$_['edit_txt_03'] = 'htmlspecialchars() returned and empty string from what <i>may be</i> an otherwise valid file.';
-$_['edit_txt_04'] = 'This behavior can be inconsistant from version to version of php.';
-
-$_['too_large_to_edit_01a'] = 'Edit disabled. Filesize &gt; ';
-$_['too_large_to_edit_01b'] = $_['bytes_01'];
-$_['too_large_to_edit_02'] = 'Some browsers (ie: IE) bog down or become unstable while editing a large file in an HTML &lt;textarea&gt;.';
-$_['too_large_to_edit_03'] = 'Adjust $MAX_EDIT_SIZE in the configuration section of OneFileCMS as needed.';
-$_['too_large_to_edit_04'] = 'A simple trial and error test can determine a practical limit for a given browser/computer.';
-
-$_['too_large_to_view_01a'] = 'View disabled. Filesize &gt; ';
-$_['too_large_to_view_01b'] = $_['bytes_01'];
-$_['too_large_to_view_02'] = 'Click the the file name above to view as normally rendered in a browser window.';
-$_['too_large_to_view_03'] = 'Adjust $MAX_VIEW_SIZE in the configuration section of OneFileCMS as needed.';
-$_['too_large_to_view_04'] = '(The default value for $MAX_VIEW_SIZE is completely arbitrary, and may be adjusted as desired.)';
-
-$_['meta_txt_01'] = 'Filesize: ';
-$_['meta_txt_02'] = $_['bytes_01'];
-$_['meta_txt_03'] = 'Updated: ';
-
-$_['edit_msg_01'] = 'File saved: ';
-$_['edit_msg_02'] = 'bytes written.';
-$_['edit_msg_03'] = 'There was an error saving file.';
-
-$_['upload_h2'] = 'Upload File';
-$_['upload_txt_01'] = '&nbsp; per upload_max_filesize in php.ini.';
-$_['upload_txt_02'] = 'per post_max_size in php.ini';
-$_['upload_txt_03'] = 'Note: Maximum upload file size is: ';
-
-$_['upload_err_01a'] = 'Error 1: File too large.  ';
-$_['upload_err_01b'] = ' (From php.ini)';
-$_['upload_err_02a'] = 'Error 2: File too large.  ';
-$_['upload_err_02b'] = ' (From OneFileCMS)';
-$_['upload_err_03']  = 'Error 3: The uploaded file was only partially uploaded.';
-$_['upload_err_04']  = 'Error 4: No file was uploaded.';
-$_['upload_err_05']  = 'Error 5:';
-$_['upload_err_06']  = 'Error 6: Missing a temporary folder.';
-$_['upload_err_07']  = 'Error 7: Failed to write file to disk.';
-$_['upload_err_08']  = 'Error 8: A PHP extension stopped the file upload.';
-
-$_['upload_msg_01'] = 'No file selected for upload.';
-$_['upload_msg_02'] = 'Destination folder does not exist: ';
-$_['upload_msg_03'] = 'Upload cancelled.';
-$_['upload_msg_04'] = 'Uploading: ';
-$_['upload_msg_05'] = 'Upload successful! ';
-$_['upload_msg_06'] = 'Upload failed: ';
-
-$_['new_file_h2'] = 'New File';
-$_['new_file_txt_01'] = 'File will be created in the current folder. &nbsp;';
-$_['new_file_txt_02'] = 'Some invalid characters are: ';
-
-$_['new_file_msg_01'] = 'New file not created:';
-$_['new_file_msg_02'] = 'Name contains invalid character(s): ';
-$_['new_file_msg_03'] = 'New file not created - no name given';
-$_['new_file_msg_04'] = 'File already exists: ';
-$_['new_file_msg_05'] = 'Created file:';
-$_['new_file_msg_06'] = 'Error - new file not created:';
-
-$_['CRM_txt_01']  = 'To move a file or folder, change the path/to/folder/or_file. The new location must already exist.';
-$_['CRM_txt_02']  = 'Old name:';
-$_['CRM_txt_03']  = 'New name:';
-
-$_['CRM_msg_01'] = ' Error - new parent location does not exist:';
-$_['CRM_msg_02'] = ' Error - source file does not exist:';
-$_['CRM_msg_03'] = ' Error - target filename already exists:';
-$_['CRM_msg_04'] = ' to ';
-$_['CRM_msg_05a'] = 'Error during ';
-$_['CRM_msg_05b'] = ' from the above to the following:';
-
-$_['delete_h2'] = 'Delete File';
-$_['delete_txt_01'] = 'Are you sure?';
-
-$_['delete_msg_01'] = 'Deleted file:';
-$_['delete_msg_02'] = 'Error deleting ';
-
-$_['new_folder_h2'] = 'New Folder';
-$_['new_folder_txt_1'] = 'Folder will be created in the current folder. &nbsp;';
-$_['new_folder_txt_2'] = 'Some invalid characters are: ';
-
-$_['new_folder_msg_01'] = 'New folder not created:';
-$_['new_folder_msg_02'] = 'Name contains invalid character(s): ';
-$_['new_folder_msg_03'] = 'New folder not created - no name given.';
-$_['new_folder_msg_04'] = 'Folder already exists: ';
-$_['new_folder_msg_05'] = 'Created folder:';
-$_['new_folder_msg_06'] = 'Error - new folder not created: ';
-
-$_['delete_folder_h2'] = 'Delete Folder';
-$_['delete_folder_txt_01'] = 'Are you sure?';
-
-$_['delete_folder_msg_01'] = 'Folder not empty. &nbsp; Folders must be empty before they can be deleted.';
-$_['delete_folder_msg_02'] = 'Deleted folder:';
-$_['delete_folder_msg_03'] = 'an error occurred during delete.';
-
-$_['page_title_login']      = 'Log In';
-$_['page_title_hash']       = 'Hash Page';
-$_['page_title_edit']       = 'Edit/View File';
-$_['page_title_upload']     = 'Upload File';
-$_['page_title_new_file']   = 'New File';
-$_['page_title_copy']       = 'Copy File';
-$_['page_title_ren']        = 'Rename File';
-$_['page_title_del']        = 'Delete File';
-$_['page_title_folder_new'] = 'New Folder';
-$_['page_title_folder_ren'] = 'Rename/Move Folder';
-$_['page_title_folder_del'] = 'Delete Folder';
-
-$_['session_expired'] = 'SESSION EXPIRED';
-$_['unload_unsaved']  = '               Unsaved changes will be lost!';
-$_['confirm_reset']   = 'Reset file and loose unsaved changes?';
-
-$_['OFCMS_requires']  = 'OneFileCMS requires PHP5 to operate. Tested on versions 5.2.17, 5.3.3 & 5.4';
-
-$_['logout_msg']       = 'You have successfully logged out.';
-$_['folder_del_msg']   = 'Folder not empty. &nbsp; Folders must be empty before they can be deleted.';
-$_['upload_error_01a'] = ' Upload Error.  Total POST data (mostly filesize) exceeded post_max_size = ';
-$_['upload_error_01b'] = ' (from php.ini)';
-$_['edit_caution_01']  = 'CAUTION ';
-$_['edit_caution_02']  = ' You are editing the active copy of OneFileCMS - BACK IT UP &amp; BE CAREFUL !!';
-
-$_['time_out_txt'] = 'Session time out in:';
-//******************************************************************************
-
-
-
-
-function Session_Startup() {//**************************************************
-	global $USERNAME, $PASSWORD, $USE_HASH, $HASHWORD, $page, $VALID_POST, $MAX_IDLE_TIME, $SESSION_NAME;
- 
-	$limit    = 0; //0 = session.  
-	$path     = dirname($_SERVER['SCRIPT_NAME']);
-	$domain   = ''; // '' = hostname
-	$https    = false; 
-	$httponly = true;//true = unaccessable via javascript. Some XSS protection.
-	session_set_cookie_params($limit, $path, $domain, $https, $httponly);
-
-	session_name($SESSION_NAME);
-	session_start();
-
-	//Set initial defaults...
-	$page = 'login'; 
-	$VALID_POST = 0;
-	if ( !isset($_SESSION['valid']) ) { $_SESSION['valid'] = 0; }
-
-	//Logging in?
-	if ( isset($_POST["username"]) || isset($_POST["password"]) ) { Login_response(); }
-
-	session_regenerate_id(true); //Helps prevent session fixation & hijacking.
-
-	if ( $_SESSION['valid'] ) { Verify_IDLE_POST_etc(); }
-	
-	$_SESSION['nuonce'] = sha1(mt_rand().microtime()); //provided in <forms> to verify POST
-
-	chdir($_SERVER["DOCUMENT_ROOT"]); //Allow OneFileCMS.php to be started from any dir on the site.
-}//End Session_Startup() *******************************************************
-
-
-
-
-function Verify_IDLE_POST_etc() { //********************************************
-	global $_, $EX, $message, $VALID_POST, $MAX_IDLE_TIME;
-
-	//Verify consistant user agent... (every little bit helps a little bit) 
-	if ( ($_SESSION['USER_AGENT'] != $_SERVER['HTTP_USER_AGENT']) ) { Logout(); }
-
-	//Check idle time
- 	if ( isset($_SESSION['last_active_time']) ) {
-		$idle_time = ( time() - $_SESSION['last_active_time'] );
-		if ( $idle_time > $MAX_IDLE_TIME ) {
-			Logout();
-			$message .= $_['verify_msg_01'].'<br>';
-		}
-	}
-
-	$_SESSION['last_active_time'] = time();
-
-	//If POSTing, verify...
-	if ( isset($_POST['nuonce']) ) { 
-		if ( $_POST['nuonce'] == $_SESSION['nuonce'] ) {
-			$VALID_POST = 1;
-		}else{
-			Logout();
-			$message .= $EX.'<b>'.$_['verify_msg_02'].'</b><br>';
-		}
-	}
-}//end Verify_IDLE_POST_etc() //************************************************
-
-
-
-
-function hashit($key){ //*******************************************************
-	//This is the super-secret stuff - Keep it secret, keep it safe!
-	//If you change anything here, or the $SALT, redo the hash for your password.
-	global $SALT;
-	$hash = hash('sha256', trim($key).$SALT); // trim off leading & trailing spaces.
-	for ( $x=0; $x < 1000; $x++ ) { $hash = hash('sha256', $hash.$SALT); }
-	return $hash;
-}//end hashit() ****************************************************************
-
-
-
-
-function undo_magic_quotes(){ //************************************************
-
-	function strip_array($var) {
-		if (is_array($var)) {return array_map("strip_array", $var); }
-		else                {return stripslashes($var); }
-	} //Note: stripslashes also handles cases when magic_quotes_sybase is on.
-
-	if (get_magic_quotes_gpc()) {
-		if (isset($_GET))    { $_GET     = strip_array($_GET);    }
-		if (isset($_POST))   { $_POST    = strip_array($_POST);   }
-		if (isset($_COOKIE)) { $_COOKIE  = strip_array($_COOKIE); }
-	}
-}//end undo_magic_quotes() *****************************************************
-
-
-
-
-function Get_GET() { //*** Get main parameters *********************************
-	// i=some/path/,  f=somefile.xyz,  p=somepage
-	global $_, $ipath, $filename, $page, $valid_pages, $param1, $param2, $param3, $message, $EX;
-
-	undo_magic_quotes();
-
-	if (isset($_GET["i"])) { $ipath = Check_path($_GET["i"]); }else{ $ipath = ""; }
-
-	if (isset($_GET["f"])) {
-		$filename = $ipath.$_GET["f"];
-		if ( !is_file($filename) && $_SESSION['valid'] )//Set $message except for login page.
-			{ $message .= $EX.'<b>'.$_['get_get_msg_01'].'</b> '.htmlentities($filename).'<br>'; }
-		if ( !is_file($filename) ) { $filename = ""; $page = "index"; }
-	}else{ $filename = ""; }
-
-	if (isset($_GET["p"])) { $page = $_GET["p"]; } 
-	if (!in_array(strtolower($page), $valid_pages)) { $page = "index"; }
-
-	$param1 = '?i='.URLencode_path($ipath);
-	if ($filename == "") { $param2 = ""; }else{ $param2 = '&amp;f='.rawurlencode(basename($filename)); }
-	if ($page == ""    ) { $param3 = ""; }else{ $param3 = '&amp;p='.$page; }
-}//end Get_GET()****************************************************************
-
-
-
-
-function URLencode_path($path){ // don't encode the forward slashes ************
-	$TS = '';  // Trailing Slash/
-	if (substr($path, -1) == '/' ) { $TS = '/'; } //start with a $TS?
-	$path_array = explode('/',$path);
-	$path = "";
-	foreach ($path_array as $level) { $path .= rawurlencode($level).'/'; }
-	$path = rtrim($path,'/').$TS;  //end with $TS only if started with one
-	return $path;
-}//end URLencode_path($path) ***************************************************
-
-
-
-
-function Check_path($path) { // returns first valid path in some/supplied/path/
-	global  $_, $message, $EX;
-	$invalidpath = $path; //used for message if supplied $path doesn't exist.
-	$path = str_replace('\\','/',$path);   //Make sure all forward slashes.
-	$path = trim($path,"/ ."); // trim slashes, dots, and spaces
-
-	//Remove any '.' and '..' parts of the path.  Causes issues in <h2>www / current / path /</h2>
-	$pathparts = explode( '/', $path);
-	$len       = count($pathparts);
-	$path      = "";  //Cleaned path.
-	foreach ($pathparts as $value) { //(More reliable than str_replace(entire_string).)
-		if ( !(($value == '.') && (!value == '..')) ) { $path .= $value.'/'; }
-	}
-
-	$path = trim($path,"/"); // Remove -for now- final trailing slash.
-
-	if (strlen($path) < 1) { return ""; } //If at site root
-	else {
-		if (!is_dir($path) && (strlen($message) < 1))
-			{ $message .= $EX.'<b>'.$_['check_path_msg_01'].'</b>'.htmlentities($invalidpath).'<br>'; }
-
-		while ( (strlen($path) > 0) && (!is_dir($path)) ) {
-			$path = dirname($path);
-		}
-
-		$path = $path.'/';
-		if ($path == './') { $path = ""; } // ./ means path not found, so clear for root.
-	}
-
-	return $path; 
-}//end Check_path() ************************************************************
-
-
-
-
-function is_empty($path){ //****************************************************
-	$empty = false;
-	$dh = opendir($path);
-	for($i = 3; $i; $i--) { $empty = (readdir($dh) === FALSE); }
-	closedir($dh);
-	return $empty;
-}//end is_empty() //************************************************************
-
-
-
-
-function ordinalize($destination,$filename, &$msg) { //*************************
-//if file_exists(file.txt), ordinalize filename until it doesn't
-//ie: file.txt.001,  file.txt.002, file.txt.003  etc...
-	global $_, $EX;
-
-	$ordinal   = 0;
-	$savefile = $destination.$filename;
-
-	if (file_exists($savefile)) {
-
-		$msg .= $EX.$_['ord_msg_01'].'<br>';
-
-		while (file_exists($savefile)) {
-			$ordinal = sprintf("%03d", ++$ordinal); //  001, 002, 003, etc...
-			$savefile = $destination.$filename.'.'.$ordinal;
-		}
-		$msg .= $_['ord_msg_02'].'"<b>'.htmlentities(basename($savefile)).'</b>"';
-	}
-	return $savefile;
-}//end ordinalize() filename ***************************************************
-
-
-
-
-function Current_Path_Header(){ //**********************************************
- 	// Current path. ie: webroot/current/path/ 
-	// Each level is a link to that level.
-
-	global $ONESCRIPT, $ipath, $WEB_ROOT;
-
-	echo '<h2>';
-		//Root folder of web site.
-		echo '<a id="path_0" href="'.$ONESCRIPT.'" class="path"> '.htmlentities(trim($WEB_ROOT, '/')).'</a>/';
-		$x=0; //need here for focus() in case at webroot.
-
-		if ($ipath != "" ) { //if not at root, show the rest
-			$path_levels  = explode("/",trim($ipath,'/') );
-			$levels = count($path_levels); //If levels=3, indexes = 0, 1, 2  etc... 
-			$current_path = "";
-
-			for ($x=0; $x < $levels; $x++) {
-				$current_path .= $path_levels[$x].'/';
-				echo '<a id="path_'.($x+1).'" href="'.$ONESCRIPT.'?i='.URLencode_path($current_path).'" class="path">';
-				echo htmlentities($path_levels[$x]).'</a>/';
-			}
-		}//end if (not at root)
-	echo '</h2>';
-	echo '<script>document.getElementById("path_'.$x.'").focus();</script>';
-}//end Current_Path_Header() //*************************************************
-
-
-
-
-function message_box() { //*****************************************************
-	global $ONESCRIPT, $param1, $param2, $param3, $message, $page;
-
-	if (isset($message)) {
-?>
-		<div id="message"><p>
-		<span id="Xbox"><!-- [X] to dismiss message box -->
-			<a id="dismiss" href='<?php echo $ONESCRIPT.$param1.$param2.$param3; ?>'
- 			onclick='document.getElementById("message").innerHTML = " ";return false;'>
-			[X]</a>
-		</span>
-		<?php echo $message.PHP_EOL ;?>
-		</p></div>
-		<script>document.getElementById("dismiss").focus();</script>
-<?php
-	}else {
-		echo '<div id="message"></div>'; // Needed on Edit page to keep js feedback from failing
-	} //end isset($message)
-	
-	// Used on Edit Page to preserve vertical spacing, so edit area doesn't jump as much.
-	if ($page == "edit") {echo '<style>#message { min-height: 1.86em; }</style>';}
-}//end message_box()  **********************************************************
-
-
-
-
-function Upload_New_Rename_Delete_Links() { //**********************************
-	global $_, $ONESCRIPT, $ipath, $param1;
-	echo '<p class="front_links">';
-	echo '<a href="'.$ONESCRIPT.$param1.'&amp;p=upload">'   ; svg_icon_upload()    ; echo $_['Upload_File'].'</a>';
-	echo '<a href="'.$ONESCRIPT.$param1.'&amp;p=newfile">'  ; svg_icon_file_new()  ; echo $_['New_File']   .'</a>';
-	echo '<a href="'.$ONESCRIPT.$param1.'&amp;p=newfolder">'; svg_icon_folder_new(); echo $_['New_Folder'] .'</a>';
-	if ($ipath !== "") { //if at root, don't show Rename & Delete links
-		echo '<a href="'.$ONESCRIPT.$param1.'&amp;p=renamefolder">'; svg_icon_folder_ren(); echo $_['Ren_Folder'].'</a>';
-		echo '<a href="'.$ONESCRIPT.$param1.'&amp;p=deletefolder">'; svg_icon_folder_del(); echo $_['Del_Folder'].'</a>';
-	}
-	echo '</p>';
-}//end Upload_New_Rename_Delete_Links()  ***************************************
-
-
-
-
-function Cancel_Submit_Buttons($submit_label, $focus) { //**********************
-	//$submit_label = Rename, Copy, Delete, etc...
-	//$focus is ID of element to receive focus(). (element may be outside this function)
-	global $_, $ONESCRIPT, $ipath, $param1, $param2, $filename, $page;
-
-	// [Cancel] returns to either the index, or edit page.
-	if ($filename == "") {$params = "";}else{ $params = $param2.'&amp;p=edit'; }
-?>
-	<p> 
-	<input type="button" class="button" id="cancel" name="cancel" value="<?php echo $_['Cancel'] ?>"
-		onclick="parent.location = '<?php echo $ONESCRIPT.$param1.$params ?>'">
-	<input type="submit" class="button" value="<?php echo $submit_label;?>" style="margin-left: 1.3em;">
-<?php 
-	if ($focus != ""){ echo '<script>document.getElementById("'.$focus.'").focus();</script>'; }
-	//Do not close the <p> tag yet/here. Need to leave it open for edit btn on hash page.
-}// End Cancel_Submit_Buttons() //**********************************************
-
-
-
-
-function show_image(){ //*******************************************************
-	global $_, $filename, $MAX_IMG_W, $MAX_IMG_H;
-	
-	$IMG = $filename;
-	$img_info = getimagesize($IMG);
-
-	$W=0; $H=1; //indexes for $img_info[]
-	$SCALE = 1; $TOOWIDE = 0; $TOOHIGH = 0;
-	if ($img_info[$W] > $MAX_IMG_W) { $TOOWIDE = ( $MAX_IMG_W/$img_info[$W] );}
-	if ($img_info[$H] > $MAX_IMG_H) { $TOOHIGH = ( $MAX_IMG_H/$img_info[$H] );}
-	
-	if ($TOOHIGH || $TOOWIDE) {
-		if     (!$TOOWIDE)           {$SCALE = $TOOHIGH;}
-		elseif (!$TOOHIGH)           {$SCALE = $TOOWIDE;}
-		elseif ($TOOHIGH > $TOOWIDE) {$SCALE = $TOOWIDE;} //ex: if (.90 > .50)
-		else                         {$SCALE = $TOOHIGH;}
-	}
-
-	echo '<p>';
-	echo $_['show_img_msg_01']. round($SCALE*100) .$_['show_img_msg_02'].$img_info[0].' x '.$img_info[1].').</p>';
-	echo '<div style="clear:both"></div>'.PHP_EOL;
-	echo '<a href="/' .URLencode_path($IMG). '" target="_blank">'.PHP_EOL;
-	echo '<img src="/'.URLencode_path($IMG).'"  height="'.$img_info[$H]*$SCALE.'"></a>'.PHP_EOL;
-}// end show_image() ***********************************************************
-
-
-
-
-function show_favicon(){ //*****************************************************
-	global $config_favicon, $DOC_ROOT;
-	if (file_exists($DOC_ROOT.$config_favicon)) { 
-		echo '<img src="'.URLencode_path($config_favicon).'" alt="">'; 
-	}
-}// end show_favicon() *********************************************************
-
-
-
-
-function Timeout_Timer($COUNT, $ID, $CLASS, $ACTION) { //************************
-
-	return 	'<script>'.
-			'Start_Countdown('.$COUNT.', "'.$ID.'", "'.$CLASS.'", "'.$ACTION.'");'.
-			'</script>';
-
-} //end Timeout_Timer() **************************************************
-
-
-
-
-function Init_Macros(){ //*** ($varibale="some reusable chunk of code")*********
-
-global 	$ONESCRIPT, $param1, $param2, $INPUT_NUONCE, $FORM_COMMON, 
-		$SVG_icon_circle_plus, $SVG_icon_circle_x, $SVG_icon_pencil, $SVG_icon_img_0;
-
-$INPUT_NUONCE = '<input type="hidden" name="nuonce" value="'.$_SESSION['nuonce'].'">'.PHP_EOL;
-$FORM_COMMON = '<form method="post" action="'.$ONESCRIPT.$param1.$param2.'">'.$INPUT_NUONCE;
-
-$SVG_icon_circle_plus = '<circle cx="5" cy="5" r="5" stroke="black" stroke-width="0" fill="#080"/>
-	  <line x1="2" y1="5" x2="8" y2="5" stroke="white" stroke-width="1.5" />
-	  <line x1="5" y1="2" x2="5" y2="8" stroke="white" stroke-width="1.5" />';
-
-$SVG_icon_circle_x = '<circle cx="5" cy="5" r="5" stroke="black" stroke-width="0" fill="#D00"/>
-	<line x1="2.5" y1="2.5" x2="7.5" y2="7.5" stroke="white" stroke-width="1.5"/>
-	<line x1="7.5" y1="2.5" x2="2.5" y2="7.5" stroke="white" stroke-width="1.5"/>';
-
-$SVG_icon_pencil = '<polygon points="2,0 9,7 7,9 0,2" stroke-width="1" stroke="darkgoldenrod" fill="rgb(246,222,100)"/>
-	  <path  d="M0,2   L0,0  L2,0"      stroke="tan" fill="tan" stroke-width="1" />
-	  <path  d="M0,1.5   L0,0  L1.5,0"      stroke="black" fill="transparent" stroke-width="1" />
-	  <line x1="7.3" y1="10"  x2="10" y2="7.3"  stroke="silver" stroke-width="1"/>
-	  <line x1="8.1" y1="10.8"  x2="10.8" y2="8.1"  stroke="red" stroke-width="1"/>';
-
-$SVG_icon_img_0 = '<rect x="0"    y="0"   width="14" height="16" fill="#FF8" stroke="#44F" stroke-width="2" />
-	<rect x="2"    y="2"   width="5"  height="5"  fill="#F66" stroke-width="0" />
-	<rect x="7.5"  y="6"   width="5"  height="5"  fill="#6F6" stroke-width="0" />
-	<rect x="2"    y="10"  width="5"  height="5"  fill="#66F" stroke-width="0" />';
-}//end Init_Macros() ***********************************************************
-
-
-
-
-function svg_icon_bin(){ //*****************************************************
-$zero = '<rect x="0"  y="0"  width="3" height="6" fill="transparent" stroke="#555" stroke-width="1" />';
-$one  = '<line x1="0" y1="-.5"   x2="0" y2="6.5"  stroke="#555" stroke-width="1"/>';
-?><svg class="icon" xmlns="http://www.w3.org/2000/svg" version="1.1" width="14" height="16">
-	<g transform="translate( 0.5,0.5)"><?php echo $one  ?></g>
-	<g transform="translate( 3.5,0.5)"><?php echo $zero ?></g>
-	<g transform="translate( 9.5,0.5)"><?php echo $one  ?></g>
-	<g transform="translate(12.5,0.5)"><?php echo $one  ?></g>
-	<g transform="translate( 0.5,9.5)"><?php echo $zero ?></g>
-	<g transform="translate( 6.5,9.5)"><?php echo $one  ?></g>
-	<g transform="translate( 9.5,9.5)"><?php echo $zero ?></g>
-</svg><?php 
-} //end svg_icon_bin() *********************************************************
-
-
-
-function svg_icon_img(){ //*****************************************************
-global $SVG_icon_img_0;
-?><svg class="icon icon_file" xmlns="http://www.w3.org/2000/svg" version="1.1" width="14" height="16">
-	<?php echo $SVG_icon_img_0 ?>
-</svg><?php 
-} //end svg_icon_img() *********************************************************
-
-
-
-function svg_icon_svg(){ //*****************************************************
-global $SVG_icon_img_0;
-?><svg class="icon icon_file" xmlns="http://www.w3.org/2000/svg" version="1.1" width="14" height="16">
-	<?php echo $SVG_icon_img_0 ?>
-	<line x1="3" y1="3.5"  x2="11" y2="3.5"  stroke="#444" stroke-width=".6"/>
-	<line x1="3" y1="6.5"  x2="11" y2="6.5"  stroke="#444" stroke-width=".6"/>
-	<line x1="3" y1="9.5"  x2="11" y2="9.5"  stroke="#444" stroke-width=".6"/>
-	<line x1="3" y1="12.5" x2="11" y2="12.5" stroke="#444" stroke-width=".6"/>
-</svg><?php 
-} //end svg_icon_img() *********************************************************
-
-
-
-function svg_icon_txt_0($border, $lines, $fill, $extra){ //*********************
-?><svg class="icon icon_file" xmlns="http://www.w3.org/2000/svg" version="1.1" width="14" height="16">
-	<rect x = "0" y = "0" width = "14" height = "16" 
-		fill="<?php echo $fill ?>" stroke="<?php echo $border ?>" stroke-width="2" />
-	<line x1="3" y1="3.5"  x2="11" y2="3.5"  stroke="<?php echo $lines ?>" stroke-width=".6"/>
-	<line x1="3" y1="6.5"  x2="11" y2="6.5"  stroke="<?php echo $lines ?>" stroke-width=".6"/>
-	<line x1="3" y1="9.5"  x2="11" y2="9.5"  stroke="<?php echo $lines ?>" stroke-width=".6"/>
-	<line x1="3" y1="12.5" x2="11" y2="12.5" stroke="<?php echo $lines ?>" stroke-width=".6"/>
-	<?php echo $extra ?>
-</svg><?php 
-} //end svg_icon_txt() *********************************************************
-
-
-
-function svg_icon_txt(){ svg_icon_txt_0('#333', '#000', '#FFF', ''); } //*******
-
-function svg_icon_htm(){ svg_icon_txt_0('#444', '#222', '#FABEAA', ''); } //**** rgb(250,190,170)
-
-function svg_icon_php(){ svg_icon_txt_0('#333', '#111', '#C3C3FF', ''); } //**** rgb(195,195,225)
-
-function svg_icon_css(){ svg_icon_txt_0('#333', '#111', '#FFE1A5', ''); } //**** rgb(255,225,165)
-
-function svg_icon_cfg(){ svg_icon_txt_0('#444', '#111', '#DDD', ''); } //*******
-
-
-
-function svg_icon_upload(){ //**************************************************
-	$extra = '<g transform="scale(1.1) translate(1.75,4)">
-		<polygon points="6,0  12,6  8,6  8,11  4,11  4,6  0,6" 
-		stroke-width="1" stroke="white" fill="green" /></g>';
-	svg_icon_txt_0('#333', 'black', 'white', $extra);
-} //end svg_icon_upload() ******************************************************
-
-
-
-function svg_icon_file_new(){ //************************************************
-	global $SVG_icon_circle_plus;
-	$extra = '<g transform="translate(4,6)">'.$SVG_icon_circle_plus.'</g>';
-	svg_icon_txt_0('#444', 'black', 'white', $extra);
-} //end svg_icon_file_new() ****************************************************
-
-
-
-function svg_icon_file_del(){ //************************************************
-global $SVG_icon_circle_x;
-	$extra = '<g transform="translate(4,6)">'.$SVG_icon_circle_x.'</g>';
-	svg_icon_txt_0('#444', 'black', 'white', $extra);
-} //end svg_icon_file_del() ****************************************************
-
-
-
-function svg_icon_folder_0($extra){ //******************************************
-?><svg class="icon icon_fldr" xmlns="http://www.w3.org/2000/svg" version="1.1" width="18" height="14">
-	<path  d="M0.5, 1  L8,1  L9,2  L9,3  L16.5,3  L17,3.5  L17,13.5  L.5,13.5  L.5,.5" 
-			fill="#FBE47b" stroke="#F0CD28" stroke-width="1" />
-	<path  d="M1.5, 8  L7, 8  L8.5,6.3  L16,6.3  L7.5, 6.3   L6.5,7.5  L1.5,7.5" 
-			fill="transparent" stroke="white" stroke-width="1" />
-	<path  d="M1.5,13  L1.5,2  L7.5,2  L8.5,3  L8.5,4  L15.5,4 L16,4.5  L16,13"  
-			fill="transparent" stroke="white" stroke-width="1" />
-	<?php echo $extra ?>
-</svg><?php 
-} //end svg_icon_folder_0() ****************************************************
-
-
-
-function svg_icon_folder(){ svg_icon_folder_0(''); } //*************************
-
-
-
-function svg_icon_folder_new(){ //**********************************************
-	global $SVG_icon_circle_plus;
-	$extra = '<g transform="translate(7.5,4)">'.$SVG_icon_circle_plus.'</g>';
-	svg_icon_folder_0($extra);
-} //end svg_icon_folder_new() **************************************************
-
-
-
-function svg_icon_folder_ren(){ //**********************************************
-	global $SVG_icon_pencil;
-	$extra = '<g transform="translate(6,3)">'.$SVG_icon_pencil.'</g>';
-	svg_icon_folder_0($extra);
-} //end svg_icon_folder_ren() **************************************************
-
-
-
-function svg_icon_folder_del(){ //**********************************************
-	global $SVG_icon_circle_x; 
-	$extra = '<g transform="translate(7.5,4)">'.$SVG_icon_circle_x.'</g>';
-	svg_icon_folder_0($extra);
-} //end svg_icon_folder_del() **************************************************
-
-
-
-
-function show_icon($type){ //***************************************************
-	if     ($type == 'bin') { svg_icon_bin(); }
-	elseif ($type == 'img') { svg_icon_img(); }
-	elseif ($type == 'svg') { svg_icon_svg(); }
-	elseif ($type == 'txt') { svg_icon_txt(); }
-	elseif ($type == 'htm') { svg_icon_htm(); }
-	elseif ($type == 'php') { svg_icon_php(); }
-	elseif ($type == 'css') { svg_icon_css(); }
-	elseif ($type == 'cfg') { svg_icon_cfg(); }
-	else                    { svg_icon_bin(); } //default
-}//end show_icon() *************************************************************
-
-
-
-
-function Hash_Page() { //******************************************************
-	global $_, $DOC_ROOT, $ONESCRIPT, $param1, $param2, $message, $INPUT_NUONCE, $config_title;
-	$params = '?i='.dirname($ONESCRIPT).'&amp;f='.basename($ONESCRIPT).'&amp;p=edit';
-	if (!isset($_POST['whattohash'])) { $_POST['whattohash'] = ''; }
-?>
-	<style>#message {font-family: courier; min-height: 3.1em;}
-	li {margin-left: 2em}</style>
-
-	<h2><?php echo $_['hash_h2'] ?></h2>
-	
-	<form id="hash" name="hash" method="post" action="<?php echo $ONESCRIPT.$param1.'&amp;p=hash'; ?>">
-		<?php echo $INPUT_NUONCE; ?>
-		Password to hash:
-		<input type="text" name="whattohash" id="whattohash" value="<?php echo htmlspecialchars($_POST["whattohash"]) ?>">
-		<?php Cancel_Submit_Buttons($_['Generate_Hash'], 'whattohash') ?>
- 		<a class="button edit_onefile" href="<?php echo $ONESCRIPT.$params; ?>" ><?php echo $_['Edit'].' '.$config_title ?></a>
-	</form>
-
-	<div class="info">
- 	<p><?php echo $_['hash_txt_01'] ?><br>
-	<p>
-	<?php echo $_['hash_txt_02'] ?><br>
-	<?php echo $_['hash_txt_03'] ?><br>
-
-	<p><?php echo $_['hash_txt_04'] ?>
-
-	<p><?php echo $_['hash_txt_05'] ?>
-	<ol><li><?php echo $_['hash_txt_06'] ?><br>
-			<?php echo $_['hash_txt_07'] ?>
-		<li><?php echo $_['hash_txt_08'] ?><br>
-			<?php echo $_['hash_txt_09'] ?><br>
-			<?php echo $_['hash_txt_10'] ?><br>
-		<li><?php echo $_['hash_txt_11'] ?>
-		<li><?php echo $_['hash_txt_12'] ?>
-	</ol>
-	<p><?php echo $_['hash_txt_13'] ?>
-	<p>
-	<?php echo $_['hash_txt_14'] ?>
-
-	</div>
-<?php 
-} //end Hash_Page() ************************************************************
-
-
-
-
-function Hash_response() { //***************************************************
-	global $_, $message;
-	$_POST['whattohash'] = trim($_POST['whattohash']); // trim leading & trailing spaces.
-	$message .= $_['hash_msg_01'].htmlspecialchars($_POST['whattohash']).'<br>';
-	$message .= $_['hash_msg_02'].htmlspecialchars(hashit($_POST["whattohash"]));
-} //end Hash_response() ********************************************************
-
-
-
-
-function Logout() { //**********************************************************
-	global $page;
-	session_regenerate_id(true);
-	session_unset();
-	session_destroy();
-	session_write_close();
-	unset($_GET);
-	unset($_POST);
-	$_SESSION['valid'] = 0;
-	$page = 'login';
-}//end Logout() ****************************************************************
-
-
-
-
-function Login_Page() { //******************************************************
-	global $_, $ONESCRIPT, $message;
-?>
-	<h2><?php echo $_['login_h2'] ?></h2>
-	<form method="post" action="<?php echo $ONESCRIPT; ?>">
-		<p>
-			<label for="username"><?php echo $_['login_txt_01'] ?></label>
-			<input type="text" name="username" id="username" class="login_input" >
-		</p>
-		<p>
-			<label for="password"><?php echo $_['login_txt_02'] ?></label>
-			<input type="password" name="password" id="password" class="login_input">
-		</p>
-			
-		<p><input type="submit" class="button" value="<?php echo $_['Enter'] ?>"></p>
-	</form>
-	<script>document.getElementById('username').focus();</script>
-<?php 
-} //end Login_Page() ***********************************************************
-
-
-
-
-function Login_response() { //**************************************************
-	global $_, $EX, $message, $page, $LOGIN_ATTEMPTS, 
-		   $USERNAME, $PASSWORD, $USE_HASH, $HASHWORD, $MAX_ATTEMPTS, $LOGIN_DELAY;
-
-	$_SESSION = array();    //make sure it's empty
-	$_SESSION['valid'] = 0; //Default to failed login.
-	$attempts = 0;
-	$elapsed  = 0;
-
-	if (is_file($LOGIN_ATTEMPTS)) { //Check for prior failed attempts
-		$attempts = (int)file_get_contents($LOGIN_ATTEMPTS); //Don't increment yet...
-		$elapsed  = time() - filemtime($LOGIN_ATTEMPTS);
-	}
-
-	if ($attempts > 0) { $message .= '<b>'.$_['login_msg_01a'].' '.$attempts.' '.$_['login_msg_01b'].'</b><br>';}
-	if ( ($attempts >= $MAX_ATTEMPTS) && ($elapsed < $LOGIN_DELAY) ){
-		$message .= $_['login_msg_02a'].' '.Timeout_Timer(($LOGIN_DELAY - $elapsed), 'timer0', '', '').' '.$_['login_msg_02b'];
-		return;
-	}
-
-	//Validate password
-	if ($USE_HASH) { $VALID_PASSWORD = (hashit($_POST['password']) == $HASHWORD); }
-	else           { $VALID_PASSWORD = (       $_POST['password']  == $PASSWORD); }
-
-	//validate login.  Ignore attempt if username & password are blank. 
-	if ( ($_POST['password'] == "") && ($_POST['username'] == "") )  { ; //
-	}elseif ( $VALID_PASSWORD && ($_POST['username'] == $USERNAME) ) {
-		session_regenerate_id(true);
-		$_SESSION['USER_AGENT'] = $_SERVER['HTTP_USER_AGENT']; //for user consistancy check.
-		$_SESSION['valid'] = 1;
-		$page = "index";
-		if ( is_file($LOGIN_ATTEMPTS) ) { unlink($LOGIN_ATTEMPTS); } //delete invalid attempts count file
-	}else{
-		file_put_contents($LOGIN_ATTEMPTS, ++$attempts); //increment & save attempt
-		$message  = $EX.'<b>'.$_['login_msg_03'].$attempts.'</b><br>';
-		if ($attempts >= $MAX_ATTEMPTS) {
-			$message .= $_['login_msg_02a'].' '.Timeout_Timer($LOGIN_DELAY, 'timer0', '', '').' '.$_['login_msg_02b'];
-		}
-	}
-}//end Login_response() //******************************************************
-
-
-
-
-function List_Files() { // ...in a vertical table ******************************
-//called from Index Page
-
-	global $ONESCRIPT, $ipath, $param1, $ftypes, $fclasses, $excluded_list, $stypes, $SHOWALLFILES;
-
-	$files = scandir('./'.$ipath);
-	natcasesort($files);
-
-	echo '<table class="index_T">';
-	foreach ($files as $file) {
-		
-		$excluded = FALSE;
-		if (in_array(basename($file), $excluded_list)) { $excluded = TRUE; };
-
-		//Get file type & check against $stypes (files types to show)
-		$ext = end( explode(".", strtolower($file)) );
-		if ($SHOWALLFILES || in_array($ext, $stypes)) { $SHOWTYPE = TRUE; } else { $SHOWTYPE = FALSE; }
-		
-		if ( $SHOWTYPE && !is_dir($ipath.$file) && !$excluded ) {
-			
-			//Set icon type based on file type ($ext).
-			$type = $fclasses[array_search($ext, $ftypes)];
-?>
-			<tr>
-				<td>
-					<?php echo '<a href="'.$ONESCRIPT.$param1.'&amp;f='.rawurlencode($file).'&amp;p=edit" >'; ?>
-					<?php show_icon($type); echo  htmlentities($file), '</a>'; ?>
-				</td>
-				<td class="meta_T meta_size">&nbsp;
-					<?php echo number_format(filesize($ipath.$file)); ?> B
-				</td>
-				<td class="meta_T meta_time"> &nbsp;
-					<script>FileTimeStamp(<?php echo filemtime($ipath.$file); ?>, 1, 0);</script>
-				</td>
-			</tr>
-<?php 
-		}//end if !is_dir...
-	}//end foreach file
-	echo '</table>';
-}//end List_Files() ************************************************************
-
-
-
-
-function Index_Page(){ //*******************************************************
-	global $ONESCRIPT, $ipath;
-
-	//<!--==== List folders/sub-directores ====-->
-	echo '<p class="index_folders">';
-		$folders = glob($ipath."*",GLOB_ONLYDIR);
-		natcasesort($folders);
-		foreach ($folders as $folder) {
-			echo '<a href="'.$ONESCRIPT.'?i='.URLencode_path($folder).'/">'.PHP_EOL;
-			svg_icon_folder();
-			echo htmlentities(basename($folder)).' /</a>';
-		}
-	echo '</p>';
-
-	Upload_New_Rename_Delete_Links();
-
-	List_Files();
-
-	Upload_New_Rename_Delete_Links();
-
-}//end Index_Page()*************************************************************
-
-
-
-
-function Edit_Page_buttons_top($text_editable){ //******************************
-	global $_, $ONESCRIPT, $param1, $filename;
-?>
-	<div class="edit_btns_top">
-		<div class="file_meta">
-			<span class="meta_size">
-				<?php echo $_['meta_txt_01'].number_format(filesize($filename)).' '.$_['meta_txt_02']; ?>
-			</span> &nbsp; 
-			<span class="meta_time">
-				<?php echo $_['meta_txt_03'] ?><script>FileTimeStamp(<?php echo filemtime($filename); ?>, 1, 1);</script>
-			</span><br>
-		</div>
-
-		<div class="buttons_right">
-			<?php if ( $text_editable ) { ?>
-				<input type="button" id="wide_view" class="button" value="<?php echo $_['Wide_View'] ?>" onclick="Wide_View();">
-			<?php } ?>
-			<input type="button" id="close1" class="button" value="<?php echo $_['Close'] ?>" 
-				onclick="parent.location = '<?php echo $ONESCRIPT.$param1 ?>'">
-			<script>document.getElementById('close1').focus();</script>
-		</div>
-		<div style="clear:both"></div>
-	</div>
-<?php 
-}//end Edit_Page_buttons_top(){ //**********************************************
-
-
-
-
-function Edit_Page_buttons($text_editable, $too_large_to_edit) { //*************
-	global $_, $ONESCRIPT, $param1, $param2, $MAX_IDLE_TIME;
-	$Button = '<input type="button" class="button" value="';
-	$ACTION = '" onclick="parent.location = \''.$ONESCRIPT.$param1.$param2.'&amp;p=';
-?>
-	<div class="edit_btns_bottom">
-	<?php if ($text_editable && !$too_large_to_edit) { //Show save & reset only if editable file ?> 
-		<?php echo Timeout_Timer($MAX_IDLE_TIME, 'timer1','timer', 'LOGOUT'); ?>
-		<input type="submit" class="button" value="Save"                  onclick="submitted = true;" id="save_file">
-		<input type="button" class="button" value="Reset - loose changes" onclick="Reset_File()"      id="reset">
-		<script>
-			//Set disabled here instead of via input attribute in case js is disabled.
-			//If js is disabled, user would be unable to save changes.
-			document.getElementById('save_file').disabled = "disabled";
-			document.getElementById('reset').disabled     = "disabled";
-		</script>
-	<?php } ?>
-	<?php echo $Button.$_['Ren_Move'].$ACTION ?>rename'">
-	<?php echo $Button.$_['Copy']    .$ACTION ?>copy'"  >
-	<?php echo $Button.$_['Delete']  .$ACTION ?>delete'">
-	<?php echo $Button.$_['Close'] ?>" onclick="parent.location = '<?php echo $ONESCRIPT.$param1 ?>'">
-	</div>
-<?php
-}//end Edit_Page_buttons()******************************************************
-
-
-
-
-//******************************************************************************
-function Edit_Page_form($ext, $text_editable, $too_large_to_edit, $too_large_to_edit_message){ 
-	global $_, $ONESCRIPT, $param1, $param2, $param3, $filename, $itypes, $INPUT_NUONCE, $EX, $message, $MAX_IDLE_TIME;
-?>
-	<form id="edit_form" name="edit_form" method="post" action="<?php echo $ONESCRIPT.$param1.$param2.$param3 ?>">
-		<?php echo $INPUT_NUONCE; ?>
-<?php
-		if ( !in_array( strtolower($ext), $itypes) ) { //If non-image...
-
-			if (!$text_editable) { // If non-text file...
-				echo '<p class="edit_disabled">'.$_['edit_txt_01'].'<br><br></p>';
-
-			}elseif ( $too_large_to_edit ) {
- 				echo '<p class="edit_disabled">'.$too_large_to_edit_message.'</p>';
-
-			}else{
-				if (PHP_VERSION_ID  < 50400) {  // 5.4.0
-					$filecontent = htmlspecialchars(file_get_contents($filename));
-				}else{
-					$filecontent = htmlspecialchars(file_get_contents($filename),ENT_SUBSTITUTE);
-				}
-				$bad_chars = ($filecontent == "" && filesize($filename) > 0);
-
-				if ($bad_chars){ //did htmlspecialchars return an empty string?
-					echo '<pre class="edit_disabled">'.$EX.$_['edit_txt_02'].'<br>';
-					echo $_['edit_txt_03'].'<br>';
-					echo $_['edit_txt_04'].'<br></pre>';
-				}else{
-					echo '<input type="hidden" name="filename" id="filename" value="'.htmlspecialchars($filename).'">';
-					echo '<textarea id="file_contents" name="content" cols="70" rows="25"
-						onkeyup="Check_for_changes(event);">'.$filecontent.'</textarea>'.PHP_EOL;
-				}
-			} //end if !editable /else...
-		} //end if non-image, show textarea
-
-		Edit_Page_buttons($text_editable, $too_large_to_edit);
-
-		Edit_Page_scripts();
-?>	</form>
-<?php
-	if ($text_editable && !$too_large_to_edit && !$bad_chars) { Edit_Page_Notes(); }
-}//end Edit_Page_form() ********************************************************
-
-
-
-
-function Edit_Page_Notes() { //*************************************************
-	global $_, $MAX_IDLE_TIME;
-			$SEC = $MAX_IDLE_TIME;
-			$HRS = floor($SEC/3600);
-			$SEC = fmod($SEC,3600);
-			$MIN = floor($SEC/60);   if ($MIN < 10) { $MIN = "0".$MIN; };
-			$SEC = fmod($SEC,60);    if ($SEC < 10) { $SEC = "0".$SEC; };
-			$HRS_MIN_SEC = $HRS.':'.$MIN.':'.$SEC;
-?>
-			<div id="edit_notes">
-				<div class="notes"><?php echo $_['edit_notes_00'] ?></div>
-				<div class="notes"><b>1)
-					<?php echo $_['edit_note_01a'].'$MAX_IDLE_TIME '.$_['edit_note_01b'] ?>
-					<?php echo ' '.$HRS_MIN_SEC.'. '.$_['edit_note_02'] ?></b>
-				</div>
-				<div class="notes"><b>2) </b> <?php echo $_['edit_note_03'] ?></div>
-				<div class="notes"><b>3) </b> <?php echo $_['edit_note_04'] ?></div>
-			</div>
-<?php 
-}//end Edit_Page_Notes() { //***************************************************
-
-
-
-
-function Edit_Page() { //*******************************************************
-	global $_, $ONESCRIPT, $param1, $filename, $filecontent, $etypes, $itypes, $MAX_EDIT_SIZE, $MAX_VIEW_SIZE;
-	clearstatcache ();
-
-	//Determine if text editable file type
-	$ext = end( explode(".", strtolower($filename) ) );
-	if ( in_array($ext, $etypes) ) { $text_editable = TRUE;  }
-	else                           { $text_editable = FALSE; }
-	
-	$too_large_to_edit = (filesize($filename) > $MAX_EDIT_SIZE);
-	$too_large_to_view = (filesize($filename) > $MAX_VIEW_SIZE);
-	
-	if ( $too_large_to_edit ) { $header2 = $_['edit_h2_1']; }
-	else                      { $header2 = $_['edit_h2_2']; }
-
-	$too_large_to_edit_message = 
-'<b>'.$_['too_large_to_edit_01a'].number_format($MAX_EDIT_SIZE).' '.$_['too_large_to_edit_01b'].'</b><br>'.
-$_['too_large_to_edit_02'].'<br>'.$_['too_large_to_edit_03'].'<br>'.$_['too_large_to_edit_04'];
-
-	$too_large_to_view_message = 
-'<b>'.$_['too_large_to_view_01a'].number_format($MAX_VIEW_SIZE).' '.$_['too_large_to_view_01b'].'</b><br>'.
-$_['too_large_to_view_02'].'<br>'.$_['too_large_to_view_03'].'<br>'.$_['too_large_to_view_04'];
-
-	echo '<h2 id="edit_header">'.$header2;
-	echo '<a class="filename" href="/'.URLencode_path($filename).'" target="_blank">'.htmlentities(basename($filename)).'</a>';
-	echo '</h2>'.PHP_EOL;
-
-	Edit_Page_buttons_top($text_editable);
-
-	Edit_Page_form($ext, $text_editable, $too_large_to_edit, $too_large_to_edit_message);
-	
-	if ( in_array( $ext, $itypes) ) { show_image(); }
-
-	echo '<div style="clear:both"></div>';
-
-	if     ( $text_editable && $too_large_to_view ) {
-		echo '<p class="edit_disabled">'.$too_large_to_view_message.'</p>';
-	}
-	elseif ( $text_editable && $too_large_to_edit ){ 
-		$filecontent = htmlspecialchars(file_get_contents($filename), ENT_COMPAT,'UTF-8');
-		echo '<pre class="edit_disabled view_file">'.$filecontent.'</pre>';
-	}
-}//End Edit_Page ***************************************************************
-
-
-
-
-function Edit_response(){ //***If on Edit page, and [Save] clicked *************
-	global $_, $EX, $message, $filename;
-	$filename = $_POST["filename"];
-	$content  = $_POST["content"];
-
-	$bytes = file_put_contents($filename, $content);
-
-	if ($bytes !== false) {
-		$message .= '<b>'.$_['edit_msg_01'].' '.$bytes.' '.$_['edit_msg_02'].'</b>';
-	}else{
-		$message .= $EX.'<b>'.$_['edit_msg_03'].'</b>';
-	}
-}//end Edit_response() *********************************************************
-
-
-
-
-function Upload_Page() { //*****************************************************
-	global $_, $ONESCRIPT, $ipath, $param1, $INPUT_NUONCE;
-
-	//Determine $MAX_FILE_SIZE to upload
-	$upload_max_filesize = ini_get('upload_max_filesize'); //This should be < post_max_size,
-	$post_max_size       = ini_get('post_max_size');       //but, just in case, check both...
-
-	function shorthand_to_int($SHORTHAND){ //*******************
-		$KMG = strtoupper(substr($SHORTHAND, -1));
-		if     ($KMG == "K") { return $SHORTHAND * 1024; }
-		elseif ($KMG == "M") { return $SHORTHAND * 1048576; }
-		elseif ($KMG == "G") { return $SHORTHAND * 1073741824; }
-		else                 { return $SHORTHAND; }
-	}//end function shorthand_to_int() *************************
-
-	$UMF = shorthand_to_int($upload_max_filesize);
-	$PMS = shorthand_to_int($post_max_size);
-
-	if ($UMF <= $PMS){ $MAX_FILE_SIZE = $UMF; $max_msg = $upload_max_filesize.' '.$_['upload_txt_01']; }
-	else             { $MAX_FILE_SIZE = $PMS; $max_msg = $post_max_size      .' '.$_['upload_txt_02']; }
-?>
-	<h2><?php echo $_['upload_h2'] ?></h2>
-	<p><?php echo $_['upload_txt_03'].$max_msg; ?></p>
-	<form enctype="multipart/form-data" action="<?php echo $ONESCRIPT.$param1; ?>&amp;p=uploaded" method="post">
-		<?php echo $INPUT_NUONCE; ?>
-		<input type="hidden" name="MAX_FILE_SIZE" value="<?php echo $MAX_FILE_SIZE ?>"> 
-		<input type="hidden" name="upload_destination" value="<?php echo htmlspecialchars($ipath); ?>" >
-		<input type="file"   name="upload_file" id="upload_file" size="100">
-		<?php Cancel_Submit_Buttons($_['Upload'],"cancel"); ?>
-	</form>
-<?php 
-} //end Upload_Page() **********************************************************
-
-
-
-
-function Upload_response() { //*************************************************
-	global $_, $filename, $message, $EX, $page;
-	$filename    = $_FILES['upload_file']['name'];
-	$destination = Check_path($_POST["upload_destination"]);
-	$page  = "index";
-	$MAXUP1 = ini_get('upload_max_filesize');
-	$MAXUP2 = number_format($_POST['MAX_FILE_SIZE']).$_['bytes_01'];
-	$ERROR = $_FILES['upload_file']['error'];
-
-	if     ( $ERROR == 1 ){ $ERRMSG = $_['upload_err_01a'].' upload_max_filesize = '.$MAXUP1.' '.$_['upload_err_01b'];}
-	elseif ( $ERROR == 2 ){ $ERRMSG = $_['upload_err_02a'].' $MAX_FILE_SIZE = '     .$MAXUP2.' '.$_['upload_err_02b'];}
-	elseif ( $ERROR == 3 ){ $ERRMSG = $_['upload_err_03']; }
-	elseif ( $ERROR == 4 ){ $ERRMSG = $_['upload_err_04']; }
-	elseif ( $ERROR == 5 ){ $ERRMSG = $_['upload_err_05']; }
-	elseif ( $ERROR == 6 ){ $ERRMSG = $_['upload_err_06']; }
-	elseif ( $ERROR == 7 ){ $ERRMSG = $_['upload_err_07']; }
-	elseif ( $ERROR == 8 ){ $ERRMSG = $_['upload_err_08']; }
-	else                  { $ERRMSG = ''; }
-
-	if (($filename == "")){ 
-		$message .= $EX.'<b>'.$_['upload_msg_01'].'</b>';
-	}elseif (($destination != "") && !is_dir($destination)) {
-		$message .= $EX.$_['upload_msg_02'].'<br><b>';
-		$message .= htmlentities($WEB_ROOT.$destination).'</b><br>'.$_['upload_msg_03'].'</b>';
-	}else{
-		$message .= $_['upload_msg_04'].' "<b>'.htmlentities($filename).'</b>"...';
-		$savefile = ordinalize($destination, $filename, $savefile_msg);
-		if(move_uploaded_file($_FILES['upload_file']['tmp_name'], $savefile)) {
-			$message .= '<br>'.$_['upload_msg_05'].' '.$savefile_msg;
-		} else{
-			$message .= '<br>'.$EX.'<b>'.$_['upload_msg_06'].'</b> '.$ERRMSG.'';
-		}
-	}
-}//end Upload_response() *******************************************************
-
-
-
-
-function New_File_Page() { //***************************************************
-	global $_, $FORM_COMMON, $INVALID_CHARS;
-?>
-	<h2><?php echo $_['new_file_h2'] ?></h2>
-	<?php echo $FORM_COMMON ?>
-		<p><?php echo $_['new_file_txt_01'] . $_['new_file_txt_02'] ?>
-		<span class="mono"><?php echo htmlentities($INVALID_CHARS) ?></span></p>
-		<input type="text" name="new_file" id="new_file" value="">
-		<?php Cancel_Submit_Buttons($_['Create'],"new_file"); ?>
-	</form>
-<?php 
-}//end New_File_Page()**********************************************************
-
-
-
-
-function New_File_response() { //***********************************************
-	global $_, $ipath, $param2, $param3, $filename, $page, $message, $EX, $INVALID_CHARS, $INVALID_CHARS_array;
-
-	$new_name = trim($_POST["new_file"],'/ '); //Trim spaces and slashes.
-	$filename = $ipath.$new_name;
-	$page = "index"; // return to index if new file fails
-	
-	$invalid = false;
-	foreach ($INVALID_CHARS_array as $bad_char) {
-		if (strpos($new_name, $bad_char) !== false) { $invalid = true; }
-	}
-
-	if ($invalid){
-		$message .= $EX.'<b>'.$_['new_file_msg_01'].'</b> '.htmlentities($new_name).'<br>'.
-			'<b> &nbsp; &nbsp; &nbsp; '.$_['new_file_msg_02'].
-			'<span class="mono">'.htmlentities($INVALID_CHARS).'</span></b>';
-	}elseif ($new_name == ""){ 
-		$message .= $EX.'<b>'.$_['new_file_msg_03'].'</b>';
-	}elseif (file_exists($filename)) {
-		$message .= $EX.'<b>'.$_['new_file_msg_04'];
-		$message .= htmlentities($new_name).'</b>';
-	}elseif ($handle = fopen($filename, 'w')) {
-		fclose($handle);
-		$message .= '<b>'.$_['new_file_msg_05'].'</b> '.htmlentities($new_name);
-		$page     = "edit";
-		$param2   = '&amp;f='.rawurlencode(basename($filename));// for Edit_Page() buttons
-		$param3   = '&amp;p=edit';                              // for Edit_Page() buttons 
-	}else{
-		$message .= $EX.'<b>'.$_['new_file_msg_06'];
-		$message .= htmlentities($new_name);
-	}
-}//end New_File_response() *****************************************************
-
-
-
-
-function Copy_Ren_Move_Page($action, $title, $name_id, $isfile) { //************
-	//$action = 'Copy' or 'Rename'. $isfile = 1 if acting on a file, not a folder
-	global $_, $WEB_ROOT, $ipath, $filename, $FORM_COMMON;
-	if ($isfile) { $old_name = $filename; }else{ $old_name = $ipath; }
-	if ($isfile) { $new_name = $filename; }else{ $new_name = $ipath; }
-	//if ($action == "Copy" ) { $new_name = ordinalize($ipath, basename($filename), $msg); }
-?>
-	<h2><?php echo $action.' '.$title ?></h2>
-	<p><?php echo $_['CRM_txt_01'] ?></p>
-	<?php echo $FORM_COMMON ?>
-		<p>
-			<label><?php echo $_['CRM_txt_02'] ?></label>
-			<span class="web_root"><?php echo htmlentities($WEB_ROOT); ?></span><input type="text" 
-				name="old_name" value="<?php echo htmlspecialchars($old_name); ?>" readonly="readonly">
-		</p>
-		<p>
-			<label><?php echo $_['CRM_txt_03'] ?></label>
-			<span class="web_root"><?php echo htmlentities($WEB_ROOT); ?></span><input type="text" 
-				name="<?php echo $name_id ?>" id="<?php echo $name_id ?>" 
-				value="<?php echo htmlspecialchars($new_name); ?>">
-		</p>
-		<?php Cancel_Submit_Buttons($action, $name_id); ?>
-	</form>
-<?php 
-} //end Copy_Ren_Move_Page() ***************************************************
-
-
-
-
-//******************************************************************************
-function Copy_Ren_Move_response($old_name, $new_name, $action, $msg1, $msg2, $isfile){
-	//$action = 'copy' or 'rename'. $isfile = 1 if acting on a file, not a folder
-	global $_, $WEB_ROOT, $ipath, $param1, $param2, $message, $EX, $page, $filename;
-
-	$old_name = trim($old_name,'/ ');
-	$new_name = trim($new_name,'/ ');
-	$new_location = dirname($new_name);
-	$filename = $old_name; //default if error
-	if ($isfile) { $page = "edit"; }else{ $page = "index"; }
-	
-	if ( !is_dir($new_location) ){
-		$message .= $EX.'<b>'.$msg1.' '.$_['CRM_msg_01'].'</b><br>';
-		$message .= htmlentities($WEB_ROOT.$new_location).'/<br>';
-	}elseif ( !file_exists($filename) ){
-		$message .= $EX.'<b>'.$msg1.' '.$_['CRM_msg_02'].'</b><br>';
-		$message .= htmlentities($filename);
-	}elseif (file_exists($new_name)) {
-		$message .= $EX.'<b>'.$msg1.' '.$_['CRM_msg_03'].'<br>';
-		$message .= htmlentities($WEB_ROOT.$new_name).'</b>';
-	}elseif ($action($old_name, $new_name)) {
-		$message .= '<b>'.htmlentities($WEB_ROOT.$old_name).'</b><br>';
-		$message .= ' --- '.$msg2.' '.$_['CRM_msg_04'].' ---<br>';
-		$message .= '<b>'.htmlentities($WEB_ROOT.$new_name).'</b>';
-		$filename = $new_name; //so edit page knows what to edit
-		if ($isfile) { $ipath = Check_path(dirname($filename)); } //if changed,
-		else         { $ipath = Check_path($filename); }          //return to new dir.
-		$param1   = '?i='.URLencode_path($ipath);
-		$param2   = '&amp;f='.rawurlencode(basename($filename));
-		$param3   = '&amp;p=edit';
-	}else{
-		$message .= '<b>'.htmlentities($WEB_ROOT.$old_name).'</b><br>';
-		$message .= $EX.'<b>'.$_['CRM_msg_05a'].' '.$msg1.' '.$_['CRM_msg_05b'].'</b><br>';
-		$message .= '<b>'.htmlentities($WEB_ROOT.$new_name).'</b>';
-	}
-}//end Copy_Ren_Move_response() ************************************************
-
-
-
-
-function Delete_File_Page() { //************************************************
-	global $_, $filename, $FORM_COMMON;
-?>
-	<h2><?php echo $_['delete_h2'] ?></h2>
-	<?php echo $FORM_COMMON ?>
-		<input type="hidden" name="delete_file" value="<?php echo htmlspecialchars($filename); ?>" >
-		<span class="verify"><?php echo htmlentities(basename($filename)); ?></span>
-		<p><b><?php echo $_['delete_txt_01'] ?></b></p>
-		<?php Cancel_Submit_Buttons($_['DELETE'], "cancel"); ?>
-	</form>
-<?php 
-} //end Delete_File_Page() *****************************************************
-
-
-
-
-function Delete_File_response(){ //*********************************************
-	global $_, $filename, $message, $EX, $page;
-
-	$page = "index"; //Return to index
-	$filename = $_POST["delete_file"];
-
-	if (unlink($filename)) {
-		$message .= '<b>'.$_['delete_msg_01'].' '.htmlentities(basename($filename)).'</b>';
-	}else{
-		$message .= $EX.'<b>'.$_['delete_msg_02'].' "'.htmlentities($filename).'"</b>.';
-		$page = "edit";
-	}
-}//end Delete_File_response() **************************************************
-
-
-
-
-function New_Folder_Page() { //*************************************************
-	global $_, $FORM_COMMON, $INVALID_CHARS;
-?>
-	<h2><?php echo $_['new_folder_h2'] ?></h2>
-	<?php echo $FORM_COMMON ?>
-		<p><?php echo $_['new_folder_txt_1'] ?>
-		<?php echo $_['new_folder_txt_2'] ?> <span class="mono"><?php echo htmlentities($INVALID_CHARS) ?></span></p>
-		<input type="text" name="new_folder" id="new_folder" value="">
-		<?php Cancel_Submit_Buttons($_['Create'],"new_folder"); ?>
-	</form>
-<?php 
-} //end New_Folder_Page() ******************************************************
-
-
-
-
-function New_Folder_response(){ //**********************************************
-	global $_, $ipath, $param1, $page, $message, $EX, $INVALID_CHARS, $INVALID_CHARS_array;
-
-	$new_name = trim($_POST["new_folder"],'/ '); //Trim spaces, and make sure only has a single trailing slash.
-
-	$invalid = false;
-	foreach ($INVALID_CHARS_array as $bad_char) {
-		if (strpos($new_name, $bad_char) !== false) { $invalid = true; }
-	}
-	$page = "index"; //Return to index
-
-	$new_ipath = $ipath.$new_name.'/';
-
-	if ($invalid){
-		$message .= $EX.'<b>'.$_['new_folder_msg_01'].'</b> '.htmlentities($new_name).'<br>'.
-			'<b>'.$_['new_folder_msg_02'].
-			'<span class="mono">'.htmlentities($INVALID_CHARS).'</span></b>';
-	}elseif ($new_name == ""){ 
-		$message .= $EX.'<b>'.$_['new_folder_msg_03'].'</b>';
-	}elseif (is_dir($new_ipath)) {
-		$message .= $EX.'<b>'.$_['new_folder_msg_04'].' ';
-		$message .= htmlentities($new_ipath).'</b>';
-	}elseif (mkdir($new_ipath)) {
-		$message .= '<b>'.$_['new_folder_msg_05'].'</b> '.htmlentities($new_name);
-		$ipath    = $new_ipath;  //return to new folder
-		$param1   = '?i='.URLencode_path($ipath);
-	}else{
-		$message .= $EX.'<b>'.$_['new_folder_msg_06'].' </b><br>';
-		$message .= htmlentities($new_name);
-	}
-}//end New_Folder_response *****************************************************
-
-
-
-
-function Delete_Folder_Page(){ //***********************************************
-	global $_, $WEB_ROOT, $ipath, $FORM_COMMON;
-?>
-	<h2><?php echo $_['delete_folder_h2'] ?></h2>
-	<?php echo $FORM_COMMON ?>
-		<input type="hidden" name="delete_folder" value="<?php echo htmlspecialchars($ipath); ?>" >
-		<span class="web_root"><?php echo htmlentities($WEB_ROOT.Check_path(dirname($ipath))); ?></span><span 
-		class="verify"><?php echo htmlentities(basename($ipath)); ?></span> /
-		<p><b><?php echo $_['delete_folder_txt_01'] ?></b></p>
-		<?php Cancel_Submit_Buttons($_['DELETE'], "cancel"); ?>
-	</form>
-<?php 
-} //end Delete_Folder_Page() //*************************************************
-
-
-
-
-function Delete_Folder_response() { //******************************************
-	global $ipath, $param1, $page, $message, $EX;
-	$page = "index"; //Return to index
-	$foldername = trim($_POST["delete_folder"], '/');
-
-	if ( !is_empty($ipath) ) {
-		$message .= $EX.'<b>'.$_['delete_folder_msg_01'].'</b>';
-		$page = "index";
-	}elseif (@rmdir($foldername)) {
-		$message .= '<b>'.$_['delete_folder_msg_02'].'</b> '.htmlentities(basename($foldername));
-		$ipath  = Check_path($foldername); //Return to parent dir.
-		$param1 = '?i='.URLencode_path($ipath);
-	}else {
-		$message .= $EX.'<b>"'.htmlentities($foldername).'/"</b> '.$_['delete_folder_msg_03'];
-	}
-}//end Delete_Folder_response() ************************************************
-
-
-
-
-function Page_Title(){ //***<title>Page_Title()</title>*************************
-	global $_, $page;
-
-	if     ($page == "login")        { return $_['page_title_login'];     }
-	elseif ($page == "hash")         { return $_['page_title_hash'];      }
-	elseif ($page == "edit")         { return $_['page_title_edit'];      }
-	elseif ($page == "upload")       { return $_['page_title_upload'];    }
-	elseif ($page == "newfile")      { return $_['page_title_new_file'];  }
-	elseif ($page == "copy" )        { return $_['page_title_copy'];      }
-	elseif ($page == "rename")       { return $_['page_title_ren'];       }
-	elseif ($page == "delete")       { return $_['page_title_del'];       }
-	elseif ($page == "newfolder")    { return $_['page_title_folder_new'];}
-	elseif ($page == "renamefolder") { return $_['page_title_folder_ren'];}
-	elseif ($page == "deletefolder") { return $_['page_title_folder_del'];}
-	else                             { return $_SERVER['SERVER_NAME']; }
-}//end Page_Title() ************************************************************
-
-
-
-
-function Load_Selected_Page(){ //***********************************************
-	global $_, $ONESCRIPT, $page;
-
-	if     ($page == "login")        { Login_Page();         }
-	elseif ($page == "hash")         { Hash_Page();          }
-	elseif ($page == "edit")         { Edit_Page();          }
-	elseif ($page == "upload")       { Upload_Page();        }
-	elseif ($page == "newfile")      { New_File_Page();      }
-	elseif ($page == "copy")         { Copy_Ren_Move_Page($_['Copy'],   $_['File'], 'copy_file', 1); }
-	elseif ($page == "rename")       { Copy_Ren_Move_Page($_['Rename'], $_['File'], 'rename_file', 1); }
-	elseif ($page == "delete")       { Delete_File_Page();   }
-	elseif ($page == "newfolder")    { New_Folder_Page();    }
-	elseif ($page == "renamefolder") { Copy_Ren_Move_Page($_['Rename'], $_['Folder'], 'rename_folder', 0); }
-	elseif ($page == "deletefolder") { Delete_Folder_Page(); }
-	else                             { Index_Page();         } //default
-}//end Load_Selected_Page() ****************************************************
-
-
-
-
-function Timer_scripts() { //***************************************************
-	global $_;
-?>
-<script>
-//pad() is also used by the Time_Stamp_scripts()
-function pad(num){ if ( num < 10 ){ num = "0" + num; }; return num; }
-
-
-function FormatTime(Seconds) {
-	var Hours = Math.floor(Seconds / 3600); Seconds = Seconds % 3600;
-	var Minutes = Math.floor(Seconds / 60); Seconds = Seconds % 60;
-	if ((Hours == 0) && (Minutes == 0)) { Minutes = "" } else { Minutes = pad(Minutes) }
-	if (Hours == 0) { Hours = ""} else { Hours = pad(Hours) + ":"}
-
-	return (Hours + Minutes + ":" + pad(Seconds));
-}
-
-
-function Countdown(count, End_Time, Timer_ID, Timer_CLASS, Action){
-	var Timer        = document.getElementById(Timer_ID);
-	var Current_Time = Math.round(new Date().getTime()/1000); //js uses milliseconds
-	    count        = End_Time - Current_Time;
-	var params = count + ', "' + End_Time + '", "' + Timer_ID + '", "' + Timer_CLASS + '", "' + Action + '"';
-
-	Timer.innerHTML = FormatTime(count);
-
-	if ( (count < 120) && (Action != "") ) { //Two minute warning...
-		Timer.style.backgroundColor = "white";
-		Timer.style.color = "red";
-		Timer.style.fontWeight = "900";
-	}
-
-	if ( count < 1 ) {
-		if ( Action == 'LOGOUT') { 
-			Timer.innerHTML = '<?php echo $_['session_expired'] ?>';
-			//Load login screen, but delay first to make sure really expired:
-			setTimeout('window.location = window.location.pathname',3000); //1000 = 1 second
-		}
-		return;
-	}
-	setTimeout('Countdown(' + params + ')',1000);
-}
-
-
-function Start_Countdown(count, ID, CLASS, Action){
-	document.write('<span id="' + ID + '"  class="' + CLASS + '"></span>');
-
-	var Time_Start  = Math.round(new Date().getTime()/1000);
-	var Time_End    = Time_Start + count;
-
-	Countdown(count, Time_End, ID, CLASS, Action); //(seconds to count, id of element)
-}
-</script>
-<?php 
-}//end Timer_scripts() *********************************************************
-
-
-
-
-function Time_Stamp_scripts() { //**********************************************
-?>
-<script>//Dispaly file's timestamp in user's local time 
-
-function FileTimeStamp(php_filemtime, show_date, show_offset){
-
-	//php's filemtime returns seconds, javascript's date() uses milliseconds.
-	var FileMTime = php_filemtime * 1000; 
-
-	var TIMESTAMP  = new Date(FileMTime);
-	var YEAR  = TIMESTAMP.getFullYear();
-	var	MONTH = pad(TIMESTAMP.getMonth() + 1);
-	var DATE  = pad(TIMESTAMP.getDate());
-	var HOURS = TIMESTAMP.getHours();
-	var MINS  = pad(TIMESTAMP.getMinutes());
-	var SECS  = pad(TIMESTAMP.getSeconds());
-
-	if ( HOURS < 12) { AMPM = "am"; } else { AMPM = "pm"; }
-	if ( HOURS > 12 ) {HOURS = HOURS - 12; }
-	HOURS = pad(HOURS);
-
-	var GMT_offset = -(TIMESTAMP.getTimezoneOffset()); //Yes, I know - seems wrong, but it's works.
-
-	if (GMT_offset < 0) { NEG=-1; SIGN="-"; } else { NEG=1; SIGN="+"; } 
-
-	var offset_HOURS = Math.floor(NEG*GMT_offset/60);
-	var offset_MINS  = pad( NEG * GMT_offset % 60 );
-	var offset_FULL  = "UTC " + SIGN + offset_HOURS + ":" + offset_MINS;
-
-	FULLDATE = YEAR + "-" + MONTH + "-" + DATE;
-	FULLTIME = HOURS + ":" + MINS + ":" + SECS + " " + AMPM;
-
-	var               DATETIME = FULLTIME;
-	if (show_date)  { DATETIME = FULLDATE + " &nbsp;" + FULLTIME;}
-	if (show_offset){ DATETIME += " ("+offset_FULL+")"; }
-		
-	document.write( DATETIME );
-
-}//end FileTimeStamp(php_filemtime)
-</script>
-<?php 
-}//end Time_Stamp_scripts() ****************************************************
-
-
-
-
-function Edit_Page_scripts() { //***********************************************
-	global $_;
-?>
-	<!--======== Provide feedback re: unsaved changes ========-->
-	<script>
-	
-	var File_textarea    = document.getElementById('file_contents');
-	var Save_File_button = document.getElementById('save_file');
-	var Reset_button     = document.getElementById('reset');
-	var Main_div		 = document.getElementById('main');
-	var Wide_View_button = document.getElementById('wide_view');
-
-	var main_width_default = Main_div.style.width ;
-	var start_value = File_textarea.value;
-	var submitted   = false
-	var changed     = false;
-
-
-	function Wide_View() {
-		File_textarea.style.width = '99.8%';
-		if (Main_div.style.width == '95%') {
-			Main_div.style.width = main_width_default;
-			Wide_View_button.value = '<?php echo $_['Wide_View'] ?>';
-		}else{
-			Main_div.style.width = '95%';
-			Wide_View_button.value = '<?php echo $_['Normal_View'] ?>';
-		}
-	}
-
-
-	// The following events only apply when the element is active.
-	// [Save] is disabled unless there are changes to the open file.
-	Save_File_button.onfocus = function() {Save_File_button.style.backgroundColor = "rgb(255,250,150)";}
-	Save_File_button.onblur  = function() {Save_File_button.style.backgroundColor ="#Fee";}
-	Save_File_button.onmouseover = function() {Save_File_button.style.backgroundColor = "rgb(255,250,150)";}
-	Save_File_button.onmouseout  = function() {Save_File_button.style.backgroundColor = "#Fee";}
-
-
-
-	function Reset_file_status_indicators() {
-		changed = false;
-		File_textarea.style.backgroundColor = "#F6FFF6";  //light green
-		Save_File_button.style.backgroundColor = "";
-		Save_File_button.style.borderColor = "";
-		Save_File_button.style.borderWidth = "1px";
-		Save_File_button.disabled = "disabled";
-		Save_File_button.value = "Save";
-		Reset_button.disabled = "disabled";
-	}
-
-
-	window.onbeforeunload = function() {
-		if ( changed && !submitted) { 
-			//FF4+ Ingores the supplied msg below & only uses a system msg for the prompt.
-			return "<?php echo $_['unload_unsaved'] ?>";
-		}
-	}
-
-
-	window.onunload = function() {
-		//without this, a browser back then forward would reload file with local/
-		// unsaved changes, but with a green b/g as tho that's the file's contents.
-		if (!submitted) {
-			File_textarea.value = start_value;
-			Reset_file_status_indicators();
-		}
-	}
-
-
-	//With selStart & selEnd == 0, moves cursor to start of text field.
-	function setSelRange(inputEl, selStart, selEnd) { 
-		if (inputEl.setSelectionRange) { 
-			inputEl.focus(); 
-			inputEl.setSelectionRange(selStart, selEnd); 
-		} else if (inputEl.createTextRange) { 
-			var range = inputEl.createTextRange(); 
-			range.collapse(true); 
-			range.moveEnd('character', selEnd); 
-			range.moveStart('character', selStart); 
-			range.select(); 
-		} 
-	}
-
-
-	function Check_for_changes(event){
-		var keycode=event.keyCode? event.keyCode : event.charCode;
-		changed = (File_textarea.value != start_value);
-		if (changed){
-			document.getElementById('message').innerHTML = " "; // Must have a space, or it won't clear the msg.
-			File_textarea.style.backgroundColor = "#Fee";  //light red
-			Save_File_button.style.backgroundColor ="#Fee";
-			Save_File_button.style.borderColor = "#F44";   //less light red
-			Save_File_button.style.borderWidth = "1px";
-			Save_File_button.disabled = "";
-			Reset_button.disabled = "";
-			Save_File_button.value = "SAVE CHANGES!";
-		}else{
-			Reset_file_status_indicators()
-		}
-	}
-
-
-	//Reset textarea value to when page was loaded.
-	//Used by [Reset] button, and when page unloads (browser back, etc). 
-	//Needed becuase if the page is reloaded (ctl-r, or browser back/forward, etc.), 
-	//the text stays changed, but "changed" gets set to false, which looses warning.
-	function Reset_File() {
-		if (changed) {
-			if ( !(confirm("<?php echo $_['confirm_reset'] ?>")) ) { return; }
-		}
-		File_textarea.value = start_value;
-		Reset_file_status_indicators();
-		setSelRange(File_textarea, 0, 0) //Move cursor to start of textarea.
-	}
-	
-	Reset_file_status_indicators()
-	</script>
-<?php 
-}//End Edit_Page_scripts() *****************************************************
-
-
-
-
-function style_sheet(){ //****************************************************?>
-<style>
-/* --- reset --- */
-* { border : 0; outline: 0; margin : 0; padding: 0;
-    font-family: inherit; font-weight: inherit; font-style : inherit;
-    font-size  : 100%; vertical-align: baseline; }
-
-
-/* --- general formatting --- */
-
-body { font-size: 1em; background: #DDD; font-family: sans-serif; }
-
-p, table { margin-bottom: .8em; margin-top: .8em;}
-
-div { position: relative; }
-
-h1,h2,h3,h4,h5,h6 { font-weight: bold; }
-h2, h3 { font-size: 1.2em; margin: .5em 1em .5em 0; } /*TRBL*/
-
-i, em     { font-style : italic; }
-b, strong { font-weight: bold;   }
-
-:focus { outline:0; }
-
-table { border-collapse:separate; border-spacing:0; }
-th,td { text-align:left; font-weight:400; }
-
-a       { border: 1px solid transparent; color: rgb(100,45,0); text-decoration: none; }
-a:hover { border: 1px solid #807568; background-color: rgb(255,250,150); }
-a:focus { border: 1px solid #807568; background-color: rgb(255,250,150); }
-
-form p { margin-bottom: .3em; }
-
-label { display: inline-block; width : 6em; font-size : 1em; font-weight: bold; }
-
-svg { margin: 0; padding: 0; }
-
-pre { /*Used around test output when trouble shooting*/
-	background: white;
-	border: 1px solid #807568;
-	padding: .5em;
-	margin: 0;
-	}
-
-
-/* --- layout --- */
-
-.container {
-	border : 0px solid #807568;
-	width  : 810px;
-	margin : 0 auto 2em auto;
-	}
-
-
-.header {
-	border-bottom : 1px solid #807568;
-	padding: 04px 0px 01px 0px;
-	margin : 0 0 .5em 0;
-	}
-
-
-#logo {
-	font-family: 'Trebuchet MS', sans-serif;
-	font-size:2.2em;
-	font-weight: bold;
-	color: black;
-	padding: .1em;
-	}
-
-.filename {
-	border: 1px solid #807568;
-	padding: .1em .2em .1em .2em;
-	font-weight: 700;
-	font-family: courier;
-	background-color: #EEE;
-	}
-
-#message { margin-bottom: .5em;}
-
-#message p {
-	margin: 0;
-	padding: 4px 0px 4px .5em;
-	border: 1px solid #807568;
-	Xfont-family: courier;
-	font-size: 1em;
-	line-height: 1.2em;
-	background: #fff000;
-	}
-
-#message #Xbox { float: right; }
-
-#message #dismiss { padding: 5px 4px 5px 4px; border-right: none; } /*TRBL*/ /*font-family: Courier; font-size: 1.2em;*/
-
-
-/* --- INDEX directory listing, table format --- */
-table.index_T {
-	min-width: 30em;
-	font-size: .95em;
-	border-style: outset;
-	border-width: 1px;
-	border-color: #807568;
-	border-collapse: collapse;
-	margin-bottom: .7em;
-	background-color: #FdFdFd;
-	}
-	
-table.index_T  tr:hover { border: 1px solid #807568; }
-
-table.index_T td { 
-	border-width  : 1px;
-	border-color  : silver;
-	border-style  : inset;
-	vertical-align: middle;
-	}
-
-.index_T a { 
-	height : 1em;
-	display: block;
-	padding: .2em 1em .3em .3em;
-	color  : rgb(100,45,0);
-	border : none;
-	overflow   : hidden;
-	}
-
-.index_T a:hover { background-color: rgb(255,250,150); }
-.index_T a:focus { background-color: rgb(255,250,150); }
-
-
-
-/* File size & date */
-
-.meta_size { min-width:  6em; }
-
-.meta_time { min-width: 15em; }
-
-.meta_T {
-	padding-right : .5em;
-	text-align    : right;
-	font-family   : courier;
-    font-size     : .9em;
-	color         : #333;
-	}
-
-
-.index_folders { min-height: 1.7em;  margin-bottom: .2em; }
-
-.index_folders a {
-	Xborder       : 1px solid #807568;
-	display      : inline-block;
-	line-height  : 1em;
-	font-size    : 1em;
-	margin-right : .6em;
-	margin-bottom: .1em;
-	padding      : 3px .4em 3px 5px; /*TRBL*/
-	}
-
-.index_folders a:hover { background-color: rgb(255,250,150); }
-.index_folders a:focus { background-color: rgb(255,250,150); }
-
-
-
-/*  [Upload File] [New File] [New Folder] etc... */
-
-.front_links a {
-	display: inline-block;
-	border : 1px solid #807568;
-	height      : 1em;
-	font-size   : 1em;
-	margin-right: 1em;
-	padding     : 3px 5px 5px 4px; /*TRBL*/
-	background-color: #EEE;
-	}
-
-.front_links a .icon_fldr {margin : 1.5px 5px 0 0; }
-.front_links a .icon_file {margin : 1.0px 5px 0 0; }
-
-.front_links a:hover  { background-color: rgb(255,250,150); }
-.front_links a:focus  { background-color: rgb(255,250,150); }
-
-
-input[type="text"] {
-	border: 1px solid #807568;
-	padding: 2px;
-	width: 50em;
-	font: 1em "Courier New", Courier, monospace;
-	}
-
-.edit_disabled { 
-	border : 1px solid #807568;
-	width  : 99%;
-	padding: .2em;
-	margin : .5em 0 0 0;
-	background-color: #FFF000; color: #333;
-	line-height: 1.4em;
-	}
-
-.view_file {font-family: courier; font-size: .9em; background-color: #F8F8F8;}
-
-
-input:focus { background-color: rgb(255,250,150); }
-
-input:hover { background-color: rgb(255,250,150); }
-
-input[readonly]       { color: #333; background-color: #EEE; }
-input[disabled]       { color: #555; background-color: #EEE; }
-input[disabled]:hover { background-color: rgb(236,233,216);  } 
-input[disabled]:hover { background-color: rgb(236,233,216);  } 
-
-
-.buttons_right         { float: right; }
-.buttons_right .button { margin-left: .5em; }
-
-.button {
-	border : 1px solid #807568;
-	padding: 4px 10px;
-	cursor : pointer;
-	color      : black;
-	font-size  : .9em;
-	font-family: sans-serif;
-	background-color: #EEE;  /*#d4d4d4*/
-	}
-
-.button[disabled]  { color: #777; background-color: #EEE; }
-
-
-/* --- header --- */
-
-.nav {
-	float     : right;
-	display   : inline-block;
-	margin-top: 1.6em;
-	font-size : 1em;
-	}
-
-.nav a {
-	border: 1px solid transparent;
-	font-weight : bold;
-	padding     : .0em;
-	padding-top   : .2em;
-	padding-left  : .6em;
-	padding-right : .6em;
-	padding-bottom: .1em;
-	}
-
-.nav a:hover { border: 1px solid #807568; }
-.nav a:focus { border: 1px solid #807568; }
-
-
-/* --- edit --- */
-
-#edit_header  {margin: 0;}
-
-#edit_form    {margin: 0;}
-
-#file_contents {
-	border: 1px solid #999;
-	font  : .95em "Courier New", Courier, monospace;
-	margin: 0 0 0 0; /*T R B L*/
-	width : 99.8%;
-	height: 32em;
-}
-
-#file_contents:focus { border: 1px solid #Fdd; }
-
-.file_meta	  {float: left;  margin-top: .5em; font-size: 1em; color: #333; } /*font-family: courier;*/
-
-#edit_notes   {font-size: .8em; color: #333 ;margin-top: 1em; clear:both;}
-
-.notes {margin-bottom: .4em;}
-
-
-/* --- log in --- */
-
-.login_page {
-	margin  : 5em auto;
-	border  : 1px solid #807568;
-	padding : .5em 1em .6em 1em;
-	width   : 370px;
-	}
-
-.login_page .nav { margin-top: .5em; }
-
-.login_input {
-	border  : 1px solid #807568;
-	padding : 2px 0px 2px 2px;
-	width   : 366px;
-	font    : 1em courier;
-	}
-
-.login_page input[type="text"]{ width   : 364px; }
-
-
-
-#upload_file {
-	border: 1px solid #807568;
-	padding: 2px;
-	width: 50em;
-	}
-
-
-hr { /*-- -- -- -- -- -- --*/
-	line-height  : 0;
-	Xfont-size    : 1px;
-	display : block;
-	position: relative;
-	padding : 0;
-	margin  : .8em auto;
-	width   : 100%;
-	clear   : both;
-	border  : none;
-	border-top   : 1px solid #807568;
-	Xborder-bottom: 1px solid #eee;
-	overflow: visible;
-	}
-
-.verify {
-	border: 1px solid #F44;
-	color: #333;
-	background-color: #FFE7E7;
-	padding: .1em .2em;
-	font: 1.2em Courier;
-	}
-
-#admin {padding: .3em;}
-
-.web_root { font:1em Courier; }
-
-.icon {float: left; margin: 0 .3em 0 0;}
-
-.mono {font-family: courier;}
-
-.info {margin-top: .7em; background: #f9f9f9; padding: .2em .5em;}
-
-.path {padding: 1px 5px 1px 5px} /*TRBL*/
-
-.edit_onefile {padding: 5px; float: right;}
-
-.timer {border: 1px solid gray; padding: 3px .5em 4px .5em;}
-
-.timeout {float:right; font-size: .95em; color: #333; }
-
-.edit_btns_top    { margin: .2em 0 .5em 0;}
-
-.edit_btns_bottom { margin: .6em 0 0 0; float: right; }
-.edit_btns_bottom .button { margin-left: .5em; }
-</style>
-<?php 
-}//end style_sheet() ***********************************************************
-
-
-
-
-//******************************************************************************
-//******************************************************************************
-//Begin logic to determine page action
-
-
-if( PHP_VERSION_ID < 50000 ) { exit("OneFileCMS requires PHP5 to operate. Tested on versions 5.2.17, 5.3.3 & 5.4"); }
-
-Session_Startup(); 
-
-if ($_SESSION['valid']) {
-
-	Get_GET();  
-
-	Init_Macros();
-
-	if ($VALID_POST) { //*******************************************************
-		if     (isset($_FILES['upload_file']['name'])) { Upload_response(); }
-		elseif (isset($_POST["whattohash"]   )) { Hash_response();          }
-		elseif (isset($_POST["filename"]     )) { Edit_response();          }
-		elseif (isset($_POST["new_file"]     )) { New_File_response();      }
-		elseif (isset($_POST["copy_file"]    )) { Copy_Ren_Move_response($_POST[ "old_name"], $_POST["copy_file"], 'copy', $_['Copy'], $_['Copied'], 1); } 
-		elseif (isset($_POST["rename_file"]  )) { Copy_Ren_Move_response($_POST[ "old_name"], $_POST["rename_file"],   'rename', $_['Ren_Move'], $_['Ren_Moved'], 1); } 
-		elseif (isset($_POST["delete_file"]  )) { Delete_File_response();   }
-		elseif (isset($_POST["new_folder"]   )) { New_Folder_response();    }
-		elseif (isset($_POST["rename_folder"])) { Copy_Ren_Move_response($_POST[ "old_name"], $_POST["rename_folder"], 'rename', $_['Ren_Move'], $_['Ren_Moved'], 0); } 
-		elseif (isset($_POST["delete_folder"])) { Delete_Folder_response(); }
-	}//end if ($VALID_POST) ****************************************************
-
-
-	//*** Verify valid $page and/or $filename **********************************
-
-		//Don't load login screen if already in a valid session.
-	if     ( $_SESSION['valid'] && ($page == "login") )  { $page = "index"; }
-
-		//Don't load edit page if $filename doesn't exist.
-	elseif ( ($page == "edit")  && !is_file($filename) ) { $page = "index"; }
-
-	elseif ($page == "logout") {
-		Logout();
-		$message .= $_['logout_msg']; }
-
-		//Don't load delete page if folder not empty.
-	elseif ( ($page == "deletefolder") && !is_empty($ipath) ) {
-		$message .= $EX.'<b>'.$_['folder_del_msg'].'</b>';
-		$page = "index";}
-
-		//if size of $_POST > post_max_size, PHP only returns empty $_POST & $_FILE arrays.
-	elseif ($page == "uploaded" && !$VALID_POST){
-		$message .= $EX.'<b>'.$_['upload_error_01a'].ini_get('post_max_size').'</b> '.$_['upload_error_01b'].'';
-		$page = "index";}
-
-	elseif ( ($page == "edit") && ($filename == trim(rawurldecode($ONESCRIPT), '/')) ) { 
-		if ( $message == "" ) { $BR = ""; } else { $BR = '<br>';}
-		$message .= '<style>#message p {background: red; color: white;}</style>';
-		$message .= $BR.$EX.'<b>'.$_['edit_caution_01'].' '.$EX.$_['edit_caution_02'].'</b>';
-	}
-	//**************************************************************************
-}//end if $_SESSION[valid] *****************************************************
-
-
-
-
-//******************************************************************************
-//******************************************************************************
-?><!DOCTYPE html>
-
-<html>
-<head>
-
-<title><?php echo $config_title.' - '.Page_Title() ?></title>
-
-<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
-<meta name="robots" content="noindex">
-
-<?php style_sheet(); ?>
-
-<?php Timer_scripts() ?>
-
-<?php if ( ($page == "index") || ($page == "edit") ) { Time_Stamp_scripts(); } ?>
-
-</head>
-<body>
-
-<?php if ($page == "login"){ echo '<div id="main" class="login_page">'; }
-      else                 { echo '<div id="main" class="container" >'; }
-?>
-
-<div class="header">
-	<a href="<?php echo $ONESCRIPT.'" id="logo">'.$config_title; ?></a>
-	<?php echo $version.' ('.$_['on'].'&nbsp;php&nbsp'.phpversion().')'; ?>
-
-	<div class="nav">
-		<a href="/" target="_blank"><?php show_favicon() ?>&nbsp;
-		<b><?php echo htmlentities($WEBSITE) ?></b></a>
-		<?php if ($page != "login") { ?>
-		| <a href="<?php echo $ONESCRIPT ?>?p=logout"><?php echo $_['Log_Out'] ?></a>
-		<?php } ?>
-	</div><div style="clear:both"></div>
-</div><!-- end header -->
-
-<?php if ( $page != "login"  &&  $page != "hash" ) { Current_Path_Header(); } ?>
-
-<?php message_box() ?>
-
-<?php Load_Selected_Page() ?>
-
-<?php
-//Countdown timer...
-if ( $page != "login" ) { 
-	echo '<hr>';
-	echo Timeout_Timer($MAX_IDLE_TIME, 'timer0', 'timer timeout', 'LOGOUT');
-	echo '<span class="timeout">'.$_['time_out_txt'].' </span>';
-}
-
-//Admin link
-if ( ($page != "login") && ($page != "hash") ){
-	echo '<p><a id="admin" href="'.$ONESCRIPT.$param1.$param2.'&amp;p=hash">'.$_['Admin'].'</a>';
-}
-?>
-
-</div><!-- end container/login_page -->
-</body>
-</html>
diff --git a/onefilecms_lite.php b/onefilecms_lite.php
deleted file mode 100755
index 7d23883..0000000
--- a/onefilecms_lite.php
+++ /dev/null
@@ -1,1876 +0,0 @@
-<?php 
-// OneFileCMS - github.com/Self-Evident/OneFileCMS
-
-$version = '"Lite" 2.2.1';
-
-/*******************************************************************************
-Copyright © 2009-2012 https://github.com/rocktronica
-Copyright © 2012-     https://github.com/Self-Evident  David W. Gay
-
-This software is copyright under terms of the "MIT" license:
-
-Permission is hereby granted, free of charge, to any person obtaining a copy of
-this software and associated documentation files (the "Software"), to deal in
-the Software without restriction, including without limitation the rights to
-use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies
-of the Software, and to permit persons to whom the Software is furnished to do
-so, subject to the following conditions:
-
-The above copyright notice and this permission notice shall be included in all
-copies or substantial portions of the Software.
-
-THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
-IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
-FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
-AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
-LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
-OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
-SOFTWARE.
-*******************************************************************************/
-
-
-
-
-//Some basic security & error log settings
-ini_set('session.use_trans_sid', 0);    //make sure ULR supplied SESSID's are not used
-ini_set('session.use_only_cookies', 1); //Only defaults to 1 (enabled) from 5.3 on
-error_reporting(0); // or (E_ALL &~ E_STRICT) if display and/or log are on.
-ini_set('display_errors', 'off');
-ini_set('log_errors'    , 'off'); //Ok to turn on for trouble-shooting.
-ini_set('error_log'     , $_SERVER['SCRIPT_FILENAME'].'.log');
-//Determine good folder for session file? Default is tmp/, which is not secure.
-//session_save_path($safepath)  or  ini_set('session.save_path', $safepath) 
-
-
-
-
-// CONFIGURABLE INFO ***********************************************************
-$config_title     = "OneFileCMS";
-
-$USERNAME = 'username';
-
-$PASSWORD = 'password'; //If using $HASHWORD, you may leave this value empty.
-$USE_HASH = 0 ; // If = 0, use $PASSWORD. If = 1, use $HASHWORD. 
-$HASHWORD = 'c3e70af96ab1bfc5669280e98b438e1a8c08ca5e0bb3354c05ceaa6f339fd3f6'; //hash for "password"
-$SALT     = 'somerandomsalt';
-
-$MAX_ATTEMPTS  = 3;   //Max failed login attempts before LOGIN_DELAY starts.
-$LOGIN_DELAY   = 10;  //In seconds.
-$MAX_IDLE_TIME = 600; //In seconds. 600 = 10 minutes.  Other PHP settings may limit its max effective value.
-					  //  For instance, 24 minutes is the PHP default for garbage collection.
-$MAX_IMG_W   = 810;  // Max width to display images. (page container = 810)
-$MAX_IMG_H   = 1000; // Max height.  I don't know, it just looks reasonable.
-
-$MAX_EDIT_SIZE = 150000;  // Edit gets flaky with large files in some browsers.  Trial and error your's.
-$MAX_VIEW_SIZE = 1000000; // If file > $MAX_EDIT_SIZE, don't even view in OneFileCMS.
-                          // The default max view size is completely arbitrary. It was 2am and seemed like a good idea at the time.
-$config_favicon   = "/favicon.ico";
-$config_excluded  = ""; //files to exclude from directory listings- CaSe sEnsaTive!
-
-$config_etypes = "html,htm,xhtml,php,css,js,txt,text,cfg,conf,ini,csv,svg"; //Editable file types.
-$config_itypes = "jpg,gif,png,bmp,ico"; //image types to display on edit page.
-
-
-
-$EX = '<b>( ! )</b>'; //EXclaimation point "icon" Used in $message's
-
-$SESSION_NAME = 'OFCMS'; //Also the cookie name. Change if using multiple copies of OneFileCMS.
-// End CONFIGURABLE INFO *******************************************************
-
-
-
-
-//******************************************************************************
-//Some global system values
-
-ini_set('session.gc_maxlifetime', $MAX_IDLE_TIME + 100); //in case the default is less.
-
-//PHP_VERSION_ID is better to use when checking current version as it's an actual number, not a string.
-if (!defined('PHP_VERSION_ID')) {            //PHP_VERSION_ID only available since 5.2.7
-    $phpversion = explode('.', PHP_VERSION); //PHP_VERSION, however, available even in older versions. (but it's a string)
-    define('PHP_VERSION_ID', ($phpversion[0] * 10000 + $phpversion[1] * 100 + $phpversion[2]));
-}
-
-$ONESCRIPT = URLencode_path($_SERVER["SCRIPT_NAME"]);
-$DOC_ROOT  = $_SERVER["DOCUMENT_ROOT"].'/';
-$WEB_ROOT  = URLencode_path(basename($DOC_ROOT)).'/';
-$WEBSITE   = $_SERVER["HTTP_HOST"].'/';
-$LOGIN_ATTEMPTS = $DOC_ROOT.trim($_SERVER["SCRIPT_NAME"],'/').'.invalid_login_attempts';
-
-$valid_pages = array("hash", "login","logout","index","edit","upload","uploaded","newfile","copy","rename","delete","newfolder","renamefolder","deletefolder" );
-
-$INVALID_CHARS = '< > ? * : " | / \\'; //Illegal characters for file/folder names.
-$INVALID_CHARS_array = explode(' ', $INVALID_CHARS); // (Space deliminated)
-
-//Make arrays out of a few $config_variables for actual use later.
-//Also, remove spaces and make lowercase.
-$etypes   = explode(',', strtolower(str_replace(' ', '', $config_etypes))); //editable file types
-$itypes   = explode(',', strtolower(str_replace(' ', '', $config_itypes))); //images types to display
-
-
-$excluded_list = (explode(",", $config_excluded));
-//******************************************************************************
-
-
-
-
-function Session_Startup() {//**************************************************
-	global $USERNAME, $PASSWORD, $USE_HASH, $HASHWORD, $EX, $message , $page, $VALID_POST, $MAX_IDLE_TIME, $SESSION_NAME;
- 
-	$limit    = 0; //0 = session.  
-	$path     = dirname($_SERVER['SCRIPT_NAME']);
-	$domain   = ''; // '' = hostname
-	$https    = false; 
-	$httponly = true;//true = unaccessable via javascript. Some XSS protection.
-	session_set_cookie_params($limit, $path, $domain, $https, $httponly);
-
-	session_name($SESSION_NAME);
-	session_start();
-
-	//Set initial defaults...
-	$page = 'login'; 
-	$VALID_POST = 0;
-	if ( !isset($_SESSION['valid']) ) { $_SESSION['valid'] = 0; }
-
-	//Logging in?
-	if ( isset($_POST["username"]) || isset($_POST["password"]) ) { Login_response(); }
-
-	session_regenerate_id(true); //Helps prevent session fixation & hijacking.
-
-	if ( $_SESSION['valid'] ) { Verify_IDLE_POST_etc(); }
-	
-	$_SESSION['nuonce'] = sha1(mt_rand().microtime()); //provided in <forms> to verify POST
-
-	chdir($_SERVER["DOCUMENT_ROOT"]); //Allow OneFileCMS.php to be started from any dir on the site.
-}//End Session_Startup() *******************************************************
-
-
-
-
-function Verify_IDLE_POST_etc() { //********************************************
-	global $EX, $message, $VALID_POST, $MAX_IDLE_TIME;
-
-	//Verify consistant user agent... (every little bit helps a little bit) 
-	if ( ($_SESSION['USER_AGENT'] != $_SERVER['HTTP_USER_AGENT']) ) { Logout(); }
-
-	//Check idle time
- 	if ( isset($_SESSION['last_active_time']) ) {
-		$idle_time = ( time() - $_SESSION['last_active_time'] );
-		if ( $_SESSION['valid'] && ($idle_time > $MAX_IDLE_TIME) ) {
-			Logout();
-			$message .= 'Session expired. <br>';
-		}
-	}
-
-	$_SESSION['last_active_time'] = time();
-
-	//If POSTing, verify...
-	if ( isset($_POST['nuonce']) ) { 
-		if ( $_POST['nuonce'] == $_SESSION['nuonce'] ) {
-			$VALID_POST = 1;
-		}else{
-			Logout();
-			$message .= $EX.' <b>INVALID POST</b><br>';
-		}
-	}
-}//end Verify_IDLE_POST_etc() //************************************************
-
-
-
-
-function hashit($key){ //*******************************************************
-	//This is the super-secret stuff - Keep it secret, keep it safe!
-	//If you change anything here, or the $SALT, redo the hash for your password.
-	global $SALT;
-	$hash = hash('sha256', trim($key).$SALT); // trim off leading & trailing spaces.
-	for ( $x=0; $x < 1000; $x++ ) { $hash = hash('sha256', $hash.$SALT); }
-	return $hash;
-}//end hashit() ****************************************************************
-
-
-
-
-function undo_magic_quotes(){ //************************************************
-
-	function strip_array($var) {
-		if (is_array($var)) {return array_map("strip_array", $var); }
-		else                {return stripslashes($var); }
-	} //Note: stripslashes also handles cases when magic_quotes_sybase is on.
-
-	if (get_magic_quotes_gpc()) {
-		if (isset($_GET))    { $_GET     = strip_array($_GET);    }
-		if (isset($_POST))   { $_POST    = strip_array($_POST);   }
-		if (isset($_COOKIE)) { $_COOKIE  = strip_array($_COOKIE); }
-	}
-}//end undo_magic_quotes() *****************************************************
-
-
-
-
-function Get_GET() { //*** Get main parameters *********************************
-	// i=some/path/,  f=somefile.xyz,  p=somepage
-	global $ipath, $filename, $page, $valid_pages, $param1, $param2, $param3, $message, $EX;
-
-	undo_magic_quotes();
-
-	if (isset($_GET["i"])) { $ipath = Check_path($_GET["i"]); }else{ $ipath = ""; }
-
-	if (isset($_GET["f"])) {
-		$filename = $ipath.$_GET["f"];
-		if ( !is_file($filename) && $_SESSION['valid'] )//Set $message except for login page.
-			{ $message .= $EX.' <b>File does not exist:</b> '.htmlentities($filename).'<br>'; }
-		if ( !is_file($filename) ) { $filename = ""; $page = "index"; }
-	}else{ $filename = ""; }
-
-	if (isset($_GET["p"])) { $page = $_GET["p"]; } 
-	if (!in_array(strtolower($page), $valid_pages)) { $page = "index"; }
-
-	$param1 = '?i='.URLencode_path($ipath);
-	if ($filename == "") { $param2 = ""; }else{ $param2 = '&amp;f='.rawurlencode(basename($filename)); }
-	if ($page == ""    ) { $param3 = ""; }else{ $param3 = '&amp;p='.$page; }
-}//end Get_GET()****************************************************************
-
-
-
-
-function URLencode_path($path){ // don't encode the forward slashes ************
-	$TS = '';  // Trailing Slash/
-	if (substr($path, -1) == '/' ) { $TS = '/'; } //start with a $TS?
-	$path_array = explode('/',$path);
-	$path = "";
-	foreach ($path_array as $level) { $path .= rawurlencode($level).'/'; }
-	$path = rtrim($path,'/').$TS;  //end with $TS only if started with one
-	return $path;
-}//end URLencode_path($path) ***************************************************
-
-
-
-
-function Check_path($path) { // returns first valid path in some/supplied/path/
-	global $message, $EX;
-	$invalidpath = $path; //used for message if supplied $path doesn't exist.
-	$path = str_replace('\\','/',$path);   //Make sure all forward slashes.
-	$path = trim($path,"/ ."); // trim slashes, dots, and spaces
-
-	//Remove any '.' and '..' parts of the path.  Causes issues in <h2>www / current / path /</h2>
-	$pathparts = explode( '/', $path);
-	$len       = count($pathparts);
-	$path      = "";  //Cleaned path.
-	foreach ($pathparts as $value) { //(More reliable than str_replace(entire_string).)
-		if ( !(($value == '.') && (!value == '..')) ) { $path .= $value.'/'; }
-	}
-
-	$path = trim($path,"/"); // Remove -for now- final trailing slash.
-
-	if (strlen($path) < 1) { return ""; } //If at site root
-	else {
-		if (!is_dir($path) && (strlen($message) < 1))
-			{ $message .= $EX.' <b>Directory does not exist: '.htmlentities($invalidpath).'</b><br>'; }
-
-		while ( (strlen($path) > 0) && (!is_dir($path)) ) {
-			$path = dirname($path);
-		}
-
-		$path = $path.'/';
-		if ($path == './') { $path = ""; } // ./ means path not found, so clear for root.
-	}
-
-	return $path; 
-}//end Check_path() ************************************************************
-
-
-
-
-function is_empty($path){ //****************************************************
-	$empty = false;
-	$dh = opendir($path);
-	for($i = 3; $i; $i--) { $empty = (readdir($dh) === FALSE); }
-	closedir($dh);
-	return $empty;
-}//end is_emtpy() //************************************************************
-
-
-
-
-function ordinalize($destination,$filename, &$msg) { //*************************
-//if file_exists(file.txt), ordinalize filename until it doesn't
-//ie: file.txt.001,  file.txt.002, file.txt.003  etc...
-	global $EX;
-
-	$ordinal   = 0;
-	$savefile = $destination.$filename;
-
-	if (file_exists($savefile)) {
-
-		$msg .= $EX.' A file with that name already exists in the target directory.<br>';
-
-		while (file_exists($savefile)) {
-			$ordinal = sprintf("%03d", ++$ordinal); //  001, 002, 003, etc...
-			$savefile = $destination.$filename.'.'.$ordinal;
-		}
-		$msg .= 'Saving as: "<b>'.htmlentities(basename($savefile)).'</b>"';
-	}
-	return $savefile;
-}//end ordinalize() filename ***************************************************
-
-
-
-
-function Current_Path_Header(){ //**********************************************
- 	// Current path. ie: webroot/current/path/ 
-	// Each level is a link to that level.
-
-	global $ONESCRIPT, $ipath, $WEB_ROOT;
-
-	echo '<h2>';
-		//Root folder of web site.
-		echo '<a id="path_0" href="'.$ONESCRIPT.'" class="path"> '.htmlentities(trim($WEB_ROOT, '/')).'</a>/';
-		$x=0; //need here for focus() in case at webroot.
-
-		if ($ipath != "" ) { //if not at root, show the rest
-			$path_levels  = explode("/",trim($ipath,'/') );
-			$levels = count($path_levels); //If levels=3, indexes = 0, 1, 2  etc... 
-			$current_path = "";
-
-			for ($x=0; $x < $levels; $x++) {
-				$current_path .= $path_levels[$x].'/';
-				echo '<a id="path_'.($x+1).'" href="'.$ONESCRIPT.'?i='.URLencode_path($current_path).'" class="path">';
-				echo htmlentities($path_levels[$x]).'</a>/';
-			}
-		}//end if (not at root)
-	echo '</h2>';
-	echo '<script>document.getElementById("path_'.$x.'").focus();</script>';
-}//end Current_Path_Header() //*************************************************
-
-
-
-
-function message_box() { //*****************************************************
-	global $ONESCRIPT, $param1, $param2, $param3, $message, $page;
-
-	if (isset($message)) {
-?>
-		<div id="message"><p>
-		<span id="Xbox"><!-- [X] to dismiss message box -->
-			<a id="dismiss" href='<?php echo $ONESCRIPT.$param1.$param2.$param3; ?>'
- 			onclick='document.getElementById("message").innerHTML = " ";return false;'>
-			[X]</a>
-		</span>
-		<?php echo $message.PHP_EOL ;?>
-		</p></div>
-		<script>document.getElementById("dismiss").focus();</script>
-<?php
-	}else {
-		echo '<div id="message"></div>'; // Needed on Edit page to keep js feedback from failing
-	} //end isset($message)
-	
-	// Used on Edit Page to preserve vertical spacing, so edit area doesn't jump as much.
-	if ($page == "edit") {echo '<style>#message { min-height: 1.86em; }</style>';}
-}//end message_box()  **********************************************************
-
-
-
-
-function Upload_New_Rename_Delete_Links() { //**********************************
-	global $ONESCRIPT, $ipath, $param1;
-	echo '<p class="front_links">';
-	echo '<a href="'.$ONESCRIPT.$param1.'&amp;p=upload">'   ; echo 'Upload File</a>';
-	echo '<a href="'.$ONESCRIPT.$param1.'&amp;p=newfile">'  ; echo 'New File</a>'   ;
-	echo '<a href="'.$ONESCRIPT.$param1.'&amp;p=newfolder">'; echo 'New Folder</a>' ;
-	if ($ipath !== "") { //if at root, don't show Rename & Delete links
-		echo '<a href="'.$ONESCRIPT.$param1.'&amp;p=renamefolder">'; echo 'Rename/Move Folder</a>';
-		echo '<a href="'.$ONESCRIPT.$param1.'&amp;p=deletefolder">'; echo 'Delete Folder</a>';
-	}
-	echo '</p>';
-}//end Upload_New_Rename_Delete_Links()  ***************************************
-
-
-
-
-function Cancel_Submit_Buttons($submit_label, $focus) { //**********************
-	//$submit_label = Rename, Copy, Delete, etc...
-	//$focus is ID of element to receive focus(). (element may be outside this function)
-	global $ONESCRIPT, $ipath, $param1, $param2, $filename, $page;
-
-	// [Cancel] returns to either the index, or edit page.
-	if ($filename == "") {$params = "";}else{ $params = $param2.'&amp;p=edit'; }
-?>
-	<p> 
-	<input type="button" class="button" id="cancel" name="cancel" value="Cancel"
-		onclick="parent.location = '<?php echo $ONESCRIPT.$param1.$params ?>'">
-	<input type="submit" class="button" value="<?php echo $submit_label;?>" style="margin-left: 1.3em;">
-<?php 
-	if ($focus != ""){ echo '<script>document.getElementById("'.$focus.'").focus();</script>'; }
-	//Do not close the <p> tag yet/here. Need to leave it open for edit btn on hash page.
-}// End Cancel_Submit_Buttons() //**********************************************
-
-
-
-
-function show_image(){ //*******************************************************
-	global $filename, $MAX_IMG_W, $MAX_IMG_H;
-	
-	$IMG = $filename;
-	$img_info = getimagesize($IMG);
-
-	$W=0; $H=1;
-	$SCALE = 1; $TOOWIDE = 0; $TOOHIGH = 0;
-	if ($img_info[$W] > $MAX_IMG_W) { $TOOWIDE = ( $MAX_IMG_W/$img_info[$W] );}
-	if ($img_info[$H] > $MAX_IMG_H) { $TOOHIGH = ( $MAX_IMG_H/$img_info[$H] );}
-	
-	if ($TOOHIGH || $TOOWIDE) {
-		if     (!$TOOWIDE)           {$SCALE = $TOOHIGH;}
-		elseif (!$TOOHIGH)           {$SCALE = $TOOWIDE;}
-		elseif ($TOOHIGH > $TOOWIDE) {$SCALE = $TOOWIDE;} //ex:if (.90 > .50)
-		else                         {$SCALE = $TOOHIGH;}
-	}
-
-	echo '<p Xclass="file_meta">';
-	echo 'Image shown at ~'. round($SCALE*100) .'% of full size (W x H = '.$img_info[0].' x '.$img_info[1].').</p>';
-	echo '<div style="clear:both;"></div>'.PHP_EOL;
-	echo '<a href="/' .URLencode_path($IMG). '" target="_blank">'.PHP_EOL;
-	echo '<img src="/'.URLencode_path($IMG).'"  height="'.$img_info[$H]*$SCALE.'"></a>'.PHP_EOL;
-}// end show_image() ***********************************************************
-
-
-
-
-function show_favicon(){ //*****************************************************
-	global $config_favicon, $DOC_ROOT;
-	if (file_exists($DOC_ROOT.$config_favicon)) { 
-		echo '<img src="'.URLencode_path($config_favicon).'" alt="">'; 
-	}
-}// end show_favicon() *********************************************************
-
-
-
-
-function Timeout_Timer($COUNT, $ID, $CLASS, $ACTION) { //************************
-
-	return 	'<script>'.
-			'Start_Countdown('.$COUNT.', "'.$ID.'", "'.$CLASS.'", "'.$ACTION.'");'.
-			'</script>';
-
-} //end Timeout_Timer() **************************************************
-
-
-
-
-function Init_Macros(){ //*** ($varibale="some reusable chunk of code")*********
-
-global 	$ONESCRIPT, $param1, $param2, $INPUT_NUONCE, $FORM_COMMON;
-
-
-$INPUT_NUONCE = '<input type="hidden" name="nuonce" value="'.$_SESSION['nuonce'].'">'.PHP_EOL;
-$FORM_COMMON = '<form method="post" action="'.$ONESCRIPT.$param1.$param2.'">'.$INPUT_NUONCE;
-
-}//end Init_Macros() ***********************************************************
-
-
-
-
-function Hash_Page() { //******************************************************
-	global $DOC_ROOT, $ONESCRIPT, $param1, $param2, $message, $INPUT_NUONCE, $config_title;
-	$params = '?i='.dirname($ONESCRIPT).'&amp;f='.basename($ONESCRIPT).'&amp;p=edit';
-?>
-	<style>#message {font-family: courier; min-height: 3.1em;}
-	li {margin-left: 2em}</style>
-
-	<h2>Generate a Password Hash</h2>
-	
-	<form id="hash" name="hash" method="post" action="<?php echo $ONESCRIPT.$param1.'&amp;p=hash'; ?>">
-		<?php echo $INPUT_NUONCE; ?>
-		Password to hash:
-		<input type="text" name="whattohash" id="whattohash" value="<?php echo htmlspecialchars($_POST["whattohash"]) ?>">
-		<?php Cancel_Submit_Buttons('Generate hash', 'whattohash') ?>
- 		<a class="button edit_onefile" href="<?php echo $ONESCRIPT.$params; ?>" >Edit &nbsp;<?php echo $config_title ?></a>
-	</form>
-
-	<div class="info">
- 	<p>There are two ways to change your OneFileCMS password:<br>
-	<p>
-	1) Simply use the $PASSWORD config variable to store your desired password, and set $USE_HASH = 0 (zero).<br>
-	2) Or, use $HASHWORD to store the hash of your password, and set $USE_HASH = 1.<br>
-
-	<p>Keep in mind that due to a number of widely varied considerations, this is largely an academic excersize. 
-	That is, take the idea that this adds much of an improvement to security with a grain of cryptographic salt.
-	However, it does eleminate the storage of your password in plain text, which is always a good thing.*
-
-	<p>Anyway, to use the $HASHWORD password option:
-	<ol><li>Type your desired password in the input field above and hit Enter.<br>
-			The hash will be displayed in a yellow message box above that.
-		<li>Copy and paste the new hash to the $HASHWORD variable in the config section.<br>
-			'Make sure the hash ends up in quotes.'<br>
-			Make sure to copy ALL of, and ONLY, the hash (no spaces etc). A double-click should select it...
-		<li>Make sure $USE_HASH is set to 1 (or true).
-		<li>When ready, logout and login.
-	</ol>
-	<p>You can use OneFileCMS to edit itself.  However, be sure to have a backup ready for the inevitable ytpo...
-	<p>
-	*For another small improvement to security, change the default salt and/or method used by OneFileCMS to hash the password (and keep 'em secret, of course).  Remever, every little bit helps...<br>
-	PS: Everything I know about security - you just read...
-	</div>
-<?php 
-} //end Hash_Page() ************************************************************
-
-
-
-
-function Hash_response() { //***************************************************
-	global $SALT, $message;
-	$_POST['whattohash'] = trim($_POST['whattohash']); // trim leading & trailing spaces.
-	$message .= 'Password: '.$_POST['whattohash'].'<br>';
-	$message .= 'Hash &nbsp; &nbsp;: '.hashit($_POST["whattohash"]);
-} //end Hash_response() ********************************************************
-
-
-
-
-function Logout() { //**********************************************************
-	global $page;
-	session_regenerate_id(true);
-	session_unset();
-	session_destroy();
-	session_write_close();
-	unset($_GET);
-	unset($_POST);
-	$_SESSION['valid'] = 0;
-	$page = 'login';
-}//end Logout() ****************************************************************
-
-
-
-
-function Login_Page() { //******************************************************
-	global $ONESCRIPT, $message;
-?>
-	<h2>Log In</h2>
-	<form method="post" action="<?php echo $ONESCRIPT; ?>">
-		<p>
-			<label for="username">Username:</label>
-			<input type="text" name="username" id="username" class="login_input" >
-		</p>
-		<p>
-			<label for="password">Password:</label>
-			<input type="password" name="password" id="password" class="login_input">
-		</p>
-			
-		<p><input type="submit" class="button" value="Enter"></p>
-	</form>
-	<script>document.getElementById('username').focus();</script>
-<?php 
-} //end Login_Page() ***********************************************************
-
-
-
-
-function Login_response() { //**************************************************
-	global $USERNAME, $PASSWORD, $USE_HASH, $HASHWORD, $MAX_ATTEMPTS, $LOGIN_DELAY, 
-		   $EX, $message, $page, $LOGIN_ATTEMPTS;
-
-	$_SESSION = array();    //make sure it's empty
-	$_SESSION['valid'] = 0; //Default to failed login.
-
-	if (!is_file($LOGIN_ATTEMPTS)) { file_put_contents($LOGIN_ATTEMPTS, 0); }
-	$attempts = (int)file_get_contents($LOGIN_ATTEMPTS); //Don't increment yet...
-	$elapsed  = time() - filemtime($LOGIN_ATTEMPTS);
-
-	if ($attempts > 0) { $message .= '<b>There have been '.$attempts.' invalid login attempts.</b><br>';}
-	if ( ($attempts >= $MAX_ATTEMPTS) && ($elapsed < $LOGIN_DELAY) ){
-		$message .= 'Please wait '.Timeout_Timer(($LOGIN_DELAY - $elapsed), 'timer0', '', '').' seconds to try again. ';
-		return;
-	}
-
-	//Validate password
-	if ($USE_HASH) { $VALID_PASSWORD = (hashit($_POST['password']) == $HASHWORD); }
-	else           { $VALID_PASSWORD = (       $_POST['password']  == $PASSWORD); }
-
-	//validate login.  Ignore attempt if username & password are blank. 
-	if ( ($_POST['password'] == "") && ($_POST['username'] == "") )  { return;
-	}elseif ( $VALID_PASSWORD && ($_POST['username'] == $USERNAME) ) {
-		session_regenerate_id(true);
-		$_SESSION['USER_AGENT'] = $_SERVER['HTTP_USER_AGENT']; //for user consistancy check.
-		$_SESSION['valid'] = 1;
-		$page = "index";
-		unlink($LOGIN_ATTEMPTS); //delete invalid attempt count file
-	}else{
-		file_put_contents($LOGIN_ATTEMPTS, ++$attempts); //increment & save attempt
-		$message  = $EX.' <b>INVALID LOGIN ATTEMPT #'.$attempts.'</b><br>';
-		if ($attempts >= $MAX_ATTEMPTS) {
-			$message .= 'Please wait '.Timeout_Timer($LOGIN_DELAY, 'timer0', '', '').' seconds to try again. ';
-		}
-	}
-}//end Login_response() //******************************************************
-
-
-
-
-function List_Files() { // ...in a vertical table ******************************
-//called from Index Page
-
-	global $ONESCRIPT, $ipath, $param1, $ftypes, $fclasses, $excluded_list;
-
-	$files = scandir('./'.$ipath);
-	natcasesort($files);
-
-	echo '<table class="index_T">';
-	foreach ($files as $file) {
-		
-		$excluded = FALSE;
-		if (in_array(basename($file), $excluded_list)) { $excluded = TRUE; };
-		
-		if (!is_dir($ipath.$file) && !$excluded) {
-
-
-
-
-?>
-			<tr>
-				<td>
-					<?php echo '<a href="'.$ONESCRIPT.$param1.'&amp;f='.rawurlencode($file).'&amp;p=edit" >'; ?>
-					<?php echo  htmlentities($file), '</a>'; ?>
-				</td>
-				<td class="meta_T meta_size">&nbsp;
-					<?php echo number_format(filesize($ipath.$file)); ?> B
-				</td>
-				<td class="meta_T meta_time"> &nbsp;
-					<script>FileTimeStamp(<?php echo filemtime($ipath.$file); ?>, 1, 0);</script>
-				</td>
-			</tr>
-<?php 
-		}//end if !is_dir...
-	}//end foreach file
-	echo '</table>';
-}//end List_Files() ************************************************************
-
-
-
-
-function Index_Page(){ //*******************************************************
-	global $ONESCRIPT, $ipath;
-
-	//<!--==== List folders/sub-directores ====-->
-	echo '<p class="index_folders">';
-		$folders = glob($ipath."*",GLOB_ONLYDIR);
-		natcasesort($folders);
-		foreach ($folders as $folder) {
-			echo '<a href="'.$ONESCRIPT.'?i='.URLencode_path($folder).'/">'.PHP_EOL;
-
-			echo htmlentities(basename($folder)).' /</a>';
-		}
-	echo '</p>';
-
-	Upload_New_Rename_Delete_Links();
-
-	List_Files();
-
-	Upload_New_Rename_Delete_Links();
-
-}//end Index_Page()*************************************************************
-
-
-
-
-function Edit_Page_Buttons($text_editable, $too_large_to_edit) { //*************
-	global $ONESCRIPT, $param1, $param2, $MAX_IDLE_TIME;
-	$Button = '<input type="button" class="button" value=';
-	$ACTION = 'onclick="parent.location = \''.$ONESCRIPT.$param1.$param2.'&amp;p=';
-?>
-	<p class="buttons_right">
-	<?php if ($text_editable && !$too_large_to_edit) { //Show save & reset only if editable file ?> 
-		<?php echo Timeout_Timer($MAX_IDLE_TIME, 'timer1','timer xtra', 'LOGOUT'); ?>
-		<input type="submit" class="button" value="Save"                  onclick="submitted = true;" id="save_file">
-		<input type="button" class="button" value="Reset - loose changes" onclick="Reset_File()"      id="reset">
-		<script>
-			//Set disabled here instead of via input attribute in case js is disabled.
-			//If js is disabled, user would be unable to save changes.
-			document.getElementById('save_file').disabled = "disabled";
-			document.getElementById('reset').disabled     = "disabled";
-		</script>
-	<?php } ?>
-	<?php echo $Button.'"Rename/Move" '.$ACTION ?>rename'">
-	<?php echo $Button.'"Copy"        '.$ACTION ?>copy'"  >
-	<?php echo $Button.'"Delete"      '.$ACTION ?>delete'">
-	<?php echo $Button.'"Close"       ' ?>onclick="parent.location = '<?php echo $ONESCRIPT.$param1 ?>'">
-	</p>
-<?php
-}//end Edit_Page_Buttons()******************************************************
-
-
-
-
-//******************************************************************************
-function Edit_Page_form($ext, $text_editable, $too_large_to_edit, $too_large_to_edit_message){ 
-	global $ONESCRIPT, $param1, $param2, $param3, $filename, $itypes, $INPUT_NUONCE, $EX, $message, $MAX_IDLE_TIME;
-?>
-	<form id="edit_form" name="edit_form" method="post" action="<?php echo $ONESCRIPT.$param1.$param2.$param3 ?>">
-		<?php echo $INPUT_NUONCE; ?>
-<?php
-		if ( !in_array( strtolower($ext), $itypes) ) { //If non-image, show textarea
-
-			if (!$text_editable) { // If non-text file, disable textarea
-				echo '<p class="edit_disabled">Non-text or unkown file type. Edit disabled.<br><br></p>';
-
-			}elseif ( $too_large_to_edit ) {
- 				echo '<p class="edit_disabled">'.$too_large_to_edit_message.'</p>';
-
-			}else{
-				if (PHP_VERSION_ID  < 50400) {  // 5.4.0
-					$filecontent = htmlspecialchars(file_get_contents($filename));
-				}else{
-					$filecontent = htmlspecialchars(file_get_contents($filename),ENT_SUBSTITUTE);
-				}
-				$bad_chars = ($filecontent == "" && filesize($filename) > 0);
-
-				if ($bad_chars){ //did specialchars return an empty string?
-					echo '<pre class="edit_disabled">'.$EX.' File contains an invalid character. Edit and view disabled.<br>';
-					echo ' htmlspecialchars() returned and empty string from what <i>may be</i> an otherwise valid file.<br>';
-					echo ' This behavior can be inconsistant from version to version of php.<br></pre>';
-				}else{
-					echo '<input type="hidden" name="filename" id="filename" value="'.htmlspecialchars($filename).'">';
-					echo '<textarea id="file_content" name="content" cols="70" rows="25"
-						onkeyup="Check_for_changes(event);">'.$filecontent.'</textarea>'.PHP_EOL;
-				}
-			} //end if !editable /else...
-		} //end if non-image, show textarea
-
-		Edit_Page_Buttons($text_editable, $too_large_to_edit);
-
-		if ($text_editable && !$too_large_to_edit && !$bad_chars) {
-			Edit_Page_scripts();
-			$SEC = $MAX_IDLE_TIME;
-			$HRS = floor($SEC/3600);
-			$SEC = fmod($SEC,3600);
-			$MIN = floor($SEC/60);   if ($MIN < 10) { $MIN = "0".$MIN; };
-			$SEC = fmod($SEC,60);    if ($SEC < 10) { $SEC = "0".$SEC; };
-			$HRS_MIN_SEC = $HRS.':'.$MIN.':'.$SEC;
-?>
-			<div id="edit_notes">NOTES:<ol>
-			<li><b>Remember- your $MAX_IDLE_TIME is <?php echo $HRS_MIN_SEC ?>.
-			So save changes before the clock runs out, or the changes will be lost!</b><br>
-
-			<?php //The following line is just a static time stamp of when the idle time runs out. ?>
-			<?php //echo '<b class="xtra">&nbsp;<script>FileTimeStamp('.(time()+$MAX_IDLE_TIME).', 0, 0)</script>  </b>,'?>
-
-			<li>On some browsers, such as Chrome, if you click the browser [Back] then browser [Forward] (or vice versa), the file state may not be accurate.  To correct, click the browser's [Reload].
-			<li>Chrome's XSS filters may disable some javascript in a page if the page even <i>appears</i> to contain inline javascript in certain contexts.  This can affect some features of the OneFileCMS edit page when editing files that legitimately contain such code, such as OneFileCMS itself.  However, such files can still be edited and saved with OneFileCMS.  The primary function lost is the incidental change of background colors (red/green) indicating whether or not the file has unsaved changes.  The issue will be noticed after the first save of such a file.
-			</div>
-		<?php } ?>
-	</form> 
-<?php 
-}//end Edit_Page_form() ********************************************************
-
-
-
-
-function Edit_Page() { //*******************************************************
-	global $ONESCRIPT, $param1, $filename, $filecontent, $etypes, $itypes, $MAX_EDIT_SIZE, $MAX_VIEW_SIZE;
-	clearstatcache ();
-
-	//Determine if text editable file type
-	$ext = end( explode(".", strtolower($filename) ) );
-	if (in_array($ext, $etypes)) { $text_editable = TRUE;  }
-	else                         { $text_editable = FALSE; }
-	
-	$too_large_to_edit = (filesize($filename) > $MAX_EDIT_SIZE);
-	$too_large_to_view = (filesize($filename) > $MAX_VIEW_SIZE);
-	
-	if ($too_large_to_edit){$header2 = "Viewing: ";}
-	else                   {$header2 = "Editing: ";}
-
-	$too_large_to_edit_message = 
-'<b>Edit disabled. Filesize &gt; '.number_format($MAX_EDIT_SIZE).' bytes.</b><br>
-Some browsers (ie: IE) bog down or become unstable while editing a large file in an HTML &lt;textarea&gt;.<br>
-Adjust $MAX_EDIT_SIZE in the configuration section of OneFileCMS as needed.<br>
-A simple trial and error test can determine a practical limit for a given browser/computer.';
-	$too_large_to_view_message = 
-'<b>View disabled. Filesize &gt; '.number_format($MAX_VIEW_SIZE).' bytes.</b><br>
-Click the the file name above to view normally in a browser window.<br>
-Adjust $MAX_VIEW_SIZE in the configuration section of OneFileCMS as needed.<br>
-(The default value for $MAX_VIEW_SIZE is completely arbitrary, and may be adjusted as desired to suit individual perceptions of neccessity.)';
-
-	echo '<h2 id="edit_header">'.$header2;
-	echo '<a class="filename" href="/'.URLencode_path($filename).'" target="_blank">'.htmlentities(basename($filename)).'</a>';
-	echo '</h2>'.PHP_EOL;
-?>
-	<p class="file_meta">
-	<span class="meta_size">Filesize: <?php echo number_format(filesize($filename)); ?> bytes</span> &nbsp; 
-	<span class="meta_time">Updated: <script>FileTimeStamp(<?php echo filemtime($filename); ?>, 1, 1);</script></span><br>
-	</p>
-
-	<input type="button" id="close1" class="button" value="Close" onclick="parent.location = '<?php echo $ONESCRIPT.$param1 ?>'">
-	<script>document.getElementById('close1').focus();</script>
-	<div style="clear:both;"></div>
-<?php
-	Edit_Page_form($ext, $text_editable, $too_large_to_edit, $too_large_to_edit_message);
-
-	if ( in_array( $ext, $itypes) ) { show_image(); }
-
-	echo '<div style="clear:both;"></div>';
-
-	if ( $text_editable && $too_large_to_edit && !$too_large_to_view ) {
-		$filecontent = htmlspecialchars(file_get_contents($filename), ENT_COMPAT,'UTF-8');
-		echo '<pre class="edit_disabled view_file">'.$filecontent.'</pre>';
-	}elseif ( $text_editable && $too_large_to_view ){
-		echo '<p class="edit_disabled">'.$too_large_to_view_message.'</p>';
-	}
-
-}//End Edit_Page ***************************************************************
-
-
-
-
-function Edit_response(){ //***If on Edit page, and [Save] clicked *************
-	global $filename, $message, $EX;
-	$filename = $_POST["filename"];
-	$content  = $_POST["content"];
-
-	$bytes = file_put_contents($filename, $content);
-
-	if ($bytes !== false) {
-		$message .= '<b>File saved: '.$bytes.' bytes written.</b>';
-	}else{
-		$message .= $EX.' <b>There was an error saving file.</b>';
-	}
-}//end Edit_response() *********************************************************
-
-
-
-
-function Upload_Page() { //*****************************************************
-	global $ONESCRIPT, $ipath, $param1, $INPUT_NUONCE;
-
-	//Determine $MAX_FILE_SIZE to upload
-	$upload_max_filesize = ini_get('upload_max_filesize'); //This should be < post_max_size,
-	$post_max_size       = ini_get('post_max_size');       //but, just in case, check both...
-
-	function shorthand_to_int($SHORTHAND){ //*******************
-		$KMG = strtoupper(substr($SHORTHAND, -1));
-		if     ($KMG == "K") { return $SHORTHAND * 1024; }
-		elseif ($KMG == "M") { return $SHORTHAND * 1048576; }
-		elseif ($KMG == "G") { return $SHORTHAND * 1073741824; }
-		else                 { return $SHORTHAND; }
-	}//end function shorthand_to_int() *************************
-
-	$UMF = shorthand_to_int($upload_max_filesize);
-	$PMS = shorthand_to_int($post_max_size);
-
-	if ($UMF <= $PMS){ $MAX_FILE_SIZE = $UMF; $max_msg = $upload_max_filesize.' &nbsp; per upload_max_filesize in php.ini.'; }
-	else             { $MAX_FILE_SIZE = $PMS; $max_msg = $post_max_size.' &nbsp; per post_max_size in php.ini'; }
-?>
-	<h2>Upload File</h2>
-	<p>Note: Maximum upload file size is: <?php echo $max_msg; ?></p>
-	<form enctype="multipart/form-data" action="<?php echo $ONESCRIPT.$param1; ?>&amp;p=uploaded" method="post">
-		<?php echo $INPUT_NUONCE; ?>
-		<input type="hidden" name="MAX_FILE_SIZE" value="<?php echo $MAX_FILE_SIZE ?>"> 
-		<input type="hidden" name="upload_destination" value="<?php echo htmlspecialchars($ipath); ?>" >
-		<input type="file"   name="upload_file" id="upload_file" size="100">
-		<?php Cancel_Submit_Buttons("Upload","cancel"); ?>
-	</form>
-<?php 
-} //end Upload_Page() **********************************************************
-
-
-
-
-function Upload_response() { //*************************************************
-	global $filename, $message, $EX, $page;
-	$filename    = $_FILES['upload_file']['name'];
-	$destination = Check_path($_POST["upload_destination"]);
-	$page  = "index";
-	$MAXUP1 = ini_get('upload_max_filesize');
-	$MAXUP2 = number_format ($_POST['MAX_FILE_SIZE']).' bytes';
-	$ERROR = $_FILES['upload_file']['error'];
-
-	if     ( $ERROR == 1 ){ $ERRMSG = 'Error 1: File too large.  upload_max_filesize = '.$MAXUP1.' (From php.ini)';}
-	elseif ( $ERROR == 2 ){ $ERRMSG = 'Error 2: File too large.  $MAX_FILE_SIZE = '.$MAXUP2.' (From OneFileCMS)';}
-	elseif ( $ERROR == 3 ){ $ERRMSG = 'Error 3: The uploaded file was only partially uploaded.'; }
-	elseif ( $ERROR == 4 ){ $ERRMSG = 'Error 4: No file was uploaded. '; }
-	elseif ( $ERROR == 5 ){ $ERRMSG = 'Error 5. '; }
-	elseif ( $ERROR == 6 ){ $ERRMSG = 'Error 6: Missing a temporary folder.'; }
-	elseif ( $ERROR == 7 ){ $ERRMSG = 'Error 7: Failed to write file to disk.'; }
-	elseif ( $ERROR == 8 ){ $ERRMSG = 'Error 8: A PHP extension stopped the file upload.'; }
-	else                  { $ERRMSG = ''; }
-
-	if (($filename == "")){ 
-		$message .= $EX.' <b>No file selected for upload... </b>';
-	}elseif (($destination != "") && !is_dir($destination)) {
-		$message .= $EX.' Destination folder does not exist: <br><b>';
-		$message .= htmlentities($WEB_ROOT.$destination).'</b><br><b>Upload cancelled.</b>';
-	}else{
-		$message .= 'Uploading: "<b>'.htmlentities($filename).'</b>"...';
-		$savefile = ordinalize($destination, $filename, $savefile_msg);
-		if(move_uploaded_file($_FILES['upload_file']['tmp_name'], $savefile)) {
-			$message .= '<br>Upload successful! '.$savefile_msg;
-		} else{
-			$message .= '<br>'.$EX.' <b> Upload failed: </b>'.$ERRMSG.'';
-		}
-	}
-}//end Upload_response() *******************************************************
-
-
-
-
-function New_File_Page() { //***************************************************
-	global $FORM_COMMON, $INVALID_CHARS;
-?>
-	<h2>New File</h2>
-	<?php echo $FORM_COMMON ?>
-		<p>File will be created in the current folder. &nbsp;
-		Some invalid characters are: <span class="mono"><?php echo htmlentities($INVALID_CHARS) ?></span></p>
-		<input type="text" name="new_file" id="new_file" value="">
-		<?php Cancel_Submit_Buttons("Create","new_file"); ?>
-	</form>
-<?php 
-}//end New_File_Page()**********************************************************
-
-
-
-
-function New_File_response() { //***********************************************
-	global $ipath, $param2, $param3, $filename, $page, $message, $EX, $INVALID_CHARS, $INVALID_CHARS_array;
-
-	$new_name = trim($_POST["new_file"],'/ '); //Trim spaces and slashes.
-	$filename = $ipath.$new_name;
-	$page = "index"; // return to index if new file fails
-	
-	$invalid = false;
-	foreach ($INVALID_CHARS_array as $bad_char) {
-		if (strpos($new_name, $bad_char) !== false) { $invalid = true; }
-	}
-
-	if ($invalid){
-		$message .= $EX.' <b>New file not created:</b> '.htmlentities($new_name).'<br>'.
-			'<b> &nbsp; &nbsp; &nbsp; Name contains invalid character(s): '.
-			'<span class="mono">'.htmlentities($INVALID_CHARS).'</span></b>';
-	}elseif ($new_name == ""){ 
-		$message .= $EX.' <b>New file not created -</b> no name given';
-	}elseif (file_exists($filename)) {
-		$message .= $EX.' <b>File already exists: ';
-		$message .= htmlentities($new_name).'</b>';
-	}elseif ($handle = fopen($filename, 'w')) {
-		fclose($handle);
-		$message .= '<b>Created file:</b> '.htmlentities($new_name);
-		$page     = "edit";
-		$param2   = '&amp;f='.rawurlencode(basename($filename));// for Edit_Page() buttons
-		$param3   = '&amp;p=edit';                              // for Edit_Page() buttons 
-	}else{
-		$message .= $EX.' <b>Error - new file not created:<br>';
-		$message .= htmlentities($new_name);
-	}
-}//end New_File_response() *****************************************************
-
-
-
-
-function Copy_Ren_Move_Page($action, $title, $name_id, $isfile) { //************
-	//$action = 'Copy' or 'Rename'. $isfile = 1 if acting on a file, not a folder
-	global $WEB_ROOT, $ipath, $filename, $FORM_COMMON;
-	if ($isfile) { $old_name = $filename; }else{ $old_name = $ipath; }
-	if ($isfile) { $new_name = $filename; }else{ $new_name = $ipath; }
-	if ($action == "Copy" ) { $new_name = ordinalize($ipath, basename($filename), $msg); }
-?>
-	<h2><?php echo $action.' '.$title ?></h2>
-	<p>To move a file or folder, change the path/to/folder/or_file. The new location must already exist.</p>
-	<?php echo $FORM_COMMON ?>
-		<p>
-			<label>Old name:</label>
-			<span class="web_root"><?php echo htmlentities($WEB_ROOT); ?></span><input type="text" 
-				name="old_name" value="<?php echo htmlspecialchars($old_name); ?>" readonly="readonly">
-		</p>
-		<p>
-			<label>New name:</label>
-			<span class="web_root"><?php echo htmlentities($WEB_ROOT); ?></span><input type="text" 
-				name="<?php echo $name_id ?>" id="<?php echo $name_id ?>" 
-				value="<?php echo htmlspecialchars($new_name); ?>">
-		</p>
-		<?php Cancel_Submit_Buttons($action, $name_id); ?>
-	</form>
-<?php 
-} //end Copy_Ren_Move_Page() ***************************************************
-
-
-
-
-//******************************************************************************
-function Copy_Ren_Move_response($old_name, $new_name, $action, $msg1, $msg2, $isfile){
-	//$action = 'copy' or 'rename'. $isfile = 1 if acting on a file, not a folder
-	global $WEB_ROOT, $ipath, $param1, $param2, $message, $EX, $page, $filename;
-
-	$old_name = trim($old_name,'/ ');
-	$new_name = trim($new_name,'/ ');
-	$new_location = dirname($new_name);
-	$filename = $old_name; //default if error
-	if ($isfile) { $page = "edit"; }else{ $page = "index"; }
-	
-	if ( !is_dir($new_location) ){
-		$message .= $EX.' <b>'.$msg1.' Error - new parent location does not exist:</b><br>';
-		$message .= htmlentities($WEB_ROOT.$new_location).'/<br>';
-	}elseif ( !file_exists($filename) ){
-		$message .= $EX.' <b>'.$msg1.' Error - source file does not exist:</b><br>';
-		$message .= htmlentities($filename);
-	}elseif (file_exists($new_name)) {
-		$message .= $EX.' <b>'.$msg1.' Error - target filename already exists:<br>';
-		$message .= htmlentities($WEB_ROOT.$new_name).'</b>';
-	}elseif ($action($old_name, $new_name)) {
-		$message .= '<b>'.htmlentities($WEB_ROOT.$old_name).'</b><br>';
-		$message .= ' --- '.$msg2.' to ---<br>';
-		$message .= '<b>'.htmlentities($WEB_ROOT.$new_name).'</b>';
-		$filename = $new_name; //so edit page knows what to edit
-		if ($isfile) { $ipath = Check_path(dirname($filename)); } //if changed,
-		else         { $ipath = Check_path($filename); }          //return to new dir.
-		$param1   = '?i='.URLencode_path($ipath);
-		$param2   = '&amp;f='.rawurlencode(basename($filename));
-		$param3   = '&amp;p=edit';
-	}else{
-		$message .= '<b>'.htmlentities($WEB_ROOT.$old_name).'</b><br>';
-		$message .= $EX.' <b>Error during '.$msg1.' from the above to the following:</b><br>';
-		$message .= '<b>'.htmlentities($WEB_ROOT.$new_name).'</b>';
-	}
-}//end Copy_Ren_Move_response() ************************************************
-
-
-
-
-function Delete_File_Page() { //************************************************
-	global $filename, $FORM_COMMON;
-?>
-	<h2>Delete File</h2>
-	<?php echo $FORM_COMMON ?>
-		<input type="hidden" name="delete_file" value="<?php echo htmlspecialchars($filename); ?>" >
-		<span class="verify"><?php echo htmlentities(basename($filename)); ?></span>
-		<p><b>Are you sure?</b></p>
-		<?php Cancel_Submit_Buttons("DELETE", "cancel"); ?>
-	</form>
-<?php 
-} //end Delete_File_Page() *****************************************************
-
-
-
-
-function Delete_File_response(){ //*********************************************
-	global $filename, $message, $EX, $page;
-
-	$page = "index"; //Return to index
-	$filename = $_POST["delete_file"];
-
-	if (unlink($filename)) {
-		$message .= '<b>Deleted file:</b> '.htmlentities(basename($filename));
-	}else{
-		$message .= $EX.' <b>Error deleting "'.htmlentities($filename).'"</b>.';
-		$page = "edit";
-	}
-}//end Delete_File_response() **************************************************
-
-
-
-
-function New_Folder_Page() { //*************************************************
-	global $FORM_COMMON, $INVALID_CHARS;
-?>
-	<h2>New Folder</h2>
-	<?php echo $FORM_COMMON ?>
-		<p>Folder will be created in the current folder. &nbsp;
-		Some invalid characters are: <span class="mono"><?php echo htmlentities($INVALID_CHARS) ?></span></p>
-		<input type="text" name="new_folder" id="new_folder" value="">
-		<?php Cancel_Submit_Buttons("Create","new_folder"); ?>
-	</form>
-<?php 
-} //end New_Folder_Page() ******************************************************
-
-
-
-
-function New_Folder_response(){ //**********************************************
-	global $ipath, $param1, $page, $message, $EX, $INVALID_CHARS, $INVALID_CHARS_array;
-
-	$new_name = trim($_POST["new_folder"],'/ '); //Trim spaces, and make sure only has a single trailing slash.
-
-	$invalid = false;
-	foreach ($INVALID_CHARS_array as $bad_char) {
-		if (strpos($new_name, $bad_char) !== false) { $invalid = true; }
-	}
-	$page = "index"; //Return to index
-
-	$new_ipath = $ipath.$new_name.'/';
-
-	if ($invalid){
-		$message .= $EX.' <b>New folder not created:</b> '.htmlentities($new_name).'<br>'.
-			'<b> &nbsp; &nbsp; &nbsp; Name contains invalid character(s): '.
-			'<span class="mono">'.htmlentities($INVALID_CHARS).'</span></b>';
-	}elseif ($new_name == ""){ 
-		$message .= $EX.' <b>New folder not created - no name given.</b>';
-	}elseif (is_dir($new_ipath)) {
-		$message .= $EX.' <b>Folder already exists: ';
-		$message .= htmlentities($new_ipath).'</b>';
-	}elseif (mkdir($new_ipath)) {
-
-		$message .= '<b>Created folder:</b> '.htmlentities($new_name);
-		$ipath    = $new_ipath;  //return to new folder
-		$param1   = '?i='.URLencode_path($ipath);
-	}else{
-		$message .= $EX.' <b>Error - new folder not created: </b><br>';
-		$message .= htmlentities($new_name);
-	}
-}//end New_Folder_response *****************************************************
-
-
-
-
-function Delete_Folder_Page(){ //***********************************************
-	global $WEB_ROOT, $ipath, $FORM_COMMON;
-?>
-	<h2>Delete Folder</h2>
-	<?php echo $FORM_COMMON ?>
-		<input type="hidden" name="delete_folder" value="<?php echo htmlspecialchars($ipath); ?>" >
-		<span class="web_root"><?php echo htmlentities($WEB_ROOT.Check_path(dirname($ipath))); ?></span><span 
-		class="verify"><?php echo htmlentities(basename($ipath)); ?></span> /
-		<p><b>Are you sure?</b></p>
-		<?php Cancel_Submit_Buttons("DELETE", "cancel"); ?>
-	</form>
-<?php 
-} //end Delete_Folder_Page() //*************************************************
-
-
-
-
-function Delete_Folder_response() { //******************************************
-	global $ipath, $param1, $page, $message, $EX;
-	$page = "index"; //Return to index
-	$foldername = trim($_POST["delete_folder"], '/');
-
-	if ( !is_empty($ipath) ) {
-		$message .= $EX.' <b>Folder not empty. &nbsp; Folders must be empty before they can be deleted.</b>';
-		$page = "index";
-	}elseif (@rmdir($foldername)) {
-		$message .= '<b>Deleted folder:</b> '.htmlentities(basename($foldername));
-		$ipath  = Check_path($foldername); //Return to parent dir.
-		$param1 = '?i='.URLencode_path($ipath);
-	}else {
-		$message .= $EX.' <b>"'.htmlentities($foldername).'/"</b> an error occurred during delete.';
-	}
-}//end Delete_Folder_response() ************************************************
-
-
-
-
-function Page_Title(){ //***<title>Page_Title()</title>*************************
-	global $page;
-
-	if     ($page == "login")        { return "Log In";         }
-	elseif ($page == "hash")         { return "Hash";           }
-	elseif ($page == "edit")         { return "Edit/View File"; }
-	elseif ($page == "upload")       { return "Upload File";    }
-	elseif ($page == "newfile")      { return "New File";       }
-	elseif ($page == "copy" )        { return "Copy";           }
-	elseif ($page == "rename")       { return "Rename File";    }
-	elseif ($page == "delete")       { return "Delete";         }
-	elseif ($page == "newfolder")    { return "New Folder";     }
-	elseif ($page == "renamefolder") { return "Rename Folder";  }
-	elseif ($page == "deletefolder") { return "Delete Folder";  }
-	else                             { return $_SERVER['SERVER_NAME']; }
-}//end Page_Title() ************************************************************
-
-
-
-
-function Load_Selected_Page(){ //***********************************************
-	global $ONESCRIPT, $page;
-
-	if     ($page == "login")        { Login_Page();         }
-	elseif ($page == "hash")         { Hash_Page();          }
-	elseif ($page == "edit")         { Edit_Page();          }
-	elseif ($page == "upload")       { Upload_Page();        }
-	elseif ($page == "newfile")      { New_File_Page();      }
-	elseif ($page == "copy")         { Copy_Ren_Move_Page('Copy', 'File', 'copy_file', 1); }
-	elseif ($page == "rename")       { Copy_Ren_Move_Page('Rename', 'File', 'rename_file', 1); }
-	elseif ($page == "delete")       { Delete_File_Page();   }
-	elseif ($page == "newfolder")    { New_Folder_Page();    }
-	elseif ($page == "renamefolder") { Copy_Ren_Move_Page('Rename', 'Folder', 'rename_folder', 0); }
-	elseif ($page == "deletefolder") { Delete_Folder_Page(); }
-	else                             { Index_Page();         } //default
-}//end Load_Selected_Page() ****************************************************
-
-
-
-
-function Timer_scripts() { //***************************************************
-?>
-<script>
-//pad() is also used by the Time_Stamp_scripts()
-function pad(num){ if ( num < 10 ){ num = "0" + num; }; return num; }
-
-
-function FormatTime(Seconds) {
-	var Hours = Math.floor(Seconds / 3600); Seconds = Seconds % 3600;
-	var Minutes = Math.floor(Seconds / 60); Seconds = Seconds % 60;
-	if ((Hours == 0) && (Minutes == 0)) { Minutes = "" } else { Minutes = pad(Minutes) }
-	if (Hours == 0) { Hours = ""} else { Hours = pad(Hours) + ":"}
-
-	return (Hours + Minutes + ":" + pad(Seconds));
-}
-
-
-function Countdown(count, End_Time, Timer_ID, Timer_CLASS, Action){
-	var Timer        = document.getElementById(Timer_ID);
-	var Current_Time = Math.round(new Date().getTime()/1000); //js uses milliseconds
-	    count        = End_Time - Current_Time;
-	var params = count + ', "' + End_Time + '", "' + Timer_ID + '", "' + Timer_CLASS + '", "' + Action + '"';
-
-	Timer.innerHTML = FormatTime(count);
-
-	if ( count < 1 ) {
-		if ( Action == 'LOGOUT') { 
-			Timer.innerHTML = 'SESSION EXPIRED';
-			//Load login screen, but delay first to make sure really expired:
-			setTimeout('window.location = window.location.pathname',3000); //1000 = 1 second
-		}
-		return;
-	}
-	setTimeout('Countdown(' + params + ')',1000);
-}
-
-
-function Start_Countdown(count, ID, CLASS, Action){
-	document.write('<span id="' + ID + '"  class="' + CLASS + '"></span>');
-
-	var Time_Start  = Math.round(new Date().getTime()/1000);
-	var Time_End    = Time_Start + count;
-
-	Countdown(count, Time_End, ID, CLASS, Action); //(seconds to count, id of element)
-}
-</script>
-<?php }//end Timer_scripts() ***************************************************
-
-
-
-
-function Time_Stamp_scripts() { //**********************************************
-?>
-<script>//Dispaly file's timestamp in user's local time 
-
-function FileTimeStamp(php_filemtime, show_date, show_offset){
-
-	//php's filemtime returns seconds, javascript's date() uses milliseconds.
-	var FileMTime = php_filemtime * 1000; 
-
-	var TIMESTAMP  = new Date(FileMTime);
-	var YEAR  = TIMESTAMP.getFullYear();
-	var	MONTH = pad(TIMESTAMP.getMonth() + 1);
-	var DATE  = pad(TIMESTAMP.getDate());
-	var HOURS = TIMESTAMP.getHours();
-	var MINS  = pad(TIMESTAMP.getMinutes());
-	var SECS  = pad(TIMESTAMP.getSeconds());
-
-	if ( HOURS < 12) { AMPM = "am"; }
-	else             { AMPM = "pm"; }
-	if ( HOURS > 12 ) {HOURS = HOURS - 12; }
-	HOURS = pad(HOURS);
-
-	var GMT_offset = -(TIMESTAMP.getTimezoneOffset()); //Yes, I know - seems wrong, but it's works.
-
-	if (GMT_offset < 0) { NEG=-1; SIGN="-"; } else { NEG=1; SIGN="+"; } 
-
-	var offset_HOURS = Math.floor(NEG*GMT_offset/60);
-	var offset_MINS  = pad( NEG * GMT_offset % 60 );
-	var offset_FULL  = "UTC " + SIGN + offset_HOURS + ":" + offset_MINS;
-
-	FULLDATE = YEAR + "-" + MONTH + "-" + DATE;
-	FULLTIME = HOURS + ":" + MINS + ":" + SECS + " " + AMPM;
-
-	var               DATETIME = FULLTIME;
-	if (show_date)  { DATETIME = FULLDATE + " &nbsp;" + FULLTIME;}
-	if (show_offset){ DATETIME += " ("+offset_FULL+")"; }
-		
-	document.write( DATETIME );
-
-}//end FileTimeStamp(php_filemtime)
-</script>
-<?php }//end Time_Stamp_scripts() **********************************************
-
-
-
-
-function Edit_Page_scripts() { //***********************************************
-?>
-	<!--======== Provide feedback re: unsaved changes ========-->
-	<script>
-	    
-	var File_textarea    = document.getElementById('file_content');
-	var Save_File_button = document.getElementById('save_file');
-	var Reset_button     = document.getElementById('reset');
-
-	var start_value = File_textarea.value;
-	var submitted   = false
-	var changed     = false;
-
-
-
-	// The following events only apply when the element is active.
-	// [Save] is disabled unless there are changes to the open file.
-	Save_File_button.onfocus = function() {Save_File_button.style.backgroundColor = "rgb(255,250,150)";}
-	Save_File_button.onblur  = function() {Save_File_button.style.backgroundColor ="#Fee";}
-	Save_File_button.onmouseover = function() {Save_File_button.style.backgroundColor = "rgb(255,250,150)";}
-	Save_File_button.onmouseout  = function() {Save_File_button.style.backgroundColor = "#Fee";}
-
-
-
-	function Reset_file_status_indicators() {
-		changed = false;
-		File_textarea.style.backgroundColor = "#F6FFF6";  //light green
-		Save_File_button.style.backgroundColor = "";
-		Save_File_button.style.borderColor = "";
-		Save_File_button.style.borderWidth = "1px";
-		Save_File_button.disabled = "disabled";
-		Save_File_button.value = "Save";
-		Reset_button.disabled = "disabled";
-		//File_textarea.focus();
-	}
-
-
-	window.onbeforeunload = function() {
-		if ( changed && !submitted) { 
-			//FF4+ Ingores the supplied msg below & only uses a system msg for the prompt.
-			return "               Unsaved changes will be lost!";
-		}
-	}
-
-
-	window.onunload = function() {
-		//without this, a browser back then forward would reload file with local/
-		// unsaved changes, but with a green b/g as tho that's the file's contents.
-		if (!submitted) {
-			File_textarea.value = start_value;
-			Reset_file_status_indicators();
-		}
-	}
-
-
-	//With selStart & selEnd == 0, moves cursor to start of text field.
-	function setSelRange(inputEl, selStart, selEnd) { 
-		if (inputEl.setSelectionRange) { 
-			inputEl.focus(); 
-			inputEl.setSelectionRange(selStart, selEnd); 
-		} else if (inputEl.createTextRange) { 
-			var range = inputEl.createTextRange(); 
-			range.collapse(true); 
-			range.moveEnd('character', selEnd); 
-			range.moveStart('character', selStart); 
-			range.select(); 
-		} 
-	}
-
-
-	function Check_for_changes(event){
-		var keycode=event.keyCode? event.keyCode : event.charCode;
-		changed = (File_textarea.value != start_value);
-		if (changed){
-			document.getElementById('message').innerHTML = " "; // Must have a space, or it won't clear the msg.
-			File_textarea.style.backgroundColor = "#Fee";  //light red
-			Save_File_button.style.backgroundColor ="#Fee";
-			Save_File_button.style.borderColor = "#F44";   //less light red
-			Save_File_button.style.borderWidth = "1px";
-			Save_File_button.disabled = "";
-			Reset_button.disabled = "";
-			Save_File_button.value = "SAVE CHANGES!";
-		}else{
-			Reset_file_status_indicators()
-		}
-	}
-
-
-	//Reset textarea value to when page was loaded.
-	//Used by [Reset] button, and when page unloads (browser back, etc). 
-	//Needed becuase if the page is reloaded (ctl-r, or browser back/forward, etc.), 
-	//the text stays changed, but "changed" gets set to false, which looses warning.
-	function Reset_File() {
-		if (changed) {
-			if ( !(confirm("Reset file and loose unsaved changes?")) ) { return; }
-		}
-		File_textarea.value = start_value;
-		Reset_file_status_indicators();
-		setSelRange(File_textarea, 0, 0) //MOve cursor to start of textarea.
-	}
-	
-	Reset_file_status_indicators()
-	</script>
-<?php }//End Edit_Page_scripts() ***********************************************
-
-
-
-
-function style_sheet(){ //****************************************************?>
-<style>
-/* --- reset --- */
-* { border : 0; outline: 0; margin : 0; padding: 0;
-    font-family: inherit; font-weight: inherit; font-style : inherit;
-    font-size  : 100%; vertical-align: baseline; }
-
-
-/* --- general formatting --- */
-
-body { font-size: 1em; background: #DDD; font-family: sans-serif; }
-
-p, table { margin-bottom: .8em; margin-top: .8em;}
-
-div { position: relative; }
-
-h1,h2,h3,h4,h5,h6 { font-weight: bold; }
-h2, h3 { font-size: 1.2em; margin: .5em 1em .5em 0; } /*TRBL*/
-
-i, em     { font-style : italic; }
-b, strong { font-weight: bold;   }
-
-:focus { outline:0; }
-
-table { border-collapse:separate; border-spacing:0; }
-th,td { text-align:left; font-weight:400; }
-
-a       { border: 1px solid transparent; color: rgb(100,45,0); text-decoration: none; }
-a:hover { border: 1px solid #807568; background-color: rgb(255,250,150); }
-a:focus { border: 1px solid #807568; background-color: rgb(255,250,150); }
-
-form p { margin-bottom: .3em; }
-
-label { display: inline-block; width : 6em; font-size : 1em; font-weight: bold; }
-
-svg { margin: 0; padding: 0; }
-
-pre { /*Used around test output when trouble shooting*/
-	background: white;
-	border: 1px solid #807568;
-	padding: .5em;
-	margin: 0;
-	}
-
-
-/* --- layout --- */
-
-.container {
-	border : 0px solid #807568;
-	width  : 810px;
-	margin : 0em auto;
-	}
-
-
-.header {
-	border-bottom : 1px solid #807568;
-	padding: 04px 0px 01px 0px;
-	margin : 0 0 .5em 0;
-	}
-
-
-#logo {
-	font-family: 'Trebuchet MS', sans-serif;
-	font-size:2.2em;
-	font-weight: bold;
-	color: black;
-	padding: .1em;
-	}
-
-.filename {
-	border: 1px solid #807568;
-	padding: .1em .2em .1em .2em;
-	font-weight: 700;
-	font-family: courier;
-	background-color: #EEE;
-	}
-
-#message { margin-bottom: .5em;}
-
-#message p {
-	margin: 0;
-	padding: 4px 0px 4px .5em;
-	border: 1px solid #807568;
-	Xfont-family: courier;
-	font-size: 1em;
-	line-height: 1.2em;
-	background: #fff000;
-	}
-
-#message #Xbox { float: right; }
-
-#message #dismiss { padding: 5px 4px 5px 4px; border-right: none; } /*TRBL*/ /*font-family: Courier; font-size: 1.2em;*/
-
-
-/* --- INDEX directory listing, table format --- */
-table.index_T {
-	min-width: 30em;
-	font-size: .95em;
-	border-style: outset;
-	border-width: 1px;
-	border-color: #807568;
-	border-collapse: collapse;
-	margin-bottom: .7em;
-	background-color: #FdFdFd;
-	}
-	
-table.index_T  tr:hover { border: 1px solid #807568; }
-
-table.index_T td { 
-	border-width  : 1px;
-	border-color  : silver;
-	border-style  : inset;
-	vertical-align: middle;
-	}
-
-.index_T a { 
-	height : 1em;
-	display: block;
-	padding: .2em 1em .3em .3em;
-	color  : rgb(100,45,0);
-	border : none;
-	overflow   : hidden;
-	}
-
-.index_T a:hover { background-color: rgb(255,250,150); }
-.index_T a:focus { background-color: rgb(255,250,150); }
-
-
-
-/* File size & date */
-
-.meta_size { min-width:  6em; }
-
-.meta_time { min-width: 15em; }
-
-.meta_T {
-	padding-right : .5em;
-	text-align    : right;
-	font-family   : courier;
-    font-size     : .9em;
-	color         : #333;
-	}
-
-
-.index_folders { min-height: 1.7em;  margin-bottom: .2em; }
-
-.index_folders a {
-	Xborder       : 1px solid #807568;
-	display      : inline-block;
-	line-height  : 1em;
-	font-size    : 1em;
-	margin-right : .6em;
-	margin-bottom: .1em;
-	padding      : 3px .4em 3px 5px; /*TRBL*/
-	}
-
-.index_folders a:hover { background-color: rgb(255,250,150); }
-.index_folders a:focus { background-color: rgb(255,250,150); }
-
-
-
-/*  [Upload File] [New File] [New Folder] etc... */
-
-.front_links a {
-	display: inline-block;
-	border : 1px solid #807568;
-	height      : 1em;
-	font-size   : 1em;
-	margin-right: 1em;
-	padding     : 3px 5px 5px 4px; /*TRBL*/
-	background-color: #EEE;
-	}
-
-
-
-
-.front_links a:hover  { background-color: rgb(255,250,150); }
-.front_links a:focus  { background-color: rgb(255,250,150); }
-
-
-input[type="text"] {
-	border: 1px solid #807568;
-	padding: 2px;
-	width: 50em;
-	font: 1em "Courier New", Courier, monospace;
-	}
-
-textarea {
-	border: 1px solid #999;
-	font  : .95em "Courier New", Courier, monospace;
-	margin: 0 0 0 0; /*T R B L*/
-	width : 99.5%;
-	height: 30em;
-	}
-
-textarea:focus { border: 1px solid #Fdd; }
-
-.edit_disabled { 
-	border : 1px solid #807568;
-	width  : 99%;
-	padding: .2em;
-	margin : 0;
-	background-color: #FFF000; color: #333;
-	line-height: 1.4em;
-	}
-
-.view_file {font-family: courier; font-size: .9em; background-color: #F8F8F8;}
-
-
-input:focus { background-color: rgb(255,250,150); }
-
-input:hover { background-color: rgb(255,250,150); }
-
-input[readonly]       { color: #333; background-color: #EEE; }
-input[disabled]       { color: #555; background-color: #EEE; }
-input[disabled]:hover { background-color: rgb(236,233,216);  } 
-input[disabled]:hover { background-color: rgb(236,233,216);  } 
-
-
-.buttons_right         { float: right; }
-.buttons_right .button { margin-left: .5em; }
-
-.button {
-	border : 1px solid #807568;
-	padding: 4px 10px;
-	cursor : pointer;
-	color      : black;
-	font-size  : .9em;
-	font-family: sans-serif;
-	background-color: #EEE;  /*#d4d4d4*/
-	}
-
-.button[disabled]  { color: #777; background-color: #EEE; }
-
-
-/* --- header --- */
-
-.nav {
-	float     : right;
-	display   : inline-block;
-	margin-top: 1.6em;
-	font-size : 1em;
-	}
-
-.nav a {
-	border: 1px solid transparent;
-	font-weight : bold;
-	padding     : .0em;
-	padding-top   : .2em;
-	padding-left  : .6em;
-	padding-right : .6em;
-	padding-bottom: .1em;
-	}
-
-.nav a:hover { border: 1px solid #807568; }
-.nav a:focus { border: 1px solid #807568; }
-
-
-/* --- edit --- */
-
-#edit_header  {margin: 0;}
-
-#edit_form    {margin: 0;}
-
-#file_content {height: 30em;}
-
-.file_meta	  {float: left;  margin-top: .5em; font-size: 1em; color: #333; font-family: courier;}
-
-#close1       {float: right; margin-bottom: .5em;}
-
-#edit_notes   {font-size: .8em; color: #333 ;margin-top: 1em; clear:both;}
-
-
-
-/* --- log in --- */
-
-.login_page {
-	margin  : 5em auto;
-	border  : 1px solid #807568;
-	padding : .5em 1em .6em 1em;
-	width   : 370px;
-	}
-
-.login_page .nav { margin-top: .5em; }
-
-.login_input {
-	border  : 1px solid #807568;
-	padding : 2px 0px 2px 2px;
-	width   : 366px;
-	font    : 1em "Courier New";
-	}
-
-.login_page input[type="text"]{ width   : 364px; }
-
-
-
-#upload_file {
-	border: 1px solid #807568;
-	padding: 2px;
-	width: 50em;
-	Xfont: 1em "Courier New", Courier, monospace;
-	}
-
-
-hr { /*-- -- -- -- -- -- --*/
-	line-height  : 0;
-	Xfont-size    : 1px;
-	display : block;
-	position: relative;
-	padding : 0;
-	margin  : .8em auto;
-	width   : 100%;
-	clear   : both;
-	border  : none;
-	border-top   : 1px solid #807568;
-	Xborder-bottom: 1px solid #eee;
-	overflow: visible;
-	}
-
-.verify {
-	border: 1px solid #F44;
-	color: #333;
-	background-color: #FFE7E7;
-	padding: .1em .2em;
-	font: 1.2em Courier;
-	}
-
-#admin {padding: .3em;}
-
-.web_root { font:1em Courier; }
-
-
-
-.mono {font-family: courier;}
-
-.info {margin-top: .7em; background: #f9f9f9; padding: .2em .5em;}
-
-.path {padding: 1px 5px 1px 5px} /*TRBL*/
-
-.edit_onefile {padding: 5px; float: right;}
-
-.xtra {color: red; background: #EEE;}
-
-.timer {border: 1px solid gray; padding: 3px .5em 4px .5em;}
-
-.timeout {float:right; font-size: .95em; color: #333}
-</style>
-<?php }//end style_sheet() *****************************************************
-
-
-
-
-//******************************************************************************
-//******************************************************************************
-//Begin logic to determine page action
-
-
-if( PHP_VERSION_ID < 50000 ) { exit("OneFileCMS requires PHP5 to operate. Tested on versions 5.2.17, 5.3.3 & 5.4"); }
-
-Session_Startup(); 
-
-if ($_SESSION['valid']) {
-
-	Get_GET();  
-
-	Init_Macros();
-
-	if ($VALID_POST) { //*******************************************************
-		if     (isset($_FILES['upload_file']['name'])) { Upload_response(); }
-		elseif (isset($_POST["whattohash"]   )) { Hash_response();          }
-		elseif (isset($_POST["filename"]     )) { Edit_response();          }
-		elseif (isset($_POST["new_file"]     )) { New_File_response();      }
-		elseif (isset($_POST["copy_file"]    )) { Copy_Ren_Move_response($_POST[ "old_name"], $_POST["copy_file"], 'copy', 'Copy', 'Copied', 1); } 
-		elseif (isset($_POST["rename_file"]  )) { Copy_Ren_Move_response($_POST[ "old_name"], $_POST["rename_file"], 'rename', 'Rename/Move', 'Renamed/Moved', 1); } 
-		elseif (isset($_POST["delete_file"]  )) { Delete_File_response();   }
-		elseif (isset($_POST["new_folder"]   )) { New_Folder_response();    }
-		elseif (isset($_POST["rename_folder"])) { Copy_Ren_Move_response($_POST[ "old_name"], $_POST["rename_folder"], 'rename', 'Rename/Move', 'Renamed/Moved', 0); } 
-		elseif (isset($_POST["delete_folder"])) { Delete_Folder_response(); }
-	}//end if ($VALID_POST) ****************************************************
-
-
-	//*** Verify valid $page and/or $filename **********************************
-
-		//Don't load login screen if already in a valid session.
-	if     ( $_SESSION['valid'] && ($page == "login") )  { $page = "index"; }
-
-		//Don't load edit page if $filename doesn't exist.
-	elseif ( ($page == "edit")  && !is_file($filename) ) { $page = "index"; }
-
-	elseif ($page == "logout") {
-		Logout();
-		$message .= 'You have successfully logged out.'; }
-
-		//Don't load delete page if folder not empty.
-	elseif ( ($page == "deletefolder") && !is_empty($ipath) ) {
-		$message .= $EX.' <b>Folder not empty. &nbsp; Folders must be empty before they can be deleted.</b>';
-		$page = "index";}
-
-		//if size of $_POST > post_max_size, PHP only returns empty $_POST & $_FILE arrays.
-	elseif ($page == "uploaded" && !$VALID_POST){
-		$message .= $EX.'<b> Upload Error.  Total POST data (mostly filesize) exceeded post_max_size = '.ini_get('post_max_size').' (from php.ini).</b>';
-		$page = "index";}
-
-	elseif ( ($page == "edit") && ($filename == trim(rawurldecode($ONESCRIPT), '/')) ) { 
-		if ( $message == "" ) { $BR = ""; } else { $BR = '<br>';}
-		$message .= '<style>#message p {background: red; color: white;}</style>';
-		$message .= $BR.$EX.' <b>CAUTION '.$EX.' You are editing the active copy of OneFileCMS - BACK IT UP &amp; BE CAREFUL !!</b>';
-	}
-	//**************************************************************************
-}//end if $_SESSION[valid] *****************************************************
-
-
-
-
-//******************************************************************************
-//******************************************************************************
-?><!DOCTYPE html>
-
-<html>
-<head>
-
-<title><?php echo $config_title.' - '.Page_Title() ?></title>
-
-<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
-<meta name="robots" content="noindex">
-
-<?php style_sheet(); ?>
-
-<?php Timer_scripts() ?>
-
-<?php if ( ($page == "index") || ($page == "edit") ) { Time_Stamp_scripts(); } ?>
-
-</head>
-<body>
-
-<?php if ($page == "login"){ echo '<div class="login_page">'; }
-      else                 { echo '<div class="container" >'; }
-?>
-
-<div class="header">
-	<a href="<?php echo $ONESCRIPT.'" id="logo">'.$config_title; ?></a>
-	<?php echo $version.' (on&nbsp;php&nbsp'.phpversion().')'; ?>
-
-	<div class="nav">
-		<a href="/" target="_blank"><?php show_favicon() ?>&nbsp;
-		<b><?php echo htmlentities($WEBSITE) ?></b></a>
-		<?php if ($page != "login") { ?>
-		| <a href="<?php echo $ONESCRIPT ?>?p=logout">Log Out</a>
-		<?php } ?>
-	</div><div style="clear:both;"></div>
-</div><!-- end header -->
-
-<?php if ( $page != "login"  &&  $page != "hash" ) { Current_Path_Header(); } ?>
-
-<?php message_box() ?>
-
-<?php Load_Selected_Page() ?>
-
-<?php if ($page != "login") { echo '<hr>'; } ?>
-
-<?php
-//Admin link
-if ( ($page != "login") && ($page != "hash") ){
-echo '<p><a id="admin" href="'.$ONESCRIPT.$param1.$param2.'&amp;p=hash">Admin</a>'; }
-
-//Countdown timer...
-if ( $page != "login" ) {
-	echo Timeout_Timer($MAX_IDLE_TIME, 'timer0', 'timer timeout', 'LOGOUT');
-	echo '<span class="timeout">Session time out in:&nbsp;</span>';
-}
-?>
-
-</div><!-- end container/login_page -->
-</body>
-</html>
diff --git a/readme.markdown b/readme.markdown
index 5e43155..d18f7ce 100755
--- a/readme.markdown
+++ b/readme.markdown
@@ -1,11 +1,9 @@
-# Current stable version: 3.2.3
+# Current stable version: 3.3.0
 
-### July 5, 2012
+### July 10, 2012
 
-Partly to prepare for future capabilities, the ability to process an external config file was added.  It is not required, so OneFileCMS is still one file,  but it adds some flexibility.  
-  
-Most of the recent changes have been to increase login and session security. However, I'm slowly learning that there's only so much that can be done, particulary when the base connection is un-encrypted.   Online security, it seems, is a nebulous subject of a rather dubious nature.  Never-the-less, I have tried to do those things that can be done.  
-However, always remember that of the most important security measures concern user behavior - such as avoiding the use of un-encrypted wifi connections...
+Added support for optional external language files.  The default, English, is included directly in OneFileCMS, of course.  Now to get some translations...  
+A sample language file is included in the repo for reference for anyone that may be interested.
   
 --------------------------------------------------------------------------------
 
@@ -68,7 +66,7 @@ Yes, of course!
 
 I may not have the time/bandwidth/inclination to implement every feature, but I'll do what I can. If it's urgent, contact me.  
 
-Otherwise, try [forking the file and submitting your changes to me](https://github.com/blog/844-forking-with-the-edit-button).
+In anycase, try [forking the file and submitting your changes to me](https://github.com/blog/844-forking-with-the-edit-button).
 
 ### This is basically just a file manager with a text editor. Why is it being called a Content Management System?
 
@@ -76,11 +74,11 @@ Well, because "OneFileFileManagerTextEditor" just doesn't have the same ring to
 
 ### Multi-Language Support?
 
-Possibly! (But not yet...)
+Yes!  (But only English is included so far...)
 
 ### Can I have more than one username/password?
 
-Yes!  Well, sort of, indirectly.  Upload or create addional copies of OneFileCMS, but give them different file names.(ie: OneFile1.php and OneFile2.php etc...)  Then, with each copy, maintain different user names and passwords.  Also, so one user does not log out the other, change the session names.  
+Yes!  Well, sort of - indirectly.  Upload or create addional copies of OneFileCMS, but give them different file names.(ie: OneFile1.php and OneFile2.php etc...)  Then, with each copy, maintain different user names and passwords.  Also, so one user does not log out the other, change the session names.  
   
 Now, since there is no database or other means of granular control and acess logging, multiple users may be kind of pointless.  On the other hand, having at least one working backup copy of OneFileCMS available is recommended in case the primary copy gets corrupted.
 
@@ -90,7 +88,8 @@ Now, since there is no database or other means of granular control and acess log
   (Only tested on versions 5.2.17, 5.3.3, 5.4, and 5.4.3)
 - File permission privileges on your host
 - Javascript enabled browswer
-- And, for OneFileCMS 3+, a browser that supports inline SVG.
+- And, for OneFileCMS 3+, a browser that supports inline SVG.  
+  (Even if your browser doesn't support SVG, OneFileCMS will still work, just without any icons.)
 
 ## Credit, License, Et Cetera
 
@@ -106,7 +105,6 @@ To report a bug or request a feature, please file an issue via Github. Forks enc
 
 ##Needed/potential/upcoming improvements
 
-- Multiple languages support
 - With Chrome, and possibly Safari, issue with Edit page: Clicking browser [back] & then browser [forward],  with file changed and not saved. On return (after [forward] clicked), file still has changes, but indicators are green (saved/unchanged). Does not affect FF 7+ or IE 8+.
 - Issue with Chrome's XSS filter: Editing some legitimate files with OneFileCMS will trigger the filter and disable much of the javascript provided functionallity, but only while on edit page with such a file, and only after a [Save].
 - Connection is not encrypted (doesn't use SSL), so passwords & usernames are sent in clear text during login.  
@@ -122,34 +120,34 @@ To report a bug or request a feature, please file an issue via Github. Forks enc
 CONFIGURATION SECTION  
   
 SOME STANDARD GLOBAL VARIABLES  
-  
+
+DEFAULT LANGUAGE
+
 SESSION & MISC FUNCTIONS  
   
 SVG ICON FUNCTIONS  
   
 PAGE & RESPONSE FUNCTIONS  
-    Index, Upload, New, Copy, Rename, etc...  
   
-JAVASCRIPT & STYLESHEET FUNCTIONS  
+JAVASCRIPT FUNCTIONS  
+  
+STYLESHEET  
   
 LOGIC TO DETERMINE PAGE ACTION  
-    Call Session\_Startup()  
-    Call Get\_GET()  
-    Call Init\_Macros()  
-    If $VALID\_POST, do $\_POST['someaction']  
-    Validate which $page to show  
   
-GENERATE THE PAGE  
-    &lt;HTML&gt;  
-    ...  
-    Load\_Selected\_Page($page)  
-    ...  
-    &lt;/HTML&gt;  
+GENERATE/OUTPUT THE PAGE  
 
 --------------------------------------------------------------------------------
 
 ## Change Log
 
+### 3.3.0
+
+- Added support for optional external language files.   Now to get some translations...  
+- The default, English, is included directly in OneFileCMS, of course.
+- A sample language file (English) is included in the repo for reference for anyone that may be interested.
+
+
 ### 3.2.3
 
 - Thanks to github.com/codeless: added the ability to process a seperate config file.  
@@ -267,12 +265,13 @@ GENERATE THE PAGE
 
 ### 1.1.6
 
-- Breadcrumb navigation (courtesy of [Self-Evident](https://github.com/Self-Evident/)), CSS file and some minor changes to it<br />
-  Installation is still as usual, but, now, if you have _onefilecms.css_ in the same folder as _onefilecms.php_, it'll be linked instead of the normal [http://onefilecms.com/style.css](http://onefilecms.com/style.css).
+- Breadcrumb navigation (courtesy of [Self-Evident](https://github.com/Self-Evident/)), CSS file and some minor changes to it
+- Installation is still as usual, but now, if you have _onefilecms.css_ in the same folder as _onefilecms.php_, it'll be linked instead of the normal [http://onefilecms.com/style.css](http://onefilecms.com/style.css).
 
 ### 1.1.5
 
-- Fixed a disallowed redirect vulnerability<br />Many thanks to Abhi M Balakrishnan from [OWASP Mantra Team](http://www.getmantra.com/) for his help
+- Fixed a disallowed redirect vulnerability  
+Many thanks to Abhi M Balakrishnan from [OWASP Mantra Team](http://www.getmantra.com/) for his help
 
 ### 1.1.4
 

From e32e0ad6edb8e326a45a24d4fb08b84902c9930a Mon Sep 17 00:00:00 2001
From: David <selfevidenttruths@mail.com>
Date: Tue, 10 Jul 2012 17:17:49 -0400
Subject: [PATCH 099/228] Version 3.3.0

---
 OneFileCMS_structure.txt | 16 ++++++++++++----
 1 file changed, 12 insertions(+), 4 deletions(-)

diff --git a/OneFileCMS_structure.txt b/OneFileCMS_structure.txt
index 3f59ff9..7d22164 100755
--- a/OneFileCMS_structure.txt
+++ b/OneFileCMS_structure.txt
@@ -4,9 +4,15 @@ SOME BASIC SECURITY & ERROR LOG SETTINGS
 
 CONFIGURATION SECTION
 
+GET EXTERNAL CONFIG (if exists)
+
 OTHER GLOBAL VALUES
 
+LANGUAGE SETTINGS
+
 MISC FUNCTIONS:
+	hsc()
+	Load_Default_Language()
 	Session_Startup()
 	Verify_IDLE_POST_etc()
 	hashit()
@@ -53,8 +59,10 @@ PAGE & RESPONSE FUNCTIONS:
 	Login_Page_response()
 	List_Files()
 	Index_Page()
-	Edit_Page_Buttons()
+	Edit_Page_buttons_top()
+	Edit_Page_buttons()
 	Edit_Page_form()
+	Edit_Page_notes()
 	Edit_Page()
 	Edit_Page_response()
 	Upload_Page()
@@ -77,15 +85,15 @@ JAVASCRIPT & STYLESHEET FUNCTIONS:
 	Time_Stamp_scripts()
 	Edit_Page_scripts()
 	style_sheet()
-	
+
 LOGIC TO DETERMINE PAGE ACTION
 	Verify good PHP version
+	Get language settings
 	Call Session_Startup()
 	Call Get_GET()
 	Call Init_Macros()
 	If VALID_POST 
 		Do $_POST['someaction'] (<someaction>_response)
 	Validate $page to show
-	
+
 GENERATE/OUTPUT <HTML>...  
-  

From ca474f83d0b08329595ec2194ec16c995b70eaf2 Mon Sep 17 00:00:00 2001
From: David <selfevidenttruths@mail.com>
Date: Tue, 10 Jul 2012 17:21:29 -0400
Subject: [PATCH 100/228] Removed onefile.css from repo, as it's no longer
 used.

---
 onefilecms.css | 390 -------------------------------------------------
 1 file changed, 390 deletions(-)
 delete mode 100755 onefilecms.css

diff --git a/onefilecms.css b/onefilecms.css
deleted file mode 100755
index a960a00..0000000
--- a/onefilecms.css
+++ /dev/null
@@ -1,390 +0,0 @@
-/* OneFileCMS - http://onefilecms.com/
- * Version 1.4.0
- * For license & copyright info, see OneFileCMS.License.BSD.txt 
- */ 
-
-
-/* #d5d0cc #774200 #807568 #976322 #995400 #d4d4d4 #0F0901 #eaeaea
-   rgb(255,250,150) rgb(157, 124, 83) rgb(157, 124, 83)
-   rgb(255,250,150) rgb(255,250,150) #969376 rgb(255,245,115)
- */
-
-
-
-/* --- reset --- */
-html,body,div,span,applet,object,iframe,h1,h2,h3,h4,h5,h6,p,blockquote,pre,a,abbr,acronym,address,big,
-cite,code,del,dfn,em,font,img,ins,kbd,q,s,samp,small,strike,strong,sub,sup,tt,var,dl,dt,dd,ol,ul,li,
-fieldset,form,label,legend,table,caption,tbody,tfoot,thead,tr,th,td
-{border : 0;  outline: 0; margin : 0; padding: 0;
-font-family: inherit; font-weight: inherit; font-style : inherit;
-font-size  : 100%; vertical-align: baseline; }
-
-
-
-
-/* --- general formatting --- */
-
-body { font-size: 1em; background: #DDD; font-family: sans-serif; }
-
-p, table { margin-bottom: .5em; }
-
-div{position: relative;}
-
-h1,h2,h3,h4,h5,h6{font-weight: bold;}
-h2 { font-size: 20px; margin: 0 1em .2em 0;} /*TRBL*/
-h3 { font-size: 18px; margin-top: 15px; }
-h4 { font-size: 1.3em; margin-bottom: .2em; font-weight: normal;}
-
-em, i { font-style: italic; }
-
-strong { font-weight: bold; }
-
-li {line-height: 1.4em; }
-
-:focus{outline:0;}
-
-ol,ul{list-style:none;}
-
-table{border-collapse:separate;border-spacing:0;}
-
-caption,th,td{text-align:left;font-weight:400;}
-
-blockquote:before,blockquote:after,q:before,q:after{content:"";}
-blockquote,q{quotes:"" "";}
-
-a { border: 1px solid transparent; color: rgb(100,45,0); text-decoration: none; }
-a:hover { border: 1px solid #807568; background-color: rgb(255,250,150); }
-a:focus { border: 1px solid #807568; background-color: rgb(255,250,150); }
-
-form p { margin-bottom: 5px; }
-
-
-label { display: inline-block; width : 7em; font-size : 1em; }
-
-
-pre {
-	background: white;
-	border: 1px solid #807568;
-	line-height: 1.25em;
-	overflow: auto
-	overflow-Y: hidden;
-	padding: 10px;
-	margin: 5px 0 10px 0;
-	overflow: hidden;
-	}
-
-
-/* --- layout --- */
-
-.container {
-	border : 0px solid #807568;
-	width  : 810px;
-	margin : 0em auto;
-	}
-
-
-.header {
-	border-bottom : 1px solid #807568;
-	padding: 04px 0px 04px 0px;
-	margin : 0;
-	margin-bottom : .5em;
-	}
-
-
-#logo {
-	font-family: 'Trebuchet MS', sans-serif;
-	font-size:2.2em;
-	font-weight: bold;
-	color: black;
-	padding: .1em;
-	}
-
-
-.footer { color: #777; font-size: .7em; }
-
-
-.alignleft { margin: 0 10px 10px 0; float: left; }
-
-
-.dirname { font-weight: 400; }
-
-.filename {
-	border: 1px solid #807568;
-	padding: .1em .2em .1em .2em;
-	font-weight: 700;
-	font-family: courier;
-	background-color: #EEE;
-	}
-
-
-#message {margin: .5em 0;}
-
-#message p {
-	margin: 0;
-	padding: 4px 0px 4px .5em;
-	border: 1px solid #807568;
-	Xfont-family: courier;
-	font-size: 1em;
-	line-height: 1.2em;
-	background: #fff000;
-	}
-
-#message span { float: right; }
-
-/* #message a { font-family: Courier; font-size: 1.2em; padding: 4px 2px 3px 2px; border-right: none;} */
-#message a { padding: 5px 4px 5px 4px; border-right: none; } /*T R B L */
-
-
-/* --- INDEX directory listing, table format --- */
-table.index_T {
-	min-width: 30em;
-	font-size: .95em;
-	border-style: outset;
-	border-width: 1px;
-	border-color: #807568;
-	border-collapse: collapse;
-	margin-bottom: .7em;
-	background-color: #FdFdFd;
-	}
-	
-table.index_T  tr:hover { border: 1px solid #807568; }
-
-table.index_T td { 
-	border-width  : 1px;
-	border-color  : silver;
-	border-style  : inset;
-	vertical-align: middle;
-	}
-
-.index_T a { 
-	height : 1em;
-	display: block;
-	padding: .2em 1em .3em 1.6em;
-	color  : rgb(100,45,0);
-	border : none;
-	background : url("http://self-evident.github.com/OneFileCMS/images/file-bin.png") 3px no-repeat;
-	overflow   : hidden;
-	}
-
-
-.index_T a.txt { background: url("http://self-evident.github.com/OneFileCMS/images/file-txt.png") 3px no-repeat; }
-.index_T a.htm { background: url("http://self-evident.github.com/OneFileCMS/images/file-htm.png") 3px no-repeat; }
-.index_T a.css { background: url("http://self-evident.github.com/OneFileCMS/images/file-css.png") 3px no-repeat; }
-.index_T a.php { background: url("http://self-evident.github.com/OneFileCMS/images/file-php.png") 3px no-repeat; }
-.index_T a.cfg { background: url("http://self-evident.github.com/OneFileCMS/images/file-cfg.png") 3px no-repeat; }
-.index_T a.img { background: url("http://self-evident.github.com/OneFileCMS/images/file-img.png") 3px no-repeat; }
-.index_T a.bin { background: url("http://self-evident.github.com/OneFileCMS/images/file-bin.png") 3px no-repeat; }
-.index_T a.svg { background: url("http://self-evident.github.com/OneFileCMS/images/file-svg.png") 3px no-repeat; }
-
-.index_T a:hover { background-color: rgb(255,250,150); }
-.index_T a:focus { background-color: rgb(255,250,150); }
-
-
-
-/* File size & date */
-
-.meta_size { min-width: 6em; }
-
-.meta_time { width    : 13em;}
-
-.meta {
-	height        : 25px;
-	line-height   : 1.1em;
-	font-size     : .9em;
-	margin-top    : 3px;
-	padding-right : .5em;
-    font-size     : .9em;
-	color         : #333;
-	}
-
-.meta_T {
-	padding-right : .5em;
-	text-align    : right;
-	font-family   : courier;
-    font-size     : .9em;
-	color         : #333;
-	}
-
-
-.index_folders { min-height: 1.7em;  margin-bottom: .2em; }
-
-.index_folders a {
-	Xborder       : 1px solid #807568;
-	display      : inline-block;
-	line-height  : 1em;
-	font-size    : 1em;
-	margin-right : .6em;
-	margin-bottom: .1em;
-	padding      : 3px .4em 3px 25px; /*TRBL*/
-	background : url("http://self-evident.github.com/OneFileCMS/images/folder-2.png") 4px 3px no-repeat;
-	}
-
-.index_folders a:hover { background-color: rgb(255,250,150); }
-.index_folders a:focus { background-color: rgb(255,250,150); }
-
-
-
-/*  [Upload File] [New File] [New Folder] etc... */
-
-.front_links { clear: both; }
-
-.front_links a {
-	border: 1px solid #807568;
-	font-size: 16px;
-	margin-right: 15px;
-	padding: 3px 5px 5px 21px; /*T R B L*/
-	height: 16px;
-	display: inline-block;
-	}
-
-.front_links a.upload       { background: #EEE url("http://self-evident.github.com/OneFileCMS/images/upload.png") 3px      3px no-repeat; }
-.front_links a.new          { background: #EEE url("http://self-evident.github.com/OneFileCMS/images/file-new-2.png")      3px 4px no-repeat; }
-.front_links a.newfolder    { background: #EEE url("http://self-evident.github.com/OneFileCMS/images/folder-new-2.png")    2px 5px no-repeat; }
-.front_links a.renamefolder { background: #EEE url("http://self-evident.github.com/OneFileCMS/images/folder-rename-1.png") 1px 4px no-repeat; }
-.front_links a.deletefolder { background: #EEE url("http://self-evident.github.com/OneFileCMS/images/folder-del-3.png")    1px 5px no-repeat; }
-
-.front_links a:hover  { background-color: rgb(255,250,150); }
-.front_links a:focus  { background-color: rgb(255,250,150); }
-
-
-input[type="text"] {
-	border: 1px solid #807568;
-	padding: 2px;
-	width: 630px;
-	font: 1em "Courier New", Courier, monospace;
-	}
-
-input.textinput1 { width: 20em; }
-
-input.textinput2 { width: 40em; }
-
-textarea {
-	border: 1px solid #999;
-	font  : .95em "Courier New", Courier, monospace;
-	margin: 0 0 .5em 0; /*T R B L*/
-	width : 99.5%;
-	height: 30em;
-	height: 30em;
-	}
-
-textarea[disabled ]{ width : 99.5%; height: 50px; }
-
-textarea:focus { border: 1px solid #Faa; }
-
-
-input:focus { background-color: rgb(255,250,150); }
-
-input:hover { background-color: rgb(255,250,150); }
-
-input[readonly]       { color: #333; background-color: #EEE; }
-input[disabled]       { color: #555; background-color: #EEE; }
-input[disabled]:hover { background-color: rgb(236,233,216);  } 
-input[disabled]:hover { background-color: rgb(236,233,216);  } 
-
-
-.buttons_right         { float: right; }
-.buttons_right .button { margin-left: 7px; }
-.buttons_left          { float: left; }
-.buttons_left  .button { margin-right: 7px; }
-
-.button {
-	border: 1px solid #807568;
-	padding: 4px 10px;
-	background-color: #EEE;  /*#d4d4d4*/
-	cursor: pointer;
-	font-size: .9em;
-	font-family: sans-serif;
-	}
-
-.button[disabled]  { color: #777; background-color: #EEE; }
-
-#action {color: white; background-color: rgb(235,70,70); font-weight: 700;}
-
-
-/* --- header --- */
-
-.nav {
-	float     : right;
-	display   : inline-block;
-	margin-top: 1.6em;
-	font-size : 1em;
-	}
-
-.nav a {
-	border: 1px solid transparent;
-	font-weight : bold;
-	padding     : .0em;
-	padding-top   : .2em;
-	padding-left  : .6em;
-	padding-right : .6em;
-	padding-bottom: .1em;
-	}
-
-.nav a:hover { border: 1px solid #807568; }
-.nav a:focus { border: 1px solid #807568; }
-
-
-
-/* --- edit --- */
-
-#edit_header  {margin: 0;}
-
-#edit_form    {margin: 0;}
-
-#file_content {height: 24em;}
-
-.file_meta	  {float: left;  margin-top: .5em; font-size: .9em; color: #333; font-family: courier;}
-
-.close        {float: right; margin-bottom: .5em;}
-
-#edit_note    {font-size: .8em; color: #444 ;margin-top: 1em;}
-
-
-
-/* --- log in --- */
-
-.login_page {
-	margin  : 5em auto;
-	border  : 1px solid #807568;
-	padding : 1em;
-	width   : 360px;
-	}
-
-.login_input {
-	border  : 1px solid #807568;
-	padding : 2px 0px 2px 2px;
-	width   : 356px;
-	font    : 1em "Courier New";
-	}
-
-input[type="text"].login_input { width   : 354px; }
-
-
-
-/* --- --- --- */
-hr { 
-	line-height  : 0;
-	font-size    : 1px;
-	display : block;
-	position: relative;
-	padding : 0;
-	margin  : 8px auto;
-	width   : 100%;
-	clear   : both;
-	border  : none;
-	border-top   : 1px solid #807568;
-	Xborder-bottom: 1px solid #eee;
-	overflow: visible;
-	}
-
-.web_root { font:1.2em Courier; }
-
-.sure { margin: .5em 0em .5em 0; }
-
-.verify {
-	border: 1px solid #807568;
-	color: #333;
-	background-color: #FEE;
-	padding: 2px .3em;
-	font: 1.2em Courier;
-	}

From ef71e88c8adb4082d6d9e24180cbd16adff857ae Mon Sep 17 00:00:00 2001
From: David <selfevidenttruths@mail.com>
Date: Fri, 13 Jul 2012 17:10:40 -0400
Subject: [PATCH 101/228] Version 3.3.01 Edit_Page_scripts(): Tweaked [Save]
 button event triggered css Copy_Ren_Move_response(): $param3 was missing in
 global svg_icons...(): now returns a string instead of echo'ing <svg>
 directly. Delete_Folder_response(): missing $_ in global Added
 $WIDE_VIEW_WIDTH config variable.  Not sure if it will stay... Pulled 
 undo_magic_quotes() out of Get_GET() so Get_GET() may be called again, if
 needed. Minor typo in edit_txt_03 Minor wording change to edit_note_03 Minor
 wording change to edit_note_04 Default_Language(): Fixed issue for PHP
 versions < 5.3: OFCMS failed to load   - this fix may be a temporary
 solution, but it works for now. Ummm...  and some css tweakin' too...

---
 OneFileCMS.LANG.EN.ini |  12 +-
 onefilecms.php         | 696 +++++++++++++++++++++--------------------
 2 files changed, 361 insertions(+), 347 deletions(-)

diff --git a/OneFileCMS.LANG.EN.ini b/OneFileCMS.LANG.EN.ini
index 18685a5..7e8098d 100755
--- a/OneFileCMS.LANG.EN.ini
+++ b/OneFileCMS.LANG.EN.ini
@@ -9,7 +9,7 @@ LANGUAGE = "English"
 ;// the actual setting variable, just set it to an empty string.
 ;// For example:  some_unused_setting = ""
 ;//
-;// Remember to slash-escape double quotes that may be within a value:  \"
+;// Remember to slash-escape double quotes that may be within a value:  \" 
 ;// And, if the these settings are set directly in Default_Language() in onefilecms.php,
 ;// single quotes must also be escaped:   \'
 
@@ -76,7 +76,7 @@ hash_txt_10 = "A double-click should select it..."
 hash_txt_11 = "Make sure $USE_HASH is set to 1 (or true)."
 hash_txt_12 = "When ready, logout and login."
 hash_txt_13 = "You can use OneFileCMS to edit itself.  However, be sure to have a backup ready for the inevitable ytpo..."
-hash_txt_14 = "For another small improvement to security, change the default salt and/or method used by OneFileCMS to hash the password (and keep \'em secret, of course).  Remever, every little bit helps..."
+hash_txt_14 = "For another small improvement to security, change the default salt and/or method used by OneFileCMS to hash the password (and keep 'em secret, of course).  Remever, every little bit helps..."
 
 hash_msg_01 = "Password: "
 hash_msg_02 = "Hash    : "
@@ -85,7 +85,7 @@ login_h2 = "Log In"
 login_txt_01 = "Username:"
 login_txt_02 = "Password:"
 
-login_msg_01a = "There have been"
+login_msg_01a = "There have been "
 login_msg_01b = "invalid login attempts."
 login_msg_02a = "Please wait"
 login_msg_02b = "seconds to try again."
@@ -95,14 +95,14 @@ edit_notes_00  = "NOTES:"
 edit_note_01a = "Remember- your "
 edit_note_01b = " is "
 edit_note_02 = "So save changes before the clock runs out, or the changes will be lost!"
-edit_note_03 = "some browsers, such as Chrome, if you click the browser [Back] then browser [Forward] (or vice versa), the file state may not be accurate.  To correct, click the browser\'s [Reload]."
-edit_note_04 = "Chrome'\s XSS filters may disable some javascript in a page if the page even appears to contain inline javascript in certain contexts.  This can affect some features of the OneFileCMS edit page when editing files that legitimately contain such code, such as OneFileCMS itself.  However, such files can still be edited and saved with OneFileCMS.  The primary function lost is the incidental change of background colors (red/green) indicating whether or not the file has unsaved changes.  The issue will be noticed after the first save of such a file."
+edit_note_03 = "With some browsers, such as Chrome, if you click the browser [Back] then browser [Forward], the file state may not be accurate.  To correct, click the browser's [Reload]."
+edit_note_04 = "Chrome may disable some javascript in a page if the page even appears to contain inline javascript in certain contexts.  This can affect some features of the OneFileCMS edit page when editing files that legitimately contain such code, such as OneFileCMS itself.  However, such files can still be edited and saved with OneFileCMS.  The primary function lost is the incidental change of background colors (red/green) indicating whether or not the file has unsaved changes.  The issue will be noticed after the first save of such a file."
 
 edit_h2_1 = "Viewing: "
 edit_h2_2 = "Editing: "
 edit_txt_01 = "Non-text or unkown file type. Edit disabled."
 edit_txt_02 = "File possibly contains an invalid character. Edit and view disabled."
-edit_txt_03 = "htmlspecialchars() returned and empty string from what may be an otherwise valid file."
+edit_txt_03 = "htmlspecialchars() returned an empty string from what may be an otherwise valid file."
 edit_txt_04 = "This behavior can be inconsistant from version to version of php."
 
 too_large_to_edit_01a = "Edit disabled. Filesize > "
diff --git a/onefilecms.php b/onefilecms.php
index ce73eaf..1d05411 100755
--- a/onefilecms.php
+++ b/onefilecms.php
@@ -1,7 +1,7 @@
 <?php 
 // OneFileCMS - github.com/Self-Evident/OneFileCMS
 
-$version = '3.3.0';
+$version = '<font color=red><b>3.3.01.BETA</b></font>';  //#####
 
 /*******************************************************************************
 Copyright © 2009-2012 https://github.com/rocktronica
@@ -54,7 +54,7 @@
 $HASHWORD = 'c3e70af96ab1bfc5669280e98b438e1a8c08ca5e0bb3354c05ceaa6f339fd3f6'; //hash for "password"
 $SALT     = 'somerandomsalt';
 
-$LANGUAGE = ""; //Filename of language settings. Leave blank for built-in default.
+$LANGUAGE = "X-OneFileCMS.LANG.EN.ini"; //Filename of language settings. Leave blank for built-in default.
 
 $MAX_ATTEMPTS  = 3;   //Max failed login attempts before LOGIN_DELAY starts.
 $LOGIN_DELAY   = 10;  //In seconds.
@@ -81,6 +81,7 @@
 $config_fclass = "bin,img,img,img,img,img,svg,txt,txt,css,php,txt,cfg,cfg ,txt,txt,htm,htm";  // number of values. bin is default.
 
 $EX = '<b>( ! )</b> '; //EXclaimation point "icon" Used in $message's
+$WIDE_VIEW_WIDTH = '97%';
 
 $SESSION_NAME = 'OFCMS'; //Also the cookie name. Change if using multiple copies of OneFileCMS.
 
@@ -163,230 +164,229 @@ function hsc($input) { return htmlspecialchars($input); }// end hsc() **********
 
 
 function Default_Language() { // ***********************************************
+global $_;
+// OneFileCMS Language Settings
+//
+$_['LANGUAGE'] = 'English (default)';
+//
+// These are the default values included directly in onefilecms.php.
+//
+// If no translation or value is desired for a particular setting, do not delete
+// the actual setting variable, just set it to an empty string.
+// For example:  $_['some_unused_setting'] = "";
+//
+// Remember to slash-escape any single quotes that may be within a value:  \'
+
+
+
+$_['Upload_File'] = 'Upload File';
+$_['New_File']    = 'New File';
+$_['Ren_Move']    = 'Rename/Move';
+$_['Ren_Moved']   = 'Renamed/Moved';
+$_['New_Folder']  = 'New Folder';
+$_['Ren_Folder']  = 'Rename/Move Folder';
+$_['Del_Folder']  = 'Delete Folder';
+
+$_['Admin']  = 'Admin';
+$_['Enter']  = 'Enter';
+$_['Edit']   = 'Edit';
+$_['Close']  = 'Close';
+$_['Cancel'] = 'Cancel';
+$_['Upload'] = 'Upload';
+$_['Create'] = 'Create';
+$_['Copy']   = 'Copy';
+$_['Copied'] = 'Copied';
+$_['Rename'] = 'Rename';
+$_['Delete'] = 'Delete';
+$_['DELETE'] = 'DELETE';
+$_['File']   = 'File';
+$_['Folder'] = 'Folder';
+
+$_['Log_In']  = 'Log In';
+$_['Log_Out'] = 'Log Out';
+$_['Hash']    = 'Hash';
+$_['Generate_Hash'] = 'Generate Hash';
+
+$_['save_1']      = 'Save';
+$_['save_2']      = 'SAVE CHANGES!';
+$_['reset']       = 'Reset - loose changes';
+$_['Wide_View']   = 'Wide View';
+$_['Normal_View'] = 'Normal View';
+
+$_['on_']    = 'on';
+
+$_['verify_msg_01'] = 'Session expired.';
+$_['verify_msg_02'] = 'INVALID POST';
+
+$_['get_get_msg_01'] = 'File does not exist:';
+
+$_['check_path_msg_01'] = 'Directory does not exist: ';
+
+$_['ord_msg_01'] = 'A file with that name already exists in the target directory.';
+$_['ord_msg_02'] = 'Saving as';
+
+$_['show_img_msg_01'] = 'Image shown at ~';
+$_['show_img_msg_02'] = '% of full size (W x H = ';
+
+$_['hash_h2'] = 'Generate a Password Hash';
+$_['hash_txt_01'] = 'There are two ways to change your OneFileCMS password:';
+$_['hash_txt_02'] = '1) Use the $PASSWORD config variable to store your desired password, and set $USE_HASH = 0 (zero).';
+$_['hash_txt_03'] = '2) Or, use $HASHWORD to store the hash of your password, and set $USE_HASH = 1.';
+$_['hash_txt_04'] = 'Keep in mind that due to a number of widely varied considerations, this is largely an academic excersize. That is, take the idea that this adds much of an improvement to security with a grain of cryptographic salt.	However, it does eleminate the storage of your password in plain text, which is a good thing.';
+$_['hash_txt_05'] = 'Anyway, to use the $HASHWORD password option:';
+$_['hash_txt_06'] = 'Type your desired password in the input field above and hit Enter.';
+$_['hash_txt_07'] = 'The hash will be displayed in a yellow message box above that.';
+$_['hash_txt_08'] = 'Copy and paste the new hash to the $HASHWORD variable in the config section.';
+$_['hash_txt_09'] = 'Make sure to copy ALL of, and ONLY, the hash (no leading or trailing spaces etc).';
+$_['hash_txt_10'] = 'A double-click should select it...';
+$_['hash_txt_11'] = 'Make sure $USE_HASH is set to 1 (or true).';
+$_['hash_txt_12'] = 'When ready, logout and login.';
+$_['hash_txt_13'] = 'You can use OneFileCMS to edit itself.  However, be sure to have a backup ready for the inevitable ytpo...';
+$_['hash_txt_14'] = 'For another small improvement to security, change the default salt and/or method used by OneFileCMS to hash the password (and keep \'em secret, of course).  Remever, every little bit helps...';
+
+$_['hash_msg_01'] = 'Password: ';
+$_['hash_msg_02'] = 'Hash    : ';
+
+$_['login_h2'] = 'Log In';
+$_['login_txt_01'] = 'Username:';
+$_['login_txt_02'] = 'Password:';
+
+$_['login_msg_01a'] = 'There have been ';
+$_['login_msg_01b'] = 'invalid login attempts.';
+$_['login_msg_02a'] = 'Please wait';
+$_['login_msg_02b'] = 'seconds to try again.';
+$_['login_msg_03']  = 'INVALID LOGIN ATTEMPT #';
+
+$_['edit_notes_00']  = 'NOTES:';
+$_['edit_note_01a'] = 'Remember- your ';
+$_['edit_note_01b'] = ' is ';
+$_['edit_note_02'] = 'So save changes before the clock runs out, or the changes will be lost!';
+$_['edit_note_03'] = 'With some browsers, such as Chrome, if you click the browser [Back] then browser [Forward], the file state may not be accurate.  To correct, click the browser\'s [Reload].';
+$_['edit_note_04'] = 'Chrome may disable some javascript in a page if the page even appears to contain inline javascript in certain contexts.  This can affect some features of the OneFileCMS edit page when editing files that legitimately contain such code, such as OneFileCMS itself.  However, such files can still be edited and saved with OneFileCMS.  The primary function lost is the incidental change of background colors (red/green) indicating whether or not the file has unsaved changes.  The issue will be noticed after the first save of such a file.';
+
+$_['edit_h2_1'] = 'Viewing: ';
+$_['edit_h2_2'] = 'Editing: ';
+$_['edit_txt_01'] = 'Non-text or unkown file type. Edit disabled.';
+$_['edit_txt_02'] = 'File possibly contains an invalid character. Edit and view disabled.';
+$_['edit_txt_03'] = 'htmlspecialchars() returned an empty string from what may be an otherwise valid file.';
+$_['edit_txt_04'] = 'This behavior can be inconsistant from version to version of php.';
+
+$_['too_large_to_edit_01a'] = 'Edit disabled. Filesize > ';
+$_['too_large_to_edit_01b'] = ' bytes.';
+$_['too_large_to_edit_02'] = 'Some browsers (ie: IE) bog down or become unstable while editing a large file in an HTML <textarea>.';
+$_['too_large_to_edit_03'] = 'Adjust $MAX_EDIT_SIZE in the configuration section of OneFileCMS as needed.';
+$_['too_large_to_edit_04'] = 'A simple trial and error test can determine a practical limit for a given browser/computer.';
+
+$_['too_large_to_view_01a'] = 'View disabled. Filesize > ';
+$_['too_large_to_view_01b'] = ' bytes.';
+$_['too_large_to_view_02'] = 'Click the the file name above to view as normally rendered in a browser window.';
+$_['too_large_to_view_03'] = 'Adjust $MAX_VIEW_SIZE in the configuration section of OneFileCMS as needed.';
+$_['too_large_to_view_04'] = '(The default value for $MAX_VIEW_SIZE is completely arbitrary, and may be adjusted as desired.)';
+
+$_['meta_txt_01'] = 'Filesize: ';
+$_['meta_txt_02'] = ' bytes.';
+$_['meta_txt_03'] = 'Updated: ';
+
+$_['edit_msg_01'] = 'File saved: ';
+$_['edit_msg_02'] = 'bytes written.';
+$_['edit_msg_03'] = 'There was an error saving file.';
+
+$_['upload_h2'] = 'Upload File';
+$_['upload_txt_01'] = '  per upload_max_filesize in php.ini.';
+$_['upload_txt_02'] = 'per post_max_size in php.ini';
+$_['upload_txt_03'] = 'Note: Maximum upload file size is: ';
+
+$_['upload_err_01a'] = 'Error 1: File too large.  ';
+$_['upload_err_01b'] = ' (From php.ini)';
+$_['upload_err_02a'] = 'Error 2: File too large.  ';
+$_['upload_err_02b'] = ' (From OneFileCMS)';
+$_['upload_err_03']  = 'Error 3: The uploaded file was only partially uploaded.';
+$_['upload_err_04']  = 'Error 4: No file was uploaded.';
+$_['upload_err_05']  = 'Error 5:';
+$_['upload_err_06']  = 'Error 6: Missing a temporary folder.';
+$_['upload_err_07']  = 'Error 7: Failed to write file to disk.';
+$_['upload_err_08']  = 'Error 8: A PHP extension stopped the file upload.';
+
+$_['upload_msg_01'] = 'No file selected for upload.';
+$_['upload_msg_02'] = 'Destination folder does not exist: ';
+$_['upload_msg_03'] = 'Upload cancelled.';
+$_['upload_msg_04'] = 'Uploading: ';
+$_['upload_msg_05'] = 'Upload successful! ';
+$_['upload_msg_06'] = 'Upload failed: ';
+
+$_['new_file_h2'] = 'New File';
+$_['new_file_txt_01'] = 'File will be created in the current folder.  ';
+$_['new_file_txt_02'] = 'Some invalid characters are: ';
+
+$_['new_file_msg_01'] = 'New file not created:';
+$_['new_file_msg_02'] = 'Name contains invalid character(s): ';
+$_['new_file_msg_03'] = 'New file not created - no name given';
+$_['new_file_msg_04'] = 'File already exists: ';
+$_['new_file_msg_05'] = 'Created file:';
+$_['new_file_msg_06'] = 'Error - new file not created:';
+
+$_['CRM_txt_01']  = 'To move a file or folder, change the path/to/folder/or_file. The new location must already exist.';
+$_['CRM_txt_02']  = 'Old name:';
+$_['CRM_txt_03']  = 'New name:';
+
+$_['CRM_msg_01'] = ' Error - new parent location does not exist:';
+$_['CRM_msg_02'] = ' Error - source file does not exist:';
+$_['CRM_msg_03'] = ' Error - target filename already exists:';
+$_['CRM_msg_04'] = ' to ';
+$_['CRM_msg_05a'] = 'Error during ';
+$_['CRM_msg_05b'] = ' from the above to the following:';
+
+$_['delete_h2'] = 'Delete File';
+$_['delete_txt_01'] = 'Are you sure?';
+
+$_['delete_msg_01'] = 'Deleted file:';
+$_['delete_msg_02'] = 'Error deleting ';
+
+$_['new_folder_h2'] = 'New Folder';
+$_['new_folder_txt_1'] = 'Folder will be created in the current folder.  ';
+$_['new_folder_txt_2'] = 'Some invalid characters are: ';
+
+$_['new_folder_msg_01'] = 'New folder not created:';
+$_['new_folder_msg_02'] = 'Name contains invalid character(s): ';
+$_['new_folder_msg_03'] = 'New folder not created - no name given.';
+$_['new_folder_msg_04'] = 'Folder already exists: ';
+$_['new_folder_msg_05'] = 'Created folder:';
+$_['new_folder_msg_06'] = 'Error - new folder not created: ';
+
+$_['delete_folder_h2'] = 'Delete Folder';
+$_['delete_folder_txt_01'] = 'Are you sure?';
+
+$_['delete_folder_msg_01'] = 'Folder not empty.   Folders must be empty before they can be deleted.';
+$_['delete_folder_msg_02'] = 'Deleted folder:';
+$_['delete_folder_msg_03'] = 'an error occurred during delete.';
+
+$_['page_title_login']      = 'Log In';
+$_['page_title_hash']       = 'Hash Page';
+$_['page_title_edit']       = 'Edit/View File';
+$_['page_title_upload']     = 'Upload File';
+$_['page_title_new_file']   = 'New File';
+$_['page_title_copy']       = 'Copy File';
+$_['page_title_ren']        = 'Rename File';
+$_['page_title_del']        = 'Delete File';
+$_['page_title_folder_new'] = 'New Folder';
+$_['page_title_folder_ren'] = 'Rename/Move Folder';
+$_['page_title_folder_del'] = 'Delete Folder';
+
+$_['session_expired'] = 'SESSION EXPIRED';
+$_['unload_unsaved']  = '               Unsaved changes will be lost!';
+$_['confirm_reset']   = 'Reset file and loose unsaved changes?';
+
+$_['OFCMS_requires']  = 'OneFileCMS requires PHP5 to operate. Tested on versions 5.2.17, 5.3.3 & 5.4';
+
+$_['logout_msg']       = 'You have successfully logged out.';
+$_['folder_del_msg']   = 'Folder not empty.   Folders must be empty before they can be deleted.';
+$_['upload_error_01a'] = ' Upload Error.  Total POST data (mostly filesize) exceeded post_max_size = ';
+$_['upload_error_01b'] = ' (from php.ini)';
+$_['edit_caution_01']  = 'CAUTION ';
+$_['edit_caution_02']  = ' You are editing the active copy of OneFileCMS - BACK IT UP & BE CAREFUL !!';
+
+$_['time_out_txt'] = 'Session time out in:';
 
-	return('
-
-LANGUAGE = "English (default)"
-
-;// These are the default values included directly in onefilecms.php.
-;//
-;// If no translation or value is desired for a particular setting, do not delete
-;// the actual setting variable, just set it to an empty string.
-;// For example:  some_unused_setting = ""
-;//
-;// Remember to slash-escape double quotes that may be within a value:  \"
-;// And, if the these settings are set directly in Default_Language() in onefilecms.php,
-;// single quotes must also be escaped:   \'
-
-Upload_File = "Upload File"
-New_File    = "New File"
-Ren_Move    = "Rename/Move"
-Ren_Moved   = "Renamed/Moved"
-New_Folder  = "New Folder"
-Ren_Folder  = "Rename/Move Folder"
-Del_Folder  = "Delete Folder"
-
-Admin  = "Admin"
-Enter  = "Enter"
-Edit   = "Edit"
-Close  = "Close"
-Cancel = "Cancel"
-Upload = "Upload"
-Create = "Create"
-Copy   = "Copy"
-Copied = "Copied"
-Rename = "Rename"
-Delete = "Delete"
-DELETE = "DELETE"
-File   = "File"
-Folder = "Folder"
-
-Log_In  = "Log In"
-Log_Out = "Log Out"
-Hash    = "Hash"
-Generate_Hash = "Generate Hash"
-
-save_1      = "Save"
-save_2      = "SAVE CHANGES!"
-reset       = "Reset - loose changes"
-Wide_View   = "Wide View"
-Normal_View = "Normal View"
-
-on_      = "on"
-
-verify_msg_01 = "Session expired."
-verify_msg_02 = "INVALID POST"
-
-get_get_msg_01 = "File does not exist:"
-
-check_path_msg_01 = "Directory does not exist: "
-
-ord_msg_01 = "A file with that name already exists in the target directory."
-ord_msg_02 = "Saving as"
-
-show_img_msg_01 = "Image shown at ~"
-show_img_msg_02 = "% of full size (W x H = "
-
-hash_h2 = "Generate a Password Hash"
-hash_txt_01 = "There are two ways to change your OneFileCMS password:"
-hash_txt_02 = "1) Use the $PASSWORD config variable to store your desired password, and set $USE_HASH = 0 (zero)."
-hash_txt_03 = "2) Or, use $HASHWORD to store the hash of your password, and set $USE_HASH = 1."
-hash_txt_04 = "Keep in mind that due to a number of widely varied considerations, this is largely an academic excersize. That is, take the idea that this adds much of an improvement to security with a grain of cryptographic salt.	However, it does eleminate the storage of your password in plain text, which is a good thing."
-hash_txt_05 = "Anyway, to use the $HASHWORD password option:"
-hash_txt_06 = "Type your desired password in the input field above and hit Enter."
-hash_txt_07 = "The hash will be displayed in a yellow message box above that."
-hash_txt_08 = "Copy and paste the new hash to the $HASHWORD variable in the config section."
-hash_txt_09 = "Make sure to copy ALL of, and ONLY, the hash (no leading or trailing spaces etc)."
-hash_txt_10 = "A double-click should select it..."
-hash_txt_11 = "Make sure $USE_HASH is set to 1 (or true)."
-hash_txt_12 = "When ready, logout and login."
-hash_txt_13 = "You can use OneFileCMS to edit itself.  However, be sure to have a backup ready for the inevitable ytpo..."
-hash_txt_14 = "For another small improvement to security, change the default salt and/or method used by OneFileCMS to hash the password (and keep \'em secret, of course).  Remever, every little bit helps..."
-
-hash_msg_01 = "Password: "
-hash_msg_02 = "Hash    : "
-
-login_h2 = "Log In"
-login_txt_01 = "Username:"
-login_txt_02 = "Password:"
-
-login_msg_01a = "There have been "
-login_msg_01b = "invalid login attempts."
-login_msg_02a = "Please wait"
-login_msg_02b = "seconds to try again."
-login_msg_03  = "INVALID LOGIN ATTEMPT #"
-
-edit_notes_00  = "NOTES:"
-edit_note_01a = "Remember- your "
-edit_note_01b = " is "
-edit_note_02 = "So save changes before the clock runs out, or the changes will be lost!"
-edit_note_03 = "some browsers, such as Chrome, if you click the browser [Back] then browser [Forward] (or vice versa), the file state may not be accurate.  To correct, click the browser\'s [Reload]."
-edit_note_04 = "Chrome\'s XSS filters may disable some javascript in a page if the page even appears to contain inline javascript in certain contexts.  This can affect some features of the OneFileCMS edit page when editing files that legitimately contain such code, such as OneFileCMS itself.  However, such files can still be edited and saved with OneFileCMS.  The primary function lost is the incidental change of background colors (red/green) indicating whether or not the file has unsaved changes.  The issue will be noticed after the first save of such a file."
-
-edit_h2_1 = "Viewing: "
-edit_h2_2 = "Editing: "
-edit_txt_01 = "Non-text or unkown file type. Edit disabled."
-edit_txt_02 = "File possibly contains an invalid character. Edit and view disabled."
-edit_txt_03 = "htmlspecialchars() returned and empty string from what may be an otherwise valid file."
-edit_txt_04 = "This behavior can be inconsistant from version to version of php."
-
-too_large_to_edit_01a = "Edit disabled. Filesize > "
-too_large_to_edit_01b = " bytes."
-too_large_to_edit_02 = "Some browsers (ie: IE) bog down or become unstable while editing a large file in an HTML <textarea>."
-too_large_to_edit_03 = "Adjust $MAX_EDIT_SIZE in the configuration section of OneFileCMS as needed."
-too_large_to_edit_04 = "A simple trial and error test can determine a practical limit for a given browser/computer."
-
-too_large_to_view_01a = "View disabled. Filesize > "
-too_large_to_view_01b = " bytes."
-too_large_to_view_02 = "Click the the file name above to view as normally rendered in a browser window."
-too_large_to_view_03 = "Adjust $MAX_VIEW_SIZE in the configuration section of OneFileCMS as needed."
-too_large_to_view_04 = "(The default value for $MAX_VIEW_SIZE is completely arbitrary, and may be adjusted as desired.)"
-
-meta_txt_01 = "Filesize: "
-meta_txt_02 = " bytes."
-meta_txt_03 = "Updated: "
-
-edit_msg_01 = "File saved: "
-edit_msg_02 = "bytes written."
-edit_msg_03 = "There was an error saving file."
-
-upload_h2 = "Upload File"
-upload_txt_01 = "  per upload_max_filesize in php.ini."
-upload_txt_02 = "per post_max_size in php.ini"
-upload_txt_03 = "Note: Maximum upload file size is: "
-
-upload_err_01a = "Error 1: File too large.  "
-upload_err_01b = " (From php.ini)"
-upload_err_02a = "Error 2: File too large.  "
-upload_err_02b = " (From OneFileCMS)"
-upload_err_03  = "Error 3: The uploaded file was only partially uploaded."
-upload_err_04  = "Error 4: No file was uploaded."
-upload_err_05  = "Error 5:"
-upload_err_06  = "Error 6: Missing a temporary folder."
-upload_err_07  = "Error 7: Failed to write file to disk."
-upload_err_08  = "Error 8: A PHP extension stopped the file upload."
-
-upload_msg_01 = "No file selected for upload."
-upload_msg_02 = "Destination folder does not exist: "
-upload_msg_03 = "Upload cancelled."
-upload_msg_04 = "Uploading: "
-upload_msg_05 = "Upload successful! "
-upload_msg_06 = "Upload failed: "
-
-new_file_h2 = "New File"
-new_file_txt_01 = "File will be created in the current folder.  "
-new_file_txt_02 = "Some invalid characters are: "
-
-new_file_msg_01 = "New file not created:"
-new_file_msg_02 = "Name contains invalid character(s): "
-new_file_msg_03 = "New file not created - no name given"
-new_file_msg_04 = "File already exists: "
-new_file_msg_05 = "Created file:"
-new_file_msg_06 = "Error - new file not created:"
-
-CRM_txt_01  = "To move a file or folder, change the path/to/folder/or_file. The new location must already exist."
-CRM_txt_02  = "Old name:"
-CRM_txt_03  = "New name:"
-
-CRM_msg_01 = " Error - new parent location does not exist:"
-CRM_msg_02 = " Error - source file does not exist:"
-CRM_msg_03 = " Error - target filename already exists:"
-CRM_msg_04 = " to "
-CRM_msg_05a = "Error during "
-CRM_msg_05b = " from the above to the following:"
-
-delete_h2 = "Delete File"
-delete_txt_01 = "Are you sure?"
-
-delete_msg_01 = "Deleted file:"
-delete_msg_02 = "Error deleting "
-
-new_folder_h2 = "New Folder"
-new_folder_txt_1 = "Folder will be created in the current folder.  "
-new_folder_txt_2 = "Some invalid characters are: "
-
-new_folder_msg_01 = "New folder not created:"
-new_folder_msg_02 = "Name contains invalid character(s): "
-new_folder_msg_03 = "New folder not created - no name given."
-new_folder_msg_04 = "Folder already exists: "
-new_folder_msg_05 = "Created folder:"
-new_folder_msg_06 = "Error - new folder not created: "
-
-delete_folder_h2 = "Delete Folder"
-delete_folder_txt_01 = "Are you sure?"
-
-delete_folder_msg_01 = "Folder not empty.   Folders must be empty before they can be deleted."
-delete_folder_msg_02 = "Deleted folder:"
-delete_folder_msg_03 = "an error occurred during delete."
-
-page_title_login      = "Log In"
-page_title_hash       = "Hash Page"
-page_title_edit       = "Edit/View File"
-page_title_upload     = "Upload File"
-page_title_new_file   = "New File"
-page_title_copy       = "Copy File"
-page_title_ren        = "Rename File"
-page_title_del        = "Delete File"
-page_title_folder_new = "New Folder"
-page_title_folder_ren = "Rename/Move Folder"
-page_title_folder_del = "Delete Folder"
-
-session_expired = "SESSION EXPIRED"
-unload_unsaved  = "               Unsaved changes will be lost!"
-confirm_reset   = "Reset file and loose unsaved changes?"
-
-OFCMS_requires  = "OneFileCMS requires PHP5 to operate. Tested on versions 5.2.17, 5.3.3 & 5.4"
-
-logout_msg       = "You have successfully logged out."
-folder_del_msg   = "Folder not empty.   Folders must be empty before they can be deleted."
-upload_error_01a = " Upload Error.  Total POST data (mostly filesize) exceeded post_max_size = "
-upload_error_01b = " (from php.ini)"
-edit_caution_01  = "CAUTION "
-edit_caution_02  = " You are editing the active copy of OneFileCMS - BACK IT UP & BE CAREFUL !!"
-
-time_out_txt = "Session time out in:"
-
-	'); //end return('language string')
 }//end Default_Language() ******************************************************
 
 
@@ -652,12 +652,12 @@ function message_box() { //*****************************************************
 function Upload_New_Rename_Delete_Links() { //**********************************
 	global $_, $ONESCRIPT, $ipath, $param1;
 	echo '<p class="front_links">';
-	echo '<a href="'.$ONESCRIPT.$param1.'&amp;p=upload">'   ; svg_icon_upload()    ; echo hsc($_['Upload_File']).'</a>';
-	echo '<a href="'.$ONESCRIPT.$param1.'&amp;p=newfile">'  ; svg_icon_file_new()  ; echo hsc($_['New_File'])   .'</a>';
-	echo '<a href="'.$ONESCRIPT.$param1.'&amp;p=newfolder">'; svg_icon_folder_new(); echo hsc($_['New_Folder']) .'</a>';
+	echo '<a href="'.$ONESCRIPT.$param1.'&amp;p=upload">'   ; echo svg_icon_upload()    ; echo hsc($_['Upload_File']).'</a>';
+	echo '<a href="'.$ONESCRIPT.$param1.'&amp;p=newfile">'  ; echo svg_icon_file_new()  ; echo hsc($_['New_File'])   .'</a>';
+	echo '<a href="'.$ONESCRIPT.$param1.'&amp;p=newfolder">'; echo svg_icon_folder_new(); echo hsc($_['New_Folder']) .'</a>';
 	if ($ipath !== "") { //if at root, don't show Rename & Delete links
-		echo '<a href="'.$ONESCRIPT.$param1.'&amp;p=renamefolder">'; svg_icon_folder_ren(); echo hsc($_['Ren_Folder']).'</a>';
-		echo '<a href="'.$ONESCRIPT.$param1.'&amp;p=deletefolder">'; svg_icon_folder_del(); echo hsc($_['Del_Folder']).'</a>';
+		echo '<a href="'.$ONESCRIPT.$param1.'&amp;p=renamefolder">'; echo svg_icon_folder_ren(); echo hsc($_['Ren_Folder']).'</a>';
+		echo '<a href="'.$ONESCRIPT.$param1.'&amp;p=deletefolder">'; echo svg_icon_folder_del(); echo hsc($_['Del_Folder']).'</a>';
 	}
 	echo '</p>';
 }//end Upload_New_Rename_Delete_Links()  ***************************************
@@ -768,64 +768,64 @@ function Init_Macros(){ //*** ($varibale="some reusable chunk of code")*********
 function svg_icon_bin(){ //*****************************************************
 $zero = '<rect x="0"  y="0"  width="3" height="6" fill="transparent" stroke="#555" stroke-width="1" />';
 $one  = '<line x1="0" y1="-.5"   x2="0" y2="6.5"  stroke="#555" stroke-width="1"/>';
-?><svg class="icon" xmlns="http://www.w3.org/2000/svg" version="1.1" width="14" height="16">
-	<g transform="translate( 0.5,0.5)"><?php echo $one  ?></g>
-	<g transform="translate( 3.5,0.5)"><?php echo $zero ?></g>
-	<g transform="translate( 9.5,0.5)"><?php echo $one  ?></g>
-	<g transform="translate(12.5,0.5)"><?php echo $one  ?></g>
-	<g transform="translate( 0.5,9.5)"><?php echo $zero ?></g>
-	<g transform="translate( 6.5,9.5)"><?php echo $one  ?></g>
-	<g transform="translate( 9.5,9.5)"><?php echo $zero ?></g>
-</svg><?php 
+
+return '<svg class="icon" xmlns="http://www.w3.org/2000/svg" version="1.1" width="14" height="16">
+		<g transform="translate( 0.5,0.5)">'.$one .'</g>
+		<g transform="translate( 3.5,0.5)">'.$zero.'</g>
+		<g transform="translate( 9.5,0.5)">'.$one .'</g>
+		<g transform="translate(12.5,0.5)">'.$one .'</g>
+		<g transform="translate( 0.5,9.5)">'.$zero.'</g>
+		<g transform="translate( 6.5,9.5)">'.$one .'</g>
+		<g transform="translate( 9.5,9.5)">'.$zero.'</g>
+		</svg>';
 } //end svg_icon_bin() *********************************************************
 
 
 
 function svg_icon_img(){ //*****************************************************
 global $SVG_icon_img_0;
-?><svg class="icon icon_file" xmlns="http://www.w3.org/2000/svg" version="1.1" width="14" height="16">
-	<?php echo $SVG_icon_img_0 ?>
-</svg><?php 
+return '<svg class="icon icon_file" xmlns="http://www.w3.org/2000/svg" version="1.1" width="14" height="16">'.
+		$SVG_icon_img_0.'</svg>';
 } //end svg_icon_img() *********************************************************
 
 
 
 function svg_icon_svg(){ //*****************************************************
 global $SVG_icon_img_0;
-?><svg class="icon icon_file" xmlns="http://www.w3.org/2000/svg" version="1.1" width="14" height="16">
-	<?php echo $SVG_icon_img_0 ?>
-	<line x1="3" y1="3.5"  x2="11" y2="3.5"  stroke="#444" stroke-width=".6"/>
+return '<svg class="icon icon_file" xmlns="http://www.w3.org/2000/svg" version="1.1" width="14" height="16">'.
+	$SVG_icon_img_0.
+	'<line x1="3" y1="3.5"  x2="11" y2="3.5"  stroke="#444" stroke-width=".6"/>
 	<line x1="3" y1="6.5"  x2="11" y2="6.5"  stroke="#444" stroke-width=".6"/>
 	<line x1="3" y1="9.5"  x2="11" y2="9.5"  stroke="#444" stroke-width=".6"/>
 	<line x1="3" y1="12.5" x2="11" y2="12.5" stroke="#444" stroke-width=".6"/>
-</svg><?php 
+	</svg>';
 } //end svg_icon_img() *********************************************************
 
 
 
 function svg_icon_txt_0($border, $lines, $fill, $extra){ //*********************
-?><svg class="icon icon_file" xmlns="http://www.w3.org/2000/svg" version="1.1" width="14" height="16">
+return '<svg class="icon icon_file" xmlns="http://www.w3.org/2000/svg" version="1.1" width="14" height="16">
 	<rect x = "0" y = "0" width = "14" height = "16" 
-		fill="<?php echo $fill ?>" stroke="<?php echo $border ?>" stroke-width="2" />
-	<line x1="3" y1="3.5"  x2="11" y2="3.5"  stroke="<?php echo $lines ?>" stroke-width=".6"/>
-	<line x1="3" y1="6.5"  x2="11" y2="6.5"  stroke="<?php echo $lines ?>" stroke-width=".6"/>
-	<line x1="3" y1="9.5"  x2="11" y2="9.5"  stroke="<?php echo $lines ?>" stroke-width=".6"/>
-	<line x1="3" y1="12.5" x2="11" y2="12.5" stroke="<?php echo $lines ?>" stroke-width=".6"/>
-	<?php echo $extra ?>
-</svg><?php 
+	fill="'.$fill.'" stroke="'.$border.'" stroke-width="2" />
+	<line x1="3" y1="3.5"  x2="11" y2="3.5"  stroke="'.$lines.'" stroke-width=".6"/>
+	<line x1="3" y1="6.5"  x2="11" y2="6.5"  stroke="'.$lines.'" stroke-width=".6"/>
+	<line x1="3" y1="9.5"  x2="11" y2="9.5"  stroke="'.$lines.'" stroke-width=".6"/>
+	<line x1="3" y1="12.5" x2="11" y2="12.5" stroke="'.$lines.'" stroke-width=".6"/>'.
+	$extra.
+	'</svg>';
 } //end svg_icon_txt() *********************************************************
 
 
 
-function svg_icon_txt(){ svg_icon_txt_0('#333', '#000', '#FFF', ''); } //*******
+function svg_icon_txt(){ return svg_icon_txt_0('#333', '#000', '#FFF', ''); } //*******
 
-function svg_icon_htm(){ svg_icon_txt_0('#444', '#222', '#FABEAA', ''); } //**** rgb(250,190,170)
+function svg_icon_htm(){ return svg_icon_txt_0('#444', '#222', '#FABEAA', ''); } //**** rgb(250,190,170)
 
-function svg_icon_php(){ svg_icon_txt_0('#333', '#111', '#C3C3FF', ''); } //**** rgb(195,195,225)
+function svg_icon_php(){ return svg_icon_txt_0('#333', '#111', '#C3C3FF', ''); } //**** rgb(195,195,225)
 
-function svg_icon_css(){ svg_icon_txt_0('#333', '#111', '#FFE1A5', ''); } //**** rgb(255,225,165)
+function svg_icon_css(){ return svg_icon_txt_0('#333', '#111', '#FFE1A5', ''); } //**** rgb(255,225,165)
 
-function svg_icon_cfg(){ svg_icon_txt_0('#444', '#111', '#DDD', ''); } //*******
+function svg_icon_cfg(){ return svg_icon_txt_0('#444', '#111', '#DDD', ''); } //*******
 
 
 
@@ -833,7 +833,8 @@ function svg_icon_upload(){ //**************************************************
 	$extra = '<g transform="scale(1.1) translate(1.75,4)">
 		<polygon points="6,0  12,6  8,6  8,11  4,11  4,6  0,6" 
 		stroke-width="1" stroke="white" fill="green" /></g>';
-	svg_icon_txt_0('#333', 'black', 'white', $extra);
+
+	return svg_icon_txt_0('#333', 'black', 'white', $extra);
 } //end svg_icon_upload() ******************************************************
 
 
@@ -841,7 +842,8 @@ function svg_icon_upload(){ //**************************************************
 function svg_icon_file_new(){ //************************************************
 	global $SVG_icon_circle_plus;
 	$extra = '<g transform="translate(4,6)">'.$SVG_icon_circle_plus.'</g>';
-	svg_icon_txt_0('#444', 'black', 'white', $extra);
+
+	return svg_icon_txt_0('#444', 'black', 'white', $extra);
 } //end svg_icon_file_new() ****************************************************
 
 
@@ -849,33 +851,36 @@ function svg_icon_file_new(){ //************************************************
 function svg_icon_file_del(){ //************************************************
 global $SVG_icon_circle_x;
 	$extra = '<g transform="translate(4,6)">'.$SVG_icon_circle_x.'</g>';
-	svg_icon_txt_0('#444', 'black', 'white', $extra);
+
+	return svg_icon_txt_0('#444', 'black', 'white', $extra);
 } //end svg_icon_file_del() ****************************************************
 
 
 
 function svg_icon_folder_0($extra){ //******************************************
-?><svg class="icon icon_fldr" xmlns="http://www.w3.org/2000/svg" version="1.1" width="18" height="14">
+
+ return '<svg class="icon icon_fldr" xmlns="http://www.w3.org/2000/svg" version="1.1" width="18" height="14">
 	<path  d="M0.5, 1  L8,1  L9,2  L9,3  L16.5,3  L17,3.5  L17,13.5  L.5,13.5  L.5,.5" 
 			fill="#FBE47b" stroke="#F0CD28" stroke-width="1" />
 	<path  d="M1.5, 8  L7, 8  L8.5,6.3  L16,6.3  L7.5, 6.3   L6.5,7.5  L1.5,7.5" 
 			fill="transparent" stroke="white" stroke-width="1" />
 	<path  d="M1.5,13  L1.5,2  L7.5,2  L8.5,3  L8.5,4  L15.5,4 L16,4.5  L16,13"  
-			fill="transparent" stroke="white" stroke-width="1" />
-	<?php echo $extra ?>
-</svg><?php 
+			fill="transparent" stroke="white" stroke-width="1" />'.
+	$extra.'
+	</svg>';
+
 } //end svg_icon_folder_0() ****************************************************
 
 
 
-function svg_icon_folder(){ svg_icon_folder_0(''); } //*************************
+function svg_icon_folder(){ return svg_icon_folder_0(''); } //******************
 
 
 
 function svg_icon_folder_new(){ //**********************************************
 	global $SVG_icon_circle_plus;
 	$extra = '<g transform="translate(7.5,4)">'.$SVG_icon_circle_plus.'</g>';
-	svg_icon_folder_0($extra);
+	return svg_icon_folder_0($extra);
 } //end svg_icon_folder_new() **************************************************
 
 
@@ -883,7 +888,7 @@ function svg_icon_folder_new(){ //**********************************************
 function svg_icon_folder_ren(){ //**********************************************
 	global $SVG_icon_pencil;
 	$extra = '<g transform="translate(6,3)">'.$SVG_icon_pencil.'</g>';
-	svg_icon_folder_0($extra);
+	return svg_icon_folder_0($extra);
 } //end svg_icon_folder_ren() **************************************************
 
 
@@ -891,22 +896,22 @@ function svg_icon_folder_ren(){ //**********************************************
 function svg_icon_folder_del(){ //**********************************************
 	global $SVG_icon_circle_x; 
 	$extra = '<g transform="translate(7.5,4)">'.$SVG_icon_circle_x.'</g>';
-	svg_icon_folder_0($extra);
+	return svg_icon_folder_0($extra);
 } //end svg_icon_folder_del() **************************************************
 
 
 
 
 function show_icon($type){ //***************************************************
-	if     ($type == 'bin') { svg_icon_bin(); }
-	elseif ($type == 'img') { svg_icon_img(); }
-	elseif ($type == 'svg') { svg_icon_svg(); }
-	elseif ($type == 'txt') { svg_icon_txt(); }
-	elseif ($type == 'htm') { svg_icon_htm(); }
-	elseif ($type == 'php') { svg_icon_php(); }
-	elseif ($type == 'css') { svg_icon_css(); }
-	elseif ($type == 'cfg') { svg_icon_cfg(); }
-	else                    { svg_icon_bin(); } //default
+	if     ($type == 'bin') { return svg_icon_bin(); }
+	elseif ($type == 'img') { return svg_icon_img(); }
+	elseif ($type == 'svg') { return svg_icon_svg(); }
+	elseif ($type == 'txt') { return svg_icon_txt(); }
+	elseif ($type == 'htm') { return svg_icon_htm(); }
+	elseif ($type == 'php') { return svg_icon_php(); }
+	elseif ($type == 'css') { return svg_icon_css(); }
+	elseif ($type == 'cfg') { return svg_icon_cfg(); }
+	else                    { return svg_icon_bin(); } //default
 }//end show_icon() *************************************************************
 
 
@@ -1010,12 +1015,13 @@ function Login_response() { //**************************************************
 	$attempts = 0;
 	$elapsed  = 0;
 
-	if (is_file($LOGIN_ATTEMPTS)) { //Check for prior failed attempts
+	//Check for prior failed attempts
+	if (is_file($LOGIN_ATTEMPTS)) { 
 		$attempts = (int)file_get_contents($LOGIN_ATTEMPTS); //Don't increment yet...
 		$elapsed  = time() - filemtime($LOGIN_ATTEMPTS);
 	}
-
 	if ($attempts > 0) { $message .= '<b>'.hsc($_['login_msg_01a']).' '.$attempts.' '.hsc($_['login_msg_01b']).'</b><br>';}
+
 	if ( ($attempts >= $MAX_ATTEMPTS) && ($elapsed < $LOGIN_DELAY) ){
 		$message .= hsc($_['login_msg_02a']).' '.Timeout_Timer(($LOGIN_DELAY - $elapsed), 'timer0', '', '').' '.hsc($_['login_msg_02b']);
 		return;
@@ -1025,8 +1031,8 @@ function Login_response() { //**************************************************
 	if ($USE_HASH) { $VALID_PASSWORD = (hashit($_POST['password']) == $HASHWORD); }
 	else           { $VALID_PASSWORD = (       $_POST['password']  == $PASSWORD); }
 
-	//validate login.  Ignore attempt if username & password are blank. 
-	if ( ($_POST['password'] == "") && ($_POST['username'] == "") )  { ; //
+	//validate login.  
+	if ( ($_POST['password'] == "") && ($_POST['username'] == "") )  { ; //Ignore attempt if username & password are blank.
 	}elseif ( $VALID_PASSWORD && ($_POST['username'] == $USERNAME) ) {
 		session_regenerate_id(true);
 		$_SESSION['USER_AGENT'] = $_SERVER['HTTP_USER_AGENT']; //for user consistancy check.
@@ -1069,14 +1075,14 @@ function List_Files() { // ...in a vertical table ******************************
 			$type = $fclasses[array_search($ext, $ftypes)];
 ?>
 			<tr>
-				<td>
+				<td class="file_name">
 					<?php echo '<a href="'.$ONESCRIPT.$param1.'&amp;f='.rawurlencode($file).'&amp;p=edit" >'; ?>
-					<?php show_icon($type); echo  htmlentities($file), '</a>'; ?>
+					<?php echo show_icon($type).htmlentities($file), '</a>'; ?>
 				</td>
-				<td class="meta_T meta_size">&nbsp;
+				<td class="meta_T file_size">&nbsp;
 					<?php echo number_format(filesize($ipath.$file)); ?> B
 				</td>
-				<td class="meta_T meta_time"> &nbsp;
+				<td class="meta_T file_time"> &nbsp;
 					<script>FileTimeStamp(<?php echo filemtime($ipath.$file); ?>, 1, 0);</script>
 				</td>
 			</tr>
@@ -1098,7 +1104,7 @@ function Index_Page(){ //*******************************************************
 		natcasesort($folders);
 		foreach ($folders as $folder) {
 			echo '<a href="'.$ONESCRIPT.'?i='.URLencode_path($folder).'/">'.PHP_EOL;
-			svg_icon_folder();
+			echo svg_icon_folder();
 			echo htmlentities(basename($folder)).' /</a>';
 		}
 	echo '</p>';
@@ -1119,10 +1125,10 @@ function Edit_Page_buttons_top($text_editable){ //******************************
 ?>
 	<div class="edit_btns_top">
 		<div class="file_meta">
-			<span class="meta_size">
+			<span class="file_size">
 				<?php echo hsc($_['meta_txt_01']).number_format(filesize($filename)).' '.hsc($_['meta_txt_02']); ?>
-			</span> &nbsp; 
-			<span class="meta_time">
+			</span>	&nbsp;
+			<span class="file_time">
 				<?php echo hsc($_['meta_txt_03']) ?><script>FileTimeStamp(<?php echo filemtime($filename); ?>, 1, 1);</script>
 			</span><br>
 		</div>
@@ -1188,11 +1194,11 @@ function Edit_Page_form($ext, $text_editable, $too_large_to_edit, $too_large_to_
 
 			}else{
 				if (PHP_VERSION_ID  < 50400) {  // 5.4.0
-					$filecontent = hsc(file_get_contents($filename));
+					$filecontents = hsc(file_get_contents($filename));
 				}else{
-					$filecontent = hsc(file_get_contents($filename),ENT_SUBSTITUTE);
+					$filecontents = hsc(file_get_contents($filename),ENT_SUBSTITUTE);
 				}
-				$bad_chars = ($filecontent == "" && filesize($filename) > 0);
+				$bad_chars = ($filecontents == "" && filesize($filename) > 0);
 
 				if ($bad_chars){ //did htmlspecialchars return an empty string?
 					echo '<pre class="edit_disabled">'.$EX.hsc($_['edit_txt_02']).'<br>';
@@ -1201,7 +1207,7 @@ function Edit_Page_form($ext, $text_editable, $too_large_to_edit, $too_large_to_
 				}else{
 					echo '<input type="hidden" name="filename" id="filename" value="'.hsc($filename).'">';
 					echo '<textarea id="file_contents" name="content" cols="70" rows="25"
-						onkeyup="Check_for_changes(event);">'.$filecontent.'</textarea>'.PHP_EOL;
+						onkeyup="Check_for_changes(event);">'.$filecontents.'</textarea>'.PHP_EOL;
 				}
 			} //end if non-text file...
 		} //end if non-image
@@ -1242,7 +1248,7 @@ function Edit_Page_Notes() { //*************************************************
 
 
 function Edit_Page() { //*******************************************************
-	global $_, $ONESCRIPT, $param1, $filename, $filecontent, $etypes, $itypes, $MAX_EDIT_SIZE, $MAX_VIEW_SIZE;
+	global $_, $ONESCRIPT, $param1, $filename, $filecontents, $etypes, $itypes, $MAX_EDIT_SIZE, $MAX_VIEW_SIZE;
 	clearstatcache ();
 
 	//Determine if text editable file type
@@ -1280,8 +1286,8 @@ function Edit_Page() { //*******************************************************
 		echo '<p class="edit_disabled">'.$too_large_to_view_message.'</p>';
 	}
 	elseif ( $text_editable && $too_large_to_edit ){ 
-		$filecontent = hsc(file_get_contents($filename), ENT_COMPAT,'UTF-8');
-		echo '<pre class="edit_disabled view_file">'.$filecontent.'</pre>';
+		$filecontents = hsc(file_get_contents($filename), ENT_COMPAT,'UTF-8');
+		echo '<pre class="edit_disabled view_file">'.$filecontents.'</pre>';
 	}
 }//End Edit_Page ***************************************************************
 
@@ -1296,7 +1302,7 @@ function Edit_response(){ //***If on Edit page, and [Save] clicked *************
 	$bytes = file_put_contents($filename, $content);
 
 	if ($bytes !== false) {
-		$message .= '<b>'.hsc($_['edit_msg_01']).' '.$bytes.' '.hsc($_['edit_msg_02']).'</b>';
+		$message .= '<b>'.hsc($_['edit_msg_01']).' '.$bytes.' '.hsc($_['edit_msg_02']).'</b><br>';
 	}else{
 		$message .= $EX.'<b>'.hsc($_['edit_msg_03']).'</b>';
 	}
@@ -1439,20 +1445,22 @@ function Copy_Ren_Move_Page($action, $title, $name_id, $isfile) { //************
 	//if ($action == "Copy" ) { $new_name = ordinalize($ipath, basename($filename), $msg); }
 ?>
 	<h2><?php echo $action.' '.$title ?></h2>
+
 	<p><?php echo hsc($_['CRM_txt_01']) ?></p>
+
 	<?php echo $FORM_COMMON ?>
-		<p>
-			<label><?php echo hsc($_['CRM_txt_02']) ?></label>
-			<span class="web_root"><?php echo htmlentities($WEB_ROOT); ?></span><input type="text" 
-				name="old_name" value="<?php echo hsc($old_name); ?>" readonly="readonly">
-		</p>
-		<p>
-			<label><?php echo hsc($_['CRM_txt_03']) ?></label>
-			<span class="web_root"><?php echo htmlentities($WEB_ROOT); ?></span><input type="text" 
-				name="<?php echo $name_id ?>" id="<?php echo $name_id ?>" 
-				value="<?php echo hsc($new_name); ?>">
-		</p>
+
+		<label><?php echo hsc($_['CRM_txt_02']) ?></label>
+		<span class="web_root"><?php echo htmlentities($WEB_ROOT); ?></span><input type="text" 
+			name="old_name" value="<?php echo hsc($old_name); ?>" readonly="readonly">
+
+
+		<label><?php echo hsc($_['CRM_txt_03']) ?></label>
+		<span class="web_root"><?php echo htmlentities($WEB_ROOT); ?></span><input type="text" 
+			name="<?php echo $name_id ?>" id="<?php echo $name_id ?>" 
+			value="<?php echo hsc($new_name); ?>">
 		<?php Cancel_Submit_Buttons($action, $name_id); ?>
+
 	</form>
 <?php 
 } //end Copy_Ren_Move_Page() ***************************************************
@@ -1463,7 +1471,7 @@ function Copy_Ren_Move_Page($action, $title, $name_id, $isfile) { //************
 //******************************************************************************
 function Copy_Ren_Move_response($old_name, $new_name, $action, $msg1, $msg2, $isfile){
 	//$action = 'copy' or 'rename'. $isfile = 1 if acting on a file, not a folder
-	global $_, $WEB_ROOT, $ipath, $param1, $param2, $message, $EX, $page, $filename;
+	global $_, $WEB_ROOT, $ipath, $param1, $param2, $param3, $message, $EX, $page, $filename;
 
 	$old_name = trim($old_name,'/ ');
 	$new_name = trim($new_name,'/ ');
@@ -1483,7 +1491,7 @@ function Copy_Ren_Move_response($old_name, $new_name, $action, $msg1, $msg2, $is
 	}elseif ($action($old_name, $new_name)) {
 		$message .= '<b>'.htmlentities($WEB_ROOT.$old_name).'</b><br>';
 		$message .= ' --- '.$msg2.' '.hsc($_['CRM_msg_04']).' ---<br>';
-		$message .= '<b>'.htmlentities($WEB_ROOT.$new_name).'</b>';
+		$message .= '<b>'.htmlentities($WEB_ROOT.$new_name).'</b><br>';
 		$filename = $new_name; //so edit page knows what to edit
 		if ($isfile) { $ipath = Check_path(dirname($filename)); } //if changed,
 		else         { $ipath = Check_path($filename); }          //return to new dir.
@@ -1506,7 +1514,7 @@ function Delete_File_Page() { //************************************************
 	<h2><?php echo hsc($_['delete_h2']) ?></h2>
 	<?php echo $FORM_COMMON ?>
 		<input type="hidden" name="delete_file" value="<?php echo hsc($filename); ?>" >
-		<span class="verify"><?php echo htmlentities(basename($filename)); ?></span>
+		<p class="verify"><?php echo htmlentities(basename($filename)); ?></p>
 		<p><b><?php echo hsc($_['delete_txt_01']) ?></b></p>
 		<?php Cancel_Submit_Buttons(hsc($_['DELETE']), "cancel"); ?>
 	</form>
@@ -1523,9 +1531,9 @@ function Delete_File_response(){ //*********************************************
 	$filename = $_POST["delete_file"];
 
 	if (unlink($filename)) {
-		$message .= '<b>'.hsc($_['delete_msg_01']).' '.htmlentities(basename($filename)).'</b>';
+		$message .= '<b>'.hsc($_['delete_msg_01']).' '.htmlentities(basename($filename)).'</b><br>';
 	}else{
-		$message .= $EX.'<b>'.hsc($_['delete_msg_02']).' "'.htmlentities($filename).'"</b>.';
+		$message .= $EX.'<b>'.hsc($_['delete_msg_02']).' "'.htmlentities($filename).'"</b>.<br>';
 		$page = "edit";
 	}
 }//end Delete_File_response() **************************************************
@@ -1590,8 +1598,10 @@ function Delete_Folder_Page(){ //***********************************************
 	<h2><?php echo hsc($_['delete_folder_h2']) ?></h2>
 	<?php echo $FORM_COMMON ?>
 		<input type="hidden" name="delete_folder" value="<?php echo hsc($ipath); ?>" >
-		<span class="web_root"><?php echo htmlentities($WEB_ROOT.Check_path(dirname($ipath))); ?></span><span 
-		class="verify"><?php echo htmlentities(basename($ipath)); ?></span> /
+		<p>
+		<span class="web_root"><?php echo htmlentities($WEB_ROOT.Check_path(dirname($ipath))); ?></span>
+		<span class="verify"><?php echo htmlentities(basename($ipath)); ?></span> /
+		</p>
 		<p><b><?php echo hsc($_['delete_folder_txt_01']) ?></b></p>
 		<?php Cancel_Submit_Buttons(hsc($_['DELETE']), "cancel"); ?>
 	</form>
@@ -1767,7 +1777,7 @@ function FileTimeStamp(php_filemtime, show_date, show_offset){
 
 
 function Edit_Page_scripts() { //***********************************************
-	global $_;
+	global $_, $WIDE_VIEW_WIDTH;
 ?>
 	<!--======== Provide feedback re: unsaved changes ========-->
 	<script>
@@ -1779,11 +1789,11 @@ function Edit_Page_scripts() { //***********************************************
 	function Wide_View() {
 		if ( File_textarea != null ) { File_textarea.style.width = '99.8%'; }
 		
-		if (Main_div.style.width == '95%') {
+		if (Main_div.style.width == '<?php echo $WIDE_VIEW_WIDTH ?>') {
 			Main_div.style.width = main_width_default;
 			Wide_View_button.value = "<?php echo addslashes($_['Wide_View'])?>"; //'<?php echo $_['Wide_View'] ?>';
 		}else{
-			Main_div.style.width = '95%';
+			Main_div.style.width = '<?php echo $WIDE_VIEW_WIDTH ?>';
 			Wide_View_button.value = '<?php echo addslashes($_['Normal_View']) ?>';
 		}
 	}
@@ -1793,12 +1803,17 @@ function Wide_View() {
 	var Reset_button     = document.getElementById('reset');
 	var start_value      = File_textarea.value;
 
+
 	// The following events only apply when the element is active.
 	// [Save] is disabled unless there are changes to the open file.
-	Save_File_button.onfocus = function() {Save_File_button.style.backgroundColor = "rgb(255,250,150)";}
-	Save_File_button.onblur  = function() {Save_File_button.style.backgroundColor ="#Fee";}
-	Save_File_button.onmouseover = function() {Save_File_button.style.backgroundColor = "rgb(255,250,150)";}
-	Save_File_button.onmouseout  = function() {Save_File_button.style.backgroundColor = "#Fee";}
+	Save_File_button.onfocus = function() { Save_File_button.style.backgroundColor = "rgb(255,250,150)";
+											Save_File_button.style.borderColor = "#F00"; }
+	Save_File_button.onblur  = function() { Save_File_button.style.backgroundColor ="#Fee";
+											Save_File_button.style.borderColor = "#Faa"; }
+	Save_File_button.onmouseover = function() {Save_File_button.style.backgroundColor = "rgb(255,250,150)";
+											   Save_File_button.style.borderColor = "#F00"; }
+	Save_File_button.onmouseout  = function() {Save_File_button.style.backgroundColor = "#Fee";
+											   Save_File_button.style.borderColor = "#Faa"; }
 
 
 	var submitted   = false;
@@ -1856,7 +1871,7 @@ function Check_for_changes(event){
 			document.getElementById('message').innerHTML = " "; // Must have a space, or it won't clear the msg.
 			File_textarea.style.backgroundColor = "#Fee";  //light red
 			Save_File_button.style.backgroundColor ="#Fee";
-			Save_File_button.style.borderColor = "#F44";   //less light red
+			Save_File_button.style.borderColor = "#Faa";   //less light red
 			Save_File_button.style.borderWidth = "1px";
 			Save_File_button.disabled = "";
 			Reset_button.disabled = "";
@@ -1900,7 +1915,7 @@ function style_sheet(){ //****************************************************?>
 
 body { font-size: 1em; background: #DDD; font-family: sans-serif; }
 
-p, table { margin-bottom: .6em;}
+p, table, ol { margin-bottom: .6em;}
 
 div { position: relative; }
 
@@ -1919,8 +1934,6 @@ function style_sheet(){ //****************************************************?>
 a:hover { border: 1px solid #807568; background-color: rgb(255,250,150); }
 a:focus { border: 1px solid #807568; background-color: rgb(255,250,150); }
 
-form p { margin-bottom: .3em; }
-
 label { display: inline-block; width : 6em; font-size : 1em; font-weight: bold; }
 
 svg { margin: 0; padding: 0; }
@@ -2015,13 +2028,11 @@ function style_sheet(){ //****************************************************?>
 .index_T a:hover { background-color: rgb(255,250,150); }
 .index_T a:focus { background-color: rgb(255,250,150); }
 
+.file_name { min-width: 10em; }
 
+.file_size { min-width:  6em; }
 
-/* File size & date */
-
-.meta_size { min-width:  6em; }
-
-.meta_time { min-width: 15em; }
+.file_time { min-width: 15em; }
 
 .meta_T {
 	padding-right : .5em;
@@ -2067,7 +2078,6 @@ function style_sheet(){ //****************************************************?>
 .front_links a:hover  { background-color: rgb(255,250,150); }
 .front_links a:focus  { background-color: rgb(255,250,150); }
 
-input { margin-bottom: .6em; }
 
 input[type="text"] {
 	border: 1px solid #807568;
@@ -2137,7 +2147,7 @@ function style_sheet(){ //****************************************************?>
 	border : 1px solid #807568;
 	width  : 99%;
 	padding: .2em;
-	margin : .5em 0 0 0;
+	margin : 0 0 .6em 0;
 	background-color: #FFF000; color: #333;
 	line-height: 1.4em;
 	}
@@ -2147,18 +2157,19 @@ function style_sheet(){ //****************************************************?>
 #file_contents {
 	border: 1px solid #999;
 	font  : .9em Courier;
-	margin: 0 0 .6em 0;
+	margin: 0 0 .7em 0;
 	width : 99.8%;
 	height: 32em;
 }
 
 #file_contents:focus { border: 1px solid #Fdd; }
 
-.file_meta	  {float: left;  margin-top: .5em; font-size: 1em; color: #333; } /*font-family: courier;*/
+.file_meta	{ float: left; margin-top: .6em; font-size: .95em; color: #333; }
 
-#edit_notes   {font-size: .8em; color: #333 ;margin-top: 1em; clear:both;}
+#edit_notes { font-size: .8em; color: #333 ;margin-top: 1em; clear:both; }
+
+.notes      { margin-bottom: .4em; }
 
-.notes {margin-bottom: .4em;}
 
 
 /* --- log in --- */
@@ -2166,7 +2177,7 @@ function style_sheet(){ //****************************************************?>
 .login_page {
 	margin  : 5em auto;
 	border  : 1px solid #807568;
-	padding : .5em 1em .2em 1em;
+	padding : .5em 1em .6em 1em;
 	width   : 370px;
 	}
 
@@ -2174,6 +2185,7 @@ function style_sheet(){ //****************************************************?>
 
 .login_input {
 	border  : 1px solid #807568;
+	margin-bottom: .6em;
 	padding : 2px 0px 2px 2px;
 	width   : 366px;
 	font    : 1em courier;
@@ -2211,6 +2223,7 @@ function style_sheet(){ //****************************************************?>
 	color: #333;
 	background-color: #FFE7E7;
 	padding: .1em .2em;
+	margin-bottom: .5em;
 	font: 1.2em Courier;
 	}
 
@@ -2253,7 +2266,7 @@ function style_sheet(){ //****************************************************?>
 
 // Load language settings
 if ( is_file($LANGUAGE) ) { $_ = parse_ini_file($LANGUAGE); }
-else                      { $_ = parse_ini_string(Default_Language()); }
+else                      { Default_Language(); }
 
 
 Session_Startup(); 
@@ -2278,6 +2291,7 @@ function style_sheet(){ //****************************************************?>
 	}//end if ($VALID_POST) ****************************************************
 
 
+
 	//*** Verify valid $page and/or $filename **********************************
 
 		//Don't load login screen if already in a valid session.

From 868d7c3764411f14424ae3f7dcb44c662a5c2de9 Mon Sep 17 00:00:00 2001
From: David <selfevidenttruths@mail.com>
Date: Fri, 13 Jul 2012 17:21:49 -0400
Subject: [PATCH 102/228] Version 3.3.01 Updated readme.markdown

---
 readme.markdown | 13 ++++++++++---
 1 file changed, 10 insertions(+), 3 deletions(-)

diff --git a/readme.markdown b/readme.markdown
index d18f7ce..fc1b4c9 100755
--- a/readme.markdown
+++ b/readme.markdown
@@ -1,9 +1,16 @@
 # Current stable version: 3.3.0
 
-### July 10, 2012
+### July 13, 2012
+
+Fixed a "minor" issue after adding multi-language support- OneFileCMS stopped working altogether on versions of PHP < 5.3.  
+  
+But it's all good now! (I hope...)
 
-Added support for optional external language files.  The default, English, is included directly in OneFileCMS, of course.  Now to get some translations...  
-A sample language file is included in the repo for reference for anyone that may be interested.
+Also, a dedicated team of translators is hard at work, so OneFile will soon actually be available in many (ie: one) other languages!  
+
+### July 10, 2012
+Added support for optional external language files.  The default (English) is included directly in OneFileCMS, of course.  Now to get some translations...  (hint... hint...)
+(A sample language file is included in the repo as reference for anyone that may be interested.)
   
 --------------------------------------------------------------------------------
 

From a52f43b295b68ddb097ab00e049ace4960758091 Mon Sep 17 00:00:00 2001
From: David <selfevidenttruths@mail.com>
Date: Fri, 13 Jul 2012 17:30:01 -0400
Subject: [PATCH 103/228] Version 3.3.01 Forgot to update the version listed
 in-file...

---
 onefilecms.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/onefilecms.php b/onefilecms.php
index 1d05411..9691a5d 100755
--- a/onefilecms.php
+++ b/onefilecms.php
@@ -1,7 +1,7 @@
 <?php 
 // OneFileCMS - github.com/Self-Evident/OneFileCMS
 
-$version = '<font color=red><b>3.3.01.BETA</b></font>';  //#####
+$version = '3.3.01';  //#####
 
 /*******************************************************************************
 Copyright © 2009-2012 https://github.com/rocktronica

From 4fd01f48cdebb7c264fe7c38cbc40b9d3224ff99 Mon Sep 17 00:00:00 2001
From: David <selfevidenttruths@mail.com>
Date: Fri, 13 Jul 2012 17:37:29 -0400
Subject: [PATCH 104/228] Version 3.3.01 Forgot to updated the version listed
 in-file...

---
 readme.markdown | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/readme.markdown b/readme.markdown
index fc1b4c9..3d46bf3 100755
--- a/readme.markdown
+++ b/readme.markdown
@@ -1,4 +1,4 @@
-# Current stable version: 3.3.0
+# Current stable version: 3.3.01
 
 ### July 13, 2012
 

From 412fb48ff65b3f54d3b3da7db3f65babf336e63b Mon Sep 17 00:00:00 2001
From: David <selfevidenttruths@mail.com>
Date: Tue, 17 Jul 2012 14:50:09 -0400
Subject: [PATCH 105/228] Version 3.3.02 Added German language file courtesy of
 github.com/codeless.

---
 OneFileCMS.LANG.DE.ini | 229 +++++++++++++++++++++++++++++++++++++++++
 1 file changed, 229 insertions(+)
 create mode 100755 OneFileCMS.LANG.DE.ini

diff --git a/OneFileCMS.LANG.DE.ini b/OneFileCMS.LANG.DE.ini
new file mode 100755
index 0000000..4ca689c
--- /dev/null
+++ b/OneFileCMS.LANG.DE.ini
@@ -0,0 +1,229 @@
+;///////////////////////////////////////////////////////////////////////////////
+;// OneFileCMS Language Settings
+
+LANGUAGE = "German"
+
+;�bersetzungen:
+;==============
+;Move=Verschieben
+;Directory or Folder=Ordner
+;Create=erstellen
+;Log In=anmelden
+;Log out=abmelden
+;reset=zur�cksetzen
+;session=sitzung
+;expired=abgelaufen
+;exist=bestehen
+;configuration section=Konfigurationsbereich
+;hash=Streuwert
+;button: knopf
+;Anrede: Sie
+
+Upload_File = "Datei heraufladen"
+New_File    = "Datei erstellen"
+Ren_Move    = "Umbenennen/Verschieben"
+Ren_Moved   = "Umbenannt/Verschoben"
+New_Folder  = "Neuer Ordner"
+Ren_Folder  = "Ordner umbenennen/verschieben"
+Del_Folder  = "Ordner l�schen"
+
+Admin  = "Konfiguration"
+Enter  = "Eintreten"
+Edit   = "Bearbeiten"
+Close  = "Schlie�en"
+Cancel = "Abbrechen"
+Upload = "Heraufladen"
+Create = "Erstellen"
+Copy   = "Kopieren"
+Copied = "Kopiert"
+Rename = "Umbenennen"
+Delete = "L�schen"
+DELETE = "L�SCHEN"
+File   = "Datei"
+Folder = "Ordner"
+
+Log_In  = "Anmelden"
+Log_Out = "Abmelden"
+Hash    = "Hash"
+Generate_Hash = "Hash generieren"
+
+save_1      = "Speichern"
+save_2      = "�NDERUNGEN SPEICHERN!"
+reset       = "Zur�cksetzen - �nderungen verwerfen"
+Wide_View   = "Breitenadaptierte Ansicht"
+Normal_View = "Normale Ansicht"
+
+on_      = "l�uft unter"
+
+verify_msg_01 = "Sitzung abgelaufen."
+verify_msg_02 = "UNG�LTIGE DATENSENDUNG"
+
+get_get_msg_01 = "Die Datei wurde nicht gefunden:"
+
+check_path_msg_01 = "Das Verzeichnis wurde nicht gefunden: "
+
+ord_msg_01 = "Eine Datei mit demselben Namen existiert bereits im Zielverzeichnis."
+ord_msg_02 = "Speichern als"
+
+show_img_msg_01 = "Die Bilddarstellung entspricht ~"
+show_img_msg_02 = "% der wahren Gr��e (W x H = "
+
+hash_h2 = "Streuwertgenerierung f�r das Passwort"
+hash_txt_01 = "Es gibt zwei Wege, wie Sie Ihr OneFileCMS-Passwort �ndern k�nnen:"
+hash_txt_02 = "1) Verwenden Sie die Konfigurationsvariable $PASSWORD, um Ihr gew�nschtes Passwort zu speichern. In diesem Fall sollte $USE_HASH auf 0 gesetzt werden."
+hash_txt_03 = "2) Oder Sie verwenden die Konfigurationsvariable $HASHWORD, um den Streuwert Ihres Passwortes zu speichern. Setzen Sie $USE_HASH in diesem Fall auf 1."
+hash_txt_04 = "Bitte denken Sie daran, dass es sich hierbei gro�teils um eine akademische �bung handelt. Die Verwendung eines Streuwerts tr�gt viel zur Sicherheit bei und erlaubt Ihnen, das Passwort nicht in Klarschrift speichern zu m�ssen."
+hash_txt_05 = "Um die $HASHWORD Option verwenden zu k�nnen:"
+hash_txt_06 = "Tippen Sie das gew�nschte Passwort in das Eingabefeld und dr�cken Sie Enter."
+hash_txt_07 = "Der Streuwert wird in einer gelben Box �berhalb angezeigt werden."
+hash_txt_08 = "Kopieren Sie den neuen Streuwert und f�gen Sie ihn in den Konfigurationsbereich als Wert der Variable $HASHWORD ein."
+hash_txt_09 = "Stellen Sie sicher, dass Sie den GESAMTEN Streuwert -- und nur diesen (keine f�hrenden oder nachgestellten Leerzeichen, etc.) -- kopiert haben."
+hash_txt_10 = "Ein Doppelklick sollte den Streuwert ausw�hlen..."
+hash_txt_11 = "Stellen Sie sicher, dass $USE_HASH auf 1 oder true gesetzt wurde."
+hash_txt_12 = "Wenn die Werte eingetragen wurden, melden Sie sich ab und wieder an."
+hash_txt_13 = "Sie k�nnen auch OneFileCMS selbst bearbeiten.  Legen Sie aber sicherheitshalber eine Kopie an, falls es zu einem unerw�nschten Schreibfehler kommt..."
+hash_txt_14 = "Eine weitere, kleine Sicherheitsvorkehrung w�re, das Salz oder die Methode f�r die Streuwertgenerierung von OneFileCMS zu �ndern."
+
+hash_msg_01 = "Passwort: "
+hash_msg_02 = "Streuwert    : "
+
+login_h2 = "Anmelden"
+login_txt_01 = "Benutzername:"
+login_txt_02 = "Password:"
+
+login_msg_01a = "Es wurden "
+login_msg_01b = " ung�ltige Anmeldversuche gez�hlt."
+login_msg_02a = "Bitte warten Sie "
+login_msg_02b = "Sekunden, um es erneut zu probieren."
+login_msg_03  = "UNG�LTIGER ANMELDEVERSUCH #"
+
+edit_notes_00  = "ANMKERUNG:"
+edit_note_01a = "Denken Sie immer daran: Ihre "
+edit_note_01b = " ist "
+edit_note_02 = "Speichern Sie �nderungen bevor der Countdown abl�uft, oder die �nderungen sind verloren!"
+edit_note_03 = "Einige Browser (wie zum Beispiel Chrome) zeigen eventuell nicht den richtigen Dateistatus an, wenn man die Vor- und Zur�ckkn�pfe verwendet. Zum Korrigieren offensichtlich falscher Angaben dr�cken Sie in so einem Fall bitte den \"Neu laden\"-Knopf."
+edit_note_04 = "Die XSS-Filter des Chrome Browsers deaktivieren m�glicherweise einige JavaScript-Funktionen, wenn diese in einem gewissen Kontext auftreten. Das kann sich auf einige Features des OneFileCMS auswirken. Trotzdem k�nnen solche Dateien bearbeitet und gespeichert werden. Allerdings bleibt die Hintergrundfarbe immer gleich; �nderungen an der Datei werden sonst mit wechselnden Hintergrundfarben (rot und gr�n) dargestellt."
+
+edit_h2_1 = "Betrachtend: "
+edit_h2_2 = "In Bearbeitung: "
+edit_txt_01 = "Unbekannter Dateityp oder keine Textdatei. Bearbeitungsm�glichkeit ausgeschalten."
+edit_txt_02 = "Die Datei enth�lt m�glicherweise ung�ltige Zeichen. Der Bearbeitungs- und Betrachtungsmodus wurde gesperrt."
+edit_txt_03 = "htmlspecialchars() gab eine leere Zeichenkette zur�ck."
+edit_txt_04 = "Das Verhalten kann je nach verwendeter PHP-Version unterschiedlich sein."
+
+too_large_to_edit_01a = "Bearbeitungsfunktion deaktiviert. Dateigr��e > "
+too_large_to_edit_01b = " bytes."
+too_large_to_edit_02 = "Einige Browser (wie zum Beispiel der Internet Explorer) bleiben stecken oder werden instabil, sobald gr��ere Textmengen in einer HTML <textarea> bearbeitet werden."
+too_large_to_edit_03 = "Die Einstellung $MAX_EDIT_SIZE im Konfigurationsbereich des OneFileCMS kann nach den Erfordernissen angepa�t werden."
+too_large_to_edit_04 = "Mittels einfachem Trial & Error kann das optimale Limit f�r einen bestimmten Browser und Computer festgestellt werden."
+
+too_large_to_view_01a = "Betrachtungsmodus deaktiviert. Filesize > "
+too_large_to_view_01b = " Bytes."
+too_large_to_view_02 = "Klicken Sie auf den Dateinamen �berhalb, um die Datei direkt im Browser anzuzeigen."
+too_large_to_view_03 = "Adjustieren Sie die $MAX_VIEW_SIZE im Konfigurationsbereich von OneFileCMS nach Ihren Bed�rfnissen."
+too_large_to_view_04 = "(The default value for $MAX_VIEW_SIZE is completely arbitrary, and may be adjusted as desired.)"
+
+meta_txt_01 = "Dateigr��e: "
+meta_txt_02 = " Bytes."
+meta_txt_03 = "Zuletzt aktualisiert am/um: "
+
+edit_msg_01 = "Die Datei wurde gespeichert: "
+edit_msg_02 = "Bytes geschrieben."
+edit_msg_03 = "Bei dem Versuch die Datei zu speichern trat ein Fehler auf."
+
+upload_h2 = "Datei heraufladen"
+upload_txt_01 = "  per upload_max_filesize in php.ini."
+upload_txt_02 = "per post_max_size in php.ini"
+upload_txt_03 = "Anmerkung: Die maximale Dateigr��e f�r das Heraufladen von Dateien betr�gt: "
+
+upload_err_01a = "Fehler 1: Die Datei ist zu gro�.  "
+upload_err_01b = " (Einschr�nkung durch php.ini)"
+upload_err_02a = "Fehler 2: Die Datei ist zu gro�.  "
+upload_err_02b = " (Einschr�nkung durch OneFileCMS)"
+upload_err_03  = "Fehler 3: Die Datei wurde nur teilweise heraufgeladen."
+upload_err_04  = "Fehler 4: Es wurde keine Datei heraufgeladen."
+upload_err_05  = "Fehler 5:"
+upload_err_06  = "Fehler 6: Konnte kein tempor�res Verzeichnis finden."
+upload_err_07  = "Fehler 7: Die Datei konnte nicht gespeichert werden."
+upload_err_08  = "Fehler 8: Eine PHP-Erweiterung hat das Heraufladen der Datei gestoppt."
+
+upload_msg_01 = "Es wurde keine Datei zum Heraufladen gew�hlt."
+upload_msg_02 = "Der Zielordner existiert nicht: "
+upload_msg_03 = "Das Heraufladen wurde abgebrochen."
+upload_msg_04 = "Heraufladen: "
+upload_msg_05 = "Das Heraufladen war erfolgreich! "
+upload_msg_06 = "Das Heraufladen ist fehlgeschlagen: "
+
+new_file_h2 = "Neue Datei"
+new_file_txt_01 = "Die Datei wird im aktuellen Ordner erstellt.  "
+new_file_txt_02 = "Ung�ltige Zeichen f�r Dateinamen sind: "
+
+new_file_msg_01 = "Die neue Datei wurde nicht erstellt:"
+new_file_msg_02 = "Der Name enth�lt ung�ltige Zeichen: "
+new_file_msg_03 = "Es wurde keine Datei erstellt, da kein Name eingegeben wurde"
+new_file_msg_04 = "Die Datei besteht bereits: "
+new_file_msg_05 = "Datei erstellt:"
+new_file_msg_06 = "Fehler - die Datei konnte nicht erstellt werden:"
+
+CRM_txt_01  = "Um eine Datei oder einen Ordner zu verschieben, �ndern Sie den pfad/zur/datei/oder/dem/verzeichnis. Der neue Ort muss bereits existieren."
+CRM_txt_02  = "Alter Name:"
+CRM_txt_03  = "Neuer Name:"
+
+CRM_msg_01 = " Fehler - der neue Zielort besteht nicht:"
+CRM_msg_02 = " Fehler - die Quelldatei besteht nicht:"
+CRM_msg_03 = " Fehler - die Zieldatei besteht bereits:"
+CRM_msg_04 = " zu "
+CRM_msg_05a = "Fehler w�hrend "
+CRM_msg_05b = " des folgenden Vorgangs:"
+
+delete_h2 = "Datei l�schen"
+delete_txt_01 = "Sind Sie sicher?"
+
+delete_msg_01 = "Gel�schte Datei:"
+delete_msg_02 = "W�hrend des L�schvorgangs trat ein Fehler auf "
+
+new_folder_h2 = "Neuer Ordner"
+new_folder_txt_1 = "Der neue Ordner wird als Unterordner des aktuellen Ordners angelegt.  "
+new_folder_txt_2 = "Ung�ltige Zeichen f�r Ordnernamen sind: "
+
+new_folder_msg_01 = "Der Ordner konnte nicht erstellt werden:"
+new_folder_msg_02 = "Der Name enth�lt ung�ltige Zeichen: "
+new_folder_msg_03 = "Es wurde kein Ordner erstellt, da kein Name daf�r eingegeben wurde."
+new_folder_msg_04 = "Der Ordner besteht bereits: "
+new_folder_msg_05 = "Ordner erstellt:"
+new_folder_msg_06 = "Fehler - der Ordner konnte nicht erstellt werden: "
+
+delete_folder_h2 = "Ordner l�schen"
+delete_folder_txt_01 = "Sind Sie sicher?"
+
+delete_folder_msg_01 = "Der Ordner ist nicht leer.   Bevor ein Ordner gel�scht werden kann, muss er geleert werden."
+delete_folder_msg_02 = "Gel�schter Ordner:"
+delete_folder_msg_03 = "w�hrend des L�schvorgangs trat ein Fehler auf."
+
+page_title_login      = "Anmelden"
+page_title_hash       = "Hash Page"
+page_title_edit       = "Datei bearbeiten/betrachten"
+page_title_upload     = "Datei heraufladen"
+page_title_new_file   = "Neue Datei"
+page_title_copy       = "Datei kopieren"
+page_title_ren        = "Datei umbenennen"
+page_title_del        = "Datei l�schen"
+page_title_folder_new = "Neuer Ordner"
+page_title_folder_ren = "Ordner umbenennen/verschieben"
+page_title_folder_del = "Ordner l�schen"
+
+session_warning = "Achtung: Die sitzung wird ende bald!"
+session_expired = "SITZUNG ABGELAUFEN"
+unload_unsaved  = "               Nicht gespeicherte �nderungen gehen verloren!"
+confirm_reset   = "Soll der Inhalt der Datei zur�ckgesetzt werden (�nderungen gehen verloren)?"
+
+OFCMS_requires  = "OneFileCMS erfordert PHP5. Getestet mit den Versionen 5.2.17, 5.3.3 & 5.4"
+
+logout_msg       = "Sie wurden erfolgreich abgemeldet."
+folder_del_msg   = "Der Ordner ist nicht leer.   Der Ordner muss leer sein, bevor er gel�scht werden kann."
+upload_error_01a = " Fehler beim Heraufladen.  Die Gesamtmenge and heraufgeladenen Daten (in Hauptsache die Datei) �berschreitet die post_max_size = "
+upload_error_01b = " (der php.ini)"
+edit_caution_01  = "ACHTUNG "
+edit_caution_02  = " Sie bearbeiten gerade die aktive Version von OneFileCMS - Sichern Sie den Code und seien Sie vorsichtig !!"
+
+time_out_txt = "Automatischer Sitzungsstopp in:"

From 5d11e554a349e9477b9973e650016f206537a344 Mon Sep 17 00:00:00 2001
From: David <selfevidenttruths@mail.com>
Date: Tue, 17 Jul 2012 15:10:30 -0400
Subject: [PATCH 106/228] Version 3.3.02 Better fix for the Default_Language()
 issue from 3.3.01 Added a 2 minute warning warning $message. 
 $_['session_warning'] Pulled call to undo_magic_quotes() out of Get_Get()
 directly.   - Allows subsequent calls to Get_Get(). Cleaned up language
 messages a bit: moved some leading & trailing spaces to the code. A couple
 css tweaks

---
 OneFileCMS.LANG.EN.ini | 115 ++++-----
 onefilecms.php         | 569 +++++++++++++++++++++--------------------
 readme.markdown        |  21 +-
 3 files changed, 361 insertions(+), 344 deletions(-)

diff --git a/OneFileCMS.LANG.EN.ini b/OneFileCMS.LANG.EN.ini
index 7e8098d..052f650 100755
--- a/OneFileCMS.LANG.EN.ini
+++ b/OneFileCMS.LANG.EN.ini
@@ -1,7 +1,7 @@
 ;///////////////////////////////////////////////////////////////////////////////
-;// OneFileCMS Language Settings
+;// OneFileCMS Language Settings v3.3.02
 
-LANGUAGE = "English"
+LANGUAGE = "English (default)"
 
 ;// These are the default values included directly in onefilecms.php.
 ;//
@@ -10,7 +10,7 @@ LANGUAGE = "English"
 ;// For example:  some_unused_setting = ""
 ;//
 ;// Remember to slash-escape double quotes that may be within a value:  \" 
-;// And, if the these settings are set directly in Default_Language() in onefilecms.php,
+;// And, for any values used directly in Default_Language() in onefilecms.php,
 ;// single quotes must also be escaped:   \'
 
 Upload_File = "Upload File"
@@ -60,9 +60,9 @@ ord_msg_01 = "A file with that name already exists in the target directory."
 ord_msg_02 = "Saving as"
 
 show_img_msg_01 = "Image shown at ~"
-show_img_msg_02 = "% of full size (W x H = "
+show_img_msg_02 = "% of full size (W x H ="
 
-hash_h2 = "Generate a Password Hash"
+hash_h2     = "Generate a Password Hash"
 hash_txt_01 = "There are two ways to change your OneFileCMS password:"
 hash_txt_02 = "1) Use the $PASSWORD config variable to store your desired password, and set $USE_HASH = 0 (zero)."
 hash_txt_03 = "2) Or, use $HASHWORD to store the hash of your password, and set $USE_HASH = 1."
@@ -81,7 +81,7 @@ hash_txt_14 = "For another small improvement to security, change the default sal
 hash_msg_01 = "Password: "
 hash_msg_02 = "Hash    : "
 
-login_h2 = "Log In"
+login_h2     = "Log In"
 login_txt_01 = "Username:"
 login_txt_02 = "Password:"
 
@@ -91,49 +91,49 @@ login_msg_02a = "Please wait"
 login_msg_02b = "seconds to try again."
 login_msg_03  = "INVALID LOGIN ATTEMPT #"
 
-edit_notes_00  = "NOTES:"
-edit_note_01a = "Remember- your "
-edit_note_01b = " is "
-edit_note_02 = "So save changes before the clock runs out, or the changes will be lost!"
-edit_note_03 = "With some browsers, such as Chrome, if you click the browser [Back] then browser [Forward], the file state may not be accurate.  To correct, click the browser's [Reload]."
-edit_note_04 = "Chrome may disable some javascript in a page if the page even appears to contain inline javascript in certain contexts.  This can affect some features of the OneFileCMS edit page when editing files that legitimately contain such code, such as OneFileCMS itself.  However, such files can still be edited and saved with OneFileCMS.  The primary function lost is the incidental change of background colors (red/green) indicating whether or not the file has unsaved changes.  The issue will be noticed after the first save of such a file."
+edit_note_00  = "NOTES:"
+edit_note_01a = "Remember- your"
+edit_note_01b = "is"
+edit_note_02  = "So save changes before the clock runs out, or the changes will be lost!"
+edit_note_03  = "With some browsers, such as Chrome, if you click the browser [Back] then browser [Forward], the file state may not be accurate.  To correct, click the browser's [Reload]."
+edit_note_04  = "Chrome may disable some javascript in a page if the page even appears to contain inline javascript in certain contexts.  This can affect some features of the OneFileCMS edit page when editing files that legitimately contain such code, such as OneFileCMS itself.  However, such files can still be edited and saved with OneFileCMS.  The primary function lost is the incidental change of background colors (red/green) indicating whether or not the file has unsaved changes.  The issue will be noticed after the first save of such a file."
 
-edit_h2_1 = "Viewing: "
-edit_h2_2 = "Editing: "
+edit_h2_1   = "Viewing:"
+edit_h2_2   = "Editing:"
 edit_txt_01 = "Non-text or unkown file type. Edit disabled."
 edit_txt_02 = "File possibly contains an invalid character. Edit and view disabled."
 edit_txt_03 = "htmlspecialchars() returned an empty string from what may be an otherwise valid file."
 edit_txt_04 = "This behavior can be inconsistant from version to version of php."
 
-too_large_to_edit_01a = "Edit disabled. Filesize > "
-too_large_to_edit_01b = " bytes."
+too_large_to_edit_01a = "Edit disabled. Filesize >"
+too_large_to_edit_01b = "bytes."
 too_large_to_edit_02 = "Some browsers (ie: IE) bog down or become unstable while editing a large file in an HTML <textarea>."
 too_large_to_edit_03 = "Adjust $MAX_EDIT_SIZE in the configuration section of OneFileCMS as needed."
 too_large_to_edit_04 = "A simple trial and error test can determine a practical limit for a given browser/computer."
 
-too_large_to_view_01a = "View disabled. Filesize > "
-too_large_to_view_01b = " bytes."
-too_large_to_view_02 = "Click the the file name above to view as normally rendered in a browser window."
+too_large_to_view_01a = "View disabled. Filesize >"
+too_large_to_view_01b = "bytes."
+too_large_to_view_02 = "Click the file name above to view as normally rendered in a browser window."
 too_large_to_view_03 = "Adjust $MAX_VIEW_SIZE in the configuration section of OneFileCMS as needed."
 too_large_to_view_04 = "(The default value for $MAX_VIEW_SIZE is completely arbitrary, and may be adjusted as desired.)"
 
-meta_txt_01 = "Filesize: "
-meta_txt_02 = " bytes."
-meta_txt_03 = "Updated: "
+meta_txt_01 = "Filesize:"
+meta_txt_02 = "bytes."
+meta_txt_03 = "Updated:"
 
-edit_msg_01 = "File saved: "
+edit_msg_01 = "File saved:"
 edit_msg_02 = "bytes written."
 edit_msg_03 = "There was an error saving file."
 
-upload_h2 = "Upload File"
-upload_txt_01 = "  per upload_max_filesize in php.ini."
+upload_h2     = "Upload File"
+upload_txt_01 = "per upload_max_filesize in php.ini."
 upload_txt_02 = "per post_max_size in php.ini"
-upload_txt_03 = "Note: Maximum upload file size is: "
+upload_txt_03 = "Note: Maximum upload file size is:"
 
-upload_err_01a = "Error 1: File too large.  "
-upload_err_01b = " (From php.ini)"
-upload_err_02a = "Error 2: File too large.  "
-upload_err_02b = " (From OneFileCMS)"
+upload_err_01a = "Error 1: File too large."
+upload_err_01b = "(From php.ini)"
+upload_err_02a = "Error 2: File too large."
+upload_err_02b = "(From OneFileCMS)"
 upload_err_03  = "Error 3: The uploaded file was only partially uploaded."
 upload_err_04  = "Error 4: No file was uploaded."
 upload_err_05  = "Error 5:"
@@ -144,18 +144,18 @@ upload_err_08  = "Error 8: A PHP extension stopped the file upload."
 upload_msg_01 = "No file selected for upload."
 upload_msg_02 = "Destination folder does not exist: "
 upload_msg_03 = "Upload cancelled."
-upload_msg_04 = "Uploading: "
-upload_msg_05 = "Upload successful! "
-upload_msg_06 = "Upload failed: "
+upload_msg_04 = "Uploading:"
+upload_msg_05 = "Upload successful!"
+upload_msg_06 = "Upload failed:"
 
-new_file_h2 = "New File"
-new_file_txt_01 = "File will be created in the current folder.  "
+new_file_h2     = "New File"
+new_file_txt_01 = "File will be created in the current folder."
 new_file_txt_02 = "Some invalid characters are: "
 
 new_file_msg_01 = "New file not created:"
-new_file_msg_02 = "Name contains invalid character(s): "
+new_file_msg_02 = "Name contains invalid character(s):"
 new_file_msg_03 = "New file not created - no name given"
-new_file_msg_04 = "File already exists: "
+new_file_msg_04 = "File already exists:"
 new_file_msg_05 = "Created file:"
 new_file_msg_06 = "Error - new file not created:"
 
@@ -163,31 +163,31 @@ CRM_txt_01  = "To move a file or folder, change the path/to/folder/or_file. The
 CRM_txt_02  = "Old name:"
 CRM_txt_03  = "New name:"
 
-CRM_msg_01 = " Error - new parent location does not exist:"
-CRM_msg_02 = " Error - source file does not exist:"
-CRM_msg_03 = " Error - target filename already exists:"
-CRM_msg_04 = " to "
-CRM_msg_05a = "Error during "
-CRM_msg_05b = " from the above to the following:"
+CRM_msg_01 = "Error - new parent location does not exist:"
+CRM_msg_02 = "Error - source file does not exist:"
+CRM_msg_03 = "Error - target filename already exists:"
+CRM_msg_04 = "to"
+CRM_msg_05a = "Error during"
+CRM_msg_05b = "from the above to the following:"
 
-delete_h2 = "Delete File"
+delete_h2     = "Delete File"
 delete_txt_01 = "Are you sure?"
 
 delete_msg_01 = "Deleted file:"
-delete_msg_02 = "Error deleting "
+delete_msg_02 = "Error deleting"
 
-new_folder_h2 = "New Folder"
-new_folder_txt_1 = "Folder will be created in the current folder.  "
-new_folder_txt_2 = "Some invalid characters are: "
+new_folder_h2    = "New Folder"
+new_folder_txt_1 = "Folder will be created in the current folder."
+new_folder_txt_2 = "Some invalid characters are:"
 
 new_folder_msg_01 = "New folder not created:"
-new_folder_msg_02 = "Name contains invalid character(s): "
+new_folder_msg_02 = "Name contains invalid character(s):"
 new_folder_msg_03 = "New folder not created - no name given."
-new_folder_msg_04 = "Folder already exists: "
+new_folder_msg_04 = "Folder already exists:"
 new_folder_msg_05 = "Created folder:"
-new_folder_msg_06 = "Error - new folder not created: "
+new_folder_msg_06 = "Error - new folder not created:"
 
-delete_folder_h2 = "Delete Folder"
+delete_folder_h2     = "Delete Folder"
 delete_folder_txt_01 = "Are you sure?"
 
 delete_folder_msg_01 = "Folder not empty.   Folders must be empty before they can be deleted."
@@ -206,17 +206,18 @@ page_title_folder_new = "New Folder"
 page_title_folder_ren = "Rename/Move Folder"
 page_title_folder_del = "Delete Folder"
 
+session_warning = "Warning: Session timeout soon!"
 session_expired = "SESSION EXPIRED"
 unload_unsaved  = "               Unsaved changes will be lost!"
 confirm_reset   = "Reset file and loose unsaved changes?"
 
-OFCMS_requires  = "OneFileCMS requires PHP5 to operate. Tested on versions 5.2.17, 5.3.3 & 5.4"
+OFCMS_requires  = "OneFileCMS requires PHP5. Tested on versions 5.2.8, 5.3.3 & 5.4.3."
 
 logout_msg       = "You have successfully logged out."
 folder_del_msg   = "Folder not empty.   Folders must be empty before they can be deleted."
-upload_error_01a = " Upload Error.  Total POST data (mostly filesize) exceeded post_max_size = "
-upload_error_01b = " (from php.ini)"
-edit_caution_01  = "CAUTION "
-edit_caution_02  = " You are editing the active copy of OneFileCMS - BACK IT UP & BE CAREFUL !!"
+upload_error_01a = "Upload Error.  Total POST data (mostly filesize) exceeded post_max_size ="
+upload_error_01b = "(from php.ini)"
+edit_caution_01  = "CAUTION"
+edit_caution_02  = "You are editing the active copy of OneFileCMS - BACK IT UP & BE CAREFUL !!"
 
 time_out_txt = "Session time out in:"
diff --git a/onefilecms.php b/onefilecms.php
index 9691a5d..bb7892e 100755
--- a/onefilecms.php
+++ b/onefilecms.php
@@ -1,7 +1,7 @@
 <?php 
 // OneFileCMS - github.com/Self-Evident/OneFileCMS
 
-$version = '3.3.01';  //#####
+$version = '3.3.02';  //#####
 
 /*******************************************************************************
 Copyright © 2009-2012 https://github.com/rocktronica
@@ -38,14 +38,14 @@
 ini_set('display_errors', 'off'); //Ok to turn on for trouble-shooting.
 ini_set('log_errors'    , 'off');
 ini_set('error_log'     , $_SERVER['SCRIPT_FILENAME'].'.log');
-//Determine good folder for session file? Default is tmp/, which is not secure.
+//Determine good folder for session file? Default is tmp/, which is not secure, but it may not be a serious concern. 
 //session_save_path($safepath)  or  ini_set('session.save_path', $safepath)
 
 
 
 
 // CONFIGURABLE INFO ***********************************************************
-$config_title     = "OneFileCMS";
+$config_title = "OneFileCMS";
 
 $USERNAME = 'username';
 
@@ -54,7 +54,7 @@
 $HASHWORD = 'c3e70af96ab1bfc5669280e98b438e1a8c08ca5e0bb3354c05ceaa6f339fd3f6'; //hash for "password"
 $SALT     = 'somerandomsalt';
 
-$LANGUAGE = "X-OneFileCMS.LANG.EN.ini"; //Filename of language settings. Leave blank for built-in default.
+$LANGUAGE = "x OneFileCMS.LANG.EN.ini"; //Filename of language settings. Leave blank for built-in default.
 
 $MAX_ATTEMPTS  = 3;   //Max failed login attempts before LOGIN_DELAY starts.
 $LOGIN_DELAY   = 10;  //In seconds.
@@ -144,7 +144,7 @@
 $INVALID_CHARS_array = explode(' ', $INVALID_CHARS); // (Space deliminated)
 
 //Make arrays out of a few $config_variables for actual use later.
-//Also, remove spaces and make lowercase.
+//First, remove spaces and make lowercase.
 $SHOWALLFILES = $stypes = false;
   if ($config_stypes == '*') { $SHOWALLFILES = true; }
   else { $stypes   = explode(',', strtolower(str_replace(' ', '', $config_stypes))); }//shown file types
@@ -164,241 +164,242 @@ function hsc($input) { return htmlspecialchars($input); }// end hsc() **********
 
 
 function Default_Language() { // ***********************************************
-global $_;
-// OneFileCMS Language Settings
-//
-$_['LANGUAGE'] = 'English (default)';
-//
-// These are the default values included directly in onefilecms.php.
-//
-// If no translation or value is desired for a particular setting, do not delete
-// the actual setting variable, just set it to an empty string.
-// For example:  $_['some_unused_setting'] = "";
-//
-// Remember to slash-escape any single quotes that may be within a value:  \'
-
-
-
-$_['Upload_File'] = 'Upload File';
-$_['New_File']    = 'New File';
-$_['Ren_Move']    = 'Rename/Move';
-$_['Ren_Moved']   = 'Renamed/Moved';
-$_['New_Folder']  = 'New Folder';
-$_['Ren_Folder']  = 'Rename/Move Folder';
-$_['Del_Folder']  = 'Delete Folder';
-
-$_['Admin']  = 'Admin';
-$_['Enter']  = 'Enter';
-$_['Edit']   = 'Edit';
-$_['Close']  = 'Close';
-$_['Cancel'] = 'Cancel';
-$_['Upload'] = 'Upload';
-$_['Create'] = 'Create';
-$_['Copy']   = 'Copy';
-$_['Copied'] = 'Copied';
-$_['Rename'] = 'Rename';
-$_['Delete'] = 'Delete';
-$_['DELETE'] = 'DELETE';
-$_['File']   = 'File';
-$_['Folder'] = 'Folder';
-
-$_['Log_In']  = 'Log In';
-$_['Log_Out'] = 'Log Out';
-$_['Hash']    = 'Hash';
-$_['Generate_Hash'] = 'Generate Hash';
-
-$_['save_1']      = 'Save';
-$_['save_2']      = 'SAVE CHANGES!';
-$_['reset']       = 'Reset - loose changes';
-$_['Wide_View']   = 'Wide View';
-$_['Normal_View'] = 'Normal View';
-
-$_['on_']    = 'on';
-
-$_['verify_msg_01'] = 'Session expired.';
-$_['verify_msg_02'] = 'INVALID POST';
-
-$_['get_get_msg_01'] = 'File does not exist:';
-
-$_['check_path_msg_01'] = 'Directory does not exist: ';
-
-$_['ord_msg_01'] = 'A file with that name already exists in the target directory.';
-$_['ord_msg_02'] = 'Saving as';
-
-$_['show_img_msg_01'] = 'Image shown at ~';
-$_['show_img_msg_02'] = '% of full size (W x H = ';
-
-$_['hash_h2'] = 'Generate a Password Hash';
-$_['hash_txt_01'] = 'There are two ways to change your OneFileCMS password:';
-$_['hash_txt_02'] = '1) Use the $PASSWORD config variable to store your desired password, and set $USE_HASH = 0 (zero).';
-$_['hash_txt_03'] = '2) Or, use $HASHWORD to store the hash of your password, and set $USE_HASH = 1.';
-$_['hash_txt_04'] = 'Keep in mind that due to a number of widely varied considerations, this is largely an academic excersize. That is, take the idea that this adds much of an improvement to security with a grain of cryptographic salt.	However, it does eleminate the storage of your password in plain text, which is a good thing.';
-$_['hash_txt_05'] = 'Anyway, to use the $HASHWORD password option:';
-$_['hash_txt_06'] = 'Type your desired password in the input field above and hit Enter.';
-$_['hash_txt_07'] = 'The hash will be displayed in a yellow message box above that.';
-$_['hash_txt_08'] = 'Copy and paste the new hash to the $HASHWORD variable in the config section.';
-$_['hash_txt_09'] = 'Make sure to copy ALL of, and ONLY, the hash (no leading or trailing spaces etc).';
-$_['hash_txt_10'] = 'A double-click should select it...';
-$_['hash_txt_11'] = 'Make sure $USE_HASH is set to 1 (or true).';
-$_['hash_txt_12'] = 'When ready, logout and login.';
-$_['hash_txt_13'] = 'You can use OneFileCMS to edit itself.  However, be sure to have a backup ready for the inevitable ytpo...';
-$_['hash_txt_14'] = 'For another small improvement to security, change the default salt and/or method used by OneFileCMS to hash the password (and keep \'em secret, of course).  Remever, every little bit helps...';
-
-$_['hash_msg_01'] = 'Password: ';
-$_['hash_msg_02'] = 'Hash    : ';
-
-$_['login_h2'] = 'Log In';
-$_['login_txt_01'] = 'Username:';
-$_['login_txt_02'] = 'Password:';
-
-$_['login_msg_01a'] = 'There have been ';
-$_['login_msg_01b'] = 'invalid login attempts.';
-$_['login_msg_02a'] = 'Please wait';
-$_['login_msg_02b'] = 'seconds to try again.';
-$_['login_msg_03']  = 'INVALID LOGIN ATTEMPT #';
-
-$_['edit_notes_00']  = 'NOTES:';
-$_['edit_note_01a'] = 'Remember- your ';
-$_['edit_note_01b'] = ' is ';
-$_['edit_note_02'] = 'So save changes before the clock runs out, or the changes will be lost!';
-$_['edit_note_03'] = 'With some browsers, such as Chrome, if you click the browser [Back] then browser [Forward], the file state may not be accurate.  To correct, click the browser\'s [Reload].';
-$_['edit_note_04'] = 'Chrome may disable some javascript in a page if the page even appears to contain inline javascript in certain contexts.  This can affect some features of the OneFileCMS edit page when editing files that legitimately contain such code, such as OneFileCMS itself.  However, such files can still be edited and saved with OneFileCMS.  The primary function lost is the incidental change of background colors (red/green) indicating whether or not the file has unsaved changes.  The issue will be noticed after the first save of such a file.';
-
-$_['edit_h2_1'] = 'Viewing: ';
-$_['edit_h2_2'] = 'Editing: ';
-$_['edit_txt_01'] = 'Non-text or unkown file type. Edit disabled.';
-$_['edit_txt_02'] = 'File possibly contains an invalid character. Edit and view disabled.';
-$_['edit_txt_03'] = 'htmlspecialchars() returned an empty string from what may be an otherwise valid file.';
-$_['edit_txt_04'] = 'This behavior can be inconsistant from version to version of php.';
-
-$_['too_large_to_edit_01a'] = 'Edit disabled. Filesize > ';
-$_['too_large_to_edit_01b'] = ' bytes.';
-$_['too_large_to_edit_02'] = 'Some browsers (ie: IE) bog down or become unstable while editing a large file in an HTML <textarea>.';
-$_['too_large_to_edit_03'] = 'Adjust $MAX_EDIT_SIZE in the configuration section of OneFileCMS as needed.';
-$_['too_large_to_edit_04'] = 'A simple trial and error test can determine a practical limit for a given browser/computer.';
-
-$_['too_large_to_view_01a'] = 'View disabled. Filesize > ';
-$_['too_large_to_view_01b'] = ' bytes.';
-$_['too_large_to_view_02'] = 'Click the the file name above to view as normally rendered in a browser window.';
-$_['too_large_to_view_03'] = 'Adjust $MAX_VIEW_SIZE in the configuration section of OneFileCMS as needed.';
-$_['too_large_to_view_04'] = '(The default value for $MAX_VIEW_SIZE is completely arbitrary, and may be adjusted as desired.)';
-
-$_['meta_txt_01'] = 'Filesize: ';
-$_['meta_txt_02'] = ' bytes.';
-$_['meta_txt_03'] = 'Updated: ';
-
-$_['edit_msg_01'] = 'File saved: ';
-$_['edit_msg_02'] = 'bytes written.';
-$_['edit_msg_03'] = 'There was an error saving file.';
-
-$_['upload_h2'] = 'Upload File';
-$_['upload_txt_01'] = '  per upload_max_filesize in php.ini.';
-$_['upload_txt_02'] = 'per post_max_size in php.ini';
-$_['upload_txt_03'] = 'Note: Maximum upload file size is: ';
-
-$_['upload_err_01a'] = 'Error 1: File too large.  ';
-$_['upload_err_01b'] = ' (From php.ini)';
-$_['upload_err_02a'] = 'Error 2: File too large.  ';
-$_['upload_err_02b'] = ' (From OneFileCMS)';
-$_['upload_err_03']  = 'Error 3: The uploaded file was only partially uploaded.';
-$_['upload_err_04']  = 'Error 4: No file was uploaded.';
-$_['upload_err_05']  = 'Error 5:';
-$_['upload_err_06']  = 'Error 6: Missing a temporary folder.';
-$_['upload_err_07']  = 'Error 7: Failed to write file to disk.';
-$_['upload_err_08']  = 'Error 8: A PHP extension stopped the file upload.';
-
-$_['upload_msg_01'] = 'No file selected for upload.';
-$_['upload_msg_02'] = 'Destination folder does not exist: ';
-$_['upload_msg_03'] = 'Upload cancelled.';
-$_['upload_msg_04'] = 'Uploading: ';
-$_['upload_msg_05'] = 'Upload successful! ';
-$_['upload_msg_06'] = 'Upload failed: ';
-
-$_['new_file_h2'] = 'New File';
-$_['new_file_txt_01'] = 'File will be created in the current folder.  ';
-$_['new_file_txt_02'] = 'Some invalid characters are: ';
-
-$_['new_file_msg_01'] = 'New file not created:';
-$_['new_file_msg_02'] = 'Name contains invalid character(s): ';
-$_['new_file_msg_03'] = 'New file not created - no name given';
-$_['new_file_msg_04'] = 'File already exists: ';
-$_['new_file_msg_05'] = 'Created file:';
-$_['new_file_msg_06'] = 'Error - new file not created:';
-
-$_['CRM_txt_01']  = 'To move a file or folder, change the path/to/folder/or_file. The new location must already exist.';
-$_['CRM_txt_02']  = 'Old name:';
-$_['CRM_txt_03']  = 'New name:';
-
-$_['CRM_msg_01'] = ' Error - new parent location does not exist:';
-$_['CRM_msg_02'] = ' Error - source file does not exist:';
-$_['CRM_msg_03'] = ' Error - target filename already exists:';
-$_['CRM_msg_04'] = ' to ';
-$_['CRM_msg_05a'] = 'Error during ';
-$_['CRM_msg_05b'] = ' from the above to the following:';
-
-$_['delete_h2'] = 'Delete File';
-$_['delete_txt_01'] = 'Are you sure?';
-
-$_['delete_msg_01'] = 'Deleted file:';
-$_['delete_msg_02'] = 'Error deleting ';
-
-$_['new_folder_h2'] = 'New Folder';
-$_['new_folder_txt_1'] = 'Folder will be created in the current folder.  ';
-$_['new_folder_txt_2'] = 'Some invalid characters are: ';
-
-$_['new_folder_msg_01'] = 'New folder not created:';
-$_['new_folder_msg_02'] = 'Name contains invalid character(s): ';
-$_['new_folder_msg_03'] = 'New folder not created - no name given.';
-$_['new_folder_msg_04'] = 'Folder already exists: ';
-$_['new_folder_msg_05'] = 'Created folder:';
-$_['new_folder_msg_06'] = 'Error - new folder not created: ';
-
-$_['delete_folder_h2'] = 'Delete Folder';
-$_['delete_folder_txt_01'] = 'Are you sure?';
-
-$_['delete_folder_msg_01'] = 'Folder not empty.   Folders must be empty before they can be deleted.';
-$_['delete_folder_msg_02'] = 'Deleted folder:';
-$_['delete_folder_msg_03'] = 'an error occurred during delete.';
-
-$_['page_title_login']      = 'Log In';
-$_['page_title_hash']       = 'Hash Page';
-$_['page_title_edit']       = 'Edit/View File';
-$_['page_title_upload']     = 'Upload File';
-$_['page_title_new_file']   = 'New File';
-$_['page_title_copy']       = 'Copy File';
-$_['page_title_ren']        = 'Rename File';
-$_['page_title_del']        = 'Delete File';
-$_['page_title_folder_new'] = 'New Folder';
-$_['page_title_folder_ren'] = 'Rename/Move Folder';
-$_['page_title_folder_del'] = 'Delete Folder';
-
-$_['session_expired'] = 'SESSION EXPIRED';
-$_['unload_unsaved']  = '               Unsaved changes will be lost!';
-$_['confirm_reset']   = 'Reset file and loose unsaved changes?';
-
-$_['OFCMS_requires']  = 'OneFileCMS requires PHP5 to operate. Tested on versions 5.2.17, 5.3.3 & 5.4';
-
-$_['logout_msg']       = 'You have successfully logged out.';
-$_['folder_del_msg']   = 'Folder not empty.   Folders must be empty before they can be deleted.';
-$_['upload_error_01a'] = ' Upload Error.  Total POST data (mostly filesize) exceeded post_max_size = ';
-$_['upload_error_01b'] = ' (from php.ini)';
-$_['edit_caution_01']  = 'CAUTION ';
-$_['edit_caution_02']  = ' You are editing the active copy of OneFileCMS - BACK IT UP & BE CAREFUL !!';
-
-$_['time_out_txt'] = 'Session time out in:';
-
+	return(' 
+;// OneFileCMS Language Settings
+
+LANGUAGE = "English (default)"
+
+;// These are the default values included directly in onefilecms.php.
+;//
+;// If no translation or value is desired for a particular setting, do not delete
+;// the actual setting variable, just set it to an empty string.
+;// For example:  some_unused_setting = ""
+;//
+;// Remember to slash-escape double quotes that may be within a value:  \" 
+;// And, for any values used directly in Default_Language() in onefilecms.php,
+;// single quotes must also be escaped:   \'
+
+Upload_File = "Upload File"
+New_File    = "New File"
+Ren_Move    = "Rename/Move"
+Ren_Moved   = "Renamed/Moved"
+New_Folder  = "New Folder"
+Ren_Folder  = "Rename/Move Folder"
+Del_Folder  = "Delete Folder"
+
+Admin  = "Admin"
+Enter  = "Enter"
+Edit   = "Edit"
+Close  = "Close"
+Cancel = "Cancel"
+Upload = "Upload"
+Create = "Create"
+Copy   = "Copy"
+Copied = "Copied"
+Rename = "Rename"
+Delete = "Delete"
+DELETE = "DELETE"
+File   = "File"
+Folder = "Folder"
+
+Log_In  = "Log In"
+Log_Out = "Log Out"
+Hash    = "Hash"
+Generate_Hash = "Generate Hash"
+
+save_1      = "Save"
+save_2      = "SAVE CHANGES!"
+reset       = "Reset - loose changes"
+Wide_View   = "Wide View"
+Normal_View = "Normal View"
+
+on_      = "on"
+
+verify_msg_01 = "Session expired."
+verify_msg_02 = "INVALID POST"
+
+get_get_msg_01 = "File does not exist:"
+
+check_path_msg_01 = "Directory does not exist: "
+
+ord_msg_01 = "A file with that name already exists in the target directory."
+ord_msg_02 = "Saving as"
+
+show_img_msg_01 = "Image shown at ~"
+show_img_msg_02 = "% of full size (W x H ="
+
+hash_h2     = "Generate a Password Hash"
+hash_txt_01 = "There are two ways to change your OneFileCMS password:"
+hash_txt_02 = "1) Use the $PASSWORD config variable to store your desired password, and set $USE_HASH = 0 (zero)."
+hash_txt_03 = "2) Or, use $HASHWORD to store the hash of your password, and set $USE_HASH = 1."
+hash_txt_04 = "Keep in mind that due to a number of widely varied considerations, this is largely an academic excersize. That is, take the idea that this adds much of an improvement to security with a grain of cryptographic salt.	However, it does eleminate the storage of your password in plain text, which is a good thing."
+hash_txt_05 = "Anyway, to use the $HASHWORD password option:"
+hash_txt_06 = "Type your desired password in the input field above and hit Enter."
+hash_txt_07 = "The hash will be displayed in a yellow message box above that."
+hash_txt_08 = "Copy and paste the new hash to the $HASHWORD variable in the config section."
+hash_txt_09 = "Make sure to copy ALL of, and ONLY, the hash (no leading or trailing spaces etc)."
+hash_txt_10 = "A double-click should select it..."
+hash_txt_11 = "Make sure $USE_HASH is set to 1 (or true)."
+hash_txt_12 = "When ready, logout and login."
+hash_txt_13 = "You can use OneFileCMS to edit itself.  However, be sure to have a backup ready for the inevitable ytpo..."
+hash_txt_14 = "For another small improvement to security, change the default salt and/or method used by OneFileCMS to hash the password (and keep \'em secret, of course).  Remever, every little bit helps..."
+
+hash_msg_01 = "Password: "
+hash_msg_02 = "Hash    : "
+
+login_h2     = "Log In"
+login_txt_01 = "Username:"
+login_txt_02 = "Password:"
+
+login_msg_01a = "There have been "
+login_msg_01b = "invalid login attempts."
+login_msg_02a = "Please wait"
+login_msg_02b = "seconds to try again."
+login_msg_03  = "INVALID LOGIN ATTEMPT #"
+
+edit_note_00  = "NOTES:"
+edit_note_01a = "Remember- your"
+edit_note_01b = "is"
+edit_note_02  = "So save changes before the clock runs out, or the changes will be lost!"
+edit_note_03  = "With some browsers, such as Chrome, if you click the browser [Back] then browser [Forward], the file state may not be accurate.  To correct, click the browser\'s [Reload]."
+edit_note_04  = "Chrome may disable some javascript in a page if the page even appears to contain inline javascript in certain contexts.  This can affect some features of the OneFileCMS edit page when editing files that legitimately contain such code, such as OneFileCMS itself.  However, such files can still be edited and saved with OneFileCMS.  The primary function lost is the incidental change of background colors (red/green) indicating whether or not the file has unsaved changes.  The issue will be noticed after the first save of such a file."
+
+edit_h2_1   = "Viewing:"
+edit_h2_2   = "Editing:"
+edit_txt_01 = "Non-text or unkown file type. Edit disabled."
+edit_txt_02 = "File possibly contains an invalid character. Edit and view disabled."
+edit_txt_03 = "htmlspecialchars() returned an empty string from what may be an otherwise valid file."
+edit_txt_04 = "This behavior can be inconsistant from version to version of php."
+
+too_large_to_edit_01a = "Edit disabled. Filesize >"
+too_large_to_edit_01b = "bytes."
+too_large_to_edit_02 = "Some browsers (ie: IE) bog down or become unstable while editing a large file in an HTML <textarea>."
+too_large_to_edit_03 = "Adjust $MAX_EDIT_SIZE in the configuration section of OneFileCMS as needed."
+too_large_to_edit_04 = "A simple trial and error test can determine a practical limit for a given browser/computer."
+
+too_large_to_view_01a = "View disabled. Filesize >"
+too_large_to_view_01b = "bytes."
+too_large_to_view_02 = "Click the the file name above to view as normally rendered in a browser window."
+too_large_to_view_03 = "Adjust $MAX_VIEW_SIZE in the configuration section of OneFileCMS as needed."
+too_large_to_view_04 = "(The default value for $MAX_VIEW_SIZE is completely arbitrary, and may be adjusted as desired.)"
+
+meta_txt_01 = "Filesize:"
+meta_txt_02 = "bytes."
+meta_txt_03 = "Updated:"
+
+edit_msg_01 = "File saved:"
+edit_msg_02 = "bytes written."
+edit_msg_03 = "There was an error saving file."
+
+upload_h2     = "Upload File"
+upload_txt_01 = "per upload_max_filesize in php.ini."
+upload_txt_02 = "per post_max_size in php.ini"
+upload_txt_03 = "Note: Maximum upload file size is:"
+
+upload_err_01a = "Error 1: File too large."
+upload_err_01b = "(From php.ini)"
+upload_err_02a = "Error 2: File too large."
+upload_err_02b = "(From OneFileCMS)"
+upload_err_03  = "Error 3: The uploaded file was only partially uploaded."
+upload_err_04  = "Error 4: No file was uploaded."
+upload_err_05  = "Error 5:"
+upload_err_06  = "Error 6: Missing a temporary folder."
+upload_err_07  = "Error 7: Failed to write file to disk."
+upload_err_08  = "Error 8: A PHP extension stopped the file upload."
+
+upload_msg_01 = "No file selected for upload."
+upload_msg_02 = "Destination folder does not exist: "
+upload_msg_03 = "Upload cancelled."
+upload_msg_04 = "Uploading:"
+upload_msg_05 = "Upload successful!"
+upload_msg_06 = "Upload failed:"
+
+new_file_h2     = "New File"
+new_file_txt_01 = "File will be created in the current folder."
+new_file_txt_02 = "Some invalid characters are: "
+
+new_file_msg_01 = "New file not created:"
+new_file_msg_02 = "Name contains invalid character(s):"
+new_file_msg_03 = "New file not created - no name given"
+new_file_msg_04 = "File already exists:"
+new_file_msg_05 = "Created file:"
+new_file_msg_06 = "Error - new file not created:"
+
+CRM_txt_01  = "To move a file or folder, change the path/to/folder/or_file. The new location must already exist."
+CRM_txt_02  = "Old name:"
+CRM_txt_03  = "New name:"
+
+CRM_msg_01 = "Error - new parent location does not exist:"
+CRM_msg_02 = "Error - source file does not exist:"
+CRM_msg_03 = "Error - target filename already exists:"
+CRM_msg_04 = "to"
+CRM_msg_05a = "Error during"
+CRM_msg_05b = "from the above to the following:"
+
+delete_h2     = "Delete File"
+delete_txt_01 = "Are you sure?"
+
+delete_msg_01 = "Deleted file:"
+delete_msg_02 = "Error deleting"
+
+new_folder_h2    = "New Folder"
+new_folder_txt_1 = "Folder will be created in the current folder."
+new_folder_txt_2 = "Some invalid characters are:"
+
+new_folder_msg_01 = "New folder not created:"
+new_folder_msg_02 = "Name contains invalid character(s):"
+new_folder_msg_03 = "New folder not created - no name given."
+new_folder_msg_04 = "Folder already exists:"
+new_folder_msg_05 = "Created folder:"
+new_folder_msg_06 = "Error - new folder not created:"
+
+delete_folder_h2     = "Delete Folder"
+delete_folder_txt_01 = "Are you sure?"
+
+delete_folder_msg_01 = "Folder not empty.   Folders must be empty before they can be deleted."
+delete_folder_msg_02 = "Deleted folder:"
+delete_folder_msg_03 = "an error occurred during delete."
+
+page_title_login      = "Log In"
+page_title_hash       = "Hash Page"
+page_title_edit       = "Edit/View File"
+page_title_upload     = "Upload File"
+page_title_new_file   = "New File"
+page_title_copy       = "Copy File"
+page_title_ren        = "Rename File"
+page_title_del        = "Delete File"
+page_title_folder_new = "New Folder"
+page_title_folder_ren = "Rename/Move Folder"
+page_title_folder_del = "Delete Folder"
+
+session_warning = "Warning: Session timeout soon!"
+session_expired = "SESSION EXPIRED"
+unload_unsaved  = "               Unsaved changes will be lost!"
+confirm_reset   = "Reset file and loose unsaved changes?"
+
+OFCMS_requires  = "OneFileCMS requires PHP5. Tested on versions 5.2.8, 5.3.3 & 5.4.3."
+
+logout_msg       = "You have successfully logged out."
+folder_del_msg   = "Folder not empty.   Folders must be empty before they can be deleted."
+upload_error_01a = "Upload Error.  Total POST data (mostly filesize) exceeded post_max_size ="
+upload_error_01b = "(from php.ini)"
+edit_caution_01  = "CAUTION"
+edit_caution_02  = "You are editing the active copy of OneFileCMS - BACK IT UP & BE CAREFUL !!"
+
+time_out_txt = "Session time out in:"
+	');
 }//end Default_Language() ******************************************************
 
 
 
 
 function Session_Startup() {//**************************************************
-	global $USERNAME, $PASSWORD, $USE_HASH, $HASHWORD, $page, $VALID_POST, $MAX_IDLE_TIME, $SESSION_NAME;
- 
+	global $USERNAME, $PASSWORD, $USE_HASH, $HASHWORD, $page, $VALID_POST, $MAX_IDLE_TIME, $SESSION_NAME, $message;
+
 	$limit    = 0; //0 = session.  
 	$path     = dirname($_SERVER['SCRIPT_NAME']);
 	$domain   = ''; // '' = hostname
-	$https    = false; 
+	$https    = false;
 	$httponly = true;//true = unaccessable via javascript. Some XSS protection.
 	session_set_cookie_params($limit, $path, $domain, $https, $httponly);
 
@@ -406,7 +407,7 @@ function Session_Startup() {//**************************************************
 	session_start();
 
 	//Set initial defaults...
-	$page = 'login'; 
+	$page = 'login';
 	$VALID_POST = 0;
 	if ( !isset($_SESSION['valid']) ) { $_SESSION['valid'] = 0; }
 
@@ -416,7 +417,7 @@ function Session_Startup() {//**************************************************
 	session_regenerate_id(true); //Helps prevent session fixation & hijacking.
 
 	if ( $_SESSION['valid'] ) { Verify_IDLE_POST_etc(); }
-	
+
 	$_SESSION['nuonce'] = sha1(mt_rand().microtime()); //provided in <forms> to verify POST
 
 	chdir($_SERVER["DOCUMENT_ROOT"]); //Allow OneFileCMS.php to be started from any dir on the site.
@@ -447,7 +448,7 @@ function Verify_IDLE_POST_etc() { //********************************************
 		if ( $_POST['nuonce'] == $_SESSION['nuonce'] ) {
 			$VALID_POST = 1;
 		}else{
-			Logout();
+			Logout(); //If it exists, but doesn't match - something's wrong.
 			$message .= $EX.'<b>'.hsc($_['verify_msg_02']).'</b><br>';
 		}
 	}
@@ -489,8 +490,6 @@ function Get_GET() { //*** Get main parameters *********************************
 	// i=some/path/,  f=somefile.xyz,  p=somepage
 	global $_, $ipath, $filename, $page, $valid_pages, $param1, $param2, $param3, $message, $EX;
 
-	undo_magic_quotes();
-
 	if (isset($_GET["i"])) { $ipath = Check_path($_GET["i"]); }else{ $ipath = ""; }
 
 	if (isset($_GET["f"])) {
@@ -553,7 +552,7 @@ function Check_path($path) { // returns first valid path in some/supplied/path/
 		if ($path == './') { $path = ""; } // ./ means path not found, so clear for root.
 	}
 
-	return $path; 
+	return $path;
 }//end Check_path() ************************************************************
 
 
@@ -652,12 +651,12 @@ function message_box() { //*****************************************************
 function Upload_New_Rename_Delete_Links() { //**********************************
 	global $_, $ONESCRIPT, $ipath, $param1;
 	echo '<p class="front_links">';
-	echo '<a href="'.$ONESCRIPT.$param1.'&amp;p=upload">'   ; echo svg_icon_upload()    ; echo hsc($_['Upload_File']).'</a>';
-	echo '<a href="'.$ONESCRIPT.$param1.'&amp;p=newfile">'  ; echo svg_icon_file_new()  ; echo hsc($_['New_File'])   .'</a>';
-	echo '<a href="'.$ONESCRIPT.$param1.'&amp;p=newfolder">'; echo svg_icon_folder_new(); echo hsc($_['New_Folder']) .'</a>';
+	echo '<a href="'.$ONESCRIPT.$param1.'&amp;p=upload">'   .svg_icon_upload()    .hsc($_['Upload_File']).'</a>';
+	echo '<a href="'.$ONESCRIPT.$param1.'&amp;p=newfile">'  .svg_icon_file_new()  .hsc($_['New_File'])   .'</a>';
+	echo '<a href="'.$ONESCRIPT.$param1.'&amp;p=newfolder">'.svg_icon_folder_new().hsc($_['New_Folder']) .'</a>';
 	if ($ipath !== "") { //if at root, don't show Rename & Delete links
-		echo '<a href="'.$ONESCRIPT.$param1.'&amp;p=renamefolder">'; echo svg_icon_folder_ren(); echo hsc($_['Ren_Folder']).'</a>';
-		echo '<a href="'.$ONESCRIPT.$param1.'&amp;p=deletefolder">'; echo svg_icon_folder_del(); echo hsc($_['Del_Folder']).'</a>';
+		echo '<a href="'.$ONESCRIPT.$param1.'&amp;p=renamefolder">'.svg_icon_folder_ren().hsc($_['Ren_Folder']).'</a>';
+		echo '<a href="'.$ONESCRIPT.$param1.'&amp;p=deletefolder">'.svg_icon_folder_del().hsc($_['Del_Folder']).'</a>';
 	}
 	echo '</p>';
 }//end Upload_New_Rename_Delete_Links()  ***************************************
@@ -704,7 +703,7 @@ function show_image(){ //*******************************************************
 	}
 
 	echo '<p>';
-	echo hsc($_['show_img_msg_01']). round($SCALE*100) .hsc($_['show_img_msg_02']).$img_info[0].' x '.$img_info[1].').</p>';
+	echo hsc($_['show_img_msg_01']).round($SCALE*100).hsc($_['show_img_msg_02']).' '.$img_info[0].' x '.$img_info[1].').</p>';
 	echo '<div style="clear:both"></div>'.PHP_EOL;
 	echo '<a href="/' .URLencode_path($IMG). '" target="_blank">'.PHP_EOL;
 	echo '<img src="/'.URLencode_path($IMG).'"  height="'.$img_info[$H]*$SCALE.'"></a>'.PHP_EOL;
@@ -716,7 +715,7 @@ function show_image(){ //*******************************************************
 function show_favicon(){ //*****************************************************
 	global $config_favicon, $DOC_ROOT;
 	if (file_exists($DOC_ROOT.$config_favicon)) { 
-		echo '<img src="'.URLencode_path($config_favicon).'" alt="">'; 
+		echo '<img src="'.URLencode_path($config_favicon).'" alt="">';
 	}
 }// end show_favicon() *********************************************************
 
@@ -894,7 +893,7 @@ function svg_icon_folder_ren(){ //**********************************************
 
 
 function svg_icon_folder_del(){ //**********************************************
-	global $SVG_icon_circle_x; 
+	global $SVG_icon_circle_x;
 	$extra = '<g transform="translate(7.5,4)">'.$SVG_icon_circle_x.'</g>';
 	return svg_icon_folder_0($extra);
 } //end svg_icon_folder_del() **************************************************
@@ -966,8 +965,8 @@ function Hash_Page() { //******************************************************
 function Hash_response() { //***************************************************
 	global $_, $message;
 	$_POST['whattohash'] = trim($_POST['whattohash']); // trim leading & trailing spaces.
-	$message .= hsc($_['hash_msg_01']).hsc($_POST['whattohash']).'<br>';
-	$message .= hsc($_['hash_msg_02']).hashit($_POST["whattohash"]);
+	$message .= hsc($_['hash_msg_01']).' '.hsc($_POST['whattohash']).'<br>';
+	$message .= hsc($_['hash_msg_02']).' '.hashit($_POST["whattohash"]);
 } //end Hash_response() ********************************************************
 
 
@@ -1020,7 +1019,7 @@ function Login_response() { //**************************************************
 		$attempts = (int)file_get_contents($LOGIN_ATTEMPTS); //Don't increment yet...
 		$elapsed  = time() - filemtime($LOGIN_ATTEMPTS);
 	}
-	if ($attempts > 0) { $message .= '<b>'.hsc($_['login_msg_01a']).' '.$attempts.' '.hsc($_['login_msg_01b']).'</b><br>';}
+	if ($attempts > 0) { $message .= '<b>'.hsc($_['login_msg_01a']).' '.$attempts.' '.hsc($_['login_msg_01b']).'</b><br>'; }
 
 	if ( ($attempts >= $MAX_ATTEMPTS) && ($elapsed < $LOGIN_DELAY) ){
 		$message .= hsc($_['login_msg_02a']).' '.Timeout_Timer(($LOGIN_DELAY - $elapsed), 'timer0', '', '').' '.hsc($_['login_msg_02b']);
@@ -1126,10 +1125,10 @@ function Edit_Page_buttons_top($text_editable){ //******************************
 	<div class="edit_btns_top">
 		<div class="file_meta">
 			<span class="file_size">
-				<?php echo hsc($_['meta_txt_01']).number_format(filesize($filename)).' '.hsc($_['meta_txt_02']); ?>
+				<?php echo hsc($_['meta_txt_01']).' '.number_format(filesize($filename)).' '.hsc($_['meta_txt_02']); ?>
 			</span>	&nbsp;
 			<span class="file_time">
-				<?php echo hsc($_['meta_txt_03']) ?><script>FileTimeStamp(<?php echo filemtime($filename); ?>, 1, 1);</script>
+				<?php echo hsc($_['meta_txt_03']) ?> <script>FileTimeStamp(<?php echo filemtime($filename); ?>, 1, 1);</script>
 			</span><br>
 		</div>
 
@@ -1233,9 +1232,9 @@ function Edit_Page_Notes() { //*************************************************
 			$HRS_MIN_SEC = $HRS.':'.$MIN.':'.$SEC;
 ?>
 			<div id="edit_notes">
-				<div class="notes"><?php echo hsc($_['edit_notes_00']) ?></div>
+				<div class="notes"><?php echo hsc($_['edit_note_00']) ?></div>
 				<div class="notes"><b>1)
-					<?php echo hsc($_['edit_note_01a']).'$MAX_IDLE_TIME '.hsc($_['edit_note_01b']) ?>
+					<?php echo hsc($_['edit_note_01a']).' $MAX_IDLE_TIME '.hsc($_['edit_note_01b']) ?>
 					<?php echo ' '.$HRS_MIN_SEC.'. '.hsc($_['edit_note_02']) ?></b>
 				</div>
 				<div class="notes"><b>2) </b> <?php echo hsc($_['edit_note_03']) ?></div>
@@ -1263,14 +1262,14 @@ function Edit_Page() { //*******************************************************
 	else                      { $header2 = hsc($_['edit_h2_2']); }
 
 	$too_large_to_edit_message = 
-'<b>'.hsc($_['too_large_to_edit_01a']).number_format($MAX_EDIT_SIZE).' '.hsc($_['too_large_to_edit_01b']).'</b><br>'.
+'<b>'.hsc($_['too_large_to_edit_01a']).' '.number_format($MAX_EDIT_SIZE).' '.hsc($_['too_large_to_edit_01b']).'</b><br>'.
 hsc($_['too_large_to_edit_02']).'<br>'.hsc($_['too_large_to_edit_03']).'<br>'.hsc($_['too_large_to_edit_04']);
 
 	$too_large_to_view_message = 
-'<b>'.hsc($_['too_large_to_view_01a']).number_format($MAX_VIEW_SIZE).' '.hsc($_['too_large_to_view_01b']).'</b><br>'.
+'<b>'.hsc($_['too_large_to_view_01a']).' '.number_format($MAX_VIEW_SIZE).' '.hsc($_['too_large_to_view_01b']).'</b><br>'.
 hsc($_['too_large_to_view_02']).'<br>'.hsc($_['too_large_to_view_03']).'<br>'.hsc($_['too_large_to_view_04']);
 
-	echo '<h2 id="edit_header">'.$header2;
+	echo '<h2 id="edit_header">'.$header2.' ';
 	echo '<a class="filename" href="/'.URLencode_path($filename).'" target="_blank">'.htmlentities(basename($filename)).'</a>';
 	echo '</h2>'.PHP_EOL;
 
@@ -1390,7 +1389,7 @@ function New_File_Page() { //***************************************************
 ?>
 	<h2><?php echo hsc($_['new_file_h2']) ?></h2>
 	<?php echo $FORM_COMMON ?>
-		<p><?php echo hsc($_['new_file_txt_01']) . hsc($_['new_file_txt_02']) ?>
+		<p><?php echo hsc($_['new_file_txt_01']).' '.hsc($_['new_file_txt_02']) ?>
 		<span class="mono"><?php echo htmlentities($INVALID_CHARS) ?></span></p>
 		<input type="text" name="new_file" id="new_file" value="">
 		<?php Cancel_Submit_Buttons(hsc($_['Create']),"new_file"); ?>
@@ -1415,12 +1414,12 @@ function New_File_response() { //***********************************************
 
 	if ($invalid){
 		$message .= $EX.'<b>'.hsc($_['new_file_msg_01']).'</b> '.htmlentities($new_name).'<br>'.
-			'<b> &nbsp; &nbsp; &nbsp; '.hsc($_['new_file_msg_02']).
+			'<b> &nbsp; &nbsp; &nbsp; '.hsc($_['new_file_msg_02']).' '.
 			'<span class="mono">'.htmlentities($INVALID_CHARS).'</span></b>';
 	}elseif ($new_name == ""){ 
 		$message .= $EX.'<b>'.hsc($_['new_file_msg_03']).'</b>';
 	}elseif (file_exists($filename)) {
-		$message .= $EX.'<b>'.hsc($_['new_file_msg_04']);
+		$message .= $EX.'<b>'.hsc($_['new_file_msg_04']).' ';
 		$message .= htmlentities($new_name).'</b>';
 	}elseif ($handle = fopen($filename, 'w')) {
 		fclose($handle);
@@ -1430,7 +1429,7 @@ function New_File_response() { //***********************************************
 		$param3   = '&amp;p=edit';                              // for Edit_Page() buttons 
 	}else{
 		$message .= $EX.'<b>'.hsc($_['new_file_msg_06']);
-		$message .= htmlentities($new_name);
+		$message .= htmlentities($new_name).'</b>';
 	}
 }//end New_File_response() *****************************************************
 
@@ -1573,7 +1572,7 @@ function New_Folder_response(){ //**********************************************
 	if ($invalid){
 		$message .= $EX.'<b>'.hsc($_['new_folder_msg_01']).'</b> '.htmlentities($new_name).'<br>'.
 			'<b>'.hsc($_['new_folder_msg_02']).
-			'<span class="mono">'.htmlentities($INVALID_CHARS).'</span></b>';
+			' <span class="mono">'.htmlentities($INVALID_CHARS).'</span></b>';
 	}elseif ($new_name == ""){ 
 		$message .= $EX.'<b>'.hsc($_['new_folder_msg_03']).'</b>';
 	}elseif (is_dir($new_ipath)) {
@@ -1612,7 +1611,7 @@ function Delete_Folder_Page(){ //***********************************************
 
 
 function Delete_Folder_response() { //******************************************
-	global $ipath, $param1, $page, $message, $EX;
+	global $_, $ipath, $param1, $page, $message, $EX;
 	$page = "index"; //Return to index
 	$foldername = trim($_POST["delete_folder"], '/');
 
@@ -1672,7 +1671,9 @@ function Load_Selected_Page(){ //***********************************************
 
 
 function Timer_scripts() { //***************************************************
-	global $_;
+	global $_, $page;
+	
+	$timeout_warning = '<p><b>'.hsc($_['session_warning']).'</b></p>';
 ?>
 <script>
 //pad() is also used by the Time_Stamp_scripts()
@@ -1698,6 +1699,7 @@ function Countdown(count, End_Time, Timer_ID, Timer_CLASS, Action){
 	Timer.innerHTML = FormatTime(count);
 
 	if ( (count < 120) && (Action != "") ) { //Two minute warning...
+		document.getElementById('message').innerHTML = "<?php echo $timeout_warning ?>";
 		Timer.style.backgroundColor = "white";
 		Timer.style.color = "red";
 		Timer.style.fontWeight = "900";
@@ -1737,7 +1739,7 @@ function Time_Stamp_scripts() { //**********************************************
 function FileTimeStamp(php_filemtime, show_date, show_offset){
 
 	//php's filemtime returns seconds, javascript's date() uses milliseconds.
-	var FileMTime = php_filemtime * 1000; 
+	var FileMTime = php_filemtime * 1000;
 
 	var TIMESTAMP  = new Date(FileMTime);
 	var YEAR  = TIMESTAMP.getFullYear();
@@ -1852,14 +1854,14 @@ function Reset_file_status_indicators() {
 	//With selStart & selEnd == 0, moves cursor to start of text field.
 	function setSelRange(inputEl, selStart, selEnd) { 
 		if (inputEl.setSelectionRange) { 
-			inputEl.focus(); 
-			inputEl.setSelectionRange(selStart, selEnd); 
+			inputEl.focus();
+			inputEl.setSelectionRange(selStart, selEnd);
 		} else if (inputEl.createTextRange) { 
-			var range = inputEl.createTextRange(); 
-			range.collapse(true); 
-			range.moveEnd('character', selEnd); 
-			range.moveStart('character', selStart); 
-			range.select(); 
+			var range = inputEl.createTextRange();
+			range.collapse(true);
+			range.moveEnd('character', selEnd);
+			range.moveStart('character', selStart);
+			range.select();
 		} 
 	}
 
@@ -2247,7 +2249,7 @@ function style_sheet(){ //****************************************************?>
 
 .edit_btns_top    { margin: .2em 0 .5em 0;}
 
-.edit_btns_bottom { float: right; }
+.edit_btns_bottom { float: right; margin-bottom: .65em;}
 .edit_btns_bottom .button { margin-left: .5em; }
 </style>
 <?php 
@@ -2261,18 +2263,31 @@ function style_sheet(){ //****************************************************?>
 //Begin logic to determine page action
 
 
-if( PHP_VERSION_ID < 50000 ) { exit("OneFileCMS requires PHP5 to operate. Tested on versions 5.2.17, 5.3.3 & 5.4"); }
+//If OneFileCMS is found to work on earlier PHP versions, please let the author know. Thank you.
+if( PHP_VERSION_ID < 50000 ) { exit( hsc($_['OFCMS_requires']) ); }
 
 
 // Load language settings
-if ( is_file($LANGUAGE) ) { $_ = parse_ini_file($LANGUAGE); }
-else                      { Default_Language(); }
-
+if ( is_file($LANGUAGE) ) {
+	$_ = parse_ini_file($LANGUAGE);
+
+} elseif ( function_exists('parse_ini_string') ) {  //only available since php 5.3
+	$_ = parse_ini_string( Default_Language() );
+
+} else {
+	$tmpfile = basename($_SERVER["SCRIPT_NAME"]).'.DEFAULT_LANG.INI';
+	file_put_contents( $tmpfile, Default_Language() );
+	$_ = parse_ini_file( $tmpfile );
+	unlink($tmpfile);
+}//end Load language settings
+	
 
-Session_Startup(); 
+Session_Startup();
 
 if ($_SESSION['valid']) {
 
+	undo_magic_quotes();
+
 	Get_GET();  
 
 	Init_Macros();
@@ -2311,7 +2326,7 @@ function style_sheet(){ //****************************************************?>
 
 		//if size of $_POST > post_max_size, PHP only returns empty $_POST & $_FILE arrays.
 	elseif ($page == "uploaded" && !$VALID_POST){
-		$message .= $EX.'<b>'.hsc($_['upload_error_01a']).ini_get('post_max_size').'</b> '.hsc($_['upload_error_01b']).'';
+		$message .= $EX.'<b> '.hsc($_['upload_error_01a']).' '.ini_get('post_max_size').'</b> '.hsc($_['upload_error_01b']).'';
 		$page = "index";}
 
 	elseif ( ($page == "edit") && ($filename == trim(rawurldecode($ONESCRIPT), '/')) ) { 
diff --git a/readme.markdown b/readme.markdown
index 3d46bf3..2259e39 100755
--- a/readme.markdown
+++ b/readme.markdown
@@ -1,17 +1,10 @@
-# Current stable version: 3.3.01
+# Current stable version: 3.3.02
 
-### July 13, 2012
+### July 17, 2012
 
-Fixed a "minor" issue after adding multi-language support- OneFileCMS stopped working altogether on versions of PHP < 5.3.  
-  
-But it's all good now! (I hope...)
+Thanks to github.com/codeless for a German language file!
 
-Also, a dedicated team of translators is hard at work, so OneFile will soon actually be available in many (ie: one) other languages!  
 
-### July 10, 2012
-Added support for optional external language files.  The default (English) is included directly in OneFileCMS, of course.  Now to get some translations...  (hint... hint...)
-(A sample language file is included in the repo as reference for anyone that may be interested.)
-  
 --------------------------------------------------------------------------------
 
 # OneFileCMS
@@ -148,6 +141,14 @@ GENERATE/OUTPUT THE PAGE
 
 ## Change Log
 
+### 3.3.02
+
+- Added German language file courtesy of github.com/codeless.
+
+### 3.3.01
+
+- Fixed a "minor" issue after adding multi-language support- OneFileCMS stopped working altogether on versions of PHP < 5.3.
+
 ### 3.3.0
 
 - Added support for optional external language files.   Now to get some translations...  

From 1b4b63a2ed1a0ed91dd1606bdac1f9dbe2dbf760 Mon Sep 17 00:00:00 2001
From: David <selfevidenttruths@mail.com>
Date: Thu, 19 Jul 2012 15:42:39 -0400
Subject: [PATCH 107/228] Version 3.3.2 Saving language files in UTC-8, instead
 of ANSI.

---
 OneFileCMS.LANG.DE.ini | 458 ++++++++++++++++++++---------------------
 OneFileCMS.LANG.EN.ini | 446 +++++++++++++++++++--------------------
 2 files changed, 452 insertions(+), 452 deletions(-)

diff --git a/OneFileCMS.LANG.DE.ini b/OneFileCMS.LANG.DE.ini
index 4ca689c..68c2a39 100755
--- a/OneFileCMS.LANG.DE.ini
+++ b/OneFileCMS.LANG.DE.ini
@@ -1,229 +1,229 @@
-;///////////////////////////////////////////////////////////////////////////////
-;// OneFileCMS Language Settings
-
-LANGUAGE = "German"
-
-;�bersetzungen:
-;==============
-;Move=Verschieben
-;Directory or Folder=Ordner
-;Create=erstellen
-;Log In=anmelden
-;Log out=abmelden
-;reset=zur�cksetzen
-;session=sitzung
-;expired=abgelaufen
-;exist=bestehen
-;configuration section=Konfigurationsbereich
-;hash=Streuwert
-;button: knopf
-;Anrede: Sie
-
-Upload_File = "Datei heraufladen"
-New_File    = "Datei erstellen"
-Ren_Move    = "Umbenennen/Verschieben"
-Ren_Moved   = "Umbenannt/Verschoben"
-New_Folder  = "Neuer Ordner"
-Ren_Folder  = "Ordner umbenennen/verschieben"
-Del_Folder  = "Ordner l�schen"
-
-Admin  = "Konfiguration"
-Enter  = "Eintreten"
-Edit   = "Bearbeiten"
-Close  = "Schlie�en"
-Cancel = "Abbrechen"
-Upload = "Heraufladen"
-Create = "Erstellen"
-Copy   = "Kopieren"
-Copied = "Kopiert"
-Rename = "Umbenennen"
-Delete = "L�schen"
-DELETE = "L�SCHEN"
-File   = "Datei"
-Folder = "Ordner"
-
-Log_In  = "Anmelden"
-Log_Out = "Abmelden"
-Hash    = "Hash"
-Generate_Hash = "Hash generieren"
-
-save_1      = "Speichern"
-save_2      = "�NDERUNGEN SPEICHERN!"
-reset       = "Zur�cksetzen - �nderungen verwerfen"
-Wide_View   = "Breitenadaptierte Ansicht"
-Normal_View = "Normale Ansicht"
-
-on_      = "l�uft unter"
-
-verify_msg_01 = "Sitzung abgelaufen."
-verify_msg_02 = "UNG�LTIGE DATENSENDUNG"
-
-get_get_msg_01 = "Die Datei wurde nicht gefunden:"
-
-check_path_msg_01 = "Das Verzeichnis wurde nicht gefunden: "
-
-ord_msg_01 = "Eine Datei mit demselben Namen existiert bereits im Zielverzeichnis."
-ord_msg_02 = "Speichern als"
-
-show_img_msg_01 = "Die Bilddarstellung entspricht ~"
-show_img_msg_02 = "% der wahren Gr��e (W x H = "
-
-hash_h2 = "Streuwertgenerierung f�r das Passwort"
-hash_txt_01 = "Es gibt zwei Wege, wie Sie Ihr OneFileCMS-Passwort �ndern k�nnen:"
-hash_txt_02 = "1) Verwenden Sie die Konfigurationsvariable $PASSWORD, um Ihr gew�nschtes Passwort zu speichern. In diesem Fall sollte $USE_HASH auf 0 gesetzt werden."
-hash_txt_03 = "2) Oder Sie verwenden die Konfigurationsvariable $HASHWORD, um den Streuwert Ihres Passwortes zu speichern. Setzen Sie $USE_HASH in diesem Fall auf 1."
-hash_txt_04 = "Bitte denken Sie daran, dass es sich hierbei gro�teils um eine akademische �bung handelt. Die Verwendung eines Streuwerts tr�gt viel zur Sicherheit bei und erlaubt Ihnen, das Passwort nicht in Klarschrift speichern zu m�ssen."
-hash_txt_05 = "Um die $HASHWORD Option verwenden zu k�nnen:"
-hash_txt_06 = "Tippen Sie das gew�nschte Passwort in das Eingabefeld und dr�cken Sie Enter."
-hash_txt_07 = "Der Streuwert wird in einer gelben Box �berhalb angezeigt werden."
-hash_txt_08 = "Kopieren Sie den neuen Streuwert und f�gen Sie ihn in den Konfigurationsbereich als Wert der Variable $HASHWORD ein."
-hash_txt_09 = "Stellen Sie sicher, dass Sie den GESAMTEN Streuwert -- und nur diesen (keine f�hrenden oder nachgestellten Leerzeichen, etc.) -- kopiert haben."
-hash_txt_10 = "Ein Doppelklick sollte den Streuwert ausw�hlen..."
-hash_txt_11 = "Stellen Sie sicher, dass $USE_HASH auf 1 oder true gesetzt wurde."
-hash_txt_12 = "Wenn die Werte eingetragen wurden, melden Sie sich ab und wieder an."
-hash_txt_13 = "Sie k�nnen auch OneFileCMS selbst bearbeiten.  Legen Sie aber sicherheitshalber eine Kopie an, falls es zu einem unerw�nschten Schreibfehler kommt..."
-hash_txt_14 = "Eine weitere, kleine Sicherheitsvorkehrung w�re, das Salz oder die Methode f�r die Streuwertgenerierung von OneFileCMS zu �ndern."
-
-hash_msg_01 = "Passwort: "
-hash_msg_02 = "Streuwert    : "
-
-login_h2 = "Anmelden"
-login_txt_01 = "Benutzername:"
-login_txt_02 = "Password:"
-
-login_msg_01a = "Es wurden "
-login_msg_01b = " ung�ltige Anmeldversuche gez�hlt."
-login_msg_02a = "Bitte warten Sie "
-login_msg_02b = "Sekunden, um es erneut zu probieren."
-login_msg_03  = "UNG�LTIGER ANMELDEVERSUCH #"
-
-edit_notes_00  = "ANMKERUNG:"
-edit_note_01a = "Denken Sie immer daran: Ihre "
-edit_note_01b = " ist "
-edit_note_02 = "Speichern Sie �nderungen bevor der Countdown abl�uft, oder die �nderungen sind verloren!"
-edit_note_03 = "Einige Browser (wie zum Beispiel Chrome) zeigen eventuell nicht den richtigen Dateistatus an, wenn man die Vor- und Zur�ckkn�pfe verwendet. Zum Korrigieren offensichtlich falscher Angaben dr�cken Sie in so einem Fall bitte den \"Neu laden\"-Knopf."
-edit_note_04 = "Die XSS-Filter des Chrome Browsers deaktivieren m�glicherweise einige JavaScript-Funktionen, wenn diese in einem gewissen Kontext auftreten. Das kann sich auf einige Features des OneFileCMS auswirken. Trotzdem k�nnen solche Dateien bearbeitet und gespeichert werden. Allerdings bleibt die Hintergrundfarbe immer gleich; �nderungen an der Datei werden sonst mit wechselnden Hintergrundfarben (rot und gr�n) dargestellt."
-
-edit_h2_1 = "Betrachtend: "
-edit_h2_2 = "In Bearbeitung: "
-edit_txt_01 = "Unbekannter Dateityp oder keine Textdatei. Bearbeitungsm�glichkeit ausgeschalten."
-edit_txt_02 = "Die Datei enth�lt m�glicherweise ung�ltige Zeichen. Der Bearbeitungs- und Betrachtungsmodus wurde gesperrt."
-edit_txt_03 = "htmlspecialchars() gab eine leere Zeichenkette zur�ck."
-edit_txt_04 = "Das Verhalten kann je nach verwendeter PHP-Version unterschiedlich sein."
-
-too_large_to_edit_01a = "Bearbeitungsfunktion deaktiviert. Dateigr��e > "
-too_large_to_edit_01b = " bytes."
-too_large_to_edit_02 = "Einige Browser (wie zum Beispiel der Internet Explorer) bleiben stecken oder werden instabil, sobald gr��ere Textmengen in einer HTML <textarea> bearbeitet werden."
-too_large_to_edit_03 = "Die Einstellung $MAX_EDIT_SIZE im Konfigurationsbereich des OneFileCMS kann nach den Erfordernissen angepa�t werden."
-too_large_to_edit_04 = "Mittels einfachem Trial & Error kann das optimale Limit f�r einen bestimmten Browser und Computer festgestellt werden."
-
-too_large_to_view_01a = "Betrachtungsmodus deaktiviert. Filesize > "
-too_large_to_view_01b = " Bytes."
-too_large_to_view_02 = "Klicken Sie auf den Dateinamen �berhalb, um die Datei direkt im Browser anzuzeigen."
-too_large_to_view_03 = "Adjustieren Sie die $MAX_VIEW_SIZE im Konfigurationsbereich von OneFileCMS nach Ihren Bed�rfnissen."
-too_large_to_view_04 = "(The default value for $MAX_VIEW_SIZE is completely arbitrary, and may be adjusted as desired.)"
-
-meta_txt_01 = "Dateigr��e: "
-meta_txt_02 = " Bytes."
-meta_txt_03 = "Zuletzt aktualisiert am/um: "
-
-edit_msg_01 = "Die Datei wurde gespeichert: "
-edit_msg_02 = "Bytes geschrieben."
-edit_msg_03 = "Bei dem Versuch die Datei zu speichern trat ein Fehler auf."
-
-upload_h2 = "Datei heraufladen"
-upload_txt_01 = "  per upload_max_filesize in php.ini."
-upload_txt_02 = "per post_max_size in php.ini"
-upload_txt_03 = "Anmerkung: Die maximale Dateigr��e f�r das Heraufladen von Dateien betr�gt: "
-
-upload_err_01a = "Fehler 1: Die Datei ist zu gro�.  "
-upload_err_01b = " (Einschr�nkung durch php.ini)"
-upload_err_02a = "Fehler 2: Die Datei ist zu gro�.  "
-upload_err_02b = " (Einschr�nkung durch OneFileCMS)"
-upload_err_03  = "Fehler 3: Die Datei wurde nur teilweise heraufgeladen."
-upload_err_04  = "Fehler 4: Es wurde keine Datei heraufgeladen."
-upload_err_05  = "Fehler 5:"
-upload_err_06  = "Fehler 6: Konnte kein tempor�res Verzeichnis finden."
-upload_err_07  = "Fehler 7: Die Datei konnte nicht gespeichert werden."
-upload_err_08  = "Fehler 8: Eine PHP-Erweiterung hat das Heraufladen der Datei gestoppt."
-
-upload_msg_01 = "Es wurde keine Datei zum Heraufladen gew�hlt."
-upload_msg_02 = "Der Zielordner existiert nicht: "
-upload_msg_03 = "Das Heraufladen wurde abgebrochen."
-upload_msg_04 = "Heraufladen: "
-upload_msg_05 = "Das Heraufladen war erfolgreich! "
-upload_msg_06 = "Das Heraufladen ist fehlgeschlagen: "
-
-new_file_h2 = "Neue Datei"
-new_file_txt_01 = "Die Datei wird im aktuellen Ordner erstellt.  "
-new_file_txt_02 = "Ung�ltige Zeichen f�r Dateinamen sind: "
-
-new_file_msg_01 = "Die neue Datei wurde nicht erstellt:"
-new_file_msg_02 = "Der Name enth�lt ung�ltige Zeichen: "
-new_file_msg_03 = "Es wurde keine Datei erstellt, da kein Name eingegeben wurde"
-new_file_msg_04 = "Die Datei besteht bereits: "
-new_file_msg_05 = "Datei erstellt:"
-new_file_msg_06 = "Fehler - die Datei konnte nicht erstellt werden:"
-
-CRM_txt_01  = "Um eine Datei oder einen Ordner zu verschieben, �ndern Sie den pfad/zur/datei/oder/dem/verzeichnis. Der neue Ort muss bereits existieren."
-CRM_txt_02  = "Alter Name:"
-CRM_txt_03  = "Neuer Name:"
-
-CRM_msg_01 = " Fehler - der neue Zielort besteht nicht:"
-CRM_msg_02 = " Fehler - die Quelldatei besteht nicht:"
-CRM_msg_03 = " Fehler - die Zieldatei besteht bereits:"
-CRM_msg_04 = " zu "
-CRM_msg_05a = "Fehler w�hrend "
-CRM_msg_05b = " des folgenden Vorgangs:"
-
-delete_h2 = "Datei l�schen"
-delete_txt_01 = "Sind Sie sicher?"
-
-delete_msg_01 = "Gel�schte Datei:"
-delete_msg_02 = "W�hrend des L�schvorgangs trat ein Fehler auf "
-
-new_folder_h2 = "Neuer Ordner"
-new_folder_txt_1 = "Der neue Ordner wird als Unterordner des aktuellen Ordners angelegt.  "
-new_folder_txt_2 = "Ung�ltige Zeichen f�r Ordnernamen sind: "
-
-new_folder_msg_01 = "Der Ordner konnte nicht erstellt werden:"
-new_folder_msg_02 = "Der Name enth�lt ung�ltige Zeichen: "
-new_folder_msg_03 = "Es wurde kein Ordner erstellt, da kein Name daf�r eingegeben wurde."
-new_folder_msg_04 = "Der Ordner besteht bereits: "
-new_folder_msg_05 = "Ordner erstellt:"
-new_folder_msg_06 = "Fehler - der Ordner konnte nicht erstellt werden: "
-
-delete_folder_h2 = "Ordner l�schen"
-delete_folder_txt_01 = "Sind Sie sicher?"
-
-delete_folder_msg_01 = "Der Ordner ist nicht leer.   Bevor ein Ordner gel�scht werden kann, muss er geleert werden."
-delete_folder_msg_02 = "Gel�schter Ordner:"
-delete_folder_msg_03 = "w�hrend des L�schvorgangs trat ein Fehler auf."
-
-page_title_login      = "Anmelden"
-page_title_hash       = "Hash Page"
-page_title_edit       = "Datei bearbeiten/betrachten"
-page_title_upload     = "Datei heraufladen"
-page_title_new_file   = "Neue Datei"
-page_title_copy       = "Datei kopieren"
-page_title_ren        = "Datei umbenennen"
-page_title_del        = "Datei l�schen"
-page_title_folder_new = "Neuer Ordner"
-page_title_folder_ren = "Ordner umbenennen/verschieben"
-page_title_folder_del = "Ordner l�schen"
-
-session_warning = "Achtung: Die sitzung wird ende bald!"
-session_expired = "SITZUNG ABGELAUFEN"
-unload_unsaved  = "               Nicht gespeicherte �nderungen gehen verloren!"
-confirm_reset   = "Soll der Inhalt der Datei zur�ckgesetzt werden (�nderungen gehen verloren)?"
-
-OFCMS_requires  = "OneFileCMS erfordert PHP5. Getestet mit den Versionen 5.2.17, 5.3.3 & 5.4"
-
-logout_msg       = "Sie wurden erfolgreich abgemeldet."
-folder_del_msg   = "Der Ordner ist nicht leer.   Der Ordner muss leer sein, bevor er gel�scht werden kann."
-upload_error_01a = " Fehler beim Heraufladen.  Die Gesamtmenge and heraufgeladenen Daten (in Hauptsache die Datei) �berschreitet die post_max_size = "
-upload_error_01b = " (der php.ini)"
-edit_caution_01  = "ACHTUNG "
-edit_caution_02  = " Sie bearbeiten gerade die aktive Version von OneFileCMS - Sichern Sie den Code und seien Sie vorsichtig !!"
-
-time_out_txt = "Automatischer Sitzungsstopp in:"
+;///////////////////////////////////////////////////////////////////////////////
+;// OneFileCMS Language Settings
+
+LANGUAGE = "German"
+
+;Übersetzungen:
+;==============
+;Move=Verschieben
+;Directory or Folder=Ordner
+;Create=erstellen
+;Log In=anmelden
+;Log out=abmelden
+;reset=zurücksetzen
+;session=sitzung
+;expired=abgelaufen
+;exist=bestehen
+;configuration section=Konfigurationsbereich
+;hash=Streuwert
+;button: knopf
+;Anrede: Sie
+
+Upload_File = "Datei heraufladen"
+New_File    = "Datei erstellen"
+Ren_Move    = "Umbenennen/Verschieben"
+Ren_Moved   = "Umbenannt/Verschoben"
+New_Folder  = "Neuer Ordner"
+Ren_Folder  = "Ordner umbenennen/verschieben"
+Del_Folder  = "Ordner löschen"
+
+Admin  = "Konfiguration"
+Enter  = "Eintreten"
+Edit   = "Bearbeiten"
+Close  = "Schließen"
+Cancel = "Abbrechen"
+Upload = "Heraufladen"
+Create = "Erstellen"
+Copy   = "Kopieren"
+Copied = "Kopiert"
+Rename = "Umbenennen"
+Delete = "Löschen"
+DELETE = "LÖSCHEN"
+File   = "Datei"
+Folder = "Ordner"
+
+Log_In  = "Anmelden"
+Log_Out = "Abmelden"
+Hash    = "Hash"
+Generate_Hash = "Hash generieren"
+
+save_1      = "Speichern"
+save_2      = "ÄNDERUNGEN SPEICHERN!"
+reset       = "Zurücksetzen - Änderungen verwerfen"
+Wide_View   = "Breitenadaptierte Ansicht"
+Normal_View = "Normale Ansicht"
+
+on_      = "läuft unter"
+
+verify_msg_01 = "Sitzung abgelaufen."
+verify_msg_02 = "UNGÜLTIGE DATENSENDUNG"
+
+get_get_msg_01 = "Die Datei wurde nicht gefunden:"
+
+check_path_msg_01 = "Das Verzeichnis wurde nicht gefunden: "
+
+ord_msg_01 = "Eine Datei mit demselben Namen existiert bereits im Zielverzeichnis."
+ord_msg_02 = "Speichern als"
+
+show_img_msg_01 = "Die Bilddarstellung entspricht ~"
+show_img_msg_02 = "% der wahren Größe (W x H = "
+
+hash_h2 = "Streuwertgenerierung für das Passwort"
+hash_txt_01 = "Es gibt zwei Wege, wie Sie Ihr OneFileCMS-Passwort ändern können:"
+hash_txt_02 = "1) Verwenden Sie die Konfigurationsvariable $PASSWORD, um Ihr gewünschtes Passwort zu speichern. In diesem Fall sollte $USE_HASH auf 0 gesetzt werden."
+hash_txt_03 = "2) Oder Sie verwenden die Konfigurationsvariable $HASHWORD, um den Streuwert Ihres Passwortes zu speichern. Setzen Sie $USE_HASH in diesem Fall auf 1."
+hash_txt_04 = "Bitte denken Sie daran, dass es sich hierbei großteils um eine akademische übung handelt. Die Verwendung eines Streuwerts trägt viel zur Sicherheit bei und erlaubt Ihnen, das Passwort nicht in Klarschrift speichern zu müssen."
+hash_txt_05 = "Um die $HASHWORD Option verwenden zu können:"
+hash_txt_06 = "Tippen Sie das gewünschte Passwort in das Eingabefeld und drücken Sie Enter."
+hash_txt_07 = "Der Streuwert wird in einer gelben Box überhalb angezeigt werden."
+hash_txt_08 = "Kopieren Sie den neuen Streuwert und fügen Sie ihn in den Konfigurationsbereich als Wert der Variable $HASHWORD ein."
+hash_txt_09 = "Stellen Sie sicher, dass Sie den GESAMTEN Streuwert -- und nur diesen (keine führenden oder nachgestellten Leerzeichen, etc.) -- kopiert haben."
+hash_txt_10 = "Ein Doppelklick sollte den Streuwert auswählen..."
+hash_txt_11 = "Stellen Sie sicher, dass $USE_HASH auf 1 oder true gesetzt wurde."
+hash_txt_12 = "Wenn die Werte eingetragen wurden, melden Sie sich ab und wieder an."
+hash_txt_13 = "Sie können auch OneFileCMS selbst bearbeiten.  Legen Sie aber sicherheitshalber eine Kopie an, falls es zu einem unerwünschten Schreibfehler kommt..."
+hash_txt_14 = "Eine weitere, kleine Sicherheitsvorkehrung wäre, das Salz oder die Methode für die Streuwertgenerierung von OneFileCMS zu ändern."
+
+hash_msg_01 = "Passwort: "
+hash_msg_02 = "Streuwert    : "
+
+login_h2 = "Anmelden"
+login_txt_01 = "Benutzername:"
+login_txt_02 = "Password:"
+
+login_msg_01a = "Es wurden "
+login_msg_01b = " ungültige Anmeldversuche gezählt."
+login_msg_02a = "Bitte warten Sie "
+login_msg_02b = "Sekunden, um es erneut zu probieren."
+login_msg_03  = "UNGÜLTIGER ANMELDEVERSUCH #"
+
+edit_note_00  = "ANMKERUNG:"
+edit_note_01a = "Denken Sie immer daran: Ihre "
+edit_note_01b = " ist "
+edit_note_02 = "Speichern Sie Änderungen bevor der Countdown abläuft, oder die Änderungen sind verloren!"
+edit_note_03 = "Einige Browser (wie zum Beispiel Chrome) zeigen eventuell nicht den richtigen Dateistatus an, wenn man die Vor- und Zurückknöpfe verwendet. Zum Korrigieren offensichtlich falscher Angaben drücken Sie in so einem Fall bitte den \"Neu laden\"-Knopf."
+edit_note_04 = "Die XSS-Filter des Chrome Browsers deaktivieren möglicherweise einige JavaScript-Funktionen, wenn diese in einem gewissen Kontext auftreten. Das kann sich auf einige Features des OneFileCMS auswirken. Trotzdem können solche Dateien bearbeitet und gespeichert werden. Allerdings bleibt die Hintergrundfarbe immer gleich; Änderungen an der Datei werden sonst mit wechselnden Hintergrundfarben (rot und grün) dargestellt."
+
+edit_h2_1 = "Betrachtend: "
+edit_h2_2 = "In Bearbeitung: "
+edit_txt_01 = "Unbekannter Dateityp oder keine Textdatei. Bearbeitungsmöglichkeit ausgeschalten."
+edit_txt_02 = "Die Datei enthält möglicherweise ungültige Zeichen. Der Bearbeitungs- und Betrachtungsmodus wurde gesperrt."
+edit_txt_03 = "htmlspecialchars() gab eine leere Zeichenkette zurück."
+edit_txt_04 = "Das Verhalten kann je nach verwendeter PHP-Version unterschiedlich sein."
+
+too_large_to_edit_01a = "Bearbeitungsfunktion deaktiviert. Dateigröße > "
+too_large_to_edit_01b = " bytes."
+too_large_to_edit_02 = "Einige Browser (wie zum Beispiel der Internet Explorer) bleiben stecken oder werden instabil, sobald größere Textmengen in einer HTML <textarea> bearbeitet werden."
+too_large_to_edit_03 = "Die Einstellung $MAX_EDIT_SIZE im Konfigurationsbereich des OneFileCMS kann nach den Erfordernissen angepaßt werden."
+too_large_to_edit_04 = "Mittels einfachem Trial & Error kann das optimale Limit für einen bestimmten Browser und Computer festgestellt werden."
+
+too_large_to_view_01a = "Betrachtungsmodus deaktiviert. Filesize > "
+too_large_to_view_01b = " Bytes."
+too_large_to_view_02 = "Klicken Sie auf den Dateinamen überhalb, um die Datei direkt im Browser anzuzeigen."
+too_large_to_view_03 = "Adjustieren Sie die $MAX_VIEW_SIZE im Konfigurationsbereich von OneFileCMS nach Ihren Bedürfnissen."
+too_large_to_view_04 = "(The default value for $MAX_VIEW_SIZE is completely arbitrary, and may be adjusted as desired.)"
+
+meta_txt_01 = "Dateigröße: "
+meta_txt_02 = " Bytes."
+meta_txt_03 = "Zuletzt aktualisiert am/um: "
+
+edit_msg_01 = "Die Datei wurde gespeichert: "
+edit_msg_02 = "Bytes geschrieben."
+edit_msg_03 = "Bei dem Versuch die Datei zu speichern trat ein Fehler auf."
+
+upload_h2 = "Datei heraufladen"
+upload_txt_01 = "  per upload_max_filesize in php.ini."
+upload_txt_02 = "per post_max_size in php.ini"
+upload_txt_03 = "Anmerkung: Die maximale Dateigröße für das Heraufladen von Dateien beträgt: "
+
+upload_err_01a = "Fehler 1: Die Datei ist zu groß.  "
+upload_err_01b = " (Einschränkung durch php.ini)"
+upload_err_02a = "Fehler 2: Die Datei ist zu groß.  "
+upload_err_02b = " (Einschränkung durch OneFileCMS)"
+upload_err_03  = "Fehler 3: Die Datei wurde nur teilweise heraufgeladen."
+upload_err_04  = "Fehler 4: Es wurde keine Datei heraufgeladen."
+upload_err_05  = "Fehler 5:"
+upload_err_06  = "Fehler 6: Konnte kein temporäres Verzeichnis finden."
+upload_err_07  = "Fehler 7: Die Datei konnte nicht gespeichert werden."
+upload_err_08  = "Fehler 8: Eine PHP-Erweiterung hat das Heraufladen der Datei gestoppt."
+
+upload_msg_01 = "Es wurde keine Datei zum Heraufladen gewählt."
+upload_msg_02 = "Der Zielordner existiert nicht: "
+upload_msg_03 = "Das Heraufladen wurde abgebrochen."
+upload_msg_04 = "Heraufladen: "
+upload_msg_05 = "Das Heraufladen war erfolgreich! "
+upload_msg_06 = "Das Heraufladen ist fehlgeschlagen: "
+
+new_file_h2 = "Neue Datei"
+new_file_txt_01 = "Die Datei wird im aktuellen Ordner erstellt.  "
+new_file_txt_02 = "Ungültige Zeichen für Dateinamen sind: "
+
+new_file_msg_01 = "Die neue Datei wurde nicht erstellt:"
+new_file_msg_02 = "Der Name enthält ungültige Zeichen: "
+new_file_msg_03 = "Es wurde keine Datei erstellt, da kein Name eingegeben wurde"
+new_file_msg_04 = "Die Datei besteht bereits: "
+new_file_msg_05 = "Datei erstellt:"
+new_file_msg_06 = "Fehler - die Datei konnte nicht erstellt werden:"
+
+CRM_txt_01  = "Um eine Datei oder einen Ordner zu verschieben, ändern Sie den pfad/zur/datei/oder/dem/verzeichnis. Der neue Ort muss bereits existieren."
+CRM_txt_02  = "Alter Name:"
+CRM_txt_03  = "Neuer Name:"
+
+CRM_msg_01 = " Fehler - der neue Zielort besteht nicht:"
+CRM_msg_02 = " Fehler - die Quelldatei besteht nicht:"
+CRM_msg_03 = " Fehler - die Zieldatei besteht bereits:"
+CRM_msg_04 = " zu "
+CRM_msg_05a = "Fehler während "
+CRM_msg_05b = " des folgenden Vorgangs:"
+
+delete_h2 = "Datei löschen"
+delete_txt_01 = "Sind Sie sicher?"
+
+delete_msg_01 = "Gelöschte Datei:"
+delete_msg_02 = "Während des Löschvorgangs trat ein Fehler auf "
+
+new_folder_h2 = "Neuer Ordner"
+new_folder_txt_1 = "Der neue Ordner wird als Unterordner des aktuellen Ordners angelegt.  "
+new_folder_txt_2 = "Ungültige Zeichen für Ordnernamen sind: "
+
+new_folder_msg_01 = "Der Ordner konnte nicht erstellt werden:"
+new_folder_msg_02 = "Der Name enthält ungültige Zeichen: "
+new_folder_msg_03 = "Es wurde kein Ordner erstellt, da kein Name dafür eingegeben wurde."
+new_folder_msg_04 = "Der Ordner besteht bereits: "
+new_folder_msg_05 = "Ordner erstellt:"
+new_folder_msg_06 = "Fehler - der Ordner konnte nicht erstellt werden: "
+
+delete_folder_h2 = "Ordner löschen"
+delete_folder_txt_01 = "Sind Sie sicher?"
+
+delete_folder_msg_01 = "Der Ordner ist nicht leer.   Bevor ein Ordner gelöscht werden kann, muss er geleert werden."
+delete_folder_msg_02 = "Gelöschter Ordner:"
+delete_folder_msg_03 = "während des Löschvorgangs trat ein Fehler auf."
+
+page_title_login      = "Anmelden"
+page_title_hash       = "Hash Page"
+page_title_edit       = "Datei bearbeiten/betrachten"
+page_title_upload     = "Datei heraufladen"
+page_title_new_file   = "Neue Datei"
+page_title_copy       = "Datei kopieren"
+page_title_ren        = "Datei umbenennen"
+page_title_del        = "Datei löschen"
+page_title_folder_new = "Neuer Ordner"
+page_title_folder_ren = "Ordner umbenennen/verschieben"
+page_title_folder_del = "Ordner löschen"
+
+session_warning = "Achtung: Die sitzung wird ende bald!"
+session_expired = "SITZUNG ABGELAUFEN"
+unload_unsaved  = "               Nicht gespeicherte Änderungen gehen verloren!"
+confirm_reset   = "Soll der Inhalt der Datei zurückgesetzt werden (Änderungen gehen verloren)?"
+
+OFCMS_requires  = "OneFileCMS erfordert PHP5. Getestet mit den Versionen 5.2.17, 5.3.3 & 5.4"
+
+logout_msg       = "Sie wurden erfolgreich abgemeldet."
+folder_del_msg   = "Der Ordner ist nicht leer.   Der Ordner muss leer sein, bevor er gelöscht werden kann."
+upload_error_01a = " Fehler beim Heraufladen.  Die Gesamtmenge and heraufgeladenen Daten (in Hauptsache die Datei) überschreitet die post_max_size = "
+upload_error_01b = " (der php.ini)"
+edit_caution_01  = "ACHTUNG "
+edit_caution_02  = " Sie bearbeiten gerade die aktive Version von OneFileCMS - Sichern Sie den Code und seien Sie vorsichtig !!"
+
+time_out_txt = "Automatischer Sitzungsstopp in:"
diff --git a/OneFileCMS.LANG.EN.ini b/OneFileCMS.LANG.EN.ini
index 052f650..b3e33ee 100755
--- a/OneFileCMS.LANG.EN.ini
+++ b/OneFileCMS.LANG.EN.ini
@@ -1,223 +1,223 @@
-;///////////////////////////////////////////////////////////////////////////////
-;// OneFileCMS Language Settings v3.3.02
-
-LANGUAGE = "English (default)"
-
-;// These are the default values included directly in onefilecms.php.
-;//
-;// If no translation or value is desired for a particular setting, do not delete
-;// the actual setting variable, just set it to an empty string.
-;// For example:  some_unused_setting = ""
-;//
-;// Remember to slash-escape double quotes that may be within a value:  \" 
-;// And, for any values used directly in Default_Language() in onefilecms.php,
-;// single quotes must also be escaped:   \'
-
-Upload_File = "Upload File"
-New_File    = "New File"
-Ren_Move    = "Rename/Move"
-Ren_Moved   = "Renamed/Moved"
-New_Folder  = "New Folder"
-Ren_Folder  = "Rename/Move Folder"
-Del_Folder  = "Delete Folder"
-
-Admin  = "Admin"
-Enter  = "Enter"
-Edit   = "Edit"
-Close  = "Close"
-Cancel = "Cancel"
-Upload = "Upload"
-Create = "Create"
-Copy   = "Copy"
-Copied = "Copied"
-Rename = "Rename"
-Delete = "Delete"
-DELETE = "DELETE"
-File   = "File"
-Folder = "Folder"
-
-Log_In  = "Log In"
-Log_Out = "Log Out"
-Hash    = "Hash"
-Generate_Hash = "Generate Hash"
-
-save_1      = "Save"
-save_2      = "SAVE CHANGES!"
-reset       = "Reset - loose changes"
-Wide_View   = "Wide View"
-Normal_View = "Normal View"
-
-on_      = "on"
-
-verify_msg_01 = "Session expired."
-verify_msg_02 = "INVALID POST"
-
-get_get_msg_01 = "File does not exist:"
-
-check_path_msg_01 = "Directory does not exist: "
-
-ord_msg_01 = "A file with that name already exists in the target directory."
-ord_msg_02 = "Saving as"
-
-show_img_msg_01 = "Image shown at ~"
-show_img_msg_02 = "% of full size (W x H ="
-
-hash_h2     = "Generate a Password Hash"
-hash_txt_01 = "There are two ways to change your OneFileCMS password:"
-hash_txt_02 = "1) Use the $PASSWORD config variable to store your desired password, and set $USE_HASH = 0 (zero)."
-hash_txt_03 = "2) Or, use $HASHWORD to store the hash of your password, and set $USE_HASH = 1."
-hash_txt_04 = "Keep in mind that due to a number of widely varied considerations, this is largely an academic excersize. That is, take the idea that this adds much of an improvement to security with a grain of cryptographic salt.	However, it does eleminate the storage of your password in plain text, which is a good thing."
-hash_txt_05 = "Anyway, to use the $HASHWORD password option:"
-hash_txt_06 = "Type your desired password in the input field above and hit Enter."
-hash_txt_07 = "The hash will be displayed in a yellow message box above that."
-hash_txt_08 = "Copy and paste the new hash to the $HASHWORD variable in the config section."
-hash_txt_09 = "Make sure to copy ALL of, and ONLY, the hash (no leading or trailing spaces etc)."
-hash_txt_10 = "A double-click should select it..."
-hash_txt_11 = "Make sure $USE_HASH is set to 1 (or true)."
-hash_txt_12 = "When ready, logout and login."
-hash_txt_13 = "You can use OneFileCMS to edit itself.  However, be sure to have a backup ready for the inevitable ytpo..."
-hash_txt_14 = "For another small improvement to security, change the default salt and/or method used by OneFileCMS to hash the password (and keep 'em secret, of course).  Remever, every little bit helps..."
-
-hash_msg_01 = "Password: "
-hash_msg_02 = "Hash    : "
-
-login_h2     = "Log In"
-login_txt_01 = "Username:"
-login_txt_02 = "Password:"
-
-login_msg_01a = "There have been "
-login_msg_01b = "invalid login attempts."
-login_msg_02a = "Please wait"
-login_msg_02b = "seconds to try again."
-login_msg_03  = "INVALID LOGIN ATTEMPT #"
-
-edit_note_00  = "NOTES:"
-edit_note_01a = "Remember- your"
-edit_note_01b = "is"
-edit_note_02  = "So save changes before the clock runs out, or the changes will be lost!"
-edit_note_03  = "With some browsers, such as Chrome, if you click the browser [Back] then browser [Forward], the file state may not be accurate.  To correct, click the browser's [Reload]."
-edit_note_04  = "Chrome may disable some javascript in a page if the page even appears to contain inline javascript in certain contexts.  This can affect some features of the OneFileCMS edit page when editing files that legitimately contain such code, such as OneFileCMS itself.  However, such files can still be edited and saved with OneFileCMS.  The primary function lost is the incidental change of background colors (red/green) indicating whether or not the file has unsaved changes.  The issue will be noticed after the first save of such a file."
-
-edit_h2_1   = "Viewing:"
-edit_h2_2   = "Editing:"
-edit_txt_01 = "Non-text or unkown file type. Edit disabled."
-edit_txt_02 = "File possibly contains an invalid character. Edit and view disabled."
-edit_txt_03 = "htmlspecialchars() returned an empty string from what may be an otherwise valid file."
-edit_txt_04 = "This behavior can be inconsistant from version to version of php."
-
-too_large_to_edit_01a = "Edit disabled. Filesize >"
-too_large_to_edit_01b = "bytes."
-too_large_to_edit_02 = "Some browsers (ie: IE) bog down or become unstable while editing a large file in an HTML <textarea>."
-too_large_to_edit_03 = "Adjust $MAX_EDIT_SIZE in the configuration section of OneFileCMS as needed."
-too_large_to_edit_04 = "A simple trial and error test can determine a practical limit for a given browser/computer."
-
-too_large_to_view_01a = "View disabled. Filesize >"
-too_large_to_view_01b = "bytes."
-too_large_to_view_02 = "Click the file name above to view as normally rendered in a browser window."
-too_large_to_view_03 = "Adjust $MAX_VIEW_SIZE in the configuration section of OneFileCMS as needed."
-too_large_to_view_04 = "(The default value for $MAX_VIEW_SIZE is completely arbitrary, and may be adjusted as desired.)"
-
-meta_txt_01 = "Filesize:"
-meta_txt_02 = "bytes."
-meta_txt_03 = "Updated:"
-
-edit_msg_01 = "File saved:"
-edit_msg_02 = "bytes written."
-edit_msg_03 = "There was an error saving file."
-
-upload_h2     = "Upload File"
-upload_txt_01 = "per upload_max_filesize in php.ini."
-upload_txt_02 = "per post_max_size in php.ini"
-upload_txt_03 = "Note: Maximum upload file size is:"
-
-upload_err_01a = "Error 1: File too large."
-upload_err_01b = "(From php.ini)"
-upload_err_02a = "Error 2: File too large."
-upload_err_02b = "(From OneFileCMS)"
-upload_err_03  = "Error 3: The uploaded file was only partially uploaded."
-upload_err_04  = "Error 4: No file was uploaded."
-upload_err_05  = "Error 5:"
-upload_err_06  = "Error 6: Missing a temporary folder."
-upload_err_07  = "Error 7: Failed to write file to disk."
-upload_err_08  = "Error 8: A PHP extension stopped the file upload."
-
-upload_msg_01 = "No file selected for upload."
-upload_msg_02 = "Destination folder does not exist: "
-upload_msg_03 = "Upload cancelled."
-upload_msg_04 = "Uploading:"
-upload_msg_05 = "Upload successful!"
-upload_msg_06 = "Upload failed:"
-
-new_file_h2     = "New File"
-new_file_txt_01 = "File will be created in the current folder."
-new_file_txt_02 = "Some invalid characters are: "
-
-new_file_msg_01 = "New file not created:"
-new_file_msg_02 = "Name contains invalid character(s):"
-new_file_msg_03 = "New file not created - no name given"
-new_file_msg_04 = "File already exists:"
-new_file_msg_05 = "Created file:"
-new_file_msg_06 = "Error - new file not created:"
-
-CRM_txt_01  = "To move a file or folder, change the path/to/folder/or_file. The new location must already exist."
-CRM_txt_02  = "Old name:"
-CRM_txt_03  = "New name:"
-
-CRM_msg_01 = "Error - new parent location does not exist:"
-CRM_msg_02 = "Error - source file does not exist:"
-CRM_msg_03 = "Error - target filename already exists:"
-CRM_msg_04 = "to"
-CRM_msg_05a = "Error during"
-CRM_msg_05b = "from the above to the following:"
-
-delete_h2     = "Delete File"
-delete_txt_01 = "Are you sure?"
-
-delete_msg_01 = "Deleted file:"
-delete_msg_02 = "Error deleting"
-
-new_folder_h2    = "New Folder"
-new_folder_txt_1 = "Folder will be created in the current folder."
-new_folder_txt_2 = "Some invalid characters are:"
-
-new_folder_msg_01 = "New folder not created:"
-new_folder_msg_02 = "Name contains invalid character(s):"
-new_folder_msg_03 = "New folder not created - no name given."
-new_folder_msg_04 = "Folder already exists:"
-new_folder_msg_05 = "Created folder:"
-new_folder_msg_06 = "Error - new folder not created:"
-
-delete_folder_h2     = "Delete Folder"
-delete_folder_txt_01 = "Are you sure?"
-
-delete_folder_msg_01 = "Folder not empty.   Folders must be empty before they can be deleted."
-delete_folder_msg_02 = "Deleted folder:"
-delete_folder_msg_03 = "an error occurred during delete."
-
-page_title_login      = "Log In"
-page_title_hash       = "Hash Page"
-page_title_edit       = "Edit/View File"
-page_title_upload     = "Upload File"
-page_title_new_file   = "New File"
-page_title_copy       = "Copy File"
-page_title_ren        = "Rename File"
-page_title_del        = "Delete File"
-page_title_folder_new = "New Folder"
-page_title_folder_ren = "Rename/Move Folder"
-page_title_folder_del = "Delete Folder"
-
-session_warning = "Warning: Session timeout soon!"
-session_expired = "SESSION EXPIRED"
-unload_unsaved  = "               Unsaved changes will be lost!"
-confirm_reset   = "Reset file and loose unsaved changes?"
-
-OFCMS_requires  = "OneFileCMS requires PHP5. Tested on versions 5.2.8, 5.3.3 & 5.4.3."
-
-logout_msg       = "You have successfully logged out."
-folder_del_msg   = "Folder not empty.   Folders must be empty before they can be deleted."
-upload_error_01a = "Upload Error.  Total POST data (mostly filesize) exceeded post_max_size ="
-upload_error_01b = "(from php.ini)"
-edit_caution_01  = "CAUTION"
-edit_caution_02  = "You are editing the active copy of OneFileCMS - BACK IT UP & BE CAREFUL !!"
-
-time_out_txt = "Session time out in:"
+;///////////////////////////////////////////////////////////////////////////////
+;// OneFileCMS Language Settings v3.3.02
+
+LANGUAGE = "English"
+
+;// These are the default values included directly in onefilecms.php.
+;//
+;// If no translation or value is desired for a particular setting, do not delete
+;// the actual setting variable, just set it to an empty string.
+;// For example:  some_unused_setting = ""
+;//
+;// Remember to slash-escape double quotes that may be within a value:  \" 
+;// And, for any values used directly in Default_Language() in onefilecms.php,
+;// single quotes must also be escaped:   \'
+
+Upload_File = "Upload File"
+New_File    = "New File"
+Ren_Move    = "Rename/Move"
+Ren_Moved   = "Renamed/Moved"
+New_Folder  = "New Folder"
+Ren_Folder  = "Rename/Move Folder"
+Del_Folder  = "Delete Folder"
+
+Admin  = "Admin"
+Enter  = "Enter"
+Edit   = "Edit"
+Close  = "Close"
+Cancel = "Cancel"
+Upload = "Upload"
+Create = "Create"
+Copy   = "Copy"
+Copied = "Copied"
+Rename = "Rename"
+Delete = "Delete"
+DELETE = "DELETE"
+File   = "File"
+Folder = "Folder"
+
+Log_In  = "Log In"
+Log_Out = "Log Out"
+Hash    = "Hash"
+Generate_Hash = "Generate Hash"
+
+save_1      = "Save"
+save_2      = "SAVE CHANGES!"
+reset       = "Reset - loose changes"
+Wide_View   = "Wide View"
+Normal_View = "Normal View"
+
+on_      = "on"
+
+verify_msg_01 = "Session expired."
+verify_msg_02 = "INVALID POST"
+
+get_get_msg_01 = "File does not exist:"
+
+check_path_msg_01 = "Directory does not exist: "
+
+ord_msg_01 = "A file with that name already exists in the target directory."
+ord_msg_02 = "Saving as"
+
+show_img_msg_01 = "Image shown at ~"
+show_img_msg_02 = "% of full size (W x H ="
+
+hash_h2     = "Generate a Password Hash"
+hash_txt_01 = "There are two ways to change your OneFileCMS password:"
+hash_txt_02 = "1) Use the $PASSWORD config variable to store your desired password, and set $USE_HASH = 0 (zero)."
+hash_txt_03 = "2) Or, use $HASHWORD to store the hash of your password, and set $USE_HASH = 1."
+hash_txt_04 = "Keep in mind that due to a number of widely varied considerations, this is largely an academic excersize. That is, take the idea that this adds much of an improvement to security with a grain of cryptographic salt.	However, it does eleminate the storage of your password in plain text, which is a good thing."
+hash_txt_05 = "Anyway, to use the $HASHWORD password option:"
+hash_txt_06 = "Type your desired password in the input field above and hit Enter."
+hash_txt_07 = "The hash will be displayed in a yellow message box above that."
+hash_txt_08 = "Copy and paste the new hash to the $HASHWORD variable in the config section."
+hash_txt_09 = "Make sure to copy ALL of, and ONLY, the hash (no leading or trailing spaces etc)."
+hash_txt_10 = "A double-click should select it..."
+hash_txt_11 = "Make sure $USE_HASH is set to 1 (or true)."
+hash_txt_12 = "When ready, logout and login."
+hash_txt_13 = "You can use OneFileCMS to edit itself.  However, be sure to have a backup ready for the inevitable ytpo..."
+hash_txt_14 = "For another small improvement to security, change the default salt and/or method used by OneFileCMS to hash the password (and keep 'em secret, of course).  Remever, every little bit helps..."
+
+hash_msg_01 = "Password: "
+hash_msg_02 = "Hash    : "
+
+login_h2     = "Log In"
+login_txt_01 = "Username:"
+login_txt_02 = "Password:"
+
+login_msg_01a = "There have been "
+login_msg_01b = "invalid login attempts."
+login_msg_02a = "Please wait"
+login_msg_02b = "seconds to try again."
+login_msg_03  = "INVALID LOGIN ATTEMPT #"
+
+edit_note_00  = "NOTES:"
+edit_note_01a = "Remember- your"
+edit_note_01b = "is"
+edit_note_02  = "So save changes before the clock runs out, or the changes will be lost!"
+edit_note_03  = "With some browsers, such as Chrome, if you click the browser [Back] then browser [Forward], the file state may not be accurate.  To correct, click the browser's [Reload]."
+edit_note_04  = "Chrome may disable some javascript in a page if the page even appears to contain inline javascript in certain contexts.  This can affect some features of the OneFileCMS edit page when editing files that legitimately contain such code, such as OneFileCMS itself.  However, such files can still be edited and saved with OneFileCMS.  The primary function lost is the incidental change of background colors (red/green) indicating whether or not the file has unsaved changes.  The issue will be noticed after the first save of such a file."
+
+edit_h2_1   = "Viewing:"
+edit_h2_2   = "Editing:"
+edit_txt_01 = "Non-text or unkown file type. Edit disabled."
+edit_txt_02 = "File possibly contains an invalid character. Edit and view disabled."
+edit_txt_03 = "htmlspecialchars() returned an empty string from what may be an otherwise valid file."
+edit_txt_04 = "This behavior can be inconsistant from version to version of php."
+
+too_large_to_edit_01a = "Edit disabled. Filesize >"
+too_large_to_edit_01b = "bytes."
+too_large_to_edit_02 = "Some browsers (ie: IE) bog down or become unstable while editing a large file in an HTML <textarea>."
+too_large_to_edit_03 = "Adjust $MAX_EDIT_SIZE in the configuration section of OneFileCMS as needed."
+too_large_to_edit_04 = "A simple trial and error test can determine a practical limit for a given browser/computer."
+
+too_large_to_view_01a = "View disabled. Filesize >"
+too_large_to_view_01b = "bytes."
+too_large_to_view_02 = "Click the file name above to view as normally rendered in a browser window."
+too_large_to_view_03 = "Adjust $MAX_VIEW_SIZE in the configuration section of OneFileCMS as needed."
+too_large_to_view_04 = "(The default value for $MAX_VIEW_SIZE is completely arbitrary, and may be adjusted as desired.)"
+
+meta_txt_01 = "Filesize:"
+meta_txt_02 = "bytes."
+meta_txt_03 = "Updated:"
+
+edit_msg_01 = "File saved:"
+edit_msg_02 = "bytes written."
+edit_msg_03 = "There was an error saving file."
+
+upload_h2     = "Upload File"
+upload_txt_01 = "per upload_max_filesize in php.ini."
+upload_txt_02 = "per post_max_size in php.ini"
+upload_txt_03 = "Note: Maximum upload file size is:"
+
+upload_err_01a = "Error 1: File too large."
+upload_err_01b = "(From php.ini)"
+upload_err_02a = "Error 2: File too large."
+upload_err_02b = "(From OneFileCMS)"
+upload_err_03  = "Error 3: The uploaded file was only partially uploaded."
+upload_err_04  = "Error 4: No file was uploaded."
+upload_err_05  = "Error 5:"
+upload_err_06  = "Error 6: Missing a temporary folder."
+upload_err_07  = "Error 7: Failed to write file to disk."
+upload_err_08  = "Error 8: A PHP extension stopped the file upload."
+
+upload_msg_01 = "No file selected for upload."
+upload_msg_02 = "Destination folder does not exist: "
+upload_msg_03 = "Upload cancelled."
+upload_msg_04 = "Uploading:"
+upload_msg_05 = "Upload successful!"
+upload_msg_06 = "Upload failed:"
+
+new_file_h2     = "New File"
+new_file_txt_01 = "File will be created in the current folder."
+new_file_txt_02 = "Some invalid characters are: "
+
+new_file_msg_01 = "New file not created:"
+new_file_msg_02 = "Name contains invalid character(s):"
+new_file_msg_03 = "New file not created - no name given"
+new_file_msg_04 = "File already exists:"
+new_file_msg_05 = "Created file:"
+new_file_msg_06 = "Error - new file not created:"
+
+CRM_txt_01  = "To move a file or folder, change the path/to/folder/or_file. The new location must already exist."
+CRM_txt_02  = "Old name:"
+CRM_txt_03  = "New name:"
+
+CRM_msg_01 = "Error - new parent location does not exist:"
+CRM_msg_02 = "Error - source file does not exist:"
+CRM_msg_03 = "Error - target filename already exists:"
+CRM_msg_04 = "to"
+CRM_msg_05a = "Error during"
+CRM_msg_05b = "from the above to the following:"
+
+delete_h2     = "Delete File"
+delete_txt_01 = "Are you sure?"
+
+delete_msg_01 = "Deleted file:"
+delete_msg_02 = "Error deleting"
+
+new_folder_h2    = "New Folder"
+new_folder_txt_1 = "Folder will be created in the current folder."
+new_folder_txt_2 = "Some invalid characters are:"
+
+new_folder_msg_01 = "New folder not created:"
+new_folder_msg_02 = "Name contains invalid character(s):"
+new_folder_msg_03 = "New folder not created - no name given."
+new_folder_msg_04 = "Folder already exists:"
+new_folder_msg_05 = "Created folder:"
+new_folder_msg_06 = "Error - new folder not created:"
+
+delete_folder_h2     = "Delete Folder"
+delete_folder_txt_01 = "Are you sure?"
+
+delete_folder_msg_01 = "Folder not empty.   Folders must be empty before they can be deleted."
+delete_folder_msg_02 = "Deleted folder:"
+delete_folder_msg_03 = "an error occurred during delete."
+
+page_title_login      = "Log In"
+page_title_hash       = "Hash Page"
+page_title_edit       = "Edit/View File"
+page_title_upload     = "Upload File"
+page_title_new_file   = "New File"
+page_title_copy       = "Copy File"
+page_title_ren        = "Rename File"
+page_title_del        = "Delete File"
+page_title_folder_new = "New Folder"
+page_title_folder_ren = "Rename/Move Folder"
+page_title_folder_del = "Delete Folder"
+
+session_warning = "Warning: Session timeout soon!"
+session_expired = "SESSION EXPIRED"
+unload_unsaved  = "               Unsaved changes will be lost!"
+confirm_reset   = "Reset file and loose unsaved changes?"
+
+OFCMS_requires  = "OneFileCMS requires PHP5. Tested on versions 5.2.8, 5.3.3 & 5.4.3."
+
+logout_msg       = "You have successfully logged out."
+folder_del_msg   = "Folder not empty.   Folders must be empty before they can be deleted."
+upload_error_01a = "Upload Error.  Total POST data (mostly filesize) exceeded post_max_size ="
+upload_error_01b = "(from php.ini)"
+edit_caution_01  = "CAUTION"
+edit_caution_02  = "You are editing the active copy of OneFileCMS - BACK IT UP & BE CAREFUL !!"
+
+time_out_txt = "Session time out in:"

From 1e100909fd527496b8d7f1f3ff6c9b66df27acc0 Mon Sep 17 00:00:00 2001
From: David <selfevidenttruths@mail.com>
Date: Fri, 20 Jul 2012 20:10:01 -0400
Subject: [PATCH 108/228] Version 3.3.03 NO SPACE between hash_msg_02 & hash!
 Messes up copy & paste (pastes an extra space) Converted a couple text
 strings that were missed to $_[language strings] Created hte() as a shortened
 htmlentities().  Because I felt like it... Edit_Page(): changed <textarea>
 name from "content" to "contents".  'Cause it bugged me. Edit_respose():
 convert "\r\n" to "\n" before save.  Make it a config option? Added:
 header('Content-type: text/html; charset=UTF-8'); Added $MAIN_WIDTH config
 variable to set page layout main width. Save edit_view width in cookie for
 persistance. (before, it was lost with each save)

---
 OneFileCMS_structure.txt |   1 +
 onefilecms.php           | 159 ++++++++++++++++++++++-----------------
 readme.markdown          |  18 ++++-
 3 files changed, 107 insertions(+), 71 deletions(-)

diff --git a/OneFileCMS_structure.txt b/OneFileCMS_structure.txt
index 7d22164..7b41938 100755
--- a/OneFileCMS_structure.txt
+++ b/OneFileCMS_structure.txt
@@ -12,6 +12,7 @@ LANGUAGE SETTINGS
 
 MISC FUNCTIONS:
 	hsc()
+	hte()
 	Load_Default_Language()
 	Session_Startup()
 	Verify_IDLE_POST_etc()
diff --git a/onefilecms.php b/onefilecms.php
index bb7892e..648aa4f 100755
--- a/onefilecms.php
+++ b/onefilecms.php
@@ -1,7 +1,7 @@
 <?php 
 // OneFileCMS - github.com/Self-Evident/OneFileCMS
 
-$version = '3.3.02';  //#####
+$version = '3.3.03';  //#####
 
 /*******************************************************************************
 Copyright © 2009-2012 https://github.com/rocktronica
@@ -34,9 +34,9 @@
 //Some basic security & error log settings
 ini_set('session.use_trans_sid', 0);    //make sure URL supplied SESSID's are not used
 ini_set('session.use_only_cookies', 1); //make sure URL supplied SESSID's are not used
-error_reporting(0); //0 for none, or (E_ALL &~ E_STRICT) if display and/or log are on.
-ini_set('display_errors', 'off'); //Ok to turn on for trouble-shooting.
-ini_set('log_errors'    , 'off');
+error_reporting(0); //0 for none, or (E_ALL &~ E_STRICT) to display and/or log errors.
+ini_set('display_errors', 'off'); //Only turn on for trouble-shooting.
+ini_set('log_errors'    , 'off'); //Only turn on for trouble-shooting.
 ini_set('error_log'     , $_SERVER['SCRIPT_FILENAME'].'.log');
 //Determine good folder for session file? Default is tmp/, which is not secure, but it may not be a serious concern. 
 //session_save_path($safepath)  or  ini_set('session.save_path', $safepath)
@@ -54,12 +54,13 @@
 $HASHWORD = 'c3e70af96ab1bfc5669280e98b438e1a8c08ca5e0bb3354c05ceaa6f339fd3f6'; //hash for "password"
 $SALT     = 'somerandomsalt';
 
-$LANGUAGE = "x OneFileCMS.LANG.EN.ini"; //Filename of language settings. Leave blank for built-in default.
+$LANGUAGE = "OneFileCMS.LANG.EN.ini"; //Filename of language settings. Leave blank for built-in default.
 
 $MAX_ATTEMPTS  = 3;   //Max failed login attempts before LOGIN_DELAY starts.
 $LOGIN_DELAY   = 10;  //In seconds.
 $MAX_IDLE_TIME = 600; //In seconds. 600 = 10 minutes.  Other PHP settings may limit its max effective value.
 					  //  For instance, 24 minutes is the PHP default for garbage collection.
+
 $MAX_IMG_W   = 810;  // Max width to display images. (page container = 810)
 $MAX_IMG_H   = 1000; // Max height.  I don't know, it just looks reasonable.
 
@@ -80,8 +81,9 @@
 $config_ftypes = "bin,jpg,gif,png,bmp,ico,svg,txt,cvs,css,php,ini,cfg,conf,asp,js ,htm,html"; // _ftype & _fclass must have same
 $config_fclass = "bin,img,img,img,img,img,svg,txt,txt,css,php,txt,cfg,cfg ,txt,txt,htm,htm";  // number of values. bin is default.
 
+$MAIN_WIDTH    = '810px'; //Width of main <div> defining page layout.
+$WIDE_VIEW_WIDTH = '97%'; //Width to set Edit page if [Wide View] is clicked
 $EX = '<b>( ! )</b> '; //EXclaimation point "icon" Used in $message's
-$WIDE_VIEW_WIDTH = '97%';
 
 $SESSION_NAME = 'OFCMS'; //Also the cookie name. Change if using multiple copies of OneFileCMS.
 
@@ -158,7 +160,8 @@
 
 
 
-function hsc($input) { return htmlspecialchars($input); }// end hsc() **********
+function hsc($input) { return htmlspecialchars($input, ENT_QUOTES, 'UTF-8'); }// end hsc() **********
+function hte($input) { return htmlentities($input); }//end hte()****************
 
 
 
@@ -421,7 +424,7 @@ function Session_Startup() {//**************************************************
 	$_SESSION['nuonce'] = sha1(mt_rand().microtime()); //provided in <forms> to verify POST
 
 	chdir($_SERVER["DOCUMENT_ROOT"]); //Allow OneFileCMS.php to be started from any dir on the site.
-}//End Session_Startup() *******************************************************
+}//end Session_Startup() *******************************************************
 
 
 
@@ -495,7 +498,7 @@ function Get_GET() { //*** Get main parameters *********************************
 	if (isset($_GET["f"])) {
 		$filename = $ipath.$_GET["f"];
 		if ( !is_file($filename) && $_SESSION['valid'] )//Set $message except for login page.
-			{ $message .= $EX.'<b>'.hsc($_['get_get_msg_01']).'</b> '.htmlentities($filename).'<br>'; }
+			{ $message .= $EX.'<b>'.hsc($_['get_get_msg_01']).'</b> '.hte($filename).'<br>'; }
 		if ( !is_file($filename) ) { $filename = ""; $page = "index"; }
 	}else{ $filename = ""; }
 
@@ -542,7 +545,7 @@ function Check_path($path) { // returns first valid path in some/supplied/path/
 	if (strlen($path) < 1) { return ""; } //If at site root
 	else {
 		if (!is_dir($path) && (strlen($message) < 1))
-			{ $message .= $EX.'<b>'.hsc($_['check_path_msg_01']).'</b>'.htmlentities($invalidpath).'<br>'; }
+			{ $message .= $EX.'<b>'.hsc($_['check_path_msg_01']).'</b>'.hte($invalidpath).'<br>'; }
 
 		while ( (strlen($path) > 0) && (!is_dir($path)) ) {
 			$path = dirname($path);
@@ -585,7 +588,7 @@ function ordinalize($destination,$filename, &$msg) { //*************************
 			$ordinal = sprintf("%03d", ++$ordinal); //  001, 002, 003, etc...
 			$savefile = $destination.$filename.'.'.$ordinal;
 		}
-		$msg .= hsc($_['ord_msg_02']).'"<b>'.htmlentities(basename($savefile)).'</b>"';
+		$msg .= hsc($_['ord_msg_02']).'"<b>'.hte(basename($savefile)).'</b>"';
 	}
 	return $savefile;
 }//end ordinalize() filename ***************************************************
@@ -601,7 +604,7 @@ function Current_Path_Header(){ //**********************************************
 
 	echo '<h2>';
 		//Root folder of web site.
-		echo '<a id="path_0" href="'.$ONESCRIPT.'" class="path"> '.htmlentities(trim($WEB_ROOT, '/')).'</a>/';
+		echo '<a id="path_0" href="'.$ONESCRIPT.'" class="path"> '.hte(trim($WEB_ROOT, '/')).'</a>/';
 		$x=0; //need here for focus() in case at webroot.
 
 		if ($ipath != "" ) { //if not at root, show the rest
@@ -612,7 +615,7 @@ function Current_Path_Header(){ //**********************************************
 			for ($x=0; $x < $levels; $x++) {
 				$current_path .= $path_levels[$x].'/';
 				echo '<a id="path_'.($x+1).'" href="'.$ONESCRIPT.'?i='.URLencode_path($current_path).'" class="path">';
-				echo htmlentities($path_levels[$x]).'</a>/';
+				echo hte($path_levels[$x]).'</a>/';
 			}
 		}//end if (not at root)
 	echo '</h2>';
@@ -966,7 +969,7 @@ function Hash_response() { //***************************************************
 	global $_, $message;
 	$_POST['whattohash'] = trim($_POST['whattohash']); // trim leading & trailing spaces.
 	$message .= hsc($_['hash_msg_01']).' '.hsc($_POST['whattohash']).'<br>';
-	$message .= hsc($_['hash_msg_02']).' '.hashit($_POST["whattohash"]);
+	$message .= hsc($_['hash_msg_02']).hashit($_POST["whattohash"]); //NO SPACE between msg_02 & hash!
 } //end Hash_response() ********************************************************
 
 
@@ -1076,7 +1079,7 @@ function List_Files() { // ...in a vertical table ******************************
 			<tr>
 				<td class="file_name">
 					<?php echo '<a href="'.$ONESCRIPT.$param1.'&amp;f='.rawurlencode($file).'&amp;p=edit" >'; ?>
-					<?php echo show_icon($type).htmlentities($file), '</a>'; ?>
+					<?php echo show_icon($type).hte($file), '</a>'; ?>
 				</td>
 				<td class="meta_T file_size">&nbsp;
 					<?php echo number_format(filesize($ipath.$file)); ?> B
@@ -1104,7 +1107,7 @@ function Index_Page(){ //*******************************************************
 		foreach ($folders as $folder) {
 			echo '<a href="'.$ONESCRIPT.'?i='.URLencode_path($folder).'/">'.PHP_EOL;
 			echo svg_icon_folder();
-			echo htmlentities(basename($folder)).' /</a>';
+			echo hte(basename($folder)).' /</a>';
 		}
 	echo '</p>';
 
@@ -1157,7 +1160,7 @@ function Edit_Page_buttons($text_editable, $too_large_to_edit) { //*************
 	<?php if ($text_editable && !$too_large_to_edit) { //Show save & reset only if editable file ?> 
 		<?php echo Timeout_Timer($MAX_IDLE_TIME, 'timer1','timer', 'LOGOUT'); ?>
 		<input type="submit" class="button" value="Save"                  onclick="submitted = true;" id="save_file">
-		<input type="button" class="button" value="Reset - loose changes" onclick="Reset_File()"      id="reset">
+		<input type="button" class="button" value="<?php echo $_['reset']?>" onclick="Reset_File()"      id="reset">
 		<script>
 			//Set disabled here instead of via input attribute in case js is disabled.
 			//If js is disabled, user would be unable to save changes.
@@ -1195,7 +1198,7 @@ function Edit_Page_form($ext, $text_editable, $too_large_to_edit, $too_large_to_
 				if (PHP_VERSION_ID  < 50400) {  // 5.4.0
 					$filecontents = hsc(file_get_contents($filename));
 				}else{
-					$filecontents = hsc(file_get_contents($filename),ENT_SUBSTITUTE);
+					$filecontents = htmlspecialchars(file_get_contents($filename),ENT_SUBSTITUTE | ENT_QUOTES, 'UTF-8');
 				}
 				$bad_chars = ($filecontents == "" && filesize($filename) > 0);
 
@@ -1205,7 +1208,7 @@ function Edit_Page_form($ext, $text_editable, $too_large_to_edit, $too_large_to_
 					echo hsc($_['edit_txt_04']).'<br></pre>';
 				}else{
 					echo '<input type="hidden" name="filename" id="filename" value="'.hsc($filename).'">';
-					echo '<textarea id="file_contents" name="content" cols="70" rows="25"
+					echo '<textarea id="file_contents" name="contents" cols="70" rows="25"
 						onkeyup="Check_for_changes(event);">'.$filecontents.'</textarea>'.PHP_EOL;
 				}
 			} //end if non-text file...
@@ -1270,7 +1273,7 @@ function Edit_Page() { //*******************************************************
 hsc($_['too_large_to_view_02']).'<br>'.hsc($_['too_large_to_view_03']).'<br>'.hsc($_['too_large_to_view_04']);
 
 	echo '<h2 id="edit_header">'.$header2.' ';
-	echo '<a class="filename" href="/'.URLencode_path($filename).'" target="_blank">'.htmlentities(basename($filename)).'</a>';
+	echo '<a class="filename" href="/'.URLencode_path($filename).'" target="_blank">'.hte(basename($filename)).'</a>';
 	echo '</h2>'.PHP_EOL;
 
 	Edit_Page_buttons_top($text_editable);
@@ -1288,7 +1291,7 @@ function Edit_Page() { //*******************************************************
 		$filecontents = hsc(file_get_contents($filename), ENT_COMPAT,'UTF-8');
 		echo '<pre class="edit_disabled view_file">'.$filecontents.'</pre>';
 	}
-}//End Edit_Page ***************************************************************
+}//end Edit_Page ***************************************************************
 
 
 
@@ -1296,9 +1299,11 @@ function Edit_Page() { //*******************************************************
 function Edit_response(){ //***If on Edit page, and [Save] clicked *************
 	global $_, $EX, $message, $filename;
 	$filename = $_POST["filename"];
-	$content  = $_POST["content"];
+	$contents = $_POST["contents"];
+
+	$contents = str_replace("\r\n", "\n", $contents); //Convert EOL to only newline char.
 
-	$bytes = file_put_contents($filename, $content);
+	$bytes = file_put_contents($filename, $contents);
 
 	if ($bytes !== false) {
 		$message .= '<b>'.hsc($_['edit_msg_01']).' '.$bytes.' '.hsc($_['edit_msg_02']).'</b><br>';
@@ -1369,9 +1374,9 @@ function Upload_response() { //*************************************************
 		$message .= $EX.'<b>'.hsc($_['upload_msg_01']).'</b>';
 	}elseif (($destination != "") && !is_dir($destination)) {
 		$message .= $EX.hsc($_['upload_msg_02']).'<br><b>';
-		$message .= htmlentities($WEB_ROOT.$destination).'</b><br>'.hsc($_['upload_msg_03']).'</b>';
+		$message .= hte($WEB_ROOT.$destination).'</b><br>'.hsc($_['upload_msg_03']).'</b>';
 	}else{
-		$message .= hsc($_['upload_msg_04']).' "<b>'.htmlentities($filename).'</b>"...';
+		$message .= hsc($_['upload_msg_04']).' "<b>'.hte($filename).'</b>"...';
 		$savefile = ordinalize($destination, $filename, $savefile_msg);
 		if(move_uploaded_file($_FILES['upload_file']['tmp_name'], $savefile)) {
 			$message .= '<br>'.hsc($_['upload_msg_05']).' '.$savefile_msg;
@@ -1390,7 +1395,7 @@ function New_File_Page() { //***************************************************
 	<h2><?php echo hsc($_['new_file_h2']) ?></h2>
 	<?php echo $FORM_COMMON ?>
 		<p><?php echo hsc($_['new_file_txt_01']).' '.hsc($_['new_file_txt_02']) ?>
-		<span class="mono"><?php echo htmlentities($INVALID_CHARS) ?></span></p>
+		<span class="mono"><?php echo hte($INVALID_CHARS) ?></span></p>
 		<input type="text" name="new_file" id="new_file" value="">
 		<?php Cancel_Submit_Buttons(hsc($_['Create']),"new_file"); ?>
 	</form>
@@ -1413,23 +1418,23 @@ function New_File_response() { //***********************************************
 	}
 
 	if ($invalid){
-		$message .= $EX.'<b>'.hsc($_['new_file_msg_01']).'</b> '.htmlentities($new_name).'<br>'.
+		$message .= $EX.'<b>'.hsc($_['new_file_msg_01']).'</b> '.hte($new_name).'<br>'.
 			'<b> &nbsp; &nbsp; &nbsp; '.hsc($_['new_file_msg_02']).' '.
-			'<span class="mono">'.htmlentities($INVALID_CHARS).'</span></b>';
+			'<span class="mono">'.hte($INVALID_CHARS).'</span></b>';
 	}elseif ($new_name == ""){ 
 		$message .= $EX.'<b>'.hsc($_['new_file_msg_03']).'</b>';
 	}elseif (file_exists($filename)) {
 		$message .= $EX.'<b>'.hsc($_['new_file_msg_04']).' ';
-		$message .= htmlentities($new_name).'</b>';
+		$message .= hte($new_name).'</b>';
 	}elseif ($handle = fopen($filename, 'w')) {
 		fclose($handle);
-		$message .= '<b>'.hsc($_['new_file_msg_05']).'</b> '.htmlentities($new_name);
+		$message .= '<b>'.hsc($_['new_file_msg_05']).'</b> '.hte($new_name);
 		$page     = "edit";
 		$param2   = '&amp;f='.rawurlencode(basename($filename));// for Edit_Page() buttons
 		$param3   = '&amp;p=edit';                              // for Edit_Page() buttons 
 	}else{
 		$message .= $EX.'<b>'.hsc($_['new_file_msg_06']);
-		$message .= htmlentities($new_name).'</b>';
+		$message .= hte($new_name).'</b>';
 	}
 }//end New_File_response() *****************************************************
 
@@ -1450,12 +1455,12 @@ function Copy_Ren_Move_Page($action, $title, $name_id, $isfile) { //************
 	<?php echo $FORM_COMMON ?>
 
 		<label><?php echo hsc($_['CRM_txt_02']) ?></label>
-		<span class="web_root"><?php echo htmlentities($WEB_ROOT); ?></span><input type="text" 
+		<span class="web_root"><?php echo hte($WEB_ROOT); ?></span><input type="text" 
 			name="old_name" value="<?php echo hsc($old_name); ?>" readonly="readonly">
 
 
 		<label><?php echo hsc($_['CRM_txt_03']) ?></label>
-		<span class="web_root"><?php echo htmlentities($WEB_ROOT); ?></span><input type="text" 
+		<span class="web_root"><?php echo hte($WEB_ROOT); ?></span><input type="text" 
 			name="<?php echo $name_id ?>" id="<?php echo $name_id ?>" 
 			value="<?php echo hsc($new_name); ?>">
 		<?php Cancel_Submit_Buttons($action, $name_id); ?>
@@ -1480,17 +1485,17 @@ function Copy_Ren_Move_response($old_name, $new_name, $action, $msg1, $msg2, $is
 	
 	if ( !is_dir($new_location) ){
 		$message .= $EX.'<b>'.$msg1.' '.hsc($_['CRM_msg_01']).'</b><br>';
-		$message .= htmlentities($WEB_ROOT.$new_location).'/<br>';
+		$message .= hte($WEB_ROOT.$new_location).'/<br>';
 	}elseif ( !file_exists($filename) ){
 		$message .= $EX.'<b>'.$msg1.' '.hsc($_['CRM_msg_02']).'</b><br>';
-		$message .= htmlentities($filename);
+		$message .= hte($filename);
 	}elseif (file_exists($new_name)) {
 		$message .= $EX.'<b>'.$msg1.' '.hsc($_['CRM_msg_03']).'<br>';
-		$message .= htmlentities($WEB_ROOT.$new_name).'</b>';
+		$message .= hte($WEB_ROOT.$new_name).'</b>';
 	}elseif ($action($old_name, $new_name)) {
-		$message .= '<b>'.htmlentities($WEB_ROOT.$old_name).'</b><br>';
+		$message .= '<b>'.hte($WEB_ROOT.$old_name).'</b><br>';
 		$message .= ' --- '.$msg2.' '.hsc($_['CRM_msg_04']).' ---<br>';
-		$message .= '<b>'.htmlentities($WEB_ROOT.$new_name).'</b><br>';
+		$message .= '<b>'.hte($WEB_ROOT.$new_name).'</b><br>';
 		$filename = $new_name; //so edit page knows what to edit
 		if ($isfile) { $ipath = Check_path(dirname($filename)); } //if changed,
 		else         { $ipath = Check_path($filename); }          //return to new dir.
@@ -1498,9 +1503,9 @@ function Copy_Ren_Move_response($old_name, $new_name, $action, $msg1, $msg2, $is
 		$param2   = '&amp;f='.rawurlencode(basename($filename));
 		$param3   = '&amp;p=edit';
 	}else{
-		$message .= '<b>'.htmlentities($WEB_ROOT.$old_name).'</b><br>';
+		$message .= '<b>'.hte($WEB_ROOT.$old_name).'</b><br>';
 		$message .= $EX.'<b>'.hsc($_['CRM_msg_05a']).' '.$msg1.' '.hsc($_['CRM_msg_05b']).'</b><br>';
-		$message .= '<b>'.htmlentities($WEB_ROOT.$new_name).'</b>';
+		$message .= '<b>'.hte($WEB_ROOT.$new_name).'</b>';
 	}
 }//end Copy_Ren_Move_response() ************************************************
 
@@ -1513,7 +1518,7 @@ function Delete_File_Page() { //************************************************
 	<h2><?php echo hsc($_['delete_h2']) ?></h2>
 	<?php echo $FORM_COMMON ?>
 		<input type="hidden" name="delete_file" value="<?php echo hsc($filename); ?>" >
-		<p class="verify"><?php echo htmlentities(basename($filename)); ?></p>
+		<p class="verify"><?php echo hte(basename($filename)); ?></p>
 		<p><b><?php echo hsc($_['delete_txt_01']) ?></b></p>
 		<?php Cancel_Submit_Buttons(hsc($_['DELETE']), "cancel"); ?>
 	</form>
@@ -1530,9 +1535,9 @@ function Delete_File_response(){ //*********************************************
 	$filename = $_POST["delete_file"];
 
 	if (unlink($filename)) {
-		$message .= '<b>'.hsc($_['delete_msg_01']).' '.htmlentities(basename($filename)).'</b><br>';
+		$message .= '<b>'.hsc($_['delete_msg_01']).' '.hte(basename($filename)).'</b><br>';
 	}else{
-		$message .= $EX.'<b>'.hsc($_['delete_msg_02']).' "'.htmlentities($filename).'"</b>.<br>';
+		$message .= $EX.'<b>'.hsc($_['delete_msg_02']).' "'.hte($filename).'"</b>.<br>';
 		$page = "edit";
 	}
 }//end Delete_File_response() **************************************************
@@ -1546,7 +1551,7 @@ function New_Folder_Page() { //*************************************************
 	<h2><?php echo hsc($_['new_folder_h2']) ?></h2>
 	<?php echo $FORM_COMMON ?>
 		<p><?php echo hsc($_['new_folder_txt_1']) ?>
-		<?php echo hsc($_['new_folder_txt_2']) ?> <span class="mono"><?php echo htmlentities($INVALID_CHARS) ?></span></p>
+		<?php echo hsc($_['new_folder_txt_2']) ?> <span class="mono"><?php echo hte($INVALID_CHARS) ?></span></p>
 		<input type="text" name="new_folder" id="new_folder" value="">
 		<?php Cancel_Submit_Buttons(hsc($_['Create']),"new_folder"); ?>
 	</form>
@@ -1570,21 +1575,21 @@ function New_Folder_response(){ //**********************************************
 	$new_ipath = $ipath.$new_name.'/';
 
 	if ($invalid){
-		$message .= $EX.'<b>'.hsc($_['new_folder_msg_01']).'</b> '.htmlentities($new_name).'<br>'.
+		$message .= $EX.'<b>'.hsc($_['new_folder_msg_01']).'</b> '.hte($new_name).'<br>'.
 			'<b>'.hsc($_['new_folder_msg_02']).
-			' <span class="mono">'.htmlentities($INVALID_CHARS).'</span></b>';
+			' <span class="mono">'.hte($INVALID_CHARS).'</span></b>';
 	}elseif ($new_name == ""){ 
 		$message .= $EX.'<b>'.hsc($_['new_folder_msg_03']).'</b>';
 	}elseif (is_dir($new_ipath)) {
 		$message .= $EX.'<b>'.hsc($_['new_folder_msg_04']).' ';
-		$message .= htmlentities($new_ipath).'</b>';
+		$message .= hte($new_ipath).'</b>';
 	}elseif (mkdir($new_ipath)) {
-		$message .= '<b>'.hsc($_['new_folder_msg_05']).'</b> '.htmlentities($new_name);
+		$message .= '<b>'.hsc($_['new_folder_msg_05']).'</b> '.hte($new_name);
 		$ipath    = $new_ipath;  //return to new folder
 		$param1   = '?i='.URLencode_path($ipath);
 	}else{
 		$message .= $EX.'<b>'.hsc($_['new_folder_msg_06']).' </b><br>';
-		$message .= htmlentities($new_name);
+		$message .= hte($new_name);
 	}
 }//end New_Folder_response *****************************************************
 
@@ -1598,8 +1603,8 @@ function Delete_Folder_Page(){ //***********************************************
 	<?php echo $FORM_COMMON ?>
 		<input type="hidden" name="delete_folder" value="<?php echo hsc($ipath); ?>" >
 		<p>
-		<span class="web_root"><?php echo htmlentities($WEB_ROOT.Check_path(dirname($ipath))); ?></span>
-		<span class="verify"><?php echo htmlentities(basename($ipath)); ?></span> /
+		<span class="web_root"><?php echo hte($WEB_ROOT.Check_path(dirname($ipath))); ?></span>
+		<span class="verify"><?php echo hte(basename($ipath)); ?></span> /
 		</p>
 		<p><b><?php echo hsc($_['delete_folder_txt_01']) ?></b></p>
 		<?php Cancel_Submit_Buttons(hsc($_['DELETE']), "cancel"); ?>
@@ -1619,11 +1624,11 @@ function Delete_Folder_response() { //******************************************
 		$message .= $EX.'<b>'.hsc($_['delete_folder_msg_01']).'</b>';
 		$page = "index";
 	}elseif (@rmdir($foldername)) {
-		$message .= '<b>'.hsc($_['delete_folder_msg_02']).'</b> '.htmlentities(basename($foldername));
+		$message .= '<b>'.hsc($_['delete_folder_msg_02']).'</b> '.hte(basename($foldername));
 		$ipath  = Check_path($foldername); //Return to parent dir.
 		$param1 = '?i='.URLencode_path($ipath);
 	}else {
-		$message .= $EX.'<b>"'.htmlentities($foldername).'/"</b> '.hsc($_['delete_folder_msg_03']);
+		$message .= $EX.'<b>"'.hte($foldername).'/"</b> '.hsc($_['delete_folder_msg_03']);
 	}
 }//end Delete_Folder_response() ************************************************
 
@@ -1779,24 +1784,41 @@ function FileTimeStamp(php_filemtime, show_date, show_offset){
 
 
 function Edit_Page_scripts() { //***********************************************
-	global $_, $WIDE_VIEW_WIDTH;
+	global $_, $MAIN_WIDTH, $WIDE_VIEW_WIDTH;
+	
+	//Determine edit_view width
+	$current_view = $MAIN_WIDTH;
+	if ( isset($_COOKIE['edit_view']) && 
+	   ( $_COOKIE['edit_view'] == $MAIN_WIDTH || $_COOKIE['edit_view'] == $WIDE_VIEW_WIDTH)) {
+
+		$current_view = $_COOKIE['edit_view'];
+	}
+	
 ?>
 	<!--======== Provide feedback re: unsaved changes ========-->
 	<script>
 	// a few var's for Wide_View()
 	var Main_div		 = document.getElementById('main');
 	var Wide_View_button = document.getElementById('wide_view');
-	var main_width_default = Main_div.style.width ;
+	var main_width_default = '<?php echo $MAIN_WIDTH ?>';
+
+	Main_div.style.width = "<?php echo $current_view ?>"; //get current width
+
+	if ( Main_div.style.width == '<?php echo $WIDE_VIEW_WIDTH ?>' ) {
+		Wide_View_button.value = '<?php echo addslashes($_['Normal_View']) ?>';
+	}
 
 	function Wide_View() {
 		if ( File_textarea != null ) { File_textarea.style.width = '99.8%'; }
 		
 		if (Main_div.style.width == '<?php echo $WIDE_VIEW_WIDTH ?>') {
 			Main_div.style.width = main_width_default;
-			Wide_View_button.value = "<?php echo addslashes($_['Wide_View'])?>"; //'<?php echo $_['Wide_View'] ?>';
+			Wide_View_button.value = "<?php echo addslashes($_['Wide_View'])?>";
+			document.cookie = 'edit_view=' + main_width_default;
 		}else{
 			Main_div.style.width = '<?php echo $WIDE_VIEW_WIDTH ?>';
 			Wide_View_button.value = '<?php echo addslashes($_['Normal_View']) ?>';
+			document.cookie = 'edit_view=<?php echo $WIDE_VIEW_WIDTH ?>';
 		}
 	}
 
@@ -1828,7 +1850,7 @@ function Reset_file_status_indicators() {
 		Save_File_button.style.borderColor = "";
 		Save_File_button.style.borderWidth = "1px";
 		Save_File_button.disabled = "disabled";
-		Save_File_button.value = "Save";
+		Save_File_button.value = "<?php echo addslashes($_['save_1'])?>";
 		Reset_button.disabled = "disabled";
 	}
 
@@ -1877,7 +1899,7 @@ function Check_for_changes(event){
 			Save_File_button.style.borderWidth = "1px";
 			Save_File_button.disabled = "";
 			Reset_button.disabled = "";
-			Save_File_button.value = "SAVE CHANGES!";
+			Save_File_button.value = "<?php echo addslashes($_['save_2'])?>";
 		}else{
 			Reset_file_status_indicators()
 		}
@@ -1900,12 +1922,14 @@ function Reset_File() {
 	Reset_file_status_indicators();
 	</script>
 <?php 
-}//End Edit_Page_scripts() *****************************************************
+}//end Edit_Page_scripts() *****************************************************
 
 
 
 
-function style_sheet(){ //****************************************************?>
+function style_sheet(){ //******************************************************
+global $MAIN_WIDTH;
+?>
 <style>
 /* --- reset --- */
 * { border : 0; outline: 0; margin: 0; padding: 0;
@@ -1952,7 +1976,7 @@ function style_sheet(){ //****************************************************?>
 
 .container {
 	border : 0px solid #807568;
-	width  : 810px;
+	width  : <?php echo $MAIN_WIDTH ?>;
 	margin : 0 auto 2em auto;
 	}
 
@@ -2243,13 +2267,13 @@ function style_sheet(){ //****************************************************?>
 
 .edit_onefile {padding: 5px; float: right;}
 
-.timer {border: 1px solid gray; padding: 3px .5em 4px .5em;}
+.timer { border: 1px solid gray; padding: 3px .5em 4px .5em; }
 
 .timeout {float:right; font-size: .95em; color: #333; }
 
 .edit_btns_top    { margin: .2em 0 .5em 0;}
 
-.edit_btns_bottom { float: right; margin-bottom: .65em;}
+.edit_btns_bottom { float: right; margin-bottom: .65em; }
 .edit_btns_bottom .button { margin-left: .5em; }
 </style>
 <?php 
@@ -2342,16 +2366,17 @@ function style_sheet(){ //****************************************************?>
 
 //******************************************************************************
 //******************************************************************************
+header('Content-type: text/html; charset=UTF-8');
+
 ?><!DOCTYPE html>
 
 <html>
 <head>
-
-<title><?php echo $config_title.' - '.Page_Title() ?></title>
-
 <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
 <meta name="robots" content="noindex">
 
+<title><?php echo $config_title.' - '.Page_Title() ?></title>
+
 <?php style_sheet(); ?>
 
 <?php Timer_scripts() ?>
@@ -2371,7 +2396,7 @@ function style_sheet(){ //****************************************************?>
 
 	<div class="nav">
 		<a href="/" target="_blank"><?php show_favicon() ?>&nbsp;
-		<b><?php echo htmlentities($WEBSITE) ?></b></a>
+		<b><?php echo hte($WEBSITE) ?></b></a>
 		<?php if ($page != "login") { ?>
 		| <a href="<?php echo $ONESCRIPT ?>?p=logout"><?php echo hsc($_['Log_Out']) ?></a>
 		<?php } ?>
diff --git a/readme.markdown b/readme.markdown
index 2259e39..fb4bc68 100755
--- a/readme.markdown
+++ b/readme.markdown
@@ -1,8 +1,13 @@
 # Current stable version: 3.3.02
 
-### July 17, 2012
+### July 20, 2012
+
+Just a couple minor improvments:  
+- "Wide View" option on Edit page now persists across saves
+- Hopefully improved handling of language files.  Kinda' like "online security", "multi-language support" is a nebulous and a bit finicky.
+  
+- And, thanks again to [codeless](http://github.com/codeless) for the German language file!
 
-Thanks to github.com/codeless for a German language file!
 
 
 --------------------------------------------------------------------------------
@@ -74,7 +79,7 @@ Well, because "OneFileFileManagerTextEditor" just doesn't have the same ring to
 
 ### Multi-Language Support?
 
-Yes!  (But only English is included so far...)
+Yes!  (But only English and German is available so far...)
 
 ### Can I have more than one username/password?
 
@@ -141,9 +146,14 @@ GENERATE/OUTPUT THE PAGE
 
 ## Change Log
 
+### 3.3.03
+
+- "Wide View" option on Edit page now persists across saves.
+- Improved handling of language files.  However, kinda' like "online security", "multi-language support" is nebulous and a bit finicky.
+
 ### 3.3.02
 
-- Added German language file courtesy of github.com/codeless.
+- Added German language file courtesy of [codeless](http://github.com/codeless).
 
 ### 3.3.01
 

From 5d6526f9dcb7ab2cf6426bedcd26fe41ed142588 Mon Sep 17 00:00:00 2001
From: Fernando Mumbach <fermuch@gmail.com>
Date: Sat, 21 Jul 2012 06:12:33 -0300
Subject: [PATCH 109/228] Translated to Spanish!

---
 OneFileCMS.LANG.ES.ini | 223 +++++++++++++++++++++++++++++++++++++++++
 readme.markdown        |   2 +-
 2 files changed, 224 insertions(+), 1 deletion(-)
 create mode 100755 OneFileCMS.LANG.ES.ini

diff --git a/OneFileCMS.LANG.ES.ini b/OneFileCMS.LANG.ES.ini
new file mode 100755
index 0000000..2b223b7
--- /dev/null
+++ b/OneFileCMS.LANG.ES.ini
@@ -0,0 +1,223 @@
+;///////////////////////////////////////////////////////////////////////////////
+;// OneFileCMS Language Settings v3.3.02
+
+LANGUAGE = "Spanish"
+
+;// These are the default values included directly in onefilecms.php.
+;//
+;// If no translation or value is desired for a particular setting, do not delete
+;// the actual setting variable, just set it to an empty string.
+;// For example:  some_unused_setting = ""
+;//
+;// Remember to slash-escape double quotes that may be within a value:  \" 
+;// And, for any values used directly in Default_Language() in onefilecms.php,
+;// single quotes must also be escaped:   \'
+
+Upload_File = "Subir Archivo"
+New_File    = "Archivo Nuevo"
+Ren_Move    = "Renombrar/Mover"
+Ren_Moved   = "Renombrado/Movido"
+New_Folder  = "Carpeta Nueva"
+Ren_Folder  = "Renombrar/Mover Carpeta"
+Del_Folder  = "Borrar Carpeta"
+
+Admin  = "Administrador"
+Enter  = "Entrar"
+Edit   = "Editar"
+Close  = "Cerrar"
+Cancel = "Cancelar"
+Upload = "Subir"
+Create = "Crear"
+Copy   = "Copiar"
+Copied = "Copiado"
+Rename = "Renombrar"
+Delete = "Eliminar"
+DELETE = "ELIMINAR"
+File   = "Archivo"
+Folder = "Carpeta"
+
+Log_In  = "Iniciar Sesión"
+Log_Out = "Cerrar Sesión"
+Hash    = "Cadena"
+Generate_Hash = "Generar Cadena"
+
+save_1      = "Guardar"
+save_2      = "¡GUARDAR CAMBIOS!"
+reset       = "Reiniciar - perder los cambios"
+Wide_View   = "Vista Ampliada"
+Normal_View = "Vista Normal"
+
+on_      = "activado"
+
+verify_msg_01 = "Sesión expirada."
+verify_msg_02 = "POST INVÁLIDO"
+
+get_get_msg_01 = "El archivo no existe:"
+
+check_path_msg_01 = "El directorio no existe: "
+
+ord_msg_01 = "Un archivo con ese mismo nombre ya existe en el directorio asignado."
+ord_msg_02 = "Guardando como"
+
+show_img_msg_01 = "Imagen mostrada a ~"
+show_img_msg_02 = "% del tamaño (W x H ="
+
+hash_h2     = "Generar una Cadena de Contraseña"
+hash_txt_01 = "Existen dos formas de cambiar tu contraseña:"
+hash_txt_02 = "1) Cambiando la variable $PASSWORD y asignando $USE_HASH = 0 (cero)."
+hash_txt_03 = "2) O, usando $HASHWORD para almacenar tu contraseña, y luego asignar $USE_HASH = 1."
+hash_txt_04 = "Tenga en cuenta que, debido a una serie de consideraciones muy variadas, esto es en gran parte un ejercicio académico. Es decir, tomar la idea de que esta es una gran mejora a la seguridad con un granito de sal de criptografía. Sin embargo, sí elimina el almacenamiento de la contraseña en texto plano, lo cual es algo bueno."
+hash_txt_05 = "Igualmente, para usar la opción de contraseña $HASHWORD:"
+hash_txt_06 = "Ingresá la contraseña que quieras en la caja de texto siguiente y presioná enter."
+hash_txt_07 = "La cadena se mostrará en un mensaje amarillo."
+hash_txt_08 = "Copiá y pegá esa cadena a la variable $HASHWORD en la sección de configuración."
+hash_txt_09 = "Asegurate de copiar TODO y SÓLO la cadena (sin dejar espacios en blanco o demás)."
+hash_txt_10 = "Haciendo doble click debería seleccionarlo..."
+hash_txt_11 = "Asegurate de que $USE_HASH sea 1 (o true)."
+hash_txt_12 = "Cuando estés listo, deslogueate y volvé a loguearte."
+hash_txt_13 = "Podés usar OneFileCMS para editarlo. Sin embargo, asegurate de hacer un backup..."
+hash_txt_14 = "Para otro tip de seguridad, cambiá la llave de seguridad y/o el método usado por OneFileCMS para almacenar la clave (y mantenelo en secreto, obviamente).  Acordate, cada granito ayuda..."
+
+hash_msg_01 = "Contraseña: "
+hash_msg_02 = "Cadena    : "
+
+login_h2     = "Iniciar sesión"
+login_txt_01 = "Usuario:"
+login_txt_02 = "Contraseña:"
+
+login_msg_01a = "Hubo "
+login_msg_01b = "intentos fallidos."
+login_msg_02a = "Por favor espere "
+login_msg_02b = "segundos para volver a intentar."
+login_msg_03  = "INTENTO DE INICIO INVÁLIDO NÚMERO #"
+
+edit_note_00  = "NOTAS:"
+edit_note_01a = "Recuérdalo- tu"
+edit_note_01b = "es"
+edit_note_02  = "Entonces guardá antes que se acabe el tiempo, ¡o vas a perer los cambios!"
+edit_note_03  = "Con algunos navegadores, como Chrome, si clickeás el botón del navegador [Volver] y después [Continuar], puede que el estado del archivo no sea exacto. Para corregirlo, clickeá en el botón [Recargar]."
+edit_note_04  = "Chrome puede deshabilitar algunos textos si contienen javascript dentro en ciertos contextos.  Esto puede provocar problemas con el editor de OneFileCMS. Sin embargo, estos archivos pueden ser editados y guardados con OneFileCMS.  La función primaria que es perdida es el cambio de los colores del fondo (rojo/verde) indicando cuando o no el archivo tiene cambios no guardados.  El error se notificará después de la primera vez que se guarde ese archivo."
+
+edit_h2_1   = "Viendo:"
+edit_h2_2   = "Editando:"
+edit_txt_01 = "No texto o tipo de archivo desconocido. Edición deshabilitada."
+edit_txt_02 = "El archivo posiblemente contiene un caracter desconocido. Edición deshabilitada."
+edit_txt_03 = "htmlspecialchars() devolvió una cadena vacía de lo que debería ser un archivo válido."
+edit_txt_04 = "Este comportamiento puede ser inconsistente de versión a versión de PHP."
+
+too_large_to_edit_01a = "Edición deshabilita. Tamaño >"
+too_large_to_edit_01b = "bytes."
+too_large_to_edit_02 = "Algunos navegadores (por ej.: IE) se vuelven inestables cuando se edita un texto largo dentro de un <textarea>."
+too_large_to_edit_03 = "Ajustá la variable $MAX_EDIT_SIZE en la sección de configuración de OneFileCMS como sea necesario."
+too_large_to_edit_04 = "Una simple prueba puede dar con el resultado necesario."
+
+too_large_to_view_01a = "Vista deshabilitada. Tamaño >"
+too_large_to_view_01b = "bytes."
+too_large_to_view_02 = "Clickeá en el botón de debajo para verlo como se ve normalmente en un navegador."
+too_large_to_view_03 = "Ajustá $MAX_VIEW_SIZE en la sección de configuración de OneFileCMS como sea necesario."
+too_large_to_view_04 = "(El valor por defecto para $MAX_VIEW_SIZE es completamente arbitrario, y puede ser ajustado como sea necesario.)"
+
+meta_txt_01 = "Tamaño:"
+meta_txt_02 = "bytes."
+meta_txt_03 = "Actualizado:"
+
+edit_msg_01 = "Archivo Guardado:"
+edit_msg_02 = "bytes escritos."
+edit_msg_03 = "Ocurrió un error guardando el archivo."
+
+upload_h2     = "Subir Archivo"
+upload_txt_01 = "por upload_max_filesize en php.ini."
+upload_txt_02 = "por post_max_size en php.ini"
+upload_txt_03 = "Nota: El tamaño máximo de subida es de:"
+
+upload_err_01a = "Error 1: Archivo muy largo."
+upload_err_01b = "(Desde php.ini)"
+upload_err_02a = "Error 2: Archivo muy largo."
+upload_err_02b = "(Desde OneFileCMS)"
+upload_err_03  = "Error 3: El archivo se subió sólo parcialmente."
+upload_err_04  = "Error 4: No se subió ningún archivo."
+upload_err_05  = "Error 5:"
+upload_err_06  = "Error 6: Carpeta temporal no encontrada."
+upload_err_07  = "Error 7: No se pudo guardar el archivo en el disco."
+upload_err_08  = "Error 8: Una extensión de PHP detuvo la subida del archivo."
+
+upload_msg_01 = "No se seleccionó ningún archivo para subirlo."
+upload_msg_02 = "La carpeta de destino no existe: "
+upload_msg_03 = "Subida cancelada."
+upload_msg_04 = "Subiendo:"
+upload_msg_05 = "¡Subida satisfactoria!"
+upload_msg_06 = "Subida fallida: "
+
+new_file_h2     = "Archivo Nuevo"
+new_file_txt_01 = "Se creará un archivo nuevo en la carpeta actual."
+new_file_txt_02 = "Algunos caracteres inválidos son: "
+
+new_file_msg_01 = "Archivo nuevo no creado:"
+new_file_msg_02 = "El nombre contiene caracteres inválidos:"
+new_file_msg_03 = "Archivo nuevo no creado - no se especificó un nombre"
+new_file_msg_04 = "El archivo ya existe:"
+new_file_msg_05 = "Archivo creado:"
+new_file_msg_06 = "Error - archivo no creado:"
+
+CRM_txt_01  = "Para mover un archivo o carpeta, cambiá el camino/hacia/la/carpeta/o_archivo. La nueva localización debe existir."
+CRM_txt_02  = "Nombre antiguo:"
+CRM_txt_03  = "Nuevo nombre:"
+
+CRM_msg_01 = "Error - la localización padre no existe:"
+CRM_msg_02 = "Error - el archivo inicial no existe:"
+CRM_msg_03 = "Error - el archivo de objetivo no existe:"
+CRM_msg_04 = "hacia"
+CRM_msg_05a = "Error durante"
+CRM_msg_05b = "desde arriba a lo siguiente:"
+
+delete_h2     = "Eliminar Archivo"
+delete_txt_01 = "¿Estás seguro?"
+
+delete_msg_01 = "Archivo Eliminado:"
+delete_msg_02 = "Error eliminando"
+
+new_folder_h2    = "Nueva Carpeta"
+new_folder_txt_1 = "La carpeta se creará dentro de la carpeta actual."
+new_folder_txt_2 = "Algunos caracteres inválidos son:"
+
+new_folder_msg_01 = "Carpeta nueva no creada:"
+new_folder_msg_02 = "El nombre contiene caracteres inválidos:"
+new_folder_msg_03 = "Carpeta nueva no creada - no se ha asignado un nombre."
+new_folder_msg_04 = "La carpeta ya existe:"
+new_folder_msg_05 = "Carpeta creada:"
+new_folder_msg_06 = "Error - carpeta nueva no creada:"
+
+delete_folder_h2     = "Eliminar Carpeta"
+delete_folder_txt_01 = "¿Estás seguro?"
+
+delete_folder_msg_01 = "Carpeta no vacía.   Las carpetas deben estar vacías antes de ser eliminadas."
+delete_folder_msg_02 = "Carpeta eliminada:"
+delete_folder_msg_03 = "ocurrió un error eliminándola."
+
+page_title_login      = "Iniciar Sesión"
+page_title_hash       = "Página de Cadena"
+page_title_edit       = "Editar/Ver Archivo"
+page_title_upload     = "Subir Archivo"
+page_title_new_file   = "Nuevo Archivo"
+page_title_copy       = "Copiar Archivo"
+page_title_ren        = "Renombrar Archivo"
+page_title_del        = "Eliminar Archivo"
+page_title_folder_new = "Nueva Carpeta"
+page_title_folder_ren = "Renombrar/Mover Carpeta"
+page_title_folder_del = "Eliminar Carpeta"
+
+session_warning = "Advertencia: ¡La sesión terminará pronto!"
+session_expired = "SESIÓN TERMINADA"
+unload_unsaved  = "                 ¡Los cambios no guardados se perderán!"
+confirm_reset   = "¿Reiniciar el archivo y descartar cambios no guardados?"
+
+OFCMS_requires  = "OneFileCMS necesita PHP5. Probado en las versiones 5.2.8, 5.3.3 & 5.4.3."
+
+logout_msg       = "Has cerrado la sesión satisfactoriamente."
+folder_del_msg   = "Carpeta no vacía.   Las carpetas debe estar vacías antes de poder eliminarse."
+upload_error_01a = "Eror de subida.  Total de datos POST (mayormente el peso del archivo) excedido post_max_size ="
+upload_error_01b = "(desde php.ini)"
+edit_caution_01  = "PRECAUCIÓN"
+edit_caution_02  = "Estás editando la copia activa de OneFileCMS - ¡HACÉ UNA COPIA DE SEGURIDAD Y TENÉ CUIDADO!"
+
+time_out_txt = "Tiempo de Espera de Sesión Agotado:"
diff --git a/readme.markdown b/readme.markdown
index fb4bc68..9f0c297 100755
--- a/readme.markdown
+++ b/readme.markdown
@@ -79,7 +79,7 @@ Well, because "OneFileFileManagerTextEditor" just doesn't have the same ring to
 
 ### Multi-Language Support?
 
-Yes!  (But only English and German is available so far...)
+Yes!  (But only English, Spanish and German is available so far...)
 
 ### Can I have more than one username/password?
 

From ba2a1ca85ab6de9482fa3608b6f967b8e51d59e4 Mon Sep 17 00:00:00 2001
From: David <selfevidenttruths@mail.com>
Date: Sun, 22 Jul 2012 16:42:22 -0400
Subject: [PATCH 110/228] English language settings. Version 3.3.04. Minor
 updates.

---
 OneFileCMS.LANG.EN.ini | 16 +++++++++-------
 1 file changed, 9 insertions(+), 7 deletions(-)

diff --git a/OneFileCMS.LANG.EN.ini b/OneFileCMS.LANG.EN.ini
index b3e33ee..7acb2b2 100755
--- a/OneFileCMS.LANG.EN.ini
+++ b/OneFileCMS.LANG.EN.ini
@@ -1,5 +1,5 @@
 ;///////////////////////////////////////////////////////////////////////////////
-;// OneFileCMS Language Settings v3.3.02
+;// OneFileCMS Language Settings v3.3.04
 
 LANGUAGE = "English"
 
@@ -38,7 +38,9 @@ Folder = "Folder"
 
 Log_In  = "Log In"
 Log_Out = "Log Out"
-Hash    = "Hash"
+
+Hash          = "Hash"
+pass_to_hash  = "Password to hash:"
 Generate_Hash = "Generate Hash"
 
 save_1      = "Save"
@@ -163,10 +165,10 @@ CRM_txt_01  = "To move a file or folder, change the path/to/folder/or_file. The
 CRM_txt_02  = "Old name:"
 CRM_txt_03  = "New name:"
 
-CRM_msg_01 = "Error - new parent location does not exist:"
-CRM_msg_02 = "Error - source file does not exist:"
-CRM_msg_03 = "Error - target filename already exists:"
-CRM_msg_04 = "to"
+CRM_msg_01  = "Error - new parent location does not exist:"
+CRM_msg_02  = "Error - source file does not exist:"
+CRM_msg_03  = "Error - target filename already exists:"
+CRM_msg_04  = "to"
 CRM_msg_05a = "Error during"
 CRM_msg_05b = "from the above to the following:"
 
@@ -211,7 +213,7 @@ session_expired = "SESSION EXPIRED"
 unload_unsaved  = "               Unsaved changes will be lost!"
 confirm_reset   = "Reset file and loose unsaved changes?"
 
-OFCMS_requires  = "OneFileCMS requires PHP5. Tested on versions 5.2.8, 5.3.3 & 5.4.3."
+OFCMS_requires  = "OneFileCMS requires PHP5. Tested on versions 5.2.8, 5.3.3 & 5.4.4."
 
 logout_msg       = "You have successfully logged out."
 folder_del_msg   = "Folder not empty.   Folders must be empty before they can be deleted."

From cd774479c3e0c8302fc4c25c92691e4378447aa7 Mon Sep 17 00:00:00 2001
From: David <selfevidenttruths@mail.com>
Date: Sun, 22 Jul 2012 16:45:03 -0400
Subject: [PATCH 111/228] German language settings. Version 3.3.04.  Minor
 updates.

---
 OneFileCMS.LANG.DE.ini | 56 ++++++++++++++++++++----------------------
 1 file changed, 26 insertions(+), 30 deletions(-)

diff --git a/OneFileCMS.LANG.DE.ini b/OneFileCMS.LANG.DE.ini
index 68c2a39..4cfa2f4 100755
--- a/OneFileCMS.LANG.DE.ini
+++ b/OneFileCMS.LANG.DE.ini
@@ -1,19 +1,13 @@
 ;///////////////////////////////////////////////////////////////////////////////
-;// OneFileCMS Language Settings
+;// OneFileCMS Language Settings v3.3.04
 
 LANGUAGE = "German"
 
 ;Übersetzungen:
 ;==============
-;Move=Verschieben
-;Directory or Folder=Ordner
-;Create=erstellen
-;Log In=anmelden
-;Log out=abmelden
-;reset=zurücksetzen
-;session=sitzung
-;expired=abgelaufen
-;exist=bestehen
+;Move=Verschieben ;Directory or Folder=Ordner ;Create=erstellen
+;Log In=anmelden ;Log out=abmelden ;reset=zurücksetzen
+;session=sitzung ;expired=abgelaufen ;exist=bestehen
 ;configuration section=Konfigurationsbereich
 ;hash=Streuwert
 ;button: knopf
@@ -44,7 +38,9 @@ Folder = "Ordner"
 
 Log_In  = "Anmelden"
 Log_Out = "Abmelden"
+
 Hash    = "Hash"
+pass_to_hash  = "Password to hash:"
 Generate_Hash = "Hash generieren"
 
 save_1      = "Speichern"
@@ -68,7 +64,7 @@ ord_msg_02 = "Speichern als"
 show_img_msg_01 = "Die Bilddarstellung entspricht ~"
 show_img_msg_02 = "% der wahren Größe (W x H = "
 
-hash_h2 = "Streuwertgenerierung für das Passwort"
+hash_h2     = "Streuwertgenerierung für das Passwort"
 hash_txt_01 = "Es gibt zwei Wege, wie Sie Ihr OneFileCMS-Passwort ändern können:"
 hash_txt_02 = "1) Verwenden Sie die Konfigurationsvariable $PASSWORD, um Ihr gewünschtes Passwort zu speichern. In diesem Fall sollte $USE_HASH auf 0 gesetzt werden."
 hash_txt_03 = "2) Oder Sie verwenden die Konfigurationsvariable $HASHWORD, um den Streuwert Ihres Passwortes zu speichern. Setzen Sie $USE_HASH in diesem Fall auf 1."
@@ -87,7 +83,7 @@ hash_txt_14 = "Eine weitere, kleine Sicherheitsvorkehrung wäre, das Salz oder d
 hash_msg_01 = "Passwort: "
 hash_msg_02 = "Streuwert    : "
 
-login_h2 = "Anmelden"
+login_h2     = "Anmelden"
 login_txt_01 = "Benutzername:"
 login_txt_02 = "Password:"
 
@@ -100,12 +96,12 @@ login_msg_03  = "UNGÜLTIGER ANMELDEVERSUCH #"
 edit_note_00  = "ANMKERUNG:"
 edit_note_01a = "Denken Sie immer daran: Ihre "
 edit_note_01b = " ist "
-edit_note_02 = "Speichern Sie Änderungen bevor der Countdown abläuft, oder die Änderungen sind verloren!"
-edit_note_03 = "Einige Browser (wie zum Beispiel Chrome) zeigen eventuell nicht den richtigen Dateistatus an, wenn man die Vor- und Zurückknöpfe verwendet. Zum Korrigieren offensichtlich falscher Angaben drücken Sie in so einem Fall bitte den \"Neu laden\"-Knopf."
-edit_note_04 = "Die XSS-Filter des Chrome Browsers deaktivieren möglicherweise einige JavaScript-Funktionen, wenn diese in einem gewissen Kontext auftreten. Das kann sich auf einige Features des OneFileCMS auswirken. Trotzdem können solche Dateien bearbeitet und gespeichert werden. Allerdings bleibt die Hintergrundfarbe immer gleich; Änderungen an der Datei werden sonst mit wechselnden Hintergrundfarben (rot und grün) dargestellt."
+edit_note_02  = "Speichern Sie Änderungen bevor der Countdown abläuft, oder die Änderungen sind verloren!"
+edit_note_03  = "Einige Browser (wie zum Beispiel Chrome) zeigen eventuell nicht den richtigen Dateistatus an, wenn man die Vor- und Zurückknöpfe verwendet. Zum Korrigieren offensichtlich falscher Angaben drücken Sie in so einem Fall bitte den \"Neu laden\"-Knopf."
+edit_note_04  = "Die XSS-Filter des Chrome Browsers deaktivieren möglicherweise einige JavaScript-Funktionen, wenn diese in einem gewissen Kontext auftreten. Das kann sich auf einige Features des OneFileCMS auswirken. Trotzdem können solche Dateien bearbeitet und gespeichert werden. Allerdings bleibt die Hintergrundfarbe immer gleich; Änderungen an der Datei werden sonst mit wechselnden Hintergrundfarben (rot und grün) dargestellt."
 
-edit_h2_1 = "Betrachtend: "
-edit_h2_2 = "In Bearbeitung: "
+edit_h2_1   = "Betrachtend: "
+edit_h2_2   = "In Bearbeitung: "
 edit_txt_01 = "Unbekannter Dateityp oder keine Textdatei. Bearbeitungsmöglichkeit ausgeschalten."
 edit_txt_02 = "Die Datei enthält möglicherweise ungültige Zeichen. Der Bearbeitungs- und Betrachtungsmodus wurde gesperrt."
 edit_txt_03 = "htmlspecialchars() gab eine leere Zeichenkette zurück."
@@ -113,15 +109,15 @@ edit_txt_04 = "Das Verhalten kann je nach verwendeter PHP-Version unterschiedlic
 
 too_large_to_edit_01a = "Bearbeitungsfunktion deaktiviert. Dateigröße > "
 too_large_to_edit_01b = " bytes."
-too_large_to_edit_02 = "Einige Browser (wie zum Beispiel der Internet Explorer) bleiben stecken oder werden instabil, sobald größere Textmengen in einer HTML <textarea> bearbeitet werden."
-too_large_to_edit_03 = "Die Einstellung $MAX_EDIT_SIZE im Konfigurationsbereich des OneFileCMS kann nach den Erfordernissen angepaßt werden."
-too_large_to_edit_04 = "Mittels einfachem Trial & Error kann das optimale Limit für einen bestimmten Browser und Computer festgestellt werden."
+too_large_to_edit_02  = "Einige Browser (wie zum Beispiel der Internet Explorer) bleiben stecken oder werden instabil, sobald größere Textmengen in einer HTML <textarea> bearbeitet werden."
+too_large_to_edit_03  = "Die Einstellung $MAX_EDIT_SIZE im Konfigurationsbereich des OneFileCMS kann nach den Erfordernissen angepaßt werden."
+too_large_to_edit_04  = "Mittels einfachem Trial & Error kann das optimale Limit für einen bestimmten Browser und Computer festgestellt werden."
 
 too_large_to_view_01a = "Betrachtungsmodus deaktiviert. Filesize > "
 too_large_to_view_01b = " Bytes."
-too_large_to_view_02 = "Klicken Sie auf den Dateinamen überhalb, um die Datei direkt im Browser anzuzeigen."
-too_large_to_view_03 = "Adjustieren Sie die $MAX_VIEW_SIZE im Konfigurationsbereich von OneFileCMS nach Ihren Bedürfnissen."
-too_large_to_view_04 = "(The default value for $MAX_VIEW_SIZE is completely arbitrary, and may be adjusted as desired.)"
+too_large_to_view_02  = "Klicken Sie auf den Dateinamen überhalb, um die Datei direkt im Browser anzuzeigen."
+too_large_to_view_03  = "Adjustieren Sie die $MAX_VIEW_SIZE im Konfigurationsbereich von OneFileCMS nach Ihren Bedürfnissen."
+too_large_to_view_04  = "(The default value for $MAX_VIEW_SIZE is completely arbitrary, and may be adjusted as desired.)"
 
 meta_txt_01 = "Dateigröße: "
 meta_txt_02 = " Bytes."
@@ -131,7 +127,7 @@ edit_msg_01 = "Die Datei wurde gespeichert: "
 edit_msg_02 = "Bytes geschrieben."
 edit_msg_03 = "Bei dem Versuch die Datei zu speichern trat ein Fehler auf."
 
-upload_h2 = "Datei heraufladen"
+upload_h2     = "Datei heraufladen"
 upload_txt_01 = "  per upload_max_filesize in php.ini."
 upload_txt_02 = "per post_max_size in php.ini"
 upload_txt_03 = "Anmerkung: Die maximale Dateigröße für das Heraufladen von Dateien beträgt: "
@@ -169,10 +165,10 @@ CRM_txt_01  = "Um eine Datei oder einen Ordner zu verschieben, ändern Sie den p
 CRM_txt_02  = "Alter Name:"
 CRM_txt_03  = "Neuer Name:"
 
-CRM_msg_01 = " Fehler - der neue Zielort besteht nicht:"
-CRM_msg_02 = " Fehler - die Quelldatei besteht nicht:"
-CRM_msg_03 = " Fehler - die Zieldatei besteht bereits:"
-CRM_msg_04 = " zu "
+CRM_msg_01  = " Fehler - der neue Zielort besteht nicht:"
+CRM_msg_02  = " Fehler - die Quelldatei besteht nicht:"
+CRM_msg_03  = " Fehler - die Zieldatei besteht bereits:"
+CRM_msg_04  = " zu "
 CRM_msg_05a = "Fehler während "
 CRM_msg_05b = " des folgenden Vorgangs:"
 
@@ -193,7 +189,7 @@ new_folder_msg_04 = "Der Ordner besteht bereits: "
 new_folder_msg_05 = "Ordner erstellt:"
 new_folder_msg_06 = "Fehler - der Ordner konnte nicht erstellt werden: "
 
-delete_folder_h2 = "Ordner löschen"
+delete_folder_h2     = "Ordner löschen"
 delete_folder_txt_01 = "Sind Sie sicher?"
 
 delete_folder_msg_01 = "Der Ordner ist nicht leer.   Bevor ein Ordner gelöscht werden kann, muss er geleert werden."
@@ -217,7 +213,7 @@ session_expired = "SITZUNG ABGELAUFEN"
 unload_unsaved  = "               Nicht gespeicherte Änderungen gehen verloren!"
 confirm_reset   = "Soll der Inhalt der Datei zurückgesetzt werden (Änderungen gehen verloren)?"
 
-OFCMS_requires  = "OneFileCMS erfordert PHP5. Getestet mit den Versionen 5.2.17, 5.3.3 & 5.4"
+OFCMS_requires  = "OneFileCMS erfordert PHP5. Getestet mit den Versionen 5.2.8, 5.3.3 & 5.4.4."
 
 logout_msg       = "Sie wurden erfolgreich abgemeldet."
 folder_del_msg   = "Der Ordner ist nicht leer.   Der Ordner muss leer sein, bevor er gelöscht werden kann."

From d5db7fcd4dc0d54b59da167f0b3860e7a970271c Mon Sep 17 00:00:00 2001
From: David <selfevidenttruths@mail.com>
Date: Sun, 22 Jul 2012 19:26:26 -0400
Subject: [PATCH 112/228] Spanish language settings Version 3.3.04. Added a
 missing setting.

---
 OneFileCMS.LANG.ES.ini | 448 +++++++++++++++++++++--------------------
 1 file changed, 225 insertions(+), 223 deletions(-)

diff --git a/OneFileCMS.LANG.ES.ini b/OneFileCMS.LANG.ES.ini
index 2b223b7..a9051bf 100755
--- a/OneFileCMS.LANG.ES.ini
+++ b/OneFileCMS.LANG.ES.ini
@@ -1,223 +1,225 @@
-;///////////////////////////////////////////////////////////////////////////////
-;// OneFileCMS Language Settings v3.3.02
-
-LANGUAGE = "Spanish"
-
-;// These are the default values included directly in onefilecms.php.
-;//
-;// If no translation or value is desired for a particular setting, do not delete
-;// the actual setting variable, just set it to an empty string.
-;// For example:  some_unused_setting = ""
-;//
-;// Remember to slash-escape double quotes that may be within a value:  \" 
-;// And, for any values used directly in Default_Language() in onefilecms.php,
-;// single quotes must also be escaped:   \'
-
-Upload_File = "Subir Archivo"
-New_File    = "Archivo Nuevo"
-Ren_Move    = "Renombrar/Mover"
-Ren_Moved   = "Renombrado/Movido"
-New_Folder  = "Carpeta Nueva"
-Ren_Folder  = "Renombrar/Mover Carpeta"
-Del_Folder  = "Borrar Carpeta"
-
-Admin  = "Administrador"
-Enter  = "Entrar"
-Edit   = "Editar"
-Close  = "Cerrar"
-Cancel = "Cancelar"
-Upload = "Subir"
-Create = "Crear"
-Copy   = "Copiar"
-Copied = "Copiado"
-Rename = "Renombrar"
-Delete = "Eliminar"
-DELETE = "ELIMINAR"
-File   = "Archivo"
-Folder = "Carpeta"
-
-Log_In  = "Iniciar Sesión"
-Log_Out = "Cerrar Sesión"
-Hash    = "Cadena"
-Generate_Hash = "Generar Cadena"
-
-save_1      = "Guardar"
-save_2      = "¡GUARDAR CAMBIOS!"
-reset       = "Reiniciar - perder los cambios"
-Wide_View   = "Vista Ampliada"
-Normal_View = "Vista Normal"
-
-on_      = "activado"
-
-verify_msg_01 = "Sesión expirada."
-verify_msg_02 = "POST INVÁLIDO"
-
-get_get_msg_01 = "El archivo no existe:"
-
-check_path_msg_01 = "El directorio no existe: "
-
-ord_msg_01 = "Un archivo con ese mismo nombre ya existe en el directorio asignado."
-ord_msg_02 = "Guardando como"
-
-show_img_msg_01 = "Imagen mostrada a ~"
-show_img_msg_02 = "% del tamaño (W x H ="
-
-hash_h2     = "Generar una Cadena de Contraseña"
-hash_txt_01 = "Existen dos formas de cambiar tu contraseña:"
-hash_txt_02 = "1) Cambiando la variable $PASSWORD y asignando $USE_HASH = 0 (cero)."
-hash_txt_03 = "2) O, usando $HASHWORD para almacenar tu contraseña, y luego asignar $USE_HASH = 1."
-hash_txt_04 = "Tenga en cuenta que, debido a una serie de consideraciones muy variadas, esto es en gran parte un ejercicio académico. Es decir, tomar la idea de que esta es una gran mejora a la seguridad con un granito de sal de criptografía. Sin embargo, sí elimina el almacenamiento de la contraseña en texto plano, lo cual es algo bueno."
-hash_txt_05 = "Igualmente, para usar la opción de contraseña $HASHWORD:"
-hash_txt_06 = "Ingresá la contraseña que quieras en la caja de texto siguiente y presioná enter."
-hash_txt_07 = "La cadena se mostrará en un mensaje amarillo."
-hash_txt_08 = "Copiá y pegá esa cadena a la variable $HASHWORD en la sección de configuración."
-hash_txt_09 = "Asegurate de copiar TODO y SÓLO la cadena (sin dejar espacios en blanco o demás)."
-hash_txt_10 = "Haciendo doble click debería seleccionarlo..."
-hash_txt_11 = "Asegurate de que $USE_HASH sea 1 (o true)."
-hash_txt_12 = "Cuando estés listo, deslogueate y volvé a loguearte."
-hash_txt_13 = "Podés usar OneFileCMS para editarlo. Sin embargo, asegurate de hacer un backup..."
-hash_txt_14 = "Para otro tip de seguridad, cambiá la llave de seguridad y/o el método usado por OneFileCMS para almacenar la clave (y mantenelo en secreto, obviamente).  Acordate, cada granito ayuda..."
-
-hash_msg_01 = "Contraseña: "
-hash_msg_02 = "Cadena    : "
-
-login_h2     = "Iniciar sesión"
-login_txt_01 = "Usuario:"
-login_txt_02 = "Contraseña:"
-
-login_msg_01a = "Hubo "
-login_msg_01b = "intentos fallidos."
-login_msg_02a = "Por favor espere "
-login_msg_02b = "segundos para volver a intentar."
-login_msg_03  = "INTENTO DE INICIO INVÁLIDO NÚMERO #"
-
-edit_note_00  = "NOTAS:"
-edit_note_01a = "Recuérdalo- tu"
-edit_note_01b = "es"
-edit_note_02  = "Entonces guardá antes que se acabe el tiempo, ¡o vas a perer los cambios!"
-edit_note_03  = "Con algunos navegadores, como Chrome, si clickeás el botón del navegador [Volver] y después [Continuar], puede que el estado del archivo no sea exacto. Para corregirlo, clickeá en el botón [Recargar]."
-edit_note_04  = "Chrome puede deshabilitar algunos textos si contienen javascript dentro en ciertos contextos.  Esto puede provocar problemas con el editor de OneFileCMS. Sin embargo, estos archivos pueden ser editados y guardados con OneFileCMS.  La función primaria que es perdida es el cambio de los colores del fondo (rojo/verde) indicando cuando o no el archivo tiene cambios no guardados.  El error se notificará después de la primera vez que se guarde ese archivo."
-
-edit_h2_1   = "Viendo:"
-edit_h2_2   = "Editando:"
-edit_txt_01 = "No texto o tipo de archivo desconocido. Edición deshabilitada."
-edit_txt_02 = "El archivo posiblemente contiene un caracter desconocido. Edición deshabilitada."
-edit_txt_03 = "htmlspecialchars() devolvió una cadena vacía de lo que debería ser un archivo válido."
-edit_txt_04 = "Este comportamiento puede ser inconsistente de versión a versión de PHP."
-
-too_large_to_edit_01a = "Edición deshabilita. Tamaño >"
-too_large_to_edit_01b = "bytes."
-too_large_to_edit_02 = "Algunos navegadores (por ej.: IE) se vuelven inestables cuando se edita un texto largo dentro de un <textarea>."
-too_large_to_edit_03 = "Ajustá la variable $MAX_EDIT_SIZE en la sección de configuración de OneFileCMS como sea necesario."
-too_large_to_edit_04 = "Una simple prueba puede dar con el resultado necesario."
-
-too_large_to_view_01a = "Vista deshabilitada. Tamaño >"
-too_large_to_view_01b = "bytes."
-too_large_to_view_02 = "Clickeá en el botón de debajo para verlo como se ve normalmente en un navegador."
-too_large_to_view_03 = "Ajustá $MAX_VIEW_SIZE en la sección de configuración de OneFileCMS como sea necesario."
-too_large_to_view_04 = "(El valor por defecto para $MAX_VIEW_SIZE es completamente arbitrario, y puede ser ajustado como sea necesario.)"
-
-meta_txt_01 = "Tamaño:"
-meta_txt_02 = "bytes."
-meta_txt_03 = "Actualizado:"
-
-edit_msg_01 = "Archivo Guardado:"
-edit_msg_02 = "bytes escritos."
-edit_msg_03 = "Ocurrió un error guardando el archivo."
-
-upload_h2     = "Subir Archivo"
-upload_txt_01 = "por upload_max_filesize en php.ini."
-upload_txt_02 = "por post_max_size en php.ini"
-upload_txt_03 = "Nota: El tamaño máximo de subida es de:"
-
-upload_err_01a = "Error 1: Archivo muy largo."
-upload_err_01b = "(Desde php.ini)"
-upload_err_02a = "Error 2: Archivo muy largo."
-upload_err_02b = "(Desde OneFileCMS)"
-upload_err_03  = "Error 3: El archivo se subió sólo parcialmente."
-upload_err_04  = "Error 4: No se subió ningún archivo."
-upload_err_05  = "Error 5:"
-upload_err_06  = "Error 6: Carpeta temporal no encontrada."
-upload_err_07  = "Error 7: No se pudo guardar el archivo en el disco."
-upload_err_08  = "Error 8: Una extensión de PHP detuvo la subida del archivo."
-
-upload_msg_01 = "No se seleccionó ningún archivo para subirlo."
-upload_msg_02 = "La carpeta de destino no existe: "
-upload_msg_03 = "Subida cancelada."
-upload_msg_04 = "Subiendo:"
-upload_msg_05 = "¡Subida satisfactoria!"
-upload_msg_06 = "Subida fallida: "
-
-new_file_h2     = "Archivo Nuevo"
-new_file_txt_01 = "Se creará un archivo nuevo en la carpeta actual."
-new_file_txt_02 = "Algunos caracteres inválidos son: "
-
-new_file_msg_01 = "Archivo nuevo no creado:"
-new_file_msg_02 = "El nombre contiene caracteres inválidos:"
-new_file_msg_03 = "Archivo nuevo no creado - no se especificó un nombre"
-new_file_msg_04 = "El archivo ya existe:"
-new_file_msg_05 = "Archivo creado:"
-new_file_msg_06 = "Error - archivo no creado:"
-
-CRM_txt_01  = "Para mover un archivo o carpeta, cambiá el camino/hacia/la/carpeta/o_archivo. La nueva localización debe existir."
-CRM_txt_02  = "Nombre antiguo:"
-CRM_txt_03  = "Nuevo nombre:"
-
-CRM_msg_01 = "Error - la localización padre no existe:"
-CRM_msg_02 = "Error - el archivo inicial no existe:"
-CRM_msg_03 = "Error - el archivo de objetivo no existe:"
-CRM_msg_04 = "hacia"
-CRM_msg_05a = "Error durante"
-CRM_msg_05b = "desde arriba a lo siguiente:"
-
-delete_h2     = "Eliminar Archivo"
-delete_txt_01 = "¿Estás seguro?"
-
-delete_msg_01 = "Archivo Eliminado:"
-delete_msg_02 = "Error eliminando"
-
-new_folder_h2    = "Nueva Carpeta"
-new_folder_txt_1 = "La carpeta se creará dentro de la carpeta actual."
-new_folder_txt_2 = "Algunos caracteres inválidos son:"
-
-new_folder_msg_01 = "Carpeta nueva no creada:"
-new_folder_msg_02 = "El nombre contiene caracteres inválidos:"
-new_folder_msg_03 = "Carpeta nueva no creada - no se ha asignado un nombre."
-new_folder_msg_04 = "La carpeta ya existe:"
-new_folder_msg_05 = "Carpeta creada:"
-new_folder_msg_06 = "Error - carpeta nueva no creada:"
-
-delete_folder_h2     = "Eliminar Carpeta"
-delete_folder_txt_01 = "¿Estás seguro?"
-
-delete_folder_msg_01 = "Carpeta no vacía.   Las carpetas deben estar vacías antes de ser eliminadas."
-delete_folder_msg_02 = "Carpeta eliminada:"
-delete_folder_msg_03 = "ocurrió un error eliminándola."
-
-page_title_login      = "Iniciar Sesión"
-page_title_hash       = "Página de Cadena"
-page_title_edit       = "Editar/Ver Archivo"
-page_title_upload     = "Subir Archivo"
-page_title_new_file   = "Nuevo Archivo"
-page_title_copy       = "Copiar Archivo"
-page_title_ren        = "Renombrar Archivo"
-page_title_del        = "Eliminar Archivo"
-page_title_folder_new = "Nueva Carpeta"
-page_title_folder_ren = "Renombrar/Mover Carpeta"
-page_title_folder_del = "Eliminar Carpeta"
-
-session_warning = "Advertencia: ¡La sesión terminará pronto!"
-session_expired = "SESIÓN TERMINADA"
-unload_unsaved  = "                 ¡Los cambios no guardados se perderán!"
-confirm_reset   = "¿Reiniciar el archivo y descartar cambios no guardados?"
-
-OFCMS_requires  = "OneFileCMS necesita PHP5. Probado en las versiones 5.2.8, 5.3.3 & 5.4.3."
-
-logout_msg       = "Has cerrado la sesión satisfactoriamente."
-folder_del_msg   = "Carpeta no vacía.   Las carpetas debe estar vacías antes de poder eliminarse."
-upload_error_01a = "Eror de subida.  Total de datos POST (mayormente el peso del archivo) excedido post_max_size ="
-upload_error_01b = "(desde php.ini)"
-edit_caution_01  = "PRECAUCIÓN"
-edit_caution_02  = "Estás editando la copia activa de OneFileCMS - ¡HACÉ UNA COPIA DE SEGURIDAD Y TENÉ CUIDADO!"
-
-time_out_txt = "Tiempo de Espera de Sesión Agotado:"
+;///////////////////////////////////////////////////////////////////////////////
+;// OneFileCMS Language Settings v3.3.04
+
+LANGUAGE = "Spanish"
+
+;//
+;//
+;// If no translation or value is desired for a particular setting, do not delete
+;// the actual setting variable, just set it to an empty string.
+;// For example:  some_unused_setting = ""
+;//
+;// Remember to slash-escape double quotes that may be within a value:  \" 
+;// And, for any values used directly in Default_Language() in onefilecms.php,
+;// single quotes must also be escaped:   \'
+
+Upload_File = "Subir Archivo"
+New_File    = "Archivo Nuevo"
+Ren_Move    = "Renombrar/Mover"
+Ren_Moved   = "Renombrado/Movido"
+New_Folder  = "Carpeta Nueva"
+Ren_Folder  = "Renombrar/Mover Carpeta"
+Del_Folder  = "Borrar Carpeta"
+
+Admin  = "Administrador"
+Enter  = "Entrar"
+Edit   = "Editar"
+Close  = "Cerrar"
+Cancel = "Cancelar"
+Upload = "Subir"
+Create = "Crear"
+Copy   = "Copiar"
+Copied = "Copiado"
+Rename = "Renombrar"
+Delete = "Eliminar"
+DELETE = "ELIMINAR"
+File   = "Archivo"
+Folder = "Carpeta"
+
+Log_In  = "Iniciar Sesión"
+Log_Out = "Cerrar Sesión"
+
+Hash    = "Cadena"
+pass_to_hash  = "Contraseña para calcular el hash:"
+Generate_Hash = "Generar Cadena"
+
+save_1      = "Guardar"
+save_2      = "¡GUARDAR CAMBIOS!"
+reset       = "Reiniciar - perder los cambios"
+Wide_View   = "Vista Ampliada"
+Normal_View = "Vista Normal"
+
+on_      = "activado"
+
+verify_msg_01 = "Sesión expirada."
+verify_msg_02 = "POST INVÁLIDO"
+
+get_get_msg_01 = "El archivo no existe:"
+
+check_path_msg_01 = "El directorio no existe: "
+
+ord_msg_01 = "Un archivo con ese mismo nombre ya existe en el directorio asignado."
+ord_msg_02 = "Guardando como"
+
+show_img_msg_01 = "Imagen mostrada a ~"
+show_img_msg_02 = "% del tamaño (W x H ="
+
+hash_h2     = "Generar una Cadena de Contraseña"
+hash_txt_01 = "Existen dos formas de cambiar tu contraseña:"
+hash_txt_02 = "1) Cambiando la variable $PASSWORD y asignando $USE_HASH = 0 (cero)."
+hash_txt_03 = "2) O, usando $HASHWORD para almacenar tu contraseña, y luego asignar $USE_HASH = 1."
+hash_txt_04 = "Tenga en cuenta que, debido a una serie de consideraciones muy variadas, esto es en gran parte un ejercicio académico. Es decir, tomar la idea de que esta es una gran mejora a la seguridad con un granito de sal de criptografía. Sin embargo, sí elimina el almacenamiento de la contraseña en texto plano, lo cual es algo bueno."
+hash_txt_05 = "Igualmente, para usar la opción de contraseña $HASHWORD:"
+hash_txt_06 = "Ingresá la contraseña que quieras en la caja de texto siguiente y presioná enter."
+hash_txt_07 = "La cadena se mostrará en un mensaje amarillo."
+hash_txt_08 = "Copiá y pegá esa cadena a la variable $HASHWORD en la sección de configuración."
+hash_txt_09 = "Asegurate de copiar TODO y SÓLO la cadena (sin dejar espacios en blanco o demás)."
+hash_txt_10 = "Haciendo doble click debería seleccionarlo..."
+hash_txt_11 = "Asegurate de que $USE_HASH sea 1 (o true)."
+hash_txt_12 = "Cuando estés listo, deslogueate y volvé a loguearte."
+hash_txt_13 = "Podés usar OneFileCMS para editarlo. Sin embargo, asegurate de hacer un backup..."
+hash_txt_14 = "Para otro tip de seguridad, cambiá la llave de seguridad y/o el método usado por OneFileCMS para almacenar la clave (y mantenelo en secreto, obviamente).  Acordate, cada granito ayuda..."
+
+hash_msg_01 = "Contraseña: "
+hash_msg_02 = "Cadena    : "
+
+login_h2     = "Iniciar sesión"
+login_txt_01 = "Usuario:"
+login_txt_02 = "Contraseña:"
+
+login_msg_01a = "Hubo "
+login_msg_01b = "intentos fallidos."
+login_msg_02a = "Por favor espere "
+login_msg_02b = "segundos para volver a intentar."
+login_msg_03  = "INTENTO DE INICIO INVÁLIDO NÚMERO #"
+
+edit_note_00  = "NOTAS:"
+edit_note_01a = "Recuérdalo- tu"
+edit_note_01b = "es"
+edit_note_02  = "Entonces guardá antes que se acabe el tiempo, ¡o vas a perer los cambios!"
+edit_note_03  = "Con algunos navegadores, como Chrome, si clickeás el botón del navegador [Volver] y después [Continuar], puede que el estado del archivo no sea exacto. Para corregirlo, clickeá en el botón [Recargar]."
+edit_note_04  = "Chrome puede deshabilitar algunos textos si contienen javascript dentro en ciertos contextos.  Esto puede provocar problemas con el editor de OneFileCMS. Sin embargo, estos archivos pueden ser editados y guardados con OneFileCMS.  La función primaria que es perdida es el cambio de los colores del fondo (rojo/verde) indicando cuando o no el archivo tiene cambios no guardados.  El error se notificará después de la primera vez que se guarde ese archivo."
+
+edit_h2_1   = "Viendo:"
+edit_h2_2   = "Editando:"
+edit_txt_01 = "No texto o tipo de archivo desconocido. Edición deshabilitada."
+edit_txt_02 = "El archivo posiblemente contiene un caracter desconocido. Edición deshabilitada."
+edit_txt_03 = "htmlspecialchars() devolvió una cadena vacía de lo que debería ser un archivo válido."
+edit_txt_04 = "Este comportamiento puede ser inconsistente de versión a versión de PHP."
+
+too_large_to_edit_01a = "Edición deshabilita. Tamaño >"
+too_large_to_edit_01b = "bytes."
+too_large_to_edit_02 = "Algunos navegadores (por ej.: IE) se vuelven inestables cuando se edita un texto largo dentro de un <textarea>."
+too_large_to_edit_03 = "Ajustá la variable $MAX_EDIT_SIZE en la sección de configuración de OneFileCMS como sea necesario."
+too_large_to_edit_04 = "Una simple prueba puede dar con el resultado necesario."
+
+too_large_to_view_01a = "Vista deshabilitada. Tamaño >"
+too_large_to_view_01b = "bytes."
+too_large_to_view_02 = "Clickeá en el botón de debajo para verlo como se ve normalmente en un navegador."
+too_large_to_view_03 = "Ajustá $MAX_VIEW_SIZE en la sección de configuración de OneFileCMS como sea necesario."
+too_large_to_view_04 = "(El valor por defecto para $MAX_VIEW_SIZE es completamente arbitrario, y puede ser ajustado como sea necesario.)"
+
+meta_txt_01 = "Tamaño:"
+meta_txt_02 = "bytes."
+meta_txt_03 = "Actualizado:"
+
+edit_msg_01 = "Archivo Guardado:"
+edit_msg_02 = "bytes escritos."
+edit_msg_03 = "Ocurrió un error guardando el archivo."
+
+upload_h2     = "Subir Archivo"
+upload_txt_01 = "por upload_max_filesize en php.ini."
+upload_txt_02 = "por post_max_size en php.ini"
+upload_txt_03 = "Nota: El tamaño máximo de subida es de:"
+
+upload_err_01a = "Error 1: Archivo muy largo."
+upload_err_01b = "(Desde php.ini)"
+upload_err_02a = "Error 2: Archivo muy largo."
+upload_err_02b = "(Desde OneFileCMS)"
+upload_err_03  = "Error 3: El archivo se subió sólo parcialmente."
+upload_err_04  = "Error 4: No se subió ningún archivo."
+upload_err_05  = "Error 5:"
+upload_err_06  = "Error 6: Carpeta temporal no encontrada."
+upload_err_07  = "Error 7: No se pudo guardar el archivo en el disco."
+upload_err_08  = "Error 8: Una extensión de PHP detuvo la subida del archivo."
+
+upload_msg_01 = "No se seleccionó ningún archivo para subirlo."
+upload_msg_02 = "La carpeta de destino no existe: "
+upload_msg_03 = "Subida cancelada."
+upload_msg_04 = "Subiendo:"
+upload_msg_05 = "¡Subida satisfactoria!"
+upload_msg_06 = "Subida fallida: "
+
+new_file_h2     = "Archivo Nuevo"
+new_file_txt_01 = "Se creará un archivo nuevo en la carpeta actual."
+new_file_txt_02 = "Algunos caracteres inválidos son: "
+
+new_file_msg_01 = "Archivo nuevo no creado:"
+new_file_msg_02 = "El nombre contiene caracteres inválidos:"
+new_file_msg_03 = "Archivo nuevo no creado - no se especificó un nombre"
+new_file_msg_04 = "El archivo ya existe:"
+new_file_msg_05 = "Archivo creado:"
+new_file_msg_06 = "Error - archivo no creado:"
+
+CRM_txt_01  = "Para mover un archivo o carpeta, cambiá el camino/hacia/la/carpeta/o_archivo. La nueva localización debe existir."
+CRM_txt_02  = "Nombre antiguo:"
+CRM_txt_03  = "Nuevo nombre:"
+
+CRM_msg_01 = "Error - la localización padre no existe:"
+CRM_msg_02 = "Error - el archivo inicial no existe:"
+CRM_msg_03 = "Error - el archivo de objetivo no existe:"
+CRM_msg_04 = "hacia"
+CRM_msg_05a = "Error durante"
+CRM_msg_05b = "desde arriba a lo siguiente:"
+
+delete_h2     = "Eliminar Archivo"
+delete_txt_01 = "¿Estás seguro?"
+
+delete_msg_01 = "Archivo Eliminado:"
+delete_msg_02 = "Error eliminando"
+
+new_folder_h2    = "Nueva Carpeta"
+new_folder_txt_1 = "La carpeta se creará dentro de la carpeta actual."
+new_folder_txt_2 = "Algunos caracteres inválidos son:"
+
+new_folder_msg_01 = "Carpeta nueva no creada:"
+new_folder_msg_02 = "El nombre contiene caracteres inválidos:"
+new_folder_msg_03 = "Carpeta nueva no creada - no se ha asignado un nombre."
+new_folder_msg_04 = "La carpeta ya existe:"
+new_folder_msg_05 = "Carpeta creada:"
+new_folder_msg_06 = "Error - carpeta nueva no creada:"
+
+delete_folder_h2     = "Eliminar Carpeta"
+delete_folder_txt_01 = "¿Estás seguro?"
+
+delete_folder_msg_01 = "Carpeta no vacía.   Las carpetas deben estar vacías antes de ser eliminadas."
+delete_folder_msg_02 = "Carpeta eliminada:"
+delete_folder_msg_03 = "ocurrió un error eliminándola."
+
+page_title_login      = "Iniciar Sesión"
+page_title_hash       = "Página de Cadena"
+page_title_edit       = "Editar/Ver Archivo"
+page_title_upload     = "Subir Archivo"
+page_title_new_file   = "Nuevo Archivo"
+page_title_copy       = "Copiar Archivo"
+page_title_ren        = "Renombrar Archivo"
+page_title_del        = "Eliminar Archivo"
+page_title_folder_new = "Nueva Carpeta"
+page_title_folder_ren = "Renombrar/Mover Carpeta"
+page_title_folder_del = "Eliminar Carpeta"
+
+session_warning = "Advertencia: ¡La sesión terminará pronto!"
+session_expired = "SESIÓN TERMINADA"
+unload_unsaved  = "                 ¡Los cambios no guardados se perderán!"
+confirm_reset   = "¿Reiniciar el archivo y descartar cambios no guardados?"
+
+OFCMS_requires  = "OneFileCMS necesita PHP5. Probado en las versiones 5.2.8, 5.3.3 & 5.4.3."
+
+logout_msg       = "Has cerrado la sesión satisfactoriamente."
+folder_del_msg   = "Carpeta no vacía.   Las carpetas debe estar vacías antes de poder eliminarse."
+upload_error_01a = "Eror de subida.  Total de datos POST (mayormente el peso del archivo) excedido post_max_size ="
+upload_error_01b = "(desde php.ini)"
+edit_caution_01  = "PRECAUCIÓN"
+edit_caution_02  = "Estás editando la copia activa de OneFileCMS - ¡HACÉ UNA COPIA DE SEGURIDAD Y TENÉ CUIDADO!"
+
+time_out_txt = "Tiempo de Espera de Sesión Agotado:"

From 61758cce0547445ee2170ac070286d72f7a9dcad Mon Sep 17 00:00:00 2001
From: David <selfevidenttruths@mail.com>
Date: Sun, 22 Jul 2012 19:35:01 -0400
Subject: [PATCH 113/228] Version 3.3.04 Edit_Page... : detect & display file
 encoding (ASCII, UTF-8, etc...) for editable file types.  (If not ASCII or
 UTF-8, convert to UTF-8 ??) Created Load_Language() and moved appropriate
 logic there. Created Respongd_to_POST() and moved appropriate logic there.
 Converted some missed text to a $_[] lanaguage string. Added notes to section
 that processes external config file regarding security.

---
 OneFileCMS_structure.txt |  15 ++--
 onefilecms.php           | 150 ++++++++++++++++++++++++++-------------
 readme.markdown          |  30 ++++++--
 3 files changed, 132 insertions(+), 63 deletions(-)

diff --git a/OneFileCMS_structure.txt b/OneFileCMS_structure.txt
index 7b41938..9ffc000 100755
--- a/OneFileCMS_structure.txt
+++ b/OneFileCMS_structure.txt
@@ -1,3 +1,5 @@
+Version 3.3.04
+
 LICENSE
 
 SOME BASIC SECURITY & ERROR LOG SETTINGS
@@ -8,12 +10,11 @@ GET EXTERNAL CONFIG (if exists)
 
 OTHER GLOBAL VALUES
 
-LANGUAGE SETTINGS
-
 MISC FUNCTIONS:
 	hsc()
 	hte()
-	Load_Default_Language()
+	Default_Language()
+	Load_Language()
 	Session_Startup()
 	Verify_IDLE_POST_etc()
 	hashit()
@@ -80,6 +81,7 @@ PAGE & RESPONSE FUNCTIONS:
 	Delete_Folder_response() 
 	Page_Title()
 	Load_Selected_Page()
+	Respond_to_POST()
 
 JAVASCRIPT & STYLESHEET FUNCTIONS:
 	Timer_scripts()
@@ -89,12 +91,11 @@ JAVASCRIPT & STYLESHEET FUNCTIONS:
 
 LOGIC TO DETERMINE PAGE ACTION
 	Verify good PHP version
-	Get language settings
+	Call Load_Language()
 	Call Session_Startup()
 	Call Get_GET()
 	Call Init_Macros()
-	If VALID_POST 
-		Do $_POST['someaction'] (<someaction>_response)
-	Validate $page to show
+	Call Respond_to_POST()
+	Validate $page & $filename to show
 
 GENERATE/OUTPUT <HTML>...  
diff --git a/onefilecms.php b/onefilecms.php
index 648aa4f..14872d5 100755
--- a/onefilecms.php
+++ b/onefilecms.php
@@ -1,7 +1,7 @@
 <?php 
 // OneFileCMS - github.com/Self-Evident/OneFileCMS
 
-$version = '3.3.03';  //#####
+$version = 'Version 3.3.04';
 
 /*******************************************************************************
 Copyright © 2009-2012 https://github.com/rocktronica
@@ -55,12 +55,15 @@
 $SALT     = 'somerandomsalt';
 
 $LANGUAGE = "OneFileCMS.LANG.EN.ini"; //Filename of language settings. Leave blank for built-in default.
-
+									  //If file is not found, built-in default will be used.
 $MAX_ATTEMPTS  = 3;   //Max failed login attempts before LOGIN_DELAY starts.
 $LOGIN_DELAY   = 10;  //In seconds.
 $MAX_IDLE_TIME = 600; //In seconds. 600 = 10 minutes.  Other PHP settings may limit its max effective value.
 					  //  For instance, 24 minutes is the PHP default for garbage collection.
 
+$MAIN_WIDTH    = '810px'; //Width of main <div> defining page layout.
+$WIDE_VIEW_WIDTH = '97%'; //Width to set Edit page if [Wide View] is clicked
+
 $MAX_IMG_W   = 810;  // Max width to display images. (page container = 810)
 $MAX_IMG_H   = 1000; // Max height.  I don't know, it just looks reasonable.
 
@@ -81,19 +84,27 @@
 $config_ftypes = "bin,jpg,gif,png,bmp,ico,svg,txt,cvs,css,php,ini,cfg,conf,asp,js ,htm,html"; // _ftype & _fclass must have same
 $config_fclass = "bin,img,img,img,img,img,svg,txt,txt,css,php,txt,cfg,cfg ,txt,txt,htm,htm";  // number of values. bin is default.
 
-$MAIN_WIDTH    = '810px'; //Width of main <div> defining page layout.
-$WIDE_VIEW_WIDTH = '97%'; //Width to set Edit page if [Wide View] is clicked
 $EX = '<b>( ! )</b> '; //EXclaimation point "icon" Used in $message's
 
 $SESSION_NAME = 'OFCMS'; //Also the cookie name. Change if using multiple copies of OneFileCMS.
 
-$config_file = 'ofcms.ini'; //External config file, if there is one.
+$config_file = 'OFCMS_config.php'; //External config file, if there is one.
 // End CONFIGURABLE INFO *******************************************************
 
 
 
 
-// PROCESS CONFIGURATION FILE **************************************************
+//* PROCESS CONFIGURATION FILE **************************************************
+/*
+  If an external config file is used to store your password and/or hash, make sure
+  to save the file with php as the extension, and begin the file as follows:
+
+;<?php die();
+
+  Otherwise, the file - along with your password, is world readable.
+  For details, see the php documentation and comments on parse_ini_file()
+*/
+
 # Check for an external configuration file:
 if (is_file($config_file)) {
 	# Parse file
@@ -167,7 +178,7 @@ function hte($input) { return htmlentities($input); }//end hte()****************
 
 
 function Default_Language() { // ***********************************************
-	return(' 
+	return('
 ;// OneFileCMS Language Settings
 
 LANGUAGE = "English (default)"
@@ -207,7 +218,9 @@ function Default_Language() { // ***********************************************
 
 Log_In  = "Log In"
 Log_Out = "Log Out"
+
 Hash    = "Hash"
+pass_to_hash  = "Password to hash:"
 Generate_Hash = "Generate Hash"
 
 save_1      = "Save"
@@ -380,7 +393,7 @@ function Default_Language() { // ***********************************************
 unload_unsaved  = "               Unsaved changes will be lost!"
 confirm_reset   = "Reset file and loose unsaved changes?"
 
-OFCMS_requires  = "OneFileCMS requires PHP5. Tested on versions 5.2.8, 5.3.3 & 5.4.3."
+OFCMS_requires  = "OneFileCMS requires PHP5. Tested on versions 5.2.8, 5.3.3 & 5.4.4."
 
 logout_msg       = "You have successfully logged out."
 folder_del_msg   = "Folder not empty.   Folders must be empty before they can be deleted."
@@ -390,13 +403,47 @@ function Default_Language() { // ***********************************************
 edit_caution_02  = "You are editing the active copy of OneFileCMS - BACK IT UP & BE CAREFUL !!"
 
 time_out_txt = "Session time out in:"
-	');
+	');//end of return();
 }//end Default_Language() ******************************************************
 
 
 
 
-function Session_Startup() {//**************************************************
+function Load_Language() { //***************************************************
+	global $_, $LANGUAGE;
+
+	// Load Default Language settings
+	if ( function_exists('parse_ini_string') ) {  //only available since php 5.3
+		$_ = parse_ini_string( Default_Language() );
+
+	} else {
+		$tmpfile = basename($_SERVER["SCRIPT_NAME"]).'.DEFAULT_LANG.INI';
+		file_put_contents( $tmpfile, Default_Language() );
+		$_ = parse_ini_file( $tmpfile );
+		unlink($tmpfile);
+	}//end Load Default Language settings
+
+
+	//If specified in config, check for & load external $LANGUAGE settings
+	if ( is_file($LANGUAGE) ) {
+
+		$_TEMP = parse_ini_file($LANGUAGE); //Use a temp array for external values
+
+		//check for any missing settings & use values from default
+		foreach($_ as $key => $value) {
+			if ( !isset($_TEMP[$key]) ) { $_TEMP[$key] = $_[$key]; }
+		}
+		$_ = $_TEMP;  //Switch from default settings to corrected file settings
+	
+		unset($_TEMP);
+	}//end load external language settings
+
+}//end Load_Language(){} //*****************************************************
+
+
+
+
+function Session_Startup() { //*************************************************
 	global $USERNAME, $PASSWORD, $USE_HASH, $HASHWORD, $page, $VALID_POST, $MAX_IDLE_TIME, $SESSION_NAME, $message;
 
 	$limit    = 0; //0 = session.  
@@ -931,7 +978,7 @@ function Hash_Page() { //******************************************************
 	
 	<form id="hash" name="hash" method="post" action="<?php echo $ONESCRIPT.$param1.'&amp;p=hash'; ?>">
 		<?php echo $INPUT_NUONCE; ?>
-		Password to hash:
+		<?php echo $_['pass_to_hash'] ?>
 		<input type="text" name="whattohash" id="whattohash" value="<?php echo hsc($_POST["whattohash"]) ?>">
 		<?php Cancel_Submit_Buttons(hsc($_['Generate_Hash']), 'whattohash') ?>
  		<a class="button edit_onefile" href="<?php echo $ONESCRIPT.$params; ?>" ><?php echo hsc($_['Edit']).' '.$config_title ?></a>
@@ -1122,7 +1169,7 @@ function Index_Page(){ //*******************************************************
 
 
 
-function Edit_Page_buttons_top($text_editable){ //******************************
+function Edit_Page_buttons_top($text_editable,$file_ENC){ //***********
 	global $_, $ONESCRIPT, $param1, $filename;
 ?>
 	<div class="edit_btns_top">
@@ -1131,7 +1178,8 @@ function Edit_Page_buttons_top($text_editable){ //******************************
 				<?php echo hsc($_['meta_txt_01']).' '.number_format(filesize($filename)).' '.hsc($_['meta_txt_02']); ?>
 			</span>	&nbsp;
 			<span class="file_time">
-				<?php echo hsc($_['meta_txt_03']) ?> <script>FileTimeStamp(<?php echo filemtime($filename); ?>, 1, 1);</script>
+				<?php echo hsc($_['meta_txt_03']).'<script>FileTimeStamp('.filemtime($filename).', 1, 1);</script>'; ?>
+				<?php echo '&nbsp; '.$file_ENC; ?>
 			</span><br>
 		</div>
 
@@ -1181,7 +1229,7 @@ function Edit_Page_buttons($text_editable, $too_large_to_edit) { //*************
 
 //******************************************************************************
 function Edit_Page_form($ext, $text_editable, $too_large_to_edit, $too_large_to_edit_message){ 
-	global $_, $ONESCRIPT, $param1, $param2, $param3, $filename, $itypes, $INPUT_NUONCE, $EX, $message, $MAX_IDLE_TIME;
+	global $_, $ONESCRIPT, $param1, $param2, $param3, $filename, $itypes, $INPUT_NUONCE, $EX,  $raw_contents;
 ?>
 	<form id="edit_form" name="edit_form" method="post" action="<?php echo $ONESCRIPT.$param1.$param2.$param3 ?>">
 		<?php echo $INPUT_NUONCE; ?>
@@ -1196,9 +1244,9 @@ function Edit_Page_form($ext, $text_editable, $too_large_to_edit, $too_large_to_
 
 			}else{
 				if (PHP_VERSION_ID  < 50400) {  // 5.4.0
-					$filecontents = hsc(file_get_contents($filename));
+					$filecontents = hsc($raw_contents);
 				}else{
-					$filecontents = htmlspecialchars(file_get_contents($filename),ENT_SUBSTITUTE | ENT_QUOTES, 'UTF-8');
+					$filecontents = htmlspecialchars($raw_contents,ENT_SUBSTITUTE | ENT_QUOTES, 'UTF-8');
 				}
 				$bad_chars = ($filecontents == "" && filesize($filename) > 0);
 
@@ -1250,7 +1298,7 @@ function Edit_Page_Notes() { //*************************************************
 
 
 function Edit_Page() { //*******************************************************
-	global $_, $ONESCRIPT, $param1, $filename, $filecontents, $etypes, $itypes, $MAX_EDIT_SIZE, $MAX_VIEW_SIZE;
+	global $_, $ONESCRIPT, $param1, $filename, $filecontents, $etypes, $itypes, $MAX_EDIT_SIZE, $MAX_VIEW_SIZE, $raw_contents;
 	clearstatcache ();
 
 	//Determine if text editable file type
@@ -1260,7 +1308,15 @@ function Edit_Page() { //*******************************************************
 	
 	$too_large_to_edit = (filesize($filename) > $MAX_EDIT_SIZE);
 	$too_large_to_view = (filesize($filename) > $MAX_VIEW_SIZE);
-	
+
+	if ($text_editable && !$too_large_to_view) {
+		$raw_contents = file_get_contents($filename);
+		$file_ENC = mb_detect_encoding($raw_contents); //ASCII, UTF-8, etc...
+	}else{
+		$file_ENC = ""; 
+		$raw_contents = "";
+	}
+
 	if ( $too_large_to_edit ) { $header2 = hsc($_['edit_h2_1']); }
 	else                      { $header2 = hsc($_['edit_h2_2']); }
 
@@ -1276,7 +1332,7 @@ function Edit_Page() { //*******************************************************
 	echo '<a class="filename" href="/'.URLencode_path($filename).'" target="_blank">'.hte(basename($filename)).'</a>';
 	echo '</h2>'.PHP_EOL;
 
-	Edit_Page_buttons_top($text_editable);
+	Edit_Page_buttons_top($text_editable, $file_ENC);
 
 	Edit_Page_form($ext, $text_editable, $too_large_to_edit, $too_large_to_edit_message);
 	
@@ -1675,6 +1731,27 @@ function Load_Selected_Page(){ //***********************************************
 
 
 
+function Respond_to_POST() {//**************************************************
+	global $_, $VALID_POST;
+
+	if ($VALID_POST) { 
+		if     (isset($_FILES['upload_file']['name'])) { Upload_response(); }
+		elseif (isset($_POST["whattohash"]   )) { Hash_response();          }
+		elseif (isset($_POST["filename"]     )) { Edit_response();          }
+		elseif (isset($_POST["new_file"]     )) { New_File_response();      }
+		elseif (isset($_POST["copy_file"]    )) { Copy_Ren_Move_response($_POST[ "old_name"], $_POST["copy_file"], 'copy', hsc($_['Copy']), hsc($_['Copied']), 1); } 
+		elseif (isset($_POST["rename_file"]  )) { Copy_Ren_Move_response($_POST[ "old_name"], $_POST["rename_file"],   'rename', hsc($_['Ren_Move']), hsc($_['Ren_Moved']), 1); } 
+		elseif (isset($_POST["delete_file"]  )) { Delete_File_response();   }
+		elseif (isset($_POST["new_folder"]   )) { New_Folder_response();    }
+		elseif (isset($_POST["rename_folder"])) { Copy_Ren_Move_response($_POST[ "old_name"], $_POST["rename_folder"], 'rename', hsc($_['Ren_Move']), hsc($_['Ren_Moved']), 0); } 
+		elseif (isset($_POST["delete_folder"])) { Delete_Folder_response(); }
+	}//end if ($VALID_POST) 
+
+}//end Respond_to_POST() *******************************************************
+
+
+
+
 function Timer_scripts() { //***************************************************
 	global $_, $page;
 	
@@ -2287,24 +2364,10 @@ function style_sheet(){ //******************************************************
 //Begin logic to determine page action
 
 
-//If OneFileCMS is found to work on earlier PHP versions, please let the author know. Thank you.
+//Require PHP5.  Earliest test version the author has is 5.2.8
 if( PHP_VERSION_ID < 50000 ) { exit( hsc($_['OFCMS_requires']) ); }
 
-
-// Load language settings
-if ( is_file($LANGUAGE) ) {
-	$_ = parse_ini_file($LANGUAGE);
-
-} elseif ( function_exists('parse_ini_string') ) {  //only available since php 5.3
-	$_ = parse_ini_string( Default_Language() );
-
-} else {
-	$tmpfile = basename($_SERVER["SCRIPT_NAME"]).'.DEFAULT_LANG.INI';
-	file_put_contents( $tmpfile, Default_Language() );
-	$_ = parse_ini_file( $tmpfile );
-	unlink($tmpfile);
-}//end Load language settings
-	
+Load_Language();
 
 Session_Startup();
 
@@ -2316,20 +2379,7 @@ function style_sheet(){ //******************************************************
 
 	Init_Macros();
 
-	if ($VALID_POST) { //*******************************************************
-		if     (isset($_FILES['upload_file']['name'])) { Upload_response(); }
-		elseif (isset($_POST["whattohash"]   )) { Hash_response();          }
-		elseif (isset($_POST["filename"]     )) { Edit_response();          }
-		elseif (isset($_POST["new_file"]     )) { New_File_response();      }
-		elseif (isset($_POST["copy_file"]    )) { Copy_Ren_Move_response($_POST[ "old_name"], $_POST["copy_file"], 'copy', hsc($_['Copy']), hsc($_['Copied']), 1); } 
-		elseif (isset($_POST["rename_file"]  )) { Copy_Ren_Move_response($_POST[ "old_name"], $_POST["rename_file"],   'rename', hsc($_['Ren_Move']), hsc($_['Ren_Moved']), 1); } 
-		elseif (isset($_POST["delete_file"]  )) { Delete_File_response();   }
-		elseif (isset($_POST["new_folder"]   )) { New_Folder_response();    }
-		elseif (isset($_POST["rename_folder"])) { Copy_Ren_Move_response($_POST[ "old_name"], $_POST["rename_folder"], 'rename', hsc($_['Ren_Move']), hsc($_['Ren_Moved']), 0); } 
-		elseif (isset($_POST["delete_folder"])) { Delete_Folder_response(); }
-	}//end if ($VALID_POST) ****************************************************
-
-
+	Respond_to_POST();
 
 	//*** Verify valid $page and/or $filename **********************************
 
@@ -2414,7 +2464,7 @@ function style_sheet(){ //******************************************************
 if ( $page != "login" ) { 
 	echo '<hr>';
 	echo Timeout_Timer($MAX_IDLE_TIME, 'timer0', 'timer timeout', 'LOGOUT');
-	echo '<span class="timeout">'.hsc($_['time_out_txt']).' </span>';
+	echo '<span class="timeout">'.hsc($_['time_out_txt']).'&nbsp; </span>';
 }
 
 //Admin link
diff --git a/readme.markdown b/readme.markdown
index 9f0c297..037831e 100755
--- a/readme.markdown
+++ b/readme.markdown
@@ -1,15 +1,27 @@
-# Current stable version: 3.3.02
+# Current stable version: 3.3.04
 
-### July 20, 2012
+### July 21, 2012
 
-Just a couple minor improvments:  
-- "Wide View" option on Edit page now persists across saves
-- Hopefully improved handling of language files.  Kinda' like "online security", "multi-language support" is a nebulous and a bit finicky.
+#### Security issue if using external .ini config file for password storage  
+If an external config file is used to store your password and/or hash, make sure to save the file with php as the extension, and begin the file as follows:  
+  
+;<?php die();  
   
+Otherwise, the file - along with your password, is world readable. For details, see the php documentation and comments on parse_ini_file().
+
+
+#### Language files
+
+- Thanks to [fermuch](http://github.com/fermuch) for the Spanish language file!  
 - And, thanks again to [codeless](http://github.com/codeless) for the German language file!
 
 
+#### A couple of recent minor improvments:  
+- "Wide View" option on Edit page now persists across saves
+- Hopefully improved handling of language files.  Kinda' like "online security", "multi-language support" is a nebulous and a bit finicky.
+
 
+  
 --------------------------------------------------------------------------------
 
 # OneFileCMS
@@ -79,7 +91,7 @@ Well, because "OneFileFileManagerTextEditor" just doesn't have the same ring to
 
 ### Multi-Language Support?
 
-Yes!  (But only English, Spanish and German is available so far...)
+Yes!  (But only English and German are available so far. (Spanish cominmg soon!) )
 
 ### Can I have more than one username/password?
 
@@ -146,6 +158,12 @@ GENERATE/OUTPUT THE PAGE
 
 ## Change Log
 
+### 
+
+- Added Spanish language file courtesy of [fermuch](https//github.com/fermuch).
+- Some misc code improvements.
+- Added notes regarding using .ini file for password storage.
+
 ### 3.3.03
 
 - "Wide View" option on Edit page now persists across saves.

From c1a3b64906d88d32dce30a2db99914385b9847e0 Mon Sep 17 00:00:00 2001
From: David <selfevidenttruths@mail.com>
Date: Tue, 24 Jul 2012 16:44:57 -0400
Subject: [PATCH 114/228] English langauge file (default) Version 3.3.05 Added
 a few settings to adjust some css values if needed.

---
 OneFileCMS.LANG.EN.ini | 15 ++++++++++++++-
 1 file changed, 14 insertions(+), 1 deletion(-)

diff --git a/OneFileCMS.LANG.EN.ini b/OneFileCMS.LANG.EN.ini
index 7acb2b2..e11e4f4 100755
--- a/OneFileCMS.LANG.EN.ini
+++ b/OneFileCMS.LANG.EN.ini
@@ -1,5 +1,5 @@
 ;///////////////////////////////////////////////////////////////////////////////
-;// OneFileCMS Language Settings v3.3.04
+;// OneFileCMS Language Settings v3.3.05
 
 LANGUAGE = "English"
 
@@ -13,6 +13,19 @@ LANGUAGE = "English"
 ;// And, for any values used directly in Default_Language() in onefilecms.php,
 ;// single quotes must also be escaped:   \'
 
+
+;// In some instances, some langauges may use significantly longer words or phrases than others.
+;// So, a smaller font or less spacing may be desirable in those places to preserve page layout.
+;//
+front_links_font_size =  "1em"; //Buttons on Index page.
+front_links_margin_r  =  "1em";
+button_font_size      = ".9em"; //Buttons on Edit page.
+button_margin_L       = ".5em";
+button_padding        = "4px 10px";
+image_info_font_size  =  "1em"; //show_img_msg_01 & _02 
+image_info_pos        = ""; //If 1 or true, moves the info down a line for more space.
+
+
 Upload_File = "Upload File"
 New_File    = "New File"
 Ren_Move    = "Rename/Move"

From 8cd5e982b3d716c181fd5a603a37ae783d80e2f6 Mon Sep 17 00:00:00 2001
From: David <selfevidenttruths@mail.com>
Date: Tue, 24 Jul 2012 16:47:04 -0400
Subject: [PATCH 115/228] German langauge file Version 3.3.05 Added a few
 settings to adjust some css values if needed.

---
 OneFileCMS.LANG.DE.ini | 15 ++++++++++++++-
 1 file changed, 14 insertions(+), 1 deletion(-)

diff --git a/OneFileCMS.LANG.DE.ini b/OneFileCMS.LANG.DE.ini
index 4cfa2f4..b24448b 100755
--- a/OneFileCMS.LANG.DE.ini
+++ b/OneFileCMS.LANG.DE.ini
@@ -1,5 +1,5 @@
 ;///////////////////////////////////////////////////////////////////////////////
-;// OneFileCMS Language Settings v3.3.04
+;// OneFileCMS Language Settings v3.3.05
 
 LANGUAGE = "German"
 
@@ -13,6 +13,19 @@ LANGUAGE = "German"
 ;button: knopf
 ;Anrede: Sie
 
+
+;// In some instances, some langauges may use significantly longer words or phrases than others.
+;// So, a smaller font or less spacing may be desirable in those places to preserve page layout.
+;//
+front_links_font_size = ".9em"; //Buttons on Index page.
+front_links_margin_R  = ".5em";
+button_font_size      = ".7em"; //Buttons on Edit page.
+button_margin_L       = ".5em";
+button_padding        = "4px 5px";
+image_info_font_size  = ".95em"; //show_img_msg_01 & _02 
+image_info_pos        = "1"; //If 1 or true, moves the info down a line for more space.
+
+
 Upload_File = "Datei heraufladen"
 New_File    = "Datei erstellen"
 Ren_Move    = "Umbenennen/Verschieben"

From d8359ec9755fdfa2d24c0abc29adc77ab34bd21b Mon Sep 17 00:00:00 2001
From: David <selfevidenttruths@mail.com>
Date: Tue, 24 Jul 2012 16:47:56 -0400
Subject: [PATCH 116/228] Spanish langauge file Version 3.3.05 Added a few
 settings to adjust some css values if needed.

---
 OneFileCMS.LANG.ES.ini | 15 ++++++++++++++-
 1 file changed, 14 insertions(+), 1 deletion(-)

diff --git a/OneFileCMS.LANG.ES.ini b/OneFileCMS.LANG.ES.ini
index a9051bf..027bf27 100755
--- a/OneFileCMS.LANG.ES.ini
+++ b/OneFileCMS.LANG.ES.ini
@@ -1,5 +1,5 @@
 ;///////////////////////////////////////////////////////////////////////////////
-;// OneFileCMS Language Settings v3.3.04
+;// OneFileCMS Language Settings v3.3.05
 
 LANGUAGE = "Spanish"
 
@@ -13,6 +13,19 @@ LANGUAGE = "Spanish"
 ;// And, for any values used directly in Default_Language() in onefilecms.php,
 ;// single quotes must also be escaped:   \'
 
+
+;// In some instances, some langauges may use significantly longer words or phrases than others.
+;// So, a smaller font or less spacing may be desirable in those places to preserve page layout.
+;//
+front_links_font_size =  "1em";  //Buttons on Index page.
+front_links_margin_R  = ".5em";
+button_font_size      = ".9em";  //Buttons on Edit page.
+button_margin_L       = ".4em";
+button_padding        = "4px 5px";
+image_info_font_size  = ".95em"; //show_img_msg_01 & _02 
+image_info_pos        = ""; //If 1 or true, moves the info down a line for more space.
+
+
 Upload_File = "Subir Archivo"
 New_File    = "Archivo Nuevo"
 Ren_Move    = "Renombrar/Mover"

From 30b46367a0ba5e477d5b5e5d6951d300f9973f8e Mon Sep 17 00:00:00 2001
From: David <selfevidenttruths@mail.com>
Date: Tue, 24 Jul 2012 16:56:21 -0400
Subject: [PATCH 117/228] Version 3.3.05 Changed $LANGUAGE to $LANGUAGE_FILE. 
 Seems more precise to what it is. Added a few $_[] langauge settings for
 adjusting some font sizing & spacing.   (Occasionally, some languages may use
 longer words or phrases than others.) $_['pass_to_hash'] & $_['reset'] needed
 wrapped in hsc(); Removed name attribute from [Cancel] button - it was not
 used. show_image(): Simplified logic to determine image scale. Improved a
 couple lines of code to pass "E_STRICT", even tho they worked fine before.
 Added addslashes() to echo of $timeout_warning. In Edit_Page_scripts(),
 tweaked code to determine edit_view width.

---
 onefilecms.php | 163 +++++++++++++++++++++++++++++++++----------------
 1 file changed, 112 insertions(+), 51 deletions(-)

diff --git a/onefilecms.php b/onefilecms.php
index 14872d5..c6d0579 100755
--- a/onefilecms.php
+++ b/onefilecms.php
@@ -1,7 +1,7 @@
 <?php 
 // OneFileCMS - github.com/Self-Evident/OneFileCMS
 
-$version = 'Version 3.3.04';
+$version = 'Version 3.3.05';
 
 /*******************************************************************************
 Copyright © 2009-2012 https://github.com/rocktronica
@@ -34,10 +34,10 @@
 //Some basic security & error log settings
 ini_set('session.use_trans_sid', 0);    //make sure URL supplied SESSID's are not used
 ini_set('session.use_only_cookies', 1); //make sure URL supplied SESSID's are not used
-error_reporting(0); //0 for none, or (E_ALL &~ E_STRICT) to display and/or log errors.
-ini_set('display_errors', 'off'); //Only turn on for trouble-shooting.
-ini_set('log_errors'    , 'off'); //Only turn on for trouble-shooting.
-ini_set('error_log'     , $_SERVER['SCRIPT_FILENAME'].'.log');
+error_reporting(0); //0 for none, or (E_ALL &~ E_STRICT) for trouble-shooting.
+ini_set('display_errors', 'off');         //Only turn on for trouble-shooting.
+ini_set('log_errors'    , 'off');         //Only turn on for trouble-shooting.
+ini_set('error_log'     , $_SERVER['SCRIPT_FILENAME'].'.ERROR.log');
 //Determine good folder for session file? Default is tmp/, which is not secure, but it may not be a serious concern. 
 //session_save_path($safepath)  or  ini_set('session.save_path', $safepath)
 
@@ -54,8 +54,9 @@
 $HASHWORD = 'c3e70af96ab1bfc5669280e98b438e1a8c08ca5e0bb3354c05ceaa6f339fd3f6'; //hash for "password"
 $SALT     = 'somerandomsalt';
 
-$LANGUAGE = "OneFileCMS.LANG.EN.ini"; //Filename of language settings. Leave blank for built-in default.
-									  //If file is not found, built-in default will be used.
+$LANGUAGE_FILE = "OneFileCMS.LANG.EN.ini"; //Filename of language settings. Leave blank for built-in default.
+									       //If file is not found, built-in default will be used.
+
 $MAX_ATTEMPTS  = 3;   //Max failed login attempts before LOGIN_DELAY starts.
 $LOGIN_DELAY   = 10;  //In seconds.
 $MAX_IDLE_TIME = 600; //In seconds. 600 = 10 minutes.  Other PHP settings may limit its max effective value.
@@ -193,6 +194,19 @@ function Default_Language() { // ***********************************************
 ;// And, for any values used directly in Default_Language() in onefilecms.php,
 ;// single quotes must also be escaped:   \'
 
+
+;// In some instances, some langauges may use significantly longer words or phrases than others.
+;// So, a smaller font or less spacing may be desirable in those places to preserve page layout.
+;//
+front_links_font_size =  "1em"; //Buttons on Index page.
+front_links_margin_R  =  "1em";
+button_font_size      = ".9em"; //Buttons on Edit page.
+button_margin_L       = ".5em";
+button_padding        = "4px 10px";
+image_info_font_size  =  "1em"; //show_img_msg_01 & _02 
+image_info_pos        = ""; //If 1 or true, moves the info down a line for more space.
+
+
 Upload_File = "Upload File"
 New_File    = "New File"
 Ren_Move    = "Rename/Move"
@@ -410,7 +424,7 @@ function Default_Language() { // ***********************************************
 
 
 function Load_Language() { //***************************************************
-	global $_, $LANGUAGE;
+	global $_, $LANGUAGE_FILE;
 
 	// Load Default Language settings
 	if ( function_exists('parse_ini_string') ) {  //only available since php 5.3
@@ -424,10 +438,10 @@ function Load_Language() { //***************************************************
 	}//end Load Default Language settings
 
 
-	//If specified in config, check for & load external $LANGUAGE settings
-	if ( is_file($LANGUAGE) ) {
+	//If specified in config, check for & load external $LANGUAGE_FILE settings
+	if ( is_file($LANGUAGE_FILE) ) {
 
-		$_TEMP = parse_ini_file($LANGUAGE); //Use a temp array for external values
+		$_TEMP = parse_ini_file($LANGUAGE_FILE); //Use a temp array for external values
 
 		//check for any missing settings & use values from default
 		foreach($_ as $key => $value) {
@@ -437,7 +451,6 @@ function Load_Language() { //***************************************************
 	
 		unset($_TEMP);
 	}//end load external language settings
-
 }//end Load_Language(){} //*****************************************************
 
 
@@ -479,7 +492,7 @@ function Session_Startup() { //*************************************************
 function Verify_IDLE_POST_etc() { //********************************************
 	global $_, $EX, $message, $VALID_POST, $MAX_IDLE_TIME;
 
-	//Verify consistant user agent... (every little bit helps a little bit) 
+	//Verify consistant user agent... (every little bit helps every little bit) 
 	if ( ($_SESSION['USER_AGENT'] != $_SERVER['HTTP_USER_AGENT']) ) { Logout(); }
 
 	//Check idle time
@@ -497,8 +510,8 @@ function Verify_IDLE_POST_etc() { //********************************************
 	if ( isset($_POST['nuonce']) ) { 
 		if ( $_POST['nuonce'] == $_SESSION['nuonce'] ) {
 			$VALID_POST = 1;
-		}else{
-			Logout(); //If it exists, but doesn't match - something's wrong.
+		}else{ //If it exists but doesn't match - something's wrong.
+			Logout();
 			$message .= $EX.'<b>'.hsc($_['verify_msg_02']).'</b><br>';
 		}
 	}
@@ -723,7 +736,7 @@ function Cancel_Submit_Buttons($submit_label, $focus) { //**********************
 	if ($filename == "") {$params = "";}else{ $params = $param2.'&amp;p=edit'; }
 ?>
 	<p> 
-	<input type="button" class="button" id="cancel" name="cancel" value="<?php echo hsc($_['Cancel']) ?>"
+	<input type="button" class="button" id="cancel" value="<?php echo hsc($_['Cancel']) ?>"
 		onclick="parent.location = '<?php echo $ONESCRIPT.$param1.$params ?>'">
 	<input type="submit" class="button" value="<?php echo $submit_label;?>" style="margin-left: 1.3em;">
 <?php 
@@ -741,22 +754,23 @@ function show_image(){ //*******************************************************
 	$img_info = getimagesize($IMG);
 
 	$W=0; $H=1; //indexes for $img_info[]
-	$SCALE = 1; $TOOWIDE = 0; $TOOHIGH = 0;
-	if ($img_info[$W] > $MAX_IMG_W) { $TOOWIDE = ( $MAX_IMG_W/$img_info[$W] );}
-	if ($img_info[$H] > $MAX_IMG_H) { $TOOHIGH = ( $MAX_IMG_H/$img_info[$H] );}
+	$SCALE = 1; $SCALE_W = 1; $SCALE_H = 1;
+	if ($img_info[$W] > $MAX_IMG_W) { $SCALE_W = ( $MAX_IMG_W/$img_info[$W] );}
+	if ($img_info[$H] > $MAX_IMG_H) { $SCALE_H = ( $MAX_IMG_H/$img_info[$H] );}
 	
-	if ($TOOHIGH || $TOOWIDE) {
-		if     (!$TOOWIDE)           {$SCALE = $TOOHIGH;}
-		elseif (!$TOOHIGH)           {$SCALE = $TOOWIDE;}
-		elseif ($TOOHIGH > $TOOWIDE) {$SCALE = $TOOWIDE;} //ex: if (.90 > .50)
-		else                         {$SCALE = $TOOHIGH;}
-	}
+	//Set $SCALE to the more restrictive scale.
+	if   ( $SCALE_W > $SCALE_H ) { $SCALE = $SCALE_H; } //ex: if (.90 > .50)
+	else                         { $SCALE = $SCALE_W; } //If _H >= _W, or both are 1
 
-	echo '<p>';
-	echo hsc($_['show_img_msg_01']).round($SCALE*100).hsc($_['show_img_msg_02']).' '.$img_info[0].' x '.$img_info[1].').</p>';
+	//For languages with longer words that don't fit next to [Wide] & [Close] buttons.
+	if ($_['image_info_pos']){ echo '<div style="clear:both"></div>'.PHP_EOL; }
+
+	echo '<p class="image_info">';
+	echo hsc($_['show_img_msg_01']).round($SCALE*100).
+	hsc($_['show_img_msg_02']).' '.$img_info[0].' x '.$img_info[1].').</p>';
 	echo '<div style="clear:both"></div>'.PHP_EOL;
 	echo '<a href="/' .URLencode_path($IMG). '" target="_blank">'.PHP_EOL;
-	echo '<img src="/'.URLencode_path($IMG).'"  height="'.$img_info[$H]*$SCALE.'"></a>'.PHP_EOL;
+	echo '<img src="/'.URLencode_path($IMG).'"  height="'.($img_info[$H] * $SCALE).'"></a>'.PHP_EOL;
 }// end show_image() ***********************************************************
 
 
@@ -978,7 +992,7 @@ function Hash_Page() { //******************************************************
 	
 	<form id="hash" name="hash" method="post" action="<?php echo $ONESCRIPT.$param1.'&amp;p=hash'; ?>">
 		<?php echo $INPUT_NUONCE; ?>
-		<?php echo $_['pass_to_hash'] ?>
+		<?php echo hsc($_['pass_to_hash']) ?>
 		<input type="text" name="whattohash" id="whattohash" value="<?php echo hsc($_POST["whattohash"]) ?>">
 		<?php Cancel_Submit_Buttons(hsc($_['Generate_Hash']), 'whattohash') ?>
  		<a class="button edit_onefile" href="<?php echo $ONESCRIPT.$params; ?>" ><?php echo hsc($_['Edit']).' '.$config_title ?></a>
@@ -1115,7 +1129,8 @@ function List_Files() { // ...in a vertical table ******************************
 		if (in_array(basename($file), $excluded_list)) { $excluded = TRUE; };
 
 		//Get file type & check against $stypes (files types to show)
-		$ext = end( explode(".", strtolower($file)) );
+		$filename_parts = explode(".", strtolower($file));
+		$ext = end($filename_parts);
 		if ($SHOWALLFILES || in_array($ext, $stypes)) { $SHOWTYPE = TRUE; } else { $SHOWTYPE = FALSE; }
 		
 		if ( $SHOWTYPE && !is_dir($ipath.$file) && !$excluded ) {
@@ -1208,7 +1223,7 @@ function Edit_Page_buttons($text_editable, $too_large_to_edit) { //*************
 	<?php if ($text_editable && !$too_large_to_edit) { //Show save & reset only if editable file ?> 
 		<?php echo Timeout_Timer($MAX_IDLE_TIME, 'timer1','timer', 'LOGOUT'); ?>
 		<input type="submit" class="button" value="Save"                  onclick="submitted = true;" id="save_file">
-		<input type="button" class="button" value="<?php echo $_['reset']?>" onclick="Reset_File()"      id="reset">
+		<input type="button" class="button" value="<?php echo hsc($_['reset']) ?>" onclick="Reset_File()"      id="reset">
 		<script>
 			//Set disabled here instead of via input attribute in case js is disabled.
 			//If js is disabled, user would be unable to save changes.
@@ -1302,7 +1317,8 @@ function Edit_Page() { //*******************************************************
 	clearstatcache ();
 
 	//Determine if text editable file type
-	$ext = end( explode(".", strtolower($filename) ) );
+	$filename_parts = explode(".", strtolower($filename));
+	$ext = end($filename_parts);
 	if ( in_array($ext, $etypes) ) { $text_editable = TRUE;  }
 	else                           { $text_editable = FALSE; }
 	
@@ -1313,7 +1329,7 @@ function Edit_Page() { //*******************************************************
 		$raw_contents = file_get_contents($filename);
 		$file_ENC = mb_detect_encoding($raw_contents); //ASCII, UTF-8, etc...
 	}else{
-		$file_ENC = ""; 
+		$file_ENC     = ""; 
 		$raw_contents = "";
 	}
 
@@ -1781,7 +1797,7 @@ function Countdown(count, End_Time, Timer_ID, Timer_CLASS, Action){
 	Timer.innerHTML = FormatTime(count);
 
 	if ( (count < 120) && (Action != "") ) { //Two minute warning...
-		document.getElementById('message').innerHTML = "<?php echo $timeout_warning ?>";
+		document.getElementById('message').innerHTML = "<?php echo addslashes($timeout_warning) ?>";
 		Timer.style.backgroundColor = "white";
 		Timer.style.color = "red";
 		Timer.style.fontWeight = "900";
@@ -1865,12 +1881,11 @@ function Edit_Page_scripts() { //***********************************************
 	
 	//Determine edit_view width
 	$current_view = $MAIN_WIDTH;
-	if ( isset($_COOKIE['edit_view']) && 
-	   ( $_COOKIE['edit_view'] == $MAIN_WIDTH || $_COOKIE['edit_view'] == $WIDE_VIEW_WIDTH)) {
-
-		$current_view = $_COOKIE['edit_view'];
+	if ( isset($_COOKIE['edit_view']) ) {
+		if ( ($_COOKIE['edit_view'] == $MAIN_WIDTH) || ($_COOKIE['edit_view'] == $WIDE_VIEW_WIDTH) ) {
+			$current_view = $_COOKIE['edit_view'];
+		}
 	}
-	
 ?>
 	<!--======== Provide feedback re: unsaved changes ========-->
 	<script>
@@ -2005,7 +2020,7 @@ function Reset_File() {
 
 
 function style_sheet(){ //******************************************************
-global $MAIN_WIDTH;
+global $_, $MAIN_WIDTH;
 ?>
 <style>
 /* --- reset --- */
@@ -2169,8 +2184,8 @@ function style_sheet(){ //******************************************************
 	display: inline-block;
 	border : 1px solid #807568;
 	height      : 1em;
-	font-size   : 1em;
-	margin-right: 1em;
+	font-size   : <?php echo $_['front_links_font_size'] ?>; /*Default 1em */
+	margin-right: <?php echo $_['front_links_margin_R']  ?>; /*Default 1em */
 	padding     : 3px 5px 5px 4px; /*TRBL*/
 	background-color: #EEE;
 	}
@@ -2205,11 +2220,11 @@ function style_sheet(){ //******************************************************
 .buttons_right .button { margin-left: .5em; }
 
 .button {
-	border : 1px solid #807568;
-	padding: 4px 10px;
 	cursor : pointer;
-	color      : black;
-	font-size  : .9em;
+	border : 1px solid #807568;
+	color  : black;
+	padding    : <?php echo $_['button_padding']   ?>; /*Default 4px 10px */
+	font-size  : <?php echo $_['button_font_size'] ?>; /*Default .9em     */
 	font-family: sans-serif;
 	background-color: #EEE;  /*#d4d4d4*/
 	}
@@ -2267,7 +2282,7 @@ function style_sheet(){ //******************************************************
 
 #file_contents:focus { border: 1px solid #Fdd; }
 
-.file_meta	{ float: left; margin-top: .6em; font-size: .95em; color: #333; }
+.file_meta	{ float: left; margin-top: .6em; font-size: .95em; color: #222; }
 
 #edit_notes { font-size: .8em; color: #333 ;margin-top: 1em; clear:both; }
 
@@ -2332,7 +2347,7 @@ function style_sheet(){ //******************************************************
 
 #admin {padding: .3em;}
 
-.web_root { font:1em Courier; }
+.web_root { font: 1em Courier; }
 
 .icon {float: left; margin: 0 .3em 0 0;}
 
@@ -2346,12 +2361,14 @@ function style_sheet(){ //******************************************************
 
 .timer { border: 1px solid gray; padding: 3px .5em 4px .5em; }
 
-.timeout {float:right; font-size: .95em; color: #333; }
+.timeout { float:right; font-size: .95em; color: #333; }
 
 .edit_btns_top    { margin: .2em 0 .5em 0;}
 
+.image_info {color: #222; font-size: <?php echo $_['image_info_font_size'] ?> ;} /*Default is 1em*/
+
 .edit_btns_bottom { float: right; margin-bottom: .65em; }
-.edit_btns_bottom .button { margin-left: .5em; }
+.edit_btns_bottom .button { margin-left: <?php echo $_['button_margin_L'] ?>; } /*Default is .5em*/
 </style>
 <?php 
 }//end style_sheet() ***********************************************************
@@ -2375,7 +2392,7 @@ function style_sheet(){ //******************************************************
 
 	undo_magic_quotes();
 
-	Get_GET();  
+	Get_GET();
 
 	Init_Macros();
 
@@ -2436,6 +2453,50 @@ function style_sheet(){ //******************************************************
 </head>
 <body>
 
+
+
+
+<? //######################################################################## ?>
+<?php
+if ( (ini_get('display_errors') == 'on') ||
+	 (ini_get('log_errors') == 'on')     ||
+	 (error_reporting() != 0) )
+{
+	echo '<style>.E_BOX {color:red; font-size:.8em; font-weight: 900;'.
+		'border: 1px solid black; background-color: white;'.
+		'padding: 0 0 .2em .5em;'.
+	
+		'}</style>';
+	echo '<p class="E_BOX">';
+	echo 'Display errors is: '        .ini_get('display_errors').'. &nbsp; ';
+	echo 'Log errors is: '            .ini_get('log_errors')    .'. &nbsp; ';
+	//echo 'Error reporting is set to: '.error_reporting()        .'. &nbsp; ';
+
+	$E_level = error_reporting(); $spc = " &nbsp;  &nbsp; ";
+	if ( ($E_level &     1) ==     1 ) { $E_types  = 'E_ERROR'.$spc;            }
+	if ( ($E_level &     2) ==     2 ) { $E_types .= 'E_WARNING'.$spc;          }
+	if ( ($E_level &     4) ==     4 ) { $E_types .= 'E_PARSE'.$spc;            }
+	if ( ($E_level &     8) ==     8 ) { $E_types .= 'E_NOTICE'.$spc;           }
+	if ( ($E_level &    16) ==    16 ) { $E_types .= 'E_CORE_ERROR'.$spc;       }
+	if ( ($E_level &    32) ==    32 ) { $E_types .= 'E_CORE_WARNING'.$spc;     }
+	if ( ($E_level &    64) ==    64 ) { $E_types .= 'E_COMPILE_ERROR'.$spc;    }
+	if ( ($E_level &   128) ==   128 ) { $E_types .= 'E_COMPILE_WARNING'.$spc;  }
+	if ( ($E_level &   256) ==   256 ) { $E_types .= 'E_USER_ERROR'.$spc;       }
+	if ( ($E_level &   512) ==   512 ) { $E_types .= 'E_USER_WARNING'.$spc;     }
+	if ( ($E_level &  1024) ==  1024 ) { $E_types .= 'E_USER_NOTICE'.$spc;      }
+	if ( ($E_level &  2048) ==  2048 ) { $E_types .= 'E_STRICT'.$spc;           }
+	if ( ($E_level &  4096) ==  4096 ) { $E_types .= 'E_RECOVERABLE_ERROR'.$spc;}
+	if ( ($E_level &  8192) ==  8192 ) { $E_types .= 'E_DEPRECATED'.$spc;       }
+	if ( ($E_level & 16384) == 16384 ) { $E_types .= 'E_USER_DEPRECATED'.$spc;  }
+	echo '<span style="font-size: .8em;">'.$E_types.'</span>';
+	echo '</p>';
+}//end if
+?>
+<? //######################################################################## ?>
+
+
+
+
 <?php if ($page == "login"){ echo '<div id="main" class="login_page">'; }
       else                 { echo '<div id="main" class="container" >'; }
 ?>

From 6f84a0fe266b203fa2a2ad80bc1905d02e3fa553 Mon Sep 17 00:00:00 2001
From: David <selfevidenttruths@mail.com>
Date: Tue, 24 Jul 2012 17:10:45 -0400
Subject: [PATCH 118/228] Version 3.3.05 Updated readme

---
 readme.markdown | 17 ++++++++++++-----
 1 file changed, 12 insertions(+), 5 deletions(-)

diff --git a/readme.markdown b/readme.markdown
index 037831e..84d0e95 100755
--- a/readme.markdown
+++ b/readme.markdown
@@ -1,6 +1,6 @@
-# Current stable version: 3.3.04
+# Current stable version: 3.3.05
 
-### July 21, 2012
+### July 24, 2012
 
 #### Security issue if using external .ini config file for password storage  
 If an external config file is used to store your password and/or hash, make sure to save the file with php as the extension, and begin the file as follows:  
@@ -13,10 +13,12 @@ Otherwise, the file - along with your password, is world readable. For details,
 #### Language files
 
 - Thanks to [fermuch](http://github.com/fermuch) for the Spanish language file!  
-- And, thanks again to [codeless](http://github.com/codeless) for the German language file!
+- Thanks to [codeless](http://github.com/codeless) for the German language file!
 
 
-#### A couple of recent minor improvments:  
+#### Recent improvments:  
+- Added a few settings to the language files to adjust certain css values if needed.  
+  In some instances, some langauges may use significantly longer words or phrases than others.  So, a smaller font or less spacing may be desirable in those places to preserve page layout.  
 - "Wide View" option on Edit page now persists across saves
 - Hopefully improved handling of language files.  Kinda' like "online security", "multi-language support" is a nebulous and a bit finicky.
 
@@ -158,7 +160,12 @@ GENERATE/OUTPUT THE PAGE
 
 ## Change Log
 
-### 
+### 3.3.05
+
+- Added a few settings to the language files to adjust certain css values if needed.  In some instances, some langauges may use significantly longer words or phrases than others.  So, a smaller font or less spacing may be desirable in those places to preserve page layout.   
+- And, of course, some minor code improvements hear and there.
+
+### 3.3.04
 
 - Added Spanish language file courtesy of [fermuch](https//github.com/fermuch).
 - Some misc code improvements.

From 0106590a45c3b43ba19cc5e3d14c5459cd1f5705 Mon Sep 17 00:00:00 2001
From: David <selfevidenttruths@mail.com>
Date: Wed, 25 Jul 2012 16:23:32 -0400
Subject: [PATCH 119/228] Version 3.3.05a Removed some trouble-shooting code
 left in unintentionally.

---
 onefilecms.php | 46 +---------------------------------------------
 1 file changed, 1 insertion(+), 45 deletions(-)

diff --git a/onefilecms.php b/onefilecms.php
index c6d0579..3b501f8 100755
--- a/onefilecms.php
+++ b/onefilecms.php
@@ -1,7 +1,7 @@
 <?php 
 // OneFileCMS - github.com/Self-Evident/OneFileCMS
 
-$version = 'Version 3.3.05';
+$version = 'Version 3.3.05a';
 
 /*******************************************************************************
 Copyright © 2009-2012 https://github.com/rocktronica
@@ -2453,50 +2453,6 @@ function style_sheet(){ //******************************************************
 </head>
 <body>
 
-
-
-
-<? //######################################################################## ?>
-<?php
-if ( (ini_get('display_errors') == 'on') ||
-	 (ini_get('log_errors') == 'on')     ||
-	 (error_reporting() != 0) )
-{
-	echo '<style>.E_BOX {color:red; font-size:.8em; font-weight: 900;'.
-		'border: 1px solid black; background-color: white;'.
-		'padding: 0 0 .2em .5em;'.
-	
-		'}</style>';
-	echo '<p class="E_BOX">';
-	echo 'Display errors is: '        .ini_get('display_errors').'. &nbsp; ';
-	echo 'Log errors is: '            .ini_get('log_errors')    .'. &nbsp; ';
-	//echo 'Error reporting is set to: '.error_reporting()        .'. &nbsp; ';
-
-	$E_level = error_reporting(); $spc = " &nbsp;  &nbsp; ";
-	if ( ($E_level &     1) ==     1 ) { $E_types  = 'E_ERROR'.$spc;            }
-	if ( ($E_level &     2) ==     2 ) { $E_types .= 'E_WARNING'.$spc;          }
-	if ( ($E_level &     4) ==     4 ) { $E_types .= 'E_PARSE'.$spc;            }
-	if ( ($E_level &     8) ==     8 ) { $E_types .= 'E_NOTICE'.$spc;           }
-	if ( ($E_level &    16) ==    16 ) { $E_types .= 'E_CORE_ERROR'.$spc;       }
-	if ( ($E_level &    32) ==    32 ) { $E_types .= 'E_CORE_WARNING'.$spc;     }
-	if ( ($E_level &    64) ==    64 ) { $E_types .= 'E_COMPILE_ERROR'.$spc;    }
-	if ( ($E_level &   128) ==   128 ) { $E_types .= 'E_COMPILE_WARNING'.$spc;  }
-	if ( ($E_level &   256) ==   256 ) { $E_types .= 'E_USER_ERROR'.$spc;       }
-	if ( ($E_level &   512) ==   512 ) { $E_types .= 'E_USER_WARNING'.$spc;     }
-	if ( ($E_level &  1024) ==  1024 ) { $E_types .= 'E_USER_NOTICE'.$spc;      }
-	if ( ($E_level &  2048) ==  2048 ) { $E_types .= 'E_STRICT'.$spc;           }
-	if ( ($E_level &  4096) ==  4096 ) { $E_types .= 'E_RECOVERABLE_ERROR'.$spc;}
-	if ( ($E_level &  8192) ==  8192 ) { $E_types .= 'E_DEPRECATED'.$spc;       }
-	if ( ($E_level & 16384) == 16384 ) { $E_types .= 'E_USER_DEPRECATED'.$spc;  }
-	echo '<span style="font-size: .8em;">'.$E_types.'</span>';
-	echo '</p>';
-}//end if
-?>
-<? //######################################################################## ?>
-
-
-
-
 <?php if ($page == "login"){ echo '<div id="main" class="login_page">'; }
       else                 { echo '<div id="main" class="container" >'; }
 ?>

From 8739073770b1c847f9cd7b6f4f0c1634f7508609 Mon Sep 17 00:00:00 2001
From: David <selfevidenttruths@mail.com>
Date: Wed, 25 Jul 2012 16:26:48 -0400
Subject: [PATCH 120/228] Version 3.3.05a Updated readme

---
 readme.markdown | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/readme.markdown b/readme.markdown
index 84d0e95..01ccc07 100755
--- a/readme.markdown
+++ b/readme.markdown
@@ -1,6 +1,6 @@
-# Current stable version: 3.3.05
+# Current stable version: 3.3.05a
 
-### July 24, 2012
+### July 25, 2012
 
 #### Security issue if using external .ini config file for password storage  
 If an external config file is used to store your password and/or hash, make sure to save the file with php as the extension, and begin the file as follows:  
@@ -160,6 +160,11 @@ GENERATE/OUTPUT THE PAGE
 
 ## Change Log
 
+
+### 3.3.05a
+
+- Just removed some trouble-shooting code that was left in unintentionally.
+
 ### 3.3.05
 
 - Added a few settings to the language files to adjust certain css values if needed.  In some instances, some langauges may use significantly longer words or phrases than others.  So, a smaller font or less spacing may be desirable in those places to preserve page layout.   

From 8efc2be697ea57ca398e49c5aeccb039deafa5ef Mon Sep 17 00:00:00 2001
From: Self-Evident <selfevidenttruths@mail.com>
Date: Tue, 31 Jul 2012 16:40:00 -0400
Subject: [PATCH 121/228] Version 3.3.06 An external $config_file is now simply
 a php file (was an ini).   So, now uses include($config_file) instead of
 parse_ini_file($config_file). Added some comments for $config_file Increased
 hash iterations from 1000 to 10000.   (I've read that lots of iterations help
 slow down brute force p/w recovery) Updated hash for default "password".
 Created Page_Header() & moved <div class=header> code to it. show_favicon():
 now returns string instead of echo'ing it. Upload_response(): changed
 $_['bytes_01'] (it wasn't defined) to $_['meta_txt_02']. Created
 Set_Input_width() for use in Copy_Ren_Move_Page(). style_sheet(): Set width
 of input type="text" to 99.5% Adjusted css for label A couple of minor text
 spacing improvements.

---
 OFCMS_config.SAMPLE.php  |  60 +++++
 OneFileCMS.LANG.DE.ini   |   2 +-
 OneFileCMS.LANG.EN.ini   | 476 +++++++++++++++++++--------------------
 OneFileCMS.LANG.ES.ini   |   4 +-
 OneFileCMS_structure.txt |   6 +-
 onefilecms.php           | 185 +++++++--------
 readme.markdown          |  65 +++---
 7 files changed, 436 insertions(+), 362 deletions(-)
 create mode 100755 OFCMS_config.SAMPLE.php

diff --git a/OFCMS_config.SAMPLE.php b/OFCMS_config.SAMPLE.php
new file mode 100755
index 0000000..7582446
--- /dev/null
+++ b/OFCMS_config.SAMPLE.php
@@ -0,0 +1,60 @@
+<?php 
+// OneFileCMS sample external config file.
+// For versions 3.3.06 and later
+// (Prior versions used an .ini format)
+//
+// Basically, below is simply a copy & paste of the OneFileCMS config section.
+
+
+// CONFIGURABLE INFO ***********************************************************
+$config_title = "OneFileCMS";
+
+$USERNAME = 'username';
+
+$PASSWORD = 'password'; //If using $HASHWORD, you may leave this value empty.
+$USE_HASH = 0 ; // If = 0, use $PASSWORD. If = 1, use $HASHWORD. 
+$HASHWORD = 'c3e70af96ab1bfc5669280e98b438e1a8c08ca5e0bb3354c05ceaa6f339fd3f6'; //hash for "password"
+$SALT     = 'somerandomsalt';
+
+$LANGUAGE_FILE = ""; //Filename of language settings. Leave blank for built-in default.
+					 //If file is not found, built-in default will be used.
+
+$MAX_ATTEMPTS  = 3;   //Max failed login attempts before LOGIN_DELAY starts.
+$LOGIN_DELAY   = 10;  //In seconds.
+$MAX_IDLE_TIME = 600; //In seconds. 600 = 10 minutes.  Other PHP settings may limit its max effective value.
+					  //  For instance, 24 minutes is the PHP default for garbage collection.
+
+$MAIN_WIDTH    = '810px'; //Width of main <div> defining page layout.
+$WIDE_VIEW_WIDTH = '97%'; //Width to set Edit page if [Wide View] is clicked
+
+$MAX_IMG_W   = 810;  // Max width to display images. (page container = 810)
+$MAX_IMG_H   = 1000; // Max height.  I don't know, it just looks reasonable.
+
+$MAX_EDIT_SIZE = 150000;  // Edit gets flaky with large files in some browsers.  Trial and error your's.
+$MAX_VIEW_SIZE = 1000000; // If file > $MAX_EDIT_SIZE, don't even view in OneFileCMS.
+                          // The default max view size is completely arbitrary. It was 2am and seemed like a good idea at the time.
+$config_favicon   = "/favicon.ico";
+$config_excluded  = ""; //files to exclude from directory listings- CaSe sEnsaTive!
+
+$config_etypes = "html,htm,xhtml,php,css,js,txt,text,cfg,conf,ini,csv,svg,log"; //Editable file types.
+$config_stypes = "*"; // Shown types; only files of the given types should show up in the file-listing
+	// Use $config_stypes exactly like $config_etypes (list of extensions separated by semicolons).
+	// If $config_stypes is set to null - by intention or by error - OFCMS will only display folders.
+	// If $config_stypes is set to the *-wildcard (as per default), all files will show up.
+	// If $config_stypes is set to "html,htm" for example, only file with the extension "html" or "htm" will get listed.
+
+$config_itypes = "jpg,gif,png,bmp,ico"; //image types to display on edit page.
+$config_ftypes = "bin,jpg,gif,png,bmp,ico,svg,txt,cvs,css,php,ini,cfg,conf,asp,js ,htm,html"; // _ftype & _fclass must have same
+$config_fclass = "bin,img,img,img,img,img,svg,txt,txt,css,php,txt,cfg,cfg ,txt,txt,htm,htm";  // number of values. bin is default.
+
+$EX = '<b>( ! )</b> '; //EXclaimation point "icon" Used in $message's
+
+$SESSION_NAME = 'OFCMS'; //Also the cookie name. Change if using multiple copies of OneFileCMS.
+
+//$config_file = 'OFCMS_config.SAMPLE.php'; //External config file, if there is one.
+	//Format for external config file is basic php:
+	// < ? php                    //(without the spaces around the ?, of course)
+	// $option1 = "value";
+	// etc...
+// End CONFIGURABLE INFO *******************************************************
+
diff --git a/OneFileCMS.LANG.DE.ini b/OneFileCMS.LANG.DE.ini
index b24448b..44d4eeb 100755
--- a/OneFileCMS.LANG.DE.ini
+++ b/OneFileCMS.LANG.DE.ini
@@ -1,5 +1,5 @@
 ;///////////////////////////////////////////////////////////////////////////////
-;// OneFileCMS Language Settings v3.3.05
+;// OneFileCMS Language Settings v3.3.06
 
 LANGUAGE = "German"
 
diff --git a/OneFileCMS.LANG.EN.ini b/OneFileCMS.LANG.EN.ini
index e11e4f4..d84e81b 100755
--- a/OneFileCMS.LANG.EN.ini
+++ b/OneFileCMS.LANG.EN.ini
@@ -1,238 +1,238 @@
-;///////////////////////////////////////////////////////////////////////////////
-;// OneFileCMS Language Settings v3.3.05
-
-LANGUAGE = "English"
-
-;// These are the default values included directly in onefilecms.php.
-;//
-;// If no translation or value is desired for a particular setting, do not delete
-;// the actual setting variable, just set it to an empty string.
-;// For example:  some_unused_setting = ""
-;//
-;// Remember to slash-escape double quotes that may be within a value:  \" 
-;// And, for any values used directly in Default_Language() in onefilecms.php,
-;// single quotes must also be escaped:   \'
-
-
-;// In some instances, some langauges may use significantly longer words or phrases than others.
-;// So, a smaller font or less spacing may be desirable in those places to preserve page layout.
-;//
-front_links_font_size =  "1em"; //Buttons on Index page.
-front_links_margin_r  =  "1em";
-button_font_size      = ".9em"; //Buttons on Edit page.
-button_margin_L       = ".5em";
-button_padding        = "4px 10px";
-image_info_font_size  =  "1em"; //show_img_msg_01 & _02 
-image_info_pos        = ""; //If 1 or true, moves the info down a line for more space.
-
-
-Upload_File = "Upload File"
-New_File    = "New File"
-Ren_Move    = "Rename/Move"
-Ren_Moved   = "Renamed/Moved"
-New_Folder  = "New Folder"
-Ren_Folder  = "Rename/Move Folder"
-Del_Folder  = "Delete Folder"
-
-Admin  = "Admin"
-Enter  = "Enter"
-Edit   = "Edit"
-Close  = "Close"
-Cancel = "Cancel"
-Upload = "Upload"
-Create = "Create"
-Copy   = "Copy"
-Copied = "Copied"
-Rename = "Rename"
-Delete = "Delete"
-DELETE = "DELETE"
-File   = "File"
-Folder = "Folder"
-
-Log_In  = "Log In"
-Log_Out = "Log Out"
-
-Hash          = "Hash"
-pass_to_hash  = "Password to hash:"
-Generate_Hash = "Generate Hash"
-
-save_1      = "Save"
-save_2      = "SAVE CHANGES!"
-reset       = "Reset - loose changes"
-Wide_View   = "Wide View"
-Normal_View = "Normal View"
-
-on_      = "on"
-
-verify_msg_01 = "Session expired."
-verify_msg_02 = "INVALID POST"
-
-get_get_msg_01 = "File does not exist:"
-
-check_path_msg_01 = "Directory does not exist: "
-
-ord_msg_01 = "A file with that name already exists in the target directory."
-ord_msg_02 = "Saving as"
-
-show_img_msg_01 = "Image shown at ~"
-show_img_msg_02 = "% of full size (W x H ="
-
-hash_h2     = "Generate a Password Hash"
-hash_txt_01 = "There are two ways to change your OneFileCMS password:"
-hash_txt_02 = "1) Use the $PASSWORD config variable to store your desired password, and set $USE_HASH = 0 (zero)."
-hash_txt_03 = "2) Or, use $HASHWORD to store the hash of your password, and set $USE_HASH = 1."
-hash_txt_04 = "Keep in mind that due to a number of widely varied considerations, this is largely an academic excersize. That is, take the idea that this adds much of an improvement to security with a grain of cryptographic salt.	However, it does eleminate the storage of your password in plain text, which is a good thing."
-hash_txt_05 = "Anyway, to use the $HASHWORD password option:"
-hash_txt_06 = "Type your desired password in the input field above and hit Enter."
-hash_txt_07 = "The hash will be displayed in a yellow message box above that."
-hash_txt_08 = "Copy and paste the new hash to the $HASHWORD variable in the config section."
-hash_txt_09 = "Make sure to copy ALL of, and ONLY, the hash (no leading or trailing spaces etc)."
-hash_txt_10 = "A double-click should select it..."
-hash_txt_11 = "Make sure $USE_HASH is set to 1 (or true)."
-hash_txt_12 = "When ready, logout and login."
-hash_txt_13 = "You can use OneFileCMS to edit itself.  However, be sure to have a backup ready for the inevitable ytpo..."
-hash_txt_14 = "For another small improvement to security, change the default salt and/or method used by OneFileCMS to hash the password (and keep 'em secret, of course).  Remever, every little bit helps..."
-
-hash_msg_01 = "Password: "
-hash_msg_02 = "Hash    : "
-
-login_h2     = "Log In"
-login_txt_01 = "Username:"
-login_txt_02 = "Password:"
-
-login_msg_01a = "There have been "
-login_msg_01b = "invalid login attempts."
-login_msg_02a = "Please wait"
-login_msg_02b = "seconds to try again."
-login_msg_03  = "INVALID LOGIN ATTEMPT #"
-
-edit_note_00  = "NOTES:"
-edit_note_01a = "Remember- your"
-edit_note_01b = "is"
-edit_note_02  = "So save changes before the clock runs out, or the changes will be lost!"
-edit_note_03  = "With some browsers, such as Chrome, if you click the browser [Back] then browser [Forward], the file state may not be accurate.  To correct, click the browser's [Reload]."
-edit_note_04  = "Chrome may disable some javascript in a page if the page even appears to contain inline javascript in certain contexts.  This can affect some features of the OneFileCMS edit page when editing files that legitimately contain such code, such as OneFileCMS itself.  However, such files can still be edited and saved with OneFileCMS.  The primary function lost is the incidental change of background colors (red/green) indicating whether or not the file has unsaved changes.  The issue will be noticed after the first save of such a file."
-
-edit_h2_1   = "Viewing:"
-edit_h2_2   = "Editing:"
-edit_txt_01 = "Non-text or unkown file type. Edit disabled."
-edit_txt_02 = "File possibly contains an invalid character. Edit and view disabled."
-edit_txt_03 = "htmlspecialchars() returned an empty string from what may be an otherwise valid file."
-edit_txt_04 = "This behavior can be inconsistant from version to version of php."
-
-too_large_to_edit_01a = "Edit disabled. Filesize >"
-too_large_to_edit_01b = "bytes."
-too_large_to_edit_02 = "Some browsers (ie: IE) bog down or become unstable while editing a large file in an HTML <textarea>."
-too_large_to_edit_03 = "Adjust $MAX_EDIT_SIZE in the configuration section of OneFileCMS as needed."
-too_large_to_edit_04 = "A simple trial and error test can determine a practical limit for a given browser/computer."
-
-too_large_to_view_01a = "View disabled. Filesize >"
-too_large_to_view_01b = "bytes."
-too_large_to_view_02 = "Click the file name above to view as normally rendered in a browser window."
-too_large_to_view_03 = "Adjust $MAX_VIEW_SIZE in the configuration section of OneFileCMS as needed."
-too_large_to_view_04 = "(The default value for $MAX_VIEW_SIZE is completely arbitrary, and may be adjusted as desired.)"
-
-meta_txt_01 = "Filesize:"
-meta_txt_02 = "bytes."
-meta_txt_03 = "Updated:"
-
-edit_msg_01 = "File saved:"
-edit_msg_02 = "bytes written."
-edit_msg_03 = "There was an error saving file."
-
-upload_h2     = "Upload File"
-upload_txt_01 = "per upload_max_filesize in php.ini."
-upload_txt_02 = "per post_max_size in php.ini"
-upload_txt_03 = "Note: Maximum upload file size is:"
-
-upload_err_01a = "Error 1: File too large."
-upload_err_01b = "(From php.ini)"
-upload_err_02a = "Error 2: File too large."
-upload_err_02b = "(From OneFileCMS)"
-upload_err_03  = "Error 3: The uploaded file was only partially uploaded."
-upload_err_04  = "Error 4: No file was uploaded."
-upload_err_05  = "Error 5:"
-upload_err_06  = "Error 6: Missing a temporary folder."
-upload_err_07  = "Error 7: Failed to write file to disk."
-upload_err_08  = "Error 8: A PHP extension stopped the file upload."
-
-upload_msg_01 = "No file selected for upload."
-upload_msg_02 = "Destination folder does not exist: "
-upload_msg_03 = "Upload cancelled."
-upload_msg_04 = "Uploading:"
-upload_msg_05 = "Upload successful!"
-upload_msg_06 = "Upload failed:"
-
-new_file_h2     = "New File"
-new_file_txt_01 = "File will be created in the current folder."
-new_file_txt_02 = "Some invalid characters are: "
-
-new_file_msg_01 = "New file not created:"
-new_file_msg_02 = "Name contains invalid character(s):"
-new_file_msg_03 = "New file not created - no name given"
-new_file_msg_04 = "File already exists:"
-new_file_msg_05 = "Created file:"
-new_file_msg_06 = "Error - new file not created:"
-
-CRM_txt_01  = "To move a file or folder, change the path/to/folder/or_file. The new location must already exist."
-CRM_txt_02  = "Old name:"
-CRM_txt_03  = "New name:"
-
-CRM_msg_01  = "Error - new parent location does not exist:"
-CRM_msg_02  = "Error - source file does not exist:"
-CRM_msg_03  = "Error - target filename already exists:"
-CRM_msg_04  = "to"
-CRM_msg_05a = "Error during"
-CRM_msg_05b = "from the above to the following:"
-
-delete_h2     = "Delete File"
-delete_txt_01 = "Are you sure?"
-
-delete_msg_01 = "Deleted file:"
-delete_msg_02 = "Error deleting"
-
-new_folder_h2    = "New Folder"
-new_folder_txt_1 = "Folder will be created in the current folder."
-new_folder_txt_2 = "Some invalid characters are:"
-
-new_folder_msg_01 = "New folder not created:"
-new_folder_msg_02 = "Name contains invalid character(s):"
-new_folder_msg_03 = "New folder not created - no name given."
-new_folder_msg_04 = "Folder already exists:"
-new_folder_msg_05 = "Created folder:"
-new_folder_msg_06 = "Error - new folder not created:"
-
-delete_folder_h2     = "Delete Folder"
-delete_folder_txt_01 = "Are you sure?"
-
-delete_folder_msg_01 = "Folder not empty.   Folders must be empty before they can be deleted."
-delete_folder_msg_02 = "Deleted folder:"
-delete_folder_msg_03 = "an error occurred during delete."
-
-page_title_login      = "Log In"
-page_title_hash       = "Hash Page"
-page_title_edit       = "Edit/View File"
-page_title_upload     = "Upload File"
-page_title_new_file   = "New File"
-page_title_copy       = "Copy File"
-page_title_ren        = "Rename File"
-page_title_del        = "Delete File"
-page_title_folder_new = "New Folder"
-page_title_folder_ren = "Rename/Move Folder"
-page_title_folder_del = "Delete Folder"
-
-session_warning = "Warning: Session timeout soon!"
-session_expired = "SESSION EXPIRED"
-unload_unsaved  = "               Unsaved changes will be lost!"
-confirm_reset   = "Reset file and loose unsaved changes?"
-
-OFCMS_requires  = "OneFileCMS requires PHP5. Tested on versions 5.2.8, 5.3.3 & 5.4.4."
-
-logout_msg       = "You have successfully logged out."
-folder_del_msg   = "Folder not empty.   Folders must be empty before they can be deleted."
-upload_error_01a = "Upload Error.  Total POST data (mostly filesize) exceeded post_max_size ="
-upload_error_01b = "(from php.ini)"
-edit_caution_01  = "CAUTION"
-edit_caution_02  = "You are editing the active copy of OneFileCMS - BACK IT UP & BE CAREFUL !!"
-
-time_out_txt = "Session time out in:"
+;///////////////////////////////////////////////////////////////////////////////
+;// OneFileCMS Language Settings v3.3.06
+
+LANGUAGE = English
+
+;// These are the default values included directly in onefilecms.php.
+;//
+;// If no translation or value is desired for a particular setting, do not delete
+;// the actual setting variable, just set it to an empty string.
+;// For example:  some_unused_setting = ""
+;//
+;// Remember to slash-escape double quotes that may be within a value:  \" 
+;// And, for any values used directly in Default_Language() in onefilecms.php,
+;// single quotes must also be escaped:   \'
+
+
+;// In some instances, some langauges may use significantly longer words or phrases than others.
+;// So, a smaller font or less spacing may be desirable in those places to preserve page layout.
+;//
+front_links_font_size =  "1em"; //Buttons on Index page.
+front_links_margin_R  =  "1em";
+button_font_size      = ".9em"; //Buttons on Edit page.
+button_margin_L       = ".5em";
+button_padding        = "4px 10px";
+image_info_font_size  =  "1em"; //show_img_msg_01 & _02 
+image_info_pos        = ""; //If 1 or true, moves the info down a line for more space.
+
+
+Upload_File = "Upload File"
+New_File    = "New File"
+Ren_Move    = "Rename/Move"
+Ren_Moved   = "Renamed/Moved"
+New_Folder  = "New Folder"
+Ren_Folder  = "Rename/Move Folder"
+Del_Folder  = "Delete Folder"
+
+Admin  = "Admin"
+Enter  = "Enter"
+Edit   = "Edit"
+Close  = "Close"
+Cancel = "Cancel"
+Upload = "Upload"
+Create = "Create"
+Copy   = "Copy"
+Copied = "Copied"
+Rename = "Rename"
+Delete = "Delete"
+DELETE = "DELETE"
+File   = "File"
+Folder = "Folder"
+
+Log_In  = "Log In"
+Log_Out = "Log Out"
+
+Hash          = "Hash"
+pass_to_hash  = "Password to hash:"
+Generate_Hash = "Generate Hash"
+
+save_1      = "Save"
+save_2      = "SAVE CHANGES!"
+reset       = "Reset - loose changes"
+Wide_View   = "Wide View"
+Normal_View = "Normal View"
+
+on_      = "on"
+
+verify_msg_01 = "Session expired."
+verify_msg_02 = "INVALID POST"
+
+get_get_msg_01 = "File does not exist:"
+
+check_path_msg_01 = "Directory does not exist: "
+
+ord_msg_01 = "A file with that name already exists in the target directory."
+ord_msg_02 = "Saving as"
+
+show_img_msg_01 = "Image shown at ~"
+show_img_msg_02 = "% of full size (W x H ="
+
+hash_h2     = "Generate a Password Hash"
+hash_txt_01 = "There are two ways to change your OneFileCMS password:"
+hash_txt_02 = "1) Use the $PASSWORD config variable to store your desired password, and set $USE_HASH = 0 (zero)."
+hash_txt_03 = "2) Or, use $HASHWORD to store the hash of your password, and set $USE_HASH = 1."
+hash_txt_04 = "Keep in mind that due to a number of widely varied considerations, this is largely an academic excersize. That is, take the idea that this adds much of an improvement to security with a grain of cryptographic salt.	However, it does eleminate the storage of your password in plain text, which is a good thing."
+hash_txt_05 = "Anyway, to use the $HASHWORD password option:"
+hash_txt_06 = "Type your desired password in the input field above and hit Enter."
+hash_txt_07 = "The hash will be displayed in a yellow message box above that."
+hash_txt_08 = "Copy and paste the new hash to the $HASHWORD variable in the config section."
+hash_txt_09 = "Make sure to copy ALL of, and ONLY, the hash (no leading or trailing spaces etc)."
+hash_txt_10 = "A double-click should select it..."
+hash_txt_11 = "Make sure $USE_HASH is set to 1 (or true)."
+hash_txt_12 = "When ready, logout and login."
+hash_txt_13 = "You can use OneFileCMS to edit itself.  However, be sure to have a backup ready for the inevitable ytpo..."
+hash_txt_14 = "For another small improvement to security, change the default salt and/or method used by OneFileCMS to hash the password (and keep them secret, of course).  Remever, every little bit helps..."
+
+hash_msg_01 = "Password: "
+hash_msg_02 = "Hash    : "
+
+login_h2     = "Log In"
+login_txt_01 = "Username:"
+login_txt_02 = "Password:"
+
+login_msg_01a = "There have been "
+login_msg_01b = "invalid login attempts."
+login_msg_02a = "Please wait"
+login_msg_02b = "seconds to try again."
+login_msg_03  = "INVALID LOGIN ATTEMPT #"
+
+edit_note_00  = "NOTES:"
+edit_note_01a = "Remember- your"
+edit_note_01b = "is"
+edit_note_02  = "So save changes before the clock runs out, or the changes will be lost!"
+edit_note_03  = "With some browsers, such as Chrome, if you click the browser [Back] then browser [Forward], the file state may not be accurate.  To correct, click the browser's [Reload]."
+edit_note_04  = "Chrome may disable some javascript in a page if the page even appears to contain inline javascript in certain contexts.  This can affect some features of the OneFileCMS edit page when editing files that legitimately contain such code, such as OneFileCMS itself.  However, such files can still be edited and saved with OneFileCMS.  The primary function lost is the incidental change of background colors (red/green) indicating whether or not the file has unsaved changes.  The issue will be noticed after the first save of such a file."
+
+edit_h2_1   = "Viewing:"
+edit_h2_2   = "Editing:"
+edit_txt_01 = "Non-text or unkown file type. Edit disabled."
+edit_txt_02 = "File possibly contains an invalid character. Edit and view disabled."
+edit_txt_03 = "htmlspecialchars() returned an empty string from what may be an otherwise valid file."
+edit_txt_04 = "This behavior can be inconsistant from version to version of php."
+
+too_large_to_edit_01a = "Edit disabled. Filesize >"
+too_large_to_edit_01b = "bytes."
+too_large_to_edit_02 = "Some browsers (ie: IE) bog down or become unstable while editing a large file in an HTML <textarea>."
+too_large_to_edit_03 = "Adjust $MAX_EDIT_SIZE in the configuration section of OneFileCMS as needed."
+too_large_to_edit_04 = "A simple trial and error test can determine a practical limit for a given browser/computer."
+
+too_large_to_view_01a = "View disabled. Filesize >"
+too_large_to_view_01b = "bytes."
+too_large_to_view_02 = "Click the file name above to view as normally rendered in a browser window."
+too_large_to_view_03 = "Adjust $MAX_VIEW_SIZE in the configuration section of OneFileCMS as needed."
+too_large_to_view_04 = "(The default value for $MAX_VIEW_SIZE is completely arbitrary, and may be adjusted as desired.)"
+
+meta_txt_01 = "Filesize:"
+meta_txt_02 = "bytes."
+meta_txt_03 = "Updated:"
+
+edit_msg_01 = "File saved:"
+edit_msg_02 = "bytes written."
+edit_msg_03 = "There was an error saving file."
+
+upload_h2     = "Upload File"
+upload_txt_01 = "per upload_max_filesize in php.ini."
+upload_txt_02 = "per post_max_size in php.ini"
+upload_txt_03 = "Note: Maximum upload file size is:"
+
+upload_err_01a = "Error 1: File too large."
+upload_err_01b = "(From php.ini)"
+upload_err_02a = "Error 2: File too large."
+upload_err_02b = "(From OneFileCMS)"
+upload_err_03  = "Error 3: The uploaded file was only partially uploaded."
+upload_err_04  = "Error 4: No file was uploaded."
+upload_err_05  = "Error 5:"
+upload_err_06  = "Error 6: Missing a temporary folder."
+upload_err_07  = "Error 7: Failed to write file to disk."
+upload_err_08  = "Error 8: A PHP extension stopped the file upload."
+
+upload_msg_01 = "No file selected for upload."
+upload_msg_02 = "Destination folder does not exist: "
+upload_msg_03 = "Upload cancelled."
+upload_msg_04 = "Uploading:"
+upload_msg_05 = "Upload successful!"
+upload_msg_06 = "Upload failed:"
+
+new_file_h2     = "New File"
+new_file_txt_01 = "File will be created in the current folder."
+new_file_txt_02 = "Some invalid characters are: "
+
+new_file_msg_01 = "New file not created:"
+new_file_msg_02 = "Name contains invalid character(s):"
+new_file_msg_03 = "New file not created - no name given"
+new_file_msg_04 = "File already exists:"
+new_file_msg_05 = "Created file:"
+new_file_msg_06 = "Error - new file not created:"
+
+CRM_txt_01  = "To move a file or folder, change the path/to/folder/or_file. The new location must already exist."
+CRM_txt_02  = "Old name:"
+CRM_txt_03  = "New name:"
+
+CRM_msg_01  = "Error - new parent location does not exist:"
+CRM_msg_02  = "Error - source file does not exist:"
+CRM_msg_03  = "Error - target filename already exists:"
+CRM_msg_04  = "to"
+CRM_msg_05a = "Error during"
+CRM_msg_05b = "from the above to the following:"
+
+delete_h2     = "Delete File"
+delete_txt_01 = "Are you sure?"
+
+delete_msg_01 = "Deleted file:"
+delete_msg_02 = "Error deleting"
+
+new_folder_h2    = "New Folder"
+new_folder_txt_1 = "Folder will be created in the current folder."
+new_folder_txt_2 = "Some invalid characters are:"
+
+new_folder_msg_01 = "New folder not created:"
+new_folder_msg_02 = "Name contains invalid character(s):"
+new_folder_msg_03 = "New folder not created - no name given."
+new_folder_msg_04 = "Folder already exists:"
+new_folder_msg_05 = "Created folder:"
+new_folder_msg_06 = "Error - new folder not created:"
+
+delete_folder_h2     = "Delete Folder"
+delete_folder_txt_01 = "Are you sure?"
+
+delete_folder_msg_01 = "Folder not empty.   Folders must be empty before they can be deleted."
+delete_folder_msg_02 = "Deleted folder:"
+delete_folder_msg_03 = "an error occurred during delete."
+
+page_title_login      = "Log In"
+page_title_hash       = "Hash Page"
+page_title_edit       = "Edit/View File"
+page_title_upload     = "Upload File"
+page_title_new_file   = "New File"
+page_title_copy       = "Copy File"
+page_title_ren        = "Rename File"
+page_title_del        = "Delete File"
+page_title_folder_new = "New Folder"
+page_title_folder_ren = "Rename/Move Folder"
+page_title_folder_del = "Delete Folder"
+
+session_warning = "Warning: Session timeout soon!"
+session_expired = "SESSION EXPIRED"
+unload_unsaved  = "               Unsaved changes will be lost!"
+confirm_reset   = "Reset file and loose unsaved changes?"
+
+OFCMS_requires  = "OneFileCMS requires PHP5. Tested on versions 5.2.8, 5.3.3 & 5.4.4."
+
+logout_msg       = "You have successfully logged out."
+folder_del_msg   = "Folder not empty.   Folders must be empty before they can be deleted."
+upload_error_01a = "Upload Error.  Total POST data (mostly filesize) exceeded post_max_size ="
+upload_error_01b = "(from php.ini)"
+edit_caution_01  = "CAUTION"
+edit_caution_02  = "You are editing the active copy of OneFileCMS - BACK IT UP & BE CAREFUL !!"
+
+time_out_txt = "Session time out in:"
diff --git a/OneFileCMS.LANG.ES.ini b/OneFileCMS.LANG.ES.ini
index 027bf27..8ed423a 100755
--- a/OneFileCMS.LANG.ES.ini
+++ b/OneFileCMS.LANG.ES.ini
@@ -1,5 +1,5 @@
-;///////////////////////////////////////////////////////////////////////////////
-;// OneFileCMS Language Settings v3.3.05
+;///////////////////////////////////////////////////////////////////////////////
+;// OneFileCMS Language Settings v3.3.06
 
 LANGUAGE = "Spanish"
 
diff --git a/OneFileCMS_structure.txt b/OneFileCMS_structure.txt
index 9ffc000..704963b 100755
--- a/OneFileCMS_structure.txt
+++ b/OneFileCMS_structure.txt
@@ -1,4 +1,4 @@
-Version 3.3.04
+Version 3.3.06
 
 LICENSE
 
@@ -8,7 +8,7 @@ CONFIGURATION SECTION
 
 GET EXTERNAL CONFIG (if exists)
 
-OTHER GLOBAL VALUES
+OTHER GLOBAL/SYSTEM VALUES
 
 MISC FUNCTIONS:
 	hsc()
@@ -25,6 +25,7 @@ MISC FUNCTIONS:
 	is_empty()
 	ordinalize()
 	Current_Path_Header()
+	Page_Header()
 	message_box()
 	Upload_New_Rename_Delete_Links()
 	Cancel_Submit_Buttons()
@@ -72,6 +73,7 @@ PAGE & RESPONSE FUNCTIONS:
 	New_File_Page()
 	New_File_response() 
 	Copy_Ren_Move_Page()
+	Set_Input_width()
 	Copy_Ren_Move_response()
 	Delete_File_Page()
 	Delete_File_response()
diff --git a/onefilecms.php b/onefilecms.php
index 3b501f8..404c6cf 100755
--- a/onefilecms.php
+++ b/onefilecms.php
@@ -1,7 +1,7 @@
 <?php 
 // OneFileCMS - github.com/Self-Evident/OneFileCMS
 
-$version = 'Version 3.3.05a';
+$version = '3.3.06';
 
 /*******************************************************************************
 Copyright © 2009-2012 https://github.com/rocktronica
@@ -51,11 +51,11 @@
 
 $PASSWORD = 'password'; //If using $HASHWORD, you may leave this value empty.
 $USE_HASH = 0 ; // If = 0, use $PASSWORD. If = 1, use $HASHWORD. 
-$HASHWORD = 'c3e70af96ab1bfc5669280e98b438e1a8c08ca5e0bb3354c05ceaa6f339fd3f6'; //hash for "password"
+$HASHWORD = 'a6ca7f88bd5efc706d38047cc5844d2b11f86242c01e0c89a1c656dbe2dd1866'; //hash for "password"
 $SALT     = 'somerandomsalt';
 
-$LANGUAGE_FILE = "OneFileCMS.LANG.EN.ini"; //Filename of language settings. Leave blank for built-in default.
-									       //If file is not found, built-in default will be used.
+//$LANGUAGE_FILE = "OneFileCMS.LANG.EN.ini"; //Filename of language settings. Leave blank for built-in default.
+					 //If file is not found, built-in default will be used.
 
 $MAX_ATTEMPTS  = 3;   //Max failed login attempts before LOGIN_DELAY starts.
 $LOGIN_DELAY   = 10;  //In seconds.
@@ -65,12 +65,12 @@
 $MAIN_WIDTH    = '810px'; //Width of main <div> defining page layout.
 $WIDE_VIEW_WIDTH = '97%'; //Width to set Edit page if [Wide View] is clicked
 
-$MAX_IMG_W   = 810;  // Max width to display images. (page container = 810)
-$MAX_IMG_H   = 1000; // Max height.  I don't know, it just looks reasonable.
+$MAX_IMG_W   = 810;  //Max width to display images. (page container = 810)
+$MAX_IMG_H   = 1000; //Max height.  I don't know, it just looks reasonable.
 
 $MAX_EDIT_SIZE = 150000;  // Edit gets flaky with large files in some browsers.  Trial and error your's.
 $MAX_VIEW_SIZE = 1000000; // If file > $MAX_EDIT_SIZE, don't even view in OneFileCMS.
-                          // The default max view size is completely arbitrary. It was 2am and seemed like a good idea at the time.
+                          // The default max view size is completely arbitrary. Basically, it was 2am and seemed like a good idea at the time.
 $config_favicon   = "/favicon.ico";
 $config_excluded  = ""; //files to exclude from directory listings- CaSe sEnsaTive!
 
@@ -89,54 +89,21 @@
 
 $SESSION_NAME = 'OFCMS'; //Also the cookie name. Change if using multiple copies of OneFileCMS.
 
-$config_file = 'OFCMS_config.php'; //External config file, if there is one.
+//$config_file = 'OFCMS_config.SAMPLE.php'; //External config file, if there is one.
+	//Format for external config file is basic php:
+	// < ? php                    //(without the spaces around the ?, of course)
+	// $option1 = "value";
+	// etc...
 // End CONFIGURABLE INFO *******************************************************
 
 
 
 
-//* PROCESS CONFIGURATION FILE **************************************************
-/*
-  If an external config file is used to store your password and/or hash, make sure
-  to save the file with php as the extension, and begin the file as follows:
-
-;<?php die();
-
-  Otherwise, the file - along with your password, is world readable.
-  For details, see the php documentation and comments on parse_ini_file()
-*/
-
-# Check for an external configuration file:
-if (is_file($config_file)) {
-	# Parse file
-	$settings = parse_ini_file($config_file);
-
-	# Configure which variables can get overwritten by the config file:
-	$overwritable_variables = array(
-		'config_title',
-		'USERNAME',
-		'PASSWORD',
-		'USE_HASH',
-		'HASHWORD',
-		'SALT',
-		'LANGUAGE',
-		'config_stypes');
-
-	# Loop through options and overwrite default configuration
-	foreach($settings as $key => $value) {
-		# Check if variable can get overwritten:
-		if (in_array($key, $overwritable_variables)) {
-			$GLOBALS[$key] = $value;
-		}
-	}
-}
-// End PROCESS CONFIGURATION FILE **********************************************
-
-
-
-
 //******************************************************************************
-//Some global system values
+//System values & setup
+
+//If there is one, include external config file. 
+if ( isset($config_file) && is_file($config_file) ) { include($config_file); }
 
 ini_set('session.gc_maxlifetime', $MAX_IDLE_TIME + 100); //in case the default is less.
 
@@ -525,7 +492,7 @@ function hashit($key){ //*******************************************************
 	//If you change anything here, or the $SALT, redo the hash for your password.
 	global $SALT;
 	$hash = hash('sha256', trim($key).$SALT); // trim off leading & trailing spaces.
-	for ( $x=0; $x < 1000; $x++ ) { $hash = hash('sha256', $hash.$SALT); }
+	for ( $x=0; $x < 10000; $x++ ) { $hash = hash('sha256', $hash.$SALT); }
 	return $hash;
 }//end hashit() ****************************************************************
 
@@ -685,6 +652,27 @@ function Current_Path_Header(){ //**********************************************
 
 
 
+function Page_Header(){ //******************************************************
+	global  $_, $ONESCRIPT, $page, $WEBSITE, $config_title, $version;
+?>
+	<div class="header">
+		<a href="<?php echo $ONESCRIPT?>" id="logo"><?php echo $config_title; ?></a>
+		<?php echo $version.' ('.hsc($_['on_']).'&nbsp;php&nbsp;'.phpversion().')'; ?>
+
+		<div class="nav">
+			<a href="/" target="_blank"><?php echo show_favicon() ?>&nbsp;
+			<b><?php echo hte($WEBSITE) ?></b></a>
+			<?php if ($page != "login") { ?>
+			| <a href="<?php echo $ONESCRIPT ?>?p=logout"><?php echo hsc($_['Log_Out']) ?></a>
+			<?php } ?>
+		</div><div style="clear:both"></div>
+	</div><!-- end header -->
+<?php
+}//end Page_Header(){ **********************************************************
+
+
+
+
 function message_box() { //*****************************************************
 	global $ONESCRIPT, $param1, $param2, $param3, $message, $page;
 
@@ -779,7 +767,7 @@ function show_image(){ //*******************************************************
 function show_favicon(){ //*****************************************************
 	global $config_favicon, $DOC_ROOT;
 	if (file_exists($DOC_ROOT.$config_favicon)) { 
-		echo '<img src="'.URLencode_path($config_favicon).'" alt="">';
+		return '<img src="'.URLencode_path($config_favicon).'" alt="">';
 	}
 }// end show_favicon() *********************************************************
 
@@ -1193,7 +1181,7 @@ function Edit_Page_buttons_top($text_editable,$file_ENC){ //***********
 				<?php echo hsc($_['meta_txt_01']).' '.number_format(filesize($filename)).' '.hsc($_['meta_txt_02']); ?>
 			</span>	&nbsp;
 			<span class="file_time">
-				<?php echo hsc($_['meta_txt_03']).'<script>FileTimeStamp('.filemtime($filename).', 1, 1);</script>'; ?>
+				<?php echo hsc($_['meta_txt_03']).' <script>FileTimeStamp('.filemtime($filename).', 1, 1);</script>'; ?>
 				<?php echo '&nbsp; '.$file_ENC; ?>
 			</span><br>
 		</div>
@@ -1429,7 +1417,7 @@ function Upload_response() { //*************************************************
 	$destination = Check_path($_POST["upload_destination"]);
 	$page  = "index";
 	$MAXUP1 = ini_get('upload_max_filesize');
-	$MAXUP2 = number_format($_POST['MAX_FILE_SIZE']).hsc($_['bytes_01']);
+	$MAXUP2 = number_format($_POST['MAX_FILE_SIZE']).' '.hsc($_['meta_txt_02']);
 	$ERROR = $_FILES['upload_file']['error'];
 
 	if     ( $ERROR == 1 ){ $ERRMSG = hsc($_['upload_err_01a']).' upload_max_filesize = '.$MAXUP1.' '.hsc($_['upload_err_01b']);}
@@ -1513,12 +1501,44 @@ function New_File_response() { //***********************************************
 
 
 
+function Set_Input_width() { //*************************************************
+	global $WEB_ROOT, $MAIN_WIDTH;
+$WEB_ROOT = 'www/';
+	// (width of <input type=text>) = $MAIN_WIDTH - (Width of $WEB_ROOT)
+	// $MAIN_WIDTH may be in em, px, or pt.
+	// Width of 1 character = .625em = 10px = 7.5pt  (1em = 16px = 12pt)
+
+	$root_enc =  mb_detect_encoding($WEB_ROOT);
+	$root_len = (mb_strlen($WEB_ROOT, $root_enc) + 1); //+1 for good measure.
+	$main_width = $MAIN_WIDTH * 1;   //set in config section. Default is 810px.
+	$main_units = substr($MAIN_WIDTH, -2); //should be em, px, or pt
+
+	//convert to em
+	if     ( $main_units == "px") {  $main_width = $main_width / 16 ;}
+	elseif ( $main_units == "pt") {  $main_width = $main_width / 12 ;}
+	else                          {  $main_width = $main_width      ;}
+
+	//convert to em
+	$root_len = $root_len *.625;
+
+	$input_type_text_width = ($main_width - $root_len).'em';
+
+	echo '<style>input[type="text"] {width: '.$input_type_text_width.';}</style>';
+
+}//end Set_Input_width() *******************************************************
+
+
+
+
 function Copy_Ren_Move_Page($action, $title, $name_id, $isfile) { //************
 	//$action = 'Copy' or 'Rename'. $isfile = 1 if acting on a file, not a folder
 	global $_, $WEB_ROOT, $ipath, $filename, $FORM_COMMON;
+
 	if ($isfile) { $old_name = $filename; }else{ $old_name = $ipath; }
 	if ($isfile) { $new_name = $filename; }else{ $new_name = $ipath; }
 	//if ($action == "Copy" ) { $new_name = ordinalize($ipath, basename($filename), $msg); }
+
+	Set_Input_width();
 ?>
 	<h2><?php echo $action.' '.$title ?></h2>
 
@@ -1526,12 +1546,11 @@ function Copy_Ren_Move_Page($action, $title, $name_id, $isfile) { //************
 
 	<?php echo $FORM_COMMON ?>
 
-		<label><?php echo hsc($_['CRM_txt_02']) ?></label>
+		<label><?php echo hsc($_['CRM_txt_02']) ?></label><br>
 		<span class="web_root"><?php echo hte($WEB_ROOT); ?></span><input type="text" 
 			name="old_name" value="<?php echo hsc($old_name); ?>" readonly="readonly">
-
-
-		<label><?php echo hsc($_['CRM_txt_03']) ?></label>
+		<br>
+		<label><?php echo hsc($_['CRM_txt_03']) ?></label><br>
 		<span class="web_root"><?php echo hte($WEB_ROOT); ?></span><input type="text" 
 			name="<?php echo $name_id ?>" id="<?php echo $name_id ?>" 
 			value="<?php echo hsc($new_name); ?>">
@@ -1948,7 +1967,7 @@ function Reset_file_status_indicators() {
 
 
 	window.onbeforeunload = function() {
-		if ( changed && !submitted) { 
+		if ( changed && !submitted ) { 
 			//FF4+ Ingores the supplied msg below & only uses a system msg for the prompt.
 			return "<?php echo addslashes($_['unload_unsaved']) ?>";
 		}
@@ -2020,7 +2039,7 @@ function Reset_File() {
 
 
 function style_sheet(){ //******************************************************
-global $_, $MAIN_WIDTH;
+	global $_, $MAIN_WIDTH;
 ?>
 <style>
 /* --- reset --- */
@@ -2052,7 +2071,7 @@ function style_sheet(){ //******************************************************
 a:hover { border: 1px solid #807568; background-color: rgb(255,250,150); }
 a:focus { border: 1px solid #807568; background-color: rgb(255,250,150); }
 
-label { display: inline-block; width : 6em; font-size : 1em; font-weight: bold; }
+label { display: inline-block; font-size : 1em; font-weight: bold; }
 
 svg { margin: 0; padding: 0; }
 
@@ -2178,7 +2197,7 @@ function style_sheet(){ //******************************************************
 
 
 
-/*  [Upload File] [New File] [New Folder] etc... */
+/*  front_links:  [Upload File] [New File] [New Folder] etc... */
 
 .front_links a {
 	display: inline-block;
@@ -2198,11 +2217,11 @@ function style_sheet(){ //******************************************************
 
 
 input[type="text"] {
-	border: 1px solid #807568;
-	margin-bottom: .6em;
+	width  : 99.5%;
+	border : 1px solid #807568;
 	padding: 2px;
-	width: 50em;
-	font: 1em "Courier New", Courier, monospace;
+	margin-bottom: .6em;
+	font   : 1em "Courier New", Courier, monospace;
 	}
 
 
@@ -2289,7 +2308,6 @@ function style_sheet(){ //******************************************************
 .notes      { margin-bottom: .4em; }
 
 
-
 /* --- log in --- */
 
 .login_page {
@@ -2312,15 +2330,6 @@ function style_sheet(){ //******************************************************
 .login_page input[type="text"]{ width   : 364px; }
 
 
-
-#upload_file {
-	border: 1px solid #807568;
-	margin-bottom: .6em;
-	padding: 2px;
-	width: 50em;
-	}
-
-
 hr { /*-- -- -- -- -- -- --*/
 	line-height  : 0;
 	Xfont-size    : 1px;
@@ -2365,10 +2374,12 @@ function style_sheet(){ //******************************************************
 
 .edit_btns_top    { margin: .2em 0 .5em 0;}
 
-.image_info {color: #222; font-size: <?php echo $_['image_info_font_size'] ?> ;} /*Default is 1em*/
+.image_info {color: #222; font-size: <?php echo $_['image_info_font_size'] ?> ;}/*Default is 1em*/
 
 .edit_btns_bottom { float: right; margin-bottom: .65em; }
 .edit_btns_bottom .button { margin-left: <?php echo $_['button_margin_L'] ?>; } /*Default is .5em*/
+
+#upload_file { margin-bottom: .6em; }
 </style>
 <?php 
 }//end style_sheet() ***********************************************************
@@ -2400,26 +2411,27 @@ function style_sheet(){ //******************************************************
 
 	//*** Verify valid $page and/or $filename **********************************
 
-		//Don't load login screen if already in a valid session.
+	//Don't load login screen if already in a valid session.
 	if     ( $_SESSION['valid'] && ($page == "login") )  { $page = "index"; }
 
-		//Don't load edit page if $filename doesn't exist.
+	//Don't load edit page if $filename doesn't exist.
 	elseif ( ($page == "edit")  && !is_file($filename) ) { $page = "index"; }
 
 	elseif ($page == "logout") {
 		Logout();
 		$message .= hsc($_['logout_msg']); }
 
-		//Don't load delete page if folder not empty.
+	//Don't load delete page if folder not empty.
 	elseif ( ($page == "deletefolder") && !is_empty($ipath) ) {
 		$message .= $EX.'<b>'.hsc($_['folder_del_msg']).'</b>';
 		$page = "index";}
 
-		//if size of $_POST > post_max_size, PHP only returns empty $_POST & $_FILE arrays.
+	//if size of $_POST > post_max_size, PHP only returns empty $_POST & $_FILE arrays.
 	elseif ($page == "uploaded" && !$VALID_POST){
 		$message .= $EX.'<b> '.hsc($_['upload_error_01a']).' '.ini_get('post_max_size').'</b> '.hsc($_['upload_error_01b']).'';
 		$page = "index";}
 
+	//If editing OneFileCMS itself, show red message box with white text.
 	elseif ( ($page == "edit") && ($filename == trim(rawurldecode($ONESCRIPT), '/')) ) { 
 		if ( $message == "" ) { $BR = ""; } else { $BR = '<br>';}
 		$message .= '<style>#message p {background: red; color: white;}</style>';
@@ -2457,18 +2469,7 @@ function style_sheet(){ //******************************************************
       else                 { echo '<div id="main" class="container" >'; }
 ?>
 
-<div class="header">
-	<a href="<?php echo $ONESCRIPT.'" id="logo">'.$config_title; ?></a>
-	<?php echo $version.' ('.hsc($_['on_']).'&nbsp;php&nbsp'.phpversion().')'; ?>
-
-	<div class="nav">
-		<a href="/" target="_blank"><?php show_favicon() ?>&nbsp;
-		<b><?php echo hte($WEBSITE) ?></b></a>
-		<?php if ($page != "login") { ?>
-		| <a href="<?php echo $ONESCRIPT ?>?p=logout"><?php echo hsc($_['Log_Out']) ?></a>
-		<?php } ?>
-	</div><div style="clear:both"></div>
-</div><!-- end header -->
+<?php Page_Header() ?>
 
 <?php if ( $page != "login"  &&  $page != "hash" ) { Current_Path_Header(); } ?>
 
diff --git a/readme.markdown b/readme.markdown
index 01ccc07..edd24fa 100755
--- a/readme.markdown
+++ b/readme.markdown
@@ -1,4 +1,10 @@
-# Current stable version: 3.3.05a
+# Current stable version: 3.3.06
+
+### July 31, 2012
+
+- For reasons of security, consistancy, & code simplicity, the format of external config files (if used) is now php, instead of ini. This permits a simple copy & paste between an external config file & onefilecms.php.  
+  A config file must begin with "<?php".  And, for security reasons, external config files should also end in ".php".  Otherwise, your webserver may server up the file as plain text, exposing the contents.
+
 
 ### July 25, 2012
 
@@ -48,7 +54,7 @@ Coupling a utilitarian code editor with basic file managing functions, OneFileCM
 ## Features
  
 - All the basic features of an FTP application like renaming, deleting, copying, and uploading
-  _(Of course, for more complex processes like batch renaming or mass uploads/deletions, you're going to want to break out an actual FTP program.)_
+  _(Of course, for more complex processes like batch renaming or mass uploads/deletions, you're going to want to use an actual FTP program.)_
 - Alert if you try to leave without saving your edits.
 - A Login delay after too many invalid attempts.
 - Adjustable idle time before auto-logout.
@@ -59,17 +65,17 @@ Coupling a utilitarian code editor with basic file managing functions, OneFileCM
 
 1) Download [this file](https://raw.github.com/Self-Evident/OneFileCMS/master/onefilecms.php).
 
-2) Set your username and password - edit them to something less obvious.
+2) Set your username and password (to something a bit less obvious).  
 
-    // CONFIGURATION INFO
-    $USERNAME = "username";
-    $PASSWORD = "password";
+    // CONFIGURATION INFO  
+    $USERNAME = "username";  
+    $PASSWORD = "password";  
 
 3) Upload to anywhere on your site!
 
 Depending on how your web stack is set up, you may also have to modify the file permissions of your site's folders to allow OneFileCMS to modify and create files. ([More about that here.](http://catcode.com/teachmod/)) Make sure onefilecms.php and its parent folder are allowed to execute, with CHMOD at 755. Check with your host if you're not sure, and be aware of any inherent security concerns.
 
-You can also change the file name of OneFileCMS.php to something else, such as "Admin.php" . _(Be careful making it a folder's default file: your server may get stuck in redirects.)_
+You can also change the file name of OneFileCMS.php to something else, such as "Admin.php" . _(Be careful about making it a folder's default file: your server may get stuck in redirects.)_
 
 ## FAQ
 
@@ -83,9 +89,7 @@ However, just because I don't want to do it, doesn't mean it's impossible.  Look
 
 Yes, of course!
 
-I may not have the time/bandwidth/inclination to implement every feature, but I'll do what I can. If it's urgent, contact me.  
-
-In anycase, try [forking the file and submitting your changes to me](https://github.com/blog/844-forking-with-the-edit-button).
+I may not have the time/bandwidth/inclination to implement every feature, but I 'll do what I can. If it's urgent, contact me.  
 
 ### This is basically just a file manager with a text editor. Why is it being called a Content Management System?
 
@@ -93,34 +97,36 @@ Well, because "OneFileFileManagerTextEditor" just doesn't have the same ring to
 
 ### Multi-Language Support?
 
-Yes!  (But only English and German are available so far. (Spanish cominmg soon!) )
+Yes!  (But only English, German and Spanish are available so far.)
 
 ### Can I have more than one username/password?
 
-Yes!  Well, sort of - indirectly.  Upload or create addional copies of OneFileCMS, but give them different file names.(ie: OneFile1.php and OneFile2.php etc...)  Then, with each copy, maintain different user names and passwords.  Also, so one user does not log out the other, change the session names.  
+Yes!  Well, sort of - indirectly.  Upload or create addional copies of OneFileCMS, but give them different file names.(ie: OneFile1.php and OneFile2.php etc...)  Then, with each copy, maintain different user names and passwords.  Also, so that one user does not log out the other, change the $session_name config variables.  
   
 Now, since there is no database or other means of granular control and acess logging, multiple users may be kind of pointless.  On the other hand, having at least one working backup copy of OneFileCMS available is recommended in case the primary copy gets corrupted.
 
 ## Requirements
 
 - PHP 5.2+
-  (Only tested on versions 5.2.17, 5.3.3, 5.4, and 5.4.3)
+  (Only tested on versions 5.2.8, 5.2.17, 5.3.3, and 5.4 + )
 - File permission privileges on your host
 - Javascript enabled browswer
 - And, for OneFileCMS 3+, a browser that supports inline SVG.  
-  (Even if your browser doesn't support SVG, OneFileCMS will still work, just without any icons.)
+  (However, even if your browser doesn't support inline SVG, OneFileCMS will still work, just without any icons.)
+
+## Credit, License, Et Cetera  
 
-## Credit, License, Et Cetera
+Original concept and development by github.com/rocktronica  
 
-Original concept and development by github.com/rocktronica
+Written in PHP, JavaScript, HTML, CSS, and SVG.  
 
-Written in PHP, JavaScript, HTML, CSS, and SVG.
+Available under the MIT and BSD licenses.  
 
-Available under the MIT and BSD licenses.
+Icons for versions thru 1.1.6 by [famfamfam](http://www.famfamfam.com/).  
 
-Icons for versions thru 1.1.6 by [famfamfam](http://www.famfamfam.com/).
+To report a bug or request a feature, please file an issue via Github.  
 
-To report a bug or request a feature, please file an issue via Github. Forks encouraged!
+And, of course, please feel free to fork away!  
 
 ##Needed/potential/upcoming improvements
 
@@ -129,7 +135,7 @@ To report a bug or request a feature, please file an issue via Github. Forks enc
 - Connection is not encrypted (doesn't use SSL), so passwords & usernames are sent in clear text during login.  
   (However, this is true of most online login systems, unless SSL or the like is employed.)
 - Be aware that only some very basic data & error checking is performed.  (But, it's getting better...)  
-  On Windows, for instance, it's possible to create folders that are subsequently inaccessible and undeletable by Windows.  (Yea, I found out the hard way...)
+  On Windows, for instance, it's possible to create folders that are subsequently inaccessible and undeletable by Windows.  (Yea, I found out the hard way...)  (However, I *think* this issue is fixed.)
 - Anything else?
 
 --------------------------------------------------------------------------------
@@ -138,10 +144,10 @@ To report a bug or request a feature, please file an issue via Github. Forks enc
   
 CONFIGURATION SECTION  
   
-SOME STANDARD GLOBAL VARIABLES  
-
-DEFAULT LANGUAGE
-
+SYSTEM GLOBAL VARIABLES (non-configurable)  
+  
+DEFAULT LANGUAGE  
+  
 SESSION & MISC FUNCTIONS  
   
 SVG ICON FUNCTIONS  
@@ -160,6 +166,11 @@ GENERATE/OUTPUT THE PAGE
 
 ## Change Log
 
+### 3.3.06
+
+- Increased hash iterations from 1000 to 10000.  (I've read that lots of iterations help slow down brute force p/w recovery)
+- Format for external config files is now just php (instead of ini).
+- Some miscellaneous code & css improvements.
 
 ### 3.3.05a
 
@@ -254,8 +265,8 @@ GENERATE/OUTPUT THE PAGE
 
 ### 2.0
 
-- OneFileCMS is now actually ONE FILE! No external style sheets or icons.
-  __(Of course, external style sheets & icons can be added back in, if you like.)__
+- OneFileCMS is now actually ONE FILE! No external style sheets or icons.  
+  (Of course, external style sheets & icons can be added back in, if you like.)
 
 - This is OneFileCMS "Lite", and will be maintained along with v3.0
 

From 16612aa6366ca03b82afe25a29e0235c4beb2b80 Mon Sep 17 00:00:00 2001
From: Self-Evident <selfevidenttruths@mail.com>
Date: Wed, 1 Aug 2012 22:10:00 -0400
Subject: [PATCH 122/228] Old Langauge Files (ini versions)

---
 .../OneFileCMS.LANG.DE.ini                    |  0
 .../OneFileCMS.LANG.EN.ini                    |  0
 .../OneFileCMS.LANG.ES.ini                    |  0
 old_lang_files/lang_comp.php                  | 67 +++++++++++++++++++
 4 files changed, 67 insertions(+)
 rename OneFileCMS.LANG.DE.ini => old_lang_files/OneFileCMS.LANG.DE.ini (100%)
 rename OneFileCMS.LANG.EN.ini => old_lang_files/OneFileCMS.LANG.EN.ini (100%)
 rename OneFileCMS.LANG.ES.ini => old_lang_files/OneFileCMS.LANG.ES.ini (100%)
 create mode 100755 old_lang_files/lang_comp.php

diff --git a/OneFileCMS.LANG.DE.ini b/old_lang_files/OneFileCMS.LANG.DE.ini
similarity index 100%
rename from OneFileCMS.LANG.DE.ini
rename to old_lang_files/OneFileCMS.LANG.DE.ini
diff --git a/OneFileCMS.LANG.EN.ini b/old_lang_files/OneFileCMS.LANG.EN.ini
similarity index 100%
rename from OneFileCMS.LANG.EN.ini
rename to old_lang_files/OneFileCMS.LANG.EN.ini
diff --git a/OneFileCMS.LANG.ES.ini b/old_lang_files/OneFileCMS.LANG.ES.ini
similarity index 100%
rename from OneFileCMS.LANG.ES.ini
rename to old_lang_files/OneFileCMS.LANG.ES.ini
diff --git a/old_lang_files/lang_comp.php b/old_lang_files/lang_comp.php
new file mode 100755
index 0000000..e56d87c
--- /dev/null
+++ b/old_lang_files/lang_comp.php
@@ -0,0 +1,67 @@
+<?php header('Content-type: text/html; charset=UTF-8'); ?>
+
+<style>
+* {font-family: courier}
+.value {background-color: #eee;}
+</style>
+<pre>
+This will only show "evaluated" differences between values in the ini & php files.
+For example:
+  some.LANG.ini:      some_key   = "This is a \" quote test."
+  some.LANG.php:  $_['some_key'] = 'This is a " quote test.';
+These two values will evaluate as the same- to what is shown in the php version.
+
+This next example, however, will evaluate as different:
+  some.LANG.ini:      some_key   = "This is a \" quote test."
+  some.LANG.php:  $_['some_key'] = 'This is a \" quote test.';
+These two values will evaluate as different, due to the different quoting & escaping rules of ini & php.
+
+Also, some differences in white-space may not be evident or obvious, but will still be listed.
+</pre>
+<hr>
+<?php
+$ini['DE'] = 'OneFileCMS.LANG.DE.ini';
+$php['DE'] = 'OneFileCMS.LANG.DE.php';
+
+$ini['EN'] = 'OneFileCMS.LANG.EN.ini';
+$php['EN'] = 'OneFileCMS.LANG.EN.php';
+
+$ini['ES'] = 'OneFileCMS.LANG.ES.ini';
+$php['ES'] = 'OneFileCMS.LANG.ES.php';
+
+
+foreach ($ini as $lang => $file) {
+	echo 'Start '.$lang.'<br>';
+
+	$_ini = parse_ini_file($ini[$lang]);
+	include($php[$lang]);
+	$_php = $_;
+
+	$diffs = 0;
+	foreach ($_ini as $key => $value) {
+		if ( $value != $_[$key] ) { 
+			$diffs++;
+			echo '.ini ['.$key.'] = <span class="value">'.htmlspecialchars($_ini[$key]).'</span><br>';
+			echo '.php ['.$key.'] = <span class="value">'.htmlspecialchars($_php[$key]).'</span><br><br>';
+		}
+	}
+	echo 'End '.$lang.'<br>';
+	echo 'There were '.$diffs.' differences.<hr>';
+}
+
+/***
+$_ini = parse_ini_file($ini['EN']);
+include($php['EN']);
+$_php = $_;
+
+$diffs = 0;
+foreach ($_ini as $key => $value) {
+	if ( $value != $_[$key] ) { 
+		$diffs++;
+		echo $ini['EN'].'['.$key.'] = '.htmlspecialchars($_ini[$key]).'<br>';
+		echo $php['EN'].'['.$key.'] = '.htmlspecialchars($_php[$key]).'<br><br>';
+	}
+}
+echo 'There were '.$diffs.' differences.<br>';
+***/
+?>

From 549ac79e35274f7be378111eced8a28fe296990e Mon Sep 17 00:00:00 2001
From: Self-Evident <selfevidenttruths@mail.com>
Date: Wed, 1 Aug 2012 23:45:00 -0400
Subject: [PATCH 123/228] Version 3.3.07 Language files are now in php format,
 instead of ini. Moved version check down, after Load_Language(). Otherwise,
 instead of exit message,   an error would display since the language array,
 $_, had not yet been loaded. Defined constants PHP_VERSION_ID_REQUIRED &
 PHP_VERSION_REQUIRED for version testing.   Currently = 50000 & "5.0 +"
 respectively. Adjusted the language text in $_['OFCMS_requires'].
 Session_Startup(): Removed some unneccessary variables in global line.
 Edit_Page():       Removed some unneccessary variables in global line. Added
 $TO_WARNING system value for use in timer scripts. Login_response(): Trim any
 incidental leading or trailing spaces from p/w & u/n                   before
 verification. Started using ob_start() & ob_get_contents() to capture
 early/undesired output. Updated the readme.

---
 OneFileCMS.LANG.DE.php       | 238 ++++++++++++++
 OneFileCMS.LANG.EN.php       | 238 ++++++++++++++
 OneFileCMS.LANG.ES.php       | 238 ++++++++++++++
 OneFileCMS_structure.txt     |  12 +-
 old_lang_files/lang_comp.php |  67 ----
 onefilecms.php               | 587 ++++++++++++++++++-----------------
 6 files changed, 1014 insertions(+), 366 deletions(-)
 create mode 100755 OneFileCMS.LANG.DE.php
 create mode 100755 OneFileCMS.LANG.EN.php
 create mode 100755 OneFileCMS.LANG.ES.php
 delete mode 100755 old_lang_files/lang_comp.php

diff --git a/OneFileCMS.LANG.DE.php b/OneFileCMS.LANG.DE.php
new file mode 100755
index 0000000..d5b8f78
--- /dev/null
+++ b/OneFileCMS.LANG.DE.php
@@ -0,0 +1,238 @@
+<?php
+// OneFileCMS Language Settings v3.3.07
+//
+$_['LANGUAGE'] = 'Deutsch';
+
+//Übersetzungen:
+//==============
+//Move=Verschieben ;Directory or Folder=Ordner ;Create=erstellen ;Log In=anmelden
+//;Log out=abmelden ;reset=zurücksetzen ;session=sitzung ;expired=abgelaufen ;exist=bestehen 
+//;configuration section=Konfigurationsbereich ;hash=Streuwert ;button: knopf ;Anrede: Sie
+
+// Remember to slash-escape any single quotes that may be within a value:  \'
+// The back-slash itself, if to be part of the text to display, may or may not 
+// also need to be escaped:  \\
+
+
+// In some instances, some langauges may use significantly longer words or phrases than others.
+// So, a smaller font or less spacing may be desirable in those places to preserve page layout.
+//
+$_['front_links_font_size'] = '.9em'; //Buttons on Index page.
+$_['front_links_margin_R']  = '.5em';
+$_['button_font_size']      = '.7em'; //Buttons on Edit page.
+$_['button_margin_L']       = '.5em';
+$_['button_padding']        = '4px 5px';
+$_['image_info_font_size']  = '.95em'; //show_img_msg_01  &  _02 
+$_['image_info_pos']        = '1'; //If 1 or true, moves the info down a line for more space.
+
+
+$_['Upload_File'] = 'Datei heraufladen';
+$_['New_File']    = 'Datei erstellen';
+$_['Ren_Move']    = 'Umbenennen/Verschieben';
+$_['Ren_Moved']   = 'Umbenannt/Verschoben';
+$_['New_Folder']  = 'Neuer Ordner';
+$_['Ren_Folder']  = 'Ordner umbenennen/verschieben';
+$_['Del_Folder']  = 'Ordner löschen';
+
+$_['Admin']  = 'Konfiguration';
+$_['Enter']  = 'Eintreten';
+$_['Edit']   = 'Bearbeiten';
+$_['Close']  = 'Schließen';
+$_['Cancel'] = 'Abbrechen';
+$_['Upload'] = 'Heraufladen';
+$_['Create'] = 'Erstellen';
+$_['Copy']   = 'Kopieren';
+$_['Copied'] = 'Kopiert';
+$_['Rename'] = 'Umbenennen';
+$_['Delete'] = 'Löschen';
+$_['DELETE'] = 'LÖSCHEN';
+$_['File']   = 'Datei';
+$_['Folder'] = 'Ordner';
+
+$_['Log_In']  = 'Anmelden';
+$_['Log_Out'] = 'Abmelden';
+
+$_['Hash']    = 'Hash';
+$_['pass_to_hash']  = 'Password to hash:';
+$_['Generate_Hash'] = 'Hash generieren';
+
+$_['save_1']      = 'Speichern';
+$_['save_2']      = 'ÄNDERUNGEN SPEICHERN!';
+$_['reset']       = 'Zurücksetzen - Änderungen verwerfen';
+$_['Wide_View']   = 'Breitenadaptierte Ansicht';
+$_['Normal_View'] = 'Normale Ansicht';
+
+$_['on_']      = 'läuft unter';
+
+$_['verify_msg_01'] = 'Sitzung abgelaufen.';
+$_['verify_msg_02'] = 'UNGÜLTIGE DATENSENDUNG';
+
+$_['get_get_msg_01'] = 'Die Datei wurde nicht gefunden:';
+
+$_['check_path_msg_01'] = 'Das Verzeichnis wurde nicht gefunden: ';
+
+$_['ord_msg_01'] = 'Eine Datei mit demselben Namen existiert bereits im Zielverzeichnis.';
+$_['ord_msg_02'] = 'Speichern als';
+
+$_['show_img_msg_01'] = 'Die Bilddarstellung entspricht ~';
+$_['show_img_msg_02'] = '% der wahren Größe (W x H = ';
+
+$_['hash_h2']     = 'Streuwertgenerierung für das Passwort';
+$_['hash_txt_01'] = 'Es gibt zwei Wege, wie Sie Ihr OneFileCMS-Passwort ändern können:';
+$_['hash_txt_02'] = '1) Verwenden Sie die Konfigurationsvariable $PASSWORD, um Ihr gewünschtes Passwort zu speichern. In diesem Fall sollte $USE_HASH auf 0 gesetzt werden.';
+$_['hash_txt_03'] = '2) Oder Sie verwenden die Konfigurationsvariable $HASHWORD, um den Streuwert Ihres Passwortes zu speichern. Setzen Sie $USE_HASH in diesem Fall auf 1.';
+$_['hash_txt_04'] = 'Bitte denken Sie daran, dass es sich hierbei großteils um eine akademische übung handelt. Die Verwendung eines Streuwerts trägt viel zur Sicherheit bei und erlaubt Ihnen, das Passwort nicht in Klarschrift speichern zu müssen.';
+$_['hash_txt_05'] = 'Um die $HASHWORD Option verwenden zu können:';
+$_['hash_txt_06'] = 'Tippen Sie das gewünschte Passwort in das Eingabefeld und drücken Sie Enter.';
+$_['hash_txt_07'] = 'Der Streuwert wird in einer gelben Box überhalb angezeigt werden.';
+$_['hash_txt_08'] = 'Kopieren Sie den neuen Streuwert und fügen Sie ihn in den Konfigurationsbereich als Wert der Variable $HASHWORD ein.';
+$_['hash_txt_09'] = 'Stellen Sie sicher, dass Sie den GESAMTEN Streuwert -- und nur diesen (keine führenden oder nachgestellten Leerzeichen, etc.) -- kopiert haben.';
+$_['hash_txt_10'] = 'Ein Doppelklick sollte den Streuwert auswählen...';
+$_['hash_txt_11'] = 'Stellen Sie sicher, dass $USE_HASH auf 1 oder true gesetzt wurde.';
+$_['hash_txt_12'] = 'Wenn die Werte eingetragen wurden, melden Sie sich ab und wieder an.';
+$_['hash_txt_13'] = 'Sie können auch OneFileCMS selbst bearbeiten.  Legen Sie aber sicherheitshalber eine Kopie an, falls es zu einem unerwünschten Schreibfehler kommt...';
+$_['hash_txt_14'] = 'Eine weitere, kleine Sicherheitsvorkehrung wäre, das Salz oder die Methode für die Streuwertgenerierung von OneFileCMS zu ändern.';
+
+$_['hash_msg_01'] = 'Passwort: ';
+$_['hash_msg_02'] = 'Streuwert    : ';
+
+$_['login_h2']     = 'Anmelden';
+$_['login_txt_01'] = 'Benutzername:';
+$_['login_txt_02'] = 'Password:';
+
+$_['login_msg_01a'] = 'Es wurden ';
+$_['login_msg_01b'] = ' ungültige Anmeldversuche gezählt.';
+$_['login_msg_02a'] = 'Bitte warten Sie ';
+$_['login_msg_02b'] = 'Sekunden, um es erneut zu probieren.';
+$_['login_msg_03']  = 'UNGÜLTIGER ANMELDEVERSUCH #';
+
+$_['edit_note_00']  = 'ANMKERUNG:';
+$_['edit_note_01a'] = 'Denken Sie immer daran: Ihre ';
+$_['edit_note_01b'] = ' ist ';
+$_['edit_note_02']  = 'Speichern Sie Änderungen bevor der Countdown abläuft, oder die Änderungen sind verloren!';
+$_['edit_note_03']  = 'Einige Browser (wie zum Beispiel Chrome) zeigen eventuell nicht den richtigen Dateistatus an, wenn man die Vor- und Zurückknöpfe verwendet. Zum Korrigieren offensichtlich falscher Angaben drücken Sie in so einem Fall bitte den "Neu laden"-Knopf.';
+$_['edit_note_04']  = 'Die XSS-Filter des Chrome Browsers deaktivieren möglicherweise einige JavaScript-Funktionen, wenn diese in einem gewissen Kontext auftreten. Das kann sich auf einige Features des OneFileCMS auswirken. Trotzdem können solche Dateien bearbeitet und gespeichert werden. Allerdings bleibt die Hintergrundfarbe immer gleich; Änderungen an der Datei werden sonst mit wechselnden Hintergrundfarben (rot und grün) dargestellt.';
+
+$_['edit_h2_1']   = 'Betrachtend: ';
+$_['edit_h2_2']   = 'In Bearbeitung: ';
+$_['edit_txt_01'] = 'Unbekannter Dateityp oder keine Textdatei. Bearbeitungsmöglichkeit ausgeschalten.';
+$_['edit_txt_02'] = 'Die Datei enthält möglicherweise ungültige Zeichen. Der Bearbeitungs- und Betrachtungsmodus wurde gesperrt.';
+$_['edit_txt_03'] = 'htmlspecialchars() gab eine leere Zeichenkette zurück.';
+$_['edit_txt_04'] = 'Das Verhalten kann je nach verwendeter PHP-Version unterschiedlich sein.';
+
+$_['too_large_to_edit_01a'] = 'Bearbeitungsfunktion deaktiviert. Dateigröße > ';
+$_['too_large_to_edit_01b'] = ' bytes.';
+$_['too_large_to_edit_02']  = 'Einige Browser (wie zum Beispiel der Internet Explorer) bleiben stecken oder werden instabil, sobald größere Textmengen in einer HTML <textarea> bearbeitet werden.';
+$_['too_large_to_edit_03']  = 'Die Einstellung $MAX_EDIT_SIZE im Konfigurationsbereich des OneFileCMS kann nach den Erfordernissen angepaßt werden.';
+$_['too_large_to_edit_04']  = 'Mittels einfachem Trial & Error kann das optimale Limit für einen bestimmten Browser und Computer festgestellt werden.';
+
+$_['too_large_to_view_01a'] = 'Betrachtungsmodus deaktiviert. Filesize > ';
+$_['too_large_to_view_01b'] = ' Bytes.';
+$_['too_large_to_view_02']  = 'Klicken Sie auf den Dateinamen überhalb, um die Datei direkt im Browser anzuzeigen.';
+$_['too_large_to_view_03']  = 'Adjustieren Sie die $MAX_VIEW_SIZE im Konfigurationsbereich von OneFileCMS nach Ihren Bedürfnissen.';
+$_['too_large_to_view_04']  = '(The default value for $MAX_VIEW_SIZE is completely arbitrary, and may be adjusted as desired.)';
+
+$_['meta_txt_01'] = 'Dateigröße: ';
+$_['meta_txt_02'] = ' Bytes.';
+$_['meta_txt_03'] = 'Zuletzt aktualisiert am/um: ';
+
+$_['edit_msg_01'] = 'Die Datei wurde gespeichert: ';
+$_['edit_msg_02'] = 'Bytes geschrieben.';
+$_['edit_msg_03'] = 'Bei dem Versuch die Datei zu speichern trat ein Fehler auf.';
+
+$_['upload_h2']     = 'Datei heraufladen';
+$_['upload_txt_01'] = '  per upload_max_filesize in php.ini.';
+$_['upload_txt_02'] = 'per post_max_size in php.ini';
+$_['upload_txt_03'] = 'Anmerkung: Die maximale Dateigröße für das Heraufladen von Dateien beträgt: ';
+
+$_['upload_err_01a'] = 'Fehler 1: Die Datei ist zu groß.  ';
+$_['upload_err_01b'] = ' (Einschränkung durch php.ini)';
+$_['upload_err_02a'] = 'Fehler 2: Die Datei ist zu groß.  ';
+$_['upload_err_02b'] = ' (Einschränkung durch OneFileCMS)';
+$_['upload_err_03']  = 'Fehler 3: Die Datei wurde nur teilweise heraufgeladen.';
+$_['upload_err_04']  = 'Fehler 4: Es wurde keine Datei heraufgeladen.';
+$_['upload_err_05']  = 'Fehler 5:';
+$_['upload_err_06']  = 'Fehler 6: Konnte kein temporäres Verzeichnis finden.';
+$_['upload_err_07']  = 'Fehler 7: Die Datei konnte nicht gespeichert werden.';
+$_['upload_err_08']  = 'Fehler 8: Eine PHP-Erweiterung hat das Heraufladen der Datei gestoppt.';
+
+$_['upload_msg_01'] = 'Es wurde keine Datei zum Heraufladen gewählt.';
+$_['upload_msg_02'] = 'Der Zielordner existiert nicht: ';
+$_['upload_msg_03'] = 'Das Heraufladen wurde abgebrochen.';
+$_['upload_msg_04'] = 'Heraufladen: ';
+$_['upload_msg_05'] = 'Das Heraufladen war erfolgreich! ';
+$_['upload_msg_06'] = 'Das Heraufladen ist fehlgeschlagen: ';
+
+$_['new_file_h2'] = 'Neue Datei';
+$_['new_file_txt_01'] = 'Die Datei wird im aktuellen Ordner erstellt.  ';
+$_['new_file_txt_02'] = 'Ungültige Zeichen für Dateinamen sind: ';
+
+$_['new_file_msg_01'] = 'Die neue Datei wurde nicht erstellt:';
+$_['new_file_msg_02'] = 'Der Name enthält ungültige Zeichen: ';
+$_['new_file_msg_03'] = 'Es wurde keine Datei erstellt, da kein Name eingegeben wurde';
+$_['new_file_msg_04'] = 'Die Datei besteht bereits: ';
+$_['new_file_msg_05'] = 'Datei erstellt:';
+$_['new_file_msg_06'] = 'Fehler - die Datei konnte nicht erstellt werden:';
+
+$_['CRM_txt_01']  = 'Um eine Datei oder einen Ordner zu verschieben, ändern Sie den pfad/zur/datei/oder/dem/verzeichnis. Der neue Ort muss bereits existieren.';
+$_['CRM_txt_02']  = 'Alter Name:';
+$_['CRM_txt_03']  = 'Neuer Name:';
+
+$_['CRM_msg_01']  = ' Fehler - der neue Zielort besteht nicht:';
+$_['CRM_msg_02']  = ' Fehler - die Quelldatei besteht nicht:';
+$_['CRM_msg_03']  = ' Fehler - die Zieldatei besteht bereits:';
+$_['CRM_msg_04']  = ' zu ';
+$_['CRM_msg_05a'] = 'Fehler während ';
+$_['CRM_msg_05b'] = ' des folgenden Vorgangs:';
+
+$_['delete_h2'] = 'Datei löschen';
+$_['delete_txt_01'] = 'Sind Sie sicher?';
+
+$_['delete_msg_01'] = 'Gelöschte Datei:';
+$_['delete_msg_02'] = 'Während des Löschvorgangs trat ein Fehler auf ';
+
+$_['new_folder_h2'] = 'Neuer Ordner';
+$_['new_folder_txt_1'] = 'Der neue Ordner wird als Unterordner des aktuellen Ordners angelegt.  ';
+$_['new_folder_txt_2'] = 'Ungültige Zeichen für Ordnernamen sind: ';
+
+$_['new_folder_msg_01'] = 'Der Ordner konnte nicht erstellt werden:';
+$_['new_folder_msg_02'] = 'Der Name enthält ungültige Zeichen: ';
+$_['new_folder_msg_03'] = 'Es wurde kein Ordner erstellt, da kein Name dafür eingegeben wurde.';
+$_['new_folder_msg_04'] = 'Der Ordner besteht bereits: ';
+$_['new_folder_msg_05'] = 'Ordner erstellt:';
+$_['new_folder_msg_06'] = 'Fehler - der Ordner konnte nicht erstellt werden: ';
+
+$_['delete_folder_h2']     = 'Ordner löschen';
+$_['delete_folder_txt_01'] = 'Sind Sie sicher?';
+
+$_['delete_folder_msg_01'] = 'Der Ordner ist nicht leer.   Bevor ein Ordner gelöscht werden kann, muss er geleert werden.';
+$_['delete_folder_msg_02'] = 'Gelöschter Ordner:';
+$_['delete_folder_msg_03'] = 'während des Löschvorgangs trat ein Fehler auf.';
+
+$_['page_title_login']      = 'Anmelden';
+$_['page_title_hash']       = 'Hash Page';
+$_['page_title_edit']       = 'Datei bearbeiten/betrachten';
+$_['page_title_upload']     = 'Datei heraufladen';
+$_['page_title_new_file']   = 'Neue Datei';
+$_['page_title_copy']       = 'Datei kopieren';
+$_['page_title_ren']        = 'Datei umbenennen';
+$_['page_title_del']        = 'Datei löschen';
+$_['page_title_folder_new'] = 'Neuer Ordner';
+$_['page_title_folder_ren'] = 'Ordner umbenennen/verschieben';
+$_['page_title_folder_del'] = 'Ordner löschen';
+
+$_['session_warning'] = 'Achtung: Die sitzung wird ende bald!';
+$_['session_expired'] = 'SITZUNG ABGELAUFEN';
+$_['unload_unsaved']  = '               Nicht gespeicherte Änderungen gehen verloren!';
+$_['confirm_reset']   = 'Soll der Inhalt der Datei zurückgesetzt werden (Änderungen gehen verloren)?';
+
+$_['OFCMS_requires']  = 'OneFileCMS erfordert PHP';
+
+$_['logout_msg']       = 'Sie wurden erfolgreich abgemeldet.';
+$_['folder_del_msg']   = 'Der Ordner ist nicht leer.   Der Ordner muss leer sein, bevor er gelöscht werden kann.';
+$_['upload_error_01a'] = ' Fehler beim Heraufladen.  Die Gesamtmenge and heraufgeladenen Daten (in Hauptsache die Datei) überschreitet die post_max_size = ';
+$_['upload_error_01b'] = ' (der php.ini)';
+$_['edit_caution_01']  = 'ACHTUNG ';
+$_['edit_caution_02']  = ' Sie bearbeiten gerade die aktive Version von OneFileCMS - Sichern Sie den Code und seien Sie vorsichtig !!';
+
+$_['time_out_txt'] = 'Automatischer Sitzungsstopp in:';
diff --git a/OneFileCMS.LANG.EN.php b/OneFileCMS.LANG.EN.php
new file mode 100755
index 0000000..5e4fea5
--- /dev/null
+++ b/OneFileCMS.LANG.EN.php
@@ -0,0 +1,238 @@
+<?php
+// OneFileCMS Language Settings v3.3.07
+
+$_['LANGUAGE'] = 'English';
+
+// These are the default values included directly in onefilecms.php.
+//
+// If no translation or value is desired for a particular setting, do not delete
+// the actual setting variable, just set it to an empty string.
+// For example:  $_['some_unused_setting'] = '';
+//
+// Remember to slash-escape any single quotes that may be within a value:  \'
+// The back-slash itself, if to be part of the text to display, may or may not
+// also need to be escaped:  \\
+
+
+// In some instances, some langauges may use significantly longer words or phrases than others.
+// So, a smaller font or less spacing may be desirable in those places to preserve page layout.
+//
+$_['front_links_font_size'] =  '1em'; //Buttons on Index page.
+$_['front_links_margin_R']  =  '1em';
+$_['button_font_size']      = '.9em'; //Buttons on Edit page.
+$_['button_margin_L']       = '.5em';
+$_['button_padding']        = '4px 10px';
+$_['image_info_font_size']  =  '1em'; //show_img_msg_01  &  _02 
+$_['image_info_pos']        = ''; //If 1 or true, moves the info down a line for more space.
+
+
+$_['Upload_File'] = 'Upload File';
+$_['New_File']    = 'New File';
+$_['Ren_Move']    = 'Rename/Move';
+$_['Ren_Moved']   = 'Renamed/Moved';
+$_['New_Folder']  = 'New Folder';
+$_['Ren_Folder']  = 'Rename/Move Folder';
+$_['Del_Folder']  = 'Delete Folder';
+
+$_['Admin']  = 'Admin';
+$_['Enter']  = 'Enter';
+$_['Edit']   = 'Edit';
+$_['Close']  = 'Close';
+$_['Cancel'] = 'Cancel';
+$_['Upload'] = 'Upload';
+$_['Create'] = 'Create';
+$_['Copy']   = 'Copy';
+$_['Copied'] = 'Copied';
+$_['Rename'] = 'Rename';
+$_['Delete'] = 'Delete';
+$_['DELETE'] = 'DELETE';
+$_['File']   = 'File';
+$_['Folder'] = 'Folder';
+
+$_['Log_In']  = 'Log In';
+$_['Log_Out'] = 'Log Out';
+
+$_['Hash']    = 'Hash';
+$_['pass_to_hash']  = 'Password to hash:';
+$_['Generate_Hash'] = 'Generate Hash';
+
+$_['save_1']      = 'Save';
+$_['save_2']      = 'SAVE CHANGES!';
+$_['reset']       = 'Reset - loose changes';
+$_['Wide_View']   = 'Wide View';
+$_['Normal_View'] = 'Normal View';
+
+$_['on_']      = 'on';
+
+$_['verify_msg_01'] = 'Session expired.';
+$_['verify_msg_02'] = 'INVALID POST';
+
+$_['get_get_msg_01'] = 'File does not exist:';
+
+$_['check_path_msg_01'] = 'Directory does not exist: ';
+
+$_['ord_msg_01'] = 'A file with that name already exists in the target directory.';
+$_['ord_msg_02'] = 'Saving as';
+
+$_['show_img_msg_01'] = 'Image shown at ~';
+$_['show_img_msg_02'] = '% of full size (W x H =';
+
+$_['hash_h2']     = 'Generate a Password Hash';
+$_['hash_txt_01'] = 'There are two ways to change your OneFileCMS password:';
+$_['hash_txt_02'] = '1) Use the $PASSWORD config variable to store your desired password, and set $USE_HASH = 0 (zero).';
+$_['hash_txt_03'] = '2) Or, use $HASHWORD to store the hash of your password, and set $USE_HASH = 1.';
+$_['hash_txt_04'] = 'Keep in mind that due to a number of widely varied considerations, this is largely an academic excersize. That is, take the idea that this adds much of an improvement to security with a grain of cryptographic salt.	However, it does eleminate the storage of your password in plain text, which is a good thing.';
+$_['hash_txt_05'] = 'Anyway, to use the $HASHWORD password option:';
+$_['hash_txt_06'] = 'Type your desired password in the input field above and hit Enter.';
+$_['hash_txt_07'] = 'The hash will be displayed in a yellow message box above that.';
+$_['hash_txt_08'] = 'Copy and paste the new hash to the $HASHWORD variable in the config section.';
+$_['hash_txt_09'] = 'Make sure to copy ALL of, and ONLY, the hash (no leading or trailing spaces etc).';
+$_['hash_txt_10'] = 'A double-click should select it...';
+$_['hash_txt_11'] = 'Make sure $USE_HASH is set to 1 (or true).';
+$_['hash_txt_12'] = 'When ready, logout and login.';
+$_['hash_txt_13'] = 'You can use OneFileCMS to edit itself.  However, be sure to have a backup ready for the inevitable ytpo...';
+$_['hash_txt_14'] = 'For another small improvement to security, change the default salt and/or method used by OneFileCMS to hash the password (and keep them secret, of course).  Remever, every little bit helps...';
+
+$_['hash_msg_01'] = 'Password: ';
+$_['hash_msg_02'] = 'Hash    : ';
+
+$_['login_h2']     = 'Log In';
+$_['login_txt_01'] = 'Username:';
+$_['login_txt_02'] = 'Password:';
+
+$_['login_msg_01a'] = 'There have been ';
+$_['login_msg_01b'] = 'invalid login attempts.';
+$_['login_msg_02a'] = 'Please wait';
+$_['login_msg_02b'] = 'seconds to try again.';
+$_['login_msg_03']  = 'INVALID LOGIN ATTEMPT #';
+
+$_['edit_note_00']  = 'NOTES:';
+$_['edit_note_01a'] = 'Remember- your';
+$_['edit_note_01b'] = 'is';
+$_['edit_note_02']  = 'So save changes before the clock runs out, or the changes will be lost!';
+$_['edit_note_03']  = 'With some browsers, such as Chrome, if you click the browser [Back] then browser [Forward], the file state may not be accurate.  To correct, click the browser\'s [Reload].';
+$_['edit_note_04']  = 'Chrome may disable some javascript in a page if the page even appears to contain inline javascript in certain contexts.  This can affect some features of the OneFileCMS edit page when editing files that legitimately contain such code, such as OneFileCMS itself.  However, such files can still be edited and saved with OneFileCMS.  The primary function lost is the incidental change of background colors (red/green) indicating whether or not the file has unsaved changes.  The issue will be noticed after the first save of such a file.';
+
+$_['edit_h2_1']   = 'Viewing:';
+$_['edit_h2_2']   = 'Editing:';
+$_['edit_txt_01'] = 'Non-text or unkown file type. Edit disabled.';
+$_['edit_txt_02'] = 'File possibly contains an invalid character. Edit and view disabled.';
+$_['edit_txt_03'] = 'htmlspecialchars() returned an empty string from what may be an otherwise valid file.';
+$_['edit_txt_04'] = 'This behavior can be inconsistant from version to version of php.';
+
+$_['too_large_to_edit_01a'] = 'Edit disabled. Filesize >';
+$_['too_large_to_edit_01b'] = 'bytes.';
+$_['too_large_to_edit_02'] = 'Some browsers (ie: IE) bog down or become unstable while editing a large file in an HTML <textarea>.';
+$_['too_large_to_edit_03'] = 'Adjust $MAX_EDIT_SIZE in the configuration section of OneFileCMS as needed.';
+$_['too_large_to_edit_04'] = 'A simple trial and error test can determine a practical limit for a given browser/computer.';
+
+$_['too_large_to_view_01a'] = 'View disabled. Filesize >';
+$_['too_large_to_view_01b'] = 'bytes.';
+$_['too_large_to_view_02'] = 'Click the file name above to view as normally rendered in a browser window.';
+$_['too_large_to_view_03'] = 'Adjust $MAX_VIEW_SIZE in the configuration section of OneFileCMS as needed.';
+$_['too_large_to_view_04'] = '(The default value for $MAX_VIEW_SIZE is completely arbitrary, and may be adjusted as desired.)';
+
+$_['meta_txt_01'] = 'Filesize:';
+$_['meta_txt_02'] = 'bytes.';
+$_['meta_txt_03'] = 'Updated:';
+
+$_['edit_msg_01'] = 'File saved:';
+$_['edit_msg_02'] = 'bytes written.';
+$_['edit_msg_03'] = 'There was an error saving file.';
+
+$_['upload_h2']     = 'Upload File';
+$_['upload_txt_01'] = 'per upload_max_filesize in php.ini.';
+$_['upload_txt_02'] = 'per post_max_size in php.ini';
+$_['upload_txt_03'] = 'Note: Maximum upload file size is:';
+
+$_['upload_err_01a'] = 'Error 1: File too large.';
+$_['upload_err_01b'] = '(From php.ini)';
+$_['upload_err_02a'] = 'Error 2: File too large.';
+$_['upload_err_02b'] = '(From OneFileCMS)';
+$_['upload_err_03']  = 'Error 3: The uploaded file was only partially uploaded.';
+$_['upload_err_04']  = 'Error 4: No file was uploaded.';
+$_['upload_err_05']  = 'Error 5:';
+$_['upload_err_06']  = 'Error 6: Missing a temporary folder.';
+$_['upload_err_07']  = 'Error 7: Failed to write file to disk.';
+$_['upload_err_08']  = 'Error 8: A PHP extension stopped the file upload.';
+
+$_['upload_msg_01'] = 'No file selected for upload.';
+$_['upload_msg_02'] = 'Destination folder does not exist: ';
+$_['upload_msg_03'] = 'Upload cancelled.';
+$_['upload_msg_04'] = 'Uploading:';
+$_['upload_msg_05'] = 'Upload successful!';
+$_['upload_msg_06'] = 'Upload failed:';
+
+$_['new_file_h2']     = 'New File';
+$_['new_file_txt_01'] = 'File will be created in the current folder.';
+$_['new_file_txt_02'] = 'Some invalid characters are: ';
+
+$_['new_file_msg_01'] = 'New file not created:';
+$_['new_file_msg_02'] = 'Name contains invalid character(s):';
+$_['new_file_msg_03'] = 'New file not created - no name given';
+$_['new_file_msg_04'] = 'File already exists:';
+$_['new_file_msg_05'] = 'Created file:';
+$_['new_file_msg_06'] = 'Error - new file not created:';
+
+$_['CRM_txt_01']  = 'To move a file or folder, change the path/to/folder/or_file. The new location must already exist.';
+$_['CRM_txt_02']  = 'Old name:';
+$_['CRM_txt_03']  = 'New name:';
+
+$_['CRM_msg_01'] = 'Error - new parent location does not exist:';
+$_['CRM_msg_02'] = 'Error - source file does not exist:';
+$_['CRM_msg_03'] = 'Error - target filename already exists:';
+$_['CRM_msg_04'] = 'to';
+$_['CRM_msg_05a'] = 'Error during';
+$_['CRM_msg_05b'] = 'from the above to the following:';
+
+$_['delete_h2']     = 'Delete File';
+$_['delete_txt_01'] = 'Are you sure?';
+
+$_['delete_msg_01'] = 'Deleted file:';
+$_['delete_msg_02'] = 'Error deleting';
+
+$_['new_folder_h2']    = 'New Folder';
+$_['new_folder_txt_1'] = 'Folder will be created in the current folder.';
+$_['new_folder_txt_2'] = 'Some invalid characters are:';
+
+$_['new_folder_msg_01'] = 'New folder not created:';
+$_['new_folder_msg_02'] = 'Name contains invalid character(s):';
+$_['new_folder_msg_03'] = 'New folder not created - no name given.';
+$_['new_folder_msg_04'] = 'Folder already exists:';
+$_['new_folder_msg_05'] = 'Created folder:';
+$_['new_folder_msg_06'] = 'Error - new folder not created:';
+
+$_['delete_folder_h2']     = 'Delete Folder';
+$_['delete_folder_txt_01'] = 'Are you sure?';
+
+$_['delete_folder_msg_01'] = 'Folder not empty.   Folders must be empty before they can be deleted.';
+$_['delete_folder_msg_02'] = 'Deleted folder:';
+$_['delete_folder_msg_03'] = 'an error occurred during delete.';
+
+$_['page_title_login']      = 'Log In';
+$_['page_title_hash']       = 'Hash Page';
+$_['page_title_edit']       = 'Edit/View File';
+$_['page_title_upload']     = 'Upload File';
+$_['page_title_new_file']   = 'New File';
+$_['page_title_copy']       = 'Copy File';
+$_['page_title_ren']        = 'Rename File';
+$_['page_title_del']        = 'Delete File';
+$_['page_title_folder_new'] = 'New Folder';
+$_['page_title_folder_ren'] = 'Rename/Move Folder';
+$_['page_title_folder_del'] = 'Delete Folder';
+
+$_['session_warning'] = 'Warning: Session timeout soon!';
+$_['session_expired'] = 'SESSION EXPIRED';
+$_['unload_unsaved']  = '               Unsaved changes will be lost!';
+$_['confirm_reset']   = 'Reset file and loose unsaved changes?';
+
+$_['OFCMS_requires']  = 'OneFileCMS requires PHP';
+
+$_['logout_msg']       = 'You have successfully logged out.';
+$_['folder_del_msg']   = 'Folder not empty.   Folders must be empty before they can be deleted.';
+$_['upload_error_01a'] = 'Upload Error.  Total POST data (mostly filesize) exceeded post_max_size =';
+$_['upload_error_01b'] = '(from php.ini)';
+$_['edit_caution_01']  = 'CAUTION';
+$_['edit_caution_02']  = 'You are editing the active copy of OneFileCMS - BACK IT UP & BE CAREFUL !!';
+
+$_['time_out_txt'] = 'Session time out in:';
diff --git a/OneFileCMS.LANG.ES.php b/OneFileCMS.LANG.ES.php
new file mode 100755
index 0000000..76b74b5
--- /dev/null
+++ b/OneFileCMS.LANG.ES.php
@@ -0,0 +1,238 @@
+<?php
+// OneFileCMS Language Settings v3.3.07
+
+$_['LANGUAGE'] = 'Espanõla';
+
+//
+//
+// If no translation or value is desired for a particular setting, do not delete
+// the actual setting variable, just set it to an empty string.
+// For example:  $_['some_unused_setting'] = '';
+//
+// Remember to slash-escape any single quotes that may be within a value:  \'
+// The back-slash itself, if to be part of the text to display, may or may not 
+// also need to be escaped:  \\
+
+
+// In some instances, some langauges may use significantly longer words or phrases than others.
+// So, a smaller font or less spacing may be desirable in those places to preserve page layout.
+//
+$_['front_links_font_size'] =  '1em'; //Buttons on Index page.
+$_['front_links_margin_R']  = '.5em';
+$_['button_font_size']      = '.9em'; //Buttons on Edit page.
+$_['button_margin_L']       = '.4em';
+$_['button_padding']        = '4px 5px';
+$_['image_info_font_size']  = '.95em';//show_img_msg_01  &  _02 
+$_['image_info_pos']        = ''; //If 1 or true, moves the info down a line for more space.
+
+
+$_['Upload_File'] = 'Subir Archivo';
+$_['New_File']    = 'Archivo Nuevo';
+$_['Ren_Move']    = 'Renombrar/Mover';
+$_['Ren_Moved']   = 'Renombrado/Movido';
+$_['New_Folder']  = 'Carpeta Nueva';
+$_['Ren_Folder']  = 'Renombrar/Mover Carpeta';
+$_['Del_Folder']  = 'Borrar Carpeta';
+
+$_['Admin']  = 'Administrador';
+$_['Enter']  = 'Entrar';
+$_['Edit']   = 'Editar';
+$_['Close']  = 'Cerrar';
+$_['Cancel'] = 'Cancelar';
+$_['Upload'] = 'Subir';
+$_['Create'] = 'Crear';
+$_['Copy']   = 'Copiar';
+$_['Copied'] = 'Copiado';
+$_['Rename'] = 'Renombrar';
+$_['Delete'] = 'Eliminar';
+$_['DELETE'] = 'ELIMINAR';
+$_['File']   = 'Archivo';
+$_['Folder'] = 'Carpeta';
+
+$_['Log_In']  = 'Iniciar Sesión';
+$_['Log_Out'] = 'Cerrar Sesión';
+
+$_['Hash']    = 'Cadena';
+$_['pass_to_hash']  = 'Contraseña para calcular el hash:';
+$_['Generate_Hash'] = 'Generar Cadena';
+
+$_['save_1']      = 'Guardar';
+$_['save_2']      = '¡GUARDAR CAMBIOS!';
+$_['reset']       = 'Reiniciar - perder los cambios';
+$_['Wide_View']   = 'Vista Ampliada';
+$_['Normal_View'] = 'Vista Normal';
+
+$_['on_']      = 'activado';
+
+$_['verify_msg_01'] = 'Sesión expirada.';
+$_['verify_msg_02'] = 'POST INVÁLIDO';
+
+$_['get_get_msg_01'] = 'El archivo no existe:';
+
+$_['check_path_msg_01'] = 'El directorio no existe: ';
+
+$_['ord_msg_01'] = 'Un archivo con ese mismo nombre ya existe en el directorio asignado.';
+$_['ord_msg_02'] = 'Guardando como';
+
+$_['show_img_msg_01'] = 'Imagen mostrada a ~';
+$_['show_img_msg_02'] = '% del tamaño (W x H =';
+
+$_['hash_h2']     = 'Generar una Cadena de Contraseña';
+$_['hash_txt_01'] = 'Existen dos formas de cambiar tu contraseña:';
+$_['hash_txt_02'] = '1) Cambiando la variable $PASSWORD y asignando $USE_HASH = 0 (cero).';
+$_['hash_txt_03'] = '2) O, usando $HASHWORD para almacenar tu contraseña, y luego asignar $USE_HASH = 1.';
+$_['hash_txt_04'] = 'Tenga en cuenta que, debido a una serie de consideraciones muy variadas, esto es en gran parte un ejercicio académico. Es decir, tomar la idea de que esta es una gran mejora a la seguridad con un granito de sal de criptografía. Sin embargo, sí elimina el almacenamiento de la contraseña en texto plano, lo cual es algo bueno.';
+$_['hash_txt_05'] = 'Igualmente, para usar la opción de contraseña $HASHWORD:';
+$_['hash_txt_06'] = 'Ingresá la contraseña que quieras en la caja de texto siguiente y presioná enter.';
+$_['hash_txt_07'] = 'La cadena se mostrará en un mensaje amarillo.';
+$_['hash_txt_08'] = 'Copiá y pegá esa cadena a la variable $HASHWORD en la sección de configuración.';
+$_['hash_txt_09'] = 'Asegurate de copiar TODO y SÓLO la cadena (sin dejar espacios en blanco o demás).';
+$_['hash_txt_10'] = 'Haciendo doble click debería seleccionarlo...';
+$_['hash_txt_11'] = 'Asegurate de que $USE_HASH sea 1 (o true).';
+$_['hash_txt_12'] = 'Cuando estés listo, deslogueate y volvé a loguearte.';
+$_['hash_txt_13'] = 'Podés usar OneFileCMS para editarlo. Sin embargo, asegurate de hacer un backup...';
+$_['hash_txt_14'] = 'Para otro tip de seguridad, cambiá la llave de seguridad y/o el método usado por OneFileCMS para almacenar la clave (y mantenelo en secreto, obviamente).  Acordate, cada granito ayuda...';
+
+$_['hash_msg_01'] = 'Contraseña: ';
+$_['hash_msg_02'] = 'Cadena    : ';
+
+$_['login_h2']     = 'Iniciar sesión';
+$_['login_txt_01'] = 'Usuario:';
+$_['login_txt_02'] = 'Contraseña:';
+
+$_['login_msg_01a'] = 'Hubo ';
+$_['login_msg_01b'] = 'intentos fallidos.';
+$_['login_msg_02a'] = 'Por favor espere ';
+$_['login_msg_02b'] = 'segundos para volver a intentar.';
+$_['login_msg_03']  = 'INTENTO DE INICIO INVÁLIDO NÚMERO #';
+
+$_['edit_note_00']  = 'NOTAS:';
+$_['edit_note_01a'] = 'Recuérdalo- tu';
+$_['edit_note_01b'] = 'es';
+$_['edit_note_02']  = 'Entonces guardá antes que se acabe el tiempo, ¡o vas a perer los cambios!';
+$_['edit_note_03']  = 'Con algunos navegadores, como Chrome, si clickeás el botón del navegador [Volver] y después [Continuar], puede que el estado del archivo no sea exacto. Para corregirlo, clickeá en el botón [Recargar].';
+$_['edit_note_04']  = 'Chrome puede deshabilitar algunos textos si contienen javascript dentro en ciertos contextos.  Esto puede provocar problemas con el editor de OneFileCMS. Sin embargo, estos archivos pueden ser editados y guardados con OneFileCMS.  La función primaria que es perdida es el cambio de los colores del fondo (rojo/verde) indicando cuando o no el archivo tiene cambios no guardados.  El error se notificará después de la primera vez que se guarde ese archivo.';
+
+$_['edit_h2_1']   = 'Viendo:';
+$_['edit_h2_2']   = 'Editando:';
+$_['edit_txt_01'] = 'No texto o tipo de archivo desconocido. Edición deshabilitada.';
+$_['edit_txt_02'] = 'El archivo posiblemente contiene un caracter desconocido. Edición deshabilitada.';
+$_['edit_txt_03'] = 'htmlspecialchars() devolvió una cadena vacía de lo que debería ser un archivo válido.';
+$_['edit_txt_04'] = 'Este comportamiento puede ser inconsistente de versión a versión de PHP.';
+
+$_['too_large_to_edit_01a'] = 'Edición deshabilita. Tamaño >';
+$_['too_large_to_edit_01b'] = 'bytes.';
+$_['too_large_to_edit_02'] = 'Algunos navegadores (por ej.: IE) se vuelven inestables cuando se edita un texto largo dentro de un <textarea>.';
+$_['too_large_to_edit_03'] = 'Ajustá la variable $MAX_EDIT_SIZE en la sección de configuración de OneFileCMS como sea necesario.';
+$_['too_large_to_edit_04'] = 'Una simple prueba puede dar con el resultado necesario.';
+
+$_['too_large_to_view_01a'] = 'Vista deshabilitada. Tamaño >';
+$_['too_large_to_view_01b'] = 'bytes.';
+$_['too_large_to_view_02'] = 'Clickeá en el botón de debajo para verlo como se ve normalmente en un navegador.';
+$_['too_large_to_view_03'] = 'Ajustá $MAX_VIEW_SIZE en la sección de configuración de OneFileCMS como sea necesario.';
+$_['too_large_to_view_04'] = '(El valor por defecto para $MAX_VIEW_SIZE es completamente arbitrario, y puede ser ajustado como sea necesario.)';
+
+$_['meta_txt_01'] = 'Tamaño:';
+$_['meta_txt_02'] = 'bytes.';
+$_['meta_txt_03'] = 'Actualizado:';
+
+$_['edit_msg_01'] = 'Archivo Guardado:';
+$_['edit_msg_02'] = 'bytes escritos.';
+$_['edit_msg_03'] = 'Ocurrió un error guardando el archivo.';
+
+$_['upload_h2']     = 'Subir Archivo';
+$_['upload_txt_01'] = 'por upload_max_filesize en php.ini.';
+$_['upload_txt_02'] = 'por post_max_size en php.ini';
+$_['upload_txt_03'] = 'Nota: El tamaño máximo de subida es de:';
+
+$_['upload_err_01a'] = 'Error 1: Archivo muy largo.';
+$_['upload_err_01b'] = '(Desde php.ini)';
+$_['upload_err_02a'] = 'Error 2: Archivo muy largo.';
+$_['upload_err_02b'] = '(Desde OneFileCMS)';
+$_['upload_err_03']  = 'Error 3: El archivo se subió sólo parcialmente.';
+$_['upload_err_04']  = 'Error 4: No se subió ningún archivo.';
+$_['upload_err_05']  = 'Error 5:';
+$_['upload_err_06']  = 'Error 6: Carpeta temporal no encontrada.';
+$_['upload_err_07']  = 'Error 7: No se pudo guardar el archivo en el disco.';
+$_['upload_err_08']  = 'Error 8: Una extensión de PHP detuvo la subida del archivo.';
+
+$_['upload_msg_01'] = 'No se seleccionó ningún archivo para subirlo.';
+$_['upload_msg_02'] = 'La carpeta de destino no existe: ';
+$_['upload_msg_03'] = 'Subida cancelada.';
+$_['upload_msg_04'] = 'Subiendo:';
+$_['upload_msg_05'] = '¡Subida satisfactoria!';
+$_['upload_msg_06'] = 'Subida fallida: ';
+
+$_['new_file_h2']     = 'Archivo Nuevo';
+$_['new_file_txt_01'] = 'Se creará un archivo nuevo en la carpeta actual.';
+$_['new_file_txt_02'] = 'Algunos caracteres inválidos son: ';
+
+$_['new_file_msg_01'] = 'Archivo nuevo no creado:';
+$_['new_file_msg_02'] = 'El nombre contiene caracteres inválidos:';
+$_['new_file_msg_03'] = 'Archivo nuevo no creado - no se especificó un nombre';
+$_['new_file_msg_04'] = 'El archivo ya existe:';
+$_['new_file_msg_05'] = 'Archivo creado:';
+$_['new_file_msg_06'] = 'Error - archivo no creado:';
+
+$_['CRM_txt_01']  = 'Para mover un archivo o carpeta, cambiá el camino/hacia/la/carpeta/o_archivo. La nueva localización debe existir.';
+$_['CRM_txt_02']  = 'Nombre antiguo:';
+$_['CRM_txt_03']  = 'Nuevo nombre:';
+
+$_['CRM_msg_01'] = 'Error - la localización padre no existe:';
+$_['CRM_msg_02'] = 'Error - el archivo inicial no existe:';
+$_['CRM_msg_03'] = 'Error - el archivo de objetivo no existe:';
+$_['CRM_msg_04'] = 'hacia';
+$_['CRM_msg_05a'] = 'Error durante';
+$_['CRM_msg_05b'] = 'desde arriba a lo siguiente:';
+
+$_['delete_h2']     = 'Eliminar Archivo';
+$_['delete_txt_01'] = '¿Estás seguro?';
+
+$_['delete_msg_01'] = 'Archivo Eliminado:';
+$_['delete_msg_02'] = 'Error eliminando';
+
+$_['new_folder_h2']    = 'Nueva Carpeta';
+$_['new_folder_txt_1'] = 'La carpeta se creará dentro de la carpeta actual.';
+$_['new_folder_txt_2'] = 'Algunos caracteres inválidos son:';
+
+$_['new_folder_msg_01'] = 'Carpeta nueva no creada:';
+$_['new_folder_msg_02'] = 'El nombre contiene caracteres inválidos:';
+$_['new_folder_msg_03'] = 'Carpeta nueva no creada - no se ha asignado un nombre.';
+$_['new_folder_msg_04'] = 'La carpeta ya existe:';
+$_['new_folder_msg_05'] = 'Carpeta creada:';
+$_['new_folder_msg_06'] = 'Error - carpeta nueva no creada:';
+
+$_['delete_folder_h2']     = 'Eliminar Carpeta';
+$_['delete_folder_txt_01'] = '¿Estás seguro?';
+
+$_['delete_folder_msg_01'] = 'Carpeta no vacía.   Las carpetas deben estar vacías antes de ser eliminadas.';
+$_['delete_folder_msg_02'] = 'Carpeta eliminada:';
+$_['delete_folder_msg_03'] = 'ocurrió un error eliminándola.';
+
+$_['page_title_login']      = 'Iniciar Sesión';
+$_['page_title_hash']       = 'Página de Cadena';
+$_['page_title_edit']       = 'Editar/Ver Archivo';
+$_['page_title_upload']     = 'Subir Archivo';
+$_['page_title_new_file']   = 'Nuevo Archivo';
+$_['page_title_copy']       = 'Copiar Archivo';
+$_['page_title_ren']        = 'Renombrar Archivo';
+$_['page_title_del']        = 'Eliminar Archivo';
+$_['page_title_folder_new'] = 'Nueva Carpeta';
+$_['page_title_folder_ren'] = 'Renombrar/Mover Carpeta';
+$_['page_title_folder_del'] = 'Eliminar Carpeta';
+
+$_['session_warning'] = 'Advertencia: ¡La sesión terminará pronto!';
+$_['session_expired'] = 'SESIÓN TERMINADA';
+$_['unload_unsaved']  = '                 ¡Los cambios no guardados se perderán!';
+$_['confirm_reset']   = '¿Reiniciar el archivo y descartar cambios no guardados?';
+
+$_['OFCMS_requires']  = 'OneFileCMS necesita PHP';
+
+$_['logout_msg']       = 'Has cerrado la sesión satisfactoriamente.';
+$_['folder_del_msg']   = 'Carpeta no vacía.   Las carpetas debe estar vacías antes de poder eliminarse.';
+$_['upload_error_01a'] = 'Eror de subida.  Total de datos POST (mayormente el peso del archivo) excedido post_max_size =';
+$_['upload_error_01b'] = '(desde php.ini)';
+$_['edit_caution_01']  = 'PRECAUCIÓN';
+$_['edit_caution_02']  = 'Estás editando la copia activa de OneFileCMS - ¡HACÉ UNA COPIA DE SEGURIDAD Y TENÉ CUIDADO!';
+
+$_['time_out_txt'] = 'Tiempo de Espera de Sesión Agotado:';
diff --git a/OneFileCMS_structure.txt b/OneFileCMS_structure.txt
index 704963b..a85f0fd 100755
--- a/OneFileCMS_structure.txt
+++ b/OneFileCMS_structure.txt
@@ -1,4 +1,4 @@
-Version 3.3.06
+Version 3.3.07
 
 LICENSE
 
@@ -93,11 +93,11 @@ JAVASCRIPT & STYLESHEET FUNCTIONS:
 
 LOGIC TO DETERMINE PAGE ACTION
 	Verify good PHP version
-	Call Load_Language()
-	Call Session_Startup()
-	Call Get_GET()
-	Call Init_Macros()
-	Call Respond_to_POST()
+	Load_Language()
+	Session_Startup()
+	Get_GET()
+	Init_Macros()
+	Respond_to_POST()
 	Validate $page & $filename to show
 
 GENERATE/OUTPUT <HTML>...  
diff --git a/old_lang_files/lang_comp.php b/old_lang_files/lang_comp.php
deleted file mode 100755
index e56d87c..0000000
--- a/old_lang_files/lang_comp.php
+++ /dev/null
@@ -1,67 +0,0 @@
-<?php header('Content-type: text/html; charset=UTF-8'); ?>
-
-<style>
-* {font-family: courier}
-.value {background-color: #eee;}
-</style>
-<pre>
-This will only show "evaluated" differences between values in the ini & php files.
-For example:
-  some.LANG.ini:      some_key   = "This is a \" quote test."
-  some.LANG.php:  $_['some_key'] = 'This is a " quote test.';
-These two values will evaluate as the same- to what is shown in the php version.
-
-This next example, however, will evaluate as different:
-  some.LANG.ini:      some_key   = "This is a \" quote test."
-  some.LANG.php:  $_['some_key'] = 'This is a \" quote test.';
-These two values will evaluate as different, due to the different quoting & escaping rules of ini & php.
-
-Also, some differences in white-space may not be evident or obvious, but will still be listed.
-</pre>
-<hr>
-<?php
-$ini['DE'] = 'OneFileCMS.LANG.DE.ini';
-$php['DE'] = 'OneFileCMS.LANG.DE.php';
-
-$ini['EN'] = 'OneFileCMS.LANG.EN.ini';
-$php['EN'] = 'OneFileCMS.LANG.EN.php';
-
-$ini['ES'] = 'OneFileCMS.LANG.ES.ini';
-$php['ES'] = 'OneFileCMS.LANG.ES.php';
-
-
-foreach ($ini as $lang => $file) {
-	echo 'Start '.$lang.'<br>';
-
-	$_ini = parse_ini_file($ini[$lang]);
-	include($php[$lang]);
-	$_php = $_;
-
-	$diffs = 0;
-	foreach ($_ini as $key => $value) {
-		if ( $value != $_[$key] ) { 
-			$diffs++;
-			echo '.ini ['.$key.'] = <span class="value">'.htmlspecialchars($_ini[$key]).'</span><br>';
-			echo '.php ['.$key.'] = <span class="value">'.htmlspecialchars($_php[$key]).'</span><br><br>';
-		}
-	}
-	echo 'End '.$lang.'<br>';
-	echo 'There were '.$diffs.' differences.<hr>';
-}
-
-/***
-$_ini = parse_ini_file($ini['EN']);
-include($php['EN']);
-$_php = $_;
-
-$diffs = 0;
-foreach ($_ini as $key => $value) {
-	if ( $value != $_[$key] ) { 
-		$diffs++;
-		echo $ini['EN'].'['.$key.'] = '.htmlspecialchars($_ini[$key]).'<br>';
-		echo $php['EN'].'['.$key.'] = '.htmlspecialchars($_php[$key]).'<br><br>';
-	}
-}
-echo 'There were '.$diffs.' differences.<br>';
-***/
-?>
diff --git a/onefilecms.php b/onefilecms.php
index 404c6cf..798d841 100755
--- a/onefilecms.php
+++ b/onefilecms.php
@@ -1,7 +1,7 @@
-<?php 
+<?php
 // OneFileCMS - github.com/Self-Evident/OneFileCMS
 
-$version = '3.3.06';
+$OFCMS_version = '3.3.07';
 
 /*******************************************************************************
 Copyright © 2009-2012 https://github.com/rocktronica
@@ -31,7 +31,8 @@
 
 
 
-//Some basic security & error log settings
+//Some basic security & error log settings**************************************
+ob_start(); //Catch any early output. Closed prior to page output.
 ini_set('session.use_trans_sid', 0);    //make sure URL supplied SESSID's are not used
 ini_set('session.use_only_cookies', 1); //make sure URL supplied SESSID's are not used
 error_reporting(0); //0 for none, or (E_ALL &~ E_STRICT) for trouble-shooting.
@@ -40,6 +41,7 @@
 ini_set('error_log'     , $_SERVER['SCRIPT_FILENAME'].'.ERROR.log');
 //Determine good folder for session file? Default is tmp/, which is not secure, but it may not be a serious concern. 
 //session_save_path($safepath)  or  ini_set('session.save_path', $safepath)
+//******************************************************************************
 
 
 
@@ -54,8 +56,8 @@
 $HASHWORD = 'a6ca7f88bd5efc706d38047cc5844d2b11f86242c01e0c89a1c656dbe2dd1866'; //hash for "password"
 $SALT     = 'somerandomsalt';
 
-//$LANGUAGE_FILE = "OneFileCMS.LANG.EN.ini"; //Filename of language settings. Leave blank for built-in default.
-					 //If file is not found, built-in default will be used.
+//$LANGUAGE_FILE = "OneFileCMS.LANG.EN.php"; //Filename of language settings. Leave blank for built-in default.
+				    //If file is not found, the built-in default will be used.
 
 $MAX_ATTEMPTS  = 3;   //Max failed login attempts before LOGIN_DELAY starts.
 $LOGIN_DELAY   = 10;  //In seconds.
@@ -102,17 +104,25 @@
 //******************************************************************************
 //System values & setup
 
+//Require PHP5.  Earliest version the author has for testing is 5.2.8 (50208)
+define('PHP_VERSION_ID_REQUIRED',50000); //Ex: 5.1.23 is 50123
+define('PHP_VERSION_REQUIRED'  ,'5.0 + '); //Used in die() message.
+
+//The predefined constant PHP_VERSION_ID has only been available since 5.2.7.
+//So, convert PHP_VERSION (a string) to PHP_VERSION_ID (a number).
+//Ex: 5.1.23 converts to 50123.
+if (!defined('PHP_VERSION_ID')) {  
+	$phpversion = explode('.', PHP_VERSION);
+	define('PHP_VERSION_ID', ($phpversion[0] * 10000 + $phpversion[1] * 100 + $phpversion[2]));
+}
+
+$TO_WARNING = 120; //Seconds until $timeout_warning is displayed.
+
 //If there is one, include external config file. 
 if ( isset($config_file) && is_file($config_file) ) { include($config_file); }
 
 ini_set('session.gc_maxlifetime', $MAX_IDLE_TIME + 100); //in case the default is less.
 
-//PHP_VERSION_ID is better to use when checking current version as it's an actual number, not a string.
-if (!defined('PHP_VERSION_ID')) {            //PHP_VERSION_ID only available since 5.2.7
-    $phpversion = explode('.', PHP_VERSION); //PHP_VERSION, however, available even in older versions. (but it's a string)
-    define('PHP_VERSION_ID', ($phpversion[0] * 10000 + $phpversion[1] * 100 + $phpversion[2]));
-}
-
 $ONESCRIPT = URLencode_path($_SERVER["SCRIPT_NAME"]);
 $DOC_ROOT  = $_SERVER["DOCUMENT_ROOT"].'/';
 $WEB_ROOT  = URLencode_path(basename($DOC_ROOT)).'/';
@@ -146,245 +156,245 @@ function hte($input) { return htmlentities($input); }//end hte()****************
 
 
 function Default_Language() { // ***********************************************
-	return('
-;// OneFileCMS Language Settings
-
-LANGUAGE = "English (default)"
-
-;// These are the default values included directly in onefilecms.php.
-;//
-;// If no translation or value is desired for a particular setting, do not delete
-;// the actual setting variable, just set it to an empty string.
-;// For example:  some_unused_setting = ""
-;//
-;// Remember to slash-escape double quotes that may be within a value:  \" 
-;// And, for any values used directly in Default_Language() in onefilecms.php,
-;// single quotes must also be escaped:   \'
-
-
-;// In some instances, some langauges may use significantly longer words or phrases than others.
-;// So, a smaller font or less spacing may be desirable in those places to preserve page layout.
-;//
-front_links_font_size =  "1em"; //Buttons on Index page.
-front_links_margin_R  =  "1em";
-button_font_size      = ".9em"; //Buttons on Edit page.
-button_margin_L       = ".5em";
-button_padding        = "4px 10px";
-image_info_font_size  =  "1em"; //show_img_msg_01 & _02 
-image_info_pos        = ""; //If 1 or true, moves the info down a line for more space.
-
-
-Upload_File = "Upload File"
-New_File    = "New File"
-Ren_Move    = "Rename/Move"
-Ren_Moved   = "Renamed/Moved"
-New_Folder  = "New Folder"
-Ren_Folder  = "Rename/Move Folder"
-Del_Folder  = "Delete Folder"
-
-Admin  = "Admin"
-Enter  = "Enter"
-Edit   = "Edit"
-Close  = "Close"
-Cancel = "Cancel"
-Upload = "Upload"
-Create = "Create"
-Copy   = "Copy"
-Copied = "Copied"
-Rename = "Rename"
-Delete = "Delete"
-DELETE = "DELETE"
-File   = "File"
-Folder = "Folder"
-
-Log_In  = "Log In"
-Log_Out = "Log Out"
-
-Hash    = "Hash"
-pass_to_hash  = "Password to hash:"
-Generate_Hash = "Generate Hash"
-
-save_1      = "Save"
-save_2      = "SAVE CHANGES!"
-reset       = "Reset - loose changes"
-Wide_View   = "Wide View"
-Normal_View = "Normal View"
-
-on_      = "on"
-
-verify_msg_01 = "Session expired."
-verify_msg_02 = "INVALID POST"
-
-get_get_msg_01 = "File does not exist:"
-
-check_path_msg_01 = "Directory does not exist: "
-
-ord_msg_01 = "A file with that name already exists in the target directory."
-ord_msg_02 = "Saving as"
-
-show_img_msg_01 = "Image shown at ~"
-show_img_msg_02 = "% of full size (W x H ="
-
-hash_h2     = "Generate a Password Hash"
-hash_txt_01 = "There are two ways to change your OneFileCMS password:"
-hash_txt_02 = "1) Use the $PASSWORD config variable to store your desired password, and set $USE_HASH = 0 (zero)."
-hash_txt_03 = "2) Or, use $HASHWORD to store the hash of your password, and set $USE_HASH = 1."
-hash_txt_04 = "Keep in mind that due to a number of widely varied considerations, this is largely an academic excersize. That is, take the idea that this adds much of an improvement to security with a grain of cryptographic salt.	However, it does eleminate the storage of your password in plain text, which is a good thing."
-hash_txt_05 = "Anyway, to use the $HASHWORD password option:"
-hash_txt_06 = "Type your desired password in the input field above and hit Enter."
-hash_txt_07 = "The hash will be displayed in a yellow message box above that."
-hash_txt_08 = "Copy and paste the new hash to the $HASHWORD variable in the config section."
-hash_txt_09 = "Make sure to copy ALL of, and ONLY, the hash (no leading or trailing spaces etc)."
-hash_txt_10 = "A double-click should select it..."
-hash_txt_11 = "Make sure $USE_HASH is set to 1 (or true)."
-hash_txt_12 = "When ready, logout and login."
-hash_txt_13 = "You can use OneFileCMS to edit itself.  However, be sure to have a backup ready for the inevitable ytpo..."
-hash_txt_14 = "For another small improvement to security, change the default salt and/or method used by OneFileCMS to hash the password (and keep \'em secret, of course).  Remever, every little bit helps..."
-
-hash_msg_01 = "Password: "
-hash_msg_02 = "Hash    : "
-
-login_h2     = "Log In"
-login_txt_01 = "Username:"
-login_txt_02 = "Password:"
-
-login_msg_01a = "There have been "
-login_msg_01b = "invalid login attempts."
-login_msg_02a = "Please wait"
-login_msg_02b = "seconds to try again."
-login_msg_03  = "INVALID LOGIN ATTEMPT #"
-
-edit_note_00  = "NOTES:"
-edit_note_01a = "Remember- your"
-edit_note_01b = "is"
-edit_note_02  = "So save changes before the clock runs out, or the changes will be lost!"
-edit_note_03  = "With some browsers, such as Chrome, if you click the browser [Back] then browser [Forward], the file state may not be accurate.  To correct, click the browser\'s [Reload]."
-edit_note_04  = "Chrome may disable some javascript in a page if the page even appears to contain inline javascript in certain contexts.  This can affect some features of the OneFileCMS edit page when editing files that legitimately contain such code, such as OneFileCMS itself.  However, such files can still be edited and saved with OneFileCMS.  The primary function lost is the incidental change of background colors (red/green) indicating whether or not the file has unsaved changes.  The issue will be noticed after the first save of such a file."
-
-edit_h2_1   = "Viewing:"
-edit_h2_2   = "Editing:"
-edit_txt_01 = "Non-text or unkown file type. Edit disabled."
-edit_txt_02 = "File possibly contains an invalid character. Edit and view disabled."
-edit_txt_03 = "htmlspecialchars() returned an empty string from what may be an otherwise valid file."
-edit_txt_04 = "This behavior can be inconsistant from version to version of php."
-
-too_large_to_edit_01a = "Edit disabled. Filesize >"
-too_large_to_edit_01b = "bytes."
-too_large_to_edit_02 = "Some browsers (ie: IE) bog down or become unstable while editing a large file in an HTML <textarea>."
-too_large_to_edit_03 = "Adjust $MAX_EDIT_SIZE in the configuration section of OneFileCMS as needed."
-too_large_to_edit_04 = "A simple trial and error test can determine a practical limit for a given browser/computer."
-
-too_large_to_view_01a = "View disabled. Filesize >"
-too_large_to_view_01b = "bytes."
-too_large_to_view_02 = "Click the the file name above to view as normally rendered in a browser window."
-too_large_to_view_03 = "Adjust $MAX_VIEW_SIZE in the configuration section of OneFileCMS as needed."
-too_large_to_view_04 = "(The default value for $MAX_VIEW_SIZE is completely arbitrary, and may be adjusted as desired.)"
-
-meta_txt_01 = "Filesize:"
-meta_txt_02 = "bytes."
-meta_txt_03 = "Updated:"
-
-edit_msg_01 = "File saved:"
-edit_msg_02 = "bytes written."
-edit_msg_03 = "There was an error saving file."
-
-upload_h2     = "Upload File"
-upload_txt_01 = "per upload_max_filesize in php.ini."
-upload_txt_02 = "per post_max_size in php.ini"
-upload_txt_03 = "Note: Maximum upload file size is:"
-
-upload_err_01a = "Error 1: File too large."
-upload_err_01b = "(From php.ini)"
-upload_err_02a = "Error 2: File too large."
-upload_err_02b = "(From OneFileCMS)"
-upload_err_03  = "Error 3: The uploaded file was only partially uploaded."
-upload_err_04  = "Error 4: No file was uploaded."
-upload_err_05  = "Error 5:"
-upload_err_06  = "Error 6: Missing a temporary folder."
-upload_err_07  = "Error 7: Failed to write file to disk."
-upload_err_08  = "Error 8: A PHP extension stopped the file upload."
-
-upload_msg_01 = "No file selected for upload."
-upload_msg_02 = "Destination folder does not exist: "
-upload_msg_03 = "Upload cancelled."
-upload_msg_04 = "Uploading:"
-upload_msg_05 = "Upload successful!"
-upload_msg_06 = "Upload failed:"
-
-new_file_h2     = "New File"
-new_file_txt_01 = "File will be created in the current folder."
-new_file_txt_02 = "Some invalid characters are: "
-
-new_file_msg_01 = "New file not created:"
-new_file_msg_02 = "Name contains invalid character(s):"
-new_file_msg_03 = "New file not created - no name given"
-new_file_msg_04 = "File already exists:"
-new_file_msg_05 = "Created file:"
-new_file_msg_06 = "Error - new file not created:"
-
-CRM_txt_01  = "To move a file or folder, change the path/to/folder/or_file. The new location must already exist."
-CRM_txt_02  = "Old name:"
-CRM_txt_03  = "New name:"
-
-CRM_msg_01 = "Error - new parent location does not exist:"
-CRM_msg_02 = "Error - source file does not exist:"
-CRM_msg_03 = "Error - target filename already exists:"
-CRM_msg_04 = "to"
-CRM_msg_05a = "Error during"
-CRM_msg_05b = "from the above to the following:"
-
-delete_h2     = "Delete File"
-delete_txt_01 = "Are you sure?"
-
-delete_msg_01 = "Deleted file:"
-delete_msg_02 = "Error deleting"
-
-new_folder_h2    = "New Folder"
-new_folder_txt_1 = "Folder will be created in the current folder."
-new_folder_txt_2 = "Some invalid characters are:"
-
-new_folder_msg_01 = "New folder not created:"
-new_folder_msg_02 = "Name contains invalid character(s):"
-new_folder_msg_03 = "New folder not created - no name given."
-new_folder_msg_04 = "Folder already exists:"
-new_folder_msg_05 = "Created folder:"
-new_folder_msg_06 = "Error - new folder not created:"
-
-delete_folder_h2     = "Delete Folder"
-delete_folder_txt_01 = "Are you sure?"
-
-delete_folder_msg_01 = "Folder not empty.   Folders must be empty before they can be deleted."
-delete_folder_msg_02 = "Deleted folder:"
-delete_folder_msg_03 = "an error occurred during delete."
-
-page_title_login      = "Log In"
-page_title_hash       = "Hash Page"
-page_title_edit       = "Edit/View File"
-page_title_upload     = "Upload File"
-page_title_new_file   = "New File"
-page_title_copy       = "Copy File"
-page_title_ren        = "Rename File"
-page_title_del        = "Delete File"
-page_title_folder_new = "New Folder"
-page_title_folder_ren = "Rename/Move Folder"
-page_title_folder_del = "Delete Folder"
-
-session_warning = "Warning: Session timeout soon!"
-session_expired = "SESSION EXPIRED"
-unload_unsaved  = "               Unsaved changes will be lost!"
-confirm_reset   = "Reset file and loose unsaved changes?"
-
-OFCMS_requires  = "OneFileCMS requires PHP5. Tested on versions 5.2.8, 5.3.3 & 5.4.4."
-
-logout_msg       = "You have successfully logged out."
-folder_del_msg   = "Folder not empty.   Folders must be empty before they can be deleted."
-upload_error_01a = "Upload Error.  Total POST data (mostly filesize) exceeded post_max_size ="
-upload_error_01b = "(from php.ini)"
-edit_caution_01  = "CAUTION"
-edit_caution_02  = "You are editing the active copy of OneFileCMS - BACK IT UP & BE CAREFUL !!"
-
-time_out_txt = "Session time out in:"
-	');//end of return();
+	global $_;
+// OneFileCMS Language Settings v3.3.07
+
+$_['LANGUAGE'] = 'English (default)';
+
+// These are the default values included directly in onefilecms.php.
+//
+// If no translation or value is desired for a particular setting, do not delete
+// the actual setting variable, just set it to an empty string.
+// For example:  $_['some_unused_setting'] = '';
+//
+// Remember to slash-escape any single quotes that may be within a value:  \'
+// The back-slash itself, if to be part of the text to display, may or may not
+// also need to be escaped:  \\
+
+
+// In some instances, some langauges may use significantly longer words or phrases than others.
+// So, a smaller font or less spacing may be desirable in those places to preserve page layout.
+//
+$_['front_links_font_size'] =  '1em'; //Buttons on Index page.
+$_['front_links_margin_R']  =  '1em';
+$_['button_font_size']      = '.9em'; //Buttons on Edit page.
+$_['button_margin_L']       = '.5em';
+$_['button_padding']        = '4px 10px';
+$_['image_info_font_size']  =  '1em'; //show_img_msg_01  &  _02 
+$_['image_info_pos']        = ''; //If 1 or true, moves the info down a line for more space.
+
+
+$_['Upload_File'] = 'Upload File';
+$_['New_File']    = 'New File';
+$_['Ren_Move']    = 'Rename/Move';
+$_['Ren_Moved']   = 'Renamed/Moved';
+$_['New_Folder']  = 'New Folder';
+$_['Ren_Folder']  = 'Rename/Move Folder';
+$_['Del_Folder']  = 'Delete Folder';
+
+$_['Admin']  = 'Admin';
+$_['Enter']  = 'Enter';
+$_['Edit']   = 'Edit';
+$_['Close']  = 'Close';
+$_['Cancel'] = 'Cancel';
+$_['Upload'] = 'Upload';
+$_['Create'] = 'Create';
+$_['Copy']   = 'Copy';
+$_['Copied'] = 'Copied';
+$_['Rename'] = 'Rename';
+$_['Delete'] = 'Delete';
+$_['DELETE'] = 'DELETE';
+$_['File']   = 'File';
+$_['Folder'] = 'Folder';
+
+$_['Log_In']  = 'Log In';
+$_['Log_Out'] = 'Log Out';
+
+$_['Hash']    = 'Hash';
+$_['pass_to_hash']  = 'Password to hash:';
+$_['Generate_Hash'] = 'Generate Hash';
+
+$_['save_1']      = 'Save';
+$_['save_2']      = 'SAVE CHANGES!';
+$_['reset']       = 'Reset - loose changes';
+$_['Wide_View']   = 'Wide View';
+$_['Normal_View'] = 'Normal View';
+
+$_['on_']      = 'on';
+
+$_['verify_msg_01'] = 'Session expired.';
+$_['verify_msg_02'] = 'INVALID POST';
+
+$_['get_get_msg_01'] = 'File does not exist:';
+
+$_['check_path_msg_01'] = 'Directory does not exist: ';
+
+$_['ord_msg_01'] = 'A file with that name already exists in the target directory.';
+$_['ord_msg_02'] = 'Saving as';
+
+$_['show_img_msg_01'] = 'Image shown at ~';
+$_['show_img_msg_02'] = '% of full size (W x H =';
+
+$_['hash_h2']     = 'Generate a Password Hash';
+$_['hash_txt_01'] = 'There are two ways to change your OneFileCMS password:';
+$_['hash_txt_02'] = '1) Use the $PASSWORD config variable to store your desired password, and set $USE_HASH = 0 (zero).';
+$_['hash_txt_03'] = '2) Or, use $HASHWORD to store the hash of your password, and set $USE_HASH = 1.';
+$_['hash_txt_04'] = 'Keep in mind that due to a number of widely varied considerations, this is largely an academic excersize. That is, take the idea that this adds much of an improvement to security with a grain of cryptographic salt.	However, it does eleminate the storage of your password in plain text, which is a good thing.';
+$_['hash_txt_05'] = 'Anyway, to use the $HASHWORD password option:';
+$_['hash_txt_06'] = 'Type your desired password in the input field above and hit Enter.';
+$_['hash_txt_07'] = 'The hash will be displayed in a yellow message box above that.';
+$_['hash_txt_08'] = 'Copy and paste the new hash to the $HASHWORD variable in the config section.';
+$_['hash_txt_09'] = 'Make sure to copy ALL of, and ONLY, the hash (no leading or trailing spaces etc).';
+$_['hash_txt_10'] = 'A double-click should select it...';
+$_['hash_txt_11'] = 'Make sure $USE_HASH is set to 1 (or true).';
+$_['hash_txt_12'] = 'When ready, logout and login.';
+$_['hash_txt_13'] = 'You can use OneFileCMS to edit itself.  However, be sure to have a backup ready for the inevitable ytpo...';
+$_['hash_txt_14'] = 'For another small improvement to security, change the default salt and/or method used by OneFileCMS to hash the password (and keep \'em secret, of course).  Remever, every little bit helps...';
+
+$_['hash_msg_01'] = 'Password: ';
+$_['hash_msg_02'] = 'Hash    : ';
+
+$_['login_h2']     = 'Log In';
+$_['login_txt_01'] = 'Username:';
+$_['login_txt_02'] = 'Password:';
+
+$_['login_msg_01a'] = 'There have been ';
+$_['login_msg_01b'] = 'invalid login attempts.';
+$_['login_msg_02a'] = 'Please wait';
+$_['login_msg_02b'] = 'seconds to try again.';
+$_['login_msg_03']  = 'INVALID LOGIN ATTEMPT #';
+
+$_['edit_note_00']  = 'NOTES:';
+$_['edit_note_01a'] = 'Remember- your';
+$_['edit_note_01b'] = 'is';
+$_['edit_note_02']  = 'So save changes before the clock runs out, or the changes will be lost!';
+$_['edit_note_03']  = 'With some browsers, such as Chrome, if you click the browser [Back] then browser [Forward], the file state may not be accurate.  To correct, click the browser\'s [Reload].';
+$_['edit_note_04']  = 'Chrome may disable some javascript in a page if the page even appears to contain inline javascript in certain contexts.  This can affect some features of the OneFileCMS edit page when editing files that legitimately contain such code, such as OneFileCMS itself.  However, such files can still be edited and saved with OneFileCMS.  The primary function lost is the incidental change of background colors (red/green) indicating whether or not the file has unsaved changes.  The issue will be noticed after the first save of such a file.';
+
+$_['edit_h2_1']   = 'Viewing:';
+$_['edit_h2_2']   = 'Editing:';
+$_['edit_txt_01'] = 'Non-text or unkown file type. Edit disabled.';
+$_['edit_txt_02'] = 'File possibly contains an invalid character. Edit and view disabled.';
+$_['edit_txt_03'] = 'htmlspecialchars() returned an empty string from what may be an otherwise valid file.';
+$_['edit_txt_04'] = 'This behavior can be inconsistant from version to version of php.';
+
+$_['too_large_to_edit_01a'] = 'Edit disabled. Filesize >';
+$_['too_large_to_edit_01b'] = 'bytes.';
+$_['too_large_to_edit_02']  = 'Some browsers (ie: IE) bog down or become unstable while editing a large file in an HTML <textarea>.';
+$_['too_large_to_edit_03']  = 'Adjust $MAX_EDIT_SIZE in the configuration section of OneFileCMS as needed.';
+$_['too_large_to_edit_04']  = 'A simple trial and error test can determine a practical limit for a given browser/computer.';
+
+$_['too_large_to_view_01a'] = 'View disabled. Filesize >';
+$_['too_large_to_view_01b'] = 'bytes.';
+$_['too_large_to_view_02']  = 'Click the file name above to view as normally rendered in a browser window.';
+$_['too_large_to_view_03']  = 'Adjust $MAX_VIEW_SIZE in the configuration section of OneFileCMS as needed.';
+$_['too_large_to_view_04']  = '(The default value for $MAX_VIEW_SIZE is completely arbitrary, and may be adjusted as desired.)';
+
+$_['meta_txt_01'] = 'Filesize:';
+$_['meta_txt_02'] = 'bytes.';
+$_['meta_txt_03'] = 'Updated:';
+
+$_['edit_msg_01'] = 'File saved:';
+$_['edit_msg_02'] = 'bytes written.';
+$_['edit_msg_03'] = 'There was an error saving file.';
+
+$_['upload_h2']     = 'Upload File';
+$_['upload_txt_01'] = 'per upload_max_filesize in php.ini.';
+$_['upload_txt_02'] = 'per post_max_size in php.ini';
+$_['upload_txt_03'] = 'Note: Maximum upload file size is:';
+
+$_['upload_err_01a'] = 'Error 1: File too large.';
+$_['upload_err_01b'] = '(From php.ini)';
+$_['upload_err_02a'] = 'Error 2: File too large.';
+$_['upload_err_02b'] = '(From OneFileCMS)';
+$_['upload_err_03']  = 'Error 3: The uploaded file was only partially uploaded.';
+$_['upload_err_04']  = 'Error 4: No file was uploaded.';
+$_['upload_err_05']  = 'Error 5:';
+$_['upload_err_06']  = 'Error 6: Missing a temporary folder.';
+$_['upload_err_07']  = 'Error 7: Failed to write file to disk.';
+$_['upload_err_08']  = 'Error 8: A PHP extension stopped the file upload.';
+
+$_['upload_msg_01'] = 'No file selected for upload.';
+$_['upload_msg_02'] = 'Destination folder does not exist: ';
+$_['upload_msg_03'] = 'Upload cancelled.';
+$_['upload_msg_04'] = 'Uploading:';
+$_['upload_msg_05'] = 'Upload successful!';
+$_['upload_msg_06'] = 'Upload failed:';
+
+$_['new_file_h2']     = 'New File';
+$_['new_file_txt_01'] = 'File will be created in the current folder.';
+$_['new_file_txt_02'] = 'Some invalid characters are: ';
+
+$_['new_file_msg_01'] = 'New file not created:';
+$_['new_file_msg_02'] = 'Name contains invalid character(s):';
+$_['new_file_msg_03'] = 'New file not created - no name given';
+$_['new_file_msg_04'] = 'File already exists:';
+$_['new_file_msg_05'] = 'Created file:';
+$_['new_file_msg_06'] = 'Error - new file not created:';
+
+$_['CRM_txt_01']  = 'To move a file or folder, change the path/to/folder/or_file. The new location must already exist.';
+$_['CRM_txt_02']  = 'Old name:';
+$_['CRM_txt_03']  = 'New name:';
+
+$_['CRM_msg_01']  = 'Error - new parent location does not exist:';
+$_['CRM_msg_02']  = 'Error - source file does not exist:';
+$_['CRM_msg_03']  = 'Error - target filename already exists:';
+$_['CRM_msg_04']  = 'to';
+$_['CRM_msg_05a'] = 'Error during';
+$_['CRM_msg_05b'] = 'from the above to the following:';
+
+$_['delete_h2']     = 'Delete File';
+$_['delete_txt_01'] = 'Are you sure?';
+
+$_['delete_msg_01'] = 'Deleted file:';
+$_['delete_msg_02'] = 'Error deleting';
+
+$_['new_folder_h2']    = 'New Folder';
+$_['new_folder_txt_1'] = 'Folder will be created in the current folder.';
+$_['new_folder_txt_2'] = 'Some invalid characters are:';
+
+$_['new_folder_msg_01'] = 'New folder not created:';
+$_['new_folder_msg_02'] = 'Name contains invalid character(s):';
+$_['new_folder_msg_03'] = 'New folder not created - no name given.';
+$_['new_folder_msg_04'] = 'Folder already exists:';
+$_['new_folder_msg_05'] = 'Created folder:';
+$_['new_folder_msg_06'] = 'Error - new folder not created:';
+
+$_['delete_folder_h2']     = 'Delete Folder';
+$_['delete_folder_txt_01'] = 'Are you sure?';
+
+$_['delete_folder_msg_01'] = 'Folder not empty.   Folders must be empty before they can be deleted.';
+$_['delete_folder_msg_02'] = 'Deleted folder:';
+$_['delete_folder_msg_03'] = 'an error occurred during delete.';
+
+$_['page_title_login']      = 'Log In';
+$_['page_title_hash']       = 'Hash Page';
+$_['page_title_edit']       = 'Edit/View File';
+$_['page_title_upload']     = 'Upload File';
+$_['page_title_new_file']   = 'New File';
+$_['page_title_copy']       = 'Copy File';
+$_['page_title_ren']        = 'Rename File';
+$_['page_title_del']        = 'Delete File';
+$_['page_title_folder_new'] = 'New Folder';
+$_['page_title_folder_ren'] = 'Rename/Move Folder';
+$_['page_title_folder_del'] = 'Delete Folder';
+
+$_['session_warning'] = 'Warning: Session timeout soon!';
+$_['session_expired'] = 'SESSION EXPIRED';
+$_['unload_unsaved']  = '               Unsaved changes will be lost!';
+$_['confirm_reset']   = 'Reset file and loose unsaved changes?';
+
+$_['OFCMS_requires']  = 'OneFileCMS requires PHP';
+
+$_['logout_msg']       = 'You have successfully logged out.';
+$_['folder_del_msg']   = 'Folder not empty.   Folders must be empty before they can be deleted.';
+$_['upload_error_01a'] = 'Upload Error.  Total POST data (mostly filesize) exceeded post_max_size =';
+$_['upload_error_01b'] = '(from php.ini)';
+$_['edit_caution_01']  = 'CAUTION';
+$_['edit_caution_02']  = 'You are editing the active copy of OneFileCMS - BACK IT UP & BE CAREFUL !!';
+
+$_['time_out_txt'] = 'Session time out in:';
+
 }//end Default_Language() ******************************************************
 
 
@@ -394,37 +404,18 @@ function Load_Language() { //***************************************************
 	global $_, $LANGUAGE_FILE;
 
 	// Load Default Language settings
-	if ( function_exists('parse_ini_string') ) {  //only available since php 5.3
-		$_ = parse_ini_string( Default_Language() );
-
-	} else {
-		$tmpfile = basename($_SERVER["SCRIPT_NAME"]).'.DEFAULT_LANG.INI';
-		file_put_contents( $tmpfile, Default_Language() );
-		$_ = parse_ini_file( $tmpfile );
-		unlink($tmpfile);
-	}//end Load Default Language settings
-
+	Default_Language();
 
 	//If specified in config, check for & load external $LANGUAGE_FILE settings
-	if ( is_file($LANGUAGE_FILE) ) {
-
-		$_TEMP = parse_ini_file($LANGUAGE_FILE); //Use a temp array for external values
+	if ( isset($LANGUAGE_FILE) && is_file($LANGUAGE_FILE) ) { include($LANGUAGE_FILE); }
 
-		//check for any missing settings & use values from default
-		foreach($_ as $key => $value) {
-			if ( !isset($_TEMP[$key]) ) { $_TEMP[$key] = $_[$key]; }
-		}
-		$_ = $_TEMP;  //Switch from default settings to corrected file settings
-	
-		unset($_TEMP);
-	}//end load external language settings
 }//end Load_Language(){} //*****************************************************
 
 
 
 
 function Session_Startup() { //*************************************************
-	global $USERNAME, $PASSWORD, $USE_HASH, $HASHWORD, $page, $VALID_POST, $MAX_IDLE_TIME, $SESSION_NAME, $message;
+	global $SESSION_NAME, $page, $VALID_POST, $message;
 
 	$limit    = 0; //0 = session.  
 	$path     = dirname($_SERVER['SCRIPT_NAME']);
@@ -653,11 +644,11 @@ function Current_Path_Header(){ //**********************************************
 
 
 function Page_Header(){ //******************************************************
-	global  $_, $ONESCRIPT, $page, $WEBSITE, $config_title, $version;
+	global  $_, $ONESCRIPT, $page, $WEBSITE, $config_title, $OFCMS_version;
 ?>
 	<div class="header">
 		<a href="<?php echo $ONESCRIPT?>" id="logo"><?php echo $config_title; ?></a>
-		<?php echo $version.' ('.hsc($_['on_']).'&nbsp;php&nbsp;'.phpversion().')'; ?>
+		<?php echo $OFCMS_version.' ('.hsc($_['on_']).'&nbsp;php&nbsp;'.phpversion().')'; ?>
 
 		<div class="nav">
 			<a href="/" target="_blank"><?php echo show_favicon() ?>&nbsp;
@@ -1058,8 +1049,8 @@ function Login_Page() { //******************************************************
 
 
 function Login_response() { //**************************************************
-	global $_, $EX, $message, $page, $LOGIN_ATTEMPTS, 
-		   $USERNAME, $PASSWORD, $USE_HASH, $HASHWORD, $MAX_ATTEMPTS, $LOGIN_DELAY;
+	global $_, $EX, $message, $page, $LOGIN_ATTEMPTS, $MAX_ATTEMPTS, $LOGIN_DELAY, 
+		   $USERNAME, $PASSWORD, $USE_HASH, $HASHWORD;
 
 	$_SESSION = array();    //make sure it's empty
 	$_SESSION['valid'] = 0; //Default to failed login.
@@ -1078,6 +1069,10 @@ function Login_response() { //**************************************************
 		return;
 	}
 
+	//Trim any incidental leading or trailing spaces before validating.
+	$_POST['password'] = trim($_POST['password'],' ');
+	$_POST['username'] = trim($_POST['username'],' ');
+
 	//Validate password
 	if ($USE_HASH) { $VALID_PASSWORD = (hashit($_POST['password']) == $HASHWORD); }
 	else           { $VALID_PASSWORD = (       $_POST['password']  == $PASSWORD); }
@@ -1115,7 +1110,7 @@ function List_Files() { // ...in a vertical table ******************************
 		
 		$excluded = FALSE;
 		if (in_array(basename($file), $excluded_list)) { $excluded = TRUE; };
-
+		
 		//Get file type & check against $stypes (files types to show)
 		$filename_parts = explode(".", strtolower($file));
 		$ext = end($filename_parts);
@@ -1172,7 +1167,7 @@ function Index_Page(){ //*******************************************************
 
 
 
-function Edit_Page_buttons_top($text_editable,$file_ENC){ //***********
+function Edit_Page_buttons_top($text_editable,$file_ENC){ //********************
 	global $_, $ONESCRIPT, $param1, $filename;
 ?>
 	<div class="edit_btns_top">
@@ -1301,7 +1296,7 @@ function Edit_Page_Notes() { //*************************************************
 
 
 function Edit_Page() { //*******************************************************
-	global $_, $ONESCRIPT, $param1, $filename, $filecontents, $etypes, $itypes, $MAX_EDIT_SIZE, $MAX_VIEW_SIZE, $raw_contents;
+	global $_, $filename, $filecontents, $raw_contents, $etypes, $itypes, $MAX_EDIT_SIZE, $MAX_VIEW_SIZE;
 	clearstatcache ();
 
 	//Determine if text editable file type
@@ -1417,7 +1412,7 @@ function Upload_response() { //*************************************************
 	$destination = Check_path($_POST["upload_destination"]);
 	$page  = "index";
 	$MAXUP1 = ini_get('upload_max_filesize');
-	$MAXUP2 = number_format($_POST['MAX_FILE_SIZE']).' '.hsc($_['meta_txt_02']);
+	$MAXUP2 = number_format($_POST['MAX_FILE_SIZE']).' '.hsc($_['meta_txt_02']); 
 	$ERROR = $_FILES['upload_file']['error'];
 
 	if     ( $ERROR == 1 ){ $ERRMSG = hsc($_['upload_err_01a']).' upload_max_filesize = '.$MAXUP1.' '.hsc($_['upload_err_01b']);}
@@ -1788,7 +1783,7 @@ function Respond_to_POST() {//**************************************************
 
 
 function Timer_scripts() { //***************************************************
-	global $_, $page;
+	global $_, $page, $TO_WARNING;
 	
 	$timeout_warning = '<p><b>'.hsc($_['session_warning']).'</b></p>';
 ?>
@@ -1815,7 +1810,7 @@ function Countdown(count, End_Time, Timer_ID, Timer_CLASS, Action){
 
 	Timer.innerHTML = FormatTime(count);
 
-	if ( (count < 120) && (Action != "") ) { //Two minute warning...
+	if ( (count < <?php echo $TO_WARNING ?>) && (Action != "") ) { //Two minute warning...
 		document.getElementById('message').innerHTML = "<?php echo addslashes($timeout_warning) ?>";
 		Timer.style.backgroundColor = "white";
 		Timer.style.color = "red";
@@ -1870,12 +1865,12 @@ function FileTimeStamp(php_filemtime, show_date, show_offset){
 	if ( HOURS > 12 ) {HOURS = HOURS - 12; }
 	HOURS = pad(HOURS);
 
-	var GMT_offset = -(TIMESTAMP.getTimezoneOffset()); //Yes, I know - seems wrong, but it's works.
+	var GMT_offset = -(TIMESTAMP.getTimezoneOffset()); //Yes, I know- seems wrong, but its works.
 
 	if (GMT_offset < 0) { NEG=-1; SIGN="-"; } else { NEG=1; SIGN="+"; } 
 
 	var offset_HOURS = Math.floor(NEG*GMT_offset/60);
-	var offset_MINS  = pad( NEG * GMT_offset % 60 );
+	var offset_MINS  = pad( NEG * (GMT_offset % 60) );
 	var offset_FULL  = "UTC " + SIGN + offset_HOURS + ":" + offset_MINS;
 
 	FULLDATE = YEAR + "-" + MONTH + "-" + DATE;
@@ -2391,12 +2386,12 @@ function style_sheet(){ //******************************************************
 //******************************************************************************
 //Begin logic to determine page action
 
-
-//Require PHP5.  Earliest test version the author has is 5.2.8
-if( PHP_VERSION_ID < 50000 ) { exit( hsc($_['OFCMS_requires']) ); }
-
 Load_Language();
 
+if( PHP_VERSION_ID < PHP_VERSION_ID_REQUIRED ) {
+	exit( 'PHP '.PHP_VERSION.'<br>'.hsc($_['OFCMS_requires']).' '.PHP_VERSION_REQUIRED );
+}
+
 Session_Startup();
 
 if ($_SESSION['valid']) {
@@ -2409,10 +2404,10 @@ function style_sheet(){ //******************************************************
 
 	Respond_to_POST();
 
-	//*** Verify valid $page and/or $filename **********************************
+	//*** Verify valid $page and/or $filename ********
 
-	//Don't load login screen if already in a valid session.
-	if     ( $_SESSION['valid'] && ($page == "login") )  { $page = "index"; }
+	//Don't load login screen when already in a valid session.
+	if     ( $page == "login" )  { $page = "index"; }
 
 	//Don't load edit page if $filename doesn't exist.
 	elseif ( ($page == "edit")  && !is_file($filename) ) { $page = "index"; }
@@ -2437,14 +2432,20 @@ function style_sheet(){ //******************************************************
 		$message .= '<style>#message p {background: red; color: white;}</style>';
 		$message .= $EX.'<b>'.hsc($_['edit_caution_01']).' '.$EX.hsc($_['edit_caution_02']).'</b>';
 	}
-	//**************************************************************************
-}//end if $_SESSION[valid] *****************************************************
+	//end verify $page and/or $filename **************
+}//end if $_SESSION[valid] *************************************
+
+//Get any early output. Should be blank unless trouble-shooting.
+$early_output = ob_get_clean(); 
+//end logic to determine page action *******************************************
 
 
 
 
 //******************************************************************************
 //******************************************************************************
+//Output page contents
+
 header('Content-type: text/html; charset=UTF-8');
 
 ?><!DOCTYPE html>

From 352301a7f9f3fcf6badf34084d3dfff2b726cdec Mon Sep 17 00:00:00 2001
From: Self-Evident <selfevidenttruths@mail.com>
Date: Wed, 1 Aug 2012 23:59:00 -0400
Subject: [PATCH 124/228] Version 3.3.07 Updated readme.

---
 readme.markdown | 23 ++++++++++++++++++-----
 1 file changed, 18 insertions(+), 5 deletions(-)

diff --git a/readme.markdown b/readme.markdown
index edd24fa..a67e051 100755
--- a/readme.markdown
+++ b/readme.markdown
@@ -1,9 +1,13 @@
-# Current stable version: 3.3.06
+# Current stable version: 3.3.07
+
+### Auguest 1, 2012
+
+- For reasons of required content, consistancy, & code simplicity, the format for language files is now php, instead of ini. While the ini format is cleaner looking and a bit easier to read, there are a few deal-breakers as far as using it to contain values for language strings (as used in OFCMS). Those issues, along with some general considerations of various pros & cons, are (or soon will be) detailed on the wiki page.
 
 ### July 31, 2012
 
-- For reasons of security, consistancy, & code simplicity, the format of external config files (if used) is now php, instead of ini. This permits a simple copy & paste between an external config file & onefilecms.php.  
-  A config file must begin with "<?php".  And, for security reasons, external config files should also end in ".php".  Otherwise, your webserver may server up the file as plain text, exposing the contents.
+- For reasons of security, consistancy, & code simplicity, the format for external config files (if used) is now php, instead of ini. This permits a simple copy & paste between an external config file & onefilecms.php.  
+  A config file must begin with "<?php".  And, for security reasons, external config file names should end in ".php".  Otherwise, your webserver may serve up the file as plain text, exposing the contents, such as username and password.
 
 
 ### July 25, 2012
@@ -26,7 +30,7 @@ Otherwise, the file - along with your password, is world readable. For details,
 - Added a few settings to the language files to adjust certain css values if needed.  
   In some instances, some langauges may use significantly longer words or phrases than others.  So, a smaller font or less spacing may be desirable in those places to preserve page layout.  
 - "Wide View" option on Edit page now persists across saves
-- Hopefully improved handling of language files.  Kinda' like "online security", "multi-language support" is a nebulous and a bit finicky.
+- Hopefully improved handling of language files.  Kinda' like "online security", "multi-language support" is nebulous and a bit finicky.
 
 
   
@@ -116,8 +120,12 @@ Now, since there is no database or other means of granular control and acess log
 
 ## Credit, License, Et Cetera  
 
+Maintained by github/Self-Evident  
+
 Original concept and development by github.com/rocktronica  
 
+Contributors: A. M Balakrishnan, github.com/codeless, github.com/fermuch  
+
 Written in PHP, JavaScript, HTML, CSS, and SVG.  
 
 Available under the MIT and BSD licenses.  
@@ -144,7 +152,7 @@ And, of course, please feel free to fork away!
   
 CONFIGURATION SECTION  
   
-SYSTEM GLOBAL VARIABLES (non-configurable)  
+SYSTEM GLOBAL VARIABLES  
   
 DEFAULT LANGUAGE  
   
@@ -166,6 +174,11 @@ GENERATE/OUTPUT THE PAGE
 
 ## Change Log
 
+### 3.3.07
+
+- Language file formats are now php instead of ini.
+- Minor improvement to version checking.
+
 ### 3.3.06
 
 - Increased hash iterations from 1000 to 10000.  (I've read that lots of iterations help slow down brute force p/w recovery)

From 2d43150d79aef63da320b20f919f693b157cafdd Mon Sep 17 00:00:00 2001
From: David <selfevidenttruths@mail.com>
Date: Fri, 3 Aug 2012 17:50:00 -0400
Subject: [PATCH 125/228] Version 3.3.08 Improved use of ob contents. Added
 Error_reporting_and_early_output(). Created
 Language_and_config_adjusted_styles() to consolidate dynamic css values.
 Removed Load_Language(), put its two lines in page logic section. (It used to
 do more). Added some English $_[] language strings for
 Error_reporting_and_early_output(). Updated OneFileCMS_structure.txt Updated
 the readme.

---
 OneFileCMS.LANG.EN.php   |   9 ++-
 OneFileCMS_structure.txt |   4 +-
 onefilecms.php           | 155 ++++++++++++++++++++++++++++++---------
 readme.markdown          |   9 ++-
 4 files changed, 140 insertions(+), 37 deletions(-)

diff --git a/OneFileCMS.LANG.EN.php b/OneFileCMS.LANG.EN.php
index 5e4fea5..f755df3 100755
--- a/OneFileCMS.LANG.EN.php
+++ b/OneFileCMS.LANG.EN.php
@@ -1,5 +1,5 @@
 <?php
-// OneFileCMS Language Settings v3.3.07
+// OneFileCMS Language Settings v3.3.08
 
 $_['LANGUAGE'] = 'English';
 
@@ -236,3 +236,10 @@
 $_['edit_caution_02']  = 'You are editing the active copy of OneFileCMS - BACK IT UP & BE CAREFUL !!';
 
 $_['time_out_txt'] = 'Session time out in:';
+
+$_['error_reporting_01'] = 'Display errors is';
+$_['error_reporting_02'] = 'Log errors is';
+$_['error_reporting_03'] = 'Error reporting is set to';
+$_['error_reporting_04'] = 'Showing error types';
+$_['error_reporting_05'] = 'Unexpected early output';
+$_['error_reporting_06'] = '(nothing, not even white-space, should have been output yet)';
diff --git a/OneFileCMS_structure.txt b/OneFileCMS_structure.txt
index a85f0fd..5c54029 100755
--- a/OneFileCMS_structure.txt
+++ b/OneFileCMS_structure.txt
@@ -1,4 +1,4 @@
-Version 3.3.07
+Version 3.3.08
 
 LICENSE
 
@@ -18,6 +18,7 @@ MISC FUNCTIONS:
 	Session_Startup()
 	Verify_IDLE_POST_etc()
 	hashit()
+	Error_reporting_and_early_output()
 	undo_magic_quotes()
 	Get_GET()
 	URLencode_path()
@@ -90,6 +91,7 @@ JAVASCRIPT & STYLESHEET FUNCTIONS:
 	Time_Stamp_scripts()
 	Edit_Page_scripts()
 	style_sheet()
+	Language_and_config_adjusted_styles()
 
 LOGIC TO DETERMINE PAGE ACTION
 	Verify good PHP version
diff --git a/onefilecms.php b/onefilecms.php
index 798d841..c3a4a35 100755
--- a/onefilecms.php
+++ b/onefilecms.php
@@ -1,7 +1,7 @@
 <?php
 // OneFileCMS - github.com/Self-Evident/OneFileCMS
 
-$OFCMS_version = '3.3.07';
+$OFCMS_version = '3.3.08';
 
 /*******************************************************************************
 Copyright © 2009-2012 https://github.com/rocktronica
@@ -395,21 +395,14 @@ function Default_Language() { // ***********************************************
 
 $_['time_out_txt'] = 'Session time out in:';
 
-}//end Default_Language() ******************************************************
-
-
-
-
-function Load_Language() { //***************************************************
-	global $_, $LANGUAGE_FILE;
-
-	// Load Default Language settings
-	Default_Language();
-
-	//If specified in config, check for & load external $LANGUAGE_FILE settings
-	if ( isset($LANGUAGE_FILE) && is_file($LANGUAGE_FILE) ) { include($LANGUAGE_FILE); }
+$_['error_reporting_01'] = 'Display errors is';
+$_['error_reporting_02'] = 'Log errors is';
+$_['error_reporting_03'] = 'Error reporting is set to';
+$_['error_reporting_04'] = 'Showing error types';
+$_['error_reporting_05'] = 'Unexpected early output';
+$_['error_reporting_06'] = '(nothing, not even white-space, should have been output yet)';
 
-}//end Load_Language(){} //*****************************************************
+}//end Default_Language() ******************************************************
 
 
 
@@ -490,6 +483,64 @@ function hashit($key){ //*******************************************************
 
 
 
+function Error_reporting_and_early_output($show_status = 0, $show_types = 0) {//
+	global $_, $early_output;
+
+	$E_level = error_reporting();
+	$E_types = '';
+	$spc = ' &nbsp; '; // or '<br>' or PHP_EOL or whatever...
+	if ( ($E_level &     1) ==     1 ) { $E_types  = 'E_ERROR'            .$spc; }
+	if ( ($E_level &     2) ==     2 ) { $E_types .= 'E_WARNING'          .$spc; }
+	if ( ($E_level &     4) ==     4 ) { $E_types .= 'E_PARSE'            .$spc; }
+	if ( ($E_level &     8) ==     8 ) { $E_types .= 'E_NOTICE'           .$spc; }
+	if ( ($E_level &    16) ==    16 ) { $E_types .= 'E_CORE_ERROR'       .$spc; }
+	if ( ($E_level &    32) ==    32 ) { $E_types .= 'E_CORE_WARNING'     .$spc; }
+	if ( ($E_level &    64) ==    64 ) { $E_types .= 'E_COMPILE_ERROR'    .$spc; }
+	if ( ($E_level &   128) ==   128 ) { $E_types .= 'E_COMPILE_WARNING'  .$spc; }
+	if ( ($E_level &   256) ==   256 ) { $E_types .= 'E_USER_ERROR'       .$spc; }
+	if ( ($E_level &   512) ==   512 ) { $E_types .= 'E_USER_WARNING'     .$spc; }
+	if ( ($E_level &  1024) ==  1024 ) { $E_types .= 'E_USER_NOTICE'      .$spc; }
+	if ( ($E_level &  2048) ==  2048 ) { $E_types .= 'E_STRICT'           .$spc; }
+	if ( ($E_level &  4096) ==  4096 ) { $E_types .= 'E_RECOVERABLE_ERROR'.$spc; }
+	if ( ($E_level &  8192) ==  8192 ) { $E_types .= 'E_DEPRECATED'       .$spc; }
+	if ( ($E_level & 16384) == 16384 ) { $E_types .= 'E_USER_DEPRECATED'  .$spc; }
+	if ( ($E_level & 32768) == 32768 ) { $E_types .= 'E_ALL'              .$spc; }
+
+	if ( $show_status && ((ini_get('display_errors') == 'on') ||
+		 (ini_get('log_errors')     == 'on') ||
+		 (error_reporting()         !=  0  )) )
+	{
+?>		<style>
+		.E_box {margin: 0;	 background-color: #Faa; font-size: 1em;
+				padding: 4px 5px 5px 5px; border: 0 solid white; }
+		</style>
+<?php
+		echo '<p class="E_box"><b>PHP '.PHP_VERSION.$spc;
+		echo $_['error_reporting_01'].': '.ini_get('display_errors').'.'.$spc;
+		echo $_['error_reporting_02'].': '.ini_get('log_errors')    .'.'.$spc;
+		echo $_['error_reporting_03'].': '.error_reporting()        .'.'.$spc;
+		echo 'E_ALL = '.E_ALL.$spc.'</b>';
+		
+		if ($show_types) {
+			echo '<br><b>'.$_['error_reporting_04'].': </b>';
+			echo '<span style="font: 400 .8em arial">'.$E_types.'</span>';
+		}
+		echo '</p>';
+	}//end if (error reporting on)
+
+	//$early_output is contents of ob_get_clean(), just before page output.
+	if (strlen($early_output) > 0 ) {
+		echo '<pre style="background-color: #Fdd; border: 1px solid #Faa;"><b>';
+		echo $_['error_reporting_05'].'</b> ';
+		echo $_['error_reporting_06'].'<b>:</b> ';
+		echo '<span style="background-color: white; border: 1px solid white">';
+		echo hte($early_output).'</span></pre>';
+	}
+}//end Error_reporting_and_early_output() //************************************
+
+
+
+
 function undo_magic_quotes(){ //************************************************
 
 	function strip_array($var) {
@@ -667,7 +718,7 @@ function Page_Header(){ //******************************************************
 function message_box() { //*****************************************************
 	global $ONESCRIPT, $param1, $param2, $param3, $message, $page;
 
-	if (isset($message)) {
+	if (isset($message) && (strlen($message) > 0)) {
 ?>
 		<div id="message"><p>
 		<span id="Xbox"><!-- [X] to dismiss message box -->
@@ -2034,7 +2085,6 @@ function Reset_File() {
 
 
 function style_sheet(){ //******************************************************
-	global $_, $MAIN_WIDTH;
 ?>
 <style>
 /* --- reset --- */
@@ -2070,11 +2120,11 @@ function style_sheet(){ //******************************************************
 
 svg { margin: 0; padding: 0; }
 
-pre { /*Used around test output when trouble shooting*/
+pre {
 	background: white;
-	border: 1px solid #807568;
-	padding: .5em;
-	margin: 0;
+	border    : 1px solid #807568;
+	padding   : .2em;
+	margin    : 0;
 	}
 
 
@@ -2082,7 +2132,7 @@ function style_sheet(){ //******************************************************
 
 .container {
 	border : 0px solid #807568;
-	width  : <?php echo $MAIN_WIDTH ?>;
+	width  : 810px;
 	margin : 0 auto 2em auto;
 	}
 
@@ -2198,8 +2248,8 @@ function style_sheet(){ //******************************************************
 	display: inline-block;
 	border : 1px solid #807568;
 	height      : 1em;
-	font-size   : <?php echo $_['front_links_font_size'] ?>; /*Default 1em */
-	margin-right: <?php echo $_['front_links_margin_R']  ?>; /*Default 1em */
+	font-size   : 1em;
+	margin-right: 1em;
 	padding     : 3px 5px 5px 4px; /*TRBL*/
 	background-color: #EEE;
 	}
@@ -2237,8 +2287,8 @@ function style_sheet(){ //******************************************************
 	cursor : pointer;
 	border : 1px solid #807568;
 	color  : black;
-	padding    : <?php echo $_['button_padding']   ?>; /*Default 4px 10px */
-	font-size  : <?php echo $_['button_font_size'] ?>; /*Default .9em     */
+	padding    : 4px 10px;
+	font-size  : .9em;
 	font-family: sans-serif;
 	background-color: #EEE;  /*#d4d4d4*/
 	}
@@ -2369,10 +2419,10 @@ function style_sheet(){ //******************************************************
 
 .edit_btns_top    { margin: .2em 0 .5em 0;}
 
-.image_info {color: #222; font-size: <?php echo $_['image_info_font_size'] ?> ;}/*Default is 1em*/
+.image_info {color: #222; font-size: 1em ;}
 
 .edit_btns_bottom { float: right; margin-bottom: .65em; }
-.edit_btns_bottom .button { margin-left: <?php echo $_['button_margin_L'] ?>; } /*Default is .5em*/
+.edit_btns_bottom .button { margin-left: .5em; }
 
 #upload_file { margin-bottom: .6em; }
 </style>
@@ -2382,11 +2432,46 @@ function style_sheet(){ //******************************************************
 
 
 
+function Language_and_config_adjusted_styles() {//******************************
+	global $_, $MAIN_WIDTH;
+?>
+<style>
+.container { width: <?php echo $MAIN_WIDTH ?>; } /*Default is 810px*/
+
+.button {
+	padding  : <?php echo $_['button_padding']   ?>; /*Default 4px 10px */
+	font-size: <?php echo $_['button_font_size'] ?>; /*Default .9em     */
+	}
+
+.front_links a {
+	font-size   : <?php echo $_['front_links_font_size'] ?>; /*Default 1em */
+	margin-right: <?php echo $_['front_links_margin_R']  ?>; /*Default 1em */
+	}
+
+.image_info {				/*Default is 1em*/
+	color: #222; font-size: <?php echo $_['image_info_font_size'] ?>; 
+	}
+
+.edit_btns_bottom .button {
+	margin-left: <?php echo $_['button_margin_L'] ?>; /*Default is .5em*/
+	}
+</style>
+<?php
+}//end Language_and_config_adjusted_styles() //*********************************
+
+
+
+
 //******************************************************************************
 //******************************************************************************
 //Begin logic to determine page action
 
-Load_Language();
+
+Default_Language(); // Load Default Language settings
+
+//If specified in config, check for & load external $LANGUAGE_FILE
+if ( isset($LANGUAGE_FILE) && is_file($LANGUAGE_FILE) ) { include($LANGUAGE_FILE); }
+
 
 if( PHP_VERSION_ID < PHP_VERSION_ID_REQUIRED ) {
 	exit( 'PHP '.PHP_VERSION.'<br>'.hsc($_['OFCMS_requires']).' '.PHP_VERSION_REQUIRED );
@@ -2435,8 +2520,6 @@ function style_sheet(){ //******************************************************
 	//end verify $page and/or $filename **************
 }//end if $_SESSION[valid] *************************************
 
-//Get any early output. Should be blank unless trouble-shooting.
-$early_output = ob_get_clean(); 
 //end logic to determine page action *******************************************
 
 
@@ -2444,10 +2527,12 @@ function style_sheet(){ //******************************************************
 
 //******************************************************************************
 //******************************************************************************
-//Output page contents
+//Get any early output. Should be blank unless trouble-shooting.
+$early_output = ob_get_clean(); 
 
 header('Content-type: text/html; charset=UTF-8');
 
+//Output page contents
 ?><!DOCTYPE html>
 
 <html>
@@ -2457,7 +2542,9 @@ function style_sheet(){ //******************************************************
 
 <title><?php echo $config_title.' - '.Page_Title() ?></title>
 
-<?php style_sheet(); ?>
+<?php style_sheet() ?>
+
+<?php Language_and_config_adjusted_styles() ?>
 
 <?php Timer_scripts() ?>
 
@@ -2466,6 +2553,8 @@ function style_sheet(){ //******************************************************
 </head>
 <body>
 
+<?php Error_reporting_and_early_output(1,0) ?>
+
 <?php if ($page == "login"){ echo '<div id="main" class="login_page">'; }
       else                 { echo '<div id="main" class="container" >'; }
 ?>
diff --git a/readme.markdown b/readme.markdown
index a67e051..9f3e175 100755
--- a/readme.markdown
+++ b/readme.markdown
@@ -1,6 +1,6 @@
-# Current stable version: 3.3.07
+# Current stable version: 3.3.08
 
-### Auguest 1, 2012
+### Auguest 3, 2012
 
 - For reasons of required content, consistancy, & code simplicity, the format for language files is now php, instead of ini. While the ini format is cleaner looking and a bit easier to read, there are a few deal-breakers as far as using it to contain values for language strings (as used in OFCMS). Those issues, along with some general considerations of various pros & cons, are (or soon will be) detailed on the wiki page.
 
@@ -174,6 +174,11 @@ GENERATE/OUTPUT THE PAGE
 
 ## Change Log
 
+### 3.3.08
+
+- Added some basic error handling and now using buffering to capture errant early output.
+- Seperate function to handle dynamic css values.
+
 ### 3.3.07
 
 - Language file formats are now php instead of ini.

From dfd8a8e8158bb99f6ca5079adfcdb1749da097d2 Mon Sep 17 00:00:00 2001
From: David <selfevidenttruths@mail.com>
Date: Mon, 6 Aug 2012 11:40:00 -0400
Subject: [PATCH 126/228] 3.3.09 OFCMS requires 5.1.0 or later, due to changes
 in explode(). Set_Input_width(): removed: $WEB_ROOT = 'www/'; (left over from
 troubleshooting) Removed check for ($E_level & 32768) (got carried away...)
 Added comments to Error_reporting_and_early_output() Added default values for
 parameters in a couple SVG functions. Copy_Ren_Move_response(): Adjusted use
 of <b>

---
 onefilecms.php  | 53 +++++++++++++++++++++++++------------------------
 readme.markdown |  9 +++++++--
 2 files changed, 34 insertions(+), 28 deletions(-)

diff --git a/onefilecms.php b/onefilecms.php
index c3a4a35..7991258 100755
--- a/onefilecms.php
+++ b/onefilecms.php
@@ -1,7 +1,7 @@
 <?php
 // OneFileCMS - github.com/Self-Evident/OneFileCMS
 
-$OFCMS_version = '3.3.08';
+$OFCMS_version = '3.3.09';
 
 /*******************************************************************************
 Copyright © 2009-2012 https://github.com/rocktronica
@@ -105,8 +105,8 @@
 //System values & setup
 
 //Require PHP5.  Earliest version the author has for testing is 5.2.8 (50208)
-define('PHP_VERSION_ID_REQUIRED',50000); //Ex: 5.1.23 is 50123
-define('PHP_VERSION_REQUIRED'  ,'5.0 + '); //Used in die() message.
+define('PHP_VERSION_ID_REQUIRED',50100);   //Ex: 5.1.23 is 50123
+define('PHP_VERSION_REQUIRED'  ,'5.1 + '); //Used in exit() message.
 
 //The predefined constant PHP_VERSION_ID has only been available since 5.2.7.
 //So, convert PHP_VERSION (a string) to PHP_VERSION_ID (a number).
@@ -484,6 +484,8 @@ function hashit($key){ //*******************************************************
 
 
 function Error_reporting_and_early_output($show_status = 0, $show_types = 0) {//
+//Display the status of error_reporting(), and ini_get() of display_errors & log_errors.
+//Also displays any early output caught by ob_start().
 	global $_, $early_output;
 
 	$E_level = error_reporting();
@@ -504,11 +506,10 @@ function Error_reporting_and_early_output($show_status = 0, $show_types = 0) {//
 	if ( ($E_level &  4096) ==  4096 ) { $E_types .= 'E_RECOVERABLE_ERROR'.$spc; }
 	if ( ($E_level &  8192) ==  8192 ) { $E_types .= 'E_DEPRECATED'       .$spc; }
 	if ( ($E_level & 16384) == 16384 ) { $E_types .= 'E_USER_DEPRECATED'  .$spc; }
-	if ( ($E_level & 32768) == 32768 ) { $E_types .= 'E_ALL'              .$spc; }
 
-	if ( $show_status && ((ini_get('display_errors') == 'on') ||
-		 (ini_get('log_errors')     == 'on') ||
-		 (error_reporting()         !=  0  )) )
+	if ( $show_status && ( (error_reporting() !=  0) ||
+						   (ini_get('display_errors') == 'on') || 
+						   (ini_get('log_errors') == 'on') ) )
 	{
 ?>		<style>
 		.E_box {margin: 0;	 background-color: #Faa; font-size: 1em;
@@ -588,7 +589,7 @@ function URLencode_path($path){ // don't encode the forward slashes ************
 	$path_array = explode('/',$path);
 	$path = "";
 	foreach ($path_array as $level) { $path .= rawurlencode($level).'/'; }
-	$path = rtrim($path,'/').$TS;  //end with $TS only if started with one
+	$path = rtrim($path,'/').$TS;  //ends with $TS only if started with one
 	return $path;
 }//end URLencode_path($path) ***************************************************
 
@@ -768,7 +769,7 @@ function Cancel_Submit_Buttons($submit_label, $focus) { //**********************
 	<p> 
 	<input type="button" class="button" id="cancel" value="<?php echo hsc($_['Cancel']) ?>"
 		onclick="parent.location = '<?php echo $ONESCRIPT.$param1.$params ?>'">
-	<input type="submit" class="button" value="<?php echo $submit_label;?>" style="margin-left: 1.3em;">
+	<input type="submit" class="button" value="<?php echo $submit_label;?>" style="margin-left: 1em;">
 <?php 
 	if ($focus != ""){ echo '<script>document.getElementById("'.$focus.'").focus();</script>'; }
 	//Do not close the <p> tag yet/here. Need to leave it open for edit btn on hash page.
@@ -797,7 +798,7 @@ function show_image(){ //*******************************************************
 
 	echo '<p class="image_info">';
 	echo hsc($_['show_img_msg_01']).round($SCALE*100).
-	hsc($_['show_img_msg_02']).' '.$img_info[0].' x '.$img_info[1].').</p>';
+		 hsc($_['show_img_msg_02']).' '.$img_info[0].' x '.$img_info[1].').</p>';
 	echo '<div style="clear:both"></div>'.PHP_EOL;
 	echo '<a href="/' .URLencode_path($IMG). '" target="_blank">'.PHP_EOL;
 	echo '<img src="/'.URLencode_path($IMG).'"  height="'.($img_info[$H] * $SCALE).'"></a>'.PHP_EOL;
@@ -896,7 +897,7 @@ function svg_icon_svg(){ //*****************************************************
 
 
 
-function svg_icon_txt_0($border, $lines, $fill, $extra){ //*********************
+function svg_icon_txt_0($border, $lines, $fill, $extra = ""){ //****************
 return '<svg class="icon icon_file" xmlns="http://www.w3.org/2000/svg" version="1.1" width="14" height="16">
 	<rect x = "0" y = "0" width = "14" height = "16" 
 	fill="'.$fill.'" stroke="'.$border.'" stroke-width="2" />
@@ -910,22 +911,22 @@ function svg_icon_txt_0($border, $lines, $fill, $extra){ //*********************
 
 
 
-function svg_icon_txt(){ return svg_icon_txt_0('#333', '#000', '#FFF', ''); } //*******
+function svg_icon_txt(){ return svg_icon_txt_0('#333', '#000', '#FFF'); } //****
 
-function svg_icon_htm(){ return svg_icon_txt_0('#444', '#222', '#FABEAA', ''); } //**** rgb(250,190,170)
+function svg_icon_htm(){ return svg_icon_txt_0('#444', '#222', '#FABEAA'); } //* rgb(250,190,170)
 
-function svg_icon_php(){ return svg_icon_txt_0('#333', '#111', '#C3C3FF', ''); } //**** rgb(195,195,225)
+function svg_icon_php(){ return svg_icon_txt_0('#333', '#111', '#C3C3FF'); } //* rgb(195,195,225)
 
-function svg_icon_css(){ return svg_icon_txt_0('#333', '#111', '#FFE1A5', ''); } //**** rgb(255,225,165)
+function svg_icon_css(){ return svg_icon_txt_0('#333', '#111', '#FFE1A5'); } //* rgb(255,225,165)
 
-function svg_icon_cfg(){ return svg_icon_txt_0('#444', '#111', '#DDD', ''); } //*******
+function svg_icon_cfg(){ return svg_icon_txt_0('#444', '#111', '#DDD'); } //****
 
 
 
 function svg_icon_upload(){ //**************************************************
 	$extra = '<g transform="scale(1.1) translate(1.75,4)">
 		<polygon points="6,0  12,6  8,6  8,11  4,11  4,6  0,6" 
-		stroke-width="1" stroke="white" fill="green" /></g>';
+		stroke-width="1" stroke="white" fill="green" /></g>'; //up arrow
 
 	return svg_icon_txt_0('#333', 'black', 'white', $extra);
 } //end svg_icon_upload() ******************************************************
@@ -950,7 +951,7 @@ function svg_icon_file_del(){ //************************************************
 
 
 
-function svg_icon_folder_0($extra){ //******************************************
+function svg_icon_folder_0($extra = ""){ //*************************************
 
  return '<svg class="icon icon_fldr" xmlns="http://www.w3.org/2000/svg" version="1.1" width="18" height="14">
 	<path  d="M0.5, 1  L8,1  L9,2  L9,3  L16.5,3  L17,3.5  L17,13.5  L.5,13.5  L.5,.5" 
@@ -1549,7 +1550,7 @@ function New_File_response() { //***********************************************
 
 function Set_Input_width() { //*************************************************
 	global $WEB_ROOT, $MAIN_WIDTH;
-$WEB_ROOT = 'www/';
+
 	// (width of <input type=text>) = $MAIN_WIDTH - (Width of $WEB_ROOT)
 	// $MAIN_WIDTH may be in em, px, or pt.
 	// Width of 1 character = .625em = 10px = 7.5pt  (1em = 16px = 12pt)
@@ -1627,12 +1628,12 @@ function Copy_Ren_Move_response($old_name, $new_name, $action, $msg1, $msg2, $is
 		$message .= $EX.'<b>'.$msg1.' '.hsc($_['CRM_msg_02']).'</b><br>';
 		$message .= hte($filename);
 	}elseif (file_exists($new_name)) {
-		$message .= $EX.'<b>'.$msg1.' '.hsc($_['CRM_msg_03']).'<br>';
-		$message .= hte($WEB_ROOT.$new_name).'</b>';
+		$message .= $EX.'<b>'.$msg1.' '.hsc($_['CRM_msg_03']).'</b><br>';
+		$message .= hte($WEB_ROOT.$new_name).'<br>';
 	}elseif ($action($old_name, $new_name)) {
-		$message .= '<b>'.hte($WEB_ROOT.$old_name).'</b><br>';
-		$message .= ' --- '.$msg2.' '.hsc($_['CRM_msg_04']).' ---<br>';
-		$message .= '<b>'.hte($WEB_ROOT.$new_name).'</b><br>';
+		$message .= hte($WEB_ROOT.$old_name).'<br>';
+		$message .= '<b> --- '.$msg2.' '.hsc($_['CRM_msg_04']).' ---</b><br>';
+		$message .= hte($WEB_ROOT.$new_name).'<br>';
 		$filename = $new_name; //so edit page knows what to edit
 		if ($isfile) { $ipath = Check_path(dirname($filename)); } //if changed,
 		else         { $ipath = Check_path($filename); }          //return to new dir.
@@ -1640,9 +1641,9 @@ function Copy_Ren_Move_response($old_name, $new_name, $action, $msg1, $msg2, $is
 		$param2   = '&amp;f='.rawurlencode(basename($filename));
 		$param3   = '&amp;p=edit';
 	}else{
-		$message .= '<b>'.hte($WEB_ROOT.$old_name).'</b><br>';
+		$message .= hte($WEB_ROOT.$old_name).'<br>';
 		$message .= $EX.'<b>'.hsc($_['CRM_msg_05a']).' '.$msg1.' '.hsc($_['CRM_msg_05b']).'</b><br>';
-		$message .= '<b>'.hte($WEB_ROOT.$new_name).'</b>';
+		$message .= hte($WEB_ROOT.$new_name).'<br>';
 	}
 }//end Copy_Ren_Move_response() ************************************************
 
diff --git a/readme.markdown b/readme.markdown
index 9f3e175..a58f763 100755
--- a/readme.markdown
+++ b/readme.markdown
@@ -1,8 +1,13 @@
-# Current stable version: 3.3.08
+# Current stable version: 3.3.09
+
+### Auguest 6, 2012
+
+- I just noticed that a function OneFile uses has only been available since PHP 5.1.  So, I guess that's the new minimum required version. (Even though further down this page 5.2 is listed at the minimum version)
+
 
 ### Auguest 3, 2012
 
-- For reasons of required content, consistancy, & code simplicity, the format for language files is now php, instead of ini. While the ini format is cleaner looking and a bit easier to read, there are a few deal-breakers as far as using it to contain values for language strings (as used in OFCMS). Those issues, along with some general considerations of various pros & cons, are (or soon will be) detailed on the wiki page.
+- For reasons of required content, consistancy, & code simplicity, the format for language files is now php, instead of ini. While the ini format is cleaner looking and a bit easier to read, there are a few deal-breakers as far as using it to contain values for language strings (as used in OFCMS). Those issues, along with some general considerations of various pros & cons, are detailed on the wiki page.
 
 ### July 31, 2012
 

From 51f8472f67f25638d6aea1e0c4edf90008f8ba48 Mon Sep 17 00:00:00 2001
From: David <selfevidenttruths@mail.com>
Date: Tue, 7 Aug 2012 18:30:00 -0400
Subject: [PATCH 127/228] Version 3.3.10 Created Admin_Page() for [Hash Page] &
 [Edit OneFileCMS] links. Added "admin" to list of $valid_pages array
 Page_Title() & Load_Selected_Page(): added if ($page == "admin")... Added
 "admin" to list of pages to not show Current_Path_Header() or Admin link
 Admin link now loads Admin_Page() instead of Hash_Page(). Hash_Page():
 removed [Edit OneFileCMS] link. Added $_['page_title_admin'] =
 'Administration' 	  $_['admin_h2']         = 'Administration';
 Edit_Page_buttons_top(): If prior_page = admin, [Close] returns to Admin Page
 Edit_Page_buttons()    : If prior_page = admin, [Close] returns to Admin Page
 Added '<br>' to end of a few $message's. Added $_SESSION[recent_pages] array
 for use with cancel/close/return links Added Update_Recent_Pages() Added
 $_SESSION['admin_ipath'] = $ipath when admin page loaded. So after [Edit
 OneFileCMS],   returns to expected ipath. (not neccessarily path of
 OneFileCMS) Cancel_Submit_Buttons(): recent_pages code to help preserve ipath
 from admin page. Cancel_Submit_Buttons(): updated logic to determine [Cancel]
 action And, naturally, adjusted some css

---
 OneFileCMS_structure.txt |  14 +++--
 onefilecms.php           | 130 ++++++++++++++++++++++++++++++++++-----
 readme.markdown          |  15 ++++-
 3 files changed, 136 insertions(+), 23 deletions(-)

diff --git a/OneFileCMS_structure.txt b/OneFileCMS_structure.txt
index 5c54029..ede01a6 100755
--- a/OneFileCMS_structure.txt
+++ b/OneFileCMS_structure.txt
@@ -1,4 +1,4 @@
-Version 3.3.08
+Version 3.3.10
 
 LICENSE
 
@@ -6,25 +6,26 @@ SOME BASIC SECURITY & ERROR LOG SETTINGS
 
 CONFIGURATION SECTION
 
-GET EXTERNAL CONFIG (if exists)
-
 OTHER GLOBAL/SYSTEM VALUES
 
 MISC FUNCTIONS:
 	hsc()
 	hte()
 	Default_Language()
-	Load_Language()
 	Session_Startup()
 	Verify_IDLE_POST_etc()
 	hashit()
 	Error_reporting_and_early_output()
+	Current_Path_Header()
+	Update_Recent_Pages()
 	undo_magic_quotes()
 	Get_GET()
 	URLencode_path()
 	Check_path()
 	is_empty()
 	ordinalize()
+
+PAGE CHUNK FUNCTIONS
 	Current_Path_Header()
 	Page_Header()
 	message_box()
@@ -33,6 +34,7 @@ MISC FUNCTIONS:
 	show_image()
 	show_favicon()
 	Timeout_Timer()
+
 	Init_Macros()
 
 SVG ICON FUNCTIONS:
@@ -56,6 +58,7 @@ SVG ICON FUNCTIONS:
 	show_icon()
 
 PAGE & RESPONSE FUNCTIONS:
+	Admin_Page()
 	Hash_Page()
 	Hash_Page_response()
 	Logout()
@@ -95,7 +98,8 @@ JAVASCRIPT & STYLESHEET FUNCTIONS:
 
 LOGIC TO DETERMINE PAGE ACTION
 	Verify good PHP version
-	Load_Language()
+	Default_Language()
+	If external language file, load it
 	Session_Startup()
 	Get_GET()
 	Init_Macros()
diff --git a/onefilecms.php b/onefilecms.php
index 7991258..98d4ea7 100755
--- a/onefilecms.php
+++ b/onefilecms.php
@@ -1,7 +1,7 @@
 <?php
 // OneFileCMS - github.com/Self-Evident/OneFileCMS
 
-$OFCMS_version = '3.3.09';
+$OFCMS_version = '3.3.10';
 
 /*******************************************************************************
 Copyright © 2009-2012 https://github.com/rocktronica
@@ -129,7 +129,7 @@
 $WEBSITE   = $_SERVER["HTTP_HOST"].'/';
 $LOGIN_ATTEMPTS = $DOC_ROOT.trim($_SERVER["SCRIPT_NAME"],'/').'.invalid_login_attempts';
 
-$valid_pages = array("hash", "login","logout","index","edit","upload","uploaded","newfile","copy","rename","delete","newfolder","renamefolder","deletefolder" );
+$valid_pages = array("admin", "hash", "login","logout","index","edit","upload","uploaded","newfile","copy","rename","delete","newfolder","renamefolder","deletefolder" );
 
 $INVALID_CHARS = '< > ? * : " | / \\'; //Illegal characters for file/folder names.
 $INVALID_CHARS_array = explode(' ', $INVALID_CHARS); // (Space deliminated)
@@ -235,6 +235,8 @@ function Default_Language() { // ***********************************************
 $_['show_img_msg_01'] = 'Image shown at ~';
 $_['show_img_msg_02'] = '% of full size (W x H =';
 
+$_['admin_h2'] = 'Administration';
+
 $_['hash_h2']     = 'Generate a Password Hash';
 $_['hash_txt_01'] = 'There are two ways to change your OneFileCMS password:';
 $_['hash_txt_02'] = '1) Use the $PASSWORD config variable to store your desired password, and set $USE_HASH = 0 (zero).';
@@ -368,6 +370,7 @@ function Default_Language() { // ***********************************************
 $_['delete_folder_msg_03'] = 'an error occurred during delete.';
 
 $_['page_title_login']      = 'Log In';
+$_['page_title_admin']      = 'Administration';
 $_['page_title_hash']       = 'Hash Page';
 $_['page_title_edit']       = 'Edit/View File';
 $_['page_title_upload']     = 'Upload File';
@@ -542,6 +545,45 @@ function Error_reporting_and_early_output($show_status = 0, $show_types = 0) {//
 
 
 
+function Update_Recent_Pages($pop_current = 0) { //*****************************
+	global $page;
+
+	$recent_pages = array("");
+	$pages = 0; //Index to recent_page
+	
+	if (!isset($_SESSION['recent_pages'])) { $_SESSION['recent_pages'] = array(""); }
+	$pages = count($_SESSION['recent_pages']) - 1;
+
+	//Reverse so index [0] is oldest page (re-reversed at end of function)
+	$_SESSION['recent_pages'] = array_reverse($_SESSION['recent_pages']);
+
+	if ($pop_current)
+	{
+		//Sometimes we just want to discard the most recent page.
+		array_pop($_SESSION['recent_pages']);
+	}
+	elseif ( $page != $_SESSION['recent_pages'][$pages] )
+	{
+		//Add new page to arrray of recent_pages
+		//if (new page) == (prior page) (from a page reload etc.), don't update
+		$_SESSION['recent_pages'][$pages+1] = $page;
+		$pages = count($_SESSION['recent_pages']);
+	}
+
+	//Only need 3 most recent pages (increase if needed)
+	if ($pages > 3) { array_shift($_SESSION['recent_pages']); }
+
+	//Reverse order so the current page is index [0]
+	$_SESSION['recent_pages'] = array_reverse($_SESSION['recent_pages']);
+	
+	//admin_ipath is not needed on index page
+	if ($page == "index") { unset($_SESSION['admin_ipath']); }
+
+}//end Update_Recent_Pages() ***************************************************
+
+
+
+
 function undo_magic_quotes(){ //************************************************
 
 	function strip_array($var) {
@@ -761,10 +803,18 @@ function Upload_New_Rename_Delete_Links() { //**********************************
 function Cancel_Submit_Buttons($submit_label, $focus) { //**********************
 	//$submit_label = Rename, Copy, Delete, etc...
 	//$focus is ID of element to receive focus(). (element may be outside this function)
-	global $_, $ONESCRIPT, $ipath, $param1, $param2, $filename, $page;
+	global $_, $ONESCRIPT, $ipath, $param1, $param2, $filename, $page, $message;
 
-	// [Cancel] returns to either the index, or edit page.
-	if ($filename == "") {$params = "";}else{ $params = $param2.'&amp;p=edit'; }
+	//Cancel returns to either admin, edit, or index page.
+	if ($_SESSION['recent_pages'][1] == "admin") { $params = '&amp;p=admin'; }
+	elseif  ($filename != "")               { $params = $param2.'&amp;p=edit'; }
+	else                                    { $params = ""; }
+
+	//If came from edit page via admin page, drop this page from recent_pages
+	//This helps preserve ipath prior to admin page
+	if ( ($_SESSION['recent_pages'][2] == "admin") && ($_SESSION['recent_pages'][1] == "edit") ) {
+		Update_Recent_Pages(1); //1 or true = drop current page from recent_pages
+	}
 ?>
 	<p> 
 	<input type="button" class="button" id="cancel" value="<?php echo hsc($_['Cancel']) ?>"
@@ -772,7 +822,8 @@ function Cancel_Submit_Buttons($submit_label, $focus) { //**********************
 	<input type="submit" class="button" value="<?php echo $submit_label;?>" style="margin-left: 1em;">
 <?php 
 	if ($focus != ""){ echo '<script>document.getElementById("'.$focus.'").focus();</script>'; }
-	//Do not close the <p> tag yet/here. Need to leave it open for edit btn on hash page.
+
+	//Do not close the <p> tag yet/here. Leave it open for potential content on individual pages.
 }// End Cancel_Submit_Buttons() //**********************************************
 
 
@@ -1011,9 +1062,39 @@ function show_icon($type){ //***************************************************
 
 
 
+function Admin_Page() { //******************************************************
+	global $_, $ONESCRIPT, $ipath, $filename, $param1, $param2, $EX, $message, $config_title;
+
+	$_SESSION['admin_ipath']  = $ipath; //Used so after Edit OneFile, returns to ipath user expects.
+
+	// [Close] returns to either the index or edit page.
+	$params = "";
+	if ($filename != "") { $params = $param2.'&amp;p=edit'; }
+
+	$edit_params = '?i='.URLencode_path(dirname($ONESCRIPT)).'&amp;f='.rawurlencode(basename($ONESCRIPT)).'&amp;p=edit';
+?>
+	<h2><?php echo hsc($_['admin_h2']) ?></h2>
+<span class="admin_buttons">
+	<input type="button" class="button" id="cancel"    value="<?php echo hsc($_['Close']) ?>"
+		onclick="parent.location = '<?php echo $ONESCRIPT.$param1.$params ?>'">
+
+	<input type="button" class="button" id="hash"      value="<?php echo hsc('Hash Page') ?>"
+		onclick="parent.location = '<?php echo $ONESCRIPT.$param1.'&amp;p=hash' ?>'">
+
+	<input type="button" class="button" id="editOFCMS" value="<?php echo hsc($_['Edit'].' '.$config_title) ?>"
+		onclick="parent.location = '<?php echo $ONESCRIPT.$edit_params ?>'">
+</span>
+<?php
+	echo '<script>document.getElementById("cancel").focus();</script>';
+return;
+}//end Admin_Page() ************************************************************
+
+
+
+
 function Hash_Page() { //******************************************************
 	global $_, $DOC_ROOT, $ONESCRIPT, $param1, $param2, $message, $INPUT_NUONCE, $config_title;
-	$params = '?i='.dirname($ONESCRIPT).'&amp;f='.basename($ONESCRIPT).'&amp;p=edit';
+
 	if (!isset($_POST['whattohash'])) { $_POST['whattohash'] = ''; }
 ?>
 	<style>#message {font-family: courier; min-height: 3.1em;}
@@ -1026,7 +1107,6 @@ function Hash_Page() { //******************************************************
 		<?php echo hsc($_['pass_to_hash']) ?>
 		<input type="text" name="whattohash" id="whattohash" value="<?php echo hsc($_POST["whattohash"]) ?>">
 		<?php Cancel_Submit_Buttons(hsc($_['Generate_Hash']), 'whattohash') ?>
- 		<a class="button edit_onefile" href="<?php echo $ONESCRIPT.$params; ?>" ><?php echo hsc($_['Edit']).' '.$config_title ?></a>
 	</form>
 
 	<div class="info">
@@ -1061,7 +1141,7 @@ function Hash_response() { //***************************************************
 	global $_, $message;
 	$_POST['whattohash'] = trim($_POST['whattohash']); // trim leading & trailing spaces.
 	$message .= hsc($_['hash_msg_01']).' '.hsc($_POST['whattohash']).'<br>';
-	$message .= hsc($_['hash_msg_02']).hashit($_POST["whattohash"]); //NO SPACE between msg_02 & hash!
+	$message .= hsc($_['hash_msg_02']).hashit($_POST["whattohash"]).'<br>'; //NO SPACE between msg_02 & hash!
 } //end Hash_response() ********************************************************
 
 
@@ -1221,6 +1301,11 @@ function Index_Page(){ //*******************************************************
 
 function Edit_Page_buttons_top($text_editable,$file_ENC){ //********************
 	global $_, $ONESCRIPT, $param1, $filename;
+
+	//For [Close] button if came from admin page
+	$params = $param1;
+	if ($_SESSION['recent_pages'][1] == "admin") { $params = '?i='.URLencode_path($_SESSION['admin_ipath']).'&amp;p=admin'; }
+
 ?>
 	<div class="edit_btns_top">
 		<div class="file_meta">
@@ -1238,7 +1323,7 @@ function Edit_Page_buttons_top($text_editable,$file_ENC){ //********************
 				<input type="button" id="wide_view" class="button" value="<?php echo hsc($_['Wide_View']) ?>" onclick="Wide_View();">
 			<?php } ?>
 			<input type="button" id="close1" class="button" value="<?php echo hsc($_['Close']) ?>" 
-				onclick="parent.location = '<?php echo $ONESCRIPT.$param1 ?>'">
+				onclick="parent.location = '<?php echo $ONESCRIPT.$params ?>'">
 			<script>document.getElementById('close1').focus();</script>
 		</div>
 		<div style="clear:both"></div>
@@ -1253,6 +1338,10 @@ function Edit_Page_buttons($text_editable, $too_large_to_edit) { //*************
 	global $_, $ONESCRIPT, $param1, $param2, $MAX_IDLE_TIME;
 	$Button = '<input type="button" class="button" value="';
 	$ACTION = '" onclick="parent.location = \''.$ONESCRIPT.$param1.$param2.'&amp;p=';
+
+	//For [Close] button if came from admin page
+	$params = $param1;
+	if ($_SESSION['recent_pages'][1] == "admin") { $params = '?i='.URLencode_path($_SESSION['admin_ipath']).'&amp;p=admin'; }
 ?>
 	<div class="edit_btns_bottom">
 	<?php if ($text_editable && !$too_large_to_edit) { //Show save & reset only if editable file ?> 
@@ -1269,7 +1358,7 @@ function Edit_Page_buttons($text_editable, $too_large_to_edit) { //*************
 	<?php echo $Button.hsc($_['Ren_Move']).$ACTION ?>rename'">
 	<?php echo $Button.hsc($_['Copy'])    .$ACTION ?>copy'"  >
 	<?php echo $Button.hsc($_['Delete'])  .$ACTION ?>delete'">
-	<?php echo $Button.hsc($_['Close']) ?>" onclick="parent.location = '<?php echo $ONESCRIPT.$param1 ?>'">
+	<?php echo $Button.hsc($_['Close']) ?>" onclick="parent.location = '<?php echo $ONESCRIPT.$params ?>'">
 	</div>
 <?php
 }//end Edit_Page_buttons()******************************************************
@@ -1777,6 +1866,7 @@ function Page_Title(){ //***<title>Page_Title()</title>*************************
 	global $_, $page;
 
 	if     ($page == "login")        { return hsc($_['page_title_login']);     }
+	elseif ($page == "admin")        { return hsc($_['page_title_admin']);     }
 	elseif ($page == "hash")         { return hsc($_['page_title_hash']);      }
 	elseif ($page == "edit")         { return hsc($_['page_title_edit']);      }
 	elseif ($page == "upload")       { return hsc($_['page_title_upload']);    }
@@ -1797,6 +1887,7 @@ function Load_Selected_Page(){ //***********************************************
 	global $_, $ONESCRIPT, $page;
 
 	if     ($page == "login")        { Login_Page();         }
+	elseif ($page == "admin")        { Admin_Page();         }
 	elseif ($page == "hash")         { Hash_Page();          }
 	elseif ($page == "edit")         { Edit_Page();          }
 	elseif ($page == "upload")       { Upload_Page();        }
@@ -2402,7 +2493,7 @@ function style_sheet(){ //******************************************************
 
 #admin {padding: .3em;}
 
-.web_root { font: 1em Courier; }
+.web_root {font: 1em Courier;}
 
 .icon {float: left; margin: 0 .3em 0 0;}
 
@@ -2425,6 +2516,8 @@ function style_sheet(){ //******************************************************
 .edit_btns_bottom { float: right; margin-bottom: .65em; }
 .edit_btns_bottom .button { margin-left: .5em; }
 
+.admin_buttons .button { margin-right: .5em; }
+
 #upload_file { margin-bottom: .6em; }
 </style>
 <?php 
@@ -2516,9 +2609,12 @@ function Language_and_config_adjusted_styles() {//******************************
 	elseif ( ($page == "edit") && ($filename == trim(rawurldecode($ONESCRIPT), '/')) ) { 
 		if ( $message == "" ) { $BR = ""; } else { $BR = '<br>';}
 		$message .= '<style>#message p {background: red; color: white;}</style>';
-		$message .= $EX.'<b>'.hsc($_['edit_caution_01']).' '.$EX.hsc($_['edit_caution_02']).'</b>';
+		$message .= $EX.'<b>'.hsc($_['edit_caution_01']).' '.$EX.hsc($_['edit_caution_02']).'</b><br>';
 	}
 	//end verify $page and/or $filename **************
+
+	Update_Recent_Pages();
+
 }//end if $_SESSION[valid] *************************************
 
 //end logic to determine page action *******************************************
@@ -2554,7 +2650,7 @@ function Language_and_config_adjusted_styles() {//******************************
 </head>
 <body>
 
-<?php Error_reporting_and_early_output(1,0) ?>
+<?php Error_reporting_and_early_output(1,0);  ?>
 
 <?php if ($page == "login"){ echo '<div id="main" class="login_page">'; }
       else                 { echo '<div id="main" class="container" >'; }
@@ -2562,7 +2658,7 @@ function Language_and_config_adjusted_styles() {//******************************
 
 <?php Page_Header() ?>
 
-<?php if ( $page != "login"  &&  $page != "hash" ) { Current_Path_Header(); } ?>
+<?php if ( $page != "login"  &&  $page != "admin"  &&  $page != "hash" ) { Current_Path_Header(); } ?>
 
 <?php message_box() ?>
 
@@ -2577,8 +2673,8 @@ function Language_and_config_adjusted_styles() {//******************************
 }
 
 //Admin link
-if ( ($page != "login") && ($page != "hash") ){
-	echo '<a id="admin" href="'.$ONESCRIPT.$param1.$param2.'&amp;p=hash">'.hsc($_['Admin']).'</a>';
+if ( ($page != "login") && ($page != "hash") && ($page != "admin") ){
+	echo '<a id="admin" href="'.$ONESCRIPT.$param1.$param2.'&amp;p=admin">'.hsc($_['Admin']).'</a>';
 }
 ?>
 
diff --git a/readme.markdown b/readme.markdown
index a58f763..ea398ed 100755
--- a/readme.markdown
+++ b/readme.markdown
@@ -1,4 +1,9 @@
-# Current stable version: 3.3.09
+# Current stable version: 3.3.10
+
+### Auguest 7, 2012
+
+- Created an actual "Admin" page that has links to admin functions: Hash Page, Edit OneFileCMS, and (soon) Change Password.
+
 
 ### Auguest 6, 2012
 
@@ -179,6 +184,14 @@ GENERATE/OUTPUT THE PAGE
 
 ## Change Log
 
+### 3.3.10
+
+- Created an actual "Admin" page that has links to admin functions: Hash Page, Edit OneFileCMS, and (soon) Change Password.
+
+### 3.3.09 
+
+- Minor code improvements & cleanup.
+
 ### 3.3.08
 
 - Added some basic error handling and now using buffering to capture errant early output.

From dde5af8323b0b800ad9afd7c6f0fcdc6ac8e782d Mon Sep 17 00:00:00 2001
From: Self-Evident <selfevidenttruths@mail.com>
Date: Thu, 9 Aug 2012 03:00:00 -0400
Subject: [PATCH 128/228] Version 3.3.11 Tweaked a few $_[] values. (incidental
 changes) Added $_['get_get_msg_02'] updated: $_['page_title_admin'],
 $_['page_title_hash'] Consolidated & removed $[..._h2] strings with
 cooresponding $_[page_title_...] strings. Login_response() &
 Session_startup():   Ignore login if EITHER username OR password are omitted.
   (formally, ignored only if BOTH were omitted) Verify_IDLE_POST_etc():
 tweaked user_agent check. $_SESSION['USER_AGENT'] to $_SESSION['user_agent']
 Timeout_Timer(): added a couple default parameter values. Improved validation
 of $_GET[] parameters. Improved Directory/Filename "...does not exist..."
 $messages. Hash_Page(): move inline style to style_sheet() Minor improvement
 to $page checks at end of page logic (before html output). Hash_response():
 Ignore/don't hash empty strings. Updated langauge files as needed.

---
 OneFileCMS.LANG.DE.php |  27 +++----
 OneFileCMS.LANG.EN.php |  50 ++++++-------
 OneFileCMS.LANG.ES.php |  41 ++++++-----
 onefilecms.php         | 160 +++++++++++++++++++++++------------------
 4 files changed, 151 insertions(+), 127 deletions(-)

diff --git a/OneFileCMS.LANG.DE.php b/OneFileCMS.LANG.DE.php
index d5b8f78..8c66682 100755
--- a/OneFileCMS.LANG.DE.php
+++ b/OneFileCMS.LANG.DE.php
@@ -1,5 +1,5 @@
 <?php
-// OneFileCMS Language Settings v3.3.07
+// OneFileCMS Language Settings v3.3.11
 //
 $_['LANGUAGE'] = 'Deutsch';
 
@@ -28,8 +28,8 @@
 
 $_['Upload_File'] = 'Datei heraufladen';
 $_['New_File']    = 'Datei erstellen';
-$_['Ren_Move']    = 'Umbenennen/Verschieben';
-$_['Ren_Moved']   = 'Umbenannt/Verschoben';
+$_['Ren_Move']    = 'Umbenennen / Verschieben';
+$_['Ren_Moved']   = 'Umbenannt / Verschoben';
 $_['New_Folder']  = 'Neuer Ordner';
 $_['Ren_Folder']  = 'Ordner umbenennen/verschieben';
 $_['Del_Folder']  = 'Ordner löschen';
@@ -43,7 +43,7 @@
 $_['Create'] = 'Erstellen';
 $_['Copy']   = 'Kopieren';
 $_['Copied'] = 'Kopiert';
-$_['Rename'] = 'Umbenennen';
+$_['Rename'] = 'Umbenennen / Verschoben';
 $_['Delete'] = 'Löschen';
 $_['DELETE'] = 'LÖSCHEN';
 $_['File']   = 'Datei';
@@ -68,6 +68,7 @@
 $_['verify_msg_02'] = 'UNGÜLTIGE DATENSENDUNG';
 
 $_['get_get_msg_01'] = 'Die Datei wurde nicht gefunden:';
+$_['get_get_msg_02'] = 'Invalid page request.';
 
 $_['check_path_msg_01'] = 'Das Verzeichnis wurde nicht gefunden: ';
 
@@ -77,7 +78,6 @@
 $_['show_img_msg_01'] = 'Die Bilddarstellung entspricht ~';
 $_['show_img_msg_02'] = '% der wahren Größe (W x H = ';
 
-$_['hash_h2']     = 'Streuwertgenerierung für das Passwort';
 $_['hash_txt_01'] = 'Es gibt zwei Wege, wie Sie Ihr OneFileCMS-Passwort ändern können:';
 $_['hash_txt_02'] = '1) Verwenden Sie die Konfigurationsvariable $PASSWORD, um Ihr gewünschtes Passwort zu speichern. In diesem Fall sollte $USE_HASH auf 0 gesetzt werden.';
 $_['hash_txt_03'] = '2) Oder Sie verwenden die Konfigurationsvariable $HASHWORD, um den Streuwert Ihres Passwortes zu speichern. Setzen Sie $USE_HASH in diesem Fall auf 1.';
@@ -94,9 +94,8 @@
 $_['hash_txt_14'] = 'Eine weitere, kleine Sicherheitsvorkehrung wäre, das Salz oder die Methode für die Streuwertgenerierung von OneFileCMS zu ändern.';
 
 $_['hash_msg_01'] = 'Passwort: ';
-$_['hash_msg_02'] = 'Streuwert    : ';
+$_['hash_msg_02'] = 'Streuwert: ';
 
-$_['login_h2']     = 'Anmelden';
 $_['login_txt_01'] = 'Benutzername:';
 $_['login_txt_02'] = 'Password:';
 
@@ -140,7 +139,6 @@
 $_['edit_msg_02'] = 'Bytes geschrieben.';
 $_['edit_msg_03'] = 'Bei dem Versuch die Datei zu speichern trat ein Fehler auf.';
 
-$_['upload_h2']     = 'Datei heraufladen';
 $_['upload_txt_01'] = '  per upload_max_filesize in php.ini.';
 $_['upload_txt_02'] = 'per post_max_size in php.ini';
 $_['upload_txt_03'] = 'Anmerkung: Die maximale Dateigröße für das Heraufladen von Dateien beträgt: ';
@@ -163,7 +161,6 @@
 $_['upload_msg_05'] = 'Das Heraufladen war erfolgreich! ';
 $_['upload_msg_06'] = 'Das Heraufladen ist fehlgeschlagen: ';
 
-$_['new_file_h2'] = 'Neue Datei';
 $_['new_file_txt_01'] = 'Die Datei wird im aktuellen Ordner erstellt.  ';
 $_['new_file_txt_02'] = 'Ungültige Zeichen für Dateinamen sind: ';
 
@@ -185,13 +182,11 @@
 $_['CRM_msg_05a'] = 'Fehler während ';
 $_['CRM_msg_05b'] = ' des folgenden Vorgangs:';
 
-$_['delete_h2'] = 'Datei löschen';
 $_['delete_txt_01'] = 'Sind Sie sicher?';
 
 $_['delete_msg_01'] = 'Gelöschte Datei:';
 $_['delete_msg_02'] = 'Während des Löschvorgangs trat ein Fehler auf ';
 
-$_['new_folder_h2'] = 'Neuer Ordner';
 $_['new_folder_txt_1'] = 'Der neue Ordner wird als Unterordner des aktuellen Ordners angelegt.  ';
 $_['new_folder_txt_2'] = 'Ungültige Zeichen für Ordnernamen sind: ';
 
@@ -202,7 +197,6 @@
 $_['new_folder_msg_05'] = 'Ordner erstellt:';
 $_['new_folder_msg_06'] = 'Fehler - der Ordner konnte nicht erstellt werden: ';
 
-$_['delete_folder_h2']     = 'Ordner löschen';
 $_['delete_folder_txt_01'] = 'Sind Sie sicher?';
 
 $_['delete_folder_msg_01'] = 'Der Ordner ist nicht leer.   Bevor ein Ordner gelöscht werden kann, muss er geleert werden.';
@@ -210,7 +204,9 @@
 $_['delete_folder_msg_03'] = 'während des Löschvorgangs trat ein Fehler auf.';
 
 $_['page_title_login']      = 'Anmelden';
+$_['page_title_admin']      = 'Administration Options';
 $_['page_title_hash']       = 'Hash Page';
+
 $_['page_title_edit']       = 'Datei bearbeiten/betrachten';
 $_['page_title_upload']     = 'Datei heraufladen';
 $_['page_title_new_file']   = 'Neue Datei';
@@ -236,3 +232,10 @@
 $_['edit_caution_02']  = ' Sie bearbeiten gerade die aktive Version von OneFileCMS - Sichern Sie den Code und seien Sie vorsichtig !!';
 
 $_['time_out_txt'] = 'Automatischer Sitzungsstopp in:';
+
+$_['error_reporting_01'] = 'Display errors is';
+$_['error_reporting_02'] = 'Log errors is';
+$_['error_reporting_03'] = 'Error reporting is set to';
+$_['error_reporting_04'] = 'Showing error types';
+$_['error_reporting_05'] = 'Unexpected early output';
+$_['error_reporting_06'] = '(nothing, not even white-space, should have been output yet)';
diff --git a/OneFileCMS.LANG.EN.php b/OneFileCMS.LANG.EN.php
index f755df3..030af74 100755
--- a/OneFileCMS.LANG.EN.php
+++ b/OneFileCMS.LANG.EN.php
@@ -1,5 +1,5 @@
 <?php
-// OneFileCMS Language Settings v3.3.08
+// OneFileCMS Language Settings v3.3.11
 
 $_['LANGUAGE'] = 'English';
 
@@ -28,10 +28,10 @@
 
 $_['Upload_File'] = 'Upload File';
 $_['New_File']    = 'New File';
-$_['Ren_Move']    = 'Rename/Move';
-$_['Ren_Moved']   = 'Renamed/Moved';
+$_['Ren_Move']    = 'Rename / Move';
+$_['Ren_Moved']   = 'Renamed / Moved';
 $_['New_Folder']  = 'New Folder';
-$_['Ren_Folder']  = 'Rename/Move Folder';
+$_['Ren_Folder']  = 'Rename / Move Folder';
 $_['Del_Folder']  = 'Delete Folder';
 
 $_['Admin']  = 'Admin';
@@ -43,7 +43,7 @@
 $_['Create'] = 'Create';
 $_['Copy']   = 'Copy';
 $_['Copied'] = 'Copied';
-$_['Rename'] = 'Rename';
+$_['Rename'] = 'Rename / Move';
 $_['Delete'] = 'Delete';
 $_['DELETE'] = 'DELETE';
 $_['File']   = 'File';
@@ -68,6 +68,7 @@
 $_['verify_msg_02'] = 'INVALID POST';
 
 $_['get_get_msg_01'] = 'File does not exist:';
+$_['get_get_msg_02'] = 'Invalid page request.';
 
 $_['check_path_msg_01'] = 'Directory does not exist: ';
 
@@ -77,7 +78,6 @@
 $_['show_img_msg_01'] = 'Image shown at ~';
 $_['show_img_msg_02'] = '% of full size (W x H =';
 
-$_['hash_h2']     = 'Generate a Password Hash';
 $_['hash_txt_01'] = 'There are two ways to change your OneFileCMS password:';
 $_['hash_txt_02'] = '1) Use the $PASSWORD config variable to store your desired password, and set $USE_HASH = 0 (zero).';
 $_['hash_txt_03'] = '2) Or, use $HASHWORD to store the hash of your password, and set $USE_HASH = 1.';
@@ -91,12 +91,11 @@
 $_['hash_txt_11'] = 'Make sure $USE_HASH is set to 1 (or true).';
 $_['hash_txt_12'] = 'When ready, logout and login.';
 $_['hash_txt_13'] = 'You can use OneFileCMS to edit itself.  However, be sure to have a backup ready for the inevitable ytpo...';
-$_['hash_txt_14'] = 'For another small improvement to security, change the default salt and/or method used by OneFileCMS to hash the password (and keep them secret, of course).  Remever, every little bit helps...';
+$_['hash_txt_14'] = 'For another small improvement to security, change the default salt and/or method used by OneFileCMS to hash the password (and keep \'em secret, of course).  Remever, every little bit helps...';
 
 $_['hash_msg_01'] = 'Password: ';
 $_['hash_msg_02'] = 'Hash    : ';
 
-$_['login_h2']     = 'Log In';
 $_['login_txt_01'] = 'Username:';
 $_['login_txt_02'] = 'Password:';
 
@@ -122,15 +121,15 @@
 
 $_['too_large_to_edit_01a'] = 'Edit disabled. Filesize >';
 $_['too_large_to_edit_01b'] = 'bytes.';
-$_['too_large_to_edit_02'] = 'Some browsers (ie: IE) bog down or become unstable while editing a large file in an HTML <textarea>.';
-$_['too_large_to_edit_03'] = 'Adjust $MAX_EDIT_SIZE in the configuration section of OneFileCMS as needed.';
-$_['too_large_to_edit_04'] = 'A simple trial and error test can determine a practical limit for a given browser/computer.';
+$_['too_large_to_edit_02']  = 'Some browsers (ie: IE) bog down or become unstable while editing a large file in an HTML <textarea>.';
+$_['too_large_to_edit_03']  = 'Adjust $MAX_EDIT_SIZE in the configuration section of OneFileCMS as needed.';
+$_['too_large_to_edit_04']  = 'A simple trial and error test can determine a practical limit for a given browser/computer.';
 
 $_['too_large_to_view_01a'] = 'View disabled. Filesize >';
 $_['too_large_to_view_01b'] = 'bytes.';
-$_['too_large_to_view_02'] = 'Click the file name above to view as normally rendered in a browser window.';
-$_['too_large_to_view_03'] = 'Adjust $MAX_VIEW_SIZE in the configuration section of OneFileCMS as needed.';
-$_['too_large_to_view_04'] = '(The default value for $MAX_VIEW_SIZE is completely arbitrary, and may be adjusted as desired.)';
+$_['too_large_to_view_02']  = 'Click the file name above to view as normally rendered in a browser window.';
+$_['too_large_to_view_03']  = 'Adjust $MAX_VIEW_SIZE in the configuration section of OneFileCMS as needed.';
+$_['too_large_to_view_04']  = '(The default value for $MAX_VIEW_SIZE is completely arbitrary, and may be adjusted as desired.)';
 
 $_['meta_txt_01'] = 'Filesize:';
 $_['meta_txt_02'] = 'bytes.';
@@ -140,7 +139,6 @@
 $_['edit_msg_02'] = 'bytes written.';
 $_['edit_msg_03'] = 'There was an error saving file.';
 
-$_['upload_h2']     = 'Upload File';
 $_['upload_txt_01'] = 'per upload_max_filesize in php.ini.';
 $_['upload_txt_02'] = 'per post_max_size in php.ini';
 $_['upload_txt_03'] = 'Note: Maximum upload file size is:';
@@ -163,7 +161,6 @@
 $_['upload_msg_05'] = 'Upload successful!';
 $_['upload_msg_06'] = 'Upload failed:';
 
-$_['new_file_h2']     = 'New File';
 $_['new_file_txt_01'] = 'File will be created in the current folder.';
 $_['new_file_txt_02'] = 'Some invalid characters are: ';
 
@@ -178,20 +175,18 @@
 $_['CRM_txt_02']  = 'Old name:';
 $_['CRM_txt_03']  = 'New name:';
 
-$_['CRM_msg_01'] = 'Error - new parent location does not exist:';
-$_['CRM_msg_02'] = 'Error - source file does not exist:';
-$_['CRM_msg_03'] = 'Error - target filename already exists:';
-$_['CRM_msg_04'] = 'to';
+$_['CRM_msg_01']  = 'Error - new parent location does not exist:';
+$_['CRM_msg_02']  = 'Error - source file does not exist:';
+$_['CRM_msg_03']  = 'Error - target filename already exists:';
+$_['CRM_msg_04']  = 'to';
 $_['CRM_msg_05a'] = 'Error during';
 $_['CRM_msg_05b'] = 'from the above to the following:';
 
-$_['delete_h2']     = 'Delete File';
 $_['delete_txt_01'] = 'Are you sure?';
 
 $_['delete_msg_01'] = 'Deleted file:';
 $_['delete_msg_02'] = 'Error deleting';
 
-$_['new_folder_h2']    = 'New Folder';
 $_['new_folder_txt_1'] = 'Folder will be created in the current folder.';
 $_['new_folder_txt_2'] = 'Some invalid characters are:';
 
@@ -202,7 +197,6 @@
 $_['new_folder_msg_05'] = 'Created folder:';
 $_['new_folder_msg_06'] = 'Error - new folder not created:';
 
-$_['delete_folder_h2']     = 'Delete Folder';
 $_['delete_folder_txt_01'] = 'Are you sure?';
 
 $_['delete_folder_msg_01'] = 'Folder not empty.   Folders must be empty before they can be deleted.';
@@ -210,15 +204,17 @@
 $_['delete_folder_msg_03'] = 'an error occurred during delete.';
 
 $_['page_title_login']      = 'Log In';
-$_['page_title_hash']       = 'Hash Page';
-$_['page_title_edit']       = 'Edit/View File';
+$_['page_title_admin']      = 'Administration Options';
+$_['page_title_hash']       = 'Generate a Password Hash';
+
+$_['page_title_edit']       = 'Edit / View File';
 $_['page_title_upload']     = 'Upload File';
 $_['page_title_new_file']   = 'New File';
 $_['page_title_copy']       = 'Copy File';
-$_['page_title_ren']        = 'Rename File';
+$_['page_title_ren']        = 'Rename / Move File';
 $_['page_title_del']        = 'Delete File';
 $_['page_title_folder_new'] = 'New Folder';
-$_['page_title_folder_ren'] = 'Rename/Move Folder';
+$_['page_title_folder_ren'] = 'Rename / Move Folder';
 $_['page_title_folder_del'] = 'Delete Folder';
 
 $_['session_warning'] = 'Warning: Session timeout soon!';
diff --git a/OneFileCMS.LANG.ES.php b/OneFileCMS.LANG.ES.php
index 76b74b5..2024edb 100755
--- a/OneFileCMS.LANG.ES.php
+++ b/OneFileCMS.LANG.ES.php
@@ -1,5 +1,5 @@
 <?php
-// OneFileCMS Language Settings v3.3.07
+// OneFileCMS Language Settings v3.3.11
 
 $_['LANGUAGE'] = 'Espanõla';
 
@@ -28,10 +28,10 @@
 
 $_['Upload_File'] = 'Subir Archivo';
 $_['New_File']    = 'Archivo Nuevo';
-$_['Ren_Move']    = 'Renombrar/Mover';
+$_['Ren_Move']    = 'Renombrar / Mover';
 $_['Ren_Moved']   = 'Renombrado/Movido';
 $_['New_Folder']  = 'Carpeta Nueva';
-$_['Ren_Folder']  = 'Renombrar/Mover Carpeta';
+$_['Ren_Folder']  = 'Renombrar / Mover Carpeta';
 $_['Del_Folder']  = 'Borrar Carpeta';
 
 $_['Admin']  = 'Administrador';
@@ -43,7 +43,7 @@
 $_['Create'] = 'Crear';
 $_['Copy']   = 'Copiar';
 $_['Copied'] = 'Copiado';
-$_['Rename'] = 'Renombrar';
+$_['Rename'] = 'Renombrar / Mover';
 $_['Delete'] = 'Eliminar';
 $_['DELETE'] = 'ELIMINAR';
 $_['File']   = 'Archivo';
@@ -68,6 +68,7 @@
 $_['verify_msg_02'] = 'POST INVÁLIDO';
 
 $_['get_get_msg_01'] = 'El archivo no existe:';
+$_['get_get_msg_02'] = 'Invalid page request.';
 
 $_['check_path_msg_01'] = 'El directorio no existe: ';
 
@@ -77,7 +78,6 @@
 $_['show_img_msg_01'] = 'Imagen mostrada a ~';
 $_['show_img_msg_02'] = '% del tamaño (W x H =';
 
-$_['hash_h2']     = 'Generar una Cadena de Contraseña';
 $_['hash_txt_01'] = 'Existen dos formas de cambiar tu contraseña:';
 $_['hash_txt_02'] = '1) Cambiando la variable $PASSWORD y asignando $USE_HASH = 0 (cero).';
 $_['hash_txt_03'] = '2) O, usando $HASHWORD para almacenar tu contraseña, y luego asignar $USE_HASH = 1.';
@@ -96,7 +96,6 @@
 $_['hash_msg_01'] = 'Contraseña: ';
 $_['hash_msg_02'] = 'Cadena    : ';
 
-$_['login_h2']     = 'Iniciar sesión';
 $_['login_txt_01'] = 'Usuario:';
 $_['login_txt_02'] = 'Contraseña:';
 
@@ -140,7 +139,6 @@
 $_['edit_msg_02'] = 'bytes escritos.';
 $_['edit_msg_03'] = 'Ocurrió un error guardando el archivo.';
 
-$_['upload_h2']     = 'Subir Archivo';
 $_['upload_txt_01'] = 'por upload_max_filesize en php.ini.';
 $_['upload_txt_02'] = 'por post_max_size en php.ini';
 $_['upload_txt_03'] = 'Nota: El tamaño máximo de subida es de:';
@@ -163,7 +161,6 @@
 $_['upload_msg_05'] = '¡Subida satisfactoria!';
 $_['upload_msg_06'] = 'Subida fallida: ';
 
-$_['new_file_h2']     = 'Archivo Nuevo';
 $_['new_file_txt_01'] = 'Se creará un archivo nuevo en la carpeta actual.';
 $_['new_file_txt_02'] = 'Algunos caracteres inválidos son: ';
 
@@ -178,20 +175,18 @@
 $_['CRM_txt_02']  = 'Nombre antiguo:';
 $_['CRM_txt_03']  = 'Nuevo nombre:';
 
-$_['CRM_msg_01'] = 'Error - la localización padre no existe:';
-$_['CRM_msg_02'] = 'Error - el archivo inicial no existe:';
-$_['CRM_msg_03'] = 'Error - el archivo de objetivo no existe:';
-$_['CRM_msg_04'] = 'hacia';
+$_['CRM_msg_01']  = 'Error - la localización padre no existe:';
+$_['CRM_msg_02']  = 'Error - el archivo inicial no existe:';
+$_['CRM_msg_03']  = 'Error - el archivo de objetivo no existe:';
+$_['CRM_msg_04']  = 'hacia';
 $_['CRM_msg_05a'] = 'Error durante';
 $_['CRM_msg_05b'] = 'desde arriba a lo siguiente:';
 
-$_['delete_h2']     = 'Eliminar Archivo';
 $_['delete_txt_01'] = '¿Estás seguro?';
 
 $_['delete_msg_01'] = 'Archivo Eliminado:';
 $_['delete_msg_02'] = 'Error eliminando';
 
-$_['new_folder_h2']    = 'Nueva Carpeta';
 $_['new_folder_txt_1'] = 'La carpeta se creará dentro de la carpeta actual.';
 $_['new_folder_txt_2'] = 'Algunos caracteres inválidos son:';
 
@@ -202,7 +197,6 @@
 $_['new_folder_msg_05'] = 'Carpeta creada:';
 $_['new_folder_msg_06'] = 'Error - carpeta nueva no creada:';
 
-$_['delete_folder_h2']     = 'Eliminar Carpeta';
 $_['delete_folder_txt_01'] = '¿Estás seguro?';
 
 $_['delete_folder_msg_01'] = 'Carpeta no vacía.   Las carpetas deben estar vacías antes de ser eliminadas.';
@@ -210,15 +204,17 @@
 $_['delete_folder_msg_03'] = 'ocurrió un error eliminándola.';
 
 $_['page_title_login']      = 'Iniciar Sesión';
-$_['page_title_hash']       = 'Página de Cadena';
-$_['page_title_edit']       = 'Editar/Ver Archivo';
+$_['page_title_admin']      = 'Administration Options';
+$_['page_title_hash']       = 'Generar una Cadena de Contraseña';
+
+$_['page_title_edit']       = 'Editar / Ver Archivo';
 $_['page_title_upload']     = 'Subir Archivo';
 $_['page_title_new_file']   = 'Nuevo Archivo';
 $_['page_title_copy']       = 'Copiar Archivo';
-$_['page_title_ren']        = 'Renombrar Archivo';
+$_['page_title_ren']        = 'Renombrar  / Mover Archivo';
 $_['page_title_del']        = 'Eliminar Archivo';
 $_['page_title_folder_new'] = 'Nueva Carpeta';
-$_['page_title_folder_ren'] = 'Renombrar/Mover Carpeta';
+$_['page_title_folder_ren'] = 'Renombrar / Mover Carpeta';
 $_['page_title_folder_del'] = 'Eliminar Carpeta';
 
 $_['session_warning'] = 'Advertencia: ¡La sesión terminará pronto!';
@@ -236,3 +232,10 @@
 $_['edit_caution_02']  = 'Estás editando la copia activa de OneFileCMS - ¡HACÉ UNA COPIA DE SEGURIDAD Y TENÉ CUIDADO!';
 
 $_['time_out_txt'] = 'Tiempo de Espera de Sesión Agotado:';
+
+$_['error_reporting_01'] = 'Display errors is';
+$_['error_reporting_02'] = 'Log errors is';
+$_['error_reporting_03'] = 'Error reporting is set to';
+$_['error_reporting_04'] = 'Showing error types';
+$_['error_reporting_05'] = 'Unexpected early output';
+$_['error_reporting_06'] = '(nothing, not even white-space, should have been output yet)';
diff --git a/onefilecms.php b/onefilecms.php
index 98d4ea7..d4c323d 100755
--- a/onefilecms.php
+++ b/onefilecms.php
@@ -1,7 +1,7 @@
 <?php
 // OneFileCMS - github.com/Self-Evident/OneFileCMS
 
-$OFCMS_version = '3.3.10';
+$OFCMS_version = '3.3.11';
 
 /*******************************************************************************
 Copyright © 2009-2012 https://github.com/rocktronica
@@ -104,6 +104,9 @@
 //******************************************************************************
 //System values & setup
 
+//If there is one, include external config file. 
+if ( isset($config_file) && is_file($config_file) ) { include($config_file); }
+
 //Require PHP5.  Earliest version the author has for testing is 5.2.8 (50208)
 define('PHP_VERSION_ID_REQUIRED',50100);   //Ex: 5.1.23 is 50123
 define('PHP_VERSION_REQUIRED'  ,'5.1 + '); //Used in exit() message.
@@ -118,9 +121,6 @@
 
 $TO_WARNING = 120; //Seconds until $timeout_warning is displayed.
 
-//If there is one, include external config file. 
-if ( isset($config_file) && is_file($config_file) ) { include($config_file); }
-
 ini_set('session.gc_maxlifetime', $MAX_IDLE_TIME + 100); //in case the default is less.
 
 $ONESCRIPT = URLencode_path($_SERVER["SCRIPT_NAME"]);
@@ -157,7 +157,7 @@ function hte($input) { return htmlentities($input); }//end hte()****************
 
 function Default_Language() { // ***********************************************
 	global $_;
-// OneFileCMS Language Settings v3.3.07
+// OneFileCMS Language Settings v3.3.11
 
 $_['LANGUAGE'] = 'English (default)';
 
@@ -186,10 +186,10 @@ function Default_Language() { // ***********************************************
 
 $_['Upload_File'] = 'Upload File';
 $_['New_File']    = 'New File';
-$_['Ren_Move']    = 'Rename/Move';
-$_['Ren_Moved']   = 'Renamed/Moved';
+$_['Ren_Move']    = 'Rename / Move';
+$_['Ren_Moved']   = 'Renamed / Moved';
 $_['New_Folder']  = 'New Folder';
-$_['Ren_Folder']  = 'Rename/Move Folder';
+$_['Ren_Folder']  = 'Rename / Move Folder';
 $_['Del_Folder']  = 'Delete Folder';
 
 $_['Admin']  = 'Admin';
@@ -201,7 +201,7 @@ function Default_Language() { // ***********************************************
 $_['Create'] = 'Create';
 $_['Copy']   = 'Copy';
 $_['Copied'] = 'Copied';
-$_['Rename'] = 'Rename';
+$_['Rename'] = 'Rename / Move';
 $_['Delete'] = 'Delete';
 $_['DELETE'] = 'DELETE';
 $_['File']   = 'File';
@@ -226,6 +226,7 @@ function Default_Language() { // ***********************************************
 $_['verify_msg_02'] = 'INVALID POST';
 
 $_['get_get_msg_01'] = 'File does not exist:';
+$_['get_get_msg_02'] = 'Invalid page request.';
 
 $_['check_path_msg_01'] = 'Directory does not exist: ';
 
@@ -235,9 +236,6 @@ function Default_Language() { // ***********************************************
 $_['show_img_msg_01'] = 'Image shown at ~';
 $_['show_img_msg_02'] = '% of full size (W x H =';
 
-$_['admin_h2'] = 'Administration';
-
-$_['hash_h2']     = 'Generate a Password Hash';
 $_['hash_txt_01'] = 'There are two ways to change your OneFileCMS password:';
 $_['hash_txt_02'] = '1) Use the $PASSWORD config variable to store your desired password, and set $USE_HASH = 0 (zero).';
 $_['hash_txt_03'] = '2) Or, use $HASHWORD to store the hash of your password, and set $USE_HASH = 1.';
@@ -256,7 +254,6 @@ function Default_Language() { // ***********************************************
 $_['hash_msg_01'] = 'Password: ';
 $_['hash_msg_02'] = 'Hash    : ';
 
-$_['login_h2']     = 'Log In';
 $_['login_txt_01'] = 'Username:';
 $_['login_txt_02'] = 'Password:';
 
@@ -300,7 +297,6 @@ function Default_Language() { // ***********************************************
 $_['edit_msg_02'] = 'bytes written.';
 $_['edit_msg_03'] = 'There was an error saving file.';
 
-$_['upload_h2']     = 'Upload File';
 $_['upload_txt_01'] = 'per upload_max_filesize in php.ini.';
 $_['upload_txt_02'] = 'per post_max_size in php.ini';
 $_['upload_txt_03'] = 'Note: Maximum upload file size is:';
@@ -323,7 +319,6 @@ function Default_Language() { // ***********************************************
 $_['upload_msg_05'] = 'Upload successful!';
 $_['upload_msg_06'] = 'Upload failed:';
 
-$_['new_file_h2']     = 'New File';
 $_['new_file_txt_01'] = 'File will be created in the current folder.';
 $_['new_file_txt_02'] = 'Some invalid characters are: ';
 
@@ -345,13 +340,11 @@ function Default_Language() { // ***********************************************
 $_['CRM_msg_05a'] = 'Error during';
 $_['CRM_msg_05b'] = 'from the above to the following:';
 
-$_['delete_h2']     = 'Delete File';
 $_['delete_txt_01'] = 'Are you sure?';
 
 $_['delete_msg_01'] = 'Deleted file:';
 $_['delete_msg_02'] = 'Error deleting';
 
-$_['new_folder_h2']    = 'New Folder';
 $_['new_folder_txt_1'] = 'Folder will be created in the current folder.';
 $_['new_folder_txt_2'] = 'Some invalid characters are:';
 
@@ -362,7 +355,6 @@ function Default_Language() { // ***********************************************
 $_['new_folder_msg_05'] = 'Created folder:';
 $_['new_folder_msg_06'] = 'Error - new folder not created:';
 
-$_['delete_folder_h2']     = 'Delete Folder';
 $_['delete_folder_txt_01'] = 'Are you sure?';
 
 $_['delete_folder_msg_01'] = 'Folder not empty.   Folders must be empty before they can be deleted.';
@@ -370,16 +362,17 @@ function Default_Language() { // ***********************************************
 $_['delete_folder_msg_03'] = 'an error occurred during delete.';
 
 $_['page_title_login']      = 'Log In';
-$_['page_title_admin']      = 'Administration';
-$_['page_title_hash']       = 'Hash Page';
-$_['page_title_edit']       = 'Edit/View File';
+$_['page_title_admin']      = 'Administration Options';
+$_['page_title_hash']       = 'Generate a Password Hash';
+
+$_['page_title_edit']       = 'Edit / View File';
 $_['page_title_upload']     = 'Upload File';
 $_['page_title_new_file']   = 'New File';
 $_['page_title_copy']       = 'Copy File';
-$_['page_title_ren']        = 'Rename File';
+$_['page_title_ren']        = 'Rename / Move File';
 $_['page_title_del']        = 'Delete File';
 $_['page_title_folder_new'] = 'New Folder';
-$_['page_title_folder_ren'] = 'Rename/Move Folder';
+$_['page_title_folder_ren'] = 'Rename / Move Folder';
 $_['page_title_folder_del'] = 'Delete Folder';
 
 $_['session_warning'] = 'Warning: Session timeout soon!';
@@ -429,7 +422,7 @@ function Session_Startup() { //*************************************************
 	if ( !isset($_SESSION['valid']) ) { $_SESSION['valid'] = 0; }
 
 	//Logging in?
-	if ( isset($_POST["username"]) || isset($_POST["password"]) ) { Login_response(); }
+	if ( isset($_POST["username"]) && isset($_POST["password"]) ) { Login_response(); }
 
 	session_regenerate_id(true); //Helps prevent session fixation & hijacking.
 
@@ -447,7 +440,7 @@ function Verify_IDLE_POST_etc() { //********************************************
 	global $_, $EX, $message, $VALID_POST, $MAX_IDLE_TIME;
 
 	//Verify consistant user agent... (every little bit helps every little bit) 
-	if ( ($_SESSION['USER_AGENT'] != $_SERVER['HTTP_USER_AGENT']) ) { Logout(); }
+	if ( !isset($_SESSION['user_agent']) || ($_SESSION['user_agent'] != $_SERVER['HTTP_USER_AGENT']) ) { Logout(); }
 
 	//Check idle time
  	if ( isset($_SESSION['last_active_time']) ) {
@@ -603,23 +596,39 @@ function strip_array($var) {
 
 function Get_GET() { //*** Get main parameters *********************************
 	// i=some/path/,  f=somefile.xyz,  p=somepage
-	global $_, $ipath, $filename, $page, $valid_pages, $param1, $param2, $param3, $message, $EX;
+	// $ipath      ,  $filename     ,  $page
+	// Get_GET() should not be called unless $_SESSION['valid'] == 1
+	global $_, $ipath, $filename, $page, $valid_pages, $param1, $param2, $param3, $EX, $message;
+
+	//Initialize & validate $ipath
+	if (isset($_GET["i"])) { $ipath = Check_path($_GET["i"]); } else { $ipath = ""; }
+
+	//Initialize & validate $filename
+	if (isset($_GET["f"])) { $filename = $ipath.$_GET["f"]; } else { $filename = ""; }
+	if ( ($filename != "") && !is_file($filename)  ) {
+		$message .= $EX.'<b>'.hsc($_['get_get_msg_01']).'</b> ';
+		$message .= hte(dirname($filename)).'/<b>'.hte(basename($filename)).'</b><br>';
+		$filename = "";
+	}
 
-	if (isset($_GET["i"])) { $ipath = Check_path($_GET["i"]); }else{ $ipath = ""; }
+	//Initialize & validate $page
+	if (isset($_GET["p"])) { $page = $_GET["p"]; } else { $page = "index"; }
+	if (!in_array(strtolower($page), $valid_pages)) { 
+		$message .= $EX.$_['get_get_msg_02'];
+		$page = "index";  //If invalid $_GET["p"]
+	}
 
-	if (isset($_GET["f"])) {
-		$filename = $ipath.$_GET["f"];
-		if ( !is_file($filename) && $_SESSION['valid'] )//Set $message except for login page.
-			{ $message .= $EX.'<b>'.hsc($_['get_get_msg_01']).'</b> '.hte($filename).'<br>'; }
-		if ( !is_file($filename) ) { $filename = ""; $page = "index"; }
-	}else{ $filename = ""; }
+	//Pages that require a valid $filename
+	$file_pages = array("edit", "rename", "copy", "delete");
 
-	if (isset($_GET["p"])) { $page = $_GET["p"]; } 
-	if (!in_array(strtolower($page), $valid_pages)) { $page = "index"; }
+	//Make sure $filename & $page go together
+	if ( ($filename != "") && !in_array($page, $file_pages) ) { $filename = "";  }
+	if ( ($filename == "") &&  in_array($page, $file_pages) ) { $page = "index"; }
 
-	$param1 = '?i='.URLencode_path($ipath);
-	if ($filename == "") { $param2 = ""; }else{ $param2 = '&amp;f='.rawurlencode(basename($filename)); }
-	if ($page == ""    ) { $param3 = ""; }else{ $param3 = '&amp;p='.$page; }
+	//Init $param's used in <a> href's & <form> actions
+	$param1 = '?i='.URLencode_path($ipath); //$param1 must not be blank.
+	if ($filename == "") { $param2 = ""; } else { $param2 = '&amp;f='.rawurlencode(basename($filename)); }
+	if ($page == ""    ) { $param3 = ""; } else { $param3 = '&amp;p='.$page; }
 }//end Get_GET()****************************************************************
 
 
@@ -656,13 +665,15 @@ function Check_path($path) { // returns first valid path in some/supplied/path/
 
 	if (strlen($path) < 1) { return ""; } //If at site root
 	else {
-		if (!is_dir($path) && (strlen($message) < 1))
-			{ $message .= $EX.'<b>'.hsc($_['check_path_msg_01']).'</b>'.hte($invalidpath).'<br>'; }
-
+		if (!is_dir($path) && (strlen($message) < 1)) {
+			$message .= $EX.'<b>'.hsc($_['check_path_msg_01']).'</b>';
+			$message .= hte(dirname($invalidpath)).'/<b>'.hte(basename($invalidpath)).'</b><br>';
+		}
+		
 		while ( (strlen($path) > 0) && (!is_dir($path)) ) {
 			$path = dirname($path);
 		}
-
+		
 		$path = $path.'/';
 		if ($path == './') { $path = ""; } // ./ means path not found, so clear for root.
 	}
@@ -1073,17 +1084,21 @@ function Admin_Page() { //******************************************************
 
 	$edit_params = '?i='.URLencode_path(dirname($ONESCRIPT)).'&amp;f='.rawurlencode(basename($ONESCRIPT)).'&amp;p=edit';
 ?>
-	<h2><?php echo hsc($_['admin_h2']) ?></h2>
-<span class="admin_buttons">
+	<h2><?php echo hsc($_['page_title_admin']) ?></h2>
+
+	<span class="admin_buttons">
 	<input type="button" class="button" id="cancel"    value="<?php echo hsc($_['Close']) ?>"
 		onclick="parent.location = '<?php echo $ONESCRIPT.$param1.$params ?>'">
 
 	<input type="button" class="button" id="hash"      value="<?php echo hsc('Hash Page') ?>"
 		onclick="parent.location = '<?php echo $ONESCRIPT.$param1.'&amp;p=hash' ?>'">
 
+
+
+
 	<input type="button" class="button" id="editOFCMS" value="<?php echo hsc($_['Edit'].' '.$config_title) ?>"
 		onclick="parent.location = '<?php echo $ONESCRIPT.$edit_params ?>'">
-</span>
+	</span>
 <?php
 	echo '<script>document.getElementById("cancel").focus();</script>';
 return;
@@ -1097,10 +1112,9 @@ function Hash_Page() { //******************************************************
 
 	if (!isset($_POST['whattohash'])) { $_POST['whattohash'] = ''; }
 ?>
-	<style>#message {font-family: courier; min-height: 3.1em;}
-	li {margin-left: 2em}</style>
+	<style>#message {font-family: courier; min-height: 3.1em;}</style>
 
-	<h2><?php echo hsc($_['hash_h2']) ?></h2>
+	<h2><?php echo hsc($_['page_title_hash']) ?></h2>
 	
 	<form id="hash" name="hash" method="post" action="<?php echo $ONESCRIPT.$param1.'&amp;p=hash'; ?>">
 		<?php echo $INPUT_NUONCE; ?>
@@ -1140,6 +1154,10 @@ function Hash_Page() { //******************************************************
 function Hash_response() { //***************************************************
 	global $_, $message;
 	$_POST['whattohash'] = trim($_POST['whattohash']); // trim leading & trailing spaces.
+
+	//Ignore/don't hash empty string - passwords can't be blank.
+	if ($_POST['whattohash'] == "") { return; }
+
 	$message .= hsc($_['hash_msg_01']).' '.hsc($_POST['whattohash']).'<br>';
 	$message .= hsc($_['hash_msg_02']).hashit($_POST["whattohash"]).'<br>'; //NO SPACE between msg_02 & hash!
 } //end Hash_response() ********************************************************
@@ -1165,7 +1183,7 @@ function Logout() { //**********************************************************
 function Login_Page() { //******************************************************
 	global $_, $ONESCRIPT, $message;
 ?>
-	<h2><?php echo hsc($_['login_h2']) ?></h2>
+	<h2><?php echo hsc($_['page_title_login']) ?></h2>
 	<form method="post" action="<?php echo $ONESCRIPT; ?>">
 		<label for="username"><?php echo hsc($_['login_txt_01']) ?></label>
 		<input type="text" name="username" id="username" class="login_input" >
@@ -1197,23 +1215,26 @@ function Login_response() { //**************************************************
 	if ($attempts > 0) { $message .= '<b>'.hsc($_['login_msg_01a']).' '.$attempts.' '.hsc($_['login_msg_01b']).'</b><br>'; }
 
 	if ( ($attempts >= $MAX_ATTEMPTS) && ($elapsed < $LOGIN_DELAY) ){
-		$message .= hsc($_['login_msg_02a']).' '.Timeout_Timer(($LOGIN_DELAY - $elapsed), 'timer0', '', '').' '.hsc($_['login_msg_02b']);
+		$message .= hsc($_['login_msg_02a']).' ';
+		$message .= Timeout_Timer(($LOGIN_DELAY - $elapsed), 'timer0', '', '');
+		$message .= ' '.hsc($_['login_msg_02b']);
 		return;
 	}
 
 	//Trim any incidental leading or trailing spaces before validating.
-	$_POST['password'] = trim($_POST['password'],' ');
-	$_POST['username'] = trim($_POST['username'],' ');
+	$_POST['password'] = trim($_POST['password']);
+	$_POST['username'] = trim($_POST['username']);
 
 	//Validate password
 	if ($USE_HASH) { $VALID_PASSWORD = (hashit($_POST['password']) == $HASHWORD); }
 	else           { $VALID_PASSWORD = (       $_POST['password']  == $PASSWORD); }
 
 	//validate login.  
-	if ( ($_POST['password'] == "") && ($_POST['username'] == "") )  { ; //Ignore attempt if username & password are blank.
+	if ( ($_POST['password'] == "") || ($_POST['username'] == "") )  {
+		; //Ignore attempt if either username OR password is blank.
 	}elseif ( $VALID_PASSWORD && ($_POST['username'] == $USERNAME) ) {
 		session_regenerate_id(true);
-		$_SESSION['USER_AGENT'] = $_SERVER['HTTP_USER_AGENT']; //for user consistancy check.
+		$_SESSION['user_agent'] = $_SERVER['HTTP_USER_AGENT']; //for user consistancy check.
 		$_SESSION['valid'] = 1;
 		$page = "index";
 		if ( is_file($LOGIN_ATTEMPTS) ) { unlink($LOGIN_ATTEMPTS); } //delete invalid attempts count file
@@ -1221,7 +1242,9 @@ function Login_response() { //**************************************************
 		file_put_contents($LOGIN_ATTEMPTS, ++$attempts); //increment & save attempt
 		$message  = $EX.'<b>'.hsc($_['login_msg_03']).$attempts.'</b><br>';
 		if ($attempts >= $MAX_ATTEMPTS) {
-			$message .= hsc($_['login_msg_02a']).' '.Timeout_Timer($LOGIN_DELAY, 'timer0', '', '').' '.hsc($_['login_msg_02b']);
+			$message .= hsc($_['login_msg_02a']).' ';
+			$message .= Timeout_Timer($LOGIN_DELAY, 'timer0', '', '');
+			$message .= ' '.hsc($_['login_msg_02b']);
 		}
 	}
 }//end Login_response() //******************************************************
@@ -1532,7 +1555,7 @@ function shorthand_to_int($SHORTHAND){ //*******************
 	if ($UMF <= $PMS){ $MAX_FILE_SIZE = $UMF; $max_msg = $upload_max_filesize.' '.hsc($_['upload_txt_01']); }
 	else             { $MAX_FILE_SIZE = $PMS; $max_msg = $post_max_size      .' '.hsc($_['upload_txt_02']); }
 ?>
-	<h2><?php echo hsc($_['upload_h2']) ?></h2>
+	<h2><?php echo hsc($_['page_title_upload']) ?></h2>
 	<p><?php echo hsc($_['upload_txt_03']).$max_msg; ?></p>
 	<form enctype="multipart/form-data" action="<?php echo $ONESCRIPT.$param1; ?>&amp;p=uploaded" method="post">
 		<?php echo $INPUT_NUONCE; ?>
@@ -1588,7 +1611,7 @@ function Upload_response() { //*************************************************
 function New_File_Page() { //***************************************************
 	global $_, $FORM_COMMON, $INVALID_CHARS;
 ?>
-	<h2><?php echo hsc($_['new_file_h2']) ?></h2>
+	<h2><?php echo hsc($_['page_title_new_file']) ?></h2>
 	<?php echo $FORM_COMMON ?>
 		<p><?php echo hsc($_['new_file_txt_01']).' '.hsc($_['new_file_txt_02']) ?>
 		<span class="mono"><?php echo hte($INVALID_CHARS) ?></span></p>
@@ -1742,7 +1765,7 @@ function Copy_Ren_Move_response($old_name, $new_name, $action, $msg1, $msg2, $is
 function Delete_File_Page() { //************************************************
 	global $_, $filename, $FORM_COMMON;
 ?>
-	<h2><?php echo hsc($_['delete_h2']) ?></h2>
+	<h2><?php echo hsc($_['page_title_del']) ?></h2>
 	<?php echo $FORM_COMMON ?>
 		<input type="hidden" name="delete_file" value="<?php echo hsc($filename); ?>" >
 		<p class="verify"><?php echo hte(basename($filename)); ?></p>
@@ -1775,7 +1798,7 @@ function Delete_File_response(){ //*********************************************
 function New_Folder_Page() { //*************************************************
 	global $_, $FORM_COMMON, $INVALID_CHARS;
 ?>
-	<h2><?php echo hsc($_['new_folder_h2']) ?></h2>
+	<h2><?php echo hsc($_['page_title_folder_new']) ?></h2>
 	<?php echo $FORM_COMMON ?>
 		<p><?php echo hsc($_['new_folder_txt_1']) ?>
 		<?php echo hsc($_['new_folder_txt_2']) ?> <span class="mono"><?php echo hte($INVALID_CHARS) ?></span></p>
@@ -1826,7 +1849,7 @@ function New_Folder_response(){ //**********************************************
 function Delete_Folder_Page(){ //***********************************************
 	global $_, $WEB_ROOT, $ipath, $FORM_COMMON;
 ?>
-	<h2><?php echo hsc($_['delete_folder_h2']) ?></h2>
+	<h2><?php echo hsc($_['page_title_folder_del']) ?></h2>
 	<?php echo $FORM_COMMON ?>
 		<input type="hidden" name="delete_folder" value="<?php echo hsc($ipath); ?>" >
 		<p>
@@ -2196,6 +2219,8 @@ function style_sheet(){ //******************************************************
 h1,h2,h3,h4,h5,h6 { font-weight: bold; }
 h2, h3 { font-size: 1.2em; margin: .5em 1em .5em 0; } /*TRBL*/
 
+li { margin-left: 2em }
+
 i, em     { font-style : italic; }
 b, strong { font-weight: bold;   }
 
@@ -2560,7 +2585,6 @@ function Language_and_config_adjusted_styles() {//******************************
 //******************************************************************************
 //Begin logic to determine page action
 
-
 Default_Language(); // Load Default Language settings
 
 //If specified in config, check for & load external $LANGUAGE_FILE
@@ -2583,15 +2607,13 @@ function Language_and_config_adjusted_styles() {//******************************
 
 	Respond_to_POST();
 
-	//*** Verify valid $page and/or $filename ********
+	//*** Verify $page prerequisites *****************
 
 	//Don't load login screen when already in a valid session.
-	if     ( $page == "login" )  { $page = "index"; }
-
-	//Don't load edit page if $filename doesn't exist.
-	elseif ( ($page == "edit")  && !is_file($filename) ) { $page = "index"; }
+	//'valid' may change after Respond_to_POST()
+	if     ( ($page == "login") && $_SESSION['valid'] )  { $page = "index"; } 
 
-	elseif ($page == "logout") {
+	elseif ( $page == "logout" ) {
 		Logout();
 		$message .= hsc($_['logout_msg']); }
 
@@ -2601,7 +2623,7 @@ function Language_and_config_adjusted_styles() {//******************************
 		$page = "index";}
 
 	//if size of $_POST > post_max_size, PHP only returns empty $_POST & $_FILE arrays.
-	elseif ($page == "uploaded" && !$VALID_POST){
+	elseif ( ($page == "uploaded") && !$VALID_POST ) {
 		$message .= $EX.'<b> '.hsc($_['upload_error_01a']).' '.ini_get('post_max_size').'</b> '.hsc($_['upload_error_01b']).'';
 		$page = "index";}
 
@@ -2611,7 +2633,7 @@ function Language_and_config_adjusted_styles() {//******************************
 		$message .= '<style>#message p {background: red; color: white;}</style>';
 		$message .= $EX.'<b>'.hsc($_['edit_caution_01']).' '.$EX.hsc($_['edit_caution_02']).'</b><br>';
 	}
-	//end verify $page and/or $filename **************
+	//end Verify $page prerequisites *****************
 
 	Update_Recent_Pages();
 

From 4c590b8a0861b58d34a3db11d05ce7b5d84c54c3 Mon Sep 17 00:00:00 2001
From: Self-Evident <selfevidenttruths@mail.com>
Date: Fri, 10 Aug 2012 00:00:00 -0400
Subject: [PATCH 129/228] Version 3.3.12 Added Change_Password_Page(). Added
 Change_Password_response(). Added changepw to list of valid_pages[]. Added
 changepw as option in Page_Title(), Load_Selected_Page(). Added
 $_['page_title_change_pw']. Added check for $_POST["new_pw1"] in
 Respond_to_POST(). Added & adjusted some css for p/w page. Changed text on
 Hash page:   Reworded $_['hash_txt_01']   Removed  _02 thru _05, _13, _14  
 Added p/w rules (same as on p/w page) Added language strings for admin page. 
  (In general, reworded text from hash page.)   $_['hash_txt_03'] is now
 $_['admin_txt_08']   $_['hash_txt_13'] is now $_['admin_txt_16']  
 $_['hash_txt_14'] is now $_['admin_txt_14'] Added Search_Replace_Line(): used
 to update password. Admin page: Added some general info, & link to p/w page.
 Timeout_Timer(): added default values for a couple parameters. Added & moved
 check for $Show_header_and_Admin to page logic section. Load_Selected_Page():
 Explicitly added if $page == index... Load_Selected_Page(): if $page unknown,
 default is now Login (was index). Added hsc() around several $_[] strings
 that needed it. hte(): added htmlentities() parameters: ENT_QUOTES, 'UTF-8'

---
 OneFileCMS.LANG.DE.php   |  65 +++--
 OneFileCMS.LANG.EN.php   | 515 +++++++++++++++++++++------------------
 OneFileCMS.LANG.ES.php   |  61 +++--
 OneFileCMS_structure.txt |   5 +-
 onefilecms.php           | 311 ++++++++++++++++++-----
 readme.markdown          |  14 +-
 6 files changed, 635 insertions(+), 336 deletions(-)

diff --git a/OneFileCMS.LANG.DE.php b/OneFileCMS.LANG.DE.php
index 8c66682..8ea6082 100755
--- a/OneFileCMS.LANG.DE.php
+++ b/OneFileCMS.LANG.DE.php
@@ -1,8 +1,8 @@
 <?php
-// OneFileCMS Language Settings v3.3.11
-//
-$_['LANGUAGE'] = 'Deutsch';
+// OneFileCMS Language Settings v3.3.12
 
+$_['LANGUAGE'] = 'Deutsch'; //***** There are several new values without translations. (in English) *****
+                            //***** Also, some values are no longer used and are commented out. *********
 //Übersetzungen:
 //==============
 //Move=Verschieben ;Directory or Folder=Ordner ;Create=erstellen ;Log In=anmelden
@@ -77,12 +77,12 @@
 
 $_['show_img_msg_01'] = 'Die Bilddarstellung entspricht ~';
 $_['show_img_msg_02'] = '% der wahren Größe (W x H = ';
-
-$_['hash_txt_01'] = 'Es gibt zwei Wege, wie Sie Ihr OneFileCMS-Passwort ändern können:';
-$_['hash_txt_02'] = '1) Verwenden Sie die Konfigurationsvariable $PASSWORD, um Ihr gewünschtes Passwort zu speichern. In diesem Fall sollte $USE_HASH auf 0 gesetzt werden.';
-$_['hash_txt_03'] = '2) Oder Sie verwenden die Konfigurationsvariable $HASHWORD, um den Streuwert Ihres Passwortes zu speichern. Setzen Sie $USE_HASH in diesem Fall auf 1.';
-$_['hash_txt_04'] = 'Bitte denken Sie daran, dass es sich hierbei großteils um eine akademische übung handelt. Die Verwendung eines Streuwerts trägt viel zur Sicherheit bei und erlaubt Ihnen, das Passwort nicht in Klarschrift speichern zu müssen.';
-$_['hash_txt_05'] = 'Um die $HASHWORD Option verwenden zu können:';
+// 'hash_txt_01' has changed - need translation. ***************************************************
+$_['hash_txt_01'] = 'The hashes generated by this page may be used to manually update $HASHWORD in OneFileCMS, or in an external config file.  In either case, make sure you remember the password used to generate the hash!';
+//$_['hash_txt_02'] = '1) Verwenden Sie die Konfigurationsvariable $PASSWORD, um Ihr gewünschtes Passwort zu speichern. In diesem Fall sollte $USE_HASH auf 0 gesetzt werden.';
+//$_['hash_txt_03'] = '2) Oder Sie verwenden die Konfigurationsvariable $HASHWORD, um den Streuwert Ihres Passwortes zu speichern. Setzen Sie $USE_HASH in diesem Fall auf 1.';
+//$_['hash_txt_04'] = 'Bitte denken Sie daran, dass es sich hierbei großteils um eine akademische übung handelt. Die Verwendung eines Streuwerts trägt viel zur Sicherheit bei und erlaubt Ihnen, das Passwort nicht in Klarschrift speichern zu müssen.';
+//$_['hash_txt_05'] = 'Um die $HASHWORD Option verwenden zu können:';
 $_['hash_txt_06'] = 'Tippen Sie das gewünschte Passwort in das Eingabefeld und drücken Sie Enter.';
 $_['hash_txt_07'] = 'Der Streuwert wird in einer gelben Box überhalb angezeigt werden.';
 $_['hash_txt_08'] = 'Kopieren Sie den neuen Streuwert und fügen Sie ihn in den Konfigurationsbereich als Wert der Variable $HASHWORD ein.';
@@ -90,14 +90,38 @@
 $_['hash_txt_10'] = 'Ein Doppelklick sollte den Streuwert auswählen...';
 $_['hash_txt_11'] = 'Stellen Sie sicher, dass $USE_HASH auf 1 oder true gesetzt wurde.';
 $_['hash_txt_12'] = 'Wenn die Werte eingetragen wurden, melden Sie sich ab und wieder an.';
-$_['hash_txt_13'] = 'Sie können auch OneFileCMS selbst bearbeiten.  Legen Sie aber sicherheitshalber eine Kopie an, falls es zu einem unerwünschten Schreibfehler kommt...';
-$_['hash_txt_14'] = 'Eine weitere, kleine Sicherheitsvorkehrung wäre, das Salz oder die Methode für die Streuwertgenerierung von OneFileCMS zu ändern.';
+//$_['hash_txt_13'] = 'Sie können auch OneFileCMS selbst bearbeiten.  Legen Sie aber sicherheitshalber eine Kopie an, falls es zu einem unerwünschten Schreibfehler kommt...';
+//$_['hash_txt_14'] = 'Eine weitere, kleine Sicherheitsvorkehrung wäre, das Salz oder die Methode für die Streuwertgenerierung von OneFileCMS zu ändern.';
 
 $_['hash_msg_01'] = 'Passwort: ';
 $_['hash_msg_02'] = 'Streuwert: ';
-
+// New text - need translation *********************************************************************
+$_['pw_change']  = 'Change Password';
+$_['pw_current'] = 'Current Password';
+$_['pw_new']     = 'New Password';
+$_['pw_confirm'] = 'Confirm New Password';
+
+$_['pw_txt_01']  = 'Password rules:';
+$_['pw_txt_02']  = 'They must contain at least one non-space character.';
+$_['pw_txt_03']  = 'They may contain spaces in the middle. Ex: "This is a password!"';
+$_['pw_txt_04']  = 'Leading and trailing spaces are removed.';
+$_['pw_txt_05']  = 'Pressing [Change Password] will update the following config values as indicated:';
+$_['pw_txt_06']  = 'Update $HASHWORD with the hash of your new password.';
+$_['pw_txt_07']  = 'Set $USE_HASH = 1';
+$_['pw_txt_08']  = 'Set $PASSWORD = "" (empty)';
+$_['pw_txt_09']  = 'Only the active copy of OneFileCMS is updated- no external configuration files are changed:';
+$_['pw_txt_10']  = 'If an incorrect current password is entered, you will be logged out, but you may log back in.';
+
+$_['change_pw_01'] = 'Password NOT changed:';
+$_['change_pw_02'] = 'Incorrect current password. Login to try again.';
+$_['change_pw_03'] = 'Login to try again.';
+$_['change_pw_04'] = '"New" and "Confirm New" passwords do not match.';
+$_['change_pw_05'] = 'No new or confirm passwords entered.';
+$_['change_pw_06'] = 'Passwords must contain at least one non-space character.';
+$_['change_pw_07'] = 'Password changed!';
+//**************************************************************************************************
 $_['login_txt_01'] = 'Benutzername:';
-$_['login_txt_02'] = 'Password:';
+$_['login_txt_02'] = 'Passwort:';
 
 $_['login_msg_01a'] = 'Es wurden ';
 $_['login_msg_01b'] = ' ungültige Anmeldversuche gezählt.';
@@ -204,9 +228,9 @@
 $_['delete_folder_msg_03'] = 'während des Löschvorgangs trat ein Fehler auf.';
 
 $_['page_title_login']      = 'Anmelden';
-$_['page_title_admin']      = 'Administration Options';
-$_['page_title_hash']       = 'Hash Page';
-
+$_['page_title_admin']      = 'Administration Options'; // Need translation ************************
+$_['page_title_hash']       = 'Streuwertgenerierung für das Passwort';
+$_['page_title_change_pw']  = 'Change Password';        // Need translation ************************
 $_['page_title_edit']       = 'Datei bearbeiten/betrachten';
 $_['page_title_upload']     = 'Datei heraufladen';
 $_['page_title_new_file']   = 'Neue Datei';
@@ -239,3 +263,12 @@
 $_['error_reporting_04'] = 'Showing error types';
 $_['error_reporting_05'] = 'Unexpected early output';
 $_['error_reporting_06'] = '(nothing, not even white-space, should have been output yet)';
+//******************************************* Need Translations ************************************
+$_['admin_txt_02'] = 'General Information';
+$_['admin_txt_04'] = 'OneFileCMS can manage your password in two ways:';
+$_['admin_txt_06'] = '1) Use $PASSWORD to store your desired password, in plain text, and set $USE_HASH = 0 (zero).';
+$_['admin_txt_08'] = '2) Oder Sie verwenden die Konfigurationsvariable $HASHWORD, um den Streuwert Ihres Passwortes zu speichern. Setzen Sie $USE_HASH in diesem Fall auf 1.';
+$_['admin_txt_10'] = '($PASSWORD, $USE_HASH, and $HASHWORD, are variables in the configuration section of the OneFileCMS source file.)';
+$_['admin_txt_12'] = 'Option 2 is recommended, and is method used by the [Change Password] page. However, keep in mind that, due to a number of considerations, this is largely an academic excersize. That is, take the idea that it adds much of an improvement to security with a grain of cryptographic salt. Never-the-less, it does eliminate the storage of your password in plain text, which is generally considered to be a good thing.';
+$_['admin_txt_14'] = 'Eine weitere, kleine Sicherheitsvorkehrung wäre, das Salz oder die Methode für die Streuwertgenerierung von OneFileCMS zu ändern.';
+$_['admin_txt_16'] = 'Sie können auch OneFileCMS selbst bearbeiten.  Legen Sie aber sicherheitshalber eine Kopie an, falls es zu einem unerwünschten Schreibfehler kommt...';
diff --git a/OneFileCMS.LANG.EN.php b/OneFileCMS.LANG.EN.php
index 030af74..3814da4 100755
--- a/OneFileCMS.LANG.EN.php
+++ b/OneFileCMS.LANG.EN.php
@@ -1,241 +1,274 @@
-<?php
-// OneFileCMS Language Settings v3.3.11
-
-$_['LANGUAGE'] = 'English';
-
-// These are the default values included directly in onefilecms.php.
-//
-// If no translation or value is desired for a particular setting, do not delete
-// the actual setting variable, just set it to an empty string.
-// For example:  $_['some_unused_setting'] = '';
-//
-// Remember to slash-escape any single quotes that may be within a value:  \'
-// The back-slash itself, if to be part of the text to display, may or may not
-// also need to be escaped:  \\
-
-
-// In some instances, some langauges may use significantly longer words or phrases than others.
-// So, a smaller font or less spacing may be desirable in those places to preserve page layout.
-//
-$_['front_links_font_size'] =  '1em'; //Buttons on Index page.
-$_['front_links_margin_R']  =  '1em';
-$_['button_font_size']      = '.9em'; //Buttons on Edit page.
-$_['button_margin_L']       = '.5em';
-$_['button_padding']        = '4px 10px';
-$_['image_info_font_size']  =  '1em'; //show_img_msg_01  &  _02 
-$_['image_info_pos']        = ''; //If 1 or true, moves the info down a line for more space.
-
-
-$_['Upload_File'] = 'Upload File';
-$_['New_File']    = 'New File';
-$_['Ren_Move']    = 'Rename / Move';
-$_['Ren_Moved']   = 'Renamed / Moved';
-$_['New_Folder']  = 'New Folder';
-$_['Ren_Folder']  = 'Rename / Move Folder';
-$_['Del_Folder']  = 'Delete Folder';
-
-$_['Admin']  = 'Admin';
-$_['Enter']  = 'Enter';
-$_['Edit']   = 'Edit';
-$_['Close']  = 'Close';
-$_['Cancel'] = 'Cancel';
-$_['Upload'] = 'Upload';
-$_['Create'] = 'Create';
-$_['Copy']   = 'Copy';
-$_['Copied'] = 'Copied';
-$_['Rename'] = 'Rename / Move';
-$_['Delete'] = 'Delete';
-$_['DELETE'] = 'DELETE';
-$_['File']   = 'File';
-$_['Folder'] = 'Folder';
-
-$_['Log_In']  = 'Log In';
-$_['Log_Out'] = 'Log Out';
-
-$_['Hash']    = 'Hash';
-$_['pass_to_hash']  = 'Password to hash:';
-$_['Generate_Hash'] = 'Generate Hash';
-
-$_['save_1']      = 'Save';
-$_['save_2']      = 'SAVE CHANGES!';
-$_['reset']       = 'Reset - loose changes';
-$_['Wide_View']   = 'Wide View';
-$_['Normal_View'] = 'Normal View';
-
-$_['on_']      = 'on';
-
-$_['verify_msg_01'] = 'Session expired.';
-$_['verify_msg_02'] = 'INVALID POST';
-
-$_['get_get_msg_01'] = 'File does not exist:';
-$_['get_get_msg_02'] = 'Invalid page request.';
-
-$_['check_path_msg_01'] = 'Directory does not exist: ';
-
-$_['ord_msg_01'] = 'A file with that name already exists in the target directory.';
-$_['ord_msg_02'] = 'Saving as';
-
-$_['show_img_msg_01'] = 'Image shown at ~';
-$_['show_img_msg_02'] = '% of full size (W x H =';
-
-$_['hash_txt_01'] = 'There are two ways to change your OneFileCMS password:';
-$_['hash_txt_02'] = '1) Use the $PASSWORD config variable to store your desired password, and set $USE_HASH = 0 (zero).';
-$_['hash_txt_03'] = '2) Or, use $HASHWORD to store the hash of your password, and set $USE_HASH = 1.';
-$_['hash_txt_04'] = 'Keep in mind that due to a number of widely varied considerations, this is largely an academic excersize. That is, take the idea that this adds much of an improvement to security with a grain of cryptographic salt.	However, it does eleminate the storage of your password in plain text, which is a good thing.';
-$_['hash_txt_05'] = 'Anyway, to use the $HASHWORD password option:';
-$_['hash_txt_06'] = 'Type your desired password in the input field above and hit Enter.';
-$_['hash_txt_07'] = 'The hash will be displayed in a yellow message box above that.';
-$_['hash_txt_08'] = 'Copy and paste the new hash to the $HASHWORD variable in the config section.';
-$_['hash_txt_09'] = 'Make sure to copy ALL of, and ONLY, the hash (no leading or trailing spaces etc).';
-$_['hash_txt_10'] = 'A double-click should select it...';
-$_['hash_txt_11'] = 'Make sure $USE_HASH is set to 1 (or true).';
-$_['hash_txt_12'] = 'When ready, logout and login.';
-$_['hash_txt_13'] = 'You can use OneFileCMS to edit itself.  However, be sure to have a backup ready for the inevitable ytpo...';
-$_['hash_txt_14'] = 'For another small improvement to security, change the default salt and/or method used by OneFileCMS to hash the password (and keep \'em secret, of course).  Remever, every little bit helps...';
-
-$_['hash_msg_01'] = 'Password: ';
-$_['hash_msg_02'] = 'Hash    : ';
-
-$_['login_txt_01'] = 'Username:';
-$_['login_txt_02'] = 'Password:';
-
-$_['login_msg_01a'] = 'There have been ';
-$_['login_msg_01b'] = 'invalid login attempts.';
-$_['login_msg_02a'] = 'Please wait';
-$_['login_msg_02b'] = 'seconds to try again.';
-$_['login_msg_03']  = 'INVALID LOGIN ATTEMPT #';
-
-$_['edit_note_00']  = 'NOTES:';
-$_['edit_note_01a'] = 'Remember- your';
-$_['edit_note_01b'] = 'is';
-$_['edit_note_02']  = 'So save changes before the clock runs out, or the changes will be lost!';
-$_['edit_note_03']  = 'With some browsers, such as Chrome, if you click the browser [Back] then browser [Forward], the file state may not be accurate.  To correct, click the browser\'s [Reload].';
-$_['edit_note_04']  = 'Chrome may disable some javascript in a page if the page even appears to contain inline javascript in certain contexts.  This can affect some features of the OneFileCMS edit page when editing files that legitimately contain such code, such as OneFileCMS itself.  However, such files can still be edited and saved with OneFileCMS.  The primary function lost is the incidental change of background colors (red/green) indicating whether or not the file has unsaved changes.  The issue will be noticed after the first save of such a file.';
-
-$_['edit_h2_1']   = 'Viewing:';
-$_['edit_h2_2']   = 'Editing:';
-$_['edit_txt_01'] = 'Non-text or unkown file type. Edit disabled.';
-$_['edit_txt_02'] = 'File possibly contains an invalid character. Edit and view disabled.';
-$_['edit_txt_03'] = 'htmlspecialchars() returned an empty string from what may be an otherwise valid file.';
-$_['edit_txt_04'] = 'This behavior can be inconsistant from version to version of php.';
-
-$_['too_large_to_edit_01a'] = 'Edit disabled. Filesize >';
-$_['too_large_to_edit_01b'] = 'bytes.';
-$_['too_large_to_edit_02']  = 'Some browsers (ie: IE) bog down or become unstable while editing a large file in an HTML <textarea>.';
-$_['too_large_to_edit_03']  = 'Adjust $MAX_EDIT_SIZE in the configuration section of OneFileCMS as needed.';
-$_['too_large_to_edit_04']  = 'A simple trial and error test can determine a practical limit for a given browser/computer.';
-
-$_['too_large_to_view_01a'] = 'View disabled. Filesize >';
-$_['too_large_to_view_01b'] = 'bytes.';
-$_['too_large_to_view_02']  = 'Click the file name above to view as normally rendered in a browser window.';
-$_['too_large_to_view_03']  = 'Adjust $MAX_VIEW_SIZE in the configuration section of OneFileCMS as needed.';
-$_['too_large_to_view_04']  = '(The default value for $MAX_VIEW_SIZE is completely arbitrary, and may be adjusted as desired.)';
-
-$_['meta_txt_01'] = 'Filesize:';
-$_['meta_txt_02'] = 'bytes.';
-$_['meta_txt_03'] = 'Updated:';
-
-$_['edit_msg_01'] = 'File saved:';
-$_['edit_msg_02'] = 'bytes written.';
-$_['edit_msg_03'] = 'There was an error saving file.';
-
-$_['upload_txt_01'] = 'per upload_max_filesize in php.ini.';
-$_['upload_txt_02'] = 'per post_max_size in php.ini';
-$_['upload_txt_03'] = 'Note: Maximum upload file size is:';
-
-$_['upload_err_01a'] = 'Error 1: File too large.';
-$_['upload_err_01b'] = '(From php.ini)';
-$_['upload_err_02a'] = 'Error 2: File too large.';
-$_['upload_err_02b'] = '(From OneFileCMS)';
-$_['upload_err_03']  = 'Error 3: The uploaded file was only partially uploaded.';
-$_['upload_err_04']  = 'Error 4: No file was uploaded.';
-$_['upload_err_05']  = 'Error 5:';
-$_['upload_err_06']  = 'Error 6: Missing a temporary folder.';
-$_['upload_err_07']  = 'Error 7: Failed to write file to disk.';
-$_['upload_err_08']  = 'Error 8: A PHP extension stopped the file upload.';
-
-$_['upload_msg_01'] = 'No file selected for upload.';
-$_['upload_msg_02'] = 'Destination folder does not exist: ';
-$_['upload_msg_03'] = 'Upload cancelled.';
-$_['upload_msg_04'] = 'Uploading:';
-$_['upload_msg_05'] = 'Upload successful!';
-$_['upload_msg_06'] = 'Upload failed:';
-
-$_['new_file_txt_01'] = 'File will be created in the current folder.';
-$_['new_file_txt_02'] = 'Some invalid characters are: ';
-
-$_['new_file_msg_01'] = 'New file not created:';
-$_['new_file_msg_02'] = 'Name contains invalid character(s):';
-$_['new_file_msg_03'] = 'New file not created - no name given';
-$_['new_file_msg_04'] = 'File already exists:';
-$_['new_file_msg_05'] = 'Created file:';
-$_['new_file_msg_06'] = 'Error - new file not created:';
-
-$_['CRM_txt_01']  = 'To move a file or folder, change the path/to/folder/or_file. The new location must already exist.';
-$_['CRM_txt_02']  = 'Old name:';
-$_['CRM_txt_03']  = 'New name:';
-
-$_['CRM_msg_01']  = 'Error - new parent location does not exist:';
-$_['CRM_msg_02']  = 'Error - source file does not exist:';
-$_['CRM_msg_03']  = 'Error - target filename already exists:';
-$_['CRM_msg_04']  = 'to';
-$_['CRM_msg_05a'] = 'Error during';
-$_['CRM_msg_05b'] = 'from the above to the following:';
-
-$_['delete_txt_01'] = 'Are you sure?';
-
-$_['delete_msg_01'] = 'Deleted file:';
-$_['delete_msg_02'] = 'Error deleting';
-
-$_['new_folder_txt_1'] = 'Folder will be created in the current folder.';
-$_['new_folder_txt_2'] = 'Some invalid characters are:';
-
-$_['new_folder_msg_01'] = 'New folder not created:';
-$_['new_folder_msg_02'] = 'Name contains invalid character(s):';
-$_['new_folder_msg_03'] = 'New folder not created - no name given.';
-$_['new_folder_msg_04'] = 'Folder already exists:';
-$_['new_folder_msg_05'] = 'Created folder:';
-$_['new_folder_msg_06'] = 'Error - new folder not created:';
-
-$_['delete_folder_txt_01'] = 'Are you sure?';
-
-$_['delete_folder_msg_01'] = 'Folder not empty.   Folders must be empty before they can be deleted.';
-$_['delete_folder_msg_02'] = 'Deleted folder:';
-$_['delete_folder_msg_03'] = 'an error occurred during delete.';
-
-$_['page_title_login']      = 'Log In';
-$_['page_title_admin']      = 'Administration Options';
-$_['page_title_hash']       = 'Generate a Password Hash';
-
-$_['page_title_edit']       = 'Edit / View File';
-$_['page_title_upload']     = 'Upload File';
-$_['page_title_new_file']   = 'New File';
-$_['page_title_copy']       = 'Copy File';
-$_['page_title_ren']        = 'Rename / Move File';
-$_['page_title_del']        = 'Delete File';
-$_['page_title_folder_new'] = 'New Folder';
-$_['page_title_folder_ren'] = 'Rename / Move Folder';
-$_['page_title_folder_del'] = 'Delete Folder';
-
-$_['session_warning'] = 'Warning: Session timeout soon!';
-$_['session_expired'] = 'SESSION EXPIRED';
-$_['unload_unsaved']  = '               Unsaved changes will be lost!';
-$_['confirm_reset']   = 'Reset file and loose unsaved changes?';
-
-$_['OFCMS_requires']  = 'OneFileCMS requires PHP';
-
-$_['logout_msg']       = 'You have successfully logged out.';
-$_['folder_del_msg']   = 'Folder not empty.   Folders must be empty before they can be deleted.';
-$_['upload_error_01a'] = 'Upload Error.  Total POST data (mostly filesize) exceeded post_max_size =';
-$_['upload_error_01b'] = '(from php.ini)';
-$_['edit_caution_01']  = 'CAUTION';
-$_['edit_caution_02']  = 'You are editing the active copy of OneFileCMS - BACK IT UP & BE CAREFUL !!';
-
-$_['time_out_txt'] = 'Session time out in:';
-
-$_['error_reporting_01'] = 'Display errors is';
-$_['error_reporting_02'] = 'Log errors is';
-$_['error_reporting_03'] = 'Error reporting is set to';
-$_['error_reporting_04'] = 'Showing error types';
-$_['error_reporting_05'] = 'Unexpected early output';
-$_['error_reporting_06'] = '(nothing, not even white-space, should have been output yet)';
+<?php
+// OneFileCMS Language Settings v3.3.12  //*** A few values are no longer used and are commented out. ***
+
+$_['LANGUAGE'] = 'English';
+
+// These are the default values included directly in onefilecms.php.
+//
+// If no translation or value is desired for a particular setting, do not delete
+// the actual setting variable, just set it to an empty string.
+// For example:  $_['some_unused_setting'] = '';
+//
+// Remember to slash-escape any single quotes that may be within a value:  \'
+// The back-slash itself, if to be part of the text to display, may or may not
+// also need to be escaped:  \\
+
+
+// In some instances, some langauges may use significantly longer words or phrases than others.
+// So, a smaller font or less spacing may be desirable in those places to preserve page layout.
+//
+$_['front_links_font_size'] =  '1em'; //Buttons on Index page.
+$_['front_links_margin_R']  =  '1em';
+$_['button_font_size']      = '.9em'; //Buttons on Edit page.
+$_['button_margin_L']       = '.5em';
+$_['button_padding']        = '4px 10px';
+$_['image_info_font_size']  =  '1em'; //show_img_msg_01  &  _02 
+$_['image_info_pos']        = ''; //If 1 or true, moves the info down a line for more space.
+
+
+$_['Upload_File'] = 'Upload File';
+$_['New_File']    = 'New File';
+$_['Ren_Move']    = 'Rename / Move';
+$_['Ren_Moved']   = 'Renamed / Moved';
+$_['New_Folder']  = 'New Folder';
+$_['Ren_Folder']  = 'Rename / Move Folder';
+$_['Del_Folder']  = 'Delete Folder';
+
+$_['Admin']  = 'Admin';
+$_['Enter']  = 'Enter';
+$_['Edit']   = 'Edit';
+$_['Close']  = 'Close';
+$_['Cancel'] = 'Cancel';
+$_['Upload'] = 'Upload';
+$_['Create'] = 'Create';
+$_['Copy']   = 'Copy';
+$_['Copied'] = 'Copied';
+$_['Rename'] = 'Rename / Move';
+$_['Delete'] = 'Delete';
+$_['DELETE'] = 'DELETE';
+$_['File']   = 'File';
+$_['Folder'] = 'Folder';
+
+$_['Log_In']  = 'Log In';
+$_['Log_Out'] = 'Log Out';
+
+$_['Hash']    = 'Hash';
+$_['pass_to_hash']  = 'Password to hash:';
+$_['Generate_Hash'] = 'Generate Hash';
+
+$_['save_1']      = 'Save';
+$_['save_2']      = 'SAVE CHANGES!';
+$_['reset']       = 'Reset - loose changes';
+$_['Wide_View']   = 'Wide View';
+$_['Normal_View'] = 'Normal View';
+
+$_['on_']      = 'on';
+
+$_['verify_msg_01'] = 'Session expired.';
+$_['verify_msg_02'] = 'INVALID POST';
+
+$_['get_get_msg_01'] = 'File does not exist:';
+$_['get_get_msg_02'] = 'Invalid page request:';
+
+$_['check_path_msg_01'] = 'Directory does not exist: ';
+
+$_['ord_msg_01'] = 'A file with that name already exists in the target directory.';
+$_['ord_msg_02'] = 'Saving as';
+
+$_['show_img_msg_01'] = 'Image shown at ~';
+$_['show_img_msg_02'] = '% of full size (W x H =';
+
+$_['hash_txt_01'] = 'The hashes generated by this page may be used to manually update $HASHWORD in OneFileCMS, or in an external config file.  In either case, make sure you remember the password used to generate the hash!';
+//$_['hash_txt_02'] = '1) Use the $PASSWORD config variable to store your desired password, and set $USE_HASH = 0 (zero).';
+//$_['hash_txt_03'] = '2) Or, use $HASHWORD to store the hash of your password, and set $USE_HASH = 1.';
+//$_['hash_txt_04'] = 'Keep in mind that due to a number of widely varied considerations, this is largely an academic excersize. That is, take the idea that this adds much of an improvement to security with a grain of cryptographic salt.	However, it does eleminate the storage of your password in plain text, which is a good thing.';
+//$_['hash_txt_05'] = 'Anyway, to use the $HASHWORD password option:';
+$_['hash_txt_06'] = 'Type your desired password in the input field above and hit Enter.';
+$_['hash_txt_07'] = 'The hash will be displayed in a yellow message box above that.';
+$_['hash_txt_08'] = 'Copy and paste the new hash to the $HASHWORD variable in the config section.';
+$_['hash_txt_09'] = 'Make sure to copy ALL of, and ONLY, the hash (no leading or trailing spaces etc).';
+$_['hash_txt_10'] = 'A double-click should select it...';
+$_['hash_txt_11'] = 'Make sure $USE_HASH is set to 1 (or true).';
+$_['hash_txt_12'] = 'When ready, logout and login.';
+//$_['hash_txt_13'] = 'You can use OneFileCMS to edit itself.  However, be sure to have a backup ready for the inevitable ytpo...';
+//$_['hash_txt_14'] = 'For another small improvement to security, change the default salt and/or method used by OneFileCMS to hash the password (and keep \'em secret, of course).  Remever, every little bit helps...';
+
+$_['hash_msg_01'] = 'Password: ';
+$_['hash_msg_02'] = 'Hash    : ';
+
+$_['pw_change']  = 'Change Password';
+$_['pw_current'] = 'Current Password';
+$_['pw_new']     = 'New Password';
+$_['pw_confirm'] = 'Confirm New Password';
+
+$_['pw_txt_01']  = 'Password rules:';
+$_['pw_txt_02']  = 'They must contain at least one non-space character.';
+$_['pw_txt_03']  = 'They may contain spaces in the middle. Ex: "This is a password!"';
+$_['pw_txt_04']  = 'Leading and trailing spaces are removed.';
+$_['pw_txt_05']  = 'Pressing [Change Password] will update the following config values as indicated:';
+$_['pw_txt_06']  = 'Update $HASHWORD with the hash of your new password.';
+$_['pw_txt_07']  = 'Set $USE_HASH = 1';
+$_['pw_txt_08']  = 'Set $PASSWORD = "" (empty)';
+$_['pw_txt_09']  = 'Only the active copy of OneFileCMS is updated- no external configuration files are changed:';
+$_['pw_txt_10']  = 'If an incorrect current password is entered, you will be logged out, but you may log back in.';
+
+$_['change_pw_01'] = 'Password NOT changed:';
+$_['change_pw_02'] = 'Incorrect current password. Login to try again.';
+$_['change_pw_03'] = 'Login to try again.';
+$_['change_pw_04'] = '"New" and "Confirm New" passwords do not match.';
+$_['change_pw_05'] = 'No new or confirm passwords entered.';
+$_['change_pw_06'] = 'Passwords must contain at least one non-space character.';
+$_['change_pw_07'] = 'Password changed!';
+
+$_['login_txt_01'] = 'Username:';
+$_['login_txt_02'] = 'Password:';
+
+$_['login_msg_01a'] = 'There have been ';
+$_['login_msg_01b'] = 'invalid login attempts.';
+$_['login_msg_02a'] = 'Please wait';
+$_['login_msg_02b'] = 'seconds to try again.';
+$_['login_msg_03']  = 'INVALID LOGIN ATTEMPT #';
+
+$_['edit_note_00']  = 'NOTES:';
+$_['edit_note_01a'] = 'Remember- your';
+$_['edit_note_01b'] = 'is';
+$_['edit_note_02']  = 'So save changes before the clock runs out, or the changes will be lost!';
+$_['edit_note_03']  = 'With some browsers, such as Chrome, if you click the browser [Back] then browser [Forward], the file state may not be accurate.  To correct, click the browser\'s [Reload].';
+$_['edit_note_04']  = 'Chrome may disable some javascript in a page if the page even appears to contain inline javascript in certain contexts.  This can affect some features of the OneFileCMS edit page when editing files that legitimately contain such code, such as OneFileCMS itself.  However, such files can still be edited and saved with OneFileCMS.  The primary function lost is the incidental change of background colors (red/green) indicating whether or not the file has unsaved changes.  The issue will be noticed after the first save of such a file.';
+
+$_['edit_h2_1']   = 'Viewing:';
+$_['edit_h2_2']   = 'Editing:';
+$_['edit_txt_01'] = 'Non-text or unkown file type. Edit disabled.';
+$_['edit_txt_02'] = 'File possibly contains an invalid character. Edit and view disabled.';
+$_['edit_txt_03'] = 'htmlspecialchars() returned an empty string from what may be an otherwise valid file.';
+$_['edit_txt_04'] = 'This behavior can be inconsistant from version to version of php.';
+
+$_['too_large_to_edit_01a'] = 'Edit disabled. Filesize >';
+$_['too_large_to_edit_01b'] = 'bytes.';
+$_['too_large_to_edit_02']  = 'Some browsers (ie: IE) bog down or become unstable while editing a large file in an HTML <textarea>.';
+$_['too_large_to_edit_03']  = 'Adjust $MAX_EDIT_SIZE in the configuration section of OneFileCMS as needed.';
+$_['too_large_to_edit_04']  = 'A simple trial and error test can determine a practical limit for a given browser/computer.';
+
+$_['too_large_to_view_01a'] = 'View disabled. Filesize >';
+$_['too_large_to_view_01b'] = 'bytes.';
+$_['too_large_to_view_02']  = 'Click the file name above to view as normally rendered in a browser window.';
+$_['too_large_to_view_03']  = 'Adjust $MAX_VIEW_SIZE in the configuration section of OneFileCMS as needed.';
+$_['too_large_to_view_04']  = '(The default value for $MAX_VIEW_SIZE is completely arbitrary, and may be adjusted as desired.)';
+
+$_['meta_txt_01'] = 'Filesize:';
+$_['meta_txt_02'] = 'bytes.';
+$_['meta_txt_03'] = 'Updated:';
+
+$_['edit_msg_01'] = 'File saved:';
+$_['edit_msg_02'] = 'bytes written.';
+$_['edit_msg_03'] = 'There was an error saving file.';
+
+$_['upload_txt_01'] = 'per upload_max_filesize in php.ini.';
+$_['upload_txt_02'] = 'per post_max_size in php.ini';
+$_['upload_txt_03'] = 'Note: Maximum upload file size is:';
+
+$_['upload_err_01a'] = 'Error 1: File too large.';
+$_['upload_err_01b'] = '(From php.ini)';
+$_['upload_err_02a'] = 'Error 2: File too large.';
+$_['upload_err_02b'] = '(From OneFileCMS)';
+$_['upload_err_03']  = 'Error 3: The uploaded file was only partially uploaded.';
+$_['upload_err_04']  = 'Error 4: No file was uploaded.';
+$_['upload_err_05']  = 'Error 5:';
+$_['upload_err_06']  = 'Error 6: Missing a temporary folder.';
+$_['upload_err_07']  = 'Error 7: Failed to write file to disk.';
+$_['upload_err_08']  = 'Error 8: A PHP extension stopped the file upload.';
+
+$_['upload_msg_01'] = 'No file selected for upload.';
+$_['upload_msg_02'] = 'Destination folder does not exist: ';
+$_['upload_msg_03'] = 'Upload cancelled.';
+$_['upload_msg_04'] = 'Uploading:';
+$_['upload_msg_05'] = 'Upload successful!';
+$_['upload_msg_06'] = 'Upload failed:';
+
+$_['new_file_txt_01'] = 'File will be created in the current folder.';
+$_['new_file_txt_02'] = 'Some invalid characters are: ';
+
+$_['new_file_msg_01'] = 'New file not created:';
+$_['new_file_msg_02'] = 'Name contains invalid character(s):';
+$_['new_file_msg_03'] = 'New file not created - no name given';
+$_['new_file_msg_04'] = 'File already exists:';
+$_['new_file_msg_05'] = 'Created file:';
+$_['new_file_msg_06'] = 'Error - new file not created:';
+
+$_['CRM_txt_01']  = 'To move a file or folder, change the path/to/folder/or_file. The new location must already exist.';
+$_['CRM_txt_02']  = 'Old name:';
+$_['CRM_txt_03']  = 'New name:';
+
+$_['CRM_msg_01']  = 'Error - new parent location does not exist:';
+$_['CRM_msg_02']  = 'Error - source file does not exist:';
+$_['CRM_msg_03']  = 'Error - target filename already exists:';
+$_['CRM_msg_04']  = 'to';
+$_['CRM_msg_05a'] = 'Error during';
+$_['CRM_msg_05b'] = 'from the above to the following:';
+
+$_['delete_txt_01'] = 'Are you sure?';
+
+$_['delete_msg_01'] = 'Deleted file:';
+$_['delete_msg_02'] = 'Error deleting';
+
+$_['new_folder_txt_1'] = 'Folder will be created in the current folder.';
+$_['new_folder_txt_2'] = 'Some invalid characters are:';
+
+$_['new_folder_msg_01'] = 'New folder not created:';
+$_['new_folder_msg_02'] = 'Name contains invalid character(s):';
+$_['new_folder_msg_03'] = 'New folder not created - no name given.';
+$_['new_folder_msg_04'] = 'Folder already exists:';
+$_['new_folder_msg_05'] = 'Created folder:';
+$_['new_folder_msg_06'] = 'Error - new folder not created:';
+
+$_['delete_folder_txt_01'] = 'Are you sure?';
+
+$_['delete_folder_msg_01'] = 'Folder not empty.   Folders must be empty before they can be deleted.';
+$_['delete_folder_msg_02'] = 'Deleted folder:';
+$_['delete_folder_msg_03'] = 'an error occurred during delete.';
+
+$_['page_title_login']      = 'Log In';
+$_['page_title_admin']      = 'Administration Options';
+$_['page_title_hash']       = 'Generate a Password Hash';
+$_['page_title_change_pw']  = 'Change Password';
+$_['page_title_edit']       = 'Edit / View File';
+$_['page_title_upload']     = 'Upload File';
+$_['page_title_new_file']   = 'New File';
+$_['page_title_copy']       = 'Copy File';
+$_['page_title_ren']        = 'Rename / Move File';
+$_['page_title_del']        = 'Delete File';
+$_['page_title_folder_new'] = 'New Folder';
+$_['page_title_folder_ren'] = 'Rename / Move Folder';
+$_['page_title_folder_del'] = 'Delete Folder';
+
+$_['session_warning'] = 'Warning: Session timeout soon!';
+$_['session_expired'] = 'SESSION EXPIRED';
+$_['unload_unsaved']  = '               Unsaved changes will be lost!';
+$_['confirm_reset']   = 'Reset file and loose unsaved changes?';
+
+$_['OFCMS_requires']  = 'OneFileCMS requires PHP';
+
+$_['logout_msg']       = 'You have successfully logged out.';
+$_['folder_del_msg']   = 'Folder not empty.   Folders must be empty before they can be deleted.';
+$_['upload_error_01a'] = 'Upload Error.  Total POST data (mostly filesize) exceeded post_max_size =';
+$_['upload_error_01b'] = '(from php.ini)';
+$_['edit_caution_01']  = 'CAUTION';
+$_['edit_caution_02']  = 'You are editing the active copy of OneFileCMS - BACK IT UP & BE CAREFUL !!';
+
+$_['time_out_txt'] = 'Session time out in:';
+
+$_['error_reporting_01'] = 'Display errors is';
+$_['error_reporting_02'] = 'Log errors is';
+$_['error_reporting_03'] = 'Error reporting is set to';
+$_['error_reporting_04'] = 'Showing error types';
+$_['error_reporting_05'] = 'Unexpected early output';
+$_['error_reporting_06'] = '(nothing, not even white-space, should have been output yet)';
+
+$_['admin_txt_02'] = 'General Information';
+$_['admin_txt_04'] = 'OneFileCMS can manage your password in two ways:';
+$_['admin_txt_06'] = '1) Use $PASSWORD to store your desired password, in plain text, and set $USE_HASH = 0 (zero).';
+$_['admin_txt_08'] = '2) Or, use $HASHWORD to store the hash of your password, and set $USE_HASH = 1.';
+$_['admin_txt_10'] = '($PASSWORD, $USE_HASH, and $HASHWORD, are variables in the configuration section of the OneFileCMS source file.)';
+$_['admin_txt_12'] = 'Option 2 is recommended, and is method used by the [Change Password] page. However, keep in mind that, due to a number of considerations, this is largely an academic excersize. That is, take the idea that it adds much of an improvement to security with a grain of cryptographic salt. Never-the-less, it does eliminate the storage of your password in plain text, which is generally considered to be a good thing.';
+$_['admin_txt_14'] = 'For another small improvement to security, change the default salt and/or method used by OneFileCMS to hash the password (and keep them secret, of course). Every little bit helps...';
+$_['admin_txt_16'] = 'You can use OneFileCMS to edit itself, such as to update $PASSWORD or $HASHWORD. However, be sure to have a backup ready for the inevitable ytpo...';
diff --git a/OneFileCMS.LANG.ES.php b/OneFileCMS.LANG.ES.php
index 2024edb..61c9840 100755
--- a/OneFileCMS.LANG.ES.php
+++ b/OneFileCMS.LANG.ES.php
@@ -1,8 +1,8 @@
 <?php
-// OneFileCMS Language Settings v3.3.11
-
-$_['LANGUAGE'] = 'Espanõla';
+// OneFileCMS Language Settings v3.3.12
 
+$_['LANGUAGE'] = 'Espanõla';//***** There are several new values without translations. (in English) *****
+                            //***** Also, some values are no longer used and are commented out. *********
 //
 //
 // If no translation or value is desired for a particular setting, do not delete
@@ -77,12 +77,12 @@
 
 $_['show_img_msg_01'] = 'Imagen mostrada a ~';
 $_['show_img_msg_02'] = '% del tamaño (W x H =';
-
-$_['hash_txt_01'] = 'Existen dos formas de cambiar tu contraseña:';
-$_['hash_txt_02'] = '1) Cambiando la variable $PASSWORD y asignando $USE_HASH = 0 (cero).';
-$_['hash_txt_03'] = '2) O, usando $HASHWORD para almacenar tu contraseña, y luego asignar $USE_HASH = 1.';
-$_['hash_txt_04'] = 'Tenga en cuenta que, debido a una serie de consideraciones muy variadas, esto es en gran parte un ejercicio académico. Es decir, tomar la idea de que esta es una gran mejora a la seguridad con un granito de sal de criptografía. Sin embargo, sí elimina el almacenamiento de la contraseña en texto plano, lo cual es algo bueno.';
-$_['hash_txt_05'] = 'Igualmente, para usar la opción de contraseña $HASHWORD:';
+// 'hash_txt_01' has changed - need translation. ***************************************************
+$_['hash_txt_01'] = 'The hashes generated by this page may be used to manually update $HASHWORD in OneFileCMS, or in an external config file.  In either case, make sure you remember the password used to generate the hash!';
+//$_['hash_txt_02'] = '1) Cambiando la variable $PASSWORD y asignando $USE_HASH = 0 (cero).';
+//$_['hash_txt_03'] = '2) O, usando $HASHWORD para almacenar tu contraseña, y luego asignar $USE_HASH = 1.';
+//$_['hash_txt_04'] = 'Tenga en cuenta que, debido a una serie de consideraciones muy variadas, esto es en gran parte un ejercicio académico. Es decir, tomar la idea de que esta es una gran mejora a la seguridad con un granito de sal de criptografía. Sin embargo, sí elimina el almacenamiento de la contraseña en texto plano, lo cual es algo bueno.';
+//$_['hash_txt_05'] = 'Igualmente, para usar la opción de contraseña $HASHWORD:';
 $_['hash_txt_06'] = 'Ingresá la contraseña que quieras en la caja de texto siguiente y presioná enter.';
 $_['hash_txt_07'] = 'La cadena se mostrará en un mensaje amarillo.';
 $_['hash_txt_08'] = 'Copiá y pegá esa cadena a la variable $HASHWORD en la sección de configuración.';
@@ -90,12 +90,36 @@
 $_['hash_txt_10'] = 'Haciendo doble click debería seleccionarlo...';
 $_['hash_txt_11'] = 'Asegurate de que $USE_HASH sea 1 (o true).';
 $_['hash_txt_12'] = 'Cuando estés listo, deslogueate y volvé a loguearte.';
-$_['hash_txt_13'] = 'Podés usar OneFileCMS para editarlo. Sin embargo, asegurate de hacer un backup...';
-$_['hash_txt_14'] = 'Para otro tip de seguridad, cambiá la llave de seguridad y/o el método usado por OneFileCMS para almacenar la clave (y mantenelo en secreto, obviamente).  Acordate, cada granito ayuda...';
+//$_['hash_txt_13'] = 'Podés usar OneFileCMS para editarlo. Sin embargo, asegurate de hacer un backup...';
+//$_['hash_txt_14'] = 'Para otro tip de seguridad, cambiá la llave de seguridad y/o el método usado por OneFileCMS para almacenar la clave (y mantenelo en secreto, obviamente).  Acordate, cada granito ayuda...';
 
 $_['hash_msg_01'] = 'Contraseña: ';
 $_['hash_msg_02'] = 'Cadena    : ';
-
+// New text - need translation *********************************************************************
+$_['pw_change']  = 'Change Password';
+$_['pw_current'] = 'Current Password';
+$_['pw_new']     = 'New Password';
+$_['pw_confirm'] = 'Confirm New Password';
+
+$_['pw_txt_01']  = 'Password rules:';
+$_['pw_txt_02']  = 'They must contain at least one non-space character.';
+$_['pw_txt_03']  = 'They may contain spaces in the middle. Ex: "This is a password!"';
+$_['pw_txt_04']  = 'Leading and trailing spaces are removed.';
+$_['pw_txt_05']  = 'Pressing [Change Password] will update the following config values as indicated:';
+$_['pw_txt_06']  = 'Update $HASHWORD with the hash of your new password.';
+$_['pw_txt_07']  = 'Set $USE_HASH = 1';
+$_['pw_txt_08']  = 'Set $PASSWORD = "" (empty)';
+$_['pw_txt_09']  = 'Only the active copy of OneFileCMS is updated- no external configuration files are changed:';
+$_['pw_txt_10']  = 'If an incorrect current password is entered, you will be logged out, but you may log back in.';
+
+$_['change_pw_01'] = 'Password NOT changed:';
+$_['change_pw_02'] = 'Incorrect current password. Login to try again.';
+$_['change_pw_03'] = 'Login to try again.';
+$_['change_pw_04'] = '"New" and "Confirm New" passwords do not match.';
+$_['change_pw_05'] = 'No new or confirm passwords entered.';
+$_['change_pw_06'] = 'Passwords must contain at least one non-space character.';
+$_['change_pw_07'] = 'Password changed!';
+//**************************************************************************************************
 $_['login_txt_01'] = 'Usuario:';
 $_['login_txt_02'] = 'Contraseña:';
 
@@ -204,9 +228,9 @@
 $_['delete_folder_msg_03'] = 'ocurrió un error eliminándola.';
 
 $_['page_title_login']      = 'Iniciar Sesión';
-$_['page_title_admin']      = 'Administration Options';
+$_['page_title_admin']      = 'Administration Options'; // Need translation ************************
 $_['page_title_hash']       = 'Generar una Cadena de Contraseña';
-
+$_['page_title_change_pw']  = 'Change Password';        // Need translation ************************
 $_['page_title_edit']       = 'Editar / Ver Archivo';
 $_['page_title_upload']     = 'Subir Archivo';
 $_['page_title_new_file']   = 'Nuevo Archivo';
@@ -239,3 +263,12 @@
 $_['error_reporting_04'] = 'Showing error types';
 $_['error_reporting_05'] = 'Unexpected early output';
 $_['error_reporting_06'] = '(nothing, not even white-space, should have been output yet)';
+//******************************************* Need Translations ************************************
+$_['admin_txt_02'] = 'General Information';
+$_['admin_txt_04'] = 'OneFileCMS can manage your password in two ways:';
+$_['admin_txt_06'] = '1) Use $PASSWORD to store your desired password, in plain text, and set $USE_HASH = 0 (zero).';
+$_['admin_txt_08'] = '2) O, usando $HASHWORD para almacenar tu contraseña, y luego asignar $USE_HASH = 1.';
+$_['admin_txt_10'] = '($PASSWORD, $USE_HASH, and $HASHWORD, are variables in the configuration section of the OneFileCMS source file.)';
+$_['admin_txt_12'] = 'Option 2 is recommended, and is method used by the [Change Password] page. However, keep in mind that, due to a number of considerations, this is largely an academic excersize. That is, take the idea that it adds much of an improvement to security with a grain of cryptographic salt. Never-the-less, it does eliminate the storage of your password in plain text, which is generally considered to be a good thing.';
+$_['admin_txt_14'] = 'Para otro tip de seguridad, cambiá la llave de seguridad y/o el método usado por OneFileCMS para almacenar la clave (y mantenelo en secreto, obviamente).  Acordate, cada granito ayuda...';
+$_['admin_txt_16'] = 'Podés usar OneFileCMS para editarlo. Sin embargo, asegurate de hacer un backup...';
diff --git a/OneFileCMS_structure.txt b/OneFileCMS_structure.txt
index ede01a6..429ae3b 100755
--- a/OneFileCMS_structure.txt
+++ b/OneFileCMS_structure.txt
@@ -1,4 +1,4 @@
-Version 3.3.10
+Version 3.3.12
 
 LICENSE
 
@@ -24,6 +24,7 @@ MISC FUNCTIONS:
 	Check_path()
 	is_empty()
 	ordinalize()
+	Search_Replace_Line()
 
 PAGE CHUNK FUNCTIONS
 	Current_Path_Header()
@@ -61,6 +62,8 @@ PAGE & RESPONSE FUNCTIONS:
 	Admin_Page()
 	Hash_Page()
 	Hash_Page_response()
+	Change_Password_Page()
+	Change_Password_response()
 	Logout()
 	Login_Page()
 	Login_Page_response()
diff --git a/onefilecms.php b/onefilecms.php
index d4c323d..a981cb1 100755
--- a/onefilecms.php
+++ b/onefilecms.php
@@ -1,7 +1,7 @@
 <?php
 // OneFileCMS - github.com/Self-Evident/OneFileCMS
 
-$OFCMS_version = '3.3.11';
+$OFCMS_version = '3.3.12';
 
 /*******************************************************************************
 Copyright © 2009-2012 https://github.com/rocktronica
@@ -51,9 +51,9 @@
 
 $USERNAME = 'username';
 
-$PASSWORD = 'password'; //If using $HASHWORD, you may leave this value empty.
-$USE_HASH = 0 ; // If = 0, use $PASSWORD. If = 1, use $HASHWORD. 
-$HASHWORD = 'a6ca7f88bd5efc706d38047cc5844d2b11f86242c01e0c89a1c656dbe2dd1866'; //hash for "password"
+$PASSWORD = '';
+$USE_HASH = 1; // 1 = use $HASHWORD, 0 = use $PASSWORD.
+$HASHWORD = "a6ca7f88bd5efc706d38047cc5844d2b11f86242c01e0c89a1c656dbe2dd1866"; //hash for "password"
 $SALT     = 'somerandomsalt';
 
 //$LANGUAGE_FILE = "OneFileCMS.LANG.EN.php"; //Filename of language settings. Leave blank for built-in default.
@@ -63,7 +63,6 @@
 $LOGIN_DELAY   = 10;  //In seconds.
 $MAX_IDLE_TIME = 600; //In seconds. 600 = 10 minutes.  Other PHP settings may limit its max effective value.
 					  //  For instance, 24 minutes is the PHP default for garbage collection.
-
 $MAIN_WIDTH    = '810px'; //Width of main <div> defining page layout.
 $WIDE_VIEW_WIDTH = '97%'; //Width to set Edit page if [Wide View] is clicked
 
@@ -129,7 +128,7 @@
 $WEBSITE   = $_SERVER["HTTP_HOST"].'/';
 $LOGIN_ATTEMPTS = $DOC_ROOT.trim($_SERVER["SCRIPT_NAME"],'/').'.invalid_login_attempts';
 
-$valid_pages = array("admin", "hash", "login","logout","index","edit","upload","uploaded","newfile","copy","rename","delete","newfolder","renamefolder","deletefolder" );
+$valid_pages = array("login","logout","admin","hash","changepw","index","edit","upload","uploaded","newfile","copy","rename","delete","newfolder","renamefolder","deletefolder" );
 
 $INVALID_CHARS = '< > ? * : " | / \\'; //Illegal characters for file/folder names.
 $INVALID_CHARS_array = explode(' ', $INVALID_CHARS); // (Space deliminated)
@@ -150,14 +149,14 @@
 
 
 function hsc($input) { return htmlspecialchars($input, ENT_QUOTES, 'UTF-8'); }// end hsc() **********
-function hte($input) { return htmlentities($input); }//end hte()****************
+function hte($input) { return htmlentities($input, ENT_QUOTES, 'UTF-8'); }//end hte()****************
 
 
 
 
 function Default_Language() { // ***********************************************
 	global $_;
-// OneFileCMS Language Settings v3.3.11
+// OneFileCMS Language Settings v3.3.12
 
 $_['LANGUAGE'] = 'English (default)';
 
@@ -226,7 +225,7 @@ function Default_Language() { // ***********************************************
 $_['verify_msg_02'] = 'INVALID POST';
 
 $_['get_get_msg_01'] = 'File does not exist:';
-$_['get_get_msg_02'] = 'Invalid page request.';
+$_['get_get_msg_02'] = 'Invalid page request:';
 
 $_['check_path_msg_01'] = 'Directory does not exist: ';
 
@@ -236,11 +235,11 @@ function Default_Language() { // ***********************************************
 $_['show_img_msg_01'] = 'Image shown at ~';
 $_['show_img_msg_02'] = '% of full size (W x H =';
 
-$_['hash_txt_01'] = 'There are two ways to change your OneFileCMS password:';
-$_['hash_txt_02'] = '1) Use the $PASSWORD config variable to store your desired password, and set $USE_HASH = 0 (zero).';
-$_['hash_txt_03'] = '2) Or, use $HASHWORD to store the hash of your password, and set $USE_HASH = 1.';
-$_['hash_txt_04'] = 'Keep in mind that due to a number of widely varied considerations, this is largely an academic excersize. That is, take the idea that this adds much of an improvement to security with a grain of cryptographic salt.	However, it does eleminate the storage of your password in plain text, which is a good thing.';
-$_['hash_txt_05'] = 'Anyway, to use the $HASHWORD password option:';
+$_['hash_txt_01'] = 'The hashes generated by this page may be used to manually update $HASHWORD in OneFileCMS, or in an external config file.  In either case, make sure you remember the password used to generate the hash!';
+
+
+
+
 $_['hash_txt_06'] = 'Type your desired password in the input field above and hit Enter.';
 $_['hash_txt_07'] = 'The hash will be displayed in a yellow message box above that.';
 $_['hash_txt_08'] = 'Copy and paste the new hash to the $HASHWORD variable in the config section.';
@@ -248,12 +247,36 @@ function Default_Language() { // ***********************************************
 $_['hash_txt_10'] = 'A double-click should select it...';
 $_['hash_txt_11'] = 'Make sure $USE_HASH is set to 1 (or true).';
 $_['hash_txt_12'] = 'When ready, logout and login.';
-$_['hash_txt_13'] = 'You can use OneFileCMS to edit itself.  However, be sure to have a backup ready for the inevitable ytpo...';
-$_['hash_txt_14'] = 'For another small improvement to security, change the default salt and/or method used by OneFileCMS to hash the password (and keep \'em secret, of course).  Remever, every little bit helps...';
+
+
 
 $_['hash_msg_01'] = 'Password: ';
 $_['hash_msg_02'] = 'Hash    : ';
 
+$_['pw_change']  = 'Change Password';
+$_['pw_current'] = 'Current Password';
+$_['pw_new']     = 'New Password';
+$_['pw_confirm'] = 'Confirm New Password';
+
+$_['pw_txt_01']  = 'Password rules:';
+$_['pw_txt_02']  = 'They must contain at least one non-space character.';
+$_['pw_txt_03']  = 'They may contain spaces in the middle. Ex: "This is a password!"';
+$_['pw_txt_04']  = 'Leading and trailing spaces are removed.';
+$_['pw_txt_05']  = 'Pressing [Change Password] will update the following config values as indicated:';
+$_['pw_txt_06']  = 'Update $HASHWORD with the hash of your new password.';
+$_['pw_txt_07']  = 'Set $USE_HASH = 1';
+$_['pw_txt_08']  = 'Set $PASSWORD = "" (empty)';
+$_['pw_txt_09']  = 'Only the active copy of OneFileCMS is updated- no external configuration files are changed:';
+$_['pw_txt_10']  = 'If an incorrect current password is entered, you will be logged out, but you may log back in.';
+
+$_['change_pw_01'] = 'Password NOT changed:';
+$_['change_pw_02'] = 'Incorrect current password. Login to try again.';
+$_['change_pw_03'] = 'Login to try again.';
+$_['change_pw_04'] = '"New" and "Confirm New" passwords do not match.';
+$_['change_pw_05'] = 'No new or confirm passwords entered.';
+$_['change_pw_06'] = 'Passwords must contain at least one non-space character.';
+$_['change_pw_07'] = 'Password changed!';
+
 $_['login_txt_01'] = 'Username:';
 $_['login_txt_02'] = 'Password:';
 
@@ -364,7 +387,7 @@ function Default_Language() { // ***********************************************
 $_['page_title_login']      = 'Log In';
 $_['page_title_admin']      = 'Administration Options';
 $_['page_title_hash']       = 'Generate a Password Hash';
-
+$_['page_title_change_pw']  = 'Change Password';
 $_['page_title_edit']       = 'Edit / View File';
 $_['page_title_upload']     = 'Upload File';
 $_['page_title_new_file']   = 'New File';
@@ -398,6 +421,14 @@ function Default_Language() { // ***********************************************
 $_['error_reporting_05'] = 'Unexpected early output';
 $_['error_reporting_06'] = '(nothing, not even white-space, should have been output yet)';
 
+$_['admin_txt_02'] = 'General Information';
+$_['admin_txt_04'] = 'OneFileCMS can manage your password in two ways:';
+$_['admin_txt_06'] = '1) Use $PASSWORD to store your desired password, in plain text, and set $USE_HASH = 0 (zero).';
+$_['admin_txt_08'] = '2) Or, use $HASHWORD to store the hash of your password, and set $USE_HASH = 1.';
+$_['admin_txt_10'] = '($PASSWORD, $USE_HASH, and $HASHWORD, are variables in the configuration section of the OneFileCMS source file.)';
+$_['admin_txt_12'] = 'Option 2 is recommended, and is method used by the [Change Password] page. However, keep in mind that, due to a number of considerations, this is largely an academic excersize. That is, take the idea that it adds much of an improvement to security with a grain of cryptographic salt. Never-the-less, it does eliminate the storage of your password in plain text, which is generally considered to be a good thing.';
+$_['admin_txt_14'] = 'For another small improvement to security, change the default salt and/or method used by OneFileCMS to hash the password (and keep them secret, of course). Every little bit helps...';
+$_['admin_txt_16'] = 'You can use OneFileCMS to edit itself, such as to update $PASSWORD or $HASHWORD. However, be sure to have a backup ready for the inevitable ytpo...';
 }//end Default_Language() ******************************************************
 
 
@@ -508,18 +539,18 @@ function Error_reporting_and_early_output($show_status = 0, $show_types = 0) {//
 						   (ini_get('log_errors') == 'on') ) )
 	{
 ?>		<style>
-		.E_box {margin: 0;	 background-color: #Faa; font-size: 1em;
+		.E_box {margin: 0;	 background-color: #F33; font-size: 1em; color: white;
 				padding: 4px 5px 5px 5px; border: 0 solid white; }
 		</style>
 <?php
 		echo '<p class="E_box"><b>PHP '.PHP_VERSION.$spc;
-		echo $_['error_reporting_01'].': '.ini_get('display_errors').'.'.$spc;
-		echo $_['error_reporting_02'].': '.ini_get('log_errors')    .'.'.$spc;
-		echo $_['error_reporting_03'].': '.error_reporting()        .'.'.$spc;
+		echo hsc($_['error_reporting_01']).': '.ini_get('display_errors').'.'.$spc;
+		echo hsc($_['error_reporting_02']).': '.ini_get('log_errors')    .'.'.$spc;
+		echo hsc($_['error_reporting_03']).': '.error_reporting()        .'.'.$spc;
 		echo 'E_ALL = '.E_ALL.$spc.'</b>';
 		
 		if ($show_types) {
-			echo '<br><b>'.$_['error_reporting_04'].': </b>';
+			echo '<br><b>'.hsc($_['error_reporting_04']).': </b>';
 			echo '<span style="font: 400 .8em arial">'.$E_types.'</span>';
 		}
 		echo '</p>';
@@ -528,8 +559,8 @@ function Error_reporting_and_early_output($show_status = 0, $show_types = 0) {//
 	//$early_output is contents of ob_get_clean(), just before page output.
 	if (strlen($early_output) > 0 ) {
 		echo '<pre style="background-color: #Fdd; border: 1px solid #Faa;"><b>';
-		echo $_['error_reporting_05'].'</b> ';
-		echo $_['error_reporting_06'].'<b>:</b> ';
+		echo hsc($_['error_reporting_05']).'</b> ';
+		echo hsc($_['error_reporting_06']).'<b>:</b> ';
 		echo '<span style="background-color: white; border: 1px solid white">';
 		echo hte($early_output).'</span></pre>';
 	}
@@ -614,7 +645,7 @@ function Get_GET() { //*** Get main parameters *********************************
 	//Initialize & validate $page
 	if (isset($_GET["p"])) { $page = $_GET["p"]; } else { $page = "index"; }
 	if (!in_array(strtolower($page), $valid_pages)) { 
-		$message .= $EX.$_['get_get_msg_02'];
+		$message .= $EX.hsc($_['get_get_msg_02']).' <b>'.hte($page).'</b><br>';
 		$page = "index";  //If invalid $_GET["p"]
 	}
 
@@ -719,6 +750,23 @@ function ordinalize($destination,$filename, &$msg) { //*************************
 
 
 
+function Search_Replace_Line($haystack, $needle, $replace){ //******************
+	//Search start of each $line in (array)$haystack for (string)$needle.
+	//If match found, replace $line with $replace, end search.
+	//Return updated $haystack.
+	$search_len = strlen($needle);
+	foreach ($haystack as $key => $line) {
+		if ( substr($line,0,$search_len) == $needle ) {
+			$haystack[$key] = $replace;
+			break 1; //only replace first occurrance of $needle
+		}
+	}
+	return $haystack;
+}//end Search_Replace_Line() //*************************************************
+
+
+
+
 function Current_Path_Header(){ //**********************************************
  	// Current path. ie: webroot/current/path/ 
 	// Each level is a link to that level.
@@ -879,13 +927,13 @@ function show_favicon(){ //*****************************************************
 
 
 
-function Timeout_Timer($COUNT, $ID, $CLASS, $ACTION) { //************************
+function Timeout_Timer($COUNT, $ID, $CLASS="", $ACTION="") { //*****************
 
 	return 	'<script>'.
 			'Start_Countdown('.$COUNT.', "'.$ID.'", "'.$CLASS.'", "'.$ACTION.'");'.
 			'</script>';
 
-} //end Timeout_Timer() **************************************************
+} //end Timeout_Timer() ********************************************************
 
 
 
@@ -1090,15 +1138,26 @@ function Admin_Page() { //******************************************************
 	<input type="button" class="button" id="cancel"    value="<?php echo hsc($_['Close']) ?>"
 		onclick="parent.location = '<?php echo $ONESCRIPT.$param1.$params ?>'">
 
-	<input type="button" class="button" id="hash"      value="<?php echo hsc('Hash Page') ?>"
+	<input type="button" class="button" id="hash"      value="<?php echo hsc($_['Generate_Hash']) ?>"
 		onclick="parent.location = '<?php echo $ONESCRIPT.$param1.'&amp;p=hash' ?>'">
 
-
-
+	<input type="button" class="button" id="changepw" value="<?php echo hsc($_['pw_change']) ?>"
+		onclick="parent.location = '<?php echo $ONESCRIPT.$param1.'&amp;p=changepw' ?>'">
 
 	<input type="button" class="button" id="editOFCMS" value="<?php echo hsc($_['Edit'].' '.$config_title) ?>"
 		onclick="parent.location = '<?php echo $ONESCRIPT.$edit_params ?>'">
 	</span>
+
+	<div class="info">
+	<p><b><?php echo hsc($_['admin_txt_02']) ?></b>
+	<p><?php echo hsc($_['admin_txt_04']) ?>
+	<p><?php echo hsc($_['admin_txt_06']) ?>
+	<p><?php echo hsc($_['admin_txt_08']) ?>
+	<p style="font-size: .9em"><?php echo hsc($_['admin_txt_10']) ?>
+	<p><?php echo hsc($_['admin_txt_12']) ?>
+	<p><?php echo hsc($_['admin_txt_14']) ?>
+	<p><?php echo hsc($_['admin_txt_16']) ?>
+	</div>
 <?php
 	echo '<script>document.getElementById("cancel").focus();</script>';
 return;
@@ -1125,13 +1184,6 @@ function Hash_Page() { //******************************************************
 
 	<div class="info">
  	<p><?php echo hsc($_['hash_txt_01']) ?><br>
-	<p>
-	<?php echo hsc($_['hash_txt_02']) ?><br>
-	<?php echo hsc($_['hash_txt_03']) ?><br>
-
-	<p><?php echo hsc($_['hash_txt_04']) ?>
-
-	<p><?php echo hsc($_['hash_txt_05']) ?>
 	<ol><li><?php echo hsc($_['hash_txt_06']) ?><br>
 			<?php echo hsc($_['hash_txt_07']) ?>
 		<li><?php echo hsc($_['hash_txt_08']) ?><br>
@@ -1140,10 +1192,12 @@ function Hash_Page() { //******************************************************
 		<li><?php echo hsc($_['hash_txt_11']) ?>
 		<li><?php echo hsc($_['hash_txt_12']) ?>
 	</ol>
-	<p><?php echo hsc($_['hash_txt_13']) ?>
-	<p>
-	<?php echo hsc($_['hash_txt_14']) ?>
-
+ 	<p><?php echo hsc($_['pw_txt_01']) ?>
+	<ol>
+	   <li><?php echo hsc($_['pw_txt_02']) ?>
+	   <li><?php echo hsc($_['pw_txt_03']) ?>
+	   <li><?php echo hsc($_['pw_txt_04']) ?>
+	</ol>
 	</div>
 <?php 
 } //end Hash_Page() ************************************************************
@@ -1165,6 +1219,120 @@ function Hash_response() { //***************************************************
 
 
 
+function Change_Password_Page() { //********************************************
+	global $_, $DOC_ROOT, $ONESCRIPT, $param1, $message, $INPUT_NUONCE, $config_title;
+	$params = '?i='.dirname($ONESCRIPT).'&amp;f='.basename($ONESCRIPT).'&amp;p=edit';
+	if (!isset($_POST['whattohash'])) { $_POST['whattohash'] = ''; }
+?>
+	<style></style>
+
+	<h2><?php echo hsc($_['pw_change']) ?></h2>
+	
+	<form id="hash" name="hash" method="post" action="<?php echo $ONESCRIPT.$param1.'&amp;p=changepw'; ?>">
+		<?php echo $INPUT_NUONCE; ?>
+		
+		<?php echo hsc($_['pw_current']) ?><br>
+		<input type="password" name="current_pw" id="current_pw" value="">
+		
+		<?php echo hsc($_['pw_new']) ?><br>
+		<input type="password" name="new_pw1"    id="new_pw1"    value="">
+		
+		<?php echo hsc($_['pw_confirm']) ?><br>
+		<input type="password" name="new_pw2"    id="new_pw2"    value="">
+		
+		<?php Cancel_Submit_Buttons(hsc($_['pw_change']), 'current_pw') ?>
+	</form>
+
+	<div class="info">
+ 	<p><?php echo hsc($_['pw_txt_01']) ?>
+	<ol>
+	   <li><?php echo hsc($_['pw_txt_02']) ?>
+	   <li><?php echo hsc($_['pw_txt_03']) ?>
+	   <li><?php echo hsc($_['pw_txt_04']) ?>
+	</ol>
+ 	<p><?php echo hsc($_['pw_txt_05']) ?><br>
+	<ol>
+	   <li><?php echo hsc($_['pw_txt_06']) ?>
+	   <li><?php echo hsc($_['pw_txt_07']) ?>
+	   <li><?php echo hsc($_['pw_txt_08']) ?>
+	</ol>
+	<p><?php echo hsc($_['pw_txt_09']) ?>
+	<p><?php echo hsc($_['pw_txt_10']) ?>
+	</div>
+<?php 
+} //end Change_Password_Page() *************************************************
+
+
+
+
+function Change_Password_response(){ //*****************************************
+	//Update $PASSWORD, $HASHWORD & $USE_HASH in $ONESCRIPT
+	global $_, $PASSWORD, $HASHWORD, $USE_HASH, $DOC_ROOT, $ONESCRIPT, $EX, $message, $page;
+
+	$current_pass = trim($_POST['current_pw']); // trim leading & trailing spaces.
+	$new_pass     = trim($_POST['new_pw1']);
+	$confirm_pass = trim($_POST['new_pw2']);
+
+	//If NO p/w's entered, do nothing.
+	if ( ($current_pass == "") && ($new_pass == "") && ($confirm_pass == "") ) {
+		$page = "changepw";
+		return;
+		
+	//If NO NEW p/w's entered, , display $message to that effect.
+	}elseif ( ($new_pass == "") && ($confirm_pass == "") ) {
+		$message .= $EX.'<b>'.hsc($_['change_pw_01']).' </b>'.hsc($_['change_pw_06']).'<br>';
+		$page = 'changepw';
+		return;
+		
+	//If New & Confirm p/w's don't match, display $message to that effect.
+	}elseif ($new_pass != $confirm_pass) {
+		$message .= $EX.'<b>'.hsc($_['change_pw_01']).' </b>'.hsc($_['change_pw_04']).'<br>';
+		$page = 'changepw'; 
+		return;
+		
+	//If New == Confirm, but incorrect current p/w, logout.
+	}elseif (hashit($current_pass) != $HASHWORD) {
+		$message .= $EX.'<b>'.hsc($_['change_pw_01']).'</b><br>';
+		$message .= hsc($_['change_pw_02']).'<br>';
+		Logout();
+		return;
+		
+	//Else change password (HASHWORD, actually)
+	} else {
+		$HASHWORD = hashit($new_pass);
+		$message .= $EX.'<b>'.hsc($_['change_pw_07']).'</b>';
+		$page = "admin"; //Return to Admin page if change successful.
+	}
+
+
+	//Update OneFileCMS with new $HASHWORD *****************************
+	
+	$Updated_ONESCRIPT = $DOC_ROOT.$ONESCRIPT;
+	$ONESCRIPT_contents = file_get_contents($DOC_ROOT.$ONESCRIPT);
+	//Convert any CR+NL to only newline.
+	$ONESCRIPT_contents = str_replace("\r\n", "\n", $ONESCRIPT_contents);
+	$ONESCRIPT_lines = explode("\n", "".$ONESCRIPT_contents);
+
+	$search_for   = '$HASHWORD '; //include space after $HASHWORD
+	$replace_with = '$HASHWORD = "'.$HASHWORD.'";';
+	$ONESCRIPT_lines = Search_Replace_Line($ONESCRIPT_lines, $search_for, $replace_with);
+	
+	$search_for   = '$USE_HASH '; //include space after $USE_HASH
+	$replace_with = '$USE_HASH = 1; // 1 = use $HASHWORD, 0 = use $PASSWORD.'; 
+	$ONESCRIPT_lines = Search_Replace_Line($ONESCRIPT_lines, $search_for, $replace_with);
+
+	$search_for   = '$PASSWORD '; //include space after $HASHWORD
+	$replace_with = '$PASSWORD = \'\';';
+	$ONESCRIPT_lines = Search_Replace_Line($ONESCRIPT_lines, $search_for, $replace_with);
+
+	$ONESCRIPT_contents = implode("\n", $ONESCRIPT_lines);
+	file_put_contents($Updated_ONESCRIPT,implode("\n", $ONESCRIPT_lines));
+
+}//end Change_Password_response() //********************************************
+
+
+
+
 function Logout() { //**********************************************************
 	global $page;
 	session_regenerate_id(true);
@@ -1216,7 +1384,7 @@ function Login_response() { //**************************************************
 
 	if ( ($attempts >= $MAX_ATTEMPTS) && ($elapsed < $LOGIN_DELAY) ){
 		$message .= hsc($_['login_msg_02a']).' ';
-		$message .= Timeout_Timer(($LOGIN_DELAY - $elapsed), 'timer0', '', '');
+		$message .= Timeout_Timer(($LOGIN_DELAY - $elapsed), 'timer0');
 		$message .= ' '.hsc($_['login_msg_02b']);
 		return;
 	}
@@ -1891,6 +2059,7 @@ function Page_Title(){ //***<title>Page_Title()</title>*************************
 	if     ($page == "login")        { return hsc($_['page_title_login']);     }
 	elseif ($page == "admin")        { return hsc($_['page_title_admin']);     }
 	elseif ($page == "hash")         { return hsc($_['page_title_hash']);      }
+	elseif ($page == "changepw")     { return hsc($_['page_title_change_pw']); }
 	elseif ($page == "edit")         { return hsc($_['page_title_edit']);      }
 	elseif ($page == "upload")       { return hsc($_['page_title_upload']);    }
 	elseif ($page == "newfile")      { return hsc($_['page_title_new_file']);  }
@@ -1909,19 +2078,21 @@ function Page_Title(){ //***<title>Page_Title()</title>*************************
 function Load_Selected_Page(){ //***********************************************
 	global $_, $ONESCRIPT, $page;
 
-	if     ($page == "login")        { Login_Page();         }
-	elseif ($page == "admin")        { Admin_Page();         }
-	elseif ($page == "hash")         { Hash_Page();          }
-	elseif ($page == "edit")         { Edit_Page();          }
-	elseif ($page == "upload")       { Upload_Page();        }
-	elseif ($page == "newfile")      { New_File_Page();      }
+	if     ($page == "login")        { Login_Page();          }
+	elseif ($page == "index")        { Index_Page();          }
+	elseif ($page == "admin")        { Admin_Page();          }
+	elseif ($page == "hash")         { Hash_Page();           }
+	elseif ($page == "changepw")     { Change_Password_Page();}
+	elseif ($page == "edit")         { Edit_Page();           }
+	elseif ($page == "upload")       { Upload_Page();         }
+	elseif ($page == "newfile")      { New_File_Page();       }
 	elseif ($page == "copy")         { Copy_Ren_Move_Page(hsc($_['Copy']),   hsc($_['File']), 'copy_file', 1); }
 	elseif ($page == "rename")       { Copy_Ren_Move_Page(hsc($_['Rename']), hsc($_['File']), 'rename_file', 1); }
-	elseif ($page == "delete")       { Delete_File_Page();   }
-	elseif ($page == "newfolder")    { New_Folder_Page();    }
+	elseif ($page == "delete")       { Delete_File_Page();    }
+	elseif ($page == "newfolder")    { New_Folder_Page();     }
 	elseif ($page == "renamefolder") { Copy_Ren_Move_Page(hsc($_['Rename']), hsc($_['Folder']), 'rename_folder', 0); }
-	elseif ($page == "deletefolder") { Delete_Folder_Page(); }
-	else                             { Index_Page();         } //default
+	elseif ($page == "deletefolder") { Delete_Folder_Page();  }
+	else                             { Login_Page();          } //default
 }//end Load_Selected_Page() ****************************************************
 
 
@@ -1931,17 +2102,18 @@ function Respond_to_POST() {//**************************************************
 	global $_, $VALID_POST;
 
 	if ($VALID_POST) { 
-		if     (isset($_FILES['upload_file']['name'])) { Upload_response(); }
-		elseif (isset($_POST["whattohash"]   )) { Hash_response();          }
-		elseif (isset($_POST["filename"]     )) { Edit_response();          }
-		elseif (isset($_POST["new_file"]     )) { New_File_response();      }
+		if     (isset($_FILES['upload_file']['name'])) { Upload_response();  }
+		elseif (isset($_POST["whattohash"]   )) { Hash_response();           }
+		elseif (isset($_POST["new_pw1"]      )) { Change_Password_response();}
+		elseif (isset($_POST["filename"]     )) { Edit_response();           }
+		elseif (isset($_POST["new_file"]     )) { New_File_response();       }
 		elseif (isset($_POST["copy_file"]    )) { Copy_Ren_Move_response($_POST[ "old_name"], $_POST["copy_file"], 'copy', hsc($_['Copy']), hsc($_['Copied']), 1); } 
 		elseif (isset($_POST["rename_file"]  )) { Copy_Ren_Move_response($_POST[ "old_name"], $_POST["rename_file"],   'rename', hsc($_['Ren_Move']), hsc($_['Ren_Moved']), 1); } 
-		elseif (isset($_POST["delete_file"]  )) { Delete_File_response();   }
-		elseif (isset($_POST["new_folder"]   )) { New_Folder_response();    }
+		elseif (isset($_POST["delete_file"]  )) { Delete_File_response();    }
+		elseif (isset($_POST["new_folder"]   )) { New_Folder_response();     }
 		elseif (isset($_POST["rename_folder"])) { Copy_Ren_Move_response($_POST[ "old_name"], $_POST["rename_folder"], 'rename', hsc($_['Ren_Move']), hsc($_['Ren_Moved']), 0); } 
-		elseif (isset($_POST["delete_folder"])) { Delete_Folder_response(); }
-	}//end if ($VALID_POST) 
+		elseif (isset($_POST["delete_folder"])) { Delete_Folder_response();  }
+	}//end if ($VALID_POST)
 
 }//end Respond_to_POST() *******************************************************
 
@@ -2387,6 +2559,14 @@ function style_sheet(){ //******************************************************
 	}
 
 
+input[type="password"] {
+	border  : 1px solid #807568;
+	margin-bottom: .6em;
+	padding : 2px 0px 2px 2px;
+	width   : 100%;
+	font    : 1em courier;
+}
+
 input:focus { background-color: rgb(255,250,150); }
 
 input:hover { background-color: rgb(255,250,150); }
@@ -2524,7 +2704,7 @@ function style_sheet(){ //******************************************************
 
 .mono {font-family: courier;}
 
-.info {margin-top: .7em; background: #f9f9f9; padding: .2em .5em;}
+.info {margin: .7em 0 .5em 0; background: #f9f9f9; padding: .2em .5em;}
 
 .path {padding: 1px 5px 1px 5px} /*TRBL*/
 
@@ -2639,6 +2819,11 @@ function Language_and_config_adjusted_styles() {//******************************
 
 }//end if $_SESSION[valid] *************************************
 
+//Don't show path header or admin link on some pages.
+$Show_header_and_Admin = true;
+if ( ($page == "login") || ($page == "admin") || ($page == "hash") || ($page == "changepw") ){
+	$Show_header_and_Admin = false;
+}
 //end logic to determine page action *******************************************
 
 
@@ -2680,7 +2865,7 @@ function Language_and_config_adjusted_styles() {//******************************
 
 <?php Page_Header() ?>
 
-<?php if ( $page != "login"  &&  $page != "admin"  &&  $page != "hash" ) { Current_Path_Header(); } ?>
+<?php if ($Show_header_and_Admin) { Current_Path_Header(); } ?>
 
 <?php message_box() ?>
 
@@ -2695,7 +2880,7 @@ function Language_and_config_adjusted_styles() {//******************************
 }
 
 //Admin link
-if ( ($page != "login") && ($page != "hash") && ($page != "admin") ){
+if ($Show_header_and_Admin) {
 	echo '<a id="admin" href="'.$ONESCRIPT.$param1.$param2.'&amp;p=admin">'.hsc($_['Admin']).'</a>';
 }
 ?>
diff --git a/readme.markdown b/readme.markdown
index ea398ed..55c717d 100755
--- a/readme.markdown
+++ b/readme.markdown
@@ -1,4 +1,9 @@
-# Current stable version: 3.3.10
+# Current stable version: 3.3.12
+
+### Auguest 10, 2012
+
+- Added password update screen, so manual editing of OneFileCMS is not required (but is still possible, of course).
+
 
 ### Auguest 7, 2012
 
@@ -84,6 +89,8 @@ Coupling a utilitarian code editor with basic file managing functions, OneFileCM
     // CONFIGURATION INFO  
     $USERNAME = "username";  
     $PASSWORD = "password";  
+  
+	(To change the password, use the Change Password screen found on the Admin page.)
 
 3) Upload to anywhere on your site!
 
@@ -184,6 +191,11 @@ GENERATE/OUTPUT THE PAGE
 
 ## Change Log
 
+### 3.3.11 - 3.3.12
+
+- Added Change Password screen.
+- Improved validation of $_GET parameters & other general code improvements.
+
 ### 3.3.10
 
 - Created an actual "Admin" page that has links to admin functions: Hash Page, Edit OneFileCMS, and (soon) Change Password.

From 5c49f72a6767e1d1096a0b9c9e349463359152ff Mon Sep 17 00:00:00 2001
From: Self-Evident <selfevidenttruths@mail.com>
Date: Sat, 11 Aug 2012 12:18:30 -0400
Subject: [PATCH 130/228] Version 3.3.13 Removed use of & references to
 $PASSWORD & $USE_HASH.   Primarily affected Login_response &
 Change_Password_...() functions. Init_Maros(): added $PWUN_RULES  (PassWord &
 UserName). Changed text on Admin, Hash, and Change Password pages. External
 language files NOT updated. Readme & structure files NOT updated.

---
 onefilecms.php | 176 ++++++++++++++++++++++++-------------------------
 1 file changed, 88 insertions(+), 88 deletions(-)

diff --git a/onefilecms.php b/onefilecms.php
index a981cb1..5694e50 100755
--- a/onefilecms.php
+++ b/onefilecms.php
@@ -1,7 +1,7 @@
 <?php
 // OneFileCMS - github.com/Self-Evident/OneFileCMS
 
-$OFCMS_version = '3.3.12';
+$OFCMS_version = '3.3.13';
 
 /*******************************************************************************
 Copyright © 2009-2012 https://github.com/rocktronica
@@ -50,10 +50,7 @@
 $config_title = "OneFileCMS";
 
 $USERNAME = 'username';
-
-$PASSWORD = '';
-$USE_HASH = 1; // 1 = use $HASHWORD, 0 = use $PASSWORD.
-$HASHWORD = "a6ca7f88bd5efc706d38047cc5844d2b11f86242c01e0c89a1c656dbe2dd1866"; //hash for "password"
+$HASHWORD = "a6ca7f88bd5efc706d38047cc5844d2b11f86242c01e0c89a1c656dbe2dd1866"; //"password"
 $SALT     = 'somerandomsalt';
 
 //$LANGUAGE_FILE = "OneFileCMS.LANG.EN.php"; //Filename of language settings. Leave blank for built-in default.
@@ -156,7 +153,7 @@ function hte($input) { return htmlentities($input, ENT_QUOTES, 'UTF-8'); }//end
 
 function Default_Language() { // ***********************************************
 	global $_;
-// OneFileCMS Language Settings v3.3.12
+// OneFileCMS Language Settings v3.3.13  //*** A few values are no longer used and are commented out. ***
 
 $_['LANGUAGE'] = 'English (default)';
 
@@ -205,6 +202,7 @@ function Default_Language() { // ***********************************************
 $_['DELETE'] = 'DELETE';
 $_['File']   = 'File';
 $_['Folder'] = 'Folder';
+$_['Submit'] = 'Submit Request';
 
 $_['Log_In']  = 'Log In';
 $_['Log_Out'] = 'Log Out';
@@ -245,36 +243,37 @@ function Default_Language() { // ***********************************************
 $_['hash_txt_08'] = 'Copy and paste the new hash to the $HASHWORD variable in the config section.';
 $_['hash_txt_09'] = 'Make sure to copy ALL of, and ONLY, the hash (no leading or trailing spaces etc).';
 $_['hash_txt_10'] = 'A double-click should select it...';
-$_['hash_txt_11'] = 'Make sure $USE_HASH is set to 1 (or true).';
+//$_['hash_txt_11'] = 'Make sure $USE_HASH is set to 1 (or true).';
 $_['hash_txt_12'] = 'When ready, logout and login.';
 
 
 
-$_['hash_msg_01'] = 'Password: ';
-$_['hash_msg_02'] = 'Hash    : ';
+$_['hash_msg_01'] = 'Password:';
+$_['hash_msg_02'] = 'Hash    :';
 
 $_['pw_change']  = 'Change Password';
 $_['pw_current'] = 'Current Password';
 $_['pw_new']     = 'New Password';
 $_['pw_confirm'] = 'Confirm New Password';
 
-$_['pw_txt_01']  = 'Password rules:';
+$_['pw_txt_00']  = 'Password / Username rules:';
+$_['pw_txt_01']  = 'They are case-sensitive!';
 $_['pw_txt_02']  = 'They must contain at least one non-space character.';
-$_['pw_txt_03']  = 'They may contain spaces in the middle. Ex: "This is a password!"';
+$_['pw_txt_03']  = 'They may contain spaces in the middle. Ex: "This is a password or username!"';
 $_['pw_txt_04']  = 'Leading and trailing spaces are removed.';
-$_['pw_txt_05']  = 'Pressing [Change Password] will update the following config values as indicated:';
-$_['pw_txt_06']  = 'Update $HASHWORD with the hash of your new password.';
-$_['pw_txt_07']  = 'Set $USE_HASH = 1';
-$_['pw_txt_08']  = 'Set $PASSWORD = "" (empty)';
+//$_['pw_txt_05']  = 'Pressing [Submit Request] will update the following configuration value(s):';
+//$_['pw_txt_06']  = 'Update $HASHWORD with the hash of your new password.';
+//$_['pw_txt_07']  = 'Set $USE_HASH = 1';
+//$_['pw_txt_08']  = 'Set $PASSWORD = "" (empty)';
 $_['pw_txt_09']  = 'Only the active copy of OneFileCMS is updated- no external configuration files are changed:';
 $_['pw_txt_10']  = 'If an incorrect current password is entered, you will be logged out, but you may log back in.';
 
 $_['change_pw_01'] = 'Password NOT changed:';
 $_['change_pw_02'] = 'Incorrect current password. Login to try again.';
-$_['change_pw_03'] = 'Login to try again.';
-$_['change_pw_04'] = '"New" and "Confirm New" passwords do not match.';
+//$_['change_pw_03'] = 'Login to try again.';
+$_['change_pw_04'] = '"New" and "Confirm New" values do not match.';
 $_['change_pw_05'] = 'No new or confirm passwords entered.';
-$_['change_pw_06'] = 'Passwords must contain at least one non-space character.';
+//$_['change_pw_06'] = 'Passwords must contain at least one non-space character.';
 $_['change_pw_07'] = 'Password changed!';
 
 $_['login_txt_01'] = 'Username:';
@@ -388,6 +387,7 @@ function Default_Language() { // ***********************************************
 $_['page_title_admin']      = 'Administration Options';
 $_['page_title_hash']       = 'Generate a Password Hash';
 $_['page_title_change_pw']  = 'Change Password';
+
 $_['page_title_edit']       = 'Edit / View File';
 $_['page_title_upload']     = 'Upload File';
 $_['page_title_new_file']   = 'New File';
@@ -422,13 +422,14 @@ function Default_Language() { // ***********************************************
 $_['error_reporting_06'] = '(nothing, not even white-space, should have been output yet)';
 
 $_['admin_txt_02'] = 'General Information';
-$_['admin_txt_04'] = 'OneFileCMS can manage your password in two ways:';
-$_['admin_txt_06'] = '1) Use $PASSWORD to store your desired password, in plain text, and set $USE_HASH = 0 (zero).';
-$_['admin_txt_08'] = '2) Or, use $HASHWORD to store the hash of your password, and set $USE_HASH = 1.';
-$_['admin_txt_10'] = '($PASSWORD, $USE_HASH, and $HASHWORD, are variables in the configuration section of the OneFileCMS source file.)';
-$_['admin_txt_12'] = 'Option 2 is recommended, and is method used by the [Change Password] page. However, keep in mind that, due to a number of considerations, this is largely an academic excersize. That is, take the idea that it adds much of an improvement to security with a grain of cryptographic salt. Never-the-less, it does eliminate the storage of your password in plain text, which is generally considered to be a good thing.';
+$_['admin_txt_04'] = 'As of version 3.3.13, OneFileCMS no longer maintains a plain text $PASSWORD option, and only uses $HASHWORD.';
+//$_['admin_txt_06'] = '1) Use $PASSWORD to store your desired password, in plain text, and set $USE_HASH = 0 (zero).';
+//$_['admin_txt_08'] = '2) Or, use $HASHWORD to store the hash of your password, and set $USE_HASH = 1.';
+//$_['admin_txt_10'] = '($PASSWORD, $USE_HASH, and $HASHWORD, are variables in the configuration section of the OneFileCMS source file.)';
+//$_['admin_txt_12'] = 'Option 2 is recommended, and is method used by the [Change Password] page. However, keep in mind that, due to a number of considerations, this is largely an academic excersize. That is, take the idea that it adds much of an improvement to security with a grain of cryptographic salt. Never-the-less, it does eliminate the storage of your password in plain text, which is generally considered to be a good thing.';
+$_['admin_txt_12'] = 'However, keep in mind that this is largely academic due to a number of considerations. That is, take the idea that it adds much of an improvement to security, for this application, with a grain of cryptographic salt. Never-the-less, it does eliminate the storage of your password in plain text (if that option was used was used), which is generally considered to be a good thing.';
 $_['admin_txt_14'] = 'For another small improvement to security, change the default salt and/or method used by OneFileCMS to hash the password (and keep them secret, of course). Every little bit helps...';
-$_['admin_txt_16'] = 'You can use OneFileCMS to edit itself, such as to update $PASSWORD or $HASHWORD. However, be sure to have a backup ready for the inevitable ytpo...';
+$_['admin_txt_16'] = 'Also, you can still use OneFileCMS to edit itself. However, be sure to have a backup ready for the inevitable ytpo...';
 }//end Default_Language() ******************************************************
 
 
@@ -750,23 +751,6 @@ function ordinalize($destination,$filename, &$msg) { //*************************
 
 
 
-function Search_Replace_Line($haystack, $needle, $replace){ //******************
-	//Search start of each $line in (array)$haystack for (string)$needle.
-	//If match found, replace $line with $replace, end search.
-	//Return updated $haystack.
-	$search_len = strlen($needle);
-	foreach ($haystack as $key => $line) {
-		if ( substr($line,0,$search_len) == $needle ) {
-			$haystack[$key] = $replace;
-			break 1; //only replace first occurrance of $needle
-		}
-	}
-	return $haystack;
-}//end Search_Replace_Line() //*************************************************
-
-
-
-
 function Current_Path_Header(){ //**********************************************
  	// Current path. ie: webroot/current/path/ 
 	// Each level is a link to that level.
@@ -940,12 +924,15 @@ function Timeout_Timer($COUNT, $ID, $CLASS="", $ACTION="") { //*****************
 
 function Init_Macros(){ //*** ($varibale="some reusable chunk of code")*********
 
-global 	$ONESCRIPT, $param1, $param2, $INPUT_NUONCE, $FORM_COMMON, 
+global 	$_, $ONESCRIPT, $param1, $param2, $INPUT_NUONCE, $FORM_COMMON, $PWUN_RULES, 
 		$SVG_icon_circle_plus, $SVG_icon_circle_x, $SVG_icon_pencil, $SVG_icon_img_0;
 
 $INPUT_NUONCE = '<input type="hidden" name="nuonce" value="'.$_SESSION['nuonce'].'">'.PHP_EOL;
 $FORM_COMMON = '<form method="post" action="'.$ONESCRIPT.$param1.$param2.'">'.$INPUT_NUONCE;
 
+$PWUN_RULES  = '<p>'.hsc($_['pw_txt_00']).'<ol><li>'.hsc($_['pw_txt_01']).'<li>'.hsc($_['pw_txt_02']);
+$PWUN_RULES .= '<li>'.hsc($_['pw_txt_03']).'<li>'.hsc($_['pw_txt_04']).'</ol>';
+
 $SVG_icon_circle_plus = '<circle cx="5" cy="5" r="5" stroke="black" stroke-width="0" fill="#080"/>
 	  <line x1="2" y1="5" x2="8" y2="5" stroke="white" stroke-width="1.5" />
 	  <line x1="5" y1="2" x2="5" y2="8" stroke="white" stroke-width="1.5" />';
@@ -1144,6 +1131,9 @@ function Admin_Page() { //******************************************************
 	<input type="button" class="button" id="changepw" value="<?php echo hsc($_['pw_change']) ?>"
 		onclick="parent.location = '<?php echo $ONESCRIPT.$param1.'&amp;p=changepw' ?>'">
 
+
+
+
 	<input type="button" class="button" id="editOFCMS" value="<?php echo hsc($_['Edit'].' '.$config_title) ?>"
 		onclick="parent.location = '<?php echo $ONESCRIPT.$edit_params ?>'">
 	</span>
@@ -1151,9 +1141,6 @@ function Admin_Page() { //******************************************************
 	<div class="info">
 	<p><b><?php echo hsc($_['admin_txt_02']) ?></b>
 	<p><?php echo hsc($_['admin_txt_04']) ?>
-	<p><?php echo hsc($_['admin_txt_06']) ?>
-	<p><?php echo hsc($_['admin_txt_08']) ?>
-	<p style="font-size: .9em"><?php echo hsc($_['admin_txt_10']) ?>
 	<p><?php echo hsc($_['admin_txt_12']) ?>
 	<p><?php echo hsc($_['admin_txt_14']) ?>
 	<p><?php echo hsc($_['admin_txt_16']) ?>
@@ -1167,7 +1154,7 @@ function Admin_Page() { //******************************************************
 
 
 function Hash_Page() { //******************************************************
-	global $_, $DOC_ROOT, $ONESCRIPT, $param1, $param2, $message, $INPUT_NUONCE, $config_title;
+	global $_, $DOC_ROOT, $ONESCRIPT, $param1, $param2, $message, $INPUT_NUONCE, $config_title, $PWUN_RULES;
 
 	if (!isset($_POST['whattohash'])) { $_POST['whattohash'] = ''; }
 ?>
@@ -1189,15 +1176,10 @@ function Hash_Page() { //******************************************************
 		<li><?php echo hsc($_['hash_txt_08']) ?><br>
 			<?php echo hsc($_['hash_txt_09']) ?><br>
 			<?php echo hsc($_['hash_txt_10']) ?><br>
-		<li><?php echo hsc($_['hash_txt_11']) ?>
 		<li><?php echo hsc($_['hash_txt_12']) ?>
 	</ol>
- 	<p><?php echo hsc($_['pw_txt_01']) ?>
-	<ol>
-	   <li><?php echo hsc($_['pw_txt_02']) ?>
-	   <li><?php echo hsc($_['pw_txt_03']) ?>
-	   <li><?php echo hsc($_['pw_txt_04']) ?>
-	</ol>
+
+	<?php echo $PWUN_RULES ?>
 	</div>
 <?php 
 } //end Hash_Page() ************************************************************
@@ -1220,7 +1202,7 @@ function Hash_response() { //***************************************************
 
 
 function Change_Password_Page() { //********************************************
-	global $_, $DOC_ROOT, $ONESCRIPT, $param1, $message, $INPUT_NUONCE, $config_title;
+	global $_, $DOC_ROOT, $ONESCRIPT, $param1, $message, $INPUT_NUONCE, $config_title, $PWUN_RULES;
 	$params = '?i='.dirname($ONESCRIPT).'&amp;f='.basename($ONESCRIPT).'&amp;p=edit';
 	if (!isset($_POST['whattohash'])) { $_POST['whattohash'] = ''; }
 ?>
@@ -1244,18 +1226,7 @@ function Change_Password_Page() { //********************************************
 	</form>
 
 	<div class="info">
- 	<p><?php echo hsc($_['pw_txt_01']) ?>
-	<ol>
-	   <li><?php echo hsc($_['pw_txt_02']) ?>
-	   <li><?php echo hsc($_['pw_txt_03']) ?>
-	   <li><?php echo hsc($_['pw_txt_04']) ?>
-	</ol>
- 	<p><?php echo hsc($_['pw_txt_05']) ?><br>
-	<ol>
-	   <li><?php echo hsc($_['pw_txt_06']) ?>
-	   <li><?php echo hsc($_['pw_txt_07']) ?>
-	   <li><?php echo hsc($_['pw_txt_08']) ?>
-	</ol>
+	<?php echo $PWUN_RULES ?>
 	<p><?php echo hsc($_['pw_txt_09']) ?>
 	<p><?php echo hsc($_['pw_txt_10']) ?>
 	</div>
@@ -1265,9 +1236,47 @@ function Change_Password_Page() { //********************************************
 
 
 
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+function Search_Replace_Line($haystack, $needle, $replace){ //******************
+	//Search start of each $line in (array)$haystack for (string)$needle.
+	//If match found, replace $line with $replace, end search.
+	//Return updated $haystack.
+	$search_len = strlen($needle);
+	foreach ($haystack as $key => $line) {
+		if ( substr($line,0,$search_len) == $needle ) {
+			$haystack[$key] = $replace;
+			break 1; //only replace first occurrance of $needle
+		}
+	}
+	return $haystack;
+}//end Search_Replace_Line() //*************************************************
+
+
+
+
 function Change_Password_response(){ //*****************************************
 	//Update $PASSWORD, $HASHWORD & $USE_HASH in $ONESCRIPT
-	global $_, $PASSWORD, $HASHWORD, $USE_HASH, $DOC_ROOT, $ONESCRIPT, $EX, $message, $page;
+	global $_, $HASHWORD, $DOC_ROOT, $ONESCRIPT, $EX, $message, $page;
 
 	$current_pass = trim($_POST['current_pw']); // trim leading & trailing spaces.
 	$new_pass     = trim($_POST['new_pw1']);
@@ -1304,10 +1313,8 @@ function Change_Password_response(){ //*****************************************
 		$page = "admin"; //Return to Admin page if change successful.
 	}
 
-
 	//Update OneFileCMS with new $HASHWORD *****************************
 	
-	$Updated_ONESCRIPT = $DOC_ROOT.$ONESCRIPT;
 	$ONESCRIPT_contents = file_get_contents($DOC_ROOT.$ONESCRIPT);
 	//Convert any CR+NL to only newline.
 	$ONESCRIPT_contents = str_replace("\r\n", "\n", $ONESCRIPT_contents);
@@ -1317,17 +1324,9 @@ function Change_Password_response(){ //*****************************************
 	$replace_with = '$HASHWORD = "'.$HASHWORD.'";';
 	$ONESCRIPT_lines = Search_Replace_Line($ONESCRIPT_lines, $search_for, $replace_with);
 	
-	$search_for   = '$USE_HASH '; //include space after $USE_HASH
-	$replace_with = '$USE_HASH = 1; // 1 = use $HASHWORD, 0 = use $PASSWORD.'; 
-	$ONESCRIPT_lines = Search_Replace_Line($ONESCRIPT_lines, $search_for, $replace_with);
-
-	$search_for   = '$PASSWORD '; //include space after $HASHWORD
-	$replace_with = '$PASSWORD = \'\';';
-	$ONESCRIPT_lines = Search_Replace_Line($ONESCRIPT_lines, $search_for, $replace_with);
-
 	$ONESCRIPT_contents = implode("\n", $ONESCRIPT_lines);
-	file_put_contents($Updated_ONESCRIPT,implode("\n", $ONESCRIPT_lines));
-
+	copy($DOC_ROOT.$ONESCRIPT, $DOC_ROOT.$ONESCRIPT.'.BACKUP.PHP');
+	file_put_contents($DOC_ROOT.$ONESCRIPT,$ONESCRIPT_contents);
 }//end Change_Password_response() //********************************************
 
 
@@ -1367,8 +1366,7 @@ function Login_Page() { //******************************************************
 
 
 function Login_response() { //**************************************************
-	global $_, $EX, $message, $page, $LOGIN_ATTEMPTS, $MAX_ATTEMPTS, $LOGIN_DELAY, 
-		   $USERNAME, $PASSWORD, $USE_HASH, $HASHWORD;
+	global $_, $EX, $message, $page, $LOGIN_ATTEMPTS, $MAX_ATTEMPTS, $LOGIN_DELAY, $USERNAME, $HASHWORD;
 
 	$_SESSION = array();    //make sure it's empty
 	$_SESSION['valid'] = 0; //Default to failed login.
@@ -1394,8 +1392,7 @@ function Login_response() { //**************************************************
 	$_POST['username'] = trim($_POST['username']);
 
 	//Validate password
-	if ($USE_HASH) { $VALID_PASSWORD = (hashit($_POST['password']) == $HASHWORD); }
-	else           { $VALID_PASSWORD = (       $_POST['password']  == $PASSWORD); }
+	$VALID_PASSWORD = (hashit($_POST['password']) == $HASHWORD);
 
 	//validate login.  
 	if ( ($_POST['password'] == "") || ($_POST['username'] == "") )  {
@@ -2060,6 +2057,7 @@ function Page_Title(){ //***<title>Page_Title()</title>*************************
 	elseif ($page == "admin")        { return hsc($_['page_title_admin']);     }
 	elseif ($page == "hash")         { return hsc($_['page_title_hash']);      }
 	elseif ($page == "changepw")     { return hsc($_['page_title_change_pw']); }
+
 	elseif ($page == "edit")         { return hsc($_['page_title_edit']);      }
 	elseif ($page == "upload")       { return hsc($_['page_title_upload']);    }
 	elseif ($page == "newfile")      { return hsc($_['page_title_new_file']);  }
@@ -2083,6 +2081,7 @@ function Load_Selected_Page(){ //***********************************************
 	elseif ($page == "admin")        { Admin_Page();          }
 	elseif ($page == "hash")         { Hash_Page();           }
 	elseif ($page == "changepw")     { Change_Password_Page();}
+
 	elseif ($page == "edit")         { Edit_Page();           }
 	elseif ($page == "upload")       { Upload_Page();         }
 	elseif ($page == "newfile")      { New_File_Page();       }
@@ -2105,6 +2104,7 @@ function Respond_to_POST() {//**************************************************
 		if     (isset($_FILES['upload_file']['name'])) { Upload_response();  }
 		elseif (isset($_POST["whattohash"]   )) { Hash_response();           }
 		elseif (isset($_POST["new_pw1"]      )) { Change_Password_response();}
+
 		elseif (isset($_POST["filename"]     )) { Edit_response();           }
 		elseif (isset($_POST["new_file"]     )) { New_File_response();       }
 		elseif (isset($_POST["copy_file"]    )) { Copy_Ren_Move_response($_POST[ "old_name"], $_POST["copy_file"], 'copy', hsc($_['Copy']), hsc($_['Copied']), 1); } 
@@ -2824,6 +2824,11 @@ function Language_and_config_adjusted_styles() {//******************************
 if ( ($page == "login") || ($page == "admin") || ($page == "hash") || ($page == "changepw") ){
 	$Show_header_and_Admin = false;
 }
+
+//Finish up/prepare to send page contents.
+$early_output = ob_get_clean(); // Should be blank unless trouble-shooting.
+header('Content-type: text/html; charset=UTF-8');
+
 //end logic to determine page action *******************************************
 
 
@@ -2831,11 +2836,6 @@ function Language_and_config_adjusted_styles() {//******************************
 
 //******************************************************************************
 //******************************************************************************
-//Get any early output. Should be blank unless trouble-shooting.
-$early_output = ob_get_clean(); 
-
-header('Content-type: text/html; charset=UTF-8');
-
 //Output page contents
 ?><!DOCTYPE html>
 

From 8cff3399dd4edd7b28ab73206d91c7a27c198a58 Mon Sep 17 00:00:00 2001
From: Self-Evident <selfevidenttruths@mail.com>
Date: Sat, 11 Aug 2012 14:00:00 -0400
Subject: [PATCH 131/228] Version 3.3.14 Added "changeun" to list of
 $valid_pages[]. Added link on Admin page to Change Username.
 Change_Password_Page()     is now Change_PWUN_Page().  (PWUN:
 PassWordUserName) Change_Password_response() is now Change_PWUN_response().
 Updated Page_Title(), Load_Selected_Page(), Respond_to_POST() for a change
 username option. Updated $Show_header_and_Admin check to check for change
 username. External language, readme, and structure files NOT updated.

---
 onefilecms.php | 210 ++++++++++++++++++++++++++-----------------------
 1 file changed, 111 insertions(+), 99 deletions(-)

diff --git a/onefilecms.php b/onefilecms.php
index 5694e50..822b702 100755
--- a/onefilecms.php
+++ b/onefilecms.php
@@ -1,7 +1,7 @@
 <?php
 // OneFileCMS - github.com/Self-Evident/OneFileCMS
 
-$OFCMS_version = '3.3.13';
+$OFCMS_version = '3.3.14';
 
 /*******************************************************************************
 Copyright © 2009-2012 https://github.com/rocktronica
@@ -49,7 +49,7 @@
 // CONFIGURABLE INFO ***********************************************************
 $config_title = "OneFileCMS";
 
-$USERNAME = 'username';
+$USERNAME = "username";
 $HASHWORD = "a6ca7f88bd5efc706d38047cc5844d2b11f86242c01e0c89a1c656dbe2dd1866"; //"password"
 $SALT     = 'somerandomsalt';
 
@@ -58,8 +58,8 @@
 
 $MAX_ATTEMPTS  = 3;   //Max failed login attempts before LOGIN_DELAY starts.
 $LOGIN_DELAY   = 10;  //In seconds.
-$MAX_IDLE_TIME = 600; //In seconds. 600 = 10 minutes.  Other PHP settings may limit its max effective value.
-					  //  For instance, 24 minutes is the PHP default for garbage collection.
+$MAX_IDLE_TIME = 60000; //In seconds. 600 = 10 minutes.  Other PHP settings may limit its max effective value.
+						//  For instance, 24 minutes is the PHP default for garbage collection.
 $MAIN_WIDTH    = '810px'; //Width of main <div> defining page layout.
 $WIDE_VIEW_WIDTH = '97%'; //Width to set Edit page if [Wide View] is clicked
 
@@ -125,7 +125,7 @@
 $WEBSITE   = $_SERVER["HTTP_HOST"].'/';
 $LOGIN_ATTEMPTS = $DOC_ROOT.trim($_SERVER["SCRIPT_NAME"],'/').'.invalid_login_attempts';
 
-$valid_pages = array("login","logout","admin","hash","changepw","index","edit","upload","uploaded","newfile","copy","rename","delete","newfolder","renamefolder","deletefolder" );
+$valid_pages = array("login","logout","admin","hash","changepw","changeun","index","edit","upload","uploaded","newfile","copy","rename","delete","newfolder","renamefolder","deletefolder" );
 
 $INVALID_CHARS = '< > ? * : " | / \\'; //Illegal characters for file/folder names.
 $INVALID_CHARS_array = explode(' ', $INVALID_CHARS); // (Space deliminated)
@@ -153,7 +153,7 @@ function hte($input) { return htmlentities($input, ENT_QUOTES, 'UTF-8'); }//end
 
 function Default_Language() { // ***********************************************
 	global $_;
-// OneFileCMS Language Settings v3.3.13  //*** A few values are no longer used and are commented out. ***
+// OneFileCMS Language Settings v3.3.14  //*** A few values are no longer used and are commented out. ***
 
 $_['LANGUAGE'] = 'English (default)';
 
@@ -203,6 +203,8 @@ function Default_Language() { // ***********************************************
 $_['File']   = 'File';
 $_['Folder'] = 'Folder';
 $_['Submit'] = 'Submit Request';
+$_['Username'] = 'Username';
+$_['Password'] = 'Password';
 
 $_['Log_In']  = 'Log In';
 $_['Log_Out'] = 'Log Out';
@@ -387,7 +389,7 @@ function Default_Language() { // ***********************************************
 $_['page_title_admin']      = 'Administration Options';
 $_['page_title_hash']       = 'Generate a Password Hash';
 $_['page_title_change_pw']  = 'Change Password';
-
+$_['page_title_change_un']  = 'Change Username';
 $_['page_title_edit']       = 'Edit / View File';
 $_['page_title_upload']     = 'Upload File';
 $_['page_title_new_file']   = 'New File';
@@ -427,9 +429,20 @@ function Default_Language() { // ***********************************************
 //$_['admin_txt_08'] = '2) Or, use $HASHWORD to store the hash of your password, and set $USE_HASH = 1.';
 //$_['admin_txt_10'] = '($PASSWORD, $USE_HASH, and $HASHWORD, are variables in the configuration section of the OneFileCMS source file.)';
 //$_['admin_txt_12'] = 'Option 2 is recommended, and is method used by the [Change Password] page. However, keep in mind that, due to a number of considerations, this is largely an academic excersize. That is, take the idea that it adds much of an improvement to security with a grain of cryptographic salt. Never-the-less, it does eliminate the storage of your password in plain text, which is generally considered to be a good thing.';
-$_['admin_txt_12'] = 'However, keep in mind that this is largely academic due to a number of considerations. That is, take the idea that it adds much of an improvement to security, for this application, with a grain of cryptographic salt. Never-the-less, it does eliminate the storage of your password in plain text (if that option was used was used), which is generally considered to be a good thing.';
+$_['admin_txt_12'] = 'However, keep in mind that, due to a number of considerations, this change was largely an academic exersize. That is, in this application, take the idea that it adds much of an improvement to security with a grain of cryptographic salt. Never-the-less, it does eliminate the storage of your password in plain text (if that option was used), which is generally considered to be a good thing.';
 $_['admin_txt_14'] = 'For another small improvement to security, change the default salt and/or method used by OneFileCMS to hash the password (and keep them secret, of course). Every little bit helps...';
 $_['admin_txt_16'] = 'Also, you can still use OneFileCMS to edit itself. However, be sure to have a backup ready for the inevitable ytpo...';
+
+$_['un_change']  = 'Change Username';
+$_['un_new']     = 'New Username';
+$_['un_confirm'] = 'Confirm New Username';
+
+$_['change_un_01'] = 'Username NOT changed:';
+
+$_['change_un_04'] = '"New" and "Confirm New" usernames do not match.';
+$_['change_un_05'] = 'No new or confirm usernames entered.';
+$_['change_un_06'] = 'Username must contain at least one non-space character.';
+$_['change_un_07'] = 'Username changed!';
 }//end Default_Language() ******************************************************
 
 
@@ -1131,8 +1144,8 @@ function Admin_Page() { //******************************************************
 	<input type="button" class="button" id="changepw" value="<?php echo hsc($_['pw_change']) ?>"
 		onclick="parent.location = '<?php echo $ONESCRIPT.$param1.'&amp;p=changepw' ?>'">
 
-
-
+	<input type="button" class="button" id="changeun" value="<?php echo hsc($_['un_change']) ?>"
+		onclick="parent.location = '<?php echo $ONESCRIPT.$param1.'&amp;p=changeun' ?>'">
 
 	<input type="button" class="button" id="editOFCMS" value="<?php echo hsc($_['Edit'].' '.$config_title) ?>"
 		onclick="parent.location = '<?php echo $ONESCRIPT.$edit_params ?>'">
@@ -1178,7 +1191,7 @@ function Hash_Page() { //******************************************************
 			<?php echo hsc($_['hash_txt_10']) ?><br>
 		<li><?php echo hsc($_['hash_txt_12']) ?>
 	</ol>
-
+	
 	<?php echo $PWUN_RULES ?>
 	</div>
 <?php 
@@ -1201,28 +1214,41 @@ function Hash_response() { //***************************************************
 
 
 
-function Change_Password_Page() { //********************************************
-	global $_, $DOC_ROOT, $ONESCRIPT, $param1, $message, $INPUT_NUONCE, $config_title, $PWUN_RULES;
-	$params = '?i='.dirname($ONESCRIPT).'&amp;f='.basename($ONESCRIPT).'&amp;p=edit';
-	if (!isset($_POST['whattohash'])) { $_POST['whattohash'] = ''; }
+function Change_PWUN_Page($config_key) { //*************************************
+	// $config_key must= "pw" or "un"
+	global $_, $EX, $DOC_ROOT, $ONESCRIPT, $param1, $message, $INPUT_NUONCE, $config_title, $PWUN_RULES;
+	
+	if ($config_key == "pw") {
+		$type = "password";
+		$page_title    = hsc($_['page_title_change_pw']);
+		$label_new     = hsc($_['pw_new']);
+		$label_confirm = hsc($_['pw_confirm']);
+	}elseif ($config_key == "un"){
+		$type = "text";
+		$page_title    = hsc($_['page_title_change_un']);
+		$label_new     = hsc($_['un_new']);
+		$label_confirm = hsc($_['un_confirm']);
+	}
 ?>
 	<style></style>
 
-	<h2><?php echo hsc($_['pw_change']) ?></h2>
+	<h2><?php echo $page_title ?></h2>
 	
-	<form id="hash" name="hash" method="post" action="<?php echo $ONESCRIPT.$param1.'&amp;p=changepw'; ?>">
+	<form id="change" name="<?php echo $config_key ?>" method="post" action="<?php echo $ONESCRIPT.$param1.'&amp;p=changepw'; ?>">
+		<input type="hidden" name="<?php echo $config_key ?>" value="">
+		
 		<?php echo $INPUT_NUONCE; ?>
 		
 		<?php echo hsc($_['pw_current']) ?><br>
 		<input type="password" name="current_pw" id="current_pw" value="">
 		
-		<?php echo hsc($_['pw_new']) ?><br>
-		<input type="password" name="new_pw1"    id="new_pw1"    value="">
+		<?php echo $label_new ?><br>
+		<input type="<?php echo $type ?>" name="new1" id="new1" value="">
 		
-		<?php echo hsc($_['pw_confirm']) ?><br>
-		<input type="password" name="new_pw2"    id="new_pw2"    value="">
+		<?php echo $label_confirm ?><br>
+		<input type="<?php echo $type ?>" name="new2" id="new2" value="">
 		
-		<?php Cancel_Submit_Buttons(hsc($_['pw_change']), 'current_pw') ?>
+		<?php Cancel_Submit_Buttons(hsc($_['Submit']), 'current_pw') ?>
 	</form>
 
 	<div class="info">
@@ -1231,103 +1257,89 @@ function Change_Password_Page() { //********************************************
 	<p><?php echo hsc($_['pw_txt_10']) ?>
 	</div>
 <?php 
-} //end Change_Password_Page() *************************************************
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
+} //end Change_PWUN_Page() *****************************************************
 
 
 
 
+function Update_config($search_for, $replace_with) {//********************
+	global  $DOC_ROOT, $ONESCRIPT, $HASHWORD;
 
+	$ONESCRIPT_contents = file_get_contents($DOC_ROOT.$ONESCRIPT);
+	//Convert any CR+NL to only newline.
+	$ONESCRIPT_contents = str_replace("\r\n", "\n", $ONESCRIPT_contents);
+	$ONESCRIPT_lines = explode("\n", "".$ONESCRIPT_contents);
 
-function Search_Replace_Line($haystack, $needle, $replace){ //******************
-	//Search start of each $line in (array)$haystack for (string)$needle.
-	//If match found, replace $line with $replace, end search.
-	//Return updated $haystack.
-	$search_len = strlen($needle);
-	foreach ($haystack as $key => $line) {
-		if ( substr($line,0,$search_len) == $needle ) {
-			$haystack[$key] = $replace;
-			break 1; //only replace first occurrance of $needle
+	//Search start of each $line in (array)$ONESCRIPT_lines for (string)$search_for.
+	//If match found, replace $line with $replace_with, end search.
+	$search_len = strlen($search_for);
+	foreach ($ONESCRIPT_lines as $key => $line) {
+		if ( substr($line,0,$search_len) == $search_for ) {
+			$ONESCRIPT_lines[$key] = $replace_with;
+			break 1; //only replace first occurrance of $search_for
 		}
 	}
-	return $haystack;
-}//end Search_Replace_Line() //*************************************************
 
+	$updated_contents = implode("\n", $ONESCRIPT_lines);
+	file_put_contents($DOC_ROOT.$ONESCRIPT, $updated_contents);
+}//end Update_config() *********************************************************
 
 
 
-function Change_Password_response(){ //*****************************************
-	//Update $PASSWORD, $HASHWORD & $USE_HASH in $ONESCRIPT
+
+function Change_PWUN_response($PWUN){ //****************************************
+	//Update $HASHWORD $ONESCRIPT
 	global $_, $HASHWORD, $DOC_ROOT, $ONESCRIPT, $EX, $message, $page;
 
-	$current_pass = trim($_POST['current_pw']); // trim leading & trailing spaces.
-	$new_pass     = trim($_POST['new_pw1']);
-	$confirm_pass = trim($_POST['new_pw2']);
+	if     ($PWUN == "pw") { $error1  = hsc($_['change_pw_01']); }
+	elseif ($PWUN == "un") { $error1  = hsc($_['change_un_01']); }
+	else                   { $message .= 'Invalid parameter for Change_PWUN_response()'; return; }
+
+	// trim leading & trailing white-space from input values
+	$current_pass = trim($_POST['current_pw']);
+	$new_pwun     = trim($_POST['new1']);
+	$confirm_pwun = trim($_POST['new2']);
 
-	//If NO p/w's entered, do nothing.
-	if ( ($current_pass == "") && ($new_pass == "") && ($confirm_pass == "") ) {
+	//If nothing entered, do nothing.
+	if ( ($current_pass == "") && ($new_pwun == "") && ($confirm_pwun == "") ) {
 		$page = "changepw";
-		return;
 		
-	//If NO NEW p/w's entered, , display $message to that effect.
-	}elseif ( ($new_pass == "") && ($confirm_pass == "") ) {
-		$message .= $EX.'<b>'.hsc($_['change_pw_01']).' </b>'.hsc($_['change_pw_06']).'<br>';
+	//If no new & confirm values entered, display $message to that effect.
+	}elseif ( ($new_pwun == "") && ($confirm_pwun == "") ) {
+		$message .= $EX.'<b>'.$error1.' </b>'.hsc($_['pw_txt_02']).'<br>';
 		$page = 'changepw';
-		return;
 		
-	//If New & Confirm p/w's don't match, display $message to that effect.
-	}elseif ($new_pass != $confirm_pass) {
-		$message .= $EX.'<b>'.hsc($_['change_pw_01']).' </b>'.hsc($_['change_pw_04']).'<br>';
+	//If new & Confirm values don't match, display $message to that effect.
+	}elseif ($new_pwun != $confirm_pwun) {
+		$message .= $EX.'<b>'.$error1.' </b>'.hsc($_['change_pw_04']).'<br>';
 		$page = 'changepw'; 
-		return;
 		
-	//If New == Confirm, but incorrect current p/w, logout.
+	//If incorrect current p/w, logout.  (new == confirm at this point)
 	}elseif (hashit($current_pass) != $HASHWORD) {
-		$message .= $EX.'<b>'.hsc($_['change_pw_01']).'</b><br>';
-		$message .= hsc($_['change_pw_02']).'<br>';
+		$message .= $EX.'<b>'.$error1.'</b><br>'.hsc($_['change_pw_02']).'<br>';
 		Logout();
-		return;
 		
-	//Else change password (HASHWORD, actually)
-	} else {
-		$HASHWORD = hashit($new_pass);
+	//If changing password ($HASHWORD, actually)
+	}elseif ($PWUN == "pw") {
+		$HASHWORD = hashit($new_pwun);	
+		$search_for   = '$HASHWORD '; //include space after $HASHWORD
+		$replace_with = '$HASHWORD = "'.$HASHWORD.'";';
+		Update_config($search_for, $replace_with);
+		
 		$message .= $EX.'<b>'.hsc($_['change_pw_07']).'</b>';
-		$page = "admin"; //Return to Admin page if change successful.
-	}
-
-	//Update OneFileCMS with new $HASHWORD *****************************
-	
-	$ONESCRIPT_contents = file_get_contents($DOC_ROOT.$ONESCRIPT);
-	//Convert any CR+NL to only newline.
-	$ONESCRIPT_contents = str_replace("\r\n", "\n", $ONESCRIPT_contents);
-	$ONESCRIPT_lines = explode("\n", "".$ONESCRIPT_contents);
+		$page = "admin"; //Return to Admin page.
+		
+	//Else change username...
+	}else{
+		$USERNAME = $new_pwun;
+		$search_for   = '$USERNAME '; //include space after $HASHWORD
+		$replace_with = '$USERNAME = "'.$USERNAME.'";';
+		Update_config($search_for, $replace_with);
 
-	$search_for   = '$HASHWORD '; //include space after $HASHWORD
-	$replace_with = '$HASHWORD = "'.$HASHWORD.'";';
-	$ONESCRIPT_lines = Search_Replace_Line($ONESCRIPT_lines, $search_for, $replace_with);
-	
-	$ONESCRIPT_contents = implode("\n", $ONESCRIPT_lines);
-	copy($DOC_ROOT.$ONESCRIPT, $DOC_ROOT.$ONESCRIPT.'.BACKUP.PHP');
-	file_put_contents($DOC_ROOT.$ONESCRIPT,$ONESCRIPT_contents);
-}//end Change_Password_response() //********************************************
+		$message .= $EX.'<b>'.hsc($_['change_un_07']).'</b>';
+		$page = "admin"; //Return to Admin page.
+	}
+}//end Change_PWUN_response() //************************************************
 
 
 
@@ -2057,7 +2069,7 @@ function Page_Title(){ //***<title>Page_Title()</title>*************************
 	elseif ($page == "admin")        { return hsc($_['page_title_admin']);     }
 	elseif ($page == "hash")         { return hsc($_['page_title_hash']);      }
 	elseif ($page == "changepw")     { return hsc($_['page_title_change_pw']); }
-
+	elseif ($page == "changeun")     { return hsc($_['page_title_change_un']); }
 	elseif ($page == "edit")         { return hsc($_['page_title_edit']);      }
 	elseif ($page == "upload")       { return hsc($_['page_title_upload']);    }
 	elseif ($page == "newfile")      { return hsc($_['page_title_new_file']);  }
@@ -2080,8 +2092,8 @@ function Load_Selected_Page(){ //***********************************************
 	elseif ($page == "index")        { Index_Page();          }
 	elseif ($page == "admin")        { Admin_Page();          }
 	elseif ($page == "hash")         { Hash_Page();           }
-	elseif ($page == "changepw")     { Change_Password_Page();}
-
+	elseif ($page == "changepw")     { Change_PWUN_Page('pw');}
+	elseif ($page == "changeun")     { Change_PWUN_Page('un');}
 	elseif ($page == "edit")         { Edit_Page();           }
 	elseif ($page == "upload")       { Upload_Page();         }
 	elseif ($page == "newfile")      { New_File_Page();       }
@@ -2103,8 +2115,8 @@ function Respond_to_POST() {//**************************************************
 	if ($VALID_POST) { 
 		if     (isset($_FILES['upload_file']['name'])) { Upload_response();  }
 		elseif (isset($_POST["whattohash"]   )) { Hash_response();           }
-		elseif (isset($_POST["new_pw1"]      )) { Change_Password_response();}
-
+		elseif (isset($_POST["pw"]           )) { Change_PWUN_response('pw');}
+		elseif (isset($_POST["un"]           )) { Change_PWUN_response('un');}
 		elseif (isset($_POST["filename"]     )) { Edit_response();           }
 		elseif (isset($_POST["new_file"]     )) { New_File_response();       }
 		elseif (isset($_POST["copy_file"]    )) { Copy_Ren_Move_response($_POST[ "old_name"], $_POST["copy_file"], 'copy', hsc($_['Copy']), hsc($_['Copied']), 1); } 
@@ -2821,7 +2833,7 @@ function Language_and_config_adjusted_styles() {//******************************
 
 //Don't show path header or admin link on some pages.
 $Show_header_and_Admin = true;
-if ( ($page == "login") || ($page == "admin") || ($page == "hash") || ($page == "changepw") ){
+if ( ($page == "login") || ($page == "admin") || ($page == "hash") || ($page == "changepw") || ($page == "changeun") ){
 	$Show_header_and_Admin = false;
 }
 

From d31c4a42ddd68db0e93fd47b32a9dbc0f8e0503d Mon Sep 17 00:00:00 2001
From: Self-Evident <selfevidenttruths@mail.com>
Date: Mon, 13 Aug 2012 01:00:00 -0400
Subject: [PATCH 132/228] Version 3.3.15 Created system variables:
 $ONESCRIPT_url_backup, $ONESCRIPT_file, $ONESCRIPT_file_backup Added:
 $_['admin_txt_00'], $_['admin_txt_01'] Changed wording in $_['admin_txt_12']
 Removed unset of $_SESSION['admin_ipath'] at end of Update_Recent_Pages(). In
 Get_GET(), strtolower($page)  is now just $page. Cancel_Submit_Buttons():
 improved setting of $params. Update_config(): Backup OneFile before p/w or
 u/n update. Admin_Page(): Added check for the backup file from a p/w or u/n
 change. Hash_Page(): minor cleanup. Change_PWUN_response(): Removed three
 $page = "changepw" lines - it's default. Edit_Page_buttons(): Don't show
 [Rename] or [Delete] if $Editing_OFCMS. Edit_Page_buttons(): Tweaked some
 spaces Delete_File_response(): If came from admin (del'd .BACKUP.php), return
 there. Moved Update_Recent_Pages() ahead of checks on $page conditions.
 Removed superfluous check in $page conditions checks. Created $Editing_OFCMS:
 Used to disable some options if editing OneFileCMS itself. Session_Startup():
 set $path = "", blank, in session_set_cookie_params(). Added/tweaked some
 css.

---
 OneFileCMS.LANG.DE.php   | 105 ++++++------
 OneFileCMS.LANG.EN.php   | 101 ++++++------
 OneFileCMS.LANG.ES.php   | 109 ++++++------
 OneFileCMS_structure.txt |  12 +-
 onefilecms.php           | 346 ++++++++++++++++++++++-----------------
 readme.markdown          |  32 ++--
 6 files changed, 388 insertions(+), 317 deletions(-)

diff --git a/OneFileCMS.LANG.DE.php b/OneFileCMS.LANG.DE.php
index 8ea6082..e4d1d0a 100755
--- a/OneFileCMS.LANG.DE.php
+++ b/OneFileCMS.LANG.DE.php
@@ -1,8 +1,8 @@
 <?php
-// OneFileCMS Language Settings v3.3.12
+// OneFileCMS Language Settings v3.3.15
 
-$_['LANGUAGE'] = 'Deutsch'; //***** There are several new values without translations. (in English) *****
-                            //***** Also, some values are no longer used and are commented out. *********
+$_['LANGUAGE'] = 'Deutsch'; //*** There are several new or changed values without translations and are in English ***
+                            //*** Also, some values are no longer used and are commented out.                     ***
 //Übersetzungen:
 //==============
 //Move=Verschieben ;Directory or Folder=Ordner ;Create=erstellen ;Log In=anmelden
@@ -48,6 +48,9 @@
 $_['DELETE'] = 'LÖSCHEN';
 $_['File']   = 'Datei';
 $_['Folder'] = 'Ordner';
+$_['Submit'] = 'Submit Request'; //new
+$_['Username'] = 'Username';     //new
+$_['Password'] = 'Password';     //new
 
 $_['Log_In']  = 'Anmelden';
 $_['Log_Out'] = 'Abmelden';
@@ -77,8 +80,8 @@
 
 $_['show_img_msg_01'] = 'Die Bilddarstellung entspricht ~';
 $_['show_img_msg_02'] = '% der wahren Größe (W x H = ';
-// 'hash_txt_01' has changed - need translation. ***************************************************
-$_['hash_txt_01'] = 'The hashes generated by this page may be used to manually update $HASHWORD in OneFileCMS, or in an external config file.  In either case, make sure you remember the password used to generate the hash!';
+
+$_['hash_txt_01'] = 'The hashes generated by this page may be used to manually update $HASHWORD in OneFileCMS, or in an external config file.  In either case, make sure you remember the password used to generate the hash!'; //changed
 //$_['hash_txt_02'] = '1) Verwenden Sie die Konfigurationsvariable $PASSWORD, um Ihr gewünschtes Passwort zu speichern. In diesem Fall sollte $USE_HASH auf 0 gesetzt werden.';
 //$_['hash_txt_03'] = '2) Oder Sie verwenden die Konfigurationsvariable $HASHWORD, um den Streuwert Ihres Passwortes zu speichern. Setzen Sie $USE_HASH in diesem Fall auf 1.';
 //$_['hash_txt_04'] = 'Bitte denken Sie daran, dass es sich hierbei großteils um eine akademische übung handelt. Die Verwendung eines Streuwerts trägt viel zur Sicherheit bei und erlaubt Ihnen, das Passwort nicht in Klarschrift speichern zu müssen.';
@@ -88,38 +91,14 @@
 $_['hash_txt_08'] = 'Kopieren Sie den neuen Streuwert und fügen Sie ihn in den Konfigurationsbereich als Wert der Variable $HASHWORD ein.';
 $_['hash_txt_09'] = 'Stellen Sie sicher, dass Sie den GESAMTEN Streuwert -- und nur diesen (keine führenden oder nachgestellten Leerzeichen, etc.) -- kopiert haben.';
 $_['hash_txt_10'] = 'Ein Doppelklick sollte den Streuwert auswählen...';
-$_['hash_txt_11'] = 'Stellen Sie sicher, dass $USE_HASH auf 1 oder true gesetzt wurde.';
+//$_['hash_txt_11'] = 'Stellen Sie sicher, dass $USE_HASH auf 1 oder true gesetzt wurde.';
 $_['hash_txt_12'] = 'Wenn die Werte eingetragen wurden, melden Sie sich ab und wieder an.';
 //$_['hash_txt_13'] = 'Sie können auch OneFileCMS selbst bearbeiten.  Legen Sie aber sicherheitshalber eine Kopie an, falls es zu einem unerwünschten Schreibfehler kommt...';
 //$_['hash_txt_14'] = 'Eine weitere, kleine Sicherheitsvorkehrung wäre, das Salz oder die Methode für die Streuwertgenerierung von OneFileCMS zu ändern.';
 
-$_['hash_msg_01'] = 'Passwort: ';
-$_['hash_msg_02'] = 'Streuwert: ';
-// New text - need translation *********************************************************************
-$_['pw_change']  = 'Change Password';
-$_['pw_current'] = 'Current Password';
-$_['pw_new']     = 'New Password';
-$_['pw_confirm'] = 'Confirm New Password';
-
-$_['pw_txt_01']  = 'Password rules:';
-$_['pw_txt_02']  = 'They must contain at least one non-space character.';
-$_['pw_txt_03']  = 'They may contain spaces in the middle. Ex: "This is a password!"';
-$_['pw_txt_04']  = 'Leading and trailing spaces are removed.';
-$_['pw_txt_05']  = 'Pressing [Change Password] will update the following config values as indicated:';
-$_['pw_txt_06']  = 'Update $HASHWORD with the hash of your new password.';
-$_['pw_txt_07']  = 'Set $USE_HASH = 1';
-$_['pw_txt_08']  = 'Set $PASSWORD = "" (empty)';
-$_['pw_txt_09']  = 'Only the active copy of OneFileCMS is updated- no external configuration files are changed:';
-$_['pw_txt_10']  = 'If an incorrect current password is entered, you will be logged out, but you may log back in.';
-
-$_['change_pw_01'] = 'Password NOT changed:';
-$_['change_pw_02'] = 'Incorrect current password. Login to try again.';
-$_['change_pw_03'] = 'Login to try again.';
-$_['change_pw_04'] = '"New" and "Confirm New" passwords do not match.';
-$_['change_pw_05'] = 'No new or confirm passwords entered.';
-$_['change_pw_06'] = 'Passwords must contain at least one non-space character.';
-$_['change_pw_07'] = 'Password changed!';
-//**************************************************************************************************
+$_['hash_msg_01'] = 'Passwort:';
+$_['hash_msg_02'] = 'Streuwert:';
+
 $_['login_txt_01'] = 'Benutzername:';
 $_['login_txt_02'] = 'Passwort:';
 
@@ -228,9 +207,10 @@
 $_['delete_folder_msg_03'] = 'während des Löschvorgangs trat ein Fehler auf.';
 
 $_['page_title_login']      = 'Anmelden';
-$_['page_title_admin']      = 'Administration Options'; // Need translation ************************
+$_['page_title_admin']      = 'Administration Options'; //new
 $_['page_title_hash']       = 'Streuwertgenerierung für das Passwort';
-$_['page_title_change_pw']  = 'Change Password';        // Need translation ************************
+$_['page_title_change_pw']  = 'Change Password'; //new
+$_['page_title_change_un']  = 'Change Username'; //new
 $_['page_title_edit']       = 'Datei bearbeiten/betrachten';
 $_['page_title_upload']     = 'Datei heraufladen';
 $_['page_title_new_file']   = 'Neue Datei';
@@ -256,19 +236,48 @@
 $_['edit_caution_02']  = ' Sie bearbeiten gerade die aktive Version von OneFileCMS - Sichern Sie den Code und seien Sie vorsichtig !!';
 
 $_['time_out_txt'] = 'Automatischer Sitzungsstopp in:';
-
-$_['error_reporting_01'] = 'Display errors is';
-$_['error_reporting_02'] = 'Log errors is';
-$_['error_reporting_03'] = 'Error reporting is set to';
-$_['error_reporting_04'] = 'Showing error types';
-$_['error_reporting_05'] = 'Unexpected early output';
-$_['error_reporting_06'] = '(nothing, not even white-space, should have been output yet)';
 //******************************************* Need Translations ************************************
-$_['admin_txt_02'] = 'General Information';
-$_['admin_txt_04'] = 'OneFileCMS can manage your password in two ways:';
-$_['admin_txt_06'] = '1) Use $PASSWORD to store your desired password, in plain text, and set $USE_HASH = 0 (zero).';
-$_['admin_txt_08'] = '2) Oder Sie verwenden die Konfigurationsvariable $HASHWORD, um den Streuwert Ihres Passwortes zu speichern. Setzen Sie $USE_HASH in diesem Fall auf 1.';
-$_['admin_txt_10'] = '($PASSWORD, $USE_HASH, and $HASHWORD, are variables in the configuration section of the OneFileCMS source file.)';
-$_['admin_txt_12'] = 'Option 2 is recommended, and is method used by the [Change Password] page. However, keep in mind that, due to a number of considerations, this is largely an academic excersize. That is, take the idea that it adds much of an improvement to security with a grain of cryptographic salt. Never-the-less, it does eliminate the storage of your password in plain text, which is generally considered to be a good thing.';
+$_['error_reporting_01'] = 'Display errors is';         //new
+$_['error_reporting_02'] = 'Log errors is';             //new
+$_['error_reporting_03'] = 'Error reporting is set to'; //new
+$_['error_reporting_04'] = 'Showing error types';       //new
+$_['error_reporting_05'] = 'Unexpected early output';   //new
+$_['error_reporting_06'] = '(nothing, not even white-space, should have been output yet)'; //new
+
+$_['admin_txt_00'] = 'Old Backup Found'; //new
+$_['admin_txt_01'] = 'This file was created in case of an error during a username or password change. Therefore, it may contain old information and should be deleted if not needed.  In any case, it will automatically be overwritten on the next password or username change.'; //new
+$_['admin_txt_02'] = 'General Information'; //new
+$_['admin_txt_04'] = 'As of version 3.3.13, OneFileCMS no longer maintains a plain text password option, and only stores a password hash, as most login systems do.'; //new
+//$_['admin_txt_04'] = 'OneFileCMS can manage your password in two ways:';
+//$_['admin_txt_06'] = '1) Use $PASSWORD to store your desired password, in plain text, and set $USE_HASH = 0 (zero).';
+//$_['admin_txt_08'] = '2) Oder Sie verwenden die Konfigurationsvariable $HASHWORD, um den Streuwert Ihres Passwortes zu speichern. Setzen Sie $USE_HASH in diesem Fall auf 1.';
+//$_['admin_txt_10'] = '($PASSWORD, $USE_HASH, and $HASHWORD, are variables in the configuration section of the OneFileCMS source file.)';
+//$_['admin_txt_12'] = 'Option 2 is recommended, and is method used by the [Change Password] page. However, keep in mind that, due to a number of considerations, this is largely an academic excersize. That is, take the idea that it adds much of an improvement to security with a grain of cryptographic salt. Never-the-less, it does eliminate the storage of your password in plain text, which is generally considered to be a good thing.';
+$_['admin_txt_12'] = 'However, due to a number of considerations, this change was largely an academic exersize. That is, in this application, take the idea that it adds much of an improvement to security with a grain of cryptographic salt. Never-the-less, it does eliminate the storage of your password in plain text (if that option was used), which is generally considered to be a good thing.'; //changed
 $_['admin_txt_14'] = 'Eine weitere, kleine Sicherheitsvorkehrung wäre, das Salz oder die Methode für die Streuwertgenerierung von OneFileCMS zu ändern.';
 $_['admin_txt_16'] = 'Sie können auch OneFileCMS selbst bearbeiten.  Legen Sie aber sicherheitshalber eine Kopie an, falls es zu einem unerwünschten Schreibfehler kommt...';
+
+$_['pw_change']  = 'Change Password';     //new
+$_['pw_current'] = 'Current Password';    //new
+$_['pw_new']     = 'New Password';        //new
+$_['pw_confirm'] = 'Confirm New Password';//new
+
+$_['pw_txt_02']  = 'Password / Username rules:'; //new
+$_['pw_txt_04']  = 'They are case-sensitive!';   //new
+$_['pw_txt_06']  = 'They must contain at least one non-space character.'; //new
+$_['pw_txt_08']  = 'They may contain spaces in the middle. Ex: "This is a password or username!"'; //changed
+$_['pw_txt_10']  = 'Leading and trailing spaces are removed.'; //new
+$_['pw_txt_12']  = 'Only the active copy of OneFileCMS is updated- no external configuration files are changed:';   //new
+$_['pw_txt_14']  = 'If an incorrect current password is entered, you will be logged out, but you may log back in.'; //new
+
+$_['change_pw_01'] = 'Password changed!';     //new
+$_['change_pw_02'] = 'Password NOT changed:'; //new
+$_['change_pw_03'] = 'Incorrect current password. Login to try again.'; //new
+$_['change_pw_04'] = '"New" and "Confirm New" values do not match.';    //new
+
+$_['un_change']  = 'Change Username';  //new
+$_['un_new']     = 'New Username';       //new
+$_['un_confirm'] = 'Confirm New Username'; //new
+
+$_['change_un_01'] = 'Username changed!';     //new
+$_['change_un_02'] = 'Username NOT changed:'; //new
diff --git a/OneFileCMS.LANG.EN.php b/OneFileCMS.LANG.EN.php
index 3814da4..f26127a 100755
--- a/OneFileCMS.LANG.EN.php
+++ b/OneFileCMS.LANG.EN.php
@@ -1,5 +1,5 @@
 <?php
-// OneFileCMS Language Settings v3.3.12  //*** A few values are no longer used and are commented out. ***
+// OneFileCMS Language Settings v3.3.15  //*** A few values are no longer used and are commented out. ***
 
 $_['LANGUAGE'] = 'English';
 
@@ -20,7 +20,7 @@
 $_['front_links_font_size'] =  '1em'; //Buttons on Index page.
 $_['front_links_margin_R']  =  '1em';
 $_['button_font_size']      = '.9em'; //Buttons on Edit page.
-$_['button_margin_L']       = '.5em';
+$_['button_margin_L']       = '.7em';
 $_['button_padding']        = '4px 10px';
 $_['image_info_font_size']  =  '1em'; //show_img_msg_01  &  _02 
 $_['image_info_pos']        = ''; //If 1 or true, moves the info down a line for more space.
@@ -48,6 +48,9 @@
 $_['DELETE'] = 'DELETE';
 $_['File']   = 'File';
 $_['Folder'] = 'Folder';
+$_['Submit'] = 'Submit Request'; //new
+$_['Username'] = 'Username';     //new
+$_['Password'] = 'Password';     //new
 
 $_['Log_In']  = 'Log In';
 $_['Log_Out'] = 'Log Out';
@@ -78,7 +81,7 @@
 $_['show_img_msg_01'] = 'Image shown at ~';
 $_['show_img_msg_02'] = '% of full size (W x H =';
 
-$_['hash_txt_01'] = 'The hashes generated by this page may be used to manually update $HASHWORD in OneFileCMS, or in an external config file.  In either case, make sure you remember the password used to generate the hash!';
+$_['hash_txt_01'] = 'The hashes generated by this page may be used to manually update $HASHWORD in OneFileCMS, or in an external config file.  In either case, make sure you remember the password used to generate the hash!'; //changed
 //$_['hash_txt_02'] = '1) Use the $PASSWORD config variable to store your desired password, and set $USE_HASH = 0 (zero).';
 //$_['hash_txt_03'] = '2) Or, use $HASHWORD to store the hash of your password, and set $USE_HASH = 1.';
 //$_['hash_txt_04'] = 'Keep in mind that due to a number of widely varied considerations, this is largely an academic excersize. That is, take the idea that this adds much of an improvement to security with a grain of cryptographic salt.	However, it does eleminate the storage of your password in plain text, which is a good thing.';
@@ -88,37 +91,13 @@
 $_['hash_txt_08'] = 'Copy and paste the new hash to the $HASHWORD variable in the config section.';
 $_['hash_txt_09'] = 'Make sure to copy ALL of, and ONLY, the hash (no leading or trailing spaces etc).';
 $_['hash_txt_10'] = 'A double-click should select it...';
-$_['hash_txt_11'] = 'Make sure $USE_HASH is set to 1 (or true).';
+//$_['hash_txt_11'] = 'Make sure $USE_HASH is set to 1 (or true).';
 $_['hash_txt_12'] = 'When ready, logout and login.';
 //$_['hash_txt_13'] = 'You can use OneFileCMS to edit itself.  However, be sure to have a backup ready for the inevitable ytpo...';
 //$_['hash_txt_14'] = 'For another small improvement to security, change the default salt and/or method used by OneFileCMS to hash the password (and keep \'em secret, of course).  Remever, every little bit helps...';
 
-$_['hash_msg_01'] = 'Password: ';
-$_['hash_msg_02'] = 'Hash    : ';
-
-$_['pw_change']  = 'Change Password';
-$_['pw_current'] = 'Current Password';
-$_['pw_new']     = 'New Password';
-$_['pw_confirm'] = 'Confirm New Password';
-
-$_['pw_txt_01']  = 'Password rules:';
-$_['pw_txt_02']  = 'They must contain at least one non-space character.';
-$_['pw_txt_03']  = 'They may contain spaces in the middle. Ex: "This is a password!"';
-$_['pw_txt_04']  = 'Leading and trailing spaces are removed.';
-$_['pw_txt_05']  = 'Pressing [Change Password] will update the following config values as indicated:';
-$_['pw_txt_06']  = 'Update $HASHWORD with the hash of your new password.';
-$_['pw_txt_07']  = 'Set $USE_HASH = 1';
-$_['pw_txt_08']  = 'Set $PASSWORD = "" (empty)';
-$_['pw_txt_09']  = 'Only the active copy of OneFileCMS is updated- no external configuration files are changed:';
-$_['pw_txt_10']  = 'If an incorrect current password is entered, you will be logged out, but you may log back in.';
-
-$_['change_pw_01'] = 'Password NOT changed:';
-$_['change_pw_02'] = 'Incorrect current password. Login to try again.';
-$_['change_pw_03'] = 'Login to try again.';
-$_['change_pw_04'] = '"New" and "Confirm New" passwords do not match.';
-$_['change_pw_05'] = 'No new or confirm passwords entered.';
-$_['change_pw_06'] = 'Passwords must contain at least one non-space character.';
-$_['change_pw_07'] = 'Password changed!';
+$_['hash_msg_01'] = 'Password:'; //
+$_['hash_msg_02'] = 'Hash    :'; //
 
 $_['login_txt_01'] = 'Username:';
 $_['login_txt_02'] = 'Password:';
@@ -228,9 +207,10 @@
 $_['delete_folder_msg_03'] = 'an error occurred during delete.';
 
 $_['page_title_login']      = 'Log In';
-$_['page_title_admin']      = 'Administration Options';
+$_['page_title_admin']      = 'Administration Options'; //new
 $_['page_title_hash']       = 'Generate a Password Hash';
-$_['page_title_change_pw']  = 'Change Password';
+$_['page_title_change_pw']  = 'Change Password';        //new
+$_['page_title_change_un']  = 'Change Username';        //new
 $_['page_title_edit']       = 'Edit / View File';
 $_['page_title_upload']     = 'Upload File';
 $_['page_title_new_file']   = 'New File';
@@ -257,18 +237,47 @@
 
 $_['time_out_txt'] = 'Session time out in:';
 
-$_['error_reporting_01'] = 'Display errors is';
-$_['error_reporting_02'] = 'Log errors is';
-$_['error_reporting_03'] = 'Error reporting is set to';
-$_['error_reporting_04'] = 'Showing error types';
-$_['error_reporting_05'] = 'Unexpected early output';
-$_['error_reporting_06'] = '(nothing, not even white-space, should have been output yet)';
-
-$_['admin_txt_02'] = 'General Information';
-$_['admin_txt_04'] = 'OneFileCMS can manage your password in two ways:';
-$_['admin_txt_06'] = '1) Use $PASSWORD to store your desired password, in plain text, and set $USE_HASH = 0 (zero).';
-$_['admin_txt_08'] = '2) Or, use $HASHWORD to store the hash of your password, and set $USE_HASH = 1.';
-$_['admin_txt_10'] = '($PASSWORD, $USE_HASH, and $HASHWORD, are variables in the configuration section of the OneFileCMS source file.)';
-$_['admin_txt_12'] = 'Option 2 is recommended, and is method used by the [Change Password] page. However, keep in mind that, due to a number of considerations, this is largely an academic excersize. That is, take the idea that it adds much of an improvement to security with a grain of cryptographic salt. Never-the-less, it does eliminate the storage of your password in plain text, which is generally considered to be a good thing.';
+$_['error_reporting_01'] = 'Display errors is';         //new
+$_['error_reporting_02'] = 'Log errors is';             //new
+$_['error_reporting_03'] = 'Error reporting is set to'; //new
+$_['error_reporting_04'] = 'Showing error types';       //new
+$_['error_reporting_05'] = 'Unexpected early output';   //new
+$_['error_reporting_06'] = '(nothing, not even white-space, should have been output yet)'; //new
+
+$_['admin_txt_00'] = 'Old Backup Found'; //new
+$_['admin_txt_01'] = 'This file was created in case of an error during a username or password change. Therefore, it may contain old information and should be deleted if not needed.  In any case, it will automatically be overwritten on the next password or username change.'; //new
+$_['admin_txt_02'] = 'General Information'; //new
+$_['admin_txt_04'] = 'As of version 3.3.13, OneFileCMS no longer maintains a plain text password option, and only stores a password hash, as most login systems do.'; //new
+//$_['admin_txt_04'] = 'OneFileCMS can manage your password in two ways:';
+//$_['admin_txt_06'] = '1) Use $PASSWORD to store your desired password, in plain text, and set $USE_HASH = 0 (zero).';
+//$_['admin_txt_08'] = '2) Or, use $HASHWORD to store the hash of your password, and set $USE_HASH = 1.';
+//$_['admin_txt_10'] = '($PASSWORD, $USE_HASH, and $HASHWORD, are variables in the configuration section of the OneFileCMS source file.)';
+//$_['admin_txt_12'] = 'Option 2 is recommended, and is method used by the [Change Password] page. However, keep in mind that, due to a number of considerations, this is largely an academic excersize. That is, take the idea that it adds much of an improvement to security with a grain of cryptographic salt. Never-the-less, it does eliminate the storage of your password in plain text, which is generally considered to be a good thing.';
+$_['admin_txt_12'] = 'However, due to a number of considerations, this change was largely an academic exersize. That is, in this application, take the idea that it adds much of an improvement to security with a grain of cryptographic salt. Never-the-less, it does eliminate the storage of your password in plain text (if that option was used), which is generally considered to be a good thing.'; //changed
 $_['admin_txt_14'] = 'For another small improvement to security, change the default salt and/or method used by OneFileCMS to hash the password (and keep them secret, of course). Every little bit helps...';
-$_['admin_txt_16'] = 'You can use OneFileCMS to edit itself, such as to update $PASSWORD or $HASHWORD. However, be sure to have a backup ready for the inevitable ytpo...';
+$_['admin_txt_16'] = 'Also, you can still use OneFileCMS to edit itself. However, be sure to have a backup ready for the inevitable ytpo...'; //changed
+
+$_['pw_change']  = 'Change Password';     //new
+$_['pw_current'] = 'Current Password';    //new
+$_['pw_new']     = 'New Password';        //new
+$_['pw_confirm'] = 'Confirm New Password';//new
+
+$_['pw_txt_02']  = 'Password / Username rules:'; //new
+$_['pw_txt_04']  = 'They are case-sensitive!';   //new
+$_['pw_txt_06']  = 'They must contain at least one non-space character.'; //new
+$_['pw_txt_08']  = 'They may contain spaces in the middle. Ex: "This is a password or username!"'; //changed
+$_['pw_txt_10']  = 'Leading and trailing spaces are removed.'; //new
+$_['pw_txt_12']  = 'Only the active copy of OneFileCMS is updated- no external configuration files are changed:';   //new
+$_['pw_txt_14']  = 'If an incorrect current password is entered, you will be logged out, but you may log back in.'; //new
+
+$_['change_pw_01'] = 'Password changed!';     //new
+$_['change_pw_02'] = 'Password NOT changed:'; //new
+$_['change_pw_03'] = 'Incorrect current password. Login to try again.'; //new
+$_['change_pw_04'] = '"New" and "Confirm New" values do not match.';    //new
+
+$_['un_change']  = 'Change Username';  //new
+$_['un_new']     = 'New Username';       //new
+$_['un_confirm'] = 'Confirm New Username'; //new
+
+$_['change_un_01'] = 'Username changed!';     //new
+$_['change_un_02'] = 'Username NOT changed:'; //new
diff --git a/OneFileCMS.LANG.ES.php b/OneFileCMS.LANG.ES.php
index 61c9840..ec4dd1c 100755
--- a/OneFileCMS.LANG.ES.php
+++ b/OneFileCMS.LANG.ES.php
@@ -1,8 +1,8 @@
 <?php
-// OneFileCMS Language Settings v3.3.12
+// OneFileCMS Language Settings v3.3.15
 
-$_['LANGUAGE'] = 'Espanõla';//***** There are several new values without translations. (in English) *****
-                            //***** Also, some values are no longer used and are commented out. *********
+$_['LANGUAGE'] = 'Espanõla';//*** There are several new or changed values without translations and are in English ***
+                            //*** Also, some values are no longer used and are commented out.                     ***
 //
 //
 // If no translation or value is desired for a particular setting, do not delete
@@ -48,6 +48,9 @@
 $_['DELETE'] = 'ELIMINAR';
 $_['File']   = 'Archivo';
 $_['Folder'] = 'Carpeta';
+$_['Submit'] = 'Submit Request'; //new
+$_['Username'] = 'Username';     //new
+$_['Password'] = 'Password';     //new
 
 $_['Log_In']  = 'Iniciar Sesión';
 $_['Log_Out'] = 'Cerrar Sesión';
@@ -78,7 +81,7 @@
 $_['show_img_msg_01'] = 'Imagen mostrada a ~';
 $_['show_img_msg_02'] = '% del tamaño (W x H =';
 // 'hash_txt_01' has changed - need translation. ***************************************************
-$_['hash_txt_01'] = 'The hashes generated by this page may be used to manually update $HASHWORD in OneFileCMS, or in an external config file.  In either case, make sure you remember the password used to generate the hash!';
+$_['hash_txt_01'] = 'The hashes generated by this page may be used to manually update $HASHWORD in OneFileCMS, or in an external config file.  In either case, make sure you remember the password used to generate the hash!'; //changed
 //$_['hash_txt_02'] = '1) Cambiando la variable $PASSWORD y asignando $USE_HASH = 0 (cero).';
 //$_['hash_txt_03'] = '2) O, usando $HASHWORD para almacenar tu contraseña, y luego asignar $USE_HASH = 1.';
 //$_['hash_txt_04'] = 'Tenga en cuenta que, debido a una serie de consideraciones muy variadas, esto es en gran parte un ejercicio académico. Es decir, tomar la idea de que esta es una gran mejora a la seguridad con un granito de sal de criptografía. Sin embargo, sí elimina el almacenamiento de la contraseña en texto plano, lo cual es algo bueno.';
@@ -95,31 +98,7 @@
 
 $_['hash_msg_01'] = 'Contraseña: ';
 $_['hash_msg_02'] = 'Cadena    : ';
-// New text - need translation *********************************************************************
-$_['pw_change']  = 'Change Password';
-$_['pw_current'] = 'Current Password';
-$_['pw_new']     = 'New Password';
-$_['pw_confirm'] = 'Confirm New Password';
-
-$_['pw_txt_01']  = 'Password rules:';
-$_['pw_txt_02']  = 'They must contain at least one non-space character.';
-$_['pw_txt_03']  = 'They may contain spaces in the middle. Ex: "This is a password!"';
-$_['pw_txt_04']  = 'Leading and trailing spaces are removed.';
-$_['pw_txt_05']  = 'Pressing [Change Password] will update the following config values as indicated:';
-$_['pw_txt_06']  = 'Update $HASHWORD with the hash of your new password.';
-$_['pw_txt_07']  = 'Set $USE_HASH = 1';
-$_['pw_txt_08']  = 'Set $PASSWORD = "" (empty)';
-$_['pw_txt_09']  = 'Only the active copy of OneFileCMS is updated- no external configuration files are changed:';
-$_['pw_txt_10']  = 'If an incorrect current password is entered, you will be logged out, but you may log back in.';
-
-$_['change_pw_01'] = 'Password NOT changed:';
-$_['change_pw_02'] = 'Incorrect current password. Login to try again.';
-$_['change_pw_03'] = 'Login to try again.';
-$_['change_pw_04'] = '"New" and "Confirm New" passwords do not match.';
-$_['change_pw_05'] = 'No new or confirm passwords entered.';
-$_['change_pw_06'] = 'Passwords must contain at least one non-space character.';
-$_['change_pw_07'] = 'Password changed!';
-//**************************************************************************************************
+
 $_['login_txt_01'] = 'Usuario:';
 $_['login_txt_02'] = 'Contraseña:';
 
@@ -145,15 +124,15 @@
 
 $_['too_large_to_edit_01a'] = 'Edición deshabilita. Tamaño >';
 $_['too_large_to_edit_01b'] = 'bytes.';
-$_['too_large_to_edit_02'] = 'Algunos navegadores (por ej.: IE) se vuelven inestables cuando se edita un texto largo dentro de un <textarea>.';
-$_['too_large_to_edit_03'] = 'Ajustá la variable $MAX_EDIT_SIZE en la sección de configuración de OneFileCMS como sea necesario.';
-$_['too_large_to_edit_04'] = 'Una simple prueba puede dar con el resultado necesario.';
+$_['too_large_to_edit_02']  = 'Algunos navegadores (por ej.: IE) se vuelven inestables cuando se edita un texto largo dentro de un <textarea>.';
+$_['too_large_to_edit_03']  = 'Ajustá la variable $MAX_EDIT_SIZE en la sección de configuración de OneFileCMS como sea necesario.';
+$_['too_large_to_edit_04']  = 'Una simple prueba puede dar con el resultado necesario.';
 
 $_['too_large_to_view_01a'] = 'Vista deshabilitada. Tamaño >';
 $_['too_large_to_view_01b'] = 'bytes.';
-$_['too_large_to_view_02'] = 'Clickeá en el botón de debajo para verlo como se ve normalmente en un navegador.';
-$_['too_large_to_view_03'] = 'Ajustá $MAX_VIEW_SIZE en la sección de configuración de OneFileCMS como sea necesario.';
-$_['too_large_to_view_04'] = '(El valor por defecto para $MAX_VIEW_SIZE es completamente arbitrario, y puede ser ajustado como sea necesario.)';
+$_['too_large_to_view_02']  = 'Clickeá en el botón de debajo para verlo como se ve normalmente en un navegador.';
+$_['too_large_to_view_03']  = 'Ajustá $MAX_VIEW_SIZE en la sección de configuración de OneFileCMS como sea necesario.';
+$_['too_large_to_view_04']  = '(El valor por defecto para $MAX_VIEW_SIZE es completamente arbitrario, y puede ser ajustado como sea necesario.)';
 
 $_['meta_txt_01'] = 'Tamaño:';
 $_['meta_txt_02'] = 'bytes.';
@@ -228,9 +207,10 @@
 $_['delete_folder_msg_03'] = 'ocurrió un error eliminándola.';
 
 $_['page_title_login']      = 'Iniciar Sesión';
-$_['page_title_admin']      = 'Administration Options'; // Need translation ************************
+$_['page_title_admin']      = 'Administration Options'; //new
 $_['page_title_hash']       = 'Generar una Cadena de Contraseña';
-$_['page_title_change_pw']  = 'Change Password';        // Need translation ************************
+$_['page_title_change_pw']  = 'Change Password';        //new
+$_['page_title_change_un']  = 'Change Username';        //new
 $_['page_title_edit']       = 'Editar / Ver Archivo';
 $_['page_title_upload']     = 'Subir Archivo';
 $_['page_title_new_file']   = 'Nuevo Archivo';
@@ -256,19 +236,48 @@
 $_['edit_caution_02']  = 'Estás editando la copia activa de OneFileCMS - ¡HACÉ UNA COPIA DE SEGURIDAD Y TENÉ CUIDADO!';
 
 $_['time_out_txt'] = 'Tiempo de Espera de Sesión Agotado:';
-
-$_['error_reporting_01'] = 'Display errors is';
-$_['error_reporting_02'] = 'Log errors is';
-$_['error_reporting_03'] = 'Error reporting is set to';
-$_['error_reporting_04'] = 'Showing error types';
-$_['error_reporting_05'] = 'Unexpected early output';
-$_['error_reporting_06'] = '(nothing, not even white-space, should have been output yet)';
 //******************************************* Need Translations ************************************
-$_['admin_txt_02'] = 'General Information';
-$_['admin_txt_04'] = 'OneFileCMS can manage your password in two ways:';
-$_['admin_txt_06'] = '1) Use $PASSWORD to store your desired password, in plain text, and set $USE_HASH = 0 (zero).';
-$_['admin_txt_08'] = '2) O, usando $HASHWORD para almacenar tu contraseña, y luego asignar $USE_HASH = 1.';
-$_['admin_txt_10'] = '($PASSWORD, $USE_HASH, and $HASHWORD, are variables in the configuration section of the OneFileCMS source file.)';
-$_['admin_txt_12'] = 'Option 2 is recommended, and is method used by the [Change Password] page. However, keep in mind that, due to a number of considerations, this is largely an academic excersize. That is, take the idea that it adds much of an improvement to security with a grain of cryptographic salt. Never-the-less, it does eliminate the storage of your password in plain text, which is generally considered to be a good thing.';
+$_['error_reporting_01'] = 'Display errors is';         //new
+$_['error_reporting_02'] = 'Log errors is';             //new
+$_['error_reporting_03'] = 'Error reporting is set to'; //new
+$_['error_reporting_04'] = 'Showing error types';       //new
+$_['error_reporting_05'] = 'Unexpected early output';   //new
+$_['error_reporting_06'] = '(nothing, not even white-space, should have been output yet)'; //new
+
+$_['admin_txt_00'] = 'Old Backup Found'; //new
+$_['admin_txt_01'] = 'This file was created in case of an error during a username or password change. Therefore, it may contain old information and should be deleted if not needed.  In any case, it will automatically be overwritten on the next password or username change.'; //new
+$_['admin_txt_02'] = 'General Information'; //new
+$_['admin_txt_04'] = 'As of version 3.3.13, OneFileCMS no longer maintains a plain text password option, and only stores a password hash, as most login systems do.'; //new
+//$_['admin_txt_04'] = 'OneFileCMS can manage your password in two ways:';
+//$_['admin_txt_06'] = '1) Use $PASSWORD to store your desired password, in plain text, and set $USE_HASH = 0 (zero).';
+//$_['admin_txt_08'] = '2) O, usando $HASHWORD para almacenar tu contraseña, y luego asignar $USE_HASH = 1.';
+//$_['admin_txt_10'] = '($PASSWORD, $USE_HASH, and $HASHWORD, are variables in the configuration section of the OneFileCMS source file.)';
+//$_['admin_txt_12'] = 'Option 2 is recommended, and is method used by the [Change Password] page. However, keep in mind that, due to a number of considerations, this is largely an academic excersize. That is, take the idea that it adds much of an improvement to security with a grain of cryptographic salt. Never-the-less, it does eliminate the storage of your password in plain text, which is generally considered to be a good thing.';
+$_['admin_txt_12'] = 'However, due to a number of considerations, this change was largely an academic exersize. That is, in this application, take the idea that it adds much of an improvement to security with a grain of cryptographic salt. Never-the-less, it does eliminate the storage of your password in plain text (if that option was used), which is generally considered to be a good thing.'; //changed
 $_['admin_txt_14'] = 'Para otro tip de seguridad, cambiá la llave de seguridad y/o el método usado por OneFileCMS para almacenar la clave (y mantenelo en secreto, obviamente).  Acordate, cada granito ayuda...';
 $_['admin_txt_16'] = 'Podés usar OneFileCMS para editarlo. Sin embargo, asegurate de hacer un backup...';
+
+$_['pw_change']  = 'Change Password';     //new
+$_['pw_current'] = 'Current Password';    //new
+$_['pw_new']     = 'New Password';        //new
+$_['pw_confirm'] = 'Confirm New Password';//new
+
+$_['pw_txt_02']  = 'Password / Username rules:'; //new
+$_['pw_txt_04']  = 'They are case-sensitive!';   //new
+$_['pw_txt_06']  = 'They must contain at least one non-space character.'; //new
+$_['pw_txt_08']  = 'They may contain spaces in the middle. Ex: "This is a password or username!"'; //changed
+$_['pw_txt_10']  = 'Leading and trailing spaces are removed.'; //new
+$_['pw_txt_12']  = 'Only the active copy of OneFileCMS is updated- no external configuration files are changed:';   //new
+$_['pw_txt_14']  = 'If an incorrect current password is entered, you will be logged out, but you may log back in.'; //new
+
+$_['change_pw_01'] = 'Password changed!';     //new
+$_['change_pw_02'] = 'Password NOT changed:'; //new
+$_['change_pw_03'] = 'Incorrect current password. Login to try again.'; //new
+$_['change_pw_04'] = '"New" and "Confirm New" values do not match.';    //new
+
+$_['un_change']  = 'Change Username';  //new
+$_['un_new']     = 'New Username';       //new
+$_['un_confirm'] = 'Confirm New Username'; //new
+
+$_['change_un_01'] = 'Username changed!';     //new
+$_['change_un_02'] = 'Username NOT changed:'; //new
diff --git a/OneFileCMS_structure.txt b/OneFileCMS_structure.txt
index 429ae3b..c6470a9 100755
--- a/OneFileCMS_structure.txt
+++ b/OneFileCMS_structure.txt
@@ -1,4 +1,4 @@
-Version 3.3.12
+Version 3.3.15
 
 LICENSE
 
@@ -24,7 +24,6 @@ MISC FUNCTIONS:
 	Check_path()
 	is_empty()
 	ordinalize()
-	Search_Replace_Line()
 
 PAGE CHUNK FUNCTIONS
 	Current_Path_Header()
@@ -62,8 +61,9 @@ PAGE & RESPONSE FUNCTIONS:
 	Admin_Page()
 	Hash_Page()
 	Hash_Page_response()
-	Change_Password_Page()
-	Change_Password_response()
+	Change_PWUN_Page() 
+	Update_config()
+	Change_PWUN_response()
 	Logout()
 	Login_Page()
 	Login_Page_response()
@@ -100,13 +100,13 @@ JAVASCRIPT & STYLESHEET FUNCTIONS:
 	Language_and_config_adjusted_styles()
 
 LOGIC TO DETERMINE PAGE ACTION
-	Verify good PHP version
 	Default_Language()
+	Verify good PHP version
 	If external language file, load it
 	Session_Startup()
 	Get_GET()
 	Init_Macros()
 	Respond_to_POST()
-	Validate $page & $filename to show
+	Final check of $page to show
 
 GENERATE/OUTPUT <HTML>...  
diff --git a/onefilecms.php b/onefilecms.php
index 822b702..bfbc884 100755
--- a/onefilecms.php
+++ b/onefilecms.php
@@ -1,7 +1,7 @@
 <?php
 // OneFileCMS - github.com/Self-Evident/OneFileCMS
 
-$OFCMS_version = '3.3.14';
+$OFCMS_version = '3.3.15';
 
 /*******************************************************************************
 Copyright © 2009-2012 https://github.com/rocktronica
@@ -58,8 +58,8 @@
 
 $MAX_ATTEMPTS  = 3;   //Max failed login attempts before LOGIN_DELAY starts.
 $LOGIN_DELAY   = 10;  //In seconds.
-$MAX_IDLE_TIME = 60000; //In seconds. 600 = 10 minutes.  Other PHP settings may limit its max effective value.
-						//  For instance, 24 minutes is the PHP default for garbage collection.
+$MAX_IDLE_TIME = 600; //In seconds. 600 = 10 minutes.  Other PHP settings may limit its max effective value.
+					  //  For instance, 24 minutes is the PHP default for garbage collection.
 $MAIN_WIDTH    = '810px'; //Width of main <div> defining page layout.
 $WIDE_VIEW_WIDTH = '97%'; //Width to set Edit page if [Wide View] is clicked
 
@@ -85,7 +85,7 @@
 
 $EX = '<b>( ! )</b> '; //EXclaimation point "icon" Used in $message's
 
-$SESSION_NAME = 'OFCMS'; //Also the cookie name. Change if using multiple copies of OneFileCMS.
+$SESSION_NAME = 'OFCMS'; //Name of session cookie. Change if using multiple copies of OneFileCMS.
 
 //$config_file = 'OFCMS_config.SAMPLE.php'; //External config file, if there is one.
 	//Format for external config file is basic php:
@@ -103,12 +103,12 @@
 //If there is one, include external config file. 
 if ( isset($config_file) && is_file($config_file) ) { include($config_file); }
 
-//Require PHP5.  Earliest version the author has for testing is 5.2.8 (50208)
+//Requires PHP 5.1. Earliest version the author has for testing is 5.2.8 (50208)
 define('PHP_VERSION_ID_REQUIRED',50100);   //Ex: 5.1.23 is 50123
 define('PHP_VERSION_REQUIRED'  ,'5.1 + '); //Used in exit() message.
 
 //The predefined constant PHP_VERSION_ID has only been available since 5.2.7.
-//So, convert PHP_VERSION (a string) to PHP_VERSION_ID (a number).
+//So, if needed, convert PHP_VERSION (a string) to PHP_VERSION_ID (a number).
 //Ex: 5.1.23 converts to 50123.
 if (!defined('PHP_VERSION_ID')) {  
 	$phpversion = explode('.', PHP_VERSION);
@@ -119,11 +119,15 @@
 
 ini_set('session.gc_maxlifetime', $MAX_IDLE_TIME + 100); //in case the default is less.
 
-$ONESCRIPT = URLencode_path($_SERVER["SCRIPT_NAME"]);
+$ONESCRIPT = URLencode_path($_SERVER["SCRIPT_NAME"]); //Used for ULR's
+$ONESCRIPT_url_backup  = $ONESCRIPT.'.BACKUP.php';    //used for p/w & u/n updates.
 $DOC_ROOT  = $_SERVER["DOCUMENT_ROOT"].'/';
 $WEB_ROOT  = URLencode_path(basename($DOC_ROOT)).'/';
 $WEBSITE   = $_SERVER["HTTP_HOST"].'/';
-$LOGIN_ATTEMPTS = $DOC_ROOT.trim($_SERVER["SCRIPT_NAME"],'/').'.invalid_login_attempts';
+
+$ONESCRIPT_file   = $DOC_ROOT.trim($_SERVER["SCRIPT_NAME"],'/'); //Non-url use
+$LOGIN_ATTEMPTS   = $ONESCRIPT_file.'.invalid_login_attempts';
+$ONESCRIPT_file_backup = $ONESCRIPT_file.'.BACKUP.php'; //used for p/w & u/n updates.
 
 $valid_pages = array("login","logout","admin","hash","changepw","changeun","index","edit","upload","uploaded","newfile","copy","rename","delete","newfolder","renamefolder","deletefolder" );
 
@@ -153,9 +157,9 @@ function hte($input) { return htmlentities($input, ENT_QUOTES, 'UTF-8'); }//end
 
 function Default_Language() { // ***********************************************
 	global $_;
-// OneFileCMS Language Settings v3.3.14  //*** A few values are no longer used and are commented out. ***
+// OneFileCMS Language Settings v3.3.15  //*** A few values are no longer used and are commented out. ***
 
-$_['LANGUAGE'] = 'English (default)';
+$_['LANGUAGE'] = 'English';
 
 // These are the default values included directly in onefilecms.php.
 //
@@ -174,7 +178,7 @@ function Default_Language() { // ***********************************************
 $_['front_links_font_size'] =  '1em'; //Buttons on Index page.
 $_['front_links_margin_R']  =  '1em';
 $_['button_font_size']      = '.9em'; //Buttons on Edit page.
-$_['button_margin_L']       = '.5em';
+$_['button_margin_L']       = '.7em';
 $_['button_padding']        = '4px 10px';
 $_['image_info_font_size']  =  '1em'; //show_img_msg_01  &  _02 
 $_['image_info_pos']        = ''; //If 1 or true, moves the info down a line for more space.
@@ -202,9 +206,9 @@ function Default_Language() { // ***********************************************
 $_['DELETE'] = 'DELETE';
 $_['File']   = 'File';
 $_['Folder'] = 'Folder';
-$_['Submit'] = 'Submit Request';
-$_['Username'] = 'Username';
-$_['Password'] = 'Password';
+$_['Submit'] = 'Submit Request'; //new
+$_['Username'] = 'Username';     //new
+$_['Password'] = 'Password';     //new
 
 $_['Log_In']  = 'Log In';
 $_['Log_Out'] = 'Log Out';
@@ -235,11 +239,11 @@ function Default_Language() { // ***********************************************
 $_['show_img_msg_01'] = 'Image shown at ~';
 $_['show_img_msg_02'] = '% of full size (W x H =';
 
-$_['hash_txt_01'] = 'The hashes generated by this page may be used to manually update $HASHWORD in OneFileCMS, or in an external config file.  In either case, make sure you remember the password used to generate the hash!';
-
-
-
-
+$_['hash_txt_01'] = 'The hashes generated by this page may be used to manually update $HASHWORD in OneFileCMS, or in an external config file.  In either case, make sure you remember the password used to generate the hash!'; //changed
+//$_['hash_txt_02'] = '1) Use the $PASSWORD config variable to store your desired password, and set $USE_HASH = 0 (zero).';
+//$_['hash_txt_03'] = '2) Or, use $HASHWORD to store the hash of your password, and set $USE_HASH = 1.';
+//$_['hash_txt_04'] = 'Keep in mind that due to a number of widely varied considerations, this is largely an academic excersize. That is, take the idea that this adds much of an improvement to security with a grain of cryptographic salt.	However, it does eleminate the storage of your password in plain text, which is a good thing.';
+//$_['hash_txt_05'] = 'Anyway, to use the $HASHWORD password option:';
 $_['hash_txt_06'] = 'Type your desired password in the input field above and hit Enter.';
 $_['hash_txt_07'] = 'The hash will be displayed in a yellow message box above that.';
 $_['hash_txt_08'] = 'Copy and paste the new hash to the $HASHWORD variable in the config section.';
@@ -247,36 +251,11 @@ function Default_Language() { // ***********************************************
 $_['hash_txt_10'] = 'A double-click should select it...';
 //$_['hash_txt_11'] = 'Make sure $USE_HASH is set to 1 (or true).';
 $_['hash_txt_12'] = 'When ready, logout and login.';
+//$_['hash_txt_13'] = 'You can use OneFileCMS to edit itself.  However, be sure to have a backup ready for the inevitable ytpo...';
+//$_['hash_txt_14'] = 'For another small improvement to security, change the default salt and/or method used by OneFileCMS to hash the password (and keep \'em secret, of course).  Remever, every little bit helps...';
 
-
-
-$_['hash_msg_01'] = 'Password:';
-$_['hash_msg_02'] = 'Hash    :';
-
-$_['pw_change']  = 'Change Password';
-$_['pw_current'] = 'Current Password';
-$_['pw_new']     = 'New Password';
-$_['pw_confirm'] = 'Confirm New Password';
-
-$_['pw_txt_00']  = 'Password / Username rules:';
-$_['pw_txt_01']  = 'They are case-sensitive!';
-$_['pw_txt_02']  = 'They must contain at least one non-space character.';
-$_['pw_txt_03']  = 'They may contain spaces in the middle. Ex: "This is a password or username!"';
-$_['pw_txt_04']  = 'Leading and trailing spaces are removed.';
-//$_['pw_txt_05']  = 'Pressing [Submit Request] will update the following configuration value(s):';
-//$_['pw_txt_06']  = 'Update $HASHWORD with the hash of your new password.';
-//$_['pw_txt_07']  = 'Set $USE_HASH = 1';
-//$_['pw_txt_08']  = 'Set $PASSWORD = "" (empty)';
-$_['pw_txt_09']  = 'Only the active copy of OneFileCMS is updated- no external configuration files are changed:';
-$_['pw_txt_10']  = 'If an incorrect current password is entered, you will be logged out, but you may log back in.';
-
-$_['change_pw_01'] = 'Password NOT changed:';
-$_['change_pw_02'] = 'Incorrect current password. Login to try again.';
-//$_['change_pw_03'] = 'Login to try again.';
-$_['change_pw_04'] = '"New" and "Confirm New" values do not match.';
-$_['change_pw_05'] = 'No new or confirm passwords entered.';
-//$_['change_pw_06'] = 'Passwords must contain at least one non-space character.';
-$_['change_pw_07'] = 'Password changed!';
+$_['hash_msg_01'] = 'Password:'; //
+$_['hash_msg_02'] = 'Hash    :'; //
 
 $_['login_txt_01'] = 'Username:';
 $_['login_txt_02'] = 'Password:';
@@ -386,10 +365,10 @@ function Default_Language() { // ***********************************************
 $_['delete_folder_msg_03'] = 'an error occurred during delete.';
 
 $_['page_title_login']      = 'Log In';
-$_['page_title_admin']      = 'Administration Options';
+$_['page_title_admin']      = 'Administration Options'; //new
 $_['page_title_hash']       = 'Generate a Password Hash';
-$_['page_title_change_pw']  = 'Change Password';
-$_['page_title_change_un']  = 'Change Username';
+$_['page_title_change_pw']  = 'Change Password'; //new
+$_['page_title_change_un']  = 'Change Username'; //new
 $_['page_title_edit']       = 'Edit / View File';
 $_['page_title_upload']     = 'Upload File';
 $_['page_title_new_file']   = 'New File';
@@ -416,33 +395,50 @@ function Default_Language() { // ***********************************************
 
 $_['time_out_txt'] = 'Session time out in:';
 
-$_['error_reporting_01'] = 'Display errors is';
-$_['error_reporting_02'] = 'Log errors is';
-$_['error_reporting_03'] = 'Error reporting is set to';
-$_['error_reporting_04'] = 'Showing error types';
-$_['error_reporting_05'] = 'Unexpected early output';
-$_['error_reporting_06'] = '(nothing, not even white-space, should have been output yet)';
-
-$_['admin_txt_02'] = 'General Information';
-$_['admin_txt_04'] = 'As of version 3.3.13, OneFileCMS no longer maintains a plain text $PASSWORD option, and only uses $HASHWORD.';
+$_['error_reporting_01'] = 'Display errors is';         //new
+$_['error_reporting_02'] = 'Log errors is';             //new
+$_['error_reporting_03'] = 'Error reporting is set to'; //new
+$_['error_reporting_04'] = 'Showing error types';       //new
+$_['error_reporting_05'] = 'Unexpected early output';   //new
+$_['error_reporting_06'] = '(nothing, not even white-space, should have been output yet)'; //new
+
+$_['admin_txt_00'] = 'Old Backup Found'; //new
+$_['admin_txt_01'] = 'This file was created in case of an error during a username or password change. Therefore, it may contain old information and should be deleted if not needed.  In any case, it will automatically be overwritten on the next password or username change.'; //new
+$_['admin_txt_02'] = 'General Information'; //new
+$_['admin_txt_04'] = 'As of version 3.3.13, OneFileCMS no longer maintains a plain text password option, and only stores a password hash, as most login systems do.'; //new
+//$_['admin_txt_04'] = 'OneFileCMS can manage your password in two ways:';
 //$_['admin_txt_06'] = '1) Use $PASSWORD to store your desired password, in plain text, and set $USE_HASH = 0 (zero).';
 //$_['admin_txt_08'] = '2) Or, use $HASHWORD to store the hash of your password, and set $USE_HASH = 1.';
 //$_['admin_txt_10'] = '($PASSWORD, $USE_HASH, and $HASHWORD, are variables in the configuration section of the OneFileCMS source file.)';
 //$_['admin_txt_12'] = 'Option 2 is recommended, and is method used by the [Change Password] page. However, keep in mind that, due to a number of considerations, this is largely an academic excersize. That is, take the idea that it adds much of an improvement to security with a grain of cryptographic salt. Never-the-less, it does eliminate the storage of your password in plain text, which is generally considered to be a good thing.';
-$_['admin_txt_12'] = 'However, keep in mind that, due to a number of considerations, this change was largely an academic exersize. That is, in this application, take the idea that it adds much of an improvement to security with a grain of cryptographic salt. Never-the-less, it does eliminate the storage of your password in plain text (if that option was used), which is generally considered to be a good thing.';
+$_['admin_txt_12'] = 'However, due to a number of considerations, this change was largely an academic exersize. That is, in this application, take the idea that it adds much of an improvement to security with a grain of cryptographic salt. Never-the-less, it does eliminate the storage of your password in plain text (if that option was used), which is generally considered to be a good thing.'; //changed
 $_['admin_txt_14'] = 'For another small improvement to security, change the default salt and/or method used by OneFileCMS to hash the password (and keep them secret, of course). Every little bit helps...';
-$_['admin_txt_16'] = 'Also, you can still use OneFileCMS to edit itself. However, be sure to have a backup ready for the inevitable ytpo...';
-
-$_['un_change']  = 'Change Username';
-$_['un_new']     = 'New Username';
-$_['un_confirm'] = 'Confirm New Username';
-
-$_['change_un_01'] = 'Username NOT changed:';
-
-$_['change_un_04'] = '"New" and "Confirm New" usernames do not match.';
-$_['change_un_05'] = 'No new or confirm usernames entered.';
-$_['change_un_06'] = 'Username must contain at least one non-space character.';
-$_['change_un_07'] = 'Username changed!';
+$_['admin_txt_16'] = 'Also, you can still use OneFileCMS to edit itself. However, be sure to have a backup ready for the inevitable ytpo...'; //changed
+
+$_['pw_change']  = 'Change Password';     //new
+$_['pw_current'] = 'Current Password';    //new
+$_['pw_new']     = 'New Password';        //new
+$_['pw_confirm'] = 'Confirm New Password';//new
+
+$_['pw_txt_02']  = 'Password / Username rules:'; //new
+$_['pw_txt_04']  = 'They are case-sensitive!';   //new
+$_['pw_txt_06']  = 'They must contain at least one non-space character.'; //new
+$_['pw_txt_08']  = 'They may contain spaces in the middle. Ex: "This is a password or username!"'; //changed
+$_['pw_txt_10']  = 'Leading and trailing spaces are removed.'; //new
+$_['pw_txt_12']  = 'Only the active copy of OneFileCMS is updated- no external configuration files are changed:';   //new
+$_['pw_txt_14']  = 'If an incorrect current password is entered, you will be logged out, but you may log back in.'; //new
+
+$_['change_pw_01'] = 'Password changed!';     //new
+$_['change_pw_02'] = 'Password NOT changed:'; //new
+$_['change_pw_03'] = 'Incorrect current password. Login to try again.'; //new
+$_['change_pw_04'] = '"New" and "Confirm New" values do not match.';    //new
+
+$_['un_change']  = 'Change Username';  //new
+$_['un_new']     = 'New Username';       //new
+$_['un_confirm'] = 'Confirm New Username'; //new
+
+$_['change_un_01'] = 'Username changed!';     //new
+$_['change_un_02'] = 'Username NOT changed:'; //new
 }//end Default_Language() ******************************************************
 
 
@@ -452,7 +448,7 @@ function Session_Startup() { //*************************************************
 	global $SESSION_NAME, $page, $VALID_POST, $message;
 
 	$limit    = 0; //0 = session.  
-	$path     = dirname($_SERVER['SCRIPT_NAME']);
+	$path     = '';//dirname($_SERVER['SCRIPT_NAME']); //Doesn't work with some paths.
 	$domain   = ''; // '' = hostname
 	$https    = false;
 	$httponly = true;//true = unaccessable via javascript. Some XSS protection.
@@ -613,9 +609,6 @@ function Update_Recent_Pages($pop_current = 0) { //*****************************
 
 	//Reverse order so the current page is index [0]
 	$_SESSION['recent_pages'] = array_reverse($_SESSION['recent_pages']);
-	
-	//admin_ipath is not needed on index page
-	if ($page == "index") { unset($_SESSION['admin_ipath']); }
 
 }//end Update_Recent_Pages() ***************************************************
 
@@ -658,7 +651,7 @@ function Get_GET() { //*** Get main parameters *********************************
 
 	//Initialize & validate $page
 	if (isset($_GET["p"])) { $page = $_GET["p"]; } else { $page = "index"; }
-	if (!in_array(strtolower($page), $valid_pages)) { 
+	if (!in_array($page, $valid_pages)) { 
 		$message .= $EX.hsc($_['get_get_msg_02']).' <b>'.hte($page).'</b><br>';
 		$page = "index";  //If invalid $_GET["p"]
 	}
@@ -859,12 +852,11 @@ function Upload_New_Rename_Delete_Links() { //**********************************
 function Cancel_Submit_Buttons($submit_label, $focus) { //**********************
 	//$submit_label = Rename, Copy, Delete, etc...
 	//$focus is ID of element to receive focus(). (element may be outside this function)
-	global $_, $ONESCRIPT, $ipath, $param1, $param2, $filename, $page, $message;
+	global $_, $ONESCRIPT, $ONESCRIPT_url_backup, $ipath, $param1, $param2, $filename, $page, $message;
 
-	//Cancel returns to either admin, edit, or index page.
-	if ($_SESSION['recent_pages'][1] == "admin") { $params = '&amp;p=admin'; }
-	elseif  ($filename != "")               { $params = $param2.'&amp;p=edit'; }
-	else                                    { $params = ""; }
+	//$params for Cancel. If prior page was Admin, restore admin_ipath.
+	if ($_SESSION['recent_pages'][1] == "admin") { $params = '?i='.$_SESSION['admin_ipath'].'&amp;p=admin'; }
+	else                                         { $params = $param1.$param2.'&amp;p='.$_SESSION['recent_pages'][1]; }
 
 	//If came from edit page via admin page, drop this page from recent_pages
 	//This helps preserve ipath prior to admin page
@@ -874,7 +866,7 @@ function Cancel_Submit_Buttons($submit_label, $focus) { //**********************
 ?>
 	<p> 
 	<input type="button" class="button" id="cancel" value="<?php echo hsc($_['Cancel']) ?>"
-		onclick="parent.location = '<?php echo $ONESCRIPT.$param1.$params ?>'">
+		onclick="parent.location = '<?php echo $ONESCRIPT.$params ?>'">
 	<input type="submit" class="button" value="<?php echo $submit_label;?>" style="margin-left: 1em;">
 <?php 
 	if ($focus != ""){ echo '<script>document.getElementById("'.$focus.'").focus();</script>'; }
@@ -937,14 +929,14 @@ function Timeout_Timer($COUNT, $ID, $CLASS="", $ACTION="") { //*****************
 
 function Init_Macros(){ //*** ($varibale="some reusable chunk of code")*********
 
-global 	$_, $ONESCRIPT, $param1, $param2, $INPUT_NUONCE, $FORM_COMMON, $PWUN_RULES, 
+global 	$_, $ONESCRIPT, $param1, $param2, $INPUT_NUONCE, $FORM_COMMON, $PWUN_RULES,
 		$SVG_icon_circle_plus, $SVG_icon_circle_x, $SVG_icon_pencil, $SVG_icon_img_0;
 
 $INPUT_NUONCE = '<input type="hidden" name="nuonce" value="'.$_SESSION['nuonce'].'">'.PHP_EOL;
 $FORM_COMMON = '<form method="post" action="'.$ONESCRIPT.$param1.$param2.'">'.$INPUT_NUONCE;
 
-$PWUN_RULES  = '<p>'.hsc($_['pw_txt_00']).'<ol><li>'.hsc($_['pw_txt_01']).'<li>'.hsc($_['pw_txt_02']);
-$PWUN_RULES .= '<li>'.hsc($_['pw_txt_03']).'<li>'.hsc($_['pw_txt_04']).'</ol>';
+$PWUN_RULES  = '<p>'.hsc($_['pw_txt_02']).'<ol><li>'.hsc($_['pw_txt_04']).'<li>'.hsc($_['pw_txt_06']);
+$PWUN_RULES .= '<li>'.hsc($_['pw_txt_08']).'<li>'.hsc($_['pw_txt_10']).'</ol>';
 
 $SVG_icon_circle_plus = '<circle cx="5" cy="5" r="5" stroke="black" stroke-width="0" fill="#080"/>
 	  <line x1="2" y1="5" x2="8" y2="5" stroke="white" stroke-width="1.5" />
@@ -1122,7 +1114,8 @@ function show_icon($type){ //***************************************************
 
 
 function Admin_Page() { //******************************************************
-	global $_, $ONESCRIPT, $ipath, $filename, $param1, $param2, $EX, $message, $config_title;
+	global $_, $WEB_ROOT, $ONESCRIPT, $ONESCRIPT_url_backup, $ONESCRIPT_file_backup, 
+		   $ipath, $filename, $param1, $param2, $EX, $message, $config_title;
 
 	$_SESSION['admin_ipath']  = $ipath; //Used so after Edit OneFile, returns to ipath user expects.
 
@@ -1138,20 +1131,53 @@ function Admin_Page() { //******************************************************
 	<input type="button" class="button" id="cancel"    value="<?php echo hsc($_['Close']) ?>"
 		onclick="parent.location = '<?php echo $ONESCRIPT.$param1.$params ?>'">
 
-	<input type="button" class="button" id="hash"      value="<?php echo hsc($_['Generate_Hash']) ?>"
-		onclick="parent.location = '<?php echo $ONESCRIPT.$param1.'&amp;p=hash' ?>'">
-
 	<input type="button" class="button" id="changepw" value="<?php echo hsc($_['pw_change']) ?>"
 		onclick="parent.location = '<?php echo $ONESCRIPT.$param1.'&amp;p=changepw' ?>'">
 
 	<input type="button" class="button" id="changeun" value="<?php echo hsc($_['un_change']) ?>"
 		onclick="parent.location = '<?php echo $ONESCRIPT.$param1.'&amp;p=changeun' ?>'">
 
+	<input type="button" class="button" id="hash"      value="<?php echo hsc($_['Generate_Hash']) ?>"
+		onclick="parent.location = '<?php echo $ONESCRIPT.$param1.'&amp;p=hash' ?>'">
+
 	<input type="button" class="button" id="editOFCMS" value="<?php echo hsc($_['Edit'].' '.$config_title) ?>"
 		onclick="parent.location = '<?php echo $ONESCRIPT.$edit_params ?>'">
 	</span>
 
 	<div class="info">
+		
+	<?php //Check for & indicate if a backup exists from a prior p/w or u/n change.
+	if (is_file($ONESCRIPT_file_backup)) {
+		clearstatcache ();
+		Time_Stamp_scripts();
+		$file = $ONESCRIPT_url_backup;
+		$href = $ONESCRIPT.'?i='.dirname($file).'&amp;f='.basename($file);
+	?>
+		<p><b><?php echo hsc($_['admin_txt_00']) ?></b></p>
+		<table class="index_T" id="old_backup_T">
+		<tr>
+		<td class="file_name">
+			<?php echo '<a href="'.$href.'&amp;p=edit'.'" id="old_backup">'.basename($file); ?></a>
+		</td>
+		<td class="meta_T file_size">&nbsp;
+			<?php echo number_format(filesize($ONESCRIPT_file_backup)); ?> B
+		</td>
+		<td class="meta_T file_time"> &nbsp;
+			<script>FileTimeStamp(<?php echo filemtime($ONESCRIPT_file_backup); ?>, 1, 0);</script>
+		</td></tr></table>
+		
+		<a href="<?php echo $href.'&amp;p=delete' ?>" class="button" id="del_backup"><?php echo hsc($_['Delete']) ?></a>
+		<div style="clear: both"></div>
+		<p><?php echo hsc($_['admin_txt_01']) ?>
+		
+		<script>document.getElementById("old_backup").focus();</script>
+		<hr>
+	<?php
+	}else {
+		echo '<script>document.getElementById("cancel").focus();</script>';
+	}//end of check for backup
+	?>
+		
 	<p><b><?php echo hsc($_['admin_txt_02']) ?></b>
 	<p><?php echo hsc($_['admin_txt_04']) ?>
 	<p><?php echo hsc($_['admin_txt_12']) ?>
@@ -1159,15 +1185,13 @@ function Admin_Page() { //******************************************************
 	<p><?php echo hsc($_['admin_txt_16']) ?>
 	</div>
 <?php
-	echo '<script>document.getElementById("cancel").focus();</script>';
-return;
 }//end Admin_Page() ************************************************************
 
 
 
 
 function Hash_Page() { //******************************************************
-	global $_, $DOC_ROOT, $ONESCRIPT, $param1, $param2, $message, $INPUT_NUONCE, $config_title, $PWUN_RULES;
+	global $_, $DOC_ROOT, $ONESCRIPT, $param1, $param3, $message, $INPUT_NUONCE, $config_title, $PWUN_RULES;
 
 	if (!isset($_POST['whattohash'])) { $_POST['whattohash'] = ''; }
 ?>
@@ -1175,7 +1199,7 @@ function Hash_Page() { //******************************************************
 
 	<h2><?php echo hsc($_['page_title_hash']) ?></h2>
 	
-	<form id="hash" name="hash" method="post" action="<?php echo $ONESCRIPT.$param1.'&amp;p=hash'; ?>">
+	<form id="hash" name="hash" method="post" action="<?php echo $ONESCRIPT.$param1.$param3; ?>">
 		<?php echo $INPUT_NUONCE; ?>
 		<?php echo hsc($_['pass_to_hash']) ?>
 		<input type="text" name="whattohash" id="whattohash" value="<?php echo hsc($_POST["whattohash"]) ?>">
@@ -1216,7 +1240,7 @@ function Hash_response() { //***************************************************
 
 function Change_PWUN_Page($config_key) { //*************************************
 	// $config_key must= "pw" or "un"
-	global $_, $EX, $DOC_ROOT, $ONESCRIPT, $param1, $message, $INPUT_NUONCE, $config_title, $PWUN_RULES;
+	global $_, $EX, $DOC_ROOT, $ONESCRIPT, $param1, $param3, $message, $INPUT_NUONCE, $config_title, $PWUN_RULES;
 	
 	if ($config_key == "pw") {
 		$type = "password";
@@ -1234,7 +1258,7 @@ function Change_PWUN_Page($config_key) { //*************************************
 
 	<h2><?php echo $page_title ?></h2>
 	
-	<form id="change" name="<?php echo $config_key ?>" method="post" action="<?php echo $ONESCRIPT.$param1.'&amp;p=changepw'; ?>">
+	<form id="change" name="<?php echo $config_key ?>" method="post" action="<?php echo $ONESCRIPT.$param1.$param3; ?>">
 		<input type="hidden" name="<?php echo $config_key ?>" value="">
 		
 		<?php echo $INPUT_NUONCE; ?>
@@ -1253,8 +1277,8 @@ function Change_PWUN_Page($config_key) { //*************************************
 
 	<div class="info">
 	<?php echo $PWUN_RULES ?>
-	<p><?php echo hsc($_['pw_txt_09']) ?>
-	<p><?php echo hsc($_['pw_txt_10']) ?>
+	<p><?php echo hsc($_['pw_txt_12']) ?>
+	<p><?php echo hsc($_['pw_txt_14']) ?>
 	</div>
 <?php 
 } //end Change_PWUN_Page() *****************************************************
@@ -1263,9 +1287,9 @@ function Change_PWUN_Page($config_key) { //*************************************
 
 
 function Update_config($search_for, $replace_with) {//********************
-	global  $DOC_ROOT, $ONESCRIPT, $HASHWORD;
+	global  $ONESCRIPT, $ONESCRIPT_file, $ONESCRIPT_file_backup, $HASHWORD;
 
-	$ONESCRIPT_contents = file_get_contents($DOC_ROOT.$ONESCRIPT);
+	$ONESCRIPT_contents = file_get_contents($ONESCRIPT_file);
 	//Convert any CR+NL to only newline.
 	$ONESCRIPT_contents = str_replace("\r\n", "\n", $ONESCRIPT_contents);
 	$ONESCRIPT_lines = explode("\n", "".$ONESCRIPT_contents);
@@ -1280,19 +1304,21 @@ function Update_config($search_for, $replace_with) {//********************
 		}
 	}
 
+	copy($ONESCRIPT_file, $ONESCRIPT_file_backup); // Just in case...
+
 	$updated_contents = implode("\n", $ONESCRIPT_lines);
-	file_put_contents($DOC_ROOT.$ONESCRIPT, $updated_contents);
+	file_put_contents($ONESCRIPT_file, $updated_contents);
 }//end Update_config() *********************************************************
 
 
 
 
 function Change_PWUN_response($PWUN){ //****************************************
-	//Update $HASHWORD $ONESCRIPT
-	global $_, $HASHWORD, $DOC_ROOT, $ONESCRIPT, $EX, $message, $page;
+	//Update $USERNAME or $HASHWORD. Default $page = changepw or changeun 
+	global $_, $USERNAME, $HASHWORD, $EX, $message, $page;
 
-	if     ($PWUN == "pw") { $error1  = hsc($_['change_pw_01']); }
-	elseif ($PWUN == "un") { $error1  = hsc($_['change_un_01']); }
+	if     ($PWUN == "pw") { $error1  = hsc($_['change_pw_02']); }
+	elseif ($PWUN == "un") { $error1  = hsc($_['change_un_02']); }
 	else                   { $message .= 'Invalid parameter for Change_PWUN_response()'; return; }
 
 	// trim leading & trailing white-space from input values
@@ -1302,21 +1328,19 @@ function Change_PWUN_response($PWUN){ //****************************************
 
 	//If nothing entered, do nothing.
 	if ( ($current_pass == "") && ($new_pwun == "") && ($confirm_pwun == "") ) {
-		$page = "changepw";
+		;//...
 		
 	//If no new & confirm values entered, display $message to that effect.
 	}elseif ( ($new_pwun == "") && ($confirm_pwun == "") ) {
-		$message .= $EX.'<b>'.$error1.' </b>'.hsc($_['pw_txt_02']).'<br>';
-		$page = 'changepw';
+		$message .= $EX.'<b>'.$error1.' </b>'.hsc($_['pw_txt_06']).'<br>';
 		
 	//If new & Confirm values don't match, display $message to that effect.
 	}elseif ($new_pwun != $confirm_pwun) {
 		$message .= $EX.'<b>'.$error1.' </b>'.hsc($_['change_pw_04']).'<br>';
-		$page = 'changepw'; 
 		
 	//If incorrect current p/w, logout.  (new == confirm at this point)
 	}elseif (hashit($current_pass) != $HASHWORD) {
-		$message .= $EX.'<b>'.$error1.'</b><br>'.hsc($_['change_pw_02']).'<br>';
+		$message .= $EX.'<b>'.$error1.'</b><br>'.hsc($_['change_pw_03']).'<br>';
 		Logout();
 		
 	//If changing password ($HASHWORD, actually)
@@ -1326,7 +1350,7 @@ function Change_PWUN_response($PWUN){ //****************************************
 		$replace_with = '$HASHWORD = "'.$HASHWORD.'";';
 		Update_config($search_for, $replace_with);
 		
-		$message .= $EX.'<b>'.hsc($_['change_pw_07']).'</b>';
+		$message .= $EX.'<b>'.hsc($_['change_pw_01']).'</b>';
 		$page = "admin"; //Return to Admin page.
 		
 	//Else change username...
@@ -1336,7 +1360,7 @@ function Change_PWUN_response($PWUN){ //****************************************
 		$replace_with = '$USERNAME = "'.$USERNAME.'";';
 		Update_config($search_for, $replace_with);
 
-		$message .= $EX.'<b>'.hsc($_['change_un_07']).'</b>';
+		$message .= $EX.'<b>'.hsc($_['change_un_01']).'</b>';
 		$page = "admin"; //Return to Admin page.
 	}
 }//end Change_PWUN_response() //************************************************
@@ -1502,10 +1526,11 @@ function Index_Page(){ //*******************************************************
 function Edit_Page_buttons_top($text_editable,$file_ENC){ //********************
 	global $_, $ONESCRIPT, $param1, $filename;
 
-	//For [Close] button if came from admin page
+	//For [Close] button: if came from admin page, restore admin_ipath
 	$params = $param1;
-	if ($_SESSION['recent_pages'][1] == "admin") { $params = '?i='.URLencode_path($_SESSION['admin_ipath']).'&amp;p=admin'; }
-
+	if ($_SESSION['recent_pages'][1] == "admin") {
+		$params = '?i='.URLencode_path($_SESSION['admin_ipath']).'&amp;p=admin';
+	}
 ?>
 	<div class="edit_btns_top">
 		<div class="file_meta">
@@ -1535,30 +1560,35 @@ function Edit_Page_buttons_top($text_editable,$file_ENC){ //********************
 
 
 function Edit_Page_buttons($text_editable, $too_large_to_edit) { //*************
-	global $_, $ONESCRIPT, $param1, $param2, $MAX_IDLE_TIME;
+	global $_, $ONESCRIPT, $param1, $param2, $MAX_IDLE_TIME, $Editing_OFCMS;
 	$Button = '<input type="button" class="button" value="';
 	$ACTION = '" onclick="parent.location = \''.$ONESCRIPT.$param1.$param2.'&amp;p=';
 
-	//For [Close] button if came from admin page
+	//For [Close] button: if came from admin page, restore admin_ipath
 	$params = $param1;
-	if ($_SESSION['recent_pages'][1] == "admin") { $params = '?i='.URLencode_path($_SESSION['admin_ipath']).'&amp;p=admin'; }
+	if ($_SESSION['recent_pages'][1] == "admin") {
+		$params = '?i='.URLencode_path($_SESSION['admin_ipath']).'&amp;p=admin';
+	}
 ?>
 	<div class="edit_btns_bottom">
-	<?php if ($text_editable && !$too_large_to_edit) { //Show save & reset only if editable file ?> 
-		<?php echo Timeout_Timer($MAX_IDLE_TIME, 'timer1','timer', 'LOGOUT'); ?>
-		<input type="submit" class="button" value="Save"                  onclick="submitted = true;" id="save_file">
-		<input type="button" class="button" value="<?php echo hsc($_['reset']) ?>" onclick="Reset_File()"      id="reset">
+	<?php if ($text_editable && !$too_large_to_edit) { //Show save & reset only if editable file ?>
+		<?php echo Timeout_Timer($MAX_IDLE_TIME, 'timer1','timer', 'LOGOUT'); 
+	  ?><input type="submit" class="button" value="Save"                           onclick="submitted = true;" id="save_file"><?php
+	  ?><input type="button" class="button" value="<?php echo hsc($_['reset']) ?>" onclick="Reset_File()"      id="reset">
 		<script>
-			//Set disabled here instead of via input attribute in case js is disabled.
-			//If js is disabled, user would be unable to save changes.
+			//Set disabled with js instead of via input attribute in case js is disabled.
+			//Otherwise, if js is disabled, user would be unable to save changes.
 			document.getElementById('save_file').disabled = "disabled";
 			document.getElementById('reset').disabled     = "disabled";
 		</script>
-	<?php } ?>
-	<?php echo $Button.hsc($_['Ren_Move']).$ACTION ?>rename'">
-	<?php echo $Button.hsc($_['Copy'])    .$ACTION ?>copy'"  >
-	<?php echo $Button.hsc($_['Delete'])  .$ACTION ?>delete'">
-	<?php echo $Button.hsc($_['Close']) ?>" onclick="parent.location = '<?php echo $ONESCRIPT.$params ?>'">
+<?php }
+	//Don't show [Rename] or [Delete] if editing OneFileCMS itself.
+
+	if (!$Editing_OFCMS) { echo $Button.hsc($_['Ren_Move']).$ACTION.'rename\'">'; }
+	echo $Button.hsc($_['Copy'])    .$ACTION.'copy\'">';
+	if (!$Editing_OFCMS) { echo $Button.hsc($_['Delete'])  .$ACTION.'delete\'" id="delete">'; }
+	echo $Button.hsc($_['Close']).'" onclick="parent.location = \''.$ONESCRIPT.$params.'\'">'
+?>
 	</div>
 <?php
 }//end Edit_Page_buttons()******************************************************
@@ -1574,13 +1604,13 @@ function Edit_Page_form($ext, $text_editable, $too_large_to_edit, $too_large_to_
 		<?php echo $INPUT_NUONCE; ?>
 <?php
 		if ( !in_array( strtolower($ext), $itypes) ) { //If non-image...
-
+				
 			if (!$text_editable) { // If non-text file...
 				echo '<p class="edit_disabled">'.hsc($_['edit_txt_01']).'<br><br></p>';
-
+				
 			}elseif ( $too_large_to_edit ) {
  				echo '<p class="edit_disabled">'.$too_large_to_edit_message.'</p>';
-
+				
 			}else{
 				if (PHP_VERSION_ID  < 50400) {  // 5.4.0
 					$filecontents = hsc($raw_contents);
@@ -1588,7 +1618,7 @@ function Edit_Page_form($ext, $text_editable, $too_large_to_edit, $too_large_to_
 					$filecontents = htmlspecialchars($raw_contents,ENT_SUBSTITUTE | ENT_QUOTES, 'UTF-8');
 				}
 				$bad_chars = ($filecontents == "" && filesize($filename) > 0);
-
+				
 				if ($bad_chars){ //did htmlspecialchars return an empty string?
 					echo '<pre class="edit_disabled">'.$EX.hsc($_['edit_txt_02']).'<br>';
 					echo hsc($_['edit_txt_03']).'<br>';
@@ -1600,9 +1630,9 @@ function Edit_Page_form($ext, $text_editable, $too_large_to_edit, $too_large_to_
 				}
 			} //end if non-text file...
 		} //end if non-image
-
+		
 		Edit_Page_buttons($text_editable, $too_large_to_edit);
-
+		
 		Edit_Page_scripts();
 ?>	</form>
 <?php
@@ -1956,17 +1986,26 @@ function Delete_File_Page() { //************************************************
 
 
 function Delete_File_response(){ //*********************************************
-	global $_, $filename, $message, $EX, $page;
+	global $_, $filename, $message, $EX, $page, $ipath, $param1, $param2;
 
 	$page = "index"; //Return to index
 	$filename = $_POST["delete_file"];
 
 	if (unlink($filename)) {
 		$message .= '<b>'.hsc($_['delete_msg_01']).' '.hte(basename($filename)).'</b><br>';
+		$filename = "";
 	}else{
 		$message .= $EX.'<b>'.hsc($_['delete_msg_02']).' "'.hte($filename).'"</b>.<br>';
 		$page = "edit";
 	}
+
+	//If came to Delete from admin page, restore admin_ipath & return to admin.
+	if ($_SESSION['recent_pages'][1] == "admin") {
+		$ipath = $_SESSION['admin_ipath'];
+		$page = "admin";
+		$param1 = '?i='.URLencode_path($ipath);
+		$param2 = "";
+	}
 }//end Delete_File_response() **************************************************
 
 
@@ -2349,9 +2388,9 @@ function Check_for_changes(event){
 		changed = (File_textarea.value != start_value);
 		if (changed){
 			document.getElementById('message').innerHTML = " "; // Must have a space, or it won't clear the msg.
-			File_textarea.style.backgroundColor = "#Fee";  //light red
+			File_textarea.style.backgroundColor    = "#Fee";//light red
 			Save_File_button.style.backgroundColor ="#Fee";
-			Save_File_button.style.borderColor = "#Faa";   //less light red
+			Save_File_button.style.borderColor = "#Faa";  //less light red
 			Save_File_button.style.borderWidth = "1px";
 			Save_File_button.disabled = "";
 			Reset_button.disabled = "";
@@ -2730,12 +2769,15 @@ function style_sheet(){ //******************************************************
 
 .image_info {color: #222; font-size: 1em ;}
 
-.edit_btns_bottom { float: right; margin-bottom: .65em; }
+.edit_btns_bottom { float: right; }
 .edit_btns_bottom .button { margin-left: .5em; }
 
 .admin_buttons .button { margin-right: .5em; }
 
 #upload_file { margin-bottom: .6em; }
+
+#old_backup_T { float: left; margin-bottom: .3em; }
+#del_backup   { float: left; margin-left  :  1em; }
 </style>
 <?php 
 }//end style_sheet() ***********************************************************
@@ -2799,10 +2841,12 @@ function Language_and_config_adjusted_styles() {//******************************
 
 	Respond_to_POST();
 
-	//*** Verify $page prerequisites *****************
+	Update_Recent_Pages();
+
+	//*** Verify a few $page conditions **************
 
 	//Don't load login screen when already in a valid session.
-	//'valid' may change after Respond_to_POST()
+	//$_SESSION['valid'] may be false after Respond_to_POST()
 	if     ( ($page == "login") && $_SESSION['valid'] )  { $page = "index"; } 
 
 	elseif ( $page == "logout" ) {
@@ -2820,27 +2864,29 @@ function Language_and_config_adjusted_styles() {//******************************
 		$page = "index";}
 
 	//If editing OneFileCMS itself, show red message box with white text.
-	elseif ( ($page == "edit") && ($filename == trim(rawurldecode($ONESCRIPT), '/')) ) { 
-		if ( $message == "" ) { $BR = ""; } else { $BR = '<br>';}
+	elseif ($filename == trim(rawurldecode($ONESCRIPT), '/')) { 
 		$message .= '<style>#message p {background: red; color: white;}</style>';
 		$message .= $EX.'<b>'.hsc($_['edit_caution_01']).' '.$EX.hsc($_['edit_caution_02']).'</b><br>';
 	}
-	//end Verify $page prerequisites *****************
-
-	Update_Recent_Pages();
+	//end Verify a few $page restrictions ************
 
 }//end if $_SESSION[valid] *************************************
 
+
+//Used to disable some options if editing OneFileCMS itself.
+$Editing_OFCMS = false;
+if ( isset($filename) && ($filename == trim(rawurldecode($ONESCRIPT), '/')) ) { $Editing_OFCMS = true; }
+
 //Don't show path header or admin link on some pages.
 $Show_header_and_Admin = true;
-if ( ($page == "login") || ($page == "admin") || ($page == "hash") || ($page == "changepw") || ($page == "changeun") ){
+$pages_to_show_admin = array("login","admin","hash","changepw","changeun");
+if ( $Editing_OFCMS || in_array($page, $pages_to_show_admin) ){
 	$Show_header_and_Admin = false;
 }
 
 //Finish up/prepare to send page contents.
 $early_output = ob_get_clean(); // Should be blank unless trouble-shooting.
 header('Content-type: text/html; charset=UTF-8');
-
 //end logic to determine page action *******************************************
 
 
@@ -2894,6 +2940,8 @@ function Language_and_config_adjusted_styles() {//******************************
 //Admin link
 if ($Show_header_and_Admin) {
 	echo '<a id="admin" href="'.$ONESCRIPT.$param1.$param2.'&amp;p=admin">'.hsc($_['Admin']).'</a>';
+}else {
+	echo "<br>";
 }
 ?>
 
diff --git a/readme.markdown b/readme.markdown
index 55c717d..4539381 100755
--- a/readme.markdown
+++ b/readme.markdown
@@ -1,8 +1,9 @@
-# Current stable version: 3.3.12
+# Current stable version: 3.3.15
 
-### Auguest 10, 2012
+### Auguest 13, 2012
 
-- Added password update screen, so manual editing of OneFileCMS is not required (but is still possible, of course).
+- Added admin/config screens for updating password and username using OneFileCMS itself, so manual editing of OneFileCMS is not required (but is still possible, of course).
+- Removed plain text $PASSWORD option.
 
 
 ### Auguest 7, 2012
@@ -82,21 +83,15 @@ Coupling a utilitarian code editor with basic file managing functions, OneFileCM
 
 ## Installation
 
-1) Download [this file](https://raw.github.com/Self-Evident/OneFileCMS/master/onefilecms.php).
+1) Download [this file](https://raw.github.com/Self-Evident/OneFileCMS/master/onefilecms.php).  
 
-2) Set your username and password (to something a bit less obvious).  
-
-    // CONFIGURATION INFO  
-    $USERNAME = "username";  
-    $PASSWORD = "password";  
+2) Upload to anywhere on your site.  
   
-	(To change the password, use the Change Password screen found on the Admin page.)
-
-3) Upload to anywhere on your site!
+3) Using your browser, start OneFileCMS, click on Admin and set your username and password!  
 
-Depending on how your web stack is set up, you may also have to modify the file permissions of your site's folders to allow OneFileCMS to modify and create files. ([More about that here.](http://catcode.com/teachmod/)) Make sure onefilecms.php and its parent folder are allowed to execute, with CHMOD at 755. Check with your host if you're not sure, and be aware of any inherent security concerns.
+Depending on how your web stack is set up, you may also have to modify the file permissions of your site's folders to allow OneFileCMS to modify and create files. ([More about that here.](http://catcode.com/teachmod/)) Make sure onefilecms.php and its parent folder are allowed to execute, with CHMOD at 755. Check with your host if you're not sure, and be aware of any inherent security concerns.  
 
-You can also change the file name of OneFileCMS.php to something else, such as "Admin.php" . _(Be careful about making it a folder's default file: your server may get stuck in redirects.)_
+You can also change the file name of OneFileCMS.php to something else, such as "Admin.php" . (Be careful about making it a folder's default file: your server may get stuck in redirects.)
 
 ## FAQ
 
@@ -118,13 +113,13 @@ Well, because "OneFileFileManagerTextEditor" just doesn't have the same ring to
 
 ### Multi-Language Support?
 
-Yes!  (But only English, German and Spanish are available so far.)
+Yes!  Currently, English, German, and Spanish are available.  (Someone told me he was working on an Esparento translation, but he might have been kidding...)
 
 ### Can I have more than one username/password?
 
 Yes!  Well, sort of - indirectly.  Upload or create addional copies of OneFileCMS, but give them different file names.(ie: OneFile1.php and OneFile2.php etc...)  Then, with each copy, maintain different user names and passwords.  Also, so that one user does not log out the other, change the $session_name config variables.  
   
-Now, since there is no database or other means of granular control and acess logging, multiple users may be kind of pointless.  On the other hand, having at least one working backup copy of OneFileCMS available is recommended in case the primary copy gets corrupted.
+Now, since there is no database or other means of granular control and access logging, multiple users may be kind of pointless.  On the other hand, having at least one working backup copy of OneFileCMS available is recommended in case the primary copy gets corrupted.
 
 ## Requirements
 
@@ -191,9 +186,10 @@ GENERATE/OUTPUT THE PAGE
 
 ## Change Log
 
-### 3.3.11 - 3.3.12
+### 3.3.11 - 3.3.15
 
-- Added Change Password screen.
+- Added screens for changing username and password.
+- Plaintext $PASSWORD option is no longer available.
 - Improved validation of $_GET parameters & other general code improvements.
 
 ### 3.3.10

From 152eb916d361c0d486d3d6b2dccd88a728b221f8 Mon Sep 17 00:00:00 2001
From: Self-Evident <selfevidenttruths@mail.com>
Date: Tue, 14 Aug 2012 13:40:00 -0400
Subject: [PATCH 133/228] Version 3.3.16 Added Rename, Copy, and Delete file
 options to Index page. Removed some css for svg (properties already "reset")
 Removed some superfluous <someclass>.a:hover {styles} Added supports_svg():
 checks for IE < 9. Added svg_icon_ren(), svg_icon_copy(), svg_icon_del()
 List_Files(): check for old IE < 9, provide text "icons" in lieu of svg
 Removed show_favicon(): only 4 lines - put code directly in Page_Header().
 Change_PWUN_response(): removed unnecessary parameter check. Added $_['R'],
 $_['C'], $_['D'], $_['update_failed'] Update_config(): Added check if
 file_put_contents() fails. Removed old ini language files - still available
 in download archive.

---
 OFCMS_config.SAMPLE.php               |   9 +-
 OneFileCMS.LANG.DE.php                |   5 +-
 OneFileCMS.LANG.EN.php                |   5 +-
 OneFileCMS.LANG.ES.php                |   5 +-
 OneFileCMS_structure.txt              |   5 +-
 old_lang_files/OneFileCMS.LANG.DE.ini | 238 --------------------------
 old_lang_files/OneFileCMS.LANG.EN.ini | 238 --------------------------
 old_lang_files/OneFileCMS.LANG.ES.ini | 238 --------------------------
 onefilecms.php                        | 183 +++++++++++++-------
 readme.markdown                       |  13 +-
 10 files changed, 149 insertions(+), 790 deletions(-)
 delete mode 100755 old_lang_files/OneFileCMS.LANG.DE.ini
 delete mode 100755 old_lang_files/OneFileCMS.LANG.EN.ini
 delete mode 100755 old_lang_files/OneFileCMS.LANG.ES.ini

diff --git a/OFCMS_config.SAMPLE.php b/OFCMS_config.SAMPLE.php
index 7582446..7abefd1 100755
--- a/OFCMS_config.SAMPLE.php
+++ b/OFCMS_config.SAMPLE.php
@@ -1,7 +1,7 @@
 <?php 
 // OneFileCMS sample external config file.
-// For versions 3.3.06 and later
-// (Prior versions used an .ini format)
+// For versions 3.3.15 and later.  (Updated $HASHWORD, removed $PASSWORD & $USE_HASH)
+// (Versions prior to 3.3.06 used an .ini format)
 //
 // Basically, below is simply a copy & paste of the OneFileCMS config section.
 
@@ -10,10 +10,7 @@
 $config_title = "OneFileCMS";
 
 $USERNAME = 'username';
-
-$PASSWORD = 'password'; //If using $HASHWORD, you may leave this value empty.
-$USE_HASH = 0 ; // If = 0, use $PASSWORD. If = 1, use $HASHWORD. 
-$HASHWORD = 'c3e70af96ab1bfc5669280e98b438e1a8c08ca5e0bb3354c05ceaa6f339fd3f6'; //hash for "password"
+$HASHWORD = 'a6ca7f88bd5efc706d38047cc5844d2b11f86242c01e0c89a1c656dbe2dd1866'; //"password"
 $SALT     = 'somerandomsalt';
 
 $LANGUAGE_FILE = ""; //Filename of language settings. Leave blank for built-in default.
diff --git a/OneFileCMS.LANG.DE.php b/OneFileCMS.LANG.DE.php
index e4d1d0a..4cbfb5d 100755
--- a/OneFileCMS.LANG.DE.php
+++ b/OneFileCMS.LANG.DE.php
@@ -1,5 +1,5 @@
 <?php
-// OneFileCMS Language Settings v3.3.15
+// OneFileCMS Language Settings v3.3.16
 
 $_['LANGUAGE'] = 'Deutsch'; //*** There are several new or changed values without translations and are in English ***
                             //*** Also, some values are no longer used and are commented out.                     ***
@@ -25,6 +25,9 @@
 $_['image_info_font_size']  = '.95em'; //show_img_msg_01  &  _02 
 $_['image_info_pos']        = '1'; //If 1 or true, moves the info down a line for more space.
 
+$_['R'] = 'R'; // R ename       //new
+$_['C'] = 'C'; // C opy         //new
+$_['D'] = 'D'; // D elete       //new
 
 $_['Upload_File'] = 'Datei heraufladen';
 $_['New_File']    = 'Datei erstellen';
diff --git a/OneFileCMS.LANG.EN.php b/OneFileCMS.LANG.EN.php
index f26127a..e420139 100755
--- a/OneFileCMS.LANG.EN.php
+++ b/OneFileCMS.LANG.EN.php
@@ -1,5 +1,5 @@
 <?php
-// OneFileCMS Language Settings v3.3.15  //*** A few values are no longer used and are commented out. ***
+// OneFileCMS Language Settings v3.3.16  //*** A few values are no longer used and are commented out. ***
 
 $_['LANGUAGE'] = 'English';
 
@@ -25,6 +25,9 @@
 $_['image_info_font_size']  =  '1em'; //show_img_msg_01  &  _02 
 $_['image_info_pos']        = ''; //If 1 or true, moves the info down a line for more space.
 
+$_['R'] = 'R'; // R ename       //new
+$_['C'] = 'C'; // C opy         //new
+$_['D'] = 'D'; // D elete       //new
 
 $_['Upload_File'] = 'Upload File';
 $_['New_File']    = 'New File';
diff --git a/OneFileCMS.LANG.ES.php b/OneFileCMS.LANG.ES.php
index ec4dd1c..c8dd93f 100755
--- a/OneFileCMS.LANG.ES.php
+++ b/OneFileCMS.LANG.ES.php
@@ -1,5 +1,5 @@
 <?php
-// OneFileCMS Language Settings v3.3.15
+// OneFileCMS Language Settings v3.3.16
 
 $_['LANGUAGE'] = 'Espanõla';//*** There are several new or changed values without translations and are in English ***
                             //*** Also, some values are no longer used and are commented out.                     ***
@@ -25,6 +25,9 @@
 $_['image_info_font_size']  = '.95em';//show_img_msg_01  &  _02 
 $_['image_info_pos']        = ''; //If 1 or true, moves the info down a line for more space.
 
+$_['R'] = 'R'; // R ename       //new
+$_['C'] = 'C'; // C opy         //new
+$_['D'] = 'D'; // D elete       //new
 
 $_['Upload_File'] = 'Subir Archivo';
 $_['New_File']    = 'Archivo Nuevo';
diff --git a/OneFileCMS_structure.txt b/OneFileCMS_structure.txt
index c6470a9..f12c0c7 100755
--- a/OneFileCMS_structure.txt
+++ b/OneFileCMS_structure.txt
@@ -24,6 +24,7 @@ MISC FUNCTIONS:
 	Check_path()
 	is_empty()
 	ordinalize()
+	supports_svg()
 
 PAGE CHUNK FUNCTIONS
 	Current_Path_Header()
@@ -32,12 +33,14 @@ PAGE CHUNK FUNCTIONS
 	Upload_New_Rename_Delete_Links()
 	Cancel_Submit_Buttons()
 	show_image()
-	show_favicon()
 	Timeout_Timer()
 
 	Init_Macros()
 
 SVG ICON FUNCTIONS:
+	svg_icon_ren()
+	svg_icon_copy()
+	svg_icon_del()
 	svg_icon_bin()
 	svg_icon_img()
 	svg_icon_svg()
diff --git a/old_lang_files/OneFileCMS.LANG.DE.ini b/old_lang_files/OneFileCMS.LANG.DE.ini
deleted file mode 100755
index 44d4eeb..0000000
--- a/old_lang_files/OneFileCMS.LANG.DE.ini
+++ /dev/null
@@ -1,238 +0,0 @@
-;///////////////////////////////////////////////////////////////////////////////
-;// OneFileCMS Language Settings v3.3.06
-
-LANGUAGE = "German"
-
-;Übersetzungen:
-;==============
-;Move=Verschieben ;Directory or Folder=Ordner ;Create=erstellen
-;Log In=anmelden ;Log out=abmelden ;reset=zurücksetzen
-;session=sitzung ;expired=abgelaufen ;exist=bestehen
-;configuration section=Konfigurationsbereich
-;hash=Streuwert
-;button: knopf
-;Anrede: Sie
-
-
-;// In some instances, some langauges may use significantly longer words or phrases than others.
-;// So, a smaller font or less spacing may be desirable in those places to preserve page layout.
-;//
-front_links_font_size = ".9em"; //Buttons on Index page.
-front_links_margin_R  = ".5em";
-button_font_size      = ".7em"; //Buttons on Edit page.
-button_margin_L       = ".5em";
-button_padding        = "4px 5px";
-image_info_font_size  = ".95em"; //show_img_msg_01 & _02 
-image_info_pos        = "1"; //If 1 or true, moves the info down a line for more space.
-
-
-Upload_File = "Datei heraufladen"
-New_File    = "Datei erstellen"
-Ren_Move    = "Umbenennen/Verschieben"
-Ren_Moved   = "Umbenannt/Verschoben"
-New_Folder  = "Neuer Ordner"
-Ren_Folder  = "Ordner umbenennen/verschieben"
-Del_Folder  = "Ordner löschen"
-
-Admin  = "Konfiguration"
-Enter  = "Eintreten"
-Edit   = "Bearbeiten"
-Close  = "Schließen"
-Cancel = "Abbrechen"
-Upload = "Heraufladen"
-Create = "Erstellen"
-Copy   = "Kopieren"
-Copied = "Kopiert"
-Rename = "Umbenennen"
-Delete = "Löschen"
-DELETE = "LÖSCHEN"
-File   = "Datei"
-Folder = "Ordner"
-
-Log_In  = "Anmelden"
-Log_Out = "Abmelden"
-
-Hash    = "Hash"
-pass_to_hash  = "Password to hash:"
-Generate_Hash = "Hash generieren"
-
-save_1      = "Speichern"
-save_2      = "ÄNDERUNGEN SPEICHERN!"
-reset       = "Zurücksetzen - Änderungen verwerfen"
-Wide_View   = "Breitenadaptierte Ansicht"
-Normal_View = "Normale Ansicht"
-
-on_      = "läuft unter"
-
-verify_msg_01 = "Sitzung abgelaufen."
-verify_msg_02 = "UNGÜLTIGE DATENSENDUNG"
-
-get_get_msg_01 = "Die Datei wurde nicht gefunden:"
-
-check_path_msg_01 = "Das Verzeichnis wurde nicht gefunden: "
-
-ord_msg_01 = "Eine Datei mit demselben Namen existiert bereits im Zielverzeichnis."
-ord_msg_02 = "Speichern als"
-
-show_img_msg_01 = "Die Bilddarstellung entspricht ~"
-show_img_msg_02 = "% der wahren Größe (W x H = "
-
-hash_h2     = "Streuwertgenerierung für das Passwort"
-hash_txt_01 = "Es gibt zwei Wege, wie Sie Ihr OneFileCMS-Passwort ändern können:"
-hash_txt_02 = "1) Verwenden Sie die Konfigurationsvariable $PASSWORD, um Ihr gewünschtes Passwort zu speichern. In diesem Fall sollte $USE_HASH auf 0 gesetzt werden."
-hash_txt_03 = "2) Oder Sie verwenden die Konfigurationsvariable $HASHWORD, um den Streuwert Ihres Passwortes zu speichern. Setzen Sie $USE_HASH in diesem Fall auf 1."
-hash_txt_04 = "Bitte denken Sie daran, dass es sich hierbei großteils um eine akademische übung handelt. Die Verwendung eines Streuwerts trägt viel zur Sicherheit bei und erlaubt Ihnen, das Passwort nicht in Klarschrift speichern zu müssen."
-hash_txt_05 = "Um die $HASHWORD Option verwenden zu können:"
-hash_txt_06 = "Tippen Sie das gewünschte Passwort in das Eingabefeld und drücken Sie Enter."
-hash_txt_07 = "Der Streuwert wird in einer gelben Box überhalb angezeigt werden."
-hash_txt_08 = "Kopieren Sie den neuen Streuwert und fügen Sie ihn in den Konfigurationsbereich als Wert der Variable $HASHWORD ein."
-hash_txt_09 = "Stellen Sie sicher, dass Sie den GESAMTEN Streuwert -- und nur diesen (keine führenden oder nachgestellten Leerzeichen, etc.) -- kopiert haben."
-hash_txt_10 = "Ein Doppelklick sollte den Streuwert auswählen..."
-hash_txt_11 = "Stellen Sie sicher, dass $USE_HASH auf 1 oder true gesetzt wurde."
-hash_txt_12 = "Wenn die Werte eingetragen wurden, melden Sie sich ab und wieder an."
-hash_txt_13 = "Sie können auch OneFileCMS selbst bearbeiten.  Legen Sie aber sicherheitshalber eine Kopie an, falls es zu einem unerwünschten Schreibfehler kommt..."
-hash_txt_14 = "Eine weitere, kleine Sicherheitsvorkehrung wäre, das Salz oder die Methode für die Streuwertgenerierung von OneFileCMS zu ändern."
-
-hash_msg_01 = "Passwort: "
-hash_msg_02 = "Streuwert    : "
-
-login_h2     = "Anmelden"
-login_txt_01 = "Benutzername:"
-login_txt_02 = "Password:"
-
-login_msg_01a = "Es wurden "
-login_msg_01b = " ungültige Anmeldversuche gezählt."
-login_msg_02a = "Bitte warten Sie "
-login_msg_02b = "Sekunden, um es erneut zu probieren."
-login_msg_03  = "UNGÜLTIGER ANMELDEVERSUCH #"
-
-edit_note_00  = "ANMKERUNG:"
-edit_note_01a = "Denken Sie immer daran: Ihre "
-edit_note_01b = " ist "
-edit_note_02  = "Speichern Sie Änderungen bevor der Countdown abläuft, oder die Änderungen sind verloren!"
-edit_note_03  = "Einige Browser (wie zum Beispiel Chrome) zeigen eventuell nicht den richtigen Dateistatus an, wenn man die Vor- und Zurückknöpfe verwendet. Zum Korrigieren offensichtlich falscher Angaben drücken Sie in so einem Fall bitte den \"Neu laden\"-Knopf."
-edit_note_04  = "Die XSS-Filter des Chrome Browsers deaktivieren möglicherweise einige JavaScript-Funktionen, wenn diese in einem gewissen Kontext auftreten. Das kann sich auf einige Features des OneFileCMS auswirken. Trotzdem können solche Dateien bearbeitet und gespeichert werden. Allerdings bleibt die Hintergrundfarbe immer gleich; Änderungen an der Datei werden sonst mit wechselnden Hintergrundfarben (rot und grün) dargestellt."
-
-edit_h2_1   = "Betrachtend: "
-edit_h2_2   = "In Bearbeitung: "
-edit_txt_01 = "Unbekannter Dateityp oder keine Textdatei. Bearbeitungsmöglichkeit ausgeschalten."
-edit_txt_02 = "Die Datei enthält möglicherweise ungültige Zeichen. Der Bearbeitungs- und Betrachtungsmodus wurde gesperrt."
-edit_txt_03 = "htmlspecialchars() gab eine leere Zeichenkette zurück."
-edit_txt_04 = "Das Verhalten kann je nach verwendeter PHP-Version unterschiedlich sein."
-
-too_large_to_edit_01a = "Bearbeitungsfunktion deaktiviert. Dateigröße > "
-too_large_to_edit_01b = " bytes."
-too_large_to_edit_02  = "Einige Browser (wie zum Beispiel der Internet Explorer) bleiben stecken oder werden instabil, sobald größere Textmengen in einer HTML <textarea> bearbeitet werden."
-too_large_to_edit_03  = "Die Einstellung $MAX_EDIT_SIZE im Konfigurationsbereich des OneFileCMS kann nach den Erfordernissen angepaßt werden."
-too_large_to_edit_04  = "Mittels einfachem Trial & Error kann das optimale Limit für einen bestimmten Browser und Computer festgestellt werden."
-
-too_large_to_view_01a = "Betrachtungsmodus deaktiviert. Filesize > "
-too_large_to_view_01b = " Bytes."
-too_large_to_view_02  = "Klicken Sie auf den Dateinamen überhalb, um die Datei direkt im Browser anzuzeigen."
-too_large_to_view_03  = "Adjustieren Sie die $MAX_VIEW_SIZE im Konfigurationsbereich von OneFileCMS nach Ihren Bedürfnissen."
-too_large_to_view_04  = "(The default value for $MAX_VIEW_SIZE is completely arbitrary, and may be adjusted as desired.)"
-
-meta_txt_01 = "Dateigröße: "
-meta_txt_02 = " Bytes."
-meta_txt_03 = "Zuletzt aktualisiert am/um: "
-
-edit_msg_01 = "Die Datei wurde gespeichert: "
-edit_msg_02 = "Bytes geschrieben."
-edit_msg_03 = "Bei dem Versuch die Datei zu speichern trat ein Fehler auf."
-
-upload_h2     = "Datei heraufladen"
-upload_txt_01 = "  per upload_max_filesize in php.ini."
-upload_txt_02 = "per post_max_size in php.ini"
-upload_txt_03 = "Anmerkung: Die maximale Dateigröße für das Heraufladen von Dateien beträgt: "
-
-upload_err_01a = "Fehler 1: Die Datei ist zu groß.  "
-upload_err_01b = " (Einschränkung durch php.ini)"
-upload_err_02a = "Fehler 2: Die Datei ist zu groß.  "
-upload_err_02b = " (Einschränkung durch OneFileCMS)"
-upload_err_03  = "Fehler 3: Die Datei wurde nur teilweise heraufgeladen."
-upload_err_04  = "Fehler 4: Es wurde keine Datei heraufgeladen."
-upload_err_05  = "Fehler 5:"
-upload_err_06  = "Fehler 6: Konnte kein temporäres Verzeichnis finden."
-upload_err_07  = "Fehler 7: Die Datei konnte nicht gespeichert werden."
-upload_err_08  = "Fehler 8: Eine PHP-Erweiterung hat das Heraufladen der Datei gestoppt."
-
-upload_msg_01 = "Es wurde keine Datei zum Heraufladen gewählt."
-upload_msg_02 = "Der Zielordner existiert nicht: "
-upload_msg_03 = "Das Heraufladen wurde abgebrochen."
-upload_msg_04 = "Heraufladen: "
-upload_msg_05 = "Das Heraufladen war erfolgreich! "
-upload_msg_06 = "Das Heraufladen ist fehlgeschlagen: "
-
-new_file_h2 = "Neue Datei"
-new_file_txt_01 = "Die Datei wird im aktuellen Ordner erstellt.  "
-new_file_txt_02 = "Ungültige Zeichen für Dateinamen sind: "
-
-new_file_msg_01 = "Die neue Datei wurde nicht erstellt:"
-new_file_msg_02 = "Der Name enthält ungültige Zeichen: "
-new_file_msg_03 = "Es wurde keine Datei erstellt, da kein Name eingegeben wurde"
-new_file_msg_04 = "Die Datei besteht bereits: "
-new_file_msg_05 = "Datei erstellt:"
-new_file_msg_06 = "Fehler - die Datei konnte nicht erstellt werden:"
-
-CRM_txt_01  = "Um eine Datei oder einen Ordner zu verschieben, ändern Sie den pfad/zur/datei/oder/dem/verzeichnis. Der neue Ort muss bereits existieren."
-CRM_txt_02  = "Alter Name:"
-CRM_txt_03  = "Neuer Name:"
-
-CRM_msg_01  = " Fehler - der neue Zielort besteht nicht:"
-CRM_msg_02  = " Fehler - die Quelldatei besteht nicht:"
-CRM_msg_03  = " Fehler - die Zieldatei besteht bereits:"
-CRM_msg_04  = " zu "
-CRM_msg_05a = "Fehler während "
-CRM_msg_05b = " des folgenden Vorgangs:"
-
-delete_h2 = "Datei löschen"
-delete_txt_01 = "Sind Sie sicher?"
-
-delete_msg_01 = "Gelöschte Datei:"
-delete_msg_02 = "Während des Löschvorgangs trat ein Fehler auf "
-
-new_folder_h2 = "Neuer Ordner"
-new_folder_txt_1 = "Der neue Ordner wird als Unterordner des aktuellen Ordners angelegt.  "
-new_folder_txt_2 = "Ungültige Zeichen für Ordnernamen sind: "
-
-new_folder_msg_01 = "Der Ordner konnte nicht erstellt werden:"
-new_folder_msg_02 = "Der Name enthält ungültige Zeichen: "
-new_folder_msg_03 = "Es wurde kein Ordner erstellt, da kein Name dafür eingegeben wurde."
-new_folder_msg_04 = "Der Ordner besteht bereits: "
-new_folder_msg_05 = "Ordner erstellt:"
-new_folder_msg_06 = "Fehler - der Ordner konnte nicht erstellt werden: "
-
-delete_folder_h2     = "Ordner löschen"
-delete_folder_txt_01 = "Sind Sie sicher?"
-
-delete_folder_msg_01 = "Der Ordner ist nicht leer.   Bevor ein Ordner gelöscht werden kann, muss er geleert werden."
-delete_folder_msg_02 = "Gelöschter Ordner:"
-delete_folder_msg_03 = "während des Löschvorgangs trat ein Fehler auf."
-
-page_title_login      = "Anmelden"
-page_title_hash       = "Hash Page"
-page_title_edit       = "Datei bearbeiten/betrachten"
-page_title_upload     = "Datei heraufladen"
-page_title_new_file   = "Neue Datei"
-page_title_copy       = "Datei kopieren"
-page_title_ren        = "Datei umbenennen"
-page_title_del        = "Datei löschen"
-page_title_folder_new = "Neuer Ordner"
-page_title_folder_ren = "Ordner umbenennen/verschieben"
-page_title_folder_del = "Ordner löschen"
-
-session_warning = "Achtung: Die sitzung wird ende bald!"
-session_expired = "SITZUNG ABGELAUFEN"
-unload_unsaved  = "               Nicht gespeicherte Änderungen gehen verloren!"
-confirm_reset   = "Soll der Inhalt der Datei zurückgesetzt werden (Änderungen gehen verloren)?"
-
-OFCMS_requires  = "OneFileCMS erfordert PHP5. Getestet mit den Versionen 5.2.8, 5.3.3 & 5.4.4."
-
-logout_msg       = "Sie wurden erfolgreich abgemeldet."
-folder_del_msg   = "Der Ordner ist nicht leer.   Der Ordner muss leer sein, bevor er gelöscht werden kann."
-upload_error_01a = " Fehler beim Heraufladen.  Die Gesamtmenge and heraufgeladenen Daten (in Hauptsache die Datei) überschreitet die post_max_size = "
-upload_error_01b = " (der php.ini)"
-edit_caution_01  = "ACHTUNG "
-edit_caution_02  = " Sie bearbeiten gerade die aktive Version von OneFileCMS - Sichern Sie den Code und seien Sie vorsichtig !!"
-
-time_out_txt = "Automatischer Sitzungsstopp in:"
diff --git a/old_lang_files/OneFileCMS.LANG.EN.ini b/old_lang_files/OneFileCMS.LANG.EN.ini
deleted file mode 100755
index d84e81b..0000000
--- a/old_lang_files/OneFileCMS.LANG.EN.ini
+++ /dev/null
@@ -1,238 +0,0 @@
-;///////////////////////////////////////////////////////////////////////////////
-;// OneFileCMS Language Settings v3.3.06
-
-LANGUAGE = English
-
-;// These are the default values included directly in onefilecms.php.
-;//
-;// If no translation or value is desired for a particular setting, do not delete
-;// the actual setting variable, just set it to an empty string.
-;// For example:  some_unused_setting = ""
-;//
-;// Remember to slash-escape double quotes that may be within a value:  \" 
-;// And, for any values used directly in Default_Language() in onefilecms.php,
-;// single quotes must also be escaped:   \'
-
-
-;// In some instances, some langauges may use significantly longer words or phrases than others.
-;// So, a smaller font or less spacing may be desirable in those places to preserve page layout.
-;//
-front_links_font_size =  "1em"; //Buttons on Index page.
-front_links_margin_R  =  "1em";
-button_font_size      = ".9em"; //Buttons on Edit page.
-button_margin_L       = ".5em";
-button_padding        = "4px 10px";
-image_info_font_size  =  "1em"; //show_img_msg_01 & _02 
-image_info_pos        = ""; //If 1 or true, moves the info down a line for more space.
-
-
-Upload_File = "Upload File"
-New_File    = "New File"
-Ren_Move    = "Rename/Move"
-Ren_Moved   = "Renamed/Moved"
-New_Folder  = "New Folder"
-Ren_Folder  = "Rename/Move Folder"
-Del_Folder  = "Delete Folder"
-
-Admin  = "Admin"
-Enter  = "Enter"
-Edit   = "Edit"
-Close  = "Close"
-Cancel = "Cancel"
-Upload = "Upload"
-Create = "Create"
-Copy   = "Copy"
-Copied = "Copied"
-Rename = "Rename"
-Delete = "Delete"
-DELETE = "DELETE"
-File   = "File"
-Folder = "Folder"
-
-Log_In  = "Log In"
-Log_Out = "Log Out"
-
-Hash          = "Hash"
-pass_to_hash  = "Password to hash:"
-Generate_Hash = "Generate Hash"
-
-save_1      = "Save"
-save_2      = "SAVE CHANGES!"
-reset       = "Reset - loose changes"
-Wide_View   = "Wide View"
-Normal_View = "Normal View"
-
-on_      = "on"
-
-verify_msg_01 = "Session expired."
-verify_msg_02 = "INVALID POST"
-
-get_get_msg_01 = "File does not exist:"
-
-check_path_msg_01 = "Directory does not exist: "
-
-ord_msg_01 = "A file with that name already exists in the target directory."
-ord_msg_02 = "Saving as"
-
-show_img_msg_01 = "Image shown at ~"
-show_img_msg_02 = "% of full size (W x H ="
-
-hash_h2     = "Generate a Password Hash"
-hash_txt_01 = "There are two ways to change your OneFileCMS password:"
-hash_txt_02 = "1) Use the $PASSWORD config variable to store your desired password, and set $USE_HASH = 0 (zero)."
-hash_txt_03 = "2) Or, use $HASHWORD to store the hash of your password, and set $USE_HASH = 1."
-hash_txt_04 = "Keep in mind that due to a number of widely varied considerations, this is largely an academic excersize. That is, take the idea that this adds much of an improvement to security with a grain of cryptographic salt.	However, it does eleminate the storage of your password in plain text, which is a good thing."
-hash_txt_05 = "Anyway, to use the $HASHWORD password option:"
-hash_txt_06 = "Type your desired password in the input field above and hit Enter."
-hash_txt_07 = "The hash will be displayed in a yellow message box above that."
-hash_txt_08 = "Copy and paste the new hash to the $HASHWORD variable in the config section."
-hash_txt_09 = "Make sure to copy ALL of, and ONLY, the hash (no leading or trailing spaces etc)."
-hash_txt_10 = "A double-click should select it..."
-hash_txt_11 = "Make sure $USE_HASH is set to 1 (or true)."
-hash_txt_12 = "When ready, logout and login."
-hash_txt_13 = "You can use OneFileCMS to edit itself.  However, be sure to have a backup ready for the inevitable ytpo..."
-hash_txt_14 = "For another small improvement to security, change the default salt and/or method used by OneFileCMS to hash the password (and keep them secret, of course).  Remever, every little bit helps..."
-
-hash_msg_01 = "Password: "
-hash_msg_02 = "Hash    : "
-
-login_h2     = "Log In"
-login_txt_01 = "Username:"
-login_txt_02 = "Password:"
-
-login_msg_01a = "There have been "
-login_msg_01b = "invalid login attempts."
-login_msg_02a = "Please wait"
-login_msg_02b = "seconds to try again."
-login_msg_03  = "INVALID LOGIN ATTEMPT #"
-
-edit_note_00  = "NOTES:"
-edit_note_01a = "Remember- your"
-edit_note_01b = "is"
-edit_note_02  = "So save changes before the clock runs out, or the changes will be lost!"
-edit_note_03  = "With some browsers, such as Chrome, if you click the browser [Back] then browser [Forward], the file state may not be accurate.  To correct, click the browser's [Reload]."
-edit_note_04  = "Chrome may disable some javascript in a page if the page even appears to contain inline javascript in certain contexts.  This can affect some features of the OneFileCMS edit page when editing files that legitimately contain such code, such as OneFileCMS itself.  However, such files can still be edited and saved with OneFileCMS.  The primary function lost is the incidental change of background colors (red/green) indicating whether or not the file has unsaved changes.  The issue will be noticed after the first save of such a file."
-
-edit_h2_1   = "Viewing:"
-edit_h2_2   = "Editing:"
-edit_txt_01 = "Non-text or unkown file type. Edit disabled."
-edit_txt_02 = "File possibly contains an invalid character. Edit and view disabled."
-edit_txt_03 = "htmlspecialchars() returned an empty string from what may be an otherwise valid file."
-edit_txt_04 = "This behavior can be inconsistant from version to version of php."
-
-too_large_to_edit_01a = "Edit disabled. Filesize >"
-too_large_to_edit_01b = "bytes."
-too_large_to_edit_02 = "Some browsers (ie: IE) bog down or become unstable while editing a large file in an HTML <textarea>."
-too_large_to_edit_03 = "Adjust $MAX_EDIT_SIZE in the configuration section of OneFileCMS as needed."
-too_large_to_edit_04 = "A simple trial and error test can determine a practical limit for a given browser/computer."
-
-too_large_to_view_01a = "View disabled. Filesize >"
-too_large_to_view_01b = "bytes."
-too_large_to_view_02 = "Click the file name above to view as normally rendered in a browser window."
-too_large_to_view_03 = "Adjust $MAX_VIEW_SIZE in the configuration section of OneFileCMS as needed."
-too_large_to_view_04 = "(The default value for $MAX_VIEW_SIZE is completely arbitrary, and may be adjusted as desired.)"
-
-meta_txt_01 = "Filesize:"
-meta_txt_02 = "bytes."
-meta_txt_03 = "Updated:"
-
-edit_msg_01 = "File saved:"
-edit_msg_02 = "bytes written."
-edit_msg_03 = "There was an error saving file."
-
-upload_h2     = "Upload File"
-upload_txt_01 = "per upload_max_filesize in php.ini."
-upload_txt_02 = "per post_max_size in php.ini"
-upload_txt_03 = "Note: Maximum upload file size is:"
-
-upload_err_01a = "Error 1: File too large."
-upload_err_01b = "(From php.ini)"
-upload_err_02a = "Error 2: File too large."
-upload_err_02b = "(From OneFileCMS)"
-upload_err_03  = "Error 3: The uploaded file was only partially uploaded."
-upload_err_04  = "Error 4: No file was uploaded."
-upload_err_05  = "Error 5:"
-upload_err_06  = "Error 6: Missing a temporary folder."
-upload_err_07  = "Error 7: Failed to write file to disk."
-upload_err_08  = "Error 8: A PHP extension stopped the file upload."
-
-upload_msg_01 = "No file selected for upload."
-upload_msg_02 = "Destination folder does not exist: "
-upload_msg_03 = "Upload cancelled."
-upload_msg_04 = "Uploading:"
-upload_msg_05 = "Upload successful!"
-upload_msg_06 = "Upload failed:"
-
-new_file_h2     = "New File"
-new_file_txt_01 = "File will be created in the current folder."
-new_file_txt_02 = "Some invalid characters are: "
-
-new_file_msg_01 = "New file not created:"
-new_file_msg_02 = "Name contains invalid character(s):"
-new_file_msg_03 = "New file not created - no name given"
-new_file_msg_04 = "File already exists:"
-new_file_msg_05 = "Created file:"
-new_file_msg_06 = "Error - new file not created:"
-
-CRM_txt_01  = "To move a file or folder, change the path/to/folder/or_file. The new location must already exist."
-CRM_txt_02  = "Old name:"
-CRM_txt_03  = "New name:"
-
-CRM_msg_01  = "Error - new parent location does not exist:"
-CRM_msg_02  = "Error - source file does not exist:"
-CRM_msg_03  = "Error - target filename already exists:"
-CRM_msg_04  = "to"
-CRM_msg_05a = "Error during"
-CRM_msg_05b = "from the above to the following:"
-
-delete_h2     = "Delete File"
-delete_txt_01 = "Are you sure?"
-
-delete_msg_01 = "Deleted file:"
-delete_msg_02 = "Error deleting"
-
-new_folder_h2    = "New Folder"
-new_folder_txt_1 = "Folder will be created in the current folder."
-new_folder_txt_2 = "Some invalid characters are:"
-
-new_folder_msg_01 = "New folder not created:"
-new_folder_msg_02 = "Name contains invalid character(s):"
-new_folder_msg_03 = "New folder not created - no name given."
-new_folder_msg_04 = "Folder already exists:"
-new_folder_msg_05 = "Created folder:"
-new_folder_msg_06 = "Error - new folder not created:"
-
-delete_folder_h2     = "Delete Folder"
-delete_folder_txt_01 = "Are you sure?"
-
-delete_folder_msg_01 = "Folder not empty.   Folders must be empty before they can be deleted."
-delete_folder_msg_02 = "Deleted folder:"
-delete_folder_msg_03 = "an error occurred during delete."
-
-page_title_login      = "Log In"
-page_title_hash       = "Hash Page"
-page_title_edit       = "Edit/View File"
-page_title_upload     = "Upload File"
-page_title_new_file   = "New File"
-page_title_copy       = "Copy File"
-page_title_ren        = "Rename File"
-page_title_del        = "Delete File"
-page_title_folder_new = "New Folder"
-page_title_folder_ren = "Rename/Move Folder"
-page_title_folder_del = "Delete Folder"
-
-session_warning = "Warning: Session timeout soon!"
-session_expired = "SESSION EXPIRED"
-unload_unsaved  = "               Unsaved changes will be lost!"
-confirm_reset   = "Reset file and loose unsaved changes?"
-
-OFCMS_requires  = "OneFileCMS requires PHP5. Tested on versions 5.2.8, 5.3.3 & 5.4.4."
-
-logout_msg       = "You have successfully logged out."
-folder_del_msg   = "Folder not empty.   Folders must be empty before they can be deleted."
-upload_error_01a = "Upload Error.  Total POST data (mostly filesize) exceeded post_max_size ="
-upload_error_01b = "(from php.ini)"
-edit_caution_01  = "CAUTION"
-edit_caution_02  = "You are editing the active copy of OneFileCMS - BACK IT UP & BE CAREFUL !!"
-
-time_out_txt = "Session time out in:"
diff --git a/old_lang_files/OneFileCMS.LANG.ES.ini b/old_lang_files/OneFileCMS.LANG.ES.ini
deleted file mode 100755
index 8ed423a..0000000
--- a/old_lang_files/OneFileCMS.LANG.ES.ini
+++ /dev/null
@@ -1,238 +0,0 @@
-;///////////////////////////////////////////////////////////////////////////////
-;// OneFileCMS Language Settings v3.3.06
-
-LANGUAGE = "Spanish"
-
-;//
-;//
-;// If no translation or value is desired for a particular setting, do not delete
-;// the actual setting variable, just set it to an empty string.
-;// For example:  some_unused_setting = ""
-;//
-;// Remember to slash-escape double quotes that may be within a value:  \" 
-;// And, for any values used directly in Default_Language() in onefilecms.php,
-;// single quotes must also be escaped:   \'
-
-
-;// In some instances, some langauges may use significantly longer words or phrases than others.
-;// So, a smaller font or less spacing may be desirable in those places to preserve page layout.
-;//
-front_links_font_size =  "1em";  //Buttons on Index page.
-front_links_margin_R  = ".5em";
-button_font_size      = ".9em";  //Buttons on Edit page.
-button_margin_L       = ".4em";
-button_padding        = "4px 5px";
-image_info_font_size  = ".95em"; //show_img_msg_01 & _02 
-image_info_pos        = ""; //If 1 or true, moves the info down a line for more space.
-
-
-Upload_File = "Subir Archivo"
-New_File    = "Archivo Nuevo"
-Ren_Move    = "Renombrar/Mover"
-Ren_Moved   = "Renombrado/Movido"
-New_Folder  = "Carpeta Nueva"
-Ren_Folder  = "Renombrar/Mover Carpeta"
-Del_Folder  = "Borrar Carpeta"
-
-Admin  = "Administrador"
-Enter  = "Entrar"
-Edit   = "Editar"
-Close  = "Cerrar"
-Cancel = "Cancelar"
-Upload = "Subir"
-Create = "Crear"
-Copy   = "Copiar"
-Copied = "Copiado"
-Rename = "Renombrar"
-Delete = "Eliminar"
-DELETE = "ELIMINAR"
-File   = "Archivo"
-Folder = "Carpeta"
-
-Log_In  = "Iniciar Sesión"
-Log_Out = "Cerrar Sesión"
-
-Hash    = "Cadena"
-pass_to_hash  = "Contraseña para calcular el hash:"
-Generate_Hash = "Generar Cadena"
-
-save_1      = "Guardar"
-save_2      = "¡GUARDAR CAMBIOS!"
-reset       = "Reiniciar - perder los cambios"
-Wide_View   = "Vista Ampliada"
-Normal_View = "Vista Normal"
-
-on_      = "activado"
-
-verify_msg_01 = "Sesión expirada."
-verify_msg_02 = "POST INVÁLIDO"
-
-get_get_msg_01 = "El archivo no existe:"
-
-check_path_msg_01 = "El directorio no existe: "
-
-ord_msg_01 = "Un archivo con ese mismo nombre ya existe en el directorio asignado."
-ord_msg_02 = "Guardando como"
-
-show_img_msg_01 = "Imagen mostrada a ~"
-show_img_msg_02 = "% del tamaño (W x H ="
-
-hash_h2     = "Generar una Cadena de Contraseña"
-hash_txt_01 = "Existen dos formas de cambiar tu contraseña:"
-hash_txt_02 = "1) Cambiando la variable $PASSWORD y asignando $USE_HASH = 0 (cero)."
-hash_txt_03 = "2) O, usando $HASHWORD para almacenar tu contraseña, y luego asignar $USE_HASH = 1."
-hash_txt_04 = "Tenga en cuenta que, debido a una serie de consideraciones muy variadas, esto es en gran parte un ejercicio académico. Es decir, tomar la idea de que esta es una gran mejora a la seguridad con un granito de sal de criptografía. Sin embargo, sí elimina el almacenamiento de la contraseña en texto plano, lo cual es algo bueno."
-hash_txt_05 = "Igualmente, para usar la opción de contraseña $HASHWORD:"
-hash_txt_06 = "Ingresá la contraseña que quieras en la caja de texto siguiente y presioná enter."
-hash_txt_07 = "La cadena se mostrará en un mensaje amarillo."
-hash_txt_08 = "Copiá y pegá esa cadena a la variable $HASHWORD en la sección de configuración."
-hash_txt_09 = "Asegurate de copiar TODO y SÓLO la cadena (sin dejar espacios en blanco o demás)."
-hash_txt_10 = "Haciendo doble click debería seleccionarlo..."
-hash_txt_11 = "Asegurate de que $USE_HASH sea 1 (o true)."
-hash_txt_12 = "Cuando estés listo, deslogueate y volvé a loguearte."
-hash_txt_13 = "Podés usar OneFileCMS para editarlo. Sin embargo, asegurate de hacer un backup..."
-hash_txt_14 = "Para otro tip de seguridad, cambiá la llave de seguridad y/o el método usado por OneFileCMS para almacenar la clave (y mantenelo en secreto, obviamente).  Acordate, cada granito ayuda..."
-
-hash_msg_01 = "Contraseña: "
-hash_msg_02 = "Cadena    : "
-
-login_h2     = "Iniciar sesión"
-login_txt_01 = "Usuario:"
-login_txt_02 = "Contraseña:"
-
-login_msg_01a = "Hubo "
-login_msg_01b = "intentos fallidos."
-login_msg_02a = "Por favor espere "
-login_msg_02b = "segundos para volver a intentar."
-login_msg_03  = "INTENTO DE INICIO INVÁLIDO NÚMERO #"
-
-edit_note_00  = "NOTAS:"
-edit_note_01a = "Recuérdalo- tu"
-edit_note_01b = "es"
-edit_note_02  = "Entonces guardá antes que se acabe el tiempo, ¡o vas a perer los cambios!"
-edit_note_03  = "Con algunos navegadores, como Chrome, si clickeás el botón del navegador [Volver] y después [Continuar], puede que el estado del archivo no sea exacto. Para corregirlo, clickeá en el botón [Recargar]."
-edit_note_04  = "Chrome puede deshabilitar algunos textos si contienen javascript dentro en ciertos contextos.  Esto puede provocar problemas con el editor de OneFileCMS. Sin embargo, estos archivos pueden ser editados y guardados con OneFileCMS.  La función primaria que es perdida es el cambio de los colores del fondo (rojo/verde) indicando cuando o no el archivo tiene cambios no guardados.  El error se notificará después de la primera vez que se guarde ese archivo."
-
-edit_h2_1   = "Viendo:"
-edit_h2_2   = "Editando:"
-edit_txt_01 = "No texto o tipo de archivo desconocido. Edición deshabilitada."
-edit_txt_02 = "El archivo posiblemente contiene un caracter desconocido. Edición deshabilitada."
-edit_txt_03 = "htmlspecialchars() devolvió una cadena vacía de lo que debería ser un archivo válido."
-edit_txt_04 = "Este comportamiento puede ser inconsistente de versión a versión de PHP."
-
-too_large_to_edit_01a = "Edición deshabilita. Tamaño >"
-too_large_to_edit_01b = "bytes."
-too_large_to_edit_02 = "Algunos navegadores (por ej.: IE) se vuelven inestables cuando se edita un texto largo dentro de un <textarea>."
-too_large_to_edit_03 = "Ajustá la variable $MAX_EDIT_SIZE en la sección de configuración de OneFileCMS como sea necesario."
-too_large_to_edit_04 = "Una simple prueba puede dar con el resultado necesario."
-
-too_large_to_view_01a = "Vista deshabilitada. Tamaño >"
-too_large_to_view_01b = "bytes."
-too_large_to_view_02 = "Clickeá en el botón de debajo para verlo como se ve normalmente en un navegador."
-too_large_to_view_03 = "Ajustá $MAX_VIEW_SIZE en la sección de configuración de OneFileCMS como sea necesario."
-too_large_to_view_04 = "(El valor por defecto para $MAX_VIEW_SIZE es completamente arbitrario, y puede ser ajustado como sea necesario.)"
-
-meta_txt_01 = "Tamaño:"
-meta_txt_02 = "bytes."
-meta_txt_03 = "Actualizado:"
-
-edit_msg_01 = "Archivo Guardado:"
-edit_msg_02 = "bytes escritos."
-edit_msg_03 = "Ocurrió un error guardando el archivo."
-
-upload_h2     = "Subir Archivo"
-upload_txt_01 = "por upload_max_filesize en php.ini."
-upload_txt_02 = "por post_max_size en php.ini"
-upload_txt_03 = "Nota: El tamaño máximo de subida es de:"
-
-upload_err_01a = "Error 1: Archivo muy largo."
-upload_err_01b = "(Desde php.ini)"
-upload_err_02a = "Error 2: Archivo muy largo."
-upload_err_02b = "(Desde OneFileCMS)"
-upload_err_03  = "Error 3: El archivo se subió sólo parcialmente."
-upload_err_04  = "Error 4: No se subió ningún archivo."
-upload_err_05  = "Error 5:"
-upload_err_06  = "Error 6: Carpeta temporal no encontrada."
-upload_err_07  = "Error 7: No se pudo guardar el archivo en el disco."
-upload_err_08  = "Error 8: Una extensión de PHP detuvo la subida del archivo."
-
-upload_msg_01 = "No se seleccionó ningún archivo para subirlo."
-upload_msg_02 = "La carpeta de destino no existe: "
-upload_msg_03 = "Subida cancelada."
-upload_msg_04 = "Subiendo:"
-upload_msg_05 = "¡Subida satisfactoria!"
-upload_msg_06 = "Subida fallida: "
-
-new_file_h2     = "Archivo Nuevo"
-new_file_txt_01 = "Se creará un archivo nuevo en la carpeta actual."
-new_file_txt_02 = "Algunos caracteres inválidos son: "
-
-new_file_msg_01 = "Archivo nuevo no creado:"
-new_file_msg_02 = "El nombre contiene caracteres inválidos:"
-new_file_msg_03 = "Archivo nuevo no creado - no se especificó un nombre"
-new_file_msg_04 = "El archivo ya existe:"
-new_file_msg_05 = "Archivo creado:"
-new_file_msg_06 = "Error - archivo no creado:"
-
-CRM_txt_01  = "Para mover un archivo o carpeta, cambiá el camino/hacia/la/carpeta/o_archivo. La nueva localización debe existir."
-CRM_txt_02  = "Nombre antiguo:"
-CRM_txt_03  = "Nuevo nombre:"
-
-CRM_msg_01 = "Error - la localización padre no existe:"
-CRM_msg_02 = "Error - el archivo inicial no existe:"
-CRM_msg_03 = "Error - el archivo de objetivo no existe:"
-CRM_msg_04 = "hacia"
-CRM_msg_05a = "Error durante"
-CRM_msg_05b = "desde arriba a lo siguiente:"
-
-delete_h2     = "Eliminar Archivo"
-delete_txt_01 = "¿Estás seguro?"
-
-delete_msg_01 = "Archivo Eliminado:"
-delete_msg_02 = "Error eliminando"
-
-new_folder_h2    = "Nueva Carpeta"
-new_folder_txt_1 = "La carpeta se creará dentro de la carpeta actual."
-new_folder_txt_2 = "Algunos caracteres inválidos son:"
-
-new_folder_msg_01 = "Carpeta nueva no creada:"
-new_folder_msg_02 = "El nombre contiene caracteres inválidos:"
-new_folder_msg_03 = "Carpeta nueva no creada - no se ha asignado un nombre."
-new_folder_msg_04 = "La carpeta ya existe:"
-new_folder_msg_05 = "Carpeta creada:"
-new_folder_msg_06 = "Error - carpeta nueva no creada:"
-
-delete_folder_h2     = "Eliminar Carpeta"
-delete_folder_txt_01 = "¿Estás seguro?"
-
-delete_folder_msg_01 = "Carpeta no vacía.   Las carpetas deben estar vacías antes de ser eliminadas."
-delete_folder_msg_02 = "Carpeta eliminada:"
-delete_folder_msg_03 = "ocurrió un error eliminándola."
-
-page_title_login      = "Iniciar Sesión"
-page_title_hash       = "Página de Cadena"
-page_title_edit       = "Editar/Ver Archivo"
-page_title_upload     = "Subir Archivo"
-page_title_new_file   = "Nuevo Archivo"
-page_title_copy       = "Copiar Archivo"
-page_title_ren        = "Renombrar Archivo"
-page_title_del        = "Eliminar Archivo"
-page_title_folder_new = "Nueva Carpeta"
-page_title_folder_ren = "Renombrar/Mover Carpeta"
-page_title_folder_del = "Eliminar Carpeta"
-
-session_warning = "Advertencia: ¡La sesión terminará pronto!"
-session_expired = "SESIÓN TERMINADA"
-unload_unsaved  = "                 ¡Los cambios no guardados se perderán!"
-confirm_reset   = "¿Reiniciar el archivo y descartar cambios no guardados?"
-
-OFCMS_requires  = "OneFileCMS necesita PHP5. Probado en las versiones 5.2.8, 5.3.3 & 5.4.3."
-
-logout_msg       = "Has cerrado la sesión satisfactoriamente."
-folder_del_msg   = "Carpeta no vacía.   Las carpetas debe estar vacías antes de poder eliminarse."
-upload_error_01a = "Eror de subida.  Total de datos POST (mayormente el peso del archivo) excedido post_max_size ="
-upload_error_01b = "(desde php.ini)"
-edit_caution_01  = "PRECAUCIÓN"
-edit_caution_02  = "Estás editando la copia activa de OneFileCMS - ¡HACÉ UNA COPIA DE SEGURIDAD Y TENÉ CUIDADO!"
-
-time_out_txt = "Tiempo de Espera de Sesión Agotado:"
diff --git a/onefilecms.php b/onefilecms.php
index bfbc884..f8e393e 100755
--- a/onefilecms.php
+++ b/onefilecms.php
@@ -1,7 +1,7 @@
 <?php
 // OneFileCMS - github.com/Self-Evident/OneFileCMS
 
-$OFCMS_version = '3.3.15';
+$OFCMS_version = '3.3.16';
 
 /*******************************************************************************
 Copyright © 2009-2012 https://github.com/rocktronica
@@ -60,6 +60,7 @@
 $LOGIN_DELAY   = 10;  //In seconds.
 $MAX_IDLE_TIME = 600; //In seconds. 600 = 10 minutes.  Other PHP settings may limit its max effective value.
 					  //  For instance, 24 minutes is the PHP default for garbage collection.
+
 $MAIN_WIDTH    = '810px'; //Width of main <div> defining page layout.
 $WIDE_VIEW_WIDTH = '97%'; //Width to set Edit page if [Wide View] is clicked
 
@@ -183,6 +184,9 @@ function Default_Language() { // ***********************************************
 $_['image_info_font_size']  =  '1em'; //show_img_msg_01  &  _02 
 $_['image_info_pos']        = ''; //If 1 or true, moves the info down a line for more space.
 
+$_['R'] = 'R'; // R ename       //new
+$_['C'] = 'C'; // C opy         //new
+$_['D'] = 'D'; // D elete       //new
 
 $_['Upload_File'] = 'Upload File';
 $_['New_File']    = 'New File';
@@ -367,8 +371,8 @@ function Default_Language() { // ***********************************************
 $_['page_title_login']      = 'Log In';
 $_['page_title_admin']      = 'Administration Options'; //new
 $_['page_title_hash']       = 'Generate a Password Hash';
-$_['page_title_change_pw']  = 'Change Password'; //new
-$_['page_title_change_un']  = 'Change Username'; //new
+$_['page_title_change_pw']  = 'Change Password';        //new
+$_['page_title_change_un']  = 'Change Username';        //new
 $_['page_title_edit']       = 'Edit / View File';
 $_['page_title_upload']     = 'Upload File';
 $_['page_title_new_file']   = 'New File';
@@ -439,6 +443,8 @@ function Default_Language() { // ***********************************************
 
 $_['change_un_01'] = 'Username changed!';     //new
 $_['change_un_02'] = 'Username NOT changed:'; //new
+
+$_['update_failed'] = 'Update failed - could not save file.';  //new
 }//end Default_Language() ******************************************************
 
 
@@ -757,6 +763,22 @@ function ordinalize($destination,$filename, &$msg) { //*************************
 
 
 
+function supports_svg() { //****************************************************
+	//IE < 9 is the only browser checked for currently.
+	//EX: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0)
+	$USER_AGENT = $_SERVER['HTTP_USER_AGENT'];
+	$pos_MSIE = strpos($USER_AGENT, 'MSIE ');
+	$old_ie   = false;
+	if ($pos_MSIE !== false) {
+		$ie_ver = substr($USER_AGENT, ($pos_MSIE+5), 1);
+		$old_ie = ( $ie_ver < 9 );
+	}
+	if ($old_ie) { false; }else{ return true; }
+}//end supports_svg ************************************************************
+
+
+
+
 function Current_Path_Header(){ //**********************************************
  	// Current path. ie: webroot/current/path/ 
 	// Each level is a link to that level.
@@ -787,14 +809,19 @@ function Current_Path_Header(){ //**********************************************
 
 
 function Page_Header(){ //******************************************************
-	global  $_, $ONESCRIPT, $page, $WEBSITE, $config_title, $OFCMS_version;
+	global  $_, $DOC_ROOT, $ONESCRIPT, $page, $WEBSITE, $config_title, $OFCMS_version, $config_favicon;
+
+	$favicon = '';
+	if (file_exists($DOC_ROOT.$config_favicon)) { 
+		$favicon =  '<img src="'.URLencode_path($config_favicon).'" alt="">';
+	}
 ?>
 	<div class="header">
 		<a href="<?php echo $ONESCRIPT?>" id="logo"><?php echo $config_title; ?></a>
 		<?php echo $OFCMS_version.' ('.hsc($_['on_']).'&nbsp;php&nbsp;'.phpversion().')'; ?>
 
 		<div class="nav">
-			<a href="/" target="_blank"><?php echo show_favicon() ?>&nbsp;
+			<a href="/" target="_blank"><?php echo $favicon ?>&nbsp;
 			<b><?php echo hte($WEBSITE) ?></b></a>
 			<?php if ($page != "login") { ?>
 			| <a href="<?php echo $ONESCRIPT ?>?p=logout"><?php echo hsc($_['Log_Out']) ?></a>
@@ -906,16 +933,6 @@ function show_image(){ //*******************************************************
 
 
 
-function show_favicon(){ //*****************************************************
-	global $config_favicon, $DOC_ROOT;
-	if (file_exists($DOC_ROOT.$config_favicon)) { 
-		return '<img src="'.URLencode_path($config_favicon).'" alt="">';
-	}
-}// end show_favicon() *********************************************************
-
-
-
-
 function Timeout_Timer($COUNT, $ID, $CLASS="", $ACTION="") { //*****************
 
 	return 	'<script>'.
@@ -948,7 +965,7 @@ function Init_Macros(){ //*** ($varibale="some reusable chunk of code")*********
 
 $SVG_icon_pencil = '<polygon points="2,0 9,7 7,9 0,2" stroke-width="1" stroke="darkgoldenrod" fill="rgb(246,222,100)"/>
 	  <path  d="M0,2   L0,0  L2,0"      stroke="tan" fill="tan" stroke-width="1" />
-	  <path  d="M0,1.5   L0,0  L1.5,0"      stroke="black" fill="transparent" stroke-width="1" />
+	  <path  d="M0,1.5   L0,0  L1.5,0"      stroke="black" fill="transparent" stroke-width="1.5" />
 	  <line x1="7.3" y1="10"  x2="10" y2="7.3"  stroke="silver" stroke-width="1"/>
 	  <line x1="8.1" y1="10.8"  x2="10.8" y2="8.1"  stroke="red" stroke-width="1"/>';
 
@@ -961,6 +978,40 @@ function Init_Macros(){ //*** ($varibale="some reusable chunk of code")*********
 
 
 
+function svg_icon_ren(){ //*****************************************************
+	global $SVG_icon_pencil;
+	
+	$pencil = '<g transform="translate( 5, 3.5)">'.$SVG_icon_pencil.'</g>';
+	$sheet  = svg_icon_txt_0('#333', '#000', '#FFF', $pencil);
+	
+	return '<svg class="icon2" xmlns="http://www.w3.org/2000/svg" version="1.1" width="16" height="16">'.$sheet.$pencil.'</svg>';
+} //end svg_icon_ren() *********************************************************
+
+
+
+
+function svg_icon_copy(){ //****************************************************
+	global $SVG_icon_circle_plus;
+
+	return '<svg class="icon2" xmlns="http://www.w3.org/2000/svg" version="1.1" width="11" height="11">'.
+		'<g transform="translate( .5, .5)">'.$SVG_icon_circle_plus.'</g></svg>';
+
+} //end svg_icon_copy() ********************************************************
+
+
+
+
+function svg_icon_del(){ //*****************************************************
+	global $SVG_icon_circle_x;
+
+	return '<svg class="icon2" xmlns="http://www.w3.org/2000/svg" version="1.1" width="11" height="11">'.
+		'<g transform="translate( .5, .5)">'.$SVG_icon_circle_x.'</g></svg>';
+
+} //end svg_icon_del() *********************************************************
+
+
+
+
 function svg_icon_bin(){ //*****************************************************
 $zero = '<rect x="0"  y="0"  width="3" height="6" fill="transparent" stroke="#555" stroke-width="1" />';
 $one  = '<line x1="0" y1="-.5"   x2="0" y2="6.5"  stroke="#555" stroke-width="1"/>';
@@ -979,16 +1030,16 @@ function svg_icon_bin(){ //*****************************************************
 
 
 function svg_icon_img(){ //*****************************************************
-global $SVG_icon_img_0;
-return '<svg class="icon icon_file" xmlns="http://www.w3.org/2000/svg" version="1.1" width="14" height="16">'.
+	global $SVG_icon_img_0;
+	return '<svg class="icon icon_file" xmlns="http://www.w3.org/2000/svg" version="1.1" width="14" height="16">'.
 		$SVG_icon_img_0.'</svg>';
 } //end svg_icon_img() *********************************************************
 
 
 
 function svg_icon_svg(){ //*****************************************************
-global $SVG_icon_img_0;
-return '<svg class="icon icon_file" xmlns="http://www.w3.org/2000/svg" version="1.1" width="14" height="16">'.
+	global $SVG_icon_img_0;
+	return '<svg class="icon icon_file" xmlns="http://www.w3.org/2000/svg" version="1.1" width="14" height="16">'.
 	$SVG_icon_img_0.
 	'<line x1="3" y1="3.5"  x2="11" y2="3.5"  stroke="#444" stroke-width=".6"/>
 	<line x1="3" y1="6.5"  x2="11" y2="6.5"  stroke="#444" stroke-width=".6"/>
@@ -1001,15 +1052,12 @@ function svg_icon_svg(){ //*****************************************************
 
 function svg_icon_txt_0($border, $lines, $fill, $extra = ""){ //****************
 return '<svg class="icon icon_file" xmlns="http://www.w3.org/2000/svg" version="1.1" width="14" height="16">
-	<rect x = "0" y = "0" width = "14" height = "16" 
-	fill="'.$fill.'" stroke="'.$border.'" stroke-width="2" />
+	<rect x = "0" y = "0" width = "14" height = "16" fill="'.$fill.'" stroke="'.$border.'" stroke-width="2" />
 	<line x1="3" y1="3.5"  x2="11" y2="3.5"  stroke="'.$lines.'" stroke-width=".6"/>
 	<line x1="3" y1="6.5"  x2="11" y2="6.5"  stroke="'.$lines.'" stroke-width=".6"/>
 	<line x1="3" y1="9.5"  x2="11" y2="9.5"  stroke="'.$lines.'" stroke-width=".6"/>
-	<line x1="3" y1="12.5" x2="11" y2="12.5" stroke="'.$lines.'" stroke-width=".6"/>'.
-	$extra.
-	'</svg>';
-} //end svg_icon_txt() *********************************************************
+	<line x1="3" y1="12.5" x2="11" y2="12.5" stroke="'.$lines.'" stroke-width=".6"/>'.$extra.'</svg>';
+} //end svg_icon_txt_0() *******************************************************
 
 
 
@@ -1045,7 +1093,7 @@ function svg_icon_file_new(){ //************************************************
 
 
 function svg_icon_file_del(){ //************************************************
-global $SVG_icon_circle_x;
+	global $SVG_icon_circle_x;
 	$extra = '<g transform="translate(4,6)">'.$SVG_icon_circle_x.'</g>';
 
 	return svg_icon_txt_0('#444', 'black', 'white', $extra);
@@ -1307,7 +1355,8 @@ function Update_config($search_for, $replace_with) {//********************
 	copy($ONESCRIPT_file, $ONESCRIPT_file_backup); // Just in case...
 
 	$updated_contents = implode("\n", $ONESCRIPT_lines);
-	file_put_contents($ONESCRIPT_file, $updated_contents);
+
+	return file_put_contents($ONESCRIPT_file, $updated_contents);
 }//end Update_config() *********************************************************
 
 
@@ -1317,18 +1366,17 @@ function Change_PWUN_response($PWUN){ //****************************************
 	//Update $USERNAME or $HASHWORD. Default $page = changepw or changeun 
 	global $_, $USERNAME, $HASHWORD, $EX, $message, $page;
 
-	if     ($PWUN == "pw") { $error1  = hsc($_['change_pw_02']); }
-	elseif ($PWUN == "un") { $error1  = hsc($_['change_un_02']); }
-	else                   { $message .= 'Invalid parameter for Change_PWUN_response()'; return; }
+	if   ($PWUN == "pw") { $error1  = hsc($_['change_pw_02']); }
+	else                 { $error1  = hsc($_['change_un_02']); } //$PWUN == "un"
 
 	// trim leading & trailing white-space from input values
 	$current_pass = trim($_POST['current_pw']);
 	$new_pwun     = trim($_POST['new1']);
 	$confirm_pwun = trim($_POST['new2']);
 
-	//If nothing entered, do nothing.
+	//If nothing entered...
 	if ( ($current_pass == "") && ($new_pwun == "") && ($confirm_pwun == "") ) {
-		;//...
+		;//do nothing.
 		
 	//If no new & confirm values entered, display $message to that effect.
 	}elseif ( ($new_pwun == "") && ($confirm_pwun == "") ) {
@@ -1348,9 +1396,11 @@ function Change_PWUN_response($PWUN){ //****************************************
 		$HASHWORD = hashit($new_pwun);	
 		$search_for   = '$HASHWORD '; //include space after $HASHWORD
 		$replace_with = '$HASHWORD = "'.$HASHWORD.'";';
-		Update_config($search_for, $replace_with);
+		$updated = Update_config($search_for, $replace_with);
+		
+		if ($updated === false) { $message .= $EX.'<b>'.$error1.'</b><br>'.$_['update_failed']; }
+		else                    { $message .= $EX.'<b>'.hsc($_['change_pw_01']).'</b>'; }
 		
-		$message .= $EX.'<b>'.hsc($_['change_pw_01']).'</b>';
 		$page = "admin"; //Return to Admin page.
 		
 	//Else change username...
@@ -1358,9 +1408,11 @@ function Change_PWUN_response($PWUN){ //****************************************
 		$USERNAME = $new_pwun;
 		$search_for   = '$USERNAME '; //include space after $HASHWORD
 		$replace_with = '$USERNAME = "'.$USERNAME.'";';
-		Update_config($search_for, $replace_with);
-
-		$message .= $EX.'<b>'.hsc($_['change_un_01']).'</b>';
+		$updated = Update_config($search_for, $replace_with);
+		
+		if ($updated === false) { $message .= $EX.'<b>'.$error1.'</b><br>'.$_['update_failed']; }
+		else                    { $message .= $EX.'<b>'.hsc($_['change_un_01']).'</b>'; }
+		
 		$page = "admin"; //Return to Admin page.
 	}
 }//end Change_PWUN_response() //************************************************
@@ -1456,11 +1508,17 @@ function Login_response() { //**************************************************
 function List_Files() { // ...in a vertical table ******************************
 //called from Index Page
 
-	global $ONESCRIPT, $ipath, $param1, $ftypes, $fclasses, $excluded_list, $stypes, $SHOWALLFILES;
+	global $_, $ONESCRIPT, $ipath, $param1, $ftypes, $fclasses, $excluded_list, 
+			$stypes, $SHOWALLFILES,	$SVG_icon_circle_x;
 
 	$files = scandir('./'.$ipath);
 	natcasesort($files);
 
+	/*For old IE only: text "icons" for Rename, Copy, and Delete  */
+	$R = '<span class="RCD R">'.hsc($_['R']).'</span>';
+	$C = '<span class="RCD C">'.hsc($_['C']).'</span>';
+	$D = '<span class="RCD D">'.hsc($_['D']).'</span>';
+
 	echo '<table class="index_T">';
 	foreach ($files as $file) {
 		
@@ -1476,10 +1534,18 @@ function List_Files() { // ...in a vertical table ******************************
 			
 			//Set icon type based on file type ($ext).
 			$type = $fclasses[array_search($ext, $ftypes)];
+			
+			$HREF_params = $ONESCRIPT.$param1.'&amp;f='.rawurlencode($file);
 ?>
 			<tr>
+				<td class="rcd"><a href="<?php echo $HREF_params.'&amp;p=rename' ?>" title="Rename" class="rcd1">
+				<?php if (supports_svg()) { echo svg_icon_ren();  }else {echo $R;} ?></a></td>
+				<td class="rcd"><a href="<?php echo $HREF_params.'&amp;p=copy'   ?>" title="Copy"   class="rcd1" >
+				<?php if (supports_svg()) { echo svg_icon_copy(); }else {echo $C;} ?></a></td> 
+				<td class="rcd"><a href="<?php echo $HREF_params.'&amp;p=delete' ?>" title="Delete" class="rcd1" >
+				<?php if (supports_svg()) { echo svg_icon_del();  }else {echo $D;} ?></a></td>
 				<td class="file_name">
-					<?php echo '<a href="'.$ONESCRIPT.$param1.'&amp;f='.rawurlencode($file).'&amp;p=edit" >'; ?>
+					<?php echo '<a href="'.$HREF_params.'&amp;p=edit"  title="Edit">'; ?>
 					<?php echo show_icon($type).hte($file), '</a>'; ?>
 				</td>
 				<td class="meta_T file_size">&nbsp;
@@ -1727,7 +1793,7 @@ function Edit_response(){ //***If on Edit page, and [Save] clicked *************
 	$filename = $_POST["filename"];
 	$contents = $_POST["contents"];
 
-	$contents = str_replace("\r\n", "\n", $contents); //Convert EOL to only newline char.
+	$contents = str_replace("\r\n", "\n", $contents); //Make sure EOL is only newline char.
 
 	$bytes = file_put_contents($filename, $contents);
 
@@ -1874,7 +1940,7 @@ function Set_Input_width() { //*************************************************
 	// $MAIN_WIDTH may be in em, px, or pt.
 	// Width of 1 character = .625em = 10px = 7.5pt  (1em = 16px = 12pt)
 
-	$root_enc =  mb_detect_encoding($WEB_ROOT);
+	$root_enc =  mb_detect_encoding($WEB_ROOT); //ASCII? UTF8? etc...
 	$root_len = (mb_strlen($WEB_ROOT, $root_enc) + 1); //+1 for good measure.
 	$main_width = $MAIN_WIDTH * 1;   //set in config section. Default is 810px.
 	$main_units = substr($MAIN_WIDTH, -2); //should be em, px, or pt
@@ -2256,7 +2322,7 @@ function FileTimeStamp(php_filemtime, show_date, show_offset){
 
 	var GMT_offset = -(TIMESTAMP.getTimezoneOffset()); //Yes, I know- seems wrong, but its works.
 
-	if (GMT_offset < 0) { NEG=-1; SIGN="-"; } else { NEG=1; SIGN="+"; } 
+	if (GMT_offset < 0) { NEG = -1; SIGN = "-"; } else { NEG = 1; SIGN = "+"; } 
 
 	var offset_HOURS = Math.floor(NEG*GMT_offset/60);
 	var offset_MINS  = pad( NEG * (GMT_offset % 60) );
@@ -2458,8 +2524,6 @@ function style_sheet(){ //******************************************************
 
 label { display: inline-block; font-size : 1em; font-weight: bold; }
 
-svg { margin: 0; padding: 0; }
-
 pre {
 	background: white;
 	border    : 1px solid #807568;
@@ -2529,7 +2593,7 @@ function style_sheet(){ //******************************************************
 	background-color: #FdFdFd;
 	}
 	
-table.index_T  tr:hover { border: 1px solid #807568; }
+table.index_T tr:hover { border: 1px solid #807568; }
 
 table.index_T td { 
 	border-width  : 1px;
@@ -2538,17 +2602,16 @@ function style_sheet(){ //******************************************************
 	vertical-align: middle;
 	}
 
-.index_T a { 
-	height : 1em;
+.index_T td a { 
 	display: block;
-	padding: .2em 1em .3em .3em;
-	color  : rgb(100,45,0);
+	height : 1em;
 	border : none;
+	padding: .2em 1em .3em .3em;
 	overflow   : hidden;
 	}
 
-.index_T a:hover { background-color: rgb(255,250,150); }
-.index_T a:focus { background-color: rgb(255,250,150); }
+.index_T td a.rcd  { padding: .4em .3em .1em .3em; }
+.index_T td a.rcd1 { padding: .2em .3em .3em .3em; }
 
 .file_name { min-width: 10em; }
 
@@ -2577,10 +2640,6 @@ function style_sheet(){ //******************************************************
 	padding      : 3px .4em 3px 5px; /*TRBL*/
 	}
 
-.index_folders a:hover { background-color: rgb(255,250,150); }
-.index_folders a:focus { background-color: rgb(255,250,150); }
-
-
 
 /*  front_links:  [Upload File] [New File] [New Folder] etc... */
 
@@ -2777,7 +2836,15 @@ function style_sheet(){ //******************************************************
 #upload_file { margin-bottom: .6em; }
 
 #old_backup_T { float: left; margin-bottom: .3em; }
+
 #del_backup   { float: left; margin-left  :  1em; }
+
+/*** For old IE only: text "icons" for Rename, Copy, and Delete ***/
+
+.RCD {font: 900 .6em arial; border: 1px solid; padding: 0px 2px 0px 2px;} 
+.R   {color: #804000; border-color: #804000}
+.C   {color: #006400; border-color: #006400}
+.D   {color: #a00;    border-color: #a00}
 </style>
 <?php 
 }//end style_sheet() ***********************************************************
@@ -2940,8 +3007,8 @@ function Language_and_config_adjusted_styles() {//******************************
 //Admin link
 if ($Show_header_and_Admin) {
 	echo '<a id="admin" href="'.$ONESCRIPT.$param1.$param2.'&amp;p=admin">'.hsc($_['Admin']).'</a>';
-}else {
-	echo "<br>";
+}elseif ($page != 'login') {
+	echo '<br>';
 }
 ?>
 
diff --git a/readme.markdown b/readme.markdown
index 4539381..749fdca 100755
--- a/readme.markdown
+++ b/readme.markdown
@@ -1,14 +1,10 @@
-# Current stable version: 3.3.15
+# Current stable version: 3.3.16
 
-### Auguest 13, 2012
+### Auguest 15, 2012
 
 - Added admin/config screens for updating password and username using OneFileCMS itself, so manual editing of OneFileCMS is not required (but is still possible, of course).
 - Removed plain text $PASSWORD option.
-
-
-### Auguest 7, 2012
-
-- Created an actual "Admin" page that has links to admin functions: Hash Page, Edit OneFileCMS, and (soon) Change Password.
+- Added options to Rename, Copy, or Delete files from Index screen.
 
 
 ### Auguest 6, 2012
@@ -186,10 +182,11 @@ GENERATE/OUTPUT THE PAGE
 
 ## Change Log
 
-### 3.3.11 - 3.3.15
+### 3.3.11 - 3.3.16
 
 - Added screens for changing username and password.
 - Plaintext $PASSWORD option is no longer available.
+- Added options to Rename, Copy, or Delete files from Index screen.
 - Improved validation of $_GET parameters & other general code improvements.
 
 ### 3.3.10

From d35df0d1cb041e082f5b6875eb0c3f85c380a56a Mon Sep 17 00:00:00 2001
From: Self-Evident <selfevidenttruths@mail.com>
Date: Tue, 14 Aug 2012 13:50:00 -0400
Subject: [PATCH 134/228] Version 3.3.16 Language Files Added missing line.

---
 OneFileCMS.LANG.DE.php | 2 ++
 OneFileCMS.LANG.EN.php | 2 ++
 OneFileCMS.LANG.ES.php | 2 ++
 3 files changed, 6 insertions(+)

diff --git a/OneFileCMS.LANG.DE.php b/OneFileCMS.LANG.DE.php
index 4cbfb5d..a5eeb3c 100755
--- a/OneFileCMS.LANG.DE.php
+++ b/OneFileCMS.LANG.DE.php
@@ -284,3 +284,5 @@
 
 $_['change_un_01'] = 'Username changed!';     //new
 $_['change_un_02'] = 'Username NOT changed:'; //new
+
+$_['update_failed'] = 'Update failed - could not save file.';  //new
diff --git a/OneFileCMS.LANG.EN.php b/OneFileCMS.LANG.EN.php
index e420139..727647f 100755
--- a/OneFileCMS.LANG.EN.php
+++ b/OneFileCMS.LANG.EN.php
@@ -284,3 +284,5 @@
 
 $_['change_un_01'] = 'Username changed!';     //new
 $_['change_un_02'] = 'Username NOT changed:'; //new
+
+$_['update_failed'] = 'Update failed - could not save file.';  //new
diff --git a/OneFileCMS.LANG.ES.php b/OneFileCMS.LANG.ES.php
index c8dd93f..f4a94c8 100755
--- a/OneFileCMS.LANG.ES.php
+++ b/OneFileCMS.LANG.ES.php
@@ -284,3 +284,5 @@
 
 $_['change_un_01'] = 'Username changed!';     //new
 $_['change_un_02'] = 'Username NOT changed:'; //new
+
+$_['update_failed'] = 'Update failed - could not save file.';  //new

From 4f91880a5e71a46e8d9455aa421be89ff80a0bcc Mon Sep 17 00:00:00 2001
From: David <selfevidenttruths@mail.com>
Date: Tue, 14 Aug 2012 15:30:00 -0400
Subject: [PATCH 135/228] Version 3.3.16 Minor readme update.

---
 readme.markdown | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/readme.markdown b/readme.markdown
index 749fdca..60f9907 100755
--- a/readme.markdown
+++ b/readme.markdown
@@ -1,8 +1,8 @@
 # Current stable version: 3.3.16
 
-### Auguest 15, 2012
+### Auguest 14, 2012
 
-- Added admin/config screens for updating password and username using OneFileCMS itself, so manual editing of OneFileCMS is not required (but is still possible, of course).
+- OneFileCMS now can now update the password and username itself, so manual editing of OneFileCMS is not required (but is still possible, of course).
 - Removed plain text $PASSWORD option.
 - Added options to Rename, Copy, or Delete files from Index screen.
 
@@ -83,7 +83,7 @@ Coupling a utilitarian code editor with basic file managing functions, OneFileCM
 
 2) Upload to anywhere on your site.  
   
-3) Using your browser, start OneFileCMS, click on Admin and set your username and password!  
+3) Using your browser, start OneFileCMS, log in with the default "username" and "password". Then click on Admin and set your own username and password!  
 
 Depending on how your web stack is set up, you may also have to modify the file permissions of your site's folders to allow OneFileCMS to modify and create files. ([More about that here.](http://catcode.com/teachmod/)) Make sure onefilecms.php and its parent folder are allowed to execute, with CHMOD at 755. Check with your host if you're not sure, and be aware of any inherent security concerns.  
 

From 576008f496b44ff1a5a1dec25ea89be77083f91f Mon Sep 17 00:00:00 2001
From: codeless <mh@unixassembler.at>
Date: Thu, 16 Aug 2012 11:06:12 +0300
Subject: [PATCH 136/228] Update OneFileCMS.LANG.DE.php

Update of german language file
---
 OneFileCMS.LANG.DE.php | 86 +++++++++++++++++++++---------------------
 1 file changed, 43 insertions(+), 43 deletions(-)

diff --git a/OneFileCMS.LANG.DE.php b/OneFileCMS.LANG.DE.php
index a5eeb3c..d2797e3 100755
--- a/OneFileCMS.LANG.DE.php
+++ b/OneFileCMS.LANG.DE.php
@@ -25,9 +25,9 @@
 $_['image_info_font_size']  = '.95em'; //show_img_msg_01  &  _02 
 $_['image_info_pos']        = '1'; //If 1 or true, moves the info down a line for more space.
 
-$_['R'] = 'R'; // R ename       //new
-$_['C'] = 'C'; // C opy         //new
-$_['D'] = 'D'; // D elete       //new
+$_['R'] = 'U'; // U mbenennen       //new
+$_['C'] = 'K'; // K opieren         //new
+$_['D'] = 'L'; // L öschen       //new
 
 $_['Upload_File'] = 'Datei heraufladen';
 $_['New_File']    = 'Datei erstellen';
@@ -51,9 +51,9 @@
 $_['DELETE'] = 'LÖSCHEN';
 $_['File']   = 'Datei';
 $_['Folder'] = 'Ordner';
-$_['Submit'] = 'Submit Request'; //new
-$_['Username'] = 'Username';     //new
-$_['Password'] = 'Password';     //new
+$_['Submit'] = 'Anfrage senden'; //new
+$_['Username'] = 'Benutzername';     //new
+$_['Password'] = 'Passwort';     //new
 
 $_['Log_In']  = 'Anmelden';
 $_['Log_Out'] = 'Abmelden';
@@ -87,7 +87,7 @@
 $_['hash_txt_01'] = 'The hashes generated by this page may be used to manually update $HASHWORD in OneFileCMS, or in an external config file.  In either case, make sure you remember the password used to generate the hash!'; //changed
 //$_['hash_txt_02'] = '1) Verwenden Sie die Konfigurationsvariable $PASSWORD, um Ihr gewünschtes Passwort zu speichern. In diesem Fall sollte $USE_HASH auf 0 gesetzt werden.';
 //$_['hash_txt_03'] = '2) Oder Sie verwenden die Konfigurationsvariable $HASHWORD, um den Streuwert Ihres Passwortes zu speichern. Setzen Sie $USE_HASH in diesem Fall auf 1.';
-//$_['hash_txt_04'] = 'Bitte denken Sie daran, dass es sich hierbei großteils um eine akademische übung handelt. Die Verwendung eines Streuwerts trägt viel zur Sicherheit bei und erlaubt Ihnen, das Passwort nicht in Klarschrift speichern zu müssen.';
+//$_['hash_txt_04'] = 'Bitte denken Sie daran, dass es sich hierbei großteils um eine akademische Übung handelt. Die Verwendung eines Streuwerts trägt viel zur Sicherheit bei und erlaubt Ihnen, das Passwort nicht in Klarschrift speichern zu müssen.';
 //$_['hash_txt_05'] = 'Um die $HASHWORD Option verwenden zu können:';
 $_['hash_txt_06'] = 'Tippen Sie das gewünschte Passwort in das Eingabefeld und drücken Sie Enter.';
 $_['hash_txt_07'] = 'Der Streuwert wird in einer gelben Box überhalb angezeigt werden.';
@@ -210,10 +210,10 @@
 $_['delete_folder_msg_03'] = 'während des Löschvorgangs trat ein Fehler auf.';
 
 $_['page_title_login']      = 'Anmelden';
-$_['page_title_admin']      = 'Administration Options'; //new
+$_['page_title_admin']      = 'Optionen für die Administration'; //new
 $_['page_title_hash']       = 'Streuwertgenerierung für das Passwort';
-$_['page_title_change_pw']  = 'Change Password'; //new
-$_['page_title_change_un']  = 'Change Username'; //new
+$_['page_title_change_pw']  = 'Passwort ändern'; //new
+$_['page_title_change_un']  = 'Benutzername ändern'; //new
 $_['page_title_edit']       = 'Datei bearbeiten/betrachten';
 $_['page_title_upload']     = 'Datei heraufladen';
 $_['page_title_new_file']   = 'Neue Datei';
@@ -240,49 +240,49 @@
 
 $_['time_out_txt'] = 'Automatischer Sitzungsstopp in:';
 //******************************************* Need Translations ************************************
-$_['error_reporting_01'] = 'Display errors is';         //new
-$_['error_reporting_02'] = 'Log errors is';             //new
-$_['error_reporting_03'] = 'Error reporting is set to'; //new
-$_['error_reporting_04'] = 'Showing error types';       //new
-$_['error_reporting_05'] = 'Unexpected early output';   //new
-$_['error_reporting_06'] = '(nothing, not even white-space, should have been output yet)'; //new
-
-$_['admin_txt_00'] = 'Old Backup Found'; //new
-$_['admin_txt_01'] = 'This file was created in case of an error during a username or password change. Therefore, it may contain old information and should be deleted if not needed.  In any case, it will automatically be overwritten on the next password or username change.'; //new
-$_['admin_txt_02'] = 'General Information'; //new
-$_['admin_txt_04'] = 'As of version 3.3.13, OneFileCMS no longer maintains a plain text password option, and only stores a password hash, as most login systems do.'; //new
+$_['error_reporting_01'] = 'Anzeigen von Fehlern ist';         //new
+$_['error_reporting_02'] = 'Loggen von Fehlern ist';             //new
+$_['error_reporting_03'] = 'Fehlerberichterstattung'; //new
+$_['error_reporting_04'] = 'Anzeigen der Fehlertypen';       //new
+$_['error_reporting_05'] = 'Unerwartete frühzeitige Ausgabe';   //new
+$_['error_reporting_06'] = '(Nicht einmal Leerzeichen hätten ausgegeben werden sollen)'; //new
+
+$_['admin_txt_00'] = 'Alte Sicherung gefunden'; //new
+$_['admin_txt_01'] = 'Diese Datei wurde erstellt, da es während der Änderung des Passwortes oder des Benutzernamens zu einem Fehler gekommen ist. Diese Datei enthält somit eventuell veraltete Informationen und kann gelöscht werden, sofern sie nicht weiter von Ihnen benötigt wird.'; //new
+$_['admin_txt_02'] = 'Allgemeine Information'; //new
+$_['admin_txt_04'] = 'Seit der Version 3.3.13 werden Passwörter in OneFileCMS nicht länger als Klartext gespeichert, sondern nur noch als Hash-Werte.'; //new
 //$_['admin_txt_04'] = 'OneFileCMS can manage your password in two ways:';
 //$_['admin_txt_06'] = '1) Use $PASSWORD to store your desired password, in plain text, and set $USE_HASH = 0 (zero).';
 //$_['admin_txt_08'] = '2) Oder Sie verwenden die Konfigurationsvariable $HASHWORD, um den Streuwert Ihres Passwortes zu speichern. Setzen Sie $USE_HASH in diesem Fall auf 1.';
 //$_['admin_txt_10'] = '($PASSWORD, $USE_HASH, and $HASHWORD, are variables in the configuration section of the OneFileCMS source file.)';
 //$_['admin_txt_12'] = 'Option 2 is recommended, and is method used by the [Change Password] page. However, keep in mind that, due to a number of considerations, this is largely an academic excersize. That is, take the idea that it adds much of an improvement to security with a grain of cryptographic salt. Never-the-less, it does eliminate the storage of your password in plain text, which is generally considered to be a good thing.';
-$_['admin_txt_12'] = 'However, due to a number of considerations, this change was largely an academic exersize. That is, in this application, take the idea that it adds much of an improvement to security with a grain of cryptographic salt. Never-the-less, it does eliminate the storage of your password in plain text (if that option was used), which is generally considered to be a good thing.'; //changed
+$_['admin_txt_12'] = 'Bitte denken Sie daran, dass es sich hierbei großteils um eine akademische Übung handelt. Die Verwendung eines Streuwerts trägt viel zur Sicherheit bei und erlaubt Ihnen, das Passwort nicht in Klarschrift speichern zu müssen.';
 $_['admin_txt_14'] = 'Eine weitere, kleine Sicherheitsvorkehrung wäre, das Salz oder die Methode für die Streuwertgenerierung von OneFileCMS zu ändern.';
 $_['admin_txt_16'] = 'Sie können auch OneFileCMS selbst bearbeiten.  Legen Sie aber sicherheitshalber eine Kopie an, falls es zu einem unerwünschten Schreibfehler kommt...';
 
-$_['pw_change']  = 'Change Password';     //new
-$_['pw_current'] = 'Current Password';    //new
-$_['pw_new']     = 'New Password';        //new
-$_['pw_confirm'] = 'Confirm New Password';//new
+$_['pw_change']  = 'Passwort ändern';     //new
+$_['pw_current'] = 'Aktuelles Passwort';    //new
+$_['pw_new']     = 'Neues Passwort';        //new
+$_['pw_confirm'] = 'Bestätigen Sie das neue Password';//new
 
-$_['pw_txt_02']  = 'Password / Username rules:'; //new
-$_['pw_txt_04']  = 'They are case-sensitive!';   //new
-$_['pw_txt_06']  = 'They must contain at least one non-space character.'; //new
-$_['pw_txt_08']  = 'They may contain spaces in the middle. Ex: "This is a password or username!"'; //changed
-$_['pw_txt_10']  = 'Leading and trailing spaces are removed.'; //new
-$_['pw_txt_12']  = 'Only the active copy of OneFileCMS is updated- no external configuration files are changed:';   //new
-$_['pw_txt_14']  = 'If an incorrect current password is entered, you will be logged out, but you may log back in.'; //new
+$_['pw_txt_02']  = 'Regeln für Passwort / Benutzername:'; //new
+$_['pw_txt_04']  = 'Groß-/Kleinschreibung wird berücksichtigt!';   //new
+$_['pw_txt_06']  = 'Zumindest ein Zeichen, das nicht als Leerzeichen zählt, muss enthalten sein.'; //new
+$_['pw_txt_08']  = 'Leerzeichen in der Mitte sind gültig. Beispiel: "This is a password or username!"'; //changed
+$_['pw_txt_10']  = 'Führende und angehängte Leerzeichen werden entfernt.'; //new
+$_['pw_txt_12']  = 'Nur die aktive Kopie von OneFileCMS wird aktualisiert - es werden keine externen Konfigurationsdateien geändert.';   //new
+$_['pw_txt_14']  = 'Wird ein ungültiges Passwort eingegeben, werden Sie abgemeldet. Sie können sich anschließend neu anmelden.'; //new
 
-$_['change_pw_01'] = 'Password changed!';     //new
-$_['change_pw_02'] = 'Password NOT changed:'; //new
-$_['change_pw_03'] = 'Incorrect current password. Login to try again.'; //new
-$_['change_pw_04'] = '"New" and "Confirm New" values do not match.';    //new
+$_['change_pw_01'] = 'Passwort wurde geändert!';     //new
+$_['change_pw_02'] = 'Passwort wurde nicht geändert:'; //new
+$_['change_pw_03'] = 'Falsches (derzeitiges) Passwort. Bitte melden Sie sich an, um es erneut zu versuchen.'; //new
+$_['change_pw_04'] = 'Die Werte der Felder "Neu" und "Bestätigen" gleichen sich nicht.';    //new
 
-$_['un_change']  = 'Change Username';  //new
-$_['un_new']     = 'New Username';       //new
-$_['un_confirm'] = 'Confirm New Username'; //new
+$_['un_change']  = 'Benutzername ändern';  //new
+$_['un_new']     = 'Neuer Benutzername';       //new
+$_['un_confirm'] = 'Bestätigen Sie den neuen Benutzernamen'; //new
 
-$_['change_un_01'] = 'Username changed!';     //new
-$_['change_un_02'] = 'Username NOT changed:'; //new
+$_['change_un_01'] = 'Benutzername wurde geändert!';     //new
+$_['change_un_02'] = 'Benutzername wurde nicht geändert:'; //new
 
-$_['update_failed'] = 'Update failed - could not save file.';  //new
+$_['update_failed'] = 'Aktualisierung fehlgeschlagen - die Datei konnte nicht gespeichert werden.';  //new

From 36ca7543acc0c66e05c372ad5b859ab28868eedd Mon Sep 17 00:00:00 2001
From: Self-Evident <selfevidenttruths@mail.com>
Date: Fri, 17 Aug 2012 21:15:00 -0400
Subject: [PATCH 137/228] Version 3.3.17 Get_GET(): check if ($page ==
 "mdaction" && !$VALID_POST ) is_empty(): if ($path == "") {$path = '.';}
 Improved Change_PWUN_response(). List_Files(): Added option to select & move
 multiple files. Copy_Ren_Move_Page(): adjusted/split some text.
 Copy_Ren_Move_response(): Now always returns to index, added msg flag. Added
 MD_Action_Page(): Multiple Move or Delete (Delete not yet implemented). Added
 MD_Action_mov(): move files selected on _Page. Respond_to_POST(): Check for
 mdaction's. Added 12 new language text strings. New & adjusted css.

---
 onefilecms.php | 399 ++++++++++++++++++++++++++++++++++++-------------
 1 file changed, 297 insertions(+), 102 deletions(-)

diff --git a/onefilecms.php b/onefilecms.php
index f8e393e..f2afadf 100755
--- a/onefilecms.php
+++ b/onefilecms.php
@@ -1,7 +1,7 @@
 <?php
 // OneFileCMS - github.com/Self-Evident/OneFileCMS
 
-$OFCMS_version = '3.3.16';
+$OFCMS_version = '3.3.17';
 
 /*******************************************************************************
 Copyright © 2009-2012 https://github.com/rocktronica
@@ -73,7 +73,7 @@
 $config_favicon   = "/favicon.ico";
 $config_excluded  = ""; //files to exclude from directory listings- CaSe sEnsaTive!
 
-$config_etypes = "html,htm,xhtml,php,css,js,txt,text,cfg,conf,ini,csv,svg,log"; //Editable file types.
+$config_etypes = "html,htm,xhtml,php,css,js,txt,text,cfg,conf,ini,csv,svg,log,htaccess"; //Editable file types.
 $config_stypes = "*"; // Shown types; only files of the given types should show up in the file-listing
 	// Use $config_stypes exactly like $config_etypes (list of extensions separated by semicolons).
 	// If $config_stypes is set to null - by intention or by error - OFCMS will only display folders.
@@ -81,8 +81,8 @@
 	// If $config_stypes is set to "html,htm" for example, only file with the extension "html" or "htm" will get listed.
 
 $config_itypes = "jpg,gif,png,bmp,ico"; //image types to display on edit page.
-$config_ftypes = "bin,jpg,gif,png,bmp,ico,svg,txt,cvs,css,php,ini,cfg,conf,asp,js ,htm,html"; // _ftype & _fclass must have same
-$config_fclass = "bin,img,img,img,img,img,svg,txt,txt,css,php,txt,cfg,cfg ,txt,txt,htm,htm";  // number of values. bin is default.
+$config_ftypes = "bin,jpg,gif,png,bmp,ico,svg,txt,cvs,css,php,ini,cfg,conf,asp,js ,htm,html,htaccess"; // _ftype & _fclass must have same
+$config_fclass = "bin,img,img,img,img,img,svg,txt,txt,css,php,txt,cfg,cfg ,txt,txt,htm,htm ,txt";      // number of values. bin is default.
 
 $EX = '<b>( ! )</b> '; //EXclaimation point "icon" Used in $message's
 
@@ -130,7 +130,7 @@
 $LOGIN_ATTEMPTS   = $ONESCRIPT_file.'.invalid_login_attempts';
 $ONESCRIPT_file_backup = $ONESCRIPT_file.'.BACKUP.php'; //used for p/w & u/n updates.
 
-$valid_pages = array("login","logout","admin","hash","changepw","changeun","index","edit","upload","uploaded","newfile","copy","rename","delete","newfolder","renamefolder","deletefolder" );
+$valid_pages = array("login","logout","admin","hash","changepw","changeun","index","edit","upload","uploaded","newfile","copy","rename","delete","newfolder","renamefolder","deletefolder","mdaction");
 
 $INVALID_CHARS = '< > ? * : " | / \\'; //Illegal characters for file/folder names.
 $INVALID_CHARS_array = explode(' ', $INVALID_CHARS); // (Space deliminated)
@@ -188,13 +188,20 @@ function Default_Language() { // ***********************************************
 $_['C'] = 'C'; // C opy         //new
 $_['D'] = 'D'; // D elete       //new
 
-$_['Upload_File'] = 'Upload File';
-$_['New_File']    = 'New File';
-$_['Ren_Move']    = 'Rename / Move';
-$_['Ren_Moved']   = 'Renamed / Moved';
-$_['New_Folder']  = 'New Folder';
-$_['Ren_Folder']  = 'Rename / Move Folder';
-$_['Del_Folder']  = 'Delete Folder';
+$_['Upload_File']  = 'Upload File';
+$_['New_File']     = 'New File';
+$_['Ren_Move']     = 'Rename / Move';
+$_['Ren_Moved']    = 'Renamed / Moved';
+$_['New_Folder']   = 'New Folder';
+$_['Ren_Folder']   = 'Rename / Move Folder';
+$_['Del_Folder']   = 'Delete Folder';
+$_['Submit']       = 'Submit Request'; //new
+$_['Move_Files']   = 'Move File(s)';       //new1
+$_['Del_Files']    = 'Delete File(s)';     //new1
+$_['Old_location'] = 'Old location';       //new1
+$_['New_location'] = 'New location';       //new1
+$_['Selected_Files'] = 'Selected Files';   //new1
+
 
 $_['Admin']  = 'Admin';
 $_['Enter']  = 'Enter';
@@ -205,12 +212,14 @@ function Default_Language() { // ***********************************************
 $_['Create'] = 'Create';
 $_['Copy']   = 'Copy';
 $_['Copied'] = 'Copied';
-$_['Rename'] = 'Rename / Move';
+$_['Rename'] = 'Rename'; //changed1 (back)
+$_['Move']   = 'Move';   //new1
+$_['Moved']  = 'Moved';  //new1
 $_['Delete'] = 'Delete';
 $_['DELETE'] = 'DELETE';
 $_['File']   = 'File';
 $_['Folder'] = 'Folder';
-$_['Submit'] = 'Submit Request'; //new
+$_['errors'] = 'errors'; //new1
 $_['Username'] = 'Username';     //new
 $_['Password'] = 'Password';     //new
 
@@ -234,6 +243,7 @@ function Default_Language() { // ***********************************************
 
 $_['get_get_msg_01'] = 'File does not exist:';
 $_['get_get_msg_02'] = 'Invalid page request:';
+$_['get_get_msg_03'] = 'Missing information for requested page'; //new1
 
 $_['check_path_msg_01'] = 'Directory does not exist: ';
 
@@ -336,9 +346,10 @@ function Default_Language() { // ***********************************************
 $_['new_file_msg_05'] = 'Created file:';
 $_['new_file_msg_06'] = 'Error - new file not created:';
 
-$_['CRM_txt_01']  = 'To move a file or folder, change the path/to/folder/or_file. The new location must already exist.';
-$_['CRM_txt_02']  = 'Old name:';
-$_['CRM_txt_03']  = 'New name:';
+$_['CRM_txt_01']  = 'To move a file or folder, change the path/to/folder/or_file.'; //changed1
+$_['CRM_txt_02']  = 'The new location must already exist.';                         //changed1/new1
+$_['CRM_txt_03']  = 'Old name:';
+$_['CRM_txt_04']  = 'New name:';
 
 $_['CRM_msg_01']  = 'Error - new parent location does not exist:';
 $_['CRM_msg_02']  = 'Error - source file does not exist:';
@@ -378,10 +389,11 @@ function Default_Language() { // ***********************************************
 $_['page_title_new_file']   = 'New File';
 $_['page_title_copy']       = 'Copy File';
 $_['page_title_ren']        = 'Rename / Move File';
-$_['page_title_del']        = 'Delete File';
+$_['page_title_del']        = 'Delete File(s)';  //changed1
 $_['page_title_folder_new'] = 'New Folder';
 $_['page_title_folder_ren'] = 'Rename / Move Folder';
 $_['page_title_folder_del'] = 'Delete Folder';
+$_['page_title_mov']        = 'Move File(s)';    //new1
 
 $_['session_warning'] = 'Warning: Session timeout soon!';
 $_['session_expired'] = 'SESSION EXPIRED';
@@ -445,6 +457,8 @@ function Default_Language() { // ***********************************************
 $_['change_un_02'] = 'Username NOT changed:'; //new
 
 $_['update_failed'] = 'Update failed - could not save file.';  //new
+
+$_['md_mov_01'] = 'files moved successfully.'; //new1
 }//end Default_Language() ******************************************************
 
 
@@ -454,7 +468,7 @@ function Session_Startup() { //*************************************************
 	global $SESSION_NAME, $page, $VALID_POST, $message;
 
 	$limit    = 0; //0 = session.  
-	$path     = '';//dirname($_SERVER['SCRIPT_NAME']); //Doesn't work with some paths.
+	$path     = '';
 	$domain   = ''; // '' = hostname
 	$https    = false;
 	$httponly = true;//true = unaccessable via javascript. Some XSS protection.
@@ -642,7 +656,7 @@ function Get_GET() { //*** Get main parameters *********************************
 	// i=some/path/,  f=somefile.xyz,  p=somepage
 	// $ipath      ,  $filename     ,  $page
 	// Get_GET() should not be called unless $_SESSION['valid'] == 1
-	global $_, $ipath, $filename, $page, $valid_pages, $param1, $param2, $param3, $EX, $message;
+	global $_, $ipath, $filename, $page, $valid_pages, $VALID_POST, $param1, $param2, $param3, $EX, $message;
 
 	//Initialize & validate $ipath
 	if (isset($_GET["i"])) { $ipath = Check_path($_GET["i"]); } else { $ipath = ""; }
@@ -660,6 +674,9 @@ function Get_GET() { //*** Get main parameters *********************************
 	if (!in_array($page, $valid_pages)) { 
 		$message .= $EX.hsc($_['get_get_msg_02']).' <b>'.hte($page).'</b><br>';
 		$page = "index";  //If invalid $_GET["p"]
+	}elseif ($page == "mdaction" && !$VALID_POST ){ //not likely, but just in case.
+		$message .= hsc($_['get_get_msg_03']).": $page<br>";
+		$page = "index";
 	}
 
 	//Pages that require a valid $filename
@@ -729,6 +746,7 @@ function Check_path($path) { // returns first valid path in some/supplied/path/
 
 
 function is_empty($path){ //****************************************************
+	if ($path == "") {$path = '.';}
 	$empty = false;
 	$dh = opendir($path);
 	for($i = 3; $i; $i--) { $empty = (readdir($dh) === FALSE); }
@@ -1366,52 +1384,49 @@ function Change_PWUN_response($PWUN){ //****************************************
 	//Update $USERNAME or $HASHWORD. Default $page = changepw or changeun 
 	global $_, $USERNAME, $HASHWORD, $EX, $message, $page;
 
-	if   ($PWUN == "pw") { $error1  = hsc($_['change_pw_02']); }
-	else                 { $error1  = hsc($_['change_un_02']); } //$PWUN == "un"
-
 	// trim leading & trailing white-space from input values
 	$current_pass = trim($_POST['current_pw']);
 	$new_pwun     = trim($_POST['new1']);
 	$confirm_pwun = trim($_POST['new2']);
 
+	if    ($PWUN == "pw")  { $error_msg   = $EX.'<b>'.hsc($_['change_pw_02']).'</b> '; }
+	else /*$PWUN == "un"*/ { $error_msg   = $EX.'<b>'.hsc($_['change_un_02']).'</b> '; }
+
 	//If nothing entered...
 	if ( ($current_pass == "") && ($new_pwun == "") && ($confirm_pwun == "") ) {
 		;//do nothing.
 		
 	//If no new & confirm values entered, display $message to that effect.
 	}elseif ( ($new_pwun == "") && ($confirm_pwun == "") ) {
-		$message .= $EX.'<b>'.$error1.' </b>'.hsc($_['pw_txt_06']).'<br>';
+		$message .= $error_msg.hsc($_['pw_txt_06']).'<br>';
 		
 	//If new & Confirm values don't match, display $message to that effect.
 	}elseif ($new_pwun != $confirm_pwun) {
-		$message .= $EX.'<b>'.$error1.' </b>'.hsc($_['change_pw_04']).'<br>';
+		$message .= $error_msg.hsc($_['change_pw_04']).'<br>';
 		
 	//If incorrect current p/w, logout.  (new == confirm at this point)
 	}elseif (hashit($current_pass) != $HASHWORD) {
-		$message .= $EX.'<b>'.$error1.'</b><br>'.hsc($_['change_pw_03']).'<br>';
+		$message .= $error_msg.'<br>'.hsc($_['change_pw_03']).'<br>';
 		Logout();
 		
-	//If changing password ($HASHWORD, actually)
-	}elseif ($PWUN == "pw") {
-		$HASHWORD = hashit($new_pwun);	
-		$search_for   = '$HASHWORD '; //include space after $HASHWORD
-		$replace_with = '$HASHWORD = "'.$HASHWORD.'";';
-		$updated = Update_config($search_for, $replace_with);
-		
-		if ($updated === false) { $message .= $EX.'<b>'.$error1.'</b><br>'.$_['update_failed']; }
-		else                    { $message .= $EX.'<b>'.hsc($_['change_pw_01']).'</b>'; }
-		
-		$page = "admin"; //Return to Admin page.
+	//Else change username or password
+	}else {
+		if ($PWUN == "pw") {
+			$search_for  = '$HASHWORD '; //include space after $HASHWORD
+			$success_msg = $EX.'<b>'.hsc($_['change_pw_01']).'</b>';
+			$HASHWORD = hashit($new_pwun);
+			$replace_with = '$HASHWORD = "'.$HASHWORD.'";';
+		}else { //$PWUN = "un"
+			$USERNAME = $new_pwun; 
+			$search_for  = '$USERNAME '; //include space after $USERNAME
+			$success_msg = $EX.'<b>'.hsc($_['change_un_01']).'</b>';
+			$replace_with = '$USERNAME = "'.$USERNAME.'";';
+		}
 		
-	//Else change username...
-	}else{
-		$USERNAME = $new_pwun;
-		$search_for   = '$USERNAME '; //include space after $HASHWORD
-		$replace_with = '$USERNAME = "'.$USERNAME.'";';
 		$updated = Update_config($search_for, $replace_with);
 		
-		if ($updated === false) { $message .= $EX.'<b>'.$error1.'</b><br>'.$_['update_failed']; }
-		else                    { $message .= $EX.'<b>'.hsc($_['change_un_01']).'</b>'; }
+		if ($updated === false) { $message .= $error_msg.hsc($_['update_failed']); }
+		else                    { $message .= $success_msg; }
 		
 		$page = "admin"; //Return to Admin page.
 	}
@@ -1509,17 +1524,36 @@ function List_Files() { // ...in a vertical table ******************************
 //called from Index Page
 
 	global $_, $ONESCRIPT, $ipath, $param1, $ftypes, $fclasses, $excluded_list, 
-			$stypes, $SHOWALLFILES,	$SVG_icon_circle_x;
+			$stypes, $SHOWALLFILES,	$SVG_icon_circle_x, $INPUT_NUONCE;
 
 	$files = scandir('./'.$ipath);
 	natcasesort($files);
 
-	/*For old IE only: text "icons" for Rename, Copy, and Delete  */
-	$R = '<span class="RCD R">'.hsc($_['R']).'</span>';
-	$C = '<span class="RCD C">'.hsc($_['C']).'</span>';
-	$D = '<span class="RCD D">'.hsc($_['D']).'</span>';
+	//Mostly for old IE < 9
+	if (supports_svg()) {
+		$R = svg_icon_ren();
+		$C = svg_icon_copy();
+		$D = svg_icon_del();
+	}else{ //text "icons" for Rename, Copy, and Delete
+		$R = '<span class="RCD R">'.hsc($_['R']).'</span>';
+		$C = '<span class="RCD C">'.hsc($_['C']).'</span>';
+		$D = '<span class="RCD D">'.hsc($_['D']).'</span>';
+	}
+
+	echo '<form method="post" action="'.$ONESCRIPT.$param1.'&amp;p=mdaction">'.$INPUT_NUONCE;
+		echo '<input type="hidden" name="mdaction" value="mdaction">';
+		//echo '<LABEL><INPUT TYPE=radio NAME="action" VALUE="move" checked> '.hsc($_['Move']).'</LABEL> ';
+		echo '<input type="hidden" name="action" value="move">'; //Temp element until all else is ready.
+		//echo '<LABEL><INPUT TYPE=radio NAME="action" VALUE="copy"> '.hsc($_['Copy']).'</LABEL> '; //Not yet...
+		//echo '<LABEL><INPUT TYPE=radio NAME="action" VALUE="delete"> '.hsc($_['Delete']).'</LABEL> '; //Not yet...
+		echo '<input type="submit" class="button" id="md_submit" value="'.hsc($_['Move'].' '.$_['Selected_Files']).'" >';
 
 	echo '<table class="index_T">';
+
+//		echo '<tr><td colspan="7" class="action">';
+//		echo '</td></tr>';
+
+	$X = 1; //index for list of checkboxes;
 	foreach ($files as $file) {
 		
 		$excluded = FALSE;
@@ -1538,16 +1572,23 @@ function List_Files() { // ...in a vertical table ******************************
 			$HREF_params = $ONESCRIPT.$param1.'&amp;f='.rawurlencode($file);
 ?>
 			<tr>
-				<td class="rcd"><a href="<?php echo $HREF_params.'&amp;p=rename' ?>" title="Rename" class="rcd1">
-				<?php if (supports_svg()) { echo svg_icon_ren();  }else {echo $R;} ?></a></td>
-				<td class="rcd"><a href="<?php echo $HREF_params.'&amp;p=copy'   ?>" title="Copy"   class="rcd1" >
-				<?php if (supports_svg()) { echo svg_icon_copy(); }else {echo $C;} ?></a></td> 
-				<td class="rcd"><a href="<?php echo $HREF_params.'&amp;p=delete' ?>" title="Delete" class="rcd1" >
-				<?php if (supports_svg()) { echo svg_icon_del();  }else {echo $D;} ?></a></td>
+				<td class="rcd">
+					<a href="<?php echo $HREF_params.'&amp;p=rename' ?>" title="<?php echo hsc($_['Ren_Move']) ?>" class="rcd1">
+					<?php echo $R ?></a></td>
+				<td class="rcd">
+					<a href="<?php echo $HREF_params.'&amp;p=copy'   ?>" title="<?php echo hsc($_['Copy']) ?>"   class="rcd1" >
+					<?php echo $C ?></a></td>
+				<td class="rcd">
+					<a href="<?php echo $HREF_params.'&amp;p=delete' ?>" title="<?php echo hsc($_['Delete']) ?>" class="rcd1" >
+					<?php echo $D ?></a></td>
+				
+				<td class="ckbox"><INPUT TYPE=checkbox NAME="files[<?php echo $X++ ?>]" VALUE="<?php echo hsc($file) ?>"></td>
+				
 				<td class="file_name">
 					<?php echo '<a href="'.$HREF_params.'&amp;p=edit"  title="Edit">'; ?>
 					<?php echo show_icon($type).hte($file), '</a>'; ?>
 				</td>
+				
 				<td class="meta_T file_size">&nbsp;
 					<?php echo number_format(filesize($ipath.$file)); ?> B
 				</td>
@@ -1558,7 +1599,7 @@ function List_Files() { // ...in a vertical table ******************************
 <?php 
 		}//end if !is_dir...
 	}//end foreach file
-	echo '</table>';
+	echo '</table></form>';
 }//end List_Files() ************************************************************
 
 
@@ -1974,15 +2015,15 @@ function Copy_Ren_Move_Page($action, $title, $name_id, $isfile) { //************
 ?>
 	<h2><?php echo $action.' '.$title ?></h2>
 
-	<p><?php echo hsc($_['CRM_txt_01']) ?></p>
+	<p><?php echo hsc($_['CRM_txt_01'].' '.$_['CRM_txt_02']) ?></p>
 
 	<?php echo $FORM_COMMON ?>
 
-		<label><?php echo hsc($_['CRM_txt_02']) ?></label><br>
+		<label><?php echo hsc($_['CRM_txt_03']) ?></label><br>
 		<span class="web_root"><?php echo hte($WEB_ROOT); ?></span><input type="text" 
 			name="old_name" value="<?php echo hsc($old_name); ?>" readonly="readonly">
 		<br>
-		<label><?php echo hsc($_['CRM_txt_03']) ?></label><br>
+		<label><?php echo hsc($_['CRM_txt_04']) ?></label><br>
 		<span class="web_root"><?php echo hte($WEB_ROOT); ?></span><input type="text" 
 			name="<?php echo $name_id ?>" id="<?php echo $name_id ?>" 
 			value="<?php echo hsc($new_name); ?>">
@@ -1996,40 +2037,48 @@ function Copy_Ren_Move_Page($action, $title, $name_id, $isfile) { //************
 
 
 //******************************************************************************
-function Copy_Ren_Move_response($old_name, $new_name, $action, $msg1, $msg2, $isfile){
+function Copy_Ren_Move_response($old_name, $new_name, $action, $msg1, $msg2, $isfile, $show_message = 3){
 	//$action = 'copy' or 'rename'. $isfile = 1 if acting on a file, not a folder
-	global $_, $WEB_ROOT, $ipath, $param1, $param2, $param3, $message, $EX, $page, $filename;
+	//$show_message: 0 = none; 1 = errors only; 2 = successes only; 3 = all messages (default).
+	global $_, $WEB_ROOT, $ipath, $param1, $param2, $message, $EX, $page, $filename;
 
 	$old_name = trim($old_name,'/ ');
 	$new_name = trim($new_name,'/ ');
 	$new_location = dirname($new_name);
-	$filename = $old_name; //default if error
-	if ($isfile) { $page = "edit"; }else{ $page = "index"; }
+	$param2 = '';
+	$err_msg = ''; //On error, set this message.
+	$scs_msg = ''; //On success, set this message.
 	
-	if ( !is_dir($new_location) ){
-		$message .= $EX.'<b>'.$msg1.' '.hsc($_['CRM_msg_01']).'</b><br>';
-		$message .= hte($WEB_ROOT.$new_location).'/<br>';
-	}elseif ( !file_exists($filename) ){
-		$message .= $EX.'<b>'.$msg1.' '.hsc($_['CRM_msg_02']).'</b><br>';
-		$message .= hte($filename);
-	}elseif (file_exists($new_name)) {
-		$message .= $EX.'<b>'.$msg1.' '.hsc($_['CRM_msg_03']).'</b><br>';
-		$message .= hte($WEB_ROOT.$new_name).'<br>';
+	if ( !is_dir($new_location) ) {
+		$err_msg  = $EX.'<b>'.$msg1.' '.hsc($_['CRM_msg_01']).'</b><br>';
+		$err_msg .= hte($WEB_ROOT.$new_location).'/<br>';
+		$error = 1; //0= no error, 1 = an error.
+	}elseif ( !file_exists($old_name) ) {
+		$err_msg  = $EX.'<b>'.$msg1.' '.hsc($_['CRM_msg_02']).'</b><br>';
+		$err_msg .= hte($filename);
+		$error = 1;
+	}elseif ( file_exists($new_name) ) {
+		$err_msg  = $EX.'<b>'.$msg1.' '.hsc($_['CRM_msg_03']).'</b><br>';
+		$err_msg .= hte($WEB_ROOT.$new_name).'<br>';
+		$error = 1;
 	}elseif ($action($old_name, $new_name)) {
-		$message .= hte($WEB_ROOT.$old_name).'<br>';
-		$message .= '<b> --- '.$msg2.' '.hsc($_['CRM_msg_04']).' ---</b><br>';
-		$message .= hte($WEB_ROOT.$new_name).'<br>';
-		$filename = $new_name; //so edit page knows what to edit
-		if ($isfile) { $ipath = Check_path(dirname($filename)); } //if changed,
-		else         { $ipath = Check_path($filename); }          //return to new dir.
+		$scs_msg  = hte($WEB_ROOT.$old_name).'<br>';
+		$scs_msg .= '<b> --- '.$msg2.' '.hsc($_['CRM_msg_04']).' ---</b><br>';
+		$scs_msg .= hte($WEB_ROOT.$new_name).'<br>';
+		if ($isfile) { $ipath = Check_path(dirname($new_name)); } //if file
+		else         { $ipath = Check_path($new_name); }          //if folder
 		$param1   = '?i='.URLencode_path($ipath);
-		$param2   = '&amp;f='.rawurlencode(basename($filename));
-		$param3   = '&amp;p=edit';
+		$error = 0;
 	}else{
-		$message .= hte($WEB_ROOT.$old_name).'<br>';
-		$message .= $EX.'<b>'.hsc($_['CRM_msg_05a']).' '.$msg1.' '.hsc($_['CRM_msg_05b']).'</b><br>';
-		$message .= hte($WEB_ROOT.$new_name).'<br>';
+		$err_msg  = hte($WEB_ROOT.$old_name).'<br>';
+		$err_msg  = $EX.'<b>'.hsc($_['CRM_msg_05a']).' '.$msg1.' '.hsc($_['CRM_msg_05b']).'</b><br>';
+		$err_msg .= hte($WEB_ROOT.$new_name).'<br>';
+		$error = 1;
 	}
+	
+	if ($show_message & 1) { $message .= $err_msg; } //Show error message.
+	if ($show_message & 2) { $message .= $scs_msg; } //Show success message.
+	return $error; //
 }//end Copy_Ren_Move_response() ************************************************
 
 
@@ -2041,7 +2090,7 @@ function Delete_File_Page() { //************************************************
 	<h2><?php echo hsc($_['page_title_del']) ?></h2>
 	<?php echo $FORM_COMMON ?>
 		<input type="hidden" name="delete_file" value="<?php echo hsc($filename); ?>" >
-		<p class="verify"><?php echo hte(basename($filename)); ?></p>
+		<p><span class="verify_del"><?php echo hte(basename($filename)); ?></span></p>
 		<p><b><?php echo hsc($_['delete_txt_01']) ?></b></p>
 		<?php Cancel_Submit_Buttons(hsc($_['DELETE']), "cancel"); ?>
 	</form>
@@ -2136,7 +2185,7 @@ function Delete_Folder_Page(){ //***********************************************
 		<input type="hidden" name="delete_folder" value="<?php echo hsc($ipath); ?>" >
 		<p>
 		<span class="web_root"><?php echo hte($WEB_ROOT.Check_path(dirname($ipath))); ?></span>
-		<span class="verify"><?php echo hte(basename($ipath)); ?></span> /
+		<span class="verify_del"><?php echo hte(basename($ipath)); ?></span> /
 		</p>
 		<p><b><?php echo hsc($_['delete_folder_txt_01']) ?></b></p>
 		<?php Cancel_Submit_Buttons(hsc($_['DELETE']), "cancel"); ?>
@@ -2167,6 +2216,109 @@ function Delete_Folder_response() { //******************************************
 
 
 
+function MD_Action_Page() { //**************************************************
+	global $_, $WEB_ROOT, $ONESCRIPT, $ipath, $param1, $page, $ONEFILECMS, $INPUT_NUONCE, $message;
+
+	if ($_POST['action'] == 'delete')   {
+		$page_title = hsc($_['page_title_del']);
+		$button     = hsc($_['Del_Files']);
+		$classes    = "verify verify_del";
+		$action     = 'md_action_del';
+	}else { //$_POST['action'] == 'move'
+		$page_title = hsc($_['page_title_mov']);
+		$button     = hsc($_['Move_Files']);
+		$classes    = "verify";
+		$action     = 'md_action_mov';
+	}
+
+	Set_Input_width();
+
+	echo '<h2>'.hsc($page_title).'</h2>';
+
+	echo '<form method="post" action="'.$ONESCRIPT.$param1.'">'.$INPUT_NUONCE;
+		echo '<input type="hidden" name="'.$action.'" value="'.$action.'">'.PHP_EOL;
+		
+		$X = 1;
+		foreach($_POST['files'] as $file) {
+			echo '<input type="hidden" name="files['.$X++	.']" value="'.$file.'">'.PHP_EOL;
+		}
+		
+		//List files
+		echo '<table class="'.$classes.'">';
+		foreach($_POST['files'] as $file) {
+			echo '<tr><td>'.hte($file).'</td></tr>';
+		}
+		echo '</table>';
+		
+		if ($_POST['action'] == 'move')   {
+			echo '<label for="moveto">'.hsc($_['New_location']).'</label> ('.hsc($_['CRM_txt_02']).')<br>';
+			echo '<span class="web_root">'.hte($WEB_ROOT).'</span>';
+			echo '<input type="text" name="moveto" id="moveto" value="'.hsc($ipath).'">';
+			
+		}elseif ($_POST['action'] == 'copy')   {
+			;  //Coming soon to a computer near you! //#####
+		}else{ // $_POST['action'] == 'delete'
+			;  //Coming soon to a computer near you! //#####
+		}
+			
+		echo '<p><b>'.hsc($_['delete_txt_01']).'</b></p>'; //"Are you sure?"
+		Cancel_Submit_Buttons(hsc($button), "moveto");
+	echo '</form>';
+
+} //end MD_Action_Page() *******************************************************
+
+
+
+
+function MD_Action_mov() { //***************************************************
+	global $_, $WEB_ROOT, $ipath, $param1, $param2, $param3, $message, $EX, $filename;
+
+	$new_location = trim($_POST['moveto'],'/').'/'; //make sure no leading, and only 1 trailing, slash.
+	$md_ipath = $ipath; //$Copy_Ren_Move_response() changes $ipath to $new_location
+	$files    = $_POST['files']; //List of files to delete (path not included)
+	$count    = count($files);
+	$errors   = 0; //number of failed moves
+
+	if ( !is_dir($new_location) ){
+		$message .= $EX.'<b> '.hsc($_['upload_msg_02']).'</b><br>';
+		$message .= hte($WEB_ROOT.$new_location).'<br>';
+		return;
+	}
+
+	foreach ($files as $file){
+		$old_name = $md_ipath.$file;
+		$new_name = $new_location.$file;
+		$action   = 'rename';
+		$msg1     = hsc($_['Ren_Move']);
+		$msg2     = hsc($_['Ren_Moved']);
+		$isfile   = 1;
+		$show_msg = 1; //1= show error msg only. 2= show success msg only. 3= show all msg's.
+		$errors  += Copy_Ren_Move_response($old_name, $new_name, $action, $msg1, $msg2, $isfile, $show_msg);
+	}
+
+	$successful = $count - $errors;
+	
+	if ($errors) { $message .= $EX.' <b>'.$errors.' '.hsc($_['errors']).'.</b> '; }
+	
+	$message .= '<b>'.$successful.' '.hsc($_['md_mov_01']).'</b><br>';
+
+	if ($successful != 0) { //if all errors, don't bother...
+		$message .= '<b>'.hsc($_['Old_location']).':</b> '.hsc($WEB_ROOT).$md_ipath.'<br>';
+		$message .= '<b>'.hsc($_['New_location']).':</b> '.hsc($WEB_ROOT).$ipath.'<br>';
+	}
+}//end MD_Action_mov() *********************************************************
+
+
+
+
+function MD_Action_del() { //***************************************************
+	global $EX, $message;
+	$message .= 'Sorry, not ready yet, but "Coming soon" to a computer near you!<br>'; //#####
+}//end MD_Action_del() *********************************************************
+
+
+
+
 function Page_Title(){ //***<title>Page_Title()</title>*************************
 	global $_, $page;
 
@@ -2203,11 +2355,12 @@ function Load_Selected_Page(){ //***********************************************
 	elseif ($page == "upload")       { Upload_Page();         }
 	elseif ($page == "newfile")      { New_File_Page();       }
 	elseif ($page == "copy")         { Copy_Ren_Move_Page(hsc($_['Copy']),   hsc($_['File']), 'copy_file', 1); }
-	elseif ($page == "rename")       { Copy_Ren_Move_Page(hsc($_['Rename']), hsc($_['File']), 'rename_file', 1); }
+	elseif ($page == "rename")       { Copy_Ren_Move_Page(hsc($_['Ren_Move']), hsc($_['File']), 'rename_file', 1); }
 	elseif ($page == "delete")       { Delete_File_Page();    }
 	elseif ($page == "newfolder")    { New_Folder_Page();     }
-	elseif ($page == "renamefolder") { Copy_Ren_Move_Page(hsc($_['Rename']), hsc($_['Folder']), 'rename_folder', 0); }
+	elseif ($page == "renamefolder") { Copy_Ren_Move_Page(hsc($_['Ren_Move']), hsc($_['Folder']), 'rename_folder', 0); }
 	elseif ($page == "deletefolder") { Delete_Folder_Page();  }
+	elseif ($page == "mdaction")     { MD_Action_Page();      }
 	else                             { Login_Page();          } //default
 }//end Load_Selected_Page() ****************************************************
 
@@ -2215,10 +2368,21 @@ function Load_Selected_Page(){ //***********************************************
 
 
 function Respond_to_POST() {//**************************************************
-	global $_, $VALID_POST;
+	global $_, $VALID_POST, $page, $message;
 
 	if ($VALID_POST) { 
-		if     (isset($_FILES['upload_file']['name'])) { Upload_response();  }
+		if (isset($_FILES['upload_file']['name']))  { Upload_response();     }
+		elseif     ($page == "mdaction") { 
+			//There must be at least one 'file', and 'action' must = "move" or "delete"
+			if (!isset($_POST['mdaction']     )) { $page = "index"; }
+			if (!isset($_POST['files']) ) { $page = "index"; }
+			if (!isset($_POST['action'])) { $page = "index"; }
+			if ( isset($_POST['action']) && ($_POST['action'] != "move") && ($_POST['action'] != "delete") ) {
+				$page = "index";
+			}
+		}
+		elseif (isset($_POST["md_action_mov"])) { MD_Action_mov();           }
+		elseif (isset($_POST["md_action_del"])) { MD_Action_del();           }
 		elseif (isset($_POST["whattohash"]   )) { Hash_response();           }
 		elseif (isset($_POST["pw"]           )) { Change_PWUN_response('pw');}
 		elseif (isset($_POST["un"]           )) { Change_PWUN_response('un');}
@@ -2585,20 +2749,16 @@ function style_sheet(){ //******************************************************
 table.index_T {
 	min-width: 30em;
 	font-size: .95em;
-	border-style: outset;
-	border-width: 1px;
-	border-color: #807568;
+	border         : 1px outset gray;
 	border-collapse: collapse;
 	margin-bottom: .7em;
 	background-color: #FdFdFd;
 	}
-	
+
 table.index_T tr:hover { border: 1px solid #807568; }
 
 table.index_T td { 
-	border-width  : 1px;
-	border-color  : silver;
-	border-style  : inset;
+	border        : 1px inset silver;
 	vertical-align: middle;
 	}
 
@@ -2797,15 +2957,42 @@ function style_sheet(){ //******************************************************
 	overflow: visible;
 	}
 
-.verify {
+
+table.verify {
+	font            : 1em Courier;
+	margin-bottom   : .7em;
+	border          : 1px outset gray;
+	border-collapse : collapse;
+	background-color: white;
+	}
+
+table.verify td { 
+	border        : 1px inset silver;
+	padding: .1em 1em .1em .5em;
+	vertical-align: middle;
+	}
+
+
+.verify_del {
 	border: 1px solid #F44;
-	color: #333;
+	color : #222;
 	background-color: #FFE7E7;
-	padding: .1em .2em;
+	font  : 1em Courier;
 	margin-bottom: .5em;
-	font: 1.2em Courier;
+	padding: .2em;
+}
+
+
+table.verify_del {
+	border: 1px solid #F44;
+	background-color: #FFE7E7;
 	}
 
+table.verify_del td { 
+	border: 1px solid #F44;
+	}
+
+
 #admin {padding: .3em;}
 
 .web_root {font: 1em Courier;}
@@ -2840,11 +3027,19 @@ function style_sheet(){ //******************************************************
 #del_backup   { float: left; margin-left  :  1em; }
 
 /*** For old IE only: text "icons" for Rename, Copy, and Delete ***/
-
 .RCD {font: 900 .6em arial; border: 1px solid; padding: 0px 2px 0px 2px;} 
 .R   {color: #804000; border-color: #804000}
 .C   {color: #006400; border-color: #006400}
 .D   {color: #a00;    border-color: #a00}
+
+/**/
+td.ckbox {padding: 2px 4px 0 4px}
+td.ckbox:hover { background-color: rgb(255,250,150); }
+td.ckbox:focus { background-color: rgb(255,250,150); }
+
+.action        { padding: .2em 0 .2em .3em; }
+.action  label { font: 400 .9em arial; margin-right: 1em; }
+#md_submit { margin: 0 0 .2em 0; padding: 3px 5px; color: rgb(100,45,0); }
 </style>
 <?php 
 }//end style_sheet() ***********************************************************
@@ -3011,7 +3206,7 @@ function Language_and_config_adjusted_styles() {//******************************
 	echo '<br>';
 }
 ?>
-
 </div><!-- end container/login_page -->
+
 </body>
 </html>

From 3ff88fe7977e6ee31256985d53bf7e3cc1e57cc6 Mon Sep 17 00:00:00 2001
From: Self-Evident <selfevidenttruths@mail.com>
Date: Wed, 29 Aug 2012 12:00:00 -0400
Subject: [PATCH 138/228] Version 3.3.18 Added Copy & Delete to Move as
 multi-file options on index page. (includes new js as well as php code.)  
 mdaction => mcdaction   MD_Action_Page() => MCD_Page()   MD_Action_mov()  =>
 MCD_response() Improved message_box() & related styles. Consolidated
 Time_Stamp_scripts() & Timer_scripts() into common_scripts(). Split off
 Table_of_Files() from List_Files(). Split off List_Backup() from
 Admin_Page(). Copy_Ren_Move_response(): Improved logic to show/not show
 $message's Delete_File_response(): Added logic to show/not show $message's
 Changing Password & Username will now update $config_file (if it's used)
 Added the folowing global vars - used for p/w & u/n updates:  
 $ONESCRIPT_path, $CONFIG_file ,$CONFIG_file_backup, $CONFIG_url_backup Added
 some $_[] strings. Eliminated a couple redundant $_[] strings. Added
 class="filename" for filenames in $message's. label {styles}: removed
 "display: inline-block" Added $_['select_all_label_size'] to language
 settings

---
 OneFileCMS.LANG.DE.php |  315 ++++++------
 OneFileCMS.LANG.EN.php |  569 +++++++++++----------
 OneFileCMS.LANG.ES.php |  317 ++++++------
 onefilecms.php         | 1095 +++++++++++++++++++++++-----------------
 4 files changed, 1219 insertions(+), 1077 deletions(-)

diff --git a/OneFileCMS.LANG.DE.php b/OneFileCMS.LANG.DE.php
index d2797e3..b4a2503 100755
--- a/OneFileCMS.LANG.DE.php
+++ b/OneFileCMS.LANG.DE.php
@@ -1,66 +1,84 @@
 <?php
-// OneFileCMS Language Settings v3.3.16
-
-$_['LANGUAGE'] = 'Deutsch'; //*** There are several new or changed values without translations and are in English ***
-                            //*** Also, some values are no longer used and are commented out.                     ***
-//Übersetzungen:
-//==============
-//Move=Verschieben ;Directory or Folder=Ordner ;Create=erstellen ;Log In=anmelden
-//;Log out=abmelden ;reset=zurücksetzen ;session=sitzung ;expired=abgelaufen ;exist=bestehen 
-//;configuration section=Konfigurationsbereich ;hash=Streuwert ;button: knopf ;Anrede: Sie
-
-// Remember to slash-escape any single quotes that may be within a value:  \'
-// The back-slash itself, if to be part of the text to display, may or may not 
-// also need to be escaped:  \\
+// OneFileCMS Language Settings v3.3.18
 
+$_['LANGUAGE'] = 'Deutsch';
+$_['LANG'] = 'DE';
 
+// If no translation or value is desired for a particular setting, do not delete
+// the actual setting variable, just set it to an empty string.
+// For example:  $_['some_unused_setting'] = '';
+//
+// Remember to slash-escape any single quotes that may be within the text:  \'
+// The back-slash itself may or may not also need to be escaped:  \\
+//
+// If present as a trailing comment, "## NT ##" means 'Need Translation'.
+//
 // In some instances, some langauges may use significantly longer words or phrases than others.
 // So, a smaller font or less spacing may be desirable in those places to preserve page layout.
 //
-$_['front_links_font_size'] = '.9em'; //Buttons on Index page.
-$_['front_links_margin_R']  = '.5em';
-$_['button_font_size']      = '.7em'; //Buttons on Edit page.
-$_['button_margin_L']       = '.5em';
+$_['front_links_font_size'] = '.9em';   //Buttons on Index page.
+$_['front_links_margin_R']  = '.5em';  
+$_['button_font_size']      = '.7em';   //Buttons on Edit page.
+$_['button_margin_L']       = '.5em';  
 $_['button_padding']        = '4px 5px';
-$_['image_info_font_size']  = '.95em'; //show_img_msg_01  &  _02 
-$_['image_info_pos']        = '1'; //If 1 or true, moves the info down a line for more space.
-
-$_['R'] = 'U'; // U mbenennen       //new
-$_['C'] = 'K'; // K opieren         //new
-$_['D'] = 'L'; // L öschen       //new
-
-$_['Upload_File'] = 'Datei heraufladen';
-$_['New_File']    = 'Datei erstellen';
-$_['Ren_Move']    = 'Umbenennen / Verschieben';
-$_['Ren_Moved']   = 'Umbenannt / Verschoben';
-$_['New_Folder']  = 'Neuer Ordner';
-$_['Ren_Folder']  = 'Ordner umbenennen/verschieben';
-$_['Del_Folder']  = 'Ordner löschen';
-
-$_['Admin']  = 'Konfiguration';
-$_['Enter']  = 'Eintreten';
-$_['Edit']   = 'Bearbeiten';
-$_['Close']  = 'Schließen';
-$_['Cancel'] = 'Abbrechen';
-$_['Upload'] = 'Heraufladen';
-$_['Create'] = 'Erstellen';
-$_['Copy']   = 'Kopieren';
-$_['Copied'] = 'Kopiert';
-$_['Rename'] = 'Umbenennen / Verschoben';
-$_['Delete'] = 'Löschen';
-$_['DELETE'] = 'LÖSCHEN';
-$_['File']   = 'Datei';
-$_['Folder'] = 'Ordner';
-$_['Submit'] = 'Anfrage senden'; //new
-$_['Username'] = 'Benutzername';     //new
-$_['Password'] = 'Passwort';     //new
-
-$_['Log_In']  = 'Anmelden';
-$_['Log_Out'] = 'Abmelden';
-
-$_['Hash']    = 'Hash';
-$_['pass_to_hash']  = 'Password to hash:';
-$_['Generate_Hash'] = 'Hash generieren';
+$_['image_info_font_size']  = '.95em';  //show_img_msg_01  &  _02
+$_['image_info_pos']        = '1';      //If 1 or true, moves the info down a line for more space.
+$_['select_all_label_size'] = '.84em';  //Font size of $_['Select_All']
+$_['select_all_div_width']  = '73px';   //Width of space for $_['Select_All']
+
+$_['R'] = 'U'; //U mbenennen
+$_['C'] = 'K'; //K opieren
+$_['D'] = 'L'; //L öschen
+
+$_['Admin']   = 'Konfiguration';
+$_['Cancel']  = 'Abbrechen';
+$_['Close']   = 'Schließen';
+$_['Copy']    = 'Erstellen';
+$_['Copied']  = 'Kopieren';
+$_['Create']  = 'Kopiert';
+$_['Delete']  = 'Löschen';
+$_['DELETE']  = 'LÖSCHEN';
+$_['Deleted'] = 'Deleted'; //## NT ##
+$_['Edit']    = 'Bearbeiten';
+$_['Enter']   = 'Eintreten';
+$_['errors']  = 'errors';  //## NT ##
+$_['File']    = 'Datei';  
+$_['Folder']  = 'Ordner'; 
+$_['From']    = 'From';    //## NT ##
+$_['Hash']    = 'Streuwert';
+$_['Move']    = 'Verschieben';
+$_['Moved']   = 'Verschoben';
+$_['on']      = 'läuft unter';
+$_['Password'] = 'Passwort';
+
+$_['Rename']     = 'Umbenennen';
+$_['successful'] = 'successful'; //## NT ##
+$_['To']         = 'To';         //## NT ##
+$_['Upload']     = 'Heraufladen';
+$_['Username']   = 'Benutzername';
+$_['Log_In']     = 'Anmelden';  
+$_['Log_Out']    = 'Abmelden';  
+
+$_['Upload_File']    = 'Datei heraufladen';  
+$_['New_File']       = 'Datei erstellen';    
+$_['Ren_Move']       = 'Umbenennen / Verschieben';
+$_['Ren_Moved']      = 'Umbenannt / Verschoben';
+$_['New_Folder']     = 'Neuer Ordner';       
+$_['Ren_Folder']     = 'Ordner umbenennen/verschieben';
+$_['Del_Folder']     = 'Ordner löschen';    
+$_['Submit']         = 'Anfrage senden';     
+$_['Move_Files']     = 'Move File(s)';        //## NT ##
+$_['Copy_Files']     = 'Copy File(s)';        //## NT ##
+$_['Del_Files']      = 'Delete File(s)';      //## NT ##
+$_['Selected_Files'] = 'Selected Files';      //## NT ##
+$_['Select_All']     = 'Select All';          //## NT ##
+$_['Clear_All']      = 'Clear All';           //## NT ##
+$_['New_location']   = 'New Location';        //## NT ##
+$_['No_files']       = 'No files selected.';  //## NT ##
+$_['No_action']      = 'No action selected.'; //## NT ##
+$_['Not_found']      = 'Not found';           //## NT ##
+$_['pass_to_hash']   = 'Password to hash:';   //## NT ##
+$_['Generate_Hash']  = 'Streuwert generieren';
 
 $_['save_1']      = 'Speichern';
 $_['save_2']      = 'ÄNDERUNGEN SPEICHERN!';
@@ -68,43 +86,28 @@
 $_['Wide_View']   = 'Breitenadaptierte Ansicht';
 $_['Normal_View'] = 'Normale Ansicht';
 
-$_['on_']      = 'läuft unter';
-
-$_['verify_msg_01'] = 'Sitzung abgelaufen.';
-$_['verify_msg_02'] = 'UNGÜLTIGE DATENSENDUNG';
-
-$_['get_get_msg_01'] = 'Die Datei wurde nicht gefunden:';
-$_['get_get_msg_02'] = 'Invalid page request.';
+$_['verify_msg_01']  = 'Sitzung abgelaufen.';
+$_['verify_msg_02']  = 'UNGÜLTIGE DATENSENDUNG';
 
+$_['get_get_msg_01']    = 'Die Datei wurde nicht gefunden:';
+$_['get_get_msg_02']    = 'Invalid page request.';
+$_['get_get_msg_03']    = 'Missing information for requested page'; //## NT ##
 $_['check_path_msg_01'] = 'Das Verzeichnis wurde nicht gefunden: ';
+$_['ord_msg_01']        = 'Eine Datei mit demselben Namen existiert bereits im Zielverzeichnis.';
+$_['ord_msg_02']        = 'Speichern als';
+$_['show_img_msg_01']   = 'Die Bilddarstellung entspricht ~';
+$_['show_img_msg_02']   = '% der wahren Größe (W x H = ';
 
-$_['ord_msg_01'] = 'Eine Datei mit demselben Namen existiert bereits im Zielverzeichnis.';
-$_['ord_msg_02'] = 'Speichern als';
-
-$_['show_img_msg_01'] = 'Die Bilddarstellung entspricht ~';
-$_['show_img_msg_02'] = '% der wahren Größe (W x H = ';
-
-$_['hash_txt_01'] = 'The hashes generated by this page may be used to manually update $HASHWORD in OneFileCMS, or in an external config file.  In either case, make sure you remember the password used to generate the hash!'; //changed
-//$_['hash_txt_02'] = '1) Verwenden Sie die Konfigurationsvariable $PASSWORD, um Ihr gewünschtes Passwort zu speichern. In diesem Fall sollte $USE_HASH auf 0 gesetzt werden.';
-//$_['hash_txt_03'] = '2) Oder Sie verwenden die Konfigurationsvariable $HASHWORD, um den Streuwert Ihres Passwortes zu speichern. Setzen Sie $USE_HASH in diesem Fall auf 1.';
-//$_['hash_txt_04'] = 'Bitte denken Sie daran, dass es sich hierbei großteils um eine akademische Übung handelt. Die Verwendung eines Streuwerts trägt viel zur Sicherheit bei und erlaubt Ihnen, das Passwort nicht in Klarschrift speichern zu müssen.';
-//$_['hash_txt_05'] = 'Um die $HASHWORD Option verwenden zu können:';
+$_['hash_txt_01'] = 'The hashes generated by this page may be used to manually update $HASHWORD in OneFileCMS, or in an external config file.  In either case, make sure you remember the password used to generate the hash!'; //## NT ##
 $_['hash_txt_06'] = 'Tippen Sie das gewünschte Passwort in das Eingabefeld und drücken Sie Enter.';
 $_['hash_txt_07'] = 'Der Streuwert wird in einer gelben Box überhalb angezeigt werden.';
 $_['hash_txt_08'] = 'Kopieren Sie den neuen Streuwert und fügen Sie ihn in den Konfigurationsbereich als Wert der Variable $HASHWORD ein.';
 $_['hash_txt_09'] = 'Stellen Sie sicher, dass Sie den GESAMTEN Streuwert -- und nur diesen (keine führenden oder nachgestellten Leerzeichen, etc.) -- kopiert haben.';
 $_['hash_txt_10'] = 'Ein Doppelklick sollte den Streuwert auswählen...';
-//$_['hash_txt_11'] = 'Stellen Sie sicher, dass $USE_HASH auf 1 oder true gesetzt wurde.';
 $_['hash_txt_12'] = 'Wenn die Werte eingetragen wurden, melden Sie sich ab und wieder an.';
-//$_['hash_txt_13'] = 'Sie können auch OneFileCMS selbst bearbeiten.  Legen Sie aber sicherheitshalber eine Kopie an, falls es zu einem unerwünschten Schreibfehler kommt...';
-//$_['hash_txt_14'] = 'Eine weitere, kleine Sicherheitsvorkehrung wäre, das Salz oder die Methode für die Streuwertgenerierung von OneFileCMS zu ändern.';
-
-$_['hash_msg_01'] = 'Passwort:';
-$_['hash_msg_02'] = 'Streuwert:';
-
-$_['login_txt_01'] = 'Benutzername:';
-$_['login_txt_02'] = 'Passwort:';
 
+$_['login_txt_01']  = 'Benutzername:';
+$_['login_txt_02']  = 'Passwort:';
 $_['login_msg_01a'] = 'Es wurden ';
 $_['login_msg_01b'] = ' ungültige Anmeldversuche gezählt.';
 $_['login_msg_02a'] = 'Bitte warten Sie ';
@@ -130,24 +133,22 @@
 $_['too_large_to_edit_02']  = 'Einige Browser (wie zum Beispiel der Internet Explorer) bleiben stecken oder werden instabil, sobald größere Textmengen in einer HTML <textarea> bearbeitet werden.';
 $_['too_large_to_edit_03']  = 'Die Einstellung $MAX_EDIT_SIZE im Konfigurationsbereich des OneFileCMS kann nach den Erfordernissen angepaßt werden.';
 $_['too_large_to_edit_04']  = 'Mittels einfachem Trial & Error kann das optimale Limit für einen bestimmten Browser und Computer festgestellt werden.';
-
 $_['too_large_to_view_01a'] = 'Betrachtungsmodus deaktiviert. Filesize > ';
 $_['too_large_to_view_01b'] = ' Bytes.';
 $_['too_large_to_view_02']  = 'Klicken Sie auf den Dateinamen überhalb, um die Datei direkt im Browser anzuzeigen.';
 $_['too_large_to_view_03']  = 'Adjustieren Sie die $MAX_VIEW_SIZE im Konfigurationsbereich von OneFileCMS nach Ihren Bedürfnissen.';
-$_['too_large_to_view_04']  = '(The default value for $MAX_VIEW_SIZE is completely arbitrary, and may be adjusted as desired.)';
+$_['too_large_to_view_04']  = '(The default value for $MAX_VIEW_SIZE is completely arbitrary, and may be adjusted as desired.)'; //## NT ##
 
 $_['meta_txt_01'] = 'Dateigröße: ';
 $_['meta_txt_02'] = ' Bytes.';
 $_['meta_txt_03'] = 'Zuletzt aktualisiert am/um: ';
-
 $_['edit_msg_01'] = 'Die Datei wurde gespeichert: ';
 $_['edit_msg_02'] = 'Bytes geschrieben.';
 $_['edit_msg_03'] = 'Bei dem Versuch die Datei zu speichern trat ein Fehler auf.';
 
-$_['upload_txt_01'] = '  per upload_max_filesize in php.ini.';
-$_['upload_txt_02'] = 'per post_max_size in php.ini';
-$_['upload_txt_03'] = 'Anmerkung: Die maximale Dateigröße für das Heraufladen von Dateien beträgt: ';
+$_['upload_txt_01']  = '  per upload_max_filesize in php.ini.';
+$_['upload_txt_02']  = 'per post_max_size in php.ini'; //## NT ##
+$_['upload_txt_03']  = 'Anmerkung: Die maximale Dateigröße für das Heraufladen von Dateien beträgt: ';
 
 $_['upload_err_01a'] = 'Fehler 1: Die Datei ist zu groß.  ';
 $_['upload_err_01b'] = ' (Einschränkung durch php.ini)';
@@ -169,7 +170,6 @@
 
 $_['new_file_txt_01'] = 'Die Datei wird im aktuellen Ordner erstellt.  ';
 $_['new_file_txt_02'] = 'Ungültige Zeichen für Dateinamen sind: ';
-
 $_['new_file_msg_01'] = 'Die neue Datei wurde nicht erstellt:';
 $_['new_file_msg_02'] = 'Der Name enthält ungültige Zeichen: ';
 $_['new_file_msg_03'] = 'Es wurde keine Datei erstellt, da kein Name eingegeben wurde';
@@ -177,10 +177,10 @@
 $_['new_file_msg_05'] = 'Datei erstellt:';
 $_['new_file_msg_06'] = 'Fehler - die Datei konnte nicht erstellt werden:';
 
-$_['CRM_txt_01']  = 'Um eine Datei oder einen Ordner zu verschieben, ändern Sie den pfad/zur/datei/oder/dem/verzeichnis. Der neue Ort muss bereits existieren.';
-$_['CRM_txt_02']  = 'Alter Name:';
-$_['CRM_txt_03']  = 'Neuer Name:';
-
+$_['CRM_txt_01']  = 'Um eine Datei oder einen Ordner zu verschieben, ändern Sie den pfad/zur/datei/oder/dem/verzeichnis.';
+$_['CRM_txt_02']  = 'Der neue Ort muss bereits existieren.';
+$_['CRM_txt_03']  = 'Alter Name';
+$_['CRM_txt_04']  = 'Neuer Name';
 $_['CRM_msg_01']  = ' Fehler - der neue Zielort besteht nicht:';
 $_['CRM_msg_02']  = ' Fehler - die Quelldatei besteht nicht:';
 $_['CRM_msg_03']  = ' Fehler - die Zieldatei besteht bereits:';
@@ -189,13 +189,11 @@
 $_['CRM_msg_05b'] = ' des folgenden Vorgangs:';
 
 $_['delete_txt_01'] = 'Sind Sie sicher?';
-
 $_['delete_msg_01'] = 'Gelöschte Datei:';
 $_['delete_msg_02'] = 'Während des Löschvorgangs trat ein Fehler auf ';
 
-$_['new_folder_txt_1'] = 'Der neue Ordner wird als Unterordner des aktuellen Ordners angelegt.  ';
-$_['new_folder_txt_2'] = 'Ungültige Zeichen für Ordnernamen sind: ';
-
+$_['new_folder_txt_1']  = 'Der neue Ordner wird als Unterordner des aktuellen Ordners angelegt.  ';
+$_['new_folder_txt_2']  = 'Ungültige Zeichen für Ordnernamen sind: ';
 $_['new_folder_msg_01'] = 'Der Ordner konnte nicht erstellt werden:';
 $_['new_folder_msg_02'] = 'Der Name enthält ungültige Zeichen: ';
 $_['new_folder_msg_03'] = 'Es wurde kein Ordner erstellt, da kein Name dafür eingegeben wurde.';
@@ -204,85 +202,80 @@
 $_['new_folder_msg_06'] = 'Fehler - der Ordner konnte nicht erstellt werden: ';
 
 $_['delete_folder_txt_01'] = 'Sind Sie sicher?';
-
 $_['delete_folder_msg_01'] = 'Der Ordner ist nicht leer.   Bevor ein Ordner gelöscht werden kann, muss er geleert werden.';
 $_['delete_folder_msg_02'] = 'Gelöschter Ordner:';
 $_['delete_folder_msg_03'] = 'während des Löschvorgangs trat ein Fehler auf.';
 
-$_['page_title_login']      = 'Anmelden';
-$_['page_title_admin']      = 'Optionen für die Administration'; //new
+$_['page_title_login']      = 'Anmelden';                
+$_['page_title_admin']      = 'Optionen für die Administration';
 $_['page_title_hash']       = 'Streuwertgenerierung für das Passwort';
-$_['page_title_change_pw']  = 'Passwort ändern'; //new
-$_['page_title_change_un']  = 'Benutzername ändern'; //new
+$_['page_title_change_pw']  = 'Passwort ändern';        
+$_['page_title_change_un']  = 'Benutzername ändern';    
 $_['page_title_edit']       = 'Datei bearbeiten/betrachten';
-$_['page_title_upload']     = 'Datei heraufladen';
-$_['page_title_new_file']   = 'Neue Datei';
-$_['page_title_copy']       = 'Datei kopieren';
-$_['page_title_ren']        = 'Datei umbenennen';
-$_['page_title_del']        = 'Datei löschen';
-$_['page_title_folder_new'] = 'Neuer Ordner';
+$_['page_title_upload']     = 'Datei heraufladen';       
+$_['page_title_new_file']   = 'Neue Datei';              
+$_['page_title_ren']        = 'Datei umbenennen';        
+$_['page_title_copy']       = 'Datei kopieren';          
+$_['page_title_mov']        = 'Datei Verschieben';       
+$_['page_title_del']        = 'Datei löschen';          
+$_['page_title_folder_new'] = 'Neuer Ordner';            
 $_['page_title_folder_ren'] = 'Ordner umbenennen/verschieben';
-$_['page_title_folder_del'] = 'Ordner löschen';
-
-$_['session_warning'] = 'Achtung: Die sitzung wird ende bald!';
-$_['session_expired'] = 'SITZUNG ABGELAUFEN';
-$_['unload_unsaved']  = '               Nicht gespeicherte Änderungen gehen verloren!';
-$_['confirm_reset']   = 'Soll der Inhalt der Datei zurückgesetzt werden (Änderungen gehen verloren)?';
-
-$_['OFCMS_requires']  = 'OneFileCMS erfordert PHP';
+$_['page_title_folder_del'] = 'Ordner löschen';         
 
+$_['session_warning']  = 'Achtung: Die sitzung wird ende bald!';
+$_['session_expired']  = 'SITZUNG ABGELAUFEN';
+$_['unload_unsaved']   = '               Nicht gespeicherte Änderungen gehen verloren!';
+$_['confirm_reset']    = 'Soll der Inhalt der Datei zurückgesetzt werden (Änderungen gehen verloren)?';
+$_['OFCMS_requires']   = 'OneFileCMS erfordert PHP';
 $_['logout_msg']       = 'Sie wurden erfolgreich abgemeldet.';
 $_['folder_del_msg']   = 'Der Ordner ist nicht leer.   Der Ordner muss leer sein, bevor er gelöscht werden kann.';
 $_['upload_error_01a'] = ' Fehler beim Heraufladen.  Die Gesamtmenge and heraufgeladenen Daten (in Hauptsache die Datei) überschreitet die post_max_size = ';
 $_['upload_error_01b'] = ' (der php.ini)';
 $_['edit_caution_01']  = 'ACHTUNG ';
 $_['edit_caution_02']  = ' Sie bearbeiten gerade die aktive Version von OneFileCMS - Sichern Sie den Code und seien Sie vorsichtig !!';
-
-$_['time_out_txt'] = 'Automatischer Sitzungsstopp in:';
-//******************************************* Need Translations ************************************
-$_['error_reporting_01'] = 'Anzeigen von Fehlern ist';         //new
-$_['error_reporting_02'] = 'Loggen von Fehlern ist';             //new
-$_['error_reporting_03'] = 'Fehlerberichterstattung'; //new
-$_['error_reporting_04'] = 'Anzeigen der Fehlertypen';       //new
-$_['error_reporting_05'] = 'Unerwartete frühzeitige Ausgabe';   //new
-$_['error_reporting_06'] = '(Nicht einmal Leerzeichen hätten ausgegeben werden sollen)'; //new
-
-$_['admin_txt_00'] = 'Alte Sicherung gefunden'; //new
-$_['admin_txt_01'] = 'Diese Datei wurde erstellt, da es während der Änderung des Passwortes oder des Benutzernamens zu einem Fehler gekommen ist. Diese Datei enthält somit eventuell veraltete Informationen und kann gelöscht werden, sofern sie nicht weiter von Ihnen benötigt wird.'; //new
-$_['admin_txt_02'] = 'Allgemeine Information'; //new
-$_['admin_txt_04'] = 'Seit der Version 3.3.13 werden Passwörter in OneFileCMS nicht länger als Klartext gespeichert, sondern nur noch als Hash-Werte.'; //new
-//$_['admin_txt_04'] = 'OneFileCMS can manage your password in two ways:';
-//$_['admin_txt_06'] = '1) Use $PASSWORD to store your desired password, in plain text, and set $USE_HASH = 0 (zero).';
-//$_['admin_txt_08'] = '2) Oder Sie verwenden die Konfigurationsvariable $HASHWORD, um den Streuwert Ihres Passwortes zu speichern. Setzen Sie $USE_HASH in diesem Fall auf 1.';
-//$_['admin_txt_10'] = '($PASSWORD, $USE_HASH, and $HASHWORD, are variables in the configuration section of the OneFileCMS source file.)';
-//$_['admin_txt_12'] = 'Option 2 is recommended, and is method used by the [Change Password] page. However, keep in mind that, due to a number of considerations, this is largely an academic excersize. That is, take the idea that it adds much of an improvement to security with a grain of cryptographic salt. Never-the-less, it does eliminate the storage of your password in plain text, which is generally considered to be a good thing.';
+$_['time_out_txt']     = 'Automatischer Sitzungsstopp in:';
+
+$_['error_reporting_01'] = 'Anzeigen von Fehlern ist'; 
+$_['error_reporting_02'] = 'Loggen von Fehlern ist';   
+$_['error_reporting_03'] = 'Fehlerberichterstattung';  
+$_['error_reporting_04'] = 'Anzeigen der Fehlertypen'; 
+$_['error_reporting_05'] = 'Unerwartete frühzeitige Ausgabe';
+$_['error_reporting_06'] = '(Nicht einmal Leerzeichen hätten ausgegeben werden sollen)';
+
+$_['admin_txt_00'] = 'Alte Sicherung gefunden';
+$_['admin_txt_01'] = 'Diese Datei wurde erstellt, da es während der Änderung des Passwortes oder des Benutzernamens zu einem Fehler gekommen ist. Diese Datei enthält somit eventuell veraltete Informationen und kann gelöscht werden, sofern sie nicht weiter von Ihnen benötigt wird.';
+$_['admin_txt_02'] = 'Allgemeine Information';
+$_['admin_txt_04'] = 'Seit der Version 3.3.13 werden Passwörter in OneFileCMS nicht länger als Klartext gespeichert, sondern nur noch als Hash-Werte.';
 $_['admin_txt_12'] = 'Bitte denken Sie daran, dass es sich hierbei großteils um eine akademische Übung handelt. Die Verwendung eines Streuwerts trägt viel zur Sicherheit bei und erlaubt Ihnen, das Passwort nicht in Klarschrift speichern zu müssen.';
 $_['admin_txt_14'] = 'Eine weitere, kleine Sicherheitsvorkehrung wäre, das Salz oder die Methode für die Streuwertgenerierung von OneFileCMS zu ändern.';
 $_['admin_txt_16'] = 'Sie können auch OneFileCMS selbst bearbeiten.  Legen Sie aber sicherheitshalber eine Kopie an, falls es zu einem unerwünschten Schreibfehler kommt...';
 
-$_['pw_change']  = 'Passwort ändern';     //new
-$_['pw_current'] = 'Aktuelles Passwort';    //new
-$_['pw_new']     = 'Neues Passwort';        //new
-$_['pw_confirm'] = 'Bestätigen Sie das neue Password';//new
-
-$_['pw_txt_02']  = 'Regeln für Passwort / Benutzername:'; //new
-$_['pw_txt_04']  = 'Groß-/Kleinschreibung wird berücksichtigt!';   //new
-$_['pw_txt_06']  = 'Zumindest ein Zeichen, das nicht als Leerzeichen zählt, muss enthalten sein.'; //new
-$_['pw_txt_08']  = 'Leerzeichen in der Mitte sind gültig. Beispiel: "This is a password or username!"'; //changed
-$_['pw_txt_10']  = 'Führende und angehängte Leerzeichen werden entfernt.'; //new
-$_['pw_txt_12']  = 'Nur die aktive Kopie von OneFileCMS wird aktualisiert - es werden keine externen Konfigurationsdateien geändert.';   //new
-$_['pw_txt_14']  = 'Wird ein ungültiges Passwort eingegeben, werden Sie abgemeldet. Sie können sich anschließend neu anmelden.'; //new
-
-$_['change_pw_01'] = 'Passwort wurde geändert!';     //new
-$_['change_pw_02'] = 'Passwort wurde nicht geändert:'; //new
-$_['change_pw_03'] = 'Falsches (derzeitiges) Passwort. Bitte melden Sie sich an, um es erneut zu versuchen.'; //new
-$_['change_pw_04'] = 'Die Werte der Felder "Neu" und "Bestätigen" gleichen sich nicht.';    //new
-
-$_['un_change']  = 'Benutzername ändern';  //new
-$_['un_new']     = 'Neuer Benutzername';       //new
-$_['un_confirm'] = 'Bestätigen Sie den neuen Benutzernamen'; //new
-
-$_['change_un_01'] = 'Benutzername wurde geändert!';     //new
-$_['change_un_02'] = 'Benutzername wurde nicht geändert:'; //new
+$_['pw_change']  = 'Passwort ändern';           
+$_['pw_current'] = 'Aktuelles Passwort';         
+$_['pw_new']     = 'Neues Passwort';             
+$_['pw_confirm'] = 'Bestätigen Sie das neue Password';
+$_['pw_txt_02']  = 'Regeln für Passwort / Benutzername:';
+$_['pw_txt_04']  = 'Groß-/Kleinschreibung wird berücksichtigt!';
+$_['pw_txt_06']  = 'Zumindest ein Zeichen, das nicht als Leerzeichen zählt, muss enthalten sein.';
+$_['pw_txt_08']  = 'Leerzeichen in der Mitte sind gültig. Beispiel: "This is a password or username!"';
+$_['pw_txt_10']  = 'Führende und angehängte Leerzeichen werden entfernt.';
+$_['pw_txt_12']  = 'Nur die aktive Kopie von OneFileCMS wird aktualisiert - es werden keine externen Konfigurationsdateien geändert.';
+$_['pw_txt_14']  = 'Wird ein ungültiges Passwort eingegeben, werden Sie abgemeldet. Sie können sich anschließend neu anmelden.';
+
+$_['change_pw_01'] = 'Passwort wurde geändert!';                      
+$_['change_pw_02'] = 'Passwort wurde nicht geändert:';                
+$_['change_pw_03'] = 'Falsches (derzeitiges) Passwort. Bitte melden Sie sich an, um es erneut zu versuchen.';
+$_['change_pw_04'] = 'Die Werte der Felder "Neu" und "Bestätigen" gleichen sich nicht.';
+$_['change_pw_05'] = 'Updating';                                        //## NT ##
+$_['change_pw_06'] = 'external config file';                            //## NT ##
+
+$_['un_change']     = 'Benutzername ändern';                 
+$_['un_new']        = 'Neuer Benutzername';                   
+$_['un_confirm']    = 'Bestätigen Sie den neuen Benutzernamen';
+$_['change_un_01']  = 'Benutzername wurde geändert!';        
+$_['change_un_02']  = 'Benutzername wurde nicht geändert:';  
+$_['update_failed'] = 'Aktualisierung fehlgeschlagen - die Datei konnte nicht gespeichert werden.';
+$_['mcd_msg_01']    = 'files moved successfully.';             //## NT ##
+$_['mcd_msg_02']    = 'files copied successfully.';            //## NT ##
+$_['mcd_msg_03']    = 'files deleted successfully.';           //## NT ##
 
-$_['update_failed'] = 'Aktualisierung fehlgeschlagen - die Datei konnte nicht gespeichert werden.';  //new
diff --git a/OneFileCMS.LANG.EN.php b/OneFileCMS.LANG.EN.php
index 727647f..feb5bbe 100755
--- a/OneFileCMS.LANG.EN.php
+++ b/OneFileCMS.LANG.EN.php
@@ -1,288 +1,281 @@
-<?php
-// OneFileCMS Language Settings v3.3.16  //*** A few values are no longer used and are commented out. ***
-
-$_['LANGUAGE'] = 'English';
-
-// These are the default values included directly in onefilecms.php.
-//
-// If no translation or value is desired for a particular setting, do not delete
-// the actual setting variable, just set it to an empty string.
-// For example:  $_['some_unused_setting'] = '';
-//
-// Remember to slash-escape any single quotes that may be within a value:  \'
-// The back-slash itself, if to be part of the text to display, may or may not
-// also need to be escaped:  \\
-
-
-// In some instances, some langauges may use significantly longer words or phrases than others.
-// So, a smaller font or less spacing may be desirable in those places to preserve page layout.
-//
-$_['front_links_font_size'] =  '1em'; //Buttons on Index page.
-$_['front_links_margin_R']  =  '1em';
-$_['button_font_size']      = '.9em'; //Buttons on Edit page.
-$_['button_margin_L']       = '.7em';
-$_['button_padding']        = '4px 10px';
-$_['image_info_font_size']  =  '1em'; //show_img_msg_01  &  _02 
-$_['image_info_pos']        = ''; //If 1 or true, moves the info down a line for more space.
-
-$_['R'] = 'R'; // R ename       //new
-$_['C'] = 'C'; // C opy         //new
-$_['D'] = 'D'; // D elete       //new
-
-$_['Upload_File'] = 'Upload File';
-$_['New_File']    = 'New File';
-$_['Ren_Move']    = 'Rename / Move';
-$_['Ren_Moved']   = 'Renamed / Moved';
-$_['New_Folder']  = 'New Folder';
-$_['Ren_Folder']  = 'Rename / Move Folder';
-$_['Del_Folder']  = 'Delete Folder';
-
-$_['Admin']  = 'Admin';
-$_['Enter']  = 'Enter';
-$_['Edit']   = 'Edit';
-$_['Close']  = 'Close';
-$_['Cancel'] = 'Cancel';
-$_['Upload'] = 'Upload';
-$_['Create'] = 'Create';
-$_['Copy']   = 'Copy';
-$_['Copied'] = 'Copied';
-$_['Rename'] = 'Rename / Move';
-$_['Delete'] = 'Delete';
-$_['DELETE'] = 'DELETE';
-$_['File']   = 'File';
-$_['Folder'] = 'Folder';
-$_['Submit'] = 'Submit Request'; //new
-$_['Username'] = 'Username';     //new
-$_['Password'] = 'Password';     //new
-
-$_['Log_In']  = 'Log In';
-$_['Log_Out'] = 'Log Out';
-
-$_['Hash']    = 'Hash';
-$_['pass_to_hash']  = 'Password to hash:';
-$_['Generate_Hash'] = 'Generate Hash';
-
-$_['save_1']      = 'Save';
-$_['save_2']      = 'SAVE CHANGES!';
-$_['reset']       = 'Reset - loose changes';
-$_['Wide_View']   = 'Wide View';
-$_['Normal_View'] = 'Normal View';
-
-$_['on_']      = 'on';
-
-$_['verify_msg_01'] = 'Session expired.';
-$_['verify_msg_02'] = 'INVALID POST';
-
-$_['get_get_msg_01'] = 'File does not exist:';
-$_['get_get_msg_02'] = 'Invalid page request:';
-
-$_['check_path_msg_01'] = 'Directory does not exist: ';
-
-$_['ord_msg_01'] = 'A file with that name already exists in the target directory.';
-$_['ord_msg_02'] = 'Saving as';
-
-$_['show_img_msg_01'] = 'Image shown at ~';
-$_['show_img_msg_02'] = '% of full size (W x H =';
-
-$_['hash_txt_01'] = 'The hashes generated by this page may be used to manually update $HASHWORD in OneFileCMS, or in an external config file.  In either case, make sure you remember the password used to generate the hash!'; //changed
-//$_['hash_txt_02'] = '1) Use the $PASSWORD config variable to store your desired password, and set $USE_HASH = 0 (zero).';
-//$_['hash_txt_03'] = '2) Or, use $HASHWORD to store the hash of your password, and set $USE_HASH = 1.';
-//$_['hash_txt_04'] = 'Keep in mind that due to a number of widely varied considerations, this is largely an academic excersize. That is, take the idea that this adds much of an improvement to security with a grain of cryptographic salt.	However, it does eleminate the storage of your password in plain text, which is a good thing.';
-//$_['hash_txt_05'] = 'Anyway, to use the $HASHWORD password option:';
-$_['hash_txt_06'] = 'Type your desired password in the input field above and hit Enter.';
-$_['hash_txt_07'] = 'The hash will be displayed in a yellow message box above that.';
-$_['hash_txt_08'] = 'Copy and paste the new hash to the $HASHWORD variable in the config section.';
-$_['hash_txt_09'] = 'Make sure to copy ALL of, and ONLY, the hash (no leading or trailing spaces etc).';
-$_['hash_txt_10'] = 'A double-click should select it...';
-//$_['hash_txt_11'] = 'Make sure $USE_HASH is set to 1 (or true).';
-$_['hash_txt_12'] = 'When ready, logout and login.';
-//$_['hash_txt_13'] = 'You can use OneFileCMS to edit itself.  However, be sure to have a backup ready for the inevitable ytpo...';
-//$_['hash_txt_14'] = 'For another small improvement to security, change the default salt and/or method used by OneFileCMS to hash the password (and keep \'em secret, of course).  Remever, every little bit helps...';
-
-$_['hash_msg_01'] = 'Password:'; //
-$_['hash_msg_02'] = 'Hash    :'; //
-
-$_['login_txt_01'] = 'Username:';
-$_['login_txt_02'] = 'Password:';
-
-$_['login_msg_01a'] = 'There have been ';
-$_['login_msg_01b'] = 'invalid login attempts.';
-$_['login_msg_02a'] = 'Please wait';
-$_['login_msg_02b'] = 'seconds to try again.';
-$_['login_msg_03']  = 'INVALID LOGIN ATTEMPT #';
-
-$_['edit_note_00']  = 'NOTES:';
-$_['edit_note_01a'] = 'Remember- your';
-$_['edit_note_01b'] = 'is';
-$_['edit_note_02']  = 'So save changes before the clock runs out, or the changes will be lost!';
-$_['edit_note_03']  = 'With some browsers, such as Chrome, if you click the browser [Back] then browser [Forward], the file state may not be accurate.  To correct, click the browser\'s [Reload].';
-$_['edit_note_04']  = 'Chrome may disable some javascript in a page if the page even appears to contain inline javascript in certain contexts.  This can affect some features of the OneFileCMS edit page when editing files that legitimately contain such code, such as OneFileCMS itself.  However, such files can still be edited and saved with OneFileCMS.  The primary function lost is the incidental change of background colors (red/green) indicating whether or not the file has unsaved changes.  The issue will be noticed after the first save of such a file.';
-
-$_['edit_h2_1']   = 'Viewing:';
-$_['edit_h2_2']   = 'Editing:';
-$_['edit_txt_01'] = 'Non-text or unkown file type. Edit disabled.';
-$_['edit_txt_02'] = 'File possibly contains an invalid character. Edit and view disabled.';
-$_['edit_txt_03'] = 'htmlspecialchars() returned an empty string from what may be an otherwise valid file.';
-$_['edit_txt_04'] = 'This behavior can be inconsistant from version to version of php.';
-
-$_['too_large_to_edit_01a'] = 'Edit disabled. Filesize >';
-$_['too_large_to_edit_01b'] = 'bytes.';
-$_['too_large_to_edit_02']  = 'Some browsers (ie: IE) bog down or become unstable while editing a large file in an HTML <textarea>.';
-$_['too_large_to_edit_03']  = 'Adjust $MAX_EDIT_SIZE in the configuration section of OneFileCMS as needed.';
-$_['too_large_to_edit_04']  = 'A simple trial and error test can determine a practical limit for a given browser/computer.';
-
-$_['too_large_to_view_01a'] = 'View disabled. Filesize >';
-$_['too_large_to_view_01b'] = 'bytes.';
-$_['too_large_to_view_02']  = 'Click the file name above to view as normally rendered in a browser window.';
-$_['too_large_to_view_03']  = 'Adjust $MAX_VIEW_SIZE in the configuration section of OneFileCMS as needed.';
-$_['too_large_to_view_04']  = '(The default value for $MAX_VIEW_SIZE is completely arbitrary, and may be adjusted as desired.)';
-
-$_['meta_txt_01'] = 'Filesize:';
-$_['meta_txt_02'] = 'bytes.';
-$_['meta_txt_03'] = 'Updated:';
-
-$_['edit_msg_01'] = 'File saved:';
-$_['edit_msg_02'] = 'bytes written.';
-$_['edit_msg_03'] = 'There was an error saving file.';
-
-$_['upload_txt_01'] = 'per upload_max_filesize in php.ini.';
-$_['upload_txt_02'] = 'per post_max_size in php.ini';
-$_['upload_txt_03'] = 'Note: Maximum upload file size is:';
-
-$_['upload_err_01a'] = 'Error 1: File too large.';
-$_['upload_err_01b'] = '(From php.ini)';
-$_['upload_err_02a'] = 'Error 2: File too large.';
-$_['upload_err_02b'] = '(From OneFileCMS)';
-$_['upload_err_03']  = 'Error 3: The uploaded file was only partially uploaded.';
-$_['upload_err_04']  = 'Error 4: No file was uploaded.';
-$_['upload_err_05']  = 'Error 5:';
-$_['upload_err_06']  = 'Error 6: Missing a temporary folder.';
-$_['upload_err_07']  = 'Error 7: Failed to write file to disk.';
-$_['upload_err_08']  = 'Error 8: A PHP extension stopped the file upload.';
-
-$_['upload_msg_01'] = 'No file selected for upload.';
-$_['upload_msg_02'] = 'Destination folder does not exist: ';
-$_['upload_msg_03'] = 'Upload cancelled.';
-$_['upload_msg_04'] = 'Uploading:';
-$_['upload_msg_05'] = 'Upload successful!';
-$_['upload_msg_06'] = 'Upload failed:';
-
-$_['new_file_txt_01'] = 'File will be created in the current folder.';
-$_['new_file_txt_02'] = 'Some invalid characters are: ';
-
-$_['new_file_msg_01'] = 'New file not created:';
-$_['new_file_msg_02'] = 'Name contains invalid character(s):';
-$_['new_file_msg_03'] = 'New file not created - no name given';
-$_['new_file_msg_04'] = 'File already exists:';
-$_['new_file_msg_05'] = 'Created file:';
-$_['new_file_msg_06'] = 'Error - new file not created:';
-
-$_['CRM_txt_01']  = 'To move a file or folder, change the path/to/folder/or_file. The new location must already exist.';
-$_['CRM_txt_02']  = 'Old name:';
-$_['CRM_txt_03']  = 'New name:';
-
-$_['CRM_msg_01']  = 'Error - new parent location does not exist:';
-$_['CRM_msg_02']  = 'Error - source file does not exist:';
-$_['CRM_msg_03']  = 'Error - target filename already exists:';
-$_['CRM_msg_04']  = 'to';
-$_['CRM_msg_05a'] = 'Error during';
-$_['CRM_msg_05b'] = 'from the above to the following:';
-
-$_['delete_txt_01'] = 'Are you sure?';
-
-$_['delete_msg_01'] = 'Deleted file:';
-$_['delete_msg_02'] = 'Error deleting';
-
-$_['new_folder_txt_1'] = 'Folder will be created in the current folder.';
-$_['new_folder_txt_2'] = 'Some invalid characters are:';
-
-$_['new_folder_msg_01'] = 'New folder not created:';
-$_['new_folder_msg_02'] = 'Name contains invalid character(s):';
-$_['new_folder_msg_03'] = 'New folder not created - no name given.';
-$_['new_folder_msg_04'] = 'Folder already exists:';
-$_['new_folder_msg_05'] = 'Created folder:';
-$_['new_folder_msg_06'] = 'Error - new folder not created:';
-
-$_['delete_folder_txt_01'] = 'Are you sure?';
-
-$_['delete_folder_msg_01'] = 'Folder not empty.   Folders must be empty before they can be deleted.';
-$_['delete_folder_msg_02'] = 'Deleted folder:';
-$_['delete_folder_msg_03'] = 'an error occurred during delete.';
-
-$_['page_title_login']      = 'Log In';
-$_['page_title_admin']      = 'Administration Options'; //new
-$_['page_title_hash']       = 'Generate a Password Hash';
-$_['page_title_change_pw']  = 'Change Password';        //new
-$_['page_title_change_un']  = 'Change Username';        //new
-$_['page_title_edit']       = 'Edit / View File';
-$_['page_title_upload']     = 'Upload File';
-$_['page_title_new_file']   = 'New File';
-$_['page_title_copy']       = 'Copy File';
-$_['page_title_ren']        = 'Rename / Move File';
-$_['page_title_del']        = 'Delete File';
-$_['page_title_folder_new'] = 'New Folder';
-$_['page_title_folder_ren'] = 'Rename / Move Folder';
-$_['page_title_folder_del'] = 'Delete Folder';
-
-$_['session_warning'] = 'Warning: Session timeout soon!';
-$_['session_expired'] = 'SESSION EXPIRED';
-$_['unload_unsaved']  = '               Unsaved changes will be lost!';
-$_['confirm_reset']   = 'Reset file and loose unsaved changes?';
-
-$_['OFCMS_requires']  = 'OneFileCMS requires PHP';
-
-$_['logout_msg']       = 'You have successfully logged out.';
-$_['folder_del_msg']   = 'Folder not empty.   Folders must be empty before they can be deleted.';
-$_['upload_error_01a'] = 'Upload Error.  Total POST data (mostly filesize) exceeded post_max_size =';
-$_['upload_error_01b'] = '(from php.ini)';
-$_['edit_caution_01']  = 'CAUTION';
-$_['edit_caution_02']  = 'You are editing the active copy of OneFileCMS - BACK IT UP & BE CAREFUL !!';
-
-$_['time_out_txt'] = 'Session time out in:';
-
-$_['error_reporting_01'] = 'Display errors is';         //new
-$_['error_reporting_02'] = 'Log errors is';             //new
-$_['error_reporting_03'] = 'Error reporting is set to'; //new
-$_['error_reporting_04'] = 'Showing error types';       //new
-$_['error_reporting_05'] = 'Unexpected early output';   //new
-$_['error_reporting_06'] = '(nothing, not even white-space, should have been output yet)'; //new
-
-$_['admin_txt_00'] = 'Old Backup Found'; //new
-$_['admin_txt_01'] = 'This file was created in case of an error during a username or password change. Therefore, it may contain old information and should be deleted if not needed.  In any case, it will automatically be overwritten on the next password or username change.'; //new
-$_['admin_txt_02'] = 'General Information'; //new
-$_['admin_txt_04'] = 'As of version 3.3.13, OneFileCMS no longer maintains a plain text password option, and only stores a password hash, as most login systems do.'; //new
-//$_['admin_txt_04'] = 'OneFileCMS can manage your password in two ways:';
-//$_['admin_txt_06'] = '1) Use $PASSWORD to store your desired password, in plain text, and set $USE_HASH = 0 (zero).';
-//$_['admin_txt_08'] = '2) Or, use $HASHWORD to store the hash of your password, and set $USE_HASH = 1.';
-//$_['admin_txt_10'] = '($PASSWORD, $USE_HASH, and $HASHWORD, are variables in the configuration section of the OneFileCMS source file.)';
-//$_['admin_txt_12'] = 'Option 2 is recommended, and is method used by the [Change Password] page. However, keep in mind that, due to a number of considerations, this is largely an academic excersize. That is, take the idea that it adds much of an improvement to security with a grain of cryptographic salt. Never-the-less, it does eliminate the storage of your password in plain text, which is generally considered to be a good thing.';
-$_['admin_txt_12'] = 'However, due to a number of considerations, this change was largely an academic exersize. That is, in this application, take the idea that it adds much of an improvement to security with a grain of cryptographic salt. Never-the-less, it does eliminate the storage of your password in plain text (if that option was used), which is generally considered to be a good thing.'; //changed
-$_['admin_txt_14'] = 'For another small improvement to security, change the default salt and/or method used by OneFileCMS to hash the password (and keep them secret, of course). Every little bit helps...';
-$_['admin_txt_16'] = 'Also, you can still use OneFileCMS to edit itself. However, be sure to have a backup ready for the inevitable ytpo...'; //changed
-
-$_['pw_change']  = 'Change Password';     //new
-$_['pw_current'] = 'Current Password';    //new
-$_['pw_new']     = 'New Password';        //new
-$_['pw_confirm'] = 'Confirm New Password';//new
-
-$_['pw_txt_02']  = 'Password / Username rules:'; //new
-$_['pw_txt_04']  = 'They are case-sensitive!';   //new
-$_['pw_txt_06']  = 'They must contain at least one non-space character.'; //new
-$_['pw_txt_08']  = 'They may contain spaces in the middle. Ex: "This is a password or username!"'; //changed
-$_['pw_txt_10']  = 'Leading and trailing spaces are removed.'; //new
-$_['pw_txt_12']  = 'Only the active copy of OneFileCMS is updated- no external configuration files are changed:';   //new
-$_['pw_txt_14']  = 'If an incorrect current password is entered, you will be logged out, but you may log back in.'; //new
-
-$_['change_pw_01'] = 'Password changed!';     //new
-$_['change_pw_02'] = 'Password NOT changed:'; //new
-$_['change_pw_03'] = 'Incorrect current password. Login to try again.'; //new
-$_['change_pw_04'] = '"New" and "Confirm New" values do not match.';    //new
-
-$_['un_change']  = 'Change Username';  //new
-$_['un_new']     = 'New Username';       //new
-$_['un_confirm'] = 'Confirm New Username'; //new
-
-$_['change_un_01'] = 'Username changed!';     //new
-$_['change_un_02'] = 'Username NOT changed:'; //new
-
-$_['update_failed'] = 'Update failed - could not save file.';  //new
+<?php
+// OneFileCMS Language Settings v3.3.18
+
+$_['LANGUAGE'] = 'English';
+$_['LANG'] = 'EN';
+
+// If no translation or value is desired for a particular setting, do not delete
+// the actual setting variable, just set it to an empty string.
+// For example:  $_['some_unused_setting'] = '';
+//
+// Remember to slash-escape any single quotes that may be within the text:  \'
+// The back-slash itself may or may not also need to be escaped:  \\
+//
+// If present as a trailing comment, "## NT ##" means 'Need Translation'.
+//
+// In some instances, some langauges may use significantly longer words or phrases than others.
+// So, a smaller font or less spacing may be desirable in those places to preserve page layout.
+//
+$_['front_links_font_size'] = '1em';    //Buttons on Index page.
+$_['front_links_margin_R']  = '1em';   
+$_['button_font_size']      = '.9em';   //Buttons on Edit page.
+$_['button_margin_L']       = '.7em';  
+$_['button_padding']        = '4px 10px';
+$_['image_info_font_size']  = '1em';    //show_img_msg_01  &  _02
+$_['image_info_pos']        = '';       //If 1 or true, moves the info down a line for more space.
+$_['select_all_label_size'] = '.84em';  //Font size of $_['Select_All']
+$_['select_all_div_width']  = '73px';   //Width of space for $_['Select_All']
+
+$_['R'] = 'R'; //R ename
+$_['C'] = 'C'; //C opy
+$_['D'] = 'D'; //D elete
+
+$_['Admin']   = 'Admin';  
+$_['Cancel']  = 'Cancel'; 
+$_['Close']   = 'Close';  
+$_['Copy']    = 'Copy';   
+$_['Copied']  = 'Copied'; 
+$_['Create']  = 'Create'; 
+$_['Delete']  = 'Delete'; 
+$_['DELETE']  = 'DELETE'; 
+$_['Deleted'] = 'Deleted';
+$_['Edit']    = 'Edit';   
+$_['Enter']   = 'Enter';  
+$_['errors']  = 'errors'; 
+$_['File']    = 'File';   
+$_['Folder']  = 'Folder'; 
+$_['From']    = 'From';   
+$_['Hash']    = 'Hash';   
+$_['Move']    = 'Move';   
+$_['Moved']   = 'Moved';  
+$_['on']      = 'on';     
+$_['Password'] = 'Password';
+
+$_['Rename']     = 'Rename';    
+$_['successful'] = 'successful';
+$_['To']         = 'To';        
+$_['Upload']     = 'Upload';    
+$_['Username']   = 'Username';  
+$_['Log_In']     = 'Log In';    
+$_['Log_Out']    = 'Log Out';   
+
+$_['Upload_File']    = 'Upload File';        
+$_['New_File']       = 'New File';           
+$_['Ren_Move']       = 'Rename / Move';      
+$_['Ren_Moved']      = 'Renamed / Moved';    
+$_['New_Folder']     = 'New Folder';         
+$_['Ren_Folder']     = 'Rename / Move Folder';
+$_['Del_Folder']     = 'Delete Folder';      
+$_['Submit']         = 'Submit Request';     
+$_['Move_Files']     = 'Move File(s)';       
+$_['Copy_Files']     = 'Copy File(s)';       
+$_['Del_Files']      = 'Delete File(s)';     
+$_['Selected_Files'] = 'Selected Files';     
+$_['Select_All']     = 'Select All';         
+$_['Clear_All']      = 'Clear All';          
+$_['New_location']   = 'New Location';       
+$_['No_files']       = 'No files selected.'; 
+$_['No_action']      = 'No action selected.';
+$_['Not_found']      = 'Not found';          
+$_['pass_to_hash']   = 'Password to hash:';  
+$_['Generate_Hash']  = 'Generate Hash';      
+
+$_['save_1']      = 'Save';
+$_['save_2']      = 'SAVE CHANGES!';
+$_['reset']       = 'Reset - loose changes';
+$_['Wide_View']   = 'Wide View';
+$_['Normal_View'] = 'Normal View';
+
+$_['verify_msg_01']  = 'Session expired.';
+$_['verify_msg_02']  = 'INVALID POST';
+
+$_['get_get_msg_01']    = 'File does not exist:';
+$_['get_get_msg_02']    = 'Invalid page request:';
+$_['get_get_msg_03']    = 'Missing information for requested page';
+$_['check_path_msg_01'] = 'Directory does not exist:';
+$_['ord_msg_01']        = 'A file with that name already exists in the target directory.';
+$_['ord_msg_02']        = 'Saving as';
+$_['show_img_msg_01']   = 'Image shown at ~';
+$_['show_img_msg_02']   = '% of full size (W x H =';
+
+$_['hash_txt_01'] = 'The hashes generated by this page may be used to manually update $HASHWORD in OneFileCMS, or in an external config file.  In either case, make sure you remember the password used to generate the hash!';
+$_['hash_txt_06'] = 'Type your desired password in the input field above and hit Enter.';
+$_['hash_txt_07'] = 'The hash will be displayed in a yellow message box above that.';
+$_['hash_txt_08'] = 'Copy and paste the new hash to the $HASHWORD variable in the config section.';
+$_['hash_txt_09'] = 'Make sure to copy ALL of, and ONLY, the hash (no leading or trailing spaces etc).';
+$_['hash_txt_10'] = 'A double-click should select it...';
+$_['hash_txt_12'] = 'When ready, logout and login.';
+
+$_['login_txt_01']  = 'Username:';
+$_['login_txt_02']  = 'Password:';
+$_['login_msg_01a'] = 'There have been';
+$_['login_msg_01b'] = 'invalid login attempts.';
+$_['login_msg_02a'] = 'Please wait';
+$_['login_msg_02b'] = 'seconds to try again.';
+$_['login_msg_03']  = 'INVALID LOGIN ATTEMPT #';
+
+$_['edit_note_00']  = 'NOTES:';
+$_['edit_note_01a'] = 'Remember- your';
+$_['edit_note_01b'] = 'is';
+$_['edit_note_02']  = 'So save changes before the clock runs out, or the changes will be lost!';
+$_['edit_note_03']  = 'With some browsers, such as Chrome, if you click the browser [Back] then browser [Forward], the file state may not be accurate. To correct, click the browser\'s [Reload].';
+$_['edit_note_04']  = 'Chrome may disable some javascript in a page if the page even appears to contain inline javascript in certain contexts. This can affect some features of the OneFileCMS edit page when editing files that legitimately contain such code, such as OneFileCMS itself. However, such files can still be edited and saved with OneFileCMS. The primary function lost is the incidental change of background colors (red/green) indicating whether or not the file has unsaved changes. The issue will be noticed after the first save of such a file.';
+
+$_['edit_h2_1']   = 'Viewing:';
+$_['edit_h2_2']   = 'Editing:';
+$_['edit_txt_01'] = 'Non-text or unkown file type. Edit disabled.';
+$_['edit_txt_02'] = 'File possibly contains an invalid character. Edit and view disabled.';
+$_['edit_txt_03'] = 'htmlspecialchars() returned an empty string from what may be an otherwise valid file.';
+$_['edit_txt_04'] = 'This behavior can be inconsistant from version to version of php.';
+
+$_['too_large_to_edit_01a'] = 'Edit disabled. Filesize >';
+$_['too_large_to_edit_01b'] = 'bytes.';
+$_['too_large_to_edit_02']  = 'Some browsers (ie: IE) bog down or become unstable while editing a large file in an HTML <textarea>.';
+$_['too_large_to_edit_03']  = 'Adjust $MAX_EDIT_SIZE in the configuration section of OneFileCMS as needed.';
+$_['too_large_to_edit_04']  = 'A simple trial and error test can determine a practical limit for a given browser/computer.';
+$_['too_large_to_view_01a'] = 'View disabled. Filesize >';
+$_['too_large_to_view_01b'] = 'bytes.';
+$_['too_large_to_view_02']  = 'Click the file name above to view as normally rendered in a browser window.';
+$_['too_large_to_view_03']  = 'Adjust $MAX_VIEW_SIZE in the configuration section of OneFileCMS as needed.';
+$_['too_large_to_view_04']  = '(The default value for $MAX_VIEW_SIZE is completely arbitrary, and may be adjusted as desired.)';
+
+$_['meta_txt_01'] = 'Filesize:';
+$_['meta_txt_02'] = 'bytes.';
+$_['meta_txt_03'] = 'Updated:';
+$_['edit_msg_01'] = 'File saved:';
+$_['edit_msg_02'] = 'bytes written.';
+$_['edit_msg_03'] = 'There was an error saving file.';
+
+$_['upload_txt_01']  = 'per upload_max_filesize in php.ini.';
+$_['upload_txt_02']  = 'per post_max_size in php.ini';
+$_['upload_txt_03']  = 'Note: Maximum upload file size is:';
+
+$_['upload_err_01a'] = 'Error 1: File too large.';
+$_['upload_err_01b'] = '(From php.ini)';
+$_['upload_err_02a'] = 'Error 2: File too large.';
+$_['upload_err_02b'] = '(From OneFileCMS)';
+$_['upload_err_03']  = 'Error 3: The uploaded file was only partially uploaded.';
+$_['upload_err_04']  = 'Error 4: No file was uploaded.';
+$_['upload_err_05']  = 'Error 5:';
+$_['upload_err_06']  = 'Error 6: Missing a temporary folder.';
+$_['upload_err_07']  = 'Error 7: Failed to write file to disk.';
+$_['upload_err_08']  = 'Error 8: A PHP extension stopped the file upload.';
+
+$_['upload_msg_01'] = 'No file selected for upload.';
+$_['upload_msg_02'] = 'Destination folder does not exist:';
+$_['upload_msg_03'] = 'Upload cancelled.';
+$_['upload_msg_04'] = 'Uploading:';
+$_['upload_msg_05'] = 'Upload successful!';
+$_['upload_msg_06'] = 'Upload failed:';
+
+$_['new_file_txt_01'] = 'File will be created in the current folder.';
+$_['new_file_txt_02'] = 'Some invalid characters are:';
+$_['new_file_msg_01'] = 'New file not created:';
+$_['new_file_msg_02'] = 'Name contains invalid character(s):';
+$_['new_file_msg_03'] = 'New file not created - no name given';
+$_['new_file_msg_04'] = 'File already exists:';
+$_['new_file_msg_05'] = 'Created file:';
+$_['new_file_msg_06'] = 'Error - new file not created:';
+
+$_['CRM_txt_01']  = 'To move a file or folder, change the path/to/folder/or_file.';
+$_['CRM_txt_02']  = 'The new location must already exist.';
+$_['CRM_txt_03']  = 'Old name';
+$_['CRM_txt_04']  = 'New name';
+$_['CRM_msg_01']  = 'Error - new parent location does not exist:';
+$_['CRM_msg_02']  = 'Error - source file does not exist:';
+$_['CRM_msg_03']  = 'Error - target filename already exists:';
+$_['CRM_msg_04']  = 'to';
+$_['CRM_msg_05a'] = 'Error during';
+$_['CRM_msg_05b'] = 'from the above to the following:';
+
+$_['delete_txt_01'] = 'Are you sure?';
+$_['delete_msg_01'] = 'Deleted file:';
+$_['delete_msg_02'] = 'Error deleting';
+
+$_['new_folder_txt_1']  = 'Folder will be created in the current folder.';
+$_['new_folder_txt_2']  = 'Some invalid characters are:';
+$_['new_folder_msg_01'] = 'New folder not created:';
+$_['new_folder_msg_02'] = 'Name contains invalid character(s):';
+$_['new_folder_msg_03'] = 'New folder not created - no name given.';
+$_['new_folder_msg_04'] = 'Folder already exists:';
+$_['new_folder_msg_05'] = 'Created folder:';
+$_['new_folder_msg_06'] = 'Error - new folder not created:';
+
+$_['delete_folder_txt_01'] = 'Are you sure?';
+$_['delete_folder_msg_01'] = 'Folder not empty. Folders must be empty before they can be deleted.';
+$_['delete_folder_msg_02'] = 'Deleted folder:';
+$_['delete_folder_msg_03'] = 'an error occurred during delete.';
+
+$_['page_title_login']      = 'Log In';                  
+$_['page_title_admin']      = 'Administration Options';  
+$_['page_title_hash']       = 'Generate a Password Hash';
+$_['page_title_change_pw']  = 'Change Password';         
+$_['page_title_change_un']  = 'Change Username';         
+$_['page_title_edit']       = 'Edit / View File';        
+$_['page_title_upload']     = 'Upload File';             
+$_['page_title_new_file']   = 'New File';                
+$_['page_title_ren']        = 'Rename / Move File';      
+$_['page_title_copy']       = 'Copy File(s)';            
+$_['page_title_mov']        = 'Move File(s)';            
+$_['page_title_del']        = 'Delete File(s)';          
+$_['page_title_folder_new'] = 'New Folder';              
+$_['page_title_folder_ren'] = 'Rename / Move Folder';    
+$_['page_title_folder_del'] = 'Delete Folder';           
+
+$_['session_warning']  = 'Warning: Session timeout soon!';
+$_['session_expired']  = 'SESSION EXPIRED';
+$_['unload_unsaved']   = ' Unsaved changes will be lost!';
+$_['confirm_reset']    = 'Reset file and loose unsaved changes?';
+$_['OFCMS_requires']   = 'OneFileCMS requires PHP';
+$_['logout_msg']       = 'You have successfully logged out.';
+$_['folder_del_msg']   = 'Folder not empty. Folders must be empty before they can be deleted.';
+$_['upload_error_01a'] = 'Upload Error. Total POST data (mostly filesize) exceeded post_max_size =';
+$_['upload_error_01b'] = '(from php.ini)';
+$_['edit_caution_01']  = 'CAUTION';
+$_['edit_caution_02']  = 'You are editing the active copy of OneFileCMS - BACK IT UP & BE CAREFUL !!';
+$_['time_out_txt']     = 'Session time out in:';
+
+$_['error_reporting_01'] = 'Display errors is';        
+$_['error_reporting_02'] = 'Log errors is';            
+$_['error_reporting_03'] = 'Error reporting is set to';
+$_['error_reporting_04'] = 'Showing error types';      
+$_['error_reporting_05'] = 'Unexpected early output';  
+$_['error_reporting_06'] = '(nothing, not even white-space, should have been output yet)';
+
+$_['admin_txt_00'] = 'Old Backup Found';
+$_['admin_txt_01'] = 'A backup file was created in case of an error during a username or password change. Therefore, it may contain old information and should be deleted if not needed. In any case, it will automatically be overwritten on the next password or username change.';
+$_['admin_txt_02'] = 'General Information';
+$_['admin_txt_04'] = 'As of version 3.3.13, OneFileCMS no longer maintains a plain text password option, and only stores a password hash, as most login systems do.';
+$_['admin_txt_12'] = 'However, due to a number of considerations, this change was largely an academic exersize. That is, in this application, take the idea that it adds much of an improvement to security with a grain of cryptographic salt. Never-the-less, it does eliminate the storage of your password in plain text (if that option was used), which is generally considered to be a good thing.';
+$_['admin_txt_14'] = 'For another small improvement to security, change the default salt and/or method used by OneFileCMS to hash the password (and keep them secret, of course). Every little bit helps...';
+$_['admin_txt_16'] = 'Also, you can still use OneFileCMS to edit itself. However, be sure to have a backup ready for the inevitable ytpo...';
+
+$_['pw_change']  = 'Change Password';            
+$_['pw_current'] = 'Current Password';           
+$_['pw_new']     = 'New Password';               
+$_['pw_confirm'] = 'Confirm New Password';       
+$_['pw_txt_02']  = 'Password / Username rules:'; 
+$_['pw_txt_04']  = 'They are case-sensitive!';   
+$_['pw_txt_06']  = 'They must contain at least one non-space character.';
+$_['pw_txt_08']  = 'They may contain spaces in the middle. Ex: "This is a password or username!"';
+$_['pw_txt_10']  = 'Leading and trailing spaces are removed.';
+$_['pw_txt_12']  = 'To record the change, only one file is updated: either the active copy of OneFileCMS, or, if specified, an external configuration file.';
+$_['pw_txt_14']  = 'If an incorrect current password is entered, you will be logged out, but you may log back in.';
+
+$_['change_pw_01'] = 'Password changed!';                              
+$_['change_pw_02'] = 'Password NOT changed:';                          
+$_['change_pw_03'] = 'Incorrect current password. Login to try again.';
+$_['change_pw_04'] = 'New and "Confirm New" values do not match.';     
+$_['change_pw_05'] = 'Updating';                                       
+$_['change_pw_06'] = 'external config file';                           
+
+$_['un_change']     = 'Change Username';                      
+$_['un_new']        = 'New Username';                         
+$_['un_confirm']    = 'Confirm New Username';                 
+$_['change_un_01']  = 'Username changed!';                    
+$_['change_un_02']  = 'Username NOT changed:';                
+$_['update_failed'] = 'Update failed - could not save file.'; 
+$_['mcd_msg_01']    = 'files moved successfully.';            
+$_['mcd_msg_02']    = 'files copied successfully.';           
+$_['mcd_msg_03']    = 'files deleted successfully.';          
+
diff --git a/OneFileCMS.LANG.ES.php b/OneFileCMS.LANG.ES.php
index f4a94c8..e0aa6c6 100755
--- a/OneFileCMS.LANG.ES.php
+++ b/OneFileCMS.LANG.ES.php
@@ -1,66 +1,84 @@
 <?php
-// OneFileCMS Language Settings v3.3.16
+// OneFileCMS Language Settings v3.3.18
+
+$_['LANGUAGE'] = 'Espanõla';
+$_['LANG'] = 'ES';
 
-$_['LANGUAGE'] = 'Espanõla';//*** There are several new or changed values without translations and are in English ***
-                            //*** Also, some values are no longer used and are commented out.                     ***
-//
-//
 // If no translation or value is desired for a particular setting, do not delete
 // the actual setting variable, just set it to an empty string.
 // For example:  $_['some_unused_setting'] = '';
 //
-// Remember to slash-escape any single quotes that may be within a value:  \'
-// The back-slash itself, if to be part of the text to display, may or may not 
-// also need to be escaped:  \\
-
-
+// Remember to slash-escape any single quotes that may be within the text:  \'
+// The back-slash itself may or may not also need to be escaped:  \\
+//
+// If present as a trailing comment, "## NT ##" means 'Need Translation'.
+//
 // In some instances, some langauges may use significantly longer words or phrases than others.
 // So, a smaller font or less spacing may be desirable in those places to preserve page layout.
 //
-$_['front_links_font_size'] =  '1em'; //Buttons on Index page.
-$_['front_links_margin_R']  = '.5em';
-$_['button_font_size']      = '.9em'; //Buttons on Edit page.
-$_['button_margin_L']       = '.4em';
+$_['front_links_font_size'] = '1em';    //Buttons on Index page.
+$_['front_links_margin_R']  = '.5em';  
+$_['button_font_size']      = '.9em';   //Buttons on Edit page.
+$_['button_margin_L']       = '.4em';  
 $_['button_padding']        = '4px 5px';
-$_['image_info_font_size']  = '.95em';//show_img_msg_01  &  _02 
-$_['image_info_pos']        = ''; //If 1 or true, moves the info down a line for more space.
-
-$_['R'] = 'R'; // R ename       //new
-$_['C'] = 'C'; // C opy         //new
-$_['D'] = 'D'; // D elete       //new
-
-$_['Upload_File'] = 'Subir Archivo';
-$_['New_File']    = 'Archivo Nuevo';
-$_['Ren_Move']    = 'Renombrar / Mover';
-$_['Ren_Moved']   = 'Renombrado/Movido';
-$_['New_Folder']  = 'Carpeta Nueva';
-$_['Ren_Folder']  = 'Renombrar / Mover Carpeta';
-$_['Del_Folder']  = 'Borrar Carpeta';
-
-$_['Admin']  = 'Administrador';
-$_['Enter']  = 'Entrar';
-$_['Edit']   = 'Editar';
-$_['Close']  = 'Cerrar';
-$_['Cancel'] = 'Cancelar';
-$_['Upload'] = 'Subir';
-$_['Create'] = 'Crear';
-$_['Copy']   = 'Copiar';
-$_['Copied'] = 'Copiado';
-$_['Rename'] = 'Renombrar / Mover';
-$_['Delete'] = 'Eliminar';
-$_['DELETE'] = 'ELIMINAR';
-$_['File']   = 'Archivo';
-$_['Folder'] = 'Carpeta';
-$_['Submit'] = 'Submit Request'; //new
-$_['Username'] = 'Username';     //new
-$_['Password'] = 'Password';     //new
-
-$_['Log_In']  = 'Iniciar Sesión';
-$_['Log_Out'] = 'Cerrar Sesión';
-
-$_['Hash']    = 'Cadena';
-$_['pass_to_hash']  = 'Contraseña para calcular el hash:';
-$_['Generate_Hash'] = 'Generar Cadena';
+$_['image_info_font_size']  = '.95em';  //show_img_msg_01  &  _02
+$_['image_info_pos']        = ' ';      //If 1 or true, moves the info down a line for more space.
+$_['select_all_label_size'] = '.84em';  //Font size of $_['Select_All']
+$_['select_all_div_width']  = '73px';   //Width of space for $_['Select_All']
+
+$_['R'] = 'R'; //R enombrar
+$_['C'] = 'C'; //C Copiar
+$_['D'] = 'E'; //E liminar
+
+$_['Admin']   = 'Administrador';
+$_['Cancel']  = 'Cancelar';
+$_['Close']   = 'Cerrar'; 
+$_['Copy']    = 'Copiar'; 
+$_['Copied']  = 'Copiado';
+$_['Create']  = 'Crear';  
+$_['Delete']  = 'Eliminar';
+$_['DELETE']  = 'ELIMINAR';
+$_['Deleted'] = 'Deleted'; //## NT ##
+$_['Edit']    = 'Editar'; 
+$_['Enter']   = 'Entrar'; 
+$_['errors']  = 'errors';  //## NT ##
+$_['File']    = 'Archivo';
+$_['Folder']  = 'Carpeta';
+$_['From']    = 'From';    //## NT ##
+$_['Hash']    = 'Cadena'; 
+$_['Move']    = 'Mover';  
+$_['Moved']   = 'Movido'; 
+$_['on']      = 'activado';
+$_['Password'] = 'Password'; //## NT ##
+
+$_['Rename']     = 'Renombrar'; 
+$_['successful'] = 'successful'; //## NT ##
+$_['To']         = 'To';         //## NT ##
+$_['Upload']     = 'Subir';     
+$_['Username']   = 'Username';   //## NT ##
+$_['Log_In']     = 'Iniciar Sesión';
+$_['Log_Out']    = 'Cerrar Sesión';
+
+$_['Upload_File']    = 'Subir Archivo';      
+$_['New_File']       = 'Archivo Nuevo';      
+$_['Ren_Move']       = 'Renombrar / Mover';  
+$_['Ren_Moved']      = 'Renombrado/Movido';  
+$_['New_Folder']     = 'Carpeta Nueva';      
+$_['Ren_Folder']     = 'Renombrar / Mover Carpeta';
+$_['Del_Folder']     = 'Borrar Carpeta';     
+$_['Submit']         = 'Submit Request';      //## NT ##
+$_['Move_Files']     = 'Move File(s)';        //## NT ##
+$_['Copy_Files']     = 'Copy File(s)';        //## NT ##
+$_['Del_Files']      = 'Delete File(s)';      //## NT ##
+$_['Selected_Files'] = 'Selected Files';      //## NT ##
+$_['Select_All']     = 'Select All';          //## NT ##
+$_['Clear_All']      = 'Clear All';           //## NT ##
+$_['New_location']   = 'New Location';        //## NT ##
+$_['No_files']       = 'No files selected.';  //## NT ##
+$_['No_action']      = 'No action selected.'; //## NT ##
+$_['Not_found']      = 'Not found';           //## NT ##
+$_['pass_to_hash']   = 'Contraseña para calcular el hash:';
+$_['Generate_Hash']  = 'Generar Cadena';     
 
 $_['save_1']      = 'Guardar';
 $_['save_2']      = '¡GUARDAR CAMBIOS!';
@@ -68,43 +86,28 @@
 $_['Wide_View']   = 'Vista Ampliada';
 $_['Normal_View'] = 'Vista Normal';
 
-$_['on_']      = 'activado';
-
-$_['verify_msg_01'] = 'Sesión expirada.';
-$_['verify_msg_02'] = 'POST INVÁLIDO';
-
-$_['get_get_msg_01'] = 'El archivo no existe:';
-$_['get_get_msg_02'] = 'Invalid page request.';
+$_['verify_msg_01']  = 'Sesión expirada.';
+$_['verify_msg_02']  = 'POST INVÁLIDO';
 
+$_['get_get_msg_01']    = 'El archivo no existe:';
+$_['get_get_msg_02']    = 'Invalid page request.';
+$_['get_get_msg_03']    = 'Missing information for requested page'; //## NT ##
 $_['check_path_msg_01'] = 'El directorio no existe: ';
+$_['ord_msg_01']        = 'Un archivo con ese mismo nombre ya existe en el directorio asignado.';
+$_['ord_msg_02']        = 'Guardando como';
+$_['show_img_msg_01']   = 'Imagen mostrada a ~';
+$_['show_img_msg_02']   = '% del tamaño (W x H =';
 
-$_['ord_msg_01'] = 'Un archivo con ese mismo nombre ya existe en el directorio asignado.';
-$_['ord_msg_02'] = 'Guardando como';
-
-$_['show_img_msg_01'] = 'Imagen mostrada a ~';
-$_['show_img_msg_02'] = '% del tamaño (W x H =';
-// 'hash_txt_01' has changed - need translation. ***************************************************
-$_['hash_txt_01'] = 'The hashes generated by this page may be used to manually update $HASHWORD in OneFileCMS, or in an external config file.  In either case, make sure you remember the password used to generate the hash!'; //changed
-//$_['hash_txt_02'] = '1) Cambiando la variable $PASSWORD y asignando $USE_HASH = 0 (cero).';
-//$_['hash_txt_03'] = '2) O, usando $HASHWORD para almacenar tu contraseña, y luego asignar $USE_HASH = 1.';
-//$_['hash_txt_04'] = 'Tenga en cuenta que, debido a una serie de consideraciones muy variadas, esto es en gran parte un ejercicio académico. Es decir, tomar la idea de que esta es una gran mejora a la seguridad con un granito de sal de criptografía. Sin embargo, sí elimina el almacenamiento de la contraseña en texto plano, lo cual es algo bueno.';
-//$_['hash_txt_05'] = 'Igualmente, para usar la opción de contraseña $HASHWORD:';
+$_['hash_txt_01'] = 'The hashes generated by this page may be used to manually update $HASHWORD in OneFileCMS, or in an external config file.  In either case, make sure you remember the password used to generate the hash!'; //## NT ##
 $_['hash_txt_06'] = 'Ingresá la contraseña que quieras en la caja de texto siguiente y presioná enter.';
 $_['hash_txt_07'] = 'La cadena se mostrará en un mensaje amarillo.';
 $_['hash_txt_08'] = 'Copiá y pegá esa cadena a la variable $HASHWORD en la sección de configuración.';
 $_['hash_txt_09'] = 'Asegurate de copiar TODO y SÓLO la cadena (sin dejar espacios en blanco o demás).';
 $_['hash_txt_10'] = 'Haciendo doble click debería seleccionarlo...';
-$_['hash_txt_11'] = 'Asegurate de que $USE_HASH sea 1 (o true).';
 $_['hash_txt_12'] = 'Cuando estés listo, deslogueate y volvé a loguearte.';
-//$_['hash_txt_13'] = 'Podés usar OneFileCMS para editarlo. Sin embargo, asegurate de hacer un backup...';
-//$_['hash_txt_14'] = 'Para otro tip de seguridad, cambiá la llave de seguridad y/o el método usado por OneFileCMS para almacenar la clave (y mantenelo en secreto, obviamente).  Acordate, cada granito ayuda...';
-
-$_['hash_msg_01'] = 'Contraseña: ';
-$_['hash_msg_02'] = 'Cadena    : ';
-
-$_['login_txt_01'] = 'Usuario:';
-$_['login_txt_02'] = 'Contraseña:';
 
+$_['login_txt_01']  = 'Usuario:';
+$_['login_txt_02']  = 'Contraseña:';
 $_['login_msg_01a'] = 'Hubo ';
 $_['login_msg_01b'] = 'intentos fallidos.';
 $_['login_msg_02a'] = 'Por favor espere ';
@@ -126,28 +129,26 @@
 $_['edit_txt_04'] = 'Este comportamiento puede ser inconsistente de versión a versión de PHP.';
 
 $_['too_large_to_edit_01a'] = 'Edición deshabilita. Tamaño >';
-$_['too_large_to_edit_01b'] = 'bytes.';
+$_['too_large_to_edit_01b'] = 'bytes.'; //## NT ##
 $_['too_large_to_edit_02']  = 'Algunos navegadores (por ej.: IE) se vuelven inestables cuando se edita un texto largo dentro de un <textarea>.';
 $_['too_large_to_edit_03']  = 'Ajustá la variable $MAX_EDIT_SIZE en la sección de configuración de OneFileCMS como sea necesario.';
 $_['too_large_to_edit_04']  = 'Una simple prueba puede dar con el resultado necesario.';
-
 $_['too_large_to_view_01a'] = 'Vista deshabilitada. Tamaño >';
-$_['too_large_to_view_01b'] = 'bytes.';
+$_['too_large_to_view_01b'] = 'bytes.'; //## NT ##
 $_['too_large_to_view_02']  = 'Clickeá en el botón de debajo para verlo como se ve normalmente en un navegador.';
 $_['too_large_to_view_03']  = 'Ajustá $MAX_VIEW_SIZE en la sección de configuración de OneFileCMS como sea necesario.';
 $_['too_large_to_view_04']  = '(El valor por defecto para $MAX_VIEW_SIZE es completamente arbitrario, y puede ser ajustado como sea necesario.)';
 
 $_['meta_txt_01'] = 'Tamaño:';
-$_['meta_txt_02'] = 'bytes.';
+$_['meta_txt_02'] = 'bytes.'; //## NT ##
 $_['meta_txt_03'] = 'Actualizado:';
-
 $_['edit_msg_01'] = 'Archivo Guardado:';
 $_['edit_msg_02'] = 'bytes escritos.';
 $_['edit_msg_03'] = 'Ocurrió un error guardando el archivo.';
 
-$_['upload_txt_01'] = 'por upload_max_filesize en php.ini.';
-$_['upload_txt_02'] = 'por post_max_size en php.ini';
-$_['upload_txt_03'] = 'Nota: El tamaño máximo de subida es de:';
+$_['upload_txt_01']  = 'por upload_max_filesize en php.ini.';
+$_['upload_txt_02']  = 'por post_max_size en php.ini';
+$_['upload_txt_03']  = 'Nota: El tamaño máximo de subida es de:';
 
 $_['upload_err_01a'] = 'Error 1: Archivo muy largo.';
 $_['upload_err_01b'] = '(Desde php.ini)';
@@ -155,7 +156,7 @@
 $_['upload_err_02b'] = '(Desde OneFileCMS)';
 $_['upload_err_03']  = 'Error 3: El archivo se subió sólo parcialmente.';
 $_['upload_err_04']  = 'Error 4: No se subió ningún archivo.';
-$_['upload_err_05']  = 'Error 5:';
+$_['upload_err_05']  = 'Error 5:'; //## NT ##
 $_['upload_err_06']  = 'Error 6: Carpeta temporal no encontrada.';
 $_['upload_err_07']  = 'Error 7: No se pudo guardar el archivo en el disco.';
 $_['upload_err_08']  = 'Error 8: Una extensión de PHP detuvo la subida del archivo.';
@@ -169,7 +170,6 @@
 
 $_['new_file_txt_01'] = 'Se creará un archivo nuevo en la carpeta actual.';
 $_['new_file_txt_02'] = 'Algunos caracteres inválidos son: ';
-
 $_['new_file_msg_01'] = 'Archivo nuevo no creado:';
 $_['new_file_msg_02'] = 'El nombre contiene caracteres inválidos:';
 $_['new_file_msg_03'] = 'Archivo nuevo no creado - no se especificó un nombre';
@@ -177,10 +177,10 @@
 $_['new_file_msg_05'] = 'Archivo creado:';
 $_['new_file_msg_06'] = 'Error - archivo no creado:';
 
-$_['CRM_txt_01']  = 'Para mover un archivo o carpeta, cambiá el camino/hacia/la/carpeta/o_archivo. La nueva localización debe existir.';
-$_['CRM_txt_02']  = 'Nombre antiguo:';
-$_['CRM_txt_03']  = 'Nuevo nombre:';
-
+$_['CRM_txt_01']  = 'Para mover un archivo o carpeta, cambiá el camino/hacia/la/carpeta/o_archivo.';
+$_['CRM_txt_02']  = 'La nueva localización debe existir.';
+$_['CRM_txt_03']  = 'Nombre antiguo:';
+$_['CRM_txt_04']  = 'Nuevo nombre:';
 $_['CRM_msg_01']  = 'Error - la localización padre no existe:';
 $_['CRM_msg_02']  = 'Error - el archivo inicial no existe:';
 $_['CRM_msg_03']  = 'Error - el archivo de objetivo no existe:';
@@ -189,13 +189,11 @@
 $_['CRM_msg_05b'] = 'desde arriba a lo siguiente:';
 
 $_['delete_txt_01'] = '¿Estás seguro?';
-
 $_['delete_msg_01'] = 'Archivo Eliminado:';
 $_['delete_msg_02'] = 'Error eliminando';
 
-$_['new_folder_txt_1'] = 'La carpeta se creará dentro de la carpeta actual.';
-$_['new_folder_txt_2'] = 'Algunos caracteres inválidos son:';
-
+$_['new_folder_txt_1']  = 'La carpeta se creará dentro de la carpeta actual.';
+$_['new_folder_txt_2']  = 'Algunos caracteres inválidos son:';
 $_['new_folder_msg_01'] = 'Carpeta nueva no creada:';
 $_['new_folder_msg_02'] = 'El nombre contiene caracteres inválidos:';
 $_['new_folder_msg_03'] = 'Carpeta nueva no creada - no se ha asignado un nombre.';
@@ -204,85 +202,80 @@
 $_['new_folder_msg_06'] = 'Error - carpeta nueva no creada:';
 
 $_['delete_folder_txt_01'] = '¿Estás seguro?';
-
 $_['delete_folder_msg_01'] = 'Carpeta no vacía.   Las carpetas deben estar vacías antes de ser eliminadas.';
 $_['delete_folder_msg_02'] = 'Carpeta eliminada:';
 $_['delete_folder_msg_03'] = 'ocurrió un error eliminándola.';
 
-$_['page_title_login']      = 'Iniciar Sesión';
-$_['page_title_admin']      = 'Administration Options'; //new
+$_['page_title_login']      = 'Iniciar Sesión';         
+$_['page_title_admin']      = 'Administration Options';   //## NT ##
 $_['page_title_hash']       = 'Generar una Cadena de Contraseña';
-$_['page_title_change_pw']  = 'Change Password';        //new
-$_['page_title_change_un']  = 'Change Username';        //new
-$_['page_title_edit']       = 'Editar / Ver Archivo';
-$_['page_title_upload']     = 'Subir Archivo';
-$_['page_title_new_file']   = 'Nuevo Archivo';
-$_['page_title_copy']       = 'Copiar Archivo';
+$_['page_title_change_pw']  = 'Change Password';          //## NT ##
+$_['page_title_change_un']  = 'Change Username';          //## NT ##
+$_['page_title_edit']       = 'Editar / Ver Archivo';    
+$_['page_title_upload']     = 'Subir Archivo';           
+$_['page_title_new_file']   = 'Nuevo Archivo';           
 $_['page_title_ren']        = 'Renombrar  / Mover Archivo';
-$_['page_title_del']        = 'Eliminar Archivo';
-$_['page_title_folder_new'] = 'Nueva Carpeta';
+$_['page_title_copy']       = 'Copiar Archivo';          
+$_['page_title_mov']        = 'Move File(s)';             //## NT ##
+$_['page_title_del']        = 'Delete File(s)';           //## NT ##
+$_['page_title_folder_new'] = 'Nueva Carpeta';           
 $_['page_title_folder_ren'] = 'Renombrar / Mover Carpeta';
-$_['page_title_folder_del'] = 'Eliminar Carpeta';
-
-$_['session_warning'] = 'Advertencia: ¡La sesión terminará pronto!';
-$_['session_expired'] = 'SESIÓN TERMINADA';
-$_['unload_unsaved']  = '                 ¡Los cambios no guardados se perderán!';
-$_['confirm_reset']   = '¿Reiniciar el archivo y descartar cambios no guardados?';
-
-$_['OFCMS_requires']  = 'OneFileCMS necesita PHP';
+$_['page_title_folder_del'] = 'Eliminar Carpeta';        
 
+$_['session_warning']  = 'Advertencia: ¡La sesión terminará pronto!';
+$_['session_expired']  = 'SESIÓN TERMINADA';
+$_['unload_unsaved']   = '                 ¡Los cambios no guardados se perderán!';
+$_['confirm_reset']    = '¿Reiniciar el archivo y descartar cambios no guardados?';
+$_['OFCMS_requires']   = 'OneFileCMS necesita PHP';
 $_['logout_msg']       = 'Has cerrado la sesión satisfactoriamente.';
 $_['folder_del_msg']   = 'Carpeta no vacía.   Las carpetas debe estar vacías antes de poder eliminarse.';
 $_['upload_error_01a'] = 'Eror de subida.  Total de datos POST (mayormente el peso del archivo) excedido post_max_size =';
 $_['upload_error_01b'] = '(desde php.ini)';
 $_['edit_caution_01']  = 'PRECAUCIÓN';
 $_['edit_caution_02']  = 'Estás editando la copia activa de OneFileCMS - ¡HACÉ UNA COPIA DE SEGURIDAD Y TENÉ CUIDADO!';
-
-$_['time_out_txt'] = 'Tiempo de Espera de Sesión Agotado:';
-//******************************************* Need Translations ************************************
-$_['error_reporting_01'] = 'Display errors is';         //new
-$_['error_reporting_02'] = 'Log errors is';             //new
-$_['error_reporting_03'] = 'Error reporting is set to'; //new
-$_['error_reporting_04'] = 'Showing error types';       //new
-$_['error_reporting_05'] = 'Unexpected early output';   //new
-$_['error_reporting_06'] = '(nothing, not even white-space, should have been output yet)'; //new
-
-$_['admin_txt_00'] = 'Old Backup Found'; //new
-$_['admin_txt_01'] = 'This file was created in case of an error during a username or password change. Therefore, it may contain old information and should be deleted if not needed.  In any case, it will automatically be overwritten on the next password or username change.'; //new
-$_['admin_txt_02'] = 'General Information'; //new
-$_['admin_txt_04'] = 'As of version 3.3.13, OneFileCMS no longer maintains a plain text password option, and only stores a password hash, as most login systems do.'; //new
-//$_['admin_txt_04'] = 'OneFileCMS can manage your password in two ways:';
-//$_['admin_txt_06'] = '1) Use $PASSWORD to store your desired password, in plain text, and set $USE_HASH = 0 (zero).';
-//$_['admin_txt_08'] = '2) O, usando $HASHWORD para almacenar tu contraseña, y luego asignar $USE_HASH = 1.';
-//$_['admin_txt_10'] = '($PASSWORD, $USE_HASH, and $HASHWORD, are variables in the configuration section of the OneFileCMS source file.)';
-//$_['admin_txt_12'] = 'Option 2 is recommended, and is method used by the [Change Password] page. However, keep in mind that, due to a number of considerations, this is largely an academic excersize. That is, take the idea that it adds much of an improvement to security with a grain of cryptographic salt. Never-the-less, it does eliminate the storage of your password in plain text, which is generally considered to be a good thing.';
-$_['admin_txt_12'] = 'However, due to a number of considerations, this change was largely an academic exersize. That is, in this application, take the idea that it adds much of an improvement to security with a grain of cryptographic salt. Never-the-less, it does eliminate the storage of your password in plain text (if that option was used), which is generally considered to be a good thing.'; //changed
+$_['time_out_txt']     = 'Tiempo de Espera de Sesión Agotado:';
+
+$_['error_reporting_01'] = 'Display errors is';         //## NT ##
+$_['error_reporting_02'] = 'Log errors is';             //## NT ##
+$_['error_reporting_03'] = 'Error reporting is set to'; //## NT ##
+$_['error_reporting_04'] = 'Showing error types';       //## NT ##
+$_['error_reporting_05'] = 'Unexpected early output';   //## NT ##
+$_['error_reporting_06'] = '(nothing, not even white-space, should have been output yet)'; //## NT ##
+
+$_['admin_txt_00'] = 'Old Backup Found'; //## NT ##
+$_['admin_txt_01'] = 'This file was created in case of an error during a username or password change. Therefore, it may contain old information and should be deleted if not needed.  In any case, it will automatically be overwritten on the next password or username change.';
+$_['admin_txt_02'] = 'General Information'; //## NT ##
+$_['admin_txt_04'] = 'As of version 3.3.13, OneFileCMS no longer maintains a plain text password option, and only stores a password hash, as most login systems do.'; //## NT ##
+$_['admin_txt_12'] = 'However, due to a number of considerations, this change was largely an academic exersize. That is, in this application, take the idea that it adds much of an improvement to security with a grain of cryptographic salt. Never-the-less, it does eliminate the storage of your password in plain text (if that option was used), which is generally considered to be a good thing.'; //## NT ##
 $_['admin_txt_14'] = 'Para otro tip de seguridad, cambiá la llave de seguridad y/o el método usado por OneFileCMS para almacenar la clave (y mantenelo en secreto, obviamente).  Acordate, cada granito ayuda...';
 $_['admin_txt_16'] = 'Podés usar OneFileCMS para editarlo. Sin embargo, asegurate de hacer un backup...';
 
-$_['pw_change']  = 'Change Password';     //new
-$_['pw_current'] = 'Current Password';    //new
-$_['pw_new']     = 'New Password';        //new
-$_['pw_confirm'] = 'Confirm New Password';//new
-
-$_['pw_txt_02']  = 'Password / Username rules:'; //new
-$_['pw_txt_04']  = 'They are case-sensitive!';   //new
-$_['pw_txt_06']  = 'They must contain at least one non-space character.'; //new
-$_['pw_txt_08']  = 'They may contain spaces in the middle. Ex: "This is a password or username!"'; //changed
-$_['pw_txt_10']  = 'Leading and trailing spaces are removed.'; //new
-$_['pw_txt_12']  = 'Only the active copy of OneFileCMS is updated- no external configuration files are changed:';   //new
-$_['pw_txt_14']  = 'If an incorrect current password is entered, you will be logged out, but you may log back in.'; //new
-
-$_['change_pw_01'] = 'Password changed!';     //new
-$_['change_pw_02'] = 'Password NOT changed:'; //new
-$_['change_pw_03'] = 'Incorrect current password. Login to try again.'; //new
-$_['change_pw_04'] = '"New" and "Confirm New" values do not match.';    //new
-
-$_['un_change']  = 'Change Username';  //new
-$_['un_new']     = 'New Username';       //new
-$_['un_confirm'] = 'Confirm New Username'; //new
-
-$_['change_un_01'] = 'Username changed!';     //new
-$_['change_un_02'] = 'Username NOT changed:'; //new
+$_['pw_change']  = 'Change Password';             //## NT ##
+$_['pw_current'] = 'Current Password';            //## NT ##
+$_['pw_new']     = 'New Password';                //## NT ##
+$_['pw_confirm'] = 'Confirm New Password';        //## NT ##
+$_['pw_txt_02']  = 'Password / Username rules:';  //## NT ##
+$_['pw_txt_04']  = 'They are case-sensitive!';    //## NT ##
+$_['pw_txt_06']  = 'They must contain at least one non-space character.'; //## NT ##
+$_['pw_txt_08']  = 'They may contain spaces in the middle. Ex: "This is a password or username!"'; //## NT ##
+$_['pw_txt_10']  = 'Leading and trailing spaces are removed.'; //## NT ##
+$_['pw_txt_12']  = 'To record the change, only one file is updated: either the active copy of OneFileCMS, or, if specified, an external configuration file.'; //## NT ##
+$_['pw_txt_14']  = 'If an incorrect current password is entered, you will be logged out, but you may log back in.'; //## NT ##
+
+$_['change_pw_01'] = 'Password changed!';                               //## NT ##
+$_['change_pw_02'] = 'Password NOT changed:';                           //## NT ##
+$_['change_pw_03'] = 'Incorrect current password. Login to try again.'; //## NT ##
+$_['change_pw_04'] = 'New and "Confirm New" values do not match.';      //## NT ##
+$_['change_pw_05'] = 'Updating';                                        //## NT ##
+$_['change_pw_06'] = 'external config file';                            //## NT ##
+
+$_['un_change']     = 'Change Username';                       //## NT ##
+$_['un_new']        = 'New Username';                          //## NT ##
+$_['un_confirm']    = 'Confirm New Username';                  //## NT ##
+$_['change_un_01']  = 'Username changed!';                     //## NT ##
+$_['change_un_02']  = 'Username NOT changed:';                 //## NT ##
+$_['update_failed'] = 'Update failed - could not save file.';  //## NT ##
+$_['mcd_msg_01']    = 'files moved successfully.';             //## NT ##
+$_['mcd_msg_02']    = 'files copied successfully.';            //## NT ##
+$_['mcd_msg_03']    = 'files deleted successfully.';           //## NT ##
 
-$_['update_failed'] = 'Update failed - could not save file.';  //new
diff --git a/onefilecms.php b/onefilecms.php
index f2afadf..c9a35a2 100755
--- a/onefilecms.php
+++ b/onefilecms.php
@@ -1,7 +1,7 @@
 <?php
 // OneFileCMS - github.com/Self-Evident/OneFileCMS
 
-$OFCMS_version = '3.3.17';
+$OFCMS_version = '3.3.18';
 
 /*******************************************************************************
 Copyright © 2009-2012 https://github.com/rocktronica
@@ -53,14 +53,13 @@
 $HASHWORD = "a6ca7f88bd5efc706d38047cc5844d2b11f86242c01e0c89a1c656dbe2dd1866"; //"password"
 $SALT     = 'somerandomsalt';
 
-//$LANGUAGE_FILE = "OneFileCMS.LANG.EN.php"; //Filename of language settings. Leave blank for built-in default.
-				    //If file is not found, the built-in default will be used.
+//$LANGUAGE_FILE = "OneFileCMS.LANG.EN.php"; //Filename of language settings.
+				//Path is relative to OneFileCMS. If file is not found, the built-in default will be used.
 
 $MAX_ATTEMPTS  = 3;   //Max failed login attempts before LOGIN_DELAY starts.
 $LOGIN_DELAY   = 10;  //In seconds.
 $MAX_IDLE_TIME = 600; //In seconds. 600 = 10 minutes.  Other PHP settings may limit its max effective value.
 					  //  For instance, 24 minutes is the PHP default for garbage collection.
-
 $MAIN_WIDTH    = '810px'; //Width of main <div> defining page layout.
 $WIDE_VIEW_WIDTH = '97%'; //Width to set Edit page if [Wide View] is clicked
 
@@ -70,7 +69,7 @@
 $MAX_EDIT_SIZE = 150000;  // Edit gets flaky with large files in some browsers.  Trial and error your's.
 $MAX_VIEW_SIZE = 1000000; // If file > $MAX_EDIT_SIZE, don't even view in OneFileCMS.
                           // The default max view size is completely arbitrary. Basically, it was 2am and seemed like a good idea at the time.
-$config_favicon   = "/favicon.ico";
+$config_favicon   = "favicon.ico"; //Path is relative to root of website.
 $config_excluded  = ""; //files to exclude from directory listings- CaSe sEnsaTive!
 
 $config_etypes = "html,htm,xhtml,php,css,js,txt,text,cfg,conf,ini,csv,svg,log,htaccess"; //Editable file types.
@@ -88,7 +87,8 @@
 
 $SESSION_NAME = 'OFCMS'; //Name of session cookie. Change if using multiple copies of OneFileCMS.
 
-//$config_file = 'OFCMS_config.SAMPLE.php'; //External config file, if there is one.
+//External config file, if there is one.  Any settings in the $config_file will supersede those above.
+//$config_file = 'OFCMS_config.SAMPLE.php';  // Path is relative to OneFileCMS.
 	//Format for external config file is basic php:
 	// < ? php                    //(without the spaces around the ?, of course)
 	// $option1 = "value";
@@ -102,9 +102,14 @@
 //System values & setup
 
 //If there is one, include external config file. 
-if ( isset($config_file) && is_file($config_file) ) { include($config_file); }
+if ( isset($config_file) && is_file($config_file) ) {
+	include($config_file);
+}else{
+	$config_file = ''; //needed further down.
+}
 
-//Requires PHP 5.1. Earliest version the author has for testing is 5.2.8 (50208)
+//Requires PHP 5.1, due to changes some functions.
+//Earliest version the author has for testing is 5.2.8 (50208)
 define('PHP_VERSION_ID_REQUIRED',50100);   //Ex: 5.1.23 is 50123
 define('PHP_VERSION_REQUIRED'  ,'5.1 + '); //Used in exit() message.
 
@@ -121,16 +126,21 @@
 ini_set('session.gc_maxlifetime', $MAX_IDLE_TIME + 100); //in case the default is less.
 
 $ONESCRIPT = URLencode_path($_SERVER["SCRIPT_NAME"]); //Used for ULR's
-$ONESCRIPT_url_backup  = $ONESCRIPT.'.BACKUP.php';    //used for p/w & u/n updates.
 $DOC_ROOT  = $_SERVER["DOCUMENT_ROOT"].'/';
 $WEB_ROOT  = URLencode_path(basename($DOC_ROOT)).'/';
 $WEBSITE   = $_SERVER["HTTP_HOST"].'/';
 
-$ONESCRIPT_file   = $DOC_ROOT.trim($_SERVER["SCRIPT_NAME"],'/'); //Non-url use
+$ONESCRIPT_file   = $_SERVER["SCRIPT_FILENAME"];  //Non-url use
+$ONESCRIPT_path   = dirname($ONESCRIPT_file).'/'; //Non-url use
 $LOGIN_ATTEMPTS   = $ONESCRIPT_file.'.invalid_login_attempts';
-$ONESCRIPT_file_backup = $ONESCRIPT_file.'.BACKUP.php'; //used for p/w & u/n updates.
 
-$valid_pages = array("login","logout","admin","hash","changepw","changeun","index","edit","upload","uploaded","newfile","copy","rename","delete","newfolder","renamefolder","deletefolder","mdaction");
+$ONESCRIPT_url_backup  = $ONESCRIPT.'.BACKUP.php';                   //used for p/w & u/n updates.
+$ONESCRIPT_file_backup = $ONESCRIPT_file.'.BACKUP.php';              //used for p/w & u/n updates.
+$CONFIG_file           = $ONESCRIPT_path.$config_file;               //used for p/w & u/n updates.
+$CONFIG_file_backup    = $ONESCRIPT_path.$config_file.'.BACKUP.php'; //used for p/w & u/n updates.
+$CONFIG_url_backup     =  URLencode_path($CONFIG_file_backup);       //used for p/w & u/n updates.
+
+$valid_pages = array("login","logout","admin","hash","changepw","changeun","index","edit","upload","uploaded","newfile","copy","rename","delete","newfolder","renamefolder","deletefolder","mcdaction");
 
 $INVALID_CHARS = '< > ? * : " | / \\'; //Illegal characters for file/folder names.
 $INVALID_CHARS_array = explode(' ', $INVALID_CHARS); // (Space deliminated)
@@ -150,174 +160,150 @@
 
 
 
-function hsc($input) { return htmlspecialchars($input, ENT_QUOTES, 'UTF-8'); }// end hsc() **********
-function hte($input) { return htmlentities($input, ENT_QUOTES, 'UTF-8'); }//end hte()****************
+function hsc($input) { return htmlspecialchars($input, ENT_QUOTES, 'UTF-8'); }// end hsc() *********
+function hte($input) { return htmlentities($input, ENT_QUOTES, 'UTF-8'); }//end hte()***************
 
 
 
 
 function Default_Language() { // ***********************************************
 	global $_;
-// OneFileCMS Language Settings v3.3.15  //*** A few values are no longer used and are commented out. ***
+// OneFileCMS Language Settings v3.3.18
 
-$_['LANGUAGE'] = 'English';
+$_['LANGUAGE'] = 'English';  //EN
+$_['LANG'] = 'EN';
 
-// These are the default values included directly in onefilecms.php.
-//
 // If no translation or value is desired for a particular setting, do not delete
 // the actual setting variable, just set it to an empty string.
 // For example:  $_['some_unused_setting'] = '';
 //
-// Remember to slash-escape any single quotes that may be within a value:  \'
-// The back-slash itself, if to be part of the text to display, may or may not
-// also need to be escaped:  \\
-
-
+// Remember to slash-escape any single quotes that may be within the text:  \'
+// The back-slash itself may or may not also need to be escaped:  \\
+//
+// If present as a trailing comment, "## NT ##" means 'Need Translation'.
+//
 // In some instances, some langauges may use significantly longer words or phrases than others.
 // So, a smaller font or less spacing may be desirable in those places to preserve page layout.
 //
-$_['front_links_font_size'] =  '1em'; //Buttons on Index page.
-$_['front_links_margin_R']  =  '1em';
-$_['button_font_size']      = '.9em'; //Buttons on Edit page.
-$_['button_margin_L']       = '.7em';
+$_['front_links_font_size'] = '1em';     //Buttons on Index page.
+$_['front_links_margin_R']  = '1em';   
+$_['button_font_size']      = '.9em';    //Buttons on Edit page.
+$_['button_margin_L']       = '.7em';  
 $_['button_padding']        = '4px 10px';
-$_['image_info_font_size']  =  '1em'; //show_img_msg_01  &  _02 
-$_['image_info_pos']        = ''; //If 1 or true, moves the info down a line for more space.
-
-$_['R'] = 'R'; // R ename       //new
-$_['C'] = 'C'; // C opy         //new
-$_['D'] = 'D'; // D elete       //new
-
-$_['Upload_File']  = 'Upload File';
-$_['New_File']     = 'New File';
-$_['Ren_Move']     = 'Rename / Move';
-$_['Ren_Moved']    = 'Renamed / Moved';
-$_['New_Folder']   = 'New Folder';
-$_['Ren_Folder']   = 'Rename / Move Folder';
-$_['Del_Folder']   = 'Delete Folder';
-$_['Submit']       = 'Submit Request'; //new
-$_['Move_Files']   = 'Move File(s)';       //new1
-$_['Del_Files']    = 'Delete File(s)';     //new1
-$_['Old_location'] = 'Old location';       //new1
-$_['New_location'] = 'New location';       //new1
-$_['Selected_Files'] = 'Selected Files';   //new1
-
-
-$_['Admin']  = 'Admin';
-$_['Enter']  = 'Enter';
-$_['Edit']   = 'Edit';
-$_['Close']  = 'Close';
-$_['Cancel'] = 'Cancel';
-$_['Upload'] = 'Upload';
-$_['Create'] = 'Create';
-$_['Copy']   = 'Copy';
-$_['Copied'] = 'Copied';
-$_['Rename'] = 'Rename'; //changed1 (back)
-$_['Move']   = 'Move';   //new1
-$_['Moved']  = 'Moved';  //new1
-$_['Delete'] = 'Delete';
-$_['DELETE'] = 'DELETE';
-$_['File']   = 'File';
-$_['Folder'] = 'Folder';
-$_['errors'] = 'errors'; //new1
-$_['Username'] = 'Username';     //new
-$_['Password'] = 'Password';     //new
-
-$_['Log_In']  = 'Log In';
-$_['Log_Out'] = 'Log Out';
-
-$_['Hash']    = 'Hash';
-$_['pass_to_hash']  = 'Password to hash:';
-$_['Generate_Hash'] = 'Generate Hash';
-
+$_['image_info_font_size']  = '1em';     //show_img_msg_01  &  _02
+$_['image_info_pos']        = '';        //If 1 or true, moves the info down a line for more space.
+$_['select_all_label_size'] = '.84em';   //Font size of $_['Select_All']
+$_['select_all_div_width']  = '73px';    //Width of space for $_['Select_All']
+$_['R'] = 'R';  //R ename
+$_['C'] = 'C';  //C opy
+$_['D'] = 'D';  //D elete
+$_['Admin']   = 'Admin';  
+$_['Cancel']  = 'Cancel'; 
+$_['Close']   = 'Close';  
+$_['Copy']    = 'Copy';   
+$_['Copied']  = 'Copied'; 
+$_['Create']  = 'Create'; 
+$_['Delete']  = 'Delete'; 
+$_['DELETE']  = 'DELETE'; 
+$_['Deleted'] = 'Deleted';
+$_['Edit']    = 'Edit';   
+$_['Enter']   = 'Enter';  
+$_['errors']  = 'errors'; 
+$_['File']    = 'File';   
+$_['Folder']  = 'Folder'; 
+$_['From']    = 'From';   
+$_['Hash']    = 'Hash';   
+$_['Move']    = 'Move';   
+$_['Moved']   = 'Moved';  
+$_['on']      = 'on';     
+$_['Password'] = 'Password';
+$_['Rename']     = 'Rename';    
+$_['successful'] = 'successful';
+$_['To']         = 'To';        
+$_['Upload']     = 'Upload';    
+$_['Username']   = 'Username';  
+$_['Log_In']     = 'Log In';    
+$_['Log_Out']    = 'Log Out';   
+$_['Upload_File']    = 'Upload File';        
+$_['New_File']       = 'New File';           
+$_['Ren_Move']       = 'Rename / Move';      
+$_['Ren_Moved']      = 'Renamed / Moved';    
+$_['New_Folder']     = 'New Folder';         
+$_['Ren_Folder']     = 'Rename / Move Folder';
+$_['Del_Folder']     = 'Delete Folder';      
+$_['Submit']         = 'Submit Request';     
+$_['Move_Files']     = 'Move File(s)';       
+$_['Copy_Files']     = 'Copy File(s)';       
+$_['Del_Files']      = 'Delete File(s)';     
+$_['Selected_Files'] = 'Selected Files';     
+$_['Select_All']     = 'Select All';         
+$_['Clear_All']      = 'Clear All';          
+$_['New_location']   = 'New Location';       
+$_['No_files']       = 'No files selected.'; 
+$_['No_action']      = 'No action selected.';
+$_['Not_found']      = 'Not found';          
+$_['pass_to_hash']   = 'Password to hash:';  
+$_['Generate_Hash']  = 'Generate Hash';      
 $_['save_1']      = 'Save';
 $_['save_2']      = 'SAVE CHANGES!';
 $_['reset']       = 'Reset - loose changes';
 $_['Wide_View']   = 'Wide View';
 $_['Normal_View'] = 'Normal View';
-
-$_['on_']      = 'on';
-
-$_['verify_msg_01'] = 'Session expired.';
-$_['verify_msg_02'] = 'INVALID POST';
-
-$_['get_get_msg_01'] = 'File does not exist:';
-$_['get_get_msg_02'] = 'Invalid page request:';
-$_['get_get_msg_03'] = 'Missing information for requested page'; //new1
-
-$_['check_path_msg_01'] = 'Directory does not exist: ';
-
-$_['ord_msg_01'] = 'A file with that name already exists in the target directory.';
-$_['ord_msg_02'] = 'Saving as';
-
-$_['show_img_msg_01'] = 'Image shown at ~';
-$_['show_img_msg_02'] = '% of full size (W x H =';
-
-$_['hash_txt_01'] = 'The hashes generated by this page may be used to manually update $HASHWORD in OneFileCMS, or in an external config file.  In either case, make sure you remember the password used to generate the hash!'; //changed
-//$_['hash_txt_02'] = '1) Use the $PASSWORD config variable to store your desired password, and set $USE_HASH = 0 (zero).';
-//$_['hash_txt_03'] = '2) Or, use $HASHWORD to store the hash of your password, and set $USE_HASH = 1.';
-//$_['hash_txt_04'] = 'Keep in mind that due to a number of widely varied considerations, this is largely an academic excersize. That is, take the idea that this adds much of an improvement to security with a grain of cryptographic salt.	However, it does eleminate the storage of your password in plain text, which is a good thing.';
-//$_['hash_txt_05'] = 'Anyway, to use the $HASHWORD password option:';
+$_['verify_msg_01']  = 'Session expired.';
+$_['verify_msg_02']  = 'INVALID POST';
+$_['get_get_msg_01']    = 'File does not exist:';
+$_['get_get_msg_02']    = 'Invalid page request:';
+$_['get_get_msg_03']    = 'Missing information for requested page';
+$_['check_path_msg_01'] = 'Directory does not exist:';
+$_['ord_msg_01']        = 'A file with that name already exists in the target directory.';
+$_['ord_msg_02']        = 'Saving as';
+$_['show_img_msg_01']   = 'Image shown at ~';
+$_['show_img_msg_02']   = '% of full size (W x H =';
+$_['hash_txt_01'] = 'The hashes generated by this page may be used to manually update $HASHWORD in OneFileCMS, or in an external config file.  In either case, make sure you remember the password used to generate the hash!';
 $_['hash_txt_06'] = 'Type your desired password in the input field above and hit Enter.';
 $_['hash_txt_07'] = 'The hash will be displayed in a yellow message box above that.';
 $_['hash_txt_08'] = 'Copy and paste the new hash to the $HASHWORD variable in the config section.';
 $_['hash_txt_09'] = 'Make sure to copy ALL of, and ONLY, the hash (no leading or trailing spaces etc).';
 $_['hash_txt_10'] = 'A double-click should select it...';
-//$_['hash_txt_11'] = 'Make sure $USE_HASH is set to 1 (or true).';
 $_['hash_txt_12'] = 'When ready, logout and login.';
-//$_['hash_txt_13'] = 'You can use OneFileCMS to edit itself.  However, be sure to have a backup ready for the inevitable ytpo...';
-//$_['hash_txt_14'] = 'For another small improvement to security, change the default salt and/or method used by OneFileCMS to hash the password (and keep \'em secret, of course).  Remever, every little bit helps...';
-
-$_['hash_msg_01'] = 'Password:'; //
-$_['hash_msg_02'] = 'Hash    :'; //
-
-$_['login_txt_01'] = 'Username:';
-$_['login_txt_02'] = 'Password:';
-
-$_['login_msg_01a'] = 'There have been ';
+$_['login_txt_01']  = 'Username:';
+$_['login_txt_02']  = 'Password:';
+$_['login_msg_01a'] = 'There have been';
 $_['login_msg_01b'] = 'invalid login attempts.';
 $_['login_msg_02a'] = 'Please wait';
 $_['login_msg_02b'] = 'seconds to try again.';
 $_['login_msg_03']  = 'INVALID LOGIN ATTEMPT #';
-
 $_['edit_note_00']  = 'NOTES:';
 $_['edit_note_01a'] = 'Remember- your';
 $_['edit_note_01b'] = 'is';
 $_['edit_note_02']  = 'So save changes before the clock runs out, or the changes will be lost!';
-$_['edit_note_03']  = 'With some browsers, such as Chrome, if you click the browser [Back] then browser [Forward], the file state may not be accurate.  To correct, click the browser\'s [Reload].';
-$_['edit_note_04']  = 'Chrome may disable some javascript in a page if the page even appears to contain inline javascript in certain contexts.  This can affect some features of the OneFileCMS edit page when editing files that legitimately contain such code, such as OneFileCMS itself.  However, such files can still be edited and saved with OneFileCMS.  The primary function lost is the incidental change of background colors (red/green) indicating whether or not the file has unsaved changes.  The issue will be noticed after the first save of such a file.';
-
+$_['edit_note_03']  = 'With some browsers, such as Chrome, if you click the browser [Back] then browser [Forward], the file state may not be accurate. To correct, click the browser\'s [Reload].';
+$_['edit_note_04']  = 'Chrome may disable some javascript in a page if the page even appears to contain inline javascript in certain contexts. This can affect some features of the OneFileCMS edit page when editing files that legitimately contain such code, such as OneFileCMS itself. However, such files can still be edited and saved with OneFileCMS. The primary function lost is the incidental change of background colors (red/green) indicating whether or not the file has unsaved changes. The issue will be noticed after the first save of such a file.';
 $_['edit_h2_1']   = 'Viewing:';
 $_['edit_h2_2']   = 'Editing:';
 $_['edit_txt_01'] = 'Non-text or unkown file type. Edit disabled.';
 $_['edit_txt_02'] = 'File possibly contains an invalid character. Edit and view disabled.';
 $_['edit_txt_03'] = 'htmlspecialchars() returned an empty string from what may be an otherwise valid file.';
 $_['edit_txt_04'] = 'This behavior can be inconsistant from version to version of php.';
-
 $_['too_large_to_edit_01a'] = 'Edit disabled. Filesize >';
 $_['too_large_to_edit_01b'] = 'bytes.';
 $_['too_large_to_edit_02']  = 'Some browsers (ie: IE) bog down or become unstable while editing a large file in an HTML <textarea>.';
 $_['too_large_to_edit_03']  = 'Adjust $MAX_EDIT_SIZE in the configuration section of OneFileCMS as needed.';
 $_['too_large_to_edit_04']  = 'A simple trial and error test can determine a practical limit for a given browser/computer.';
-
 $_['too_large_to_view_01a'] = 'View disabled. Filesize >';
 $_['too_large_to_view_01b'] = 'bytes.';
 $_['too_large_to_view_02']  = 'Click the file name above to view as normally rendered in a browser window.';
 $_['too_large_to_view_03']  = 'Adjust $MAX_VIEW_SIZE in the configuration section of OneFileCMS as needed.';
 $_['too_large_to_view_04']  = '(The default value for $MAX_VIEW_SIZE is completely arbitrary, and may be adjusted as desired.)';
-
 $_['meta_txt_01'] = 'Filesize:';
 $_['meta_txt_02'] = 'bytes.';
 $_['meta_txt_03'] = 'Updated:';
-
 $_['edit_msg_01'] = 'File saved:';
 $_['edit_msg_02'] = 'bytes written.';
 $_['edit_msg_03'] = 'There was an error saving file.';
-
-$_['upload_txt_01'] = 'per upload_max_filesize in php.ini.';
-$_['upload_txt_02'] = 'per post_max_size in php.ini';
-$_['upload_txt_03'] = 'Note: Maximum upload file size is:';
-
+$_['upload_txt_01']  = 'per upload_max_filesize in php.ini.';
+$_['upload_txt_02']  = 'per post_max_size in php.ini';
+$_['upload_txt_03']  = 'Note: Maximum upload file size is:';
 $_['upload_err_01a'] = 'Error 1: File too large.';
 $_['upload_err_01b'] = '(From php.ini)';
 $_['upload_err_02a'] = 'Error 2: File too large.';
@@ -328,137 +314,111 @@ function Default_Language() { // ***********************************************
 $_['upload_err_06']  = 'Error 6: Missing a temporary folder.';
 $_['upload_err_07']  = 'Error 7: Failed to write file to disk.';
 $_['upload_err_08']  = 'Error 8: A PHP extension stopped the file upload.';
-
 $_['upload_msg_01'] = 'No file selected for upload.';
-$_['upload_msg_02'] = 'Destination folder does not exist: ';
+$_['upload_msg_02'] = 'Destination folder does not exist:';
 $_['upload_msg_03'] = 'Upload cancelled.';
 $_['upload_msg_04'] = 'Uploading:';
 $_['upload_msg_05'] = 'Upload successful!';
 $_['upload_msg_06'] = 'Upload failed:';
-
 $_['new_file_txt_01'] = 'File will be created in the current folder.';
-$_['new_file_txt_02'] = 'Some invalid characters are: ';
-
+$_['new_file_txt_02'] = 'Some invalid characters are:';
 $_['new_file_msg_01'] = 'New file not created:';
 $_['new_file_msg_02'] = 'Name contains invalid character(s):';
 $_['new_file_msg_03'] = 'New file not created - no name given';
 $_['new_file_msg_04'] = 'File already exists:';
 $_['new_file_msg_05'] = 'Created file:';
 $_['new_file_msg_06'] = 'Error - new file not created:';
-
-$_['CRM_txt_01']  = 'To move a file or folder, change the path/to/folder/or_file.'; //changed1
-$_['CRM_txt_02']  = 'The new location must already exist.';                         //changed1/new1
-$_['CRM_txt_03']  = 'Old name:';
-$_['CRM_txt_04']  = 'New name:';
-
+$_['CRM_txt_01']  = 'To move a file or folder, change the path/to/folder/or_file.';
+$_['CRM_txt_02']  = 'The new location must already exist.';
+$_['CRM_txt_03']  = 'Old name';
+$_['CRM_txt_04']  = 'New name';
 $_['CRM_msg_01']  = 'Error - new parent location does not exist:';
 $_['CRM_msg_02']  = 'Error - source file does not exist:';
 $_['CRM_msg_03']  = 'Error - target filename already exists:';
 $_['CRM_msg_04']  = 'to';
 $_['CRM_msg_05a'] = 'Error during';
 $_['CRM_msg_05b'] = 'from the above to the following:';
-
 $_['delete_txt_01'] = 'Are you sure?';
-
 $_['delete_msg_01'] = 'Deleted file:';
 $_['delete_msg_02'] = 'Error deleting';
-
-$_['new_folder_txt_1'] = 'Folder will be created in the current folder.';
-$_['new_folder_txt_2'] = 'Some invalid characters are:';
-
+$_['new_folder_txt_1']  = 'Folder will be created in the current folder.';
+$_['new_folder_txt_2']  = 'Some invalid characters are:';
 $_['new_folder_msg_01'] = 'New folder not created:';
 $_['new_folder_msg_02'] = 'Name contains invalid character(s):';
 $_['new_folder_msg_03'] = 'New folder not created - no name given.';
 $_['new_folder_msg_04'] = 'Folder already exists:';
 $_['new_folder_msg_05'] = 'Created folder:';
 $_['new_folder_msg_06'] = 'Error - new folder not created:';
-
 $_['delete_folder_txt_01'] = 'Are you sure?';
-
-$_['delete_folder_msg_01'] = 'Folder not empty.   Folders must be empty before they can be deleted.';
+$_['delete_folder_msg_01'] = 'Folder not empty. Folders must be empty before they can be deleted.';
 $_['delete_folder_msg_02'] = 'Deleted folder:';
 $_['delete_folder_msg_03'] = 'an error occurred during delete.';
-
 $_['page_title_login']      = 'Log In';
-$_['page_title_admin']      = 'Administration Options'; //new
+$_['page_title_admin']      = 'Administration Options';
 $_['page_title_hash']       = 'Generate a Password Hash';
-$_['page_title_change_pw']  = 'Change Password';        //new
-$_['page_title_change_un']  = 'Change Username';        //new
+$_['page_title_change_pw']  = 'Change Password';
+$_['page_title_change_un']  = 'Change Username';
 $_['page_title_edit']       = 'Edit / View File';
 $_['page_title_upload']     = 'Upload File';
 $_['page_title_new_file']   = 'New File';
-$_['page_title_copy']       = 'Copy File';
 $_['page_title_ren']        = 'Rename / Move File';
-$_['page_title_del']        = 'Delete File(s)';  //changed1
+$_['page_title_copy']       = 'Copy File(s)';
+$_['page_title_mov']        = 'Move File(s)';
+$_['page_title_del']        = 'Delete File(s)';
 $_['page_title_folder_new'] = 'New Folder';
 $_['page_title_folder_ren'] = 'Rename / Move Folder';
 $_['page_title_folder_del'] = 'Delete Folder';
-$_['page_title_mov']        = 'Move File(s)';    //new1
-
-$_['session_warning'] = 'Warning: Session timeout soon!';
-$_['session_expired'] = 'SESSION EXPIRED';
-$_['unload_unsaved']  = '               Unsaved changes will be lost!';
-$_['confirm_reset']   = 'Reset file and loose unsaved changes?';
-
-$_['OFCMS_requires']  = 'OneFileCMS requires PHP';
-
+$_['session_warning']  = 'Warning: Session timeout soon!';
+$_['session_expired']  = 'SESSION EXPIRED';
+$_['unload_unsaved']   = ' Unsaved changes will be lost!';
+$_['confirm_reset']    = 'Reset file and loose unsaved changes?';
+$_['OFCMS_requires']   = 'OneFileCMS requires PHP';
 $_['logout_msg']       = 'You have successfully logged out.';
-$_['folder_del_msg']   = 'Folder not empty.   Folders must be empty before they can be deleted.';
-$_['upload_error_01a'] = 'Upload Error.  Total POST data (mostly filesize) exceeded post_max_size =';
+$_['folder_del_msg']   = 'Folder not empty. Folders must be empty before they can be deleted.';
+$_['upload_error_01a'] = 'Upload Error. Total POST data (mostly filesize) exceeded post_max_size =';
 $_['upload_error_01b'] = '(from php.ini)';
 $_['edit_caution_01']  = 'CAUTION';
 $_['edit_caution_02']  = 'You are editing the active copy of OneFileCMS - BACK IT UP & BE CAREFUL !!';
-
-$_['time_out_txt'] = 'Session time out in:';
-
-$_['error_reporting_01'] = 'Display errors is';         //new
-$_['error_reporting_02'] = 'Log errors is';             //new
-$_['error_reporting_03'] = 'Error reporting is set to'; //new
-$_['error_reporting_04'] = 'Showing error types';       //new
-$_['error_reporting_05'] = 'Unexpected early output';   //new
-$_['error_reporting_06'] = '(nothing, not even white-space, should have been output yet)'; //new
-
-$_['admin_txt_00'] = 'Old Backup Found'; //new
-$_['admin_txt_01'] = 'This file was created in case of an error during a username or password change. Therefore, it may contain old information and should be deleted if not needed.  In any case, it will automatically be overwritten on the next password or username change.'; //new
-$_['admin_txt_02'] = 'General Information'; //new
-$_['admin_txt_04'] = 'As of version 3.3.13, OneFileCMS no longer maintains a plain text password option, and only stores a password hash, as most login systems do.'; //new
-//$_['admin_txt_04'] = 'OneFileCMS can manage your password in two ways:';
-//$_['admin_txt_06'] = '1) Use $PASSWORD to store your desired password, in plain text, and set $USE_HASH = 0 (zero).';
-//$_['admin_txt_08'] = '2) Or, use $HASHWORD to store the hash of your password, and set $USE_HASH = 1.';
-//$_['admin_txt_10'] = '($PASSWORD, $USE_HASH, and $HASHWORD, are variables in the configuration section of the OneFileCMS source file.)';
-//$_['admin_txt_12'] = 'Option 2 is recommended, and is method used by the [Change Password] page. However, keep in mind that, due to a number of considerations, this is largely an academic excersize. That is, take the idea that it adds much of an improvement to security with a grain of cryptographic salt. Never-the-less, it does eliminate the storage of your password in plain text, which is generally considered to be a good thing.';
-$_['admin_txt_12'] = 'However, due to a number of considerations, this change was largely an academic exersize. That is, in this application, take the idea that it adds much of an improvement to security with a grain of cryptographic salt. Never-the-less, it does eliminate the storage of your password in plain text (if that option was used), which is generally considered to be a good thing.'; //changed
+$_['time_out_txt']     = 'Session time out in:';
+$_['error_reporting_01'] = 'Display errors is';
+$_['error_reporting_02'] = 'Log errors is';
+$_['error_reporting_03'] = 'Error reporting is set to';
+$_['error_reporting_04'] = 'Showing error types';
+$_['error_reporting_05'] = 'Unexpected early output';
+$_['error_reporting_06'] = '(nothing, not even white-space, should have been output yet)';
+$_['admin_txt_00'] = 'Old Backup Found';
+$_['admin_txt_01'] = 'A backup file was created in case of an error during a username or password change. Therefore, it may contain old information and should be deleted if not needed. In any case, it will automatically be overwritten on the next password or username change.';
+$_['admin_txt_02'] = 'General Information';
+$_['admin_txt_04'] = 'As of version 3.3.13, OneFileCMS no longer maintains a plain text password option, and only stores a password hash, as most login systems do.';
+$_['admin_txt_12'] = 'However, due to a number of considerations, this change was largely an academic exersize. That is, in this application, take the idea that it adds much of an improvement to security with a grain of cryptographic salt. Never-the-less, it does eliminate the storage of your password in plain text (if that option was used), which is generally considered to be a good thing.';
 $_['admin_txt_14'] = 'For another small improvement to security, change the default salt and/or method used by OneFileCMS to hash the password (and keep them secret, of course). Every little bit helps...';
-$_['admin_txt_16'] = 'Also, you can still use OneFileCMS to edit itself. However, be sure to have a backup ready for the inevitable ytpo...'; //changed
-
-$_['pw_change']  = 'Change Password';     //new
-$_['pw_current'] = 'Current Password';    //new
-$_['pw_new']     = 'New Password';        //new
-$_['pw_confirm'] = 'Confirm New Password';//new
-
-$_['pw_txt_02']  = 'Password / Username rules:'; //new
-$_['pw_txt_04']  = 'They are case-sensitive!';   //new
-$_['pw_txt_06']  = 'They must contain at least one non-space character.'; //new
-$_['pw_txt_08']  = 'They may contain spaces in the middle. Ex: "This is a password or username!"'; //changed
-$_['pw_txt_10']  = 'Leading and trailing spaces are removed.'; //new
-$_['pw_txt_12']  = 'Only the active copy of OneFileCMS is updated- no external configuration files are changed:';   //new
-$_['pw_txt_14']  = 'If an incorrect current password is entered, you will be logged out, but you may log back in.'; //new
-
-$_['change_pw_01'] = 'Password changed!';     //new
-$_['change_pw_02'] = 'Password NOT changed:'; //new
-$_['change_pw_03'] = 'Incorrect current password. Login to try again.'; //new
-$_['change_pw_04'] = '"New" and "Confirm New" values do not match.';    //new
-
-$_['un_change']  = 'Change Username';  //new
-$_['un_new']     = 'New Username';       //new
-$_['un_confirm'] = 'Confirm New Username'; //new
-
-$_['change_un_01'] = 'Username changed!';     //new
-$_['change_un_02'] = 'Username NOT changed:'; //new
-
-$_['update_failed'] = 'Update failed - could not save file.';  //new
-
-$_['md_mov_01'] = 'files moved successfully.'; //new1
+$_['admin_txt_16'] = 'Also, you can still use OneFileCMS to edit itself. However, be sure to have a backup ready for the inevitable ytpo...';
+$_['pw_change']  = 'Change Password';
+$_['pw_current'] = 'Current Password';
+$_['pw_new']     = 'New Password';
+$_['pw_confirm'] = 'Confirm New Password';
+$_['pw_txt_02']  = 'Password / Username rules:';
+$_['pw_txt_04']  = 'They are case-sensitive!';
+$_['pw_txt_06']  = 'They must contain at least one non-space character.';
+$_['pw_txt_08']  = 'They may contain spaces in the middle. Ex: "This is a password or username!"';
+$_['pw_txt_10']  = 'Leading and trailing spaces are removed.';
+$_['pw_txt_12']  = 'To record the change, only one file is updated: either the active copy of OneFileCMS, or, if specified, an external configuration file.';
+$_['pw_txt_14']  = 'If an incorrect current password is entered, you will be logged out, but you may log back in.';
+$_['change_pw_01'] = 'Password changed!';
+$_['change_pw_02'] = 'Password NOT changed:';
+$_['change_pw_03'] = 'Incorrect current password. Login to try again.';
+$_['change_pw_04'] = 'New and "Confirm New" values do not match.';
+$_['change_pw_05'] = 'Updating';
+$_['change_pw_06'] = 'external config file';
+$_['un_change']     = 'Change Username';
+$_['un_new']        = 'New Username';
+$_['un_confirm']    = 'Confirm New Username';
+$_['change_un_01']  = 'Username changed!';
+$_['change_un_02']  = 'Username NOT changed:';
+$_['update_failed'] = 'Update failed - could not save file.';
+$_['mcd_msg_01']    = 'files moved successfully.';
+$_['mcd_msg_02']    = 'files copied successfully.';
+$_['mcd_msg_03']    = 'files deleted successfully.';
 }//end Default_Language() ******************************************************
 
 
@@ -490,7 +450,7 @@ function Session_Startup() { //*************************************************
 	if ( $_SESSION['valid'] ) { Verify_IDLE_POST_etc(); }
 
 	$_SESSION['nuonce'] = sha1(mt_rand().microtime()); //provided in <forms> to verify POST
-
+		
 	chdir($_SERVER["DOCUMENT_ROOT"]); //Allow OneFileCMS.php to be started from any dir on the site.
 }//end Session_Startup() *******************************************************
 
@@ -674,7 +634,7 @@ function Get_GET() { //*** Get main parameters *********************************
 	if (!in_array($page, $valid_pages)) { 
 		$message .= $EX.hsc($_['get_get_msg_02']).' <b>'.hte($page).'</b><br>';
 		$page = "index";  //If invalid $_GET["p"]
-	}elseif ($page == "mdaction" && !$VALID_POST ){ //not likely, but just in case.
+	}elseif ($page == "mcdaction" && !$VALID_POST ){ //not likely, but just in case.
 		$message .= hsc($_['get_get_msg_03']).": $page<br>";
 		$page = "index";
 	}
@@ -773,7 +733,7 @@ function ordinalize($destination,$filename, &$msg) { //*************************
 			$ordinal = sprintf("%03d", ++$ordinal); //  001, 002, 003, etc...
 			$savefile = $destination.$filename.'.'.$ordinal;
 		}
-		$msg .= hsc($_['ord_msg_02']).'"<b>'.hte(basename($savefile)).'</b>"';
+		$msg .= '<b>'.hsc($_['ord_msg_02']).':</b> <span class="filename">'.hte(basename($savefile)).'</span>';
 	}
 	return $savefile;
 }//end ordinalize() filename ***************************************************
@@ -827,16 +787,16 @@ function Current_Path_Header(){ //**********************************************
 
 
 function Page_Header(){ //******************************************************
-	global  $_, $DOC_ROOT, $ONESCRIPT, $page, $WEBSITE, $config_title, $OFCMS_version, $config_favicon;
+	global  $_, $DOC_ROOT, $ONESCRIPT, $page, $WEBSITE, $config_title, $OFCMS_version, $config_favicon, $message;
 
 	$favicon = '';
-	if (file_exists($DOC_ROOT.$config_favicon)) { 
-		$favicon =  '<img src="'.URLencode_path($config_favicon).'" alt="">';
+	if (file_exists($DOC_ROOT.trim($config_favicon,'/'))) { 
+		$favicon =  '<img src="/'.URLencode_path($config_favicon).'" alt="">';
 	}
 ?>
 	<div class="header">
 		<a href="<?php echo $ONESCRIPT?>" id="logo"><?php echo $config_title; ?></a>
-		<?php echo $OFCMS_version.' ('.hsc($_['on_']).'&nbsp;php&nbsp;'.phpversion().')'; ?>
+		<?php echo $OFCMS_version.' ('.hsc($_['on']).'&nbsp;php&nbsp;'.phpversion().')'; ?>
 
 		<div class="nav">
 			<a href="/" target="_blank"><?php echo $favicon ?>&nbsp;
@@ -844,7 +804,7 @@ function Page_Header(){ //******************************************************
 			<?php if ($page != "login") { ?>
 			| <a href="<?php echo $ONESCRIPT ?>?p=logout"><?php echo hsc($_['Log_Out']) ?></a>
 			<?php } ?>
-		</div><div style="clear:both"></div>
+		</div><div class=clear></div>
 	</div><!-- end header -->
 <?php
 }//end Page_Header(){ **********************************************************
@@ -855,24 +815,23 @@ function Page_Header(){ //******************************************************
 function message_box() { //*****************************************************
 	global $ONESCRIPT, $param1, $param2, $param3, $message, $page;
 
+	$href    = $ONESCRIPT.$param1.$param2.$param3;
+	$onclick = 'document.getElementById("message_box").innerHTML = " ";return false;';
+	$X_box   =  '<a id="X_box" href="'.$href.'" onclick=\''.$onclick.'\'>x</a>';
+	
 	if (isset($message) && (strlen($message) > 0)) {
 ?>
-		<div id="message"><p>
-		<span id="Xbox"><!-- [X] to dismiss message box -->
-			<a id="dismiss" href='<?php echo $ONESCRIPT.$param1.$param2.$param3; ?>'
- 			onclick='document.getElementById("message").innerHTML = " ";return false;'>
-			[X]</a>
-		</span>
-		<?php echo $message.PHP_EOL ;?>
-		</p></div>
-		<script>document.getElementById("dismiss").focus();</script>
+		<div id="message_box"><!--===============================-->
+			<?php echo $X_box ?>
+			<div id="message_box_contents"><?php echo $message ?></div>
+		</div><!--End message_box-===============================-->
+
+		<script>document.getElementById("X_box").focus();</script>
 <?php
-	}else {
-		echo '<div id="message"></div>'; // Needed on Edit page to keep js feedback from failing
+	}else { // Needed on some pages to keep js feedback from failing
+		echo '<div id="message_box"></div>';
 	} //end isset($message)
-	
-	// Used on Edit Page to preserve vertical spacing, so edit area doesn't jump as much.
-	if ($page == "edit") {echo '<style>#message { min-height: 1.86em; }</style>';}
+
 }//end message_box()  **********************************************************
 
 
@@ -938,12 +897,12 @@ function show_image(){ //*******************************************************
 	else                         { $SCALE = $SCALE_W; } //If _H >= _W, or both are 1
 
 	//For languages with longer words that don't fit next to [Wide] & [Close] buttons.
-	if ($_['image_info_pos']){ echo '<div style="clear:both"></div>'.PHP_EOL; }
+	if ($_['image_info_pos']){ echo '<div class=clear></div>'.PHP_EOL; }
 
 	echo '<p class="image_info">';
 	echo hsc($_['show_img_msg_01']).round($SCALE*100).
 		 hsc($_['show_img_msg_02']).' '.$img_info[0].' x '.$img_info[1].').</p>';
-	echo '<div style="clear:both"></div>'.PHP_EOL;
+	echo '<div class=clear></div>'.PHP_EOL;
 	echo '<a href="/' .URLencode_path($IMG). '" target="_blank">'.PHP_EOL;
 	echo '<img src="/'.URLencode_path($IMG).'"  height="'.($img_info[$H] * $SCALE).'"></a>'.PHP_EOL;
 }// end show_image() ***********************************************************
@@ -1179,9 +1138,37 @@ function show_icon($type){ //***************************************************
 
 
 
+function List_Backup($file, $file_url){ //**************************************
+	global $_, $ONESCRIPT;
+
+		clearstatcache ();
+		$href = $ONESCRIPT.'?i='.dirname($file_url).'&amp;f='.basename($file_url);
+?>
+		<table class="index_T old_backup_T"><tr>
+		<td class="file_name">
+			<?php echo '<a href="'.$href.'&amp;p=edit'.'" id="old_backup">'.basename($file_url); ?></a>
+		</td>
+		<td class="meta_T file_size">&nbsp;
+			<?php echo number_format(filesize($file)); ?> B
+		</td>
+		<td class="meta_T file_time"> &nbsp;
+			<script>FileTimeStamp(<?php echo filemtime($file); ?>, 1, 0);</script>
+		</td>
+		</tr></table>
+
+		<script>document.getElementById("old_backup").focus();</script>
+		<a href="<?php echo $href.'&amp;p=delete' ?>" class="button" id="del_backup"><?php echo hsc($_['Delete']) ?></a>
+		<div style="clear: both"></div>
+
+<?php
+}//end List_Backup() ***********************************************************
+
+
+
+
 function Admin_Page() { //******************************************************
-	global $_, $WEB_ROOT, $ONESCRIPT, $ONESCRIPT_url_backup, $ONESCRIPT_file_backup, 
-		   $ipath, $filename, $param1, $param2, $EX, $message, $config_title;
+	global $_, $WEB_ROOT, $ONESCRIPT, $ONESCRIPT_url_backup, $ONESCRIPT_file_backup, $CONFIG_url_backup, 
+		   $ipath, $filename, $param1, $param2, $EX, $message, $config_title,  $CONFIG_file_backup;
 
 	$_SESSION['admin_ipath']  = $ipath; //Used so after Edit OneFile, returns to ipath user expects.
 
@@ -1211,34 +1198,21 @@ function Admin_Page() { //******************************************************
 	</span>
 
 	<div class="info">
-		
-	<?php //Check for & indicate if a backup exists from a prior p/w or u/n change.
-	if (is_file($ONESCRIPT_file_backup)) {
+
+	<?php //Check for & indicate if backups exists from a prior p/w or u/n change.
+	if (is_file($ONESCRIPT_file_backup) || is_file($CONFIG_file_backup) ) {
 		clearstatcache ();
-		Time_Stamp_scripts();
-		$file = $ONESCRIPT_url_backup;
-		$href = $ONESCRIPT.'?i='.dirname($file).'&amp;f='.basename($file);
-	?>
-		<p><b><?php echo hsc($_['admin_txt_00']) ?></b></p>
-		<table class="index_T" id="old_backup_T">
-		<tr>
-		<td class="file_name">
-			<?php echo '<a href="'.$href.'&amp;p=edit'.'" id="old_backup">'.basename($file); ?></a>
-		</td>
-		<td class="meta_T file_size">&nbsp;
-			<?php echo number_format(filesize($ONESCRIPT_file_backup)); ?> B
-		</td>
-		<td class="meta_T file_time"> &nbsp;
-			<script>FileTimeStamp(<?php echo filemtime($ONESCRIPT_file_backup); ?>, 1, 0);</script>
-		</td></tr></table>
 		
-		<a href="<?php echo $href.'&amp;p=delete' ?>" class="button" id="del_backup"><?php echo hsc($_['Delete']) ?></a>
-		<div style="clear: both"></div>
-		<p><?php echo hsc($_['admin_txt_01']) ?>
+		echo '<p><b>'.hsc($_['admin_txt_00']).'</b></p>';
+		
+		if (is_file($ONESCRIPT_file_backup)) { List_Backup($ONESCRIPT_file_backup, $ONESCRIPT_url_backup); }
+
+		if (is_file($CONFIG_file_backup))    { List_Backup($CONFIG_file_backup, $CONFIG_url_backup); }
+		
+		echo '<p>'.hsc($_['admin_txt_01']);
+		
+		echo '<hr>';
 		
-		<script>document.getElementById("old_backup").focus();</script>
-		<hr>
-	<?php
 	}else {
 		echo '<script>document.getElementById("cancel").focus();</script>';
 	}//end of check for backup
@@ -1256,12 +1230,12 @@ function Admin_Page() { //******************************************************
 
 
 
-function Hash_Page() { //******************************************************
-	global $_, $DOC_ROOT, $ONESCRIPT, $param1, $param3, $message, $INPUT_NUONCE, $config_title, $PWUN_RULES;
+function Hash_Page() { //*******************************************************
+	global $_, $ONESCRIPT, $param1, $param3, $message, $INPUT_NUONCE, $PWUN_RULES;
 
 	if (!isset($_POST['whattohash'])) { $_POST['whattohash'] = ''; }
 ?>
-	<style>#message {font-family: courier; min-height: 3.1em;}</style>
+	<style>#message_box {font-family: courier; min-height: 3.1em;}</style>
 
 	<h2><?php echo hsc($_['page_title_hash']) ?></h2>
 	
@@ -1297,8 +1271,8 @@ function Hash_response() { //***************************************************
 	//Ignore/don't hash empty string - passwords can't be blank.
 	if ($_POST['whattohash'] == "") { return; }
 
-	$message .= hsc($_['hash_msg_01']).' '.hsc($_POST['whattohash']).'<br>';
-	$message .= hsc($_['hash_msg_02']).hashit($_POST["whattohash"]).'<br>'; //NO SPACE between msg_02 & hash!
+	$message .= hsc($_['Password']).': '.hsc($_POST['whattohash']).'<br>';
+	$message .= hsc($_['Hash']).': '.hashit($_POST["whattohash"]).'<br>';
 } //end Hash_response() ********************************************************
 
 
@@ -1306,7 +1280,7 @@ function Hash_response() { //***************************************************
 
 function Change_PWUN_Page($config_key) { //*************************************
 	// $config_key must= "pw" or "un"
-	global $_, $EX, $DOC_ROOT, $ONESCRIPT, $param1, $param3, $message, $INPUT_NUONCE, $config_title, $PWUN_RULES;
+	global $_, $EX, $ONESCRIPT, $param1, $param3, $message, $INPUT_NUONCE, $config_title, $PWUN_RULES;
 	
 	if ($config_key == "pw") {
 		$type = "password";
@@ -1352,29 +1326,41 @@ function Change_PWUN_Page($config_key) { //*************************************
 
 
 
-function Update_config($search_for, $replace_with) {//********************
-	global  $ONESCRIPT, $ONESCRIPT_file, $ONESCRIPT_file_backup, $HASHWORD;
+//******************************************************************************
+function Update_config($search_for, $replace_with, $search_file, $backup_file) {
+	global  $_, $HASHWORD, $ONESCRIPT_file, $ONESCRIPT_file_backup, $EX, $message;
+
+	if ( !is_file($search_file) ) {
+		$message .= $EX.' <b>'.$_['Not_found'].': </b>'.$search_file.'<br>';
+		return false;
+	}
 
-	$ONESCRIPT_contents = file_get_contents($ONESCRIPT_file);
+	$search_contents = file_get_contents($search_file);
 	//Convert any CR+NL to only newline.
-	$ONESCRIPT_contents = str_replace("\r\n", "\n", $ONESCRIPT_contents);
-	$ONESCRIPT_lines = explode("\n", "".$ONESCRIPT_contents);
+	$search_contents = str_replace("\r\n", "\n", $search_contents);
+	$search_contents = str_replace("\r"  , "\n", $search_contents);
+	$search_lines = explode("\n", "".$search_contents);
 
-	//Search start of each $line in (array)$ONESCRIPT_lines for (string)$search_for.
+	//Search start of each $line in (array)$search_lines for (string)$search_for.
 	//If match found, replace $line with $replace_with, end search.
 	$search_len = strlen($search_for);
-	foreach ($ONESCRIPT_lines as $key => $line) {
+	$found = false;
+	foreach ($search_lines as $key => $line) {
 		if ( substr($line,0,$search_len) == $search_for ) {
-			$ONESCRIPT_lines[$key] = $replace_with;
+			$found = true;
+			$search_lines[$key] = $replace_with;
 			break 1; //only replace first occurrance of $search_for
 		}
 	}
 
-	copy($ONESCRIPT_file, $ONESCRIPT_file_backup); // Just in case...
+	//As of 3.3.18, this should never happen- you'd be logged out first.
+	if (!$found){ $message .= $EX.' <b>'.$_['Not_found'].': '.$search_for.'<br>'; return false; }
+	
+	copy($search_file, $backup_file); // Just in case...
 
-	$updated_contents = implode("\n", $ONESCRIPT_lines);
+	$updated_contents = implode("\n", $search_lines);
 
-	return file_put_contents($ONESCRIPT_file, $updated_contents);
+	return file_put_contents($search_file, $updated_contents);
 }//end Update_config() *********************************************************
 
 
@@ -1382,7 +1368,8 @@ function Update_config($search_for, $replace_with) {//********************
 
 function Change_PWUN_response($PWUN){ //****************************************
 	//Update $USERNAME or $HASHWORD. Default $page = changepw or changeun 
-	global $_, $USERNAME, $HASHWORD, $EX, $message, $page;
+	global $_, $ONESCRIPT, $USERNAME, $HASHWORD, $EX, $message, $page, $config_file, 
+		   $ONESCRIPT_file, $ONESCRIPT_file_backup, $CONFIG_file, $CONFIG_file_backup;
 
 	// trim leading & trailing white-space from input values
 	$current_pass = trim($_POST['current_pw']);
@@ -1413,20 +1400,29 @@ function Change_PWUN_response($PWUN){ //****************************************
 	}else {
 		if ($PWUN == "pw") {
 			$search_for  = '$HASHWORD '; //include space after $HASHWORD
-			$success_msg = $EX.'<b>'.hsc($_['change_pw_01']).'</b>';
+			$success_msg = '<b>'.hsc($_['change_pw_01']).'</b>';
 			$HASHWORD = hashit($new_pwun);
 			$replace_with = '$HASHWORD = "'.$HASHWORD.'";';
 		}else { //$PWUN = "un"
 			$USERNAME = $new_pwun; 
 			$search_for  = '$USERNAME '; //include space after $USERNAME
-			$success_msg = $EX.'<b>'.hsc($_['change_un_01']).'</b>';
+			$success_msg = '<b>'.hsc($_['change_un_01']).'</b>';
 			$replace_with = '$USERNAME = "'.$USERNAME.'";';
 		}
 		
-		$updated = Update_config($search_for, $replace_with);
+		//If specified & it exists, update external config file.
+		//$config_file, lowercase name, is the user supplied config value, relative to $ONESCRIPT.
+		//$CONFIG_file, uppercase name, includes full filesystem path.
+		if ( isset($config_file) && is_file($CONFIG_file) ) {
+			$message .= $_['change_pw_05'].' '.$_['change_pw_06'].'. . . ';
+			$updated = Update_config($search_for, $replace_with, $CONFIG_file, $CONFIG_file_backup); 
+		}else{ //Update OneFileCMS
+			$message .= $_['change_pw_05'].' OneFileCMS . . . ';
+			$updated = Update_config($search_for, $replace_with, $ONESCRIPT_file, $ONESCRIPT_file_backup);
+		}
 		
-		if ($updated === false) { $message .= $error_msg.hsc($_['update_failed']); }
-		else                    { $message .= $success_msg; }
+		if ($updated === false) { $message .= $error_msg.hsc($_['update_failed']).'<br>'; }
+		else                    { $message .= $success_msg.'<br>'; }
 		
 		$page = "admin"; //Return to Admin page.
 	}
@@ -1520,39 +1516,11 @@ function Login_response() { //**************************************************
 
 
 
-function List_Files() { // ...in a vertical table ******************************
-//called from Index Page
-
-	global $_, $ONESCRIPT, $ipath, $param1, $ftypes, $fclasses, $excluded_list, 
-			$stypes, $SHOWALLFILES,	$SVG_icon_circle_x, $INPUT_NUONCE;
-
-	$files = scandir('./'.$ipath);
-	natcasesort($files);
-
-	//Mostly for old IE < 9
-	if (supports_svg()) {
-		$R = svg_icon_ren();
-		$C = svg_icon_copy();
-		$D = svg_icon_del();
-	}else{ //text "icons" for Rename, Copy, and Delete
-		$R = '<span class="RCD R">'.hsc($_['R']).'</span>';
-		$C = '<span class="RCD C">'.hsc($_['C']).'</span>';
-		$D = '<span class="RCD D">'.hsc($_['D']).'</span>';
-	}
-
-	echo '<form method="post" action="'.$ONESCRIPT.$param1.'&amp;p=mdaction">'.$INPUT_NUONCE;
-		echo '<input type="hidden" name="mdaction" value="mdaction">';
-		//echo '<LABEL><INPUT TYPE=radio NAME="action" VALUE="move" checked> '.hsc($_['Move']).'</LABEL> ';
-		echo '<input type="hidden" name="action" value="move">'; //Temp element until all else is ready.
-		//echo '<LABEL><INPUT TYPE=radio NAME="action" VALUE="copy"> '.hsc($_['Copy']).'</LABEL> '; //Not yet...
-		//echo '<LABEL><INPUT TYPE=radio NAME="action" VALUE="delete"> '.hsc($_['Delete']).'</LABEL> '; //Not yet...
-		echo '<input type="submit" class="button" id="md_submit" value="'.hsc($_['Move'].' '.$_['Selected_Files']).'" >';
+function Table_of_Files($files, $R, $C, $D) { //********************************
+	global $_, $ONESCRIPT, $ipath, $param1, $ftypes, $fclasses, $excluded_list, $stypes, $SHOWALLFILES;
 
 	echo '<table class="index_T">';
 
-//		echo '<tr><td colspan="7" class="action">';
-//		echo '</td></tr>';
-
 	$X = 1; //index for list of checkboxes;
 	foreach ($files as $file) {
 		
@@ -1581,9 +1549,9 @@ function List_Files() { // ...in a vertical table ******************************
 				<td class="rcd">
 					<a href="<?php echo $HREF_params.'&amp;p=delete' ?>" title="<?php echo hsc($_['Delete']) ?>" class="rcd1" >
 					<?php echo $D ?></a></td>
-				
+
 				<td class="ckbox"><INPUT TYPE=checkbox NAME="files[<?php echo $X++ ?>]" VALUE="<?php echo hsc($file) ?>"></td>
-				
+
 				<td class="file_name">
 					<?php echo '<a href="'.$HREF_params.'&amp;p=edit"  title="Edit">'; ?>
 					<?php echo show_icon($type).hte($file), '</a>'; ?>
@@ -1599,7 +1567,65 @@ function List_Files() { // ...in a vertical table ******************************
 <?php 
 		}//end if !is_dir...
 	}//end foreach file
-	echo '</table></form>';
+	echo '</table>';
+}//end Table_of_Files() //******************************************************
+
+
+
+function List_Files() { //******************************************************
+//called from Index Page
+	global $_, $ONESCRIPT, $ipath, $param1, $ftypes, $fclasses, $excluded_list, $INPUT_NUONCE;
+
+	$files = scandir('./'.$ipath);
+	natcasesort($files);
+
+	$no_files = true;
+	foreach ($files as $file) { if ( is_file($ipath.$file) ) { $no_files = false; break; } }
+	if ($no_files) {return 0;}
+
+	if (supports_svg()) {
+		$R = svg_icon_ren();
+		$C = svg_icon_copy();
+		$D = svg_icon_del();
+	}else{ //Text "icons" for Rename, Copy, and Delete. Mostly for old IE < 9
+		$R = '<span class="RCD R">'.hsc($_['R']).'</span>';
+		$C = '<span class="RCD C">'.hsc($_['C']).'</span>';
+		$D = '<span class="RCD D">'.hsc($_['D']).'</span>';
+	}
+
+	echo '<form method="post" name="mcdaction" action="'.$ONESCRIPT.$param1.'&amp;p=mcdaction">';
+	echo $INPUT_NUONCE;
+	echo '<input type="hidden" name="mcdaction" value="mcdaction">';
+
+	echo '<div class="action">';
+
+	//*The parameter for the Select_All() and Confirm_ready() javascript functions
+	// is the number of form elements before the first file select checkbox.
+	// As of Version 3.3.18, that number is 7.
+	$checkbox_offset = 7;
+	
+	if (supports_svg()) { //Checks if IE < 9. I don't even know if Select_All() works in IE 9+. Does IE have diff js or DOM? //#####
+		$select_all_attribs = 'TYPE=checkbox NAME=select_all id=select_all VALUE=select_all';
+		$select_all_input = '<INPUT '.$select_all_attribs.' onclick="Select_All('.$checkbox_offset.');">';
+		echo '<div id=select_all_div><LABEL for=select_all id=select_all_label>'.$_['Select_All'].'</LABEL></div>'.$select_all_input; //* //#####
+	}
+	
+	function input_mcd($mcd) {
+		return '<INPUT TYPE=radio NAME=action VALUE='.$mcd.' id='.$mcd.' onclick="Submit_btn_style(\''.$mcd.'\');">';
+	}
+	
+	echo '<LABEL id=move_label>'  .hsc($_['Move'])  .' '.input_mcd('move').'</LABEL> ';
+	echo '<LABEL id=copy_label>'  .hsc($_['Copy'])  .' '.input_mcd('copy').'</LABEL> ';
+	echo '<LABEL id=delete_label>'.hsc($_['Delete']).' '.input_mcd('delete').'</LABEL> ';
+	
+	echo '<input type=submit id=mcd_submit class=button value="'.hsc($_['Selected_Files']).
+		'" onclick="Confirm_ready('.$checkbox_offset.'); return false">'; //*
+	echo '</div>'; //end class=action
+	echo '<div class=clear></div>'; //clear select_all
+
+	Table_of_Files($files, $R, $C, $D);
+
+	echo '</form>';
 }//end List_Files() ************************************************************
 
 
@@ -1658,7 +1684,7 @@ function Edit_Page_buttons_top($text_editable,$file_ENC){ //********************
 				onclick="parent.location = '<?php echo $ONESCRIPT.$params ?>'">
 			<script>document.getElementById('close1').focus();</script>
 		</div>
-		<div style="clear:both"></div>
+		<div class=clear></div>
 	</div>
 <?php 
 }//end Edit_Page_buttons_top(){ //**********************************************
@@ -1731,7 +1757,7 @@ function Edit_Page_form($ext, $text_editable, $too_large_to_edit, $too_large_to_
 					echo hsc($_['edit_txt_03']).'<br>';
 					echo hsc($_['edit_txt_04']).'<br></pre>';
 				}else{
-					echo '<input type="hidden" name="filename" id="filename" value="'.hsc($filename).'">';
+					echo '<input type="hidden" name="filename" value="'.hsc($filename).'">';
 					echo '<textarea id="file_contents" name="contents" cols="70" rows="25"
 						onkeyup="Check_for_changes(event);">'.$filecontents.'</textarea>'.PHP_EOL;
 				}
@@ -1803,10 +1829,13 @@ function Edit_Page() { //*******************************************************
 
 	$too_large_to_view_message = 
 '<b>'.hsc($_['too_large_to_view_01a']).' '.number_format($MAX_VIEW_SIZE).' '.hsc($_['too_large_to_view_01b']).'</b><br>'.
-hsc($_['too_large_to_view_02']).'<br>'.hsc($_['too_large_to_view_03']).'<br>'.hsc($_['too_large_to_view_04']);
+hsc($_['too_large_to_view_02']).'<br>'.hsc($_['too_large_to_view_03']).'<br>';//.hsc($_['too_large_to_view_04']);
+
+	// Used to preserve vertical spacing, so edit area doesn't jump as much.
+	echo '<style>#message_box { min-height: 1.86em; }</style>';
 
 	echo '<h2 id="edit_header">'.$header2.' ';
-	echo '<a class="filename" href="/'.URLencode_path($filename).'" target="_blank">'.hte(basename($filename)).'</a>';
+	echo '<a class="h2_filename" href="/'.URLencode_path($filename).'" target="_blank">'.hte(basename($filename)).'</a>';
 	echo '</h2>'.PHP_EOL;
 
 	Edit_Page_buttons_top($text_editable, $file_ENC);
@@ -1815,7 +1844,7 @@ function Edit_Page() { //*******************************************************
 	
 	if ( in_array( $ext, $itypes) ) { show_image(); }
 
-	echo '<div style="clear:both"></div>';
+	echo '<div class=clear></div>';
 
 	if     ( $text_editable && $too_large_to_view ) {
 		echo '<p class="edit_disabled">'.$too_large_to_view_message.'</p>';
@@ -1839,9 +1868,9 @@ function Edit_response(){ //***If on Edit page, and [Save] clicked *************
 	$bytes = file_put_contents($filename, $contents);
 
 	if ($bytes !== false) {
-		$message .= '<b>'.hsc($_['edit_msg_01']).' '.$bytes.' '.hsc($_['edit_msg_02']).'</b><br>';
+		$message .= '<b>'.hsc($_['edit_msg_01']).' '.number_format($bytes).' '.hsc($_['edit_msg_02']).'</b><br>';
 	}else{
-		$message .= $EX.'<b>'.hsc($_['edit_msg_03']).'</b>';
+		$message .= $EX.'<b>'.hsc($_['edit_msg_03']).'</b><br>';
 	}
 }//end Edit_response() *********************************************************
 
@@ -1904,17 +1933,18 @@ function Upload_response() { //*************************************************
 	else                  { $ERRMSG = ''; }
 
 	if (($filename == "")){ 
-		$message .= $EX.'<b>'.hsc($_['upload_msg_01']).'</b>';
+		$message .= $EX.'<b>'.hsc($_['upload_msg_01']).'</b><br>';
 	}elseif (($destination != "") && !is_dir($destination)) {
-		$message .= $EX.hsc($_['upload_msg_02']).'<br><b>';
-		$message .= hte($WEB_ROOT.$destination).'</b><br>'.hsc($_['upload_msg_03']).'</b>';
+		$message .= $EX.'<b>'.hsc($_['upload_msg_02']).'</b><br>';
+		$message .= '<span class="filename">'.hte($WEB_ROOT.$destination).'</span></b><br>'.hsc($_['upload_msg_03']).'</b><br>';
 	}else{
-		$message .= hsc($_['upload_msg_04']).' "<b>'.hte($filename).'</b>"...';
+		$message .= '<b>'.hsc($_['upload_msg_04']).'</b> <span class="filename">'.hte($filename).'</span><br>';
 		$savefile = ordinalize($destination, $filename, $savefile_msg);
+		
 		if(move_uploaded_file($_FILES['upload_file']['tmp_name'], $savefile)) {
-			$message .= '<br>'.hsc($_['upload_msg_05']).' '.$savefile_msg;
+			$message .= '<b>'.hsc($_['upload_msg_05']).'</b> '.$savefile_msg.'<br>';
 		} else{
-			$message .= '<br>'.$EX.'<b>'.hsc($_['upload_msg_06']).'</b> '.$ERRMSG.'';
+			$message .= '<b>'.$EX.'<b>'.hsc($_['upload_msg_06']).' '.$ERRMSG.'</b><br>';
 		}
 	}
 }//end Upload_response() *******************************************************
@@ -2046,38 +2076,46 @@ function Copy_Ren_Move_response($old_name, $new_name, $action, $msg1, $msg2, $is
 	$new_name = trim($new_name,'/ ');
 	$new_location = dirname($new_name);
 	$param2 = '';
-	$err_msg = ''; //On error, set this message.
-	$scs_msg = ''; //On success, set this message.
+	$err_msg = ''; //Error message. Set below as needed.
+	$scs_msg = ''; //Success message. Set below as needed.
+
+	$msg_from = hte($_['CRM_txt_03']);
+	$msg_to   = hte($_['CRM_txt_04']);
+	if ($action == "rename") {
+		$msg_from = hte($_['CRM_txt_03']);
+		$msg_to   = hte($_['CRM_txt_04']);
+	}
 	
 	if ( !is_dir($new_location) ) {
-		$err_msg  = $EX.'<b>'.$msg1.' '.hsc($_['CRM_msg_01']).'</b><br>';
-		$err_msg .= hte($WEB_ROOT.$new_location).'/<br>';
+		$err_msg .= $EX.'<b>'.$msg1.' '.hsc($_['CRM_msg_01']).'</b><br>';
+		$err_msg .= '<span class="filename">'.hte($WEB_ROOT.$new_name).'/</span><br>';
 		$error = 1; //0= no error, 1 = an error.
 	}elseif ( !file_exists($old_name) ) {
-		$err_msg  = $EX.'<b>'.$msg1.' '.hsc($_['CRM_msg_02']).'</b><br>';
-		$err_msg .= hte($filename);
+		$err_msg .= $EX.'<b>'.$msg1.' '.hsc($_['CRM_msg_02']).'</b><br>';
+		$err_msg .= '<span class="filename">'.hte($WEB_ROOT.$old_name).'</span><br>';
 		$error = 1;
 	}elseif ( file_exists($new_name) ) {
-		$err_msg  = $EX.'<b>'.$msg1.' '.hsc($_['CRM_msg_03']).'</b><br>';
-		$err_msg .= hte($WEB_ROOT.$new_name).'<br>';
+		$err_msg .= $EX.'<b>'.$msg1.' '.hsc($_['CRM_msg_03']).'</b><br>';
+		$err_msg .= '<span class="filename">'.hte($WEB_ROOT.$new_name).'</span><br>';
 		$error = 1;
 	}elseif ($action($old_name, $new_name)) {
-		$scs_msg  = hte($WEB_ROOT.$old_name).'<br>';
-		$scs_msg .= '<b> --- '.$msg2.' '.hsc($_['CRM_msg_04']).' ---</b><br>';
-		$scs_msg .= hte($WEB_ROOT.$new_name).'<br>';
+		$scs_msg .= '<b>'.$msg1.' '.$_['successful'].'</b><br>';
+		$scs_msg .= '<div id="message_left">'.hte($_['From']).'<br>'.hte($_['To']).'</div>';
+		$scs_msg .= '<b>: </b><span class="filename">'.hte($WEB_ROOT.$old_name).'</span><br>';
+		$scs_msg .= '<b>: </b><span class="filename">'.hte($WEB_ROOT.$new_name).'</span><br>';
 		if ($isfile) { $ipath = Check_path(dirname($new_name)); } //if file
 		else         { $ipath = Check_path($new_name); }          //if folder
 		$param1   = '?i='.URLencode_path($ipath);
 		$error = 0;
 	}else{
-		$err_msg  = hte($WEB_ROOT.$old_name).'<br>';
-		$err_msg  = $EX.'<b>'.hsc($_['CRM_msg_05a']).' '.$msg1.' '.hsc($_['CRM_msg_05b']).'</b><br>';
-		$err_msg .= hte($WEB_ROOT.$new_name).'<br>';
+		$err_msg .= '<span class="filename">'.hte($WEB_ROOT.$old_name).'</span><br>';
+		$err_msg .= $EX.'<b>'.hsc($_['CRM_msg_05a']).' '.$msg1.' '.hsc($_['CRM_msg_05b']).'</b><br>';
+		$err_msg .= '<span class="filename">'.hte($WEB_ROOT.$new_name).'</span><br>';
 		$error = 1;
 	}
 	
-	if ($show_message & 1) { $message .= $err_msg; } //Show error message.
-	if ($show_message & 2) { $message .= $scs_msg; } //Show success message.
+	if (($show_message & 1) == 1) { $message .= $err_msg; } //Show error message.
+	if (($show_message & 2) == 2) { $message .= $scs_msg; } //Show success message.
 	return $error; //
 }//end Copy_Ren_Move_response() ************************************************
 
@@ -2100,18 +2138,23 @@ function Delete_File_Page() { //************************************************
 
 
 
-function Delete_File_response(){ //*********************************************
+function Delete_File_response($del_file = "", $show_message = 3){ //************
 	global $_, $filename, $message, $EX, $page, $ipath, $param1, $param2;
 
+	if ($del_file == "") { $del_file = $_POST["delete_file"]; }
 	$page = "index"; //Return to index
-	$filename = $_POST["delete_file"];
+	$err_msg = ''; //On error, set this message.
+	$scs_msg = ''; //On success, set this message.
 
-	if (unlink($filename)) {
-		$message .= '<b>'.hsc($_['delete_msg_01']).' '.hte(basename($filename)).'</b><br>';
+
+	if (unlink($del_file)) {
+		$scs_msg .= '<b>'.hsc($_['delete_msg_01']).'</b> <span class="filename">'.hte(basename($del_file)).'</span><br>';
 		$filename = "";
+		$error = 0; //0= no error, 1 = an error.
 	}else{
-		$message .= $EX.'<b>'.hsc($_['delete_msg_02']).' "'.hte($filename).'"</b>.<br>';
-		$page = "edit";
+		$err_msg .= $EX.'<b>'.hsc($_['delete_msg_02']).'</b> <span class="filename">"'.hte($del_file).'"</span>.<br>';
+		$page = $_SESSION['recent_pages'][1];
+		$error = 1;
 	}
 
 	//If came to Delete from admin page, restore admin_ipath & return to admin.
@@ -2121,6 +2164,10 @@ function Delete_File_response(){ //*********************************************
 		$param1 = '?i='.URLencode_path($ipath);
 		$param2 = "";
 	}
+
+	if ($show_message & 1) { $message .= $err_msg; } //Show error message.
+	if ($show_message & 2) { $message .= $scs_msg; } //Show success message.
+	return $error; //
 }//end Delete_File_response() **************************************************
 
 
@@ -2143,7 +2190,7 @@ function New_Folder_Page() { //*************************************************
 
 
 function New_Folder_response(){ //**********************************************
-	global $_, $ipath, $param1, $page, $message, $EX, $INVALID_CHARS, $INVALID_CHARS_array;
+	global $_, $WEB_ROOT, $ipath, $param1, $page, $message, $EX, $INVALID_CHARS, $INVALID_CHARS_array;
 
 	$new_name = trim($_POST["new_folder"],'/ '); //Trim spaces, and make sure only has a single trailing slash.
 
@@ -2156,21 +2203,20 @@ function New_Folder_response(){ //**********************************************
 	$new_ipath = $ipath.$new_name.'/';
 
 	if ($invalid){
-		$message .= $EX.'<b>'.hsc($_['new_folder_msg_01']).'</b> '.hte($new_name).'<br>'.
-			'<b>'.hsc($_['new_folder_msg_02']).
-			' <span class="mono">'.hte($INVALID_CHARS).'</span></b>';
+		$message .= $EX.'<b>'.hsc($_['new_folder_msg_01']).'</b> <span class="filename">'.hte($new_name).'</span><br>';
+		$message .= '<b>'.hsc($_['new_folder_msg_02']).' <span class="mono">'.hte($INVALID_CHARS).'</span></b>';
 	}elseif ($new_name == ""){ 
 		$message .= $EX.'<b>'.hsc($_['new_folder_msg_03']).'</b>';
 	}elseif (is_dir($new_ipath)) {
-		$message .= $EX.'<b>'.hsc($_['new_folder_msg_04']).' ';
-		$message .= hte($new_ipath).'</b>';
+		$message .= $EX.'<b>'.hsc($_['new_folder_msg_04']).' </b>';
+		$message .= '<span class="filename">'.hte($WEB_ROOT.$new_ipath).'</span><br>';
 	}elseif (mkdir($new_ipath)) {
-		$message .= '<b>'.hsc($_['new_folder_msg_05']).'</b> '.hte($new_name);
+		$message .= '<b>'.hsc($_['new_folder_msg_05']).'</b> <span class="filename">'.hte($new_name).'</span><br>';
 		$ipath    = $new_ipath;  //return to new folder
 		$param1   = '?i='.URLencode_path($ipath);
 	}else{
-		$message .= $EX.'<b>'.hsc($_['new_folder_msg_06']).' </b><br>';
-		$message .= hte($new_name);
+		$message .= $EX.'<b>'.hsc($_['new_folder_msg_06']).':</b><br>';
+		$message .= '<span class="filename">'.hte($new_name).'</span><br>';
 	}
 }//end New_Folder_response *****************************************************
 
@@ -2205,30 +2251,39 @@ function Delete_Folder_response() { //******************************************
 		$message .= $EX.'<b>'.hsc($_['delete_folder_msg_01']).'</b>';
 		$page = "index";
 	}elseif (@rmdir($foldername)) {
-		$message .= '<b>'.hsc($_['delete_folder_msg_02']).'</b> '.hte(basename($foldername));
+		$message .= '<b>'.hsc($_['delete_folder_msg_02']).'</b> ';
+		$message .= '<span class="filename">'.hte(basename($foldername)).'</span></br>';
 		$ipath  = Check_path($foldername); //Return to parent dir.
 		$param1 = '?i='.URLencode_path($ipath);
 	}else {
-		$message .= $EX.'<b>"'.hte($foldername).'/"</b> '.hsc($_['delete_folder_msg_03']);
+		$message .= $EX.'<b><span class="filename">"'.hte($foldername).'/"</span></b> '.hsc($_['delete_folder_msg_03']);
 	}
 }//end Delete_Folder_response() ************************************************
 
 
 
 
-function MD_Action_Page() { //**************************************************
-	global $_, $WEB_ROOT, $ONESCRIPT, $ipath, $param1, $page, $ONEFILECMS, $INPUT_NUONCE, $message;
+function MCD_Page() { //********************************************************
+	global $_, $WEB_ROOT, $ONESCRIPT, $ipath, $param1, $INPUT_NUONCE;
 
-	if ($_POST['action'] == 'delete')   {
-		$page_title = hsc($_['page_title_del']);
-		$button     = hsc($_['Del_Files']);
-		$classes    = "verify verify_del";
-		$action     = 'md_action_del';
-	}else { //$_POST['action'] == 'move'
+	$focus = 'new_location';
+
+	if ($_POST['action'] == 'move')   {
 		$page_title = hsc($_['page_title_mov']);
 		$button     = hsc($_['Move_Files']);
 		$classes    = "verify";
-		$action     = 'md_action_mov';
+		$action     = 'mcd_mov';
+	}elseif ($_POST['action'] == 'copy'){
+		$page_title = hsc($_['page_title_copy']);
+		$button     = hsc($_['Copy_Files']);
+		$classes    = "verify";
+		$action     = 'mcd_cpy';
+	}else { //$_POST['action'] == 'delete'
+		$page_title = hsc($_['page_title_del']);
+		$button     = hsc($_['Del_Files']);
+		$classes    = "verify verify_del";
+		$action     = 'mcd_del';
+		$focus      = 'cancel';
 	}
 
 	Set_Input_width();
@@ -2250,71 +2305,76 @@ function MD_Action_Page() { //**************************************************
 		}
 		echo '</table>';
 		
-		if ($_POST['action'] == 'move')   {
-			echo '<label for="moveto">'.hsc($_['New_location']).'</label> ('.hsc($_['CRM_txt_02']).')<br>';
+		if ($_POST['action'] != 'delete')  {
+			echo '<label for="new_location">'.hsc($_['New_location']).'</label> ('.hsc($_['CRM_txt_02']).')<br>';
 			echo '<span class="web_root">'.hte($WEB_ROOT).'</span>';
-			echo '<input type="text" name="moveto" id="moveto" value="'.hsc($ipath).'">';
-			
-		}elseif ($_POST['action'] == 'copy')   {
-			;  //Coming soon to a computer near you! //#####
-		}else{ // $_POST['action'] == 'delete'
-			;  //Coming soon to a computer near you! //#####
+			echo '<input type="text" name="new_location" id="new_location" value="'.hsc($ipath).'">';
 		}
 			
 		echo '<p><b>'.hsc($_['delete_txt_01']).'</b></p>'; //"Are you sure?"
-		Cancel_Submit_Buttons(hsc($button), "moveto");
+		Cancel_Submit_Buttons(hsc($button), $focus);
 	echo '</form>';
 
-} //end MD_Action_Page() *******************************************************
+} //end MCD_Page() *************************************************************
 
 
 
 
-function MD_Action_mov() { //***************************************************
+function MCD_response($action) { //*********************************************
 	global $_, $WEB_ROOT, $ipath, $param1, $param2, $param3, $message, $EX, $filename;
 
-	$new_location = trim($_POST['moveto'],'/').'/'; //make sure no leading, and only 1 trailing, slash.
-	$md_ipath = $ipath; //$Copy_Ren_Move_response() changes $ipath to $new_location
 	$files    = $_POST['files']; //List of files to delete (path not included)
 	$count    = count($files);
-	$errors   = 0; //number of failed moves
+	$errors   = 0; //number of failed moves or copies
 
-	if ( !is_dir($new_location) ){
-		$message .= $EX.'<b> '.hsc($_['upload_msg_02']).'</b><br>';
-		$message .= hte($WEB_ROOT.$new_location).'<br>';
-		return;
+	if     ($action == 'rename') { //rename = move
+		$msg1 = hsc($_['Ren_Move']); $msg2 = hsc($_['Ren_Moved']);
+		$success_msg = hsc($_['mcd_msg_01']);
 	}
+	elseif ($action == 'copy') {
+		$msg1 = hsc($_['Copy']);     $msg2 = hsc($_['Copied']);
+		$success_msg = hsc($_['mcd_msg_02']);
+	}else{//$action == delete
+		$success_msg = hsc($_['mcd_msg_03']);
+	}
+
+	$isfile = 1;
+	$show_message = 1; //1= show error msg only. 2= show success msg only. 3= show all msg's.
 
-	foreach ($files as $file){
-		$old_name = $md_ipath.$file;
-		$new_name = $new_location.$file;
-		$action   = 'rename';
-		$msg1     = hsc($_['Ren_Move']);
-		$msg2     = hsc($_['Ren_Moved']);
-		$isfile   = 1;
-		$show_msg = 1; //1= show error msg only. 2= show success msg only. 3= show all msg's.
-		$errors  += Copy_Ren_Move_response($old_name, $new_name, $action, $msg1, $msg2, $isfile, $show_msg);
+	if ($action == 'delete') {
+		foreach ($files as $file){
+			$errors += Delete_File_response($ipath.$file, $show_message);
+		}
+	}else { //move or copy
+		$mcd_ipath = $ipath; //$Copy_Ren_Move_response() changes $ipath to $new_location
+		$new_location = trim($_POST['new_location'],'/').'/'; //make sure no leading, and only 1 trailing, slash.
+		if ( !is_dir($new_location) ){
+			$message .= $EX.'<b> '.hsc($_['upload_msg_02']).'</b><br>';
+			$message .= '<span class="filename">'.hte($WEB_ROOT.$new_location).'</span><br>';
+			return;
+		}
+		
+		foreach ($files as $file){
+			$old_name = $mcd_ipath.$file;
+			$new_name = $new_location.$file;
+			$errors  += Copy_Ren_Move_response($old_name, $new_name, $action, $msg1, $msg2, $isfile, $show_message);
+		}
 	}
 
 	$successful = $count - $errors;
 	
 	if ($errors) { $message .= $EX.' <b>'.$errors.' '.hsc($_['errors']).'.</b> '; }
 	
-	$message .= '<b>'.$successful.' '.hsc($_['md_mov_01']).'</b><br>';
+	$message .= '<b>'.$successful.' '.$success_msg.'</b><br>';
 
-	if ($successful != 0) { //if all errors, don't bother...
-		$message .= '<b>'.hsc($_['Old_location']).':</b> '.hsc($WEB_ROOT).$md_ipath.'<br>';
-		$message .= '<b>'.hsc($_['New_location']).':</b> '.hsc($WEB_ROOT).$ipath.'<br>';
+	if ($action != 'delete') {
+		if ($successful != 0) { //if all errors, don't bother...
+			$message .= '<div id="message_left"><b>'.hsc($_['From']).'<br>'.hsc($_['To']).'</b></div>';
+			$message .= '<b>:</b><span class="filename"> '.hsc($WEB_ROOT).$mcd_ipath.'</span><br>';
+			$message .= '<b>:</b><span class="filename"> '.hsc($WEB_ROOT).$ipath.'</span><br>';
+		}
 	}
-}//end MD_Action_mov() *********************************************************
-
-
-
-
-function MD_Action_del() { //***************************************************
-	global $EX, $message;
-	$message .= 'Sorry, not ready yet, but "Coming soon" to a computer near you!<br>'; //#####
-}//end MD_Action_del() *********************************************************
+}//end MCD_response() **********************************************************
 
 
 
@@ -2360,7 +2420,7 @@ function Load_Selected_Page(){ //***********************************************
 	elseif ($page == "newfolder")    { New_Folder_Page();     }
 	elseif ($page == "renamefolder") { Copy_Ren_Move_Page(hsc($_['Ren_Move']), hsc($_['Folder']), 'rename_folder', 0); }
 	elseif ($page == "deletefolder") { Delete_Folder_Page();  }
-	elseif ($page == "mdaction")     { MD_Action_Page();      }
+	elseif ($page == "mcdaction")    { MCD_Page();            }
 	else                             { Login_Page();          } //default
 }//end Load_Selected_Page() ****************************************************
 
@@ -2372,17 +2432,18 @@ function Respond_to_POST() {//**************************************************
 
 	if ($VALID_POST) { 
 		if (isset($_FILES['upload_file']['name']))  { Upload_response();     }
-		elseif     ($page == "mdaction") { 
-			//There must be at least one 'file', and 'action' must = "move" or "delete"
-			if (!isset($_POST['mdaction']     )) { $page = "index"; }
-			if (!isset($_POST['files']) ) { $page = "index"; }
-			if (!isset($_POST['action'])) { $page = "index"; }
-			if ( isset($_POST['action']) && ($_POST['action'] != "move") && ($_POST['action'] != "delete") ) {
+		elseif     ($page == "mcdaction") {
+			//There must be at least one 'file', and 'action' must = "move", "copy", or "delete"
+			if (!isset($_POST['mcdaction'] )) { $page = "index"; }
+			if (!isset($_POST['files']) )     { $page = "index"; }
+			if (!isset($_POST['action']))     { $page = "index"; }
+			if ( isset($_POST['action']) && ($_POST['action'] != "move") && ($_POST['action'] != "copy") && ($_POST['action'] != "delete") ) {
 				$page = "index";
 			}
 		}
-		elseif (isset($_POST["md_action_mov"])) { MD_Action_mov();           }
-		elseif (isset($_POST["md_action_del"])) { MD_Action_del();           }
+		elseif (isset($_POST["mcd_mov"]      )) { MCD_response('rename');    } //move == rename
+		elseif (isset($_POST["mcd_cpy"]      )) { MCD_response('copy');      }
+		elseif (isset($_POST["mcd_del"]      )) { MCD_response('delete');    }
 		elseif (isset($_POST["whattohash"]   )) { Hash_response();           }
 		elseif (isset($_POST["pw"]           )) { Change_PWUN_response('pw');}
 		elseif (isset($_POST["un"]           )) { Change_PWUN_response('un');}
@@ -2401,16 +2462,16 @@ function Respond_to_POST() {//**************************************************
 
 
 
-function Timer_scripts() { //***************************************************
-	global $_, $page, $TO_WARNING;
+function common_scripts() { //**************************************************
+	global $_, $TO_WARNING;
 	
-	$timeout_warning = '<p><b>'.hsc($_['session_warning']).'</b></p>';
+	$timeout_warning = '<div id="message_box_contents"><b>'.hsc($_['session_warning']).'</b>';
 ?>
 <script>
-//pad() is also used by the Time_Stamp_scripts()
 function pad(num){ if ( num < 10 ){ num = "0" + num; }; return num; }
 
 
+
 function FormatTime(Seconds) {
 	var Hours = Math.floor(Seconds / 3600); Seconds = Seconds % 3600;
 	var Minutes = Math.floor(Seconds / 60); Seconds = Seconds % 60;
@@ -2421,6 +2482,7 @@ function FormatTime(Seconds) {
 }
 
 
+
 function Countdown(count, End_Time, Timer_ID, Timer_CLASS, Action){
 	var Timer        = document.getElementById(Timer_ID);
 	var Current_Time = Math.round(new Date().getTime()/1000); //js uses milliseconds
@@ -2430,7 +2492,7 @@ function Countdown(count, End_Time, Timer_ID, Timer_CLASS, Action){
 	Timer.innerHTML = FormatTime(count);
 
 	if ( (count < <?php echo $TO_WARNING ?>) && (Action != "") ) { //Two minute warning...
-		document.getElementById('message').innerHTML = "<?php echo addslashes($timeout_warning) ?>";
+		document.getElementById('message_box').innerHTML = "<?php echo addslashes($timeout_warning) ?>";
 		Timer.style.backgroundColor = "white";
 		Timer.style.color = "red";
 		Timer.style.fontWeight = "900";
@@ -2448,6 +2510,7 @@ function Countdown(count, End_Time, Timer_ID, Timer_CLASS, Action){
 }
 
 
+
 function Start_Countdown(count, ID, CLASS, Action){
 	document.write('<span id="' + ID + '"  class="' + CLASS + '"></span>');
 
@@ -2456,17 +2519,9 @@ function Start_Countdown(count, ID, CLASS, Action){
 
 	Countdown(count, Time_End, ID, CLASS, Action); //(seconds to count, id of element)
 }
-</script>
-<?php 
-}//end Timer_scripts() *********************************************************
-
 
 
 
-function Time_Stamp_scripts() { //**********************************************
-?>
-<script>//Dispaly file's timestamp in user's local time 
-
 function FileTimeStamp(php_filemtime, show_date, show_offset){
 
 	//php's filemtime returns seconds, javascript's date() uses milliseconds.
@@ -2502,9 +2557,84 @@ function FileTimeStamp(php_filemtime, show_date, show_offset){
 	document.write( DATETIME );
 
 }//end FileTimeStamp(php_filemtime)
+
+
+
+function Select_All(list_offset) {
+	//list_offset = Number of form elements before file select checkboxes.
+
+	select_all_label = document.getElementById('select_all_label');
+	var   files = document.mcdaction.elements; //Actually only from elemements[list_offset] to last element.
+	var   last  = files.length - 1; //number of files & checkboxes
+	var   select_all = document.mcdaction.select_all;
+	
+	if (select_all.checked) {
+		select_all_label.innerHTML = '<?php echo addslashes($_['Clear_All']) ?>';
+	}else{
+		select_all_label.innerHTML = '<?php echo addslashes($_['Select_All']) ?>';
+	}
+	
+	for (var x = list_offset; x <= last ; x++) { files[x].checked = select_all.checked; }
+}
+
+
+
+function Submit_btn_style(option) {
+	if (option == "move")   {bc = "brown";}
+	if (option == "copy")   {bc = "green";}
+	if (option == "delete") {bc = "red";}
+	
+	//Reset current border colors.
+	document.getElementById("move_label"  ).style.borderColor = 'transparent';
+	document.getElementById("copy_label"  ).style.borderColor = 'transparent';
+	document.getElementById("delete_label").style.borderColor = 'transparent';
+
+	//Set Submit button border color
+	document.getElementById("mcd_submit").style.borderColor = bc;
+
+	//Set option label border color
+	document.getElementById(option + "_label").style.borderColor  = bc;
+}
+
+
+
+function Confirm_ready(list_offset){
+	//list_offset = Number of form elements before file select checkboxes.
+	
+	is_move    = document.getElementById("move").checked;
+	is_copy    = document.getElementById("copy").checked;
+	is_delete  = document.getElementById("delete").checked;
+	
+	var   files = document.mcdaction.elements; //Actually files only = from elemements[offset] to last element.
+	var   last  = files.length - 1; //number of files & checkboxes
+	
+	file_selected = false;
+	for (var x = list_offset; x <= last ; x++) { //find first checked file.
+		if (files[x].checked == true) { file_selected = true; break; } 
+	}
+	f_msg = "";
+	if (!file_selected) { f_msg = "<?php echo addslashes($_['No_files']) ?>\n"; }
+	
+	action_selected = false;
+	if (is_move)   { action_selected = true; }
+	if (is_copy)   { action_selected = true; }
+	if (is_delete) { action_selected = true; }
+	
+	a_msg = "";
+	if (!action_selected) { a_msg = '<?php echo addslashes($_['No_action']) ?>'; }
+	
+	if (file_selected && action_selected) { this.submit(); }
+	
+	alert(f_msg + a_msg);
+	
+	//At this point, don't submit.  However...
+	//This line doesn't work here - form still submits. Don't know why...
+	return false;
+}
+
 </script>
 <?php 
-}//end Time_Stamp_scripts() ****************************************************
+}//end common_scripts() ********************************************************
 
 
 
@@ -2617,7 +2747,7 @@ function Check_for_changes(event){
 		var keycode=event.keyCode? event.keyCode : event.charCode;
 		changed = (File_textarea.value != start_value);
 		if (changed){
-			document.getElementById('message').innerHTML = " "; // Must have a space, or it won't clear the msg.
+			document.getElementById('message_box').innerHTML = " "; // Must have a space, or it won't clear the msg.
 			File_textarea.style.backgroundColor    = "#Fee";//light red
 			Save_File_button.style.backgroundColor ="#Fee";
 			Save_File_button.style.borderColor = "#Faa";  //less light red
@@ -2667,7 +2797,7 @@ function style_sheet(){ //******************************************************
 
 p, table, ol { margin-bottom: .6em;}
 
-div { position: relative; }
+/* div { position: relative; } *//*Causes trouble with message_box*/
 
 h1,h2,h3,h4,h5,h6 { font-weight: bold; }
 h2, h3 { font-size: 1.2em; margin: .5em 1em .5em 0; } /*TRBL*/
@@ -2686,7 +2816,7 @@ function style_sheet(){ //******************************************************
 a:hover { border: 1px solid #807568; background-color: rgb(255,250,150); }
 a:focus { border: 1px solid #807568; background-color: rgb(255,250,150); }
 
-label { display: inline-block; font-size : 1em; font-weight: bold; }
+label { font-size : 1em; font-weight: bold; }
 
 pre {
 	background: white;
@@ -2720,7 +2850,8 @@ function style_sheet(){ //******************************************************
 	padding: .1em;
 	}
 
-.filename {
+
+.h2_filename {
 	border: 1px solid #807568;
 	padding: .1em .2em .1em .2em;
 	font-weight: 700;
@@ -2728,28 +2859,40 @@ function style_sheet(){ //******************************************************
 	background-color: #EEE;
 	}
 
-#message { margin-bottom: .5em;}
 
-#message p {
-	margin: 0;
-	padding: 4px 0px 4px .5em;
-	border: 1px solid #807568;
-	Xfont-family: courier;
-	font-size: 1em;
-	line-height: 1.2em;
-	background: #fff000;
+#message_box { border: none; margin: 0 0 .5em 0; padding: 0; }
+
+#message_box_contents { border: 1px solid gray; padding: 4px; background: #FFF000; }
+
+#message_box #message_left {
+	float  : left;
+	margin : 0;
+	padding: 0;
+	border : none; 
+	font-weight : 900;
 	}
 
-#message #Xbox { float: right; }
+#message_box  #X_box {
+	display: block;
+	float  : right;
+	margin : 0;
+	padding: 0 2px 0 3px;
+	border : 1px solid gray;
+	font   : 16pt courier;
+	line-height: 18px;
+	background : #EEE;
+	}
 
-#message #dismiss { padding: 5px 4px 5px 4px; border-right: none; } /*TRBL*/ /*font-family: Courier; font-size: 1.2em;*/
+#message_box  #X_box:hover {background-color: rgb(255,250,150);}
+#message_box  #X_box:focus {background-color: rgb(255,250,150);}
 
+.filename { font-family: courier; }
 
 /* --- INDEX directory listing, table format --- */
 table.index_T {
 	min-width: 30em;
 	font-size: .95em;
-	border         : 1px outset gray;
+	border         : 1px outset #807568;
 	border-collapse: collapse;
 	margin-bottom: .7em;
 	background-color: #FdFdFd;
@@ -2774,9 +2917,7 @@ function style_sheet(){ //******************************************************
 .index_T td a.rcd1 { padding: .2em .3em .3em .3em; }
 
 .file_name { min-width: 10em; }
-
 .file_size { min-width:  6em; }
-
 .file_time { min-width: 15em; }
 
 .meta_T {
@@ -2995,6 +3136,8 @@ function style_sheet(){ //******************************************************
 
 #admin {padding: .3em;}
 
+.clear {clear:both; padding: 0; margin: 0; border: none}
+
 .web_root {font: 1em Courier;}
 
 .icon {float: left; margin: 0 .3em 0 0;}
@@ -3022,7 +3165,7 @@ function style_sheet(){ //******************************************************
 
 #upload_file { margin-bottom: .6em; }
 
-#old_backup_T { float: left; margin-bottom: .3em; }
+.old_backup_T { float: left; margin-bottom: .3em; }
 
 #del_backup   { float: left; margin-left  :  1em; }
 
@@ -3033,13 +3176,31 @@ function style_sheet(){ //******************************************************
 .D   {color: #a00;    border-color: #a00}
 
 /**/
-td.ckbox {padding: 2px 4px 0 4px}
-td.ckbox:hover { background-color: rgb(255,250,150); }
-td.ckbox:focus { background-color: rgb(255,250,150); }
+.ckbox {padding: 2px 4px 0 4px}
+.ckbox:hover { background-color: rgb(255,250,150); }
+.ckbox:focus { background-color: rgb(255,250,150); }
+
+.action        { margin-bottom: .1em; }
+.action  label {
+	font: 400 .9em arial;
+	color: #333;
+	margin-bottom  : .1em;
+	margin-right: .6em;
+	padding: 3px;
+	border: 1px dotted transparent;
+	}
+
+#select_all { margin: 0 2em 0 0; }
+
+#select_all_div {
+	float  : left;
+	width  : 73px;
+	padding: 2px 0 0 0;
+	}
 
-.action        { padding: .2em 0 .2em .3em; }
-.action  label { font: 400 .9em arial; margin-right: 1em; }
-#md_submit { margin: 0 0 .2em 0; padding: 3px 5px; color: rgb(100,45,0); }
+#select_all_label { font-size: .84em;}
+
+#mcd_submit { padding: 2px 5px; color: rgb(100,45,0); }
 </style>
 <?php 
 }//end style_sheet() ***********************************************************
@@ -3070,6 +3231,9 @@ function Language_and_config_adjusted_styles() {//******************************
 .edit_btns_bottom .button {
 	margin-left: <?php echo $_['button_margin_L'] ?>; /*Default is .5em*/
 	}
+	
+	#select_all_label { font-size: <?php echo $_['select_all_label_size']?>; }
+	#select_all_div   { width: <?php echo $_['select_all_div_width']?>; }
 </style>
 <?php
 }//end Language_and_config_adjusted_styles() //*********************************
@@ -3127,7 +3291,8 @@ function Language_and_config_adjusted_styles() {//******************************
 
 	//If editing OneFileCMS itself, show red message box with white text.
 	elseif ($filename == trim(rawurldecode($ONESCRIPT), '/')) { 
-		$message .= '<style>#message p {background: red; color: white;}</style>';
+		$message .= '<style>#message_box_contents {background: red;}</style>';
+		$message .= '<style>#message_box          {color: white;}   </style>';
 		$message .= $EX.'<b>'.hsc($_['edit_caution_01']).' '.$EX.hsc($_['edit_caution_02']).'</b><br>';
 	}
 	//end Verify a few $page restrictions ************
@@ -3141,8 +3306,8 @@ function Language_and_config_adjusted_styles() {//******************************
 
 //Don't show path header or admin link on some pages.
 $Show_header_and_Admin = true;
-$pages_to_show_admin = array("login","admin","hash","changepw","changeun");
-if ( $Editing_OFCMS || in_array($page, $pages_to_show_admin) ){
+$pages_dont_show_admin = array("login","admin","hash","changepw","changeun");
+if ( $Editing_OFCMS || in_array($page, $pages_dont_show_admin) ){
 	$Show_header_and_Admin = false;
 }
 
@@ -3170,9 +3335,7 @@ function Language_and_config_adjusted_styles() {//******************************
 
 <?php Language_and_config_adjusted_styles() ?>
 
-<?php Timer_scripts() ?>
-
-<?php if ( ($page == "index") || ($page == "edit") ) { Time_Stamp_scripts(); } ?>
+<?php common_scripts() ?>
 
 </head>
 <body>

From 0f2bb5bf44ee2da38f6cfda87acf4fbfe060c68e Mon Sep 17 00:00:00 2001
From: David <selfevidenttruths@mail.com>
Date: Thu, 30 Aug 2012 15:15:00 -0400
Subject: [PATCH 139/228] Version 3.4.0 Minor improvment to
 Error_reporting_and_early_output(). Modified svg icon for copy. In generating
 HTML output, now just echo everying, instead of dropping out of php mode.
 URLencode_path() needed on a $params string. Updated readme & _structure.txt
 A couple other minor ADOCD adjustments. Or maybe the're OCADD...

---
 OneFileCMS.LANG.DE.php   |   2 +-
 OneFileCMS.LANG.EN.php   |   2 +-
 OneFileCMS.LANG.ES.php   |   2 +-
 OneFileCMS_structure.txt |  19 +++----
 onefilecms.php           | 109 ++++++++++++++++++---------------------
 readme.markdown          |  61 ++++++++++------------
 6 files changed, 92 insertions(+), 103 deletions(-)

diff --git a/OneFileCMS.LANG.DE.php b/OneFileCMS.LANG.DE.php
index b4a2503..86c3460 100755
--- a/OneFileCMS.LANG.DE.php
+++ b/OneFileCMS.LANG.DE.php
@@ -1,5 +1,5 @@
 <?php
-// OneFileCMS Language Settings v3.3.18
+// OneFileCMS Language Settings v3.4.0 (same as 3.3.18)
 
 $_['LANGUAGE'] = 'Deutsch';
 $_['LANG'] = 'DE';
diff --git a/OneFileCMS.LANG.EN.php b/OneFileCMS.LANG.EN.php
index feb5bbe..9740b1b 100755
--- a/OneFileCMS.LANG.EN.php
+++ b/OneFileCMS.LANG.EN.php
@@ -1,5 +1,5 @@
 <?php
-// OneFileCMS Language Settings v3.3.18
+// OneFileCMS Language Settings v3.4.0 (same as 3.3.18)
 
 $_['LANGUAGE'] = 'English';
 $_['LANG'] = 'EN';
diff --git a/OneFileCMS.LANG.ES.php b/OneFileCMS.LANG.ES.php
index e0aa6c6..82384bf 100755
--- a/OneFileCMS.LANG.ES.php
+++ b/OneFileCMS.LANG.ES.php
@@ -1,5 +1,5 @@
 <?php
-// OneFileCMS Language Settings v3.3.18
+// OneFileCMS Language Settings v3.4.0 (same as 3.3.18)
 
 $_['LANGUAGE'] = 'Espanõla';
 $_['LANG'] = 'ES';
diff --git a/OneFileCMS_structure.txt b/OneFileCMS_structure.txt
index f12c0c7..d7329ce 100755
--- a/OneFileCMS_structure.txt
+++ b/OneFileCMS_structure.txt
@@ -1,4 +1,4 @@
-Version 3.3.15
+Version 3.4.0
 
 LICENSE
 
@@ -14,9 +14,7 @@ MISC FUNCTIONS:
 	Default_Language()
 	Session_Startup()
 	Verify_IDLE_POST_etc()
-	hashit()
 	Error_reporting_and_early_output()
-	Current_Path_Header()
 	Update_Recent_Pages()
 	undo_magic_quotes()
 	Get_GET()
@@ -61,6 +59,7 @@ SVG ICON FUNCTIONS:
 	show_icon()
 
 PAGE & RESPONSE FUNCTIONS:
+	List_Backup()
 	Admin_Page()
 	Hash_Page()
 	Hash_Page_response()
@@ -70,6 +69,7 @@ PAGE & RESPONSE FUNCTIONS:
 	Logout()
 	Login_Page()
 	Login_Page_response()
+	Table_of_Files()
 	List_Files()
 	Index_Page()
 	Edit_Page_buttons_top()
@@ -82,8 +82,8 @@ PAGE & RESPONSE FUNCTIONS:
 	Upload_response()
 	New_File_Page()
 	New_File_response() 
-	Copy_Ren_Move_Page()
 	Set_Input_width()
+	Copy_Ren_Move_Page()
 	Copy_Ren_Move_response()
 	Delete_File_Page()
 	Delete_File_response()
@@ -91,25 +91,26 @@ PAGE & RESPONSE FUNCTIONS:
 	New_Folder_response()
 	Delete_Folder_Page()
 	Delete_Folder_response() 
+	MCD_Page()
+	MCD_response()
 	Page_Title()
 	Load_Selected_Page()
 	Respond_to_POST()
 
 JAVASCRIPT & STYLESHEET FUNCTIONS:
-	Timer_scripts()
-	Time_Stamp_scripts()
+	common_scripts()
 	Edit_Page_scripts()
 	style_sheet()
 	Language_and_config_adjusted_styles()
 
 LOGIC TO DETERMINE PAGE ACTION
-	Default_Language()
+	Load Default_Language()
 	Verify good PHP version
-	If external language file, load it
+	If specified, load external language file
 	Session_Startup()
 	Get_GET()
 	Init_Macros()
 	Respond_to_POST()
-	Final check of $page to show
+	Final checks of $page to show
 
 GENERATE/OUTPUT <HTML>...  
diff --git a/onefilecms.php b/onefilecms.php
index c9a35a2..c5067a6 100755
--- a/onefilecms.php
+++ b/onefilecms.php
@@ -1,7 +1,7 @@
 <?php
 // OneFileCMS - github.com/Self-Evident/OneFileCMS
 
-$OFCMS_version = '3.3.18';
+$OFCMS_version = '3.4.0';
 
 /*******************************************************************************
 Copyright © 2009-2012 https://github.com/rocktronica
@@ -108,7 +108,7 @@
 	$config_file = ''; //needed further down.
 }
 
-//Requires PHP 5.1, due to changes some functions.
+//Requires PHP 5.1, due to changes in some functions.
 //Earliest version the author has for testing is 5.2.8 (50208)
 define('PHP_VERSION_ID_REQUIRED',50100);   //Ex: 5.1.23 is 50123
 define('PHP_VERSION_REQUIRED'  ,'5.1 + '); //Used in exit() message.
@@ -508,21 +508,21 @@ function Error_reporting_and_early_output($show_status = 0, $show_types = 0) {//
 	$E_level = error_reporting();
 	$E_types = '';
 	$spc = ' &nbsp; '; // or '<br>' or PHP_EOL or whatever...
-	if ( ($E_level &     1) ==     1 ) { $E_types  = 'E_ERROR'            .$spc; }
-	if ( ($E_level &     2) ==     2 ) { $E_types .= 'E_WARNING'          .$spc; }
-	if ( ($E_level &     4) ==     4 ) { $E_types .= 'E_PARSE'            .$spc; }
-	if ( ($E_level &     8) ==     8 ) { $E_types .= 'E_NOTICE'           .$spc; }
-	if ( ($E_level &    16) ==    16 ) { $E_types .= 'E_CORE_ERROR'       .$spc; }
-	if ( ($E_level &    32) ==    32 ) { $E_types .= 'E_CORE_WARNING'     .$spc; }
-	if ( ($E_level &    64) ==    64 ) { $E_types .= 'E_COMPILE_ERROR'    .$spc; }
-	if ( ($E_level &   128) ==   128 ) { $E_types .= 'E_COMPILE_WARNING'  .$spc; }
-	if ( ($E_level &   256) ==   256 ) { $E_types .= 'E_USER_ERROR'       .$spc; }
-	if ( ($E_level &   512) ==   512 ) { $E_types .= 'E_USER_WARNING'     .$spc; }
-	if ( ($E_level &  1024) ==  1024 ) { $E_types .= 'E_USER_NOTICE'      .$spc; }
-	if ( ($E_level &  2048) ==  2048 ) { $E_types .= 'E_STRICT'           .$spc; }
-	if ( ($E_level &  4096) ==  4096 ) { $E_types .= 'E_RECOVERABLE_ERROR'.$spc; }
-	if ( ($E_level &  8192) ==  8192 ) { $E_types .= 'E_DEPRECATED'       .$spc; }
-	if ( ($E_level & 16384) == 16384 ) { $E_types .= 'E_USER_DEPRECATED'  .$spc; }
+	if ( $E_level &     1 ) { $E_types  = 'E_ERROR'            .$spc; }
+	if ( $E_level &     2 ) { $E_types .= 'E_WARNING'          .$spc; }
+	if ( $E_level &     4 ) { $E_types .= 'E_PARSE'            .$spc; }
+	if ( $E_level &     8 ) { $E_types .= 'E_NOTICE'           .$spc; }
+	if ( $E_level &    16 ) { $E_types .= 'E_CORE_ERROR'       .$spc; }
+	if ( $E_level &    32 ) { $E_types .= 'E_CORE_WARNING'     .$spc; }
+	if ( $E_level &    64 ) { $E_types .= 'E_COMPILE_ERROR'    .$spc; }
+	if ( $E_level &   128 ) { $E_types .= 'E_COMPILE_WARNING'  .$spc; }
+	if ( $E_level &   256 ) { $E_types .= 'E_USER_ERROR'       .$spc; }
+	if ( $E_level &   512 ) { $E_types .= 'E_USER_WARNING'     .$spc; }
+	if ( $E_level &  1024 ) { $E_types .= 'E_USER_NOTICE'      .$spc; }
+	if ( $E_level &  2048 ) { $E_types .= 'E_STRICT'           .$spc; }
+	if ( $E_level &  4096 ) { $E_types .= 'E_RECOVERABLE_ERROR'.$spc; }
+	if ( $E_level &  8192 ) { $E_types .= 'E_DEPRECATED'       .$spc; }
+	if ( $E_level & 16384 ) { $E_types .= 'E_USER_DEPRECATED'  .$spc; }
 
 	if ( $show_status && ( (error_reporting() !=  0) ||
 						   (ini_get('display_errors') == 'on') || 
@@ -859,7 +859,7 @@ function Cancel_Submit_Buttons($submit_label, $focus) { //**********************
 	global $_, $ONESCRIPT, $ONESCRIPT_url_backup, $ipath, $param1, $param2, $filename, $page, $message;
 
 	//$params for Cancel. If prior page was Admin, restore admin_ipath.
-	if ($_SESSION['recent_pages'][1] == "admin") { $params = '?i='.$_SESSION['admin_ipath'].'&amp;p=admin'; }
+	if ($_SESSION['recent_pages'][1] == "admin") { $params = '?i='.URLencode_path($_SESSION['admin_ipath']).'&amp;p=admin'; }
 	else                                         { $params = $param1.$param2.'&amp;p='.$_SESSION['recent_pages'][1]; }
 
 	//If came from edit page via admin page, drop this page from recent_pages
@@ -924,7 +924,8 @@ function Timeout_Timer($COUNT, $ID, $CLASS="", $ACTION="") { //*****************
 function Init_Macros(){ //*** ($varibale="some reusable chunk of code")*********
 
 global 	$_, $ONESCRIPT, $param1, $param2, $INPUT_NUONCE, $FORM_COMMON, $PWUN_RULES,
-		$SVG_icon_circle_plus, $SVG_icon_circle_x, $SVG_icon_pencil, $SVG_icon_img_0;
+		$SVG_icon_circle_plus, $SVG_icon_circle_x, $SVG_icon_pencil, $SVG_icon_img_0,
+		$SVG_icon_circle_plus_rev;
 
 $INPUT_NUONCE = '<input type="hidden" name="nuonce" value="'.$_SESSION['nuonce'].'">'.PHP_EOL;
 $FORM_COMMON = '<form method="post" action="'.$ONESCRIPT.$param1.$param2.'">'.$INPUT_NUONCE;
@@ -936,6 +937,10 @@ function Init_Macros(){ //*** ($varibale="some reusable chunk of code")*********
 	  <line x1="2" y1="5" x2="8" y2="5" stroke="white" stroke-width="1.5" />
 	  <line x1="5" y1="2" x2="5" y2="8" stroke="white" stroke-width="1.5" />';
 
+$SVG_icon_circle_plus_rev = '<circle cx="5" cy="5" r="5" stroke="#080" stroke-width="1.3" fill="white"/>
+	  <line x1="2" y1="5" x2="8" y2="5" stroke="#080" stroke-width="1.5" />
+	  <line x1="5" y1="2" x2="5" y2="8" stroke="#080" stroke-width="1.5" />';
+
 $SVG_icon_circle_x = '<circle cx="5" cy="5" r="5" stroke="black" stroke-width="0" fill="#D00"/>
 	<line x1="2.5" y1="2.5" x2="7.5" y2="7.5" stroke="white" stroke-width="1.5"/>
 	<line x1="7.5" y1="2.5" x2="2.5" y2="7.5" stroke="white" stroke-width="1.5"/>';
@@ -968,10 +973,10 @@ function svg_icon_ren(){ //*****************************************************
 
 
 function svg_icon_copy(){ //****************************************************
-	global $SVG_icon_circle_plus;
+	global $SVG_icon_circle_plus_rev;
 
-	return '<svg class="icon2" xmlns="http://www.w3.org/2000/svg" version="1.1" width="11" height="11">'.
-		'<g transform="translate( .5, .5)">'.$SVG_icon_circle_plus.'</g></svg>';
+	return '<svg class="icon2" xmlns="http://www.w3.org/2000/svg" version="1.1" width="12" height="12">'.
+		'<g transform="translate( 1, 1)">'.$SVG_icon_circle_plus_rev.'</g></svg>';
 
 } //end svg_icon_copy() ********************************************************
 
@@ -1604,10 +1609,10 @@ function List_Files() { //******************************************************
 	// As of Version 3.3.18, that number is 7.
 	$checkbox_offset = 7;
 	
-	if (supports_svg()) { //Checks if IE < 9. I don't even know if Select_All() works in IE 9+. Does IE have diff js or DOM? //#####
+	if (supports_svg()) { //Checks if IE < 9.
 		$select_all_attribs = 'TYPE=checkbox NAME=select_all id=select_all VALUE=select_all';
 		$select_all_input = '<INPUT '.$select_all_attribs.' onclick="Select_All('.$checkbox_offset.');">';
-		echo '<div id=select_all_div><LABEL for=select_all id=select_all_label>'.$_['Select_All'].'</LABEL></div>'.$select_all_input; //* //#####
+		echo '<div id=select_all_div><LABEL for=select_all id=select_all_label>'.$_['Select_All'].'</LABEL></div>'.$select_all_input;
 	}
 	
 	function input_mcd($mcd) {
@@ -1619,7 +1624,7 @@ function input_mcd($mcd) {
 	echo '<LABEL id=delete_label>'.hsc($_['Delete']).' '.input_mcd('delete').'</LABEL> ';
 	
 	echo '<input type=submit id=mcd_submit class=button value="'.hsc($_['Selected_Files']).
-		'" onclick="Confirm_ready('.$checkbox_offset.'); return false">'; //*
+		'" onclick="Confirm_ready('.$checkbox_offset.'); return false">';
 	echo '</div>'; //end class=action
 	echo '<div class=clear></div>'; //clear select_all
 
@@ -2431,8 +2436,7 @@ function Respond_to_POST() {//**************************************************
 	global $_, $VALID_POST, $page, $message;
 
 	if ($VALID_POST) { 
-		if (isset($_FILES['upload_file']['name']))  { Upload_response();     }
-		elseif     ($page == "mcdaction") {
+		if     ($page == "mcdaction") {
 			//There must be at least one 'file', and 'action' must = "move", "copy", or "delete"
 			if (!isset($_POST['mcdaction'] )) { $page = "index"; }
 			if (!isset($_POST['files']) )     { $page = "index"; }
@@ -2444,6 +2448,7 @@ function Respond_to_POST() {//**************************************************
 		elseif (isset($_POST["mcd_mov"]      )) { MCD_response('rename');    } //move == rename
 		elseif (isset($_POST["mcd_cpy"]      )) { MCD_response('copy');      }
 		elseif (isset($_POST["mcd_del"]      )) { MCD_response('delete');    }
+		elseif (isset($_FILES['upload_file']['name']))  { Upload_response(); }
 		elseif (isset($_POST["whattohash"]   )) { Hash_response();           }
 		elseif (isset($_POST["pw"]           )) { Change_PWUN_response('pw');}
 		elseif (isset($_POST["un"]           )) { Change_PWUN_response('un');}
@@ -3124,14 +3129,9 @@ function style_sheet(){ //******************************************************
 }
 
 
-table.verify_del {
-	border: 1px solid #F44;
-	background-color: #FFE7E7;
-	}
+table.verify_del    { border: 1px solid #F44; background-color: #FFE7E7; }
 
-table.verify_del td { 
-	border: 1px solid #F44;
-	}
+table.verify_del td { border: 1px solid #F44; }
 
 
 #admin {padding: .3em;}
@@ -3322,39 +3322,34 @@ function Language_and_config_adjusted_styles() {//******************************
 //******************************************************************************
 //******************************************************************************
 //Output page contents
-?><!DOCTYPE html>
-
-<html>
-<head>
-<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
-<meta name="robots" content="noindex">
+echo '<!DOCTYPE html>';
+echo '<html><head>';
+echo '<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">';
+echo '<meta name="robots" content="noindex">';
 
-<title><?php echo $config_title.' - '.Page_Title() ?></title>
+echo '<title>'.$config_title.' - '.Page_Title().'</title>';
 
-<?php style_sheet() ?>
+style_sheet();
 
-<?php Language_and_config_adjusted_styles() ?>
+Language_and_config_adjusted_styles();
 
-<?php common_scripts() ?>
+common_scripts();
 
-</head>
-<body>
+echo '</head><body>';
 
-<?php Error_reporting_and_early_output(1,0);  ?>
+Error_reporting_and_early_output(1,0);
 
-<?php if ($page == "login"){ echo '<div id="main" class="login_page">'; }
+if ($page == "login"){ echo '<div id="main" class="login_page">'; }
       else                 { echo '<div id="main" class="container" >'; }
-?>
 
-<?php Page_Header() ?>
+Page_Header();
 
-<?php if ($Show_header_and_Admin) { Current_Path_Header(); } ?>
+if ($Show_header_and_Admin) { Current_Path_Header(); }
 
-<?php message_box() ?>
+message_box();
 
-<?php Load_Selected_Page() ?>
+Load_Selected_Page();
 
-<?php
 //Countdown timer...
 if ( $page != "login" ) { 
 	echo '<hr>';
@@ -3368,8 +3363,6 @@ function Language_and_config_adjusted_styles() {//******************************
 }elseif ($page != 'login') {
 	echo '<br>';
 }
-?>
-</div><!-- end container/login_page -->
 
-</body>
-</html>
+echo '</div>'; //<!-- end container/login_page -->
+echo '</body></html>';
diff --git a/readme.markdown b/readme.markdown
index 60f9907..269ddcb 100755
--- a/readme.markdown
+++ b/readme.markdown
@@ -1,4 +1,8 @@
-# Current stable version: 3.3.16
+# Current stable version: 3.4
+
+### Auguest 29, 2012
+
+- Added options to select and move, copy, or delete, multiple files from the index page.
 
 ### Auguest 14, 2012
 
@@ -38,14 +42,6 @@ Otherwise, the file - along with your password, is world readable. For details,
 - Thanks to [codeless](http://github.com/codeless) for the German language file!
 
 
-#### Recent improvments:  
-- Added a few settings to the language files to adjust certain css values if needed.  
-  In some instances, some langauges may use significantly longer words or phrases than others.  So, a smaller font or less spacing may be desirable in those places to preserve page layout.  
-- "Wide View" option on Edit page now persists across saves
-- Hopefully improved handling of language files.  Kinda' like "online security", "multi-language support" is nebulous and a bit finicky.
-
-
-  
 --------------------------------------------------------------------------------
 
 # OneFileCMS
@@ -70,7 +66,8 @@ Coupling a utilitarian code editor with basic file managing functions, OneFileCM
 ## Features
  
 - All the basic features of an FTP application like renaming, deleting, copying, and uploading
-  _(Of course, for more complex processes like batch renaming or mass uploads/deletions, you're going to want to use an actual FTP program.)_
+  _(For complex processes like batch renaming or mass uploads/deletions, you're going to want to use an actual FTP program.)_
+- A basic text editor.
 - Alert if you try to leave without saving your edits.
 - A Login delay after too many invalid attempts.
 - Adjustable idle time before auto-logout.
@@ -83,7 +80,7 @@ Coupling a utilitarian code editor with basic file managing functions, OneFileCM
 
 2) Upload to anywhere on your site.  
   
-3) Using your browser, start OneFileCMS, log in with the default "username" and "password". Then click on Admin and set your own username and password!  
+3) Log in to OneFileCMS with the default "username" and "password", and set your own username and password!  
 
 Depending on how your web stack is set up, you may also have to modify the file permissions of your site's folders to allow OneFileCMS to modify and create files. ([More about that here.](http://catcode.com/teachmod/)) Make sure onefilecms.php and its parent folder are allowed to execute, with CHMOD at 755. Check with your host if you're not sure, and be aware of any inherent security concerns.  
 
@@ -93,7 +90,7 @@ You can also change the file name of OneFileCMS.php to something else, such as "
 
 ### Where's the WYSIWYG? What about syntax highlighting?
 
-WYSWIWYG editors have been requested, but probably won't become standard, as they'd probably make it more than one file, sort of defeating the "OneFile" point. Plus, if you're working in PHP or non-HTML code, they're can be more of a hindrance than an asset.
+WYSWIWYG editors have been requested, but probably won't become standard, as they'd make it more than one file, sort of defeating the "OneFile" point. Plus, if you're working in PHP or non-HTML code, they're can be more of a hindrance than an asset.
 
 However, just because I don't want to do it, doesn't mean it's impossible.  Look for the Edit_Page_form() function. Its textarea can be modified to work with whatever editor you like. 
 
@@ -109,17 +106,17 @@ Well, because "OneFileFileManagerTextEditor" just doesn't have the same ring to
 
 ### Multi-Language Support?
 
-Yes!  Currently, English, German, and Spanish are available.  (Someone told me he was working on an Esparento translation, but he might have been kidding...)
+Yes!  Currently, English, German, and Spanish are available.  (Someone told me he was working on an Esparento translation, but that might have been a joke...)
 
 ### Can I have more than one username/password?
 
-Yes!  Well, sort of - indirectly.  Upload or create addional copies of OneFileCMS, but give them different file names.(ie: OneFile1.php and OneFile2.php etc...)  Then, with each copy, maintain different user names and passwords.  Also, so that one user does not log out the other, change the $session_name config variables.  
+Yes!  Well, sort of - indirectly.  Upload or create addional copies of OneFileCMS, but give them different file names.(ie: OneFile1.php and OneFile2.php etc...)  Then, in each copy, maintain different user names and passwords.  Also, so that one user does not log out the other, change the $session_name config variables.  
   
 Now, since there is no database or other means of granular control and access logging, multiple users may be kind of pointless.  On the other hand, having at least one working backup copy of OneFileCMS available is recommended in case the primary copy gets corrupted.
 
 ## Requirements
 
-- PHP 5.2+
+- PHP 5.1+
   (Only tested on versions 5.2.8, 5.2.17, 5.3.3, and 5.4 + )
 - File permission privileges on your host
 - Javascript enabled browswer
@@ -128,30 +125,23 @@ Now, since there is no database or other means of granular control and access lo
 
 ## Credit, License, Et Cetera  
 
-Maintained by github/Self-Evident  
-
-Original concept and development by github.com/rocktronica  
-
-Contributors: A. M Balakrishnan, github.com/codeless, github.com/fermuch  
-
-Written in PHP, JavaScript, HTML, CSS, and SVG.  
-
-Available under the MIT and BSD licenses.  
-
-Icons for versions thru 1.1.6 by [famfamfam](http://www.famfamfam.com/).  
-
-To report a bug or request a feature, please file an issue via Github.  
-
-And, of course, please feel free to fork away!  
+- Maintained by github/Self-Evident
+- Original concept and development by github.com/rocktronica
+- Contributors: A. M Balakrishnan, github.com/codeless, github.com/fermuch
+- Written in PHP, JavaScript, HTML, CSS, and SVG.
+- Available under the MIT and BSD licenses.
+- Icons for versions thru 1.1.6 by [famfamfam](http://www.famfamfam.com/).
+- To report a bug or request a feature, please file an issue via Github.
+- And, of course, please feel free to fork away!
 
 ##Needed/potential/upcoming improvements
 
 - With Chrome, and possibly Safari, issue with Edit page: Clicking browser [back] & then browser [forward],  with file changed and not saved. On return (after [forward] clicked), file still has changes, but indicators are green (saved/unchanged). Does not affect FF 7+ or IE 8+.
-- Issue with Chrome's XSS filter: Editing some legitimate files with OneFileCMS will trigger the filter and disable much of the javascript provided functionallity, but only while on edit page with such a file, and only after a [Save].
-- Connection is not encrypted (doesn't use SSL), so passwords & usernames are sent in clear text during login.  
+- Issue with Chrome's XSS filter: Editing some legitimate files with OneFileCMS will trigger the filter and disable much of the javascript provided functionallity, but only while on the edit page with such a file, and only after a [Save].
+- The connection is not encrypted (doesn't use SSL), so passwords & usernames are sent in clear text during login.  
   (However, this is true of most online login systems, unless SSL or the like is employed.)
 - Be aware that only some very basic data & error checking is performed.  (But, it's getting better...)  
-  On Windows, for instance, it's possible to create folders that are subsequently inaccessible and undeletable by Windows.  (Yea, I found out the hard way...)  (However, I *think* this issue is fixed.)
+  On Windows, for instance, it was possible to create folders that are subsequently inaccessible and undeletable by Windows.  (Yea, I found out the hard way...)  (However, I *think* that issue is fixed.)
 - Anything else?
 
 --------------------------------------------------------------------------------
@@ -182,6 +172,11 @@ GENERATE/OUTPUT THE PAGE
 
 ## Change Log
 
+### 3.3.17 - 3.4.0
+
+- Added option to select and move, copy, or delete multiple files.
+- And other general code tweaks and improvements.
+
 ### 3.3.11 - 3.3.16
 
 - Added screens for changing username and password.

From a93c04a9964eb44cf51543b9ec97eba15042f67f Mon Sep 17 00:00:00 2001
From: Self-Evident <selfevidenttruths@mail.com>
Date: Sun, 9 Sep 2012 15:45:00 -0400
Subject: [PATCH 140/228] Version 3.4.01 Check_path(): Minor logic fix.
 Cancel_Submit_Buttons(): Improved/simplified use of [recent_pages].
 Admin_Page(): Improved preserve/restore $ipath. Admin_Page(): Fixed minor
 issue with [Edit OneFileCMS] button $params. Change_PWUN_Page(): don't hsc()
 until echo'ing to page. Change_PWUN_response($PWUN, $msg): added $msg param
 and removed an if/then. Table_of_Files(): Don't show Rename, Delete, or ckbox
 options for OneFile itself. Edit_Page_buttons & _top(): Improved check for
 [admin_page]. Copy_Ren_Move_Page & _response(): Don't hsc() params until
 echo. Copy_Ren_Move_response(): Removed some abandonded code. Added some that
 was needed. Delete_File_response(): Removed check for [recent_pages].
 MCD_Page(): Moved list of "Selected Files" AFTER [Cancel] [Sumbit] buttons.
 MCD_response(): Added a couple params & removed if/then that used to set
 those values. Load_Selected_Page(): Removed hsc() from params - now hsc()
 only when echo'd. Page_Title(): removed hsc()'s - put where Page_Title() is
 called. Respond_to_POST(): added new params to a few function calls. Improved
 the js function Confirm_ready(). In main logic section, added use of/logic
 for $_SESSION[admin_page & recent_pages]. Consolidated a dozen or so
 redundant $_[langauge] strings (page_title_...). Moved Update_Recent_Pages()
 down after last few $page checks. Tweaked, added, & deleted some css Changed
 $Show_header_and_Admin to $Show_Path, & tweaked the logic.

---
 OneFileCMS.LANG.DE.php   |  21 +-
 OneFileCMS.LANG.EN.php   |  23 +-
 OneFileCMS.LANG.ES.php   |  21 +-
 OneFileCMS_structure.txt |   8 +-
 onefilecms.php           | 701 +++++++++++++++++++--------------------
 readme.markdown          |  49 +--
 6 files changed, 388 insertions(+), 435 deletions(-)

diff --git a/OneFileCMS.LANG.DE.php b/OneFileCMS.LANG.DE.php
index 86c3460..1bbfa65 100755
--- a/OneFileCMS.LANG.DE.php
+++ b/OneFileCMS.LANG.DE.php
@@ -1,5 +1,5 @@
 <?php
-// OneFileCMS Language Settings v3.4.0 (same as 3.3.18)
+// OneFileCMS Language Settings v3.4.01
 
 $_['LANGUAGE'] = 'Deutsch';
 $_['LANG'] = 'DE';
@@ -59,6 +59,8 @@
 $_['Log_In']     = 'Anmelden';  
 $_['Log_Out']    = 'Abmelden';  
 
+$_['Admin_Options']  = 'Administration Options'; //## NT ##
+$_['Edit_View']      = 'Edit / View File';    //## NT ##
 $_['Upload_File']    = 'Datei heraufladen';  
 $_['New_File']       = 'Datei erstellen';    
 $_['Ren_Move']       = 'Umbenennen / Verschieben';
@@ -85,6 +87,7 @@
 $_['reset']       = 'Zurücksetzen - Änderungen verwerfen';
 $_['Wide_View']   = 'Breitenadaptierte Ansicht';
 $_['Normal_View'] = 'Normale Ansicht';
+$_['Open_View']   = 'Open/View in browser window'; //## NT ##
 
 $_['verify_msg_01']  = 'Sitzung abgelaufen.';
 $_['verify_msg_02']  = 'UNGÜLTIGE DATENSENDUNG';
@@ -206,22 +209,6 @@
 $_['delete_folder_msg_02'] = 'Gelöschter Ordner:';
 $_['delete_folder_msg_03'] = 'während des Löschvorgangs trat ein Fehler auf.';
 
-$_['page_title_login']      = 'Anmelden';                
-$_['page_title_admin']      = 'Optionen für die Administration';
-$_['page_title_hash']       = 'Streuwertgenerierung für das Passwort';
-$_['page_title_change_pw']  = 'Passwort ändern';        
-$_['page_title_change_un']  = 'Benutzername ändern';    
-$_['page_title_edit']       = 'Datei bearbeiten/betrachten';
-$_['page_title_upload']     = 'Datei heraufladen';       
-$_['page_title_new_file']   = 'Neue Datei';              
-$_['page_title_ren']        = 'Datei umbenennen';        
-$_['page_title_copy']       = 'Datei kopieren';          
-$_['page_title_mov']        = 'Datei Verschieben';       
-$_['page_title_del']        = 'Datei löschen';          
-$_['page_title_folder_new'] = 'Neuer Ordner';            
-$_['page_title_folder_ren'] = 'Ordner umbenennen/verschieben';
-$_['page_title_folder_del'] = 'Ordner löschen';         
-
 $_['session_warning']  = 'Achtung: Die sitzung wird ende bald!';
 $_['session_expired']  = 'SITZUNG ABGELAUFEN';
 $_['unload_unsaved']   = '               Nicht gespeicherte Änderungen gehen verloren!';
diff --git a/OneFileCMS.LANG.EN.php b/OneFileCMS.LANG.EN.php
index 9740b1b..b454a44 100755
--- a/OneFileCMS.LANG.EN.php
+++ b/OneFileCMS.LANG.EN.php
@@ -1,7 +1,7 @@
 <?php
-// OneFileCMS Language Settings v3.4.0 (same as 3.3.18)
+// OneFileCMS Language Settings v3.4.01
 
-$_['LANGUAGE'] = 'English';
+$_['LANGUAGE'] = 'English'; //EN
 $_['LANG'] = 'EN';
 
 // If no translation or value is desired for a particular setting, do not delete
@@ -59,6 +59,8 @@
 $_['Log_In']     = 'Log In';    
 $_['Log_Out']    = 'Log Out';   
 
+$_['Admin_Options']  = 'Administration Options';
+$_['Edit_View']      = 'Edit / View File';   
 $_['Upload_File']    = 'Upload File';        
 $_['New_File']       = 'New File';           
 $_['Ren_Move']       = 'Rename / Move';      
@@ -206,22 +208,6 @@
 $_['delete_folder_msg_02'] = 'Deleted folder:';
 $_['delete_folder_msg_03'] = 'an error occurred during delete.';
 
-$_['page_title_login']      = 'Log In';                  
-$_['page_title_admin']      = 'Administration Options';  
-$_['page_title_hash']       = 'Generate a Password Hash';
-$_['page_title_change_pw']  = 'Change Password';         
-$_['page_title_change_un']  = 'Change Username';         
-$_['page_title_edit']       = 'Edit / View File';        
-$_['page_title_upload']     = 'Upload File';             
-$_['page_title_new_file']   = 'New File';                
-$_['page_title_ren']        = 'Rename / Move File';      
-$_['page_title_copy']       = 'Copy File(s)';            
-$_['page_title_mov']        = 'Move File(s)';            
-$_['page_title_del']        = 'Delete File(s)';          
-$_['page_title_folder_new'] = 'New Folder';              
-$_['page_title_folder_ren'] = 'Rename / Move Folder';    
-$_['page_title_folder_del'] = 'Delete Folder';           
-
 $_['session_warning']  = 'Warning: Session timeout soon!';
 $_['session_expired']  = 'SESSION EXPIRED';
 $_['unload_unsaved']   = ' Unsaved changes will be lost!';
@@ -278,4 +264,3 @@
 $_['mcd_msg_01']    = 'files moved successfully.';            
 $_['mcd_msg_02']    = 'files copied successfully.';           
 $_['mcd_msg_03']    = 'files deleted successfully.';          
-
diff --git a/OneFileCMS.LANG.ES.php b/OneFileCMS.LANG.ES.php
index 82384bf..bf0dfc8 100755
--- a/OneFileCMS.LANG.ES.php
+++ b/OneFileCMS.LANG.ES.php
@@ -1,5 +1,5 @@
 <?php
-// OneFileCMS Language Settings v3.4.0 (same as 3.3.18)
+// OneFileCMS Language Settings v3.4.01
 
 $_['LANGUAGE'] = 'Espanõla';
 $_['LANG'] = 'ES';
@@ -59,6 +59,8 @@
 $_['Log_In']     = 'Iniciar Sesión';
 $_['Log_Out']    = 'Cerrar Sesión';
 
+$_['Admin_Options']  = 'Administration Options'; //## NT ##
+$_['Edit_View']      = 'Edit / View File';    //## NT ##
 $_['Upload_File']    = 'Subir Archivo';      
 $_['New_File']       = 'Archivo Nuevo';      
 $_['Ren_Move']       = 'Renombrar / Mover';  
@@ -85,6 +87,7 @@
 $_['reset']       = 'Reiniciar - perder los cambios';
 $_['Wide_View']   = 'Vista Ampliada';
 $_['Normal_View'] = 'Vista Normal';
+$_['Open_View']   = 'Open/View in browser window'; //## NT ##
 
 $_['verify_msg_01']  = 'Sesión expirada.';
 $_['verify_msg_02']  = 'POST INVÁLIDO';
@@ -206,22 +209,6 @@
 $_['delete_folder_msg_02'] = 'Carpeta eliminada:';
 $_['delete_folder_msg_03'] = 'ocurrió un error eliminándola.';
 
-$_['page_title_login']      = 'Iniciar Sesión';         
-$_['page_title_admin']      = 'Administration Options';   //## NT ##
-$_['page_title_hash']       = 'Generar una Cadena de Contraseña';
-$_['page_title_change_pw']  = 'Change Password';          //## NT ##
-$_['page_title_change_un']  = 'Change Username';          //## NT ##
-$_['page_title_edit']       = 'Editar / Ver Archivo';    
-$_['page_title_upload']     = 'Subir Archivo';           
-$_['page_title_new_file']   = 'Nuevo Archivo';           
-$_['page_title_ren']        = 'Renombrar  / Mover Archivo';
-$_['page_title_copy']       = 'Copiar Archivo';          
-$_['page_title_mov']        = 'Move File(s)';             //## NT ##
-$_['page_title_del']        = 'Delete File(s)';           //## NT ##
-$_['page_title_folder_new'] = 'Nueva Carpeta';           
-$_['page_title_folder_ren'] = 'Renombrar / Mover Carpeta';
-$_['page_title_folder_del'] = 'Eliminar Carpeta';        
-
 $_['session_warning']  = 'Advertencia: ¡La sesión terminará pronto!';
 $_['session_expired']  = 'SESIÓN TERMINADA';
 $_['unload_unsaved']   = '                 ¡Los cambios no guardados se perderán!';
diff --git a/OneFileCMS_structure.txt b/OneFileCMS_structure.txt
index d7329ce..b72e6cb 100755
--- a/OneFileCMS_structure.txt
+++ b/OneFileCMS_structure.txt
@@ -1,4 +1,4 @@
-Version 3.4.0
+Version 3.4.01
 
 LICENSE
 
@@ -24,7 +24,7 @@ MISC FUNCTIONS:
 	ordinalize()
 	supports_svg()
 
-PAGE CHUNK FUNCTIONS
+MISC PAGE SECTIONS/FUNCTIONS
 	Current_Path_Header()
 	Page_Header()
 	message_box()
@@ -105,12 +105,12 @@ JAVASCRIPT & STYLESHEET FUNCTIONS:
 
 LOGIC TO DETERMINE PAGE ACTION
 	Load Default_Language()
-	Verify good PHP version
 	If specified, load external language file
+	Verify good PHP version
 	Session_Startup()
 	Get_GET()
 	Init_Macros()
 	Respond_to_POST()
-	Final checks of $page to show
+	Final checks for $page to show
 
 GENERATE/OUTPUT <HTML>...  
diff --git a/onefilecms.php b/onefilecms.php
index c5067a6..0051cbc 100755
--- a/onefilecms.php
+++ b/onefilecms.php
@@ -1,7 +1,7 @@
 <?php
 // OneFileCMS - github.com/Self-Evident/OneFileCMS
 
-$OFCMS_version = '3.4.0';
+$OFCMS_version = '3.4.01';
 
 /*******************************************************************************
 Copyright © 2009-2012 https://github.com/rocktronica
@@ -39,7 +39,7 @@
 ini_set('display_errors', 'off');         //Only turn on for trouble-shooting.
 ini_set('log_errors'    , 'off');         //Only turn on for trouble-shooting.
 ini_set('error_log'     , $_SERVER['SCRIPT_FILENAME'].'.ERROR.log');
-//Determine good folder for session file? Default is tmp/, which is not secure, but it may not be a serious concern. 
+//Determine good folder for session file? Default is tmp/, which is not secure, but it may not be a serious concern.
 //session_save_path($safepath)  or  ini_set('session.save_path', $safepath)
 //******************************************************************************
 
@@ -60,6 +60,7 @@
 $LOGIN_DELAY   = 10;  //In seconds.
 $MAX_IDLE_TIME = 600; //In seconds. 600 = 10 minutes.  Other PHP settings may limit its max effective value.
 					  //  For instance, 24 minutes is the PHP default for garbage collection.
+
 $MAIN_WIDTH    = '810px'; //Width of main <div> defining page layout.
 $WIDE_VIEW_WIDTH = '97%'; //Width to set Edit page if [Wide View] is clicked
 
@@ -101,7 +102,7 @@
 //******************************************************************************
 //System values & setup
 
-//If there is one, include external config file. 
+//If there is one, include external config file.
 if ( isset($config_file) && is_file($config_file) ) {
 	include($config_file);
 }else{
@@ -116,7 +117,7 @@
 //The predefined constant PHP_VERSION_ID has only been available since 5.2.7.
 //So, if needed, convert PHP_VERSION (a string) to PHP_VERSION_ID (a number).
 //Ex: 5.1.23 converts to 50123.
-if (!defined('PHP_VERSION_ID')) {  
+if (!defined('PHP_VERSION_ID')) {
 	$phpversion = explode('.', PHP_VERSION);
 	define('PHP_VERSION_ID', ($phpversion[0] * 10000 + $phpversion[1] * 100 + $phpversion[2]));
 }
@@ -168,9 +169,9 @@ function hte($input) { return htmlentities($input, ENT_QUOTES, 'UTF-8'); }//end
 
 function Default_Language() { // ***********************************************
 	global $_;
-// OneFileCMS Language Settings v3.3.18
+// OneFileCMS Language Settings v3.4.01
 
-$_['LANGUAGE'] = 'English';  //EN
+$_['LANGUAGE'] = 'English'; //EN
 $_['LANG'] = 'EN';
 
 // If no translation or value is desired for a particular setting, do not delete
@@ -185,18 +186,18 @@ function Default_Language() { // ***********************************************
 // In some instances, some langauges may use significantly longer words or phrases than others.
 // So, a smaller font or less spacing may be desirable in those places to preserve page layout.
 //
-$_['front_links_font_size'] = '1em';     //Buttons on Index page.
+$_['front_links_font_size'] = '1em';    //Buttons on Index page.
 $_['front_links_margin_R']  = '1em';   
-$_['button_font_size']      = '.9em';    //Buttons on Edit page.
+$_['button_font_size']      = '.9em';   //Buttons on Edit page.
 $_['button_margin_L']       = '.7em';  
 $_['button_padding']        = '4px 10px';
-$_['image_info_font_size']  = '1em';     //show_img_msg_01  &  _02
-$_['image_info_pos']        = '';        //If 1 or true, moves the info down a line for more space.
-$_['select_all_label_size'] = '.84em';   //Font size of $_['Select_All']
-$_['select_all_div_width']  = '73px';    //Width of space for $_['Select_All']
-$_['R'] = 'R';  //R ename
-$_['C'] = 'C';  //C opy
-$_['D'] = 'D';  //D elete
+$_['image_info_font_size']  = '1em';    //show_img_msg_01  &  _02
+$_['image_info_pos']        = '';       //If 1 or true, moves the info down a line for more space.
+$_['select_all_label_size'] = '.84em';  //Font size of $_['Select_All']
+$_['select_all_div_width']  = '73px';   //Width of space for $_['Select_All']
+$_['R'] = 'R'; //R ename
+$_['C'] = 'C'; //C opy
+$_['D'] = 'D'; //D elete
 $_['Admin']   = 'Admin';  
 $_['Cancel']  = 'Cancel'; 
 $_['Close']   = 'Close';  
@@ -224,6 +225,8 @@ function Default_Language() { // ***********************************************
 $_['Username']   = 'Username';  
 $_['Log_In']     = 'Log In';    
 $_['Log_Out']    = 'Log Out';   
+$_['Admin_Options']  = 'Administration Options';
+$_['Edit_View']      = 'Edit / View File';   
 $_['Upload_File']    = 'Upload File';        
 $_['New_File']       = 'New File';           
 $_['Ren_Move']       = 'Rename / Move';      
@@ -249,6 +252,7 @@ function Default_Language() { // ***********************************************
 $_['reset']       = 'Reset - loose changes';
 $_['Wide_View']   = 'Wide View';
 $_['Normal_View'] = 'Normal View';
+$_['Open_View']   = 'Open/View in browser window';
 $_['verify_msg_01']  = 'Session expired.';
 $_['verify_msg_02']  = 'INVALID POST';
 $_['get_get_msg_01']    = 'File does not exist:';
@@ -353,21 +357,6 @@ function Default_Language() { // ***********************************************
 $_['delete_folder_msg_01'] = 'Folder not empty. Folders must be empty before they can be deleted.';
 $_['delete_folder_msg_02'] = 'Deleted folder:';
 $_['delete_folder_msg_03'] = 'an error occurred during delete.';
-$_['page_title_login']      = 'Log In';
-$_['page_title_admin']      = 'Administration Options';
-$_['page_title_hash']       = 'Generate a Password Hash';
-$_['page_title_change_pw']  = 'Change Password';
-$_['page_title_change_un']  = 'Change Username';
-$_['page_title_edit']       = 'Edit / View File';
-$_['page_title_upload']     = 'Upload File';
-$_['page_title_new_file']   = 'New File';
-$_['page_title_ren']        = 'Rename / Move File';
-$_['page_title_copy']       = 'Copy File(s)';
-$_['page_title_mov']        = 'Move File(s)';
-$_['page_title_del']        = 'Delete File(s)';
-$_['page_title_folder_new'] = 'New Folder';
-$_['page_title_folder_ren'] = 'Rename / Move Folder';
-$_['page_title_folder_del'] = 'Delete Folder';
 $_['session_warning']  = 'Warning: Session timeout soon!';
 $_['session_expired']  = 'SESSION EXPIRED';
 $_['unload_unsaved']   = ' Unsaved changes will be lost!';
@@ -380,11 +369,11 @@ function Default_Language() { // ***********************************************
 $_['edit_caution_01']  = 'CAUTION';
 $_['edit_caution_02']  = 'You are editing the active copy of OneFileCMS - BACK IT UP & BE CAREFUL !!';
 $_['time_out_txt']     = 'Session time out in:';
-$_['error_reporting_01'] = 'Display errors is';
-$_['error_reporting_02'] = 'Log errors is';
+$_['error_reporting_01'] = 'Display errors is';        
+$_['error_reporting_02'] = 'Log errors is';            
 $_['error_reporting_03'] = 'Error reporting is set to';
-$_['error_reporting_04'] = 'Showing error types';
-$_['error_reporting_05'] = 'Unexpected early output';
+$_['error_reporting_04'] = 'Showing error types';      
+$_['error_reporting_05'] = 'Unexpected early output';  
 $_['error_reporting_06'] = '(nothing, not even white-space, should have been output yet)';
 $_['admin_txt_00'] = 'Old Backup Found';
 $_['admin_txt_01'] = 'A backup file was created in case of an error during a username or password change. Therefore, it may contain old information and should be deleted if not needed. In any case, it will automatically be overwritten on the next password or username change.';
@@ -393,32 +382,32 @@ function Default_Language() { // ***********************************************
 $_['admin_txt_12'] = 'However, due to a number of considerations, this change was largely an academic exersize. That is, in this application, take the idea that it adds much of an improvement to security with a grain of cryptographic salt. Never-the-less, it does eliminate the storage of your password in plain text (if that option was used), which is generally considered to be a good thing.';
 $_['admin_txt_14'] = 'For another small improvement to security, change the default salt and/or method used by OneFileCMS to hash the password (and keep them secret, of course). Every little bit helps...';
 $_['admin_txt_16'] = 'Also, you can still use OneFileCMS to edit itself. However, be sure to have a backup ready for the inevitable ytpo...';
-$_['pw_change']  = 'Change Password';
-$_['pw_current'] = 'Current Password';
-$_['pw_new']     = 'New Password';
-$_['pw_confirm'] = 'Confirm New Password';
-$_['pw_txt_02']  = 'Password / Username rules:';
-$_['pw_txt_04']  = 'They are case-sensitive!';
+$_['pw_change']  = 'Change Password';            
+$_['pw_current'] = 'Current Password';           
+$_['pw_new']     = 'New Password';               
+$_['pw_confirm'] = 'Confirm New Password';       
+$_['pw_txt_02']  = 'Password / Username rules:'; 
+$_['pw_txt_04']  = 'They are case-sensitive!';   
 $_['pw_txt_06']  = 'They must contain at least one non-space character.';
 $_['pw_txt_08']  = 'They may contain spaces in the middle. Ex: "This is a password or username!"';
 $_['pw_txt_10']  = 'Leading and trailing spaces are removed.';
 $_['pw_txt_12']  = 'To record the change, only one file is updated: either the active copy of OneFileCMS, or, if specified, an external configuration file.';
 $_['pw_txt_14']  = 'If an incorrect current password is entered, you will be logged out, but you may log back in.';
-$_['change_pw_01'] = 'Password changed!';
-$_['change_pw_02'] = 'Password NOT changed:';
+$_['change_pw_01'] = 'Password changed!';                              
+$_['change_pw_02'] = 'Password NOT changed:';                          
 $_['change_pw_03'] = 'Incorrect current password. Login to try again.';
-$_['change_pw_04'] = 'New and "Confirm New" values do not match.';
-$_['change_pw_05'] = 'Updating';
-$_['change_pw_06'] = 'external config file';
-$_['un_change']     = 'Change Username';
-$_['un_new']        = 'New Username';
-$_['un_confirm']    = 'Confirm New Username';
-$_['change_un_01']  = 'Username changed!';
-$_['change_un_02']  = 'Username NOT changed:';
-$_['update_failed'] = 'Update failed - could not save file.';
-$_['mcd_msg_01']    = 'files moved successfully.';
-$_['mcd_msg_02']    = 'files copied successfully.';
-$_['mcd_msg_03']    = 'files deleted successfully.';
+$_['change_pw_04'] = 'New and "Confirm New" values do not match.';     
+$_['change_pw_05'] = 'Updating';                                       
+$_['change_pw_06'] = 'external config file';                           
+$_['un_change']     = 'Change Username';                      
+$_['un_new']        = 'New Username';                         
+$_['un_confirm']    = 'Confirm New Username';                 
+$_['change_un_01']  = 'Username changed!';                    
+$_['change_un_02']  = 'Username NOT changed:';                
+$_['update_failed'] = 'Update failed - could not save file.'; 
+$_['mcd_msg_01']    = 'files moved successfully.';            
+$_['mcd_msg_02']    = 'files copied successfully.';           
+$_['mcd_msg_03']    = 'files deleted successfully.';          
 }//end Default_Language() ******************************************************
 
 
@@ -427,11 +416,11 @@ function Default_Language() { // ***********************************************
 function Session_Startup() { //*************************************************
 	global $SESSION_NAME, $page, $VALID_POST, $message;
 
-	$limit    = 0; //0 = session.  
+	$limit    = 0; //0 = session.
 	$path     = '';
 	$domain   = ''; // '' = hostname
 	$https    = false;
-	$httponly = true;//true = unaccessable via javascript. Some XSS protection.
+	$httponly = true; //true = unaccessable via javascript. Some XSS protection.
 	session_set_cookie_params($limit, $path, $domain, $https, $httponly);
 
 	session_name($SESSION_NAME);
@@ -460,7 +449,7 @@ function Session_Startup() { //*************************************************
 function Verify_IDLE_POST_etc() { //********************************************
 	global $_, $EX, $message, $VALID_POST, $MAX_IDLE_TIME;
 
-	//Verify consistant user agent... (every little bit helps every little bit) 
+	//Verify consistant user agent... (every little bit helps every little bit)
 	if ( !isset($_SESSION['user_agent']) || ($_SESSION['user_agent'] != $_SERVER['HTTP_USER_AGENT']) ) { Logout(); }
 
 	//Check idle time
@@ -475,7 +464,7 @@ function Verify_IDLE_POST_etc() { //********************************************
 	$_SESSION['last_active_time'] = time();
 
 	//If POSTing, verify...
-	if ( isset($_POST['nuonce']) ) { 
+	if ( isset($_POST['nuonce']) ) {
 		if ( $_POST['nuonce'] == $_SESSION['nuonce'] ) {
 			$VALID_POST = 1;
 		}else{ //If it exists but doesn't match - something's wrong.
@@ -525,7 +514,7 @@ function Error_reporting_and_early_output($show_status = 0, $show_types = 0) {//
 	if ( $E_level & 16384 ) { $E_types .= 'E_USER_DEPRECATED'  .$spc; }
 
 	if ( $show_status && ( (error_reporting() !=  0) ||
-						   (ini_get('display_errors') == 'on') || 
+						   (ini_get('display_errors') == 'on') ||
 						   (ini_get('log_errors') == 'on') ) )
 	{
 ?>		<style>
@@ -571,15 +560,12 @@ function Update_Recent_Pages($pop_current = 0) { //*****************************
 	//Reverse so index [0] is oldest page (re-reversed at end of function)
 	$_SESSION['recent_pages'] = array_reverse($_SESSION['recent_pages']);
 
-	if ($pop_current)
-	{
-		//Sometimes we just want to discard the most recent page.
+	//Sometimes we just want to discard the most recent page.
+	if ($pop_current) {
 		array_pop($_SESSION['recent_pages']);
 	}
-	elseif ( $page != $_SESSION['recent_pages'][$pages] )
-	{
-		//Add new page to arrray of recent_pages
-		//if (new page) == (prior page) (from a page reload etc.), don't update
+	//Only if actually a new new page, add to arrray of recent_pages
+	elseif ( $page != $_SESSION['recent_pages'][$pages] ) {
 		$_SESSION['recent_pages'][$pages+1] = $page;
 		$pages = count($_SESSION['recent_pages']);
 	}
@@ -631,7 +617,7 @@ function Get_GET() { //*** Get main parameters *********************************
 
 	//Initialize & validate $page
 	if (isset($_GET["p"])) { $page = $_GET["p"]; } else { $page = "index"; }
-	if (!in_array($page, $valid_pages)) { 
+	if (!in_array($page, $valid_pages)) {
 		$message .= $EX.hsc($_['get_get_msg_02']).' <b>'.hte($page).'</b><br>';
 		$page = "index";  //If invalid $_GET["p"]
 	}elseif ($page == "mcdaction" && !$VALID_POST ){ //not likely, but just in case.
@@ -679,7 +665,7 @@ function Check_path($path) { // returns first valid path in some/supplied/path/
 	$len       = count($pathparts);
 	$path      = "";  //Cleaned path.
 	foreach ($pathparts as $value) { //(More reliable than str_replace(entire_string).)
-		if ( !(($value == '.') && (!value == '..')) ) { $path .= $value.'/'; }
+		if ( ($value != '.') && ($value != '..') ) { $path .= $value.'/'; }
 	}
 
 	$path = trim($path,"/"); // Remove -for now- final trailing slash.
@@ -745,8 +731,8 @@ function supports_svg() { //****************************************************
 	//IE < 9 is the only browser checked for currently.
 	//EX: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0)
 	$USER_AGENT = $_SERVER['HTTP_USER_AGENT'];
-	$pos_MSIE = strpos($USER_AGENT, 'MSIE ');
-	$old_ie   = false;
+	$pos_MSIE   = strpos($USER_AGENT, 'MSIE ');
+	$old_ie     = false;
 	if ($pos_MSIE !== false) {
 		$ie_ver = substr($USER_AGENT, ($pos_MSIE+5), 1);
 		$old_ie = ( $ie_ver < 9 );
@@ -758,7 +744,7 @@ function supports_svg() { //****************************************************
 
 
 function Current_Path_Header(){ //**********************************************
- 	// Current path. ie: webroot/current/path/ 
+ 	// Current path. ie: webroot/current/path/
 	// Each level is a link to that level.
 
 	global $ONESCRIPT, $ipath, $WEB_ROOT;
@@ -770,7 +756,7 @@ function Current_Path_Header(){ //**********************************************
 
 		if ($ipath != "" ) { //if not at root, show the rest
 			$path_levels  = explode("/",trim($ipath,'/') );
-			$levels = count($path_levels); //If levels=3, indexes = 0, 1, 2  etc... 
+			$levels = count($path_levels); //If levels=3, indexes = 0, 1, 2  etc...
 			$current_path = "";
 
 			for ($x=0; $x < $levels; $x++) {
@@ -790,7 +776,7 @@ function Page_Header(){ //******************************************************
 	global  $_, $DOC_ROOT, $ONESCRIPT, $page, $WEBSITE, $config_title, $OFCMS_version, $config_favicon, $message;
 
 	$favicon = '';
-	if (file_exists($DOC_ROOT.trim($config_favicon,'/'))) { 
+	if (file_exists($DOC_ROOT.trim($config_favicon,'/'))) {
 		$favicon =  '<img src="/'.URLencode_path($config_favicon).'" alt="">';
 	}
 ?>
@@ -856,23 +842,15 @@ function Upload_New_Rename_Delete_Links() { //**********************************
 function Cancel_Submit_Buttons($submit_label, $focus) { //**********************
 	//$submit_label = Rename, Copy, Delete, etc...
 	//$focus is ID of element to receive focus(). (element may be outside this function)
-	global $_, $ONESCRIPT, $ONESCRIPT_url_backup, $ipath, $param1, $param2, $filename, $page, $message;
-
-	//$params for Cancel. If prior page was Admin, restore admin_ipath.
-	if ($_SESSION['recent_pages'][1] == "admin") { $params = '?i='.URLencode_path($_SESSION['admin_ipath']).'&amp;p=admin'; }
-	else                                         { $params = $param1.$param2.'&amp;p='.$_SESSION['recent_pages'][1]; }
+	global $_, $ONESCRIPT, $ONESCRIPT_url_backup, $ipath, $param1, $param2, $filename, $page;
 
-	//If came from edit page via admin page, drop this page from recent_pages
-	//This helps preserve ipath prior to admin page
-	if ( ($_SESSION['recent_pages'][2] == "admin") && ($_SESSION['recent_pages'][1] == "edit") ) {
-		Update_Recent_Pages(1); //1 or true = drop current page from recent_pages
-	}
+	$params = $param1.$param2.'&amp;p='. $_SESSION['recent_pages'][1];
 ?>
-	<p> 
+	<p>
 	<input type="button" class="button" id="cancel" value="<?php echo hsc($_['Cancel']) ?>"
-		onclick="parent.location = '<?php echo $ONESCRIPT.$params ?>'">
+		onclick="parent.location = '<?php echo $ONESCRIPT.$params ?>'; return false">
 	<input type="submit" class="button" value="<?php echo $submit_label;?>" style="margin-left: 1em;">
-<?php 
+<?php
 	if ($focus != ""){ echo '<script>document.getElementById("'.$focus.'").focus();</script>'; }
 
 	//Do not close the <p> tag yet/here. Leave it open for potential content on individual pages.
@@ -1057,7 +1035,7 @@ function svg_icon_cfg(){ return svg_icon_txt_0('#444', '#111', '#DDD'); } //****
 
 function svg_icon_upload(){ //**************************************************
 	$extra = '<g transform="scale(1.1) translate(1.75,4)">
-		<polygon points="6,0  12,6  8,6  8,11  4,11  4,6  0,6" 
+		<polygon points="6,0  12,6  8,6  8,11  4,11  4,6  0,6"
 		stroke-width="1" stroke="white" fill="green" /></g>'; //up arrow
 
 	return svg_icon_txt_0('#333', 'black', 'white', $extra);
@@ -1086,11 +1064,11 @@ function svg_icon_file_del(){ //************************************************
 function svg_icon_folder_0($extra = ""){ //*************************************
 
  return '<svg class="icon icon_fldr" xmlns="http://www.w3.org/2000/svg" version="1.1" width="18" height="14">
-	<path  d="M0.5, 1  L8,1  L9,2  L9,3  L16.5,3  L17,3.5  L17,13.5  L.5,13.5  L.5,.5" 
+	<path  d="M0.5, 1  L8,1  L9,2  L9,3  L16.5,3  L17,3.5  L17,13.5  L.5,13.5  L.5,.5"
 			fill="#FBE47b" stroke="#F0CD28" stroke-width="1" />
-	<path  d="M1.5, 8  L7, 8  L8.5,6.3  L16,6.3  L7.5, 6.3   L6.5,7.5  L1.5,7.5" 
+	<path  d="M1.5, 8  L7, 8  L8.5,6.3  L16,6.3  L7.5, 6.3   L6.5,7.5  L1.5,7.5"
 			fill="transparent" stroke="white" stroke-width="1" />
-	<path  d="M1.5,13  L1.5,2  L7.5,2  L8.5,3  L8.5,4  L15.5,4 L16,4.5  L16,13"  
+	<path  d="M1.5,13  L1.5,2  L7.5,2  L8.5,3  L8.5,4  L15.5,4 L16,4.5  L16,13"
 			fill="transparent" stroke="white" stroke-width="1" />'.
 	$extra.'
 	</svg>';
@@ -1172,18 +1150,22 @@ function List_Backup($file, $file_url){ //**************************************
 
 
 function Admin_Page() { //******************************************************
-	global $_, $WEB_ROOT, $ONESCRIPT, $ONESCRIPT_url_backup, $ONESCRIPT_file_backup, $CONFIG_url_backup, 
-		   $ipath, $filename, $param1, $param2, $EX, $message, $config_title,  $CONFIG_file_backup;
-
-	$_SESSION['admin_ipath']  = $ipath; //Used so after Edit OneFile, returns to ipath user expects.
-
+	global $_, $WEB_ROOT, $ONESCRIPT, $ONESCRIPT_url_backup, $ONESCRIPT_file_backup, $CONFIG_url_backup,
+		   $ipath, $filename, $param1, $param2, $EX, $config_title,  $CONFIG_file_backup;
+
+	// Restore/Preserve $ipath prior to admin page in case OneFileCMS is edited (which would change $ipath).
+	if   ( $_SESSION['admin_page'] ) { $ipath  = $_SESSION['admin_ipath'];
+									   $param1 = '?i='.URLencode_path($ipath); }
+	else { $_SESSION['admin_page']  = true;
+		   $_SESSION['admin_ipath'] = $ipath; }
+	
 	// [Close] returns to either the index or edit page.
 	$params = "";
 	if ($filename != "") { $params = $param2.'&amp;p=edit'; }
 
-	$edit_params = '?i='.URLencode_path(dirname($ONESCRIPT)).'&amp;f='.rawurlencode(basename($ONESCRIPT)).'&amp;p=edit';
+	$edit_params = '?i='.dirname($ONESCRIPT).'&amp;f='.(basename($ONESCRIPT)).'&amp;p=edit';
 ?>
-	<h2><?php echo hsc($_['page_title_admin']) ?></h2>
+	<h2><?php echo hsc($_['Admin_Options']) ?></h2>
 
 	<span class="admin_buttons">
 	<input type="button" class="button" id="cancel"    value="<?php echo hsc($_['Close']) ?>"
@@ -1198,7 +1180,7 @@ function Admin_Page() { //******************************************************
 	<input type="button" class="button" id="hash"      value="<?php echo hsc($_['Generate_Hash']) ?>"
 		onclick="parent.location = '<?php echo $ONESCRIPT.$param1.'&amp;p=hash' ?>'">
 
-	<input type="button" class="button" id="editOFCMS" value="<?php echo hsc($_['Edit'].' '.$config_title) ?>"
+	<input type="button" class="button" id="editOFCMS" value="<?php echo hsc($_['Edit'].' '.$config_title) ?>" 
 		onclick="parent.location = '<?php echo $ONESCRIPT.$edit_params ?>'">
 	</span>
 
@@ -1236,13 +1218,13 @@ function Admin_Page() { //******************************************************
 
 
 function Hash_Page() { //*******************************************************
-	global $_, $ONESCRIPT, $param1, $param3, $message, $INPUT_NUONCE, $PWUN_RULES;
+	global $_, $ONESCRIPT, $param1, $param3, $INPUT_NUONCE, $PWUN_RULES;
 
 	if (!isset($_POST['whattohash'])) { $_POST['whattohash'] = ''; }
 ?>
 	<style>#message_box {font-family: courier; min-height: 3.1em;}</style>
 
-	<h2><?php echo hsc($_['page_title_hash']) ?></h2>
+	<h2><?php echo hsc($_['Generate_Hash']) ?></h2>
 	
 	<form id="hash" name="hash" method="post" action="<?php echo $ONESCRIPT.$param1.$param3; ?>">
 		<?php echo $INPUT_NUONCE; ?>
@@ -1263,7 +1245,7 @@ function Hash_Page() { //*******************************************************
 	
 	<?php echo $PWUN_RULES ?>
 	</div>
-<?php 
+<?php
 } //end Hash_Page() ************************************************************
 
 
@@ -1285,23 +1267,23 @@ function Hash_response() { //***************************************************
 
 function Change_PWUN_Page($config_key) { //*************************************
 	// $config_key must= "pw" or "un"
-	global $_, $EX, $ONESCRIPT, $param1, $param3, $message, $INPUT_NUONCE, $config_title, $PWUN_RULES;
+	global $_, $EX, $ONESCRIPT, $param1, $param3, $INPUT_NUONCE, $config_title, $PWUN_RULES;
 	
 	if ($config_key == "pw") {
 		$type = "password";
-		$page_title    = hsc($_['page_title_change_pw']);
-		$label_new     = hsc($_['pw_new']);
-		$label_confirm = hsc($_['pw_confirm']);
+		$page_title    = $_['pw_change'];
+		$label_new     = $_['pw_new'];
+		$label_confirm = $_['pw_confirm'];
 	}elseif ($config_key == "un"){
 		$type = "text";
-		$page_title    = hsc($_['page_title_change_un']);
-		$label_new     = hsc($_['un_new']);
-		$label_confirm = hsc($_['un_confirm']);
+		$page_title    = $_['un_change'];
+		$label_new     = $_['un_new'];
+		$label_confirm = $_['un_confirm'];
 	}
 ?>
 	<style></style>
 
-	<h2><?php echo $page_title ?></h2>
+	<h2><?php echo hsc($page_title) ?></h2>
 	
 	<form id="change" name="<?php echo $config_key ?>" method="post" action="<?php echo $ONESCRIPT.$param1.$param3; ?>">
 		<input type="hidden" name="<?php echo $config_key ?>" value="">
@@ -1311,10 +1293,10 @@ function Change_PWUN_Page($config_key) { //*************************************
 		<?php echo hsc($_['pw_current']) ?><br>
 		<input type="password" name="current_pw" id="current_pw" value="">
 		
-		<?php echo $label_new ?><br>
+		<?php echo hsc($label_new) ?><br>
 		<input type="<?php echo $type ?>" name="new1" id="new1" value="">
 		
-		<?php echo $label_confirm ?><br>
+		<?php echo hsc($label_confirm) ?><br>
 		<input type="<?php echo $type ?>" name="new2" id="new2" value="">
 		
 		<?php Cancel_Submit_Buttons(hsc($_['Submit']), 'current_pw') ?>
@@ -1325,7 +1307,7 @@ function Change_PWUN_Page($config_key) { //*************************************
 	<p><?php echo hsc($_['pw_txt_12']) ?>
 	<p><?php echo hsc($_['pw_txt_14']) ?>
 	</div>
-<?php 
+<?php
 } //end Change_PWUN_Page() *****************************************************
 
 
@@ -1371,9 +1353,9 @@ function Update_config($search_for, $replace_with, $search_file, $backup_file) {
 
 
 
-function Change_PWUN_response($PWUN){ //****************************************
-	//Update $USERNAME or $HASHWORD. Default $page = changepw or changeun 
-	global $_, $ONESCRIPT, $USERNAME, $HASHWORD, $EX, $message, $page, $config_file, 
+function Change_PWUN_response($PWUN, $msg){ //**********************************
+	//Update $USERNAME or $HASHWORD. Default $page = changepw or changeun
+	global $_, $ONESCRIPT, $USERNAME, $HASHWORD, $EX, $message, $page, $config_file,
 		   $ONESCRIPT_file, $ONESCRIPT_file_backup, $CONFIG_file, $CONFIG_file_backup;
 
 	// trim leading & trailing white-space from input values
@@ -1381,8 +1363,7 @@ function Change_PWUN_response($PWUN){ //****************************************
 	$new_pwun     = trim($_POST['new1']);
 	$confirm_pwun = trim($_POST['new2']);
 
-	if    ($PWUN == "pw")  { $error_msg   = $EX.'<b>'.hsc($_['change_pw_02']).'</b> '; }
-	else /*$PWUN == "un"*/ { $error_msg   = $EX.'<b>'.hsc($_['change_un_02']).'</b> '; }
+	$error_msg   = $EX.'<b>'.hsc($msg).'</b> ';
 
 	//If nothing entered...
 	if ( ($current_pass == "") && ($new_pwun == "") && ($confirm_pwun == "") ) {
@@ -1409,7 +1390,7 @@ function Change_PWUN_response($PWUN){ //****************************************
 			$HASHWORD = hashit($new_pwun);
 			$replace_with = '$HASHWORD = "'.$HASHWORD.'";';
 		}else { //$PWUN = "un"
-			$USERNAME = $new_pwun; 
+			$USERNAME = $new_pwun;
 			$search_for  = '$USERNAME '; //include space after $USERNAME
 			$success_msg = '<b>'.hsc($_['change_un_01']).'</b>';
 			$replace_with = '$USERNAME = "'.$USERNAME.'";';
@@ -1420,7 +1401,7 @@ function Change_PWUN_response($PWUN){ //****************************************
 		//$CONFIG_file, uppercase name, includes full filesystem path.
 		if ( isset($config_file) && is_file($CONFIG_file) ) {
 			$message .= $_['change_pw_05'].' '.$_['change_pw_06'].'. . . ';
-			$updated = Update_config($search_for, $replace_with, $CONFIG_file, $CONFIG_file_backup); 
+			$updated = Update_config($search_for, $replace_with, $CONFIG_file, $CONFIG_file_backup);
 		}else{ //Update OneFileCMS
 			$message .= $_['change_pw_05'].' OneFileCMS . . . ';
 			$updated = Update_config($search_for, $replace_with, $ONESCRIPT_file, $ONESCRIPT_file_backup);
@@ -1452,9 +1433,9 @@ function Logout() { //**********************************************************
 
 
 function Login_Page() { //******************************************************
-	global $_, $ONESCRIPT, $message;
+	global $_, $ONESCRIPT;
 ?>
-	<h2><?php echo hsc($_['page_title_login']) ?></h2>
+	<h2><?php echo hsc($_['Log_In']) ?></h2>
 	<form method="post" action="<?php echo $ONESCRIPT; ?>">
 		<label for="username"><?php echo hsc($_['login_txt_01']) ?></label>
 		<input type="text" name="username" id="username" class="login_input" >
@@ -1463,7 +1444,7 @@ function Login_Page() { //******************************************************
 		<input type="submit" class="button" value="<?php echo hsc($_['Enter']) ?>">
 	</form>
 	<script>document.getElementById('username').focus();</script>
-<?php 
+<?php
 } //end Login_Page() ***********************************************************
 
 
@@ -1478,7 +1459,7 @@ function Login_response() { //**************************************************
 	$elapsed  = 0;
 
 	//Check for prior failed attempts
-	if (is_file($LOGIN_ATTEMPTS)) { 
+	if (is_file($LOGIN_ATTEMPTS)) {
 		$attempts = (int)file_get_contents($LOGIN_ATTEMPTS); //Don't increment yet...
 		$elapsed  = time() - filemtime($LOGIN_ATTEMPTS);
 	}
@@ -1498,7 +1479,7 @@ function Login_response() { //**************************************************
 	//Validate password
 	$VALID_PASSWORD = (hashit($_POST['password']) == $HASHWORD);
 
-	//validate login.  
+	//validate login.
 	if ( ($_POST['password'] == "") || ($_POST['username'] == "") )  {
 		; //Ignore attempt if either username OR password is blank.
 	}elseif ( $VALID_PASSWORD && ($_POST['username'] == $USERNAME) ) {
@@ -1537,6 +1518,10 @@ function Table_of_Files($files, $R, $C, $D) { //********************************
 		$ext = end($filename_parts);
 		if ($SHOWALLFILES || in_array($ext, $stypes)) { $SHOWTYPE = TRUE; } else { $SHOWTYPE = FALSE; }
 		
+		//Used to not show rename & delete options for active copy of OneFileCMS.
+		$IS_OFCMS = false;
+		if ( $ipath.$file == trim(rawurldecode($ONESCRIPT), '/') ) { $IS_OFCMS = true;  }
+		
 		if ( $SHOWTYPE && !is_dir($ipath.$file) && !$excluded ) {
 			
 			//Set icon type based on file type ($ext).
@@ -1546,22 +1531,27 @@ function Table_of_Files($files, $R, $C, $D) { //********************************
 ?>
 			<tr>
 				<td class="rcd">
-					<a href="<?php echo $HREF_params.'&amp;p=rename' ?>" title="<?php echo hsc($_['Ren_Move']) ?>" class="rcd1">
-					<?php echo $R ?></a></td>
+				<?php if (!$IS_OFCMS){
+					  echo '<a href="'.$HREF_params.'&amp;p=rename" title="'.hsc($_['Ren_Move']).'" class="rcd1">'.$R.'</a>';
+				} ?>
+				</td>
 				<td class="rcd">
-					<a href="<?php echo $HREF_params.'&amp;p=copy'   ?>" title="<?php echo hsc($_['Copy']) ?>"   class="rcd1" >
-					<?php echo $C ?></a></td>
+				<?php echo '<a href="'.$HREF_params.'&amp;p=copy"   title="'.hsc($_['Copy']).'"     class="rcd1">'.$C.'</a>' ?>
+				</td>
 				<td class="rcd">
-					<a href="<?php echo $HREF_params.'&amp;p=delete' ?>" title="<?php echo hsc($_['Delete']) ?>" class="rcd1" >
-					<?php echo $D ?></a></td>
-
-				<td class="ckbox"><INPUT TYPE=checkbox NAME="files[<?php echo $X++ ?>]" VALUE="<?php echo hsc($file) ?>"></td>
-
+				<?php if (!$IS_OFCMS){
+					  echo '<a href="'.$HREF_params.'&amp;p=delete" title="'.hsc($_['Delete']).'"   class="rcd1">'.$D.'</a>';
+				} ?>
+				</td>
+				<td class="ckbox">
+				<?php if (!$IS_OFCMS){
+					echo '<INPUT TYPE=checkbox NAME="files['.($X++).']" VALUE="'.hsc($file).'">';
+				} ?>
+				</td>
 				<td class="file_name">
-					<?php echo '<a href="'.$HREF_params.'&amp;p=edit"  title="Edit">'; ?>
+					<?php echo '<a href="'.$HREF_params.'&amp;p=edit"  title="'.hsc($_['Edit']).'">'; ?>
 					<?php echo show_icon($type).hte($file), '</a>'; ?>
 				</td>
-				
 				<td class="meta_T file_size">&nbsp;
 					<?php echo number_format(filesize($ipath.$file)); ?> B
 				</td>
@@ -1569,7 +1559,7 @@ function Table_of_Files($files, $R, $C, $D) { //********************************
 					<script>FileTimeStamp(<?php echo filemtime($ipath.$file); ?>, 1, 0);</script>
 				</td>
 			</tr>
-<?php 
+<?php
 		}//end if !is_dir...
 	}//end foreach file
 	echo '</table>';
@@ -1579,7 +1569,7 @@ function Table_of_Files($files, $R, $C, $D) { //********************************
 
 function List_Files() { //******************************************************
 //called from Index Page
-	global $_, $ONESCRIPT, $ipath, $param1, $ftypes, $fclasses, $excluded_list, $INPUT_NUONCE;
+	global $_, $ONESCRIPT, $ipath, $param1, $ftypes, $fclasses, $excluded_list, $INPUT_NUONCE, $CHECKBOX_OFFSET;
 
 	$files = scandir('./'.$ipath);
 	natcasesort($files);
@@ -1607,11 +1597,11 @@ function List_Files() { //******************************************************
 	//*The parameter for the Select_All() and Confirm_ready() javascript functions
 	// is the number of form elements before the first file select checkbox.
 	// As of Version 3.3.18, that number is 7.
-	$checkbox_offset = 7;
-	
+	$CHECKBOX_OFFSET = 7;
+
 	if (supports_svg()) { //Checks if IE < 9.
 		$select_all_attribs = 'TYPE=checkbox NAME=select_all id=select_all VALUE=select_all';
-		$select_all_input = '<INPUT '.$select_all_attribs.' onclick="Select_All('.$checkbox_offset.');">';
+		$select_all_input = '<INPUT '.$select_all_attribs.' onclick="Select_All('.$CHECKBOX_OFFSET.');">';
 		echo '<div id=select_all_div><LABEL for=select_all id=select_all_label>'.$_['Select_All'].'</LABEL></div>'.$select_all_input;
 	}
 	
@@ -1624,7 +1614,7 @@ function input_mcd($mcd) {
 	echo '<LABEL id=delete_label>'.hsc($_['Delete']).' '.input_mcd('delete').'</LABEL> ';
 	
 	echo '<input type=submit id=mcd_submit class=button value="'.hsc($_['Selected_Files']).
-		'" onclick="Confirm_ready('.$checkbox_offset.'); return false">';
+		'" onclick="return Confirm_ready('.$CHECKBOX_OFFSET.');">';
 	echo '</div>'; //end class=action
 	echo '<div class=clear></div>'; //clear select_all
 
@@ -1664,11 +1654,9 @@ function Index_Page(){ //*******************************************************
 function Edit_Page_buttons_top($text_editable,$file_ENC){ //********************
 	global $_, $ONESCRIPT, $param1, $filename;
 
-	//For [Close] button: if came from admin page, restore admin_ipath
+	//For [Close] button: if came from admin page, return there.
 	$params = $param1;
-	if ($_SESSION['recent_pages'][1] == "admin") {
-		$params = '?i='.URLencode_path($_SESSION['admin_ipath']).'&amp;p=admin';
-	}
+	if ( $_SESSION['admin_page'] ) { $params .= '&amp;p=admin'; }
 ?>
 	<div class="edit_btns_top">
 		<div class="file_meta">
@@ -1685,13 +1673,13 @@ function Edit_Page_buttons_top($text_editable,$file_ENC){ //********************
 			<?php if ( $text_editable ) { ?>
 				<input type="button" id="wide_view" class="button" value="<?php echo hsc($_['Wide_View']) ?>" onclick="Wide_View();">
 			<?php } ?>
-			<input type="button" id="close1" class="button" value="<?php echo hsc($_['Close']) ?>" 
+			<input type="button" id="close1" class="button" value="<?php echo hsc($_['Close']) ?>"
 				onclick="parent.location = '<?php echo $ONESCRIPT.$params ?>'">
 			<script>document.getElementById('close1').focus();</script>
 		</div>
 		<div class=clear></div>
 	</div>
-<?php 
+<?php
 }//end Edit_Page_buttons_top(){ //**********************************************
 
 
@@ -1702,15 +1690,13 @@ function Edit_Page_buttons($text_editable, $too_large_to_edit) { //*************
 	$Button = '<input type="button" class="button" value="';
 	$ACTION = '" onclick="parent.location = \''.$ONESCRIPT.$param1.$param2.'&amp;p=';
 
-	//For [Close] button: if came from admin page, restore admin_ipath
+	//For [Close] button: if came from admin page, return there.
 	$params = $param1;
-	if ($_SESSION['recent_pages'][1] == "admin") {
-		$params = '?i='.URLencode_path($_SESSION['admin_ipath']).'&amp;p=admin';
-	}
+	if ( $_SESSION['admin_page'] ) { $params .= '&amp;p=admin'; }
 ?>
 	<div class="edit_btns_bottom">
 	<?php if ($text_editable && !$too_large_to_edit) { //Show save & reset only if editable file ?>
-		<?php echo Timeout_Timer($MAX_IDLE_TIME, 'timer1','timer', 'LOGOUT'); 
+		<?php echo Timeout_Timer($MAX_IDLE_TIME, 'timer1','timer', 'LOGOUT');
 	  ?><input type="submit" class="button" value="Save"                           onclick="submitted = true;" id="save_file"><?php
 	  ?><input type="button" class="button" value="<?php echo hsc($_['reset']) ?>" onclick="Reset_File()"      id="reset">
 		<script>
@@ -1735,7 +1721,7 @@ function Edit_Page_buttons($text_editable, $too_large_to_edit) { //*************
 
 
 //******************************************************************************
-function Edit_Page_form($ext, $text_editable, $too_large_to_edit, $too_large_to_edit_message){ 
+function Edit_Page_form($ext, $text_editable, $too_large_to_edit, $too_large_to_edit_message){
 	global $_, $ONESCRIPT, $param1, $param2, $param3, $filename, $itypes, $INPUT_NUONCE, $EX,  $raw_contents;
 ?>
 	<form id="edit_form" name="edit_form" method="post" action="<?php echo $ONESCRIPT.$param1.$param2.$param3 ?>">
@@ -1755,9 +1741,11 @@ function Edit_Page_form($ext, $text_editable, $too_large_to_edit, $too_large_to_
 				}else{
 					$filecontents = htmlspecialchars($raw_contents,ENT_SUBSTITUTE | ENT_QUOTES, 'UTF-8');
 				}
-				$bad_chars = ($filecontents == "" && filesize($filename) > 0);
 				
-				if ($bad_chars){ //did htmlspecialchars return an empty string?
+				//Did htmlspecialchars return an empty string from a non-empty file?
+				$bad_chars = ( ($filecontents == "") && (filesize($filename) > 0) );
+				
+				if ($bad_chars){ 
 					echo '<pre class="edit_disabled">'.$EX.hsc($_['edit_txt_02']).'<br>';
 					echo hsc($_['edit_txt_03']).'<br>';
 					echo hsc($_['edit_txt_04']).'<br></pre>';
@@ -1798,7 +1786,7 @@ function Edit_Page_Notes() { //*************************************************
 				<div class="notes"><b>2) </b> <?php echo hsc($_['edit_note_03']) ?></div>
 				<div class="notes"><b>3) </b> <?php echo hsc($_['edit_note_04']) ?></div>
 			</div>
-<?php 
+<?php
 }//end Edit_Page_Notes() { //***************************************************
 
 
@@ -1821,26 +1809,27 @@ function Edit_Page() { //*******************************************************
 		$raw_contents = file_get_contents($filename);
 		$file_ENC = mb_detect_encoding($raw_contents); //ASCII, UTF-8, etc...
 	}else{
-		$file_ENC     = ""; 
+		$file_ENC     = "";
 		$raw_contents = "";
 	}
 
 	if ( $too_large_to_edit ) { $header2 = hsc($_['edit_h2_1']); }
 	else                      { $header2 = hsc($_['edit_h2_2']); }
 
-	$too_large_to_edit_message = 
+	$too_large_to_edit_message =
 '<b>'.hsc($_['too_large_to_edit_01a']).' '.number_format($MAX_EDIT_SIZE).' '.hsc($_['too_large_to_edit_01b']).'</b><br>'.
 hsc($_['too_large_to_edit_02']).'<br>'.hsc($_['too_large_to_edit_03']).'<br>'.hsc($_['too_large_to_edit_04']);
 
-	$too_large_to_view_message = 
+	$too_large_to_view_message =
 '<b>'.hsc($_['too_large_to_view_01a']).' '.number_format($MAX_VIEW_SIZE).' '.hsc($_['too_large_to_view_01b']).'</b><br>'.
 hsc($_['too_large_to_view_02']).'<br>'.hsc($_['too_large_to_view_03']).'<br>';//.hsc($_['too_large_to_view_04']);
 
-	// Used to preserve vertical spacing, so edit area doesn't jump as much.
+	//Preserves vertical spacing when message is blank, so edit area doesn't jump as much.
 	echo '<style>#message_box { min-height: 1.86em; }</style>';
 
 	echo '<h2 id="edit_header">'.$header2.' ';
-	echo '<a class="h2_filename" href="/'.URLencode_path($filename).'" target="_blank">'.hte(basename($filename)).'</a>';
+	echo '<a class="h2_filename" href="/'.URLencode_path($filename).'" target="_blank" title="'.$_['Open_View'].'">';
+	echo hte(basename($filename)).'</a>';
 	echo '</h2>'.PHP_EOL;
 
 	Edit_Page_buttons_top($text_editable, $file_ENC);
@@ -1854,7 +1843,7 @@ function Edit_Page() { //*******************************************************
 	if     ( $text_editable && $too_large_to_view ) {
 		echo '<p class="edit_disabled">'.$too_large_to_view_message.'</p>';
 	}
-	elseif ( $text_editable && $too_large_to_edit ){ 
+	elseif ( $text_editable && $too_large_to_edit ){
 		$filecontents = hsc(file_get_contents($filename), ENT_COMPAT,'UTF-8');
 		echo '<pre class="edit_disabled view_file">'.$filecontents.'</pre>';
 	}
@@ -1903,16 +1892,16 @@ function shorthand_to_int($SHORTHAND){ //*******************
 	if ($UMF <= $PMS){ $MAX_FILE_SIZE = $UMF; $max_msg = $upload_max_filesize.' '.hsc($_['upload_txt_01']); }
 	else             { $MAX_FILE_SIZE = $PMS; $max_msg = $post_max_size      .' '.hsc($_['upload_txt_02']); }
 ?>
-	<h2><?php echo hsc($_['page_title_upload']) ?></h2>
-	<p><?php echo hsc($_['upload_txt_03']).$max_msg; ?></p>
+	<h2><?php echo hsc($_['Upload_File']) ?></h2>
+	<p><?php echo hsc($_['upload_txt_03']).' '.$max_msg; ?></p>
 	<form enctype="multipart/form-data" action="<?php echo $ONESCRIPT.$param1; ?>&amp;p=uploaded" method="post">
 		<?php echo $INPUT_NUONCE; ?>
-		<input type="hidden" name="MAX_FILE_SIZE" value="<?php echo $MAX_FILE_SIZE ?>"> 
+		<input type="hidden" name="MAX_FILE_SIZE" value="<?php echo $MAX_FILE_SIZE ?>">
 		<input type="hidden" name="upload_destination" value="<?php echo hsc($ipath); ?>" >
 		<input type="file"   name="upload_file" id="upload_file" size="100">
 		<?php Cancel_Submit_Buttons(hsc($_['Upload']),"cancel"); ?>
 	</form>
-<?php 
+<?php
 } //end Upload_Page() **********************************************************
 
 
@@ -1924,7 +1913,7 @@ function Upload_response() { //*************************************************
 	$destination = Check_path($_POST["upload_destination"]);
 	$page  = "index";
 	$MAXUP1 = ini_get('upload_max_filesize');
-	$MAXUP2 = number_format($_POST['MAX_FILE_SIZE']).' '.hsc($_['meta_txt_02']); 
+	$MAXUP2 = number_format($_POST['MAX_FILE_SIZE']).' '.hsc($_['meta_txt_02']);
 	$ERROR = $_FILES['upload_file']['error'];
 
 	if     ( $ERROR == 1 ){ $ERRMSG = hsc($_['upload_err_01a']).' upload_max_filesize = '.$MAXUP1.' '.hsc($_['upload_err_01b']);}
@@ -1937,7 +1926,7 @@ function Upload_response() { //*************************************************
 	elseif ( $ERROR == 8 ){ $ERRMSG = hsc($_['upload_err_08']); }
 	else                  { $ERRMSG = ''; }
 
-	if (($filename == "")){ 
+	if (($filename == "")){
 		$message .= $EX.'<b>'.hsc($_['upload_msg_01']).'</b><br>';
 	}elseif (($destination != "") && !is_dir($destination)) {
 		$message .= $EX.'<b>'.hsc($_['upload_msg_02']).'</b><br>';
@@ -1960,14 +1949,14 @@ function Upload_response() { //*************************************************
 function New_File_Page() { //***************************************************
 	global $_, $FORM_COMMON, $INVALID_CHARS;
 ?>
-	<h2><?php echo hsc($_['page_title_new_file']) ?></h2>
+	<h2><?php echo hsc($_['New_File']) ?></h2>
 	<?php echo $FORM_COMMON ?>
 		<p><?php echo hsc($_['new_file_txt_01']).' '.hsc($_['new_file_txt_02']) ?>
 		<span class="mono"><?php echo hte($INVALID_CHARS) ?></span></p>
 		<input type="text" name="new_file" id="new_file" value="">
 		<?php Cancel_Submit_Buttons(hsc($_['Create']),"new_file"); ?>
 	</form>
-<?php 
+<?php
 }//end New_File_Page()**********************************************************
 
 
@@ -1989,7 +1978,7 @@ function New_File_response() { //***********************************************
 		$message .= $EX.'<b>'.hsc($_['new_file_msg_01']).'</b> '.hte($new_name).'<br>'.
 			'<b> &nbsp; &nbsp; &nbsp; '.hsc($_['new_file_msg_02']).' '.
 			'<span class="mono">'.hte($INVALID_CHARS).'</span></b>';
-	}elseif ($new_name == ""){ 
+	}elseif ($new_name == ""){
 		$message .= $EX.'<b>'.hsc($_['new_file_msg_03']).'</b>';
 	}elseif (file_exists($filename)) {
 		$message .= $EX.'<b>'.hsc($_['new_file_msg_04']).' ';
@@ -1999,7 +1988,7 @@ function New_File_response() { //***********************************************
 		$message .= '<b>'.hsc($_['new_file_msg_05']).'</b> '.hte($new_name);
 		$page     = "edit";
 		$param2   = '&amp;f='.rawurlencode(basename($filename));// for Edit_Page() buttons
-		$param3   = '&amp;p=edit';                              // for Edit_Page() buttons 
+		$param3   = '&amp;p=edit';                              // for Edit_Page() buttons
 	}else{
 		$message .= $EX.'<b>'.hsc($_['new_file_msg_06']);
 		$message .= hte($new_name).'</b>';
@@ -2048,79 +2037,80 @@ function Copy_Ren_Move_Page($action, $title, $name_id, $isfile) { //************
 
 	Set_Input_width();
 ?>
-	<h2><?php echo $action.' '.$title ?></h2>
+	<h2><?php echo hsc($action.' '.$title) ?></h2>
 
 	<p><?php echo hsc($_['CRM_txt_01'].' '.$_['CRM_txt_02']) ?></p>
 
 	<?php echo $FORM_COMMON ?>
 
 		<label><?php echo hsc($_['CRM_txt_03']) ?></label><br>
-		<span class="web_root"><?php echo hte($WEB_ROOT); ?></span><input type="text" 
+		<span class="web_root"><?php echo hte($WEB_ROOT); ?></span><input type="text"
 			name="old_name" value="<?php echo hsc($old_name); ?>" readonly="readonly">
 		<br>
 		<label><?php echo hsc($_['CRM_txt_04']) ?></label><br>
-		<span class="web_root"><?php echo hte($WEB_ROOT); ?></span><input type="text" 
-			name="<?php echo $name_id ?>" id="<?php echo $name_id ?>" 
+		<span class="web_root"><?php echo hte($WEB_ROOT); ?></span><input type="text"
+			name="<?php echo $name_id ?>" id="<?php echo $name_id ?>"
 			value="<?php echo hsc($new_name); ?>">
 		<?php Cancel_Submit_Buttons($action, $name_id); ?>
 
 	</form>
-<?php 
+<?php
 } //end Copy_Ren_Move_Page() ***************************************************
 
 
 
 
 //******************************************************************************
-function Copy_Ren_Move_response($old_name, $new_name, $action, $msg1, $msg2, $isfile, $show_message = 3){
+function Copy_Ren_Move_response($old_name, $new_name, $action, $msg1, $isfile, $show_message = 3){
 	//$action = 'copy' or 'rename'. $isfile = 1 if acting on a file, not a folder
 	//$show_message: 0 = none; 1 = errors only; 2 = successes only; 3 = all messages (default).
-	global $_, $WEB_ROOT, $ipath, $param1, $param2, $message, $EX, $page, $filename;
+	global $_, $WEB_ROOT, $ipath, $filename, $page, $param1, $param2, $message, $EX ;
 
 	$old_name = trim($old_name,'/ ');
 	$new_name = trim($new_name,'/ ');
 	$new_location = dirname($new_name);
-	$param2 = '';
-	$err_msg = ''; //Error message. Set below as needed.
-	$scs_msg = ''; //Success message. Set below as needed.
+	$filename = $old_name; //default if error.
 
-	$msg_from = hte($_['CRM_txt_03']);
-	$msg_to   = hte($_['CRM_txt_04']);
-	if ($action == "rename") {
-		$msg_from = hte($_['CRM_txt_03']);
-		$msg_to   = hte($_['CRM_txt_04']);
-	}
+	//Common message lines
+	$com_msg  = '<div id="message_left">'.hte($_['From']).'<br>'.hte($_['To']).'</div>';
+	$com_msg .= '<b>: </b><span class="filename">'.hte($WEB_ROOT.$old_name).'</span><br>';
+	$com_msg .= '<b>: </b><span class="filename">'.hte($WEB_ROOT.$new_name).'</span><br>';
+	
+	$err_msg = ''; //Error message.
+	$scs_msg = ''; //Success message.
+
+	$error = 1; //0= no error, 1 = an error.
 	
 	if ( !is_dir($new_location) ) {
-		$err_msg .= $EX.'<b>'.$msg1.' '.hsc($_['CRM_msg_01']).'</b><br>';
+		$err_msg  = $EX.'<b>'.hsc($msg1.' '.$_['CRM_msg_01']).'</b><br>';
 		$err_msg .= '<span class="filename">'.hte($WEB_ROOT.$new_name).'/</span><br>';
-		$error = 1; //0= no error, 1 = an error.
 	}elseif ( !file_exists($old_name) ) {
-		$err_msg .= $EX.'<b>'.$msg1.' '.hsc($_['CRM_msg_02']).'</b><br>';
+		$err_msg  = $EX.'<b>'.hsc($msg1.' '.$_['CRM_msg_02']).'</b><br>';
 		$err_msg .= '<span class="filename">'.hte($WEB_ROOT.$old_name).'</span><br>';
-		$error = 1;
 	}elseif ( file_exists($new_name) ) {
-		$err_msg .= $EX.'<b>'.$msg1.' '.hsc($_['CRM_msg_03']).'</b><br>';
+		$err_msg  = $EX.'<b>'.hsc($msg1.' '.$_['CRM_msg_03']).'</b><br>';
 		$err_msg .= '<span class="filename">'.hte($WEB_ROOT.$new_name).'</span><br>';
-		$error = 1;
 	}elseif ($action($old_name, $new_name)) {
-		$scs_msg .= '<b>'.$msg1.' '.$_['successful'].'</b><br>';
-		$scs_msg .= '<div id="message_left">'.hte($_['From']).'<br>'.hte($_['To']).'</div>';
-		$scs_msg .= '<b>: </b><span class="filename">'.hte($WEB_ROOT.$old_name).'</span><br>';
-		$scs_msg .= '<b>: </b><span class="filename">'.hte($WEB_ROOT.$new_name).'</span><br>';
-		if ($isfile) { $ipath = Check_path(dirname($new_name)); } //if file
-		else         { $ipath = Check_path($new_name); }          //if folder
-		$param1   = '?i='.URLencode_path($ipath);
+		$scs_msg  = '<b>'.hsc($msg1.' '.$_['successful']).'</b><br>'.$com_msg;
+		if ($isfile) {
+			$ipath = Check_path(dirname($new_name));
+			$filename = $new_name;
+		}else { //folder
+			$ipath = Check_path($new_name);
+		}
 		$error = 0;
 	}else{
-		$err_msg .= '<span class="filename">'.hte($WEB_ROOT.$old_name).'</span><br>';
-		$err_msg .= $EX.'<b>'.hsc($_['CRM_msg_05a']).' '.$msg1.' '.hsc($_['CRM_msg_05b']).'</b><br>';
-		$err_msg .= '<span class="filename">'.hte($WEB_ROOT.$new_name).'</span><br>';
-		$error = 1;
+		$err_msg .= $EX.'<b>'.hsc($_['CRM_msg_05a'].' '.$msg1).'</b><br>'.$com_msg;
 	}
-	
-	if (($show_message & 1) == 1) { $message .= $err_msg; } //Show error message.
-	if (($show_message & 2) == 2) { $message .= $scs_msg; } //Show success message.
+
+	if ($show_message & 1) { $message .= $err_msg; } //Show error message.
+	if ($show_message & 2) { $message .= $scs_msg; } //Show success message.
+
+	//Prior page should be either index or edit
+	$page = $_SESSION["recent_pages"][1];
+	$param1 = '?i='.URLencode_path($ipath);
+	$param2 = '&amp;f='.rawurlencode(basename($filename));
+
 	return $error; //
 }//end Copy_Ren_Move_response() ************************************************
 
@@ -2130,14 +2120,14 @@ function Copy_Ren_Move_response($old_name, $new_name, $action, $msg1, $msg2, $is
 function Delete_File_Page() { //************************************************
 	global $_, $filename, $FORM_COMMON;
 ?>
-	<h2><?php echo hsc($_['page_title_del']) ?></h2>
+	<h2><?php echo hsc($_['Del_Files']) ?></h2>
 	<?php echo $FORM_COMMON ?>
 		<input type="hidden" name="delete_file" value="<?php echo hsc($filename); ?>" >
 		<p><span class="verify_del"><?php echo hte(basename($filename)); ?></span></p>
 		<p><b><?php echo hsc($_['delete_txt_01']) ?></b></p>
 		<?php Cancel_Submit_Buttons(hsc($_['DELETE']), "cancel"); ?>
 	</form>
-<?php 
+<?php
 } //end Delete_File_Page() *****************************************************
 
 
@@ -2162,14 +2152,6 @@ function Delete_File_response($del_file = "", $show_message = 3){ //************
 		$error = 1;
 	}
 
-	//If came to Delete from admin page, restore admin_ipath & return to admin.
-	if ($_SESSION['recent_pages'][1] == "admin") {
-		$ipath = $_SESSION['admin_ipath'];
-		$page = "admin";
-		$param1 = '?i='.URLencode_path($ipath);
-		$param2 = "";
-	}
-
 	if ($show_message & 1) { $message .= $err_msg; } //Show error message.
 	if ($show_message & 2) { $message .= $scs_msg; } //Show success message.
 	return $error; //
@@ -2181,14 +2163,14 @@ function Delete_File_response($del_file = "", $show_message = 3){ //************
 function New_Folder_Page() { //*************************************************
 	global $_, $FORM_COMMON, $INVALID_CHARS;
 ?>
-	<h2><?php echo hsc($_['page_title_folder_new']) ?></h2>
+	<h2><?php echo hsc($_['New_Folder']) ?></h2>
 	<?php echo $FORM_COMMON ?>
 		<p><?php echo hsc($_['new_folder_txt_1']) ?>
 		<?php echo hsc($_['new_folder_txt_2']) ?> <span class="mono"><?php echo hte($INVALID_CHARS) ?></span></p>
 		<input type="text" name="new_folder" id="new_folder" value="">
 		<?php Cancel_Submit_Buttons(hsc($_['Create']),"new_folder"); ?>
 	</form>
-<?php 
+<?php
 } //end New_Folder_Page() ******************************************************
 
 
@@ -2210,7 +2192,7 @@ function New_Folder_response(){ //**********************************************
 	if ($invalid){
 		$message .= $EX.'<b>'.hsc($_['new_folder_msg_01']).'</b> <span class="filename">'.hte($new_name).'</span><br>';
 		$message .= '<b>'.hsc($_['new_folder_msg_02']).' <span class="mono">'.hte($INVALID_CHARS).'</span></b>';
-	}elseif ($new_name == ""){ 
+	}elseif ($new_name == ""){
 		$message .= $EX.'<b>'.hsc($_['new_folder_msg_03']).'</b>';
 	}elseif (is_dir($new_ipath)) {
 		$message .= $EX.'<b>'.hsc($_['new_folder_msg_04']).' </b>';
@@ -2231,7 +2213,7 @@ function New_Folder_response(){ //**********************************************
 function Delete_Folder_Page(){ //***********************************************
 	global $_, $WEB_ROOT, $ipath, $FORM_COMMON;
 ?>
-	<h2><?php echo hsc($_['page_title_folder_del']) ?></h2>
+	<h2><?php echo hsc($_['Del_Folder']) ?></h2>
 	<?php echo $FORM_COMMON ?>
 		<input type="hidden" name="delete_folder" value="<?php echo hsc($ipath); ?>" >
 		<p>
@@ -2241,7 +2223,7 @@ function Delete_Folder_Page(){ //***********************************************
 		<p><b><?php echo hsc($_['delete_folder_txt_01']) ?></b></p>
 		<?php Cancel_Submit_Buttons(hsc($_['DELETE']), "cancel"); ?>
 	</form>
-<?php 
+<?php
 } //end Delete_Folder_Page() //*************************************************
 
 
@@ -2274,21 +2256,18 @@ function MCD_Page() { //********************************************************
 	$focus = 'new_location';
 
 	if ($_POST['action'] == 'move')   {
-		$page_title = hsc($_['page_title_mov']);
-		$button     = hsc($_['Move_Files']);
+		$page_title = hsc($_['Move_Files']);
 		$classes    = "verify";
 		$action     = 'mcd_mov';
 	}elseif ($_POST['action'] == 'copy'){
-		$page_title = hsc($_['page_title_copy']);
-		$button     = hsc($_['Copy_Files']);
+		$page_title = hsc($_['Copy_Files']);
 		$classes    = "verify";
 		$action     = 'mcd_cpy';
 	}else { //$_POST['action'] == 'delete'
-		$page_title = hsc($_['page_title_del']);
-		$button     = hsc($_['Del_Files']);
+		$page_title = hsc($_['Del_Files']);
 		$classes    = "verify verify_del";
 		$action     = 'mcd_del';
-		$focus      = 'cancel';
+		$focus      = 'cancel'; //For Delete, put initial focus on [Cancel] button.
 	}
 
 	Set_Input_width();
@@ -2303,13 +2282,6 @@ function MCD_Page() { //********************************************************
 			echo '<input type="hidden" name="files['.$X++	.']" value="'.$file.'">'.PHP_EOL;
 		}
 		
-		//List files
-		echo '<table class="'.$classes.'">';
-		foreach($_POST['files'] as $file) {
-			echo '<tr><td>'.hte($file).'</td></tr>';
-		}
-		echo '</table>';
-		
 		if ($_POST['action'] != 'delete')  {
 			echo '<label for="new_location">'.hsc($_['New_location']).'</label> ('.hsc($_['CRM_txt_02']).')<br>';
 			echo '<span class="web_root">'.hte($WEB_ROOT).'</span>';
@@ -2317,7 +2289,15 @@ function MCD_Page() { //********************************************************
 		}
 			
 		echo '<p><b>'.hsc($_['delete_txt_01']).'</b></p>'; //"Are you sure?"
-		Cancel_Submit_Buttons(hsc($button), $focus);
+		Cancel_Submit_Buttons(hsc($page_title), $focus);
+			
+		//List selected files
+		echo '<table class="'.$classes.'">';
+		echo '<tr><th>'.$_['Selected_Files'].':</th></tr>';
+		foreach($_POST['files'] as $file) {
+			echo '<tr><td>'.hte($file).'</td></tr>';
+		}
+		echo '</table>';
 	echo '</form>';
 
 } //end MCD_Page() *************************************************************
@@ -2325,24 +2305,13 @@ function MCD_Page() { //********************************************************
 
 
 
-function MCD_response($action) { //*********************************************
+function MCD_response($action, $msg1, $success_msg = '') { //*******************
 	global $_, $WEB_ROOT, $ipath, $param1, $param2, $param3, $message, $EX, $filename;
 
 	$files    = $_POST['files']; //List of files to delete (path not included)
 	$count    = count($files);
 	$errors   = 0; //number of failed moves or copies
 
-	if     ($action == 'rename') { //rename = move
-		$msg1 = hsc($_['Ren_Move']); $msg2 = hsc($_['Ren_Moved']);
-		$success_msg = hsc($_['mcd_msg_01']);
-	}
-	elseif ($action == 'copy') {
-		$msg1 = hsc($_['Copy']);     $msg2 = hsc($_['Copied']);
-		$success_msg = hsc($_['mcd_msg_02']);
-	}else{//$action == delete
-		$success_msg = hsc($_['mcd_msg_03']);
-	}
-
 	$isfile = 1;
 	$show_message = 1; //1= show error msg only. 2= show success msg only. 3= show all msg's.
 
@@ -2362,7 +2331,7 @@ function MCD_response($action) { //*********************************************
 		foreach ($files as $file){
 			$old_name = $mcd_ipath.$file;
 			$new_name = $new_location.$file;
-			$errors  += Copy_Ren_Move_response($old_name, $new_name, $action, $msg1, $msg2, $isfile, $show_message);
+			$errors  += Copy_Ren_Move_response($old_name, $new_name, $action, $msg1, $isfile, $show_message);
 		}
 	}
 
@@ -2370,7 +2339,7 @@ function MCD_response($action) { //*********************************************
 	
 	if ($errors) { $message .= $EX.' <b>'.$errors.' '.hsc($_['errors']).'.</b> '; }
 	
-	$message .= '<b>'.$successful.' '.$success_msg.'</b><br>';
+	$message .= '<b>'.$successful.' '.hsc($success_msg).'</b><br>';
 
 	if ($action != 'delete') {
 		if ($successful != 0) { //if all errors, don't bother...
@@ -2387,20 +2356,20 @@ function MCD_response($action) { //*********************************************
 function Page_Title(){ //***<title>Page_Title()</title>*************************
 	global $_, $page;
 
-	if     ($page == "login")        { return hsc($_['page_title_login']);     }
-	elseif ($page == "admin")        { return hsc($_['page_title_admin']);     }
-	elseif ($page == "hash")         { return hsc($_['page_title_hash']);      }
-	elseif ($page == "changepw")     { return hsc($_['page_title_change_pw']); }
-	elseif ($page == "changeun")     { return hsc($_['page_title_change_un']); }
-	elseif ($page == "edit")         { return hsc($_['page_title_edit']);      }
-	elseif ($page == "upload")       { return hsc($_['page_title_upload']);    }
-	elseif ($page == "newfile")      { return hsc($_['page_title_new_file']);  }
-	elseif ($page == "copy" )        { return hsc($_['page_title_copy']);      }
-	elseif ($page == "rename")       { return hsc($_['page_title_ren']);       }
-	elseif ($page == "delete")       { return hsc($_['page_title_del']);       }
-	elseif ($page == "newfolder")    { return hsc($_['page_title_folder_new']);}
-	elseif ($page == "renamefolder") { return hsc($_['page_title_folder_ren']);}
-	elseif ($page == "deletefolder") { return hsc($_['page_title_folder_del']);}
+	if     ($page == "login")        { return $_['Log_In'];        }
+	elseif ($page == "admin")        { return $_['Admin_Options']; }
+	elseif ($page == "hash")         { return $_['Generate_Hash']; }
+	elseif ($page == "changepw")     { return $_['pw_change'];     }
+	elseif ($page == "changeun")     { return $_['un_change'];     }
+	elseif ($page == "edit")         { return $_['Edit_View'];     }
+	elseif ($page == "upload")       { return $_['Upload_File'];   }
+	elseif ($page == "newfile")      { return $_['New_File'];      }
+	elseif ($page == "copy" )        { return $_['Copy_Files'];    }
+	elseif ($page == "rename")       { return $_['Ren_Move'].' '.$_['File'];}
+	elseif ($page == "delete")       { return $_['Del_Files'];     }
+	elseif ($page == "newfolder")    { return $_['New_Folder'];    }
+	elseif ($page == "renamefolder") { return $_['Ren_Folder'];    }
+	elseif ($page == "deletefolder") { return $_['Del_Folder'];    }
 	else                             { return $_SERVER['SERVER_NAME']; }
 }//end Page_Title() ************************************************************
 
@@ -2419,11 +2388,11 @@ function Load_Selected_Page(){ //***********************************************
 	elseif ($page == "edit")         { Edit_Page();           }
 	elseif ($page == "upload")       { Upload_Page();         }
 	elseif ($page == "newfile")      { New_File_Page();       }
-	elseif ($page == "copy")         { Copy_Ren_Move_Page(hsc($_['Copy']),   hsc($_['File']), 'copy_file', 1); }
-	elseif ($page == "rename")       { Copy_Ren_Move_Page(hsc($_['Ren_Move']), hsc($_['File']), 'rename_file', 1); }
+	elseif ($page == "copy")         { Copy_Ren_Move_Page($_['Copy'],     $_['File'], 'copy_file',   1); }
+	elseif ($page == "rename")       { Copy_Ren_Move_Page($_['Ren_Move'], $_['File'], 'rename_file', 1); }
 	elseif ($page == "delete")       { Delete_File_Page();    }
 	elseif ($page == "newfolder")    { New_Folder_Page();     }
-	elseif ($page == "renamefolder") { Copy_Ren_Move_Page(hsc($_['Ren_Move']), hsc($_['Folder']), 'rename_folder', 0); }
+	elseif ($page == "renamefolder") { Copy_Ren_Move_Page($_['Ren_Move'], $_['Folder'], 'rename_folder', 0); }
 	elseif ($page == "deletefolder") { Delete_Folder_Page();  }
 	elseif ($page == "mcdaction")    { MCD_Page();            }
 	else                             { Login_Page();          } //default
@@ -2435,7 +2404,7 @@ function Load_Selected_Page(){ //***********************************************
 function Respond_to_POST() {//**************************************************
 	global $_, $VALID_POST, $page, $message;
 
-	if ($VALID_POST) { 
+	if ($VALID_POST) {
 		if     ($page == "mcdaction") {
 			//There must be at least one 'file', and 'action' must = "move", "copy", or "delete"
 			if (!isset($_POST['mcdaction'] )) { $page = "index"; }
@@ -2445,21 +2414,21 @@ function Respond_to_POST() {//**************************************************
 				$page = "index";
 			}
 		}
-		elseif (isset($_POST["mcd_mov"]      )) { MCD_response('rename');    } //move == rename
-		elseif (isset($_POST["mcd_cpy"]      )) { MCD_response('copy');      }
-		elseif (isset($_POST["mcd_del"]      )) { MCD_response('delete');    }
-		elseif (isset($_FILES['upload_file']['name']))  { Upload_response(); }
+		elseif (isset($_POST["mcd_mov"]      )) { MCD_response('rename', $_['Ren_Move'], $_['mcd_msg_01']); } //move == rename
+		elseif (isset($_POST["mcd_cpy"]      )) { MCD_response('copy'  , $_['Copy']    , $_['mcd_msg_02']); }
+		elseif (isset($_POST["mcd_del"]      )) { MCD_response('delete', $_['Delete']  , $_['mcd_msg_03']); }
 		elseif (isset($_POST["whattohash"]   )) { Hash_response();           }
-		elseif (isset($_POST["pw"]           )) { Change_PWUN_response('pw');}
-		elseif (isset($_POST["un"]           )) { Change_PWUN_response('un');}
+		elseif (isset($_POST["pw"]           )) { Change_PWUN_response('pw', $_['change_pw_02']);}
+		elseif (isset($_POST["un"]           )) { Change_PWUN_response('un', $_['change_un_02']);}
 		elseif (isset($_POST["filename"]     )) { Edit_response();           }
 		elseif (isset($_POST["new_file"]     )) { New_File_response();       }
-		elseif (isset($_POST["copy_file"]    )) { Copy_Ren_Move_response($_POST[ "old_name"], $_POST["copy_file"], 'copy', hsc($_['Copy']), hsc($_['Copied']), 1); } 
-		elseif (isset($_POST["rename_file"]  )) { Copy_Ren_Move_response($_POST[ "old_name"], $_POST["rename_file"],   'rename', hsc($_['Ren_Move']), hsc($_['Ren_Moved']), 1); } 
+		elseif (isset($_POST["copy_file"]    )) { Copy_Ren_Move_response($_POST[ "old_name"], $_POST["copy_file"]  , 'copy'  , $_['Copy']    , 1); }
+		elseif (isset($_POST["rename_file"]  )) { Copy_Ren_Move_response($_POST[ "old_name"], $_POST["rename_file"], 'rename', $_['Ren_Move'], 1); }
 		elseif (isset($_POST["delete_file"]  )) { Delete_File_response();    }
 		elseif (isset($_POST["new_folder"]   )) { New_Folder_response();     }
-		elseif (isset($_POST["rename_folder"])) { Copy_Ren_Move_response($_POST[ "old_name"], $_POST["rename_folder"], 'rename', hsc($_['Ren_Move']), hsc($_['Ren_Moved']), 0); } 
+		elseif (isset($_POST["rename_folder"])) { Copy_Ren_Move_response($_POST[ "old_name"], $_POST["rename_folder"], 'rename', $_['Ren_Move'], 0); }
 		elseif (isset($_POST["delete_folder"])) { Delete_Folder_response();  }
+		elseif (isset($_FILES['upload_file']['name']))  { Upload_response(); }
 	}//end if ($VALID_POST)
 
 }//end Respond_to_POST() *******************************************************
@@ -2504,7 +2473,7 @@ function Countdown(count, End_Time, Timer_ID, Timer_CLASS, Action){
 	}
 
 	if ( count < 1 ) {
-		if ( Action == 'LOGOUT') { 
+		if ( Action == 'LOGOUT') {
 			Timer.innerHTML = '<?php echo addslashes($_['session_expired']) ?>';
 			//Load login screen, but delay first to make sure really expired:
 			setTimeout('window.location = window.location.pathname',3000); //1000 = 1 second
@@ -2546,7 +2515,7 @@ function FileTimeStamp(php_filemtime, show_date, show_offset){
 
 	var GMT_offset = -(TIMESTAMP.getTimezoneOffset()); //Yes, I know- seems wrong, but its works.
 
-	if (GMT_offset < 0) { NEG = -1; SIGN = "-"; } else { NEG = 1; SIGN = "+"; } 
+	if (GMT_offset < 0) { NEG = -1; SIGN = "-"; } else { NEG = 1; SIGN = "+"; }
 
 	var offset_HOURS = Math.floor(NEG*GMT_offset/60);
 	var offset_MINS  = pad( NEG * (GMT_offset % 60) );
@@ -2610,35 +2579,29 @@ function Confirm_ready(list_offset){
 	is_copy    = document.getElementById("copy").checked;
 	is_delete  = document.getElementById("delete").checked;
 	
-	var   files = document.mcdaction.elements; //Actually files only = from elemements[offset] to last element.
-	var   last  = files.length - 1; //number of files & checkboxes
-	
-	file_selected = false;
-	for (var x = list_offset; x <= last ; x++) { //find first checked file.
-		if (files[x].checked == true) { file_selected = true; break; } 
+	var   files = document.mcdaction.elements; //Actual files are only from elemements[list_offset] to last element.
+	var   last  = files.length - 1; //number of files (checkboxes) + list_offset
+
+	//Clear f_msg if at least one file is checked
+	f_msg = "<?php echo addslashes($_['No_files']) ?>\n";	
+	for (var x = list_offset; x <= last ; x++) {
+		if (files[x].checked == true) { f_msg = ""; break; }
 	}
-	f_msg = "";
-	if (!file_selected) { f_msg = "<?php echo addslashes($_['No_files']) ?>\n"; }
-	
-	action_selected = false;
-	if (is_move)   { action_selected = true; }
-	if (is_copy)   { action_selected = true; }
-	if (is_delete) { action_selected = true; }
-	
-	a_msg = "";
-	if (!action_selected) { a_msg = '<?php echo addslashes($_['No_action']) ?>'; }
-	
-	if (file_selected && action_selected) { this.submit(); }
-	
-	alert(f_msg + a_msg);
-	
-	//At this point, don't submit.  However...
-	//This line doesn't work here - form still submits. Don't know why...
-	return false;
-}
 
+	//Clear a_msg if an action is selected
+	a_msg = '<?php echo addslashes($_['No_action']) ?>';
+	if ( is_move || is_copy || is_delete )   { a_msg = ""; }
+
+	//Don't submit form if either message is set.
+	if ( (f_msg != "") || (a_msg != "") ) {
+		alert(f_msg + a_msg);
+		return false;
+	}
+
+	return true; //submit form.
+}
 </script>
-<?php 
+<?php
 }//end common_scripts() ********************************************************
 
 
@@ -2716,7 +2679,7 @@ function Reset_file_status_indicators() {
 
 
 	window.onbeforeunload = function() {
-		if ( changed && !submitted ) { 
+		if ( changed && !submitted ) {
 			//FF4+ Ingores the supplied msg below & only uses a system msg for the prompt.
 			return "<?php echo addslashes($_['unload_unsaved']) ?>";
 		}
@@ -2734,17 +2697,17 @@ function Reset_file_status_indicators() {
 
 
 	//With selStart & selEnd == 0, moves cursor to start of text field.
-	function setSelRange(inputEl, selStart, selEnd) { 
-		if (inputEl.setSelectionRange) { 
+	function setSelRange(inputEl, selStart, selEnd) {
+		if (inputEl.setSelectionRange) {
 			inputEl.focus();
 			inputEl.setSelectionRange(selStart, selEnd);
-		} else if (inputEl.createTextRange) { 
+		} else if (inputEl.createTextRange) {
 			var range = inputEl.createTextRange();
 			range.collapse(true);
 			range.moveEnd('character', selEnd);
 			range.moveStart('character', selStart);
 			range.select();
-		} 
+		}
 	}
 
 
@@ -2767,8 +2730,8 @@ function Check_for_changes(event){
 
 
 	//Reset textarea value to when page was loaded.
-	//Used by [Reset] button, and when page unloads (browser back, etc). 
-	//Needed becuase if the page is reloaded (ctl-r, or browser back/forward, etc.), 
+	//Used by [Reset] button, and when page unloads (browser back, etc).
+	//Needed becuase if the page is reloaded (ctl-r, or browser back/forward, etc.),
 	//the text stays changed, but "changed" gets set to false, which looses warning.
 	function Reset_File() {
 		if (changed) {
@@ -2781,7 +2744,7 @@ function Reset_File() {
 
 	Reset_file_status_indicators();
 	</script>
-<?php 
+<?php
 }//end Edit_Page_scripts() *****************************************************
 
 
@@ -2873,7 +2836,7 @@ function style_sheet(){ //******************************************************
 	float  : left;
 	margin : 0;
 	padding: 0;
-	border : none; 
+	border : none;
 	font-weight : 900;
 	}
 
@@ -2905,17 +2868,17 @@ function style_sheet(){ //******************************************************
 
 table.index_T tr:hover { border: 1px solid #807568; }
 
-table.index_T td { 
+table.index_T td {
 	border        : 1px inset silver;
 	vertical-align: middle;
 	}
 
-.index_T td a { 
-	display: block;
-	height : 1em;
-	border : none;
-	padding: .2em 1em .3em .3em;
-	overflow   : hidden;
+.index_T td a {
+	display  : block;
+	height   : 1em;
+	border   : none;
+	padding  : .2em .2em .3em .3em;
+	overflow : hidden;
 	}
 
 .index_T td a.rcd  { padding: .4em .3em .1em .3em; }
@@ -2989,8 +2952,8 @@ function style_sheet(){ //******************************************************
 
 input[readonly]       { color: #333; background-color: #EEE; }
 input[disabled]       { color: #555; background-color: #EEE; }
-input[disabled]:hover { background-color: rgb(236,233,216);  } 
-input[disabled]:hover { background-color: rgb(236,233,216);  } 
+input[disabled]:hover { background-color: rgb(236,233,216);  }
+input[disabled]:hover { background-color: rgb(236,233,216);  }
 
 
 .buttons_right         { float: right; }
@@ -3038,11 +3001,11 @@ function style_sheet(){ //******************************************************
 
 #edit_form    {margin: 0;}
 
-.edit_disabled { 
+.edit_disabled {
 	border : 1px solid #807568;
 	width  : 99%;
 	padding: .2em;
-	margin : 0 0 .6em 0;
+	margin : .5em 0 .6em 0;
 	background-color: #FFF000; color: #333;
 	line-height: 1.4em;
 	}
@@ -3112,7 +3075,16 @@ function style_sheet(){ //******************************************************
 	background-color: white;
 	}
 
-table.verify td { 
+table.verify th {
+	border: 1px solid gray;
+	padding: 0 1em 0 1em;
+	text-align : center;
+	font-weight: 900;
+	font-family: arial;
+	background-color: #EEE;
+	}
+
+table.verify td {
 	border        : 1px inset silver;
 	padding: .1em 1em .1em .5em;
 	vertical-align: middle;
@@ -3148,15 +3120,13 @@ function style_sheet(){ //******************************************************
 
 .path {padding: 1px 5px 1px 5px} /*TRBL*/
 
-.edit_onefile {padding: 5px; float: right;}
-
 .timer { border: 1px solid gray; padding: 3px .5em 4px .5em; }
 
 .timeout { float:right; font-size: .95em; color: #333; }
 
 .edit_btns_top    { margin: .2em 0 .5em 0;}
 
-.image_info {color: #222; font-size: 1em ;}
+.image_info {color: #222; font-size: 1em ; margin: .7em 0 1em 0; }
 
 .edit_btns_bottom { float: right; }
 .edit_btns_bottom .button { margin-left: .5em; }
@@ -3170,7 +3140,7 @@ function style_sheet(){ //******************************************************
 #del_backup   { float: left; margin-left  :  1em; }
 
 /*** For old IE only: text "icons" for Rename, Copy, and Delete ***/
-.RCD {font: 900 .6em arial; border: 1px solid; padding: 0px 2px 0px 2px;} 
+.RCD {font: 900 .6em arial; border: 1px solid; padding: 0px 2px 0px 2px;}
 .R   {color: #804000; border-color: #804000}
 .C   {color: #006400; border-color: #006400}
 .D   {color: #a00;    border-color: #a00}
@@ -3202,7 +3172,7 @@ function style_sheet(){ //******************************************************
 
 #mcd_submit { padding: 2px 5px; color: rgb(100,45,0); }
 </style>
-<?php 
+<?php
 }//end style_sheet() ***********************************************************
 
 
@@ -3225,7 +3195,7 @@ function Language_and_config_adjusted_styles() {//******************************
 	}
 
 .image_info {				/*Default is 1em*/
-	color: #222; font-size: <?php echo $_['image_info_font_size'] ?>; 
+	color: #222; font-size: <?php echo $_['image_info_font_size'] ?>;
 	}
 
 .edit_btns_bottom .button {
@@ -3257,6 +3227,11 @@ function Language_and_config_adjusted_styles() {//******************************
 
 Session_Startup();
 
+if (!isset($_SESSION['admin_page'])) {
+	$_SESSION['admin_page']  = false;
+	$_SESSION['admin_ipath'] = '';
+}
+
 if ($_SESSION['valid']) {
 
 	undo_magic_quotes();
@@ -3267,35 +3242,45 @@ function Language_and_config_adjusted_styles() {//******************************
 
 	Respond_to_POST();
 
-	Update_Recent_Pages();
-
 	//*** Verify a few $page conditions **************
-
+	
+	//If exited admin pages, restore $ipath
+	if    ( ($page == "index") && $_SESSION['admin_page'] ) {
+		//Unless clicked www/some/path/ from edit or copy page.
+		if ( ($_SESSION['recent_pages'][1] != 'edit') && ($_SESSION['recent_pages'][1] != 'copy') ){
+			$ipath = $_SESSION['admin_ipath'];
+			$param1 = '?i='.URLencode_path($ipath);
+		}
+		$_SESSION['admin_page']  = false;
+		$_SESSION['admin_ipath'] = '';
+	}
 	//Don't load login screen when already in a valid session.
 	//$_SESSION['valid'] may be false after Respond_to_POST()
-	if     ( ($page == "login") && $_SESSION['valid'] )  { $page = "index"; } 
-
+	elseif ( ($page == "login") && $_SESSION['valid'] ) { $page = "index"; }
+		
 	elseif ( $page == "logout" ) {
 		Logout();
-		$message .= hsc($_['logout_msg']); }
-
+		$message .= hsc($_['logout_msg']);
+	}
 	//Don't load delete page if folder not empty.
 	elseif ( ($page == "deletefolder") && !is_empty($ipath) ) {
 		$message .= $EX.'<b>'.hsc($_['folder_del_msg']).'</b>';
-		$page = "index";}
-
+		$page = "index";
+	}
 	//if size of $_POST > post_max_size, PHP only returns empty $_POST & $_FILE arrays.
 	elseif ( ($page == "uploaded") && !$VALID_POST ) {
-		$message .= $EX.'<b> '.hsc($_['upload_error_01a']).' '.ini_get('post_max_size').'</b> '.hsc($_['upload_error_01b']).'';
-		$page = "index";}
-
-	//If editing OneFileCMS itself, show red message box with white text.
-	elseif ($filename == trim(rawurldecode($ONESCRIPT), '/')) { 
+		$message .= $EX.'<b> '.hsc($_['upload_error_01a']).' '.ini_get('post_max_size').'</b> '.hsc($_['upload_error_01b']).'<br>';
+		$page = "index";
+	}
+	//If editing OneFileCMS itself, show caution message.
+	elseif ($filename == trim(rawurldecode($ONESCRIPT), '/')) {
 		$message .= '<style>#message_box_contents {background: red;}</style>';
 		$message .= '<style>#message_box          {color: white;}   </style>';
 		$message .= $EX.'<b>'.hsc($_['edit_caution_01']).' '.$EX.hsc($_['edit_caution_02']).'</b><br>';
 	}
 	//end Verify a few $page restrictions ************
+	
+	Update_Recent_Pages();
 
 }//end if $_SESSION[valid] *************************************
 
@@ -3304,12 +3289,10 @@ function Language_and_config_adjusted_styles() {//******************************
 $Editing_OFCMS = false;
 if ( isset($filename) && ($filename == trim(rawurldecode($ONESCRIPT), '/')) ) { $Editing_OFCMS = true; }
 
-//Don't show path header or admin link on some pages.
-$Show_header_and_Admin = true;
-$pages_dont_show_admin = array("login","admin","hash","changepw","changeun");
-if ( $Editing_OFCMS || in_array($page, $pages_dont_show_admin) ){
-	$Show_header_and_Admin = false;
-}
+//Don't show path header on some pages.
+$Show_Path = true;
+$pages_dont_show_path = array("login","admin","hash","changepw","changeun");
+if ( in_array($page, $pages_dont_show_path) ){ $Show_Path = false; } //
 
 //Finish up/prepare to send page contents.
 $early_output = ob_get_clean(); // Should be blank unless trouble-shooting.
@@ -3327,7 +3310,7 @@ function Language_and_config_adjusted_styles() {//******************************
 echo '<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">';
 echo '<meta name="robots" content="noindex">';
 
-echo '<title>'.$config_title.' - '.Page_Title().'</title>';
+echo '<title>'.hsc($config_title.' - '.Page_Title()).'</title>';
 
 style_sheet();
 
@@ -3340,25 +3323,25 @@ function Language_and_config_adjusted_styles() {//******************************
 Error_reporting_and_early_output(1,0);
 
 if ($page == "login"){ echo '<div id="main" class="login_page">'; }
-      else                 { echo '<div id="main" class="container" >'; }
+else                 { echo '<div id="main" class="container" >'; }
 
 Page_Header();
 
-if ($Show_header_and_Admin) { Current_Path_Header(); }
+if ($Show_Path) { Current_Path_Header(); }
 
 message_box();
 
 Load_Selected_Page();
 
 //Countdown timer...
-if ( $page != "login" ) { 
+if ($page != "login") {
 	echo '<hr>';
 	echo Timeout_Timer($MAX_IDLE_TIME, 'timer0', 'timer timeout', 'LOGOUT');
 	echo '<span class="timeout">'.hsc($_['time_out_txt']).'&nbsp; </span>';
 }
 
 //Admin link
-if ($Show_header_and_Admin) {
+if ( $page != "login" && ($_SESSION['admin_page'] === false) ) {
 	echo '<a id="admin" href="'.$ONESCRIPT.$param1.$param2.'&amp;p=admin">'.hsc($_['Admin']).'</a>';
 }elseif ($page != 'login') {
 	echo '<br>';
diff --git a/readme.markdown b/readme.markdown
index 269ddcb..4832c9f 100755
--- a/readme.markdown
+++ b/readme.markdown
@@ -1,4 +1,8 @@
-# Current stable version: 3.4
+# Current stable version: 3.4.01
+
+### September 9, 2012
+
+- A couple minor fixes, and some code improvements & cleanup.
 
 ### Auguest 29, 2012
 
@@ -33,7 +37,7 @@ If an external config file is used to store your password and/or hash, make sure
   
 ;<?php die();  
   
-Otherwise, the file - along with your password, is world readable. For details, see the php documentation and comments on parse_ini_file().
+Otherwise, the file - along with your password, is world readable. For details, see the php documentation and comments on parse\_ini\_file().
 
 
 #### Language files
@@ -55,9 +59,9 @@ Edit screen:
 ![OneFileCMS](http://self-evident.github.com/OneFileCMS/images/OneFileCMS_screenshot_edit.png)
 
 
-OneFileCMS is just that. It's a flat, light, one file CMS (Content Management System) entirely contained in an easy-to-implement, highly customizable, database-less PHP script.
+OneFileCMS is just that: It's a flat, light, one file CMS (Content Management System) contained entirely in an easy-to-implement database-less PHP script.
 
-Coupling a utilitarian code editor with basic file managing functions, OneFileCMS can maintain a whole website completely in-browser without any external programs.
+Coupling a utilitarian code editor with basic file managing functions, OneFileCMS can maintain an entire website completely in-browser without any external programs.
 
 ## Demo
 
@@ -66,13 +70,13 @@ Coupling a utilitarian code editor with basic file managing functions, OneFileCM
 ## Features
  
 - All the basic features of an FTP application like renaming, deleting, copying, and uploading
-  _(For complex processes like batch renaming or mass uploads/deletions, you're going to want to use an actual FTP program.)_
+  _(For complex processes like batch renaming or mass uploads, you're going to want to use an actual FTP program.)_
 - A basic text editor.
-- Alert if you try to leave without saving your edits.
+- Warns if you try to leave editing with unsaved changes.
 - A Login delay after too many invalid attempts.
 - Adjustable idle time before auto-logout.
 - Easily modifiable & re-brandable.
-- Possibly the easiest installation process ever!
+- <del>Possibly</del> The easiest installation process ever!
 
 ## Installation
 
@@ -90,7 +94,7 @@ You can also change the file name of OneFileCMS.php to something else, such as "
 
 ### Where's the WYSIWYG? What about syntax highlighting?
 
-WYSWIWYG editors have been requested, but probably won't become standard, as they'd make it more than one file, sort of defeating the "OneFile" point. Plus, if you're working in PHP or non-HTML code, they're can be more of a hindrance than an asset.
+WYSWIWYG editors have been requested, but probably won't become standard, as they'd make it more than one file, sort of defeating the "OneFile" point. Plus, if you're working in PHP or non-HTML code, they can be more of a hindrance than an asset.
 
 However, just because I don't want to do it, doesn't mean it's impossible.  Look for the Edit_Page_form() function. Its textarea can be modified to work with whatever editor you like. 
 
@@ -100,19 +104,21 @@ Yes, of course!
 
 I may not have the time/bandwidth/inclination to implement every feature, but I 'll do what I can. If it's urgent, contact me.  
 
-### This is basically just a file manager with a text editor. Why is it being called a Content Management System?
+### This is basically just a file manager with a text editor- why is it being called a CMS?
 
-Well, because "OneFileFileManagerTextEditor" just doesn't have the same ring to it...
+Well, because "OneFileCMS" sounds way cooler than "OneFileFileManagerwithTextEditor".
 
 ### Multi-Language Support?
 
-Yes!  Currently, English, German, and Spanish are available.  (Someone told me he was working on an Esparento translation, but that might have been a joke...)
+Yes!  Currently, English, German, and Spanish are available.
+
+If you speak another language and would like to contribute, translations into other languages are welcomed and appreciated!  Just use the English language file as a template, and translate each word, phrase, etc., as appropriate.  (Someone told me he was working on an Esparento translation, but that might have been a joke...)
 
 ### Can I have more than one username/password?
 
-Yes!  Well, sort of - indirectly.  Upload or create addional copies of OneFileCMS, but give them different file names.(ie: OneFile1.php and OneFile2.php etc...)  Then, in each copy, maintain different user names and passwords.  Also, so that one user does not log out the other, change the $session_name config variables.  
+Yes!  Well, sort of - indirectly.  Upload or create addional copies of OneFileCMS, but give them different file names.(ie: OneFile1.php and OneFile2.php etc...)  Then, in each copy, maintain different user names and passwords.  Also, so that one user does not log out the other, change the value of the $session_name config variables.  
   
-Now, since there is no database or other means of granular control and access logging, multiple users may be kind of pointless.  On the other hand, having at least one working backup copy of OneFileCMS available is recommended in case the primary copy gets corrupted.
+Now, since there is no database or other means of granular control and access logging, multiple usernames may be kind of pointless.  On the other hand, having at least one working backup copy of OneFileCMS available is recommended in case the primary copy gets corrupted.
 
 ## Requirements
 
@@ -120,8 +126,8 @@ Now, since there is no database or other means of granular control and access lo
   (Only tested on versions 5.2.8, 5.2.17, 5.3.3, and 5.4 + )
 - File permission privileges on your host
 - Javascript enabled browswer
-- And, for OneFileCMS 3+, a browser that supports inline SVG.  
-  (However, even if your browser doesn't support inline SVG, OneFileCMS will still work, just without any icons.)
+- And a browser that supports inline SVG, but only if you wish to see the icons
+  (If your browser doesn't support inline SVG, OneFileCMS will still work, just without any icons.)
 
 ## Credit, License, Et Cetera  
 
@@ -139,9 +145,9 @@ Now, since there is no database or other means of granular control and access lo
 - With Chrome, and possibly Safari, issue with Edit page: Clicking browser [back] & then browser [forward],  with file changed and not saved. On return (after [forward] clicked), file still has changes, but indicators are green (saved/unchanged). Does not affect FF 7+ or IE 8+.
 - Issue with Chrome's XSS filter: Editing some legitimate files with OneFileCMS will trigger the filter and disable much of the javascript provided functionallity, but only while on the edit page with such a file, and only after a [Save].
 - The connection is not encrypted (doesn't use SSL), so passwords & usernames are sent in clear text during login.  
-  (However, this is true of most online login systems, unless SSL or the like is employed.)
+  However, this is true of most online login systems, unless SSL or the like is employed.
 - Be aware that only some very basic data & error checking is performed.  (But, it's getting better...)  
-  On Windows, for instance, it was possible to create folders that are subsequently inaccessible and undeletable by Windows.  (Yea, I found out the hard way...)  (However, I *think* that issue is fixed.)
+  On Windows, for instance, it was possible to create folders that were subsequently inaccessible and undeletable by Windows.  (Yea, I found out the hard way...)  (However, I *think* that issue is fixed.)
 - Anything else?
 
 --------------------------------------------------------------------------------
@@ -150,7 +156,7 @@ Now, since there is no database or other means of granular control and access lo
   
 CONFIGURATION SECTION  
   
-SYSTEM GLOBAL VARIABLES  
+SYSTEM SETUP/VARIABLES  
   
 DEFAULT LANGUAGE  
   
@@ -172,6 +178,11 @@ GENERATE/OUTPUT THE PAGE
 
 ## Change Log
 
+### 3.4.01
+
+- A couple of minor bux fixes.
+- Some code cleanup & improvements.
+
 ### 3.3.17 - 3.4.0
 
 - Added option to select and move, copy, or delete multiple files.
@@ -288,7 +299,7 @@ GENERATE/OUTPUT THE PAGE
 
 ### 3.1.1
 
-- Fixed minor issue with data encoding of file to exit in <textarea>
+- Fixed minor issue with data encoding of file to exit in &lt;textarea>
 
 ### 3.1
 

From 8d430644967fb199cae64dd583ab4c747246b521 Mon Sep 17 00:00:00 2001
From: Self-Evident <selfevidenttruths@mail.com>
Date: Mon, 10 Sep 2012 20:40:00 -0400
Subject: [PATCH 141/228] Version 3.4.02 Moved $CHECKBOK_OFFSET from
 List_Files() to System Values & Setup Check_path(): Improved/simplified (even
 tho it's a bit longer). Created has_invalid_char(). supports_svg(): Minor
 logic fix. Table_of_Files(): Adjusted <a> title atribute for filename. Edit
 to Edit/View. New_File_or_Folder_Page(): Replaced New_File_Page() &
 New_Folder_Page(). New_File_response(): Improved $message's a bit.  Use
 touch() to create new file. Renamed Copy_Ren_Move_...() to cRM_...()
 CRM_page(): added <input hidden> value=copy or rename or move CRM_response():
 Validate old & new parent folder locations. CRM_response(): Validate new file
 or folder name. CRM_response(): Don't pass global $_POST params.
 Delete_Folder_Page(): removed Check_path() - should already been checked.
 Delete_Folder_response(): Cooresponding fix with change of Check_path.
 MCD_response(): improved trim of new_location. MCD_response(): Don't pass
 params to CRM_response, set global $_POST values. Page_Title(): Added titles
 for mcdaction's "copy", "move", & "delete". New $_[] values: 'Error',
 'Open_View' Changed $_[] values: 'new_file_txt_01', 'new_file_msg_03',
 'new_file_msg_04' (Still need a few strings changed to $_[] values)

---
 OneFileCMS.LANG.EN.php   |  10 +-
 OneFileCMS_structure.txt |  10 +-
 onefilecms.php           | 374 ++++++++++++++++++++-------------------
 3 files changed, 207 insertions(+), 187 deletions(-)

diff --git a/OneFileCMS.LANG.EN.php b/OneFileCMS.LANG.EN.php
index b454a44..4667d7b 100755
--- a/OneFileCMS.LANG.EN.php
+++ b/OneFileCMS.LANG.EN.php
@@ -1,5 +1,5 @@
 <?php
-// OneFileCMS Language Settings v3.4.01
+// OneFileCMS Language Settings v3.4.02
 
 $_['LANGUAGE'] = 'English'; //EN
 $_['LANG'] = 'EN';
@@ -41,6 +41,7 @@
 $_['Deleted'] = 'Deleted';
 $_['Edit']    = 'Edit';   
 $_['Enter']   = 'Enter';  
+$_['Error']   = 'Error'; //#####
 $_['errors']  = 'errors'; 
 $_['File']    = 'File';   
 $_['Folder']  = 'Folder'; 
@@ -87,6 +88,7 @@
 $_['reset']       = 'Reset - loose changes';
 $_['Wide_View']   = 'Wide View';
 $_['Normal_View'] = 'Normal View';
+$_['Open_View']   = 'Open/View in browser window'; //#####
 
 $_['verify_msg_01']  = 'Session expired.';
 $_['verify_msg_02']  = 'INVALID POST';
@@ -170,12 +172,12 @@
 $_['upload_msg_05'] = 'Upload successful!';
 $_['upload_msg_06'] = 'Upload failed:';
 
-$_['new_file_txt_01'] = 'File will be created in the current folder.';
+$_['new_file_txt_01'] = 'File or Folder will be created in the current folder.';  //#####
 $_['new_file_txt_02'] = 'Some invalid characters are:';
 $_['new_file_msg_01'] = 'New file not created:';
 $_['new_file_msg_02'] = 'Name contains invalid character(s):';
-$_['new_file_msg_03'] = 'New file not created - no name given';
-$_['new_file_msg_04'] = 'File already exists:';
+$_['new_file_msg_03'] = 'Not created - no name given'; //#####
+$_['new_file_msg_04'] = 'File or folder already exists:';  //#####
 $_['new_file_msg_05'] = 'Created file:';
 $_['new_file_msg_06'] = 'Error - new file not created:';
 
diff --git a/OneFileCMS_structure.txt b/OneFileCMS_structure.txt
index b72e6cb..d9a44c6 100755
--- a/OneFileCMS_structure.txt
+++ b/OneFileCMS_structure.txt
@@ -1,4 +1,4 @@
-Version 3.4.01
+Version 3.4.02
 
 LICENSE
 
@@ -19,6 +19,7 @@ MISC FUNCTIONS:
 	undo_magic_quotes()
 	Get_GET()
 	URLencode_path()
+	has_invalid_char()
 	Check_path()
 	is_empty()
 	ordinalize()
@@ -80,14 +81,13 @@ PAGE & RESPONSE FUNCTIONS:
 	Edit_Page_response()
 	Upload_Page()
 	Upload_response()
-	New_File_Page()
+	New_File_or_Folder_Page()
 	New_File_response() 
 	Set_Input_width()
-	Copy_Ren_Move_Page()
-	Copy_Ren_Move_response()
+	CRM_Page()
+	CRM_response()
 	Delete_File_Page()
 	Delete_File_response()
-	New_Folder_Page()
 	New_Folder_response()
 	Delete_Folder_Page()
 	Delete_Folder_response() 
diff --git a/onefilecms.php b/onefilecms.php
index 0051cbc..8cee2b8 100755
--- a/onefilecms.php
+++ b/onefilecms.php
@@ -1,7 +1,7 @@
 <?php
 // OneFileCMS - github.com/Self-Evident/OneFileCMS
 
-$OFCMS_version = '3.4.01';
+$OFCMS_version = '3.4.02';
 
 /*******************************************************************************
 Copyright © 2009-2012 https://github.com/rocktronica
@@ -156,6 +156,11 @@
 $ftypes   = explode(',', strtolower(str_replace(' ', '', $config_ftypes))); //file types with icons
 $fclasses = explode(',', strtolower(str_replace(' ', '', $config_fclass))); //for file types with icons
 $excluded_list = (explode(",", $config_excluded));
+
+//*The parameter for the Select_All() and Confirm_ready() javascript functions
+// is the number of form elements before the first file select checkbox.
+// As of Version 3.3.18, that number is 7.
+$CHECKBOX_OFFSET = 7;
 //******************************************************************************
 
 
@@ -169,7 +174,7 @@ function hte($input) { return htmlentities($input, ENT_QUOTES, 'UTF-8'); }//end
 
 function Default_Language() { // ***********************************************
 	global $_;
-// OneFileCMS Language Settings v3.4.01
+// OneFileCMS Language Settings v3.4.02
 
 $_['LANGUAGE'] = 'English'; //EN
 $_['LANG'] = 'EN';
@@ -198,24 +203,25 @@ function Default_Language() { // ***********************************************
 $_['R'] = 'R'; //R ename
 $_['C'] = 'C'; //C opy
 $_['D'] = 'D'; //D elete
-$_['Admin']   = 'Admin';  
-$_['Cancel']  = 'Cancel'; 
-$_['Close']   = 'Close';  
-$_['Copy']    = 'Copy';   
-$_['Copied']  = 'Copied'; 
-$_['Create']  = 'Create'; 
-$_['Delete']  = 'Delete'; 
-$_['DELETE']  = 'DELETE'; 
+$_['Admin']   = 'Admin';
+$_['Cancel']  = 'Cancel';
+$_['Close']   = 'Close';
+$_['Copy']    = 'Copy';
+$_['Copied']  = 'Copied';
+$_['Create']  = 'Create';
+$_['Delete']  = 'Delete';
+$_['DELETE']  = 'DELETE';
 $_['Deleted'] = 'Deleted';
-$_['Edit']    = 'Edit';   
-$_['Enter']   = 'Enter';  
-$_['errors']  = 'errors'; 
-$_['File']    = 'File';   
-$_['Folder']  = 'Folder'; 
-$_['From']    = 'From';   
-$_['Hash']    = 'Hash';   
-$_['Move']    = 'Move';   
-$_['Moved']   = 'Moved';  
+$_['Edit']    = 'Edit';
+$_['Enter']   = 'Enter';
+$_['Error']   = 'Error'; //#####
+$_['errors']  = 'errors';
+$_['File']    = 'File';
+$_['Folder']  = 'Folder';
+$_['From']    = 'From';
+$_['Hash']    = 'Hash';
+$_['Move']    = 'Move';
+$_['Moved']   = 'Moved';
 $_['on']      = 'on';     
 $_['Password'] = 'Password';
 $_['Rename']     = 'Rename';    
@@ -252,7 +258,7 @@ function Default_Language() { // ***********************************************
 $_['reset']       = 'Reset - loose changes';
 $_['Wide_View']   = 'Wide View';
 $_['Normal_View'] = 'Normal View';
-$_['Open_View']   = 'Open/View in browser window';
+$_['Open_View']   = 'Open/View in browser window'; //#####
 $_['verify_msg_01']  = 'Session expired.';
 $_['verify_msg_02']  = 'INVALID POST';
 $_['get_get_msg_01']    = 'File does not exist:';
@@ -324,12 +330,12 @@ function Default_Language() { // ***********************************************
 $_['upload_msg_04'] = 'Uploading:';
 $_['upload_msg_05'] = 'Upload successful!';
 $_['upload_msg_06'] = 'Upload failed:';
-$_['new_file_txt_01'] = 'File will be created in the current folder.';
+$_['new_file_txt_01'] = 'File or Folder will be created in the current folder.';  //#####
 $_['new_file_txt_02'] = 'Some invalid characters are:';
 $_['new_file_msg_01'] = 'New file not created:';
 $_['new_file_msg_02'] = 'Name contains invalid character(s):';
-$_['new_file_msg_03'] = 'New file not created - no name given';
-$_['new_file_msg_04'] = 'File already exists:';
+$_['new_file_msg_03'] = 'Not created - no name given'; //#####
+$_['new_file_msg_04'] = 'File or folder already exists:';  //#####
 $_['new_file_msg_05'] = 'Created file:';
 $_['new_file_msg_06'] = 'Error - new file not created:';
 $_['CRM_txt_01']  = 'To move a file or folder, change the path/to/folder/or_file.';
@@ -481,7 +487,7 @@ function hashit($key){ //*******************************************************
 	//This is the super-secret stuff - Keep it secret, keep it safe!
 	//If you change anything here, or the $SALT, redo the hash for your password.
 	global $SALT;
-	$hash = hash('sha256', trim($key).$SALT); // trim off leading & trailing spaces.
+	$hash = hash('sha256', trim($key).$SALT); // trim off leading & trailing whitespace.
 	for ( $x=0; $x < 10000; $x++ ) { $hash = hash('sha256', $hash.$SALT); }
 	return $hash;
 }//end hashit() ****************************************************************
@@ -647,45 +653,69 @@ function URLencode_path($path){ // don't encode the forward slashes ************
 	$path_array = explode('/',$path);
 	$path = "";
 	foreach ($path_array as $level) { $path .= rawurlencode($level).'/'; }
-	$path = rtrim($path,'/').$TS;  //ends with $TS only if started with one
+	$path = rtrim($path,'/').$TS;  //end with $TS only if started with one
 	return $path;
 }//end URLencode_path($path) ***************************************************
 
 
 
 
-function Check_path($path) { // returns first valid path in some/supplied/path/
-	global  $_, $message, $EX;
-	$invalidpath = $path; //used for message if supplied $path doesn't exist.
+function has_invalid_char($string) { //*****************************************
+	global $INVALID_CHARS, $INVALID_CHARS_array;
+	foreach ($INVALID_CHARS_array as $bad_char) {
+		if (strpos($string, $bad_char) !== false) { return $bad_char; }
+	}
+	return false;
+}//end has_invalid_char() //****************************************************
+
+
+
+
+function Check_path($path, $show_msg = false) { //******************************
+	// check for valid existing $path.
+	global  $_, $WEB_ROOT, $message, $EX, $INVALID_CHARS;
+
 	$path = str_replace('\\','/',$path);   //Make sure all forward slashes.
-	$path = trim($path,"/ ."); // trim slashes, dots, and spaces
+	$path = trim($path,"\x00..\x20/");     // trim whitespace & slashes
 
-	//Remove any '.' and '..' parts of the path.  Causes issues in <h2>www / current / path /</h2>
-	$pathparts = explode( '/', $path);
-	$len       = count($pathparts);
-	$path      = "";  //Cleaned path.
-	foreach ($pathparts as $value) { //(More reliable than str_replace(entire_string).)
-		if ( ($value != '.') && ($value != '..') ) { $path .= $value.'/'; }
-	}
+	$err_msg = ""; //
 
-	$path = trim($path,"/"); // Remove -for now- final trailing slash.
+	if (strlen($path) < 1) { return ""; } // At root.
 
-	if (strlen($path) < 1) { return ""; } //If at site root
-	else {
-		if (!is_dir($path) && (strlen($message) < 1)) {
-			$message .= $EX.'<b>'.hsc($_['check_path_msg_01']).'</b>';
-			$message .= hte(dirname($invalidpath)).'/<b>'.hte(basename($invalidpath)).'</b><br>';
-		}
+	$errors = 0;
+
+	$pathparts = explode( '/', $path);
+
+	foreach ($pathparts as $part) {
 		
-		while ( (strlen($path) > 0) && (!is_dir($path)) ) {
-			$path = dirname($path);
+		//Check for any '.' and '..' parts of the path to protect directories outside webroot.
+		//They also cause issues in <h2>www / current / path /</h2>
+		if ( ($part == '.') || ($part == '..') ) {
+			$err_msg .= $EX.' <b>"dot" or "dot dot" segments are not permitted.</b><br>';     //##### Needs $_[]
+			$errors++;
+			break;
 		}
 		
-		$path = $path.'/';
-		if ($path == './') { $path = ""; } // ./ means path not found, so clear for root.
+		//Check for invalid characters
+		$invalid_chars = str_replace(' /','',$INVALID_CHARS); // The forward slash is not exactly invalid in this context.
+		if ( has_invalid_char($part) ) {
+			$err_msg .= $EX.' <b>Path contains an invalid character: <span class="mono">'.$invalid_chars.'</span></b><br>'; //##### Needs $_[]
+			$errors++;
+			break;
+		}
 	}
 
-	return $path;
+	if (!is_dir($path) && !$errors)  { //final overall check
+		$err_msg .= $EX.' <b>Invalid directory name.</b><br>';     //##### Needs $_[]  $_['check_path_msg_01']
+		$errors++;
+	}
+
+	if ($errors > 0) {
+		if ($show_msg) { $message .= $err_msg; }
+		return false;
+	}
+
+	return $path.'/';
 }//end Check_path() ************************************************************
 
 
@@ -737,7 +767,7 @@ function supports_svg() { //****************************************************
 		$ie_ver = substr($USER_AGENT, ($pos_MSIE+5), 1);
 		$old_ie = ( $ie_ver < 9 );
 	}
-	if ($old_ie) { false; }else{ return true; }
+	return !$old_ie;
 }//end supports_svg ************************************************************
 
 
@@ -753,12 +783,12 @@ function Current_Path_Header(){ //**********************************************
 		//Root folder of web site.
 		echo '<a id="path_0" href="'.$ONESCRIPT.'" class="path"> '.hte(trim($WEB_ROOT, '/')).'</a>/';
 		$x=0; //need here for focus() in case at webroot.
-
+		
 		if ($ipath != "" ) { //if not at root, show the rest
 			$path_levels  = explode("/",trim($ipath,'/') );
 			$levels = count($path_levels); //If levels=3, indexes = 0, 1, 2  etc...
 			$current_path = "";
-
+			
 			for ($x=0; $x < $levels; $x++) {
 				$current_path .= $path_levels[$x].'/';
 				echo '<a id="path_'.($x+1).'" href="'.$ONESCRIPT.'?i='.URLencode_path($current_path).'" class="path">';
@@ -848,7 +878,7 @@ function Cancel_Submit_Buttons($submit_label, $focus) { //**********************
 ?>
 	<p>
 	<input type="button" class="button" id="cancel" value="<?php echo hsc($_['Cancel']) ?>"
-		onclick="parent.location = '<?php echo $ONESCRIPT.$params ?>'; return false">
+		onclick="parent.location = '<?php echo $ONESCRIPT.$params ?>'">
 	<input type="submit" class="button" value="<?php echo $submit_label;?>" style="margin-left: 1em;">
 <?php
 	if ($focus != ""){ echo '<script>document.getElementById("'.$focus.'").focus();</script>'; }
@@ -1253,7 +1283,7 @@ function Hash_Page() { //*******************************************************
 
 function Hash_response() { //***************************************************
 	global $_, $message;
-	$_POST['whattohash'] = trim($_POST['whattohash']); // trim leading & trailing spaces.
+	$_POST['whattohash'] = trim($_POST['whattohash']); // trim whitespace.
 
 	//Ignore/don't hash empty string - passwords can't be blank.
 	if ($_POST['whattohash'] == "") { return; }
@@ -1358,7 +1388,7 @@ function Change_PWUN_response($PWUN, $msg){ //**********************************
 	global $_, $ONESCRIPT, $USERNAME, $HASHWORD, $EX, $message, $page, $config_file,
 		   $ONESCRIPT_file, $ONESCRIPT_file_backup, $CONFIG_file, $CONFIG_file_backup;
 
-	// trim leading & trailing white-space from input values
+	// trim white-space from input values
 	$current_pass = trim($_POST['current_pw']);
 	$new_pwun     = trim($_POST['new1']);
 	$confirm_pwun = trim($_POST['new2']);
@@ -1472,7 +1502,7 @@ function Login_response() { //**************************************************
 		return;
 	}
 
-	//Trim any incidental leading or trailing spaces before validating.
+	//Trim any incidental whitespace before validating.
 	$_POST['password'] = trim($_POST['password']);
 	$_POST['username'] = trim($_POST['username']);
 
@@ -1549,7 +1579,7 @@ function Table_of_Files($files, $R, $C, $D) { //********************************
 				} ?>
 				</td>
 				<td class="file_name">
-					<?php echo '<a href="'.$HREF_params.'&amp;p=edit"  title="'.hsc($_['Edit']).'">'; ?>
+					<?php echo '<a href="'.$HREF_params.'&amp;p=edit"  title="'.hsc($_['Edit_View']).'">'; ?>
 					<?php echo show_icon($type).hte($file), '</a>'; ?>
 				</td>
 				<td class="meta_T file_size">&nbsp;
@@ -1594,11 +1624,6 @@ function List_Files() { //******************************************************
 
 	echo '<div class="action">';
 
-	//*The parameter for the Select_All() and Confirm_ready() javascript functions
-	// is the number of form elements before the first file select checkbox.
-	// As of Version 3.3.18, that number is 7.
-	$CHECKBOX_OFFSET = 7;
-
 	if (supports_svg()) { //Checks if IE < 9.
 		$select_all_attribs = 'TYPE=checkbox NAME=select_all id=select_all VALUE=select_all';
 		$select_all_input = '<INPUT '.$select_all_attribs.' onclick="Select_All('.$CHECKBOX_OFFSET.');">';
@@ -1751,8 +1776,8 @@ function Edit_Page_form($ext, $text_editable, $too_large_to_edit, $too_large_to_
 					echo hsc($_['edit_txt_04']).'<br></pre>';
 				}else{
 					echo '<input type="hidden" name="filename" value="'.hsc($filename).'">';
-					echo '<textarea id="file_contents" name="contents" cols="70" rows="25"
-						onkeyup="Check_for_changes(event);">'.$filecontents.'</textarea>'.PHP_EOL;
+					echo '<textarea id="file_contents" name="contents" cols="70" rows="25"';
+					echo 'onkeyup="Check_for_changes(event);">'.$filecontents.'</textarea>'.PHP_EOL;
 				}
 			} //end if non-text file...
 		} //end if non-image
@@ -1946,52 +1971,44 @@ function Upload_response() { //*************************************************
 
 
 
-function New_File_Page() { //***************************************************
+function New_File_or_Folder_Page($title, $id) { //****************
 	global $_, $FORM_COMMON, $INVALID_CHARS;
-?>
-	<h2><?php echo hsc($_['New_File']) ?></h2>
-	<?php echo $FORM_COMMON ?>
-		<p><?php echo hsc($_['new_file_txt_01']).' '.hsc($_['new_file_txt_02']) ?>
-		<span class="mono"><?php echo hte($INVALID_CHARS) ?></span></p>
-		<input type="text" name="new_file" id="new_file" value="">
-		<?php Cancel_Submit_Buttons(hsc($_['Create']),"new_file"); ?>
-	</form>
-<?php
-}//end New_File_Page()**********************************************************
+
+	echo '<h2>'.hsc($title).'</h2>';
+	echo $FORM_COMMON;
+		echo '<p>'.hsc($_['new_file_txt_01'].' '.$_['new_file_txt_02']);
+		echo '<span class="mono">'.hte($INVALID_CHARS).'</span></p>';
+		echo '<input type="text" name="'.$id.'" id="'.$id.'" value="">';
+		Cancel_Submit_Buttons(hsc($_['Create']),$id);
+	echo '</form>';
+}//end New_File_or_Folder_Page() //*********************************************
 
 
 
 
 function New_File_response() { //***********************************************
-	global $_, $ipath, $param2, $param3, $filename, $page, $message, $EX, $INVALID_CHARS, $INVALID_CHARS_array;
+	global $_, $WEB_ROOT, $ipath, $filename, $page, $param1, $param2, $param3, $message, $EX, $INVALID_CHARS;
 
-	$new_name = trim($_POST["new_file"],'/ '); //Trim spaces and slashes.
-	$filename = $ipath.$new_name;
-	$page = "index"; // return to index if new file fails
-	
-	$invalid = false;
-	foreach ($INVALID_CHARS_array as $bad_char) {
-		if (strpos($new_name, $bad_char) !== false) { $invalid = true; }
-	}
+	$new_name  = trim($_POST["new_file"],"\x00..\x20/"); //Trim whitespace & slashes.
+	$filename  = $ipath.$new_name;
+	$page      = "index"; //Return to index on error.
 
-	if ($invalid){
-		$message .= $EX.'<b>'.hsc($_['new_file_msg_01']).'</b> '.hte($new_name).'<br>'.
-			'<b> &nbsp; &nbsp; &nbsp; '.hsc($_['new_file_msg_02']).' '.
-			'<span class="mono">'.hte($INVALID_CHARS).'</span></b>';
+	$msg_new   = '<span class="filename">'.hte($new_name).'</span><br>';
+	
+	if (has_invalid_char($new_name)){
+		$message .= $EX.'<b>'.hsc($_['Error']).': '.hsc($_['new_file_msg_02']);
+		$message .= ' <span class="mono">'.hte($INVALID_CHARS).'</span></b><br>'.$msg_new;
 	}elseif ($new_name == ""){
 		$message .= $EX.'<b>'.hsc($_['new_file_msg_03']).'</b>';
 	}elseif (file_exists($filename)) {
-		$message .= $EX.'<b>'.hsc($_['new_file_msg_04']).' ';
-		$message .= hte($new_name).'</b>';
-	}elseif ($handle = fopen($filename, 'w')) {
-		fclose($handle);
-		$message .= '<b>'.hsc($_['new_file_msg_05']).'</b> '.hte($new_name);
-		$page     = "edit";
+		$message .= $EX.'<b>'.hsc($_['new_file_msg_04']).'</b> '.$msg_new;
+	}elseif ( touch($filename) ) {
+		$message .= '<b>'.hsc($_['new_file_msg_05']).'</b> '.$msg_new;
+		$page     = "edit";                                     //Return to edit page.
 		$param2   = '&amp;f='.rawurlencode(basename($filename));// for Edit_Page() buttons
 		$param3   = '&amp;p=edit';                              // for Edit_Page() buttons
 	}else{
-		$message .= $EX.'<b>'.hsc($_['new_file_msg_06']);
-		$message .= hte($new_name).'</b>';
+		$message .= $EX.'<b>'.hsc($_['new_file_msg_06']).$msg_new;
 	}
 }//end New_File_response() *****************************************************
 
@@ -2027,7 +2044,7 @@ function Set_Input_width() { //*************************************************
 
 
 
-function Copy_Ren_Move_Page($action, $title, $name_id, $isfile) { //************
+function CRM_Page($action, $title, $name_id, $isfile) { //**********************
 	//$action = 'Copy' or 'Rename'. $isfile = 1 if acting on a file, not a folder
 	global $_, $WEB_ROOT, $ipath, $filename, $FORM_COMMON;
 
@@ -2042,77 +2059,92 @@ function Copy_Ren_Move_Page($action, $title, $name_id, $isfile) { //************
 	<p><?php echo hsc($_['CRM_txt_01'].' '.$_['CRM_txt_02']) ?></p>
 
 	<?php echo $FORM_COMMON ?>
-
+		<input type="hidden" name="<?php echo $name_id ?>"  value="<?php echo hsc($name_id); ?>">
+		
 		<label><?php echo hsc($_['CRM_txt_03']) ?></label><br>
 		<span class="web_root"><?php echo hte($WEB_ROOT); ?></span><input type="text"
 			name="old_name" value="<?php echo hsc($old_name); ?>" readonly="readonly">
 		<br>
 		<label><?php echo hsc($_['CRM_txt_04']) ?></label><br>
 		<span class="web_root"><?php echo hte($WEB_ROOT); ?></span><input type="text"
-			name="<?php echo $name_id ?>" id="<?php echo $name_id ?>"
+			name="new_name" id="new_name"
 			value="<?php echo hsc($new_name); ?>">
-		<?php Cancel_Submit_Buttons($action, $name_id); ?>
+		<?php Cancel_Submit_Buttons($action, "new_name"); ?>
 
 	</form>
 <?php
-} //end Copy_Ren_Move_Page() ***************************************************
+} //end CRM_Page() *************************************************************
 
 
 
 
-//******************************************************************************
-function Copy_Ren_Move_response($old_name, $new_name, $action, $msg1, $isfile, $show_message = 3){
+function CRM_response($action, $msg1, $isfile, $show_message = 3){ //***********
+	//Returns 0 if successful, 1 on error.
 	//$action = 'copy' or 'rename'. $isfile = 1 if acting on a file, not a folder
 	//$show_message: 0 = none; 1 = errors only; 2 = successes only; 3 = all messages (default).
-	global $_, $WEB_ROOT, $ipath, $filename, $page, $param1, $param2, $message, $EX ;
+	global $_, $WEB_ROOT, $ipath, $filename, $page, $param1, $param2, $message, $EX, $INVALID_CHARS;
 
-	$old_name = trim($old_name,'/ ');
-	$new_name = trim($new_name,'/ ');
+	$old_name = trim($_POST["old_name"],"\x00..\x20/"); //Trim whitespace & slashes.
+	$new_name = trim($_POST["new_name"],"\x00..\x20/");
+	$old_location = dirname($old_name);
 	$new_location = dirname($new_name);
 	$filename = $old_name; //default if error.
 
 	//Common message lines
+	$com_old  = '<span class="filename">'.hte($WEB_ROOT.$old_name).'</span><br>';
+	$com_new  = '<span class="filename">'.hte($WEB_ROOT.$new_name).'</span><br>';
 	$com_msg  = '<div id="message_left">'.hte($_['From']).'<br>'.hte($_['To']).'</div>';
-	$com_msg .= '<b>: </b><span class="filename">'.hte($WEB_ROOT.$old_name).'</span><br>';
-	$com_msg .= '<b>: </b><span class="filename">'.hte($WEB_ROOT.$new_name).'</span><br>';
+	$com_msg .= '<b>: </b>'.$com_old.'<b>: </b>'.$com_new;
 	
 	$err_msg = ''; //Error message.
 	$scs_msg = ''; //Success message.
 
-	$error = 1; //0= no error, 1 = an error.
+	$error = 1; //0 = no error, 1 = an error. Default to error. Used for return value.
+
+	$invalid_new = has_invalid_char(basename($new_name));
 	
-	if ( !is_dir($new_location) ) {
-		$err_msg  = $EX.'<b>'.hsc($msg1.' '.$_['CRM_msg_01']).'</b><br>';
-		$err_msg .= '<span class="filename">'.hte($WEB_ROOT.$new_name).'/</span><br>';
+	//Check new name for invalid characters.
+	if ( $invalid_new ) {
+		$err_msg .= $EX.'<b>'.hsc($_['Error'].': '.$_['new_file_msg_02']).' '.$invalid_new.'</b><br>';
+		$err_msg .= '<span class="filename">'.hte(basename($new_name)).'</span><br>';
+		
+	//Check old parent location. (Unlikely to be false outside a malicious attempt)
+	}elseif ( Check_path($old_location,$show_message) === false ) {
+		$err_msg .= '<span class="filename">'.hte($WEB_ROOT.$old_location).'/</span><br>';
+		
+	//Check new parent location.
+	}elseif ( Check_path($new_location,$show_message) === false ) {
+		$err_msg .= '<span class="filename">'.hte($WEB_ROOT.$new_location).'/</span><br>';
+		
 	}elseif ( !file_exists($old_name) ) {
-		$err_msg  = $EX.'<b>'.hsc($msg1.' '.$_['CRM_msg_02']).'</b><br>';
-		$err_msg .= '<span class="filename">'.hte($WEB_ROOT.$old_name).'</span><br>';
+		$err_msg .= $EX.'<b>'.hsc($msg1.' '.$_['CRM_msg_02']).'</b><br>'.$com_old;
+		
 	}elseif ( file_exists($new_name) ) {
-		$err_msg  = $EX.'<b>'.hsc($msg1.' '.$_['CRM_msg_03']).'</b><br>';
-		$err_msg .= '<span class="filename">'.hte($WEB_ROOT.$new_name).'</span><br>';
-	}elseif ($action($old_name, $new_name)) {
-		$scs_msg  = '<b>'.hsc($msg1.' '.$_['successful']).'</b><br>'.$com_msg;
-		if ($isfile) {
-			$ipath = Check_path(dirname($new_name));
+		$err_msg .= $EX.'<b>'.hsc($msg1.' '.$_['CRM_msg_03']).'</b><br>'.$com_new;
+		
+	}elseif ( $action($old_name, $new_name )) {
+		$scs_msg .= '<b>'.hsc($msg1.' '.$_['successful']).'</b><br>'.$com_msg;
+		if   ($isfile) {
+			$ipath    = dirname($new_name).'/';
 			$filename = $new_name;
-		}else { //folder
-			$ipath = Check_path($new_name);
+		}else {/*folder*/
+			$ipath    = $new_name.'/';
 		}
 		$error = 0;
 	}else{
 		$err_msg .= $EX.'<b>'.hsc($_['CRM_msg_05a'].' '.$msg1).'</b><br>'.$com_msg;
 	}
 
-	if ($show_message & 1) { $message .= $err_msg; } //Show error message.
-	if ($show_message & 2) { $message .= $scs_msg; } //Show success message.
+	if ( ($show_message & 1) && $error ) { $message .= $err_msg; } //Show error message.
+	if (  $show_message & 2)             { $message .= $scs_msg; } //Show success message.
 
 	//Prior page should be either index or edit
 	$page = $_SESSION["recent_pages"][1];
 	$param1 = '?i='.URLencode_path($ipath);
-	$param2 = '&amp;f='.rawurlencode(basename($filename));
+	if ($isfile) {$param2 = '&amp;f='.rawurlencode(basename($filename));}
 
 	return $error; //
-}//end Copy_Ren_Move_response() ************************************************
+}//end CRM_response() **********************************************************
 
 
 
@@ -2160,50 +2192,29 @@ function Delete_File_response($del_file = "", $show_message = 3){ //************
 
 
 
-function New_Folder_Page() { //*************************************************
-	global $_, $FORM_COMMON, $INVALID_CHARS;
-?>
-	<h2><?php echo hsc($_['New_Folder']) ?></h2>
-	<?php echo $FORM_COMMON ?>
-		<p><?php echo hsc($_['new_folder_txt_1']) ?>
-		<?php echo hsc($_['new_folder_txt_2']) ?> <span class="mono"><?php echo hte($INVALID_CHARS) ?></span></p>
-		<input type="text" name="new_folder" id="new_folder" value="">
-		<?php Cancel_Submit_Buttons(hsc($_['Create']),"new_folder"); ?>
-	</form>
-<?php
-} //end New_Folder_Page() ******************************************************
-
-
-
-
 function New_Folder_response(){ //**********************************************
-	global $_, $WEB_ROOT, $ipath, $param1, $page, $message, $EX, $INVALID_CHARS, $INVALID_CHARS_array;
-
-	$new_name = trim($_POST["new_folder"],'/ '); //Trim spaces, and make sure only has a single trailing slash.
-
-	$invalid = false;
-	foreach ($INVALID_CHARS_array as $bad_char) {
-		if (strpos($new_name, $bad_char) !== false) { $invalid = true; }
-	}
-	$page = "index"; //Return to index
+	global $_, $WEB_ROOT, $ipath,            $page, $param1,                   $message, $EX, $INVALID_CHARS;
 
+	$new_name  = trim($_POST["new_folder"], ' /'); //Trim whitespace & slashes.
 	$new_ipath = $ipath.$new_name.'/';
+	$page      = "index"; //Return to index
 
-	if ($invalid){
-		$message .= $EX.'<b>'.hsc($_['new_folder_msg_01']).'</b> <span class="filename">'.hte($new_name).'</span><br>';
-		$message .= '<b>'.hsc($_['new_folder_msg_02']).' <span class="mono">'.hte($INVALID_CHARS).'</span></b>';
+	$msg_new   = '<span class="filename">'.hte($new_name).'</span><br>';
+
+	if (has_invalid_char($new_name)){
+		$message .= $EX.'<b>'.hsc($_['Error']).': '.hsc($_['new_folder_msg_02']);
+		$message .= ' <span class="mono">'.hte($INVALID_CHARS).'</span></b><br>'.$msg_new;
 	}elseif ($new_name == ""){
 		$message .= $EX.'<b>'.hsc($_['new_folder_msg_03']).'</b>';
 	}elseif (is_dir($new_ipath)) {
-		$message .= $EX.'<b>'.hsc($_['new_folder_msg_04']).' </b>';
-		$message .= '<span class="filename">'.hte($WEB_ROOT.$new_ipath).'</span><br>';
+		$message .= $EX.'<b>'.hsc($_['new_folder_msg_04']).'</b> '.$msg_new;
 	}elseif (mkdir($new_ipath)) {
-		$message .= '<b>'.hsc($_['new_folder_msg_05']).'</b> <span class="filename">'.hte($new_name).'</span><br>';
+		$message .= '<b>'.hsc($_['new_folder_msg_05']).'</b> '.$msg_new;
 		$ipath    = $new_ipath;  //return to new folder
 		$param1   = '?i='.URLencode_path($ipath);
+
 	}else{
-		$message .= $EX.'<b>'.hsc($_['new_folder_msg_06']).':</b><br>';
-		$message .= '<span class="filename">'.hte($new_name).'</span><br>';
+		$message .= $EX.'<b>'.hsc($_['new_folder_msg_06']).':</b><br>'.$msg_new;
 	}
 }//end New_Folder_response *****************************************************
 
@@ -2217,7 +2228,7 @@ function Delete_Folder_Page(){ //***********************************************
 	<?php echo $FORM_COMMON ?>
 		<input type="hidden" name="delete_folder" value="<?php echo hsc($ipath); ?>" >
 		<p>
-		<span class="web_root"><?php echo hte($WEB_ROOT.Check_path(dirname($ipath))); ?></span>
+		<span class="web_root"><?php echo hte($WEB_ROOT.dirname($ipath)).'/'; ?></span>
 		<span class="verify_del"><?php echo hte(basename($ipath)); ?></span> /
 		</p>
 		<p><b><?php echo hsc($_['delete_folder_txt_01']) ?></b></p>
@@ -2232,7 +2243,9 @@ function Delete_Folder_Page(){ //***********************************************
 function Delete_Folder_response() { //******************************************
 	global $_, $ipath, $param1, $page, $message, $EX;
 	$page = "index"; //Return to index
-	$foldername = trim($_POST["delete_folder"], '/');
+	$foldername = Check_path($_POST["delete_folder"]);
+	$foldername = trim($foldername,'/');
+	if ($foldername == "") {return;}
 
 	if ( !is_empty($ipath) ) {
 		$message .= $EX.'<b>'.hsc($_['delete_folder_msg_01']).'</b>';
@@ -2240,7 +2253,7 @@ function Delete_Folder_response() { //******************************************
 	}elseif (@rmdir($foldername)) {
 		$message .= '<b>'.hsc($_['delete_folder_msg_02']).'</b> ';
 		$message .= '<span class="filename">'.hte(basename($foldername)).'</span></br>';
-		$ipath  = Check_path($foldername); //Return to parent dir.
+		$ipath  = dirname($foldername).'/'; //Return to parent dir.
 		$param1 = '?i='.URLencode_path($ipath);
 	}else {
 		$message .= $EX.'<b><span class="filename">"'.hte($foldername).'/"</span></b> '.hsc($_['delete_folder_msg_03']);
@@ -2312,26 +2325,28 @@ function MCD_response($action, $msg1, $success_msg = '') { //*******************
 	$count    = count($files);
 	$errors   = 0; //number of failed moves or copies
 
-	$isfile = 1;
+	$isfile = 1; //only working with files, not folders.
 	$show_message = 1; //1= show error msg only. 2= show success msg only. 3= show all msg's.
 
 	if ($action == 'delete') {
 		foreach ($files as $file){
 			$errors += Delete_File_response($ipath.$file, $show_message);
 		}
+		
 	}else { //move or copy
-		$mcd_ipath = $ipath; //$Copy_Ren_Move_response() changes $ipath to $new_location
-		$new_location = trim($_POST['new_location'],'/').'/'; //make sure no leading, and only 1 trailing, slash.
-		if ( !is_dir($new_location) ){
-			$message .= $EX.'<b> '.hsc($_['upload_msg_02']).'</b><br>';
+		$mcd_ipath = $ipath; //$CRM_response() changes $ipath to $new_location
+		
+		//Trim whitespace & slashes, leaving only 1 trailing slash.
+		$new_location = trim($_POST['new_location'],"\x00..\x20/").'/'; 
+		if ( Check_path($new_location, $show_message) === false ){
 			$message .= '<span class="filename">'.hte($WEB_ROOT.$new_location).'</span><br>';
 			return;
 		}
 		
 		foreach ($files as $file){
-			$old_name = $mcd_ipath.$file;
-			$new_name = $new_location.$file;
-			$errors  += Copy_Ren_Move_response($old_name, $new_name, $action, $msg1, $isfile, $show_message);
+			$_POST['old_name'] = $mcd_ipath.$file;
+			$_POST['new_name'] = $new_location.$file;
+			$errors  += CRM_response($action, $msg1, $isfile, $show_message);
 		}
 	}
 
@@ -2370,6 +2385,9 @@ function Page_Title(){ //***<title>Page_Title()</title>*************************
 	elseif ($page == "newfolder")    { return $_['New_Folder'];    }
 	elseif ($page == "renamefolder") { return $_['Ren_Folder'];    }
 	elseif ($page == "deletefolder") { return $_['Del_Folder'];    }
+	elseif ($page == "mcdaction" && ($_POST['action'] == "copy") )    { return $_['Copy_Files'];}
+	elseif ($page == "mcdaction" && ($_POST['action'] == "move") )    { return $_['Move_Files'];}
+	elseif ($page == "mcdaction" && ($_POST['action'] == "delete") )  { return $_['Del_Files']; }
 	else                             { return $_SERVER['SERVER_NAME']; }
 }//end Page_Title() ************************************************************
 
@@ -2387,12 +2405,12 @@ function Load_Selected_Page(){ //***********************************************
 	elseif ($page == "changeun")     { Change_PWUN_Page('un');}
 	elseif ($page == "edit")         { Edit_Page();           }
 	elseif ($page == "upload")       { Upload_Page();         }
-	elseif ($page == "newfile")      { New_File_Page();       }
-	elseif ($page == "copy")         { Copy_Ren_Move_Page($_['Copy'],     $_['File'], 'copy_file',   1); }
-	elseif ($page == "rename")       { Copy_Ren_Move_Page($_['Ren_Move'], $_['File'], 'rename_file', 1); }
+	elseif ($page == "newfile")      { New_File_or_Folder_Page($_['New_File'] ,"new_file");}
+	elseif ($page == "copy")         { CRM_Page($_['Copy'],     $_['File'], 'copy_file',   1); }
+	elseif ($page == "rename")       { CRM_Page($_['Ren_Move'], $_['File'], 'rename_file', 1); }
 	elseif ($page == "delete")       { Delete_File_Page();    }
-	elseif ($page == "newfolder")    { New_Folder_Page();     }
-	elseif ($page == "renamefolder") { Copy_Ren_Move_Page($_['Ren_Move'], $_['Folder'], 'rename_folder', 0); }
+	elseif ($page == "newfolder")    { New_File_or_Folder_Page($_['New_Folder'] ,"new_folder");}
+	elseif ($page == "renamefolder") { CRM_Page($_['Ren_Move'], $_['Folder'], 'rename_folder', 0); }
 	elseif ($page == "deletefolder") { Delete_Folder_Page();  }
 	elseif ($page == "mcdaction")    { MCD_Page();            }
 	else                             { Login_Page();          } //default
@@ -2422,11 +2440,11 @@ function Respond_to_POST() {//**************************************************
 		elseif (isset($_POST["un"]           )) { Change_PWUN_response('un', $_['change_un_02']);}
 		elseif (isset($_POST["filename"]     )) { Edit_response();           }
 		elseif (isset($_POST["new_file"]     )) { New_File_response();       }
-		elseif (isset($_POST["copy_file"]    )) { Copy_Ren_Move_response($_POST[ "old_name"], $_POST["copy_file"]  , 'copy'  , $_['Copy']    , 1); }
-		elseif (isset($_POST["rename_file"]  )) { Copy_Ren_Move_response($_POST[ "old_name"], $_POST["rename_file"], 'rename', $_['Ren_Move'], 1); }
+		elseif (isset($_POST["copy_file"]    )) { CRM_response('copy'  , $_['Copy']    , 1); }
+		elseif (isset($_POST["rename_file"]  )) { CRM_response('rename', $_['Ren_Move'], 1); }
 		elseif (isset($_POST["delete_file"]  )) { Delete_File_response();    }
 		elseif (isset($_POST["new_folder"]   )) { New_Folder_response();     }
-		elseif (isset($_POST["rename_folder"])) { Copy_Ren_Move_response($_POST[ "old_name"], $_POST["rename_folder"], 'rename', $_['Ren_Move'], 0); }
+		elseif (isset($_POST["rename_folder"])) { CRM_response('rename', $_['Ren_Move'], 0); }
 		elseif (isset($_POST["delete_folder"])) { Delete_Folder_response();  }
 		elseif (isset($_FILES['upload_file']['name']))  { Upload_response(); }
 	}//end if ($VALID_POST)
@@ -3279,7 +3297,7 @@ function Language_and_config_adjusted_styles() {//******************************
 		$message .= $EX.'<b>'.hsc($_['edit_caution_01']).' '.$EX.hsc($_['edit_caution_02']).'</b><br>';
 	}
 	//end Verify a few $page restrictions ************
-	
+
 	Update_Recent_Pages();
 
 }//end if $_SESSION[valid] *************************************

From 717bfb78bbf39982d8b9ffe1308ee807acc54299 Mon Sep 17 00:00:00 2001
From: David <selfevidenttruths@mail.com>
Date: Thu, 13 Sep 2012 18:00:00 -0400
Subject: [PATCH 142/228] Version 3.4.03 Get_GET(): minor improvement/fix to
 ipath validation. Added check if $ipath = "", and $page = deletefolder or
 renamefolder, ignore & load index. Added Check_path() to $old_ &
 $new_location incase either is root. (avoids "dot" folder name) Created
 dir_name(), a modified dirname(). List_Files(): Changed <form> name to
 mcdselect, from mcdaction. List_Files(): Changed hidden <input> name and
 value to mcdselect, from mcdaction. New_File_or_Folder_response(): Replaced
 New_File_response() & New_Folder_response(). CRM_Page(): Split inputs for
 filename (or current folder) and parent dir path. CRM_response(): Adjusted
 per CRM_Page() changes. MCD_response(): Adjusted per CRM_Page() changes.
 MCD_Page(): moved if copy/move/del to Load_Selected_Page() logic. MCD_Page():
 Consolidated two loops into one. Update_Recent_Pages(): Removed option to
 remove current page (no longer used). Changed, added, and removed a number of
 $_[] values. Verify_IDLE_POST_etc(): Don't logout if invalid post, just clear
 POST & load index. Respond_to_POST(): minor logic improvement.
 Verify_page_conditions(): consolidated $page checks from main logic,
 Get_GET(), & Respond_to_POST(). Numerous changed, new, and removed $_[]
 values.

---
 OneFileCMS.LANG.DE.php   |  67 ++--
 OneFileCMS.LANG.EN.php   | 200 ++++++------
 OneFileCMS.LANG.ES.php   |  72 ++---
 OneFileCMS_structure.txt |  30 +-
 onefilecms.php           | 644 +++++++++++++++++++--------------------
 readme.markdown          |  22 +-
 6 files changed, 503 insertions(+), 532 deletions(-)

diff --git a/OneFileCMS.LANG.DE.php b/OneFileCMS.LANG.DE.php
index 1bbfa65..c815b57 100755
--- a/OneFileCMS.LANG.DE.php
+++ b/OneFileCMS.LANG.DE.php
@@ -1,5 +1,5 @@
 <?php
-// OneFileCMS Language Settings v3.4.01
+// OneFileCMS Language Settings v3.4.03
 
 $_['LANGUAGE'] = 'Deutsch';
 $_['LANG'] = 'DE';
@@ -41,6 +41,7 @@
 $_['Deleted'] = 'Deleted'; //## NT ##
 $_['Edit']    = 'Bearbeiten';
 $_['Enter']   = 'Eintreten';
+$_['Error']   = 'Error';   //## NT ##
 $_['errors']  = 'errors';  //## NT ##
 $_['File']    = 'Datei';  
 $_['Folder']  = 'Ordner'; 
@@ -49,8 +50,9 @@
 $_['Move']    = 'Verschieben';
 $_['Moved']   = 'Verschoben';
 $_['on']      = 'läuft unter';
-$_['Password'] = 'Passwort';
+$_['bytes']   = 'bytes';
 
+$_['Password']   = 'Passwort';  
 $_['Rename']     = 'Umbenennen';
 $_['successful'] = 'successful'; //## NT ##
 $_['To']         = 'To';         //## NT ##
@@ -60,7 +62,7 @@
 $_['Log_Out']    = 'Abmelden';  
 
 $_['Admin_Options']  = 'Administration Options'; //## NT ##
-$_['Edit_View']      = 'Edit / View File';    //## NT ##
+$_['Edit_View']      = 'Edit / View File';      //## NT ##
 $_['Upload_File']    = 'Datei heraufladen';  
 $_['New_File']       = 'Datei erstellen';    
 $_['Ren_Move']       = 'Umbenennen / Verschieben';
@@ -75,7 +77,7 @@
 $_['Selected_Files'] = 'Selected Files';      //## NT ##
 $_['Select_All']     = 'Select All';          //## NT ##
 $_['Clear_All']      = 'Clear All';           //## NT ##
-$_['New_location']   = 'New Location';        //## NT ##
+$_['New_Location']   = 'New Location';        //## NT ##
 $_['No_files']       = 'No files selected.';  //## NT ##
 $_['No_action']      = 'No action selected.'; //## NT ##
 $_['Not_found']      = 'Not found';           //## NT ##
@@ -94,8 +96,8 @@
 
 $_['get_get_msg_01']    = 'Die Datei wurde nicht gefunden:';
 $_['get_get_msg_02']    = 'Invalid page request.';
-$_['get_get_msg_03']    = 'Missing information for requested page'; //## NT ##
-$_['check_path_msg_01'] = 'Das Verzeichnis wurde nicht gefunden: ';
+$_['check_path_msg_02'] = 'dot" or "dot dot" path segments are not permitted.'; //## NT ##
+$_['check_path_msg_03'] = 'Path or filename contains an invalid character:'; //## NT ##
 $_['ord_msg_01']        = 'Eine Datei mit demselben Namen existiert bereits im Zielverzeichnis.';
 $_['ord_msg_02']        = 'Speichern als';
 $_['show_img_msg_01']   = 'Die Bilddarstellung entspricht ~';
@@ -132,18 +134,15 @@
 $_['edit_txt_04'] = 'Das Verhalten kann je nach verwendeter PHP-Version unterschiedlich sein.';
 
 $_['too_large_to_edit_01a'] = 'Bearbeitungsfunktion deaktiviert. Dateigröße > ';
-$_['too_large_to_edit_01b'] = ' bytes.';
 $_['too_large_to_edit_02']  = 'Einige Browser (wie zum Beispiel der Internet Explorer) bleiben stecken oder werden instabil, sobald größere Textmengen in einer HTML <textarea> bearbeitet werden.';
 $_['too_large_to_edit_03']  = 'Die Einstellung $MAX_EDIT_SIZE im Konfigurationsbereich des OneFileCMS kann nach den Erfordernissen angepaßt werden.';
 $_['too_large_to_edit_04']  = 'Mittels einfachem Trial & Error kann das optimale Limit für einen bestimmten Browser und Computer festgestellt werden.';
 $_['too_large_to_view_01a'] = 'Betrachtungsmodus deaktiviert. Filesize > ';
-$_['too_large_to_view_01b'] = ' Bytes.';
 $_['too_large_to_view_02']  = 'Klicken Sie auf den Dateinamen überhalb, um die Datei direkt im Browser anzuzeigen.';
 $_['too_large_to_view_03']  = 'Adjustieren Sie die $MAX_VIEW_SIZE im Konfigurationsbereich von OneFileCMS nach Ihren Bedürfnissen.';
 $_['too_large_to_view_04']  = '(The default value for $MAX_VIEW_SIZE is completely arbitrary, and may be adjusted as desired.)'; //## NT ##
 
 $_['meta_txt_01'] = 'Dateigröße: ';
-$_['meta_txt_02'] = ' Bytes.';
 $_['meta_txt_03'] = 'Zuletzt aktualisiert am/um: ';
 $_['edit_msg_01'] = 'Die Datei wurde gespeichert: ';
 $_['edit_msg_02'] = 'Bytes geschrieben.';
@@ -178,41 +177,30 @@
 $_['new_file_msg_03'] = 'Es wurde keine Datei erstellt, da kein Name eingegeben wurde';
 $_['new_file_msg_04'] = 'Die Datei besteht bereits: ';
 $_['new_file_msg_05'] = 'Datei erstellt:';
-$_['new_file_msg_06'] = 'Fehler - die Datei konnte nicht erstellt werden:';
+$_['new_file_msg_07'] = 'Ordner erstellt:';
 
-$_['CRM_txt_01']  = 'Um eine Datei oder einen Ordner zu verschieben, ändern Sie den pfad/zur/datei/oder/dem/verzeichnis.';
 $_['CRM_txt_02']  = 'Der neue Ort muss bereits existieren.';
-$_['CRM_txt_03']  = 'Alter Name';
+$_['CRM_txt_03']  = 'Alter Name und Zielort';
 $_['CRM_txt_04']  = 'Neuer Name';
 $_['CRM_msg_01']  = ' Fehler - der neue Zielort besteht nicht:';
 $_['CRM_msg_02']  = ' Fehler - die Quelldatei besteht nicht:';
 $_['CRM_msg_03']  = ' Fehler - die Zieldatei besteht bereits:';
-$_['CRM_msg_04']  = ' zu ';
 $_['CRM_msg_05a'] = 'Fehler während ';
-$_['CRM_msg_05b'] = ' des folgenden Vorgangs:';
 
 $_['delete_txt_01'] = 'Sind Sie sicher?';
 $_['delete_msg_01'] = 'Gelöschte Datei:';
 $_['delete_msg_02'] = 'Während des Löschvorgangs trat ein Fehler auf ';
 
-$_['new_folder_txt_1']  = 'Der neue Ordner wird als Unterordner des aktuellen Ordners angelegt.  ';
-$_['new_folder_txt_2']  = 'Ungültige Zeichen für Ordnernamen sind: ';
-$_['new_folder_msg_01'] = 'Der Ordner konnte nicht erstellt werden:';
-$_['new_folder_msg_02'] = 'Der Name enthält ungültige Zeichen: ';
-$_['new_folder_msg_03'] = 'Es wurde kein Ordner erstellt, da kein Name dafür eingegeben wurde.';
-$_['new_folder_msg_04'] = 'Der Ordner besteht bereits: ';
-$_['new_folder_msg_05'] = 'Ordner erstellt:';
-$_['new_folder_msg_06'] = 'Fehler - der Ordner konnte nicht erstellt werden: ';
-
 $_['delete_folder_txt_01'] = 'Sind Sie sicher?';
 $_['delete_folder_msg_01'] = 'Der Ordner ist nicht leer.   Bevor ein Ordner gelöscht werden kann, muss er geleert werden.';
 $_['delete_folder_msg_02'] = 'Gelöschter Ordner:';
 $_['delete_folder_msg_03'] = 'während des Löschvorgangs trat ein Fehler auf.';
 
-$_['session_warning']  = 'Achtung: Die sitzung wird ende bald!';
-$_['session_expired']  = 'SITZUNG ABGELAUFEN';
-$_['unload_unsaved']   = '               Nicht gespeicherte Änderungen gehen verloren!';
-$_['confirm_reset']    = 'Soll der Inhalt der Datei zurückgesetzt werden (Änderungen gehen verloren)?';
+$_['session_warning'] = 'Achtung: Die sitzung wird ende bald!';
+$_['session_expired'] = 'SITZUNG ABGELAUFEN';
+$_['unload_unsaved']  = '               Nicht gespeicherte Änderungen gehen verloren!';
+$_['confirm_reset']   = 'Soll der Inhalt der Datei zurückgesetzt werden (Änderungen gehen verloren)?';
+
 $_['OFCMS_requires']   = 'OneFileCMS erfordert PHP';
 $_['logout_msg']       = 'Sie wurden erfolgreich abgemeldet.';
 $_['folder_del_msg']   = 'Der Ordner ist nicht leer.   Der Ordner muss leer sein, bevor er gelöscht werden kann.';
@@ -237,24 +225,25 @@
 $_['admin_txt_14'] = 'Eine weitere, kleine Sicherheitsvorkehrung wäre, das Salz oder die Methode für die Streuwertgenerierung von OneFileCMS zu ändern.';
 $_['admin_txt_16'] = 'Sie können auch OneFileCMS selbst bearbeiten.  Legen Sie aber sicherheitshalber eine Kopie an, falls es zu einem unerwünschten Schreibfehler kommt...';
 
-$_['pw_change']  = 'Passwort ändern';           
-$_['pw_current'] = 'Aktuelles Passwort';         
-$_['pw_new']     = 'Neues Passwort';             
+$_['pw_change']  = 'Passwort ändern';     
+$_['pw_current'] = 'Aktuelles Passwort';   
+$_['pw_new']     = 'Neues Passwort';       
 $_['pw_confirm'] = 'Bestätigen Sie das neue Password';
-$_['pw_txt_02']  = 'Regeln für Passwort / Benutzername:';
-$_['pw_txt_04']  = 'Groß-/Kleinschreibung wird berücksichtigt!';
-$_['pw_txt_06']  = 'Zumindest ein Zeichen, das nicht als Leerzeichen zählt, muss enthalten sein.';
-$_['pw_txt_08']  = 'Leerzeichen in der Mitte sind gültig. Beispiel: "This is a password or username!"';
-$_['pw_txt_10']  = 'Führende und angehängte Leerzeichen werden entfernt.';
-$_['pw_txt_12']  = 'Nur die aktive Kopie von OneFileCMS wird aktualisiert - es werden keine externen Konfigurationsdateien geändert.';
-$_['pw_txt_14']  = 'Wird ein ungültiges Passwort eingegeben, werden Sie abgemeldet. Sie können sich anschließend neu anmelden.';
+
+$_['pw_txt_02'] = 'Regeln für Passwort / Benutzername:';
+$_['pw_txt_04'] = 'Groß-/Kleinschreibung wird berücksichtigt!';
+$_['pw_txt_06'] = 'Zumindest ein Zeichen, das nicht als Leerzeichen zählt, muss enthalten sein.';
+$_['pw_txt_08'] = 'Leerzeichen in der Mitte sind gültig. Beispiel: "This is a password or username!"';
+$_['pw_txt_10'] = 'Führende und angehängte Leerzeichen werden entfernt.';
+$_['pw_txt_12'] = 'Nur die aktive Kopie von OneFileCMS wird aktualisiert - es werden keine externen Konfigurationsdateien geändert.';
+$_['pw_txt_14'] = 'Wird ein ungültiges Passwort eingegeben, werden Sie abgemeldet. Sie können sich anschließend neu anmelden.';
 
 $_['change_pw_01'] = 'Passwort wurde geändert!';                      
 $_['change_pw_02'] = 'Passwort wurde nicht geändert:';                
 $_['change_pw_03'] = 'Falsches (derzeitiges) Passwort. Bitte melden Sie sich an, um es erneut zu versuchen.';
 $_['change_pw_04'] = 'Die Werte der Felder "Neu" und "Bestätigen" gleichen sich nicht.';
-$_['change_pw_05'] = 'Updating';                                        //## NT ##
-$_['change_pw_06'] = 'external config file';                            //## NT ##
+$_['change_pw_05'] = 'Updating';                //## NT ##
+$_['change_pw_06'] = 'external config file';    //## NT ##
 
 $_['un_change']     = 'Benutzername ändern';                 
 $_['un_new']        = 'Neuer Benutzername';                   
diff --git a/OneFileCMS.LANG.EN.php b/OneFileCMS.LANG.EN.php
index 4667d7b..c92cd22 100755
--- a/OneFileCMS.LANG.EN.php
+++ b/OneFileCMS.LANG.EN.php
@@ -1,5 +1,5 @@
 <?php
-// OneFileCMS Language Settings v3.4.02
+// OneFileCMS Language Settings v3.4.03
 
 $_['LANGUAGE'] = 'English'; //EN
 $_['LANG'] = 'EN';
@@ -17,9 +17,9 @@
 // So, a smaller font or less spacing may be desirable in those places to preserve page layout.
 //
 $_['front_links_font_size'] = '1em';    //Buttons on Index page.
-$_['front_links_margin_R']  = '1em';   
+$_['front_links_margin_R']  = '1em';
 $_['button_font_size']      = '.9em';   //Buttons on Edit page.
-$_['button_margin_L']       = '.7em';  
+$_['button_margin_L']       = '.7em';
 $_['button_padding']        = '4px 10px';
 $_['image_info_font_size']  = '1em';    //show_img_msg_01  &  _02
 $_['image_info_pos']        = '';       //If 1 or true, moves the info down a line for more space.
@@ -30,58 +30,59 @@
 $_['C'] = 'C'; //C opy
 $_['D'] = 'D'; //D elete
 
-$_['Admin']   = 'Admin';  
-$_['Cancel']  = 'Cancel'; 
-$_['Close']   = 'Close';  
-$_['Copy']    = 'Copy';   
-$_['Copied']  = 'Copied'; 
-$_['Create']  = 'Create'; 
-$_['Delete']  = 'Delete'; 
-$_['DELETE']  = 'DELETE'; 
+$_['Admin']   = 'Admin';
+$_['Cancel']  = 'Cancel';
+$_['Close']   = 'Close';
+$_['Copy']    = 'Copy';
+$_['Copied']  = 'Copied';
+$_['Create']  = 'Create';
+$_['Delete']  = 'Delete';
+$_['DELETE']  = 'DELETE';
 $_['Deleted'] = 'Deleted';
-$_['Edit']    = 'Edit';   
-$_['Enter']   = 'Enter';  
-$_['Error']   = 'Error'; //#####
-$_['errors']  = 'errors'; 
-$_['File']    = 'File';   
-$_['Folder']  = 'Folder'; 
-$_['From']    = 'From';   
-$_['Hash']    = 'Hash';   
-$_['Move']    = 'Move';   
-$_['Moved']   = 'Moved';  
-$_['on']      = 'on';     
-$_['Password'] = 'Password';
+$_['Edit']    = 'Edit';
+$_['Enter']   = 'Enter';
+$_['Error']   = 'Error';   //#####
+$_['errors']  = 'errors';
+$_['File']    = 'File';
+$_['Folder']  = 'Folder';
+$_['From']    = 'From';
+$_['Hash']    = 'Hash';
+$_['Move']    = 'Move';
+$_['Moved']   = 'Moved';
+$_['on']      = 'on';
+$_['bytes']   = 'bytes';   //#####
 
-$_['Rename']     = 'Rename';    
+$_['Password']   = 'Password';
+$_['Rename']     = 'Rename';
 $_['successful'] = 'successful';
-$_['To']         = 'To';        
-$_['Upload']     = 'Upload';    
-$_['Username']   = 'Username';  
-$_['Log_In']     = 'Log In';    
-$_['Log_Out']    = 'Log Out';   
+$_['To']         = 'To';
+$_['Upload']     = 'Upload';
+$_['Username']   = 'Username';
+$_['Log_In']     = 'Log In';
+$_['Log_Out']    = 'Log Out';
 
 $_['Admin_Options']  = 'Administration Options';
-$_['Edit_View']      = 'Edit / View File';   
-$_['Upload_File']    = 'Upload File';        
-$_['New_File']       = 'New File';           
-$_['Ren_Move']       = 'Rename / Move';      
-$_['Ren_Moved']      = 'Renamed / Moved';    
-$_['New_Folder']     = 'New Folder';         
+$_['Edit_View']      = 'Edit / View File';
+$_['Upload_File']    = 'Upload File';
+$_['New_File']       = 'New File';
+$_['Ren_Move']       = 'Rename / Move';
+$_['Ren_Moved']      = 'Renamed / Moved';
+$_['New_Folder']     = 'New Folder';
 $_['Ren_Folder']     = 'Rename / Move Folder';
-$_['Del_Folder']     = 'Delete Folder';      
-$_['Submit']         = 'Submit Request';     
-$_['Move_Files']     = 'Move File(s)';       
-$_['Copy_Files']     = 'Copy File(s)';       
-$_['Del_Files']      = 'Delete File(s)';     
-$_['Selected_Files'] = 'Selected Files';     
-$_['Select_All']     = 'Select All';         
-$_['Clear_All']      = 'Clear All';          
-$_['New_location']   = 'New Location';       
-$_['No_files']       = 'No files selected.'; 
+$_['Del_Folder']     = 'Delete Folder';
+$_['Submit']         = 'Submit Request';
+$_['Move_Files']     = 'Move File(s)';
+$_['Copy_Files']     = 'Copy File(s)';
+$_['Del_Files']      = 'Delete File(s)';
+$_['Selected_Files'] = 'Selected Files';
+$_['Select_All']     = 'Select All';
+$_['Clear_All']      = 'Clear All';
+$_['New_Location']   = 'New Location';
+$_['No_files']       = 'No files selected.';
 $_['No_action']      = 'No action selected.';
-$_['Not_found']      = 'Not found';          
-$_['pass_to_hash']   = 'Password to hash:';  
-$_['Generate_Hash']  = 'Generate Hash';      
+$_['Not_found']      = 'Not found';
+$_['pass_to_hash']   = 'Password to hash:';
+$_['Generate_Hash']  = 'Generate Hash';
 
 $_['save_1']      = 'Save';
 $_['save_2']      = 'SAVE CHANGES!';
@@ -95,8 +96,8 @@
 
 $_['get_get_msg_01']    = 'File does not exist:';
 $_['get_get_msg_02']    = 'Invalid page request:';
-$_['get_get_msg_03']    = 'Missing information for requested page';
-$_['check_path_msg_01'] = 'Directory does not exist:';
+$_['check_path_msg_02'] = 'dot" or "dot dot" path segments are not permitted.'; //#####
+$_['check_path_msg_03'] = 'Path or filename contains an invalid character:'; //#####
 $_['ord_msg_01']        = 'A file with that name already exists in the target directory.';
 $_['ord_msg_02']        = 'Saving as';
 $_['show_img_msg_01']   = 'Image shown at ~';
@@ -133,18 +134,15 @@
 $_['edit_txt_04'] = 'This behavior can be inconsistant from version to version of php.';
 
 $_['too_large_to_edit_01a'] = 'Edit disabled. Filesize >';
-$_['too_large_to_edit_01b'] = 'bytes.';
 $_['too_large_to_edit_02']  = 'Some browsers (ie: IE) bog down or become unstable while editing a large file in an HTML <textarea>.';
 $_['too_large_to_edit_03']  = 'Adjust $MAX_EDIT_SIZE in the configuration section of OneFileCMS as needed.';
 $_['too_large_to_edit_04']  = 'A simple trial and error test can determine a practical limit for a given browser/computer.';
 $_['too_large_to_view_01a'] = 'View disabled. Filesize >';
-$_['too_large_to_view_01b'] = 'bytes.';
 $_['too_large_to_view_02']  = 'Click the file name above to view as normally rendered in a browser window.';
 $_['too_large_to_view_03']  = 'Adjust $MAX_VIEW_SIZE in the configuration section of OneFileCMS as needed.';
 $_['too_large_to_view_04']  = '(The default value for $MAX_VIEW_SIZE is completely arbitrary, and may be adjusted as desired.)';
 
 $_['meta_txt_01'] = 'Filesize:';
-$_['meta_txt_02'] = 'bytes.';
 $_['meta_txt_03'] = 'Updated:';
 $_['edit_msg_01'] = 'File saved:';
 $_['edit_msg_02'] = 'bytes written.';
@@ -166,54 +164,43 @@
 $_['upload_err_08']  = 'Error 8: A PHP extension stopped the file upload.';
 
 $_['upload_msg_01'] = 'No file selected for upload.';
-$_['upload_msg_02'] = 'Destination folder does not exist:';
+$_['upload_msg_02'] = 'Destination folder invalid:'; //#####
 $_['upload_msg_03'] = 'Upload cancelled.';
 $_['upload_msg_04'] = 'Uploading:';
 $_['upload_msg_05'] = 'Upload successful!';
 $_['upload_msg_06'] = 'Upload failed:';
 
-$_['new_file_txt_01'] = 'File or Folder will be created in the current folder.';  //#####
+$_['new_file_txt_01'] = 'File or Folder will be created in the current folder.'; //#####
 $_['new_file_txt_02'] = 'Some invalid characters are:';
-$_['new_file_msg_01'] = 'New file not created:';
-$_['new_file_msg_02'] = 'Name contains invalid character(s):';
+$_['new_file_msg_01'] = 'File or folder not created:'; //#####
+$_['new_file_msg_02'] = 'Name contains an invalid character:'; //#####
 $_['new_file_msg_03'] = 'Not created - no name given'; //#####
-$_['new_file_msg_04'] = 'File or folder already exists:';  //#####
+$_['new_file_msg_04'] = 'File or folder already exists:'; //#####
 $_['new_file_msg_05'] = 'Created file:';
-$_['new_file_msg_06'] = 'Error - new file not created:';
+$_['new_file_msg_07'] = 'Created folder:'; //#####
 
-$_['CRM_txt_01']  = 'To move a file or folder, change the path/to/folder/or_file.';
 $_['CRM_txt_02']  = 'The new location must already exist.';
-$_['CRM_txt_03']  = 'Old name';
+$_['CRM_txt_03']  = 'Old name and location'; //#####
 $_['CRM_txt_04']  = 'New name';
 $_['CRM_msg_01']  = 'Error - new parent location does not exist:';
 $_['CRM_msg_02']  = 'Error - source file does not exist:';
-$_['CRM_msg_03']  = 'Error - target filename already exists:';
-$_['CRM_msg_04']  = 'to';
+$_['CRM_msg_03']  = 'Error - new file or folder already exists:'; //#####
 $_['CRM_msg_05a'] = 'Error during';
-$_['CRM_msg_05b'] = 'from the above to the following:';
 
 $_['delete_txt_01'] = 'Are you sure?';
 $_['delete_msg_01'] = 'Deleted file:';
 $_['delete_msg_02'] = 'Error deleting';
 
-$_['new_folder_txt_1']  = 'Folder will be created in the current folder.';
-$_['new_folder_txt_2']  = 'Some invalid characters are:';
-$_['new_folder_msg_01'] = 'New folder not created:';
-$_['new_folder_msg_02'] = 'Name contains invalid character(s):';
-$_['new_folder_msg_03'] = 'New folder not created - no name given.';
-$_['new_folder_msg_04'] = 'Folder already exists:';
-$_['new_folder_msg_05'] = 'Created folder:';
-$_['new_folder_msg_06'] = 'Error - new folder not created:';
-
 $_['delete_folder_txt_01'] = 'Are you sure?';
 $_['delete_folder_msg_01'] = 'Folder not empty. Folders must be empty before they can be deleted.';
 $_['delete_folder_msg_02'] = 'Deleted folder:';
 $_['delete_folder_msg_03'] = 'an error occurred during delete.';
 
-$_['session_warning']  = 'Warning: Session timeout soon!';
-$_['session_expired']  = 'SESSION EXPIRED';
-$_['unload_unsaved']   = ' Unsaved changes will be lost!';
-$_['confirm_reset']    = 'Reset file and loose unsaved changes?';
+$_['session_warning'] = 'Warning: Session timeout soon!';
+$_['session_expired'] = 'SESSION EXPIRED';
+$_['unload_unsaved']  = ' Unsaved changes will be lost!';
+$_['confirm_reset']   = 'Reset file and loose unsaved changes?';
+
 $_['OFCMS_requires']   = 'OneFileCMS requires PHP';
 $_['logout_msg']       = 'You have successfully logged out.';
 $_['folder_del_msg']   = 'Folder not empty. Folders must be empty before they can be deleted.';
@@ -223,11 +210,11 @@
 $_['edit_caution_02']  = 'You are editing the active copy of OneFileCMS - BACK IT UP & BE CAREFUL !!';
 $_['time_out_txt']     = 'Session time out in:';
 
-$_['error_reporting_01'] = 'Display errors is';        
-$_['error_reporting_02'] = 'Log errors is';            
+$_['error_reporting_01'] = 'Display errors is';
+$_['error_reporting_02'] = 'Log errors is';
 $_['error_reporting_03'] = 'Error reporting is set to';
-$_['error_reporting_04'] = 'Showing error types';      
-$_['error_reporting_05'] = 'Unexpected early output';  
+$_['error_reporting_04'] = 'Showing error types';
+$_['error_reporting_05'] = 'Unexpected early output';
 $_['error_reporting_06'] = '(nothing, not even white-space, should have been output yet)';
 
 $_['admin_txt_00'] = 'Old Backup Found';
@@ -238,31 +225,32 @@
 $_['admin_txt_14'] = 'For another small improvement to security, change the default salt and/or method used by OneFileCMS to hash the password (and keep them secret, of course). Every little bit helps...';
 $_['admin_txt_16'] = 'Also, you can still use OneFileCMS to edit itself. However, be sure to have a backup ready for the inevitable ytpo...';
 
-$_['pw_change']  = 'Change Password';            
-$_['pw_current'] = 'Current Password';           
-$_['pw_new']     = 'New Password';               
-$_['pw_confirm'] = 'Confirm New Password';       
-$_['pw_txt_02']  = 'Password / Username rules:'; 
-$_['pw_txt_04']  = 'They are case-sensitive!';   
-$_['pw_txt_06']  = 'They must contain at least one non-space character.';
-$_['pw_txt_08']  = 'They may contain spaces in the middle. Ex: "This is a password or username!"';
-$_['pw_txt_10']  = 'Leading and trailing spaces are removed.';
-$_['pw_txt_12']  = 'To record the change, only one file is updated: either the active copy of OneFileCMS, or, if specified, an external configuration file.';
-$_['pw_txt_14']  = 'If an incorrect current password is entered, you will be logged out, but you may log back in.';
+$_['pw_change']  = 'Change Password';
+$_['pw_current'] = 'Current Password';
+$_['pw_new']     = 'New Password';
+$_['pw_confirm'] = 'Confirm New Password';
+
+$_['pw_txt_02'] = 'Password / Username rules:';
+$_['pw_txt_04'] = 'They are case-sensitive!';
+$_['pw_txt_06'] = 'They must contain at least one non-space character.';
+$_['pw_txt_08'] = 'They may contain spaces in the middle. Ex: "This is a password or username!"';
+$_['pw_txt_10'] = 'Leading and trailing spaces are removed.';
+$_['pw_txt_12'] = 'To record the change, only one file is updated: either the active copy of OneFileCMS, or, if specified, an external configuration file.';
+$_['pw_txt_14'] = 'If an incorrect current password is entered, you will be logged out, but you may log back in.';
 
-$_['change_pw_01'] = 'Password changed!';                              
-$_['change_pw_02'] = 'Password NOT changed:';                          
+$_['change_pw_01'] = 'Password changed!';
+$_['change_pw_02'] = 'Password NOT changed:';
 $_['change_pw_03'] = 'Incorrect current password. Login to try again.';
-$_['change_pw_04'] = 'New and "Confirm New" values do not match.';     
-$_['change_pw_05'] = 'Updating';                                       
-$_['change_pw_06'] = 'external config file';                           
+$_['change_pw_04'] = 'New and "Confirm New" values do not match.';
+$_['change_pw_05'] = 'Updating';
+$_['change_pw_06'] = 'external config file';
 
-$_['un_change']     = 'Change Username';                      
-$_['un_new']        = 'New Username';                         
-$_['un_confirm']    = 'Confirm New Username';                 
-$_['change_un_01']  = 'Username changed!';                    
-$_['change_un_02']  = 'Username NOT changed:';                
-$_['update_failed'] = 'Update failed - could not save file.'; 
-$_['mcd_msg_01']    = 'files moved successfully.';            
-$_['mcd_msg_02']    = 'files copied successfully.';           
-$_['mcd_msg_03']    = 'files deleted successfully.';          
+$_['un_change']     = 'Change Username';
+$_['un_new']        = 'New Username';
+$_['un_confirm']    = 'Confirm New Username';
+$_['change_un_01']  = 'Username changed!';
+$_['change_un_02']  = 'Username NOT changed:';
+$_['update_failed'] = 'Update failed - could not save file.';
+$_['mcd_msg_01']    = 'files moved successfully.';
+$_['mcd_msg_02']    = 'files copied successfully.';
+$_['mcd_msg_03']    = 'files deleted successfully.';
diff --git a/OneFileCMS.LANG.ES.php b/OneFileCMS.LANG.ES.php
index bf0dfc8..0b9fb29 100755
--- a/OneFileCMS.LANG.ES.php
+++ b/OneFileCMS.LANG.ES.php
@@ -1,5 +1,5 @@
 <?php
-// OneFileCMS Language Settings v3.4.01
+// OneFileCMS Language Settings v3.4.03
 
 $_['LANGUAGE'] = 'Espanõla';
 $_['LANG'] = 'ES';
@@ -41,6 +41,7 @@
 $_['Deleted'] = 'Deleted'; //## NT ##
 $_['Edit']    = 'Editar'; 
 $_['Enter']   = 'Entrar'; 
+$_['Error']   = 'Error';   //## NT ##
 $_['errors']  = 'errors';  //## NT ##
 $_['File']    = 'Archivo';
 $_['Folder']  = 'Carpeta';
@@ -49,8 +50,9 @@
 $_['Move']    = 'Mover';  
 $_['Moved']   = 'Movido'; 
 $_['on']      = 'activado';
-$_['Password'] = 'Password'; //## NT ##
+$_['bytes']   = 'bytes';
 
+$_['Password']   = 'Password';   //## NT ##
 $_['Rename']     = 'Renombrar'; 
 $_['successful'] = 'successful'; //## NT ##
 $_['To']         = 'To';         //## NT ##
@@ -75,7 +77,7 @@
 $_['Selected_Files'] = 'Selected Files';      //## NT ##
 $_['Select_All']     = 'Select All';          //## NT ##
 $_['Clear_All']      = 'Clear All';           //## NT ##
-$_['New_location']   = 'New Location';        //## NT ##
+$_['New_Location']   = 'New Location';        //## NT ##
 $_['No_files']       = 'No files selected.';  //## NT ##
 $_['No_action']      = 'No action selected.'; //## NT ##
 $_['Not_found']      = 'Not found';           //## NT ##
@@ -93,9 +95,9 @@
 $_['verify_msg_02']  = 'POST INVÁLIDO';
 
 $_['get_get_msg_01']    = 'El archivo no existe:';
-$_['get_get_msg_02']    = 'Invalid page request.';
-$_['get_get_msg_03']    = 'Missing information for requested page'; //## NT ##
-$_['check_path_msg_01'] = 'El directorio no existe: ';
+$_['get_get_msg_02']    = 'Invalid page request:'; //## NT ##
+$_['check_path_msg_02'] = 'dot" or "dot dot" path segments are not permitted.'; //## NT ##
+$_['check_path_msg_03'] = 'Path or filename contains an invalid character:'; //## NT ##
 $_['ord_msg_01']        = 'Un archivo con ese mismo nombre ya existe en el directorio asignado.';
 $_['ord_msg_02']        = 'Guardando como';
 $_['show_img_msg_01']   = 'Imagen mostrada a ~';
@@ -132,18 +134,15 @@
 $_['edit_txt_04'] = 'Este comportamiento puede ser inconsistente de versión a versión de PHP.';
 
 $_['too_large_to_edit_01a'] = 'Edición deshabilita. Tamaño >';
-$_['too_large_to_edit_01b'] = 'bytes.'; //## NT ##
 $_['too_large_to_edit_02']  = 'Algunos navegadores (por ej.: IE) se vuelven inestables cuando se edita un texto largo dentro de un <textarea>.';
 $_['too_large_to_edit_03']  = 'Ajustá la variable $MAX_EDIT_SIZE en la sección de configuración de OneFileCMS como sea necesario.';
 $_['too_large_to_edit_04']  = 'Una simple prueba puede dar con el resultado necesario.';
 $_['too_large_to_view_01a'] = 'Vista deshabilitada. Tamaño >';
-$_['too_large_to_view_01b'] = 'bytes.'; //## NT ##
 $_['too_large_to_view_02']  = 'Clickeá en el botón de debajo para verlo como se ve normalmente en un navegador.';
 $_['too_large_to_view_03']  = 'Ajustá $MAX_VIEW_SIZE en la sección de configuración de OneFileCMS como sea necesario.';
 $_['too_large_to_view_04']  = '(El valor por defecto para $MAX_VIEW_SIZE es completamente arbitrario, y puede ser ajustado como sea necesario.)';
 
 $_['meta_txt_01'] = 'Tamaño:';
-$_['meta_txt_02'] = 'bytes.'; //## NT ##
 $_['meta_txt_03'] = 'Actualizado:';
 $_['edit_msg_01'] = 'Archivo Guardado:';
 $_['edit_msg_02'] = 'bytes escritos.';
@@ -159,7 +158,7 @@
 $_['upload_err_02b'] = '(Desde OneFileCMS)';
 $_['upload_err_03']  = 'Error 3: El archivo se subió sólo parcialmente.';
 $_['upload_err_04']  = 'Error 4: No se subió ningún archivo.';
-$_['upload_err_05']  = 'Error 5:'; //## NT ##
+$_['upload_err_05']  = 'Error 5: ';
 $_['upload_err_06']  = 'Error 6: Carpeta temporal no encontrada.';
 $_['upload_err_07']  = 'Error 7: No se pudo guardar el archivo en el disco.';
 $_['upload_err_08']  = 'Error 8: Una extensión de PHP detuvo la subida del archivo.';
@@ -178,41 +177,30 @@
 $_['new_file_msg_03'] = 'Archivo nuevo no creado - no se especificó un nombre';
 $_['new_file_msg_04'] = 'El archivo ya existe:';
 $_['new_file_msg_05'] = 'Archivo creado:';
-$_['new_file_msg_06'] = 'Error - archivo no creado:';
+$_['new_file_msg_07'] = 'Carpeta creado:';
 
-$_['CRM_txt_01']  = 'Para mover un archivo o carpeta, cambiá el camino/hacia/la/carpeta/o_archivo.';
 $_['CRM_txt_02']  = 'La nueva localización debe existir.';
-$_['CRM_txt_03']  = 'Nombre antiguo:';
+$_['CRM_txt_03']  = 'Nombre antiguo y Carpeta:';
 $_['CRM_txt_04']  = 'Nuevo nombre:';
 $_['CRM_msg_01']  = 'Error - la localización padre no existe:';
 $_['CRM_msg_02']  = 'Error - el archivo inicial no existe:';
 $_['CRM_msg_03']  = 'Error - el archivo de objetivo no existe:';
-$_['CRM_msg_04']  = 'hacia';
 $_['CRM_msg_05a'] = 'Error durante';
-$_['CRM_msg_05b'] = 'desde arriba a lo siguiente:';
 
 $_['delete_txt_01'] = '¿Estás seguro?';
 $_['delete_msg_01'] = 'Archivo Eliminado:';
 $_['delete_msg_02'] = 'Error eliminando';
 
-$_['new_folder_txt_1']  = 'La carpeta se creará dentro de la carpeta actual.';
-$_['new_folder_txt_2']  = 'Algunos caracteres inválidos son:';
-$_['new_folder_msg_01'] = 'Carpeta nueva no creada:';
-$_['new_folder_msg_02'] = 'El nombre contiene caracteres inválidos:';
-$_['new_folder_msg_03'] = 'Carpeta nueva no creada - no se ha asignado un nombre.';
-$_['new_folder_msg_04'] = 'La carpeta ya existe:';
-$_['new_folder_msg_05'] = 'Carpeta creada:';
-$_['new_folder_msg_06'] = 'Error - carpeta nueva no creada:';
-
 $_['delete_folder_txt_01'] = '¿Estás seguro?';
 $_['delete_folder_msg_01'] = 'Carpeta no vacía.   Las carpetas deben estar vacías antes de ser eliminadas.';
 $_['delete_folder_msg_02'] = 'Carpeta eliminada:';
 $_['delete_folder_msg_03'] = 'ocurrió un error eliminándola.';
 
-$_['session_warning']  = 'Advertencia: ¡La sesión terminará pronto!';
-$_['session_expired']  = 'SESIÓN TERMINADA';
-$_['unload_unsaved']   = '                 ¡Los cambios no guardados se perderán!';
-$_['confirm_reset']    = '¿Reiniciar el archivo y descartar cambios no guardados?';
+$_['session_warning'] = 'Advertencia: ¡La sesión terminará pronto!';
+$_['session_expired'] = 'SESIÓN TERMINADA';
+$_['unload_unsaved']  = '                 ¡Los cambios no guardados se perderán!';
+$_['confirm_reset']   = '¿Reiniciar el archivo y descartar cambios no guardados?';
+
 $_['OFCMS_requires']   = 'OneFileCMS necesita PHP';
 $_['logout_msg']       = 'Has cerrado la sesión satisfactoriamente.';
 $_['folder_del_msg']   = 'Carpeta no vacía.   Las carpetas debe estar vacías antes de poder eliminarse.';
@@ -229,25 +217,26 @@
 $_['error_reporting_05'] = 'Unexpected early output';   //## NT ##
 $_['error_reporting_06'] = '(nothing, not even white-space, should have been output yet)'; //## NT ##
 
-$_['admin_txt_00'] = 'Old Backup Found'; //## NT ##
+$_['admin_txt_00'] = 'Old Backup Found';       //## NT ##
 $_['admin_txt_01'] = 'This file was created in case of an error during a username or password change. Therefore, it may contain old information and should be deleted if not needed.  In any case, it will automatically be overwritten on the next password or username change.';
-$_['admin_txt_02'] = 'General Information'; //## NT ##
+$_['admin_txt_02'] = 'General Information';    //## NT ##
 $_['admin_txt_04'] = 'As of version 3.3.13, OneFileCMS no longer maintains a plain text password option, and only stores a password hash, as most login systems do.'; //## NT ##
 $_['admin_txt_12'] = 'However, due to a number of considerations, this change was largely an academic exersize. That is, in this application, take the idea that it adds much of an improvement to security with a grain of cryptographic salt. Never-the-less, it does eliminate the storage of your password in plain text (if that option was used), which is generally considered to be a good thing.'; //## NT ##
 $_['admin_txt_14'] = 'Para otro tip de seguridad, cambiá la llave de seguridad y/o el método usado por OneFileCMS para almacenar la clave (y mantenelo en secreto, obviamente).  Acordate, cada granito ayuda...';
 $_['admin_txt_16'] = 'Podés usar OneFileCMS para editarlo. Sin embargo, asegurate de hacer un backup...';
 
-$_['pw_change']  = 'Change Password';             //## NT ##
-$_['pw_current'] = 'Current Password';            //## NT ##
-$_['pw_new']     = 'New Password';                //## NT ##
-$_['pw_confirm'] = 'Confirm New Password';        //## NT ##
-$_['pw_txt_02']  = 'Password / Username rules:';  //## NT ##
-$_['pw_txt_04']  = 'They are case-sensitive!';    //## NT ##
-$_['pw_txt_06']  = 'They must contain at least one non-space character.'; //## NT ##
-$_['pw_txt_08']  = 'They may contain spaces in the middle. Ex: "This is a password or username!"'; //## NT ##
-$_['pw_txt_10']  = 'Leading and trailing spaces are removed.'; //## NT ##
-$_['pw_txt_12']  = 'To record the change, only one file is updated: either the active copy of OneFileCMS, or, if specified, an external configuration file.'; //## NT ##
-$_['pw_txt_14']  = 'If an incorrect current password is entered, you will be logged out, but you may log back in.'; //## NT ##
+$_['pw_change']  = 'Change Password';       //## NT ##
+$_['pw_current'] = 'Current Password';      //## NT ##
+$_['pw_new']     = 'New Password';          //## NT ##
+$_['pw_confirm'] = 'Confirm New Password';  //## NT ##
+
+$_['pw_txt_02'] = 'Password / Username rules:'; //## NT ##
+$_['pw_txt_04'] = 'They are case-sensitive!';   //## NT ##
+$_['pw_txt_06'] = 'They must contain at least one non-space character.'; //## NT ##
+$_['pw_txt_08'] = 'They may contain spaces in the middle. Ex: "This is a password or username!"'; //## NT ##
+$_['pw_txt_10'] = 'Leading and trailing spaces are removed.'; //## NT ##
+$_['pw_txt_12'] = 'To record the change, only one file is updated: either the active copy of OneFileCMS, or, if specified, an external configuration file.'; //## NT ##
+$_['pw_txt_14'] = 'If an incorrect current password is entered, you will be logged out, but you may log back in.'; //## NT ##
 
 $_['change_pw_01'] = 'Password changed!';                               //## NT ##
 $_['change_pw_02'] = 'Password NOT changed:';                           //## NT ##
@@ -265,4 +254,3 @@
 $_['mcd_msg_01']    = 'files moved successfully.';             //## NT ##
 $_['mcd_msg_02']    = 'files copied successfully.';            //## NT ##
 $_['mcd_msg_03']    = 'files deleted successfully.';           //## NT ##
-
diff --git a/OneFileCMS_structure.txt b/OneFileCMS_structure.txt
index d9a44c6..37014f7 100755
--- a/OneFileCMS_structure.txt
+++ b/OneFileCMS_structure.txt
@@ -1,4 +1,4 @@
-Version 3.4.02
+OneFileCMS Version 3.4.03 structure/layout
 
 LICENSE
 
@@ -14,11 +14,14 @@ MISC FUNCTIONS:
 	Default_Language()
 	Session_Startup()
 	Verify_IDLE_POST_etc()
+	hashit()
 	Error_reporting_and_early_output()
 	Update_Recent_Pages()
 	undo_magic_quotes()
 	Get_GET()
+	Verify_page_conditions()
 	URLencode_path()
+	dir_name()
 	has_invalid_char()
 	Check_path()
 	is_empty()
@@ -63,13 +66,13 @@ PAGE & RESPONSE FUNCTIONS:
 	List_Backup()
 	Admin_Page()
 	Hash_Page()
-	Hash_Page_response()
+	Hash_response()
 	Change_PWUN_Page() 
 	Update_config()
 	Change_PWUN_response()
 	Logout()
 	Login_Page()
-	Login_Page_response()
+	Login_response()
 	Table_of_Files()
 	List_Files()
 	Index_Page()
@@ -78,17 +81,16 @@ PAGE & RESPONSE FUNCTIONS:
 	Edit_Page_form()
 	Edit_Page_notes()
 	Edit_Page()
-	Edit_Page_response()
+	Edit_response()
 	Upload_Page()
 	Upload_response()
 	New_File_or_Folder_Page()
-	New_File_response() 
+	New_File_or_Folder_response()
 	Set_Input_width()
 	CRM_Page()
 	CRM_response()
 	Delete_File_Page()
 	Delete_File_response()
-	New_Folder_response()
 	Delete_Folder_Page()
 	Delete_Folder_response() 
 	MCD_Page()
@@ -99,7 +101,20 @@ PAGE & RESPONSE FUNCTIONS:
 
 JAVASCRIPT & STYLESHEET FUNCTIONS:
 	common_scripts()
+		pad()
+		FormatTime()
+		Countdown()
+		Start_Countdown()
+		FileTimeStamp()
+		Select_All()
+		Submit_btn_style()
+		Confirm_ready()
 	Edit_Page_scripts()
+		Wide_View()
+		Reset_file_status_indicators()
+		setSelRange()
+		Check_for_changes()
+		Reset_File()
 	style_sheet()
 	Language_and_config_adjusted_styles()
 
@@ -111,6 +126,7 @@ LOGIC TO DETERMINE PAGE ACTION
 	Get_GET()
 	Init_Macros()
 	Respond_to_POST()
-	Final checks for $page to show
+	Verify_page_conditions()
+	Update_Recent_Pages();
 
 GENERATE/OUTPUT <HTML>...  
diff --git a/onefilecms.php b/onefilecms.php
index 8cee2b8..8e3d90a 100755
--- a/onefilecms.php
+++ b/onefilecms.php
@@ -1,7 +1,7 @@
 <?php
 // OneFileCMS - github.com/Self-Evident/OneFileCMS
 
-$OFCMS_version = '3.4.02';
+$OFCMS_version = '3.4.03';
 
 /*******************************************************************************
 Copyright © 2009-2012 https://github.com/rocktronica
@@ -86,7 +86,7 @@
 
 $EX = '<b>( ! )</b> '; //EXclaimation point "icon" Used in $message's
 
-$SESSION_NAME = 'OFCMS'; //Name of session cookie. Change if using multiple copies of OneFileCMS.
+$SESSION_NAME = 'OFCMS-'; //Name of session cookie. Change if using multiple copies of OneFileCMS.
 
 //External config file, if there is one.  Any settings in the $config_file will supersede those above.
 //$config_file = 'OFCMS_config.SAMPLE.php';  // Path is relative to OneFileCMS.
@@ -103,11 +103,9 @@
 //System values & setup
 
 //If there is one, include external config file.
-if ( isset($config_file) && is_file($config_file) ) {
-	include($config_file);
-}else{
-	$config_file = ''; //needed further down.
-}
+if ( isset($config_file) && is_file($config_file) ) { include($config_file); }
+else { $config_file = '';} //needs set further down.
+
 
 //Requires PHP 5.1, due to changes in some functions.
 //Earliest version the author has for testing is 5.2.8 (50208)
@@ -122,7 +120,7 @@
 	define('PHP_VERSION_ID', ($phpversion[0] * 10000 + $phpversion[1] * 100 + $phpversion[2]));
 }
 
-$TO_WARNING = 120; //Seconds until $timeout_warning is displayed.
+$TO_WARNING = 120; //When idle time remaining is less than this value, $timeout_warning is displayed
 
 ini_set('session.gc_maxlifetime', $MAX_IDLE_TIME + 100); //in case the default is less.
 
@@ -132,7 +130,7 @@
 $WEBSITE   = $_SERVER["HTTP_HOST"].'/';
 
 $ONESCRIPT_file   = $_SERVER["SCRIPT_FILENAME"];  //Non-url use
-$ONESCRIPT_path   = dirname($ONESCRIPT_file).'/'; //Non-url use
+$ONESCRIPT_path   = dirname($ONESCRIPT_file).'/'; //Non-url use //Do not use dir_name().
 $LOGIN_ATTEMPTS   = $ONESCRIPT_file.'.invalid_login_attempts';
 
 $ONESCRIPT_url_backup  = $ONESCRIPT.'.BACKUP.php';                   //used for p/w & u/n updates.
@@ -174,7 +172,7 @@ function hte($input) { return htmlentities($input, ENT_QUOTES, 'UTF-8'); }//end
 
 function Default_Language() { // ***********************************************
 	global $_;
-// OneFileCMS Language Settings v3.4.02
+// OneFileCMS Language Settings v3.4.03
 
 $_['LANGUAGE'] = 'English'; //EN
 $_['LANG'] = 'EN';
@@ -192,9 +190,9 @@ function Default_Language() { // ***********************************************
 // So, a smaller font or less spacing may be desirable in those places to preserve page layout.
 //
 $_['front_links_font_size'] = '1em';    //Buttons on Index page.
-$_['front_links_margin_R']  = '1em';   
+$_['front_links_margin_R']  = '1em';
 $_['button_font_size']      = '.9em';   //Buttons on Edit page.
-$_['button_margin_L']       = '.7em';  
+$_['button_margin_L']       = '.7em';
 $_['button_padding']        = '4px 10px';
 $_['image_info_font_size']  = '1em';    //show_img_msg_01  &  _02
 $_['image_info_pos']        = '';       //If 1 or true, moves the info down a line for more space.
@@ -214,7 +212,7 @@ function Default_Language() { // ***********************************************
 $_['Deleted'] = 'Deleted';
 $_['Edit']    = 'Edit';
 $_['Enter']   = 'Enter';
-$_['Error']   = 'Error'; //#####
+$_['Error']   = 'Error';   //#####
 $_['errors']  = 'errors';
 $_['File']    = 'File';
 $_['Folder']  = 'Folder';
@@ -222,37 +220,38 @@ function Default_Language() { // ***********************************************
 $_['Hash']    = 'Hash';
 $_['Move']    = 'Move';
 $_['Moved']   = 'Moved';
-$_['on']      = 'on';     
-$_['Password'] = 'Password';
-$_['Rename']     = 'Rename';    
+$_['on']      = 'on';
+$_['bytes']   = 'bytes';   //#####
+$_['Password']   = 'Password';
+$_['Rename']     = 'Rename';
 $_['successful'] = 'successful';
-$_['To']         = 'To';        
-$_['Upload']     = 'Upload';    
-$_['Username']   = 'Username';  
-$_['Log_In']     = 'Log In';    
-$_['Log_Out']    = 'Log Out';   
+$_['To']         = 'To';
+$_['Upload']     = 'Upload';
+$_['Username']   = 'Username';
+$_['Log_In']     = 'Log In';
+$_['Log_Out']    = 'Log Out';
 $_['Admin_Options']  = 'Administration Options';
-$_['Edit_View']      = 'Edit / View File';   
-$_['Upload_File']    = 'Upload File';        
-$_['New_File']       = 'New File';           
-$_['Ren_Move']       = 'Rename / Move';      
-$_['Ren_Moved']      = 'Renamed / Moved';    
-$_['New_Folder']     = 'New Folder';         
+$_['Edit_View']      = 'Edit / View File';
+$_['Upload_File']    = 'Upload File';
+$_['New_File']       = 'New File';
+$_['Ren_Move']       = 'Rename / Move';
+$_['Ren_Moved']      = 'Renamed / Moved';
+$_['New_Folder']     = 'New Folder';
 $_['Ren_Folder']     = 'Rename / Move Folder';
-$_['Del_Folder']     = 'Delete Folder';      
-$_['Submit']         = 'Submit Request';     
-$_['Move_Files']     = 'Move File(s)';       
-$_['Copy_Files']     = 'Copy File(s)';       
-$_['Del_Files']      = 'Delete File(s)';     
-$_['Selected_Files'] = 'Selected Files';     
-$_['Select_All']     = 'Select All';         
-$_['Clear_All']      = 'Clear All';          
-$_['New_location']   = 'New Location';       
-$_['No_files']       = 'No files selected.'; 
+$_['Del_Folder']     = 'Delete Folder';
+$_['Submit']         = 'Submit Request';
+$_['Move_Files']     = 'Move File(s)';
+$_['Copy_Files']     = 'Copy File(s)';
+$_['Del_Files']      = 'Delete File(s)';
+$_['Selected_Files'] = 'Selected Files';
+$_['Select_All']     = 'Select All';
+$_['Clear_All']      = 'Clear All';
+$_['New_Location']   = 'New Location';
+$_['No_files']       = 'No files selected.';
 $_['No_action']      = 'No action selected.';
-$_['Not_found']      = 'Not found';          
-$_['pass_to_hash']   = 'Password to hash:';  
-$_['Generate_Hash']  = 'Generate Hash';      
+$_['Not_found']      = 'Not found';
+$_['pass_to_hash']   = 'Password to hash:';
+$_['Generate_Hash']  = 'Generate Hash';
 $_['save_1']      = 'Save';
 $_['save_2']      = 'SAVE CHANGES!';
 $_['reset']       = 'Reset - loose changes';
@@ -263,8 +262,8 @@ function Default_Language() { // ***********************************************
 $_['verify_msg_02']  = 'INVALID POST';
 $_['get_get_msg_01']    = 'File does not exist:';
 $_['get_get_msg_02']    = 'Invalid page request:';
-$_['get_get_msg_03']    = 'Missing information for requested page';
-$_['check_path_msg_01'] = 'Directory does not exist:';
+$_['check_path_msg_02'] = 'dot" or "dot dot" path segments are not permitted.'; //#####
+$_['check_path_msg_03'] = 'Path or filename contains an invalid character:'; //#####
 $_['ord_msg_01']        = 'A file with that name already exists in the target directory.';
 $_['ord_msg_02']        = 'Saving as';
 $_['show_img_msg_01']   = 'Image shown at ~';
@@ -296,17 +295,14 @@ function Default_Language() { // ***********************************************
 $_['edit_txt_03'] = 'htmlspecialchars() returned an empty string from what may be an otherwise valid file.';
 $_['edit_txt_04'] = 'This behavior can be inconsistant from version to version of php.';
 $_['too_large_to_edit_01a'] = 'Edit disabled. Filesize >';
-$_['too_large_to_edit_01b'] = 'bytes.';
 $_['too_large_to_edit_02']  = 'Some browsers (ie: IE) bog down or become unstable while editing a large file in an HTML <textarea>.';
 $_['too_large_to_edit_03']  = 'Adjust $MAX_EDIT_SIZE in the configuration section of OneFileCMS as needed.';
 $_['too_large_to_edit_04']  = 'A simple trial and error test can determine a practical limit for a given browser/computer.';
 $_['too_large_to_view_01a'] = 'View disabled. Filesize >';
-$_['too_large_to_view_01b'] = 'bytes.';
 $_['too_large_to_view_02']  = 'Click the file name above to view as normally rendered in a browser window.';
 $_['too_large_to_view_03']  = 'Adjust $MAX_VIEW_SIZE in the configuration section of OneFileCMS as needed.';
 $_['too_large_to_view_04']  = '(The default value for $MAX_VIEW_SIZE is completely arbitrary, and may be adjusted as desired.)';
 $_['meta_txt_01'] = 'Filesize:';
-$_['meta_txt_02'] = 'bytes.';
 $_['meta_txt_03'] = 'Updated:';
 $_['edit_msg_01'] = 'File saved:';
 $_['edit_msg_02'] = 'bytes written.';
@@ -325,48 +321,37 @@ function Default_Language() { // ***********************************************
 $_['upload_err_07']  = 'Error 7: Failed to write file to disk.';
 $_['upload_err_08']  = 'Error 8: A PHP extension stopped the file upload.';
 $_['upload_msg_01'] = 'No file selected for upload.';
-$_['upload_msg_02'] = 'Destination folder does not exist:';
+$_['upload_msg_02'] = 'Destination folder invalid:'; //#####
 $_['upload_msg_03'] = 'Upload cancelled.';
 $_['upload_msg_04'] = 'Uploading:';
 $_['upload_msg_05'] = 'Upload successful!';
 $_['upload_msg_06'] = 'Upload failed:';
-$_['new_file_txt_01'] = 'File or Folder will be created in the current folder.';  //#####
+$_['new_file_txt_01'] = 'File or Folder will be created in the current folder.'; //#####
 $_['new_file_txt_02'] = 'Some invalid characters are:';
-$_['new_file_msg_01'] = 'New file not created:';
-$_['new_file_msg_02'] = 'Name contains invalid character(s):';
+$_['new_file_msg_01'] = 'File or folder not created:'; //#####
+$_['new_file_msg_02'] = 'Name contains an invalid character:'; //#####
 $_['new_file_msg_03'] = 'Not created - no name given'; //#####
-$_['new_file_msg_04'] = 'File or folder already exists:';  //#####
+$_['new_file_msg_04'] = 'File or folder already exists:'; //#####
 $_['new_file_msg_05'] = 'Created file:';
-$_['new_file_msg_06'] = 'Error - new file not created:';
-$_['CRM_txt_01']  = 'To move a file or folder, change the path/to/folder/or_file.';
+$_['new_file_msg_07'] = 'Created folder:'; //#####
 $_['CRM_txt_02']  = 'The new location must already exist.';
-$_['CRM_txt_03']  = 'Old name';
-$_['CRM_txt_04']  = 'New name';
+$_['CRM_txt_03']  = 'Old Name and Location'; //#####
+$_['CRM_txt_04']  = 'New Name';
 $_['CRM_msg_01']  = 'Error - new parent location does not exist:';
 $_['CRM_msg_02']  = 'Error - source file does not exist:';
-$_['CRM_msg_03']  = 'Error - target filename already exists:';
-$_['CRM_msg_04']  = 'to';
+$_['CRM_msg_03']  = 'Error - new file or folder already exists:'; //#####
 $_['CRM_msg_05a'] = 'Error during';
-$_['CRM_msg_05b'] = 'from the above to the following:';
 $_['delete_txt_01'] = 'Are you sure?';
 $_['delete_msg_01'] = 'Deleted file:';
 $_['delete_msg_02'] = 'Error deleting';
-$_['new_folder_txt_1']  = 'Folder will be created in the current folder.';
-$_['new_folder_txt_2']  = 'Some invalid characters are:';
-$_['new_folder_msg_01'] = 'New folder not created:';
-$_['new_folder_msg_02'] = 'Name contains invalid character(s):';
-$_['new_folder_msg_03'] = 'New folder not created - no name given.';
-$_['new_folder_msg_04'] = 'Folder already exists:';
-$_['new_folder_msg_05'] = 'Created folder:';
-$_['new_folder_msg_06'] = 'Error - new folder not created:';
 $_['delete_folder_txt_01'] = 'Are you sure?';
 $_['delete_folder_msg_01'] = 'Folder not empty. Folders must be empty before they can be deleted.';
 $_['delete_folder_msg_02'] = 'Deleted folder:';
 $_['delete_folder_msg_03'] = 'an error occurred during delete.';
-$_['session_warning']  = 'Warning: Session timeout soon!';
-$_['session_expired']  = 'SESSION EXPIRED';
-$_['unload_unsaved']   = ' Unsaved changes will be lost!';
-$_['confirm_reset']    = 'Reset file and loose unsaved changes?';
+$_['session_warning'] = 'Warning: Session timeout soon!';
+$_['session_expired'] = 'SESSION EXPIRED';
+$_['unload_unsaved']  = ' Unsaved changes will be lost!';
+$_['confirm_reset']   = 'Reset file and loose unsaved changes?';
 $_['OFCMS_requires']   = 'OneFileCMS requires PHP';
 $_['logout_msg']       = 'You have successfully logged out.';
 $_['folder_del_msg']   = 'Folder not empty. Folders must be empty before they can be deleted.';
@@ -375,11 +360,11 @@ function Default_Language() { // ***********************************************
 $_['edit_caution_01']  = 'CAUTION';
 $_['edit_caution_02']  = 'You are editing the active copy of OneFileCMS - BACK IT UP & BE CAREFUL !!';
 $_['time_out_txt']     = 'Session time out in:';
-$_['error_reporting_01'] = 'Display errors is';        
-$_['error_reporting_02'] = 'Log errors is';            
+$_['error_reporting_01'] = 'Display errors is';
+$_['error_reporting_02'] = 'Log errors is';
 $_['error_reporting_03'] = 'Error reporting is set to';
-$_['error_reporting_04'] = 'Showing error types';      
-$_['error_reporting_05'] = 'Unexpected early output';  
+$_['error_reporting_04'] = 'Showing error types';
+$_['error_reporting_05'] = 'Unexpected early output';
 $_['error_reporting_06'] = '(nothing, not even white-space, should have been output yet)';
 $_['admin_txt_00'] = 'Old Backup Found';
 $_['admin_txt_01'] = 'A backup file was created in case of an error during a username or password change. Therefore, it may contain old information and should be deleted if not needed. In any case, it will automatically be overwritten on the next password or username change.';
@@ -388,32 +373,32 @@ function Default_Language() { // ***********************************************
 $_['admin_txt_12'] = 'However, due to a number of considerations, this change was largely an academic exersize. That is, in this application, take the idea that it adds much of an improvement to security with a grain of cryptographic salt. Never-the-less, it does eliminate the storage of your password in plain text (if that option was used), which is generally considered to be a good thing.';
 $_['admin_txt_14'] = 'For another small improvement to security, change the default salt and/or method used by OneFileCMS to hash the password (and keep them secret, of course). Every little bit helps...';
 $_['admin_txt_16'] = 'Also, you can still use OneFileCMS to edit itself. However, be sure to have a backup ready for the inevitable ytpo...';
-$_['pw_change']  = 'Change Password';            
-$_['pw_current'] = 'Current Password';           
-$_['pw_new']     = 'New Password';               
-$_['pw_confirm'] = 'Confirm New Password';       
-$_['pw_txt_02']  = 'Password / Username rules:'; 
-$_['pw_txt_04']  = 'They are case-sensitive!';   
-$_['pw_txt_06']  = 'They must contain at least one non-space character.';
-$_['pw_txt_08']  = 'They may contain spaces in the middle. Ex: "This is a password or username!"';
-$_['pw_txt_10']  = 'Leading and trailing spaces are removed.';
-$_['pw_txt_12']  = 'To record the change, only one file is updated: either the active copy of OneFileCMS, or, if specified, an external configuration file.';
-$_['pw_txt_14']  = 'If an incorrect current password is entered, you will be logged out, but you may log back in.';
-$_['change_pw_01'] = 'Password changed!';                              
-$_['change_pw_02'] = 'Password NOT changed:';                          
+$_['pw_change']  = 'Change Password';
+$_['pw_current'] = 'Current Password';
+$_['pw_new']     = 'New Password';
+$_['pw_confirm'] = 'Confirm New Password';
+$_['pw_txt_02'] = 'Password / Username rules:';
+$_['pw_txt_04'] = 'They are case-sensitive!';
+$_['pw_txt_06'] = 'They must contain at least one non-space character.';
+$_['pw_txt_08'] = 'They may contain spaces in the middle. Ex: "This is a password or username!"';
+$_['pw_txt_10'] = 'Leading and trailing spaces are removed.';
+$_['pw_txt_12'] = 'To record the change, only one file is updated: either the active copy of OneFileCMS, or, if specified, an external configuration file.';
+$_['pw_txt_14'] = 'If an incorrect current password is entered, you will be logged out, but you may log back in.';
+$_['change_pw_01'] = 'Password changed!';
+$_['change_pw_02'] = 'Password NOT changed:';
 $_['change_pw_03'] = 'Incorrect current password. Login to try again.';
-$_['change_pw_04'] = 'New and "Confirm New" values do not match.';     
-$_['change_pw_05'] = 'Updating';                                       
-$_['change_pw_06'] = 'external config file';                           
-$_['un_change']     = 'Change Username';                      
-$_['un_new']        = 'New Username';                         
-$_['un_confirm']    = 'Confirm New Username';                 
-$_['change_un_01']  = 'Username changed!';                    
-$_['change_un_02']  = 'Username NOT changed:';                
-$_['update_failed'] = 'Update failed - could not save file.'; 
-$_['mcd_msg_01']    = 'files moved successfully.';            
-$_['mcd_msg_02']    = 'files copied successfully.';           
-$_['mcd_msg_03']    = 'files deleted successfully.';          
+$_['change_pw_04'] = 'New and "Confirm New" values do not match.';
+$_['change_pw_05'] = 'Updating';
+$_['change_pw_06'] = 'external config file';
+$_['un_change']     = 'Change Username';
+$_['un_new']        = 'New Username';
+$_['un_confirm']    = 'Confirm New Username';
+$_['change_un_01']  = 'Username changed!';
+$_['change_un_02']  = 'Username NOT changed:';
+$_['update_failed'] = 'Update failed - could not save file.';
+$_['mcd_msg_01']    = 'files moved successfully.';
+$_['mcd_msg_02']    = 'files copied successfully.';
+$_['mcd_msg_03']    = 'files deleted successfully.';
 }//end Default_Language() ******************************************************
 
 
@@ -453,7 +438,7 @@ function Session_Startup() { //*************************************************
 
 
 function Verify_IDLE_POST_etc() { //********************************************
-	global $_, $EX, $message, $VALID_POST, $MAX_IDLE_TIME;
+	global $_, $page, $ONESCRIPT, $param1, $EX, $message, $VALID_POST, $MAX_IDLE_TIME;
 
 	//Verify consistant user agent... (every little bit helps every little bit)
 	if ( !isset($_SESSION['user_agent']) || ($_SESSION['user_agent'] != $_SERVER['HTTP_USER_AGENT']) ) { Logout(); }
@@ -473,8 +458,9 @@ function Verify_IDLE_POST_etc() { //********************************************
 	if ( isset($_POST['nuonce']) ) {
 		if ( $_POST['nuonce'] == $_SESSION['nuonce'] ) {
 			$VALID_POST = 1;
-		}else{ //If it exists but doesn't match - something's wrong.
-			Logout();
+		}else{ //If it exists but doesn't match - something's wrong. Probably a page reload.
+			$page  = "index";
+			$_POST = "";
 			$message .= $EX.'<b>'.hsc($_['verify_msg_02']).'</b><br>';
 		}
 	}
@@ -554,7 +540,7 @@ function Error_reporting_and_early_output($show_status = 0, $show_types = 0) {//
 
 
 
-function Update_Recent_Pages($pop_current = 0) { //*****************************
+function Update_Recent_Pages() { //*********************************************
 	global $page;
 
 	$recent_pages = array("");
@@ -563,15 +549,11 @@ function Update_Recent_Pages($pop_current = 0) { //*****************************
 	if (!isset($_SESSION['recent_pages'])) { $_SESSION['recent_pages'] = array(""); }
 	$pages = count($_SESSION['recent_pages']) - 1;
 
-	//Reverse so index [0] is oldest page (re-reversed at end of function)
+	//Re-reverse so index [0] is oldest page (reversed at end of function)
 	$_SESSION['recent_pages'] = array_reverse($_SESSION['recent_pages']);
 
-	//Sometimes we just want to discard the most recent page.
-	if ($pop_current) {
-		array_pop($_SESSION['recent_pages']);
-	}
-	//Only if actually a new new page, add to arrray of recent_pages
-	elseif ( $page != $_SESSION['recent_pages'][$pages] ) {
+	//Only update if actually a new page
+	if ( $page != $_SESSION['recent_pages'][$pages] ) {
 		$_SESSION['recent_pages'][$pages+1] = $page;
 		$pages = count($_SESSION['recent_pages']);
 	}
@@ -579,7 +561,7 @@ function Update_Recent_Pages($pop_current = 0) { //*****************************
 	//Only need 3 most recent pages (increase if needed)
 	if ($pages > 3) { array_shift($_SESSION['recent_pages']); }
 
-	//Reverse order so the current page is index [0]
+	//Reverse order so index [0] is the current page
 	$_SESSION['recent_pages'] = array_reverse($_SESSION['recent_pages']);
 
 }//end Update_Recent_Pages() ***************************************************
@@ -608,16 +590,21 @@ function Get_GET() { //*** Get main parameters *********************************
 	// i=some/path/,  f=somefile.xyz,  p=somepage
 	// $ipath      ,  $filename     ,  $page
 	// Get_GET() should not be called unless $_SESSION['valid'] == 1
-	global $_, $ipath, $filename, $page, $valid_pages, $VALID_POST, $param1, $param2, $param3, $EX, $message;
+	global $_, $ipath, $filename, $page, $valid_pages, $param1, $param2, $param3, $EX, $message;
 
 	//Initialize & validate $ipath
-	if (isset($_GET["i"])) { $ipath = Check_path($_GET["i"]); } else { $ipath = ""; }
+	if (isset($_GET["i"])) {
+		$ipath = Check_path($_GET["i"],1);
+		if ( $ipath === false || !is_dir($ipath)) { $ipath = ""; }
+	}else {
+		$ipath = "";
+	}
 
 	//Initialize & validate $filename
 	if (isset($_GET["f"])) { $filename = $ipath.$_GET["f"]; } else { $filename = ""; }
 	if ( ($filename != "") && !is_file($filename)  ) {
 		$message .= $EX.'<b>'.hsc($_['get_get_msg_01']).'</b> ';
-		$message .= hte(dirname($filename)).'/<b>'.hte(basename($filename)).'</b><br>';
+		$message .= hte(dir_name($filename)).'<b>'.hte(basename($filename)).'</b><br>';
 		$filename = "";
 	}
 
@@ -626,9 +613,6 @@ function Get_GET() { //*** Get main parameters *********************************
 	if (!in_array($page, $valid_pages)) {
 		$message .= $EX.hsc($_['get_get_msg_02']).' <b>'.hte($page).'</b><br>';
 		$page = "index";  //If invalid $_GET["p"]
-	}elseif ($page == "mcdaction" && !$VALID_POST ){ //not likely, but just in case.
-		$message .= hsc($_['get_get_msg_03']).": $page<br>";
-		$page = "index";
 	}
 
 	//Pages that require a valid $filename
@@ -647,6 +631,66 @@ function Get_GET() { //*** Get main parameters *********************************
 
 
 
+function Verify_page_conditions() { //******************************************
+	global $_, $ONESCRIPT, $ipath, $filename, $page, $EX, $message, $VALID_POST;
+	
+	//If exited admin pages, restore $ipath
+	if    ( ($page == "index") && $_SESSION['admin_page'] ) {
+		//Unless clicked www/some/path/ from edit or copy page.
+		if ( ($_SESSION['recent_pages'][1] != 'edit') && ($_SESSION['recent_pages'][1] != 'copy') ){
+			$ipath = $_SESSION['admin_ipath'];
+			$param1 = '?i='.URLencode_path($ipath);
+		}
+		$_SESSION['admin_page']  = false;
+		$_SESSION['admin_ipath'] = '';
+	}
+	//Don't load login screen when already in a valid session.
+	//$_SESSION['valid'] may be false after Respond_to_POST()
+	elseif ( ($page == "login") && $_SESSION['valid'] ) { $page = "index"; }
+		
+	elseif ( $page == "logout" ) {
+		Logout();
+		$message .= hsc($_['logout_msg']);
+	}
+	//Don't load delete or rename folder pages at webroot.
+	elseif ( ($page == "deletefolder" || $page == "renamefolder") && ($ipath == "") ) {
+		$page = "index";
+	}
+	//Don't load delete folder page if folder not empty.
+	elseif ( ($page == "deletefolder") && !is_empty($ipath) ) {
+		$message .= $EX.'<b>'.hsc($_['folder_del_msg']).'</b><br>';
+		$page = "index";
+	}
+	//If page reloaded, or malicious page load...
+	elseif ($page == "mcdaction" && !$VALID_POST ){
+		$_POST = "";
+		$page = "index";
+	}
+	elseif ($page == "mcdaction") {
+		//There must be at least one 'file', and 'action' must = "move", "copy", or "delete"
+		if     (!isset($_POST['mcdselect'] )) { $page = "index"; }
+		elseif (!isset($_POST['files']) )     { $page = "index"; }
+		elseif (!isset($_POST['action']))     { $page = "index"; }
+		elseif ( ($_POST['action'] != "move") && ($_POST['action'] != "copy") && ($_POST['action'] != "delete") ) {
+			$page = "index";
+		}
+	}
+	//if size of $_POST > post_max_size, PHP only returns empty $_POST & $_FILE arrays.
+	elseif ( ($page == "uploaded") && !$VALID_POST ) {
+		$message .= $EX.'<b> '.hsc($_['upload_error_01a']).' '.ini_get('post_max_size').'</b> '.hsc($_['upload_error_01b']).'<br>';
+		$page = "index";
+	}
+	//If editing OneFileCMS itself, show caution message.
+	elseif ($filename == trim(rawurldecode($ONESCRIPT), '/')) {
+		$message .= '<style>#message_box_contents {background: red;}</style>';
+		$message .= '<style>#message_box          {color: white;}   </style>';
+		$message .= $EX.'<b>'.hsc($_['edit_caution_01']).' '.$EX.hsc($_['edit_caution_02']).'</b><br>';
+	}
+}//end Verify_page_conditions() //**********************************************
+
+
+
+
 function URLencode_path($path){ // don't encode the forward slashes ************
 	$TS = '';  // Trailing Slash/
 	if (substr($path, -1) == '/' ) { $TS = '/'; } //start with a $TS?
@@ -660,6 +704,16 @@ function URLencode_path($path){ // don't encode the forward slashes ************
 
 
 
+function dir_name($path){ //****************************************************
+	//Modified dirname().
+	$parent = dirname($path);
+	if ($parent == "." || $parent == "/" || $parent == '\\') { return ""; }
+	return $parent.'/';
+}//end dir_name() //************************************************************
+
+
+
+
 function has_invalid_char($string) { //*****************************************
 	global $INVALID_CHARS, $INVALID_CHARS_array;
 	foreach ($INVALID_CHARS_array as $bad_char) {
@@ -672,17 +726,16 @@ function has_invalid_char($string) { //*****************************************
 
 
 function Check_path($path, $show_msg = false) { //******************************
-	// check for valid existing $path.
+	// check for invalid characters & "dot dot" segments.
 	global  $_, $WEB_ROOT, $message, $EX, $INVALID_CHARS;
 
 	$path = str_replace('\\','/',$path);   //Make sure all forward slashes.
 	$path = trim($path,"\x00..\x20/");     // trim whitespace & slashes
 
-	$err_msg = ""; //
-
 	if (strlen($path) < 1) { return ""; } // At root.
 
-	$errors = 0;
+	$err_msg = "";
+	$errors  = 0;
 
 	$pathparts = explode( '/', $path);
 
@@ -691,25 +744,20 @@ function Check_path($path, $show_msg = false) { //******************************
 		//Check for any '.' and '..' parts of the path to protect directories outside webroot.
 		//They also cause issues in <h2>www / current / path /</h2>
 		if ( ($part == '.') || ($part == '..') ) {
-			$err_msg .= $EX.' <b>"dot" or "dot dot" segments are not permitted.</b><br>';     //##### Needs $_[]
+			$err_msg .= $EX.' <b>'.$_['check_path_msg_02'].'</b><br>';
 			$errors++;
 			break;
 		}
 		
 		//Check for invalid characters
-		$invalid_chars = str_replace(' /','',$INVALID_CHARS); // The forward slash is not exactly invalid in this context.
+		$invalid_chars = str_replace(' /','',$INVALID_CHARS); //The forward slash is not present in this context.
 		if ( has_invalid_char($part) ) {
-			$err_msg .= $EX.' <b>Path contains an invalid character: <span class="mono">'.$invalid_chars.'</span></b><br>'; //##### Needs $_[]
+			$err_msg .= $EX.' <b>'.$_['check_path_msg_03'].' <span class="mono">'.$invalid_chars.'</span></b><br>';
 			$errors++;
 			break;
 		}
 	}
 
-	if (!is_dir($path) && !$errors)  { //final overall check
-		$err_msg .= $EX.' <b>Invalid directory name.</b><br>';     //##### Needs $_[]  $_['check_path_msg_01']
-		$errors++;
-	}
-
 	if ($errors > 0) {
 		if ($show_msg) { $message .= $err_msg; }
 		return false;
@@ -1155,7 +1203,7 @@ function List_Backup($file, $file_url){ //**************************************
 	global $_, $ONESCRIPT;
 
 		clearstatcache ();
-		$href = $ONESCRIPT.'?i='.dirname($file_url).'&amp;f='.basename($file_url);
+		$href = $ONESCRIPT.'?i='.dir_name($file_url).'&amp;f='.basename($file_url);
 ?>
 		<table class="index_T old_backup_T"><tr>
 		<td class="file_name">
@@ -1172,7 +1220,6 @@ function List_Backup($file, $file_url){ //**************************************
 		<script>document.getElementById("old_backup").focus();</script>
 		<a href="<?php echo $href.'&amp;p=delete' ?>" class="button" id="del_backup"><?php echo hsc($_['Delete']) ?></a>
 		<div style="clear: both"></div>
-
 <?php
 }//end List_Backup() ***********************************************************
 
@@ -1193,7 +1240,7 @@ function Admin_Page() { //******************************************************
 	$params = "";
 	if ($filename != "") { $params = $param2.'&amp;p=edit'; }
 
-	$edit_params = '?i='.dirname($ONESCRIPT).'&amp;f='.(basename($ONESCRIPT)).'&amp;p=edit';
+	$edit_params = '?i='.dir_name($ONESCRIPT).'&amp;f='.(basename($ONESCRIPT)).'&amp;p=edit';
 ?>
 	<h2><?php echo hsc($_['Admin_Options']) ?></h2>
 
@@ -1210,7 +1257,7 @@ function Admin_Page() { //******************************************************
 	<input type="button" class="button" id="hash"      value="<?php echo hsc($_['Generate_Hash']) ?>"
 		onclick="parent.location = '<?php echo $ONESCRIPT.$param1.'&amp;p=hash' ?>'">
 
-	<input type="button" class="button" id="editOFCMS" value="<?php echo hsc($_['Edit'].' '.$config_title) ?>" 
+	<input type="button" class="button" id="editOFCMS" value="<?php echo hsc($_['Edit'].' '.$config_title) ?>"
 		onclick="parent.location = '<?php echo $ONESCRIPT.$edit_params ?>'">
 	</span>
 
@@ -1618,9 +1665,9 @@ function List_Files() { //******************************************************
 		$D = '<span class="RCD D">'.hsc($_['D']).'</span>';
 	}
 
-	echo '<form method="post" name="mcdaction" action="'.$ONESCRIPT.$param1.'&amp;p=mcdaction">';
+	echo '<form method="post" name="mcdselect" action="'.$ONESCRIPT.$param1.'&amp;p=mcdaction">';
 	echo $INPUT_NUONCE;
-	echo '<input type="hidden" name="mcdaction" value="mcdaction">';
+	echo '<input type="hidden" name="mcdselect" value="mcdselect">';
 
 	echo '<div class="action">';
 
@@ -1686,7 +1733,7 @@ function Edit_Page_buttons_top($text_editable,$file_ENC){ //********************
 	<div class="edit_btns_top">
 		<div class="file_meta">
 			<span class="file_size">
-				<?php echo hsc($_['meta_txt_01']).' '.number_format(filesize($filename)).' '.hsc($_['meta_txt_02']); ?>
+				<?php echo hsc($_['meta_txt_01']).' '.number_format(filesize($filename)).' '.hsc($_['bytes']); ?>
 			</span>	&nbsp;
 			<span class="file_time">
 				<?php echo hsc($_['meta_txt_03']).' <script>FileTimeStamp('.filemtime($filename).', 1, 1);</script>'; ?>
@@ -1770,7 +1817,7 @@ function Edit_Page_form($ext, $text_editable, $too_large_to_edit, $too_large_to_
 				//Did htmlspecialchars return an empty string from a non-empty file?
 				$bad_chars = ( ($filecontents == "") && (filesize($filename) > 0) );
 				
-				if ($bad_chars){ 
+				if ($bad_chars){
 					echo '<pre class="edit_disabled">'.$EX.hsc($_['edit_txt_02']).'<br>';
 					echo hsc($_['edit_txt_03']).'<br>';
 					echo hsc($_['edit_txt_04']).'<br></pre>';
@@ -1842,11 +1889,11 @@ function Edit_Page() { //*******************************************************
 	else                      { $header2 = hsc($_['edit_h2_2']); }
 
 	$too_large_to_edit_message =
-'<b>'.hsc($_['too_large_to_edit_01a']).' '.number_format($MAX_EDIT_SIZE).' '.hsc($_['too_large_to_edit_01b']).'</b><br>'.
+'<b>'.hsc($_['too_large_to_edit_01a']).' '.number_format($MAX_EDIT_SIZE).' '.hsc($_['bytes']).'</b><br>'.
 hsc($_['too_large_to_edit_02']).'<br>'.hsc($_['too_large_to_edit_03']).'<br>'.hsc($_['too_large_to_edit_04']);
 
 	$too_large_to_view_message =
-'<b>'.hsc($_['too_large_to_view_01a']).' '.number_format($MAX_VIEW_SIZE).' '.hsc($_['too_large_to_view_01b']).'</b><br>'.
+'<b>'.hsc($_['too_large_to_view_01a']).' '.number_format($MAX_VIEW_SIZE).' '.hsc($_['bytes']).'</b><br>'.
 hsc($_['too_large_to_view_02']).'<br>'.hsc($_['too_large_to_view_03']).'<br>';//.hsc($_['too_large_to_view_04']);
 
 	//Preserves vertical spacing when message is blank, so edit area doesn't jump as much.
@@ -1938,7 +1985,7 @@ function Upload_response() { //*************************************************
 	$destination = Check_path($_POST["upload_destination"]);
 	$page  = "index";
 	$MAXUP1 = ini_get('upload_max_filesize');
-	$MAXUP2 = number_format($_POST['MAX_FILE_SIZE']).' '.hsc($_['meta_txt_02']);
+	$MAXUP2 = number_format($_POST['MAX_FILE_SIZE']).' '.hsc($_['bytes']);
 	$ERROR = $_FILES['upload_file']['error'];
 
 	if     ( $ERROR == 1 ){ $ERRMSG = hsc($_['upload_err_01a']).' upload_max_filesize = '.$MAXUP1.' '.hsc($_['upload_err_01b']);}
@@ -1953,9 +2000,10 @@ function Upload_response() { //*************************************************
 
 	if (($filename == "")){
 		$message .= $EX.'<b>'.hsc($_['upload_msg_01']).'</b><br>';
-	}elseif (($destination != "") && !is_dir($destination)) {
+	}elseif ( ($destination === false) || (($destination != "") && !is_dir($destination))) {
 		$message .= $EX.'<b>'.hsc($_['upload_msg_02']).'</b><br>';
-		$message .= '<span class="filename">'.hte($WEB_ROOT.$destination).'</span></b><br>'.hsc($_['upload_msg_03']).'</b><br>';
+		$message .= '<span class="filename">'.hte($destination).'</span></b><br>';
+		$message .= hsc($_['upload_msg_03']).'</b><br>';
 	}else{
 		$message .= '<b>'.hsc($_['upload_msg_04']).'</b> <span class="filename">'.hte($filename).'</span><br>';
 		$savefile = ordinalize($destination, $filename, $savefile_msg);
@@ -1971,7 +2019,7 @@ function Upload_response() { //*************************************************
 
 
 
-function New_File_or_Folder_Page($title, $id) { //****************
+function New_File_or_Folder_Page($title, $id) { //******************************
 	global $_, $FORM_COMMON, $INVALID_CHARS;
 
 	echo '<h2>'.hsc($title).'</h2>';
@@ -1986,31 +2034,43 @@ function New_File_or_Folder_Page($title, $id) { //****************
 
 
 
-function New_File_response() { //***********************************************
+function New_File_or_Folder_response($post, $is_file){ //***********************
 	global $_, $WEB_ROOT, $ipath, $filename, $page, $param1, $param2, $param3, $message, $EX, $INVALID_CHARS;
 
-	$new_name  = trim($_POST["new_file"],"\x00..\x20/"); //Trim whitespace & slashes.
-	$filename  = $ipath.$new_name;
-	$page      = "index"; //Return to index on error.
+	$page      = "index"; //Return to index if folder, or on error.
 
-	$msg_new   = '<span class="filename">'.hte($new_name).'</span><br>';
+	$new_name  = trim($_POST["$post"],"\x00..\x20/"); //Trim whitespace & slashes.
 	
+	if ($is_file) { $filename  = $ipath.$new_name;     }
+	else          { $new_ipath = $ipath.$new_name.'/'; }
+
+	$msg_new  = '<span class="filename">'.hte($new_name).'</span><br>';
+
 	if (has_invalid_char($new_name)){
-		$message .= $EX.'<b>'.hsc($_['Error']).': '.hsc($_['new_file_msg_02']);
-		$message .= ' <span class="mono">'.hte($INVALID_CHARS).'</span></b><br>'.$msg_new;
+		$message .= $EX.'<b>'.hsc($_['new_file_msg_01']).'</b> '.$msg_new;
+		$message .= '<b>'.hsc($_['new_file_msg_02']).' <span class="mono">'.hte($INVALID_CHARS).'</span></b>';
+		
 	}elseif ($new_name == ""){
-		$message .= $EX.'<b>'.hsc($_['new_file_msg_03']).'</b>';
-	}elseif (file_exists($filename)) {
-		$message .= $EX.'<b>'.hsc($_['new_file_msg_04']).'</b> '.$msg_new;
-	}elseif ( touch($filename) ) {
-		$message .= '<b>'.hsc($_['new_file_msg_05']).'</b> '.$msg_new;
-		$page     = "edit";                                     //Return to edit page.
-		$param2   = '&amp;f='.rawurlencode(basename($filename));// for Edit_Page() buttons
-		$param3   = '&amp;p=edit';                              // for Edit_Page() buttons
+		$message .= $EX.'<b>'.hsc($_['new_file_msg_03']).'</b>';  //No name given.
+		
+	}elseif (file_exists($filename)) { //Does file or folder already exist ?
+		$message .= $EX.'<b>'.hsc($_['new_file_msg_04']).' '.$msg_new;
+		
+	}elseif ( $is_file && touch($filename) ) { //Create File
+		$message .= '<b>'.hsc($_['new_file_msg_05']).'</b> '.$msg_new; //New File success.
+		$page     = "edit";                                      //Return to edit page.
+		$param2   = '&amp;f='.rawurlencode(basename($filename)); //for Edit_Page() buttons
+		$param3   = '&amp;p=edit';                               //for Edit_Page() buttons
+		
+	}elseif ( !$is_file && mkdir($new_ipath)) { //Create Folder
+		$message .= '<b>'.hsc($_['new_file_msg_07']).'</b> '.$msg_new; //New folder success
+		$ipath    = $new_ipath;  //return to new folder
+		$param1   = '?i='.URLencode_path($ipath);
+		
 	}else{
-		$message .= $EX.'<b>'.hsc($_['new_file_msg_06']).$msg_new;
+		$message .= $EX.'<b>'.hsc($_['new_file_msg_01']).':</b><br>'.$msg_new; //'Error - new file not created:'
 	}
-}//end New_File_response() *****************************************************
+}//end New_File_or_Folder_response *********************************************
 
 
 
@@ -2056,21 +2116,21 @@ function CRM_Page($action, $title, $name_id, $isfile) { //**********************
 ?>
 	<h2><?php echo hsc($action.' '.$title) ?></h2>
 
-	<p><?php echo hsc($_['CRM_txt_01'].' '.$_['CRM_txt_02']) ?></p>
-
 	<?php echo $FORM_COMMON ?>
 		<input type="hidden" name="<?php echo $name_id ?>"  value="<?php echo hsc($name_id); ?>">
-		
+
 		<label><?php echo hsc($_['CRM_txt_03']) ?></label><br>
 		<span class="web_root"><?php echo hte($WEB_ROOT); ?></span><input type="text"
-			name="old_name" value="<?php echo hsc($old_name); ?>" readonly="readonly">
-		<br>
+		name="old_name" value="<?php echo hsc($old_name); ?>" readonly="readonly">
+
 		<label><?php echo hsc($_['CRM_txt_04']) ?></label><br>
+		<input type="text" name="new_name" id="new_name" value="<?php echo hsc(basename($new_name)); ?>"><br>
+
+		<label><?php echo hsc($_['New_Location']) ?></label> &nbsp; &nbsp;(<?php echo hsc($_['CRM_txt_02']) ?>)<br>
 		<span class="web_root"><?php echo hte($WEB_ROOT); ?></span><input type="text"
-			name="new_name" id="new_name"
-			value="<?php echo hsc($new_name); ?>">
-		<?php Cancel_Submit_Buttons($action, "new_name"); ?>
+		name="new_location" id="new_location" value="<?php echo hsc(dir_name($new_name)); ?>"><br>
 
+		<?php Cancel_Submit_Buttons($action, "new_name"); ?>
 	</form>
 <?php
 } //end CRM_Page() *************************************************************
@@ -2084,56 +2144,60 @@ function CRM_response($action, $msg1, $isfile, $show_message = 3){ //***********
 	//$show_message: 0 = none; 1 = errors only; 2 = successes only; 3 = all messages (default).
 	global $_, $WEB_ROOT, $ipath, $filename, $page, $param1, $param2, $message, $EX, $INVALID_CHARS;
 
-	$old_name = trim($_POST["old_name"],"\x00..\x20/"); //Trim whitespace & slashes.
-	$new_name = trim($_POST["new_name"],"\x00..\x20/");
-	$old_location = dirname($old_name);
-	$new_location = dirname($new_name);
-	$filename = $old_name; //default if error.
+	$old_name      = trim($_POST["old_name"],"\x00..\x20/"); //Trim whitespace & slashes.
+	$old_location  = dir_name($old_name); //dir_name() adds a trailing slash.
+	$new_location  = trim($_POST['new_location'],"\x00..\x20/").'/';
+	$new_name_only = trim($_POST["new_name"],"\x00..\x20/"); //file or folder only - no path yet.
+	$new_name      = $new_location.trim($_POST["new_name"],"\x00..\x20/");
+	$filename      = $old_name; //default if error.
 
 	//Common message lines
-	$com_old  = '<span class="filename">'.hte($WEB_ROOT.$old_name).'</span><br>';
-	$com_new  = '<span class="filename">'.hte($WEB_ROOT.$new_name).'</span><br>';
+
 	$com_msg  = '<div id="message_left">'.hte($_['From']).'<br>'.hte($_['To']).'</div>';
-	$com_msg .= '<b>: </b>'.$com_old.'<b>: </b>'.$com_new;
-	
+	$com_msg .= '<b>: </b><span class="filename">'.hte($old_name).'</span><br>';
+	$com_msg .= '<b>: </b><span class="filename">'.hte($new_name).'</span>';
+
 	$err_msg = ''; //Error message.
 	$scs_msg = ''; //Success message.
 
 	$error = 1; //0 = no error, 1 = an error. Default to error. Used for return value.
 
-	$invalid_new = has_invalid_char(basename($new_name));
-	
-	//Check new name for invalid characters.
-	if ( $invalid_new ) {
-		$err_msg .= $EX.'<b>'.hsc($_['Error'].': '.$_['new_file_msg_02']).' '.$invalid_new.'</b><br>';
-		$err_msg .= '<span class="filename">'.hte(basename($new_name)).'</span><br>';
+	//Check old name for invalid chars (like .. ) (Unlikely to be false outside a malicious attempt)
+	if ( Check_path($old_name,$show_message) === false ) {
+		$bad_name = $old_name;
 		
-	//Check old parent location. (Unlikely to be false outside a malicious attempt)
-	}elseif ( Check_path($old_location,$show_message) === false ) {
-		$err_msg .= '<span class="filename">'.hte($WEB_ROOT.$old_location).'/</span><br>';
+	}elseif ( !file_exists($old_name) ) {
+		$err_msg .= $EX.'<b>'.hsc($msg1.' '.$_['CRM_msg_02']).'</b><br>'; //file does not exist
+		$bad_name = $old_name;
 		
-	//Check new parent location.
-	}elseif ( Check_path($new_location,$show_message) === false ) {
-		$err_msg .= '<span class="filename">'.hte($WEB_ROOT.$new_location).'/</span><br>';
+	//Check new name & location for invalid chars etc.
+	}elseif ( Check_path($new_name,$show_message) === false ) {
+		$bad_name = $new_name;
 		
-	}elseif ( !file_exists($old_name) ) {
-		$err_msg .= $EX.'<b>'.hsc($msg1.' '.$_['CRM_msg_02']).'</b><br>'.$com_old;
+	}elseif ( ($new_location != "") && !is_dir($new_location) ) {
+		$err_msg .= $EX.'<b>'.hsc($msg1.' '.$_['CRM_msg_01']).'</b><br>'; //parent does not exist
+		$bad_name = $new_location;
 		
 	}elseif ( file_exists($new_name) ) {
-		$err_msg .= $EX.'<b>'.hsc($msg1.' '.$_['CRM_msg_03']).'</b><br>'.$com_new;
+		$bad_name = $new_name;
+		$err_msg .= $EX.'<b>'.hsc($msg1.' '.$_['CRM_msg_03']).'</b><br>'; //already exists
 		
 	}elseif ( $action($old_name, $new_name )) {
 		$scs_msg .= '<b>'.hsc($msg1.' '.$_['successful']).'</b><br>'.$com_msg;
 		if   ($isfile) {
-			$ipath    = dirname($new_name).'/';
+			$ipath    = $new_location;
 			$filename = $new_name;
-		}else {/*folder*/
+		}else {//folder
 			$ipath    = $new_name.'/';
 		}
 		$error = 0;
+		
 	}else{
+		$bad_name = "";
 		$err_msg .= $EX.'<b>'.hsc($_['CRM_msg_05a'].' '.$msg1).'</b><br>'.$com_msg;
 	}
+	
+	if ($error) { $err_msg .= '<span class="filename">'.hte($bad_name).'</span><br>'; }
 
 	if ( ($show_message & 1) && $error ) { $message .= $err_msg; } //Show error message.
 	if (  $show_message & 2)             { $message .= $scs_msg; } //Show success message.
@@ -2141,7 +2205,7 @@ function CRM_response($action, $msg1, $isfile, $show_message = 3){ //***********
 	//Prior page should be either index or edit
 	$page = $_SESSION["recent_pages"][1];
 	$param1 = '?i='.URLencode_path($ipath);
-	if ($isfile) {$param2 = '&amp;f='.rawurlencode(basename($filename));}
+	if ($isfile & $page == "edit") {$param2 = '&amp;f='.rawurlencode(basename($filename));}
 
 	return $error; //
 }//end CRM_response() **********************************************************
@@ -2192,35 +2256,6 @@ function Delete_File_response($del_file = "", $show_message = 3){ //************
 
 
 
-function New_Folder_response(){ //**********************************************
-	global $_, $WEB_ROOT, $ipath,            $page, $param1,                   $message, $EX, $INVALID_CHARS;
-
-	$new_name  = trim($_POST["new_folder"], ' /'); //Trim whitespace & slashes.
-	$new_ipath = $ipath.$new_name.'/';
-	$page      = "index"; //Return to index
-
-	$msg_new   = '<span class="filename">'.hte($new_name).'</span><br>';
-
-	if (has_invalid_char($new_name)){
-		$message .= $EX.'<b>'.hsc($_['Error']).': '.hsc($_['new_folder_msg_02']);
-		$message .= ' <span class="mono">'.hte($INVALID_CHARS).'</span></b><br>'.$msg_new;
-	}elseif ($new_name == ""){
-		$message .= $EX.'<b>'.hsc($_['new_folder_msg_03']).'</b>';
-	}elseif (is_dir($new_ipath)) {
-		$message .= $EX.'<b>'.hsc($_['new_folder_msg_04']).'</b> '.$msg_new;
-	}elseif (mkdir($new_ipath)) {
-		$message .= '<b>'.hsc($_['new_folder_msg_05']).'</b> '.$msg_new;
-		$ipath    = $new_ipath;  //return to new folder
-		$param1   = '?i='.URLencode_path($ipath);
-
-	}else{
-		$message .= $EX.'<b>'.hsc($_['new_folder_msg_06']).':</b><br>'.$msg_new;
-	}
-}//end New_Folder_response *****************************************************
-
-
-
-
 function Delete_Folder_Page(){ //***********************************************
 	global $_, $WEB_ROOT, $ipath, $FORM_COMMON;
 ?>
@@ -2228,8 +2263,8 @@ function Delete_Folder_Page(){ //***********************************************
 	<?php echo $FORM_COMMON ?>
 		<input type="hidden" name="delete_folder" value="<?php echo hsc($ipath); ?>" >
 		<p>
-		<span class="web_root"><?php echo hte($WEB_ROOT.dirname($ipath)).'/'; ?></span>
-		<span class="verify_del"><?php echo hte(basename($ipath)); ?></span> /
+		<span class="web_root"><?php echo hte($WEB_ROOT.dir_name($ipath)); ?></span><span
+		class="verify_del"><?php echo hte(basename($ipath)); ?></span> /
 		</p>
 		<p><b><?php echo hsc($_['delete_folder_txt_01']) ?></b></p>
 		<?php Cancel_Submit_Buttons(hsc($_['DELETE']), "cancel"); ?>
@@ -2243,9 +2278,9 @@ function Delete_Folder_Page(){ //***********************************************
 function Delete_Folder_response() { //******************************************
 	global $_, $ipath, $param1, $page, $message, $EX;
 	$page = "index"; //Return to index
-	$foldername = Check_path($_POST["delete_folder"]);
+	$foldername = Check_path($_POST["delete_folder"],1);
 	$foldername = trim($foldername,'/');
-	if ($foldername == "") {return;}
+	if ($foldername == "") { return; }
 
 	if ( !is_empty($ipath) ) {
 		$message .= $EX.'<b>'.hsc($_['delete_folder_msg_01']).'</b>';
@@ -2253,7 +2288,7 @@ function Delete_Folder_response() { //******************************************
 	}elseif (@rmdir($foldername)) {
 		$message .= '<b>'.hsc($_['delete_folder_msg_02']).'</b> ';
 		$message .= '<span class="filename">'.hte(basename($foldername)).'</span></br>';
-		$ipath  = dirname($foldername).'/'; //Return to parent dir.
+		$ipath  = dir_name($foldername); //Return to parent dir.
 		$param1 = '?i='.URLencode_path($ipath);
 	}else {
 		$message .= $EX.'<b><span class="filename">"'.hte($foldername).'/"</span></b> '.hsc($_['delete_folder_msg_03']);
@@ -2262,27 +2297,10 @@ function Delete_Folder_response() { //******************************************
 
 
 
-
-function MCD_Page() { //********************************************************
+//******************************************************************************
+function MCD_Page($page_title, $action, $classes = 'verify', $focus = 'new_location') {
 	global $_, $WEB_ROOT, $ONESCRIPT, $ipath, $param1, $INPUT_NUONCE;
-
-	$focus = 'new_location';
-
-	if ($_POST['action'] == 'move')   {
-		$page_title = hsc($_['Move_Files']);
-		$classes    = "verify";
-		$action     = 'mcd_mov';
-	}elseif ($_POST['action'] == 'copy'){
-		$page_title = hsc($_['Copy_Files']);
-		$classes    = "verify";
-		$action     = 'mcd_cpy';
-	}else { //$_POST['action'] == 'delete'
-		$page_title = hsc($_['Del_Files']);
-		$classes    = "verify verify_del";
-		$action     = 'mcd_del';
-		$focus      = 'cancel'; //For Delete, put initial focus on [Cancel] button.
-	}
-
+	
 	Set_Input_width();
 
 	echo '<h2>'.hsc($page_title).'</h2>';
@@ -2290,13 +2308,8 @@ function MCD_Page() { //********************************************************
 	echo '<form method="post" action="'.$ONESCRIPT.$param1.'">'.$INPUT_NUONCE;
 		echo '<input type="hidden" name="'.$action.'" value="'.$action.'">'.PHP_EOL;
 		
-		$X = 1;
-		foreach($_POST['files'] as $file) {
-			echo '<input type="hidden" name="files['.$X++	.']" value="'.$file.'">'.PHP_EOL;
-		}
-		
-		if ($_POST['action'] != 'delete')  {
-			echo '<label for="new_location">'.hsc($_['New_location']).'</label> ('.hsc($_['CRM_txt_02']).')<br>';
+		if (($_POST['action'] == 'copy') || ($_POST['action'] == 'move') ) {
+			echo '<label for="new_location">'.hsc($_['New_Location']).'</label> &nbsp; ('.hsc($_['CRM_txt_02']).')<br>';
 			echo '<span class="web_root">'.hte($WEB_ROOT).'</span>';
 			echo '<input type="text" name="new_location" id="new_location" value="'.hsc($ipath).'">';
 		}
@@ -2306,13 +2319,14 @@ function MCD_Page() { //********************************************************
 			
 		//List selected files
 		echo '<table class="'.$classes.'">';
-		echo '<tr><th>'.$_['Selected_Files'].':</th></tr>';
+		echo '<tr><th>'.$_['Selected_Files'].':</th></tr>'."\n";
+		$X = 1;
 		foreach($_POST['files'] as $file) {
 			echo '<tr><td>'.hte($file).'</td></tr>';
+			echo '<input type=hidden  class="'.$classes.'" name="files['.$X++.']" value="'.hsc($file).'">'."\n";
 		}
 		echo '</table>';
 	echo '</form>';
-
 } //end MCD_Page() *************************************************************
 
 
@@ -2337,15 +2351,16 @@ function MCD_response($action, $msg1, $success_msg = '') { //*******************
 		$mcd_ipath = $ipath; //$CRM_response() changes $ipath to $new_location
 		
 		//Trim whitespace & slashes, leaving only 1 trailing slash.
-		$new_location = trim($_POST['new_location'],"\x00..\x20/").'/'; 
+		$new_location = trim($_POST['new_location'],"\x00..\x20/").'/';
 		if ( Check_path($new_location, $show_message) === false ){
-			$message .= '<span class="filename">'.hte($WEB_ROOT.$new_location).'</span><br>';
+			$message .= '<span class="filename">'.hte($new_location).'</span><br>';
 			return;
 		}
 		
 		foreach ($files as $file){
 			$_POST['old_name'] = $mcd_ipath.$file;
-			$_POST['new_name'] = $new_location.$file;
+			$_POST['new_name'] = $file;
+			$_POST['new_location'] = $new_location;
 			$errors  += CRM_response($action, $msg1, $isfile, $show_message);
 		}
 	}
@@ -2357,10 +2372,10 @@ function MCD_response($action, $msg1, $success_msg = '') { //*******************
 	$message .= '<b>'.$successful.' '.hsc($success_msg).'</b><br>';
 
 	if ($action != 'delete') {
-		if ($successful != 0) { //if all errors, don't bother...
+		if ($successful > 0) { //if all errors, don't bother...
 			$message .= '<div id="message_left"><b>'.hsc($_['From']).'<br>'.hsc($_['To']).'</b></div>';
-			$message .= '<b>:</b><span class="filename"> '.hsc($WEB_ROOT).$mcd_ipath.'</span><br>';
-			$message .= '<b>:</b><span class="filename"> '.hsc($WEB_ROOT).$ipath.'</span><br>';
+			$message .= '<b>:</b><span class="filename"> '.hsc($mcd_ipath).'</span><br>';
+			$message .= '<b>:</b><span class="filename"> '.hsc($ipath).'</span><br>';
 		}
 	}
 }//end MCD_response() **********************************************************
@@ -2412,7 +2427,11 @@ function Load_Selected_Page(){ //***********************************************
 	elseif ($page == "newfolder")    { New_File_or_Folder_Page($_['New_Folder'] ,"new_folder");}
 	elseif ($page == "renamefolder") { CRM_Page($_['Ren_Move'], $_['Folder'], 'rename_folder', 0); }
 	elseif ($page == "deletefolder") { Delete_Folder_Page();  }
-	elseif ($page == "mcdaction")    { MCD_Page();            }
+	elseif ($page == "mcdaction")    {
+		if ($_POST['action'] == 'move')  { MCD_Page($_['Move_Files'], 'mcd_mov'); }
+		if ($_POST['action'] == 'copy')  { MCD_Page($_['Copy_Files'], 'mcd_cpy'); }
+		if ($_POST['action'] == 'delete'){ MCD_Page($_['Del_Files'],  'mcd_del', 'verify verify_del', 'cancel'); }
+	}
 	else                             { Login_Page();          } //default
 }//end Load_Selected_Page() ****************************************************
 
@@ -2422,32 +2441,23 @@ function Load_Selected_Page(){ //***********************************************
 function Respond_to_POST() {//**************************************************
 	global $_, $VALID_POST, $page, $message;
 
-	if ($VALID_POST) {
-		if     ($page == "mcdaction") {
-			//There must be at least one 'file', and 'action' must = "move", "copy", or "delete"
-			if (!isset($_POST['mcdaction'] )) { $page = "index"; }
-			if (!isset($_POST['files']) )     { $page = "index"; }
-			if (!isset($_POST['action']))     { $page = "index"; }
-			if ( isset($_POST['action']) && ($_POST['action'] != "move") && ($_POST['action'] != "copy") && ($_POST['action'] != "delete") ) {
-				$page = "index";
-			}
-		}
-		elseif (isset($_POST["mcd_mov"]      )) { MCD_response('rename', $_['Ren_Move'], $_['mcd_msg_01']); } //move == rename
-		elseif (isset($_POST["mcd_cpy"]      )) { MCD_response('copy'  , $_['Copy']    , $_['mcd_msg_02']); }
-		elseif (isset($_POST["mcd_del"]      )) { MCD_response('delete', $_['Delete']  , $_['mcd_msg_03']); }
-		elseif (isset($_POST["whattohash"]   )) { Hash_response();           }
-		elseif (isset($_POST["pw"]           )) { Change_PWUN_response('pw', $_['change_pw_02']);}
-		elseif (isset($_POST["un"]           )) { Change_PWUN_response('un', $_['change_un_02']);}
-		elseif (isset($_POST["filename"]     )) { Edit_response();           }
-		elseif (isset($_POST["new_file"]     )) { New_File_response();       }
-		elseif (isset($_POST["copy_file"]    )) { CRM_response('copy'  , $_['Copy']    , 1); }
-		elseif (isset($_POST["rename_file"]  )) { CRM_response('rename', $_['Ren_Move'], 1); }
-		elseif (isset($_POST["delete_file"]  )) { Delete_File_response();    }
-		elseif (isset($_POST["new_folder"]   )) { New_Folder_response();     }
-		elseif (isset($_POST["rename_folder"])) { CRM_response('rename', $_['Ren_Move'], 0); }
-		elseif (isset($_POST["delete_folder"])) { Delete_Folder_response();  }
-		elseif (isset($_FILES['upload_file']['name']))  { Upload_response(); }
-	}//end if ($VALID_POST)
+	if (!$VALID_POST) { return; }
+
+	if     (isset($_POST["mcd_mov"]      )) { MCD_response('rename', $_['Ren_Move'], $_['mcd_msg_01']); } //move == rename
+	elseif (isset($_POST["mcd_cpy"]      )) { MCD_response('copy'  , $_['Copy']    , $_['mcd_msg_02']); }
+	elseif (isset($_POST["mcd_del"]      )) { MCD_response('delete', $_['Delete']  , $_['mcd_msg_03']); }
+	elseif (isset($_POST["whattohash"]   )) { Hash_response();           }
+	elseif (isset($_POST["pw"]           )) { Change_PWUN_response('pw', $_['change_pw_02']);}
+	elseif (isset($_POST["un"]           )) { Change_PWUN_response('un', $_['change_un_02']);}
+	elseif (isset($_POST["filename"]     )) { Edit_response();           }
+	elseif (isset($_POST["new_file"]     )) { New_File_or_Folder_response("new_file", 1);}   //1=file
+	elseif (isset($_POST["copy_file"]    )) { CRM_response('copy'  , $_['Copy']    , 1);}
+	elseif (isset($_POST["rename_file"]  )) { CRM_response('rename', $_['Ren_Move'], 1);}
+	elseif (isset($_POST["delete_file"]  )) { Delete_File_response();    }
+	elseif (isset($_POST["new_folder"]   )) { New_File_or_Folder_response("new_folder", 0);} //0=folder
+	elseif (isset($_POST["rename_folder"])) { CRM_response('rename', $_['Ren_Move'], 0);}
+	elseif (isset($_POST["delete_folder"])) { Delete_Folder_response();  }
+	elseif (isset($_FILES['upload_file']['name']))  { Upload_response(); }
 
 }//end Respond_to_POST() *******************************************************
 
@@ -2556,9 +2566,9 @@ function Select_All(list_offset) {
 	//list_offset = Number of form elements before file select checkboxes.
 
 	select_all_label = document.getElementById('select_all_label');
-	var   files = document.mcdaction.elements; //Actually only from elemements[list_offset] to last element.
+	var   files = document.mcdselect.elements; //files start at elemements[list_offset].
 	var   last  = files.length - 1; //number of files & checkboxes
-	var   select_all = document.mcdaction.select_all;
+	var   select_all = document.mcdselect.select_all;
 	
 	if (select_all.checked) {
 		select_all_label.innerHTML = '<?php echo addslashes($_['Clear_All']) ?>';
@@ -2597,7 +2607,7 @@ function Confirm_ready(list_offset){
 	is_copy    = document.getElementById("copy").checked;
 	is_delete  = document.getElementById("delete").checked;
 	
-	var   files = document.mcdaction.elements; //Actual files are only from elemements[list_offset] to last element.
+	var   files = document.mcdselect.elements; //Actual files are only from elemements[list_offset] to last element.
 	var   last  = files.length - 1; //number of files (checkboxes) + list_offset
 
 	//Clear f_msg if at least one file is checked
@@ -3086,6 +3096,7 @@ function style_sheet(){ //******************************************************
 
 
 table.verify {
+	min-width       : 50%; 
 	font            : 1em Courier;
 	margin-bottom   : .7em;
 	border          : 1px outset gray;
@@ -3116,7 +3127,7 @@ function style_sheet(){ //******************************************************
 	font  : 1em Courier;
 	margin-bottom: .5em;
 	padding: .2em;
-}
+	}
 
 
 table.verify_del    { border: 1px solid #F44; background-color: #FFE7E7; }
@@ -3149,6 +3160,8 @@ function style_sheet(){ //******************************************************
 .edit_btns_bottom { float: right; }
 .edit_btns_bottom .button { margin-left: .5em; }
 
+input[type="text"]#new_name {width  : 60%;}
+
 .admin_buttons .button { margin-right: .5em; }
 
 #upload_file { margin-bottom: .6em; }
@@ -3231,7 +3244,7 @@ function Language_and_config_adjusted_styles() {//******************************
 
 //******************************************************************************
 //******************************************************************************
-//Begin logic to determine page action
+//Main logic to determine page action
 
 Default_Language(); // Load Default Language settings
 
@@ -3260,48 +3273,11 @@ function Language_and_config_adjusted_styles() {//******************************
 
 	Respond_to_POST();
 
-	//*** Verify a few $page conditions **************
-	
-	//If exited admin pages, restore $ipath
-	if    ( ($page == "index") && $_SESSION['admin_page'] ) {
-		//Unless clicked www/some/path/ from edit or copy page.
-		if ( ($_SESSION['recent_pages'][1] != 'edit') && ($_SESSION['recent_pages'][1] != 'copy') ){
-			$ipath = $_SESSION['admin_ipath'];
-			$param1 = '?i='.URLencode_path($ipath);
-		}
-		$_SESSION['admin_page']  = false;
-		$_SESSION['admin_ipath'] = '';
-	}
-	//Don't load login screen when already in a valid session.
-	//$_SESSION['valid'] may be false after Respond_to_POST()
-	elseif ( ($page == "login") && $_SESSION['valid'] ) { $page = "index"; }
-		
-	elseif ( $page == "logout" ) {
-		Logout();
-		$message .= hsc($_['logout_msg']);
-	}
-	//Don't load delete page if folder not empty.
-	elseif ( ($page == "deletefolder") && !is_empty($ipath) ) {
-		$message .= $EX.'<b>'.hsc($_['folder_del_msg']).'</b>';
-		$page = "index";
-	}
-	//if size of $_POST > post_max_size, PHP only returns empty $_POST & $_FILE arrays.
-	elseif ( ($page == "uploaded") && !$VALID_POST ) {
-		$message .= $EX.'<b> '.hsc($_['upload_error_01a']).' '.ini_get('post_max_size').'</b> '.hsc($_['upload_error_01b']).'<br>';
-		$page = "index";
-	}
-	//If editing OneFileCMS itself, show caution message.
-	elseif ($filename == trim(rawurldecode($ONESCRIPT), '/')) {
-		$message .= '<style>#message_box_contents {background: red;}</style>';
-		$message .= '<style>#message_box          {color: white;}   </style>';
-		$message .= $EX.'<b>'.hsc($_['edit_caution_01']).' '.$EX.hsc($_['edit_caution_02']).'</b><br>';
-	}
-	//end Verify a few $page restrictions ************
+	Verify_page_conditions();
 
 	Update_Recent_Pages();
 
-}//end if $_SESSION[valid] *************************************
-
+}//end if $_SESSION[valid] 
 
 //Used to disable some options if editing OneFileCMS itself.
 $Editing_OFCMS = false;
diff --git a/readme.markdown b/readme.markdown
index 4832c9f..cabc84c 100755
--- a/readme.markdown
+++ b/readme.markdown
@@ -1,8 +1,14 @@
-# Current stable version: 3.4.01
+# Current stable version: 3.4.03
 
-### September 9, 2012
+### September 12, 2012
 
-- A couple minor fixes, and some code improvements & cleanup.
+Nothing, it seems, is ever "done".  Shortly after commiting the changes to 3.4, I noticed a couple very minor issues.  Issues that probably would go unnoticed by most.  But, I had to fix them.  Then, I started thinking, "hmmm, this could be little better... maybe that too..."
+
+Anyway, maybe now it's sorta at a resting spot  (hahaha...).  In anycase, here's the recent summary:
+
+- A few minor fixes, and some code cleanup & improvements.
+
+(what'd you expect, a epic treatise?...)
 
 ### Auguest 29, 2012
 
@@ -178,9 +184,17 @@ GENERATE/OUTPUT THE PAGE
 
 ## Change Log
 
+### 3.4.02-3.4.03
+
+- Primary user noticable change: on rename/move/copy pages, split "New Name" from "New Location".
+- A couple minor bug fixes.
+- Consolidated a four functions into two.
+- Other general code cleanup & improvements.
+- Numerous changed, new, and removed langauge settings.
+
 ### 3.4.01
 
-- A couple of minor bux fixes.
+- A couple of minor bug fixes.
 - Some code cleanup & improvements.
 
 ### 3.3.17 - 3.4.0

From 6bd1262e362803f2fff409ebe86af30c7c13b88e Mon Sep 17 00:00:00 2001
From: David <selfevidenttruths@mail.com>
Date: Thu, 13 Sep 2012 18:10:00 -0400
Subject: [PATCH 143/228] Version 3.4.03 Minor date typo.

---
 readme.markdown | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/readme.markdown b/readme.markdown
index cabc84c..f414181 100755
--- a/readme.markdown
+++ b/readme.markdown
@@ -1,6 +1,6 @@
 # Current stable version: 3.4.03
 
-### September 12, 2012
+### September 13, 2012
 
 Nothing, it seems, is ever "done".  Shortly after commiting the changes to 3.4, I noticed a couple very minor issues.  Issues that probably would go unnoticed by most.  But, I had to fix them.  Then, I started thinking, "hmmm, this could be little better... maybe that too..."
 

From 652c1ec63cf01fecfe99c1e3518dcaabdc8ca700 Mon Sep 17 00:00:00 2001
From: Self-Evident <selfevidenttruths@mail.com>
Date: Fri, 14 Sep 2012 01:10:00 -0400
Subject: [PATCH 144/228] Version 3.4.04 Minor bug fix. dir_name(),
 CRM_response():  don't add trailing slash if $path == "" Check_path(): added
 a couple different checks. Moved has_invalid_char() up a bit in the code.
 (Because I wanted to...)  :) Removed a redundant $_[] value.

---
 OneFileCMS.LANG.DE.php   |  5 ++---
 OneFileCMS.LANG.EN.php   |  3 +--
 OneFileCMS.LANG.ES.php   |  3 +--
 OneFileCMS_structure.txt |  4 ++--
 onefilecms.php           | 46 +++++++++++++++++++++-------------------
 readme.markdown          | 10 ++++++++-
 6 files changed, 39 insertions(+), 32 deletions(-)

diff --git a/OneFileCMS.LANG.DE.php b/OneFileCMS.LANG.DE.php
index c815b57..6dae6d8 100755
--- a/OneFileCMS.LANG.DE.php
+++ b/OneFileCMS.LANG.DE.php
@@ -1,5 +1,5 @@
 <?php
-// OneFileCMS Language Settings v3.4.03
+// OneFileCMS Language Settings v3.4.04
 
 $_['LANGUAGE'] = 'Deutsch';
 $_['LANG'] = 'DE';
@@ -192,7 +192,7 @@
 $_['delete_msg_02'] = 'Während des Löschvorgangs trat ein Fehler auf ';
 
 $_['delete_folder_txt_01'] = 'Sind Sie sicher?';
-$_['delete_folder_msg_01'] = 'Der Ordner ist nicht leer.   Bevor ein Ordner gelöscht werden kann, muss er geleert werden.';
+$_['delete_folder_msg_01'] = 'Der Ordner ist nicht leer.  Der Ordner muss leer sein, bevor er gelöscht werden kann.';
 $_['delete_folder_msg_02'] = 'Gelöschter Ordner:';
 $_['delete_folder_msg_03'] = 'während des Löschvorgangs trat ein Fehler auf.';
 
@@ -203,7 +203,6 @@
 
 $_['OFCMS_requires']   = 'OneFileCMS erfordert PHP';
 $_['logout_msg']       = 'Sie wurden erfolgreich abgemeldet.';
-$_['folder_del_msg']   = 'Der Ordner ist nicht leer.   Der Ordner muss leer sein, bevor er gelöscht werden kann.';
 $_['upload_error_01a'] = ' Fehler beim Heraufladen.  Die Gesamtmenge and heraufgeladenen Daten (in Hauptsache die Datei) überschreitet die post_max_size = ';
 $_['upload_error_01b'] = ' (der php.ini)';
 $_['edit_caution_01']  = 'ACHTUNG ';
diff --git a/OneFileCMS.LANG.EN.php b/OneFileCMS.LANG.EN.php
index c92cd22..381ca6e 100755
--- a/OneFileCMS.LANG.EN.php
+++ b/OneFileCMS.LANG.EN.php
@@ -1,5 +1,5 @@
 <?php
-// OneFileCMS Language Settings v3.4.03
+// OneFileCMS Language Settings v3.4.04
 
 $_['LANGUAGE'] = 'English'; //EN
 $_['LANG'] = 'EN';
@@ -203,7 +203,6 @@
 
 $_['OFCMS_requires']   = 'OneFileCMS requires PHP';
 $_['logout_msg']       = 'You have successfully logged out.';
-$_['folder_del_msg']   = 'Folder not empty. Folders must be empty before they can be deleted.';
 $_['upload_error_01a'] = 'Upload Error. Total POST data (mostly filesize) exceeded post_max_size =';
 $_['upload_error_01b'] = '(from php.ini)';
 $_['edit_caution_01']  = 'CAUTION';
diff --git a/OneFileCMS.LANG.ES.php b/OneFileCMS.LANG.ES.php
index 0b9fb29..8a16f98 100755
--- a/OneFileCMS.LANG.ES.php
+++ b/OneFileCMS.LANG.ES.php
@@ -1,5 +1,5 @@
 <?php
-// OneFileCMS Language Settings v3.4.03
+// OneFileCMS Language Settings v3.4.04
 
 $_['LANGUAGE'] = 'Espanõla';
 $_['LANG'] = 'ES';
@@ -203,7 +203,6 @@
 
 $_['OFCMS_requires']   = 'OneFileCMS necesita PHP';
 $_['logout_msg']       = 'Has cerrado la sesión satisfactoriamente.';
-$_['folder_del_msg']   = 'Carpeta no vacía.   Las carpetas debe estar vacías antes de poder eliminarse.';
 $_['upload_error_01a'] = 'Eror de subida.  Total de datos POST (mayormente el peso del archivo) excedido post_max_size =';
 $_['upload_error_01b'] = '(desde php.ini)';
 $_['edit_caution_01']  = 'PRECAUCIÓN';
diff --git a/OneFileCMS_structure.txt b/OneFileCMS_structure.txt
index 37014f7..ca0a504 100755
--- a/OneFileCMS_structure.txt
+++ b/OneFileCMS_structure.txt
@@ -1,4 +1,4 @@
-OneFileCMS Version 3.4.03 structure/layout
+OneFileCMS Version 3.4.04 structure/layout
 
 LICENSE
 
@@ -20,9 +20,9 @@ MISC FUNCTIONS:
 	undo_magic_quotes()
 	Get_GET()
 	Verify_page_conditions()
+	has_invalid_char()
 	URLencode_path()
 	dir_name()
-	has_invalid_char()
 	Check_path()
 	is_empty()
 	ordinalize()
diff --git a/onefilecms.php b/onefilecms.php
index 8e3d90a..1c03753 100755
--- a/onefilecms.php
+++ b/onefilecms.php
@@ -1,7 +1,7 @@
 <?php
 // OneFileCMS - github.com/Self-Evident/OneFileCMS
 
-$OFCMS_version = '3.4.03';
+$OFCMS_version = '3.4.4';
 
 /*******************************************************************************
 Copyright © 2009-2012 https://github.com/rocktronica
@@ -86,7 +86,7 @@
 
 $EX = '<b>( ! )</b> '; //EXclaimation point "icon" Used in $message's
 
-$SESSION_NAME = 'OFCMS-'; //Name of session cookie. Change if using multiple copies of OneFileCMS.
+$SESSION_NAME = 'OFCMS'; //Name of session cookie. Change if using multiple copies of OneFileCMS.
 
 //External config file, if there is one.  Any settings in the $config_file will supersede those above.
 //$config_file = 'OFCMS_config.SAMPLE.php';  // Path is relative to OneFileCMS.
@@ -354,7 +354,6 @@ function Default_Language() { // ***********************************************
 $_['confirm_reset']   = 'Reset file and loose unsaved changes?';
 $_['OFCMS_requires']   = 'OneFileCMS requires PHP';
 $_['logout_msg']       = 'You have successfully logged out.';
-$_['folder_del_msg']   = 'Folder not empty. Folders must be empty before they can be deleted.';
 $_['upload_error_01a'] = 'Upload Error. Total POST data (mostly filesize) exceeded post_max_size =';
 $_['upload_error_01b'] = '(from php.ini)';
 $_['edit_caution_01']  = 'CAUTION';
@@ -658,7 +657,7 @@ function Verify_page_conditions() { //******************************************
 	}
 	//Don't load delete folder page if folder not empty.
 	elseif ( ($page == "deletefolder") && !is_empty($ipath) ) {
-		$message .= $EX.'<b>'.hsc($_['folder_del_msg']).'</b><br>';
+		$message .= $EX.'<b>'.hsc($_['delete_folder_msg_01']).'</b><br>';
 		$page = "index";
 	}
 	//If page reloaded, or malicious page load...
@@ -691,6 +690,17 @@ function Verify_page_conditions() { //******************************************
 
 
 
+function has_invalid_char($string) { //*****************************************
+	global $INVALID_CHARS, $INVALID_CHARS_array;
+	foreach ($INVALID_CHARS_array as $bad_char) {
+		if (strpos($string, $bad_char) !== false) { return $bad_char; }
+	}
+	return false;
+}//end has_invalid_char() //****************************************************
+
+
+
+
 function URLencode_path($path){ // don't encode the forward slashes ************
 	$TS = '';  // Trailing Slash/
 	if (substr($path, -1) == '/' ) { $TS = '/'; } //start with a $TS?
@@ -707,32 +717,24 @@ function URLencode_path($path){ // don't encode the forward slashes ************
 function dir_name($path){ //****************************************************
 	//Modified dirname().
 	$parent = dirname($path);
-	if ($parent == "." || $parent == "/" || $parent == '\\') { return ""; }
+	if ($parent == "." || $parent == "/" || $parent == '\\' || $parent == "") { return ""; }
 	return $parent.'/';
 }//end dir_name() //************************************************************
 
 
 
 
-function has_invalid_char($string) { //*****************************************
-	global $INVALID_CHARS, $INVALID_CHARS_array;
-	foreach ($INVALID_CHARS_array as $bad_char) {
-		if (strpos($string, $bad_char) !== false) { return $bad_char; }
-	}
-	return false;
-}//end has_invalid_char() //****************************************************
-
-
-
-
 function Check_path($path, $show_msg = false) { //******************************
-	// check for invalid characters & "dot dot" segments.
+	// check for invalid characters & "dot" or "dot dot" path segments.
+	// Does NOT check if exists - only if of valid construction.
 	global  $_, $WEB_ROOT, $message, $EX, $INVALID_CHARS;
 
+	if ($path === false) {return false;}
+
 	$path = str_replace('\\','/',$path);   //Make sure all forward slashes.
 	$path = trim($path,"\x00..\x20/");     // trim whitespace & slashes
 
-	if (strlen($path) < 1) { return ""; } // At root.
+	if ( ($path == "") || ($path == ".") ){ return ""; } // At root.
 
 	$err_msg = "";
 	$errors  = 0;
@@ -752,7 +754,7 @@ function Check_path($path, $show_msg = false) { //******************************
 		//Check for invalid characters
 		$invalid_chars = str_replace(' /','',$INVALID_CHARS); //The forward slash is not present in this context.
 		if ( has_invalid_char($part) ) {
-			$err_msg .= $EX.' <b>'.$_['check_path_msg_03'].' <span class="mono">'.$invalid_chars.'</span></b><br>';
+			$err_msg .= $EX.' <b>'.$_['check_path_msg_03'].' &nbsp; <span class="mono"> '.$invalid_chars.'</span></b><br>';
 			$errors++;
 			break;
 		}
@@ -1240,7 +1242,7 @@ function Admin_Page() { //******************************************************
 	$params = "";
 	if ($filename != "") { $params = $param2.'&amp;p=edit'; }
 
-	$edit_params = '?i='.dir_name($ONESCRIPT).'&amp;f='.(basename($ONESCRIPT)).'&amp;p=edit';
+	$edit_params = '?i='.dir_name($ONESCRIPT).'&amp;f='.basename($ONESCRIPT).'&amp;p=edit';
 ?>
 	<h2><?php echo hsc($_['Admin_Options']) ?></h2>
 
@@ -2146,13 +2148,13 @@ function CRM_response($action, $msg1, $isfile, $show_message = 3){ //***********
 
 	$old_name      = trim($_POST["old_name"],"\x00..\x20/"); //Trim whitespace & slashes.
 	$old_location  = dir_name($old_name); //dir_name() adds a trailing slash.
-	$new_location  = trim($_POST['new_location'],"\x00..\x20/").'/';
+	$new_location  = trim($_POST['new_location'],"\x00..\x20/");
+	if ($new_location != "") { $new_location .= '/'; }
 	$new_name_only = trim($_POST["new_name"],"\x00..\x20/"); //file or folder only - no path yet.
 	$new_name      = $new_location.trim($_POST["new_name"],"\x00..\x20/");
 	$filename      = $old_name; //default if error.
 
 	//Common message lines
-
 	$com_msg  = '<div id="message_left">'.hte($_['From']).'<br>'.hte($_['To']).'</div>';
 	$com_msg .= '<b>: </b><span class="filename">'.hte($old_name).'</span><br>';
 	$com_msg .= '<b>: </b><span class="filename">'.hte($new_name).'</span>';
diff --git a/readme.markdown b/readme.markdown
index f414181..e488ec6 100755
--- a/readme.markdown
+++ b/readme.markdown
@@ -1,4 +1,8 @@
-# Current stable version: 3.4.03
+# Current stable version: 3.4.04
+
+### September 14, 2012
+
+- Minor bug fix.
 
 ### September 13, 2012
 
@@ -184,6 +188,10 @@ GENERATE/OUTPUT THE PAGE
 
 ## Change Log
 
+### 3.4.04
+
+- Minor bug fix.
+
 ### 3.4.02-3.4.03
 
 - Primary user noticable change: on rename/move/copy pages, split "New Name" from "New Location".

From 9332e26ad98bb45d9487965258588fc0e1a1139e Mon Sep 17 00:00:00 2001
From: Self-Evident <selfevidenttruths@mail.com>
Date: Tue, 18 Sep 2012 00:00:00 -0400
Subject: [PATCH 145/228] Version 3.4.05 Added $UPLOAD_FIELDS config option.
 $WHSPC_SLASH = "\x00..\x20/" for use in trimming file & folder name input.
 Table_of_Files(): <input checkbox name=files[]> instead of files[1] files[2]
 etc... Along with above, removed use of $CHECKBOX_OFFSET. List_Files():
 Renamed <input mcdselect> to <input mcdaction> List_Files(): Switched from
 radio buttons to <button> for action select (Move, Copy, Delete).  
 Elsewhere, $_POST[action] => $_POST[mcdaction] Upload_Page(): Added
 additional upload inputs. Upload_response() now handles multiple uploaded
 files. Upload_Page() & _response(): Removed $MAX_FILE_SIZE code (usually =
 post_max_size)   1) php returns an upload error if upload_max_filesize is
 exceded.   2) php returns an empty $_POST array if post_max_size is exceded,
 but no error.   > 1 can be checked for directly, 2 can not (all $_POSTed
 values, such as MAX_FILE_SIZE, are lost) Upload_Page(): Deleted
 shorthand_to_int() - no longer used. MCD_Page(): Like List_Files(), don't
 directly index values of name attributes: 	Just use <input name=files[]>
 ...     instead of <input name=files[1]>,  <... =files[2]>, etc...
 Confirm_ready(): Now called by button options directly. Removed "action"
 checks. Submit_btn_style(): (a js function) Deleted - no longer used. Rolled
 Upload_New_Rename_Delete_Links() directly into Index_Page(), and only show
 once. Index page: removed NUONCE.  Maybe I'll put it back. Maybe not.
 Verify_page_conditions(): Removed:  elseif ($page == "mcdaction" &&
 !$VALID_POST ){ ...

---
 OneFileCMS.LANG.DE.php   |  69 +++--
 OneFileCMS.LANG.EN.php   |  25 +-
 OneFileCMS.LANG.ES.php   |  51 ++--
 OneFileCMS_structure.txt |   6 +-
 onefilecms.php           | 640 ++++++++++++++++++---------------------
 readme.markdown          |  39 ++-
 6 files changed, 396 insertions(+), 434 deletions(-)

diff --git a/OneFileCMS.LANG.DE.php b/OneFileCMS.LANG.DE.php
index 6dae6d8..da4c436 100755
--- a/OneFileCMS.LANG.DE.php
+++ b/OneFileCMS.LANG.DE.php
@@ -1,5 +1,5 @@
 <?php
-// OneFileCMS Language Settings v3.4.04
+// OneFileCMS Language Settings v3.4.05
 
 $_['LANGUAGE'] = 'Deutsch';
 $_['LANG'] = 'DE';
@@ -17,9 +17,9 @@
 // So, a smaller font or less spacing may be desirable in those places to preserve page layout.
 //
 $_['front_links_font_size'] = '.9em';   //Buttons on Index page.
-$_['front_links_margin_R']  = '.5em';  
+$_['front_links_margin_R']  = '.5em';
 $_['button_font_size']      = '.7em';   //Buttons on Edit page.
-$_['button_margin_L']       = '.5em';  
+$_['button_margin_L']       = '.5em';
 $_['button_padding']        = '4px 5px';
 $_['image_info_font_size']  = '.95em';  //show_img_msg_01  &  _02
 $_['image_info_pos']        = '1';      //If 1 or true, moves the info down a line for more space.
@@ -43,8 +43,8 @@
 $_['Enter']   = 'Eintreten';
 $_['Error']   = 'Error';   //## NT ##
 $_['errors']  = 'errors';  //## NT ##
-$_['File']    = 'Datei';  
-$_['Folder']  = 'Ordner'; 
+$_['File']    = 'Datei';
+$_['Folder']  = 'Ordner';
 $_['From']    = 'From';    //## NT ##
 $_['Hash']    = 'Streuwert';
 $_['Move']    = 'Verschieben';
@@ -52,25 +52,25 @@
 $_['on']      = 'läuft unter';
 $_['bytes']   = 'bytes';
 
-$_['Password']   = 'Passwort';  
+$_['Password']   = 'Passwort';
 $_['Rename']     = 'Umbenennen';
 $_['successful'] = 'successful'; //## NT ##
 $_['To']         = 'To';         //## NT ##
 $_['Upload']     = 'Heraufladen';
 $_['Username']   = 'Benutzername';
-$_['Log_In']     = 'Anmelden';  
-$_['Log_Out']    = 'Abmelden';  
+$_['Log_In']     = 'Anmelden';
+$_['Log_Out']    = 'Abmelden';
 
 $_['Admin_Options']  = 'Administration Options'; //## NT ##
-$_['Edit_View']      = 'Edit / View File';      //## NT ##
-$_['Upload_File']    = 'Datei heraufladen';  
-$_['New_File']       = 'Datei erstellen';    
+$_['Edit_View']      = 'Edit / View File';    //## NT ##
+$_['Upload_File']    = 'Datei heraufladen';
+$_['New_File']       = 'Datei erstellen';
 $_['Ren_Move']       = 'Umbenennen / Verschieben';
 $_['Ren_Moved']      = 'Umbenannt / Verschoben';
-$_['New_Folder']     = 'Neuer Ordner';       
+$_['New_Folder']     = 'Neuer Ordner';
 $_['Ren_Folder']     = 'Ordner umbenennen/verschieben';
-$_['Del_Folder']     = 'Ordner löschen';    
-$_['Submit']         = 'Anfrage senden';     
+$_['Del_Folder']     = 'Ordner löschen';
+$_['Submit']         = 'Anfrage senden';
 $_['Move_Files']     = 'Move File(s)';        //## NT ##
 $_['Copy_Files']     = 'Copy File(s)';        //## NT ##
 $_['Del_Files']      = 'Delete File(s)';      //## NT ##
@@ -148,14 +148,13 @@
 $_['edit_msg_02'] = 'Bytes geschrieben.';
 $_['edit_msg_03'] = 'Bei dem Versuch die Datei zu speichern trat ein Fehler auf.';
 
+$_['upload_txt_03']  = 'Anmerkung: Die maximale Dateigröße für das Heraufladen von Dateien beträgt: ';
 $_['upload_txt_01']  = '  per upload_max_filesize in php.ini.';
+$_['upload_txt_04']  = 'Maximum total upload size:'; //## NT ##
 $_['upload_txt_02']  = 'per post_max_size in php.ini'; //## NT ##
-$_['upload_txt_03']  = 'Anmerkung: Die maximale Dateigröße für das Heraufladen von Dateien beträgt: ';
 
-$_['upload_err_01a'] = 'Fehler 1: Die Datei ist zu groß.  ';
-$_['upload_err_01b'] = ' (Einschränkung durch php.ini)';
-$_['upload_err_02a'] = 'Fehler 2: Die Datei ist zu groß.  ';
-$_['upload_err_02b'] = ' (Einschränkung durch OneFileCMS)';
+$_['upload_err_01']  = 'Error 1: File too large. From php.ini:'; //## NT ##
+$_['upload_err_02']  = 'Error 2: File too large. (MAX_FILE_SIZE HTML form element)'; //## NT ##
 $_['upload_err_03']  = 'Fehler 3: Die Datei wurde nur teilweise heraufgeladen.';
 $_['upload_err_04']  = 'Fehler 4: Es wurde keine Datei heraufgeladen.';
 $_['upload_err_05']  = 'Fehler 5:';
@@ -185,7 +184,7 @@
 $_['CRM_msg_01']  = ' Fehler - der neue Zielort besteht nicht:';
 $_['CRM_msg_02']  = ' Fehler - die Quelldatei besteht nicht:';
 $_['CRM_msg_03']  = ' Fehler - die Zieldatei besteht bereits:';
-$_['CRM_msg_05a'] = 'Fehler während ';
+$_['CRM_msg_05']  = 'Error during'; //## NT ##
 
 $_['delete_txt_01'] = 'Sind Sie sicher?';
 $_['delete_msg_01'] = 'Gelöschte Datei:';
@@ -208,11 +207,11 @@
 $_['edit_caution_01']  = 'ACHTUNG ';
 $_['edit_caution_02']  = ' Sie bearbeiten gerade die aktive Version von OneFileCMS - Sichern Sie den Code und seien Sie vorsichtig !!';
 $_['time_out_txt']     = 'Automatischer Sitzungsstopp in:';
+$_['error_reporting_01'] = 'Anzeigen von Fehlern ist';
 
-$_['error_reporting_01'] = 'Anzeigen von Fehlern ist'; 
-$_['error_reporting_02'] = 'Loggen von Fehlern ist';   
-$_['error_reporting_03'] = 'Fehlerberichterstattung';  
-$_['error_reporting_04'] = 'Anzeigen der Fehlertypen'; 
+$_['error_reporting_02'] = 'Loggen von Fehlern ist';
+$_['error_reporting_03'] = 'Fehlerberichterstattung';
+$_['error_reporting_04'] = 'Anzeigen der Fehlertypen';
 $_['error_reporting_05'] = 'Unerwartete frühzeitige Ausgabe';
 $_['error_reporting_06'] = '(Nicht einmal Leerzeichen hätten ausgegeben werden sollen)';
 
@@ -224,9 +223,9 @@
 $_['admin_txt_14'] = 'Eine weitere, kleine Sicherheitsvorkehrung wäre, das Salz oder die Methode für die Streuwertgenerierung von OneFileCMS zu ändern.';
 $_['admin_txt_16'] = 'Sie können auch OneFileCMS selbst bearbeiten.  Legen Sie aber sicherheitshalber eine Kopie an, falls es zu einem unerwünschten Schreibfehler kommt...';
 
-$_['pw_change']  = 'Passwort ändern';     
-$_['pw_current'] = 'Aktuelles Passwort';   
-$_['pw_new']     = 'Neues Passwort';       
+$_['pw_change']  = 'Passwort ändern';
+$_['pw_current'] = 'Aktuelles Passwort';
+$_['pw_new']     = 'Neues Passwort';
 $_['pw_confirm'] = 'Bestätigen Sie das neue Password';
 
 $_['pw_txt_02'] = 'Regeln für Passwort / Benutzername:';
@@ -237,18 +236,18 @@
 $_['pw_txt_12'] = 'Nur die aktive Kopie von OneFileCMS wird aktualisiert - es werden keine externen Konfigurationsdateien geändert.';
 $_['pw_txt_14'] = 'Wird ein ungültiges Passwort eingegeben, werden Sie abgemeldet. Sie können sich anschließend neu anmelden.';
 
-$_['change_pw_01'] = 'Passwort wurde geändert!';                      
-$_['change_pw_02'] = 'Passwort wurde nicht geändert:';                
+$_['change_pw_01'] = 'Passwort wurde geändert!';
+$_['change_pw_02'] = 'Passwort wurde nicht geändert:';
 $_['change_pw_03'] = 'Falsches (derzeitiges) Passwort. Bitte melden Sie sich an, um es erneut zu versuchen.';
 $_['change_pw_04'] = 'Die Werte der Felder "Neu" und "Bestätigen" gleichen sich nicht.';
-$_['change_pw_05'] = 'Updating';                //## NT ##
-$_['change_pw_06'] = 'external config file';    //## NT ##
+$_['change_pw_05'] = 'Updating';                                        //## NT ##
+$_['change_pw_06'] = 'external config file';                            //## NT ##
 
-$_['un_change']     = 'Benutzername ändern';                 
-$_['un_new']        = 'Neuer Benutzername';                   
+$_['un_change']     = 'Benutzername ändern';
+$_['un_new']        = 'Neuer Benutzername';
 $_['un_confirm']    = 'Bestätigen Sie den neuen Benutzernamen';
-$_['change_un_01']  = 'Benutzername wurde geändert!';        
-$_['change_un_02']  = 'Benutzername wurde nicht geändert:';  
+$_['change_un_01']  = 'Benutzername wurde geändert!';
+$_['change_un_02']  = 'Benutzername wurde nicht geändert:';
 $_['update_failed'] = 'Aktualisierung fehlgeschlagen - die Datei konnte nicht gespeichert werden.';
 $_['mcd_msg_01']    = 'files moved successfully.';             //## NT ##
 $_['mcd_msg_02']    = 'files copied successfully.';            //## NT ##
diff --git a/OneFileCMS.LANG.EN.php b/OneFileCMS.LANG.EN.php
index 381ca6e..7afe035 100755
--- a/OneFileCMS.LANG.EN.php
+++ b/OneFileCMS.LANG.EN.php
@@ -1,5 +1,5 @@
 <?php
-// OneFileCMS Language Settings v3.4.04
+// OneFileCMS Language Settings v3.4.05
 
 $_['LANGUAGE'] = 'English'; //EN
 $_['LANG'] = 'EN';
@@ -24,7 +24,7 @@
 $_['image_info_font_size']  = '1em';    //show_img_msg_01  &  _02
 $_['image_info_pos']        = '';       //If 1 or true, moves the info down a line for more space.
 $_['select_all_label_size'] = '.84em';  //Font size of $_['Select_All']
-$_['select_all_div_width']  = '73px';   //Width of space for $_['Select_All']
+$_['select_all_div_width']  = '71px';   //Width of space for $_['Select_All']
 
 $_['R'] = 'R'; //R ename
 $_['C'] = 'C'; //C opy
@@ -148,14 +148,13 @@
 $_['edit_msg_02'] = 'bytes written.';
 $_['edit_msg_03'] = 'There was an error saving file.';
 
-$_['upload_txt_01']  = 'per upload_max_filesize in php.ini.';
-$_['upload_txt_02']  = 'per post_max_size in php.ini';
-$_['upload_txt_03']  = 'Note: Maximum upload file size is:';
+$_['upload_txt_03']  = 'Maximum size of each file:'; //#####
+$_['upload_txt_01']  = '(per upload_max_filesize in php.ini)'; //#####
+$_['upload_txt_04']  = 'Maximum total upload size:'; //#####
+$_['upload_txt_02']  = '(per post_max_size in php.ini)'; //#####
 
-$_['upload_err_01a'] = 'Error 1: File too large.';
-$_['upload_err_01b'] = '(From php.ini)';
-$_['upload_err_02a'] = 'Error 2: File too large.';
-$_['upload_err_02b'] = '(From OneFileCMS)';
+$_['upload_err_01']  = 'Error 1: File too large. From php.ini:'; //#####
+$_['upload_err_02']  = 'Error 2: File too large. (MAX_FILE_SIZE HTML form element)'; //#####
 $_['upload_err_03']  = 'Error 3: The uploaded file was only partially uploaded.';
 $_['upload_err_04']  = 'Error 4: No file was uploaded.';
 $_['upload_err_05']  = 'Error 5:';
@@ -180,12 +179,12 @@
 $_['new_file_msg_07'] = 'Created folder:'; //#####
 
 $_['CRM_txt_02']  = 'The new location must already exist.';
-$_['CRM_txt_03']  = 'Old name and location'; //#####
-$_['CRM_txt_04']  = 'New name';
+$_['CRM_txt_03']  = 'Old Name and Location'; //#####
+$_['CRM_txt_04']  = 'New Name';
 $_['CRM_msg_01']  = 'Error - new parent location does not exist:';
 $_['CRM_msg_02']  = 'Error - source file does not exist:';
 $_['CRM_msg_03']  = 'Error - new file or folder already exists:'; //#####
-$_['CRM_msg_05a'] = 'Error during';
+$_['CRM_msg_05']  = 'Error during';
 
 $_['delete_txt_01'] = 'Are you sure?';
 $_['delete_msg_01'] = 'Deleted file:';
@@ -208,8 +207,8 @@
 $_['edit_caution_01']  = 'CAUTION';
 $_['edit_caution_02']  = 'You are editing the active copy of OneFileCMS - BACK IT UP & BE CAREFUL !!';
 $_['time_out_txt']     = 'Session time out in:';
-
 $_['error_reporting_01'] = 'Display errors is';
+
 $_['error_reporting_02'] = 'Log errors is';
 $_['error_reporting_03'] = 'Error reporting is set to';
 $_['error_reporting_04'] = 'Showing error types';
diff --git a/OneFileCMS.LANG.ES.php b/OneFileCMS.LANG.ES.php
index 8a16f98..bc95bca 100755
--- a/OneFileCMS.LANG.ES.php
+++ b/OneFileCMS.LANG.ES.php
@@ -1,5 +1,5 @@
 <?php
-// OneFileCMS Language Settings v3.4.04
+// OneFileCMS Language Settings v3.4.05
 
 $_['LANGUAGE'] = 'Espanõla';
 $_['LANG'] = 'ES';
@@ -17,9 +17,9 @@
 // So, a smaller font or less spacing may be desirable in those places to preserve page layout.
 //
 $_['front_links_font_size'] = '1em';    //Buttons on Index page.
-$_['front_links_margin_R']  = '.5em';  
+$_['front_links_margin_R']  = '.5em';
 $_['button_font_size']      = '.9em';   //Buttons on Edit page.
-$_['button_margin_L']       = '.4em';  
+$_['button_margin_L']       = '.4em';
 $_['button_padding']        = '4px 5px';
 $_['image_info_font_size']  = '.95em';  //show_img_msg_01  &  _02
 $_['image_info_pos']        = ' ';      //If 1 or true, moves the info down a line for more space.
@@ -32,44 +32,44 @@
 
 $_['Admin']   = 'Administrador';
 $_['Cancel']  = 'Cancelar';
-$_['Close']   = 'Cerrar'; 
-$_['Copy']    = 'Copiar'; 
+$_['Close']   = 'Cerrar';
+$_['Copy']    = 'Copiar';
 $_['Copied']  = 'Copiado';
-$_['Create']  = 'Crear';  
+$_['Create']  = 'Crear';
 $_['Delete']  = 'Eliminar';
 $_['DELETE']  = 'ELIMINAR';
 $_['Deleted'] = 'Deleted'; //## NT ##
-$_['Edit']    = 'Editar'; 
-$_['Enter']   = 'Entrar'; 
+$_['Edit']    = 'Editar';
+$_['Enter']   = 'Entrar';
 $_['Error']   = 'Error';   //## NT ##
 $_['errors']  = 'errors';  //## NT ##
 $_['File']    = 'Archivo';
 $_['Folder']  = 'Carpeta';
 $_['From']    = 'From';    //## NT ##
-$_['Hash']    = 'Cadena'; 
-$_['Move']    = 'Mover';  
-$_['Moved']   = 'Movido'; 
+$_['Hash']    = 'Cadena';
+$_['Move']    = 'Mover';
+$_['Moved']   = 'Movido';
 $_['on']      = 'activado';
 $_['bytes']   = 'bytes';
 
 $_['Password']   = 'Password';   //## NT ##
-$_['Rename']     = 'Renombrar'; 
+$_['Rename']     = 'Renombrar';
 $_['successful'] = 'successful'; //## NT ##
 $_['To']         = 'To';         //## NT ##
-$_['Upload']     = 'Subir';     
+$_['Upload']     = 'Subir';
 $_['Username']   = 'Username';   //## NT ##
 $_['Log_In']     = 'Iniciar Sesión';
 $_['Log_Out']    = 'Cerrar Sesión';
 
 $_['Admin_Options']  = 'Administration Options'; //## NT ##
 $_['Edit_View']      = 'Edit / View File';    //## NT ##
-$_['Upload_File']    = 'Subir Archivo';      
-$_['New_File']       = 'Archivo Nuevo';      
-$_['Ren_Move']       = 'Renombrar / Mover';  
-$_['Ren_Moved']      = 'Renombrado/Movido';  
-$_['New_Folder']     = 'Carpeta Nueva';      
+$_['Upload_File']    = 'Subir Archivo';
+$_['New_File']       = 'Archivo Nuevo';
+$_['Ren_Move']       = 'Renombrar / Mover';
+$_['Ren_Moved']      = 'Renombrado/Movido';
+$_['New_Folder']     = 'Carpeta Nueva';
 $_['Ren_Folder']     = 'Renombrar / Mover Carpeta';
-$_['Del_Folder']     = 'Borrar Carpeta';     
+$_['Del_Folder']     = 'Borrar Carpeta';
 $_['Submit']         = 'Submit Request';      //## NT ##
 $_['Move_Files']     = 'Move File(s)';        //## NT ##
 $_['Copy_Files']     = 'Copy File(s)';        //## NT ##
@@ -82,7 +82,7 @@
 $_['No_action']      = 'No action selected.'; //## NT ##
 $_['Not_found']      = 'Not found';           //## NT ##
 $_['pass_to_hash']   = 'Contraseña para calcular el hash:';
-$_['Generate_Hash']  = 'Generar Cadena';     
+$_['Generate_Hash']  = 'Generar Cadena';
 
 $_['save_1']      = 'Guardar';
 $_['save_2']      = '¡GUARDAR CAMBIOS!';
@@ -148,14 +148,13 @@
 $_['edit_msg_02'] = 'bytes escritos.';
 $_['edit_msg_03'] = 'Ocurrió un error guardando el archivo.';
 
+$_['upload_txt_03']  = 'Nota: El tamaño máximo de subida es de:';
 $_['upload_txt_01']  = 'por upload_max_filesize en php.ini.';
+$_['upload_txt_04']  = 'Maximum total upload size:'; //## NT ##
 $_['upload_txt_02']  = 'por post_max_size en php.ini';
-$_['upload_txt_03']  = 'Nota: El tamaño máximo de subida es de:';
 
-$_['upload_err_01a'] = 'Error 1: Archivo muy largo.';
-$_['upload_err_01b'] = '(Desde php.ini)';
-$_['upload_err_02a'] = 'Error 2: Archivo muy largo.';
-$_['upload_err_02b'] = '(Desde OneFileCMS)';
+$_['upload_err_01']  = 'Error 1: File too large. From php.ini:'; //## NT ##
+$_['upload_err_02']  = 'Error 2: File too large. (MAX_FILE_SIZE HTML form element)'; //## NT ##
 $_['upload_err_03']  = 'Error 3: El archivo se subió sólo parcialmente.';
 $_['upload_err_04']  = 'Error 4: No se subió ningún archivo.';
 $_['upload_err_05']  = 'Error 5: ';
@@ -208,8 +207,8 @@
 $_['edit_caution_01']  = 'PRECAUCIÓN';
 $_['edit_caution_02']  = 'Estás editando la copia activa de OneFileCMS - ¡HACÉ UNA COPIA DE SEGURIDAD Y TENÉ CUIDADO!';
 $_['time_out_txt']     = 'Tiempo de Espera de Sesión Agotado:';
+$_['error_reporting_01'] = 'Display errors is'; //## NT ##
 
-$_['error_reporting_01'] = 'Display errors is';         //## NT ##
 $_['error_reporting_02'] = 'Log errors is';             //## NT ##
 $_['error_reporting_03'] = 'Error reporting is set to'; //## NT ##
 $_['error_reporting_04'] = 'Showing error types';       //## NT ##
diff --git a/OneFileCMS_structure.txt b/OneFileCMS_structure.txt
index ca0a504..0358dc6 100755
--- a/OneFileCMS_structure.txt
+++ b/OneFileCMS_structure.txt
@@ -1,4 +1,4 @@
-OneFileCMS Version 3.4.04 structure/layout
+OneFileCMS Version 3.4.05 structure/layout
 
 LICENSE
 
@@ -32,7 +32,6 @@ MISC PAGE SECTIONS/FUNCTIONS
 	Current_Path_Header()
 	Page_Header()
 	message_box()
-	Upload_New_Rename_Delete_Links()
 	Cancel_Submit_Buttons()
 	show_image()
 	Timeout_Timer()
@@ -107,7 +106,6 @@ JAVASCRIPT & STYLESHEET FUNCTIONS:
 		Start_Countdown()
 		FileTimeStamp()
 		Select_All()
-		Submit_btn_style()
 		Confirm_ready()
 	Edit_Page_scripts()
 		Wide_View()
@@ -121,7 +119,7 @@ JAVASCRIPT & STYLESHEET FUNCTIONS:
 LOGIC TO DETERMINE PAGE ACTION
 	Load Default_Language()
 	If specified, load external language file
-	Verify good PHP version
+	Verify PHP version
 	Session_Startup()
 	Get_GET()
 	Init_Macros()
diff --git a/onefilecms.php b/onefilecms.php
index 1c03753..bdf7692 100755
--- a/onefilecms.php
+++ b/onefilecms.php
@@ -1,7 +1,7 @@
 <?php
 // OneFileCMS - github.com/Self-Evident/OneFileCMS
 
-$OFCMS_version = '3.4.4';
+$OFCMS_version = '3.4.05';
 
 /*******************************************************************************
 Copyright © 2009-2012 https://github.com/rocktronica
@@ -70,6 +70,9 @@
 $MAX_EDIT_SIZE = 150000;  // Edit gets flaky with large files in some browsers.  Trial and error your's.
 $MAX_VIEW_SIZE = 1000000; // If file > $MAX_EDIT_SIZE, don't even view in OneFileCMS.
                           // The default max view size is completely arbitrary. Basically, it was 2am and seemed like a good idea at the time.
+
+$UPLOAD_FIELDS = 4; //Number of upload fields on Upload File(s) page.
+
 $config_favicon   = "favicon.ico"; //Path is relative to root of website.
 $config_excluded  = ""; //files to exclude from directory listings- CaSe sEnsaTive!
 
@@ -94,7 +97,7 @@
 	// < ? php                    //(without the spaces around the ?, of course)
 	// $option1 = "value";
 	// etc...
-// End CONFIGURABLE INFO *******************************************************
+//end CONFIGURABLE INFO ********************************************************
 
 
 
@@ -143,6 +146,7 @@
 
 $INVALID_CHARS = '< > ? * : " | / \\'; //Illegal characters for file/folder names.
 $INVALID_CHARS_array = explode(' ', $INVALID_CHARS); // (Space deliminated)
+$WHSPC_SLASH = "\x00..\x20/";  //Whitespace & forward slash. For trimming name inputs.
 
 //Make arrays out of a few $config_variables for actual use later.
 //First, remove spaces and make lowercase.
@@ -155,16 +159,12 @@
 $fclasses = explode(',', strtolower(str_replace(' ', '', $config_fclass))); //for file types with icons
 $excluded_list = (explode(",", $config_excluded));
 
-//*The parameter for the Select_All() and Confirm_ready() javascript functions
-// is the number of form elements before the first file select checkbox.
-// As of Version 3.3.18, that number is 7.
-$CHECKBOX_OFFSET = 7;
-//******************************************************************************
+//end System values & setup*****************************************************
 
 
 
 
-function hsc($input) { return htmlspecialchars($input, ENT_QUOTES, 'UTF-8'); }// end hsc() *********
+function hsc($input) { return htmlspecialchars($input, ENT_QUOTES, 'UTF-8'); }//end hsc() //********
 function hte($input) { return htmlentities($input, ENT_QUOTES, 'UTF-8'); }//end hte()***************
 
 
@@ -172,7 +172,7 @@ function hte($input) { return htmlentities($input, ENT_QUOTES, 'UTF-8'); }//end
 
 function Default_Language() { // ***********************************************
 	global $_;
-// OneFileCMS Language Settings v3.4.03
+// OneFileCMS Language Settings v3.4.05
 
 $_['LANGUAGE'] = 'English'; //EN
 $_['LANG'] = 'EN';
@@ -197,7 +197,7 @@ function Default_Language() { // ***********************************************
 $_['image_info_font_size']  = '1em';    //show_img_msg_01  &  _02
 $_['image_info_pos']        = '';       //If 1 or true, moves the info down a line for more space.
 $_['select_all_label_size'] = '.84em';  //Font size of $_['Select_All']
-$_['select_all_div_width']  = '73px';   //Width of space for $_['Select_All']
+$_['select_all_div_width']  = '71px';   //Width of space for $_['Select_All']
 $_['R'] = 'R'; //R ename
 $_['C'] = 'C'; //C opy
 $_['D'] = 'D'; //D elete
@@ -212,7 +212,7 @@ function Default_Language() { // ***********************************************
 $_['Deleted'] = 'Deleted';
 $_['Edit']    = 'Edit';
 $_['Enter']   = 'Enter';
-$_['Error']   = 'Error';   //#####
+$_['Error']   = 'Error';   //####
 $_['errors']  = 'errors';
 $_['File']    = 'File';
 $_['Folder']  = 'Folder';
@@ -221,7 +221,7 @@ function Default_Language() { // ***********************************************
 $_['Move']    = 'Move';
 $_['Moved']   = 'Moved';
 $_['on']      = 'on';
-$_['bytes']   = 'bytes';   //#####
+$_['bytes']   = 'bytes';   //####
 $_['Password']   = 'Password';
 $_['Rename']     = 'Rename';
 $_['successful'] = 'successful';
@@ -257,13 +257,13 @@ function Default_Language() { // ***********************************************
 $_['reset']       = 'Reset - loose changes';
 $_['Wide_View']   = 'Wide View';
 $_['Normal_View'] = 'Normal View';
-$_['Open_View']   = 'Open/View in browser window'; //#####
+$_['Open_View']   = 'Open/View in browser window'; //####
 $_['verify_msg_01']  = 'Session expired.';
 $_['verify_msg_02']  = 'INVALID POST';
 $_['get_get_msg_01']    = 'File does not exist:';
 $_['get_get_msg_02']    = 'Invalid page request:';
-$_['check_path_msg_02'] = 'dot" or "dot dot" path segments are not permitted.'; //#####
-$_['check_path_msg_03'] = 'Path or filename contains an invalid character:'; //#####
+$_['check_path_msg_02'] = 'dot" or "dot dot" path segments are not permitted.'; //####
+$_['check_path_msg_03'] = 'Path or filename contains an invalid character:'; //####
 $_['ord_msg_01']        = 'A file with that name already exists in the target directory.';
 $_['ord_msg_02']        = 'Saving as';
 $_['show_img_msg_01']   = 'Image shown at ~';
@@ -307,13 +307,12 @@ function Default_Language() { // ***********************************************
 $_['edit_msg_01'] = 'File saved:';
 $_['edit_msg_02'] = 'bytes written.';
 $_['edit_msg_03'] = 'There was an error saving file.';
-$_['upload_txt_01']  = 'per upload_max_filesize in php.ini.';
-$_['upload_txt_02']  = 'per post_max_size in php.ini';
-$_['upload_txt_03']  = 'Note: Maximum upload file size is:';
-$_['upload_err_01a'] = 'Error 1: File too large.';
-$_['upload_err_01b'] = '(From php.ini)';
-$_['upload_err_02a'] = 'Error 2: File too large.';
-$_['upload_err_02b'] = '(From OneFileCMS)';
+$_['upload_txt_03']  = 'Maximum size of each file:';             //####
+$_['upload_txt_01']  = '(per upload_max_filesize in php.ini)';   //####
+$_['upload_txt_04']  = 'Maximum total upload size:';             //####
+$_['upload_txt_02']  = '(per post_max_size in php.ini)';         //####
+$_['upload_err_01'] = 'Error 1: File too large. From php.ini:';  //####
+$_['upload_err_02'] = 'Error 2: File too large. (MAX_FILE_SIZE HTML form element)'; //####
 $_['upload_err_03']  = 'Error 3: The uploaded file was only partially uploaded.';
 $_['upload_err_04']  = 'Error 4: No file was uploaded.';
 $_['upload_err_05']  = 'Error 5:';
@@ -321,26 +320,26 @@ function Default_Language() { // ***********************************************
 $_['upload_err_07']  = 'Error 7: Failed to write file to disk.';
 $_['upload_err_08']  = 'Error 8: A PHP extension stopped the file upload.';
 $_['upload_msg_01'] = 'No file selected for upload.';
-$_['upload_msg_02'] = 'Destination folder invalid:'; //#####
+$_['upload_msg_02'] = 'Destination folder invalid:'; //####
 $_['upload_msg_03'] = 'Upload cancelled.';
 $_['upload_msg_04'] = 'Uploading:';
 $_['upload_msg_05'] = 'Upload successful!';
 $_['upload_msg_06'] = 'Upload failed:';
-$_['new_file_txt_01'] = 'File or Folder will be created in the current folder.'; //#####
+$_['new_file_txt_01'] = 'File or Folder will be created in the current folder.'; //####
 $_['new_file_txt_02'] = 'Some invalid characters are:';
-$_['new_file_msg_01'] = 'File or folder not created:'; //#####
-$_['new_file_msg_02'] = 'Name contains an invalid character:'; //#####
-$_['new_file_msg_03'] = 'Not created - no name given'; //#####
-$_['new_file_msg_04'] = 'File or folder already exists:'; //#####
+$_['new_file_msg_01'] = 'File or folder not created:';         //####
+$_['new_file_msg_02'] = 'Name contains an invalid character:'; //####
+$_['new_file_msg_03'] = 'Not created - no name given';         //####
+$_['new_file_msg_04'] = 'File or folder already exists:';      //####
 $_['new_file_msg_05'] = 'Created file:';
-$_['new_file_msg_07'] = 'Created folder:'; //#####
+$_['new_file_msg_07'] = 'Created folder:';   //####
 $_['CRM_txt_02']  = 'The new location must already exist.';
-$_['CRM_txt_03']  = 'Old Name and Location'; //#####
+$_['CRM_txt_03']  = 'Old Name and Location'; //####
 $_['CRM_txt_04']  = 'New Name';
 $_['CRM_msg_01']  = 'Error - new parent location does not exist:';
 $_['CRM_msg_02']  = 'Error - source file does not exist:';
-$_['CRM_msg_03']  = 'Error - new file or folder already exists:'; //#####
-$_['CRM_msg_05a'] = 'Error during';
+$_['CRM_msg_03']  = 'Error - new file or folder already exists:'; //####
+$_['CRM_msg_05'] = 'Error during';
 $_['delete_txt_01'] = 'Are you sure?';
 $_['delete_msg_01'] = 'Deleted file:';
 $_['delete_msg_02'] = 'Error deleting';
@@ -398,7 +397,7 @@ function Default_Language() { // ***********************************************
 $_['mcd_msg_01']    = 'files moved successfully.';
 $_['mcd_msg_02']    = 'files copied successfully.';
 $_['mcd_msg_03']    = 'files deleted successfully.';
-}//end Default_Language() ******************************************************
+}//end Default_Language() //****************************************************
 
 
 
@@ -431,7 +430,7 @@ function Session_Startup() { //*************************************************
 	$_SESSION['nuonce'] = sha1(mt_rand().microtime()); //provided in <forms> to verify POST
 		
 	chdir($_SERVER["DOCUMENT_ROOT"]); //Allow OneFileCMS.php to be started from any dir on the site.
-}//end Session_Startup() *******************************************************
+}//end Session_Startup() //*****************************************************
 
 
 
@@ -475,7 +474,7 @@ function hashit($key){ //*******************************************************
 	$hash = hash('sha256', trim($key).$SALT); // trim off leading & trailing whitespace.
 	for ( $x=0; $x < 10000; $x++ ) { $hash = hash('sha256', $hash.$SALT); }
 	return $hash;
-}//end hashit() ****************************************************************
+}//end hashit() //**************************************************************
 
 
 
@@ -563,7 +562,7 @@ function Update_Recent_Pages() { //*********************************************
 	//Reverse order so index [0] is the current page
 	$_SESSION['recent_pages'] = array_reverse($_SESSION['recent_pages']);
 
-}//end Update_Recent_Pages() ***************************************************
+}//end Update_Recent_Pages() //*************************************************
 
 
 
@@ -580,7 +579,7 @@ function strip_array($var) {
 		if (isset($_POST))   { $_POST    = strip_array($_POST);   }
 		if (isset($_COOKIE)) { $_COOKIE  = strip_array($_COOKIE); }
 	}
-}//end undo_magic_quotes() *****************************************************
+}//end undo_magic_quotes() //***************************************************
 
 
 
@@ -625,7 +624,7 @@ function Get_GET() { //*** Get main parameters *********************************
 	$param1 = '?i='.URLencode_path($ipath); //$param1 must not be blank.
 	if ($filename == "") { $param2 = ""; } else { $param2 = '&amp;f='.rawurlencode(basename($filename)); }
 	if ($page == ""    ) { $param3 = ""; } else { $param3 = '&amp;p='.$page; }
-}//end Get_GET()****************************************************************
+}//end Get_GET() //*************************************************************
 
 
 
@@ -660,17 +659,11 @@ function Verify_page_conditions() { //******************************************
 		$message .= $EX.'<b>'.hsc($_['delete_folder_msg_01']).'</b><br>';
 		$page = "index";
 	}
-	//If page reloaded, or malicious page load...
-	elseif ($page == "mcdaction" && !$VALID_POST ){
-		$_POST = "";
-		$page = "index";
-	}
+	//There must be at least one 'file', and 'mcdaction' must = "move", "copy", or "delete"
 	elseif ($page == "mcdaction") {
-		//There must be at least one 'file', and 'action' must = "move", "copy", or "delete"
-		if     (!isset($_POST['mcdselect'] )) { $page = "index"; }
+		if     (!isset($_POST['mcdaction'] )) { $page = "index"; }
 		elseif (!isset($_POST['files']) )     { $page = "index"; }
-		elseif (!isset($_POST['action']))     { $page = "index"; }
-		elseif ( ($_POST['action'] != "move") && ($_POST['action'] != "copy") && ($_POST['action'] != "delete") ) {
+		elseif ( ($_POST['mcdaction'] != "move") && ($_POST['mcdaction'] != "copy") && ($_POST['mcdaction'] != "delete") ) {
 			$page = "index";
 		}
 	}
@@ -709,7 +702,7 @@ function URLencode_path($path){ // don't encode the forward slashes ************
 	foreach ($path_array as $level) { $path .= rawurlencode($level).'/'; }
 	$path = rtrim($path,'/').$TS;  //end with $TS only if started with one
 	return $path;
-}//end URLencode_path($path) ***************************************************
+}//end URLencode_path() //******************************************************
 
 
 
@@ -727,12 +720,12 @@ function dir_name($path){ //****************************************************
 function Check_path($path, $show_msg = false) { //******************************
 	// check for invalid characters & "dot" or "dot dot" path segments.
 	// Does NOT check if exists - only if of valid construction.
-	global  $_, $WEB_ROOT, $message, $EX, $INVALID_CHARS;
+	global  $_, $WEB_ROOT, $message, $EX, $INVALID_CHARS, $WHSPC_SLASH;
 
 	if ($path === false) {return false;}
 
 	$path = str_replace('\\','/',$path);   //Make sure all forward slashes.
-	$path = trim($path,"\x00..\x20/");     // trim whitespace & slashes
+	$path = trim($path, $WHSPC_SLASH);     // trim whitespace & slashes
 
 	if ( ($path == "") || ($path == ".") ){ return ""; } // At root.
 
@@ -766,7 +759,7 @@ function Check_path($path, $show_msg = false) { //******************************
 	}
 
 	return $path.'/';
-}//end Check_path() ************************************************************
+}//end Check_path() //**********************************************************
 
 
 
@@ -802,7 +795,7 @@ function ordinalize($destination,$filename, &$msg) { //*************************
 		$msg .= '<b>'.hsc($_['ord_msg_02']).':</b> <span class="filename">'.hte(basename($savefile)).'</span>';
 	}
 	return $savefile;
-}//end ordinalize() filename ***************************************************
+}//end ordinalize() //**********************************************************
 
 
 
@@ -818,7 +811,7 @@ function supports_svg() { //****************************************************
 		$old_ie = ( $ie_ver < 9 );
 	}
 	return !$old_ie;
-}//end supports_svg ************************************************************
+}//end supports_svg() //********************************************************
 
 
 
@@ -865,7 +858,7 @@ function Page_Header(){ //******************************************************
 		<?php echo $OFCMS_version.' ('.hsc($_['on']).'&nbsp;php&nbsp;'.phpversion().')'; ?>
 
 		<div class="nav">
-			<a href="/" target="_blank"><?php echo $favicon ?>&nbsp;
+			<a href="/" target="_blank"><?php echo $favicon ?>
 			<b><?php echo hte($WEBSITE) ?></b></a>
 			<?php if ($page != "login") { ?>
 			| <a href="<?php echo $ONESCRIPT ?>?p=logout"><?php echo hsc($_['Log_Out']) ?></a>
@@ -873,7 +866,7 @@ function Page_Header(){ //******************************************************
 		</div><div class=clear></div>
 	</div><!-- end header -->
 <?php
-}//end Page_Header(){ **********************************************************
+}//end Page_Header() //*********************************************************
 
 
 
@@ -887,34 +880,18 @@ function message_box() { //*****************************************************
 	
 	if (isset($message) && (strlen($message) > 0)) {
 ?>
-		<div id="message_box"><!--===============================-->
+		<div id="message_box">
 			<?php echo $X_box ?>
 			<div id="message_box_contents"><?php echo $message ?></div>
-		</div><!--End message_box-===============================-->
+		</div><!--End message_box-->
 
 		<script>document.getElementById("X_box").focus();</script>
 <?php
 	}else { // Needed on some pages to keep js feedback from failing
 		echo '<div id="message_box"></div>';
-	} //end isset($message)
-
-}//end message_box()  **********************************************************
-
-
+	}//end isset($message)
 
-
-function Upload_New_Rename_Delete_Links() { //**********************************
-	global $_, $ONESCRIPT, $ipath, $param1;
-	echo '<p class="front_links">';
-	echo '<a href="'.$ONESCRIPT.$param1.'&amp;p=upload">'   .svg_icon_upload()    .hsc($_['Upload_File']).'</a>';
-	echo '<a href="'.$ONESCRIPT.$param1.'&amp;p=newfile">'  .svg_icon_file_new()  .hsc($_['New_File'])   .'</a>';
-	echo '<a href="'.$ONESCRIPT.$param1.'&amp;p=newfolder">'.svg_icon_folder_new().hsc($_['New_Folder']) .'</a>';
-	if ($ipath !== "") { //if at root, don't show Rename & Delete links
-		echo '<a href="'.$ONESCRIPT.$param1.'&amp;p=renamefolder">'.svg_icon_folder_ren().hsc($_['Ren_Folder']).'</a>';
-		echo '<a href="'.$ONESCRIPT.$param1.'&amp;p=deletefolder">'.svg_icon_folder_del().hsc($_['Del_Folder']).'</a>';
-	}
-	echo '</p>';
-}//end Upload_New_Rename_Delete_Links()  ***************************************
+}//end message_box() //*********************************************************
 
 
 
@@ -934,7 +911,7 @@ function Cancel_Submit_Buttons($submit_label, $focus) { //**********************
 	if ($focus != ""){ echo '<script>document.getElementById("'.$focus.'").focus();</script>'; }
 
 	//Do not close the <p> tag yet/here. Leave it open for potential content on individual pages.
-}// End Cancel_Submit_Buttons() //**********************************************
+}//end Cancel_Submit_Buttons() //***********************************************
 
 
 
@@ -963,7 +940,7 @@ function show_image(){ //*******************************************************
 	echo '<div class=clear></div>'.PHP_EOL;
 	echo '<a href="/' .URLencode_path($IMG). '" target="_blank">'.PHP_EOL;
 	echo '<img src="/'.URLencode_path($IMG).'"  height="'.($img_info[$H] * $SCALE).'"></a>'.PHP_EOL;
-}// end show_image() ***********************************************************
+}//end show_image() //**********************************************************
 
 
 
@@ -974,7 +951,7 @@ function Timeout_Timer($COUNT, $ID, $CLASS="", $ACTION="") { //*****************
 			'Start_Countdown('.$COUNT.', "'.$ID.'", "'.$CLASS.'", "'.$ACTION.'");'.
 			'</script>';
 
-} //end Timeout_Timer() ********************************************************
+}//end Timeout_Timer() //*******************************************************
 
 
 
@@ -1013,7 +990,7 @@ function Init_Macros(){ //*** ($varibale="some reusable chunk of code")*********
 	<rect x="2"    y="2"   width="5"  height="5"  fill="#F66" stroke-width="0" />
 	<rect x="7.5"  y="6"   width="5"  height="5"  fill="#6F6" stroke-width="0" />
 	<rect x="2"    y="10"  width="5"  height="5"  fill="#66F" stroke-width="0" />';
-}//end Init_Macros() ***********************************************************
+}//end Init_Macros() //*********************************************************
 
 
 
@@ -1025,7 +1002,7 @@ function svg_icon_ren(){ //*****************************************************
 	$sheet  = svg_icon_txt_0('#333', '#000', '#FFF', $pencil);
 	
 	return '<svg class="icon2" xmlns="http://www.w3.org/2000/svg" version="1.1" width="16" height="16">'.$sheet.$pencil.'</svg>';
-} //end svg_icon_ren() *********************************************************
+}//end svg_icon_ren() //********************************************************
 
 
 
@@ -1036,7 +1013,7 @@ function svg_icon_copy(){ //****************************************************
 	return '<svg class="icon2" xmlns="http://www.w3.org/2000/svg" version="1.1" width="12" height="12">'.
 		'<g transform="translate( 1, 1)">'.$SVG_icon_circle_plus_rev.'</g></svg>';
 
-} //end svg_icon_copy() ********************************************************
+}//end svg_icon_copy() //*******************************************************
 
 
 
@@ -1047,7 +1024,7 @@ function svg_icon_del(){ //*****************************************************
 	return '<svg class="icon2" xmlns="http://www.w3.org/2000/svg" version="1.1" width="11" height="11">'.
 		'<g transform="translate( .5, .5)">'.$SVG_icon_circle_x.'</g></svg>';
 
-} //end svg_icon_del() *********************************************************
+}//end svg_icon_del() //********************************************************
 
 
 
@@ -1065,7 +1042,7 @@ function svg_icon_bin(){ //*****************************************************
 		<g transform="translate( 6.5,9.5)">'.$one .'</g>
 		<g transform="translate( 9.5,9.5)">'.$zero.'</g>
 		</svg>';
-} //end svg_icon_bin() *********************************************************
+}//end svg_icon_bin() //********************************************************
 
 
 
@@ -1073,7 +1050,7 @@ function svg_icon_img(){ //*****************************************************
 	global $SVG_icon_img_0;
 	return '<svg class="icon icon_file" xmlns="http://www.w3.org/2000/svg" version="1.1" width="14" height="16">'.
 		$SVG_icon_img_0.'</svg>';
-} //end svg_icon_img() *********************************************************
+}//end svg_icon_img() //********************************************************
 
 
 
@@ -1086,7 +1063,7 @@ function svg_icon_svg(){ //*****************************************************
 	<line x1="3" y1="9.5"  x2="11" y2="9.5"  stroke="#444" stroke-width=".6"/>
 	<line x1="3" y1="12.5" x2="11" y2="12.5" stroke="#444" stroke-width=".6"/>
 	</svg>';
-} //end svg_icon_img() *********************************************************
+}//end svg_icon_img() //********************************************************
 
 
 
@@ -1097,7 +1074,7 @@ function svg_icon_txt_0($border, $lines, $fill, $extra = ""){ //****************
 	<line x1="3" y1="6.5"  x2="11" y2="6.5"  stroke="'.$lines.'" stroke-width=".6"/>
 	<line x1="3" y1="9.5"  x2="11" y2="9.5"  stroke="'.$lines.'" stroke-width=".6"/>
 	<line x1="3" y1="12.5" x2="11" y2="12.5" stroke="'.$lines.'" stroke-width=".6"/>'.$extra.'</svg>';
-} //end svg_icon_txt_0() *******************************************************
+}//end svg_icon_txt_0() //******************************************************
 
 
 
@@ -1119,7 +1096,7 @@ function svg_icon_upload(){ //**************************************************
 		stroke-width="1" stroke="white" fill="green" /></g>'; //up arrow
 
 	return svg_icon_txt_0('#333', 'black', 'white', $extra);
-} //end svg_icon_upload() ******************************************************
+}//end svg_icon_upload() //*****************************************************
 
 
 
@@ -1128,7 +1105,7 @@ function svg_icon_file_new(){ //************************************************
 	$extra = '<g transform="translate(4,6)">'.$SVG_icon_circle_plus.'</g>';
 
 	return svg_icon_txt_0('#444', 'black', 'white', $extra);
-} //end svg_icon_file_new() ****************************************************
+}//end svg_icon_file_new() //***************************************************
 
 
 
@@ -1137,7 +1114,7 @@ function svg_icon_file_del(){ //************************************************
 	$extra = '<g transform="translate(4,6)">'.$SVG_icon_circle_x.'</g>';
 
 	return svg_icon_txt_0('#444', 'black', 'white', $extra);
-} //end svg_icon_file_del() ****************************************************
+}//end svg_icon_file_del() //***************************************************
 
 
 
@@ -1153,7 +1130,7 @@ function svg_icon_folder_0($extra = ""){ //*************************************
 	$extra.'
 	</svg>';
 
-} //end svg_icon_folder_0() ****************************************************
+}//end svg_icon_folder_0() //***************************************************
 
 
 
@@ -1165,7 +1142,7 @@ function svg_icon_folder_new(){ //**********************************************
 	global $SVG_icon_circle_plus;
 	$extra = '<g transform="translate(7.5,4)">'.$SVG_icon_circle_plus.'</g>';
 	return svg_icon_folder_0($extra);
-} //end svg_icon_folder_new() **************************************************
+}//end svg_icon_folder_new() //*************************************************
 
 
 
@@ -1173,7 +1150,7 @@ function svg_icon_folder_ren(){ //**********************************************
 	global $SVG_icon_pencil;
 	$extra = '<g transform="translate(6,3)">'.$SVG_icon_pencil.'</g>';
 	return svg_icon_folder_0($extra);
-} //end svg_icon_folder_ren() **************************************************
+}//end svg_icon_folder_ren() //*************************************************
 
 
 
@@ -1181,7 +1158,7 @@ function svg_icon_folder_del(){ //**********************************************
 	global $SVG_icon_circle_x;
 	$extra = '<g transform="translate(7.5,4)">'.$SVG_icon_circle_x.'</g>';
 	return svg_icon_folder_0($extra);
-} //end svg_icon_folder_del() **************************************************
+}//end svg_icon_folder_del() //*************************************************
 
 
 
@@ -1196,7 +1173,7 @@ function show_icon($type){ //***************************************************
 	elseif ($type == 'css') { return svg_icon_css(); }
 	elseif ($type == 'cfg') { return svg_icon_cfg(); }
 	else                    { return svg_icon_bin(); } //default
-}//end show_icon() *************************************************************
+}//end show_icon() //***********************************************************
 
 
 
@@ -1223,7 +1200,7 @@ function List_Backup($file, $file_url){ //**************************************
 		<a href="<?php echo $href.'&amp;p=delete' ?>" class="button" id="del_backup"><?php echo hsc($_['Delete']) ?></a>
 		<div style="clear: both"></div>
 <?php
-}//end List_Backup() ***********************************************************
+}//end List_Backup() //*********************************************************
 
 
 
@@ -1266,13 +1243,13 @@ function Admin_Page() { //******************************************************
 	<div class="info">
 
 	<?php //Check for & indicate if backups exists from a prior p/w or u/n change.
+	clearstatcache ();
 	if (is_file($ONESCRIPT_file_backup) || is_file($CONFIG_file_backup) ) {
-		clearstatcache ();
 		
 		echo '<p><b>'.hsc($_['admin_txt_00']).'</b></p>';
 		
 		if (is_file($ONESCRIPT_file_backup)) { List_Backup($ONESCRIPT_file_backup, $ONESCRIPT_url_backup); }
-
+		
 		if (is_file($CONFIG_file_backup))    { List_Backup($CONFIG_file_backup, $CONFIG_url_backup); }
 		
 		echo '<p>'.hsc($_['admin_txt_01']);
@@ -1291,7 +1268,7 @@ function Admin_Page() { //******************************************************
 	<p><?php echo hsc($_['admin_txt_16']) ?>
 	</div>
 <?php
-}//end Admin_Page() ************************************************************
+}//end Admin_Page() //**********************************************************
 
 
 
@@ -1325,7 +1302,7 @@ function Hash_Page() { //*******************************************************
 	<?php echo $PWUN_RULES ?>
 	</div>
 <?php
-} //end Hash_Page() ************************************************************
+}//end Hash_Page() //***********************************************************
 
 
 
@@ -1339,7 +1316,7 @@ function Hash_response() { //***************************************************
 
 	$message .= hsc($_['Password']).': '.hsc($_POST['whattohash']).'<br>';
 	$message .= hsc($_['Hash']).': '.hashit($_POST["whattohash"]).'<br>';
-} //end Hash_response() ********************************************************
+}//end Hash_response() //*******************************************************
 
 
 
@@ -1387,7 +1364,7 @@ function Change_PWUN_Page($config_key) { //*************************************
 	<p><?php echo hsc($_['pw_txt_14']) ?>
 	</div>
 <?php
-} //end Change_PWUN_Page() *****************************************************
+}//end Change_PWUN_Page() //****************************************************
 
 
 
@@ -1427,7 +1404,7 @@ function Update_config($search_for, $replace_with, $search_file, $backup_file) {
 	$updated_contents = implode("\n", $search_lines);
 
 	return file_put_contents($search_file, $updated_contents);
-}//end Update_config() *********************************************************
+}//end Update_config() //*******************************************************
 
 
 
@@ -1506,7 +1483,7 @@ function Logout() { //**********************************************************
 	unset($_POST);
 	$_SESSION['valid'] = 0;
 	$page = 'login';
-}//end Logout() ****************************************************************
+}//end Logout() //**************************************************************
 
 
 
@@ -1524,7 +1501,7 @@ function Login_Page() { //******************************************************
 	</form>
 	<script>document.getElementById('username').focus();</script>
 <?php
-} //end Login_Page() ***********************************************************
+}//end Login_Page() //**********************************************************
 
 
 
@@ -1584,9 +1561,10 @@ function Login_response() { //**************************************************
 function Table_of_Files($files, $R, $C, $D) { //********************************
 	global $_, $ONESCRIPT, $ipath, $param1, $ftypes, $fclasses, $excluded_list, $stypes, $SHOWALLFILES;
 
-	echo '<table class="index_T">';
+	//dummy input to make sure files[] is always an array in js for Select_All() & Confirm_Ready().
+	echo '<INPUT TYPE=hidden NAME="files[]" VALUE="">';
 
-	$X = 1; //index for list of checkboxes;
+	echo '<table class="index_T">';
 	foreach ($files as $file) {
 		
 		$excluded = FALSE;
@@ -1624,7 +1602,7 @@ function Table_of_Files($files, $R, $C, $D) { //********************************
 				</td>
 				<td class="ckbox">
 				<?php if (!$IS_OFCMS){
-					echo '<INPUT TYPE=checkbox NAME="files['.($X++).']" VALUE="'.hsc($file).'">';
+					echo '<INPUT TYPE=checkbox NAME="files[]" VALUE="'.hsc($file).'">';
 				} ?>
 				</td>
 				<td class="file_name">
@@ -1647,8 +1625,8 @@ function Table_of_Files($files, $R, $C, $D) { //********************************
 
 
 function List_Files() { //******************************************************
-//called from Index Page
-	global $_, $ONESCRIPT, $ipath, $param1, $ftypes, $fclasses, $excluded_list, $INPUT_NUONCE, $CHECKBOX_OFFSET;
+	//called from Index Page
+	global $_, $ONESCRIPT, $ipath, $param1, $ftypes, $fclasses, $excluded_list;
 
 	$files = scandir('./'.$ipath);
 	natcasesort($files);
@@ -1668,40 +1646,37 @@ function List_Files() { //******************************************************
 	}
 
 	echo '<form method="post" name="mcdselect" action="'.$ONESCRIPT.$param1.'&amp;p=mcdaction">';
-	echo $INPUT_NUONCE;
-	echo '<input type="hidden" name="mcdselect" value="mcdselect">';
+	echo '<input type="hidden" name="mcdaction" value="">';
 
 	echo '<div class="action">';
 
 	if (supports_svg()) { //Checks if IE < 9.
 		$select_all_attribs = 'TYPE=checkbox NAME=select_all id=select_all VALUE=select_all';
-		$select_all_input = '<INPUT '.$select_all_attribs.' onclick="Select_All('.$CHECKBOX_OFFSET.');">';
+		$select_all_input = '<INPUT '.$select_all_attribs.' onclick="Select_All();">';
 		echo '<div id=select_all_div><LABEL for=select_all id=select_all_label>'.$_['Select_All'].'</LABEL></div>'.$select_all_input;
 	}
 	
-	function input_mcd($mcd) {
-		return '<INPUT TYPE=radio NAME=action VALUE='.$mcd.' id='.$mcd.' onclick="Submit_btn_style(\''.$mcd.'\');">';
+	function input_mcd_action($label, $mcd, $icon="") {
+		$onclick = ' onclick="return Confirm_ready( \''.$mcd.'\' );"';
+		return ' <button TYPE=button class="mcd_submit" id='.$mcd.$onclick.'>'.$icon().' '.hsc($label).'</button>';
 	}
+
+	echo input_mcd_action($_['Move']  , 'move'  , 'svg_icon_ren' );
+	echo input_mcd_action($_['Copy']  , 'copy'  , 'svg_icon_copy');
+	echo input_mcd_action($_['Delete'], 'delete', 'svg_icon_del' );
 	
-	echo '<LABEL id=move_label>'  .hsc($_['Move'])  .' '.input_mcd('move').'</LABEL> ';
-	echo '<LABEL id=copy_label>'  .hsc($_['Copy'])  .' '.input_mcd('copy').'</LABEL> ';
-	echo '<LABEL id=delete_label>'.hsc($_['Delete']).' '.input_mcd('delete').'</LABEL> ';
-	
-	echo '<input type=submit id=mcd_submit class=button value="'.hsc($_['Selected_Files']).
-		'" onclick="return Confirm_ready('.$CHECKBOX_OFFSET.');">';
 	echo '</div>'; //end class=action
-	echo '<div class=clear></div>'; //clear select_all
 
 	Table_of_Files($files, $R, $C, $D);
 
 	echo '</form>';
-}//end List_Files() ************************************************************
+}//end List_Files() //**********************************************************
 
 
 
 
 function Index_Page(){ //*******************************************************
-	global $ONESCRIPT, $ipath;
+	global $_, $ONESCRIPT, $ipath, $param1;
 
 	//<!--==== List folders/sub-directores ====-->
 	echo '<p class="index_folders">';
@@ -1714,13 +1689,20 @@ function Index_Page(){ //*******************************************************
 		}
 	echo '</p>';
 
-	Upload_New_Rename_Delete_Links();
+	//Upload_New_Rename_Delete_Links
+	echo '<p class="front_links">';
+	echo '<a href="'.$ONESCRIPT.$param1.'&amp;p=upload">'   .svg_icon_upload()    .hsc($_['Upload_File']).'</a>';
+	echo '<a href="'.$ONESCRIPT.$param1.'&amp;p=newfile">'  .svg_icon_file_new()  .hsc($_['New_File'])   .'</a>';
+	echo '<a href="'.$ONESCRIPT.$param1.'&amp;p=newfolder">'.svg_icon_folder_new().hsc($_['New_Folder']) .'</a>';
+	if ($ipath !== "") { //if at root, don't show Rename & Delete links
+		echo '<a href="'.$ONESCRIPT.$param1.'&amp;p=renamefolder">'.svg_icon_folder_ren().hsc($_['Ren_Folder']).'</a>';
+		echo '<a href="'.$ONESCRIPT.$param1.'&amp;p=deletefolder">'.svg_icon_folder_del().hsc($_['Del_Folder']).'</a>';
+	}
+	echo '</p>';
 
 	List_Files();
 
-	Upload_New_Rename_Delete_Links();
-
-}//end Index_Page()*************************************************************
+}//end Index_Page() //**********************************************************
 
 
 
@@ -1744,9 +1726,7 @@ function Edit_Page_buttons_top($text_editable,$file_ENC){ //********************
 		</div>
 
 		<div class="buttons_right">
-			<?php if ( $text_editable ) { ?>
-				<input type="button" id="wide_view" class="button" value="<?php echo hsc($_['Wide_View']) ?>" onclick="Wide_View();">
-			<?php } ?>
+			<input type="button" id="wide_view" class="button" value="<?php echo hsc($_['Wide_View']) ?>" onclick="Wide_View();">
 			<input type="button" id="close1" class="button" value="<?php echo hsc($_['Close']) ?>"
 				onclick="parent.location = '<?php echo $ONESCRIPT.$params ?>'">
 			<script>document.getElementById('close1').focus();</script>
@@ -1754,7 +1734,7 @@ function Edit_Page_buttons_top($text_editable,$file_ENC){ //********************
 		<div class=clear></div>
 	</div>
 <?php
-}//end Edit_Page_buttons_top(){ //**********************************************
+}//end Edit_Page_buttons_top() //***********************************************
 
 
 
@@ -1789,7 +1769,7 @@ function Edit_Page_buttons($text_editable, $too_large_to_edit) { //*************
 ?>
 	</div>
 <?php
-}//end Edit_Page_buttons()******************************************************
+}//end Edit_Page_buttons() //***************************************************
 
 
 
@@ -1828,8 +1808,8 @@ function Edit_Page_form($ext, $text_editable, $too_large_to_edit, $too_large_to_
 					echo '<textarea id="file_contents" name="contents" cols="70" rows="25"';
 					echo 'onkeyup="Check_for_changes(event);">'.$filecontents.'</textarea>'.PHP_EOL;
 				}
-			} //end if non-text file...
-		} //end if non-image
+			}//end if non-text file...
+		}//end if non-image
 		
 		Edit_Page_buttons($text_editable, $too_large_to_edit);
 		
@@ -1837,7 +1817,7 @@ function Edit_Page_form($ext, $text_editable, $too_large_to_edit, $too_large_to_
 ?>	</form>
 <?php
 	if ($text_editable && !$too_large_to_edit && !$bad_chars) { Edit_Page_Notes(); }
-}//end Edit_Page_form() ********************************************************
+}//end Edit_Page_form() //******************************************************
 
 
 
@@ -1861,7 +1841,7 @@ function Edit_Page_Notes() { //*************************************************
 				<div class="notes"><b>3) </b> <?php echo hsc($_['edit_note_04']) ?></div>
 			</div>
 <?php
-}//end Edit_Page_Notes() { //***************************************************
+}//end Edit_Page_Notes() //*****************************************************
 
 
 
@@ -1921,7 +1901,7 @@ function Edit_Page() { //*******************************************************
 		$filecontents = hsc(file_get_contents($filename), ENT_COMPAT,'UTF-8');
 		echo '<pre class="edit_disabled view_file">'.$filecontents.'</pre>';
 	}
-}//end Edit_Page ***************************************************************
+}//end Edit_Page //*************************************************************
 
 
 
@@ -1932,6 +1912,7 @@ function Edit_response(){ //***If on Edit page, and [Save] clicked *************
 	$contents = $_POST["contents"];
 
 	$contents = str_replace("\r\n", "\n", $contents); //Make sure EOL is only newline char.
+	$contents = str_replace("\r"  , "\n", $contents); //Make sure EOL is only newline char.
 
 	$bytes = file_put_contents($filename, $contents);
 
@@ -1940,83 +1921,80 @@ function Edit_response(){ //***If on Edit page, and [Save] clicked *************
 	}else{
 		$message .= $EX.'<b>'.hsc($_['edit_msg_03']).'</b><br>';
 	}
-}//end Edit_response() *********************************************************
+}//end Edit_response() //*******************************************************
 
 
 
 
 function Upload_Page() { //*****************************************************
-	global $_, $ONESCRIPT, $ipath, $param1, $INPUT_NUONCE;
+	global $_, $ONESCRIPT, $ipath, $param1, $INPUT_NUONCE, $UPLOAD_FIELDS;
 
-	//Determine $MAX_FILE_SIZE to upload
-	$upload_max_filesize = ini_get('upload_max_filesize'); //This should be < post_max_size,
-	$post_max_size       = ini_get('post_max_size');       //but, just in case, check both...
+	echo '<h2>'.hsc($_['Upload_File']).'</h2>';
+	echo '<p>';
+	echo hsc($_['upload_txt_03']).' '.ini_get('upload_max_filesize').' '.hsc($_['upload_txt_01']).'<br>';
+	echo hsc($_['upload_txt_04']).' '.ini_get('post_max_size')      .' '.hsc($_['upload_txt_02']);
+	
+	echo '<form enctype="multipart/form-data" action="'.$ONESCRIPT.$param1.'&amp;p=uploaded" method="post">';
+		echo $INPUT_NUONCE;
+		echo '<input type="hidden" name="upload_destination" value="'.hsc($ipath).'" >';
+		echo '<p>';
+		for ($x = 0; $x < $UPLOAD_FIELDS; $x++) {
+			echo '<input type="file" name="upload_file[]" class="upload_file" size="100"><br>'."\n";
+		}
+		
+		Cancel_Submit_Buttons(hsc($_['Upload']),"cancel");
+	echo '</form>';
 
-	function shorthand_to_int($SHORTHAND){ //*******************
-		$KMG = strtoupper(substr($SHORTHAND, -1));
-		if     ($KMG == "K") { return $SHORTHAND * 1024; }
-		elseif ($KMG == "M") { return $SHORTHAND * 1048576; }
-		elseif ($KMG == "G") { return $SHORTHAND * 1073741824; }
-		else                 { return $SHORTHAND; }
-	}//end function shorthand_to_int() *************************
+}//end Upload_Page() //*********************************************************
 
-	$UMF = shorthand_to_int($upload_max_filesize);
-	$PMS = shorthand_to_int($post_max_size);
 
-	if ($UMF <= $PMS){ $MAX_FILE_SIZE = $UMF; $max_msg = $upload_max_filesize.' '.hsc($_['upload_txt_01']); }
-	else             { $MAX_FILE_SIZE = $PMS; $max_msg = $post_max_size      .' '.hsc($_['upload_txt_02']); }
-?>
-	<h2><?php echo hsc($_['Upload_File']) ?></h2>
-	<p><?php echo hsc($_['upload_txt_03']).' '.$max_msg; ?></p>
-	<form enctype="multipart/form-data" action="<?php echo $ONESCRIPT.$param1; ?>&amp;p=uploaded" method="post">
-		<?php echo $INPUT_NUONCE; ?>
-		<input type="hidden" name="MAX_FILE_SIZE" value="<?php echo $MAX_FILE_SIZE ?>">
-		<input type="hidden" name="upload_destination" value="<?php echo hsc($ipath); ?>" >
-		<input type="file"   name="upload_file" id="upload_file" size="100">
-		<?php Cancel_Submit_Buttons(hsc($_['Upload']),"cancel"); ?>
-	</form>
-<?php
-} //end Upload_Page() **********************************************************
 
 
+function Upload_response() { //*************************************************
+	global $_, $filename, $page, $EX, $message, $UPLOAD_FIELDS;
 
+	$page  = "index"; //return to index.
 
-function Upload_response() { //*************************************************
-	global $_, $filename, $message, $EX, $page;
-	$filename    = $_FILES['upload_file']['name'];
-	$destination = Check_path($_POST["upload_destination"]);
-	$page  = "index";
-	$MAXUP1 = ini_get('upload_max_filesize');
-	$MAXUP2 = number_format($_POST['MAX_FILE_SIZE']).' '.hsc($_['bytes']);
-	$ERROR = $_FILES['upload_file']['error'];
-
-	if     ( $ERROR == 1 ){ $ERRMSG = hsc($_['upload_err_01a']).' upload_max_filesize = '.$MAXUP1.' '.hsc($_['upload_err_01b']);}
-	elseif ( $ERROR == 2 ){ $ERRMSG = hsc($_['upload_err_02a']).' $MAX_FILE_SIZE = '     .$MAXUP2.' '.hsc($_['upload_err_02b']);}
-	elseif ( $ERROR == 3 ){ $ERRMSG = hsc($_['upload_err_03']); }
-	elseif ( $ERROR == 4 ){ $ERRMSG = hsc($_['upload_err_04']); }
-	elseif ( $ERROR == 5 ){ $ERRMSG = hsc($_['upload_err_05']); }
-	elseif ( $ERROR == 6 ){ $ERRMSG = hsc($_['upload_err_06']); }
-	elseif ( $ERROR == 7 ){ $ERRMSG = hsc($_['upload_err_07']); }
-	elseif ( $ERROR == 8 ){ $ERRMSG = hsc($_['upload_err_08']); }
-	else                  { $ERRMSG = ''; }
-
-	if (($filename == "")){
-		$message .= $EX.'<b>'.hsc($_['upload_msg_01']).'</b><br>';
-	}elseif ( ($destination === false) || (($destination != "") && !is_dir($destination))) {
-		$message .= $EX.'<b>'.hsc($_['upload_msg_02']).'</b><br>';
-		$message .= '<span class="filename">'.hte($destination).'</span></b><br>';
-		$message .= hsc($_['upload_msg_03']).'</b><br>';
-	}else{
-		$message .= '<b>'.hsc($_['upload_msg_04']).'</b> <span class="filename">'.hte($filename).'</span><br>';
-		$savefile = ordinalize($destination, $filename, $savefile_msg);
+	$filecount = 0;
+	foreach ($_FILES['upload_file']['name'] as $N => $name) {
+		if ($name == "") { continue; } //ignore empty upload fields
+		
+		$filecount++;
+		$filename    = $_FILES['upload_file']['name'][$N];
+		$destination = Check_path($_POST["upload_destination"]);
+		
+		$MAXUP1 = ini_get('upload_max_filesize');
+		$MAXUP2 = ''; //number_format($_POST['MAX_FILE_SIZE']).' '.hsc($_['bytes']);
+		$ERROR = $_FILES['upload_file']['error'][$N];
 		
-		if(move_uploaded_file($_FILES['upload_file']['tmp_name'], $savefile)) {
-			$message .= '<b>'.hsc($_['upload_msg_05']).'</b> '.$savefile_msg.'<br>';
-		} else{
-			$message .= '<b>'.$EX.'<b>'.hsc($_['upload_msg_06']).' '.$ERRMSG.'</b><br>';
+		if     ( $ERROR == 1 ){ $ERRMSG = hsc($_['upload_err_01']).' upload_max_filesize = '.$MAXUP1;}
+		elseif ( $ERROR == 2 ){ $ERRMSG = hsc($_['upload_err_02']).' MAX_FILE_SIZE = '      .$MAXUP2;}
+		elseif ( $ERROR == 3 ){ $ERRMSG = hsc($_['upload_err_03']); }
+		elseif ( $ERROR == 4 ){ $ERRMSG = hsc($_['upload_err_04']); }
+		elseif ( $ERROR == 5 ){ $ERRMSG = hsc($_['upload_err_05']); }
+		elseif ( $ERROR == 6 ){ $ERRMSG = hsc($_['upload_err_06']); }
+		elseif ( $ERROR == 7 ){ $ERRMSG = hsc($_['upload_err_07']); }
+		elseif ( $ERROR == 8 ){ $ERRMSG = hsc($_['upload_err_08']); }
+		else                  { $ERRMSG = ''; }
+		
+		if ( ($destination === false) || (($destination != "") && !is_dir($destination))) {
+			$message .= $EX.'<b>'.hsc($_['upload_msg_02']).'</b><br>';
+			$message .= '<span class="filename">'.hte($destination).'</span></b><br>';
+			$message .= hsc($_['upload_msg_03']).'</b><br>';
+		}else{
+			$message .= '<b>'.hsc($_['upload_msg_04']).'</b> <span class="filename">'.hte($filename).'</span><br>';
+			$savefile = ordinalize($destination, $filename, $savefile_msg);
+			
+			if(move_uploaded_file($_FILES['upload_file']['tmp_name'][$N], $savefile)) {
+				$message .= '<b>'.hsc($_['upload_msg_05']).'</b> '.$savefile_msg.'<br>';
+			} else{
+				$message .= '<b>'.$EX.'<b>'.hsc($_['upload_msg_06']).' '.$ERRMSG.'</b><br>';
+			}
 		}
-	}
-}//end Upload_response() *******************************************************
+	}//end foreach $_FILES
+	
+	if ($filecount == 0) { $message .= $EX.'<b>'.hsc($_['upload_msg_01']).'</b><br>'; }
+}//end Upload_response() //*****************************************************
 
 
 
@@ -2024,7 +2002,7 @@ function Upload_response() { //*************************************************
 function New_File_or_Folder_Page($title, $id) { //******************************
 	global $_, $FORM_COMMON, $INVALID_CHARS;
 
-	echo '<h2>'.hsc($title).'</h2>';
+	echo '<h2>'.hte($title).'</h2>';
 	echo $FORM_COMMON;
 		echo '<p>'.hsc($_['new_file_txt_01'].' '.$_['new_file_txt_02']);
 		echo '<span class="mono">'.hte($INVALID_CHARS).'</span></p>';
@@ -2037,11 +2015,11 @@ function New_File_or_Folder_Page($title, $id) { //******************************
 
 
 function New_File_or_Folder_response($post, $is_file){ //***********************
-	global $_, $WEB_ROOT, $ipath, $filename, $page, $param1, $param2, $param3, $message, $EX, $INVALID_CHARS;
+	global $_, $WEB_ROOT, $ipath, $filename, $page, $param1, $param2, $param3, $message, $EX, $INVALID_CHARS, $WHSPC_SLASH;
 
 	$page      = "index"; //Return to index if folder, or on error.
 
-	$new_name  = trim($_POST["$post"],"\x00..\x20/"); //Trim whitespace & slashes.
+	$new_name  = trim($_POST["$post"], $WHSPC_SLASH); //Trim whitespace & slashes.
 	
 	if ($is_file) { $filename  = $ipath.$new_name;     }
 	else          { $new_ipath = $ipath.$new_name.'/'; }
@@ -2072,7 +2050,7 @@ function New_File_or_Folder_response($post, $is_file){ //***********************
 	}else{
 		$message .= $EX.'<b>'.hsc($_['new_file_msg_01']).':</b><br>'.$msg_new; //'Error - new file not created:'
 	}
-}//end New_File_or_Folder_response *********************************************
+}//end New_File_or_Folder_response //*******************************************
 
 
 
@@ -2089,19 +2067,17 @@ function Set_Input_width() { //*************************************************
 	$main_width = $MAIN_WIDTH * 1;   //set in config section. Default is 810px.
 	$main_units = substr($MAIN_WIDTH, -2); //should be em, px, or pt
 
-	//convert to em
-	if     ( $main_units == "px") {  $main_width = $main_width / 16 ;}
-	elseif ( $main_units == "pt") {  $main_width = $main_width / 12 ;}
-	else                          {  $main_width = $main_width      ;}
-
 	//convert to em
 	$root_len = $root_len *.625;
+	if     ( $main_units == "px") { $main_width = $main_width / 16 ; }
+	elseif ( $main_units == "pt") { $main_width = $main_width / 12 ; }
+	else                          { $main_width = $main_width      ; }
 
 	$input_type_text_width = ($main_width - $root_len).'em';
 
 	echo '<style>input[type="text"] {width: '.$input_type_text_width.';}</style>';
 
-}//end Set_Input_width() *******************************************************
+}//end Set_Input_width() //*****************************************************
 
 
 
@@ -2135,7 +2111,7 @@ function CRM_Page($action, $title, $name_id, $isfile) { //**********************
 		<?php Cancel_Submit_Buttons($action, "new_name"); ?>
 	</form>
 <?php
-} //end CRM_Page() *************************************************************
+}//end CRM_Page() //************************************************************
 
 
 
@@ -2144,14 +2120,14 @@ function CRM_response($action, $msg1, $isfile, $show_message = 3){ //***********
 	//Returns 0 if successful, 1 on error.
 	//$action = 'copy' or 'rename'. $isfile = 1 if acting on a file, not a folder
 	//$show_message: 0 = none; 1 = errors only; 2 = successes only; 3 = all messages (default).
-	global $_, $WEB_ROOT, $ipath, $filename, $page, $param1, $param2, $message, $EX, $INVALID_CHARS;
+	global $_, $WEB_ROOT, $ipath, $filename, $page, $param1, $param2, $message, $EX, $INVALID_CHARS, $WHSPC_SLASH;
 
-	$old_name      = trim($_POST["old_name"],"\x00..\x20/"); //Trim whitespace & slashes.
+	$old_name      = trim($_POST["old_name"], $WHSPC_SLASH); //Trim whitespace & slashes.
 	$old_location  = dir_name($old_name); //dir_name() adds a trailing slash.
-	$new_location  = trim($_POST['new_location'],"\x00..\x20/");
+	$new_location  = trim($_POST['new_location'], $WHSPC_SLASH);
 	if ($new_location != "") { $new_location .= '/'; }
-	$new_name_only = trim($_POST["new_name"],"\x00..\x20/"); //file or folder only - no path yet.
-	$new_name      = $new_location.trim($_POST["new_name"],"\x00..\x20/");
+	$new_name_only = trim($_POST["new_name"], $WHSPC_SLASH); //file or folder only - no path yet.
+	$new_name      = $new_location.$new_name_only;
 	$filename      = $old_name; //default if error.
 
 	//Common message lines
@@ -2167,23 +2143,18 @@ function CRM_response($action, $msg1, $isfile, $show_message = 3){ //***********
 	//Check old name for invalid chars (like .. ) (Unlikely to be false outside a malicious attempt)
 	if ( Check_path($old_name,$show_message) === false ) {
 		$bad_name = $old_name;
-		
 	}elseif ( !file_exists($old_name) ) {
-		$err_msg .= $EX.'<b>'.hsc($msg1.' '.$_['CRM_msg_02']).'</b><br>'; //file does not exist
+		$err_msg .= $EX.'<b>'.hsc($msg1.' '.$_['CRM_msg_02']).'</b><br>';
 		$bad_name = $old_name;
-		
 	//Check new name & location for invalid chars etc.
 	}elseif ( Check_path($new_name,$show_message) === false ) {
 		$bad_name = $new_name;
-		
 	}elseif ( ($new_location != "") && !is_dir($new_location) ) {
-		$err_msg .= $EX.'<b>'.hsc($msg1.' '.$_['CRM_msg_01']).'</b><br>'; //parent does not exist
+		$err_msg .= $EX.'<b>'.hsc($msg1.' '.$_['CRM_msg_01']).'</b><br>';
 		$bad_name = $new_location;
-		
 	}elseif ( file_exists($new_name) ) {
 		$bad_name = $new_name;
-		$err_msg .= $EX.'<b>'.hsc($msg1.' '.$_['CRM_msg_03']).'</b><br>'; //already exists
-		
+		$err_msg .= $EX.'<b>'.hsc($msg1.' '.$_['CRM_msg_03']).'</b><br>';
 	}elseif ( $action($old_name, $new_name )) {
 		$scs_msg .= '<b>'.hsc($msg1.' '.$_['successful']).'</b><br>'.$com_msg;
 		if   ($isfile) {
@@ -2193,10 +2164,9 @@ function CRM_response($action, $msg1, $isfile, $show_message = 3){ //***********
 			$ipath    = $new_name.'/';
 		}
 		$error = 0;
-		
 	}else{
 		$bad_name = "";
-		$err_msg .= $EX.'<b>'.hsc($_['CRM_msg_05a'].' '.$msg1).'</b><br>'.$com_msg;
+		$err_msg .= $EX.'<b>'.hsc($_['CRM_msg_05'].' '.$msg1).'</b><br>'.$com_msg;
 	}
 	
 	if ($error) { $err_msg .= '<span class="filename">'.hte($bad_name).'</span><br>'; }
@@ -2210,7 +2180,7 @@ function CRM_response($action, $msg1, $isfile, $show_message = 3){ //***********
 	if ($isfile & $page == "edit") {$param2 = '&amp;f='.rawurlencode(basename($filename));}
 
 	return $error; //
-}//end CRM_response() **********************************************************
+}//end CRM_response() //********************************************************
 
 
 
@@ -2226,7 +2196,7 @@ function Delete_File_Page() { //************************************************
 		<?php Cancel_Submit_Buttons(hsc($_['DELETE']), "cancel"); ?>
 	</form>
 <?php
-} //end Delete_File_Page() *****************************************************
+}//end Delete_File_Page() //****************************************************
 
 
 
@@ -2252,8 +2222,9 @@ function Delete_File_response($del_file = "", $show_message = 3){ //************
 
 	if ($show_message & 1) { $message .= $err_msg; } //Show error message.
 	if ($show_message & 2) { $message .= $scs_msg; } //Show success message.
-	return $error; //
-}//end Delete_File_response() **************************************************
+
+	return $error;
+}//end Delete_File_response() //************************************************
 
 
 
@@ -2272,7 +2243,7 @@ class="verify_del"><?php echo hte(basename($ipath)); ?></span> /
 		<?php Cancel_Submit_Buttons(hsc($_['DELETE']), "cancel"); ?>
 	</form>
 <?php
-} //end Delete_Folder_Page() //*************************************************
+}//end Delete_Folder_Page() //**************************************************
 
 
 
@@ -2295,12 +2266,13 @@ function Delete_Folder_response() { //******************************************
 	}else {
 		$message .= $EX.'<b><span class="filename">"'.hte($foldername).'/"</span></b> '.hsc($_['delete_folder_msg_03']);
 	}
-}//end Delete_Folder_response() ************************************************
+}//end Delete_Folder_response() //**********************************************
+
 
 
 
 //******************************************************************************
-function MCD_Page($page_title, $action, $classes = 'verify', $focus = 'new_location') {
+function MCD_Page($page_title, $action, $classes = '', $focus = 'new_location') {
 	global $_, $WEB_ROOT, $ONESCRIPT, $ipath, $param1, $INPUT_NUONCE;
 	
 	Set_Input_width();
@@ -2310,7 +2282,7 @@ function MCD_Page($page_title, $action, $classes = 'verify', $focus = 'new_locat
 	echo '<form method="post" action="'.$ONESCRIPT.$param1.'">'.$INPUT_NUONCE;
 		echo '<input type="hidden" name="'.$action.'" value="'.$action.'">'.PHP_EOL;
 		
-		if (($_POST['action'] == 'copy') || ($_POST['action'] == 'move') ) {
+		if (($_POST['mcdaction'] == 'copy') || ($_POST['mcdaction'] == 'move') ) {
 			echo '<label for="new_location">'.hsc($_['New_Location']).'</label> &nbsp; ('.hsc($_['CRM_txt_02']).')<br>';
 			echo '<span class="web_root">'.hte($WEB_ROOT).'</span>';
 			echo '<input type="text" name="new_location" id="new_location" value="'.hsc($ipath).'">';
@@ -2320,29 +2292,31 @@ function MCD_Page($page_title, $action, $classes = 'verify', $focus = 'new_locat
 		Cancel_Submit_Buttons(hsc($page_title), $focus);
 			
 		//List selected files
-		echo '<table class="'.$classes.'">';
+		$count = count($_POST['files']);
+		echo '<table class="verify '.$classes.'">';
 		echo '<tr><th>'.$_['Selected_Files'].':</th></tr>'."\n";
-		$X = 1;
+		
 		foreach($_POST['files'] as $file) {
+			if ($file == "") {continue;} //Skip blanks. [0] will always be blank.
 			echo '<tr><td>'.hte($file).'</td></tr>';
-			echo '<input type=hidden  class="'.$classes.'" name="files['.$X++.']" value="'.hsc($file).'">'."\n";
+			echo '<input type=hidden  name="files[]" value="'.hsc($file).'">'."\n";
 		}
 		echo '</table>';
 	echo '</form>';
-} //end MCD_Page() *************************************************************
+}//end MCD_Page() //************************************************************
 
 
 
 
 function MCD_response($action, $msg1, $success_msg = '') { //*******************
-	global $_, $WEB_ROOT, $ipath, $param1, $param2, $param3, $message, $EX, $filename;
+	global $_, $WEB_ROOT, $ipath, $param1, $param2, $param3, $message, $EX, $filename, $WHSPC_SLASH;
 
 	$files    = $_POST['files']; //List of files to delete (path not included)
 	$count    = count($files);
 	$errors   = 0; //number of failed moves or copies
 
 	$isfile = 1; //only working with files, not folders.
-	$show_message = 1; //1= show error msg only. 2= show success msg only. 3= show all msg's.
+	$show_message = 1; //1= show error msg only.
 
 	if ($action == 'delete') {
 		foreach ($files as $file){
@@ -2353,7 +2327,7 @@ function MCD_response($action, $msg1, $success_msg = '') { //*******************
 		$mcd_ipath = $ipath; //$CRM_response() changes $ipath to $new_location
 		
 		//Trim whitespace & slashes, leaving only 1 trailing slash.
-		$new_location = trim($_POST['new_location'],"\x00..\x20/").'/';
+		$new_location = trim($_POST['new_location'], $WHSPC_SLASH).'/';
 		if ( Check_path($new_location, $show_message) === false ){
 			$message .= '<span class="filename">'.hte($new_location).'</span><br>';
 			return;
@@ -2374,13 +2348,13 @@ function MCD_response($action, $msg1, $success_msg = '') { //*******************
 	$message .= '<b>'.$successful.' '.hsc($success_msg).'</b><br>';
 
 	if ($action != 'delete') {
-		if ($successful > 0) { //if all errors, don't bother...
+		if ($successful > 0) { //"From:" & "To:" lines if any successes.
 			$message .= '<div id="message_left"><b>'.hsc($_['From']).'<br>'.hsc($_['To']).'</b></div>';
 			$message .= '<b>:</b><span class="filename"> '.hsc($mcd_ipath).'</span><br>';
 			$message .= '<b>:</b><span class="filename"> '.hsc($ipath).'</span><br>';
 		}
 	}
-}//end MCD_response() **********************************************************
+}//end MCD_response() //********************************************************
 
 
 
@@ -2402,11 +2376,11 @@ function Page_Title(){ //***<title>Page_Title()</title>*************************
 	elseif ($page == "newfolder")    { return $_['New_Folder'];    }
 	elseif ($page == "renamefolder") { return $_['Ren_Folder'];    }
 	elseif ($page == "deletefolder") { return $_['Del_Folder'];    }
-	elseif ($page == "mcdaction" && ($_POST['action'] == "copy") )    { return $_['Copy_Files'];}
-	elseif ($page == "mcdaction" && ($_POST['action'] == "move") )    { return $_['Move_Files'];}
-	elseif ($page == "mcdaction" && ($_POST['action'] == "delete") )  { return $_['Del_Files']; }
+	elseif ($page == "mcdaction" && ($_POST['mcdaction'] == "copy") )   { return $_['Copy_Files'];}
+	elseif ($page == "mcdaction" && ($_POST['mcdaction'] == "move") )   { return $_['Move_Files'];}
+	elseif ($page == "mcdaction" && ($_POST['mcdaction'] == "delete") ) { return $_['Del_Files']; }
 	else                             { return $_SERVER['SERVER_NAME']; }
-}//end Page_Title() ************************************************************
+}//end Page_Title() //**********************************************************
 
 
 
@@ -2430,17 +2404,17 @@ function Load_Selected_Page(){ //***********************************************
 	elseif ($page == "renamefolder") { CRM_Page($_['Ren_Move'], $_['Folder'], 'rename_folder', 0); }
 	elseif ($page == "deletefolder") { Delete_Folder_Page();  }
 	elseif ($page == "mcdaction")    {
-		if ($_POST['action'] == 'move')  { MCD_Page($_['Move_Files'], 'mcd_mov'); }
-		if ($_POST['action'] == 'copy')  { MCD_Page($_['Copy_Files'], 'mcd_cpy'); }
-		if ($_POST['action'] == 'delete'){ MCD_Page($_['Del_Files'],  'mcd_del', 'verify verify_del', 'cancel'); }
+		if ($_POST['mcdaction'] == 'move')  { MCD_Page($_['Move_Files'], 'mcd_mov'); }
+		if ($_POST['mcdaction'] == 'copy')  { MCD_Page($_['Copy_Files'], 'mcd_cpy'); }
+		if ($_POST['mcdaction'] == 'delete'){ MCD_Page($_['Del_Files'],  'mcd_del', 'verify_del', 'cancel'); }
 	}
 	else                             { Login_Page();          } //default
-}//end Load_Selected_Page() ****************************************************
+}//end Load_Selected_Page() //**************************************************
 
 
 
 
-function Respond_to_POST() {//**************************************************
+function Respond_to_POST() { //*************************************************
 	global $_, $VALID_POST, $page, $message;
 
 	if (!$VALID_POST) { return; }
@@ -2461,7 +2435,7 @@ function Respond_to_POST() {//**************************************************
 	elseif (isset($_POST["delete_folder"])) { Delete_Folder_response();  }
 	elseif (isset($_FILES['upload_file']['name']))  { Upload_response(); }
 
-}//end Respond_to_POST() *******************************************************
+}//end Respond_to_POST() //*****************************************************
 
 
 
@@ -2559,18 +2533,16 @@ function FileTimeStamp(php_filemtime, show_date, show_offset){
 	if (show_offset){ DATETIME += " ("+offset_FULL+")"; }
 		
 	document.write( DATETIME );
-
-}//end FileTimeStamp(php_filemtime)
+}
 
 
 
-function Select_All(list_offset) {
-	//list_offset = Number of form elements before file select checkboxes.
+function Select_All() {
 
 	select_all_label = document.getElementById('select_all_label');
-	var   files = document.mcdselect.elements; //files start at elemements[list_offset].
-	var   last  = files.length - 1; //number of files & checkboxes
-	var   select_all = document.mcdselect.select_all;
+	var files = document.mcdselect.elements['files[]'];
+	var last  = files.length; //number of files
+	var select_all = document.mcdselect.select_all;
 	
 	if (select_all.checked) {
 		select_all_label.innerHTML = '<?php echo addslashes($_['Clear_All']) ?>';
@@ -2578,61 +2550,35 @@ function Select_All(list_offset) {
 		select_all_label.innerHTML = '<?php echo addslashes($_['Select_All']) ?>';
 	}
 	
-	for (var x = list_offset; x <= last ; x++) { files[x].checked = select_all.checked; }
+	for (var x = 0; x < last ; x++) { files[x].checked = select_all.checked; }
 }
 
 
 
-function Submit_btn_style(option) {
-	if (option == "move")   {bc = "brown";}
-	if (option == "copy")   {bc = "green";}
-	if (option == "delete") {bc = "red";}
+function Confirm_ready(action){
 	
-	//Reset current border colors.
-	document.getElementById("move_label"  ).style.borderColor = 'transparent';
-	document.getElementById("copy_label"  ).style.borderColor = 'transparent';
-	document.getElementById("delete_label").style.borderColor = 'transparent';
-
-	//Set Submit button border color
-	document.getElementById("mcd_submit").style.borderColor = bc;
+	var files = document.mcdselect.elements['files[]'];
+	var last  = files.length;   //number of files
 
-	//Set option label border color
-	document.getElementById(option + "_label").style.borderColor  = bc;
-}
-
-
-
-function Confirm_ready(list_offset){
-	//list_offset = Number of form elements before file select checkboxes.
-	
-	is_move    = document.getElementById("move").checked;
-	is_copy    = document.getElementById("copy").checked;
-	is_delete  = document.getElementById("delete").checked;
-	
-	var   files = document.mcdselect.elements; //Actual files are only from elemements[list_offset] to last element.
-	var   last  = files.length - 1; //number of files (checkboxes) + list_offset
+	document.mcdselect.mcdaction.value = action; 
 
 	//Clear f_msg if at least one file is checked
-	f_msg = "<?php echo addslashes($_['No_files']) ?>\n";	
-	for (var x = list_offset; x <= last ; x++) {
+	f_msg = "<?php echo addslashes($_['No_files']) ?>";	
+	for (var x = 0; x < last ; x++) {
 		if (files[x].checked == true) { f_msg = ""; break; }
 	}
 
-	//Clear a_msg if an action is selected
-	a_msg = '<?php echo addslashes($_['No_action']) ?>';
-	if ( is_move || is_copy || is_delete )   { a_msg = ""; }
-
-	//Don't submit form if either message is set.
-	if ( (f_msg != "") || (a_msg != "") ) {
-		alert(f_msg + a_msg);
+	//Don't submit form if message is set (no files checked).
+	if ( f_msg != "" ) {
+		alert(f_msg);
 		return false;
 	}
 
-	return true; //submit form.
+	document.mcdselect.submit(); //submit form.
 }
 </script>
 <?php
-}//end common_scripts() ********************************************************
+}//end common_scripts() //******************************************************
 
 
 
@@ -2650,17 +2596,39 @@ function Edit_Page_scripts() { //***********************************************
 ?>
 	<!--======== Provide feedback re: unsaved changes ========-->
 	<script>
+	var File_textarea    = document.getElementById('file_contents');
+	var Save_File_button = document.getElementById('save_file');
+	var Reset_button     = document.getElementById('reset');
+	var start_value      = File_textarea.value;
+
+	var submitted  = false;
+	var changed    = false;
+
 	// a few var's for Wide_View()
 	var Main_div		 = document.getElementById('main');
 	var Wide_View_button = document.getElementById('wide_view');
 	var main_width_default = '<?php echo $MAIN_WIDTH ?>';
 
+
+	// The following events only apply when the element is active.
+	// [Save] is disabled unless there are changes to the open file.
+	Save_File_button.onfocus = function()     { Save_File_button.style.backgroundColor = "rgb(255,250,150)";
+											    Save_File_button.style.borderColor = "#F00"; }
+	Save_File_button.onblur  = function()     { Save_File_button.style.backgroundColor ="#Fee";
+											    Save_File_button.style.borderColor = "#Faa"; }
+	Save_File_button.onmouseover = function() { Save_File_button.style.backgroundColor = "rgb(255,250,150)";
+											    Save_File_button.style.borderColor = "#F00"; }
+	Save_File_button.onmouseout  = function() { Save_File_button.style.backgroundColor = "#Fee";
+											    Save_File_button.style.borderColor = "#Faa"; }
+
+
 	Main_div.style.width = "<?php echo $current_view ?>"; //get current width
 
 	if ( Main_div.style.width == '<?php echo $WIDE_VIEW_WIDTH ?>' ) {
 		Wide_View_button.value = '<?php echo addslashes($_['Normal_View']) ?>';
 	}
 
+
 	function Wide_View() {
 		if ( File_textarea != null ) { File_textarea.style.width = '99.8%'; }
 		
@@ -2675,26 +2643,6 @@ function Wide_View() {
 		}
 	}
 
-	var File_textarea    = document.getElementById('file_contents');
-	var Save_File_button = document.getElementById('save_file');
-	var Reset_button     = document.getElementById('reset');
-	var start_value      = File_textarea.value;
-
-
-	// The following events only apply when the element is active.
-	// [Save] is disabled unless there are changes to the open file.
-	Save_File_button.onfocus = function() { Save_File_button.style.backgroundColor = "rgb(255,250,150)";
-											Save_File_button.style.borderColor = "#F00"; }
-	Save_File_button.onblur  = function() { Save_File_button.style.backgroundColor ="#Fee";
-											Save_File_button.style.borderColor = "#Faa"; }
-	Save_File_button.onmouseover = function() {Save_File_button.style.backgroundColor = "rgb(255,250,150)";
-											   Save_File_button.style.borderColor = "#F00"; }
-	Save_File_button.onmouseout  = function() {Save_File_button.style.backgroundColor = "#Fee";
-											   Save_File_button.style.borderColor = "#Faa"; }
-
-
-	var submitted   = false;
-	var changed     = false;
 
 	function Reset_file_status_indicators() {
 		changed = false;
@@ -2775,7 +2723,7 @@ function Reset_File() {
 	Reset_file_status_indicators();
 	</script>
 <?php
-}//end Edit_Page_scripts() *****************************************************
+}//end Edit_Page_scripts() //***************************************************
 
 
 
@@ -2976,15 +2924,18 @@ function style_sheet(){ //******************************************************
 	font    : 1em courier;
 }
 
-input:focus { background-color: rgb(255,250,150); }
+input:focus  { background-color: rgb(255,250,150); }
+button:focus { background-color: rgb(255,250,150); }
 
-input:hover { background-color: rgb(255,250,150); }
+input:hover  { background-color: rgb(255,250,150); }
+button:hover { background-color: rgb(255,250,150); }
 
 input[readonly]       { color: #333; background-color: #EEE; }
 input[disabled]       { color: #555; background-color: #EEE; }
 input[disabled]:hover { background-color: rgb(236,233,216);  }
 input[disabled]:hover { background-color: rgb(236,233,216);  }
 
+input[type="file"] { border: 1px solid #807568; background-color: white; width: 100%; }
 
 .buttons_right         { float: right; }
 .buttons_right .button { margin-left: .5em; }
@@ -3097,7 +3048,7 @@ function style_sheet(){ //******************************************************
 	}
 
 
-table.verify {
+.verify {
 	min-width       : 50%; 
 	font            : 1em Courier;
 	margin-bottom   : .7em;
@@ -3106,7 +3057,7 @@ function style_sheet(){ //******************************************************
 	background-color: white;
 	}
 
-table.verify th {
+.verify th {
 	border: 1px solid gray;
 	padding: 0 1em 0 1em;
 	text-align : center;
@@ -3115,7 +3066,7 @@ function style_sheet(){ //******************************************************
 	background-color: #EEE;
 	}
 
-table.verify td {
+.verify td {
 	border        : 1px inset silver;
 	padding: .1em 1em .1em .5em;
 	vertical-align: middle;
@@ -3131,14 +3082,15 @@ function style_sheet(){ //******************************************************
 	padding: .2em;
 	}
 
+.verify_del    { border: 1px solid #F44; background-color: #FFE7E7; }
 
-table.verify_del    { border: 1px solid #F44; background-color: #FFE7E7; }
-
-table.verify_del td { border: 1px solid #F44; }
+.verify_del td { border: 1px solid #F44; }
 
 
 #admin {padding: .3em;}
 
+.admin_buttons .button { margin-right: .5em; }
+
 .clear {clear:both; padding: 0; margin: 0; border: none}
 
 .web_root {font: 1em Courier;}
@@ -3164,10 +3116,6 @@ function style_sheet(){ //******************************************************
 
 input[type="text"]#new_name {width  : 60%;}
 
-.admin_buttons .button { margin-right: .5em; }
-
-#upload_file { margin-bottom: .6em; }
-
 .old_backup_T { float: left; margin-bottom: .3em; }
 
 #del_backup   { float: left; margin-left  :  1em; }
@@ -3185,33 +3133,39 @@ function style_sheet(){ //******************************************************
 
 .action        { margin-bottom: .1em; }
 .action  label {
+	display: inline-block;
 	font: 400 .9em arial;
 	color: #333;
-	margin-bottom  : .1em;
-	margin-right: .6em;
-	padding: 3px;
-	border: 1px dotted transparent;
 	}
 
-#select_all { margin: 0 2em 0 0; }
+#select_all { margin: .35em 1em .5em 0; }
 
 #select_all_div {
-	float  : left;
-	width  : 73px;
-	padding: 2px 0 0 0;
+	display: inline-block;
+	width  : 71px;
+	padding: 2px 0 0 2px;
+	margin: 0 0 0 0;
 	}
 
 #select_all_label { font-size: .84em;}
 
-#mcd_submit { padding: 2px 5px; color: rgb(100,45,0); }
+.mcd_submit { height: 1.5em;
+	cursor   : pointer;
+	border   : 1px solid #807568;
+	padding  : 0px 8px 0px 2px;
+	margin   : 0 .5em 0 0;
+	font-size: .95em;
+	color           : rgb(100,45,0);
+	background-color: #EEE
+	}
 </style>
 <?php
-}//end style_sheet() ***********************************************************
+}//end style_sheet() //*********************************************************
 
 
 
 
-function Language_and_config_adjusted_styles() {//******************************
+function Language_and_config_adjusted_styles() { //*****************************
 	global $_, $MAIN_WIDTH;
 ?>
 <style>
@@ -3244,9 +3198,9 @@ function Language_and_config_adjusted_styles() {//******************************
 
 
 
-//******************************************************************************
 //******************************************************************************
 //Main logic to determine page action
+//******************************************************************************
 
 Default_Language(); // Load Default Language settings
 
@@ -3298,9 +3252,9 @@ function Language_and_config_adjusted_styles() {//******************************
 
 
 
-//******************************************************************************
 //******************************************************************************
 //Output page contents
+//******************************************************************************
 echo '<!DOCTYPE html>';
 echo '<html><head>';
 echo '<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">';
diff --git a/readme.markdown b/readme.markdown
index e488ec6..8042ed8 100755
--- a/readme.markdown
+++ b/readme.markdown
@@ -1,4 +1,10 @@
-# Current stable version: 3.4.04
+# Current stable version: 3.4.05
+
+### September 18, 2012
+
+- The [Selected Files] submit button has been removed, and the "radio buttons" to select Move, Copy, or Delete have been replaced with individual submit buttons. This saves the user one *entire* click per action!
+- OneFileCMS can now select and upload multiple files at one time.  The default max is 4, but that value may be adjusted with the "$UPLOAD_FIELDS" config variable.
+-Removed the extra [Upload...] [New...] [Rename...] [Delete...] buttons from bottom of index page.
 
 ### September 14, 2012
 
@@ -12,7 +18,7 @@ Anyway, maybe now it's sorta at a resting spot  (hahaha...).  In anycase, here's
 
 - A few minor fixes, and some code cleanup & improvements.
 
-(what'd you expect, a epic treatise?...)
+(what'd you expect, an epic treatise?...)
 
 ### Auguest 29, 2012
 
@@ -37,7 +43,7 @@ Anyway, maybe now it's sorta at a resting spot  (hahaha...).  In anycase, here's
 ### July 31, 2012
 
 - For reasons of security, consistancy, & code simplicity, the format for external config files (if used) is now php, instead of ini. This permits a simple copy & paste between an external config file & onefilecms.php.  
-  A config file must begin with "<?php".  And, for security reasons, external config file names should end in ".php".  Otherwise, your webserver may serve up the file as plain text, exposing the contents, such as username and password.
+  A config file must begin with "&lt;?php".  And, for security reasons, external config file names should end in ".php".  Otherwise, your webserver may serve up the file as plain text, exposing the contents, such as username and password.
 
 
 ### July 25, 2012
@@ -45,7 +51,7 @@ Anyway, maybe now it's sorta at a resting spot  (hahaha...).  In anycase, here's
 #### Security issue if using external .ini config file for password storage  
 If an external config file is used to store your password and/or hash, make sure to save the file with php as the extension, and begin the file as follows:  
   
-;<?php die();  
+;&lt;?php die();  
   
 Otherwise, the file - along with your password, is world readable. For details, see the php documentation and comments on parse\_ini\_file().
 
@@ -106,13 +112,13 @@ You can also change the file name of OneFileCMS.php to something else, such as "
 
 WYSWIWYG editors have been requested, but probably won't become standard, as they'd make it more than one file, sort of defeating the "OneFile" point. Plus, if you're working in PHP or non-HTML code, they can be more of a hindrance than an asset.
 
-However, just because I don't want to do it, doesn't mean it's impossible.  Look for the Edit_Page_form() function. Its textarea can be modified to work with whatever editor you like. 
+However, just because I don't want to do it, doesn't mean it's impossible.  Look for the Edit\_Page\_form() function. Its textarea can be modified to work with whatever editor you like. 
 
 ### I found something that could be better. Can I suggest it to you?
 
 Yes, of course!
 
-I may not have the time/bandwidth/inclination to implement every feature, but I 'll do what I can. If it's urgent, contact me.  
+I may not have the time/bandwidth/inclination to implement every feature, but I 'll do what I can. If you find a bug, please file a report on the issues page.
 
 ### This is basically just a file manager with a text editor- why is it being called a CMS?
 
@@ -188,6 +194,13 @@ GENERATE/OUTPUT THE PAGE
 
 ## Change Log
 
+### 3.4.05
+
+- Consolidated index page radio & submit buttons (for Move, Copy, Delete) into just three standard buttons.
+- Added multi-file upload ability.
+- Index page: removed extra Upload/New/Rename/Delete buttons from  bottom of page.
+- Subsequent to the above, a bit of code cleanup & improvement.
+
 ### 3.4.04
 
 - Minor bug fix.
@@ -196,9 +209,9 @@ GENERATE/OUTPUT THE PAGE
 
 - Primary user noticable change: on rename/move/copy pages, split "New Name" from "New Location".
 - A couple minor bug fixes.
-- Consolidated a four functions into two.
+- Consolidated four functions into two.
 - Other general code cleanup & improvements.
-- Numerous changed, new, and removed langauge settings.
+- Numerous new, changed, and removed langauge settings.
 
 ### 3.4.01
 
@@ -267,7 +280,7 @@ GENERATE/OUTPUT THE PAGE
 
 ### 3.3.01
 
-- Fixed a "minor" issue after adding multi-language support- OneFileCMS stopped working altogether on versions of PHP < 5.3.
+- Fixed a "minor" issue after adding multi-language support- OneFileCMS stopped working altogether on versions of PHP &lt; 5.3.
 
 ### 3.3.0
 
@@ -310,18 +323,18 @@ GENERATE/OUTPUT THE PAGE
 ### 3.1.6 thru 3.1.8
 
 - Converted bulk of rest of code into functions (easier to work with).
-- Resolved issue (I hope) with differing versions of PHP and how magic_quotes & stripslashes are handeled.
+- Resolved issue (I hope) with differing versions of PHP and how magic_quotes & stripslashes are handled.
 
 ### 3.1.2 thru 3.1.5
 
 - Added file size limits to the Edit/View page. (Some browsers don't like large files in an HTML textarea.)
-- Added some data validation to _GET parameters
+- Added some data validation to $_GET parameters
 - Some misc code cleanup & organization etc.
 - And other misc stuff...
 
 ### 3.1.1
 
-- Fixed minor issue with data encoding of file to exit in &lt;textarea>
+- Fixed minor issue with data encoding of file for editting in a &lt;textarea>
 
 ### 3.1
 
@@ -374,7 +387,7 @@ GENERATE/OUTPUT THE PAGE
 - List of files now sorted alphabetically, without regard to case.
 - Further improved Edit page & screen feedback of file state (changed/unchanged).
 - Added [X] dismiss button on message box
-- File date shown on Index & Edit pages is now in user's local time.
+- File dates shown on Index & Edit pages are now in user's local time.
 - Moved from xhtml to html syntax & doctype.
 
 ### 1.1.9

From deeed6c5175815b552a6b09ed32b37731f40e969 Mon Sep 17 00:00:00 2001
From: David <selfevidenttruths@mail.com>
Date: Thu, 20 Sep 2012 16:05:00 -0400
Subject: [PATCH 146/228] Version 3.4.06 Index_Page(): switched from glob() to
 scandir() for folder list.    - glob('*') doesn't return hidden "dot"
 folders. Minor bug fix: from edit page, if delete file, and delete fails -
 returns to edit with null file. Consolidated a couple language values.

---
 OneFileCMS.LANG.DE.php |  7 +++---
 OneFileCMS.LANG.EN.php | 48 +++++++++++++++++------------------
 OneFileCMS.LANG.ES.php | 10 ++++----
 onefilecms.php         | 57 +++++++++++++++++++++++++-----------------
 readme.markdown        | 10 ++++++--
 5 files changed, 74 insertions(+), 58 deletions(-)

diff --git a/OneFileCMS.LANG.DE.php b/OneFileCMS.LANG.DE.php
index da4c436..a526433 100755
--- a/OneFileCMS.LANG.DE.php
+++ b/OneFileCMS.LANG.DE.php
@@ -1,5 +1,5 @@
 <?php
-// OneFileCMS Language Settings v3.4.05
+// OneFileCMS Language Settings v3.4.06
 
 $_['LANGUAGE'] = 'Deutsch';
 $_['LANG'] = 'DE';
@@ -62,6 +62,7 @@
 $_['Log_Out']    = 'Abmelden';
 
 $_['Admin_Options']  = 'Administration Options'; //## NT ##
+$_['Are_you_sure']   = 'Are you sure?';       //## NT ##
 $_['Edit_View']      = 'Edit / View File';    //## NT ##
 $_['Upload_File']    = 'Datei heraufladen';
 $_['New_File']       = 'Datei erstellen';
@@ -186,11 +187,9 @@
 $_['CRM_msg_03']  = ' Fehler - die Zieldatei besteht bereits:';
 $_['CRM_msg_05']  = 'Error during'; //## NT ##
 
-$_['delete_txt_01'] = 'Sind Sie sicher?';
 $_['delete_msg_01'] = 'Gelöschte Datei:';
 $_['delete_msg_02'] = 'Während des Löschvorgangs trat ein Fehler auf ';
 
-$_['delete_folder_txt_01'] = 'Sind Sie sicher?';
 $_['delete_folder_msg_01'] = 'Der Ordner ist nicht leer.  Der Ordner muss leer sein, bevor er gelöscht werden kann.';
 $_['delete_folder_msg_02'] = 'Gelöschter Ordner:';
 $_['delete_folder_msg_03'] = 'während des Löschvorgangs trat ein Fehler auf.';
@@ -207,8 +206,8 @@
 $_['edit_caution_01']  = 'ACHTUNG ';
 $_['edit_caution_02']  = ' Sie bearbeiten gerade die aktive Version von OneFileCMS - Sichern Sie den Code und seien Sie vorsichtig !!';
 $_['time_out_txt']     = 'Automatischer Sitzungsstopp in:';
-$_['error_reporting_01'] = 'Anzeigen von Fehlern ist';
 
+$_['error_reporting_01'] = 'Anzeigen von Fehlern ist';
 $_['error_reporting_02'] = 'Loggen von Fehlern ist';
 $_['error_reporting_03'] = 'Fehlerberichterstattung';
 $_['error_reporting_04'] = 'Anzeigen der Fehlertypen';
diff --git a/OneFileCMS.LANG.EN.php b/OneFileCMS.LANG.EN.php
index 7afe035..b6262d3 100755
--- a/OneFileCMS.LANG.EN.php
+++ b/OneFileCMS.LANG.EN.php
@@ -1,5 +1,5 @@
 <?php
-// OneFileCMS Language Settings v3.4.05
+// OneFileCMS Language Settings v3.4.06
 
 $_['LANGUAGE'] = 'English'; //EN
 $_['LANG'] = 'EN';
@@ -41,7 +41,7 @@
 $_['Deleted'] = 'Deleted';
 $_['Edit']    = 'Edit';
 $_['Enter']   = 'Enter';
-$_['Error']   = 'Error';   //#####
+$_['Error']   = 'Error';   //####
 $_['errors']  = 'errors';
 $_['File']    = 'File';
 $_['Folder']  = 'Folder';
@@ -50,7 +50,7 @@
 $_['Move']    = 'Move';
 $_['Moved']   = 'Moved';
 $_['on']      = 'on';
-$_['bytes']   = 'bytes';   //#####
+$_['bytes']   = 'bytes';   //####
 
 $_['Password']   = 'Password';
 $_['Rename']     = 'Rename';
@@ -62,6 +62,7 @@
 $_['Log_Out']    = 'Log Out';
 
 $_['Admin_Options']  = 'Administration Options';
+$_['Are_you_sure']   = 'Are you sure?';       //#####
 $_['Edit_View']      = 'Edit / View File';
 $_['Upload_File']    = 'Upload File';
 $_['New_File']       = 'New File';
@@ -89,15 +90,15 @@
 $_['reset']       = 'Reset - loose changes';
 $_['Wide_View']   = 'Wide View';
 $_['Normal_View'] = 'Normal View';
-$_['Open_View']   = 'Open/View in browser window'; //#####
+$_['Open_View']   = 'Open/View in browser window'; //####
 
 $_['verify_msg_01']  = 'Session expired.';
 $_['verify_msg_02']  = 'INVALID POST';
 
 $_['get_get_msg_01']    = 'File does not exist:';
 $_['get_get_msg_02']    = 'Invalid page request:';
-$_['check_path_msg_02'] = 'dot" or "dot dot" path segments are not permitted.'; //#####
-$_['check_path_msg_03'] = 'Path or filename contains an invalid character:'; //#####
+$_['check_path_msg_02'] = 'dot" or "dot dot" path segments are not permitted.'; //####
+$_['check_path_msg_03'] = 'Path or filename contains an invalid character:'; //####
 $_['ord_msg_01']        = 'A file with that name already exists in the target directory.';
 $_['ord_msg_02']        = 'Saving as';
 $_['show_img_msg_01']   = 'Image shown at ~';
@@ -148,13 +149,13 @@
 $_['edit_msg_02'] = 'bytes written.';
 $_['edit_msg_03'] = 'There was an error saving file.';
 
-$_['upload_txt_03']  = 'Maximum size of each file:'; //#####
-$_['upload_txt_01']  = '(per upload_max_filesize in php.ini)'; //#####
-$_['upload_txt_04']  = 'Maximum total upload size:'; //#####
-$_['upload_txt_02']  = '(per post_max_size in php.ini)'; //#####
+$_['upload_txt_03']  = 'Maximum size of each file:'; //####
+$_['upload_txt_01']  = '(per upload_max_filesize in php.ini)'; //####
+$_['upload_txt_04']  = 'Maximum total upload size:'; //####
+$_['upload_txt_02']  = '(per post_max_size in php.ini)'; //####
 
-$_['upload_err_01']  = 'Error 1: File too large. From php.ini:'; //#####
-$_['upload_err_02']  = 'Error 2: File too large. (MAX_FILE_SIZE HTML form element)'; //#####
+$_['upload_err_01']  = 'Error 1: File too large. From php.ini:'; //####
+$_['upload_err_02']  = 'Error 2: File too large. (MAX_FILE_SIZE HTML form element)'; //####
 $_['upload_err_03']  = 'Error 3: The uploaded file was only partially uploaded.';
 $_['upload_err_04']  = 'Error 4: No file was uploaded.';
 $_['upload_err_05']  = 'Error 5:';
@@ -163,34 +164,32 @@
 $_['upload_err_08']  = 'Error 8: A PHP extension stopped the file upload.';
 
 $_['upload_msg_01'] = 'No file selected for upload.';
-$_['upload_msg_02'] = 'Destination folder invalid:'; //#####
+$_['upload_msg_02'] = 'Destination folder invalid:'; //####
 $_['upload_msg_03'] = 'Upload cancelled.';
 $_['upload_msg_04'] = 'Uploading:';
 $_['upload_msg_05'] = 'Upload successful!';
 $_['upload_msg_06'] = 'Upload failed:';
 
-$_['new_file_txt_01'] = 'File or Folder will be created in the current folder.'; //#####
+$_['new_file_txt_01'] = 'File or Folder will be created in the current folder.'; //####
 $_['new_file_txt_02'] = 'Some invalid characters are:';
-$_['new_file_msg_01'] = 'File or folder not created:'; //#####
-$_['new_file_msg_02'] = 'Name contains an invalid character:'; //#####
-$_['new_file_msg_03'] = 'Not created - no name given'; //#####
-$_['new_file_msg_04'] = 'File or folder already exists:'; //#####
+$_['new_file_msg_01'] = 'File or folder not created:'; //####
+$_['new_file_msg_02'] = 'Name contains an invalid character:'; //####
+$_['new_file_msg_03'] = 'Not created - no name given'; //####
+$_['new_file_msg_04'] = 'File or folder already exists:'; //####
 $_['new_file_msg_05'] = 'Created file:';
-$_['new_file_msg_07'] = 'Created folder:'; //#####
+$_['new_file_msg_07'] = 'Created folder:'; //####
 
 $_['CRM_txt_02']  = 'The new location must already exist.';
-$_['CRM_txt_03']  = 'Old Name and Location'; //#####
+$_['CRM_txt_03']  = 'Old Name and Location'; //####
 $_['CRM_txt_04']  = 'New Name';
 $_['CRM_msg_01']  = 'Error - new parent location does not exist:';
 $_['CRM_msg_02']  = 'Error - source file does not exist:';
-$_['CRM_msg_03']  = 'Error - new file or folder already exists:'; //#####
+$_['CRM_msg_03']  = 'Error - new file or folder already exists:'; //####
 $_['CRM_msg_05']  = 'Error during';
 
-$_['delete_txt_01'] = 'Are you sure?';
 $_['delete_msg_01'] = 'Deleted file:';
 $_['delete_msg_02'] = 'Error deleting';
 
-$_['delete_folder_txt_01'] = 'Are you sure?';
 $_['delete_folder_msg_01'] = 'Folder not empty. Folders must be empty before they can be deleted.';
 $_['delete_folder_msg_02'] = 'Deleted folder:';
 $_['delete_folder_msg_03'] = 'an error occurred during delete.';
@@ -207,8 +206,8 @@
 $_['edit_caution_01']  = 'CAUTION';
 $_['edit_caution_02']  = 'You are editing the active copy of OneFileCMS - BACK IT UP & BE CAREFUL !!';
 $_['time_out_txt']     = 'Session time out in:';
-$_['error_reporting_01'] = 'Display errors is';
 
+$_['error_reporting_01'] = 'Display errors is';
 $_['error_reporting_02'] = 'Log errors is';
 $_['error_reporting_03'] = 'Error reporting is set to';
 $_['error_reporting_04'] = 'Showing error types';
@@ -252,3 +251,4 @@
 $_['mcd_msg_01']    = 'files moved successfully.';
 $_['mcd_msg_02']    = 'files copied successfully.';
 $_['mcd_msg_03']    = 'files deleted successfully.';
+
diff --git a/OneFileCMS.LANG.ES.php b/OneFileCMS.LANG.ES.php
index bc95bca..23f36fa 100755
--- a/OneFileCMS.LANG.ES.php
+++ b/OneFileCMS.LANG.ES.php
@@ -1,5 +1,5 @@
 <?php
-// OneFileCMS Language Settings v3.4.05
+// OneFileCMS Language Settings v3.4.06
 
 $_['LANGUAGE'] = 'Espanõla';
 $_['LANG'] = 'ES';
@@ -62,6 +62,7 @@
 $_['Log_Out']    = 'Cerrar Sesión';
 
 $_['Admin_Options']  = 'Administration Options'; //## NT ##
+$_['Are_you_sure']   = 'Are you sure?';       //## NT ##
 $_['Edit_View']      = 'Edit / View File';    //## NT ##
 $_['Upload_File']    = 'Subir Archivo';
 $_['New_File']       = 'Archivo Nuevo';
@@ -184,13 +185,11 @@
 $_['CRM_msg_01']  = 'Error - la localización padre no existe:';
 $_['CRM_msg_02']  = 'Error - el archivo inicial no existe:';
 $_['CRM_msg_03']  = 'Error - el archivo de objetivo no existe:';
-$_['CRM_msg_05a'] = 'Error durante';
+$_['CRM_msg_05']  = 'Error during'; //## NT ##
 
-$_['delete_txt_01'] = '¿Estás seguro?';
 $_['delete_msg_01'] = 'Archivo Eliminado:';
 $_['delete_msg_02'] = 'Error eliminando';
 
-$_['delete_folder_txt_01'] = '¿Estás seguro?';
 $_['delete_folder_msg_01'] = 'Carpeta no vacía.   Las carpetas deben estar vacías antes de ser eliminadas.';
 $_['delete_folder_msg_02'] = 'Carpeta eliminada:';
 $_['delete_folder_msg_03'] = 'ocurrió un error eliminándola.';
@@ -207,8 +206,8 @@
 $_['edit_caution_01']  = 'PRECAUCIÓN';
 $_['edit_caution_02']  = 'Estás editando la copia activa de OneFileCMS - ¡HACÉ UNA COPIA DE SEGURIDAD Y TENÉ CUIDADO!';
 $_['time_out_txt']     = 'Tiempo de Espera de Sesión Agotado:';
-$_['error_reporting_01'] = 'Display errors is'; //## NT ##
 
+$_['error_reporting_01'] = 'Display errors is';         //## NT ##
 $_['error_reporting_02'] = 'Log errors is';             //## NT ##
 $_['error_reporting_03'] = 'Error reporting is set to'; //## NT ##
 $_['error_reporting_04'] = 'Showing error types';       //## NT ##
@@ -252,3 +251,4 @@
 $_['mcd_msg_01']    = 'files moved successfully.';             //## NT ##
 $_['mcd_msg_02']    = 'files copied successfully.';            //## NT ##
 $_['mcd_msg_03']    = 'files deleted successfully.';           //## NT ##
+
diff --git a/onefilecms.php b/onefilecms.php
index bdf7692..5a37bca 100755
--- a/onefilecms.php
+++ b/onefilecms.php
@@ -1,7 +1,7 @@
 <?php
 // OneFileCMS - github.com/Self-Evident/OneFileCMS
 
-$OFCMS_version = '3.4.05';
+$OFCMS_version = '3.4.06';
 
 /*******************************************************************************
 Copyright © 2009-2012 https://github.com/rocktronica
@@ -172,7 +172,7 @@ function hte($input) { return htmlentities($input, ENT_QUOTES, 'UTF-8'); }//end
 
 function Default_Language() { // ***********************************************
 	global $_;
-// OneFileCMS Language Settings v3.4.05
+// OneFileCMS Language Settings v3.4.06
 
 $_['LANGUAGE'] = 'English'; //EN
 $_['LANG'] = 'EN';
@@ -231,6 +231,7 @@ function Default_Language() { // ***********************************************
 $_['Log_In']     = 'Log In';
 $_['Log_Out']    = 'Log Out';
 $_['Admin_Options']  = 'Administration Options';
+$_['Are_you_sure']   = 'Are you sure?';    //#####
 $_['Edit_View']      = 'Edit / View File';
 $_['Upload_File']    = 'Upload File';
 $_['New_File']       = 'New File';
@@ -340,10 +341,8 @@ function Default_Language() { // ***********************************************
 $_['CRM_msg_02']  = 'Error - source file does not exist:';
 $_['CRM_msg_03']  = 'Error - new file or folder already exists:'; //####
 $_['CRM_msg_05'] = 'Error during';
-$_['delete_txt_01'] = 'Are you sure?';
 $_['delete_msg_01'] = 'Deleted file:';
 $_['delete_msg_02'] = 'Error deleting';
-$_['delete_folder_txt_01'] = 'Are you sure?';
 $_['delete_folder_msg_01'] = 'Folder not empty. Folders must be empty before they can be deleted.';
 $_['delete_folder_msg_02'] = 'Deleted folder:';
 $_['delete_folder_msg_03'] = 'an error occurred during delete.';
@@ -508,8 +507,8 @@ function Error_reporting_and_early_output($show_status = 0, $show_types = 0) {//
 						   (ini_get('log_errors') == 'on') ) )
 	{
 ?>		<style>
-		.E_box {margin: 0;	 background-color: #F33; font-size: 1em; color: white;
-				padding: 4px 5px 5px 5px; border: 0 solid white; }
+		.E_box {margin: 0;	 background-color: #F00; font-size: 1em; color: white;
+				padding: 2px 5px 2px 5px; border: 1px solid white; }
 		</style>
 <?php
 		echo '<p class="E_box"><b>PHP '.PHP_VERSION.$spc;
@@ -527,7 +526,7 @@ function Error_reporting_and_early_output($show_status = 0, $show_types = 0) {//
 
 	//$early_output is contents of ob_get_clean(), just before page output.
 	if (strlen($early_output) > 0 ) {
-		echo '<pre style="background-color: #Fdd; border: 1px solid #Faa;"><b>';
+		echo '<pre style="background-color: #F00; border: 0px solid #F00;"><b>';
 		echo hsc($_['error_reporting_05']).'</b> ';
 		echo hsc($_['error_reporting_06']).'<b>:</b> ';
 		echo '<span style="background-color: white; border: 1px solid white">';
@@ -856,7 +855,7 @@ function Page_Header(){ //******************************************************
 	<div class="header">
 		<a href="<?php echo $ONESCRIPT?>" id="logo"><?php echo $config_title; ?></a>
 		<?php echo $OFCMS_version.' ('.hsc($_['on']).'&nbsp;php&nbsp;'.phpversion().')'; ?>
-
+		
 		<div class="nav">
 			<a href="/" target="_blank"><?php echo $favicon ?>
 			<b><?php echo hte($WEBSITE) ?></b></a>
@@ -1624,16 +1623,11 @@ function Table_of_Files($files, $R, $C, $D) { //********************************
 
 
 
-function List_Files() { //******************************************************
+function List_Files($files) { //************************************************
 	//called from Index Page
 	global $_, $ONESCRIPT, $ipath, $param1, $ftypes, $fclasses, $excluded_list;
 
-	$files = scandir('./'.$ipath);
-	natcasesort($files);
-
-	$no_files = true;
-	foreach ($files as $file) { if ( is_file($ipath.$file) ) { $no_files = false; break; } }
-	if ($no_files) {return 0;}
+	if (count($files) == 0) {return 0;}
 
 	if (supports_svg()) {
 		$R = svg_icon_ren();
@@ -1678,10 +1672,22 @@ function input_mcd_action($label, $mcd, $icon="") {
 function Index_Page(){ //*******************************************************
 	global $_, $ONESCRIPT, $ipath, $param1;
 
-	//<!--==== List folders/sub-directores ====-->
+	//Get list of files & folders
+	$full_list = scandir('./'.$ipath);
+	natcasesort($full_list);
+
+	//Seperate files & folders
+	$files= array();
+	$folders= array();
+	$F=1; $D=1;  //indexes
+	foreach( $full_list as $item ) {
+		if ( ($item == '.') || ($item == '..')){ continue; }
+		if (is_dir($ipath.$item)){ $folders[$D++] = $ipath.$item.'/'; }
+		else                     { $files[$F++]   = $item; }
+	}
+
+	//List folders/sub-directores
 	echo '<p class="index_folders">';
-		$folders = glob($ipath."*",GLOB_ONLYDIR);
-		natcasesort($folders);
 		foreach ($folders as $folder) {
 			echo '<a href="'.$ONESCRIPT.'?i='.URLencode_path($folder).'/">'.PHP_EOL;
 			echo svg_icon_folder();
@@ -1700,7 +1706,7 @@ function Index_Page(){ //*******************************************************
 	}
 	echo '</p>';
 
-	List_Files();
+	List_Files($files);
 
 }//end Index_Page() //**********************************************************
 
@@ -2192,7 +2198,7 @@ function Delete_File_Page() { //************************************************
 	<?php echo $FORM_COMMON ?>
 		<input type="hidden" name="delete_file" value="<?php echo hsc($filename); ?>" >
 		<p><span class="verify_del"><?php echo hte(basename($filename)); ?></span></p>
-		<p><b><?php echo hsc($_['delete_txt_01']) ?></b></p>
+		<p><b><?php echo hsc($_['Are_you_sure']) ?></b></p>
 		<?php Cancel_Submit_Buttons(hsc($_['DELETE']), "cancel"); ?>
 	</form>
 <?php
@@ -2202,7 +2208,7 @@ function Delete_File_Page() { //************************************************
 
 
 function Delete_File_response($del_file = "", $show_message = 3){ //************
-	global $_, $filename, $message, $EX, $page, $ipath, $param1, $param2;
+	global $_, $ipath, $filename, $page, $param1, $param2, $message, $EX;
 
 	if ($del_file == "") { $del_file = $_POST["delete_file"]; }
 	$page = "index"; //Return to index
@@ -2213,10 +2219,15 @@ function Delete_File_response($del_file = "", $show_message = 3){ //************
 	if (unlink($del_file)) {
 		$scs_msg .= '<b>'.hsc($_['delete_msg_01']).'</b> <span class="filename">'.hte(basename($del_file)).'</span><br>';
 		$filename = "";
+		$param2   = "";
 		$error = 0; //0= no error, 1 = an error.
 	}else{
 		$err_msg .= $EX.'<b>'.hsc($_['delete_msg_02']).'</b> <span class="filename">"'.hte($del_file).'"</span>.<br>';
 		$page = $_SESSION['recent_pages'][1];
+		if ($page == "edit") {
+			$filename = $del_file;
+			$param2   = '&amp;f='.basename($filename);
+		}
 		$error = 1;
 	}
 
@@ -2239,7 +2250,7 @@ function Delete_Folder_Page(){ //***********************************************
 		<span class="web_root"><?php echo hte($WEB_ROOT.dir_name($ipath)); ?></span><span
 		class="verify_del"><?php echo hte(basename($ipath)); ?></span> /
 		</p>
-		<p><b><?php echo hsc($_['delete_folder_txt_01']) ?></b></p>
+		<p><b><?php echo hsc($_['Are_you_sure']) ?></b></p>
 		<?php Cancel_Submit_Buttons(hsc($_['DELETE']), "cancel"); ?>
 	</form>
 <?php
@@ -2288,7 +2299,7 @@ function MCD_Page($page_title, $action, $classes = '', $focus = 'new_location')
 			echo '<input type="text" name="new_location" id="new_location" value="'.hsc($ipath).'">';
 		}
 			
-		echo '<p><b>'.hsc($_['delete_txt_01']).'</b></p>'; //"Are you sure?"
+		echo '<p><b>'.hsc($_['Are_you_sure']).'</b></p>';
 		Cancel_Submit_Buttons(hsc($page_title), $focus);
 			
 		//List selected files
diff --git a/readme.markdown b/readme.markdown
index 8042ed8..c604251 100755
--- a/readme.markdown
+++ b/readme.markdown
@@ -1,6 +1,8 @@
-# Current stable version: 3.4.05
+# Current stable version: 3.4.06
 
-### September 18, 2012
+- Minor bug fix. (I'm beginning to see a pattern here...)
+
+### September 19, 2012
 
 - The [Selected Files] submit button has been removed, and the "radio buttons" to select Move, Copy, or Delete have been replaced with individual submit buttons. This saves the user one *entire* click per action!
 - OneFileCMS can now select and upload multiple files at one time.  The default max is 4, but that value may be adjusted with the "$UPLOAD_FIELDS" config variable.
@@ -194,6 +196,10 @@ GENERATE/OUTPUT THE PAGE
 
 ## Change Log
 
+### 3.4.06
+
+- Minor bug fix: Index page would not display folders that started with a period ("hidden" folders on *nix)
+
 ### 3.4.05
 
 - Consolidated index page radio & submit buttons (for Move, Copy, Delete) into just three standard buttons.

From f04386e3e3879d9164800c9735ae25ac74d55375 Mon Sep 17 00:00:00 2001
From: Self-Evident <selfevidenttruths@mail.com>
Date: Sun, 23 Sep 2012 00:00:00 -0400
Subject: [PATCH 147/228] Version 3.4.07 Consolidated Delete_File_  &
 Delelete_Folder_ (_page & _response) functions into    Delete_Page() &
 Delete_response(). Added rDel(): recursive delete - now able to delete
 non-empty folders.             : Handles all file & folder deletes.
 $valid_pages: renamed delete to deletefile Verify_page_conditions(): Removed
 check for folder not empty. Check_path(): added hsc() to a couple places.
 Added List_Selected(): Lists selected files & folders.
 Cancel_Submit_Buttons(): No longers takes focus - leaves on current folder
 name. Change_PWUN_Page(): Added a few params & removed lines that used to set
 them. Delete_response(): require $target parameter. CRM_response():
 Split/improved check for invalid chars in new location/name. $Index_Page():
 Minor bug fix: removed extra slash from folder links. Darkened the svg folder
 icons. Removed & changed a few $_[] langauge strings.

---
 OneFileCMS.LANG.DE.php   |  23 ++-
 OneFileCMS.LANG.EN.php   |  11 +-
 OneFileCMS.LANG.ES.php   |   9 +-
 OneFileCMS_structure.txt |  14 +-
 onefilecms.php           | 338 ++++++++++++++++++++-------------------
 readme.markdown          |  19 +++
 6 files changed, 213 insertions(+), 201 deletions(-)

diff --git a/OneFileCMS.LANG.DE.php b/OneFileCMS.LANG.DE.php
index a526433..ec7b07d 100755
--- a/OneFileCMS.LANG.DE.php
+++ b/OneFileCMS.LANG.DE.php
@@ -1,5 +1,5 @@
 <?php
-// OneFileCMS Language Settings v3.4.06
+// OneFileCMS Language Settings v3.4.07
 
 $_['LANGUAGE'] = 'Deutsch';
 $_['LANG'] = 'DE';
@@ -61,9 +61,9 @@
 $_['Log_In']     = 'Anmelden';
 $_['Log_Out']    = 'Abmelden';
 
-$_['Admin_Options']  = 'Administration Options'; //## NT ##
-$_['Are_you_sure']   = 'Are you sure?';       //## NT ##
-$_['Edit_View']      = 'Edit / View File';    //## NT ##
+$_['Admin_Options']  = 'Konfiguration Options'; //## NT ##
+$_['Are_you_sure']   = 'Sind Sie sicher?';
+$_['Edit_View']      = 'Datei Bearbeiten / Ansicht';
 $_['Upload_File']    = 'Datei heraufladen';
 $_['New_File']       = 'Datei erstellen';
 $_['Ren_Move']       = 'Umbenennen / Verschieben';
@@ -72,9 +72,9 @@
 $_['Ren_Folder']     = 'Ordner umbenennen/verschieben';
 $_['Del_Folder']     = 'Ordner löschen';
 $_['Submit']         = 'Anfrage senden';
-$_['Move_Files']     = 'Move File(s)';        //## NT ##
-$_['Copy_Files']     = 'Copy File(s)';        //## NT ##
-$_['Del_Files']      = 'Delete File(s)';      //## NT ##
+$_['Move_Files']     = 'Datei Verschieben';
+$_['Copy_Files']     = 'Datei Kopieren';
+$_['Del_Files']      = 'Datei Löschen';
 $_['Selected_Files'] = 'Selected Files';      //## NT ##
 $_['Select_All']     = 'Select All';          //## NT ##
 $_['Clear_All']      = 'Clear All';           //## NT ##
@@ -189,9 +189,6 @@
 
 $_['delete_msg_01'] = 'Gelöschte Datei:';
 $_['delete_msg_02'] = 'Während des Löschvorgangs trat ein Fehler auf ';
-
-$_['delete_folder_msg_01'] = 'Der Ordner ist nicht leer.  Der Ordner muss leer sein, bevor er gelöscht werden kann.';
-$_['delete_folder_msg_02'] = 'Gelöschter Ordner:';
 $_['delete_folder_msg_03'] = 'während des Löschvorgangs trat ein Fehler auf.';
 
 $_['session_warning'] = 'Achtung: Die sitzung wird ende bald!';
@@ -248,7 +245,7 @@
 $_['change_un_01']  = 'Benutzername wurde geändert!';
 $_['change_un_02']  = 'Benutzername wurde nicht geändert:';
 $_['update_failed'] = 'Aktualisierung fehlgeschlagen - die Datei konnte nicht gespeichert werden.';
-$_['mcd_msg_01']    = 'files moved successfully.';             //## NT ##
-$_['mcd_msg_02']    = 'files copied successfully.';            //## NT ##
-$_['mcd_msg_03']    = 'files deleted successfully.';           //## NT ##
+$_['mcd_msg_01']    = 'files moved.';             //## NT ##
+$_['mcd_msg_02']    = 'files copied.';            //## NT ##
+$_['mcd_msg_03']    = 'files deleted.';           //## NT ##
 
diff --git a/OneFileCMS.LANG.EN.php b/OneFileCMS.LANG.EN.php
index b6262d3..710fe02 100755
--- a/OneFileCMS.LANG.EN.php
+++ b/OneFileCMS.LANG.EN.php
@@ -1,5 +1,5 @@
 <?php
-// OneFileCMS Language Settings v3.4.06
+// OneFileCMS Language Settings v3.4.07
 
 $_['LANGUAGE'] = 'English'; //EN
 $_['LANG'] = 'EN';
@@ -62,8 +62,8 @@
 $_['Log_Out']    = 'Log Out';
 
 $_['Admin_Options']  = 'Administration Options';
-$_['Are_you_sure']   = 'Are you sure?';       //#####
-$_['Edit_View']      = 'Edit / View File';
+$_['Are_you_sure']   = 'Are you sure?';       //####
+$_['Edit_View']      = 'Edit / View';
 $_['Upload_File']    = 'Upload File';
 $_['New_File']       = 'New File';
 $_['Ren_Move']       = 'Rename / Move';
@@ -189,10 +189,7 @@
 
 $_['delete_msg_01'] = 'Deleted file:';
 $_['delete_msg_02'] = 'Error deleting';
-
-$_['delete_folder_msg_01'] = 'Folder not empty. Folders must be empty before they can be deleted.';
-$_['delete_folder_msg_02'] = 'Deleted folder:';
-$_['delete_folder_msg_03'] = 'an error occurred during delete.';
+$_['delete_folder_msg_03'] = 'Delete error:'; //####
 
 $_['session_warning'] = 'Warning: Session timeout soon!';
 $_['session_expired'] = 'SESSION EXPIRED';
diff --git a/OneFileCMS.LANG.ES.php b/OneFileCMS.LANG.ES.php
index 23f36fa..03bba85 100755
--- a/OneFileCMS.LANG.ES.php
+++ b/OneFileCMS.LANG.ES.php
@@ -1,5 +1,5 @@
 <?php
-// OneFileCMS Language Settings v3.4.06
+// OneFileCMS Language Settings v3.4.07
 
 $_['LANGUAGE'] = 'Espanõla';
 $_['LANG'] = 'ES';
@@ -189,9 +189,6 @@
 
 $_['delete_msg_01'] = 'Archivo Eliminado:';
 $_['delete_msg_02'] = 'Error eliminando';
-
-$_['delete_folder_msg_01'] = 'Carpeta no vacía.   Las carpetas deben estar vacías antes de ser eliminadas.';
-$_['delete_folder_msg_02'] = 'Carpeta eliminada:';
 $_['delete_folder_msg_03'] = 'ocurrió un error eliminándola.';
 
 $_['session_warning'] = 'Advertencia: ¡La sesión terminará pronto!';
@@ -249,6 +246,6 @@
 $_['change_un_02']  = 'Username NOT changed:';                 //## NT ##
 $_['update_failed'] = 'Update failed - could not save file.';  //## NT ##
 $_['mcd_msg_01']    = 'files moved successfully.';             //## NT ##
-$_['mcd_msg_02']    = 'files copied successfully.';            //## NT ##
-$_['mcd_msg_03']    = 'files deleted successfully.';           //## NT ##
+$_['mcd_msg_02']    = 'files copied.';                         //## NT ##
+$_['mcd_msg_03']    = 'files deleted.';                        //## NT ##
 
diff --git a/OneFileCMS_structure.txt b/OneFileCMS_structure.txt
index 0358dc6..8cb88d6 100755
--- a/OneFileCMS_structure.txt
+++ b/OneFileCMS_structure.txt
@@ -1,4 +1,4 @@
-OneFileCMS Version 3.4.05 structure/layout
+OneFileCMS Version 3.4.07 structure/layout
 
 LICENSE
 
@@ -25,9 +25,11 @@ MISC FUNCTIONS:
 	dir_name()
 	Check_path()
 	is_empty()
+	List_Selected()
 	ordinalize()
 	supports_svg()
-
+	rDel()
+	
 MISC PAGE SECTIONS/FUNCTIONS
 	Current_Path_Header()
 	Page_Header()
@@ -78,7 +80,7 @@ PAGE & RESPONSE FUNCTIONS:
 	Edit_Page_buttons_top()
 	Edit_Page_buttons()
 	Edit_Page_form()
-	Edit_Page_notes()
+	Edit_Page_Notes()
 	Edit_Page()
 	Edit_response()
 	Upload_Page()
@@ -88,10 +90,8 @@ PAGE & RESPONSE FUNCTIONS:
 	Set_Input_width()
 	CRM_Page()
 	CRM_response()
-	Delete_File_Page()
-	Delete_File_response()
-	Delete_Folder_Page()
-	Delete_Folder_response() 
+	Delete_Page()
+	Delete_response()
 	MCD_Page()
 	MCD_response()
 	Page_Title()
diff --git a/onefilecms.php b/onefilecms.php
index 5a37bca..3498036 100755
--- a/onefilecms.php
+++ b/onefilecms.php
@@ -1,7 +1,7 @@
-<?php
+<?php  //Adds recursive folder delete.  Seems stable & reliable.
 // OneFileCMS - github.com/Self-Evident/OneFileCMS
 
-$OFCMS_version = '3.4.06';
+$OFCMS_version = '3.4.07';
 
 /*******************************************************************************
 Copyright © 2009-2012 https://github.com/rocktronica
@@ -142,10 +142,10 @@
 $CONFIG_file_backup    = $ONESCRIPT_path.$config_file.'.BACKUP.php'; //used for p/w & u/n updates.
 $CONFIG_url_backup     =  URLencode_path($CONFIG_file_backup);       //used for p/w & u/n updates.
 
-$valid_pages = array("login","logout","admin","hash","changepw","changeun","index","edit","upload","uploaded","newfile","copy","rename","delete","newfolder","renamefolder","deletefolder","mcdaction");
+$VALID_PAGES = array("login","logout","admin","hash","changepw","changeun","index","edit","upload","uploaded","newfile","copy","rename","deletefile","deletefolder","newfolder","renamefolder","mcdaction");
 
-$INVALID_CHARS = '< > ? * : " | / \\'; //Illegal characters for file/folder names.
-$INVALID_CHARS_array = explode(' ', $INVALID_CHARS); // (Space deliminated)
+$INVALID_CHARS = '< > ? * : " | / \\'; //Illegal characters for file/folder names.  Space deliminated.
+$INVALID_CHARS_array = explode(' ', $INVALID_CHARS); //for use in has_invalid_char().
 $WHSPC_SLASH = "\x00..\x20/";  //Whitespace & forward slash. For trimming name inputs.
 
 //Make arrays out of a few $config_variables for actual use later.
@@ -231,8 +231,8 @@ function Default_Language() { // ***********************************************
 $_['Log_In']     = 'Log In';
 $_['Log_Out']    = 'Log Out';
 $_['Admin_Options']  = 'Administration Options';
-$_['Are_you_sure']   = 'Are you sure?';    //#####
-$_['Edit_View']      = 'Edit / View File';
+$_['Are_you_sure']   = 'Are you sure?';       //####
+$_['Edit_View']      = 'Edit / View';
 $_['Upload_File']    = 'Upload File';
 $_['New_File']       = 'New File';
 $_['Ren_Move']       = 'Rename / Move';
@@ -312,8 +312,8 @@ function Default_Language() { // ***********************************************
 $_['upload_txt_01']  = '(per upload_max_filesize in php.ini)';   //####
 $_['upload_txt_04']  = 'Maximum total upload size:';             //####
 $_['upload_txt_02']  = '(per post_max_size in php.ini)';         //####
-$_['upload_err_01'] = 'Error 1: File too large. From php.ini:';  //####
-$_['upload_err_02'] = 'Error 2: File too large. (MAX_FILE_SIZE HTML form element)'; //####
+$_['upload_err_01']  = 'Error 1: File too large. From php.ini:'; //####
+$_['upload_err_02']  = 'Error 2: File too large. (MAX_FILE_SIZE HTML form element)'; //####
 $_['upload_err_03']  = 'Error 3: The uploaded file was only partially uploaded.';
 $_['upload_err_04']  = 'Error 4: No file was uploaded.';
 $_['upload_err_05']  = 'Error 5:';
@@ -340,12 +340,10 @@ function Default_Language() { // ***********************************************
 $_['CRM_msg_01']  = 'Error - new parent location does not exist:';
 $_['CRM_msg_02']  = 'Error - source file does not exist:';
 $_['CRM_msg_03']  = 'Error - new file or folder already exists:'; //####
-$_['CRM_msg_05'] = 'Error during';
+$_['CRM_msg_05']  = 'Error during';
 $_['delete_msg_01'] = 'Deleted file:';
 $_['delete_msg_02'] = 'Error deleting';
-$_['delete_folder_msg_01'] = 'Folder not empty. Folders must be empty before they can be deleted.';
-$_['delete_folder_msg_02'] = 'Deleted folder:';
-$_['delete_folder_msg_03'] = 'an error occurred during delete.';
+$_['delete_folder_msg_03'] = 'Delete error:';  //####
 $_['session_warning'] = 'Warning: Session timeout soon!';
 $_['session_expired'] = 'SESSION EXPIRED';
 $_['unload_unsaved']  = ' Unsaved changes will be lost!';
@@ -393,9 +391,9 @@ function Default_Language() { // ***********************************************
 $_['change_un_01']  = 'Username changed!';
 $_['change_un_02']  = 'Username NOT changed:';
 $_['update_failed'] = 'Update failed - could not save file.';
-$_['mcd_msg_01']    = 'files moved successfully.';
-$_['mcd_msg_02']    = 'files copied successfully.';
-$_['mcd_msg_03']    = 'files deleted successfully.';
+$_['mcd_msg_01']    = 'files moved.';
+$_['mcd_msg_02']    = 'files copied.';
+$_['mcd_msg_03']    = 'files deleted.';
 }//end Default_Language() //****************************************************
 
 
@@ -435,7 +433,7 @@ function Session_Startup() { //*************************************************
 
 
 function Verify_IDLE_POST_etc() { //********************************************
-	global $_, $page, $ONESCRIPT, $param1, $EX, $message, $VALID_POST, $MAX_IDLE_TIME;
+	global $_, $page, $EX, $message, $VALID_POST, $MAX_IDLE_TIME;
 
 	//Verify consistant user agent... (every little bit helps every little bit)
 	if ( !isset($_SESSION['user_agent']) || ($_SESSION['user_agent'] != $_SERVER['HTTP_USER_AGENT']) ) { Logout(); }
@@ -587,7 +585,7 @@ function Get_GET() { //*** Get main parameters *********************************
 	// i=some/path/,  f=somefile.xyz,  p=somepage
 	// $ipath      ,  $filename     ,  $page
 	// Get_GET() should not be called unless $_SESSION['valid'] == 1
-	global $_, $ipath, $filename, $page, $valid_pages, $param1, $param2, $param3, $EX, $message;
+	global $_, $ipath, $filename, $page, $VALID_PAGES, $param1, $param2, $param3, $EX, $message;
 
 	//Initialize & validate $ipath
 	if (isset($_GET["i"])) {
@@ -607,13 +605,13 @@ function Get_GET() { //*** Get main parameters *********************************
 
 	//Initialize & validate $page
 	if (isset($_GET["p"])) { $page = $_GET["p"]; } else { $page = "index"; }
-	if (!in_array($page, $valid_pages)) {
+	if (!in_array($page, $VALID_PAGES)) {
 		$message .= $EX.hsc($_['get_get_msg_02']).' <b>'.hte($page).'</b><br>';
 		$page = "index";  //If invalid $_GET["p"]
 	}
 
 	//Pages that require a valid $filename
-	$file_pages = array("edit", "rename", "copy", "delete");
+	$file_pages = array("edit", "rename", "copy", "deletefile");
 
 	//Make sure $filename & $page go together
 	if ( ($filename != "") && !in_array($page, $file_pages) ) { $filename = "";  }
@@ -649,15 +647,10 @@ function Verify_page_conditions() { //******************************************
 		Logout();
 		$message .= hsc($_['logout_msg']);
 	}
-	//Don't load delete or rename folder pages at webroot.
+	//Don't load rename or delete folder pages at webroot.
 	elseif ( ($page == "deletefolder" || $page == "renamefolder") && ($ipath == "") ) {
 		$page = "index";
 	}
-	//Don't load delete folder page if folder not empty.
-	elseif ( ($page == "deletefolder") && !is_empty($ipath) ) {
-		$message .= $EX.'<b>'.hsc($_['delete_folder_msg_01']).'</b><br>';
-		$page = "index";
-	}
 	//There must be at least one 'file', and 'mcdaction' must = "move", "copy", or "delete"
 	elseif ($page == "mcdaction") {
 		if     (!isset($_POST['mcdaction'] )) { $page = "index"; }
@@ -685,7 +678,7 @@ function Verify_page_conditions() { //******************************************
 function has_invalid_char($string) { //*****************************************
 	global $INVALID_CHARS, $INVALID_CHARS_array;
 	foreach ($INVALID_CHARS_array as $bad_char) {
-		if (strpos($string, $bad_char) !== false) { return $bad_char; }
+		if (strpos($string, $bad_char) !== false) { return true; }
 	}
 	return false;
 }//end has_invalid_char() //****************************************************
@@ -719,9 +712,7 @@ function dir_name($path){ //****************************************************
 function Check_path($path, $show_msg = false) { //******************************
 	// check for invalid characters & "dot" or "dot dot" path segments.
 	// Does NOT check if exists - only if of valid construction.
-	global  $_, $WEB_ROOT, $message, $EX, $INVALID_CHARS, $WHSPC_SLASH;
-
-	if ($path === false) {return false;}
+	global  $_, $message, $EX, $INVALID_CHARS, $WHSPC_SLASH;
 
 	$path = str_replace('\\','/',$path);   //Make sure all forward slashes.
 	$path = trim($path, $WHSPC_SLASH);     // trim whitespace & slashes
@@ -738,15 +729,15 @@ function Check_path($path, $show_msg = false) { //******************************
 		//Check for any '.' and '..' parts of the path to protect directories outside webroot.
 		//They also cause issues in <h2>www / current / path /</h2>
 		if ( ($part == '.') || ($part == '..') ) {
-			$err_msg .= $EX.' <b>'.$_['check_path_msg_02'].'</b><br>';
+			$err_msg .= $EX.' <b>'.hsc($_['check_path_msg_02']).'</b><br>';
 			$errors++;
 			break;
 		}
 		
 		//Check for invalid characters
-		$invalid_chars = str_replace(' /','',$INVALID_CHARS); //The forward slash is not present in this context.
+		$invalid_chars = str_replace(' /','',$INVALID_CHARS); //The forward slash is not present, or invalid, at this point.
 		if ( has_invalid_char($part) ) {
-			$err_msg .= $EX.' <b>'.$_['check_path_msg_03'].' &nbsp; <span class="mono"> '.$invalid_chars.'</span></b><br>';
+			$err_msg .= $EX.' <b>'.hsc($_['check_path_msg_03']).' &nbsp; <span class="mono"> '.$invalid_chars.'</span></b><br>';
 			$errors++;
 			break;
 		}
@@ -775,6 +766,40 @@ function is_empty($path){ //****************************************************
 
 
 
+function List_Selected($full_list,$classes="",$post=false) { //*****************
+	global $_, $ipath;
+
+	//Seperate files & folders
+	$files= array();
+	$folders= array();
+	$F=1; $D=1;  //indexes
+	foreach( $full_list as $item ) {
+		if ( ($item == '.') || ($item == '..') || ($item == "")){ continue; }
+		if (is_dir($ipath.$item)){ $folders[$D++] = $ipath.$item.'/'; }
+		else                     { $files[$F++]   = $item; }
+	}
+
+	$count = count($files) + count($folders);
+	if ($count == 0) { return; }
+
+	echo '<table class="verify '.$classes.'">';
+	echo '<tr><th>'.$_['Selected_Files'].':</th></tr>'."\n";
+
+	foreach($folders as $file) {
+		echo '<tr><td>'.svg_icon_folder().hte(basename($file)).'/</td></tr>';
+		if ($post) {echo '<input type=hidden  name="files[]" value="'.hsc($file).'">'."\n";}
+	}
+
+	foreach($files as $file) {
+		echo '<tr><td>'.hte($file).'</td></tr>';
+		if ($post) {echo '<input type=hidden  name="files[]" value="'.hsc($file).'">'."\n";}
+	}
+	echo '</table>';
+}//end List_Selected() //*******************************************************
+
+
+
+
 function ordinalize($destination,$filename, &$msg) { //*************************
 //if file_exists(file.txt), ordinalize filename until it doesn't
 //ie: file.txt.001,  file.txt.002, file.txt.003  etc...
@@ -815,6 +840,28 @@ function supports_svg() { //****************************************************
 
 
 
+function rDel($path){ //********************************************************
+
+	$path = trim($path, '/'); // Protects against deleting root.
+	if ($path == "") { $path = '.'; }
+
+	if ( is_file($path) ) { return unlink($path); }
+	if ( is_dir($path) ) {
+		
+		$dir_list = scandir($path);
+		foreach ( $dir_list as $dir_item ) {
+			if ( ($dir_item == '.') || ($dir_item =='..') ) {continue;}
+			rDel($path.'/'.$dir_item);
+		}
+		if ( $path == '.' ) { return; } //If at web root folder, just empty it, don't delete it.
+		return rmdir($path);
+	}
+	return false; //If $path is not a file or dir, I don't know what it is...
+}//end rDel() //****************************************************************
+
+
+
+
 function Current_Path_Header(){ //**********************************************
  	// Current path. ie: webroot/current/path/
 	// Each level is a link to that level.
@@ -907,8 +954,6 @@ function Cancel_Submit_Buttons($submit_label, $focus) { //**********************
 		onclick="parent.location = '<?php echo $ONESCRIPT.$params ?>'">
 	<input type="submit" class="button" value="<?php echo $submit_label;?>" style="margin-left: 1em;">
 <?php
-	if ($focus != ""){ echo '<script>document.getElementById("'.$focus.'").focus();</script>'; }
-
 	//Do not close the <p> tag yet/here. Leave it open for potential content on individual pages.
 }//end Cancel_Submit_Buttons() //***********************************************
 
@@ -1118,17 +1163,15 @@ function svg_icon_file_del(){ //************************************************
 
 
 function svg_icon_folder_0($extra = ""){ //*************************************
-
+    //original: fill="#FBE47b" stroke="#F0CD28
  return '<svg class="icon icon_fldr" xmlns="http://www.w3.org/2000/svg" version="1.1" width="18" height="14">
 	<path  d="M0.5, 1  L8,1  L9,2  L9,3  L16.5,3  L17,3.5  L17,13.5  L.5,13.5  L.5,.5"
-			fill="#FBE47b" stroke="#F0CD28" stroke-width="1" />
+			fill="#F0CD28" stroke="rgb(200,170,15)" stroke-width="1" />
 	<path  d="M1.5, 8  L7, 8  L8.5,6.3  L16,6.3  L7.5, 6.3   L6.5,7.5  L1.5,7.5"
 			fill="transparent" stroke="white" stroke-width="1" />
 	<path  d="M1.5,13  L1.5,2  L7.5,2  L8.5,3  L8.5,4  L15.5,4 L16,4.5  L16,13"
 			fill="transparent" stroke="white" stroke-width="1" />'.
-	$extra.'
-	</svg>';
-
+	$extra.'</svg>';
 }//end svg_icon_folder_0() //***************************************************
 
 
@@ -1171,6 +1214,7 @@ function show_icon($type){ //***************************************************
 	elseif ($type == 'php') { return svg_icon_php(); }
 	elseif ($type == 'css') { return svg_icon_css(); }
 	elseif ($type == 'cfg') { return svg_icon_cfg(); }
+	elseif ($type == 'dir') { return svg_icon_folder(); }
 	else                    { return svg_icon_bin(); } //default
 }//end show_icon() //***********************************************************
 
@@ -1196,7 +1240,7 @@ function List_Backup($file, $file_url){ //**************************************
 		</tr></table>
 
 		<script>document.getElementById("old_backup").focus();</script>
-		<a href="<?php echo $href.'&amp;p=delete' ?>" class="button" id="del_backup"><?php echo hsc($_['Delete']) ?></a>
+		<a href="<?php echo $href.'&amp;p=deletefile' ?>" class="button" id="del_backup"><?php echo hsc($_['Delete']) ?></a>
 		<div style="clear: both"></div>
 <?php
 }//end List_Backup() //*********************************************************
@@ -1320,28 +1364,15 @@ function Hash_response() { //***************************************************
 
 
 
-function Change_PWUN_Page($config_key) { //*************************************
+//******************************************************************************
+function Change_PWUN_Page($pwun, $type,$page_title,$label_new,$label_confirm) {
 	// $config_key must= "pw" or "un"
 	global $_, $EX, $ONESCRIPT, $param1, $param3, $INPUT_NUONCE, $config_title, $PWUN_RULES;
-	
-	if ($config_key == "pw") {
-		$type = "password";
-		$page_title    = $_['pw_change'];
-		$label_new     = $_['pw_new'];
-		$label_confirm = $_['pw_confirm'];
-	}elseif ($config_key == "un"){
-		$type = "text";
-		$page_title    = $_['un_change'];
-		$label_new     = $_['un_new'];
-		$label_confirm = $_['un_confirm'];
-	}
 ?>
-	<style></style>
-
 	<h2><?php echo hsc($page_title) ?></h2>
 	
 	<form id="change" name="<?php echo $config_key ?>" method="post" action="<?php echo $ONESCRIPT.$param1.$param3; ?>">
-		<input type="hidden" name="<?php echo $config_key ?>" value="">
+		<input type="hidden" name="<?php echo $pwun ?>" value="">
 		
 		<?php echo $INPUT_NUONCE; ?>
 		
@@ -1370,7 +1401,7 @@ function Change_PWUN_Page($config_key) { //*************************************
 
 //******************************************************************************
 function Update_config($search_for, $replace_with, $search_file, $backup_file) {
-	global  $_, $HASHWORD, $ONESCRIPT_file, $ONESCRIPT_file_backup, $EX, $message;
+	global  $_, $HASHWORD, $EX, $message;
 
 	if ( !is_file($search_file) ) {
 		$message .= $EX.' <b>'.$_['Not_found'].': </b>'.$search_file.'<br>';
@@ -1422,7 +1453,7 @@ function Change_PWUN_response($PWUN, $msg){ //**********************************
 
 	//If nothing entered...
 	if ( ($current_pass == "") && ($new_pwun == "") && ($confirm_pwun == "") ) {
-		;//do nothing.
+		return ;//do nothing.
 		
 	//If no new & confirm values entered, display $message to that effect.
 	}elseif ( ($new_pwun == "") && ($confirm_pwun == "") ) {
@@ -1536,7 +1567,7 @@ function Login_response() { //**************************************************
 
 	//validate login.
 	if ( ($_POST['password'] == "") || ($_POST['username'] == "") )  {
-		; //Ignore attempt if either username OR password is blank.
+		return; //Ignore attempt if either username OR password is blank.
 	}elseif ( $VALID_PASSWORD && ($_POST['username'] == $USERNAME) ) {
 		session_regenerate_id(true);
 		$_SESSION['user_agent'] = $_SERVER['HTTP_USER_AGENT']; //for user consistancy check.
@@ -1596,7 +1627,7 @@ function Table_of_Files($files, $R, $C, $D) { //********************************
 				</td>
 				<td class="rcd">
 				<?php if (!$IS_OFCMS){
-					  echo '<a href="'.$HREF_params.'&amp;p=delete" title="'.hsc($_['Delete']).'"   class="rcd1">'.$D.'</a>';
+					  echo '<a href="'.$HREF_params.'&amp;p=deletefile" title="'.hsc($_['Delete']).'"   class="rcd1">'.$D.'</a>';
 				} ?>
 				</td>
 				<td class="ckbox">
@@ -1686,7 +1717,7 @@ function Index_Page(){ //*******************************************************
 		else                     { $files[$F++]   = $item; }
 	}
 
-	//List folders/sub-directores
+	//List folders
 	echo '<p class="index_folders">';
 		foreach ($folders as $folder) {
 			echo '<a href="'.$ONESCRIPT.'?i='.URLencode_path($folder).'/">'.PHP_EOL;
@@ -1700,7 +1731,7 @@ function Index_Page(){ //*******************************************************
 	echo '<a href="'.$ONESCRIPT.$param1.'&amp;p=upload">'   .svg_icon_upload()    .hsc($_['Upload_File']).'</a>';
 	echo '<a href="'.$ONESCRIPT.$param1.'&amp;p=newfile">'  .svg_icon_file_new()  .hsc($_['New_File'])   .'</a>';
 	echo '<a href="'.$ONESCRIPT.$param1.'&amp;p=newfolder">'.svg_icon_folder_new().hsc($_['New_Folder']) .'</a>';
-	if ($ipath !== "") { //if at root, don't show Rename & Delete links
+	if ($ipath !== "") { //if at root, don't show [Rename] & [Delete] links
 		echo '<a href="'.$ONESCRIPT.$param1.'&amp;p=renamefolder">'.svg_icon_folder_ren().hsc($_['Ren_Folder']).'</a>';
 		echo '<a href="'.$ONESCRIPT.$param1.'&amp;p=deletefolder">'.svg_icon_folder_del().hsc($_['Del_Folder']).'</a>';
 	}
@@ -1770,7 +1801,7 @@ function Edit_Page_buttons($text_editable, $too_large_to_edit) { //*************
 
 	if (!$Editing_OFCMS) { echo $Button.hsc($_['Ren_Move']).$ACTION.'rename\'">'; }
 	echo $Button.hsc($_['Copy'])    .$ACTION.'copy\'">';
-	if (!$Editing_OFCMS) { echo $Button.hsc($_['Delete'])  .$ACTION.'delete\'" id="delete">'; }
+	if (!$Editing_OFCMS) { echo $Button.hsc($_['Delete'])  .$ACTION.'deletefile\'" id="delete">'; }
 	echo $Button.hsc($_['Close']).'" onclick="parent.location = \''.$ONESCRIPT.$params.'\'">'
 ?>
 	</div>
@@ -2011,7 +2042,7 @@ function New_File_or_Folder_Page($title, $id) { //******************************
 	echo '<h2>'.hte($title).'</h2>';
 	echo $FORM_COMMON;
 		echo '<p>'.hsc($_['new_file_txt_01'].' '.$_['new_file_txt_02']);
-		echo '<span class="mono">'.hte($INVALID_CHARS).'</span></p>';
+		echo '<span class="mono"> '.hte($INVALID_CHARS).'</span></p>';
 		echo '<input type="text" name="'.$id.'" id="'.$id.'" value="">';
 		Cancel_Submit_Buttons(hsc($_['Create']),$id);
 	echo '</form>';
@@ -2034,7 +2065,7 @@ function New_File_or_Folder_response($post, $is_file){ //***********************
 
 	if (has_invalid_char($new_name)){
 		$message .= $EX.'<b>'.hsc($_['new_file_msg_01']).'</b> '.$msg_new;
-		$message .= '<b>'.hsc($_['new_file_msg_02']).' <span class="mono">'.hte($INVALID_CHARS).'</span></b>';
+		$message .= '<b>'.hsc($_['new_file_msg_02']).'<span class="mono"> '.hte($INVALID_CHARS).'</span></b>';
 		
 	}elseif ($new_name == ""){
 		$message .= $EX.'<b>'.hsc($_['new_file_msg_03']).'</b>';  //No name given.
@@ -2130,9 +2161,9 @@ function CRM_response($action, $msg1, $isfile, $show_message = 3){ //***********
 
 	$old_name      = trim($_POST["old_name"], $WHSPC_SLASH); //Trim whitespace & slashes.
 	$old_location  = dir_name($old_name); //dir_name() adds a trailing slash.
+	$new_name_only = trim($_POST["new_name"], $WHSPC_SLASH); //file or folder only - no path yet.
 	$new_location  = trim($_POST['new_location'], $WHSPC_SLASH);
 	if ($new_location != "") { $new_location .= '/'; }
-	$new_name_only = trim($_POST["new_name"], $WHSPC_SLASH); //file or folder only - no path yet.
 	$new_name      = $new_location.$new_name_only;
 	$filename      = $old_name; //default if error.
 
@@ -2152,9 +2183,13 @@ function CRM_response($action, $msg1, $isfile, $show_message = 3){ //***********
 	}elseif ( !file_exists($old_name) ) {
 		$err_msg .= $EX.'<b>'.hsc($msg1.' '.$_['CRM_msg_02']).'</b><br>';
 		$bad_name = $old_name;
-	//Check new name & location for invalid chars etc.
-	}elseif ( Check_path($new_name,$show_message) === false ) {
-		$bad_name = $new_name;
+	//Check new name for invalid chars, including slashes.
+	}elseif ( has_invalid_char($new_name_only) ) {
+		$err_msg .= $EX.'<b>'.hsc($_['new_file_msg_02']).'<span class="filename"> '.hte($INVALID_CHARS).'</span></b><br>';
+		$bad_name = $new_name_only;
+	//Check new location for invalid chars etc.
+	}elseif ( Check_path($new_location,$show_message) === false ) {
+		$bad_name = $new_location;
 	}elseif ( ($new_location != "") && !is_dir($new_location) ) {
 		$err_msg .= $EX.'<b>'.hsc($msg1.' '.$_['CRM_msg_01']).'</b><br>';
 		$bad_name = $new_location;
@@ -2191,42 +2226,64 @@ function CRM_response($action, $msg1, $isfile, $show_message = 3){ //***********
 
 
 
-function Delete_File_Page() { //************************************************
-	global $_, $filename, $FORM_COMMON;
-?>
-	<h2><?php echo hsc($_['Del_Files']) ?></h2>
-	<?php echo $FORM_COMMON ?>
-		<input type="hidden" name="delete_file" value="<?php echo hsc($filename); ?>" >
-		<p><span class="verify_del"><?php echo hte(basename($filename)); ?></span></p>
-		<p><b><?php echo hsc($_['Are_you_sure']) ?></b></p>
-		<?php Cancel_Submit_Buttons(hsc($_['DELETE']), "cancel"); ?>
-	</form>
-<?php
-}//end Delete_File_Page() //****************************************************
+function Delete_Page($title, $target){ //***************************************
+	global $_, $WEB_ROOT, $ipath, $filename, $FORM_COMMON, $EX;
+
+	$web_root = ""; $slash = "";
+	if (is_dir($target)) {
+		$web_root = '<span class="web_root">'.hte($WEB_ROOT.dir_name($target)).'</span>';
+		$slash = '/';
+	}
+
+	echo '<h2>'.hsc($title).'</h2>';
+
+	echo $FORM_COMMON;
+		echo '<input type="hidden" name="delete" value="'.hsc($target).'" >';
+		
+		echo '<p>'.$web_root.'<span class="verify_del"><b>'.hte(basename($target)).'</b></span> '.$slash.'</p>';
+		
+		echo '<p><b>'.hsc($_['Are_you_sure']).'</b></p>';
+		Cancel_Submit_Buttons(hsc($_['DELETE']), 'cancel');
+	echo '</form>';
+
+	if (is_dir($target)) {
+		//List Files & Folders in selected folder
+		$full_list = scandir('./'.$ipath);
+		natcasesort($full_list);
+		List_Selected($full_list,$classes="verify_del");
+	}
+	
+}//end Delete_Page() //*********************************************************
+
 
 
 
+function Delete_response($target, $show_message=3) { //*************************
+	global $_, $ipath, $param1, $filename, $param2, $page, $message, $EX;
 
-function Delete_File_response($del_file = "", $show_message = 3){ //************
-	global $_, $ipath, $filename, $page, $param1, $param2, $message, $EX;
+	if ($target == "") { return 1; } //Currently, prevent delete of entire website.
 
-	if ($del_file == "") { $del_file = $_POST["delete_file"]; }
+	$target = Check_path($target,$show_message); //Make sure $target is within $WEB_ROOT
+	$target = trim($target,'/');
 	$page = "index"; //Return to index
+
 	$err_msg = ''; //On error, set this message.
 	$scs_msg = ''; //On success, set this message.
 
-
-	if (unlink($del_file)) {
-		$scs_msg .= '<b>'.hsc($_['delete_msg_01']).'</b> <span class="filename">'.hte(basename($del_file)).'</span><br>';
+	if (rDel($target)) {
+		$scs_msg .= '<b>'.hsc($_['Deleted']).':</b> ';
+		$scs_msg .= '<span class="filename">'.hte(basename($target)).'</span></br>';
+		$ipath  = dir_name($target); //Return to parent dir.
+		$param1 = '?i='.URLencode_path($ipath);
 		$filename = "";
 		$param2   = "";
 		$error = 0; //0= no error, 1 = an error.
-	}else{
-		$err_msg .= $EX.'<b>'.hsc($_['delete_msg_02']).'</b> <span class="filename">"'.hte($del_file).'"</span>.<br>';
+	}else { //Error
+		$err_msg .= $EX.'<b>'.hsc($_['delete_folder_msg_03']).'</b> <span class="filename">'.hte($target).'</span><br>'; //Error message
 		$page = $_SESSION['recent_pages'][1];
 		if ($page == "edit") {
-			$filename = $del_file;
-			$param2   = '&amp;f='.basename($filename);
+			$filename = $target;
+			$param2 = '&amp;f='.basename($filename);
 		}
 		$error = 1;
 	}
@@ -2235,49 +2292,7 @@ function Delete_File_response($del_file = "", $show_message = 3){ //************
 	if ($show_message & 2) { $message .= $scs_msg; } //Show success message.
 
 	return $error;
-}//end Delete_File_response() //************************************************
-
-
-
-
-function Delete_Folder_Page(){ //***********************************************
-	global $_, $WEB_ROOT, $ipath, $FORM_COMMON;
-?>
-	<h2><?php echo hsc($_['Del_Folder']) ?></h2>
-	<?php echo $FORM_COMMON ?>
-		<input type="hidden" name="delete_folder" value="<?php echo hsc($ipath); ?>" >
-		<p>
-		<span class="web_root"><?php echo hte($WEB_ROOT.dir_name($ipath)); ?></span><span
-		class="verify_del"><?php echo hte(basename($ipath)); ?></span> /
-		</p>
-		<p><b><?php echo hsc($_['Are_you_sure']) ?></b></p>
-		<?php Cancel_Submit_Buttons(hsc($_['DELETE']), "cancel"); ?>
-	</form>
-<?php
-}//end Delete_Folder_Page() //**************************************************
-
-
-
-
-function Delete_Folder_response() { //******************************************
-	global $_, $ipath, $param1, $page, $message, $EX;
-	$page = "index"; //Return to index
-	$foldername = Check_path($_POST["delete_folder"],1);
-	$foldername = trim($foldername,'/');
-	if ($foldername == "") { return; }
-
-	if ( !is_empty($ipath) ) {
-		$message .= $EX.'<b>'.hsc($_['delete_folder_msg_01']).'</b>';
-		$page = "index";
-	}elseif (@rmdir($foldername)) {
-		$message .= '<b>'.hsc($_['delete_folder_msg_02']).'</b> ';
-		$message .= '<span class="filename">'.hte(basename($foldername)).'</span></br>';
-		$ipath  = dir_name($foldername); //Return to parent dir.
-		$param1 = '?i='.URLencode_path($ipath);
-	}else {
-		$message .= $EX.'<b><span class="filename">"'.hte($foldername).'/"</span></b> '.hsc($_['delete_folder_msg_03']);
-	}
-}//end Delete_Folder_response() //**********************************************
+}//end Delete_response() //*****************************************************
 
 
 
@@ -2299,20 +2314,10 @@ function MCD_Page($page_title, $action, $classes = '', $focus = 'new_location')
 			echo '<input type="text" name="new_location" id="new_location" value="'.hsc($ipath).'">';
 		}
 			
-		echo '<p><b>'.hsc($_['Are_you_sure']).'</b></p>';
+		echo '<p><b>'.hsc($_['Are_you_sure']).'</b></p>'; //"Are you sure?"
 		Cancel_Submit_Buttons(hsc($page_title), $focus);
 			
-		//List selected files
-		$count = count($_POST['files']);
-		echo '<table class="verify '.$classes.'">';
-		echo '<tr><th>'.$_['Selected_Files'].':</th></tr>'."\n";
-		
-		foreach($_POST['files'] as $file) {
-			if ($file == "") {continue;} //Skip blanks. [0] will always be blank.
-			echo '<tr><td>'.hte($file).'</td></tr>';
-			echo '<input type=hidden  name="files[]" value="'.hsc($file).'">'."\n";
-		}
-		echo '</table>';
+		List_Selected($_POST['files'],$classes,true);
 	echo '</form>';
 }//end MCD_Page() //************************************************************
 
@@ -2331,11 +2336,13 @@ function MCD_response($action, $msg1, $success_msg = '') { //*******************
 
 	if ($action == 'delete') {
 		foreach ($files as $file){
-			$errors += Delete_File_response($ipath.$file, $show_message);
+			//While unlikely, protect against a malicious attempt
+			if ($file == "") {continue;} //a blank file name would cause $ipath to be deleted.
+			$errors += Delete_response($ipath.$file, $show_message);
 		}
 		
 	}else { //move or copy
-		$mcd_ipath = $ipath; //$CRM_response() changes $ipath to $new_location
+		$mcd_ipath = $ipath; //CRM_response() changes $ipath to $new_location
 		
 		//Trim whitespace & slashes, leaving only 1 trailing slash.
 		$new_location = trim($_POST['new_location'], $WHSPC_SLASH).'/';
@@ -2383,10 +2390,10 @@ function Page_Title(){ //***<title>Page_Title()</title>*************************
 	elseif ($page == "newfile")      { return $_['New_File'];      }
 	elseif ($page == "copy" )        { return $_['Copy_Files'];    }
 	elseif ($page == "rename")       { return $_['Ren_Move'].' '.$_['File'];}
-	elseif ($page == "delete")       { return $_['Del_Files'];     }
+	elseif ($page == "deletefile")   { return $_['Del_Files'];     }
+	elseif ($page == "deletefolder") { return $_['Del_Folder'];    }
 	elseif ($page == "newfolder")    { return $_['New_Folder'];    }
 	elseif ($page == "renamefolder") { return $_['Ren_Folder'];    }
-	elseif ($page == "deletefolder") { return $_['Del_Folder'];    }
 	elseif ($page == "mcdaction" && ($_POST['mcdaction'] == "copy") )   { return $_['Copy_Files'];}
 	elseif ($page == "mcdaction" && ($_POST['mcdaction'] == "move") )   { return $_['Move_Files'];}
 	elseif ($page == "mcdaction" && ($_POST['mcdaction'] == "delete") ) { return $_['Del_Files']; }
@@ -2395,25 +2402,25 @@ function Page_Title(){ //***<title>Page_Title()</title>*************************
 
 
 
-
+	
 function Load_Selected_Page(){ //***********************************************
-	global $_, $ONESCRIPT, $page;
+	global $_, $ONESCRIPT, $ipath, $filename, $page;
 
 	if     ($page == "login")        { Login_Page();          }
 	elseif ($page == "index")        { Index_Page();          }
 	elseif ($page == "admin")        { Admin_Page();          }
 	elseif ($page == "hash")         { Hash_Page();           }
-	elseif ($page == "changepw")     { Change_PWUN_Page('pw');}
-	elseif ($page == "changeun")     { Change_PWUN_Page('un');}
+	elseif ($page == "changepw")     { Change_PWUN_Page('pw','password',$_['pw_change'],$_['pw_new'],$_['pw_confirm']);}
+	elseif ($page == "changeun")     { Change_PWUN_Page('un','text',    $_['un_change'],$_['un_new'],$_['un_confirm']);}
 	elseif ($page == "edit")         { Edit_Page();           }
 	elseif ($page == "upload")       { Upload_Page();         }
 	elseif ($page == "newfile")      { New_File_or_Folder_Page($_['New_File'] ,"new_file");}
 	elseif ($page == "copy")         { CRM_Page($_['Copy'],     $_['File'], 'copy_file',   1); }
 	elseif ($page == "rename")       { CRM_Page($_['Ren_Move'], $_['File'], 'rename_file', 1); }
-	elseif ($page == "delete")       { Delete_File_Page();    }
+	elseif ($page == "deletefile")   { Delete_Page($_['Del_Files'], $filename);}
+	elseif ($page == "deletefolder") { Delete_Page($_['Del_Folder'],$ipath);}
 	elseif ($page == "newfolder")    { New_File_or_Folder_Page($_['New_Folder'] ,"new_folder");}
 	elseif ($page == "renamefolder") { CRM_Page($_['Ren_Move'], $_['Folder'], 'rename_folder', 0); }
-	elseif ($page == "deletefolder") { Delete_Folder_Page();  }
 	elseif ($page == "mcdaction")    {
 		if ($_POST['mcdaction'] == 'move')  { MCD_Page($_['Move_Files'], 'mcd_mov'); }
 		if ($_POST['mcdaction'] == 'copy')  { MCD_Page($_['Copy_Files'], 'mcd_cpy'); }
@@ -2438,12 +2445,11 @@ function Respond_to_POST() { //*************************************************
 	elseif (isset($_POST["un"]           )) { Change_PWUN_response('un', $_['change_un_02']);}
 	elseif (isset($_POST["filename"]     )) { Edit_response();           }
 	elseif (isset($_POST["new_file"]     )) { New_File_or_Folder_response("new_file", 1);}   //1=file
+	elseif (isset($_POST["new_folder"]   )) { New_File_or_Folder_response("new_folder", 0);} //0=folder
 	elseif (isset($_POST["copy_file"]    )) { CRM_response('copy'  , $_['Copy']    , 1);}
 	elseif (isset($_POST["rename_file"]  )) { CRM_response('rename', $_['Ren_Move'], 1);}
-	elseif (isset($_POST["delete_file"]  )) { Delete_File_response();    }
-	elseif (isset($_POST["new_folder"]   )) { New_File_or_Folder_response("new_folder", 0);} //0=folder
 	elseif (isset($_POST["rename_folder"])) { CRM_response('rename', $_['Ren_Move'], 0);}
-	elseif (isset($_POST["delete_folder"])) { Delete_Folder_response();  }
+	elseif (isset($_POST["delete"]       )) { Delete_response($_POST["delete"]); }
 	elseif (isset($_FILES['upload_file']['name']))  { Upload_response(); }
 
 }//end Respond_to_POST() //*****************************************************
@@ -3062,8 +3068,7 @@ function style_sheet(){ //******************************************************
 .verify {
 	min-width       : 50%; 
 	font            : 1em Courier;
-	margin-bottom   : .7em;
-	border          : 1px outset gray;
+	border          : 1px solid gray;
 	border-collapse : collapse;
 	background-color: white;
 	}
@@ -3085,16 +3090,13 @@ function style_sheet(){ //******************************************************
 
 
 .verify_del {
-	border: 1px solid #F44;
+	border: 1px solid #F00;
 	color : #222;
-	background-color: #FFE7E7;
+	background-color: #FDD;
 	font  : 1em Courier;
-	margin-bottom: .5em;
-	padding: .2em;
+	padding: .2em .4em;
 	}
 
-.verify_del    { border: 1px solid #F44; background-color: #FFE7E7; }
-
 .verify_del td { border: 1px solid #F44; }
 
 
diff --git a/readme.markdown b/readme.markdown
index c604251..628d0f2 100755
--- a/readme.markdown
+++ b/readme.markdown
@@ -1,5 +1,16 @@
 # Current stable version: 3.4.06
 
+### September 23, 2012  (v3.4.07)
+
+- Can now delete non-empty folders (just be careful!)
+- Consolidated some functions.
+- Minor bug fix & a few misc code improvements.
+
+- v3.4.07 has caused no issues on my test machine.  However, since it uses a recursive delete function, you may wish to try it out in a virtual machine or other test environment first.
+
+
+### September 19, 2012
+
 - Minor bug fix. (I'm beginning to see a pattern here...)
 
 ### September 19, 2012
@@ -196,6 +207,14 @@ GENERATE/OUTPUT THE PAGE
 
 ## Change Log
 
+### 3.4.07
+
+- Can now delete non-empty folders (just be careful!)
+- Consolidated some functions.
+- Minor bug fix & a few misc code improvements.
+- Darkened folder icons.
+- Removed & changed a few $_[] language strings. 
+
 ### 3.4.06
 
 - Minor bug fix: Index page would not display folders that started with a period ("hidden" folders on *nix)

From 7373a224c91b15759c8ba982f8e322cb96156afb Mon Sep 17 00:00:00 2001
From: Self-Evident <selfevidenttruths@mail.com>
Date: Tue, 25 Sep 2012 21:50:00 -0400
Subject: [PATCH 148/228] on 3.4.08 Added rCopy(): recursive Copy. Handles all
 file & folder copies. $VALID_PAGES: added copyfolder.  rename -> renamefile. 
 copy -> copyfile Created svg_icon_folder_cpy() Admin_Page(): Changed wording.
 Table_of_Files():Changes prep'ing for listing folders. Moved [Upload File] &
 [New File] from Index_Page() to List_Files(), next to [Move] [Copy] [Delete]
 Added [Copy Folder] button to index page. Set_Input_width(): Some changes...
 CRM_Page(): Split old_name -> old_name & old_location. CRM_response():
 removed $isfile param. Split Split old_name -> old_name & old_location.
 MCD_response(): Split old_name -> old_name & old_location.
 Load_Selected_Page(): Default to Index_Page() instead of Login_Page().
 Respond_to_POST(): copy_folder... Tweaked the css. Output of page contents: 
 Check $_SESSION['valid'] instead of $page=login. A few $_[] changes. s Please
 enter the commit message for your changes. Lines starting

---
 onefilecms.php | 316 ++++++++++++++++++++++++++++++-------------------
 1 file changed, 193 insertions(+), 123 deletions(-)

diff --git a/onefilecms.php b/onefilecms.php
index 3498036..e4a0d05 100755
--- a/onefilecms.php
+++ b/onefilecms.php
@@ -1,7 +1,7 @@
-<?php  //Adds recursive folder delete.  Seems stable & reliable.
+<?php
 // OneFileCMS - github.com/Self-Evident/OneFileCMS
 
-$OFCMS_version = '3.4.07';
+$OFCMS_version = '3.4.08';
 
 /*******************************************************************************
 Copyright © 2009-2012 https://github.com/rocktronica
@@ -142,7 +142,7 @@
 $CONFIG_file_backup    = $ONESCRIPT_path.$config_file.'.BACKUP.php'; //used for p/w & u/n updates.
 $CONFIG_url_backup     =  URLencode_path($CONFIG_file_backup);       //used for p/w & u/n updates.
 
-$VALID_PAGES = array("login","logout","admin","hash","changepw","changeun","index","edit","upload","uploaded","newfile","copy","rename","deletefile","deletefolder","newfolder","renamefolder","mcdaction");
+$VALID_PAGES = array("login","logout","admin","hash","changepw","changeun","index","edit","upload","uploaded","newfile","renamefile","copyfile","deletefile","deletefolder","newfolder","renamefolder","copyfolder","mcdaction");
 
 $INVALID_CHARS = '< > ? * : " | / \\'; //Illegal characters for file/folder names.  Space deliminated.
 $INVALID_CHARS_array = explode(' ', $INVALID_CHARS); //for use in has_invalid_char().
@@ -239,6 +239,7 @@ function Default_Language() { // ***********************************************
 $_['Ren_Moved']      = 'Renamed / Moved';
 $_['New_Folder']     = 'New Folder';
 $_['Ren_Folder']     = 'Rename / Move Folder';
+$_['Copy_Folder']    = 'Copy Folder';  //####
 $_['Del_Folder']     = 'Delete Folder';
 $_['Submit']         = 'Submit Request';
 $_['Move_Files']     = 'Move File(s)';
@@ -335,8 +336,9 @@ function Default_Language() { // ***********************************************
 $_['new_file_msg_05'] = 'Created file:';
 $_['new_file_msg_07'] = 'Created folder:';   //####
 $_['CRM_txt_02']  = 'The new location must already exist.';
-$_['CRM_txt_03']  = 'Old Name and Location'; //####
+$_['CRM_txt_03']  = 'Old Location'; //####
 $_['CRM_txt_04']  = 'New Name';
+$_['CRM_txt_05']  = 'Old Name';   //####
 $_['CRM_msg_01']  = 'Error - new parent location does not exist:';
 $_['CRM_msg_02']  = 'Error - source file does not exist:';
 $_['CRM_msg_03']  = 'Error - new file or folder already exists:'; //####
@@ -364,10 +366,8 @@ function Default_Language() { // ***********************************************
 $_['admin_txt_00'] = 'Old Backup Found';
 $_['admin_txt_01'] = 'A backup file was created in case of an error during a username or password change. Therefore, it may contain old information and should be deleted if not needed. In any case, it will automatically be overwritten on the next password or username change.';
 $_['admin_txt_02'] = 'General Information';
-$_['admin_txt_04'] = 'As of version 3.3.13, OneFileCMS no longer maintains a plain text password option, and only stores a password hash, as most login systems do.';
-$_['admin_txt_12'] = 'However, due to a number of considerations, this change was largely an academic exersize. That is, in this application, take the idea that it adds much of an improvement to security with a grain of cryptographic salt. Never-the-less, it does eliminate the storage of your password in plain text (if that option was used), which is generally considered to be a good thing.';
-$_['admin_txt_14'] = 'For another small improvement to security, change the default salt and/or method used by OneFileCMS to hash the password (and keep them secret, of course). Every little bit helps...';
-$_['admin_txt_16'] = 'Also, you can still use OneFileCMS to edit itself. However, be sure to have a backup ready for the inevitable ytpo...';
+$_['admin_txt_14'] = 'For a small improvement to security, change the default salt and/or method used by OneFileCMS to hash the password (and keep them secret, of course). Every little bit helps...'; //####
+$_['admin_txt_16'] = 'OneFileCMS can be used to edit itself.  However, be sure to have a backup ready for the inevitable ytpo...';  //####
 $_['pw_change']  = 'Change Password';
 $_['pw_current'] = 'Current Password';
 $_['pw_new']     = 'New Password';
@@ -611,7 +611,7 @@ function Get_GET() { //*** Get main parameters *********************************
 	}
 
 	//Pages that require a valid $filename
-	$file_pages = array("edit", "rename", "copy", "deletefile");
+	$file_pages = array("edit", "renamefile", "copyfile", "deletefile");
 
 	//Make sure $filename & $page go together
 	if ( ($filename != "") && !in_array($page, $file_pages) ) { $filename = "";  }
@@ -840,9 +840,40 @@ function supports_svg() { //****************************************************
 
 
 
-function rDel($path){ //********************************************************
+function rCopy( $old_path, $new_path ) { //*************************************
+	//Recursively copy $old_path to $new_path
+	global $message;
+	
+	if (file_exists($new_path))      { return false; } //Don't overwrite existing files
+	if (!is_dir(dirname($new_path))) { return false; } //New parent dir must already exist.
+	
+	if ( is_file($old_path) ) { return copy($old_path, $new_path); }
+
+	if ( is_dir($old_path) )  {
+		
+		$dir_list = scandir($old_path); //MUST come before mkdir().
+		mkdir($new_path, 0755);
+		
+		if ( sizeof($dir_list) > 0 ) {
+			foreach( $dir_list as $file ) {
+				if ( $file == "." || $file == ".." ) { continue; }
+				
+				rCopy( $old_path.'/'.$file, $new_path.'/'.$file);
+			}
+		}
+		return true;
+	}
+
+	return false; //$old_path doesn't exist, or, I don't know what it is.
+}//end rCopy() //***************************************************************
 
-	$path = trim($path, '/'); // Protects against deleting root.
+
+
+
+function rDel($path){ //********************************************************
+	//Recursively delete $path & all sub-folders & files.
+	
+	$path = trim($path, '/'); // Protects against deleting root & files outside of webroot.
 	if ($path == "") { $path = '.'; }
 
 	if ( is_file($path) ) { return unlink($path); }
@@ -856,7 +887,7 @@ function rDel($path){ //********************************************************
 		if ( $path == '.' ) { return; } //If at web root folder, just empty it, don't delete it.
 		return rmdir($path);
 	}
-	return false; //If $path is not a file or dir, I don't know what it is...
+	return false; //$path doesn't exists, or, I don't know what it is...
 }//end rDel() //****************************************************************
 
 
@@ -1196,6 +1227,14 @@ function svg_icon_folder_ren(){ //**********************************************
 
 
 
+function svg_icon_folder_cpy(){ //**********************************************
+	global $SVG_icon_circle_plus_rev;
+	$extra = '<g transform="translate(7.5,4)">'.$SVG_icon_circle_plus_rev.'</g>';
+	return svg_icon_folder_0($extra);
+}//end svg_icon_folder_cpy() //*************************************************
+
+
+
 function svg_icon_folder_del(){ //**********************************************
 	global $SVG_icon_circle_x;
 	$extra = '<g transform="translate(7.5,4)">'.$SVG_icon_circle_x.'</g>';
@@ -1241,7 +1280,7 @@ function List_Backup($file, $file_url){ //**************************************
 
 		<script>document.getElementById("old_backup").focus();</script>
 		<a href="<?php echo $href.'&amp;p=deletefile' ?>" class="button" id="del_backup"><?php echo hsc($_['Delete']) ?></a>
-		<div style="clear: both"></div>
+		<div class=clear></div>
 <?php
 }//end List_Backup() //*********************************************************
 
@@ -1305,10 +1344,8 @@ function Admin_Page() { //******************************************************
 	?>
 		
 	<p><b><?php echo hsc($_['admin_txt_02']) ?></b>
-	<p><?php echo hsc($_['admin_txt_04']) ?>
-	<p><?php echo hsc($_['admin_txt_12']) ?>
-	<p><?php echo hsc($_['admin_txt_14']) ?>
 	<p><?php echo hsc($_['admin_txt_16']) ?>
+	<p><?php echo hsc($_['admin_txt_14']) ?>
 	</div>
 <?php
 }//end Admin_Page() //**********************************************************
@@ -1376,13 +1413,13 @@ function Change_PWUN_Page($pwun, $type,$page_title,$label_new,$label_confirm) {
 		
 		<?php echo $INPUT_NUONCE; ?>
 		
-		<?php echo hsc($_['pw_current']) ?><br>
+		<p><?php echo hsc($_['pw_current']) ?><br>
 		<input type="password" name="current_pw" id="current_pw" value="">
 		
-		<?php echo hsc($label_new) ?><br>
+		<p><?php echo hsc($label_new) ?><br>
 		<input type="<?php echo $type ?>" name="new1" id="new1" value="">
 		
-		<?php echo hsc($label_confirm) ?><br>
+		<p><?php echo hsc($label_confirm) ?><br>
 		<input type="<?php echo $type ?>" name="new2" id="new2" value="">
 		
 		<?php Cancel_Submit_Buttons(hsc($_['Submit']), 'current_pw') ?>
@@ -1524,7 +1561,7 @@ function Login_Page() { //******************************************************
 	<h2><?php echo hsc($_['Log_In']) ?></h2>
 	<form method="post" action="<?php echo $ONESCRIPT; ?>">
 		<label for="username"><?php echo hsc($_['login_txt_01']) ?></label>
-		<input type="text" name="username" id="username" class="login_input" >
+		<input type="text"     name="username" id="username" class="login_input">
 		<label for="password"><?php echo hsc($_['login_txt_02']) ?></label>
 		<input type="password" name="password" id="password" class="login_input">
 		<input type="submit" class="button" value="<?php echo hsc($_['Enter']) ?>">
@@ -1588,7 +1625,7 @@ function Login_response() { //**************************************************
 
 
 
-function Table_of_Files($files, $R, $C, $D) { //********************************
+function Table_of_Files($files, $folders, $R, $C, $D) { //********************************
 	global $_, $ONESCRIPT, $ipath, $param1, $ftypes, $fclasses, $excluded_list, $stypes, $SHOWALLFILES;
 
 	//dummy input to make sure files[] is always an array in js for Select_All() & Confirm_Ready().
@@ -1598,7 +1635,7 @@ function Table_of_Files($files, $R, $C, $D) { //********************************
 	foreach ($files as $file) {
 		
 		$excluded = FALSE;
-		if (in_array(basename($file), $excluded_list)) { $excluded = TRUE; };
+		if (in_array($file, $excluded_list)) { $excluded = TRUE; };
 		
 		//Get file type & check against $stypes (files types to show)
 		$filename_parts = explode(".", strtolower($file));
@@ -1609,34 +1646,45 @@ function Table_of_Files($files, $R, $C, $D) { //********************************
 		$IS_OFCMS = false;
 		if ( $ipath.$file == trim(rawurldecode($ONESCRIPT), '/') ) { $IS_OFCMS = true;  }
 		
-		if ( $SHOWTYPE && !is_dir($ipath.$file) && !$excluded ) {
+		if ( $SHOWTYPE &&  !$excluded ) { //!is_dir($ipath.$file) &&
 			
-			//Set icon type based on file type ($ext).
-			$type = $fclasses[array_search($ext, $ftypes)];
+			$HREF_params = $ONESCRIPT.$param1;
+			$parm_folder = '';
 			
-			$HREF_params = $ONESCRIPT.$param1.'&amp;f='.rawurlencode($file);
+			//Set icon type based on file type ($ext).
+			if (is_dir($ipath.$file)) {
+				$f_or_f = 'folder';
+				$type = 'dir';
+				$HREF_params .= $file.'/';
+				$param3 = '';
+			}else {
+				$f_or_f = "file";
+				$type = $fclasses[array_search($ext, $ftypes)];
+				$HREF_params .= '&amp;f='.rawurlencode($file);
+				$param3 = '&amp;p=edit';
+			}
 ?>
 			<tr>
 				<td class="rcd">
 				<?php if (!$IS_OFCMS){
-					  echo '<a href="'.$HREF_params.'&amp;p=rename" title="'.hsc($_['Ren_Move']).'" class="rcd1">'.$R.'</a>';
-				} ?>
-				</td>
-				<td class="rcd">
-				<?php echo '<a href="'.$HREF_params.'&amp;p=copy"   title="'.hsc($_['Copy']).'"     class="rcd1">'.$C.'</a>' ?>
-				</td>
+					echo '<a href="'.$HREF_params.'&amp;p=rename'.$f_or_f.'" title="'.hsc($_['Ren_Move']).'" class="rcd1">'.$R.'</a>';
+				} ?></td>
+				
 				<td class="rcd">
-				<?php if (!$IS_OFCMS){
-					  echo '<a href="'.$HREF_params.'&amp;p=deletefile" title="'.hsc($_['Delete']).'"   class="rcd1">'.$D.'</a>';
-				} ?>
-				</td>
-				<td class="ckbox">
-				<?php if (!$IS_OFCMS){
+				<?php
+					echo '<a href="'.$HREF_params.'&amp;p=copy'.$f_or_f.'"   title="'.hsc($_['Copy']).'"   class="rcd1">'.$C.'</a>'
+				?></td>
+				
+				<td class="rcd"><?php if (!$IS_OFCMS){
+					echo '<a href="'.$HREF_params.'&amp;p=delete'.$f_or_f.'" title="'.hsc($_['Delete']).'" class="rcd1">'.$D.'</a>';
+				} ?></td>
+				
+				<td class="ckbox"><?php if (!$IS_OFCMS){
 					echo '<INPUT TYPE=checkbox NAME="files[]" VALUE="'.hsc($file).'">';
-				} ?>
-				</td>
+				} ?></td>
+				
 				<td class="file_name">
-					<?php echo '<a href="'.$HREF_params.'&amp;p=edit"  title="'.hsc($_['Edit_View']).'">'; ?>
+					<?php echo '<a href="'.$HREF_params.$param3.'"  title="'.hsc($_['Edit_View']).'">'; ?>
 					<?php echo show_icon($type).hte($file), '</a>'; ?>
 				</td>
 				<td class="meta_T file_size">&nbsp;
@@ -1647,14 +1695,14 @@ function Table_of_Files($files, $R, $C, $D) { //********************************
 				</td>
 			</tr>
 <?php
-		}//end if !is_dir...
+		}//end if...
 	}//end foreach file
 	echo '</table>';
 }//end Table_of_Files() //******************************************************
 
 
 
-function List_Files($files) { //************************************************
+function List_Files($files, $folders) { //************************************************
 	//called from Index Page
 	global $_, $ONESCRIPT, $ipath, $param1, $ftypes, $fclasses, $excluded_list;
 
@@ -1689,10 +1737,15 @@ function input_mcd_action($label, $mcd, $icon="") {
 	echo input_mcd_action($_['Move']  , 'move'  , 'svg_icon_ren' );
 	echo input_mcd_action($_['Copy']  , 'copy'  , 'svg_icon_copy');
 	echo input_mcd_action($_['Delete'], 'delete', 'svg_icon_del' );
-	
+
+	echo '<p class="front_links" style="float: right; margin: 0;">';
+		echo '<a href="'.$ONESCRIPT.$param1.'&amp;p=upload">'   .svg_icon_upload()    .hsc($_['Upload_File']).'</a>';
+		echo '<a href="'.$ONESCRIPT.$param1.'&amp;p=newfile">'  .svg_icon_file_new()  .hsc($_['New_File'])   .'</a>';
+	echo '</p><div class=clear></div>';
+
 	echo '</div>'; //end class=action
 
-	Table_of_Files($files, $R, $C, $D);
+	Table_of_Files($files, $folders, $R, $C, $D);
 
 	echo '</form>';
 }//end List_Files() //**********************************************************
@@ -1713,31 +1766,30 @@ function Index_Page(){ //*******************************************************
 	$F=1; $D=1;  //indexes
 	foreach( $full_list as $item ) {
 		if ( ($item == '.') || ($item == '..')){ continue; }
-		if (is_dir($ipath.$item)){ $folders[$D++] = $ipath.$item.'/'; }
+		if (is_dir($ipath.$item)){ $folders[$D++] = $item; }
 		else                     { $files[$F++]   = $item; }
 	}
 
 	//List folders
 	echo '<p class="index_folders">';
 		foreach ($folders as $folder) {
-			echo '<a href="'.$ONESCRIPT.'?i='.URLencode_path($folder).'/">'.PHP_EOL;
-			echo svg_icon_folder();
-			echo hte(basename($folder)).' /</a>';
+			echo '<a href="'.$ONESCRIPT.'?i='.URLencode_path($ipath.$folder).'/">'."\n";
+			echo svg_icon_folder()."\n";
+			echo hte($folder).' /</a>';
 		}
 	echo '</p>';
 
 	//Upload_New_Rename_Delete_Links
 	echo '<p class="front_links">';
-	echo '<a href="'.$ONESCRIPT.$param1.'&amp;p=upload">'   .svg_icon_upload()    .hsc($_['Upload_File']).'</a>';
-	echo '<a href="'.$ONESCRIPT.$param1.'&amp;p=newfile">'  .svg_icon_file_new()  .hsc($_['New_File'])   .'</a>';
 	echo '<a href="'.$ONESCRIPT.$param1.'&amp;p=newfolder">'.svg_icon_folder_new().hsc($_['New_Folder']) .'</a>';
 	if ($ipath !== "") { //if at root, don't show [Rename] & [Delete] links
 		echo '<a href="'.$ONESCRIPT.$param1.'&amp;p=renamefolder">'.svg_icon_folder_ren().hsc($_['Ren_Folder']).'</a>';
+		echo '<a href="'.$ONESCRIPT.$param1.'&amp;p=copyfolder">'  .svg_icon_folder_cpy().hsc($_['Copy_Folder']).'</a>';
 		echo '<a href="'.$ONESCRIPT.$param1.'&amp;p=deletefolder">'.svg_icon_folder_del().hsc($_['Del_Folder']).'</a>';
 	}
 	echo '</p>';
 
-	List_Files($files);
+	List_Files($files,$folders);
 
 }//end Index_Page() //**********************************************************
 
@@ -1799,10 +1851,10 @@ function Edit_Page_buttons($text_editable, $too_large_to_edit) { //*************
 <?php }
 	//Don't show [Rename] or [Delete] if editing OneFileCMS itself.
 
-	if (!$Editing_OFCMS) { echo $Button.hsc($_['Ren_Move']).$ACTION.'rename\'">'; }
-	echo $Button.hsc($_['Copy'])    .$ACTION.'copy\'">';
+	if (!$Editing_OFCMS) { echo $Button.hsc($_['Ren_Move']).$ACTION.'renamefile\'">'; }
+	echo                        $Button.hsc($_['Copy'])    .$ACTION.'copyfile\'">';
 	if (!$Editing_OFCMS) { echo $Button.hsc($_['Delete'])  .$ACTION.'deletefile\'" id="delete">'; }
-	echo $Button.hsc($_['Close']).'" onclick="parent.location = \''.$ONESCRIPT.$params.'\'">'
+	echo                        $Button.hsc($_['Close']).'" onclick="parent.location = \''.$ONESCRIPT.$params.'\'">'
 ?>
 	</div>
 <?php
@@ -1845,7 +1897,7 @@ function Edit_Page_form($ext, $text_editable, $too_large_to_edit, $too_large_to_
 					echo '<textarea id="file_contents" name="contents" cols="70" rows="25"';
 					echo 'onkeyup="Check_for_changes(event);">'.$filecontents.'</textarea>'.PHP_EOL;
 				}
-			}//end if non-text file...
+			}//end if/else non-text file...
 		}//end if non-image
 		
 		Edit_Page_buttons($text_editable, $too_large_to_edit);
@@ -2079,7 +2131,7 @@ function New_File_or_Folder_response($post, $is_file){ //***********************
 		$param2   = '&amp;f='.rawurlencode(basename($filename)); //for Edit_Page() buttons
 		$param3   = '&amp;p=edit';                               //for Edit_Page() buttons
 		
-	}elseif ( !$is_file && mkdir($new_ipath)) { //Create Folder
+	}elseif ( !$is_file && mkdir($new_ipath,0755)) { //Create Folder
 		$message .= '<b>'.hsc($_['new_file_msg_07']).'</b> '.$msg_new; //New folder success
 		$ipath    = $new_ipath;  //return to new folder
 		$param1   = '?i='.URLencode_path($ipath);
@@ -2093,26 +2145,34 @@ function New_File_or_Folder_response($post, $is_file){ //***********************
 
 
 function Set_Input_width() { //*************************************************
-	global $WEB_ROOT, $MAIN_WIDTH;
+	global $_, $WEB_ROOT, $MAIN_WIDTH;
 
-	// (width of <input type=text>) = $MAIN_WIDTH - (Width of $WEB_ROOT)
+	// (width of <input type=text>) = $MAIN_WIDTH - (Width of <label> & $WEB_ROOT)
 	// $MAIN_WIDTH may be in em, px, or pt.
 	// Width of 1 character = .625em = 10px = 7.5pt  (1em = 16px = 12pt)
 
-	$root_enc =  mb_detect_encoding($WEB_ROOT); //ASCII? UTF8? etc...
-	$root_len = (mb_strlen($WEB_ROOT, $root_enc) + 1); //+1 for good measure.
-	$main_width = $MAIN_WIDTH * 1;   //set in config section. Default is 810px.
-	$main_units = substr($MAIN_WIDTH, -2); //should be em, px, or pt
+	$label_enc    =  mb_detect_encoding($_['New_Location']); //ASCII? UTF8? etc...
+	$root_enc     =  mb_detect_encoding($WEB_ROOT);          //ASCII? UTF8? etc...
+	$root_width   = (mb_strlen($WEB_ROOT, $root_enc));
+	$label_width1 = (mb_strlen($_['CRM_txt_03'], $label_enc)); // "Old Location"
+	$label_width2 = (mb_strlen($_['New_Location'], $label_enc));
+
+	if ($label_width1 > $label_width2) {$label_width = $label_width1;}
+	else                               {$label_width = $label_width2;}
+
+	$indent       = ($label_width + $root_width + 1 ); // +1 for good measure
+	$main_width   = $MAIN_WIDTH * 1;   //set in config section. Default is 810px.
+	$main_units   = substr($MAIN_WIDTH, -2); //should be em, px, or pt
 
 	//convert to em
-	$root_len = $root_len *.625;
+	$indent = $indent *.625;
 	if     ( $main_units == "px") { $main_width = $main_width / 16 ; }
 	elseif ( $main_units == "pt") { $main_width = $main_width / 12 ; }
-	else                          { $main_width = $main_width      ; }
 
-	$input_type_text_width = ($main_width - $root_len).'em';
+	$input_type_text_width = ($main_width - $indent).'em';
 
-	echo '<style>input[type="text"] {width: '.$input_type_text_width.';}</style>';
+	echo '<style>input[type="text"] {width: '.$input_type_text_width.';}';
+	echo 'label {display: inline-block; width: '.($indent - 4.8).'em; }</style>';
 
 }//end Set_Input_width() //*****************************************************
 
@@ -2125,7 +2185,6 @@ function CRM_Page($action, $title, $name_id, $isfile) { //**********************
 
 	if ($isfile) { $old_name = $filename; }else{ $old_name = $ipath; }
 	if ($isfile) { $new_name = $filename; }else{ $new_name = $ipath; }
-	//if ($action == "Copy" ) { $new_name = ordinalize($ipath, basename($filename), $msg); }
 
 	Set_Input_width();
 ?>
@@ -2133,18 +2192,23 @@ function CRM_Page($action, $title, $name_id, $isfile) { //**********************
 
 	<?php echo $FORM_COMMON ?>
 		<input type="hidden" name="<?php echo $name_id ?>"  value="<?php echo hsc($name_id); ?>">
-
-		<label><?php echo hsc($_['CRM_txt_03']) ?></label><br>
-		<span class="web_root"><?php echo hte($WEB_ROOT); ?></span><input type="text"
-		name="old_name" value="<?php echo hsc($old_name); ?>" readonly="readonly">
-
-		<label><?php echo hsc($_['CRM_txt_04']) ?></label><br>
-		<input type="text" name="new_name" id="new_name" value="<?php echo hsc(basename($new_name)); ?>"><br>
-
-		<label><?php echo hsc($_['New_Location']) ?></label> &nbsp; &nbsp;(<?php echo hsc($_['CRM_txt_02']) ?>)<br>
-		<span class="web_root"><?php echo hte($WEB_ROOT); ?></span><input type="text"
-		name="new_location" id="new_location" value="<?php echo hsc(dir_name($new_name)); ?>"><br>
-
+		
+		<label><?php echo hsc($_['CRM_txt_05']) ?>:</label> 
+		<input type=text name=old_name id=old_name class=old_new_name 
+			value="<?php echo hsc(basename($old_name)); ?>" readonly=readonly><br>
+
+		<label><?php echo hsc($_['CRM_txt_03']) ?>:</label>
+		<span class="web_root"><?php echo hte($WEB_ROOT); ?></span><input type=text name=old_location id=old_location 
+			value="<?php echo hsc(dir_name($old_name)); ?>" readonly=readonly><br>
+		<br>
+		<label><?php echo hsc($_['CRM_txt_04']) ?>:</label>
+		<input type=text name=new_name id=new_name class=old_new_name value="<?php echo hsc(basename($new_name)); ?>"><br>
+		
+		<label><?php echo hsc($_['New_Location']) ?>:</label>
+		<span class="web_root"><?php echo hte($WEB_ROOT); ?></span><input type=text
+		name=new_location id=new_location value="<?php echo hsc(dir_name($new_name)); ?>"><br>
+		<p>(<?php echo hsc($_['CRM_txt_02']) ?>)</p>
+		
 		<?php Cancel_Submit_Buttons($action, "new_name"); ?>
 	</form>
 <?php
@@ -2153,24 +2217,27 @@ function CRM_Page($action, $title, $name_id, $isfile) { //**********************
 
 
 
-function CRM_response($action, $msg1, $isfile, $show_message = 3){ //***********
-	//Returns 0 if successful, 1 on error.
-	//$action = 'copy' or 'rename'. $isfile = 1 if acting on a file, not a folder
+function CRM_response($action, $msg1, $show_message = 3){ //********************
+	//$action = 'rCopy' or 'rename'.  Returns 0 if successful, 1 on error.
 	//$show_message: 0 = none; 1 = errors only; 2 = successes only; 3 = all messages (default).
 	global $_, $WEB_ROOT, $ipath, $filename, $page, $param1, $param2, $message, $EX, $INVALID_CHARS, $WHSPC_SLASH;
 
-	$old_name      = trim($_POST["old_name"], $WHSPC_SLASH); //Trim whitespace & slashes.
-	$old_location  = dir_name($old_name); //dir_name() adds a trailing slash.
-	$new_name_only = trim($_POST["new_name"], $WHSPC_SLASH); //file or folder only - no path yet.
+	$old_name_only = trim($_POST["old_name"], $WHSPC_SLASH);     //Trim whitespace & slashes.
+	$old_location  = trim($_POST["old_location"], $WHSPC_SLASH); 
+	$new_name_only = trim($_POST["new_name"], $WHSPC_SLASH);
 	$new_location  = trim($_POST['new_location'], $WHSPC_SLASH);
 	if ($new_location != "") { $new_location .= '/'; }
+	if ($old_location != "") { $old_location .= '/'; }
+	$old_name      = $old_location.$old_name_only;
 	$new_name      = $new_location.$new_name_only;
 	$filename      = $old_name; //default if error.
 
+	$isfile = 0; if (is_file($old_name)) { $isfile = 1;} //File or folder?
+
 	//Common message lines
 	$com_msg  = '<div id="message_left">'.hte($_['From']).'<br>'.hte($_['To']).'</div>';
 	$com_msg .= '<b>: </b><span class="filename">'.hte($old_name).'</span><br>';
-	$com_msg .= '<b>: </b><span class="filename">'.hte($new_name).'</span>';
+	$com_msg .= '<b>: </b><span class="filename">'.hte($new_name).'</span><br>';
 
 	$err_msg = ''; //Error message.
 	$scs_msg = ''; //Success message.
@@ -2190,9 +2257,11 @@ function CRM_response($action, $msg1, $isfile, $show_message = 3){ //***********
 	//Check new location for invalid chars etc.
 	}elseif ( Check_path($new_location,$show_message) === false ) {
 		$bad_name = $new_location;
+	//$new_location must already exist (as a directory)
 	}elseif ( ($new_location != "") && !is_dir($new_location) ) {
 		$err_msg .= $EX.'<b>'.hsc($msg1.' '.$_['CRM_msg_01']).'</b><br>';
 		$bad_name = $new_location;
+	//Don't overwrite existing files.
 	}elseif ( file_exists($new_name) ) {
 		$bad_name = $new_name;
 		$err_msg .= $EX.'<b>'.hsc($msg1.' '.$_['CRM_msg_03']).'</b><br>';
@@ -2352,10 +2421,11 @@ function MCD_response($action, $msg1, $success_msg = '') { //*******************
 		}
 		
 		foreach ($files as $file){
-			$_POST['old_name'] = $mcd_ipath.$file;
+			$_POST['old_name'] = $file;
+			$_POST['old_location'] = $mcd_ipath;
 			$_POST['new_name'] = $file;
 			$_POST['new_location'] = $new_location;
-			$errors  += CRM_response($action, $msg1, $isfile, $show_message);
+			$errors  += CRM_response($action, $msg1, $show_message);
 		}
 	}
 
@@ -2380,7 +2450,7 @@ function MCD_response($action, $msg1, $success_msg = '') { //*******************
 function Page_Title(){ //***<title>Page_Title()</title>*************************
 	global $_, $page;
 
-	if     ($page == "login")        { return $_['Log_In'];        }
+	if     (!$_SESSION['valid'])     { return $_['Log_In'];        }
 	elseif ($page == "admin")        { return $_['Admin_Options']; }
 	elseif ($page == "hash")         { return $_['Generate_Hash']; }
 	elseif ($page == "changepw")     { return $_['pw_change'];     }
@@ -2388,8 +2458,8 @@ function Page_Title(){ //***<title>Page_Title()</title>*************************
 	elseif ($page == "edit")         { return $_['Edit_View'];     }
 	elseif ($page == "upload")       { return $_['Upload_File'];   }
 	elseif ($page == "newfile")      { return $_['New_File'];      }
-	elseif ($page == "copy" )        { return $_['Copy_Files'];    }
-	elseif ($page == "rename")       { return $_['Ren_Move'].' '.$_['File'];}
+	elseif ($page == "copyfile" )    { return $_['Copy_Files'];    }
+	elseif ($page == "renamefile")   { return $_['Ren_Move'].' '.$_['File'];}
 	elseif ($page == "deletefile")   { return $_['Del_Files'];     }
 	elseif ($page == "deletefolder") { return $_['Del_Folder'];    }
 	elseif ($page == "newfolder")    { return $_['New_Folder'];    }
@@ -2406,27 +2476,27 @@ function Page_Title(){ //***<title>Page_Title()</title>*************************
 function Load_Selected_Page(){ //***********************************************
 	global $_, $ONESCRIPT, $ipath, $filename, $page;
 
-	if     ($page == "login")        { Login_Page();          }
-	elseif ($page == "index")        { Index_Page();          }
-	elseif ($page == "admin")        { Admin_Page();          }
-	elseif ($page == "hash")         { Hash_Page();           }
-	elseif ($page == "changepw")     { Change_PWUN_Page('pw','password',$_['pw_change'],$_['pw_new'],$_['pw_confirm']);}
-	elseif ($page == "changeun")     { Change_PWUN_Page('un','text',    $_['un_change'],$_['un_new'],$_['un_confirm']);}
-	elseif ($page == "edit")         { Edit_Page();           }
-	elseif ($page == "upload")       { Upload_Page();         }
-	elseif ($page == "newfile")      { New_File_or_Folder_Page($_['New_File'] ,"new_file");}
-	elseif ($page == "copy")         { CRM_Page($_['Copy'],     $_['File'], 'copy_file',   1); }
-	elseif ($page == "rename")       { CRM_Page($_['Ren_Move'], $_['File'], 'rename_file', 1); }
+	if     (!$_SESSION['valid'])     { Login_Page(); }
+	elseif ($page == "admin")        { Admin_Page(); }
+	elseif ($page == "hash")         { Hash_Page();  }
+	elseif ($page == "changepw")     { Change_PWUN_Page('pw', 'password', $_['pw_change'], $_['pw_new'], $_['pw_confirm']);}
+	elseif ($page == "changeun")     { Change_PWUN_Page('un', 'text',     $_['un_change'], $_['un_new'], $_['un_confirm']);}
+	elseif ($page == "edit")         { Edit_Page();  }
+	elseif ($page == "upload")       { Upload_Page();}
+	elseif ($page == "newfile")      { New_File_or_Folder_Page($_['New_File']  , "new_file");     }
+	elseif ($page == "newfolder")    { New_File_or_Folder_Page($_['New_Folder'], "new_folder");   }
+	elseif ($page == "copyfile")     { CRM_Page($_['Copy'],     $_['File']  , 'copy_file'    , 1);}
+	elseif ($page == "copyfolder")   { CRM_Page($_['Copy'],     $_['Folder'], 'copy_folder'  , 0);}
+	elseif ($page == "renamefile")   { CRM_Page($_['Ren_Move'], $_['File']  , 'rename_file'  , 1);}
+	elseif ($page == "renamefolder") { CRM_Page($_['Ren_Move'], $_['Folder'], 'rename_folder', 0);}
 	elseif ($page == "deletefile")   { Delete_Page($_['Del_Files'], $filename);}
 	elseif ($page == "deletefolder") { Delete_Page($_['Del_Folder'],$ipath);}
-	elseif ($page == "newfolder")    { New_File_or_Folder_Page($_['New_Folder'] ,"new_folder");}
-	elseif ($page == "renamefolder") { CRM_Page($_['Ren_Move'], $_['Folder'], 'rename_folder', 0); }
 	elseif ($page == "mcdaction")    {
 		if ($_POST['mcdaction'] == 'move')  { MCD_Page($_['Move_Files'], 'mcd_mov'); }
 		if ($_POST['mcdaction'] == 'copy')  { MCD_Page($_['Copy_Files'], 'mcd_cpy'); }
 		if ($_POST['mcdaction'] == 'delete'){ MCD_Page($_['Del_Files'],  'mcd_del', 'verify_del', 'cancel'); }
 	}
-	else                             { Login_Page();          } //default
+	else                             { Index_Page();          } //default
 }//end Load_Selected_Page() //**************************************************
 
 
@@ -2446,9 +2516,10 @@ function Respond_to_POST() { //*************************************************
 	elseif (isset($_POST["filename"]     )) { Edit_response();           }
 	elseif (isset($_POST["new_file"]     )) { New_File_or_Folder_response("new_file", 1);}   //1=file
 	elseif (isset($_POST["new_folder"]   )) { New_File_or_Folder_response("new_folder", 0);} //0=folder
-	elseif (isset($_POST["copy_file"]    )) { CRM_response('copy'  , $_['Copy']    , 1);}
-	elseif (isset($_POST["rename_file"]  )) { CRM_response('rename', $_['Ren_Move'], 1);}
-	elseif (isset($_POST["rename_folder"])) { CRM_response('rename', $_['Ren_Move'], 0);}
+	elseif (isset($_POST["copy_file"]    )) { CRM_response('rCopy' , $_['Copy']   ); }
+	elseif (isset($_POST["rename_file"]  )) { CRM_response('rename', $_['Ren_Move']);}
+	elseif (isset($_POST["copy_folder"]  )) { CRM_response('rCopy' , $_['Copy']   ); }
+	elseif (isset($_POST["rename_folder"])) { CRM_response('rename', $_['Ren_Move']);}
 	elseif (isset($_POST["delete"]       )) { Delete_response($_POST["delete"]); }
 	elseif (isset($_FILES['upload_file']['name']))  { Upload_response(); }
 
@@ -2927,18 +2998,18 @@ function style_sheet(){ //******************************************************
 input[type="text"] {
 	width  : 99.5%;
 	border : 1px solid #807568;
+	margin : .1em
 	padding: 2px;
-	margin-bottom: .6em;
-	font   : 1em "Courier New", Courier, monospace;
+	font   : 1em Courier;
 	}
 
 
 input[type="password"] {
-	border  : 1px solid #807568;
-	margin-bottom: .6em;
-	padding : 2px 0px 2px 2px;
-	width   : 100%;
-	font    : 1em courier;
+	border : 1px solid #807568;
+	margin : .1em
+	padding: 2px 0px 2px 2px;
+	width  : 100%;
+	font   : 1em courier;
 }
 
 input:focus  { background-color: rgb(255,250,150); }
@@ -3088,7 +3159,6 @@ function style_sheet(){ //******************************************************
 	vertical-align: middle;
 	}
 
-
 .verify_del {
 	border: 1px solid #F00;
 	color : #222;
@@ -3127,7 +3197,7 @@ function style_sheet(){ //******************************************************
 .edit_btns_bottom { float: right; }
 .edit_btns_bottom .button { margin-left: .5em; }
 
-input[type="text"]#new_name {width  : 60%;}
+input[type="text"].old_new_name {width  : 60%;}
 
 .old_backup_T { float: left; margin-bottom: .3em; }
 
@@ -3285,8 +3355,8 @@ function Language_and_config_adjusted_styles() { //*****************************
 
 Error_reporting_and_early_output(1,0);
 
-if ($page == "login"){ echo '<div id="main" class="login_page">'; }
-else                 { echo '<div id="main" class="container" >'; }
+if (!$_SESSION['valid']){ echo '<div id="main" class="login_page">'; }
+else                    { echo '<div id="main" class="container" >'; }
 
 Page_Header();
 
@@ -3297,16 +3367,16 @@ function Language_and_config_adjusted_styles() { //*****************************
 Load_Selected_Page();
 
 //Countdown timer...
-if ($page != "login") {
+if ($_SESSION['valid']) {
 	echo '<hr>';
 	echo Timeout_Timer($MAX_IDLE_TIME, 'timer0', 'timer timeout', 'LOGOUT');
 	echo '<span class="timeout">'.hsc($_['time_out_txt']).'&nbsp; </span>';
 }
 
 //Admin link
-if ( $page != "login" && ($_SESSION['admin_page'] === false) ) {
+if ( $_SESSION['valid'] && ($_SESSION['admin_page'] === false) ) {
 	echo '<a id="admin" href="'.$ONESCRIPT.$param1.$param2.'&amp;p=admin">'.hsc($_['Admin']).'</a>';
-}elseif ($page != 'login') {
+}elseif ($_SESSION['valid']) {
 	echo '<br>';
 }
 

From 73d2b71c6707d32d5e0de971160a786affdaf436 Mon Sep 17 00:00:00 2001
From: David <selfevidenttruths@mail.com>
Date: Mon, 8 Oct 2012 16:45:00 -0400
Subject: [PATCH 149/228] Version 3.4.10 Removed horizontal listing of folders
 from header. Restructured Index_Page(), List_Files(), and Table_of_Files().
 Table_of_Files(): List folders and files. (Formerly only listed files.)
 Index_Page(): Removed [Rename/Move Folder] and [Copy Folder] buttons.
 Verify_Page_Conditions(): Prep for MCD_Page() to delete a single folder
 selected via (x) icon on index page. Set_Input_Width(): Made changed re: no
 longer using "Old LOcation" ($_[crm_txt_03]) rDel(): Now returns number of
 deletes & unlinks, or false on an error. Set_Input_Width(): Cleaned up &
 cooresponding changes for CRM_...() CRM_Page(): Removed "Old Name" & "Old
 Location" lines as redundant/implicit.             Combined into one <input
 type=hidden name=old_name ...> CRM_response: old_name & Old_location are no
 longer seperate $_POST values. MCD_response(): old_name & Old_location are no
 longer seperate $_POST values. New_response(): Renamed $is_file to $isfile.
 Responsd_to_POST(): Consolidated Copy_ & rename_folder  into copy_ &
 rename_file(). Load_Selected_Page():copy_folder -> copy_file, rename_folder
 -> rename_file Respond_to_POST(): Made cooresponding changes for
 MCD_response() & Load_Selected_Page(). Removed svg_icon_folder_ren(),
 svg_icon_folder_cpy(), and svg_icon_folder_del(), 	
 svg_icon_ren(), and svg_icon_file_del(). (No longer used) Changed/ added:
 svg_icon_mov(), svg_icon_ren_mov(). Init_icons(): Converted svg icons from a
 bunch of functions to an array of $ICONS[] show_icon(): Cooresponding changes
 to use $ICONS. show_icon(): Consolidated code into List_File() (its one use).
 Added icon & file types for compressed files. Select_All(): Now works in IE.
 Confirm_ready(): minor improvement to logic. style_sheet(): Some misc
 cleanup. Changed: $_['Selected_Files'] = 'Selected Folders and Files'; //####
 Deleted: $_['R'], $_['C'], $_['D'], $_['delete_msg_01'], $_['delete_msg_02'],
 	     $_['CRM_txt_03'], $_['CRM_txt_05']

---
 OneFileCMS.LANG.DE.php   |  123 ++--
 OneFileCMS.LANG.EN.php   |  117 ++--
 OneFileCMS.LANG.ES.php   |  185 +++---
 OneFileCMS_structure.txt |   38 +-
 onefilecms.php           | 1309 ++++++++++++++++----------------------
 readme.markdown          |   30 +-
 6 files changed, 784 insertions(+), 1018 deletions(-)

diff --git a/OneFileCMS.LANG.DE.php b/OneFileCMS.LANG.DE.php
index ec7b07d..1f0bb14 100755
--- a/OneFileCMS.LANG.DE.php
+++ b/OneFileCMS.LANG.DE.php
@@ -1,5 +1,5 @@
 <?php
-// OneFileCMS Language Settings v3.4.07
+// OneFileCMS Language Settings v3.4.10
 
 $_['LANGUAGE'] = 'Deutsch';
 $_['LANG'] = 'DE';
@@ -16,19 +16,15 @@
 // In some instances, some langauges may use significantly longer words or phrases than others.
 // So, a smaller font or less spacing may be desirable in those places to preserve page layout.
 //
-$_['front_links_font_size'] = '.9em';   //Buttons on Index page.
-$_['front_links_margin_R']  = '.5em';
-$_['button_font_size']      = '.7em';   //Buttons on Edit page.
-$_['button_margin_L']       = '.5em';
-$_['button_padding']        = '4px 5px';
-$_['image_info_font_size']  = '.95em';  //show_img_msg_01  &  _02
-$_['image_info_pos']        = '1';      //If 1 or true, moves the info down a line for more space.
-$_['select_all_label_size'] = '.84em';  //Font size of $_['Select_All']
-$_['select_all_div_width']  = '73px';   //Width of space for $_['Select_All']
-
-$_['R'] = 'U'; //U mbenennen
-$_['C'] = 'K'; //K opieren
-$_['D'] = 'L'; //L öschen
+$_['front_links_font_size']  = '0.9em';  //Buttons on Index page.
+$_['front_links_margin_L']   = '0.5em';
+$_['button_font_size']       = '.7em';   //Buttons on Edit page.
+$_['button_margin_L']        = '.5em';
+$_['button_padding']         = '4px 5px';
+$_['image_info_font_size']   = '.95em';  //show_img_msg_01  &  _02
+$_['image_info_pos']         = '1';      //If 1 or true, moves the info down a line for more space.
+$_['select_all_label_size']  = '.84em';  //Font size of $_['Select_All']
+$_['select_all_label_width'] = '76px';   //Width of space for $_['Select_All']
 
 $_['Admin']   = 'Konfiguration';
 $_['Cancel']  = 'Abbrechen';
@@ -38,14 +34,14 @@
 $_['Create']  = 'Kopiert';
 $_['Delete']  = 'Löschen';
 $_['DELETE']  = 'LÖSCHEN';
-$_['Deleted'] = 'Deleted'; //## NT ##
+$_['Deleted'] = 'Gelöschte';
 $_['Edit']    = 'Bearbeiten';
 $_['Enter']   = 'Eintreten';
-$_['Error']   = 'Error';   //## NT ##
-$_['errors']  = 'errors';  //## NT ##
+$_['Error']   = 'Fehler';
+$_['errors']  = 'Fehler';
 $_['File']    = 'Datei';
 $_['Folder']  = 'Ordner';
-$_['From']    = 'From';    //## NT ##
+$_['From']    = 'Von';
 $_['Hash']    = 'Streuwert';
 $_['Move']    = 'Verschieben';
 $_['Moved']   = 'Verschoben';
@@ -54,35 +50,36 @@
 
 $_['Password']   = 'Passwort';
 $_['Rename']     = 'Umbenennen';
-$_['successful'] = 'successful'; //## NT ##
-$_['To']         = 'To';         //## NT ##
+$_['successful'] = 'Erfolgreich';
+$_['To']         = 'Auf';
 $_['Upload']     = 'Heraufladen';
 $_['Username']   = 'Benutzername';
 $_['Log_In']     = 'Anmelden';
 $_['Log_Out']    = 'Abmelden';
 
-$_['Admin_Options']  = 'Konfiguration Options'; //## NT ##
+$_['Admin_Options']  = 'Konfiguration Optionen';
 $_['Are_you_sure']   = 'Sind Sie sicher?';
 $_['Edit_View']      = 'Datei Bearbeiten / Ansicht';
 $_['Upload_File']    = 'Datei heraufladen';
-$_['New_File']       = 'Datei erstellen';
+$_['New_File']       = 'Neuer Datei';
 $_['Ren_Move']       = 'Umbenennen / Verschieben';
 $_['Ren_Moved']      = 'Umbenannt / Verschoben';
 $_['New_Folder']     = 'Neuer Ordner';
 $_['Ren_Folder']     = 'Ordner umbenennen/verschieben';
+$_['Copy_Folder']    = 'Ordner kopieren';
 $_['Del_Folder']     = 'Ordner löschen';
 $_['Submit']         = 'Anfrage senden';
 $_['Move_Files']     = 'Datei Verschieben';
 $_['Copy_Files']     = 'Datei Kopieren';
 $_['Del_Files']      = 'Datei Löschen';
-$_['Selected_Files'] = 'Selected Files';      //## NT ##
-$_['Select_All']     = 'Select All';          //## NT ##
-$_['Clear_All']      = 'Clear All';           //## NT ##
-$_['New_Location']   = 'New Location';        //## NT ##
-$_['No_files']       = 'No files selected.';  //## NT ##
-$_['No_action']      = 'No action selected.'; //## NT ##
-$_['Not_found']      = 'Not found';           //## NT ##
-$_['pass_to_hash']   = 'Password to hash:';   //## NT ##
+$_['Selected_Files'] = 'Ausgewählte Dateien';
+$_['Select_All']     = 'Alles auswählen';
+$_['Clear_All']      = 'Deaktivieren Sie alle';
+$_['New_Location']   = 'Neuer Ordner';
+$_['No_files']       = 'Keine Dateien ausgewählt.';
+$_['No_action']      = 'Keine Aktion ausgewählt.';
+$_['Not_found']      = 'Nicht gefunden';
+$_['pass_to_hash']   = 'Passwort Streuwert:';
 $_['Generate_Hash']  = 'Streuwert generieren';
 
 $_['save_1']      = 'Speichern';
@@ -90,21 +87,21 @@
 $_['reset']       = 'Zurücksetzen - Änderungen verwerfen';
 $_['Wide_View']   = 'Breitenadaptierte Ansicht';
 $_['Normal_View'] = 'Normale Ansicht';
-$_['Open_View']   = 'Open/View in browser window'; //## NT ##
-
-$_['verify_msg_01']  = 'Sitzung abgelaufen.';
-$_['verify_msg_02']  = 'UNGÜLTIGE DATENSENDUNG';
+$_['Open_View']   = 'Ansicht im Browser-Fenster';
 
+$_['verify_msg_01']     = 'Sitzung abgelaufen.';
+$_['verify_msg_02']     = 'UNGÜLTIGE DATENSENDUNG';
 $_['get_get_msg_01']    = 'Die Datei wurde nicht gefunden:';
 $_['get_get_msg_02']    = 'Invalid page request.';
-$_['check_path_msg_02'] = 'dot" or "dot dot" path segments are not permitted.'; //## NT ##
-$_['check_path_msg_03'] = 'Path or filename contains an invalid character:'; //## NT ##
+$_['check_path_msg_02'] = '"." or ".." Pfadsegmente sind unzulässig.';
+$_['check_path_msg_03'] = 'Order oder Dateiname enthält ein ungültiges Zeichen:';
 $_['ord_msg_01']        = 'Eine Datei mit demselben Namen existiert bereits im Zielverzeichnis.';
 $_['ord_msg_02']        = 'Speichern als';
+$_['rCopy_msg_01']      = 'Ein Ordner kann nicht in einer eigenen Sub-Ordner kopiert werden.';
 $_['show_img_msg_01']   = 'Die Bilddarstellung entspricht ~';
 $_['show_img_msg_02']   = '% der wahren Größe (W x H = ';
 
-$_['hash_txt_01'] = 'The hashes generated by this page may be used to manually update $HASHWORD in OneFileCMS, or in an external config file.  In either case, make sure you remember the password used to generate the hash!'; //## NT ##
+$_['hash_txt_01'] = 'Die Streuwert von dieser Seite erzeugt wird, kann verwendet werden, um manuell zu aktualisieren $ HASHWORD in OneFileCMS, oder in einer externen Konfigurationsdatei werden. In jedem Fall sicher, dass Sie das Kennwort erinnern verwendet, um den Streuwert zu generieren!';
 $_['hash_txt_06'] = 'Tippen Sie das gewünschte Passwort in das Eingabefeld und drücken Sie Enter.';
 $_['hash_txt_07'] = 'Der Streuwert wird in einer gelben Box überhalb angezeigt werden.';
 $_['hash_txt_08'] = 'Kopieren Sie den neuen Streuwert und fügen Sie ihn in den Konfigurationsbereich als Wert der Variable $HASHWORD ein.';
@@ -134,28 +131,28 @@
 $_['edit_txt_03'] = 'htmlspecialchars() gab eine leere Zeichenkette zurück.';
 $_['edit_txt_04'] = 'Das Verhalten kann je nach verwendeter PHP-Version unterschiedlich sein.';
 
-$_['too_large_to_edit_01a'] = 'Bearbeitungsfunktion deaktiviert. Dateigröße > ';
-$_['too_large_to_edit_02']  = 'Einige Browser (wie zum Beispiel der Internet Explorer) bleiben stecken oder werden instabil, sobald größere Textmengen in einer HTML <textarea> bearbeitet werden.';
-$_['too_large_to_edit_03']  = 'Die Einstellung $MAX_EDIT_SIZE im Konfigurationsbereich des OneFileCMS kann nach den Erfordernissen angepaßt werden.';
-$_['too_large_to_edit_04']  = 'Mittels einfachem Trial & Error kann das optimale Limit für einen bestimmten Browser und Computer festgestellt werden.';
-$_['too_large_to_view_01a'] = 'Betrachtungsmodus deaktiviert. Filesize > ';
-$_['too_large_to_view_02']  = 'Klicken Sie auf den Dateinamen überhalb, um die Datei direkt im Browser anzuzeigen.';
-$_['too_large_to_view_03']  = 'Adjustieren Sie die $MAX_VIEW_SIZE im Konfigurationsbereich von OneFileCMS nach Ihren Bedürfnissen.';
-$_['too_large_to_view_04']  = '(The default value for $MAX_VIEW_SIZE is completely arbitrary, and may be adjusted as desired.)'; //## NT ##
-
-$_['meta_txt_01'] = 'Dateigröße: ';
-$_['meta_txt_03'] = 'Zuletzt aktualisiert am/um: ';
-$_['edit_msg_01'] = 'Die Datei wurde gespeichert: ';
+$_['too_large_to_edit_01'] = 'Bearbeiten deaktiviert. Dateigröße >';
+$_['too_large_to_edit_02'] = 'Einige Browser (wie zum Beispiel der Internet Explorer) bleiben stecken oder werden instabil, sobald größere Textmengen in einer HTML <textarea> bearbeitet werden.';
+$_['too_large_to_edit_03'] = 'Die Einstellung $MAX_EDIT_SIZE im Konfigurationsbereich des OneFileCMS kann nach den Erfordernissen angepaßt werden.';
+$_['too_large_to_edit_04'] = 'Mittels einfachem Trial & Error kann das optimale Limit für einen bestimmten Browser und Computer festgestellt werden.';
+$_['too_large_to_view_01'] = 'Betrachtungsmodus deaktiviert. Filesize > ';
+$_['too_large_to_view_02'] = 'Klicken Sie auf den Dateinamen überhalb, um die Datei direkt im Browser anzuzeigen.';
+$_['too_large_to_view_03'] = 'Adjustieren Sie die $MAX_VIEW_SIZE im Konfigurationsbereich von OneFileCMS nach Ihren Bedürfnissen.';
+$_['too_large_to_view_04'] = '(The default value for $MAX_VIEW_SIZE is completely arbitrary, and may be adjusted as desired.)'; //## NT ##
+
+$_['meta_txt_01'] = 'Dateigröße:';
+$_['meta_txt_03'] = 'Aktualisiert:';
+$_['edit_msg_01'] = 'Die Datei wurde gespeichert:';
 $_['edit_msg_02'] = 'Bytes geschrieben.';
 $_['edit_msg_03'] = 'Bei dem Versuch die Datei zu speichern trat ein Fehler auf.';
 
 $_['upload_txt_03']  = 'Anmerkung: Die maximale Dateigröße für das Heraufladen von Dateien beträgt: ';
 $_['upload_txt_01']  = '  per upload_max_filesize in php.ini.';
-$_['upload_txt_04']  = 'Maximum total upload size:'; //## NT ##
-$_['upload_txt_02']  = 'per post_max_size in php.ini'; //## NT ##
+$_['upload_txt_04']  = 'Maximale Gesamt Upload-Größe:';
+$_['upload_txt_02']  = 'pro post_max_size in der php.ini';
 
-$_['upload_err_01']  = 'Error 1: File too large. From php.ini:'; //## NT ##
-$_['upload_err_02']  = 'Error 2: File too large. (MAX_FILE_SIZE HTML form element)'; //## NT ##
+$_['upload_err_01']  = 'Error 1: Datei zu groß. Von php.ini:';
+$_['upload_err_02']  = 'Error 2: Datei zu groß. (MAX_FILE_SIZE HTML form element)';
 $_['upload_err_03']  = 'Fehler 3: Die Datei wurde nur teilweise heraufgeladen.';
 $_['upload_err_04']  = 'Fehler 4: Es wurde keine Datei heraufgeladen.';
 $_['upload_err_05']  = 'Fehler 5:';
@@ -180,17 +177,13 @@
 $_['new_file_msg_07'] = 'Ordner erstellt:';
 
 $_['CRM_txt_02']  = 'Der neue Ort muss bereits existieren.';
-$_['CRM_txt_03']  = 'Alter Name und Zielort';
 $_['CRM_txt_04']  = 'Neuer Name';
 $_['CRM_msg_01']  = ' Fehler - der neue Zielort besteht nicht:';
 $_['CRM_msg_02']  = ' Fehler - die Quelldatei besteht nicht:';
 $_['CRM_msg_03']  = ' Fehler - die Zieldatei besteht bereits:';
-$_['CRM_msg_05']  = 'Error during'; //## NT ##
-
-$_['delete_msg_01'] = 'Gelöschte Datei:';
-$_['delete_msg_02'] = 'Während des Löschvorgangs trat ein Fehler auf ';
-$_['delete_folder_msg_03'] = 'während des Löschvorgangs trat ein Fehler auf.';
+$_['CRM_msg_05']  = 'Fehler bei der';
 
+$_['delete_msg_03']   = 'Fehler löschen:';
 $_['session_warning'] = 'Achtung: Die sitzung wird ende bald!';
 $_['session_expired'] = 'SITZUNG ABGELAUFEN';
 $_['unload_unsaved']  = '               Nicht gespeicherte Änderungen gehen verloren!';
@@ -214,8 +207,6 @@
 $_['admin_txt_00'] = 'Alte Sicherung gefunden';
 $_['admin_txt_01'] = 'Diese Datei wurde erstellt, da es während der Änderung des Passwortes oder des Benutzernamens zu einem Fehler gekommen ist. Diese Datei enthält somit eventuell veraltete Informationen und kann gelöscht werden, sofern sie nicht weiter von Ihnen benötigt wird.';
 $_['admin_txt_02'] = 'Allgemeine Information';
-$_['admin_txt_04'] = 'Seit der Version 3.3.13 werden Passwörter in OneFileCMS nicht länger als Klartext gespeichert, sondern nur noch als Hash-Werte.';
-$_['admin_txt_12'] = 'Bitte denken Sie daran, dass es sich hierbei großteils um eine akademische Übung handelt. Die Verwendung eines Streuwerts trägt viel zur Sicherheit bei und erlaubt Ihnen, das Passwort nicht in Klarschrift speichern zu müssen.';
 $_['admin_txt_14'] = 'Eine weitere, kleine Sicherheitsvorkehrung wäre, das Salz oder die Methode für die Streuwertgenerierung von OneFileCMS zu ändern.';
 $_['admin_txt_16'] = 'Sie können auch OneFileCMS selbst bearbeiten.  Legen Sie aber sicherheitshalber eine Kopie an, falls es zu einem unerwünschten Schreibfehler kommt...';
 
@@ -236,8 +227,8 @@
 $_['change_pw_02'] = 'Passwort wurde nicht geändert:';
 $_['change_pw_03'] = 'Falsches (derzeitiges) Passwort. Bitte melden Sie sich an, um es erneut zu versuchen.';
 $_['change_pw_04'] = 'Die Werte der Felder "Neu" und "Bestätigen" gleichen sich nicht.';
-$_['change_pw_05'] = 'Updating';                                        //## NT ##
-$_['change_pw_06'] = 'external config file';                            //## NT ##
+$_['change_pw_05'] = 'Aktualisierung';
+$_['change_pw_06'] = 'Externe Konfigurationsdatei';
 
 $_['un_change']     = 'Benutzername ändern';
 $_['un_new']        = 'Neuer Benutzername';
@@ -245,7 +236,7 @@
 $_['change_un_01']  = 'Benutzername wurde geändert!';
 $_['change_un_02']  = 'Benutzername wurde nicht geändert:';
 $_['update_failed'] = 'Aktualisierung fehlgeschlagen - die Datei konnte nicht gespeichert werden.';
-$_['mcd_msg_01']    = 'files moved.';             //## NT ##
-$_['mcd_msg_02']    = 'files copied.';            //## NT ##
-$_['mcd_msg_03']    = 'files deleted.';           //## NT ##
+$_['mcd_msg_01']    = 'Dateien verschoben.';
+$_['mcd_msg_02']    = 'Dateien kopiert.';
+$_['mcd_msg_03']    = 'Dateien gelöscht.';
 
diff --git a/OneFileCMS.LANG.EN.php b/OneFileCMS.LANG.EN.php
index 710fe02..47e74df 100755
--- a/OneFileCMS.LANG.EN.php
+++ b/OneFileCMS.LANG.EN.php
@@ -1,5 +1,5 @@
 <?php
-// OneFileCMS Language Settings v3.4.07
+// OneFileCMS Language Settings v3.4.10
 
 $_['LANGUAGE'] = 'English'; //EN
 $_['LANG'] = 'EN';
@@ -16,19 +16,15 @@
 // In some instances, some langauges may use significantly longer words or phrases than others.
 // So, a smaller font or less spacing may be desirable in those places to preserve page layout.
 //
-$_['front_links_font_size'] = '1em';    //Buttons on Index page.
-$_['front_links_margin_R']  = '1em';
-$_['button_font_size']      = '.9em';   //Buttons on Edit page.
-$_['button_margin_L']       = '.7em';
-$_['button_padding']        = '4px 10px';
-$_['image_info_font_size']  = '1em';    //show_img_msg_01  &  _02
-$_['image_info_pos']        = '';       //If 1 or true, moves the info down a line for more space.
-$_['select_all_label_size'] = '.84em';  //Font size of $_['Select_All']
-$_['select_all_div_width']  = '71px';   //Width of space for $_['Select_All']
-
-$_['R'] = 'R'; //R ename
-$_['C'] = 'C'; //C opy
-$_['D'] = 'D'; //D elete
+$_['front_links_font_size']  = '1.0em';  //Buttons on Index page.
+$_['front_links_margin_L']   = '1.0em';
+$_['button_font_size']       = '0.9em';  //Buttons on Edit page.
+$_['button_margin_L']        = '0.7em';
+$_['button_padding']         = '4px 10px';
+$_['image_info_font_size']   = '1em';    //show_img_msg_01  &  _02
+$_['image_info_pos']         = '';       //If 1 or true, moves the info down a line for more space.
+$_['select_all_label_size']  = '.84em';  //Font size of $_['Select_All']
+$_['select_all_label_width'] = '76px';   //Width of space for $_['Select_All']
 
 $_['Admin']   = 'Admin';
 $_['Cancel']  = 'Cancel';
@@ -41,7 +37,7 @@
 $_['Deleted'] = 'Deleted';
 $_['Edit']    = 'Edit';
 $_['Enter']   = 'Enter';
-$_['Error']   = 'Error';   //####
+$_['Error']   = 'Error';
 $_['errors']  = 'errors';
 $_['File']    = 'File';
 $_['Folder']  = 'Folder';
@@ -62,7 +58,7 @@
 $_['Log_Out']    = 'Log Out';
 
 $_['Admin_Options']  = 'Administration Options';
-$_['Are_you_sure']   = 'Are you sure?';       //####
+$_['Are_you_sure']   = 'Are you sure?';
 $_['Edit_View']      = 'Edit / View';
 $_['Upload_File']    = 'Upload File';
 $_['New_File']       = 'New File';
@@ -70,12 +66,13 @@
 $_['Ren_Moved']      = 'Renamed / Moved';
 $_['New_Folder']     = 'New Folder';
 $_['Ren_Folder']     = 'Rename / Move Folder';
+$_['Copy_Folder']    = 'Copy Folder';
 $_['Del_Folder']     = 'Delete Folder';
 $_['Submit']         = 'Submit Request';
 $_['Move_Files']     = 'Move File(s)';
 $_['Copy_Files']     = 'Copy File(s)';
 $_['Del_Files']      = 'Delete File(s)';
-$_['Selected_Files'] = 'Selected Files';
+$_['Selected_Files'] = 'Selected Folders and Files';
 $_['Select_All']     = 'Select All';
 $_['Clear_All']      = 'Clear All';
 $_['New_Location']   = 'New Location';
@@ -90,17 +87,17 @@
 $_['reset']       = 'Reset - loose changes';
 $_['Wide_View']   = 'Wide View';
 $_['Normal_View'] = 'Normal View';
-$_['Open_View']   = 'Open/View in browser window'; //####
-
-$_['verify_msg_01']  = 'Session expired.';
-$_['verify_msg_02']  = 'INVALID POST';
+$_['Open_View']   = 'Open/View in browser window';
 
+$_['verify_msg_01']     = 'Session expired.';
+$_['verify_msg_02']     = 'INVALID POST';
 $_['get_get_msg_01']    = 'File does not exist:';
 $_['get_get_msg_02']    = 'Invalid page request:';
-$_['check_path_msg_02'] = 'dot" or "dot dot" path segments are not permitted.'; //####
-$_['check_path_msg_03'] = 'Path or filename contains an invalid character:'; //####
+$_['check_path_msg_02'] = '"dot" or "dot dot" path segments are not permitted.';
+$_['check_path_msg_03'] = 'Path or filename contains an invalid character:';
 $_['ord_msg_01']        = 'A file with that name already exists in the target directory.';
 $_['ord_msg_02']        = 'Saving as';
+$_['rCopy_msg_01']      = 'A folder can not be copied into one of its own sub-folders.';
 $_['show_img_msg_01']   = 'Image shown at ~';
 $_['show_img_msg_02']   = '% of full size (W x H =';
 
@@ -134,14 +131,14 @@
 $_['edit_txt_03'] = 'htmlspecialchars() returned an empty string from what may be an otherwise valid file.';
 $_['edit_txt_04'] = 'This behavior can be inconsistant from version to version of php.';
 
-$_['too_large_to_edit_01a'] = 'Edit disabled. Filesize >';
-$_['too_large_to_edit_02']  = 'Some browsers (ie: IE) bog down or become unstable while editing a large file in an HTML <textarea>.';
-$_['too_large_to_edit_03']  = 'Adjust $MAX_EDIT_SIZE in the configuration section of OneFileCMS as needed.';
-$_['too_large_to_edit_04']  = 'A simple trial and error test can determine a practical limit for a given browser/computer.';
-$_['too_large_to_view_01a'] = 'View disabled. Filesize >';
-$_['too_large_to_view_02']  = 'Click the file name above to view as normally rendered in a browser window.';
-$_['too_large_to_view_03']  = 'Adjust $MAX_VIEW_SIZE in the configuration section of OneFileCMS as needed.';
-$_['too_large_to_view_04']  = '(The default value for $MAX_VIEW_SIZE is completely arbitrary, and may be adjusted as desired.)';
+$_['too_large_to_edit_01'] = 'Edit disabled. Filesize >';
+$_['too_large_to_edit_02'] = 'Some browsers (ie: IE) bog down or become unstable while editing a large file in an HTML <textarea>.';
+$_['too_large_to_edit_03'] = 'Adjust $MAX_EDIT_SIZE in the configuration section of OneFileCMS as needed.';
+$_['too_large_to_edit_04'] = 'A simple trial and error test can determine a practical limit for a given browser/computer.';
+$_['too_large_to_view_01'] = 'View disabled. Filesize >';
+$_['too_large_to_view_02'] = 'Click the file name above to view as normally rendered in a browser window.';
+$_['too_large_to_view_03'] = 'Adjust $MAX_VIEW_SIZE in the configuration section of OneFileCMS as needed.';
+$_['too_large_to_view_04'] = '(The default value for $MAX_VIEW_SIZE is completely arbitrary, and may be adjusted as desired.)';
 
 $_['meta_txt_01'] = 'Filesize:';
 $_['meta_txt_03'] = 'Updated:';
@@ -149,13 +146,13 @@
 $_['edit_msg_02'] = 'bytes written.';
 $_['edit_msg_03'] = 'There was an error saving file.';
 
-$_['upload_txt_03']  = 'Maximum size of each file:'; //####
-$_['upload_txt_01']  = '(per upload_max_filesize in php.ini)'; //####
-$_['upload_txt_04']  = 'Maximum total upload size:'; //####
-$_['upload_txt_02']  = '(per post_max_size in php.ini)'; //####
+$_['upload_txt_03']  = 'Maximum size of each file:';
+$_['upload_txt_01']  = '(upload_max_filesize in php.ini)';
+$_['upload_txt_04']  = 'Maximum total upload size:';
+$_['upload_txt_02']  = '(post_max_size in php.ini)';
 
-$_['upload_err_01']  = 'Error 1: File too large. From php.ini:'; //####
-$_['upload_err_02']  = 'Error 2: File too large. (MAX_FILE_SIZE HTML form element)'; //####
+$_['upload_err_01']  = 'Error 1: File too large. From php.ini:';
+$_['upload_err_02']  = 'Error 2: File too large. (Exceeds MAX_FILE_SIZE HTML form element)';
 $_['upload_err_03']  = 'Error 3: The uploaded file was only partially uploaded.';
 $_['upload_err_04']  = 'Error 4: No file was uploaded.';
 $_['upload_err_05']  = 'Error 5:';
@@ -164,33 +161,29 @@
 $_['upload_err_08']  = 'Error 8: A PHP extension stopped the file upload.';
 
 $_['upload_msg_01'] = 'No file selected for upload.';
-$_['upload_msg_02'] = 'Destination folder invalid:'; //####
+$_['upload_msg_02'] = 'Destination folder invalid:';
 $_['upload_msg_03'] = 'Upload cancelled.';
 $_['upload_msg_04'] = 'Uploading:';
 $_['upload_msg_05'] = 'Upload successful!';
 $_['upload_msg_06'] = 'Upload failed:';
 
-$_['new_file_txt_01'] = 'File or Folder will be created in the current folder.'; //####
+$_['new_file_txt_01'] = 'File or Folder will be created in the current folder.';
 $_['new_file_txt_02'] = 'Some invalid characters are:';
-$_['new_file_msg_01'] = 'File or folder not created:'; //####
-$_['new_file_msg_02'] = 'Name contains an invalid character:'; //####
-$_['new_file_msg_03'] = 'Not created - no name given'; //####
-$_['new_file_msg_04'] = 'File or folder already exists:'; //####
+$_['new_file_msg_01'] = 'File or folder not created:';
+$_['new_file_msg_02'] = 'Name contains an invalid character:';
+$_['new_file_msg_03'] = 'Not created - no name given';
+$_['new_file_msg_04'] = 'File or folder already exists:';
 $_['new_file_msg_05'] = 'Created file:';
-$_['new_file_msg_07'] = 'Created folder:'; //####
+$_['new_file_msg_07'] = 'Created folder:';
 
 $_['CRM_txt_02']  = 'The new location must already exist.';
-$_['CRM_txt_03']  = 'Old Name and Location'; //####
 $_['CRM_txt_04']  = 'New Name';
 $_['CRM_msg_01']  = 'Error - new parent location does not exist:';
 $_['CRM_msg_02']  = 'Error - source file does not exist:';
-$_['CRM_msg_03']  = 'Error - new file or folder already exists:'; //####
+$_['CRM_msg_03']  = 'Error - new file or folder already exists:';
 $_['CRM_msg_05']  = 'Error during';
 
-$_['delete_msg_01'] = 'Deleted file:';
-$_['delete_msg_02'] = 'Error deleting';
-$_['delete_folder_msg_03'] = 'Delete error:'; //####
-
+$_['delete_msg_03']   = 'Delete error:';
 $_['session_warning'] = 'Warning: Session timeout soon!';
 $_['session_expired'] = 'SESSION EXPIRED';
 $_['unload_unsaved']  = ' Unsaved changes will be lost!';
@@ -214,10 +207,8 @@
 $_['admin_txt_00'] = 'Old Backup Found';
 $_['admin_txt_01'] = 'A backup file was created in case of an error during a username or password change. Therefore, it may contain old information and should be deleted if not needed. In any case, it will automatically be overwritten on the next password or username change.';
 $_['admin_txt_02'] = 'General Information';
-$_['admin_txt_04'] = 'As of version 3.3.13, OneFileCMS no longer maintains a plain text password option, and only stores a password hash, as most login systems do.';
-$_['admin_txt_12'] = 'However, due to a number of considerations, this change was largely an academic exersize. That is, in this application, take the idea that it adds much of an improvement to security with a grain of cryptographic salt. Never-the-less, it does eliminate the storage of your password in plain text (if that option was used), which is generally considered to be a good thing.';
-$_['admin_txt_14'] = 'For another small improvement to security, change the default salt and/or method used by OneFileCMS to hash the password (and keep them secret, of course). Every little bit helps...';
-$_['admin_txt_16'] = 'Also, you can still use OneFileCMS to edit itself. However, be sure to have a backup ready for the inevitable ytpo...';
+$_['admin_txt_14'] = 'For a small improvement to security, change the default salt and/or method used by OneFileCMS to hash the password (and keep them secret, of course). Every little bit helps...'; //####
+$_['admin_txt_16'] = 'OneFileCMS can be used to edit itself.  However, be sure to have a backup ready for the inevitable ytpo...'; //####
 
 $_['pw_change']  = 'Change Password';
 $_['pw_current'] = 'Current Password';
@@ -225,17 +216,17 @@
 $_['pw_confirm'] = 'Confirm New Password';
 
 $_['pw_txt_02'] = 'Password / Username rules:';
-$_['pw_txt_04'] = 'They are case-sensitive!';
-$_['pw_txt_06'] = 'They must contain at least one non-space character.';
-$_['pw_txt_08'] = 'They may contain spaces in the middle. Ex: "This is a password or username!"';
-$_['pw_txt_10'] = 'Leading and trailing spaces are removed.';
-$_['pw_txt_12'] = 'To record the change, only one file is updated: either the active copy of OneFileCMS, or, if specified, an external configuration file.';
+$_['pw_txt_04'] = 'Case-sensitive: "A" is not "a"';
+$_['pw_txt_06'] = 'Must contain at least one non-space character.';
+$_['pw_txt_08'] = 'May contain spaces in the middle. Ex: "This is a password or username!"';
+$_['pw_txt_10'] = 'Leading and trailing spaces are ignored.';
+$_['pw_txt_12'] = 'In recording the change, only one file is updated: either the active copy of OneFileCMS, or, if specified, an external configuration file.';
 $_['pw_txt_14'] = 'If an incorrect current password is entered, you will be logged out, but you may log back in.';
 
 $_['change_pw_01'] = 'Password changed!';
 $_['change_pw_02'] = 'Password NOT changed:';
 $_['change_pw_03'] = 'Incorrect current password. Login to try again.';
-$_['change_pw_04'] = 'New and "Confirm New" values do not match.';
+$_['change_pw_04'] = '"New" and "Confirm New" values do not match.';
 $_['change_pw_05'] = 'Updating';
 $_['change_pw_06'] = 'external config file';
 
@@ -245,7 +236,7 @@
 $_['change_un_01']  = 'Username changed!';
 $_['change_un_02']  = 'Username NOT changed:';
 $_['update_failed'] = 'Update failed - could not save file.';
-$_['mcd_msg_01']    = 'files moved successfully.';
-$_['mcd_msg_02']    = 'files copied successfully.';
-$_['mcd_msg_03']    = 'files deleted successfully.';
+$_['mcd_msg_01']    = 'files moved.';
+$_['mcd_msg_02']    = 'files copied.';
+$_['mcd_msg_03']    = 'files deleted.';
 
diff --git a/OneFileCMS.LANG.ES.php b/OneFileCMS.LANG.ES.php
index 03bba85..5528df1 100755
--- a/OneFileCMS.LANG.ES.php
+++ b/OneFileCMS.LANG.ES.php
@@ -1,5 +1,5 @@
 <?php
-// OneFileCMS Language Settings v3.4.07
+// OneFileCMS Language Settings v3.4.10
 
 $_['LANGUAGE'] = 'Espanõla';
 $_['LANG'] = 'ES';
@@ -16,19 +16,15 @@
 // In some instances, some langauges may use significantly longer words or phrases than others.
 // So, a smaller font or less spacing may be desirable in those places to preserve page layout.
 //
-$_['front_links_font_size'] = '1em';    //Buttons on Index page.
-$_['front_links_margin_R']  = '.5em';
-$_['button_font_size']      = '.9em';   //Buttons on Edit page.
-$_['button_margin_L']       = '.4em';
-$_['button_padding']        = '4px 5px';
-$_['image_info_font_size']  = '.95em';  //show_img_msg_01  &  _02
-$_['image_info_pos']        = ' ';      //If 1 or true, moves the info down a line for more space.
-$_['select_all_label_size'] = '.84em';  //Font size of $_['Select_All']
-$_['select_all_div_width']  = '73px';   //Width of space for $_['Select_All']
-
-$_['R'] = 'R'; //R enombrar
-$_['C'] = 'C'; //C Copiar
-$_['D'] = 'E'; //E liminar
+$_['front_links_font_size']  = '1.0em';  //Buttons on Index page.
+$_['front_links_margin_L']   = '0.6em';
+$_['button_font_size']       = '0.9em';  //Buttons on Edit page.
+$_['button_margin_L']        = '0.4em';
+$_['button_padding']         = '4px 5px';
+$_['image_info_font_size']   = '.95em';  //show_img_msg_01  &  _02
+$_['image_info_pos']         = ' ';      //If 1 or true, moves the info down a line for more space.
+$_['select_all_label_size']  = '.84em';  //Font size of $_['Select_All']
+$_['select_all_label_width'] = '76px';   //Width of space for $_['Select_All']
 
 $_['Admin']   = 'Administrador';
 $_['Cancel']  = 'Cancelar';
@@ -38,50 +34,51 @@
 $_['Create']  = 'Crear';
 $_['Delete']  = 'Eliminar';
 $_['DELETE']  = 'ELIMINAR';
-$_['Deleted'] = 'Deleted'; //## NT ##
+$_['Deleted'] = 'Eliminado';
 $_['Edit']    = 'Editar';
 $_['Enter']   = 'Entrar';
-$_['Error']   = 'Error';   //## NT ##
-$_['errors']  = 'errors';  //## NT ##
+$_['Error']   = 'Error';
+$_['errors']  = 'errores';
 $_['File']    = 'Archivo';
 $_['Folder']  = 'Carpeta';
-$_['From']    = 'From';    //## NT ##
+$_['From']    = 'de';
 $_['Hash']    = 'Cadena';
 $_['Move']    = 'Mover';
 $_['Moved']   = 'Movido';
 $_['on']      = 'activado';
 $_['bytes']   = 'bytes';
 
-$_['Password']   = 'Password';   //## NT ##
+$_['Password']   = 'contraseña';
 $_['Rename']     = 'Renombrar';
-$_['successful'] = 'successful'; //## NT ##
-$_['To']         = 'To';         //## NT ##
+$_['successful'] = 'exitoso';
+$_['To']         = 'A';
 $_['Upload']     = 'Subir';
-$_['Username']   = 'Username';   //## NT ##
+$_['Username']   = 'Nombre de usuario';
 $_['Log_In']     = 'Iniciar Sesión';
 $_['Log_Out']    = 'Cerrar Sesión';
 
-$_['Admin_Options']  = 'Administration Options'; //## NT ##
-$_['Are_you_sure']   = 'Are you sure?';       //## NT ##
-$_['Edit_View']      = 'Edit / View File';    //## NT ##
+$_['Admin_Options']  = 'Las opciones de configuración';
+$_['Are_you_sure']   = '¿Estás seguro?';
+$_['Edit_View']      = 'Editar / Ver Archivo';
 $_['Upload_File']    = 'Subir Archivo';
 $_['New_File']       = 'Archivo Nuevo';
 $_['Ren_Move']       = 'Renombrar / Mover';
 $_['Ren_Moved']      = 'Renombrado/Movido';
 $_['New_Folder']     = 'Carpeta Nueva';
 $_['Ren_Folder']     = 'Renombrar / Mover Carpeta';
-$_['Del_Folder']     = 'Borrar Carpeta';
-$_['Submit']         = 'Submit Request';      //## NT ##
-$_['Move_Files']     = 'Move File(s)';        //## NT ##
-$_['Copy_Files']     = 'Copy File(s)';        //## NT ##
-$_['Del_Files']      = 'Delete File(s)';      //## NT ##
-$_['Selected_Files'] = 'Selected Files';      //## NT ##
-$_['Select_All']     = 'Select All';          //## NT ##
-$_['Clear_All']      = 'Clear All';           //## NT ##
-$_['New_Location']   = 'New Location';        //## NT ##
-$_['No_files']       = 'No files selected.';  //## NT ##
-$_['No_action']      = 'No action selected.'; //## NT ##
-$_['Not_found']      = 'Not found';           //## NT ##
+$_['Copy_Folder']    = 'Copia la carpeta';
+$_['Del_Folder']     = 'Eliminar carpeta';
+$_['Submit']         = 'Enviar solicitud';
+$_['Move_Files']     = 'Mover archivo(s)';
+$_['Copy_Files']     = 'Copiar archivo(s)';
+$_['Del_Files']      = 'Elimine los archivo(s)';
+$_['Selected_Files'] = 'Los archivos seleccionados';
+$_['Select_All']     = 'Seleccionar todo';
+$_['Clear_All']      = 'Deseleccionar todo';
+$_['New_Location']   = 'Carpeta Nuevo';
+$_['No_files']       = 'No hay archivos seleccionados.';
+$_['No_action']      = 'Ninguna acción seleccionada.';
+$_['Not_found']      = 'No se ha encontrado';
 $_['pass_to_hash']   = 'Contraseña para calcular el hash:';
 $_['Generate_Hash']  = 'Generar Cadena';
 
@@ -90,21 +87,21 @@
 $_['reset']       = 'Reiniciar - perder los cambios';
 $_['Wide_View']   = 'Vista Ampliada';
 $_['Normal_View'] = 'Vista Normal';
-$_['Open_View']   = 'Open/View in browser window'; //## NT ##
-
-$_['verify_msg_01']  = 'Sesión expirada.';
-$_['verify_msg_02']  = 'POST INVÁLIDO';
+$_['Open_View']   = 'Abrir/Ver en la ventana del navegador';
 
+$_['verify_msg_01']     = 'Sesión expirada.';
+$_['verify_msg_02']     = 'POST INVÁLIDO';
 $_['get_get_msg_01']    = 'El archivo no existe:';
-$_['get_get_msg_02']    = 'Invalid page request:'; //## NT ##
-$_['check_path_msg_02'] = 'dot" or "dot dot" path segments are not permitted.'; //## NT ##
-$_['check_path_msg_03'] = 'Path or filename contains an invalid character:'; //## NT ##
+$_['get_get_msg_02']    = 'Solicitud de página no válido:';
+$_['check_path_msg_02'] = '"." or ".." segmentos de carpeta no permitido.';
+$_['check_path_msg_03'] = 'nombre de la carpeta o archivo contiene un carácter no válido:';
 $_['ord_msg_01']        = 'Un archivo con ese mismo nombre ya existe en el directorio asignado.';
 $_['ord_msg_02']        = 'Guardando como';
+$_['rCopy_msg_01']      = 'Una carpeta no se puede copiar en uno de sus propios sub-carpetas.';
 $_['show_img_msg_01']   = 'Imagen mostrada a ~';
 $_['show_img_msg_02']   = '% del tamaño (W x H =';
 
-$_['hash_txt_01'] = 'The hashes generated by this page may be used to manually update $HASHWORD in OneFileCMS, or in an external config file.  In either case, make sure you remember the password used to generate the hash!'; //## NT ##
+$_['hash_txt_01'] = 'Los valores cadena generados por esta página puede ser utilizada para actualizar manualmente $ HASHWORD en OneFileCMS, o en un archivo de configuración externo. En cualquier caso, asegúrese de recordar la contraseña utilizada para generar el cadena!';
 $_['hash_txt_06'] = 'Ingresá la contraseña que quieras en la caja de texto siguiente y presioná enter.';
 $_['hash_txt_07'] = 'La cadena se mostrará en un mensaje amarillo.';
 $_['hash_txt_08'] = 'Copiá y pegá esa cadena a la variable $HASHWORD en la sección de configuración.';
@@ -134,14 +131,14 @@
 $_['edit_txt_03'] = 'htmlspecialchars() devolvió una cadena vacía de lo que debería ser un archivo válido.';
 $_['edit_txt_04'] = 'Este comportamiento puede ser inconsistente de versión a versión de PHP.';
 
-$_['too_large_to_edit_01a'] = 'Edición deshabilita. Tamaño >';
-$_['too_large_to_edit_02']  = 'Algunos navegadores (por ej.: IE) se vuelven inestables cuando se edita un texto largo dentro de un <textarea>.';
-$_['too_large_to_edit_03']  = 'Ajustá la variable $MAX_EDIT_SIZE en la sección de configuración de OneFileCMS como sea necesario.';
-$_['too_large_to_edit_04']  = 'Una simple prueba puede dar con el resultado necesario.';
-$_['too_large_to_view_01a'] = 'Vista deshabilitada. Tamaño >';
-$_['too_large_to_view_02']  = 'Clickeá en el botón de debajo para verlo como se ve normalmente en un navegador.';
-$_['too_large_to_view_03']  = 'Ajustá $MAX_VIEW_SIZE en la sección de configuración de OneFileCMS como sea necesario.';
-$_['too_large_to_view_04']  = '(El valor por defecto para $MAX_VIEW_SIZE es completamente arbitrario, y puede ser ajustado como sea necesario.)';
+$_['too_large_to_edit_01'] = 'Editar desactivado. Tamaño de archivo >';
+$_['too_large_to_edit_02'] = 'Algunos navegadores (por ej.: IE) se vuelven inestables cuando se edita un texto largo dentro de un <textarea>.';
+$_['too_large_to_edit_03'] = 'Ajustá la variable $MAX_EDIT_SIZE en la sección de configuración de OneFileCMS como sea necesario.';
+$_['too_large_to_edit_04'] = 'Una simple prueba puede dar con el resultado necesario.';
+$_['too_large_to_view_01'] = 'Vista deshabilitada. Tamaño >';
+$_['too_large_to_view_02'] = 'Clickeá en el botón de debajo para verlo como se ve normalmente en un navegador.';
+$_['too_large_to_view_03'] = 'Ajustá $MAX_VIEW_SIZE en la sección de configuración de OneFileCMS como sea necesario.';
+$_['too_large_to_view_04'] = '(El valor por defecto para $MAX_VIEW_SIZE es completamente arbitrario, y puede ser ajustado como sea necesario.)';
 
 $_['meta_txt_01'] = 'Tamaño:';
 $_['meta_txt_03'] = 'Actualizado:';
@@ -151,11 +148,11 @@
 
 $_['upload_txt_03']  = 'Nota: El tamaño máximo de subida es de:';
 $_['upload_txt_01']  = 'por upload_max_filesize en php.ini.';
-$_['upload_txt_04']  = 'Maximum total upload size:'; //## NT ##
+$_['upload_txt_04']  = 'El tamaño máximo de carga total de:';
 $_['upload_txt_02']  = 'por post_max_size en php.ini';
 
-$_['upload_err_01']  = 'Error 1: File too large. From php.ini:'; //## NT ##
-$_['upload_err_02']  = 'Error 2: File too large. (MAX_FILE_SIZE HTML form element)'; //## NT ##
+$_['upload_err_01']  = 'Error 1: El archivo es demasiado grande. de php.ini:';
+$_['upload_err_02']  = 'Error 2: El archivo es demasiado grande. (MAX_FILE_SIZE HTML form element)';
 $_['upload_err_03']  = 'Error 3: El archivo se subió sólo parcialmente.';
 $_['upload_err_04']  = 'Error 4: No se subió ningún archivo.';
 $_['upload_err_05']  = 'Error 5: ';
@@ -180,17 +177,13 @@
 $_['new_file_msg_07'] = 'Carpeta creado:';
 
 $_['CRM_txt_02']  = 'La nueva localización debe existir.';
-$_['CRM_txt_03']  = 'Nombre antiguo y Carpeta:';
-$_['CRM_txt_04']  = 'Nuevo nombre:';
+$_['CRM_txt_04']  = 'Nombre Nuevo';
 $_['CRM_msg_01']  = 'Error - la localización padre no existe:';
 $_['CRM_msg_02']  = 'Error - el archivo inicial no existe:';
 $_['CRM_msg_03']  = 'Error - el archivo de objetivo no existe:';
-$_['CRM_msg_05']  = 'Error during'; //## NT ##
-
-$_['delete_msg_01'] = 'Archivo Eliminado:';
-$_['delete_msg_02'] = 'Error eliminando';
-$_['delete_folder_msg_03'] = 'ocurrió un error eliminándola.';
+$_['CRM_msg_05']  = 'Error durante la';
 
+$_['delete_msg_03']   = 'Eliminar error:';
 $_['session_warning'] = 'Advertencia: ¡La sesión terminará pronto!';
 $_['session_expired'] = 'SESIÓN TERMINADA';
 $_['unload_unsaved']  = '                 ¡Los cambios no guardados se perderán!';
@@ -211,41 +204,39 @@
 $_['error_reporting_05'] = 'Unexpected early output';   //## NT ##
 $_['error_reporting_06'] = '(nothing, not even white-space, should have been output yet)'; //## NT ##
 
-$_['admin_txt_00'] = 'Old Backup Found';       //## NT ##
-$_['admin_txt_01'] = 'This file was created in case of an error during a username or password change. Therefore, it may contain old information and should be deleted if not needed.  In any case, it will automatically be overwritten on the next password or username change.';
-$_['admin_txt_02'] = 'General Information';    //## NT ##
-$_['admin_txt_04'] = 'As of version 3.3.13, OneFileCMS no longer maintains a plain text password option, and only stores a password hash, as most login systems do.'; //## NT ##
-$_['admin_txt_12'] = 'However, due to a number of considerations, this change was largely an academic exersize. That is, in this application, take the idea that it adds much of an improvement to security with a grain of cryptographic salt. Never-the-less, it does eliminate the storage of your password in plain text (if that option was used), which is generally considered to be a good thing.'; //## NT ##
+$_['admin_txt_00'] = 'Archivo de copia de seguridad antiguo encontrado.';
+$_['admin_txt_01'] = 'Este archivo se creó en caso de un error durante un cambio de nombre de usuario o contraseña. Por lo tanto, puede contener información antigua y debe ser eliminada si no es necesario. En cualquier caso, automáticamente se sobrescribe en la próxima contraseña o cambiar nombre de usuario.';
+$_['admin_txt_02'] = 'Información general';
 $_['admin_txt_14'] = 'Para otro tip de seguridad, cambiá la llave de seguridad y/o el método usado por OneFileCMS para almacenar la clave (y mantenelo en secreto, obviamente).  Acordate, cada granito ayuda...';
 $_['admin_txt_16'] = 'Podés usar OneFileCMS para editarlo. Sin embargo, asegurate de hacer un backup...';
 
-$_['pw_change']  = 'Change Password';       //## NT ##
-$_['pw_current'] = 'Current Password';      //## NT ##
-$_['pw_new']     = 'New Password';          //## NT ##
-$_['pw_confirm'] = 'Confirm New Password';  //## NT ##
-
-$_['pw_txt_02'] = 'Password / Username rules:'; //## NT ##
-$_['pw_txt_04'] = 'They are case-sensitive!';   //## NT ##
-$_['pw_txt_06'] = 'They must contain at least one non-space character.'; //## NT ##
-$_['pw_txt_08'] = 'They may contain spaces in the middle. Ex: "This is a password or username!"'; //## NT ##
-$_['pw_txt_10'] = 'Leading and trailing spaces are removed.'; //## NT ##
-$_['pw_txt_12'] = 'To record the change, only one file is updated: either the active copy of OneFileCMS, or, if specified, an external configuration file.'; //## NT ##
-$_['pw_txt_14'] = 'If an incorrect current password is entered, you will be logged out, but you may log back in.'; //## NT ##
-
-$_['change_pw_01'] = 'Password changed!';                               //## NT ##
-$_['change_pw_02'] = 'Password NOT changed:';                           //## NT ##
-$_['change_pw_03'] = 'Incorrect current password. Login to try again.'; //## NT ##
-$_['change_pw_04'] = 'New and "Confirm New" values do not match.';      //## NT ##
-$_['change_pw_05'] = 'Updating';                                        //## NT ##
-$_['change_pw_06'] = 'external config file';                            //## NT ##
-
-$_['un_change']     = 'Change Username';                       //## NT ##
-$_['un_new']        = 'New Username';                          //## NT ##
-$_['un_confirm']    = 'Confirm New Username';                  //## NT ##
-$_['change_un_01']  = 'Username changed!';                     //## NT ##
-$_['change_un_02']  = 'Username NOT changed:';                 //## NT ##
-$_['update_failed'] = 'Update failed - could not save file.';  //## NT ##
-$_['mcd_msg_01']    = 'files moved successfully.';             //## NT ##
-$_['mcd_msg_02']    = 'files copied.';                         //## NT ##
-$_['mcd_msg_03']    = 'files deleted.';                        //## NT ##
+$_['pw_change']  = 'Cambiar contraseña';
+$_['pw_current'] = 'Contraseña actual';
+$_['pw_new']     = 'Nueva contraseña';
+$_['pw_confirm'] = 'Confirmar nueva contraseña';
+
+$_['pw_txt_02'] = 'Reglas de contraseña y de usuario:';
+$_['pw_txt_04'] = 'Mayúsculas y minúsculas: "A" is not "a"';
+$_['pw_txt_06'] = 'Debe contener al menos un carácter de espacio no-.';
+$_['pw_txt_08'] = 'Puede contener espacios en el medio. Ejemplo: "Esta es una contraseña o nombre de usuario!""';
+$_['pw_txt_10'] = 'Espacios iniciales y finales son ignorados.';
+$_['pw_txt_12'] = 'En registrando el cambio, sólo un archivo se actualiza: o bien la copia activa de OneFileCMS, o, si se especifica, un archivo de configuración externo.';
+$_['pw_txt_14'] = 'Si una contraseña de corriente incorrecto, que se cerrará la sesión, pero es posible que vuelva a entrar.';
+
+$_['change_pw_01'] = 'ontraseña cambiada!';
+$_['change_pw_02'] = 'Contraseña no se cambia:';
+$_['change_pw_03'] = 'Contraseña actual es incorrecto. Inicie sesión para intentarlo de nuevo.';
+$_['change_pw_04'] = '"Nuevo" y "Confirm New" valores no coinciden.';
+$_['change_pw_05'] = 'Actualización de';
+$_['change_pw_06'] = 'archivo de configuración externo';
+
+$_['un_change']     = 'Cambiar Nombre de usuario';
+$_['un_new']        = 'Nuevo Usuario';
+$_['un_confirm']    = 'Confirme Usuario Nuevo';
+$_['change_un_01']  = 'Nombre cambiado!';
+$_['change_un_02']  = 'Nombre de usuario no cambia:';
+$_['update_failed'] = 'Ha fallado la actualización - no pudo guardar el archivo.';
+$_['mcd_msg_01']    = 'archivos movidos.';
+$_['mcd_msg_02']    = 'archivos copiados.';
+$_['mcd_msg_03']    = 'archivos borrados.';
 
diff --git a/OneFileCMS_structure.txt b/OneFileCMS_structure.txt
index 8cb88d6..46a7986 100755
--- a/OneFileCMS_structure.txt
+++ b/OneFileCMS_structure.txt
@@ -1,4 +1,4 @@
-OneFileCMS Version 3.4.07 structure/layout
+OneFileCMS Version 3.4.10 structure/layout
 
 LICENSE
 
@@ -25,9 +25,10 @@ MISC FUNCTIONS:
 	dir_name()
 	Check_path()
 	is_empty()
-	List_Selected()
+	Sort_Seperate()
 	ordinalize()
 	supports_svg()
+	rCopy()
 	rDel()
 	
 MISC PAGE SECTIONS/FUNCTIONS
@@ -40,28 +41,10 @@ MISC PAGE SECTIONS/FUNCTIONS
 
 	Init_Macros()
 
-SVG ICON FUNCTIONS:
-	svg_icon_ren()
-	svg_icon_copy()
-	svg_icon_del()
-	svg_icon_bin()
-	svg_icon_img()
-	svg_icon_svg()
-	svg_icon_txt_0()
-	svg_icon_txt()
-	svg_icon_htm()
-	svg_icon_php()
-	svg_icon_css()
-	svg_icon_cfg()
-	svg_icon_upload()
-	svg_icon_file_new()
-	svg_icon_file_del()
-	svg_icon_folder_0()
-	svg_icon_folder()
-	svg_icon_folder_new()
-	svg_icon_folder_ren()
-	svg_icon_folder_del()
-	show_icon()
+SVG ICONS
+	Init_ICONS()
+		svg_icon_txt()
+		svg_icon_folder()
 
 PAGE & RESPONSE FUNCTIONS:
 	List_Backup()
@@ -74,8 +57,8 @@ PAGE & RESPONSE FUNCTIONS:
 	Logout()
 	Login_Page()
 	Login_response()
-	Table_of_Files()
 	List_Files()
+	Table_of_Files()
 	Index_Page()
 	Edit_Page_buttons_top()
 	Edit_Page_buttons()
@@ -85,12 +68,11 @@ PAGE & RESPONSE FUNCTIONS:
 	Edit_response()
 	Upload_Page()
 	Upload_response()
-	New_File_or_Folder_Page()
-	New_File_or_Folder_response()
+	New_Page()
+	New_response()
 	Set_Input_width()
 	CRM_Page()
 	CRM_response()
-	Delete_Page()
 	Delete_response()
 	MCD_Page()
 	MCD_response()
diff --git a/onefilecms.php b/onefilecms.php
index e4a0d05..d72aff9 100755
--- a/onefilecms.php
+++ b/onefilecms.php
@@ -1,7 +1,7 @@
 <?php
 // OneFileCMS - github.com/Self-Evident/OneFileCMS
 
-$OFCMS_version = '3.4.08';
+$OFCMS_version = '3.4.10';
 
 /*******************************************************************************
 Copyright © 2009-2012 https://github.com/rocktronica
@@ -35,7 +35,7 @@
 ob_start(); //Catch any early output. Closed prior to page output.
 ini_set('session.use_trans_sid', 0);    //make sure URL supplied SESSID's are not used
 ini_set('session.use_only_cookies', 1); //make sure URL supplied SESSID's are not used
-error_reporting(0); //0 for none, or (E_ALL &~ E_STRICT) for trouble-shooting.
+error_reporting(0); //0 for none, or (E_ALL &~ E_STRICT) for trouble-shooting. 
 ini_set('display_errors', 'off');         //Only turn on for trouble-shooting.
 ini_set('log_errors'    , 'off');         //Only turn on for trouble-shooting.
 ini_set('error_log'     , $_SERVER['SCRIPT_FILENAME'].'.ERROR.log');
@@ -50,11 +50,12 @@
 $config_title = "OneFileCMS";
 
 $USERNAME = "username";
+//$HASHWORD = "a6ca7f88bd5efc706d38047cc5844d2b11f86242c01e0c89a1c656dbe2dd1866"; //"password"
 $HASHWORD = "a6ca7f88bd5efc706d38047cc5844d2b11f86242c01e0c89a1c656dbe2dd1866"; //"password"
 $SALT     = 'somerandomsalt';
 
 //$LANGUAGE_FILE = "OneFileCMS.LANG.EN.php"; //Filename of language settings.
-				//Path is relative to OneFileCMS. If file is not found, the built-in default will be used.
+				//Path is relative to OneFileCMS. If file is not found, the built-in defaults will be used.
 
 $MAX_ATTEMPTS  = 3;   //Max failed login attempts before LOGIN_DELAY starts.
 $LOGIN_DELAY   = 10;  //In seconds.
@@ -64,28 +65,29 @@
 $MAIN_WIDTH    = '810px'; //Width of main <div> defining page layout.
 $WIDE_VIEW_WIDTH = '97%'; //Width to set Edit page if [Wide View] is clicked
 
-$MAX_IMG_W   = 810;  //Max width to display images. (page container = 810)
+$MAX_IMG_W   = 810;  //Max width to display images. (main width is 810)
 $MAX_IMG_H   = 1000; //Max height.  I don't know, it just looks reasonable.
 
 $MAX_EDIT_SIZE = 150000;  // Edit gets flaky with large files in some browsers.  Trial and error your's.
 $MAX_VIEW_SIZE = 1000000; // If file > $MAX_EDIT_SIZE, don't even view in OneFileCMS.
                           // The default max view size is completely arbitrary. Basically, it was 2am and seemed like a good idea at the time.
 
-$UPLOAD_FIELDS = 4; //Number of upload fields on Upload File(s) page.
+$UPLOAD_FIELDS = 4; //Number of upload fields on Upload File(s) page. Max value is ini_get('max_file_uploads').
 
 $config_favicon   = "favicon.ico"; //Path is relative to root of website.
 $config_excluded  = ""; //files to exclude from directory listings- CaSe sEnsaTive!
 
-$config_etypes = "html,htm,xhtml,php,css,js,txt,text,cfg,conf,ini,csv,svg,log,htaccess"; //Editable file types.
+$config_etypes = "html,htm,xhtml,php,pl,css,js,txt,text,cfg,conf,ini,csv,svg,log,htaccess"; //Editable file types.
 $config_stypes = "*"; // Shown types; only files of the given types should show up in the file-listing
-	// Use $config_stypes exactly like $config_etypes (list of extensions separated by semicolons).
-	// If $config_stypes is set to null - by intention or by error - OFCMS will only display folders.
-	// If $config_stypes is set to the *-wildcard (as per default), all files will show up.
+	// Use $config_stypes exactly like $config_etypes (list of extensions separated by commas).
+	// If $config_stypes is set to null - by intention or by error - only folders will be shown.
+	// If $config_stypes is set to the *-wildcard (the default), all files will show up.
 	// If $config_stypes is set to "html,htm" for example, only file with the extension "html" or "htm" will get listed.
 
 $config_itypes = "jpg,gif,png,bmp,ico"; //image types to display on edit page.
-$config_ftypes = "bin,jpg,gif,png,bmp,ico,svg,txt,cvs,css,php,ini,cfg,conf,asp,js ,htm,html,htaccess"; // _ftype & _fclass must have same
-$config_fclass = "bin,img,img,img,img,img,svg,txt,txt,css,php,txt,cfg,cfg ,txt,txt,htm,htm ,txt";      // number of values. bin is default.
+// _ftypes & _fclass must have same number of values. bin is default.
+$config_ftypes = "bin,z,gz,7z,zip,jpg,gif,png,bmp,ico,svg,txt,cvs,css,php,pl ,ini,cfg,conf,asp,js ,htm,html,htaccess";
+$config_fclass = "bin,z,z ,z ,z  ,img,img,img,img,img,svg,txt,txt,css,php,txt,txt,cfg,cfg ,txt,txt,htm,htm ,txt";
 
 $EX = '<b>( ! )</b> '; //EXclaimation point "icon" Used in $message's
 
@@ -107,7 +109,7 @@
 
 //If there is one, include external config file.
 if ( isset($config_file) && is_file($config_file) ) { include($config_file); }
-else { $config_file = '';} //needs set further down.
+else { $config_file = '';} //If not found, clear it.
 
 
 //Requires PHP 5.1, due to changes in some functions.
@@ -127,7 +129,7 @@
 
 ini_set('session.gc_maxlifetime', $MAX_IDLE_TIME + 100); //in case the default is less.
 
-$ONESCRIPT = URLencode_path($_SERVER["SCRIPT_NAME"]); //Used for ULR's
+$ONESCRIPT = URLencode_path($_SERVER["SCRIPT_NAME"]); //Used for URL's
 $DOC_ROOT  = $_SERVER["DOCUMENT_ROOT"].'/';
 $WEB_ROOT  = URLencode_path(basename($DOC_ROOT)).'/';
 $WEBSITE   = $_SERVER["HTTP_HOST"].'/';
@@ -145,7 +147,6 @@
 $VALID_PAGES = array("login","logout","admin","hash","changepw","changeun","index","edit","upload","uploaded","newfile","renamefile","copyfile","deletefile","deletefolder","newfolder","renamefolder","copyfolder","mcdaction");
 
 $INVALID_CHARS = '< > ? * : " | / \\'; //Illegal characters for file/folder names.  Space deliminated.
-$INVALID_CHARS_array = explode(' ', $INVALID_CHARS); //for use in has_invalid_char().
 $WHSPC_SLASH = "\x00..\x20/";  //Whitespace & forward slash. For trimming name inputs.
 
 //Make arrays out of a few $config_variables for actual use later.
@@ -172,7 +173,7 @@ function hte($input) { return htmlentities($input, ENT_QUOTES, 'UTF-8'); }//end
 
 function Default_Language() { // ***********************************************
 	global $_;
-// OneFileCMS Language Settings v3.4.06
+// OneFileCMS Language Settings v3.4.10
 
 $_['LANGUAGE'] = 'English'; //EN
 $_['LANG'] = 'EN';
@@ -189,18 +190,15 @@ function Default_Language() { // ***********************************************
 // In some instances, some langauges may use significantly longer words or phrases than others.
 // So, a smaller font or less spacing may be desirable in those places to preserve page layout.
 //
-$_['front_links_font_size'] = '1em';    //Buttons on Index page.
-$_['front_links_margin_R']  = '1em';
-$_['button_font_size']      = '.9em';   //Buttons on Edit page.
-$_['button_margin_L']       = '.7em';
-$_['button_padding']        = '4px 10px';
-$_['image_info_font_size']  = '1em';    //show_img_msg_01  &  _02
-$_['image_info_pos']        = '';       //If 1 or true, moves the info down a line for more space.
-$_['select_all_label_size'] = '.84em';  //Font size of $_['Select_All']
-$_['select_all_div_width']  = '71px';   //Width of space for $_['Select_All']
-$_['R'] = 'R'; //R ename
-$_['C'] = 'C'; //C opy
-$_['D'] = 'D'; //D elete
+$_['front_links_font_size']  = '1.0em';  //Buttons on Index page.
+$_['front_links_margin_L']   = '1.0em';
+$_['button_font_size']       = '0.9em';  //Buttons on Edit page.
+$_['button_margin_L']        = '0.7em';
+$_['button_padding']         = '4px 10px';
+$_['image_info_font_size']   = '1em';    //show_img_msg_01  &  _02
+$_['image_info_pos']         = '';       //If 1 or true, moves the info down a line for more space.
+$_['select_all_label_size']  = '.84em';  //Font size of $_['Select_All']
+$_['select_all_label_width'] = '72px';   //Width of space for $_['Select_All']
 $_['Admin']   = 'Admin';
 $_['Cancel']  = 'Cancel';
 $_['Close']   = 'Close';
@@ -212,7 +210,7 @@ function Default_Language() { // ***********************************************
 $_['Deleted'] = 'Deleted';
 $_['Edit']    = 'Edit';
 $_['Enter']   = 'Enter';
-$_['Error']   = 'Error';   //####
+$_['Error']   = 'Error';
 $_['errors']  = 'errors';
 $_['File']    = 'File';
 $_['Folder']  = 'Folder';
@@ -231,7 +229,7 @@ function Default_Language() { // ***********************************************
 $_['Log_In']     = 'Log In';
 $_['Log_Out']    = 'Log Out';
 $_['Admin_Options']  = 'Administration Options';
-$_['Are_you_sure']   = 'Are you sure?';       //####
+$_['Are_you_sure']   = 'Are you sure?';
 $_['Edit_View']      = 'Edit / View';
 $_['Upload_File']    = 'Upload File';
 $_['New_File']       = 'New File';
@@ -239,13 +237,13 @@ function Default_Language() { // ***********************************************
 $_['Ren_Moved']      = 'Renamed / Moved';
 $_['New_Folder']     = 'New Folder';
 $_['Ren_Folder']     = 'Rename / Move Folder';
-$_['Copy_Folder']    = 'Copy Folder';  //####
+$_['Copy_Folder']    = 'Copy Folder';
 $_['Del_Folder']     = 'Delete Folder';
 $_['Submit']         = 'Submit Request';
 $_['Move_Files']     = 'Move File(s)';
 $_['Copy_Files']     = 'Copy File(s)';
 $_['Del_Files']      = 'Delete File(s)';
-$_['Selected_Files'] = 'Selected Files';
+$_['Selected_Files'] = 'Selected Folders and Files';
 $_['Select_All']     = 'Select All';
 $_['Clear_All']      = 'Clear All';
 $_['New_Location']   = 'New Location';
@@ -259,15 +257,16 @@ function Default_Language() { // ***********************************************
 $_['reset']       = 'Reset - loose changes';
 $_['Wide_View']   = 'Wide View';
 $_['Normal_View'] = 'Normal View';
-$_['Open_View']   = 'Open/View in browser window'; //####
-$_['verify_msg_01']  = 'Session expired.';
-$_['verify_msg_02']  = 'INVALID POST';
+$_['Open_View']   = 'Open/View in browser window';
+$_['verify_msg_01']     = 'Session expired.';
+$_['verify_msg_02']     = 'INVALID POST';
 $_['get_get_msg_01']    = 'File does not exist:';
 $_['get_get_msg_02']    = 'Invalid page request:';
-$_['check_path_msg_02'] = 'dot" or "dot dot" path segments are not permitted.'; //####
-$_['check_path_msg_03'] = 'Path or filename contains an invalid character:'; //####
+$_['check_path_msg_02'] = '"dot" or "dot dot" path segments are not permitted.';
+$_['check_path_msg_03'] = 'Path or filename contains an invalid character:';
 $_['ord_msg_01']        = 'A file with that name already exists in the target directory.';
 $_['ord_msg_02']        = 'Saving as';
+$_['rCopy_msg_01']      = 'A folder can not be copied into one of its own sub-folders.';
 $_['show_img_msg_01']   = 'Image shown at ~';
 $_['show_img_msg_02']   = '% of full size (W x H =';
 $_['hash_txt_01'] = 'The hashes generated by this page may be used to manually update $HASHWORD in OneFileCMS, or in an external config file.  In either case, make sure you remember the password used to generate the hash!';
@@ -296,56 +295,52 @@ function Default_Language() { // ***********************************************
 $_['edit_txt_02'] = 'File possibly contains an invalid character. Edit and view disabled.';
 $_['edit_txt_03'] = 'htmlspecialchars() returned an empty string from what may be an otherwise valid file.';
 $_['edit_txt_04'] = 'This behavior can be inconsistant from version to version of php.';
-$_['too_large_to_edit_01a'] = 'Edit disabled. Filesize >';
-$_['too_large_to_edit_02']  = 'Some browsers (ie: IE) bog down or become unstable while editing a large file in an HTML <textarea>.';
-$_['too_large_to_edit_03']  = 'Adjust $MAX_EDIT_SIZE in the configuration section of OneFileCMS as needed.';
-$_['too_large_to_edit_04']  = 'A simple trial and error test can determine a practical limit for a given browser/computer.';
-$_['too_large_to_view_01a'] = 'View disabled. Filesize >';
-$_['too_large_to_view_02']  = 'Click the file name above to view as normally rendered in a browser window.';
-$_['too_large_to_view_03']  = 'Adjust $MAX_VIEW_SIZE in the configuration section of OneFileCMS as needed.';
-$_['too_large_to_view_04']  = '(The default value for $MAX_VIEW_SIZE is completely arbitrary, and may be adjusted as desired.)';
+$_['too_large_to_edit_01'] = 'Edit disabled. Filesize >';
+$_['too_large_to_edit_02'] = 'Some browsers (ie: IE) bog down or become unstable while editing a large file in an HTML <textarea>.';
+$_['too_large_to_edit_03'] = 'Adjust $MAX_EDIT_SIZE in the configuration section of OneFileCMS as needed.';
+$_['too_large_to_edit_04'] = 'A simple trial and error test can determine a practical limit for a given browser/computer.';
+$_['too_large_to_view_01'] = 'View disabled. Filesize >';
+$_['too_large_to_view_02'] = 'Click the file name above to view as normally rendered in a browser window.';
+$_['too_large_to_view_03'] = 'Adjust $MAX_VIEW_SIZE in the configuration section of OneFileCMS as needed.';
+$_['too_large_to_view_04'] = '(The default value for $MAX_VIEW_SIZE is completely arbitrary, and may be adjusted as desired.)';
 $_['meta_txt_01'] = 'Filesize:';
 $_['meta_txt_03'] = 'Updated:';
 $_['edit_msg_01'] = 'File saved:';
 $_['edit_msg_02'] = 'bytes written.';
 $_['edit_msg_03'] = 'There was an error saving file.';
-$_['upload_txt_03']  = 'Maximum size of each file:';             //####
-$_['upload_txt_01']  = '(per upload_max_filesize in php.ini)';   //####
-$_['upload_txt_04']  = 'Maximum total upload size:';             //####
-$_['upload_txt_02']  = '(per post_max_size in php.ini)';         //####
-$_['upload_err_01']  = 'Error 1: File too large. From php.ini:'; //####
-$_['upload_err_02']  = 'Error 2: File too large. (MAX_FILE_SIZE HTML form element)'; //####
-$_['upload_err_03']  = 'Error 3: The uploaded file was only partially uploaded.';
-$_['upload_err_04']  = 'Error 4: No file was uploaded.';
-$_['upload_err_05']  = 'Error 5:';
-$_['upload_err_06']  = 'Error 6: Missing a temporary folder.';
-$_['upload_err_07']  = 'Error 7: Failed to write file to disk.';
-$_['upload_err_08']  = 'Error 8: A PHP extension stopped the file upload.';
+$_['upload_txt_03'] = 'Maximum size of each file:';
+$_['upload_txt_01'] = '(upload_max_filesize in php.ini)';
+$_['upload_txt_04'] = 'Maximum total upload size:';
+$_['upload_txt_02'] = '(post_max_size in php.ini)';
+$_['upload_err_01'] = 'Error 1: File too large. From php.ini:';
+$_['upload_err_02'] = 'Error 2: File too large. (Exceeds MAX_FILE_SIZE HTML form element)';
+$_['upload_err_03'] = 'Error 3: The uploaded file was only partially uploaded.';
+$_['upload_err_04'] = 'Error 4: No file was uploaded.';
+$_['upload_err_05'] = 'Error 5:';
+$_['upload_err_06'] = 'Error 6: Missing a temporary folder.';
+$_['upload_err_07'] = 'Error 7: Failed to write file to disk.';
+$_['upload_err_08'] = 'Error 8: A PHP extension stopped the file upload.';
 $_['upload_msg_01'] = 'No file selected for upload.';
-$_['upload_msg_02'] = 'Destination folder invalid:'; //####
+$_['upload_msg_02'] = 'Destination folder invalid:';
 $_['upload_msg_03'] = 'Upload cancelled.';
 $_['upload_msg_04'] = 'Uploading:';
 $_['upload_msg_05'] = 'Upload successful!';
 $_['upload_msg_06'] = 'Upload failed:';
-$_['new_file_txt_01'] = 'File or Folder will be created in the current folder.'; //####
+$_['new_file_txt_01'] = 'File or Folder will be created in the current folder.';
 $_['new_file_txt_02'] = 'Some invalid characters are:';
-$_['new_file_msg_01'] = 'File or folder not created:';         //####
-$_['new_file_msg_02'] = 'Name contains an invalid character:'; //####
-$_['new_file_msg_03'] = 'Not created - no name given';         //####
-$_['new_file_msg_04'] = 'File or folder already exists:';      //####
+$_['new_file_msg_01'] = 'File or folder not created:';
+$_['new_file_msg_02'] = 'Name contains an invalid character:';
+$_['new_file_msg_03'] = 'Not created - no name given';
+$_['new_file_msg_04'] = 'File or folder already exists:';
 $_['new_file_msg_05'] = 'Created file:';
-$_['new_file_msg_07'] = 'Created folder:';   //####
+$_['new_file_msg_07'] = 'Created folder:';
 $_['CRM_txt_02']  = 'The new location must already exist.';
-$_['CRM_txt_03']  = 'Old Location'; //####
 $_['CRM_txt_04']  = 'New Name';
-$_['CRM_txt_05']  = 'Old Name';   //####
 $_['CRM_msg_01']  = 'Error - new parent location does not exist:';
 $_['CRM_msg_02']  = 'Error - source file does not exist:';
-$_['CRM_msg_03']  = 'Error - new file or folder already exists:'; //####
+$_['CRM_msg_03']  = 'Error - new file or folder already exists:';
 $_['CRM_msg_05']  = 'Error during';
-$_['delete_msg_01'] = 'Deleted file:';
-$_['delete_msg_02'] = 'Error deleting';
-$_['delete_folder_msg_03'] = 'Delete error:';  //####
+$_['delete_msg_03']   = 'Delete error:';
 $_['session_warning'] = 'Warning: Session timeout soon!';
 $_['session_expired'] = 'SESSION EXPIRED';
 $_['unload_unsaved']  = ' Unsaved changes will be lost!';
@@ -367,22 +362,22 @@ function Default_Language() { // ***********************************************
 $_['admin_txt_01'] = 'A backup file was created in case of an error during a username or password change. Therefore, it may contain old information and should be deleted if not needed. In any case, it will automatically be overwritten on the next password or username change.';
 $_['admin_txt_02'] = 'General Information';
 $_['admin_txt_14'] = 'For a small improvement to security, change the default salt and/or method used by OneFileCMS to hash the password (and keep them secret, of course). Every little bit helps...'; //####
-$_['admin_txt_16'] = 'OneFileCMS can be used to edit itself.  However, be sure to have a backup ready for the inevitable ytpo...';  //####
+$_['admin_txt_16'] = 'OneFileCMS can be used to edit itself.  However, be sure to have a backup ready for the inevitable ytpo...'; //####
 $_['pw_change']  = 'Change Password';
 $_['pw_current'] = 'Current Password';
 $_['pw_new']     = 'New Password';
 $_['pw_confirm'] = 'Confirm New Password';
 $_['pw_txt_02'] = 'Password / Username rules:';
-$_['pw_txt_04'] = 'They are case-sensitive!';
-$_['pw_txt_06'] = 'They must contain at least one non-space character.';
-$_['pw_txt_08'] = 'They may contain spaces in the middle. Ex: "This is a password or username!"';
-$_['pw_txt_10'] = 'Leading and trailing spaces are removed.';
-$_['pw_txt_12'] = 'To record the change, only one file is updated: either the active copy of OneFileCMS, or, if specified, an external configuration file.';
+$_['pw_txt_04'] = 'Case-sensitive: "A" is not "a"';
+$_['pw_txt_06'] = 'Must contain at least one non-space character.';
+$_['pw_txt_08'] = 'May contain spaces in the middle. Ex: "This is a password or username!"';
+$_['pw_txt_10'] = 'Leading and trailing spaces are ignored.';
+$_['pw_txt_12'] = 'In recording the change, only one file is updated: either the active copy of OneFileCMS, or, if specified, an external configuration file.';
 $_['pw_txt_14'] = 'If an incorrect current password is entered, you will be logged out, but you may log back in.';
 $_['change_pw_01'] = 'Password changed!';
 $_['change_pw_02'] = 'Password NOT changed:';
 $_['change_pw_03'] = 'Incorrect current password. Login to try again.';
-$_['change_pw_04'] = 'New and "Confirm New" values do not match.';
+$_['change_pw_04'] = '"New" and "Confirm New" values do not match.';
 $_['change_pw_05'] = 'Updating';
 $_['change_pw_06'] = 'external config file';
 $_['un_change']     = 'Change Username';
@@ -626,13 +621,13 @@ function Get_GET() { //*** Get main parameters *********************************
 
 
 
-function Verify_page_conditions() { //******************************************
-	global $_, $ONESCRIPT, $ipath, $filename, $page, $EX, $message, $VALID_POST;
-	
-	//If exited admin pages, restore $ipath
+function Verify_Page_Conditions() { //******************************************
+	global $_, $ONESCRIPT, $ipath, $param1, $filename, $page, $EX, $message, $VALID_POST;
+
+	//If exited admin pages, restore $ipath 
 	if    ( ($page == "index") && $_SESSION['admin_page'] ) {
-		//Unless clicked www/some/path/ from edit or copy page.
-		if ( ($_SESSION['recent_pages'][1] != 'edit') && ($_SESSION['recent_pages'][1] != 'copy') ){
+		//...unless clicked www/some/path/ from edit or copy page while in admin pages.
+		if ( ($_SESSION['recent_pages'][0] != 'edit') && ($_SESSION['recent_pages'][0] != 'copyfile') ){
 			$ipath = $_SESSION['admin_ipath'];
 			$param1 = '?i='.URLencode_path($ipath);
 		}
@@ -651,6 +646,12 @@ function Verify_page_conditions() { //******************************************
 	elseif ( ($page == "deletefolder" || $page == "renamefolder") && ($ipath == "") ) {
 		$page = "index";
 	}
+	//Prep MCD_Page() to delete a single folder selected via (x) icon on index page.
+	elseif ($page == "deletefolder") {
+		$_POST['files'][1]  = basename($ipath); //Must precede next line (change of $ipath).
+		$ipath = dir_name($ipath);
+		$param1 = '?i='.$ipath;
+	}
 	//There must be at least one 'file', and 'mcdaction' must = "move", "copy", or "delete"
 	elseif ($page == "mcdaction") {
 		if     (!isset($_POST['mcdaction'] )) { $page = "index"; }
@@ -670,13 +671,14 @@ function Verify_page_conditions() { //******************************************
 		$message .= '<style>#message_box          {color: white;}   </style>';
 		$message .= $EX.'<b>'.hsc($_['edit_caution_01']).' '.$EX.hsc($_['edit_caution_02']).'</b><br>';
 	}
-}//end Verify_page_conditions() //**********************************************
+}//end Verify_Page_Conditions() //**********************************************
 
 
 
 
 function has_invalid_char($string) { //*****************************************
 	global $INVALID_CHARS, $INVALID_CHARS_array;
+	$INVALID_CHARS_array = explode(' ', $INVALID_CHARS);
 	foreach ($INVALID_CHARS_array as $bad_char) {
 		if (strpos($string, $bad_char) !== false) { return true; }
 	}
@@ -766,36 +768,21 @@ function is_empty($path){ //****************************************************
 
 
 
-function List_Selected($full_list,$classes="",$post=false) { //*****************
-	global $_, $ipath;
+function Sort_Seperate($path, $full_list){ //***********************************
+	//Sort list, then seperate folders & files
 
-	//Seperate files & folders
+	natcasesort($full_list);
 	$files= array();
 	$folders= array();
 	$F=1; $D=1;  //indexes
 	foreach( $full_list as $item ) {
 		if ( ($item == '.') || ($item == '..') || ($item == "")){ continue; }
-		if (is_dir($ipath.$item)){ $folders[$D++] = $ipath.$item.'/'; }
+		if (is_dir($path.$item)){ $folders[$D++] = $item; }
 		else                     { $files[$F++]   = $item; }
 	}
-
-	$count = count($files) + count($folders);
-	if ($count == 0) { return; }
-
-	echo '<table class="verify '.$classes.'">';
-	echo '<tr><th>'.$_['Selected_Files'].':</th></tr>'."\n";
-
-	foreach($folders as $file) {
-		echo '<tr><td>'.svg_icon_folder().hte(basename($file)).'/</td></tr>';
-		if ($post) {echo '<input type=hidden  name="files[]" value="'.hsc($file).'">'."\n";}
-	}
-
-	foreach($files as $file) {
-		echo '<tr><td>'.hte($file).'</td></tr>';
-		if ($post) {echo '<input type=hidden  name="files[]" value="'.hsc($file).'">'."\n";}
-	}
-	echo '</table>';
-}//end List_Selected() //*******************************************************
+	
+	return array_merge($folders, $files);
+}//end Sort_Seperate() //*******************************************************
 
 
 
@@ -842,11 +829,25 @@ function supports_svg() { //****************************************************
 
 function rCopy( $old_path, $new_path ) { //*************************************
 	//Recursively copy $old_path to $new_path
-	global $message;
-	
-	if (file_exists($new_path))      { return false; } //Don't overwrite existing files
-	if (!is_dir(dirname($new_path))) { return false; } //New parent dir must already exist.
-	
+	global $_, $WHSPC_SLASH, $EX, $message;
+
+	//Avoid a bottomless pit of sub-directories:
+	//    ok: copy root/1/ to root/1/Copy_of_1/
+	//NOT OK: copy root/1/ to root/1/2/Coyp_of_1/
+	//
+	//First, trim / and white-space that will mess up strlen() check.
+	$old_path = trim($old_path,$WHSPC_SLASH);
+	$new_path = trim($new_path,$WHSPC_SLASH);
+	//
+	$test_path = dirname($new_path);
+	while (strlen($test_path) >= strlen($old_path)) {
+		$test_path = dirname($test_path);
+		if ( $test_path == $old_path ) {
+			$message .= $EX.' <b>'.$_['rCopy_msg_01'].'</b><br>';
+			return false;
+		}
+	}
+
 	if ( is_file($old_path) ) { return copy($old_path, $new_path); }
 
 	if ( is_dir($old_path) )  {
@@ -872,20 +873,24 @@ function rCopy( $old_path, $new_path ) { //*************************************
 
 function rDel($path){ //********************************************************
 	//Recursively delete $path & all sub-folders & files.
+	//Returns number of successful unlinks & rmdirs.
 	
-	$path = trim($path, '/'); // Protects against deleting root & files outside of webroot.
+	$path = trim($path, '/'); //Protect against deleting files outside of webroot.
 	if ($path == "") { $path = '.'; }
 
-	if ( is_file($path) ) { return unlink($path); }
+	$count = 0;
+
+	if ( is_file($path) ) { return (unlink($path)*1); }
 	if ( is_dir($path) ) {
 		
 		$dir_list = scandir($path);
 		foreach ( $dir_list as $dir_item ) {
 			if ( ($dir_item == '.') || ($dir_item =='..') ) {continue;}
-			rDel($path.'/'.$dir_item);
+			$count += rDel($path.'/'.$dir_item);
 		}
-		if ( $path == '.' ) { return; } //If at web root folder, just empty it, don't delete it.
-		return rmdir($path);
+		
+		$count += rmdir($path);
+		return $count;
 	}
 	return false; //$path doesn't exists, or, I don't know what it is...
 }//end rDel() //****************************************************************
@@ -973,17 +978,16 @@ function message_box() { //*****************************************************
 
 
 
-function Cancel_Submit_Buttons($submit_label, $focus) { //**********************
+function Cancel_Submit_Buttons($submit_label) { //******************************
 	//$submit_label = Rename, Copy, Delete, etc...
-	//$focus is ID of element to receive focus(). (element may be outside this function)
-	global $_, $ONESCRIPT, $ONESCRIPT_url_backup, $ipath, $param1, $param2, $filename, $page;
+	global $_, $ONESCRIPT, $ONESCRIPT_url_backup, $ipath, $param1, $param2, $page;
 
 	$params = $param1.$param2.'&amp;p='. $_SESSION['recent_pages'][1];
 ?>
 	<p>
 	<input type="button" class="button" id="cancel" value="<?php echo hsc($_['Cancel']) ?>"
 		onclick="parent.location = '<?php echo $ONESCRIPT.$params ?>'">
-	<input type="submit" class="button" value="<?php echo $submit_label;?>" style="margin-left: 1em;">
+	<input type="submit" class="button" value="<?php echo hsc($submit_label);?>" style="margin-left: 1em;">
 <?php
 	//Do not close the <p> tag yet/here. Leave it open for potential content on individual pages.
 }//end Cancel_Submit_Buttons() //***********************************************
@@ -1013,8 +1017,8 @@ function show_image(){ //*******************************************************
 	echo hsc($_['show_img_msg_01']).round($SCALE*100).
 		 hsc($_['show_img_msg_02']).' '.$img_info[0].' x '.$img_info[1].').</p>';
 	echo '<div class=clear></div>'.PHP_EOL;
-	echo '<a href="/' .URLencode_path($IMG). '" target="_blank">'.PHP_EOL;
-	echo '<img src="/'.URLencode_path($IMG).'"  height="'.($img_info[$H] * $SCALE).'"></a>'.PHP_EOL;
+	echo '<a  href="/'.URLencode_path($IMG).'" target="_blank">'.PHP_EOL;
+	echo '<img src="/'.URLencode_path($IMG).'" width="'.($img_info[$W] * $SCALE).'"></a>'.PHP_EOL;
 }//end show_image() //**********************************************************
 
 
@@ -1031,231 +1035,113 @@ function Timeout_Timer($COUNT, $ID, $CLASS="", $ACTION="") { //*****************
 
 
 
-function Init_Macros(){ //*** ($varibale="some reusable chunk of code")*********
-
-global 	$_, $ONESCRIPT, $param1, $param2, $INPUT_NUONCE, $FORM_COMMON, $PWUN_RULES,
-		$SVG_icon_circle_plus, $SVG_icon_circle_x, $SVG_icon_pencil, $SVG_icon_img_0,
-		$SVG_icon_circle_plus_rev;
-
-$INPUT_NUONCE = '<input type="hidden" name="nuonce" value="'.$_SESSION['nuonce'].'">'.PHP_EOL;
-$FORM_COMMON = '<form method="post" action="'.$ONESCRIPT.$param1.$param2.'">'.$INPUT_NUONCE;
-
-$PWUN_RULES  = '<p>'.hsc($_['pw_txt_02']).'<ol><li>'.hsc($_['pw_txt_04']).'<li>'.hsc($_['pw_txt_06']);
-$PWUN_RULES .= '<li>'.hsc($_['pw_txt_08']).'<li>'.hsc($_['pw_txt_10']).'</ol>';
-
-$SVG_icon_circle_plus = '<circle cx="5" cy="5" r="5" stroke="black" stroke-width="0" fill="#080"/>
-	  <line x1="2" y1="5" x2="8" y2="5" stroke="white" stroke-width="1.5" />
-	  <line x1="5" y1="2" x2="5" y2="8" stroke="white" stroke-width="1.5" />';
-
-$SVG_icon_circle_plus_rev = '<circle cx="5" cy="5" r="5" stroke="#080" stroke-width="1.3" fill="white"/>
-	  <line x1="2" y1="5" x2="8" y2="5" stroke="#080" stroke-width="1.5" />
-	  <line x1="5" y1="2" x2="5" y2="8" stroke="#080" stroke-width="1.5" />';
-
-$SVG_icon_circle_x = '<circle cx="5" cy="5" r="5" stroke="black" stroke-width="0" fill="#D00"/>
-	<line x1="2.5" y1="2.5" x2="7.5" y2="7.5" stroke="white" stroke-width="1.5"/>
-	<line x1="7.5" y1="2.5" x2="2.5" y2="7.5" stroke="white" stroke-width="1.5"/>';
+function Init_Macros() { //*** ($varibale="some reusable chunk of code")********
+	global 	$_, $ONESCRIPT, $param1, $param2, $INPUT_NUONCE, $FORM_COMMON, $PWUN_RULES;
 
-$SVG_icon_pencil = '<polygon points="2,0 9,7 7,9 0,2" stroke-width="1" stroke="darkgoldenrod" fill="rgb(246,222,100)"/>
-	  <path  d="M0,2   L0,0  L2,0"      stroke="tan" fill="tan" stroke-width="1" />
-	  <path  d="M0,1.5   L0,0  L1.5,0"      stroke="black" fill="transparent" stroke-width="1.5" />
-	  <line x1="7.3" y1="10"  x2="10" y2="7.3"  stroke="silver" stroke-width="1"/>
-	  <line x1="8.1" y1="10.8"  x2="10.8" y2="8.1"  stroke="red" stroke-width="1"/>';
+	$INPUT_NUONCE = '<input type="hidden" name="nuonce" value="'.$_SESSION['nuonce'].'">'."\n";
+	$FORM_COMMON = '<form method="post" action="'.$ONESCRIPT.$param1.$param2.'">'.$INPUT_NUONCE."\n";
 
-$SVG_icon_img_0 = '<rect x="0"    y="0"   width="14" height="16" fill="#FF8" stroke="#44F" stroke-width="2" />
-	<rect x="2"    y="2"   width="5"  height="5"  fill="#F66" stroke-width="0" />
-	<rect x="7.5"  y="6"   width="5"  height="5"  fill="#6F6" stroke-width="0" />
-	<rect x="2"    y="10"  width="5"  height="5"  fill="#66F" stroke-width="0" />';
+	$PWUN_RULES  = '<p>'.hsc($_['pw_txt_02']).'<ol><li>'.hsc($_['pw_txt_04']).'<li>'.hsc($_['pw_txt_06']);
+	$PWUN_RULES .= '<li>'.hsc($_['pw_txt_08']).'<li>'.hsc($_['pw_txt_10']).'</ol>';
 }//end Init_Macros() //*********************************************************
 
 
 
 
-function svg_icon_ren(){ //*****************************************************
-	global $SVG_icon_pencil;
-	
-	$pencil = '<g transform="translate( 5, 3.5)">'.$SVG_icon_pencil.'</g>';
-	$sheet  = svg_icon_txt_0('#333', '#000', '#FFF', $pencil);
-	
-	return '<svg class="icon2" xmlns="http://www.w3.org/2000/svg" version="1.1" width="16" height="16">'.$sheet.$pencil.'</svg>';
-}//end svg_icon_ren() //********************************************************
-
-
-
-
-function svg_icon_copy(){ //****************************************************
-	global $SVG_icon_circle_plus_rev;
-
-	return '<svg class="icon2" xmlns="http://www.w3.org/2000/svg" version="1.1" width="12" height="12">'.
-		'<g transform="translate( 1, 1)">'.$SVG_icon_circle_plus_rev.'</g></svg>';
-
-}//end svg_icon_copy() //*******************************************************
-
-
-
-
-function svg_icon_del(){ //*****************************************************
-	global $SVG_icon_circle_x;
-
-	return '<svg class="icon2" xmlns="http://www.w3.org/2000/svg" version="1.1" width="11" height="11">'.
-		'<g transform="translate( .5, .5)">'.$SVG_icon_circle_x.'</g></svg>';
-
-}//end svg_icon_del() //********************************************************
-
-
-
-
-function svg_icon_bin(){ //*****************************************************
-$zero = '<rect x="0"  y="0"  width="3" height="6" fill="transparent" stroke="#555" stroke-width="1" />';
-$one  = '<line x1="0" y1="-.5"   x2="0" y2="6.5"  stroke="#555" stroke-width="1"/>';
-
-return '<svg class="icon" xmlns="http://www.w3.org/2000/svg" version="1.1" width="14" height="16">
-		<g transform="translate( 0.5,0.5)">'.$one .'</g>
-		<g transform="translate( 3.5,0.5)">'.$zero.'</g>
-		<g transform="translate( 9.5,0.5)">'.$one .'</g>
-		<g transform="translate(12.5,0.5)">'.$one .'</g>
-		<g transform="translate( 0.5,9.5)">'.$zero.'</g>
-		<g transform="translate( 6.5,9.5)">'.$one .'</g>
-		<g transform="translate( 9.5,9.5)">'.$zero.'</g>
-		</svg>';
-}//end svg_icon_bin() //********************************************************
-
-
-
-function svg_icon_img(){ //*****************************************************
-	global $SVG_icon_img_0;
-	return '<svg class="icon icon_file" xmlns="http://www.w3.org/2000/svg" version="1.1" width="14" height="16">'.
-		$SVG_icon_img_0.'</svg>';
-}//end svg_icon_img() //********************************************************
-
-
-
-function svg_icon_svg(){ //*****************************************************
-	global $SVG_icon_img_0;
-	return '<svg class="icon icon_file" xmlns="http://www.w3.org/2000/svg" version="1.1" width="14" height="16">'.
-	$SVG_icon_img_0.
-	'<line x1="3" y1="3.5"  x2="11" y2="3.5"  stroke="#444" stroke-width=".6"/>
-	<line x1="3" y1="6.5"  x2="11" y2="6.5"  stroke="#444" stroke-width=".6"/>
-	<line x1="3" y1="9.5"  x2="11" y2="9.5"  stroke="#444" stroke-width=".6"/>
-	<line x1="3" y1="12.5" x2="11" y2="12.5" stroke="#444" stroke-width=".6"/>
-	</svg>';
-}//end svg_icon_img() //********************************************************
-
-
-
-function svg_icon_txt_0($border, $lines, $fill, $extra = ""){ //****************
-return '<svg class="icon icon_file" xmlns="http://www.w3.org/2000/svg" version="1.1" width="14" height="16">
-	<rect x = "0" y = "0" width = "14" height = "16" fill="'.$fill.'" stroke="'.$border.'" stroke-width="2" />
-	<line x1="3" y1="3.5"  x2="11" y2="3.5"  stroke="'.$lines.'" stroke-width=".6"/>
-	<line x1="3" y1="6.5"  x2="11" y2="6.5"  stroke="'.$lines.'" stroke-width=".6"/>
-	<line x1="3" y1="9.5"  x2="11" y2="9.5"  stroke="'.$lines.'" stroke-width=".6"/>
-	<line x1="3" y1="12.5" x2="11" y2="12.5" stroke="'.$lines.'" stroke-width=".6"/>'.$extra.'</svg>';
-}//end svg_icon_txt_0() //******************************************************
-
-
-
-function svg_icon_txt(){ return svg_icon_txt_0('#333', '#000', '#FFF'); } //****
-
-function svg_icon_htm(){ return svg_icon_txt_0('#444', '#222', '#FABEAA'); } //* rgb(250,190,170)
-
-function svg_icon_php(){ return svg_icon_txt_0('#333', '#111', '#C3C3FF'); } //* rgb(195,195,225)
-
-function svg_icon_css(){ return svg_icon_txt_0('#333', '#111', '#FFE1A5'); } //* rgb(255,225,165)
-
-function svg_icon_cfg(){ return svg_icon_txt_0('#444', '#111', '#DDD'); } //****
-
-
-
-function svg_icon_upload(){ //**************************************************
-	$extra = '<g transform="scale(1.1) translate(1.75,4)">
-		<polygon points="6,0  12,6  8,6  8,11  4,11  4,6  0,6"
-		stroke-width="1" stroke="white" fill="green" /></g>'; //up arrow
-
-	return svg_icon_txt_0('#333', 'black', 'white', $extra);
-}//end svg_icon_upload() //*****************************************************
-
+function Init_ICONS() { //*******************************************************
+	global 	$ICONS;
 
+	//*********************************************************************
+	function icon_txt($border='#333', $lines='#000', $fill='#FFF', $extra1="", $extra2=""){
+		return '<svg class="icon" version="1.1" width="14" height="16">'.
+		'<rect x = "0" y = "0" width = "14" height = "16" fill="'.$fill.'" stroke="'.$border.'" stroke-width="2" />'.$extra2.
+		'<line x1="3" y1="3.5"  x2="11" y2="3.5"  stroke="'.$lines.'" stroke-width=".6"/>'.
+		'<line x1="3" y1="6.5"  x2="11" y2="6.5"  stroke="'.$lines.'" stroke-width=".6"/>'.
+		'<line x1="3" y1="9.5"  x2="11" y2="9.5"  stroke="'.$lines.'" stroke-width=".6"/>'.
+		'<line x1="3" y1="12.5" x2="11" y2="12.5" stroke="'.$lines.'" stroke-width=".6"/>'.$extra1.'</svg>';
+	}//end icon_txt() //***************************************************
 
-function svg_icon_file_new(){ //************************************************
-	global $SVG_icon_circle_plus;
-	$extra = '<g transform="translate(4,6)">'.$SVG_icon_circle_plus.'</g>';
 
-	return svg_icon_txt_0('#444', 'black', 'white', $extra);
-}//end svg_icon_file_new() //***************************************************
+	function icon_folder($extra = ""){ //**********************************
+		return '<svg class="icon" version="1.1" width="18" height="16"><g transform="translate(0,1)">'.
+			'<path  d="M0.5, 1  L8,1  L9,2  L9,3  L16.5,3  L17,3.5  L17,13.5  L.5,13.5  L.5,.5"'.
+				'fill="#F0CD28" stroke="rgb(200,170,15)" stroke-width="1" />'.
+			'<path  d="M1.5, 8  L7, 8  L8.5,6.3  L16,6.3  L7.5, 6.3   L6.5,7.5  L1.5,7.5"'.
+				'fill="transparent" stroke="white" stroke-width="1" />'.
+			'<path  d="M1.5,13  L1.5,2  L7.5,2  L8.5,3  L8.5,4  L15.5,4 L16,4.5  L16,13"'.
+				'fill="transparent" stroke="white" stroke-width="1" />'.
+			$extra.'</g></svg>';
+	}//end icon_folder() //************************************************
 
 
+	//Some common components
+	$circle_x = '<circle cx="5" cy="5" r="5" stroke="#D00" stroke-width="1.3" fill="#D00"/>'.
+		'<line x1="2.5" y1="2.5" x2="7.5" y2="7.5" stroke="white" stroke-width="1.5"/>'.
+		'<line x1="7.5" y1="2.5" x2="2.5" y2="7.5" stroke="white" stroke-width="1.5"/>';
 
-function svg_icon_file_del(){ //************************************************
-	global $SVG_icon_circle_x;
-	$extra = '<g transform="translate(4,6)">'.$SVG_icon_circle_x.'</g>';
+	$circle_plus = '<circle cx="5" cy="5" r="5" stroke="#080" stroke-width="0" fill="#080"/>'.
+		'<line x1="2" y1="5" x2="8" y2="5" stroke="white" stroke-width="1.5" />'.
+		'<line x1="5" y1="2" x2="5" y2="8" stroke="white" stroke-width="1.5" />';
 
-	return svg_icon_txt_0('#444', 'black', 'white', $extra);
-}//end svg_icon_file_del() //***************************************************
+	$circle_plus_rev = '<circle cx="5" cy="5" r="5" stroke="#080" stroke-width="1.3" fill="white"/>'.
+		'<line x1="2" y1="5" x2="8" y2="5" stroke="#080" stroke-width="1.5" />'.
+		'<line x1="5" y1="2" x2="5" y2="8" stroke="#080" stroke-width="1.5" />';
 
+	$pencil = '<polygon points="2,0 9,7 7,9 0,2" stroke-width="1" stroke="darkgoldenrod" fill="rgb(246,222,100)"/>'.
+		'<path  d="M0,2    L0,0  L2,0"   stroke="tan"    stroke-width="1" fill="tan"/>'.
+		'<path  d="M0,1.5  L0,0  L1.5,0" stroke="black"  stroke-width="1.5" fill="transparent"/>'.
+		'<line x1="7.3" y1="10"  x2="10" y2="7.3" stroke="silver" stroke-width="1"/>'.
+		'<line x1="8.1" y1="10.8"  x2="10.8" y2="8.1"  stroke="red" stroke-width="1"/>';
 
+	$img_0 = '<rect x="0"    y="0"   width="14" height="16" fill="#FF8" stroke="#44F" stroke-width="2"/>'.
+		'<rect x="2"    y="2"   width="5"  height="5"  fill="#F66" stroke-width="0" />'.
+		'<rect x="7.5"  y="6"   width="5"  height="5"  fill="#6F6" stroke-width="0" />'.
+		'<rect x="2"    y="10"  width="5"  height="5"  fill="#66F" stroke-width="0" />';
 
-function svg_icon_folder_0($extra = ""){ //*************************************
-    //original: fill="#FBE47b" stroke="#F0CD28
- return '<svg class="icon icon_fldr" xmlns="http://www.w3.org/2000/svg" version="1.1" width="18" height="14">
-	<path  d="M0.5, 1  L8,1  L9,2  L9,3  L16.5,3  L17,3.5  L17,13.5  L.5,13.5  L.5,.5"
-			fill="#F0CD28" stroke="rgb(200,170,15)" stroke-width="1" />
-	<path  d="M1.5, 8  L7, 8  L8.5,6.3  L16,6.3  L7.5, 6.3   L6.5,7.5  L1.5,7.5"
-			fill="transparent" stroke="white" stroke-width="1" />
-	<path  d="M1.5,13  L1.5,2  L7.5,2  L8.5,3  L8.5,4  L15.5,4 L16,4.5  L16,13"
-			fill="transparent" stroke="white" stroke-width="1" />'.
-	$extra.'</svg>';
-}//end svg_icon_folder_0() //***************************************************
+	$arc_arrow = '<path d="M 3.5,12 a 30,30 0 0,1  9,-9  l -1.5,-2.4  l 6,1.3  l -1.6,6 l -1.5,-2.4'.
+					   ' a 30,30 0 0,0 -9,6.5 Z"  fill="white" stroke="blue" stroke-width="1.1" />';
 
+	$up_arrow = '<polygon points="6,0  12,6  8,6  8,11  4,11  4,6  0,6" stroke-width="1" stroke="white" fill="green" />';
 
+	$zero = '<rect x="0"  y="0"  width="3" height="6" fill="transparent" stroke="#555" stroke-width="1" />';
+	$one  = '<line x1="0" y1="-.5"   x2="0" y2="6.5"  stroke="#555" stroke-width="1"/>';
 
-function svg_icon_folder(){ return svg_icon_folder_0(''); } //******************
+	$extra_up  = '<g transform="scale(1.1) translate(1.75,4)">'.$up_arrow.'</g>';
+	$extra_new = '<g transform="translate(4,6)">'.$circle_plus.'</g>';
+	$extra_z   = '<text x="4" y="12" style="font-size:8pt;font-weight:900;fill:blue ;font-family:Arial;">z</text>';
 
 
+	$ICONS['bin'] =  '<svg class="icon" version="1.1" width="14" height="16">'.
+		  '<g transform="translate( 0.5,0.5)">'.$one .'</g>'.
+		  '<g transform="translate( 3.5,0.5)">'.$zero.'</g>'.'<g transform="translate( 9.5,0.5)">'.$one .'</g>'.
+		  '<g transform="translate(12.5,0.5)">'.$one .'</g>'.'<g transform="translate( 0.5,9.5)">'.$zero.'</g>'.
+		  '<g transform="translate( 6.5,9.5)">'.$one .'</g>'.'<g transform="translate( 9.5,9.5)">'.$zero.'</g>'.
+		  '</svg>';
+	$ICONS['z'] = icon_txt('#333','#FFF','#FFF',$extra_z);
+	$ICONS['img'] = '<svg class="icon" version="1.1" width="14" height="16">'.$img_0.'</svg>';
+	$ICONS['svg'] = icon_txt('#333', '#444', '#FFF', "", $img_0);
+	$ICONS['txt'] = icon_txt('#333', '#000', '#FFF');
+	$ICONS['htm'] = icon_txt('#444', '#222', '#FABEAA'); //* rgb(250,190,170)
+	$ICONS['php'] = icon_txt('#333', '#111', '#C3C3FF'); //* rgb(195,195,225)
+	$ICONS['css'] = icon_txt('#333', '#111', '#FFE1A5'); //* rgb(255,225,165)
+	$ICONS['cfg'] = icon_txt('#444', '#111', '#DDD');
+	$ICONS['upload'] = icon_txt('#333', 'black', 'white', $extra_up);
+	$ICONS['file_new'] = icon_txt('#444', 'black', 'white', $extra_new);
+	$ICONS['folder'] = icon_folder();
+	$ICONS['folder_new'] = icon_folder('<g transform="translate(7.5,4)">'.$circle_plus.'</g>');
+	$ICONS['ren_mov'] = icon_folder('<g transform="translate(2.5,3)">'.$pencil.'</g>'.$arc_arrow);
+	$ICONS['move']    = icon_folder($arc_arrow);
+	$ICONS['copy']    = '<svg version="1.1" width="12" height="12"><g transform="translate(1,1)">'.$circle_plus_rev.'</g></svg>';
+	$ICONS['delete']  = '<svg version="1.1" width="12" height="12"><g transform="translate(1,1)">'.$circle_x.'</g></svg>';
 
-function svg_icon_folder_new(){ //**********************************************
-	global $SVG_icon_circle_plus;
-	$extra = '<g transform="translate(7.5,4)">'.$SVG_icon_circle_plus.'</g>';
-	return svg_icon_folder_0($extra);
-}//end svg_icon_folder_new() //*************************************************
-
-
-
-function svg_icon_folder_ren(){ //**********************************************
-	global $SVG_icon_pencil;
-	$extra = '<g transform="translate(6,3)">'.$SVG_icon_pencil.'</g>';
-	return svg_icon_folder_0($extra);
-}//end svg_icon_folder_ren() //*************************************************
-
-
-
-function svg_icon_folder_cpy(){ //**********************************************
-	global $SVG_icon_circle_plus_rev;
-	$extra = '<g transform="translate(7.5,4)">'.$SVG_icon_circle_plus_rev.'</g>';
-	return svg_icon_folder_0($extra);
-}//end svg_icon_folder_cpy() //*************************************************
-
-
-
-function svg_icon_folder_del(){ //**********************************************
-	global $SVG_icon_circle_x;
-	$extra = '<g transform="translate(7.5,4)">'.$SVG_icon_circle_x.'</g>';
-	return svg_icon_folder_0($extra);
-}//end svg_icon_folder_del() //*************************************************
-
-
-
-
-function show_icon($type){ //***************************************************
-	if     ($type == 'bin') { return svg_icon_bin(); }
-	elseif ($type == 'img') { return svg_icon_img(); }
-	elseif ($type == 'svg') { return svg_icon_svg(); }
-	elseif ($type == 'txt') { return svg_icon_txt(); }
-	elseif ($type == 'htm') { return svg_icon_htm(); }
-	elseif ($type == 'php') { return svg_icon_php(); }
-	elseif ($type == 'css') { return svg_icon_css(); }
-	elseif ($type == 'cfg') { return svg_icon_cfg(); }
-	elseif ($type == 'dir') { return svg_icon_folder(); }
-	else                    { return svg_icon_bin(); } //default
-}//end show_icon() //***********************************************************
+	if (!supports_svg()) { //Text "icons".  Mostly for IE < 9
+		foreach ($ICONS as $key=> $value) { $ICONS[$key] = ""; }
+		$ICONS['ren_mov'] = '<span class="RCD1 R">&gt;</span>';
+		$ICONS['move']    = '<span class="RCD1 R">&gt;</span>';
+		$ICONS['copy']    = '<span class="RCD1 C">+</span>';
+		$ICONS['delete']  = '<span class="RCD1 D">x</span>';
+	}
+}//end Init_ICONS(){ //*********************************************************
 
 
 
@@ -1263,24 +1149,23 @@ function show_icon($type){ //***************************************************
 function List_Backup($file, $file_url){ //**************************************
 	global $_, $ONESCRIPT;
 
-		clearstatcache ();
-		$href = $ONESCRIPT.'?i='.dir_name($file_url).'&amp;f='.basename($file_url);
+	clearstatcache ();
+	$href = $ONESCRIPT.'?i='.dir_name($file_url).'&amp;f='.basename($file_url);
 ?>
-		<table class="index_T old_backup_T"><tr>
-		<td class="file_name">
-			<?php echo '<a href="'.$href.'&amp;p=edit'.'" id="old_backup">'.basename($file_url); ?></a>
-		</td>
-		<td class="meta_T file_size">&nbsp;
-			<?php echo number_format(filesize($file)); ?> B
-		</td>
-		<td class="meta_T file_time"> &nbsp;
-			<script>FileTimeStamp(<?php echo filemtime($file); ?>, 1, 0);</script>
-		</td>
-		</tr></table>
-
-		<script>document.getElementById("old_backup").focus();</script>
-		<a href="<?php echo $href.'&amp;p=deletefile' ?>" class="button" id="del_backup"><?php echo hsc($_['Delete']) ?></a>
-		<div class=clear></div>
+	<table class="index_T old_backup_T"><tr>
+	<td class="file_name">
+		<?php echo '<a href="'.$href.'&amp;p=edit'.'" id="old_backup">'.basename($file_url); ?></a>
+	</td>
+	<td class="meta_T file_size">&nbsp;
+		<?php echo number_format(filesize($file)); ?> B
+	</td>
+	<td class="meta_T file_time"> &nbsp;
+		<script>FileTimeStamp(<?php echo filemtime($file); ?>, 1, 0);</script>
+	</td>
+	</tr></table>
+
+	<a href="<?php echo $href.'&amp;p=deletefile' ?>" class="button" id="del_backup"><?php echo hsc($_['Delete']) ?></a>
+	<div class=clear></div>
 <?php
 }//end List_Backup() //*********************************************************
 
@@ -1329,20 +1214,17 @@ function Admin_Page() { //******************************************************
 	if (is_file($ONESCRIPT_file_backup) || is_file($CONFIG_file_backup) ) {
 		
 		echo '<p><b>'.hsc($_['admin_txt_00']).'</b></p>';
-		
 		if (is_file($ONESCRIPT_file_backup)) { List_Backup($ONESCRIPT_file_backup, $ONESCRIPT_url_backup); }
-		
 		if (is_file($CONFIG_file_backup))    { List_Backup($CONFIG_file_backup, $CONFIG_url_backup); }
-		
 		echo '<p>'.hsc($_['admin_txt_01']);
-		
 		echo '<hr>';
-		
+		$focus_on = 'old_backup'; //id of filename listed
 	}else {
-		echo '<script>document.getElementById("cancel").focus();</script>';
+		$focus_on = 'cancel';
 	}//end of check for backup
+	
+	echo '<script>document.getElementById("'.$focus_on.'").focus();</script>';
 	?>
-		
 	<p><b><?php echo hsc($_['admin_txt_02']) ?></b>
 	<p><?php echo hsc($_['admin_txt_16']) ?>
 	<p><?php echo hsc($_['admin_txt_14']) ?>
@@ -1366,7 +1248,8 @@ function Hash_Page() { //*******************************************************
 		<?php echo $INPUT_NUONCE; ?>
 		<?php echo hsc($_['pass_to_hash']) ?>
 		<input type="text" name="whattohash" id="whattohash" value="<?php echo hsc($_POST["whattohash"]) ?>">
-		<?php Cancel_Submit_Buttons(hsc($_['Generate_Hash']), 'whattohash') ?>
+		<p><?php Cancel_Submit_Buttons($_['Generate_Hash']) ?>
+		<script>document.getElementById('whattohash').focus()</script>
 	</form>
 
 	<div class="info">
@@ -1422,7 +1305,8 @@ function Change_PWUN_Page($pwun, $type,$page_title,$label_new,$label_confirm) {
 		<p><?php echo hsc($label_confirm) ?><br>
 		<input type="<?php echo $type ?>" name="new2" id="new2" value="">
 		
-		<?php Cancel_Submit_Buttons(hsc($_['Submit']), 'current_pw') ?>
+		<?php Cancel_Submit_Buttons($_['Submit']) ?>
+		<script>document.getElementById('current_pw').focus()</script>
 	</form>
 
 	<div class="info">
@@ -1561,9 +1445,9 @@ function Login_Page() { //******************************************************
 	<h2><?php echo hsc($_['Log_In']) ?></h2>
 	<form method="post" action="<?php echo $ONESCRIPT; ?>">
 		<label for="username"><?php echo hsc($_['login_txt_01']) ?></label>
-		<input type="text"     name="username" id="username" class="login_input">
+		<input type="text"     name="username" id="username">
 		<label for="password"><?php echo hsc($_['login_txt_02']) ?></label>
-		<input type="password" name="password" id="password" class="login_input">
+		<input type="password" name="password" id="password">
 		<input type="submit" class="button" value="<?php echo hsc($_['Enter']) ?>">
 	</form>
 	<script>document.getElementById('username').focus();</script>
@@ -1604,7 +1488,7 @@ function Login_response() { //**************************************************
 
 	//validate login.
 	if ( ($_POST['password'] == "") || ($_POST['username'] == "") )  {
-		return; //Ignore attempt if either username OR password is blank.
+		return; //Ignore login attempt if either username or password is blank.
 	}elseif ( $VALID_PASSWORD && ($_POST['username'] == $USERNAME) ) {
 		session_regenerate_id(true);
 		$_SESSION['user_agent'] = $_SERVER['HTTP_USER_AGENT']; //for user consistancy check.
@@ -1612,7 +1496,7 @@ function Login_response() { //**************************************************
 		$page = "index";
 		if ( is_file($LOGIN_ATTEMPTS) ) { unlink($LOGIN_ATTEMPTS); } //delete invalid attempts count file
 	}else{
-		file_put_contents($LOGIN_ATTEMPTS, ++$attempts); //increment & save attempt
+		file_put_contents($LOGIN_ATTEMPTS, ++$attempts); //increment attempts
 		$message  = $EX.'<b>'.hsc($_['login_msg_03']).$attempts.'</b><br>';
 		if ($attempts >= $MAX_ATTEMPTS) {
 			$message .= hsc($_['login_msg_02a']).' ';
@@ -1625,14 +1509,61 @@ function Login_response() { //**************************************************
 
 
 
-function Table_of_Files($files, $folders, $R, $C, $D) { //********************************
+//******************************************************************************
+function List_File($file, $type, $f_or_f, $DS, $IS_OFCMS, $HREF_params, $param3) {
+	global $_, $ICONS, $ipath, $fclasses;
+
+	//Determine icon to show
+	if (in_array($type,$fclasses)) { $icon = $ICONS[$type];}
+	elseif ($type == 'dir')        { $icon = $ICONS['folder']; }
+	else                           { $icon = $ICONS['bin']; } //default
+?>
+	<tr>
+		<td class="RCD"><?php 
+		if (!$IS_OFCMS){
+			echo '<a href="'.$HREF_params.'&amp;p=rename'.$f_or_f.'" title="'.hsc($_['Ren_Move']).'">'.$ICONS['ren_mov'].'</a>';
+		} ?>
+		</td>
+		<td class="RCD"><?php
+			echo '<a href="'.$HREF_params.'&amp;p=copy'.$f_or_f.'"   title="'.hsc($_['Copy']).'"    >'.$ICONS['copy'].'</a>' ?>
+		</td>
+		<td class="RCD"><?php 
+		if (!$IS_OFCMS){
+			echo '<a href="'.$HREF_params.'&amp;p=delete'.$f_or_f.'" title="'.hsc($_['Delete']).'"  >'.$ICONS['delete'].'</a>';
+		} ?>
+		</td>
+		<td class="ckbox"><?php
+		if (!$IS_OFCMS){
+			echo '<INPUT TYPE=checkbox NAME="files[]" VALUE="'.hsc($file).'">';
+		} ?>
+		</td>
+		<td class="file_name"><?php
+			echo '<a href="'.$HREF_params.$param3.'"  title="'.hsc($_['Edit_View']).'">';
+			echo $icon.'&nbsp;'.hte($file).$DS.'</a>';
+		 ?></td>
+		<td class="meta_T file_size">&nbsp;<?php
+		if (!is_dir($ipath.$file)) { 
+			echo number_format(filesize($ipath.$file)).' B';
+		}?>
+		</td>
+		<td class="meta_T file_time"> &nbsp;
+			<script>FileTimeStamp(<?php echo filemtime($ipath.$file); ?>, 1, 0);</script>
+		</td>
+	</tr>
+<?php
+}//end List_File() //***********************************************************
+
+
+
+
+function Table_of_Files($full_list) { //****************************************
 	global $_, $ONESCRIPT, $ipath, $param1, $ftypes, $fclasses, $excluded_list, $stypes, $SHOWALLFILES;
 
 	//dummy input to make sure files[] is always an array in js for Select_All() & Confirm_Ready().
 	echo '<INPUT TYPE=hidden NAME="files[]" VALUE="">';
 
 	echo '<table class="index_T">';
-	foreach ($files as $file) {
+	foreach ($full_list as $file) {
 		
 		$excluded = FALSE;
 		if (in_array($file, $excluded_list)) { $excluded = TRUE; };
@@ -1646,151 +1577,69 @@ function Table_of_Files($files, $folders, $R, $C, $D) { //**********************
 		$IS_OFCMS = false;
 		if ( $ipath.$file == trim(rawurldecode($ONESCRIPT), '/') ) { $IS_OFCMS = true;  }
 		
-		if ( $SHOWTYPE &&  !$excluded ) { //!is_dir($ipath.$file) &&
-			
+		if ( ($SHOWTYPE && !$excluded) || is_dir($ipath.$file) ) {
 			$HREF_params = $ONESCRIPT.$param1;
-			$parm_folder = '';
 			
-			//Set icon type based on file type ($ext).
+			//Set icon type based on if dir, or file type ($ext).
 			if (is_dir($ipath.$file)) {
 				$f_or_f = 'folder';
-				$type = 'dir';
-				$HREF_params .= $file.'/';
+				$type   = 'dir';
+				$HREF_params .= URLencode_path($file).'/';
 				$param3 = '';
+				$DS = ' /'; //End with a directory seperator to indicated a folder.
 			}else {
 				$f_or_f = "file";
 				$type = $fclasses[array_search($ext, $ftypes)];
 				$HREF_params .= '&amp;f='.rawurlencode($file);
 				$param3 = '&amp;p=edit';
+				$DS = '';
 			}
-?>
-			<tr>
-				<td class="rcd">
-				<?php if (!$IS_OFCMS){
-					echo '<a href="'.$HREF_params.'&amp;p=rename'.$f_or_f.'" title="'.hsc($_['Ren_Move']).'" class="rcd1">'.$R.'</a>';
-				} ?></td>
-				
-				<td class="rcd">
-				<?php
-					echo '<a href="'.$HREF_params.'&amp;p=copy'.$f_or_f.'"   title="'.hsc($_['Copy']).'"   class="rcd1">'.$C.'</a>'
-				?></td>
-				
-				<td class="rcd"><?php if (!$IS_OFCMS){
-					echo '<a href="'.$HREF_params.'&amp;p=delete'.$f_or_f.'" title="'.hsc($_['Delete']).'" class="rcd1">'.$D.'</a>';
-				} ?></td>
-				
-				<td class="ckbox"><?php if (!$IS_OFCMS){
-					echo '<INPUT TYPE=checkbox NAME="files[]" VALUE="'.hsc($file).'">';
-				} ?></td>
-				
-				<td class="file_name">
-					<?php echo '<a href="'.$HREF_params.$param3.'"  title="'.hsc($_['Edit_View']).'">'; ?>
-					<?php echo show_icon($type).hte($file), '</a>'; ?>
-				</td>
-				<td class="meta_T file_size">&nbsp;
-					<?php echo number_format(filesize($ipath.$file)); ?> B
-				</td>
-				<td class="meta_T file_time"> &nbsp;
-					<script>FileTimeStamp(<?php echo filemtime($ipath.$file); ?>, 1, 0);</script>
-				</td>
-			</tr>
-<?php
-		}//end if...
+			
+			List_File($file, $type, $f_or_f, $DS, $IS_OFCMS, $HREF_params, $param3);
+			
+		}//end if !is_dir...
 	}//end foreach file
 	echo '</table>';
 }//end Table_of_Files() //******************************************************
 
 
 
-function List_Files($files, $folders) { //************************************************
-	//called from Index Page
-	global $_, $ONESCRIPT, $ipath, $param1, $ftypes, $fclasses, $excluded_list;
 
-	if (count($files) == 0) {return 0;}
-
-	if (supports_svg()) {
-		$R = svg_icon_ren();
-		$C = svg_icon_copy();
-		$D = svg_icon_del();
-	}else{ //Text "icons" for Rename, Copy, and Delete. Mostly for old IE < 9
-		$R = '<span class="RCD R">'.hsc($_['R']).'</span>';
-		$C = '<span class="RCD C">'.hsc($_['C']).'</span>';
-		$D = '<span class="RCD D">'.hsc($_['D']).'</span>';
-	}
+function Index_Page(){ //*******************************************************
+	global $_, $ICONS, $ONESCRIPT, $ipath, $param1, $ftypes, $fclasses, $excluded_list;
 
+	$full_list = Sort_Seperate($ipath, scandir('./'.$ipath));
+	$file_count = count($full_list);
+	
 	echo '<form method="post" name="mcdselect" action="'.$ONESCRIPT.$param1.'&amp;p=mcdaction">';
 	echo '<input type="hidden" name="mcdaction" value="">';
 
-	echo '<div class="action">';
-
-	if (supports_svg()) { //Checks if IE < 9.
-		$select_all_attribs = 'TYPE=checkbox NAME=select_all id=select_all VALUE=select_all';
-		$select_all_input = '<INPUT '.$select_all_attribs.' onclick="Select_All();">';
-		echo '<div id=select_all_div><LABEL for=select_all id=select_all_label>'.$_['Select_All'].'</LABEL></div>'.$select_all_input;
+	echo '<table id=index_page_buttons><tr><td id="mcd_submit">';
+	if ($file_count > 0) {
+		
+		$input_attribs = 'TYPE=checkbox NAME=select_all id=select_all VALUE=select_all';
+		echo '<LABEL for=select_all id=select_all_label>'.$_['Select_All'];
+		echo '</LABEL><INPUT '.$input_attribs.' onclick="Select_All();">';
+			
+		function input_mcd_action($label, $mcd, $icon="") {
+			$onclick = ' onclick="return Confirm_ready( \''.$mcd.'\' );"';
+			return '<button TYPE=button id='.$mcd.$onclick.'>'.$icon.'&nbsp;'.hsc($label).'</button>';
+		}
+		echo input_mcd_action($_['Move']  , 'move'  , $ICONS['move']);
+		echo input_mcd_action($_['Copy']  , 'copy'  , $ICONS['copy']);
+		echo input_mcd_action($_['Delete'], 'delete', $ICONS['delete']);
 	}
+	echo '</td><td class="front_links">'."\n\n";
+		
+		echo '<a href="'.$ONESCRIPT.$param1.'&amp;p=newfolder">'.$ICONS['folder_new'].'&nbsp;'.hsc($_['New_Folder']) .'</a>';
+		echo '<a href="'.$ONESCRIPT.$param1.'&amp;p=newfile">'  .$ICONS['file_new']  .'&nbsp;'.hsc($_['New_File'])   .'</a>';
+		echo '<a href="'.$ONESCRIPT.$param1.'&amp;p=upload">'   .$ICONS['upload']    .'&nbsp;'.hsc($_['Upload_File']).'</a>';
+		
+	echo '</td></tr></table>'; //end id=index_page_buttons
 	
-	function input_mcd_action($label, $mcd, $icon="") {
-		$onclick = ' onclick="return Confirm_ready( \''.$mcd.'\' );"';
-		return ' <button TYPE=button class="mcd_submit" id='.$mcd.$onclick.'>'.$icon().' '.hsc($label).'</button>';
-	}
-
-	echo input_mcd_action($_['Move']  , 'move'  , 'svg_icon_ren' );
-	echo input_mcd_action($_['Copy']  , 'copy'  , 'svg_icon_copy');
-	echo input_mcd_action($_['Delete'], 'delete', 'svg_icon_del' );
-
-	echo '<p class="front_links" style="float: right; margin: 0;">';
-		echo '<a href="'.$ONESCRIPT.$param1.'&amp;p=upload">'   .svg_icon_upload()    .hsc($_['Upload_File']).'</a>';
-		echo '<a href="'.$ONESCRIPT.$param1.'&amp;p=newfile">'  .svg_icon_file_new()  .hsc($_['New_File'])   .'</a>';
-	echo '</p><div class=clear></div>';
-
-	echo '</div>'; //end class=action
-
-	Table_of_Files($files, $folders, $R, $C, $D);
+	if ($file_count > 0) { Table_of_Files($full_list); }
 
 	echo '</form>';
-}//end List_Files() //**********************************************************
-
-
-
-
-function Index_Page(){ //*******************************************************
-	global $_, $ONESCRIPT, $ipath, $param1;
-
-	//Get list of files & folders
-	$full_list = scandir('./'.$ipath);
-	natcasesort($full_list);
-
-	//Seperate files & folders
-	$files= array();
-	$folders= array();
-	$F=1; $D=1;  //indexes
-	foreach( $full_list as $item ) {
-		if ( ($item == '.') || ($item == '..')){ continue; }
-		if (is_dir($ipath.$item)){ $folders[$D++] = $item; }
-		else                     { $files[$F++]   = $item; }
-	}
-
-	//List folders
-	echo '<p class="index_folders">';
-		foreach ($folders as $folder) {
-			echo '<a href="'.$ONESCRIPT.'?i='.URLencode_path($ipath.$folder).'/">'."\n";
-			echo svg_icon_folder()."\n";
-			echo hte($folder).' /</a>';
-		}
-	echo '</p>';
-
-	//Upload_New_Rename_Delete_Links
-	echo '<p class="front_links">';
-	echo '<a href="'.$ONESCRIPT.$param1.'&amp;p=newfolder">'.svg_icon_folder_new().hsc($_['New_Folder']) .'</a>';
-	if ($ipath !== "") { //if at root, don't show [Rename] & [Delete] links
-		echo '<a href="'.$ONESCRIPT.$param1.'&amp;p=renamefolder">'.svg_icon_folder_ren().hsc($_['Ren_Folder']).'</a>';
-		echo '<a href="'.$ONESCRIPT.$param1.'&amp;p=copyfolder">'  .svg_icon_folder_cpy().hsc($_['Copy_Folder']).'</a>';
-		echo '<a href="'.$ONESCRIPT.$param1.'&amp;p=deletefolder">'.svg_icon_folder_del().hsc($_['Del_Folder']).'</a>';
-	}
-	echo '</p>';
-
-	List_Files($files,$folders);
-
 }//end Index_Page() //**********************************************************
 
 
@@ -1813,9 +1662,11 @@ function Edit_Page_buttons_top($text_editable,$file_ENC){ //********************
 				<?php echo '&nbsp; '.$file_ENC; ?>
 			</span><br>
 		</div>
-
+		
 		<div class="buttons_right">
-			<input type="button" id="wide_view" class="button" value="<?php echo hsc($_['Wide_View']) ?>" onclick="Wide_View();">
+<?php if ($text_editable) { ?>
+		<input type="button" id="wide_view" class="button" value="<?php echo hsc($_['Wide_View']) ?>" onclick="Wide_View();">
+<?php }?>
 			<input type="button" id="close1" class="button" value="<?php echo hsc($_['Close']) ?>"
 				onclick="parent.location = '<?php echo $ONESCRIPT.$params ?>'">
 			<script>document.getElementById('close1').focus();</script>
@@ -1939,7 +1790,7 @@ function Edit_Page() { //*******************************************************
 	global $_, $filename, $filecontents, $raw_contents, $etypes, $itypes, $MAX_EDIT_SIZE, $MAX_VIEW_SIZE;
 	clearstatcache ();
 
-	//Determine if text editable file type
+	//Determine if a text editable file type
 	$filename_parts = explode(".", strtolower($filename));
 	$ext = end($filename_parts);
 	if ( in_array($ext, $etypes) ) { $text_editable = TRUE;  }
@@ -1960,11 +1811,11 @@ function Edit_Page() { //*******************************************************
 	else                      { $header2 = hsc($_['edit_h2_2']); }
 
 	$too_large_to_edit_message =
-'<b>'.hsc($_['too_large_to_edit_01a']).' '.number_format($MAX_EDIT_SIZE).' '.hsc($_['bytes']).'</b><br>'.
+'<b>'.hsc($_['too_large_to_edit_01']).' '.number_format($MAX_EDIT_SIZE).' '.hsc($_['bytes']).'</b><br>'.
 hsc($_['too_large_to_edit_02']).'<br>'.hsc($_['too_large_to_edit_03']).'<br>'.hsc($_['too_large_to_edit_04']);
 
 	$too_large_to_view_message =
-'<b>'.hsc($_['too_large_to_view_01a']).' '.number_format($MAX_VIEW_SIZE).' '.hsc($_['bytes']).'</b><br>'.
+'<b>'.hsc($_['too_large_to_view_01']).' '.number_format($MAX_VIEW_SIZE).' '.hsc($_['bytes']).'</b><br>'.
 hsc($_['too_large_to_view_02']).'<br>'.hsc($_['too_large_to_view_03']).'<br>';//.hsc($_['too_large_to_view_04']);
 
 	//Preserves vertical spacing when message is blank, so edit area doesn't jump as much.
@@ -1990,7 +1841,7 @@ function Edit_Page() { //*******************************************************
 		$filecontents = hsc(file_get_contents($filename), ENT_COMPAT,'UTF-8');
 		echo '<pre class="edit_disabled view_file">'.$filecontents.'</pre>';
 	}
-}//end Edit_Page //*************************************************************
+}//end Edit_Page() //***********************************************************
 
 
 
@@ -2018,6 +1869,9 @@ function Edit_response(){ //***If on Edit page, and [Save] clicked *************
 function Upload_Page() { //*****************************************************
 	global $_, $ONESCRIPT, $ipath, $param1, $INPUT_NUONCE, $UPLOAD_FIELDS;
 
+	$max_file_uploads = ini_get('max_file_uploads');
+	if ($max_file_uploads < $UPLOAD_FIELDS) { $UPLOAD_FIELDS = $max_file_uploads; }
+
 	echo '<h2>'.hsc($_['Upload_File']).'</h2>';
 	echo '<p>';
 	echo hsc($_['upload_txt_03']).' '.ini_get('upload_max_filesize').' '.hsc($_['upload_txt_01']).'<br>';
@@ -2031,7 +1885,7 @@ function Upload_Page() { //*****************************************************
 			echo '<input type="file" name="upload_file[]" class="upload_file" size="100"><br>'."\n";
 		}
 		
-		Cancel_Submit_Buttons(hsc($_['Upload']),"cancel");
+		Cancel_Submit_Buttons($_['Upload']);
 	echo '</form>';
 
 }//end Upload_Page() //*********************************************************
@@ -2053,11 +1907,11 @@ function Upload_response() { //*************************************************
 		$destination = Check_path($_POST["upload_destination"]);
 		
 		$MAXUP1 = ini_get('upload_max_filesize');
-		$MAXUP2 = ''; //number_format($_POST['MAX_FILE_SIZE']).' '.hsc($_['bytes']);
+		//$MAXUP2 = ''; //number_format($_POST['MAX_FILE_SIZE']).' '.hsc($_['bytes']);
 		$ERROR = $_FILES['upload_file']['error'][$N];
 		
 		if     ( $ERROR == 1 ){ $ERRMSG = hsc($_['upload_err_01']).' upload_max_filesize = '.$MAXUP1;}
-		elseif ( $ERROR == 2 ){ $ERRMSG = hsc($_['upload_err_02']).' MAX_FILE_SIZE = '      .$MAXUP2;}
+		elseif ( $ERROR == 2 ){ $ERRMSG = hsc($_['upload_err_02']); }  //.' MAX_FILE_SIZE = '      .$MAXUP2;}
 		elseif ( $ERROR == 3 ){ $ERRMSG = hsc($_['upload_err_03']); }
 		elseif ( $ERROR == 4 ){ $ERRMSG = hsc($_['upload_err_04']); }
 		elseif ( $ERROR == 5 ){ $ERRMSG = hsc($_['upload_err_05']); }
@@ -2088,30 +1942,30 @@ function Upload_response() { //*************************************************
 
 
 
-function New_File_or_Folder_Page($title, $id) { //******************************
+function New_Page($title, $id) { //*********************************************
 	global $_, $FORM_COMMON, $INVALID_CHARS;
 
 	echo '<h2>'.hte($title).'</h2>';
 	echo $FORM_COMMON;
 		echo '<p>'.hsc($_['new_file_txt_01'].' '.$_['new_file_txt_02']);
 		echo '<span class="mono"> '.hte($INVALID_CHARS).'</span></p>';
-		echo '<input type="text" name="'.$id.'" id="'.$id.'" value="">';
-		Cancel_Submit_Buttons(hsc($_['Create']),$id);
+		echo '<input type="text" name="'.$id.'" id="'.$id.'" value=""><p>';
+		Cancel_Submit_Buttons($_['Create']);
 	echo '</form>';
-}//end New_File_or_Folder_Page() //*********************************************
+}//end New_Page() //************************************************************
 
 
 
 
-function New_File_or_Folder_response($post, $is_file){ //***********************
+function New_response($post, $isfile){ //***************************************
 	global $_, $WEB_ROOT, $ipath, $filename, $page, $param1, $param2, $param3, $message, $EX, $INVALID_CHARS, $WHSPC_SLASH;
 
 	$page      = "index"; //Return to index if folder, or on error.
 
 	$new_name  = trim($_POST["$post"], $WHSPC_SLASH); //Trim whitespace & slashes.
 	
-	if ($is_file) { $filename  = $ipath.$new_name;     }
-	else          { $new_ipath = $ipath.$new_name.'/'; }
+	if ($isfile) { $filename  = $ipath.$new_name;     }
+	else         { $new_ipath = $ipath.$new_name.'/'; }
 
 	$msg_new  = '<span class="filename">'.hte($new_name).'</span><br>';
 
@@ -2125,13 +1979,13 @@ function New_File_or_Folder_response($post, $is_file){ //***********************
 	}elseif (file_exists($filename)) { //Does file or folder already exist ?
 		$message .= $EX.'<b>'.hsc($_['new_file_msg_04']).' '.$msg_new;
 		
-	}elseif ( $is_file && touch($filename) ) { //Create File
+	}elseif ( $isfile && touch($filename) ) { //Create File
 		$message .= '<b>'.hsc($_['new_file_msg_05']).'</b> '.$msg_new; //New File success.
 		$page     = "edit";                                      //Return to edit page.
 		$param2   = '&amp;f='.rawurlencode(basename($filename)); //for Edit_Page() buttons
 		$param3   = '&amp;p=edit';                               //for Edit_Page() buttons
 		
-	}elseif ( !$is_file && mkdir($new_ipath,0755)) { //Create Folder
+	}elseif ( !$isfile && mkdir($new_ipath,0755)) { //Create Folder
 		$message .= '<b>'.hsc($_['new_file_msg_07']).'</b> '.$msg_new; //New folder success
 		$ipath    = $new_ipath;  //return to new folder
 		$param1   = '?i='.URLencode_path($ipath);
@@ -2139,7 +1993,7 @@ function New_File_or_Folder_response($post, $is_file){ //***********************
 	}else{
 		$message .= $EX.'<b>'.hsc($_['new_file_msg_01']).':</b><br>'.$msg_new; //'Error - new file not created:'
 	}
-}//end New_File_or_Folder_response //*******************************************
+}//end New_response //**********************************************************
 
 
 
@@ -2151,14 +2005,10 @@ function Set_Input_width() { //*************************************************
 	// $MAIN_WIDTH may be in em, px, or pt.
 	// Width of 1 character = .625em = 10px = 7.5pt  (1em = 16px = 12pt)
 
-	$label_enc    =  mb_detect_encoding($_['New_Location']); //ASCII? UTF8? etc...
-	$root_enc     =  mb_detect_encoding($WEB_ROOT);          //ASCII? UTF8? etc...
-	$root_width   = (mb_strlen($WEB_ROOT, $root_enc));
-	$label_width1 = (mb_strlen($_['CRM_txt_03'], $label_enc)); // "Old Location"
-	$label_width2 = (mb_strlen($_['New_Location'], $label_enc));
-
-	if ($label_width1 > $label_width2) {$label_width = $label_width1;}
-	else                               {$label_width = $label_width2;}
+	$label_enc   =  mb_detect_encoding($_['New_Location']); //ASCII? UTF8? etc...
+	$root_enc    =  mb_detect_encoding($WEB_ROOT);          //ASCII? UTF8? etc...
+	$root_width  = (mb_strlen($WEB_ROOT, $root_enc));
+	$label_width = (mb_strlen($_['New_Location'], $label_enc));
 
 	$indent       = ($label_width + $root_width + 1 ); // +1 for good measure
 	$main_width   = $MAIN_WIDTH * 1;   //set in config section. Default is 810px.
@@ -2179,12 +2029,13 @@ function Set_Input_width() { //*************************************************
 
 
 
-function CRM_Page($action, $title, $name_id, $isfile) { //**********************
-	//$action = 'Copy' or 'Rename'. $isfile = 1 if acting on a file, not a folder
-	global $_, $WEB_ROOT, $ipath, $filename, $FORM_COMMON;
+function CRM_Page($action, $title, $name_id, $old_name) { //********************
+	//$action = 'Copy' or 'Rename'.
+	global $_, $WEB_ROOT, $ipath, $param1, $filename, $FORM_COMMON;
+
+	$new_name = $old_name; //default
 
-	if ($isfile) { $old_name = $filename; }else{ $old_name = $ipath; }
-	if ($isfile) { $new_name = $filename; }else{ $new_name = $ipath; }
+	if (is_dir($old_name)) { $param1 = '?i='.dir_name($ipath); } //If dir, return to parent on [Cancel]
 
 	Set_Input_width();
 ?>
@@ -2192,24 +2043,15 @@ function CRM_Page($action, $title, $name_id, $isfile) { //**********************
 
 	<?php echo $FORM_COMMON ?>
 		<input type="hidden" name="<?php echo $name_id ?>"  value="<?php echo hsc($name_id); ?>">
-		
-		<label><?php echo hsc($_['CRM_txt_05']) ?>:</label> 
-		<input type=text name=old_name id=old_name class=old_new_name 
-			value="<?php echo hsc(basename($old_name)); ?>" readonly=readonly><br>
-
-		<label><?php echo hsc($_['CRM_txt_03']) ?>:</label>
-		<span class="web_root"><?php echo hte($WEB_ROOT); ?></span><input type=text name=old_location id=old_location 
-			value="<?php echo hsc(dir_name($old_name)); ?>" readonly=readonly><br>
-		<br>
+		<input type="hidden" name=old_name  value="<?php echo hsc($old_name); ?>">
 		<label><?php echo hsc($_['CRM_txt_04']) ?>:</label>
 		<input type=text name=new_name id=new_name class=old_new_name value="<?php echo hsc(basename($new_name)); ?>"><br>
-		
 		<label><?php echo hsc($_['New_Location']) ?>:</label>
 		<span class="web_root"><?php echo hte($WEB_ROOT); ?></span><input type=text
 		name=new_location id=new_location value="<?php echo hsc(dir_name($new_name)); ?>"><br>
-		<p>(<?php echo hsc($_['CRM_txt_02']) ?>)</p>
+		(<?php echo hsc($_['CRM_txt_02']) ?>)
 		
-		<?php Cancel_Submit_Buttons($action, "new_name"); ?>
+		<p><?php Cancel_Submit_Buttons($action); ?>
 	</form>
 <?php
 }//end CRM_Page() //************************************************************
@@ -2222,13 +2064,10 @@ function CRM_response($action, $msg1, $show_message = 3){ //********************
 	//$show_message: 0 = none; 1 = errors only; 2 = successes only; 3 = all messages (default).
 	global $_, $WEB_ROOT, $ipath, $filename, $page, $param1, $param2, $message, $EX, $INVALID_CHARS, $WHSPC_SLASH;
 
-	$old_name_only = trim($_POST["old_name"], $WHSPC_SLASH);     //Trim whitespace & slashes.
-	$old_location  = trim($_POST["old_location"], $WHSPC_SLASH); 
+	$old_name      = trim($_POST["old_name"], $WHSPC_SLASH);     //Trim whitespace & slashes.
 	$new_name_only = trim($_POST["new_name"], $WHSPC_SLASH);
 	$new_location  = trim($_POST['new_location'], $WHSPC_SLASH);
 	if ($new_location != "") { $new_location .= '/'; }
-	if ($old_location != "") { $old_location .= '/'; }
-	$old_name      = $old_location.$old_name_only;
 	$new_name      = $new_location.$new_name_only;
 	$filename      = $old_name; //default if error.
 
@@ -2257,7 +2096,7 @@ function CRM_response($action, $msg1, $show_message = 3){ //********************
 	//Check new location for invalid chars etc.
 	}elseif ( Check_path($new_location,$show_message) === false ) {
 		$bad_name = $new_location;
-	//$new_location must already exist (as a directory)
+	//$new_location must already exist as a directory
 	}elseif ( ($new_location != "") && !is_dir($new_location) ) {
 		$err_msg .= $EX.'<b>'.hsc($msg1.' '.$_['CRM_msg_01']).'</b><br>';
 		$bad_name = $new_location;
@@ -2279,7 +2118,7 @@ function CRM_response($action, $msg1, $show_message = 3){ //********************
 		$err_msg .= $EX.'<b>'.hsc($_['CRM_msg_05'].' '.$msg1).'</b><br>'.$com_msg;
 	}
 	
-	if ($error) { $err_msg .= '<span class="filename">'.hte($bad_name).'</span><br>'; }
+	if ($error && ($bad_name !='' )) { $err_msg .= '<span class="filename">'.hte($bad_name).'</span><br>'; }
 
 	if ( ($show_message & 1) && $error ) { $message .= $err_msg; } //Show error message.
 	if (  $show_message & 2)             { $message .= $scs_msg; } //Show success message.
@@ -2295,42 +2134,10 @@ function CRM_response($action, $msg1, $show_message = 3){ //********************
 
 
 
-function Delete_Page($title, $target){ //***************************************
-	global $_, $WEB_ROOT, $ipath, $filename, $FORM_COMMON, $EX;
-
-	$web_root = ""; $slash = "";
-	if (is_dir($target)) {
-		$web_root = '<span class="web_root">'.hte($WEB_ROOT.dir_name($target)).'</span>';
-		$slash = '/';
-	}
-
-	echo '<h2>'.hsc($title).'</h2>';
-
-	echo $FORM_COMMON;
-		echo '<input type="hidden" name="delete" value="'.hsc($target).'" >';
-		
-		echo '<p>'.$web_root.'<span class="verify_del"><b>'.hte(basename($target)).'</b></span> '.$slash.'</p>';
-		
-		echo '<p><b>'.hsc($_['Are_you_sure']).'</b></p>';
-		Cancel_Submit_Buttons(hsc($_['DELETE']), 'cancel');
-	echo '</form>';
-
-	if (is_dir($target)) {
-		//List Files & Folders in selected folder
-		$full_list = scandir('./'.$ipath);
-		natcasesort($full_list);
-		List_Selected($full_list,$classes="verify_del");
-	}
-	
-}//end Delete_Page() //*********************************************************
-
-
-
-
 function Delete_response($target, $show_message=3) { //*************************
 	global $_, $ipath, $param1, $filename, $param2, $page, $message, $EX;
 
-	if ($target == "") { return 1; } //Currently, prevent delete of entire website.
+	if ($target == "") { return 0; } //Prevent accidental delete of entire website.
 
 	$target = Check_path($target,$show_message); //Make sure $target is within $WEB_ROOT
 	$target = trim($target,'/');
@@ -2348,7 +2155,7 @@ function Delete_response($target, $show_message=3) { //*************************
 		$param2   = "";
 		$error = 0; //0= no error, 1 = an error.
 	}else { //Error
-		$err_msg .= $EX.'<b>'.hsc($_['delete_folder_msg_03']).'</b> <span class="filename">'.hte($target).'</span><br>'; //Error message
+		$err_msg .= $EX.'<b>'.hsc($_['delete_msg_03']).'</b> <span class="filename">'.hte($target).'</span><br>'; //Error message
 		$page = $_SESSION['recent_pages'][1];
 		if ($page == "edit") {
 			$filename = $target;
@@ -2366,10 +2173,17 @@ function Delete_response($target, $show_message=3) { //*************************
 
 
 
-//******************************************************************************
-function MCD_Page($page_title, $action, $classes = '', $focus = 'new_location') {
-	global $_, $WEB_ROOT, $ONESCRIPT, $ipath, $param1, $INPUT_NUONCE;
-	
+function MCD_Page($action, $page_title, $classes = '') { //*********************
+	global $_, $ICONS, $WEB_ROOT, $ONESCRIPT, $ipath, $param1, $filename, $page, $INPUT_NUONCE;
+
+	//Prep for a single file or folder
+	if( $page == "deletefile" || $page == "deletefolder" ){
+		$_POST['mcdaction'] = 'delete'; //set mcdaction != copy or move (see below).
+		
+		if ($page == "deletefile") { $_POST['files'][1]  = basename($filename); }
+		 //If     == deletefolder,   $_POST['files'][1] is set in Verify_Page_Conditions()
+	}
+
 	Set_Input_width();
 
 	echo '<h2>'.hsc($page_title).'</h2>';
@@ -2377,16 +2191,29 @@ function MCD_Page($page_title, $action, $classes = '', $focus = 'new_location')
 	echo '<form method="post" action="'.$ONESCRIPT.$param1.'">'.$INPUT_NUONCE;
 		echo '<input type="hidden" name="'.$action.'" value="'.$action.'">'.PHP_EOL;
 		
-		if (($_POST['mcdaction'] == 'copy') || ($_POST['mcdaction'] == 'move') ) {
-			echo '<label for="new_location">'.hsc($_['New_Location']).'</label> &nbsp; ('.hsc($_['CRM_txt_02']).')<br>';
+		if ( ($_POST['mcdaction'] == 'copy') || ($_POST['mcdaction'] == 'move') ) {
+			echo '<label>'.hsc($_['New_Location']).':</label> ';
 			echo '<span class="web_root">'.hte($WEB_ROOT).'</span>';
 			echo '<input type="text" name="new_location" id="new_location" value="'.hsc($ipath).'">';
+			echo '<p>('.hsc($_['CRM_txt_02']).')</p>';
 		}
-			
+		 
 		echo '<p><b>'.hsc($_['Are_you_sure']).'</b></p>'; //"Are you sure?"
-		Cancel_Submit_Buttons(hsc($page_title), $focus);
+		Cancel_Submit_Buttons($page_title);
 			
-		List_Selected($_POST['files'],$classes,true);
+		//List selected folders & files
+		$full_list = Sort_Seperate($ipath, $_POST['files']);
+		
+		echo '<table class="verify '.$classes.'">';
+		echo '<tr><th>'.$_['Selected_Files'].':</th></tr>'."\n";
+		
+		foreach($full_list as $file) {
+			if (is_dir($ipath.$file)) { echo '<tr><td>'.$ICONS['folder'].'&nbsp;'.hte($file).' /</td></tr>'; }
+			else                      { echo '<tr><td>'.hte($file).'</td></tr>'; }
+			echo '<input type=hidden  name="files[]" value="'.hsc($file).'">'."\n";
+		}
+		
+		echo '</table>';
 	echo '</form>';
 }//end MCD_Page() //************************************************************
 
@@ -2397,34 +2224,25 @@ function MCD_response($action, $msg1, $success_msg = '') { //*******************
 	global $_, $WEB_ROOT, $ipath, $param1, $param2, $param3, $message, $EX, $filename, $WHSPC_SLASH;
 
 	$files    = $_POST['files']; //List of files to delete (path not included)
-	$count    = count($files);
-	$errors   = 0; //number of failed moves or copies
+	$count    = count($files);   //Doesn't include any sub-folders & files.
+	$errors   = 0; //number of failed moves, copies, or deletes - not counting recursion.
 
-	$isfile = 1; //only working with files, not folders.
 	$show_message = 1; //1= show error msg only.
-
-	if ($action == 'delete') {
+	if ($count == 1) {$show_message = 3;} //show error or success msg.
+	
+	if ($action == 'rDel') {
 		foreach ($files as $file){
-			//While unlikely, protect against a malicious attempt
+			//While unlikely, protect against an erroneous attempt
 			if ($file == "") {continue;} //a blank file name would cause $ipath to be deleted.
 			$errors += Delete_response($ipath.$file, $show_message);
 		}
-		
-	}else { //move or copy
+	}else { //move or rCopy
 		$mcd_ipath = $ipath; //CRM_response() changes $ipath to $new_location
 		
-		//Trim whitespace & slashes, leaving only 1 trailing slash.
-		$new_location = trim($_POST['new_location'], $WHSPC_SLASH).'/';
-		if ( Check_path($new_location, $show_message) === false ){
-			$message .= '<span class="filename">'.hte($new_location).'</span><br>';
-			return;
-		}
-		
 		foreach ($files as $file){
-			$_POST['old_name'] = $file;
-			$_POST['old_location'] = $mcd_ipath;
+			$_POST['old_name'] = $mcd_ipath.$file;
 			$_POST['new_name'] = $file;
-			$_POST['new_location'] = $new_location;
+		  //$_POST['new_location'] should already be set by the client.
 			$errors  += CRM_response($action, $msg1, $show_message);
 		}
 	}
@@ -2433,9 +2251,9 @@ function MCD_response($action, $msg1, $success_msg = '') { //*******************
 	
 	if ($errors) { $message .= $EX.' <b>'.$errors.' '.hsc($_['errors']).'.</b> '; }
 	
-	$message .= '<b>'.$successful.' '.hsc($success_msg).'</b><br>';
+	if ($count > 1) {$message .= '<b>'.$successful.' '.hsc($success_msg).'</b><br>';}
 
-	if ($action != 'delete') {
+	if ($action != 'rDel') {
 		if ($successful > 0) { //"From:" & "To:" lines if any successes.
 			$message .= '<div id="message_left"><b>'.hsc($_['From']).'<br>'.hsc($_['To']).'</b></div>';
 			$message .= '<b>:</b><span class="filename"> '.hsc($mcd_ipath).'</span><br>';
@@ -2461,7 +2279,7 @@ function Page_Title(){ //***<title>Page_Title()</title>*************************
 	elseif ($page == "copyfile" )    { return $_['Copy_Files'];    }
 	elseif ($page == "renamefile")   { return $_['Ren_Move'].' '.$_['File'];}
 	elseif ($page == "deletefile")   { return $_['Del_Files'];     }
-	elseif ($page == "deletefolder") { return $_['Del_Folder'];    }
+	elseif ($page == "deletefolder") { return $_['Del_Files'];     }
 	elseif ($page == "newfolder")    { return $_['New_Folder'];    }
 	elseif ($page == "renamefolder") { return $_['Ren_Folder'];    }
 	elseif ($page == "mcdaction" && ($_POST['mcdaction'] == "copy") )   { return $_['Copy_Files'];}
@@ -2483,20 +2301,20 @@ function Load_Selected_Page(){ //***********************************************
 	elseif ($page == "changeun")     { Change_PWUN_Page('un', 'text',     $_['un_change'], $_['un_new'], $_['un_confirm']);}
 	elseif ($page == "edit")         { Edit_Page();  }
 	elseif ($page == "upload")       { Upload_Page();}
-	elseif ($page == "newfile")      { New_File_or_Folder_Page($_['New_File']  , "new_file");     }
-	elseif ($page == "newfolder")    { New_File_or_Folder_Page($_['New_Folder'], "new_folder");   }
-	elseif ($page == "copyfile")     { CRM_Page($_['Copy'],     $_['File']  , 'copy_file'    , 1);}
-	elseif ($page == "copyfolder")   { CRM_Page($_['Copy'],     $_['Folder'], 'copy_folder'  , 0);}
-	elseif ($page == "renamefile")   { CRM_Page($_['Ren_Move'], $_['File']  , 'rename_file'  , 1);}
-	elseif ($page == "renamefolder") { CRM_Page($_['Ren_Move'], $_['Folder'], 'rename_folder', 0);}
-	elseif ($page == "deletefile")   { Delete_Page($_['Del_Files'], $filename);}
-	elseif ($page == "deletefolder") { Delete_Page($_['Del_Folder'],$ipath);}
+	elseif ($page == "newfile")      { New_Page($_['New_File']  , "new_file");  }
+	elseif ($page == "newfolder")    { New_Page($_['New_Folder'], "new_folder");}
+	elseif ($page == "copyfile")     { CRM_Page($_['Copy'],     $_['File']  , 'copy_file'  , $filename);}
+	elseif ($page == "copyfolder")   { CRM_Page($_['Copy'],     $_['Folder'], 'copy_file'  , $ipath);}
+	elseif ($page == "renamefile")   { CRM_Page($_['Ren_Move'], $_['File']  , 'rename_file', $filename);}
+	elseif ($page == "renamefolder") { CRM_Page($_['Ren_Move'], $_['Folder'], 'rename_file', $ipath);}
+	elseif ($page == "deletefile")   { MCD_Page('mcd_del', $_['Del_Files'],'verify_del'); }
+	elseif ($page == "deletefolder") { MCD_Page('mcd_del', $_['Del_Files'],'verify_del'); }
 	elseif ($page == "mcdaction")    {
-		if ($_POST['mcdaction'] == 'move')  { MCD_Page($_['Move_Files'], 'mcd_mov'); }
-		if ($_POST['mcdaction'] == 'copy')  { MCD_Page($_['Copy_Files'], 'mcd_cpy'); }
-		if ($_POST['mcdaction'] == 'delete'){ MCD_Page($_['Del_Files'],  'mcd_del', 'verify_del', 'cancel'); }
+		if ($_POST['mcdaction'] == 'move')  { MCD_Page('mcd_mov', $_['Move_Files']); }
+		if ($_POST['mcdaction'] == 'copy')  { MCD_Page('mcd_cpy', $_['Copy_Files']); }
+		if ($_POST['mcdaction'] == 'delete'){ MCD_Page('mcd_del', $_['Del_Files'], 'verify_del'); }
 	}
-	else                             { Index_Page();          } //default
+	else                             { Index_Page();          } //default if valid session.
 }//end Load_Selected_Page() //**************************************************
 
 
@@ -2507,20 +2325,17 @@ function Respond_to_POST() { //*************************************************
 
 	if (!$VALID_POST) { return; }
 
-	if     (isset($_POST["mcd_mov"]      )) { MCD_response('rename', $_['Ren_Move'], $_['mcd_msg_01']); } //move == rename
-	elseif (isset($_POST["mcd_cpy"]      )) { MCD_response('copy'  , $_['Copy']    , $_['mcd_msg_02']); }
-	elseif (isset($_POST["mcd_del"]      )) { MCD_response('delete', $_['Delete']  , $_['mcd_msg_03']); }
-	elseif (isset($_POST["whattohash"]   )) { Hash_response();           }
-	elseif (isset($_POST["pw"]           )) { Change_PWUN_response('pw', $_['change_pw_02']);}
-	elseif (isset($_POST["un"]           )) { Change_PWUN_response('un', $_['change_un_02']);}
-	elseif (isset($_POST["filename"]     )) { Edit_response();           }
-	elseif (isset($_POST["new_file"]     )) { New_File_or_Folder_response("new_file", 1);}   //1=file
-	elseif (isset($_POST["new_folder"]   )) { New_File_or_Folder_response("new_folder", 0);} //0=folder
-	elseif (isset($_POST["copy_file"]    )) { CRM_response('rCopy' , $_['Copy']   ); }
-	elseif (isset($_POST["rename_file"]  )) { CRM_response('rename', $_['Ren_Move']);}
-	elseif (isset($_POST["copy_folder"]  )) { CRM_response('rCopy' , $_['Copy']   ); }
-	elseif (isset($_POST["rename_folder"])) { CRM_response('rename', $_['Ren_Move']);}
-	elseif (isset($_POST["delete"]       )) { Delete_response($_POST["delete"]); }
+	elseif (isset($_POST['mcd_mov']      )) { MCD_response('rename', $_['Ren_Move'], $_['mcd_msg_01']); } //move == rename
+	elseif (isset($_POST['mcd_cpy']      )) { MCD_response('rCopy' , $_['Copy']    , $_['mcd_msg_02']); }
+	elseif (isset($_POST['mcd_del']      )) { MCD_response('rDel'  , $_['Delete']  , $_['mcd_msg_03']); }
+	elseif (isset($_POST['whattohash']   )) { Hash_response();           }
+	elseif (isset($_POST['pw']           )) { Change_PWUN_response('pw', $_['change_pw_02']);}
+	elseif (isset($_POST['un']           )) { Change_PWUN_response('un', $_['change_un_02']);}
+	elseif (isset($_POST['filename']     )) { Edit_response();           }
+	elseif (isset($_POST['new_file']     )) { New_response('new_file'  , 1);} //1=file
+	elseif (isset($_POST['new_folder']   )) { New_response('new_folder', 0);} //0=folder
+	elseif (isset($_POST['rename_file']  )) { CRM_response('rename', $_['Ren_Move']);}
+	elseif (isset($_POST['copy_file']    )) { CRM_response('rCopy' , $_['Copy']   ); }
 	elseif (isset($_FILES['upload_file']['name']))  { Upload_response(); }
 
 }//end Respond_to_POST() //*****************************************************
@@ -2627,18 +2442,22 @@ function FileTimeStamp(php_filemtime, show_date, show_offset){
 
 function Select_All() {
 
-	select_all_label = document.getElementById('select_all_label');
+	//Does not work in IE with the variable name spelled the same as the Element Id
+	//The dollar sign is a valid character in JS for variable names, and therefore changes the spelling.
+	$select_all_label = document.getElementById('select_all_label');
+
 	var files = document.mcdselect.elements['files[]'];
 	var last  = files.length; //number of files
 	var select_all = document.mcdselect.select_all;
 	
 	if (select_all.checked) {
-		select_all_label.innerHTML = '<?php echo addslashes($_['Clear_All']) ?>';
+		$select_all_label.innerHTML = '<?php echo addslashes($_['Clear_All']) ?>';
 	}else{
-		select_all_label.innerHTML = '<?php echo addslashes($_['Select_All']) ?>';
+		$select_all_label.innerHTML = '<?php echo addslashes($_['Select_All']) ?>';
 	}
-	
-	for (var x = 0; x < last ; x++) { files[x].checked = select_all.checked; }
+
+	//Start x at 1 as files[0] is a dummy <input> used to force an array even if only one file.
+	for (var x = 1; x < last ; x++) { files[x].checked = select_all.checked; }
 }
 
 
@@ -2647,20 +2466,18 @@ function Confirm_ready(action){
 	
 	var files = document.mcdselect.elements['files[]'];
 	var last  = files.length;   //number of files
+	var no_files = true;
+	var f_msg    = "<?php echo addslashes($_['No_files']) ?>";	
 
 	document.mcdselect.mcdaction.value = action; 
 
-	//Clear f_msg if at least one file is checked
-	f_msg = "<?php echo addslashes($_['No_files']) ?>";	
+	//Confirm at least one file is checked
 	for (var x = 0; x < last ; x++) {
-		if (files[x].checked == true) { f_msg = ""; break; }
+		if (files[x].checked) { no_files = false ; break; }
 	}
 
-	//Don't submit form if message is set (no files checked).
-	if ( f_msg != "" ) {
-		alert(f_msg);
-		return false;
-	}
+	//Don't submit form if no files are checked.
+	if ( no_files ) { alert(f_msg); return false; }
 
 	document.mcdselect.submit(); //submit form.
 }
@@ -2672,8 +2489,8 @@ function Confirm_ready(action){
 
 
 function Edit_Page_scripts() { //***********************************************
-	global $_, $MAIN_WIDTH, $WIDE_VIEW_WIDTH;
-	
+	global $_, $MAIN_WIDTH, $WIDE_VIEW_WIDTH, $current_view;
+
 	//Determine edit_view width
 	$current_view = $MAIN_WIDTH;
 	if ( isset($_COOKIE['edit_view']) ) {
@@ -2684,10 +2501,12 @@ function Edit_Page_scripts() { //***********************************************
 ?>
 	<!--======== Provide feedback re: unsaved changes ========-->
 	<script>
+
 	var File_textarea    = document.getElementById('file_contents');
 	var Save_File_button = document.getElementById('save_file');
 	var Reset_button     = document.getElementById('reset');
-	var start_value      = File_textarea.value;
+	
+	if (File_textarea) { var start_value = File_textarea.value; }
 
 	var submitted  = false;
 	var changed    = false;
@@ -2710,7 +2529,7 @@ function Edit_Page_scripts() { //***********************************************
 											    Save_File_button.style.borderColor = "#Faa"; }
 
 
-	Main_div.style.width = "<?php echo $current_view ?>"; //get current width
+	Main_div.style.width = "<?php echo $current_view ?>"; //Set current width
 
 	if ( Main_div.style.width == '<?php echo $WIDE_VIEW_WIDTH ?>' ) {
 		Wide_View_button.value = '<?php echo addslashes($_['Normal_View']) ?>';
@@ -2718,7 +2537,7 @@ function Edit_Page_scripts() { //***********************************************
 
 
 	function Wide_View() {
-		if ( File_textarea != null ) { File_textarea.style.width = '99.8%'; }
+		if ( File_textarea ) { File_textarea.style.width = '99.8%'; }
 		
 		if (Main_div.style.width == '<?php echo $WIDE_VIEW_WIDTH ?>') {
 			Main_div.style.width = main_width_default;
@@ -2847,8 +2666,6 @@ function style_sheet(){ //******************************************************
 th,td { text-align:left; font-weight:400; }
 
 a       { border: 1px solid transparent; color: rgb(100,45,0); text-decoration: none; }
-a:hover { border: 1px solid #807568; background-color: rgb(255,250,150); }
-a:focus { border: 1px solid #807568; background-color: rgb(255,250,150); }
 
 label { font-size : 1em; font-weight: bold; }
 
@@ -2864,7 +2681,7 @@ function style_sheet(){ //******************************************************
 
 .container {
 	border : 0px solid #807568;
-	width  : 810px;
+	width  : 810px;     /*Adjusted by $MAIN_WIDTH config variable*/
 	margin : 0 auto 2em auto;
 	}
 
@@ -2926,29 +2743,23 @@ function style_sheet(){ //******************************************************
 table.index_T {
 	min-width: 30em;
 	font-size: .95em;
-	border         : 1px outset #807568;
+	border         : 1px solid #807568;
 	border-collapse: collapse;
 	margin-bottom: .7em;
-	background-color: #FdFdFd;
+	background-color: #FFF;
 	}
 
-table.index_T tr:hover { border: 1px solid #807568; }
+table.index_T tr:hover {border: 1px solid #333;}
 
-table.index_T td {
-	border        : 1px inset silver;
-	vertical-align: middle;
-	}
+table.index_T td { border : 1px inset silver; vertical-align: middle;}
 
 .index_T td a {
 	display  : block;
-	height   : 1em;
 	border   : none;
-	padding  : .2em .2em .3em .3em;
+	padding  : 2px 4px 2px 4px;
 	overflow : hidden;
 	}
 
-.index_T td a.rcd  { padding: .4em .3em .1em .3em; }
-.index_T td a.rcd1 { padding: .2em .3em .3em .3em; }
 
 .file_name { min-width: 10em; }
 .file_size { min-width:  6em; }
@@ -2963,55 +2774,72 @@ function style_sheet(){ //******************************************************
 	}
 
 
-.index_folders { min-height: 1.7em;  margin-bottom: .2em; }
+/*Index table file select boxes*/
+.ckbox {padding: 2px 4px 0 4px}
+.ckbox:hover { background-color: rgb(255,250,150); }
+.ckbox:focus { background-color: rgb(255,250,150); }
+
 
-.index_folders a {
-	Xborder       : 1px solid #807568;
-	display      : inline-block;
-	line-height  : 1em;
-	font-size    : 1em;
-	margin-right : .6em;
-	margin-bottom: .1em;
-	padding      : 3px .4em 3px 5px; /*TRBL*/
-	}
+#index_page_buttons { width: 100%; margin: 0 0 .3em 0; }
+#index_page_buttons td { vertical-align: bottom; }
 
 
-/*  front_links:  [Upload File] [New File] [New Folder] etc... */
+/*** front_links:  [New File] [New Folder] [Upload File] ***/
+.front_links { text-align:right; }
 
 .front_links a {
 	display: inline-block;
 	border : 1px solid #807568;
 	height      : 1em;
-	font-size   : 1em;
-	margin-right: 1em;
+	font-size   : 1em;  /*Adjusted by langauge files*/
+	margin-left : 1em;  /*Adjusted by langauge files*/
 	padding     : 3px 5px 5px 4px; /*TRBL*/
 	background-color: #EEE;
 	}
 
-.front_links a .icon_fldr {margin : 1.5px 5px 0 0; }
-.front_links a .icon_file {margin : 1.0px 5px 0 0; }
+a:hover { border: 1px solid #807568; background-color: rgb(255,250,150); }
+a:focus { border: 1px solid #807568; background-color: rgb(255,250,150); }
+
+
+/*** Select All [x]  [Move] [Copy] [Delete] ***/
+
+#select_all_label { 
+	display: inline-block;
+	font   : 400 .9em arial;
+	width  : 71px;
+	padding: 2px 0 0 2px;
+	color  : #333;
+	}
+
+#mcd_submit button {
+	height   : 1.55em;
+	cursor   : pointer;
+	border   : 1px solid #807568;
+	padding  : 0px 4px 0px 3px;
+	margin   : 0 0 0 1em;          /*Adjusted by langauge files*/
+	font-size: .9em;
+	color    : rgb(100,45,0);
+	background-color: #EEE;
+	}
 
-.front_links a:hover  { background-color: rgb(255,250,150); }
-.front_links a:focus  { background-color: rgb(255,250,150); }
+#mcd_submit button:hover { background-color: rgb(255,250,150); }
+#mcd_submit button:focus { background-color: rgb(255,250,150); }
 
 
 input[type="text"] {
-	width  : 99.5%;
+	width  : 100%;
 	border : 1px solid #807568;
-	margin : .1em
-	padding: 2px;
+	padding: 1px 1px 1px 0;
 	font   : 1em Courier;
 	}
 
-
 input[type="password"] {
-	border : 1px solid #807568;
-	margin : .1em
-	padding: 2px 0px 2px 2px;
 	width  : 100%;
-	font   : 1em courier;
+	border : 1px solid #807568;
+	padding:0 1px 0 0;
 }
 
+
 input:focus  { background-color: rgb(255,250,150); }
 button:focus { background-color: rgb(255,250,150); }
 
@@ -3032,8 +2860,8 @@ function style_sheet(){ //******************************************************
 	cursor : pointer;
 	border : 1px solid #807568;
 	color  : black;
-	padding    : 4px 10px;
-	font-size  : .9em;
+	padding    : 4px 10px; /*Adjusted by langauge files*/
+	font-size  : .9em;     /*Adjusted by langauge files*/
 	font-family: sans-serif;
 	background-color: #EEE;  /*#d4d4d4*/
 	}
@@ -3075,11 +2903,12 @@ function style_sheet(){ //******************************************************
 	width  : 99%;
 	padding: .2em;
 	margin : .5em 0 .6em 0;
-	background-color: #FFF000; color: #333;
+	color  : #333;
+	background-color: #FFF000;
 	line-height: 1.4em;
 	}
 
-.view_file { font: .9em Courier; background-color: #F8F8F8; }
+.view_file { font: .9em Courier; background-color: #F8F8F8; overflow:hidden}
 
 #file_contents {
 	border: 1px solid #999;
@@ -3103,21 +2932,13 @@ function style_sheet(){ //******************************************************
 .login_page {
 	margin  : 5em auto;
 	border  : 1px solid #807568;
-	padding : .5em 1em .6em 1em;
+	padding : .5em 1.2em .1em 1em;
 	width   : 370px;
 	}
 
 .login_page .nav { margin-top: .5em; }
 
-.login_input {
-	border  : 1px solid #807568;
-	margin-bottom: .6em;
-	padding : 2px 0px 2px 2px;
-	width   : 366px;
-	font    : 1em courier;
-	}
-
-.login_page input[type="text"]{ width   : 364px; }
+.login_page input {margin: 0 0 .7em 0;}
 
 
 hr { /*-- -- -- -- -- -- --*/
@@ -3145,16 +2966,16 @@ function style_sheet(){ //******************************************************
 	}
 
 .verify th {
-	border: 1px solid gray;
-	padding: 0 1em 0 1em;
-	text-align : center;
-	font-weight: 900;
-	font-family: arial;
+	border          : 1px solid gray;
+	padding         : 0 1em 0 1em;
+	text-align      : center;
+	font-weight     : 900;
+	font-family     : arial;
 	background-color: #EEE;
 	}
 
 .verify td {
-	border        : 1px inset silver;
+	border : 1px inset silver;
 	padding: .1em 1em .1em .5em;
 	vertical-align: middle;
 	}
@@ -3172,13 +2993,13 @@ function style_sheet(){ //******************************************************
 
 #admin {padding: .3em;}
 
-.admin_buttons .button { margin-right: .5em; }
+.admin_buttons .button {margin-right: .5em;}
 
 .clear {clear:both; padding: 0; margin: 0; border: none}
 
 .web_root {font: 1em Courier;}
 
-.icon {float: left; margin: 0 .3em 0 0;}
+.icon {float: left;}
 
 .mono {font-family: courier;}
 
@@ -3186,61 +3007,32 @@ function style_sheet(){ //******************************************************
 
 .path {padding: 1px 5px 1px 5px} /*TRBL*/
 
-.timer { border: 1px solid gray; padding: 3px .5em 4px .5em; }
+.timer {border: 1px solid gray; padding: 3px .5em 4px .5em;}
 
-.timeout { float:right; font-size: .95em; color: #333; }
+.timeout {float:right; font-size: .95em; color: #333;}
 
-.edit_btns_top    { margin: .2em 0 .5em 0;}
+.edit_btns_top {margin: .2em 0 .5em 0;}
 
-.image_info {color: #222; font-size: 1em ; margin: .7em 0 1em 0; }
+.image_info {
+	color: #222;
+	font-size: 1em ; /*Adjusted by langauge files*/
+	margin: .7em 0 1em 0;
+	}
 
-.edit_btns_bottom { float: right; }
-.edit_btns_bottom .button { margin-left: .5em; }
+.edit_btns_bottom {float: right;}
+.edit_btns_bottom .button { margin-left: .5em; } /*Adjusted by langauge files*/
 
-input[type="text"].old_new_name {width  : 60%;}
+input[type="text"].old_new_name {width  : 50%; margin-bottom: .2em;}
 
-.old_backup_T { float: left; margin-bottom: .3em; }
+.old_backup_T {float: left; margin-bottom: .3em;}
 
-#del_backup   { float: left; margin-left  :  1em; }
+#del_backup   {float: left; margin-left  :  1em;}
 
 /*** For old IE only: text "icons" for Rename, Copy, and Delete ***/
-.RCD {font: 900 .6em arial; border: 1px solid; padding: 0px 2px 0px 2px;}
-.R   {color: #804000; border-color: #804000}
-.C   {color: #006400; border-color: #006400}
-.D   {color: #a00;    border-color: #a00}
-
-/**/
-.ckbox {padding: 2px 4px 0 4px}
-.ckbox:hover { background-color: rgb(255,250,150); }
-.ckbox:focus { background-color: rgb(255,250,150); }
-
-.action        { margin-bottom: .1em; }
-.action  label {
-	display: inline-block;
-	font: 400 .9em arial;
-	color: #333;
-	}
-
-#select_all { margin: .35em 1em .5em 0; }
-
-#select_all_div {
-	display: inline-block;
-	width  : 71px;
-	padding: 2px 0 0 2px;
-	margin: 0 0 0 0;
-	}
-
-#select_all_label { font-size: .84em;}
-
-.mcd_submit { height: 1.5em;
-	cursor   : pointer;
-	border   : 1px solid #807568;
-	padding  : 0px 8px 0px 2px;
-	margin   : 0 .5em 0 0;
-	font-size: .95em;
-	color           : rgb(100,45,0);
-	background-color: #EEE
-	}
+.RCD1  {font: 900 7pt arial; padding: 0px 3px 0px 3px; margin: 0px; float: left}
+.R    {color: #00a;    border: 1px solid #804000}
+.C    {color: #006400; border: 1px solid #008400}
+.D    {color: #b00;    border: 1px solid #b00}
 </style>
 <?php
 }//end style_sheet() //*********************************************************
@@ -3252,7 +3044,7 @@ function Language_and_config_adjusted_styles() { //*****************************
 	global $_, $MAIN_WIDTH;
 ?>
 <style>
-.container { width: <?php echo $MAIN_WIDTH ?>; } /*Default is 810px*/
+.container { width: <?php echo $MAIN_WIDTH ?>; } /*Default 810px*/
 
 .button {
 	padding  : <?php echo $_['button_padding']   ?>; /*Default 4px 10px */
@@ -3260,20 +3052,20 @@ function Language_and_config_adjusted_styles() { //*****************************
 	}
 
 .front_links a {
-	font-size   : <?php echo $_['front_links_font_size'] ?>; /*Default 1em */
-	margin-right: <?php echo $_['front_links_margin_R']  ?>; /*Default 1em */
+	font-size  : <?php echo $_['front_links_font_size'] ?>; /*Default 1em */
+	margin-left: <?php echo $_['front_links_margin_L']  ?>; /*Default 1em */
 	}
 
-.image_info {				/*Default is 1em*/
-	color: #222; font-size: <?php echo $_['image_info_font_size'] ?>;
-	}
+#mcd_submit button{ margin-left: <?php echo $_['front_links_margin_L']  ?>;} /*Default 1em */
+
+.image_info { font-size: <?php echo $_['image_info_font_size'] ?>; }   /*Default 1em*/
 
 .edit_btns_bottom .button {
-	margin-left: <?php echo $_['button_margin_L'] ?>; /*Default is .5em*/
+	margin-left: <?php echo $_['button_margin_L'] ?>; /*Default .5em*/
 	}
 	
-	#select_all_label { font-size: <?php echo $_['select_all_label_size']?>; }
-	#select_all_div   { width: <?php echo $_['select_all_div_width']?>; }
+#select_all_label { font-size: <?php echo $_['select_all_label_size']?>; } /*Default .84em */
+#select_all_label { width: <?php echo $_['select_all_label_width']?>; }    /*Default 71px  */
 </style>
 <?php
 }//end Language_and_config_adjusted_styles() //*********************************
@@ -3302,6 +3094,8 @@ function Language_and_config_adjusted_styles() { //*****************************
 	$_SESSION['admin_ipath'] = '';
 }
 
+Init_ICONS();
+
 if ($_SESSION['valid']) {
 
 	undo_magic_quotes();
@@ -3312,7 +3106,7 @@ function Language_and_config_adjusted_styles() { //*****************************
 
 	Respond_to_POST();
 
-	Verify_page_conditions();
+	Verify_Page_Conditions();
 
 	Update_Recent_Pages();
 
@@ -3330,6 +3124,7 @@ function Language_and_config_adjusted_styles() { //*****************************
 //Finish up/prepare to send page contents.
 $early_output = ob_get_clean(); // Should be blank unless trouble-shooting.
 header('Content-type: text/html; charset=UTF-8');
+
 //end logic to determine page action *******************************************
 
 
@@ -3338,11 +3133,11 @@ function Language_and_config_adjusted_styles() { //*****************************
 //******************************************************************************
 //Output page contents
 //******************************************************************************
-echo '<!DOCTYPE html>';
-echo '<html><head>';
-echo '<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">';
-echo '<meta name="robots" content="noindex">';
-
+?><!DOCTYPE html>
+<html><head>
+<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
+<meta name="robots" content="noindex">
+<?php
 echo '<title>'.hsc($config_title.' - '.Page_Title()).'</title>';
 
 style_sheet();
@@ -3355,8 +3150,8 @@ function Language_and_config_adjusted_styles() { //*****************************
 
 Error_reporting_and_early_output(1,0);
 
-if (!$_SESSION['valid']){ echo '<div id="main" class="login_page">'; }
-else                    { echo '<div id="main" class="container" >'; }
+if ($_SESSION['valid']) { echo '<div id="main" class="container" >'; }
+else                    { echo '<div id="main" class="login_page">'; }
 
 Page_Header();
 
@@ -3380,5 +3175,5 @@ function Language_and_config_adjusted_styles() { //*****************************
 	echo '<br>';
 }
 
-echo '</div>'; //<!-- end container/login_page -->
+echo '</div>'; //end container/login_page
 echo '</body></html>';
diff --git a/readme.markdown b/readme.markdown
index 628d0f2..6386c2a 100755
--- a/readme.markdown
+++ b/readme.markdown
@@ -1,12 +1,15 @@
-# Current stable version: 3.4.06
+# Current version: 3.4.10
 
-### September 23, 2012  (v3.4.07)
+### October 8, 2012  (v3.4.10)
 
 - Can now delete non-empty folders (just be careful!)
+- Can now copy entire folders.
+- As part of the two changes above, folders are now listed in the main listing ahead of files, instead of displayed across the page beneath the path/to/current/folder header.
 - Consolidated some functions.
-- Minor bug fix & a few misc code improvements.
+- Minor bug fix 
+- Some misc code improvements here & there.
 
-- v3.4.07 has caused no issues on my test machine.  However, since it uses a recursive delete function, you may wish to try it out in a virtual machine or other test environment first.
+- Versions since 3.4.06 have caused no issues on my test machine.  However, since a recursive delete function is now used, you may wish to try it out things out on a virtual machine or other test environment first.
 
 
 ### September 19, 2012
@@ -153,9 +156,9 @@ Now, since there is no database or other means of granular control and access lo
 
 - PHP 5.1+
   (Only tested on versions 5.2.8, 5.2.17, 5.3.3, and 5.4 + )
-- File permission privileges on your host
-- Javascript enabled browswer
-- And a browser that supports inline SVG, but only if you wish to see the icons
+- File permission privileges on your host.
+- Javascript enabled browswer.
+- And -if you wish to see the icons- a browser that supports inline SVG.
   (If your browser doesn't support inline SVG, OneFileCMS will still work, just without any icons.)
 
 ## Credit, License, Et Cetera  
@@ -207,6 +210,19 @@ GENERATE/OUTPUT THE PAGE
 
 ## Change Log
 
+### 3.4.10
+
+- Quite of bit of code consolidation and improvement.
+- Converted svg icons from functions to an array of $ICONS[]
+- Folders are now listed ahead of files in main file list.
+
+### 3.4.09
+
+- Option to copy folders.
+- Consolidated some functions.
+- Removed some svg icons no longer used.
+- The usual "code cleanup" and "tweaked some css"...
+
 ### 3.4.07
 
 - Can now delete non-empty folders (just be careful!)

From 8b5e60788855bd6613d22a4cd565b20a9a59a1ea Mon Sep 17 00:00:00 2001
From: Self-Evident <selfevidenttruths@mail.com>
Date: Tue, 16 Oct 2012 13:00:00 -0400
Subject: [PATCH 150/228] Version 3.4.11 Update_Recent_Pages(): improved &
 simplified a bit. CRM_Page(): stay in php & echo everything in prep for
 future improvements. MCD_response(): Added direct check for new location. In
 main logic section, moved a couple checks to inside of "if
 $_SESSION['valid']... " Updated ES langauge file. Deleted - longer used:   
 $_['No_action']   = 'No action selected.';    $_['Copy_Folder'] = 'Copy
 Folder';    $_['Del_Folder']  = 'Delete Folder';

Version 3.4.09
  (These changes actually included in .10, but were intended to be a sperate commit)
Added Sort_Seperate(): Sort & seperate Folders & Files from a supplied list.
Cancel_Submit_Buttons(): Removed $focus parameter as it's no longer used.
Cancel_Submit_Buttons(): added hsc() to echo of $submit_label,
                         instead of expecting it already hsc()'d.
Upload_Page(): if ($max_file_uploads < $UPLOAD_FIELDS) ...
Renamed New_File_or_Folder_...() to just New_...()
rCopy(): added check to avoid bottomless pit of recursive folders
List_Selected(): removed - consolidated code into MCD_Page() (it's only use)
Consolidated Delete_Page() into MCD_Page().
Load_Selected_Page(): Made cooresponding changes for Delete_Page() -> MCD_Page().
Added $_['rCopy_msg_01'] = 'A folder can not be copied into one of its own sub-folders.';
---
 OneFileCMS.LANG.DE.php |   6 +-
 OneFileCMS.LANG.EN.php |   6 +-
 OneFileCMS.LANG.ES.php | 122 ++++++++++++++++++++---------------------
 onefilecms.php         |  95 +++++++++++++++-----------------
 readme.markdown        |   6 +-
 5 files changed, 109 insertions(+), 126 deletions(-)

diff --git a/OneFileCMS.LANG.DE.php b/OneFileCMS.LANG.DE.php
index 1f0bb14..66a9120 100755
--- a/OneFileCMS.LANG.DE.php
+++ b/OneFileCMS.LANG.DE.php
@@ -1,5 +1,5 @@
 <?php
-// OneFileCMS Language Settings v3.4.10
+// OneFileCMS Language Settings v3.4.11
 
 $_['LANGUAGE'] = 'Deutsch';
 $_['LANG'] = 'DE';
@@ -66,8 +66,6 @@
 $_['Ren_Moved']      = 'Umbenannt / Verschoben';
 $_['New_Folder']     = 'Neuer Ordner';
 $_['Ren_Folder']     = 'Ordner umbenennen/verschieben';
-$_['Copy_Folder']    = 'Ordner kopieren';
-$_['Del_Folder']     = 'Ordner löschen';
 $_['Submit']         = 'Anfrage senden';
 $_['Move_Files']     = 'Datei Verschieben';
 $_['Copy_Files']     = 'Datei Kopieren';
@@ -77,7 +75,6 @@
 $_['Clear_All']      = 'Deaktivieren Sie alle';
 $_['New_Location']   = 'Neuer Ordner';
 $_['No_files']       = 'Keine Dateien ausgewählt.';
-$_['No_action']      = 'Keine Aktion ausgewählt.';
 $_['Not_found']      = 'Nicht gefunden';
 $_['pass_to_hash']   = 'Passwort Streuwert:';
 $_['Generate_Hash']  = 'Streuwert generieren';
@@ -239,4 +236,3 @@
 $_['mcd_msg_01']    = 'Dateien verschoben.';
 $_['mcd_msg_02']    = 'Dateien kopiert.';
 $_['mcd_msg_03']    = 'Dateien gelöscht.';
-
diff --git a/OneFileCMS.LANG.EN.php b/OneFileCMS.LANG.EN.php
index 47e74df..c6dc167 100755
--- a/OneFileCMS.LANG.EN.php
+++ b/OneFileCMS.LANG.EN.php
@@ -1,5 +1,5 @@
 <?php
-// OneFileCMS Language Settings v3.4.10
+// OneFileCMS Language Settings v3.4.11
 
 $_['LANGUAGE'] = 'English'; //EN
 $_['LANG'] = 'EN';
@@ -66,8 +66,6 @@
 $_['Ren_Moved']      = 'Renamed / Moved';
 $_['New_Folder']     = 'New Folder';
 $_['Ren_Folder']     = 'Rename / Move Folder';
-$_['Copy_Folder']    = 'Copy Folder';
-$_['Del_Folder']     = 'Delete Folder';
 $_['Submit']         = 'Submit Request';
 $_['Move_Files']     = 'Move File(s)';
 $_['Copy_Files']     = 'Copy File(s)';
@@ -77,7 +75,6 @@
 $_['Clear_All']      = 'Clear All';
 $_['New_Location']   = 'New Location';
 $_['No_files']       = 'No files selected.';
-$_['No_action']      = 'No action selected.';
 $_['Not_found']      = 'Not found';
 $_['pass_to_hash']   = 'Password to hash:';
 $_['Generate_Hash']  = 'Generate Hash';
@@ -239,4 +236,3 @@
 $_['mcd_msg_01']    = 'files moved.';
 $_['mcd_msg_02']    = 'files copied.';
 $_['mcd_msg_03']    = 'files deleted.';
-
diff --git a/OneFileCMS.LANG.ES.php b/OneFileCMS.LANG.ES.php
index 5528df1..7ab2263 100755
--- a/OneFileCMS.LANG.ES.php
+++ b/OneFileCMS.LANG.ES.php
@@ -1,5 +1,5 @@
 <?php
-// OneFileCMS Language Settings v3.4.10
+// OneFileCMS Language Settings v3.4.11
 
 $_['LANGUAGE'] = 'Espanõla';
 $_['LANG'] = 'ES';
@@ -50,61 +50,58 @@
 
 $_['Password']   = 'contraseña';
 $_['Rename']     = 'Renombrar';
-$_['successful'] = 'exitoso';
-$_['To']         = 'A';
+$_['successful'] = 'satisfactoriamente';
+$_['To']         = 'Hacia';
 $_['Upload']     = 'Subir';
-$_['Username']   = 'Nombre de usuario';
+$_['Username']   = 'Usuario';
 $_['Log_In']     = 'Iniciar Sesión';
 $_['Log_Out']    = 'Cerrar Sesión';
 
-$_['Admin_Options']  = 'Las opciones de configuración';
+$_['Admin_Options']  = 'Opciones de Administración';
 $_['Are_you_sure']   = '¿Estás seguro?';
 $_['Edit_View']      = 'Editar / Ver Archivo';
 $_['Upload_File']    = 'Subir Archivo';
 $_['New_File']       = 'Archivo Nuevo';
 $_['Ren_Move']       = 'Renombrar / Mover';
-$_['Ren_Moved']      = 'Renombrado/Movido';
+$_['Ren_Moved']      = 'Renombrado / Movido';
 $_['New_Folder']     = 'Carpeta Nueva';
 $_['Ren_Folder']     = 'Renombrar / Mover Carpeta';
-$_['Copy_Folder']    = 'Copia la carpeta';
-$_['Del_Folder']     = 'Eliminar carpeta';
-$_['Submit']         = 'Enviar solicitud';
+$_['Submit']         = 'Cargar';
 $_['Move_Files']     = 'Mover archivo(s)';
 $_['Copy_Files']     = 'Copiar archivo(s)';
-$_['Del_Files']      = 'Elimine los archivo(s)';
-$_['Selected_Files'] = 'Los archivos seleccionados';
-$_['Select_All']     = 'Seleccionar todo';
-$_['Clear_All']      = 'Deseleccionar todo';
-$_['New_Location']   = 'Carpeta Nuevo';
-$_['No_files']       = 'No hay archivos seleccionados.';
-$_['No_action']      = 'Ninguna acción seleccionada.';
-$_['Not_found']      = 'No se ha encontrado';
-$_['pass_to_hash']   = 'Contraseña para calcular el hash:';
-$_['Generate_Hash']  = 'Generar Cadena';
+$_['Del_Files']      = 'Eliminar Archivo(s)';
+$_['Selected_Files'] = 'Seleccionar Archivos';
+$_['Select_All']     = 'Seleccionar Todos';
+$_['Clear_All']      = 'Limpiar';
+$_['New_Location']   = 'Nueva Posición';
+$_['No_files']       = 'No se seleccionó ningún archivo.';
+$_['Not_found']      = 'No encontrado';
+$_['pass_to_hash']   = 'Contraseña del Hash:';
+$_['Generate_Hash']  = 'Generar Hash';
 
 $_['save_1']      = 'Guardar';
 $_['save_2']      = '¡GUARDAR CAMBIOS!';
 $_['reset']       = 'Reiniciar - perder los cambios';
 $_['Wide_View']   = 'Vista Ampliada';
 $_['Normal_View'] = 'Vista Normal';
-$_['Open_View']   = 'Abrir/Ver en la ventana del navegador';
+$_['Open_View']   = 'Abrir/Ver en una ventana del navegador';
 
 $_['verify_msg_01']     = 'Sesión expirada.';
 $_['verify_msg_02']     = 'POST INVÁLIDO';
 $_['get_get_msg_01']    = 'El archivo no existe:';
-$_['get_get_msg_02']    = 'Solicitud de página no válido:';
-$_['check_path_msg_02'] = '"." or ".." segmentos de carpeta no permitido.';
-$_['check_path_msg_03'] = 'nombre de la carpeta o archivo contiene un carácter no válido:';
+$_['get_get_msg_02']    = 'Página requerida inválida:';
+$_['check_path_msg_02'] = '"." o ".." como segmentos no son permitidos.';
+$_['check_path_msg_03'] = 'La dirección o el archivo contienen caracteres inválidos:';
 $_['ord_msg_01']        = 'Un archivo con ese mismo nombre ya existe en el directorio asignado.';
 $_['ord_msg_02']        = 'Guardando como';
 $_['rCopy_msg_01']      = 'Una carpeta no se puede copiar en uno de sus propios sub-carpetas.';
 $_['show_img_msg_01']   = 'Imagen mostrada a ~';
-$_['show_img_msg_02']   = '% del tamaño (W x H =';
+$_['show_img_msg_02']   = '% del tamaño (Ancho x Alto =';
 
-$_['hash_txt_01'] = 'Los valores cadena generados por esta página puede ser utilizada para actualizar manualmente $ HASHWORD en OneFileCMS, o en un archivo de configuración externo. En cualquier caso, asegúrese de recordar la contraseña utilizada para generar el cadena!';
+$_['hash_txt_01'] = 'Las cadenas generadas por esta página pueden ser usadas para cambiar de forma manual la variable $HASHWORD en OneFileCMS, o en un archivo de configuración externo. De cualquier forma, ¡asegúrese de recordar la contraseña que usó para generar el hash (cadena)!';
 $_['hash_txt_06'] = 'Ingresá la contraseña que quieras en la caja de texto siguiente y presioná enter.';
 $_['hash_txt_07'] = 'La cadena se mostrará en un mensaje amarillo.';
-$_['hash_txt_08'] = 'Copiá y pegá esa cadena a la variable $HASHWORD en la sección de configuración.';
+$_['hash_txt_08'] = 'Copiá y pegue esa cadena a la variable $HASHWORD en la sección de configuración.';
 $_['hash_txt_09'] = 'Asegurate de copiar TODO y SÓLO la cadena (sin dejar espacios en blanco o demás).';
 $_['hash_txt_10'] = 'Haciendo doble click debería seleccionarlo...';
 $_['hash_txt_12'] = 'Cuando estés listo, deslogueate y volvé a loguearte.';
@@ -131,7 +128,7 @@
 $_['edit_txt_03'] = 'htmlspecialchars() devolvió una cadena vacía de lo que debería ser un archivo válido.';
 $_['edit_txt_04'] = 'Este comportamiento puede ser inconsistente de versión a versión de PHP.';
 
-$_['too_large_to_edit_01'] = 'Editar desactivado. Tamaño de archivo >';
+$_['too_large_to_edit_01'] = 'Edición deshabilita. Tamaño >';
 $_['too_large_to_edit_02'] = 'Algunos navegadores (por ej.: IE) se vuelven inestables cuando se edita un texto largo dentro de un <textarea>.';
 $_['too_large_to_edit_03'] = 'Ajustá la variable $MAX_EDIT_SIZE en la sección de configuración de OneFileCMS como sea necesario.';
 $_['too_large_to_edit_04'] = 'Una simple prueba puede dar con el resultado necesario.';
@@ -148,11 +145,11 @@
 
 $_['upload_txt_03']  = 'Nota: El tamaño máximo de subida es de:';
 $_['upload_txt_01']  = 'por upload_max_filesize en php.ini.';
-$_['upload_txt_04']  = 'El tamaño máximo de carga total de:';
+$_['upload_txt_04']  = 'Tamaño total de la subida:';
 $_['upload_txt_02']  = 'por post_max_size en php.ini';
 
-$_['upload_err_01']  = 'Error 1: El archivo es demasiado grande. de php.ini:';
-$_['upload_err_02']  = 'Error 2: El archivo es demasiado grande. (MAX_FILE_SIZE HTML form element)';
+$_['upload_err_01']  = 'Error 1: Archivo demasiado pesado. Desde php.ini:';
+$_['upload_err_02']  = 'Error 2: Archivo muy grande. (MAX_FILE_SIZE HTML form element)';
 $_['upload_err_03']  = 'Error 3: El archivo se subió sólo parcialmente.';
 $_['upload_err_04']  = 'Error 4: No se subió ningún archivo.';
 $_['upload_err_05']  = 'Error 5: ';
@@ -177,13 +174,13 @@
 $_['new_file_msg_07'] = 'Carpeta creado:';
 
 $_['CRM_txt_02']  = 'La nueva localización debe existir.';
-$_['CRM_txt_04']  = 'Nombre Nuevo';
+$_['CRM_txt_04']  = 'Nuevo Nombre';
 $_['CRM_msg_01']  = 'Error - la localización padre no existe:';
 $_['CRM_msg_02']  = 'Error - el archivo inicial no existe:';
 $_['CRM_msg_03']  = 'Error - el archivo de objetivo no existe:';
-$_['CRM_msg_05']  = 'Error durante la';
+$_['CRM_msg_05']  = 'Error en';
 
-$_['delete_msg_03']   = 'Eliminar error:';
+$_['delete_msg_03']   = 'Error eliminando';
 $_['session_warning'] = 'Advertencia: ¡La sesión terminará pronto!';
 $_['session_expired'] = 'SESIÓN TERMINADA';
 $_['unload_unsaved']  = '                 ¡Los cambios no guardados se perderán!';
@@ -204,39 +201,38 @@
 $_['error_reporting_05'] = 'Unexpected early output';   //## NT ##
 $_['error_reporting_06'] = '(nothing, not even white-space, should have been output yet)'; //## NT ##
 
-$_['admin_txt_00'] = 'Archivo de copia de seguridad antiguo encontrado.';
-$_['admin_txt_01'] = 'Este archivo se creó en caso de un error durante un cambio de nombre de usuario o contraseña. Por lo tanto, puede contener información antigua y debe ser eliminada si no es necesario. En cualquier caso, automáticamente se sobrescribe en la próxima contraseña o cambiar nombre de usuario.';
-$_['admin_txt_02'] = 'Información general';
+$_['admin_txt_00'] = 'Backup Antiguo Encontrado.';
+$_['admin_txt_01'] = 'Este archivo fue creado en caso de error en caso de cambio fallido de usuario y contraseña. Por ello, puede contener información vieja y debería ser eliminado si no es necesario. De cualquier forma, se sobreescribirá automáticamente en el siguiente cambio de contraseña o usuario.';
+$_['admin_txt_02'] = 'Información General';
 $_['admin_txt_14'] = 'Para otro tip de seguridad, cambiá la llave de seguridad y/o el método usado por OneFileCMS para almacenar la clave (y mantenelo en secreto, obviamente).  Acordate, cada granito ayuda...';
 $_['admin_txt_16'] = 'Podés usar OneFileCMS para editarlo. Sin embargo, asegurate de hacer un backup...';
 
-$_['pw_change']  = 'Cambiar contraseña';
+$_['pw_change']  = 'Cambiar Contraseña';
 $_['pw_current'] = 'Contraseña actual';
 $_['pw_new']     = 'Nueva contraseña';
-$_['pw_confirm'] = 'Confirmar nueva contraseña';
-
-$_['pw_txt_02'] = 'Reglas de contraseña y de usuario:';
-$_['pw_txt_04'] = 'Mayúsculas y minúsculas: "A" is not "a"';
-$_['pw_txt_06'] = 'Debe contener al menos un carácter de espacio no-.';
-$_['pw_txt_08'] = 'Puede contener espacios en el medio. Ejemplo: "Esta es una contraseña o nombre de usuario!""';
-$_['pw_txt_10'] = 'Espacios iniciales y finales son ignorados.';
-$_['pw_txt_12'] = 'En registrando el cambio, sólo un archivo se actualiza: o bien la copia activa de OneFileCMS, o, si se especifica, un archivo de configuración externo.';
-$_['pw_txt_14'] = 'Si una contraseña de corriente incorrecto, que se cerrará la sesión, pero es posible que vuelva a entrar.';
-
-$_['change_pw_01'] = 'ontraseña cambiada!';
-$_['change_pw_02'] = 'Contraseña no se cambia:';
-$_['change_pw_03'] = 'Contraseña actual es incorrecto. Inicie sesión para intentarlo de nuevo.';
-$_['change_pw_04'] = '"Nuevo" y "Confirm New" valores no coinciden.';
-$_['change_pw_05'] = 'Actualización de';
-$_['change_pw_06'] = 'archivo de configuración externo';
-
-$_['un_change']     = 'Cambiar Nombre de usuario';
+$_['pw_confirm'] = 'Confirmar Contraseña Nueva';
+
+$_['pw_txt_02'] = 'Reglas de Usuario / Contraseña:';
+$_['pw_txt_04'] = '¡Se hace diferencia entre mayúsculas y minúsculas!  "A" =/= "a"';
+$_['pw_txt_06'] = 'deben tener al menos un caracter.';
+$_['pw_txt_08'] = 'Deben tener espacios en el medio. Por ejemplo: "¡Esta es una contraseña o usuario!"';
+$_['pw_txt_10'] = 'Los espacios al inicio o al final serán eliminados.';
+$_['pw_txt_12'] = 'Para guardar el cambio, sólo un archivo es actualizado: la copia activa de OneFileCMS, o, si fue especificado, un archivo de configuración externa.';
+$_['pw_txt_14'] = 'Si se ingresa la contraseña actual de forma incorrecta, serás deslogueado y tendrás que volver a loguearte.';
+
+$_['change_pw_01'] = '¡Contraseña Cambiada!';
+$_['change_pw_02'] = 'Contraseña NO cambiada:';
+$_['change_pw_03'] = 'Contraseña anterior inválida. Logueate e intenta de nuevo.';
+$_['change_pw_04'] = 'La contraseña y su confirmación no coinciden.';
+$_['change_pw_05'] = 'Actualizando';
+$_['change_pw_06'] = 'archivo de configuración externa';
+
+$_['un_change']     = 'Cambiar Nombre de Usuario';
 $_['un_new']        = 'Nuevo Usuario';
-$_['un_confirm']    = 'Confirme Usuario Nuevo';
-$_['change_un_01']  = 'Nombre cambiado!';
-$_['change_un_02']  = 'Nombre de usuario no cambia:';
-$_['update_failed'] = 'Ha fallado la actualización - no pudo guardar el archivo.';
-$_['mcd_msg_01']    = 'archivos movidos.';
-$_['mcd_msg_02']    = 'archivos copiados.';
-$_['mcd_msg_03']    = 'archivos borrados.';
-
+$_['un_confirm']    = 'Confirmar Nuevo Nombre de Usuario';
+$_['change_un_01']  = '¡Nombre de Usuario Actualizado!';
+$_['change_un_02']  = 'Nombre de Usuario NO Actualizado:';
+$_['update_failed'] = 'Actualización fallida. No se pudo guardar el archivo.';
+$_['mcd_msg_01']    = 'archivos movidos satisfactoriamente.';
+$_['mcd_msg_02']    = 'archivos copiados satisfactoriamente.';
+$_['mcd_msg_03']    = 'archivos eliminados satisfactoriamente.';
diff --git a/onefilecms.php b/onefilecms.php
index d72aff9..f5a3704 100755
--- a/onefilecms.php
+++ b/onefilecms.php
@@ -1,7 +1,7 @@
 <?php
 // OneFileCMS - github.com/Self-Evident/OneFileCMS
 
-$OFCMS_version = '3.4.10';
+$OFCMS_version = '3.4.11';
 
 /*******************************************************************************
 Copyright © 2009-2012 https://github.com/rocktronica
@@ -59,7 +59,7 @@
 
 $MAX_ATTEMPTS  = 3;   //Max failed login attempts before LOGIN_DELAY starts.
 $LOGIN_DELAY   = 10;  //In seconds.
-$MAX_IDLE_TIME = 600; //In seconds. 600 = 10 minutes.  Other PHP settings may limit its max effective value.
+$MAX_IDLE_TIME       = 600; //In seconds. 600 = 10 minutes.  Other PHP settings may limit its max effective value.
 					  //  For instance, 24 minutes is the PHP default for garbage collection.
 
 $MAIN_WIDTH    = '810px'; //Width of main <div> defining page layout.
@@ -237,8 +237,6 @@ function Default_Language() { // ***********************************************
 $_['Ren_Moved']      = 'Renamed / Moved';
 $_['New_Folder']     = 'New Folder';
 $_['Ren_Folder']     = 'Rename / Move Folder';
-$_['Copy_Folder']    = 'Copy Folder';
-$_['Del_Folder']     = 'Delete Folder';
 $_['Submit']         = 'Submit Request';
 $_['Move_Files']     = 'Move File(s)';
 $_['Copy_Files']     = 'Copy File(s)';
@@ -248,7 +246,6 @@ function Default_Language() { // ***********************************************
 $_['Clear_All']      = 'Clear All';
 $_['New_Location']   = 'New Location';
 $_['No_files']       = 'No files selected.';
-$_['No_action']      = 'No action selected.';
 $_['Not_found']      = 'Not found';
 $_['pass_to_hash']   = 'Password to hash:';
 $_['Generate_Hash']  = 'Generate Hash';
@@ -531,28 +528,20 @@ function Error_reporting_and_early_output($show_status = 0, $show_types = 0) {//
 
 
 function Update_Recent_Pages() { //*********************************************
-	global $page;
+	global $page, $message;
 
-	$recent_pages = array("");
-	$pages = 0; //Index to recent_page
-	
 	if (!isset($_SESSION['recent_pages'])) { $_SESSION['recent_pages'] = array(""); }
-	$pages = count($_SESSION['recent_pages']) - 1;
-
-	//Re-reverse so index [0] is oldest page (reversed at end of function)
-	$_SESSION['recent_pages'] = array_reverse($_SESSION['recent_pages']);
+	$pages = count($_SESSION['recent_pages']);
 
 	//Only update if actually a new page
-	if ( $page != $_SESSION['recent_pages'][$pages] ) {
-		$_SESSION['recent_pages'][$pages+1] = $page;
+	if ( $page != $_SESSION['recent_pages'][0] ) {
+		array_unshift($_SESSION['recent_pages'], $page);
 		$pages = count($_SESSION['recent_pages']);
 	}
 
 	//Only need 3 most recent pages (increase if needed)
-	if ($pages > 3) { array_shift($_SESSION['recent_pages']); }
+	if ($pages > 3) { array_pop($_SESSION['recent_pages']); }
 
-	//Reverse order so index [0] is the current page
-	$_SESSION['recent_pages'] = array_reverse($_SESSION['recent_pages']);
 
 }//end Update_Recent_Pages() //*************************************************
 
@@ -2038,22 +2027,21 @@ function CRM_Page($action, $title, $name_id, $old_name) { //********************
 	if (is_dir($old_name)) { $param1 = '?i='.dir_name($ipath); } //If dir, return to parent on [Cancel]
 
 	Set_Input_width();
-?>
-	<h2><?php echo hsc($action.' '.$title) ?></h2>
-
-	<?php echo $FORM_COMMON ?>
-		<input type="hidden" name="<?php echo $name_id ?>"  value="<?php echo hsc($name_id); ?>">
-		<input type="hidden" name=old_name  value="<?php echo hsc($old_name); ?>">
-		<label><?php echo hsc($_['CRM_txt_04']) ?>:</label>
-		<input type=text name=new_name id=new_name class=old_new_name value="<?php echo hsc(basename($new_name)); ?>"><br>
-		<label><?php echo hsc($_['New_Location']) ?>:</label>
-		<span class="web_root"><?php echo hte($WEB_ROOT); ?></span><input type=text
-		name=new_location id=new_location value="<?php echo hsc(dir_name($new_name)); ?>"><br>
-		(<?php echo hsc($_['CRM_txt_02']) ?>)
-		
-		<p><?php Cancel_Submit_Buttons($action); ?>
-	</form>
-<?php
+
+	echo '<h2>'.hsc($action.' '.$title).'</h2>';
+
+	echo $FORM_COMMON;
+		echo '<input type="hidden" name="'.$name_id.'"  value="'.hsc($name_id).'">';
+		echo '<input type="hidden" name=old_name  value="'.hsc($old_name).'">';
+		echo '<label>'.hsc($_['CRM_txt_04']).':</label>';
+		echo '<input type=text name=new_name id=new_name class=old_new_name value="'.hsc(basename($new_name)).'"><br>';
+		echo '<label>'.hsc($_['New_Location']).':</label>';
+		echo '<span class="web_root">'.hte($WEB_ROOT).'</span>';
+		echo '<input type=text name=new_location id=new_location value="'.hsc(dir_name($new_name)).'"><br>';
+		echo '('.hsc($_['CRM_txt_02']).')<p>';
+		Cancel_Submit_Buttons($action);
+	echo '</form>';
+
 }//end CRM_Page() //************************************************************
 
 
@@ -2124,7 +2112,7 @@ function CRM_response($action, $msg1, $show_message = 3){ //********************
 	if (  $show_message & 2)             { $message .= $scs_msg; } //Show success message.
 
 	//Prior page should be either index or edit
-	$page = $_SESSION["recent_pages"][1];
+	$page = $_SESSION['recent_pages'][1];
 	$param1 = '?i='.URLencode_path($ipath);
 	if ($isfile & $page == "edit") {$param2 = '&amp;f='.rawurlencode(basename($filename));}
 
@@ -2181,7 +2169,7 @@ function MCD_Page($action, $page_title, $classes = '') { //*********************
 		$_POST['mcdaction'] = 'delete'; //set mcdaction != copy or move (see below).
 		
 		if ($page == "deletefile") { $_POST['files'][1]  = basename($filename); }
-		 //If     == deletefolder,   $_POST['files'][1] is set in Verify_Page_Conditions()
+	  //If  $page == deletefolder,   $_POST['files'][1] is set in Verify_Page_Conditions()
 	}
 
 	Set_Input_width();
@@ -2198,7 +2186,7 @@ function MCD_Page($action, $page_title, $classes = '') { //*********************
 			echo '<p>('.hsc($_['CRM_txt_02']).')</p>';
 		}
 		 
-		echo '<p><b>'.hsc($_['Are_you_sure']).'</b></p>'; //"Are you sure?"
+		echo '<p><b>'.hsc($_['Are_you_sure']).'</b></p>';
 		Cancel_Submit_Buttons($page_title);
 			
 		//List selected folders & files
@@ -2221,7 +2209,7 @@ function MCD_Page($action, $page_title, $classes = '') { //*********************
 
 
 function MCD_response($action, $msg1, $success_msg = '') { //*******************
-	global $_, $WEB_ROOT, $ipath, $param1, $param2, $param3, $message, $EX, $filename, $WHSPC_SLASH;
+	global $_, $WEB_ROOT, $ipath, $filename, $EX, $message, $WHSPC_SLASH;
 
 	$files    = $_POST['files']; //List of files to delete (path not included)
 	$count    = count($files);   //Doesn't include any sub-folders & files.
@@ -2232,17 +2220,20 @@ function MCD_response($action, $msg1, $success_msg = '') { //*******************
 	
 	if ($action == 'rDel') {
 		foreach ($files as $file){
-			//While unlikely, protect against an erroneous attempt
 			if ($file == "") {continue;} //a blank file name would cause $ipath to be deleted.
 			$errors += Delete_response($ipath.$file, $show_message);
 		}
+	}elseif ( ($_POST['new_location'] != "") && !is_dir($_POST['new_location']) ) {
+		$message .= $EX.'<b>'.$msg1.' '.$_['CRM_msg_01'].'</b><br>';
+		$message .= '<span class="filename">'.hte($_POST['new_location']).'/</span><br>';
+		return;
 	}else { //move or rCopy
 		$mcd_ipath = $ipath; //CRM_response() changes $ipath to $new_location
 		
 		foreach ($files as $file){
 			$_POST['old_name'] = $mcd_ipath.$file;
 			$_POST['new_name'] = $file;
-		  //$_POST['new_location'] should already be set by the client.
+		  //$_POST['new_location'] should already be set by the client ( via MCD_Page() ).
 			$errors  += CRM_response($action, $msg1, $show_message);
 		}
 	}
@@ -2930,10 +2921,10 @@ function style_sheet(){ //******************************************************
 /* --- log in --- */
 
 .login_page {
-	margin  : 5em auto;
 	border  : 1px solid #807568;
-	padding : .5em 1.2em .1em 1em;
 	width   : 370px;
+	margin  : 5em auto;
+	padding : .5em 1.2em .1em 1em;
 	}
 
 .login_page .nav { margin-top: .5em; }
@@ -3109,17 +3100,17 @@ function Language_and_config_adjusted_styles() { //*****************************
 	Verify_Page_Conditions();
 
 	Update_Recent_Pages();
+	
+	//Used to disable some options if editing OneFileCMS itself.
+	$Editing_OFCMS = false;
+	if ( isset($filename) && ($filename == trim(rawurldecode($ONESCRIPT), '/')) ) { $Editing_OFCMS = true; }
 
-}//end if $_SESSION[valid] 
-
-//Used to disable some options if editing OneFileCMS itself.
-$Editing_OFCMS = false;
-if ( isset($filename) && ($filename == trim(rawurldecode($ONESCRIPT), '/')) ) { $Editing_OFCMS = true; }
+	//Don't show path header on some pages.
+	$Show_Path = true;
+	$pages_dont_show_path = array("login","admin","hash","changepw","changeun");
+	if ( in_array($page, $pages_dont_show_path) ){ $Show_Path = false; } //
 
-//Don't show path header on some pages.
-$Show_Path = true;
-$pages_dont_show_path = array("login","admin","hash","changepw","changeun");
-if ( in_array($page, $pages_dont_show_path) ){ $Show_Path = false; } //
+}//end if $_SESSION[valid] 
 
 //Finish up/prepare to send page contents.
 $early_output = ob_get_clean(); // Should be blank unless trouble-shooting.
@@ -3155,7 +3146,7 @@ function Language_and_config_adjusted_styles() { //*****************************
 
 Page_Header();
 
-if ($Show_Path) { Current_Path_Header(); }
+if ($_SESSION['valid'] && $Show_Path) { Current_Path_Header(); }
 
 message_box();
 
diff --git a/readme.markdown b/readme.markdown
index 6386c2a..76ec81b 100755
--- a/readme.markdown
+++ b/readme.markdown
@@ -1,4 +1,8 @@
-# Current version: 3.4.10
+# Current version: 3.4.11
+
+### October 8, 2012  (v3.4.11)
+
+- Just a few code tweaks & improvements.
 
 ### October 8, 2012  (v3.4.10)
 

From d80281eebcb74614a6e0d7afe3d1a33bd219f858 Mon Sep 17 00:00:00 2001
From: supersymmetry <maildumpert@gmail.com>
Date: Fri, 19 Oct 2012 18:31:50 +0200
Subject: [PATCH 151/228] translated OneFileCMS to Dutch

---
 OneFileCMS.LANG.NL.php | 238 +++++++++++++++++++++++++++++++++++++++++
 1 file changed, 238 insertions(+)
 create mode 100755 OneFileCMS.LANG.NL.php

diff --git a/OneFileCMS.LANG.NL.php b/OneFileCMS.LANG.NL.php
new file mode 100755
index 0000000..2c7de7f
--- /dev/null
+++ b/OneFileCMS.LANG.NL.php
@@ -0,0 +1,238 @@
+<?php
+// OneFileCMS Language Settings v3.4.11
+
+$_['LANGUAGE'] = 'Dutch (Nederlands)'; //NL
+$_['LANG'] = 'NL';
+
+// If no translation or value is desired for a particular setting, do not delete
+// the actual setting variable, just set it to an empty string.
+// For example:  $_['some_unused_setting'] = '';
+//
+// Remember to slash-escape any single quotes that may be within the text:  \'
+// The back-slash itself may or may not also need to be escaped:  \\
+//
+// If present as a trailing comment, "## NT ##" means 'Need Translation'.
+//
+// In some instances, some langauges may use significantly longer words or phrases than others.
+// So, a smaller font or less spacing may be desirable in those places to preserve page layout.
+//
+$_['front_links_font_size']  = '1.0em';  //Buttons on Index page.
+$_['front_links_margin_L']   = '1.0em';
+$_['button_font_size']       = '0.9em';  //Buttons on Edit page.
+$_['button_margin_L']        = '0.7em';
+$_['button_padding']         = '4px 10px';
+$_['image_info_font_size']   = '1em';    //show_img_msg_01  &  _02
+$_['image_info_pos']         = '';       //If 1 or true, moves the info down a line for more space.
+$_['select_all_label_size']  = '.84em';  //Font size of $_['Select_All']
+$_['select_all_label_width'] = '76px';   //Width of space for $_['Select_All']
+
+$_['Admin']   = 'Beheer';
+$_['Cancel']  = 'Annuleren';
+$_['Close']   = 'Sluiten';
+$_['Copy']    = 'Kopiëren';
+$_['Copied']  = 'Gekopiëerd';
+$_['Create']  = 'Aanmaken';
+$_['Delete']  = 'Verwijderen';
+$_['DELETE']  = 'VERWIJDER';
+$_['Deleted'] = 'Verwijderd';
+$_['Edit']    = 'Bewerken';
+$_['Enter']   = 'Enter';
+$_['Error']   = 'Fout';
+$_['errors']  = 'fouten';
+$_['File']    = 'Bestand';
+$_['Folder']  = 'Map';
+$_['From']    = 'Van';
+$_['Hash']    = 'Hash';
+$_['Move']    = 'Verplaats';
+$_['Moved']   = 'Verplaatst';
+$_['on']      = 'on';
+$_['bytes']   = 'bytes';   //####
+
+$_['Password']   = 'Wachtwoord';
+$_['Rename']     = 'Hernoemen';
+$_['successful'] = 'succesvol';
+$_['To']         = 'Aan';
+$_['Upload']     = 'Upload';
+$_['Username']   = 'Gebruikersnaam';
+$_['Log_In']     = 'Inloggen';
+$_['Log_Out']    = 'Uitloggen';
+
+$_['Admin_Options']  = 'Opties voor beheer';
+$_['Are_you_sure']   = 'Weet u het zeker?';
+$_['Edit_View']      = 'Bewerken / weergeven';
+$_['Upload_File']    = 'Bestand Uploaden';
+$_['New_File']       = 'Nieuw Bestand';
+$_['Ren_Move']       = 'Hernoemen / Verplaatsen';
+$_['Ren_Moved']      = 'Hernoemend / Verplaatst';
+$_['New_Folder']     = 'Nieuwe Map';
+$_['Ren_Folder']     = 'Hernoem / Verplaats Map';
+$_['Submit']         = 'Verzoek Indienen';
+$_['Move_Files']     = 'Verplaats Bestand(en)';
+$_['Copy_Files']     = 'Kopieër Bestand(en)';
+$_['Del_Files']      = 'Verwijder Bestand(en)';
+$_['Selected_Files'] = 'Geselecteerde Mappen en Bestanden';
+$_['Select_All']     = 'Selecteer Alles';
+$_['Clear_All']      = 'Verwijder Alles';
+$_['New_Location']   = 'Nieuwe Locatie';
+$_['No_files']       = 'Geen bestanden geselecteerd.';
+$_['Not_found']      = 'Niet gevonden';
+$_['pass_to_hash']   = 'Wachtwoord verwarren:';
+$_['Generate_Hash']  = 'Genereer Verward Wachtwoord (Hash)';
+
+$_['save_1']      = 'Opslaan';
+$_['save_2']      = 'WIJZIGINGEN OPSLAAN!';
+$_['reset']       = 'Reset - wijzingen ongedaan maken';
+$_['Wide_View']   = 'Wijd Gezichtsveld';
+$_['Normal_View'] = 'Normaal Gezichtsveld';
+$_['Open_View']   = 'Openen/Bekijken in browser venster';
+
+$_['verify_msg_01']     = 'Sessie verlopen.';
+$_['verify_msg_02']     = 'ONGELDIGE POST';
+$_['get_get_msg_01']    = 'Bestand bestaat niet:';
+$_['get_get_msg_02']    = 'Ongeldig verzoek voor pagina:';
+$_['check_path_msg_02'] = '"puntje" of "puntje puntje" pad segmenten zijn niet toegestaan.';
+$_['check_path_msg_03'] = 'Pad of bestandsnaam bevat een ongeldig teken:';
+$_['ord_msg_01']        = 'Een bestand met die naam bestaat reeds in de doelmap.';
+$_['ord_msg_02']        = 'Opslaan als';
+$_['rCopy_msg_01']      = 'Een map kan niet naar de eigen submap gekopiëerd worden.';
+$_['show_img_msg_01']   = 'Afbeelding weergegeven bij ~';
+$_['show_img_msg_02']   = '% van volledige grootte (W x H =';
+
+$_['hash_txt_01'] = 'De hashes gegenereerd door deze pagina kunnen gebruikt worden om handmatig het $HASHWORD in OneFileCMS, of in een extern configuratiebestand, bijgewerkt te worden. Hoe dan ook: draag er zorg voor dat u het wachtwoord gebruikt om de hash te genereren onthoudt!';
+$_['hash_txt_06'] = 'Typ uw gewenste wachtwoord in het invoerveld hierboven en druk op Enter.';
+$_['hash_txt_07'] = 'De hash wordt weergegeven in een geel berichtenvenster erboven.';
+$_['hash_txt_08'] = 'Kopiëer en plak de nieuwe hash waarde naar de $HASHWORD variabele in de configuratie sectie.';
+$_['hash_txt_09'] = 'Zorg ervoor dat u alles, en alleen, de hash correct (geen voor- naloop spaties enz.) kopiëert!';
+$_['hash_txt_10'] = 'Een dubbele klik op de linker muisknop zou het moeten selecteren...';
+$_['hash_txt_12'] = 'Wanneer gereed: log opnieuw in en uit.';
+
+$_['login_txt_01']  = 'Gebruikersnaam:';
+$_['login_txt_02']  = 'Wachtwoord:';
+$_['login_msg_01a'] = 'Er zijn diverse';
+$_['login_msg_01b'] = 'ongeldige inlog pogingen.';
+$_['login_msg_02a'] = 'Aub wachten';
+$_['login_msg_02b'] = 'seconden tot nieuwe poging.';
+$_['login_msg_03']  = 'ONJUISTE INLOG POGING #';
+
+$_['edit_note_00']  = 'NOTITIES:';
+$_['edit_note_01a'] = 'Onthoudt- uw';
+$_['edit_note_01b'] = 'is';
+$_['edit_note_02']  = 'Dus sla uw wijzigingen op voordat de klok afloopt of ze zullen verloren gaan!';
+$_['edit_note_03']  = 'Bij sommige browers, zoals Chrome, komt het voor als u op de [Terug] knop klikt, en daarna [Voorwaarts], dat de toestand van uw instellingen incorrect zijn. Om te corrigeren, klik op de knop [Vernieuwen].';
+$_['edit_note_04']  = 'Chrome may disable some javascript in a page if the page even appears to contain inline javascript in certain contexts. This can affect some features of the OneFileCMS edit page when editing files that legitimately contain such code, such as OneFileCMS itself. However, such files can still be edited and saved with OneFileCMS. The primary function lost is the incidental change of background colors (red/green) indicating whether or not the file has unsaved changes. The issue will be noticed after the first save of such a file.';
+
+$_['edit_h2_1']   = 'Weergeven:';
+$_['edit_h2_2']   = 'Bewerken:';
+$_['edit_txt_01'] = 'Non-tekst of onbekend bestandstype. Bewerken uitgeschakeld.';
+$_['edit_txt_02'] = 'Bestand bevat mogelijk een ongeldig teken. Bewerken en weergeven uitgeschakeld.';
+$_['edit_txt_03'] = 'htmlspecialchars() heeft een lege string teruggegeven van wat normaalgesproken een valide bestand is.';
+$_['edit_txt_04'] = 'Dit gedrag kan per versie van PHP verschillen.';
+
+$_['too_large_to_edit_01'] = 'Bewerken uitgeschakeld. Bestandsgrootte >';
+$_['too_large_to_edit_02'] = 'Sommige browsers (bijv. Internet Explorer) lopen vast of worden onstabiel bij het bewerken van een groot bestand in een <textarea>.';
+$_['too_large_to_edit_03'] = 'Bewerk $MAX_EDIT_SIZE in de configuratiesectie van OneFileCMS wanneer nodig.';
+$_['too_large_to_edit_04'] = 'Een eenvoudige proef en ondervind test kan de praktische limieten van uw browser / computer aantonen.';
+$_['too_large_to_view_01'] = 'Weergave uitgeschakeld. Bestandsgrootte >';
+$_['too_large_to_view_02'] = 'Klik de bestandsnaam boven de weergave om te zien hoe deze normaal in een browservenster wordt weergegeven.';
+$_['too_large_to_view_03'] = 'Bewerk $MAX_VIEW_SIZE in de configuratiesectie van OneFileCMS wanneer nodig.';
+$_['too_large_to_view_04'] = '(De standaardwaarde voor $MAX_VIEW_SIZE is volledig willekeurig en mag, indien gewenst, naar eigen inzicht aangepast worden.)';
+
+$_['meta_txt_01'] = 'Bestandsgrootte:';
+$_['meta_txt_03'] = 'Bijgewerkt:';
+$_['edit_msg_01'] = 'Bestand opgeslagen:';
+$_['edit_msg_02'] = 'bytes geschreven.';
+$_['edit_msg_03'] = 'Er was een fout bij het opslaan van bestand:';
+
+$_['upload_txt_03']  = 'Maximum grootte van ieder bestand:';
+$_['upload_txt_01']  = '(upload_max_filesize in php.ini)';
+$_['upload_txt_04']  = 'Maximum totaal upload grootte:';
+$_['upload_txt_02']  = '(post_max_size in php.ini)';
+
+$_['upload_err_01']  = 'Fout 1: Bestand te groot. Uit php.ini:';
+$_['upload_err_02']  = 'Fout 2: Bestand te groot. (Overschrijdt MAX_FILE_SIZE HTML form element)';
+$_['upload_err_03']  = 'Fout 3: Het upload bestand was slechts gedeeltelijk verzonden.';
+$_['upload_err_04']  = 'Fout 4: Geen bestand verzonden.';
+$_['upload_err_05']  = 'Fout 5: ';
+$_['upload_err_06']  = 'Fout 6: Geen tijdelijke map aanwezig.';
+$_['upload_err_07']  = 'Fout 7: Schrijven van bestand naar opslagmedium mislukt.';
+$_['upload_err_08']  = 'Fout 8: Een PHP extensie heeft de zending van bestanden gestopt.';
+
+$_['upload_msg_01'] = 'Geen bestand geselecteerd om te verzenden.';
+$_['upload_msg_02'] = 'Doelmap ongeldig:';
+$_['upload_msg_03'] = 'Upload geannuleerd.';
+$_['upload_msg_04'] = 'Uploaden:';
+$_['upload_msg_05'] = 'Upload succesvol!';
+$_['upload_msg_06'] = 'Upload mislukt:';
+
+$_['new_file_txt_01'] = 'Bestand of map zullen in de huidige map gemaakt worden.';
+$_['new_file_txt_02'] = 'Sommige ongeldige tekens zijn:';
+$_['new_file_msg_01'] = 'Bestand of map niet aangemaakt:';
+$_['new_file_msg_02'] = 'Naam bevat een ongeldig teken:';
+$_['new_file_msg_03'] = 'Niet aangemaakt - geen naam opgegeven';
+$_['new_file_msg_04'] = 'Bestand of map bestaat reeds:';
+$_['new_file_msg_05'] = 'Aangemaakt bestand:';
+$_['new_file_msg_07'] = 'Aangemaakt map:';
+
+$_['CRM_txt_02']  = 'De nieuwe locatie moet reeds bestaan.';
+$_['CRM_txt_04']  = 'Nieuwe Naam';
+$_['CRM_msg_01']  = 'Fout - nieuwe bovenliggende locatie bestaat niet:';
+$_['CRM_msg_02']  = 'Fout - bronbestand bestaat niet:';
+$_['CRM_msg_03']  = 'Fout - nieuwe bestand of map bestaat reeds:';
+$_['CRM_msg_05']  = 'Fout gedurende';
+
+$_['delete_msg_03']   = 'Verwijderfout:';
+$_['session_warning'] = 'Waarschuwing: Sessie verloopt binnenkort!';
+$_['session_expired'] = 'SESSIE VERLOPEN';
+$_['unload_unsaved']  = 'Niet opgeslagen wijzigen zullen verloren gaan!';
+$_['confirm_reset']   = 'Herstel bestand en verlies niet opgeslagen wijzigingen?';
+
+$_['OFCMS_requires']   = 'OneFileCMS vereist PHP';
+$_['logout_msg']       = 'U bent succesvol afgemeld.';
+$_['upload_error_01a'] = 'Upload Fout. Totale POST data (meerendeel bestandsgrootte) overschrijdt post_max_size =';
+$_['upload_error_01b'] = '(van php.ini)';
+$_['edit_caution_01']  = 'VOORZICHTIG';
+$_['edit_caution_02']  = 'U bent de actieve kopie van OneFileCMS aan het bewerken - MAAK EEN BACK-UP & WEES VOORZICHTIG !!';
+$_['time_out_txt']     = 'Sessie verloopt in:';
+
+$_['error_reporting_01'] = 'Weergave van fouten is';
+$_['error_reporting_02'] = 'Loggen van fouten is';
+$_['error_reporting_03'] = 'Foutrapportage is ingesteld op';
+$_['error_reporting_04'] = 'Toon foutsoorten';
+$_['error_reporting_05'] = 'Onverwacht vroege uitvoer';
+$_['error_reporting_06'] = '(niet, zelfs niet een blanko regel, zou al getoond mogen worden)';
+
+$_['admin_txt_00'] = 'Oude Backup Gevonden';
+$_['admin_txt_01'] = 'Een backup bestand is aangemaakt voor het geval er een fout tijdens het wijzigen van de gebruikersnaam of het wachtwoord plaatsvindt. Met andere woorden, het kan oude informatie bevatten en dient verwijderd te worden indien niet benodigd. In ieder geval, het bestand zal tijdens de volgende wijziging overschreven worden.';
+$_['admin_txt_02'] = 'Algemene Informatie';
+$_['admin_txt_14'] = 'Voor een kleine verbetering van de beveiliging, verander het standaard "salt" en/of methode gebruikt door OneFileCMS om het wachtwoord te hashen (en houdt deze geheim, natuurlijk). Alle kleine beetjes helpen...'; //####
+$_['admin_txt_16'] = 'OneFileCMS kan gebruikt worden om zichzelf te wijzigen. Echter, draagt u zorg voor een backup indien er iets misgaat zoals de onvermijdelijke typvout...'; //####
+
+$_['pw_change']  = 'Bewerk Wachtwoord';
+$_['pw_current'] = 'Huidig Wachtwoord';
+$_['pw_new']     = 'Nieuw Wachtwoord';
+$_['pw_confirm'] = 'Bevestig Nieuw Wachtwoord';
+
+$_['pw_txt_02'] = 'Wachtwoord / Gebruikersnaam regels:';
+$_['pw_txt_04'] = 'Hoofdlettergevoelig: "A" is geen "a"';
+$_['pw_txt_06'] = 'Moet minimaal 1 niet-spatie teken bevatten.';
+$_['pw_txt_08'] = 'Mag spaties in het midden bevatten. Vb: "Dit is een wachtwoord of gebruikersnaam!"';
+$_['pw_txt_10'] = 'Voorafgaande of afsluitende spaties worden genegeerd.';
+$_['pw_txt_12'] = 'Bij het opnemen van wijzigingen wordt alleen 1 bestand bijgewerkt: of de actieve kopie van OneFileCMS of, indien opgegeven, een extern configuratiebestand.';
+$_['pw_txt_14'] = 'Indien een onjuist huidig wachtwoord opgegeven wordt, zult u automatisch uitgelogd worden. U mag dan wel weer meteen inloggen.';
+
+$_['change_pw_01'] = 'Wachtwoord gewijzigd!';
+$_['change_pw_02'] = 'Wachtwoord NIET gewijzigd:';
+$_['change_pw_03'] = 'Onjuist huidig wachtwoord opgegeven. Log in en probeert u het nog eens.';
+$_['change_pw_04'] = '"Nieuw" en "Bevestig Nieuw" waardes komen niet overeen.';
+$_['change_pw_05'] = 'Bijwerken';
+$_['change_pw_06'] = 'extern configuratiebestand';
+
+$_['un_change']     = 'Wijzig Gebruikersnaam';
+$_['un_new']        = 'Nieuwe Gebruikersnaam';
+$_['un_confirm']    = 'Bevestig Nieuwe Gebruikersnaam';
+$_['change_un_01']  = 'Gebruikersnaam gewijzigd!';
+$_['change_un_02']  = 'Gebruikersnaam NIET gewijzigd:';
+$_['update_failed'] = 'Update mislukt - onmogelijk bestand op te slaan.';
+$_['mcd_msg_01']    = 'bestanden verplaatst.';
+$_['mcd_msg_02']    = 'bestanden gekopiëerd.';
+$_['mcd_msg_03']    = 'bestanden verwijderd.';

From 57bd95af8c875f39e847eb975a0876b23018ccc6 Mon Sep 17 00:00:00 2001
From: David <selfevidenttruths@mail.com>
Date: Sun, 21 Oct 2012 16:00:00 -0400
Subject: [PATCH 152/228] Version 3.4.12 Upload_Page(): Added option to select
 either automatic rename or overwrite. List_Files(): Tweaked $IS_OFCMS check
 so blank cell is not highlighted when on-hover. Upload_response(): Added
 cooresponding code to overwrite (if option selected). New language strings:  
 $_['upload_txt_05'] = 'For uploaded files that already exist: ';  
 $_['upload_txt_06'] = 'Rename (to filename.ext.001 etc...)';  
 $_['upload_txt_07'] = 'Overwrite';   $_['upload_msg_07'] = 'A pre-existing
 file was overwritten.';

---
 OneFileCMS.LANG.DE.php |  23 ++-
 OneFileCMS.LANG.EN.php |  25 +--
 OneFileCMS.LANG.ES.php |  23 ++-
 onefilecms.php         |  49 ++++--
 readme.markdown        | 381 ++++-------------------------------------
 5 files changed, 112 insertions(+), 389 deletions(-)

diff --git a/OneFileCMS.LANG.DE.php b/OneFileCMS.LANG.DE.php
index 66a9120..945af66 100755
--- a/OneFileCMS.LANG.DE.php
+++ b/OneFileCMS.LANG.DE.php
@@ -1,5 +1,5 @@
 <?php
-// OneFileCMS Language Settings v3.4.11
+// OneFileCMS Language Settings v3.4.12
 
 $_['LANGUAGE'] = 'Deutsch';
 $_['LANG'] = 'DE';
@@ -16,14 +16,14 @@
 // In some instances, some langauges may use significantly longer words or phrases than others.
 // So, a smaller font or less spacing may be desirable in those places to preserve page layout.
 //
-$_['front_links_font_size']  = '0.9em';  //Buttons on Index page.
-$_['front_links_margin_L']   = '0.5em';
-$_['button_font_size']       = '.7em';   //Buttons on Edit page.
-$_['button_margin_L']        = '.5em';
-$_['button_padding']         = '4px 5px';
-$_['image_info_font_size']   = '.95em';  //show_img_msg_01  &  _02
-$_['image_info_pos']         = '1';      //If 1 or true, moves the info down a line for more space.
-$_['select_all_label_size']  = '.84em';  //Font size of $_['Select_All']
+$_['front_links_font_size'] = '0.9em';  //Buttons on Index page.
+$_['front_links_margin_L']  = '0.5em';
+$_['button_font_size']      = '.7em';   //Buttons on Edit page.
+$_['button_margin_L']       = '.5em';
+$_['button_padding']        = '4px 5px';
+$_['image_info_font_size']  = '.95em';  //show_img_msg_01  &  _02
+$_['image_info_pos']        = '1';      //If 1 or true, moves the info down a line for more space.
+$_['select_all_label_size'] = '.84em';  //Font size of $_['Select_All']
 $_['select_all_label_width'] = '76px';   //Width of space for $_['Select_All']
 
 $_['Admin']   = 'Konfiguration';
@@ -147,6 +147,9 @@
 $_['upload_txt_01']  = '  per upload_max_filesize in php.ini.';
 $_['upload_txt_04']  = 'Maximale Gesamt Upload-Größe:';
 $_['upload_txt_02']  = 'pro post_max_size in der php.ini';
+$_['upload_txt_05']  = 'Für die hochgeladenen Dateien, die bereits existieren: ';
+$_['upload_txt_06']  = 'Umbenennen (Auf filename.ext.001 etc...)';
+$_['upload_txt_07']  = 'Überschreiben';
 
 $_['upload_err_01']  = 'Error 1: Datei zu groß. Von php.ini:';
 $_['upload_err_02']  = 'Error 2: Datei zu groß. (MAX_FILE_SIZE HTML form element)';
@@ -163,6 +166,7 @@
 $_['upload_msg_04'] = 'Heraufladen: ';
 $_['upload_msg_05'] = 'Das Heraufladen war erfolgreich! ';
 $_['upload_msg_06'] = 'Das Heraufladen ist fehlgeschlagen: ';
+$_['upload_msg_07'] = 'Eine bereits vorhandene Datei überschrieben wurde.';
 
 $_['new_file_txt_01'] = 'Die Datei wird im aktuellen Ordner erstellt.  ';
 $_['new_file_txt_02'] = 'Ungültige Zeichen für Dateinamen sind: ';
@@ -236,3 +240,4 @@
 $_['mcd_msg_01']    = 'Dateien verschoben.';
 $_['mcd_msg_02']    = 'Dateien kopiert.';
 $_['mcd_msg_03']    = 'Dateien gelöscht.';
+
diff --git a/OneFileCMS.LANG.EN.php b/OneFileCMS.LANG.EN.php
index c6dc167..a2c8980 100755
--- a/OneFileCMS.LANG.EN.php
+++ b/OneFileCMS.LANG.EN.php
@@ -1,5 +1,5 @@
 <?php
-// OneFileCMS Language Settings v3.4.11
+// OneFileCMS Language Settings v3.4.12
 
 $_['LANGUAGE'] = 'English'; //EN
 $_['LANG'] = 'EN';
@@ -16,15 +16,15 @@
 // In some instances, some langauges may use significantly longer words or phrases than others.
 // So, a smaller font or less spacing may be desirable in those places to preserve page layout.
 //
-$_['front_links_font_size']  = '1.0em';  //Buttons on Index page.
-$_['front_links_margin_L']   = '1.0em';
-$_['button_font_size']       = '0.9em';  //Buttons on Edit page.
-$_['button_margin_L']        = '0.7em';
-$_['button_padding']         = '4px 10px';
-$_['image_info_font_size']   = '1em';    //show_img_msg_01  &  _02
-$_['image_info_pos']         = '';       //If 1 or true, moves the info down a line for more space.
-$_['select_all_label_size']  = '.84em';  //Font size of $_['Select_All']
-$_['select_all_label_width'] = '76px';   //Width of space for $_['Select_All']
+$_['front_links_font_size'] = '1.0em';  //Buttons on Index page.
+$_['front_links_margin_L']  = '1.0em';
+$_['button_font_size']      = '0.9em';  //Buttons on Edit page.
+$_['button_margin_L']       = '0.7em';
+$_['button_padding']        = '4px 10px';
+$_['image_info_font_size']  = '1em';    //show_img_msg_01  &  _02
+$_['image_info_pos']        = '';       //If 1 or true, moves the info down a line for more space.
+$_['select_all_label_size'] = '.84em';  //Font size of $_['Select_All']
+$_['select_all_label_width'] = '72px';   //Width of space for $_['Select_All']
 
 $_['Admin']   = 'Admin';
 $_['Cancel']  = 'Cancel';
@@ -147,6 +147,9 @@
 $_['upload_txt_01']  = '(upload_max_filesize in php.ini)';
 $_['upload_txt_04']  = 'Maximum total upload size:';
 $_['upload_txt_02']  = '(post_max_size in php.ini)';
+$_['upload_txt_05']  = 'For uploaded files that already exist: '; //####
+$_['upload_txt_06']  = 'Rename (to filename.ext.001 etc...)'; //####
+$_['upload_txt_07']  = 'Overwrite'; //####
 
 $_['upload_err_01']  = 'Error 1: File too large. From php.ini:';
 $_['upload_err_02']  = 'Error 2: File too large. (Exceeds MAX_FILE_SIZE HTML form element)';
@@ -163,6 +166,7 @@
 $_['upload_msg_04'] = 'Uploading:';
 $_['upload_msg_05'] = 'Upload successful!';
 $_['upload_msg_06'] = 'Upload failed:';
+$_['upload_msg_07'] = 'A pre-existing file was overwritten.'; //####
 
 $_['new_file_txt_01'] = 'File or Folder will be created in the current folder.';
 $_['new_file_txt_02'] = 'Some invalid characters are:';
@@ -236,3 +240,4 @@
 $_['mcd_msg_01']    = 'files moved.';
 $_['mcd_msg_02']    = 'files copied.';
 $_['mcd_msg_03']    = 'files deleted.';
+
diff --git a/OneFileCMS.LANG.ES.php b/OneFileCMS.LANG.ES.php
index 7ab2263..c4c8b10 100755
--- a/OneFileCMS.LANG.ES.php
+++ b/OneFileCMS.LANG.ES.php
@@ -1,5 +1,5 @@
 <?php
-// OneFileCMS Language Settings v3.4.11
+// OneFileCMS Language Settings v3.4.12
 
 $_['LANGUAGE'] = 'Espanõla';
 $_['LANG'] = 'ES';
@@ -16,14 +16,14 @@
 // In some instances, some langauges may use significantly longer words or phrases than others.
 // So, a smaller font or less spacing may be desirable in those places to preserve page layout.
 //
-$_['front_links_font_size']  = '1.0em';  //Buttons on Index page.
-$_['front_links_margin_L']   = '0.6em';
-$_['button_font_size']       = '0.9em';  //Buttons on Edit page.
-$_['button_margin_L']        = '0.4em';
-$_['button_padding']         = '4px 5px';
-$_['image_info_font_size']   = '.95em';  //show_img_msg_01  &  _02
-$_['image_info_pos']         = ' ';      //If 1 or true, moves the info down a line for more space.
-$_['select_all_label_size']  = '.84em';  //Font size of $_['Select_All']
+$_['front_links_font_size'] = '1.0em';  //Buttons on Index page.
+$_['front_links_margin_L']  = '0.6em';
+$_['button_font_size']      = '0.9em';  //Buttons on Edit page.
+$_['button_margin_L']       = '0.4em';
+$_['button_padding']        = '4px 5px';
+$_['image_info_font_size']  = '.95em';  //show_img_msg_01  &  _02
+$_['image_info_pos']        = ' ';      //If 1 or true, moves the info down a line for more space.
+$_['select_all_label_size'] = '.84em';  //Font size of $_['Select_All']
 $_['select_all_label_width'] = '76px';   //Width of space for $_['Select_All']
 
 $_['Admin']   = 'Administrador';
@@ -147,6 +147,9 @@
 $_['upload_txt_01']  = 'por upload_max_filesize en php.ini.';
 $_['upload_txt_04']  = 'Tamaño total de la subida:';
 $_['upload_txt_02']  = 'por post_max_size en php.ini';
+$_['upload_txt_05']  = 'Para los archivos subidos que ya existen: ';
+$_['upload_txt_06']  = 'Renombrar (hacia filename.ext.001 etc...)';
+$_['upload_txt_07']  = 'Sobreescribir';
 
 $_['upload_err_01']  = 'Error 1: Archivo demasiado pesado. Desde php.ini:';
 $_['upload_err_02']  = 'Error 2: Archivo muy grande. (MAX_FILE_SIZE HTML form element)';
@@ -163,6 +166,7 @@
 $_['upload_msg_04'] = 'Subiendo:';
 $_['upload_msg_05'] = '¡Subida satisfactoria!';
 $_['upload_msg_06'] = 'Subida fallida: ';
+$_['upload_msg_07'] = 'Un archivo existente se sobrescribe.';
 
 $_['new_file_txt_01'] = 'Se creará un archivo nuevo en la carpeta actual.';
 $_['new_file_txt_02'] = 'Algunos caracteres inválidos son: ';
@@ -236,3 +240,4 @@
 $_['mcd_msg_01']    = 'archivos movidos satisfactoriamente.';
 $_['mcd_msg_02']    = 'archivos copiados satisfactoriamente.';
 $_['mcd_msg_03']    = 'archivos eliminados satisfactoriamente.';
+
diff --git a/onefilecms.php b/onefilecms.php
index f5a3704..bc8d43f 100755
--- a/onefilecms.php
+++ b/onefilecms.php
@@ -1,7 +1,7 @@
 <?php
 // OneFileCMS - github.com/Self-Evident/OneFileCMS
 
-$OFCMS_version = '3.4.11';
+$OFCMS_version = '3.4.12';
 
 /*******************************************************************************
 Copyright © 2009-2012 https://github.com/rocktronica
@@ -36,7 +36,7 @@
 ini_set('session.use_trans_sid', 0);    //make sure URL supplied SESSID's are not used
 ini_set('session.use_only_cookies', 1); //make sure URL supplied SESSID's are not used
 error_reporting(0); //0 for none, or (E_ALL &~ E_STRICT) for trouble-shooting. 
-ini_set('display_errors', 'off');         //Only turn on for trouble-shooting.
+ini_set('display_errors', 'off');         //Only turn on for trouble-shooting. 
 ini_set('log_errors'    , 'off');         //Only turn on for trouble-shooting.
 ini_set('error_log'     , $_SERVER['SCRIPT_FILENAME'].'.ERROR.log');
 //Determine good folder for session file? Default is tmp/, which is not secure, but it may not be a serious concern.
@@ -59,7 +59,7 @@
 
 $MAX_ATTEMPTS  = 3;   //Max failed login attempts before LOGIN_DELAY starts.
 $LOGIN_DELAY   = 10;  //In seconds.
-$MAX_IDLE_TIME       = 600; //In seconds. 600 = 10 minutes.  Other PHP settings may limit its max effective value.
+$MAX_IDLE_TIME = 600; //In seconds. 600 = 10 minutes.  Other PHP settings may limit its max effective value.
 					  //  For instance, 24 minutes is the PHP default for garbage collection.
 
 $MAIN_WIDTH    = '810px'; //Width of main <div> defining page layout.
@@ -72,7 +72,7 @@
 $MAX_VIEW_SIZE = 1000000; // If file > $MAX_EDIT_SIZE, don't even view in OneFileCMS.
                           // The default max view size is completely arbitrary. Basically, it was 2am and seemed like a good idea at the time.
 
-$UPLOAD_FIELDS = 4; //Number of upload fields on Upload File(s) page. Max value is ini_get('max_file_uploads').
+$UPLOAD_FIELDS = 6; //Number of upload fields on Upload File(s) page. Max value is ini_get('max_file_uploads').
 
 $config_favicon   = "favicon.ico"; //Path is relative to root of website.
 $config_excluded  = ""; //files to exclude from directory listings- CaSe sEnsaTive!
@@ -173,7 +173,7 @@ function hte($input) { return htmlentities($input, ENT_QUOTES, 'UTF-8'); }//end
 
 function Default_Language() { // ***********************************************
 	global $_;
-// OneFileCMS Language Settings v3.4.10
+// OneFileCMS Language Settings v3.4.12
 
 $_['LANGUAGE'] = 'English'; //EN
 $_['LANG'] = 'EN';
@@ -309,6 +309,9 @@ function Default_Language() { // ***********************************************
 $_['upload_txt_01'] = '(upload_max_filesize in php.ini)';
 $_['upload_txt_04'] = 'Maximum total upload size:';
 $_['upload_txt_02'] = '(post_max_size in php.ini)';
+$_['upload_txt_05'] = 'For uploaded files that already exist: '; //#### 
+$_['upload_txt_06'] = 'Rename (to filename.ext.001 etc...)';
+$_['upload_txt_07'] = 'Overwrite';                               //#### 
 $_['upload_err_01'] = 'Error 1: File too large. From php.ini:';
 $_['upload_err_02'] = 'Error 2: File too large. (Exceeds MAX_FILE_SIZE HTML form element)';
 $_['upload_err_03'] = 'Error 3: The uploaded file was only partially uploaded.';
@@ -323,6 +326,7 @@ function Default_Language() { // ***********************************************
 $_['upload_msg_04'] = 'Uploading:';
 $_['upload_msg_05'] = 'Upload successful!';
 $_['upload_msg_06'] = 'Upload failed:';
+$_['upload_msg_07'] = 'A pre-existing file was overwritten.'; //#### 
 $_['new_file_txt_01'] = 'File or Folder will be created in the current folder.';
 $_['new_file_txt_02'] = 'Some invalid characters are:';
 $_['new_file_msg_01'] = 'File or folder not created:';
@@ -1521,11 +1525,10 @@ function List_File($file, $type, $f_or_f, $DS, $IS_OFCMS, $HREF_params, $param3)
 			echo '<a href="'.$HREF_params.'&amp;p=delete'.$f_or_f.'" title="'.hsc($_['Delete']).'"  >'.$ICONS['delete'].'</a>';
 		} ?>
 		</td>
-		<td class="ckbox"><?php
-		if (!$IS_OFCMS){
-			echo '<INPUT TYPE=checkbox NAME="files[]" VALUE="'.hsc($file).'">';
-		} ?>
-		</td>
+		<?php if (!$IS_OFCMS){
+			echo '<td class="ckbox"><INPUT TYPE=checkbox NAME="files[]" VALUE="'.hsc($file).'"></td>';
+		}else { echo '<td></td>'; }
+		?>
 		<td class="file_name"><?php
 			echo '<a href="'.$HREF_params.$param3.'"  title="'.hsc($_['Edit_View']).'">';
 			echo $icon.'&nbsp;'.hte($file).$DS.'</a>';
@@ -1864,14 +1867,22 @@ function Upload_Page() { //*****************************************************
 	echo '<h2>'.hsc($_['Upload_File']).'</h2>';
 	echo '<p>';
 	echo hsc($_['upload_txt_03']).' '.ini_get('upload_max_filesize').' '.hsc($_['upload_txt_01']).'<br>';
-	echo hsc($_['upload_txt_04']).' '.ini_get('post_max_size')      .' '.hsc($_['upload_txt_02']);
+	echo hsc($_['upload_txt_04']).' '.ini_get('post_max_size')      .' '.hsc($_['upload_txt_02']).'<br>';
 	
 	echo '<form enctype="multipart/form-data" action="'.$ONESCRIPT.$param1.'&amp;p=uploaded" method="post">';
 		echo $INPUT_NUONCE;
+		
+		echo '<div class="action">';
+		echo $_['upload_txt_05'];
+			echo '<LABEL><INPUT TYPE=radio NAME=ifexists VALUE=rename checked> '.$_['upload_txt_06'].'</LABEL>';
+			echo '<LABEL><INPUT TYPE=radio NAME=ifexists VALUE=overwrite     > '.$_['upload_txt_07'].'</LABEL> ';
+		echo '</div>'; //end class=action
+		
 		echo '<input type="hidden" name="upload_destination" value="'.hsc($ipath).'" >';
 		echo '<p>';
 		for ($x = 0; $x < $UPLOAD_FIELDS; $x++) {
-			echo '<input type="file" name="upload_file[]" class="upload_file" size="100"><br>'."\n";
+			//size is for FF, style width for IE & Chrome.
+			echo '<input type="file" name="upload_file[]" size="100%" style="width: 100%">';
 		}
 		
 		Cancel_Submit_Buttons($_['Upload']);
@@ -1894,6 +1905,7 @@ function Upload_response() { //*************************************************
 		$filecount++;
 		$filename    = $_FILES['upload_file']['name'][$N];
 		$destination = Check_path($_POST["upload_destination"]);
+		$savefile_msg = '';		
 		
 		$MAXUP1 = ini_get('upload_max_filesize');
 		//$MAXUP2 = ''; //number_format($_POST['MAX_FILE_SIZE']).' '.hsc($_['bytes']);
@@ -1915,12 +1927,18 @@ function Upload_response() { //*************************************************
 			$message .= hsc($_['upload_msg_03']).'</b><br>';
 		}else{
 			$message .= '<b>'.hsc($_['upload_msg_04']).'</b> <span class="filename">'.hte($filename).'</span><br>';
-			$savefile = ordinalize($destination, $filename, $savefile_msg);
+			
+			if ( isset($_POST['ifexists']) && ($_POST['ifexists'] == 'overwrite') ) {
+				$savefile = $destination.$filename;
+				if (is_file($savefile)) { $savefile_msg .= $_['upload_msg_07'] ; }
+			}else{ //rename to "file.etc.001"  etc...
+				$savefile = ordinalize($destination, $filename, $savefile_msg);
+			}
 			
 			if(move_uploaded_file($_FILES['upload_file']['tmp_name'][$N], $savefile)) {
 				$message .= '<b>'.hsc($_['upload_msg_05']).'</b> '.$savefile_msg.'<br>';
 			} else{
-				$message .= '<b>'.$EX.'<b>'.hsc($_['upload_msg_06']).' '.$ERRMSG.'</b><br>';
+				$message .= '<b>'.$EX.hsc($_['upload_msg_06']).'</b> '.$ERRMSG.'</b><br>';
 			}
 		}
 	}//end foreach $_FILES
@@ -3024,6 +3042,9 @@ function style_sheet(){ //******************************************************
 .R    {color: #00a;    border: 1px solid #804000}
 .C    {color: #006400; border: 1px solid #008400}
 .D    {color: #b00;    border: 1px solid #b00}
+
+.action       {display: inline-block}
+.action label {margin: 0 1em}
 </style>
 <?php
 }//end style_sheet() //*********************************************************
diff --git a/readme.markdown b/readme.markdown
index 76ec81b..5979ac9 100755
--- a/readme.markdown
+++ b/readme.markdown
@@ -1,6 +1,17 @@
-# Current version: 3.4.11
+# OneFileCMS
+
+## Current version: 3.4.12
+
+--------------------------------------------------------------------------------
+
+## Recent changes
 
-### October 8, 2012  (v3.4.11)
+
+### October 21, 2012 (v3.4.12)
+
+- On the Upload Page, added an option to select either automatic rename or overwrite of pre-existing files.
+
+### October 16, 2012  (v3.4.11)
 
 - Just a few code tweaks & improvements.
 
@@ -26,54 +37,6 @@
 - OneFileCMS can now select and upload multiple files at one time.  The default max is 4, but that value may be adjusted with the "$UPLOAD_FIELDS" config variable.
 -Removed the extra [Upload...] [New...] [Rename...] [Delete...] buttons from bottom of index page.
 
-### September 14, 2012
-
-- Minor bug fix.
-
-### September 13, 2012
-
-Nothing, it seems, is ever "done".  Shortly after commiting the changes to 3.4, I noticed a couple very minor issues.  Issues that probably would go unnoticed by most.  But, I had to fix them.  Then, I started thinking, "hmmm, this could be little better... maybe that too..."
-
-Anyway, maybe now it's sorta at a resting spot  (hahaha...).  In anycase, here's the recent summary:
-
-- A few minor fixes, and some code cleanup & improvements.
-
-(what'd you expect, an epic treatise?...)
-
-### Auguest 29, 2012
-
-- Added options to select and move, copy, or delete, multiple files from the index page.
-
-### Auguest 14, 2012
-
-- OneFileCMS now can now update the password and username itself, so manual editing of OneFileCMS is not required (but is still possible, of course).
-- Removed plain text $PASSWORD option.
-- Added options to Rename, Copy, or Delete files from Index screen.
-
-
-### Auguest 6, 2012
-
-- I just noticed that a function OneFile uses has only been available since PHP 5.1.  So, I guess that's the new minimum required version. (Even though further down this page 5.2 is listed at the minimum version)
-
-
-### Auguest 3, 2012
-
-- For reasons of required content, consistancy, & code simplicity, the format for language files is now php, instead of ini. While the ini format is cleaner looking and a bit easier to read, there are a few deal-breakers as far as using it to contain values for language strings (as used in OFCMS). Those issues, along with some general considerations of various pros & cons, are detailed on the wiki page.
-
-### July 31, 2012
-
-- For reasons of security, consistancy, & code simplicity, the format for external config files (if used) is now php, instead of ini. This permits a simple copy & paste between an external config file & onefilecms.php.  
-  A config file must begin with "&lt;?php".  And, for security reasons, external config file names should end in ".php".  Otherwise, your webserver may serve up the file as plain text, exposing the contents, such as username and password.
-
-
-### July 25, 2012
-
-#### Security issue if using external .ini config file for password storage  
-If an external config file is used to store your password and/or hash, make sure to save the file with php as the extension, and begin the file as follows:  
-  
-;&lt;?php die();  
-  
-Otherwise, the file - along with your password, is world readable. For details, see the php documentation and comments on parse\_ini\_file().
 
 
 #### Language files
@@ -105,13 +68,14 @@ Coupling a utilitarian code editor with basic file managing functions, OneFileCM
 
 ## Features
  
-- All the basic features of an FTP application like renaming, deleting, copying, and uploading
-  _(For complex processes like batch renaming or mass uploads, you're going to want to use an actual FTP program.)_
+- All the basic file management features like renaming, moving, copying, deleting, and uploading.
+  _(For complex processes like batch renaming or mass uploads, you're going to want to use an FTP program.)_
 - A basic text editor.
-- Warns if you try to leave editing with unsaved changes.
-- A Login delay after too many invalid attempts.
+- Alerts if you try to leave editing with unsaved changes.
+- A Login delay after too many invalid login attempts.
 - Adjustable idle time before auto-logout.
 - Easily modifiable & re-brandable.
+- Multi-language support.
 - <del>Possibly</del> The easiest installation process ever!
 
 ## Installation
@@ -124,13 +88,15 @@ Coupling a utilitarian code editor with basic file managing functions, OneFileCM
 
 Depending on how your web stack is set up, you may also have to modify the file permissions of your site's folders to allow OneFileCMS to modify and create files. ([More about that here.](http://catcode.com/teachmod/)) Make sure onefilecms.php and its parent folder are allowed to execute, with CHMOD at 755. Check with your host if you're not sure, and be aware of any inherent security concerns.  
 
-You can also change the file name of OneFileCMS.php to something else, such as "Admin.php" . (Be careful about making it a folder's default file: your server may get stuck in redirects.)
+You can also change the file name of OneFileCMS.php to something else, such as "Admin.php". (Be careful about making it a folder's default file: your server may get stuck in redirects.)
+
+--------------------------------------------------------------------------------
 
 ## FAQ
 
 ### Where's the WYSIWYG? What about syntax highlighting?
 
-WYSWIWYG editors have been requested, but probably won't become standard, as they'd make it more than one file, sort of defeating the "OneFile" point. Plus, if you're working in PHP or non-HTML code, they can be more of a hindrance than an asset.
+WYSWIWYG editors have been requested, but probably won't become standard, as they'd make it more than one file, sort of defeating the whole "OneFile" point. Plus, if when working with PHP or non-HTML code, they can be more of a hindrance than an asset.
 
 However, just because I don't want to do it, doesn't mean it's impossible.  Look for the Edit\_Page\_form() function. Its textarea can be modified to work with whatever editor you like. 
 
@@ -148,13 +114,15 @@ Well, because "OneFileCMS" sounds way cooler than "OneFileFileManagerwithTextEdi
 
 Yes!  Currently, English, German, and Spanish are available.
 
-If you speak another language and would like to contribute, translations into other languages are welcomed and appreciated!  Just use the English language file as a template, and translate each word, phrase, etc., as appropriate.  (Someone told me he was working on an Esparento translation, but that might have been a joke...)
+If you speak another language and would like to contribute, translations into other languages are welcomed and appreciated!  Just use the English language file (or any of the others) as a template, and translate each word, phrase, etc., as appropriate.  (Someone told me he was working on an Esparento translation, but that might have been a joke...)
 
 ### Can I have more than one username/password?
 
-Yes!  Well, sort of - indirectly.  Upload or create addional copies of OneFileCMS, but give them different file names.(ie: OneFile1.php and OneFile2.php etc...)  Then, in each copy, maintain different user names and passwords.  Also, so that one user does not log out the other, change the value of the $session_name config variables.  
+Yes!  Well, sort of - indirectly.  Upload or create addional copies of OneFileCMS, but give them different file names.(ie: OneFile1.php and OneFile2.php etc...)  Then, in each copy, maintain different usernames and passwords.  Also, so that one user does not login/logout the other, change the value of the $session_name config variable.  
   
-Now, since there is no database or other means of granular control and access logging, multiple usernames may be kind of pointless.  On the other hand, having at least one working backup copy of OneFileCMS available is recommended in case the primary copy gets corrupted.
+Now, since there is no database or other means of granular control or access logging, multiple usernames may be kind of pointless.  On the other hand, having at least one working backup copy of OneFileCMS available is recommended in case the primary copy gets corrupted.
+
+--------------------------------------------------------------------------------
 
 ## Requirements
 
@@ -162,28 +130,27 @@ Now, since there is no database or other means of granular control and access lo
   (Only tested on versions 5.2.8, 5.2.17, 5.3.3, and 5.4 + )
 - File permission privileges on your host.
 - Javascript enabled browswer.
-- And -if you wish to see the icons- a browser that supports inline SVG.
+- And- but if you wish to see the icons- a browser that supports inline SVG.  
   (If your browser doesn't support inline SVG, OneFileCMS will still work, just without any icons.)
 
-## Credit, License, Et Cetera  
+## License, Credit, Et Cetera  
 
+- Available under the MIT and BSD licenses.
 - Maintained by github/Self-Evident
 - Original concept and development by github.com/rocktronica
 - Contributors: A. M Balakrishnan, github.com/codeless, github.com/fermuch
 - Written in PHP, JavaScript, HTML, CSS, and SVG.
-- Available under the MIT and BSD licenses.
 - Icons for versions thru 1.1.6 by [famfamfam](http://www.famfamfam.com/).
 - To report a bug or request a feature, please file an issue via Github.
 - And, of course, please feel free to fork away!
 
-##Needed/potential/upcoming improvements
+##Needed/potential improvements
 
 - With Chrome, and possibly Safari, issue with Edit page: Clicking browser [back] & then browser [forward],  with file changed and not saved. On return (after [forward] clicked), file still has changes, but indicators are green (saved/unchanged). Does not affect FF 7+ or IE 8+.
 - Issue with Chrome's XSS filter: Editing some legitimate files with OneFileCMS will trigger the filter and disable much of the javascript provided functionallity, but only while on the edit page with such a file, and only after a [Save].
 - The connection is not encrypted (doesn't use SSL), so passwords & usernames are sent in clear text during login.  
   However, this is true of most online login systems, unless SSL or the like is employed.
 - Be aware that only some very basic data & error checking is performed.  (But, it's getting better...)  
-  On Windows, for instance, it was possible to create folders that were subsequently inaccessible and undeletable by Windows.  (Yea, I found out the hard way...)  (However, I *think* that issue is fixed.)
 - Anything else?
 
 --------------------------------------------------------------------------------
@@ -198,7 +165,7 @@ DEFAULT LANGUAGE
   
 SESSION & MISC FUNCTIONS  
   
-SVG ICON FUNCTIONS  
+SVG $ICONS & FUNCTIONS
   
 PAGE & RESPONSE FUNCTIONS  
   
@@ -212,286 +179,6 @@ GENERATE/OUTPUT THE PAGE
 
 --------------------------------------------------------------------------------
 
-## Change Log
-
-### 3.4.10
-
-- Quite of bit of code consolidation and improvement.
-- Converted svg icons from functions to an array of $ICONS[]
-- Folders are now listed ahead of files in main file list.
-
-### 3.4.09
-
-- Option to copy folders.
-- Consolidated some functions.
-- Removed some svg icons no longer used.
-- The usual "code cleanup" and "tweaked some css"...
-
-### 3.4.07
-
-- Can now delete non-empty folders (just be careful!)
-- Consolidated some functions.
-- Minor bug fix & a few misc code improvements.
-- Darkened folder icons.
-- Removed & changed a few $_[] language strings. 
-
-### 3.4.06
-
-- Minor bug fix: Index page would not display folders that started with a period ("hidden" folders on *nix)
-
-### 3.4.05
-
-- Consolidated index page radio & submit buttons (for Move, Copy, Delete) into just three standard buttons.
-- Added multi-file upload ability.
-- Index page: removed extra Upload/New/Rename/Delete buttons from  bottom of page.
-- Subsequent to the above, a bit of code cleanup & improvement.
-
-### 3.4.04
-
-- Minor bug fix.
-
-### 3.4.02-3.4.03
-
-- Primary user noticable change: on rename/move/copy pages, split "New Name" from "New Location".
-- A couple minor bug fixes.
-- Consolidated four functions into two.
-- Other general code cleanup & improvements.
-- Numerous new, changed, and removed langauge settings.
-
-### 3.4.01
-
-- A couple of minor bug fixes.
-- Some code cleanup & improvements.
-
-### 3.3.17 - 3.4.0
-
-- Added option to select and move, copy, or delete multiple files.
-- And other general code tweaks and improvements.
-
-### 3.3.11 - 3.3.16
-
-- Added screens for changing username and password.
-- Plaintext $PASSWORD option is no longer available.
-- Added options to Rename, Copy, or Delete files from Index screen.
-- Improved validation of $_GET parameters & other general code improvements.
-
-### 3.3.10
-
-- Created an actual "Admin" page that has links to admin functions: Hash Page, Edit OneFileCMS, and (soon) Change Password.
-
-### 3.3.09 
-
-- Minor code improvements & cleanup.
-
-### 3.3.08
-
-- Added some basic error handling and now using buffering to capture errant early output.
-- Seperate function to handle dynamic css values.
-
-### 3.3.07
-
-- Language file formats are now php instead of ini.
-- Minor improvement to version checking.
-
-### 3.3.06
-
-- Increased hash iterations from 1000 to 10000.  (I've read that lots of iterations help slow down brute force p/w recovery)
-- Format for external config files is now just php (instead of ini).
-- Some miscellaneous code & css improvements.
-
-### 3.3.05a
-
-- Just removed some trouble-shooting code that was left in unintentionally.
-
-### 3.3.05
-
-- Added a few settings to the language files to adjust certain css values if needed.  In some instances, some langauges may use significantly longer words or phrases than others.  So, a smaller font or less spacing may be desirable in those places to preserve page layout.   
-- And, of course, some minor code improvements hear and there.
-
-### 3.3.04
-
-- Added Spanish language file courtesy of [fermuch](https//github.com/fermuch).
-- Some misc code improvements.
-- Added notes regarding using .ini file for password storage.
-
-### 3.3.03
-
-- "Wide View" option on Edit page now persists across saves.
-- Improved handling of language files.  However, kinda' like "online security", "multi-language support" is nebulous and a bit finicky.
-
-### 3.3.02
-
-- Added German language file courtesy of [codeless](http://github.com/codeless).
-
-### 3.3.01
-
-- Fixed a "minor" issue after adding multi-language support- OneFileCMS stopped working altogether on versions of PHP &lt; 5.3.
-
-### 3.3.0
-
-- Added support for optional external language files.   Now to get some translations...  
-- The default, English, is included directly in OneFileCMS, of course.
-- A sample language file (English) is included in the repo for reference for anyone that may be interested.
-
-
-### 3.2.3
-
-- Thanks to github.com/codeless: added the ability to process a seperate config file.  
-  (This is just an option for flexibility, and is not required)
-- Added a [Wide View] button to Edit page.
-- Some minor code improvement & css tweaking.
-
-### 3.2.2
-
-- Thanks to github.com/codeless: added a configurable whitelist of files to show.
-- Fixed minor issue on hash page (needed htmlspecialchars)
-- And, of course, various style & code tweaks.
-
-
-### 3.2.1
-
-- Added timer to "Please wait..." message after too many invalid login attempts.
-- Mostly some misc code cleanup & improvement.
-	
-### 3.2.0
-
-- Added a few security improvements.
-- Added "timeout" timer as a warning to save edits before they're lost.
-
-
-### 3.1.9
-
-- Password may now be stored as an encrypted hash, instead of in plain text.
-- Added an "Admin" page to generate password hashes.
-- A bunch of other code tweakin' & improvements.
-
-### 3.1.6 thru 3.1.8
-
-- Converted bulk of rest of code into functions (easier to work with).
-- Resolved issue (I hope) with differing versions of PHP and how magic_quotes & stripslashes are handled.
-
-### 3.1.2 thru 3.1.5
-
-- Added file size limits to the Edit/View page. (Some browsers don't like large files in an HTML textarea.)
-- Added some data validation to $_GET parameters
-- Some misc code cleanup & organization etc.
-- And other misc stuff...
-
-### 3.1.1
-
-- Fixed minor issue with data encoding of file for editting in a &lt;textarea>
-
-### 3.1
-
-- (Very) moderate data validation improvements.
-- Reorganized & funcionalized() most of the code.
-
-### 3.0
-
-- Implemented svg icons
-
-### 2.0
-
-- OneFileCMS is now actually ONE FILE! No external style sheets or icons.  
-  (Of course, external style sheets & icons can be added back in, if you like.)
-
-- This is OneFileCMS "Lite", and will be maintained along with v3.0
-
-### 1.5 
-
-- Style sheet is now part of onfilecms.php file, but still uses external icons.
-- Some minor logic improvements on Edit & Index pages.
-
-### 1.4.0
-
-- Substantial code reorganization & updates.
-
-
-### 1.2.4 - 1.3.0
-
-- DO NOT USE THESE VERSIONS!
-- Mostly just a bunch of code modifications.
-- These versions have issues, primarily when on the home/root page your site. 
-
-### 1.2.3
-
-- Fixed check for local css. If not found, loads hosted copy. 
-  (This will soon be a moot point...)
-
-### 1.2.2
-
-- On "Edit" page, images are now displayed directly, instead of a disabled textarea.
-- Logout page replaced with standard "alert" message on login screen.
-
-### 1.2.1
-
-- Fixed security hole that affected versions 1.1.7 - 1.2.0.
-
-### 1.2.0
-
-- List of files now sorted alphabetically, without regard to case.
-- Further improved Edit page & screen feedback of file state (changed/unchanged).
-- Added [X] dismiss button on message box
-- File dates shown on Index & Edit pages are now in user's local time.
-- Moved from xhtml to html syntax & doctype.
-
-### 1.1.9
-
-- Improved Edit page & screen feedback of file state (changed/unchanged).
-- Removed use of jquery in move towards a true "OneFileCMS".
-
-### 1.1.8  
-
-- Added a table list view option (default).  Either List or original "Block" view selectable with $VIEW_MODE variable. (On screen selection in the works)
-- (And, of course, numerous other code tweaks/improvements.
-
-### 1.1.7
-
-- Added [Cancel] button to most screens. Numerous minor UI & code tweaks/improvements.  Changed where .css is hosted (may change back later).  Removed "Rendered in (microseconds)...".  Added license info & copyright notice.
-
-### 1.1.6
-
-- Breadcrumb navigation (courtesy of [Self-Evident](https://github.com/Self-Evident/)), CSS file and some minor changes to it
-- Installation is still as usual, but now, if you have _onefilecms.css_ in the same folder as _onefilecms.php_, it'll be linked instead of the normal [http://onefilecms.com/style.css](http://onefilecms.com/style.css).
-
-### 1.1.5
-
-- Fixed a disallowed redirect vulnerability  
-Many thanks to Abhi M Balakrishnan from [OWASP Mantra Team](http://www.getmantra.com/) for his help
-
-### 1.1.4
-
-- JavaScript cleanup and jQuery upgrade
-- Visit Site = /
-- Now on GitHub!
-
-### 1.1.3 (1/10/2012)
-
-- Fixed a upload bug leftover from 1.1.2's CSRF protection
-
-### 1.1.2 (9/21/11)
-
-- More CSRF protection for logged-in users
-
-### 1.1.1 (1/9/10)
-
-- CSRF protection (thanks Steve and Rene)
-- Support for storing password as an MD5 hash (thanks, durilka!)
-
-### 1.1.0 (10/18/09)
-
-- config_footer variable for branding or analytics code
-- config_disabled variable to disallow editing of files like images, zips, icons, etc
-- config_excluded variable to exclude specific files (or filetypes) from being shown in the index
-- Shows hidden files (files that start with a "." like ".htaccess") on index listing
-- "noindex" meta tag so Google doesn't crawl your backend
-- Fixed a couple minor CSS and link bugs in the example site.
-- Updated license page to clarify commercial license usage per domain and upgrade.
-
-### 1.0.1 (9/24/09)
-
-- Relative CSS links and navigation in example site to work better with the demo (No change to OneFileCMS itself)
-
-### 1.0 (9/5/09)
+## [Change Log](https://raw.github.com/Self-Evident/OneFileCMS/gh-pages/changelog.html)
 
-- Launch!
+## [Git Log](https://raw.github.com/Self-Evident/OneFileCMS/gh-pages/git.log)

From e111ad319e562e8621727466ddaa9984e9b112cd Mon Sep 17 00:00:00 2001
From: David <selfevidenttruths@mail.com>
Date: Sun, 21 Oct 2012 16:30:00 -0400
Subject: [PATCH 153/228] Version 3.4.12 Updated Readme

---
 readme.markdown | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/readme.markdown b/readme.markdown
index 5979ac9..cc2eef6 100755
--- a/readme.markdown
+++ b/readme.markdown
@@ -179,6 +179,6 @@ GENERATE/OUTPUT THE PAGE
 
 --------------------------------------------------------------------------------
 
-## [Change Log](https://raw.github.com/Self-Evident/OneFileCMS/gh-pages/changelog.html)
+## [Change Log](http://self-evident.github.com/OneFileCMS/changelog.html)
 
 ## [Git Log](https://raw.github.com/Self-Evident/OneFileCMS/gh-pages/git.log)

From 9eb7640cedfb4707ac6d4f227d7060fb8d5c41af Mon Sep 17 00:00:00 2001
From: Self-Evident <selfevidenttruths@mail.com>
Date: Mon, 5 Nov 2012 01:30:00 -0500
Subject: [PATCH 154/228] Version 3.4.13 Setup section: Added validation of
 $MAIN_WIDTH & $WIDE_VIEW_WIDTH. In a few function global declarations,
 removed references to unused variables. Update_Recent_Pages(): if unset, init
 to current $page instead of "". $PWUN_RULES: Swapped order of $_[pw_txt_08]
 and $_[pw_txt_10]. List_Backup(): Made [Delete] button visually consistant
 with Index page [Delete] button. List_Backup(): hte() & urldecode() of file
 name. Some incidental code respacing... Change_PWUN_Page(): removed
 $config_key (no longer used), and name attribute from <form> Update_config():
 Switched from file_get_contents() to file(), & improved $message's a bit.
 Change_PWUN_response(): A few minor improvements. LOgout(): Added $_SESSION =
 array(); Index_Page(): added hsc() to a couple places where needed.
 Index_Page():<table> to <div>'s for button layout (not really any better)
 Upload_Page(): Improved logic to set input width. Upload_Page(): Added hsc()
 to a few $_[] strings. Delete_response(): If came from Admin page, return
 there. Some incidental style sheet tweaks.

---
 OneFileCMS.LANG.DE.php   |  38 ++--
 OneFileCMS.LANG.EN.php   |  42 ++--
 OneFileCMS.LANG.ES.php   |  32 ++--
 OneFileCMS.LANG.NL.php   |  51 ++---
 OneFileCMS_structure.txt |   4 +-
 onefilecms.php           | 400 +++++++++++++++++++--------------------
 readme.markdown          |  49 ++---
 7 files changed, 296 insertions(+), 320 deletions(-)

diff --git a/OneFileCMS.LANG.DE.php b/OneFileCMS.LANG.DE.php
index 945af66..e78cffb 100755
--- a/OneFileCMS.LANG.DE.php
+++ b/OneFileCMS.LANG.DE.php
@@ -1,5 +1,5 @@
 <?php
-// OneFileCMS Language Settings v3.4.12
+// OneFileCMS Language Settings v3.4.13
 
 $_['LANGUAGE'] = 'Deutsch';
 $_['LANG'] = 'DE';
@@ -17,16 +17,17 @@
 // So, a smaller font or less spacing may be desirable in those places to preserve page layout.
 //
 $_['front_links_font_size'] = '0.9em';  //Buttons on Index page.
-$_['front_links_margin_L']  = '0.5em';
+$_['front_links_margin_L']  = '0.3em';
 $_['button_font_size']      = '.7em';   //Buttons on Edit page.
 $_['button_margin_L']       = '.5em';
 $_['button_padding']        = '4px 5px';
 $_['image_info_font_size']  = '.95em';  //show_img_msg_01  &  _02
 $_['image_info_pos']        = '1';      //If 1 or true, moves the info down a line for more space.
 $_['select_all_label_size'] = '.84em';  //Font size of $_['Select_All']
-$_['select_all_label_width'] = '76px';   //Width of space for $_['Select_All']
+$_['select_all_label_width'] = '76px';  //Width of space for $_['Select_All']
 
 $_['Admin']   = 'Konfiguration';
+$_['bytes']   = 'bytes';
 $_['Cancel']  = 'Abbrechen';
 $_['Close']   = 'Schließen';
 $_['Copy']    = 'Erstellen';
@@ -46,7 +47,6 @@
 $_['Move']    = 'Verschieben';
 $_['Moved']   = 'Verschoben';
 $_['on']      = 'läuft unter';
-$_['bytes']   = 'bytes';
 
 $_['Password']   = 'Passwort';
 $_['Rename']     = 'Umbenennen';
@@ -144,9 +144,9 @@
 $_['edit_msg_03'] = 'Bei dem Versuch die Datei zu speichern trat ein Fehler auf.';
 
 $_['upload_txt_03']  = 'Anmerkung: Die maximale Dateigröße für das Heraufladen von Dateien beträgt: ';
-$_['upload_txt_01']  = '  per upload_max_filesize in php.ini.';
+$_['upload_txt_01']  = 'php.ini: upload_max_filesize';
 $_['upload_txt_04']  = 'Maximale Gesamt Upload-Größe:';
-$_['upload_txt_02']  = 'pro post_max_size in der php.ini';
+$_['upload_txt_02']  = 'php.ini: post_max_size';
 $_['upload_txt_05']  = 'Für die hochgeladenen Dateien, die bereits existieren: ';
 $_['upload_txt_06']  = 'Umbenennen (Auf filename.ext.001 etc...)';
 $_['upload_txt_07']  = 'Überschreiben';
@@ -179,9 +179,9 @@
 
 $_['CRM_txt_02']  = 'Der neue Ort muss bereits existieren.';
 $_['CRM_txt_04']  = 'Neuer Name';
-$_['CRM_msg_01']  = ' Fehler - der neue Zielort besteht nicht:';
-$_['CRM_msg_02']  = ' Fehler - die Quelldatei besteht nicht:';
-$_['CRM_msg_03']  = ' Fehler - die Zieldatei besteht bereits:';
+$_['CRM_msg_01']  = 'Fehler - der neue Zielort besteht nicht:';
+$_['CRM_msg_02']  = 'Fehler - die Quelldatei besteht nicht:';
+$_['CRM_msg_03']  = 'Fehler - die Zieldatei besteht bereits:';
 $_['CRM_msg_05']  = 'Fehler bei der';
 
 $_['delete_msg_03']   = 'Fehler löschen:';
@@ -211,10 +211,13 @@
 $_['admin_txt_14'] = 'Eine weitere, kleine Sicherheitsvorkehrung wäre, das Salz oder die Methode für die Streuwertgenerierung von OneFileCMS zu ändern.';
 $_['admin_txt_16'] = 'Sie können auch OneFileCMS selbst bearbeiten.  Legen Sie aber sicherheitshalber eine Kopie an, falls es zu einem unerwünschten Schreibfehler kommt...';
 
-$_['pw_change']  = 'Passwort ändern';
 $_['pw_current'] = 'Aktuelles Passwort';
+$_['pw_change']  = 'Passwort ändern';
 $_['pw_new']     = 'Neues Passwort';
 $_['pw_confirm'] = 'Bestätigen Sie das neue Password';
+$_['un_change']  = 'Benutzername ändern';
+$_['un_new']     = 'Neuer Benutzername';
+$_['un_confirm'] = 'Bestätigen Sie den neuen Benutzernamen';
 
 $_['pw_txt_02'] = 'Regeln für Passwort / Benutzername:';
 $_['pw_txt_04'] = 'Groß-/Kleinschreibung wird berücksichtigt!';
@@ -225,19 +228,16 @@
 $_['pw_txt_14'] = 'Wird ein ungültiges Passwort eingegeben, werden Sie abgemeldet. Sie können sich anschließend neu anmelden.';
 
 $_['change_pw_01'] = 'Passwort wurde geändert!';
-$_['change_pw_02'] = 'Passwort wurde nicht geändert:';
+$_['change_pw_02'] = 'Passwort wurde nicht geändert.';
 $_['change_pw_03'] = 'Falsches (derzeitiges) Passwort. Bitte melden Sie sich an, um es erneut zu versuchen.';
 $_['change_pw_04'] = 'Die Werte der Felder "Neu" und "Bestätigen" gleichen sich nicht.';
 $_['change_pw_05'] = 'Aktualisierung';
 $_['change_pw_06'] = 'Externe Konfigurationsdatei';
+$_['change_un_01'] = 'Benutzername wurde geändert!';
+$_['change_un_02'] = 'Benutzername wurde nicht geändert.';
 
-$_['un_change']     = 'Benutzername ändern';
-$_['un_new']        = 'Neuer Benutzername';
-$_['un_confirm']    = 'Bestätigen Sie den neuen Benutzernamen';
-$_['change_un_01']  = 'Benutzername wurde geändert!';
-$_['change_un_02']  = 'Benutzername wurde nicht geändert:';
 $_['update_failed'] = 'Aktualisierung fehlgeschlagen - die Datei konnte nicht gespeichert werden.';
-$_['mcd_msg_01']    = 'Dateien verschoben.';
-$_['mcd_msg_02']    = 'Dateien kopiert.';
-$_['mcd_msg_03']    = 'Dateien gelöscht.';
+$_['mcd_msg_01'] = 'Dateien verschoben.';
+$_['mcd_msg_02'] = 'Dateien kopiert.';
+$_['mcd_msg_03'] = 'Dateien gelöscht.';
 
diff --git a/OneFileCMS.LANG.EN.php b/OneFileCMS.LANG.EN.php
index a2c8980..f5f639f 100755
--- a/OneFileCMS.LANG.EN.php
+++ b/OneFileCMS.LANG.EN.php
@@ -1,5 +1,5 @@
 <?php
-// OneFileCMS Language Settings v3.4.12
+// OneFileCMS Language Settings v3.4.13
 
 $_['LANGUAGE'] = 'English'; //EN
 $_['LANG'] = 'EN';
@@ -24,9 +24,10 @@
 $_['image_info_font_size']  = '1em';    //show_img_msg_01  &  _02
 $_['image_info_pos']        = '';       //If 1 or true, moves the info down a line for more space.
 $_['select_all_label_size'] = '.84em';  //Font size of $_['Select_All']
-$_['select_all_label_width'] = '72px';   //Width of space for $_['Select_All']
+$_['select_all_label_width'] = '72px';  //Width of space for $_['Select_All']
 
 $_['Admin']   = 'Admin';
+$_['bytes']   = 'bytes';   //####
 $_['Cancel']  = 'Cancel';
 $_['Close']   = 'Close';
 $_['Copy']    = 'Copy';
@@ -46,7 +47,6 @@
 $_['Move']    = 'Move';
 $_['Moved']   = 'Moved';
 $_['on']      = 'on';
-$_['bytes']   = 'bytes';   //####
 
 $_['Password']   = 'Password';
 $_['Rename']     = 'Rename';
@@ -144,12 +144,12 @@
 $_['edit_msg_03'] = 'There was an error saving file.';
 
 $_['upload_txt_03']  = 'Maximum size of each file:';
-$_['upload_txt_01']  = '(upload_max_filesize in php.ini)';
+$_['upload_txt_01']  = '(php.ini: upload_max_filesize)';
 $_['upload_txt_04']  = 'Maximum total upload size:';
-$_['upload_txt_02']  = '(post_max_size in php.ini)';
-$_['upload_txt_05']  = 'For uploaded files that already exist: '; //####
-$_['upload_txt_06']  = 'Rename (to filename.ext.001 etc...)'; //####
-$_['upload_txt_07']  = 'Overwrite'; //####
+$_['upload_txt_02']  = '(php.ini: post_max_size)';
+$_['upload_txt_05']  = 'For uploaded files that already exist: ';
+$_['upload_txt_06']  = 'Rename (to filename.ext.001 etc...)';
+$_['upload_txt_07']  = 'Overwrite';
 
 $_['upload_err_01']  = 'Error 1: File too large. From php.ini:';
 $_['upload_err_02']  = 'Error 2: File too large. (Exceeds MAX_FILE_SIZE HTML form element)';
@@ -166,7 +166,7 @@
 $_['upload_msg_04'] = 'Uploading:';
 $_['upload_msg_05'] = 'Upload successful!';
 $_['upload_msg_06'] = 'Upload failed:';
-$_['upload_msg_07'] = 'A pre-existing file was overwritten.'; //####
+$_['upload_msg_07'] = 'A pre-existing file was overwritten.';
 
 $_['new_file_txt_01'] = 'File or Folder will be created in the current folder.';
 $_['new_file_txt_02'] = 'Some invalid characters are:';
@@ -206,18 +206,21 @@
 $_['error_reporting_06'] = '(nothing, not even white-space, should have been output yet)';
 
 $_['admin_txt_00'] = 'Old Backup Found';
-$_['admin_txt_01'] = 'A backup file was created in case of an error during a username or password change. Therefore, it may contain old information and should be deleted if not needed. In any case, it will automatically be overwritten on the next password or username change.';
+$_['admin_txt_01'] = 'A backup file was created in case of an error during a username or password change. Therefore, it may contain old information and should be deleted if not needed. In any case, it will be automatically overwritten on the next password or username change.';
 $_['admin_txt_02'] = 'General Information';
 $_['admin_txt_14'] = 'For a small improvement to security, change the default salt and/or method used by OneFileCMS to hash the password (and keep them secret, of course). Every little bit helps...'; //####
 $_['admin_txt_16'] = 'OneFileCMS can be used to edit itself.  However, be sure to have a backup ready for the inevitable ytpo...'; //####
 
-$_['pw_change']  = 'Change Password';
 $_['pw_current'] = 'Current Password';
+$_['pw_change']  = 'Change Password';
 $_['pw_new']     = 'New Password';
 $_['pw_confirm'] = 'Confirm New Password';
+$_['un_change']  = 'Change Username';
+$_['un_new']     = 'New Username';
+$_['un_confirm'] = 'Confirm New Username';
 
 $_['pw_txt_02'] = 'Password / Username rules:';
-$_['pw_txt_04'] = 'Case-sensitive: "A" is not "a"';
+$_['pw_txt_04'] = 'Case-sensitive: "A" =/= "a"';
 $_['pw_txt_06'] = 'Must contain at least one non-space character.';
 $_['pw_txt_08'] = 'May contain spaces in the middle. Ex: "This is a password or username!"';
 $_['pw_txt_10'] = 'Leading and trailing spaces are ignored.';
@@ -225,19 +228,16 @@
 $_['pw_txt_14'] = 'If an incorrect current password is entered, you will be logged out, but you may log back in.';
 
 $_['change_pw_01'] = 'Password changed!';
-$_['change_pw_02'] = 'Password NOT changed:';
+$_['change_pw_02'] = 'Password NOT changed.';
 $_['change_pw_03'] = 'Incorrect current password. Login to try again.';
 $_['change_pw_04'] = '"New" and "Confirm New" values do not match.';
 $_['change_pw_05'] = 'Updating';
 $_['change_pw_06'] = 'external config file';
+$_['change_un_01'] = 'Username changed!';
+$_['change_un_02'] = 'Username NOT changed.';
 
-$_['un_change']     = 'Change Username';
-$_['un_new']        = 'New Username';
-$_['un_confirm']    = 'Confirm New Username';
-$_['change_un_01']  = 'Username changed!';
-$_['change_un_02']  = 'Username NOT changed:';
 $_['update_failed'] = 'Update failed - could not save file.';
-$_['mcd_msg_01']    = 'files moved.';
-$_['mcd_msg_02']    = 'files copied.';
-$_['mcd_msg_03']    = 'files deleted.';
+$_['mcd_msg_01'] = 'files moved.';
+$_['mcd_msg_02'] = 'files copied.';
+$_['mcd_msg_03'] = 'files deleted.';
 
diff --git a/OneFileCMS.LANG.ES.php b/OneFileCMS.LANG.ES.php
index c4c8b10..f5097d1 100755
--- a/OneFileCMS.LANG.ES.php
+++ b/OneFileCMS.LANG.ES.php
@@ -1,5 +1,5 @@
 <?php
-// OneFileCMS Language Settings v3.4.12
+// OneFileCMS Language Settings v3.4.13
 
 $_['LANGUAGE'] = 'Espanõla';
 $_['LANG'] = 'ES';
@@ -17,16 +17,17 @@
 // So, a smaller font or less spacing may be desirable in those places to preserve page layout.
 //
 $_['front_links_font_size'] = '1.0em';  //Buttons on Index page.
-$_['front_links_margin_L']  = '0.6em';
+$_['front_links_margin_L']  = '0.5em';
 $_['button_font_size']      = '0.9em';  //Buttons on Edit page.
 $_['button_margin_L']       = '0.4em';
 $_['button_padding']        = '4px 5px';
 $_['image_info_font_size']  = '.95em';  //show_img_msg_01  &  _02
 $_['image_info_pos']        = ' ';      //If 1 or true, moves the info down a line for more space.
 $_['select_all_label_size'] = '.84em';  //Font size of $_['Select_All']
-$_['select_all_label_width'] = '76px';   //Width of space for $_['Select_All']
+$_['select_all_label_width'] = '110px'; //Width of space for $_['Select_All']
 
 $_['Admin']   = 'Administrador';
+$_['bytes']   = 'bytes';
 $_['Cancel']  = 'Cancelar';
 $_['Close']   = 'Cerrar';
 $_['Copy']    = 'Copiar';
@@ -46,7 +47,6 @@
 $_['Move']    = 'Mover';
 $_['Moved']   = 'Movido';
 $_['on']      = 'activado';
-$_['bytes']   = 'bytes';
 
 $_['Password']   = 'contraseña';
 $_['Rename']     = 'Renombrar';
@@ -144,9 +144,9 @@
 $_['edit_msg_03'] = 'Ocurrió un error guardando el archivo.';
 
 $_['upload_txt_03']  = 'Nota: El tamaño máximo de subida es de:';
-$_['upload_txt_01']  = 'por upload_max_filesize en php.ini.';
+$_['upload_txt_01']  = '(php.ini: upload_max_filesize)';
 $_['upload_txt_04']  = 'Tamaño total de la subida:';
-$_['upload_txt_02']  = 'por post_max_size en php.ini';
+$_['upload_txt_02']  = '(php.ini: post_max_size)';
 $_['upload_txt_05']  = 'Para los archivos subidos que ya existen: ';
 $_['upload_txt_06']  = 'Renombrar (hacia filename.ext.001 etc...)';
 $_['upload_txt_07']  = 'Sobreescribir';
@@ -211,10 +211,13 @@
 $_['admin_txt_14'] = 'Para otro tip de seguridad, cambiá la llave de seguridad y/o el método usado por OneFileCMS para almacenar la clave (y mantenelo en secreto, obviamente).  Acordate, cada granito ayuda...';
 $_['admin_txt_16'] = 'Podés usar OneFileCMS para editarlo. Sin embargo, asegurate de hacer un backup...';
 
-$_['pw_change']  = 'Cambiar Contraseña';
 $_['pw_current'] = 'Contraseña actual';
+$_['pw_change']  = 'Cambiar Contraseña';
 $_['pw_new']     = 'Nueva contraseña';
 $_['pw_confirm'] = 'Confirmar Contraseña Nueva';
+$_['un_change']  = 'Cambiar Nombre de Usuario';
+$_['un_new']     = 'Nuevo Usuario';
+$_['un_confirm'] = 'Confirmar Nuevo Nombre de Usuario';
 
 $_['pw_txt_02'] = 'Reglas de Usuario / Contraseña:';
 $_['pw_txt_04'] = '¡Se hace diferencia entre mayúsculas y minúsculas!  "A" =/= "a"';
@@ -225,19 +228,16 @@
 $_['pw_txt_14'] = 'Si se ingresa la contraseña actual de forma incorrecta, serás deslogueado y tendrás que volver a loguearte.';
 
 $_['change_pw_01'] = '¡Contraseña Cambiada!';
-$_['change_pw_02'] = 'Contraseña NO cambiada:';
+$_['change_pw_02'] = 'Contraseña NO cambiada.';
 $_['change_pw_03'] = 'Contraseña anterior inválida. Logueate e intenta de nuevo.';
 $_['change_pw_04'] = 'La contraseña y su confirmación no coinciden.';
 $_['change_pw_05'] = 'Actualizando';
 $_['change_pw_06'] = 'archivo de configuración externa';
+$_['change_un_01'] = '¡Nombre de Usuario Actualizado!';
+$_['change_un_02'] = 'Nombre de Usuario NO Actualizado.';
 
-$_['un_change']     = 'Cambiar Nombre de Usuario';
-$_['un_new']        = 'Nuevo Usuario';
-$_['un_confirm']    = 'Confirmar Nuevo Nombre de Usuario';
-$_['change_un_01']  = '¡Nombre de Usuario Actualizado!';
-$_['change_un_02']  = 'Nombre de Usuario NO Actualizado:';
 $_['update_failed'] = 'Actualización fallida. No se pudo guardar el archivo.';
-$_['mcd_msg_01']    = 'archivos movidos satisfactoriamente.';
-$_['mcd_msg_02']    = 'archivos copiados satisfactoriamente.';
-$_['mcd_msg_03']    = 'archivos eliminados satisfactoriamente.';
+$_['mcd_msg_01'] = 'archivos movidos satisfactoriamente.';
+$_['mcd_msg_02'] = 'archivos copiados satisfactoriamente.';
+$_['mcd_msg_03'] = 'archivos eliminados satisfactoriamente.';
 
diff --git a/OneFileCMS.LANG.NL.php b/OneFileCMS.LANG.NL.php
index 2c7de7f..891800a 100755
--- a/OneFileCMS.LANG.NL.php
+++ b/OneFileCMS.LANG.NL.php
@@ -1,5 +1,5 @@
 <?php
-// OneFileCMS Language Settings v3.4.11
+// OneFileCMS Language Settings v3.4.13
 
 $_['LANGUAGE'] = 'Dutch (Nederlands)'; //NL
 $_['LANG'] = 'NL';
@@ -16,17 +16,18 @@
 // In some instances, some langauges may use significantly longer words or phrases than others.
 // So, a smaller font or less spacing may be desirable in those places to preserve page layout.
 //
-$_['front_links_font_size']  = '1.0em';  //Buttons on Index page.
-$_['front_links_margin_L']   = '1.0em';
-$_['button_font_size']       = '0.9em';  //Buttons on Edit page.
-$_['button_margin_L']        = '0.7em';
-$_['button_padding']         = '4px 10px';
-$_['image_info_font_size']   = '1em';    //show_img_msg_01  &  _02
-$_['image_info_pos']         = '';       //If 1 or true, moves the info down a line for more space.
-$_['select_all_label_size']  = '.84em';  //Font size of $_['Select_All']
-$_['select_all_label_width'] = '76px';   //Width of space for $_['Select_All']
+$_['front_links_font_size'] = '0.8em';  //Buttons on Index page.
+$_['front_links_margin_L']  = '0.4em';
+$_['button_font_size']      = '0.7em';  //Buttons on Edit page.
+$_['button_margin_L']       = '0.5em';
+$_['button_padding']        = '4px 10px';
+$_['image_info_font_size']  = '1em';    //show_img_msg_01  &  _02
+$_['image_info_pos']        = '';       //If 1 or true, moves the info down a line for more space.
+$_['select_all_label_size'] = '.84em';  //Font size of $_['Select_All']
+$_['select_all_label_width'] = '90px';  //Width of space for $_['Select_All']
 
 $_['Admin']   = 'Beheer';
+$_['bytes']   = 'bytes';
 $_['Cancel']  = 'Annuleren';
 $_['Close']   = 'Sluiten';
 $_['Copy']    = 'Kopiëren';
@@ -46,7 +47,6 @@
 $_['Move']    = 'Verplaats';
 $_['Moved']   = 'Verplaatst';
 $_['on']      = 'on';
-$_['bytes']   = 'bytes';   //####
 
 $_['Password']   = 'Wachtwoord';
 $_['Rename']     = 'Hernoemen';
@@ -144,9 +144,12 @@
 $_['edit_msg_03'] = 'Er was een fout bij het opslaan van bestand:';
 
 $_['upload_txt_03']  = 'Maximum grootte van ieder bestand:';
-$_['upload_txt_01']  = '(upload_max_filesize in php.ini)';
+$_['upload_txt_01']  = '(php.ini: upload_max_filesize)';
 $_['upload_txt_04']  = 'Maximum totaal upload grootte:';
-$_['upload_txt_02']  = '(post_max_size in php.ini)';
+$_['upload_txt_02']  = '(php.ini: post_max_size)';
+$_['upload_txt_05']  = 'For uploaded files that already exist: '; //## NT ##
+$_['upload_txt_06']  = 'Rename (to filename.ext.001 etc...)'; //## NT ##
+$_['upload_txt_07']  = 'Overwrite'; //## NT ##
 
 $_['upload_err_01']  = 'Fout 1: Bestand te groot. Uit php.ini:';
 $_['upload_err_02']  = 'Fout 2: Bestand te groot. (Overschrijdt MAX_FILE_SIZE HTML form element)';
@@ -163,6 +166,7 @@
 $_['upload_msg_04'] = 'Uploaden:';
 $_['upload_msg_05'] = 'Upload succesvol!';
 $_['upload_msg_06'] = 'Upload mislukt:';
+$_['upload_msg_07'] = 'A pre-existing file was overwritten.'; //## NT ##
 
 $_['new_file_txt_01'] = 'Bestand of map zullen in de huidige map gemaakt worden.';
 $_['new_file_txt_02'] = 'Sommige ongeldige tekens zijn:';
@@ -207,10 +211,13 @@
 $_['admin_txt_14'] = 'Voor een kleine verbetering van de beveiliging, verander het standaard "salt" en/of methode gebruikt door OneFileCMS om het wachtwoord te hashen (en houdt deze geheim, natuurlijk). Alle kleine beetjes helpen...'; //####
 $_['admin_txt_16'] = 'OneFileCMS kan gebruikt worden om zichzelf te wijzigen. Echter, draagt u zorg voor een backup indien er iets misgaat zoals de onvermijdelijke typvout...'; //####
 
-$_['pw_change']  = 'Bewerk Wachtwoord';
 $_['pw_current'] = 'Huidig Wachtwoord';
+$_['pw_change']  = 'Bewerk Wachtwoord';
 $_['pw_new']     = 'Nieuw Wachtwoord';
 $_['pw_confirm'] = 'Bevestig Nieuw Wachtwoord';
+$_['un_change']  = 'Wijzig Gebruikersnaam';
+$_['un_new']     = 'Nieuwe Gebruikersnaam';
+$_['un_confirm'] = 'Bevestig Nieuwe Gebruikersnaam';
 
 $_['pw_txt_02'] = 'Wachtwoord / Gebruikersnaam regels:';
 $_['pw_txt_04'] = 'Hoofdlettergevoelig: "A" is geen "a"';
@@ -221,18 +228,16 @@
 $_['pw_txt_14'] = 'Indien een onjuist huidig wachtwoord opgegeven wordt, zult u automatisch uitgelogd worden. U mag dan wel weer meteen inloggen.';
 
 $_['change_pw_01'] = 'Wachtwoord gewijzigd!';
-$_['change_pw_02'] = 'Wachtwoord NIET gewijzigd:';
+$_['change_pw_02'] = 'Wachtwoord NIET gewijzigd.';
 $_['change_pw_03'] = 'Onjuist huidig wachtwoord opgegeven. Log in en probeert u het nog eens.';
 $_['change_pw_04'] = '"Nieuw" en "Bevestig Nieuw" waardes komen niet overeen.';
 $_['change_pw_05'] = 'Bijwerken';
 $_['change_pw_06'] = 'extern configuratiebestand';
+$_['change_un_01'] = 'Gebruikersnaam gewijzigd!';
+$_['change_un_02'] = 'Gebruikersnaam NIET gewijzigd.';
 
-$_['un_change']     = 'Wijzig Gebruikersnaam';
-$_['un_new']        = 'Nieuwe Gebruikersnaam';
-$_['un_confirm']    = 'Bevestig Nieuwe Gebruikersnaam';
-$_['change_un_01']  = 'Gebruikersnaam gewijzigd!';
-$_['change_un_02']  = 'Gebruikersnaam NIET gewijzigd:';
 $_['update_failed'] = 'Update mislukt - onmogelijk bestand op te slaan.';
-$_['mcd_msg_01']    = 'bestanden verplaatst.';
-$_['mcd_msg_02']    = 'bestanden gekopiëerd.';
-$_['mcd_msg_03']    = 'bestanden verwijderd.';
+$_['mcd_msg_01'] = 'bestanden verplaatst.';
+$_['mcd_msg_02'] = 'bestanden gekopiëerd.';
+$_['mcd_msg_03'] = 'bestanden verwijderd.';
+
diff --git a/OneFileCMS_structure.txt b/OneFileCMS_structure.txt
index 46a7986..0a2b1e9 100755
--- a/OneFileCMS_structure.txt
+++ b/OneFileCMS_structure.txt
@@ -1,4 +1,4 @@
-OneFileCMS Version 3.4.10 structure/layout
+OneFileCMS Version 3.4.13 structure/layout
 
 LICENSE
 
@@ -88,7 +88,7 @@ JAVASCRIPT & STYLESHEET FUNCTIONS:
 		Start_Countdown()
 		FileTimeStamp()
 		Select_All()
-		Confirm_ready()
+		Confirm_Submit()
 	Edit_Page_scripts()
 		Wide_View()
 		Reset_file_status_indicators()
diff --git a/onefilecms.php b/onefilecms.php
index bc8d43f..1e43e37 100755
--- a/onefilecms.php
+++ b/onefilecms.php
@@ -1,7 +1,7 @@
 <?php
 // OneFileCMS - github.com/Self-Evident/OneFileCMS
 
-$OFCMS_version = '3.4.12';
+$OFCMS_version = '3.4.13';
 
 /*******************************************************************************
 Copyright © 2009-2012 https://github.com/rocktronica
@@ -35,8 +35,8 @@
 ob_start(); //Catch any early output. Closed prior to page output.
 ini_set('session.use_trans_sid', 0);    //make sure URL supplied SESSID's are not used
 ini_set('session.use_only_cookies', 1); //make sure URL supplied SESSID's are not used
-error_reporting(0); //0 for none, or (E_ALL &~ E_STRICT) for trouble-shooting. 
-ini_set('display_errors', 'off');         //Only turn on for trouble-shooting. 
+error_reporting(0); //0 for none, or (E_ALL &~ E_STRICT) for trouble-shooting.
+ini_set('display_errors', 'off');         //Only turn on for trouble-shooting.
 ini_set('log_errors'    , 'off');         //Only turn on for trouble-shooting.
 ini_set('error_log'     , $_SERVER['SCRIPT_FILENAME'].'.ERROR.log');
 //Determine good folder for session file? Default is tmp/, which is not secure, but it may not be a serious concern.
@@ -50,22 +50,21 @@
 $config_title = "OneFileCMS";
 
 $USERNAME = "username";
-//$HASHWORD = "a6ca7f88bd5efc706d38047cc5844d2b11f86242c01e0c89a1c656dbe2dd1866"; //"password"
 $HASHWORD = "a6ca7f88bd5efc706d38047cc5844d2b11f86242c01e0c89a1c656dbe2dd1866"; //"password"
+//$HASHWORD = "a6ca7f88bd5efc706d38047cc5844d2b11f86242c01e0c89a1c656dbe2dd1866"; //"password"
 $SALT     = 'somerandomsalt';
 
-//$LANGUAGE_FILE = "OneFileCMS.LANG.EN.php"; //Filename of language settings.
-				//Path is relative to OneFileCMS. If file is not found, the built-in defaults will be used.
+//Name of optional external language file.  If file is not found, the built-in defaults will be used.
+//$LANGUAGE_FILE = "OneFileCMS.LANG.EN.php";  //Path is relative to OneFileCMS.
 
 $MAX_ATTEMPTS  = 3;   //Max failed login attempts before LOGIN_DELAY starts.
 $LOGIN_DELAY   = 10;  //In seconds.
-$MAX_IDLE_TIME = 600; //In seconds. 600 = 10 minutes.  Other PHP settings may limit its max effective value.
-					  //  For instance, 24 minutes is the PHP default for garbage collection.
-
-$MAIN_WIDTH    = '810px'; //Width of main <div> defining page layout.
-$WIDE_VIEW_WIDTH = '97%'; //Width to set Edit page if [Wide View] is clicked
+$MAX_IDLE_TIME = 600; //In seconds. 600 = 10 minutes.  Other PHP settings (like gc) may limit its max effective value.
 
-$MAX_IMG_W   = 810;  //Max width to display images. (main width is 810)
+$MAIN_WIDTH    = '800px'; //Width of main <div> defining page layout.          Can be px, pt, em, or %.  Assumes px otherwise.
+$WIDE_VIEW_WIDTH = '97%'; //Width to set Edit page if [Wide View] is clicked.  Can be px, pt, em, or %.  Assumes px otherwise.
+				
+$MAX_IMG_W   = 800;  //Max width to display images. (main width is 800)
 $MAX_IMG_H   = 1000; //Max height.  I don't know, it just looks reasonable.
 
 $MAX_EDIT_SIZE = 150000;  // Edit gets flaky with large files in some browsers.  Trial and error your's.
@@ -75,7 +74,7 @@
 $UPLOAD_FIELDS = 6; //Number of upload fields on Upload File(s) page. Max value is ini_get('max_file_uploads').
 
 $config_favicon   = "favicon.ico"; //Path is relative to root of website.
-$config_excluded  = ""; //files to exclude from directory listings- CaSe sEnsaTive!
+$config_excluded  = ""; //files to exclude from directory listings- CaSe sEnsiTive!
 
 $config_etypes = "html,htm,xhtml,php,pl,css,js,txt,text,cfg,conf,ini,csv,svg,log,htaccess"; //Editable file types.
 $config_stypes = "*"; // Shown types; only files of the given types should show up in the file-listing
@@ -86,8 +85,8 @@
 
 $config_itypes = "jpg,gif,png,bmp,ico"; //image types to display on edit page.
 // _ftypes & _fclass must have same number of values. bin is default.
-$config_ftypes = "bin,z,gz,7z,zip,jpg,gif,png,bmp,ico,svg,txt,cvs,css,php,pl ,ini,cfg,conf,asp,js ,htm,html,htaccess";
-$config_fclass = "bin,z,z ,z ,z  ,img,img,img,img,img,svg,txt,txt,css,php,txt,txt,cfg,cfg ,txt,txt,htm,htm ,txt";
+$config_ftypes = "bin,z,gz,7z,zip,jpg,gif,png,bmp,ico,svg,txt,cvs,css,php,pl ,ini,cfg,conf,log,asp,js ,htm,html,htaccess";
+$config_fclass = "bin,z,z ,z ,z  ,img,img,img,img,img,svg,txt,txt,css,php,txt,txt,cfg,cfg ,txt,txt,txt,htm,htm ,txt";
 
 $EX = '<b>( ! )</b> '; //EXclaimation point "icon" Used in $message's
 
@@ -109,8 +108,19 @@
 
 //If there is one, include external config file.
 if ( isset($config_file) && is_file($config_file) ) { include($config_file); }
-else { $config_file = '';} //If not found, clear it.
+else { $config_file = ''; } //If not found, clear it.
 
+//Determine if valid units are set for $MAIN_WIDTH.  If not, assume px.
+$main_units   = substr($MAIN_WIDTH, -2); //should be px, pt, em, or %.
+if ( ($main_units != "px") && ($main_units != "pt") && ($main_units != "em") && (substr($MAIN_WIDTH, -1) != '%')) {
+	$MAIN_WIDTH = ($MAIN_WIDTH * 1).'px';
+}
+
+//Determine if valid units are set for $WIDE_VIEW_WIDTH.  If not, assume px.
+$main_units   = substr($WIDE_VIEW_WIDTH, -2); //should be px, pt, em, or %.
+if ( ($main_units != "px") && ($main_units != "pt") && ($main_units != "em") && (substr($WIDE_VIEW_WIDTH, -1) != '%')) {
+	$WIDE_VIEW_WIDTH = ($WIDE_VIEW_WIDTH * 1).'px';
+}
 
 //Requires PHP 5.1, due to changes in some functions.
 //Earliest version the author has for testing is 5.2.8 (50208)
@@ -125,10 +135,10 @@
 	define('PHP_VERSION_ID', ($phpversion[0] * 10000 + $phpversion[1] * 100 + $phpversion[2]));
 }
 
-$TO_WARNING = 120; //When idle time remaining is less than this value, $timeout_warning is displayed
-
 ini_set('session.gc_maxlifetime', $MAX_IDLE_TIME + 100); //in case the default is less.
 
+$TO_WARNING = 120; //seconds. When idle time remaining is less than this value, $timeout_warning is displayed
+
 $ONESCRIPT = URLencode_path($_SERVER["SCRIPT_NAME"]); //Used for URL's
 $DOC_ROOT  = $_SERVER["DOCUMENT_ROOT"].'/';
 $WEB_ROOT  = URLencode_path(basename($DOC_ROOT)).'/';
@@ -146,8 +156,8 @@
 
 $VALID_PAGES = array("login","logout","admin","hash","changepw","changeun","index","edit","upload","uploaded","newfile","renamefile","copyfile","deletefile","deletefolder","newfolder","renamefolder","copyfolder","mcdaction");
 
-$INVALID_CHARS = '< > ? * : " | / \\'; //Illegal characters for file/folder names.  Space deliminated.
-$WHSPC_SLASH = "\x00..\x20/";  //Whitespace & forward slash. For trimming name inputs.
+$INVALID_CHARS = '< > ? * : " | / \\'; //Illegal characters for file & folder names.  Space deliminated.
+$WHSPC_SLASH = "\x00..\x20/";  //Whitespace & forward slash. For trimming file & folder name inputs.
 
 //Make arrays out of a few $config_variables for actual use later.
 //First, remove spaces and make lowercase.
@@ -173,7 +183,7 @@ function hte($input) { return htmlentities($input, ENT_QUOTES, 'UTF-8'); }//end
 
 function Default_Language() { // ***********************************************
 	global $_;
-// OneFileCMS Language Settings v3.4.12
+// OneFileCMS Language Settings v3.4.13
 
 $_['LANGUAGE'] = 'English'; //EN
 $_['LANG'] = 'EN';
@@ -200,6 +210,7 @@ function Default_Language() { // ***********************************************
 $_['select_all_label_size']  = '.84em';  //Font size of $_['Select_All']
 $_['select_all_label_width'] = '72px';   //Width of space for $_['Select_All']
 $_['Admin']   = 'Admin';
+$_['bytes']   = 'bytes'; //####
 $_['Cancel']  = 'Cancel';
 $_['Close']   = 'Close';
 $_['Copy']    = 'Copy';
@@ -219,7 +230,6 @@ function Default_Language() { // ***********************************************
 $_['Move']    = 'Move';
 $_['Moved']   = 'Moved';
 $_['on']      = 'on';
-$_['bytes']   = 'bytes';   //####
 $_['Password']   = 'Password';
 $_['Rename']     = 'Rename';
 $_['successful'] = 'successful';
@@ -306,9 +316,9 @@ function Default_Language() { // ***********************************************
 $_['edit_msg_02'] = 'bytes written.';
 $_['edit_msg_03'] = 'There was an error saving file.';
 $_['upload_txt_03'] = 'Maximum size of each file:';
-$_['upload_txt_01'] = '(upload_max_filesize in php.ini)';
+$_['upload_txt_01'] = '(php.ini: upload_max_filesize)';
 $_['upload_txt_04'] = 'Maximum total upload size:';
-$_['upload_txt_02'] = '(post_max_size in php.ini)';
+$_['upload_txt_02'] = '(php.ini: post_max_size)';
 $_['upload_txt_05'] = 'For uploaded files that already exist: '; //#### 
 $_['upload_txt_06'] = 'Rename (to filename.ext.001 etc...)';
 $_['upload_txt_07'] = 'Overwrite';                               //#### 
@@ -360,36 +370,36 @@ function Default_Language() { // ***********************************************
 $_['error_reporting_05'] = 'Unexpected early output';
 $_['error_reporting_06'] = '(nothing, not even white-space, should have been output yet)';
 $_['admin_txt_00'] = 'Old Backup Found';
-$_['admin_txt_01'] = 'A backup file was created in case of an error during a username or password change. Therefore, it may contain old information and should be deleted if not needed. In any case, it will automatically be overwritten on the next password or username change.';
+$_['admin_txt_01'] = 'A backup file was created in case of an error during a username or password change. Therefore, it may contain old information and should be deleted if not needed. In any case, it will be automatically overwritten on the next password or username change.';
 $_['admin_txt_02'] = 'General Information';
 $_['admin_txt_14'] = 'For a small improvement to security, change the default salt and/or method used by OneFileCMS to hash the password (and keep them secret, of course). Every little bit helps...'; //####
 $_['admin_txt_16'] = 'OneFileCMS can be used to edit itself.  However, be sure to have a backup ready for the inevitable ytpo...'; //####
-$_['pw_change']  = 'Change Password';
 $_['pw_current'] = 'Current Password';
+$_['pw_change']  = 'Change Password';
 $_['pw_new']     = 'New Password';
 $_['pw_confirm'] = 'Confirm New Password';
+$_['un_change']  = 'Change Username';
+$_['un_new']     = 'New Username';
+$_['un_confirm'] = 'Confirm New Username';
 $_['pw_txt_02'] = 'Password / Username rules:';
-$_['pw_txt_04'] = 'Case-sensitive: "A" is not "a"';
+$_['pw_txt_04'] = 'Case-sensitive: "A" =/= "a"';
 $_['pw_txt_06'] = 'Must contain at least one non-space character.';
 $_['pw_txt_08'] = 'May contain spaces in the middle. Ex: "This is a password or username!"';
 $_['pw_txt_10'] = 'Leading and trailing spaces are ignored.';
 $_['pw_txt_12'] = 'In recording the change, only one file is updated: either the active copy of OneFileCMS, or, if specified, an external configuration file.';
 $_['pw_txt_14'] = 'If an incorrect current password is entered, you will be logged out, but you may log back in.';
-$_['change_pw_01'] = 'Password changed!';
-$_['change_pw_02'] = 'Password NOT changed:';
-$_['change_pw_03'] = 'Incorrect current password. Login to try again.';
-$_['change_pw_04'] = '"New" and "Confirm New" values do not match.';
-$_['change_pw_05'] = 'Updating';
-$_['change_pw_06'] = 'external config file';
-$_['un_change']     = 'Change Username';
-$_['un_new']        = 'New Username';
-$_['un_confirm']    = 'Confirm New Username';
+$_['change_pw_01']  = 'Password changed!';
+$_['change_pw_02']  = 'Password NOT changed.';
+$_['change_pw_03']  = 'Incorrect current password. Login to try again.';
+$_['change_pw_04']  = '"New" and "Confirm New" values do not match.';
+$_['change_pw_05']  = 'Updating';
+$_['change_pw_06']  = 'external config file';
 $_['change_un_01']  = 'Username changed!';
-$_['change_un_02']  = 'Username NOT changed:';
+$_['change_un_02']  = 'Username NOT changed.';
 $_['update_failed'] = 'Update failed - could not save file.';
-$_['mcd_msg_01']    = 'files moved.';
-$_['mcd_msg_02']    = 'files copied.';
-$_['mcd_msg_03']    = 'files deleted.';
+$_['mcd_msg_01'] = 'files moved.';
+$_['mcd_msg_02'] = 'files copied.';
+$_['mcd_msg_03'] = 'files deleted.';
 }//end Default_Language() //****************************************************
 
 
@@ -421,7 +431,7 @@ function Session_Startup() { //*************************************************
 	if ( $_SESSION['valid'] ) { Verify_IDLE_POST_etc(); }
 
 	$_SESSION['nuonce'] = sha1(mt_rand().microtime()); //provided in <forms> to verify POST
-		
+
 	chdir($_SERVER["DOCUMENT_ROOT"]); //Allow OneFileCMS.php to be started from any dir on the site.
 }//end Session_Startup() //*****************************************************
 
@@ -431,7 +441,7 @@ function Session_Startup() { //*************************************************
 function Verify_IDLE_POST_etc() { //********************************************
 	global $_, $page, $EX, $message, $VALID_POST, $MAX_IDLE_TIME;
 
-	//Verify consistant user agent... (every little bit helps every little bit)
+	//Verify consistant user agent. This is set during login. (every little bit helps every little bit)
 	if ( !isset($_SESSION['user_agent']) || ($_SESSION['user_agent'] != $_SERVER['HTTP_USER_AGENT']) ) { Logout(); }
 
 	//Check idle time
@@ -532,9 +542,9 @@ function Error_reporting_and_early_output($show_status = 0, $show_types = 0) {//
 
 
 function Update_Recent_Pages() { //*********************************************
-	global $page, $message;
+	global $page;
 
-	if (!isset($_SESSION['recent_pages'])) { $_SESSION['recent_pages'] = array(""); }
+	if (!isset($_SESSION['recent_pages'])) { $_SESSION['recent_pages'] = array($page); }
 	$pages = count($_SESSION['recent_pages']);
 
 	//Only update if actually a new page
@@ -573,7 +583,7 @@ function Get_GET() { //*** Get main parameters *********************************
 	// i=some/path/,  f=somefile.xyz,  p=somepage
 	// $ipath      ,  $filename     ,  $page
 	// Get_GET() should not be called unless $_SESSION['valid'] == 1
-	global $_, $ipath, $filename, $page, $VALID_PAGES, $param1, $param2, $param3, $EX, $message;
+	global $_, $ipath, $filename, $page, $param1, $param2, $param3, $VALID_PAGES, $EX, $message;
 
 	//Initialize & validate $ipath
 	if (isset($_GET["i"])) {
@@ -698,7 +708,7 @@ function dir_name($path){ //****************************************************
 	//Modified dirname().
 	$parent = dirname($path);
 	if ($parent == "." || $parent == "/" || $parent == '\\' || $parent == "") { return ""; }
-	return $parent.'/';
+	else { return $parent.'/'; }
 }//end dir_name() //************************************************************
 
 
@@ -770,7 +780,7 @@ function Sort_Seperate($path, $full_list){ //***********************************
 	$F=1; $D=1;  //indexes
 	foreach( $full_list as $item ) {
 		if ( ($item == '.') || ($item == '..') || ($item == "")){ continue; }
-		if (is_dir($path.$item)){ $folders[$D++] = $item; }
+		if (is_dir($path.$item)) { $folders[$D++] = $item; }
 		else                     { $files[$F++]   = $item; }
 	}
 	
@@ -928,7 +938,7 @@ function Page_Header(){ //******************************************************
 		$favicon =  '<img src="/'.URLencode_path($config_favicon).'" alt="">';
 	}
 ?>
-	<div class="header">
+	<div id="header">
 		<a href="<?php echo $ONESCRIPT?>" id="logo"><?php echo $config_title; ?></a>
 		<?php echo $OFCMS_version.' ('.hsc($_['on']).'&nbsp;php&nbsp;'.phpversion().')'; ?>
 		
@@ -1019,9 +1029,7 @@ function show_image(){ //*******************************************************
 
 function Timeout_Timer($COUNT, $ID, $CLASS="", $ACTION="") { //*****************
 
-	return 	'<script>'.
-			'Start_Countdown('.$COUNT.', "'.$ID.'", "'.$CLASS.'", "'.$ACTION.'");'.
-			'</script>';
+	return 	'<script>Start_Countdown('.$COUNT.', "'.$ID.'", "'.$CLASS.'", "'.$ACTION.'");</script>';
 
 }//end Timeout_Timer() //*******************************************************
 
@@ -1035,7 +1043,7 @@ function Init_Macros() { //*** ($varibale="some reusable chunk of code")********
 	$FORM_COMMON = '<form method="post" action="'.$ONESCRIPT.$param1.$param2.'">'.$INPUT_NUONCE."\n";
 
 	$PWUN_RULES  = '<p>'.hsc($_['pw_txt_02']).'<ol><li>'.hsc($_['pw_txt_04']).'<li>'.hsc($_['pw_txt_06']);
-	$PWUN_RULES .= '<li>'.hsc($_['pw_txt_08']).'<li>'.hsc($_['pw_txt_10']).'</ol>';
+	$PWUN_RULES .= '<li>'.hsc($_['pw_txt_10']).'<li>'.hsc($_['pw_txt_08']).'</ol>';
 }//end Init_Macros() //*********************************************************
 
 
@@ -1114,9 +1122,9 @@ function icon_folder($extra = ""){ //**********************************
 	$ICONS['img'] = '<svg class="icon" version="1.1" width="14" height="16">'.$img_0.'</svg>';
 	$ICONS['svg'] = icon_txt('#333', '#444', '#FFF', "", $img_0);
 	$ICONS['txt'] = icon_txt('#333', '#000', '#FFF');
-	$ICONS['htm'] = icon_txt('#444', '#222', '#FABEAA'); //* rgb(250,190,170)
-	$ICONS['php'] = icon_txt('#333', '#111', '#C3C3FF'); //* rgb(195,195,225)
-	$ICONS['css'] = icon_txt('#333', '#111', '#FFE1A5'); //* rgb(255,225,165)
+	$ICONS['htm'] = icon_txt('#444', '#222', '#FABEAA'); //rgb(250,190,170)
+	$ICONS['php'] = icon_txt('#333', '#111', '#C3C3FF'); //rgb(195,195,225)
+	$ICONS['css'] = icon_txt('#333', '#111', '#FFE1A5'); //rgb(255,225,165)
 	$ICONS['cfg'] = icon_txt('#444', '#111', '#DDD');
 	$ICONS['upload'] = icon_txt('#333', 'black', 'white', $extra_up);
 	$ICONS['file_new'] = icon_txt('#444', 'black', 'white', $extra_new);
@@ -1140,24 +1148,20 @@ function icon_folder($extra = ""){ //**********************************
 
 
 function List_Backup($file, $file_url){ //**************************************
-	global $_, $ONESCRIPT;
+	global $_, $ONESCRIPT, $ICONS;
 
 	clearstatcache ();
 	$href = $ONESCRIPT.'?i='.dir_name($file_url).'&amp;f='.basename($file_url);
+	$edit_link = '<a href="'.$href.'&amp;p=edit'.'" id="old_backup">'.hte(rawurldecode(basename($file_url))).'</a>';
 ?>
 	<table class="index_T old_backup_T"><tr>
-	<td class="file_name">
-		<?php echo '<a href="'.$href.'&amp;p=edit'.'" id="old_backup">'.basename($file_url); ?></a>
-	</td>
-	<td class="meta_T file_size">&nbsp;
-		<?php echo number_format(filesize($file)); ?> B
-	</td>
-	<td class="meta_T file_time"> &nbsp;
-		<script>FileTimeStamp(<?php echo filemtime($file); ?>, 1, 0);</script>
-	</td>
+	<td class="file_name"><?php echo $edit_link; ?></td>
+	<td class="meta_T file_size">&nbsp;	<?php echo number_format(filesize($file)); ?> B	</td>
+	<td class="meta_T file_time"> &nbsp;<script>FileTimeStamp(<?php echo filemtime($file); ?>, 1, 0);</script></td>
 	</tr></table>
 
-	<a href="<?php echo $href.'&amp;p=deletefile' ?>" class="button" id="del_backup"><?php echo hsc($_['Delete']) ?></a>
+	<a href="<?php echo $href.'&amp;p=deletefile' ?>" class="button" id="del_backup">
+	<?php echo $ICONS['delete'].'&nbsp;'.hsc($_['Delete']) ?></a>
 	<div class=clear></div>
 <?php
 }//end List_Backup() //*********************************************************
@@ -1166,7 +1170,7 @@ function List_Backup($file, $file_url){ //**************************************
 
 
 function Admin_Page() { //******************************************************
-	global $_, $WEB_ROOT, $ONESCRIPT, $ONESCRIPT_url_backup, $ONESCRIPT_file_backup, $CONFIG_url_backup,
+	global $_, $ONESCRIPT, $ONESCRIPT_url_backup, $ONESCRIPT_file_backup, $CONFIG_url_backup,
 		   $ipath, $filename, $param1, $param2, $EX, $config_title,  $CONFIG_file_backup;
 
 	// Restore/Preserve $ipath prior to admin page in case OneFileCMS is edited (which would change $ipath).
@@ -1202,7 +1206,7 @@ function Admin_Page() { //******************************************************
 
 	<div class="info">
 
-	<?php //Check for & indicate if backups exists from a prior p/w or u/n change.
+<?php //Check for & indicate if backups exists from a prior p/w or u/n change.
 	clearstatcache ();
 	if (is_file($ONESCRIPT_file_backup) || is_file($CONFIG_file_backup) ) {
 		
@@ -1217,7 +1221,7 @@ function Admin_Page() { //******************************************************
 	}//end of check for backup
 	
 	echo '<script>document.getElementById("'.$focus_on.'").focus();</script>';
-	?>
+?>
 	<p><b><?php echo hsc($_['admin_txt_02']) ?></b>
 	<p><?php echo hsc($_['admin_txt_16']) ?>
 	<p><?php echo hsc($_['admin_txt_14']) ?>
@@ -1278,13 +1282,13 @@ function Hash_response() { //***************************************************
 
 
 //******************************************************************************
-function Change_PWUN_Page($pwun, $type,$page_title,$label_new,$label_confirm) {
-	// $config_key must= "pw" or "un"
+function Change_PWUN_Page($pwun, $type, $page_title, $label_new, $label_confirm) {
+	//$pwun must = "pw" or "un"
 	global $_, $EX, $ONESCRIPT, $param1, $param3, $INPUT_NUONCE, $config_title, $PWUN_RULES;
 ?>
 	<h2><?php echo hsc($page_title) ?></h2>
 	
-	<form id="change" name="<?php echo $config_key ?>" method="post" action="<?php echo $ONESCRIPT.$param1.$param3; ?>">
+	<form id="change" method="post" action="<?php echo $ONESCRIPT.$param1.$param3; ?>">
 		<input type="hidden" name="<?php echo $pwun ?>" value="">
 		
 		<?php echo $INPUT_NUONCE; ?>
@@ -1315,18 +1319,15 @@ function Change_PWUN_Page($pwun, $type,$page_title,$label_new,$label_confirm) {
 
 //******************************************************************************
 function Update_config($search_for, $replace_with, $search_file, $backup_file) {
-	global  $_, $HASHWORD, $EX, $message;
+	global  $_, $EX, $message;
 
 	if ( !is_file($search_file) ) {
 		$message .= $EX.' <b>'.$_['Not_found'].': </b>'.$search_file.'<br>';
 		return false;
 	}
 
-	$search_contents = file_get_contents($search_file);
-	//Convert any CR+NL to only newline.
-	$search_contents = str_replace("\r\n", "\n", $search_contents);
-	$search_contents = str_replace("\r"  , "\n", $search_contents);
-	$search_lines = explode("\n", "".$search_contents);
+	//Read file into an array for searching.
+	$search_lines = file($search_file, FILE_IGNORE_NEW_LINES);
 
 	//Search start of each $line in (array)$search_lines for (string)$search_for.
 	//If match found, replace $line with $replace_with, end search.
@@ -1340,14 +1341,17 @@ function Update_config($search_for, $replace_with, $search_file, $backup_file) {
 		}
 	}
 
-	//As of 3.3.18, this should never happen- you'd be logged out first.
-	if (!$found){ $message .= $EX.' <b>'.$_['Not_found'].': '.$search_for.'<br>'; return false; }
+	//This should not happen...
+	if (!$found){ $message .= $EX.' <b>'.$_['Not_found'].': </b>'.$search_for.'<br>'; return false; }
 	
 	copy($search_file, $backup_file); // Just in case...
 
 	$updated_contents = implode("\n", $search_lines);
 
-	return file_put_contents($search_file, $updated_contents);
+	if (file_put_contents($search_file, $updated_contents, LOCK_EX) === false) {
+		$message .= $EX.'<b>'.hsc($_['update_failed']).'</b><br>';
+		return false;
+	}else {return true;}
 }//end Update_config() //*******************************************************
 
 
@@ -1365,15 +1369,11 @@ function Change_PWUN_response($PWUN, $msg){ //**********************************
 
 	$error_msg   = $EX.'<b>'.hsc($msg).'</b> ';
 
-	//If nothing entered...
-	if ( ($current_pass == "") && ($new_pwun == "") && ($confirm_pwun == "") ) {
-		return ;//do nothing.
-		
-	//If no new & confirm values entered, display $message to that effect.
-	}elseif ( ($new_pwun == "") && ($confirm_pwun == "") ) {
-		$message .= $error_msg.hsc($_['pw_txt_06']).'<br>';
+	//If any field is blank...
+	if ( ($current_pass == "") || ($new_pwun == "") || ($confirm_pwun == "") ) {
+		$message .= $error_msg.'<br>';
 		
-	//If new & Confirm values don't match, display $message to that effect.
+	//If new & Confirm values don't match...
 	}elseif ($new_pwun != $confirm_pwun) {
 		$message .= $error_msg.hsc($_['change_pw_04']).'<br>';
 		
@@ -1385,20 +1385,18 @@ function Change_PWUN_response($PWUN, $msg){ //**********************************
 	//Else change username or password
 	}else {
 		if ($PWUN == "pw") {
-			$search_for  = '$HASHWORD '; //include space after $HASHWORD
-			$success_msg = '<b>'.hsc($_['change_pw_01']).'</b>';
-			$HASHWORD = hashit($new_pwun);
-			$replace_with = '$HASHWORD = "'.$HASHWORD.'";';
+			$search_for   = '$HASHWORD '; //include space after $HASHWORD
+			$replace_with = '$HASHWORD = "'.hashit($new_pwun).'";';
+			$success_msg  = '<b>'.hsc($_['change_pw_01']).'</b>';
 		}else { //$PWUN = "un"
-			$USERNAME = $new_pwun;
-			$search_for  = '$USERNAME '; //include space after $USERNAME
-			$success_msg = '<b>'.hsc($_['change_un_01']).'</b>';
-			$replace_with = '$USERNAME = "'.$USERNAME.'";';
+			$search_for   = '$USERNAME '; //include space after $USERNAME
+			$replace_with = '$USERNAME = "'.$new_pwun.'";';
+			$success_msg  = '<b>'.hsc($_['change_un_01']).'</b>';
 		}
 		
 		//If specified & it exists, update external config file.
-		//$config_file, lowercase name, is the user supplied config value, relative to $ONESCRIPT.
-		//$CONFIG_file, uppercase name, includes full filesystem path.
+		//$config_file (lowercase) is the user supplied config value, with its path relative to $ONESCRIPT.
+		//$CONFIG_file (uppercase) includes full filesystem path.
 		if ( isset($config_file) && is_file($CONFIG_file) ) {
 			$message .= $_['change_pw_05'].' '.$_['change_pw_06'].'. . . ';
 			$updated = Update_config($search_for, $replace_with, $CONFIG_file, $CONFIG_file_backup);
@@ -1407,7 +1405,7 @@ function Change_PWUN_response($PWUN, $msg){ //**********************************
 			$updated = Update_config($search_for, $replace_with, $ONESCRIPT_file, $ONESCRIPT_file_backup);
 		}
 		
-		if ($updated === false) { $message .= $error_msg.hsc($_['update_failed']).'<br>'; }
+		if ($updated === false) { $message .= $error_msg.'<br>'; }
 		else                    { $message .= $success_msg.'<br>'; }
 		
 		$page = "admin"; //Return to Admin page.
@@ -1425,6 +1423,7 @@ function Logout() { //**********************************************************
 	session_write_close();
 	unset($_GET);
 	unset($_POST);
+	$_SESSION = array();
 	$_SESSION['valid'] = 0;
 	$page = 'login';
 }//end Logout() //**************************************************************
@@ -1606,28 +1605,29 @@ function Index_Page(){ //*******************************************************
 	echo '<form method="post" name="mcdselect" action="'.$ONESCRIPT.$param1.'&amp;p=mcdaction">';
 	echo '<input type="hidden" name="mcdaction" value="">';
 
-	echo '<table id=index_page_buttons><tr><td id="mcd_submit">';
+	echo '<div id=index_page_buttons>';
 	if ($file_count > 0) {
-		
 		$input_attribs = 'TYPE=checkbox NAME=select_all id=select_all VALUE=select_all';
-		echo '<LABEL for=select_all id=select_all_label>'.$_['Select_All'];
-		echo '</LABEL><INPUT '.$input_attribs.' onclick="Select_All();">';
-			
-		function input_mcd_action($label, $mcd, $icon="") {
-			$onclick = ' onclick="return Confirm_ready( \''.$mcd.'\' );"';
-			return '<button TYPE=button id='.$mcd.$onclick.'>'.$icon.'&nbsp;'.hsc($label).'</button>';
-		}
-		echo input_mcd_action($_['Move']  , 'move'  , $ICONS['move']);
-		echo input_mcd_action($_['Copy']  , 'copy'  , $ICONS['copy']);
-		echo input_mcd_action($_['Delete'], 'delete', $ICONS['delete']);
-	}
-	echo '</td><td class="front_links">'."\n\n";
+		echo '<LABEL for=select_all id=select_all_label>'.$_['Select_All'].'</LABEL>';
+		echo '<INPUT '.$input_attribs.' onclick="Select_All();">';
 		
+		echo '<div id="mcd_submit">';
+		$onclick_m = 'onclick="return Confirm_Submit( \'move\');   "';
+		$onclick_c = 'onclick="return Confirm_Submit( \'copy\');   "';
+		$onclick_d = 'onclick="return Confirm_Submit( \'delete\' );"';
+		echo '<button TYPE=button id=delete '.$onclick_m.'>'.$ICONS['move'  ].'&nbsp;'.hsc($_['Move']  ).'</button>';
+		echo '<button TYPE=button id=delete '.$onclick_c.'>'.$ICONS['copy'  ].'&nbsp;'.hsc($_['Copy']  ).'</button>';
+		echo '<button TYPE=button id=delete '.$onclick_d.'>'.$ICONS['delete'].'&nbsp;'.hsc($_['Delete']).'</button>';
+		echo '</div>'; //end mcd_submit
+	}
+
+	echo '<div class="front_links">';
 		echo '<a href="'.$ONESCRIPT.$param1.'&amp;p=newfolder">'.$ICONS['folder_new'].'&nbsp;'.hsc($_['New_Folder']) .'</a>';
 		echo '<a href="'.$ONESCRIPT.$param1.'&amp;p=newfile">'  .$ICONS['file_new']  .'&nbsp;'.hsc($_['New_File'])   .'</a>';
 		echo '<a href="'.$ONESCRIPT.$param1.'&amp;p=upload">'   .$ICONS['upload']    .'&nbsp;'.hsc($_['Upload_File']).'</a>';
-		
-	echo '</td></tr></table>'; //end id=index_page_buttons
+	echo '</div>'; //end front_links
+	echo '</div>'; //end index_page_buttons
+	echo '<div class=clear></div>';
 	
 	if ($file_count > 0) { Table_of_Files($full_list); }
 
@@ -1656,9 +1656,9 @@ function Edit_Page_buttons_top($text_editable,$file_ENC){ //********************
 		</div>
 		
 		<div class="buttons_right">
-<?php if ($text_editable) { ?>
-		<input type="button" id="wide_view" class="button" value="<?php echo hsc($_['Wide_View']) ?>" onclick="Wide_View();">
-<?php }?>
+		<?php if ($text_editable) { ?>
+			<input type="button" id="wide_view" class="button" value="<?php echo hsc($_['Wide_View']) ?>" onclick="Wide_View();">
+		<?php }?>
 			<input type="button" id="close1" class="button" value="<?php echo hsc($_['Close']) ?>"
 				onclick="parent.location = '<?php echo $ONESCRIPT.$params ?>'">
 			<script>document.getElementById('close1').focus();</script>
@@ -1803,15 +1803,15 @@ function Edit_Page() { //*******************************************************
 	else                      { $header2 = hsc($_['edit_h2_2']); }
 
 	$too_large_to_edit_message =
-'<b>'.hsc($_['too_large_to_edit_01']).' '.number_format($MAX_EDIT_SIZE).' '.hsc($_['bytes']).'</b><br>'.
-hsc($_['too_large_to_edit_02']).'<br>'.hsc($_['too_large_to_edit_03']).'<br>'.hsc($_['too_large_to_edit_04']);
+		'<b>'.hsc($_['too_large_to_edit_01']).' '.number_format($MAX_EDIT_SIZE).' '.hsc($_['bytes']).'</b><br>'.
+		hsc($_['too_large_to_edit_02']).'<br>'.hsc($_['too_large_to_edit_03']).'<br>'.hsc($_['too_large_to_edit_04']);
 
 	$too_large_to_view_message =
-'<b>'.hsc($_['too_large_to_view_01']).' '.number_format($MAX_VIEW_SIZE).' '.hsc($_['bytes']).'</b><br>'.
-hsc($_['too_large_to_view_02']).'<br>'.hsc($_['too_large_to_view_03']).'<br>';//.hsc($_['too_large_to_view_04']);
+		'<b>'.hsc($_['too_large_to_view_01']).' '.number_format($MAX_VIEW_SIZE).' '.hsc($_['bytes']).'</b><br>'.
+		hsc($_['too_large_to_view_02']).'<br>'.hsc($_['too_large_to_view_03']).'<br>';//.hsc($_['too_large_to_view_04']);
 
-	//Preserves vertical spacing when message is blank, so edit area doesn't jump as much.
-	echo '<style>#message_box { min-height: 1.86em; }</style>';
+	//Preserves vertical spacing when message is closed, so edit area doesn't jump as much.
+	echo '<style>#message_box { min-height: 1.88em; }</style>';
 
 	echo '<h2 id="edit_header">'.$header2.' ';
 	echo '<a class="h2_filename" href="/'.URLencode_path($filename).'" target="_blank" title="'.$_['Open_View'].'">';
@@ -1859,11 +1859,18 @@ function Edit_response(){ //***If on Edit page, and [Save] clicked *************
 
 
 function Upload_Page() { //*****************************************************
-	global $_, $ONESCRIPT, $ipath, $param1, $INPUT_NUONCE, $UPLOAD_FIELDS;
+	global $_, $ONESCRIPT, $ipath, $param1, $INPUT_NUONCE, $UPLOAD_FIELDS, $MAIN_WIDTH;
 
 	$max_file_uploads = ini_get('max_file_uploads');
 	if ($max_file_uploads < $UPLOAD_FIELDS) { $UPLOAD_FIELDS = $max_file_uploads; }
 
+	//$main_width is used below to determine size (width) of <input type=file> in FF.
+	$main_width   = $MAIN_WIDTH * 1;   //set in config section. Default is 810px.
+	$main_units   = substr($MAIN_WIDTH, -2); //should be px, pt, or em.
+	//convert to px.  16px = 12pt = 1em
+	if     ( $main_units == "em") { $main_width = $main_width * 16 ; }
+	elseif ( $main_units == "pt") { $main_width = $main_width * (16 / 12); }
+
 	echo '<h2>'.hsc($_['Upload_File']).'</h2>';
 	echo '<p>';
 	echo hsc($_['upload_txt_03']).' '.ini_get('upload_max_filesize').' '.hsc($_['upload_txt_01']).'<br>';
@@ -1872,22 +1879,22 @@ function Upload_Page() { //*****************************************************
 	echo '<form enctype="multipart/form-data" action="'.$ONESCRIPT.$param1.'&amp;p=uploaded" method="post">';
 		echo $INPUT_NUONCE;
 		
-		echo '<div class="action">';
-		echo $_['upload_txt_05'];
-			echo '<LABEL><INPUT TYPE=radio NAME=ifexists VALUE=rename checked> '.$_['upload_txt_06'].'</LABEL>';
-			echo '<LABEL><INPUT TYPE=radio NAME=ifexists VALUE=overwrite     > '.$_['upload_txt_07'].'</LABEL> ';
-		echo '</div>'; //end class=action
+		echo '<div class="action"><LABEL>'.hsc($_['upload_txt_05']).'</LABEL></div>';
+		echo '<div class="action">'; //So <LABEL>'s wrap w/o word breaks if $MAIN_WIDTH is narrow.
+			echo '<LABEL><INPUT TYPE=radio NAME=ifexists VALUE=rename checked> '.hsc($_['upload_txt_06']).'</LABEL>';
+			echo '<LABEL><INPUT TYPE=radio NAME=ifexists VALUE=overwrite     > '.hsc($_['upload_txt_07']).'</LABEL> ';
+		echo '</div>';
 		
-		echo '<input type="hidden" name="upload_destination" value="'.hsc($ipath).'" >';
-		echo '<p>';
+		echo '<input type="hidden" name="upload_destination" value="'.hsc($ipath).'" ><p>';
 		for ($x = 0; $x < $UPLOAD_FIELDS; $x++) {
-			//size is for FF, style width for IE & Chrome.
-			echo '<input type="file" name="upload_file[]" size="100%" style="width: 100%">';
+			//size attibute is for FF (and is not em, px, pt, or %).
+			//width attribute is for IE & Chrome, and can be set via css (in style_sheet()).
+			//In FF, width of <input type="file" size=1> is 121px. If size=2, width = 128, etc. The base value is 114px.
+			echo '<input type="file" name="upload_file[]" size="'.floor(($main_width - 114) / 7).'"><br>'."\n";
 		}
 		
 		Cancel_Submit_Buttons($_['Upload']);
 	echo '</form>';
-
 }//end Upload_Page() //*********************************************************
 
 
@@ -1965,7 +1972,7 @@ function New_Page($title, $id) { //*********************************************
 
 
 function New_response($post, $isfile){ //***************************************
-	global $_, $WEB_ROOT, $ipath, $filename, $page, $param1, $param2, $param3, $message, $EX, $INVALID_CHARS, $WHSPC_SLASH;
+	global $_, $ipath, $filename, $page, $param1, $param2, $param3, $message, $EX, $INVALID_CHARS, $WHSPC_SLASH;
 
 	$page      = "index"; //Return to index if folder, or on error.
 
@@ -2018,7 +2025,7 @@ function Set_Input_width() { //*************************************************
 	$label_width = (mb_strlen($_['New_Location'], $label_enc));
 
 	$indent       = ($label_width + $root_width + 1 ); // +1 for good measure
-	$main_width   = $MAIN_WIDTH * 1;   //set in config section. Default is 810px.
+	$main_width   = $MAIN_WIDTH * 1;   //set in config section.
 	$main_units   = substr($MAIN_WIDTH, -2); //should be em, px, or pt
 
 	//convert to em
@@ -2068,7 +2075,7 @@ function CRM_Page($action, $title, $name_id, $old_name) { //********************
 function CRM_response($action, $msg1, $show_message = 3){ //********************
 	//$action = 'rCopy' or 'rename'.  Returns 0 if successful, 1 on error.
 	//$show_message: 0 = none; 1 = errors only; 2 = successes only; 3 = all messages (default).
-	global $_, $WEB_ROOT, $ipath, $filename, $page, $param1, $param2, $message, $EX, $INVALID_CHARS, $WHSPC_SLASH;
+	global $_, $ipath, $filename, $page, $param1, $param2, $message, $EX, $INVALID_CHARS, $WHSPC_SLASH;
 
 	$old_name      = trim($_POST["old_name"], $WHSPC_SLASH);     //Trim whitespace & slashes.
 	$new_name_only = trim($_POST["new_name"], $WHSPC_SLASH);
@@ -2149,6 +2156,9 @@ function Delete_response($target, $show_message=3) { //*************************
 	$target = trim($target,'/');
 	$page = "index"; //Return to index
 
+	//If came from admin page, return there.
+	if ( $_SESSION['admin_page'] ) { $page = 'admin'; }
+
 	$err_msg = ''; //On error, set this message.
 	$scs_msg = ''; //On success, set this message.
 
@@ -2161,7 +2171,7 @@ function Delete_response($target, $show_message=3) { //*************************
 		$param2   = "";
 		$error = 0; //0= no error, 1 = an error.
 	}else { //Error
-		$err_msg .= $EX.'<b>'.hsc($_['delete_msg_03']).'</b> <span class="filename">'.hte($target).'</span><br>'; //Error message
+		$err_msg .= $EX.'<b>'.hsc($_['delete_msg_03']).'</b> <span class="filename">'.hte($target).'</span><br>';
 		$page = $_SESSION['recent_pages'][1];
 		if ($page == "edit") {
 			$filename = $target;
@@ -2227,7 +2237,7 @@ function MCD_Page($action, $page_title, $classes = '') { //*********************
 
 
 function MCD_response($action, $msg1, $success_msg = '') { //*******************
-	global $_, $WEB_ROOT, $ipath, $filename, $EX, $message, $WHSPC_SLASH;
+	global $_, $ipath, $filename, $EX, $message, $WHSPC_SLASH;
 
 	$files    = $_POST['files']; //List of files to delete (path not included)
 	$count    = count($files);   //Doesn't include any sub-folders & files.
@@ -2471,7 +2481,7 @@ function Select_All() {
 
 
 
-function Confirm_ready(action){
+function Confirm_Submit(action){
 	
 	var files = document.mcdselect.elements['files[]'];
 	var last  = files.length;   //number of files
@@ -2500,7 +2510,7 @@ function Confirm_ready(action){
 function Edit_Page_scripts() { //***********************************************
 	global $_, $MAIN_WIDTH, $WIDE_VIEW_WIDTH, $current_view;
 
-	//Determine edit_view width
+	//Determine edit_view width.
 	$current_view = $MAIN_WIDTH;
 	if ( isset($_COOKIE['edit_view']) ) {
 		if ( ($_COOKIE['edit_view'] == $MAIN_WIDTH) || ($_COOKIE['edit_view'] == $WIDE_VIEW_WIDTH) ) {
@@ -2562,7 +2572,7 @@ function Wide_View() {
 
 	function Reset_file_status_indicators() {
 		changed = false;
-		File_textarea.style.backgroundColor = "#F6FFF6";  //light green
+		File_textarea.style.backgroundColor = "#F9FFF9";  //light green
 		Save_File_button.style.backgroundColor = "";
 		Save_File_button.style.borderColor = "";
 		Save_File_button.style.borderWidth = "1px";
@@ -2659,10 +2669,8 @@ function style_sheet(){ //******************************************************
 
 p, table, ol { margin-bottom: .6em;}
 
-/* div { position: relative; } *//*Causes trouble with message_box*/
-
 h1,h2,h3,h4,h5,h6 { font-weight: bold; }
-h2, h3 { font-size: 1.2em; margin: .5em 1em .5em 0; } /*TRBL*/
+h2, h3 { font-size: 1.2em; margin: .4em 0 .4em 0; } /*TRBL*/
 
 li { margin-left: 2em }
 
@@ -2674,7 +2682,7 @@ function style_sheet(){ //******************************************************
 table { border-collapse:separate; border-spacing:0; }
 th,td { text-align:left; font-weight:400; }
 
-a       { border: 1px solid transparent; color: rgb(100,45,0); text-decoration: none; }
+a { border: 1px solid transparent; color: rgb(100,45,0); text-decoration: none; }
 
 label { font-size : 1em; font-weight: bold; }
 
@@ -2685,17 +2693,29 @@ function style_sheet(){ //******************************************************
 	margin    : 0;
 	}
 
+input[type="text"]     { width: 100%; border: 1px solid #807568; padding: 1px 1px 1px 0; font : 1em Courier; }
+input[type="password"] { width: 100%; border: 1px solid #807568; padding: 0   1px 0   0; }
+input[type="file"]     { width: 100%; border: 1px solid #807568; background-color: white; }
+
+input[readonly]       { color: #333; background-color: #EEE; }
+input[disabled]       { color: #555; background-color: #EEE; }
+
+input:focus  { background-color: rgb(255,250,150); }
+input:hover  { background-color: rgb(255,250,150); }
+
+button:focus { background-color: rgb(255,250,150); }
+button:hover { background-color: rgb(255,250,150); }
 
 /* --- layout --- */
 
 .container {
 	border : 0px solid #807568;
-	width  : 810px;     /*Adjusted by $MAIN_WIDTH config variable*/
+	width  : 800px;     /*Adjusted by $MAIN_WIDTH config variable*/
 	margin : 0 auto 2em auto;
 	}
 
 
-.header {
+#header {
 	border-bottom : 1px solid #807568;
 	padding: 04px 0px 01px 0px;
 	margin : 0 0 .5em 0;
@@ -2720,7 +2740,7 @@ function style_sheet(){ //******************************************************
 	}
 
 
-#message_box { border: none; margin: 0 0 .5em 0; padding: 0; }
+#message_box { border: none; margin: 0 0 .4em 0; padding: 0; }
 
 #message_box_contents { border: 1px solid gray; padding: 4px; background: #FFF000; }
 
@@ -2758,7 +2778,7 @@ function style_sheet(){ //******************************************************
 	background-color: #FFF;
 	}
 
-table.index_T tr:hover {border: 1px solid #333;}
+table.index_T tr:hover {border: 1px solid #777; background-color: #EEE}
 
 table.index_T td { border : 1px inset silver; vertical-align: middle;}
 
@@ -2789,20 +2809,20 @@ function style_sheet(){ //******************************************************
 .ckbox:focus { background-color: rgb(255,250,150); }
 
 
-#index_page_buttons { width: 100%; margin: 0 0 .3em 0; }
-#index_page_buttons td { vertical-align: bottom; }
+#index_page_buttons     { margin: 0 0 .5em 0; }
+#index_page_buttons div { display: inline-block; vertical-align: bottom; }
 
 
 /*** front_links:  [New File] [New Folder] [Upload File] ***/
-.front_links { text-align:right; }
-
+.front_links { float: right; }
+ 
 .front_links a {
 	display: inline-block;
-	border : 1px solid #807568;
-	height      : 1em;
+	margin-top  : .2em;
+	border      : 1px solid #807568;
 	font-size   : 1em;  /*Adjusted by langauge files*/
 	margin-left : 1em;  /*Adjusted by langauge files*/
-	padding     : 3px 5px 5px 4px; /*TRBL*/
+	padding     : 3px 5px 2px 4px; /*TRBL*/
 	background-color: #EEE;
 	}
 
@@ -2825,7 +2845,8 @@ function style_sheet(){ //******************************************************
 	cursor   : pointer;
 	border   : 1px solid #807568;
 	padding  : 0px 4px 0px 3px;
-	margin   : 0 0 0 1em;          /*Adjusted by langauge files*/
+	margin-top : .5em;   /* Helps align bottoms with New & Upload buttons */
+	margin-left: 1.0em;     /*Adjusted by langauge files*/
 	font-size: .9em;
 	color    : rgb(100,45,0);
 	background-color: #EEE;
@@ -2834,34 +2855,6 @@ function style_sheet(){ //******************************************************
 #mcd_submit button:hover { background-color: rgb(255,250,150); }
 #mcd_submit button:focus { background-color: rgb(255,250,150); }
 
-
-input[type="text"] {
-	width  : 100%;
-	border : 1px solid #807568;
-	padding: 1px 1px 1px 0;
-	font   : 1em Courier;
-	}
-
-input[type="password"] {
-	width  : 100%;
-	border : 1px solid #807568;
-	padding:0 1px 0 0;
-}
-
-
-input:focus  { background-color: rgb(255,250,150); }
-button:focus { background-color: rgb(255,250,150); }
-
-input:hover  { background-color: rgb(255,250,150); }
-button:hover { background-color: rgb(255,250,150); }
-
-input[readonly]       { color: #333; background-color: #EEE; }
-input[disabled]       { color: #555; background-color: #EEE; }
-input[disabled]:hover { background-color: rgb(236,233,216);  }
-input[disabled]:hover { background-color: rgb(236,233,216);  }
-
-input[type="file"] { border: 1px solid #807568; background-color: white; width: 100%; }
-
 .buttons_right         { float: right; }
 .buttons_right .button { margin-left: .5em; }
 
@@ -2925,7 +2918,7 @@ function style_sheet(){ //******************************************************
 	margin: 0 0 .7em 0;
 	width : 99.8%;
 	height: 32em;
-}
+	}
 
 #file_contents:focus { border: 1px solid #Fdd; }
 
@@ -2990,11 +2983,11 @@ function style_sheet(){ //******************************************************
 	}
 
 .verify_del {
-	border: 1px solid #F00;
-	color : #222;
-	background-color: #FDD;
 	font  : 1em Courier;
+	border: 1px solid #F00;
 	padding: .2em .4em;
+	color  : #222;
+	background-color: #FDD;
 	}
 
 .verify_del td { border: 1px solid #F44; }
@@ -3006,7 +2999,7 @@ function style_sheet(){ //******************************************************
 
 .clear {clear:both; padding: 0; margin: 0; border: none}
 
-.web_root {font: 1em Courier;}
+.web_root { border: 0px solid  #807568; border-right: none; font: 1em Courier; padding: 1px; }
 
 .icon {float: left;}
 
@@ -3035,7 +3028,7 @@ function style_sheet(){ //******************************************************
 
 .old_backup_T {float: left; margin-bottom: .3em;}
 
-#del_backup   {float: left; margin-left  :  1em;}
+#del_backup   {float: left; margin-left  :  1em; padding: 2px 5px}
 
 /*** For old IE only: text "icons" for Rename, Copy, and Delete ***/
 .RCD1  {font: 900 7pt arial; padding: 0px 3px 0px 3px; margin: 0px; float: left}
@@ -3044,7 +3037,7 @@ function style_sheet(){ //******************************************************
 .D    {color: #b00;    border: 1px solid #b00}
 
 .action       {display: inline-block}
-.action label {margin: 0 1em}
+.action label {margin: 0 2em 0 0}
 </style>
 <?php
 }//end style_sheet() //*********************************************************
@@ -3056,7 +3049,7 @@ function Language_and_config_adjusted_styles() { //*****************************
 	global $_, $MAIN_WIDTH;
 ?>
 <style>
-.container { width: <?php echo $MAIN_WIDTH ?>; } /*Default 810px*/
+.container { width: <?php echo $MAIN_WIDTH ?>; } /*Default 800px*/
 
 .button {
 	padding  : <?php echo $_['button_padding']   ?>; /*Default 4px 10px */
@@ -3173,19 +3166,18 @@ function Language_and_config_adjusted_styles() { //*****************************
 
 Load_Selected_Page();
 
-//Countdown timer...
+//footer...
 if ($_SESSION['valid']) {
+	//Countdown timer
 	echo '<hr>';
 	echo Timeout_Timer($MAX_IDLE_TIME, 'timer0', 'timer timeout', 'LOGOUT');
 	echo '<span class="timeout">'.hsc($_['time_out_txt']).'&nbsp; </span>';
-}
 
-//Admin link
-if ( $_SESSION['valid'] && ($_SESSION['admin_page'] === false) ) {
-	echo '<a id="admin" href="'.$ONESCRIPT.$param1.$param2.'&amp;p=admin">'.hsc($_['Admin']).'</a>';
-}elseif ($_SESSION['valid']) {
-	echo '<br>';
-}
+	//Admin link
+	if ( ($_SESSION['admin_page'] === false) ) {
+		echo '<a id="admin" href="'.$ONESCRIPT.$param1.$param2.'&amp;p=admin">'.hsc($_['Admin']).'</a>';
+	}
+}//end footer
 
 echo '</div>'; //end container/login_page
 echo '</body></html>';
diff --git a/readme.markdown b/readme.markdown
index cc2eef6..64b5ee7 100755
--- a/readme.markdown
+++ b/readme.markdown
@@ -1,11 +1,13 @@
 # OneFileCMS
 
-## Current version: 3.4.12
-
---------------------------------------------------------------------------------
+## Current version: 3.4.13
 
 ## Recent changes
 
+### November 5, 2012 (v3.4.13)
+
+- Thanks to [symsec](http://github.com/symsec) for the Dutch (Nederlands) language file!
+- Otherwise, mostly some incidental code improvements and cleanup.
 
 ### October 21, 2012 (v3.4.12)
 
@@ -15,32 +17,10 @@
 
 - Just a few code tweaks & improvements.
 
-### October 8, 2012  (v3.4.10)
-
-- Can now delete non-empty folders (just be careful!)
-- Can now copy entire folders.
-- As part of the two changes above, folders are now listed in the main listing ahead of files, instead of displayed across the page beneath the path/to/current/folder header.
-- Consolidated some functions.
-- Minor bug fix 
-- Some misc code improvements here & there.
-
-- Versions since 3.4.06 have caused no issues on my test machine.  However, since a recursive delete function is now used, you may wish to try it out things out on a virtual machine or other test environment first.
-
-
-### September 19, 2012
-
-- Minor bug fix. (I'm beginning to see a pattern here...)
-
-### September 19, 2012
-
-- The [Selected Files] submit button has been removed, and the "radio buttons" to select Move, Copy, or Delete have been replaced with individual submit buttons. This saves the user one *entire* click per action!
-- OneFileCMS can now select and upload multiple files at one time.  The default max is 4, but that value may be adjusted with the "$UPLOAD_FIELDS" config variable.
--Removed the extra [Upload...] [New...] [Rename...] [Delete...] buttons from bottom of index page.
-
-
 
 #### Language files
 
+- Thanks to [symsec](http://github.com/symsec) for the Dutch (Nederlands) language file!
 - Thanks to [fermuch](http://github.com/fermuch) for the Spanish language file!  
 - Thanks to [codeless](http://github.com/codeless) for the German language file!
 
@@ -69,7 +49,7 @@ Coupling a utilitarian code editor with basic file managing functions, OneFileCM
 ## Features
  
 - All the basic file management features like renaming, moving, copying, deleting, and uploading.
-  _(For complex processes like batch renaming or mass uploads, you're going to want to use an FTP program.)_
+  _(For complex processes, like batch renaming or mass uploads, you're going to want to use an FTP program.)_
 - A basic text editor.
 - Alerts if you try to leave editing with unsaved changes.
 - A Login delay after too many invalid login attempts.
@@ -96,7 +76,7 @@ You can also change the file name of OneFileCMS.php to something else, such as "
 
 ### Where's the WYSIWYG? What about syntax highlighting?
 
-WYSWIWYG editors have been requested, but probably won't become standard, as they'd make it more than one file, sort of defeating the whole "OneFile" point. Plus, if when working with PHP or non-HTML code, they can be more of a hindrance than an asset.
+WYSWIWYG editors have been requested, but probably won't become standard, as they'd make it more than one file, sort of defeating the whole "OneFile" point. Plus, when working with PHP or non-HTML code, they can be more of a hindrance than an asset.
 
 However, just because I don't want to do it, doesn't mean it's impossible.  Look for the Edit\_Page\_form() function. Its textarea can be modified to work with whatever editor you like. 
 
@@ -108,19 +88,19 @@ I may not have the time/bandwidth/inclination to implement every feature, but I
 
 ### This is basically just a file manager with a text editor- why is it being called a CMS?
 
-Well, because "OneFileCMS" sounds way cooler than "OneFileFileManagerwithTextEditor".
+Well, because "OneFileCMS" sounds way cooler (relatively speaking) than "OneFileFileManagerwithTextEditor".
 
 ### Multi-Language Support?
 
-Yes!  Currently, English, German, and Spanish are available.
+Yes!  Currently, English (EN), German (DE), Spanish (ES), and Dutch (NL) are available.
 
-If you speak another language and would like to contribute, translations into other languages are welcomed and appreciated!  Just use the English language file (or any of the others) as a template, and translate each word, phrase, etc., as appropriate.  (Someone told me he was working on an Esparento translation, but that might have been a joke...)
+If you speak another language and would like to contribute, translations into other languages are welcomed and appreciated!  Just use the English language file (or any of the others) as a template, and translate each word, phrase, etc., as appropriate.  (Someone told me he was working on an Esparento translation...)
 
 ### Can I have more than one username/password?
 
 Yes!  Well, sort of - indirectly.  Upload or create addional copies of OneFileCMS, but give them different file names.(ie: OneFile1.php and OneFile2.php etc...)  Then, in each copy, maintain different usernames and passwords.  Also, so that one user does not login/logout the other, change the value of the $session_name config variable.  
   
-Now, since there is no database or other means of granular control or access logging, multiple usernames may be kind of pointless.  On the other hand, having at least one working backup copy of OneFileCMS available is recommended in case the primary copy gets corrupted.
+Now, since there is no database or other means of granular control or access logging, multiple usernames may be kind of pointless.  However, having at least one working backup copy of OneFileCMS available is recommended in case the primary copy gets corrupted.
 
 --------------------------------------------------------------------------------
 
@@ -138,7 +118,7 @@ Now, since there is no database or other means of granular control or access log
 - Available under the MIT and BSD licenses.
 - Maintained by github/Self-Evident
 - Original concept and development by github.com/rocktronica
-- Contributors: A. M Balakrishnan, github.com/codeless, github.com/fermuch
+- Contributors: A. M Balakrishnan, github.com/codeless, github.com/fermuch, github.com/symsec
 - Written in PHP, JavaScript, HTML, CSS, and SVG.
 - Icons for versions thru 1.1.6 by [famfamfam](http://www.famfamfam.com/).
 - To report a bug or request a feature, please file an issue via Github.
@@ -148,8 +128,7 @@ Now, since there is no database or other means of granular control or access log
 
 - With Chrome, and possibly Safari, issue with Edit page: Clicking browser [back] & then browser [forward],  with file changed and not saved. On return (after [forward] clicked), file still has changes, but indicators are green (saved/unchanged). Does not affect FF 7+ or IE 8+.
 - Issue with Chrome's XSS filter: Editing some legitimate files with OneFileCMS will trigger the filter and disable much of the javascript provided functionallity, but only while on the edit page with such a file, and only after a [Save].
-- The connection is not encrypted (doesn't use SSL), so passwords & usernames are sent in clear text during login.  
-  However, this is true of most online login systems, unless SSL or the like is employed.
+- The connection is not encrypted (doesn't use SSL), so passwords & usernames are sent in clear text during login.  However, this is true of most online login systems, unless SSL or the like is employed.
 - Be aware that only some very basic data & error checking is performed.  (But, it's getting better...)  
 - Anything else?
 

From e2396713e7cc79a7cebc029ad88802eb3baf7fa9 Mon Sep 17 00:00:00 2001
From: David <selfevidenttruths@mail.com>
Date: Mon, 12 Nov 2012 15:50:00 -0500
Subject: [PATCH 155/228] Version 3.4.14 Russion language file courtesy of
 github.com/zaykin Courtesy of github.com/Fuchur777, Added $ACCESS_ROOT config
 value: Option to restrict OneFileCMS to a specific folder (and it's
 sub-folders). hashit(): minor logic improvement. URLencode_path(): minor
 improvement. Cancel_Submit_Buttons(): added id attrib to submit button.
 Upload_Page(): Fixed issue if using PHP v3.2.12 or earlier.
 Set_Input_width(): Improved logic. urldecode($WEB_ROOT) when displayed (when
 not part of an href value etc).

---
 OneFileCMS.LANG.RU.php | 243 +++++++++++++++++++++++++++++++++++++++++
 onefilecms.php         |  99 ++++++++++-------
 readme.markdown        |  43 ++++----
 3 files changed, 325 insertions(+), 60 deletions(-)
 create mode 100755 OneFileCMS.LANG.RU.php

diff --git a/OneFileCMS.LANG.RU.php b/OneFileCMS.LANG.RU.php
new file mode 100755
index 0000000..49c13b9
--- /dev/null
+++ b/OneFileCMS.LANG.RU.php
@@ -0,0 +1,243 @@
+<?php
+// OneFileCMS Language Settings v3.4.13
+
+$_['LANGUAGE'] = 'Russian'; //RU
+$_['LANG'] = 'RU';
+
+// If no translation or value is desired for a particular setting, do not delete
+// the actual setting variable, just set it to an empty string.
+// For example:  $_['some_unused_setting'] = '';
+//
+// Remember to slash-escape any single quotes that may be within the text:  \'
+// The back-slash itself may or may not also need to be escaped:  \\
+//
+// If present as a trailing comment, "## NT ##" means 'Need Translation'.
+//
+// In some instances, some langauges may use significantly longer words or phrases than others.
+// So, a smaller font or less spacing may be desirable in those places to preserve page layout.
+//
+$_['front_links_font_size'] = '0.9em';  //Buttons on Index page.
+$_['front_links_margin_L']  = '0.7em';
+$_['button_font_size']      = '0.7em';  //Buttons on Edit page.
+$_['button_margin_L']       = '0.4em';
+$_['button_padding']        = '4px 10px';
+$_['image_info_font_size']  = '1em';    //show_img_msg_01  &  _02
+$_['image_info_pos']        = '';       //If 1 or true, moves the info down a line for more space.
+$_['select_all_label_size'] = '.84em';  //Font size of $_['Select_All']
+$_['select_all_label_width'] = '72px';  //Width of space for $_['Select_All']
+
+$_['Admin']   = 'Админка';
+$_['bytes']   = 'байт';   //####
+$_['Cancel']  = 'Отмена';
+$_['Close']   = 'Закрыть';
+$_['Copy']    = 'Копия';
+$_['Copied']  = 'Копировать';
+$_['Create']  = 'Создать';
+$_['Delete']  = 'Удалить';
+$_['DELETE']  = 'УДАЛИТЬ';
+$_['Deleted'] = 'Удалено';
+$_['Edit']    = 'Редактировать';
+$_['Enter']   = 'Вход';
+$_['Error']   = 'Ошибка';
+$_['errors']  = 'ошибки';
+$_['File']    = 'Файл';
+$_['Folder']  = 'Папка';
+$_['From']    = 'из';
+$_['Hash']    = 'Хэш';
+$_['Move']    = 'Переместить';
+$_['Moved']   = 'Перемещено';
+$_['on']      = 'в';
+
+$_['Password']   = 'Пароль';
+$_['Rename']     = 'Rename';
+$_['successful'] = 'успешно';
+$_['To']         = 'В';
+$_['Upload']     = 'Загрузить';
+$_['Username']   = 'Логин';
+$_['Log_In']     = 'Войти';
+$_['Log_Out']    = 'Выйти';
+
+$_['Admin_Options']  = 'Настройки Администратора';
+$_['Are_you_sure']   = 'Вы уверены?';
+$_['Edit_View']      = 'Ред. / Смотреть';
+$_['Upload_File']    = 'Загрузить файл';
+$_['New_File']       = 'Новый файл';
+$_['Ren_Move']       = 'Переименовать / Переместить';
+$_['Ren_Moved']      = 'Переименованно / Перемещенно';
+$_['New_Folder']     = 'Новая папка';
+$_['Ren_Folder']     = 'Переименовать / Переместить папку';
+$_['Submit']         = 'Отправить изменения';
+$_['Move_Files']     = 'Переместить Файл(ы)';
+$_['Copy_Files']     = 'Копировать Файл(ы)';
+$_['Del_Files']      = 'Удалить Файл(ы)';
+$_['Selected_Files'] = 'Выбранные Папки и Файлы';
+$_['Select_All']     = 'Выбрать все';
+$_['Clear_All']      = 'Очистить всё';
+$_['New_Location']   = 'Новая локализация';
+$_['No_files']       = 'Нет выбранных файлов.';
+$_['Not_found']      = 'Не найдено';
+$_['pass_to_hash']   = 'Пароль для хеширования:';
+$_['Generate_Hash']  = 'Сгенерировать Хэш';
+
+$_['save_1']      = 'Сохранить';
+$_['save_2']      = 'СОХРАНИТЬ ИЗМЕНЕНИЯ!';
+$_['reset']       = 'Сбросить - до первоначальных настроек';
+$_['Wide_View']   = 'Широкий Обзор';
+$_['Normal_View'] = 'Нормальный Обзор';
+$_['Open_View']   = 'Открыть/Открыть в окне браузера';
+
+$_['verify_msg_01']     = 'Сессия истекла.';
+$_['verify_msg_02']     = 'НЕВЕРНЫЙ ЗАПРОС';
+$_['get_get_msg_01']    = 'Файл не существует:';
+$_['get_get_msg_02']    = 'Неверный запрос к странице:';
+$_['check_path_msg_02'] = '"точка" или "точка точка" недопустимая сегментация пути.';
+$_['check_path_msg_03'] = 'Ппуть или имя файла содержит недопустимые символы:';
+$_['ord_msg_01']        = 'Файл с таким именем уже существует в главной директории.';
+$_['ord_msg_02']        = 'Сохранить как';
+$_['rCopy_msg_01']      = 'Папка не может быть скопированна в одну из своих под-папок.';
+$_['show_img_msg_01']   = 'Изображене показано на ~';
+$_['show_img_msg_02']   = '% от полного размера (Ш x Д =';
+
+$_['hash_txt_01'] = 'Хэш сгенерированный на этой странице может быть использован для обновления вручную $HASHWORD в OneFileCMS, или во внешнем файле конфигурации. В любом случае, убедитесь, что вы помните пароль, используемый для создания хэш!';
+$_['hash_txt_06'] = 'Введите желаемый пароль в поле ввода выше и нажмите Enter.';
+$_['hash_txt_07'] = 'Хэш будет отображаться в желтом окне сообщения, которое выше.';
+$_['hash_txt_08'] = 'Скопируйте и вставьте новый хэш $HASHWORD переменную в файл конфига.';
+$_['hash_txt_09'] = 'Убедитесь в том, чтобы вы полностью скопировали хэш (пробелов, кавычек и т.д..';
+$_['hash_txt_10'] = 'Нажмите 2 раза, для того что-бы выбрать его...';
+$_['hash_txt_12'] = 'Когда будете готовы, выйдите из системы и войдите снова.';
+
+$_['login_txt_01']  = 'Логин:';
+$_['login_txt_02']  = 'Пароль:';
+$_['login_msg_01a'] = 'Имело место быть';
+$_['login_msg_01b'] = 'неудачных попыток входа в систему.';
+$_['login_msg_02a'] = 'Пожалуйста подождите';
+$_['login_msg_02b'] = 'несколько секунд, чтобы попробовать ещё раз.';
+$_['login_msg_03']  = 'ПРОБЛЕМА ПРИ ПОПЫТКЕ ВХОДА #';
+
+$_['edit_note_00']  = 'ПРИМЕЧАНИЕ:';
+$_['edit_note_01a'] = 'Поните- ваша';
+$_['edit_note_01b'] = 'это';
+$_['edit_note_02']  = 'Сохранить изменения перед окончаниеи сессии, иначе они будут утеряны!';
+$_['edit_note_03']  = 'В некоторых браузерах, таких как Chrome, если вы перемещаетесь [Назад] или [Вперед], измения могут обновиться. Для этого нажмите клавишу F5, либо в браузере нажмите [Обновить]..';
+$_['edit_note_04']  = 'Браузер Chrome может припятствовать работе некоторых JavaScript(ов). Это может сильно повлиять на некоторые особенности  OneFileCMS при совершении правок или редактирования файлов. Так же в Браузере Chrome Вы больше не увидите случайные изменения фонового цвета (красный / зеленый), показывающий проводились ли изменения по файлу. Это действие будет заметно после первого сохранения такого файла.';
+
+$_['edit_h2_1']   = 'Просмотреть:';
+$_['edit_h2_2']   = 'Редактировать:';
+$_['edit_txt_01'] = 'Неизвестный текст или неизвестный тип файла. Редактирование невозможно.';
+$_['edit_txt_02'] = 'Возможно файл содержит недопустимый символ. Редактирование и Просмотр невозможны.';
+$_['edit_txt_03'] = 'htmlspecialchars() возвращает к предыдущим обновлениям файла.';
+$_['edit_txt_04'] = 'Это поведение зависит от версии вашего PHP.';
+
+$_['too_large_to_edit_01'] = 'Редактирование невозожно. Размер файла >';
+$_['too_large_to_edit_02'] = 'В некоторых браузерах, таких как (ie: IE) неустойчивое редактирование HTML кода в файлах большого размера <textarea>.';
+$_['too_large_to_edit_03'] = 'Настройте $MAX_EDIT_SIZE в конфигураторе OneFileCMS по мере необходимости.';
+$_['too_large_to_edit_04'] = 'Простым методом тестирования проб и ошибок можно определить практический предел для данного браузера / компьютера.';
+$_['too_large_to_view_01'] = 'Просмотр невозможен. Размер файла >';
+$_['too_large_to_view_02'] = 'Нажмите на название файла, чтобы просмотреть, как обычно он отображается в окне браузера.';
+$_['too_large_to_view_03'] = 'Настройте $MAX_VIEW_SIZE в конфигураторе OneFileCMS по мере необходимости.';
+$_['too_large_to_view_04'] = '(Значения по умолчанию $MAX_VIEW_SIZE установлены произвольно, и могут быть скорректированны по желанию.)';
+
+$_['meta_txt_01'] = 'Размер файла:';
+$_['meta_txt_03'] = 'Обновлен:';
+$_['edit_msg_01'] = 'Файл сохранён:';
+$_['edit_msg_02'] = 'записанных байт.';
+$_['edit_msg_03'] = 'Существовала ошибка сохраниния файла .';
+
+$_['upload_txt_03']  = 'Максимальный размер каждого файла:';
+$_['upload_txt_01']  = '(php.ini: upload_max_filesize)';
+$_['upload_txt_04']  = 'Максимальный суммарный размер загружаемого:';
+$_['upload_txt_02']  = '(php.ini: post_max_size)';
+$_['upload_txt_05']  = 'Для загруженных файлов, которые уже существуют: ';
+$_['upload_txt_06']  = 'Переименование (в файле filename.ext.001 и.т.д...)';
+$_['upload_txt_07']  = 'Заменить';
+
+$_['upload_err_01']  = 'Ошибка 1: Файл слишком большой. Из php.ini:';
+$_['upload_err_02']  = 'Ошибка 2: Файл слишком большой. (Превышает MAX_FILE_SIZE HTML элементов)';
+$_['upload_err_03']  = 'Ошибка 3: Загруженный файл был загружен лишь частично.';
+$_['upload_err_04']  = 'Ошибка 4: Файл не был загружен.';
+$_['upload_err_05']  = 'Ошибка 5:';
+$_['upload_err_06']  = 'Ошибка 6: Отсутствует временная папка.';
+$_['upload_err_07']  = 'Ошибка 7: Не удалось записать файл на диск.';
+$_['upload_err_08']  = 'Ошибка 8: Расширение PHP остановило загрузку файлов.';
+
+$_['upload_msg_01'] = 'Не выбран файл для загрузки.';
+$_['upload_msg_02'] = 'Папка назначения недействительна:';
+$_['upload_msg_03'] = 'Загрузка отменена.';
+$_['upload_msg_04'] = 'Загружается:';
+$_['upload_msg_05'] = 'Загрузка прошла успешно!';
+$_['upload_msg_06'] = 'Загрузка не удалась:';
+$_['upload_msg_07'] = 'предварительно существующий файл был перезаписан.';
+
+$_['new_file_txt_01'] = 'Файл или папка могут быть созданы в текущей директории.';
+$_['new_file_txt_02'] = 'Содержатся некоторые недопустимые символы:';
+$_['new_file_msg_01'] = 'Файл или папка не создаются:';
+$_['new_file_msg_02'] = 'Название содержит недопустимый символ:';
+$_['new_file_msg_03'] = 'Не создано - нет названия';
+$_['new_file_msg_04'] = 'Файл или папка уже существуют:';
+$_['new_file_msg_05'] = 'Созданный файл:';
+$_['new_file_msg_07'] = 'Созданная папка:';
+
+$_['CRM_txt_02']  = 'Новая локализация уже должна существовать.';
+$_['CRM_txt_04']  = 'Новое Имя';
+$_['CRM_msg_01']  = 'Ошибка - новая локализация не существует:';
+$_['CRM_msg_02']  = 'Ошибка - исходный файл не существует:';
+$_['CRM_msg_03']  = 'Ошибка - новый файл или папка уже существуют:';
+$_['CRM_msg_05']  = 'Ошибка при';
+
+$_['delete_msg_03']   = 'Удалить ошибку:';
+$_['session_warning'] = 'Внимание: Близится окончание сессии!';
+$_['session_expired'] = 'ВРЕМЯ СЕССИИ ИСТЕКЛО';
+$_['unload_unsaved']  = ' Несохраненные изменения будут потеряны!';
+$_['confirm_reset']   = 'Сбросить файл с несохранёнными изменениями?';
+
+$_['OFCMS_requires']   = 'OneFileCMS требует PHP';
+$_['logout_msg']       = 'Вы успешно вышли из системы.';
+$_['upload_error_01a'] = 'Ошибка при загрузке. Общий объём данных  (размер файла) превысил post_max_size =';
+$_['upload_error_01b'] = '(из php.ini)';
+$_['edit_caution_01']  = 'ВНИМАНИЕ';
+$_['edit_caution_02']  = 'Осторожно редактируйте активную копию OneFileCMS - Сделайте резервную копию !!';
+$_['time_out_txt']     = 'Сессия закончится через::';
+
+$_['error_reporting_01'] = 'Вывести ошибки в';
+$_['error_reporting_02'] = 'Лог ошибок в';
+$_['error_reporting_03'] = 'Ошибки отчётности установленны в';
+$_['error_reporting_04'] = 'Показаны типы ошибок';
+$_['error_reporting_05'] = 'Неожиданный ранний выход';
+$_['error_reporting_06'] = '(ничего нет, даже пробела)';
+
+$_['admin_txt_00'] = 'Найти старую резервную копию';
+$_['admin_txt_01'] = 'Файл резервной копии был создан в случае ошибки при изменении имени пользователя и пароля. Таким образом, он может содержать устаревшую информацию и должен быть удален. В любом случае, он будет автоматически заменен на файл с новым паролем или логином пользователя.';
+$_['admin_txt_02'] = 'Общая информация';
+$_['admin_txt_14'] = 'Для небольшого улучшения безопасности в OneFileCMS изменён метод хеширования паролей (его нужно держать в тайне как и основной пароль). Каждый в дальнейшем может Вам понадобиться..'; //####
+$_['admin_txt_16'] = 'OneFileCMS может быть использована для редактирования себе. Однако, будьте уверены, что у Вас есть резервная копия...'; //####
+
+$_['pw_current'] = 'Текущий Пароль';
+$_['pw_change']  = 'Изменить Пароль';
+$_['pw_new']     = 'Новый Пароль';
+$_['pw_confirm'] = 'Подтверждение Нового Пароля';
+$_['un_change']  = 'Подтверждение Логина';
+$_['un_new']     = 'Новый Логин';
+$_['un_confirm'] = 'Подтверждение Нового Логина';
+
+$_['pw_txt_02'] = 'Пароль / Логин правила:';
+$_['pw_txt_04'] = 'С учётом регистра: "A" =/= "a"';
+$_['pw_txt_06'] = 'Не должен начинаться или заканчиваться с пробелов и различных символов.';
+$_['pw_txt_08'] = 'Может содержать пробелы в середине. Пример: "Это мой логин или пароль!"';
+$_['pw_txt_10'] = 'Пробелы в начале и конце игнорируются.';
+$_['pw_txt_12'] = 'При записи изменения обновляется лишь только один активный файл OneFileCMS, при этом сразу создаётся его старая копия.';
+$_['pw_txt_14'] = 'Если неправильный текущий пароль будет введён или зарегистрирован, Вы можете воспользоваться бекапом.';
+
+$_['change_pw_01'] = 'Пароль изменён!';
+$_['change_pw_02'] = 'Пароль не изменён.';
+$_['change_pw_03'] = 'Неправильный текущий пароль, войдите заново чтобы повторить попытку.';
+$_['change_pw_04'] = 'Данные "Нового пароля" и "Подтверждения нового пароля" не совпадают.';
+$_['change_pw_05'] = 'Обновить';
+$_['change_pw_06'] = 'внежнюю конфигурацию файла';
+$_['change_un_01'] = 'Логин изменён!';
+$_['change_un_02'] = 'Логин НЕ изменён.';
+
+$_['update_failed'] = 'Обновление не удалось - файл не сохранился.';
+$_['mcd_msg_01'] = 'файлы перемещаются.';
+$_['mcd_msg_02'] = 'файлы копируются.';
+$_['mcd_msg_03'] = 'файлы удалены.';
+
diff --git a/onefilecms.php b/onefilecms.php
index 1e43e37..b28f7be 100755
--- a/onefilecms.php
+++ b/onefilecms.php
@@ -1,7 +1,7 @@
 <?php
 // OneFileCMS - github.com/Self-Evident/OneFileCMS
 
-$OFCMS_version = '3.4.13';
+$OFCMS_version = '3.4.14';
 
 /*******************************************************************************
 Copyright © 2009-2012 https://github.com/rocktronica
@@ -76,7 +76,7 @@
 $config_favicon   = "favicon.ico"; //Path is relative to root of website.
 $config_excluded  = ""; //files to exclude from directory listings- CaSe sEnsiTive!
 
-$config_etypes = "html,htm,xhtml,php,pl,css,js,txt,text,cfg,conf,ini,csv,svg,log,htaccess"; //Editable file types.
+$config_etypes = "html,htm,xhtml,php,pl,css,js,txt,text,cfg,conf,ini,csv,svg,log,dtd,htaccess"; //Editable file types.
 $config_stypes = "*"; // Shown types; only files of the given types should show up in the file-listing
 	// Use $config_stypes exactly like $config_etypes (list of extensions separated by commas).
 	// If $config_stypes is set to null - by intention or by error - only folders will be shown.
@@ -84,14 +84,16 @@
 	// If $config_stypes is set to "html,htm" for example, only file with the extension "html" or "htm" will get listed.
 
 $config_itypes = "jpg,gif,png,bmp,ico"; //image types to display on edit page.
-// _ftypes & _fclass must have same number of values. bin is default.
-$config_ftypes = "bin,z,gz,7z,zip,jpg,gif,png,bmp,ico,svg,txt,cvs,css,php,pl ,ini,cfg,conf,log,asp,js ,htm,html,htaccess";
-$config_fclass = "bin,z,z ,z ,z  ,img,img,img,img,img,svg,txt,txt,css,php,txt,txt,cfg,cfg ,txt,txt,txt,htm,htm ,txt";
+// _ftypes & _fclass must have the same number of values. bin is default.
+$config_ftypes = "bin,z,gz,7z,zip,jpg,gif,png,bmp,ico,svg,txt,cvs,css,php,pl ,ini,cfg,conf,log,asp,js ,htm,html,dtd,htaccess";
+$config_fclass = "bin,z,z ,z ,z  ,img,img,img,img,img,svg,txt,txt,css,php,txt,txt,cfg,cfg ,txt,txt,txt,htm,htm ,txt,txt";
 
 $EX = '<b>( ! )</b> '; //EXclaimation point "icon" Used in $message's
 
 $SESSION_NAME = 'OFCMS'; //Name of session cookie. Change if using multiple copies of OneFileCMS.
 
+$ACCESS_ROOT = ''; //Restrict access to a particular folder.  Leave empty for $WEB_ROOT (entire website).
+
 //External config file, if there is one.  Any settings in the $config_file will supersede those above.
 //$config_file = 'OFCMS_config.SAMPLE.php';  // Path is relative to OneFileCMS.
 	//Format for external config file is basic php:
@@ -139,10 +141,15 @@
 
 $TO_WARNING = 120; //seconds. When idle time remaining is less than this value, $timeout_warning is displayed
 
-$ONESCRIPT = URLencode_path($_SERVER["SCRIPT_NAME"]); //Used for URL's
-$DOC_ROOT  = $_SERVER["DOCUMENT_ROOT"].'/';
-$WEB_ROOT  = URLencode_path(basename($DOC_ROOT)).'/';
-$WEBSITE   = $_SERVER["HTTP_HOST"].'/';
+//Clean up & validate $ACCESS_ROOT.
+$ACCESS_ROOT = Check_path($ACCESS_ROOT);
+if (!is_dir($ACCESS_ROOT)) {$ACCESS_ROOT='';}
+if (!$ACCESS_ROOT == '') {$ACCESS_ROOT .= '/';}
+
+$ONESCRIPT   = URLencode_path($_SERVER["SCRIPT_NAME"]); //Used for URL's
+$DOC_ROOT    = $_SERVER["DOCUMENT_ROOT"].'/';
+$WEB_ROOT    = URLencode_path(basename($DOC_ROOT)).'/'.$ACCESS_ROOT;
+$WEBSITE     = $_SERVER["HTTP_HOST"].'/';
 
 $ONESCRIPT_file   = $_SERVER["SCRIPT_FILENAME"];  //Non-url use
 $ONESCRIPT_path   = dirname($ONESCRIPT_file).'/'; //Non-url use //Do not use dir_name().
@@ -406,7 +413,7 @@ function Default_Language() { // ***********************************************
 
 
 function Session_Startup() { //*************************************************
-	global $SESSION_NAME, $page, $VALID_POST, $message;
+	global $SESSION_NAME, $page, $VALID_POST, $DOC_ROOT, $ACCESS_ROOT;
 
 	$limit    = 0; //0 = session.
 	$path     = '';
@@ -432,7 +439,8 @@ function Session_Startup() { //*************************************************
 
 	$_SESSION['nuonce'] = sha1(mt_rand().microtime()); //provided in <forms> to verify POST
 
-	chdir($_SERVER["DOCUMENT_ROOT"]); //Allow OneFileCMS.php to be started from any dir on the site.
+	//Allow OneFileCMS.php to be started from any dir on the site.
+	chdir($DOC_ROOT.$ACCESS_ROOT); //Limit access to the folder $ACCESS_ROOT.
 }//end Session_Startup() //*****************************************************
 
 
@@ -472,10 +480,11 @@ function Verify_IDLE_POST_etc() { //********************************************
 
 function hashit($key){ //*******************************************************
 	//This is the super-secret stuff - Keep it secret, keep it safe!
-	//If you change anything here, or the $SALT, redo the hash for your password.
+	//If you change anything here, or the $SALT, manually update the hash for your password from the Generate Hash page.
 	global $SALT;
-	$hash = hash('sha256', trim($key).$SALT); // trim off leading & trailing whitespace.
-	for ( $x=0; $x < 10000; $x++ ) { $hash = hash('sha256', $hash.$SALT); }
+	$hash = trim($key); // trim off leading & trailing whitespace.
+
+	for ( $x=0; $x < 10001; $x++ ) { $hash = hash('sha256', $hash.$SALT); }
 	return $hash;
 }//end hashit() //**************************************************************
 
@@ -692,6 +701,7 @@ function has_invalid_char($string) { //*****************************************
 
 
 function URLencode_path($path){ // don't encode the forward slashes ************
+	$path = str_replace('\\','/',$path);   //Make sure all forward slashes.
 	$TS = '';  // Trailing Slash/
 	if (substr($path, -1) == '/' ) { $TS = '/'; } //start with a $TS?
 	$path_array = explode('/',$path);
@@ -799,9 +809,9 @@ function ordinalize($destination,$filename, &$msg) { //*************************
 	$savefile = $destination.$filename;
 
 	if (file_exists($savefile)) {
-
+		
 		$msg .= $EX.hsc($_['ord_msg_01']).'<br>';
-
+		
 		while (file_exists($savefile)) {
 			$ordinal = sprintf("%03d", ++$ordinal); //  001, 002, 003, etc...
 			$savefile = $destination.$filename.'.'.$ordinal;
@@ -909,7 +919,7 @@ function Current_Path_Header(){ //**********************************************
 
 	echo '<h2>';
 		//Root folder of web site.
-		echo '<a id="path_0" href="'.$ONESCRIPT.'" class="path"> '.hte(trim($WEB_ROOT, '/')).'</a>/';
+		echo '<a id="path_0" href="'.$ONESCRIPT.'" class="path"> '.hte(rawurldecode(trim($WEB_ROOT, '/'))).'</a>/';
 		$x=0; //need here for focus() in case at webroot.
 		
 		if ($ipath != "" ) { //if not at root, show the rest
@@ -990,7 +1000,7 @@ function Cancel_Submit_Buttons($submit_label) { //******************************
 	<p>
 	<input type="button" class="button" id="cancel" value="<?php echo hsc($_['Cancel']) ?>"
 		onclick="parent.location = '<?php echo $ONESCRIPT.$params ?>'">
-	<input type="submit" class="button" value="<?php echo hsc($submit_label);?>" style="margin-left: 1em;">
+	<input type="submit" class="button" id="submit" value="<?php echo hsc($submit_label);?>" style="margin-left: 1em;">
 <?php
 	//Do not close the <p> tag yet/here. Leave it open for potential content on individual pages.
 }//end Cancel_Submit_Buttons() //***********************************************
@@ -1369,21 +1379,25 @@ function Change_PWUN_response($PWUN, $msg){ //**********************************
 
 	$error_msg   = $EX.'<b>'.hsc($msg).'</b> ';
 
+	//If all fields are blank, do nothing.
+	if ( ($current_pass == "") && ($new_pwun == "") && ($confirm_pwun == "") ) {
+		return;
+	}
 	//If any field is blank...
-	if ( ($current_pass == "") || ($new_pwun == "") || ($confirm_pwun == "") ) {
+	elseif ( ($current_pass == "") || ($new_pwun == "") || ($confirm_pwun == "") ) {
 		$message .= $error_msg.'<br>';
-		
+	}	
 	//If new & Confirm values don't match...
-	}elseif ($new_pwun != $confirm_pwun) {
+	elseif ($new_pwun != $confirm_pwun) {
 		$message .= $error_msg.hsc($_['change_pw_04']).'<br>';
-		
+	}
 	//If incorrect current p/w, logout.  (new == confirm at this point)
-	}elseif (hashit($current_pass) != $HASHWORD) {
+	elseif (hashit($current_pass) != $HASHWORD) { 
 		$message .= $error_msg.'<br>'.hsc($_['change_pw_03']).'<br>';
 		Logout();
-		
+	}
 	//Else change username or password
-	}else {
+	else {
 		if ($PWUN == "pw") {
 			$search_for   = '$HASHWORD '; //include space after $HASHWORD
 			$replace_with = '$HASHWORD = "'.hashit($new_pwun).'";';
@@ -1475,7 +1489,7 @@ function Login_response() { //**************************************************
 	$_POST['password'] = trim($_POST['password']);
 	$_POST['username'] = trim($_POST['username']);
 
-	//Validate password
+	//Validate password.
 	$VALID_PASSWORD = (hashit($_POST['password']) == $HASHWORD);
 
 	//validate login.
@@ -1862,6 +1876,7 @@ function Upload_Page() { //*****************************************************
 	global $_, $ONESCRIPT, $ipath, $param1, $INPUT_NUONCE, $UPLOAD_FIELDS, $MAIN_WIDTH;
 
 	$max_file_uploads = ini_get('max_file_uploads');
+	if ($max_file_uploads < 1) { $max_file_uploads = $UPLOAD_FIELDS; } 
 	if ($max_file_uploads < $UPLOAD_FIELDS) { $UPLOAD_FIELDS = $max_file_uploads; }
 
 	//$main_width is used below to determine size (width) of <input type=file> in FF.
@@ -2015,28 +2030,30 @@ function New_response($post, $isfile){ //***************************************
 function Set_Input_width() { //*************************************************
 	global $_, $WEB_ROOT, $MAIN_WIDTH;
 
-	// (width of <input type=text>) = $MAIN_WIDTH - (Width of <label> & $WEB_ROOT)
-	// $MAIN_WIDTH may be in em, px, or pt.
+	// (width of <input type=text>) = $MAIN_WIDTH - (Width of <label>) - (width of <span>$WEB_ROOT</span>)
+	// $MAIN_WIDTH: Set in config section, may be in em, px, pt, or %. Ignoring % for now.
 	// Width of 1 character = .625em = 10px = 7.5pt  (1em = 16px = 12pt)
 
-	$label_enc   =  mb_detect_encoding($_['New_Location']); //ASCII? UTF8? etc...
-	$root_enc    =  mb_detect_encoding($WEB_ROOT);          //ASCII? UTF8? etc...
-	$root_width  = (mb_strlen($WEB_ROOT, $root_enc));
-	$label_width = (mb_strlen($_['New_Location'], $label_enc));
+	$main_units   = substr($MAIN_WIDTH, -2);
+	$main_width   = $MAIN_WIDTH * 1;
 
-	$indent       = ($label_width + $root_width + 1 ); // +1 for good measure
-	$main_width   = $MAIN_WIDTH * 1;   //set in config section.
-	$main_units   = substr($MAIN_WIDTH, -2); //should be em, px, or pt
+	$root_enc    =  mb_detect_encoding($WEB_ROOT);           //ASCII? UTF8? etc...
+	$root_width  = (mb_strlen(rawurldecode($WEB_ROOT), $root_enc));
+
+	$label_enc   =  mb_detect_encoding($_['New_Location']);  //ASCII? UTF8? etc...
+	$label_width = (mb_strlen($_['New_Location'], $label_enc));
 
 	//convert to em
-	$indent = $indent *.625;
+	$root_width *= .625;
+	$label_width *= .625;
 	if     ( $main_units == "px") { $main_width = $main_width / 16 ; }
 	elseif ( $main_units == "pt") { $main_width = $main_width / 12 ; }
 
-	$input_type_text_width = ($main_width - $indent).'em';
+	//The .4 at the end is needed for some rounding erros above. Or something... I don't know.
+	$input_type_text_width = ($main_width - $label_width - $root_width - .4).'em';
 
 	echo '<style>input[type="text"] {width: '.$input_type_text_width.';}';
-	echo 'label {display: inline-block; width: '.($indent - 4.8).'em; }</style>';
+	echo 'label {display: inline-block; width: '.$label_width.'em; }</style>';
 
 }//end Set_Input_width() //*****************************************************
 
@@ -2061,7 +2078,7 @@ function CRM_Page($action, $title, $name_id, $old_name) { //********************
 		echo '<label>'.hsc($_['CRM_txt_04']).':</label>';
 		echo '<input type=text name=new_name id=new_name class=old_new_name value="'.hsc(basename($new_name)).'"><br>';
 		echo '<label>'.hsc($_['New_Location']).':</label>';
-		echo '<span class="web_root">'.hte($WEB_ROOT).'</span>';
+		echo '<span class="web_root">'.hte(urldecode($WEB_ROOT)).'</span>';
 		echo '<input type=text name=new_location id=new_location value="'.hsc(dir_name($new_name)).'"><br>';
 		echo '('.hsc($_['CRM_txt_02']).')<p>';
 		Cancel_Submit_Buttons($action);
@@ -2208,7 +2225,7 @@ function MCD_Page($action, $page_title, $classes = '') { //*********************
 		echo '<input type="hidden" name="'.$action.'" value="'.$action.'">'.PHP_EOL;
 		
 		if ( ($_POST['mcdaction'] == 'copy') || ($_POST['mcdaction'] == 'move') ) {
-			echo '<label>'.hsc($_['New_Location']).':</label> ';
+			echo '<label>'.hsc($_['New_Location']).':</label>';
 			echo '<span class="web_root">'.hte($WEB_ROOT).'</span>';
 			echo '<input type="text" name="new_location" id="new_location" value="'.hsc($ipath).'">';
 			echo '<p>('.hsc($_['CRM_txt_02']).')</p>';
@@ -3143,7 +3160,7 @@ function Language_and_config_adjusted_styles() { //*****************************
 <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
 <meta name="robots" content="noindex">
 <?php
-echo '<title>'.hsc($config_title.' - '.Page_Title()).'</title>';
+echo '<title>'.hsc($config_title.' - '.Page_Title()).'</title>'."\n";
 
 style_sheet();
 
diff --git a/readme.markdown b/readme.markdown
index 64b5ee7..2f5ceb4 100755
--- a/readme.markdown
+++ b/readme.markdown
@@ -1,9 +1,19 @@
 # OneFileCMS
 
-## Current version: 3.4.13
+## Current version: 3.4.14
 
 ## Recent changes
 
+### November 12, 2012 (v3.4.14)
+
+- Courtesy of [Fuchur777](github.com/Fuchur777), added option to restrict OneFileCMS to a specified folder (and it's sub-folders).
+- Fixed issue on Upload page if using PHP v3.2.12 or earlier.
+- A few miscellaneous code improvements.
+
+### November 11, 2012
+
+- Thanks to [zaykin](https://github.com/zaykin) for the Russian language file!
+
 ### November 5, 2012 (v3.4.13)
 
 - Thanks to [symsec](http://github.com/symsec) for the Dutch (Nederlands) language file!
@@ -13,17 +23,12 @@
 
 - On the Upload Page, added an option to select either automatic rename or overwrite of pre-existing files.
 
-### October 16, 2012  (v3.4.11)
-
-- Just a few code tweaks & improvements.
-
-
 #### Language files
 
-- Thanks to [symsec](http://github.com/symsec) for the Dutch (Nederlands) language file!
-- Thanks to [fermuch](http://github.com/fermuch) for the Spanish language file!  
-- Thanks to [codeless](http://github.com/codeless) for the German language file!
-
+- German (Deutsch) courtesy of [codeless](http://github.com/codeless).
+- Spanish (Espan�la) courtesy of [fermuch](http://github.com/fermuch).
+- Dutch (Nederlands) courtesy of [symsec](http://github.com/symsec).  
+- Russian courtesy of [zaykin](https://github.com/zaykin).  
 
 --------------------------------------------------------------------------------
 
@@ -49,7 +54,7 @@ Coupling a utilitarian code editor with basic file managing functions, OneFileCM
 ## Features
  
 - All the basic file management features like renaming, moving, copying, deleting, and uploading.
-  _(For complex processes, like batch renaming or mass uploads, you're going to want to use an FTP program.)_
+  (For complex processes, like batch renaming or mass uploads, you're going to want to use an FTP program.)
 - A basic text editor.
 - Alerts if you try to leave editing with unsaved changes.
 - A Login delay after too many invalid login attempts.
@@ -60,15 +65,15 @@ Coupling a utilitarian code editor with basic file managing functions, OneFileCM
 
 ## Installation
 
-1) Download [this file](https://raw.github.com/Self-Evident/OneFileCMS/master/onefilecms.php).  
+1) Download the current version from the Download page.  
 
 2) Upload to anywhere on your site.  
   
 3) Log in to OneFileCMS with the default "username" and "password", and set your own username and password!  
 
-Depending on how your web stack is set up, you may also have to modify the file permissions of your site's folders to allow OneFileCMS to modify and create files. ([More about that here.](http://catcode.com/teachmod/)) Make sure onefilecms.php and its parent folder are allowed to execute, with CHMOD at 755. Check with your host if you're not sure, and be aware of any inherent security concerns.  
+As with any CMS, you may also have to modify the file permissions of your site's folders to allow OneFileCMS to modify and create files.  Check with your host if you're not sure, and be aware of any inherent security concerns.  
 
-You can also change the file name of OneFileCMS.php to something else, such as "Admin.php". (Be careful about making it a folder's default file: your server may get stuck in redirects.)
+You can also change the file name from "onefilecms.php" to something else, such as "admin.php". (Be careful about making it a folder's default file: your server may get stuck in redirects.)
 
 --------------------------------------------------------------------------------
 
@@ -92,13 +97,13 @@ Well, because "OneFileCMS" sounds way cooler (relatively speaking) than "OneFile
 
 ### Multi-Language Support?
 
-Yes!  Currently, English (EN), German (DE), Spanish (ES), and Dutch (NL) are available.
+Yes!  Currently, English (EN), German (DE), Spanish (ES), Dutch (NL), and Russian (RU) are available.
 
-If you speak another language and would like to contribute, translations into other languages are welcomed and appreciated!  Just use the English language file (or any of the others) as a template, and translate each word, phrase, etc., as appropriate.  (Someone told me he was working on an Esparento translation...)
+If you speak another language and would like to contribute, translations are welcomed and appreciated!  Just use the English language file (or any of the others) as a template, and translate each word, phrase, etc., as appropriate.
 
 ### Can I have more than one username/password?
 
-Yes!  Well, sort of - indirectly.  Upload or create addional copies of OneFileCMS, but give them different file names.(ie: OneFile1.php and OneFile2.php etc...)  Then, in each copy, maintain different usernames and passwords.  Also, so that one user does not login/logout the other, change the value of the $session_name config variable.  
+Yes!  Well, sort of - indirectly.  Upload or create addional copies of OneFileCMS, but give them different file names.(ex: OneFile1.php and OneFile2.php etc...)  Then, in each copy, maintain different usernames, passwords, and $session_name config values.  
   
 Now, since there is no database or other means of granular control or access logging, multiple usernames may be kind of pointless.  However, having at least one working backup copy of OneFileCMS available is recommended in case the primary copy gets corrupted.
 
@@ -116,9 +121,9 @@ Now, since there is no database or other means of granular control or access log
 ## License, Credit, Et Cetera  
 
 - Available under the MIT and BSD licenses.
-- Maintained by github/Self-Evident
 - Original concept and development by github.com/rocktronica
-- Contributors: A. M Balakrishnan, github.com/codeless, github.com/fermuch, github.com/symsec
+- Maintained by github/Self-Evident
+- Contributors: A. M Balakrishnan, github.com/codeless, github.com/fermuch, github.com/symsec, github.com/zaykin
 - Written in PHP, JavaScript, HTML, CSS, and SVG.
 - Icons for versions thru 1.1.6 by [famfamfam](http://www.famfamfam.com/).
 - To report a bug or request a feature, please file an issue via Github.

From b74ca14b4324c0cb6d8d78730b27ad7e4e2ef3ac Mon Sep 17 00:00:00 2001
From: Self-Evident <selfevidenttruths@mail.com>
Date: Mon, 19 Nov 2012 01:00:00 -0500
Subject: [PATCH 156/228] Version 3.4.15 Added BSD license inline for js sha
 hash code. Added js_hash_scripts() for client side p/w hashing. System Values
 & Setup: added $PRE_ITERATIONS used for the "pre-hash". hashit(): added a
 "pre-hash", and a parameter to trigger or skip it. Cancel_Submit_Buttons():
 changed id of submit button from "submit" to "submitty". Hash_response(): Use
 parameter do the "pre-hash" server-side. Change_PWUN_Page(): use
 js_hash_scripts() for the "pre-hash". Login_Page():  use js_hash_scripts()
 for the "pre-hash". Index_Page(): Some code cleanup to the Move, Copy, &
 Delete buttons. common_scripts(): added js function trim() Added
 event_scripts(): handles events on pages with hashing, and some validation.
 Upload_response(): If nothing selected, just reload Upload_Page() with no
 msg. New_response(): If no new name provided, just reload New_Page() with no
 msg. Some css tweeks - :active is now slightly darker than :hover or :focus.
 New language strings:   $_['Working'] = 'Working - please wait...';  
 $_['change_pw_07'] = 'All fields are required.'; Removed language strings:  
 $_['upload_msg_01'] = 'No file selected for upload.';   $_['new_file_msg_03']
 = 'Not created - no name given';

---
 OFCMS_config.SAMPLE.php  |  58 ++--
 OneFileCMS.LANG.DE.php   |  74 ++---
 OneFileCMS.LANG.EN.php   |  82 ++---
 OneFileCMS.LANG.ES.php   |  82 ++---
 OneFileCMS.LANG.NL.php   |  78 ++---
 OneFileCMS.LANG.RU.php   |  82 ++---
 OneFileCMS_structure.txt |  14 +-
 onefilecms.php           | 648 ++++++++++++++++++++++++++-------------
 readme.markdown          |  12 +-
 9 files changed, 690 insertions(+), 440 deletions(-)

diff --git a/OFCMS_config.SAMPLE.php b/OFCMS_config.SAMPLE.php
index 7abefd1..0c583ed 100755
--- a/OFCMS_config.SAMPLE.php
+++ b/OFCMS_config.SAMPLE.php
@@ -1,57 +1,63 @@
 <?php 
-// OneFileCMS sample external config file.
+// OneFileCMS sample external config file.  v3.4.15
 // For versions 3.3.15 and later.  (Updated $HASHWORD, removed $PASSWORD & $USE_HASH)
 // (Versions prior to 3.3.06 used an .ini format)
 //
-// Basically, below is simply a copy & paste of the OneFileCMS config section.
+// Basically, below is just a copy & paste of the OneFileCMS config section.
 
 
 // CONFIGURABLE INFO ***********************************************************
 $config_title = "OneFileCMS";
 
-$USERNAME = 'username';
-$HASHWORD = 'a6ca7f88bd5efc706d38047cc5844d2b11f86242c01e0c89a1c656dbe2dd1866'; //"password"
+$USERNAME = "username";
+$HASHWORD = "cff29a3b595b427ef8d01c089d368c7706a8c68ecc75d566642e313ee97ff659"; //"password"
+//$HASHWORD = "cff29a3b595b427ef8d01c089d368c7706a8c68ecc75d566642e313ee97ff659"; //"password"
 $SALT     = 'somerandomsalt';
 
-$LANGUAGE_FILE = ""; //Filename of language settings. Leave blank for built-in default.
-					 //If file is not found, built-in default will be used.
+//Name of optional external language file.  If file is not found, the built-in defaults will be used.
+//$LANGUAGE_FILE = "OneFileCMS.LANG.EN.php";  //Path is relative to OneFileCMS.
 
 $MAX_ATTEMPTS  = 3;   //Max failed login attempts before LOGIN_DELAY starts.
 $LOGIN_DELAY   = 10;  //In seconds.
-$MAX_IDLE_TIME = 600; //In seconds. 600 = 10 minutes.  Other PHP settings may limit its max effective value.
-					  //  For instance, 24 minutes is the PHP default for garbage collection.
+$MAX_IDLE_TIME = 600; //In seconds. 600 = 10 minutes.  Other PHP settings (like gc) may limit its max effective value.
 
-$MAIN_WIDTH    = '810px'; //Width of main <div> defining page layout.
-$WIDE_VIEW_WIDTH = '97%'; //Width to set Edit page if [Wide View] is clicked
-
-$MAX_IMG_W   = 810;  // Max width to display images. (page container = 810)
-$MAX_IMG_H   = 1000; // Max height.  I don't know, it just looks reasonable.
+$MAIN_WIDTH    = '800px'; //Width of main <div> defining page layout.          Can be px, pt, em, or %.  Assumes px otherwise.
+$WIDE_VIEW_WIDTH = '97%'; //Width to set Edit page if [Wide View] is clicked.  Can be px, pt, em, or %.  Assumes px otherwise.
+				
+$MAX_IMG_W   = 800;  //Max width to display images. (main width is 800)
+$MAX_IMG_H   = 1000; //Max height.  I don't know, it just looks reasonable.
 
 $MAX_EDIT_SIZE = 150000;  // Edit gets flaky with large files in some browsers.  Trial and error your's.
 $MAX_VIEW_SIZE = 1000000; // If file > $MAX_EDIT_SIZE, don't even view in OneFileCMS.
-                          // The default max view size is completely arbitrary. It was 2am and seemed like a good idea at the time.
-$config_favicon   = "/favicon.ico";
-$config_excluded  = ""; //files to exclude from directory listings- CaSe sEnsaTive!
+                          // The default max view size is completely arbitrary. Basically, it was 2am and seemed like a good idea at the time.
+
+$UPLOAD_FIELDS = 6; //Number of upload fields on Upload File(s) page. Max value is ini_get('max_file_uploads').
+
+$config_favicon   = "favicon.ico"; //Path is relative to root of website.
+$config_excluded  = ""; //files to exclude from directory listings- CaSe sEnsiTive!
 
-$config_etypes = "html,htm,xhtml,php,css,js,txt,text,cfg,conf,ini,csv,svg,log"; //Editable file types.
+$config_etypes = "html,htm,xhtml,php,pl,css,js,txt,text,cfg,conf,ini,csv,svg,log,dtd,htaccess"; //Editable file types.
 $config_stypes = "*"; // Shown types; only files of the given types should show up in the file-listing
-	// Use $config_stypes exactly like $config_etypes (list of extensions separated by semicolons).
-	// If $config_stypes is set to null - by intention or by error - OFCMS will only display folders.
-	// If $config_stypes is set to the *-wildcard (as per default), all files will show up.
+	// Use $config_stypes exactly like $config_etypes (list of extensions separated by commas).
+	// If $config_stypes is set to null - by intention or by error - only folders will be shown.
+	// If $config_stypes is set to the *-wildcard (the default), all files will show up.
 	// If $config_stypes is set to "html,htm" for example, only file with the extension "html" or "htm" will get listed.
 
 $config_itypes = "jpg,gif,png,bmp,ico"; //image types to display on edit page.
-$config_ftypes = "bin,jpg,gif,png,bmp,ico,svg,txt,cvs,css,php,ini,cfg,conf,asp,js ,htm,html"; // _ftype & _fclass must have same
-$config_fclass = "bin,img,img,img,img,img,svg,txt,txt,css,php,txt,cfg,cfg ,txt,txt,htm,htm";  // number of values. bin is default.
+// _ftypes & _fclass must have the same number of values. bin is default.
+$config_ftypes = "bin,z,gz,7z,zip,jpg,gif,png,bmp,ico,svg,txt,cvs,css,php,pl ,ini,cfg,conf,log,asp,js ,htm,html,dtd,htaccess";
+$config_fclass = "bin,z,z ,z ,z  ,img,img,img,img,img,svg,txt,txt,css,php,txt,txt,cfg,cfg ,txt,txt,txt,htm,htm ,txt,txt";
 
 $EX = '<b>( ! )</b> '; //EXclaimation point "icon" Used in $message's
 
-$SESSION_NAME = 'OFCMS'; //Also the cookie name. Change if using multiple copies of OneFileCMS.
+$SESSION_NAME = 'OFCMS'; //Name of session cookie. Change if using multiple copies of OneFileCMS.
 
-//$config_file = 'OFCMS_config.SAMPLE.php'; //External config file, if there is one.
+$ACCESS_ROOT = ''; //Restrict access to a particular folder.  Leave empty for $WEB_ROOT (entire website).
+
+//External config file, if there is one.  Any settings in the $config_file will supersede those above.
+//$config_file = 'OFCMS_config.SAMPLE.php';  // Path is relative to OneFileCMS.
 	//Format for external config file is basic php:
 	// < ? php                    //(without the spaces around the ?, of course)
 	// $option1 = "value";
 	// etc...
-// End CONFIGURABLE INFO *******************************************************
-
+//end CONFIGURABLE INFO ********************************************************
\ No newline at end of file
diff --git a/OneFileCMS.LANG.DE.php b/OneFileCMS.LANG.DE.php
index e78cffb..6ecb9b0 100755
--- a/OneFileCMS.LANG.DE.php
+++ b/OneFileCMS.LANG.DE.php
@@ -1,5 +1,5 @@
 <?php
-// OneFileCMS Language Settings v3.4.13
+// OneFileCMS Language Settings v3.4.15
 
 $_['LANGUAGE'] = 'Deutsch';
 $_['LANG'] = 'DE';
@@ -13,18 +13,18 @@
 //
 // If present as a trailing comment, "## NT ##" means 'Need Translation'.
 //
+// These first few settings control a few font and layout settings.
 // In some instances, some langauges may use significantly longer words or phrases than others.
 // So, a smaller font or less spacing may be desirable in those places to preserve page layout.
-//
-$_['front_links_font_size'] = '0.9em';  //Buttons on Index page.
-$_['front_links_margin_L']  = '0.3em';
-$_['button_font_size']      = '.7em';   //Buttons on Edit page.
-$_['button_margin_L']       = '.5em';
-$_['button_padding']        = '4px 5px';
-$_['image_info_font_size']  = '.95em';  //show_img_msg_01  &  _02
-$_['image_info_pos']        = '1';      //If 1 or true, moves the info down a line for more space.
-$_['select_all_label_size'] = '.84em';  //Font size of $_['Select_All']
-$_['select_all_label_width'] = '76px';  //Width of space for $_['Select_All']
+$_['front_links_font_size']  = '0.9em';   //Buttons on Index page.
+$_['front_links_margin_L']   = '0.3em';
+$_['button_font_size']       = '.7em';    //Buttons on Edit page.
+$_['button_margin_L']        = '.5em';
+$_['button_padding']         = '4px 5px';
+$_['image_info_font_size']   = '.95em';   //show_img_msg_01  &  _02
+$_['image_info_pos']         = '1';       //If 1 or true, moves the info down a line for more space.
+$_['select_all_label_size']  = '.84em';   //Font size of $_['Select_All']
+$_['select_all_label_width'] = '76px';    //Width of space for $_['Select_All']
 
 $_['Admin']   = 'Konfiguration';
 $_['bytes']   = 'bytes';
@@ -54,6 +54,7 @@
 $_['To']         = 'Auf';
 $_['Upload']     = 'Heraufladen';
 $_['Username']   = 'Benutzername';
+$_['Working']    = 'Working - please wait...'; //## NT ##
 $_['Log_In']     = 'Anmelden';
 $_['Log_Out']    = 'Abmelden';
 
@@ -143,24 +144,23 @@
 $_['edit_msg_02'] = 'Bytes geschrieben.';
 $_['edit_msg_03'] = 'Bei dem Versuch die Datei zu speichern trat ein Fehler auf.';
 
-$_['upload_txt_03']  = 'Anmerkung: Die maximale Dateigröße für das Heraufladen von Dateien beträgt: ';
-$_['upload_txt_01']  = 'php.ini: upload_max_filesize';
-$_['upload_txt_04']  = 'Maximale Gesamt Upload-Größe:';
-$_['upload_txt_02']  = 'php.ini: post_max_size';
-$_['upload_txt_05']  = 'Für die hochgeladenen Dateien, die bereits existieren: ';
-$_['upload_txt_06']  = 'Umbenennen (Auf filename.ext.001 etc...)';
-$_['upload_txt_07']  = 'Überschreiben';
-
-$_['upload_err_01']  = 'Error 1: Datei zu groß. Von php.ini:';
-$_['upload_err_02']  = 'Error 2: Datei zu groß. (MAX_FILE_SIZE HTML form element)';
-$_['upload_err_03']  = 'Fehler 3: Die Datei wurde nur teilweise heraufgeladen.';
-$_['upload_err_04']  = 'Fehler 4: Es wurde keine Datei heraufgeladen.';
-$_['upload_err_05']  = 'Fehler 5:';
-$_['upload_err_06']  = 'Fehler 6: Konnte kein temporäres Verzeichnis finden.';
-$_['upload_err_07']  = 'Fehler 7: Die Datei konnte nicht gespeichert werden.';
-$_['upload_err_08']  = 'Fehler 8: Eine PHP-Erweiterung hat das Heraufladen der Datei gestoppt.';
-
-$_['upload_msg_01'] = 'Es wurde keine Datei zum Heraufladen gewählt.';
+$_['upload_txt_03'] = 'Anmerkung: Die maximale Dateigröße für das Heraufladen von Dateien beträgt: ';
+$_['upload_txt_01'] = 'php.ini: upload_max_filesize';
+$_['upload_txt_04'] = 'Maximale Gesamt Upload-Größe:';
+$_['upload_txt_02'] = 'php.ini: post_max_size';
+$_['upload_txt_05'] = 'Für die hochgeladenen Dateien, die bereits existieren: ';
+$_['upload_txt_06'] = 'Umbenennen (Auf filename.ext.001 etc...)';
+$_['upload_txt_07'] = 'Überschreiben';
+
+$_['upload_err_01'] = 'Error 1: Datei zu groß. Von php.ini:';
+$_['upload_err_02'] = 'Error 2: Datei zu groß. (MAX_FILE_SIZE HTML form element)';
+$_['upload_err_03'] = 'Fehler 3: Die Datei wurde nur teilweise heraufgeladen.';
+$_['upload_err_04'] = 'Fehler 4: Es wurde keine Datei heraufgeladen.';
+$_['upload_err_05'] = 'Fehler 5:';
+$_['upload_err_06'] = 'Fehler 6: Konnte kein temporäres Verzeichnis finden.';
+$_['upload_err_07'] = 'Fehler 7: Die Datei konnte nicht gespeichert werden.';
+$_['upload_err_08'] = 'Fehler 8: Eine PHP-Erweiterung hat das Heraufladen der Datei gestoppt.';
+
 $_['upload_msg_02'] = 'Der Zielordner existiert nicht: ';
 $_['upload_msg_03'] = 'Das Heraufladen wurde abgebrochen.';
 $_['upload_msg_04'] = 'Heraufladen: ';
@@ -172,17 +172,16 @@
 $_['new_file_txt_02'] = 'Ungültige Zeichen für Dateinamen sind: ';
 $_['new_file_msg_01'] = 'Die neue Datei wurde nicht erstellt:';
 $_['new_file_msg_02'] = 'Der Name enthält ungültige Zeichen: ';
-$_['new_file_msg_03'] = 'Es wurde keine Datei erstellt, da kein Name eingegeben wurde';
 $_['new_file_msg_04'] = 'Die Datei besteht bereits: ';
 $_['new_file_msg_05'] = 'Datei erstellt:';
 $_['new_file_msg_07'] = 'Ordner erstellt:';
 
-$_['CRM_txt_02']  = 'Der neue Ort muss bereits existieren.';
-$_['CRM_txt_04']  = 'Neuer Name';
-$_['CRM_msg_01']  = 'Fehler - der neue Zielort besteht nicht:';
-$_['CRM_msg_02']  = 'Fehler - die Quelldatei besteht nicht:';
-$_['CRM_msg_03']  = 'Fehler - die Zieldatei besteht bereits:';
-$_['CRM_msg_05']  = 'Fehler bei der';
+$_['CRM_txt_02'] = 'Der neue Ort muss bereits existieren.';
+$_['CRM_txt_04'] = 'Neuer Name';
+$_['CRM_msg_01'] = 'Fehler - der neue Zielort besteht nicht:';
+$_['CRM_msg_02'] = 'Fehler - die Quelldatei besteht nicht:';
+$_['CRM_msg_03'] = 'Fehler - die Zieldatei besteht bereits:';
+$_['CRM_msg_05'] = 'Fehler bei der';
 
 $_['delete_msg_03']   = 'Fehler löschen:';
 $_['session_warning'] = 'Achtung: Die sitzung wird ende bald!';
@@ -215,6 +214,7 @@
 $_['pw_change']  = 'Passwort ändern';
 $_['pw_new']     = 'Neues Passwort';
 $_['pw_confirm'] = 'Bestätigen Sie das neue Password';
+
 $_['un_change']  = 'Benutzername ändern';
 $_['un_new']     = 'Neuer Benutzername';
 $_['un_confirm'] = 'Bestätigen Sie den neuen Benutzernamen';
@@ -233,6 +233,8 @@
 $_['change_pw_04'] = 'Die Werte der Felder "Neu" und "Bestätigen" gleichen sich nicht.';
 $_['change_pw_05'] = 'Aktualisierung';
 $_['change_pw_06'] = 'Externe Konfigurationsdatei';
+
+$_['change_pw_07'] = 'All fields are required.'; //## NT ##
 $_['change_un_01'] = 'Benutzername wurde geändert!';
 $_['change_un_02'] = 'Benutzername wurde nicht geändert.';
 
diff --git a/OneFileCMS.LANG.EN.php b/OneFileCMS.LANG.EN.php
index f5f639f..2748240 100755
--- a/OneFileCMS.LANG.EN.php
+++ b/OneFileCMS.LANG.EN.php
@@ -1,5 +1,5 @@
 <?php
-// OneFileCMS Language Settings v3.4.13
+// OneFileCMS Language Settings v3.4.15
 
 $_['LANGUAGE'] = 'English'; //EN
 $_['LANG'] = 'EN';
@@ -13,18 +13,18 @@
 //
 // If present as a trailing comment, "## NT ##" means 'Need Translation'.
 //
+// These first few settings control a few font and layout settings.
 // In some instances, some langauges may use significantly longer words or phrases than others.
 // So, a smaller font or less spacing may be desirable in those places to preserve page layout.
-//
-$_['front_links_font_size'] = '1.0em';  //Buttons on Index page.
-$_['front_links_margin_L']  = '1.0em';
-$_['button_font_size']      = '0.9em';  //Buttons on Edit page.
-$_['button_margin_L']       = '0.7em';
-$_['button_padding']        = '4px 10px';
-$_['image_info_font_size']  = '1em';    //show_img_msg_01  &  _02
-$_['image_info_pos']        = '';       //If 1 or true, moves the info down a line for more space.
-$_['select_all_label_size'] = '.84em';  //Font size of $_['Select_All']
-$_['select_all_label_width'] = '72px';  //Width of space for $_['Select_All']
+$_['front_links_font_size']  = '1.0em';   //Buttons on Index page.
+$_['front_links_margin_L']   = '1.0em';
+$_['button_font_size']       = '0.9em';   //Buttons on Edit page.
+$_['button_margin_L']        = '0.7em';
+$_['button_padding']         = '4px 10px';
+$_['image_info_font_size']   = '1em';     //show_img_msg_01  &  _02
+$_['image_info_pos']         = '';        //If 1 or true, moves the info down a line for more space.
+$_['select_all_label_size']  = '.84em';   //Font size of $_['Select_All']
+$_['select_all_label_width'] = '72px';    //Width of space for $_['Select_All']
 
 $_['Admin']   = 'Admin';
 $_['bytes']   = 'bytes';   //####
@@ -54,6 +54,7 @@
 $_['To']         = 'To';
 $_['Upload']     = 'Upload';
 $_['Username']   = 'Username';
+$_['Working']    = 'Working - please wait...'; //####
 $_['Log_In']     = 'Log In';
 $_['Log_Out']    = 'Log Out';
 
@@ -143,46 +144,44 @@
 $_['edit_msg_02'] = 'bytes written.';
 $_['edit_msg_03'] = 'There was an error saving file.';
 
-$_['upload_txt_03']  = 'Maximum size of each file:';
-$_['upload_txt_01']  = '(php.ini: upload_max_filesize)';
-$_['upload_txt_04']  = 'Maximum total upload size:';
-$_['upload_txt_02']  = '(php.ini: post_max_size)';
-$_['upload_txt_05']  = 'For uploaded files that already exist: ';
-$_['upload_txt_06']  = 'Rename (to filename.ext.001 etc...)';
-$_['upload_txt_07']  = 'Overwrite';
-
-$_['upload_err_01']  = 'Error 1: File too large. From php.ini:';
-$_['upload_err_02']  = 'Error 2: File too large. (Exceeds MAX_FILE_SIZE HTML form element)';
-$_['upload_err_03']  = 'Error 3: The uploaded file was only partially uploaded.';
-$_['upload_err_04']  = 'Error 4: No file was uploaded.';
-$_['upload_err_05']  = 'Error 5:';
-$_['upload_err_06']  = 'Error 6: Missing a temporary folder.';
-$_['upload_err_07']  = 'Error 7: Failed to write file to disk.';
-$_['upload_err_08']  = 'Error 8: A PHP extension stopped the file upload.';
-
-$_['upload_msg_01'] = 'No file selected for upload.';
+$_['upload_txt_03'] = 'Maximum size of each file:';
+$_['upload_txt_01'] = '(php.ini: upload_max_filesize)';
+$_['upload_txt_04'] = 'Maximum total upload size:';
+$_['upload_txt_02'] = '(php.ini: post_max_size)';
+$_['upload_txt_05'] = 'For uploaded files that already exist: '; //####
+$_['upload_txt_06'] = 'Rename (to filename.ext.001 etc...)';
+$_['upload_txt_07'] = 'Overwrite'; //####
+
+$_['upload_err_01'] = 'Error 1: File too large. From php.ini:';
+$_['upload_err_02'] = 'Error 2: File too large. (Exceeds MAX_FILE_SIZE HTML form element)';
+$_['upload_err_03'] = 'Error 3: The uploaded file was only partially uploaded.';
+$_['upload_err_04'] = 'Error 4: No file was uploaded.';
+$_['upload_err_05'] = 'Error 5:';
+$_['upload_err_06'] = 'Error 6: Missing a temporary folder.';
+$_['upload_err_07'] = 'Error 7: Failed to write file to disk.';
+$_['upload_err_08'] = 'Error 8: A PHP extension stopped the file upload.';
+
 $_['upload_msg_02'] = 'Destination folder invalid:';
 $_['upload_msg_03'] = 'Upload cancelled.';
 $_['upload_msg_04'] = 'Uploading:';
 $_['upload_msg_05'] = 'Upload successful!';
 $_['upload_msg_06'] = 'Upload failed:';
-$_['upload_msg_07'] = 'A pre-existing file was overwritten.';
+$_['upload_msg_07'] = 'A pre-existing file was overwritten.'; //####
 
 $_['new_file_txt_01'] = 'File or Folder will be created in the current folder.';
 $_['new_file_txt_02'] = 'Some invalid characters are:';
 $_['new_file_msg_01'] = 'File or folder not created:';
 $_['new_file_msg_02'] = 'Name contains an invalid character:';
-$_['new_file_msg_03'] = 'Not created - no name given';
 $_['new_file_msg_04'] = 'File or folder already exists:';
 $_['new_file_msg_05'] = 'Created file:';
 $_['new_file_msg_07'] = 'Created folder:';
 
-$_['CRM_txt_02']  = 'The new location must already exist.';
-$_['CRM_txt_04']  = 'New Name';
-$_['CRM_msg_01']  = 'Error - new parent location does not exist:';
-$_['CRM_msg_02']  = 'Error - source file does not exist:';
-$_['CRM_msg_03']  = 'Error - new file or folder already exists:';
-$_['CRM_msg_05']  = 'Error during';
+$_['CRM_txt_02'] = 'The new location must already exist.';
+$_['CRM_txt_04'] = 'New Name';
+$_['CRM_msg_01'] = 'Error - new parent location does not exist:';
+$_['CRM_msg_02'] = 'Error - source file does not exist:';
+$_['CRM_msg_03'] = 'Error - new file or folder already exists:';
+$_['CRM_msg_05'] = 'Error during';
 
 $_['delete_msg_03']   = 'Delete error:';
 $_['session_warning'] = 'Warning: Session timeout soon!';
@@ -208,13 +207,14 @@
 $_['admin_txt_00'] = 'Old Backup Found';
 $_['admin_txt_01'] = 'A backup file was created in case of an error during a username or password change. Therefore, it may contain old information and should be deleted if not needed. In any case, it will be automatically overwritten on the next password or username change.';
 $_['admin_txt_02'] = 'General Information';
-$_['admin_txt_14'] = 'For a small improvement to security, change the default salt and/or method used by OneFileCMS to hash the password (and keep them secret, of course). Every little bit helps...'; //####
-$_['admin_txt_16'] = 'OneFileCMS can be used to edit itself.  However, be sure to have a backup ready for the inevitable ytpo...'; //####
+$_['admin_txt_14'] = 'For a small improvement to security, change the default salt and/or method used by OneFileCMS to hash the password (and keep them secret, of course). Every little bit helps...';
+$_['admin_txt_16'] = 'OneFileCMS can be used to edit itself.  However, be sure to have a backup ready for the inevitable ytpo...';
 
 $_['pw_current'] = 'Current Password';
 $_['pw_change']  = 'Change Password';
 $_['pw_new']     = 'New Password';
 $_['pw_confirm'] = 'Confirm New Password';
+
 $_['un_change']  = 'Change Username';
 $_['un_new']     = 'New Username';
 $_['un_confirm'] = 'Confirm New Username';
@@ -224,7 +224,7 @@
 $_['pw_txt_06'] = 'Must contain at least one non-space character.';
 $_['pw_txt_08'] = 'May contain spaces in the middle. Ex: "This is a password or username!"';
 $_['pw_txt_10'] = 'Leading and trailing spaces are ignored.';
-$_['pw_txt_12'] = 'In recording the change, only one file is updated: either the active copy of OneFileCMS, or, if specified, an external configuration file.';
+$_['pw_txt_12'] = 'In recording the change, only one file is updated: either the active copy of OneFileCMS, or - if specified, an external configuration file.';
 $_['pw_txt_14'] = 'If an incorrect current password is entered, you will be logged out, but you may log back in.';
 
 $_['change_pw_01'] = 'Password changed!';
@@ -233,6 +233,8 @@
 $_['change_pw_04'] = '"New" and "Confirm New" values do not match.';
 $_['change_pw_05'] = 'Updating';
 $_['change_pw_06'] = 'external config file';
+
+$_['change_pw_07'] = 'All fields are required.'; //####
 $_['change_un_01'] = 'Username changed!';
 $_['change_un_02'] = 'Username NOT changed.';
 
diff --git a/OneFileCMS.LANG.ES.php b/OneFileCMS.LANG.ES.php
index f5097d1..8550cf7 100755
--- a/OneFileCMS.LANG.ES.php
+++ b/OneFileCMS.LANG.ES.php
@@ -1,5 +1,5 @@
 <?php
-// OneFileCMS Language Settings v3.4.13
+// OneFileCMS Language Settings v3.4.15
 
 $_['LANGUAGE'] = 'Espanõla';
 $_['LANG'] = 'ES';
@@ -13,18 +13,18 @@
 //
 // If present as a trailing comment, "## NT ##" means 'Need Translation'.
 //
+// These first few settings control a few font and layout settings.
 // In some instances, some langauges may use significantly longer words or phrases than others.
 // So, a smaller font or less spacing may be desirable in those places to preserve page layout.
-//
-$_['front_links_font_size'] = '1.0em';  //Buttons on Index page.
-$_['front_links_margin_L']  = '0.5em';
-$_['button_font_size']      = '0.9em';  //Buttons on Edit page.
-$_['button_margin_L']       = '0.4em';
-$_['button_padding']        = '4px 5px';
-$_['image_info_font_size']  = '.95em';  //show_img_msg_01  &  _02
-$_['image_info_pos']        = ' ';      //If 1 or true, moves the info down a line for more space.
-$_['select_all_label_size'] = '.84em';  //Font size of $_['Select_All']
-$_['select_all_label_width'] = '110px'; //Width of space for $_['Select_All']
+$_['front_links_font_size']  = '1.0em';   //Buttons on Index page.
+$_['front_links_margin_L']   = '0.5em';
+$_['button_font_size']       = '0.9em';   //Buttons on Edit page.
+$_['button_margin_L']        = '0.4em';
+$_['button_padding']         = '4px 5px';
+$_['image_info_font_size']   = '.95em';   //show_img_msg_01  &  _02
+$_['image_info_pos']         = ' ';       //If 1 or true, moves the info down a line for more space.
+$_['select_all_label_size']  = '.84em';   //Font size of $_['Select_All']
+$_['select_all_label_width'] = '110px';   //Width of space for $_['Select_All']
 
 $_['Admin']   = 'Administrador';
 $_['bytes']   = 'bytes';
@@ -54,6 +54,7 @@
 $_['To']         = 'Hacia';
 $_['Upload']     = 'Subir';
 $_['Username']   = 'Usuario';
+$_['Working']    = 'Working - please wait...'; //## NT ##
 $_['Log_In']     = 'Iniciar Sesión';
 $_['Log_Out']    = 'Cerrar Sesión';
 
@@ -143,24 +144,23 @@
 $_['edit_msg_02'] = 'bytes escritos.';
 $_['edit_msg_03'] = 'Ocurrió un error guardando el archivo.';
 
-$_['upload_txt_03']  = 'Nota: El tamaño máximo de subida es de:';
-$_['upload_txt_01']  = '(php.ini: upload_max_filesize)';
-$_['upload_txt_04']  = 'Tamaño total de la subida:';
-$_['upload_txt_02']  = '(php.ini: post_max_size)';
-$_['upload_txt_05']  = 'Para los archivos subidos que ya existen: ';
-$_['upload_txt_06']  = 'Renombrar (hacia filename.ext.001 etc...)';
-$_['upload_txt_07']  = 'Sobreescribir';
-
-$_['upload_err_01']  = 'Error 1: Archivo demasiado pesado. Desde php.ini:';
-$_['upload_err_02']  = 'Error 2: Archivo muy grande. (MAX_FILE_SIZE HTML form element)';
-$_['upload_err_03']  = 'Error 3: El archivo se subió sólo parcialmente.';
-$_['upload_err_04']  = 'Error 4: No se subió ningún archivo.';
-$_['upload_err_05']  = 'Error 5: ';
-$_['upload_err_06']  = 'Error 6: Carpeta temporal no encontrada.';
-$_['upload_err_07']  = 'Error 7: No se pudo guardar el archivo en el disco.';
-$_['upload_err_08']  = 'Error 8: Una extensión de PHP detuvo la subida del archivo.';
-
-$_['upload_msg_01'] = 'No se seleccionó ningún archivo para subirlo.';
+$_['upload_txt_03'] = 'Nota: El tamaño máximo de subida es de:';
+$_['upload_txt_01'] = '(php.ini: upload_max_filesize)';
+$_['upload_txt_04'] = 'Tamaño total de la subida:';
+$_['upload_txt_02'] = '(php.ini: post_max_size)';
+$_['upload_txt_05'] = 'Para los archivos subidos que ya existen: ';
+$_['upload_txt_06'] = 'Renombrar (hacia filename.ext.001 etc...)';
+$_['upload_txt_07'] = 'Sobreescribir';
+
+$_['upload_err_01'] = 'Error 1: Archivo demasiado pesado. Desde php.ini:';
+$_['upload_err_02'] = 'Error 2: Archivo muy grande. (MAX_FILE_SIZE HTML form element)';
+$_['upload_err_03'] = 'Error 3: El archivo se subió sólo parcialmente.';
+$_['upload_err_04'] = 'Error 4: No se subió ningún archivo.';
+$_['upload_err_05'] = 'Error 5: ';
+$_['upload_err_06'] = 'Error 6: Carpeta temporal no encontrada.';
+$_['upload_err_07'] = 'Error 7: No se pudo guardar el archivo en el disco.';
+$_['upload_err_08'] = 'Error 8: Una extensión de PHP detuvo la subida del archivo.';
+
 $_['upload_msg_02'] = 'La carpeta de destino no existe: ';
 $_['upload_msg_03'] = 'Subida cancelada.';
 $_['upload_msg_04'] = 'Subiendo:';
@@ -172,17 +172,16 @@
 $_['new_file_txt_02'] = 'Algunos caracteres inválidos son: ';
 $_['new_file_msg_01'] = 'Archivo nuevo no creado:';
 $_['new_file_msg_02'] = 'El nombre contiene caracteres inválidos:';
-$_['new_file_msg_03'] = 'Archivo nuevo no creado - no se especificó un nombre';
 $_['new_file_msg_04'] = 'El archivo ya existe:';
 $_['new_file_msg_05'] = 'Archivo creado:';
 $_['new_file_msg_07'] = 'Carpeta creado:';
 
-$_['CRM_txt_02']  = 'La nueva localización debe existir.';
-$_['CRM_txt_04']  = 'Nuevo Nombre';
-$_['CRM_msg_01']  = 'Error - la localización padre no existe:';
-$_['CRM_msg_02']  = 'Error - el archivo inicial no existe:';
-$_['CRM_msg_03']  = 'Error - el archivo de objetivo no existe:';
-$_['CRM_msg_05']  = 'Error en';
+$_['CRM_txt_02'] = 'La nueva localización debe existir.';
+$_['CRM_txt_04'] = 'Nuevo Nombre';
+$_['CRM_msg_01'] = 'Error - la localización padre no existe:';
+$_['CRM_msg_02'] = 'Error - el archivo inicial no existe:';
+$_['CRM_msg_03'] = 'Error - el archivo de objetivo no existe:';
+$_['CRM_msg_05'] = 'Error en';
 
 $_['delete_msg_03']   = 'Error eliminando';
 $_['session_warning'] = 'Advertencia: ¡La sesión terminará pronto!';
@@ -198,11 +197,11 @@
 $_['edit_caution_02']  = 'Estás editando la copia activa de OneFileCMS - ¡HACÉ UNA COPIA DE SEGURIDAD Y TENÉ CUIDADO!';
 $_['time_out_txt']     = 'Tiempo de Espera de Sesión Agotado:';
 
-$_['error_reporting_01'] = 'Display errors is';         //## NT ##
-$_['error_reporting_02'] = 'Log errors is';             //## NT ##
+$_['error_reporting_01'] = 'Display errors is'; //## NT ##
+$_['error_reporting_02'] = 'Log errors is'; //## NT ##
 $_['error_reporting_03'] = 'Error reporting is set to'; //## NT ##
-$_['error_reporting_04'] = 'Showing error types';       //## NT ##
-$_['error_reporting_05'] = 'Unexpected early output';   //## NT ##
+$_['error_reporting_04'] = 'Showing error types'; //## NT ##
+$_['error_reporting_05'] = 'Unexpected early output'; //## NT ##
 $_['error_reporting_06'] = '(nothing, not even white-space, should have been output yet)'; //## NT ##
 
 $_['admin_txt_00'] = 'Backup Antiguo Encontrado.';
@@ -215,6 +214,7 @@
 $_['pw_change']  = 'Cambiar Contraseña';
 $_['pw_new']     = 'Nueva contraseña';
 $_['pw_confirm'] = 'Confirmar Contraseña Nueva';
+
 $_['un_change']  = 'Cambiar Nombre de Usuario';
 $_['un_new']     = 'Nuevo Usuario';
 $_['un_confirm'] = 'Confirmar Nuevo Nombre de Usuario';
@@ -233,6 +233,8 @@
 $_['change_pw_04'] = 'La contraseña y su confirmación no coinciden.';
 $_['change_pw_05'] = 'Actualizando';
 $_['change_pw_06'] = 'archivo de configuración externa';
+
+$_['change_pw_07'] = 'All fields are required.'; //## NT ##
 $_['change_un_01'] = '¡Nombre de Usuario Actualizado!';
 $_['change_un_02'] = 'Nombre de Usuario NO Actualizado.';
 
diff --git a/OneFileCMS.LANG.NL.php b/OneFileCMS.LANG.NL.php
index 891800a..cbefa62 100755
--- a/OneFileCMS.LANG.NL.php
+++ b/OneFileCMS.LANG.NL.php
@@ -1,5 +1,5 @@
 <?php
-// OneFileCMS Language Settings v3.4.13
+// OneFileCMS Language Settings v3.4.15
 
 $_['LANGUAGE'] = 'Dutch (Nederlands)'; //NL
 $_['LANG'] = 'NL';
@@ -13,18 +13,18 @@
 //
 // If present as a trailing comment, "## NT ##" means 'Need Translation'.
 //
+// These first few settings control a few font and layout settings.
 // In some instances, some langauges may use significantly longer words or phrases than others.
 // So, a smaller font or less spacing may be desirable in those places to preserve page layout.
-//
-$_['front_links_font_size'] = '0.8em';  //Buttons on Index page.
-$_['front_links_margin_L']  = '0.4em';
-$_['button_font_size']      = '0.7em';  //Buttons on Edit page.
-$_['button_margin_L']       = '0.5em';
-$_['button_padding']        = '4px 10px';
-$_['image_info_font_size']  = '1em';    //show_img_msg_01  &  _02
-$_['image_info_pos']        = '';       //If 1 or true, moves the info down a line for more space.
-$_['select_all_label_size'] = '.84em';  //Font size of $_['Select_All']
-$_['select_all_label_width'] = '90px';  //Width of space for $_['Select_All']
+$_['front_links_font_size']  = '0.8em';   //Buttons on Index page.
+$_['front_links_margin_L']   = '0.4em';
+$_['button_font_size']       = '0.7em';   //Buttons on Edit page.
+$_['button_margin_L']        = '0.5em';
+$_['button_padding']         = '4px 10px';
+$_['image_info_font_size']   = '1em';     //show_img_msg_01  &  _02
+$_['image_info_pos']         = '';        //If 1 or true, moves the info down a line for more space.
+$_['select_all_label_size']  = '.84em';   //Font size of $_['Select_All']
+$_['select_all_label_width'] = '90px';    //Width of space for $_['Select_All']
 
 $_['Admin']   = 'Beheer';
 $_['bytes']   = 'bytes';
@@ -54,6 +54,7 @@
 $_['To']         = 'Aan';
 $_['Upload']     = 'Upload';
 $_['Username']   = 'Gebruikersnaam';
+$_['Working']    = 'Working - please wait...'; //## NT ##
 $_['Log_In']     = 'Inloggen';
 $_['Log_Out']    = 'Uitloggen';
 
@@ -143,24 +144,23 @@
 $_['edit_msg_02'] = 'bytes geschreven.';
 $_['edit_msg_03'] = 'Er was een fout bij het opslaan van bestand:';
 
-$_['upload_txt_03']  = 'Maximum grootte van ieder bestand:';
-$_['upload_txt_01']  = '(php.ini: upload_max_filesize)';
-$_['upload_txt_04']  = 'Maximum totaal upload grootte:';
-$_['upload_txt_02']  = '(php.ini: post_max_size)';
-$_['upload_txt_05']  = 'For uploaded files that already exist: '; //## NT ##
-$_['upload_txt_06']  = 'Rename (to filename.ext.001 etc...)'; //## NT ##
-$_['upload_txt_07']  = 'Overwrite'; //## NT ##
-
-$_['upload_err_01']  = 'Fout 1: Bestand te groot. Uit php.ini:';
-$_['upload_err_02']  = 'Fout 2: Bestand te groot. (Overschrijdt MAX_FILE_SIZE HTML form element)';
-$_['upload_err_03']  = 'Fout 3: Het upload bestand was slechts gedeeltelijk verzonden.';
-$_['upload_err_04']  = 'Fout 4: Geen bestand verzonden.';
-$_['upload_err_05']  = 'Fout 5: ';
-$_['upload_err_06']  = 'Fout 6: Geen tijdelijke map aanwezig.';
-$_['upload_err_07']  = 'Fout 7: Schrijven van bestand naar opslagmedium mislukt.';
-$_['upload_err_08']  = 'Fout 8: Een PHP extensie heeft de zending van bestanden gestopt.';
-
-$_['upload_msg_01'] = 'Geen bestand geselecteerd om te verzenden.';
+$_['upload_txt_03'] = 'Maximum grootte van ieder bestand:';
+$_['upload_txt_01'] = '(php.ini: upload_max_filesize)';
+$_['upload_txt_04'] = 'Maximum totaal upload grootte:';
+$_['upload_txt_02'] = '(php.ini: post_max_size)';
+$_['upload_txt_05'] = 'For uploaded files that already exist: '; //## NT ##
+$_['upload_txt_06'] = 'Rename (to filename.ext.001 etc...)'; //## NT ##
+$_['upload_txt_07'] = 'Overwrite'; //## NT ##
+
+$_['upload_err_01'] = 'Fout 1: Bestand te groot. Uit php.ini:';
+$_['upload_err_02'] = 'Fout 2: Bestand te groot. (Overschrijdt MAX_FILE_SIZE HTML form element)';
+$_['upload_err_03'] = 'Fout 3: Het upload bestand was slechts gedeeltelijk verzonden.';
+$_['upload_err_04'] = 'Fout 4: Geen bestand verzonden.';
+$_['upload_err_05'] = 'Fout 5: ';
+$_['upload_err_06'] = 'Fout 6: Geen tijdelijke map aanwezig.';
+$_['upload_err_07'] = 'Fout 7: Schrijven van bestand naar opslagmedium mislukt.';
+$_['upload_err_08'] = 'Fout 8: Een PHP extensie heeft de zending van bestanden gestopt.';
+
 $_['upload_msg_02'] = 'Doelmap ongeldig:';
 $_['upload_msg_03'] = 'Upload geannuleerd.';
 $_['upload_msg_04'] = 'Uploaden:';
@@ -172,17 +172,16 @@
 $_['new_file_txt_02'] = 'Sommige ongeldige tekens zijn:';
 $_['new_file_msg_01'] = 'Bestand of map niet aangemaakt:';
 $_['new_file_msg_02'] = 'Naam bevat een ongeldig teken:';
-$_['new_file_msg_03'] = 'Niet aangemaakt - geen naam opgegeven';
 $_['new_file_msg_04'] = 'Bestand of map bestaat reeds:';
 $_['new_file_msg_05'] = 'Aangemaakt bestand:';
 $_['new_file_msg_07'] = 'Aangemaakt map:';
 
-$_['CRM_txt_02']  = 'De nieuwe locatie moet reeds bestaan.';
-$_['CRM_txt_04']  = 'Nieuwe Naam';
-$_['CRM_msg_01']  = 'Fout - nieuwe bovenliggende locatie bestaat niet:';
-$_['CRM_msg_02']  = 'Fout - bronbestand bestaat niet:';
-$_['CRM_msg_03']  = 'Fout - nieuwe bestand of map bestaat reeds:';
-$_['CRM_msg_05']  = 'Fout gedurende';
+$_['CRM_txt_02'] = 'De nieuwe locatie moet reeds bestaan.';
+$_['CRM_txt_04'] = 'Nieuwe Naam';
+$_['CRM_msg_01'] = 'Fout - nieuwe bovenliggende locatie bestaat niet:';
+$_['CRM_msg_02'] = 'Fout - bronbestand bestaat niet:';
+$_['CRM_msg_03'] = 'Fout - nieuwe bestand of map bestaat reeds:';
+$_['CRM_msg_05'] = 'Fout gedurende';
 
 $_['delete_msg_03']   = 'Verwijderfout:';
 $_['session_warning'] = 'Waarschuwing: Sessie verloopt binnenkort!';
@@ -208,13 +207,14 @@
 $_['admin_txt_00'] = 'Oude Backup Gevonden';
 $_['admin_txt_01'] = 'Een backup bestand is aangemaakt voor het geval er een fout tijdens het wijzigen van de gebruikersnaam of het wachtwoord plaatsvindt. Met andere woorden, het kan oude informatie bevatten en dient verwijderd te worden indien niet benodigd. In ieder geval, het bestand zal tijdens de volgende wijziging overschreven worden.';
 $_['admin_txt_02'] = 'Algemene Informatie';
-$_['admin_txt_14'] = 'Voor een kleine verbetering van de beveiliging, verander het standaard "salt" en/of methode gebruikt door OneFileCMS om het wachtwoord te hashen (en houdt deze geheim, natuurlijk). Alle kleine beetjes helpen...'; //####
-$_['admin_txt_16'] = 'OneFileCMS kan gebruikt worden om zichzelf te wijzigen. Echter, draagt u zorg voor een backup indien er iets misgaat zoals de onvermijdelijke typvout...'; //####
+$_['admin_txt_14'] = 'Voor een kleine verbetering van de beveiliging, verander het standaard "salt" en/of methode gebruikt door OneFileCMS om het wachtwoord te hashen (en houdt deze geheim, natuurlijk). Alle kleine beetjes helpen...';
+$_['admin_txt_16'] = 'OneFileCMS kan gebruikt worden om zichzelf te wijzigen. Echter, draagt u zorg voor een backup indien er iets misgaat zoals de onvermijdelijke typvout...';
 
 $_['pw_current'] = 'Huidig Wachtwoord';
 $_['pw_change']  = 'Bewerk Wachtwoord';
 $_['pw_new']     = 'Nieuw Wachtwoord';
 $_['pw_confirm'] = 'Bevestig Nieuw Wachtwoord';
+
 $_['un_change']  = 'Wijzig Gebruikersnaam';
 $_['un_new']     = 'Nieuwe Gebruikersnaam';
 $_['un_confirm'] = 'Bevestig Nieuwe Gebruikersnaam';
@@ -233,6 +233,8 @@
 $_['change_pw_04'] = '"Nieuw" en "Bevestig Nieuw" waardes komen niet overeen.';
 $_['change_pw_05'] = 'Bijwerken';
 $_['change_pw_06'] = 'extern configuratiebestand';
+
+$_['change_pw_07'] = 'All fields are required.'; //## NT ##
 $_['change_un_01'] = 'Gebruikersnaam gewijzigd!';
 $_['change_un_02'] = 'Gebruikersnaam NIET gewijzigd.';
 
diff --git a/OneFileCMS.LANG.RU.php b/OneFileCMS.LANG.RU.php
index 49c13b9..ea3fb4e 100755
--- a/OneFileCMS.LANG.RU.php
+++ b/OneFileCMS.LANG.RU.php
@@ -1,5 +1,5 @@
-<?php
-// OneFileCMS Language Settings v3.4.13
+<?php
+// OneFileCMS Language Settings v3.4.15
 
 $_['LANGUAGE'] = 'Russian'; //RU
 $_['LANG'] = 'RU';
@@ -13,21 +13,21 @@
 //
 // If present as a trailing comment, "## NT ##" means 'Need Translation'.
 //
+// These first few settings control a few font and layout settings.
 // In some instances, some langauges may use significantly longer words or phrases than others.
 // So, a smaller font or less spacing may be desirable in those places to preserve page layout.
-//
-$_['front_links_font_size'] = '0.9em';  //Buttons on Index page.
-$_['front_links_margin_L']  = '0.7em';
-$_['button_font_size']      = '0.7em';  //Buttons on Edit page.
-$_['button_margin_L']       = '0.4em';
-$_['button_padding']        = '4px 10px';
-$_['image_info_font_size']  = '1em';    //show_img_msg_01  &  _02
-$_['image_info_pos']        = '';       //If 1 or true, moves the info down a line for more space.
-$_['select_all_label_size'] = '.84em';  //Font size of $_['Select_All']
-$_['select_all_label_width'] = '72px';  //Width of space for $_['Select_All']
+$_['front_links_font_size']  = '0.9em';   //Buttons on Index page.
+$_['front_links_margin_L']   = '0.7em';
+$_['button_font_size']       = '0.7em';   //Buttons on Edit page.
+$_['button_margin_L']        = '0.4em';
+$_['button_padding']         = '4px 10px';
+$_['image_info_font_size']   = '1em';     //show_img_msg_01  &  _02
+$_['image_info_pos']         = '';        //If 1 or true, moves the info down a line for more space.
+$_['select_all_label_size']  = '.84em';   //Font size of $_['Select_All']
+$_['select_all_label_width'] = '72px';    //Width of space for $_['Select_All']
 
 $_['Admin']   = 'Админка';
-$_['bytes']   = 'байт';   //####
+$_['bytes']   = 'байт';
 $_['Cancel']  = 'Отмена';
 $_['Close']   = 'Закрыть';
 $_['Copy']    = 'Копия';
@@ -54,6 +54,7 @@
 $_['To']         = 'В';
 $_['Upload']     = 'Загрузить';
 $_['Username']   = 'Логин';
+$_['Working']    = 'Working - please wait...'; //## NT ##
 $_['Log_In']     = 'Войти';
 $_['Log_Out']    = 'Выйти';
 
@@ -143,24 +144,23 @@
 $_['edit_msg_02'] = 'записанных байт.';
 $_['edit_msg_03'] = 'Существовала ошибка сохраниния файла .';
 
-$_['upload_txt_03']  = 'Максимальный размер каждого файла:';
-$_['upload_txt_01']  = '(php.ini: upload_max_filesize)';
-$_['upload_txt_04']  = 'Максимальный суммарный размер загружаемого:';
-$_['upload_txt_02']  = '(php.ini: post_max_size)';
-$_['upload_txt_05']  = 'Для загруженных файлов, которые уже существуют: ';
-$_['upload_txt_06']  = 'Переименование (в файле filename.ext.001 и.т.д...)';
-$_['upload_txt_07']  = 'Заменить';
-
-$_['upload_err_01']  = 'Ошибка 1: Файл слишком большой. Из php.ini:';
-$_['upload_err_02']  = 'Ошибка 2: Файл слишком большой. (Превышает MAX_FILE_SIZE HTML элементов)';
-$_['upload_err_03']  = 'Ошибка 3: Загруженный файл был загружен лишь частично.';
-$_['upload_err_04']  = 'Ошибка 4: Файл не был загружен.';
-$_['upload_err_05']  = 'Ошибка 5:';
-$_['upload_err_06']  = 'Ошибка 6: Отсутствует временная папка.';
-$_['upload_err_07']  = 'Ошибка 7: Не удалось записать файл на диск.';
-$_['upload_err_08']  = 'Ошибка 8: Расширение PHP остановило загрузку файлов.';
-
-$_['upload_msg_01'] = 'Не выбран файл для загрузки.';
+$_['upload_txt_03'] = 'Максимальный размер каждого файла:';
+$_['upload_txt_01'] = '(php.ini: upload_max_filesize)';
+$_['upload_txt_04'] = 'Максимальный суммарный размер загружаемого:';
+$_['upload_txt_02'] = '(php.ini: post_max_size)';
+$_['upload_txt_05'] = 'Для загруженных файлов, которые уже существуют: ';
+$_['upload_txt_06'] = 'Переименование (в файле filename.ext.001 и.т.д...)';
+$_['upload_txt_07'] = 'Заменить';
+
+$_['upload_err_01'] = 'Ошибка 1: Файл слишком большой. Из php.ini:';
+$_['upload_err_02'] = 'Ошибка 2: Файл слишком большой. (Превышает MAX_FILE_SIZE HTML элементов)';
+$_['upload_err_03'] = 'Ошибка 3: Загруженный файл был загружен лишь частично.';
+$_['upload_err_04'] = 'Ошибка 4: Файл не был загружен.';
+$_['upload_err_05'] = 'Ошибка 5:';
+$_['upload_err_06'] = 'Ошибка 6: Отсутствует временная папка.';
+$_['upload_err_07'] = 'Ошибка 7: Не удалось записать файл на диск.';
+$_['upload_err_08'] = 'Ошибка 8: Расширение PHP остановило загрузку файлов.';
+
 $_['upload_msg_02'] = 'Папка назначения недействительна:';
 $_['upload_msg_03'] = 'Загрузка отменена.';
 $_['upload_msg_04'] = 'Загружается:';
@@ -172,17 +172,16 @@
 $_['new_file_txt_02'] = 'Содержатся некоторые недопустимые символы:';
 $_['new_file_msg_01'] = 'Файл или папка не создаются:';
 $_['new_file_msg_02'] = 'Название содержит недопустимый символ:';
-$_['new_file_msg_03'] = 'Не создано - нет названия';
 $_['new_file_msg_04'] = 'Файл или папка уже существуют:';
 $_['new_file_msg_05'] = 'Созданный файл:';
 $_['new_file_msg_07'] = 'Созданная папка:';
 
-$_['CRM_txt_02']  = 'Новая локализация уже должна существовать.';
-$_['CRM_txt_04']  = 'Новое Имя';
-$_['CRM_msg_01']  = 'Ошибка - новая локализация не существует:';
-$_['CRM_msg_02']  = 'Ошибка - исходный файл не существует:';
-$_['CRM_msg_03']  = 'Ошибка - новый файл или папка уже существуют:';
-$_['CRM_msg_05']  = 'Ошибка при';
+$_['CRM_txt_02'] = 'Новая локализация уже должна существовать.';
+$_['CRM_txt_04'] = 'Новое Имя';
+$_['CRM_msg_01'] = 'Ошибка - новая локализация не существует:';
+$_['CRM_msg_02'] = 'Ошибка - исходный файл не существует:';
+$_['CRM_msg_03'] = 'Ошибка - новый файл или папка уже существуют:';
+$_['CRM_msg_05'] = 'Ошибка при';
 
 $_['delete_msg_03']   = 'Удалить ошибку:';
 $_['session_warning'] = 'Внимание: Близится окончание сессии!';
@@ -208,13 +207,14 @@
 $_['admin_txt_00'] = 'Найти старую резервную копию';
 $_['admin_txt_01'] = 'Файл резервной копии был создан в случае ошибки при изменении имени пользователя и пароля. Таким образом, он может содержать устаревшую информацию и должен быть удален. В любом случае, он будет автоматически заменен на файл с новым паролем или логином пользователя.';
 $_['admin_txt_02'] = 'Общая информация';
-$_['admin_txt_14'] = 'Для небольшого улучшения безопасности в OneFileCMS изменён метод хеширования паролей (его нужно держать в тайне как и основной пароль). Каждый в дальнейшем может Вам понадобиться..'; //####
-$_['admin_txt_16'] = 'OneFileCMS может быть использована для редактирования себе. Однако, будьте уверены, что у Вас есть резервная копия...'; //####
+$_['admin_txt_14'] = 'Для небольшого улучшения безопасности в OneFileCMS изменён метод хеширования паролей (его нужно держать в тайне как и основной пароль). Каждый в дальнейшем может Вам понадобиться..';
+$_['admin_txt_16'] = 'OneFileCMS может быть использована для редактирования себе. Однако, будьте уверены, что у Вас есть резервная копия...';
 
 $_['pw_current'] = 'Текущий Пароль';
 $_['pw_change']  = 'Изменить Пароль';
 $_['pw_new']     = 'Новый Пароль';
 $_['pw_confirm'] = 'Подтверждение Нового Пароля';
+
 $_['un_change']  = 'Подтверждение Логина';
 $_['un_new']     = 'Новый Логин';
 $_['un_confirm'] = 'Подтверждение Нового Логина';
@@ -233,6 +233,8 @@
 $_['change_pw_04'] = 'Данные "Нового пароля" и "Подтверждения нового пароля" не совпадают.';
 $_['change_pw_05'] = 'Обновить';
 $_['change_pw_06'] = 'внежнюю конфигурацию файла';
+
+$_['change_pw_07'] = 'All fields are required.'; //## NT ##
 $_['change_un_01'] = 'Логин изменён!';
 $_['change_un_02'] = 'Логин НЕ изменён.';
 
diff --git a/OneFileCMS_structure.txt b/OneFileCMS_structure.txt
index 0a2b1e9..46014a8 100755
--- a/OneFileCMS_structure.txt
+++ b/OneFileCMS_structure.txt
@@ -1,4 +1,4 @@
-OneFileCMS Version 3.4.13 structure/layout
+OneFileCMS Version 3.4.15 structure/layout
 
 LICENSE
 
@@ -80,9 +80,10 @@ PAGE & RESPONSE FUNCTIONS:
 	Load_Selected_Page()
 	Respond_to_POST()
 
-JAVASCRIPT & STYLESHEET FUNCTIONS:
+JAVASCRIPT FUNCTIONS:
 	common_scripts()
 		pad()
+		trim()
 		FormatTime()
 		Countdown()
 		Start_Countdown()
@@ -95,6 +96,15 @@ JAVASCRIPT & STYLESHEET FUNCTIONS:
 		setSelRange()
 		Check_for_changes()
 		Reset_File()
+	event_scripts()
+		events_down()
+		events_up()
+		pre_validate()
+	js_hash_scripts()
+		hex_sha256() (& related...)
+		hash()
+
+STYLESHEET FUNCTIONS:
 	style_sheet()
 	Language_and_config_adjusted_styles()
 
diff --git a/onefilecms.php b/onefilecms.php
index b28f7be..f5a3c03 100755
--- a/onefilecms.php
+++ b/onefilecms.php
@@ -1,13 +1,15 @@
 <?php
 // OneFileCMS - github.com/Self-Evident/OneFileCMS
 
-$OFCMS_version = '3.4.14';
+$OFCMS_version = '3.4.15';
 
 /*******************************************************************************
+Except where noted otherwise:
+
 Copyright © 2009-2012 https://github.com/rocktronica
 Copyright © 2012-     https://github.com/Self-Evident  David W. Gay
 
-This software is copyright under terms of the "MIT" license:
+Under the following terms (an "MIT" License):
 
 Permission is hereby granted, free of charge, to any person obtaining a copy of
 this software and associated documentation files (the "Software"), to deal in
@@ -29,6 +31,34 @@
 *******************************************************************************/
 
 
+/*******************************************************************************
+A portion of this software is copyright under terms of the "BSD" license (below).
+The copyright holders of that portion are indicated near where that portion is included.
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions are met:
+    * Redistributions of source code must retain the above copyright
+      notice, this list of conditions and the following disclaimer.
+    * Redistributions in binary form must reproduce the above copyright
+      notice, this list of conditions and the following disclaimer in the
+      documentation and/or other materials provided with the distribution.
+    * Neither the name of the author or copyright holder, nor the
+      names of its contributors may be used to endorse or promote products
+      derived from this software without specific prior written permission.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER BE LIABLE FOR ANY
+DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+(INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+*******************************************************************************/
+
+
 
 
 //Some basic security & error log settings**************************************
@@ -50,8 +80,8 @@
 $config_title = "OneFileCMS";
 
 $USERNAME = "username";
-$HASHWORD = "a6ca7f88bd5efc706d38047cc5844d2b11f86242c01e0c89a1c656dbe2dd1866"; //"password"
-//$HASHWORD = "a6ca7f88bd5efc706d38047cc5844d2b11f86242c01e0c89a1c656dbe2dd1866"; //"password"
+$HASHWORD = "cff29a3b595b427ef8d01c089d368c7706a8c68ecc75d566642e313ee97ff659"; //"password"
+//$HASHWORD = "cff29a3b595b427ef8d01c089d368c7706a8c68ecc75d566642e313ee97ff659"; //"password"
 $SALT     = 'somerandomsalt';
 
 //Name of optional external language file.  If file is not found, the built-in defaults will be used.
@@ -112,18 +142,6 @@
 if ( isset($config_file) && is_file($config_file) ) { include($config_file); }
 else { $config_file = ''; } //If not found, clear it.
 
-//Determine if valid units are set for $MAIN_WIDTH.  If not, assume px.
-$main_units   = substr($MAIN_WIDTH, -2); //should be px, pt, em, or %.
-if ( ($main_units != "px") && ($main_units != "pt") && ($main_units != "em") && (substr($MAIN_WIDTH, -1) != '%')) {
-	$MAIN_WIDTH = ($MAIN_WIDTH * 1).'px';
-}
-
-//Determine if valid units are set for $WIDE_VIEW_WIDTH.  If not, assume px.
-$main_units   = substr($WIDE_VIEW_WIDTH, -2); //should be px, pt, em, or %.
-if ( ($main_units != "px") && ($main_units != "pt") && ($main_units != "em") && (substr($WIDE_VIEW_WIDTH, -1) != '%')) {
-	$WIDE_VIEW_WIDTH = ($WIDE_VIEW_WIDTH * 1).'px';
-}
-
 //Requires PHP 5.1, due to changes in some functions.
 //Earliest version the author has for testing is 5.2.8 (50208)
 define('PHP_VERSION_ID_REQUIRED',50100);   //Ex: 5.1.23 is 50123
@@ -137,6 +155,18 @@
 	define('PHP_VERSION_ID', ($phpversion[0] * 10000 + $phpversion[1] * 100 + $phpversion[2]));
 }
 
+//Determine if valid units are set for $MAIN_WIDTH.  If not, assume px.
+$main_units   = substr($MAIN_WIDTH, -2); //should be px, pt, em, or %.
+if ( ($main_units != "px") && ($main_units != "pt") && ($main_units != "em") && (substr($MAIN_WIDTH, -1) != '%')) {
+	$MAIN_WIDTH = ($MAIN_WIDTH * 1).'px';
+}
+
+//Determine if valid units are set for $WIDE_VIEW_WIDTH.  If not, assume px.
+$main_units   = substr($WIDE_VIEW_WIDTH, -2); //should be px, pt, em, or %.
+if ( ($main_units != "px") && ($main_units != "pt") && ($main_units != "em") && (substr($WIDE_VIEW_WIDTH, -1) != '%')) {
+	$WIDE_VIEW_WIDTH = ($WIDE_VIEW_WIDTH * 1).'px';
+}
+
 ini_set('session.gc_maxlifetime', $MAX_IDLE_TIME + 100); //in case the default is less.
 
 $TO_WARNING = 120; //seconds. When idle time remaining is less than this value, $timeout_warning is displayed
@@ -146,12 +176,12 @@
 if (!is_dir($ACCESS_ROOT)) {$ACCESS_ROOT='';}
 if (!$ACCESS_ROOT == '') {$ACCESS_ROOT .= '/';}
 
-$ONESCRIPT   = URLencode_path($_SERVER["SCRIPT_NAME"]); //Used for URL's
-$DOC_ROOT    = $_SERVER["DOCUMENT_ROOT"].'/';
+$ONESCRIPT   = URLencode_path($_SERVER['SCRIPT_NAME']); //Used for URL's
+$DOC_ROOT    = $_SERVER['DOCUMENT_ROOT'].'/';
 $WEB_ROOT    = URLencode_path(basename($DOC_ROOT)).'/'.$ACCESS_ROOT;
-$WEBSITE     = $_SERVER["HTTP_HOST"].'/';
+$WEBSITE     = $_SERVER['HTTP_HOST'].'/';
 
-$ONESCRIPT_file   = $_SERVER["SCRIPT_FILENAME"];  //Non-url use
+$ONESCRIPT_file   = $_SERVER['SCRIPT_FILENAME'];  //Non-url use
 $ONESCRIPT_path   = dirname($ONESCRIPT_file).'/'; //Non-url use //Do not use dir_name().
 $LOGIN_ATTEMPTS   = $ONESCRIPT_file.'.invalid_login_attempts';
 
@@ -177,6 +207,11 @@
 $fclasses = explode(',', strtolower(str_replace(' ', '', $config_fclass))); //for file types with icons
 $excluded_list = (explode(",", $config_excluded));
 
+//Used in hashit() and js_hash_scripts().  IE<9 is WAY slow, so keep it low.
+//For 200 iterations: (time on IE8) > (37 x time on FF). And the difference grows with the iterations.
+//If you change this, or any other aspect of either hashit() or js_hash_scripts(), do so while logged in.
+//Then, manually update your password as instructed on the Admin/Generate Hash page.
+$PRE_ITERATIONS = 200;
 //end System values & setup*****************************************************
 
 
@@ -190,7 +225,7 @@ function hte($input) { return htmlentities($input, ENT_QUOTES, 'UTF-8'); }//end
 
 function Default_Language() { // ***********************************************
 	global $_;
-// OneFileCMS Language Settings v3.4.13
+// OneFileCMS Language Settings v3.4.15
 
 $_['LANGUAGE'] = 'English'; //EN
 $_['LANG'] = 'EN';
@@ -204,20 +239,20 @@ function Default_Language() { // ***********************************************
 //
 // If present as a trailing comment, "## NT ##" means 'Need Translation'.
 //
+// These first few settings control a few font and layout settings.
 // In some instances, some langauges may use significantly longer words or phrases than others.
 // So, a smaller font or less spacing may be desirable in those places to preserve page layout.
-//
-$_['front_links_font_size']  = '1.0em';  //Buttons on Index page.
+$_['front_links_font_size']  = '1.0em';   //Buttons on Index page.
 $_['front_links_margin_L']   = '1.0em';
-$_['button_font_size']       = '0.9em';  //Buttons on Edit page.
+$_['button_font_size']       = '0.9em';   //Buttons on Edit page.
 $_['button_margin_L']        = '0.7em';
 $_['button_padding']         = '4px 10px';
-$_['image_info_font_size']   = '1em';    //show_img_msg_01  &  _02
-$_['image_info_pos']         = '';       //If 1 or true, moves the info down a line for more space.
-$_['select_all_label_size']  = '.84em';  //Font size of $_['Select_All']
-$_['select_all_label_width'] = '72px';   //Width of space for $_['Select_All']
+$_['image_info_font_size']   = '1em';     //show_img_msg_01  &  _02
+$_['image_info_pos']         = '';        //If 1 or true, moves the info down a line for more space.
+$_['select_all_label_size']  = '.84em';   //Font size of $_['Select_All']
+$_['select_all_label_width'] = '72px';    //Width of space for $_['Select_All']
 $_['Admin']   = 'Admin';
-$_['bytes']   = 'bytes'; //####
+$_['bytes']   = 'bytes';   //####
 $_['Cancel']  = 'Cancel';
 $_['Close']   = 'Close';
 $_['Copy']    = 'Copy';
@@ -243,6 +278,7 @@ function Default_Language() { // ***********************************************
 $_['To']         = 'To';
 $_['Upload']     = 'Upload';
 $_['Username']   = 'Username';
+$_['Working']    = 'Working - please wait...'; //####
 $_['Log_In']     = 'Log In';
 $_['Log_Out']    = 'Log Out';
 $_['Admin_Options']  = 'Administration Options';
@@ -326,9 +362,9 @@ function Default_Language() { // ***********************************************
 $_['upload_txt_01'] = '(php.ini: upload_max_filesize)';
 $_['upload_txt_04'] = 'Maximum total upload size:';
 $_['upload_txt_02'] = '(php.ini: post_max_size)';
-$_['upload_txt_05'] = 'For uploaded files that already exist: '; //#### 
+$_['upload_txt_05'] = 'For uploaded files that already exist: '; //####
 $_['upload_txt_06'] = 'Rename (to filename.ext.001 etc...)';
-$_['upload_txt_07'] = 'Overwrite';                               //#### 
+$_['upload_txt_07'] = 'Overwrite'; //####
 $_['upload_err_01'] = 'Error 1: File too large. From php.ini:';
 $_['upload_err_02'] = 'Error 2: File too large. (Exceeds MAX_FILE_SIZE HTML form element)';
 $_['upload_err_03'] = 'Error 3: The uploaded file was only partially uploaded.';
@@ -337,27 +373,25 @@ function Default_Language() { // ***********************************************
 $_['upload_err_06'] = 'Error 6: Missing a temporary folder.';
 $_['upload_err_07'] = 'Error 7: Failed to write file to disk.';
 $_['upload_err_08'] = 'Error 8: A PHP extension stopped the file upload.';
-$_['upload_msg_01'] = 'No file selected for upload.';
 $_['upload_msg_02'] = 'Destination folder invalid:';
 $_['upload_msg_03'] = 'Upload cancelled.';
 $_['upload_msg_04'] = 'Uploading:';
 $_['upload_msg_05'] = 'Upload successful!';
 $_['upload_msg_06'] = 'Upload failed:';
-$_['upload_msg_07'] = 'A pre-existing file was overwritten.'; //#### 
+$_['upload_msg_07'] = 'A pre-existing file was overwritten.'; //####
 $_['new_file_txt_01'] = 'File or Folder will be created in the current folder.';
 $_['new_file_txt_02'] = 'Some invalid characters are:';
 $_['new_file_msg_01'] = 'File or folder not created:';
 $_['new_file_msg_02'] = 'Name contains an invalid character:';
-$_['new_file_msg_03'] = 'Not created - no name given';
 $_['new_file_msg_04'] = 'File or folder already exists:';
 $_['new_file_msg_05'] = 'Created file:';
 $_['new_file_msg_07'] = 'Created folder:';
-$_['CRM_txt_02']  = 'The new location must already exist.';
-$_['CRM_txt_04']  = 'New Name';
-$_['CRM_msg_01']  = 'Error - new parent location does not exist:';
-$_['CRM_msg_02']  = 'Error - source file does not exist:';
-$_['CRM_msg_03']  = 'Error - new file or folder already exists:';
-$_['CRM_msg_05']  = 'Error during';
+$_['CRM_txt_02'] = 'The new location must already exist.';
+$_['CRM_txt_04'] = 'New Name';
+$_['CRM_msg_01'] = 'Error - new parent location does not exist:';
+$_['CRM_msg_02'] = 'Error - source file does not exist:';
+$_['CRM_msg_03'] = 'Error - new file or folder already exists:';
+$_['CRM_msg_05'] = 'Error during';
 $_['delete_msg_03']   = 'Delete error:';
 $_['session_warning'] = 'Warning: Session timeout soon!';
 $_['session_expired'] = 'SESSION EXPIRED';
@@ -379,8 +413,8 @@ function Default_Language() { // ***********************************************
 $_['admin_txt_00'] = 'Old Backup Found';
 $_['admin_txt_01'] = 'A backup file was created in case of an error during a username or password change. Therefore, it may contain old information and should be deleted if not needed. In any case, it will be automatically overwritten on the next password or username change.';
 $_['admin_txt_02'] = 'General Information';
-$_['admin_txt_14'] = 'For a small improvement to security, change the default salt and/or method used by OneFileCMS to hash the password (and keep them secret, of course). Every little bit helps...'; //####
-$_['admin_txt_16'] = 'OneFileCMS can be used to edit itself.  However, be sure to have a backup ready for the inevitable ytpo...'; //####
+$_['admin_txt_14'] = 'For a small improvement to security, change the default salt and/or method used by OneFileCMS to hash the password (and keep them secret, of course). Every little bit helps...';
+$_['admin_txt_16'] = 'OneFileCMS can be used to edit itself.  However, be sure to have a backup ready for the inevitable ytpo...';
 $_['pw_current'] = 'Current Password';
 $_['pw_change']  = 'Change Password';
 $_['pw_new']     = 'New Password';
@@ -393,16 +427,17 @@ function Default_Language() { // ***********************************************
 $_['pw_txt_06'] = 'Must contain at least one non-space character.';
 $_['pw_txt_08'] = 'May contain spaces in the middle. Ex: "This is a password or username!"';
 $_['pw_txt_10'] = 'Leading and trailing spaces are ignored.';
-$_['pw_txt_12'] = 'In recording the change, only one file is updated: either the active copy of OneFileCMS, or, if specified, an external configuration file.';
+$_['pw_txt_12'] = 'In recording the change, only one file is updated: either the active copy of OneFileCMS, or - if specified, an external configuration file.';
 $_['pw_txt_14'] = 'If an incorrect current password is entered, you will be logged out, but you may log back in.';
-$_['change_pw_01']  = 'Password changed!';
-$_['change_pw_02']  = 'Password NOT changed.';
-$_['change_pw_03']  = 'Incorrect current password. Login to try again.';
-$_['change_pw_04']  = '"New" and "Confirm New" values do not match.';
-$_['change_pw_05']  = 'Updating';
-$_['change_pw_06']  = 'external config file';
-$_['change_un_01']  = 'Username changed!';
-$_['change_un_02']  = 'Username NOT changed.';
+$_['change_pw_01'] = 'Password changed!';
+$_['change_pw_02'] = 'Password NOT changed.';
+$_['change_pw_03'] = 'Incorrect current password. Login to try again.';
+$_['change_pw_04'] = '"New" and "Confirm New" values do not match.';
+$_['change_pw_05'] = 'Updating';
+$_['change_pw_06'] = 'external config file';
+$_['change_pw_07'] = 'All fields are required.'; //####
+$_['change_un_01'] = 'Username changed!';
+$_['change_un_02'] = 'Username NOT changed.';
 $_['update_failed'] = 'Update failed - could not save file.';
 $_['mcd_msg_01'] = 'files moved.';
 $_['mcd_msg_02'] = 'files copied.';
@@ -431,7 +466,7 @@ function Session_Startup() { //*************************************************
 	if ( !isset($_SESSION['valid']) ) { $_SESSION['valid'] = 0; }
 
 	//Logging in?
-	if ( isset($_POST["username"]) && isset($_POST["password"]) ) { Login_response(); }
+	if ( isset($_POST['username']) && isset($_POST['password']) ) { Login_response(); }
 
 	session_regenerate_id(true); //Helps prevent session fixation & hijacking.
 
@@ -478,12 +513,16 @@ function Verify_IDLE_POST_etc() { //********************************************
 
 
 
-function hashit($key){ //*******************************************************
+function hashit($key,$pre = false){ //******************************************
 	//This is the super-secret stuff - Keep it secret, keep it safe!
 	//If you change anything here, or the $SALT, manually update the hash for your password from the Generate Hash page.
-	global $SALT;
+	global $SALT, $PRE_ITERATIONS;
 	$hash = trim($key); // trim off leading & trailing whitespace.
 
+	//If generating a hash from the Hash_Page(), also do the "pre-hash".  Generally,
+	//the "pre-hash" is done client-side during a login attempt, or when changing p/w or u/n.
+	if ($pre) { for ( $x=0; $x < $PRE_ITERATIONS; $x++ ) {$hash = hash('sha256', $hash.$SALT);}  }
+
 	for ( $x=0; $x < 10001; $x++ ) { $hash = hash('sha256', $hash.$SALT); }
 	return $hash;
 }//end hashit() //**************************************************************
@@ -634,7 +673,7 @@ function Get_GET() { //*** Get main parameters *********************************
 
 
 function Verify_Page_Conditions() { //******************************************
-	global $_, $ONESCRIPT, $ipath, $param1, $filename, $page, $EX, $message, $VALID_POST;
+	global $_, $ONESCRIPT_file, $ipath, $param1, $filename, $page, $EX, $message, $VALID_POST;
 
 	//If exited admin pages, restore $ipath 
 	if    ( ($page == "index") && $_SESSION['admin_page'] ) {
@@ -678,7 +717,7 @@ function Verify_Page_Conditions() { //******************************************
 		$page = "index";
 	}
 	//If editing OneFileCMS itself, show caution message.
-	elseif ($filename == trim(rawurldecode($ONESCRIPT), '/')) {
+	elseif ($filename == trim($_SERVER['SCRIPT_NAME'], '/')) {
 		$message .= '<style>#message_box_contents {background: red;}</style>';
 		$message .= '<style>#message_box          {color: white;}   </style>';
 		$message .= $EX.'<b>'.hsc($_['edit_caution_01']).' '.$EX.hsc($_['edit_caution_02']).'</b><br>';
@@ -1000,7 +1039,7 @@ function Cancel_Submit_Buttons($submit_label) { //******************************
 	<p>
 	<input type="button" class="button" id="cancel" value="<?php echo hsc($_['Cancel']) ?>"
 		onclick="parent.location = '<?php echo $ONESCRIPT.$params ?>'">
-	<input type="submit" class="button" id="submit" value="<?php echo hsc($submit_label);?>" style="margin-left: 1em;">
+	<input type="submit" class="button" id="submitty" value="<?php echo hsc($submit_label);?>" style="margin-left: 1em;">
 <?php
 	//Do not close the <p> tag yet/here. Leave it open for potential content on individual pages.
 }//end Cancel_Submit_Buttons() //***********************************************
@@ -1254,7 +1293,7 @@ function Hash_Page() { //*******************************************************
 	<form id="hash" name="hash" method="post" action="<?php echo $ONESCRIPT.$param1.$param3; ?>">
 		<?php echo $INPUT_NUONCE; ?>
 		<?php echo hsc($_['pass_to_hash']) ?>
-		<input type="text" name="whattohash" id="whattohash" value="<?php echo hsc($_POST["whattohash"]) ?>">
+		<input type="text" name="whattohash" id="whattohash" value="<?php echo hsc($_POST['whattohash']) ?>">
 		<p><?php Cancel_Submit_Buttons($_['Generate_Hash']) ?>
 		<script>document.getElementById('whattohash').focus()</script>
 	</form>
@@ -1281,11 +1320,13 @@ function Hash_response() { //***************************************************
 	global $_, $message;
 	$_POST['whattohash'] = trim($_POST['whattohash']); // trim whitespace.
 
-	//Ignore/don't hash empty string - passwords can't be blank.
+	//Ignore/don't hash an empty string - passwords can't be blank.
 	if ($_POST['whattohash'] == "") { return; }
 
+	//The second parameter to hashit(), 1, tells hashit() to also do the "pre-hash", which is
+	//normally done client-side during a login attempt, p/w change, or u/n change.
 	$message .= hsc($_['Password']).': '.hsc($_POST['whattohash']).'<br>';
-	$message .= hsc($_['Hash']).': '.hashit($_POST["whattohash"]).'<br>';
+	$message .= hsc($_['Hash']).': '.hashit($_POST['whattohash'], 1).'<br>';
 }//end Hash_response() //*******************************************************
 
 
@@ -1294,17 +1335,22 @@ function Hash_response() { //***************************************************
 //******************************************************************************
 function Change_PWUN_Page($pwun, $type, $page_title, $label_new, $label_confirm) {
 	//$pwun must = "pw" or "un"
-	global $_, $EX, $ONESCRIPT, $param1, $param3, $INPUT_NUONCE, $config_title, $PWUN_RULES;
+	global $_, $EX, $ONESCRIPT, $param1, $param2, $param3, $INPUT_NUONCE, $config_title, $PWUN_RULES;
+
+	$params = $param1.$param2.'&amp;p='. $_SESSION['recent_pages'][1];
 ?>
-	<h2><?php echo hsc($page_title) ?></h2>
+	<?php //preserve space for message_box even when there's no message. ?>
+	<style>#message_box {min-height: 2em;}</style>
 	
+	<h2><?php echo hsc($page_title) ?></h2>
+
 	<form id="change" method="post" action="<?php echo $ONESCRIPT.$param1.$param3; ?>">
 		<input type="hidden" name="<?php echo $pwun ?>" value="">
 		
 		<?php echo $INPUT_NUONCE; ?>
 		
 		<p><?php echo hsc($_['pw_current']) ?><br>
-		<input type="password" name="current_pw" id="current_pw" value="">
+		<input type="password" name="password" id="password" value="">
 		
 		<p><?php echo hsc($label_new) ?><br>
 		<input type="<?php echo $type ?>" name="new1" id="new1" value="">
@@ -1312,8 +1358,11 @@ function Change_PWUN_Page($pwun, $type, $page_title, $label_new, $label_confirm)
 		<p><?php echo hsc($label_confirm) ?><br>
 		<input type="<?php echo $type ?>" name="new2" id="new2" value="">
 		
-		<?php Cancel_Submit_Buttons($_['Submit']) ?>
-		<script>document.getElementById('current_pw').focus()</script>
+		<p><input type="button" class="button" id="cancel" value="<?php echo hsc($_['Cancel']) ?>"
+			onclick="parent.location = '<?php echo $ONESCRIPT.$params ?>'">
+		<input type="button" class="button"    id="submitty" value="<?php echo hsc($_['Submit']) ?>" style="margin-left: 1em;">
+		
+		<script>document.getElementById('password').focus()</script>
 	</form>
 
 	<div class="info">
@@ -1322,6 +1371,9 @@ function Change_PWUN_Page($pwun, $type, $page_title, $label_new, $label_confirm)
 	<p><?php echo hsc($_['pw_txt_14']) ?>
 	</div>
 <?php
+	//Note: The button with id="submitty" above must NOT be of type="submit" NOR have an id="submit", or the event_scripts won't work.
+	event_scripts('change', 'submitty', $pwun); //Doesn't work if an id="submit"
+	js_hash_scripts();
 }//end Change_PWUN_Page() //****************************************************
 
 
@@ -1373,7 +1425,7 @@ function Change_PWUN_response($PWUN, $msg){ //**********************************
 		   $ONESCRIPT_file, $ONESCRIPT_file_backup, $CONFIG_file, $CONFIG_file_backup;
 
 	// trim white-space from input values
-	$current_pass = trim($_POST['current_pw']);
+	$current_pass = trim($_POST['password']);
 	$new_pwun     = trim($_POST['new1']);
 	$confirm_pwun = trim($_POST['new2']);
 
@@ -1385,8 +1437,8 @@ function Change_PWUN_response($PWUN, $msg){ //**********************************
 	}
 	//If any field is blank...
 	elseif ( ($current_pass == "") || ($new_pwun == "") || ($confirm_pwun == "") ) {
-		$message .= $error_msg.'<br>';
-	}	
+		$message .= $error_msg.hsc($_['change_pw_07']).'<br>';
+	}
 	//If new & Confirm values don't match...
 	elseif ($new_pwun != $confirm_pwun) {
 		$message .= $error_msg.hsc($_['change_pw_04']).'<br>';
@@ -1448,16 +1500,22 @@ function Logout() { //**********************************************************
 function Login_Page() { //******************************************************
 	global $_, $ONESCRIPT;
 ?>
+	<?php //preserve space for message_box even when there's no message. ?>
+	<style>#message_box {height: 3.1em;}</style>
+
 	<h2><?php echo hsc($_['Log_In']) ?></h2>
-	<form method="post" action="<?php echo $ONESCRIPT; ?>">
-		<label for="username"><?php echo hsc($_['login_txt_01']) ?></label>
-		<input type="text"     name="username" id="username">
-		<label for="password"><?php echo hsc($_['login_txt_02']) ?></label>
-		<input type="password" name="password" id="password">
-		<input type="submit" class="button" value="<?php echo hsc($_['Enter']) ?>">
+	<form method="post" id="login_form" name="login_form" action="<?php echo $ONESCRIPT; ?>">
+		<label for ="username"><?php echo hsc($_['login_txt_01']) ?></label>
+		<input name="username" type="text"     id="username">
+		<label for ="password"><?php echo hsc($_['login_txt_02']) ?></label>
+		<input name="password" type="password" id="password">
+		<input type="button"  class="button"   id="login" value="<?php echo hsc($_['Enter']) ?>">
 	</form>
 	<script>document.getElementById('username').focus();</script>
 <?php
+	//Note: The "login" button above must NOT be of type="submit", NOR have an id="submit", or the event_scripts won't work.
+	event_scripts('login_form', 'login');
+	js_hash_scripts();
 }//end Login_Page() //**********************************************************
 
 
@@ -1580,7 +1638,7 @@ function Table_of_Files($full_list) { //****************************************
 		
 		//Used to not show rename & delete options for active copy of OneFileCMS.
 		$IS_OFCMS = false;
-		if ( $ipath.$file == trim(rawurldecode($ONESCRIPT), '/') ) { $IS_OFCMS = true;  }
+		if ( $ipath.$file == trim($_SERVER['SCRIPT_NAME'], '/') ) { $IS_OFCMS = true;  }
 		
 		if ( ($SHOWTYPE && !$excluded) || is_dir($ipath.$file) ) {
 			$HREF_params = $ONESCRIPT.$param1;
@@ -1626,12 +1684,12 @@ function Index_Page(){ //*******************************************************
 		echo '<INPUT '.$input_attribs.' onclick="Select_All();">';
 		
 		echo '<div id="mcd_submit">';
-		$onclick_m = 'onclick="return Confirm_Submit( \'move\');   "';
-		$onclick_c = 'onclick="return Confirm_Submit( \'copy\');   "';
-		$onclick_d = 'onclick="return Confirm_Submit( \'delete\' );"';
-		echo '<button TYPE=button id=delete '.$onclick_m.'>'.$ICONS['move'  ].'&nbsp;'.hsc($_['Move']  ).'</button>';
-		echo '<button TYPE=button id=delete '.$onclick_c.'>'.$ICONS['copy'  ].'&nbsp;'.hsc($_['Copy']  ).'</button>';
-		echo '<button TYPE=button id=delete '.$onclick_d.'>'.$ICONS['delete'].'&nbsp;'.hsc($_['Delete']).'</button>';
+		$onclick_m = 'onclick="Confirm_Submit( \'move\');   "';
+		$onclick_c = 'onclick="Confirm_Submit( \'copy\');   "';
+		$onclick_d = 'onclick="Confirm_Submit( \'delete\' );"';
+		echo '<button TYPE=button '.$onclick_m.'>'.$ICONS['move'  ].'&nbsp;'.hsc($_['Move']  ).'</button>';
+		echo '<button TYPE=button '.$onclick_c.'>'.$ICONS['copy'  ].'&nbsp;'.hsc($_['Copy']  ).'</button>';
+		echo '<button TYPE=button '.$onclick_d.'>'.$ICONS['delete'].'&nbsp;'.hsc($_['Delete']).'</button>';
 		echo '</div>'; //end mcd_submit
 	}
 
@@ -1854,8 +1912,8 @@ function Edit_Page() { //*******************************************************
 
 function Edit_response(){ //***If on Edit page, and [Save] clicked *************
 	global $_, $EX, $message, $filename;
-	$filename = $_POST["filename"];
-	$contents = $_POST["contents"];
+	$filename = $_POST['filename'];
+	$contents = $_POST['contents'];
 
 	$contents = str_replace("\r\n", "\n", $contents); //Make sure EOL is only newline char.
 	$contents = str_replace("\r"  , "\n", $contents); //Make sure EOL is only newline char.
@@ -1926,7 +1984,7 @@ function Upload_response() { //*************************************************
 		
 		$filecount++;
 		$filename    = $_FILES['upload_file']['name'][$N];
-		$destination = Check_path($_POST["upload_destination"]);
+		$destination = Check_path($_POST['upload_destination']);
 		$savefile_msg = '';		
 		
 		$MAXUP1 = ini_get('upload_max_filesize');
@@ -1965,7 +2023,7 @@ function Upload_response() { //*************************************************
 		}
 	}//end foreach $_FILES
 	
-	if ($filecount == 0) { $message .= $EX.'<b>'.hsc($_['upload_msg_01']).'</b><br>'; }
+	if ($filecount == 0) { $page = "upload"; } //If nothing selected, just reload Upload page.
 }//end Upload_response() //*****************************************************
 
 
@@ -1991,10 +2049,10 @@ function New_response($post, $isfile){ //***************************************
 
 	$page      = "index"; //Return to index if folder, or on error.
 
-	$new_name  = trim($_POST["$post"], $WHSPC_SLASH); //Trim whitespace & slashes.
+	$new_name  = trim($_POST[$post], $WHSPC_SLASH); //Trim whitespace & slashes.
 	
-	if ($isfile) { $filename  = $ipath.$new_name;     }
-	else         { $new_ipath = $ipath.$new_name.'/'; }
+	if ($isfile) { $f_or_f = "file";   $filename  = $ipath.$new_name;     }
+	else         { $f_or_f = "folder"; $new_ipath = $ipath.$new_name.'/'; }
 
 	$msg_new  = '<span class="filename">'.hte($new_name).'</span><br>';
 
@@ -2002,8 +2060,9 @@ function New_response($post, $isfile){ //***************************************
 		$message .= $EX.'<b>'.hsc($_['new_file_msg_01']).'</b> '.$msg_new;
 		$message .= '<b>'.hsc($_['new_file_msg_02']).'<span class="mono"> '.hte($INVALID_CHARS).'</span></b>';
 		
-	}elseif ($new_name == ""){
-		$message .= $EX.'<b>'.hsc($_['new_file_msg_03']).'</b>';  //No name given.
+	}elseif ($new_name == ""){ //No new name given.
+		$page   = "new".$f_or_f;
+		$param3 = '&amp;p=index'; //For [Cancel] button
 		
 	}elseif (file_exists($filename)) { //Does file or folder already exist ?
 		$message .= $EX.'<b>'.hsc($_['new_file_msg_04']).' '.$msg_new;
@@ -2022,7 +2081,7 @@ function New_response($post, $isfile){ //***************************************
 	}else{
 		$message .= $EX.'<b>'.hsc($_['new_file_msg_01']).':</b><br>'.$msg_new; //'Error - new file not created:'
 	}
-}//end New_response //**********************************************************
+}//end New_response() //********************************************************
 
 
 
@@ -2094,8 +2153,8 @@ function CRM_response($action, $msg1, $show_message = 3){ //********************
 	//$show_message: 0 = none; 1 = errors only; 2 = successes only; 3 = all messages (default).
 	global $_, $ipath, $filename, $page, $param1, $param2, $message, $EX, $INVALID_CHARS, $WHSPC_SLASH;
 
-	$old_name      = trim($_POST["old_name"], $WHSPC_SLASH);     //Trim whitespace & slashes.
-	$new_name_only = trim($_POST["new_name"], $WHSPC_SLASH);
+	$old_name      = trim($_POST['old_name'], $WHSPC_SLASH);     //Trim whitespace & slashes.
+	$new_name_only = trim($_POST['new_name'], $WHSPC_SLASH);
 	$new_location  = trim($_POST['new_location'], $WHSPC_SLASH);
 	if ($new_location != "") { $new_location .= '/'; }
 	$new_name      = $new_location.$new_name_only;
@@ -2389,6 +2448,30 @@ function pad(num){ if ( num < 10 ){ num = "0" + num; }; return num; }
 
 
 
+function trim($string) {
+
+	//trim leading whitespace
+	$len = $string.length;
+	$trimmed = "";
+	for (var $x=0; $x < $len; $x++) {
+		$charcode = $string.charCodeAt($x);
+		if ( $charcode > 32) { $trimmed += $string.substr($x); $x = $len; }
+	}
+
+	//trim trailing whitespace
+	$string = $trimmed;
+	$len = $string.length;
+	$trimmed = "";
+	for ($x=($len-1); $x >= 0; $x--) {
+		$charcode = $string.charCodeAt($x);
+		if ( $charcode > 32) { $trimmed += $string.substr(0,$x+1); $x = -1; }
+	}
+
+	return $trimmed;
+}//end trim()
+
+
+
 function FormatTime(Seconds) {
 	var Hours = Math.floor(Seconds / 3600); Seconds = Seconds % 3600;
 	var Minutes = Math.floor(Seconds / 60); Seconds = Seconds % 60;
@@ -2535,138 +2618,266 @@ function Edit_Page_scripts() { //***********************************************
 		}
 	}
 ?>
-	<!--======== Provide feedback re: unsaved changes ========-->
-	<script>
+<!--======== Provide feedback re: unsaved changes ========-->
+<script>
 
-	var File_textarea    = document.getElementById('file_contents');
-	var Save_File_button = document.getElementById('save_file');
-	var Reset_button     = document.getElementById('reset');
-	
-	if (File_textarea) { var start_value = File_textarea.value; }
+var File_textarea    = document.getElementById('file_contents');
+var Save_File_button = document.getElementById('save_file');
+var Reset_button     = document.getElementById('reset');
+
+if (File_textarea) { var start_value = File_textarea.value; }
 
-	var submitted  = false;
-	var changed    = false;
+var submitted  = false;
+var changed    = false;
 
-	// a few var's for Wide_View()
-	var Main_div		 = document.getElementById('main');
-	var Wide_View_button = document.getElementById('wide_view');
-	var main_width_default = '<?php echo $MAIN_WIDTH ?>';
+// a few var's for Wide_View()
+var Main_div		 = document.getElementById('main');
+var Wide_View_button = document.getElementById('wide_view');
+var main_width_default = '<?php echo $MAIN_WIDTH ?>';
 
 
-	// The following events only apply when the element is active.
-	// [Save] is disabled unless there are changes to the open file.
-	Save_File_button.onfocus = function()     { Save_File_button.style.backgroundColor = "rgb(255,250,150)";
-											    Save_File_button.style.borderColor = "#F00"; }
-	Save_File_button.onblur  = function()     { Save_File_button.style.backgroundColor ="#Fee";
-											    Save_File_button.style.borderColor = "#Faa"; }
-	Save_File_button.onmouseover = function() { Save_File_button.style.backgroundColor = "rgb(255,250,150)";
-											    Save_File_button.style.borderColor = "#F00"; }
-	Save_File_button.onmouseout  = function() { Save_File_button.style.backgroundColor = "#Fee";
-											    Save_File_button.style.borderColor = "#Faa"; }
+// The following events only apply when the element is active.
+// [Save] is disabled unless there are changes to the open file.
+Save_File_button.onfocus = function()     { Save_File_button.style.backgroundColor = "rgb(255,250,150)";
+										    Save_File_button.style.borderColor = "#F00"; }
+Save_File_button.onblur  = function()     { Save_File_button.style.backgroundColor ="#Fee";
+										    Save_File_button.style.borderColor = "#Faa"; }
+Save_File_button.onmouseover = function() { Save_File_button.style.backgroundColor = "rgb(255,250,150)";
+										    Save_File_button.style.borderColor = "#F00"; }
+Save_File_button.onmouseout  = function() { Save_File_button.style.backgroundColor = "#Fee";
+										    Save_File_button.style.borderColor = "#Faa"; }
 
 
-	Main_div.style.width = "<?php echo $current_view ?>"; //Set current width
+Main_div.style.width = "<?php echo $current_view ?>"; //Set current width
 
-	if ( Main_div.style.width == '<?php echo $WIDE_VIEW_WIDTH ?>' ) {
+if ( Main_div.style.width == '<?php echo $WIDE_VIEW_WIDTH ?>' ) {
+	Wide_View_button.value = '<?php echo addslashes($_['Normal_View']) ?>';
+}
+
+
+function Wide_View() {
+	if ( File_textarea ) { File_textarea.style.width = '99.8%'; }
+	
+	if (Main_div.style.width == '<?php echo $WIDE_VIEW_WIDTH ?>') {
+		Main_div.style.width = main_width_default;
+		Wide_View_button.value = "<?php echo addslashes($_['Wide_View'])?>";
+		document.cookie = 'edit_view=' + main_width_default;
+	}else{
+		Main_div.style.width = '<?php echo $WIDE_VIEW_WIDTH ?>';
 		Wide_View_button.value = '<?php echo addslashes($_['Normal_View']) ?>';
+		document.cookie = 'edit_view=<?php echo $WIDE_VIEW_WIDTH ?>';
 	}
+}
 
 
-	function Wide_View() {
-		if ( File_textarea ) { File_textarea.style.width = '99.8%'; }
-		
-		if (Main_div.style.width == '<?php echo $WIDE_VIEW_WIDTH ?>') {
-			Main_div.style.width = main_width_default;
-			Wide_View_button.value = "<?php echo addslashes($_['Wide_View'])?>";
-			document.cookie = 'edit_view=' + main_width_default;
-		}else{
-			Main_div.style.width = '<?php echo $WIDE_VIEW_WIDTH ?>';
-			Wide_View_button.value = '<?php echo addslashes($_['Normal_View']) ?>';
-			document.cookie = 'edit_view=<?php echo $WIDE_VIEW_WIDTH ?>';
-		}
+function Reset_file_status_indicators() {
+	changed = false;
+	File_textarea.style.backgroundColor = "#F9FFF9";  //light green
+	Save_File_button.style.backgroundColor = "";
+	Save_File_button.style.borderColor = "";
+	Save_File_button.style.borderWidth = "1px";
+	Save_File_button.disabled = "disabled";
+	Save_File_button.value = "<?php echo addslashes($_['save_1'])?>";
+	Reset_button.disabled = "disabled";
+}
+
+
+window.onbeforeunload = function() {
+	if ( changed && !submitted ) {
+		//FF4+ Ingores the supplied msg below & only uses a system msg for the prompt.
+		return "<?php echo addslashes($_['unload_unsaved']) ?>";
 	}
+}
 
 
-	function Reset_file_status_indicators() {
-		changed = false;
-		File_textarea.style.backgroundColor = "#F9FFF9";  //light green
-		Save_File_button.style.backgroundColor = "";
-		Save_File_button.style.borderColor = "";
-		Save_File_button.style.borderWidth = "1px";
-		Save_File_button.disabled = "disabled";
-		Save_File_button.value = "<?php echo addslashes($_['save_1'])?>";
-		Reset_button.disabled = "disabled";
+window.onunload = function() {
+	//without this, a browser back then forward would reload file with local/
+	// unsaved changes, but with a green b/g as tho that's the file's contents.
+	if (!submitted) {
+		File_textarea.value = start_value;
+		Reset_file_status_indicators();
 	}
+}
 
 
-	window.onbeforeunload = function() {
-		if ( changed && !submitted ) {
-			//FF4+ Ingores the supplied msg below & only uses a system msg for the prompt.
-			return "<?php echo addslashes($_['unload_unsaved']) ?>";
-		}
+//With selStart & selEnd == 0, moves cursor to start of text field.
+function setSelRange(inputEl, selStart, selEnd) {
+	if (inputEl.setSelectionRange) {
+		inputEl.focus();
+		inputEl.setSelectionRange(selStart, selEnd);
+	} else if (inputEl.createTextRange) {
+		var range = inputEl.createTextRange();
+		range.collapse(true);
+		range.moveEnd('character', selEnd);
+		range.moveStart('character', selStart);
+		range.select();
 	}
+}
 
 
-	window.onunload = function() {
-		//without this, a browser back then forward would reload file with local/
-		// unsaved changes, but with a green b/g as tho that's the file's contents.
-		if (!submitted) {
-			File_textarea.value = start_value;
-			Reset_file_status_indicators();
-		}
+function Check_for_changes(event){
+	var keycode=event.keyCode? event.keyCode : event.charCode;
+	changed = (File_textarea.value != start_value);
+	if (changed){
+		document.getElementById('message_box').innerHTML = " "; // Must have a space, or it won't clear the msg.
+		File_textarea.style.backgroundColor    = "#Fee";//light red
+		Save_File_button.style.backgroundColor ="#Fee";
+		Save_File_button.style.borderColor = "#Faa";  //less light red
+		Save_File_button.style.borderWidth = "1px";
+		Save_File_button.disabled = "";
+		Reset_button.disabled = "";
+		Save_File_button.value = "<?php echo addslashes($_['save_2'])?>";
+	}else{
+		Reset_file_status_indicators()
 	}
+}
 
 
-	//With selStart & selEnd == 0, moves cursor to start of text field.
-	function setSelRange(inputEl, selStart, selEnd) {
-		if (inputEl.setSelectionRange) {
-			inputEl.focus();
-			inputEl.setSelectionRange(selStart, selEnd);
-		} else if (inputEl.createTextRange) {
-			var range = inputEl.createTextRange();
-			range.collapse(true);
-			range.moveEnd('character', selEnd);
-			range.moveStart('character', selStart);
-			range.select();
-		}
+//Reset textarea value to when page was loaded.
+//Used by [Reset] button, and when page unloads (browser back, etc).
+//Needed becuase if the page is reloaded (ctl-r, or browser back/forward, etc.),
+//the text stays changed, but "changed" gets set to false, which looses warning.
+function Reset_File() {
+	if (changed) {
+		if ( !(confirm("<?php echo addslashes($_['confirm_reset']) ?>")) ) { return; }
 	}
+	File_textarea.value = start_value;
+	Reset_file_status_indicators();
+	setSelRange(File_textarea, 0, 0) //Move cursor to start of textarea.
+}
 
+Reset_file_status_indicators();
+</script>
+<?php
+}//end Edit_Page_scripts() //***************************************************
 
-	function Check_for_changes(event){
-		var keycode=event.keyCode? event.keyCode : event.charCode;
-		changed = (File_textarea.value != start_value);
-		if (changed){
-			document.getElementById('message_box').innerHTML = " "; // Must have a space, or it won't clear the msg.
-			File_textarea.style.backgroundColor    = "#Fee";//light red
-			Save_File_button.style.backgroundColor ="#Fee";
-			Save_File_button.style.borderColor = "#Faa";  //less light red
-			Save_File_button.style.borderWidth = "1px";
-			Save_File_button.disabled = "";
-			Reset_button.disabled = "";
-			Save_File_button.value = "<?php echo addslashes($_['save_2'])?>";
-		}else{
-			Reset_file_status_indicators()
-		}
+
+
+
+function event_scripts($form_id, $button_id, $pwun=''){ //**********************
+	global $_;
+
+	//pre-hash "new1" & "new2" only if changing p/w (not if changing u/n).
+	$hash_new_new = '';
+	if ($pwun == 'pw') {
+		$hash_new_new = " hash('new1'); hash('new2');";
+	}//end if changing p/w --------------------------------------
+?>
+<script>
+var $form          = document.getElementById('<?php echo $form_id ?>');
+var $submit_button = document.getElementById('<?php echo $button_id ?>');
+var $message_box   = document.getElementById('message_box');
+var $thispage      = false; //Used to ignore keyup if keydown started on prior page.
+var $submitdown    = false; //Used in document.mouseup event
+
+
+//Key or mouse down events trigger "Working..." message.
+$form.onkeydown            = function(event) {events_down(event, 13);} //Form captures Enter key (13)
+$submit_button.onkeydown   = function(event) {events_down(event, 32);} //Submit button captures Space key (32)
+$submit_button.onmousedown = function(event) {$submitdown = true; events_down(event,  0);}
+
+//Key or mouse up events trigger hash and submit.
+$form.onkeyup              = function(event) {events_up(event, 13);}
+$submit_button.onkeyup     = function(event) {events_up(event, 32);}
+$submit_button.onmouseup   = function(event) {events_up(event,  0);} //For mouse events, keyCode is 0 or undefined, and ignored.
+
+
+function events_down(event, capture_key) {if (!event) {var event = window.event;} //if IE
+	$thispage = true; //Make sure keydown was on this page.
+	if ((event.type.substr(0,3) == 'key') && (event.keyCode != capture_key)) {return true;}
+	$message_box.innerHTML = '<div id="message_box_contents"><b><?php echo $_['Working'] ?></b>';
+}
+
+
+function events_up(event, capture_key) {if (!event) {var event = window.event;} //if IE
+	if (!$thispage) {return false;} //Ignore keyup if there was no keydown on this page.
+	if ((event.type.substr(0,3) == 'key') && (event.keyCode != capture_key)) {return true;}
+	if (!pre_validate()) {return false};
+	$submit_button.disabled = "disabled";  //Prevent extra clicks
+	hash('password');
+	<?php echo $hash_new_new ?>
+	$form.submit();
+}
+
+
+document.onmouseup = function(event) {if (!event) {var event = window.event;} //if IE
+	//if mousedown was on submit button, but mouseup wasn't, clear message.
+
+	var target = event.target || event.srcElement //= most brosers || IE
+	if ($submitdown && ($submit_button.id != target.id) ) { $message_box.innerHTML = ''; } 
+	$submitdown = false;
+}
+
+
+function pre_validate() {
+	var $pw = document.getElementById('password');
+
+	//These must exist for checks below.
+	var $username = $pw;    var $new1 = $pw;    var $new2 = $pw;
+
+	if (document.getElementById('username')){
+		var $username = document.getElementById('username');
+	}
+	if (document.getElementById('new1')){
+		var $new1 = document.getElementById('new1');
+		var $new2 = document.getElementById('new2');
 	}
 
 
-	//Reset textarea value to when page was loaded.
-	//Used by [Reset] button, and when page unloads (browser back, etc).
-	//Needed becuase if the page is reloaded (ctl-r, or browser back/forward, etc.),
-	//the text stays changed, but "changed" gets set to false, which looses warning.
-	function Reset_File() {
-		if (changed) {
-			if ( !(confirm("<?php echo addslashes($_['confirm_reset']) ?>")) ) { return; }
-		}
-		File_textarea.value = start_value;
-		Reset_file_status_indicators();
-		setSelRange(File_textarea, 0, 0) //Move cursor to start of textarea.
+	//If any field is blank..
+	if (($username.value == '') || ($pw.value == '') || ($new1.value == '') || ($new2.value == '')) {
+		$message_box.innerHTML = '<div id="message_box_contents"><b><?php echo $_['change_pw_07'] ?></b>';
+		return false;
 	}
+	//If new & confirm new values do not match...
+	if (trim($new1.value) != trim($new2.value)) {
+		$message_box.innerHTML = '<div id="message_box_contents"><b><?php echo $_['change_pw_04'] ?></b>';
+		return false;
+	}
+	return true;
+}//end pre_validate()
+</script>
+<?php
+}//end event_scripts() //*******************************************************
 
-	Reset_file_status_indicators();
-	</script>
+
+
+
+function js_hash_scripts() { //*************************************************
+	global $SALT, $PRE_ITERATIONS;
+
+//Used to hash p/w's client side.  This does not really add any security to the server side application that uses it,
+//as the "pre-hash" becomes the actual p/w as far as the server is concerned, and is just as vulnerable to exposure 
+//while in transit. However, this does help to protect the user's plain-text p/w, which may be used elsewhere.
+?>
+<script>
+/* hex_sha256() (and directly associated functions)
+ *
+ * A JavaScript implementation of SHA-256, as defined in FIPS 180-2
+ * Version 2.2 Copyright Angel Marin, Paul Johnston 2000 - 2009.
+ * Other contributors: Greg Holt, Andrew Kepert, Ydnar, Lostinet
+ * Distributed under the BSD License
+ * See http://pajhome.org.uk/crypt/md5 for details.
+ * Also http://anmar.eu.org/projects/jssha2/
+ */
+var hexcase=0;function hex_sha256(a){return rstr2hex(rstr_sha256(str2rstr_utf8(a)))}function sha256_vm_test(){return hex_sha256("abc").toLowerCase()=="ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad"}function rstr_sha256(a){return binb2rstr(binb_sha256(rstr2binb(a),a.length*8))}function rstr2hex(c){try{hexcase}catch(g){hexcase=0}var f=hexcase?"0123456789ABCDEF":"0123456789abcdef";var b="";var a;for(var d=0;d<c.length;d++){a=c.charCodeAt(d);b+=f.charAt((a>>>4)&15)+f.charAt(a&15)}return b}function str2rstr_utf8(c){var b="";var d=-1;var a,e;while(++d<c.length){a=c.charCodeAt(d);e=d+1<c.length?c.charCodeAt(d+1):0;if(55296<=a&&a<=56319&&56320<=e&&e<=57343){a=65536+((a&1023)<<10)+(e&1023);d++}if(a<=127){b+=String.fromCharCode(a)}else{if(a<=2047){b+=String.fromCharCode(192|((a>>>6)&31),128|(a&63))}else{if(a<=65535){b+=String.fromCharCode(224|((a>>>12)&15),128|((a>>>6)&63),128|(a&63))}else{if(a<=2097151){b+=String.fromCharCode(240|((a>>>18)&7),128|((a>>>12)&63),128|((a>>>6)&63),128|(a&63))}}}}}return b}function rstr2binb(b){var a=Array(b.length>>2);for(var c=0;c<a.length;c++){a[c]=0}for(var c=0;c<b.length*8;c+=8){a[c>>5]|=(b.charCodeAt(c/8)&255)<<(24-c%32)}return a}function binb2rstr(b){var a="";for(var c=0;c<b.length*32;c+=8){a+=String.fromCharCode((b[c>>5]>>>(24-c%32))&255)}return a}function sha256_S(b,a){return(b>>>a)|(b<<(32-a))}function sha256_R(b,a){return(b>>>a)}function sha256_Ch(a,c,b){return((a&c)^((~a)&b))}function sha256_Maj(a,c,b){return((a&c)^(a&b)^(c&b))}function sha256_Sigma0256(a){return(sha256_S(a,2)^sha256_S(a,13)^sha256_S(a,22))}function sha256_Sigma1256(a){return(sha256_S(a,6)^sha256_S(a,11)^sha256_S(a,25))}function sha256_Gamma0256(a){return(sha256_S(a,7)^sha256_S(a,18)^sha256_R(a,3))}function sha256_Gamma1256(a){return(sha256_S(a,17)^sha256_S(a,19)^sha256_R(a,10))}function sha256_Sigma1512(a){return(sha256_S(a,14)^sha256_S(a,18)^sha256_S(a,41))}function sha256_Gamma1512(a){return(sha256_S(a,19)^sha256_S(a,61)^sha256_R(a,6))}var sha256_K=new Array(1116352408,1899447441,-1245643825,-373957723,961987163,1508970993,-1841331548,-1424204075,-670586216,310598401,607225278,1426881987,1925078388,-2132889090,-1680079193,-1046744716,-459576895,-272742522,264347078,604807628,770255983,1249150122,1555081692,1996064986,-1740746414,-1473132947,-1341970488,-1084653625,-958395405,-710438585,113926993,338241895,666307205,773529912,1294757372,1396182291,1695183700,1986661051,-2117940946,-1838011259,-1564481375,-1474664885,-1035236496,-949202525,-778901479,-694614492,-200395387,275423344,430227734,506948616,659060556,883997877,958139571,1322822218,1537002063,1747873779,1955562222,2024104815,-2067236844,-1933114872,-1866530822,-1538233109,-1090935817,-965641998);function binb_sha256(n,o){var p=new Array(1779033703,-1150833019,1013904242,-1521486534,1359893119,-1694144372,528734635,1541459225);var k=new Array(64);var B,A,z,y,w,u,t,s;var r,q,x,v;n[o>>5]|=128<<(24-o%32);n[((o+64>>9)<<4)+15]=o;for(r=0;r<n.length;r+=16){B=p[0];A=p[1];z=p[2];y=p[3];w=p[4];u=p[5];t=p[6];s=p[7];for(q=0;q<64;q++){if(q<16){k[q]=n[q+r]}else{k[q]=safe_add(safe_add(safe_add(sha256_Gamma1256(k[q-2]),k[q-7]),sha256_Gamma0256(k[q-15])),k[q-16])}x=safe_add(safe_add(safe_add(safe_add(s,sha256_Sigma1256(w)),sha256_Ch(w,u,t)),sha256_K[q]),k[q]);v=safe_add(sha256_Sigma0256(B),sha256_Maj(B,A,z));s=t;t=u;u=w;w=safe_add(y,x);y=z;z=A;A=B;B=safe_add(x,v)}p[0]=safe_add(B,p[0]);p[1]=safe_add(A,p[1]);p[2]=safe_add(z,p[2]);p[3]=safe_add(y,p[3]);p[4]=safe_add(w,p[4]);p[5]=safe_add(u,p[5]);p[6]=safe_add(t,p[6]);p[7]=safe_add(s,p[7])}return p}function safe_add(a,d){var c=(a&65535)+(d&65535);var b=(a>>16)+(d>>16)+(c>>16);return(b<<16)|(c&65535)};
+</script>
+
+
+<script>
+//OneFileCMS wrapper function for using hash functions
+function hash($element_id) {
+	var $input = document.getElementById($element_id);
+	var $hash = trim($input.value); //trim() defined in common_scripts()
+	var $SALT = '<?php echo $SALT ?>';
+	var $PRE_ITERATIONS = <?php echo $PRE_ITERATIONS ?>; //$PRE_ITERATIONS also used in hashit()
+	if ($hash.length < 1) {$input.value = $hash; return;} //Don't hash nothing.
+	for ( $x=0; $x < $PRE_ITERATIONS; $x++ ) { $hash = hex_sha256($hash + $SALT); } ;
+	$input.value = $hash;
+}//end hash_256()
+</script>
 <?php
-}//end Edit_Page_scripts() //***************************************************
+}//end js_hash_scripts() //*****************************************************
 
 
 
@@ -2699,8 +2910,6 @@ function style_sheet(){ //******************************************************
 table { border-collapse:separate; border-spacing:0; }
 th,td { text-align:left; font-weight:400; }
 
-a { border: 1px solid transparent; color: rgb(100,45,0); text-decoration: none; }
-
 label { font-size : 1em; font-weight: bold; }
 
 pre {
@@ -2714,14 +2923,15 @@ function style_sheet(){ //******************************************************
 input[type="password"] { width: 100%; border: 1px solid #807568; padding: 0   1px 0   0; }
 input[type="file"]     { width: 100%; border: 1px solid #807568; background-color: white; }
 
-input[readonly]       { color: #333; background-color: #EEE; }
-input[disabled]       { color: #555; background-color: #EEE; }
+input[readonly]        { color: #333; background-color: #EEE; }
+input[disabled]        { color: #555; background-color: #EEE; }
 
 input:focus  { background-color: rgb(255,250,150); }
 input:hover  { background-color: rgb(255,250,150); }
 
-button:focus { background-color: rgb(255,250,150); }
-button:hover { background-color: rgb(255,250,150); }
+button:focus  { background-color: rgb(255,250,150); }
+button:hover  { background-color: rgb(255,250,150); }
+button:active { background-color: rgb(245,245,50);  }
 
 /* --- layout --- */
 
@@ -2780,8 +2990,9 @@ function style_sheet(){ //******************************************************
 	background : #EEE;
 	}
 
-#message_box  #X_box:hover {background-color: rgb(255,250,150);}
-#message_box  #X_box:focus {background-color: rgb(255,250,150);}
+#message_box  #X_box:hover  {background-color: rgb(255,250,150);}
+#message_box  #X_box:focus  {background-color: rgb(255,250,150);}
+#message_box  #X_box:active {background-color: rgb(245,245,50); }
 
 .filename { font-family: courier; }
 
@@ -2822,8 +3033,8 @@ function style_sheet(){ //******************************************************
 
 /*Index table file select boxes*/
 .ckbox {padding: 2px 4px 0 4px}
-.ckbox:hover { background-color: rgb(255,250,150); }
 .ckbox:focus { background-color: rgb(255,250,150); }
+.ckbox:hover { background-color: rgb(255,250,150); }
 
 
 #index_page_buttons     { margin: 0 0 .5em 0; }
@@ -2843,9 +3054,10 @@ function style_sheet(){ //******************************************************
 	background-color: #EEE;
 	}
 
-a:hover { border: 1px solid #807568; background-color: rgb(255,250,150); }
-a:focus { border: 1px solid #807568; background-color: rgb(255,250,150); }
-
+a { border: 1px solid transparent; color: rgb(100,45,0); text-decoration: none; }
+a:focus  { border: 1px solid #807568; background-color: rgb(255,250,150); }
+a:hover  { border: 1px solid #807568; background-color: rgb(255,250,150); }
+a:active { border: 1px solid #807568; background-color: rgb(245,245,50);  }
 
 /*** Select All [x]  [Move] [Copy] [Delete] ***/
 
@@ -2869,8 +3081,9 @@ function style_sheet(){ //******************************************************
 	background-color: #EEE;
 	}
 
-#mcd_submit button:hover { background-color: rgb(255,250,150); }
-#mcd_submit button:focus { background-color: rgb(255,250,150); }
+#mcd_submit button:focus  { background-color: rgb(255,250,150); }
+#mcd_submit button:hover  { background-color: rgb(255,250,150); }
+#mcd_submit button:active { background-color: rgb(245,245,50); }
 
 .buttons_right         { float: right; }
 .buttons_right .button { margin-left: .5em; }
@@ -2885,7 +3098,8 @@ function style_sheet(){ //******************************************************
 	background-color: #EEE;  /*#d4d4d4*/
 	}
 
-.button[disabled]  { color: #777; background-color: #EEE; }
+.button[disabled] { color: #777; background-color: #EEE; }
+.button:active    { background-color: rgb(245,245,50); }
 
 
 /* --- header --- */
@@ -2907,8 +3121,9 @@ function style_sheet(){ //******************************************************
 	padding-bottom: .1em;
 	}
 
-.nav a:hover { border: 1px solid #807568; }
-.nav a:focus { border: 1px solid #807568; }
+.nav a:hover  { border: 1px solid #807568; }
+.nav a:focus  { border: 1px solid #807568; }
+.nav a:active { border: 1px solid #807568; }
 
 
 /* --- edit --- */
@@ -3116,10 +3331,10 @@ function Language_and_config_adjusted_styles() { //*****************************
 	$_SESSION['admin_ipath'] = '';
 }
 
-Init_ICONS();
-
 if ($_SESSION['valid']) {
 
+	Init_ICONS();
+
 	undo_magic_quotes();
 
 	Get_GET();
@@ -3134,7 +3349,7 @@ function Language_and_config_adjusted_styles() { //*****************************
 	
 	//Used to disable some options if editing OneFileCMS itself.
 	$Editing_OFCMS = false;
-	if ( isset($filename) && ($filename == trim(rawurldecode($ONESCRIPT), '/')) ) { $Editing_OFCMS = true; }
+	if ( isset($filename) && ($filename == trim($_SERVER['SCRIPT_NAME'], '/')) ) { $Editing_OFCMS = true; }
 
 	//Don't show path header on some pages.
 	$Show_Path = true;
@@ -3143,10 +3358,6 @@ function Language_and_config_adjusted_styles() { //*****************************
 
 }//end if $_SESSION[valid] 
 
-//Finish up/prepare to send page contents.
-$early_output = ob_get_clean(); // Should be blank unless trouble-shooting.
-header('Content-type: text/html; charset=UTF-8');
-
 //end logic to determine page action *******************************************
 
 
@@ -3155,7 +3366,10 @@ function Language_and_config_adjusted_styles() { //*****************************
 //******************************************************************************
 //Output page contents
 //******************************************************************************
-?><!DOCTYPE html>
+$early_output = ob_get_clean(); // Should be blank unless trouble-shooting.
+header('Content-type: text/html; charset=UTF-8');
+?>
+<!DOCTYPE html>
 <html><head>
 <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
 <meta name="robots" content="noindex">
diff --git a/readme.markdown b/readme.markdown
index 2f5ceb4..6a44345 100755
--- a/readme.markdown
+++ b/readme.markdown
@@ -1,9 +1,19 @@
 # OneFileCMS
 
-## Current version: 3.4.14
+## Current version: 3.4.15
 
 ## Recent changes
 
+### November 18, 2012 (v3.4.15)
+
+- Added client-side hashing of passwords.  
+  This is primarily a benefit for the user, as it does not really add any security to the server side application that uses it (such as OneFileCMS).  The reason is that this "pre-hash" simply becomes the actual password as far as the server is concerned, and is just as vulnerable to exposure while in transit. However, it does help to protect the user's plain-text password, which may be used elsewhere.  
+
+While a slightly different solution has been used, I want to thank [fermuch](http://github.com/fermuch) for the original idea and solution suggestion.  The reason that first solution was not used was due to its utilization of external files, and due to my (limited) understanding of the usefullness (or lack thereof) of client side hashing - at the time.  Well, after quite a bit of additional reading and consideration, that understanding has evolved a bit, and is summerized above.
+
+- Also added a "please wait..." message while computing the client-side hashes - primarily for a certain browser (and versions that aren't that old) that is MUCH slower than FF or Chrome (by a factor of 37 or more).  Subsequently, the number of iterations for the client-side hashing is quite low (compared to the server side), but still causes a 1 - 2 second delay on the login screen, and a 3 - 6 second delay on the Change Password screen.  On FF and Chrome, the delay is much shorter, almost unnoticable.
+
+
 ### November 12, 2012 (v3.4.14)
 
 - Courtesy of [Fuchur777](github.com/Fuchur777), added option to restrict OneFileCMS to a specified folder (and it's sub-folders).

From 6bdc0d0a394895f94056851f3621270540363ccd Mon Sep 17 00:00:00 2001
From: Self-Evident <selfevidenttruths@mail.com>
Date: Fri, 23 Nov 2012 10:30:00 -0500
Subject: [PATCH 157/228] Version 3.4.16 Edit_Page_buttons(): Added icons to
 [Move], [Copy], & [Delete] <buttons> Edit_Page_buttons(): Removed second
 [Close] button. Added markdown to editable file types.
 Cancel_Submit_Buttons(): changed <input>'s to <button>'s
 Edit_Page_buttons_top(): changed <input>'s to <button>'s Admin_Page():
 changed <input>'s to <button>'s List_File(): Seperated & streamlined code a
 bit. Edit_Page_scripts(): tweaked a couple event affected styles. Changed
 $_['reset'] from 'Reset - loose changes' to just 'Reset'  (and similarly in
 each langauge file)

---
 OneFileCMS.LANG.DE.php |  10 +--
 OneFileCMS.LANG.EN.php |   4 +-
 OneFileCMS.LANG.ES.php |   6 +-
 OneFileCMS.LANG.NL.php |   8 +-
 OneFileCMS.LANG.RU.php |  10 +--
 onefilecms.php         | 186 ++++++++++++++++++++---------------------
 readme.markdown        |  12 ++-
 7 files changed, 119 insertions(+), 117 deletions(-)

diff --git a/OneFileCMS.LANG.DE.php b/OneFileCMS.LANG.DE.php
index 6ecb9b0..76edf46 100755
--- a/OneFileCMS.LANG.DE.php
+++ b/OneFileCMS.LANG.DE.php
@@ -1,5 +1,5 @@
 <?php
-// OneFileCMS Language Settings v3.4.15
+// OneFileCMS Language Settings v3.4.16
 
 $_['LANGUAGE'] = 'Deutsch';
 $_['LANG'] = 'DE';
@@ -18,9 +18,9 @@
 // So, a smaller font or less spacing may be desirable in those places to preserve page layout.
 $_['front_links_font_size']  = '0.9em';   //Buttons on Index page.
 $_['front_links_margin_L']   = '0.3em';
-$_['button_font_size']       = '.7em';    //Buttons on Edit page.
-$_['button_margin_L']        = '.5em';
-$_['button_padding']         = '4px 5px';
+$_['button_font_size']       = '0.8em';   //Buttons on Edit page.
+$_['button_margin_L']        = '0.7em';
+$_['button_padding']         = '4px 2px';
 $_['image_info_font_size']   = '.95em';   //show_img_msg_01  &  _02
 $_['image_info_pos']         = '1';       //If 1 or true, moves the info down a line for more space.
 $_['select_all_label_size']  = '.84em';   //Font size of $_['Select_All']
@@ -82,7 +82,7 @@
 
 $_['save_1']      = 'Speichern';
 $_['save_2']      = 'ÄNDERUNGEN SPEICHERN!';
-$_['reset']       = 'Zurücksetzen - Änderungen verwerfen';
+$_['reset']       = 'Zurücksetzen';
 $_['Wide_View']   = 'Breitenadaptierte Ansicht';
 $_['Normal_View'] = 'Normale Ansicht';
 $_['Open_View']   = 'Ansicht im Browser-Fenster';
diff --git a/OneFileCMS.LANG.EN.php b/OneFileCMS.LANG.EN.php
index 2748240..94fe064 100755
--- a/OneFileCMS.LANG.EN.php
+++ b/OneFileCMS.LANG.EN.php
@@ -1,5 +1,5 @@
 <?php
-// OneFileCMS Language Settings v3.4.15
+// OneFileCMS Language Settings v3.4.16
 
 $_['LANGUAGE'] = 'English'; //EN
 $_['LANG'] = 'EN';
@@ -82,7 +82,7 @@
 
 $_['save_1']      = 'Save';
 $_['save_2']      = 'SAVE CHANGES!';
-$_['reset']       = 'Reset - loose changes';
+$_['reset']       = 'Reset';
 $_['Wide_View']   = 'Wide View';
 $_['Normal_View'] = 'Normal View';
 $_['Open_View']   = 'Open/View in browser window';
diff --git a/OneFileCMS.LANG.ES.php b/OneFileCMS.LANG.ES.php
index 8550cf7..2282222 100755
--- a/OneFileCMS.LANG.ES.php
+++ b/OneFileCMS.LANG.ES.php
@@ -1,5 +1,5 @@
 <?php
-// OneFileCMS Language Settings v3.4.15
+// OneFileCMS Language Settings v3.4.16
 
 $_['LANGUAGE'] = 'Espanõla';
 $_['LANG'] = 'ES';
@@ -19,7 +19,7 @@
 $_['front_links_font_size']  = '1.0em';   //Buttons on Index page.
 $_['front_links_margin_L']   = '0.5em';
 $_['button_font_size']       = '0.9em';   //Buttons on Edit page.
-$_['button_margin_L']        = '0.4em';
+$_['button_margin_L']        = '0.7em';
 $_['button_padding']         = '4px 5px';
 $_['image_info_font_size']   = '.95em';   //show_img_msg_01  &  _02
 $_['image_info_pos']         = ' ';       //If 1 or true, moves the info down a line for more space.
@@ -82,7 +82,7 @@
 
 $_['save_1']      = 'Guardar';
 $_['save_2']      = '¡GUARDAR CAMBIOS!';
-$_['reset']       = 'Reiniciar - perder los cambios';
+$_['reset']       = 'Reiniciar';
 $_['Wide_View']   = 'Vista Ampliada';
 $_['Normal_View'] = 'Vista Normal';
 $_['Open_View']   = 'Abrir/Ver en una ventana del navegador';
diff --git a/OneFileCMS.LANG.NL.php b/OneFileCMS.LANG.NL.php
index cbefa62..10895a3 100755
--- a/OneFileCMS.LANG.NL.php
+++ b/OneFileCMS.LANG.NL.php
@@ -1,5 +1,5 @@
 <?php
-// OneFileCMS Language Settings v3.4.15
+// OneFileCMS Language Settings v3.4.16
 
 $_['LANGUAGE'] = 'Dutch (Nederlands)'; //NL
 $_['LANG'] = 'NL';
@@ -18,8 +18,8 @@
 // So, a smaller font or less spacing may be desirable in those places to preserve page layout.
 $_['front_links_font_size']  = '0.8em';   //Buttons on Index page.
 $_['front_links_margin_L']   = '0.4em';
-$_['button_font_size']       = '0.7em';   //Buttons on Edit page.
-$_['button_margin_L']        = '0.5em';
+$_['button_font_size']       = '0.8em';   //Buttons on Edit page.
+$_['button_margin_L']        = '0.7em';
 $_['button_padding']         = '4px 10px';
 $_['image_info_font_size']   = '1em';     //show_img_msg_01  &  _02
 $_['image_info_pos']         = '';        //If 1 or true, moves the info down a line for more space.
@@ -82,7 +82,7 @@
 
 $_['save_1']      = 'Opslaan';
 $_['save_2']      = 'WIJZIGINGEN OPSLAAN!';
-$_['reset']       = 'Reset - wijzingen ongedaan maken';
+$_['reset']       = 'Reset';
 $_['Wide_View']   = 'Wijd Gezichtsveld';
 $_['Normal_View'] = 'Normaal Gezichtsveld';
 $_['Open_View']   = 'Openen/Bekijken in browser venster';
diff --git a/OneFileCMS.LANG.RU.php b/OneFileCMS.LANG.RU.php
index ea3fb4e..201bea8 100755
--- a/OneFileCMS.LANG.RU.php
+++ b/OneFileCMS.LANG.RU.php
@@ -1,5 +1,5 @@
 <?php
-// OneFileCMS Language Settings v3.4.15
+// OneFileCMS Language Settings v3.4.16
 
 $_['LANGUAGE'] = 'Russian'; //RU
 $_['LANG'] = 'RU';
@@ -18,9 +18,9 @@
 // So, a smaller font or less spacing may be desirable in those places to preserve page layout.
 $_['front_links_font_size']  = '0.9em';   //Buttons on Index page.
 $_['front_links_margin_L']   = '0.7em';
-$_['button_font_size']       = '0.7em';   //Buttons on Edit page.
-$_['button_margin_L']        = '0.4em';
-$_['button_padding']         = '4px 10px';
+$_['button_font_size']       = '0.8em';   //Buttons on Edit page.
+$_['button_margin_L']        = '0.7em';
+$_['button_padding']         = '4px 5px';
 $_['image_info_font_size']   = '1em';     //show_img_msg_01  &  _02
 $_['image_info_pos']         = '';        //If 1 or true, moves the info down a line for more space.
 $_['select_all_label_size']  = '.84em';   //Font size of $_['Select_All']
@@ -82,7 +82,7 @@
 
 $_['save_1']      = 'Сохранить';
 $_['save_2']      = 'СОХРАНИТЬ ИЗМЕНЕНИЯ!';
-$_['reset']       = 'Сбросить - до первоначальных настроек';
+$_['reset']       = 'Сбросить';
 $_['Wide_View']   = 'Широкий Обзор';
 $_['Normal_View'] = 'Нормальный Обзор';
 $_['Open_View']   = 'Открыть/Открыть в окне браузера';
diff --git a/onefilecms.php b/onefilecms.php
index f5a3c03..fd8260b 100755
--- a/onefilecms.php
+++ b/onefilecms.php
@@ -1,7 +1,7 @@
 <?php
 // OneFileCMS - github.com/Self-Evident/OneFileCMS
 
-$OFCMS_version = '3.4.15';
+$OFCMS_version = '3.4.16';
 
 /*******************************************************************************
 Except where noted otherwise:
@@ -115,8 +115,8 @@
 
 $config_itypes = "jpg,gif,png,bmp,ico"; //image types to display on edit page.
 // _ftypes & _fclass must have the same number of values. bin is default.
-$config_ftypes = "bin,z,gz,7z,zip,jpg,gif,png,bmp,ico,svg,txt,cvs,css,php,pl ,ini,cfg,conf,log,asp,js ,htm,html,dtd,htaccess";
-$config_fclass = "bin,z,z ,z ,z  ,img,img,img,img,img,svg,txt,txt,css,php,txt,txt,cfg,cfg ,txt,txt,txt,htm,htm ,txt,txt";
+$config_ftypes = "bin,z,gz,7z,zip,jpg,gif,png,bmp,ico,svg,txt,cvs,css,php,pl ,ini,cfg,conf,log,asp,js ,htm,html,dtd,htaccess,markdown";
+$config_fclass = "bin,z,z ,z ,z  ,img,img,img,img,img,svg,txt,txt,css,php,txt,txt,cfg,cfg ,txt,txt,txt,htm,htm ,txt,txt,txt";
 
 $EX = '<b>( ! )</b> '; //EXclaimation point "icon" Used in $message's
 
@@ -130,6 +130,8 @@
 	// < ? php                    //(without the spaces around the ?, of course)
 	// $option1 = "value";
 	// etc...
+
+
 //end CONFIGURABLE INFO ********************************************************
 
 
@@ -138,10 +140,14 @@
 //******************************************************************************
 //System values & setup
 
-//If there is one, include external config file.
+//If specified, include external config file.
 if ( isset($config_file) && is_file($config_file) ) { include($config_file); }
 else { $config_file = ''; } //If not found, clear it.
 
+
+
+
+
 //Requires PHP 5.1, due to changes in some functions.
 //Earliest version the author has for testing is 5.2.8 (50208)
 define('PHP_VERSION_ID_REQUIRED',50100);   //Ex: 5.1.23 is 50123
@@ -225,7 +231,7 @@ function hte($input) { return htmlentities($input, ENT_QUOTES, 'UTF-8'); }//end
 
 function Default_Language() { // ***********************************************
 	global $_;
-// OneFileCMS Language Settings v3.4.15
+// OneFileCMS Language Settings v3.4.16
 
 $_['LANGUAGE'] = 'English'; //EN
 $_['LANG'] = 'EN';
@@ -304,7 +310,7 @@ function Default_Language() { // ***********************************************
 $_['Generate_Hash']  = 'Generate Hash';
 $_['save_1']      = 'Save';
 $_['save_2']      = 'SAVE CHANGES!';
-$_['reset']       = 'Reset - loose changes';
+$_['reset']       = 'Reset';
 $_['Wide_View']   = 'Wide View';
 $_['Normal_View'] = 'Normal View';
 $_['Open_View']   = 'Open/View in browser window';
@@ -992,8 +998,8 @@ function Page_Header(){ //******************************************************
 		<?php echo $OFCMS_version.' ('.hsc($_['on']).'&nbsp;php&nbsp;'.phpversion().')'; ?>
 		
 		<div class="nav">
-			<a href="/" target="_blank"><?php echo $favicon ?>
-			<b><?php echo hte($WEBSITE) ?></b></a>
+			<b><a href="/" target="_blank"><?php echo $favicon ?>
+			<?php echo hte($WEBSITE) ?></a></b>
 			<?php if ($page != "login") { ?>
 			| <a href="<?php echo $ONESCRIPT ?>?p=logout"><?php echo hsc($_['Log_Out']) ?></a>
 			<?php } ?>
@@ -1037,9 +1043,9 @@ function Cancel_Submit_Buttons($submit_label) { //******************************
 	$params = $param1.$param2.'&amp;p='. $_SESSION['recent_pages'][1];
 ?>
 	<p>
-	<input type="button" class="button" id="cancel" value="<?php echo hsc($_['Cancel']) ?>"
-		onclick="parent.location = '<?php echo $ONESCRIPT.$params ?>'">
-	<input type="submit" class="button" id="submitty" value="<?php echo hsc($submit_label);?>" style="margin-left: 1em;">
+	<button type="button" class="button" id="cancel" onclick="parent.location = '<?php echo $ONESCRIPT.$params ?>'">
+		<?php echo hsc($_['Cancel']) ?></button>
+	<button type="submit" class="button" id="submitty" style="margin-left: 1em;"><?php echo hsc($submit_label);?></button>
 <?php
 	//Do not close the <p> tag yet/here. Leave it open for potential content on individual pages.
 }//end Cancel_Submit_Buttons() //***********************************************
@@ -1160,7 +1166,7 @@ function icon_folder($extra = ""){ //**********************************
 	$extra_new = '<g transform="translate(4,6)">'.$circle_plus.'</g>';
 	$extra_z   = '<text x="4" y="12" style="font-size:8pt;font-weight:900;fill:blue ;font-family:Arial;">z</text>';
 
-
+	//The icons
 	$ICONS['bin'] =  '<svg class="icon" version="1.1" width="14" height="16">'.
 		  '<g transform="translate( 0.5,0.5)">'.$one .'</g>'.
 		  '<g transform="translate( 3.5,0.5)">'.$zero.'</g>'.'<g transform="translate( 9.5,0.5)">'.$one .'</g>'.
@@ -1237,20 +1243,16 @@ function Admin_Page() { //******************************************************
 	<h2><?php echo hsc($_['Admin_Options']) ?></h2>
 
 	<span class="admin_buttons">
-	<input type="button" class="button" id="cancel"    value="<?php echo hsc($_['Close']) ?>"
-		onclick="parent.location = '<?php echo $ONESCRIPT.$param1.$params ?>'">
-
-	<input type="button" class="button" id="changepw" value="<?php echo hsc($_['pw_change']) ?>"
-		onclick="parent.location = '<?php echo $ONESCRIPT.$param1.'&amp;p=changepw' ?>'">
-
-	<input type="button" class="button" id="changeun" value="<?php echo hsc($_['un_change']) ?>"
-		onclick="parent.location = '<?php echo $ONESCRIPT.$param1.'&amp;p=changeun' ?>'">
-
-	<input type="button" class="button" id="hash"      value="<?php echo hsc($_['Generate_Hash']) ?>"
-		onclick="parent.location = '<?php echo $ONESCRIPT.$param1.'&amp;p=hash' ?>'">
-
-	<input type="button" class="button" id="editOFCMS" value="<?php echo hsc($_['Edit'].' '.$config_title) ?>"
-		onclick="parent.location = '<?php echo $ONESCRIPT.$edit_params ?>'">
+	<button type="button" class="button" id="cancel"    onclick="parent.location =
+		<?php echo "'".$ONESCRIPT.$param1.$params.'\'">'.hsc($_['Close']) ?></button>
+	<button type="button" class="button" id="changepw"  onclick="parent.location =
+		<?php echo "'".$ONESCRIPT.$param1.'&amp;p=changepw\'">'.hsc($_['pw_change']) ?></button>
+	<button type="button" class="button" id="changeun"  onclick="parent.location =
+		<?php echo "'".$ONESCRIPT.$param1.'&amp;p=changeun\'">'.hsc($_['un_change']) ?></button>
+	<button type="button" class="button" id="hash"      onclick="parent.location =
+		<?php echo "'".$ONESCRIPT.$param1.'&amp;p=hash\'">'.hsc($_['Generate_Hash']) ?></button>
+	<button type="button" class="button" id="editOFCMS" onclick="parent.location =
+		<?php echo "'".$ONESCRIPT.$edit_params.'\'">'.hsc($_['Edit'].' '.$config_title) ?></button>
 	</span>
 
 	<div class="info">
@@ -1581,37 +1583,30 @@ function List_File($file, $type, $f_or_f, $DS, $IS_OFCMS, $HREF_params, $param3)
 	if (in_array($type,$fclasses)) { $icon = $ICONS[$type];}
 	elseif ($type == 'dir')        { $icon = $ICONS['folder']; }
 	else                           { $icon = $ICONS['bin']; } //default
+
+	//File options & info
+	$ren_mov   = '<a href="'.$HREF_params.'&amp;p=rename'.$f_or_f.'" title="'.hsc($_['Ren_Move']).'">'.$ICONS['ren_mov'].'</a>';
+	$copy      = '<a href="'.$HREF_params.'&amp;p=copy'.$f_or_f.'"   title="'.hsc($_['Copy']).'"    >'.$ICONS['copy'].'</a>';
+	$delete    = '<a href="'.$HREF_params.'&amp;p=delete'.$f_or_f.'" title="'.hsc($_['Delete']).'"  >'.$ICONS['delete'].'</a>';
+	$checkbox  = '<div class="ckbox"><INPUT TYPE=checkbox NAME="files[]" VALUE="'.hsc($file).'"></div>';
+	$file_name = '<a href="'.$HREF_params.$param3.'"  title="'.hsc($_['Edit_View']).'">'.$icon.'&nbsp;'.hte($file).$DS.'</a>';
+	$file_size = number_format(filesize($ipath.$file)).' B';
+	$file_time = '<script>FileTimeStamp('.filemtime($ipath.$file).', 1, 0);</script>'; 
+
+	//For directories, don't show file size (which is always 0).
+	if (is_dir($ipath.$file)) { $file_size = ''; }
+
+	//If file is OneFileCMS, only show Copy - don't show Rename, Delete, or checkbox options.
+	if ($IS_OFCMS) { $ren_mov = $delete = $checkbox = ''; }
 ?>
 	<tr>
-		<td class="RCD"><?php 
-		if (!$IS_OFCMS){
-			echo '<a href="'.$HREF_params.'&amp;p=rename'.$f_or_f.'" title="'.hsc($_['Ren_Move']).'">'.$ICONS['ren_mov'].'</a>';
-		} ?>
-		</td>
-		<td class="RCD"><?php
-			echo '<a href="'.$HREF_params.'&amp;p=copy'.$f_or_f.'"   title="'.hsc($_['Copy']).'"    >'.$ICONS['copy'].'</a>' ?>
-		</td>
-		<td class="RCD"><?php 
-		if (!$IS_OFCMS){
-			echo '<a href="'.$HREF_params.'&amp;p=delete'.$f_or_f.'" title="'.hsc($_['Delete']).'"  >'.$ICONS['delete'].'</a>';
-		} ?>
-		</td>
-		<?php if (!$IS_OFCMS){
-			echo '<td class="ckbox"><INPUT TYPE=checkbox NAME="files[]" VALUE="'.hsc($file).'"></td>';
-		}else { echo '<td></td>'; }
-		?>
-		<td class="file_name"><?php
-			echo '<a href="'.$HREF_params.$param3.'"  title="'.hsc($_['Edit_View']).'">';
-			echo $icon.'&nbsp;'.hte($file).$DS.'</a>';
-		 ?></td>
-		<td class="meta_T file_size">&nbsp;<?php
-		if (!is_dir($ipath.$file)) { 
-			echo number_format(filesize($ipath.$file)).' B';
-		}?>
-		</td>
-		<td class="meta_T file_time"> &nbsp;
-			<script>FileTimeStamp(<?php echo filemtime($ipath.$file); ?>, 1, 0);</script>
-		</td>
+		<td class="RCD"><?php echo $ren_mov; ?></td>
+		<td class="RCD"><?php echo $copy;    ?></td>
+		<td class="RCD"><?php echo $delete;  ?></td>
+		<td class=""   ><?php echo $checkbox;?></td>
+		<td class="file_name"       ><?php echo $file_name; ?></td>
+		<td class="meta_T file_size"><?php echo $file_size; ?></td>
+		<td class="meta_T file_time"><?php echo $file_time; ?></td>
 	</tr>
 <?php
 }//end List_File() //***********************************************************
@@ -1710,7 +1705,10 @@ function Index_Page(){ //*******************************************************
 
 
 function Edit_Page_buttons_top($text_editable,$file_ENC){ //********************
-	global $_, $ONESCRIPT, $param1, $filename;
+	global $_, $ONESCRIPT, $param1, $filename, $WIDE_VIEW_WIDTH;
+
+	$attribs = 'type="button" id="wide_view" class="button" onclick="Wide_View();"';
+	$wide_view_button = '<button '.$attribs.'>'.hsc($_['Wide_View']).'</button>';
 
 	//For [Close] button: if came from admin page, return there.
 	$params = $param1;
@@ -1728,11 +1726,9 @@ function Edit_Page_buttons_top($text_editable,$file_ENC){ //********************
 		</div>
 		
 		<div class="buttons_right">
-		<?php if ($text_editable) { ?>
-			<input type="button" id="wide_view" class="button" value="<?php echo hsc($_['Wide_View']) ?>" onclick="Wide_View();">
-		<?php }?>
-			<input type="button" id="close1" class="button" value="<?php echo hsc($_['Close']) ?>"
-				onclick="parent.location = '<?php echo $ONESCRIPT.$params ?>'">
+			<?php if ($text_editable) { echo $wide_view_button; } ?>
+			<button type="button" id="close1" class="button" onclick="parent.location = '<?php echo $ONESCRIPT.$params ?>'">
+				<?php echo hsc($_['Close']) ?></button>
 			<script>document.getElementById('close1').focus();</script>
 		</div>
 		<div class=clear></div>
@@ -1744,32 +1740,27 @@ function Edit_Page_buttons_top($text_editable,$file_ENC){ //********************
 
 
 function Edit_Page_buttons($text_editable, $too_large_to_edit) { //*************
-	global $_, $ONESCRIPT, $param1, $param2, $MAX_IDLE_TIME, $Editing_OFCMS;
-	$Button = '<input type="button" class="button" value="';
-	$ACTION = '" onclick="parent.location = \''.$ONESCRIPT.$param1.$param2.'&amp;p=';
+	global $_, $ICONS, $ONESCRIPT, $param1, $param2, $MAX_IDLE_TIME, $Editing_OFCMS;
 
-	//For [Close] button: if came from admin page, return there.
-	$params = $param1;
-	if ( $_SESSION['admin_page'] ) { $params .= '&amp;p=admin'; }
+	$save_disabled = 'document.getElementById("save_file").disabled = "disabled";';
+	$reset_button = '<input type="button" class="button" value="'.hsc($_['reset']).'" onclick="Reset_File()" id="reset">';
 ?>
 	<div class="edit_btns_bottom">
-	<?php if ($text_editable && !$too_large_to_edit) { //Show save & reset only if editable file ?>
-		<?php echo Timeout_Timer($MAX_IDLE_TIME, 'timer1','timer', 'LOGOUT');
-	  ?><input type="submit" class="button" value="Save"                           onclick="submitted = true;" id="save_file"><?php
-	  ?><input type="button" class="button" value="<?php echo hsc($_['reset']) ?>" onclick="Reset_File()"      id="reset">
-		<script>
-			//Set disabled with js instead of via input attribute in case js is disabled.
-			//Otherwise, if js is disabled, user would be unable to save changes.
-			document.getElementById('save_file').disabled = "disabled";
-			document.getElementById('reset').disabled     = "disabled";
-		</script>
-<?php }
-	//Don't show [Rename] or [Delete] if editing OneFileCMS itself.
-
-	if (!$Editing_OFCMS) { echo $Button.hsc($_['Ren_Move']).$ACTION.'renamefile\'">'; }
-	echo                        $Button.hsc($_['Copy'])    .$ACTION.'copyfile\'">';
-	if (!$Editing_OFCMS) { echo $Button.hsc($_['Delete'])  .$ACTION.'deletefile\'" id="delete">'; }
-	echo                        $Button.hsc($_['Close']).'" onclick="parent.location = \''.$ONESCRIPT.$params.'\'">'
+		<?php if ($text_editable && !$too_large_to_edit) { //Show save & reset only if editable file ?>
+			<?php echo Timeout_Timer($MAX_IDLE_TIME, 'timer1','timer', 'LOGOUT');
+			?><input type="submit" class="button" value="Save" onclick="submitted = true;" id="save_file"><?php
+			echo $reset_button;
+			?><script>
+				<?php echo $save_disabled ?>
+				document.getElementById('reset').disabled = "disabled";
+			</script><?php
+		}//end if editable
+
+		//Don't show [Rename] or [Delete] if editing OneFileCMS itself.
+		$Button = '<button type=button class="button RCD" onclick="parent.location=\''.$ONESCRIPT.$param1.$param2;	
+		if (!$Editing_OFCMS) { echo $Button.'&amp;p=renamefile\'">'.$ICONS['ren_mov'].hsc($_['Ren_Move']).'</button>'; }
+		/*Always show copy*/   echo $Button.'&amp;p=copyfile\'">'  .$ICONS['copy']   .hsc($_['Copy'])    .'</button>';
+		if (!$Editing_OFCMS) { echo $Button.'&amp;p=deletefile\'">'.$ICONS['delete'] .hsc($_['Delete'])  .'</button>'; }
 ?>
 	</div>
 <?php
@@ -1780,7 +1771,7 @@ function Edit_Page_buttons($text_editable, $too_large_to_edit) { //*************
 
 //******************************************************************************
 function Edit_Page_form($ext, $text_editable, $too_large_to_edit, $too_large_to_edit_message){
-	global $_, $ONESCRIPT, $param1, $param2, $param3, $filename, $itypes, $INPUT_NUONCE, $EX,  $raw_contents;
+	global $_, $ONESCRIPT, $param1, $param2, $param3, $filename, $itypes, $INPUT_NUONCE, $EX, $raw_contents;
 ?>
 	<form id="edit_form" name="edit_form" method="post" action="<?php echo $ONESCRIPT.$param1.$param2.$param3 ?>">
 		<?php echo $INPUT_NUONCE; ?>
@@ -2624,6 +2615,7 @@ function Edit_Page_scripts() { //***********************************************
 var File_textarea    = document.getElementById('file_contents');
 var Save_File_button = document.getElementById('save_file');
 var Reset_button     = document.getElementById('reset');
+var focus            = ''; //used by Save_File_button events
 
 if (File_textarea) { var start_value = File_textarea.value; }
 
@@ -2639,14 +2631,15 @@ function Edit_Page_scripts() { //***********************************************
 // The following events only apply when the element is active.
 // [Save] is disabled unless there are changes to the open file.
 Save_File_button.onfocus = function()     { Save_File_button.style.backgroundColor = "rgb(255,250,150)";
-										    Save_File_button.style.borderColor = "#F00"; }
+										    Save_File_button.style.borderColor = "#F00"; focus='save'; }
 Save_File_button.onblur  = function()     { Save_File_button.style.backgroundColor ="#Fee";
-										    Save_File_button.style.borderColor = "#Faa"; }
+										    Save_File_button.style.borderColor = "#Faa"; focus=''; }
 Save_File_button.onmouseover = function() { Save_File_button.style.backgroundColor = "rgb(255,250,150)";
 										    Save_File_button.style.borderColor = "#F00"; }
-Save_File_button.onmouseout  = function() { Save_File_button.style.backgroundColor = "#Fee";
-										    Save_File_button.style.borderColor = "#Faa"; }
-
+Save_File_button.onmouseout  = function() { if (focus!='save') {
+												Save_File_button.style.backgroundColor = "#Fee";
+												Save_File_button.style.borderColor = "#Faa";
+											} }
 
 Main_div.style.width = "<?php echo $current_view ?>"; //Set current width
 
@@ -2803,7 +2796,7 @@ function events_up(event, capture_key) {if (!event) {var event = window.event;}
 document.onmouseup = function(event) {if (!event) {var event = window.event;} //if IE
 	//if mousedown was on submit button, but mouseup wasn't, clear message.
 
-	var target = event.target || event.srcElement //= most brosers || IE
+	var target = event.target || event.srcElement; //target = most brosers || IE
 	if ($submitdown && ($submit_button.id != target.id) ) { $message_box.innerHTML = ''; } 
 	$submitdown = false;
 }
@@ -3098,8 +3091,8 @@ function style_sheet(){ //******************************************************
 	background-color: #EEE;  /*#d4d4d4*/
 	}
 
-.button[disabled] { color: #777; background-color: #EEE; }
-.button:active    { background-color: rgb(245,245,50); }
+.button:active    { background-color: rgb(245,245,50); }                  /*first*/
+.button[disabled] { color: #777; background-color: #EEE; cursor: default} /*second - order matters*/
 
 
 /* --- header --- */
@@ -3254,7 +3247,10 @@ function style_sheet(){ //******************************************************
 	}
 
 .edit_btns_bottom {float: right;}
-.edit_btns_bottom .button { margin-left: .5em; } /*Adjusted by langauge files*/
+.edit_btns_bottom .button { margin-left: .7em; } /*Adjusted by langauge files*/
+.edit_btns_bottom .RCD { padding-left: 5px; padding-right: 6px; }
+.edit_btns_bottom svg  { padding : 0 4px 0 0; }
+
 
 input[type="text"].old_new_name {width  : 50%; margin-bottom: .2em;}
 
@@ -3298,7 +3294,7 @@ function Language_and_config_adjusted_styles() { //*****************************
 .image_info { font-size: <?php echo $_['image_info_font_size'] ?>; }   /*Default 1em*/
 
 .edit_btns_bottom .button {
-	margin-left: <?php echo $_['button_margin_L'] ?>; /*Default .5em*/
+	margin-left: <?php echo $_['button_margin_L'] ?>; /*Default .7em*/
 	}
 	
 #select_all_label { font-size: <?php echo $_['select_all_label_size']?>; } /*Default .84em */
diff --git a/readme.markdown b/readme.markdown
index 6a44345..0856552 100755
--- a/readme.markdown
+++ b/readme.markdown
@@ -1,9 +1,14 @@
 # OneFileCMS
 
-## Current version: 3.4.15
+## Current version: 3.4.16
 
 ## Recent changes
 
+### November 23, 2012 (v3.4.16)
+
+- Added icons to lower buttons on edit page.
+- And a few code tweaks & improvements.
+
 ### November 18, 2012 (v3.4.15)
 
 - Added client-side hashing of passwords.  
@@ -125,7 +130,7 @@ Now, since there is no database or other means of granular control or access log
   (Only tested on versions 5.2.8, 5.2.17, 5.3.3, and 5.4 + )
 - File permission privileges on your host.
 - Javascript enabled browswer.
-- And- but if you wish to see the icons- a browser that supports inline SVG.  
+- And- but only if you wish to see the icons- a browser that supports inline SVG.  
   (If your browser doesn't support inline SVG, OneFileCMS will still work, just without any icons.)
 
 ## License, Credit, Et Cetera  
@@ -143,7 +148,8 @@ Now, since there is no database or other means of granular control or access log
 
 - With Chrome, and possibly Safari, issue with Edit page: Clicking browser [back] & then browser [forward],  with file changed and not saved. On return (after [forward] clicked), file still has changes, but indicators are green (saved/unchanged). Does not affect FF 7+ or IE 8+.
 - Issue with Chrome's XSS filter: Editing some legitimate files with OneFileCMS will trigger the filter and disable much of the javascript provided functionallity, but only while on the edit page with such a file, and only after a [Save].
-- The connection is not encrypted (doesn't use SSL), so passwords & usernames are sent in clear text during login.  However, this is true of most online login systems, unless SSL or the like is employed.
+- The connection is not encrypted (doesn't use SSL), so passwords & usernames are sent in clear text* during login.  However, this is true of most online login systems, unless SSL or the like is employed.  
+  *As of version 3.4.15, a client-side hash of the user's "plain-text" password is now sent to the server.  Yes, the "hash" is still a "plain-text" password as far as the server is concerned, but the user's raw password is now protected.
 - Be aware that only some very basic data & error checking is performed.  (But, it's getting better...)  
 - Anything else?
 

From 1604ac49c7be5821d0ae14bc5a807d75179bc610 Mon Sep 17 00:00:00 2001
From: Self-Evident <selfevidenttruths@mail.com>
Date: Thu, 29 Nov 2012 12:05:00 -0500
Subject: [PATCH 158/228] Version 3.4.17 Added ability to use TinyMCE &
 CKEditor... Added $WYSIWYG_PLUGIN config variable (path to a js file to
 includ() ). Added $WYSIWYG_SOURCE for use in the file $WYSIWYG_PLUGIN. System
 values & setup: Validate $WYSIWYG_PLUGIN & $WYSIWYG_SOURCE. Admin_Page():
 consolidated some <?php echo... ?>'s (actually did this last commit)
 Login_response(): consolidated password validation. Edit_Page_buttons_top():
 If using plugin, don't show [Wide View], Edit_Page_buttons_top(): If using
 plugin, show [Edit WYSIWYG/HTML] toggle button. Edit_Page_buttons(): If using
 plugin, make sure [Save] & [Reset] are active. Edit_Page_buttons(): Changed
 hardcoded 'Save' to its $_[] string. Edit_Page_form(): If using plugin, don't
 load Edit_Page_scripts(). Edit_Page_form(): Added call to
 Edit_Page_buttons_top() Edit_Page_form(): Changed <textarea> id to
 "file_editor". Edit_Page(): Set $WYSIWYG_VALID false if not needed.
 Edit_Page(): Removed call to Edit_Page_buttons_top(). Upload_Page(): Some
 html & css tweakin'. Edit_Page_scripts(): Cooresponding "file_editor" id
 changes, Edit_Page_scripts(): Changed a few .value's to .innerHTML, due to
 changes of some <input>'s to <button>'s. Edit_Page_scripts(): Reset_File()
 returns false if reset cancelled. Main logic section: Set $EDIT_MODE. End of
 file: include $WYSIWYG_PLUGIN.

---
 OFCMS_config.SAMPLE.php   |  10 +-
 OneFileCMS.LANG.DE.php    |  20 ++--
 OneFileCMS.LANG.EN.php    |  22 +++--
 OneFileCMS.LANG.ES.php    |  20 ++--
 OneFileCMS.LANG.NL.php    |  20 ++--
 OneFileCMS.LANG.RU.php    |  20 ++--
 onefilecms.php            | 201 ++++++++++++++++++++++++--------------
 plugins/ckeditor_init.php |  32 ++++++
 plugins/tinymce_init.php  |  76 ++++++++++++++
 readme.markdown           |  42 +++++---
 10 files changed, 325 insertions(+), 138 deletions(-)
 create mode 100755 plugins/ckeditor_init.php
 create mode 100755 plugins/tinymce_init.php

diff --git a/OFCMS_config.SAMPLE.php b/OFCMS_config.SAMPLE.php
index 0c583ed..2ca6973 100755
--- a/OFCMS_config.SAMPLE.php
+++ b/OFCMS_config.SAMPLE.php
@@ -1,9 +1,9 @@
 <?php 
-// OneFileCMS sample external config file.  v3.4.15
+// OneFileCMS sample external config file.  v3.4.17
 // For versions 3.3.15 and later.  (Updated $HASHWORD, removed $PASSWORD & $USE_HASH)
 // (Versions prior to 3.3.06 used an .ini format)
 //
-// Basically, below is just a copy & paste of the OneFileCMS config section.
+// Basically, what follows is just a copy & paste of the OneFileCMS config section.
 
 
 // CONFIGURABLE INFO ***********************************************************
@@ -60,4 +60,8 @@
 	// < ? php                    //(without the spaces around the ?, of course)
 	// $option1 = "value";
 	// etc...
-//end CONFIGURABLE INFO ********************************************************
\ No newline at end of file
+
+//Name of optional external wysiwyg editor (js file). Path is relative to OneFileCMS.
+//$WYSIWYG_INIT   = 'plugins/tinymce-onefilecms_init.ALPHA.3.php';   //Init settings for TinyMCE.
+//$WYSIWYG_SOURCE = 'plugins/tinymce/jscripts/tiny_mce/tiny_mce.js'; //used in $WYSIWYG_INIT
+//end CONFIGURABLE INFO ********************************************************
diff --git a/OneFileCMS.LANG.DE.php b/OneFileCMS.LANG.DE.php
index 76edf46..4bdbf49 100755
--- a/OneFileCMS.LANG.DE.php
+++ b/OneFileCMS.LANG.DE.php
@@ -1,5 +1,5 @@
 <?php
-// OneFileCMS Language Settings v3.4.16
+// OneFileCMS Language Settings v3.4.17
 
 $_['LANGUAGE'] = 'Deutsch';
 $_['LANG'] = 'DE';
@@ -26,6 +26,9 @@
 $_['select_all_label_size']  = '.84em';   //Font size of $_['Select_All']
 $_['select_all_label_width'] = '76px';    //Width of space for $_['Select_All']
 
+$_['HTML']    = 'HTML';    //## NT ##
+$_['WYSIWYG'] = 'WYSIWYG'; //## NT ##
+
 $_['Admin']   = 'Konfiguration';
 $_['bytes']   = 'bytes';
 $_['Cancel']  = 'Abbrechen';
@@ -160,6 +163,8 @@
 $_['upload_err_06'] = 'Fehler 6: Konnte kein temporäres Verzeichnis finden.';
 $_['upload_err_07'] = 'Fehler 7: Die Datei konnte nicht gespeichert werden.';
 $_['upload_err_08'] = 'Fehler 8: Eine PHP-Erweiterung hat das Heraufladen der Datei gestoppt.';
+$_['upload_error_01a'] = ' Fehler beim Heraufladen.  Die Gesamtmenge and heraufgeladenen Daten (in Hauptsache die Datei) überschreitet die post_max_size = ';
+$_['upload_error_01b'] = ' (der php.ini)';
 
 $_['upload_msg_02'] = 'Der Zielordner existiert nicht: ';
 $_['upload_msg_03'] = 'Das Heraufladen wurde abgebrochen.';
@@ -188,14 +193,11 @@
 $_['session_expired'] = 'SITZUNG ABGELAUFEN';
 $_['unload_unsaved']  = '               Nicht gespeicherte Änderungen gehen verloren!';
 $_['confirm_reset']   = 'Soll der Inhalt der Datei zurückgesetzt werden (Änderungen gehen verloren)?';
-
-$_['OFCMS_requires']   = 'OneFileCMS erfordert PHP';
-$_['logout_msg']       = 'Sie wurden erfolgreich abgemeldet.';
-$_['upload_error_01a'] = ' Fehler beim Heraufladen.  Die Gesamtmenge and heraufgeladenen Daten (in Hauptsache die Datei) überschreitet die post_max_size = ';
-$_['upload_error_01b'] = ' (der php.ini)';
-$_['edit_caution_01']  = 'ACHTUNG ';
-$_['edit_caution_02']  = ' Sie bearbeiten gerade die aktive Version von OneFileCMS - Sichern Sie den Code und seien Sie vorsichtig !!';
-$_['time_out_txt']     = 'Automatischer Sitzungsstopp in:';
+$_['OFCMS_requires']  = 'OneFileCMS erfordert PHP';
+$_['logout_msg']      = 'Sie wurden erfolgreich abgemeldet.';
+$_['edit_caution_01'] = 'ACHTUNG ';
+$_['edit_caution_02'] = ' Sie bearbeiten gerade die aktive Version von OneFileCMS - Sichern Sie den Code und seien Sie vorsichtig !!';
+$_['time_out_txt']    = 'Automatischer Sitzungsstopp in:';
 
 $_['error_reporting_01'] = 'Anzeigen von Fehlern ist';
 $_['error_reporting_02'] = 'Loggen von Fehlern ist';
diff --git a/OneFileCMS.LANG.EN.php b/OneFileCMS.LANG.EN.php
index 94fe064..401c0f5 100755
--- a/OneFileCMS.LANG.EN.php
+++ b/OneFileCMS.LANG.EN.php
@@ -1,5 +1,5 @@
 <?php
-// OneFileCMS Language Settings v3.4.16
+// OneFileCMS Language Settings v3.4.17
 
 $_['LANGUAGE'] = 'English'; //EN
 $_['LANG'] = 'EN';
@@ -20,12 +20,15 @@
 $_['front_links_margin_L']   = '1.0em';
 $_['button_font_size']       = '0.9em';   //Buttons on Edit page.
 $_['button_margin_L']        = '0.7em';
-$_['button_padding']         = '4px 10px';
+$_['button_padding']         = '4px 7px';
 $_['image_info_font_size']   = '1em';     //show_img_msg_01  &  _02
 $_['image_info_pos']         = '';        //If 1 or true, moves the info down a line for more space.
 $_['select_all_label_size']  = '.84em';   //Font size of $_['Select_All']
 $_['select_all_label_width'] = '72px';    //Width of space for $_['Select_All']
 
+$_['HTML']    = 'HTML';    //####
+$_['WYSIWYG'] = 'WYSIWYG'; //####
+
 $_['Admin']   = 'Admin';
 $_['bytes']   = 'bytes';   //####
 $_['Cancel']  = 'Cancel';
@@ -160,6 +163,8 @@
 $_['upload_err_06'] = 'Error 6: Missing a temporary folder.';
 $_['upload_err_07'] = 'Error 7: Failed to write file to disk.';
 $_['upload_err_08'] = 'Error 8: A PHP extension stopped the file upload.';
+$_['upload_error_01a'] = 'Upload Error. Total POST data (mostly filesize) exceeded post_max_size =';
+$_['upload_error_01b'] = '(from php.ini)';
 
 $_['upload_msg_02'] = 'Destination folder invalid:';
 $_['upload_msg_03'] = 'Upload cancelled.';
@@ -188,14 +193,11 @@
 $_['session_expired'] = 'SESSION EXPIRED';
 $_['unload_unsaved']  = ' Unsaved changes will be lost!';
 $_['confirm_reset']   = 'Reset file and loose unsaved changes?';
-
-$_['OFCMS_requires']   = 'OneFileCMS requires PHP';
-$_['logout_msg']       = 'You have successfully logged out.';
-$_['upload_error_01a'] = 'Upload Error. Total POST data (mostly filesize) exceeded post_max_size =';
-$_['upload_error_01b'] = '(from php.ini)';
-$_['edit_caution_01']  = 'CAUTION';
-$_['edit_caution_02']  = 'You are editing the active copy of OneFileCMS - BACK IT UP & BE CAREFUL !!';
-$_['time_out_txt']     = 'Session time out in:';
+$_['OFCMS_requires']  = 'OneFileCMS requires PHP';
+$_['logout_msg']      = 'You have successfully logged out.';
+$_['edit_caution_01'] = 'CAUTION';
+$_['edit_caution_02'] = 'You are editing the active copy of OneFileCMS - BACK IT UP & BE CAREFUL !!';
+$_['time_out_txt']    = 'Session time out in:';
 
 $_['error_reporting_01'] = 'Display errors is';
 $_['error_reporting_02'] = 'Log errors is';
diff --git a/OneFileCMS.LANG.ES.php b/OneFileCMS.LANG.ES.php
index 2282222..2635518 100755
--- a/OneFileCMS.LANG.ES.php
+++ b/OneFileCMS.LANG.ES.php
@@ -1,5 +1,5 @@
 <?php
-// OneFileCMS Language Settings v3.4.16
+// OneFileCMS Language Settings v3.4.17
 
 $_['LANGUAGE'] = 'Espanõla';
 $_['LANG'] = 'ES';
@@ -26,6 +26,9 @@
 $_['select_all_label_size']  = '.84em';   //Font size of $_['Select_All']
 $_['select_all_label_width'] = '110px';   //Width of space for $_['Select_All']
 
+$_['HTML']    = 'HTML';    //## NT ##
+$_['WYSIWYG'] = 'WYSIWYG'; //## NT ##
+
 $_['Admin']   = 'Administrador';
 $_['bytes']   = 'bytes';
 $_['Cancel']  = 'Cancelar';
@@ -160,6 +163,8 @@
 $_['upload_err_06'] = 'Error 6: Carpeta temporal no encontrada.';
 $_['upload_err_07'] = 'Error 7: No se pudo guardar el archivo en el disco.';
 $_['upload_err_08'] = 'Error 8: Una extensión de PHP detuvo la subida del archivo.';
+$_['upload_error_01a'] = 'Eror de subida.  Total de datos POST (mayormente el peso del archivo) excedido post_max_size =';
+$_['upload_error_01b'] = '(desde php.ini)';
 
 $_['upload_msg_02'] = 'La carpeta de destino no existe: ';
 $_['upload_msg_03'] = 'Subida cancelada.';
@@ -188,14 +193,11 @@
 $_['session_expired'] = 'SESIÓN TERMINADA';
 $_['unload_unsaved']  = '                 ¡Los cambios no guardados se perderán!';
 $_['confirm_reset']   = '¿Reiniciar el archivo y descartar cambios no guardados?';
-
-$_['OFCMS_requires']   = 'OneFileCMS necesita PHP';
-$_['logout_msg']       = 'Has cerrado la sesión satisfactoriamente.';
-$_['upload_error_01a'] = 'Eror de subida.  Total de datos POST (mayormente el peso del archivo) excedido post_max_size =';
-$_['upload_error_01b'] = '(desde php.ini)';
-$_['edit_caution_01']  = 'PRECAUCIÓN';
-$_['edit_caution_02']  = 'Estás editando la copia activa de OneFileCMS - ¡HACÉ UNA COPIA DE SEGURIDAD Y TENÉ CUIDADO!';
-$_['time_out_txt']     = 'Tiempo de Espera de Sesión Agotado:';
+$_['OFCMS_requires']  = 'OneFileCMS necesita PHP';
+$_['logout_msg']      = 'Has cerrado la sesión satisfactoriamente.';
+$_['edit_caution_01'] = 'PRECAUCIÓN';
+$_['edit_caution_02'] = 'Estás editando la copia activa de OneFileCMS - ¡HACÉ UNA COPIA DE SEGURIDAD Y TENÉ CUIDADO!';
+$_['time_out_txt']    = 'Tiempo de Espera de Sesión Agotado:';
 
 $_['error_reporting_01'] = 'Display errors is'; //## NT ##
 $_['error_reporting_02'] = 'Log errors is'; //## NT ##
diff --git a/OneFileCMS.LANG.NL.php b/OneFileCMS.LANG.NL.php
index 10895a3..4e1d48d 100755
--- a/OneFileCMS.LANG.NL.php
+++ b/OneFileCMS.LANG.NL.php
@@ -1,5 +1,5 @@
 <?php
-// OneFileCMS Language Settings v3.4.16
+// OneFileCMS Language Settings v3.4.17
 
 $_['LANGUAGE'] = 'Dutch (Nederlands)'; //NL
 $_['LANG'] = 'NL';
@@ -26,6 +26,9 @@
 $_['select_all_label_size']  = '.84em';   //Font size of $_['Select_All']
 $_['select_all_label_width'] = '90px';    //Width of space for $_['Select_All']
 
+$_['HTML']    = 'HTML';    //## NT ##
+$_['WYSIWYG'] = 'WYSIWYG'; //## NT ##
+
 $_['Admin']   = 'Beheer';
 $_['bytes']   = 'bytes';
 $_['Cancel']  = 'Annuleren';
@@ -160,6 +163,8 @@
 $_['upload_err_06'] = 'Fout 6: Geen tijdelijke map aanwezig.';
 $_['upload_err_07'] = 'Fout 7: Schrijven van bestand naar opslagmedium mislukt.';
 $_['upload_err_08'] = 'Fout 8: Een PHP extensie heeft de zending van bestanden gestopt.';
+$_['upload_error_01a'] = 'Upload Fout. Totale POST data (meerendeel bestandsgrootte) overschrijdt post_max_size =';
+$_['upload_error_01b'] = '(van php.ini)';
 
 $_['upload_msg_02'] = 'Doelmap ongeldig:';
 $_['upload_msg_03'] = 'Upload geannuleerd.';
@@ -188,14 +193,11 @@
 $_['session_expired'] = 'SESSIE VERLOPEN';
 $_['unload_unsaved']  = 'Niet opgeslagen wijzigen zullen verloren gaan!';
 $_['confirm_reset']   = 'Herstel bestand en verlies niet opgeslagen wijzigingen?';
-
-$_['OFCMS_requires']   = 'OneFileCMS vereist PHP';
-$_['logout_msg']       = 'U bent succesvol afgemeld.';
-$_['upload_error_01a'] = 'Upload Fout. Totale POST data (meerendeel bestandsgrootte) overschrijdt post_max_size =';
-$_['upload_error_01b'] = '(van php.ini)';
-$_['edit_caution_01']  = 'VOORZICHTIG';
-$_['edit_caution_02']  = 'U bent de actieve kopie van OneFileCMS aan het bewerken - MAAK EEN BACK-UP & WEES VOORZICHTIG !!';
-$_['time_out_txt']     = 'Sessie verloopt in:';
+$_['OFCMS_requires']  = 'OneFileCMS vereist PHP';
+$_['logout_msg']      = 'U bent succesvol afgemeld.';
+$_['edit_caution_01'] = 'VOORZICHTIG';
+$_['edit_caution_02'] = 'U bent de actieve kopie van OneFileCMS aan het bewerken - MAAK EEN BACK-UP & WEES VOORZICHTIG !!';
+$_['time_out_txt']    = 'Sessie verloopt in:';
 
 $_['error_reporting_01'] = 'Weergave van fouten is';
 $_['error_reporting_02'] = 'Loggen van fouten is';
diff --git a/OneFileCMS.LANG.RU.php b/OneFileCMS.LANG.RU.php
index 201bea8..dd50235 100755
--- a/OneFileCMS.LANG.RU.php
+++ b/OneFileCMS.LANG.RU.php
@@ -1,5 +1,5 @@
 <?php
-// OneFileCMS Language Settings v3.4.16
+// OneFileCMS Language Settings v3.4.17
 
 $_['LANGUAGE'] = 'Russian'; //RU
 $_['LANG'] = 'RU';
@@ -26,6 +26,9 @@
 $_['select_all_label_size']  = '.84em';   //Font size of $_['Select_All']
 $_['select_all_label_width'] = '72px';    //Width of space for $_['Select_All']
 
+$_['HTML']    = 'HTML';    //## NT ##
+$_['WYSIWYG'] = 'WYSIWYG'; //## NT ##
+
 $_['Admin']   = 'Админка';
 $_['bytes']   = 'байт';
 $_['Cancel']  = 'Отмена';
@@ -160,6 +163,8 @@
 $_['upload_err_06'] = 'Ошибка 6: Отсутствует временная папка.';
 $_['upload_err_07'] = 'Ошибка 7: Не удалось записать файл на диск.';
 $_['upload_err_08'] = 'Ошибка 8: Расширение PHP остановило загрузку файлов.';
+$_['upload_error_01a'] = 'Ошибка при загрузке. Общий объём данных  (размер файла) превысил post_max_size =';
+$_['upload_error_01b'] = '(из php.ini)';
 
 $_['upload_msg_02'] = 'Папка назначения недействительна:';
 $_['upload_msg_03'] = 'Загрузка отменена.';
@@ -188,14 +193,11 @@
 $_['session_expired'] = 'ВРЕМЯ СЕССИИ ИСТЕКЛО';
 $_['unload_unsaved']  = ' Несохраненные изменения будут потеряны!';
 $_['confirm_reset']   = 'Сбросить файл с несохранёнными изменениями?';
-
-$_['OFCMS_requires']   = 'OneFileCMS требует PHP';
-$_['logout_msg']       = 'Вы успешно вышли из системы.';
-$_['upload_error_01a'] = 'Ошибка при загрузке. Общий объём данных  (размер файла) превысил post_max_size =';
-$_['upload_error_01b'] = '(из php.ini)';
-$_['edit_caution_01']  = 'ВНИМАНИЕ';
-$_['edit_caution_02']  = 'Осторожно редактируйте активную копию OneFileCMS - Сделайте резервную копию !!';
-$_['time_out_txt']     = 'Сессия закончится через::';
+$_['OFCMS_requires']  = 'OneFileCMS требует PHP';
+$_['logout_msg']      = 'Вы успешно вышли из системы.';
+$_['edit_caution_01'] = 'ВНИМАНИЕ';
+$_['edit_caution_02'] = 'Осторожно редактируйте активную копию OneFileCMS - Сделайте резервную копию !!';
+$_['time_out_txt']    = 'Сессия закончится через::';
 
 $_['error_reporting_01'] = 'Вывести ошибки в';
 $_['error_reporting_02'] = 'Лог ошибок в';
diff --git a/onefilecms.php b/onefilecms.php
index fd8260b..5d44859 100755
--- a/onefilecms.php
+++ b/onefilecms.php
@@ -1,7 +1,7 @@
 <?php
 // OneFileCMS - github.com/Self-Evident/OneFileCMS
 
-$OFCMS_version = '3.4.16';
+$OFCMS_version = '3.4.17';
 
 /*******************************************************************************
 Except where noted otherwise:
@@ -91,10 +91,10 @@
 $LOGIN_DELAY   = 10;  //In seconds.
 $MAX_IDLE_TIME = 600; //In seconds. 600 = 10 minutes.  Other PHP settings (like gc) may limit its max effective value.
 
-$MAIN_WIDTH    = '800px'; //Width of main <div> defining page layout.          Can be px, pt, em, or %.  Assumes px otherwise.
+$MAIN_WIDTH    = '810px'; //Width of main <div> defining page layout.          Can be px, pt, em, or %.  Assumes px otherwise.
 $WIDE_VIEW_WIDTH = '97%'; //Width to set Edit page if [Wide View] is clicked.  Can be px, pt, em, or %.  Assumes px otherwise.
 				
-$MAX_IMG_W   = 800;  //Max width to display images. (main width is 800)
+$MAX_IMG_W   = 810;  //Max width to display images. (main width is 810)
 $MAX_IMG_H   = 1000; //Max height.  I don't know, it just looks reasonable.
 
 $MAX_EDIT_SIZE = 150000;  // Edit gets flaky with large files in some browsers.  Trial and error your's.
@@ -115,8 +115,8 @@
 
 $config_itypes = "jpg,gif,png,bmp,ico"; //image types to display on edit page.
 // _ftypes & _fclass must have the same number of values. bin is default.
-$config_ftypes = "bin,z,gz,7z,zip,jpg,gif,png,bmp,ico,svg,txt,cvs,css,php,pl ,ini,cfg,conf,log,asp,js ,htm,html,dtd,htaccess,markdown";
-$config_fclass = "bin,z,z ,z ,z  ,img,img,img,img,img,svg,txt,txt,css,php,txt,txt,cfg,cfg ,txt,txt,txt,htm,htm ,txt,txt,txt";
+$config_ftypes = "bin,z,gz,7z,zip,jpg,gif,png,bmp,ico,svg,txt,cvs,css,php,pl ,ini,cfg,conf,log,asp,js ,htm,html,dtd,htaccess,markdown,md";
+$config_fclass = "bin,z,z ,z ,z  ,img,img,img,img,img,svg,txt,txt,css,php,txt,txt,cfg,cfg ,txt,txt,txt,htm,htm ,txt,txt     ,txt     ,txt";
 
 $EX = '<b>( ! )</b> '; //EXclaimation point "icon" Used in $message's
 
@@ -124,14 +124,18 @@
 
 $ACCESS_ROOT = ''; //Restrict access to a particular folder.  Leave empty for $WEB_ROOT (entire website).
 
+//Optional external wysiwyg editor. Paths are relative to OneFileCMS.
+$WYSIWYG_PLUGIN = 'plugins/tinymce_init.php';                      //Init settings.
+$WYSIWYG_SOURCE = 'plugins/tinymce/jscripts/tiny_mce/tiny_mce.js'; //used in $WYSIWYG_PLUGIN
+//$WYSIWYG_PLUGIN = 'plugins/ckeditor_init.php';     //Init settings
+//$WYSIWYG_SOURCE = 'plugins/ckeditor/ckeditor.js';  //used in $WYSIWYG_PLUGIN
+
 //External config file, if there is one.  Any settings in the $config_file will supersede those above.
 //$config_file = 'OFCMS_config.SAMPLE.php';  // Path is relative to OneFileCMS.
 	//Format for external config file is basic php:
 	// < ? php                    //(without the spaces around the ?, of course)
 	// $option1 = "value";
 	// etc...
-
-
 //end CONFIGURABLE INFO ********************************************************
 
 
@@ -144,9 +148,10 @@
 if ( isset($config_file) && is_file($config_file) ) { include($config_file); }
 else { $config_file = ''; } //If not found, clear it.
 
-
-
-
+//If specified, validate $WYSIWYG_PLUGIN & _SOURCE. Actual include is at end of OneFileCMS.
+$WYSIWYG_VALID = 0;
+if ( isset($WYSIWYG_PLUGIN) && is_file($WYSIWYG_PLUGIN) &&
+	 isset($WYSIWYG_SOURCE) && is_file($WYSIWYG_SOURCE) ) { $WYSIWYG_VALID = 1; }
 
 //Requires PHP 5.1, due to changes in some functions.
 //Earliest version the author has for testing is 5.2.8 (50208)
@@ -231,7 +236,7 @@ function hte($input) { return htmlentities($input, ENT_QUOTES, 'UTF-8'); }//end
 
 function Default_Language() { // ***********************************************
 	global $_;
-// OneFileCMS Language Settings v3.4.16
+// OneFileCMS Language Settings v3.4.17
 
 $_['LANGUAGE'] = 'English'; //EN
 $_['LANG'] = 'EN';
@@ -252,11 +257,13 @@ function Default_Language() { // ***********************************************
 $_['front_links_margin_L']   = '1.0em';
 $_['button_font_size']       = '0.9em';   //Buttons on Edit page.
 $_['button_margin_L']        = '0.7em';
-$_['button_padding']         = '4px 10px';
+$_['button_padding']         = '4px 7px';
 $_['image_info_font_size']   = '1em';     //show_img_msg_01  &  _02
 $_['image_info_pos']         = '';        //If 1 or true, moves the info down a line for more space.
 $_['select_all_label_size']  = '.84em';   //Font size of $_['Select_All']
 $_['select_all_label_width'] = '72px';    //Width of space for $_['Select_All']
+$_['HTML']    = 'HTML';    //####
+$_['WYSIWYG'] = 'WYSIWYG'; //####
 $_['Admin']   = 'Admin';
 $_['bytes']   = 'bytes';   //####
 $_['Cancel']  = 'Cancel';
@@ -379,6 +386,8 @@ function Default_Language() { // ***********************************************
 $_['upload_err_06'] = 'Error 6: Missing a temporary folder.';
 $_['upload_err_07'] = 'Error 7: Failed to write file to disk.';
 $_['upload_err_08'] = 'Error 8: A PHP extension stopped the file upload.';
+$_['upload_error_01a'] = 'Upload Error. Total POST data (mostly filesize) exceeded post_max_size =';
+$_['upload_error_01b'] = '(from php.ini)';
 $_['upload_msg_02'] = 'Destination folder invalid:';
 $_['upload_msg_03'] = 'Upload cancelled.';
 $_['upload_msg_04'] = 'Uploading:';
@@ -403,13 +412,11 @@ function Default_Language() { // ***********************************************
 $_['session_expired'] = 'SESSION EXPIRED';
 $_['unload_unsaved']  = ' Unsaved changes will be lost!';
 $_['confirm_reset']   = 'Reset file and loose unsaved changes?';
-$_['OFCMS_requires']   = 'OneFileCMS requires PHP';
-$_['logout_msg']       = 'You have successfully logged out.';
-$_['upload_error_01a'] = 'Upload Error. Total POST data (mostly filesize) exceeded post_max_size =';
-$_['upload_error_01b'] = '(from php.ini)';
-$_['edit_caution_01']  = 'CAUTION';
-$_['edit_caution_02']  = 'You are editing the active copy of OneFileCMS - BACK IT UP & BE CAREFUL !!';
-$_['time_out_txt']     = 'Session time out in:';
+$_['OFCMS_requires']  = 'OneFileCMS requires PHP';
+$_['logout_msg']      = 'You have successfully logged out.';
+$_['edit_caution_01'] = 'CAUTION';
+$_['edit_caution_02'] = 'You are editing the active copy of OneFileCMS - BACK IT UP & BE CAREFUL !!';
+$_['time_out_txt']    = 'Session time out in:';
 $_['error_reporting_01'] = 'Display errors is';
 $_['error_reporting_02'] = 'Log errors is';
 $_['error_reporting_03'] = 'Error reporting is set to';
@@ -1120,11 +1127,11 @@ function icon_txt($border='#333', $lines='#000', $fill='#FFF', $extra1="", $extr
 
 	function icon_folder($extra = ""){ //**********************************
 		return '<svg class="icon" version="1.1" width="18" height="16"><g transform="translate(0,1)">'.
-			'<path  d="M0.5, 1  L8,1  L9,2  L9,3  L16.5,3  L17,3.5  L17,13.5  L.5,13.5  L.5,.5"'.
+			'<path  d="M0.5, 1  L8,1  L9,2  L9,3  L16.5,3  L17,3.5  L17,13.5  L.5,13.5  L.5,.5" '.
 				'fill="#F0CD28" stroke="rgb(200,170,15)" stroke-width="1" />'.
-			'<path  d="M1.5, 8  L7, 8  L8.5,6.3  L16,6.3  L7.5, 6.3   L6.5,7.5  L1.5,7.5"'.
+			'<path  d="M1.5, 8  L7, 8  L8.5,6.3  L16,6.3  L7.5, 6.3   L6.5,7.5  L1.5,7.5" '.
 				'fill="transparent" stroke="white" stroke-width="1" />'.
-			'<path  d="M1.5,13  L1.5,2  L7.5,2  L8.5,3  L8.5,4  L15.5,4 L16,4.5  L16,13"'.
+			'<path  d="M1.5,13  L1.5,2  L7.5,2  L8.5,3  L8.5,4  L15.5,4 L16,4.5  L16,13" '.
 				'fill="transparent" stroke="white" stroke-width="1" />'.
 			$extra.'</g></svg>';
 	}//end icon_folder() //************************************************
@@ -1531,9 +1538,9 @@ function Login_response() { //**************************************************
 	$attempts = 0;
 	$elapsed  = 0;
 
-	//Check for prior failed attempts
+	//Check for prior login attempts (but don't increment count just yet)
 	if (is_file($LOGIN_ATTEMPTS)) {
-		$attempts = (int)file_get_contents($LOGIN_ATTEMPTS); //Don't increment yet...
+		$attempts = (int)file_get_contents($LOGIN_ATTEMPTS);
 		$elapsed  = time() - filemtime($LOGIN_ATTEMPTS);
 	}
 	if ($attempts > 0) { $message .= '<b>'.hsc($_['login_msg_01a']).' '.$attempts.' '.hsc($_['login_msg_01b']).'</b><br>'; }
@@ -1549,18 +1556,17 @@ function Login_response() { //**************************************************
 	$_POST['password'] = trim($_POST['password']);
 	$_POST['username'] = trim($_POST['username']);
 
-	//Validate password.
-	$VALID_PASSWORD = (hashit($_POST['password']) == $HASHWORD);
-
 	//validate login.
 	if ( ($_POST['password'] == "") || ($_POST['username'] == "") )  {
 		return; //Ignore login attempt if either username or password is blank.
-	}elseif ( $VALID_PASSWORD && ($_POST['username'] == $USERNAME) ) {
+		
+	}elseif ( (hashit($_POST['password']) == $HASHWORD) && ($_POST['username'] == $USERNAME) ) {
 		session_regenerate_id(true);
 		$_SESSION['user_agent'] = $_SERVER['HTTP_USER_AGENT']; //for user consistancy check.
 		$_SESSION['valid'] = 1;
 		$page = "index";
 		if ( is_file($LOGIN_ATTEMPTS) ) { unlink($LOGIN_ATTEMPTS); } //delete invalid attempts count file
+		
 	}else{
 		file_put_contents($LOGIN_ATTEMPTS, ++$attempts); //increment attempts
 		$message  = $EX.'<b>'.hsc($_['login_msg_03']).$attempts.'</b><br>';
@@ -1705,14 +1711,30 @@ function Index_Page(){ //*******************************************************
 
 
 function Edit_Page_buttons_top($text_editable,$file_ENC){ //********************
-	global $_, $ONESCRIPT, $param1, $filename, $WIDE_VIEW_WIDTH;
+	global $_, $ONESCRIPT, $param1, $param2, $filename, $WIDE_VIEW_WIDTH, $WYSIWYG_VALID, $EDIT_MODE, $ON_OFF_label;
+
+	//[Edit WYSIWYG] / [Edit HTML] button.
+	$ON_OFF_button    = '';
+	if ($text_editable && $WYSIWYG_VALID) {
+		$set_cookie = "document.cookie='edit_mode=".(!$EDIT_MODE*1)."'; ";
+		$edit_page  = "parent.location='".$ONESCRIPT.$param1.$param2."&p=edit';";
+		$attribs    = 'type=button class=button id=on_off onclick="'.$set_cookie.$edit_page.'"';
+		$ON_OFF_button = '<button '.$attribs.'>'.$_['Edit'].' '.hte($ON_OFF_label).'</button>';
+	}
 
-	$attribs = 'type="button" id="wide_view" class="button" onclick="Wide_View();"';
-	$wide_view_button = '<button '.$attribs.'>'.hsc($_['Wide_View']).'</button>';
+	//[Wide View] / [Normal View] button.
+	$wide_view_button = '';  //Doesn't work with wysiwyg loaded (onclick conflict?).
+	if ($text_editable && !$EDIT_MODE) { 
+		$attribs = 'type="button" id="wide_view" class="button" onclick="Wide_View();"';
+		$wide_view_button = '<button '.$attribs.'>'.hsc($_['Wide_View']).'</button>';
+	}
 
-	//For [Close] button: if came from admin page, return there.
-	$params = $param1;
+	//[Close] button
+	$params = $param1; //If came from admin page, return there.
 	if ( $_SESSION['admin_page'] ) { $params .= '&amp;p=admin'; }
+	$onclick = 'onclick="parent.location = \''.$ONESCRIPT.$params.'\'"';
+	$attribs = 'type="button" id="close1" class="button" '.$onclick;
+	$close_button = '<button '.$attribs.'>'.hsc($_['Close']).'</button>';
 ?>
 	<div class="edit_btns_top">
 		<div class="file_meta">
@@ -1726,9 +1748,9 @@ function Edit_Page_buttons_top($text_editable,$file_ENC){ //********************
 		</div>
 		
 		<div class="buttons_right">
-			<?php if ($text_editable) { echo $wide_view_button; } ?>
-			<button type="button" id="close1" class="button" onclick="parent.location = '<?php echo $ONESCRIPT.$params ?>'">
-				<?php echo hsc($_['Close']) ?></button>
+			<?php echo $wide_view_button; ?>
+			<?php echo $ON_OFF_button; ?>
+			<?php echo $close_button; ?>			
 			<script>document.getElementById('close1').focus();</script>
 		</div>
 		<div class=clear></div>
@@ -1740,26 +1762,36 @@ function Edit_Page_buttons_top($text_editable,$file_ENC){ //********************
 
 
 function Edit_Page_buttons($text_editable, $too_large_to_edit) { //*************
-	global $_, $ICONS, $ONESCRIPT, $param1, $param2, $MAX_IDLE_TIME, $Editing_OFCMS;
+	global $_, $ICONS, $ONESCRIPT, $param1, $param2, $MAX_IDLE_TIME, $Editing_OFCMS, $WYSIWYG_VALID,  $EDIT_MODE;
 
-	$save_disabled = 'document.getElementById("save_file").disabled = "disabled";';
-	$reset_button = '<input type="button" class="button" value="'.hsc($_['reset']).'" onclick="Reset_File()" id="reset">';
+	$disabled = 'disabled';
+	$reset_onlick = 'Reset_File()'; //Reset_File() is in Edit_Page_scripts();
+
+	//If using a WYSIWYG editor, Edit_Page_scripts() aren't loaded.
+	//When so, make sure [Save] & [Reset] are enabled, and [Reset] works.
+	if ($WYSIWYG_VALID && $EDIT_MODE) {
+		$disabled = ''; 
+		$reset_onlick = "confirm('".addslashes($_['confirm_reset'])."')"; 
+	}
+
+	$reset_button = '<input type="reset" class="button" value="'.hsc($_['reset']).'" onclick="return '.$reset_onlick.'" id="reset">';
 ?>
 	<div class="edit_btns_bottom">
-		<?php if ($text_editable && !$too_large_to_edit) { //Show save & reset only if editable file ?>
-			<?php echo Timeout_Timer($MAX_IDLE_TIME, 'timer1','timer', 'LOGOUT');
-			?><input type="submit" class="button" value="Save" onclick="submitted = true;" id="save_file"><?php
+		<?php
+		if ($text_editable && !$too_large_to_edit) { //Show save & reset only if editable file
+			echo Timeout_Timer($MAX_IDLE_TIME, 'timer1','timer', 'LOGOUT');
+			echo '<button type="submit" class="button" onclick="submitted = true;" id="save_file">'.$_['save_1'].'</button>';
 			echo $reset_button;
 			?><script>
-				<?php echo $save_disabled ?>
-				document.getElementById('reset').disabled = "disabled";
+				document.getElementById("save_file").disabled = "<?php echo $disabled ?>";
+				document.getElementById('reset').disabled     = "<?php echo $disabled ?>";
 			</script><?php
 		}//end if editable
-
+		
 		//Don't show [Rename] or [Delete] if editing OneFileCMS itself.
 		$Button = '<button type=button class="button RCD" onclick="parent.location=\''.$ONESCRIPT.$param1.$param2;	
 		if (!$Editing_OFCMS) { echo $Button.'&amp;p=renamefile\'">'.$ICONS['ren_mov'].hsc($_['Ren_Move']).'</button>'; }
-		/*Always show copy*/   echo $Button.'&amp;p=copyfile\'">'  .$ICONS['copy']   .hsc($_['Copy'])    .'</button>';
+		/*Always show Copy*/   echo $Button.'&amp;p=copyfile\'">'  .$ICONS['copy']   .hsc($_['Copy'])    .'</button>';
 		if (!$Editing_OFCMS) { echo $Button.'&amp;p=deletefile\'">'.$ICONS['delete'] .hsc($_['Delete'])  .'</button>'; }
 ?>
 	</div>
@@ -1770,12 +1802,18 @@ function Edit_Page_buttons($text_editable, $too_large_to_edit) { //*************
 
 
 //******************************************************************************
-function Edit_Page_form($ext, $text_editable, $too_large_to_edit, $too_large_to_edit_message){
-	global $_, $ONESCRIPT, $param1, $param2, $param3, $filename, $itypes, $INPUT_NUONCE, $EX, $raw_contents;
+function Edit_Page_form($ext, $text_editable, $too_large_to_edit, $too_large_to_edit_message, $file_ENC){
+	global $_, $ONESCRIPT, $param1, $param2, $param3, $filename, $itypes, $INPUT_NUONCE, $EX, 
+		   $raw_contents, $WYSIWYG_VALID, $EDIT_MODE;
+	
+	$load_Edit_Page_scripts = false; //Don't load if not needed.
 ?>
 	<form id="edit_form" name="edit_form" method="post" action="<?php echo $ONESCRIPT.$param1.$param2.$param3 ?>">
-		<?php echo $INPUT_NUONCE; ?>
 <?php
+		echo $INPUT_NUONCE;
+
+		Edit_Page_buttons_top($text_editable, $file_ENC);
+		
 		if ( !in_array( strtolower($ext), $itypes) ) { //If non-image...
 				
 			if (!$text_editable) { // If non-text file...
@@ -1785,7 +1823,10 @@ function Edit_Page_form($ext, $text_editable, $too_large_to_edit, $too_large_to_
  				echo '<p class="edit_disabled">'.$too_large_to_edit_message.'</p>';
 				
 			}else{
-				if (PHP_VERSION_ID  < 50400) {  // 5.4.0
+				//Load Edit_Page_scripts() only if not in wysiwyg mode.
+				$load_Edit_Page_scripts = ( !$WYSIWYG_VALID || !$EDIT_MODE );
+				
+				if (PHP_VERSION_ID < 50400) { // 5.4.0
 					$filecontents = hsc($raw_contents);
 				}else{
 					$filecontents = htmlspecialchars($raw_contents,ENT_SUBSTITUTE | ENT_QUOTES, 'UTF-8');
@@ -1800,7 +1841,7 @@ function Edit_Page_form($ext, $text_editable, $too_large_to_edit, $too_large_to_
 					echo hsc($_['edit_txt_04']).'<br></pre>';
 				}else{
 					echo '<input type="hidden" name="filename" value="'.hsc($filename).'">';
-					echo '<textarea id="file_contents" name="contents" cols="70" rows="25"';
+					echo '<textarea id="file_editor" name="contents" cols="70" rows="25" ';
 					echo 'onkeyup="Check_for_changes(event);">'.$filecontents.'</textarea>'.PHP_EOL;
 				}
 			}//end if/else non-text file...
@@ -1808,7 +1849,8 @@ function Edit_Page_form($ext, $text_editable, $too_large_to_edit, $too_large_to_
 		
 		Edit_Page_buttons($text_editable, $too_large_to_edit);
 		
-		Edit_Page_scripts();
+		//The Edit_Page_scripts() don't work when TinyMCE is loaded.
+		if ( $load_Edit_Page_scripts ) { Edit_Page_scripts(); }
 ?>	</form>
 <?php
 	if ($text_editable && !$too_large_to_edit && !$bad_chars) { Edit_Page_Notes(); }
@@ -1842,7 +1884,7 @@ function Edit_Page_Notes() { //*************************************************
 
 
 function Edit_Page() { //*******************************************************
-	global $_, $filename, $filecontents, $raw_contents, $etypes, $itypes, $MAX_EDIT_SIZE, $MAX_VIEW_SIZE;
+	global $_, $filename, $filecontents, $raw_contents, $etypes, $itypes, $MAX_EDIT_SIZE, $MAX_VIEW_SIZE, $WYSIWYG_VALID;
 	clearstatcache ();
 
 	//Determine if a text editable file type
@@ -1853,6 +1895,9 @@ function Edit_Page() { //*******************************************************
 	
 	$too_large_to_edit = (filesize($filename) > $MAX_EDIT_SIZE);
 	$too_large_to_view = (filesize($filename) > $MAX_VIEW_SIZE);
+	
+	//Don't load $WYSIWYG_PLUGIN if not needed
+	if (!$text_editable || $too_large_to_edit) {$WYSIWYG_VALID = 0;}
 
 	if ($text_editable && !$too_large_to_view) {
 		$raw_contents = file_get_contents($filename);
@@ -1881,9 +1926,7 @@ function Edit_Page() { //*******************************************************
 	echo hte(basename($filename)).'</a>';
 	echo '</h2>'.PHP_EOL;
 
-	Edit_Page_buttons_top($text_editable, $file_ENC);
-
-	Edit_Page_form($ext, $text_editable, $too_large_to_edit, $too_large_to_edit_message);
+	Edit_Page_form($ext, $text_editable, $too_large_to_edit, $too_large_to_edit_message, $file_ENC);
 	
 	if ( in_array( $ext, $itypes) ) { show_image(); }
 
@@ -1944,9 +1987,9 @@ function Upload_Page() { //*****************************************************
 		echo $INPUT_NUONCE;
 		
 		echo '<div class="action"><LABEL>'.hsc($_['upload_txt_05']).'</LABEL></div>';
-		echo '<div class="action">'; //So <LABEL>'s wrap w/o word breaks if $MAIN_WIDTH is narrow.
-			echo '<LABEL><INPUT TYPE=radio NAME=ifexists VALUE=rename checked> '.hsc($_['upload_txt_06']).'</LABEL>';
-			echo '<LABEL><INPUT TYPE=radio NAME=ifexists VALUE=overwrite     > '.hsc($_['upload_txt_07']).'</LABEL> ';
+		echo '<div class="ren_over">'; //So <LABEL>'s wrap w/o word breaks if $MAIN_WIDTH is narrow.
+			echo '<label><INPUT TYPE=radio NAME=ifexists VALUE=rename checked> '.hsc($_['upload_txt_06']).'</label>';
+			echo '<label><INPUT TYPE=radio NAME=ifexists VALUE=overwrite     > '.hsc($_['upload_txt_07']).'</label>';
 		echo '</div>';
 		
 		echo '<input type="hidden" name="upload_destination" value="'.hsc($ipath).'" ><p>';
@@ -2612,7 +2655,7 @@ function Edit_Page_scripts() { //***********************************************
 <!--======== Provide feedback re: unsaved changes ========-->
 <script>
 
-var File_textarea    = document.getElementById('file_contents');
+var File_textarea    = document.getElementById('file_editor');
 var Save_File_button = document.getElementById('save_file');
 var Reset_button     = document.getElementById('reset');
 var focus            = ''; //used by Save_File_button events
@@ -2644,7 +2687,7 @@ function Edit_Page_scripts() { //***********************************************
 Main_div.style.width = "<?php echo $current_view ?>"; //Set current width
 
 if ( Main_div.style.width == '<?php echo $WIDE_VIEW_WIDTH ?>' ) {
-	Wide_View_button.value = '<?php echo addslashes($_['Normal_View']) ?>';
+	Wide_View_button.innerHTML = '<?php echo addslashes($_['Normal_View']) ?>';
 }
 
 
@@ -2653,11 +2696,11 @@ function Wide_View() {
 	
 	if (Main_div.style.width == '<?php echo $WIDE_VIEW_WIDTH ?>') {
 		Main_div.style.width = main_width_default;
-		Wide_View_button.value = "<?php echo addslashes($_['Wide_View'])?>";
+		Wide_View_button.innerHTML = "<?php echo addslashes($_['Wide_View'])?>";
 		document.cookie = 'edit_view=' + main_width_default;
 	}else{
 		Main_div.style.width = '<?php echo $WIDE_VIEW_WIDTH ?>';
-		Wide_View_button.value = '<?php echo addslashes($_['Normal_View']) ?>';
+		Wide_View_button.innerHTML = '<?php echo addslashes($_['Normal_View']) ?>';
 		document.cookie = 'edit_view=<?php echo $WIDE_VIEW_WIDTH ?>';
 	}
 }
@@ -2670,7 +2713,7 @@ function Reset_file_status_indicators() {
 	Save_File_button.style.borderColor = "";
 	Save_File_button.style.borderWidth = "1px";
 	Save_File_button.disabled = "disabled";
-	Save_File_button.value = "<?php echo addslashes($_['save_1'])?>";
+	Save_File_button.innerHTML = "<?php echo addslashes($_['save_1'])?>";
 	Reset_button.disabled = "disabled";
 }
 
@@ -2712,14 +2755,14 @@ function Check_for_changes(event){
 	var keycode=event.keyCode? event.keyCode : event.charCode;
 	changed = (File_textarea.value != start_value);
 	if (changed){
-		document.getElementById('message_box').innerHTML = " "; // Must have a space, or it won't clear the msg.
+		document.getElementById('message_box').innerHTML = " "; //Must have a space, or it won't clear the msg.
 		File_textarea.style.backgroundColor    = "#Fee";//light red
 		Save_File_button.style.backgroundColor ="#Fee";
 		Save_File_button.style.borderColor = "#Faa";  //less light red
 		Save_File_button.style.borderWidth = "1px";
 		Save_File_button.disabled = "";
 		Reset_button.disabled = "";
-		Save_File_button.value = "<?php echo addslashes($_['save_2'])?>";
+		Save_File_button.innerHTML = "<?php echo addslashes($_['save_2'])?>";
 	}else{
 		Reset_file_status_indicators()
 	}
@@ -2732,7 +2775,7 @@ function Check_for_changes(event){
 //the text stays changed, but "changed" gets set to false, which looses warning.
 function Reset_File() {
 	if (changed) {
-		if ( !(confirm("<?php echo addslashes($_['confirm_reset']) ?>")) ) { return; }
+		if ( !(confirm("<?php echo addslashes($_['confirm_reset']) ?>")) ) { return false; }
 	}
 	File_textarea.value = start_value;
 	Reset_file_status_indicators();
@@ -2930,7 +2973,7 @@ function style_sheet(){ //******************************************************
 
 .container {
 	border : 0px solid #807568;
-	width  : 800px;     /*Adjusted by $MAIN_WIDTH config variable*/
+	width  : 810px;     /*Adjusted by $MAIN_WIDTH config variable*/
 	margin : 0 auto 2em auto;
 	}
 
@@ -3091,7 +3134,7 @@ function style_sheet(){ //******************************************************
 	background-color: #EEE;  /*#d4d4d4*/
 	}
 
-.button:active    { background-color: rgb(245,245,50); }                  /*first*/
+.button:active    { background-color: rgb(245,245,50); }                  /*first                 */
 .button[disabled] { color: #777; background-color: #EEE; cursor: default} /*second - order matters*/
 
 
@@ -3137,7 +3180,7 @@ function style_sheet(){ //******************************************************
 
 .view_file { font: .9em Courier; background-color: #F8F8F8; overflow:hidden}
 
-#file_contents {
+#file_editor {
 	border: 1px solid #999;
 	font  : .9em Courier;
 	margin: 0 0 .7em 0;
@@ -3145,7 +3188,7 @@ function style_sheet(){ //******************************************************
 	height: 32em;
 	}
 
-#file_contents:focus { border: 1px solid #Fdd; }
+#file_editor:focus { border: 1px solid #Fdd; }
 
 .file_meta	{ float: left; margin-top: .6em; font-size: .95em; color: #222; }
 
@@ -3251,7 +3294,6 @@ function style_sheet(){ //******************************************************
 .edit_btns_bottom .RCD { padding-left: 5px; padding-right: 6px; }
 .edit_btns_bottom svg  { padding : 0 4px 0 0; }
 
-
 input[type="text"].old_new_name {width  : 50%; margin-bottom: .2em;}
 
 .old_backup_T {float: left; margin-bottom: .3em;}
@@ -3264,8 +3306,10 @@ function style_sheet(){ //******************************************************
 .C    {color: #006400; border: 1px solid #008400}
 .D    {color: #b00;    border: 1px solid #b00}
 
-.action       {display: inline-block}
-.action label {margin: 0 2em 0 0}
+.action   {display: inline-block}
+.ren_over {display: inline-block}
+.ren_over input {margin: 0 0 0 2em}
+.ren_over label {font-weight: normal}
 </style>
 <?php
 }//end style_sheet() //*********************************************************
@@ -3277,7 +3321,7 @@ function Language_and_config_adjusted_styles() { //*****************************
 	global $_, $MAIN_WIDTH;
 ?>
 <style>
-.container { width: <?php echo $MAIN_WIDTH ?>; } /*Default 800px*/
+.container { width: <?php echo $MAIN_WIDTH ?>; } /*Default 810px*/
 
 .button {
 	padding  : <?php echo $_['button_padding']   ?>; /*Default 4px 10px */
@@ -3329,6 +3373,11 @@ function Language_and_config_adjusted_styles() { //*****************************
 
 if ($_SESSION['valid']) {
 
+	//Set current $EDIT_MODE & text for Edit page [Edit WYSIWIG/HTML] button
+	if ( $WYSIWYG_VALID && isset($_COOKIE['edit_mode']) && ($_COOKIE['edit_mode'] == '1')) {
+		   $EDIT_MODE = '1'; $ON_OFF_label = $_['HTML']; }
+	else { $EDIT_MODE = '0'; $ON_OFF_label = $_['WYSIWYG']; }
+
 	Init_ICONS();
 
 	undo_magic_quotes();
@@ -3408,3 +3457,5 @@ function Language_and_config_adjusted_styles() { //*****************************
 
 echo '</div>'; //end container/login_page
 echo '</body></html>';
+
+if ( ($page == "edit") && $WYSIWYG_VALID && ($EDIT_MODE == 1) ) { include($WYSIWYG_PLUGIN); }
diff --git a/plugins/ckeditor_init.php b/plugins/ckeditor_init.php
new file mode 100755
index 0000000..f4bab3d
--- /dev/null
+++ b/plugins/ckeditor_init.php
@@ -0,0 +1,32 @@
+<?php /*************************************************************************
+Sample code to use the CKEditor with OneFileCMS (as of v3.4.17).
+
+For information on CKEditor, visit ckeditor.com.
+
+Here is a brief how-to:
+(The "plugin" folder used below is not required, or may be named anything you like.)
+
+ 1) Obtain CKEditor.
+
+ 2) Install CKEditor into a folder on your web site. For example: "plugins/".
+
+ 3) From the github.com/Self-Evident/OneFileCMS repo, copy the file 
+    "ckeditor_init.php" into the "plugins/" folder.
+
+ 4) In the configuration section of OneFileCMS, add the following two variables:
+    $WYSIWYG_PLUGIN = 'plugins/ckeditor_init.php';     //Init settings for CKEditor. (This file)
+    $WYSIWYG_SOURCE = 'plugins/ckeditor/ckeditor.js';  //used in $WYSIWYG_PLUGIN
+
+ 5) Include the id of the OneFileCMS textarea, "file_editor", in the CKEDITOR.replace() call (see below).
+
+ 6) In OneFileCMS- open a file for editing, and click [Edit WYSIWIG].
+*****************************************************************************/?>
+
+<script type="text/javascript" src="<?php echo $WYSIWYG_SOURCE ?>"></script>
+<script type="text/javascript">
+	CKEDITOR.replace( 'file_editor',{  //id of desired <textarea>
+		fullPage : true,
+		extraPlugins : 'docprops'
+	});
+</script>
+
diff --git a/plugins/tinymce_init.php b/plugins/tinymce_init.php
new file mode 100755
index 0000000..e8b4ae2
--- /dev/null
+++ b/plugins/tinymce_init.php
@@ -0,0 +1,76 @@
+<?php /*************************************************************************
+Sample code to use the TinyMCE editor with OneFileCMS (as of v3.4.17).
+
+This file is a modified version of "tinymce/examples/full.html", from the tinymce v3.5.7 distribution.
+The "fullpage" plugin has been added, some of the "buttons" have been re-arranged,
+and a few settings added to the end (mostly commented out, but available).
+For information on tinymce, visit tinymce.moxiecode.com.
+
+Here is a brief how-to:
+(The "plugin" folder used below is not required, or may be named anything you like.)
+
+ 1) Obtain TinyMCE.
+
+ 2) Install TinyMCE into a folder on your web site. For example: "plugins/".
+
+ 3) From the github.com/Self-Evident/OneFileCMS repo, copy the file 
+    "tinymce_init.php" into the "plugins/" folder.
+
+ 4) In the configuration section of OneFileCMS, add the following two variables:
+    $WYSIWYG_PLUGIN = 'plugins/tinymce-onefilecms_init.php';           //Init settings for TinyMCE. (This file)
+    $WYSIWYG_SOURCE = 'plugins/tinymce/jscripts/tiny_mce/tiny_mce.js'; //used in $WYSIWYG_PLUGIN
+
+ 5) In OneFileCMS- open a file for editing, and click [Edit WYSIWIG].
+*****************************************************************************/?>
+
+<script type="text/javascript" src="<?php echo $WYSIWYG_SOURCE ?>"></script>
+<script type="text/javascript"> 
+	tinyMCE.init({
+		// General options
+		mode : "textareas",
+		theme : "advanced",
+		
+		plugins : "fullpage,autolink,lists,pagebreak,style,layer,table,save,advhr,advimage,advlink,emotions,iespell,inlinepopups,insertdatetime,preview,media,searchreplace,print,contextmenu,paste,directionality,fullscreen,noneditable,visualchars,nonbreaking,xhtmlxtras,template,wordcount,advlist,autosave,visualblocks",
+		
+		// Theme options
+		theme_advanced_buttons1 : "save,newdocument,preview,print,|,restoredraft,|,removeformat,undo,redo,cut,copy,paste,pastetext,pasteword,|,search,replace,|,visualblocks,visualchars,visualaid,fullscreen,|,styleprops,|,code,|,help,|",
+		theme_advanced_buttons2 : "bold,italic,underline,strikethrough,|,sub,sup,forecolor,backcolor,|,fontselect,fontsizeselect,nonbreaking,charmap,|,insertdate,inserttime,|,emotions,image,|,attribs,fullpage",
+		theme_advanced_buttons3 : "justifyleft,justifycenter,justifyright,justifyfull,|,outdent,indent,bullist,numlist,|,styleselect,formatselect,blockquote,ltr,rtl,|,hr,advhr,|,link,unlink,anchor,|",
+		theme_advanced_buttons4 : "tablecontrols,|,insertlayer,moveforward,movebackward,absolute,|,cite,abbr,acronym,del,ins,|,pagebreak,template,|,cleanup,|",
+		theme_advanced_toolbar_location : "top",
+		theme_advanced_toolbar_align : "left",
+		theme_advanced_statusbar_location : "bottom",
+		theme_advanced_resizing : true,
+		
+		// Example content CSS (should be your site CSS)  //####################
+		//content_css : "css/content.css",
+		
+		// Drop lists for link/image/media/template dialogs
+		template_external_list_url : "lists/template_list.js",
+		external_link_list_url : "lists/link_list.js",
+		external_image_list_url : "lists/image_list.js",
+		media_external_list_url : "lists/media_list.js",
+		
+		// Style formats
+		style_formats : [
+			{title : 'Bold text', inline : 'b'},
+			{title : 'Red text', inline : 'span', styles : {color : '#ff0000'}},
+			{title : 'Red header', block : 'h1', styles : {color : '#ff0000'}},
+			{title : 'Example 1', inline : 'span', classes : 'example1'},
+			{title : 'Example 2', inline : 'span', classes : 'example2'},
+			{title : 'Table styles'},
+			{title : 'Table row 1', selector : 'tr', classes : 'tablerow1'}
+		],
+		
+		//========================
+		//doctype : '<!DOCTYPE html>',
+        //verify_html : false,
+        //verify_css_classes : true,
+        //cleanup : false,
+        //cleanup_on_startup : false,
+		remove_linebreaks : false,
+		//fullpage_default_xml_pi : false,
+		//fullpage_doctypes : 'HTML<!DOCTYPE HTML>',
+		//fullpage_default_doctype : '<!DOCTYPE html>',
+	}); 
+</script>
diff --git a/readme.markdown b/readme.markdown
index 0856552..8c59a19 100755
--- a/readme.markdown
+++ b/readme.markdown
@@ -1,9 +1,26 @@
-# OneFileCMS
-
-## Current version: 3.4.16
+# OneFileCMS Readme
 
 ## Recent changes
 
+### November 29, 2012 (v3.4.17)
+
+- WYSIWYG is here!  
+Due to popular demand (ie: it has been requested more than once), WYSYWIG editors can now be "plugged in" and used with OneFileCMS.  Currently, only [TinyMCE](http://tinymce.moxiecode.com/) and [CKEditor](http://ckeditor.com/) have been tested (and on a very limited scale). Others may work - but I don't know yet.  And, naturally, the inclusion and use of such editors is completely optional, of course.
+
+	**No actual WYSIWYG editors are included with OneFileCMS** - any desired editor must be obtained seperately.
+
+	A brief how-to on using either editor can be found in their respective sample "init" files included in the plugins folder of the OneFileCMS repo. Any suitable init file may be used, as long as the correct path to the editor's javascript source file is specified, and - for CKEditor - the id of the OneFileCMS textarea, "file_editor", must also be specified. 
+
+	Now, while everything seems to work, I have little to no experience using TinyMCE, CKEditor, or any other such application. So, if there is something missing or not working as expected, please let me know (open an "issue" on the Issues page).
+
+	Notes:  
+
+	- These editors have their own, extensive, event controls (responses to key & mouse input), so the OneFileCMS edit page event scripts are not loaded when an editor is in use.  The primary effect is the loss of the file status indicators - [Save] will not change to [SAVE CHANGES!], background color will not change, etc., and any "unsaved changes" alerts are handled by the active editor.  Also, the [Wide View] button will be unavailable.  
+  
+	- The TinyMCE "init" file included in the OneFileCMS repo specifies the use of the TinyMCE "fullpage" plugin, which produces an "unsaved changes" alert every time you exit the Edit page - even if no changes have been made to the file in the editor.  
+
+	- The CKEditor, on the other hand, does not seem to present an alert at all when you leave the editor page - even with unsaved changes.  
+
 ### November 23, 2012 (v3.4.16)
 
 - Added icons to lower buttons on edit page.
@@ -14,10 +31,9 @@
 - Added client-side hashing of passwords.  
   This is primarily a benefit for the user, as it does not really add any security to the server side application that uses it (such as OneFileCMS).  The reason is that this "pre-hash" simply becomes the actual password as far as the server is concerned, and is just as vulnerable to exposure while in transit. However, it does help to protect the user's plain-text password, which may be used elsewhere.  
 
-While a slightly different solution has been used, I want to thank [fermuch](http://github.com/fermuch) for the original idea and solution suggestion.  The reason that first solution was not used was due to its utilization of external files, and due to my (limited) understanding of the usefullness (or lack thereof) of client side hashing - at the time.  Well, after quite a bit of additional reading and consideration, that understanding has evolved a bit, and is summerized above.
-
-- Also added a "please wait..." message while computing the client-side hashes - primarily for a certain browser (and versions that aren't that old) that is MUCH slower than FF or Chrome (by a factor of 37 or more).  Subsequently, the number of iterations for the client-side hashing is quite low (compared to the server side), but still causes a 1 - 2 second delay on the login screen, and a 3 - 6 second delay on the Change Password screen.  On FF and Chrome, the delay is much shorter, almost unnoticable.
+While a slightly different solution has been used, I want to thank [fermuch](http://github.com/fermuch) for the original idea and solution suggestion.  That solution was not used was due to its utilization of external files, and a weak hashing algorithm (sha1), and due to my (limited) understanding of the usefullness (or lack thereof) of client side hashing - at the time.  Well, after quite a bit of additional reading and consideration, that understanding has evolved a bit, and is summerized above.
 
+- Also added a "please wait..." message while computing the client-side hashes - primarily for IE versions < 9, which are MUCH slower than FF or Chrome (by a factor of 37 or more).  Subsequently, the number of iterations for the client-side hashing is quite low (compared to the server side), but still causes a 1 - 2 second delay on the login screen, and a 3 - 6 second delay on the Change Password screen.  On FF and Chrome, however, the delay is much shorter, almost unnoticable.
 
 ### November 12, 2012 (v3.4.14)
 
@@ -80,11 +96,11 @@ Coupling a utilitarian code editor with basic file managing functions, OneFileCM
 
 ## Installation
 
-1) Download the current version from the Download page.  
+1) **Download** the current version from the Download page.  
 
-2) Upload to anywhere on your site.  
+2) **Upload** to anywhere on your site.  
   
-3) Log in to OneFileCMS with the default "username" and "password", and set your own username and password!  
+3) **Log in** to OneFileCMS with the default "username" and "password", and set your own username and password!  
 
 As with any CMS, you may also have to modify the file permissions of your site's folders to allow OneFileCMS to modify and create files.  Check with your host if you're not sure, and be aware of any inherent security concerns.  
 
@@ -94,11 +110,9 @@ You can also change the file name from "onefilecms.php" to something else, such
 
 ## FAQ
 
-### Where's the WYSIWYG? What about syntax highlighting?
-
-WYSWIWYG editors have been requested, but probably won't become standard, as they'd make it more than one file, sort of defeating the whole "OneFile" point. Plus, when working with PHP or non-HTML code, they can be more of a hindrance than an asset.
+### Where's the WYSIWYG?
 
-However, just because I don't want to do it, doesn't mean it's impossible.  Look for the Edit\_Page\_form() function. Its textarea can be modified to work with whatever editor you like. 
+As of version 3.4.17, support for TinyMCE and CKEditor, as optional plugins, has been added.
 
 ### I found something that could be better. Can I suggest it to you?
 
@@ -149,7 +163,7 @@ Now, since there is no database or other means of granular control or access log
 - With Chrome, and possibly Safari, issue with Edit page: Clicking browser [back] & then browser [forward],  with file changed and not saved. On return (after [forward] clicked), file still has changes, but indicators are green (saved/unchanged). Does not affect FF 7+ or IE 8+.
 - Issue with Chrome's XSS filter: Editing some legitimate files with OneFileCMS will trigger the filter and disable much of the javascript provided functionallity, but only while on the edit page with such a file, and only after a [Save].
 - The connection is not encrypted (doesn't use SSL), so passwords & usernames are sent in clear text* during login.  However, this is true of most online login systems, unless SSL or the like is employed.  
-  *As of version 3.4.15, a client-side hash of the user's "plain-text" password is now sent to the server.  Yes, the "hash" is still a "plain-text" password as far as the server is concerned, but the user's raw password is now protected.
+  *As of version 3.4.15, a client-side hash of the user's "plain-text" password is sent to the server.  So, while this client-side hash is still a "plain-text" password as far as the server is concerned, the user's raw password is now protected from immediate exposure.
 - Be aware that only some very basic data & error checking is performed.  (But, it's getting better...)  
 - Anything else?
 

From cfa3f65f5a01eec10401d6acd6178cd2b5b00541 Mon Sep 17 00:00:00 2001
From: David <selfevidenttruths@mail.com>
Date: Thu, 29 Nov 2012 17:30:00 -0500
Subject: [PATCH 159/228] Version 3.4.17 Updated readme.

---
 readme.markdown | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/readme.markdown b/readme.markdown
index 8c59a19..f5a3702 100755
--- a/readme.markdown
+++ b/readme.markdown
@@ -5,17 +5,17 @@
 ### November 29, 2012 (v3.4.17)
 
 - WYSIWYG is here!  
-Due to popular demand (ie: it has been requested more than once), WYSYWIG editors can now be "plugged in" and used with OneFileCMS.  Currently, only [TinyMCE](http://tinymce.moxiecode.com/) and [CKEditor](http://ckeditor.com/) have been tested (and on a very limited scale). Others may work - but I don't know yet.  And, naturally, the inclusion and use of such editors is completely optional, of course.
+Due to popular demand (ie: it has been requested more than once), WYSYWIG editors can now be "plugged in" and used with OneFileCMS.  Currently, only [TinyMCE](http://tinymce.moxiecode.com/) and [CKEditor](http://ckeditor.com/) have been tested (and on a very limited scale). Others may work - but I don't know yet.  And, naturally, the use or inclusion of such editors is completely optional, of course.
 
 	**No actual WYSIWYG editors are included with OneFileCMS** - any desired editor must be obtained seperately.
 
-	A brief how-to on using either editor can be found in their respective sample "init" files included in the plugins folder of the OneFileCMS repo. Any suitable init file may be used, as long as the correct path to the editor's javascript source file is specified, and - for CKEditor - the id of the OneFileCMS textarea, "file_editor", must also be specified. 
+	A brief how-to on using either editor can be found in their respective sample "init" files included in the plugins folder of the OneFileCMS repo. Any suitable init file for a given editor may be used, as long as the correct path to the editor's javascript source file is specified, and - for CKEditor - the id of the OneFileCMS textarea, "file_editor", is also be specified. 
 
 	Now, while everything seems to work, I have little to no experience using TinyMCE, CKEditor, or any other such application. So, if there is something missing or not working as expected, please let me know (open an "issue" on the Issues page).
 
 	Notes:  
 
-	- These editors have their own, extensive, event controls (responses to key & mouse input), so the OneFileCMS edit page event scripts are not loaded when an editor is in use.  The primary effect is the loss of the file status indicators - [Save] will not change to [SAVE CHANGES!], background color will not change, etc., and any "unsaved changes" alerts are handled by the active editor.  Also, the [Wide View] button will be unavailable.  
+	- These editors have their own, extensive, event controls (responses to keyboard & mouse input), so the OneFileCMS edit page event scripts are not loaded when an editor is in use.  The primary effect is the loss of incidental file status indicators - [Save] will not change to [SAVE CHANGES!], background color will not change, etc., and any "unsaved changes" alerts should be handled by the active editor.  Also, the [Wide View] button will be unavailable.  
   
 	- The TinyMCE "init" file included in the OneFileCMS repo specifies the use of the TinyMCE "fullpage" plugin, which produces an "unsaved changes" alert every time you exit the Edit page - even if no changes have been made to the file in the editor.  
 
@@ -31,7 +31,7 @@ Due to popular demand (ie: it has been requested more than once), WYSYWIG editor
 - Added client-side hashing of passwords.  
   This is primarily a benefit for the user, as it does not really add any security to the server side application that uses it (such as OneFileCMS).  The reason is that this "pre-hash" simply becomes the actual password as far as the server is concerned, and is just as vulnerable to exposure while in transit. However, it does help to protect the user's plain-text password, which may be used elsewhere.  
 
-While a slightly different solution has been used, I want to thank [fermuch](http://github.com/fermuch) for the original idea and solution suggestion.  That solution was not used was due to its utilization of external files, and a weak hashing algorithm (sha1), and due to my (limited) understanding of the usefullness (or lack thereof) of client side hashing - at the time.  Well, after quite a bit of additional reading and consideration, that understanding has evolved a bit, and is summerized above.
+	While a slightly different solution has been used, I want to thank [fermuch](http://github.com/fermuch) for the original idea and solution suggestion.  That solution was not used was due to its utilization of external files, and a weak hashing algorithm (sha1), and due to my (limited) understanding of the usefullness (or lack thereof) of client side hashing - at the time.  Well, after quite a bit of additional reading and consideration, that understanding has evolved a bit, and is summerized above.
 
 - Also added a "please wait..." message while computing the client-side hashes - primarily for IE versions < 9, which are MUCH slower than FF or Chrome (by a factor of 37 or more).  Subsequently, the number of iterations for the client-side hashing is quite low (compared to the server side), but still causes a 1 - 2 second delay on the login screen, and a 3 - 6 second delay on the Change Password screen.  On FF and Chrome, however, the delay is much shorter, almost unnoticable.
 
@@ -87,7 +87,7 @@ Coupling a utilitarian code editor with basic file managing functions, OneFileCM
 - All the basic file management features like renaming, moving, copying, deleting, and uploading.
   (For complex processes, like batch renaming or mass uploads, you're going to want to use an FTP program.)
 - A basic text editor.
-- Alerts if you try to leave editing with unsaved changes.
+- WYSIWYG editors may be added as plugins
 - A Login delay after too many invalid login attempts.
 - Adjustable idle time before auto-logout.
 - Easily modifiable & re-brandable.

From e1920877d1db5d04032c4afdd7362ab3451ea162 Mon Sep 17 00:00:00 2001
From: Self-Evident <SelfEvidentTruths@mail.com>
Date: Sun, 2 Dec 2012 18:37:01 -0500
Subject: [PATCH 160/228] Update readme.markdown

---
 readme.markdown | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/readme.markdown b/readme.markdown
index f5a3702..92a395a 100755
--- a/readme.markdown
+++ b/readme.markdown
@@ -2,6 +2,10 @@
 
 ## Recent changes
 
+### December 02, 2012
+
+-  Just a note: there is an issue using a wysiwyg editor when onefilecm.php is in a sub-folder, or related to using the $ACCESS_ROOT option (restricting onefilecms access to a folder).  WYSIWYG seems to otherwise work fine when onefilecms.php is in the root folder of a site.
+
 ### November 29, 2012 (v3.4.17)
 
 - WYSIWYG is here!  
@@ -57,7 +61,7 @@ Due to popular demand (ie: it has been requested more than once), WYSYWIG editor
 #### Language files
 
 - German (Deutsch) courtesy of [codeless](http://github.com/codeless).
-- Spanish (Espan�la) courtesy of [fermuch](http://github.com/fermuch).
+- Spanish (Espan�la) courtesy of [fermuch](http://github.com/fermuch).
 - Dutch (Nederlands) courtesy of [symsec](http://github.com/symsec).  
 - Russian courtesy of [zaykin](https://github.com/zaykin).  
 

From 0040a2aeb7efe6347a9cebc37c1ede3579e5b8ac Mon Sep 17 00:00:00 2001
From: David <selfevidenttruths@mail.com>
Date: Mon, 3 Dec 2012 14:31:47 -0500
Subject: [PATCH 161/228] Version 3.4.18 -(partly) Fixes issue: wysiwyg editors
 not working unlesss onefilecms in root folder. Moved chdir() from
 Session_Startup() to System setup section. Rearranged a few $VARS in the
 System setup section. show_image(): Added $ACCESS_ROOT so image would show.
 Edit_Page(): Added $ACCESS_ROOT to fix filename link. Added ob_start() just
 prior to output of page contents   - saves 1-40 milliseconds per page load!
 (Over the course of my life, I calculated that I will save enough time to
 think:  "Wow - what a waste of time that was...") (...the calculating, not
 the life...) (Also, I'm a slow thinker - so you may get more thoughts out of
 it than I will...)

---
 OneFileCMS.LANG.DE.php |  3 +-
 OneFileCMS.LANG.EN.php |  3 +-
 OneFileCMS.LANG.ES.php |  3 +-
 OneFileCMS.LANG.NL.php |  5 ++-
 OneFileCMS.LANG.RU.php |  5 ++-
 onefilecms.php         | 96 +++++++++++++++++++++++-------------------
 readme.markdown        | 25 +++++------
 7 files changed, 77 insertions(+), 63 deletions(-)

diff --git a/OneFileCMS.LANG.DE.php b/OneFileCMS.LANG.DE.php
index 4bdbf49..65900fb 100755
--- a/OneFileCMS.LANG.DE.php
+++ b/OneFileCMS.LANG.DE.php
@@ -1,5 +1,5 @@
 <?php
-// OneFileCMS Language Settings v3.4.17
+// OneFileCMS Language Settings v3.4.18
 
 $_['LANGUAGE'] = 'Deutsch';
 $_['LANG'] = 'DE';
@@ -53,6 +53,7 @@
 
 $_['Password']   = 'Passwort';
 $_['Rename']     = 'Umbenennen';
+$_['Source']     = 'Source'; //## NT ##
 $_['successful'] = 'Erfolgreich';
 $_['To']         = 'Auf';
 $_['Upload']     = 'Heraufladen';
diff --git a/OneFileCMS.LANG.EN.php b/OneFileCMS.LANG.EN.php
index 401c0f5..8d45f41 100755
--- a/OneFileCMS.LANG.EN.php
+++ b/OneFileCMS.LANG.EN.php
@@ -1,5 +1,5 @@
 <?php
-// OneFileCMS Language Settings v3.4.17
+// OneFileCMS Language Settings v3.4.18
 
 $_['LANGUAGE'] = 'English'; //EN
 $_['LANG'] = 'EN';
@@ -53,6 +53,7 @@
 
 $_['Password']   = 'Password';
 $_['Rename']     = 'Rename';
+$_['Source']     = 'Source';
 $_['successful'] = 'successful';
 $_['To']         = 'To';
 $_['Upload']     = 'Upload';
diff --git a/OneFileCMS.LANG.ES.php b/OneFileCMS.LANG.ES.php
index 2635518..6d89bb7 100755
--- a/OneFileCMS.LANG.ES.php
+++ b/OneFileCMS.LANG.ES.php
@@ -1,5 +1,5 @@
 <?php
-// OneFileCMS Language Settings v3.4.17
+// OneFileCMS Language Settings v3.4.18
 
 $_['LANGUAGE'] = 'Espanõla';
 $_['LANG'] = 'ES';
@@ -53,6 +53,7 @@
 
 $_['Password']   = 'contraseña';
 $_['Rename']     = 'Renombrar';
+$_['Source']     = 'Source'; //## NT ##
 $_['successful'] = 'satisfactoriamente';
 $_['To']         = 'Hacia';
 $_['Upload']     = 'Subir';
diff --git a/OneFileCMS.LANG.NL.php b/OneFileCMS.LANG.NL.php
index 4e1d48d..0e7db47 100755
--- a/OneFileCMS.LANG.NL.php
+++ b/OneFileCMS.LANG.NL.php
@@ -1,7 +1,7 @@
 <?php
-// OneFileCMS Language Settings v3.4.17
+// OneFileCMS Language Settings v3.4.18
 
-$_['LANGUAGE'] = 'Dutch (Nederlands)'; //NL
+$_['LANGUAGE'] = 'Dutch (Nederlands)';
 $_['LANG'] = 'NL';
 
 // If no translation or value is desired for a particular setting, do not delete
@@ -53,6 +53,7 @@
 
 $_['Password']   = 'Wachtwoord';
 $_['Rename']     = 'Hernoemen';
+$_['Source']     = 'Source'; //## NT ##
 $_['successful'] = 'succesvol';
 $_['To']         = 'Aan';
 $_['Upload']     = 'Upload';
diff --git a/OneFileCMS.LANG.RU.php b/OneFileCMS.LANG.RU.php
index dd50235..dbfa0e4 100755
--- a/OneFileCMS.LANG.RU.php
+++ b/OneFileCMS.LANG.RU.php
@@ -1,5 +1,5 @@
 <?php
-// OneFileCMS Language Settings v3.4.17
+// OneFileCMS Language Settings v3.4.18
 
 $_['LANGUAGE'] = 'Russian'; //RU
 $_['LANG'] = 'RU';
@@ -52,7 +52,8 @@
 $_['on']      = 'в';
 
 $_['Password']   = 'Пароль';
-$_['Rename']     = 'Rename';
+$_['Rename']     = 'Rename'; //## NT ##
+$_['Source']     = 'Source'; //## NT ##
 $_['successful'] = 'успешно';
 $_['To']         = 'В';
 $_['Upload']     = 'Загрузить';
diff --git a/onefilecms.php b/onefilecms.php
index 5d44859..6db5cfa 100755
--- a/onefilecms.php
+++ b/onefilecms.php
@@ -1,7 +1,7 @@
 <?php
 // OneFileCMS - github.com/Self-Evident/OneFileCMS
 
-$OFCMS_version = '3.4.17';
+$OFCMS_version = '3.4.18';
 
 /*******************************************************************************
 Except where noted otherwise:
@@ -65,7 +65,7 @@
 ob_start(); //Catch any early output. Closed prior to page output.
 ini_set('session.use_trans_sid', 0);    //make sure URL supplied SESSID's are not used
 ini_set('session.use_only_cookies', 1); //make sure URL supplied SESSID's are not used
-error_reporting(0); //0 for none, or (E_ALL &~ E_STRICT) for trouble-shooting.
+error_reporting(0); //0 for none, or (E_ALL &~ E_STRICT) for trouble-shooting. 
 ini_set('display_errors', 'off');         //Only turn on for trouble-shooting.
 ini_set('log_errors'    , 'off');         //Only turn on for trouble-shooting.
 ini_set('error_log'     , $_SERVER['SCRIPT_FILENAME'].'.ERROR.log');
@@ -85,7 +85,7 @@
 $SALT     = 'somerandomsalt';
 
 //Name of optional external language file.  If file is not found, the built-in defaults will be used.
-//$LANGUAGE_FILE = "OneFileCMS.LANG.EN.php";  //Path is relative to OneFileCMS.
+//$LANGUAGE_FILE = "OneFileCMS.LANG.EN.php";  //Path is relative to root of website
 
 $MAX_ATTEMPTS  = 3;   //Max failed login attempts before LOGIN_DELAY starts.
 $LOGIN_DELAY   = 10;  //In seconds.
@@ -93,7 +93,7 @@
 
 $MAIN_WIDTH    = '810px'; //Width of main <div> defining page layout.          Can be px, pt, em, or %.  Assumes px otherwise.
 $WIDE_VIEW_WIDTH = '97%'; //Width to set Edit page if [Wide View] is clicked.  Can be px, pt, em, or %.  Assumes px otherwise.
-				
+
 $MAX_IMG_W   = 810;  //Max width to display images. (main width is 810)
 $MAX_IMG_H   = 1000; //Max height.  I don't know, it just looks reasonable.
 
@@ -122,16 +122,17 @@
 
 $SESSION_NAME = 'OFCMS'; //Name of session cookie. Change if using multiple copies of OneFileCMS.
 
-$ACCESS_ROOT = ''; //Restrict access to a particular folder.  Leave empty for $WEB_ROOT (entire website).
+//Restrict access to a particular folder.  Leave empty for $WEB_ROOT (entire website).
+$ACCESS_ROOT = '';  //Path is relative to root of website. 
 
-//Optional external wysiwyg editor. Paths are relative to OneFileCMS.
-$WYSIWYG_PLUGIN = 'plugins/tinymce_init.php';                      //Init settings.
-$WYSIWYG_SOURCE = 'plugins/tinymce/jscripts/tiny_mce/tiny_mce.js'; //used in $WYSIWYG_PLUGIN
+//Optional external wysiwyg editor. Paths are relative to root of website.
 //$WYSIWYG_PLUGIN = 'plugins/ckeditor_init.php';     //Init settings
 //$WYSIWYG_SOURCE = 'plugins/ckeditor/ckeditor.js';  //used in $WYSIWYG_PLUGIN
+//$WYSIWYG_PLUGIN = 'plugins/tinymce_init.php';                      //Init settings.
+//$WYSIWYG_SOURCE = 'plugins/tinymce/jscripts/tiny_mce/tiny_mce.js'; //used in $WYSIWYG_PLUGIN
 
 //External config file, if there is one.  Any settings in the $config_file will supersede those above.
-//$config_file = 'OFCMS_config.SAMPLE.php';  // Path is relative to OneFileCMS.
+//$config_file = 'OFCMS_config.SAMPLE.php';  // Path is relative to root of website.
 	//Format for external config file is basic php:
 	// < ? php                    //(without the spaces around the ?, of course)
 	// $option1 = "value";
@@ -144,14 +145,30 @@
 //******************************************************************************
 //System values & setup
 
+$DOC_ROOT  = $_SERVER['DOCUMENT_ROOT'].'/';
+
+chdir($DOC_ROOT); //Allow OneFileCMS.php to be started from any dir on the site.
+
+$INVALID_CHARS = '< > ? * : " | / \\'; //Illegal characters for file & folder names.  Space deliminated.
+$WHSPC_SLASH = "\x00..\x20/";  //Whitespace & forward slash. For trimming file & folder name inputs.
+
 //If specified, include external config file.
 if ( isset($config_file) && is_file($config_file) ) { include($config_file); }
 else { $config_file = ''; } //If not found, clear it.
 
-//If specified, validate $WYSIWYG_PLUGIN & _SOURCE. Actual include is at end of OneFileCMS.
-$WYSIWYG_VALID = 0;
+//If specified, cleanup & validate $WYSIWYG_PLUGIN & _SOURCE. Actual include is at end of OneFileCMS.
+$WYSIWYG_PLUGIN = $DOC_ROOT.trim($WYSIWYG_PLUGIN, $WHSPC_SLASH);
+$WYSIWYG_SOURCE = '/'.trim($WYSIWYG_SOURCE, $WHSPC_SLASH);
+$WYSIWYG_VALID = 0; //Default to invalid.
 if ( isset($WYSIWYG_PLUGIN) && is_file($WYSIWYG_PLUGIN) &&
-	 isset($WYSIWYG_SOURCE) && is_file($WYSIWYG_SOURCE) ) { $WYSIWYG_VALID = 1; }
+	 isset($WYSIWYG_SOURCE) && is_file($DOC_ROOT.$WYSIWYG_SOURCE) ) { $WYSIWYG_VALID = 1; }
+
+//Clean up, validate, and limit access to the folder $ACCESS_ROOT.
+if (!isset($ACCESS_ROOT)) { $ACCESS_ROOT = ''; }
+$ACCESS_ROOT = Check_path($ACCESS_ROOT);
+if (!is_dir($ACCESS_ROOT)) { $ACCESS_ROOT=''; }
+if ($ACCESS_ROOT != '') { chdir($ACCESS_ROOT); }
+
 
 //Requires PHP 5.1, due to changes in some functions.
 //Earliest version the author has for testing is 5.2.8 (50208)
@@ -182,15 +199,9 @@
 
 $TO_WARNING = 120; //seconds. When idle time remaining is less than this value, $timeout_warning is displayed
 
-//Clean up & validate $ACCESS_ROOT.
-$ACCESS_ROOT = Check_path($ACCESS_ROOT);
-if (!is_dir($ACCESS_ROOT)) {$ACCESS_ROOT='';}
-if (!$ACCESS_ROOT == '') {$ACCESS_ROOT .= '/';}
-
-$ONESCRIPT   = URLencode_path($_SERVER['SCRIPT_NAME']); //Used for URL's
-$DOC_ROOT    = $_SERVER['DOCUMENT_ROOT'].'/';
-$WEB_ROOT    = URLencode_path(basename($DOC_ROOT)).'/'.$ACCESS_ROOT;
-$WEBSITE     = $_SERVER['HTTP_HOST'].'/';
+$ONESCRIPT = URLencode_path($_SERVER['SCRIPT_NAME']); //Used for URL's
+$WEB_ROOT  = URLencode_path(basename($DOC_ROOT)).'/'.$ACCESS_ROOT;
+$WEBSITE   = $_SERVER['HTTP_HOST'].'/';
 
 $ONESCRIPT_file   = $_SERVER['SCRIPT_FILENAME'];  //Non-url use
 $ONESCRIPT_path   = dirname($ONESCRIPT_file).'/'; //Non-url use //Do not use dir_name().
@@ -204,9 +215,6 @@
 
 $VALID_PAGES = array("login","logout","admin","hash","changepw","changeun","index","edit","upload","uploaded","newfile","renamefile","copyfile","deletefile","deletefolder","newfolder","renamefolder","copyfolder","mcdaction");
 
-$INVALID_CHARS = '< > ? * : " | / \\'; //Illegal characters for file & folder names.  Space deliminated.
-$WHSPC_SLASH = "\x00..\x20/";  //Whitespace & forward slash. For trimming file & folder name inputs.
-
 //Make arrays out of a few $config_variables for actual use later.
 //First, remove spaces and make lowercase.
 $SHOWALLFILES = $stypes = false;
@@ -236,9 +244,9 @@ function hte($input) { return htmlentities($input, ENT_QUOTES, 'UTF-8'); }//end
 
 function Default_Language() { // ***********************************************
 	global $_;
-// OneFileCMS Language Settings v3.4.17
+// OneFileCMS Language Settings v3.4.18
 
-$_['LANGUAGE'] = 'English'; //EN
+$_['LANGUAGE'] = 'English';
 $_['LANG'] = 'EN';
 
 // If no translation or value is desired for a particular setting, do not delete
@@ -287,6 +295,7 @@ function Default_Language() { // ***********************************************
 $_['on']      = 'on';
 $_['Password']   = 'Password';
 $_['Rename']     = 'Rename';
+$_['Source']     = 'Source';  //#### 
 $_['successful'] = 'successful';
 $_['To']         = 'To';
 $_['Upload']     = 'Upload';
@@ -461,7 +470,7 @@ function Default_Language() { // ***********************************************
 
 
 function Session_Startup() { //*************************************************
-	global $SESSION_NAME, $page, $VALID_POST, $DOC_ROOT, $ACCESS_ROOT;
+	global $SESSION_NAME, $page, $VALID_POST;
 
 	$limit    = 0; //0 = session.
 	$path     = '';
@@ -486,9 +495,6 @@ function Session_Startup() { //*************************************************
 	if ( $_SESSION['valid'] ) { Verify_IDLE_POST_etc(); }
 
 	$_SESSION['nuonce'] = sha1(mt_rand().microtime()); //provided in <forms> to verify POST
-
-	//Allow OneFileCMS.php to be started from any dir on the site.
-	chdir($DOC_ROOT.$ACCESS_ROOT); //Limit access to the folder $ACCESS_ROOT.
 }//end Session_Startup() //*****************************************************
 
 
@@ -506,6 +512,7 @@ function Verify_IDLE_POST_etc() { //********************************************
 		if ( $idle_time > $MAX_IDLE_TIME ) {
 			Logout();
 			$message .= hsc($_['verify_msg_01']).'<br>';
+			return;
 		}
 	}
 
@@ -551,7 +558,7 @@ function Error_reporting_and_early_output($show_status = 0, $show_types = 0) {//
 	$E_level = error_reporting();
 	$E_types = '';
 	$spc = ' &nbsp; '; // or '<br>' or PHP_EOL or whatever...
-	if ( $E_level &     1 ) { $E_types  = 'E_ERROR'            .$spc; }
+	if ( $E_level &     1 ) { $E_types .= 'E_ERROR'            .$spc; }
 	if ( $E_level &     2 ) { $E_types .= 'E_WARNING'          .$spc; }
 	if ( $E_level &     4 ) { $E_types .= 'E_PARSE'            .$spc; }
 	if ( $E_level &     8 ) { $E_types .= 'E_NOTICE'           .$spc; }
@@ -606,6 +613,7 @@ function Update_Recent_Pages() { //*********************************************
 	global $page;
 
 	if (!isset($_SESSION['recent_pages'])) { $_SESSION['recent_pages'] = array($page); }
+
 	$pages = count($_SESSION['recent_pages']);
 
 	//Only update if actually a new page
@@ -617,7 +625,6 @@ function Update_Recent_Pages() { //*********************************************
 	//Only need 3 most recent pages (increase if needed)
 	if ($pages > 3) { array_pop($_SESSION['recent_pages']); }
 
-
 }//end Update_Recent_Pages() //*************************************************
 
 
@@ -1061,7 +1068,7 @@ function Cancel_Submit_Buttons($submit_label) { //******************************
 
 
 function show_image(){ //*******************************************************
-	global $_, $filename, $MAX_IMG_W, $MAX_IMG_H;
+	global $_, $filename, $MAX_IMG_W, $MAX_IMG_H, $ACCESS_ROOT;
 	
 	$IMG = $filename;
 	$img_info = getimagesize($IMG);
@@ -1082,8 +1089,8 @@ function show_image(){ //*******************************************************
 	echo hsc($_['show_img_msg_01']).round($SCALE*100).
 		 hsc($_['show_img_msg_02']).' '.$img_info[0].' x '.$img_info[1].').</p>';
 	echo '<div class=clear></div>'.PHP_EOL;
-	echo '<a  href="/'.URLencode_path($IMG).'" target="_blank">'.PHP_EOL;
-	echo '<img src="/'.URLencode_path($IMG).'" width="'.($img_info[$W] * $SCALE).'"></a>'.PHP_EOL;
+	echo '<a  href="/'.URLencode_path($ACCESS_ROOT.$IMG).'" target="_blank">'.PHP_EOL;
+	echo '<img src="/'.URLencode_path($ACCESS_ROOT.$IMG).'" width="'.($img_info[$W] * $SCALE).'"></a>'.PHP_EOL;
 }//end show_image() //**********************************************************
 
 
@@ -1674,7 +1681,7 @@ function Index_Page(){ //*******************************************************
 
 	$full_list = Sort_Seperate($ipath, scandir('./'.$ipath));
 	$file_count = count($full_list);
-	
+
 	echo '<form method="post" name="mcdselect" action="'.$ONESCRIPT.$param1.'&amp;p=mcdaction">';
 	echo '<input type="hidden" name="mcdaction" value="">';
 
@@ -1823,7 +1830,8 @@ function Edit_Page_form($ext, $text_editable, $too_large_to_edit, $too_large_to_
  				echo '<p class="edit_disabled">'.$too_large_to_edit_message.'</p>';
 				
 			}else{
-				//Load Edit_Page_scripts() only if not in wysiwyg mode.
+				//Load Edit_Page_scripts() only if not in wysiwyg mode and an editable file.
+				//They don't work when a wysiwyg editor is loaded. (loaded after </form>)
 				$load_Edit_Page_scripts = ( !$WYSIWYG_VALID || !$EDIT_MODE );
 				
 				if (PHP_VERSION_ID < 50400) { // 5.4.0
@@ -1848,11 +1856,10 @@ function Edit_Page_form($ext, $text_editable, $too_large_to_edit, $too_large_to_
 		}//end if non-image
 		
 		Edit_Page_buttons($text_editable, $too_large_to_edit);
-		
-		//The Edit_Page_scripts() don't work when TinyMCE is loaded.
-		if ( $load_Edit_Page_scripts ) { Edit_Page_scripts(); }
 ?>	</form>
 <?php
+	if ( $load_Edit_Page_scripts ) { Edit_Page_scripts(); }
+
 	if ($text_editable && !$too_large_to_edit && !$bad_chars) { Edit_Page_Notes(); }
 }//end Edit_Page_form() //******************************************************
 
@@ -1884,7 +1891,7 @@ function Edit_Page_Notes() { //*************************************************
 
 
 function Edit_Page() { //*******************************************************
-	global $_, $filename, $filecontents, $raw_contents, $etypes, $itypes, $MAX_EDIT_SIZE, $MAX_VIEW_SIZE, $WYSIWYG_VALID;
+	global $_, $filename, $filecontents, $raw_contents, $etypes, $itypes, $MAX_EDIT_SIZE, $MAX_VIEW_SIZE, $WYSIWYG_VALID, $ACCESS_ROOT;
 	clearstatcache ();
 
 	//Determine if a text editable file type
@@ -1922,7 +1929,7 @@ function Edit_Page() { //*******************************************************
 	echo '<style>#message_box { min-height: 1.88em; }</style>';
 
 	echo '<h2 id="edit_header">'.$header2.' ';
-	echo '<a class="h2_filename" href="/'.URLencode_path($filename).'" target="_blank" title="'.$_['Open_View'].'">';
+	echo '<a class="h2_filename" href="/'.URLencode_path($ACCESS_ROOT.$filename).'" target="_blank" title="'.$_['Open_View'].'">';
 	echo hte(basename($filename)).'</a>';
 	echo '</h2>'.PHP_EOL;
 
@@ -2609,7 +2616,7 @@ function Select_All() {
 		$select_all_label.innerHTML = '<?php echo addslashes($_['Select_All']) ?>';
 	}
 
-	//Start x at 1 as files[0] is a dummy <input> used to force an array even if only one file.
+	//Start x at 1 as files[0] is a dummy <input> used to force an array even if only one file is in a folder.
 	for (var x = 1; x < last ; x++) { files[x].checked = select_all.checked; }
 }
 
@@ -3375,7 +3382,7 @@ function Language_and_config_adjusted_styles() { //*****************************
 
 	//Set current $EDIT_MODE & text for Edit page [Edit WYSIWIG/HTML] button
 	if ( $WYSIWYG_VALID && isset($_COOKIE['edit_mode']) && ($_COOKIE['edit_mode'] == '1')) {
-		   $EDIT_MODE = '1'; $ON_OFF_label = $_['HTML']; }
+		   $EDIT_MODE = '1'; $ON_OFF_label = $_['Source']; }
 	else { $EDIT_MODE = '0'; $ON_OFF_label = $_['WYSIWYG']; }
 
 	Init_ICONS();
@@ -3412,6 +3419,7 @@ function Language_and_config_adjusted_styles() { //*****************************
 //Output page contents
 //******************************************************************************
 $early_output = ob_get_clean(); // Should be blank unless trouble-shooting.
+ob_start();
 header('Content-type: text/html; charset=UTF-8');
 ?>
 <!DOCTYPE html>
diff --git a/readme.markdown b/readme.markdown
index 92a395a..0428a96 100755
--- a/readme.markdown
+++ b/readme.markdown
@@ -2,6 +2,12 @@
 
 ## Recent changes
 
+### December 03, 2012 (v3.4.18)
+
+Of course, everything comes with a price (exacerbated by my apparent lack of testing...)
+
+- Anyway, the current release partly fixes an issue when trying to use a wysiwyg editor with onefilecms.php installed in a sub-folder of a site.  The issue is - it didn't work.  Now it does - mostly. However, there is still an issue using wysiwyg editors if the $ACCESS_ROOT variable is set to anything but blank (root).
+
 ### December 02, 2012
 
 -  Just a note: there is an issue using a wysiwyg editor when onefilecm.php is in a sub-folder, or related to using the $ACCESS_ROOT option (restricting onefilecms access to a folder).  WYSIWYG seems to otherwise work fine when onefilecms.php is in the root folder of a site.
@@ -35,10 +41,10 @@ Due to popular demand (ie: it has been requested more than once), WYSYWIG editor
 - Added client-side hashing of passwords.  
   This is primarily a benefit for the user, as it does not really add any security to the server side application that uses it (such as OneFileCMS).  The reason is that this "pre-hash" simply becomes the actual password as far as the server is concerned, and is just as vulnerable to exposure while in transit. However, it does help to protect the user's plain-text password, which may be used elsewhere.  
 
-	While a slightly different solution has been used, I want to thank [fermuch](http://github.com/fermuch) for the original idea and solution suggestion.  That solution was not used was due to its utilization of external files, and a weak hashing algorithm (sha1), and due to my (limited) understanding of the usefullness (or lack thereof) of client side hashing - at the time.  Well, after quite a bit of additional reading and consideration, that understanding has evolved a bit, and is summerized above.
-
 - Also added a "please wait..." message while computing the client-side hashes - primarily for IE versions < 9, which are MUCH slower than FF or Chrome (by a factor of 37 or more).  Subsequently, the number of iterations for the client-side hashing is quite low (compared to the server side), but still causes a 1 - 2 second delay on the login screen, and a 3 - 6 second delay on the Change Password screen.  On FF and Chrome, however, the delay is much shorter, almost unnoticable.
 
+- I want to thank [fermuch](http://github.com/fermuch) for the client-side hashing suggestion.  While a somewhat different approach was ultlimately employed, his original solution provided the insight needed to approach the idea in general.
+
 ### November 12, 2012 (v3.4.14)
 
 - Courtesy of [Fuchur777](github.com/Fuchur777), added option to restrict OneFileCMS to a specified folder (and it's sub-folders).
@@ -54,16 +60,6 @@ Due to popular demand (ie: it has been requested more than once), WYSYWIG editor
 - Thanks to [symsec](http://github.com/symsec) for the Dutch (Nederlands) language file!
 - Otherwise, mostly some incidental code improvements and cleanup.
 
-### October 21, 2012 (v3.4.12)
-
-- On the Upload Page, added an option to select either automatic rename or overwrite of pre-existing files.
-
-#### Language files
-
-- German (Deutsch) courtesy of [codeless](http://github.com/codeless).
-- Spanish (Espan�la) courtesy of [fermuch](http://github.com/fermuch).
-- Dutch (Nederlands) courtesy of [symsec](http://github.com/symsec).  
-- Russian courtesy of [zaykin](https://github.com/zaykin).  
 
 --------------------------------------------------------------------------------
 
@@ -132,6 +128,11 @@ Well, because "OneFileCMS" sounds way cooler (relatively speaking) than "OneFile
 
 Yes!  Currently, English (EN), German (DE), Spanish (ES), Dutch (NL), and Russian (RU) are available.
 
+- German (Deutsch) courtesy of [codeless](http://github.com/codeless).
+- Spanish (Espan�la) courtesy of [fermuch](http://github.com/fermuch).
+- Dutch (Nederlands) courtesy of [symsec](http://github.com/symsec).  
+- Russian courtesy of [zaykin](https://github.com/zaykin).  
+
 If you speak another language and would like to contribute, translations are welcomed and appreciated!  Just use the English language file (or any of the others) as a template, and translate each word, phrase, etc., as appropriate.
 
 ### Can I have more than one username/password?

From d5df8b6a46ed56e2176f6c724d6f500e8349f528 Mon Sep 17 00:00:00 2001
From: Self-Evident <selfevidenttruths@mail.com>
Date: Wed, 12 Dec 2012 02:00:00 -0500
Subject: [PATCH 162/228] Version 3.4.19 Removed $ACCESS_ROOT - for now, until
 a few issues can be resolved. Removed $WYSIWYG_SOURCE - info now simply
 provided directly in <editor>_init.php Turned System setup section into the
 System_Setup() function. Added a couple of types to $config_etypes, _ftypes,
 & _fclass. Stopped URL encoding $WEB_ROOT - it's not used in URL's, only used
 for display. Tweaked a couple $ONESCRIPT & $CONFIG_ system vars. Created
 Validate_params(); Seperated out some checks from Get_GET().
 Verify_Page_Conditions(): Moved check if editing OFCMS to Validate_params().
 Page_Header(): php echo everything, instead of jumping in & out of <?php ?>.
 Main logic: Moved $Editing_OFCMS to Validate_params(); Added linked "(on php
 N.n.n)" to open phpinfo() in a new window. ?p=serverinfo. Minor change to
 $_['edit_note_01a']

---
 OFCMS_config.SAMPLE.php   |  44 +++--
 OneFileCMS.LANG.EN.php    |  22 +--
 OneFileCMS.LANG.NL.php    |   4 +-
 OneFileCMS_structure.txt  |  12 +-
 onefilecms.php            | 332 ++++++++++++++++++++------------------
 plugins/ckeditor_init.php |  14 +-
 plugins/tinymce_init.php  |  21 +--
 readme.markdown           |  49 ++++--
 8 files changed, 267 insertions(+), 231 deletions(-)

diff --git a/OFCMS_config.SAMPLE.php b/OFCMS_config.SAMPLE.php
index 2ca6973..fd3d8fa 100755
--- a/OFCMS_config.SAMPLE.php
+++ b/OFCMS_config.SAMPLE.php
@@ -1,10 +1,10 @@
 <?php 
-// OneFileCMS sample external config file.  v3.4.17
-// For versions 3.3.15 and later.  (Updated $HASHWORD, removed $PASSWORD & $USE_HASH)
-// (Versions prior to 3.3.06 used an .ini format)
+// OneFileCMS - github.com/Self-Evident/OneFileCMS
+// v3.4.19
+// Sample external config file.
 //
-// Basically, what follows is just a copy & paste of the OneFileCMS config section.
-
+// Basically, what follows is just a copy & paste of the OneFileCMS config section,
+// except $config_file is not included.
 
 // CONFIGURABLE INFO ***********************************************************
 $config_title = "OneFileCMS";
@@ -15,16 +15,17 @@
 $SALT     = 'somerandomsalt';
 
 //Name of optional external language file.  If file is not found, the built-in defaults will be used.
-//$LANGUAGE_FILE = "OneFileCMS.LANG.EN.php";  //Path is relative to OneFileCMS.
+//Path can be absolute to the filesystem, or relative to root of website - if chdir($DOC_ROOT). (current method)
+//$LANGUAGE_FILE = "OneFileCMS.LANG.EN.php";
 
 $MAX_ATTEMPTS  = 3;   //Max failed login attempts before LOGIN_DELAY starts.
 $LOGIN_DELAY   = 10;  //In seconds.
 $MAX_IDLE_TIME = 600; //In seconds. 600 = 10 minutes.  Other PHP settings (like gc) may limit its max effective value.
 
-$MAIN_WIDTH    = '800px'; //Width of main <div> defining page layout.          Can be px, pt, em, or %.  Assumes px otherwise.
+$MAIN_WIDTH    = '810px'; //Width of main <div> defining page layout.          Can be px, pt, em, or %.  Assumes px otherwise.
 $WIDE_VIEW_WIDTH = '97%'; //Width to set Edit page if [Wide View] is clicked.  Can be px, pt, em, or %.  Assumes px otherwise.
-				
-$MAX_IMG_W   = 800;  //Max width to display images. (main width is 800)
+
+$MAX_IMG_W   = 810;  //Max width to display images. (main width is 810)
 $MAX_IMG_H   = 1000; //Max height.  I don't know, it just looks reasonable.
 
 $MAX_EDIT_SIZE = 150000;  // Edit gets flaky with large files in some browsers.  Trial and error your's.
@@ -36,7 +37,7 @@
 $config_favicon   = "favicon.ico"; //Path is relative to root of website.
 $config_excluded  = ""; //files to exclude from directory listings- CaSe sEnsiTive!
 
-$config_etypes = "html,htm,xhtml,php,pl,css,js,txt,text,cfg,conf,ini,csv,svg,log,dtd,htaccess"; //Editable file types.
+$config_etypes = "svg,asp,cfg,conf,csv,css,dtd,htm,html,xhtml,htaccess,ini,js,log,markdown,md,php,pl,txt,text"; //Editable file types.
 $config_stypes = "*"; // Shown types; only files of the given types should show up in the file-listing
 	// Use $config_stypes exactly like $config_etypes (list of extensions separated by commas).
 	// If $config_stypes is set to null - by intention or by error - only folders will be shown.
@@ -44,24 +45,19 @@
 	// If $config_stypes is set to "html,htm" for example, only file with the extension "html" or "htm" will get listed.
 
 $config_itypes = "jpg,gif,png,bmp,ico"; //image types to display on edit page.
-// _ftypes & _fclass must have the same number of values. bin is default.
-$config_ftypes = "bin,z,gz,7z,zip,jpg,gif,png,bmp,ico,svg,txt,cvs,css,php,pl ,ini,cfg,conf,log,asp,js ,htm,html,dtd,htaccess";
-$config_fclass = "bin,z,z ,z ,z  ,img,img,img,img,img,svg,txt,txt,css,php,txt,txt,cfg,cfg ,txt,txt,txt,htm,htm ,txt,txt";
+//File types (extensions).  _ftypes & _fclass must have the same number of values. bin is default.
+$config_ftypes = "bin,z,gz,7z,zip,jpg,gif,png,bmp,ico,svg,asp,cfg,conf,csv,css,dtd,htm,html,xhtml,htaccess,ini,js,log,markdown,md,php,pl,txt,text";
+//Cooresponding file classes to _ftypes - used to determine icons for directory listing.
+$config_fclass = "bin,z,z ,z ,z  ,img,img,img,img,img,svg,txt,txt,cfg ,txt,css,txt,htm,htm ,htm  ,txt     ,txt,txt,txt,txt   ,txt,php,php,txt,txt";
 
 $EX = '<b>( ! )</b> '; //EXclaimation point "icon" Used in $message's
 
 $SESSION_NAME = 'OFCMS'; //Name of session cookie. Change if using multiple copies of OneFileCMS.
 
-$ACCESS_ROOT = ''; //Restrict access to a particular folder.  Leave empty for $WEB_ROOT (entire website).
-
-//External config file, if there is one.  Any settings in the $config_file will supersede those above.
-//$config_file = 'OFCMS_config.SAMPLE.php';  // Path is relative to OneFileCMS.
-	//Format for external config file is basic php:
-	// < ? php                    //(without the spaces around the ?, of course)
-	// $option1 = "value";
-	// etc...
+//Init file for optional external wysiwyg editor.
+//Sample init files are availble in the OneFileCMS repo, but the actual editors are not.
+//Path can be absolute to the filesystem, or relative to root of website - if chdir($DOC_ROOT). (current method)
+//$WYSIWYG_PLUGIN = 'plugins/tinymce_init.php';
+//$WYSIWYG_PLUGIN = 'plugins/ckeditor_init.php';
 
-//Name of optional external wysiwyg editor (js file). Path is relative to OneFileCMS.
-//$WYSIWYG_INIT   = 'plugins/tinymce-onefilecms_init.ALPHA.3.php';   //Init settings for TinyMCE.
-//$WYSIWYG_SOURCE = 'plugins/tinymce/jscripts/tiny_mce/tiny_mce.js'; //used in $WYSIWYG_INIT
 //end CONFIGURABLE INFO ********************************************************
diff --git a/OneFileCMS.LANG.EN.php b/OneFileCMS.LANG.EN.php
index 8d45f41..4c30cc1 100755
--- a/OneFileCMS.LANG.EN.php
+++ b/OneFileCMS.LANG.EN.php
@@ -1,7 +1,7 @@
 <?php
-// OneFileCMS Language Settings v3.4.18
+// OneFileCMS Language Settings v3.4.19
 
-$_['LANGUAGE'] = 'English'; //EN
+$_['LANGUAGE'] = 'English';
 $_['LANG'] = 'EN';
 
 // If no translation or value is desired for a particular setting, do not delete
@@ -26,11 +26,11 @@
 $_['select_all_label_size']  = '.84em';   //Font size of $_['Select_All']
 $_['select_all_label_width'] = '72px';    //Width of space for $_['Select_All']
 
-$_['HTML']    = 'HTML';    //####
-$_['WYSIWYG'] = 'WYSIWYG'; //####
+$_['HTML']    = 'HTML';    
+$_['WYSIWYG'] = 'WYSIWYG'; 
 
 $_['Admin']   = 'Admin';
-$_['bytes']   = 'bytes';   //####
+$_['bytes']   = 'bytes';   
 $_['Cancel']  = 'Cancel';
 $_['Close']   = 'Close';
 $_['Copy']    = 'Copy';
@@ -58,7 +58,7 @@
 $_['To']         = 'To';
 $_['Upload']     = 'Upload';
 $_['Username']   = 'Username';
-$_['Working']    = 'Working - please wait...'; //####
+$_['Working']    = 'Working - please wait...'; 
 $_['Log_In']     = 'Log In';
 $_['Log_Out']    = 'Log Out';
 
@@ -120,7 +120,7 @@
 $_['login_msg_03']  = 'INVALID LOGIN ATTEMPT #';
 
 $_['edit_note_00']  = 'NOTES:';
-$_['edit_note_01a'] = 'Remember- your';
+$_['edit_note_01a'] = 'Remember- ';
 $_['edit_note_01b'] = 'is';
 $_['edit_note_02']  = 'So save changes before the clock runs out, or the changes will be lost!';
 $_['edit_note_03']  = 'With some browsers, such as Chrome, if you click the browser [Back] then browser [Forward], the file state may not be accurate. To correct, click the browser\'s [Reload].';
@@ -152,9 +152,9 @@
 $_['upload_txt_01'] = '(php.ini: upload_max_filesize)';
 $_['upload_txt_04'] = 'Maximum total upload size:';
 $_['upload_txt_02'] = '(php.ini: post_max_size)';
-$_['upload_txt_05'] = 'For uploaded files that already exist: '; //####
+$_['upload_txt_05'] = 'For uploaded files that already exist: '; 
 $_['upload_txt_06'] = 'Rename (to filename.ext.001 etc...)';
-$_['upload_txt_07'] = 'Overwrite'; //####
+$_['upload_txt_07'] = 'Overwrite'; 
 
 $_['upload_err_01'] = 'Error 1: File too large. From php.ini:';
 $_['upload_err_02'] = 'Error 2: File too large. (Exceeds MAX_FILE_SIZE HTML form element)';
@@ -172,7 +172,7 @@
 $_['upload_msg_04'] = 'Uploading:';
 $_['upload_msg_05'] = 'Upload successful!';
 $_['upload_msg_06'] = 'Upload failed:';
-$_['upload_msg_07'] = 'A pre-existing file was overwritten.'; //####
+$_['upload_msg_07'] = 'A pre-existing file was overwritten.'; 
 
 $_['new_file_txt_01'] = 'File or Folder will be created in the current folder.';
 $_['new_file_txt_02'] = 'Some invalid characters are:';
@@ -237,7 +237,7 @@
 $_['change_pw_05'] = 'Updating';
 $_['change_pw_06'] = 'external config file';
 
-$_['change_pw_07'] = 'All fields are required.'; //####
+$_['change_pw_07'] = 'All fields are required.'; 
 $_['change_un_01'] = 'Username changed!';
 $_['change_un_02'] = 'Username NOT changed.';
 
diff --git a/OneFileCMS.LANG.NL.php b/OneFileCMS.LANG.NL.php
index 0e7db47..923d27e 100755
--- a/OneFileCMS.LANG.NL.php
+++ b/OneFileCMS.LANG.NL.php
@@ -1,7 +1,7 @@
 <?php
-// OneFileCMS Language Settings v3.4.18
+// OneFileCMS Language Settings v3.4.19
 
-$_['LANGUAGE'] = 'Dutch (Nederlands)';
+$_['LANGUAGE'] = 'Nederlands (Dutch)';
 $_['LANG'] = 'NL';
 
 // If no translation or value is desired for a particular setting, do not delete
diff --git a/OneFileCMS_structure.txt b/OneFileCMS_structure.txt
index 46014a8..bfef849 100755
--- a/OneFileCMS_structure.txt
+++ b/OneFileCMS_structure.txt
@@ -1,4 +1,4 @@
-OneFileCMS Version 3.4.15 structure/layout
+OneFileCMS Version 3.4.19 structure/layout
 
 LICENSE
 
@@ -6,9 +6,8 @@ SOME BASIC SECURITY & ERROR LOG SETTINGS
 
 CONFIGURATION SECTION
 
-OTHER GLOBAL/SYSTEM VALUES
-
 MISC FUNCTIONS:
+	System_setup()
 	hsc()
 	hte()
 	Default_Language()
@@ -17,9 +16,11 @@ MISC FUNCTIONS:
 	hashit()
 	Error_reporting_and_early_output()
 	Update_Recent_Pages()
+	strip_array()
 	undo_magic_quotes()
+	Validate_params()
 	Get_GET()
-	Verify_page_conditions()
+	Verify_Page_Conditions()
 	has_invalid_char()
 	URLencode_path()
 	dir_name()
@@ -57,7 +58,7 @@ PAGE & RESPONSE FUNCTIONS:
 	Logout()
 	Login_Page()
 	Login_response()
-	List_Files()
+	List_File()
 	Table_of_Files()
 	Index_Page()
 	Edit_Page_buttons_top()
@@ -110,6 +111,7 @@ STYLESHEET FUNCTIONS:
 
 LOGIC TO DETERMINE PAGE ACTION
 	Load Default_Language()
+	System_setup()
 	If specified, load external language file
 	Verify PHP version
 	Session_Startup()
diff --git a/onefilecms.php b/onefilecms.php
index 6db5cfa..6cefc03 100755
--- a/onefilecms.php
+++ b/onefilecms.php
@@ -1,7 +1,7 @@
-<?php
+<?php  
 // OneFileCMS - github.com/Self-Evident/OneFileCMS
 
-$OFCMS_version = '3.4.18';
+$OFCMS_version = '3.4.19';
 
 /*******************************************************************************
 Except where noted otherwise:
@@ -62,12 +62,14 @@
 
 
 //Some basic security & error log settings**************************************
+$ER = 0; $DE = 'off';                  //Disable error_reporting and display_erros.
+//$ER = E_ALL | E_STRICT; $DE = 'on';  //Uncomment for trouble-shooting.     //##### 
 ob_start(); //Catch any early output. Closed prior to page output.
 ini_set('session.use_trans_sid', 0);    //make sure URL supplied SESSID's are not used
 ini_set('session.use_only_cookies', 1); //make sure URL supplied SESSID's are not used
-error_reporting(0); //0 for none, or (E_ALL &~ E_STRICT) for trouble-shooting. 
-ini_set('display_errors', 'off');         //Only turn on for trouble-shooting.
-ini_set('log_errors'    , 'off');         //Only turn on for trouble-shooting.
+error_reporting($ER); //0 for none, or (E_ALL &~ E_STRICT) for trouble-shooting.
+ini_set('display_errors', $DE);             //Only turn on for trouble-shooting.
+ini_set('log_errors'    , 'off');           //Only turn on for trouble-shooting.
 ini_set('error_log'     , $_SERVER['SCRIPT_FILENAME'].'.ERROR.log');
 //Determine good folder for session file? Default is tmp/, which is not secure, but it may not be a serious concern.
 //session_save_path($safepath)  or  ini_set('session.save_path', $safepath)
@@ -85,7 +87,8 @@
 $SALT     = 'somerandomsalt';
 
 //Name of optional external language file.  If file is not found, the built-in defaults will be used.
-//$LANGUAGE_FILE = "OneFileCMS.LANG.EN.php";  //Path is relative to root of website
+//Path can be absolute to the filesystem, or relative to root of website - if chdir($DOC_ROOT). (current method)
+//$LANGUAGE_FILE = "OneFileCMS.LANG.EN.php";
 
 $MAX_ATTEMPTS  = 3;   //Max failed login attempts before LOGIN_DELAY starts.
 $LOGIN_DELAY   = 10;  //In seconds.
@@ -106,7 +109,7 @@
 $config_favicon   = "favicon.ico"; //Path is relative to root of website.
 $config_excluded  = ""; //files to exclude from directory listings- CaSe sEnsiTive!
 
-$config_etypes = "html,htm,xhtml,php,pl,css,js,txt,text,cfg,conf,ini,csv,svg,log,dtd,htaccess"; //Editable file types.
+$config_etypes = "svg,asp,cfg,conf,csv,css,dtd,htm,html,xhtml,htaccess,ini,js,log,markdown,md,php,pl,txt,text"; //Editable file types.
 $config_stypes = "*"; // Shown types; only files of the given types should show up in the file-listing
 	// Use $config_stypes exactly like $config_etypes (list of extensions separated by commas).
 	// If $config_stypes is set to null - by intention or by error - only folders will be shown.
@@ -114,74 +117,65 @@
 	// If $config_stypes is set to "html,htm" for example, only file with the extension "html" or "htm" will get listed.
 
 $config_itypes = "jpg,gif,png,bmp,ico"; //image types to display on edit page.
-// _ftypes & _fclass must have the same number of values. bin is default.
-$config_ftypes = "bin,z,gz,7z,zip,jpg,gif,png,bmp,ico,svg,txt,cvs,css,php,pl ,ini,cfg,conf,log,asp,js ,htm,html,dtd,htaccess,markdown,md";
-$config_fclass = "bin,z,z ,z ,z  ,img,img,img,img,img,svg,txt,txt,css,php,txt,txt,cfg,cfg ,txt,txt,txt,htm,htm ,txt,txt     ,txt     ,txt";
+//File types (extensions).  _ftypes & _fclass must have the same number of values. bin is default.
+$config_ftypes = "bin,z,gz,7z,zip,jpg,gif,png,bmp,ico,svg,asp,cfg,conf,csv,css,dtd,htm,html,xhtml,htaccess,ini,js,log,markdown,md,php,pl,txt,text";
+//Cooresponding file classes to _ftypes - used to determine icons for directory listing.
+$config_fclass = "bin,z,z ,z ,z  ,img,img,img,img,img,svg,txt,txt,cfg ,txt,css,txt,htm,htm ,htm  ,txt     ,txt,txt,txt,txt   ,txt,php,php,txt,txt";
 
 $EX = '<b>( ! )</b> '; //EXclaimation point "icon" Used in $message's
 
 $SESSION_NAME = 'OFCMS'; //Name of session cookie. Change if using multiple copies of OneFileCMS.
 
-//Restrict access to a particular folder.  Leave empty for $WEB_ROOT (entire website).
-$ACCESS_ROOT = '';  //Path is relative to root of website. 
-
-//Optional external wysiwyg editor. Paths are relative to root of website.
-//$WYSIWYG_PLUGIN = 'plugins/ckeditor_init.php';     //Init settings
-//$WYSIWYG_SOURCE = 'plugins/ckeditor/ckeditor.js';  //used in $WYSIWYG_PLUGIN
-//$WYSIWYG_PLUGIN = 'plugins/tinymce_init.php';                      //Init settings.
-//$WYSIWYG_SOURCE = 'plugins/tinymce/jscripts/tiny_mce/tiny_mce.js'; //used in $WYSIWYG_PLUGIN
-
-//External config file, if there is one.  Any settings in the $config_file will supersede those above.
-//$config_file = 'OFCMS_config.SAMPLE.php';  // Path is relative to root of website.
-	//Format for external config file is basic php:
-	// < ? php                    //(without the spaces around the ?, of course)
-	// $option1 = "value";
-	// etc...
+//Init file for optional external wysiwyg editor.
+//Sample init files are availble in the OneFileCMS repo, but the actual editors are not.
+//Path can be absolute to the filesystem, or relative to root of website - if chdir($DOC_ROOT). (current method)
+//$WYSIWYG_PLUGIN = 'plugins/tinymce_init.php';
+//$WYSIWYG_PLUGIN = 'plugins/ckeditor_init.php';
+
+//External config file, if there is one.  Any settings it contains will supersede those above.
+//Path can be absolute to the filesystem, or relative to root of website - if chdir($DOC_ROOT). (current method)
+//See the sample file in the OneFileCMS github repo for format example.
+//$config_file = 'OFCMS_config.SAMPLE.php';
 //end CONFIGURABLE INFO ********************************************************
 
 
 
 
-//******************************************************************************
-//System values & setup
+function System_Setup() { //System Setup ***************************************
+	global $_, $LANGUAGE_FILE, $config_file,  $WYSIWYG_PLUGIN, $WYSIWYG_VALID, $DOC_ROOT, $WEB_ROOT, $WEBSITE,
+	$USERNAME, $HASHWORD, $MAX_ATTEMPTS, $LOGIN_DELAY, $MAX_IMG_W, $MAX_IMG_H, $MAX_EDIT_SIZE, $MAX_VIEW_SIZE, 
+	$MAX_IDLE_TIME, $MAIN_WIDTH, $WIDE_VIEW_WIDTH, $UPLOAD_FIELDS, $config_favicon, $EX, $SESSION_NAME, 
+	$ONESCRIPT,  $ONESCRIPT_file, $ONESCRIPT_backup, $ONESCRIPT_file_backup, 
+	$CONFIG_backup, $CONFIG_file,$CONFIG_file_backup, $LOGIN_ATTEMPTS,
+	$TO_WARNING, $INVALID_CHARS, $WHSPC_SLASH, $VALID_PAGES, $SHOWALLFILES,
+	$config_etypes, $config_stypes, $config_itypes, $config_ftypes, $config_fclass, $config_excluded, 
+	$etypes, $itypes, $ftypes, $fclasses, $excluded_list, $PRE_ITERATIONS, $EX, $message, $VERS; //$VERS used durring developement.
 
-$DOC_ROOT  = $_SERVER['DOCUMENT_ROOT'].'/';
+mb_internal_encoding('utf-8');
 
-chdir($DOC_ROOT); //Allow OneFileCMS.php to be started from any dir on the site.
+$DOC_ROOT = $_SERVER['DOCUMENT_ROOT'].'/'; //root folder of website.
 
-$INVALID_CHARS = '< > ? * : " | / \\'; //Illegal characters for file & folder names.  Space deliminated.
-$WHSPC_SLASH = "\x00..\x20/";  //Whitespace & forward slash. For trimming file & folder name inputs.
+//Allow OneFileCMS.php to be started from any dir on the site.
+//This also effects the path for include() files:
+//The path for an include file can be absolute to the filesystem,
+//     or relative to OneFileCMS - if no chdir() done,       //#####
+//     or relative to root of website - if chdir($DOC_ROOT). (current method)//#####
+chdir($DOC_ROOT);
 
-//If specified, include external config file.
-if ( isset($config_file) && is_file($config_file) ) { include($config_file); }
-else { $config_file = ''; } //If not found, clear it.
+//If specified & found, include external config file. Otherwise clear it.
+if     ( isset($config_file) && is_file($config_file) ) {
+	include($config_file);
+}
+elseif ( isset($config_file) && !is_file($config_file) ) {
+	$message .= $EX.'<b>$config_file '.$_['Not_found'].':</b> '.$config_file.'<br>';
+	$message .= '<b>getcwd() == </b>'.getcwd().'<br>';
+	$config_file = '';
+}
+else { $config_file = ''; }
 
-//If specified, cleanup & validate $WYSIWYG_PLUGIN & _SOURCE. Actual include is at end of OneFileCMS.
-$WYSIWYG_PLUGIN = $DOC_ROOT.trim($WYSIWYG_PLUGIN, $WHSPC_SLASH);
-$WYSIWYG_SOURCE = '/'.trim($WYSIWYG_SOURCE, $WHSPC_SLASH);
+//If specified, validate $WYSIWYG_PLUGIN. Actual include is at end of OneFileCMS.
 $WYSIWYG_VALID = 0; //Default to invalid.
-if ( isset($WYSIWYG_PLUGIN) && is_file($WYSIWYG_PLUGIN) &&
-	 isset($WYSIWYG_SOURCE) && is_file($DOC_ROOT.$WYSIWYG_SOURCE) ) { $WYSIWYG_VALID = 1; }
-
-//Clean up, validate, and limit access to the folder $ACCESS_ROOT.
-if (!isset($ACCESS_ROOT)) { $ACCESS_ROOT = ''; }
-$ACCESS_ROOT = Check_path($ACCESS_ROOT);
-if (!is_dir($ACCESS_ROOT)) { $ACCESS_ROOT=''; }
-if ($ACCESS_ROOT != '') { chdir($ACCESS_ROOT); }
-
-
-//Requires PHP 5.1, due to changes in some functions.
-//Earliest version the author has for testing is 5.2.8 (50208)
-define('PHP_VERSION_ID_REQUIRED',50100);   //Ex: 5.1.23 is 50123
-define('PHP_VERSION_REQUIRED'  ,'5.1 + '); //Used in exit() message.
-
-//The predefined constant PHP_VERSION_ID has only been available since 5.2.7.
-//So, if needed, convert PHP_VERSION (a string) to PHP_VERSION_ID (a number).
-//Ex: 5.1.23 converts to 50123.
-if (!defined('PHP_VERSION_ID')) {
-	$phpversion = explode('.', PHP_VERSION);
-	define('PHP_VERSION_ID', ($phpversion[0] * 10000 + $phpversion[1] * 100 + $phpversion[2]));
-}
+if ( isset($WYSIWYG_PLUGIN) && is_file($WYSIWYG_PLUGIN) ) { $WYSIWYG_VALID = 1; }
 
 //Determine if valid units are set for $MAIN_WIDTH.  If not, assume px.
 $main_units   = substr($MAIN_WIDTH, -2); //should be px, pt, em, or %.
@@ -195,25 +189,40 @@
 	$WIDE_VIEW_WIDTH = ($WIDE_VIEW_WIDTH * 1).'px';
 }
 
-ini_set('session.gc_maxlifetime', $MAX_IDLE_TIME + 100); //in case the default is less.
+//Requires PHP 5.1, due to changes in some functions.
+define('PHP_VERSION_ID_REQUIRED',50100);   //Ex: 5.1.23 is 50123
+define('PHP_VERSION_REQUIRED'  ,'5.1 + '); //Used in exit() message.
 
-$TO_WARNING = 120; //seconds. When idle time remaining is less than this value, $timeout_warning is displayed
+//The predefined constant PHP_VERSION_ID has only been available since 5.2.7.
+//So, if needed, convert PHP_VERSION (a string) to PHP_VERSION_ID (an integer).
+//Ex: 5.1.23 converts to 50123.
+if (!defined('PHP_VERSION_ID')) {
+	$phpversion = explode('.', PHP_VERSION);
+	define('PHP_VERSION_ID', ($phpversion[0] * 10000 + $phpversion[1] * 100 + $phpversion[2]));
+}
 
 $ONESCRIPT = URLencode_path($_SERVER['SCRIPT_NAME']); //Used for URL's
-$WEB_ROOT  = URLencode_path(basename($DOC_ROOT)).'/'.$ACCESS_ROOT;
+$WEB_ROOT  = basename($DOC_ROOT).'/'; //Used only for screen output - Non-url use.
 $WEBSITE   = $_SERVER['HTTP_HOST'].'/';
 
-$ONESCRIPT_file   = $_SERVER['SCRIPT_FILENAME'];  //Non-url use
-$ONESCRIPT_path   = dirname($ONESCRIPT_file).'/'; //Non-url use //Do not use dir_name().
-$LOGIN_ATTEMPTS   = $ONESCRIPT_file.'.invalid_login_attempts';
+$ONESCRIPT_file = $_SERVER['SCRIPT_FILENAME'];  //Non-url use
+$ONESCRIPT_path = dirname($ONESCRIPT_file).'/'; //Non-url use - Do not use dir_name().
+$LOGIN_ATTEMPTS = $ONESCRIPT_file.'.invalid_login_attempts';
 
-$ONESCRIPT_url_backup  = $ONESCRIPT.'.BACKUP.php';                   //used for p/w & u/n updates.
+$ONESCRIPT_backup      = $ONESCRIPT.'.BACKUP.php';                   //used for p/w & u/n updates.
 $ONESCRIPT_file_backup = $ONESCRIPT_file.'.BACKUP.php';              //used for p/w & u/n updates.
-$CONFIG_file           = $ONESCRIPT_path.$config_file;               //used for p/w & u/n updates.
-$CONFIG_file_backup    = $ONESCRIPT_path.$config_file.'.BACKUP.php'; //used for p/w & u/n updates.
-$CONFIG_url_backup     =  URLencode_path($CONFIG_file_backup);       //used for p/w & u/n updates.
+$CONFIG_backup         = URLencode_path($config_file).'.BACKUP.php'; //used for p/w & u/n updates.
+$CONFIG_file           = $ONESCRIPT_path.basename($config_file);     //used for p/w & u/n updates.
+$CONFIG_file_backup    = $CONFIG_file.'.BACKUP.php';                 //used for p/w & u/n updates.
 
-$VALID_PAGES = array("login","logout","admin","hash","changepw","changeun","index","edit","upload","uploaded","newfile","renamefile","copyfile","deletefile","deletefolder","newfolder","renamefolder","copyfolder","mcdaction");
+ini_set('session.gc_maxlifetime', $MAX_IDLE_TIME + 100); //in case the default is less.
+
+$TO_WARNING = 120; //seconds. When idle time remaining is less than this value, $timeout_warning is displayed
+
+$INVALID_CHARS = '< > ? * : " | / \\'; //Illegal characters for file & folder names.  Space deliminated.
+$WHSPC_SLASH = "\x00..\x20/";  //Whitespace & forward slash. For trimming file & folder name inputs.
+
+$VALID_PAGES = array("login","logout","admin","hash","changepw","changeun","index","edit","upload","uploaded","newfile","renamefile","copyfile","deletefile","deletefolder","newfolder","renamefolder","copyfolder","mcdaction", "phpinfo");
 
 //Make arrays out of a few $config_variables for actual use later.
 //First, remove spaces and make lowercase.
@@ -231,20 +240,20 @@
 //If you change this, or any other aspect of either hashit() or js_hash_scripts(), do so while logged in.
 //Then, manually update your password as instructed on the Admin/Generate Hash page.
 $PRE_ITERATIONS = 200;
-//end System values & setup*****************************************************
+}//end  System_Setup() //*******************************************************
 
 
 
 
 function hsc($input) { return htmlspecialchars($input, ENT_QUOTES, 'UTF-8'); }//end hsc() //********
-function hte($input) { return htmlentities($input, ENT_QUOTES, 'UTF-8'); }//end hte()***************
+function hte($input) { return htmlentities($input, ENT_QUOTES, 'UTF-8'); }//end hte() //************
 
 
 
 
 function Default_Language() { // ***********************************************
 	global $_;
-// OneFileCMS Language Settings v3.4.18
+// OneFileCMS Language Settings v3.4.19
 
 $_['LANGUAGE'] = 'English';
 $_['LANG'] = 'EN';
@@ -356,7 +365,7 @@ function Default_Language() { // ***********************************************
 $_['login_msg_02b'] = 'seconds to try again.';
 $_['login_msg_03']  = 'INVALID LOGIN ATTEMPT #';
 $_['edit_note_00']  = 'NOTES:';
-$_['edit_note_01a'] = 'Remember- your';
+$_['edit_note_01a'] = 'Remember- ';
 $_['edit_note_01b'] = 'is';
 $_['edit_note_02']  = 'So save changes before the clock runs out, or the changes will be lost!';
 $_['edit_note_03']  = 'With some browsers, such as Chrome, if you click the browser [Back] then browser [Forward], the file state may not be accurate. To correct, click the browser\'s [Reload].';
@@ -630,13 +639,16 @@ function Update_Recent_Pages() { //*********************************************
 
 
 
-function undo_magic_quotes(){ //************************************************
+function strip_array($var) { //*************************************************
+	if (is_array($var)) {return array_map("strip_array", $var); }
+	else                {return stripslashes($var); }
+	//Note: stripslashes also handles cases when magic_quotes_sybase is on. 
+}//end strip_array() //*********************************************************
+
 
-	function strip_array($var) {
-		if (is_array($var)) {return array_map("strip_array", $var); }
-		else                {return stripslashes($var); }
-	} //Note: stripslashes also handles cases when magic_quotes_sybase is on.
 
+
+function undo_magic_quotes(){ //************************************************
 	if (get_magic_quotes_gpc()) {
 		if (isset($_GET))    { $_GET     = strip_array($_GET);    }
 		if (isset($_POST))   { $_POST    = strip_array($_POST);   }
@@ -647,16 +659,46 @@ function strip_array($var) {
 
 
 
+function Validate_params() { //*************************************************
+	global $_, $ipath, $filename, $page, $param1, $param2, $param3, $Editing_OFCMS, $EX, $message;
+
+	//Pages that require a valid $filename
+	$file_pages = array("edit", "renamefile", "copyfile", "deletefile");
+
+	//Make sure $filename & $page go together
+	if ( ($filename != "") && !in_array($page, $file_pages) ) { $filename = "";  }
+	if ( ($filename == "") &&  in_array($page, $file_pages) ) { $page = "index"; }
+
+	//Init $param's used in <a> href's & <form> actions
+	$param1 = '?i='.URLencode_path($ipath); //$param1 must not be blank.
+	if ($filename == "") { $param2 = ""; } else { $param2 = '&amp;f='.rawurlencode(basename($filename)); }
+	if ($page == ""    ) { $param3 = ""; } else { $param3 = '&amp;p='.$page; }
+
+	$Editing_OFCMS = false;
+	//If editing OneFileCMS itself, show caution message.
+	if ($filename == trim($_SERVER['SCRIPT_NAME'], '/')) {
+		$Editing_OFCMS = true;
+		$message .= '<style>#message_box_contents {background: red;}</style>';
+		$message .= '<style>#message_box          {color: white;}   </style>';
+		$message .= $EX.'<b>'.hsc($_['edit_caution_01']).' '.$EX.hsc($_['edit_caution_02']).'</b><br>';
+	}
+	
+}//end Validate_params() //*****************************************************
+
+
+
+
 function Get_GET() { //*** Get main parameters *********************************
+	global $_, $ipath, $filename, $page, $VALID_PAGES, $EX, $message;
 	// i=some/path/,  f=somefile.xyz,  p=somepage
 	// $ipath      ,  $filename     ,  $page
-	// Get_GET() should not be called unless $_SESSION['valid'] == 1
-	global $_, $ipath, $filename, $page, $param1, $param2, $param3, $VALID_PAGES, $EX, $message;
+	// Perform initial, basic, validation.
+	// Get_GET() should not be called unless $_SESSION['valid'] == 1 (or true)
 
 	//Initialize & validate $ipath
 	if (isset($_GET["i"])) {
 		$ipath = Check_path($_GET["i"],1);
-		if ( $ipath === false || !is_dir($ipath)) { $ipath = ""; }
+		if ( $ipath === false || !is_dir($ipath)) { $ipath = ''; }
 	}else {
 		$ipath = "";
 	}
@@ -675,18 +717,6 @@ function Get_GET() { //*** Get main parameters *********************************
 		$message .= $EX.hsc($_['get_get_msg_02']).' <b>'.hte($page).'</b><br>';
 		$page = "index";  //If invalid $_GET["p"]
 	}
-
-	//Pages that require a valid $filename
-	$file_pages = array("edit", "renamefile", "copyfile", "deletefile");
-
-	//Make sure $filename & $page go together
-	if ( ($filename != "") && !in_array($page, $file_pages) ) { $filename = "";  }
-	if ( ($filename == "") &&  in_array($page, $file_pages) ) { $page = "index"; }
-
-	//Init $param's used in <a> href's & <form> actions
-	$param1 = '?i='.URLencode_path($ipath); //$param1 must not be blank.
-	if ($filename == "") { $param2 = ""; } else { $param2 = '&amp;f='.rawurlencode(basename($filename)); }
-	if ($page == ""    ) { $param3 = ""; } else { $param3 = '&amp;p='.$page; }
 }//end Get_GET() //*************************************************************
 
 
@@ -736,12 +766,6 @@ function Verify_Page_Conditions() { //******************************************
 		$message .= $EX.'<b> '.hsc($_['upload_error_01a']).' '.ini_get('post_max_size').'</b> '.hsc($_['upload_error_01b']).'<br>';
 		$page = "index";
 	}
-	//If editing OneFileCMS itself, show caution message.
-	elseif ($filename == trim($_SERVER['SCRIPT_NAME'], '/')) {
-		$message .= '<style>#message_box_contents {background: red;}</style>';
-		$message .= '<style>#message_box          {color: white;}   </style>';
-		$message .= $EX.'<b>'.hsc($_['edit_caution_01']).' '.$EX.hsc($_['edit_caution_02']).'</b><br>';
-	}
 }//end Verify_Page_Conditions() //**********************************************
 
 
@@ -973,12 +997,11 @@ function rDel($path){ //********************************************************
 function Current_Path_Header(){ //**********************************************
  	// Current path. ie: webroot/current/path/
 	// Each level is a link to that level.
-
 	global $ONESCRIPT, $ipath, $WEB_ROOT;
 
 	echo '<h2>';
 		//Root folder of web site.
-		echo '<a id="path_0" href="'.$ONESCRIPT.'" class="path"> '.hte(rawurldecode(trim($WEB_ROOT, '/'))).'</a>/';
+		echo '<a id="path_0" href="'.$ONESCRIPT.'" class="path"> '.hte(trim($WEB_ROOT, ' /')).'</a>/';
 		$x=0; //need here for focus() in case at webroot.
 		
 		if ($ipath != "" ) { //if not at root, show the rest
@@ -1006,20 +1029,18 @@ function Page_Header(){ //******************************************************
 	if (file_exists($DOC_ROOT.trim($config_favicon,'/'))) {
 		$favicon =  '<img src="/'.URLencode_path($config_favicon).'" alt="">';
 	}
-?>
-	<div id="header">
-		<a href="<?php echo $ONESCRIPT?>" id="logo"><?php echo $config_title; ?></a>
-		<?php echo $OFCMS_version.' ('.hsc($_['on']).'&nbsp;php&nbsp;'.phpversion().')'; ?>
-		
-		<div class="nav">
-			<b><a href="/" target="_blank"><?php echo $favicon ?>
-			<?php echo hte($WEBSITE) ?></a></b>
-			<?php if ($page != "login") { ?>
-			| <a href="<?php echo $ONESCRIPT ?>?p=logout"><?php echo hsc($_['Log_Out']) ?></a>
-			<?php } ?>
-		</div><div class=clear></div>
-	</div><!-- end header -->
-<?php
+
+	echo '<div id="header">';
+		echo '<a href="'.$ONESCRIPT.'" id="logo">'.$config_title.'</a> '.$OFCMS_version.' ';
+		echo '<a href="'.$ONESCRIPT.'?p=phpinfo'.'" target=_blank>';
+		echo '('.hsc($_['on']).'&nbsp;php&nbsp;'.phpversion().')</a>';
+
+		echo '<div class="nav">';
+			echo '<b><a href="/" target="_blank">'.$favicon.' ';
+			echo hte($WEBSITE).'</a></b>';
+			if ($page != "login") {	echo ' | <a href="'.$ONESCRIPT.'?p=logout">'.hsc($_['Log_Out']).'</a>'; }
+		echo '</div><div class=clear></div>';
+	echo '</div>';//<!-- end header -->
 }//end Page_Header() //*********************************************************
 
 
@@ -1052,7 +1073,7 @@ function message_box() { //*****************************************************
 
 function Cancel_Submit_Buttons($submit_label) { //******************************
 	//$submit_label = Rename, Copy, Delete, etc...
-	global $_, $ONESCRIPT, $ONESCRIPT_url_backup, $ipath, $param1, $param2, $page;
+	global $_, $ONESCRIPT, $ipath, $param1, $param2, $page;
 
 	$params = $param1.$param2.'&amp;p='. $_SESSION['recent_pages'][1];
 ?>
@@ -1068,8 +1089,8 @@ function Cancel_Submit_Buttons($submit_label) { //******************************
 
 
 function show_image(){ //*******************************************************
-	global $_, $filename, $MAX_IMG_W, $MAX_IMG_H, $ACCESS_ROOT;
-	
+	global $_, $filename, $MAX_IMG_W, $MAX_IMG_H;
+
 	$IMG = $filename;
 	$img_info = getimagesize($IMG);
 
@@ -1089,8 +1110,8 @@ function show_image(){ //*******************************************************
 	echo hsc($_['show_img_msg_01']).round($SCALE*100).
 		 hsc($_['show_img_msg_02']).' '.$img_info[0].' x '.$img_info[1].').</p>';
 	echo '<div class=clear></div>'.PHP_EOL;
-	echo '<a  href="/'.URLencode_path($ACCESS_ROOT.$IMG).'" target="_blank">'.PHP_EOL;
-	echo '<img src="/'.URLencode_path($ACCESS_ROOT.$IMG).'" width="'.($img_info[$W] * $SCALE).'"></a>'.PHP_EOL;
+	echo '<a  href="/'.URLencode_path($IMG).'" target="_blank">'.PHP_EOL;
+	echo '<img src="/'.URLencode_path($IMG).'" width="'.($img_info[$W] * $SCALE).'"></a>'.PHP_EOL;
 }//end show_image() //**********************************************************
 
 
@@ -1239,7 +1260,7 @@ function List_Backup($file, $file_url){ //**************************************
 
 
 function Admin_Page() { //******************************************************
-	global $_, $ONESCRIPT, $ONESCRIPT_url_backup, $ONESCRIPT_file_backup, $CONFIG_url_backup,
+	global $_, $ONESCRIPT, $ONESCRIPT_backup, $ONESCRIPT_file_backup, $CONFIG_backup,
 		   $ipath, $filename, $param1, $param2, $EX, $config_title,  $CONFIG_file_backup;
 
 	// Restore/Preserve $ipath prior to admin page in case OneFileCMS is edited (which would change $ipath).
@@ -1271,15 +1292,13 @@ function Admin_Page() { //******************************************************
 
 	<div class="info">
 
-<?php //Check for & indicate if backups exists from a prior p/w or u/n change.
+<?php  //Check for & indicate if backups exists from a prior p/w or u/n change.
 	clearstatcache ();
 	if (is_file($ONESCRIPT_file_backup) || is_file($CONFIG_file_backup) ) {
-		
 		echo '<p><b>'.hsc($_['admin_txt_00']).'</b></p>';
-		if (is_file($ONESCRIPT_file_backup)) { List_Backup($ONESCRIPT_file_backup, $ONESCRIPT_url_backup); }
-		if (is_file($CONFIG_file_backup))    { List_Backup($CONFIG_file_backup, $CONFIG_url_backup); }
-		echo '<p>'.hsc($_['admin_txt_01']);
-		echo '<hr>';
+		if (is_file($ONESCRIPT_file_backup)) { List_Backup($ONESCRIPT_file_backup, $ONESCRIPT_backup); }
+		if (is_file($CONFIG_file_backup))    { List_Backup($CONFIG_file_backup, $CONFIG_backup); }
+		echo '<p>'.hsc($_['admin_txt_01']).'<hr>';
 		$focus_on = 'old_backup'; //id of filename listed
 	}else {
 		$focus_on = 'cancel';
@@ -1477,7 +1496,7 @@ function Change_PWUN_response($PWUN, $msg){ //**********************************
 		}
 		
 		//If specified & it exists, update external config file.
-		//$config_file (lowercase) is the user supplied config value, with its path relative to $ONESCRIPT.
+		//$config_file (lowercase) is the user supplied config value.
 		//$CONFIG_file (uppercase) includes full filesystem path.
 		if ( isset($config_file) && is_file($CONFIG_file) ) {
 			$message .= $_['change_pw_05'].' '.$_['change_pw_06'].'. . . ';
@@ -1609,7 +1628,7 @@ function List_File($file, $type, $f_or_f, $DS, $IS_OFCMS, $HREF_params, $param3)
 	//For directories, don't show file size (which is always 0).
 	if (is_dir($ipath.$file)) { $file_size = ''; }
 
-	//If file is OneFileCMS, only show Copy - don't show Rename, Delete, or checkbox options.
+	//If file is OneFileCMS, don't show Rename, Delete, or checkbox options.
 	if ($IS_OFCMS) { $ren_mov = $delete = $checkbox = ''; }
 ?>
 	<tr>
@@ -1657,7 +1676,7 @@ function Table_of_Files($full_list) { //****************************************
 				$type   = 'dir';
 				$HREF_params .= URLencode_path($file).'/';
 				$param3 = '';
-				$DS = ' /'; //End with a directory seperator to indicated a folder.
+				$DS = ' /'; //End with a forward slash to indicate a folder.
 			}else {
 				$f_or_f = "file";
 				$type = $fclasses[array_search($ext, $ftypes)];
@@ -1681,7 +1700,7 @@ function Index_Page(){ //*******************************************************
 
 	$full_list = Sort_Seperate($ipath, scandir('./'.$ipath));
 	$file_count = count($full_list);
-
+	
 	echo '<form method="post" name="mcdselect" action="'.$ONESCRIPT.$param1.'&amp;p=mcdaction">';
 	echo '<input type="hidden" name="mcdaction" value="">';
 
@@ -1797,9 +1816,9 @@ function Edit_Page_buttons($text_editable, $too_large_to_edit) { //*************
 		
 		//Don't show [Rename] or [Delete] if editing OneFileCMS itself.
 		$Button = '<button type=button class="button RCD" onclick="parent.location=\''.$ONESCRIPT.$param1.$param2;	
-		if (!$Editing_OFCMS) { echo $Button.'&amp;p=renamefile\'">'.$ICONS['ren_mov'].hsc($_['Ren_Move']).'</button>'; }
-		/*Always show Copy*/   echo $Button.'&amp;p=copyfile\'">'  .$ICONS['copy']   .hsc($_['Copy'])    .'</button>';
-		if (!$Editing_OFCMS) { echo $Button.'&amp;p=deletefile\'">'.$ICONS['delete'] .hsc($_['Delete'])  .'</button>'; }
+		if (!$Editing_OFCMS) { echo $Button.'&amp;p=renamefile\'">'.$ICONS['ren_mov'].'&nbsp;'.hsc($_['Ren_Move']).'</button>'; }
+		/*Always show Copy*/   echo $Button.'&amp;p=copyfile\'">'  .$ICONS['copy']   .'&nbsp;'.hsc($_['Copy'])    .'</button>';
+		if (!$Editing_OFCMS) { echo $Button.'&amp;p=deletefile\'">'.$ICONS['delete'] .'&nbsp;'.hsc($_['Delete'])  .'</button>'; }
 ?>
 	</div>
 <?php
@@ -1856,8 +1875,8 @@ function Edit_Page_form($ext, $text_editable, $too_large_to_edit, $too_large_to_
 		}//end if non-image
 		
 		Edit_Page_buttons($text_editable, $too_large_to_edit);
-?>	</form>
-<?php
+	echo '</form>';
+
 	if ( $load_Edit_Page_scripts ) { Edit_Page_scripts(); }
 
 	if ($text_editable && !$too_large_to_edit && !$bad_chars) { Edit_Page_Notes(); }
@@ -1891,7 +1910,7 @@ function Edit_Page_Notes() { //*************************************************
 
 
 function Edit_Page() { //*******************************************************
-	global $_, $filename, $filecontents, $raw_contents, $etypes, $itypes, $MAX_EDIT_SIZE, $MAX_VIEW_SIZE, $WYSIWYG_VALID, $ACCESS_ROOT;
+	global $_, $filename, $filecontents, $raw_contents, $etypes, $itypes, $MAX_EDIT_SIZE, $MAX_VIEW_SIZE, $WYSIWYG_VALID;
 	clearstatcache ();
 
 	//Determine if a text editable file type
@@ -1929,7 +1948,7 @@ function Edit_Page() { //*******************************************************
 	echo '<style>#message_box { min-height: 1.88em; }</style>';
 
 	echo '<h2 id="edit_header">'.$header2.' ';
-	echo '<a class="h2_filename" href="/'.URLencode_path($ACCESS_ROOT.$filename).'" target="_blank" title="'.$_['Open_View'].'">';
+	echo '<a class="h2_filename" href="/'.URLencode_path($filename).'" target="_blank" title="'.$_['Open_View'].'">';
 	echo hte(basename($filename)).'</a>';
 	echo '</h2>'.PHP_EOL;
 
@@ -2134,17 +2153,17 @@ function Set_Input_width() { //*************************************************
 	// $MAIN_WIDTH: Set in config section, may be in em, px, pt, or %. Ignoring % for now.
 	// Width of 1 character = .625em = 10px = 7.5pt  (1em = 16px = 12pt)
 
-	$main_units   = substr($MAIN_WIDTH, -2);
-	$main_width   = $MAIN_WIDTH * 1;
+	$main_units  = substr($MAIN_WIDTH, -2);
+	$main_width  = $MAIN_WIDTH * 1;
 
-	$root_enc    =  mb_detect_encoding($WEB_ROOT);           //ASCII? UTF8? etc...
-	$root_width  = (mb_strlen(rawurldecode($WEB_ROOT), $root_enc));
+	$root_enc    = mb_detect_encoding($WEB_ROOT);           //ASCII? UTF8? etc...
+	$root_width  = mb_strlen($WEB_ROOT, $root_enc);
 
-	$label_enc   =  mb_detect_encoding($_['New_Location']);  //ASCII? UTF8? etc...
-	$label_width = (mb_strlen($_['New_Location'], $label_enc));
+	$label_enc   = mb_detect_encoding($_['New_Location']);  //ASCII? UTF8? etc...
+	$label_width = mb_strlen($_['New_Location'], $label_enc);
 
 	//convert to em
-	$root_width *= .625;
+	$root_width  *= .625;
 	$label_width *= .625;
 	if     ( $main_units == "px") { $main_width = $main_width / 16 ; }
 	elseif ( $main_units == "pt") { $main_width = $main_width / 12 ; }
@@ -2178,7 +2197,7 @@ function CRM_Page($action, $title, $name_id, $old_name) { //********************
 		echo '<label>'.hsc($_['CRM_txt_04']).':</label>';
 		echo '<input type=text name=new_name id=new_name class=old_new_name value="'.hsc(basename($new_name)).'"><br>';
 		echo '<label>'.hsc($_['New_Location']).':</label>';
-		echo '<span class="web_root">'.hte(urldecode($WEB_ROOT)).'</span>';
+		echo '<span class="web_root">'.hte($WEB_ROOT).'</span>';
 		echo '<input type=text name=new_location id=new_location value="'.hsc(dir_name($new_name)).'"><br>';
 		echo '('.hsc($_['CRM_txt_02']).')<p>';
 		Cancel_Submit_Buttons($action);
@@ -2385,7 +2404,7 @@ function MCD_response($action, $msg1, $success_msg = '') { //*******************
 
 	$successful = $count - $errors;
 	
-	if ($errors) { $message .= $EX.' <b>'.$errors.' '.hsc($_['errors']).'.</b> '; }
+	if ($errors) {$message .= $EX.' <b>'.$errors.' '.hsc($_['errors']).'.</b><br>';}
 	
 	if ($count > 1) {$message .= '<b>'.$successful.' '.hsc($success_msg).'</b><br>';}
 
@@ -3363,9 +3382,10 @@ function Language_and_config_adjusted_styles() { //*****************************
 
 Default_Language(); // Load Default Language settings
 
-//If specified in config, check for & load external $LANGUAGE_FILE
-if ( isset($LANGUAGE_FILE) && is_file($LANGUAGE_FILE) ) { include($LANGUAGE_FILE); }
+System_Setup();
 
+//If specified, check for & load external $LANGUAGE_FILE
+if ( isset($LANGUAGE_FILE) && is_file($LANGUAGE_FILE) ) { include($LANGUAGE_FILE); }
 
 if( PHP_VERSION_ID < PHP_VERSION_ID_REQUIRED ) {
 	exit( 'PHP '.PHP_VERSION.'<br>'.hsc($_['OFCMS_requires']).' '.PHP_VERSION_REQUIRED );
@@ -3387,21 +3407,21 @@ function Language_and_config_adjusted_styles() { //*****************************
 
 	Init_ICONS();
 
+	Init_Macros();
+
 	undo_magic_quotes();
 
 	Get_GET();
 
-	Init_Macros();
+	if ($page == "phpinfo") { phpinfo(); die; }
+
+	Validate_params();
 
 	Respond_to_POST();
 
-	Verify_Page_Conditions();
+	Verify_Page_Conditions(); //Must come after Respond_to_POST()
 
 	Update_Recent_Pages();
-	
-	//Used to disable some options if editing OneFileCMS itself.
-	$Editing_OFCMS = false;
-	if ( isset($filename) && ($filename == trim($_SERVER['SCRIPT_NAME'], '/')) ) { $Editing_OFCMS = true; }
 
 	//Don't show path header on some pages.
 	$Show_Path = true;
diff --git a/plugins/ckeditor_init.php b/plugins/ckeditor_init.php
index f4bab3d..3a956d8 100755
--- a/plugins/ckeditor_init.php
+++ b/plugins/ckeditor_init.php
@@ -1,5 +1,5 @@
 <?php /*************************************************************************
-Sample code to use the CKEditor with OneFileCMS (as of v3.4.17).
+Sample code to use the CKEditor with OneFileCMS (as of v3.4.19).
 
 For information on CKEditor, visit ckeditor.com.
 
@@ -13,16 +13,18 @@
  3) From the github.com/Self-Evident/OneFileCMS repo, copy the file 
     "ckeditor_init.php" into the "plugins/" folder.
 
- 4) In the configuration section of OneFileCMS, add the following two variables:
-    $WYSIWYG_PLUGIN = 'plugins/ckeditor_init.php';     //Init settings for CKEditor. (This file)
-    $WYSIWYG_SOURCE = 'plugins/ckeditor/ckeditor.js';  //used in $WYSIWYG_PLUGIN
+ 4) In the configuration section of OneFileCMS, add the following variable:
+    $WYSIWYG_PLUGIN = 'plugins/ckeditor_init.php';  //Init settings for CKEditor (this file).
 
- 5) Include the id of the OneFileCMS textarea, "file_editor", in the CKEDITOR.replace() call (see below).
+ 5) In the "init" file indicated above: 
+      - specify the source file of the actual plugin via a <script src= ...> tag.
+	  - specify the id of the OneFileCMS textarea, "file_editor", in the CKEDITOR.replace() call
+	    (see below).
 
  6) In OneFileCMS- open a file for editing, and click [Edit WYSIWIG].
 *****************************************************************************/?>
 
-<script type="text/javascript" src="<?php echo $WYSIWYG_SOURCE ?>"></script>
+<script type="text/javascript" src="/plugins/ckeditor/ckeditor.js"></script>
 <script type="text/javascript">
 	CKEDITOR.replace( 'file_editor',{  //id of desired <textarea>
 		fullPage : true,
diff --git a/plugins/tinymce_init.php b/plugins/tinymce_init.php
index e8b4ae2..9b7351d 100755
--- a/plugins/tinymce_init.php
+++ b/plugins/tinymce_init.php
@@ -1,10 +1,7 @@
 <?php /*************************************************************************
-Sample code to use the TinyMCE editor with OneFileCMS (as of v3.4.17).
+Sample code to use the TinyMCE editor with OneFileCMS (as of v3.4.19).
 
-This file is a modified version of "tinymce/examples/full.html", from the tinymce v3.5.7 distribution.
-The "fullpage" plugin has been added, some of the "buttons" have been re-arranged,
-and a few settings added to the end (mostly commented out, but available).
-For information on tinymce, visit tinymce.moxiecode.com.
+For information on TinyMCE, visit tinymce.moxiecode.com.
 
 Here is a brief how-to:
 (The "plugin" folder used below is not required, or may be named anything you like.)
@@ -16,14 +13,18 @@
  3) From the github.com/Self-Evident/OneFileCMS repo, copy the file 
     "tinymce_init.php" into the "plugins/" folder.
 
- 4) In the configuration section of OneFileCMS, add the following two variables:
-    $WYSIWYG_PLUGIN = 'plugins/tinymce-onefilecms_init.php';           //Init settings for TinyMCE. (This file)
-    $WYSIWYG_SOURCE = 'plugins/tinymce/jscripts/tiny_mce/tiny_mce.js'; //used in $WYSIWYG_PLUGIN
+ 4) In the configuration section of OneFileCMS, add the following variable:
+    $WYSIWYG_PLUGIN = 'plugins/tinymce_init.php';  //Init settings for TinyMCE (this file).
 
- 5) In OneFileCMS- open a file for editing, and click [Edit WYSIWIG].
+ 5) In the "init" file indicated above: 
+      - specify the source file of the actual plugin via a <script src= ...> tag.
+
+	    (see below).
+
+ 6) In OneFileCMS- open a file for editing, and click [Edit WYSIWIG].
 *****************************************************************************/?>
 
-<script type="text/javascript" src="<?php echo $WYSIWYG_SOURCE ?>"></script>
+<script type="text/javascript" src="/plugins/tinymce/jscripts/tiny_mce/tiny_mce.js"></script>
 <script type="text/javascript"> 
 	tinyMCE.init({
 		// General options
diff --git a/readme.markdown b/readme.markdown
index 0428a96..4e0ce39 100755
--- a/readme.markdown
+++ b/readme.markdown
@@ -2,6 +2,29 @@
 
 ## Recent changes
 
+### December 12, 2012 (v3.4.19)
+
+- Slightly adjusted how wysiwyg plugins are implemented - removed $WYSIWIG_SOURCE config variable.
+
+- Two steps forward, one step back...  
+	Just for now - removed the $ACCESS_ROOT option.  I was coding in circles and getting no where while trying to reconcile various issues:  
+
+	- With OneFileCMS in any folder other than the web root,
+	- With OneFileCMS in a folder other than $ACCESS_ROOT  
+	- Depending on the above, can't delete the backup copy of OneFileCMS created by a p/w or u/n change).
+	- External file references (config, language, plugins) affected by the above.  
+	- Should $ACCESS_ROOT also restrict access to OneFileCMS itself?  That would prevent p/w & u/n changes.
+	- Display of the current/path/header/ varies depending on $ACESS_ROOT.
+	- Combining the above.
+	
+	A solution is in the works, but I'm going to take some time to make sure no new problems are introduced by the eventual fix. (hahaha...) It will probably end up being simple, but it's not yet...
+
+- Just a general note on security: due to the fundamental structure of OneFileCMS - primarily that it's one file, and that there is no seperate database for authentication - there are certain inherent security limitations that need to be kept in mind:  
+	- The first is that all OneFileCMS users are "admins", with the ability to upload and edit files with any type of code.
+	- Next, as a direct consequence of the prior point, is that any restriction imposed by some potential feature, such as the $ACCESS_ROOT option that limited access to a specific folder, is only - at most - a guard against accidental access and modification of files outside of the "accessible" folder.   This is not to say that such features are not useful, this is simply to provide a realistic expectation of security - that OneFileCMS should only be used with trusted users.
+
+As a final note - some additional features are being considered for the future, but the current issues noted above need to be resolved first.
+
 ### December 03, 2012 (v3.4.18)
 
 Of course, everything comes with a price (exacerbated by my apparent lack of testing...)
@@ -45,22 +68,6 @@ Due to popular demand (ie: it has been requested more than once), WYSYWIG editor
 
 - I want to thank [fermuch](http://github.com/fermuch) for the client-side hashing suggestion.  While a somewhat different approach was ultlimately employed, his original solution provided the insight needed to approach the idea in general.
 
-### November 12, 2012 (v3.4.14)
-
-- Courtesy of [Fuchur777](github.com/Fuchur777), added option to restrict OneFileCMS to a specified folder (and it's sub-folders).
-- Fixed issue on Upload page if using PHP v3.2.12 or earlier.
-- A few miscellaneous code improvements.
-
-### November 11, 2012
-
-- Thanks to [zaykin](https://github.com/zaykin) for the Russian language file!
-
-### November 5, 2012 (v3.4.13)
-
-- Thanks to [symsec](http://github.com/symsec) for the Dutch (Nederlands) language file!
-- Otherwise, mostly some incidental code improvements and cleanup.
-
-
 --------------------------------------------------------------------------------
 
 # OneFileCMS
@@ -78,6 +85,14 @@ OneFileCMS is just that: It's a flat, light, one file CMS (Content Management Sy
 
 Coupling a utilitarian code editor with basic file managing functions, OneFileCMS can maintain an entire website completely in-browser without any external programs.
 
+## What it is not:
+
+- OneFileCMS would not be the best option for a site maintained by multiple users with different levels of privileges, unless all of the users are trusted to stay within their designated areas of responsibility. Since OneFileCMS allows file uploads, and editing files directly on the web server, there is simply no way to restrict undesired actions. A user with access restricted to a particular folder could simply upload an unrestricted version of OneFileCMS (or ANY such file).
+
+	The $ACCESS_ROOT configuration variable in OneFileCMS simply provides an option to generally restrict actions to a particular directory.  But, as mentioned, this is useful only if you trust the person editing the site with $ACCESS_ROOT enabled.  It does not prevent the issues mentioned above - such as uploading an unrestricted version of OneFileCMS.
+
+	These issues are not unique to OneFileCMS - they will exist in any CMS that permits unrestricted file uploads & editing.
+
 ## Demo
 
 - Just download & try the current stable version - it's one file!
@@ -129,7 +144,7 @@ Well, because "OneFileCMS" sounds way cooler (relatively speaking) than "OneFile
 Yes!  Currently, English (EN), German (DE), Spanish (ES), Dutch (NL), and Russian (RU) are available.
 
 - German (Deutsch) courtesy of [codeless](http://github.com/codeless).
-- Spanish (Espan�la) courtesy of [fermuch](http://github.com/fermuch).
+- Spanish (Espanõla) courtesy of [fermuch](http://github.com/fermuch).
 - Dutch (Nederlands) courtesy of [symsec](http://github.com/symsec).  
 - Russian courtesy of [zaykin](https://github.com/zaykin).  
 

From 914b7a4721c21c37c72b73cf3ebf0fbd558f969a Mon Sep 17 00:00:00 2001
From: David <selfevidenttruths@mail.com>
Date: Sat, 15 Dec 2012 17:00:00 -0500
Subject: [PATCH 163/228] Version 3.4.19 Minor update to prior commit.

---
 onefilecms.php  | 4 ++--
 readme.markdown | 3 ++-
 2 files changed, 4 insertions(+), 3 deletions(-)

diff --git a/onefilecms.php b/onefilecms.php
index 6cefc03..95f9eac 100755
--- a/onefilecms.php
+++ b/onefilecms.php
@@ -3407,8 +3407,6 @@ function Language_and_config_adjusted_styles() { //*****************************
 
 	Init_ICONS();
 
-	Init_Macros();
-
 	undo_magic_quotes();
 
 	Get_GET();
@@ -3417,6 +3415,8 @@ function Language_and_config_adjusted_styles() { //*****************************
 
 	Validate_params();
 
+	Init_Macros(); //Must go after Get_GET()/Validate_params().
+
 	Respond_to_POST();
 
 	Verify_Page_Conditions(); //Must come after Respond_to_POST()
diff --git a/readme.markdown b/readme.markdown
index 4e0ce39..b323c77 100755
--- a/readme.markdown
+++ b/readme.markdown
@@ -16,8 +16,9 @@
 	- Should $ACCESS_ROOT also restrict access to OneFileCMS itself?  That would prevent p/w & u/n changes.
 	- Display of the current/path/header/ varies depending on $ACESS_ROOT.
 	- Combining the above.
+	- A number of other things I can't recall at the moment... (didn't write them down...)
 	
-	A solution is in the works, but I'm going to take some time to make sure no new problems are introduced by the eventual fix. (hahaha...) It will probably end up being simple, but it's not yet...
+	A solution is in the works, but I'm going to take some time to make sure no new problems are introduced by the eventual fix. (hahaha...):
 
 - Just a general note on security: due to the fundamental structure of OneFileCMS - primarily that it's one file, and that there is no seperate database for authentication - there are certain inherent security limitations that need to be kept in mind:  
 	- The first is that all OneFileCMS users are "admins", with the ability to upload and edit files with any type of code.

From 4478eb23e51c87bcf51237f0b38d7055e19d7774 Mon Sep 17 00:00:00 2001
From: Self-Evident <selfevidenttruths@mail.com>
Date: Thu, 20 Dec 2012 14:20:00 -0500
Subject: [PATCH 164/228] Version 3.4.20 Added $ACCESS_ROOT feature. Functions
 affected: System_Setup(), Valid_Path(),   Current_Path_Header(),
 Set_Input_width(), CRM_Page(), CRM_response(),   MCD_Page(), MCD_response(),
 Respond_to_POST(), Main logic section. Error reporting is now on by default.
 Rearranged order of some CONFIGURABLE INFO variables. (It's the OCD in me...)
 System_Setup(): Reorganized, cleaned up Global declarations,   moved
 validation and include() of external lang file to here,   Improved validation
 and setup of $config_file, Renamed Error_reporting_and_early_output() to
 Error_reporting_status_and_early_output() Put strip_array() back inside
 undo_magic_quotes(). Change_PWUN_response(): improved check for $config_file
 . Removed a couple superfluous Global file references. Upload_Page() &
 _response(): Switched from <input hidden> to $ipath for destination.
 Init_Macros(): moved it's call back to after $_GET params are validated.
 phpinfo() Link around php version only when session is valid. Added
 $_['Invalid_path'] = 'Invalid path'; Restructured the repo.

---
 .../OneFileCMS.License.BSD.txt                |   0
 .../OneFileCMS.License.MIT.txt                |   0
 .../OneFileCMS.config.SAMPLE.php              |  34 +-
 .../OneFileCMS_structure.txt                  |   9 +-
 info/changelog.markdown                       | 381 ++++++++++++++++
 readme.markdown => info/readme.markdown       |  45 +-
 .../OneFileCMS.LANG.DE.php                    |   0
 .../OneFileCMS.LANG.EN.php                    |  19 +-
 .../OneFileCMS.LANG.ES.php                    |   0
 .../OneFileCMS.LANG.NL.php                    |   0
 .../OneFileCMS.LANG.RU.php                    |   0
 onefilecms.php                                | 417 +++++++++++-------
 plugins/ckeditor_init.php                     |  13 +-
 plugins/tinymce_init.php                      |  13 +-
 14 files changed, 723 insertions(+), 208 deletions(-)
 rename OneFileCMS.License.BSD.txt => info/OneFileCMS.License.BSD.txt (100%)
 rename OneFileCMS.License.MIT.txt => info/OneFileCMS.License.MIT.txt (100%)
 rename OFCMS_config.SAMPLE.php => info/OneFileCMS.config.SAMPLE.php (79%)
 rename OneFileCMS_structure.txt => info/OneFileCMS_structure.txt (94%)
 create mode 100755 info/changelog.markdown
 rename readme.markdown => info/readme.markdown (79%)
 rename OneFileCMS.LANG.DE.php => languages/OneFileCMS.LANG.DE.php (100%)
 rename OneFileCMS.LANG.EN.php => languages/OneFileCMS.LANG.EN.php (97%)
 rename OneFileCMS.LANG.ES.php => languages/OneFileCMS.LANG.ES.php (100%)
 rename OneFileCMS.LANG.NL.php => languages/OneFileCMS.LANG.NL.php (100%)
 rename OneFileCMS.LANG.RU.php => languages/OneFileCMS.LANG.RU.php (100%)

diff --git a/OneFileCMS.License.BSD.txt b/info/OneFileCMS.License.BSD.txt
similarity index 100%
rename from OneFileCMS.License.BSD.txt
rename to info/OneFileCMS.License.BSD.txt
diff --git a/OneFileCMS.License.MIT.txt b/info/OneFileCMS.License.MIT.txt
similarity index 100%
rename from OneFileCMS.License.MIT.txt
rename to info/OneFileCMS.License.MIT.txt
diff --git a/OFCMS_config.SAMPLE.php b/info/OneFileCMS.config.SAMPLE.php
similarity index 79%
rename from OFCMS_config.SAMPLE.php
rename to info/OneFileCMS.config.SAMPLE.php
index fd3d8fa..311b9e2 100755
--- a/OFCMS_config.SAMPLE.php
+++ b/info/OneFileCMS.config.SAMPLE.php
@@ -1,9 +1,9 @@
 <?php 
 // OneFileCMS - github.com/Self-Evident/OneFileCMS
-// v3.4.19
-// Sample external config file.
+// v3.4.20
+// Sample external config file - this file is OPTIONAL.
 //
-// Basically, what follows is just a copy & paste of the OneFileCMS config section,
+// Basically, what follows is just a copy & paste of the OneFileCMS CONFIGURABLE INFO,
 // except $config_file is not included.
 
 // CONFIGURABLE INFO ***********************************************************
@@ -14,10 +14,6 @@
 //$HASHWORD = "cff29a3b595b427ef8d01c089d368c7706a8c68ecc75d566642e313ee97ff659"; //"password"
 $SALT     = 'somerandomsalt';
 
-//Name of optional external language file.  If file is not found, the built-in defaults will be used.
-//Path can be absolute to the filesystem, or relative to root of website - if chdir($DOC_ROOT). (current method)
-//$LANGUAGE_FILE = "OneFileCMS.LANG.EN.php";
-
 $MAX_ATTEMPTS  = 3;   //Max failed login attempts before LOGIN_DELAY starts.
 $LOGIN_DELAY   = 10;  //In seconds.
 $MAX_IDLE_TIME = 600; //In seconds. 600 = 10 minutes.  Other PHP settings (like gc) may limit its max effective value.
@@ -25,13 +21,13 @@
 $MAIN_WIDTH    = '810px'; //Width of main <div> defining page layout.          Can be px, pt, em, or %.  Assumes px otherwise.
 $WIDE_VIEW_WIDTH = '97%'; //Width to set Edit page if [Wide View] is clicked.  Can be px, pt, em, or %.  Assumes px otherwise.
 
-$MAX_IMG_W   = 810;  //Max width to display images. (main width is 810)
-$MAX_IMG_H   = 1000; //Max height.  I don't know, it just looks reasonable.
-
 $MAX_EDIT_SIZE = 150000;  // Edit gets flaky with large files in some browsers.  Trial and error your's.
 $MAX_VIEW_SIZE = 1000000; // If file > $MAX_EDIT_SIZE, don't even view in OneFileCMS.
                           // The default max view size is completely arbitrary. Basically, it was 2am and seemed like a good idea at the time.
 
+$MAX_IMG_W   = 810;  //Max width (in px) to display images. (main width is 810)
+$MAX_IMG_H   = 1000; //Max height (in px).  I don't know, it just looks reasonable.
+
 $UPLOAD_FIELDS = 6; //Number of upload fields on Upload File(s) page. Max value is ini_get('max_file_uploads').
 
 $config_favicon   = "favicon.ico"; //Path is relative to root of website.
@@ -54,10 +50,26 @@
 
 $SESSION_NAME = 'OFCMS'; //Name of session cookie. Change if using multiple copies of OneFileCMS.
 
+//Restrict access to a particular folder.  Leave empty for access to entire website.
+// "some/path/" is relative to root of website (with no leading slash).
+//$ACCESS_ROOT = 'some/path/';
+
+
+//Notes for $LANGUAGE_FILE, $WYSIWYG_PLUGIN, and $CONFIG_FILE:
+//
+// Filename paths can be:
+//  1) Absolute to the filesystem:  "/some/path/from/system/root/somefile.php"  or
+//  2) Relative to root of website: "some/path/from/web/root/somefile.php"
+
+//Name of optional external language file.  If file is not found, the built-in defaults will be used.
+//$LANGUAGE_FILE = "OneFileCMS.LANG.EN.php";
+
 //Init file for optional external wysiwyg editor.
 //Sample init files are availble in the OneFileCMS repo, but the actual editors are not.
-//Path can be absolute to the filesystem, or relative to root of website - if chdir($DOC_ROOT). (current method)
 //$WYSIWYG_PLUGIN = 'plugins/tinymce_init.php';
 //$WYSIWYG_PLUGIN = 'plugins/ckeditor_init.php';
 
+//Name of optional external config file.  Any settings it contains will supersede those above.
+//See the sample file in the OneFileCMS github repo for format example.
+//$CONFIG_FILE = 'OFCMS_config.SAMPLE.php';
 //end CONFIGURABLE INFO ********************************************************
diff --git a/OneFileCMS_structure.txt b/info/OneFileCMS_structure.txt
similarity index 94%
rename from OneFileCMS_structure.txt
rename to info/OneFileCMS_structure.txt
index bfef849..cb55066 100755
--- a/OneFileCMS_structure.txt
+++ b/info/OneFileCMS_structure.txt
@@ -1,4 +1,4 @@
-OneFileCMS Version 3.4.19 structure/layout
+OneFileCMS Version 3.4.20 structure/layout
 
 LICENSE
 
@@ -16,9 +16,10 @@ MISC FUNCTIONS:
 	hashit()
 	Error_reporting_and_early_output()
 	Update_Recent_Pages()
-	strip_array()
 	undo_magic_quotes()
+		strip_array()
 	Validate_params()
+	Valid_Path()
 	Get_GET()
 	Verify_Page_Conditions()
 	has_invalid_char()
@@ -112,10 +113,12 @@ STYLESHEET FUNCTIONS:
 LOGIC TO DETERMINE PAGE ACTION
 	Load Default_Language()
 	System_setup()
-	If specified, load external language file
 	Verify PHP version
 	Session_Startup()
+	Init_Icons()
 	Get_GET()
+	Validate_params()
+	Valid_Path()
 	Init_Macros()
 	Respond_to_POST()
 	Verify_page_conditions()
diff --git a/info/changelog.markdown b/info/changelog.markdown
new file mode 100755
index 0000000..091a860
--- /dev/null
+++ b/info/changelog.markdown
@@ -0,0 +1,381 @@
+# OneFileCMS Change Log
+
+### v3.4.20 (December 19, 2012)
+
+- The $ACCESS_ROOT option has been reimplemented and is now fully functional\*.  This option limits access to a specified folder (and it's sub-folders).  To use, just specify a valid path relative to the root of the website (no leading slash).  
+(*Well, as best as I can tell...)
+
+- All OneFileCMS configuration variables that reference external files ($CONFIG\_file, $LANGUAGE\_FILE, $WYSIWYG\_PLUGIN) must be specified in one of two ways:  
+	1. Relative to the root of the website - with NO leading slash:  "some/path/from/webroot/somefile.php"  
+	2. Absolute to the file system - WITH a leading slash:  "/some/path/from/system/root/somefile.php"  
+	(On Windows, the drive letter may also be used, but it is not required if all is on same drive.)
+
+### v3.4.19 (2012-12-12)
+
+- Slightly adjusted how wysiwyg plugins are implemented - removed $WYSIWIG\_SOURCE config variable.  
+ (It's value is now specified directly in the "init" file specified by $WYSIWYG\_PLUGIN.)
+
+- Two steps forward, one step back...  
+	Just for now - removed the $ACCESS_ROOT option.  I was coding in circles and getting no where while trying to reconcile various issues:  
+
+	- With OneFileCMS in any folder other than the web root,
+	- With OneFileCMS in a folder other than $ACCESS_ROOT  
+	- Depending on the above, can't delete the backup copy of OneFileCMS created by a p/w or u/n change).
+	- External file references (config, language, plugins) affected by the above.  
+	- Should $ACCESS_ROOT also restrict access to OneFileCMS itself?  That would prevent p/w & u/n changes.
+	- Display of the current/path/header/ varies depending on $ACESS_ROOT.
+	- Combining the above.
+	
+	A solution is in the works, but I'm going to take some time to make sure no new problems are introduced by the eventual fix. (hahaha...) It will probably end up being simple, but it's not yet...
+
+- Just a general note on security: due to the fundamental structure of OneFileCMS - primarily that it's one file, and that there is no seperate database for authentication - there are certain inherent security limitations that should be kept in mind:  
+	- The first is that all OneFileCMS users are "admins", with the ability to upload and edit files with any type of code.
+	- Next, as a direct consequence of the prior point, is that any restriction imposed by some potential feature, such as the $ACCESS_ROOT option that limited access to a specific folder, is only - at most - a guard against accidental access and modification of files outside of the "accessible" folder.   This is not to say that such features are not useful - this is simply meant to provide a realistic expectation of security, and that OneFileCMS should only be used with trusted users.
+
+### v3.4.18 (2012-12-03)
+
+Of course, everything comes with a price (exacerbated by my apparent lack of testing...)
+
+- Anyway, the current release partly fixes an issue when trying to use a wysiwyg editor with onefilecms.php installed in a sub-folder of a site.  The issue is - it didn't work.  Now it does - mostly. However, there is still an issue using wysiwyg editors if the $ACCESS_ROOT variable is set to anything but blank (root).
+
+### 2012-12-03
+
+-  Just a note: there is an issue using a wysiwyg editor when onefilecm.php is in a sub-folder, or related to using the $ACCESS_ROOT option (restricting onefilecms access to a folder).  WYSIWYG seems to otherwise work fine when onefilecms.php is in the root folder of a site.
+
+### v3.4.17 (2012-11-29)
+
+- WYSIWYG is here!  
+Due to popular demand (ie: it has been requested more than once), WYSYWIG editors can now be "plugged in" and used with OneFileCMS.  Currently, only [TinyMCE](http://tinymce.moxiecode.com/) and [CKEditor](http://ckeditor.com/) have been tested (and on a very limited scale). Others may work - but I don't know yet.  And, naturally, the use or inclusion of such editors is completely optional, of course.
+
+	**No actual WYSIWYG editors are included with OneFileCMS** - any desired editor must be obtained seperately.
+
+	A brief how-to on using either editor can be found in their respective sample "init" files included in the plugins folder of the OneFileCMS repo. Any suitable init file for a given editor may be used, as long as the correct path to the editor's javascript source file is specified, and - for CKEditor - the id of the OneFileCMS textarea, "file_editor", is also be specified. 
+
+	Now, while everything seems to work, I have little to no experience using TinyMCE, CKEditor, or any other such application. So, if there is something missing or not working as expected, please let me know (open an "issue" on the Issues page).
+
+	Notes:  
+
+	- These editors have their own, extensive, event controls (responses to keyboard & mouse input), so the OneFileCMS edit page event scripts are not loaded when an editor is in use.  The primary effect is the loss of incidental file status indicators - [Save] will not change to [SAVE CHANGES!], background color will not change, etc., and any "unsaved changes" alerts should be handled by the active editor.  Also, the [Wide View] button will be unavailable.  
+  
+	- The TinyMCE "init" file included in the OneFileCMS repo specifies the use of the TinyMCE "fullpage" plugin, which produces an "unsaved changes" alert every time you exit the Edit page - even if no changes have been made to the file in the editor.  
+
+	- The CKEditor, on the other hand, does not seem to present an alert at all when you leave the editor page - even with unsaved changes.  
+
+### v3.4.16 (2012-11-23)
+
+- Added icons to lower buttons on edit page.
+- And a few code tweaks & improvements.
+
+### v3.4.15 (2012-11-18)
+
+- Added client-side hashing of passwords. 
+  This is primarily a benefit for the user, as it does not really add any security to the server side application that uses it (such as OneFileCMS).  The reason is that this "pre-hash" simply becomes the actual password as far as the server is concerned, and is just as vulnerable to exposure while in transit. However, it does help to protect the user's plain-text password, which may be used elsewhere.  
+
+- Also added a "please wait..." message while computing the client-side hashes - primarily for IE versions < 9, which are MUCH slower than FF or Chrome (by a factor of 37 or more).  Subsequently, the number of iterations for the client-side hashing is quite low (compared to the server side), but still causes a 1 - 2 second delay on the login screen, and a 3 - 6 second delay on the Change Password screen.  On FF and Chrome, however, the delay is much shorter, almost unnoticable.
+
+- I want to thank [fermuch](http://github.com/fermuch) for the client-side hashing suggestion.  While a somewhat different approach was ultlimately employed, his original solution provided the insight needed to approach the idea in general.
+
+### 3.4.14 (2012-11-12)
+
+- Courtesy of [Fuchur777](github.com/Fuchur777), added option to restrict OneFileCMS to a specified folder (and it's sub-folders).
+- Fixed issue on Upload page if using PHP v3.2.12 or earlier.
+- A few miscellaneous code improvements.
+
+### (2012-11-11)
+
+- Thanks to [zaykin](https://github.com/zaykin) for the Russion language file!
+
+### 3.4.13 (2012-11-05)
+
+- Thanks to [symsec](http://github.com/symsec) for the Dutch (Nederlands) language file!
+- Otherwise, mostly some incidental code improvements and cleanup.
+
+### 3.4.12 (2012-10-21)
+
+- On the Upload Page, added an option to select either automatic rename or overwrite of pre-existing files.
+
+### 3.4.11 (2012-10-16)
+
+- Just a few code tweaks and improvements.
+
+### 3.4.10 (2012-10-08)
+
+- Folders are now listed ahead of files in main file list.
+- Quite of bit of code consolidation and improvement.
+- Converted svg icons from functions into an array of $ICONS[]
+
+### 3.4.09
+
+- Can now recursively copy folders.
+- Consolidated some functions.
+- Removed some svg icons no longer used.
+- The usual "code cleanup" and "tweaked some css"...
+
+### 3.4.07
+
+- Can now recursively delete non-empty folders (just be careful!)
+- Consolidated some functions.
+- Minor bug fix & a few misc code improvements.
+- Darkened folder icons.
+- Removed & changed a few $_[] language strings. 
+
+### 3.4.06
+
+- Minor bug fix: Index page would not display folders that started with a period ("hidden" folders on *nix)
+
+### 3.4.05
+
+- Consolidated index page radio & submit buttons (for Move, Copy, Delete) into just three standard buttons.
+- Added multi-file upload ability.
+- Index page: removed extra Upload/New/Rename/Delete buttons from  bottom of page.
+- Subsequent to the above, a bit of code cleanup & improvement.
+
+### 3.4.04
+
+- Minor bug fix.
+
+### 3.4.02-3.4.03
+
+- Primary user noticable change: on rename/move/copy pages, split "New Name" from "New Location".
+- A couple minor bug fixes.
+- Consolidated four functions into two.
+- Other general code cleanup & improvements.
+- Numerous new, changed, and removed langauge settings.
+
+### 3.4.01
+
+- A couple of minor bug fixes.
+- Some code cleanup & improvements.
+
+### 3.3.17 - 3.4.0 (2012-08-29)
+
+- Added option to select and move, copy, or delete multiple files.
+- And other general code tweaks and improvements.
+
+### 3.3.11 - 3.3.16
+
+- Added screens for changing username and password.
+- Plaintext $PASSWORD option is no longer available.
+- Added options to Rename, Copy, or Delete files from Index screen.
+- Improved validation of $_GET parameters & other general code improvements.
+
+### 3.3.10
+
+- Created an actual "Admin" page that has links to admin functions: Hash Page, Edit OneFileCMS, and (soon) Change Password.
+
+### 3.3.09 
+
+- Minor code improvements & cleanup.
+
+### 3.3.08
+
+- Added some basic error handling and now using buffering to capture errant early output.
+- Seperate function to handle dynamic css values.
+
+### 3.3.07
+
+- Language file formats are now php instead of ini.
+- Minor improvement to version checking.
+
+### 3.3.06
+
+- Increased hash iterations from 1000 to 10000.  (I've read that lots of iterations help slow down brute force p/w recovery)
+- Format for external config files is now just php (instead of ini).
+- Some miscellaneous code & css improvements.
+
+### 3.3.05a
+
+- Just removed some trouble-shooting code that was left in unintentionally.
+
+### 3.3.05
+
+- Added a few settings to the language files to adjust certain css values if needed.  In some instances, some langauges may use significantly longer words or phrases than others.  So, a smaller font or less spacing may be desirable in those places to preserve page layout.   
+- And, of course, some minor code improvements hear and there.
+
+### 3.3.04
+
+- Added Spanish language file courtesy of [fermuch](https//github.com/fermuch).
+- Some misc code improvements.
+- Added notes regarding using .ini file for password storage.
+
+### 3.3.03
+
+- "Wide View" option on Edit page now persists across saves.
+- Improved handling of language files.  However, kinda' like "online security", "multi-language support" is nebulous and a bit finicky.
+
+### 3.3.02
+
+- Added German language file courtesy of [codeless](http://github.com/codeless).
+
+### 3.3.01
+
+- Fixed a "minor" issue after adding multi-language support- OneFileCMS stopped working altogether on versions of PHP &lt; 5.3.
+
+### 3.3.0
+
+- Added support for optional external language files.   Now to get some translations...  
+- The default, English, is included directly in OneFileCMS, of course.
+- A sample language file (English) is included in the repo for reference for anyone that may be interested.
+
+
+### 3.2.3
+
+- Thanks to github.com/codeless: added the ability to process a seperate config file.  
+  (This is just an option for flexibility, and is not required)
+- Added a [Wide View] button to Edit page.
+- Some minor code improvement & css tweaking.
+
+### 3.2.2
+
+- Thanks to github.com/codeless: added a configurable whitelist of files to show.
+- Fixed minor issue on hash page (needed htmlspecialchars)
+- And, of course, various style & code tweaks.
+
+
+### 3.2.1
+
+- Added timer to "Please wait..." message after too many invalid login attempts.
+- Mostly some misc code cleanup & improvement.
+	
+### 3.2.0
+
+- Added a few security improvements.
+- Added "timeout" timer as a warning to save edits before they're lost.
+
+
+### 3.1.9
+
+- Password may now be stored as an encrypted hash, instead of in plain text.
+- Added an "Admin" page to generate password hashes.
+- A bunch of other code tweakin' & improvements.
+
+### 3.1.6 thru 3.1.8
+
+- Converted bulk of rest of code into functions (easier to work with).
+- Resolved issue (I hope) with differing versions of PHP and how magic_quotes & stripslashes are handled.
+
+### 3.1.2 thru 3.1.5
+
+- Added file size limits to the Edit/View page. (Some browsers don't like large files in an HTML textarea.)
+- Added some data validation to $_GET parameters
+- Some misc code cleanup & organization etc.
+- And other misc stuff...
+
+### 3.1.1
+
+- Fixed minor issue with data encoding of file for editting in a &lt;textarea>
+
+### 3.1
+
+- (Very) moderate data validation improvements.
+- Reorganized & funcionalized() most of the code.
+
+### 3.0
+
+- Implemented svg icons
+
+### 2.0
+
+- OneFileCMS is now actually ONE FILE! No external style sheets or icons.  
+  (Of course, external style sheets & icons can be added back in, if you like.)
+
+- This is OneFileCMS "Lite", and will be maintained along with v3.0
+
+### 1.5 
+
+- Style sheet is now part of onfilecms.php file, but still uses external icons.
+- Some minor logic improvements on Edit & Index pages.
+
+### 1.4.0
+
+- Substantial code reorganization & updates.
+
+
+### 1.2.4 - 1.3.0
+
+- DO NOT USE THESE VERSIONS!
+- Mostly just a bunch of code modifications.
+- These versions have issues, primarily when on the home/root page your site. 
+
+### 1.2.3
+
+- Fixed check for local css. If not found, loads hosted copy. 
+  (This will soon be a moot point...)
+
+### 1.2.2
+
+- On "Edit" page, images are now displayed directly, instead of a disabled textarea.
+- Logout page replaced with standard "alert" message on login screen.
+
+### 1.2.1
+
+- Fixed security hole that affected versions 1.1.7 - 1.2.0.
+
+### 1.2.0
+
+- List of files now sorted alphabetically, without regard to case.
+- Further improved Edit page & screen feedback of file state (changed/unchanged).
+- Added [X] dismiss button on message box
+- File dates shown on Index & Edit pages are now in user's local time.
+- Moved from xhtml to html syntax & doctype.
+
+### 1.1.9
+
+- Improved Edit page & screen feedback of file state (changed/unchanged).
+- Removed use of jquery in move towards a true "OneFileCMS".
+
+### 1.1.8  
+
+- Added a table list view option (default).  Either List or original "Block" view selectable with $VIEW_MODE variable. (On screen selection in the works)
+- (And, of course, numerous other code tweaks/improvements.
+
+### 1.1.7
+
+- Added [Cancel] button to most screens. Numerous minor UI & code tweaks/improvements.  Changed where .css is hosted (may change back later).  Removed "Rendered in (microseconds)...".  Added license info & copyright notice.
+
+### 1.1.6
+
+- Breadcrumb navigation (courtesy of [Self-Evident](https://github.com/Self-Evident/)), CSS file and some minor changes to it
+- Installation is still as usual, but now, if you have _onefilecms.css_ in the same folder as _onefilecms.php_, it'll be linked instead of the normal [http://onefilecms.com/style.css](http://onefilecms.com/style.css).
+
+### 1.1.5
+
+- Fixed a disallowed redirect vulnerability  
+Many thanks to Abhi M Balakrishnan from [OWASP Mantra Team](http://www.getmantra.com/) for his help
+
+### 1.1.4
+
+- JavaScript cleanup and jQuery upgrade
+- Visit Site = /
+- Now on GitHub!
+
+### 1.1.3 (1/10/2012)
+
+- Fixed a upload bug leftover from 1.1.2's CSRF protection
+
+### 1.1.2 (9/21/11)
+
+- More CSRF protection for logged-in users
+
+### 1.1.1 (1/9/10)
+
+- CSRF protection (thanks Steve and Rene)
+- Support for storing password as an MD5 hash (thanks, durilka!)
+
+### 1.1.0 (10/18/09)
+
+- config_footer variable for branding or analytics code
+- config_disabled variable to disallow editing of files like images, zips, icons, etc
+- config_excluded variable to exclude specific files (or filetypes) from being shown in the index
+- Shows hidden files (files that start with a "." like ".htaccess") on index listing
+- "noindex" meta tag so Google doesn't crawl your backend
+- Fixed a couple minor CSS and link bugs in the example site.
+- Updated license page to clarify commercial license usage per domain and upgrade.
+
+### 1.0.1 (9/24/09)
+
+- Relative CSS links and navigation in example site to work better with the demo (No change to OneFileCMS itself)
+
+### 1.0 (9/5/09)
+
+- Launch!
diff --git a/readme.markdown b/info/readme.markdown
similarity index 79%
rename from readme.markdown
rename to info/readme.markdown
index b323c77..578a021 100755
--- a/readme.markdown
+++ b/info/readme.markdown
@@ -2,9 +2,20 @@
 
 ## Recent changes
 
+### December 19, 2012 (v3.4.20)
+
+- The $ACCESS_ROOT option has been reimplemented and is now fully functional\*.  This option limits access to a specified folder (and it's sub-folders).  To use, just specify a valid path relative to the root of the website (no leading slash).  
+(*Well, as best as I can tell...)
+
+- All OneFileCMS configuration variables that reference external files ($CONFIG\_file, $LANGUAGE\_FILE, $WYSIWYG\_PLUGIN) must be specified in one of two ways:  
+	1. Relative to the root of the website - with NO leading slash:  "some/path/from/webroot/somefile.php"  
+	2. Absolute to the file system - WITH a leading slash:  "/some/path/from/system/root/somefile.php"  
+	(On Windows, the drive letter may also be used, but it is not required if all is on same drive.)
+
 ### December 12, 2012 (v3.4.19)
 
-- Slightly adjusted how wysiwyg plugins are implemented - removed $WYSIWIG_SOURCE config variable.
+- Slightly adjusted how wysiwyg plugins are implemented - removed $WYSIWIG\_SOURCE config variable.  
+ (It's value is now specified directly in the "init" file specified by $WYSIWYG\_PLUGIN.)
 
 - Two steps forward, one step back...  
 	Just for now - removed the $ACCESS_ROOT option.  I was coding in circles and getting no where while trying to reconcile various issues:  
@@ -16,15 +27,12 @@
 	- Should $ACCESS_ROOT also restrict access to OneFileCMS itself?  That would prevent p/w & u/n changes.
 	- Display of the current/path/header/ varies depending on $ACESS_ROOT.
 	- Combining the above.
-	- A number of other things I can't recall at the moment... (didn't write them down...)
 	
-	A solution is in the works, but I'm going to take some time to make sure no new problems are introduced by the eventual fix. (hahaha...):
+	A solution is in the works, but I'm going to take some time to make sure no new problems are introduced by the eventual fix. (hahaha...) It will probably end up being simple, but it's not yet...
 
-- Just a general note on security: due to the fundamental structure of OneFileCMS - primarily that it's one file, and that there is no seperate database for authentication - there are certain inherent security limitations that need to be kept in mind:  
+- Just a general note on security: due to the fundamental structure of OneFileCMS - primarily that it's one file, and that there is no seperate database for authentication - there are certain inherent security limitations that should be kept in mind:  
 	- The first is that all OneFileCMS users are "admins", with the ability to upload and edit files with any type of code.
-	- Next, as a direct consequence of the prior point, is that any restriction imposed by some potential feature, such as the $ACCESS_ROOT option that limited access to a specific folder, is only - at most - a guard against accidental access and modification of files outside of the "accessible" folder.   This is not to say that such features are not useful, this is simply to provide a realistic expectation of security - that OneFileCMS should only be used with trusted users.
-
-As a final note - some additional features are being considered for the future, but the current issues noted above need to be resolved first.
+	- Next, as a direct consequence of the prior point, is that any restriction imposed by some potential feature, such as the $ACCESS_ROOT option that limited access to a specific folder, is only - at most - a guard against accidental access and modification of files outside of the "accessible" folder.   This is not to say that such features are not useful - this is simply meant to provide a realistic expectation of security, and that OneFileCMS should only be used with trusted users.
 
 ### December 03, 2012 (v3.4.18)
 
@@ -55,19 +63,6 @@ Due to popular demand (ie: it has been requested more than once), WYSYWIG editor
 
 	- The CKEditor, on the other hand, does not seem to present an alert at all when you leave the editor page - even with unsaved changes.  
 
-### November 23, 2012 (v3.4.16)
-
-- Added icons to lower buttons on edit page.
-- And a few code tweaks & improvements.
-
-### November 18, 2012 (v3.4.15)
-
-- Added client-side hashing of passwords.  
-  This is primarily a benefit for the user, as it does not really add any security to the server side application that uses it (such as OneFileCMS).  The reason is that this "pre-hash" simply becomes the actual password as far as the server is concerned, and is just as vulnerable to exposure while in transit. However, it does help to protect the user's plain-text password, which may be used elsewhere.  
-
-- Also added a "please wait..." message while computing the client-side hashes - primarily for IE versions < 9, which are MUCH slower than FF or Chrome (by a factor of 37 or more).  Subsequently, the number of iterations for the client-side hashing is quite low (compared to the server side), but still causes a 1 - 2 second delay on the login screen, and a 3 - 6 second delay on the Change Password screen.  On FF and Chrome, however, the delay is much shorter, almost unnoticable.
-
-- I want to thank [fermuch](http://github.com/fermuch) for the client-side hashing suggestion.  While a somewhat different approach was ultlimately employed, his original solution provided the insight needed to approach the idea in general.
 
 --------------------------------------------------------------------------------
 
@@ -88,9 +83,7 @@ Coupling a utilitarian code editor with basic file managing functions, OneFileCM
 
 ## What it is not:
 
-- OneFileCMS would not be the best option for a site maintained by multiple users with different levels of privileges, unless all of the users are trusted to stay within their designated areas of responsibility. Since OneFileCMS allows file uploads, and editing files directly on the web server, there is simply no way to restrict undesired actions. A user with access restricted to a particular folder could simply upload an unrestricted version of OneFileCMS (or ANY such file).
-
-	The $ACCESS_ROOT configuration variable in OneFileCMS simply provides an option to generally restrict actions to a particular directory.  But, as mentioned, this is useful only if you trust the person editing the site with $ACCESS_ROOT enabled.  It does not prevent the issues mentioned above - such as uploading an unrestricted version of OneFileCMS.
+- OneFileCMS would not be the best option for a site that requires different levels of privileges, unless all of the users are trusted to stay within their designated areas of responsibility. Since OneFileCMS allows file uploads and editing files directly on the web server, there is simply no way to secure against any particular action.
 
 	These issues are not unique to OneFileCMS - they will exist in any CMS that permits unrestricted file uploads & editing.
 
@@ -103,7 +96,7 @@ Coupling a utilitarian code editor with basic file managing functions, OneFileCM
 - All the basic file management features like renaming, moving, copying, deleting, and uploading.
   (For complex processes, like batch renaming or mass uploads, you're going to want to use an FTP program.)
 - A basic text editor.
-- WYSIWYG editors may be added as plugins
+- A WYSIWYG editor may be added as a plugin.
 - A Login delay after too many invalid login attempts.
 - Adjustable idle time before auto-logout.
 - Easily modifiable & re-brandable.
@@ -126,10 +119,6 @@ You can also change the file name from "onefilecms.php" to something else, such
 
 ## FAQ
 
-### Where's the WYSIWYG?
-
-As of version 3.4.17, support for TinyMCE and CKEditor, as optional plugins, has been added.
-
 ### I found something that could be better. Can I suggest it to you?
 
 Yes, of course!
diff --git a/OneFileCMS.LANG.DE.php b/languages/OneFileCMS.LANG.DE.php
similarity index 100%
rename from OneFileCMS.LANG.DE.php
rename to languages/OneFileCMS.LANG.DE.php
diff --git a/OneFileCMS.LANG.EN.php b/languages/OneFileCMS.LANG.EN.php
similarity index 97%
rename from OneFileCMS.LANG.EN.php
rename to languages/OneFileCMS.LANG.EN.php
index 4c30cc1..e1e0651 100755
--- a/OneFileCMS.LANG.EN.php
+++ b/languages/OneFileCMS.LANG.EN.php
@@ -1,5 +1,5 @@
 <?php
-// OneFileCMS Language Settings v3.4.19
+// OneFileCMS Language Settings v3.4.20
 
 $_['LANGUAGE'] = 'English';
 $_['LANG'] = 'EN';
@@ -26,11 +26,11 @@
 $_['select_all_label_size']  = '.84em';   //Font size of $_['Select_All']
 $_['select_all_label_width'] = '72px';    //Width of space for $_['Select_All']
 
-$_['HTML']    = 'HTML';    
-$_['WYSIWYG'] = 'WYSIWYG'; 
+$_['HTML']    = 'HTML';
+$_['WYSIWYG'] = 'WYSIWYG';
 
 $_['Admin']   = 'Admin';
-$_['bytes']   = 'bytes';   
+$_['bytes']   = 'bytes';
 $_['Cancel']  = 'Cancel';
 $_['Close']   = 'Close';
 $_['Copy']    = 'Copy';
@@ -58,7 +58,7 @@
 $_['To']         = 'To';
 $_['Upload']     = 'Upload';
 $_['Username']   = 'Username';
-$_['Working']    = 'Working - please wait...'; 
+$_['Working']    = 'Working - please wait...';
 $_['Log_In']     = 'Log In';
 $_['Log_Out']    = 'Log Out';
 
@@ -81,6 +81,7 @@
 $_['New_Location']   = 'New Location';
 $_['No_files']       = 'No files selected.';
 $_['Not_found']      = 'Not found';
+$_['Invalid_path']   = 'Invalid path';
 $_['pass_to_hash']   = 'Password to hash:';
 $_['Generate_Hash']  = 'Generate Hash';
 
@@ -152,9 +153,9 @@
 $_['upload_txt_01'] = '(php.ini: upload_max_filesize)';
 $_['upload_txt_04'] = 'Maximum total upload size:';
 $_['upload_txt_02'] = '(php.ini: post_max_size)';
-$_['upload_txt_05'] = 'For uploaded files that already exist: '; 
+$_['upload_txt_05'] = 'For uploaded files that already exist: ';
 $_['upload_txt_06'] = 'Rename (to filename.ext.001 etc...)';
-$_['upload_txt_07'] = 'Overwrite'; 
+$_['upload_txt_07'] = 'Overwrite';
 
 $_['upload_err_01'] = 'Error 1: File too large. From php.ini:';
 $_['upload_err_02'] = 'Error 2: File too large. (Exceeds MAX_FILE_SIZE HTML form element)';
@@ -172,7 +173,7 @@
 $_['upload_msg_04'] = 'Uploading:';
 $_['upload_msg_05'] = 'Upload successful!';
 $_['upload_msg_06'] = 'Upload failed:';
-$_['upload_msg_07'] = 'A pre-existing file was overwritten.'; 
+$_['upload_msg_07'] = 'A pre-existing file was overwritten.';
 
 $_['new_file_txt_01'] = 'File or Folder will be created in the current folder.';
 $_['new_file_txt_02'] = 'Some invalid characters are:';
@@ -237,7 +238,7 @@
 $_['change_pw_05'] = 'Updating';
 $_['change_pw_06'] = 'external config file';
 
-$_['change_pw_07'] = 'All fields are required.'; 
+$_['change_pw_07'] = 'All fields are required.';
 $_['change_un_01'] = 'Username changed!';
 $_['change_un_02'] = 'Username NOT changed.';
 
diff --git a/OneFileCMS.LANG.ES.php b/languages/OneFileCMS.LANG.ES.php
similarity index 100%
rename from OneFileCMS.LANG.ES.php
rename to languages/OneFileCMS.LANG.ES.php
diff --git a/OneFileCMS.LANG.NL.php b/languages/OneFileCMS.LANG.NL.php
similarity index 100%
rename from OneFileCMS.LANG.NL.php
rename to languages/OneFileCMS.LANG.NL.php
diff --git a/OneFileCMS.LANG.RU.php b/languages/OneFileCMS.LANG.RU.php
similarity index 100%
rename from OneFileCMS.LANG.RU.php
rename to languages/OneFileCMS.LANG.RU.php
diff --git a/onefilecms.php b/onefilecms.php
index 95f9eac..649f0f0 100755
--- a/onefilecms.php
+++ b/onefilecms.php
@@ -1,7 +1,7 @@
-<?php  
+<?php 
 // OneFileCMS - github.com/Self-Evident/OneFileCMS
 
-$OFCMS_version = '3.4.19';
+$OFCMS_version = '3.4.20';
 
 /*******************************************************************************
 Except where noted otherwise:
@@ -62,14 +62,15 @@
 
 
 //Some basic security & error log settings**************************************
-$ER = 0; $DE = 'off';                  //Disable error_reporting and display_erros.
-//$ER = E_ALL | E_STRICT; $DE = 'on';  //Uncomment for trouble-shooting.     //##### 
+$ER = 0;  $DE = 'off';   //Default to  no error_reporting and no display_errors.
+$ER = E_ALL & ~E_STRICT; $DE = 'on';  //For trouble-shooting. //##### 
+
 ob_start(); //Catch any early output. Closed prior to page output.
 ini_set('session.use_trans_sid', 0);    //make sure URL supplied SESSID's are not used
 ini_set('session.use_only_cookies', 1); //make sure URL supplied SESSID's are not used
 error_reporting($ER); //0 for none, or (E_ALL &~ E_STRICT) for trouble-shooting.
-ini_set('display_errors', $DE);             //Only turn on for trouble-shooting.
-ini_set('log_errors'    , 'off');           //Only turn on for trouble-shooting.
+ini_set('display_errors', $DE);
+ini_set('log_errors'    , 'off');
 ini_set('error_log'     , $_SERVER['SCRIPT_FILENAME'].'.ERROR.log');
 //Determine good folder for session file? Default is tmp/, which is not secure, but it may not be a serious concern.
 //session_save_path($safepath)  or  ini_set('session.save_path', $safepath)
@@ -86,10 +87,6 @@
 //$HASHWORD = "cff29a3b595b427ef8d01c089d368c7706a8c68ecc75d566642e313ee97ff659"; //"password"
 $SALT     = 'somerandomsalt';
 
-//Name of optional external language file.  If file is not found, the built-in defaults will be used.
-//Path can be absolute to the filesystem, or relative to root of website - if chdir($DOC_ROOT). (current method)
-//$LANGUAGE_FILE = "OneFileCMS.LANG.EN.php";
-
 $MAX_ATTEMPTS  = 3;   //Max failed login attempts before LOGIN_DELAY starts.
 $LOGIN_DELAY   = 10;  //In seconds.
 $MAX_IDLE_TIME = 600; //In seconds. 600 = 10 minutes.  Other PHP settings (like gc) may limit its max effective value.
@@ -97,13 +94,13 @@
 $MAIN_WIDTH    = '810px'; //Width of main <div> defining page layout.          Can be px, pt, em, or %.  Assumes px otherwise.
 $WIDE_VIEW_WIDTH = '97%'; //Width to set Edit page if [Wide View] is clicked.  Can be px, pt, em, or %.  Assumes px otherwise.
 
-$MAX_IMG_W   = 810;  //Max width to display images. (main width is 810)
-$MAX_IMG_H   = 1000; //Max height.  I don't know, it just looks reasonable.
-
 $MAX_EDIT_SIZE = 150000;  // Edit gets flaky with large files in some browsers.  Trial and error your's.
 $MAX_VIEW_SIZE = 1000000; // If file > $MAX_EDIT_SIZE, don't even view in OneFileCMS.
                           // The default max view size is completely arbitrary. Basically, it was 2am and seemed like a good idea at the time.
 
+$MAX_IMG_W   = 810;  //Max width (in px) to display images. (main width is 810)
+$MAX_IMG_H   = 1000; //Max height (in px).  I don't know, it just looks reasonable.
+
 $UPLOAD_FIELDS = 6; //Number of upload fields on Upload File(s) page. Max value is ini_get('max_file_uploads').
 
 $config_favicon   = "favicon.ico"; //Path is relative to root of website.
@@ -126,69 +123,115 @@
 
 $SESSION_NAME = 'OFCMS'; //Name of session cookie. Change if using multiple copies of OneFileCMS.
 
+//Restrict access to a particular folder.  Leave empty for access to entire website.
+// "some/path/" is relative to root of website (with no leading slash).
+//$ACCESS_ROOT = 'some/path/';
+
+
+//Notes for $LANGUAGE_FILE, $WYSIWYG_PLUGIN, and $CONFIG_FILE:
+//
+// Filename paths can be:
+//  1) Absolute to the filesystem:  "/some/path/from/system/root/somefile.php"  or
+//  2) Relative to root of website: "some/path/from/web/root/somefile.php"
+
+//Name of optional external language file.  If file is not found, the built-in defaults will be used.
+//$LANGUAGE_FILE = "OneFileCMS.LANG.EN.php";
+
 //Init file for optional external wysiwyg editor.
 //Sample init files are availble in the OneFileCMS repo, but the actual editors are not.
-//Path can be absolute to the filesystem, or relative to root of website - if chdir($DOC_ROOT). (current method)
 //$WYSIWYG_PLUGIN = 'plugins/tinymce_init.php';
 //$WYSIWYG_PLUGIN = 'plugins/ckeditor_init.php';
 
-//External config file, if there is one.  Any settings it contains will supersede those above.
-//Path can be absolute to the filesystem, or relative to root of website - if chdir($DOC_ROOT). (current method)
+//Name of optional external config file.  Any settings it contains will supersede those above.
 //See the sample file in the OneFileCMS github repo for format example.
-//$config_file = 'OFCMS_config.SAMPLE.php';
+//$CONFIG_FILE = 'OneFileCMS.config.SAMPLE.php';
 //end CONFIGURABLE INFO ********************************************************
 
 
 
 
-function System_Setup() { //System Setup ***************************************
-	global $_, $LANGUAGE_FILE, $config_file,  $WYSIWYG_PLUGIN, $WYSIWYG_VALID, $DOC_ROOT, $WEB_ROOT, $WEBSITE,
-	$USERNAME, $HASHWORD, $MAX_ATTEMPTS, $LOGIN_DELAY, $MAX_IMG_W, $MAX_IMG_H, $MAX_EDIT_SIZE, $MAX_VIEW_SIZE, 
-	$MAX_IDLE_TIME, $MAIN_WIDTH, $WIDE_VIEW_WIDTH, $UPLOAD_FIELDS, $config_favicon, $EX, $SESSION_NAME, 
-	$ONESCRIPT,  $ONESCRIPT_file, $ONESCRIPT_backup, $ONESCRIPT_file_backup, 
-	$CONFIG_backup, $CONFIG_file,$CONFIG_file_backup, $LOGIN_ATTEMPTS,
-	$TO_WARNING, $INVALID_CHARS, $WHSPC_SLASH, $VALID_PAGES, $SHOWALLFILES,
-	$config_etypes, $config_stypes, $config_itypes, $config_ftypes, $config_fclass, $config_excluded, 
-	$etypes, $itypes, $ftypes, $fclasses, $excluded_list, $PRE_ITERATIONS, $EX, $message, $VERS; //$VERS used durring developement.
+function System_Setup() { //****************************************************
 
-mb_internal_encoding('utf-8');
+global $config_title, $_, $MAX_IDLE_TIME, $LOGIN_ATTEMPTS, 
+	$MAIN_WIDTH, $WIDE_VIEW_WIDTH, $MAX_EDIT_SIZE, $MAX_VIEW_SIZE, $config_excluded, 
+	$config_etypes, $config_stypes,$config_itypes, $config_ftypes, $config_fclass, 
+	$SHOWALLFILES, $etypes, $itypes, $ftypes, $fclasses, $excluded_list, 
+	$LANGUAGE_FILE, $ACCESS_ROOT, $ACCESS_ROOT_len, $WYSIWYG_PLUGIN, $WYSIWYG_VALID, 
+	$TO_WARNING, $INVALID_CHARS, $WHSPC_SLASH, $VALID_PAGES, 
+	$ONESCRIPT,  $ONESCRIPT_file, $ONESCRIPT_backup, $ONESCRIPT_file_backup, 
+	$CONFIG_backup, $CONFIG_FILE,$CONFIG_FILE_backup, $VALID_CONFIG_FILE, 
+	$DOC_ROOT, $WEB_ROOT, $WEBSITE, $PRE_ITERATIONS, $EX, $message;
 
 $DOC_ROOT = $_SERVER['DOCUMENT_ROOT'].'/'; //root folder of website.
 
 //Allow OneFileCMS.php to be started from any dir on the site.
-//This also effects the path for include() files:
-//The path for an include file can be absolute to the filesystem,
-//     or relative to OneFileCMS - if no chdir() done,       //#####
-//     or relative to root of website - if chdir($DOC_ROOT). (current method)//#####
-chdir($DOC_ROOT);
+//This also effects the path in an include("path/somefile.php")
+chdir($DOC_ROOT); 
+
+mb_internal_encoding('utf-8');
+
+$INVALID_CHARS = '< > ? * : " | / \\'; //Illegal characters for file & folder names.  Space deliminated.
+$WHSPC_SLASH = "\x00..\x20/";  //Whitespace & forward slash. For trimming file & folder name inputs.
+
+$ONESCRIPT = URLencode_path($_SERVER['SCRIPT_NAME']); //Used for URL's
+$WEB_ROOT  = basename($DOC_ROOT).'/'; //Used only for screen output - Non-url use.
+$WEBSITE   = $_SERVER['HTTP_HOST'].'/';
+
+$ONESCRIPT_file        = $_SERVER['SCRIPT_FILENAME'];  //Non-url use
+$ONESCRIPT_backup      = $ONESCRIPT.'.BACKUP.php';       //used for p/w & u/n updates.
+$ONESCRIPT_file_backup = $ONESCRIPT_file.'.BACKUP.php';  //used for p/w & u/n updates.
+$LOGIN_ATTEMPTS        = $ONESCRIPT_file.'.invalid_login_attempts';
 
 //If specified & found, include external config file. Otherwise clear it.
-if     ( isset($config_file) && is_file($config_file) ) {
-	include($config_file);
+$VALID_CONFIG_FILE = 0;
+if     (!isset($CONFIG_FILE)) { $CONFIG_FILE = ''; }
+elseif ( isset($CONFIG_FILE) && is_file($CONFIG_FILE) ) {
+	$VALID_CONFIG_FILE = 1;
+	include($CONFIG_FILE);
+	$CONFIG_backup         = URLencode_path($CONFIG_FILE).'.BACKUP.php'; //used for p/w & u/n updates.
+	$CONFIG_FILE_backup    = $CONFIG_FILE.'.BACKUP.php';                 //used for p/w & u/n updates.
 }
-elseif ( isset($config_file) && !is_file($config_file) ) {
-	$message .= $EX.'<b>$config_file '.$_['Not_found'].':</b> '.$config_file.'<br>';
+elseif ( isset($CONFIG_FILE) && !is_file($CONFIG_FILE) ) {
+	$message .= $EX.'<b>$CONFIG_FILE '.$_['Not_found'].':</b> '.$CONFIG_FILE.'<br>';
 	$message .= '<b>getcwd() == </b>'.getcwd().'<br>';
-	$config_file = '';
+	$CONFIG_FILE = '';
 }
-else { $config_file = ''; }
+
+
+//If specified, check for & load external $LANGUAGE_FILE
+if ( isset($LANGUAGE_FILE) && is_file($LANGUAGE_FILE) ) { include($LANGUAGE_FILE); }
+
 
 //If specified, validate $WYSIWYG_PLUGIN. Actual include is at end of OneFileCMS.
 $WYSIWYG_VALID = 0; //Default to invalid.
 if ( isset($WYSIWYG_PLUGIN) && is_file($WYSIWYG_PLUGIN) ) { $WYSIWYG_VALID = 1; }
 
+
+//If specified, clean up & validate $ACCESS_ROOT.
+if (!isset($ACCESS_ROOT)) { $ACCESS_ROOT = ''; } //At least make sure it's set.
+if (!is_dir($_SERVER['DOCUMENT_ROOT'].'/'.$ACCESS_ROOT) || (Check_path($ACCESS_ROOT,1) === false) ) {
+	$message .= $EX.'<b>$ACCESS_ROOT '.$_['Invalid_path'].': </b>'.$ACCESS_ROOT.'<br>';
+	$ACCESS_ROOT = '';
+}
+if ($ACCESS_ROOT != '') { $ACCESS_ROOT = trim($ACCESS_ROOT, ' /').'/';}
+$ACCESS_ROOT_enc = mb_detect_encoding($ACCESS_ROOT);
+$ACCESS_ROOT_len = mb_strlen($ACCESS_ROOT, $ACCESS_ROOT_enc);
+
+
 //Determine if valid units are set for $MAIN_WIDTH.  If not, assume px.
 $main_units   = substr($MAIN_WIDTH, -2); //should be px, pt, em, or %.
 if ( ($main_units != "px") && ($main_units != "pt") && ($main_units != "em") && (substr($MAIN_WIDTH, -1) != '%')) {
 	$MAIN_WIDTH = ($MAIN_WIDTH * 1).'px';
 }
 
+
 //Determine if valid units are set for $WIDE_VIEW_WIDTH.  If not, assume px.
 $main_units   = substr($WIDE_VIEW_WIDTH, -2); //should be px, pt, em, or %.
 if ( ($main_units != "px") && ($main_units != "pt") && ($main_units != "em") && (substr($WIDE_VIEW_WIDTH, -1) != '%')) {
 	$WIDE_VIEW_WIDTH = ($WIDE_VIEW_WIDTH * 1).'px';
 }
 
+
 //Requires PHP 5.1, due to changes in some functions.
 define('PHP_VERSION_ID_REQUIRED',50100);   //Ex: 5.1.23 is 50123
 define('PHP_VERSION_REQUIRED'  ,'5.1 + '); //Used in exit() message.
@@ -201,27 +244,11 @@ function System_Setup() { //System Setup ***************************************
 	define('PHP_VERSION_ID', ($phpversion[0] * 10000 + $phpversion[1] * 100 + $phpversion[2]));
 }
 
-$ONESCRIPT = URLencode_path($_SERVER['SCRIPT_NAME']); //Used for URL's
-$WEB_ROOT  = basename($DOC_ROOT).'/'; //Used only for screen output - Non-url use.
-$WEBSITE   = $_SERVER['HTTP_HOST'].'/';
-
-$ONESCRIPT_file = $_SERVER['SCRIPT_FILENAME'];  //Non-url use
-$ONESCRIPT_path = dirname($ONESCRIPT_file).'/'; //Non-url use - Do not use dir_name().
-$LOGIN_ATTEMPTS = $ONESCRIPT_file.'.invalid_login_attempts';
-
-$ONESCRIPT_backup      = $ONESCRIPT.'.BACKUP.php';                   //used for p/w & u/n updates.
-$ONESCRIPT_file_backup = $ONESCRIPT_file.'.BACKUP.php';              //used for p/w & u/n updates.
-$CONFIG_backup         = URLencode_path($config_file).'.BACKUP.php'; //used for p/w & u/n updates.
-$CONFIG_file           = $ONESCRIPT_path.basename($config_file);     //used for p/w & u/n updates.
-$CONFIG_file_backup    = $CONFIG_file.'.BACKUP.php';                 //used for p/w & u/n updates.
 
 ini_set('session.gc_maxlifetime', $MAX_IDLE_TIME + 100); //in case the default is less.
 
 $TO_WARNING = 120; //seconds. When idle time remaining is less than this value, $timeout_warning is displayed
 
-$INVALID_CHARS = '< > ? * : " | / \\'; //Illegal characters for file & folder names.  Space deliminated.
-$WHSPC_SLASH = "\x00..\x20/";  //Whitespace & forward slash. For trimming file & folder name inputs.
-
 $VALID_PAGES = array("login","logout","admin","hash","changepw","changeun","index","edit","upload","uploaded","newfile","renamefile","copyfile","deletefile","deletefolder","newfolder","renamefolder","copyfolder","mcdaction", "phpinfo");
 
 //Make arrays out of a few $config_variables for actual use later.
@@ -253,7 +280,7 @@ function hte($input) { return htmlentities($input, ENT_QUOTES, 'UTF-8'); }//end
 
 function Default_Language() { // ***********************************************
 	global $_;
-// OneFileCMS Language Settings v3.4.19
+// OneFileCMS Language Settings v3.4.20
 
 $_['LANGUAGE'] = 'English';
 $_['LANG'] = 'EN';
@@ -279,10 +306,10 @@ function Default_Language() { // ***********************************************
 $_['image_info_pos']         = '';        //If 1 or true, moves the info down a line for more space.
 $_['select_all_label_size']  = '.84em';   //Font size of $_['Select_All']
 $_['select_all_label_width'] = '72px';    //Width of space for $_['Select_All']
-$_['HTML']    = 'HTML';    //####
-$_['WYSIWYG'] = 'WYSIWYG'; //####
+$_['HTML']    = 'HTML';
+$_['WYSIWYG'] = 'WYSIWYG';
 $_['Admin']   = 'Admin';
-$_['bytes']   = 'bytes';   //####
+$_['bytes']   = 'bytes';  
 $_['Cancel']  = 'Cancel';
 $_['Close']   = 'Close';
 $_['Copy']    = 'Copy';
@@ -304,12 +331,12 @@ function Default_Language() { // ***********************************************
 $_['on']      = 'on';
 $_['Password']   = 'Password';
 $_['Rename']     = 'Rename';
-$_['Source']     = 'Source';  //#### 
+$_['Source']     = 'Source'; 
 $_['successful'] = 'successful';
 $_['To']         = 'To';
 $_['Upload']     = 'Upload';
 $_['Username']   = 'Username';
-$_['Working']    = 'Working - please wait...'; //####
+$_['Working']    = 'Working - please wait...';
 $_['Log_In']     = 'Log In';
 $_['Log_Out']    = 'Log Out';
 $_['Admin_Options']  = 'Administration Options';
@@ -331,6 +358,7 @@ function Default_Language() { // ***********************************************
 $_['New_Location']   = 'New Location';
 $_['No_files']       = 'No files selected.';
 $_['Not_found']      = 'Not found';
+$_['Invalid_path']   = 'Invalid path';
 $_['pass_to_hash']   = 'Password to hash:';
 $_['Generate_Hash']  = 'Generate Hash';
 $_['save_1']      = 'Save';
@@ -393,9 +421,9 @@ function Default_Language() { // ***********************************************
 $_['upload_txt_01'] = '(php.ini: upload_max_filesize)';
 $_['upload_txt_04'] = 'Maximum total upload size:';
 $_['upload_txt_02'] = '(php.ini: post_max_size)';
-$_['upload_txt_05'] = 'For uploaded files that already exist: '; //####
+$_['upload_txt_05'] = 'For uploaded files that already exist: ';
 $_['upload_txt_06'] = 'Rename (to filename.ext.001 etc...)';
-$_['upload_txt_07'] = 'Overwrite'; //####
+$_['upload_txt_07'] = 'Overwrite';
 $_['upload_err_01'] = 'Error 1: File too large. From php.ini:';
 $_['upload_err_02'] = 'Error 2: File too large. (Exceeds MAX_FILE_SIZE HTML form element)';
 $_['upload_err_03'] = 'Error 3: The uploaded file was only partially uploaded.';
@@ -411,7 +439,7 @@ function Default_Language() { // ***********************************************
 $_['upload_msg_04'] = 'Uploading:';
 $_['upload_msg_05'] = 'Upload successful!';
 $_['upload_msg_06'] = 'Upload failed:';
-$_['upload_msg_07'] = 'A pre-existing file was overwritten.'; //####
+$_['upload_msg_07'] = 'A pre-existing file was overwritten.';
 $_['new_file_txt_01'] = 'File or Folder will be created in the current folder.';
 $_['new_file_txt_02'] = 'Some invalid characters are:';
 $_['new_file_msg_01'] = 'File or folder not created:';
@@ -466,7 +494,7 @@ function Default_Language() { // ***********************************************
 $_['change_pw_04'] = '"New" and "Confirm New" values do not match.';
 $_['change_pw_05'] = 'Updating';
 $_['change_pw_06'] = 'external config file';
-$_['change_pw_07'] = 'All fields are required.'; //####
+$_['change_pw_07'] = 'All fields are required.';
 $_['change_un_01'] = 'Username changed!';
 $_['change_un_02'] = 'Username NOT changed.';
 $_['update_failed'] = 'Update failed - could not save file.';
@@ -559,7 +587,7 @@ function hashit($key,$pre = false){ //******************************************
 
 
 
-function Error_reporting_and_early_output($show_status = 0, $show_types = 0) {//
+function Error_reporting_status_and_early_output($show_status = 0, $show_types = 0) {//
 //Display the status of error_reporting(), and ini_get() of display_errors & log_errors.
 //Also displays any early output caught by ob_start().
 	global $_, $early_output;
@@ -613,7 +641,7 @@ function Error_reporting_and_early_output($show_status = 0, $show_types = 0) {//
 		echo '<span style="background-color: white; border: 1px solid white">';
 		echo hte($early_output).'</span></pre>';
 	}
-}//end Error_reporting_and_early_output() //************************************
+}//end Error_reporting_status_and_early_output() //*****************************
 
 
 
@@ -639,16 +667,14 @@ function Update_Recent_Pages() { //*********************************************
 
 
 
-function strip_array($var) { //*************************************************
-	if (is_array($var)) {return array_map("strip_array", $var); }
-	else                {return stripslashes($var); }
-	//Note: stripslashes also handles cases when magic_quotes_sybase is on. 
-}//end strip_array() //*********************************************************
-
-
+function undo_magic_quotes(){ //************************************************
 
+	function strip_array($var) {
+		//stripslashes() also handles cases when magic_quotes_sybase is on. 
+		if (is_array($var)) {return array_map("strip_array", $var); }
+		else                {return stripslashes($var); }
+	}//end strip_array()
 
-function undo_magic_quotes(){ //************************************************
 	if (get_magic_quotes_gpc()) {
 		if (isset($_GET))    { $_GET     = strip_array($_GET);    }
 		if (isset($_POST))   { $_POST    = strip_array($_POST);   }
@@ -682,12 +708,54 @@ function Validate_params() { //*************************************************
 		$message .= '<style>#message_box          {color: white;}   </style>';
 		$message .= $EX.'<b>'.hsc($_['edit_caution_01']).' '.$EX.hsc($_['edit_caution_02']).'</b><br>';
 	}
-	
 }//end Validate_params() //*****************************************************
 
 
 
 
+function Valid_Path($path, $gotoroot=true) { //*********************************
+	//$gotoroot: if true, return to index page of $ACCESS_ROOT.
+	global  $ipath, $filename, $page, $param1, $param2, $param3, $ACCESS_ROOT, $ACCESS_ROOT_len, $message;
+	
+	//Limit access to the folder $ACCESS_ROOT:
+	//$ACCESS_ROOT = some/root/path/
+	//$path1       = some/root/path/...(or deeper)   : good
+	//$path2       = some/root/                      : bad
+	//$path3       = some/other/path/                : bad
+
+	$path_enc     = mb_detect_encoding($path);
+	$path_len     = mb_strlen($path, $path_enc);
+
+	$path_root    = mb_substr($path, 0, $ACCESS_ROOT_len);
+
+	$good_path = false;
+
+	if ($_SESSION['admin_page']) {
+		//Permit Admin actions: changing p/w, u/n, editing OneFile...
+		$ACCESS_ROOT == '';
+		return true;
+	}
+
+	elseif ( $path_len <  $ACCESS_ROOT_len ) { $good_path = false; }
+	else                          { $good_path = ($path_root == $ACCESS_ROOT); }
+
+	if (!$good_path && $gotoroot) {
+		$ipath    = $ACCESS_ROOT;
+		$filename = '';
+		//$page     = 'index';  //##### If set to index here, can't logout.
+		$param1   = '?i='.$ipath;
+		$param2   = '';
+		$param3   = '';
+		$_GET     = '';
+		$_POST    = '';
+	}
+
+	return $good_path;
+}//end Valid_Path() //**********************************************************
+
+
+
+
 function Get_GET() { //*** Get main parameters *********************************
 	global $_, $ipath, $filename, $page, $VALID_PAGES, $EX, $message;
 	// i=some/path/,  f=somefile.xyz,  p=somepage
@@ -772,7 +840,7 @@ function Verify_Page_Conditions() { //******************************************
 
 
 function has_invalid_char($string) { //*****************************************
-	global $INVALID_CHARS, $INVALID_CHARS_array;
+	global $INVALID_CHARS;
 	$INVALID_CHARS_array = explode(' ', $INVALID_CHARS);
 	foreach ($INVALID_CHARS_array as $bad_char) {
 		if (strpos($string, $bad_char) !== false) { return true; }
@@ -997,21 +1065,36 @@ function rDel($path){ //********************************************************
 function Current_Path_Header(){ //**********************************************
  	// Current path. ie: webroot/current/path/
 	// Each level is a link to that level.
-	global $ONESCRIPT, $ipath, $WEB_ROOT;
+	global $ONESCRIPT, $ipath, $WEB_ROOT, $ACCESS_ROOT, $ACCESS_ROOT_len, $message;
+
+	$unaccessable = '';
+	$_1st_accessable = trim($WEB_ROOT, ' /');
+	$remaining_path = trim(substr($ipath, $ACCESS_ROOT_len), ' /');	
+
+	if ($ACCESS_ROOT != '') {
+		$unaccessable    = dirname($ACCESS_ROOT);
+		$_1st_accessable = basename($ACCESS_ROOT);
+		
+		if ($unaccessable == '.') { $unaccessable = $WEB_ROOT; }
+		else { $unaccessable = $WEB_ROOT.dirname($ACCESS_ROOT).'/'; }
+		$unaccessable = trim(str_replace('/', ' / ',$unaccessable));
+	}
 
 	echo '<h2>';
-		//Root folder of web site.
-		echo '<a id="path_0" href="'.$ONESCRIPT.'" class="path"> '.hte(trim($WEB_ROOT, ' /')).'</a>/';
+		//Root (or $ACCESS_ROOT) folder of web site.
+		$p1 = '?i='.URLencode_path($ACCESS_ROOT);
+		echo hte($unaccessable).'<a id="path_0" href="'.$ONESCRIPT.$p1.'" class="path">'.hte($_1st_accessable).'</a>/';
 		$x=0; //need here for focus() in case at webroot.
 		
-		if ($ipath != "" ) { //if not at root, show the rest
-			$path_levels  = explode("/",trim($ipath,'/') );
+		if ($remaining_path != "" ) { //if not at root, show the rest
+			$path_levels  = explode("/",trim($remaining_path,'/') );
 			$levels = count($path_levels); //If levels=3, indexes = 0, 1, 2  etc...
 			$current_path = "";
 			
 			for ($x=0; $x < $levels; $x++) {
 				$current_path .= $path_levels[$x].'/';
-				echo '<a id="path_'.($x+1).'" href="'.$ONESCRIPT.'?i='.URLencode_path($current_path).'" class="path">';
+				$p1 = '?i='.URLencode_path($ACCESS_ROOT.$current_path);
+				echo '<a id="path_'.($x+1).'" href="'.$ONESCRIPT.$p1.'" class="path">';
 				echo hte($path_levels[$x]).'</a>/';
 			}
 		}//end if (not at root)
@@ -1030,11 +1113,13 @@ function Page_Header(){ //******************************************************
 		$favicon =  '<img src="/'.URLencode_path($config_favicon).'" alt="">';
 	}
 
+	$on_php = '('.hsc($_['on']).'&nbsp;php&nbsp;'.phpversion().')';
+	if ($_SESSION["valid"]) { $on_php = '<a href="'.$ONESCRIPT.'?p=phpinfo'.'" target=_blank>'.$on_php.'</a>';}
+
 	echo '<div id="header">';
 		echo '<a href="'.$ONESCRIPT.'" id="logo">'.$config_title.'</a> '.$OFCMS_version.' ';
-		echo '<a href="'.$ONESCRIPT.'?p=phpinfo'.'" target=_blank>';
-		echo '('.hsc($_['on']).'&nbsp;php&nbsp;'.phpversion().')</a>';
-
+		echo $on_php;
+		
 		echo '<div class="nav">';
 			echo '<b><a href="/" target="_blank">'.$favicon.' ';
 			echo hte($WEBSITE).'</a></b>';
@@ -1241,8 +1326,8 @@ function List_Backup($file, $file_url){ //**************************************
 	global $_, $ONESCRIPT, $ICONS;
 
 	clearstatcache ();
-	$href = $ONESCRIPT.'?i='.dir_name($file_url).'&amp;f='.basename($file_url);
-	$edit_link = '<a href="'.$href.'&amp;p=edit'.'" id="old_backup">'.hte(rawurldecode(basename($file_url))).'</a>';
+	$href = $ONESCRIPT.'?i='.dir_name(trim($file_url,'/')).'&amp;f='.basename($file_url);
+	$edit_link = '<a href="'.$href.'&amp;p=edit'.'" id="old_backup">'.hte(basename($file)).'</a>';
 ?>
 	<table class="index_T old_backup_T"><tr>
 	<td class="file_name"><?php echo $edit_link; ?></td>
@@ -1261,7 +1346,7 @@ function List_Backup($file, $file_url){ //**************************************
 
 function Admin_Page() { //******************************************************
 	global $_, $ONESCRIPT, $ONESCRIPT_backup, $ONESCRIPT_file_backup, $CONFIG_backup,
-		   $ipath, $filename, $param1, $param2, $EX, $config_title,  $CONFIG_file_backup;
+		   $ipath, $filename, $param1, $param2, $EX, $config_title,  $CONFIG_FILE_backup;
 
 	// Restore/Preserve $ipath prior to admin page in case OneFileCMS is edited (which would change $ipath).
 	if   ( $_SESSION['admin_page'] ) { $ipath  = $_SESSION['admin_ipath'];
@@ -1294,10 +1379,10 @@ function Admin_Page() { //******************************************************
 
 <?php  //Check for & indicate if backups exists from a prior p/w or u/n change.
 	clearstatcache ();
-	if (is_file($ONESCRIPT_file_backup) || is_file($CONFIG_file_backup) ) {
+	if (is_file($ONESCRIPT_file_backup) || is_file($CONFIG_FILE_backup) ) {
 		echo '<p><b>'.hsc($_['admin_txt_00']).'</b></p>';
 		if (is_file($ONESCRIPT_file_backup)) { List_Backup($ONESCRIPT_file_backup, $ONESCRIPT_backup); }
-		if (is_file($CONFIG_file_backup))    { List_Backup($CONFIG_file_backup, $CONFIG_backup); }
+		if (is_file($CONFIG_FILE_backup))    { List_Backup($CONFIG_FILE_backup, $CONFIG_backup); }
 		echo '<p>'.hsc($_['admin_txt_01']).'<hr>';
 		$focus_on = 'old_backup'; //id of filename listed
 	}else {
@@ -1456,8 +1541,8 @@ function Update_config($search_for, $replace_with, $search_file, $backup_file) {
 
 function Change_PWUN_response($PWUN, $msg){ //**********************************
 	//Update $USERNAME or $HASHWORD. Default $page = changepw or changeun
-	global $_, $ONESCRIPT, $USERNAME, $HASHWORD, $EX, $message, $page, $config_file,
-		   $ONESCRIPT_file, $ONESCRIPT_file_backup, $CONFIG_file, $CONFIG_file_backup;
+	global $_, $ONESCRIPT, $USERNAME, $HASHWORD, $EX, $message, $page, 
+		   $ONESCRIPT_file, $ONESCRIPT_file_backup, $CONFIG_FILE, $CONFIG_FILE_backup, $VALID_CONFIG_FILE;
 
 	// trim white-space from input values
 	$current_pass = trim($_POST['password']);
@@ -1496,11 +1581,9 @@ function Change_PWUN_response($PWUN, $msg){ //**********************************
 		}
 		
 		//If specified & it exists, update external config file.
-		//$config_file (lowercase) is the user supplied config value.
-		//$CONFIG_file (uppercase) includes full filesystem path.
-		if ( isset($config_file) && is_file($CONFIG_file) ) {
+		if ( $VALID_CONFIG_FILE ) {
 			$message .= $_['change_pw_05'].' '.$_['change_pw_06'].'. . . ';
-			$updated = Update_config($search_for, $replace_with, $CONFIG_file, $CONFIG_file_backup);
+			$updated = Update_config($search_for, $replace_with, $CONFIG_FILE, $CONFIG_FILE_backup);
 		}else{ //Update OneFileCMS
 			$message .= $_['change_pw_05'].' OneFileCMS . . . ';
 			$updated = Update_config($search_for, $replace_with, $ONESCRIPT_file, $ONESCRIPT_file_backup);
@@ -1696,7 +1779,7 @@ function Table_of_Files($full_list) { //****************************************
 
 
 function Index_Page(){ //*******************************************************
-	global $_, $ICONS, $ONESCRIPT, $ipath, $param1, $ftypes, $fclasses, $excluded_list;
+	global $_, $ICONS, $ONESCRIPT, $ipath, $param1, $ftypes, $fclasses;
 
 	$full_list = Sort_Seperate($ipath, scandir('./'.$ipath));
 	$file_count = count($full_list);
@@ -2018,7 +2101,6 @@ function Upload_Page() { //*****************************************************
 			echo '<label><INPUT TYPE=radio NAME=ifexists VALUE=overwrite     > '.hsc($_['upload_txt_07']).'</label>';
 		echo '</div>';
 		
-		echo '<input type="hidden" name="upload_destination" value="'.hsc($ipath).'" ><p>';
 		for ($x = 0; $x < $UPLOAD_FIELDS; $x++) {
 			//size attibute is for FF (and is not em, px, pt, or %).
 			//width attribute is for IE & Chrome, and can be set via css (in style_sheet()).
@@ -2034,7 +2116,7 @@ function Upload_Page() { //*****************************************************
 
 
 function Upload_response() { //*************************************************
-	global $_, $filename, $page, $EX, $message, $UPLOAD_FIELDS;
+	global $_, $filename, $ipath, $page, $EX, $message, $UPLOAD_FIELDS;
 
 	$page  = "index"; //return to index.
 
@@ -2044,7 +2126,7 @@ function Upload_response() { //*************************************************
 		
 		$filecount++;
 		$filename    = $_FILES['upload_file']['name'][$N];
-		$destination = Check_path($_POST['upload_destination']);
+		$destination = $ipath;
 		$savefile_msg = '';		
 		
 		$MAXUP1 = ini_get('upload_max_filesize');
@@ -2089,14 +2171,14 @@ function Upload_response() { //*************************************************
 
 
 
-function New_Page($title, $id) { //*********************************************
+function New_Page($title, $new_f_or_f) { //*********************************************
 	global $_, $FORM_COMMON, $INVALID_CHARS;
 
 	echo '<h2>'.hte($title).'</h2>';
 	echo $FORM_COMMON;
 		echo '<p>'.hsc($_['new_file_txt_01'].' '.$_['new_file_txt_02']);
 		echo '<span class="mono"> '.hte($INVALID_CHARS).'</span></p>';
-		echo '<input type="text" name="'.$id.'" id="'.$id.'" value=""><p>';
+		echo '<input type="text" name="'.$new_f_or_f.'" id="'.$new_f_or_f.'" value=""><p>';
 		Cancel_Submit_Buttons($_['Create']);
 	echo '</form>';
 }//end New_Page() //************************************************************
@@ -2147,7 +2229,7 @@ function New_response($post, $isfile){ //***************************************
 
 
 function Set_Input_width() { //*************************************************
-	global $_, $WEB_ROOT, $MAIN_WIDTH;
+	global $_, $WEB_ROOT, $MAIN_WIDTH, $ACCESS_ROOT;
 
 	// (width of <input type=text>) = $MAIN_WIDTH - (Width of <label>) - (width of <span>$WEB_ROOT</span>)
 	// $MAIN_WIDTH: Set in config section, may be in em, px, pt, or %. Ignoring % for now.
@@ -2156,8 +2238,8 @@ function Set_Input_width() { //*************************************************
 	$main_units  = substr($MAIN_WIDTH, -2);
 	$main_width  = $MAIN_WIDTH * 1;
 
-	$root_enc    = mb_detect_encoding($WEB_ROOT);           //ASCII? UTF8? etc...
-	$root_width  = mb_strlen($WEB_ROOT, $root_enc);
+	$root_enc    = mb_detect_encoding($WEB_ROOT.$ACCESS_ROOT);  //ASCII? UTF8? etc...
+	$root_width  = mb_strlen($WEB_ROOT.$ACCESS_ROOT, $root_enc);
 
 	$label_enc   = mb_detect_encoding($_['New_Location']);  //ASCII? UTF8? etc...
 	$label_width = mb_strlen($_['New_Location'], $label_enc);
@@ -2179,26 +2261,34 @@ function Set_Input_width() { //*************************************************
 
 
 
-function CRM_Page($action, $title, $name_id, $old_name) { //********************
-	//$action = 'Copy' or 'Rename'.
-	global $_, $WEB_ROOT, $ipath, $param1, $filename, $FORM_COMMON;
+function CRM_Page($action, $title, $action_id, $old_full_name) { //******************
+	//$action    = 'Copy' or 'Rename'.
+	//$action_id = 'copy_file' or 'rename_file'
+	global $_, $WEB_ROOT, $ipath, $param1, $filename, $FORM_COMMON, $ACCESS_ROOT, $ACCESS_PATH;
 
-	$new_name = $old_name; //default
+	$new_full_name = $old_full_name; //default
 
-	if (is_dir($old_name)) { $param1 = '?i='.dir_name($ipath); } //If dir, return to parent on [Cancel]
+	if (is_dir($old_full_name)) {
+		$param1 = '?i='.dir_name($ipath); //If dir, return to parent on [Cancel]
+		$ACCESS_PATH = dir_name($ACCESS_PATH);
+	} 
 
 	Set_Input_width();
 
 	echo '<h2>'.hsc($action.' '.$title).'</h2>';
 
 	echo $FORM_COMMON;
-		echo '<input type="hidden" name="'.$name_id.'"  value="'.hsc($name_id).'">';
-		echo '<input type="hidden" name=old_name  value="'.hsc($old_name).'">';
+		echo '<input type="hidden" name="'.$action_id.'"  value="'.hsc($action_id).'">';
+		echo '<input type="hidden" name=old_full_name     value="'.hsc($old_full_name).'">';
+		
 		echo '<label>'.hsc($_['CRM_txt_04']).':</label>';
-		echo '<input type=text name=new_name id=new_name class=old_new_name value="'.hsc(basename($new_name)).'"><br>';
+		echo '<input type=text name=new_name class=new_name value="'.hsc(basename($new_full_name)).'"><br>';
+		
 		echo '<label>'.hsc($_['New_Location']).':</label>';
-		echo '<span class="web_root">'.hte($WEB_ROOT).'</span>';
-		echo '<input type=text name=new_location id=new_location value="'.hsc(dir_name($new_name)).'"><br>';
+		echo '<span class="web_root">'.hte($WEB_ROOT.$ACCESS_ROOT).'</span>';
+		echo '<input type=hidden name=base_location value="'.hsc($ACCESS_ROOT).'">';
+		echo '<input type=text   name=new_location  value="'.hsc($ACCESS_PATH).'"><br>';
+		
 		echo '('.hsc($_['CRM_txt_02']).')<p>';
 		Cancel_Submit_Buttons($action);
 	echo '</form>';
@@ -2213,19 +2303,19 @@ function CRM_response($action, $msg1, $show_message = 3){ //********************
 	//$show_message: 0 = none; 1 = errors only; 2 = successes only; 3 = all messages (default).
 	global $_, $ipath, $filename, $page, $param1, $param2, $message, $EX, $INVALID_CHARS, $WHSPC_SLASH;
 
-	$old_name      = trim($_POST['old_name'], $WHSPC_SLASH);     //Trim whitespace & slashes.
+	$old_full_name = trim($_POST['old_full_name'], $WHSPC_SLASH);     //Trim whitespace & slashes.
 	$new_name_only = trim($_POST['new_name'], $WHSPC_SLASH);
 	$new_location  = trim($_POST['new_location'], $WHSPC_SLASH);
 	if ($new_location != "") { $new_location .= '/'; }
-	$new_name      = $new_location.$new_name_only;
-	$filename      = $old_name; //default if error.
+	$new_full_name = $new_location.$new_name_only;
+	$filename      = $old_full_name; //default if error.
 
-	$isfile = 0; if (is_file($old_name)) { $isfile = 1;} //File or folder?
+	$isfile = 0; if (is_file($old_full_name)) { $isfile = 1;} //File or folder?
 
 	//Common message lines
 	$com_msg  = '<div id="message_left">'.hte($_['From']).'<br>'.hte($_['To']).'</div>';
-	$com_msg .= '<b>: </b><span class="filename">'.hte($old_name).'</span><br>';
-	$com_msg .= '<b>: </b><span class="filename">'.hte($new_name).'</span><br>';
+	$com_msg .= '<b>: </b><span class="filename">'.hte($old_full_name).'</span><br>';
+	$com_msg .= '<b>: </b><span class="filename">'.hte($new_full_name).'</span><br>';
 
 	$err_msg = ''; //Error message.
 	$scs_msg = ''; //Success message.
@@ -2233,11 +2323,11 @@ function CRM_response($action, $msg1, $show_message = 3){ //********************
 	$error = 1; //0 = no error, 1 = an error. Default to error. Used for return value.
 
 	//Check old name for invalid chars (like .. ) (Unlikely to be false outside a malicious attempt)
-	if ( Check_path($old_name,$show_message) === false ) {
-		$bad_name = $old_name;
-	}elseif ( !file_exists($old_name) ) {
+	if ( Check_path($old_full_name,$show_message) === false ) {
+		$bad_name = $old_full_name;
+	}elseif ( !file_exists($old_full_name) ) {
 		$err_msg .= $EX.'<b>'.hsc($msg1.' '.$_['CRM_msg_02']).'</b><br>';
-		$bad_name = $old_name;
+		$bad_name = $old_full_name;
 	//Check new name for invalid chars, including slashes.
 	}elseif ( has_invalid_char($new_name_only) ) {
 		$err_msg .= $EX.'<b>'.hsc($_['new_file_msg_02']).'<span class="filename"> '.hte($INVALID_CHARS).'</span></b><br>';
@@ -2250,16 +2340,16 @@ function CRM_response($action, $msg1, $show_message = 3){ //********************
 		$err_msg .= $EX.'<b>'.hsc($msg1.' '.$_['CRM_msg_01']).'</b><br>';
 		$bad_name = $new_location;
 	//Don't overwrite existing files.
-	}elseif ( file_exists($new_name) ) {
-		$bad_name = $new_name;
+	}elseif ( file_exists($new_full_name) ) {
+		$bad_name = $new_full_name;
 		$err_msg .= $EX.'<b>'.hsc($msg1.' '.$_['CRM_msg_03']).'</b><br>';
-	}elseif ( $action($old_name, $new_name )) {
+	}elseif ( $action($old_full_name, $new_full_name )) {
 		$scs_msg .= '<b>'.hsc($msg1.' '.$_['successful']).'</b><br>'.$com_msg;
 		if   ($isfile) {
 			$ipath    = $new_location;
-			$filename = $new_name;
+			$filename = $new_full_name;
 		}else {//folder
-			$ipath    = $new_name.'/';
+			$ipath    = $new_full_name.'/';
 		}
 		$error = 0;
 	}else{
@@ -2326,7 +2416,8 @@ function Delete_response($target, $show_message=3) { //*************************
 
 
 function MCD_Page($action, $page_title, $classes = '') { //*********************
-	global $_, $ICONS, $WEB_ROOT, $ONESCRIPT, $ipath, $param1, $filename, $page, $INPUT_NUONCE;
+	//$action = mcd_mov or mcd_cpy or mcd_del
+	global $_, $ICONS, $WEB_ROOT, $ONESCRIPT, $ipath, $param1, $filename, $page, $ACCESS_ROOT, $ACCESS_PATH, $INPUT_NUONCE;
 
 	//Prep for a single file or folder
 	if( $page == "deletefile" || $page == "deletefolder" ){
@@ -2345,8 +2436,9 @@ function MCD_Page($action, $page_title, $classes = '') { //*********************
 		
 		if ( ($_POST['mcdaction'] == 'copy') || ($_POST['mcdaction'] == 'move') ) {
 			echo '<label>'.hsc($_['New_Location']).':</label>';
-			echo '<span class="web_root">'.hte($WEB_ROOT).'</span>';
-			echo '<input type="text" name="new_location" id="new_location" value="'.hsc($ipath).'">';
+			echo '<span class="web_root">'.hte($WEB_ROOT.$ACCESS_ROOT).'</span>';
+			echo '<input type=hidden name=base_location value="'.hsc($ACCESS_ROOT).'">';
+			echo '<input type=text   name=new_location  id=new_location value="'.hsc($ACCESS_PATH).'">';
 			echo '<p>('.hsc($_['CRM_txt_02']).')</p>';
 		}
 		 
@@ -2389,13 +2481,13 @@ function MCD_response($action, $msg1, $success_msg = '') { //*******************
 		}
 	}elseif ( ($_POST['new_location'] != "") && !is_dir($_POST['new_location']) ) {
 		$message .= $EX.'<b>'.$msg1.' '.$_['CRM_msg_01'].'</b><br>';
-		$message .= '<span class="filename">'.hte($_POST['new_location']).'/</span><br>';
+		$message .= '<span class="filename">'.hte($_POST['new_location']).'</span><br>';
 		return;
 	}else { //move or rCopy
 		$mcd_ipath = $ipath; //CRM_response() changes $ipath to $new_location
 		
 		foreach ($files as $file){
-			$_POST['old_name'] = $mcd_ipath.$file;
+			$_POST['old_full_name'] = $mcd_ipath.$file;
 			$_POST['new_name'] = $file;
 		  //$_POST['new_location'] should already be set by the client ( via MCD_Page() ).
 			$errors  += CRM_response($action, $msg1, $show_message);
@@ -2476,23 +2568,41 @@ function Load_Selected_Page(){ //***********************************************
 
 
 function Respond_to_POST() { //*************************************************
-	global $_, $VALID_POST, $page, $message;
+	global $_, $VALID_POST, $ipath, $page, $EX, $message;
 
 	if (!$VALID_POST) { return; }
+	
+	//First, validate any $_POST'ed paths against $ACCESS_ROOT.
+	if (isset($_POST["old_full_name"]) && !Valid_Path($_POST["old_full_name"], false)) {
+		//unlikely, but just in case
+		$message .= $EX.'<b>'.$_['Invalid_path'].': </b><span class=filename>'.$_POST["old_full_name"].'</span>';
+		$VALID_POST = 0;
+		return;
+	}
+	if (isset($_POST["new_location"])) {
+		$_POST["new_location"] = $_POST['base_location'].$_POST["new_location"]; //For CRM_ & MCD_response's
+		if (!Valid_Path($_POST["new_location"], false)) {  
+			$message .= $EX.'<b>'.$_['Invalid_path'].': </b><span class=filename>'.$_POST["new_location"].'</span>';
+			$VALID_POST = 0;
+			return;
+		}
+	}
 
-	elseif (isset($_POST['mcd_mov']      )) { MCD_response('rename', $_['Ren_Move'], $_['mcd_msg_01']); } //move == rename
+	if     (isset($_POST['mcd_mov']      )) { MCD_response('rename', $_['Ren_Move'], $_['mcd_msg_01']); } //move == rename
 	elseif (isset($_POST['mcd_cpy']      )) { MCD_response('rCopy' , $_['Copy']    , $_['mcd_msg_02']); }
 	elseif (isset($_POST['mcd_del']      )) { MCD_response('rDel'  , $_['Delete']  , $_['mcd_msg_03']); }
-	elseif (isset($_POST['whattohash']   )) { Hash_response();           }
+	elseif (isset($_POST['whattohash']   )) { Hash_response(); }
 	elseif (isset($_POST['pw']           )) { Change_PWUN_response('pw', $_['change_pw_02']);}
 	elseif (isset($_POST['un']           )) { Change_PWUN_response('un', $_['change_un_02']);}
-	elseif (isset($_POST['filename']     )) { Edit_response();           }
+	elseif (isset($_POST['filename']     )) { Edit_response(); }
 	elseif (isset($_POST['new_file']     )) { New_response('new_file'  , 1);} //1=file
 	elseif (isset($_POST['new_folder']   )) { New_response('new_folder', 0);} //0=folder
 	elseif (isset($_POST['rename_file']  )) { CRM_response('rename', $_['Ren_Move']);}
 	elseif (isset($_POST['copy_file']    )) { CRM_response('rCopy' , $_['Copy']   ); }
 	elseif (isset($_FILES['upload_file']['name']))  { Upload_response(); }
 
+	//If Changed p/w, u/n, or other Admin Page action, make sure to not return to a folder outside of $ACCESS_ROOT.
+	Valid_Path($ipath, true);
 }//end Respond_to_POST() //*****************************************************
 
 
@@ -2908,9 +3018,11 @@ function pre_validate() {
 function js_hash_scripts() { //*************************************************
 	global $SALT, $PRE_ITERATIONS;
 
-//Used to hash p/w's client side.  This does not really add any security to the server side application that uses it,
-//as the "pre-hash" becomes the actual p/w as far as the server is concerned, and is just as vulnerable to exposure 
-//while in transit. However, this does help to protect the user's plain-text p/w, which may be used elsewhere.
+//Used to hash p/w's client side.  This does not really add any security to the 
+//server side application that uses it, as the "pre-hash" becomes the actual p/w 
+//as far as the server is concerned, and is just as vulnerable to exposure while 
+//in transit. However, this does help to protect the user's plain-text p/w, which
+//may be used elsewhere.
 ?>
 <script>
 /* hex_sha256() (and directly associated functions)
@@ -3320,7 +3432,7 @@ function style_sheet(){ //******************************************************
 .edit_btns_bottom .RCD { padding-left: 5px; padding-right: 6px; }
 .edit_btns_bottom svg  { padding : 0 4px 0 0; }
 
-input[type="text"].old_new_name {width  : 50%; margin-bottom: .2em;}
+input[type="text"].new_name {width  : 50%; margin-bottom: .2em;}
 
 .old_backup_T {float: left; margin-bottom: .3em;}
 
@@ -3384,9 +3496,6 @@ function Language_and_config_adjusted_styles() { //*****************************
 
 System_Setup();
 
-//If specified, check for & load external $LANGUAGE_FILE
-if ( isset($LANGUAGE_FILE) && is_file($LANGUAGE_FILE) ) { include($LANGUAGE_FILE); }
-
 if( PHP_VERSION_ID < PHP_VERSION_ID_REQUIRED ) {
 	exit( 'PHP '.PHP_VERSION.'<br>'.hsc($_['OFCMS_requires']).' '.PHP_VERSION_REQUIRED );
 }
@@ -3415,7 +3524,17 @@ function Language_and_config_adjusted_styles() { //*****************************
 
 	Validate_params();
 
-	Init_Macros(); //Must go after Get_GET()/Validate_params().
+	Valid_Path($ipath, true);
+
+	//$ACCESS_ROOT.$ACCESS_PATH == $ipath
+	//$ipath_enc = mb_detect_encoding($ipath);
+	$ipath_len = mb_strlen($ipath);
+	$ACCESS_PATH = '';
+	if (($ACCESS_ROOT_len < $ipath_len)) {
+		$ACCESS_PATH = trim(mb_substr($ipath, $ACCESS_ROOT_len), ' /').'/';
+	}
+
+	Init_Macros(); //Needs to be after Get_Get()/Validate_params()/Valid_Path()
 
 	Respond_to_POST();
 
@@ -3423,7 +3542,7 @@ function Language_and_config_adjusted_styles() { //*****************************
 
 	Update_Recent_Pages();
 
-	//Don't show path header on some pages.
+	//Don't show current/path/ header on some pages.
 	$Show_Path = true;
 	$pages_dont_show_path = array("login","admin","hash","changepw","changeun");
 	if ( in_array($page, $pages_dont_show_path) ){ $Show_Path = false; } //
@@ -3457,7 +3576,7 @@ function Language_and_config_adjusted_styles() { //*****************************
 
 echo '</head><body>';
 
-Error_reporting_and_early_output(1,0);
+Error_reporting_status_and_early_output(0,0); //0,0 will only show any early output.
 
 if ($_SESSION['valid']) { echo '<div id="main" class="container" >'; }
 else                    { echo '<div id="main" class="login_page">'; }
diff --git a/plugins/ckeditor_init.php b/plugins/ckeditor_init.php
index 3a956d8..3356cbc 100755
--- a/plugins/ckeditor_init.php
+++ b/plugins/ckeditor_init.php
@@ -16,10 +16,15 @@
  4) In the configuration section of OneFileCMS, add the following variable:
     $WYSIWYG_PLUGIN = 'plugins/ckeditor_init.php';  //Init settings for CKEditor (this file).
 
- 5) In the "init" file indicated above: 
-      - specify the source file of the actual plugin via a <script src= ...> tag.
-	  - specify the id of the OneFileCMS textarea, "file_editor", in the CKEDITOR.replace() call
-	    (see below).
+	Path can be absolute to the filesystem, or relative to root of website.
+
+ 5) In the "init" file specified by $WYSIWYG_PLUGIN (ie: this file): 
+    1) specify the source file of the actual plugin via a <script src= ...> tag.*
+	2) specify the id of the OneFileCMS textarea, "file_editor", in the CKEDITOR.replace() call
+	    
+	*Note: In this case, the plugin path is absolute, but still relative to the root of the website, 
+	and the leading forward slash is generally required. 
+	(This is in contrast to configuration values such as $WYSIWYG_PLUGIN.)
 
  6) In OneFileCMS- open a file for editing, and click [Edit WYSIWIG].
 *****************************************************************************/?>
diff --git a/plugins/tinymce_init.php b/plugins/tinymce_init.php
index 9b7351d..7e50298 100755
--- a/plugins/tinymce_init.php
+++ b/plugins/tinymce_init.php
@@ -14,12 +14,17 @@
     "tinymce_init.php" into the "plugins/" folder.
 
  4) In the configuration section of OneFileCMS, add the following variable:
-    $WYSIWYG_PLUGIN = 'plugins/tinymce_init.php';  //Init settings for TinyMCE (this file).
+    $WYSIWYG_PLUGIN = 'plugins/tinymce_init.php'; // Init settings for TinyMCE (this file).
 
- 5) In the "init" file indicated above: 
-      - specify the source file of the actual plugin via a <script src= ...> tag.
+	Path can be absolute to the filesystem, or relative to root of website.
 
-	    (see below).
+ 5) In the "init" file specified by $WYSIWYG_PLUGIN (this file): 
+    - specify the source file of the actual plugin via a <script src= ...> tag.*
+
+
+	*Note: In this case, the plugin path is absolute, but still relative to the root of the website, 
+	and the leading forward slash is generally required. 
+	(This is in contrast to configuration values such as $WYSIWYG_PLUGIN.)
 
  6) In OneFileCMS- open a file for editing, and click [Edit WYSIWIG].
 *****************************************************************************/?>

From 957c919845457f4ff8b1eb395f0502c5e72bb260 Mon Sep 17 00:00:00 2001
From: David <selfevidenttruths@mail.com>
Date: Thu, 20 Dec 2012 17:18:00 -0500
Subject: [PATCH 165/228] Version 3.4.20 Moved readme back to root of repo so
 shows up on GitHub.

---
 info/readme.markdown => readme.markdown | 0
 1 file changed, 0 insertions(+), 0 deletions(-)
 rename info/readme.markdown => readme.markdown (100%)

diff --git a/info/readme.markdown b/readme.markdown
similarity index 100%
rename from info/readme.markdown
rename to readme.markdown

From b7e477ed0899ef51535d7141008fbcce7f5cc15f Mon Sep 17 00:00:00 2001
From: Self-Evident <selfevidenttruths@mail.com>
Date: Fri, 18 Jan 2013 23:21:00 -0500
Subject: [PATCH 166/228] Updated readme & minor wording changes to plugin init
 files.

---
 info/changelog.markdown   |   4 ++
 plugins/ckeditor_init.php |   9 ++--
 plugins/tinymce_init.php  |   9 ++--
 readme.markdown           | 108 +++++++++-----------------------------
 4 files changed, 39 insertions(+), 91 deletions(-)

diff --git a/info/changelog.markdown b/info/changelog.markdown
index 091a860..b768aea 100755
--- a/info/changelog.markdown
+++ b/info/changelog.markdown
@@ -1,5 +1,9 @@
 # OneFileCMS Change Log
 
+### (January 19, 2013)
+
+- Just some minor updates/wording changes to the readme & plugin/*.init files.
+
 ### v3.4.20 (December 19, 2012)
 
 - The $ACCESS_ROOT option has been reimplemented and is now fully functional\*.  This option limits access to a specified folder (and it's sub-folders).  To use, just specify a valid path relative to the root of the website (no leading slash).  
diff --git a/plugins/ckeditor_init.php b/plugins/ckeditor_init.php
index 3356cbc..ca3c27b 100755
--- a/plugins/ckeditor_init.php
+++ b/plugins/ckeditor_init.php
@@ -13,7 +13,7 @@
  3) From the github.com/Self-Evident/OneFileCMS repo, copy the file 
     "ckeditor_init.php" into the "plugins/" folder.
 
- 4) In the configuration section of OneFileCMS, add the following variable:
+ 4) In the configuration section of OneFileCMS, uncomment or add the following variable:
     $WYSIWYG_PLUGIN = 'plugins/ckeditor_init.php';  //Init settings for CKEditor (this file).
 
 	Path can be absolute to the filesystem, or relative to root of website.
@@ -22,11 +22,12 @@
     1) specify the source file of the actual plugin via a <script src= ...> tag.*
 	2) specify the id of the OneFileCMS textarea, "file_editor", in the CKEDITOR.replace() call
 	    
-	*Note: In this case, the plugin path is absolute, but still relative to the root of the website, 
-	and the leading forward slash is generally required. 
+	*Note: In the src attribute of the <script> tag, the plugin path is absolute,
+	       but relative to the root of the website, and the leading forward slash 
+		   is generally required. 
 	(This is in contrast to configuration values such as $WYSIWYG_PLUGIN.)
 
- 6) In OneFileCMS- open a file for editing, and click [Edit WYSIWIG].
+ 6) Reload OneFileCMS, open a file for editing, and click [Edit WYSIWIG].
 *****************************************************************************/?>
 
 <script type="text/javascript" src="/plugins/ckeditor/ckeditor.js"></script>
diff --git a/plugins/tinymce_init.php b/plugins/tinymce_init.php
index 7e50298..b744235 100755
--- a/plugins/tinymce_init.php
+++ b/plugins/tinymce_init.php
@@ -13,7 +13,7 @@
  3) From the github.com/Self-Evident/OneFileCMS repo, copy the file 
     "tinymce_init.php" into the "plugins/" folder.
 
- 4) In the configuration section of OneFileCMS, add the following variable:
+ 4) In the configuration section of OneFileCMS, uncomment or add the following variable:
     $WYSIWYG_PLUGIN = 'plugins/tinymce_init.php'; // Init settings for TinyMCE (this file).
 
 	Path can be absolute to the filesystem, or relative to root of website.
@@ -22,11 +22,12 @@
     - specify the source file of the actual plugin via a <script src= ...> tag.*
 
 
-	*Note: In this case, the plugin path is absolute, but still relative to the root of the website, 
-	and the leading forward slash is generally required. 
+	*Note: In the src attribute of the <script> tag, the plugin path is absolute,
+	       but relative to the root of the website, and the leading forward slash 
+		   is generally required. 
 	(This is in contrast to configuration values such as $WYSIWYG_PLUGIN.)
 
- 6) In OneFileCMS- open a file for editing, and click [Edit WYSIWIG].
+ 6) Reload OneFileCMS, open a file for editing, and click [Edit WYSIWIG].
 *****************************************************************************/?>
 
 <script type="text/javascript" src="/plugins/tinymce/jscripts/tiny_mce/tiny_mce.js"></script>
diff --git a/readme.markdown b/readme.markdown
index 578a021..5c42b05 100755
--- a/readme.markdown
+++ b/readme.markdown
@@ -1,71 +1,3 @@
-# OneFileCMS Readme
-
-## Recent changes
-
-### December 19, 2012 (v3.4.20)
-
-- The $ACCESS_ROOT option has been reimplemented and is now fully functional\*.  This option limits access to a specified folder (and it's sub-folders).  To use, just specify a valid path relative to the root of the website (no leading slash).  
-(*Well, as best as I can tell...)
-
-- All OneFileCMS configuration variables that reference external files ($CONFIG\_file, $LANGUAGE\_FILE, $WYSIWYG\_PLUGIN) must be specified in one of two ways:  
-	1. Relative to the root of the website - with NO leading slash:  "some/path/from/webroot/somefile.php"  
-	2. Absolute to the file system - WITH a leading slash:  "/some/path/from/system/root/somefile.php"  
-	(On Windows, the drive letter may also be used, but it is not required if all is on same drive.)
-
-### December 12, 2012 (v3.4.19)
-
-- Slightly adjusted how wysiwyg plugins are implemented - removed $WYSIWIG\_SOURCE config variable.  
- (It's value is now specified directly in the "init" file specified by $WYSIWYG\_PLUGIN.)
-
-- Two steps forward, one step back...  
-	Just for now - removed the $ACCESS_ROOT option.  I was coding in circles and getting no where while trying to reconcile various issues:  
-
-	- With OneFileCMS in any folder other than the web root,
-	- With OneFileCMS in a folder other than $ACCESS_ROOT  
-	- Depending on the above, can't delete the backup copy of OneFileCMS created by a p/w or u/n change).
-	- External file references (config, language, plugins) affected by the above.  
-	- Should $ACCESS_ROOT also restrict access to OneFileCMS itself?  That would prevent p/w & u/n changes.
-	- Display of the current/path/header/ varies depending on $ACESS_ROOT.
-	- Combining the above.
-	
-	A solution is in the works, but I'm going to take some time to make sure no new problems are introduced by the eventual fix. (hahaha...) It will probably end up being simple, but it's not yet...
-
-- Just a general note on security: due to the fundamental structure of OneFileCMS - primarily that it's one file, and that there is no seperate database for authentication - there are certain inherent security limitations that should be kept in mind:  
-	- The first is that all OneFileCMS users are "admins", with the ability to upload and edit files with any type of code.
-	- Next, as a direct consequence of the prior point, is that any restriction imposed by some potential feature, such as the $ACCESS_ROOT option that limited access to a specific folder, is only - at most - a guard against accidental access and modification of files outside of the "accessible" folder.   This is not to say that such features are not useful - this is simply meant to provide a realistic expectation of security, and that OneFileCMS should only be used with trusted users.
-
-### December 03, 2012 (v3.4.18)
-
-Of course, everything comes with a price (exacerbated by my apparent lack of testing...)
-
-- Anyway, the current release partly fixes an issue when trying to use a wysiwyg editor with onefilecms.php installed in a sub-folder of a site.  The issue is - it didn't work.  Now it does - mostly. However, there is still an issue using wysiwyg editors if the $ACCESS_ROOT variable is set to anything but blank (root).
-
-### December 02, 2012
-
--  Just a note: there is an issue using a wysiwyg editor when onefilecm.php is in a sub-folder, or related to using the $ACCESS_ROOT option (restricting onefilecms access to a folder).  WYSIWYG seems to otherwise work fine when onefilecms.php is in the root folder of a site.
-
-### November 29, 2012 (v3.4.17)
-
-- WYSIWYG is here!  
-Due to popular demand (ie: it has been requested more than once), WYSYWIG editors can now be "plugged in" and used with OneFileCMS.  Currently, only [TinyMCE](http://tinymce.moxiecode.com/) and [CKEditor](http://ckeditor.com/) have been tested (and on a very limited scale). Others may work - but I don't know yet.  And, naturally, the use or inclusion of such editors is completely optional, of course.
-
-	**No actual WYSIWYG editors are included with OneFileCMS** - any desired editor must be obtained seperately.
-
-	A brief how-to on using either editor can be found in their respective sample "init" files included in the plugins folder of the OneFileCMS repo. Any suitable init file for a given editor may be used, as long as the correct path to the editor's javascript source file is specified, and - for CKEditor - the id of the OneFileCMS textarea, "file_editor", is also be specified. 
-
-	Now, while everything seems to work, I have little to no experience using TinyMCE, CKEditor, or any other such application. So, if there is something missing or not working as expected, please let me know (open an "issue" on the Issues page).
-
-	Notes:  
-
-	- These editors have their own, extensive, event controls (responses to keyboard & mouse input), so the OneFileCMS edit page event scripts are not loaded when an editor is in use.  The primary effect is the loss of incidental file status indicators - [Save] will not change to [SAVE CHANGES!], background color will not change, etc., and any "unsaved changes" alerts should be handled by the active editor.  Also, the [Wide View] button will be unavailable.  
-  
-	- The TinyMCE "init" file included in the OneFileCMS repo specifies the use of the TinyMCE "fullpage" plugin, which produces an "unsaved changes" alert every time you exit the Edit page - even if no changes have been made to the file in the editor.  
-
-	- The CKEditor, on the other hand, does not seem to present an alert at all when you leave the editor page - even with unsaved changes.  
-
-
---------------------------------------------------------------------------------
-
 # OneFileCMS
 
 ## Yes, that's exactly what it is!
@@ -79,17 +11,12 @@ Edit screen:
 
 OneFileCMS is just that: It's a flat, light, one file CMS (Content Management System) contained entirely in an easy-to-implement database-less PHP script.
 
-Coupling a utilitarian code editor with basic file managing functions, OneFileCMS can maintain an entire website completely in-browser without any external programs.
-
-## What it is not:
-
-- OneFileCMS would not be the best option for a site that requires different levels of privileges, unless all of the users are trusted to stay within their designated areas of responsibility. Since OneFileCMS allows file uploads and editing files directly on the web server, there is simply no way to secure against any particular action.
-
-	These issues are not unique to OneFileCMS - they will exist in any CMS that permits unrestricted file uploads & editing.
+Coupling a utilitarian code editor with basic upload and file managing functions, OneFileCMS can maintain an entire website completely in-browser without any external programs.
 
 ## Demo
 
-- Just download & try the current stable version - it's one file!
+- Just download & try the [current version](https://raw.github.com/Self-Evident/OneFileCMS/master/onefilecms.php) - it's one file!  
+  
 
 ## Features
  
@@ -105,11 +32,13 @@ Coupling a utilitarian code editor with basic file managing functions, OneFileCM
 
 ## Installation
 
-1) **Download** the current version from the Download page.  
+1) **Download** the [current version](https://raw.github.com/Self-Evident/OneFileCMS/master/onefilecms.php).  
 
 2) **Upload** to anywhere on your site.  
   
-3) **Log in** to OneFileCMS with the default "username" and "password", and set your own username and password!  
+3) **Log in** to OneFileCMS with the default "username" and "password".
+
+4) **Change the password**!
 
 As with any CMS, you may also have to modify the file permissions of your site's folders to allow OneFileCMS to modify and create files.  Check with your host if you're not sure, and be aware of any inherent security concerns.  
 
@@ -125,9 +54,6 @@ Yes, of course!
 
 I may not have the time/bandwidth/inclination to implement every feature, but I 'll do what I can. If you find a bug, please file a report on the issues page.
 
-### This is basically just a file manager with a text editor- why is it being called a CMS?
-
-Well, because "OneFileCMS" sounds way cooler (relatively speaking) than "OneFileFileManagerwithTextEditor".
 
 ### Multi-Language Support?
 
@@ -144,7 +70,23 @@ If you speak another language and would like to contribute, translations are wel
 
 Yes!  Well, sort of - indirectly.  Upload or create addional copies of OneFileCMS, but give them different file names.(ex: OneFile1.php and OneFile2.php etc...)  Then, in each copy, maintain different usernames, passwords, and $session_name config values.  
   
-Now, since there is no database or other means of granular control or access logging, multiple usernames may be kind of pointless.  However, having at least one working backup copy of OneFileCMS available is recommended in case the primary copy gets corrupted.
+Now, since there is no database or other means of granular control or access logging, multiple usernames may be kind of superfluous.  However, having at least one working backup copy of OneFileCMS available is recommended in case the primary copy gets corrupted.
+
+### This is basically just a file manager with a text editor- why is it being called a CMS?
+
+Well, because "OneFileCMS" sounds way cooler (relatively speaking) than "OneFileFileManagerwithTextEditor".
+
+### Where's the WYSISWYG?
+
+OneFileCMS can be configured to work with [TinyMCE](http://tinymce.moxiecode.com) or [CKEditor](http://ckeditor.com) (and possibly others), but the editors themselves must be obtained from their respective sites.  For basic setup instructions, read the appropriate "init" file from the plugin/ directory in the OneFileCMS repo.  
+
+
+
+### What it is not?
+
+- OneFileCMS would not be the best option for a site that requires different levels of privileges, unless all of the users are trusted to stay within their designated areas of responsibility. Since OneFileCMS allows file uploads and editing files directly on the web server, there is simply no way to secure against any particular action.
+
+	These issues, of course, are not unique to OneFileCMS - as they will exist in any CMS that permits unrestricted file editing & uploads.
 
 --------------------------------------------------------------------------------
 
@@ -173,7 +115,7 @@ Now, since there is no database or other means of granular control or access log
 - With Chrome, and possibly Safari, issue with Edit page: Clicking browser [back] & then browser [forward],  with file changed and not saved. On return (after [forward] clicked), file still has changes, but indicators are green (saved/unchanged). Does not affect FF 7+ or IE 8+.
 - Issue with Chrome's XSS filter: Editing some legitimate files with OneFileCMS will trigger the filter and disable much of the javascript provided functionallity, but only while on the edit page with such a file, and only after a [Save].
 - The connection is not encrypted (doesn't use SSL), so passwords & usernames are sent in clear text* during login.  However, this is true of most online login systems, unless SSL or the like is employed.  
-  *As of version 3.4.15, a client-side hash of the user's "plain-text" password is sent to the server.  So, while this client-side hash is still a "plain-text" password as far as the server is concerned, the user's raw password is now protected from immediate exposure.
+  *As of version 3.4.15, a client-side hash of the user's "plain-text" password is sent to the server.  So, while this client-side hash is still a "plain-text" password as far as the server is concerned, the user's raw password is protected from immediate exposure.
 - Be aware that only some very basic data & error checking is performed.  (But, it's getting better...)  
 - Anything else?
 

From c2b44319fd6efa3fd7d5b1b026f1c5a5d338f8f6 Mon Sep 17 00:00:00 2001
From: Self-Evident <selfevidenttruths@mail.com>
Date: Sat, 8 Feb 2014 11:37:06 -0500
Subject: [PATCH 167/228] Version 3.4.21

Added back option for external style sheets:
  Added $CSS_FILE config variable.
  Added function Load_style_sheet()
System_Setup(): trim spaces from $excluded_list values.
Table_of_Files(): $excluded_list can now also excludes folders, not just files.
  (Folders had been explicitly un-excluded, but I don't remember why.)
[Edit HTML] button now reads [Edit SOURCE]
Page_Title(): added option for ($page == "copyfolder")
In Output page contents section, adjusted call to load style sheet.
Tweaked a couple css defaults
---
 info/OneFileCMS.config.SAMPLE.php |  11 +-
 info/changelog.markdown           |   9 +
 onefilecms.php                    |  52 ++--
 readme.markdown                   |   1 +
 stylesheets/OneFileCMS.css        | 393 ++++++++++++++++++++++++++++++
 5 files changed, 444 insertions(+), 22 deletions(-)
 create mode 100755 stylesheets/OneFileCMS.css

diff --git a/info/OneFileCMS.config.SAMPLE.php b/info/OneFileCMS.config.SAMPLE.php
index 311b9e2..c180945 100755
--- a/info/OneFileCMS.config.SAMPLE.php
+++ b/info/OneFileCMS.config.SAMPLE.php
@@ -1,10 +1,9 @@
 <?php 
 // OneFileCMS - github.com/Self-Evident/OneFileCMS
-// v3.4.20
+// v3.4.21
 // Sample external config file - this file is OPTIONAL.
 //
-// Basically, what follows is just a copy & paste of the OneFileCMS CONFIGURABLE INFO,
-// except $config_file is not included.
+// Basically, what follows is just a copy & paste of the OneFileCMS CONFIGURABLE INFO.
 
 // CONFIGURABLE INFO ***********************************************************
 $config_title = "OneFileCMS";
@@ -55,6 +54,10 @@
 //$ACCESS_ROOT = 'some/path/';
 
 
+//URL of optional external style sheet.  Used as href in <link ...>
+//If file is not found, or is incomplete, the built-in defaults will be used.
+//$CSS_FILE = 'OneFileCMS.css';
+
 //Notes for $LANGUAGE_FILE, $WYSIWYG_PLUGIN, and $CONFIG_FILE:
 //
 // Filename paths can be:
@@ -71,5 +74,5 @@
 
 //Name of optional external config file.  Any settings it contains will supersede those above.
 //See the sample file in the OneFileCMS github repo for format example.
-//$CONFIG_FILE = 'OFCMS_config.SAMPLE.php';
+//$CONFIG_FILE = 'OneFileCMS.config.SAMPLE.php';
 //end CONFIGURABLE INFO ********************************************************
diff --git a/info/changelog.markdown b/info/changelog.markdown
index b768aea..aecea93 100755
--- a/info/changelog.markdown
+++ b/info/changelog.markdown
@@ -1,5 +1,14 @@
 # OneFileCMS Change Log
 
+### v3.4.21 (February 8, 2014)
+
+- Added back the option for external style sheets
+- Cooresponding updates to sample external config file.
+- In addition to specific file names, specific folder names may not be excluded from directory listings.
+- Fixed minor missing page title on Copy Folder page
+- Tweaked a couple css defaults
+
+
 ### (January 19, 2013)
 
 - Just some minor updates/wording changes to the readme & plugin/*.init files.
diff --git a/onefilecms.php b/onefilecms.php
index 649f0f0..4171df9 100755
--- a/onefilecms.php
+++ b/onefilecms.php
@@ -1,7 +1,7 @@
 <?php 
 // OneFileCMS - github.com/Self-Evident/OneFileCMS
 
-$OFCMS_version = '3.4.20';
+$OFCMS_version = '3.4.21';
 
 /*******************************************************************************
 Except where noted otherwise:
@@ -62,14 +62,11 @@
 
 
 //Some basic security & error log settings**************************************
-$ER = 0;  $DE = 'off';   //Default to  no error_reporting and no display_errors.
-$ER = E_ALL & ~E_STRICT; $DE = 'on';  //For trouble-shooting. //##### 
-
 ob_start(); //Catch any early output. Closed prior to page output.
 ini_set('session.use_trans_sid', 0);    //make sure URL supplied SESSID's are not used
 ini_set('session.use_only_cookies', 1); //make sure URL supplied SESSID's are not used
-error_reporting($ER); //0 for none, or (E_ALL &~ E_STRICT) for trouble-shooting.
-ini_set('display_errors', $DE);
+error_reporting(E_ALL & ~E_STRICT);  //(E_ALL &~ E_STRICT) for everything, 0 for none.
+ini_set('display_errors', 'on');
 ini_set('log_errors'    , 'off');
 ini_set('error_log'     , $_SERVER['SCRIPT_FILENAME'].'.ERROR.log');
 //Determine good folder for session file? Default is tmp/, which is not secure, but it may not be a serious concern.
@@ -128,6 +125,10 @@
 //$ACCESS_ROOT = 'some/path/';
 
 
+//URL of optional external style sheet.  Used as href in <link ...>
+//If file is not found, or is incomplete, the built-in defaults will be used.
+//$CSS_FILE = 'OneFileCMS.css';
+
 //Notes for $LANGUAGE_FILE, $WYSIWYG_PLUGIN, and $CONFIG_FILE:
 //
 // Filename paths can be:
@@ -252,7 +253,7 @@ function System_Setup() { //****************************************************
 $VALID_PAGES = array("login","logout","admin","hash","changepw","changeun","index","edit","upload","uploaded","newfile","renamefile","copyfile","deletefile","deletefolder","newfolder","renamefolder","copyfolder","mcdaction", "phpinfo");
 
 //Make arrays out of a few $config_variables for actual use later.
-//First, remove spaces and make lowercase.
+//First, remove spaces and make lowercase (for *types).
 $SHOWALLFILES = $stypes = false;
   if ($config_stypes == '*') { $SHOWALLFILES = true; }
   else { $stypes   = explode(',', strtolower(str_replace(' ', '', $config_stypes))); }//shown file types
@@ -260,7 +261,7 @@ function System_Setup() { //****************************************************
 $itypes   = explode(',', strtolower(str_replace(' ', '', $config_itypes))); //images types to display
 $ftypes   = explode(',', strtolower(str_replace(' ', '', $config_ftypes))); //file types with icons
 $fclasses = explode(',', strtolower(str_replace(' ', '', $config_fclass))); //for file types with icons
-$excluded_list = (explode(",", $config_excluded));
+$excluded_list = explode(',', str_replace(' ', '', $config_excluded));
 
 //Used in hashit() and js_hash_scripts().  IE<9 is WAY slow, so keep it low.
 //For 200 iterations: (time on IE8) > (37 x time on FF). And the difference grows with the iterations.
@@ -309,7 +310,7 @@ function Default_Language() { // ***********************************************
 $_['HTML']    = 'HTML';
 $_['WYSIWYG'] = 'WYSIWYG';
 $_['Admin']   = 'Admin';
-$_['bytes']   = 'bytes';  
+$_['bytes']   = 'bytes';
 $_['Cancel']  = 'Cancel';
 $_['Close']   = 'Close';
 $_['Copy']    = 'Copy';
@@ -1750,7 +1751,7 @@ function Table_of_Files($full_list) { //****************************************
 		$IS_OFCMS = false;
 		if ( $ipath.$file == trim($_SERVER['SCRIPT_NAME'], '/') ) { $IS_OFCMS = true;  }
 		
-		if ( ($SHOWTYPE && !$excluded) || is_dir($ipath.$file) ) {
+		if ( $SHOWTYPE && !$excluded ) {
 			$HREF_params = $ONESCRIPT.$param1;
 			
 			//Set icon type based on if dir, or file type ($ext).
@@ -2524,6 +2525,7 @@ function Page_Title(){ //***<title>Page_Title()</title>*************************
 	elseif ($page == "upload")       { return $_['Upload_File'];   }
 	elseif ($page == "newfile")      { return $_['New_File'];      }
 	elseif ($page == "copyfile" )    { return $_['Copy_Files'];    }
+	elseif ($page == "copyfolder" )  { return $_['Copy_Files'];    }
 	elseif ($page == "renamefile")   { return $_['Ren_Move'].' '.$_['File'];}
 	elseif ($page == "deletefile")   { return $_['Del_Files'];     }
 	elseif ($page == "deletefolder") { return $_['Del_Files'];     }
@@ -3067,7 +3069,7 @@ function style_sheet(){ //******************************************************
 
 /* --- general formatting --- */
 
-body { font-size: 1em; background: #DDD; font-family: sans-serif; }
+body { font-size: 1em; background: #E8E8E8; font-family: sans-serif; }
 
 p, table, ol { margin-bottom: .6em;}
 
@@ -3237,8 +3239,8 @@ function style_sheet(){ //******************************************************
 
 #select_all_label { 
 	display: inline-block;
-	font   : 400 .9em arial;
-	width  : 71px;
+	font   : 400 .84em arial;
+	width  : 72px;
 	padding: 2px 0 0 2px;
 	color  : #333;
 	}
@@ -3480,7 +3482,7 @@ function Language_and_config_adjusted_styles() { //*****************************
 	}
 	
 #select_all_label { font-size: <?php echo $_['select_all_label_size']?>; } /*Default .84em */
-#select_all_label { width: <?php echo $_['select_all_label_width']?>; }    /*Default 71px  */
+#select_all_label { width: <?php echo $_['select_all_label_width']?>; }    /*Default 72px  */
 </style>
 <?php
 }//end Language_and_config_adjusted_styles() //*********************************
@@ -3488,6 +3490,22 @@ function Language_and_config_adjusted_styles() { //*****************************
 
 
 
+function Load_style_sheet(){ //*************************************************
+	global $CSS_FILE;
+
+	style_sheet(); //first load built-in defaults
+
+	if ( isset($CSS_FILE) ) { //Check for external file
+		echo '<link rel="stylesheet" type="text/css" href="'.$CSS_FILE.'">';
+	}
+
+	Language_and_config_adjusted_styles();
+
+}//end Load_style_sheet() //****************************************************
+
+
+
+
 //******************************************************************************
 //Main logic to determine page action
 //******************************************************************************
@@ -3509,7 +3527,7 @@ function Language_and_config_adjusted_styles() { //*****************************
 
 if ($_SESSION['valid']) {
 
-	//Set current $EDIT_MODE & text for Edit page [Edit WYSIWIG/HTML] button
+	//Set current $EDIT_MODE & text for Edit page [Edit WYSIWIG/Source] button
 	if ( $WYSIWYG_VALID && isset($_COOKIE['edit_mode']) && ($_COOKIE['edit_mode'] == '1')) {
 		   $EDIT_MODE = '1'; $ON_OFF_label = $_['Source']; }
 	else { $EDIT_MODE = '0'; $ON_OFF_label = $_['WYSIWYG']; }
@@ -3568,9 +3586,7 @@ function Language_and_config_adjusted_styles() { //*****************************
 <?php
 echo '<title>'.hsc($config_title.' - '.Page_Title()).'</title>'."\n";
 
-style_sheet();
-
-Language_and_config_adjusted_styles();
+Load_style_sheet();
 
 common_scripts();
 
diff --git a/readme.markdown b/readme.markdown
index 5c42b05..a35e5f0 100755
--- a/readme.markdown
+++ b/readme.markdown
@@ -1,4 +1,5 @@
 # OneFileCMS
+(Last update: 2014-02-08)
 
 ## Yes, that's exactly what it is!
 
diff --git a/stylesheets/OneFileCMS.css b/stylesheets/OneFileCMS.css
new file mode 100755
index 0000000..d7749c3
--- /dev/null
+++ b/stylesheets/OneFileCMS.css
@@ -0,0 +1,393 @@
+/*******************************************************************************
+Sample, OPTIONAL, external style sheet for OneFileCMS
+*******************************************************************************/
+
+/* --- reset --- */
+* { border : 0; outline: 0; margin: 0; padding: 0;
+    font-family: inherit; font-weight: inherit; font-style : inherit;
+    font-size  : 100%; vertical-align: baseline; }
+
+
+/* --- general formatting --- */
+
+body { font-size: 1em; background: #DDF; font-family: sans-serif; }
+
+p, table, ol { margin-bottom: .6em;}
+
+h1,h2,h3,h4,h5,h6 { font-weight: bold; }
+h2, h3 { font-size: 1.2em; margin: .4em 0 .4em 0; } /*TRBL*/
+
+li { margin-left: 2em }
+
+i, em     { font-style : italic; }
+b, strong { font-weight: bold;   }
+
+:focus { outline:0; }
+
+table { border-collapse:separate; border-spacing:0; }
+th,td { text-align:left; font-weight:400; }
+
+label { font-size : 1em; font-weight: bold; }
+
+pre {
+	background: white;
+	border    : 1px solid #807568;
+	padding   : .2em;
+	margin    : 0;
+	}
+
+input[type="text"]     { width: 100%; border: 1px solid #807568; padding: 1px 1px 1px 0; font : 1em Courier; }
+input[type="password"] { width: 100%; border: 1px solid #807568; padding: 0   1px 0   0; }
+input[type="file"]     { width: 100%; border: 1px solid #807568; background-color: white; }
+
+input[readonly]        { color: #333; background-color: #EEE; }
+input[disabled]        { color: #555; background-color: #EEE; }
+
+input:focus  { background-color: rgb(255,250,150); }
+input:hover  { background-color: rgb(255,250,150); }
+
+button:focus  { background-color: rgb(255,250,150); }
+button:hover  { background-color: rgb(255,250,150); }
+button:active { background-color: rgb(245,245,50);  }
+
+/* --- layout --- */
+
+.container {
+	border : 0px solid #807568;
+	width  : 810px;     /*Adjusted by $MAIN_WIDTH config variable*/
+	margin : 0 auto 2em auto;
+	}
+
+
+#header {
+	border-bottom : 1px solid #807568;
+	padding: 04px 0px 01px 0px;
+	margin : 0 0 .5em 0;
+	}
+
+
+#logo {
+	font-family: 'Trebuchet MS', sans-serif;
+	font-size:2em;
+	font-weight: bold;
+	color: black;
+	padding: .1em;
+	}
+
+
+.h2_filename {
+	border: 1px solid #807568;
+	padding: .1em .2em .1em .2em;
+	font-weight: 700;
+	font-family: courier;
+	background-color: #EEE;
+	}
+
+
+#message_box { border: none; margin: 0 0 .4em 0; padding: 0; }
+
+#message_box_contents { border: 1px solid gray; padding: 4px; background: #FFF000; }
+
+#message_box #message_left {
+	float  : left;
+	margin : 0;
+	padding: 0;
+	border : none;
+	font-weight : 900;
+	}
+
+#message_box  #X_box {
+	display: block;
+	float  : right;
+	margin : 0;
+	padding: 0 2px 0 3px;
+	border : 1px solid gray;
+	font   : 16pt courier;
+	line-height: 18px;
+	background : #EEE;
+	}
+
+#message_box  #X_box:hover  {background-color: rgb(255,250,150);}
+#message_box  #X_box:focus  {background-color: rgb(255,250,150);}
+#message_box  #X_box:active {background-color: rgb(245,245,50); }
+
+.filename { font-family: courier; }
+
+/* --- INDEX directory listing, table format --- */
+table.index_T {
+	min-width: 30em;
+	font-size: .95em;
+	border         : 1px solid #807568;
+	border-collapse: collapse;
+	margin-bottom: .7em;
+	background-color: #FFF;
+	}
+
+table.index_T tr:hover {border: 1px solid #777; background-color: #EEE}
+
+table.index_T td { border : 1px inset silver; vertical-align: middle;}
+
+.index_T td a {
+	display  : block;
+	border   : none;
+	padding  : 2px 4px 2px 4px;
+	overflow : hidden;
+	}
+
+
+.file_name { min-width: 10em; }
+.file_size { min-width:  6em; }
+.file_time { min-width: 15em; }
+
+.meta_T {
+	padding-right : .5em;
+	text-align    : right;
+	font-family   : courier;
+    font-size     : .9em;
+	color         : #333;
+	}
+
+
+/*Index table file select boxes*/
+.ckbox {padding: 2px 4px 0 4px}
+.ckbox:focus { background-color: rgb(255,250,150); }
+.ckbox:hover { background-color: rgb(255,250,150); }
+
+
+#index_page_buttons     { margin: 0 0 .5em 0; }
+#index_page_buttons div { display: inline-block; vertical-align: bottom; }
+
+
+/*** front_links:  [New File] [New Folder] [Upload File] ***/
+.front_links { float: right; }
+ 
+.front_links a {
+	display: inline-block;
+	margin-top  : .2em;
+	border      : 1px solid #807568;
+	font-size   : 1em;  /*Adjusted by langauge files*/
+	margin-left : 1em;  /*Adjusted by langauge files*/
+	padding     : 3px 5px 2px 4px; /*TRBL*/
+	background-color: #EEE;
+	}
+
+a { border: 1px solid transparent; color: rgb(100,45,0); text-decoration: none; }
+a:focus  { border: 1px solid #807568; background-color: rgb(255,250,150); }
+a:hover  { border: 1px solid #807568; background-color: rgb(255,250,150); }
+a:active { border: 1px solid #807568; background-color: rgb(245,245,50);  }
+
+/*** Select All [x]  [Move] [Copy] [Delete] ***/
+
+#select_all_label { 
+	display: inline-block;
+	font   : 400 .84em arial;
+	width  : 72px;
+	padding: 2px 0 0 2px;
+	color  : #333;
+	}
+
+#mcd_submit button {
+	height   : 1.55em;
+	cursor   : pointer;
+	border   : 1px solid #807568;
+	padding  : 0px 4px 0px 3px;
+	margin-top : .5em;   /* Helps align bottoms with New & Upload buttons */
+	margin-left: 1.0em;     /*Adjusted by langauge files*/
+	font-size: .9em;
+	color    : rgb(100,45,0);
+	background-color: #EEE;
+	}
+
+#mcd_submit button:focus  { background-color: rgb(255,250,150); }
+#mcd_submit button:hover  { background-color: rgb(255,250,150); }
+#mcd_submit button:active { background-color: rgb(245,245,50); }
+
+.buttons_right         { float: right; }
+.buttons_right .button { margin-left: .5em; }
+
+.button {
+	cursor : pointer;
+	border : 1px solid #807568;
+	color  : black;
+	padding    : 4px 10px; /*Adjusted by langauge files*/
+	font-size  : .9em;     /*Adjusted by langauge files*/
+	font-family: sans-serif;
+	background-color: #EEE;  /*#d4d4d4*/
+	}
+
+.button:active    { background-color: rgb(245,245,50); }                  /*first                 */
+.button[disabled] { color: #777; background-color: #EEE; cursor: default} /*second - order matters*/
+
+
+/* --- header --- */
+
+.nav {
+	float     : right;
+	display   : inline-block;
+	margin-top: 1.35em;
+	font-size : 1em;
+	}
+
+.nav a {
+	border: 1px solid transparent;
+	font-weight : bold;
+	padding     : .0em;
+	padding-top   : .2em;
+	padding-left  : .6em;
+	padding-right : .6em;
+	padding-bottom: .1em;
+	}
+
+.nav a:hover  { border: 1px solid #807568; }
+.nav a:focus  { border: 1px solid #807568; }
+.nav a:active { border: 1px solid #807568; }
+
+
+/* --- edit --- */
+
+#edit_header  {margin: 0;}
+
+#edit_form    {margin: 0;}
+
+.edit_disabled {
+	border : 1px solid #807568;
+	width  : 99%;
+	padding: .2em;
+	margin : .5em 0 .6em 0;
+	color  : #333;
+	background-color: #FFF000;
+	line-height: 1.4em;
+	}
+
+.view_file { font: .9em Courier; background-color: #F8F8F8; overflow:hidden}
+
+#file_editor {
+	border: 1px solid #999;
+	font  : .9em Courier;
+	margin: 0 0 .7em 0;
+	width : 99.8%;
+	height: 32em;
+	}
+
+#file_editor:focus { border: 1px solid #Fdd; }
+
+.file_meta	{ float: left; margin-top: .6em; font-size: .95em; color: #222; }
+
+#edit_notes { font-size: .8em; color: #333 ;margin-top: 1em; clear:both; }
+
+.notes      { margin-bottom: .4em; }
+
+
+/* --- log in --- */
+
+.login_page {
+	border  : 1px solid #807568;
+	width   : 370px;
+	margin  : 5em auto;
+	padding : .5em 1.2em .1em 1em;
+	}
+
+.login_page .nav { margin-top: .5em; }
+
+.login_page input {margin: 0 0 .7em 0;}
+
+
+hr { /*-- -- -- -- -- -- --*/
+	line-height  : 0;
+	Xfont-size    : 1px;
+	display : block;
+	position: relative;
+	padding : 0;
+	margin  : .6em auto;
+	width   : 100%;
+	clear   : both;
+	border  : none;
+	border-top   : 1px solid #807568;
+	Xborder-bottom: 1px solid #eee;
+	overflow: visible;
+	}
+
+
+.verify {
+	min-width       : 50%; 
+	font            : 1em Courier;
+	border          : 1px solid gray;
+	border-collapse : collapse;
+	background-color: white;
+	}
+
+.verify th {
+	border          : 1px solid gray;
+	padding         : 0 1em 0 1em;
+	text-align      : center;
+	font-weight     : 900;
+	font-family     : arial;
+	background-color: #EEE;
+	}
+
+.verify td {
+	border : 1px inset silver;
+	padding: .1em 1em .1em .5em;
+	vertical-align: middle;
+	}
+
+.verify_del {
+	font  : 1em Courier;
+	border: 1px solid #F00;
+	padding: .2em .4em;
+	color  : #222;
+	background-color: #FDD;
+	}
+
+.verify_del td { border: 1px solid #F44; }
+
+
+#admin {padding: .3em;}
+
+.admin_buttons .button {margin-right: .5em;}
+
+.clear {clear:both; padding: 0; margin: 0; border: none}
+
+.web_root { border: 0px solid  #807568; border-right: none; font: 1em Courier; padding: 1px; }
+
+.icon {float: left;}
+
+.mono {font-family: courier;}
+
+.info {margin: .7em 0 .5em 0; background: #f9f9f9; padding: .2em .5em;}
+
+.path {padding: 1px 5px 1px 5px} /*TRBL*/
+
+.timer {border: 1px solid gray; padding: 3px .5em 4px .5em;}
+
+.timeout {float:right; font-size: .95em; color: #333;}
+
+.edit_btns_top {margin: .2em 0 .5em 0;}
+
+.image_info {
+	color: #222;
+	font-size: 1em ; /*Adjusted by langauge files*/
+	margin: .7em 0 1em 0;
+	}
+
+.edit_btns_bottom {float: right;}
+.edit_btns_bottom .button { margin-left: .7em; } /*Adjusted by langauge files*/
+.edit_btns_bottom .RCD { padding-left: 5px; padding-right: 6px; }
+.edit_btns_bottom svg  { padding : 0 4px 0 0; }
+
+input[type="text"].new_name {width  : 50%; margin-bottom: .2em;}
+
+.old_backup_T {float: left; margin-bottom: .3em;}
+
+#del_backup   {float: left; margin-left  :  1em; padding: 2px 5px}
+
+/*** For old IE only: text "icons" for Rename, Copy, and Delete ***/
+.RCD1  {font: 900 7pt arial; padding: 0px 3px 0px 3px; margin: 0px; float: left}
+.R    {color: #00a;    border: 1px solid #804000}
+.C    {color: #006400; border: 1px solid #008400}
+.D    {color: #b00;    border: 1px solid #b00}
+
+.action   {display: inline-block}
+.ren_over {display: inline-block}
+.ren_over input {margin: 0 0 0 2em}
+.ren_over label {font-weight: normal}

From 9553c8eee1d9ad1b8a4369d0b871d5d4639f6a0f Mon Sep 17 00:00:00 2001
From: Self-Evident <selfevidenttruths@mail.com>
Date: Sat, 8 Feb 2014 14:20:00 -0500
Subject: [PATCH 168/228] Version 3.4.21 trivial tweak to readme - moved
 datestamp to top

---
 readme.markdown | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/readme.markdown b/readme.markdown
index a35e5f0..2804905 100755
--- a/readme.markdown
+++ b/readme.markdown
@@ -1,5 +1,5 @@
-# OneFileCMS
 (Last update: 2014-02-08)
+# OneFileCMS
 
 ## Yes, that's exactly what it is!
 

From 75ebbe745f806fd1b2900b7fd566de3790b4bb7a Mon Sep 17 00:00:00 2001
From: Self-Evident <selfevidenttruths@mail.com>
Date: Mon, 10 Feb 2014 21:40:00 -0500
Subject: [PATCH 169/228] Mostly changes to prep for sort by column (name,
 size, or date) feature.

Moved 'Select All [x]' from Index_Page() to Table_of_Files(), to table header.
Associated style changes for #mcd_submit
hte(): now returns raw input if htmlspecialenities returns null.
New Language keys:
  $_['MCD_margin_R'] = '1.0em'; //For [Move] [Copy] [Delete] buttons
  $_['Name'] = 'Name';
  $_['Size'] = 'Size';
  $_['Date'] = 'Date';
  $_['Source'] = 'Source';  (added in 3.4.21)
In ES langauge file: $_['Clear_All'] = 'Limpiar Todos';
New js function: format_number(number)  : 1234567 to 1,234,567
---
 info/OneFileCMS_structure.txt    |  1 +
 info/changelog.markdown          |  6 +-
 languages/OneFileCMS.LANG.DE.php | 20 ++++---
 languages/OneFileCMS.LANG.EN.php | 15 +++--
 languages/OneFileCMS.LANG.ES.php | 28 +++++----
 languages/OneFileCMS.LANG.NL.php | 38 ++++++------
 languages/OneFileCMS.LANG.RU.php | 24 +++++---
 onefilecms.php                   | 99 +++++++++++++++++++++++---------
 readme.markdown                  |  2 +-
 9 files changed, 157 insertions(+), 76 deletions(-)

diff --git a/info/OneFileCMS_structure.txt b/info/OneFileCMS_structure.txt
index cb55066..94aecd3 100755
--- a/info/OneFileCMS_structure.txt
+++ b/info/OneFileCMS_structure.txt
@@ -87,6 +87,7 @@ JAVASCRIPT FUNCTIONS:
 		pad()
 		trim()
 		FormatTime()
+		format_number()
 		Countdown()
 		Start_Countdown()
 		FileTimeStamp()
diff --git a/info/changelog.markdown b/info/changelog.markdown
index aecea93..3c1a35f 100755
--- a/info/changelog.markdown
+++ b/info/changelog.markdown
@@ -1,10 +1,14 @@
 # OneFileCMS Change Log
 
+### v3.4.22 (February 10, 2014)
+
+- Mostly some changes to prep for sort by column (name, size, or date) feature.
+
 ### v3.4.21 (February 8, 2014)
 
 - Added back the option for external style sheets
 - Cooresponding updates to sample external config file.
-- In addition to specific file names, specific folder names may not be excluded from directory listings.
+- In addition to specific file names, specific folder names may now be excluded from directory listings.
 - Fixed minor missing page title on Copy Folder page
 - Tweaked a couple css defaults
 
diff --git a/languages/OneFileCMS.LANG.DE.php b/languages/OneFileCMS.LANG.DE.php
index 65900fb..bb7b21b 100755
--- a/languages/OneFileCMS.LANG.DE.php
+++ b/languages/OneFileCMS.LANG.DE.php
@@ -1,5 +1,5 @@
 <?php
-// OneFileCMS Language Settings v3.4.18
+// OneFileCMS Language Settings v3.4.22
 
 $_['LANGUAGE'] = 'Deutsch';
 $_['LANG'] = 'DE';
@@ -18,6 +18,7 @@
 // So, a smaller font or less spacing may be desirable in those places to preserve page layout.
 $_['front_links_font_size']  = '0.9em';   //Buttons on Index page.
 $_['front_links_margin_L']   = '0.3em';
+$_['MCD_margin_R']           = '1.0em';   //[Move] [Copy] [Delete] buttons
 $_['button_font_size']       = '0.8em';   //Buttons on Edit page.
 $_['button_margin_L']        = '0.7em';
 $_['button_padding']         = '4px 2px';
@@ -26,16 +27,17 @@
 $_['select_all_label_size']  = '.84em';   //Font size of $_['Select_All']
 $_['select_all_label_width'] = '76px';    //Width of space for $_['Select_All']
 
-$_['HTML']    = 'HTML';    //## NT ##
+$_['HTML']    = 'HTML';
 $_['WYSIWYG'] = 'WYSIWYG'; //## NT ##
 
 $_['Admin']   = 'Konfiguration';
-$_['bytes']   = 'bytes';
+$_['bytes']   = 'bytes';   //## NT ##
 $_['Cancel']  = 'Abbrechen';
 $_['Close']   = 'Schließen';
 $_['Copy']    = 'Erstellen';
 $_['Copied']  = 'Kopieren';
 $_['Create']  = 'Kopiert';
+$_['Date']    = 'Date';    //## NT ##
 $_['Delete']  = 'Löschen';
 $_['DELETE']  = 'LÖSCHEN';
 $_['Deleted'] = 'Gelöschte';
@@ -49,19 +51,21 @@
 $_['Hash']    = 'Streuwert';
 $_['Move']    = 'Verschieben';
 $_['Moved']   = 'Verschoben';
+$_['Name']    = 'Name';    //## NT ##
 $_['on']      = 'läuft unter';
 
 $_['Password']   = 'Passwort';
 $_['Rename']     = 'Umbenennen';
+$_['Size']       = 'Size'; //## NT ##
 $_['Source']     = 'Source'; //## NT ##
 $_['successful'] = 'Erfolgreich';
 $_['To']         = 'Auf';
 $_['Upload']     = 'Heraufladen';
 $_['Username']   = 'Benutzername';
-$_['Working']    = 'Working - please wait...'; //## NT ##
-$_['Log_In']     = 'Anmelden';
-$_['Log_Out']    = 'Abmelden';
 
+$_['Working']        = 'Working - please wait...'; //## NT ##
+$_['Log_In']         = 'Anmelden';
+$_['Log_Out']        = 'Abmelden';
 $_['Admin_Options']  = 'Konfiguration Optionen';
 $_['Are_you_sure']   = 'Sind Sie sicher?';
 $_['Edit_View']      = 'Datei Bearbeiten / Ansicht';
@@ -81,6 +85,7 @@
 $_['New_Location']   = 'Neuer Ordner';
 $_['No_files']       = 'Keine Dateien ausgewählt.';
 $_['Not_found']      = 'Nicht gefunden';
+$_['Invalid_path']   = 'Invalid path'; //## NT ##
 $_['pass_to_hash']   = 'Passwort Streuwert:';
 $_['Generate_Hash']  = 'Streuwert generieren';
 
@@ -236,12 +241,13 @@
 $_['change_pw_04'] = 'Die Werte der Felder "Neu" und "Bestätigen" gleichen sich nicht.';
 $_['change_pw_05'] = 'Aktualisierung';
 $_['change_pw_06'] = 'Externe Konfigurationsdatei';
-
 $_['change_pw_07'] = 'All fields are required.'; //## NT ##
+
 $_['change_un_01'] = 'Benutzername wurde geändert!';
 $_['change_un_02'] = 'Benutzername wurde nicht geändert.';
 
 $_['update_failed'] = 'Aktualisierung fehlgeschlagen - die Datei konnte nicht gespeichert werden.';
+
 $_['mcd_msg_01'] = 'Dateien verschoben.';
 $_['mcd_msg_02'] = 'Dateien kopiert.';
 $_['mcd_msg_03'] = 'Dateien gelöscht.';
diff --git a/languages/OneFileCMS.LANG.EN.php b/languages/OneFileCMS.LANG.EN.php
index e1e0651..4b6c9ee 100755
--- a/languages/OneFileCMS.LANG.EN.php
+++ b/languages/OneFileCMS.LANG.EN.php
@@ -1,5 +1,5 @@
 <?php
-// OneFileCMS Language Settings v3.4.20
+// OneFileCMS Language Settings v3.4.22
 
 $_['LANGUAGE'] = 'English';
 $_['LANG'] = 'EN';
@@ -18,6 +18,7 @@
 // So, a smaller font or less spacing may be desirable in those places to preserve page layout.
 $_['front_links_font_size']  = '1.0em';   //Buttons on Index page.
 $_['front_links_margin_L']   = '1.0em';
+$_['MCD_margin_R']           = '1.0em';   //[Move] [Copy] [Delete] buttons
 $_['button_font_size']       = '0.9em';   //Buttons on Edit page.
 $_['button_margin_L']        = '0.7em';
 $_['button_padding']         = '4px 7px';
@@ -36,6 +37,7 @@
 $_['Copy']    = 'Copy';
 $_['Copied']  = 'Copied';
 $_['Create']  = 'Create';
+$_['Date']    = 'Date';
 $_['Delete']  = 'Delete';
 $_['DELETE']  = 'DELETE';
 $_['Deleted'] = 'Deleted';
@@ -49,19 +51,21 @@
 $_['Hash']    = 'Hash';
 $_['Move']    = 'Move';
 $_['Moved']   = 'Moved';
+$_['Name']    = 'Name';
 $_['on']      = 'on';
 
 $_['Password']   = 'Password';
 $_['Rename']     = 'Rename';
+$_['Size']       = 'Size';
 $_['Source']     = 'Source';
 $_['successful'] = 'successful';
 $_['To']         = 'To';
 $_['Upload']     = 'Upload';
 $_['Username']   = 'Username';
-$_['Working']    = 'Working - please wait...';
-$_['Log_In']     = 'Log In';
-$_['Log_Out']    = 'Log Out';
 
+$_['Working']        = 'Working - please wait...';
+$_['Log_In']         = 'Log In';
+$_['Log_Out']        = 'Log Out';
 $_['Admin_Options']  = 'Administration Options';
 $_['Are_you_sure']   = 'Are you sure?';
 $_['Edit_View']      = 'Edit / View';
@@ -237,12 +241,13 @@
 $_['change_pw_04'] = '"New" and "Confirm New" values do not match.';
 $_['change_pw_05'] = 'Updating';
 $_['change_pw_06'] = 'external config file';
-
 $_['change_pw_07'] = 'All fields are required.';
+
 $_['change_un_01'] = 'Username changed!';
 $_['change_un_02'] = 'Username NOT changed.';
 
 $_['update_failed'] = 'Update failed - could not save file.';
+
 $_['mcd_msg_01'] = 'files moved.';
 $_['mcd_msg_02'] = 'files copied.';
 $_['mcd_msg_03'] = 'files deleted.';
diff --git a/languages/OneFileCMS.LANG.ES.php b/languages/OneFileCMS.LANG.ES.php
index 6d89bb7..0faee27 100755
--- a/languages/OneFileCMS.LANG.ES.php
+++ b/languages/OneFileCMS.LANG.ES.php
@@ -1,5 +1,5 @@
 <?php
-// OneFileCMS Language Settings v3.4.18
+// OneFileCMS Language Settings v3.4.22
 
 $_['LANGUAGE'] = 'Espanõla';
 $_['LANG'] = 'ES';
@@ -18,6 +18,7 @@
 // So, a smaller font or less spacing may be desirable in those places to preserve page layout.
 $_['front_links_font_size']  = '1.0em';   //Buttons on Index page.
 $_['front_links_margin_L']   = '0.5em';
+$_['MCD_margin_R']           = '1.0em';   //[Move] [Copy] [Delete] buttons
 $_['button_font_size']       = '0.9em';   //Buttons on Edit page.
 $_['button_margin_L']        = '0.7em';
 $_['button_padding']         = '4px 5px';
@@ -26,22 +27,23 @@
 $_['select_all_label_size']  = '.84em';   //Font size of $_['Select_All']
 $_['select_all_label_width'] = '110px';   //Width of space for $_['Select_All']
 
-$_['HTML']    = 'HTML';    //## NT ##
+$_['HTML']    = 'HTML';
 $_['WYSIWYG'] = 'WYSIWYG'; //## NT ##
 
 $_['Admin']   = 'Administrador';
-$_['bytes']   = 'bytes';
+$_['bytes']   = 'bytes';   //## NT ##
 $_['Cancel']  = 'Cancelar';
 $_['Close']   = 'Cerrar';
 $_['Copy']    = 'Copiar';
 $_['Copied']  = 'Copiado';
 $_['Create']  = 'Crear';
+$_['Date']    = 'Date';    //## NT ##
 $_['Delete']  = 'Eliminar';
 $_['DELETE']  = 'ELIMINAR';
 $_['Deleted'] = 'Eliminado';
 $_['Edit']    = 'Editar';
 $_['Enter']   = 'Entrar';
-$_['Error']   = 'Error';
+$_['Error']   = 'Error';   //## NT ##
 $_['errors']  = 'errores';
 $_['File']    = 'Archivo';
 $_['Folder']  = 'Carpeta';
@@ -49,19 +51,21 @@
 $_['Hash']    = 'Cadena';
 $_['Move']    = 'Mover';
 $_['Moved']   = 'Movido';
+$_['Name']    = 'Name';    //## NT ##
 $_['on']      = 'activado';
 
 $_['Password']   = 'contraseña';
 $_['Rename']     = 'Renombrar';
+$_['Size']       = 'Size'; //## NT ##
 $_['Source']     = 'Source'; //## NT ##
 $_['successful'] = 'satisfactoriamente';
 $_['To']         = 'Hacia';
 $_['Upload']     = 'Subir';
 $_['Username']   = 'Usuario';
-$_['Working']    = 'Working - please wait...'; //## NT ##
-$_['Log_In']     = 'Iniciar Sesión';
-$_['Log_Out']    = 'Cerrar Sesión';
 
+$_['Working']        = 'Working - please wait...'; //## NT ##
+$_['Log_In']         = 'Iniciar Sesión';
+$_['Log_Out']        = 'Cerrar Sesión';
 $_['Admin_Options']  = 'Opciones de Administración';
 $_['Are_you_sure']   = '¿Estás seguro?';
 $_['Edit_View']      = 'Editar / Ver Archivo';
@@ -77,10 +81,11 @@
 $_['Del_Files']      = 'Eliminar Archivo(s)';
 $_['Selected_Files'] = 'Seleccionar Archivos';
 $_['Select_All']     = 'Seleccionar Todos';
-$_['Clear_All']      = 'Limpiar';
+$_['Clear_All']      = 'Limpiar Todos';
 $_['New_Location']   = 'Nueva Posición';
 $_['No_files']       = 'No se seleccionó ningún archivo.';
 $_['Not_found']      = 'No encontrado';
+$_['Invalid_path']   = 'Invalid path'; //## NT ##
 $_['pass_to_hash']   = 'Contraseña del Hash:';
 $_['Generate_Hash']  = 'Generar Hash';
 
@@ -149,9 +154,9 @@
 $_['edit_msg_03'] = 'Ocurrió un error guardando el archivo.';
 
 $_['upload_txt_03'] = 'Nota: El tamaño máximo de subida es de:';
-$_['upload_txt_01'] = '(php.ini: upload_max_filesize)';
+$_['upload_txt_01'] = '(php.ini: upload_max_filesize)'; //## NT ##
 $_['upload_txt_04'] = 'Tamaño total de la subida:';
-$_['upload_txt_02'] = '(php.ini: post_max_size)';
+$_['upload_txt_02'] = '(php.ini: post_max_size)'; //## NT ##
 $_['upload_txt_05'] = 'Para los archivos subidos que ya existen: ';
 $_['upload_txt_06'] = 'Renombrar (hacia filename.ext.001 etc...)';
 $_['upload_txt_07'] = 'Sobreescribir';
@@ -236,12 +241,13 @@
 $_['change_pw_04'] = 'La contraseña y su confirmación no coinciden.';
 $_['change_pw_05'] = 'Actualizando';
 $_['change_pw_06'] = 'archivo de configuración externa';
-
 $_['change_pw_07'] = 'All fields are required.'; //## NT ##
+
 $_['change_un_01'] = '¡Nombre de Usuario Actualizado!';
 $_['change_un_02'] = 'Nombre de Usuario NO Actualizado.';
 
 $_['update_failed'] = 'Actualización fallida. No se pudo guardar el archivo.';
+
 $_['mcd_msg_01'] = 'archivos movidos satisfactoriamente.';
 $_['mcd_msg_02'] = 'archivos copiados satisfactoriamente.';
 $_['mcd_msg_03'] = 'archivos eliminados satisfactoriamente.';
diff --git a/languages/OneFileCMS.LANG.NL.php b/languages/OneFileCMS.LANG.NL.php
index 923d27e..7ee1ad6 100755
--- a/languages/OneFileCMS.LANG.NL.php
+++ b/languages/OneFileCMS.LANG.NL.php
@@ -1,5 +1,5 @@
 <?php
-// OneFileCMS Language Settings v3.4.19
+// OneFileCMS Language Settings v3.4.22
 
 $_['LANGUAGE'] = 'Nederlands (Dutch)';
 $_['LANG'] = 'NL';
@@ -18,6 +18,7 @@
 // So, a smaller font or less spacing may be desirable in those places to preserve page layout.
 $_['front_links_font_size']  = '0.8em';   //Buttons on Index page.
 $_['front_links_margin_L']   = '0.4em';
+$_['MCD_margin_R']           = '1.0em';   //[Move] [Copy] [Delete] buttons
 $_['button_font_size']       = '0.8em';   //Buttons on Edit page.
 $_['button_margin_L']        = '0.7em';
 $_['button_padding']         = '4px 10px';
@@ -26,42 +27,45 @@
 $_['select_all_label_size']  = '.84em';   //Font size of $_['Select_All']
 $_['select_all_label_width'] = '90px';    //Width of space for $_['Select_All']
 
-$_['HTML']    = 'HTML';    //## NT ##
+$_['HTML']    = 'HTML';
 $_['WYSIWYG'] = 'WYSIWYG'; //## NT ##
 
 $_['Admin']   = 'Beheer';
-$_['bytes']   = 'bytes';
+$_['bytes']   = 'bytes';   //## NT ##
 $_['Cancel']  = 'Annuleren';
 $_['Close']   = 'Sluiten';
 $_['Copy']    = 'Kopiëren';
 $_['Copied']  = 'Gekopiëerd';
 $_['Create']  = 'Aanmaken';
+$_['Date']    = 'Date';    //## NT ##
 $_['Delete']  = 'Verwijderen';
 $_['DELETE']  = 'VERWIJDER';
 $_['Deleted'] = 'Verwijderd';
 $_['Edit']    = 'Bewerken';
-$_['Enter']   = 'Enter';
+$_['Enter']   = 'Enter';   //## NT ##
 $_['Error']   = 'Fout';
 $_['errors']  = 'fouten';
 $_['File']    = 'Bestand';
 $_['Folder']  = 'Map';
 $_['From']    = 'Van';
-$_['Hash']    = 'Hash';
+$_['Hash']    = 'Hash';    //## NT ##
 $_['Move']    = 'Verplaats';
 $_['Moved']   = 'Verplaatst';
-$_['on']      = 'on';
+$_['Name']    = 'Name';    //## NT ##
+$_['on']      = 'on';      //## NT ##
 
 $_['Password']   = 'Wachtwoord';
 $_['Rename']     = 'Hernoemen';
+$_['Size']       = 'Size'; //## NT ##
 $_['Source']     = 'Source'; //## NT ##
 $_['successful'] = 'succesvol';
 $_['To']         = 'Aan';
-$_['Upload']     = 'Upload';
+$_['Upload']     = 'Upload'; //## NT ##
 $_['Username']   = 'Gebruikersnaam';
-$_['Working']    = 'Working - please wait...'; //## NT ##
-$_['Log_In']     = 'Inloggen';
-$_['Log_Out']    = 'Uitloggen';
 
+$_['Working']        = 'Working - please wait...'; //## NT ##
+$_['Log_In']         = 'Inloggen';
+$_['Log_Out']        = 'Uitloggen';
 $_['Admin_Options']  = 'Opties voor beheer';
 $_['Are_you_sure']   = 'Weet u het zeker?';
 $_['Edit_View']      = 'Bewerken / weergeven';
@@ -81,12 +85,13 @@
 $_['New_Location']   = 'Nieuwe Locatie';
 $_['No_files']       = 'Geen bestanden geselecteerd.';
 $_['Not_found']      = 'Niet gevonden';
+$_['Invalid_path']   = 'Invalid path'; //## NT ##
 $_['pass_to_hash']   = 'Wachtwoord verwarren:';
 $_['Generate_Hash']  = 'Genereer Verward Wachtwoord (Hash)';
 
 $_['save_1']      = 'Opslaan';
 $_['save_2']      = 'WIJZIGINGEN OPSLAAN!';
-$_['reset']       = 'Reset';
+$_['reset']       = 'Reset'; //## NT ##
 $_['Wide_View']   = 'Wijd Gezichtsveld';
 $_['Normal_View'] = 'Normaal Gezichtsveld';
 $_['Open_View']   = 'Openen/Bekijken in browser venster';
@@ -121,10 +126,10 @@
 
 $_['edit_note_00']  = 'NOTITIES:';
 $_['edit_note_01a'] = 'Onthoudt- uw';
-$_['edit_note_01b'] = 'is';
+$_['edit_note_01b'] = 'is'; //## NT ##
 $_['edit_note_02']  = 'Dus sla uw wijzigingen op voordat de klok afloopt of ze zullen verloren gaan!';
 $_['edit_note_03']  = 'Bij sommige browers, zoals Chrome, komt het voor als u op de [Terug] knop klikt, en daarna [Voorwaarts], dat de toestand van uw instellingen incorrect zijn. Om te corrigeren, klik op de knop [Vernieuwen].';
-$_['edit_note_04']  = 'Chrome may disable some javascript in a page if the page even appears to contain inline javascript in certain contexts. This can affect some features of the OneFileCMS edit page when editing files that legitimately contain such code, such as OneFileCMS itself. However, such files can still be edited and saved with OneFileCMS. The primary function lost is the incidental change of background colors (red/green) indicating whether or not the file has unsaved changes. The issue will be noticed after the first save of such a file.';
+$_['edit_note_04']  = 'Chrome may disable some javascript in a page if the page even appears to contain inline javascript in certain contexts. This can affect some features of the OneFileCMS edit page when editing files that legitimately contain such code, such as OneFileCMS itself. However, such files can still be edited and saved with OneFileCMS. The primary function lost is the incidental change of background colors (red/green) indicating whether or not the file has unsaved changes. The issue will be noticed after the first save of such a file.'; //## NT ##
 
 $_['edit_h2_1']   = 'Weergeven:';
 $_['edit_h2_2']   = 'Bewerken:';
@@ -149,9 +154,9 @@
 $_['edit_msg_03'] = 'Er was een fout bij het opslaan van bestand:';
 
 $_['upload_txt_03'] = 'Maximum grootte van ieder bestand:';
-$_['upload_txt_01'] = '(php.ini: upload_max_filesize)';
+$_['upload_txt_01'] = '(php.ini: upload_max_filesize)'; //## NT ##
 $_['upload_txt_04'] = 'Maximum totaal upload grootte:';
-$_['upload_txt_02'] = '(php.ini: post_max_size)';
+$_['upload_txt_02'] = '(php.ini: post_max_size)'; //## NT ##
 $_['upload_txt_05'] = 'For uploaded files that already exist: '; //## NT ##
 $_['upload_txt_06'] = 'Rename (to filename.ext.001 etc...)'; //## NT ##
 $_['upload_txt_07'] = 'Overwrite'; //## NT ##
@@ -236,12 +241,13 @@
 $_['change_pw_04'] = '"Nieuw" en "Bevestig Nieuw" waardes komen niet overeen.';
 $_['change_pw_05'] = 'Bijwerken';
 $_['change_pw_06'] = 'extern configuratiebestand';
-
 $_['change_pw_07'] = 'All fields are required.'; //## NT ##
+
 $_['change_un_01'] = 'Gebruikersnaam gewijzigd!';
 $_['change_un_02'] = 'Gebruikersnaam NIET gewijzigd.';
 
 $_['update_failed'] = 'Update mislukt - onmogelijk bestand op te slaan.';
+
 $_['mcd_msg_01'] = 'bestanden verplaatst.';
 $_['mcd_msg_02'] = 'bestanden gekopiëerd.';
 $_['mcd_msg_03'] = 'bestanden verwijderd.';
diff --git a/languages/OneFileCMS.LANG.RU.php b/languages/OneFileCMS.LANG.RU.php
index dbfa0e4..b57c7ac 100755
--- a/languages/OneFileCMS.LANG.RU.php
+++ b/languages/OneFileCMS.LANG.RU.php
@@ -1,7 +1,7 @@
 <?php
-// OneFileCMS Language Settings v3.4.18
+// OneFileCMS Language Settings v3.4.22
 
-$_['LANGUAGE'] = 'Russian'; //RU
+$_['LANGUAGE'] = 'Russian';
 $_['LANG'] = 'RU';
 
 // If no translation or value is desired for a particular setting, do not delete
@@ -18,6 +18,7 @@
 // So, a smaller font or less spacing may be desirable in those places to preserve page layout.
 $_['front_links_font_size']  = '0.9em';   //Buttons on Index page.
 $_['front_links_margin_L']   = '0.7em';
+$_['MCD_margin_R']           = '1.0em';   //[Move] [Copy] [Delete] buttons
 $_['button_font_size']       = '0.8em';   //Buttons on Edit page.
 $_['button_margin_L']        = '0.7em';
 $_['button_padding']         = '4px 5px';
@@ -26,7 +27,7 @@
 $_['select_all_label_size']  = '.84em';   //Font size of $_['Select_All']
 $_['select_all_label_width'] = '72px';    //Width of space for $_['Select_All']
 
-$_['HTML']    = 'HTML';    //## NT ##
+$_['HTML']    = 'HTML';
 $_['WYSIWYG'] = 'WYSIWYG'; //## NT ##
 
 $_['Admin']   = 'Админка';
@@ -36,6 +37,7 @@
 $_['Copy']    = 'Копия';
 $_['Copied']  = 'Копировать';
 $_['Create']  = 'Создать';
+$_['Date']    = 'Date';    //## NT ##
 $_['Delete']  = 'Удалить';
 $_['DELETE']  = 'УДАЛИТЬ';
 $_['Deleted'] = 'Удалено';
@@ -49,19 +51,21 @@
 $_['Hash']    = 'Хэш';
 $_['Move']    = 'Переместить';
 $_['Moved']   = 'Перемещено';
+$_['Name']    = 'Name';    //## NT ##
 $_['on']      = 'в';
 
 $_['Password']   = 'Пароль';
 $_['Rename']     = 'Rename'; //## NT ##
+$_['Size']       = 'Size'; //## NT ##
 $_['Source']     = 'Source'; //## NT ##
 $_['successful'] = 'успешно';
 $_['To']         = 'В';
 $_['Upload']     = 'Загрузить';
 $_['Username']   = 'Логин';
-$_['Working']    = 'Working - please wait...'; //## NT ##
-$_['Log_In']     = 'Войти';
-$_['Log_Out']    = 'Выйти';
 
+$_['Working']        = 'Working - please wait...'; //## NT ##
+$_['Log_In']         = 'Войти';
+$_['Log_Out']        = 'Выйти';
 $_['Admin_Options']  = 'Настройки Администратора';
 $_['Are_you_sure']   = 'Вы уверены?';
 $_['Edit_View']      = 'Ред. / Смотреть';
@@ -81,6 +85,7 @@
 $_['New_Location']   = 'Новая локализация';
 $_['No_files']       = 'Нет выбранных файлов.';
 $_['Not_found']      = 'Не найдено';
+$_['Invalid_path']   = 'Invalid path'; //## NT ##
 $_['pass_to_hash']   = 'Пароль для хеширования:';
 $_['Generate_Hash']  = 'Сгенерировать Хэш';
 
@@ -149,9 +154,9 @@
 $_['edit_msg_03'] = 'Существовала ошибка сохраниния файла .';
 
 $_['upload_txt_03'] = 'Максимальный размер каждого файла:';
-$_['upload_txt_01'] = '(php.ini: upload_max_filesize)';
+$_['upload_txt_01'] = '(php.ini: upload_max_filesize)'; //## NT ##
 $_['upload_txt_04'] = 'Максимальный суммарный размер загружаемого:';
-$_['upload_txt_02'] = '(php.ini: post_max_size)';
+$_['upload_txt_02'] = '(php.ini: post_max_size)'; //## NT ##
 $_['upload_txt_05'] = 'Для загруженных файлов, которые уже существуют: ';
 $_['upload_txt_06'] = 'Переименование (в файле filename.ext.001 и.т.д...)';
 $_['upload_txt_07'] = 'Заменить';
@@ -236,12 +241,13 @@
 $_['change_pw_04'] = 'Данные "Нового пароля" и "Подтверждения нового пароля" не совпадают.';
 $_['change_pw_05'] = 'Обновить';
 $_['change_pw_06'] = 'внежнюю конфигурацию файла';
-
 $_['change_pw_07'] = 'All fields are required.'; //## NT ##
+
 $_['change_un_01'] = 'Логин изменён!';
 $_['change_un_02'] = 'Логин НЕ изменён.';
 
 $_['update_failed'] = 'Обновление не удалось - файл не сохранился.';
+
 $_['mcd_msg_01'] = 'файлы перемещаются.';
 $_['mcd_msg_02'] = 'файлы копируются.';
 $_['mcd_msg_03'] = 'файлы удалены.';
diff --git a/onefilecms.php b/onefilecms.php
index 4171df9..8fce20a 100755
--- a/onefilecms.php
+++ b/onefilecms.php
@@ -1,7 +1,7 @@
 <?php 
 // OneFileCMS - github.com/Self-Evident/OneFileCMS
 
-$OFCMS_version = '3.4.21';
+$OFCMS_version = '3.4.22';
 
 /*******************************************************************************
 Except where noted otherwise:
@@ -274,14 +274,18 @@ function System_Setup() { //****************************************************
 
 
 function hsc($input) { return htmlspecialchars($input, ENT_QUOTES, 'UTF-8'); }//end hsc() //********
-function hte($input) { return htmlentities($input, ENT_QUOTES, 'UTF-8'); }//end hte() //************
+function hte($input) {
+	$result = htmlentities($input, ENT_QUOTES, 'UTF-8');
+	if ($result == "" ) {return $input;}
+	return $result;
+}//end hte() //************
 
 
 
 
 function Default_Language() { // ***********************************************
 	global $_;
-// OneFileCMS Language Settings v3.4.20
+// OneFileCMS Language Settings v3.4.22
 
 $_['LANGUAGE'] = 'English';
 $_['LANG'] = 'EN';
@@ -298,15 +302,16 @@ function Default_Language() { // ***********************************************
 // These first few settings control a few font and layout settings.
 // In some instances, some langauges may use significantly longer words or phrases than others.
 // So, a smaller font or less spacing may be desirable in those places to preserve page layout.
-$_['front_links_font_size']  = '1.0em';   //Buttons on Index page.
+$_['front_links_font_size']  = '1.0em';  //Buttons on Index page.
 $_['front_links_margin_L']   = '1.0em';
-$_['button_font_size']       = '0.9em';   //Buttons on Edit page.
+$_['MCD_margin_R']           = '1.0em';  //[Move] [Copy] [Delete] buttons
+$_['button_font_size']       = '0.9em';  //Buttons on Edit page.
 $_['button_margin_L']        = '0.7em';
 $_['button_padding']         = '4px 7px';
-$_['image_info_font_size']   = '1em';     //show_img_msg_01  &  _02
-$_['image_info_pos']         = '';        //If 1 or true, moves the info down a line for more space.
-$_['select_all_label_size']  = '.84em';   //Font size of $_['Select_All']
-$_['select_all_label_width'] = '72px';    //Width of space for $_['Select_All']
+$_['image_info_font_size']   = '1em';    //show_img_msg_01  &  _02
+$_['image_info_pos']         = '';       //If 1 or true, moves the info down a line for more space.
+$_['select_all_label_size']  = '.84em';  //Font size of $_['Select_All']
+$_['select_all_label_width'] = '72px';   //Width of space for $_['Select_All']
 $_['HTML']    = 'HTML';
 $_['WYSIWYG'] = 'WYSIWYG';
 $_['Admin']   = 'Admin';
@@ -316,6 +321,7 @@ function Default_Language() { // ***********************************************
 $_['Copy']    = 'Copy';
 $_['Copied']  = 'Copied';
 $_['Create']  = 'Create';
+$_['Date']    = 'Date';
 $_['Delete']  = 'Delete';
 $_['DELETE']  = 'DELETE';
 $_['Deleted'] = 'Deleted';
@@ -329,9 +335,11 @@ function Default_Language() { // ***********************************************
 $_['Hash']    = 'Hash';
 $_['Move']    = 'Move';
 $_['Moved']   = 'Moved';
+$_['Name']    = 'Name';
 $_['on']      = 'on';
 $_['Password']   = 'Password';
 $_['Rename']     = 'Rename';
+$_['Size']       = 'Size';
 $_['Source']     = 'Source'; 
 $_['successful'] = 'successful';
 $_['To']         = 'To';
@@ -1704,10 +1712,14 @@ function List_File($file, $type, $f_or_f, $DS, $IS_OFCMS, $HREF_params, $param3)
 	$ren_mov   = '<a href="'.$HREF_params.'&amp;p=rename'.$f_or_f.'" title="'.hsc($_['Ren_Move']).'">'.$ICONS['ren_mov'].'</a>';
 	$copy      = '<a href="'.$HREF_params.'&amp;p=copy'.$f_or_f.'"   title="'.hsc($_['Copy']).'"    >'.$ICONS['copy'].'</a>';
 	$delete    = '<a href="'.$HREF_params.'&amp;p=delete'.$f_or_f.'" title="'.hsc($_['Delete']).'"  >'.$ICONS['delete'].'</a>';
+
+	$file_size_raw = filesize($ipath.$file);
+	$file_time_raw = filemtime($ipath.$file);
+
 	$checkbox  = '<div class="ckbox"><INPUT TYPE=checkbox NAME="files[]" VALUE="'.hsc($file).'"></div>';
 	$file_name = '<a href="'.$HREF_params.$param3.'"  title="'.hsc($_['Edit_View']).'">'.$icon.'&nbsp;'.hte($file).$DS.'</a>';
-	$file_size = number_format(filesize($ipath.$file)).' B';
-	$file_time = '<script>FileTimeStamp('.filemtime($ipath.$file).', 1, 0);</script>'; 
+	$file_size = '<script>format_number('.$file_size_raw.');</script> B';
+	$file_time = '<script>FileTimeStamp('.$file_time_raw.', 1, 0);</script>';
 
 	//For directories, don't show file size (which is always 0).
 	if (is_dir($ipath.$file)) { $file_size = ''; }
@@ -1736,7 +1748,24 @@ function Table_of_Files($full_list) { //****************************************
 	//dummy input to make sure files[] is always an array in js for Select_All() & Confirm_Ready().
 	echo '<INPUT TYPE=hidden NAME="files[]" VALUE="">';
 
+
 	echo '<table class="index_T">';
+
+	//Header row: | Select All|[ ]|        Name        |   Size   |    Date    |
+	echo '<tr>';
+		echo '<th colspan=3 id="select_all_th">';
+		echo '<LABEL for=select_all id=select_all_label>'.$_['Select_All'].'</LABEL>';
+	echo '</th>';
+	echo '<th class="ckbox">';
+		$input_attribs = 'TYPE=checkbox NAME=select_all id=select_all VALUE=select_all';
+		echo '<INPUT '.$input_attribs.' onclick="Select_All();">';
+	echo '</th>';
+	echo '<th>'.$_['Name'].'</th><th>'.$_['Size'].'</th><th>'.$_['Date'].'</th>';
+	echo '</tr>';
+
+
+	//Begin actual rows of directory listing
+	echo '<tbody id="DIRECTORY_LISTING">';
 	foreach ($full_list as $file) {
 		
 		$excluded = FALSE;
@@ -1773,7 +1802,7 @@ function Table_of_Files($full_list) { //****************************************
 			
 		}//end if !is_dir...
 	}//end foreach file
-	echo '</table>';
+	echo '</tbody></table>';
 }//end Table_of_Files() //******************************************************
 
 
@@ -1790,9 +1819,6 @@ function Index_Page(){ //*******************************************************
 
 	echo '<div id=index_page_buttons>';
 	if ($file_count > 0) {
-		$input_attribs = 'TYPE=checkbox NAME=select_all id=select_all VALUE=select_all';
-		echo '<LABEL for=select_all id=select_all_label>'.$_['Select_All'].'</LABEL>';
-		echo '<INPUT '.$input_attribs.' onclick="Select_All();">';
 		
 		echo '<div id="mcd_submit">';
 		$onclick_m = 'onclick="Confirm_Submit( \'move\');   "';
@@ -2655,6 +2681,22 @@ function FormatTime(Seconds) {
 
 
 
+function format_number(number, sep) {
+	sep = typeof sep !== 'undefined' ? sep : ','; //default to a comma
+	var number	= number + "";   // 1234567890     convert number to a string
+	var result  = "";            // 1,234,567,890  sample result
+
+	for (var x = 0; x < number.length ; x += 3) {
+		a = number.length - x - 3;
+		b = number.length - x;
+		result = number.substring(a,b) + result;
+		if (a > 0) {result = sep + result} //add sep if still have more digits
+	}
+	document.write( result );
+}//end format_number()
+
+
+
 function Countdown(count, End_Time, Timer_ID, Timer_CLASS, Action){
 	var Timer        = document.getElementById(Timer_ID);
 	var Current_Time = Math.round(new Date().getTime()/1000); //js uses milliseconds
@@ -3184,7 +3226,9 @@ function style_sheet(){ //******************************************************
 
 table.index_T tr:hover {border: 1px solid #777; background-color: #EEE}
 
-table.index_T td { border : 1px inset silver; vertical-align: middle;}
+table.index_T th { border: 1px inset silver; vertical-align: middle; padding-left: 4px;text-align: center;}
+
+table.index_T td { border: 1px inset silver; vertical-align: middle;}
 
 .index_T td a {
 	display  : block;
@@ -3194,12 +3238,12 @@ function style_sheet(){ //******************************************************
 	}
 
 
-.file_name { min-width: 10em; }
+.file_name { min-width: 10em; max-width: 26em; }
 .file_size { min-width:  6em; }
 .file_time { min-width: 15em; }
 
 .meta_T {
-	padding-right : .5em;
+	padding-right : 4px;
 	text-align    : right;
 	font-family   : courier;
     font-size     : .9em;
@@ -3237,11 +3281,13 @@ function style_sheet(){ //******************************************************
 
 /*** Select All [x]  [Move] [Copy] [Delete] ***/
 
-#select_all_label { 
-	display: inline-block;
+#select_all_th { max-width: 70px; text-align: right; padding:  0 3px 0 0px; } /*TRBL*/
+
+#select_all_label {
+	Xdisplay: inline-block;		/* //##### when select all was above table, not in it*/
 	font   : 400 .84em arial;
-	width  : 72px;
-	padding: 2px 0 0 2px;
+	Xwidth  : 72px;				/* //##### when select all was above table, not in it*/
+	Xpadding: 2px 0 0 2px;		/* //##### when select all was above table, not in it*/
 	color  : #333;
 	}
 
@@ -3250,8 +3296,9 @@ function style_sheet(){ //******************************************************
 	cursor   : pointer;
 	border   : 1px solid #807568;
 	padding  : 0px 4px 0px 3px;
-	margin-top : .5em;   /* Helps align bottoms with New & Upload buttons */
-	margin-left: 1.0em;     /*Adjusted by langauge files*/
+	margin-top  :  .5em;  /* Helps align bottoms with New & Upload buttons */
+	margin-left : 0.0em;  /* no longer needs adjusted by langauge files*/
+	margin-right: 1.0em;  /* Adjusted by language files */
 	font-size: .9em;
 	color    : rgb(100,45,0);
 	background-color: #EEE;
@@ -3473,7 +3520,7 @@ function Language_and_config_adjusted_styles() { //*****************************
 	margin-left: <?php echo $_['front_links_margin_L']  ?>; /*Default 1em */
 	}
 
-#mcd_submit button{ margin-left: <?php echo $_['front_links_margin_L']  ?>;} /*Default 1em */
+#mcd_submit button{ margin-right: <?php echo $_['MCD_margin_R']  ?>;} /*Default 1em */
 
 .image_info { font-size: <?php echo $_['image_info_font_size'] ?>; }   /*Default 1em*/
 
@@ -3592,7 +3639,7 @@ function Load_style_sheet(){ //*************************************************
 
 echo '</head><body>';
 
-Error_reporting_status_and_early_output(0,0); //0,0 will only show any early output.
+Error_reporting_status_and_early_output(0,0); //0,0 will only show early output.
 
 if ($_SESSION['valid']) { echo '<div id="main" class="container" >'; }
 else                    { echo '<div id="main" class="login_page">'; }
diff --git a/readme.markdown b/readme.markdown
index 2804905..71f87e9 100755
--- a/readme.markdown
+++ b/readme.markdown
@@ -1,4 +1,4 @@
-(Last update: 2014-02-08)
+(Updated: 2014-02-10)
 # OneFileCMS
 
 ## Yes, that's exactly what it is!

From bd0dfd1fbb5cb46086f72361f6aa3ecd84caf790 Mon Sep 17 00:00:00 2001
From: Self-Evident <selfevidenttruths@mail.com>
Date: Mon, 10 Feb 2014 22:00:00 -0500
Subject: [PATCH 170/228] Version 3.4.22

---
 onefilecms.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/onefilecms.php b/onefilecms.php
index 8fce20a..d32aa9c 100755
--- a/onefilecms.php
+++ b/onefilecms.php
@@ -1,4 +1,4 @@
-<?php 
+<?php
 // OneFileCMS - github.com/Self-Evident/OneFileCMS
 
 $OFCMS_version = '3.4.22';

From 7bdbc19354484975691f1404d00badf66c092905 Mon Sep 17 00:00:00 2001
From: Self-Evident <selfevidenttruths@mail.com>
Date: Wed, 12 Feb 2014 19:00:00 -0500
Subject: [PATCH 171/228] Version 3.4.23

Continued upadates in prep for sort by column:
Directory listing is now built & displayed client side, via javascript.
  Removed: List_File(), Table_of_Files()
  Added  : Get_DIRECTORY_DATA(), Create_Table_for_Listing()
           Index_Page_buttons_top, Index_Page_scripts(), init_ICONS_js()
  New js : assemble_row(), Display_Directory_Summary(), Build_Directory(),
           hsc(text) (a basic htmlspecialchars)
Added $ICONS['dir'], same as $ICONS['folder']

New: $_['files'] = 'Files';  $_['folders'] = 'folders';

format_number() now returns instead of document.write'ing
FileTimeStamp() can return or document.write its result

Some css tweaking...
Increased $MAX_EDIT_SIZE from 150,000 to 200,000
Increased $UPOLAD_FIELDS from 6 to 10.
---
 info/OneFileCMS.config.SAMPLE.php |   6 +-
 info/OneFileCMS_structure.txt     |  13 +-
 info/changelog.markdown           |   5 +
 onefilecms.php                    | 388 ++++++++++++++++++++++--------
 readme.markdown                   |   2 +-
 5 files changed, 301 insertions(+), 113 deletions(-)

diff --git a/info/OneFileCMS.config.SAMPLE.php b/info/OneFileCMS.config.SAMPLE.php
index c180945..42a70b8 100755
--- a/info/OneFileCMS.config.SAMPLE.php
+++ b/info/OneFileCMS.config.SAMPLE.php
@@ -1,6 +1,6 @@
 <?php 
 // OneFileCMS - github.com/Self-Evident/OneFileCMS
-// v3.4.21
+// v3.4.23
 // Sample external config file - this file is OPTIONAL.
 //
 // Basically, what follows is just a copy & paste of the OneFileCMS CONFIGURABLE INFO.
@@ -20,14 +20,14 @@
 $MAIN_WIDTH    = '810px'; //Width of main <div> defining page layout.          Can be px, pt, em, or %.  Assumes px otherwise.
 $WIDE_VIEW_WIDTH = '97%'; //Width to set Edit page if [Wide View] is clicked.  Can be px, pt, em, or %.  Assumes px otherwise.
 
-$MAX_EDIT_SIZE = 150000;  // Edit gets flaky with large files in some browsers.  Trial and error your's.
+$MAX_EDIT_SIZE = 200000;  // Edit gets flaky with large files in some browsers.  Trial and error your's.
 $MAX_VIEW_SIZE = 1000000; // If file > $MAX_EDIT_SIZE, don't even view in OneFileCMS.
                           // The default max view size is completely arbitrary. Basically, it was 2am and seemed like a good idea at the time.
 
 $MAX_IMG_W   = 810;  //Max width (in px) to display images. (main width is 810)
 $MAX_IMG_H   = 1000; //Max height (in px).  I don't know, it just looks reasonable.
 
-$UPLOAD_FIELDS = 6; //Number of upload fields on Upload File(s) page. Max value is ini_get('max_file_uploads').
+$UPLOAD_FIELDS = 10; //Number of upload fields on Upload File(s) page. Max value is ini_get('max_file_uploads').
 
 $config_favicon   = "favicon.ico"; //Path is relative to root of website.
 $config_excluded  = ""; //files to exclude from directory listings- CaSe sEnsiTive!
diff --git a/info/OneFileCMS_structure.txt b/info/OneFileCMS_structure.txt
index 94aecd3..e78dfae 100755
--- a/info/OneFileCMS_structure.txt
+++ b/info/OneFileCMS_structure.txt
@@ -1,4 +1,4 @@
-OneFileCMS Version 3.4.20 structure/layout
+OneFileCMS Version 3.4.23 structure/layout
 
 LICENSE
 
@@ -59,8 +59,9 @@ PAGE & RESPONSE FUNCTIONS:
 	Logout()
 	Login_Page()
 	Login_response()
-	List_File()
-	Table_of_Files()
+	Get_DIRECTORY_DATA()
+	Create_Table_for_Listing()
+    Index_Page_buttons_top
 	Index_Page()
 	Edit_Page_buttons_top()
 	Edit_Page_buttons()
@@ -83,8 +84,10 @@ PAGE & RESPONSE FUNCTIONS:
 	Respond_to_POST()
 
 JAVASCRIPT FUNCTIONS:
+	init_ICONS_js()
 	common_scripts()
 		pad()
+		hsc()
 		trim()
 		FormatTime()
 		format_number()
@@ -93,6 +96,10 @@ JAVASCRIPT FUNCTIONS:
 		FileTimeStamp()
 		Select_All()
 		Confirm_Submit()
+	Index_Page_scripts()
+		assemble_row()
+		Display_Directory_Summary()
+		Build_Directory
 	Edit_Page_scripts()
 		Wide_View()
 		Reset_file_status_indicators()
diff --git a/info/changelog.markdown b/info/changelog.markdown
index 3c1a35f..7d9bc0c 100755
--- a/info/changelog.markdown
+++ b/info/changelog.markdown
@@ -1,5 +1,10 @@
 # OneFileCMS Change Log
 
+### v3.4.23 (February 12, 2014)
+
+- More changes in prep for sort by column
+- Directory list is now built & displayed client side via javascript.
+
 ### v3.4.22 (February 10, 2014)
 
 - Mostly some changes to prep for sort by column (name, size, or date) feature.
diff --git a/onefilecms.php b/onefilecms.php
index d32aa9c..52454c0 100755
--- a/onefilecms.php
+++ b/onefilecms.php
@@ -1,7 +1,7 @@
-<?php
+<?php 
 // OneFileCMS - github.com/Self-Evident/OneFileCMS
 
-$OFCMS_version = '3.4.22';
+$OFCMS_version = '3.4.23';
 
 /*******************************************************************************
 Except where noted otherwise:
@@ -91,14 +91,14 @@
 $MAIN_WIDTH    = '810px'; //Width of main <div> defining page layout.          Can be px, pt, em, or %.  Assumes px otherwise.
 $WIDE_VIEW_WIDTH = '97%'; //Width to set Edit page if [Wide View] is clicked.  Can be px, pt, em, or %.  Assumes px otherwise.
 
-$MAX_EDIT_SIZE = 150000;  // Edit gets flaky with large files in some browsers.  Trial and error your's.
+$MAX_EDIT_SIZE = 200000;  // Edit gets flaky with large files in some browsers.  Trial and error your's.
 $MAX_VIEW_SIZE = 1000000; // If file > $MAX_EDIT_SIZE, don't even view in OneFileCMS.
                           // The default max view size is completely arbitrary. Basically, it was 2am and seemed like a good idea at the time.
 
 $MAX_IMG_W   = 810;  //Max width (in px) to display images. (main width is 810)
 $MAX_IMG_H   = 1000; //Max height (in px).  I don't know, it just looks reasonable.
 
-$UPLOAD_FIELDS = 6; //Number of upload fields on Upload File(s) page. Max value is ini_get('max_file_uploads').
+$UPLOAD_FIELDS = 10; //Number of upload fields on Upload File(s) page. Max value is ini_get('max_file_uploads').
 
 $config_favicon   = "favicon.ico"; //Path is relative to root of website.
 $config_excluded  = ""; //files to exclude from directory listings- CaSe sEnsiTive!
@@ -285,7 +285,7 @@ function hte($input) {
 
 function Default_Language() { // ***********************************************
 	global $_;
-// OneFileCMS Language Settings v3.4.22
+// OneFileCMS Language Settings v3.4.23
 
 $_['LANGUAGE'] = 'English';
 $_['LANG'] = 'EN';
@@ -330,7 +330,9 @@ function Default_Language() { // ***********************************************
 $_['Error']   = 'Error';
 $_['errors']  = 'errors';
 $_['File']    = 'File';
+$_['files']   = 'files';
 $_['Folder']  = 'Folder';
+$_['folders'] = 'folders';
 $_['From']    = 'From';
 $_['Hash']    = 'Hash';
 $_['Move']    = 'Move';
@@ -1310,10 +1312,11 @@ function icon_folder($extra = ""){ //**********************************
 	$ICONS['php'] = icon_txt('#333', '#111', '#C3C3FF'); //rgb(195,195,225)
 	$ICONS['css'] = icon_txt('#333', '#111', '#FFE1A5'); //rgb(255,225,165)
 	$ICONS['cfg'] = icon_txt('#444', '#111', '#DDD');
-	$ICONS['upload'] = icon_txt('#333', 'black', 'white', $extra_up);
-	$ICONS['file_new'] = icon_txt('#444', 'black', 'white', $extra_new);
+	$ICONS['dir']    = icon_folder();
 	$ICONS['folder'] = icon_folder();
 	$ICONS['folder_new'] = icon_folder('<g transform="translate(7.5,4)">'.$circle_plus.'</g>');
+	$ICONS['upload']     = icon_txt('#333', 'black', 'white', $extra_up);
+	$ICONS['file_new']   = icon_txt('#444', 'black', 'white', $extra_new);
 	$ICONS['ren_mov'] = icon_folder('<g transform="translate(2.5,3)">'.$pencil.'</g>'.$arc_arrow);
 	$ICONS['move']    = icon_folder($arc_arrow);
 	$ICONS['copy']    = '<svg version="1.1" width="12" height="12"><g transform="translate(1,1)">'.$circle_plus_rev.'</g></svg>';
@@ -1341,7 +1344,7 @@ function List_Backup($file, $file_url){ //**************************************
 	<table class="index_T old_backup_T"><tr>
 	<td class="file_name"><?php echo $edit_link; ?></td>
 	<td class="meta_T file_size">&nbsp;	<?php echo number_format(filesize($file)); ?> B	</td>
-	<td class="meta_T file_time"> &nbsp;<script>FileTimeStamp(<?php echo filemtime($file); ?>, 1, 0);</script></td>
+	<td class="meta_T file_time"> &nbsp;<script>FileTimeStamp(<?php echo filemtime($file); ?>, 1, 0, 1);</script></td>
 	</tr></table>
 
 	<a href="<?php echo $href.'&amp;p=deletefile' ?>" class="button" id="del_backup">
@@ -1699,56 +1702,12 @@ function Login_response() { //**************************************************
 
 
 
-//******************************************************************************
-function List_File($file, $type, $f_or_f, $DS, $IS_OFCMS, $HREF_params, $param3) {
-	global $_, $ICONS, $ipath, $fclasses;
-
-	//Determine icon to show
-	if (in_array($type,$fclasses)) { $icon = $ICONS[$type];}
-	elseif ($type == 'dir')        { $icon = $ICONS['folder']; }
-	else                           { $icon = $ICONS['bin']; } //default
-
-	//File options & info
-	$ren_mov   = '<a href="'.$HREF_params.'&amp;p=rename'.$f_or_f.'" title="'.hsc($_['Ren_Move']).'">'.$ICONS['ren_mov'].'</a>';
-	$copy      = '<a href="'.$HREF_params.'&amp;p=copy'.$f_or_f.'"   title="'.hsc($_['Copy']).'"    >'.$ICONS['copy'].'</a>';
-	$delete    = '<a href="'.$HREF_params.'&amp;p=delete'.$f_or_f.'" title="'.hsc($_['Delete']).'"  >'.$ICONS['delete'].'</a>';
-
-	$file_size_raw = filesize($ipath.$file);
-	$file_time_raw = filemtime($ipath.$file);
-
-	$checkbox  = '<div class="ckbox"><INPUT TYPE=checkbox NAME="files[]" VALUE="'.hsc($file).'"></div>';
-	$file_name = '<a href="'.$HREF_params.$param3.'"  title="'.hsc($_['Edit_View']).'">'.$icon.'&nbsp;'.hte($file).$DS.'</a>';
-	$file_size = '<script>format_number('.$file_size_raw.');</script> B';
-	$file_time = '<script>FileTimeStamp('.$file_time_raw.', 1, 0);</script>';
-
-	//For directories, don't show file size (which is always 0).
-	if (is_dir($ipath.$file)) { $file_size = ''; }
-
-	//If file is OneFileCMS, don't show Rename, Delete, or checkbox options.
-	if ($IS_OFCMS) { $ren_mov = $delete = $checkbox = ''; }
-?>
-	<tr>
-		<td class="RCD"><?php echo $ren_mov; ?></td>
-		<td class="RCD"><?php echo $copy;    ?></td>
-		<td class="RCD"><?php echo $delete;  ?></td>
-		<td class=""   ><?php echo $checkbox;?></td>
-		<td class="file_name"       ><?php echo $file_name; ?></td>
-		<td class="meta_T file_size"><?php echo $file_size; ?></td>
-		<td class="meta_T file_time"><?php echo $file_time; ?></td>
-	</tr>
-<?php
-}//end List_File() //***********************************************************
-
-
-
+function Create_Table_for_Listing() { //****************************************
+	global$_;
 
-function Table_of_Files($full_list) { //****************************************
-	global $_, $ONESCRIPT, $ipath, $param1, $ftypes, $fclasses, $excluded_list, $stypes, $SHOWALLFILES;
-
-	//dummy input to make sure files[] is always an array in js for Select_All() & Confirm_Ready().
+	//dummy input to make sure files[] is always an array for Select_All() & Confirm_Ready().
 	echo '<INPUT TYPE=hidden NAME="files[]" VALUE="">';
 
-
 	echo '<table class="index_T">';
 
 	//Header row: | Select All|[ ]|        Name        |   Size   |    Date    |
@@ -1760,66 +1719,73 @@ function Table_of_Files($full_list) { //****************************************
 		$input_attribs = 'TYPE=checkbox NAME=select_all id=select_all VALUE=select_all';
 		echo '<INPUT '.$input_attribs.' onclick="Select_All();">';
 	echo '</th>';
-	echo '<th>'.$_['Name'].'</th><th>'.$_['Size'].'</th><th>'.$_['Date'].'</th>';
+	echo '<th class="file_name">'.$_['Name'].'</th><th class="file_size">'.$_['Size'].'</th><th class="file_time">'.$_['Date'].'</th>';
 	echo '</tr>';
 
+	//For directory content. Will insert the list later via innerHTML.
+	echo '<tbody id="DIRECTORY_LISTING"></tbody>';
+
+	echo '</table>';
+
+}//Create_Table_for_Listing() //************************************************
+
+
 
-	//Begin actual rows of directory listing
-	echo '<tbody id="DIRECTORY_LISTING">';
-	foreach ($full_list as $file) {
+
+function Get_DIRECTORY_DATA($basic_list) { //***********************************
+	global $_, $ONESCRIPT, $ipath, $param1, $ICONS,
+			$ftypes, $fclasses, $excluded_list, $stypes, $SHOWALLFILES, 
+			$DIRECTORY_COUNT, $DIRECTORY_DATA;
+	
+	foreach ($basic_list as $filename) {
 		
 		$excluded = FALSE;
-		if (in_array($file, $excluded_list)) { $excluded = TRUE; };
+		if (in_array($filename, $excluded_list)) { $excluded = TRUE; };
 		
 		//Get file type & check against $stypes (files types to show)
-		$filename_parts = explode(".", strtolower($file));
+		$filename_parts = explode(".", strtolower($filename));
 		$ext = end($filename_parts);
 		if ($SHOWALLFILES || in_array($ext, $stypes)) { $SHOWTYPE = TRUE; } else { $SHOWTYPE = FALSE; }
 		
 		//Used to not show rename & delete options for active copy of OneFileCMS.
-		$IS_OFCMS = false;
-		if ( $ipath.$file == trim($_SERVER['SCRIPT_NAME'], '/') ) { $IS_OFCMS = true;  }
+		$IS_OFCMS = 0;
+		if ( $ipath.$filename == trim($_SERVER['SCRIPT_NAME'], '/') ) { $IS_OFCMS = 1; }
 		
+		//Determine if $filename is to be shown, save data
 		if ( $SHOWTYPE && !$excluded ) {
-			$HREF_params = $ONESCRIPT.$param1;
 			
 			//Set icon type based on if dir, or file type ($ext).
-			if (is_dir($ipath.$file)) {
-				$f_or_f = 'folder';
-				$type   = 'dir';
-				$HREF_params .= URLencode_path($file).'/';
-				$param3 = '';
-				$DS = ' /'; //End with a forward slash to indicate a folder.
-			}else {
-				$f_or_f = "file";
-				$type = $fclasses[array_search($ext, $ftypes)];
-				$HREF_params .= '&amp;f='.rawurlencode($file);
-				$param3 = '&amp;p=edit';
-				$DS = '';
-			}
+			if (is_dir($ipath.$filename)) { $type = 'dir'; }
+			else {						$type = $fclasses[array_search($ext, $ftypes)]; }
 			
-			List_File($file, $type, $f_or_f, $DS, $IS_OFCMS, $HREF_params, $param3);
+			//Determine icon to show
+			if (in_array($type,$fclasses)) { $icon = $ICONS[$type];}
+			elseif ($type == 'dir')        { $icon = $ICONS['folder']; }
+			else                           { $icon = $ICONS['bin']; } //default
 			
-		}//end if !is_dir...
+			$file_size_raw = filesize($ipath.$filename);
+			$file_time_raw = filemtime($ipath.$filename);
+			
+			//Store data
+			$DIRECTORY_DATA[$DIRECTORY_COUNT] = array('','',0,0);
+			$DIRECTORY_DATA[$DIRECTORY_COUNT][0] = $type;  //used to determine icon & f_or_f
+			$DIRECTORY_DATA[$DIRECTORY_COUNT][1] = $filename;
+			$DIRECTORY_DATA[$DIRECTORY_COUNT][2] = $file_size_raw;
+			$DIRECTORY_DATA[$DIRECTORY_COUNT][3] = $file_time_raw;
+			$DIRECTORY_DATA[$DIRECTORY_COUNT][4] = $IS_OFCMS; //If = 1, Don't show ren, del, ckbox.
+			$DIRECTORY_COUNT++;
+		}//end if $SHOW...
 	}//end foreach file
-	echo '</tbody></table>';
-}//end Table_of_Files() //******************************************************
-
+}//end Get_DIRECTORY_DATA() //**************************************************
 
 
 
-function Index_Page(){ //*******************************************************
-	global $_, $ICONS, $ONESCRIPT, $ipath, $param1, $ftypes, $fclasses;
 
-	$full_list = Sort_Seperate($ipath, scandir('./'.$ipath));
-	$file_count = count($full_list);
-	
-	echo '<form method="post" name="mcdselect" action="'.$ONESCRIPT.$param1.'&amp;p=mcdaction">';
-	echo '<input type="hidden" name="mcdaction" value="">';
+function Index_Page_buttons_top($file_count) { //*******************************
+	global $_, $ONESCRIPT, $param1, $ICONS;
 
 	echo '<div id=index_page_buttons>';
 	if ($file_count > 0) {
-		
 		echo '<div id="mcd_submit">';
 		$onclick_m = 'onclick="Confirm_Submit( \'move\');   "';
 		$onclick_c = 'onclick="Confirm_Submit( \'copy\');   "';
@@ -1837,10 +1803,57 @@ function Index_Page(){ //*******************************************************
 	echo '</div>'; //end front_links
 	echo '</div>'; //end index_page_buttons
 	echo '<div class=clear></div>';
+
+} //end Index_Page_buttons_top() //*********************************************
+
+
+
+
+function Index_Page(){ //*******************************************************
+	global $_, $ICONS, $ONESCRIPT, $ipath, $param1, $param3, $HREF_params, 
+			$ftypes, $fclasses, $DIRECTORY_COUNT, $DIRECTORY_DATA;
 	
-	if ($file_count > 0) { Table_of_Files($full_list); }
+	init_ICONS_js();
+	Index_Page_scripts(); ##### NEEDS LANGUAGE STRINGS !!
+
+	$DIRECTORY_COUNT = 0;
+
+	//Get basic file (directory) list, and pre-sort 
+	$basic_list = Sort_Seperate($ipath, scandir('./'.$ipath));
+	$file_count = count($basic_list);
+
+	//<form> to contain entire list, and buttons at top.
+	echo '<form method="post" name="mcdselect" action="'.$ONESCRIPT.$param1.'&amp;p=mcdaction">';
+	echo '<input type="hidden" name="mcdaction" value="">'; //along with $page, affects response
+
+	Index_Page_buttons_top($file_count);
+
+	Create_Table_for_Listing(); //sets up table with empty <tbody></tbody>
+
+	if ($file_count > 0) { Get_DIRECTORY_DATA($basic_list); }
+
+	echo "</form>\n\n";
+
+	//"send" data to javascript.
+	echo "<script>\n";
+	for ($x = 0; $x < $DIRECTORY_COUNT; $x++) {
+
+		// DIRECTORY_DATA[$x] = ("type", "file name", filesize, timestamp, is_ofcms)	
+		$data_for_js  = 'DIRECTORY_DATA['.$x.'] = new Array(';
+		$data_for_js .= ' "'.$DIRECTORY_DATA[$x][0].'"';
+		$data_for_js .= ',"'.$DIRECTORY_DATA[$x][1].'"';
+		$data_for_js .= ', '.$DIRECTORY_DATA[$x][2];
+		$data_for_js .= ', '.$DIRECTORY_DATA[$x][3];
+		$data_for_js .= ', '.$DIRECTORY_DATA[$x][4];
+		$data_for_js .= ");\n";
+		
+		echo $data_for_js;
+	}//end for count
+
+	//Display the directory...
+	echo "Build_Directory('DIRECTORY_LISTING');";
+	echo "</script>\n\n";
 
-	echo '</form>';
 }//end Index_Page() //**********************************************************
 
 
@@ -1878,7 +1891,7 @@ function Edit_Page_buttons_top($text_editable,$file_ENC){ //********************
 				<?php echo hsc($_['meta_txt_01']).' '.number_format(filesize($filename)).' '.hsc($_['bytes']); ?>
 			</span>	&nbsp;
 			<span class="file_time">
-				<?php echo hsc($_['meta_txt_03']).' <script>FileTimeStamp('.filemtime($filename).', 1, 1);</script>'; ?>
+				<?php echo hsc($_['meta_txt_03']).' <script>FileTimeStamp('.filemtime($filename).', 1, 1, 1);</script>'; ?>
 				<?php echo '&nbsp; '.$file_ENC; ?>
 			</span><br>
 		</div>
@@ -2636,6 +2649,36 @@ function Respond_to_POST() { //*************************************************
 
 
 
+function init_ICONS_js() { //***************************************************
+	global $ICONS;
+
+	//Currently, only icons for dir listing needed in js
+?>
+<script>
+var ICONS = new Array();
+
+ICONS['bin'] = '<?php echo $ICONS["bin"] ?>';
+ICONS['z']   = '<?php echo $ICONS["z"] ?>';
+ICONS['img'] = '<?php echo $ICONS["img"] ?>';
+ICONS['svg'] = '<?php echo $ICONS["svg"] ?>';
+ICONS['txt'] = '<?php echo $ICONS["txt"] ?>';
+ICONS['htm'] = '<?php echo $ICONS["htm"] ?>';
+ICONS['php'] = '<?php echo $ICONS["php"] ?>';
+ICONS['css'] = '<?php echo $ICONS["css"] ?>';
+ICONS['cfg'] = '<?php echo $ICONS["cfg"] ?>';
+ICONS['dir']     = '<?php echo $ICONS["dir"] ?>';
+ICONS['folder']  = '<?php echo $ICONS["folder"] ?>';
+ICONS['ren_mov'] = '<?php echo $ICONS["ren_mov"] ?>';
+ICONS['move']    = '<?php echo $ICONS["move"] ?>';
+ICONS['copy']    = '<?php echo $ICONS["copy"] ?>';
+ICONS['delete']  = '<?php echo $ICONS["delete"] ?>';
+</script>
+<?php
+}//end init_ICONS_js() //*******************************************************
+
+
+
+
 function common_scripts() { //**************************************************
 	global $_, $TO_WARNING;
 	
@@ -2646,6 +2689,18 @@ function pad(num){ if ( num < 10 ){ num = "0" + num; }; return num; }
 
 
 
+//A basic htmlspecialchars()
+function hsc(text) {
+  return text
+      .replace(/&/g, "&amp;")
+      .replace(/</g, "&lt;")
+      .replace(/>/g, "&gt;")
+      .replace(/"/g, "&quot;")
+      .replace(/'/g, "&#039;");
+}
+
+
+
 function trim($string) {
 
 	//trim leading whitespace
@@ -2692,7 +2747,7 @@ function format_number(number, sep) {
 		result = number.substring(a,b) + result;
 		if (a > 0) {result = sep + result} //add sep if still have more digits
 	}
-	document.write( result );
+	return result;
 }//end format_number()
 
 
@@ -2736,7 +2791,7 @@ function Start_Countdown(count, ID, CLASS, Action){
 
 
 
-function FileTimeStamp(php_filemtime, show_date, show_offset){
+function FileTimeStamp(php_filemtime, show_date, show_offset, write_return){
 
 	//php's filemtime returns seconds, javascript's date() uses milliseconds.
 	var FileMTime = php_filemtime * 1000;
@@ -2768,7 +2823,8 @@ function FileTimeStamp(php_filemtime, show_date, show_offset){
 	if (show_date)  { DATETIME = FULLDATE + " &nbsp;" + FULLTIME;}
 	if (show_offset){ DATETIME += " ("+offset_FULL+")"; }
 		
-	document.write( DATETIME );
+	if (write_return) { document.write(DATETIME); }
+	else 			  { return DATETIME; }
 }
 
 
@@ -2821,6 +2877,124 @@ function Confirm_Submit(action){
 
 
 
+function Index_Page_scripts() { //**********************************************
+	global $_, $ONESCRIPT, $param1, $ipath;
+?>
+<script>
+//Declare DIRECTORY_DATA when scripts are loaded, data added later.
+var DIRECTORY_DATA = new Array();
+
+var ONESCRIPT	= "<?php echo $ONESCRIPT ?>";
+var param1		= "<?php echo $param1 ?>";
+
+
+
+function assemble_row(HREF_params, f_or_f, filetype, filename, file_name){
+		var TABLE_ROW = '';
+		
+		//Assemble cell contents: [move] [copy] [delete] [x] <a>file name</a> etc...
+		ren_mov = '<a href="' + HREF_params + '&amp;p=rename' + f_or_f + '" title="<?php echo hsc($_['Ren_Move']) ?>">' + ICONS['ren_mov'] + '</a>';
+		copy    = '<a href="' + HREF_params + '&amp;p=copy'   + f_or_f + '" title="<?php echo hsc($_['Copy'])     ?>">' + ICONS['copy']    + '</a>';
+		del     = '<a href="' + HREF_params + '&amp;p=delete' + f_or_f + '" title="<?php echo hsc($_['Delete'])   ?>">' + ICONS['delete']  + '</a>';
+		checkbox = '<div class="ckbox"><INPUT TYPE=checkbox NAME="files[]"  VALUE="'+ hsc(filename) +'"></div>';
+		
+		//Don't show remove, delete, or checkbox options for active copy of OneFileCMS.
+		if (DIRECTORY_DATA[x][4]) { ren_mov = del = checkbox = ''; }
+		
+		TABLE_ROW += "<tr>";
+		TABLE_ROW += '<td class="RCD">' + ren_mov  + '</td>';
+		TABLE_ROW += '<td class="RCD">' + copy     + '</td>';
+		TABLE_ROW += '<td class="RCD">' + del      + '</td>';
+		TABLE_ROW += '<td class=""   >' + checkbox + '</td>';
+		TABLE_ROW += '<td class="file_name"       >' + file_name  + '</td>';
+		TABLE_ROW += '<td class="meta_T file_size">' + file_size  + '</td>';
+		TABLE_ROW += '<td class="meta_T file_time">' + time_stamp + '</td>';
+		TABLE_ROW += "</tr>\n";
+		
+		return TABLE_ROW;
+}//end assemble_row()
+
+
+
+function Display_Directory_Summary() {
+
+	var total_items  = DIRECTORY_DATA.length;
+	var folder_count = 0;
+	var total_bytes  = 0;
+
+	for (x=0; x < DIRECTORY_DATA.length; x++) {
+		filetype = DIRECTORY_DATA[x][0];
+		filename = DIRECTORY_DATA[x][1];
+		if (filetype == "dir"){ folder_count++; }
+		total_bytes += DIRECTORY_DATA[x][2];
+	}
+
+	//Directory Summary
+	document.write('<p id="summary">');
+	document.write(folder_count + " <?php echo $_['folders']?>, &nbsp; ");
+	document.write(total_items - folder_count + ' <?php echo $_['files']?>, ');
+	document.write('&nbsp; ' + format_number(total_bytes) + " <?php echo $_['bytes']?>");
+
+}//end Display_Directory_Summary()
+
+
+
+//Build directory & insert into <tag id=target></tag>.
+function Build_Directory(target) {
+	var TABLE_LIST = "";
+	var folder_count	= 0; 
+	var directory_bytes	= 0;
+	var DS = '';      // ' /' for folders, blank otherwise.
+	var f_or_f = '';  // 'file' or 'folder'
+
+	var HREF_params = '';
+	var filetype = '';
+	var filename = '';
+	var filesize =  0;
+
+	for (x=0; x < DIRECTORY_DATA.length; x++) {
+		
+		filetype = DIRECTORY_DATA[x][0];
+		filename = DIRECTORY_DATA[x][1];
+		filesize = DIRECTORY_DATA[x][2];
+		
+		//folder or file?  And file_size
+		if (filetype == "dir"){
+			folder_count++;
+			DS = ' /';
+			f_or_f = 'folder';
+			HREF_params = ONESCRIPT + param1 + encodeURIComponent(filename);
+			file_size = '';
+		} else {
+			DS = '';
+			f_or_f = 'file';
+			HREF_params = ONESCRIPT + param1 + '&amp;f=' + encodeURIComponent(filename) + '&amp;p=edit';
+			file_size = format_number(filesize) + ' B';
+			directory_bytes += filesize;
+		}
+		
+		file_name  = '<a href="' + HREF_params + '"  title="<?php echo hsc($_['Edit_View']) ?>" >';
+		file_name += ICONS[filetype] + '&nbsp;' + hsc(filename) + DS + '</a>';
+		time_stamp = FileTimeStamp(DIRECTORY_DATA[x][3], 1, 0, 0);
+		
+		TABLE_LIST += assemble_row(HREF_params, f_or_f, filetype, filename, file_name)
+		
+	}//end for x
+
+	//Display listing in table...
+	document.getElementById(target).innerHTML = TABLE_LIST;
+
+	Display_Directory_Summary(); //below table
+
+} //end Build_Directory()
+
+</script>
+<?php
+}//end Index_Page_scripts() //**************************************************
+
+
+
+
 function Edit_Page_scripts() { //***********************************************
 	global $_, $MAIN_WIDTH, $WIDE_VIEW_WIDTH, $current_view;
 
@@ -3239,8 +3413,8 @@ function style_sheet(){ //******************************************************
 
 
 .file_name { min-width: 10em; max-width: 26em; }
-.file_size { min-width:  6em; }
-.file_time { min-width: 15em; }
+.file_size { min-width:  6em; padding-left: 10px; }
+.file_time { min-width: 10em; padding-left: 10px; }
 
 .meta_T {
 	padding-right : 4px;
@@ -3281,13 +3455,13 @@ function style_sheet(){ //******************************************************
 
 /*** Select All [x]  [Move] [Copy] [Delete] ***/
 
-#select_all_th { max-width: 70px; text-align: right; padding:  0 3px 0 0px; } /*TRBL*/
+#select_all_th { min-width: 60px ; max-width: 70px; text-align: right; padding:  0 3px 0 0px; } /*TRBL*/
 
-#select_all_label {
-	Xdisplay: inline-block;		/* //##### when select all was above table, not in it*/
+#select_all_label { 
+	Xdisplay: inline-block;     /* //##### when select all was above table, not in it*/
 	font   : 400 .84em arial;
-	Xwidth  : 72px;				/* //##### when select all was above table, not in it*/
-	Xpadding: 2px 0 0 2px;		/* //##### when select all was above table, not in it*/
+	Xwidth  : 72px;			    /* //##### when select all was above table, not in it*/
+	Xpadding: 2px 0 0 2px;      /* //##### when select all was above table, not in it*/
 	color  : #333;
 	}
 
@@ -3295,9 +3469,9 @@ function style_sheet(){ //******************************************************
 	height   : 1.55em;
 	cursor   : pointer;
 	border   : 1px solid #807568;
-	padding  : 0px 4px 0px 3px;
+	padding  : 0px 4px 0px 3px; /*TRBL*/
 	margin-top  :  .5em;  /* Helps align bottoms with New & Upload buttons */
-	margin-left : 0.0em;  /* no longer needs adjusted by langauge files*/
+	margin-left : 0.0em;  /* no longer needs adjusted by langauge files */
 	margin-right: 1.0em;  /* Adjusted by language files */
 	font-size: .9em;
 	color    : rgb(100,45,0);
@@ -3497,6 +3671,8 @@ function style_sheet(){ //******************************************************
 .ren_over {display: inline-block}
 .ren_over input {margin: 0 0 0 2em}
 .ren_over label {font-weight: normal}
+
+#summary {font-size: .9em; text-align: center}
 </style>
 <?php
 }//end style_sheet() //*********************************************************
@@ -3520,7 +3696,7 @@ function Language_and_config_adjusted_styles() { //*****************************
 	margin-left: <?php echo $_['front_links_margin_L']  ?>; /*Default 1em */
 	}
 
-#mcd_submit button{ margin-right: <?php echo $_['MCD_margin_R']  ?>;} /*Default 1em */
+#mcd_submit button{ margin-right: <?php echo $_['MCD_margin_R']  ?>;}  /*Default 1em*/
 
 .image_info { font-size: <?php echo $_['image_info_font_size'] ?>; }   /*Default 1em*/
 
diff --git a/readme.markdown b/readme.markdown
index 71f87e9..72eb7ff 100755
--- a/readme.markdown
+++ b/readme.markdown
@@ -1,4 +1,4 @@
-(Updated: 2014-02-10)
+(Updated: 2014-02-12)
 # OneFileCMS
 
 ## Yes, that's exactly what it is!

From f331669193860dbd256347e04cb8332bb41c43d4 Mon Sep 17 00:00:00 2001
From: Self-Evident <selfevidenttruths@mail.com>
Date: Wed, 12 Feb 2014 19:10:00 -0500
Subject: [PATCH 172/228] Version 3.4.23

Added a couple new languaged strings.
---
 languages/OneFileCMS.LANG.DE.php | 10 ++++++----
 languages/OneFileCMS.LANG.EN.php | 10 ++++++----
 languages/OneFileCMS.LANG.ES.php | 10 ++++++----
 languages/OneFileCMS.LANG.NL.php | 10 ++++++----
 languages/OneFileCMS.LANG.RU.php | 10 ++++++----
 5 files changed, 30 insertions(+), 20 deletions(-)

diff --git a/languages/OneFileCMS.LANG.DE.php b/languages/OneFileCMS.LANG.DE.php
index bb7b21b..00f8103 100755
--- a/languages/OneFileCMS.LANG.DE.php
+++ b/languages/OneFileCMS.LANG.DE.php
@@ -1,5 +1,5 @@
 <?php
-// OneFileCMS Language Settings v3.4.22
+// OneFileCMS Language Settings v3.4.23
 
 $_['LANGUAGE'] = 'Deutsch';
 $_['LANG'] = 'DE';
@@ -26,12 +26,12 @@
 $_['image_info_pos']         = '1';       //If 1 or true, moves the info down a line for more space.
 $_['select_all_label_size']  = '.84em';   //Font size of $_['Select_All']
 $_['select_all_label_width'] = '76px';    //Width of space for $_['Select_All']
-
-$_['HTML']    = 'HTML';
-$_['WYSIWYG'] = 'WYSIWYG'; //## NT ##
+$_['HTML']                   = 'HTML';
+$_['WYSIWYG']                = 'WYSIWYG'; //## NT ##
 
 $_['Admin']   = 'Konfiguration';
 $_['bytes']   = 'bytes';   //## NT ##
+
 $_['Cancel']  = 'Abbrechen';
 $_['Close']   = 'Schließen';
 $_['Copy']    = 'Erstellen';
@@ -46,7 +46,9 @@
 $_['Error']   = 'Fehler';
 $_['errors']  = 'Fehler';
 $_['File']    = 'Datei';
+$_['files']   = 'files';   //## NT ##
 $_['Folder']  = 'Ordner';
+$_['folders'] = 'folders'; //## NT ##
 $_['From']    = 'Von';
 $_['Hash']    = 'Streuwert';
 $_['Move']    = 'Verschieben';
diff --git a/languages/OneFileCMS.LANG.EN.php b/languages/OneFileCMS.LANG.EN.php
index 4b6c9ee..8a94873 100755
--- a/languages/OneFileCMS.LANG.EN.php
+++ b/languages/OneFileCMS.LANG.EN.php
@@ -1,5 +1,5 @@
 <?php
-// OneFileCMS Language Settings v3.4.22
+// OneFileCMS Language Settings v3.4.23
 
 $_['LANGUAGE'] = 'English';
 $_['LANG'] = 'EN';
@@ -26,12 +26,12 @@
 $_['image_info_pos']         = '';        //If 1 or true, moves the info down a line for more space.
 $_['select_all_label_size']  = '.84em';   //Font size of $_['Select_All']
 $_['select_all_label_width'] = '72px';    //Width of space for $_['Select_All']
-
-$_['HTML']    = 'HTML';
-$_['WYSIWYG'] = 'WYSIWYG';
+$_['HTML']                   = 'HTML';
+$_['WYSIWYG']                = 'WYSIWYG';
 
 $_['Admin']   = 'Admin';
 $_['bytes']   = 'bytes';
+
 $_['Cancel']  = 'Cancel';
 $_['Close']   = 'Close';
 $_['Copy']    = 'Copy';
@@ -46,7 +46,9 @@
 $_['Error']   = 'Error';
 $_['errors']  = 'errors';
 $_['File']    = 'File';
+$_['files']   = 'files';
 $_['Folder']  = 'Folder';
+$_['folders'] = 'folders';
 $_['From']    = 'From';
 $_['Hash']    = 'Hash';
 $_['Move']    = 'Move';
diff --git a/languages/OneFileCMS.LANG.ES.php b/languages/OneFileCMS.LANG.ES.php
index 0faee27..95d6110 100755
--- a/languages/OneFileCMS.LANG.ES.php
+++ b/languages/OneFileCMS.LANG.ES.php
@@ -1,5 +1,5 @@
 <?php
-// OneFileCMS Language Settings v3.4.22
+// OneFileCMS Language Settings v3.4.23
 
 $_['LANGUAGE'] = 'Espanõla';
 $_['LANG'] = 'ES';
@@ -26,12 +26,12 @@
 $_['image_info_pos']         = ' ';       //If 1 or true, moves the info down a line for more space.
 $_['select_all_label_size']  = '.84em';   //Font size of $_['Select_All']
 $_['select_all_label_width'] = '110px';   //Width of space for $_['Select_All']
-
-$_['HTML']    = 'HTML';
-$_['WYSIWYG'] = 'WYSIWYG'; //## NT ##
+$_['HTML']                   = 'HTML';
+$_['WYSIWYG']                = 'WYSIWYG'; //## NT ##
 
 $_['Admin']   = 'Administrador';
 $_['bytes']   = 'bytes';   //## NT ##
+
 $_['Cancel']  = 'Cancelar';
 $_['Close']   = 'Cerrar';
 $_['Copy']    = 'Copiar';
@@ -46,7 +46,9 @@
 $_['Error']   = 'Error';   //## NT ##
 $_['errors']  = 'errores';
 $_['File']    = 'Archivo';
+$_['files']   = 'files';   //## NT ##
 $_['Folder']  = 'Carpeta';
+$_['folders'] = 'folders'; //## NT ##
 $_['From']    = 'de';
 $_['Hash']    = 'Cadena';
 $_['Move']    = 'Mover';
diff --git a/languages/OneFileCMS.LANG.NL.php b/languages/OneFileCMS.LANG.NL.php
index 7ee1ad6..5c458a1 100755
--- a/languages/OneFileCMS.LANG.NL.php
+++ b/languages/OneFileCMS.LANG.NL.php
@@ -1,5 +1,5 @@
 <?php
-// OneFileCMS Language Settings v3.4.22
+// OneFileCMS Language Settings v3.4.23
 
 $_['LANGUAGE'] = 'Nederlands (Dutch)';
 $_['LANG'] = 'NL';
@@ -26,12 +26,12 @@
 $_['image_info_pos']         = '';        //If 1 or true, moves the info down a line for more space.
 $_['select_all_label_size']  = '.84em';   //Font size of $_['Select_All']
 $_['select_all_label_width'] = '90px';    //Width of space for $_['Select_All']
-
-$_['HTML']    = 'HTML';
-$_['WYSIWYG'] = 'WYSIWYG'; //## NT ##
+$_['HTML']                   = 'HTML';
+$_['WYSIWYG']                = 'WYSIWYG'; //## NT ##
 
 $_['Admin']   = 'Beheer';
 $_['bytes']   = 'bytes';   //## NT ##
+
 $_['Cancel']  = 'Annuleren';
 $_['Close']   = 'Sluiten';
 $_['Copy']    = 'Kopiëren';
@@ -46,7 +46,9 @@
 $_['Error']   = 'Fout';
 $_['errors']  = 'fouten';
 $_['File']    = 'Bestand';
+$_['files']   = 'files';   //## NT ##
 $_['Folder']  = 'Map';
+$_['folders'] = 'folders'; //## NT ##
 $_['From']    = 'Van';
 $_['Hash']    = 'Hash';    //## NT ##
 $_['Move']    = 'Verplaats';
diff --git a/languages/OneFileCMS.LANG.RU.php b/languages/OneFileCMS.LANG.RU.php
index b57c7ac..76fe4e3 100755
--- a/languages/OneFileCMS.LANG.RU.php
+++ b/languages/OneFileCMS.LANG.RU.php
@@ -1,5 +1,5 @@
 <?php
-// OneFileCMS Language Settings v3.4.22
+// OneFileCMS Language Settings v3.4.23
 
 $_['LANGUAGE'] = 'Russian';
 $_['LANG'] = 'RU';
@@ -26,12 +26,12 @@
 $_['image_info_pos']         = '';        //If 1 or true, moves the info down a line for more space.
 $_['select_all_label_size']  = '.84em';   //Font size of $_['Select_All']
 $_['select_all_label_width'] = '72px';    //Width of space for $_['Select_All']
-
-$_['HTML']    = 'HTML';
-$_['WYSIWYG'] = 'WYSIWYG'; //## NT ##
+$_['HTML']                   = 'HTML';
+$_['WYSIWYG']                = 'WYSIWYG'; //## NT ##
 
 $_['Admin']   = 'Админка';
 $_['bytes']   = 'байт';
+
 $_['Cancel']  = 'Отмена';
 $_['Close']   = 'Закрыть';
 $_['Copy']    = 'Копия';
@@ -46,7 +46,9 @@
 $_['Error']   = 'Ошибка';
 $_['errors']  = 'ошибки';
 $_['File']    = 'Файл';
+$_['files']   = 'files';   //## NT ##
 $_['Folder']  = 'Папка';
+$_['folders'] = 'folders'; //## NT ##
 $_['From']    = 'из';
 $_['Hash']    = 'Хэш';
 $_['Move']    = 'Переместить';

From 8850a4bb0c3e8840344e959342584c703793fc86 Mon Sep 17 00:00:00 2001
From: Self-Evident <selfevidenttruths@mail.com>
Date: Wed, 12 Feb 2014 19:32:00 -0500
Subject: [PATCH 173/228] Version 3.4.23 Updated optional external stylesheet.

---
 stylesheets/OneFileCMS.css | 33 ++++++++++++++++++++-------------
 1 file changed, 20 insertions(+), 13 deletions(-)

diff --git a/stylesheets/OneFileCMS.css b/stylesheets/OneFileCMS.css
index d7749c3..7822c5b 100755
--- a/stylesheets/OneFileCMS.css
+++ b/stylesheets/OneFileCMS.css
@@ -1,5 +1,5 @@
 /*******************************************************************************
-Sample, OPTIONAL, external style sheet for OneFileCMS
+Sample, OPTIONAL, external style sheet for OneFileCMS.  version 3.4.23
 *******************************************************************************/
 
 /* --- reset --- */
@@ -10,7 +10,7 @@ Sample, OPTIONAL, external style sheet for OneFileCMS
 
 /* --- general formatting --- */
 
-body { font-size: 1em; background: #DDF; font-family: sans-serif; }
+body { font-size: 1em; background: #E8E8E8; font-family: sans-serif; }
 
 p, table, ol { margin-bottom: .6em;}
 
@@ -125,7 +125,9 @@ table.index_T {
 
 table.index_T tr:hover {border: 1px solid #777; background-color: #EEE}
 
-table.index_T td { border : 1px inset silver; vertical-align: middle;}
+table.index_T th { border: 1px inset silver; vertical-align: middle; padding-left: 4px;text-align: center;}
+
+table.index_T td { border: 1px inset silver; vertical-align: middle;}
 
 .index_T td a {
 	display  : block;
@@ -135,12 +137,12 @@ table.index_T td { border : 1px inset silver; vertical-align: middle;}
 	}
 
 
-.file_name { min-width: 10em; }
-.file_size { min-width:  6em; }
-.file_time { min-width: 15em; }
+.file_name { min-width: 10em; max-width: 26em; }
+.file_size { min-width:  6em; padding-left: 10px; }
+.file_time { min-width: 10em; padding-left: 10px; }
 
 .meta_T {
-	padding-right : .5em;
+	padding-right : 4px;
 	text-align    : right;
 	font-family   : courier;
     font-size     : .9em;
@@ -178,11 +180,13 @@ a:active { border: 1px solid #807568; background-color: rgb(245,245,50);  }
 
 /*** Select All [x]  [Move] [Copy] [Delete] ***/
 
+#select_all_th { min-width: 60px ; max-width: 70px; text-align: right; padding:  0 3px 0 0px; } /*TRBL*/
+
 #select_all_label { 
-	display: inline-block;
+	Xdisplay: inline-block;     /* //##### when select all was above table, not in it*/
 	font   : 400 .84em arial;
-	width  : 72px;
-	padding: 2px 0 0 2px;
+	Xwidth  : 72px;			    /* //##### when select all was above table, not in it*/
+	Xpadding: 2px 0 0 2px;      /* //##### when select all was above table, not in it*/
 	color  : #333;
 	}
 
@@ -190,9 +194,10 @@ a:active { border: 1px solid #807568; background-color: rgb(245,245,50);  }
 	height   : 1.55em;
 	cursor   : pointer;
 	border   : 1px solid #807568;
-	padding  : 0px 4px 0px 3px;
-	margin-top : .5em;   /* Helps align bottoms with New & Upload buttons */
-	margin-left: 1.0em;     /*Adjusted by langauge files*/
+	padding  : 0px 4px 0px 3px; /*TRBL*/
+	margin-top  :  .5em;  /* Helps align bottoms with New & Upload buttons */
+	margin-left : 0.0em;  /* no longer needs adjusted by langauge files */
+	margin-right: 1.0em;  /* Adjusted by language files */
 	font-size: .9em;
 	color    : rgb(100,45,0);
 	background-color: #EEE;
@@ -391,3 +396,5 @@ input[type="text"].new_name {width  : 50%; margin-bottom: .2em;}
 .ren_over {display: inline-block}
 .ren_over input {margin: 0 0 0 2em}
 .ren_over label {font-weight: normal}
+
+#summary {font-size: .9em; text-align: center}

From 8471d094a272a176c343a4f5bbf8d54481d56aef Mon Sep 17 00:00:00 2001
From: Self-Evident <selfevidenttruths@mail.com>
Date: Wed, 12 Feb 2014 20:00:00 -0500
Subject: [PATCH 174/228] Version 3.4.23 Updated readme

---
 readme.markdown | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/readme.markdown b/readme.markdown
index 72eb7ff..a983c28 100755
--- a/readme.markdown
+++ b/readme.markdown
@@ -148,4 +148,4 @@ GENERATE/OUTPUT THE PAGE
 
 ## [Change Log](http://self-evident.github.com/OneFileCMS/changelog.html)
 
-## [Git Log](https://raw.github.com/Self-Evident/OneFileCMS/gh-pages/git.log)
+## [Git Log](https://raw.github.com/Self-Evident/OneFileCMS/gh-pages/master-branch.git.log)

From 51e9b16ac635c92e88fc775735a1c0b3655cac0e Mon Sep 17 00:00:00 2001
From: Self-Evident <selfevidenttruths@mail.com>
Date: Tue, 18 Feb 2014 22:20:00 -0500
Subject: [PATCH 175/228] Version 3.5 Directory list can now be sorted by
 column: name, size, timestamp, or ext. 3.24.23 & 3.4.24 DO NOT WORK IN IE!   
   I don't know why yet, mostly likely js related. New: $_['ext']            =
 'ext';  // filename.ext(ension) New: $_['folders_first']  = 'folders first';
 New text "icons": $ICONS['dir'] = '[+]'; $ICONS['folder'] = '[+]';
 Index_Page(): get dir list, don't sort server side, but filter . & ..
 Create_Table_for_Listing(): Added <a>'s & onclicks for sort calls
 Create_Table_for_Listing(): Also switched from all echo "...", to direct html
   (except for a few echo's...) Get_DIRECTORY_DATA(): improved determination
 of $ext. Get_DIRECTORY_DATA(): added DIRECTORY_DATA[x][5] = $ext (for client
 side sort) Index_Page_scripts(): added a few global js variables for client
 side sorting.             New ()'s: Sort_Folders_First(), sort_DIRECTORY()
 Display_Directory_Summary(): insert via innerHTML instead of document.write.
 Added some css for the directory header & footer rows.

---
 extras/OneFileCMS.config.SAMPLE.php |  78 ++++++
 extras/OneFileCMS.css               | 391 ++++++++++++++++++++++++++++
 extras/plugin-ckeditor_init.php     |  40 +++
 extras/plugin-tinymce_init.php      |  83 ++++++
 info/OneFileCMS_structure.txt       |   6 +-
 info/changelog.markdown             |   9 +
 languages/OneFileCMS.LANG.DE.php    |  72 ++---
 languages/OneFileCMS.LANG.EN.php    |  72 ++---
 languages/OneFileCMS.LANG.ES.php    |  72 ++---
 languages/OneFileCMS.LANG.NL.php    |  72 ++---
 languages/OneFileCMS.LANG.RU.php    |  72 ++---
 onefilecms.php                      | 367 +++++++++++++++++---------
 readme.markdown                     |  12 +-
 13 files changed, 1037 insertions(+), 309 deletions(-)
 create mode 100755 extras/OneFileCMS.config.SAMPLE.php
 create mode 100755 extras/OneFileCMS.css
 create mode 100755 extras/plugin-ckeditor_init.php
 create mode 100755 extras/plugin-tinymce_init.php

diff --git a/extras/OneFileCMS.config.SAMPLE.php b/extras/OneFileCMS.config.SAMPLE.php
new file mode 100755
index 0000000..7e268f3
--- /dev/null
+++ b/extras/OneFileCMS.config.SAMPLE.php
@@ -0,0 +1,78 @@
+<?php 
+// OneFileCMS - github.com/Self-Evident/OneFileCMS
+// v3.4.23+
+// Sample external config file - this file is OPTIONAL.
+//
+// Basically, what follows is just a copy & paste of the OneFileCMS CONFIGURABLE INFO.
+
+// CONFIGURABLE INFO ***********************************************************
+$config_title = "OneFileCMS";
+
+$USERNAME = "username";
+$HASHWORD = "cff29a3b595b427ef8d01c089d368c7706a8c68ecc75d566642e313ee97ff659"; //"password"
+//$HASHWORD = "cff29a3b595b427ef8d01c089d368c7706a8c68ecc75d566642e313ee97ff659"; //"password"
+$SALT     = 'somerandomsalt';
+
+$MAX_ATTEMPTS  = 3;   //Max failed login attempts before LOGIN_DELAY starts.
+$LOGIN_DELAY   = 10;  //In seconds.
+$MAX_IDLE_TIME = 600; //In seconds. 600 = 10 minutes.  Other PHP settings (like gc) may limit its max effective value.
+
+$MAIN_WIDTH    = '810px'; //Width of main <div> defining page layout.          Can be px, pt, em, or %.  Assumes px otherwise.
+$WIDE_VIEW_WIDTH = '97%'; //Width to set Edit page if [Wide View] is clicked.  Can be px, pt, em, or %.  Assumes px otherwise.
+
+$MAX_EDIT_SIZE = 200000;  // Edit gets flaky with large files in some browsers.  Trial and error your's.
+$MAX_VIEW_SIZE = 1000000; // If file > $MAX_EDIT_SIZE, don't even view in OneFileCMS.
+                          // The default max view size is completely arbitrary. Basically, it was 2am and seemed like a good idea at the time.
+
+$MAX_IMG_W   = 810;  //Max width (in px) to display images. (main width is 810)
+$MAX_IMG_H   = 1000; //Max height (in px).  I don't know, it just looks reasonable.
+
+$UPLOAD_FIELDS = 10; //Number of upload fields on Upload File(s) page. Max value is ini_get('max_file_uploads').
+
+$config_favicon   = "favicon.ico"; //Path is relative to root of website.
+$config_excluded  = ""; //files to exclude from directory listings- CaSe sEnsiTive!
+
+$config_etypes = "svg,asp,cfg,conf,csv,css,dtd,htm,html,xhtml,htaccess,ini,js,log,markdown,md,php,pl,txt,text"; //Editable file types.
+$config_stypes = "*"; // Shown types; only files of the given types should show up in the file-listing
+	// Use $config_stypes exactly like $config_etypes (list of extensions separated by commas).
+	// If $config_stypes is set to null - by intention or by error - only folders will be shown.
+	// If $config_stypes is set to the *-wildcard (the default), all files will show up.
+	// If $config_stypes is set to "html,htm" for example, only file with the extension "html" or "htm" will get listed.
+
+$config_itypes = "jpg,gif,png,bmp,ico"; //image types to display on edit page.
+//File types (extensions).  _ftypes & _fclass must have the same number of values. bin is default.
+$config_ftypes = "bin,z,gz,7z,zip,jpg,gif,png,bmp,ico,svg,asp,cfg,conf,csv,css,dtd,htm,html,xhtml,htaccess,ini,js,log,markdown,md,php,pl,txt,text";
+//Cooresponding file classes to _ftypes - used to determine icons for directory listing.
+$config_fclass = "bin,z,z ,z ,z  ,img,img,img,img,img,svg,txt,txt,cfg ,txt,css,txt,htm,htm ,htm  ,txt     ,txt,txt,txt,txt   ,txt,php,php,txt,txt";
+
+$EX = '<b>( ! )</b> '; //EXclaimation point "icon" Used in $message's
+
+$SESSION_NAME = 'OFCMS'; //Name of session cookie. Change if using multiple copies of OneFileCMS.
+
+//Restrict access to a particular folder.  Leave empty for access to entire website.
+// "some/path/" is relative to root of website (with no leading slash).
+//$ACCESS_ROOT = 'some/path/';
+
+
+//URL of optional external style sheet.  Used as href in <link ...>
+//If file is not found, or is incomplete, the built-in defaults will be used.
+//$CSS_FILE = 'OneFileCMS.css';
+
+//Notes for $LANGUAGE_FILE, $WYSIWYG_PLUGIN, and $CONFIG_FILE:
+//
+// Filename paths can be:
+//  1) Absolute to the filesystem:  "/some/path/from/system/root/somefile.php"  or
+//  2) Relative to root of website: "some/path/from/web/root/somefile.php"
+
+//Name of optional external language file.  If file is not found, the built-in defaults will be used.
+//$LANGUAGE_FILE = "OneFileCMS.LANG.EN.php";
+
+//Init file for optional external wysiwyg editor.
+//Sample init files are availble in the OneFileCMS repo, but the actual editors are not.
+//$WYSIWYG_PLUGIN = 'plugins/tinymce_init.php';
+//$WYSIWYG_PLUGIN = 'plugins/ckeditor_init.php';
+
+//Name of optional external config file.  Any settings it contains will supersede those above.
+//See the sample file in the OneFileCMS github repo for format example.
+//$CONFIG_FILE = 'OneFileCMS.config.SAMPLE.php';
+//end CONFIGURABLE INFO ********************************************************
diff --git a/extras/OneFileCMS.css b/extras/OneFileCMS.css
new file mode 100755
index 0000000..79da4e8
--- /dev/null
+++ b/extras/OneFileCMS.css
@@ -0,0 +1,391 @@
+/*******************************************************************************
+Sample, OPTIONAL, external style sheet for OneFileCMS.  version 3.5
+*******************************************************************************/
+
+/* --- reset --- */
+* { border : 0; outline: 0; margin: 0; padding: 0;
+    font-family: inherit; font-weight: inherit; font-style : inherit;
+    font-size  : 100%; vertical-align: baseline; }
+
+
+/* --- general formatting --- */
+
+body { font-size: 1em; background: #E8E8E8; font-family: sans-serif; }
+
+p, table, ol { margin-bottom: .6em;}
+
+h1,h2,h3,h4,h5,h6 { font-weight: bold; }
+h2, h3 { font-size: 1.2em; margin: .4em 0 .4em 0; } /*TRBL*/
+
+li { margin-left: 2em }
+
+i, em     { font-style : italic; }
+b, strong { font-weight: bold;   }
+
+:focus { outline:0; }
+
+table { border-collapse:separate; border-spacing:0; }
+th,td { text-align:left; font-weight:400; }
+
+label { font-size : 1em; font-weight: bold; }
+
+pre {
+	background: white;
+	border    : 1px solid #807568;
+	padding   : .2em;
+	margin    : 0;
+	}
+
+input[type="text"]     { width: 100%; border: 1px solid #807568; padding: 1px 1px 1px 0; font : 1em Courier; }
+input[type="password"] { width: 100%; border: 1px solid #807568; padding: 0   1px 0   0; }
+input[type="file"]     { width: 100%; border: 1px solid #807568; background-color: white; }
+
+input[readonly]        { color: #333; background-color: #EEE; }
+input[disabled]        { color: #555; background-color: #EEE; }
+
+input:focus  { background-color: rgb(255,250,150); }
+input:hover  { background-color: rgb(255,250,150); }
+
+button:focus  { background-color: rgb(255,250,150); }
+button:hover  { background-color: rgb(255,250,150); }
+button:active { background-color: rgb(245,245,50);  }
+
+/* --- layout --- */
+
+.container {
+	border : 0px solid #807568;
+	width  : 810px;     /*Adjusted by $MAIN_WIDTH config variable*/
+	margin : 0 auto 2em auto;
+	}
+
+
+#header {
+	border-bottom : 1px solid #807568;
+	padding: 04px 0px 01px 0px;
+	margin : 0 0 .5em 0;
+	}
+
+
+#logo {
+	font-family: 'Trebuchet MS', sans-serif;
+	font-size:2em;
+	font-weight: bold;
+	color: black;
+	padding: .1em;
+	}
+
+
+.h2_filename {
+	border: 1px solid #807568;
+	padding: .1em .2em .1em .2em;
+	font-weight: 700;
+	font-family: courier;
+	background-color: #EEE;
+	}
+
+
+#message_box { border: none; margin: 0 0 .4em 0; padding: 0; }
+
+#message_box_contents { border: 1px solid gray; padding: 4px; background: #FFF000; }
+
+#message_box #message_left {
+	float  : left;
+	margin : 0;
+	padding: 0;
+	border : none;
+	font-weight : 900;
+	}
+
+#message_box  #X_box {
+	display: block;
+	float  : right;
+	margin : 0;
+	padding: 0 2px 0 3px;
+	border : 1px solid gray;
+	font   : 16pt courier;
+	line-height: 18px;
+	background : #EEE;
+	}
+
+#message_box  #X_box:hover  {background-color: rgb(255,250,150);}
+#message_box  #X_box:focus  {background-color: rgb(255,250,150);}
+#message_box  #X_box:active {background-color: rgb(245,245,50); }
+
+.filename { font-family: courier; }
+
+/* --- INDEX directory listing, table format --- */
+table.index_T {
+	min-width: 30em;
+	font-size: .95em;
+	border         : 1px solid #807568;
+	border-collapse: collapse;
+	margin-bottom: .7em;
+	background-color: #FFF;
+	}
+
+table.index_T tr:hover {border: 1px solid #777; background-color: #EEE}
+
+table.index_T th { border: 1px inset silver; vertical-align: middle; padding-left: 4px; text-align: center;}
+
+table.index_T td { border: 1px inset silver; vertical-align: middle;}
+
+.index_T td a {	display: block; border: none; padding: 2px 4px 2px 4px; overflow : hidden; }
+
+table.index_T th:hover { background-color: white;}
+
+.index_T th.file_name   { text-align: left; }
+.index_T th.file_name a { display: inline-block; padding: 0 3em 0 2em;}
+#sort_type { display: inline-block; padding: 0 0em 0 0em;}
+.index_T th.file_size a { display  : block; }
+.index_T th.file_time a { display  : block; }
+
+
+.file_name { min-width: 10em; max-width: 26em; }
+.file_size { min-width:  6em; padding-left: 10px; }
+.file_time { min-width: 10em; padding-left: 10px; }
+
+.meta_T {
+	padding-right : 4px;
+	text-align    : right;
+	font-family   : courier;
+    font-size     : .9em;
+	color         : #333;
+	}
+
+
+/*Index table file select boxes*/
+.ckbox {padding: 2px 4px 0 4px}
+.ckbox:focus { background-color: rgb(255,250,150); }
+.ckbox:hover { background-color: rgb(255,250,150); }
+
+
+#index_page_buttons     { margin: 0 0 .5em 0; }
+#index_page_buttons div { display: inline-block; vertical-align: bottom; }
+
+
+/*** front_links:  [New File] [New Folder] [Upload File] ***/
+.front_links { float: right; }
+ 
+.front_links a {
+	display: inline-block;
+	margin-top  : .2em;
+	border      : 1px solid #807568;
+	font-size   : 1em;  /*Adjusted by langauge files*/
+	margin-left : 1em;  /*Adjusted by langauge files*/
+	padding     : 3px 5px 2px 4px; /*TRBL*/
+	background-color: #EEE;
+	}
+
+a { border: 1px solid transparent; color: rgb(100,45,0); text-decoration: none; }
+a:focus  { border: 1px solid #807568; background-color: rgb(255,250,150); }
+a:hover  { border: 1px solid #807568; background-color: rgb(255,250,150); }
+a:active { border: 1px solid #807568; background-color: rgb(245,245,50);  }
+
+/*** Select All [x]  [Move] [Copy] [Delete] ***/
+
+#select_all_th { min-width: 60px ; max-width: 70px; text-align: right; padding:  0 3px 0 0px; } /*TRBL*/
+
+#select_all_label { 
+	Xdisplay: inline-block;     /* //##### when select all was above table, not in it*/
+	font   : 400 .84em arial;
+	Xwidth  : 72px;			    /* //##### when select all was above table, not in it*/
+	Xpadding: 2px 0 0 2px;      /* //##### when select all was above table, not in it*/
+	color  : #333;
+	cursor:pointer;
+	}
+
+#mcd_submit button {
+	height   : 1.55em;
+	cursor   : pointer;
+	border   : 1px solid #807568;
+	padding  : 0px 4px 0px 3px; /*TRBL*/
+	margin-top  :  .5em;  /* Helps align bottoms with New & Upload buttons */
+	margin-left : 0.0em;  /* no longer needs adjusted by langauge files */
+	margin-right: 1.0em;  /* Adjusted by language files */
+	font-size: .9em;
+	color    : rgb(100,45,0);
+	background-color: #EEE;
+	}
+
+#mcd_submit button:focus  { background-color: rgb(255,250,150); }
+#mcd_submit button:hover  { background-color: rgb(255,250,150); }
+#mcd_submit button:active { background-color: rgb(245,245,50); }
+
+.buttons_right         { float: right; }
+.buttons_right .button { margin-left: .5em; }
+
+.button {
+	cursor : pointer;
+	border : 1px solid #807568;
+	color  : black;
+	padding    : 4px 10px; /*Adjusted by langauge files*/
+	font-size  : .9em;     /*Adjusted by langauge files*/
+	font-family: sans-serif;
+	background-color: #EEE;  /*#d4d4d4*/
+	}
+
+.button:active    { background-color: rgb(245,245,50); }                  /*first                 */
+.button[disabled] { color: #777; background-color: #EEE; cursor: default} /*second - order matters*/
+
+
+/* --- header --- */
+
+.nav   { float: right; display: inline-block; margin-top: 1.35em; font-size : 1em; }
+.nav a { border: 1px solid transparent; font-weight: bold; padding: .2em .6em .1em .6em; }
+.nav a:hover  { border: 1px solid #807568; }
+.nav a:focus  { border: 1px solid #807568; }
+.nav a:active { border: 1px solid #807568; }
+
+
+/* --- edit --- */
+
+#edit_header  {margin: 0;}
+
+#edit_form    {margin: 0;}
+
+.edit_disabled {
+	border : 1px solid #807568;
+	width  : 99%;
+	padding: .2em;
+	margin : .5em 0 .6em 0;
+	color  : #333;
+	background-color: #FFF000;
+	line-height: 1.4em;
+	}
+
+.view_file { font: .9em Courier; background-color: #F8F8F8; overflow:hidden}
+
+#file_editor {
+	border: 1px solid #999;
+	font  : .9em Courier;
+	margin: 0 0 .7em 0;
+	width : 99.8%;
+	height: 32em;
+	}
+
+#file_editor:focus { border: 1px solid #Fdd; }
+
+.file_meta	{ float: left; margin-top: .6em; font-size: .95em; color: #222; }
+
+#edit_notes { font-size: .8em; color: #333 ;margin-top: 1em; clear:both; }
+
+.notes      { margin-bottom: .4em; }
+
+
+/* --- log in --- */
+
+.login_page {
+	border  : 1px solid #807568;
+	width   : 370px;
+	margin  : 5em auto;
+	padding : .5em 1.2em .1em 1em;
+	}
+
+.login_page .nav { margin-top: .5em; }
+
+.login_page input {margin: 0 0 .7em 0;}
+
+
+hr { /*-- -- -- -- -- -- --*/
+	line-height  : 0;
+	Xfont-size    : 1px;
+	display : block;
+	position: relative;
+	padding : 0;
+	margin  : .6em auto;
+	width   : 100%;
+	clear   : both;
+	border  : none;
+	border-top   : 1px solid #807568;
+	Xborder-bottom: 1px solid #eee;
+	overflow: visible;
+	}
+
+
+.verify {
+	min-width       : 50%; 
+	font            : 1em Courier;
+	border          : 1px solid gray;
+	border-collapse : collapse;
+	background-color: white;
+	}
+
+.verify th {
+	border          : 1px solid gray;
+	padding         : 0 1em 0 1em;
+	text-align      : center;
+	font-weight     : 900;
+	font-family     : arial;
+	background-color: #EEE;
+	}
+
+.verify td {
+	border : 1px inset silver;
+	padding: .1em 1em .1em .5em;
+	vertical-align: middle;
+	}
+
+.verify_del {
+	font  : 1em Courier;
+	border: 1px solid #F00;
+	padding: .2em .4em;
+	color  : #222;
+	background-color: #FDD;
+	}
+
+.verify_del td { border: 1px solid #F44; }
+
+
+#admin {padding: .3em;}
+
+.admin_buttons .button {margin-right: .5em;}
+
+.clear {clear:both; padding: 0; margin: 0; border: none}
+
+.web_root { border: 0px solid  #807568; border-right: none; font: 1em Courier; padding: 1px; }
+
+.icon {float: left;}
+
+.mono {font-family: courier;}
+
+.info {margin: .7em 0 .5em 0; background: #f9f9f9; padding: .2em .5em;}
+
+.path {padding: 1px 5px 1px 5px} /*TRBL*/
+
+.timer {border: 1px solid gray; padding: 3px .5em 4px .5em;}
+
+.timeout {float:right; font-size: .95em; color: #333;}
+
+.edit_btns_top {margin: .2em 0 .5em 0;}
+
+.image_info {
+	color: #222;
+	font-size: 1em ; /*Adjusted by langauge files*/
+	margin: .7em 0 1em 0;
+	}
+
+.edit_btns_bottom {float: right;}
+.edit_btns_bottom .button { margin-left: .7em; } /*Adjusted by langauge files*/
+.edit_btns_bottom .RCD { padding-left: 5px; padding-right: 6px; }
+.edit_btns_bottom svg  { padding : 0 4px 0 0; }
+
+input[type="text"].new_name {width  : 50%; margin-bottom: .2em;}
+
+.old_backup_T {float: left; margin-bottom: .3em;}
+
+#del_backup   {float: left; margin-left  :  1em; padding: 2px 5px}
+
+/*** For old IE only: text "icons" for Rename, Copy, and Delete ***/
+.RCD1  {font: 900 7pt arial; padding: 0px 3px 0px 3px; margin: 0px; float: left}
+.R    {color: #00a;    border: 1px solid #804000}
+.C    {color: #006400; border: 1px solid #008400}
+.D    {color: #b00;    border: 1px solid #b00}
+
+.action   {display: inline-block}
+.ren_over {display: inline-block}
+.ren_over input {margin: 0 0 0 2em}
+.ren_over label {font-weight: normal}
+
+#DIRECTORY_FOOTER td {text-align: center; font-size: .9em; color: #333; }
+#folders_first_label {font-size: .9em; font-weight: normal; color: #333; margin: 0 0 0 0 ;} /*TRBL*/
+#folders_first_label:hover {background-color: rgb(255,250,150); cursor:pointer;}
diff --git a/extras/plugin-ckeditor_init.php b/extras/plugin-ckeditor_init.php
new file mode 100755
index 0000000..ca3c27b
--- /dev/null
+++ b/extras/plugin-ckeditor_init.php
@@ -0,0 +1,40 @@
+<?php /*************************************************************************
+Sample code to use the CKEditor with OneFileCMS (as of v3.4.19).
+
+For information on CKEditor, visit ckeditor.com.
+
+Here is a brief how-to:
+(The "plugin" folder used below is not required, or may be named anything you like.)
+
+ 1) Obtain CKEditor.
+
+ 2) Install CKEditor into a folder on your web site. For example: "plugins/".
+
+ 3) From the github.com/Self-Evident/OneFileCMS repo, copy the file 
+    "ckeditor_init.php" into the "plugins/" folder.
+
+ 4) In the configuration section of OneFileCMS, uncomment or add the following variable:
+    $WYSIWYG_PLUGIN = 'plugins/ckeditor_init.php';  //Init settings for CKEditor (this file).
+
+	Path can be absolute to the filesystem, or relative to root of website.
+
+ 5) In the "init" file specified by $WYSIWYG_PLUGIN (ie: this file): 
+    1) specify the source file of the actual plugin via a <script src= ...> tag.*
+	2) specify the id of the OneFileCMS textarea, "file_editor", in the CKEDITOR.replace() call
+	    
+	*Note: In the src attribute of the <script> tag, the plugin path is absolute,
+	       but relative to the root of the website, and the leading forward slash 
+		   is generally required. 
+	(This is in contrast to configuration values such as $WYSIWYG_PLUGIN.)
+
+ 6) Reload OneFileCMS, open a file for editing, and click [Edit WYSIWIG].
+*****************************************************************************/?>
+
+<script type="text/javascript" src="/plugins/ckeditor/ckeditor.js"></script>
+<script type="text/javascript">
+	CKEDITOR.replace( 'file_editor',{  //id of desired <textarea>
+		fullPage : true,
+		extraPlugins : 'docprops'
+	});
+</script>
+
diff --git a/extras/plugin-tinymce_init.php b/extras/plugin-tinymce_init.php
new file mode 100755
index 0000000..b744235
--- /dev/null
+++ b/extras/plugin-tinymce_init.php
@@ -0,0 +1,83 @@
+<?php /*************************************************************************
+Sample code to use the TinyMCE editor with OneFileCMS (as of v3.4.19).
+
+For information on TinyMCE, visit tinymce.moxiecode.com.
+
+Here is a brief how-to:
+(The "plugin" folder used below is not required, or may be named anything you like.)
+
+ 1) Obtain TinyMCE.
+
+ 2) Install TinyMCE into a folder on your web site. For example: "plugins/".
+
+ 3) From the github.com/Self-Evident/OneFileCMS repo, copy the file 
+    "tinymce_init.php" into the "plugins/" folder.
+
+ 4) In the configuration section of OneFileCMS, uncomment or add the following variable:
+    $WYSIWYG_PLUGIN = 'plugins/tinymce_init.php'; // Init settings for TinyMCE (this file).
+
+	Path can be absolute to the filesystem, or relative to root of website.
+
+ 5) In the "init" file specified by $WYSIWYG_PLUGIN (this file): 
+    - specify the source file of the actual plugin via a <script src= ...> tag.*
+
+
+	*Note: In the src attribute of the <script> tag, the plugin path is absolute,
+	       but relative to the root of the website, and the leading forward slash 
+		   is generally required. 
+	(This is in contrast to configuration values such as $WYSIWYG_PLUGIN.)
+
+ 6) Reload OneFileCMS, open a file for editing, and click [Edit WYSIWIG].
+*****************************************************************************/?>
+
+<script type="text/javascript" src="/plugins/tinymce/jscripts/tiny_mce/tiny_mce.js"></script>
+<script type="text/javascript"> 
+	tinyMCE.init({
+		// General options
+		mode : "textareas",
+		theme : "advanced",
+		
+		plugins : "fullpage,autolink,lists,pagebreak,style,layer,table,save,advhr,advimage,advlink,emotions,iespell,inlinepopups,insertdatetime,preview,media,searchreplace,print,contextmenu,paste,directionality,fullscreen,noneditable,visualchars,nonbreaking,xhtmlxtras,template,wordcount,advlist,autosave,visualblocks",
+		
+		// Theme options
+		theme_advanced_buttons1 : "save,newdocument,preview,print,|,restoredraft,|,removeformat,undo,redo,cut,copy,paste,pastetext,pasteword,|,search,replace,|,visualblocks,visualchars,visualaid,fullscreen,|,styleprops,|,code,|,help,|",
+		theme_advanced_buttons2 : "bold,italic,underline,strikethrough,|,sub,sup,forecolor,backcolor,|,fontselect,fontsizeselect,nonbreaking,charmap,|,insertdate,inserttime,|,emotions,image,|,attribs,fullpage",
+		theme_advanced_buttons3 : "justifyleft,justifycenter,justifyright,justifyfull,|,outdent,indent,bullist,numlist,|,styleselect,formatselect,blockquote,ltr,rtl,|,hr,advhr,|,link,unlink,anchor,|",
+		theme_advanced_buttons4 : "tablecontrols,|,insertlayer,moveforward,movebackward,absolute,|,cite,abbr,acronym,del,ins,|,pagebreak,template,|,cleanup,|",
+		theme_advanced_toolbar_location : "top",
+		theme_advanced_toolbar_align : "left",
+		theme_advanced_statusbar_location : "bottom",
+		theme_advanced_resizing : true,
+		
+		// Example content CSS (should be your site CSS)  //####################
+		//content_css : "css/content.css",
+		
+		// Drop lists for link/image/media/template dialogs
+		template_external_list_url : "lists/template_list.js",
+		external_link_list_url : "lists/link_list.js",
+		external_image_list_url : "lists/image_list.js",
+		media_external_list_url : "lists/media_list.js",
+		
+		// Style formats
+		style_formats : [
+			{title : 'Bold text', inline : 'b'},
+			{title : 'Red text', inline : 'span', styles : {color : '#ff0000'}},
+			{title : 'Red header', block : 'h1', styles : {color : '#ff0000'}},
+			{title : 'Example 1', inline : 'span', classes : 'example1'},
+			{title : 'Example 2', inline : 'span', classes : 'example2'},
+			{title : 'Table styles'},
+			{title : 'Table row 1', selector : 'tr', classes : 'tablerow1'}
+		],
+		
+		//========================
+		//doctype : '<!DOCTYPE html>',
+        //verify_html : false,
+        //verify_css_classes : true,
+        //cleanup : false,
+        //cleanup_on_startup : false,
+		remove_linebreaks : false,
+		//fullpage_default_xml_pi : false,
+		//fullpage_doctypes : 'HTML<!DOCTYPE HTML>',
+		//fullpage_default_doctype : '<!DOCTYPE html>',
+	}); 
+</script>
diff --git a/info/OneFileCMS_structure.txt b/info/OneFileCMS_structure.txt
index e78dfae..9026c87 100755
--- a/info/OneFileCMS_structure.txt
+++ b/info/OneFileCMS_structure.txt
@@ -1,4 +1,4 @@
-OneFileCMS Version 3.4.23 structure/layout
+OneFileCMS Version 3.5 structure/layout
 
 LICENSE
 
@@ -97,7 +97,9 @@ JAVASCRIPT FUNCTIONS:
 		Select_All()
 		Confirm_Submit()
 	Index_Page_scripts()
-		assemble_row()
+		Sort_FOlder_First()
+		Sort_DIRECTORY()
+		Assemble_row()
 		Display_Directory_Summary()
 		Build_Directory
 	Edit_Page_scripts()
diff --git a/info/changelog.markdown b/info/changelog.markdown
index 7d9bc0c..717bc9a 100755
--- a/info/changelog.markdown
+++ b/info/changelog.markdown
@@ -1,5 +1,14 @@
 # OneFileCMS Change Log
 
+### v3.5 (February 20, 2014)
+
+- The directory list can now be sorted by column: name, .ext, size, date.
+- Also has an option to list folders first, or to sort without regard to file or folder.
+- In accomplishing the above, most sorting moved client side.  This permits resorts without another server hit.
+- Added & tweaked some css...
+- Slight restructure of the repo (ie: move a few "extras" files around).
+- NOTE:  versions 3.4.23 & 3.4.24 DO NOT WORK IN IE!  I don't know why yet, mostly likely js related.
+
 ### v3.4.23 (February 12, 2014)
 
 - More changes in prep for sort by column
diff --git a/languages/OneFileCMS.LANG.DE.php b/languages/OneFileCMS.LANG.DE.php
index 00f8103..791799e 100755
--- a/languages/OneFileCMS.LANG.DE.php
+++ b/languages/OneFileCMS.LANG.DE.php
@@ -26,44 +26,44 @@
 $_['image_info_pos']         = '1';       //If 1 or true, moves the info down a line for more space.
 $_['select_all_label_size']  = '.84em';   //Font size of $_['Select_All']
 $_['select_all_label_width'] = '76px';    //Width of space for $_['Select_All']
-$_['HTML']                   = 'HTML';
-$_['WYSIWYG']                = 'WYSIWYG'; //## NT ##
 
-$_['Admin']   = 'Konfiguration';
-$_['bytes']   = 'bytes';   //## NT ##
+$_['HTML']    = 'HTML';
+$_['WYSIWYG'] = 'WYSIWYG'; //## NT ##
 
-$_['Cancel']  = 'Abbrechen';
-$_['Close']   = 'Schließen';
-$_['Copy']    = 'Erstellen';
-$_['Copied']  = 'Kopieren';
-$_['Create']  = 'Kopiert';
-$_['Date']    = 'Date';    //## NT ##
-$_['Delete']  = 'Löschen';
-$_['DELETE']  = 'LÖSCHEN';
-$_['Deleted'] = 'Gelöschte';
-$_['Edit']    = 'Bearbeiten';
-$_['Enter']   = 'Eintreten';
-$_['Error']   = 'Fehler';
-$_['errors']  = 'Fehler';
-$_['File']    = 'Datei';
-$_['files']   = 'files';   //## NT ##
-$_['Folder']  = 'Ordner';
-$_['folders'] = 'folders'; //## NT ##
-$_['From']    = 'Von';
-$_['Hash']    = 'Streuwert';
-$_['Move']    = 'Verschieben';
-$_['Moved']   = 'Verschoben';
-$_['Name']    = 'Name';    //## NT ##
-$_['on']      = 'läuft unter';
-
-$_['Password']   = 'Passwort';
-$_['Rename']     = 'Umbenennen';
-$_['Size']       = 'Size'; //## NT ##
-$_['Source']     = 'Source'; //## NT ##
+$_['Admin']    = 'Konfiguration';
+$_['bytes']    = 'bytes';   //## NT ##
+$_['Cancel']   = 'Abbrechen';
+$_['Close']    = 'Schließen';
+$_['Copy']     = 'Erstellen';
+$_['Copied']   = 'Kopieren';
+$_['Create']   = 'Kopiert';
+$_['Date']     = 'Date';    //## NT ##
+$_['Delete']   = 'Löschen';
+$_['DELETE']   = 'LÖSCHEN';
+$_['Deleted']  = 'Gelöschte';
+$_['Edit']     = 'Bearbeiten';
+$_['Enter']    = 'Eintreten';
+$_['Error']    = 'Fehler';
+$_['errors']   = 'Fehler';
+$_['ext']      = 'ext';     //## NT ##
+$_['File']     = 'Datei';
+$_['files']    = 'files';   //## NT ##
+$_['Folder']   = 'Ordner';
+$_['folders']  = 'folders'; //## NT ##
+$_['From']     = 'Von';
+$_['Hash']     = 'Streuwert';
+$_['Move']     = 'Verschieben';
+$_['Moved']    = 'Verschoben';
+$_['Name']     = 'Name';    //## NT ##
+$_['on']       = 'läuft unter';
+$_['Password'] = 'Passwort';
+$_['Rename']   = 'Umbenennen';
+$_['Size']     = 'Size';    //## NT ##
+$_['Source']   = 'Source';  //## NT ##
 $_['successful'] = 'Erfolgreich';
-$_['To']         = 'Auf';
-$_['Upload']     = 'Heraufladen';
-$_['Username']   = 'Benutzername';
+$_['To']       = 'Auf';
+$_['Upload']   = 'Heraufladen';
+$_['Username'] = 'Benutzername';
 
 $_['Working']        = 'Working - please wait...'; //## NT ##
 $_['Log_In']         = 'Anmelden';
@@ -75,6 +75,7 @@
 $_['New_File']       = 'Neuer Datei';
 $_['Ren_Move']       = 'Umbenennen / Verschieben';
 $_['Ren_Moved']      = 'Umbenannt / Verschoben';
+$_['folders_first']  = 'folders first'; //## NT ##
 $_['New_Folder']     = 'Neuer Ordner';
 $_['Ren_Folder']     = 'Ordner umbenennen/verschieben';
 $_['Submit']         = 'Anfrage senden';
@@ -151,6 +152,7 @@
 
 $_['meta_txt_01'] = 'Dateigröße:';
 $_['meta_txt_03'] = 'Aktualisiert:';
+
 $_['edit_msg_01'] = 'Die Datei wurde gespeichert:';
 $_['edit_msg_02'] = 'Bytes geschrieben.';
 $_['edit_msg_03'] = 'Bei dem Versuch die Datei zu speichern trat ein Fehler auf.';
diff --git a/languages/OneFileCMS.LANG.EN.php b/languages/OneFileCMS.LANG.EN.php
index 8a94873..3a2b189 100755
--- a/languages/OneFileCMS.LANG.EN.php
+++ b/languages/OneFileCMS.LANG.EN.php
@@ -26,44 +26,44 @@
 $_['image_info_pos']         = '';        //If 1 or true, moves the info down a line for more space.
 $_['select_all_label_size']  = '.84em';   //Font size of $_['Select_All']
 $_['select_all_label_width'] = '72px';    //Width of space for $_['Select_All']
-$_['HTML']                   = 'HTML';
-$_['WYSIWYG']                = 'WYSIWYG';
 
-$_['Admin']   = 'Admin';
-$_['bytes']   = 'bytes';
+$_['HTML']    = 'HTML';
+$_['WYSIWYG'] = 'WYSIWYG';
 
-$_['Cancel']  = 'Cancel';
-$_['Close']   = 'Close';
-$_['Copy']    = 'Copy';
-$_['Copied']  = 'Copied';
-$_['Create']  = 'Create';
-$_['Date']    = 'Date';
-$_['Delete']  = 'Delete';
-$_['DELETE']  = 'DELETE';
-$_['Deleted'] = 'Deleted';
-$_['Edit']    = 'Edit';
-$_['Enter']   = 'Enter';
-$_['Error']   = 'Error';
-$_['errors']  = 'errors';
-$_['File']    = 'File';
-$_['files']   = 'files';
-$_['Folder']  = 'Folder';
-$_['folders'] = 'folders';
-$_['From']    = 'From';
-$_['Hash']    = 'Hash';
-$_['Move']    = 'Move';
-$_['Moved']   = 'Moved';
-$_['Name']    = 'Name';
-$_['on']      = 'on';
-
-$_['Password']   = 'Password';
-$_['Rename']     = 'Rename';
-$_['Size']       = 'Size';
-$_['Source']     = 'Source';
+$_['Admin']    = 'Admin';
+$_['bytes']    = 'bytes';
+$_['Cancel']   = 'Cancel';
+$_['Close']    = 'Close';
+$_['Copy']     = 'Copy';
+$_['Copied']   = 'Copied';
+$_['Create']   = 'Create';
+$_['Date']     = 'Date';
+$_['Delete']   = 'Delete';
+$_['DELETE']   = 'DELETE';
+$_['Deleted']  = 'Deleted';
+$_['Edit']     = 'Edit';
+$_['Enter']    = 'Enter';
+$_['Error']    = 'Error';
+$_['errors']   = 'errors';
+$_['ext']      = 'ext';     //## NT ## filename.ext(ension)
+$_['File']     = 'File';
+$_['files']    = 'files';
+$_['Folder']   = 'Folder';
+$_['folders']  = 'folders';
+$_['From']     = 'From';
+$_['Hash']     = 'Hash';
+$_['Move']     = 'Move';
+$_['Moved']    = 'Moved';
+$_['Name']     = 'Name';
+$_['on']       = 'on';
+$_['Password'] = 'Password';
+$_['Rename']   = 'Rename';
+$_['Size']     = 'Size';
+$_['Source']   = 'Source';
 $_['successful'] = 'successful';
-$_['To']         = 'To';
-$_['Upload']     = 'Upload';
-$_['Username']   = 'Username';
+$_['To']       = 'To';
+$_['Upload']   = 'Upload';
+$_['Username'] = 'Username';
 
 $_['Working']        = 'Working - please wait...';
 $_['Log_In']         = 'Log In';
@@ -75,6 +75,7 @@
 $_['New_File']       = 'New File';
 $_['Ren_Move']       = 'Rename / Move';
 $_['Ren_Moved']      = 'Renamed / Moved';
+$_['folders_first']  = 'folders first'; //## NT ##
 $_['New_Folder']     = 'New Folder';
 $_['Ren_Folder']     = 'Rename / Move Folder';
 $_['Submit']         = 'Submit Request';
@@ -151,6 +152,7 @@
 
 $_['meta_txt_01'] = 'Filesize:';
 $_['meta_txt_03'] = 'Updated:';
+
 $_['edit_msg_01'] = 'File saved:';
 $_['edit_msg_02'] = 'bytes written.';
 $_['edit_msg_03'] = 'There was an error saving file.';
diff --git a/languages/OneFileCMS.LANG.ES.php b/languages/OneFileCMS.LANG.ES.php
index 95d6110..146931d 100755
--- a/languages/OneFileCMS.LANG.ES.php
+++ b/languages/OneFileCMS.LANG.ES.php
@@ -26,44 +26,44 @@
 $_['image_info_pos']         = ' ';       //If 1 or true, moves the info down a line for more space.
 $_['select_all_label_size']  = '.84em';   //Font size of $_['Select_All']
 $_['select_all_label_width'] = '110px';   //Width of space for $_['Select_All']
-$_['HTML']                   = 'HTML';
-$_['WYSIWYG']                = 'WYSIWYG'; //## NT ##
 
-$_['Admin']   = 'Administrador';
-$_['bytes']   = 'bytes';   //## NT ##
+$_['HTML']    = 'HTML';
+$_['WYSIWYG'] = 'WYSIWYG'; //## NT ##
 
-$_['Cancel']  = 'Cancelar';
-$_['Close']   = 'Cerrar';
-$_['Copy']    = 'Copiar';
-$_['Copied']  = 'Copiado';
-$_['Create']  = 'Crear';
-$_['Date']    = 'Date';    //## NT ##
-$_['Delete']  = 'Eliminar';
-$_['DELETE']  = 'ELIMINAR';
-$_['Deleted'] = 'Eliminado';
-$_['Edit']    = 'Editar';
-$_['Enter']   = 'Entrar';
-$_['Error']   = 'Error';   //## NT ##
-$_['errors']  = 'errores';
-$_['File']    = 'Archivo';
-$_['files']   = 'files';   //## NT ##
-$_['Folder']  = 'Carpeta';
-$_['folders'] = 'folders'; //## NT ##
-$_['From']    = 'de';
-$_['Hash']    = 'Cadena';
-$_['Move']    = 'Mover';
-$_['Moved']   = 'Movido';
-$_['Name']    = 'Name';    //## NT ##
-$_['on']      = 'activado';
-
-$_['Password']   = 'contraseña';
-$_['Rename']     = 'Renombrar';
-$_['Size']       = 'Size'; //## NT ##
-$_['Source']     = 'Source'; //## NT ##
+$_['Admin']    = 'Administrador';
+$_['bytes']    = 'bytes';   //## NT ##
+$_['Cancel']   = 'Cancelar';
+$_['Close']    = 'Cerrar';
+$_['Copy']     = 'Copiar';
+$_['Copied']   = 'Copiado';
+$_['Create']   = 'Crear';
+$_['Date']     = 'Date';    //## NT ##
+$_['Delete']   = 'Eliminar';
+$_['DELETE']   = 'ELIMINAR';
+$_['Deleted']  = 'Eliminado';
+$_['Edit']     = 'Editar';
+$_['Enter']    = 'Entrar';
+$_['Error']    = 'Error';   //## NT ##
+$_['errors']   = 'errores';
+$_['ext']      = 'ext';     //## NT ##
+$_['File']     = 'Archivo';
+$_['files']    = 'files';   //## NT ##
+$_['Folder']   = 'Carpeta';
+$_['folders']  = 'folders'; //## NT ##
+$_['From']     = 'de';
+$_['Hash']     = 'Cadena';
+$_['Move']     = 'Mover';
+$_['Moved']    = 'Movido';
+$_['Name']     = 'Name';    //## NT ##
+$_['on']       = 'activado';
+$_['Password'] = 'contraseña';
+$_['Rename']   = 'Renombrar';
+$_['Size']     = 'Size';    //## NT ##
+$_['Source']   = 'Source';  //## NT ##
 $_['successful'] = 'satisfactoriamente';
-$_['To']         = 'Hacia';
-$_['Upload']     = 'Subir';
-$_['Username']   = 'Usuario';
+$_['To']       = 'Hacia';
+$_['Upload']   = 'Subir';
+$_['Username'] = 'Usuario';
 
 $_['Working']        = 'Working - please wait...'; //## NT ##
 $_['Log_In']         = 'Iniciar Sesión';
@@ -75,6 +75,7 @@
 $_['New_File']       = 'Archivo Nuevo';
 $_['Ren_Move']       = 'Renombrar / Mover';
 $_['Ren_Moved']      = 'Renombrado / Movido';
+$_['folders_first']  = 'folders first'; //## NT ##
 $_['New_Folder']     = 'Carpeta Nueva';
 $_['Ren_Folder']     = 'Renombrar / Mover Carpeta';
 $_['Submit']         = 'Cargar';
@@ -151,6 +152,7 @@
 
 $_['meta_txt_01'] = 'Tamaño:';
 $_['meta_txt_03'] = 'Actualizado:';
+
 $_['edit_msg_01'] = 'Archivo Guardado:';
 $_['edit_msg_02'] = 'bytes escritos.';
 $_['edit_msg_03'] = 'Ocurrió un error guardando el archivo.';
diff --git a/languages/OneFileCMS.LANG.NL.php b/languages/OneFileCMS.LANG.NL.php
index 5c458a1..23c0e9d 100755
--- a/languages/OneFileCMS.LANG.NL.php
+++ b/languages/OneFileCMS.LANG.NL.php
@@ -26,44 +26,44 @@
 $_['image_info_pos']         = '';        //If 1 or true, moves the info down a line for more space.
 $_['select_all_label_size']  = '.84em';   //Font size of $_['Select_All']
 $_['select_all_label_width'] = '90px';    //Width of space for $_['Select_All']
-$_['HTML']                   = 'HTML';
-$_['WYSIWYG']                = 'WYSIWYG'; //## NT ##
 
-$_['Admin']   = 'Beheer';
-$_['bytes']   = 'bytes';   //## NT ##
+$_['HTML']    = 'HTML';
+$_['WYSIWYG'] = 'WYSIWYG'; //## NT ##
 
-$_['Cancel']  = 'Annuleren';
-$_['Close']   = 'Sluiten';
-$_['Copy']    = 'Kopiëren';
-$_['Copied']  = 'Gekopiëerd';
-$_['Create']  = 'Aanmaken';
-$_['Date']    = 'Date';    //## NT ##
-$_['Delete']  = 'Verwijderen';
-$_['DELETE']  = 'VERWIJDER';
-$_['Deleted'] = 'Verwijderd';
-$_['Edit']    = 'Bewerken';
-$_['Enter']   = 'Enter';   //## NT ##
-$_['Error']   = 'Fout';
-$_['errors']  = 'fouten';
-$_['File']    = 'Bestand';
-$_['files']   = 'files';   //## NT ##
-$_['Folder']  = 'Map';
-$_['folders'] = 'folders'; //## NT ##
-$_['From']    = 'Van';
-$_['Hash']    = 'Hash';    //## NT ##
-$_['Move']    = 'Verplaats';
-$_['Moved']   = 'Verplaatst';
-$_['Name']    = 'Name';    //## NT ##
-$_['on']      = 'on';      //## NT ##
-
-$_['Password']   = 'Wachtwoord';
-$_['Rename']     = 'Hernoemen';
-$_['Size']       = 'Size'; //## NT ##
-$_['Source']     = 'Source'; //## NT ##
+$_['Admin']    = 'Beheer';
+$_['bytes']    = 'bytes';   //## NT ##
+$_['Cancel']   = 'Annuleren';
+$_['Close']    = 'Sluiten';
+$_['Copy']     = 'Kopiëren';
+$_['Copied']   = 'Gekopiëerd';
+$_['Create']   = 'Aanmaken';
+$_['Date']     = 'Date';    //## NT ##
+$_['Delete']   = 'Verwijderen';
+$_['DELETE']   = 'VERWIJDER';
+$_['Deleted']  = 'Verwijderd';
+$_['Edit']     = 'Bewerken';
+$_['Enter']    = 'Enter';   //## NT ##
+$_['Error']    = 'Fout';
+$_['errors']   = 'fouten';
+$_['ext']      = 'ext';     //## NT ##
+$_['File']     = 'Bestand';
+$_['files']    = 'files';   //## NT ##
+$_['Folder']   = 'Map';
+$_['folders']  = 'folders'; //## NT ##
+$_['From']     = 'Van';
+$_['Hash']     = 'Hash';    //## NT ##
+$_['Move']     = 'Verplaats';
+$_['Moved']    = 'Verplaatst';
+$_['Name']     = 'Name';    //## NT ##
+$_['on']       = 'on';      //## NT ##
+$_['Password'] = 'Wachtwoord';
+$_['Rename']   = 'Hernoemen';
+$_['Size']     = 'Size';    //## NT ##
+$_['Source']   = 'Source';  //## NT ##
 $_['successful'] = 'succesvol';
-$_['To']         = 'Aan';
-$_['Upload']     = 'Upload'; //## NT ##
-$_['Username']   = 'Gebruikersnaam';
+$_['To']       = 'Aan';
+$_['Upload']   = 'Upload';  //## NT ##
+$_['Username'] = 'Gebruikersnaam';
 
 $_['Working']        = 'Working - please wait...'; //## NT ##
 $_['Log_In']         = 'Inloggen';
@@ -75,6 +75,7 @@
 $_['New_File']       = 'Nieuw Bestand';
 $_['Ren_Move']       = 'Hernoemen / Verplaatsen';
 $_['Ren_Moved']      = 'Hernoemend / Verplaatst';
+$_['folders_first']  = 'folders first'; //## NT ##
 $_['New_Folder']     = 'Nieuwe Map';
 $_['Ren_Folder']     = 'Hernoem / Verplaats Map';
 $_['Submit']         = 'Verzoek Indienen';
@@ -151,6 +152,7 @@
 
 $_['meta_txt_01'] = 'Bestandsgrootte:';
 $_['meta_txt_03'] = 'Bijgewerkt:';
+
 $_['edit_msg_01'] = 'Bestand opgeslagen:';
 $_['edit_msg_02'] = 'bytes geschreven.';
 $_['edit_msg_03'] = 'Er was een fout bij het opslaan van bestand:';
diff --git a/languages/OneFileCMS.LANG.RU.php b/languages/OneFileCMS.LANG.RU.php
index 76fe4e3..463a3cb 100755
--- a/languages/OneFileCMS.LANG.RU.php
+++ b/languages/OneFileCMS.LANG.RU.php
@@ -26,44 +26,44 @@
 $_['image_info_pos']         = '';        //If 1 or true, moves the info down a line for more space.
 $_['select_all_label_size']  = '.84em';   //Font size of $_['Select_All']
 $_['select_all_label_width'] = '72px';    //Width of space for $_['Select_All']
-$_['HTML']                   = 'HTML';
-$_['WYSIWYG']                = 'WYSIWYG'; //## NT ##
 
-$_['Admin']   = 'Админка';
-$_['bytes']   = 'байт';
+$_['HTML']    = 'HTML';
+$_['WYSIWYG'] = 'WYSIWYG'; //## NT ##
 
-$_['Cancel']  = 'Отмена';
-$_['Close']   = 'Закрыть';
-$_['Copy']    = 'Копия';
-$_['Copied']  = 'Копировать';
-$_['Create']  = 'Создать';
-$_['Date']    = 'Date';    //## NT ##
-$_['Delete']  = 'Удалить';
-$_['DELETE']  = 'УДАЛИТЬ';
-$_['Deleted'] = 'Удалено';
-$_['Edit']    = 'Редактировать';
-$_['Enter']   = 'Вход';
-$_['Error']   = 'Ошибка';
-$_['errors']  = 'ошибки';
-$_['File']    = 'Файл';
-$_['files']   = 'files';   //## NT ##
-$_['Folder']  = 'Папка';
-$_['folders'] = 'folders'; //## NT ##
-$_['From']    = 'из';
-$_['Hash']    = 'Хэш';
-$_['Move']    = 'Переместить';
-$_['Moved']   = 'Перемещено';
-$_['Name']    = 'Name';    //## NT ##
-$_['on']      = 'в';
-
-$_['Password']   = 'Пароль';
-$_['Rename']     = 'Rename'; //## NT ##
-$_['Size']       = 'Size'; //## NT ##
-$_['Source']     = 'Source'; //## NT ##
+$_['Admin']    = 'Админка';
+$_['bytes']    = 'байт';
+$_['Cancel']   = 'Отмена';
+$_['Close']    = 'Закрыть';
+$_['Copy']     = 'Копия';
+$_['Copied']   = 'Копировать';
+$_['Create']   = 'Создать';
+$_['Date']     = 'Date';    //## NT ##
+$_['Delete']   = 'Удалить';
+$_['DELETE']   = 'УДАЛИТЬ';
+$_['Deleted']  = 'Удалено';
+$_['Edit']     = 'Редактировать';
+$_['Enter']    = 'Вход';
+$_['Error']    = 'Ошибка';
+$_['errors']   = 'ошибки';
+$_['ext']      = 'ext';     //## NT ##
+$_['File']     = 'Файл';
+$_['files']    = 'files';   //## NT ##
+$_['Folder']   = 'Папка';
+$_['folders']  = 'folders'; //## NT ##
+$_['From']     = 'из';
+$_['Hash']     = 'Хэш';
+$_['Move']     = 'Переместить';
+$_['Moved']    = 'Перемещено';
+$_['Name']     = 'Name';    //## NT ##
+$_['on']       = 'в';
+$_['Password'] = 'Пароль';
+$_['Rename']   = 'Rename';  //## NT ##
+$_['Size']     = 'Size';    //## NT ##
+$_['Source']   = 'Source';  //## NT ##
 $_['successful'] = 'успешно';
-$_['To']         = 'В';
-$_['Upload']     = 'Загрузить';
-$_['Username']   = 'Логин';
+$_['To']       = 'В';
+$_['Upload']   = 'Загрузить';
+$_['Username'] = 'Логин';
 
 $_['Working']        = 'Working - please wait...'; //## NT ##
 $_['Log_In']         = 'Войти';
@@ -75,6 +75,7 @@
 $_['New_File']       = 'Новый файл';
 $_['Ren_Move']       = 'Переименовать / Переместить';
 $_['Ren_Moved']      = 'Переименованно / Перемещенно';
+$_['folders_first']  = 'folders first'; //## NT ##
 $_['New_Folder']     = 'Новая папка';
 $_['Ren_Folder']     = 'Переименовать / Переместить папку';
 $_['Submit']         = 'Отправить изменения';
@@ -151,6 +152,7 @@
 
 $_['meta_txt_01'] = 'Размер файла:';
 $_['meta_txt_03'] = 'Обновлен:';
+
 $_['edit_msg_01'] = 'Файл сохранён:';
 $_['edit_msg_02'] = 'записанных байт.';
 $_['edit_msg_03'] = 'Существовала ошибка сохраниния файла .';
diff --git a/onefilecms.php b/onefilecms.php
index 52454c0..3fcc659 100755
--- a/onefilecms.php
+++ b/onefilecms.php
@@ -1,7 +1,7 @@
 <?php 
 // OneFileCMS - github.com/Self-Evident/OneFileCMS
 
-$OFCMS_version = '3.4.23';
+$OFCMS_version = '3.5';
 
 /*******************************************************************************
 Except where noted otherwise:
@@ -93,7 +93,7 @@
 
 $MAX_EDIT_SIZE = 200000;  // Edit gets flaky with large files in some browsers.  Trial and error your's.
 $MAX_VIEW_SIZE = 1000000; // If file > $MAX_EDIT_SIZE, don't even view in OneFileCMS.
-                          // The default max view size is completely arbitrary. Basically, it was 2am and seemed like a good idea at the time.
+                          // The default max view size is completely arbitrary. Basically, it was 2am, and seemed like a good idea at the time.
 
 $MAX_IMG_W   = 810;  //Max width (in px) to display images. (main width is 810)
 $MAX_IMG_H   = 1000; //Max height (in px).  I don't know, it just looks reasonable.
@@ -118,7 +118,7 @@
 
 $EX = '<b>( ! )</b> '; //EXclaimation point "icon" Used in $message's
 
-$SESSION_NAME = 'OFCMS'; //Name of session cookie. Change if using multiple copies of OneFileCMS.
+$SESSION_NAME = 'OFCMS'; //Name of session cookie. Change if using multiple copies of OneFileCMS concurrently.
 
 //Restrict access to a particular folder.  Leave empty for access to entire website.
 // "some/path/" is relative to root of website (with no leading slash).
@@ -273,12 +273,27 @@ function System_Setup() { //****************************************************
 
 
 
-function hsc($input) { return htmlspecialchars($input, ENT_QUOTES, 'UTF-8'); }//end hsc() //********
-function hte($input) {
-	$result = htmlentities($input, ENT_QUOTES, 'UTF-8');
-	if ($result == "" ) {return $input;}
-	return $result;
-}//end hte() //************
+//#####  #######################################################################
+//Regarding hsc() & hte():
+//Using mb_detect_encoding() (partly) solves an issue on my XP based test setup.
+//But, mb_detect_encoding() return ASCII as appropriate, which htmlentities doesn't recognize.
+//So, we just change it to UTF-8.
+//However, since everything should be in UTF-8, use of htmlentities() is superfluous
+//and may be replaced with just htmlspecialchars() / hsc().
+//But, the replacement will happen only after additional research to confirm the logic/results.
+//#####  #######################################################################
+
+function hsc($input) { //*******************************************************
+	$enc = mb_detect_encoding($input);
+	if ($enc == 'ASCII') {$enc = 'UTF-8';}
+	return htmlspecialchars($input, ENT_QUOTES, $enc);
+}//end hsc() //*****************************************************************
+
+function hte($input) { //*******************************************************
+	$enc = mb_detect_encoding($input);
+	if ($enc == 'ASCII') {$enc = 'UTF-8';}
+	return htmlentities($input, ENT_QUOTES, $enc);
+}//end hte() //*****************************************************************
 
 
 
@@ -329,6 +344,7 @@ function Default_Language() { // ***********************************************
 $_['Enter']   = 'Enter';
 $_['Error']   = 'Error';
 $_['errors']  = 'errors';
+$_['ext']     = 'ext';  // filename.ext(ension)
 $_['File']    = 'File';
 $_['files']   = 'files';
 $_['Folder']  = 'Folder';
@@ -357,6 +373,7 @@ function Default_Language() { // ***********************************************
 $_['New_File']       = 'New File';
 $_['Ren_Move']       = 'Rename / Move';
 $_['Ren_Moved']      = 'Renamed / Moved';
+$_['folders_first']  = 'folders first'; //## NT ##
 $_['New_Folder']     = 'New Folder';
 $_['Ren_Folder']     = 'Rename / Move Folder';
 $_['Submit']         = 'Submit Request';
@@ -650,7 +667,7 @@ function Error_reporting_status_and_early_output($show_status = 0, $show_types =
 		echo hsc($_['error_reporting_05']).'</b> ';
 		echo hsc($_['error_reporting_06']).'<b>:</b> ';
 		echo '<span style="background-color: white; border: 1px solid white">';
-		echo hte($early_output).'</span></pre>';
+		echo hsc($early_output).'</span></pre>';
 	}
 }//end Error_reporting_status_and_early_output() //*****************************
 
@@ -1078,9 +1095,9 @@ function Current_Path_Header(){ //**********************************************
 	// Each level is a link to that level.
 	global $ONESCRIPT, $ipath, $WEB_ROOT, $ACCESS_ROOT, $ACCESS_ROOT_len, $message;
 
-	$unaccessable = '';
+	$unaccessable    = '';
 	$_1st_accessable = trim($WEB_ROOT, ' /');
-	$remaining_path = trim(substr($ipath, $ACCESS_ROOT_len), ' /');	
+	$remaining_path  = trim(substr($ipath, $ACCESS_ROOT_len), ' /');	
 
 	if ($ACCESS_ROOT != '') {
 		$unaccessable    = dirname($ACCESS_ROOT);
@@ -1322,8 +1339,10 @@ function icon_folder($extra = ""){ //**********************************
 	$ICONS['copy']    = '<svg version="1.1" width="12" height="12"><g transform="translate(1,1)">'.$circle_plus_rev.'</g></svg>';
 	$ICONS['delete']  = '<svg version="1.1" width="12" height="12"><g transform="translate(1,1)">'.$circle_x.'</g></svg>';
 
-	if (!supports_svg()) { //Text "icons".  Mostly for IE < 9
+	if (!supports_svg()) { //Text "icons" if SVG not supported.  Mostly for IE < 9
 		foreach ($ICONS as $key=> $value) { $ICONS[$key] = ""; }
+		$ICONS['dir']    = '[+]';
+		$ICONS['folder'] = '[+]';
 		$ICONS['ren_mov'] = '<span class="RCD1 R">&gt;</span>';
 		$ICONS['move']    = '<span class="RCD1 R">&gt;</span>';
 		$ICONS['copy']    = '<span class="RCD1 C">+</span>';
@@ -1705,28 +1724,38 @@ function Login_response() { //**************************************************
 function Create_Table_for_Listing() { //****************************************
 	global$_;
 
-	//dummy input to make sure files[] is always an array for Select_All() & Confirm_Ready().
-	echo '<INPUT TYPE=hidden NAME="files[]" VALUE="">';
-
-	echo '<table class="index_T">';
-
-	//Header row: | Select All|[ ]|        Name        |   Size   |    Date    |
-	echo '<tr>';
-		echo '<th colspan=3 id="select_all_th">';
-		echo '<LABEL for=select_all id=select_all_label>'.$_['Select_All'].'</LABEL>';
-	echo '</th>';
-	echo '<th class="ckbox">';
-		$input_attribs = 'TYPE=checkbox NAME=select_all id=select_all VALUE=select_all';
-		echo '<INPUT '.$input_attribs.' onclick="Select_All();">';
-	echo '</th>';
-	echo '<th class="file_name">'.$_['Name'].'</th><th class="file_size">'.$_['Size'].'</th><th class="file_time">'.$_['Date'].'</th>';
-	echo '</tr>';
-
-	//For directory content. Will insert the list later via innerHTML.
-	echo '<tbody id="DIRECTORY_LISTING"></tbody>';
-
-	echo '</table>';
-
+	//Header row: | Select All|[ ]|[ ](folders first)       Name      [ext]  |   Size   |    Date    |
+	
+	//<input hidden> is a dummy input to make sure files[] is always an array for Select_All() & Confirm_Ready().
+?>
+	<INPUT TYPE=hidden NAME="files[]" VALUE="">
+
+	<table class="index_T">
+
+	<tr>
+	<th colspan=3 id="select_all_th">
+		<LABEL for=select_all id=select_all_label><?php echo $_['Select_All'] ?></LABEL></th>
+	<th class="ckbox">
+		<INPUT TYPE=checkbox NAME=select_all id=select_all VALUE=select_all onclick="Select_All();"></th>
+	<th class="file_name ckbox" style="">
+		<label for=folders_first_ckbox id=folders_first_label>
+			<?php $ffparams = 'TYPE=checkbox NAME=folder_first id=folders_first_ckbox VALUE=folders_first checked'?>
+			<INPUT <?php echo $ffparams ?> onclick="sort_DIRECTORY(SORT_by, NORMAL);">
+			(<?php echo $_['folders_first'] ?>)
+		</label>
+		<a href="#" onclick="sort_DIRECTORY(1, REVERSE);return false"><?php echo $_['Name'] ?></a>
+		<a href="#" onclick="sort_DIRECTORY(5, REVERSE);return false" id=sort_type>[.<?php echo $_['ext'] ?>]</a></th>
+	<th class="file_size">
+		<a href="#" onclick="sort_DIRECTORY(2, REVERSE);return false"><?php echo $_['Size'] ?></a></th>
+	<th class="file_time">
+		<a href="#" onclick="sort_DIRECTORY(3, REVERSE);return false"><?php echo $_['Date'] ?></a></th>
+	</tr>
+
+	<?php //For directory content. Will insert the list later. (same for footer...) ?>
+	<tbody id=DIRECTORY_LISTING></tbody>
+	<tr    id=DIRECTORY_FOOTER></tr>
+	</table>
+<?php
 }//Create_Table_for_Listing() //************************************************
 
 
@@ -1744,7 +1773,13 @@ function Get_DIRECTORY_DATA($basic_list) { //***********************************
 		
 		//Get file type & check against $stypes (files types to show)
 		$filename_parts = explode(".", strtolower($filename));
-		$ext = end($filename_parts);
+		
+		$segments = count($filename_parts);
+		//Ignore if no $ext:  "filename"  or ".filename"
+		if( $segments === 1 || ( ($segments === 2) && ($filename_parts[0] === ""))) {
+				 $ext =  '';
+		} else { $ext = end($filename_parts); }
+		
 		if ($SHOWALLFILES || in_array($ext, $stypes)) { $SHOWTYPE = TRUE; } else { $SHOWTYPE = FALSE; }
 		
 		//Used to not show rename & delete options for active copy of OneFileCMS.
@@ -1767,12 +1802,13 @@ function Get_DIRECTORY_DATA($basic_list) { //***********************************
 			$file_time_raw = filemtime($ipath.$filename);
 			
 			//Store data
-			$DIRECTORY_DATA[$DIRECTORY_COUNT] = array('','',0,0);
+			$DIRECTORY_DATA[$DIRECTORY_COUNT] = array('', '', 0, 0, 0, '');
 			$DIRECTORY_DATA[$DIRECTORY_COUNT][0] = $type;  //used to determine icon & f_or_f
 			$DIRECTORY_DATA[$DIRECTORY_COUNT][1] = $filename;
 			$DIRECTORY_DATA[$DIRECTORY_COUNT][2] = $file_size_raw;
 			$DIRECTORY_DATA[$DIRECTORY_COUNT][3] = $file_time_raw;
 			$DIRECTORY_DATA[$DIRECTORY_COUNT][4] = $IS_OFCMS; //If = 1, Don't show ren, del, ckbox.
+			$DIRECTORY_DATA[$DIRECTORY_COUNT][5] = $ext;
 			$DIRECTORY_COUNT++;
 		}//end if $SHOW...
 	}//end foreach file
@@ -1814,15 +1850,15 @@ function Index_Page(){ //*******************************************************
 			$ftypes, $fclasses, $DIRECTORY_COUNT, $DIRECTORY_DATA;
 	
 	init_ICONS_js();
-	Index_Page_scripts(); ##### NEEDS LANGUAGE STRINGS !!
+	Index_Page_scripts();
 
 	$DIRECTORY_COUNT = 0;
 
-	//Get basic file (directory) list, and pre-sort 
-	$basic_list = Sort_Seperate($ipath, scandir('./'.$ipath));
+	//Get current directory list  (unsorted)
+	$basic_list = scandir('./'.$ipath);
 	$file_count = count($basic_list);
 
-	//<form> to contain entire list, and buttons at top.
+	//<form> to contain entire list, including buttons at top.
 	echo '<form method="post" name="mcdselect" action="'.$ONESCRIPT.$param1.'&amp;p=mcdaction">';
 	echo '<input type="hidden" name="mcdaction" value="">'; //along with $page, affects response
 
@@ -1834,26 +1870,29 @@ function Index_Page(){ //*******************************************************
 
 	echo "</form>\n\n";
 
-	//"send" data to javascript.
+	//"send" DIRECTORY_DATA to javascript.
 	echo "<script>\n";
-	for ($x = 0; $x < $DIRECTORY_COUNT; $x++) {
 
-		// DIRECTORY_DATA[$x] = ("type", "file name", filesize, timestamp, is_ofcms)	
-		$data_for_js  = 'DIRECTORY_DATA['.$x.'] = new Array(';
-		$data_for_js .= ' "'.$DIRECTORY_DATA[$x][0].'"';
-		$data_for_js .= ',"'.$DIRECTORY_DATA[$x][1].'"';
-		$data_for_js .= ', '.$DIRECTORY_DATA[$x][2];
-		$data_for_js .= ', '.$DIRECTORY_DATA[$x][3];
-		$data_for_js .= ', '.$DIRECTORY_DATA[$x][4];
-		$data_for_js .= ");\n";
-		
-		echo $data_for_js;
-	}//end for count
+	$row = 0; //index after filter of . & ..
+	for ($x = 0; $x < $DIRECTORY_COUNT; $x++) {
+		$filename = $DIRECTORY_DATA[$x][1];
+		if ( ($filename != '.') && ($filename != '..') ) {; // skip . & ..
+			$data_for_js  = 'DIRECTORY_DATA['.$row++.'] = new Array(';
+			$data_for_js .= ' "'.     $DIRECTORY_DATA[$x][0].'"';	// "type"
+			$data_for_js .= ',"'.     $DIRECTORY_DATA[$x][1].'"';	// "file name"
+			$data_for_js .= ', '.     $DIRECTORY_DATA[$x][2];		// filesize
+			$data_for_js .= ', '.     $DIRECTORY_DATA[$x][3];		// timestamp
+			$data_for_js .= ', '.     $DIRECTORY_DATA[$x][4];		// is_ofcms
+			$data_for_js .= ',"'.     $DIRECTORY_DATA[$x][5].'"';	// "ext"
+			$data_for_js .= ");\n";
+			echo $data_for_js;
+		}//end skip . & ..
+	}//end for x
 
-	//Display the directory...
-	echo "Build_Directory('DIRECTORY_LISTING');";
-	echo "</script>\n\n";
+	//Initial sort & display of the directory...
+	echo 'sort_DIRECTORY(1, NORMAL);'; //initial sort by file name
 
+	echo "</script>\n";
 }//end Index_Page() //**********************************************************
 
 
@@ -1863,7 +1902,7 @@ function Edit_Page_buttons_top($text_editable,$file_ENC){ //********************
 	global $_, $ONESCRIPT, $param1, $param2, $filename, $WIDE_VIEW_WIDTH, $WYSIWYG_VALID, $EDIT_MODE, $ON_OFF_label;
 
 	//[Edit WYSIWYG] / [Edit HTML] button.
-	$ON_OFF_button    = '';
+	$ON_OFF_button  = '';
 	if ($text_editable && $WYSIWYG_VALID) {
 		$set_cookie = "document.cookie='edit_mode=".(!$EDIT_MODE*1)."'; ";
 		$edit_page  = "parent.location='".$ONESCRIPT.$param1.$param2."&p=edit';";
@@ -2656,7 +2695,6 @@ function init_ICONS_js() { //***************************************************
 ?>
 <script>
 var ICONS = new Array();
-
 ICONS['bin'] = '<?php echo $ICONS["bin"] ?>';
 ICONS['z']   = '<?php echo $ICONS["z"] ?>';
 ICONS['img'] = '<?php echo $ICONS["img"] ?>';
@@ -2881,47 +2919,123 @@ function Index_Page_scripts() { //**********************************************
 	global $_, $ONESCRIPT, $param1, $ipath;
 ?>
 <script>
-//Declare DIRECTORY_DATA when scripts are loaded, data added later.
-var DIRECTORY_DATA = new Array();
+//  DIRECTORY_DATA[x] = ("type", "file name", filesize, timestamp, is_ofcms, "ext")	
+var DIRECTORY_DATA    = new Array();
 
 var ONESCRIPT	= "<?php echo $ONESCRIPT ?>";
-var param1		= "<?php echo $param1 ?>";
+var PARAM1		= "<?php echo $param1 ?>";  //capitalize here as it is a const in js.
+
+var NORMAL			 = false; // Used in the "reverse" parameter when calling sort_DIRECTORY(),
+var REVERSE			 = true;  // such as on initial page load, and clicking "folders first".
+
+var SORT_by		     = '-1';  // Sort key (column) from DIRECTORY_DATA[x][key]: key = 1 for "file name". -1 for initial page load only.
+var SORT_order       = true;  // Default to "normal" sort orders (ascending). Set to false for reverse (descending).
+var SORT_folders_1st = true;  // Default to folders first in sort order. false to not consider folders during sort.
+
+
+
+
+function Sort_Folders_First() { //************************************
+
+	//DIRECTORY_DATA[x] = ("type", "file name", filesize, timestamp, is_ofcms)	
+
+	var type = ""; //= row_data[0] = DIRECTORY_DATA[x][0]
+	var files   = new Array();
+	var folders = new Array();
+	var row_data = new Array();
+	var F = D = row = 0;  //indexes
+
+	for (row = 0; row < DIRECTORY_DATA.length; row++) {;
+		row_data = DIRECTORY_DATA[row];
+		type     = row_data[0];
+		if (type == "dir") { folders[D++] = row_data; }
+		else 			   { files[F++]   = row_data; }
+	}//end for
+
+	//Replace contents of DIRECTORY_DATA[] with a "merged" folders[] & files[].
+	DIRECTORY_DATA = new Array();
+	row = 0
+	for (D = 0; D < folders.length; D++) { DIRECTORY_DATA[row++] = folders[D]; }
+	for (F = 0; F < files.length;   F++) { DIRECTORY_DATA[row++] = files[F];   }
+
+}//end Sort_Folders_First() //****************************************
 
 
 
-function assemble_row(HREF_params, f_or_f, filetype, filename, file_name){
-		var TABLE_ROW = '';
+
+function sort_DIRECTORY(col, reverse) { //****************************
+
+	//DIRECTORY_DATA[x] = ("type", "file name", filesize, timestamp, is_ofcms, "ext")
+	//col: 1 for "file name", 2 for filesize, 3 for timestamp, 5 for "ext"
+	//reverse: if true, reverse current SORT_order;  if false, maintain current SORT_order
+	
+ 	reverse = typeof reverse !== 'undefined' ? reverse : false; //default to maintain current SORT_order
+
+	var alpha          = false; //Set to true when sorting by filename or ext (alphabetically).
+	var $folders_first = document.getElementById('folders_first_ckbox').checked;
+
+	//If same column clicked again, revserse SORT_order.
+	//Else, store new col, but don't reverse the current SORT_order.
+	if (reverse  && (col == SORT_by)) { SORT_order = !SORT_order; } //same sort col, new SORT_order
+	else							  {	SORT_by = col;			  } //new sort col, same SORT_order
+
+	if (SORT_by == 1) { alpha      = true;        } //"file name"
+	if (SORT_by == 5) { alpha      = true;        } //"ext": "txt", "gif", etc...
+
+	if (SORT_order){ // sort normally,
+		if (alpha)  { DIRECTORY_DATA.sort( function (a, b) {return a[col].localeCompare(b[col]);} ); } //alphabetically
+		else        { DIRECTORY_DATA.sort( function (a, b) {return a[col]       -       b[col] ;} ); } //numerically
+	} else         { // else reverse sort.
+		if (alpha)  { DIRECTORY_DATA.sort( function (b, a) {return a[col].localeCompare(b[col]);} ); } //alphabetically
+		else        { DIRECTORY_DATA.sort( function (b, a) {return a[col]       -       b[col] ;} ); } //numerically
+	}
+
+	if ($folders_first) { Sort_Folders_First(); }
+
+	Build_Directory('DIRECTORY_LISTING'); // Show directory with new sort order.
+
+}//end sort_DIRECTORY() //********************************************
+
+
+
+
+//********************************************************************
+function Assemble_row(HREF_params, f_or_f, filetype, filename, file_name){
+	var TABLE_ROW = '';
 		
-		//Assemble cell contents: [move] [copy] [delete] [x] <a>file name</a> etc...
-		ren_mov = '<a href="' + HREF_params + '&amp;p=rename' + f_or_f + '" title="<?php echo hsc($_['Ren_Move']) ?>">' + ICONS['ren_mov'] + '</a>';
-		copy    = '<a href="' + HREF_params + '&amp;p=copy'   + f_or_f + '" title="<?php echo hsc($_['Copy'])     ?>">' + ICONS['copy']    + '</a>';
-		del     = '<a href="' + HREF_params + '&amp;p=delete' + f_or_f + '" title="<?php echo hsc($_['Delete'])   ?>">' + ICONS['delete']  + '</a>';
-		checkbox = '<div class="ckbox"><INPUT TYPE=checkbox NAME="files[]"  VALUE="'+ hsc(filename) +'"></div>';
+	//Assemble cell contents: [move] [copy] [delete] [x] <a>file name</a> etc...
+	ren_mov = '<a href="' + HREF_params + '&amp;p=rename' + f_or_f + '" title="<?php echo hsc($_['Ren_Move']) ?>">' + ICONS['ren_mov'] + '</a>';
+	copy    = '<a href="' + HREF_params + '&amp;p=copy'   + f_or_f + '" title="<?php echo hsc($_['Copy'])     ?>">' + ICONS['copy']    + '</a>';
+	del     = '<a href="' + HREF_params + '&amp;p=delete' + f_or_f + '" title="<?php echo hsc($_['Delete'])   ?>">' + ICONS['delete']  + '</a>';
+	checkbox = '<div class="ckbox"><INPUT TYPE=checkbox NAME="files[]"  VALUE="'+ hsc(filename) +'"></div>';
 		
-		//Don't show remove, delete, or checkbox options for active copy of OneFileCMS.
-		if (DIRECTORY_DATA[x][4]) { ren_mov = del = checkbox = ''; }
+	//Don't show remove, delete, or checkbox options for active copy of OneFileCMS.
+	if (DIRECTORY_DATA[x][4]) { ren_mov = del = checkbox = ''; }
 		
-		TABLE_ROW += "<tr>";
-		TABLE_ROW += '<td class="RCD">' + ren_mov  + '</td>';
-		TABLE_ROW += '<td class="RCD">' + copy     + '</td>';
-		TABLE_ROW += '<td class="RCD">' + del      + '</td>';
-		TABLE_ROW += '<td class=""   >' + checkbox + '</td>';
-		TABLE_ROW += '<td class="file_name"       >' + file_name  + '</td>';
-		TABLE_ROW += '<td class="meta_T file_size">' + file_size  + '</td>';
-		TABLE_ROW += '<td class="meta_T file_time">' + time_stamp + '</td>';
-		TABLE_ROW += "</tr>\n";
+	TABLE_ROW += "<tr>";
+	TABLE_ROW += '<td class="RCD">' + ren_mov  + '</td>';
+	TABLE_ROW += '<td class="RCD">' + copy     + '</td>';
+	TABLE_ROW += '<td class="RCD">' + del      + '</td>';
+	TABLE_ROW += '<td class=""   >' + checkbox + '</td>';
+	TABLE_ROW += '<td class="file_name"       >' + file_name  + '</td>';
+	TABLE_ROW += '<td class="meta_T file_size">' + file_size  + '</td>';
+	TABLE_ROW += '<td class="meta_T file_time">' + time_stamp + '</td>';
+	TABLE_ROW += "</tr>\n";
 		
-		return TABLE_ROW;
-}//end assemble_row()
+	return TABLE_ROW;
+}//end Assemble_row() //**********************************************
+
 
 
 
-function Display_Directory_Summary() {
+function Display_Directory_Summary(target) { //***********************
 
 	var total_items  = DIRECTORY_DATA.length;
 	var folder_count = 0;
 	var total_bytes  = 0;
+	var SUMMARY      = "";
 
+	//Add up file sizes...
 	for (x=0; x < DIRECTORY_DATA.length; x++) {
 		filetype = DIRECTORY_DATA[x][0];
 		filename = DIRECTORY_DATA[x][1];
@@ -2930,27 +3044,30 @@ function Display_Directory_Summary() {
 	}
 
 	//Directory Summary
-	document.write('<p id="summary">');
-	document.write(folder_count + " <?php echo $_['folders']?>, &nbsp; ");
-	document.write(total_items - folder_count + ' <?php echo $_['files']?>, ');
-	document.write('&nbsp; ' + format_number(total_bytes) + " <?php echo $_['bytes']?>");
+	SUMMARY += '<td colspan=7>';
+	SUMMARY += folder_count + " <?php echo $_['folders']?>, &nbsp; ";
+	SUMMARY += total_items - folder_count + ' <?php echo $_['files']?>, ';
+	SUMMARY += '&nbsp; ' + format_number(total_bytes) + " <?php echo $_['bytes']?></td>";
+
+	document.getElementById(target).innerHTML = SUMMARY;  //DISPLAY DIRECTORY LISTING
+
+}//end Display_Directory_Summary() //*********************************
 
-}//end Display_Directory_Summary()
 
 
 
-//Build directory & insert into <tag id=target></tag>.
-function Build_Directory(target) {
-	var TABLE_LIST = "";
-	var folder_count	= 0; 
-	var directory_bytes	= 0;
-	var DS = '';      // ' /' for folders, blank otherwise.
-	var f_or_f = '';  // 'file' or 'folder'
+function Build_Directory(target) { //*********************************
+	//Build directory & insert into <tag id=target></tag>. 
+	var TABLE_LIST      = "";
+	var folder_count	=  0; 
+	var directory_bytes	=  0;
+	var DS              = '';  // ' /' for folders, blank otherwise.
+	var f_or_f          = '';  // 'file' or 'folder'
 
 	var HREF_params = '';
-	var filetype = '';
-	var filename = '';
-	var filesize =  0;
+	var filetype    = '';
+	var filename    = '';
+	var filesize    =  0;
 
 	for (x=0; x < DIRECTORY_DATA.length; x++) {
 		
@@ -2963,12 +3080,12 @@ function Build_Directory(target) {
 			folder_count++;
 			DS = ' /';
 			f_or_f = 'folder';
-			HREF_params = ONESCRIPT + param1 + encodeURIComponent(filename);
+			HREF_params = ONESCRIPT + PARAM1 + encodeURIComponent(filename);
 			file_size = '';
 		} else {
 			DS = '';
 			f_or_f = 'file';
-			HREF_params = ONESCRIPT + param1 + '&amp;f=' + encodeURIComponent(filename) + '&amp;p=edit';
+			HREF_params = ONESCRIPT + PARAM1 + '&amp;f=' + encodeURIComponent(filename) + '&amp;p=edit';
 			file_size = format_number(filesize) + ' B';
 			directory_bytes += filesize;
 		}
@@ -2977,17 +3094,16 @@ function Build_Directory(target) {
 		file_name += ICONS[filetype] + '&nbsp;' + hsc(filename) + DS + '</a>';
 		time_stamp = FileTimeStamp(DIRECTORY_DATA[x][3], 1, 0, 0);
 		
-		TABLE_LIST += assemble_row(HREF_params, f_or_f, filetype, filename, file_name)
+		TABLE_LIST += Assemble_row(HREF_params, f_or_f, filetype, filename, file_name)
 		
 	}//end for x
 
 	//Display listing in table...
 	document.getElementById(target).innerHTML = TABLE_LIST;
 
-	Display_Directory_Summary(); //below table
-
-} //end Build_Directory()
+	Display_Directory_Summary('DIRECTORY_FOOTER'); //below table
 
+} //end Build_Directory() //******************************************
 </script>
 <?php
 }//end Index_Page_scripts() //**************************************************
@@ -3400,16 +3516,19 @@ function style_sheet(){ //******************************************************
 
 table.index_T tr:hover {border: 1px solid #777; background-color: #EEE}
 
-table.index_T th { border: 1px inset silver; vertical-align: middle; padding-left: 4px;text-align: center;}
+table.index_T th { border: 1px inset silver; vertical-align: middle; padding-left: 4px; text-align: center;}
 
 table.index_T td { border: 1px inset silver; vertical-align: middle;}
 
-.index_T td a {
-	display  : block;
-	border   : none;
-	padding  : 2px 4px 2px 4px;
-	overflow : hidden;
-	}
+.index_T td a {	display: block; border: none; padding: 2px 4px 2px 4px; overflow : hidden; }
+
+table.index_T th:hover { background-color: white;}
+
+.index_T th.file_name   { text-align: left; }
+.index_T th.file_name a { display: inline-block; padding: 0 3em 0 2em;}
+#sort_type { display: inline-block; padding: 0 0em 0 0em;}
+.index_T th.file_size a { display  : block; }
+.index_T th.file_time a { display  : block; }
 
 
 .file_name { min-width: 10em; max-width: 26em; }
@@ -3463,6 +3582,7 @@ function style_sheet(){ //******************************************************
 	Xwidth  : 72px;			    /* //##### when select all was above table, not in it*/
 	Xpadding: 2px 0 0 2px;      /* //##### when select all was above table, not in it*/
 	color  : #333;
+	cursor:pointer;
 	}
 
 #mcd_submit button {
@@ -3501,23 +3621,8 @@ function style_sheet(){ //******************************************************
 
 /* --- header --- */
 
-.nav {
-	float     : right;
-	display   : inline-block;
-	margin-top: 1.35em;
-	font-size : 1em;
-	}
-
-.nav a {
-	border: 1px solid transparent;
-	font-weight : bold;
-	padding     : .0em;
-	padding-top   : .2em;
-	padding-left  : .6em;
-	padding-right : .6em;
-	padding-bottom: .1em;
-	}
-
+.nav   { float: right; display: inline-block; margin-top: 1.35em; font-size : 1em; }
+.nav a { border: 1px solid transparent; font-weight: bold; padding: .2em .6em .1em .6em; }
 .nav a:hover  { border: 1px solid #807568; }
 .nav a:focus  { border: 1px solid #807568; }
 .nav a:active { border: 1px solid #807568; }
@@ -3672,7 +3777,9 @@ function style_sheet(){ //******************************************************
 .ren_over input {margin: 0 0 0 2em}
 .ren_over label {font-weight: normal}
 
-#summary {font-size: .9em; text-align: center}
+#DIRECTORY_FOOTER td {text-align: center; font-size: .9em; color: #333; }
+#folders_first_label {font-size: .9em; font-weight: normal; color: #333; margin: 0 0 0 0 ;} /*TRBL*/
+#folders_first_label:hover {background-color: rgb(255,250,150); cursor:pointer;}
 </style>
 <?php
 }//end style_sheet() //*********************************************************
@@ -3845,3 +3952,5 @@ function Load_style_sheet(){ //*************************************************
 echo '</body></html>';
 
 if ( ($page == "edit") && $WYSIWYG_VALID && ($EDIT_MODE == 1) ) { include($WYSIWYG_PLUGIN); }
+
+//END OF FILE ##################################################################
\ No newline at end of file
diff --git a/readme.markdown b/readme.markdown
index a983c28..1771d2d 100755
--- a/readme.markdown
+++ b/readme.markdown
@@ -1,4 +1,4 @@
-(Updated: 2014-02-12)
+(Updated: 2014-02-20)
 # OneFileCMS
 
 ## Yes, that's exactly what it is!
@@ -23,6 +23,7 @@ Coupling a utilitarian code editor with basic upload and file managing functions
  
 - All the basic file management features like renaming, moving, copying, deleting, and uploading.
   (For complex processes, like batch renaming or mass uploads, you're going to want to use an FTP program.)
+- Sort directory listings by file name, extension, size, or date.
 - A basic text editor.
 - A WYSIWYG editor may be added as a plugin.
 - A Login delay after too many invalid login attempts.
@@ -39,7 +40,7 @@ Coupling a utilitarian code editor with basic upload and file managing functions
   
 3) **Log in** to OneFileCMS with the default "username" and "password".
 
-4) **Change the password**!
+And, of course, change the password...
 
 As with any CMS, you may also have to modify the file permissions of your site's folders to allow OneFileCMS to modify and create files.  Check with your host if you're not sure, and be aware of any inherent security concerns.  
 
@@ -79,7 +80,7 @@ Well, because "OneFileCMS" sounds way cooler (relatively speaking) than "OneFile
 
 ### Where's the WYSISWYG?
 
-OneFileCMS can be configured to work with [TinyMCE](http://tinymce.moxiecode.com) or [CKEditor](http://ckeditor.com) (and possibly others), but the editors themselves must be obtained from their respective sites.  For basic setup instructions, read the appropriate "init" file from the plugin/ directory in the OneFileCMS repo.  
+OneFileCMS can be configured to work with [TinyMCE](http://tinymce.moxiecode.com) or [CKEditor](http://ckeditor.com) (and possibly others), but the editors themselves must be obtained from their respective sites.  For basic setup instructions, read the appropriate "init" file from the extras/ directory in the OneFileCMS repo.  
 
 
 
@@ -100,6 +101,9 @@ OneFileCMS can be configured to work with [TinyMCE](http://tinymce.moxiecode.com
 - And- but only if you wish to see the icons- a browser that supports inline SVG.  
   (If your browser doesn't support inline SVG, OneFileCMS will still work, just without any icons.)
 
+- And currently, as of version 3.4.23, OneFileCMS does not work in IE.  
+  Versions thru 3.4.22 should work with IE. [v3.4.22 is available here](http://self-evident.github.com/OneFileCMS/onefilecms_3.4.22.zip)
+
 ## License, Credit, Et Cetera  
 
 - Available under the MIT and BSD licenses.
@@ -113,6 +117,8 @@ OneFileCMS can be configured to work with [TinyMCE](http://tinymce.moxiecode.com
 
 ##Needed/potential improvements
 
+- Figure out why it doesn't work in IE.  Most likey it's javascript related, as quite a bit of js was added for client side sorting.
+- It's probably existed for a while, but I just noticed (v3.4.23) that, on some systems - such as Windows, OneFileCMS doesn't like non-ascii characters in file names.  A solution is in the works, but it's not quite ready for prime time...
 - With Chrome, and possibly Safari, issue with Edit page: Clicking browser [back] & then browser [forward],  with file changed and not saved. On return (after [forward] clicked), file still has changes, but indicators are green (saved/unchanged). Does not affect FF 7+ or IE 8+.
 - Issue with Chrome's XSS filter: Editing some legitimate files with OneFileCMS will trigger the filter and disable much of the javascript provided functionallity, but only while on the edit page with such a file, and only after a [Save].
 - The connection is not encrypted (doesn't use SSL), so passwords & usernames are sent in clear text* during login.  However, this is true of most online login systems, unless SSL or the like is employed.  

From 073cd2114ab4e017dfbb492e3579380ac373e121 Mon Sep 17 00:00:00 2001
From: Self-Evident <selfevidenttruths@mail.com>
Date: Tue, 18 Feb 2014 22:40:00 -0500
Subject: [PATCH 176/228] Version 3.5 Missed a few files in the previous
 commit.

---
 info/OneFileCMS.config.SAMPLE.php |  78 ------
 plugins/ckeditor_init.php         |  40 ---
 plugins/tinymce_init.php          |  83 -------
 stylesheets/OneFileCMS.css        | 400 ------------------------------
 4 files changed, 601 deletions(-)
 delete mode 100755 info/OneFileCMS.config.SAMPLE.php
 delete mode 100755 plugins/ckeditor_init.php
 delete mode 100755 plugins/tinymce_init.php
 delete mode 100755 stylesheets/OneFileCMS.css

diff --git a/info/OneFileCMS.config.SAMPLE.php b/info/OneFileCMS.config.SAMPLE.php
deleted file mode 100755
index 42a70b8..0000000
--- a/info/OneFileCMS.config.SAMPLE.php
+++ /dev/null
@@ -1,78 +0,0 @@
-<?php 
-// OneFileCMS - github.com/Self-Evident/OneFileCMS
-// v3.4.23
-// Sample external config file - this file is OPTIONAL.
-//
-// Basically, what follows is just a copy & paste of the OneFileCMS CONFIGURABLE INFO.
-
-// CONFIGURABLE INFO ***********************************************************
-$config_title = "OneFileCMS";
-
-$USERNAME = "username";
-$HASHWORD = "cff29a3b595b427ef8d01c089d368c7706a8c68ecc75d566642e313ee97ff659"; //"password"
-//$HASHWORD = "cff29a3b595b427ef8d01c089d368c7706a8c68ecc75d566642e313ee97ff659"; //"password"
-$SALT     = 'somerandomsalt';
-
-$MAX_ATTEMPTS  = 3;   //Max failed login attempts before LOGIN_DELAY starts.
-$LOGIN_DELAY   = 10;  //In seconds.
-$MAX_IDLE_TIME = 600; //In seconds. 600 = 10 minutes.  Other PHP settings (like gc) may limit its max effective value.
-
-$MAIN_WIDTH    = '810px'; //Width of main <div> defining page layout.          Can be px, pt, em, or %.  Assumes px otherwise.
-$WIDE_VIEW_WIDTH = '97%'; //Width to set Edit page if [Wide View] is clicked.  Can be px, pt, em, or %.  Assumes px otherwise.
-
-$MAX_EDIT_SIZE = 200000;  // Edit gets flaky with large files in some browsers.  Trial and error your's.
-$MAX_VIEW_SIZE = 1000000; // If file > $MAX_EDIT_SIZE, don't even view in OneFileCMS.
-                          // The default max view size is completely arbitrary. Basically, it was 2am and seemed like a good idea at the time.
-
-$MAX_IMG_W   = 810;  //Max width (in px) to display images. (main width is 810)
-$MAX_IMG_H   = 1000; //Max height (in px).  I don't know, it just looks reasonable.
-
-$UPLOAD_FIELDS = 10; //Number of upload fields on Upload File(s) page. Max value is ini_get('max_file_uploads').
-
-$config_favicon   = "favicon.ico"; //Path is relative to root of website.
-$config_excluded  = ""; //files to exclude from directory listings- CaSe sEnsiTive!
-
-$config_etypes = "svg,asp,cfg,conf,csv,css,dtd,htm,html,xhtml,htaccess,ini,js,log,markdown,md,php,pl,txt,text"; //Editable file types.
-$config_stypes = "*"; // Shown types; only files of the given types should show up in the file-listing
-	// Use $config_stypes exactly like $config_etypes (list of extensions separated by commas).
-	// If $config_stypes is set to null - by intention or by error - only folders will be shown.
-	// If $config_stypes is set to the *-wildcard (the default), all files will show up.
-	// If $config_stypes is set to "html,htm" for example, only file with the extension "html" or "htm" will get listed.
-
-$config_itypes = "jpg,gif,png,bmp,ico"; //image types to display on edit page.
-//File types (extensions).  _ftypes & _fclass must have the same number of values. bin is default.
-$config_ftypes = "bin,z,gz,7z,zip,jpg,gif,png,bmp,ico,svg,asp,cfg,conf,csv,css,dtd,htm,html,xhtml,htaccess,ini,js,log,markdown,md,php,pl,txt,text";
-//Cooresponding file classes to _ftypes - used to determine icons for directory listing.
-$config_fclass = "bin,z,z ,z ,z  ,img,img,img,img,img,svg,txt,txt,cfg ,txt,css,txt,htm,htm ,htm  ,txt     ,txt,txt,txt,txt   ,txt,php,php,txt,txt";
-
-$EX = '<b>( ! )</b> '; //EXclaimation point "icon" Used in $message's
-
-$SESSION_NAME = 'OFCMS'; //Name of session cookie. Change if using multiple copies of OneFileCMS.
-
-//Restrict access to a particular folder.  Leave empty for access to entire website.
-// "some/path/" is relative to root of website (with no leading slash).
-//$ACCESS_ROOT = 'some/path/';
-
-
-//URL of optional external style sheet.  Used as href in <link ...>
-//If file is not found, or is incomplete, the built-in defaults will be used.
-//$CSS_FILE = 'OneFileCMS.css';
-
-//Notes for $LANGUAGE_FILE, $WYSIWYG_PLUGIN, and $CONFIG_FILE:
-//
-// Filename paths can be:
-//  1) Absolute to the filesystem:  "/some/path/from/system/root/somefile.php"  or
-//  2) Relative to root of website: "some/path/from/web/root/somefile.php"
-
-//Name of optional external language file.  If file is not found, the built-in defaults will be used.
-//$LANGUAGE_FILE = "OneFileCMS.LANG.EN.php";
-
-//Init file for optional external wysiwyg editor.
-//Sample init files are availble in the OneFileCMS repo, but the actual editors are not.
-//$WYSIWYG_PLUGIN = 'plugins/tinymce_init.php';
-//$WYSIWYG_PLUGIN = 'plugins/ckeditor_init.php';
-
-//Name of optional external config file.  Any settings it contains will supersede those above.
-//See the sample file in the OneFileCMS github repo for format example.
-//$CONFIG_FILE = 'OneFileCMS.config.SAMPLE.php';
-//end CONFIGURABLE INFO ********************************************************
diff --git a/plugins/ckeditor_init.php b/plugins/ckeditor_init.php
deleted file mode 100755
index ca3c27b..0000000
--- a/plugins/ckeditor_init.php
+++ /dev/null
@@ -1,40 +0,0 @@
-<?php /*************************************************************************
-Sample code to use the CKEditor with OneFileCMS (as of v3.4.19).
-
-For information on CKEditor, visit ckeditor.com.
-
-Here is a brief how-to:
-(The "plugin" folder used below is not required, or may be named anything you like.)
-
- 1) Obtain CKEditor.
-
- 2) Install CKEditor into a folder on your web site. For example: "plugins/".
-
- 3) From the github.com/Self-Evident/OneFileCMS repo, copy the file 
-    "ckeditor_init.php" into the "plugins/" folder.
-
- 4) In the configuration section of OneFileCMS, uncomment or add the following variable:
-    $WYSIWYG_PLUGIN = 'plugins/ckeditor_init.php';  //Init settings for CKEditor (this file).
-
-	Path can be absolute to the filesystem, or relative to root of website.
-
- 5) In the "init" file specified by $WYSIWYG_PLUGIN (ie: this file): 
-    1) specify the source file of the actual plugin via a <script src= ...> tag.*
-	2) specify the id of the OneFileCMS textarea, "file_editor", in the CKEDITOR.replace() call
-	    
-	*Note: In the src attribute of the <script> tag, the plugin path is absolute,
-	       but relative to the root of the website, and the leading forward slash 
-		   is generally required. 
-	(This is in contrast to configuration values such as $WYSIWYG_PLUGIN.)
-
- 6) Reload OneFileCMS, open a file for editing, and click [Edit WYSIWIG].
-*****************************************************************************/?>
-
-<script type="text/javascript" src="/plugins/ckeditor/ckeditor.js"></script>
-<script type="text/javascript">
-	CKEDITOR.replace( 'file_editor',{  //id of desired <textarea>
-		fullPage : true,
-		extraPlugins : 'docprops'
-	});
-</script>
-
diff --git a/plugins/tinymce_init.php b/plugins/tinymce_init.php
deleted file mode 100755
index b744235..0000000
--- a/plugins/tinymce_init.php
+++ /dev/null
@@ -1,83 +0,0 @@
-<?php /*************************************************************************
-Sample code to use the TinyMCE editor with OneFileCMS (as of v3.4.19).
-
-For information on TinyMCE, visit tinymce.moxiecode.com.
-
-Here is a brief how-to:
-(The "plugin" folder used below is not required, or may be named anything you like.)
-
- 1) Obtain TinyMCE.
-
- 2) Install TinyMCE into a folder on your web site. For example: "plugins/".
-
- 3) From the github.com/Self-Evident/OneFileCMS repo, copy the file 
-    "tinymce_init.php" into the "plugins/" folder.
-
- 4) In the configuration section of OneFileCMS, uncomment or add the following variable:
-    $WYSIWYG_PLUGIN = 'plugins/tinymce_init.php'; // Init settings for TinyMCE (this file).
-
-	Path can be absolute to the filesystem, or relative to root of website.
-
- 5) In the "init" file specified by $WYSIWYG_PLUGIN (this file): 
-    - specify the source file of the actual plugin via a <script src= ...> tag.*
-
-
-	*Note: In the src attribute of the <script> tag, the plugin path is absolute,
-	       but relative to the root of the website, and the leading forward slash 
-		   is generally required. 
-	(This is in contrast to configuration values such as $WYSIWYG_PLUGIN.)
-
- 6) Reload OneFileCMS, open a file for editing, and click [Edit WYSIWIG].
-*****************************************************************************/?>
-
-<script type="text/javascript" src="/plugins/tinymce/jscripts/tiny_mce/tiny_mce.js"></script>
-<script type="text/javascript"> 
-	tinyMCE.init({
-		// General options
-		mode : "textareas",
-		theme : "advanced",
-		
-		plugins : "fullpage,autolink,lists,pagebreak,style,layer,table,save,advhr,advimage,advlink,emotions,iespell,inlinepopups,insertdatetime,preview,media,searchreplace,print,contextmenu,paste,directionality,fullscreen,noneditable,visualchars,nonbreaking,xhtmlxtras,template,wordcount,advlist,autosave,visualblocks",
-		
-		// Theme options
-		theme_advanced_buttons1 : "save,newdocument,preview,print,|,restoredraft,|,removeformat,undo,redo,cut,copy,paste,pastetext,pasteword,|,search,replace,|,visualblocks,visualchars,visualaid,fullscreen,|,styleprops,|,code,|,help,|",
-		theme_advanced_buttons2 : "bold,italic,underline,strikethrough,|,sub,sup,forecolor,backcolor,|,fontselect,fontsizeselect,nonbreaking,charmap,|,insertdate,inserttime,|,emotions,image,|,attribs,fullpage",
-		theme_advanced_buttons3 : "justifyleft,justifycenter,justifyright,justifyfull,|,outdent,indent,bullist,numlist,|,styleselect,formatselect,blockquote,ltr,rtl,|,hr,advhr,|,link,unlink,anchor,|",
-		theme_advanced_buttons4 : "tablecontrols,|,insertlayer,moveforward,movebackward,absolute,|,cite,abbr,acronym,del,ins,|,pagebreak,template,|,cleanup,|",
-		theme_advanced_toolbar_location : "top",
-		theme_advanced_toolbar_align : "left",
-		theme_advanced_statusbar_location : "bottom",
-		theme_advanced_resizing : true,
-		
-		// Example content CSS (should be your site CSS)  //####################
-		//content_css : "css/content.css",
-		
-		// Drop lists for link/image/media/template dialogs
-		template_external_list_url : "lists/template_list.js",
-		external_link_list_url : "lists/link_list.js",
-		external_image_list_url : "lists/image_list.js",
-		media_external_list_url : "lists/media_list.js",
-		
-		// Style formats
-		style_formats : [
-			{title : 'Bold text', inline : 'b'},
-			{title : 'Red text', inline : 'span', styles : {color : '#ff0000'}},
-			{title : 'Red header', block : 'h1', styles : {color : '#ff0000'}},
-			{title : 'Example 1', inline : 'span', classes : 'example1'},
-			{title : 'Example 2', inline : 'span', classes : 'example2'},
-			{title : 'Table styles'},
-			{title : 'Table row 1', selector : 'tr', classes : 'tablerow1'}
-		],
-		
-		//========================
-		//doctype : '<!DOCTYPE html>',
-        //verify_html : false,
-        //verify_css_classes : true,
-        //cleanup : false,
-        //cleanup_on_startup : false,
-		remove_linebreaks : false,
-		//fullpage_default_xml_pi : false,
-		//fullpage_doctypes : 'HTML<!DOCTYPE HTML>',
-		//fullpage_default_doctype : '<!DOCTYPE html>',
-	}); 
-</script>
diff --git a/stylesheets/OneFileCMS.css b/stylesheets/OneFileCMS.css
deleted file mode 100755
index 7822c5b..0000000
--- a/stylesheets/OneFileCMS.css
+++ /dev/null
@@ -1,400 +0,0 @@
-/*******************************************************************************
-Sample, OPTIONAL, external style sheet for OneFileCMS.  version 3.4.23
-*******************************************************************************/
-
-/* --- reset --- */
-* { border : 0; outline: 0; margin: 0; padding: 0;
-    font-family: inherit; font-weight: inherit; font-style : inherit;
-    font-size  : 100%; vertical-align: baseline; }
-
-
-/* --- general formatting --- */
-
-body { font-size: 1em; background: #E8E8E8; font-family: sans-serif; }
-
-p, table, ol { margin-bottom: .6em;}
-
-h1,h2,h3,h4,h5,h6 { font-weight: bold; }
-h2, h3 { font-size: 1.2em; margin: .4em 0 .4em 0; } /*TRBL*/
-
-li { margin-left: 2em }
-
-i, em     { font-style : italic; }
-b, strong { font-weight: bold;   }
-
-:focus { outline:0; }
-
-table { border-collapse:separate; border-spacing:0; }
-th,td { text-align:left; font-weight:400; }
-
-label { font-size : 1em; font-weight: bold; }
-
-pre {
-	background: white;
-	border    : 1px solid #807568;
-	padding   : .2em;
-	margin    : 0;
-	}
-
-input[type="text"]     { width: 100%; border: 1px solid #807568; padding: 1px 1px 1px 0; font : 1em Courier; }
-input[type="password"] { width: 100%; border: 1px solid #807568; padding: 0   1px 0   0; }
-input[type="file"]     { width: 100%; border: 1px solid #807568; background-color: white; }
-
-input[readonly]        { color: #333; background-color: #EEE; }
-input[disabled]        { color: #555; background-color: #EEE; }
-
-input:focus  { background-color: rgb(255,250,150); }
-input:hover  { background-color: rgb(255,250,150); }
-
-button:focus  { background-color: rgb(255,250,150); }
-button:hover  { background-color: rgb(255,250,150); }
-button:active { background-color: rgb(245,245,50);  }
-
-/* --- layout --- */
-
-.container {
-	border : 0px solid #807568;
-	width  : 810px;     /*Adjusted by $MAIN_WIDTH config variable*/
-	margin : 0 auto 2em auto;
-	}
-
-
-#header {
-	border-bottom : 1px solid #807568;
-	padding: 04px 0px 01px 0px;
-	margin : 0 0 .5em 0;
-	}
-
-
-#logo {
-	font-family: 'Trebuchet MS', sans-serif;
-	font-size:2em;
-	font-weight: bold;
-	color: black;
-	padding: .1em;
-	}
-
-
-.h2_filename {
-	border: 1px solid #807568;
-	padding: .1em .2em .1em .2em;
-	font-weight: 700;
-	font-family: courier;
-	background-color: #EEE;
-	}
-
-
-#message_box { border: none; margin: 0 0 .4em 0; padding: 0; }
-
-#message_box_contents { border: 1px solid gray; padding: 4px; background: #FFF000; }
-
-#message_box #message_left {
-	float  : left;
-	margin : 0;
-	padding: 0;
-	border : none;
-	font-weight : 900;
-	}
-
-#message_box  #X_box {
-	display: block;
-	float  : right;
-	margin : 0;
-	padding: 0 2px 0 3px;
-	border : 1px solid gray;
-	font   : 16pt courier;
-	line-height: 18px;
-	background : #EEE;
-	}
-
-#message_box  #X_box:hover  {background-color: rgb(255,250,150);}
-#message_box  #X_box:focus  {background-color: rgb(255,250,150);}
-#message_box  #X_box:active {background-color: rgb(245,245,50); }
-
-.filename { font-family: courier; }
-
-/* --- INDEX directory listing, table format --- */
-table.index_T {
-	min-width: 30em;
-	font-size: .95em;
-	border         : 1px solid #807568;
-	border-collapse: collapse;
-	margin-bottom: .7em;
-	background-color: #FFF;
-	}
-
-table.index_T tr:hover {border: 1px solid #777; background-color: #EEE}
-
-table.index_T th { border: 1px inset silver; vertical-align: middle; padding-left: 4px;text-align: center;}
-
-table.index_T td { border: 1px inset silver; vertical-align: middle;}
-
-.index_T td a {
-	display  : block;
-	border   : none;
-	padding  : 2px 4px 2px 4px;
-	overflow : hidden;
-	}
-
-
-.file_name { min-width: 10em; max-width: 26em; }
-.file_size { min-width:  6em; padding-left: 10px; }
-.file_time { min-width: 10em; padding-left: 10px; }
-
-.meta_T {
-	padding-right : 4px;
-	text-align    : right;
-	font-family   : courier;
-    font-size     : .9em;
-	color         : #333;
-	}
-
-
-/*Index table file select boxes*/
-.ckbox {padding: 2px 4px 0 4px}
-.ckbox:focus { background-color: rgb(255,250,150); }
-.ckbox:hover { background-color: rgb(255,250,150); }
-
-
-#index_page_buttons     { margin: 0 0 .5em 0; }
-#index_page_buttons div { display: inline-block; vertical-align: bottom; }
-
-
-/*** front_links:  [New File] [New Folder] [Upload File] ***/
-.front_links { float: right; }
- 
-.front_links a {
-	display: inline-block;
-	margin-top  : .2em;
-	border      : 1px solid #807568;
-	font-size   : 1em;  /*Adjusted by langauge files*/
-	margin-left : 1em;  /*Adjusted by langauge files*/
-	padding     : 3px 5px 2px 4px; /*TRBL*/
-	background-color: #EEE;
-	}
-
-a { border: 1px solid transparent; color: rgb(100,45,0); text-decoration: none; }
-a:focus  { border: 1px solid #807568; background-color: rgb(255,250,150); }
-a:hover  { border: 1px solid #807568; background-color: rgb(255,250,150); }
-a:active { border: 1px solid #807568; background-color: rgb(245,245,50);  }
-
-/*** Select All [x]  [Move] [Copy] [Delete] ***/
-
-#select_all_th { min-width: 60px ; max-width: 70px; text-align: right; padding:  0 3px 0 0px; } /*TRBL*/
-
-#select_all_label { 
-	Xdisplay: inline-block;     /* //##### when select all was above table, not in it*/
-	font   : 400 .84em arial;
-	Xwidth  : 72px;			    /* //##### when select all was above table, not in it*/
-	Xpadding: 2px 0 0 2px;      /* //##### when select all was above table, not in it*/
-	color  : #333;
-	}
-
-#mcd_submit button {
-	height   : 1.55em;
-	cursor   : pointer;
-	border   : 1px solid #807568;
-	padding  : 0px 4px 0px 3px; /*TRBL*/
-	margin-top  :  .5em;  /* Helps align bottoms with New & Upload buttons */
-	margin-left : 0.0em;  /* no longer needs adjusted by langauge files */
-	margin-right: 1.0em;  /* Adjusted by language files */
-	font-size: .9em;
-	color    : rgb(100,45,0);
-	background-color: #EEE;
-	}
-
-#mcd_submit button:focus  { background-color: rgb(255,250,150); }
-#mcd_submit button:hover  { background-color: rgb(255,250,150); }
-#mcd_submit button:active { background-color: rgb(245,245,50); }
-
-.buttons_right         { float: right; }
-.buttons_right .button { margin-left: .5em; }
-
-.button {
-	cursor : pointer;
-	border : 1px solid #807568;
-	color  : black;
-	padding    : 4px 10px; /*Adjusted by langauge files*/
-	font-size  : .9em;     /*Adjusted by langauge files*/
-	font-family: sans-serif;
-	background-color: #EEE;  /*#d4d4d4*/
-	}
-
-.button:active    { background-color: rgb(245,245,50); }                  /*first                 */
-.button[disabled] { color: #777; background-color: #EEE; cursor: default} /*second - order matters*/
-
-
-/* --- header --- */
-
-.nav {
-	float     : right;
-	display   : inline-block;
-	margin-top: 1.35em;
-	font-size : 1em;
-	}
-
-.nav a {
-	border: 1px solid transparent;
-	font-weight : bold;
-	padding     : .0em;
-	padding-top   : .2em;
-	padding-left  : .6em;
-	padding-right : .6em;
-	padding-bottom: .1em;
-	}
-
-.nav a:hover  { border: 1px solid #807568; }
-.nav a:focus  { border: 1px solid #807568; }
-.nav a:active { border: 1px solid #807568; }
-
-
-/* --- edit --- */
-
-#edit_header  {margin: 0;}
-
-#edit_form    {margin: 0;}
-
-.edit_disabled {
-	border : 1px solid #807568;
-	width  : 99%;
-	padding: .2em;
-	margin : .5em 0 .6em 0;
-	color  : #333;
-	background-color: #FFF000;
-	line-height: 1.4em;
-	}
-
-.view_file { font: .9em Courier; background-color: #F8F8F8; overflow:hidden}
-
-#file_editor {
-	border: 1px solid #999;
-	font  : .9em Courier;
-	margin: 0 0 .7em 0;
-	width : 99.8%;
-	height: 32em;
-	}
-
-#file_editor:focus { border: 1px solid #Fdd; }
-
-.file_meta	{ float: left; margin-top: .6em; font-size: .95em; color: #222; }
-
-#edit_notes { font-size: .8em; color: #333 ;margin-top: 1em; clear:both; }
-
-.notes      { margin-bottom: .4em; }
-
-
-/* --- log in --- */
-
-.login_page {
-	border  : 1px solid #807568;
-	width   : 370px;
-	margin  : 5em auto;
-	padding : .5em 1.2em .1em 1em;
-	}
-
-.login_page .nav { margin-top: .5em; }
-
-.login_page input {margin: 0 0 .7em 0;}
-
-
-hr { /*-- -- -- -- -- -- --*/
-	line-height  : 0;
-	Xfont-size    : 1px;
-	display : block;
-	position: relative;
-	padding : 0;
-	margin  : .6em auto;
-	width   : 100%;
-	clear   : both;
-	border  : none;
-	border-top   : 1px solid #807568;
-	Xborder-bottom: 1px solid #eee;
-	overflow: visible;
-	}
-
-
-.verify {
-	min-width       : 50%; 
-	font            : 1em Courier;
-	border          : 1px solid gray;
-	border-collapse : collapse;
-	background-color: white;
-	}
-
-.verify th {
-	border          : 1px solid gray;
-	padding         : 0 1em 0 1em;
-	text-align      : center;
-	font-weight     : 900;
-	font-family     : arial;
-	background-color: #EEE;
-	}
-
-.verify td {
-	border : 1px inset silver;
-	padding: .1em 1em .1em .5em;
-	vertical-align: middle;
-	}
-
-.verify_del {
-	font  : 1em Courier;
-	border: 1px solid #F00;
-	padding: .2em .4em;
-	color  : #222;
-	background-color: #FDD;
-	}
-
-.verify_del td { border: 1px solid #F44; }
-
-
-#admin {padding: .3em;}
-
-.admin_buttons .button {margin-right: .5em;}
-
-.clear {clear:both; padding: 0; margin: 0; border: none}
-
-.web_root { border: 0px solid  #807568; border-right: none; font: 1em Courier; padding: 1px; }
-
-.icon {float: left;}
-
-.mono {font-family: courier;}
-
-.info {margin: .7em 0 .5em 0; background: #f9f9f9; padding: .2em .5em;}
-
-.path {padding: 1px 5px 1px 5px} /*TRBL*/
-
-.timer {border: 1px solid gray; padding: 3px .5em 4px .5em;}
-
-.timeout {float:right; font-size: .95em; color: #333;}
-
-.edit_btns_top {margin: .2em 0 .5em 0;}
-
-.image_info {
-	color: #222;
-	font-size: 1em ; /*Adjusted by langauge files*/
-	margin: .7em 0 1em 0;
-	}
-
-.edit_btns_bottom {float: right;}
-.edit_btns_bottom .button { margin-left: .7em; } /*Adjusted by langauge files*/
-.edit_btns_bottom .RCD { padding-left: 5px; padding-right: 6px; }
-.edit_btns_bottom svg  { padding : 0 4px 0 0; }
-
-input[type="text"].new_name {width  : 50%; margin-bottom: .2em;}
-
-.old_backup_T {float: left; margin-bottom: .3em;}
-
-#del_backup   {float: left; margin-left  :  1em; padding: 2px 5px}
-
-/*** For old IE only: text "icons" for Rename, Copy, and Delete ***/
-.RCD1  {font: 900 7pt arial; padding: 0px 3px 0px 3px; margin: 0px; float: left}
-.R    {color: #00a;    border: 1px solid #804000}
-.C    {color: #006400; border: 1px solid #008400}
-.D    {color: #b00;    border: 1px solid #b00}
-
-.action   {display: inline-block}
-.ren_over {display: inline-block}
-.ren_over input {margin: 0 0 0 2em}
-.ren_over label {font-weight: normal}
-
-#summary {font-size: .9em; text-align: center}

From daee97dfc72f1980cfe1f8dccac69adb1d3b5f08 Mon Sep 17 00:00:00 2001
From: Self-Evident <selfevidenttruths@mail.com>
Date: Sat, 22 Feb 2014 17:10:00 -0500
Subject: [PATCH 177/228] Version 3.5.01

Switched all use of hte() to hsc(). hte() is superfluous with UTF-8.
Updated comments about hsc() & hte()
On innHTML = <?php echo addslashes($value) ?>, switched addslashes() to hsc().
System_Setup(): added function validate_units($cssvalue).  Just because.
$_['ext']: changed from just 'ext' to  '.ext';
New: $_['folders_first_info']
Added hsc() where needed in a few places.
New: function Send_data_to_js().  Split out from Index_Page().
Get_DIRECTORY_DATA(): check if file_exists() in case of encoding error.
Index_Page_scripts(): changed some js CONSTANTS & flags for sort_DIRECTORY().
sort_DIRECTORY(): Changed logic. A little more verbose, but seems clearer.
In prep for an upcoming bug fix:
  added $ENC_OS, $ENC_UA, and $CLIENT_OS
  Also, tagged several places (with //##### ) where file system calls are made.
  The $filename strings used in the calls may need to be encoded with something
  other than UTF-8, depending on the underlying OS's filesystem.
    (such as NTFS, which uses UTF-16)
---
 info/OneFileCMS_structure.txt    |   7 +-
 info/changelog.markdown          |  12 +-
 languages/OneFileCMS.LANG.DE.php |   7 +-
 languages/OneFileCMS.LANG.EN.php |   7 +-
 languages/OneFileCMS.LANG.ES.php |   7 +-
 languages/OneFileCMS.LANG.NL.php |   7 +-
 languages/OneFileCMS.LANG.RU.php |   7 +-
 onefilecms.php                   | 371 +++++++++++++++++--------------
 readme.markdown                  |   8 +-
 9 files changed, 240 insertions(+), 193 deletions(-)

diff --git a/info/OneFileCMS_structure.txt b/info/OneFileCMS_structure.txt
index 9026c87..334d613 100755
--- a/info/OneFileCMS_structure.txt
+++ b/info/OneFileCMS_structure.txt
@@ -1,4 +1,4 @@
-OneFileCMS Version 3.5 structure/layout
+OneFileCMS Version 3.501 structure/layout
 
 LICENSE
 
@@ -59,9 +59,10 @@ PAGE & RESPONSE FUNCTIONS:
 	Logout()
 	Login_Page()
 	Login_response()
-	Get_DIRECTORY_DATA()
 	Create_Table_for_Listing()
-    Index_Page_buttons_top
+	Get_DIRECTORY_DATA()
+	Send_data_to_js()
+	Index_Page_buttons_top()
 	Index_Page()
 	Edit_Page_buttons_top()
 	Edit_Page_buttons()
diff --git a/info/changelog.markdown b/info/changelog.markdown
index 717bc9a..bc11a96 100755
--- a/info/changelog.markdown
+++ b/info/changelog.markdown
@@ -1,6 +1,16 @@
 # OneFileCMS Change Log
 
-### v3.5 (February 20, 2014)
+### v3.5.01 (February 22, 2014)
+
+- Mostly behind the scenes stuff...
+- Replaced use of htmlentities() (hte()) with htmlspecialchars() (hsc()).  With UTF-8, htmlentites() is superluous.
+- Added hsc() to s number of strings where should have already been.
+- Changed directory sort function a bit. Note: when selecting/deselecting the 'folders first' option, the primary sort will be the last sorted column.
+- Split out a new function, Send_data_to_js(), from Index_Page().
+- Also, in prep for an upcoming update, tagged several places (with //##### ) where file system calls are made. The $filename strings used in the calls may need to be encoded with something   other than UTF-8, depending on the underlying OS's filesystem. 
+    (such as NTFS, which uses UTF-16)
+
+### v3.5 (February 19, 2014)
 
 - The directory list can now be sorted by column: name, .ext, size, date.
 - Also has an option to list folders first, or to sort without regard to file or folder.
diff --git a/languages/OneFileCMS.LANG.DE.php b/languages/OneFileCMS.LANG.DE.php
index 791799e..ee118b1 100755
--- a/languages/OneFileCMS.LANG.DE.php
+++ b/languages/OneFileCMS.LANG.DE.php
@@ -1,5 +1,5 @@
 <?php
-// OneFileCMS Language Settings v3.4.23
+// OneFileCMS Language Settings v3.5.01
 
 $_['LANGUAGE'] = 'Deutsch';
 $_['LANG'] = 'DE';
@@ -45,7 +45,7 @@
 $_['Enter']    = 'Eintreten';
 $_['Error']    = 'Fehler';
 $_['errors']   = 'Fehler';
-$_['ext']      = 'ext';     //## NT ##
+$_['ext']      = 'ext';
 $_['File']     = 'Datei';
 $_['files']    = 'files';   //## NT ##
 $_['Folder']   = 'Ordner';
@@ -64,8 +64,8 @@
 $_['To']       = 'Auf';
 $_['Upload']   = 'Heraufladen';
 $_['Username'] = 'Benutzername';
+$_['Working']  = 'Working - please wait...'; //## NT ##
 
-$_['Working']        = 'Working - please wait...'; //## NT ##
 $_['Log_In']         = 'Anmelden';
 $_['Log_Out']        = 'Abmelden';
 $_['Admin_Options']  = 'Konfiguration Optionen';
@@ -76,6 +76,7 @@
 $_['Ren_Move']       = 'Umbenennen / Verschieben';
 $_['Ren_Moved']      = 'Umbenannt / Verschoben';
 $_['folders_first']  = 'folders first'; //## NT ##
+$_['folders_first_info'] = 'Sort folders first, but don\'t change primary sort.'; //## NT ##
 $_['New_Folder']     = 'Neuer Ordner';
 $_['Ren_Folder']     = 'Ordner umbenennen/verschieben';
 $_['Submit']         = 'Anfrage senden';
diff --git a/languages/OneFileCMS.LANG.EN.php b/languages/OneFileCMS.LANG.EN.php
index 3a2b189..fe7e904 100755
--- a/languages/OneFileCMS.LANG.EN.php
+++ b/languages/OneFileCMS.LANG.EN.php
@@ -1,5 +1,5 @@
 <?php
-// OneFileCMS Language Settings v3.4.23
+// OneFileCMS Language Settings v3.5.01
 
 $_['LANGUAGE'] = 'English';
 $_['LANG'] = 'EN';
@@ -45,7 +45,7 @@
 $_['Enter']    = 'Enter';
 $_['Error']    = 'Error';
 $_['errors']   = 'errors';
-$_['ext']      = 'ext';     //## NT ## filename.ext(ension)
+$_['ext']      = '.ext';    //filename[.ext]ension
 $_['File']     = 'File';
 $_['files']    = 'files';
 $_['Folder']   = 'Folder';
@@ -64,8 +64,8 @@
 $_['To']       = 'To';
 $_['Upload']   = 'Upload';
 $_['Username'] = 'Username';
+$_['Working']  = 'Working - please wait...';
 
-$_['Working']        = 'Working - please wait...';
 $_['Log_In']         = 'Log In';
 $_['Log_Out']        = 'Log Out';
 $_['Admin_Options']  = 'Administration Options';
@@ -76,6 +76,7 @@
 $_['Ren_Move']       = 'Rename / Move';
 $_['Ren_Moved']      = 'Renamed / Moved';
 $_['folders_first']  = 'folders first'; //## NT ##
+$_['folders_first_info'] = 'Sort folders first, but don\'t change primary sort.'; //## NT ##
 $_['New_Folder']     = 'New Folder';
 $_['Ren_Folder']     = 'Rename / Move Folder';
 $_['Submit']         = 'Submit Request';
diff --git a/languages/OneFileCMS.LANG.ES.php b/languages/OneFileCMS.LANG.ES.php
index 146931d..c02d4fd 100755
--- a/languages/OneFileCMS.LANG.ES.php
+++ b/languages/OneFileCMS.LANG.ES.php
@@ -1,5 +1,5 @@
 <?php
-// OneFileCMS Language Settings v3.4.23
+// OneFileCMS Language Settings v3.5.01
 
 $_['LANGUAGE'] = 'Espanõla';
 $_['LANG'] = 'ES';
@@ -45,7 +45,7 @@
 $_['Enter']    = 'Entrar';
 $_['Error']    = 'Error';   //## NT ##
 $_['errors']   = 'errores';
-$_['ext']      = 'ext';     //## NT ##
+$_['ext']      = 'ext';
 $_['File']     = 'Archivo';
 $_['files']    = 'files';   //## NT ##
 $_['Folder']   = 'Carpeta';
@@ -64,8 +64,8 @@
 $_['To']       = 'Hacia';
 $_['Upload']   = 'Subir';
 $_['Username'] = 'Usuario';
+$_['Working']  = 'Working - please wait...'; //## NT ##
 
-$_['Working']        = 'Working - please wait...'; //## NT ##
 $_['Log_In']         = 'Iniciar Sesión';
 $_['Log_Out']        = 'Cerrar Sesión';
 $_['Admin_Options']  = 'Opciones de Administración';
@@ -76,6 +76,7 @@
 $_['Ren_Move']       = 'Renombrar / Mover';
 $_['Ren_Moved']      = 'Renombrado / Movido';
 $_['folders_first']  = 'folders first'; //## NT ##
+$_['folders_first_info'] = 'Sort folders first, but don\'t change primary sort.'; //## NT ##
 $_['New_Folder']     = 'Carpeta Nueva';
 $_['Ren_Folder']     = 'Renombrar / Mover Carpeta';
 $_['Submit']         = 'Cargar';
diff --git a/languages/OneFileCMS.LANG.NL.php b/languages/OneFileCMS.LANG.NL.php
index 23c0e9d..aa37d66 100755
--- a/languages/OneFileCMS.LANG.NL.php
+++ b/languages/OneFileCMS.LANG.NL.php
@@ -1,5 +1,5 @@
 <?php
-// OneFileCMS Language Settings v3.4.23
+// OneFileCMS Language Settings v3.5.01
 
 $_['LANGUAGE'] = 'Nederlands (Dutch)';
 $_['LANG'] = 'NL';
@@ -45,7 +45,7 @@
 $_['Enter']    = 'Enter';   //## NT ##
 $_['Error']    = 'Fout';
 $_['errors']   = 'fouten';
-$_['ext']      = 'ext';     //## NT ##
+$_['ext']      = 'ext';
 $_['File']     = 'Bestand';
 $_['files']    = 'files';   //## NT ##
 $_['Folder']   = 'Map';
@@ -64,8 +64,8 @@
 $_['To']       = 'Aan';
 $_['Upload']   = 'Upload';  //## NT ##
 $_['Username'] = 'Gebruikersnaam';
+$_['Working']  = 'Working - please wait...'; //## NT ##
 
-$_['Working']        = 'Working - please wait...'; //## NT ##
 $_['Log_In']         = 'Inloggen';
 $_['Log_Out']        = 'Uitloggen';
 $_['Admin_Options']  = 'Opties voor beheer';
@@ -76,6 +76,7 @@
 $_['Ren_Move']       = 'Hernoemen / Verplaatsen';
 $_['Ren_Moved']      = 'Hernoemend / Verplaatst';
 $_['folders_first']  = 'folders first'; //## NT ##
+$_['folders_first_info'] = 'Sort folders first, but don\'t change primary sort.'; //## NT ##
 $_['New_Folder']     = 'Nieuwe Map';
 $_['Ren_Folder']     = 'Hernoem / Verplaats Map';
 $_['Submit']         = 'Verzoek Indienen';
diff --git a/languages/OneFileCMS.LANG.RU.php b/languages/OneFileCMS.LANG.RU.php
index 463a3cb..0fdc09d 100755
--- a/languages/OneFileCMS.LANG.RU.php
+++ b/languages/OneFileCMS.LANG.RU.php
@@ -1,5 +1,5 @@
 <?php
-// OneFileCMS Language Settings v3.4.23
+// OneFileCMS Language Settings v3.5.01
 
 $_['LANGUAGE'] = 'Russian';
 $_['LANG'] = 'RU';
@@ -45,7 +45,7 @@
 $_['Enter']    = 'Вход';
 $_['Error']    = 'Ошибка';
 $_['errors']   = 'ошибки';
-$_['ext']      = 'ext';     //## NT ##
+$_['ext']      = 'ext';
 $_['File']     = 'Файл';
 $_['files']    = 'files';   //## NT ##
 $_['Folder']   = 'Папка';
@@ -64,8 +64,8 @@
 $_['To']       = 'В';
 $_['Upload']   = 'Загрузить';
 $_['Username'] = 'Логин';
+$_['Working']  = 'Working - please wait...'; //## NT ##
 
-$_['Working']        = 'Working - please wait...'; //## NT ##
 $_['Log_In']         = 'Войти';
 $_['Log_Out']        = 'Выйти';
 $_['Admin_Options']  = 'Настройки Администратора';
@@ -76,6 +76,7 @@
 $_['Ren_Move']       = 'Переименовать / Переместить';
 $_['Ren_Moved']      = 'Переименованно / Перемещенно';
 $_['folders_first']  = 'folders first'; //## NT ##
+$_['folders_first_info'] = 'Sort folders first, but don\'t change primary sort.'; //## NT ##
 $_['New_Folder']     = 'Новая папка';
 $_['Ren_Folder']     = 'Переименовать / Переместить папку';
 $_['Submit']         = 'Отправить изменения';
diff --git a/onefilecms.php b/onefilecms.php
index 3fcc659..8811750 100755
--- a/onefilecms.php
+++ b/onefilecms.php
@@ -1,7 +1,7 @@
-<?php 
+<?php mb_internal_encoding('utf-8');
 // OneFileCMS - github.com/Self-Evident/OneFileCMS
 
-$OFCMS_version = '3.5';
+$OFCMS_version = '3.5.01';
 
 /*******************************************************************************
 Except where noted otherwise:
@@ -161,7 +161,16 @@ function System_Setup() { //****************************************************
 	$TO_WARNING, $INVALID_CHARS, $WHSPC_SLASH, $VALID_PAGES, 
 	$ONESCRIPT,  $ONESCRIPT_file, $ONESCRIPT_backup, $ONESCRIPT_file_backup, 
 	$CONFIG_backup, $CONFIG_FILE,$CONFIG_FILE_backup, $VALID_CONFIG_FILE, 
-	$DOC_ROOT, $WEB_ROOT, $WEBSITE, $PRE_ITERATIONS, $EX, $message;
+	$DOC_ROOT, $WEB_ROOT, $WEBSITE, $PRE_ITERATIONS, $EX, $message,
+	$CLIENT_OS, $ENC_OS, $ENC_UA;
+
+$ENC_OS = 'UTF-8'; //Operating System (Default).  For Windows, use Windows-1252 or ISO-8859-1.
+$ENC_UA = 'UTF-8'; //User Agent - for general use & display.
+
+$CLIENT_OS = php_uname("s"); //Needed when accessing non-ascii/UTF-8 filenames.
+if ($CLIENT_OS == 'Windows NT') {$ENC_OS = 'Windows-1252';} 
+
+mb_detect_order("UTF-8, Windows-1252, ISO-8859-1, ASCII");
 
 $DOC_ROOT = $_SERVER['DOCUMENT_ROOT'].'/'; //root folder of website.
 
@@ -169,8 +178,6 @@ function System_Setup() { //****************************************************
 //This also effects the path in an include("path/somefile.php")
 chdir($DOC_ROOT); 
 
-mb_internal_encoding('utf-8');
-
 $INVALID_CHARS = '< > ? * : " | / \\'; //Illegal characters for file & folder names.  Space deliminated.
 $WHSPC_SLASH = "\x00..\x20/";  //Whitespace & forward slash. For trimming file & folder name inputs.
 
@@ -178,10 +185,10 @@ function System_Setup() { //****************************************************
 $WEB_ROOT  = basename($DOC_ROOT).'/'; //Used only for screen output - Non-url use.
 $WEBSITE   = $_SERVER['HTTP_HOST'].'/';
 
-$ONESCRIPT_file        = $_SERVER['SCRIPT_FILENAME'];  //Non-url use
+$ONESCRIPT_file        = $_SERVER['SCRIPT_FILENAME'];  //Non-url file system use.
 $ONESCRIPT_backup      = $ONESCRIPT.'.BACKUP.php';       //used for p/w & u/n updates.
 $ONESCRIPT_file_backup = $ONESCRIPT_file.'.BACKUP.php';  //used for p/w & u/n updates.
-$LOGIN_ATTEMPTS        = $ONESCRIPT_file.'.invalid_login_attempts';
+$LOGIN_ATTEMPTS        = $ONESCRIPT_file.'.invalid_login_attempts'; //Non-url file system use.
 
 //If specified & found, include external config file. Otherwise clear it.
 $VALID_CONFIG_FILE = 0;
@@ -193,8 +200,8 @@ function System_Setup() { //****************************************************
 	$CONFIG_FILE_backup    = $CONFIG_FILE.'.BACKUP.php';                 //used for p/w & u/n updates.
 }
 elseif ( isset($CONFIG_FILE) && !is_file($CONFIG_FILE) ) {
-	$message .= $EX.'<b>$CONFIG_FILE '.$_['Not_found'].':</b> '.$CONFIG_FILE.'<br>';
-	$message .= '<b>getcwd() == </b>'.getcwd().'<br>';
+	$message .= $EX.'<b>$CONFIG_FILE '.hsc($_['Not_found']).':</b> '.$CONFIG_FILE.'<br>';
+	$message .= '<b>getcwd() == </b>'.hsc(getcwd()).'<br>';
 	$CONFIG_FILE = '';
 }
 
@@ -211,7 +218,7 @@ function System_Setup() { //****************************************************
 //If specified, clean up & validate $ACCESS_ROOT.
 if (!isset($ACCESS_ROOT)) { $ACCESS_ROOT = ''; } //At least make sure it's set.
 if (!is_dir($_SERVER['DOCUMENT_ROOT'].'/'.$ACCESS_ROOT) || (Check_path($ACCESS_ROOT,1) === false) ) {
-	$message .= $EX.'<b>$ACCESS_ROOT '.$_['Invalid_path'].': </b>'.$ACCESS_ROOT.'<br>';
+	$message .= $EX.'<b>$ACCESS_ROOT '.hsc($_['Invalid_path']).': </b>'.$ACCESS_ROOT.'<br>';
 	$ACCESS_ROOT = '';
 }
 if ($ACCESS_ROOT != '') { $ACCESS_ROOT = trim($ACCESS_ROOT, ' /').'/';}
@@ -219,18 +226,18 @@ function System_Setup() { //****************************************************
 $ACCESS_ROOT_len = mb_strlen($ACCESS_ROOT, $ACCESS_ROOT_enc);
 
 
-//Determine if valid units are set for $MAIN_WIDTH.  If not, assume px.
-$main_units   = substr($MAIN_WIDTH, -2); //should be px, pt, em, or %.
-if ( ($main_units != "px") && ($main_units != "pt") && ($main_units != "em") && (substr($MAIN_WIDTH, -1) != '%')) {
-	$MAIN_WIDTH = ($MAIN_WIDTH * 1).'px';
-}
+function validate_units($cssvalue) { //****************
+	//Determine if valid units are set for $cssvalue:  px, pt, em, or %.
+	$main_units   = substr($cssvalue, -2); 
+	if ( ($main_units != "px") && ($main_units != "pt") && ($main_units != "em") && (substr($cssvalue, -1) != '%')) {
+		$cssvalue = ($cssvalue * 1).'px';   //If not, assume px.
+	}
+	return $cssvalue;
+}//end valid_units() //********************************
 
+$MAIN_WIDTH      = validate_units($MAIN_WIDTH);
 
-//Determine if valid units are set for $WIDE_VIEW_WIDTH.  If not, assume px.
-$main_units   = substr($WIDE_VIEW_WIDTH, -2); //should be px, pt, em, or %.
-if ( ($main_units != "px") && ($main_units != "pt") && ($main_units != "em") && (substr($WIDE_VIEW_WIDTH, -1) != '%')) {
-	$WIDE_VIEW_WIDTH = ($WIDE_VIEW_WIDTH * 1).'px';
-}
+$WIDE_VIEW_WIDTH = validate_units($WIDE_VIEW_WIDTH);
 
 
 //Requires PHP 5.1, due to changes in some functions.
@@ -276,11 +283,10 @@ function System_Setup() { //****************************************************
 //#####  #######################################################################
 //Regarding hsc() & hte():
 //Using mb_detect_encoding() (partly) solves an issue on my XP based test setup.
-//But, mb_detect_encoding() return ASCII as appropriate, which htmlentities doesn't recognize.
-//So, we just change it to UTF-8.
-//However, since everything should be in UTF-8, use of htmlentities() is superfluous
-//and may be replaced with just htmlspecialchars() / hsc().
-//But, the replacement will happen only after additional research to confirm the logic/results.
+//But, mb_detect_encoding() may return ASCII, which htmlentities/speicalchars don't recognize.
+//So, just change $enc to UTF-8, of which ASCII is a subset.
+//Additionally, since everything is displayed in UTF-8, use of htmlentities() is superfluous,
+//and was replaced with just htmlspecialchars() / hsc() in v3.5.01
 //#####  #######################################################################
 
 function hsc($input) { //*******************************************************
@@ -289,18 +295,12 @@ function hsc($input) { //*******************************************************
 	return htmlspecialchars($input, ENT_QUOTES, $enc);
 }//end hsc() //*****************************************************************
 
-function hte($input) { //*******************************************************
-	$enc = mb_detect_encoding($input);
-	if ($enc == 'ASCII') {$enc = 'UTF-8';}
-	return htmlentities($input, ENT_QUOTES, $enc);
-}//end hte() //*****************************************************************
-
 
 
 
 function Default_Language() { // ***********************************************
 	global $_;
-// OneFileCMS Language Settings v3.4.23
+// OneFileCMS Language Settings v3.5.01
 
 $_['LANGUAGE'] = 'English';
 $_['LANG'] = 'EN';
@@ -344,7 +344,7 @@ function Default_Language() { // ***********************************************
 $_['Enter']   = 'Enter';
 $_['Error']   = 'Error';
 $_['errors']  = 'errors';
-$_['ext']     = 'ext';  // filename.ext(ension)
+$_['ext']     = '.ext';  // filename[.ext]ension
 $_['File']    = 'File';
 $_['files']   = 'files';
 $_['Folder']  = 'Folder';
@@ -374,6 +374,7 @@ function Default_Language() { // ***********************************************
 $_['Ren_Move']       = 'Rename / Move';
 $_['Ren_Moved']      = 'Renamed / Moved';
 $_['folders_first']  = 'folders first'; //## NT ##
+$_['folders_first_info'] = 'Sort folders first, but don\'t change primary sort.'; //## NT ##
 $_['New_Folder']     = 'New Folder';
 $_['Ren_Folder']     = 'Rename / Move Folder';
 $_['Submit']         = 'Submit Request';
@@ -803,14 +804,14 @@ function Get_GET() { //*** Get main parameters *********************************
 	if (isset($_GET["f"])) { $filename = $ipath.$_GET["f"]; } else { $filename = ""; }
 	if ( ($filename != "") && !is_file($filename)  ) {
 		$message .= $EX.'<b>'.hsc($_['get_get_msg_01']).'</b> ';
-		$message .= hte(dir_name($filename)).'<b>'.hte(basename($filename)).'</b><br>';
+		$message .= hsc(dir_name($filename)).'<b>'.hsc(basename($filename)).'</b><br>';
 		$filename = "";
 	}
 
 	//Initialize & validate $page
 	if (isset($_GET["p"])) { $page = $_GET["p"]; } else { $page = "index"; }
 	if (!in_array($page, $VALID_PAGES)) {
-		$message .= $EX.hsc($_['get_get_msg_02']).' <b>'.hte($page).'</b><br>';
+		$message .= $EX.hsc($_['get_get_msg_02']).' <b>'.hsc($page).'</b><br>';
 		$page = "index";  //If invalid $_GET["p"]
 	}
 }//end Get_GET() //*************************************************************
@@ -947,7 +948,7 @@ function Check_path($path, $show_msg = false) { //******************************
 
 
 
-
+//##### 
 function is_empty($path){ //****************************************************
 	if ($path == "") {$path = '.';}
 	$empty = false;
@@ -959,7 +960,7 @@ function is_empty($path){ //****************************************************
 
 
 
-
+//##### 
 function Sort_Seperate($path, $full_list){ //***********************************
 	//Sort list, then seperate folders & files
 
@@ -978,7 +979,7 @@ function Sort_Seperate($path, $full_list){ //***********************************
 
 
 
-
+//##### 
 function ordinalize($destination,$filename, &$msg) { //*************************
 //if file_exists(file.txt), ordinalize filename until it doesn't
 //ie: file.txt.001,  file.txt.002, file.txt.003  etc...
@@ -995,7 +996,7 @@ function ordinalize($destination,$filename, &$msg) { //*************************
 			$ordinal = sprintf("%03d", ++$ordinal); //  001, 002, 003, etc...
 			$savefile = $destination.$filename.'.'.$ordinal;
 		}
-		$msg .= '<b>'.hsc($_['ord_msg_02']).':</b> <span class="filename">'.hte(basename($savefile)).'</span>';
+		$msg .= '<b>'.hsc($_['ord_msg_02']).':</b> <span class="filename">'.hsc(basename($savefile)).'</span>';
 	}
 	return $savefile;
 }//end ordinalize() //**********************************************************
@@ -1018,7 +1019,7 @@ function supports_svg() { //****************************************************
 
 
 
-
+//##### 
 function rCopy( $old_path, $new_path ) { //*************************************
 	//Recursively copy $old_path to $new_path
 	global $_, $WHSPC_SLASH, $EX, $message;
@@ -1035,7 +1036,7 @@ function rCopy( $old_path, $new_path ) { //*************************************
 	while (strlen($test_path) >= strlen($old_path)) {
 		$test_path = dirname($test_path);
 		if ( $test_path == $old_path ) {
-			$message .= $EX.' <b>'.$_['rCopy_msg_01'].'</b><br>';
+			$message .= $EX.' <b>'.hsc($_['rCopy_msg_01']).'</b><br>';
 			return false;
 		}
 	}
@@ -1062,7 +1063,7 @@ function rCopy( $old_path, $new_path ) { //*************************************
 
 
 
-
+//##### 
 function rDel($path){ //********************************************************
 	//Recursively delete $path & all sub-folders & files.
 	//Returns number of successful unlinks & rmdirs.
@@ -1111,7 +1112,7 @@ function Current_Path_Header(){ //**********************************************
 	echo '<h2>';
 		//Root (or $ACCESS_ROOT) folder of web site.
 		$p1 = '?i='.URLencode_path($ACCESS_ROOT);
-		echo hte($unaccessable).'<a id="path_0" href="'.$ONESCRIPT.$p1.'" class="path">'.hte($_1st_accessable).'</a>/';
+		echo hsc($unaccessable).'<a id="path_0" href="'.$ONESCRIPT.$p1.'" class="path">'.hsc($_1st_accessable).'</a>/';
 		$x=0; //need here for focus() in case at webroot.
 		
 		if ($remaining_path != "" ) { //if not at root, show the rest
@@ -1123,7 +1124,7 @@ function Current_Path_Header(){ //**********************************************
 				$current_path .= $path_levels[$x].'/';
 				$p1 = '?i='.URLencode_path($ACCESS_ROOT.$current_path);
 				echo '<a id="path_'.($x+1).'" href="'.$ONESCRIPT.$p1.'" class="path">';
-				echo hte($path_levels[$x]).'</a>/';
+				echo hsc($path_levels[$x]).'</a>/';
 			}
 		}//end if (not at root)
 	echo '</h2>';
@@ -1150,7 +1151,7 @@ function Page_Header(){ //******************************************************
 		
 		echo '<div class="nav">';
 			echo '<b><a href="/" target="_blank">'.$favicon.' ';
-			echo hte($WEBSITE).'</a></b>';
+			echo hsc($WEBSITE).'</a></b>';
 			if ($page != "login") {	echo ' | <a href="'.$ONESCRIPT.'?p=logout">'.hsc($_['Log_Out']).'</a>'; }
 		echo '</div><div class=clear></div>';
 	echo '</div>';//<!-- end header -->
@@ -1352,13 +1353,13 @@ function icon_folder($extra = ""){ //**********************************
 
 
 
-
+//##### 
 function List_Backup($file, $file_url){ //**************************************
 	global $_, $ONESCRIPT, $ICONS;
 
 	clearstatcache ();
 	$href = $ONESCRIPT.'?i='.dir_name(trim($file_url,'/')).'&amp;f='.basename($file_url);
-	$edit_link = '<a href="'.$href.'&amp;p=edit'.'" id="old_backup">'.hte(basename($file)).'</a>';
+	$edit_link = '<a href="'.$href.'&amp;p=edit'.'" id="old_backup">'.hsc(basename($file)).'</a>';
 ?>
 	<table class="index_T old_backup_T"><tr>
 	<td class="file_name"><?php echo $edit_link; ?></td>
@@ -1529,13 +1530,13 @@ function Change_PWUN_Page($pwun, $type, $page_title, $label_new, $label_confirm)
 
 
 
-
+//##### 
 //******************************************************************************
 function Update_config($search_for, $replace_with, $search_file, $backup_file) {
 	global  $_, $EX, $message;
 
 	if ( !is_file($search_file) ) {
-		$message .= $EX.' <b>'.$_['Not_found'].': </b>'.$search_file.'<br>';
+		$message .= $EX.' <b>'.hsc($_['Not_found']).': </b>'.hsc($search_file).'<br>';
 		return false;
 	}
 
@@ -1554,8 +1555,8 @@ function Update_config($search_for, $replace_with, $search_file, $backup_file) {
 		}
 	}
 
-	//This should not happen...
-	if (!$found){ $message .= $EX.' <b>'.$_['Not_found'].': </b>'.$search_for.'<br>'; return false; }
+	//This should not happen, but just in case...
+	if (!$found){ $message .= $EX.' <b>'.hsc($_['Not_found']).': </b>'.hsc($search_for).'<br>'; return false; }
 	
 	copy($search_file, $backup_file); // Just in case...
 
@@ -1569,7 +1570,7 @@ function Update_config($search_for, $replace_with, $search_file, $backup_file) {
 
 
 
-
+//##### 
 function Change_PWUN_response($PWUN, $msg){ //**********************************
 	//Update $USERNAME or $HASHWORD. Default $page = changepw or changeun
 	global $_, $ONESCRIPT, $USERNAME, $HASHWORD, $EX, $message, $page, 
@@ -1613,10 +1614,10 @@ function Change_PWUN_response($PWUN, $msg){ //**********************************
 		
 		//If specified & it exists, update external config file.
 		if ( $VALID_CONFIG_FILE ) {
-			$message .= $_['change_pw_05'].' '.$_['change_pw_06'].'. . . ';
+			$message .= hsc($_['change_pw_05']).' '.hsc($_['change_pw_06']).'. . . ';
 			$updated = Update_config($search_for, $replace_with, $CONFIG_FILE, $CONFIG_FILE_backup);
 		}else{ //Update OneFileCMS
-			$message .= $_['change_pw_05'].' OneFileCMS . . . ';
+			$message .= hsc($_['change_pw_05']).' OneFileCMS . . . ';
 			$updated = Update_config($search_for, $replace_with, $ONESCRIPT_file, $ONESCRIPT_file_backup);
 		}
 		
@@ -1669,7 +1670,7 @@ function Login_Page() { //******************************************************
 
 
 
-
+//##### 
 function Login_response() { //**************************************************
 	global $_, $EX, $message, $page, $LOGIN_ATTEMPTS, $MAX_ATTEMPTS, $LOGIN_DELAY, $USERNAME, $HASHWORD;
 
@@ -1734,21 +1735,21 @@ function Create_Table_for_Listing() { //****************************************
 
 	<tr>
 	<th colspan=3 id="select_all_th">
-		<LABEL for=select_all id=select_all_label><?php echo $_['Select_All'] ?></LABEL></th>
+		<LABEL for=select_all id=select_all_label><?php echo hsc($_['Select_All']) ?></LABEL></th>
 	<th class="ckbox">
 		<INPUT TYPE=checkbox NAME=select_all id=select_all VALUE=select_all onclick="Select_All();"></th>
 	<th class="file_name ckbox" style="">
-		<label for=folders_first_ckbox id=folders_first_label>
+		<label for=folders_first_ckbox id=folders_first_label title="<?php  echo hsc($_['folders_first_info']) ?>">
 			<?php $ffparams = 'TYPE=checkbox NAME=folder_first id=folders_first_ckbox VALUE=folders_first checked'?>
-			<INPUT <?php echo $ffparams ?> onclick="sort_DIRECTORY(SORT_by, NORMAL);">
-			(<?php echo $_['folders_first'] ?>)
+			<INPUT <?php echo $ffparams ?> onclick="sort_DIRECTORY(SORT_by, SORT_order);">
+			(<?php echo hsc($_['folders_first']) ?>)
 		</label>
-		<a href="#" onclick="sort_DIRECTORY(1, REVERSE);return false"><?php echo $_['Name'] ?></a>
-		<a href="#" onclick="sort_DIRECTORY(5, REVERSE);return false" id=sort_type>[.<?php echo $_['ext'] ?>]</a></th>
+		<a href="#" onclick="sort_DIRECTORY(1, FLIP_IF);return false"><?php echo hsc($_['Name']) ?></a>
+		<a href="#" onclick="sort_DIRECTORY(5, FLIP_IF);return false" id=sort_type>(<?php echo hsc($_['ext']) ?>)</a></th>
 	<th class="file_size">
-		<a href="#" onclick="sort_DIRECTORY(2, REVERSE);return false"><?php echo $_['Size'] ?></a></th>
+		<a href="#" onclick="sort_DIRECTORY(2, FLIP_IF);return false"><?php echo hsc($_['Size']) ?></a></th>
 	<th class="file_time">
-		<a href="#" onclick="sort_DIRECTORY(3, REVERSE);return false"><?php echo $_['Date'] ?></a></th>
+		<a href="#" onclick="sort_DIRECTORY(3, FLIP_IF);return false"><?php echo hsc($_['Date']) ?></a></th>
 	</tr>
 
 	<?php //For directory content. Will insert the list later. (same for footer...) ?>
@@ -1760,22 +1761,21 @@ function Create_Table_for_Listing() { //****************************************
 
 
 
-
+//##### 
 function Get_DIRECTORY_DATA($basic_list) { //***********************************
 	global $_, $ONESCRIPT, $ipath, $param1, $ICONS,
 			$ftypes, $fclasses, $excluded_list, $stypes, $SHOWALLFILES, 
 			$DIRECTORY_COUNT, $DIRECTORY_DATA;
-	
+		
 	foreach ($basic_list as $filename) {
 		
-		$excluded = FALSE;
-		if (in_array($filename, $excluded_list)) { $excluded = TRUE; };
+		if (in_array($filename, $excluded_list)) {$excluded = TRUE;} else {$excluded = FALSE;}
 		
 		//Get file type & check against $stypes (files types to show)
 		$filename_parts = explode(".", strtolower($filename));
 		
 		$segments = count($filename_parts);
-		//Ignore if no $ext:  "filename"  or ".filename"
+		//Check for no $ext:  "filename"  or ".filename"
 		if( $segments === 1 || ( ($segments === 2) && ($filename_parts[0] === ""))) {
 				 $ext =  '';
 		} else { $ext = end($filename_parts); }
@@ -1786,7 +1786,7 @@ function Get_DIRECTORY_DATA($basic_list) { //***********************************
 		$IS_OFCMS = 0;
 		if ( $ipath.$filename == trim($_SERVER['SCRIPT_NAME'], '/') ) { $IS_OFCMS = 1; }
 		
-		//Determine if $filename is to be shown, save data
+		//If $filename is to be shown, save data...
 		if ( $SHOWTYPE && !$excluded ) {
 			
 			//Set icon type based on if dir, or file type ($ext).
@@ -1798,8 +1798,14 @@ function Get_DIRECTORY_DATA($basic_list) { //***********************************
 			elseif ($type == 'dir')        { $icon = $ICONS['folder']; }
 			else                           { $icon = $ICONS['bin']; } //default
 			
-			$file_size_raw = filesize($ipath.$filename);
-			$file_time_raw = filemtime($ipath.$filename);
+			//Get file size & date. Check if file_exists() in case of encoding conflicts with filename.
+			if (file_exists($ipath.$filename)) {
+				$file_size_raw = filesize($ipath.$filename);
+				$file_time_raw = filemtime($ipath.$filename);
+			} else {
+				$file_size_raw = -1; //Use -1 as an unobtrusive, but obvious, error flag.
+				$file_time_raw =  0; //Same as above, except use 0 which is 1970 Jan 1 00:00:00 GMT.
+			}
 			
 			//Store data
 			$DIRECTORY_DATA[$DIRECTORY_COUNT] = array('', '', 0, 0, 0, '');
@@ -1816,6 +1822,36 @@ function Get_DIRECTORY_DATA($basic_list) { //***********************************
 
 
 
+ 
+function Send_data_to_js() {//**************************************************
+	global $DIRECTORY_DATA, $DIRECTORY_COUNT;
+	//"send" DIRECTORY_DATA to javascript.
+	$data_for_js = "<script>\n";
+
+	$row = 0; //index after filter of . & ..
+	for ($x = 0; $x < $DIRECTORY_COUNT; $x++) {
+		$filename = $DIRECTORY_DATA[$x][1];
+		if ( ($filename != '.') && ($filename != '..') ) {; // skip . & ..
+			$data_for_js .= 'DIRECTORY_DATA['.$row++.'] = new Array(';
+			$data_for_js .= ' "'.     $DIRECTORY_DATA[$x][0].'"';	// "type"
+			$data_for_js .= ',"'.     addslashes($DIRECTORY_DATA[$x][1]).'"';	// "file name"
+			$data_for_js .= ', '.     $DIRECTORY_DATA[$x][2];		// filesize
+			$data_for_js .= ', '.     $DIRECTORY_DATA[$x][3];		// timestamp
+			$data_for_js .= ', '.     $DIRECTORY_DATA[$x][4];		// is_ofcms
+			$data_for_js .= ',"'.     addslashes($DIRECTORY_DATA[$x][5]).'"';	// "ext"
+			$data_for_js .= ");\n";
+		}//end skip . & ..
+	}//end for x
+
+	//Initial sort & display of the directory...
+	$data_for_js .= 'sort_DIRECTORY();'."\n"; //Initial sort by file name.
+
+	$data_for_js .= "</script>\n";
+	echo $data_for_js;
+}//end Send_data_to_js() {//****************************************************
+
+
+
 
 function Index_Page_buttons_top($file_count) { //*******************************
 	global $_, $ONESCRIPT, $param1, $ICONS;
@@ -1844,7 +1880,7 @@ function Index_Page_buttons_top($file_count) { //*******************************
 
 
 
-
+//##### 
 function Index_Page(){ //*******************************************************
 	global $_, $ICONS, $ONESCRIPT, $ipath, $param1, $param3, $HREF_params, 
 			$ftypes, $fclasses, $DIRECTORY_COUNT, $DIRECTORY_DATA;
@@ -1868,31 +1904,9 @@ function Index_Page(){ //*******************************************************
 
 	if ($file_count > 0) { Get_DIRECTORY_DATA($basic_list); }
 
-	echo "</form>\n\n";
-
-	//"send" DIRECTORY_DATA to javascript.
-	echo "<script>\n";
-
-	$row = 0; //index after filter of . & ..
-	for ($x = 0; $x < $DIRECTORY_COUNT; $x++) {
-		$filename = $DIRECTORY_DATA[$x][1];
-		if ( ($filename != '.') && ($filename != '..') ) {; // skip . & ..
-			$data_for_js  = 'DIRECTORY_DATA['.$row++.'] = new Array(';
-			$data_for_js .= ' "'.     $DIRECTORY_DATA[$x][0].'"';	// "type"
-			$data_for_js .= ',"'.     $DIRECTORY_DATA[$x][1].'"';	// "file name"
-			$data_for_js .= ', '.     $DIRECTORY_DATA[$x][2];		// filesize
-			$data_for_js .= ', '.     $DIRECTORY_DATA[$x][3];		// timestamp
-			$data_for_js .= ', '.     $DIRECTORY_DATA[$x][4];		// is_ofcms
-			$data_for_js .= ',"'.     $DIRECTORY_DATA[$x][5].'"';	// "ext"
-			$data_for_js .= ");\n";
-			echo $data_for_js;
-		}//end skip . & ..
-	}//end for x
-
-	//Initial sort & display of the directory...
-	echo 'sort_DIRECTORY(1, NORMAL);'; //initial sort by file name
+	echo "</form>\n";
 
-	echo "</script>\n";
+	Send_data_to_js();
 }//end Index_Page() //**********************************************************
 
 
@@ -1907,7 +1921,7 @@ function Edit_Page_buttons_top($text_editable,$file_ENC){ //********************
 		$set_cookie = "document.cookie='edit_mode=".(!$EDIT_MODE*1)."'; ";
 		$edit_page  = "parent.location='".$ONESCRIPT.$param1.$param2."&p=edit';";
 		$attribs    = 'type=button class=button id=on_off onclick="'.$set_cookie.$edit_page.'"';
-		$ON_OFF_button = '<button '.$attribs.'>'.$_['Edit'].' '.hte($ON_OFF_label).'</button>';
+		$ON_OFF_button = '<button '.$attribs.'>'.hsc($_['Edit']).' '.hsc($ON_OFF_label).'</button>';
 	}
 
 	//[Wide View] / [Normal View] button.
@@ -1968,7 +1982,7 @@ function Edit_Page_buttons($text_editable, $too_large_to_edit) { //*************
 		<?php
 		if ($text_editable && !$too_large_to_edit) { //Show save & reset only if editable file
 			echo Timeout_Timer($MAX_IDLE_TIME, 'timer1','timer', 'LOGOUT');
-			echo '<button type="submit" class="button" onclick="submitted = true;" id="save_file">'.$_['save_1'].'</button>';
+			echo '<button type="submit" class="button" onclick="submitted = true;" id="save_file">'.hsc($_['save_1']).'</button>';
 			echo $reset_button;
 			?><script>
 				document.getElementById("save_file").disabled = "<?php echo $disabled ?>";
@@ -2110,8 +2124,8 @@ function Edit_Page() { //*******************************************************
 	echo '<style>#message_box { min-height: 1.88em; }</style>';
 
 	echo '<h2 id="edit_header">'.$header2.' ';
-	echo '<a class="h2_filename" href="/'.URLencode_path($filename).'" target="_blank" title="'.$_['Open_View'].'">';
-	echo hte(basename($filename)).'</a>';
+	echo '<a class="h2_filename" href="/'.URLencode_path($filename).'" target="_blank" title="'.hsc($_['Open_View']).'">';
+	echo hsc(basename($filename)).'</a>';
 	echo '</h2>'.PHP_EOL;
 
 	Edit_Page_form($ext, $text_editable, $too_large_to_edit, $too_large_to_edit_message, $file_ENC);
@@ -2224,14 +2238,14 @@ function Upload_response() { //*************************************************
 		
 		if ( ($destination === false) || (($destination != "") && !is_dir($destination))) {
 			$message .= $EX.'<b>'.hsc($_['upload_msg_02']).'</b><br>';
-			$message .= '<span class="filename">'.hte($destination).'</span></b><br>';
+			$message .= '<span class="filename">'.hsc($destination).'</span></b><br>';
 			$message .= hsc($_['upload_msg_03']).'</b><br>';
 		}else{
-			$message .= '<b>'.hsc($_['upload_msg_04']).'</b> <span class="filename">'.hte($filename).'</span><br>';
+			$message .= '<b>'.hsc($_['upload_msg_04']).'</b> <span class="filename">'.hsc($filename).'</span><br>';
 			
 			if ( isset($_POST['ifexists']) && ($_POST['ifexists'] == 'overwrite') ) {
 				$savefile = $destination.$filename;
-				if (is_file($savefile)) { $savefile_msg .= $_['upload_msg_07'] ; }
+				if (is_file($savefile)) { $savefile_msg .= hsc($_['upload_msg_07']) ; }
 			}else{ //rename to "file.etc.001"  etc...
 				$savefile = ordinalize($destination, $filename, $savefile_msg);
 			}
@@ -2253,10 +2267,10 @@ function Upload_response() { //*************************************************
 function New_Page($title, $new_f_or_f) { //*********************************************
 	global $_, $FORM_COMMON, $INVALID_CHARS;
 
-	echo '<h2>'.hte($title).'</h2>';
+	echo '<h2>'.hsc($title).'</h2>';
 	echo $FORM_COMMON;
 		echo '<p>'.hsc($_['new_file_txt_01'].' '.$_['new_file_txt_02']);
-		echo '<span class="mono"> '.hte($INVALID_CHARS).'</span></p>';
+		echo '<span class="mono"> '.hsc($INVALID_CHARS).'</span></p>';
 		echo '<input type="text" name="'.$new_f_or_f.'" id="'.$new_f_or_f.'" value=""><p>';
 		Cancel_Submit_Buttons($_['Create']);
 	echo '</form>';
@@ -2275,11 +2289,11 @@ function New_response($post, $isfile){ //***************************************
 	if ($isfile) { $f_or_f = "file";   $filename  = $ipath.$new_name;     }
 	else         { $f_or_f = "folder"; $new_ipath = $ipath.$new_name.'/'; }
 
-	$msg_new  = '<span class="filename">'.hte($new_name).'</span><br>';
+	$msg_new  = '<span class="filename">'.hsc($new_name).'</span><br>';
 
 	if (has_invalid_char($new_name)){
 		$message .= $EX.'<b>'.hsc($_['new_file_msg_01']).'</b> '.$msg_new;
-		$message .= '<b>'.hsc($_['new_file_msg_02']).'<span class="mono"> '.hte($INVALID_CHARS).'</span></b>';
+		$message .= '<b>'.hsc($_['new_file_msg_02']).'<span class="mono"> '.hsc($INVALID_CHARS).'</span></b>';
 		
 	}elseif ($new_name == ""){ //No new name given.
 		$page   = "new".$f_or_f;
@@ -2357,14 +2371,14 @@ function CRM_Page($action, $title, $action_id, $old_full_name) { //*************
 	echo '<h2>'.hsc($action.' '.$title).'</h2>';
 
 	echo $FORM_COMMON;
-		echo '<input type="hidden" name="'.$action_id.'"  value="'.hsc($action_id).'">';
+		echo '<input type="hidden" name="'.hsc($action_id).'"  value="'.hsc($action_id).'">';
 		echo '<input type="hidden" name=old_full_name     value="'.hsc($old_full_name).'">';
 		
 		echo '<label>'.hsc($_['CRM_txt_04']).':</label>';
 		echo '<input type=text name=new_name class=new_name value="'.hsc(basename($new_full_name)).'"><br>';
 		
 		echo '<label>'.hsc($_['New_Location']).':</label>';
-		echo '<span class="web_root">'.hte($WEB_ROOT.$ACCESS_ROOT).'</span>';
+		echo '<span class="web_root">'.hsc($WEB_ROOT.$ACCESS_ROOT).'</span>';
 		echo '<input type=hidden name=base_location value="'.hsc($ACCESS_ROOT).'">';
 		echo '<input type=text   name=new_location  value="'.hsc($ACCESS_PATH).'"><br>';
 		
@@ -2392,9 +2406,9 @@ function CRM_response($action, $msg1, $show_message = 3){ //********************
 	$isfile = 0; if (is_file($old_full_name)) { $isfile = 1;} //File or folder?
 
 	//Common message lines
-	$com_msg  = '<div id="message_left">'.hte($_['From']).'<br>'.hte($_['To']).'</div>';
-	$com_msg .= '<b>: </b><span class="filename">'.hte($old_full_name).'</span><br>';
-	$com_msg .= '<b>: </b><span class="filename">'.hte($new_full_name).'</span><br>';
+	$com_msg  = '<div id="message_left">'.hsc($_['From']).'<br>'.hsc($_['To']).'</div>';
+	$com_msg .= '<b>: </b><span class="filename">'.hsc($old_full_name).'</span><br>';
+	$com_msg .= '<b>: </b><span class="filename">'.hsc($new_full_name).'</span><br>';
 
 	$err_msg = ''; //Error message.
 	$scs_msg = ''; //Success message.
@@ -2405,25 +2419,25 @@ function CRM_response($action, $msg1, $show_message = 3){ //********************
 	if ( Check_path($old_full_name,$show_message) === false ) {
 		$bad_name = $old_full_name;
 	}elseif ( !file_exists($old_full_name) ) {
-		$err_msg .= $EX.'<b>'.hsc($msg1.' '.$_['CRM_msg_02']).'</b><br>';
+		$err_msg .= $EX.'<b>'.hsc($msg1.' '.hsc($_['CRM_msg_02'])).'</b><br>';
 		$bad_name = $old_full_name;
 	//Check new name for invalid chars, including slashes.
 	}elseif ( has_invalid_char($new_name_only) ) {
-		$err_msg .= $EX.'<b>'.hsc($_['new_file_msg_02']).'<span class="filename"> '.hte($INVALID_CHARS).'</span></b><br>';
+		$err_msg .= $EX.'<b>'.hsc($_['new_file_msg_02']).'<span class="filename"> '.hsc($INVALID_CHARS).'</span></b><br>';
 		$bad_name = $new_name_only;
 	//Check new location for invalid chars etc.
 	}elseif ( Check_path($new_location,$show_message) === false ) {
 		$bad_name = $new_location;
 	//$new_location must already exist as a directory
 	}elseif ( ($new_location != "") && !is_dir($new_location) ) {
-		$err_msg .= $EX.'<b>'.hsc($msg1.' '.$_['CRM_msg_01']).'</b><br>';
+		$err_msg .= $EX.'<b>'.hsc($msg1.' '.hsc($_['CRM_msg_01'])).'</b><br>';
 		$bad_name = $new_location;
 	//Don't overwrite existing files.
 	}elseif ( file_exists($new_full_name) ) {
 		$bad_name = $new_full_name;
-		$err_msg .= $EX.'<b>'.hsc($msg1.' '.$_['CRM_msg_03']).'</b><br>';
+		$err_msg .= $EX.'<b>'.hsc($msg1.' '.hsc($_['CRM_msg_03'])).'</b><br>';
 	}elseif ( $action($old_full_name, $new_full_name )) {
-		$scs_msg .= '<b>'.hsc($msg1.' '.$_['successful']).'</b><br>'.$com_msg;
+		$scs_msg .= '<b>'.hsc($msg1.' '.hsc($_['successful'])).'</b><br>'.$com_msg;
 		if   ($isfile) {
 			$ipath    = $new_location;
 			$filename = $new_full_name;
@@ -2436,7 +2450,7 @@ function CRM_response($action, $msg1, $show_message = 3){ //********************
 		$err_msg .= $EX.'<b>'.hsc($_['CRM_msg_05'].' '.$msg1).'</b><br>'.$com_msg;
 	}
 	
-	if ($error && ($bad_name !='' )) { $err_msg .= '<span class="filename">'.hte($bad_name).'</span><br>'; }
+	if ($error && ($bad_name !='' )) { $err_msg .= '<span class="filename">'.hsc($bad_name).'</span><br>'; }
 
 	if ( ($show_message & 1) && $error ) { $message .= $err_msg; } //Show error message.
 	if (  $show_message & 2)             { $message .= $scs_msg; } //Show success message.
@@ -2469,14 +2483,14 @@ function Delete_response($target, $show_message=3) { //*************************
 
 	if (rDel($target)) {
 		$scs_msg .= '<b>'.hsc($_['Deleted']).':</b> ';
-		$scs_msg .= '<span class="filename">'.hte(basename($target)).'</span></br>';
+		$scs_msg .= '<span class="filename">'.hsc(basename($target)).'</span></br>';
 		$ipath  = dir_name($target); //Return to parent dir.
 		$param1 = '?i='.URLencode_path($ipath);
 		$filename = "";
 		$param2   = "";
 		$error = 0; //0= no error, 1 = an error.
 	}else { //Error
-		$err_msg .= $EX.'<b>'.hsc($_['delete_msg_03']).'</b> <span class="filename">'.hte($target).'</span><br>';
+		$err_msg .= $EX.'<b>'.hsc($_['delete_msg_03']).'</b> <span class="filename">'.hsc($target).'</span><br>';
 		$page = $_SESSION['recent_pages'][1];
 		if ($page == "edit") {
 			$filename = $target;
@@ -2511,11 +2525,11 @@ function MCD_Page($action, $page_title, $classes = '') { //*********************
 	echo '<h2>'.hsc($page_title).'</h2>';
 
 	echo '<form method="post" action="'.$ONESCRIPT.$param1.'">'.$INPUT_NUONCE;
-		echo '<input type="hidden" name="'.$action.'" value="'.$action.'">'.PHP_EOL;
+		echo '<input type="hidden" name="'.hsc($action).'" value="'.hsc($action).'">'.PHP_EOL;
 		
 		if ( ($_POST['mcdaction'] == 'copy') || ($_POST['mcdaction'] == 'move') ) {
 			echo '<label>'.hsc($_['New_Location']).':</label>';
-			echo '<span class="web_root">'.hte($WEB_ROOT.$ACCESS_ROOT).'</span>';
+			echo '<span class="web_root">'.hsc($WEB_ROOT.$ACCESS_ROOT).'</span>';
 			echo '<input type=hidden name=base_location value="'.hsc($ACCESS_ROOT).'">';
 			echo '<input type=text   name=new_location  id=new_location value="'.hsc($ACCESS_PATH).'">';
 			echo '<p>('.hsc($_['CRM_txt_02']).')</p>';
@@ -2528,11 +2542,11 @@ function MCD_Page($action, $page_title, $classes = '') { //*********************
 		$full_list = Sort_Seperate($ipath, $_POST['files']);
 		
 		echo '<table class="verify '.$classes.'">';
-		echo '<tr><th>'.$_['Selected_Files'].':</th></tr>'."\n";
+		echo '<tr><th>'.hsc($_['Selected_Files']).':</th></tr>'."\n";
 		
 		foreach($full_list as $file) {
-			if (is_dir($ipath.$file)) { echo '<tr><td>'.$ICONS['folder'].'&nbsp;'.hte($file).' /</td></tr>'; }
-			else                      { echo '<tr><td>'.hte($file).'</td></tr>'; }
+			if (is_dir($ipath.$file)) { echo '<tr><td>'.$ICONS['folder'].'&nbsp;'.hsc($file).' /</td></tr>'; }
+			else                      { echo '<tr><td>'.hsc($file).'</td></tr>'; }
 			echo '<input type=hidden  name="files[]" value="'.hsc($file).'">'."\n";
 		}
 		
@@ -2559,8 +2573,8 @@ function MCD_response($action, $msg1, $success_msg = '') { //*******************
 			$errors += Delete_response($ipath.$file, $show_message);
 		}
 	}elseif ( ($_POST['new_location'] != "") && !is_dir($_POST['new_location']) ) {
-		$message .= $EX.'<b>'.$msg1.' '.$_['CRM_msg_01'].'</b><br>';
-		$message .= '<span class="filename">'.hte($_POST['new_location']).'</span><br>';
+		$message .= $EX.'<b>'.hsc($msg1.' '.$_['CRM_msg_01']).'</b><br>';
+		$message .= '<span class="filename">'.hsc($_POST['new_location']).'</span><br>';
 		return;
 	}else { //move or rCopy
 		$mcd_ipath = $ipath; //CRM_response() changes $ipath to $new_location
@@ -2655,14 +2669,14 @@ function Respond_to_POST() { //*************************************************
 	//First, validate any $_POST'ed paths against $ACCESS_ROOT.
 	if (isset($_POST["old_full_name"]) && !Valid_Path($_POST["old_full_name"], false)) {
 		//unlikely, but just in case
-		$message .= $EX.'<b>'.$_['Invalid_path'].': </b><span class=filename>'.$_POST["old_full_name"].'</span>';
+		$message .= $EX.'<b>'.hsc($_['Invalid_path']).': </b><span class=filename>'.hsc($_POST["old_full_name"]).'</span>';
 		$VALID_POST = 0;
 		return;
 	}
 	if (isset($_POST["new_location"])) {
 		$_POST["new_location"] = $_POST['base_location'].$_POST["new_location"]; //For CRM_ & MCD_response's
 		if (!Valid_Path($_POST["new_location"], false)) {  
-			$message .= $EX.'<b>'.$_['Invalid_path'].': </b><span class=filename>'.$_POST["new_location"].'</span>';
+			$message .= $EX.'<b>'.hsc($_['Invalid_path']).': </b><span class=filename>'.hsc($_POST["new_location"]).'</span>';
 			$VALID_POST = 0;
 			return;
 		}
@@ -2807,7 +2821,7 @@ function Countdown(count, End_Time, Timer_ID, Timer_CLASS, Action){
 
 	if ( count < 1 ) {
 		if ( Action == 'LOGOUT') {
-			Timer.innerHTML = '<?php echo addslashes($_['session_expired']) ?>';
+			Timer.innerHTML = '<?php echo hsc($_['session_expired']) ?>';
 			//Load login screen, but delay first to make sure really expired:
 			setTimeout('window.location = window.location.pathname',3000); //1000 = 1 second
 		}
@@ -2878,9 +2892,9 @@ function Select_All() {
 	var select_all = document.mcdselect.select_all;
 	
 	if (select_all.checked) {
-		$select_all_label.innerHTML = '<?php echo addslashes($_['Clear_All']) ?>';
+		$select_all_label.innerHTML = '<?php echo hsc($_['Clear_All']) ?>';
 	}else{
-		$select_all_label.innerHTML = '<?php echo addslashes($_['Select_All']) ?>';
+		$select_all_label.innerHTML = '<?php echo hsc($_['Select_All']) ?>';
 	}
 
 	//Start x at 1 as files[0] is a dummy <input> used to force an array even if only one file is in a folder.
@@ -2920,17 +2934,21 @@ function Index_Page_scripts() { //**********************************************
 ?>
 <script>
 //  DIRECTORY_DATA[x] = ("type", "file name", filesize, timestamp, is_ofcms, "ext")	
-var DIRECTORY_DATA    = new Array();
+var DIRECTORY_DATA	  = new Array();
 
 var ONESCRIPT	= "<?php echo $ONESCRIPT ?>";
-var PARAM1		= "<?php echo $param1 ?>";  //capitalize here as it is a const in js.
+var PARAM1		= "<?php echo $param1 ?>";  //capitalize in js as it is used as a constant.
 
-var NORMAL			 = false; // Used in the "reverse" parameter when calling sort_DIRECTORY(),
-var REVERSE			 = true;  // such as on initial page load, and clicking "folders first".
+//a few usefull constants for using sort_DIRECTORY()
+var DESCENDING	= 0;
+var ASCENDING	= 1;
+var FLIP		= 2; //Reverse the current direction (ascending <-> descending)
+var FLIP_IF		= 3; //Flip only if new column selected.
 
-var SORT_by		     = '-1';  // Sort key (column) from DIRECTORY_DATA[x][key]: key = 1 for "file name". -1 for initial page load only.
+//A few flags for using sort_DIRECTORY(). These are not constants.
+var SORT_by		     = '1';   // Sort key (column) from DIRECTORY_DATA[x][key].
 var SORT_order       = true;  // Default to "normal" sort orders (ascending). Set to false for reverse (descending).
-var SORT_folders_1st = true;  // Default to folders first in sort order. false to not consider folders during sort.
+var SORT_folders_1st = true;  // Initially set to false =  did not consider folders during prior sort.
 
 
 
@@ -2957,40 +2975,53 @@ function Sort_Folders_First() { //************************************
 	row = 0
 	for (D = 0; D < folders.length; D++) { DIRECTORY_DATA[row++] = folders[D]; }
 	for (F = 0; F < files.length;   F++) { DIRECTORY_DATA[row++] = files[F];   }
+	
+	SORT_folders_1st = true;
 
 }//end Sort_Folders_First() //****************************************
 
 
 
 
-function sort_DIRECTORY(col, reverse) { //****************************
+function sort_DIRECTORY(col, direction) { //**************************
 
-	//DIRECTORY_DATA[x] = ("type", "file name", filesize, timestamp, is_ofcms, "ext")
-	//col: 1 for "file name", 2 for filesize, 3 for timestamp, 5 for "ext"
-	//reverse: if true, reverse current SORT_order;  if false, maintain current SORT_order
+	//sort DIRECTORY_DATA[] by col and direction
 	
- 	reverse = typeof reverse !== 'undefined' ? reverse : false; //default to maintain current SORT_order
+	//col: 1 for "file name", 2 for filesize, 3 for timestamp, 5 for "ext"
+	//derection: 0 = desending, 1 = ascending, 2 = flip, 3 = flip only if new col != SORT_by
 
-	var alpha          = false; //Set to true when sorting by filename or ext (alphabetically).
-	var $folders_first = document.getElementById('folders_first_ckbox').checked;
+	//SORT_by, SORT_order, SORT_folders_1st: values set by prior (or initial) sort.
 
-	//If same column clicked again, revserse SORT_order.
-	//Else, store new col, but don't reverse the current SORT_order.
-	if (reverse  && (col == SORT_by)) { SORT_order = !SORT_order; } //same sort col, new SORT_order
-	else							  {	SORT_by = col;			  } //new sort col, same SORT_order
+	//If needed, set default col and/or direction.
+	col = typeof col !== 'undefined' ? col : 1;
+	direction = typeof direction !== 'undefined' ? direction : ASCENDING;
 
-	if (SORT_by == 1) { alpha      = true;        } //"file name"
-	if (SORT_by == 5) { alpha      = true;        } //"ext": "txt", "gif", etc...
+	//If new sort column, sort ascending. (FLIP overides, but is not currently used.)
+	if ((col != SORT_by) && (direction != FLIP)) { direction = ASCENDING; SORT_by = col; } 
 
-	if (SORT_order){ // sort normally,
-		if (alpha)  { DIRECTORY_DATA.sort( function (a, b) {return a[col].localeCompare(b[col]);} ); } //alphabetically
-		else        { DIRECTORY_DATA.sort( function (a, b) {return a[col]       -       b[col] ;} ); } //numerically
-	} else         { // else reverse sort.
-		if (alpha)  { DIRECTORY_DATA.sort( function (b, a) {return a[col].localeCompare(b[col]);} ); } //alphabetically
-		else        { DIRECTORY_DATA.sort( function (b, a) {return a[col]       -       b[col] ;} ); } //numerically
-	}
+	//Get status of [x](folders first) checkbox
+	var folders_first_checked = document.getElementById('folders_first_ckbox').checked;
+
+	//If '[x](folders first)' is now checked, but was previously unchecked,
+	//no need to re-sort by col, just sort by folders. Otherwise, first resort by column.
+	if ( !(folders_first_checked && !SORT_folders_1st) ) { 
+		
+		if      ( direction == ASCENDING  ) { SORT_order = true;  }
+		else if ( direction == DESCENDING ) { SORT_order = false; }
+		else if ( direction == FLIP       ) { SORT_order = !SORT_order; }
+		else if ( direction == FLIP_IF    ) { SORT_order = !SORT_order; }
+		else                                { SORT_order = true; }
+		
+		if (col == 1 || col == 5) {  // If "file name" or "ext", sort alphabetically
+			if (SORT_order) { DIRECTORY_DATA.sort( function (a, b) {return a[col].localeCompare(b[col]);} ); }
+			else            { DIRECTORY_DATA.sort( function (b, a) {return a[col].localeCompare(b[col]);} ); }		
+		} else { //sort numerically
+			if (SORT_order) { DIRECTORY_DATA.sort( function (a, b) {return a[col]       -       b[col] ;} ); }
+			else            { DIRECTORY_DATA.sort( function (b, a) {return a[col]       -       b[col] ;} ); }
+		}
+	}//end if folders first only / full resort
 
-	if ($folders_first) { Sort_Folders_First(); }
+	if (folders_first_checked == true) { Sort_Folders_First(); }
 
 	Build_Directory('DIRECTORY_LISTING'); // Show directory with new sort order.
 
@@ -3045,9 +3076,9 @@ function Display_Directory_Summary(target) { //***********************
 
 	//Directory Summary
 	SUMMARY += '<td colspan=7>';
-	SUMMARY += folder_count + " <?php echo $_['folders']?>, &nbsp; ";
-	SUMMARY += total_items - folder_count + ' <?php echo $_['files']?>, ';
-	SUMMARY += '&nbsp; ' + format_number(total_bytes) + " <?php echo $_['bytes']?></td>";
+	SUMMARY += folder_count + " <?php echo hsc($_['folders']) ?>, &nbsp; ";
+	SUMMARY += total_items - folder_count + ' <?php echo hsc($_['files']) ?>, ';
+	SUMMARY += '&nbsp; ' + format_number(total_bytes) + " <?php echo hsc($_['bytes']) ?></td>";
 
 	document.getElementById(target).innerHTML = SUMMARY;  //DISPLAY DIRECTORY LISTING
 
@@ -3157,7 +3188,7 @@ function Edit_Page_scripts() { //***********************************************
 Main_div.style.width = "<?php echo $current_view ?>"; //Set current width
 
 if ( Main_div.style.width == '<?php echo $WIDE_VIEW_WIDTH ?>' ) {
-	Wide_View_button.innerHTML = '<?php echo addslashes($_['Normal_View']) ?>';
+	Wide_View_button.innerHTML = '<?php echo hsc($_['Normal_View']) ?>';
 }
 
 
@@ -3166,11 +3197,11 @@ function Wide_View() {
 	
 	if (Main_div.style.width == '<?php echo $WIDE_VIEW_WIDTH ?>') {
 		Main_div.style.width = main_width_default;
-		Wide_View_button.innerHTML = "<?php echo addslashes($_['Wide_View'])?>";
+		Wide_View_button.innerHTML = "<?php echo hsc($_['Wide_View'])?>";
 		document.cookie = 'edit_view=' + main_width_default;
 	}else{
 		Main_div.style.width = '<?php echo $WIDE_VIEW_WIDTH ?>';
-		Wide_View_button.innerHTML = '<?php echo addslashes($_['Normal_View']) ?>';
+		Wide_View_button.innerHTML = '<?php echo hsc($_['Normal_View']) ?>';
 		document.cookie = 'edit_view=<?php echo $WIDE_VIEW_WIDTH ?>';
 	}
 }
@@ -3183,7 +3214,7 @@ function Reset_file_status_indicators() {
 	Save_File_button.style.borderColor = "";
 	Save_File_button.style.borderWidth = "1px";
 	Save_File_button.disabled = "disabled";
-	Save_File_button.innerHTML = "<?php echo addslashes($_['save_1'])?>";
+	Save_File_button.innerHTML = "<?php echo hsc($_['save_1'])?>";
 	Reset_button.disabled = "disabled";
 }
 
@@ -3232,7 +3263,7 @@ function Check_for_changes(event){
 		Save_File_button.style.borderWidth = "1px";
 		Save_File_button.disabled = "";
 		Reset_button.disabled = "";
-		Save_File_button.innerHTML = "<?php echo addslashes($_['save_2'])?>";
+		Save_File_button.innerHTML = "<?php echo hsc($_['save_2'])?>";
 	}else{
 		Reset_file_status_indicators()
 	}
@@ -3291,7 +3322,7 @@ function event_scripts($form_id, $button_id, $pwun=''){ //**********************
 function events_down(event, capture_key) {if (!event) {var event = window.event;} //if IE
 	$thispage = true; //Make sure keydown was on this page.
 	if ((event.type.substr(0,3) == 'key') && (event.keyCode != capture_key)) {return true;}
-	$message_box.innerHTML = '<div id="message_box_contents"><b><?php echo $_['Working'] ?></b>';
+	$message_box.innerHTML = '<div id="message_box_contents"><b><?php echo hsc($_['Working']) ?></b>';
 }
 
 
@@ -3332,12 +3363,12 @@ function pre_validate() {
 
 	//If any field is blank..
 	if (($username.value == '') || ($pw.value == '') || ($new1.value == '') || ($new2.value == '')) {
-		$message_box.innerHTML = '<div id="message_box_contents"><b><?php echo $_['change_pw_07'] ?></b>';
+		$message_box.innerHTML = '<div id="message_box_contents"><b><?php echo hsc($_['change_pw_07']) ?></b>';
 		return false;
 	}
 	//If new & confirm new values do not match...
 	if (trim($new1.value) != trim($new2.value)) {
-		$message_box.innerHTML = '<div id="message_box_contents"><b><?php echo $_['change_pw_04'] ?></b>';
+		$message_box.innerHTML = '<div id="message_box_contents"><b><?php echo hsc($_['change_pw_04']) ?></b>';
 		return false;
 	}
 	return true;
diff --git a/readme.markdown b/readme.markdown
index 1771d2d..3d22282 100755
--- a/readme.markdown
+++ b/readme.markdown
@@ -1,4 +1,4 @@
-(Updated: 2014-02-20)
+(OnefileCMS updated: 2014-02-22)
 # OneFileCMS
 
 ## Yes, that's exactly what it is!
@@ -38,9 +38,9 @@ Coupling a utilitarian code editor with basic upload and file managing functions
 
 2) **Upload** to anywhere on your site.  
   
-3) **Log in** to OneFileCMS with the default "username" and "password".
+3) **Log in** !
 
-And, of course, change the password...
+The default login info is "username" and "password".  Of course, you'll want to change the password... and probably the username...
 
 As with any CMS, you may also have to modify the file permissions of your site's folders to allow OneFileCMS to modify and create files.  Check with your host if you're not sure, and be aware of any inherent security concerns.  
 
@@ -117,7 +117,7 @@ OneFileCMS can be configured to work with [TinyMCE](http://tinymce.moxiecode.com
 
 ##Needed/potential improvements
 
-- Figure out why it doesn't work in IE.  Most likey it's javascript related, as quite a bit of js was added for client side sorting.
+- Figure out why it doesn't work in IE.  It's probably javascript related, as a bit of js was added recently for client side sorting.
 - It's probably existed for a while, but I just noticed (v3.4.23) that, on some systems - such as Windows, OneFileCMS doesn't like non-ascii characters in file names.  A solution is in the works, but it's not quite ready for prime time...
 - With Chrome, and possibly Safari, issue with Edit page: Clicking browser [back] & then browser [forward],  with file changed and not saved. On return (after [forward] clicked), file still has changes, but indicators are green (saved/unchanged). Does not affect FF 7+ or IE 8+.
 - Issue with Chrome's XSS filter: Editing some legitimate files with OneFileCMS will trigger the filter and disable much of the javascript provided functionallity, but only while on the edit page with such a file, and only after a [Save].

From 6d75cf3ef74bcc6d4acd28f3c52df23e8d4c63ad Mon Sep 17 00:00:00 2001
From: Self-Evident <selfevidenttruths@mail.com>
Date: Thu, 6 Mar 2014 13:01:00 -0500
Subject: [PATCH 178/228] Version 3.5.02 OneFileCMS can now work with non-ASCII
 filenames:   Replaced str_******() function calls with their mb_ versions.  
 All file system calls (is_file(), file_get_contents, etc...) use $filenames  
 converted to filesystem encoding (usually ASCII/UTF-8, but not on always)  
 (And actually, only Windows is checked for currenly, else defaults to UTF-8)
 (But, OneFileCMS can not be named with non-ASCII characters. I don't know
 why.) Added Sort_and_Show() js function. General improvements to
 Get_DIRECTORY_DATA(), Index_Page(), Upload_response(),  CRM_, MCD_, & related
 functions. Renamed Send_data_to_js() to Send_data_to_js_and_display()
 Improved check for optional external files ($CONFIG_FILE, etc...) Removed
 is_empty(). Hasn't been used since v3.4.06 Moved validate_units() out of
 System_Startup(), even tho it's only used there. Renamed oridinalize() to
 add_serial_num(). New: Convert_encoding() - wrapper for mb_convert_encoding()
 Adjusted wording of $_['mcd_msg_0?'], ? = 1,2, &3 Some css tweaks &
 improvements. Increased $PRE_ITERATIONS from 200 to 1000. This will affect
 older IE, and maybe other browsers. It can, of course, be changed back it
 needed.

---
 extras/OneFileCMS.config.SAMPLE.php |  17 +-
 extras/OneFileCMS.css               |  64 ++-
 info/OneFileCMS_structure.txt       |  14 +-
 info/changelog.markdown             |  17 +-
 onefilecms.php                      | 799 +++++++++++++++-------------
 readme.markdown                     |  12 +-
 6 files changed, 531 insertions(+), 392 deletions(-)

diff --git a/extras/OneFileCMS.config.SAMPLE.php b/extras/OneFileCMS.config.SAMPLE.php
index 7e268f3..1d06717 100755
--- a/extras/OneFileCMS.config.SAMPLE.php
+++ b/extras/OneFileCMS.config.SAMPLE.php
@@ -1,28 +1,29 @@
 <?php 
 // OneFileCMS - github.com/Self-Evident/OneFileCMS
-// v3.4.23+
+// v3.5.02+
 // Sample external config file - this file is OPTIONAL.
 //
-// Basically, what follows is just a copy & paste of the OneFileCMS CONFIGURABLE INFO.
+// Basically, what follows is just a copy & paste of the OneFileCMS CONFIGURABLE INFO section.
+
 
 // CONFIGURABLE INFO ***********************************************************
 $config_title = "OneFileCMS";
 
 $USERNAME = "username";
-$HASHWORD = "cff29a3b595b427ef8d01c089d368c7706a8c68ecc75d566642e313ee97ff659"; //"password"
-//$HASHWORD = "cff29a3b595b427ef8d01c089d368c7706a8c68ecc75d566642e313ee97ff659"; //"password"
+$HASHWORD = "cff29a3b595b427ef8d01c089d368c7706a8c68ecc75d566642e313ee97ff659";
+//$HASHWORD = "18350bc2181858e679605434735b1c2db6e7e4bb72b50a6d93d9ad1362f3e1c2"; //"password" with $PRE_ITERATIONS = 1000
 $SALT     = 'somerandomsalt';
 
 $MAX_ATTEMPTS  = 3;   //Max failed login attempts before LOGIN_DELAY starts.
 $LOGIN_DELAY   = 10;  //In seconds.
 $MAX_IDLE_TIME = 600; //In seconds. 600 = 10 minutes.  Other PHP settings (like gc) may limit its max effective value.
-
+	$MAX_IDLE_TIME = 60000; //In seconds. 600 = 10 minutes.  Other PHP settings (like gc) may limit its max effective value. //##### 
 $MAIN_WIDTH    = '810px'; //Width of main <div> defining page layout.          Can be px, pt, em, or %.  Assumes px otherwise.
 $WIDE_VIEW_WIDTH = '97%'; //Width to set Edit page if [Wide View] is clicked.  Can be px, pt, em, or %.  Assumes px otherwise.
 
 $MAX_EDIT_SIZE = 200000;  // Edit gets flaky with large files in some browsers.  Trial and error your's.
 $MAX_VIEW_SIZE = 1000000; // If file > $MAX_EDIT_SIZE, don't even view in OneFileCMS.
-                          // The default max view size is completely arbitrary. Basically, it was 2am and seemed like a good idea at the time.
+                          // The default max view size is completely arbitrary. Basically, it was 2am, and seemed like a good idea at the time.
 
 $MAX_IMG_W   = 810;  //Max width (in px) to display images. (main width is 810)
 $MAX_IMG_H   = 1000; //Max height (in px).  I don't know, it just looks reasonable.
@@ -47,7 +48,7 @@
 
 $EX = '<b>( ! )</b> '; //EXclaimation point "icon" Used in $message's
 
-$SESSION_NAME = 'OFCMS'; //Name of session cookie. Change if using multiple copies of OneFileCMS.
+$SESSION_NAME = 'OFCMS'; //Name of session cookie. Change if using multiple copies of OneFileCMS concurrently.
 
 //Restrict access to a particular folder.  Leave empty for access to entire website.
 // "some/path/" is relative to root of website (with no leading slash).
@@ -58,6 +59,7 @@
 //If file is not found, or is incomplete, the built-in defaults will be used.
 //$CSS_FILE = 'OneFileCMS.css';
 
+
 //Notes for $LANGUAGE_FILE, $WYSIWYG_PLUGIN, and $CONFIG_FILE:
 //
 // Filename paths can be:
@@ -75,4 +77,5 @@
 //Name of optional external config file.  Any settings it contains will supersede those above.
 //See the sample file in the OneFileCMS github repo for format example.
 //$CONFIG_FILE = 'OneFileCMS.config.SAMPLE.php';
+
 //end CONFIGURABLE INFO ********************************************************
diff --git a/extras/OneFileCMS.css b/extras/OneFileCMS.css
index 79da4e8..3dc4277 100755
--- a/extras/OneFileCMS.css
+++ b/extras/OneFileCMS.css
@@ -1,11 +1,11 @@
 /*******************************************************************************
-Sample, OPTIONAL, external style sheet for OneFileCMS.  version 3.5
+Sample, OPTIONAL, external style sheet for OneFileCMS.  version 3.5.02+
 *******************************************************************************/
 
 /* --- reset --- */
 * { border : 0; outline: 0; margin: 0; padding: 0;
     font-family: inherit; font-weight: inherit; font-style : inherit;
-    font-size  : 100%; vertical-align: baseline; }
+    font-size  : 100%; vertical-align: baseline; outline: none; }
 
 
 /* --- general formatting --- */
@@ -125,7 +125,7 @@ table.index_T {
 
 table.index_T tr:hover {border: 1px solid #777; background-color: #EEE}
 
-table.index_T th { border: 1px inset silver; vertical-align: middle; padding-left: 4px; text-align: center;}
+table.index_T th { border: 1px inset silver; vertical-align: middle; padding: 0px ; text-align: center;}
 
 table.index_T td { border: 1px inset silver; vertical-align: middle;}
 
@@ -133,11 +133,14 @@ table.index_T td { border: 1px inset silver; vertical-align: middle;}
 
 table.index_T th:hover { background-color: white;}
 
+.index_T th a { padding: 1px 0 1px 0; border-width: 0px;}
+
 .index_T th.file_name   { text-align: left; }
-.index_T th.file_name a { display: inline-block; padding: 0 3em 0 2em;}
-#sort_type { display: inline-block; padding: 0 0em 0 0em;}
+.index_T th.file_name a { display: inline-block; padding: 1px 3em 1px 2em; border-top-width: 0px; border-bottom-width: 0px;}
+#name_header {border-width: 0 1px 0 1px;}
 .index_T th.file_size a { display  : block; }
 .index_T th.file_time a { display  : block; }
+#sort_type {float: right; padding: 1px 5px 1px 4px; border-width: 0px 0 0 1px;}
 
 
 .file_name { min-width: 10em; max-width: 26em; }
@@ -149,7 +152,7 @@ table.index_T th:hover { background-color: white;}
 	text-align    : right;
 	font-family   : courier;
     font-size     : .9em;
-	color         : #333;
+	color         : #222;
 	}
 
 
@@ -176,24 +179,34 @@ table.index_T th:hover { background-color: white;}
 	background-color: #EEE;
 	}
 
-a { border: 1px solid transparent; color: rgb(100,45,0); text-decoration: none; }
+
+/*These must go after .front_links and other style that affect <a> tags*/
+a { border: 1px solid transparent; text-decoration: none; }  /*color: rgb(100,45,0);*/
 a:focus  { border: 1px solid #807568; background-color: rgb(255,250,150); }
 a:hover  { border: 1px solid #807568; background-color: rgb(255,250,150); }
 a:active { border: 1px solid #807568; background-color: rgb(245,245,50);  }
 
+
 /*** Select All [x]  [Move] [Copy] [Delete] ***/
 
-#select_all_th { min-width: 60px ; max-width: 70px; text-align: right; padding:  0 3px 0 0px; } /*TRBL*/
+#select_all_th { min-width: 60px ; max-width: 70px; text-align: right; padding:  0 0px 0 0px; } /*TRBL*/
+
+#select_all {margin: 3px 0 0 0;}  /*checkbox*/
+#folders_first_ckbox {margin: 2px 0 0px 4px;}  /*checkbox*/
 
 #select_all_label { 
-	Xdisplay: inline-block;     /* //##### when select all was above table, not in it*/
 	font   : 400 .84em arial;
-	Xwidth  : 72px;			    /* //##### when select all was above table, not in it*/
-	Xpadding: 2px 0 0 2px;      /* //##### when select all was above table, not in it*/
 	color  : #333;
-	cursor:pointer;
+	cursor : pointer;
+	border-right: solid transparent 1px;
+	Xdisplay: inline-block;     /* //#### when select all was above table, not in it*/
+	Xwidth  : 72px;			    /* //#### when select all was above table, not in it*/
+	padding: 2px 2px 1px 2px;
 	}
 
+#select_all_label:hover  { border: 1px solid #807568; background-color: rgb(255,250,150); }
+#select_all_label:hover  { border-top-width: 0; border-bottom-width: 0; }
+
 #mcd_submit button {
 	height   : 1.55em;
 	cursor   : pointer;
@@ -387,5 +400,28 @@ input[type="text"].new_name {width  : 50%; margin-bottom: .2em;}
 .ren_over label {font-weight: normal}
 
 #DIRECTORY_FOOTER td {text-align: center; font-size: .9em; color: #333; }
-#folders_first_label {font-size: .9em; font-weight: normal; color: #333; margin: 0 0 0 0 ;} /*TRBL*/
-#folders_first_label:hover {background-color: rgb(255,250,150); cursor:pointer;}
+
+#folders_first_label {
+	border: solid 1px transparent;
+	font-size: .9em;
+	font-weight: normal;
+	color: #333; margin: 0;
+	padding: 2px 0 1px 0;
+}
+
+#folders_first_label:hover {border: solid 1px #807568; background-color: rgb(255,250,150); cursor:pointer;}
+#folders_first_label:focus {border: solid 1px #807568; background-color: rgb(255,250,150);}
+
+#path_header { background-color:white; border: solid 1px #807568; padding: 0; font-weight: normal; }
+
+#path_header a {
+	outline: none;
+	border: none;
+	border-left : solid 1px transparent;
+	border-right: solid 1px transparent;
+	display: inline-block;
+	padding: 1px 5px 0 5px;
+}
+
+#path_header a:hover{ border-left : solid 1px #807568; border-right: solid 1px #807568; background-color: rgb(255,250,150); }
+#path_header a:focus{ border-left : solid 1px #807568; border-right: solid 1px #807568; background-color: rgb(255,250,150); }
diff --git a/info/OneFileCMS_structure.txt b/info/OneFileCMS_structure.txt
index 334d613..9dd4f6b 100755
--- a/info/OneFileCMS_structure.txt
+++ b/info/OneFileCMS_structure.txt
@@ -1,4 +1,4 @@
-OneFileCMS Version 3.501 structure/layout
+OneFileCMS Version 3.5.02 structure/layout
 
 LICENSE
 
@@ -8,8 +8,9 @@ CONFIGURATION SECTION
 
 MISC FUNCTIONS:
 	System_setup()
+	validate_units()
 	hsc()
-	hte()
+	Convert_encoding()
 	Default_Language()
 	Session_Startup()
 	Verify_IDLE_POST_etc()
@@ -26,7 +27,6 @@ MISC FUNCTIONS:
 	URLencode_path()
 	dir_name()
 	Check_path()
-	is_empty()
 	Sort_Seperate()
 	ordinalize()
 	supports_svg()
@@ -61,7 +61,7 @@ PAGE & RESPONSE FUNCTIONS:
 	Login_response()
 	Create_Table_for_Listing()
 	Get_DIRECTORY_DATA()
-	Send_data_to_js()
+	Send_data_to_js_and_display()
 	Index_Page_buttons_top()
 	Index_Page()
 	Edit_Page_buttons_top()
@@ -99,10 +99,11 @@ JAVASCRIPT FUNCTIONS:
 		Confirm_Submit()
 	Index_Page_scripts()
 		Sort_FOlder_First()
-		Sort_DIRECTORY()
+		sort_DIRECTORY()
 		Assemble_row()
-		Display_Directory_Summary()
+		Directory_Summary()
 		Build_Directory
+		Sort_and_Show()
 	Edit_Page_scripts()
 		Wide_View()
 		Reset_file_status_indicators()
@@ -120,6 +121,7 @@ JAVASCRIPT FUNCTIONS:
 STYLESHEET FUNCTIONS:
 	style_sheet()
 	Language_and_config_adjusted_styles()
+	Load_style_sheet()
 
 LOGIC TO DETERMINE PAGE ACTION
 	Load Default_Language()
diff --git a/info/changelog.markdown b/info/changelog.markdown
index bc11a96..b5b76a3 100755
--- a/info/changelog.markdown
+++ b/info/changelog.markdown
@@ -1,14 +1,21 @@
 # OneFileCMS Change Log
 
+### v3.5.02 (March 6, 2014)
+
+- OneFileCMS can now work with non-ASCII filenames.
+- (But, OneFileCMS itself can not be named with non-ASCII characters. I don't know why.)
+- Increased $PRE_ITERATIONS from 200 to 1000.  This will affect, at least, older IE's, and maybe other browsers as well. For instance, it takes IE8 37 times longer to perform the "pre-iterations" than Firefox.  In anycase, it can, of course, be changed back if needed.  
+  (However, OneFileCMS does not currenly work in IE, so it's kinda academic for now.)
+- Some css tweaks & improvements.
+
 ### v3.5.01 (February 22, 2014)
 
 - Mostly behind the scenes stuff...
-- Replaced use of htmlentities() (hte()) with htmlspecialchars() (hsc()).  With UTF-8, htmlentites() is superluous.
+- Replaced use of htmlentities() with htmlspecialchars().  With UTF-8, htmlentites() is superfluous.
 - Added hsc() to s number of strings where should have already been.
 - Changed directory sort function a bit. Note: when selecting/deselecting the 'folders first' option, the primary sort will be the last sorted column.
-- Split out a new function, Send_data_to_js(), from Index_Page().
-- Also, in prep for an upcoming update, tagged several places (with //##### ) where file system calls are made. The $filename strings used in the calls may need to be encoded with something   other than UTF-8, depending on the underlying OS's filesystem. 
-    (such as NTFS, which uses UTF-16)
+- Split out a new function, Send\_data\_to\_js(), from Index\_Page().
+- Also, in prep for an upcoming update, tagged several places (with //##### ) where file system calls are made. The $filename strings used in the calls may need to be encoded with something other than UTF-8, depending on the underlying OS's filesystem. (such as NTFS, which uses UTF-16)
 
 ### v3.5 (February 19, 2014)
 
@@ -17,7 +24,7 @@
 - In accomplishing the above, most sorting moved client side.  This permits resorts without another server hit.
 - Added & tweaked some css...
 - Slight restructure of the repo (ie: move a few "extras" files around).
-- NOTE:  versions 3.4.23 & 3.4.24 DO NOT WORK IN IE!  I don't know why yet, mostly likely js related.
+- NOTE:  versions 3.4.23 and later DO NOT WORK IN IE!  I don't know why yet, mostly likely js related.
 
 ### v3.4.23 (February 12, 2014)
 
diff --git a/onefilecms.php b/onefilecms.php
index 8811750..e176a14 100755
--- a/onefilecms.php
+++ b/onefilecms.php
@@ -1,7 +1,7 @@
 <?php mb_internal_encoding('utf-8');
 // OneFileCMS - github.com/Self-Evident/OneFileCMS
 
-$OFCMS_version = '3.5.01';
+$OFCMS_version = '3.5.02';
 
 /*******************************************************************************
 Except where noted otherwise:
@@ -80,8 +80,8 @@
 $config_title = "OneFileCMS";
 
 $USERNAME = "username";
-$HASHWORD = "cff29a3b595b427ef8d01c089d368c7706a8c68ecc75d566642e313ee97ff659"; //"password"
-//$HASHWORD = "cff29a3b595b427ef8d01c089d368c7706a8c68ecc75d566642e313ee97ff659"; //"password"
+$HASHWORD = "18350bc2181858e679605434735b1c2db6e7e4bb72b50a6d93d9ad1362f3e1c2";
+//$HASHWORD = "18350bc2181858e679605434735b1c2db6e7e4bb72b50a6d93d9ad1362f3e1c2"; //"password" with $PRE_ITERATIONS = 1000
 $SALT     = 'somerandomsalt';
 
 $MAX_ATTEMPTS  = 3;   //Max failed login attempts before LOGIN_DELAY starts.
@@ -129,6 +129,7 @@
 //If file is not found, or is incomplete, the built-in defaults will be used.
 //$CSS_FILE = 'OneFileCMS.css';
 
+
 //Notes for $LANGUAGE_FILE, $WYSIWYG_PLUGIN, and $CONFIG_FILE:
 //
 // Filename paths can be:
@@ -146,6 +147,7 @@
 //Name of optional external config file.  Any settings it contains will supersede those above.
 //See the sample file in the OneFileCMS github repo for format example.
 //$CONFIG_FILE = 'OneFileCMS.config.SAMPLE.php';
+
 //end CONFIGURABLE INFO ********************************************************
 
 
@@ -160,19 +162,18 @@ function System_Setup() { //****************************************************
 	$LANGUAGE_FILE, $ACCESS_ROOT, $ACCESS_ROOT_len, $WYSIWYG_PLUGIN, $WYSIWYG_VALID, 
 	$TO_WARNING, $INVALID_CHARS, $WHSPC_SLASH, $VALID_PAGES, 
 	$ONESCRIPT,  $ONESCRIPT_file, $ONESCRIPT_backup, $ONESCRIPT_file_backup, 
-	$CONFIG_backup, $CONFIG_FILE,$CONFIG_FILE_backup, $VALID_CONFIG_FILE, 
-	$DOC_ROOT, $WEB_ROOT, $WEBSITE, $PRE_ITERATIONS, $EX, $message,
-	$CLIENT_OS, $ENC_OS, $ENC_UA;
-
-$ENC_OS = 'UTF-8'; //Operating System (Default).  For Windows, use Windows-1252 or ISO-8859-1.
-$ENC_UA = 'UTF-8'; //User Agent - for general use & display.
+	$CONFIG_backup, $CONFIG_FILE, $CONFIG_FILE_backup, $VALID_CONFIG_FILE, 
+	$DOC_ROOT, $WEB_ROOT, $WEBSITE, $PRE_ITERATIONS, $EX, $message, $ENC_OS;
 
-$CLIENT_OS = php_uname("s"); //Needed when accessing non-ascii/UTF-8 filenames.
-if ($CLIENT_OS == 'Windows NT') {$ENC_OS = 'Windows-1252';} 
+mb_detect_order("UTF-8, ASCII, Windows-1252, ISO-8859-1"); 
 
-mb_detect_order("UTF-8, Windows-1252, ISO-8859-1, ASCII");
+//Get server's File System encoding.  Windows NTFS uses ISO-8859-1 or Windows-1252.
+//Needed when working with non-ascii filenames.
+if (php_uname("s") == 'Windows NT') {$ENC_OS = 'Windows-1252';}
+else								{$ENC_OS = 'UTF-8';}
 
 $DOC_ROOT = $_SERVER['DOCUMENT_ROOT'].'/'; //root folder of website.
+$DOC_ROOT_OS = Convert_encoding($DOC_ROOT);
 
 //Allow OneFileCMS.php to be started from any dir on the site.
 //This also effects the path in an include("path/somefile.php")
@@ -190,57 +191,60 @@ function System_Setup() { //****************************************************
 $ONESCRIPT_file_backup = $ONESCRIPT_file.'.BACKUP.php';  //used for p/w & u/n updates.
 $LOGIN_ATTEMPTS        = $ONESCRIPT_file.'.invalid_login_attempts'; //Non-url file system use.
 
-//If specified & found, include external config file. Otherwise clear it.
+
+//If specified & found, include $CONFIG_FILE.
 $VALID_CONFIG_FILE = 0;
-if     (!isset($CONFIG_FILE)) { $CONFIG_FILE = ''; }
-elseif ( isset($CONFIG_FILE) && is_file($CONFIG_FILE) ) {
-	$VALID_CONFIG_FILE = 1;
-	include($CONFIG_FILE);
-	$CONFIG_backup         = URLencode_path($CONFIG_FILE).'.BACKUP.php'; //used for p/w & u/n updates.
-	$CONFIG_FILE_backup    = $CONFIG_FILE.'.BACKUP.php';                 //used for p/w & u/n updates.
-}
-elseif ( isset($CONFIG_FILE) && !is_file($CONFIG_FILE) ) {
-	$message .= $EX.'<b>$CONFIG_FILE '.hsc($_['Not_found']).':</b> '.$CONFIG_FILE.'<br>';
-	$message .= '<b>getcwd() == </b>'.hsc(getcwd()).'<br>';
-	$CONFIG_FILE = '';
+if (isset($CONFIG_FILE)) {
+	$CONFIG_FILE_OS = Convert_encoding($CONFIG_FILE);
+	if (is_file($CONFIG_FILE_OS)) { 
+		$VALID_CONFIG_FILE = 1;
+		include($CONFIG_FILE_OS);
+		$CONFIG_backup      = URLencode_path($CONFIG_FILE).'.BACKUP.php'; //used for p/w & u/n updates.
+		$CONFIG_FILE_backup = $CONFIG_FILE.'.BACKUP.php';                 //used for p/w & u/n updates.
+	}
+	else {
+		$message .= $EX.'<b>$CONFIG_FILE '.hsc($_['Not_found']).':</b> '.$CONFIG_FILE.'<br>';
+		$CONFIG_FILE = $CONFIG_FILE_OS = '';
+	}
 }
 
 
-//If specified, check for & load external $LANGUAGE_FILE
-if ( isset($LANGUAGE_FILE) && is_file($LANGUAGE_FILE) ) { include($LANGUAGE_FILE); }
+//If specified, check for & load $LANGUAGE_FILE
+if (isset($LANGUAGE_FILE)) {
+	$LANGUAGE_FILE_OS = Convert_encoding($LANGUAGE_FILE);
+	if (is_file($LANGUAGE_FILE_OS)) {include($LANGUAGE_FILE_OS);}
+}
 
 
-//If specified, validate $WYSIWYG_PLUGIN. Actual include is at end of OneFileCMS.
+//If specified, validate $WYSIWYG_PLUGIN. Actual include() is at end of OneFileCMS.
 $WYSIWYG_VALID = 0; //Default to invalid.
-if ( isset($WYSIWYG_PLUGIN) && is_file($WYSIWYG_PLUGIN) ) { $WYSIWYG_VALID = 1; }
+if (isset($WYSIWYG_PLUGIN)) {
+	$WYSIWYG_PLUGIN_OS = Convert_encoding($WYSIWYG_PLUGIN); //Also used for include()
+	if (is_file($WYSIWYG_PLUGIN_OS)) { $WYSIWYG_VALID = 1; }
+}
 
 
-//If specified, clean up & validate $ACCESS_ROOT.
+//If specified, clean up & validate $ACCESS_ROOT
 if (!isset($ACCESS_ROOT)) { $ACCESS_ROOT = ''; } //At least make sure it's set.
-if (!is_dir($_SERVER['DOCUMENT_ROOT'].'/'.$ACCESS_ROOT) || (Check_path($ACCESS_ROOT,1) === false) ) {
-	$message .= $EX.'<b>$ACCESS_ROOT '.hsc($_['Invalid_path']).': </b>'.$ACCESS_ROOT.'<br>';
-	$ACCESS_ROOT = '';
+$ACCESS_ROOT_OS = Convert_encoding($ACCESS_ROOT);
+
+if (!is_dir($DOC_ROOT_OS.$ACCESS_ROOT_OS) || (Check_path($ACCESS_ROOT,1) === false) ) {
+	$message .= __LINE__.$EX.'<b>$ACCESS_ROOT '.hsc($_['Invalid_path']).': </b>'.$ACCESS_ROOT.'<br>';
+	$ACCESS_ROOT = $ACCESS_ROOT_OS = '';
+}
+if ($ACCESS_ROOT != '') {
+	$ACCESS_ROOT = trim($ACCESS_ROOT, ' /').'/'; //make sure only a single trailing '/'
+	$ACCESS_ROOT_OS = Convert_encoding($ACCESS_ROOT);
 }
-if ($ACCESS_ROOT != '') { $ACCESS_ROOT = trim($ACCESS_ROOT, ' /').'/';}
 $ACCESS_ROOT_enc = mb_detect_encoding($ACCESS_ROOT);
 $ACCESS_ROOT_len = mb_strlen($ACCESS_ROOT, $ACCESS_ROOT_enc);
 
 
-function validate_units($cssvalue) { //****************
-	//Determine if valid units are set for $cssvalue:  px, pt, em, or %.
-	$main_units   = substr($cssvalue, -2); 
-	if ( ($main_units != "px") && ($main_units != "pt") && ($main_units != "em") && (substr($cssvalue, -1) != '%')) {
-		$cssvalue = ($cssvalue * 1).'px';   //If not, assume px.
-	}
-	return $cssvalue;
-}//end valid_units() //********************************
-
 $MAIN_WIDTH      = validate_units($MAIN_WIDTH);
-
 $WIDE_VIEW_WIDTH = validate_units($WIDE_VIEW_WIDTH);
 
 
-//Requires PHP 5.1, due to changes in some functions.
+//Requires PHP 5.1 or newer, due to changes in some functions.
 define('PHP_VERSION_ID_REQUIRED',50100);   //Ex: 5.1.23 is 50123
 define('PHP_VERSION_REQUIRED'  ,'5.1 + '); //Used in exit() message.
 
@@ -263,41 +267,54 @@ function validate_units($cssvalue) { //****************
 //First, remove spaces and make lowercase (for *types).
 $SHOWALLFILES = $stypes = false;
   if ($config_stypes == '*') { $SHOWALLFILES = true; }
-  else { $stypes   = explode(',', strtolower(str_replace(' ', '', $config_stypes))); }//shown file types
-$etypes   = explode(',', strtolower(str_replace(' ', '', $config_etypes))); //editable file types
-$itypes   = explode(',', strtolower(str_replace(' ', '', $config_itypes))); //images types to display
-$ftypes   = explode(',', strtolower(str_replace(' ', '', $config_ftypes))); //file types with icons
-$fclasses = explode(',', strtolower(str_replace(' ', '', $config_fclass))); //for file types with icons
+  else { $stypes   = explode(',', mb_strtolower(str_replace(' ', '', $config_stypes))); }//shown file types
+$etypes   = explode(',', mb_strtolower(str_replace(' ', '', $config_etypes))); //editable file types
+$itypes   = explode(',', mb_strtolower(str_replace(' ', '', $config_itypes))); //images types to display
+$ftypes   = explode(',', mb_strtolower(str_replace(' ', '', $config_ftypes))); //file types with icons
+$fclasses = explode(',', mb_strtolower(str_replace(' ', '', $config_fclass))); //for file types with icons
 $excluded_list = explode(',', str_replace(' ', '', $config_excluded));
 
 //Used in hashit() and js_hash_scripts().  IE<9 is WAY slow, so keep it low.
 //For 200 iterations: (time on IE8) > (37 x time on FF). And the difference grows with the iterations.
 //If you change this, or any other aspect of either hashit() or js_hash_scripts(), do so while logged in.
 //Then, manually update your password as instructed on the Admin/Generate Hash page.
-$PRE_ITERATIONS = 200;
+$PRE_ITERATIONS = 1000;
 }//end  System_Setup() //*******************************************************
 
 
 
 
-//#####  #######################################################################
-//Regarding hsc() & hte():
-//Using mb_detect_encoding() (partly) solves an issue on my XP based test setup.
-//But, mb_detect_encoding() may return ASCII, which htmlentities/speicalchars don't recognize.
-//So, just change $enc to UTF-8, of which ASCII is a subset.
-//Additionally, since everything is displayed in UTF-8, use of htmlentities() is superfluous,
-//and was replaced with just htmlspecialchars() / hsc() in v3.5.01
-//#####  #######################################################################
+function validate_units($cssvalue) { //*****************************************
+	//Determine if valid units are set for $cssvalue:  px, pt, em, or %.
+	$main_units   = mb_substr($cssvalue, -2); 
+	if ( ($main_units != "px") && ($main_units != "pt") && ($main_units != "em") && (mb_substr($cssvalue, -1) != '%')) {
+		$cssvalue = ($cssvalue * 1).'px';   //If not, assume px.
+	}
+	return $cssvalue;
+}//end valid_units() //*********************************************************
+
+
+
 
 function hsc($input) { //*******************************************************
-	$enc = mb_detect_encoding($input);
-	if ($enc == 'ASCII') {$enc = 'UTF-8';}
+	$enc = mb_detect_encoding($input); //It should always be UTF-8 (or ASCII), but, just in case...
+	if ($enc == 'ASCII') {$enc = 'UTF-8';} //htmlspecialchars() doesn't recognize "ASCII"
 	return htmlspecialchars($input, ENT_QUOTES, $enc);
 }//end hsc() //*****************************************************************
 
 
 
 
+function Convert_encoding($string, $to_enc = "") { //***************************
+	global $ENC_OS;
+								  //mb_convert_encoding($string, $to_enc, $from_enc)
+	if ($to_enc == 'UTF-8') {return mb_convert_encoding($string, 'UTF-8', $ENC_OS);} // Convert to UTF-8
+	else  /* default */		{return mb_convert_encoding($string, $ENC_OS, 'UTF-8');} // Convert to server's/OS's filesystem enc
+}//end Convert_encoding() //****************************************************
+
+
+
+
 function Default_Language() { // ***********************************************
 	global $_;
 // OneFileCMS Language Settings v3.5.01
@@ -326,7 +343,7 @@ function Default_Language() { // ***********************************************
 $_['image_info_font_size']   = '1em';    //show_img_msg_01  &  _02
 $_['image_info_pos']         = '';       //If 1 or true, moves the info down a line for more space.
 $_['select_all_label_size']  = '.84em';  //Font size of $_['Select_All']
-$_['select_all_label_width'] = '72px';   //Width of space for $_['Select_All']
+$_['select_all_label_width'] = '72px';   //Width of space for $_['Select_All'] //As of 3.4.23, not currently used.
 $_['HTML']    = 'HTML';
 $_['WYSIWYG'] = 'WYSIWYG';
 $_['Admin']   = 'Admin';
@@ -527,9 +544,9 @@ function Default_Language() { // ***********************************************
 $_['change_un_01'] = 'Username changed!';
 $_['change_un_02'] = 'Username NOT changed.';
 $_['update_failed'] = 'Update failed - could not save file.';
-$_['mcd_msg_01'] = 'files moved.';
-$_['mcd_msg_02'] = 'files copied.';
-$_['mcd_msg_03'] = 'files deleted.';
+$_['mcd_msg_01'] = 'file(s) and/or folder(s) moved.';  //#####
+$_['mcd_msg_02'] = 'file(s) and/or folder(s) copied.'; //#####
+$_['mcd_msg_03'] = 'file(s) and/or folder(s) deleted.'; //#####
 }//end Default_Language() //****************************************************
 
 
@@ -663,7 +680,7 @@ function Error_reporting_status_and_early_output($show_status = 0, $show_types =
 	}//end if (error reporting on)
 
 	//$early_output is contents of ob_get_clean(), just before page output.
-	if (strlen($early_output) > 0 ) {
+	if (mb_strlen($early_output) > 0 ) {
 		echo '<pre style="background-color: #F00; border: 0px solid #F00;"><b>';
 		echo hsc($_['error_reporting_05']).'</b> ';
 		echo hsc($_['error_reporting_06']).'<b>:</b> ';
@@ -744,16 +761,15 @@ function Validate_params() { //*************************************************
 
 function Valid_Path($path, $gotoroot=true) { //*********************************
 	//$gotoroot: if true, return to index page of $ACCESS_ROOT.
-	global  $ipath, $filename, $page, $param1, $param2, $param3, $ACCESS_ROOT, $ACCESS_ROOT_len, $message;
+	global  $ipath, $ipath_OS, $filename, $page, $param1, $param2, $param3, $ACCESS_ROOT, $ACCESS_ROOT_len, $message;
 	
 	//Limit access to the folder $ACCESS_ROOT:
 	//$ACCESS_ROOT = some/root/path/
-	//$path1       = some/root/path/...(or deeper)   : good
-	//$path2       = some/root/                      : bad
-	//$path3       = some/other/path/                : bad
+	//$path        = some/root/path/...(or deeper)   : good
+	//$path        = some/root/                      : bad
+	//$path        = some/other/path/                : bad
 
-	$path_enc     = mb_detect_encoding($path);
-	$path_len     = mb_strlen($path, $path_enc);
+	$path_len     = mb_strlen($path);
 
 	$path_root    = mb_substr($path, 0, $ACCESS_ROOT_len);
 
@@ -764,14 +780,14 @@ function Valid_Path($path, $gotoroot=true) { //*********************************
 		$ACCESS_ROOT == '';
 		return true;
 	}
-
 	elseif ( $path_len <  $ACCESS_ROOT_len ) { $good_path = false; }
-	else                          { $good_path = ($path_root == $ACCESS_ROOT); }
+	else                                     { $good_path = ($path_root == $ACCESS_ROOT); }
 
 	if (!$good_path && $gotoroot) {
 		$ipath    = $ACCESS_ROOT;
+		$ipath_OS = Convert_encoding($ipath);
 		$filename = '';
-		//$page     = 'index';  //##### If set to index here, can't logout.
+		//$page     = 'index';  //#### If set to index here, can't logout.
 		$param1   = '?i='.$ipath;
 		$param2   = '';
 		$param3   = '';
@@ -786,26 +802,30 @@ function Valid_Path($path, $gotoroot=true) { //*********************************
 
 
 function Get_GET() { //*** Get main parameters *********************************
-	global $_, $ipath, $filename, $page, $VALID_PAGES, $EX, $message;
-	// i=some/path/,  f=somefile.xyz,  p=somepage
-	// $ipath      ,  $filename     ,  $page
+	global $_, $ipath, $ipath_OS, $filename, $filename_OS, $page, $VALID_PAGES, $EX, $message;
+	// i=some/path/,  f=somefile.xyz,          p=somepage
+	// $ipath = i  ,  $filename = $ipath.f  ,  $page = p
+	//   (NOTE: in some functions $filename = just the file's name, ie: $_GET['f'], with no path/)
+	//#####  (Normalize $filename program-wide??)
 	// Perform initial, basic, validation.
 	// Get_GET() should not be called unless $_SESSION['valid'] == 1 (or true)
 
 	//Initialize & validate $ipath
+	$ipath = $ipath_OS = "";
 	if (isset($_GET["i"])) {
 		$ipath = Check_path($_GET["i"],1);
-		if ( $ipath === false || !is_dir($ipath)) { $ipath = ''; }
-	}else {
-		$ipath = "";
+		$ipath_OS = Convert_encoding($ipath);
+		if ( $ipath === false || !is_dir($ipath_OS)) { $ipath = $ipath_OS = ''; }
 	}
 
 	//Initialize & validate $filename
 	if (isset($_GET["f"])) { $filename = $ipath.$_GET["f"]; } else { $filename = ""; }
-	if ( ($filename != "") && !is_file($filename)  ) {
+	
+	$filename_OS = Convert_encoding($filename);
+	if ( ($filename != "") && !is_file($filename_OS)  ) {
 		$message .= $EX.'<b>'.hsc($_['get_get_msg_01']).'</b> ';
 		$message .= hsc(dir_name($filename)).'<b>'.hsc(basename($filename)).'</b><br>';
-		$filename = "";
+		$filename = $filename_OS = "";
 	}
 
 	//Initialize & validate $page
@@ -820,7 +840,7 @@ function Get_GET() { //*** Get main parameters *********************************
 
 
 function Verify_Page_Conditions() { //******************************************
-	global $_, $ONESCRIPT_file, $ipath, $param1, $filename, $page, $EX, $message, $VALID_POST;
+	global $_, $ONESCRIPT_file, $ipath, $ipath_OS, $param1, $filename, $page, $EX, $message, $VALID_POST;
 
 	//If exited admin pages, restore $ipath 
 	if    ( ($page == "index") && $_SESSION['admin_page'] ) {
@@ -847,7 +867,8 @@ function Verify_Page_Conditions() { //******************************************
 	//Prep MCD_Page() to delete a single folder selected via (x) icon on index page.
 	elseif ($page == "deletefolder") {
 		$_POST['files'][1]  = basename($ipath); //Must precede next line (change of $ipath).
-		$ipath = dir_name($ipath);
+		$ipath    = dir_name($ipath);
+		$ipath_OS = Convert_encoding($ipath);
 		$param1 = '?i='.$ipath;
 	}
 	//There must be at least one 'file', and 'mcdaction' must = "move", "copy", or "delete"
@@ -872,7 +893,7 @@ function has_invalid_char($string) { //*****************************************
 	global $INVALID_CHARS;
 	$INVALID_CHARS_array = explode(' ', $INVALID_CHARS);
 	foreach ($INVALID_CHARS_array as $bad_char) {
-		if (strpos($string, $bad_char) !== false) { return true; }
+		if (mb_strpos($string, $bad_char) !== false) { return true; }
 	}
 	return false;
 }//end has_invalid_char() //****************************************************
@@ -883,7 +904,7 @@ function has_invalid_char($string) { //*****************************************
 function URLencode_path($path){ // don't encode the forward slashes ************
 	$path = str_replace('\\','/',$path);   //Make sure all forward slashes.
 	$TS = '';  // Trailing Slash/
-	if (substr($path, -1) == '/' ) { $TS = '/'; } //start with a $TS?
+	if (mb_substr($path, -1) == '/' ) { $TS = '/'; } //start with a $TS?
 	$path_array = explode('/',$path);
 	$path = "";
 	foreach ($path_array as $level) { $path .= rawurlencode($level).'/'; }
@@ -948,19 +969,7 @@ function Check_path($path, $show_msg = false) { //******************************
 
 
 
-//##### 
-function is_empty($path){ //****************************************************
-	if ($path == "") {$path = '.';}
-	$empty = false;
-	$dh = opendir($path);
-	for($i = 3; $i; $i--) { $empty = (readdir($dh) === FALSE); }
-	closedir($dh);
-	return $empty;
-}//end is_empty() //************************************************************
-
-
 
-//##### 
 function Sort_Seperate($path, $full_list){ //***********************************
 	//Sort list, then seperate folders & files
 
@@ -970,8 +979,9 @@ function Sort_Seperate($path, $full_list){ //***********************************
 	$F=1; $D=1;  //indexes
 	foreach( $full_list as $item ) {
 		if ( ($item == '.') || ($item == '..') || ($item == "")){ continue; }
-		if (is_dir($path.$item)) { $folders[$D++] = $item; }
-		else                     { $files[$F++]   = $item; }
+		$fullpath_OS = Convert_encoding($path.$item);
+		if (is_dir($fullpath_OS)) { $folders[$D++] = $item; }
+		else                      { $files[$F++]   = $item; }
 	}
 	
 	return array_merge($folders, $files);
@@ -979,27 +989,31 @@ function Sort_Seperate($path, $full_list){ //***********************************
 
 
 
-//##### 
-function ordinalize($destination,$filename, &$msg) { //*************************
-//if file_exists(file.txt), ordinalize filename until it doesn't
-//ie: file.txt.001,  file.txt.002, file.txt.003  etc...
+
+function add_serial_num($filename, &$msg) { //**********************************
+	//if file_exists(file.txt), add serial# to filename until it doesn't
+	//ie: file.txt.001,  file.txt.002, file.txt.003  etc...
 	global $_, $EX;
 
 	$ordinal   = 0;
-	$savefile = $destination.$filename;
 
-	if (file_exists($savefile)) {
+	//Convert $filename to server's File Syetem encoding
+	$savefile    = $filename;
+	$savefile_OS = Convert_encoding($savefile);
+
+	if (file_exists($savefile_OS)) {
 		
 		$msg .= $EX.hsc($_['ord_msg_01']).'<br>';
 		
-		while (file_exists($savefile)) {
+		while (file_exists($savefile_OS)) {
 			$ordinal = sprintf("%03d", ++$ordinal); //  001, 002, 003, etc...
-			$savefile = $destination.$filename.'.'.$ordinal;
+			$savefile = $filename.'.'.$ordinal;
+			$savefile_OS = Convert_encoding($savefile);
 		}
 		$msg .= '<b>'.hsc($_['ord_msg_02']).':</b> <span class="filename">'.hsc(basename($savefile)).'</span>';
 	}
 	return $savefile;
-}//end ordinalize() //**********************************************************
+}//end add_serial_num() //******************************************************
 
 
 
@@ -1008,10 +1022,10 @@ function supports_svg() { //****************************************************
 	//IE < 9 is the only browser checked for currently.
 	//EX: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0)
 	$USER_AGENT = $_SERVER['HTTP_USER_AGENT'];
-	$pos_MSIE   = strpos($USER_AGENT, 'MSIE ');
+	$pos_MSIE   = mb_strpos($USER_AGENT, 'MSIE ');
 	$old_ie     = false;
 	if ($pos_MSIE !== false) {
-		$ie_ver = substr($USER_AGENT, ($pos_MSIE+5), 1);
+		$ie_ver = mb_substr($USER_AGENT, ($pos_MSIE+5), 1);
 		$old_ie = ( $ie_ver < 9 );
 	}
 	return !$old_ie;
@@ -1019,70 +1033,81 @@ function supports_svg() { //****************************************************
 
 
 
-//##### 
+
 function rCopy( $old_path, $new_path ) { //*************************************
-	//Recursively copy $old_path to $new_path
 	global $_, $WHSPC_SLASH, $EX, $message;
+	//Recursively copy $old_path to $new_path
+	//Both $old_ & $new_path must ALREADY be in OS/file system's encoding.
+	//(ie: usually UTF-8, but often ISO-8859-1 for Windows.)
+	//Return number of successful copy's + mkdir's, or 0 on error.
+
+	//$old_path & $new_path must already be in OS/filesystem's file name encoding
 
 	//Avoid a bottomless pit of sub-directories:
 	//    ok: copy root/1/ to root/1/Copy_of_1/
-	//NOT OK: copy root/1/ to root/1/2/Coyp_of_1/
+	//NOT OK: copy root/1/ to root/1/2/Copy_of_1/
 	//
+
+	$error_code = 0;
+
 	//First, trim / and white-space that will mess up strlen() check.
 	$old_path = trim($old_path,$WHSPC_SLASH);
 	$new_path = trim($new_path,$WHSPC_SLASH);
 	//
 	$test_path = dirname($new_path);
-	while (strlen($test_path) >= strlen($old_path)) {
+	while (mb_strlen($test_path) >= mb_strlen($old_path)) {
 		$test_path = dirname($test_path);
 		if ( $test_path == $old_path ) {
 			$message .= $EX.' <b>'.hsc($_['rCopy_msg_01']).'</b><br>';
-			return false;
+			return 0;
 		}
 	}
 
-	if ( is_file($old_path) ) { return copy($old_path, $new_path); }
+	if ( is_file($old_path) ) { return (copy($old_path, $new_path)*1); }
 
 	if ( is_dir($old_path) )  {
 		
 		$dir_list = scandir($old_path); //MUST come before mkdir().
-		mkdir($new_path, 0755);
+		$error_code = (mkdir($new_path, 0755)*1);
 		
 		if ( sizeof($dir_list) > 0 ) {
 			foreach( $dir_list as $file ) {
 				if ( $file == "." || $file == ".." ) { continue; }
 				
-				rCopy( $old_path.'/'.$file, $new_path.'/'.$file);
+				$error_code += rCopy( $old_path.'/'.$file, $new_path.'/'.$file);
 			}
 		}
-		return true;
+		return $error_code;
 	}
 
-	return false; //$old_path doesn't exist, or, I don't know what it is.
+	return 0; //$old_path doesn't exist, or, I don't know what it is.
 }//end rCopy() //***************************************************************
 
 
 
-//##### 
+
 function rDel($path){ //********************************************************
 	//Recursively delete $path & all sub-folders & files.
 	//Returns number of successful unlinks & rmdirs.
-	
+
 	$path = trim($path, '/'); //Protect against deleting files outside of webroot.
 	if ($path == "") { $path = '.'; }
 
+	$path_OS = Convert_encoding($path);
+
 	$count = 0;
 
-	if ( is_file($path) ) { return (unlink($path)*1); }
-	if ( is_dir($path) ) {
+	if ( is_file($path_OS) ) { return (unlink($path_OS)*1); }
+	if ( is_dir($path_OS) ) {
 		
-		$dir_list = scandir($path);
+		$dir_list = scandir($path_OS);
 		foreach ( $dir_list as $dir_item ) {
+			$dir_item_OS = Convert_encoding($dir_item);
 			if ( ($dir_item == '.') || ($dir_item =='..') ) {continue;}
 			$count += rDel($path.'/'.$dir_item);
 		}
 		
-		$count += rmdir($path);
+		$count += rmdir($path_OS);
 		return $count;
 	}
 	return false; //$path doesn't exists, or, I don't know what it is...
@@ -1098,7 +1123,7 @@ function Current_Path_Header(){ //**********************************************
 
 	$unaccessable    = '';
 	$_1st_accessable = trim($WEB_ROOT, ' /');
-	$remaining_path  = trim(substr($ipath, $ACCESS_ROOT_len), ' /');	
+	$remaining_path  = trim(mb_substr($ipath, $ACCESS_ROOT_len), ' /');	
 
 	if ($ACCESS_ROOT != '') {
 		$unaccessable    = dirname($ACCESS_ROOT);
@@ -1109,7 +1134,7 @@ function Current_Path_Header(){ //**********************************************
 		$unaccessable = trim(str_replace('/', ' / ',$unaccessable));
 	}
 
-	echo '<h2>';
+	echo '<h2 id="path_header">';
 		//Root (or $ACCESS_ROOT) folder of web site.
 		$p1 = '?i='.URLencode_path($ACCESS_ROOT);
 		echo hsc($unaccessable).'<a id="path_0" href="'.$ONESCRIPT.$p1.'" class="path">'.hsc($_1st_accessable).'</a>/';
@@ -1167,7 +1192,7 @@ function message_box() { //*****************************************************
 	$onclick = 'document.getElementById("message_box").innerHTML = " ";return false;';
 	$X_box   =  '<a id="X_box" href="'.$href.'" onclick=\''.$onclick.'\'>x</a>';
 	
-	if (isset($message) && (strlen($message) > 0)) {
+	if (isset($message) && (mb_strlen($message) > 0)) {
 ?>
 		<div id="message_box">
 			<?php echo $X_box ?>
@@ -1353,18 +1378,19 @@ function icon_folder($extra = ""){ //**********************************
 
 
 
-//##### 
+
 function List_Backup($file, $file_url){ //**************************************
 	global $_, $ONESCRIPT, $ICONS;
 
+	$file_OS = Convert_encoding($file);
 	clearstatcache ();
 	$href = $ONESCRIPT.'?i='.dir_name(trim($file_url,'/')).'&amp;f='.basename($file_url);
 	$edit_link = '<a href="'.$href.'&amp;p=edit'.'" id="old_backup">'.hsc(basename($file)).'</a>';
 ?>
 	<table class="index_T old_backup_T"><tr>
 	<td class="file_name"><?php echo $edit_link; ?></td>
-	<td class="meta_T file_size">&nbsp;	<?php echo number_format(filesize($file)); ?> B	</td>
-	<td class="meta_T file_time"> &nbsp;<script>FileTimeStamp(<?php echo filemtime($file); ?>, 1, 0, 1);</script></td>
+	<td class="meta_T file_size">&nbsp;	<?php echo number_format(filesize($file_OS)); ?> B	</td>  
+	<td class="meta_T file_time"> &nbsp;<script>FileTimeStamp(<?php echo filemtime($file_OS); ?>, 1, 0, 1);</script></td>
 	</tr></table>
 
 	<a href="<?php echo $href.'&amp;p=deletefile' ?>" class="button" id="del_backup">
@@ -1380,6 +1406,9 @@ function Admin_Page() { //******************************************************
 	global $_, $ONESCRIPT, $ONESCRIPT_backup, $ONESCRIPT_file_backup, $CONFIG_backup,
 		   $ipath, $filename, $param1, $param2, $EX, $config_title,  $CONFIG_FILE_backup;
 
+	$CONFIG_FILE_backup_OS    = Convert_encoding($CONFIG_FILE_backup);
+	$ONESCRIPT_file_backup_OS = Convert_encoding($ONESCRIPT_file_backup);
+
 	// Restore/Preserve $ipath prior to admin page in case OneFileCMS is edited (which would change $ipath).
 	if   ( $_SESSION['admin_page'] ) { $ipath  = $_SESSION['admin_ipath'];
 									   $param1 = '?i='.URLencode_path($ipath); }
@@ -1411,10 +1440,10 @@ function Admin_Page() { //******************************************************
 
 <?php  //Check for & indicate if backups exists from a prior p/w or u/n change.
 	clearstatcache ();
-	if (is_file($ONESCRIPT_file_backup) || is_file($CONFIG_FILE_backup) ) {
+	if (is_file($ONESCRIPT_file_backup_OS) || is_file($CONFIG_FILE_backup_OS) ) {
 		echo '<p><b>'.hsc($_['admin_txt_00']).'</b></p>';
-		if (is_file($ONESCRIPT_file_backup)) { List_Backup($ONESCRIPT_file_backup, $ONESCRIPT_backup); }
-		if (is_file($CONFIG_FILE_backup))    { List_Backup($CONFIG_FILE_backup, $CONFIG_backup); }
+		if (is_file($ONESCRIPT_file_backup_OS)) { List_Backup($ONESCRIPT_file_backup, $ONESCRIPT_backup); }
+		if (is_file($CONFIG_FILE_backup_OS))    { List_Backup($CONFIG_FILE_backup, $CONFIG_backup); }
 		echo '<p>'.hsc($_['admin_txt_01']).'<hr>';
 		$focus_on = 'old_backup'; //id of filename listed
 	}else {
@@ -1530,25 +1559,28 @@ function Change_PWUN_Page($pwun, $type, $page_title, $label_new, $label_confirm)
 
 
 
-//##### 
+ 
 //******************************************************************************
 function Update_config($search_for, $replace_with, $search_file, $backup_file) {
 	global  $_, $EX, $message;
+	
+	$search_file_OS = Convert_encoding($search_file);
+	$backup_file_OS = Convert_encoding($backup_file);
 
-	if ( !is_file($search_file) ) {
+	if ( !is_file($search_file_OS) ) {
 		$message .= $EX.' <b>'.hsc($_['Not_found']).': </b>'.hsc($search_file).'<br>';
 		return false;
 	}
 
 	//Read file into an array for searching.
-	$search_lines = file($search_file, FILE_IGNORE_NEW_LINES);
+	$search_lines = file($search_file_OS, FILE_IGNORE_NEW_LINES);
 
 	//Search start of each $line in (array)$search_lines for (string)$search_for.
 	//If match found, replace $line with $replace_with, end search.
-	$search_len = strlen($search_for);
+	$search_len = mb_strlen($search_for);
 	$found = false;
 	foreach ($search_lines as $key => $line) {
-		if ( substr($line,0,$search_len) == $search_for ) {
+		if ( mb_substr($line,0,$search_len) == $search_for ) {
 			$found = true;
 			$search_lines[$key] = $replace_with;
 			break 1; //only replace first occurrance of $search_for
@@ -1558,11 +1590,11 @@ function Update_config($search_for, $replace_with, $search_file, $backup_file) {
 	//This should not happen, but just in case...
 	if (!$found){ $message .= $EX.' <b>'.hsc($_['Not_found']).': </b>'.hsc($search_for).'<br>'; return false; }
 	
-	copy($search_file, $backup_file); // Just in case...
+	copy($search_file_OS, $backup_file_OS); // Just in case...
 
 	$updated_contents = implode("\n", $search_lines);
 
-	if (file_put_contents($search_file, $updated_contents, LOCK_EX) === false) {
+	if (file_put_contents($search_file_OS, $updated_contents, LOCK_EX) === false) {
 		$message .= $EX.'<b>'.hsc($_['update_failed']).'</b><br>';
 		return false;
 	}else {return true;}
@@ -1570,7 +1602,7 @@ function Update_config($search_for, $replace_with, $search_file, $backup_file) {
 
 
 
-//##### 
+
 function Change_PWUN_response($PWUN, $msg){ //**********************************
 	//Update $USERNAME or $HASHWORD. Default $page = changepw or changeun
 	global $_, $ONESCRIPT, $USERNAME, $HASHWORD, $EX, $message, $page, 
@@ -1670,7 +1702,7 @@ function Login_Page() { //******************************************************
 
 
 
-//##### 
+
 function Login_response() { //**************************************************
 	global $_, $EX, $message, $page, $LOGIN_ATTEMPTS, $MAX_ATTEMPTS, $LOGIN_DELAY, $USERNAME, $HASHWORD;
 
@@ -1678,6 +1710,7 @@ function Login_response() { //**************************************************
 	$_SESSION['valid'] = 0; //Default to failed login.
 	$attempts = 0;
 	$elapsed  = 0;
+	$LOGIN_ATTEMPTS = Convert_encoding($LOGIN_ATTEMPTS); //$LOGIN_ATTEMPTS only used for filesystem access.
 
 	//Check for prior login attempts (but don't increment count just yet)
 	if (is_file($LOGIN_ATTEMPTS)) {
@@ -1739,17 +1772,17 @@ function Create_Table_for_Listing() { //****************************************
 	<th class="ckbox">
 		<INPUT TYPE=checkbox NAME=select_all id=select_all VALUE=select_all onclick="Select_All();"></th>
 	<th class="file_name ckbox" style="">
+		<a href="#" onclick="Sort_and_Show(5, FLIP_IF);return false" id=sort_type  >(<?php echo hsc($_['ext']) ?>)</a>
+		<?php $ffparams = 'TYPE=checkbox NAME=folder_first id=folders_first_ckbox VALUE=folders_first checked'?>
+		<INPUT <?php echo $ffparams ?> onclick="Sort_and_Show(SORT_by, SORT_order);">
 		<label for=folders_first_ckbox id=folders_first_label title="<?php  echo hsc($_['folders_first_info']) ?>">
-			<?php $ffparams = 'TYPE=checkbox NAME=folder_first id=folders_first_ckbox VALUE=folders_first checked'?>
-			<INPUT <?php echo $ffparams ?> onclick="sort_DIRECTORY(SORT_by, SORT_order);">
 			(<?php echo hsc($_['folders_first']) ?>)
 		</label>
-		<a href="#" onclick="sort_DIRECTORY(1, FLIP_IF);return false"><?php echo hsc($_['Name']) ?></a>
-		<a href="#" onclick="sort_DIRECTORY(5, FLIP_IF);return false" id=sort_type>(<?php echo hsc($_['ext']) ?>)</a></th>
+		<a href="#" onclick="Sort_and_Show(1, FLIP_IF);return false" id=name_header><?php echo hsc($_['Name']) ?></a></th>
 	<th class="file_size">
-		<a href="#" onclick="sort_DIRECTORY(2, FLIP_IF);return false"><?php echo hsc($_['Size']) ?></a></th>
+		<a href="#" onclick="Sort_and_Show(2, FLIP_IF);return false"><?php echo hsc($_['Size']) ?></a></th>
 	<th class="file_time">
-		<a href="#" onclick="sort_DIRECTORY(3, FLIP_IF);return false"><?php echo hsc($_['Date']) ?></a></th>
+		<a href="#" onclick="Sort_and_Show(3, FLIP_IF);return false"><?php echo hsc($_['Date']) ?></a></th>
 	</tr>
 
 	<?php //For directory content. Will insert the list later. (same for footer...) ?>
@@ -1761,69 +1794,76 @@ function Create_Table_for_Listing() { //****************************************
 
 
 
-//##### 
-function Get_DIRECTORY_DATA($basic_list) { //***********************************
-	global $_, $ONESCRIPT, $ipath, $param1, $ICONS,
+
+function Get_DIRECTORY_DATA() { //**********************************************
+	global $_, $ONESCRIPT, $ipath, $ipath_OS, $param1, $ICONS, $message, 
 			$ftypes, $fclasses, $excluded_list, $stypes, $SHOWALLFILES, 
-			$DIRECTORY_COUNT, $DIRECTORY_DATA;
+			$DIRECTORY_COUNT, $DIRECTORY_DATA, $ENC_OS;
+
+	//Doesn't use global $filename or $filename_OS in this function (because they shouldn't exist on the Index page)
+	//$filename below is JUST the file's name.  In some functions, it's the full/path/filename
+
+	$raw_list = scandir('./'.$ipath_OS);  //Get current directory list  (unsorted)
+
+	$DIRECTORY_COUNT = 0; //final count to exclude . & .., and possibly $excluded file names
+	foreach ($raw_list as $raw_filename) { //$raw_list is in server's File System encoding
 		
-	foreach ($basic_list as $filename) {
+		if ( ($raw_filename == '.') || ($raw_filename == '..') ) {continue;}
 		
-		if (in_array($filename, $excluded_list)) {$excluded = TRUE;} else {$excluded = FALSE;}
+		$filename_OS = $ipath_OS.$raw_filename; //for is_dir() & file_exists() below
 		
-		//Get file type & check against $stypes (files types to show)
-		$filename_parts = explode(".", strtolower($filename));
+		//Normalize filename encoding for general use & display. (UTF-8, which may not be same as the server's File System)
+		if ($ENC_OS != 'UTF-8') {$filename = Convert_encoding($raw_filename,'UTF-8');}
 		
+		//Get file .ext & check against $stypes (files types to show)
+		$filename_parts = explode(".", mb_strtolower($filename));
+		
+		//First check for no $ext:  "filename"  or ".filename"
 		$segments = count($filename_parts);
-		//Check for no $ext:  "filename"  or ".filename"
 		if( $segments === 1 || ( ($segments === 2) && ($filename_parts[0] === ""))) {
 				 $ext =  '';
 		} else { $ext = end($filename_parts); }
 		
+		//Check $filename & $ext against white & black lists. If not to be shown, get next $filename...
 		if ($SHOWALLFILES || in_array($ext, $stypes)) { $SHOWTYPE = TRUE; } else { $SHOWTYPE = FALSE; }
-		
-		//Used to not show rename & delete options for active copy of OneFileCMS.
+		if (in_array($filename, $excluded_list)) {$excluded = TRUE;} else {$excluded = FALSE;}
+		if ( !$SHOWTYPE || $excluded ) { continue; }
+			
+		//Used to hide rename & delete options for active copy of OneFileCMS.
 		$IS_OFCMS = 0;
 		if ( $ipath.$filename == trim($_SERVER['SCRIPT_NAME'], '/') ) { $IS_OFCMS = 1; }
 		
-		//If $filename is to be shown, save data...
-		if ( $SHOWTYPE && !$excluded ) {
-			
-			//Set icon type based on if dir, or file type ($ext).
-			if (is_dir($ipath.$filename)) { $type = 'dir'; }
-			else {						$type = $fclasses[array_search($ext, $ftypes)]; }
-			
-			//Determine icon to show
-			if (in_array($type,$fclasses)) { $icon = $ICONS[$type];}
-			elseif ($type == 'dir')        { $icon = $ICONS['folder']; }
-			else                           { $icon = $ICONS['bin']; } //default
+		//Set icon type based on if dir, or file type ($ext).
+		if (is_dir($filename_OS)) { $type = 'dir'; }
+		else {						$type = $fclasses[array_search($ext, $ftypes)]; }
+		
+		//Determine icon to show
+		if (in_array($type,$fclasses)) { $icon = $ICONS[$type];}
+		elseif ($type == 'dir')        { $icon = $ICONS['folder']; }
+		else                           { $icon = $ICONS['bin']; } //default
 			
-			//Get file size & date. Check if file_exists() in case of encoding conflicts with filename.
-			if (file_exists($ipath.$filename)) {
-				$file_size_raw = filesize($ipath.$filename);
-				$file_time_raw = filemtime($ipath.$filename);
-			} else {
-				$file_size_raw = -1; //Use -1 as an unobtrusive, but obvious, error flag.
-				$file_time_raw =  0; //Same as above, except use 0 which is 1970 Jan 1 00:00:00 GMT.
-			}
+		//Get file size & date.
+		$file_size_raw = filesize($filename_OS);
+		$file_time_raw = filemtime($filename_OS);
 			
-			//Store data
-			$DIRECTORY_DATA[$DIRECTORY_COUNT] = array('', '', 0, 0, 0, '');
-			$DIRECTORY_DATA[$DIRECTORY_COUNT][0] = $type;  //used to determine icon & f_or_f
-			$DIRECTORY_DATA[$DIRECTORY_COUNT][1] = $filename;
-			$DIRECTORY_DATA[$DIRECTORY_COUNT][2] = $file_size_raw;
-			$DIRECTORY_DATA[$DIRECTORY_COUNT][3] = $file_time_raw;
-			$DIRECTORY_DATA[$DIRECTORY_COUNT][4] = $IS_OFCMS; //If = 1, Don't show ren, del, ckbox.
-			$DIRECTORY_DATA[$DIRECTORY_COUNT][5] = $ext;
-			$DIRECTORY_COUNT++;
-		}//end if $SHOW...
+		//Store data
+		$DIRECTORY_DATA[$DIRECTORY_COUNT] = array('', '', 0, 0, 0, '');
+		$DIRECTORY_DATA[$DIRECTORY_COUNT][0] = $type;  //used to determine icon & f_or_f
+		$DIRECTORY_DATA[$DIRECTORY_COUNT][1] = $filename;
+		$DIRECTORY_DATA[$DIRECTORY_COUNT][2] = $file_size_raw;
+		$DIRECTORY_DATA[$DIRECTORY_COUNT][3] = $file_time_raw;
+		$DIRECTORY_DATA[$DIRECTORY_COUNT][4] = $IS_OFCMS; //If = 1, Don't show ren, del, ckbox.
+		$DIRECTORY_DATA[$DIRECTORY_COUNT][5] = $ext;
+		$DIRECTORY_COUNT++;
 	}//end foreach file
+	
+	return $DIRECTORY_COUNT;
 }//end Get_DIRECTORY_DATA() //**************************************************
 
 
 
  
-function Send_data_to_js() {//**************************************************
+function Send_data_to_js_and_display() {//**************************************
 	global $DIRECTORY_DATA, $DIRECTORY_COUNT;
 	//"send" DIRECTORY_DATA to javascript.
 	$data_for_js = "<script>\n";
@@ -1843,12 +1883,12 @@ function Send_data_to_js() {//**************************************************
 		}//end skip . & ..
 	}//end for x
 
-	//Initial sort & display of the directory...
-	$data_for_js .= 'sort_DIRECTORY();'."\n"; //Initial sort by file name.
+	//Initial sort & display of the directory, by (filename, ascending).
+	$data_for_js .= 'Sort_and_Show();'."\n";
 
 	$data_for_js .= "</script>\n";
 	echo $data_for_js;
-}//end Send_data_to_js() {//****************************************************
+}//end Send_data_to_js_and_display() {//****************************************
 
 
 
@@ -1880,21 +1920,16 @@ function Index_Page_buttons_top($file_count) { //*******************************
 
 
 
-//##### 
+ 
 function Index_Page(){ //*******************************************************
-	global $_, $ICONS, $ONESCRIPT, $ipath, $param1, $param3, $HREF_params, 
-			$ftypes, $fclasses, $DIRECTORY_COUNT, $DIRECTORY_DATA;
+	global  $ONESCRIPT, $param1;
 	
 	init_ICONS_js();
 	Index_Page_scripts();
 
-	$DIRECTORY_COUNT = 0;
+	$file_count = Get_DIRECTORY_DATA();
 
-	//Get current directory list  (unsorted)
-	$basic_list = scandir('./'.$ipath);
-	$file_count = count($basic_list);
-
-	//<form> to contain entire list, including buttons at top.
+	//<form> to contain directory, including buttons at top.
 	echo '<form method="post" name="mcdselect" action="'.$ONESCRIPT.$param1.'&amp;p=mcdaction">';
 	echo '<input type="hidden" name="mcdaction" value="">'; //along with $page, affects response
 
@@ -1902,18 +1937,16 @@ function Index_Page(){ //*******************************************************
 
 	Create_Table_for_Listing(); //sets up table with empty <tbody></tbody>
 
-	if ($file_count > 0) { Get_DIRECTORY_DATA($basic_list); }
-
 	echo "</form>\n";
 
-	Send_data_to_js();
+	Send_data_to_js_and_display();
 }//end Index_Page() //**********************************************************
 
 
 
 
 function Edit_Page_buttons_top($text_editable,$file_ENC){ //********************
-	global $_, $ONESCRIPT, $param1, $param2, $filename, $WIDE_VIEW_WIDTH, $WYSIWYG_VALID, $EDIT_MODE, $ON_OFF_label;
+	global $_, $ONESCRIPT, $param1, $param2, $filename, $filename_OS, $WYSIWYG_VALID, $EDIT_MODE, $ON_OFF_label;
 
 	//[Edit WYSIWYG] / [Edit HTML] button.
 	$ON_OFF_button  = '';
@@ -1941,10 +1974,10 @@ function Edit_Page_buttons_top($text_editable,$file_ENC){ //********************
 	<div class="edit_btns_top">
 		<div class="file_meta">
 			<span class="file_size">
-				<?php echo hsc($_['meta_txt_01']).' '.number_format(filesize($filename)).' '.hsc($_['bytes']); ?>
+				<?php echo hsc($_['meta_txt_01']).' '.number_format(filesize($filename_OS)).' '.hsc($_['bytes']); ?>
 			</span>	&nbsp;
 			<span class="file_time">
-				<?php echo hsc($_['meta_txt_03']).' <script>FileTimeStamp('.filemtime($filename).', 1, 1, 1);</script>'; ?>
+				<?php echo hsc($_['meta_txt_03']).' <script>FileTimeStamp('.filemtime($filename_OS).', 1, 1, 1);</script>'; ?>
 				<?php echo '&nbsp; '.$file_ENC; ?>
 			</span><br>
 		</div>
@@ -2005,9 +2038,9 @@ function Edit_Page_buttons($text_editable, $too_large_to_edit) { //*************
 
 //******************************************************************************
 function Edit_Page_form($ext, $text_editable, $too_large_to_edit, $too_large_to_edit_message, $file_ENC){
-	global $_, $ONESCRIPT, $param1, $param2, $param3, $filename, $itypes, $INPUT_NUONCE, $EX, 
+	global $_, $ONESCRIPT, $param1, $param2, $param3, $filename, $filename_OS, $itypes, $INPUT_NUONCE, $EX, 
 		   $raw_contents, $WYSIWYG_VALID, $EDIT_MODE;
-	
+
 	$load_Edit_Page_scripts = false; //Don't load if not needed.
 ?>
 	<form id="edit_form" name="edit_form" method="post" action="<?php echo $ONESCRIPT.$param1.$param2.$param3 ?>">
@@ -2016,7 +2049,7 @@ function Edit_Page_form($ext, $text_editable, $too_large_to_edit, $too_large_to_
 
 		Edit_Page_buttons_top($text_editable, $file_ENC);
 		
-		if ( !in_array( strtolower($ext), $itypes) ) { //If non-image...
+		if ( !in_array( mb_strtolower($ext), $itypes) ) { //If non-image...
 				
 			if (!$text_editable) { // If non-text file...
 				echo '<p class="edit_disabled">'.hsc($_['edit_txt_01']).'<br><br></p>';
@@ -2036,14 +2069,16 @@ function Edit_Page_form($ext, $text_editable, $too_large_to_edit, $too_large_to_
 				}
 				
 				//Did htmlspecialchars return an empty string from a non-empty file?
-				$bad_chars = ( ($filecontents == "") && (filesize($filename) > 0) );
+				$bad_chars = ( ($filecontents == "") && (filesize($filename_OS) > 0) );
 				
 				if ($bad_chars){
 					echo '<pre class="edit_disabled">'.$EX.hsc($_['edit_txt_02']).'<br>';
 					echo hsc($_['edit_txt_03']).'<br>';
 					echo hsc($_['edit_txt_04']).'<br></pre>';
 				}else{
-					echo '<input type="hidden" name="filename" value="'.hsc($filename).'">';
+					//##### where is this <input> needed???  It's not used in Edit_response()
+					  //Commented out as of 3.5.02
+					  //echo '<input type="hidden" name="filename" value="'.hsc($filename).'">';
 					echo '<textarea id="file_editor" name="contents" cols="70" rows="25" ';
 					echo 'onkeyup="Check_for_changes(event);">'.$filecontents.'</textarea>'.PHP_EOL;
 				}
@@ -2086,23 +2121,25 @@ function Edit_Page_Notes() { //*************************************************
 
 
 function Edit_Page() { //*******************************************************
-	global $_, $filename, $filecontents, $raw_contents, $etypes, $itypes, $MAX_EDIT_SIZE, $MAX_VIEW_SIZE, $WYSIWYG_VALID;
+	global $_, $filename, $filename_OS, $filecontents, $raw_contents, $etypes, $itypes,
+			$MAX_EDIT_SIZE, $MAX_VIEW_SIZE, $WYSIWYG_VALID;
+
 	clearstatcache ();
 
 	//Determine if a text editable file type
-	$filename_parts = explode(".", strtolower($filename));
+	$filename_parts = explode(".", mb_strtolower($filename));
 	$ext = end($filename_parts);
 	if ( in_array($ext, $etypes) ) { $text_editable = TRUE;  }
 	else                           { $text_editable = FALSE; }
 	
-	$too_large_to_edit = (filesize($filename) > $MAX_EDIT_SIZE);
-	$too_large_to_view = (filesize($filename) > $MAX_VIEW_SIZE);
+	$too_large_to_edit = (filesize($filename_OS) > $MAX_EDIT_SIZE);
+	$too_large_to_view = (filesize($filename_OS) > $MAX_VIEW_SIZE);
 	
 	//Don't load $WYSIWYG_PLUGIN if not needed
 	if (!$text_editable || $too_large_to_edit) {$WYSIWYG_VALID = 0;}
 
 	if ($text_editable && !$too_large_to_view) {
-		$raw_contents = file_get_contents($filename);
+		$raw_contents = file_get_contents($filename_OS);
 		$file_ENC = mb_detect_encoding($raw_contents); //ASCII, UTF-8, etc...
 	}else{
 		$file_ENC     = "";
@@ -2138,7 +2175,7 @@ function Edit_Page() { //*******************************************************
 		echo '<p class="edit_disabled">'.$too_large_to_view_message.'</p>';
 	}
 	elseif ( $text_editable && $too_large_to_edit ){
-		$filecontents = hsc(file_get_contents($filename), ENT_COMPAT,'UTF-8');
+		$filecontents = hsc(file_get_contents($filename_OS), ENT_COMPAT,'UTF-8');
 		echo '<pre class="edit_disabled view_file">'.$filecontents.'</pre>';
 	}
 }//end Edit_Page() //***********************************************************
@@ -2147,14 +2184,14 @@ function Edit_Page() { //*******************************************************
 
 
 function Edit_response(){ //***If on Edit page, and [Save] clicked *************
-	global $_, $EX, $message, $filename;
-	$filename = $_POST['filename'];
-	$contents = $_POST['contents'];
+	global $_, $EX, $message, $filename, $filename_OS;
 
-	$contents = str_replace("\r\n", "\n", $contents); //Make sure EOL is only newline char.
-	$contents = str_replace("\r"  , "\n", $contents); //Make sure EOL is only newline char.
+	$contents    = $_POST['contents'];
+	
+	$contents = str_replace("\r\n", "\n", $contents); //Normalize EOL
+	$contents = str_replace("\r"  , "\n", $contents); //Normalize EOL
 
-	$bytes = file_put_contents($filename, $contents);
+	$bytes = file_put_contents($filename_OS, $contents);
 
 	if ($bytes !== false) {
 		$message .= '<b>'.hsc($_['edit_msg_01']).' '.number_format($bytes).' '.hsc($_['edit_msg_02']).'</b><br>';
@@ -2174,8 +2211,8 @@ function Upload_Page() { //*****************************************************
 	if ($max_file_uploads < $UPLOAD_FIELDS) { $UPLOAD_FIELDS = $max_file_uploads; }
 
 	//$main_width is used below to determine size (width) of <input type=file> in FF.
-	$main_width   = $MAIN_WIDTH * 1;   //set in config section. Default is 810px.
-	$main_units   = substr($MAIN_WIDTH, -2); //should be px, pt, or em.
+	$main_width = $MAIN_WIDTH * 1;   //set in config section. Default is 810px.
+	$main_units = mb_substr($MAIN_WIDTH, -2); //should be px, pt, or em.
 	//convert to px.  16px = 12pt = 1em
 	if     ( $main_units == "em") { $main_width = $main_width * 16 ; }
 	elseif ( $main_units == "pt") { $main_width = $main_width * (16 / 12); }
@@ -2209,7 +2246,7 @@ function Upload_Page() { //*****************************************************
 
 
 function Upload_response() { //*************************************************
-	global $_, $filename, $ipath, $page, $EX, $message, $UPLOAD_FIELDS;
+	global $_, $ipath, $ipath_OS, $page, $EX, $message, $UPLOAD_FIELDS;
 
 	$page  = "index"; //return to index.
 
@@ -2218,46 +2255,41 @@ function Upload_response() { //*************************************************
 		if ($name == "") { continue; } //ignore empty upload fields
 		
 		$filecount++;
-		$filename    = $_FILES['upload_file']['name'][$N];
-		$destination = $ipath;
-		$savefile_msg = '';		
+		$filename_up = $ipath.$_FILES['upload_file']['name'][$N]; //just filename, no path.
+		$filename_OS = Convert_encoding($filename_up);
+		
+		$savefile_msg = '';
 		
 		$MAXUP1 = ini_get('upload_max_filesize');
 		//$MAXUP2 = ''; //number_format($_POST['MAX_FILE_SIZE']).' '.hsc($_['bytes']);
 		$ERROR = $_FILES['upload_file']['error'][$N];
 		
 		if     ( $ERROR == 1 ){ $ERRMSG = hsc($_['upload_err_01']).' upload_max_filesize = '.$MAXUP1;}
-		elseif ( $ERROR == 2 ){ $ERRMSG = hsc($_['upload_err_02']); }  //.' MAX_FILE_SIZE = '      .$MAXUP2;}
-		elseif ( $ERROR == 3 ){ $ERRMSG = hsc($_['upload_err_03']); }
-		elseif ( $ERROR == 4 ){ $ERRMSG = hsc($_['upload_err_04']); }
-		elseif ( $ERROR == 5 ){ $ERRMSG = hsc($_['upload_err_05']); }
-		elseif ( $ERROR == 6 ){ $ERRMSG = hsc($_['upload_err_06']); }
-		elseif ( $ERROR == 7 ){ $ERRMSG = hsc($_['upload_err_07']); }
-		elseif ( $ERROR == 8 ){ $ERRMSG = hsc($_['upload_err_08']); }
+		elseif (($ERROR > 1) && ($ERROR < 9)) { $ERRMSG = hsc($_['upload_err_0'.$ERROR]); }
 		else                  { $ERRMSG = ''; }
 		
-		if ( ($destination === false) || (($destination != "") && !is_dir($destination))) {
+		if ( ($ipath === false) || (($ipath != "") && !is_dir($ipath_OS))) {
 			$message .= $EX.'<b>'.hsc($_['upload_msg_02']).'</b><br>';
-			$message .= '<span class="filename">'.hsc($destination).'</span></b><br>';
+			$message .= '<span class="filename">'.hsc($ipath).'</span></b><br>';
 			$message .= hsc($_['upload_msg_03']).'</b><br>';
 		}else{
-			$message .= '<b>'.hsc($_['upload_msg_04']).'</b> <span class="filename">'.hsc($filename).'</span><br>';
+			$message .= '<b>'.hsc($_['upload_msg_04']).'</b> <span class="filename">'.hsc(basename($filename_up)).'</span><br>';
 			
 			if ( isset($_POST['ifexists']) && ($_POST['ifexists'] == 'overwrite') ) {
-				$savefile = $destination.$filename;
-				if (is_file($savefile)) { $savefile_msg .= hsc($_['upload_msg_07']) ; }
+				if (is_file($filename_OS)) { $savefile_msg .= hsc($_['upload_msg_07']) ; }
 			}else{ //rename to "file.etc.001"  etc...
-				$savefile = ordinalize($destination, $filename, $savefile_msg);
+				$filename_up = add_serial_num($filename_up, $savefile_msg);
 			}
 			
-			if(move_uploaded_file($_FILES['upload_file']['tmp_name'][$N], $savefile)) {
+			$filename_OS = Convert_encoding($filename_up);
+			if(move_uploaded_file($_FILES['upload_file']['tmp_name'][$N], $filename_OS)) {
 				$message .= '<b>'.hsc($_['upload_msg_05']).'</b> '.$savefile_msg.'<br>';
 			} else{
 				$message .= '<b>'.$EX.hsc($_['upload_msg_06']).'</b> '.$ERRMSG.'</b><br>';
 			}
 		}
 	}//end foreach $_FILES
-	
+
 	if ($filecount == 0) { $page = "upload"; } //If nothing selected, just reload Upload page.
 }//end Upload_response() //*****************************************************
 
@@ -2280,14 +2312,17 @@ function New_Page($title, $new_f_or_f) { //*************************************
 
 
 function New_response($post, $isfile){ //***************************************
-	global $_, $ipath, $filename, $page, $param1, $param2, $param3, $message, $EX, $INVALID_CHARS, $WHSPC_SLASH;
+	global $_, $ipath, $ipath_OS, $filename, $filename_OS, $page, $param1, $param2, $param3, $message, $EX, $INVALID_CHARS, $WHSPC_SLASH;
 
 	$page      = "index"; //Return to index if folder, or on error.
 
-	$new_name  = trim($_POST[$post], $WHSPC_SLASH); //Trim whitespace & slashes.
-	
-	if ($isfile) { $f_or_f = "file";   $filename  = $ipath.$new_name;     }
-	else         { $f_or_f = "folder"; $new_ipath = $ipath.$new_name.'/'; }
+	$new_name     = trim($_POST[$post], $WHSPC_SLASH); //Trim whitespace & slashes.
+
+	$filename     = $ipath.$new_name;
+	$filename_OS  = Convert_encoding($filename);
+
+	if ($isfile) { $f_or_f = "file";   }
+	else         { $f_or_f = "folder"; }
 
 	$msg_new  = '<span class="filename">'.hsc($new_name).'</span><br>';
 
@@ -2299,18 +2334,19 @@ function New_response($post, $isfile){ //***************************************
 		$page   = "new".$f_or_f;
 		$param3 = '&amp;p=index'; //For [Cancel] button
 		
-	}elseif (file_exists($filename)) { //Does file or folder already exist ?
+	}elseif (file_exists($filename_OS)) { //Does file or folder already exist ?
 		$message .= $EX.'<b>'.hsc($_['new_file_msg_04']).' '.$msg_new;
 		
-	}elseif ( $isfile && touch($filename) ) { //Create File
+	}elseif ($isfile && touch($filename_OS) ) { //Create File
 		$message .= '<b>'.hsc($_['new_file_msg_05']).'</b> '.$msg_new; //New File success.
 		$page     = "edit";                                      //Return to edit page.
 		$param2   = '&amp;f='.rawurlencode(basename($filename)); //for Edit_Page() buttons
 		$param3   = '&amp;p=edit';                               //for Edit_Page() buttons
 		
-	}elseif ( !$isfile && mkdir($new_ipath,0755)) { //Create Folder
+	}elseif (!$isfile && mkdir($filename_OS,0755)) { //Create Folder
 		$message .= '<b>'.hsc($_['new_file_msg_07']).'</b> '.$msg_new; //New folder success
-		$ipath    = $new_ipath;  //return to new folder
+		$ipath    = $filename;  //return to new folder
+		$ipath_OS = Convert_encoding($filename);
 		$param1   = '?i='.URLencode_path($ipath);
 		
 	}else{
@@ -2328,14 +2364,11 @@ function Set_Input_width() { //*************************************************
 	// $MAIN_WIDTH: Set in config section, may be in em, px, pt, or %. Ignoring % for now.
 	// Width of 1 character = .625em = 10px = 7.5pt  (1em = 16px = 12pt)
 
-	$main_units  = substr($MAIN_WIDTH, -2);
+	$main_units  = mb_substr($MAIN_WIDTH, -2);
 	$main_width  = $MAIN_WIDTH * 1;
 
-	$root_enc    = mb_detect_encoding($WEB_ROOT.$ACCESS_ROOT);  //ASCII? UTF8? etc...
-	$root_width  = mb_strlen($WEB_ROOT.$ACCESS_ROOT, $root_enc);
-
-	$label_enc   = mb_detect_encoding($_['New_Location']);  //ASCII? UTF8? etc...
-	$label_width = mb_strlen($_['New_Location'], $label_enc);
+	$root_width  = mb_strlen($WEB_ROOT.$ACCESS_ROOT);
+	$label_width = mb_strlen($_['New_Location']);
 
 	//convert to em
 	$root_width  *= .625;
@@ -2361,10 +2394,10 @@ function CRM_Page($action, $title, $action_id, $old_full_name) { //*************
 
 	$new_full_name = $old_full_name; //default
 
-	if (is_dir($old_full_name)) {
+	if (is_dir(Convert_encoding($old_full_name))) {
 		$param1 = '?i='.dir_name($ipath); //If dir, return to parent on [Cancel]
 		$ACCESS_PATH = dir_name($ACCESS_PATH);
-	} 
+	}
 
 	Set_Input_width();
 
@@ -2390,11 +2423,11 @@ function CRM_Page($action, $title, $action_id, $old_full_name) { //*************
 
 
 
-
+ 
 function CRM_response($action, $msg1, $show_message = 3){ //********************
 	//$action = 'rCopy' or 'rename'.  Returns 0 if successful, 1 on error.
 	//$show_message: 0 = none; 1 = errors only; 2 = successes only; 3 = all messages (default).
-	global $_, $ipath, $filename, $page, $param1, $param2, $message, $EX, $INVALID_CHARS, $WHSPC_SLASH;
+	global $_, $ipath, $ipath_OS, $filename, $page, $param1, $param2, $message, $EX, $INVALID_CHARS, $WHSPC_SLASH;
 
 	$old_full_name = trim($_POST['old_full_name'], $WHSPC_SLASH);     //Trim whitespace & slashes.
 	$new_name_only = trim($_POST['new_name'], $WHSPC_SLASH);
@@ -2403,22 +2436,29 @@ function CRM_response($action, $msg1, $show_message = 3){ //********************
 	$new_full_name = $new_location.$new_name_only;
 	$filename      = $old_full_name; //default if error.
 
-	$isfile = 0; if (is_file($old_full_name)) { $isfile = 1;} //File or folder?
+	//for function calls that access the server file system, such as rCopy, rename, file_exists, etc...
+	$old_full_name_OS = Convert_encoding($old_full_name);
+	$new_full_name_OS = Convert_encoding($new_full_name);
+	$new_location_OS  = Convert_encoding($new_location);
+
+	$isfile = 0; if (is_file($old_full_name_OS)) { $isfile = 1;} //File or folder?
 
 	//Common message lines
 	$com_msg  = '<div id="message_left">'.hsc($_['From']).'<br>'.hsc($_['To']).'</div>';
 	$com_msg .= '<b>: </b><span class="filename">'.hsc($old_full_name).'</span><br>';
 	$com_msg .= '<b>: </b><span class="filename">'.hsc($new_full_name).'</span><br>';
 
+	$bad_name = ""; //bad file or folder name (can be either old_ or new_)
+
 	$err_msg = ''; //Error message.
 	$scs_msg = ''; //Success message.
 
-	$error = 1; //0 = no error, 1 = an error. Default to error. Used for return value.
+	$error_code = 0; //1 = success (no error), 0 = an error. Used for return value.
 
 	//Check old name for invalid chars (like .. ) (Unlikely to be false outside a malicious attempt)
 	if ( Check_path($old_full_name,$show_message) === false ) {
 		$bad_name = $old_full_name;
-	}elseif ( !file_exists($old_full_name) ) {
+	}elseif ( !file_exists($old_full_name_OS) ) {
 		$err_msg .= $EX.'<b>'.hsc($msg1.' '.hsc($_['CRM_msg_02'])).'</b><br>';
 		$bad_name = $old_full_name;
 	//Check new name for invalid chars, including slashes.
@@ -2429,45 +2469,43 @@ function CRM_response($action, $msg1, $show_message = 3){ //********************
 	}elseif ( Check_path($new_location,$show_message) === false ) {
 		$bad_name = $new_location;
 	//$new_location must already exist as a directory
-	}elseif ( ($new_location != "") && !is_dir($new_location) ) {
+	}elseif ( ($new_location != "") && !is_dir($new_location_OS) ) {
 		$err_msg .= $EX.'<b>'.hsc($msg1.' '.hsc($_['CRM_msg_01'])).'</b><br>';
 		$bad_name = $new_location;
 	//Don't overwrite existing files.
-	}elseif ( file_exists($new_full_name) ) {
+	}elseif ( file_exists($new_full_name_OS) ) {
 		$bad_name = $new_full_name;
 		$err_msg .= $EX.'<b>'.hsc($msg1.' '.hsc($_['CRM_msg_03'])).'</b><br>';
-	}elseif ( $action($old_full_name, $new_full_name )) {
-		$scs_msg .= '<b>'.hsc($msg1.' '.hsc($_['successful'])).'</b><br>'.$com_msg;
-		if   ($isfile) {
+	}else{ //attempt $action
+		$error_code = $action($old_full_name_OS, $new_full_name_OS);
+		if ( $error_code > 0 ) { 
+			$scs_msg .= '<b>'.hsc($msg1.' '.hsc($_['successful'])).'</b><br>'.$com_msg;
+			if ($isfile) { $filename = $new_full_name; }
 			$ipath    = $new_location;
-			$filename = $new_full_name;
-		}else {//folder
-			$ipath    = $new_full_name.'/';
+			$ipath_OS = $new_location_OS;
+		}else{
+			$err_msg .= $EX.'<b>'.hsc($_['CRM_msg_05'].' '.$msg1).'</b><br>'.$com_msg;
 		}
-		$error = 0;
-	}else{
-		$bad_name = "";
-		$err_msg .= $EX.'<b>'.hsc($_['CRM_msg_05'].' '.$msg1).'</b><br>'.$com_msg;
-	}
-	
-	if ($error && ($bad_name !='' )) { $err_msg .= '<span class="filename">'.hsc($bad_name).'</span><br>'; }
+	}//
 
-	if ( ($show_message & 1) && $error ) { $message .= $err_msg; } //Show error message.
-	if (  $show_message & 2)             { $message .= $scs_msg; } //Show success message.
+	if (($bad_name !='' ) && ($error_code == 0)) { $err_msg .= '<span class="filename">'.hsc($bad_name).'</span><br>'; }
+
+	if (($show_message & 1) && ($error_code == 0)) { $message .= $err_msg; } //Show error message.
+	if ( $show_message & 2)                        { $message .= $scs_msg; } //Show success message.
 
 	//Prior page should be either index or edit
 	$page = $_SESSION['recent_pages'][1];
 	$param1 = '?i='.URLencode_path($ipath);
 	if ($isfile & $page == "edit") {$param2 = '&amp;f='.rawurlencode(basename($filename));}
 
-	return $error; //
+	return $error_code; //
 }//end CRM_response() //********************************************************
 
 
 
 
 function Delete_response($target, $show_message=3) { //*************************
-	global $_, $ipath, $param1, $filename, $param2, $page, $message, $EX;
+	global $_, $ipath, $ipath_OS, $param1, $filename, $param2, $page, $message, $EX;
 
 	if ($target == "") { return 0; } //Prevent accidental delete of entire website.
 
@@ -2481,14 +2519,15 @@ function Delete_response($target, $show_message=3) { //*************************
 	$err_msg = ''; //On error, set this message.
 	$scs_msg = ''; //On success, set this message.
 
-	if (rDel($target)) {
+	$error_code = rDel($target);
+	if ($error_code > 0) { // 0 = error, > 0 is number of successes
 		$scs_msg .= '<b>'.hsc($_['Deleted']).':</b> ';
 		$scs_msg .= '<span class="filename">'.hsc(basename($target)).'</span></br>';
 		$ipath  = dir_name($target); //Return to parent dir.
+		$ipath_OS = Convert_encoding($ipath);
 		$param1 = '?i='.URLencode_path($ipath);
 		$filename = "";
 		$param2   = "";
-		$error = 0; //0= no error, 1 = an error.
 	}else { //Error
 		$err_msg .= $EX.'<b>'.hsc($_['delete_msg_03']).'</b> <span class="filename">'.hsc($target).'</span><br>';
 		$page = $_SESSION['recent_pages'][1];
@@ -2496,21 +2535,21 @@ function Delete_response($target, $show_message=3) { //*************************
 			$filename = $target;
 			$param2 = '&amp;f='.basename($filename);
 		}
-		$error = 1;
 	}
 
 	if ($show_message & 1) { $message .= $err_msg; } //Show error message.
 	if ($show_message & 2) { $message .= $scs_msg; } //Show success message.
 
-	return $error;
+	return $error_code;
 }//end Delete_response() //*****************************************************
 
 
 
-
+ 
 function MCD_Page($action, $page_title, $classes = '') { //*********************
 	//$action = mcd_mov or mcd_cpy or mcd_del
-	global $_, $ICONS, $WEB_ROOT, $ONESCRIPT, $ipath, $param1, $filename, $page, $ACCESS_ROOT, $ACCESS_PATH, $INPUT_NUONCE;
+	global $_,  $WEB_ROOT, $ONESCRIPT, $ipath, $ipath_OS, $param1, $filename, $page,
+			$ICONS, $ACCESS_ROOT, $ACCESS_PATH, $INPUT_NUONCE, $message;
 
 	//Prep for a single file or folder
 	if( $page == "deletefile" || $page == "deletefolder" ){
@@ -2539,14 +2578,14 @@ function MCD_Page($action, $page_title, $classes = '') { //*********************
 		Cancel_Submit_Buttons($page_title);
 			
 		//List selected folders & files
-		$full_list = Sort_Seperate($ipath, $_POST['files']);
+		$full_list = Sort_Seperate($ipath, $_POST['files']); 
 		
 		echo '<table class="verify '.$classes.'">';
 		echo '<tr><th>'.hsc($_['Selected_Files']).':</th></tr>'."\n";
-		
 		foreach($full_list as $file) {
-			if (is_dir($ipath.$file)) { echo '<tr><td>'.$ICONS['folder'].'&nbsp;'.hsc($file).' /</td></tr>'; }
-			else                      { echo '<tr><td>'.hsc($file).'</td></tr>'; }
+			$file_OS = Convert_encoding($file);
+			if (is_dir($ipath_OS.$file_OS)) { echo '<tr><td>'.$ICONS['folder'].'&nbsp;'.hsc($file).' /</td></tr>'; }
+			else                            { echo '<tr><td>'                          .hsc($file).'</td></tr>'; }
 			echo '<input type=hidden  name="files[]" value="'.hsc($file).'">'."\n";
 		}
 		
@@ -2558,24 +2597,31 @@ function MCD_Page($action, $page_title, $classes = '') { //*********************
 
 
 function MCD_response($action, $msg1, $success_msg = '') { //*******************
-	global $_, $ipath, $filename, $EX, $message, $WHSPC_SLASH;
+	global $_, $ipath, $ipath_OS, $EX, $message, $WHSPC_SLASH;
 
-	$files    = $_POST['files']; //List of files to delete (path not included)
-	$count    = count($files);   //Doesn't include any sub-folders & files.
-	$errors   = 0; //number of failed moves, copies, or deletes - not counting recursion.
+	$files      = $_POST['files']; //List of files to delete (path not included)
+	$errors     = 0; //number of failed moves, copies, or deletes
+	$successful = 0;
+	
+	$new_location = "";
+	if (isset($_POST['new_location'])) {
+		$new_location    =                  $_POST['new_location'];
+		$new_location_OS = Convert_encoding($_POST['new_location']);
+	}
 
 	$show_message = 1; //1= show error msg only.
-	if ($count == 1) {$show_message = 3;} //show error or success msg.
 	
-	if ($action == 'rDel') {
-		foreach ($files as $file){
-			if ($file == "") {continue;} //a blank file name would cause $ipath to be deleted.
-			$errors += Delete_response($ipath.$file, $show_message);
-		}
-	}elseif ( ($_POST['new_location'] != "") && !is_dir($_POST['new_location']) ) {
+	if ( ($new_location != "") && !is_dir($new_location_OS)) {
 		$message .= $EX.'<b>'.hsc($msg1.' '.$_['CRM_msg_01']).'</b><br>';
 		$message .= '<span class="filename">'.hsc($_POST['new_location']).'</span><br>';
 		return;
+	}elseif ($action == 'rDel') {
+		foreach ($files as $file){
+			if ($file == "") {continue;} //a blank file name would cause $ipath to be deleted.
+			$error_code = Delete_response($ipath.$file, $show_message);
+			$successful += $error_code;
+			if ($error_code == 0) {$errors++;}
+		}
 	}else { //move or rCopy
 		$mcd_ipath = $ipath; //CRM_response() changes $ipath to $new_location
 		
@@ -2583,15 +2629,15 @@ function MCD_response($action, $msg1, $success_msg = '') { //*******************
 			$_POST['old_full_name'] = $mcd_ipath.$file;
 			$_POST['new_name'] = $file;
 		  //$_POST['new_location'] should already be set by the client ( via MCD_Page() ).
-			$errors  += CRM_response($action, $msg1, $show_message);
+			$error_code = CRM_response($action, $msg1, $show_message);
+			$successful += $error_code;
+			if ($error_code == 0) {$errors++;}
 		}
 	}
 
-	$successful = $count - $errors;
-	
 	if ($errors) {$message .= $EX.' <b>'.$errors.' '.hsc($_['errors']).'.</b><br>';}
 	
-	if ($count > 1) {$message .= '<b>'.$successful.' '.hsc($success_msg).'</b><br>';}
+	$message .= '<b>'.$successful.' '.hsc($success_msg).'</b><br>';
 
 	if ($action != 'rDel') {
 		if ($successful > 0) { //"From:" & "To:" lines if any successes.
@@ -2631,7 +2677,7 @@ function Page_Title(){ //***<title>Page_Title()</title>*************************
 
 
 
-	
+
 function Load_Selected_Page(){ //***********************************************
 	global $_, $ONESCRIPT, $ipath, $filename, $page;
 
@@ -2692,7 +2738,7 @@ function Respond_to_POST() { //*************************************************
 	elseif (isset($_POST['new_file']     )) { New_response('new_file'  , 1);} //1=file
 	elseif (isset($_POST['new_folder']   )) { New_response('new_folder', 0);} //0=folder
 	elseif (isset($_POST['rename_file']  )) { CRM_response('rename', $_['Ren_Move']);}
-	elseif (isset($_POST['copy_file']    )) { CRM_response('rCopy' , $_['Copy']   ); }
+	elseif (isset($_POST['copy_file']    )) { CRM_response('rCopy' , $_['Copy']   );}
 	elseif (isset($_FILES['upload_file']['name']))  { Upload_response(); }
 
 	//If Changed p/w, u/n, or other Admin Page action, make sure to not return to a folder outside of $ACCESS_ROOT.
@@ -2937,7 +2983,7 @@ function Index_Page_scripts() { //**********************************************
 var DIRECTORY_DATA	  = new Array();
 
 var ONESCRIPT	= "<?php echo $ONESCRIPT ?>";
-var PARAM1		= "<?php echo $param1 ?>";  //capitalize in js as it is used as a constant.
+var PARAM1		= "<?php echo $param1 ?>";  //capitalized here as it is used as a constant.
 
 //a few usefull constants for using sort_DIRECTORY()
 var DESCENDING	= 0;
@@ -2948,7 +2994,7 @@ function Index_Page_scripts() { //**********************************************
 //A few flags for using sort_DIRECTORY(). These are not constants.
 var SORT_by		     = '1';   // Sort key (column) from DIRECTORY_DATA[x][key].
 var SORT_order       = true;  // Default to "normal" sort orders (ascending). Set to false for reverse (descending).
-var SORT_folders_1st = true;  // Initially set to false =  did not consider folders during prior sort.
+var SORT_folders_1st = true;  // Initially set to true. false = did not consider folders during prior sort.
 
 
 
@@ -2993,7 +3039,7 @@ function sort_DIRECTORY(col, direction) { //**************************
 	//SORT_by, SORT_order, SORT_folders_1st: values set by prior (or initial) sort.
 
 	//If needed, set default col and/or direction.
-	col = typeof col !== 'undefined' ? col : 1;
+	col       = typeof col       !== 'undefined' ? col       : 1;
 	direction = typeof direction !== 'undefined' ? direction : ASCENDING;
 
 	//If new sort column, sort ascending. (FLIP overides, but is not currently used.)
@@ -3023,8 +3069,6 @@ function sort_DIRECTORY(col, direction) { //**************************
 
 	if (folders_first_checked == true) { Sort_Folders_First(); }
 
-	Build_Directory('DIRECTORY_LISTING'); // Show directory with new sort order.
-
 }//end sort_DIRECTORY() //********************************************
 
 
@@ -3059,7 +3103,7 @@ function Assemble_row(HREF_params, f_or_f, filetype, filename, file_name){
 
 
 
-function Display_Directory_Summary(target) { //***********************
+function Directory_Summary() { //*************************************
 
 	var total_items  = DIRECTORY_DATA.length;
 	var folder_count = 0;
@@ -3080,18 +3124,17 @@ function Display_Directory_Summary(target) { //***********************
 	SUMMARY += total_items - folder_count + ' <?php echo hsc($_['files']) ?>, ';
 	SUMMARY += '&nbsp; ' + format_number(total_bytes) + " <?php echo hsc($_['bytes']) ?></td>";
 
-	document.getElementById(target).innerHTML = SUMMARY;  //DISPLAY DIRECTORY LISTING
+	return SUMMARY;
+
+}//end Directory_Summary() //*****************************************
 
-}//end Display_Directory_Summary() //*********************************
 
 
 
+function Build_Directory() { //***************************************
+	//Build data from DIRECTORY_DATA into a set of <tr>'s
 
-function Build_Directory(target) { //*********************************
-	//Build directory & insert into <tag id=target></tag>. 
-	var TABLE_LIST      = "";
-	var folder_count	=  0; 
-	var directory_bytes	=  0;
+	var DIRECTORY_LIST	= "";
 	var DS              = '';  // ' /' for folders, blank otherwise.
 	var f_or_f          = '';  // 'file' or 'folder'
 
@@ -3108,7 +3151,6 @@ function Build_Directory(target) { //*********************************
 		
 		//folder or file?  And file_size
 		if (filetype == "dir"){
-			folder_count++;
 			DS = ' /';
 			f_or_f = 'folder';
 			HREF_params = ONESCRIPT + PARAM1 + encodeURIComponent(filename);
@@ -3118,23 +3160,32 @@ function Build_Directory(target) { //*********************************
 			f_or_f = 'file';
 			HREF_params = ONESCRIPT + PARAM1 + '&amp;f=' + encodeURIComponent(filename) + '&amp;p=edit';
 			file_size = format_number(filesize) + ' B';
-			directory_bytes += filesize;
 		}
 		
 		file_name  = '<a href="' + HREF_params + '"  title="<?php echo hsc($_['Edit_View']) ?>" >';
 		file_name += ICONS[filetype] + '&nbsp;' + hsc(filename) + DS + '</a>';
 		time_stamp = FileTimeStamp(DIRECTORY_DATA[x][3], 1, 0, 0);
 		
-		TABLE_LIST += Assemble_row(HREF_params, f_or_f, filetype, filename, file_name)
+		DIRECTORY_LIST += Assemble_row(HREF_params, f_or_f, filetype, filename, file_name)
 		
 	}//end for x
 
-	//Display listing in table...
-	document.getElementById(target).innerHTML = TABLE_LIST;
-
-	Display_Directory_Summary('DIRECTORY_FOOTER'); //below table
+	return DIRECTORY_LIST;
 
 } //end Build_Directory() //******************************************
+
+
+
+function Sort_and_Show(col, direction) { //***************************
+
+	sort_DIRECTORY(col, direction); //Sort DIRECTORY_DATA
+
+	document.getElementById('DIRECTORY_LISTING').innerHTML = Build_Directory();
+
+	document.getElementById('DIRECTORY_FOOTER').innerHTML = Directory_Summary();
+
+}//end Sort_and_Show() { //*******************************************
+
 </script>
 <?php
 }//end Index_Page_scripts() //**************************************************
@@ -3427,7 +3478,7 @@ function style_sheet(){ //******************************************************
 /* --- reset --- */
 * { border : 0; outline: 0; margin: 0; padding: 0;
     font-family: inherit; font-weight: inherit; font-style : inherit;
-    font-size  : 100%; vertical-align: baseline; }
+    font-size  : 100%; vertical-align: baseline; outline: none; }
 
 
 /* --- general formatting --- */
@@ -3547,7 +3598,7 @@ function style_sheet(){ //******************************************************
 
 table.index_T tr:hover {border: 1px solid #777; background-color: #EEE}
 
-table.index_T th { border: 1px inset silver; vertical-align: middle; padding-left: 4px; text-align: center;}
+table.index_T th { border: 1px inset silver; vertical-align: middle; padding: 0px ; text-align: center;}
 
 table.index_T td { border: 1px inset silver; vertical-align: middle;}
 
@@ -3555,11 +3606,14 @@ function style_sheet(){ //******************************************************
 
 table.index_T th:hover { background-color: white;}
 
+.index_T th a { padding: 1px 0 1px 0; border-width: 0px;}
+
 .index_T th.file_name   { text-align: left; }
-.index_T th.file_name a { display: inline-block; padding: 0 3em 0 2em;}
-#sort_type { display: inline-block; padding: 0 0em 0 0em;}
+.index_T th.file_name a { display: inline-block; padding: 1px 3em 1px 2em; border-top-width: 0px; border-bottom-width: 0px;}
+#name_header {border-width: 0 1px 0 1px;}
 .index_T th.file_size a { display  : block; }
 .index_T th.file_time a { display  : block; }
+#sort_type {float: right; padding: 1px 5px 1px 4px; border-width: 0px 0 0 1px;}
 
 
 .file_name { min-width: 10em; max-width: 26em; }
@@ -3571,7 +3625,7 @@ function style_sheet(){ //******************************************************
 	text-align    : right;
 	font-family   : courier;
     font-size     : .9em;
-	color         : #333;
+	color         : #222;
 	}
 
 
@@ -3598,24 +3652,34 @@ function style_sheet(){ //******************************************************
 	background-color: #EEE;
 	}
 
-a { border: 1px solid transparent; color: rgb(100,45,0); text-decoration: none; }
+
+/*These must go after .front_links and other style that affect <a> tags*/
+a { border: 1px solid transparent; text-decoration: none; }  /*color: rgb(100,45,0);*/
 a:focus  { border: 1px solid #807568; background-color: rgb(255,250,150); }
 a:hover  { border: 1px solid #807568; background-color: rgb(255,250,150); }
 a:active { border: 1px solid #807568; background-color: rgb(245,245,50);  }
 
+
 /*** Select All [x]  [Move] [Copy] [Delete] ***/
 
-#select_all_th { min-width: 60px ; max-width: 70px; text-align: right; padding:  0 3px 0 0px; } /*TRBL*/
+#select_all_th { min-width: 60px ; max-width: 70px; text-align: right; padding:  0 0px 0 0px; } /*TRBL*/
+
+#select_all {margin: 3px 0 0 0;}  /*checkbox*/
+#folders_first_ckbox {margin: 2px 0 0px 4px;}  /*checkbox*/
 
 #select_all_label { 
-	Xdisplay: inline-block;     /* //##### when select all was above table, not in it*/
 	font   : 400 .84em arial;
-	Xwidth  : 72px;			    /* //##### when select all was above table, not in it*/
-	Xpadding: 2px 0 0 2px;      /* //##### when select all was above table, not in it*/
 	color  : #333;
-	cursor:pointer;
+	cursor : pointer;
+	border-right: solid transparent 1px;
+	Xdisplay: inline-block;     /* //#### when select all was above table, not in it*/
+	Xwidth  : 72px;			    /* //#### when select all was above table, not in it*/
+	padding: 2px 2px 1px 2px;
 	}
 
+#select_all_label:hover  { border: 1px solid #807568; background-color: rgb(255,250,150); }
+#select_all_label:hover  { border-top-width: 0; border-bottom-width: 0; }
+
 #mcd_submit button {
 	height   : 1.55em;
 	cursor   : pointer;
@@ -3809,8 +3873,32 @@ function style_sheet(){ //******************************************************
 .ren_over label {font-weight: normal}
 
 #DIRECTORY_FOOTER td {text-align: center; font-size: .9em; color: #333; }
-#folders_first_label {font-size: .9em; font-weight: normal; color: #333; margin: 0 0 0 0 ;} /*TRBL*/
-#folders_first_label:hover {background-color: rgb(255,250,150); cursor:pointer;}
+
+#folders_first_label {
+	border: solid 1px transparent;
+	font-size: .9em;
+	font-weight: normal;
+	color: #333; margin: 0;
+	padding: 2px 0 1px 0;
+}
+
+#folders_first_label:hover {border: solid 1px #807568; background-color: rgb(255,250,150); cursor:pointer;}
+#folders_first_label:focus {border: solid 1px #807568; background-color: rgb(255,250,150);}
+
+#path_header { background-color:white; border: solid 1px #807568; padding: 0; font-weight: normal; }
+
+#path_header a {
+	outline: none;
+	border: none;
+	border-left : solid 1px transparent;
+	border-right: solid 1px transparent;
+	display: inline-block;
+	padding: 1px 5px 0 5px;
+}
+
+#path_header a:hover{ border-left : solid 1px #807568; border-right: solid 1px #807568; background-color: rgb(255,250,150); }
+#path_header a:focus{ border-left : solid 1px #807568; border-right: solid 1px #807568; background-color: rgb(255,250,150); }
+
 </style>
 <?php
 }//end style_sheet() //*********************************************************
@@ -3843,7 +3931,7 @@ function Language_and_config_adjusted_styles() { //*****************************
 	}
 	
 #select_all_label { font-size: <?php echo $_['select_all_label_size']?>; } /*Default .84em */
-#select_all_label { width: <?php echo $_['select_all_label_width']?>; }    /*Default 72px  */
+#select_all_label { width: <?php echo $_['select_all_label_width']?>; }    /*Default 72px  As of 3.4.23 Not currently used.*/
 </style>
 <?php
 }//end Language_and_config_adjusted_styles() //*********************************
@@ -3852,12 +3940,12 @@ function Language_and_config_adjusted_styles() { //*****************************
 
 
 function Load_style_sheet(){ //*************************************************
-	global $CSS_FILE;
+	global $CSS_FILE, $message;
 
 	style_sheet(); //first load built-in defaults
 
 	if ( isset($CSS_FILE) ) { //Check for external file
-		echo '<link rel="stylesheet" type="text/css" href="'.$CSS_FILE.'">';
+		echo '<link rel="stylesheet" type="text/css" href="'.URLencode_path($CSS_FILE).'">';
 	}
 
 	Language_and_config_adjusted_styles();
@@ -3901,18 +3989,17 @@ function Load_style_sheet(){ //*************************************************
 
 	if ($page == "phpinfo") { phpinfo(); die; }
 
-	Validate_params();
-
 	Valid_Path($ipath, true);
 
 	//$ACCESS_ROOT.$ACCESS_PATH == $ipath
-	//$ipath_enc = mb_detect_encoding($ipath);
 	$ipath_len = mb_strlen($ipath);
 	$ACCESS_PATH = '';
 	if (($ACCESS_ROOT_len < $ipath_len)) {
 		$ACCESS_PATH = trim(mb_substr($ipath, $ACCESS_ROOT_len), ' /').'/';
 	}
 
+	Validate_params();
+
 	Init_Macros(); //Needs to be after Get_Get()/Validate_params()/Valid_Path()
 
 	Respond_to_POST();
@@ -3982,6 +4069,6 @@ function Load_style_sheet(){ //*************************************************
 echo '</div>'; //end container/login_page
 echo '</body></html>';
 
-if ( ($page == "edit") && $WYSIWYG_VALID && ($EDIT_MODE == 1) ) { include($WYSIWYG_PLUGIN); }
+if ( ($page == "edit") && $WYSIWYG_VALID && ($EDIT_MODE == 1) ) { include($WYSIWYG_PLUGIN_OS); }
 
 //END OF FILE ##################################################################
\ No newline at end of file
diff --git a/readme.markdown b/readme.markdown
index 3d22282..9e32b78 100755
--- a/readme.markdown
+++ b/readme.markdown
@@ -1,4 +1,4 @@
-(OnefileCMS updated: 2014-02-22)
+(OnefileCMS updated: 2014-03-06)
 # OneFileCMS
 
 ## Yes, that's exactly what it is!
@@ -97,11 +97,12 @@ OneFileCMS can be configured to work with [TinyMCE](http://tinymce.moxiecode.com
 - PHP 5.1+
   (Only tested on versions 5.2.8, 5.2.17, 5.3.3, and 5.4 + )
 - File permission privileges on your host.
-- Javascript enabled browswer.
+- A Javascript enabled browswer.
+- Most modern browsers probably work, but I only test on Firefox and Chrome. IE8 is currently a no go, as of v3.4.23. Maybe IE10 also, I don't know...
+(But, a fix is in the works - it just may be a short while...)
 - And- but only if you wish to see the icons- a browser that supports inline SVG.  
   (If your browser doesn't support inline SVG, OneFileCMS will still work, just without any icons.)
-
-- And currently, as of version 3.4.23, OneFileCMS does not work in IE.  
+- And currently, as of version 3.4.23, OneFileCMS does not work in IE8 or earlier. I have not yet tried IE9 (as of 2014-02-22).
   Versions thru 3.4.22 should work with IE. [v3.4.22 is available here](http://self-evident.github.com/OneFileCMS/onefilecms_3.4.22.zip)
 
 ## License, Credit, Et Cetera  
@@ -118,6 +119,9 @@ OneFileCMS can be configured to work with [TinyMCE](http://tinymce.moxiecode.com
 ##Needed/potential improvements
 
 - Figure out why it doesn't work in IE.  It's probably javascript related, as a bit of js was added recently for client side sorting.
+
+	Update (2/23): it seems the issue is IE doesn't support changing the innerHTML of some tags.  OneFile builds the directory in javascript, then displays it by changing the innerHTML of a <tbody> tag of an existing <table>.  And, since the alternative/fix/workaround would be a whole bunch more work, IE is currently not supported.  
+
 - It's probably existed for a while, but I just noticed (v3.4.23) that, on some systems - such as Windows, OneFileCMS doesn't like non-ascii characters in file names.  A solution is in the works, but it's not quite ready for prime time...
 - With Chrome, and possibly Safari, issue with Edit page: Clicking browser [back] & then browser [forward],  with file changed and not saved. On return (after [forward] clicked), file still has changes, but indicators are green (saved/unchanged). Does not affect FF 7+ or IE 8+.
 - Issue with Chrome's XSS filter: Editing some legitimate files with OneFileCMS will trigger the filter and disable much of the javascript provided functionallity, but only while on the edit page with such a file, and only after a [Save].

From eb4a7bb44f6ad137e2e00362131c0043e0070f1e Mon Sep 17 00:00:00 2001
From: Self-Evident <selfevidenttruths@mail.com>
Date: Thu, 6 Mar 2014 14:01:01 -0500
Subject: [PATCH 179/228] Version  3.5.02 Updated readme

---
 readme.markdown | 10 +++-------
 1 file changed, 3 insertions(+), 7 deletions(-)

diff --git a/readme.markdown b/readme.markdown
index 9e32b78..25e4b2d 100755
--- a/readme.markdown
+++ b/readme.markdown
@@ -102,8 +102,8 @@ OneFileCMS can be configured to work with [TinyMCE](http://tinymce.moxiecode.com
 (But, a fix is in the works - it just may be a short while...)
 - And- but only if you wish to see the icons- a browser that supports inline SVG.  
   (If your browser doesn't support inline SVG, OneFileCMS will still work, just without any icons.)
-- And currently, as of version 3.4.23, OneFileCMS does not work in IE8 or earlier. I have not yet tried IE9 (as of 2014-02-22).
-  Versions thru 3.4.22 should work with IE. [v3.4.22 is available here](http://self-evident.github.com/OneFileCMS/onefilecms_3.4.22.zip)
+- And currently, as of version 3.4.23, OneFileCMS does not work in IE8 or earlier. I have not yet tried IE9 or later (as of 2014-02-22).  
+  [v3.4.22 is available here](http://self-evident.github.com/OneFileCMS/onefilecms_3.4.22.zip)
 
 ## License, Credit, Et Cetera  
 
@@ -118,11 +118,7 @@ OneFileCMS can be configured to work with [TinyMCE](http://tinymce.moxiecode.com
 
 ##Needed/potential improvements
 
-- Figure out why it doesn't work in IE.  It's probably javascript related, as a bit of js was added recently for client side sorting.
-
-	Update (2/23): it seems the issue is IE doesn't support changing the innerHTML of some tags.  OneFile builds the directory in javascript, then displays it by changing the innerHTML of a <tbody> tag of an existing <table>.  And, since the alternative/fix/workaround would be a whole bunch more work, IE is currently not supported.  
-
-- It's probably existed for a while, but I just noticed (v3.4.23) that, on some systems - such as Windows, OneFileCMS doesn't like non-ascii characters in file names.  A solution is in the works, but it's not quite ready for prime time...
+- As of v3.4.23, doesn't work in IE.  It seems IE doesn't support changing the innerHTML of some tags.  OneFile builds the directory in javascript, then displays it by changing the innerHTML of a &lt;tbody> tag of an existing &lt;table>.  And, since the alternative/fix/workaround would be a whole bunch more work, IE is currently not supported.  
 - With Chrome, and possibly Safari, issue with Edit page: Clicking browser [back] & then browser [forward],  with file changed and not saved. On return (after [forward] clicked), file still has changes, but indicators are green (saved/unchanged). Does not affect FF 7+ or IE 8+.
 - Issue with Chrome's XSS filter: Editing some legitimate files with OneFileCMS will trigger the filter and disable much of the javascript provided functionallity, but only while on the edit page with such a file, and only after a [Save].
 - The connection is not encrypted (doesn't use SSL), so passwords & usernames are sent in clear text* during login.  However, this is true of most online login systems, unless SSL or the like is employed.  

From 1ca2639c346cc288c2c2f302d53ad5baeb44c33e Mon Sep 17 00:00:00 2001
From: Self-Evident <selfevidenttruths@mail.com>
Date: Thu, 6 Mar 2014 15:20:00 -0500
Subject: [PATCH 180/228] Version 3.5.03 Minor update: Get_DIRECTORY_DATA()
 needed to set $filename if already in UTF-8.

---
 info/changelog.markdown | 4 ++++
 onefilecms.php          | 5 +++--
 readme.markdown         | 4 ++--
 3 files changed, 9 insertions(+), 4 deletions(-)

diff --git a/info/changelog.markdown b/info/changelog.markdown
index b5b76a3..62c85d9 100755
--- a/info/changelog.markdown
+++ b/info/changelog.markdown
@@ -1,5 +1,9 @@
 # OneFileCMS Change Log
 
+### v3.5.03 (March 6, 2014)
+
+- Minor update to Get\_DIRECTORY\_DATA(). Didn't seem to affect all php versions.
+
 ### v3.5.02 (March 6, 2014)
 
 - OneFileCMS can now work with non-ASCII filenames.
diff --git a/onefilecms.php b/onefilecms.php
index e176a14..cd5457a 100755
--- a/onefilecms.php
+++ b/onefilecms.php
@@ -1,7 +1,7 @@
 <?php mb_internal_encoding('utf-8');
 // OneFileCMS - github.com/Self-Evident/OneFileCMS
 
-$OFCMS_version = '3.5.02';
+$OFCMS_version = '3.5.03';
 
 /*******************************************************************************
 Except where noted otherwise:
@@ -1813,7 +1813,8 @@ function Get_DIRECTORY_DATA() { //**********************************************
 		$filename_OS = $ipath_OS.$raw_filename; //for is_dir() & file_exists() below
 		
 		//Normalize filename encoding for general use & display. (UTF-8, which may not be same as the server's File System)
-		if ($ENC_OS != 'UTF-8') {$filename = Convert_encoding($raw_filename,'UTF-8');}
+		if ($ENC_OS == 'UTF-8') {$filename = $raw_filename;}
+		else                    {$filename = Convert_encoding($raw_filename,'UTF-8');}
 		
 		//Get file .ext & check against $stypes (files types to show)
 		$filename_parts = explode(".", mb_strtolower($filename));
diff --git a/readme.markdown b/readme.markdown
index 25e4b2d..b491133 100755
--- a/readme.markdown
+++ b/readme.markdown
@@ -1,4 +1,4 @@
-(OnefileCMS updated: 2014-03-06)
+(OnefileCMS updated: 2014-03-06) 
 # OneFileCMS
 
 ## Yes, that's exactly what it is!
@@ -40,7 +40,7 @@ Coupling a utilitarian code editor with basic upload and file managing functions
   
 3) **Log in** !
 
-The default login info is "username" and "password".  Of course, you'll want to change the password... and probably the username...
+The default login info is "username" and "password".  Of course, you'll want to change those...
 
 As with any CMS, you may also have to modify the file permissions of your site's folders to allow OneFileCMS to modify and create files.  Check with your host if you're not sure, and be aware of any inherent security concerns.  
 

From 649ffbf1988ccb53727be524250725d39f1e7d28 Mon Sep 17 00:00:00 2001
From: Self-Evident <selfevidenttruths@mail.com>
Date: Sat, 8 Mar 2014 18:45:00 -0500
Subject: [PATCH 181/228] Version 3.5.04 Moved php version check into
 System_Setup() Moved three functions from before, to after,
 Default_Langauge():  validate_units(), hsc(), Convert_encoding()
 Current_Path_Header() tweaks: removed focus & tweaked css. added hsc()...
 Index_age_button_top(): To preserve spacing, echo <div id=mcd_submit> &
 </div>   even if $file_count == 0 Edit_Page_Form(): uncommented an <input>
 commented out in 3.5.02. CRM_Page() & MCD_Page(): removed <input
 name=base_location value=$ACCESS_ROOT> Respond_to_POST(): replaced
 $POST["base_location"] directly with $ACCESS_ROOT Moved the js functions
 Select_All() & Confirm_Submit()    from common_scripts() to
 Index_Page_scripts() In hs function Build_Directory():     Added filename to
 "tool tip" of file names in directory listing Some CSS shuffling & tweaks.

---
 extras/OneFileCMS.config.SAMPLE.php |   4 +-
 extras/OneFileCMS.css               | 192 ++++++------
 info/OneFileCMS_structure.txt       |  13 +-
 info/changelog.markdown             |  24 +-
 onefilecms.php                      | 440 ++++++++++++++--------------
 readme.markdown                     |   4 +-
 6 files changed, 345 insertions(+), 332 deletions(-)

diff --git a/extras/OneFileCMS.config.SAMPLE.php b/extras/OneFileCMS.config.SAMPLE.php
index 1d06717..60b1d60 100755
--- a/extras/OneFileCMS.config.SAMPLE.php
+++ b/extras/OneFileCMS.config.SAMPLE.php
@@ -1,6 +1,6 @@
 <?php 
 // OneFileCMS - github.com/Self-Evident/OneFileCMS
-// v3.5.02+
+// v3.5.04+
 // Sample external config file - this file is OPTIONAL.
 //
 // Basically, what follows is just a copy & paste of the OneFileCMS CONFIGURABLE INFO section.
@@ -10,7 +10,7 @@
 $config_title = "OneFileCMS";
 
 $USERNAME = "username";
-$HASHWORD = "cff29a3b595b427ef8d01c089d368c7706a8c68ecc75d566642e313ee97ff659";
+$HASHWORD = "18350bc2181858e679605434735b1c2db6e7e4bb72b50a6d93d9ad1362f3e1c2";
 //$HASHWORD = "18350bc2181858e679605434735b1c2db6e7e4bb72b50a6d93d9ad1362f3e1c2"; //"password" with $PRE_ITERATIONS = 1000
 $SALT     = 'somerandomsalt';
 
diff --git a/extras/OneFileCMS.css b/extras/OneFileCMS.css
index 3dc4277..5dc84b3 100755
--- a/extras/OneFileCMS.css
+++ b/extras/OneFileCMS.css
@@ -1,5 +1,5 @@
 /*******************************************************************************
-Sample, OPTIONAL, external style sheet for OneFileCMS.  version 3.5.02+
+Sample, OPTIONAL, external style sheet for OneFileCMS.  version 3.5.04+
 *******************************************************************************/
 
 /* --- reset --- */
@@ -10,7 +10,9 @@ Sample, OPTIONAL, external style sheet for OneFileCMS.  version 3.5.02+
 
 /* --- general formatting --- */
 
-body { font-size: 1em; background: #E8E8E8; font-family: sans-serif; }
+html { background: linear-gradient(170deg, white, rgb(50, 120,190)); background-attachment: fixed;}
+
+body { height: 100%; font-size: 1em; font-family: sans-serif; } 
 
 p, table, ol { margin-bottom: .6em;}
 
@@ -29,16 +31,11 @@ th,td { text-align:left; font-weight:400; }
 
 label { font-size : 1em; font-weight: bold; }
 
-pre {
-	background: white;
-	border    : 1px solid #807568;
-	padding   : .2em;
-	margin    : 0;
-	}
+pre { background: white; border: 1px solid #777; padding: .2em; margin: 0; }
 
-input[type="text"]     { width: 100%; border: 1px solid #807568; padding: 1px 1px 1px 0; font : 1em Courier; }
-input[type="password"] { width: 100%; border: 1px solid #807568; padding: 0   1px 0   0; }
-input[type="file"]     { width: 100%; border: 1px solid #807568; background-color: white; }
+input[type="text"]     { width: 100%; border: 1px solid #777; padding: 1px 1px 1px 0; font : 1em Courier; }
+input[type="password"] { width: 100%; border: 1px solid #777; padding: 0   1px 0   0; }
+input[type="file"]     { width: 100%; border: 1px solid #777; background-color: white; }
 
 input[readonly]        { color: #333; background-color: #EEE; }
 input[disabled]        { color: #555; background-color: #EEE; }
@@ -53,16 +50,16 @@ button:active { background-color: rgb(245,245,50);  }
 /* --- layout --- */
 
 .container {
-	border : 0px solid #807568;
+	border : 0px solid #777;
 	width  : 810px;     /*Adjusted by $MAIN_WIDTH config variable*/
 	margin : 0 auto 2em auto;
 	}
 
 
 #header {
-	border-bottom : 1px solid #807568;
+	border-bottom : 1px solid #777;
 	padding: 04px 0px 01px 0px;
-	margin : 0 0 .5em 0;
+	margin : 0 0 0 0;
 	}
 
 
@@ -76,7 +73,7 @@ button:active { background-color: rgb(245,245,50);  }
 
 
 .h2_filename {
-	border: 1px solid #807568;
+	border: 1px solid #777;
 	padding: .1em .2em .1em .2em;
 	font-weight: 700;
 	font-family: courier;
@@ -84,7 +81,7 @@ button:active { background-color: rgb(245,245,50);  }
 	}
 
 
-#message_box { border: none; margin: 0 0 .4em 0; padding: 0; }
+#message_box { border: none; margin: .5em 0 0 0; padding: 0; }
 
 #message_box_contents { border: 1px solid gray; padding: 4px; background: #FFF000; }
 
@@ -113,57 +110,85 @@ button:active { background-color: rgb(245,245,50);  }
 
 .filename { font-family: courier; }
 
-/* --- INDEX directory listing, table format --- */
+
+/* ------ INDEX Page ------ */
+
+#index_page_buttons     { margin: 0 0 0 0; }
+#index_page_buttons div { display: inline-block; vertical-align: bottom; }
+
+
+/*** Select All [x] ***/
+#select_all_th { min-width: 60px ; max-width: 70px; text-align: right; padding:  0 0 0 0; } /*TRBL*/
+#select_all {margin: 3px 0 0 0;}  /*checkbox*/
+#select_all_label { 
+	font   : 400 .84em arial;
+	color  : #333;
+	cursor : pointer;
+	border-right: solid transparent 1px;
+	Xdisplay: inline-block;     /* //#### when select all was above table, not in it*/
+	Xwidth  : 72px;			    /* //#### when select all was above table, not in it*/
+	padding: 3px 2px 2px 2px;
+	}
+
+#select_all_label:hover  { border-left: 1px solid #777; background-color: rgb(255,250,150); }
+#select_all_label:hover  { border-top-width: 0; border-bottom-width: 0; }
+
+
+/*** Directory list file select boxes ***/
+.ckbox {padding: 2px 4px 0 4px}
+.ckbox:focus { background-color: rgb(255,250,150); }
+.ckbox:hover { background-color: rgb(255,250,150); }
+
+
+/*** [x] Folders First ***/
+#folders_first_ckbox {margin: 3px 0 0px 4px;}
+#folders_first_label {
+	border: solid 1px transparent;
+	font-size: .9em;
+	font-weight: normal;
+	color: #333; margin: 0;
+	padding: 3px 0 2px 0;
+}
+
+#folders_first_label:hover {border: solid 1px #777; background-color: rgb(255,250,150); cursor:pointer;}
+#folders_first_label:focus {border: solid 1px #777; background-color: rgb(255,250,150);}
+
+
+/* --- Directory Listing --- */
+
 table.index_T {
 	min-width: 30em;
 	font-size: .95em;
-	border         : 1px solid #807568;
+	border         : 1px solid #777;
 	border-collapse: collapse;
-	margin-bottom: .7em;
+	margin: .5em 0 0 0;
 	background-color: #FFF;
 	}
 
 table.index_T tr:hover {border: 1px solid #777; background-color: #EEE}
-
-table.index_T th { border: 1px inset silver; vertical-align: middle; padding: 0px ; text-align: center;}
-
+table.index_T th { border: 1px inset silver; vertical-align: middle; text-align: center; padding: 0 ;}
 table.index_T td { border: 1px inset silver; vertical-align: middle;}
-
-.index_T td a {	display: block; border: none; padding: 2px 4px 2px 4px; overflow : hidden; }
-
 table.index_T th:hover { background-color: white;}
 
+.index_T td a {	display: block; border: none; padding: 2px 4px 2px 4px; overflow : hidden; }
 .index_T th a { padding: 1px 0 1px 0; border-width: 0px;}
 
 .index_T th.file_name   { text-align: left; }
-.index_T th.file_name a { display: inline-block; padding: 1px 3em 1px 2em; border-top-width: 0px; border-bottom-width: 0px;}
+.index_T th.file_name a { display: inline-block; padding: 2px 3em 2px 2em; border-top-width: 0px; border-bottom-width: 0px;}
 #name_header {border-width: 0 1px 0 1px;}
-.index_T th.file_size a { display  : block; }
-.index_T th.file_time a { display  : block; }
-#sort_type {float: right; padding: 1px 5px 1px 4px; border-width: 0px 0 0 1px;}
+.index_T th.file_size a { display  : block; padding: 2px 0 2px 0; }
+.index_T th.file_time a { display  : block; padding: 2px 0 2px 0; }
+#sort_type {float: right; padding: 1px 5px 3px 4px; border-width: 0px 0 0 1px;}
 
 
 .file_name { min-width: 10em; max-width: 26em; }
 .file_size { min-width:  6em; padding-left: 10px; }
 .file_time { min-width: 10em; padding-left: 10px; }
 
-.meta_T {
-	padding-right : 4px;
-	text-align    : right;
-	font-family   : courier;
-    font-size     : .9em;
-	color         : #222;
-	}
+.meta_T { padding-right: 4px; text-align: right; font-family: courier; font-size: .9em; color: #222; }
 
+#DIRECTORY_FOOTER td {text-align: center; font-size: .9em; color: #333; padding: 3px 0 0 0; }
 
-/*Index table file select boxes*/
-.ckbox {padding: 2px 4px 0 4px}
-.ckbox:focus { background-color: rgb(255,250,150); }
-.ckbox:hover { background-color: rgb(255,250,150); }
-
-
-#index_page_buttons     { margin: 0 0 .5em 0; }
-#index_page_buttons div { display: inline-block; vertical-align: bottom; }
 
 
 /*** front_links:  [New File] [New Folder] [Upload File] ***/
@@ -172,7 +197,7 @@ table.index_T th:hover { background-color: white;}
 .front_links a {
 	display: inline-block;
 	margin-top  : .2em;
-	border      : 1px solid #807568;
+	border      : 1px solid #777;
 	font-size   : 1em;  /*Adjusted by langauge files*/
 	margin-left : 1em;  /*Adjusted by langauge files*/
 	padding     : 3px 5px 2px 4px; /*TRBL*/
@@ -182,35 +207,20 @@ table.index_T th:hover { background-color: white;}
 
 /*These must go after .front_links and other style that affect <a> tags*/
 a { border: 1px solid transparent; text-decoration: none; }  /*color: rgb(100,45,0);*/
-a:focus  { border: 1px solid #807568; background-color: rgb(255,250,150); }
-a:hover  { border: 1px solid #807568; background-color: rgb(255,250,150); }
-a:active { border: 1px solid #807568; background-color: rgb(245,245,50);  }
+a:focus  { border: 1px solid #777; background-color: rgb(255,250,150); }
+a:hover  { border: 1px solid #777; background-color: rgb(255,250,150); }
+a:active { border: 1px solid #777; background-color: rgb(245,245,50);  }
 
 
-/*** Select All [x]  [Move] [Copy] [Delete] ***/
 
-#select_all_th { min-width: 60px ; max-width: 70px; text-align: right; padding:  0 0px 0 0px; } /*TRBL*/
-
-#select_all {margin: 3px 0 0 0;}  /*checkbox*/
-#folders_first_ckbox {margin: 2px 0 0px 4px;}  /*checkbox*/
-
-#select_all_label { 
-	font   : 400 .84em arial;
-	color  : #333;
-	cursor : pointer;
-	border-right: solid transparent 1px;
-	Xdisplay: inline-block;     /* //#### when select all was above table, not in it*/
-	Xwidth  : 72px;			    /* //#### when select all was above table, not in it*/
-	padding: 2px 2px 1px 2px;
-	}
+/*** [Move] [Copy] [Delete] ***/
 
-#select_all_label:hover  { border: 1px solid #807568; background-color: rgb(255,250,150); }
-#select_all_label:hover  { border-top-width: 0; border-bottom-width: 0; }
+#mcd_submit { margin: 0; height: 1.8em; }
 
 #mcd_submit button {
 	height   : 1.55em;
 	cursor   : pointer;
-	border   : 1px solid #807568;
+	border   : 1px solid #777;
 	padding  : 0px 4px 0px 3px; /*TRBL*/
 	margin-top  :  .5em;  /* Helps align bottoms with New & Upload buttons */
 	margin-left : 0.0em;  /* no longer needs adjusted by langauge files */
@@ -229,7 +239,7 @@ a:active { border: 1px solid #807568; background-color: rgb(245,245,50);  }
 
 .button {
 	cursor : pointer;
-	border : 1px solid #807568;
+	border : 1px solid #777;
 	color  : black;
 	padding    : 4px 10px; /*Adjusted by langauge files*/
 	font-size  : .9em;     /*Adjusted by langauge files*/
@@ -245,19 +255,19 @@ a:active { border: 1px solid #807568; background-color: rgb(245,245,50);  }
 
 .nav   { float: right; display: inline-block; margin-top: 1.35em; font-size : 1em; }
 .nav a { border: 1px solid transparent; font-weight: bold; padding: .2em .6em .1em .6em; }
-.nav a:hover  { border: 1px solid #807568; }
-.nav a:focus  { border: 1px solid #807568; }
-.nav a:active { border: 1px solid #807568; }
+.nav a:hover  { border: 1px solid #777; }
+.nav a:focus  { border: 1px solid #777; }
+.nav a:active { border: 1px solid #777; }
 
 
 /* --- edit --- */
 
-#edit_header  {margin: 0;}
+#edit_header  {margin: .5em 0 0 0;}
 
 #edit_form    {margin: 0;}
 
 .edit_disabled {
-	border : 1px solid #807568;
+	border : 1px solid #777;
 	width  : 99%;
 	padding: .2em;
 	margin : .5em 0 .6em 0;
@@ -280,7 +290,7 @@ a:active { border: 1px solid #807568; background-color: rgb(245,245,50);  }
 
 .file_meta	{ float: left; margin-top: .6em; font-size: .95em; color: #222; }
 
-#edit_notes { font-size: .8em; color: #333 ;margin-top: 1em; clear:both; }
+#edit_notes { font-size: .8em; color: #222 ;margin-top: 1em; clear:both; }
 
 .notes      { margin-bottom: .4em; }
 
@@ -288,7 +298,7 @@ a:active { border: 1px solid #807568; background-color: rgb(245,245,50);  }
 /* --- log in --- */
 
 .login_page {
-	border  : 1px solid #807568;
+	border  : 1px solid #777;
 	width   : 370px;
 	margin  : 5em auto;
 	padding : .5em 1.2em .1em 1em;
@@ -309,7 +319,7 @@ hr { /*-- -- -- -- -- -- --*/
 	width   : 100%;
 	clear   : both;
 	border  : none;
-	border-top   : 1px solid #807568;
+	border-top   : 1px solid #777;
 	Xborder-bottom: 1px solid #eee;
 	overflow: visible;
 	}
@@ -349,13 +359,13 @@ hr { /*-- -- -- -- -- -- --*/
 .verify_del td { border: 1px solid #F44; }
 
 
-#admin {padding: .3em;}
+#admin {padding: 3px 5px;}
 
 .admin_buttons .button {margin-right: .5em;}
 
 .clear {clear:both; padding: 0; margin: 0; border: none}
 
-.web_root { border: 0px solid  #807568; border-right: none; font: 1em Courier; padding: 1px; }
+.web_root { border: 0px solid  #777; border-right: none; font: 1em Courier; padding: 1px; }
 
 .icon {float: left;}
 
@@ -365,9 +375,9 @@ hr { /*-- -- -- -- -- -- --*/
 
 .path {padding: 1px 5px 1px 5px} /*TRBL*/
 
-.timer {border: 1px solid gray; padding: 3px .5em 4px .5em;}
+.timer {border: 1px solid #eee; padding: 3px .5em 4px .5em;}
 
-.timeout {float:right; font-size: .95em; color: #333;}
+.timeout {float:right; font-size: .95em; color: #111;}
 
 .edit_btns_top {margin: .2em 0 .5em 0;}
 
@@ -399,21 +409,15 @@ input[type="text"].new_name {width  : 50%; margin-bottom: .2em;}
 .ren_over input {margin: 0 0 0 2em}
 .ren_over label {font-weight: normal}
 
-#DIRECTORY_FOOTER td {text-align: center; font-size: .9em; color: #333; }
-
-#folders_first_label {
-	border: solid 1px transparent;
-	font-size: .9em;
+#path_header{
+	display: inline-block;
+	background-color:white;
+	border: solid 1px #777;
 	font-weight: normal;
-	color: #333; margin: 0;
-	padding: 2px 0 1px 0;
+	padding: 0 .5em 0 0;
+	margin: .5em 0 0 0;
 }
 
-#folders_first_label:hover {border: solid 1px #807568; background-color: rgb(255,250,150); cursor:pointer;}
-#folders_first_label:focus {border: solid 1px #807568; background-color: rgb(255,250,150);}
-
-#path_header { background-color:white; border: solid 1px #807568; padding: 0; font-weight: normal; }
-
 #path_header a {
 	outline: none;
 	border: none;
@@ -423,5 +427,7 @@ input[type="text"].new_name {width  : 50%; margin-bottom: .2em;}
 	padding: 1px 5px 0 5px;
 }
 
-#path_header a:hover{ border-left : solid 1px #807568; border-right: solid 1px #807568; background-color: rgb(255,250,150); }
-#path_header a:focus{ border-left : solid 1px #807568; border-right: solid 1px #807568; background-color: rgb(255,250,150); }
+#path_header a:hover  { border-left : solid 1px #777; border-right: solid 1px #777; background-color: rgb(255,250,150); }
+#path_header a:focus  { border-left : solid 1px #777; border-right: solid 1px #777; background-color: rgb(255,250,150); }
+#path_header a:active { border-left : solid 1px #777; border-right: solid 1px #777; background-color: rgb(255,250,150); }
+
diff --git a/info/OneFileCMS_structure.txt b/info/OneFileCMS_structure.txt
index 9dd4f6b..8b85bcf 100755
--- a/info/OneFileCMS_structure.txt
+++ b/info/OneFileCMS_structure.txt
@@ -1,4 +1,4 @@
-OneFileCMS Version 3.5.02 structure/layout
+OneFileCMS Version 3.5.04 structure/layout
 
 LICENSE
 
@@ -8,10 +8,10 @@ CONFIGURATION SECTION
 
 MISC FUNCTIONS:
 	System_setup()
+	Default_Language()
 	validate_units()
 	hsc()
 	Convert_encoding()
-	Default_Language()
 	Session_Startup()
 	Verify_IDLE_POST_etc()
 	hashit()
@@ -28,7 +28,7 @@ MISC FUNCTIONS:
 	dir_name()
 	Check_path()
 	Sort_Seperate()
-	ordinalize()
+	add_serial_num()
 	supports_svg()
 	rCopy()
 	rDel()
@@ -95,8 +95,6 @@ JAVASCRIPT FUNCTIONS:
 		Countdown()
 		Start_Countdown()
 		FileTimeStamp()
-		Select_All()
-		Confirm_Submit()
 	Index_Page_scripts()
 		Sort_FOlder_First()
 		sort_DIRECTORY()
@@ -104,6 +102,8 @@ JAVASCRIPT FUNCTIONS:
 		Directory_Summary()
 		Build_Directory
 		Sort_and_Show()
+		Select_All()
+		Confirm_Submit()
 	Edit_Page_scripts()
 		Wide_View()
 		Reset_file_status_indicators()
@@ -126,12 +126,11 @@ STYLESHEET FUNCTIONS:
 LOGIC TO DETERMINE PAGE ACTION
 	Load Default_Language()
 	System_setup()
-	Verify PHP version
 	Session_Startup()
 	Init_Icons()
 	Get_GET()
-	Validate_params()
 	Valid_Path()
+	Validate_params()
 	Init_Macros()
 	Respond_to_POST()
 	Verify_page_conditions()
diff --git a/info/changelog.markdown b/info/changelog.markdown
index 62c85d9..05d43ff 100755
--- a/info/changelog.markdown
+++ b/info/changelog.markdown
@@ -1,10 +1,16 @@
 # OneFileCMS Change Log
 
-### v3.5.03 (March 6, 2014)
+### v3.5.04 (2014-03-08)
+
+- Fixed "minor" bug - editor not saving changes (introduced in 3.5.02, but just noticed)
+- Some general code improvements & shuffling
+- Some CSS shuffling & tweaks.
+
+### v3.5.03 (2014-03-06)
 
 - Minor update to Get\_DIRECTORY\_DATA(). Didn't seem to affect all php versions.
 
-### v3.5.02 (March 6, 2014)
+### v3.5.02 (2014-03-06)
 
 - OneFileCMS can now work with non-ASCII filenames.
 - (But, OneFileCMS itself can not be named with non-ASCII characters. I don't know why.)
@@ -12,7 +18,7 @@
   (However, OneFileCMS does not currenly work in IE, so it's kinda academic for now.)
 - Some css tweaks & improvements.
 
-### v3.5.01 (February 22, 2014)
+### v3.5.01 (2014-02-22)
 
 - Mostly behind the scenes stuff...
 - Replaced use of htmlentities() with htmlspecialchars().  With UTF-8, htmlentites() is superfluous.
@@ -21,7 +27,7 @@
 - Split out a new function, Send\_data\_to\_js(), from Index\_Page().
 - Also, in prep for an upcoming update, tagged several places (with //##### ) where file system calls are made. The $filename strings used in the calls may need to be encoded with something other than UTF-8, depending on the underlying OS's filesystem. (such as NTFS, which uses UTF-16)
 
-### v3.5 (February 19, 2014)
+### v3.5 (2014-02-19)
 
 - The directory list can now be sorted by column: name, .ext, size, date.
 - Also has an option to list folders first, or to sort without regard to file or folder.
@@ -30,16 +36,16 @@
 - Slight restructure of the repo (ie: move a few "extras" files around).
 - NOTE:  versions 3.4.23 and later DO NOT WORK IN IE!  I don't know why yet, mostly likely js related.
 
-### v3.4.23 (February 12, 2014)
+### v3.4.23 (2014-02-12)
 
 - More changes in prep for sort by column
 - Directory list is now built & displayed client side via javascript.
 
-### v3.4.22 (February 10, 2014)
+### v3.4.22 (2014-02-10)
 
 - Mostly some changes to prep for sort by column (name, size, or date) feature.
 
-### v3.4.21 (February 8, 2014)
+### v3.4.21 (2014-02-08)
 
 - Added back the option for external style sheets
 - Cooresponding updates to sample external config file.
@@ -48,11 +54,11 @@
 - Tweaked a couple css defaults
 
 
-### (January 19, 2013)
+### (2013-01-19)
 
 - Just some minor updates/wording changes to the readme & plugin/*.init files.
 
-### v3.4.20 (December 19, 2012)
+### v3.4.20 (2012-12-19)
 
 - The $ACCESS_ROOT option has been reimplemented and is now fully functional\*.  This option limits access to a specified folder (and it's sub-folders).  To use, just specify a valid path relative to the root of the website (no leading slash).  
 (*Well, as best as I can tell...)
diff --git a/onefilecms.php b/onefilecms.php
index cd5457a..2d6f833 100755
--- a/onefilecms.php
+++ b/onefilecms.php
@@ -1,7 +1,7 @@
 <?php mb_internal_encoding('utf-8');
 // OneFileCMS - github.com/Self-Evident/OneFileCMS
 
-$OFCMS_version = '3.5.03';
+$OFCMS_version = '3.5.04';
 
 /*******************************************************************************
 Except where noted otherwise:
@@ -125,8 +125,8 @@
 //$ACCESS_ROOT = 'some/path/';
 
 
-//URL of optional external style sheet.  Used as href in <link ...>
-//If file is not found, or is incomplete, the built-in defaults will be used.
+//URL of optional external style sheet.  Used as an href in <link ...>
+//If file is not found, or is incomplete, built-in defaults will be used.
 //$CSS_FILE = 'OneFileCMS.css';
 
 
@@ -165,6 +165,20 @@ function System_Setup() { //****************************************************
 	$CONFIG_backup, $CONFIG_FILE, $CONFIG_FILE_backup, $VALID_CONFIG_FILE, 
 	$DOC_ROOT, $WEB_ROOT, $WEBSITE, $PRE_ITERATIONS, $EX, $message, $ENC_OS;
 
+//Requires PHP 5.1 or newer, due to changes in explode() (and maybe others).
+define('PHP_VERSION_ID_REQUIRED',50100);   //Ex: 5.1.23 is 50123
+define('PHP_VERSION_REQUIRED'  ,'5.1 + '); //Used in exit() message.
+//The predefined constant PHP_VERSION_ID has only been available since 5.2.7.
+//So, if needed, convert PHP_VERSION (a string) to PHP_VERSION_ID (an integer).
+//Ex: 5.1.23 converts to 50123.
+if (!defined('PHP_VERSION_ID')) {
+	$phpversion = explode('.', PHP_VERSION);
+	define('PHP_VERSION_ID', ($phpversion[0] * 10000 + $phpversion[1] * 100 + $phpversion[2]));
+}
+if( PHP_VERSION_ID < PHP_VERSION_ID_REQUIRED ) {exit( 'PHP '.PHP_VERSION.'<br>'.hsc($_['OFCMS_requires']).' '.PHP_VERSION_REQUIRED );
+}
+
+
 mb_detect_order("UTF-8, ASCII, Windows-1252, ISO-8859-1"); 
 
 //Get server's File System encoding.  Windows NTFS uses ISO-8859-1 or Windows-1252.
@@ -243,20 +257,6 @@ function System_Setup() { //****************************************************
 $MAIN_WIDTH      = validate_units($MAIN_WIDTH);
 $WIDE_VIEW_WIDTH = validate_units($WIDE_VIEW_WIDTH);
 
-
-//Requires PHP 5.1 or newer, due to changes in some functions.
-define('PHP_VERSION_ID_REQUIRED',50100);   //Ex: 5.1.23 is 50123
-define('PHP_VERSION_REQUIRED'  ,'5.1 + '); //Used in exit() message.
-
-//The predefined constant PHP_VERSION_ID has only been available since 5.2.7.
-//So, if needed, convert PHP_VERSION (a string) to PHP_VERSION_ID (an integer).
-//Ex: 5.1.23 converts to 50123.
-if (!defined('PHP_VERSION_ID')) {
-	$phpversion = explode('.', PHP_VERSION);
-	define('PHP_VERSION_ID', ($phpversion[0] * 10000 + $phpversion[1] * 100 + $phpversion[2]));
-}
-
-
 ini_set('session.gc_maxlifetime', $MAX_IDLE_TIME + 100); //in case the default is less.
 
 $TO_WARNING = 120; //seconds. When idle time remaining is less than this value, $timeout_warning is displayed
@@ -284,37 +284,6 @@ function System_Setup() { //****************************************************
 
 
 
-function validate_units($cssvalue) { //*****************************************
-	//Determine if valid units are set for $cssvalue:  px, pt, em, or %.
-	$main_units   = mb_substr($cssvalue, -2); 
-	if ( ($main_units != "px") && ($main_units != "pt") && ($main_units != "em") && (mb_substr($cssvalue, -1) != '%')) {
-		$cssvalue = ($cssvalue * 1).'px';   //If not, assume px.
-	}
-	return $cssvalue;
-}//end valid_units() //*********************************************************
-
-
-
-
-function hsc($input) { //*******************************************************
-	$enc = mb_detect_encoding($input); //It should always be UTF-8 (or ASCII), but, just in case...
-	if ($enc == 'ASCII') {$enc = 'UTF-8';} //htmlspecialchars() doesn't recognize "ASCII"
-	return htmlspecialchars($input, ENT_QUOTES, $enc);
-}//end hsc() //*****************************************************************
-
-
-
-
-function Convert_encoding($string, $to_enc = "") { //***************************
-	global $ENC_OS;
-								  //mb_convert_encoding($string, $to_enc, $from_enc)
-	if ($to_enc == 'UTF-8') {return mb_convert_encoding($string, 'UTF-8', $ENC_OS);} // Convert to UTF-8
-	else  /* default */		{return mb_convert_encoding($string, $ENC_OS, 'UTF-8');} // Convert to server's/OS's filesystem enc
-}//end Convert_encoding() //****************************************************
-
-
-
-
 function Default_Language() { // ***********************************************
 	global $_;
 // OneFileCMS Language Settings v3.5.01
@@ -552,6 +521,37 @@ function Default_Language() { // ***********************************************
 
 
 
+function validate_units($cssvalue) { //*****************************************
+	//Determine if valid units are set for $cssvalue:  px, pt, em, or %.
+	$main_units   = mb_substr($cssvalue, -2); 
+	if ( ($main_units != "px") && ($main_units != "pt") && ($main_units != "em") && (mb_substr($cssvalue, -1) != '%')) {
+		$cssvalue = ($cssvalue * 1).'px';   //If not, assume px.
+	}
+	return $cssvalue;
+}//end valid_units() //*********************************************************
+
+
+
+
+function hsc($input) { //*******************************************************
+	$enc = mb_detect_encoding($input); //It should always be UTF-8 (or ASCII), but, just in case...
+	if ($enc == 'ASCII') {$enc = 'UTF-8';} //htmlspecialchars() doesn't recognize "ASCII"
+	return htmlspecialchars($input, ENT_QUOTES, $enc);
+}//end hsc() //*****************************************************************
+
+
+
+
+function Convert_encoding($string, $to_enc = "") { //***************************
+	global $ENC_OS;
+								  //mb_convert_encoding($string, $to_enc, $from_enc)
+	if ($to_enc == 'UTF-8') {return mb_convert_encoding($string, 'UTF-8', $ENC_OS);} // Convert to UTF-8
+	else  /* default */		{return mb_convert_encoding($string, $ENC_OS, 'UTF-8');} // Convert to server's/OS's filesystem enc
+}//end Convert_encoding() //****************************************************
+
+
+
+
 function Session_Startup() { //*************************************************
 	global $SESSION_NAME, $page, $VALID_POST;
 
@@ -1131,13 +1131,13 @@ function Current_Path_Header(){ //**********************************************
 		
 		if ($unaccessable == '.') { $unaccessable = $WEB_ROOT; }
 		else { $unaccessable = $WEB_ROOT.dirname($ACCESS_ROOT).'/'; }
-		$unaccessable = trim(str_replace('/', ' / ',$unaccessable));
+		$unaccessable = '&nbsp;'.hsc(trim(str_replace('/', ' / ',$unaccessable)));
 	}
 
 	echo '<h2 id="path_header">';
 		//Root (or $ACCESS_ROOT) folder of web site.
 		$p1 = '?i='.URLencode_path($ACCESS_ROOT);
-		echo hsc($unaccessable).'<a id="path_0" href="'.$ONESCRIPT.$p1.'" class="path">'.hsc($_1st_accessable).'</a>/';
+		echo $unaccessable.'<a id="path_0" href="'.$ONESCRIPT.$p1.'" class="path">'.hsc($_1st_accessable).'</a>/';
 		$x=0; //need here for focus() in case at webroot.
 		
 		if ($remaining_path != "" ) { //if not at root, show the rest
@@ -1153,7 +1153,7 @@ function Current_Path_Header(){ //**********************************************
 			}
 		}//end if (not at root)
 	echo '</h2>';
-	echo '<script>document.getElementById("path_'.$x.'").focus();</script>';
+	//echo '<script>document.getElementById("path_'.$x.'").focus();</script>'; //Removed focus as of 3.5.04
 }//end Current_Path_Header() //*************************************************
 
 
@@ -1898,24 +1898,25 @@ function Index_Page_buttons_top($file_count) { //*******************************
 	global $_, $ONESCRIPT, $param1, $ICONS;
 
 	echo '<div id=index_page_buttons>';
+
+	echo '<div id=mcd_submit>';
 	if ($file_count > 0) {
-		echo '<div id="mcd_submit">';
 		$onclick_m = 'onclick="Confirm_Submit( \'move\');   "';
 		$onclick_c = 'onclick="Confirm_Submit( \'copy\');   "';
 		$onclick_d = 'onclick="Confirm_Submit( \'delete\' );"';
 		echo '<button TYPE=button '.$onclick_m.'>'.$ICONS['move'  ].'&nbsp;'.hsc($_['Move']  ).'</button>';
 		echo '<button TYPE=button '.$onclick_c.'>'.$ICONS['copy'  ].'&nbsp;'.hsc($_['Copy']  ).'</button>';
 		echo '<button TYPE=button '.$onclick_d.'>'.$ICONS['delete'].'&nbsp;'.hsc($_['Delete']).'</button>';
-		echo '</div>'; //end mcd_submit
 	}
+	echo '</div>'; //end mcd_submit
 
 	echo '<div class="front_links">';
 		echo '<a href="'.$ONESCRIPT.$param1.'&amp;p=newfolder">'.$ICONS['folder_new'].'&nbsp;'.hsc($_['New_Folder']) .'</a>';
 		echo '<a href="'.$ONESCRIPT.$param1.'&amp;p=newfile">'  .$ICONS['file_new']  .'&nbsp;'.hsc($_['New_File'])   .'</a>';
 		echo '<a href="'.$ONESCRIPT.$param1.'&amp;p=upload">'   .$ICONS['upload']    .'&nbsp;'.hsc($_['Upload_File']).'</a>';
 	echo '</div>'; //end front_links
+	
 	echo '</div>'; //end index_page_buttons
-	echo '<div class=clear></div>';
 
 } //end Index_Page_buttons_top() //*********************************************
 
@@ -2077,9 +2078,8 @@ function Edit_Page_form($ext, $text_editable, $too_large_to_edit, $too_large_to_
 					echo hsc($_['edit_txt_03']).'<br>';
 					echo hsc($_['edit_txt_04']).'<br></pre>';
 				}else{
-					//##### where is this <input> needed???  It's not used in Edit_response()
-					  //Commented out as of 3.5.02
-					  //echo '<input type="hidden" name="filename" value="'.hsc($filename).'">';
+					//<input name=filename> is used only to signal an Edit_response().
+					echo '<input type="hidden" name="filename" value="'.rawurlencode($filename).'">';
 					echo '<textarea id="file_editor" name="contents" cols="70" rows="25" ';
 					echo 'onkeyup="Check_for_changes(event);">'.$filecontents.'</textarea>'.PHP_EOL;
 				}
@@ -2413,7 +2413,6 @@ function CRM_Page($action, $title, $action_id, $old_full_name) { //*************
 		
 		echo '<label>'.hsc($_['New_Location']).':</label>';
 		echo '<span class="web_root">'.hsc($WEB_ROOT.$ACCESS_ROOT).'</span>';
-		echo '<input type=hidden name=base_location value="'.hsc($ACCESS_ROOT).'">';
 		echo '<input type=text   name=new_location  value="'.hsc($ACCESS_PATH).'"><br>';
 		
 		echo '('.hsc($_['CRM_txt_02']).')<p>';
@@ -2570,7 +2569,6 @@ function MCD_Page($action, $page_title, $classes = '') { //*********************
 		if ( ($_POST['mcdaction'] == 'copy') || ($_POST['mcdaction'] == 'move') ) {
 			echo '<label>'.hsc($_['New_Location']).':</label>';
 			echo '<span class="web_root">'.hsc($WEB_ROOT.$ACCESS_ROOT).'</span>';
-			echo '<input type=hidden name=base_location value="'.hsc($ACCESS_ROOT).'">';
 			echo '<input type=text   name=new_location  id=new_location value="'.hsc($ACCESS_PATH).'">';
 			echo '<p>('.hsc($_['CRM_txt_02']).')</p>';
 		}
@@ -2709,7 +2707,7 @@ function Load_Selected_Page(){ //***********************************************
 
 
 function Respond_to_POST() { //*************************************************
-	global $_, $VALID_POST, $ipath, $page, $EX, $message;
+	global $_, $VALID_POST, $ipath, $page, $EX, $ACCESS_ROOT, $message;
 
 	if (!$VALID_POST) { return; }
 	
@@ -2721,7 +2719,7 @@ function Respond_to_POST() { //*************************************************
 		return;
 	}
 	if (isset($_POST["new_location"])) {
-		$_POST["new_location"] = $_POST['base_location'].$_POST["new_location"]; //For CRM_ & MCD_response's
+		$_POST["new_location"] = $ACCESS_ROOT.$_POST["new_location"];
 		if (!Valid_Path($_POST["new_location"], false)) {  
 			$message .= $EX.'<b>'.hsc($_['Invalid_path']).': </b><span class=filename>'.hsc($_POST["new_location"]).'</span>';
 			$VALID_POST = 0;
@@ -2789,18 +2787,18 @@ function pad(num){ if ( num < 10 ){ num = "0" + num; }; return num; }
 
 
 //A basic htmlspecialchars()
-function hsc(text) {
+function hsc(text) { //***********************************************
   return text
       .replace(/&/g, "&amp;")
       .replace(/</g, "&lt;")
       .replace(/>/g, "&gt;")
       .replace(/"/g, "&quot;")
       .replace(/'/g, "&#039;");
-}
+}//end hsc() //*******************************************************
 
 
 
-function trim($string) {
+function trim($string) { //*******************************************
 
 	//trim leading whitespace
 	$len = $string.length;
@@ -2820,22 +2818,22 @@ function trim($string) {
 	}
 
 	return $trimmed;
-}//end trim()
+}//end trim() //******************************************************
 
 
 
-function FormatTime(Seconds) {
+function FormatTime(Seconds) {//**************************************
 	var Hours = Math.floor(Seconds / 3600); Seconds = Seconds % 3600;
 	var Minutes = Math.floor(Seconds / 60); Seconds = Seconds % 60;
 	if ((Hours == 0) && (Minutes == 0)) { Minutes = "" } else { Minutes = pad(Minutes) }
 	if (Hours == 0) { Hours = ""} else { Hours = pad(Hours) + ":"}
 
 	return (Hours + Minutes + ":" + pad(Seconds));
-}
+}//end FormatTime() //************************************************
 
 
 
-function format_number(number, sep) {
+function format_number(number, sep) { //******************************
 	sep = typeof sep !== 'undefined' ? sep : ','; //default to a comma
 	var number	= number + "";   // 1234567890     convert number to a string
 	var result  = "";            // 1,234,567,890  sample result
@@ -2847,10 +2845,11 @@ function format_number(number, sep) {
 		if (a > 0) {result = sep + result} //add sep if still have more digits
 	}
 	return result;
-}//end format_number()
+}//end format_number() //*********************************************
 
 
 
+//********************************************************************
 function Countdown(count, End_Time, Timer_ID, Timer_CLASS, Action){
 	var Timer        = document.getElementById(Timer_ID);
 	var Current_Time = Math.round(new Date().getTime()/1000); //js uses milliseconds
@@ -2860,7 +2859,7 @@ function Countdown(count, End_Time, Timer_ID, Timer_CLASS, Action){
 	Timer.innerHTML = FormatTime(count);
 
 	if ( (count < <?php echo $TO_WARNING ?>) && (Action != "") ) { //Two minute warning...
-		document.getElementById('message_box').innerHTML = "<?php echo addslashes($timeout_warning) ?>";
+		document.getElementById('message_box').innerHTML = "<?php echo hsc($timeout_warning) ?>";
 		Timer.style.backgroundColor = "white";
 		Timer.style.color = "red";
 		Timer.style.fontWeight = "900";
@@ -2875,21 +2874,22 @@ function Countdown(count, End_Time, Timer_ID, Timer_CLASS, Action){
 		return;
 	}
 	setTimeout('Countdown(' + params + ')',1000);
-}
+}//end Countdown() //*************************************************
 
 
 
-function Start_Countdown(count, ID, CLASS, Action){
+function Start_Countdown(count, ID, CLASS, Action){ //****************
 	document.write('<span id="' + ID + '"  class="' + CLASS + '"></span>');
 
 	var Time_Start  = Math.round(new Date().getTime()/1000);
 	var Time_End    = Time_Start + count;
 
 	Countdown(count, Time_End, ID, CLASS, Action); //(seconds to count, id of element)
-}
+}//end Start_Countdown() //*******************************************
 
 
 
+//********************************************************************
 function FileTimeStamp(php_filemtime, show_date, show_offset, write_return){
 
 	//php's filemtime returns seconds, javascript's date() uses milliseconds.
@@ -2924,51 +2924,8 @@ function FileTimeStamp(php_filemtime, show_date, show_offset, write_return){
 		
 	if (write_return) { document.write(DATETIME); }
 	else 			  { return DATETIME; }
-}
-
-
-
-function Select_All() {
-
-	//Does not work in IE with the variable name spelled the same as the Element Id
-	//The dollar sign is a valid character in JS for variable names, and therefore changes the spelling.
-	$select_all_label = document.getElementById('select_all_label');
-
-	var files = document.mcdselect.elements['files[]'];
-	var last  = files.length; //number of files
-	var select_all = document.mcdselect.select_all;
-	
-	if (select_all.checked) {
-		$select_all_label.innerHTML = '<?php echo hsc($_['Clear_All']) ?>';
-	}else{
-		$select_all_label.innerHTML = '<?php echo hsc($_['Select_All']) ?>';
-	}
-
-	//Start x at 1 as files[0] is a dummy <input> used to force an array even if only one file is in a folder.
-	for (var x = 1; x < last ; x++) { files[x].checked = select_all.checked; }
-}
-
-
-
-function Confirm_Submit(action){
-	
-	var files = document.mcdselect.elements['files[]'];
-	var last  = files.length;   //number of files
-	var no_files = true;
-	var f_msg    = "<?php echo addslashes($_['No_files']) ?>";	
+}//end FileTimeStamp() //*********************************************
 
-	document.mcdselect.mcdaction.value = action; 
-
-	//Confirm at least one file is checked
-	for (var x = 0; x < last ; x++) {
-		if (files[x].checked) { no_files = false ; break; }
-	}
-
-	//Don't submit form if no files are checked.
-	if ( no_files ) { alert(f_msg); return false; }
-
-	document.mcdselect.submit(); //submit form.
-}
 </script>
 <?php
 }//end common_scripts() //******************************************************
@@ -3163,7 +3120,7 @@ function Build_Directory() { //***************************************
 			file_size = format_number(filesize) + ' B';
 		}
 		
-		file_name  = '<a href="' + HREF_params + '"  title="<?php echo hsc($_['Edit_View']) ?>" >';
+		file_name  = '<a href="' + HREF_params + '"  title="<?php echo hsc($_['Edit_View']) ?>: ' + hsc(filename) + '" >';
 		file_name += ICONS[filetype] + '&nbsp;' + hsc(filename) + DS + '</a>';
 		time_stamp = FileTimeStamp(DIRECTORY_DATA[x][3], 1, 0, 0);
 		
@@ -3187,6 +3144,50 @@ function Sort_and_Show(col, direction) { //***************************
 
 }//end Sort_and_Show() { //*******************************************
 
+
+
+function Select_All() { //*******************************************
+
+	//Does not work in IE if the variable name is spelled the same as the Element Id
+	//So, prefix with a dollar sign (a valid character in JS for variable names).
+	$select_all_label = document.getElementById('select_all_label');
+
+	var files = document.mcdselect.elements['files[]'];
+	var last  = files.length; //number of files
+	var select_all = document.mcdselect.select_all;
+	
+	if (select_all.checked) {
+		$select_all_label.innerHTML = '<?php echo hsc($_['Clear_All']) ?>';
+	}else{
+		$select_all_label.innerHTML = '<?php echo hsc($_['Select_All']) ?>';
+	}
+
+	//Start x at 1 as files[0] is a dummy <input> used to force an array even if only one file is in a folder.
+	for (var x = 1; x < last ; x++) { files[x].checked = select_all.checked; }
+}//end Select_All() //************************************************
+
+
+
+function Confirm_Submit(action){ //***********************************
+	
+	var files = document.mcdselect.elements['files[]'];
+	var last  = files.length;   //number of files
+	var no_files = true;
+	var f_msg    = "<?php echo addslashes($_['No_files']) ?>";	
+
+	document.mcdselect.mcdaction.value = action; 
+
+	//Confirm at least one file is checked
+	for (var x = 0; x < last ; x++) {
+		if (files[x].checked) { no_files = false ; break; }
+	}
+
+	//Don't submit form if no files are checked.
+	if ( no_files ) { alert(f_msg); return false; }
+
+	document.mcdselect.submit(); //submit form.
+}//end Confirm_Submit() //********************************************
+
 </script>
 <?php
 }//end Index_Page_scripts() //**************************************************
@@ -3465,7 +3466,7 @@ function hash($element_id) {
 	if ($hash.length < 1) {$input.value = $hash; return;} //Don't hash nothing.
 	for ( $x=0; $x < $PRE_ITERATIONS; $x++ ) { $hash = hex_sha256($hash + $SALT); } ;
 	$input.value = $hash;
-}//end hash_256()
+}//end hash()
 </script>
 <?php
 }//end js_hash_scripts() //*****************************************************
@@ -3484,7 +3485,9 @@ function style_sheet(){ //******************************************************
 
 /* --- general formatting --- */
 
-body { font-size: 1em; background: #E8E8E8; font-family: sans-serif; }
+html { background: linear-gradient(170deg, white, rgb(50, 120,190)); background-attachment: fixed;}
+
+body { height: 100%; font-size: 1em; font-family: sans-serif; } 
 
 p, table, ol { margin-bottom: .6em;}
 
@@ -3503,16 +3506,11 @@ function style_sheet(){ //******************************************************
 
 label { font-size : 1em; font-weight: bold; }
 
-pre {
-	background: white;
-	border    : 1px solid #807568;
-	padding   : .2em;
-	margin    : 0;
-	}
+pre { background: white; border: 1px solid #777; padding: .2em; margin: 0; }
 
-input[type="text"]     { width: 100%; border: 1px solid #807568; padding: 1px 1px 1px 0; font : 1em Courier; }
-input[type="password"] { width: 100%; border: 1px solid #807568; padding: 0   1px 0   0; }
-input[type="file"]     { width: 100%; border: 1px solid #807568; background-color: white; }
+input[type="text"]     { width: 100%; border: 1px solid #777; padding: 1px 1px 1px 0; font : 1em Courier; }
+input[type="password"] { width: 100%; border: 1px solid #777; padding: 0   1px 0   0; }
+input[type="file"]     { width: 100%; border: 1px solid #777; background-color: white; }
 
 input[readonly]        { color: #333; background-color: #EEE; }
 input[disabled]        { color: #555; background-color: #EEE; }
@@ -3527,16 +3525,16 @@ function style_sheet(){ //******************************************************
 /* --- layout --- */
 
 .container {
-	border : 0px solid #807568;
+	border : 0px solid #777;
 	width  : 810px;     /*Adjusted by $MAIN_WIDTH config variable*/
 	margin : 0 auto 2em auto;
 	}
 
 
 #header {
-	border-bottom : 1px solid #807568;
+	border-bottom : 1px solid #777;
 	padding: 04px 0px 01px 0px;
-	margin : 0 0 .5em 0;
+	margin : 0 0 0 0;
 	}
 
 
@@ -3550,7 +3548,7 @@ function style_sheet(){ //******************************************************
 
 
 .h2_filename {
-	border: 1px solid #807568;
+	border: 1px solid #777;
 	padding: .1em .2em .1em .2em;
 	font-weight: 700;
 	font-family: courier;
@@ -3558,7 +3556,7 @@ function style_sheet(){ //******************************************************
 	}
 
 
-#message_box { border: none; margin: 0 0 .4em 0; padding: 0; }
+#message_box { border: none; margin: .5em 0 0 0; padding: 0; }
 
 #message_box_contents { border: 1px solid gray; padding: 4px; background: #FFF000; }
 
@@ -3587,57 +3585,85 @@ function style_sheet(){ //******************************************************
 
 .filename { font-family: courier; }
 
-/* --- INDEX directory listing, table format --- */
+
+/* ------ INDEX Page ------ */
+
+#index_page_buttons     { margin: 0 0 0 0; }
+#index_page_buttons div { display: inline-block; vertical-align: bottom; }
+
+
+/*** Select All [x] ***/
+#select_all_th { min-width: 60px ; max-width: 70px; text-align: right; padding:  0 0 0 0; } /*TRBL*/
+#select_all {margin: 3px 0 0 0;}  /*checkbox*/
+#select_all_label { 
+	font   : 400 .84em arial;
+	color  : #333;
+	cursor : pointer;
+	border-right: solid transparent 1px;
+	Xdisplay: inline-block;     /* //#### when select all was above table, not in it*/
+	Xwidth  : 72px;			    /* //#### when select all was above table, not in it*/
+	padding: 3px 2px 2px 2px;
+	}
+
+#select_all_label:hover  { border-left: 1px solid #777; background-color: rgb(255,250,150); }
+#select_all_label:hover  { border-top-width: 0; border-bottom-width: 0; }
+
+
+/*** Directory list file select boxes ***/
+.ckbox {padding: 2px 4px 0 4px}
+.ckbox:focus { background-color: rgb(255,250,150); }
+.ckbox:hover { background-color: rgb(255,250,150); }
+
+
+/*** [x] Folders First ***/
+#folders_first_ckbox {margin: 3px 0 0px 4px;}
+#folders_first_label {
+	border: solid 1px transparent;
+	font-size: .9em;
+	font-weight: normal;
+	color: #333; margin: 0;
+	padding: 3px 0 2px 0;
+}
+
+#folders_first_label:hover {border: solid 1px #777; background-color: rgb(255,250,150); cursor:pointer;}
+#folders_first_label:focus {border: solid 1px #777; background-color: rgb(255,250,150);}
+
+
+/* --- Directory Listing --- */
+
 table.index_T {
 	min-width: 30em;
 	font-size: .95em;
-	border         : 1px solid #807568;
+	border         : 1px solid #777;
 	border-collapse: collapse;
-	margin-bottom: .7em;
+	margin: .5em 0 0 0;
 	background-color: #FFF;
 	}
 
 table.index_T tr:hover {border: 1px solid #777; background-color: #EEE}
-
-table.index_T th { border: 1px inset silver; vertical-align: middle; padding: 0px ; text-align: center;}
-
+table.index_T th { border: 1px inset silver; vertical-align: middle; text-align: center; padding: 0 ;}
 table.index_T td { border: 1px inset silver; vertical-align: middle;}
-
-.index_T td a {	display: block; border: none; padding: 2px 4px 2px 4px; overflow : hidden; }
-
 table.index_T th:hover { background-color: white;}
 
+.index_T td a {	display: block; border: none; padding: 2px 4px 2px 4px; overflow : hidden; }
 .index_T th a { padding: 1px 0 1px 0; border-width: 0px;}
 
 .index_T th.file_name   { text-align: left; }
-.index_T th.file_name a { display: inline-block; padding: 1px 3em 1px 2em; border-top-width: 0px; border-bottom-width: 0px;}
+.index_T th.file_name a { display: inline-block; padding: 2px 3em 2px 2em; border-top-width: 0px; border-bottom-width: 0px;}
 #name_header {border-width: 0 1px 0 1px;}
-.index_T th.file_size a { display  : block; }
-.index_T th.file_time a { display  : block; }
-#sort_type {float: right; padding: 1px 5px 1px 4px; border-width: 0px 0 0 1px;}
+.index_T th.file_size a { display  : block; padding: 2px 0 2px 0; }
+.index_T th.file_time a { display  : block; padding: 2px 0 2px 0; }
+#sort_type {float: right; padding: 1px 5px 3px 4px; border-width: 0px 0 0 1px;}
 
 
 .file_name { min-width: 10em; max-width: 26em; }
 .file_size { min-width:  6em; padding-left: 10px; }
 .file_time { min-width: 10em; padding-left: 10px; }
 
-.meta_T {
-	padding-right : 4px;
-	text-align    : right;
-	font-family   : courier;
-    font-size     : .9em;
-	color         : #222;
-	}
-
-
-/*Index table file select boxes*/
-.ckbox {padding: 2px 4px 0 4px}
-.ckbox:focus { background-color: rgb(255,250,150); }
-.ckbox:hover { background-color: rgb(255,250,150); }
+.meta_T { padding-right: 4px; text-align: right; font-family: courier; font-size: .9em; color: #222; }
 
+#DIRECTORY_FOOTER td {text-align: center; font-size: .9em; color: #333; padding: 3px 0 0 0; }
 
-#index_page_buttons     { margin: 0 0 .5em 0; }
-#index_page_buttons div { display: inline-block; vertical-align: bottom; }
 
 
 /*** front_links:  [New File] [New Folder] [Upload File] ***/
@@ -3646,7 +3672,7 @@ function style_sheet(){ //******************************************************
 .front_links a {
 	display: inline-block;
 	margin-top  : .2em;
-	border      : 1px solid #807568;
+	border      : 1px solid #777;
 	font-size   : 1em;  /*Adjusted by langauge files*/
 	margin-left : 1em;  /*Adjusted by langauge files*/
 	padding     : 3px 5px 2px 4px; /*TRBL*/
@@ -3656,35 +3682,20 @@ function style_sheet(){ //******************************************************
 
 /*These must go after .front_links and other style that affect <a> tags*/
 a { border: 1px solid transparent; text-decoration: none; }  /*color: rgb(100,45,0);*/
-a:focus  { border: 1px solid #807568; background-color: rgb(255,250,150); }
-a:hover  { border: 1px solid #807568; background-color: rgb(255,250,150); }
-a:active { border: 1px solid #807568; background-color: rgb(245,245,50);  }
-
+a:focus  { border: 1px solid #777; background-color: rgb(255,250,150); }
+a:hover  { border: 1px solid #777; background-color: rgb(255,250,150); }
+a:active { border: 1px solid #777; background-color: rgb(245,245,50);  }
 
-/*** Select All [x]  [Move] [Copy] [Delete] ***/
 
-#select_all_th { min-width: 60px ; max-width: 70px; text-align: right; padding:  0 0px 0 0px; } /*TRBL*/
 
-#select_all {margin: 3px 0 0 0;}  /*checkbox*/
-#folders_first_ckbox {margin: 2px 0 0px 4px;}  /*checkbox*/
+/*** [Move] [Copy] [Delete] ***/
 
-#select_all_label { 
-	font   : 400 .84em arial;
-	color  : #333;
-	cursor : pointer;
-	border-right: solid transparent 1px;
-	Xdisplay: inline-block;     /* //#### when select all was above table, not in it*/
-	Xwidth  : 72px;			    /* //#### when select all was above table, not in it*/
-	padding: 2px 2px 1px 2px;
-	}
-
-#select_all_label:hover  { border: 1px solid #807568; background-color: rgb(255,250,150); }
-#select_all_label:hover  { border-top-width: 0; border-bottom-width: 0; }
+#mcd_submit { margin: 0; height: 1.8em; }
 
 #mcd_submit button {
 	height   : 1.55em;
 	cursor   : pointer;
-	border   : 1px solid #807568;
+	border   : 1px solid #777;
 	padding  : 0px 4px 0px 3px; /*TRBL*/
 	margin-top  :  .5em;  /* Helps align bottoms with New & Upload buttons */
 	margin-left : 0.0em;  /* no longer needs adjusted by langauge files */
@@ -3703,7 +3714,7 @@ function style_sheet(){ //******************************************************
 
 .button {
 	cursor : pointer;
-	border : 1px solid #807568;
+	border : 1px solid #777;
 	color  : black;
 	padding    : 4px 10px; /*Adjusted by langauge files*/
 	font-size  : .9em;     /*Adjusted by langauge files*/
@@ -3719,19 +3730,19 @@ function style_sheet(){ //******************************************************
 
 .nav   { float: right; display: inline-block; margin-top: 1.35em; font-size : 1em; }
 .nav a { border: 1px solid transparent; font-weight: bold; padding: .2em .6em .1em .6em; }
-.nav a:hover  { border: 1px solid #807568; }
-.nav a:focus  { border: 1px solid #807568; }
-.nav a:active { border: 1px solid #807568; }
+.nav a:hover  { border: 1px solid #777; }
+.nav a:focus  { border: 1px solid #777; }
+.nav a:active { border: 1px solid #777; }
 
 
 /* --- edit --- */
 
-#edit_header  {margin: 0;}
+#edit_header  {margin: .5em 0 0 0;}
 
 #edit_form    {margin: 0;}
 
 .edit_disabled {
-	border : 1px solid #807568;
+	border : 1px solid #777;
 	width  : 99%;
 	padding: .2em;
 	margin : .5em 0 .6em 0;
@@ -3754,7 +3765,7 @@ function style_sheet(){ //******************************************************
 
 .file_meta	{ float: left; margin-top: .6em; font-size: .95em; color: #222; }
 
-#edit_notes { font-size: .8em; color: #333 ;margin-top: 1em; clear:both; }
+#edit_notes { font-size: .8em; color: #222 ;margin-top: 1em; clear:both; }
 
 .notes      { margin-bottom: .4em; }
 
@@ -3762,7 +3773,7 @@ function style_sheet(){ //******************************************************
 /* --- log in --- */
 
 .login_page {
-	border  : 1px solid #807568;
+	border  : 1px solid #777;
 	width   : 370px;
 	margin  : 5em auto;
 	padding : .5em 1.2em .1em 1em;
@@ -3783,7 +3794,7 @@ function style_sheet(){ //******************************************************
 	width   : 100%;
 	clear   : both;
 	border  : none;
-	border-top   : 1px solid #807568;
+	border-top   : 1px solid #777;
 	Xborder-bottom: 1px solid #eee;
 	overflow: visible;
 	}
@@ -3823,13 +3834,13 @@ function style_sheet(){ //******************************************************
 .verify_del td { border: 1px solid #F44; }
 
 
-#admin {padding: .3em;}
+#admin {padding: 3px 5px;}
 
 .admin_buttons .button {margin-right: .5em;}
 
 .clear {clear:both; padding: 0; margin: 0; border: none}
 
-.web_root { border: 0px solid  #807568; border-right: none; font: 1em Courier; padding: 1px; }
+.web_root { border: 0px solid  #777; border-right: none; font: 1em Courier; padding: 1px; }
 
 .icon {float: left;}
 
@@ -3839,9 +3850,9 @@ function style_sheet(){ //******************************************************
 
 .path {padding: 1px 5px 1px 5px} /*TRBL*/
 
-.timer {border: 1px solid gray; padding: 3px .5em 4px .5em;}
+.timer {border: 1px solid #eee; padding: 3px .5em 4px .5em;}
 
-.timeout {float:right; font-size: .95em; color: #333;}
+.timeout {float:right; font-size: .95em; color: #111;}
 
 .edit_btns_top {margin: .2em 0 .5em 0;}
 
@@ -3873,21 +3884,15 @@ function style_sheet(){ //******************************************************
 .ren_over input {margin: 0 0 0 2em}
 .ren_over label {font-weight: normal}
 
-#DIRECTORY_FOOTER td {text-align: center; font-size: .9em; color: #333; }
-
-#folders_first_label {
-	border: solid 1px transparent;
-	font-size: .9em;
+#path_header{
+	display: inline-block;
+	background-color:white;
+	border: solid 1px #777;
 	font-weight: normal;
-	color: #333; margin: 0;
-	padding: 2px 0 1px 0;
+	padding: 0 .5em 0 0;
+	margin: .5em 0 0 0;
 }
 
-#folders_first_label:hover {border: solid 1px #807568; background-color: rgb(255,250,150); cursor:pointer;}
-#folders_first_label:focus {border: solid 1px #807568; background-color: rgb(255,250,150);}
-
-#path_header { background-color:white; border: solid 1px #807568; padding: 0; font-weight: normal; }
-
 #path_header a {
 	outline: none;
 	border: none;
@@ -3897,8 +3902,9 @@ function style_sheet(){ //******************************************************
 	padding: 1px 5px 0 5px;
 }
 
-#path_header a:hover{ border-left : solid 1px #807568; border-right: solid 1px #807568; background-color: rgb(255,250,150); }
-#path_header a:focus{ border-left : solid 1px #807568; border-right: solid 1px #807568; background-color: rgb(255,250,150); }
+#path_header a:hover  { border-left : solid 1px #777; border-right: solid 1px #777; background-color: rgb(255,250,150); }
+#path_header a:focus  { border-left : solid 1px #777; border-right: solid 1px #777; background-color: rgb(255,250,150); }
+#path_header a:active { border-left : solid 1px #777; border-right: solid 1px #777; background-color: rgb(255,250,150); }
 
 </style>
 <?php
@@ -3960,14 +3966,10 @@ function Load_style_sheet(){ //*************************************************
 //Main logic to determine page action
 //******************************************************************************
 
-Default_Language(); // Load Default Language settings
+Default_Language();
 
 System_Setup();
 
-if( PHP_VERSION_ID < PHP_VERSION_ID_REQUIRED ) {
-	exit( 'PHP '.PHP_VERSION.'<br>'.hsc($_['OFCMS_requires']).' '.PHP_VERSION_REQUIRED );
-}
-
 Session_Startup();
 
 if (!isset($_SESSION['admin_page'])) {
@@ -3977,6 +3979,8 @@ function Load_style_sheet(){ //*************************************************
 
 if ($_SESSION['valid']) {
 
+	undo_magic_quotes();
+
 	//Set current $EDIT_MODE & text for Edit page [Edit WYSIWIG/Source] button
 	if ( $WYSIWYG_VALID && isset($_COOKIE['edit_mode']) && ($_COOKIE['edit_mode'] == '1')) {
 		   $EDIT_MODE = '1'; $ON_OFF_label = $_['Source']; }
@@ -3984,8 +3988,6 @@ function Load_style_sheet(){ //*************************************************
 
 	Init_ICONS();
 
-	undo_magic_quotes();
-
 	Get_GET();
 
 	if ($page == "phpinfo") { phpinfo(); die; }
@@ -4057,7 +4059,7 @@ function Load_style_sheet(){ //*************************************************
 //footer...
 if ($_SESSION['valid']) {
 	//Countdown timer
-	echo '<hr>';
+	echo '<hr style="border-color: white;">';
 	echo Timeout_Timer($MAX_IDLE_TIME, 'timer0', 'timer timeout', 'LOGOUT');
 	echo '<span class="timeout">'.hsc($_['time_out_txt']).'&nbsp; </span>';
 
diff --git a/readme.markdown b/readme.markdown
index b491133..b567895 100755
--- a/readme.markdown
+++ b/readme.markdown
@@ -1,4 +1,5 @@
-(OnefileCMS updated: 2014-03-06) 
+(updated: 2014-03-08)
+
 # OneFileCMS
 
 ## Yes, that's exactly what it is!
@@ -22,7 +23,6 @@ Coupling a utilitarian code editor with basic upload and file managing functions
 ## Features
  
 - All the basic file management features like renaming, moving, copying, deleting, and uploading.
-  (For complex processes, like batch renaming or mass uploads, you're going to want to use an FTP program.)
 - Sort directory listings by file name, extension, size, or date.
 - A basic text editor.
 - A WYSIWYG editor may be added as a plugin.

From 7af105163931bbd85d2358502265e446f6e1975b Mon Sep 17 00:00:00 2001
From: Self-Evident <selfevidenttruths@mail.com>
Date: Sat, 8 Mar 2014 19:46:00 -0500
Subject: [PATCH 182/228] Version 3.5.04 Updated readme.

---
 readme.markdown | 6 ++----
 1 file changed, 2 insertions(+), 4 deletions(-)

diff --git a/readme.markdown b/readme.markdown
index b567895..db203c0 100755
--- a/readme.markdown
+++ b/readme.markdown
@@ -98,12 +98,10 @@ OneFileCMS can be configured to work with [TinyMCE](http://tinymce.moxiecode.com
   (Only tested on versions 5.2.8, 5.2.17, 5.3.3, and 5.4 + )
 - File permission privileges on your host.
 - A Javascript enabled browswer.
-- Most modern browsers probably work, but I only test on Firefox and Chrome. IE8 is currently a no go, as of v3.4.23. Maybe IE10 also, I don't know...
-(But, a fix is in the works - it just may be a short while...)
+- Most modern browsers probably work, but I only test on Firefox and Chrome.  
+  IE is currently a no go, as of v3.4.23. [v3.4.22 is available here](http://self-evident.github.com/OneFileCMS/onefilecms_3.4.22.zip)
 - And- but only if you wish to see the icons- a browser that supports inline SVG.  
   (If your browser doesn't support inline SVG, OneFileCMS will still work, just without any icons.)
-- And currently, as of version 3.4.23, OneFileCMS does not work in IE8 or earlier. I have not yet tried IE9 or later (as of 2014-02-22).  
-  [v3.4.22 is available here](http://self-evident.github.com/OneFileCMS/onefilecms_3.4.22.zip)
 
 ## License, Credit, Et Cetera  
 

From d3befc72a2dddf805380c52b3c3ce0ae9fd86133 Mon Sep 17 00:00:00 2001
From: Self-Evident <selfevidenttruths@mail.com>
Date: Sun, 9 Mar 2014 12:10:00 -0400
Subject: [PATCH 183/228] Version 3.5.05

Moved $TO_WARNING from System_Setup to CONFIG section

Countdown(): on $timeout_warning, switched back to addslashes() from hsc().
  When session expires out, also change message_box_contents.
  Increased delay from session time until login screen load from 3 to 10 sec's.

CRM_response(): ignore when "New Name" field is blank - return to CRM_Page().

Renamed pre_validate() to pre_validate_pwun()
cleaned up Countdown() a bit: simplified some innerHTML values.
Cancel_Submit_buttons(): [Cancel] now has default focus.

Tweaked message_box_contents css.
---
 extras/OneFileCMS.config.SAMPLE.php |  9 ++--
 extras/OneFileCMS.css               |  2 +-
 info/OneFileCMS_structure.txt       |  4 +-
 info/changelog.markdown             |  5 ++
 onefilecms.php                      | 79 +++++++++++++++++------------
 readme.markdown                     |  2 +-
 6 files changed, 60 insertions(+), 41 deletions(-)

diff --git a/extras/OneFileCMS.config.SAMPLE.php b/extras/OneFileCMS.config.SAMPLE.php
index 60b1d60..0f675e5 100755
--- a/extras/OneFileCMS.config.SAMPLE.php
+++ b/extras/OneFileCMS.config.SAMPLE.php
@@ -1,6 +1,6 @@
 <?php 
 // OneFileCMS - github.com/Self-Evident/OneFileCMS
-// v3.5.04+
+// v3.5.05
 // Sample external config file - this file is OPTIONAL.
 //
 // Basically, what follows is just a copy & paste of the OneFileCMS CONFIGURABLE INFO section.
@@ -17,7 +17,8 @@
 $MAX_ATTEMPTS  = 3;   //Max failed login attempts before LOGIN_DELAY starts.
 $LOGIN_DELAY   = 10;  //In seconds.
 $MAX_IDLE_TIME = 600; //In seconds. 600 = 10 minutes.  Other PHP settings (like gc) may limit its max effective value.
-	$MAX_IDLE_TIME = 60000; //In seconds. 600 = 10 minutes.  Other PHP settings (like gc) may limit its max effective value. //##### 
+$TO_WARNING    = 120; //In seconds. When idle time remaining is less than this value, a timeout warning is displayed.
+
 $MAIN_WIDTH    = '810px'; //Width of main <div> defining page layout.          Can be px, pt, em, or %.  Assumes px otherwise.
 $WIDE_VIEW_WIDTH = '97%'; //Width to set Edit page if [Wide View] is clicked.  Can be px, pt, em, or %.  Assumes px otherwise.
 
@@ -55,8 +56,8 @@
 //$ACCESS_ROOT = 'some/path/';
 
 
-//URL of optional external style sheet.  Used as href in <link ...>
-//If file is not found, or is incomplete, the built-in defaults will be used.
+//URL of optional external style sheet.  Used as an href in <link ...>
+//If file is not found, or is incomplete, built-in defaults will be used.
 //$CSS_FILE = 'OneFileCMS.css';
 
 
diff --git a/extras/OneFileCMS.css b/extras/OneFileCMS.css
index 5dc84b3..e784fa2 100755
--- a/extras/OneFileCMS.css
+++ b/extras/OneFileCMS.css
@@ -1,5 +1,5 @@
 /*******************************************************************************
-Sample, OPTIONAL, external style sheet for OneFileCMS.  version 3.5.04+
+Sample, OPTIONAL, external style sheet for OneFileCMS v3.5.05
 *******************************************************************************/
 
 /* --- reset --- */
diff --git a/info/OneFileCMS_structure.txt b/info/OneFileCMS_structure.txt
index 8b85bcf..f306860 100755
--- a/info/OneFileCMS_structure.txt
+++ b/info/OneFileCMS_structure.txt
@@ -1,4 +1,4 @@
-OneFileCMS Version 3.5.04 structure/layout
+OneFileCMS Version 3.5.05 structure/layout
 
 LICENSE
 
@@ -113,7 +113,7 @@ JAVASCRIPT FUNCTIONS:
 	event_scripts()
 		events_down()
 		events_up()
-		pre_validate()
+		pre_validate_pwun()
 	js_hash_scripts()
 		hex_sha256() (& related...)
 		hash()
diff --git a/info/changelog.markdown b/info/changelog.markdown
index 05d43ff..1b26f18 100755
--- a/info/changelog.markdown
+++ b/info/changelog.markdown
@@ -1,5 +1,10 @@
 # OneFileCMS Change Log
 
+### v3.5.05 (2014-03-09)
+
+- Copy & Rename pages ignore blank "New Name" fields.
+- Some minor improvemnts & css tweaks.
+
 ### v3.5.04 (2014-03-08)
 
 - Fixed "minor" bug - editor not saving changes (introduced in 3.5.02, but just noticed)
diff --git a/onefilecms.php b/onefilecms.php
index 2d6f833..9608cb2 100755
--- a/onefilecms.php
+++ b/onefilecms.php
@@ -1,7 +1,7 @@
 <?php mb_internal_encoding('utf-8');
 // OneFileCMS - github.com/Self-Evident/OneFileCMS
 
-$OFCMS_version = '3.5.04';
+$OFCMS_version = '3.5.05';
 
 /*******************************************************************************
 Except where noted otherwise:
@@ -87,6 +87,7 @@
 $MAX_ATTEMPTS  = 3;   //Max failed login attempts before LOGIN_DELAY starts.
 $LOGIN_DELAY   = 10;  //In seconds.
 $MAX_IDLE_TIME = 600; //In seconds. 600 = 10 minutes.  Other PHP settings (like gc) may limit its max effective value.
+$TO_WARNING    = 120; //In seconds. When idle time remaining is less than this value, a timeout warning is displayed.
 
 $MAIN_WIDTH    = '810px'; //Width of main <div> defining page layout.          Can be px, pt, em, or %.  Assumes px otherwise.
 $WIDE_VIEW_WIDTH = '97%'; //Width to set Edit page if [Wide View] is clicked.  Can be px, pt, em, or %.  Assumes px otherwise.
@@ -160,7 +161,7 @@ function System_Setup() { //****************************************************
 	$config_etypes, $config_stypes,$config_itypes, $config_ftypes, $config_fclass, 
 	$SHOWALLFILES, $etypes, $itypes, $ftypes, $fclasses, $excluded_list, 
 	$LANGUAGE_FILE, $ACCESS_ROOT, $ACCESS_ROOT_len, $WYSIWYG_PLUGIN, $WYSIWYG_VALID, 
-	$TO_WARNING, $INVALID_CHARS, $WHSPC_SLASH, $VALID_PAGES, 
+	$INVALID_CHARS, $WHSPC_SLASH, $VALID_PAGES, 
 	$ONESCRIPT,  $ONESCRIPT_file, $ONESCRIPT_backup, $ONESCRIPT_file_backup, 
 	$CONFIG_backup, $CONFIG_FILE, $CONFIG_FILE_backup, $VALID_CONFIG_FILE, 
 	$DOC_ROOT, $WEB_ROOT, $WEBSITE, $PRE_ITERATIONS, $EX, $message, $ENC_OS;
@@ -259,8 +260,6 @@ function System_Setup() { //****************************************************
 
 ini_set('session.gc_maxlifetime', $MAX_IDLE_TIME + 100); //in case the default is less.
 
-$TO_WARNING = 120; //seconds. When idle time remaining is less than this value, $timeout_warning is displayed
-
 $VALID_PAGES = array("login","logout","admin","hash","changepw","changeun","index","edit","upload","uploaded","newfile","renamefile","copyfile","deletefile","deletefolder","newfolder","renamefolder","copyfolder","mcdaction", "phpinfo");
 
 //Make arrays out of a few $config_variables for actual use later.
@@ -1220,8 +1219,8 @@ function Cancel_Submit_Buttons($submit_label) { //******************************
 	<button type="button" class="button" id="cancel" onclick="parent.location = '<?php echo $ONESCRIPT.$params ?>'">
 		<?php echo hsc($_['Cancel']) ?></button>
 	<button type="submit" class="button" id="submitty" style="margin-left: 1em;"><?php echo hsc($submit_label);?></button>
+	<script>document.getElementById("cancel").focus();</script>
 <?php
-	//Do not close the <p> tag yet/here. Leave it open for potential content on individual pages.
 }//end Cancel_Submit_Buttons() //***********************************************
 
 
@@ -1480,16 +1479,15 @@ function Hash_Page() { //*******************************************************
 	</form>
 
 	<div class="info">
- 	<p><?php echo hsc($_['hash_txt_01']) ?><br>
-	<ol><li><?php echo hsc($_['hash_txt_06']) ?><br>
-			<?php echo hsc($_['hash_txt_07']) ?>
-		<li><?php echo hsc($_['hash_txt_08']) ?><br>
-			<?php echo hsc($_['hash_txt_09']) ?><br>
-			<?php echo hsc($_['hash_txt_10']) ?><br>
-		<li><?php echo hsc($_['hash_txt_12']) ?>
-	</ol>
-	
-	<?php echo $PWUN_RULES ?>
+		<p><?php echo hsc($_['hash_txt_01']) ?><br>
+		<ol><li><?php echo hsc($_['hash_txt_06']) ?><br>
+				<?php echo hsc($_['hash_txt_07']) ?>
+			<li><?php echo hsc($_['hash_txt_08']) ?><br>
+				<?php echo hsc($_['hash_txt_09']) ?><br>
+				<?php echo hsc($_['hash_txt_10']) ?><br>
+			<li><?php echo hsc($_['hash_txt_12']) ?>
+		</ol>
+		<?php echo $PWUN_RULES ?>
 	</div>
 <?php
 }//end Hash_Page() //***********************************************************
@@ -2238,7 +2236,7 @@ function Upload_Page() { //*****************************************************
 			//In FF, width of <input type="file" size=1> is 121px. If size=2, width = 128, etc. The base value is 114px.
 			echo '<input type="file" name="upload_file[]" size="'.floor(($main_width - 114) / 7).'"><br>'."\n";
 		}
-		
+		echo '<p>';
 		Cancel_Submit_Buttons($_['Upload']);
 	echo '</form>';
 }//end Upload_Page() //*********************************************************
@@ -2409,7 +2407,7 @@ function CRM_Page($action, $title, $action_id, $old_full_name) { //*************
 		echo '<input type="hidden" name=old_full_name     value="'.hsc($old_full_name).'">';
 		
 		echo '<label>'.hsc($_['CRM_txt_04']).':</label>';
-		echo '<input type=text name=new_name class=new_name value="'.hsc(basename($new_full_name)).'"><br>';
+		echo '<input type=text name=new_name class=new_name id=new_name value="'.hsc(basename($new_full_name)).'"><br>'; //##### added id
 		
 		echo '<label>'.hsc($_['New_Location']).':</label>';
 		echo '<span class="web_root">'.hsc($WEB_ROOT.$ACCESS_ROOT).'</span>';
@@ -2419,6 +2417,12 @@ function CRM_Page($action, $title, $action_id, $old_full_name) { //*************
 		Cancel_Submit_Buttons($action);
 	echo '</form>';
 
+//##### 
+?>
+<script>
+var $new_name = document.getElementById('new_name');
+</script>
+<?php
 }//end CRM_Page() //************************************************************
 
 
@@ -2427,7 +2431,8 @@ function CRM_Page($action, $title, $action_id, $old_full_name) { //*************
 function CRM_response($action, $msg1, $show_message = 3){ //********************
 	//$action = 'rCopy' or 'rename'.  Returns 0 if successful, 1 on error.
 	//$show_message: 0 = none; 1 = errors only; 2 = successes only; 3 = all messages (default).
-	global $_, $ipath, $ipath_OS, $filename, $page, $param1, $param2, $message, $EX, $INVALID_CHARS, $WHSPC_SLASH;
+	global $_, $ONESCRIPT, $ipath, $ipath_OS, $filename, $page, $param1, $param2, $param3, 
+			$message, $EX, $INVALID_CHARS, $WHSPC_SLASH;
 
 	$old_full_name = trim($_POST['old_full_name'], $WHSPC_SLASH);     //Trim whitespace & slashes.
 	$new_name_only = trim($_POST['new_name'], $WHSPC_SLASH);
@@ -2461,6 +2466,11 @@ function CRM_response($action, $msg1, $show_message = 3){ //********************
 	}elseif ( !file_exists($old_full_name_OS) ) {
 		$err_msg .= $EX.'<b>'.hsc($msg1.' '.hsc($_['CRM_msg_02'])).'</b><br>';
 		$bad_name = $old_full_name;
+	//Ignore if new name is blank.
+	}elseif ( mb_strlen($new_name_only) == 0 ) {
+		$page = 'copyfile';
+		$param3 = '&amp;p=copyfile';
+		return 0;
 	//Check new name for invalid chars, including slashes.
 	}elseif ( has_invalid_char($new_name_only) ) {
 		$err_msg .= $EX.'<b>'.hsc($_['new_file_msg_02']).'<span class="filename"> '.hsc($INVALID_CHARS).'</span></b><br>';
@@ -2778,10 +2788,9 @@ function init_ICONS_js() { //***************************************************
 
 function common_scripts() { //**************************************************
 	global $_, $TO_WARNING;
-	
-	$timeout_warning = '<div id="message_box_contents"><b>'.hsc($_['session_warning']).'</b>';
 ?>
 <script>
+
 function pad(num){ if ( num < 10 ){ num = "0" + num; }; return num; }
 
 
@@ -2856,10 +2865,12 @@ function Countdown(count, End_Time, Timer_ID, Timer_CLASS, Action){
 	    count        = End_Time - Current_Time;
 	var params = count + ', "' + End_Time + '", "' + Timer_ID + '", "' + Timer_CLASS + '", "' + Action + '"';
 
+	$message_box = document.getElementById('message_box');
+
 	Timer.innerHTML = FormatTime(count);
 
-	if ( (count < <?php echo $TO_WARNING ?>) && (Action != "") ) { //Two minute warning...
-		document.getElementById('message_box').innerHTML = "<?php echo hsc($timeout_warning) ?>";
+	if ( (count == <?php echo $TO_WARNING ?>) && (Action != "") ) { //Two minute warning...
+		$message_box.innerHTML = '<div id="message_box_contents"><b><?php echo hsc($_['session_warning']) ?></b>';
 		Timer.style.backgroundColor = "white";
 		Timer.style.color = "red";
 		Timer.style.fontWeight = "900";
@@ -2867,9 +2878,10 @@ function Countdown(count, End_Time, Timer_ID, Timer_CLASS, Action){
 
 	if ( count < 1 ) {
 		if ( Action == 'LOGOUT') {
-			Timer.innerHTML = '<?php echo hsc($_['session_expired']) ?>';
+			Timer.innerHTML        = '<?php echo hsc($_['session_expired']) ?>';
+			$message_box.innerHTML = '<div id=message_box_contents><b><?php echo hsc($_['session_expired']) ?></b></div>';
 			//Load login screen, but delay first to make sure really expired:
-			setTimeout('window.location = window.location.pathname',3000); //1000 = 1 second
+			setTimeout('window.location = window.location.pathname',10000); //1000 = 1 second
 		}
 		return;
 	}
@@ -3116,11 +3128,11 @@ function Build_Directory() { //***************************************
 		} else {
 			DS = '';
 			f_or_f = 'file';
-			HREF_params = ONESCRIPT + PARAM1 + '&amp;f=' + encodeURIComponent(filename) + '&amp;p=edit';
+			HREF_params = ONESCRIPT + PARAM1 + '&amp;f=' + encodeURIComponent(filename);
 			file_size = format_number(filesize) + ' B';
 		}
 		
-		file_name  = '<a href="' + HREF_params + '"  title="<?php echo hsc($_['Edit_View']) ?>: ' + hsc(filename) + '" >';
+		file_name  = '<a href="' + HREF_params  + '&amp;p=edit' + '"  title="<?php echo hsc($_['Edit_View']) ?>: ' + hsc(filename) + '" >';
 		file_name += ICONS[filetype] + '&nbsp;' + hsc(filename) + DS + '</a>';
 		time_stamp = FileTimeStamp(DIRECTORY_DATA[x][3], 1, 0, 0);
 		
@@ -3379,10 +3391,11 @@ function events_down(event, capture_key) {if (!event) {var event = window.event;
 }
 
 
-function events_up(event, capture_key) {if (!event) {var event = window.event;} //if IE
+function events_up(event, capture_key) {
+	if (!event) {var event = window.event;} //if IE
 	if (!$thispage) {return false;} //Ignore keyup if there was no keydown on this page.
 	if ((event.type.substr(0,3) == 'key') && (event.keyCode != capture_key)) {return true;}
-	if (!pre_validate()) {return false};
+	if (!pre_validate_pwun()) {return false};
 	$submit_button.disabled = "disabled";  //Prevent extra clicks
 	hash('password');
 	<?php echo $hash_new_new ?>
@@ -3399,7 +3412,7 @@ function events_up(event, capture_key) {if (!event) {var event = window.event;}
 }
 
 
-function pre_validate() {
+function pre_validate_pwun() {
 	var $pw = document.getElementById('password');
 
 	//These must exist for checks below.
@@ -3425,7 +3438,7 @@ function pre_validate() {
 		return false;
 	}
 	return true;
-}//end pre_validate()
+}//end pre_validate_pwun()
 </script>
 <?php
 }//end event_scripts() //*******************************************************
@@ -3457,7 +3470,7 @@ function js_hash_scripts() { //*************************************************
 
 
 <script>
-//OneFileCMS wrapper function for using hash functions
+//OneFileCMS wrapper function for using hex_sha256() functions
 function hash($element_id) {
 	var $input = document.getElementById($element_id);
 	var $hash = trim($input.value); //trim() defined in common_scripts()
@@ -3510,7 +3523,7 @@ function style_sheet(){ //******************************************************
 
 input[type="text"]     { width: 100%; border: 1px solid #777; padding: 1px 1px 1px 0; font : 1em Courier; }
 input[type="password"] { width: 100%; border: 1px solid #777; padding: 0   1px 0   0; }
-input[type="file"]     { width: 100%; border: 1px solid #777; background-color: white; }
+input[type="file"]     { width: 100%; border: 1px solid #777; background-color: white; margin: 0; }
 
 input[readonly]        { color: #333; background-color: #EEE; }
 input[disabled]        { color: #555; background-color: #EEE; }
@@ -3558,7 +3571,7 @@ function style_sheet(){ //******************************************************
 
 #message_box { border: none; margin: .5em 0 0 0; padding: 0; }
 
-#message_box_contents { border: 1px solid gray; padding: 4px; background: #FFF000; }
+#message_box_contents { border: 1px solid gray; padding: 3px 2px 2px 4px; background: #FFF000; }
 
 #message_box #message_left {
 	float  : left;
diff --git a/readme.markdown b/readme.markdown
index db203c0..521fe26 100755
--- a/readme.markdown
+++ b/readme.markdown
@@ -1,4 +1,4 @@
-(updated: 2014-03-08)
+(updated: 2014-03-09)
 
 # OneFileCMS
 

From b5776ac869b91105e19644d58e41c9aed71986d0 Mon Sep 17 00:00:00 2001
From: Self-Evident <selfevidenttruths@mail.com>
Date: Tue, 11 Mar 2014 01:33:00 -0400
Subject: [PATCH 184/228] Version 3.5.06 Login_response(): Log each login
 attempt (failed & successful). $LOG_LOGINS Config option (true/false)
 System_Setup(): added $LOGIN_LOG_url, $LOGIN_LOG_file System_Setup(): to
 prevent execution of old backup files, changed the extension    added from
 .BACKUP.php to -BACKUP.txt Admin_Page(): split out List_Backups_and_Logs().
 Also, stay in php and echo  everything, instead of jumping in & out of <?php
 ?>. Renamed List_Backup() to List_File() List_File(): Improved display of
 listed backups & [Delete] button. Moved scandir() from Get_Directory_Data()
 to Index_Page() for possible future  enhancements. And, you know, a couple
 css tweaks.

---
 extras/OneFileCMS.config.SAMPLE.php |  11 +-
 extras/OneFileCMS.css               |  10 +-
 info/OneFileCMS_structure.txt       |   5 +-
 info/changelog.markdown             |   6 +-
 onefilecms.php                      | 162 ++++++++++++++++------------
 readme.markdown                     |  16 +--
 6 files changed, 121 insertions(+), 89 deletions(-)

diff --git a/extras/OneFileCMS.config.SAMPLE.php b/extras/OneFileCMS.config.SAMPLE.php
index 0f675e5..dfd17dc 100755
--- a/extras/OneFileCMS.config.SAMPLE.php
+++ b/extras/OneFileCMS.config.SAMPLE.php
@@ -1,6 +1,6 @@
 <?php 
 // OneFileCMS - github.com/Self-Evident/OneFileCMS
-// v3.5.05
+// v3.5.06
 // Sample external config file - this file is OPTIONAL.
 //
 // Basically, what follows is just a copy & paste of the OneFileCMS CONFIGURABLE INFO section.
@@ -14,10 +14,11 @@
 //$HASHWORD = "18350bc2181858e679605434735b1c2db6e7e4bb72b50a6d93d9ad1362f3e1c2"; //"password" with $PRE_ITERATIONS = 1000
 $SALT     = 'somerandomsalt';
 
-$MAX_ATTEMPTS  = 3;   //Max failed login attempts before LOGIN_DELAY starts.
-$LOGIN_DELAY   = 10;  //In seconds.
-$MAX_IDLE_TIME = 600; //In seconds. 600 = 10 minutes.  Other PHP settings (like gc) may limit its max effective value.
-$TO_WARNING    = 120; //In seconds. When idle time remaining is less than this value, a timeout warning is displayed.
+$MAX_ATTEMPTS  = 3;    //Max failed login attempts before LOGIN_DELAY starts.
+$LOGIN_DELAY   = 10;   //In seconds.
+$MAX_IDLE_TIME = 600;  //In seconds. 600 = 10 minutes.  Other PHP settings (like gc) may limit its max effective value.
+$TO_WARNING    = 120;  //In seconds. When idle time remaining is less than this value, a timeout warning is displayed.
+$LOG_LOGINS    = true; //Keep log of login attempts.
 
 $MAIN_WIDTH    = '810px'; //Width of main <div> defining page layout.          Can be px, pt, em, or %.  Assumes px otherwise.
 $WIDE_VIEW_WIDTH = '97%'; //Width to set Edit page if [Wide View] is clicked.  Can be px, pt, em, or %.  Assumes px otherwise.
diff --git a/extras/OneFileCMS.css b/extras/OneFileCMS.css
index e784fa2..e1c3c7c 100755
--- a/extras/OneFileCMS.css
+++ b/extras/OneFileCMS.css
@@ -1,5 +1,5 @@
 /*******************************************************************************
-Sample, OPTIONAL, external style sheet for OneFileCMS v3.5.05
+Sample, OPTIONAL, external style sheet for OneFileCMS v3.5.06
 *******************************************************************************/
 
 /* --- reset --- */
@@ -35,7 +35,7 @@ pre { background: white; border: 1px solid #777; padding: .2em; margin: 0; }
 
 input[type="text"]     { width: 100%; border: 1px solid #777; padding: 1px 1px 1px 0; font : 1em Courier; }
 input[type="password"] { width: 100%; border: 1px solid #777; padding: 0   1px 0   0; }
-input[type="file"]     { width: 100%; border: 1px solid #777; background-color: white; }
+input[type="file"]     { width: 100%; border: 1px solid #777; background-color: white; margin: 0; }
 
 input[readonly]        { color: #333; background-color: #EEE; }
 input[disabled]        { color: #555; background-color: #EEE; }
@@ -83,7 +83,7 @@ button:active { background-color: rgb(245,245,50);  }
 
 #message_box { border: none; margin: .5em 0 0 0; padding: 0; }
 
-#message_box_contents { border: 1px solid gray; padding: 4px; background: #FFF000; }
+#message_box_contents { border: 1px solid gray; padding: 3px 2px 2px 4px; background: #FFF000; }
 
 #message_box #message_left {
 	float  : left;
@@ -394,9 +394,7 @@ hr { /*-- -- -- -- -- -- --*/
 
 input[type="text"].new_name {width  : 50%; margin-bottom: .2em;}
 
-.old_backup_T {float: left; margin-bottom: .3em;}
-
-#del_backup   {float: left; margin-left  :  1em; padding: 2px 5px}
+#del_backup   { margin: 0; padding: 2px 5px}
 
 /*** For old IE only: text "icons" for Rename, Copy, and Delete ***/
 .RCD1  {font: 900 7pt arial; padding: 0px 3px 0px 3px; margin: 0px; float: left}
diff --git a/info/OneFileCMS_structure.txt b/info/OneFileCMS_structure.txt
index f306860..be7f0e3 100755
--- a/info/OneFileCMS_structure.txt
+++ b/info/OneFileCMS_structure.txt
@@ -1,4 +1,4 @@
-OneFileCMS Version 3.5.05 structure/layout
+OneFileCMS Version 3.5.06 structure/layout
 
 LICENSE
 
@@ -49,7 +49,8 @@ SVG ICONS
 		svg_icon_folder()
 
 PAGE & RESPONSE FUNCTIONS:
-	List_Backup()
+	List_File()
+	List_Backups_and_Logs()
 	Admin_Page()
 	Hash_Page()
 	Hash_response()
diff --git a/info/changelog.markdown b/info/changelog.markdown
index 1b26f18..f9870f7 100755
--- a/info/changelog.markdown
+++ b/info/changelog.markdown
@@ -1,5 +1,9 @@
 # OneFileCMS Change Log
 
+### v3.5.06 (2014-03-11)
+
+- Added optional logging of login attempts, both successful & failed.
+
 ### v3.5.05 (2014-03-09)
 
 - Copy & Rename pages ignore blank "New Name" fields.
@@ -27,7 +31,7 @@
 
 - Mostly behind the scenes stuff...
 - Replaced use of htmlentities() with htmlspecialchars().  With UTF-8, htmlentites() is superfluous.
-- Added hsc() to s number of strings where should have already been.
+- Added hsc() to a number of strings where should have already been.
 - Changed directory sort function a bit. Note: when selecting/deselecting the 'folders first' option, the primary sort will be the last sorted column.
 - Split out a new function, Send\_data\_to\_js(), from Index\_Page().
 - Also, in prep for an upcoming update, tagged several places (with //##### ) where file system calls are made. The $filename strings used in the calls may need to be encoded with something other than UTF-8, depending on the underlying OS's filesystem. (such as NTFS, which uses UTF-16)
diff --git a/onefilecms.php b/onefilecms.php
index 9608cb2..2e12082 100755
--- a/onefilecms.php
+++ b/onefilecms.php
@@ -1,7 +1,7 @@
 <?php mb_internal_encoding('utf-8');
 // OneFileCMS - github.com/Self-Evident/OneFileCMS
 
-$OFCMS_version = '3.5.05';
+$OFCMS_version = '3.5.06';
 
 /*******************************************************************************
 Except where noted otherwise:
@@ -84,10 +84,11 @@
 //$HASHWORD = "18350bc2181858e679605434735b1c2db6e7e4bb72b50a6d93d9ad1362f3e1c2"; //"password" with $PRE_ITERATIONS = 1000
 $SALT     = 'somerandomsalt';
 
-$MAX_ATTEMPTS  = 3;   //Max failed login attempts before LOGIN_DELAY starts.
-$LOGIN_DELAY   = 10;  //In seconds.
-$MAX_IDLE_TIME = 600; //In seconds. 600 = 10 minutes.  Other PHP settings (like gc) may limit its max effective value.
-$TO_WARNING    = 120; //In seconds. When idle time remaining is less than this value, a timeout warning is displayed.
+$MAX_ATTEMPTS  = 3;    //Max failed login attempts before LOGIN_DELAY starts.
+$LOGIN_DELAY   = 10;   //In seconds.
+$MAX_IDLE_TIME = 600;  //In seconds. 600 = 10 minutes.  Other PHP settings (like gc) may limit its max effective value.
+$TO_WARNING    = 120;  //In seconds. When idle time remaining is less than this value, a timeout warning is displayed.
+$LOG_LOGINS    = true; //Keep log of login attempts.
 
 $MAIN_WIDTH    = '810px'; //Width of main <div> defining page layout.          Can be px, pt, em, or %.  Assumes px otherwise.
 $WIDE_VIEW_WIDTH = '97%'; //Width to set Edit page if [Wide View] is clicked.  Can be px, pt, em, or %.  Assumes px otherwise.
@@ -161,7 +162,7 @@ function System_Setup() { //****************************************************
 	$config_etypes, $config_stypes,$config_itypes, $config_ftypes, $config_fclass, 
 	$SHOWALLFILES, $etypes, $itypes, $ftypes, $fclasses, $excluded_list, 
 	$LANGUAGE_FILE, $ACCESS_ROOT, $ACCESS_ROOT_len, $WYSIWYG_PLUGIN, $WYSIWYG_VALID, 
-	$INVALID_CHARS, $WHSPC_SLASH, $VALID_PAGES, 
+	$INVALID_CHARS, $WHSPC_SLASH, $VALID_PAGES, $LOGIN_LOG_url, $LOGIN_LOG_file,
 	$ONESCRIPT,  $ONESCRIPT_file, $ONESCRIPT_backup, $ONESCRIPT_file_backup, 
 	$CONFIG_backup, $CONFIG_FILE, $CONFIG_FILE_backup, $VALID_CONFIG_FILE, 
 	$DOC_ROOT, $WEB_ROOT, $WEBSITE, $PRE_ITERATIONS, $EX, $message, $ENC_OS;
@@ -202,9 +203,11 @@ function System_Setup() { //****************************************************
 $WEBSITE   = $_SERVER['HTTP_HOST'].'/';
 
 $ONESCRIPT_file        = $_SERVER['SCRIPT_FILENAME'];  //Non-url file system use.
-$ONESCRIPT_backup      = $ONESCRIPT.'.BACKUP.php';       //used for p/w & u/n updates.
-$ONESCRIPT_file_backup = $ONESCRIPT_file.'.BACKUP.php';  //used for p/w & u/n updates.
+$ONESCRIPT_backup      = $ONESCRIPT.'-BACKUP.txt';       //used for p/w & u/n updates.
+$ONESCRIPT_file_backup = $ONESCRIPT_file.'-BACKUP.txt';  //used for p/w & u/n updates.
 $LOGIN_ATTEMPTS        = $ONESCRIPT_file.'.invalid_login_attempts'; //Non-url file system use.
+$LOGIN_LOG_url		   = $ONESCRIPT.'-LOGIN.log';
+$LOGIN_LOG_file		   = $ONESCRIPT_file.'-LOGIN.log';
 
 
 //If specified & found, include $CONFIG_FILE.
@@ -214,8 +217,8 @@ function System_Setup() { //****************************************************
 	if (is_file($CONFIG_FILE_OS)) { 
 		$VALID_CONFIG_FILE = 1;
 		include($CONFIG_FILE_OS);
-		$CONFIG_backup      = URLencode_path($CONFIG_FILE).'.BACKUP.php'; //used for p/w & u/n updates.
-		$CONFIG_FILE_backup = $CONFIG_FILE.'.BACKUP.php';                 //used for p/w & u/n updates.
+		$CONFIG_backup      = URLencode_path($CONFIG_FILE).'-BACKUP.txt'; //used for p/w & u/n updates.
+		$CONFIG_FILE_backup = $CONFIG_FILE.'-BACKUP.txt';                 //used for p/w & u/n updates.
 	}
 	else {
 		$message .= $EX.'<b>$CONFIG_FILE '.hsc($_['Not_found']).':</b> '.$CONFIG_FILE.'<br>';
@@ -1378,7 +1381,7 @@ function icon_folder($extra = ""){ //**********************************
 
 
 
-function List_Backup($file, $file_url){ //**************************************
+function List_File($file, $file_url){ //****************************************
 	global $_, $ONESCRIPT, $ICONS;
 
 	$file_OS = Convert_encoding($file);
@@ -1386,76 +1389,88 @@ function List_Backup($file, $file_url){ //**************************************
 	$href = $ONESCRIPT.'?i='.dir_name(trim($file_url,'/')).'&amp;f='.basename($file_url);
 	$edit_link = '<a href="'.$href.'&amp;p=edit'.'" id="old_backup">'.hsc(basename($file)).'</a>';
 ?>
-	<table class="index_T old_backup_T"><tr>
+	<tr>
+	<td><a href="<?php echo $href.'&amp;p=deletefile' ?>" class="button" id="del_backup">
+	<?php echo $ICONS['delete'].'&nbsp;'.hsc($_['Delete']) ?></a></td>
 	<td class="file_name"><?php echo $edit_link; ?></td>
 	<td class="meta_T file_size">&nbsp;	<?php echo number_format(filesize($file_OS)); ?> B	</td>  
 	<td class="meta_T file_time"> &nbsp;<script>FileTimeStamp(<?php echo filemtime($file_OS); ?>, 1, 0, 1);</script></td>
-	</tr></table>
-
-	<a href="<?php echo $href.'&amp;p=deletefile' ?>" class="button" id="del_backup">
-	<?php echo $ICONS['delete'].'&nbsp;'.hsc($_['Delete']) ?></a>
-	<div class=clear></div>
+	</tr>
 <?php
-}//end List_Backup() //*********************************************************
+}//end List_File() //***********************************************************
 
 
 
 
-function Admin_Page() { //******************************************************
-	global $_, $ONESCRIPT, $ONESCRIPT_backup, $ONESCRIPT_file_backup, $CONFIG_backup,
-		   $ipath, $filename, $param1, $param2, $EX, $config_title,  $CONFIG_FILE_backup;
+function List_Backups_and_Logs(){ //********************************************
+	global $_, $ONESCRIPT_backup, $ONESCRIPT_file, $ONESCRIPT_file_backup, 
+		   $CONFIG_backup, $CONFIG_FILE_backup, $LOGIN_LOG_url, $LOGIN_LOG_file;
+
+	//Indicate if a login log or backups (from a prior p/w or u/n change) exist.
 
 	$CONFIG_FILE_backup_OS    = Convert_encoding($CONFIG_FILE_backup);
 	$ONESCRIPT_file_backup_OS = Convert_encoding($ONESCRIPT_file_backup);
+	$LOGIN_LOG_file_OS		  = Convert_encoding($LOGIN_LOG_file);
+
+	clearstatcache ();
+	$backup_found = $log_found = false;
+	if (is_file($ONESCRIPT_file_backup_OS) || is_file($CONFIG_FILE_backup_OS) ) { $backup_found = true; }
+	if (is_file($LOGIN_LOG_file_OS)) { $log_found = true; }
+
+	if ( $backup_found || $log_found ) {
+		echo '<table class="index_T">';
+		if ($log_found)                         { List_File($LOGIN_LOG_file, $LOGIN_LOG_url); }
+		if (is_file($ONESCRIPT_file_backup_OS)) { List_File($ONESCRIPT_file_backup, $ONESCRIPT_backup); }
+		if (is_file($CONFIG_FILE_backup_OS))    { List_File($CONFIG_FILE_backup, $CONFIG_backup); }
+		echo '</table>';
+		
+		if ($backup_found) {
+			echo '<p style="margin-top: .5em"><b>'.hsc($_['admin_txt_00']).'</b></p>';
+			echo '<p>'.hsc($_['admin_txt_01']);
+		}
+		echo '<hr>';
+	}//end of check for backup
+}//end List_Backups_and_Logs() //***********************************************
+
+
+
+
+function Admin_Page() { //******************************************************
+	global $_, $ONESCRIPT, $ipath, $filename, $param1, $param2, $config_title;
 
 	// Restore/Preserve $ipath prior to admin page in case OneFileCMS is edited (which would change $ipath).
 	if   ( $_SESSION['admin_page'] ) { $ipath  = $_SESSION['admin_ipath'];
 									   $param1 = '?i='.URLencode_path($ipath); }
 	else { $_SESSION['admin_page']  = true;
 		   $_SESSION['admin_ipath'] = $ipath; }
-	
+
 	// [Close] returns to either the index or edit page.
 	$params = "";
 	if ($filename != "") { $params = $param2.'&amp;p=edit'; }
 
+	$button_attribs = '<button type="button" class="button" onclick="parent.location =\''.$ONESCRIPT;
 	$edit_params = '?i='.dir_name($ONESCRIPT).'&amp;f='.basename($ONESCRIPT).'&amp;p=edit';
-?>
-	<h2><?php echo hsc($_['Admin_Options']) ?></h2>
-
-	<span class="admin_buttons">
-	<button type="button" class="button" id="cancel"    onclick="parent.location =
-		<?php echo "'".$ONESCRIPT.$param1.$params.'\'">'.hsc($_['Close']) ?></button>
-	<button type="button" class="button" id="changepw"  onclick="parent.location =
-		<?php echo "'".$ONESCRIPT.$param1.'&amp;p=changepw\'">'.hsc($_['pw_change']) ?></button>
-	<button type="button" class="button" id="changeun"  onclick="parent.location =
-		<?php echo "'".$ONESCRIPT.$param1.'&amp;p=changeun\'">'.hsc($_['un_change']) ?></button>
-	<button type="button" class="button" id="hash"      onclick="parent.location =
-		<?php echo "'".$ONESCRIPT.$param1.'&amp;p=hash\'">'.hsc($_['Generate_Hash']) ?></button>
-	<button type="button" class="button" id="editOFCMS" onclick="parent.location =
-		<?php echo "'".$ONESCRIPT.$edit_params.'\'">'.hsc($_['Edit'].' '.$config_title) ?></button>
-	</span>
 
-	<div class="info">
+	echo '<h2>'.hsc($_['Admin_Options']).'</h2>';
 
-<?php  //Check for & indicate if backups exists from a prior p/w or u/n change.
-	clearstatcache ();
-	if (is_file($ONESCRIPT_file_backup_OS) || is_file($CONFIG_FILE_backup_OS) ) {
-		echo '<p><b>'.hsc($_['admin_txt_00']).'</b></p>';
-		if (is_file($ONESCRIPT_file_backup_OS)) { List_Backup($ONESCRIPT_file_backup, $ONESCRIPT_backup); }
-		if (is_file($CONFIG_FILE_backup_OS))    { List_Backup($CONFIG_FILE_backup, $CONFIG_backup); }
-		echo '<p>'.hsc($_['admin_txt_01']).'<hr>';
-		$focus_on = 'old_backup'; //id of filename listed
-	}else {
-		$focus_on = 'cancel';
-	}//end of check for backup
-	
-	echo '<script>document.getElementById("'.$focus_on.'").focus();</script>';
-?>
-	<p><b><?php echo hsc($_['admin_txt_02']) ?></b>
-	<p><?php echo hsc($_['admin_txt_16']) ?>
-	<p><?php echo hsc($_['admin_txt_14']) ?>
-	</div>
-<?php
+	echo '<span class="admin_buttons">';
+	echo $button_attribs.$param1.$params.'\'" id="close">'.hsc($_['Close']).'</button>'; 
+	echo $button_attribs.$param1.'&amp;p=changepw\'">'.hsc($_['pw_change']).'</button>'; 
+	echo $button_attribs.$param1.'&amp;p=changeun\'">'.hsc($_['un_change']).'</button>'; 
+	echo $button_attribs.$param1.'&amp;p=hash\'">'.hsc($_['Generate_Hash']).'</button>'; 
+	echo $button_attribs.$edit_params.'\'">'.hsc($_['Edit'].' '.$config_title).'</button>'; 
+	echo '</span>';
+
+	echo '<div class="info">';
+
+	List_Backups_and_Logs();
+
+	echo '<p><b>'.hsc($_['admin_txt_02']).'</b>';
+	echo '<p>'   .hsc($_['admin_txt_16']);
+	echo '<p>'.hsc($_['admin_txt_14']);
+	echo '</div>'; //end class=info
+
+	echo '<script>document.getElementById("close").focus();</script>';
 }//end Admin_Page() //**********************************************************
 
 
@@ -1550,7 +1565,8 @@ function Change_PWUN_Page($pwun, $type, $page_title, $label_new, $label_confirm)
 	<p><?php echo hsc($_['pw_txt_14']) ?>
 	</div>
 <?php
-	//Note: The button with id="submitty" above must NOT be of type="submit" NOR have an id="submit", or the event_scripts won't work.
+	//Note: The button with id="submitty" above must NOT be of type="submit",
+	//NOR have an id="submit", or the event_scripts won't work.
 	event_scripts('change', 'submitty', $pwun); //Doesn't work if an id="submit"
 	js_hash_scripts();
 }//end Change_PWUN_Page() //****************************************************
@@ -1702,7 +1718,8 @@ function Login_Page() { //******************************************************
 
 
 function Login_response() { //**************************************************
-	global $_, $EX, $message, $page, $LOGIN_ATTEMPTS, $MAX_ATTEMPTS, $LOGIN_DELAY, $USERNAME, $HASHWORD;
+	global $_, $EX, $ONESCRIPT_file, $message, $page, $USERNAME, $HASHWORD,
+				$LOGIN_ATTEMPTS, $MAX_ATTEMPTS, $LOGIN_DELAY, $LOG_LOGINS, $LOGIN_LOG_file;
 
 	$_SESSION = array();    //make sure it's empty
 	$_SESSION['valid'] = 0; //Default to failed login.
@@ -1737,7 +1754,7 @@ function Login_response() { //**************************************************
 		$_SESSION['user_agent'] = $_SERVER['HTTP_USER_AGENT']; //for user consistancy check.
 		$_SESSION['valid'] = 1;
 		$page = "index";
-		if ( is_file($LOGIN_ATTEMPTS) ) { unlink($LOGIN_ATTEMPTS); } //delete invalid attempts count file
+		if ( is_file($LOGIN_ATTEMPTS) ) { unlink($LOGIN_ATTEMPTS); } //delete count/file of $LOGIN_ATTEMPTS
 		
 	}else{
 		file_put_contents($LOGIN_ATTEMPTS, ++$attempts); //increment attempts
@@ -1748,6 +1765,18 @@ function Login_response() { //**************************************************
 			$message .= ' '.hsc($_['login_msg_02b']);
 		}
 	}
+
+	//Log login attempts
+	if ($LOG_LOGINS) {
+		$log_file    = Convert_encoding($LOGIN_LOG_file);
+		$pass_fail   = $_SESSION['valid'].' ';
+		$timestamp   = date("Y-m-d H:i:s").' ';
+		$client_IP   = $_SERVER['REMOTE_ADDR'].' ';
+		$client_port = $_SERVER['REMOTE_PORT'].' ';
+		$client      = '"'.$_SERVER['HTTP_USER_AGENT'].'"';
+		
+		file_put_contents($log_file, $pass_fail.$timestamp.$client_IP.$client_port.$client."\n",FILE_APPEND);
+	}//
 }//end Login_response() //******************************************************
 
 
@@ -1793,7 +1822,7 @@ function Create_Table_for_Listing() { //****************************************
 
 
 
-function Get_DIRECTORY_DATA() { //**********************************************
+function Get_DIRECTORY_DATA($raw_list) { //*************************************
 	global $_, $ONESCRIPT, $ipath, $ipath_OS, $param1, $ICONS, $message, 
 			$ftypes, $fclasses, $excluded_list, $stypes, $SHOWALLFILES, 
 			$DIRECTORY_COUNT, $DIRECTORY_DATA, $ENC_OS;
@@ -1801,8 +1830,6 @@ function Get_DIRECTORY_DATA() { //**********************************************
 	//Doesn't use global $filename or $filename_OS in this function (because they shouldn't exist on the Index page)
 	//$filename below is JUST the file's name.  In some functions, it's the full/path/filename
 
-	$raw_list = scandir('./'.$ipath_OS);  //Get current directory list  (unsorted)
-
 	$DIRECTORY_COUNT = 0; //final count to exclude . & .., and possibly $excluded file names
 	foreach ($raw_list as $raw_filename) { //$raw_list is in server's File System encoding
 		
@@ -1922,12 +1949,13 @@ function Index_Page_buttons_top($file_count) { //*******************************
 
  
 function Index_Page(){ //*******************************************************
-	global  $ONESCRIPT, $param1;
+	global  $ONESCRIPT, $ipath_OS, $param1;
 	
 	init_ICONS_js();
 	Index_Page_scripts();
 
-	$file_count = Get_DIRECTORY_DATA();
+	$raw_list = scandir('./'.$ipath_OS);  //Get current directory list  (unsorted)
+	$file_count = Get_DIRECTORY_DATA($raw_list);
 
 	//<form> to contain directory, including buttons at top.
 	echo '<form method="post" name="mcdselect" action="'.$ONESCRIPT.$param1.'&amp;p=mcdaction">';
@@ -3882,9 +3910,7 @@ function style_sheet(){ //******************************************************
 
 input[type="text"].new_name {width  : 50%; margin-bottom: .2em;}
 
-.old_backup_T {float: left; margin-bottom: .3em;}
-
-#del_backup   {float: left; margin-left  :  1em; padding: 2px 5px}
+#del_backup   { margin: 0; padding: 2px 5px}
 
 /*** For old IE only: text "icons" for Rename, Copy, and Delete ***/
 .RCD1  {font: 900 7pt arial; padding: 0px 3px 0px 3px; margin: 0px; float: left}
diff --git a/readme.markdown b/readme.markdown
index 521fe26..0117a31 100755
--- a/readme.markdown
+++ b/readme.markdown
@@ -1,5 +1,3 @@
-(updated: 2014-03-09)
-
 # OneFileCMS
 
 ## Yes, that's exactly what it is!
@@ -13,7 +11,7 @@ Edit screen:
 
 OneFileCMS is just that: It's a flat, light, one file CMS (Content Management System) contained entirely in an easy-to-implement database-less PHP script.
 
-Coupling a utilitarian code editor with basic upload and file managing functions, OneFileCMS can maintain an entire website completely in-browser without any external programs.
+Coupling basic editing, upload, and file managing functions, OneFileCMS can maintain an entire website completely in-browser without any external programs.
 
 ## Demo
 
@@ -61,6 +59,7 @@ I may not have the time/bandwidth/inclination to implement every feature, but I
 
 Yes!  Currently, English (EN), German (DE), Spanish (ES), Dutch (NL), and Russian (RU) are available.
 
+- English courtesy of me.
 - German (Deutsch) courtesy of [codeless](http://github.com/codeless).
 - Spanish (Espanõla) courtesy of [fermuch](http://github.com/fermuch).
 - Dutch (Nederlands) courtesy of [symsec](http://github.com/symsec).  
@@ -70,9 +69,9 @@ If you speak another language and would like to contribute, translations are wel
 
 ### Can I have more than one username/password?
 
-Yes!  Well, sort of - indirectly.  Upload or create addional copies of OneFileCMS, but give them different file names.(ex: OneFile1.php and OneFile2.php etc...)  Then, in each copy, maintain different usernames, passwords, and $session_name config values.  
+Yes!  Well, sort of... indirectly.  Upload or create addional copies of OneFileCMS, but give them different file names.(ex: OneFile1.php and OneFile2.php etc...)  Then, in each copy, maintain different usernames, passwords, and $session_name config values.  
   
-Now, since there is no database or other means of granular control or access logging, multiple usernames may be kind of superfluous.  However, having at least one working backup copy of OneFileCMS available is recommended in case the primary copy gets corrupted.
+Now, since there is no database or other means of granular control or access logging, multiple usernames provides limited utility.  However, having at least one working backup copy of OneFileCMS available is recommended in case the primary copy gets corrupted.
 
 ### This is basically just a file manager with a text editor- why is it being called a CMS?
 
@@ -86,9 +85,12 @@ OneFileCMS can be configured to work with [TinyMCE](http://tinymce.moxiecode.com
 
 ### What it is not?
 
-- OneFileCMS would not be the best option for a site that requires different levels of privileges, unless all of the users are trusted to stay within their designated areas of responsibility. Since OneFileCMS allows file uploads and editing files directly on the web server, there is simply no way to secure against any particular action.
+- OneFileCMS would not be the best option for a site that requires different levels of privileges, unless all of the users are trusted to stay within their designated areas of responsibility. Since OneFileCMS allows file uploads and editing files directly on the web server, there is simply no way to secure against any particular action.  
+
+  These issues, of course, are not unique to OneFileCMS - as they will exist in any CMS that permits unrestricted file editing & uploads.
+
+- If you need to upload a lots of files, an FTP program may be a bit more flexible & practicle.
 
-	These issues, of course, are not unique to OneFileCMS - as they will exist in any CMS that permits unrestricted file editing & uploads.
 
 --------------------------------------------------------------------------------
 

From ce093e1659e18b934f997043f23aed5275088485 Mon Sep 17 00:00:00 2001
From: Self-Evident <selfevidenttruths@mail.com>
Date: Tue, 18 Mar 2014 12:10:00 -0400
Subject: [PATCH 185/228] Version 3.5.07 Added raw_view to $VALID_PAGES Added
 [View Raw] button to edit page Added $_['cancelled'], $_['View'],
 $_['View_Raw'], $_['edit_txt_00']  (shuffled a couple other $_[] lines
 around) Changed $_['too_large_to_view_02'], $_['edit_caution_02'],
 $_['admin_txt_16'] Removed $_['edit_note_04'] - resolved the issue it
 describes. Replaced global $Editing_OFCMS with $IS_OFCMS   Affected: 
 Validate_params(), Verify_Page_Conditions(), Edit_Page_buttons() Added
 $GET['m'] so messages can be passed between pages. Initialize $message on
 line 1 so it can be used anywhere. Verify_Page_Conditions(): added action for
 raw_view "page". Cencel_Submit_Buttons(): added "cancelled" response message
 to [Cancel] button Removed ability to edit active copy of OnefileCMS. If
 needed, make & edit a copy.  (Can still view it.) From CRM_Page, removed
 (don't remember why it's there...):   <script>var $new_name =
 document.getElementById('new_name');</script> Converted from php
 message_box() to (new) javascript Display_Messages() As only used in HTML
 output, changed use of PHP_EOL to "\n" Removed class="icon" from SVG icons
 Renamed event_scripts() to pwun_event_scripts() Edit_Page_buttons_top():
 Added [View Raw] Edit_Page_form(): always load Edit_Page_scripts() New:
 RCD_button(), in Edit_Page_buttons() only Some restructuring & improvements
 to Edit_Page_form() & Edit_Page(). Assemble_row(): made some var's local
 Build_Directory(): slight streamlining Edit_Page_scripts(): added some
 onclick events in lieu of html attrib onclicks.   Also added & shuffled some
 logic to fix edit page issues with Chrome. Tweaked/adjusted some css In Main
 Logic section, slight shuffle of some code to improve readability. Renamed
 $EDIT_MODE to $EDIT_WYSIWYG Renamed 'edit_mode' cookie to 'edit_wysiwyg'
 Significant restructure & cleanup of Edit_Page_scripts()

---
 extras/OneFileCMS.config.SAMPLE.php |   8 +-
 extras/OneFileCMS.css               |  44 +-
 extras/plugin-ckeditor_init.php     |   9 +-
 extras/plugin-tinymce_init.php      |  13 +-
 info/OneFileCMS_structure.txt       |   5 +-
 info/changelog.html                 | 607 +++++++++++++++++++++++
 info/changelog.markdown             |  10 +
 languages/OneFileCMS.LANG.DE.php    |  86 ++--
 languages/OneFileCMS.LANG.EN.php    | 102 ++--
 languages/OneFileCMS.LANG.ES.php    |  86 ++--
 languages/OneFileCMS.LANG.NL.php    |  86 ++--
 languages/OneFileCMS.LANG.RU.php    |  86 ++--
 onefilecms.php                      | 724 ++++++++++++++--------------
 readme.markdown                     |   5 +-
 14 files changed, 1247 insertions(+), 624 deletions(-)
 create mode 100755 info/changelog.html

diff --git a/extras/OneFileCMS.config.SAMPLE.php b/extras/OneFileCMS.config.SAMPLE.php
index dfd17dc..a40dfc2 100755
--- a/extras/OneFileCMS.config.SAMPLE.php
+++ b/extras/OneFileCMS.config.SAMPLE.php
@@ -1,6 +1,6 @@
 <?php 
 // OneFileCMS - github.com/Self-Evident/OneFileCMS
-// v3.5.06
+// v3.5.07
 // Sample external config file - this file is OPTIONAL.
 //
 // Basically, what follows is just a copy & paste of the OneFileCMS CONFIGURABLE INFO section.
@@ -72,9 +72,9 @@
 //$LANGUAGE_FILE = "OneFileCMS.LANG.EN.php";
 
 //Init file for optional external wysiwyg editor.
-//Sample init files are availble in the OneFileCMS repo, but the actual editors are not.
-//$WYSIWYG_PLUGIN = 'plugins/tinymce_init.php';
-//$WYSIWYG_PLUGIN = 'plugins/ckeditor_init.php';
+//Sample init files are availble in the "extras\" folder of the OneFileCMS repo, but the actual editors are not.
+//$WYSIWYG_PLUGIN = 'plugins/plugin-tinymce_init.php';
+//$WYSIWYG_PLUGIN = 'plugins/plugin-ckeditor_init.php';
 
 //Name of optional external config file.  Any settings it contains will supersede those above.
 //See the sample file in the OneFileCMS github repo for format example.
diff --git a/extras/OneFileCMS.css b/extras/OneFileCMS.css
index e1c3c7c..7bbf969 100755
--- a/extras/OneFileCMS.css
+++ b/extras/OneFileCMS.css
@@ -1,5 +1,5 @@
 /*******************************************************************************
-Sample, OPTIONAL, external style sheet for OneFileCMS v3.5.06
+Sample, OPTIONAL, external style sheet for OneFileCMS v3.5.07
 *******************************************************************************/
 
 /* --- reset --- */
@@ -43,9 +43,9 @@ input[disabled]        { color: #555; background-color: #EEE; }
 input:focus  { background-color: rgb(255,250,150); }
 input:hover  { background-color: rgb(255,250,150); }
 
-button:focus  { background-color: rgb(255,250,150); }
-button:hover  { background-color: rgb(255,250,150); }
-button:active { background-color: rgb(245,245,50);  }
+button:focus  { background-color: rgb(255,250,150); border-color: #333;}
+button:hover  { background-color: rgb(255,250,150); border-color: #333;}
+button:active { background-color: rgb(245,245,50);  border-color: #333;}
 
 /* --- layout --- */
 
@@ -58,7 +58,7 @@ button:active { background-color: rgb(245,245,50);  }
 
 #header {
 	border-bottom : 1px solid #777;
-	padding: 04px 0px 01px 0px;
+	padding: 4px 0px 1px 0px;
 	margin : 0 0 0 0;
 	}
 
@@ -83,7 +83,7 @@ button:active { background-color: rgb(245,245,50);  }
 
 #message_box { border: none; margin: .5em 0 0 0; padding: 0; }
 
-#message_box_contents { border: 1px solid gray; padding: 3px 2px 2px 4px; background: #FFF000; }
+.message_box_contents { border: 1px solid gray; padding: 3px 2px 2px 4px; background: #FFF000; }
 
 #message_box #message_left {
 	float  : left;
@@ -104,8 +104,8 @@ button:active { background-color: rgb(245,245,50);  }
 	background : #EEE;
 	}
 
-#message_box  #X_box:hover  {background-color: rgb(255,250,150);}
-#message_box  #X_box:focus  {background-color: rgb(255,250,150);}
+#message_box  #X_box:hover  {background-color: rgb(255,250,150); border-color: #333}
+#message_box  #X_box:focus  {background-color: rgb(255,250,150); border-color: #333}
 #message_box  #X_box:active {background-color: rgb(245,245,50); }
 
 .filename { font-family: courier; }
@@ -190,7 +190,6 @@ table.index_T th:hover { background-color: white;}
 #DIRECTORY_FOOTER td {text-align: center; font-size: .9em; color: #333; padding: 3px 0 0 0; }
 
 
-
 /*** front_links:  [New File] [New Folder] [Upload File] ***/
 .front_links { float: right; }
  
@@ -212,7 +211,6 @@ a:hover  { border: 1px solid #777; background-color: rgb(255,250,150); }
 a:active { border: 1px solid #777; background-color: rgb(245,245,50);  }
 
 
-
 /*** [Move] [Copy] [Delete] ***/
 
 #mcd_submit { margin: 0; height: 1.8em; }
@@ -241,15 +239,17 @@ a:active { border: 1px solid #777; background-color: rgb(245,245,50);  }
 	cursor : pointer;
 	border : 1px solid #777;
 	color  : black;
-	padding    : 4px 10px; /*Adjusted by langauge files*/
-	font-size  : .9em;     /*Adjusted by langauge files*/
+	padding    : 4px 7px 4px 7px; /*Adjusted by langauge files*/
+	font-size  : .9em;            /*Adjusted by langauge files*/
 	font-family: sans-serif;
-	background-color: #EEE;  /*#d4d4d4*/
+	background-color: #EEE;
 	}
 
 .button:active    { background-color: rgb(245,245,50); }                  /*first                 */
 .button[disabled] { color: #777; background-color: #EEE; cursor: default} /*second - order matters*/
 
+#renamefile_btn {padding: 2px 7px 4px 7px;}
+
 
 /* --- header --- */
 
@@ -269,14 +269,18 @@ a:active { border: 1px solid #777; background-color: rgb(245,245,50);  }
 .edit_disabled {
 	border : 1px solid #777;
 	width  : 99%;
+	height : 35em;
 	padding: .2em;
 	margin : .5em 0 .6em 0;
-	color  : #333;
+	color  : #222;
 	background-color: #FFF000;
 	line-height: 1.4em;
+	white-space: pre-wrap;
+	word-wrap: break-word;
+	overflow: auto;
 	}
 
-.view_file { font: .9em Courier; background-color: #F8F8F8; overflow:hidden}
+.view_file { font: .9em Courier; background-color: #F8F8F8; }
 
 #file_editor {
 	border: 1px solid #999;
@@ -286,7 +290,7 @@ a:active { border: 1px solid #777; background-color: rgb(245,245,50);  }
 	height: 32em;
 	}
 
-#file_editor:focus { border: 1px solid #Fdd; }
+#file_editor:focus { border: 1px solid #000; }
 
 .file_meta	{ float: left; margin-top: .6em; font-size: .95em; color: #222; }
 
@@ -365,9 +369,7 @@ hr { /*-- -- -- -- -- -- --*/
 
 .clear {clear:both; padding: 0; margin: 0; border: none}
 
-.web_root { border: 0px solid  #777; border-right: none; font: 1em Courier; padding: 1px; }
-
-.icon {float: left;}
+.web_root { border: 1px solid  #777; border-right: none; font: 1em Courier; padding: 1px; background-color: #EEE;}
 
 .mono {font-family: courier;}
 
@@ -392,7 +394,8 @@ hr { /*-- -- -- -- -- -- --*/
 .edit_btns_bottom .RCD { padding-left: 5px; padding-right: 6px; }
 .edit_btns_bottom svg  { padding : 0 4px 0 0; }
 
-input[type="text"].new_name {width  : 50%; margin-bottom: .2em;}
+input[type="text"]#new_name {width  : 50%; margin-bottom: .2em;}
+#new_location {border-left: none;}
 
 #del_backup   { margin: 0; padding: 2px 5px}
 
@@ -428,4 +431,3 @@ input[type="text"].new_name {width  : 50%; margin-bottom: .2em;}
 #path_header a:hover  { border-left : solid 1px #777; border-right: solid 1px #777; background-color: rgb(255,250,150); }
 #path_header a:focus  { border-left : solid 1px #777; border-right: solid 1px #777; background-color: rgb(255,250,150); }
 #path_header a:active { border-left : solid 1px #777; border-right: solid 1px #777; background-color: rgb(255,250,150); }
-
diff --git a/extras/plugin-ckeditor_init.php b/extras/plugin-ckeditor_init.php
index ca3c27b..d070d68 100755
--- a/extras/plugin-ckeditor_init.php
+++ b/extras/plugin-ckeditor_init.php
@@ -4,14 +4,14 @@
 For information on CKEditor, visit ckeditor.com.
 
 Here is a brief how-to:
-(The "plugin" folder used below is not required, or may be named anything you like.)
+(The "plugins" folder used below is not required, or may be named anything you like.)
 
  1) Obtain CKEditor.
 
  2) Install CKEditor into a folder on your web site. For example: "plugins/".
 
  3) From the github.com/Self-Evident/OneFileCMS repo, copy the file 
-    "ckeditor_init.php" into the "plugins/" folder.
+    "extras/plugin-ckeditor_init.php" into the "plugins/" folder.
 
  4) In the configuration section of OneFileCMS, uncomment or add the following variable:
     $WYSIWYG_PLUGIN = 'plugins/ckeditor_init.php';  //Init settings for CKEditor (this file).
@@ -22,9 +22,8 @@
     1) specify the source file of the actual plugin via a <script src= ...> tag.*
 	2) specify the id of the OneFileCMS textarea, "file_editor", in the CKEDITOR.replace() call
 	    
-	*Note: In the src attribute of the <script> tag, the plugin path is absolute,
-	       but relative to the root of the website, and the leading forward slash 
-		   is generally required. 
+	*Note: In the <script> tag, the src path is absolute from the root of the website,
+		   and the leading forward slash is generally required. 
 	(This is in contrast to configuration values such as $WYSIWYG_PLUGIN.)
 
  6) Reload OneFileCMS, open a file for editing, and click [Edit WYSIWIG].
diff --git a/extras/plugin-tinymce_init.php b/extras/plugin-tinymce_init.php
index b744235..ce65102 100755
--- a/extras/plugin-tinymce_init.php
+++ b/extras/plugin-tinymce_init.php
@@ -4,27 +4,26 @@
 For information on TinyMCE, visit tinymce.moxiecode.com.
 
 Here is a brief how-to:
-(The "plugin" folder used below is not required, or may be named anything you like.)
+(The "plugins" folder used below is not required, or may be named anything you like.)
 
  1) Obtain TinyMCE.
 
  2) Install TinyMCE into a folder on your web site. For example: "plugins/".
 
  3) From the github.com/Self-Evident/OneFileCMS repo, copy the file 
-    "tinymce_init.php" into the "plugins/" folder.
+    "extras/plugin-tinymce_init.php" into the "plugins/" folder.
 
  4) In the configuration section of OneFileCMS, uncomment or add the following variable:
-    $WYSIWYG_PLUGIN = 'plugins/tinymce_init.php'; // Init settings for TinyMCE (this file).
+    $WYSIWYG_PLUGIN = 'plugins/tinymce_init.php';   //Init settings for TinyMCE (this file).
 
 	Path can be absolute to the filesystem, or relative to root of website.
 
- 5) In the "init" file specified by $WYSIWYG_PLUGIN (this file): 
+ 5) In the "init" file specified by $WYSIWYG_PLUGIN (ie: this file): 
     - specify the source file of the actual plugin via a <script src= ...> tag.*
 
 
-	*Note: In the src attribute of the <script> tag, the plugin path is absolute,
-	       but relative to the root of the website, and the leading forward slash 
-		   is generally required. 
+	*Note: In the <script> tag, the src path is absolute from the root of the website,
+		   and the leading forward slash is generally required. 
 	(This is in contrast to configuration values such as $WYSIWYG_PLUGIN.)
 
  6) Reload OneFileCMS, open a file for editing, and click [Edit WYSIWIG].
diff --git a/info/OneFileCMS_structure.txt b/info/OneFileCMS_structure.txt
index be7f0e3..b59b338 100755
--- a/info/OneFileCMS_structure.txt
+++ b/info/OneFileCMS_structure.txt
@@ -1,4 +1,4 @@
-OneFileCMS Version 3.5.06 structure/layout
+OneFileCMS Version 3.5.07 structure/layout
 
 LICENSE
 
@@ -36,7 +36,6 @@ MISC FUNCTIONS:
 MISC PAGE SECTIONS/FUNCTIONS
 	Current_Path_Header()
 	Page_Header()
-	message_box()
 	Cancel_Submit_Buttons()
 	show_image()
 	Timeout_Timer()
@@ -67,6 +66,7 @@ PAGE & RESPONSE FUNCTIONS:
 	Index_Page()
 	Edit_Page_buttons_top()
 	Edit_Page_buttons()
+		RCD_buttons()
 	Edit_Page_form()
 	Edit_Page_Notes()
 	Edit_Page()
@@ -96,6 +96,7 @@ JAVASCRIPT FUNCTIONS:
 		Countdown()
 		Start_Countdown()
 		FileTimeStamp()
+		Display_Messages()
 	Index_Page_scripts()
 		Sort_FOlder_First()
 		sort_DIRECTORY()
diff --git a/info/changelog.html b/info/changelog.html
new file mode 100755
index 0000000..465929f
--- /dev/null
+++ b/info/changelog.html
@@ -0,0 +1,607 @@
+<h1>OneFileCMS Change Log</h1>
+
+<h3>v3.5.07 (2014-03-15)</h3>
+
+<ul>
+<li>Removed ability for OneFileCMS to edit itself - it is too risky an option.  If needed, make a copy &amp; edit it.</li>
+<li>Added a [View Raw] button on the Edit/View page.  It displays the raw/plain text of the current file.</li>
+<li>Fixed issue using Chrome &amp; editing some files containing javascript.</li>
+<li>Some changes to "file changed" visual feedback (textarea &amp; [Save] button styles).</li>
+<li>Some general code improvements to Edit_Page_...  functions.</li>
+<li>Some other general code improvements.</li>
+<li>And, a bit of css tweakin...</li>
+</ul>
+
+<h3>v3.5.06 (2014-03-11)</h3>
+
+<ul>
+<li>Added optional logging of login attempts, both successful &amp; failed.</li>
+</ul>
+
+<h3>v3.5.05 (2014-03-09)</h3>
+
+<ul>
+<li>Copy &amp; Rename pages ignore blank "New Name" fields.</li>
+<li>Some minor improvemnts &amp; css tweaks.</li>
+</ul>
+
+<h3>v3.5.04 (2014-03-08)</h3>
+
+<ul>
+<li>Fixed "minor" bug - editor not saving changes (introduced in 3.5.02, but just noticed)</li>
+<li>Some general code improvements &amp; shuffling</li>
+<li>Some CSS shuffling &amp; tweaks.</li>
+</ul>
+
+<h3>v3.5.03 (2014-03-06)</h3>
+
+<ul>
+<li>Minor update to Get_DIRECTORY_DATA(). Didn't seem to affect all php versions.</li>
+</ul>
+
+<h3>v3.5.02 (2014-03-06)</h3>
+
+<ul>
+<li>OneFileCMS can now work with non-ASCII filenames.</li>
+<li>(But, OneFileCMS itself can not be named with non-ASCII characters. I don't know why.)</li>
+<li>Increased $PRE_ITERATIONS from 200 to 1000.  This will affect, at least, older IE's, and maybe other browsers as well. For instance, it takes IE8 37 times longer to perform the "pre-iterations" than Firefox.  In anycase, it can, of course, be changed back if needed. <br />
+(However, OneFileCMS does not currenly work in IE, so it's kinda academic for now.)</li>
+<li>Some css tweaks &amp; improvements.</li>
+</ul>
+
+<h3>v3.5.01 (2014-02-22)</h3>
+
+<ul>
+<li>Mostly behind the scenes stuff...</li>
+<li>Replaced use of htmlentities() with htmlspecialchars().  With UTF-8, htmlentites() is superfluous.</li>
+<li>Added hsc() to a number of strings where should have already been.</li>
+<li>Changed directory sort function a bit. Note: when selecting/deselecting the 'folders first' option, the primary sort will be the last sorted column.</li>
+<li>Split out a new function, Send_data_to_js(), from Index_Page().</li>
+<li>Also, in prep for an upcoming update, tagged several places (with //##### ) where file system calls are made. The $filename strings used in the calls may need to be encoded with something other than UTF-8, depending on the underlying OS's filesystem. (such as NTFS, which uses UTF-16)</li>
+</ul>
+
+<h3>v3.5 (2014-02-19)</h3>
+
+<ul>
+<li>The directory list can now be sorted by column: name, .ext, size, date.</li>
+<li>Also has an option to list folders first, or to sort without regard to file or folder.</li>
+<li>In accomplishing the above, most sorting moved client side.  This permits resorts without another server hit.</li>
+<li>Added &amp; tweaked some css...</li>
+<li>Slight restructure of the repo (ie: move a few "extras" files around).</li>
+<li>NOTE:  versions 3.4.23 and later DO NOT WORK IN IE!  I don't know why yet, mostly likely js related.</li>
+</ul>
+
+<h3>v3.4.23 (2014-02-12)</h3>
+
+<ul>
+<li>More changes in prep for sort by column</li>
+<li>Directory list is now built &amp; displayed client side via javascript.</li>
+</ul>
+
+<h3>v3.4.22 (2014-02-10)</h3>
+
+<ul>
+<li>Mostly some changes to prep for sort by column (name, size, or date) feature.</li>
+</ul>
+
+<h3>v3.4.21 (2014-02-08)</h3>
+
+<ul>
+<li>Added back the option for external style sheets</li>
+<li>Cooresponding updates to sample external config file.</li>
+<li>In addition to specific file names, specific folder names may now be excluded from directory listings.</li>
+<li>Fixed minor missing page title on Copy Folder page</li>
+<li>Tweaked a couple css defaults</li>
+</ul>
+
+<h3>(2013-01-19)</h3>
+
+<ul>
+<li>Just some minor updates/wording changes to the readme &amp; plugin/*.init files.</li>
+</ul>
+
+<h3>v3.4.20 (2012-12-19)</h3>
+
+<ul>
+<li><p>The $ACCESS_ROOT option has been reimplemented and is now fully functional*.  This option limits access to a specified folder (and it's sub-folders).  To use, just specify a valid path relative to the root of the website (no leading slash). <br />
+(*Well, as best as I can tell...)</p></li>
+<li><p>All OneFileCMS configuration variables that reference external files ($CONFIG_file, $LANGUAGE_FILE, $WYSIWYG_PLUGIN) must be specified in one of two ways:  </p>
+
+<ol>
+<li>Relative to the root of the website - with NO leading slash:  "some/path/from/webroot/somefile.php"  </li>
+<li>Absolute to the file system - WITH a leading slash:  "/some/path/from/system/root/somefile.php" <br />
+(On Windows, the drive letter may also be used, but it is not required if all is on same drive.)</li>
+</ol></li>
+</ul>
+
+<h3>v3.4.19 (2012-12-12)</h3>
+
+<ul>
+<li><p>Slightly adjusted how wysiwyg plugins are implemented - removed $WYSIWIG_SOURCE config variable. <br />
+(It's value is now specified directly in the "init" file specified by $WYSIWYG_PLUGIN.)</p></li>
+<li><p>Two steps forward, one step back... <br />
+Just for now - removed the $ACCESS_ROOT option.  I was coding in circles and getting no where while trying to reconcile various issues:  </p>
+
+<ul>
+<li>With OneFileCMS in any folder other than the web root,</li>
+<li>With OneFileCMS in a folder other than $ACCESS_ROOT  </li>
+<li>Depending on the above, can't delete the backup copy of OneFileCMS created by a p/w or u/n change).</li>
+<li>External file references (config, language, plugins) affected by the above.  </li>
+<li>Should $ACCESS_ROOT also restrict access to OneFileCMS itself?  That would prevent p/w &amp; u/n changes.</li>
+<li>Display of the current/path/header/ varies depending on $ACESS_ROOT.</li>
+<li>Combining the above.</li>
+</ul>
+
+<p>A solution is in the works, but I'm going to take some time to make sure no new problems are introduced by the eventual fix. (hahaha...) It will probably end up being simple, but it's not yet...</p></li>
+<li><p>Just a general note on security: due to the fundamental structure of OneFileCMS - primarily that it's one file, and that there is no seperate database for authentication - there are certain inherent security limitations that should be kept in mind:  </p>
+
+<ul>
+<li>The first is that all OneFileCMS users are "admins", with the ability to upload and edit files with any type of code.</li>
+<li>Next, as a direct consequence of the prior point, is that any restriction imposed by some potential feature, such as the $ACCESS_ROOT option that limited access to a specific folder, is only - at most - a guard against accidental access and modification of files outside of the "accessible" folder.   This is not to say that such features are not useful - this is simply meant to provide a realistic expectation of security, and that OneFileCMS should only be used with trusted users.</li>
+</ul></li>
+</ul>
+
+<h3>v3.4.18 (2012-12-03)</h3>
+
+<p>Of course, everything comes with a price (exacerbated by my apparent lack of testing...)</p>
+
+<ul>
+<li>Anyway, the current release partly fixes an issue when trying to use a wysiwyg editor with onefilecms.php installed in a sub-folder of a site.  The issue is - it didn't work.  Now it does - mostly. However, there is still an issue using wysiwyg editors if the $ACCESS_ROOT variable is set to anything but blank (root).</li>
+</ul>
+
+<h3>2012-12-03</h3>
+
+<ul>
+<li>Just a note: there is an issue using a wysiwyg editor when onefilecm.php is in a sub-folder, or related to using the $ACCESS_ROOT option (restricting onefilecms access to a folder).  WYSIWYG seems to otherwise work fine when onefilecms.php is in the root folder of a site.</li>
+</ul>
+
+<h3>v3.4.17 (2012-11-29)</h3>
+
+<ul>
+<li><p>WYSIWYG is here! <br />
+Due to popular demand (ie: it has been requested more than once), WYSYWIG editors can now be "plugged in" and used with OneFileCMS.  Currently, only <a href="http://tinymce.moxiecode.com/">TinyMCE</a> and <a href="http://ckeditor.com/">CKEditor</a> have been tested (and on a very limited scale). Others may work - but I don't know yet.  And, naturally, the use or inclusion of such editors is completely optional, of course.</p>
+
+<p><strong>No actual WYSIWYG editors are included with OneFileCMS</strong> - any desired editor must be obtained seperately.</p>
+
+<p>A brief how-to on using either editor can be found in their respective sample "init" files included in the plugins folder of the OneFileCMS repo. Any suitable init file for a given editor may be used, as long as the correct path to the editor's javascript source file is specified, and - for CKEditor - the id of the OneFileCMS textarea, "file_editor", is also be specified. </p>
+
+<p>Now, while everything seems to work, I have little to no experience using TinyMCE, CKEditor, or any other such application. So, if there is something missing or not working as expected, please let me know (open an "issue" on the Issues page).</p>
+
+<p>Notes:  </p>
+
+<ul>
+<li><p>These editors have their own, extensive, event controls (responses to keyboard &amp; mouse input), so the OneFileCMS edit page event scripts are not loaded when an editor is in use.  The primary effect is the loss of incidental file status indicators - [Save] will not change to [SAVE CHANGES!], background color will not change, etc., and any "unsaved changes" alerts should be handled by the active editor.  Also, the [Wide View] button will be unavailable.  </p></li>
+<li><p>The TinyMCE "init" file included in the OneFileCMS repo specifies the use of the TinyMCE "fullpage" plugin, which produces an "unsaved changes" alert every time you exit the Edit page - even if no changes have been made to the file in the editor.  </p></li>
+<li><p>The CKEditor, on the other hand, does not seem to present an alert at all when you leave the editor page - even with unsaved changes.  </p></li>
+</ul></li>
+</ul>
+
+<h3>v3.4.16 (2012-11-23)</h3>
+
+<ul>
+<li>Added icons to lower buttons on edit page.</li>
+<li>And a few code tweaks &amp; improvements.</li>
+</ul>
+
+<h3>v3.4.15 (2012-11-18)</h3>
+
+<ul>
+<li><p>Added client-side hashing of passwords. 
+This is primarily a benefit for the user, as it does not really add any security to the server side application that uses it (such as OneFileCMS).  The reason is that this "pre-hash" simply becomes the actual password as far as the server is concerned, and is just as vulnerable to exposure while in transit. However, it does help to protect the user's plain-text password, which may be used elsewhere.  </p></li>
+<li><p>Also added a "please wait..." message while computing the client-side hashes - primarily for IE versions &lt; 9, which are MUCH slower than FF or Chrome (by a factor of 37 or more).  Subsequently, the number of iterations for the client-side hashing is quite low (compared to the server side), but still causes a 1 - 2 second delay on the login screen, and a 3 - 6 second delay on the Change Password screen.  On FF and Chrome, however, the delay is much shorter, almost unnoticable.</p></li>
+<li><p>I want to thank <a href="http://github.com/fermuch">fermuch</a> for the client-side hashing suggestion.  While a somewhat different approach was ultlimately employed, his original solution provided the insight needed to approach the idea in general.</p></li>
+</ul>
+
+<h3>3.4.14 (2012-11-12)</h3>
+
+<ul>
+<li>Courtesy of <a href="github.com/Fuchur777">Fuchur777</a>, added option to restrict OneFileCMS to a specified folder (and it's sub-folders).</li>
+<li>Fixed issue on Upload page if using PHP v3.2.12 or earlier.</li>
+<li>A few miscellaneous code improvements.</li>
+</ul>
+
+<h3>(2012-11-11)</h3>
+
+<ul>
+<li>Thanks to <a href="https://github.com/zaykin">zaykin</a> for the Russion language file!</li>
+</ul>
+
+<h3>3.4.13 (2012-11-05)</h3>
+
+<ul>
+<li>Thanks to <a href="http://github.com/symsec">symsec</a> for the Dutch (Nederlands) language file!</li>
+<li>Otherwise, mostly some incidental code improvements and cleanup.</li>
+</ul>
+
+<h3>3.4.12 (2012-10-21)</h3>
+
+<ul>
+<li>On the Upload Page, added an option to select either automatic rename or overwrite of pre-existing files.</li>
+</ul>
+
+<h3>3.4.11 (2012-10-16)</h3>
+
+<ul>
+<li>Just a few code tweaks and improvements.</li>
+</ul>
+
+<h3>3.4.10 (2012-10-08)</h3>
+
+<ul>
+<li>Folders are now listed ahead of files in main file list.</li>
+<li>Quite of bit of code consolidation and improvement.</li>
+<li>Converted svg icons from functions into an array of $ICONS[]</li>
+</ul>
+
+<h3>3.4.09</h3>
+
+<ul>
+<li>Can now recursively copy folders.</li>
+<li>Consolidated some functions.</li>
+<li>Removed some svg icons no longer used.</li>
+<li>The usual "code cleanup" and "tweaked some css"...</li>
+</ul>
+
+<h3>3.4.07</h3>
+
+<ul>
+<li>Can now recursively delete non-empty folders (just be careful!)</li>
+<li>Consolidated some functions.</li>
+<li>Minor bug fix &amp; a few misc code improvements.</li>
+<li>Darkened folder icons.</li>
+<li>Removed &amp; changed a few $_[] language strings. </li>
+</ul>
+
+<h3>3.4.06</h3>
+
+<ul>
+<li>Minor bug fix: Index page would not display folders that started with a period ("hidden" folders on *nix)</li>
+</ul>
+
+<h3>3.4.05</h3>
+
+<ul>
+<li>Consolidated index page radio &amp; submit buttons (for Move, Copy, Delete) into just three standard buttons.</li>
+<li>Added multi-file upload ability.</li>
+<li>Index page: removed extra Upload/New/Rename/Delete buttons from  bottom of page.</li>
+<li>Subsequent to the above, a bit of code cleanup &amp; improvement.</li>
+</ul>
+
+<h3>3.4.04</h3>
+
+<ul>
+<li>Minor bug fix.</li>
+</ul>
+
+<h3>3.4.02-3.4.03</h3>
+
+<ul>
+<li>Primary user noticable change: on rename/move/copy pages, split "New Name" from "New Location".</li>
+<li>A couple minor bug fixes.</li>
+<li>Consolidated four functions into two.</li>
+<li>Other general code cleanup &amp; improvements.</li>
+<li>Numerous new, changed, and removed langauge settings.</li>
+</ul>
+
+<h3>3.4.01</h3>
+
+<ul>
+<li>A couple of minor bug fixes.</li>
+<li>Some code cleanup &amp; improvements.</li>
+</ul>
+
+<h3>3.3.17 - 3.4.0 (2012-08-29)</h3>
+
+<ul>
+<li>Added option to select and move, copy, or delete multiple files.</li>
+<li>And other general code tweaks and improvements.</li>
+</ul>
+
+<h3>3.3.11 - 3.3.16</h3>
+
+<ul>
+<li>Added screens for changing username and password.</li>
+<li>Plaintext $PASSWORD option is no longer available.</li>
+<li>Added options to Rename, Copy, or Delete files from Index screen.</li>
+<li>Improved validation of $_GET parameters &amp; other general code improvements.</li>
+</ul>
+
+<h3>3.3.10</h3>
+
+<ul>
+<li>Created an actual "Admin" page that has links to admin functions: Hash Page, Edit OneFileCMS, and (soon) Change Password.</li>
+</ul>
+
+<h3>3.3.09</h3>
+
+<ul>
+<li>Minor code improvements &amp; cleanup.</li>
+</ul>
+
+<h3>3.3.08</h3>
+
+<ul>
+<li>Added some basic error handling and now using buffering to capture errant early output.</li>
+<li>Seperate function to handle dynamic css values.</li>
+</ul>
+
+<h3>3.3.07</h3>
+
+<ul>
+<li>Language file formats are now php instead of ini.</li>
+<li>Minor improvement to version checking.</li>
+</ul>
+
+<h3>3.3.06</h3>
+
+<ul>
+<li>Increased hash iterations from 1000 to 10000.  (I've read that lots of iterations help slow down brute force p/w recovery)</li>
+<li>Format for external config files is now just php (instead of ini).</li>
+<li>Some miscellaneous code &amp; css improvements.</li>
+</ul>
+
+<h3>3.3.05a</h3>
+
+<ul>
+<li>Just removed some trouble-shooting code that was left in unintentionally.</li>
+</ul>
+
+<h3>3.3.05</h3>
+
+<ul>
+<li>Added a few settings to the language files to adjust certain css values if needed.  In some instances, some langauges may use significantly longer words or phrases than others.  So, a smaller font or less spacing may be desirable in those places to preserve page layout.   </li>
+<li>And, of course, some minor code improvements hear and there.</li>
+</ul>
+
+<h3>3.3.04</h3>
+
+<ul>
+<li>Added Spanish language file courtesy of <a href="https//github.com/fermuch">fermuch</a>.</li>
+<li>Some misc code improvements.</li>
+<li>Added notes regarding using .ini file for password storage.</li>
+</ul>
+
+<h3>3.3.03</h3>
+
+<ul>
+<li>"Wide View" option on Edit page now persists across saves.</li>
+<li>Improved handling of language files.  However, kinda' like "online security", "multi-language support" is nebulous and a bit finicky.</li>
+</ul>
+
+<h3>3.3.02</h3>
+
+<ul>
+<li>Added German language file courtesy of <a href="http://github.com/codeless">codeless</a>.</li>
+</ul>
+
+<h3>3.3.01</h3>
+
+<ul>
+<li>Fixed a "minor" issue after adding multi-language support- OneFileCMS stopped working altogether on versions of PHP &lt; 5.3.</li>
+</ul>
+
+<h3>3.3.0</h3>
+
+<ul>
+<li>Added support for optional external language files.   Now to get some translations...  </li>
+<li>The default, English, is included directly in OneFileCMS, of course.</li>
+<li>A sample language file (English) is included in the repo for reference for anyone that may be interested.</li>
+</ul>
+
+<h3>3.2.3</h3>
+
+<ul>
+<li>Thanks to github.com/codeless: added the ability to process a seperate config file. <br />
+(This is just an option for flexibility, and is not required)</li>
+<li>Added a [Wide View] button to Edit page.</li>
+<li>Some minor code improvement &amp; css tweaking.</li>
+</ul>
+
+<h3>3.2.2</h3>
+
+<ul>
+<li>Thanks to github.com/codeless: added a configurable whitelist of files to show.</li>
+<li>Fixed minor issue on hash page (needed htmlspecialchars)</li>
+<li>And, of course, various style &amp; code tweaks.</li>
+</ul>
+
+<h3>3.2.1</h3>
+
+<ul>
+<li>Added timer to "Please wait..." message after too many invalid login attempts.</li>
+<li>Mostly some misc code cleanup &amp; improvement.</li>
+</ul>
+
+<h3>3.2.0</h3>
+
+<ul>
+<li>Added a few security improvements.</li>
+<li>Added "timeout" timer as a warning to save edits before they're lost.</li>
+</ul>
+
+<h3>3.1.9</h3>
+
+<ul>
+<li>Password may now be stored as an encrypted hash, instead of in plain text.</li>
+<li>Added an "Admin" page to generate password hashes.</li>
+<li>A bunch of other code tweakin' &amp; improvements.</li>
+</ul>
+
+<h3>3.1.6 thru 3.1.8</h3>
+
+<ul>
+<li>Converted bulk of rest of code into functions (easier to work with).</li>
+<li>Resolved issue (I hope) with differing versions of PHP and how magic_quotes &amp; stripslashes are handled.</li>
+</ul>
+
+<h3>3.1.2 thru 3.1.5</h3>
+
+<ul>
+<li>Added file size limits to the Edit/View page. (Some browsers don't like large files in an HTML textarea.)</li>
+<li>Added some data validation to $_GET parameters</li>
+<li>Some misc code cleanup &amp; organization etc.</li>
+<li>And other misc stuff...</li>
+</ul>
+
+<h3>3.1.1</h3>
+
+<ul>
+<li>Fixed minor issue with data encoding of file for editting in a &lt;textarea></li>
+</ul>
+
+<h3>3.1</h3>
+
+<ul>
+<li>(Very) moderate data validation improvements.</li>
+<li>Reorganized &amp; funcionalized() most of the code.</li>
+</ul>
+
+<h3>3.0</h3>
+
+<ul>
+<li>Implemented svg icons</li>
+</ul>
+
+<h3>2.0</h3>
+
+<ul>
+<li><p>OneFileCMS is now actually ONE FILE! No external style sheets or icons. <br />
+(Of course, external style sheets &amp; icons can be added back in, if you like.)</p></li>
+<li><p>This is OneFileCMS "Lite", and will be maintained along with v3.0</p></li>
+</ul>
+
+<h3>1.5</h3>
+
+<ul>
+<li>Style sheet is now part of onfilecms.php file, but still uses external icons.</li>
+<li>Some minor logic improvements on Edit &amp; Index pages.</li>
+</ul>
+
+<h3>1.4.0</h3>
+
+<ul>
+<li>Substantial code reorganization &amp; updates.</li>
+</ul>
+
+<h3>1.2.4 - 1.3.0</h3>
+
+<ul>
+<li>DO NOT USE THESE VERSIONS!</li>
+<li>Mostly just a bunch of code modifications.</li>
+<li>These versions have issues, primarily when on the home/root page your site. </li>
+</ul>
+
+<h3>1.2.3</h3>
+
+<ul>
+<li>Fixed check for local css. If not found, loads hosted copy. 
+(This will soon be a moot point...)</li>
+</ul>
+
+<h3>1.2.2</h3>
+
+<ul>
+<li>On "Edit" page, images are now displayed directly, instead of a disabled textarea.</li>
+<li>Logout page replaced with standard "alert" message on login screen.</li>
+</ul>
+
+<h3>1.2.1</h3>
+
+<ul>
+<li>Fixed security hole that affected versions 1.1.7 - 1.2.0.</li>
+</ul>
+
+<h3>1.2.0</h3>
+
+<ul>
+<li>List of files now sorted alphabetically, without regard to case.</li>
+<li>Further improved Edit page &amp; screen feedback of file state (changed/unchanged).</li>
+<li>Added [X] dismiss button on message box</li>
+<li>File dates shown on Index &amp; Edit pages are now in user's local time.</li>
+<li>Moved from xhtml to html syntax &amp; doctype.</li>
+</ul>
+
+<h3>1.1.9</h3>
+
+<ul>
+<li>Improved Edit page &amp; screen feedback of file state (changed/unchanged).</li>
+<li>Removed use of jquery in move towards a true "OneFileCMS".</li>
+</ul>
+
+<h3>1.1.8</h3>
+
+<ul>
+<li>Added a table list view option (default).  Either List or original "Block" view selectable with $VIEW_MODE variable. (On screen selection in the works)</li>
+<li>(And, of course, numerous other code tweaks/improvements.</li>
+</ul>
+
+<h3>1.1.7</h3>
+
+<ul>
+<li>Added [Cancel] button to most screens. Numerous minor UI &amp; code tweaks/improvements.  Changed where .css is hosted (may change back later).  Removed "Rendered in (microseconds)...".  Added license info &amp; copyright notice.</li>
+</ul>
+
+<h3>1.1.6</h3>
+
+<ul>
+<li>Breadcrumb navigation (courtesy of <a href="https://github.com/Self-Evident/">Self-Evident</a>), CSS file and some minor changes to it</li>
+<li>Installation is still as usual, but now, if you have <em>onefilecms.css</em> in the same folder as <em>onefilecms.php</em>, it'll be linked instead of the normal <a href="http://onefilecms.com/style.css">http://onefilecms.com/style.css</a>.</li>
+</ul>
+
+<h3>1.1.5</h3>
+
+<ul>
+<li>Fixed a disallowed redirect vulnerability <br />
+Many thanks to Abhi M Balakrishnan from <a href="http://www.getmantra.com/">OWASP Mantra Team</a> for his help</li>
+</ul>
+
+<h3>1.1.4</h3>
+
+<ul>
+<li>JavaScript cleanup and jQuery upgrade</li>
+<li>Visit Site = /</li>
+<li>Now on GitHub!</li>
+</ul>
+
+<h3>1.1.3 (1/10/2012)</h3>
+
+<ul>
+<li>Fixed a upload bug leftover from 1.1.2's CSRF protection</li>
+</ul>
+
+<h3>1.1.2 (9/21/11)</h3>
+
+<ul>
+<li>More CSRF protection for logged-in users</li>
+</ul>
+
+<h3>1.1.1 (1/9/10)</h3>
+
+<ul>
+<li>CSRF protection (thanks Steve and Rene)</li>
+<li>Support for storing password as an MD5 hash (thanks, durilka!)</li>
+</ul>
+
+<h3>1.1.0 (10/18/09)</h3>
+
+<ul>
+<li>config_footer variable for branding or analytics code</li>
+<li>config_disabled variable to disallow editing of files like images, zips, icons, etc</li>
+<li>config_excluded variable to exclude specific files (or filetypes) from being shown in the index</li>
+<li>Shows hidden files (files that start with a "." like ".htaccess") on index listing</li>
+<li>"noindex" meta tag so Google doesn't crawl your backend</li>
+<li>Fixed a couple minor CSS and link bugs in the example site.</li>
+<li>Updated license page to clarify commercial license usage per domain and upgrade.</li>
+</ul>
+
+<h3>1.0.1 (9/24/09)</h3>
+
+<ul>
+<li>Relative CSS links and navigation in example site to work better with the demo (No change to OneFileCMS itself)</li>
+</ul>
+
+<h3>1.0 (9/5/09)</h3>
+
+<ul>
+<li>Launch!</li>
+</ul>
diff --git a/info/changelog.markdown b/info/changelog.markdown
index f9870f7..d7f9cc8 100755
--- a/info/changelog.markdown
+++ b/info/changelog.markdown
@@ -1,5 +1,15 @@
 # OneFileCMS Change Log
 
+### v3.5.07 (2014-03-15)
+
+- Removed ability for OneFileCMS to edit itself - it is too risky an option.  If needed, make a copy & edit it.
+- Added a [View Raw] button on the Edit/View page.  It displays the raw/plain text of the current file.
+- Fixed issue using Chrome & editing some files containing javascript.
+- Some changes to "file changed" visual feedback (textarea & [Save] button styles).
+- Some general code improvements to Edit\_Page\_...  functions.
+- Some other general code improvements.
+- And, a bit of css tweakin...
+
 ### v3.5.06 (2014-03-11)
 
 - Added optional logging of login attempts, both successful & failed.
diff --git a/languages/OneFileCMS.LANG.DE.php b/languages/OneFileCMS.LANG.DE.php
index ee118b1..18d8f56 100755
--- a/languages/OneFileCMS.LANG.DE.php
+++ b/languages/OneFileCMS.LANG.DE.php
@@ -1,5 +1,5 @@
 <?php
-// OneFileCMS Language Settings v3.5.01
+// OneFileCMS Language Settings v3.5.07
 
 $_['LANGUAGE'] = 'Deutsch';
 $_['LANG'] = 'DE';
@@ -21,11 +21,11 @@
 $_['MCD_margin_R']           = '1.0em';   //[Move] [Copy] [Delete] buttons
 $_['button_font_size']       = '0.8em';   //Buttons on Edit page.
 $_['button_margin_L']        = '0.7em';
-$_['button_padding']         = '4px 2px';
+$_['button_padding']         = '4px 2px'; //T R B L
 $_['image_info_font_size']   = '.95em';   //show_img_msg_01  &  _02
 $_['image_info_pos']         = '1';       //If 1 or true, moves the info down a line for more space.
 $_['select_all_label_size']  = '.84em';   //Font size of $_['Select_All']
-$_['select_all_label_width'] = '76px';    //Width of space for $_['Select_All']
+$_['select_all_label_width'] = '76px';    //Width of space for $_['Select_All'] //Not used as of 3.4.23
 
 $_['HTML']    = 'HTML';
 $_['WYSIWYG'] = 'WYSIWYG'; //## NT ##
@@ -33,6 +33,7 @@
 $_['Admin']    = 'Konfiguration';
 $_['bytes']    = 'bytes';   //## NT ##
 $_['Cancel']   = 'Abbrechen';
+$_['cancelled'] = 'cancelled'; //## NT ##
 $_['Close']    = 'Schließen';
 $_['Copy']     = 'Erstellen';
 $_['Copied']   = 'Kopieren';
@@ -58,47 +59,46 @@
 $_['on']       = 'läuft unter';
 $_['Password'] = 'Passwort';
 $_['Rename']   = 'Umbenennen';
+$_['reset']    = 'Zurücksetzen';
+$_['save_1']   = 'Speichern';
+$_['save_2']   = 'ÄNDERUNGEN SPEICHERN!';
 $_['Size']     = 'Size';    //## NT ##
 $_['Source']   = 'Source';  //## NT ##
 $_['successful'] = 'Erfolgreich';
 $_['To']       = 'Auf';
 $_['Upload']   = 'Heraufladen';
 $_['Username'] = 'Benutzername';
+$_['View']     = 'View';    //## NT ##
 $_['Working']  = 'Working - please wait...'; //## NT ##
 
-$_['Log_In']         = 'Anmelden';
-$_['Log_Out']        = 'Abmelden';
-$_['Admin_Options']  = 'Konfiguration Optionen';
-$_['Are_you_sure']   = 'Sind Sie sicher?';
-$_['Edit_View']      = 'Datei Bearbeiten / Ansicht';
-$_['Upload_File']    = 'Datei heraufladen';
-$_['New_File']       = 'Neuer Datei';
-$_['Ren_Move']       = 'Umbenennen / Verschieben';
-$_['Ren_Moved']      = 'Umbenannt / Verschoben';
-$_['folders_first']  = 'folders first'; //## NT ##
+$_['Log_In']       = 'Anmelden';
+$_['Log_Out']      = 'Abmelden';
+$_['Admin_Options'] = 'Konfiguration Optionen';
+$_['Are_you_sure'] = 'Sind Sie sicher?';
+$_['View_Raw']     = 'View Raw'; //## NT ##
+$_['Open_View']    = 'Ansicht im Browser-Fenster';
+$_['Edit_View']    = 'Datei Bearbeiten / Ansicht';
+$_['Wide_View']    = 'Breitenadaptierte Ansicht';
+$_['Normal_View']  = 'Normale Ansicht';
+$_['Upload_File']  = 'Datei heraufladen';
+$_['New_File']     = 'Neuer Datei';
+$_['Ren_Move']     = 'Umbenennen / Verschieben';
+$_['Ren_Moved']    = 'Umbenannt / Verschoben';
+$_['folders_first'] = 'folders first'; //## NT ##
 $_['folders_first_info'] = 'Sort folders first, but don\'t change primary sort.'; //## NT ##
-$_['New_Folder']     = 'Neuer Ordner';
-$_['Ren_Folder']     = 'Ordner umbenennen/verschieben';
-$_['Submit']         = 'Anfrage senden';
-$_['Move_Files']     = 'Datei Verschieben';
-$_['Copy_Files']     = 'Datei Kopieren';
-$_['Del_Files']      = 'Datei Löschen';
+$_['New_Folder']   = 'Neuer Ordner';
+$_['Ren_Folder']   = 'Ordner umbenennen/verschieben';
+$_['Submit']       = 'Anfrage senden';
+$_['Move_Files']   = 'Datei Verschieben';
+$_['Copy_Files']   = 'Datei Kopieren';
+$_['Del_Files']    = 'Datei Löschen';
 $_['Selected_Files'] = 'Ausgewählte Dateien';
-$_['Select_All']     = 'Alles auswählen';
-$_['Clear_All']      = 'Deaktivieren Sie alle';
-$_['New_Location']   = 'Neuer Ordner';
-$_['No_files']       = 'Keine Dateien ausgewählt.';
-$_['Not_found']      = 'Nicht gefunden';
-$_['Invalid_path']   = 'Invalid path'; //## NT ##
-$_['pass_to_hash']   = 'Passwort Streuwert:';
-$_['Generate_Hash']  = 'Streuwert generieren';
-
-$_['save_1']      = 'Speichern';
-$_['save_2']      = 'ÄNDERUNGEN SPEICHERN!';
-$_['reset']       = 'Zurücksetzen';
-$_['Wide_View']   = 'Breitenadaptierte Ansicht';
-$_['Normal_View'] = 'Normale Ansicht';
-$_['Open_View']   = 'Ansicht im Browser-Fenster';
+$_['Select_All']   = 'Alles auswählen';
+$_['Clear_All']    = 'Deaktivieren Sie alle';
+$_['New_Location'] = 'Neuer Ordner';
+$_['No_files']     = 'Keine Dateien ausgewählt.';
+$_['Not_found']    = 'Nicht gefunden';
+$_['Invalid_path'] = 'Invalid path'; //## NT ##
 
 $_['verify_msg_01']     = 'Sitzung abgelaufen.';
 $_['verify_msg_02']     = 'UNGÜLTIGE DATENSENDUNG';
@@ -112,13 +112,15 @@
 $_['show_img_msg_01']   = 'Die Bilddarstellung entspricht ~';
 $_['show_img_msg_02']   = '% der wahren Größe (W x H = ';
 
-$_['hash_txt_01'] = 'Die Streuwert von dieser Seite erzeugt wird, kann verwendet werden, um manuell zu aktualisieren $ HASHWORD in OneFileCMS, oder in einer externen Konfigurationsdatei werden. In jedem Fall sicher, dass Sie das Kennwort erinnern verwendet, um den Streuwert zu generieren!';
-$_['hash_txt_06'] = 'Tippen Sie das gewünschte Passwort in das Eingabefeld und drücken Sie Enter.';
-$_['hash_txt_07'] = 'Der Streuwert wird in einer gelben Box überhalb angezeigt werden.';
-$_['hash_txt_08'] = 'Kopieren Sie den neuen Streuwert und fügen Sie ihn in den Konfigurationsbereich als Wert der Variable $HASHWORD ein.';
-$_['hash_txt_09'] = 'Stellen Sie sicher, dass Sie den GESAMTEN Streuwert -- und nur diesen (keine führenden oder nachgestellten Leerzeichen, etc.) -- kopiert haben.';
-$_['hash_txt_10'] = 'Ein Doppelklick sollte den Streuwert auswählen...';
-$_['hash_txt_12'] = 'Wenn die Werte eingetragen wurden, melden Sie sich ab und wieder an.';
+$_['hash_txt_01']   = 'Die Streuwert von dieser Seite erzeugt wird, kann verwendet werden, um manuell zu aktualisieren $ HASHWORD in OneFileCMS, oder in einer externen Konfigurationsdatei werden. In jedem Fall sicher, dass Sie das Kennwort erinnern verwendet, um den Streuwert zu generieren!';
+$_['hash_txt_06']   = 'Tippen Sie das gewünschte Passwort in das Eingabefeld und drücken Sie Enter.';
+$_['hash_txt_07']   = 'Der Streuwert wird in einer gelben Box überhalb angezeigt werden.';
+$_['hash_txt_08']   = 'Kopieren Sie den neuen Streuwert und fügen Sie ihn in den Konfigurationsbereich als Wert der Variable $HASHWORD ein.';
+$_['hash_txt_09']   = 'Stellen Sie sicher, dass Sie den GESAMTEN Streuwert -- und nur diesen (keine führenden oder nachgestellten Leerzeichen, etc.) -- kopiert haben.';
+$_['hash_txt_10']   = 'Ein Doppelklick sollte den Streuwert auswählen...';
+$_['hash_txt_12']   = 'Wenn die Werte eingetragen wurden, melden Sie sich ab und wieder an.';
+$_['pass_to_hash']  = 'Passwort Streuwert:';
+$_['Generate_Hash'] = 'Streuwert generieren';
 
 $_['login_txt_01']  = 'Benutzername:';
 $_['login_txt_02']  = 'Passwort:';
@@ -133,10 +135,10 @@
 $_['edit_note_01b'] = ' ist ';
 $_['edit_note_02']  = 'Speichern Sie Änderungen bevor der Countdown abläuft, oder die Änderungen sind verloren!';
 $_['edit_note_03']  = 'Einige Browser (wie zum Beispiel Chrome) zeigen eventuell nicht den richtigen Dateistatus an, wenn man die Vor- und Zurückknöpfe verwendet. Zum Korrigieren offensichtlich falscher Angaben drücken Sie in so einem Fall bitte den "Neu laden"-Knopf.';
-$_['edit_note_04']  = 'Die XSS-Filter des Chrome Browsers deaktivieren möglicherweise einige JavaScript-Funktionen, wenn diese in einem gewissen Kontext auftreten. Das kann sich auf einige Features des OneFileCMS auswirken. Trotzdem können solche Dateien bearbeitet und gespeichert werden. Allerdings bleibt die Hintergrundfarbe immer gleich; Änderungen an der Datei werden sonst mit wechselnden Hintergrundfarben (rot und grün) dargestellt.';
 
 $_['edit_h2_1']   = 'Betrachtend: ';
 $_['edit_h2_2']   = 'In Bearbeitung: ';
+$_['edit_txt_00'] = 'Edit disabled.'; //## NT ##
 $_['edit_txt_01'] = 'Unbekannter Dateityp oder keine Textdatei. Bearbeitungsmöglichkeit ausgeschalten.';
 $_['edit_txt_02'] = 'Die Datei enthält möglicherweise ungültige Zeichen. Der Bearbeitungs- und Betrachtungsmodus wurde gesperrt.';
 $_['edit_txt_03'] = 'htmlspecialchars() gab eine leere Zeichenkette zurück.';
diff --git a/languages/OneFileCMS.LANG.EN.php b/languages/OneFileCMS.LANG.EN.php
index fe7e904..385625b 100755
--- a/languages/OneFileCMS.LANG.EN.php
+++ b/languages/OneFileCMS.LANG.EN.php
@@ -1,5 +1,5 @@
 <?php
-// OneFileCMS Language Settings v3.5.01
+// OneFileCMS Language Settings v3.5.07
 
 $_['LANGUAGE'] = 'English';
 $_['LANG'] = 'EN';
@@ -21,11 +21,11 @@
 $_['MCD_margin_R']           = '1.0em';   //[Move] [Copy] [Delete] buttons
 $_['button_font_size']       = '0.9em';   //Buttons on Edit page.
 $_['button_margin_L']        = '0.7em';
-$_['button_padding']         = '4px 7px';
+$_['button_padding']         = '4px 7px 4px 7px'; //T R B L
 $_['image_info_font_size']   = '1em';     //show_img_msg_01  &  _02
 $_['image_info_pos']         = '';        //If 1 or true, moves the info down a line for more space.
 $_['select_all_label_size']  = '.84em';   //Font size of $_['Select_All']
-$_['select_all_label_width'] = '72px';    //Width of space for $_['Select_All']
+$_['select_all_label_width'] = '72px';    //Width of space for $_['Select_All'] //Not used as of 3.4.23
 
 $_['HTML']    = 'HTML';
 $_['WYSIWYG'] = 'WYSIWYG';
@@ -33,6 +33,7 @@
 $_['Admin']    = 'Admin';
 $_['bytes']    = 'bytes';
 $_['Cancel']   = 'Cancel';
+$_['cancelled'] = 'cancelled'; //## NT ## as of 3.5.07
 $_['Close']    = 'Close';
 $_['Copy']     = 'Copy';
 $_['Copied']   = 'Copied';
@@ -45,7 +46,7 @@
 $_['Enter']    = 'Enter';
 $_['Error']    = 'Error';
 $_['errors']   = 'errors';
-$_['ext']      = '.ext';    //filename[.ext]ension
+$_['ext']      = '.ext';    //## NT ## filename[.ext]ension
 $_['File']     = 'File';
 $_['files']    = 'files';
 $_['Folder']   = 'Folder';
@@ -58,47 +59,46 @@
 $_['on']       = 'on';
 $_['Password'] = 'Password';
 $_['Rename']   = 'Rename';
+$_['reset']    = 'Reset';
+$_['save_1']   = 'Save';
+$_['save_2']   = 'SAVE CHANGES'; //#### removed '!' in 3.5.07
 $_['Size']     = 'Size';
 $_['Source']   = 'Source';
 $_['successful'] = 'successful';
 $_['To']       = 'To';
 $_['Upload']   = 'Upload';
 $_['Username'] = 'Username';
+$_['View']     = 'View';
 $_['Working']  = 'Working - please wait...';
 
-$_['Log_In']         = 'Log In';
-$_['Log_Out']        = 'Log Out';
-$_['Admin_Options']  = 'Administration Options';
-$_['Are_you_sure']   = 'Are you sure?';
-$_['Edit_View']      = 'Edit / View';
-$_['Upload_File']    = 'Upload File';
-$_['New_File']       = 'New File';
-$_['Ren_Move']       = 'Rename / Move';
-$_['Ren_Moved']      = 'Renamed / Moved';
-$_['folders_first']  = 'folders first'; //## NT ##
+$_['Log_In']       = 'Log In';
+$_['Log_Out']      = 'Log Out';
+$_['Admin_Options'] = 'Administration Options';
+$_['Are_you_sure'] = 'Are you sure?';
+$_['View_Raw']     = 'View Raw'; //## NT ### as of 3.5.07
+$_['Open_View']    = 'Open/View in browser window';
+$_['Edit_View']    = 'Edit / View';
+$_['Wide_View']    = 'Wide View';
+$_['Normal_View']  = 'Normal View';
+$_['Upload_File']  = 'Upload File';
+$_['New_File']     = 'New File';
+$_['Ren_Move']     = 'Rename / Move';
+$_['Ren_Moved']    = 'Renamed / Moved';
+$_['folders_first'] = 'folders first'; //## NT ##
 $_['folders_first_info'] = 'Sort folders first, but don\'t change primary sort.'; //## NT ##
-$_['New_Folder']     = 'New Folder';
-$_['Ren_Folder']     = 'Rename / Move Folder';
-$_['Submit']         = 'Submit Request';
-$_['Move_Files']     = 'Move File(s)';
-$_['Copy_Files']     = 'Copy File(s)';
-$_['Del_Files']      = 'Delete File(s)';
+$_['New_Folder']   = 'New Folder';
+$_['Ren_Folder']   = 'Rename / Move Folder';
+$_['Submit']       = 'Submit Request';
+$_['Move_Files']   = 'Move File(s)';
+$_['Copy_Files']   = 'Copy File(s)';
+$_['Del_Files']    = 'Delete File(s)';
 $_['Selected_Files'] = 'Selected Folders and Files';
-$_['Select_All']     = 'Select All';
-$_['Clear_All']      = 'Clear All';
-$_['New_Location']   = 'New Location';
-$_['No_files']       = 'No files selected.';
-$_['Not_found']      = 'Not found';
-$_['Invalid_path']   = 'Invalid path';
-$_['pass_to_hash']   = 'Password to hash:';
-$_['Generate_Hash']  = 'Generate Hash';
-
-$_['save_1']      = 'Save';
-$_['save_2']      = 'SAVE CHANGES!';
-$_['reset']       = 'Reset';
-$_['Wide_View']   = 'Wide View';
-$_['Normal_View'] = 'Normal View';
-$_['Open_View']   = 'Open/View in browser window';
+$_['Select_All']   = 'Select All';
+$_['Clear_All']    = 'Clear All';
+$_['New_Location'] = 'New Location';
+$_['No_files']     = 'No files selected.';
+$_['Not_found']    = 'Not found';
+$_['Invalid_path'] = 'Invalid path';
 
 $_['verify_msg_01']     = 'Session expired.';
 $_['verify_msg_02']     = 'INVALID POST';
@@ -112,13 +112,15 @@
 $_['show_img_msg_01']   = 'Image shown at ~';
 $_['show_img_msg_02']   = '% of full size (W x H =';
 
-$_['hash_txt_01'] = 'The hashes generated by this page may be used to manually update $HASHWORD in OneFileCMS, or in an external config file.  In either case, make sure you remember the password used to generate the hash!';
-$_['hash_txt_06'] = 'Type your desired password in the input field above and hit Enter.';
-$_['hash_txt_07'] = 'The hash will be displayed in a yellow message box above that.';
-$_['hash_txt_08'] = 'Copy and paste the new hash to the $HASHWORD variable in the config section.';
-$_['hash_txt_09'] = 'Make sure to copy ALL of, and ONLY, the hash (no leading or trailing spaces etc).';
-$_['hash_txt_10'] = 'A double-click should select it...';
-$_['hash_txt_12'] = 'When ready, logout and login.';
+$_['hash_txt_01']   = 'The hashes generated by this page may be used to manually update $HASHWORD in OneFileCMS, or in an external config file.  In either case, make sure you remember the password used to generate the hash!';
+$_['hash_txt_06']   = 'Type your desired password in the input field above and hit Enter.';
+$_['hash_txt_07']   = 'The hash will be displayed in a yellow message box above that.';
+$_['hash_txt_08']   = 'Copy and paste the new hash to the $HASHWORD variable in the config section.';
+$_['hash_txt_09']   = 'Make sure to copy ALL of, and ONLY, the hash (no leading or trailing spaces etc).';
+$_['hash_txt_10']   = 'A double-click should select it...';
+$_['hash_txt_12']   = 'When ready, logout and login.';
+$_['pass_to_hash']  = 'Password to hash:';
+$_['Generate_Hash'] = 'Generate Hash';
 
 $_['login_txt_01']  = 'Username:';
 $_['login_txt_02']  = 'Password:';
@@ -133,10 +135,10 @@
 $_['edit_note_01b'] = 'is';
 $_['edit_note_02']  = 'So save changes before the clock runs out, or the changes will be lost!';
 $_['edit_note_03']  = 'With some browsers, such as Chrome, if you click the browser [Back] then browser [Forward], the file state may not be accurate. To correct, click the browser\'s [Reload].';
-$_['edit_note_04']  = 'Chrome may disable some javascript in a page if the page even appears to contain inline javascript in certain contexts. This can affect some features of the OneFileCMS edit page when editing files that legitimately contain such code, such as OneFileCMS itself. However, such files can still be edited and saved with OneFileCMS. The primary function lost is the incidental change of background colors (red/green) indicating whether or not the file has unsaved changes. The issue will be noticed after the first save of such a file.';
 
 $_['edit_h2_1']   = 'Viewing:';
 $_['edit_h2_2']   = 'Editing:';
+$_['edit_txt_00'] = 'Edit disabled.'; //## NT ## as of 3.5.07
 $_['edit_txt_01'] = 'Non-text or unkown file type. Edit disabled.';
 $_['edit_txt_02'] = 'File possibly contains an invalid character. Edit and view disabled.';
 $_['edit_txt_03'] = 'htmlspecialchars() returned an empty string from what may be an otherwise valid file.';
@@ -147,7 +149,7 @@
 $_['too_large_to_edit_03'] = 'Adjust $MAX_EDIT_SIZE in the configuration section of OneFileCMS as needed.';
 $_['too_large_to_edit_04'] = 'A simple trial and error test can determine a practical limit for a given browser/computer.';
 $_['too_large_to_view_01'] = 'View disabled. Filesize >';
-$_['too_large_to_view_02'] = 'Click the file name above to view as normally rendered in a browser window.';
+$_['too_large_to_view_02'] = 'Click [View Raw] to view the raw/"plain text" file contents in a seperate browser window.'; //** NT ** changed wording as of 3.5.07
 $_['too_large_to_view_03'] = 'Adjust $MAX_VIEW_SIZE in the configuration section of OneFileCMS as needed.';
 $_['too_large_to_view_04'] = '(The default value for $MAX_VIEW_SIZE is completely arbitrary, and may be adjusted as desired.)';
 
@@ -206,8 +208,8 @@
 $_['confirm_reset']   = 'Reset file and loose unsaved changes?';
 $_['OFCMS_requires']  = 'OneFileCMS requires PHP';
 $_['logout_msg']      = 'You have successfully logged out.';
-$_['edit_caution_01'] = 'CAUTION';
-$_['edit_caution_02'] = 'You are editing the active copy of OneFileCMS - BACK IT UP & BE CAREFUL !!';
+$_['edit_caution_01'] = 'CAUTION'; //##### No longer used as of 3.5.07
+$_['edit_caution_02'] = 'You are viewing the active copy of OneFileCM.'; //## NT ## changed wording 3.5.07
 $_['time_out_txt']    = 'Session time out in:';
 
 $_['error_reporting_01'] = 'Display errors is';
@@ -221,7 +223,7 @@
 $_['admin_txt_01'] = 'A backup file was created in case of an error during a username or password change. Therefore, it may contain old information and should be deleted if not needed. In any case, it will be automatically overwritten on the next password or username change.';
 $_['admin_txt_02'] = 'General Information';
 $_['admin_txt_14'] = 'For a small improvement to security, change the default salt and/or method used by OneFileCMS to hash the password (and keep them secret, of course). Every little bit helps...';
-$_['admin_txt_16'] = 'OneFileCMS can be used to edit itself.  However, be sure to have a backup ready for the inevitable ytpo...';
+$_['admin_txt_16'] = 'OneFileCMS can not be used to edit itself directly.  However, you can make a copy & edit it.  Then simply run the copy.'; //## NT ## Changed wording in 3.5.07
 
 $_['pw_current'] = 'Current Password';
 $_['pw_change']  = 'Change Password';
@@ -253,7 +255,7 @@
 
 $_['update_failed'] = 'Update failed - could not save file.';
 
-$_['mcd_msg_01'] = 'files moved.';
-$_['mcd_msg_02'] = 'files copied.';
-$_['mcd_msg_03'] = 'files deleted.';
+$_['mcd_msg_01'] = 'file(s) and/or folder(s) moved.'; //#####
+$_['mcd_msg_02'] = 'file(s) and/or folder(s) copied.'; //#####
+$_['mcd_msg_03'] = 'file(s) and/or folder(s) deleted.'; //#####
 
diff --git a/languages/OneFileCMS.LANG.ES.php b/languages/OneFileCMS.LANG.ES.php
index c02d4fd..bd72b5d 100755
--- a/languages/OneFileCMS.LANG.ES.php
+++ b/languages/OneFileCMS.LANG.ES.php
@@ -1,5 +1,5 @@
 <?php
-// OneFileCMS Language Settings v3.5.01
+// OneFileCMS Language Settings v3.5.07
 
 $_['LANGUAGE'] = 'Espanõla';
 $_['LANG'] = 'ES';
@@ -21,11 +21,11 @@
 $_['MCD_margin_R']           = '1.0em';   //[Move] [Copy] [Delete] buttons
 $_['button_font_size']       = '0.9em';   //Buttons on Edit page.
 $_['button_margin_L']        = '0.7em';
-$_['button_padding']         = '4px 5px';
+$_['button_padding']         = '4px 5px'; //T R B L
 $_['image_info_font_size']   = '.95em';   //show_img_msg_01  &  _02
 $_['image_info_pos']         = ' ';       //If 1 or true, moves the info down a line for more space.
 $_['select_all_label_size']  = '.84em';   //Font size of $_['Select_All']
-$_['select_all_label_width'] = '110px';   //Width of space for $_['Select_All']
+$_['select_all_label_width'] = '110px';   //Width of space for $_['Select_All'] //Not used as of 3.4.23
 
 $_['HTML']    = 'HTML';
 $_['WYSIWYG'] = 'WYSIWYG'; //## NT ##
@@ -33,6 +33,7 @@
 $_['Admin']    = 'Administrador';
 $_['bytes']    = 'bytes';   //## NT ##
 $_['Cancel']   = 'Cancelar';
+$_['cancelled'] = 'cancelled'; //## NT ##
 $_['Close']    = 'Cerrar';
 $_['Copy']     = 'Copiar';
 $_['Copied']   = 'Copiado';
@@ -58,47 +59,46 @@
 $_['on']       = 'activado';
 $_['Password'] = 'contraseña';
 $_['Rename']   = 'Renombrar';
+$_['reset']    = 'Reiniciar';
+$_['save_1']   = 'Guardar';
+$_['save_2']   = '¡GUARDAR CAMBIOS!';
 $_['Size']     = 'Size';    //## NT ##
 $_['Source']   = 'Source';  //## NT ##
 $_['successful'] = 'satisfactoriamente';
 $_['To']       = 'Hacia';
 $_['Upload']   = 'Subir';
 $_['Username'] = 'Usuario';
+$_['View']     = 'View';    //## NT ##
 $_['Working']  = 'Working - please wait...'; //## NT ##
 
-$_['Log_In']         = 'Iniciar Sesión';
-$_['Log_Out']        = 'Cerrar Sesión';
-$_['Admin_Options']  = 'Opciones de Administración';
-$_['Are_you_sure']   = '¿Estás seguro?';
-$_['Edit_View']      = 'Editar / Ver Archivo';
-$_['Upload_File']    = 'Subir Archivo';
-$_['New_File']       = 'Archivo Nuevo';
-$_['Ren_Move']       = 'Renombrar / Mover';
-$_['Ren_Moved']      = 'Renombrado / Movido';
-$_['folders_first']  = 'folders first'; //## NT ##
+$_['Log_In']       = 'Iniciar Sesión';
+$_['Log_Out']      = 'Cerrar Sesión';
+$_['Admin_Options'] = 'Opciones de Administración';
+$_['Are_you_sure'] = '¿Estás seguro?';
+$_['View_Raw']     = 'View Raw'; //## NT ##
+$_['Open_View']    = 'Abrir/Ver en una ventana del navegador';
+$_['Edit_View']    = 'Editar / Ver Archivo';
+$_['Wide_View']    = 'Vista Ampliada';
+$_['Normal_View']  = 'Vista Normal';
+$_['Upload_File']  = 'Subir Archivo';
+$_['New_File']     = 'Archivo Nuevo';
+$_['Ren_Move']     = 'Renombrar / Mover';
+$_['Ren_Moved']    = 'Renombrado / Movido';
+$_['folders_first'] = 'folders first'; //## NT ##
 $_['folders_first_info'] = 'Sort folders first, but don\'t change primary sort.'; //## NT ##
-$_['New_Folder']     = 'Carpeta Nueva';
-$_['Ren_Folder']     = 'Renombrar / Mover Carpeta';
-$_['Submit']         = 'Cargar';
-$_['Move_Files']     = 'Mover archivo(s)';
-$_['Copy_Files']     = 'Copiar archivo(s)';
-$_['Del_Files']      = 'Eliminar Archivo(s)';
+$_['New_Folder']   = 'Carpeta Nueva';
+$_['Ren_Folder']   = 'Renombrar / Mover Carpeta';
+$_['Submit']       = 'Cargar';
+$_['Move_Files']   = 'Mover archivo(s)';
+$_['Copy_Files']   = 'Copiar archivo(s)';
+$_['Del_Files']    = 'Eliminar Archivo(s)';
 $_['Selected_Files'] = 'Seleccionar Archivos';
-$_['Select_All']     = 'Seleccionar Todos';
-$_['Clear_All']      = 'Limpiar Todos';
-$_['New_Location']   = 'Nueva Posición';
-$_['No_files']       = 'No se seleccionó ningún archivo.';
-$_['Not_found']      = 'No encontrado';
-$_['Invalid_path']   = 'Invalid path'; //## NT ##
-$_['pass_to_hash']   = 'Contraseña del Hash:';
-$_['Generate_Hash']  = 'Generar Hash';
-
-$_['save_1']      = 'Guardar';
-$_['save_2']      = '¡GUARDAR CAMBIOS!';
-$_['reset']       = 'Reiniciar';
-$_['Wide_View']   = 'Vista Ampliada';
-$_['Normal_View'] = 'Vista Normal';
-$_['Open_View']   = 'Abrir/Ver en una ventana del navegador';
+$_['Select_All']   = 'Seleccionar Todos';
+$_['Clear_All']    = 'Limpiar Todos';
+$_['New_Location'] = 'Nueva Posición';
+$_['No_files']     = 'No se seleccionó ningún archivo.';
+$_['Not_found']    = 'No encontrado';
+$_['Invalid_path'] = 'Invalid path'; //## NT ##
 
 $_['verify_msg_01']     = 'Sesión expirada.';
 $_['verify_msg_02']     = 'POST INVÁLIDO';
@@ -112,13 +112,15 @@
 $_['show_img_msg_01']   = 'Imagen mostrada a ~';
 $_['show_img_msg_02']   = '% del tamaño (Ancho x Alto =';
 
-$_['hash_txt_01'] = 'Las cadenas generadas por esta página pueden ser usadas para cambiar de forma manual la variable $HASHWORD en OneFileCMS, o en un archivo de configuración externo. De cualquier forma, ¡asegúrese de recordar la contraseña que usó para generar el hash (cadena)!';
-$_['hash_txt_06'] = 'Ingresá la contraseña que quieras en la caja de texto siguiente y presioná enter.';
-$_['hash_txt_07'] = 'La cadena se mostrará en un mensaje amarillo.';
-$_['hash_txt_08'] = 'Copiá y pegue esa cadena a la variable $HASHWORD en la sección de configuración.';
-$_['hash_txt_09'] = 'Asegurate de copiar TODO y SÓLO la cadena (sin dejar espacios en blanco o demás).';
-$_['hash_txt_10'] = 'Haciendo doble click debería seleccionarlo...';
-$_['hash_txt_12'] = 'Cuando estés listo, deslogueate y volvé a loguearte.';
+$_['hash_txt_01']   = 'Las cadenas generadas por esta página pueden ser usadas para cambiar de forma manual la variable $HASHWORD en OneFileCMS, o en un archivo de configuración externo. De cualquier forma, ¡asegúrese de recordar la contraseña que usó para generar el hash (cadena)!';
+$_['hash_txt_06']   = 'Ingresá la contraseña que quieras en la caja de texto siguiente y presioná enter.';
+$_['hash_txt_07']   = 'La cadena se mostrará en un mensaje amarillo.';
+$_['hash_txt_08']   = 'Copiá y pegue esa cadena a la variable $HASHWORD en la sección de configuración.';
+$_['hash_txt_09']   = 'Asegurate de copiar TODO y SÓLO la cadena (sin dejar espacios en blanco o demás).';
+$_['hash_txt_10']   = 'Haciendo doble click debería seleccionarlo...';
+$_['hash_txt_12']   = 'Cuando estés listo, deslogueate y volvé a loguearte.';
+$_['pass_to_hash']  = 'Contraseña del Hash:';
+$_['Generate_Hash'] = 'Generar Hash';
 
 $_['login_txt_01']  = 'Usuario:';
 $_['login_txt_02']  = 'Contraseña:';
@@ -133,10 +135,10 @@
 $_['edit_note_01b'] = 'es';
 $_['edit_note_02']  = 'Entonces guardá antes que se acabe el tiempo, ¡o vas a perer los cambios!';
 $_['edit_note_03']  = 'Con algunos navegadores, como Chrome, si clickeás el botón del navegador [Volver] y después [Continuar], puede que el estado del archivo no sea exacto. Para corregirlo, clickeá en el botón [Recargar].';
-$_['edit_note_04']  = 'Chrome puede deshabilitar algunos textos si contienen javascript dentro en ciertos contextos.  Esto puede provocar problemas con el editor de OneFileCMS. Sin embargo, estos archivos pueden ser editados y guardados con OneFileCMS.  La función primaria que es perdida es el cambio de los colores del fondo (rojo/verde) indicando cuando o no el archivo tiene cambios no guardados.  El error se notificará después de la primera vez que se guarde ese archivo.';
 
 $_['edit_h2_1']   = 'Viendo:';
 $_['edit_h2_2']   = 'Editando:';
+$_['edit_txt_00'] = 'Edit disabled.'; //## NT ##
 $_['edit_txt_01'] = 'No texto o tipo de archivo desconocido. Edición deshabilitada.';
 $_['edit_txt_02'] = 'El archivo posiblemente contiene un caracter desconocido. Edición deshabilitada.';
 $_['edit_txt_03'] = 'htmlspecialchars() devolvió una cadena vacía de lo que debería ser un archivo válido.';
diff --git a/languages/OneFileCMS.LANG.NL.php b/languages/OneFileCMS.LANG.NL.php
index aa37d66..ee8b43e 100755
--- a/languages/OneFileCMS.LANG.NL.php
+++ b/languages/OneFileCMS.LANG.NL.php
@@ -1,5 +1,5 @@
 <?php
-// OneFileCMS Language Settings v3.5.01
+// OneFileCMS Language Settings v3.5.07
 
 $_['LANGUAGE'] = 'Nederlands (Dutch)';
 $_['LANG'] = 'NL';
@@ -21,11 +21,11 @@
 $_['MCD_margin_R']           = '1.0em';   //[Move] [Copy] [Delete] buttons
 $_['button_font_size']       = '0.8em';   //Buttons on Edit page.
 $_['button_margin_L']        = '0.7em';
-$_['button_padding']         = '4px 10px';
+$_['button_padding']         = '4px 10px'; //T R B L
 $_['image_info_font_size']   = '1em';     //show_img_msg_01  &  _02
 $_['image_info_pos']         = '';        //If 1 or true, moves the info down a line for more space.
 $_['select_all_label_size']  = '.84em';   //Font size of $_['Select_All']
-$_['select_all_label_width'] = '90px';    //Width of space for $_['Select_All']
+$_['select_all_label_width'] = '90px';    //Width of space for $_['Select_All'] //Not used as of 3.4.23
 
 $_['HTML']    = 'HTML';
 $_['WYSIWYG'] = 'WYSIWYG'; //## NT ##
@@ -33,6 +33,7 @@
 $_['Admin']    = 'Beheer';
 $_['bytes']    = 'bytes';   //## NT ##
 $_['Cancel']   = 'Annuleren';
+$_['cancelled'] = 'cancelled'; //## NT ##
 $_['Close']    = 'Sluiten';
 $_['Copy']     = 'Kopiëren';
 $_['Copied']   = 'Gekopiëerd';
@@ -58,47 +59,46 @@
 $_['on']       = 'on';      //## NT ##
 $_['Password'] = 'Wachtwoord';
 $_['Rename']   = 'Hernoemen';
+$_['reset']    = 'Reset';   //## NT ##
+$_['save_1']   = 'Opslaan';
+$_['save_2']   = 'WIJZIGINGEN OPSLAAN!';
 $_['Size']     = 'Size';    //## NT ##
 $_['Source']   = 'Source';  //## NT ##
 $_['successful'] = 'succesvol';
 $_['To']       = 'Aan';
 $_['Upload']   = 'Upload';  //## NT ##
 $_['Username'] = 'Gebruikersnaam';
+$_['View']     = 'View';    //## NT ##
 $_['Working']  = 'Working - please wait...'; //## NT ##
 
-$_['Log_In']         = 'Inloggen';
-$_['Log_Out']        = 'Uitloggen';
-$_['Admin_Options']  = 'Opties voor beheer';
-$_['Are_you_sure']   = 'Weet u het zeker?';
-$_['Edit_View']      = 'Bewerken / weergeven';
-$_['Upload_File']    = 'Bestand Uploaden';
-$_['New_File']       = 'Nieuw Bestand';
-$_['Ren_Move']       = 'Hernoemen / Verplaatsen';
-$_['Ren_Moved']      = 'Hernoemend / Verplaatst';
-$_['folders_first']  = 'folders first'; //## NT ##
+$_['Log_In']       = 'Inloggen';
+$_['Log_Out']      = 'Uitloggen';
+$_['Admin_Options'] = 'Opties voor beheer';
+$_['Are_you_sure'] = 'Weet u het zeker?';
+$_['View_Raw']     = 'View Raw'; //## NT ##
+$_['Open_View']    = 'Openen/Bekijken in browser venster';
+$_['Edit_View']    = 'Bewerken / weergeven';
+$_['Wide_View']    = 'Wijd Gezichtsveld';
+$_['Normal_View']  = 'Normaal Gezichtsveld';
+$_['Upload_File']  = 'Bestand Uploaden';
+$_['New_File']     = 'Nieuw Bestand';
+$_['Ren_Move']     = 'Hernoemen / Verplaatsen';
+$_['Ren_Moved']    = 'Hernoemend / Verplaatst';
+$_['folders_first'] = 'folders first'; //## NT ##
 $_['folders_first_info'] = 'Sort folders first, but don\'t change primary sort.'; //## NT ##
-$_['New_Folder']     = 'Nieuwe Map';
-$_['Ren_Folder']     = 'Hernoem / Verplaats Map';
-$_['Submit']         = 'Verzoek Indienen';
-$_['Move_Files']     = 'Verplaats Bestand(en)';
-$_['Copy_Files']     = 'Kopieër Bestand(en)';
-$_['Del_Files']      = 'Verwijder Bestand(en)';
+$_['New_Folder']   = 'Nieuwe Map';
+$_['Ren_Folder']   = 'Hernoem / Verplaats Map';
+$_['Submit']       = 'Verzoek Indienen';
+$_['Move_Files']   = 'Verplaats Bestand(en)';
+$_['Copy_Files']   = 'Kopieër Bestand(en)';
+$_['Del_Files']    = 'Verwijder Bestand(en)';
 $_['Selected_Files'] = 'Geselecteerde Mappen en Bestanden';
-$_['Select_All']     = 'Selecteer Alles';
-$_['Clear_All']      = 'Verwijder Alles';
-$_['New_Location']   = 'Nieuwe Locatie';
-$_['No_files']       = 'Geen bestanden geselecteerd.';
-$_['Not_found']      = 'Niet gevonden';
-$_['Invalid_path']   = 'Invalid path'; //## NT ##
-$_['pass_to_hash']   = 'Wachtwoord verwarren:';
-$_['Generate_Hash']  = 'Genereer Verward Wachtwoord (Hash)';
-
-$_['save_1']      = 'Opslaan';
-$_['save_2']      = 'WIJZIGINGEN OPSLAAN!';
-$_['reset']       = 'Reset'; //## NT ##
-$_['Wide_View']   = 'Wijd Gezichtsveld';
-$_['Normal_View'] = 'Normaal Gezichtsveld';
-$_['Open_View']   = 'Openen/Bekijken in browser venster';
+$_['Select_All']   = 'Selecteer Alles';
+$_['Clear_All']    = 'Verwijder Alles';
+$_['New_Location'] = 'Nieuwe Locatie';
+$_['No_files']     = 'Geen bestanden geselecteerd.';
+$_['Not_found']    = 'Niet gevonden';
+$_['Invalid_path'] = 'Invalid path'; //## NT ##
 
 $_['verify_msg_01']     = 'Sessie verlopen.';
 $_['verify_msg_02']     = 'ONGELDIGE POST';
@@ -112,13 +112,15 @@
 $_['show_img_msg_01']   = 'Afbeelding weergegeven bij ~';
 $_['show_img_msg_02']   = '% van volledige grootte (W x H =';
 
-$_['hash_txt_01'] = 'De hashes gegenereerd door deze pagina kunnen gebruikt worden om handmatig het $HASHWORD in OneFileCMS, of in een extern configuratiebestand, bijgewerkt te worden. Hoe dan ook: draag er zorg voor dat u het wachtwoord gebruikt om de hash te genereren onthoudt!';
-$_['hash_txt_06'] = 'Typ uw gewenste wachtwoord in het invoerveld hierboven en druk op Enter.';
-$_['hash_txt_07'] = 'De hash wordt weergegeven in een geel berichtenvenster erboven.';
-$_['hash_txt_08'] = 'Kopiëer en plak de nieuwe hash waarde naar de $HASHWORD variabele in de configuratie sectie.';
-$_['hash_txt_09'] = 'Zorg ervoor dat u alles, en alleen, de hash correct (geen voor- naloop spaties enz.) kopiëert!';
-$_['hash_txt_10'] = 'Een dubbele klik op de linker muisknop zou het moeten selecteren...';
-$_['hash_txt_12'] = 'Wanneer gereed: log opnieuw in en uit.';
+$_['hash_txt_01']   = 'De hashes gegenereerd door deze pagina kunnen gebruikt worden om handmatig het $HASHWORD in OneFileCMS, of in een extern configuratiebestand, bijgewerkt te worden. Hoe dan ook: draag er zorg voor dat u het wachtwoord gebruikt om de hash te genereren onthoudt!';
+$_['hash_txt_06']   = 'Typ uw gewenste wachtwoord in het invoerveld hierboven en druk op Enter.';
+$_['hash_txt_07']   = 'De hash wordt weergegeven in een geel berichtenvenster erboven.';
+$_['hash_txt_08']   = 'Kopiëer en plak de nieuwe hash waarde naar de $HASHWORD variabele in de configuratie sectie.';
+$_['hash_txt_09']   = 'Zorg ervoor dat u alles, en alleen, de hash correct (geen voor- naloop spaties enz.) kopiëert!';
+$_['hash_txt_10']   = 'Een dubbele klik op de linker muisknop zou het moeten selecteren...';
+$_['hash_txt_12']   = 'Wanneer gereed: log opnieuw in en uit.';
+$_['pass_to_hash']  = 'Wachtwoord verwarren:';
+$_['Generate_Hash'] = 'Genereer Verward Wachtwoord (Hash)';
 
 $_['login_txt_01']  = 'Gebruikersnaam:';
 $_['login_txt_02']  = 'Wachtwoord:';
@@ -133,10 +135,10 @@
 $_['edit_note_01b'] = 'is'; //## NT ##
 $_['edit_note_02']  = 'Dus sla uw wijzigingen op voordat de klok afloopt of ze zullen verloren gaan!';
 $_['edit_note_03']  = 'Bij sommige browers, zoals Chrome, komt het voor als u op de [Terug] knop klikt, en daarna [Voorwaarts], dat de toestand van uw instellingen incorrect zijn. Om te corrigeren, klik op de knop [Vernieuwen].';
-$_['edit_note_04']  = 'Chrome may disable some javascript in a page if the page even appears to contain inline javascript in certain contexts. This can affect some features of the OneFileCMS edit page when editing files that legitimately contain such code, such as OneFileCMS itself. However, such files can still be edited and saved with OneFileCMS. The primary function lost is the incidental change of background colors (red/green) indicating whether or not the file has unsaved changes. The issue will be noticed after the first save of such a file.'; //## NT ##
 
 $_['edit_h2_1']   = 'Weergeven:';
 $_['edit_h2_2']   = 'Bewerken:';
+$_['edit_txt_00'] = 'Edit disabled.'; //## NT ##
 $_['edit_txt_01'] = 'Non-tekst of onbekend bestandstype. Bewerken uitgeschakeld.';
 $_['edit_txt_02'] = 'Bestand bevat mogelijk een ongeldig teken. Bewerken en weergeven uitgeschakeld.';
 $_['edit_txt_03'] = 'htmlspecialchars() heeft een lege string teruggegeven van wat normaalgesproken een valide bestand is.';
diff --git a/languages/OneFileCMS.LANG.RU.php b/languages/OneFileCMS.LANG.RU.php
index 0fdc09d..26193e5 100755
--- a/languages/OneFileCMS.LANG.RU.php
+++ b/languages/OneFileCMS.LANG.RU.php
@@ -1,5 +1,5 @@
 <?php
-// OneFileCMS Language Settings v3.5.01
+// OneFileCMS Language Settings v3.5.07
 
 $_['LANGUAGE'] = 'Russian';
 $_['LANG'] = 'RU';
@@ -21,11 +21,11 @@
 $_['MCD_margin_R']           = '1.0em';   //[Move] [Copy] [Delete] buttons
 $_['button_font_size']       = '0.8em';   //Buttons on Edit page.
 $_['button_margin_L']        = '0.7em';
-$_['button_padding']         = '4px 5px';
+$_['button_padding']         = '4px 5px'; //T R B L
 $_['image_info_font_size']   = '1em';     //show_img_msg_01  &  _02
 $_['image_info_pos']         = '';        //If 1 or true, moves the info down a line for more space.
 $_['select_all_label_size']  = '.84em';   //Font size of $_['Select_All']
-$_['select_all_label_width'] = '72px';    //Width of space for $_['Select_All']
+$_['select_all_label_width'] = '72px';    //Width of space for $_['Select_All'] //Not used as of 3.4.23
 
 $_['HTML']    = 'HTML';
 $_['WYSIWYG'] = 'WYSIWYG'; //## NT ##
@@ -33,6 +33,7 @@
 $_['Admin']    = 'Админка';
 $_['bytes']    = 'байт';
 $_['Cancel']   = 'Отмена';
+$_['cancelled'] = 'cancelled'; //## NT ##
 $_['Close']    = 'Закрыть';
 $_['Copy']     = 'Копия';
 $_['Copied']   = 'Копировать';
@@ -58,47 +59,46 @@
 $_['on']       = 'в';
 $_['Password'] = 'Пароль';
 $_['Rename']   = 'Rename';  //## NT ##
+$_['reset']    = 'Сбросить';
+$_['save_1']   = 'Сохранить';
+$_['save_2']   = 'СОХРАНИТЬ ИЗМЕНЕНИЯ!';
 $_['Size']     = 'Size';    //## NT ##
 $_['Source']   = 'Source';  //## NT ##
 $_['successful'] = 'успешно';
 $_['To']       = 'В';
 $_['Upload']   = 'Загрузить';
 $_['Username'] = 'Логин';
+$_['View']     = 'View';    //## NT ##
 $_['Working']  = 'Working - please wait...'; //## NT ##
 
-$_['Log_In']         = 'Войти';
-$_['Log_Out']        = 'Выйти';
-$_['Admin_Options']  = 'Настройки Администратора';
-$_['Are_you_sure']   = 'Вы уверены?';
-$_['Edit_View']      = 'Ред. / Смотреть';
-$_['Upload_File']    = 'Загрузить файл';
-$_['New_File']       = 'Новый файл';
-$_['Ren_Move']       = 'Переименовать / Переместить';
-$_['Ren_Moved']      = 'Переименованно / Перемещенно';
-$_['folders_first']  = 'folders first'; //## NT ##
+$_['Log_In']       = 'Войти';
+$_['Log_Out']      = 'Выйти';
+$_['Admin_Options'] = 'Настройки Администратора';
+$_['Are_you_sure'] = 'Вы уверены?';
+$_['View_Raw']     = 'View Raw'; //## NT ##
+$_['Open_View']    = 'Открыть/Открыть в окне браузера';
+$_['Edit_View']    = 'Ред. / Смотреть';
+$_['Wide_View']    = 'Широкий Обзор';
+$_['Normal_View']  = 'Нормальный Обзор';
+$_['Upload_File']  = 'Загрузить файл';
+$_['New_File']     = 'Новый файл';
+$_['Ren_Move']     = 'Переименовать / Переместить';
+$_['Ren_Moved']    = 'Переименованно / Перемещенно';
+$_['folders_first'] = 'folders first'; //## NT ##
 $_['folders_first_info'] = 'Sort folders first, but don\'t change primary sort.'; //## NT ##
-$_['New_Folder']     = 'Новая папка';
-$_['Ren_Folder']     = 'Переименовать / Переместить папку';
-$_['Submit']         = 'Отправить изменения';
-$_['Move_Files']     = 'Переместить Файл(ы)';
-$_['Copy_Files']     = 'Копировать Файл(ы)';
-$_['Del_Files']      = 'Удалить Файл(ы)';
+$_['New_Folder']   = 'Новая папка';
+$_['Ren_Folder']   = 'Переименовать / Переместить папку';
+$_['Submit']       = 'Отправить изменения';
+$_['Move_Files']   = 'Переместить Файл(ы)';
+$_['Copy_Files']   = 'Копировать Файл(ы)';
+$_['Del_Files']    = 'Удалить Файл(ы)';
 $_['Selected_Files'] = 'Выбранные Папки и Файлы';
-$_['Select_All']     = 'Выбрать все';
-$_['Clear_All']      = 'Очистить всё';
-$_['New_Location']   = 'Новая локализация';
-$_['No_files']       = 'Нет выбранных файлов.';
-$_['Not_found']      = 'Не найдено';
-$_['Invalid_path']   = 'Invalid path'; //## NT ##
-$_['pass_to_hash']   = 'Пароль для хеширования:';
-$_['Generate_Hash']  = 'Сгенерировать Хэш';
-
-$_['save_1']      = 'Сохранить';
-$_['save_2']      = 'СОХРАНИТЬ ИЗМЕНЕНИЯ!';
-$_['reset']       = 'Сбросить';
-$_['Wide_View']   = 'Широкий Обзор';
-$_['Normal_View'] = 'Нормальный Обзор';
-$_['Open_View']   = 'Открыть/Открыть в окне браузера';
+$_['Select_All']   = 'Выбрать все';
+$_['Clear_All']    = 'Очистить всё';
+$_['New_Location'] = 'Новая локализация';
+$_['No_files']     = 'Нет выбранных файлов.';
+$_['Not_found']    = 'Не найдено';
+$_['Invalid_path'] = 'Invalid path'; //## NT ##
 
 $_['verify_msg_01']     = 'Сессия истекла.';
 $_['verify_msg_02']     = 'НЕВЕРНЫЙ ЗАПРОС';
@@ -112,13 +112,15 @@
 $_['show_img_msg_01']   = 'Изображене показано на ~';
 $_['show_img_msg_02']   = '% от полного размера (Ш x Д =';
 
-$_['hash_txt_01'] = 'Хэш сгенерированный на этой странице может быть использован для обновления вручную $HASHWORD в OneFileCMS, или во внешнем файле конфигурации. В любом случае, убедитесь, что вы помните пароль, используемый для создания хэш!';
-$_['hash_txt_06'] = 'Введите желаемый пароль в поле ввода выше и нажмите Enter.';
-$_['hash_txt_07'] = 'Хэш будет отображаться в желтом окне сообщения, которое выше.';
-$_['hash_txt_08'] = 'Скопируйте и вставьте новый хэш $HASHWORD переменную в файл конфига.';
-$_['hash_txt_09'] = 'Убедитесь в том, чтобы вы полностью скопировали хэш (пробелов, кавычек и т.д..';
-$_['hash_txt_10'] = 'Нажмите 2 раза, для того что-бы выбрать его...';
-$_['hash_txt_12'] = 'Когда будете готовы, выйдите из системы и войдите снова.';
+$_['hash_txt_01']   = 'Хэш сгенерированный на этой странице может быть использован для обновления вручную $HASHWORD в OneFileCMS, или во внешнем файле конфигурации. В любом случае, убедитесь, что вы помните пароль, используемый для создания хэш!';
+$_['hash_txt_06']   = 'Введите желаемый пароль в поле ввода выше и нажмите Enter.';
+$_['hash_txt_07']   = 'Хэш будет отображаться в желтом окне сообщения, которое выше.';
+$_['hash_txt_08']   = 'Скопируйте и вставьте новый хэш $HASHWORD переменную в файл конфига.';
+$_['hash_txt_09']   = 'Убедитесь в том, чтобы вы полностью скопировали хэш (пробелов, кавычек и т.д..';
+$_['hash_txt_10']   = 'Нажмите 2 раза, для того что-бы выбрать его...';
+$_['hash_txt_12']   = 'Когда будете готовы, выйдите из системы и войдите снова.';
+$_['pass_to_hash']  = 'Пароль для хеширования:';
+$_['Generate_Hash'] = 'Сгенерировать Хэш';
 
 $_['login_txt_01']  = 'Логин:';
 $_['login_txt_02']  = 'Пароль:';
@@ -133,10 +135,10 @@
 $_['edit_note_01b'] = 'это';
 $_['edit_note_02']  = 'Сохранить изменения перед окончаниеи сессии, иначе они будут утеряны!';
 $_['edit_note_03']  = 'В некоторых браузерах, таких как Chrome, если вы перемещаетесь [Назад] или [Вперед], измения могут обновиться. Для этого нажмите клавишу F5, либо в браузере нажмите [Обновить]..';
-$_['edit_note_04']  = 'Браузер Chrome может припятствовать работе некоторых JavaScript(ов). Это может сильно повлиять на некоторые особенности  OneFileCMS при совершении правок или редактирования файлов. Так же в Браузере Chrome Вы больше не увидите случайные изменения фонового цвета (красный / зеленый), показывающий проводились ли изменения по файлу. Это действие будет заметно после первого сохранения такого файла.';
 
 $_['edit_h2_1']   = 'Просмотреть:';
 $_['edit_h2_2']   = 'Редактировать:';
+$_['edit_txt_00'] = 'Edit disabled.'; //## NT ##
 $_['edit_txt_01'] = 'Неизвестный текст или неизвестный тип файла. Редактирование невозможно.';
 $_['edit_txt_02'] = 'Возможно файл содержит недопустимый символ. Редактирование и Просмотр невозможны.';
 $_['edit_txt_03'] = 'htmlspecialchars() возвращает к предыдущим обновлениям файла.';
diff --git a/onefilecms.php b/onefilecms.php
index 2e12082..44886be 100755
--- a/onefilecms.php
+++ b/onefilecms.php
@@ -1,8 +1,9 @@
-<?php mb_internal_encoding('utf-8');
-// OneFileCMS - github.com/Self-Evident/OneFileCMS
-
-$OFCMS_version = '3.5.06';
+<?php mb_internal_encoding('utf-8');  $message = ""; //initialize here so can .= at any point later.
 
+// OneFileCMS - github.com/Self-Evident/OneFileCMS
+$VERS_ext = explode('_',basename($_SERVER['SCRIPT_NAME']));        //##### 
+$VERS     = substr($VERS_ext[1],0, strrpos($VERS_ext[1], '.php')); //##### $OFCMS_version = '3.5.07';
+$OFCMS_version = '<font color="red"><b>'.$VERS.'</b></font>';      //##### 
 /*******************************************************************************
 Except where noted otherwise:
 
@@ -142,9 +143,9 @@
 //$LANGUAGE_FILE = "OneFileCMS.LANG.EN.php";
 
 //Init file for optional external wysiwyg editor.
-//Sample init files are availble in the OneFileCMS repo, but the actual editors are not.
-//$WYSIWYG_PLUGIN = 'plugins/tinymce_init.php';
-//$WYSIWYG_PLUGIN = 'plugins/ckeditor_init.php';
+//Sample init files are availble in the "extras\" folder of the OneFileCMS repo, but the actual editors are not.
+//$WYSIWYG_PLUGIN = 'plugins/plugin-tinymce_init.php';
+//$WYSIWYG_PLUGIN = 'plugins/plugin-ckeditor_init.php';
 
 //Name of optional external config file.  Any settings it contains will supersede those above.
 //See the sample file in the OneFileCMS github repo for format example.
@@ -161,7 +162,7 @@ function System_Setup() { //****************************************************
 	$MAIN_WIDTH, $WIDE_VIEW_WIDTH, $MAX_EDIT_SIZE, $MAX_VIEW_SIZE, $config_excluded, 
 	$config_etypes, $config_stypes,$config_itypes, $config_ftypes, $config_fclass, 
 	$SHOWALLFILES, $etypes, $itypes, $ftypes, $fclasses, $excluded_list, 
-	$LANGUAGE_FILE, $ACCESS_ROOT, $ACCESS_ROOT_len, $WYSIWYG_PLUGIN, $WYSIWYG_VALID, 
+	$LANGUAGE_FILE, $ACCESS_ROOT, $ACCESS_ROOT_len, $WYSIWYG_PLUGIN, $WYSIWYG_VALID, $WYSIWYG_PLUGIN_OS, 
 	$INVALID_CHARS, $WHSPC_SLASH, $VALID_PAGES, $LOGIN_LOG_url, $LOGIN_LOG_file,
 	$ONESCRIPT,  $ONESCRIPT_file, $ONESCRIPT_backup, $ONESCRIPT_file_backup, 
 	$CONFIG_backup, $CONFIG_FILE, $CONFIG_FILE_backup, $VALID_CONFIG_FILE, 
@@ -198,14 +199,14 @@ function System_Setup() { //****************************************************
 $INVALID_CHARS = '< > ? * : " | / \\'; //Illegal characters for file & folder names.  Space deliminated.
 $WHSPC_SLASH = "\x00..\x20/";  //Whitespace & forward slash. For trimming file & folder name inputs.
 
-$ONESCRIPT = URLencode_path($_SERVER['SCRIPT_NAME']); //Used for URL's
 $WEB_ROOT  = basename($DOC_ROOT).'/'; //Used only for screen output - Non-url use.
 $WEBSITE   = $_SERVER['HTTP_HOST'].'/';
 
-$ONESCRIPT_file        = $_SERVER['SCRIPT_FILENAME'];  //Non-url file system use.
-$ONESCRIPT_backup      = $ONESCRIPT.'-BACKUP.txt';       //used for p/w & u/n updates.
-$ONESCRIPT_file_backup = $ONESCRIPT_file.'-BACKUP.txt';  //used for p/w & u/n updates.
-$LOGIN_ATTEMPTS        = $ONESCRIPT_file.'.invalid_login_attempts'; //Non-url file system use.
+$ONESCRIPT 			   = URLencode_path($_SERVER['SCRIPT_NAME']);  //Used for URL's in HTML attributes
+$ONESCRIPT_file        = $_SERVER['SCRIPT_FILENAME'];              //Non-url file system use.
+$ONESCRIPT_backup      = $ONESCRIPT.'-BACKUP.txt';                 //used for p/w & u/n updates.
+$ONESCRIPT_file_backup = $ONESCRIPT_file.'-BACKUP.txt';            //used for p/w & u/n updates.
+$LOGIN_ATTEMPTS        = $ONESCRIPT_file.'.invalid_login_attempts';//Non-url file system use.
 $LOGIN_LOG_url		   = $ONESCRIPT.'-LOGIN.log';
 $LOGIN_LOG_file		   = $ONESCRIPT_file.'-LOGIN.log';
 
@@ -263,7 +264,7 @@ function System_Setup() { //****************************************************
 
 ini_set('session.gc_maxlifetime', $MAX_IDLE_TIME + 100); //in case the default is less.
 
-$VALID_PAGES = array("login","logout","admin","hash","changepw","changeun","index","edit","upload","uploaded","newfile","renamefile","copyfile","deletefile","deletefolder","newfolder","renamefolder","copyfolder","mcdaction", "phpinfo");
+$VALID_PAGES = array("login","logout","admin","hash","changepw","changeun","index","edit","upload","uploaded","newfile","renamefile","copyfile","deletefile","deletefolder","newfolder","renamefolder","copyfolder","mcdaction", "phpinfo", "raw_view");
 
 //Make arrays out of a few $config_variables for actual use later.
 //First, remove spaces and make lowercase (for *types).
@@ -288,7 +289,7 @@ function System_Setup() { //****************************************************
 
 function Default_Language() { // ***********************************************
 	global $_;
-// OneFileCMS Language Settings v3.5.01
+// OneFileCMS Language Settings v3.5.07
 
 $_['LANGUAGE'] = 'English';
 $_['LANG'] = 'EN';
@@ -310,53 +311,62 @@ function Default_Language() { // ***********************************************
 $_['MCD_margin_R']           = '1.0em';  //[Move] [Copy] [Delete] buttons
 $_['button_font_size']       = '0.9em';  //Buttons on Edit page.
 $_['button_margin_L']        = '0.7em';
-$_['button_padding']         = '4px 7px';
+$_['button_padding']         = '4px 7px 4px 7px'; //T R B L
 $_['image_info_font_size']   = '1em';    //show_img_msg_01  &  _02
 $_['image_info_pos']         = '';       //If 1 or true, moves the info down a line for more space.
 $_['select_all_label_size']  = '.84em';  //Font size of $_['Select_All']
-$_['select_all_label_width'] = '72px';   //Width of space for $_['Select_All'] //As of 3.4.23, not currently used.
+$_['select_all_label_width'] = '72px';   //Width of space for $_['Select_All'] //Not used as of 3.4.23
 $_['HTML']    = 'HTML';
 $_['WYSIWYG'] = 'WYSIWYG';
-$_['Admin']   = 'Admin';
-$_['bytes']   = 'bytes';
-$_['Cancel']  = 'Cancel';
-$_['Close']   = 'Close';
-$_['Copy']    = 'Copy';
-$_['Copied']  = 'Copied';
-$_['Create']  = 'Create';
-$_['Date']    = 'Date';
-$_['Delete']  = 'Delete';
-$_['DELETE']  = 'DELETE';
-$_['Deleted'] = 'Deleted';
-$_['Edit']    = 'Edit';
-$_['Enter']   = 'Enter';
-$_['Error']   = 'Error';
-$_['errors']  = 'errors';
-$_['ext']     = '.ext';  // filename[.ext]ension
-$_['File']    = 'File';
-$_['files']   = 'files';
-$_['Folder']  = 'Folder';
-$_['folders'] = 'folders';
-$_['From']    = 'From';
-$_['Hash']    = 'Hash';
-$_['Move']    = 'Move';
-$_['Moved']   = 'Moved';
-$_['Name']    = 'Name';
-$_['on']      = 'on';
-$_['Password']   = 'Password';
-$_['Rename']     = 'Rename';
-$_['Size']       = 'Size';
-$_['Source']     = 'Source'; 
+$_['Admin']    = 'Admin';
+$_['bytes']    = 'bytes';
+$_['Cancel']   = 'Cancel';
+$_['cancelled'] = 'cancelled'; //## NT ## as of 3.5.07
+$_['Close']    = 'Close';
+$_['Copy']     = 'Copy';
+$_['Copied']   = 'Copied';
+$_['Create']   = 'Create';
+$_['Date']     = 'Date';
+$_['Delete']   = 'Delete';
+$_['DELETE']   = 'DELETE';
+$_['Deleted']  = 'Deleted';
+$_['Edit']     = 'Edit';
+$_['Enter']    = 'Enter';
+$_['Error']    = 'Error';
+$_['errors']   = 'errors';
+$_['ext']      = '.ext';  //## NT ## filename[.ext]ension
+$_['File']     = 'File';
+$_['files']    = 'files';
+$_['Folder']   = 'Folder';
+$_['folders']  = 'folders';
+$_['From']     = 'From';
+$_['Hash']     = 'Hash';
+$_['Move']     = 'Move';
+$_['Moved']    = 'Moved';
+$_['Name']     = 'Name';
+$_['on']       = 'on';
+$_['Password'] = 'Password';
+$_['Rename']   = 'Rename';
+$_['reset']    = 'Reset';
+$_['save_1']   = 'Save';
+$_['save_2']   = 'SAVE CHANGES'; //#### removed '!' in 3.5.07
+$_['Size']     = 'Size';
+$_['Source']   = 'Source'; 
 $_['successful'] = 'successful';
-$_['To']         = 'To';
-$_['Upload']     = 'Upload';
-$_['Username']   = 'Username';
-$_['Working']    = 'Working - please wait...';
-$_['Log_In']     = 'Log In';
-$_['Log_Out']    = 'Log Out';
+$_['To']       = 'To';
+$_['Upload']   = 'Upload';
+$_['Username'] = 'Username';
+$_['View']     = 'View';
+$_['Working']  = 'Working - please wait...';
+$_['Log_In']         = 'Log In';
+$_['Log_Out']        = 'Log Out';
 $_['Admin_Options']  = 'Administration Options';
 $_['Are_you_sure']   = 'Are you sure?';
+$_['View_Raw']       = 'View Raw'; //## NT ### as of 3.5.07
+$_['Open_View']      = 'Open/View in browser window';
 $_['Edit_View']      = 'Edit / View';
+$_['Wide_View']      = 'Wide View';
+$_['Normal_View']    = 'Normal View';
 $_['Upload_File']    = 'Upload File';
 $_['New_File']       = 'New File';
 $_['Ren_Move']       = 'Rename / Move';
@@ -376,14 +386,6 @@ function Default_Language() { // ***********************************************
 $_['No_files']       = 'No files selected.';
 $_['Not_found']      = 'Not found';
 $_['Invalid_path']   = 'Invalid path';
-$_['pass_to_hash']   = 'Password to hash:';
-$_['Generate_Hash']  = 'Generate Hash';
-$_['save_1']      = 'Save';
-$_['save_2']      = 'SAVE CHANGES!';
-$_['reset']       = 'Reset';
-$_['Wide_View']   = 'Wide View';
-$_['Normal_View'] = 'Normal View';
-$_['Open_View']   = 'Open/View in browser window';
 $_['verify_msg_01']     = 'Session expired.';
 $_['verify_msg_02']     = 'INVALID POST';
 $_['get_get_msg_01']    = 'File does not exist:';
@@ -402,6 +404,8 @@ function Default_Language() { // ***********************************************
 $_['hash_txt_09'] = 'Make sure to copy ALL of, and ONLY, the hash (no leading or trailing spaces etc).';
 $_['hash_txt_10'] = 'A double-click should select it...';
 $_['hash_txt_12'] = 'When ready, logout and login.';
+$_['pass_to_hash']   = 'Password to hash:';
+$_['Generate_Hash']  = 'Generate Hash';
 $_['login_txt_01']  = 'Username:';
 $_['login_txt_02']  = 'Password:';
 $_['login_msg_01a'] = 'There have been';
@@ -414,9 +418,9 @@ function Default_Language() { // ***********************************************
 $_['edit_note_01b'] = 'is';
 $_['edit_note_02']  = 'So save changes before the clock runs out, or the changes will be lost!';
 $_['edit_note_03']  = 'With some browsers, such as Chrome, if you click the browser [Back] then browser [Forward], the file state may not be accurate. To correct, click the browser\'s [Reload].';
-$_['edit_note_04']  = 'Chrome may disable some javascript in a page if the page even appears to contain inline javascript in certain contexts. This can affect some features of the OneFileCMS edit page when editing files that legitimately contain such code, such as OneFileCMS itself. However, such files can still be edited and saved with OneFileCMS. The primary function lost is the incidental change of background colors (red/green) indicating whether or not the file has unsaved changes. The issue will be noticed after the first save of such a file.';
 $_['edit_h2_1']   = 'Viewing:';
 $_['edit_h2_2']   = 'Editing:';
+$_['edit_txt_00'] = 'Edit disabled.'; //## NT ## as of 3.5.07
 $_['edit_txt_01'] = 'Non-text or unkown file type. Edit disabled.';
 $_['edit_txt_02'] = 'File possibly contains an invalid character. Edit and view disabled.';
 $_['edit_txt_03'] = 'htmlspecialchars() returned an empty string from what may be an otherwise valid file.';
@@ -426,7 +430,7 @@ function Default_Language() { // ***********************************************
 $_['too_large_to_edit_03'] = 'Adjust $MAX_EDIT_SIZE in the configuration section of OneFileCMS as needed.';
 $_['too_large_to_edit_04'] = 'A simple trial and error test can determine a practical limit for a given browser/computer.';
 $_['too_large_to_view_01'] = 'View disabled. Filesize >';
-$_['too_large_to_view_02'] = 'Click the file name above to view as normally rendered in a browser window.';
+$_['too_large_to_view_02'] = 'Click [View Raw] to view the raw/"plain text" file contents in a seperate browser window.'; //** NT ** changed wording as of 3.5.07
 $_['too_large_to_view_03'] = 'Adjust $MAX_VIEW_SIZE in the configuration section of OneFileCMS as needed.';
 $_['too_large_to_view_04'] = '(The default value for $MAX_VIEW_SIZE is completely arbitrary, and may be adjusted as desired.)';
 $_['meta_txt_01'] = 'Filesize:';
@@ -477,8 +481,8 @@ function Default_Language() { // ***********************************************
 $_['confirm_reset']   = 'Reset file and loose unsaved changes?';
 $_['OFCMS_requires']  = 'OneFileCMS requires PHP';
 $_['logout_msg']      = 'You have successfully logged out.';
-$_['edit_caution_01'] = 'CAUTION';
-$_['edit_caution_02'] = 'You are editing the active copy of OneFileCMS - BACK IT UP & BE CAREFUL !!';
+$_['edit_caution_01'] = 'CAUTION'; //##### No longer used as of 3.5.07
+$_['edit_caution_02'] = 'You are viewing the active copy of OneFileCM.'; //## NT ## changed wording 3.5.07
 $_['time_out_txt']    = 'Session time out in:';
 $_['error_reporting_01'] = 'Display errors is';
 $_['error_reporting_02'] = 'Log errors is';
@@ -490,7 +494,7 @@ function Default_Language() { // ***********************************************
 $_['admin_txt_01'] = 'A backup file was created in case of an error during a username or password change. Therefore, it may contain old information and should be deleted if not needed. In any case, it will be automatically overwritten on the next password or username change.';
 $_['admin_txt_02'] = 'General Information';
 $_['admin_txt_14'] = 'For a small improvement to security, change the default salt and/or method used by OneFileCMS to hash the password (and keep them secret, of course). Every little bit helps...';
-$_['admin_txt_16'] = 'OneFileCMS can be used to edit itself.  However, be sure to have a backup ready for the inevitable ytpo...';
+$_['admin_txt_16'] = 'OneFileCMS can not be used to edit itself directly.  However, you can make a copy & edit it.  Then simply run the copy.'; //## NT ## Changed wording in 3.5.07
 $_['pw_current'] = 'Current Password';
 $_['pw_change']  = 'Change Password';
 $_['pw_new']     = 'New Password';
@@ -515,8 +519,8 @@ function Default_Language() { // ***********************************************
 $_['change_un_01'] = 'Username changed!';
 $_['change_un_02'] = 'Username NOT changed.';
 $_['update_failed'] = 'Update failed - could not save file.';
-$_['mcd_msg_01'] = 'file(s) and/or folder(s) moved.';  //#####
-$_['mcd_msg_02'] = 'file(s) and/or folder(s) copied.'; //#####
+$_['mcd_msg_01'] = 'file(s) and/or folder(s) moved.';   //#####
+$_['mcd_msg_02'] = 'file(s) and/or folder(s) copied.';  //#####
 $_['mcd_msg_03'] = 'file(s) and/or folder(s) deleted.'; //#####
 }//end Default_Language() //****************************************************
 
@@ -734,7 +738,7 @@ function strip_array($var) {
 
 
 function Validate_params() { //*************************************************
-	global $_, $ipath, $filename, $page, $param1, $param2, $param3, $Editing_OFCMS, $EX, $message;
+	global $_, $ipath, $filename, $page, $param1, $param2, $param3, $IS_OFCMS, $EX, $message;
 
 	//Pages that require a valid $filename
 	$file_pages = array("edit", "renamefile", "copyfile", "deletefile");
@@ -748,14 +752,10 @@ function Validate_params() { //*************************************************
 	if ($filename == "") { $param2 = ""; } else { $param2 = '&amp;f='.rawurlencode(basename($filename)); }
 	if ($page == ""    ) { $param3 = ""; } else { $param3 = '&amp;p='.$page; }
 
-	$Editing_OFCMS = false;
-	//If editing OneFileCMS itself, show caution message.
-	if ($filename == trim($_SERVER['SCRIPT_NAME'], '/')) {
-		$Editing_OFCMS = true;
-		$message .= '<style>#message_box_contents {background: red;}</style>';
-		$message .= '<style>#message_box          {color: white;}   </style>';
-		$message .= $EX.'<b>'.hsc($_['edit_caution_01']).' '.$EX.hsc($_['edit_caution_02']).'</b><br>';
-	}
+	//Used to restrict edit/del/etc. on active copy of OneFileCMS.
+	$IS_OFCMS = 0;
+	if ($filename == trim($_SERVER['SCRIPT_NAME'], '/')) { $IS_OFCMS = true; }
+
 }//end Validate_params() //*****************************************************
 
 
@@ -803,10 +803,10 @@ function Valid_Path($path, $gotoroot=true) { //*********************************
 
 
 
-function Get_GET() { //*** Get main parameters *********************************
+function Get_GET() { //*** Get URL passed parameters ***************************
 	global $_, $ipath, $ipath_OS, $filename, $filename_OS, $page, $VALID_PAGES, $EX, $message;
-	// i=some/path/,  f=somefile.xyz,          p=somepage
-	// $ipath = i  ,  $filename = $ipath.f  ,  $page = p
+	// i=some/path/,  f=somefile.xyz,          p=somepage,  m=somemessage
+	// $ipath = i  ,  $filename = $ipath.f  ,  $page = p ,  $message
 	//   (NOTE: in some functions $filename = just the file's name, ie: $_GET['f'], with no path/)
 	//#####  (Normalize $filename program-wide??)
 	// Perform initial, basic, validation.
@@ -836,13 +836,17 @@ function Get_GET() { //*** Get main parameters *********************************
 		$message .= $EX.hsc($_['get_get_msg_02']).' <b>'.hsc($page).'</b><br>';
 		$page = "index";  //If invalid $_GET["p"]
 	}
+	
+	//Sanitize any message. Initialized on line 1 / top of this file.
+	if (isset($_GET["m"])) { $message .= hsc($_GET["m"]); }
 }//end Get_GET() //*************************************************************
 
 
 
 
 function Verify_Page_Conditions() { //******************************************
-	global $_, $ONESCRIPT_file, $ipath, $ipath_OS, $param1, $filename, $page, $EX, $message, $VALID_POST;
+	global $_, $ONESCRIPT_file, $ipath, $ipath_OS, $param1, $filename, $filename_OS, $page, $EX, $message, 
+			$VALID_POST, $IS_OFCMS;
 
 	//If exited admin pages, restore $ipath 
 	if    ( ($page == "index") && $_SESSION['admin_page'] ) {
@@ -886,6 +890,15 @@ function Verify_Page_Conditions() { //******************************************
 		$message .= $EX.'<b> '.hsc($_['upload_error_01a']).' '.ini_get('post_max_size').'</b> '.hsc($_['upload_error_01b']).'<br>';
 		$page = "index";
 	}
+	
+	//[View Raw] file contents in a browser window (in plain text, NOT HTML).
+	if ($page == "raw_view"){
+		$raw_contents = file_get_contents($filename_OS);
+		$file_ENC = mb_detect_encoding($raw_contents); //ASCII, UTF-8, etc...
+		header("Content-Type: text/plain charset=UTF-8");
+		echo mb_convert_encoding($raw_contents, 'UTF-8', $file_ENC);
+		die;
+	}
 }//end Verify_Page_Conditions() //**********************************************
 
 
@@ -1153,9 +1166,8 @@ function Current_Path_Header(){ //**********************************************
 				echo '<a id="path_'.($x+1).'" href="'.$ONESCRIPT.$p1.'" class="path">';
 				echo hsc($path_levels[$x]).'</a>/';
 			}
-		}//end if (not at root)
+		}//end if(not at root)
 	echo '</h2>';
-	//echo '<script>document.getElementById("path_'.$x.'").focus();</script>'; //Removed focus as of 3.5.04
 }//end Current_Path_Header() //*************************************************
 
 
@@ -1187,31 +1199,6 @@ function Page_Header(){ //******************************************************
 
 
 
-function message_box() { //*****************************************************
-	global $ONESCRIPT, $param1, $param2, $param3, $message, $page;
-
-	$href    = $ONESCRIPT.$param1.$param2.$param3;
-	$onclick = 'document.getElementById("message_box").innerHTML = " ";return false;';
-	$X_box   =  '<a id="X_box" href="'.$href.'" onclick=\''.$onclick.'\'>x</a>';
-	
-	if (isset($message) && (mb_strlen($message) > 0)) {
-?>
-		<div id="message_box">
-			<?php echo $X_box ?>
-			<div id="message_box_contents"><?php echo $message ?></div>
-		</div><!--End message_box-->
-
-		<script>document.getElementById("X_box").focus();</script>
-<?php
-	}else { // Needed on some pages to keep js feedback from failing
-		echo '<div id="message_box"></div>';
-	}//end isset($message)
-
-}//end message_box() //*********************************************************
-
-
-
-
 function Cancel_Submit_Buttons($submit_label) { //******************************
 	//$submit_label = Rename, Copy, Delete, etc...
 	global $_, $ONESCRIPT, $ipath, $param1, $param2, $page;
@@ -1219,7 +1206,7 @@ function Cancel_Submit_Buttons($submit_label) { //******************************
 	$params = $param1.$param2.'&amp;p='. $_SESSION['recent_pages'][1];
 ?>
 	<p>
-	<button type="button" class="button" id="cancel" onclick="parent.location = '<?php echo $ONESCRIPT.$params ?>'">
+	<button type="button" class="button" id="cancel" onclick="parent.location = '<?php echo $ONESCRIPT.$params.'&amp;m='.$page ?>%20<?php echo hsc($_['cancelled']) ?>'">
 		<?php echo hsc($_['Cancel']) ?></button>
 	<button type="submit" class="button" id="submitty" style="margin-left: 1em;"><?php echo hsc($submit_label);?></button>
 	<script>document.getElementById("cancel").focus();</script>
@@ -1245,14 +1232,14 @@ function show_image(){ //*******************************************************
 	else                         { $SCALE = $SCALE_W; } //If _H >= _W, or both are 1
 
 	//For languages with longer words that don't fit next to [Wide] & [Close] buttons.
-	if ($_['image_info_pos']){ echo '<div class=clear></div>'.PHP_EOL; }
+	if ($_['image_info_pos']){ echo '<div class=clear></div>'."\n"; }
 
 	echo '<p class="image_info">';
 	echo hsc($_['show_img_msg_01']).round($SCALE*100).
 		 hsc($_['show_img_msg_02']).' '.$img_info[0].' x '.$img_info[1].').</p>';
-	echo '<div class=clear></div>'.PHP_EOL;
-	echo '<a  href="/'.URLencode_path($IMG).'" target="_blank">'.PHP_EOL;
-	echo '<img src="/'.URLencode_path($IMG).'" width="'.($img_info[$W] * $SCALE).'"></a>'.PHP_EOL;
+	echo '<div class=clear></div>'."\n";
+	echo '<a  href="/'.URLencode_path($IMG).'" target="_blank">'."\n";
+	echo '<img src="/'.URLencode_path($IMG).'" width="'.($img_info[$W] * $SCALE).'"></a>'."\n";
 }//end show_image() //**********************************************************
 
 
@@ -1285,7 +1272,7 @@ function Init_ICONS() { //******************************************************
 
 	//*********************************************************************
 	function icon_txt($border='#333', $lines='#000', $fill='#FFF', $extra1="", $extra2=""){
-		return '<svg class="icon" version="1.1" width="14" height="16">'.
+		return '<svg version="1.1" width="14" height="16">'.
 		'<rect x = "0" y = "0" width = "14" height = "16" fill="'.$fill.'" stroke="'.$border.'" stroke-width="2" />'.$extra2.
 		'<line x1="3" y1="3.5"  x2="11" y2="3.5"  stroke="'.$lines.'" stroke-width=".6"/>'.
 		'<line x1="3" y1="6.5"  x2="11" y2="6.5"  stroke="'.$lines.'" stroke-width=".6"/>'.
@@ -1295,7 +1282,7 @@ function icon_txt($border='#333', $lines='#000', $fill='#FFF', $extra1="", $extr
 
 
 	function icon_folder($extra = ""){ //**********************************
-		return '<svg class="icon" version="1.1" width="18" height="16"><g transform="translate(0,1)">'.
+		return '<svg version="1.1" width="18" height="16"><g transform="translate(0,2)">'.
 			'<path  d="M0.5, 1  L8,1  L9,2  L9,3  L16.5,3  L17,3.5  L17,13.5  L.5,13.5  L.5,.5" '.
 				'fill="#F0CD28" stroke="rgb(200,170,15)" stroke-width="1" />'.
 			'<path  d="M1.5, 8  L7, 8  L8.5,6.3  L16,6.3  L7.5, 6.3   L6.5,7.5  L1.5,7.5" '.
@@ -1343,14 +1330,14 @@ function icon_folder($extra = ""){ //**********************************
 	$extra_z   = '<text x="4" y="12" style="font-size:8pt;font-weight:900;fill:blue ;font-family:Arial;">z</text>';
 
 	//The icons
-	$ICONS['bin'] =  '<svg class="icon" version="1.1" width="14" height="16">'.
+	$ICONS['bin'] =  '<svg version="1.1" width="14" height="16">'.
 		  '<g transform="translate( 0.5,0.5)">'.$one .'</g>'.
 		  '<g transform="translate( 3.5,0.5)">'.$zero.'</g>'.'<g transform="translate( 9.5,0.5)">'.$one .'</g>'.
 		  '<g transform="translate(12.5,0.5)">'.$one .'</g>'.'<g transform="translate( 0.5,9.5)">'.$zero.'</g>'.
 		  '<g transform="translate( 6.5,9.5)">'.$one .'</g>'.'<g transform="translate( 9.5,9.5)">'.$zero.'</g>'.
 		  '</svg>';
 	$ICONS['z'] = icon_txt('#333','#FFF','#FFF',$extra_z);
-	$ICONS['img'] = '<svg class="icon" version="1.1" width="14" height="16">'.$img_0.'</svg>';
+	$ICONS['img'] = '<svg version="1.1" width="14" height="16">'.$img_0.'</svg>';
 	$ICONS['svg'] = icon_txt('#333', '#444', '#FFF', "", $img_0);
 	$ICONS['txt'] = icon_txt('#333', '#000', '#FFF');
 	$ICONS['htm'] = icon_txt('#444', '#222', '#FABEAA'); //rgb(250,190,170)
@@ -1458,7 +1445,7 @@ function Admin_Page() { //******************************************************
 	echo $button_attribs.$param1.'&amp;p=changepw\'">'.hsc($_['pw_change']).'</button>'; 
 	echo $button_attribs.$param1.'&amp;p=changeun\'">'.hsc($_['un_change']).'</button>'; 
 	echo $button_attribs.$param1.'&amp;p=hash\'">'.hsc($_['Generate_Hash']).'</button>'; 
-	echo $button_attribs.$edit_params.'\'">'.hsc($_['Edit'].' '.$config_title).'</button>'; 
+	echo $button_attribs.$edit_params.'\'">'.hsc($_['View'].' '.$config_title).'</button>';
 	echo '</span>';
 
 	echo '<div class="info">';
@@ -1567,7 +1554,7 @@ function Change_PWUN_Page($pwun, $type, $page_title, $label_new, $label_confirm)
 <?php
 	//Note: The button with id="submitty" above must NOT be of type="submit",
 	//NOR have an id="submit", or the event_scripts won't work.
-	event_scripts('change', 'submitty', $pwun); //Doesn't work if an id="submit"
+	pwun_event_scripts('change', 'submitty', $pwun); //Doesn't work if an id="submit"
 	js_hash_scripts();
 }//end Change_PWUN_Page() //****************************************************
 
@@ -1710,7 +1697,7 @@ function Login_Page() { //******************************************************
 	<script>document.getElementById('username').focus();</script>
 <?php
 	//Note: The "login" button above must NOT be of type="submit", NOR have an id="submit", or the event_scripts won't work.
-	event_scripts('login_form', 'login');
+	pwun_event_scripts('login_form', 'login');
 	js_hash_scripts();
 }//end Login_Page() //**********************************************************
 
@@ -1846,7 +1833,7 @@ function Get_DIRECTORY_DATA($raw_list) { //*************************************
 		
 		//First check for no $ext:  "filename"  or ".filename"
 		$segments = count($filename_parts);
-		if( $segments === 1 || ( ($segments === 2) && ($filename_parts[0] === ""))) {
+		if( $segments === 1 || (($segments === 2) && ($filename_parts[0] === "")) ) {
 				 $ext =  '';
 		} else { $ext = end($filename_parts); }
 		
@@ -1929,9 +1916,9 @@ function Index_Page_buttons_top($file_count) { //*******************************
 		$onclick_m = 'onclick="Confirm_Submit( \'move\');   "';
 		$onclick_c = 'onclick="Confirm_Submit( \'copy\');   "';
 		$onclick_d = 'onclick="Confirm_Submit( \'delete\' );"';
-		echo '<button TYPE=button '.$onclick_m.'>'.$ICONS['move'  ].'&nbsp;'.hsc($_['Move']  ).'</button>';
-		echo '<button TYPE=button '.$onclick_c.'>'.$ICONS['copy'  ].'&nbsp;'.hsc($_['Copy']  ).'</button>';
-		echo '<button TYPE=button '.$onclick_d.'>'.$ICONS['delete'].'&nbsp;'.hsc($_['Delete']).'</button>';
+		echo '<button type=button '.$onclick_m.'>'.$ICONS['move'  ].'&nbsp;'.hsc($_['Move']  ).'</button>';
+		echo '<button type=button '.$onclick_c.'>'.$ICONS['copy'  ].'&nbsp;'.hsc($_['Copy']  ).'</button>';
+		echo '<button type=button '.$onclick_d.'>'.$ICONS['delete'].'&nbsp;'.hsc($_['Delete']).'</button>';
 	}
 	echo '</div>'; //end mcd_submit
 
@@ -1974,30 +1961,31 @@ function Index_Page(){ //*******************************************************
 
 
 function Edit_Page_buttons_top($text_editable,$file_ENC){ //********************
-	global $_, $ONESCRIPT, $param1, $param2, $filename, $filename_OS, $WYSIWYG_VALID, $EDIT_MODE, $ON_OFF_label;
-
-	//[Edit WYSIWYG] / [Edit HTML] button.
-	$ON_OFF_button  = '';
-	if ($text_editable && $WYSIWYG_VALID) {
-		$set_cookie = "document.cookie='edit_mode=".(!$EDIT_MODE*1)."'; ";
-		$edit_page  = "parent.location='".$ONESCRIPT.$param1.$param2."&p=edit';";
-		$attribs    = 'type=button class=button id=on_off onclick="'.$set_cookie.$edit_page.'"';
-		$ON_OFF_button = '<button '.$attribs.'>'.hsc($_['Edit']).' '.hsc($ON_OFF_label).'</button>';
-	}
+	global $_, $ONESCRIPT, $param1, $param2, $filename, $filename_OS, $IS_OFCMS, 
+				$WYSIWYG_VALID, $EDIT_WYSIWYG, $WYSIWYG_label, $message;
+
+	clearstatcache ();
+
+	//[View Raw] button.
+	$view_raw_button = '<button type=button id=view_raw class=button>'.hsc('View Raw').'</button>';
 
 	//[Wide View] / [Normal View] button.
-	$wide_view_button = '';  //Doesn't work with wysiwyg loaded (onclick conflict?).
-	if ($text_editable && !$EDIT_MODE) { 
-		$attribs = 'type="button" id="wide_view" class="button" onclick="Wide_View();"';
-		$wide_view_button = '<button '.$attribs.'>'.hsc($_['Wide_View']).'</button>';
+	$wide_view_button = '<button type=button id=wide_view class=button>'.hsc($_['Wide_View']).'</button>';
+
+	//[Edit WYSIWYG] / [Edit Source] button.
+	$WYSIWYG_button  = '';
+	if ($text_editable && $WYSIWYG_VALID && !$IS_OFCMS) { //Only show when needed/applicable
+		//Set current mode for Edit page, and label for [Edit WYSIWIG/Source] button
+		if ( isset($_COOKIE['edit_wysiwyg']) && ($_COOKIE['edit_wysiwyg'] == '1')) {
+			   $EDIT_WYSIWYG = '1'; $WYSIWYG_label = $_['Source']; }  //wysiwyg mode
+		else { $EDIT_WYSIWYG = '0'; $WYSIWYG_label = $_['WYSIWYG']; } //plain text mode
+		
+		$WYSIWYG_button  = '<button type=button id=edit_WYSIWYG class=button>'; 
+		$WYSIWYG_button .= hsc($_['Edit']).' '.hsc($WYSIWYG_label).'</button>';
 	}
 
 	//[Close] button
-	$params = $param1; //If came from admin page, return there.
-	if ( $_SESSION['admin_page'] ) { $params .= '&amp;p=admin'; }
-	$onclick = 'onclick="parent.location = \''.$ONESCRIPT.$params.'\'"';
-	$attribs = 'type="button" id="close1" class="button" '.$onclick;
-	$close_button = '<button '.$attribs.'>'.hsc($_['Close']).'</button>';
+	$close_button = '<button type=button id=close1 class=button>'.hsc($_['Close']).'</button>';
 ?>
 	<div class="edit_btns_top">
 		<div class="file_meta">
@@ -2011,13 +1999,19 @@ function Edit_Page_buttons_top($text_editable,$file_ENC){ //********************
 		</div>
 		
 		<div class="buttons_right">
-			<?php echo $wide_view_button; ?>
-			<?php echo $ON_OFF_button; ?>
-			<?php echo $close_button; ?>			
-			<script>document.getElementById('close1').focus();</script>
+			<?php echo $view_raw_button  ?>
+			<?php echo $wide_view_button ?>
+			<?php echo $WYSIWYG_button    ?>
+			<?php echo $close_button     ?>
 		</div>
 		<div class=clear></div>
 	</div>
+
+	<script>
+	var Close_button_TEST     = document.getElementById('close_TEST');
+	Close_button_TEST.onclick = function () { parent.location = '<?php echo $close_params ?>'; }
+	</script>
+
 <?php
 }//end Edit_Page_buttons_top() //***********************************************
 
@@ -2025,99 +2019,88 @@ function Edit_Page_buttons_top($text_editable,$file_ENC){ //********************
 
 
 function Edit_Page_buttons($text_editable, $too_large_to_edit) { //*************
-	global $_, $ICONS, $ONESCRIPT, $param1, $param2, $MAX_IDLE_TIME, $Editing_OFCMS, $WYSIWYG_VALID,  $EDIT_MODE;
-
-	$disabled = 'disabled';
-	$reset_onlick = 'Reset_File()'; //Reset_File() is in Edit_Page_scripts();
+	global $_, $message, $ICONS, $ONESCRIPT, $param1, $param2, $MAX_IDLE_TIME, $IS_OFCMS, $WYSIWYG_VALID, $EDIT_WYSIWYG;
 
-	//If using a WYSIWYG editor, Edit_Page_scripts() aren't loaded.
-	//When so, make sure [Save] & [Reset] are enabled, and [Reset] works.
-	if ($WYSIWYG_VALID && $EDIT_MODE) {
-		$disabled = ''; 
-		$reset_onlick = "confirm('".addslashes($_['confirm_reset'])."')"; 
-	}
+	//Using ckeditor WYSIWYG editor, <input type=reset> button doesn't work. (I don't know why.)
+	$reset_button = '<input type=reset class=button value="'.hsc($_['reset']).'" onclick="return Reset_File();" id="reset">';
+	if ($WYSIWYG_VALID && $EDIT_WYSIWYG) {$reset_button = '';}
 
-	$reset_button = '<input type="reset" class="button" value="'.hsc($_['reset']).'" onclick="return '.$reset_onlick.'" id="reset">';
-?>
-	<div class="edit_btns_bottom">
-		<?php
-		if ($text_editable && !$too_large_to_edit) { //Show save & reset only if editable file
+	echo '<div class="edit_btns_bottom">';
+		
+		if ($text_editable && !$too_large_to_edit && !$IS_OFCMS) { //Show save & reset only if editable file
 			echo Timeout_Timer($MAX_IDLE_TIME, 'timer1','timer', 'LOGOUT');
-			echo '<button type="submit" class="button" onclick="submitted = true;" id="save_file">'.hsc($_['save_1']).'</button>';
+			echo '<button type="submit" class="button" id="save_file">'.hsc($_['save_1']).'</button>'; //Submit Button
 			echo $reset_button;
-			?><script>
-				document.getElementById("save_file").disabled = "<?php echo $disabled ?>";
-				document.getElementById('reset').disabled     = "<?php echo $disabled ?>";
-			</script><?php
 		}//end if editable
 		
-		//Don't show [Rename] or [Delete] if editing OneFileCMS itself.
-		$Button = '<button type=button class="button RCD" onclick="parent.location=\''.$ONESCRIPT.$param1.$param2;	
-		if (!$Editing_OFCMS) { echo $Button.'&amp;p=renamefile\'">'.$ICONS['ren_mov'].'&nbsp;'.hsc($_['Ren_Move']).'</button>'; }
-		/*Always show Copy*/   echo $Button.'&amp;p=copyfile\'">'  .$ICONS['copy']   .'&nbsp;'.hsc($_['Copy'])    .'</button>';
-		if (!$Editing_OFCMS) { echo $Button.'&amp;p=deletefile\'">'.$ICONS['delete'] .'&nbsp;'.hsc($_['Delete'])  .'</button>'; }
-?>
-	</div>
-<?php
+		function RCD_button($action, $icon, $label){ //***************
+			global $ONESCRIPT, $param1, $param2, $ICONS;
+			echo '<button type=button id="'.$action.'_btn" class="button RCD">'.$ICONS[$icon].'&nbsp;'.hsc($label).'</button>';
+		}//end RCD_button() //****************************************
+		
+		//Don't show [Rename] or [Delete] if viewing OneFileCMS itself.
+		if (!$IS_OFCMS)      { RCD_button('renamefile', 'ren_mov', $_['Ren_Move']); }
+		/*Always show Copy*/ { RCD_button('copyfile'  , 'copy'   , $_['Copy']); }
+		if (!$IS_OFCMS)      { RCD_button('deletefile', 'delete' , $_['Delete']); }
+		
+	echo '</div>';
+
 }//end Edit_Page_buttons() //***************************************************
 
 
 
 
 //******************************************************************************
-function Edit_Page_form($ext, $text_editable, $too_large_to_edit, $too_large_to_edit_message, $file_ENC){
-	global $_, $ONESCRIPT, $param1, $param2, $param3, $filename, $filename_OS, $itypes, $INPUT_NUONCE, $EX, 
-		   $raw_contents, $WYSIWYG_VALID, $EDIT_MODE;
+function Edit_Page_form($ext, $text_editable, $too_large_to_edit, $too_large_to_view, $file_ENC){
+	global $_, $ONESCRIPT, $param1, $param2, $param3, $filename, $filename_OS, $itypes, $INPUT_NUONCE, $EX, $message, 
+		   $FILECONTENTS, $WYSIWYG_VALID, $EDIT_WYSIWYG, $IS_OFCMS, $MAX_EDIT_SIZE, $MAX_VIEW_SIZE;
 
-	$load_Edit_Page_scripts = false; //Don't load if not needed.
-?>
-	<form id="edit_form" name="edit_form" method="post" action="<?php echo $ONESCRIPT.$param1.$param2.$param3 ?>">
-<?php
-		echo $INPUT_NUONCE;
+	$too_large_to_edit_message =
+		'<b>'.hsc($_['too_large_to_edit_01']).' '.number_format($MAX_EDIT_SIZE).' '.hsc($_['bytes']).'</b><br>'.
+		hsc($_['too_large_to_edit_02']).'<br>'.hsc($_['too_large_to_edit_03']).'<br>'.hsc($_['too_large_to_edit_04']);
+
+	$too_large_to_view_message =
+		'<b>'.hsc($_['too_large_to_view_01']).' '.number_format($MAX_VIEW_SIZE).' '.hsc($_['bytes']).'</b><br>'.
+		hsc($_['too_large_to_view_02']).'<br>'.hsc($_['too_large_to_view_03']).'<br>';
 
+	echo '<form id="edit_form" name="edit_form" method="post" action="'.$ONESCRIPT.$param1.$param2.$param3.'">';
+		
+		echo $INPUT_NUONCE;
+		
 		Edit_Page_buttons_top($text_editable, $file_ENC);
 		
 		if ( !in_array( mb_strtolower($ext), $itypes) ) { //If non-image...
 				
-			if (!$text_editable) { // If non-text file...
-				echo '<p class="edit_disabled">'.hsc($_['edit_txt_01']).'<br><br></p>';
-				
-			}elseif ( $too_large_to_edit ) {
- 				echo '<p class="edit_disabled">'.$too_large_to_edit_message.'</p>';
-				
-			}else{
-				//Load Edit_Page_scripts() only if not in wysiwyg mode and an editable file.
-				//They don't work when a wysiwyg editor is loaded. (loaded after </form>)
-				$load_Edit_Page_scripts = ( !$WYSIWYG_VALID || !$EDIT_MODE );
-				
-				if (PHP_VERSION_ID < 50400) { // 5.4.0
-					$filecontents = hsc($raw_contents);
-				}else{
-					$filecontents = htmlspecialchars($raw_contents,ENT_SUBSTITUTE | ENT_QUOTES, 'UTF-8');
-				}
-				
+			if     (!$text_editable)      { $message .= hsc($_['edit_txt_01']).'<br><br>'; }
+			elseif ( $too_large_to_edit ) { $message .= $too_large_to_edit_message; }
+			elseif (!$IS_OFCMS) {
 				//Did htmlspecialchars return an empty string from a non-empty file?
-				$bad_chars = ( ($filecontents == "") && (filesize($filename_OS) > 0) );
+				$bad_chars = ( ($FILECONTENTS == "") && (filesize($filename_OS) > 0) );
 				
-				if ($bad_chars){
+				if ($bad_chars){ //Show message: may be a bad character in file
 					echo '<pre class="edit_disabled">'.$EX.hsc($_['edit_txt_02']).'<br>';
 					echo hsc($_['edit_txt_03']).'<br>';
-					echo hsc($_['edit_txt_04']).'<br></pre>';
-				}else{
+					echo hsc($_['edit_txt_04']).'<br></pre>'."\n";
+				}else{          //show editable <textarea>
 					//<input name=filename> is used only to signal an Edit_response().
 					echo '<input type="hidden" name="filename" value="'.rawurlencode($filename).'">';
-					echo '<textarea id="file_editor" name="contents" cols="70" rows="25" ';
-					echo 'onkeyup="Check_for_changes(event);">'.$filecontents.'</textarea>'.PHP_EOL;
+					echo '<textarea id="file_editor" name="contents" cols="70" rows="25">';
+					echo $FILECONTENTS.'</textarea>'."\n";
 				}
-			}//end if/else non-text file...
+			}//end if/elseif...
+			
+			if     ( $text_editable && $too_large_to_view ) //This condition must come first.
+				{ echo '<p class="message_box_contents">'.$too_large_to_view_message.'</p>'; }
+			elseif ($IS_OFCMS || $too_large_to_edit)
+				{ echo '<pre class="edit_disabled view_file">'.$FILECONTENTS.'</pre>'."\n"; }
 		}//end if non-image
 		
 		Edit_Page_buttons($text_editable, $too_large_to_edit);
 	echo '</form>';
 
-	if ( $load_Edit_Page_scripts ) { Edit_Page_scripts(); }
+	Edit_Page_scripts();
 
-	if ($text_editable && !$too_large_to_edit && !$bad_chars) { Edit_Page_Notes(); }
+	if ( !$IS_OFCMS && $text_editable && !$too_large_to_edit && !$bad_chars ) {Edit_Page_Notes();}
 }//end Edit_Page_form() //******************************************************
 
 
@@ -2139,7 +2122,6 @@ function Edit_Page_Notes() { //*************************************************
 					<?php echo ' '.$HRS_MIN_SEC.'. '.hsc($_['edit_note_02']) ?></b>
 				</div>
 				<div class="notes"><b>2) </b> <?php echo hsc($_['edit_note_03']) ?></div>
-				<div class="notes"><b>3) </b> <?php echo hsc($_['edit_note_04']) ?></div>
 			</div>
 <?php
 }//end Edit_Page_Notes() //*****************************************************
@@ -2148,41 +2130,38 @@ function Edit_Page_Notes() { //*************************************************
 
 
 function Edit_Page() { //*******************************************************
-	global $_, $filename, $filename_OS, $filecontents, $raw_contents, $etypes, $itypes,
-			$MAX_EDIT_SIZE, $MAX_VIEW_SIZE, $WYSIWYG_VALID;
-
-	clearstatcache ();
+	global $_, $filename, $filename_OS, $FILECONTENTS, $etypes, $itypes, $EX, $message, $page,
+			$MAX_EDIT_SIZE, $MAX_VIEW_SIZE, $WYSIWYG_VALID, $IS_OFCMS;
 
-	//Determine if a text editable file type
 	$filename_parts = explode(".", mb_strtolower($filename));
 	$ext = end($filename_parts);
+
+	//Determine if a text editable file type
 	if ( in_array($ext, $etypes) ) { $text_editable = TRUE;  }
 	else                           { $text_editable = FALSE; }
-	
+
 	$too_large_to_edit = (filesize($filename_OS) > $MAX_EDIT_SIZE);
 	$too_large_to_view = (filesize($filename_OS) > $MAX_VIEW_SIZE);
-	
+
 	//Don't load $WYSIWYG_PLUGIN if not needed
 	if (!$text_editable || $too_large_to_edit) {$WYSIWYG_VALID = 0;}
 
-	if ($text_editable && !$too_large_to_view) {
+	//Get file contents
+	if (($text_editable && !$too_large_to_view) || $IS_OFCMS) {
 		$raw_contents = file_get_contents($filename_OS);
-		$file_ENC = mb_detect_encoding($raw_contents); //ASCII, UTF-8, etc...
+		$file_ENC = mb_detect_encoding($raw_contents); //ASCII, UTF-8, ISO-8859-1, etc...
+		if ($file_ENC != 'UTF-8') { $raw_contents = mb_convert_encoding($raw_contents, 'UTF-8', $file_ENC); }
 	}else{
 		$file_ENC     = "";
 		$raw_contents = "";
 	}
 
-	if ( $too_large_to_edit ) { $header2 = hsc($_['edit_h2_1']); }
-	else                      { $header2 = hsc($_['edit_h2_2']); }
+	if (PHP_VERSION_ID < 50400) { $FILECONTENTS = hsc($raw_contents); }
+	else						{ $FILECONTENTS = htmlspecialchars($raw_contents,ENT_SUBSTITUTE | ENT_QUOTES, 'UTF-8');	}
 
-	$too_large_to_edit_message =
-		'<b>'.hsc($_['too_large_to_edit_01']).' '.number_format($MAX_EDIT_SIZE).' '.hsc($_['bytes']).'</b><br>'.
-		hsc($_['too_large_to_edit_02']).'<br>'.hsc($_['too_large_to_edit_03']).'<br>'.hsc($_['too_large_to_edit_04']);
-
-	$too_large_to_view_message =
-		'<b>'.hsc($_['too_large_to_view_01']).' '.number_format($MAX_VIEW_SIZE).' '.hsc($_['bytes']).'</b><br>'.
-		hsc($_['too_large_to_view_02']).'<br>'.hsc($_['too_large_to_view_03']).'<br>';//.hsc($_['too_large_to_view_04']);
+	if     ($too_large_to_view || !$text_editable)				 { $header2 = "";}
+	elseif ($text_editable && !$too_large_to_edit && !$IS_OFCMS) { $header2 = hsc($_['edit_h2_2']); }
+	else									  					 { $header2 = hsc($_['edit_h2_1']); }
 
 	//Preserves vertical spacing when message is closed, so edit area doesn't jump as much.
 	echo '<style>#message_box { min-height: 1.88em; }</style>';
@@ -2190,20 +2169,19 @@ function Edit_Page() { //*******************************************************
 	echo '<h2 id="edit_header">'.$header2.' ';
 	echo '<a class="h2_filename" href="/'.URLencode_path($filename).'" target="_blank" title="'.hsc($_['Open_View']).'">';
 	echo hsc(basename($filename)).'</a>';
-	echo '</h2>'.PHP_EOL;
+	echo '</h2>'."\n";
 
-	Edit_Page_form($ext, $text_editable, $too_large_to_edit, $too_large_to_edit_message, $file_ENC);
+	Edit_Page_form($ext, $text_editable, $too_large_to_edit, $too_large_to_view, $file_ENC);
 	
-	if ( in_array( $ext, $itypes) ) { show_image(); }
+	if ( in_array( $ext, $itypes) ) { show_image(); } //If image, show below the [Rename/Move] [Copy] [Delete] buttons
 
 	echo '<div class=clear></div>';
 
-	if     ( $text_editable && $too_large_to_view ) {
-		echo '<p class="edit_disabled">'.$too_large_to_view_message.'</p>';
-	}
-	elseif ( $text_editable && $too_large_to_edit ){
-		$filecontents = hsc(file_get_contents($filename_OS), ENT_COMPAT,'UTF-8');
-		echo '<pre class="edit_disabled view_file">'.$filecontents.'</pre>';
+	//If viewing OneFileCMS itself, show Edit Disabled message.
+	if ($IS_OFCMS && $page == "edit") {
+		$message .= '<style>.message_box_contents {background: red;}</style>';
+		$message .= '<style>#message_box          {color: white;}   </style>';
+		$message .= '<b>'.$EX.hsc($_['edit_caution_02']).' &nbsp; '.$_['edit_txt_00'].'</b><br>';
 	}
 }//end Edit_Page() //***********************************************************
 
@@ -2435,22 +2413,15 @@ function CRM_Page($action, $title, $action_id, $old_full_name) { //*************
 		echo '<input type="hidden" name=old_full_name     value="'.hsc($old_full_name).'">';
 		
 		echo '<label>'.hsc($_['CRM_txt_04']).':</label>';
-		echo '<input type=text name=new_name class=new_name id=new_name value="'.hsc(basename($new_full_name)).'"><br>'; //##### added id
+		echo '<input type=text name=new_name id=new_name value="'.hsc(basename($new_full_name)).'"><br>';
 		
 		echo '<label>'.hsc($_['New_Location']).':</label>';
 		echo '<span class="web_root">'.hsc($WEB_ROOT.$ACCESS_ROOT).'</span>';
-		echo '<input type=text   name=new_location  value="'.hsc($ACCESS_PATH).'"><br>';
+		echo '<input type=text name=new_location id=new_location value="'.hsc($ACCESS_PATH).'"><br>';
 		
 		echo '('.hsc($_['CRM_txt_02']).')<p>';
 		Cancel_Submit_Buttons($action);
 	echo '</form>';
-
-//##### 
-?>
-<script>
-var $new_name = document.getElementById('new_name');
-</script>
-<?php
 }//end CRM_Page() //************************************************************
 
 
@@ -2602,7 +2573,7 @@ function MCD_Page($action, $page_title, $classes = '') { //*********************
 	echo '<h2>'.hsc($page_title).'</h2>';
 
 	echo '<form method="post" action="'.$ONESCRIPT.$param1.'">'.$INPUT_NUONCE;
-		echo '<input type="hidden" name="'.hsc($action).'" value="'.hsc($action).'">'.PHP_EOL;
+		echo '<input type="hidden" name="'.hsc($action).'" value="'.hsc($action).'">'."\n";
 		
 		if ( ($_POST['mcdaction'] == 'copy') || ($_POST['mcdaction'] == 'move') ) {
 			echo '<label>'.hsc($_['New_Location']).':</label>';
@@ -2801,12 +2772,12 @@ function init_ICONS_js() { //***************************************************
 ICONS['php'] = '<?php echo $ICONS["php"] ?>';
 ICONS['css'] = '<?php echo $ICONS["css"] ?>';
 ICONS['cfg'] = '<?php echo $ICONS["cfg"] ?>';
-ICONS['dir']     = '<?php echo $ICONS["dir"] ?>';
-ICONS['folder']  = '<?php echo $ICONS["folder"] ?>';
+ICONS['dir']     = '<?php echo $ICONS["dir"]     ?>';
+ICONS['folder']  = '<?php echo $ICONS["folder"]  ?>';
 ICONS['ren_mov'] = '<?php echo $ICONS["ren_mov"] ?>';
-ICONS['move']    = '<?php echo $ICONS["move"] ?>';
-ICONS['copy']    = '<?php echo $ICONS["copy"] ?>';
-ICONS['delete']  = '<?php echo $ICONS["delete"] ?>';
+ICONS['move']    = '<?php echo $ICONS["move"]    ?>';
+ICONS['copy']    = '<?php echo $ICONS["copy"]    ?>';
+ICONS['delete']  = '<?php echo $ICONS["delete"]  ?>';
 </script>
 <?php
 }//end init_ICONS_js() //*******************************************************
@@ -2815,7 +2786,7 @@ function init_ICONS_js() { //***************************************************
 
 
 function common_scripts() { //**************************************************
-	global $_, $TO_WARNING;
+	global $_, $TO_WARNING, $message, $page;
 ?>
 <script>
 
@@ -2898,7 +2869,7 @@ function Countdown(count, End_Time, Timer_ID, Timer_CLASS, Action){
 	Timer.innerHTML = FormatTime(count);
 
 	if ( (count == <?php echo $TO_WARNING ?>) && (Action != "") ) { //Two minute warning...
-		$message_box.innerHTML = '<div id="message_box_contents"><b><?php echo hsc($_['session_warning']) ?></b>';
+		$message_box.innerHTML = '<div class="message_box_contents"><b><?php echo hsc($_['session_warning']) ?></b>';
 		Timer.style.backgroundColor = "white";
 		Timer.style.color = "red";
 		Timer.style.fontWeight = "900";
@@ -2907,7 +2878,7 @@ function Countdown(count, End_Time, Timer_ID, Timer_CLASS, Action){
 	if ( count < 1 ) {
 		if ( Action == 'LOGOUT') {
 			Timer.innerHTML        = '<?php echo hsc($_['session_expired']) ?>';
-			$message_box.innerHTML = '<div id=message_box_contents><b><?php echo hsc($_['session_expired']) ?></b></div>';
+			$message_box.innerHTML = '<div class=message_box_contents><b><?php echo hsc($_['session_expired']) ?></b></div>';
 			//Load login screen, but delay first to make sure really expired:
 			setTimeout('window.location = window.location.pathname',10000); //1000 = 1 second
 		}
@@ -2966,6 +2937,18 @@ function FileTimeStamp(php_filemtime, show_date, show_offset, write_return){
 	else 			  { return DATETIME; }
 }//end FileTimeStamp() //*********************************************
 
+
+
+function Display_Messages($message) { //******************************
+	var $page = '<?php echo $page ?>';
+	var $onclick = 'document.getElementById("message_box").innerHTML = " ";return false;';
+	var $X_box   =  '<a id="X_box" href="" onclick=\'' + $onclick + '\'>x</a>';
+	var $MESSAGE = '<div class=message_box_contents>' + $message + '</div>';
+	document.getElementById("message_box").innerHTML = $X_box + $MESSAGE;
+
+	if ($page == 'index') { document.getElementById("X_box").focus(); }
+}//end Display_Messages() //******************************************
+
 </script>
 <?php
 }//end common_scripts() //******************************************************
@@ -3073,17 +3056,18 @@ function sort_DIRECTORY(col, direction) { //**************************
 
 
 //********************************************************************
-function Assemble_row(HREF_params, f_or_f, filetype, filename, file_name){
+function Assemble_row(x, HREF_params, f_or_f, filename, file_name, time_stamp, file_size){
 	var TABLE_ROW = '';
 		
 	//Assemble cell contents: [move] [copy] [delete] [x] <a>file name</a> etc...
-	ren_mov = '<a href="' + HREF_params + '&amp;p=rename' + f_or_f + '" title="<?php echo hsc($_['Ren_Move']) ?>">' + ICONS['ren_mov'] + '</a>';
-	copy    = '<a href="' + HREF_params + '&amp;p=copy'   + f_or_f + '" title="<?php echo hsc($_['Copy'])     ?>">' + ICONS['copy']    + '</a>';
-	del     = '<a href="' + HREF_params + '&amp;p=delete' + f_or_f + '" title="<?php echo hsc($_['Delete'])   ?>">' + ICONS['delete']  + '</a>';
-	checkbox = '<div class="ckbox"><INPUT TYPE=checkbox NAME="files[]"  VALUE="'+ hsc(filename) +'"></div>';
+	var ren_mov = '<a href="' + HREF_params + '&amp;p=rename' + f_or_f + '" title="<?php echo hsc($_['Ren_Move']) ?>">' + ICONS['ren_mov'] + '</a>';
+	var copy    = '<a href="' + HREF_params + '&amp;p=copy'   + f_or_f + '" title="<?php echo hsc($_['Copy'])     ?>">' + ICONS['copy']    + '</a>';
+	var del     = '<a href="' + HREF_params + '&amp;p=delete' + f_or_f + '" title="<?php echo hsc($_['Delete'])   ?>">' + ICONS['delete']  + '</a>';
+	var checkbox = '<div class="ckbox"><INPUT TYPE=checkbox NAME="files[]"  VALUE="'+ hsc(filename) +'"></div>';
 		
 	//Don't show remove, delete, or checkbox options for active copy of OneFileCMS.
-	if (DIRECTORY_DATA[x][4]) { ren_mov = del = checkbox = ''; }
+	var IS_OFCMS = DIRECTORY_DATA[x][4];
+	if (IS_OFCMS) { ren_mov = del = checkbox = ''; }
 		
 	TABLE_ROW += "<tr>";
 	TABLE_ROW += '<td class="RCD">' + ren_mov  + '</td>';
@@ -3133,15 +3117,11 @@ function Build_Directory() { //***************************************
 	//Build data from DIRECTORY_DATA into a set of <tr>'s
 
 	var DIRECTORY_LIST	= "";
-	var DS              = '';  // ' /' for folders, blank otherwise.
-	var f_or_f          = '';  // 'file' or 'folder'
-
-	var HREF_params = '';
 	var filetype    = '';
-	var filename    = '';
+	var filename = file_name = time_stamp = '';
 	var filesize    =  0;
 
-	for (x=0; x < DIRECTORY_DATA.length; x++) {
+	for (var x=0; x < DIRECTORY_DATA.length; x++) {
 		
 		filetype = DIRECTORY_DATA[x][0];
 		filename = DIRECTORY_DATA[x][1];
@@ -3149,22 +3129,23 @@ function Build_Directory() { //***************************************
 		
 		//folder or file?  And file_size
 		if (filetype == "dir"){
-			DS = ' /';
-			f_or_f = 'folder';
-			HREF_params = ONESCRIPT + PARAM1 + encodeURIComponent(filename);
-			file_size = '';
+			var DS = ' /';         // ' /' for folders, blank otherwise.
+			var f_or_f = 'folder'; // 'file' or 'folder'
+			var HREF_params = ONESCRIPT + PARAM1 + encodeURIComponent(filename);
+			var file_size = '';
 		} else {
-			DS = '';
-			f_or_f = 'file';
-			HREF_params = ONESCRIPT + PARAM1 + '&amp;f=' + encodeURIComponent(filename);
-			file_size = format_number(filesize) + ' B';
+			var DS = '';
+			var f_or_f = 'file';
+			var HREF_params = ONESCRIPT + PARAM1 + '&amp;f=' + encodeURIComponent(filename);
+			var file_size = format_number(filesize) + ' B';
 		}
 		
-		file_name  = '<a href="' + HREF_params  + '&amp;p=edit' + '"  title="<?php echo hsc($_['Edit_View']) ?>: ' + hsc(filename) + '" >';
+		file_name  = '<a href="' + HREF_params  + '&amp;p=edit"';
+		file_name += ' title="<?php echo hsc($_['Edit_View']) ?>: ' + hsc(filename) + '" >';
 		file_name += ICONS[filetype] + '&nbsp;' + hsc(filename) + DS + '</a>';
 		time_stamp = FileTimeStamp(DIRECTORY_DATA[x][3], 1, 0, 0);
 		
-		DIRECTORY_LIST += Assemble_row(HREF_params, f_or_f, filetype, filename, file_name)
+		DIRECTORY_LIST += Assemble_row(x, HREF_params, f_or_f, filename, file_name, time_stamp, file_size)
 		
 	}//end for x
 
@@ -3236,7 +3217,8 @@ function Confirm_Submit(action){ //***********************************
 
 
 function Edit_Page_scripts() { //***********************************************
-	global $_, $MAIN_WIDTH, $WIDE_VIEW_WIDTH, $current_view;
+	global $_, $ONESCRIPT, $ONESCRIPT_file, $ipath, $param1, $param2, $filename,
+			$MAIN_WIDTH, $WIDE_VIEW_WIDTH, $current_view, $WYSIWYG_VALID, $EDIT_WYSIWYG;
 
 	//Determine edit_view width.
 	$current_view = $MAIN_WIDTH;
@@ -3245,38 +3227,41 @@ function Edit_Page_scripts() { //***********************************************
 			$current_view = $_COOKIE['edit_view'];
 		}
 	}
+
+	//For [Edit WYSIWYG/Source] button
+	$set_cookie = "document.cookie='edit_wysiwyg=".(!$EDIT_WYSIWYG*1)."';";
+	$WYSIWYG_onclick = "parent.location = onclick_params + 'edit'; ".$set_cookie;
+
+	//For [Close] button
+	$close_params = $ONESCRIPT.$param1;                             //If came from admin page, return there.
+	if ( $_SESSION['admin_page'] ) { $close_params .= '&p=admin'; } //##### But, as of 3.5.07, does this occur?
 ?>
 <!--======== Provide feedback re: unsaved changes ========-->
 <script>
-
-var File_textarea    = document.getElementById('file_editor');
-var Save_File_button = document.getElementById('save_file');
-var Reset_button     = document.getElementById('reset');
-var focus            = ''; //used by Save_File_button events
+var onclick_params = '<?php echo $ONESCRIPT.$param1.'&f='.basename($filename).'&p=' ?>'; //#####
+
+var Main_div		   = document.getElementById('main');
+var File_textarea      = document.getElementById('file_editor');
+var View_Raw_button    = document.getElementById('view_raw');
+var Wide_View_button   = document.getElementById('wide_view');
+var WYSIWYG_button	   = document.getElementById('edit_WYSIWYG');
+var Close_button       = document.getElementById('close1');
+var Save_File_button   = document.getElementById('save_file');
+var Reset_button       = document.getElementById('reset');
+var Rename_File_button = document.getElementById('renamefile_btn');
+var Copy_File_button   = document.getElementById('copyfile_btn');
+var Delete_File_button = document.getElementById('deletefile_btn');
 
 if (File_textarea) { var start_value = File_textarea.value; }
 
 var submitted  = false;
 var changed    = false;
 
-// a few var's for Wide_View()
-var Main_div		 = document.getElementById('main');
-var Wide_View_button = document.getElementById('wide_view');
-var main_width_default = '<?php echo $MAIN_WIDTH ?>';
-
-
-// The following events only apply when the element is active.
-// [Save] is disabled unless there are changes to the open file.
-Save_File_button.onfocus = function()     { Save_File_button.style.backgroundColor = "rgb(255,250,150)";
-										    Save_File_button.style.borderColor = "#F00"; focus='save'; }
-Save_File_button.onblur  = function()     { Save_File_button.style.backgroundColor ="#Fee";
-										    Save_File_button.style.borderColor = "#Faa"; focus=''; }
-Save_File_button.onmouseover = function() { Save_File_button.style.backgroundColor = "rgb(255,250,150)";
-										    Save_File_button.style.borderColor = "#F00"; }
-Save_File_button.onmouseout  = function() { if (focus!='save') {
-												Save_File_button.style.backgroundColor = "#Fee";
-												Save_File_button.style.borderColor = "#Faa";
-											} }
+//[View Raw], [Close], and [Copy], should always be present on Edit Page.
+View_Raw_button.onclick  = function () { window.open(onclick_params + 'raw_view'); }
+Close_button.onclick     = function () { parent.location = '<?php echo $close_params ?>'; }
+Close_button.focus();
+Copy_File_button.onclick = function () { parent.location = onclick_params + 'copyfile';   }
 
 Main_div.style.width = "<?php echo $current_view ?>"; //Set current width
 
@@ -3284,37 +3269,39 @@ function Edit_Page_scripts() { //***********************************************
 	Wide_View_button.innerHTML = '<?php echo hsc($_['Normal_View']) ?>';
 }
 
+//These elements do not exist if file is not editable.
+if (Wide_View_button)   { Wide_View_button.onclick = function ()   {Wide_View();}    }
+if (Save_File_button)   { Save_File_button.onclick = function ()   {submitted=true;} }
+if (WYSIWYG_button  )   { WYSIWYG_button.onclick = function ()     {<?php echo $WYSIWYG_onclick ?>} }
+if (Rename_File_button) { Rename_File_button.onclick = function () {parent.location = onclick_params + 'renamefile';} }
+if (Delete_File_button) { Delete_File_button.onclick = function () {parent.location = onclick_params + 'deletefile';} }
+if (File_textarea)      { File_textarea.onkeyup = function(event)  {Check_for_changes(event);} }
+
+
 
 function Wide_View() {
+
+	var main_width_default = '<?php echo $MAIN_WIDTH ?>';
+
 	if ( File_textarea ) { File_textarea.style.width = '99.8%'; }
 	
 	if (Main_div.style.width == '<?php echo $WIDE_VIEW_WIDTH ?>') {
-		Main_div.style.width = main_width_default;
+		Main_div.style.width       = main_width_default;
 		Wide_View_button.innerHTML = "<?php echo hsc($_['Wide_View'])?>";
-		document.cookie = 'edit_view=' + main_width_default;
+		document.cookie            = 'edit_view=' + main_width_default;
 	}else{
-		Main_div.style.width = '<?php echo $WIDE_VIEW_WIDTH ?>';
+		Main_div.style.width       = '<?php echo $WIDE_VIEW_WIDTH ?>';
 		Wide_View_button.innerHTML = '<?php echo hsc($_['Normal_View']) ?>';
-		document.cookie = 'edit_view=<?php echo $WIDE_VIEW_WIDTH ?>';
+		document.cookie            = 'edit_view=<?php echo $WIDE_VIEW_WIDTH ?>';
 	}
 }
 
 
-function Reset_file_status_indicators() {
-	changed = false;
-	File_textarea.style.backgroundColor = "#F9FFF9";  //light green
-	Save_File_button.style.backgroundColor = "";
-	Save_File_button.style.borderColor = "";
-	Save_File_button.style.borderWidth = "1px";
-	Save_File_button.disabled = "disabled";
-	Save_File_button.innerHTML = "<?php echo hsc($_['save_1'])?>";
-	Reset_button.disabled = "disabled";
-}
-
 
 window.onbeforeunload = function() {
 	if ( changed && !submitted ) {
 		//FF4+ Ingores the supplied msg below & only uses a system msg for the prompt.
+		<?php //use addslashes() because this is for a js alert() or confirm(), not HTML ?>
 		return "<?php echo addslashes($_['unload_unsaved']) ?>";
 	}
 }
@@ -3322,7 +3309,7 @@ function Reset_file_status_indicators() {
 
 window.onunload = function() {
 	//without this, a browser back then forward would reload file with local/
-	// unsaved changes, but with a green b/g as tho that's the file's contents.
+	// unsaved changes, but with a green b/g as tho that's the file's saved contents.
 	if (!submitted) {
 		File_textarea.value = start_value;
 		Reset_file_status_indicators();
@@ -3330,6 +3317,17 @@ function Reset_file_status_indicators() {
 }
 
 
+function Reset_file_status_indicators() {
+	changed = false;
+	File_textarea.style.backgroundColor = "#F5FFF5";  //light green
+	File_textarea.style.borderColor     = "";
+	Save_File_button.style.borderColor  = "";
+	Save_File_button.innerHTML          = "<?php echo hsc($_['save_1'])?>";
+	Reset_button.disabled               = "disabled";
+}
+
+
+
 //With selStart & selEnd == 0, moves cursor to start of text field.
 function setSelRange(inputEl, selStart, selEnd) {
 	if (inputEl.setSelectionRange) {
@@ -3345,18 +3343,17 @@ function setSelRange(inputEl, selStart, selEnd) {
 }
 
 
+
 function Check_for_changes(event){
 	var keycode=event.keyCode? event.keyCode : event.charCode;
 	changed = (File_textarea.value != start_value);
 	if (changed){
 		document.getElementById('message_box').innerHTML = " "; //Must have a space, or it won't clear the msg.
-		File_textarea.style.backgroundColor    = "#Fee";//light red
-		Save_File_button.style.backgroundColor ="#Fee";
-		Save_File_button.style.borderColor = "#Faa";  //less light red
-		Save_File_button.style.borderWidth = "1px";
-		Save_File_button.disabled = "";
-		Reset_button.disabled = "";
-		Save_File_button.innerHTML = "<?php echo hsc($_['save_2'])?>";
+		File_textarea.style.backgroundColor    = "#FFF"; //white
+		File_textarea.style.borderColor        = "#F33"; //mild red
+		Save_File_button.style.borderColor	   = "#F33";
+		Save_File_button.innerHTML			   = "<?php echo hsc($_['save_2'])?>";
+		Reset_button.disabled				   = "";
 	}else{
 		Reset_file_status_indicators()
 	}
@@ -3368,9 +3365,8 @@ function Check_for_changes(event){
 //Needed becuase if the page is reloaded (ctl-r, or browser back/forward, etc.),
 //the text stays changed, but "changed" gets set to false, which looses warning.
 function Reset_File() {
-	if (changed) {
-		if ( !(confirm("<?php echo addslashes($_['confirm_reset']) ?>")) ) { return false; }
-	}
+    <?php //use addslashes() because this is for a js alert() or confirm(), not HTML ?>
+	if (changed) { if ( !(confirm("<?php echo addslashes($_['confirm_reset']) ?>")) ) { return false; } }
 	File_textarea.value = start_value;
 	Reset_file_status_indicators();
 	setSelRange(File_textarea, 0, 0) //Move cursor to start of textarea.
@@ -3384,7 +3380,7 @@ function Reset_File() {
 
 
 
-function event_scripts($form_id, $button_id, $pwun=''){ //**********************
+function pwun_event_scripts($form_id, $button_id, $pwun=''){ //*****************
 	global $_;
 
 	//pre-hash "new1" & "new2" only if changing p/w (not if changing u/n).
@@ -3415,7 +3411,7 @@ function event_scripts($form_id, $button_id, $pwun=''){ //**********************
 function events_down(event, capture_key) {if (!event) {var event = window.event;} //if IE
 	$thispage = true; //Make sure keydown was on this page.
 	if ((event.type.substr(0,3) == 'key') && (event.keyCode != capture_key)) {return true;}
-	$message_box.innerHTML = '<div id="message_box_contents"><b><?php echo hsc($_['Working']) ?></b>';
+	$message_box.innerHTML = '<div class="message_box_contents"><b><?php echo hsc($_['Working']) ?></b>';
 }
 
 
@@ -3457,19 +3453,19 @@ function pre_validate_pwun() {
 
 	//If any field is blank..
 	if (($username.value == '') || ($pw.value == '') || ($new1.value == '') || ($new2.value == '')) {
-		$message_box.innerHTML = '<div id="message_box_contents"><b><?php echo hsc($_['change_pw_07']) ?></b>';
+		$message_box.innerHTML = '<div class="message_box_contents"><b><?php echo hsc($_['change_pw_07']) ?></b>';
 		return false;
 	}
 	//If new & confirm new values do not match...
 	if (trim($new1.value) != trim($new2.value)) {
-		$message_box.innerHTML = '<div id="message_box_contents"><b><?php echo hsc($_['change_pw_04']) ?></b>';
+		$message_box.innerHTML = '<div class="message_box_contents"><b><?php echo hsc($_['change_pw_04']) ?></b>';
 		return false;
 	}
 	return true;
 }//end pre_validate_pwun()
 </script>
 <?php
-}//end event_scripts() //*******************************************************
+}//end pwun_event_scripts() //**************************************************
 
 
 
@@ -3559,9 +3555,9 @@ function style_sheet(){ //******************************************************
 input:focus  { background-color: rgb(255,250,150); }
 input:hover  { background-color: rgb(255,250,150); }
 
-button:focus  { background-color: rgb(255,250,150); }
-button:hover  { background-color: rgb(255,250,150); }
-button:active { background-color: rgb(245,245,50);  }
+button:focus  { background-color: rgb(255,250,150); border-color: #333;}
+button:hover  { background-color: rgb(255,250,150); border-color: #333;}
+button:active { background-color: rgb(245,245,50);  border-color: #333;}
 
 /* --- layout --- */
 
@@ -3574,7 +3570,7 @@ function style_sheet(){ //******************************************************
 
 #header {
 	border-bottom : 1px solid #777;
-	padding: 04px 0px 01px 0px;
+	padding: 4px 0px 1px 0px;
 	margin : 0 0 0 0;
 	}
 
@@ -3599,7 +3595,7 @@ function style_sheet(){ //******************************************************
 
 #message_box { border: none; margin: .5em 0 0 0; padding: 0; }
 
-#message_box_contents { border: 1px solid gray; padding: 3px 2px 2px 4px; background: #FFF000; }
+.message_box_contents { border: 1px solid gray; padding: 3px 2px 2px 4px; background: #FFF000; }
 
 #message_box #message_left {
 	float  : left;
@@ -3620,8 +3616,8 @@ function style_sheet(){ //******************************************************
 	background : #EEE;
 	}
 
-#message_box  #X_box:hover  {background-color: rgb(255,250,150);}
-#message_box  #X_box:focus  {background-color: rgb(255,250,150);}
+#message_box  #X_box:hover  {background-color: rgb(255,250,150); border-color: #333}
+#message_box  #X_box:focus  {background-color: rgb(255,250,150); border-color: #333}
 #message_box  #X_box:active {background-color: rgb(245,245,50); }
 
 .filename { font-family: courier; }
@@ -3706,7 +3702,6 @@ function style_sheet(){ //******************************************************
 #DIRECTORY_FOOTER td {text-align: center; font-size: .9em; color: #333; padding: 3px 0 0 0; }
 
 
-
 /*** front_links:  [New File] [New Folder] [Upload File] ***/
 .front_links { float: right; }
  
@@ -3728,7 +3723,6 @@ function style_sheet(){ //******************************************************
 a:active { border: 1px solid #777; background-color: rgb(245,245,50);  }
 
 
-
 /*** [Move] [Copy] [Delete] ***/
 
 #mcd_submit { margin: 0; height: 1.8em; }
@@ -3757,15 +3751,17 @@ function style_sheet(){ //******************************************************
 	cursor : pointer;
 	border : 1px solid #777;
 	color  : black;
-	padding    : 4px 10px; /*Adjusted by langauge files*/
-	font-size  : .9em;     /*Adjusted by langauge files*/
+	padding    : 4px 7px 4px 7px; /*Adjusted by langauge files*/
+	font-size  : .9em;            /*Adjusted by langauge files*/
 	font-family: sans-serif;
-	background-color: #EEE;  /*#d4d4d4*/
+	background-color: #EEE;
 	}
 
 .button:active    { background-color: rgb(245,245,50); }                  /*first                 */
 .button[disabled] { color: #777; background-color: #EEE; cursor: default} /*second - order matters*/
 
+#renamefile_btn {padding: 2px 7px 4px 7px;}
+
 
 /* --- header --- */
 
@@ -3785,14 +3781,18 @@ function style_sheet(){ //******************************************************
 .edit_disabled {
 	border : 1px solid #777;
 	width  : 99%;
+	height : 35em;
 	padding: .2em;
 	margin : .5em 0 .6em 0;
-	color  : #333;
+	color  : #222;
 	background-color: #FFF000;
 	line-height: 1.4em;
+	white-space: pre-wrap;
+	word-wrap: break-word;
+	overflow: auto;
 	}
 
-.view_file { font: .9em Courier; background-color: #F8F8F8; overflow:hidden}
+.view_file { font: .9em Courier; background-color: #F8F8F8; }
 
 #file_editor {
 	border: 1px solid #999;
@@ -3802,7 +3802,7 @@ function style_sheet(){ //******************************************************
 	height: 32em;
 	}
 
-#file_editor:focus { border: 1px solid #Fdd; }
+#file_editor:focus { border: 1px solid #000; }
 
 .file_meta	{ float: left; margin-top: .6em; font-size: .95em; color: #222; }
 
@@ -3881,9 +3881,7 @@ function style_sheet(){ //******************************************************
 
 .clear {clear:both; padding: 0; margin: 0; border: none}
 
-.web_root { border: 0px solid  #777; border-right: none; font: 1em Courier; padding: 1px; }
-
-.icon {float: left;}
+.web_root { border: 1px solid  #777; border-right: none; font: 1em Courier; padding: 1px; background-color: #EEE;}
 
 .mono {font-family: courier;}
 
@@ -3908,7 +3906,8 @@ function style_sheet(){ //******************************************************
 .edit_btns_bottom .RCD { padding-left: 5px; padding-right: 6px; }
 .edit_btns_bottom svg  { padding : 0 4px 0 0; }
 
-input[type="text"].new_name {width  : 50%; margin-bottom: .2em;}
+input[type="text"]#new_name {width  : 50%; margin-bottom: .2em;}
+#new_location {border-left: none;}
 
 #del_backup   { margin: 0; padding: 2px 5px}
 
@@ -3959,8 +3958,8 @@ function Language_and_config_adjusted_styles() { //*****************************
 .container { width: <?php echo $MAIN_WIDTH ?>; } /*Default 810px*/
 
 .button {
-	padding  : <?php echo $_['button_padding']   ?>; /*Default 4px 10px */
-	font-size: <?php echo $_['button_font_size'] ?>; /*Default .9em     */
+	padding  : <?php echo $_['button_padding']   ?>; /*Default 4px 7px 4px 7px */
+	font-size: <?php echo $_['button_font_size'] ?>; /*Default .9em */
 	}
 
 .front_links a {
@@ -4020,11 +4019,6 @@ function Load_style_sheet(){ //*************************************************
 
 	undo_magic_quotes();
 
-	//Set current $EDIT_MODE & text for Edit page [Edit WYSIWIG/Source] button
-	if ( $WYSIWYG_VALID && isset($_COOKIE['edit_mode']) && ($_COOKIE['edit_mode'] == '1')) {
-		   $EDIT_MODE = '1'; $ON_OFF_label = $_['Source']; }
-	else { $EDIT_MODE = '0'; $ON_OFF_label = $_['WYSIWYG']; }
-
 	Init_ICONS();
 
 	Get_GET();
@@ -4033,6 +4027,10 @@ function Load_style_sheet(){ //*************************************************
 
 	Valid_Path($ipath, true);
 
+	Validate_params();
+
+	Init_Macros(); //Needs to be after Get_Get()/Validate_params()/Valid_Path()
+
 	//$ACCESS_ROOT.$ACCESS_PATH == $ipath
 	$ipath_len = mb_strlen($ipath);
 	$ACCESS_PATH = '';
@@ -4040,10 +4038,6 @@ function Load_style_sheet(){ //*************************************************
 		$ACCESS_PATH = trim(mb_substr($ipath, $ACCESS_ROOT_len), ' /').'/';
 	}
 
-	Validate_params();
-
-	Init_Macros(); //Needs to be after Get_Get()/Validate_params()/Valid_Path()
-
 	Respond_to_POST();
 
 	Verify_Page_Conditions(); //Must come after Respond_to_POST()
@@ -4091,7 +4085,7 @@ function Load_style_sheet(){ //*************************************************
 
 if ($_SESSION['valid'] && $Show_Path) { Current_Path_Header(); }
 
-message_box();
+echo '<div id="message_box"></div>';
 
 Load_Selected_Page();
 
@@ -4111,6 +4105,8 @@ function Load_style_sheet(){ //*************************************************
 echo '</div>'; //end container/login_page
 echo '</body></html>';
 
-if ( ($page == "edit") && $WYSIWYG_VALID && ($EDIT_MODE == 1) ) { include($WYSIWYG_PLUGIN_OS); }
+if ( ($page == "edit") && $WYSIWYG_VALID && $EDIT_WYSIWYG ) { include($WYSIWYG_PLUGIN_OS); }
 
+//Display any $message's
+if ($message != '') {echo '<script>Display_Messages(\''.addslashes($message).'\');</script>';}
 //END OF FILE ##################################################################
\ No newline at end of file
diff --git a/readme.markdown b/readme.markdown
index 0117a31..4f101f0 100755
--- a/readme.markdown
+++ b/readme.markdown
@@ -57,9 +57,9 @@ I may not have the time/bandwidth/inclination to implement every feature, but I
 
 ### Multi-Language Support?
 
-Yes!  Currently, English (EN), German (DE), Spanish (ES), Dutch (NL), and Russian (RU) are available.
+Yes!  While English (EN) is the default - German (DE), Spanish (ES), Dutch (NL), and Russian (RU) are also available.
+
 
-- English courtesy of me.
 - German (Deutsch) courtesy of [codeless](http://github.com/codeless).
 - Spanish (Espanõla) courtesy of [fermuch](http://github.com/fermuch).
 - Dutch (Nederlands) courtesy of [symsec](http://github.com/symsec).  
@@ -120,7 +120,6 @@ OneFileCMS can be configured to work with [TinyMCE](http://tinymce.moxiecode.com
 
 - As of v3.4.23, doesn't work in IE.  It seems IE doesn't support changing the innerHTML of some tags.  OneFile builds the directory in javascript, then displays it by changing the innerHTML of a &lt;tbody> tag of an existing &lt;table>.  And, since the alternative/fix/workaround would be a whole bunch more work, IE is currently not supported.  
 - With Chrome, and possibly Safari, issue with Edit page: Clicking browser [back] & then browser [forward],  with file changed and not saved. On return (after [forward] clicked), file still has changes, but indicators are green (saved/unchanged). Does not affect FF 7+ or IE 8+.
-- Issue with Chrome's XSS filter: Editing some legitimate files with OneFileCMS will trigger the filter and disable much of the javascript provided functionallity, but only while on the edit page with such a file, and only after a [Save].
 - The connection is not encrypted (doesn't use SSL), so passwords & usernames are sent in clear text* during login.  However, this is true of most online login systems, unless SSL or the like is employed.  
   *As of version 3.4.15, a client-side hash of the user's "plain-text" password is sent to the server.  So, while this client-side hash is still a "plain-text" password as far as the server is concerned, the user's raw password is protected from immediate exposure.
 - Be aware that only some very basic data & error checking is performed.  (But, it's getting better...)  

From c5587981a5c537aee04b24a2085eb84d36919071 Mon Sep 17 00:00:00 2001
From: Self-Evident <selfevidenttruths@mail.com>
Date: Tue, 18 Mar 2014 12:52:00 -0400
Subject: [PATCH 186/228] Version 3.5.07 Just removed some developemental
 comments so version shows in header.

---
 onefilecms.php | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/onefilecms.php b/onefilecms.php
index 44886be..91ed5c7 100755
--- a/onefilecms.php
+++ b/onefilecms.php
@@ -1,9 +1,9 @@
 <?php mb_internal_encoding('utf-8');  $message = ""; //initialize here so can .= at any point later.
 
 // OneFileCMS - github.com/Self-Evident/OneFileCMS
-$VERS_ext = explode('_',basename($_SERVER['SCRIPT_NAME']));        //##### 
-$VERS     = substr($VERS_ext[1],0, strrpos($VERS_ext[1], '.php')); //##### $OFCMS_version = '3.5.07';
-$OFCMS_version = '<font color="red"><b>'.$VERS.'</b></font>';      //##### 
+
+$OFCMS_version = '3.5.07';
+
 /*******************************************************************************
 Except where noted otherwise:
 
@@ -3238,7 +3238,7 @@ function Edit_Page_scripts() { //***********************************************
 ?>
 <!--======== Provide feedback re: unsaved changes ========-->
 <script>
-var onclick_params = '<?php echo $ONESCRIPT.$param1.'&f='.basename($filename).'&p=' ?>'; //#####
+var onclick_params = '<?php echo $ONESCRIPT.$param1.'&f='.basename($filename).'&p=' ?>';
 
 var Main_div		   = document.getElementById('main');
 var File_textarea      = document.getElementById('file_editor');

From d01d963c8e252cf04940b1749d5d20e853dc5d61 Mon Sep 17 00:00:00 2001
From: Self-Evident <selfevidenttruths@mail.com>
Date: Fri, 21 Mar 2014 14:00:00 -0400
Subject: [PATCH 187/228] Version 3.5.08 Removed "cancelled" $message from
 Cancel_Submit_Buttons() Create_Table_for_Listing(): removed onclicks from
 html attribs. New: Index_Page_onclicks() assigns onclicks for
 Create_Table_for_Listing().   ( Called at end of Index_Page() )
 Edit_Page_buttons(): removed some unused global references. FileTimeStamp():
 localized a couple variables. Assemble_row(): some minor css cleanup & var
 renames Build_Directory(): Some general variable usage/readability
 improvments.

---
 extras/OneFileCMS.css         |  33 ++++---
 info/OneFileCMS_structure.txt |   3 +-
 info/changelog.markdown       |   6 ++
 onefilecms.php                | 168 +++++++++++++++++++++-------------
 readme.markdown               |   6 +-
 5 files changed, 139 insertions(+), 77 deletions(-)

diff --git a/extras/OneFileCMS.css b/extras/OneFileCMS.css
index 7bbf969..52c3510 100755
--- a/extras/OneFileCMS.css
+++ b/extras/OneFileCMS.css
@@ -1,5 +1,5 @@
 /*******************************************************************************
-Sample, OPTIONAL, external style sheet for OneFileCMS v3.5.07
+Sample, OPTIONAL, external style sheet for OneFileCMS v3.5.08
 *******************************************************************************/
 
 /* --- reset --- */
@@ -119,15 +119,13 @@ button:active { background-color: rgb(245,245,50);  border-color: #333;}
 
 /*** Select All [x] ***/
 #select_all_th { min-width: 60px ; max-width: 70px; text-align: right; padding:  0 0 0 0; } /*TRBL*/
-#select_all {margin: 3px 0 0 0;}  /*checkbox*/
+#select_all {margin: 3px 0 0 0; cursor : pointer;}  /*checkbox*/
 #select_all_label { 
 	font   : 400 .84em arial;
 	color  : #333;
-	cursor : pointer;
 	border-right: solid transparent 1px;
-	Xdisplay: inline-block;     /* //#### when select all was above table, not in it*/
-	Xwidth  : 72px;			    /* //#### when select all was above table, not in it*/
 	padding: 3px 2px 2px 2px;
+	cursor : pointer;
 	}
 
 #select_all_label:hover  { border-left: 1px solid #777; background-color: rgb(255,250,150); }
@@ -138,20 +136,27 @@ button:active { background-color: rgb(245,245,50);  border-color: #333;}
 .ckbox {padding: 2px 4px 0 4px}
 .ckbox:focus { background-color: rgb(255,250,150); }
 .ckbox:hover { background-color: rgb(255,250,150); }
+.select_file {cursor : pointer;}
 
 
 /*** [x] Folders First ***/
-#folders_first_ckbox {margin: 3px 0 0px 4px;}
+#folders_first_ckbox {margin: 3px 0 0px 4px;cursor : pointer;}
 #folders_first_label {
 	border: solid 1px transparent;
 	font-size: .9em;
 	font-weight: normal;
 	color: #333; margin: 0;
 	padding: 3px 0 2px 0;
+	cursor : pointer;
 }
 
-#folders_first_label:hover {border: solid 1px #777; background-color: rgb(255,250,150); cursor:pointer;}
-#folders_first_label:focus {border: solid 1px #777; background-color: rgb(255,250,150);}
+#folders_first_label:hover {
+	border            : solid 1px #777;
+	background-color  : rgb(255,250,150);
+	cursor            : pointer;
+	border-left-color : silver;
+	border-right-color: silver;
+}
 
 
 /* --- Directory Listing --- */
@@ -175,11 +180,17 @@ table.index_T th:hover { background-color: white;}
 
 .index_T th.file_name   { text-align: left; }
 .index_T th.file_name a { display: inline-block; padding: 2px 3em 2px 2em; border-top-width: 0px; border-bottom-width: 0px;}
-#name_header {border-width: 0 1px 0 1px;}
+
+#header_filename       {border-width: 0 1px 0 1px;}
+#header_filename:hover {border-color: silver;}
+#header_filename:focus {border-color: silver;}
+
 .index_T th.file_size a { display  : block; padding: 2px 0 2px 0; }
 .index_T th.file_time a { display  : block; padding: 2px 0 2px 0; }
-#sort_type {float: right; padding: 1px 5px 3px 4px; border-width: 0px 0 0 1px;}
 
+#sort_type       {float: right; padding: 1px 5px 3px 4px; border-width: 0px 0 0 1px;}
+#sort_type:hover {border-color: silver;}
+#sort_type:focus {border-color: silver;}
 
 .file_name { min-width: 10em; max-width: 26em; }
 .file_size { min-width:  6em; padding-left: 10px; }
@@ -430,4 +441,4 @@ input[type="text"]#new_name {width  : 50%; margin-bottom: .2em;}
 
 #path_header a:hover  { border-left : solid 1px #777; border-right: solid 1px #777; background-color: rgb(255,250,150); }
 #path_header a:focus  { border-left : solid 1px #777; border-right: solid 1px #777; background-color: rgb(255,250,150); }
-#path_header a:active { border-left : solid 1px #777; border-right: solid 1px #777; background-color: rgb(255,250,150); }
+#path_header a:active { border-left : solid 1px #777; border-right: solid 1px #777; background-color: rgb(245,245,50); }
diff --git a/info/OneFileCMS_structure.txt b/info/OneFileCMS_structure.txt
index b59b338..c0c8443 100755
--- a/info/OneFileCMS_structure.txt
+++ b/info/OneFileCMS_structure.txt
@@ -1,4 +1,4 @@
-OneFileCMS Version 3.5.07 structure/layout
+OneFileCMS Version 3.5.08 structure/layout
 
 LICENSE
 
@@ -97,6 +97,7 @@ JAVASCRIPT FUNCTIONS:
 		Start_Countdown()
 		FileTimeStamp()
 		Display_Messages()
+	Index_Page_onclicks()
 	Index_Page_scripts()
 		Sort_FOlder_First()
 		sort_DIRECTORY()
diff --git a/info/changelog.markdown b/info/changelog.markdown
index d7f9cc8..f7a3b3b 100755
--- a/info/changelog.markdown
+++ b/info/changelog.markdown
@@ -1,5 +1,11 @@
 # OneFileCMS Change Log
 
+### v3.5.08 (2014-03-21)
+
+- Mostly just some code improvements/cleanup.
+- ...and css...
+
+
 ### v3.5.07 (2014-03-15)
 
 - Removed ability for OneFileCMS to edit itself - it is too risky an option.  If needed, make a copy & edit it.
diff --git a/onefilecms.php b/onefilecms.php
index 91ed5c7..ae1eb19 100755
--- a/onefilecms.php
+++ b/onefilecms.php
@@ -2,7 +2,7 @@
 
 // OneFileCMS - github.com/Self-Evident/OneFileCMS
 
-$OFCMS_version = '3.5.07';
+$OFCMS_version = '3.5.08';
 
 /*******************************************************************************
 Except where noted otherwise:
@@ -561,7 +561,7 @@ function Convert_encoding($string, $to_enc = "") { //***************************
 function Session_Startup() { //*************************************************
 	global $SESSION_NAME, $page, $VALID_POST;
 
-	$limit    = 0; //0 = session.
+	$limit    =  0; //0 = session.
 	$path     = '';
 	$domain   = ''; // '' = hostname
 	$https    = false;
@@ -763,7 +763,7 @@ function Validate_params() { //*************************************************
 
 function Valid_Path($path, $gotoroot=true) { //*********************************
 	//$gotoroot: if true, return to index page of $ACCESS_ROOT.
-	global  $ipath, $ipath_OS, $filename, $page, $param1, $param2, $param3, $ACCESS_ROOT, $ACCESS_ROOT_len, $message;
+	global  $ipath, $ipath_OS, $filename, $param1, $param2, $param3, $ACCESS_ROOT, $ACCESS_ROOT_len, $message;
 	
 	//Limit access to the folder $ACCESS_ROOT:
 	//$ACCESS_ROOT = some/root/path/
@@ -778,7 +778,7 @@ function Valid_Path($path, $gotoroot=true) { //*********************************
 	$good_path = false;
 
 	if ($_SESSION['admin_page']) {
-		//Permit Admin actions: changing p/w, u/n, editing OneFile...
+		//Permit Admin actions: changing p/w, u/n, viewing OneFile...
 		$ACCESS_ROOT == '';
 		return true;
 	}
@@ -1203,10 +1203,10 @@ function Cancel_Submit_Buttons($submit_label) { //******************************
 	//$submit_label = Rename, Copy, Delete, etc...
 	global $_, $ONESCRIPT, $ipath, $param1, $param2, $page;
 
-	$params = $param1.$param2.'&amp;p='. $_SESSION['recent_pages'][1];
+	$params = $param1.$param2.'&amp;p='. $_SESSION['recent_pages'][1]; //.'&amp;m='.hsc($_['cancelled']) not sure I like this.
 ?>
 	<p>
-	<button type="button" class="button" id="cancel" onclick="parent.location = '<?php echo $ONESCRIPT.$params.'&amp;m='.$page ?>%20<?php echo hsc($_['cancelled']) ?>'">
+	<button type="button" class="button" id="cancel" onclick="parent.location = '<?php echo $ONESCRIPT.$params ?>'">
 		<?php echo hsc($_['Cancel']) ?></button>
 	<button type="submit" class="button" id="submitty" style="margin-left: 1em;"><?php echo hsc($submit_label);?></button>
 	<script>document.getElementById("cancel").focus();</script>
@@ -1772,7 +1772,7 @@ function Login_response() { //**************************************************
 function Create_Table_for_Listing() { //****************************************
 	global$_;
 
-	//Header row: | Select All|[ ]|[ ](folders first)       Name      [ext]  |   Size   |    Date    |
+	//Header row: | Select All|[ ]|[X](folders first)      Name      (ext) |   Size   |    Date    |
 	
 	//<input hidden> is a dummy input to make sure files[] is always an array for Select_All() & Confirm_Ready().
 ?>
@@ -1784,22 +1784,18 @@ function Create_Table_for_Listing() { //****************************************
 	<th colspan=3 id="select_all_th">
 		<LABEL for=select_all id=select_all_label><?php echo hsc($_['Select_All']) ?></LABEL></th>
 	<th class="ckbox">
-		<INPUT TYPE=checkbox NAME=select_all id=select_all VALUE=select_all onclick="Select_All();"></th>
+		<INPUT TYPE=checkbox id=select_all NAME=select_all VALUE=select_all></th>
 	<th class="file_name ckbox" style="">
-		<a href="#" onclick="Sort_and_Show(5, FLIP_IF);return false" id=sort_type  >(<?php echo hsc($_['ext']) ?>)</a>
-		<?php $ffparams = 'TYPE=checkbox NAME=folder_first id=folders_first_ckbox VALUE=folders_first checked'?>
-		<INPUT <?php echo $ffparams ?> onclick="Sort_and_Show(SORT_by, SORT_order);">
+		<a href="#" id=sort_type>(<?php echo hsc($_['ext']) ?>)</a>
+		<INPUT TYPE=checkbox id=folders_first_ckbox NAME=folder_first VALUE=folders_first checked>
 		<label for=folders_first_ckbox id=folders_first_label title="<?php  echo hsc($_['folders_first_info']) ?>">
 			(<?php echo hsc($_['folders_first']) ?>)
-		</label>
-		<a href="#" onclick="Sort_and_Show(1, FLIP_IF);return false" id=name_header><?php echo hsc($_['Name']) ?></a></th>
-	<th class="file_size">
-		<a href="#" onclick="Sort_and_Show(2, FLIP_IF);return false"><?php echo hsc($_['Size']) ?></a></th>
-	<th class="file_time">
-		<a href="#" onclick="Sort_and_Show(3, FLIP_IF);return false"><?php echo hsc($_['Date']) ?></a></th>
+		</label>		  <a href="#" id=header_filename><?php echo hsc($_['Name']) ?></a></th>
+	<th class="file_size"><a href="#" id=header_filesize><?php echo hsc($_['Size']) ?></a></th>
+	<th class="file_time"><a href="#" id=header_filedate><?php echo hsc($_['Date']) ?></a></th>
 	</tr>
 
-	<?php //For directory content. Will insert the list later. (same for footer...) ?>
+	<?php //Directory & footer content will be inserted later. ?>
 	<tbody id=DIRECTORY_LISTING></tbody>
 	<tr    id=DIRECTORY_FOOTER></tr>
 	</table>
@@ -1955,6 +1951,8 @@ function Index_Page(){ //*******************************************************
 	echo "</form>\n";
 
 	Send_data_to_js_and_display();
+
+	Index_Page_onclicks();
 }//end Index_Page() //**********************************************************
 
 
@@ -2019,7 +2017,7 @@ function Edit_Page_buttons_top($text_editable,$file_ENC){ //********************
 
 
 function Edit_Page_buttons($text_editable, $too_large_to_edit) { //*************
-	global $_, $message, $ICONS, $ONESCRIPT, $param1, $param2, $MAX_IDLE_TIME, $IS_OFCMS, $WYSIWYG_VALID, $EDIT_WYSIWYG;
+	global $_, $message, $ICONS, $MAX_IDLE_TIME, $IS_OFCMS, $WYSIWYG_VALID, $EDIT_WYSIWYG;
 
 	//Using ckeditor WYSIWYG editor, <input type=reset> button doesn't work. (I don't know why.)
 	$reset_button = '<input type=reset class=button value="'.hsc($_['reset']).'" onclick="return Reset_File();" id="reset">';
@@ -2034,7 +2032,7 @@ function Edit_Page_buttons($text_editable, $too_large_to_edit) { //*************
 		}//end if editable
 		
 		function RCD_button($action, $icon, $label){ //***************
-			global $ONESCRIPT, $param1, $param2, $ICONS;
+			global $ICONS;
 			echo '<button type=button id="'.$action.'_btn" class="button RCD">'.$ICONS[$icon].'&nbsp;'.hsc($label).'</button>';
 		}//end RCD_button() //****************************************
 		
@@ -2794,9 +2792,9 @@ function pad(num){ if ( num < 10 ){ num = "0" + num; }; return num; }
 
 
 
-//A basic htmlspecialchars()
 function hsc(text) { //***********************************************
-  return text
+	//A basic htmlspecialchars()
+	return text
       .replace(/&/g, "&amp;")
       .replace(/</g, "&lt;")
       .replace(/>/g, "&gt;")
@@ -2926,8 +2924,8 @@ function FileTimeStamp(php_filemtime, show_date, show_offset, write_return){
 	var offset_MINS  = pad( NEG * (GMT_offset % 60) );
 	var offset_FULL  = "UTC " + SIGN + offset_HOURS + ":" + offset_MINS;
 
-	FULLDATE = YEAR + "-" + MONTH + "-" + DATE;
-	FULLTIME = HOURS + ":" + MINS + ":" + SECS + " " + AMPM;
+	var FULLDATE = YEAR + "-" + MONTH + "-" + DATE;
+	var FULLTIME = HOURS + ":" + MINS + ":" + SECS + " " + AMPM;
 
 	var               DATETIME = FULLTIME;
 	if (show_date)  { DATETIME = FULLDATE + " &nbsp;" + FULLTIME;}
@@ -2956,6 +2954,29 @@ function Display_Messages($message) { //******************************
 
 
 
+function Index_Page_onclicks() { //*********************************************
+?>
+<script>
+var Select_All_ckbox	= document.getElementById('select_all');
+var Sort_Type			= document.getElementById('sort_type');
+var Folders_First_Ckbox = document.getElementById('folders_first_ckbox');
+var Header_Filename		= document.getElementById('header_filename');
+var Header_Filesize		= document.getElementById('header_filesize');
+var Header_Filedate		= document.getElementById('header_filedate');
+
+Select_All_ckbox.onclick	 = function () {Select_All();}
+Folders_First_Ckbox.onclick  = function () {Sort_and_Show(SORT_by, SORT_order);}
+Header_Filename.onclick  = function () {Sort_and_Show(1, FLIP_IF); return false;}
+Header_Filesize.onclick  = function () {Sort_and_Show(2, FLIP_IF); return false;}
+Header_Filedate.onclick  = function () {Sort_and_Show(3, FLIP_IF); return false;}
+Sort_Type.onclick		 = function () {Sort_and_Show(5, FLIP_IF); return false;}
+</script>
+<?php
+}//end Index_Page_onclicks() //*************************************************
+
+
+
+
 function Index_Page_scripts() { //**********************************************
 	global $_, $ONESCRIPT, $param1, $ipath;
 ?>
@@ -3056,29 +3077,29 @@ function sort_DIRECTORY(col, direction) { //**************************
 
 
 //********************************************************************
-function Assemble_row(x, HREF_params, f_or_f, filename, file_name, time_stamp, file_size){
+function Assemble_row(x, HREF_params, f_or_f, filename, file_name, file_time, file_size){
 	var TABLE_ROW = '';
-		
+
 	//Assemble cell contents: [move] [copy] [delete] [x] <a>file name</a> etc...
 	var ren_mov = '<a href="' + HREF_params + '&amp;p=rename' + f_or_f + '" title="<?php echo hsc($_['Ren_Move']) ?>">' + ICONS['ren_mov'] + '</a>';
 	var copy    = '<a href="' + HREF_params + '&amp;p=copy'   + f_or_f + '" title="<?php echo hsc($_['Copy'])     ?>">' + ICONS['copy']    + '</a>';
 	var del     = '<a href="' + HREF_params + '&amp;p=delete' + f_or_f + '" title="<?php echo hsc($_['Delete'])   ?>">' + ICONS['delete']  + '</a>';
-	var checkbox = '<div class="ckbox"><INPUT TYPE=checkbox NAME="files[]"  VALUE="'+ hsc(filename) +'"></div>';
-		
+	var checkbox = '<div class="ckbox"><INPUT TYPE=checkbox class=select_file NAME="files[]"  VALUE="'+ hsc(filename) +'"></div>';
+
 	//Don't show remove, delete, or checkbox options for active copy of OneFileCMS.
 	var IS_OFCMS = DIRECTORY_DATA[x][4];
 	if (IS_OFCMS) { ren_mov = del = checkbox = ''; }
-		
+
 	TABLE_ROW += "<tr>";
-	TABLE_ROW += '<td class="RCD">' + ren_mov  + '</td>';
-	TABLE_ROW += '<td class="RCD">' + copy     + '</td>';
-	TABLE_ROW += '<td class="RCD">' + del      + '</td>';
-	TABLE_ROW += '<td class=""   >' + checkbox + '</td>';
+	TABLE_ROW += '<td>' + ren_mov  + '</td>';
+	TABLE_ROW += '<td>' + copy     + '</td>';
+	TABLE_ROW += '<td>' + del      + '</td>';
+	TABLE_ROW += '<td>' + checkbox + '</td>';
 	TABLE_ROW += '<td class="file_name"       >' + file_name  + '</td>';
 	TABLE_ROW += '<td class="meta_T file_size">' + file_size  + '</td>';
-	TABLE_ROW += '<td class="meta_T file_time">' + time_stamp + '</td>';
+	TABLE_ROW += '<td class="meta_T file_time">' + file_time + '</td>';
 	TABLE_ROW += "</tr>\n";
-		
+
 	return TABLE_ROW;
 }//end Assemble_row() //**********************************************
 
@@ -3116,36 +3137,48 @@ function Directory_Summary() { //*************************************
 function Build_Directory() { //***************************************
 	//Build data from DIRECTORY_DATA into a set of <tr>'s
 
+	//raw directory info
 	var DIRECTORY_LIST	= "";
 	var filetype    = '';
-	var filename = file_name = time_stamp = '';
+	var filename	= '';
 	var filesize    =  0;
+	var filetime	= '';
+
+	//formatted and/or marked up directory info
+	var file_name	= '';
+	var file_size   = '';
+	var file_time	= '';
+	
+	var DS          = ''; // ' /' for folders, blank otherwise.
+	var f_or_f      = ''; // 'file' or 'folder'
+	var HREF_params = ''; // <a href=HREF_params>file_name</a>
 
 	for (var x=0; x < DIRECTORY_DATA.length; x++) {
 		
 		filetype = DIRECTORY_DATA[x][0];
 		filename = DIRECTORY_DATA[x][1];
 		filesize = DIRECTORY_DATA[x][2];
+		filetime = DIRECTORY_DATA[x][3]
 		
 		//folder or file?  And file_size
 		if (filetype == "dir"){
-			var DS = ' /';         // ' /' for folders, blank otherwise.
-			var f_or_f = 'folder'; // 'file' or 'folder'
-			var HREF_params = ONESCRIPT + PARAM1 + encodeURIComponent(filename);
-			var file_size = '';
+			DS           = ' /';
+			f_or_f       = 'folder';
+			HREF_params  = ONESCRIPT + PARAM1 + encodeURIComponent(filename);
+			file_size    = '';
 		} else {
-			var DS = '';
-			var f_or_f = 'file';
-			var HREF_params = ONESCRIPT + PARAM1 + '&amp;f=' + encodeURIComponent(filename);
-			var file_size = format_number(filesize) + ' B';
+			DS           = '';
+			f_or_f       = 'file';
+			HREF_params  = ONESCRIPT + PARAM1 + '&amp;f=' + encodeURIComponent(filename)  + '&amp;p=edit';
+			file_size    = format_number(filesize) + ' B';
 		}
 		
-		file_name  = '<a href="' + HREF_params  + '&amp;p=edit"';
+		file_name  = '<a href="' + HREF_params + '"';
 		file_name += ' title="<?php echo hsc($_['Edit_View']) ?>: ' + hsc(filename) + '" >';
 		file_name += ICONS[filetype] + '&nbsp;' + hsc(filename) + DS + '</a>';
-		time_stamp = FileTimeStamp(DIRECTORY_DATA[x][3], 1, 0, 0);
+		file_time  = FileTimeStamp(filetime, 1, 0, 0);
 		
-		DIRECTORY_LIST += Assemble_row(x, HREF_params, f_or_f, filename, file_name, time_stamp, file_size)
+		DIRECTORY_LIST += Assemble_row(x, HREF_params, f_or_f, filename, file_name, file_time, file_size)
 		
 	}//end for x
 
@@ -3233,8 +3266,8 @@ function Edit_Page_scripts() { //***********************************************
 	$WYSIWYG_onclick = "parent.location = onclick_params + 'edit'; ".$set_cookie;
 
 	//For [Close] button
-	$close_params = $ONESCRIPT.$param1;                             //If came from admin page, return there.
-	if ( $_SESSION['admin_page'] ) { $close_params .= '&p=admin'; } //##### But, as of 3.5.07, does this occur?
+	$close_params = $ONESCRIPT.$param1;
+	if ( $_SESSION['admin_page'] ) { $close_params .= '&p=admin'; } //If came from admin page, return there.
 ?>
 <!--======== Provide feedback re: unsaved changes ========-->
 <script>
@@ -3485,7 +3518,7 @@ function js_hash_scripts() { //*************************************************
  * A JavaScript implementation of SHA-256, as defined in FIPS 180-2
  * Version 2.2 Copyright Angel Marin, Paul Johnston 2000 - 2009.
  * Other contributors: Greg Holt, Andrew Kepert, Ydnar, Lostinet
- * Distributed under the BSD License
+ * Distributed under the BSD License 
  * See http://pajhome.org.uk/crypt/md5 for details.
  * Also http://anmar.eu.org/projects/jssha2/
  */
@@ -3494,7 +3527,7 @@ function js_hash_scripts() { //*************************************************
 
 
 <script>
-//OneFileCMS wrapper function for using hex_sha256() functions
+//OneFileCMS wrapper function for using the hex_sha256() functions
 function hash($element_id) {
 	var $input = document.getElementById($element_id);
 	var $hash = trim($input.value); //trim() defined in common_scripts()
@@ -3631,15 +3664,13 @@ function style_sheet(){ //******************************************************
 
 /*** Select All [x] ***/
 #select_all_th { min-width: 60px ; max-width: 70px; text-align: right; padding:  0 0 0 0; } /*TRBL*/
-#select_all {margin: 3px 0 0 0;}  /*checkbox*/
+#select_all {margin: 3px 0 0 0; cursor : pointer;}  /*checkbox*/
 #select_all_label { 
 	font   : 400 .84em arial;
 	color  : #333;
-	cursor : pointer;
 	border-right: solid transparent 1px;
-	Xdisplay: inline-block;     /* //#### when select all was above table, not in it*/
-	Xwidth  : 72px;			    /* //#### when select all was above table, not in it*/
 	padding: 3px 2px 2px 2px;
+	cursor : pointer;
 	}
 
 #select_all_label:hover  { border-left: 1px solid #777; background-color: rgb(255,250,150); }
@@ -3650,20 +3681,27 @@ function style_sheet(){ //******************************************************
 .ckbox {padding: 2px 4px 0 4px}
 .ckbox:focus { background-color: rgb(255,250,150); }
 .ckbox:hover { background-color: rgb(255,250,150); }
+.select_file {cursor : pointer;}
 
 
 /*** [x] Folders First ***/
-#folders_first_ckbox {margin: 3px 0 0px 4px;}
+#folders_first_ckbox {margin: 3px 0 0px 4px;cursor : pointer;}
 #folders_first_label {
 	border: solid 1px transparent;
 	font-size: .9em;
 	font-weight: normal;
 	color: #333; margin: 0;
 	padding: 3px 0 2px 0;
+	cursor : pointer;
 }
 
-#folders_first_label:hover {border: solid 1px #777; background-color: rgb(255,250,150); cursor:pointer;}
-#folders_first_label:focus {border: solid 1px #777; background-color: rgb(255,250,150);}
+#folders_first_label:hover {
+	border            : solid 1px #777;
+	background-color  : rgb(255,250,150);
+	cursor            : pointer;
+	border-left-color : silver;
+	border-right-color: silver;
+}
 
 
 /* --- Directory Listing --- */
@@ -3687,11 +3725,17 @@ function style_sheet(){ //******************************************************
 
 .index_T th.file_name   { text-align: left; }
 .index_T th.file_name a { display: inline-block; padding: 2px 3em 2px 2em; border-top-width: 0px; border-bottom-width: 0px;}
-#name_header {border-width: 0 1px 0 1px;}
+
+#header_filename       {border-width: 0 1px 0 1px;}
+#header_filename:hover {border-color: silver;}
+#header_filename:focus {border-color: silver;}
+
 .index_T th.file_size a { display  : block; padding: 2px 0 2px 0; }
 .index_T th.file_time a { display  : block; padding: 2px 0 2px 0; }
-#sort_type {float: right; padding: 1px 5px 3px 4px; border-width: 0px 0 0 1px;}
 
+#sort_type       {float: right; padding: 1px 5px 3px 4px; border-width: 0px 0 0 1px;}
+#sort_type:hover {border-color: silver;}
+#sort_type:focus {border-color: silver;}
 
 .file_name { min-width: 10em; max-width: 26em; }
 .file_size { min-width:  6em; padding-left: 10px; }
@@ -3942,7 +3986,7 @@ function style_sheet(){ //******************************************************
 
 #path_header a:hover  { border-left : solid 1px #777; border-right: solid 1px #777; background-color: rgb(255,250,150); }
 #path_header a:focus  { border-left : solid 1px #777; border-right: solid 1px #777; background-color: rgb(255,250,150); }
-#path_header a:active { border-left : solid 1px #777; border-right: solid 1px #777; background-color: rgb(255,250,150); }
+#path_header a:active { border-left : solid 1px #777; border-right: solid 1px #777; background-color: rgb(245,245,50); }
 
 </style>
 <?php
@@ -4109,4 +4153,4 @@ function Load_style_sheet(){ //*************************************************
 
 //Display any $message's
 if ($message != '') {echo '<script>Display_Messages(\''.addslashes($message).'\');</script>';}
-//END OF FILE ##################################################################
\ No newline at end of file
+//##### END OF FILE ############################################################
\ No newline at end of file
diff --git a/readme.markdown b/readme.markdown
index 4f101f0..21423c1 100755
--- a/readme.markdown
+++ b/readme.markdown
@@ -100,8 +100,8 @@ OneFileCMS can be configured to work with [TinyMCE](http://tinymce.moxiecode.com
   (Only tested on versions 5.2.8, 5.2.17, 5.3.3, and 5.4 + )
 - File permission privileges on your host.
 - A Javascript enabled browswer.
-- Most modern browsers probably work, but I only test on Firefox and Chrome.  
-  IE is currently a no go, as of v3.4.23. [v3.4.22 is available here](http://self-evident.github.com/OneFileCMS/onefilecms_3.4.22.zip)
+- Most* modern browsers probably work, but I only test on Firefox and Chrome.  
+  *IE, however, is currently a no go, as of OneFileCMS v3.4.23. [v3.4.22 is available here](http://self-evident.github.com/OneFileCMS/onefilecms_3.4.22.zip)
 - And- but only if you wish to see the icons- a browser that supports inline SVG.  
   (If your browser doesn't support inline SVG, OneFileCMS will still work, just without any icons.)
 
@@ -121,7 +121,7 @@ OneFileCMS can be configured to work with [TinyMCE](http://tinymce.moxiecode.com
 - As of v3.4.23, doesn't work in IE.  It seems IE doesn't support changing the innerHTML of some tags.  OneFile builds the directory in javascript, then displays it by changing the innerHTML of a &lt;tbody> tag of an existing &lt;table>.  And, since the alternative/fix/workaround would be a whole bunch more work, IE is currently not supported.  
 - With Chrome, and possibly Safari, issue with Edit page: Clicking browser [back] & then browser [forward],  with file changed and not saved. On return (after [forward] clicked), file still has changes, but indicators are green (saved/unchanged). Does not affect FF 7+ or IE 8+.
 - The connection is not encrypted (doesn't use SSL), so passwords & usernames are sent in clear text* during login.  However, this is true of most online login systems, unless SSL or the like is employed.  
-  *As of version 3.4.15, a client-side hash of the user's "plain-text" password is sent to the server.  So, while this client-side hash is still a "plain-text" password as far as the server is concerned, the user's raw password is protected from immediate exposure.
+  *As of version 3.4.15, a client-side hash of the user's "plain-text" password is sent to the server.  So, while this client-side hash is still a "plain-text" password as far as the server is concerned, the user's actual raw password is protected from immediate exposure.
 - Be aware that only some very basic data & error checking is performed.  (But, it's getting better...)  
 - Anything else?
 

From f034a787afc27ce4eefa8bf4e50e828df6aaa18d Mon Sep 17 00:00:00 2001
From: Self-Evident <selfevidenttruths@mail.com>
Date: Sat, 22 Mar 2014 18:10:00 -0400
Subject: [PATCH 188/228] Version 3.5.09 Restored IE 8+ support!
 Create_Table_for_Listing: id=DIRECTORY_FOOTER moved from <TR> to <TD>
 Send_data_to_js_and_display: added DIRECTORY_ITEMS js global var Added
 Init_Dir_table_rows() js function. Assemble_row() is now
 Assemble_Insert_row() Build_Directory() redone for Assemble_Insert_row(),
 cleaned up. Directory_Summary(): no longer genrerates <td></td> here.
 Sort_and_Show(): minor adjustment for new Build_Directory(). Some css
 adjustments for the above, and some general tweaks.

---
 info/OneFileCMS_structure.txt |   5 +-
 info/changelog.markdown       |   5 +
 onefilecms.php                | 187 ++++++++++++++++++----------------
 readme.markdown               |   4 +-
 4 files changed, 106 insertions(+), 95 deletions(-)

diff --git a/info/OneFileCMS_structure.txt b/info/OneFileCMS_structure.txt
index c0c8443..8f7be4b 100755
--- a/info/OneFileCMS_structure.txt
+++ b/info/OneFileCMS_structure.txt
@@ -1,4 +1,4 @@
-OneFileCMS Version 3.5.08 structure/layout
+OneFileCMS Version 3.5.09 structure/layout
 
 LICENSE
 
@@ -101,9 +101,10 @@ JAVASCRIPT FUNCTIONS:
 	Index_Page_scripts()
 		Sort_FOlder_First()
 		sort_DIRECTORY()
+		Init_Dir_table_rows()
 		Assemble_row()
-		Directory_Summary()
 		Build_Directory
+		Directory_Summary()
 		Sort_and_Show()
 		Select_All()
 		Confirm_Submit()
diff --git a/info/changelog.markdown b/info/changelog.markdown
index f7a3b3b..cb66ee0 100755
--- a/info/changelog.markdown
+++ b/info/changelog.markdown
@@ -1,5 +1,10 @@
 # OneFileCMS Change Log
 
+### v3.5.09 (2014-03-22)
+
+- Restored IE 8+ support.
+- And, you know, tweaked some css...
+
 ### v3.5.08 (2014-03-21)
 
 - Mostly just some code improvements/cleanup.
diff --git a/onefilecms.php b/onefilecms.php
index ae1eb19..75b7cf8 100755
--- a/onefilecms.php
+++ b/onefilecms.php
@@ -2,7 +2,7 @@
 
 // OneFileCMS - github.com/Self-Evident/OneFileCMS
 
-$OFCMS_version = '3.5.08';
+$OFCMS_version = '3.5.09';
 
 /*******************************************************************************
 Except where noted otherwise:
@@ -1797,7 +1797,7 @@ function Create_Table_for_Listing() { //****************************************
 
 	<?php //Directory & footer content will be inserted later. ?>
 	<tbody id=DIRECTORY_LISTING></tbody>
-	<tr    id=DIRECTORY_FOOTER></tr>
+	<tr><td id=DIRECTORY_FOOTER colspan=7></td</tr>
 	</table>
 <?php
 }//Create_Table_for_Listing() //************************************************
@@ -1893,6 +1893,7 @@ function Send_data_to_js_and_display() {//**************************************
 	}//end for x
 
 	//Initial sort & display of the directory, by (filename, ascending).
+	$data_for_js .= "var DIRECTORY_ITEMS = DIRECTORY_DATA.length;\n";
 	$data_for_js .= 'Sort_and_Show();'."\n";
 
 	$data_for_js .= "</script>\n";
@@ -1931,7 +1932,7 @@ function Index_Page_buttons_top($file_count) { //*******************************
 
 
  
-function Index_Page(){ //*******************************************************
+function Index_Page() { //******************************************************
 	global  $ONESCRIPT, $ipath_OS, $param1;
 	
 	init_ICONS_js();
@@ -3076,32 +3077,91 @@ function sort_DIRECTORY(col, direction) { //**************************
 
 
 
+function Init_Dir_table_rows(DIR_LIST) { //***************************
+
+	var row, cell, cells, tr, td;
+
+	for (row = 0; row < DIRECTORY_ITEMS; row++){
+		
+		//initialize <tr> with empty <td>'s
+		tr = DIR_LIST.insertRow(row);
+		for (cell = 0; cell < 7; cell++) {td = tr.insertCell(-1);}
+		cells = tr.cells;
+		
+		//assign css classes
+		cells[4].className = 'file_name';
+		cells[5].className = 'file_size meta_T';
+		cells[6].className = 'file_time meta_T';
+	}
+}//end Init_Dir_table_rows() { //*************************************
+
+
+
+
 //********************************************************************
-function Assemble_row(x, HREF_params, f_or_f, filename, file_name, file_time, file_size){
-	var TABLE_ROW = '';
+function Assemble_Insert_row(IS_OFCMS, trow, href, f_or_f, filename, file_name, file_size, file_time){
 
-	//Assemble cell contents: [move] [copy] [delete] [x] <a>file name</a> etc...
-	var ren_mov = '<a href="' + HREF_params + '&amp;p=rename' + f_or_f + '" title="<?php echo hsc($_['Ren_Move']) ?>">' + ICONS['ren_mov'] + '</a>';
-	var copy    = '<a href="' + HREF_params + '&amp;p=copy'   + f_or_f + '" title="<?php echo hsc($_['Copy'])     ?>">' + ICONS['copy']    + '</a>';
-	var del     = '<a href="' + HREF_params + '&amp;p=delete' + f_or_f + '" title="<?php echo hsc($_['Delete'])   ?>">' + ICONS['delete']  + '</a>';
+	//Assemble [move] [copy] [delete] [x] 
+	var ren_mov = '<a href="' + href + '&amp;p=rename' + f_or_f + '" title="<?php echo hsc($_['Ren_Move']) ?>">' + ICONS['ren_mov'] + '</a>';
+	var copy    = '<a href="' + href + '&amp;p=copy'   + f_or_f + '" title="<?php echo hsc($_['Copy'])     ?>">' + ICONS['copy']    + '</a>';
+	var del     = '<a href="' + href + '&amp;p=delete' + f_or_f + '" title="<?php echo hsc($_['Delete'])   ?>">' + ICONS['delete']  + '</a>';
 	var checkbox = '<div class="ckbox"><INPUT TYPE=checkbox class=select_file NAME="files[]"  VALUE="'+ hsc(filename) +'"></div>';
 
 	//Don't show remove, delete, or checkbox options for active copy of OneFileCMS.
-	var IS_OFCMS = DIRECTORY_DATA[x][4];
 	if (IS_OFCMS) { ren_mov = del = checkbox = ''; }
 
-	TABLE_ROW += "<tr>";
-	TABLE_ROW += '<td>' + ren_mov  + '</td>';
-	TABLE_ROW += '<td>' + copy     + '</td>';
-	TABLE_ROW += '<td>' + del      + '</td>';
-	TABLE_ROW += '<td>' + checkbox + '</td>';
-	TABLE_ROW += '<td class="file_name"       >' + file_name  + '</td>';
-	TABLE_ROW += '<td class="meta_T file_size">' + file_size  + '</td>';
-	TABLE_ROW += '<td class="meta_T file_time">' + file_time + '</td>';
-	TABLE_ROW += "</tr>\n";
+	//fill the <td>'s
+	cells = trow.cells;
+	cells[0].innerHTML = ren_mov;
+	cells[1].innerHTML = copy;
+	cells[2].innerHTML = del;
+	cells[3].innerHTML = checkbox;
+	cells[4].innerHTML = file_name;
+	cells[5].innerHTML = file_size;
+	cells[6].innerHTML = file_time;
+
+}//end Assemble_Insert_row() //***************************************
+
+
+
 
-	return TABLE_ROW;
-}//end Assemble_row() //**********************************************
+function Build_Directory() { //***************************************
+
+	var DIR_LIST = document.getElementById("DIRECTORY_LISTING");
+
+	if (DIR_LIST.rows.length < 1) {Init_Dir_table_rows(DIR_LIST);}
+
+	for (var row = 0; row < DIRECTORY_ITEMS; row++) {
+		
+		var filetype = DIRECTORY_DATA[row][0];
+		var filename = DIRECTORY_DATA[row][1];
+		var filesize = DIRECTORY_DATA[row][2];
+		var filetime = DIRECTORY_DATA[row][3];
+		
+		//folder or file?
+		if (filetype == "dir"){
+			var DS        = ' /';
+			var f_or_f    = 'folder';
+			var href      = ONESCRIPT + PARAM1 + encodeURIComponent(filename);
+			var file_size = '';
+		} else {
+			var DS        = '';
+			var f_or_f    = 'file';
+			var href      = ONESCRIPT + PARAM1 + '&amp;f=' + encodeURIComponent(filename) + '&amp;p=edit';
+			var file_size = format_number(filesize) + ' B';
+		}
+		
+		var file_name  = '<a href="' + href  + '"';
+			file_name += ' title="<?php echo hsc($_['Edit_View']) ?>: ' + hsc(filename) + '" >';
+			file_name += ICONS[filetype] + '&nbsp;' + hsc(filename) + DS + '</a>';
+		var file_time  = FileTimeStamp(filetime, 1, 0, 0);
+		
+		var IS_OFCMS = DIRECTORY_DATA[row][4];
+		var trow = DIR_LIST.rows[row];
+		
+		Assemble_Insert_row(IS_OFCMS, trow, href, f_or_f, filename, file_name, file_size, file_time);
+	}//end for (row...
+}//end Build_Directory() //*******************************************
 
 
 
@@ -3122,10 +3182,9 @@ function Directory_Summary() { //*************************************
 	}
 
 	//Directory Summary
-	SUMMARY += '<td colspan=7>';
 	SUMMARY += folder_count + " <?php echo hsc($_['folders']) ?>, &nbsp; ";
 	SUMMARY += total_items - folder_count + ' <?php echo hsc($_['files']) ?>, ';
-	SUMMARY += '&nbsp; ' + format_number(total_bytes) + " <?php echo hsc($_['bytes']) ?></td>";
+	SUMMARY += '&nbsp; ' + format_number(total_bytes) + " <?php echo hsc($_['bytes']) ?>";
 
 	return SUMMARY;
 
@@ -3134,65 +3193,11 @@ function Directory_Summary() { //*************************************
 
 
 
-function Build_Directory() { //***************************************
-	//Build data from DIRECTORY_DATA into a set of <tr>'s
-
-	//raw directory info
-	var DIRECTORY_LIST	= "";
-	var filetype    = '';
-	var filename	= '';
-	var filesize    =  0;
-	var filetime	= '';
-
-	//formatted and/or marked up directory info
-	var file_name	= '';
-	var file_size   = '';
-	var file_time	= '';
-	
-	var DS          = ''; // ' /' for folders, blank otherwise.
-	var f_or_f      = ''; // 'file' or 'folder'
-	var HREF_params = ''; // <a href=HREF_params>file_name</a>
-
-	for (var x=0; x < DIRECTORY_DATA.length; x++) {
-		
-		filetype = DIRECTORY_DATA[x][0];
-		filename = DIRECTORY_DATA[x][1];
-		filesize = DIRECTORY_DATA[x][2];
-		filetime = DIRECTORY_DATA[x][3]
-		
-		//folder or file?  And file_size
-		if (filetype == "dir"){
-			DS           = ' /';
-			f_or_f       = 'folder';
-			HREF_params  = ONESCRIPT + PARAM1 + encodeURIComponent(filename);
-			file_size    = '';
-		} else {
-			DS           = '';
-			f_or_f       = 'file';
-			HREF_params  = ONESCRIPT + PARAM1 + '&amp;f=' + encodeURIComponent(filename)  + '&amp;p=edit';
-			file_size    = format_number(filesize) + ' B';
-		}
-		
-		file_name  = '<a href="' + HREF_params + '"';
-		file_name += ' title="<?php echo hsc($_['Edit_View']) ?>: ' + hsc(filename) + '" >';
-		file_name += ICONS[filetype] + '&nbsp;' + hsc(filename) + DS + '</a>';
-		file_time  = FileTimeStamp(filetime, 1, 0, 0);
-		
-		DIRECTORY_LIST += Assemble_row(x, HREF_params, f_or_f, filename, file_name, file_time, file_size)
-		
-	}//end for x
-
-	return DIRECTORY_LIST;
-
-} //end Build_Directory() //******************************************
-
-
-
 function Sort_and_Show(col, direction) { //***************************
 
 	sort_DIRECTORY(col, direction); //Sort DIRECTORY_DATA
 
-	document.getElementById('DIRECTORY_LISTING').innerHTML = Build_Directory();
+	Build_Directory();
 
 	document.getElementById('DIRECTORY_FOOTER').innerHTML = Directory_Summary();
 
@@ -3200,6 +3205,7 @@ function Sort_and_Show(col, direction) { //***************************
 
 
 
+
 function Select_All() { //*******************************************
 
 	//Does not work in IE if the variable name is spelled the same as the Element Id
@@ -3743,7 +3749,7 @@ function style_sheet(){ //******************************************************
 
 .meta_T { padding-right: 4px; text-align: right; font-family: courier; font-size: .9em; color: #222; }
 
-#DIRECTORY_FOOTER td {text-align: center; font-size: .9em; color: #333; padding: 3px 0 0 0; }
+#DIRECTORY_FOOTER {text-align: center; font-size: .9em; color: #333; padding: 3px 0 0 0; }
 
 
 /*** front_links:  [New File] [New Folder] [Upload File] ***/
@@ -3762,9 +3768,9 @@ function style_sheet(){ //******************************************************
 
 /*These must go after .front_links and other style that affect <a> tags*/
 a { border: 1px solid transparent; text-decoration: none; }  /*color: rgb(100,45,0);*/
-a:focus  { border: 1px solid #777; background-color: rgb(255,250,150); }
-a:hover  { border: 1px solid #777; background-color: rgb(255,250,150); }
-a:active { border: 1px solid #777; background-color: rgb(245,245,50);  }
+a:focus  { border: 1px solid #333; background-color: rgb(255,250,150); }
+a:hover  { border: 1px solid #333; background-color: rgb(255,250,150); }
+a:active { border: 1px solid #333; background-color: rgb(245,245,50);  }
 
 
 /*** [Move] [Copy] [Delete] ***/
@@ -3784,9 +3790,9 @@ function style_sheet(){ //******************************************************
 	background-color: #EEE;
 	}
 
-#mcd_submit button:focus  { background-color: rgb(255,250,150); }
-#mcd_submit button:hover  { background-color: rgb(255,250,150); }
-#mcd_submit button:active { background-color: rgb(245,245,50); }
+#mcd_submit button:focus  { border: 1px solid #333; background-color: rgb(255,250,150); }
+#mcd_submit button:hover  { border: 1px solid #333; background-color: rgb(255,250,150); }
+#mcd_submit button:active { border: 1px solid #333; background-color: rgb(245,245, 50); }
 
 .buttons_right         { float: right; }
 .buttons_right .button { margin-left: .5em; }
@@ -3811,14 +3817,15 @@ function style_sheet(){ //******************************************************
 
 .nav   { float: right; display: inline-block; margin-top: 1.35em; font-size : 1em; }
 .nav a { border: 1px solid transparent; font-weight: bold; padding: .2em .6em .1em .6em; }
-.nav a:hover  { border: 1px solid #777; }
-.nav a:focus  { border: 1px solid #777; }
-.nav a:active { border: 1px solid #777; }
+.nav a:hover  { border: 1px solid #333; }
+.nav a:focus  { border: 1px solid #333; }
+.nav a:active { border: 1px solid #333; }
 
 
 /* --- edit --- */
 
 #edit_header  {margin: .5em 0 0 0;}
+#edit_header a:hover  { border: 1px solid #000; }
 
 #edit_form    {margin: 0;}
 
@@ -3973,7 +3980,7 @@ function style_sheet(){ //******************************************************
 	font-weight: normal;
 	padding: 0 .5em 0 0;
 	margin: .5em 0 0 0;
-}
+	}
 
 #path_header a {
 	outline: none;
@@ -3982,7 +3989,7 @@ function style_sheet(){ //******************************************************
 	border-right: solid 1px transparent;
 	display: inline-block;
 	padding: 1px 5px 0 5px;
-}
+	}
 
 #path_header a:hover  { border-left : solid 1px #777; border-right: solid 1px #777; background-color: rgb(255,250,150); }
 #path_header a:focus  { border-left : solid 1px #777; border-right: solid 1px #777; background-color: rgb(255,250,150); }
diff --git a/readme.markdown b/readme.markdown
index 21423c1..cc47b20 100755
--- a/readme.markdown
+++ b/readme.markdown
@@ -100,8 +100,7 @@ OneFileCMS can be configured to work with [TinyMCE](http://tinymce.moxiecode.com
   (Only tested on versions 5.2.8, 5.2.17, 5.3.3, and 5.4 + )
 - File permission privileges on your host.
 - A Javascript enabled browswer.
-- Most* modern browsers probably work, but I only test on Firefox and Chrome.  
-  *IE, however, is currently a no go, as of OneFileCMS v3.4.23. [v3.4.22 is available here](http://self-evident.github.com/OneFileCMS/onefilecms_3.4.22.zip)
+- Most* modern browsers probably work, but I only test on Firefox, Chrome, and IE 8.
 - And- but only if you wish to see the icons- a browser that supports inline SVG.  
   (If your browser doesn't support inline SVG, OneFileCMS will still work, just without any icons.)
 
@@ -118,7 +117,6 @@ OneFileCMS can be configured to work with [TinyMCE](http://tinymce.moxiecode.com
 
 ##Needed/potential improvements
 
-- As of v3.4.23, doesn't work in IE.  It seems IE doesn't support changing the innerHTML of some tags.  OneFile builds the directory in javascript, then displays it by changing the innerHTML of a &lt;tbody> tag of an existing &lt;table>.  And, since the alternative/fix/workaround would be a whole bunch more work, IE is currently not supported.  
 - With Chrome, and possibly Safari, issue with Edit page: Clicking browser [back] & then browser [forward],  with file changed and not saved. On return (after [forward] clicked), file still has changes, but indicators are green (saved/unchanged). Does not affect FF 7+ or IE 8+.
 - The connection is not encrypted (doesn't use SSL), so passwords & usernames are sent in clear text* during login.  However, this is true of most online login systems, unless SSL or the like is employed.  
   *As of version 3.4.15, a client-side hash of the user's "plain-text" password is sent to the server.  So, while this client-side hash is still a "plain-text" password as far as the server is concerned, the user's actual raw password is protected from immediate exposure.

From 12c70c6c0989ff8f273ff525bf544250651cd1b0 Mon Sep 17 00:00:00 2001
From: Self-Evident <selfevidenttruths@mail.com>
Date: Sat, 22 Mar 2014 18:13:00 -0400
Subject: [PATCH 189/228] Version 3.5.09 Deleted superfluous file.

---
 info/changelog.html | 607 --------------------------------------------
 1 file changed, 607 deletions(-)
 delete mode 100755 info/changelog.html

diff --git a/info/changelog.html b/info/changelog.html
deleted file mode 100755
index 465929f..0000000
--- a/info/changelog.html
+++ /dev/null
@@ -1,607 +0,0 @@
-<h1>OneFileCMS Change Log</h1>
-
-<h3>v3.5.07 (2014-03-15)</h3>
-
-<ul>
-<li>Removed ability for OneFileCMS to edit itself - it is too risky an option.  If needed, make a copy &amp; edit it.</li>
-<li>Added a [View Raw] button on the Edit/View page.  It displays the raw/plain text of the current file.</li>
-<li>Fixed issue using Chrome &amp; editing some files containing javascript.</li>
-<li>Some changes to "file changed" visual feedback (textarea &amp; [Save] button styles).</li>
-<li>Some general code improvements to Edit_Page_...  functions.</li>
-<li>Some other general code improvements.</li>
-<li>And, a bit of css tweakin...</li>
-</ul>
-
-<h3>v3.5.06 (2014-03-11)</h3>
-
-<ul>
-<li>Added optional logging of login attempts, both successful &amp; failed.</li>
-</ul>
-
-<h3>v3.5.05 (2014-03-09)</h3>
-
-<ul>
-<li>Copy &amp; Rename pages ignore blank "New Name" fields.</li>
-<li>Some minor improvemnts &amp; css tweaks.</li>
-</ul>
-
-<h3>v3.5.04 (2014-03-08)</h3>
-
-<ul>
-<li>Fixed "minor" bug - editor not saving changes (introduced in 3.5.02, but just noticed)</li>
-<li>Some general code improvements &amp; shuffling</li>
-<li>Some CSS shuffling &amp; tweaks.</li>
-</ul>
-
-<h3>v3.5.03 (2014-03-06)</h3>
-
-<ul>
-<li>Minor update to Get_DIRECTORY_DATA(). Didn't seem to affect all php versions.</li>
-</ul>
-
-<h3>v3.5.02 (2014-03-06)</h3>
-
-<ul>
-<li>OneFileCMS can now work with non-ASCII filenames.</li>
-<li>(But, OneFileCMS itself can not be named with non-ASCII characters. I don't know why.)</li>
-<li>Increased $PRE_ITERATIONS from 200 to 1000.  This will affect, at least, older IE's, and maybe other browsers as well. For instance, it takes IE8 37 times longer to perform the "pre-iterations" than Firefox.  In anycase, it can, of course, be changed back if needed. <br />
-(However, OneFileCMS does not currenly work in IE, so it's kinda academic for now.)</li>
-<li>Some css tweaks &amp; improvements.</li>
-</ul>
-
-<h3>v3.5.01 (2014-02-22)</h3>
-
-<ul>
-<li>Mostly behind the scenes stuff...</li>
-<li>Replaced use of htmlentities() with htmlspecialchars().  With UTF-8, htmlentites() is superfluous.</li>
-<li>Added hsc() to a number of strings where should have already been.</li>
-<li>Changed directory sort function a bit. Note: when selecting/deselecting the 'folders first' option, the primary sort will be the last sorted column.</li>
-<li>Split out a new function, Send_data_to_js(), from Index_Page().</li>
-<li>Also, in prep for an upcoming update, tagged several places (with //##### ) where file system calls are made. The $filename strings used in the calls may need to be encoded with something other than UTF-8, depending on the underlying OS's filesystem. (such as NTFS, which uses UTF-16)</li>
-</ul>
-
-<h3>v3.5 (2014-02-19)</h3>
-
-<ul>
-<li>The directory list can now be sorted by column: name, .ext, size, date.</li>
-<li>Also has an option to list folders first, or to sort without regard to file or folder.</li>
-<li>In accomplishing the above, most sorting moved client side.  This permits resorts without another server hit.</li>
-<li>Added &amp; tweaked some css...</li>
-<li>Slight restructure of the repo (ie: move a few "extras" files around).</li>
-<li>NOTE:  versions 3.4.23 and later DO NOT WORK IN IE!  I don't know why yet, mostly likely js related.</li>
-</ul>
-
-<h3>v3.4.23 (2014-02-12)</h3>
-
-<ul>
-<li>More changes in prep for sort by column</li>
-<li>Directory list is now built &amp; displayed client side via javascript.</li>
-</ul>
-
-<h3>v3.4.22 (2014-02-10)</h3>
-
-<ul>
-<li>Mostly some changes to prep for sort by column (name, size, or date) feature.</li>
-</ul>
-
-<h3>v3.4.21 (2014-02-08)</h3>
-
-<ul>
-<li>Added back the option for external style sheets</li>
-<li>Cooresponding updates to sample external config file.</li>
-<li>In addition to specific file names, specific folder names may now be excluded from directory listings.</li>
-<li>Fixed minor missing page title on Copy Folder page</li>
-<li>Tweaked a couple css defaults</li>
-</ul>
-
-<h3>(2013-01-19)</h3>
-
-<ul>
-<li>Just some minor updates/wording changes to the readme &amp; plugin/*.init files.</li>
-</ul>
-
-<h3>v3.4.20 (2012-12-19)</h3>
-
-<ul>
-<li><p>The $ACCESS_ROOT option has been reimplemented and is now fully functional*.  This option limits access to a specified folder (and it's sub-folders).  To use, just specify a valid path relative to the root of the website (no leading slash). <br />
-(*Well, as best as I can tell...)</p></li>
-<li><p>All OneFileCMS configuration variables that reference external files ($CONFIG_file, $LANGUAGE_FILE, $WYSIWYG_PLUGIN) must be specified in one of two ways:  </p>
-
-<ol>
-<li>Relative to the root of the website - with NO leading slash:  "some/path/from/webroot/somefile.php"  </li>
-<li>Absolute to the file system - WITH a leading slash:  "/some/path/from/system/root/somefile.php" <br />
-(On Windows, the drive letter may also be used, but it is not required if all is on same drive.)</li>
-</ol></li>
-</ul>
-
-<h3>v3.4.19 (2012-12-12)</h3>
-
-<ul>
-<li><p>Slightly adjusted how wysiwyg plugins are implemented - removed $WYSIWIG_SOURCE config variable. <br />
-(It's value is now specified directly in the "init" file specified by $WYSIWYG_PLUGIN.)</p></li>
-<li><p>Two steps forward, one step back... <br />
-Just for now - removed the $ACCESS_ROOT option.  I was coding in circles and getting no where while trying to reconcile various issues:  </p>
-
-<ul>
-<li>With OneFileCMS in any folder other than the web root,</li>
-<li>With OneFileCMS in a folder other than $ACCESS_ROOT  </li>
-<li>Depending on the above, can't delete the backup copy of OneFileCMS created by a p/w or u/n change).</li>
-<li>External file references (config, language, plugins) affected by the above.  </li>
-<li>Should $ACCESS_ROOT also restrict access to OneFileCMS itself?  That would prevent p/w &amp; u/n changes.</li>
-<li>Display of the current/path/header/ varies depending on $ACESS_ROOT.</li>
-<li>Combining the above.</li>
-</ul>
-
-<p>A solution is in the works, but I'm going to take some time to make sure no new problems are introduced by the eventual fix. (hahaha...) It will probably end up being simple, but it's not yet...</p></li>
-<li><p>Just a general note on security: due to the fundamental structure of OneFileCMS - primarily that it's one file, and that there is no seperate database for authentication - there are certain inherent security limitations that should be kept in mind:  </p>
-
-<ul>
-<li>The first is that all OneFileCMS users are "admins", with the ability to upload and edit files with any type of code.</li>
-<li>Next, as a direct consequence of the prior point, is that any restriction imposed by some potential feature, such as the $ACCESS_ROOT option that limited access to a specific folder, is only - at most - a guard against accidental access and modification of files outside of the "accessible" folder.   This is not to say that such features are not useful - this is simply meant to provide a realistic expectation of security, and that OneFileCMS should only be used with trusted users.</li>
-</ul></li>
-</ul>
-
-<h3>v3.4.18 (2012-12-03)</h3>
-
-<p>Of course, everything comes with a price (exacerbated by my apparent lack of testing...)</p>
-
-<ul>
-<li>Anyway, the current release partly fixes an issue when trying to use a wysiwyg editor with onefilecms.php installed in a sub-folder of a site.  The issue is - it didn't work.  Now it does - mostly. However, there is still an issue using wysiwyg editors if the $ACCESS_ROOT variable is set to anything but blank (root).</li>
-</ul>
-
-<h3>2012-12-03</h3>
-
-<ul>
-<li>Just a note: there is an issue using a wysiwyg editor when onefilecm.php is in a sub-folder, or related to using the $ACCESS_ROOT option (restricting onefilecms access to a folder).  WYSIWYG seems to otherwise work fine when onefilecms.php is in the root folder of a site.</li>
-</ul>
-
-<h3>v3.4.17 (2012-11-29)</h3>
-
-<ul>
-<li><p>WYSIWYG is here! <br />
-Due to popular demand (ie: it has been requested more than once), WYSYWIG editors can now be "plugged in" and used with OneFileCMS.  Currently, only <a href="http://tinymce.moxiecode.com/">TinyMCE</a> and <a href="http://ckeditor.com/">CKEditor</a> have been tested (and on a very limited scale). Others may work - but I don't know yet.  And, naturally, the use or inclusion of such editors is completely optional, of course.</p>
-
-<p><strong>No actual WYSIWYG editors are included with OneFileCMS</strong> - any desired editor must be obtained seperately.</p>
-
-<p>A brief how-to on using either editor can be found in their respective sample "init" files included in the plugins folder of the OneFileCMS repo. Any suitable init file for a given editor may be used, as long as the correct path to the editor's javascript source file is specified, and - for CKEditor - the id of the OneFileCMS textarea, "file_editor", is also be specified. </p>
-
-<p>Now, while everything seems to work, I have little to no experience using TinyMCE, CKEditor, or any other such application. So, if there is something missing or not working as expected, please let me know (open an "issue" on the Issues page).</p>
-
-<p>Notes:  </p>
-
-<ul>
-<li><p>These editors have their own, extensive, event controls (responses to keyboard &amp; mouse input), so the OneFileCMS edit page event scripts are not loaded when an editor is in use.  The primary effect is the loss of incidental file status indicators - [Save] will not change to [SAVE CHANGES!], background color will not change, etc., and any "unsaved changes" alerts should be handled by the active editor.  Also, the [Wide View] button will be unavailable.  </p></li>
-<li><p>The TinyMCE "init" file included in the OneFileCMS repo specifies the use of the TinyMCE "fullpage" plugin, which produces an "unsaved changes" alert every time you exit the Edit page - even if no changes have been made to the file in the editor.  </p></li>
-<li><p>The CKEditor, on the other hand, does not seem to present an alert at all when you leave the editor page - even with unsaved changes.  </p></li>
-</ul></li>
-</ul>
-
-<h3>v3.4.16 (2012-11-23)</h3>
-
-<ul>
-<li>Added icons to lower buttons on edit page.</li>
-<li>And a few code tweaks &amp; improvements.</li>
-</ul>
-
-<h3>v3.4.15 (2012-11-18)</h3>
-
-<ul>
-<li><p>Added client-side hashing of passwords. 
-This is primarily a benefit for the user, as it does not really add any security to the server side application that uses it (such as OneFileCMS).  The reason is that this "pre-hash" simply becomes the actual password as far as the server is concerned, and is just as vulnerable to exposure while in transit. However, it does help to protect the user's plain-text password, which may be used elsewhere.  </p></li>
-<li><p>Also added a "please wait..." message while computing the client-side hashes - primarily for IE versions &lt; 9, which are MUCH slower than FF or Chrome (by a factor of 37 or more).  Subsequently, the number of iterations for the client-side hashing is quite low (compared to the server side), but still causes a 1 - 2 second delay on the login screen, and a 3 - 6 second delay on the Change Password screen.  On FF and Chrome, however, the delay is much shorter, almost unnoticable.</p></li>
-<li><p>I want to thank <a href="http://github.com/fermuch">fermuch</a> for the client-side hashing suggestion.  While a somewhat different approach was ultlimately employed, his original solution provided the insight needed to approach the idea in general.</p></li>
-</ul>
-
-<h3>3.4.14 (2012-11-12)</h3>
-
-<ul>
-<li>Courtesy of <a href="github.com/Fuchur777">Fuchur777</a>, added option to restrict OneFileCMS to a specified folder (and it's sub-folders).</li>
-<li>Fixed issue on Upload page if using PHP v3.2.12 or earlier.</li>
-<li>A few miscellaneous code improvements.</li>
-</ul>
-
-<h3>(2012-11-11)</h3>
-
-<ul>
-<li>Thanks to <a href="https://github.com/zaykin">zaykin</a> for the Russion language file!</li>
-</ul>
-
-<h3>3.4.13 (2012-11-05)</h3>
-
-<ul>
-<li>Thanks to <a href="http://github.com/symsec">symsec</a> for the Dutch (Nederlands) language file!</li>
-<li>Otherwise, mostly some incidental code improvements and cleanup.</li>
-</ul>
-
-<h3>3.4.12 (2012-10-21)</h3>
-
-<ul>
-<li>On the Upload Page, added an option to select either automatic rename or overwrite of pre-existing files.</li>
-</ul>
-
-<h3>3.4.11 (2012-10-16)</h3>
-
-<ul>
-<li>Just a few code tweaks and improvements.</li>
-</ul>
-
-<h3>3.4.10 (2012-10-08)</h3>
-
-<ul>
-<li>Folders are now listed ahead of files in main file list.</li>
-<li>Quite of bit of code consolidation and improvement.</li>
-<li>Converted svg icons from functions into an array of $ICONS[]</li>
-</ul>
-
-<h3>3.4.09</h3>
-
-<ul>
-<li>Can now recursively copy folders.</li>
-<li>Consolidated some functions.</li>
-<li>Removed some svg icons no longer used.</li>
-<li>The usual "code cleanup" and "tweaked some css"...</li>
-</ul>
-
-<h3>3.4.07</h3>
-
-<ul>
-<li>Can now recursively delete non-empty folders (just be careful!)</li>
-<li>Consolidated some functions.</li>
-<li>Minor bug fix &amp; a few misc code improvements.</li>
-<li>Darkened folder icons.</li>
-<li>Removed &amp; changed a few $_[] language strings. </li>
-</ul>
-
-<h3>3.4.06</h3>
-
-<ul>
-<li>Minor bug fix: Index page would not display folders that started with a period ("hidden" folders on *nix)</li>
-</ul>
-
-<h3>3.4.05</h3>
-
-<ul>
-<li>Consolidated index page radio &amp; submit buttons (for Move, Copy, Delete) into just three standard buttons.</li>
-<li>Added multi-file upload ability.</li>
-<li>Index page: removed extra Upload/New/Rename/Delete buttons from  bottom of page.</li>
-<li>Subsequent to the above, a bit of code cleanup &amp; improvement.</li>
-</ul>
-
-<h3>3.4.04</h3>
-
-<ul>
-<li>Minor bug fix.</li>
-</ul>
-
-<h3>3.4.02-3.4.03</h3>
-
-<ul>
-<li>Primary user noticable change: on rename/move/copy pages, split "New Name" from "New Location".</li>
-<li>A couple minor bug fixes.</li>
-<li>Consolidated four functions into two.</li>
-<li>Other general code cleanup &amp; improvements.</li>
-<li>Numerous new, changed, and removed langauge settings.</li>
-</ul>
-
-<h3>3.4.01</h3>
-
-<ul>
-<li>A couple of minor bug fixes.</li>
-<li>Some code cleanup &amp; improvements.</li>
-</ul>
-
-<h3>3.3.17 - 3.4.0 (2012-08-29)</h3>
-
-<ul>
-<li>Added option to select and move, copy, or delete multiple files.</li>
-<li>And other general code tweaks and improvements.</li>
-</ul>
-
-<h3>3.3.11 - 3.3.16</h3>
-
-<ul>
-<li>Added screens for changing username and password.</li>
-<li>Plaintext $PASSWORD option is no longer available.</li>
-<li>Added options to Rename, Copy, or Delete files from Index screen.</li>
-<li>Improved validation of $_GET parameters &amp; other general code improvements.</li>
-</ul>
-
-<h3>3.3.10</h3>
-
-<ul>
-<li>Created an actual "Admin" page that has links to admin functions: Hash Page, Edit OneFileCMS, and (soon) Change Password.</li>
-</ul>
-
-<h3>3.3.09</h3>
-
-<ul>
-<li>Minor code improvements &amp; cleanup.</li>
-</ul>
-
-<h3>3.3.08</h3>
-
-<ul>
-<li>Added some basic error handling and now using buffering to capture errant early output.</li>
-<li>Seperate function to handle dynamic css values.</li>
-</ul>
-
-<h3>3.3.07</h3>
-
-<ul>
-<li>Language file formats are now php instead of ini.</li>
-<li>Minor improvement to version checking.</li>
-</ul>
-
-<h3>3.3.06</h3>
-
-<ul>
-<li>Increased hash iterations from 1000 to 10000.  (I've read that lots of iterations help slow down brute force p/w recovery)</li>
-<li>Format for external config files is now just php (instead of ini).</li>
-<li>Some miscellaneous code &amp; css improvements.</li>
-</ul>
-
-<h3>3.3.05a</h3>
-
-<ul>
-<li>Just removed some trouble-shooting code that was left in unintentionally.</li>
-</ul>
-
-<h3>3.3.05</h3>
-
-<ul>
-<li>Added a few settings to the language files to adjust certain css values if needed.  In some instances, some langauges may use significantly longer words or phrases than others.  So, a smaller font or less spacing may be desirable in those places to preserve page layout.   </li>
-<li>And, of course, some minor code improvements hear and there.</li>
-</ul>
-
-<h3>3.3.04</h3>
-
-<ul>
-<li>Added Spanish language file courtesy of <a href="https//github.com/fermuch">fermuch</a>.</li>
-<li>Some misc code improvements.</li>
-<li>Added notes regarding using .ini file for password storage.</li>
-</ul>
-
-<h3>3.3.03</h3>
-
-<ul>
-<li>"Wide View" option on Edit page now persists across saves.</li>
-<li>Improved handling of language files.  However, kinda' like "online security", "multi-language support" is nebulous and a bit finicky.</li>
-</ul>
-
-<h3>3.3.02</h3>
-
-<ul>
-<li>Added German language file courtesy of <a href="http://github.com/codeless">codeless</a>.</li>
-</ul>
-
-<h3>3.3.01</h3>
-
-<ul>
-<li>Fixed a "minor" issue after adding multi-language support- OneFileCMS stopped working altogether on versions of PHP &lt; 5.3.</li>
-</ul>
-
-<h3>3.3.0</h3>
-
-<ul>
-<li>Added support for optional external language files.   Now to get some translations...  </li>
-<li>The default, English, is included directly in OneFileCMS, of course.</li>
-<li>A sample language file (English) is included in the repo for reference for anyone that may be interested.</li>
-</ul>
-
-<h3>3.2.3</h3>
-
-<ul>
-<li>Thanks to github.com/codeless: added the ability to process a seperate config file. <br />
-(This is just an option for flexibility, and is not required)</li>
-<li>Added a [Wide View] button to Edit page.</li>
-<li>Some minor code improvement &amp; css tweaking.</li>
-</ul>
-
-<h3>3.2.2</h3>
-
-<ul>
-<li>Thanks to github.com/codeless: added a configurable whitelist of files to show.</li>
-<li>Fixed minor issue on hash page (needed htmlspecialchars)</li>
-<li>And, of course, various style &amp; code tweaks.</li>
-</ul>
-
-<h3>3.2.1</h3>
-
-<ul>
-<li>Added timer to "Please wait..." message after too many invalid login attempts.</li>
-<li>Mostly some misc code cleanup &amp; improvement.</li>
-</ul>
-
-<h3>3.2.0</h3>
-
-<ul>
-<li>Added a few security improvements.</li>
-<li>Added "timeout" timer as a warning to save edits before they're lost.</li>
-</ul>
-
-<h3>3.1.9</h3>
-
-<ul>
-<li>Password may now be stored as an encrypted hash, instead of in plain text.</li>
-<li>Added an "Admin" page to generate password hashes.</li>
-<li>A bunch of other code tweakin' &amp; improvements.</li>
-</ul>
-
-<h3>3.1.6 thru 3.1.8</h3>
-
-<ul>
-<li>Converted bulk of rest of code into functions (easier to work with).</li>
-<li>Resolved issue (I hope) with differing versions of PHP and how magic_quotes &amp; stripslashes are handled.</li>
-</ul>
-
-<h3>3.1.2 thru 3.1.5</h3>
-
-<ul>
-<li>Added file size limits to the Edit/View page. (Some browsers don't like large files in an HTML textarea.)</li>
-<li>Added some data validation to $_GET parameters</li>
-<li>Some misc code cleanup &amp; organization etc.</li>
-<li>And other misc stuff...</li>
-</ul>
-
-<h3>3.1.1</h3>
-
-<ul>
-<li>Fixed minor issue with data encoding of file for editting in a &lt;textarea></li>
-</ul>
-
-<h3>3.1</h3>
-
-<ul>
-<li>(Very) moderate data validation improvements.</li>
-<li>Reorganized &amp; funcionalized() most of the code.</li>
-</ul>
-
-<h3>3.0</h3>
-
-<ul>
-<li>Implemented svg icons</li>
-</ul>
-
-<h3>2.0</h3>
-
-<ul>
-<li><p>OneFileCMS is now actually ONE FILE! No external style sheets or icons. <br />
-(Of course, external style sheets &amp; icons can be added back in, if you like.)</p></li>
-<li><p>This is OneFileCMS "Lite", and will be maintained along with v3.0</p></li>
-</ul>
-
-<h3>1.5</h3>
-
-<ul>
-<li>Style sheet is now part of onfilecms.php file, but still uses external icons.</li>
-<li>Some minor logic improvements on Edit &amp; Index pages.</li>
-</ul>
-
-<h3>1.4.0</h3>
-
-<ul>
-<li>Substantial code reorganization &amp; updates.</li>
-</ul>
-
-<h3>1.2.4 - 1.3.0</h3>
-
-<ul>
-<li>DO NOT USE THESE VERSIONS!</li>
-<li>Mostly just a bunch of code modifications.</li>
-<li>These versions have issues, primarily when on the home/root page your site. </li>
-</ul>
-
-<h3>1.2.3</h3>
-
-<ul>
-<li>Fixed check for local css. If not found, loads hosted copy. 
-(This will soon be a moot point...)</li>
-</ul>
-
-<h3>1.2.2</h3>
-
-<ul>
-<li>On "Edit" page, images are now displayed directly, instead of a disabled textarea.</li>
-<li>Logout page replaced with standard "alert" message on login screen.</li>
-</ul>
-
-<h3>1.2.1</h3>
-
-<ul>
-<li>Fixed security hole that affected versions 1.1.7 - 1.2.0.</li>
-</ul>
-
-<h3>1.2.0</h3>
-
-<ul>
-<li>List of files now sorted alphabetically, without regard to case.</li>
-<li>Further improved Edit page &amp; screen feedback of file state (changed/unchanged).</li>
-<li>Added [X] dismiss button on message box</li>
-<li>File dates shown on Index &amp; Edit pages are now in user's local time.</li>
-<li>Moved from xhtml to html syntax &amp; doctype.</li>
-</ul>
-
-<h3>1.1.9</h3>
-
-<ul>
-<li>Improved Edit page &amp; screen feedback of file state (changed/unchanged).</li>
-<li>Removed use of jquery in move towards a true "OneFileCMS".</li>
-</ul>
-
-<h3>1.1.8</h3>
-
-<ul>
-<li>Added a table list view option (default).  Either List or original "Block" view selectable with $VIEW_MODE variable. (On screen selection in the works)</li>
-<li>(And, of course, numerous other code tweaks/improvements.</li>
-</ul>
-
-<h3>1.1.7</h3>
-
-<ul>
-<li>Added [Cancel] button to most screens. Numerous minor UI &amp; code tweaks/improvements.  Changed where .css is hosted (may change back later).  Removed "Rendered in (microseconds)...".  Added license info &amp; copyright notice.</li>
-</ul>
-
-<h3>1.1.6</h3>
-
-<ul>
-<li>Breadcrumb navigation (courtesy of <a href="https://github.com/Self-Evident/">Self-Evident</a>), CSS file and some minor changes to it</li>
-<li>Installation is still as usual, but now, if you have <em>onefilecms.css</em> in the same folder as <em>onefilecms.php</em>, it'll be linked instead of the normal <a href="http://onefilecms.com/style.css">http://onefilecms.com/style.css</a>.</li>
-</ul>
-
-<h3>1.1.5</h3>
-
-<ul>
-<li>Fixed a disallowed redirect vulnerability <br />
-Many thanks to Abhi M Balakrishnan from <a href="http://www.getmantra.com/">OWASP Mantra Team</a> for his help</li>
-</ul>
-
-<h3>1.1.4</h3>
-
-<ul>
-<li>JavaScript cleanup and jQuery upgrade</li>
-<li>Visit Site = /</li>
-<li>Now on GitHub!</li>
-</ul>
-
-<h3>1.1.3 (1/10/2012)</h3>
-
-<ul>
-<li>Fixed a upload bug leftover from 1.1.2's CSRF protection</li>
-</ul>
-
-<h3>1.1.2 (9/21/11)</h3>
-
-<ul>
-<li>More CSRF protection for logged-in users</li>
-</ul>
-
-<h3>1.1.1 (1/9/10)</h3>
-
-<ul>
-<li>CSRF protection (thanks Steve and Rene)</li>
-<li>Support for storing password as an MD5 hash (thanks, durilka!)</li>
-</ul>
-
-<h3>1.1.0 (10/18/09)</h3>
-
-<ul>
-<li>config_footer variable for branding or analytics code</li>
-<li>config_disabled variable to disallow editing of files like images, zips, icons, etc</li>
-<li>config_excluded variable to exclude specific files (or filetypes) from being shown in the index</li>
-<li>Shows hidden files (files that start with a "." like ".htaccess") on index listing</li>
-<li>"noindex" meta tag so Google doesn't crawl your backend</li>
-<li>Fixed a couple minor CSS and link bugs in the example site.</li>
-<li>Updated license page to clarify commercial license usage per domain and upgrade.</li>
-</ul>
-
-<h3>1.0.1 (9/24/09)</h3>
-
-<ul>
-<li>Relative CSS links and navigation in example site to work better with the demo (No change to OneFileCMS itself)</li>
-</ul>
-
-<h3>1.0 (9/5/09)</h3>
-
-<ul>
-<li>Launch!</li>
-</ul>

From 8898e29fdf9f657c5e094874db48d50783fb7471 Mon Sep 17 00:00:00 2001
From: Self-Evident <selfevidenttruths@mail.com>
Date: Sat, 22 Mar 2014 18:25:00 -0400
Subject: [PATCH 190/228] Version 3.5.09 Updated Optional external style sheet.

---
 extras/OneFileCMS.css | 27 ++++++++++++++-------------
 1 file changed, 14 insertions(+), 13 deletions(-)

diff --git a/extras/OneFileCMS.css b/extras/OneFileCMS.css
index 52c3510..92325f4 100755
--- a/extras/OneFileCMS.css
+++ b/extras/OneFileCMS.css
@@ -1,5 +1,5 @@
 /*******************************************************************************
-Sample, OPTIONAL, external style sheet for OneFileCMS v3.5.08
+Sample, OPTIONAL, external style sheet for OneFileCMS v3.5.09
 *******************************************************************************/
 
 /* --- reset --- */
@@ -198,7 +198,7 @@ table.index_T th:hover { background-color: white;}
 
 .meta_T { padding-right: 4px; text-align: right; font-family: courier; font-size: .9em; color: #222; }
 
-#DIRECTORY_FOOTER td {text-align: center; font-size: .9em; color: #333; padding: 3px 0 0 0; }
+#DIRECTORY_FOOTER {text-align: center; font-size: .9em; color: #333; padding: 3px 0 0 0; }
 
 
 /*** front_links:  [New File] [New Folder] [Upload File] ***/
@@ -217,9 +217,9 @@ table.index_T th:hover { background-color: white;}
 
 /*These must go after .front_links and other style that affect <a> tags*/
 a { border: 1px solid transparent; text-decoration: none; }  /*color: rgb(100,45,0);*/
-a:focus  { border: 1px solid #777; background-color: rgb(255,250,150); }
-a:hover  { border: 1px solid #777; background-color: rgb(255,250,150); }
-a:active { border: 1px solid #777; background-color: rgb(245,245,50);  }
+a:focus  { border: 1px solid #333; background-color: rgb(255,250,150); }
+a:hover  { border: 1px solid #333; background-color: rgb(255,250,150); }
+a:active { border: 1px solid #333; background-color: rgb(245,245,50);  }
 
 
 /*** [Move] [Copy] [Delete] ***/
@@ -239,9 +239,9 @@ a:active { border: 1px solid #777; background-color: rgb(245,245,50);  }
 	background-color: #EEE;
 	}
 
-#mcd_submit button:focus  { background-color: rgb(255,250,150); }
-#mcd_submit button:hover  { background-color: rgb(255,250,150); }
-#mcd_submit button:active { background-color: rgb(245,245,50); }
+#mcd_submit button:focus  { border: 1px solid #333; background-color: rgb(255,250,150); }
+#mcd_submit button:hover  { border: 1px solid #333; background-color: rgb(255,250,150); }
+#mcd_submit button:active { border: 1px solid #333; background-color: rgb(245,245, 50); }
 
 .buttons_right         { float: right; }
 .buttons_right .button { margin-left: .5em; }
@@ -266,14 +266,15 @@ a:active { border: 1px solid #777; background-color: rgb(245,245,50);  }
 
 .nav   { float: right; display: inline-block; margin-top: 1.35em; font-size : 1em; }
 .nav a { border: 1px solid transparent; font-weight: bold; padding: .2em .6em .1em .6em; }
-.nav a:hover  { border: 1px solid #777; }
-.nav a:focus  { border: 1px solid #777; }
-.nav a:active { border: 1px solid #777; }
+.nav a:hover  { border: 1px solid #333; }
+.nav a:focus  { border: 1px solid #333; }
+.nav a:active { border: 1px solid #333; }
 
 
 /* --- edit --- */
 
 #edit_header  {margin: .5em 0 0 0;}
+#edit_header a:hover  { border: 1px solid #000; }
 
 #edit_form    {margin: 0;}
 
@@ -428,7 +429,7 @@ input[type="text"]#new_name {width  : 50%; margin-bottom: .2em;}
 	font-weight: normal;
 	padding: 0 .5em 0 0;
 	margin: .5em 0 0 0;
-}
+	}
 
 #path_header a {
 	outline: none;
@@ -437,7 +438,7 @@ input[type="text"]#new_name {width  : 50%; margin-bottom: .2em;}
 	border-right: solid 1px transparent;
 	display: inline-block;
 	padding: 1px 5px 0 5px;
-}
+	}
 
 #path_header a:hover  { border-left : solid 1px #777; border-right: solid 1px #777; background-color: rgb(255,250,150); }
 #path_header a:focus  { border-left : solid 1px #777; border-right: solid 1px #777; background-color: rgb(255,250,150); }

From 2e1067094e0386865ab76531c727c105e4e5ad3b Mon Sep 17 00:00:00 2001
From: Self-Evident <selfevidenttruths@mail.com>
Date: Sun, 23 Mar 2014 12:00:00 -0400
Subject: [PATCH 191/228] Version 3.5.10 Just a quick minor fix: Forgot to
 rawurlencode the $filename in the onclick_params in the edit page scripts.
 Some minor readme updates.

---
 info/changelog.markdown | 5 +++++
 onefilecms.php          | 6 +++---
 readme.markdown         | 4 +++-
 3 files changed, 11 insertions(+), 4 deletions(-)

diff --git a/info/changelog.markdown b/info/changelog.markdown
index cb66ee0..1aa94e9 100755
--- a/info/changelog.markdown
+++ b/info/changelog.markdown
@@ -1,5 +1,10 @@
 # OneFileCMS Change Log
 
+### v3.5.10 (2014-03-23)
+
+- Just a quick fix to a minor issue: needed to urlencode an onclick parameter.
+- Also a few minor updates to the readme.
+
 ### v3.5.09 (2014-03-22)
 
 - Restored IE 8+ support.
diff --git a/onefilecms.php b/onefilecms.php
index 75b7cf8..4b93e7c 100755
--- a/onefilecms.php
+++ b/onefilecms.php
@@ -2,7 +2,7 @@
 
 // OneFileCMS - github.com/Self-Evident/OneFileCMS
 
-$OFCMS_version = '3.5.09';
+$OFCMS_version = '3.5.10';
 
 /*******************************************************************************
 Except where noted otherwise:
@@ -66,7 +66,7 @@
 ob_start(); //Catch any early output. Closed prior to page output.
 ini_set('session.use_trans_sid', 0);    //make sure URL supplied SESSID's are not used
 ini_set('session.use_only_cookies', 1); //make sure URL supplied SESSID's are not used
-error_reporting(E_ALL & ~E_STRICT);  //(E_ALL &~ E_STRICT) for everything, 0 for none.
+error_reporting(E_ALL & ~E_STRICT);     //(E_ALL &~ E_STRICT) for everything, 0 for none.
 ini_set('display_errors', 'on');
 ini_set('log_errors'    , 'off');
 ini_set('error_log'     , $_SERVER['SCRIPT_FILENAME'].'.ERROR.log');
@@ -3277,7 +3277,7 @@ function Edit_Page_scripts() { //***********************************************
 ?>
 <!--======== Provide feedback re: unsaved changes ========-->
 <script>
-var onclick_params = '<?php echo $ONESCRIPT.$param1.'&f='.basename($filename).'&p=' ?>';
+var onclick_params = '<?php echo $ONESCRIPT.$param1.'&f='.rawurlencode(basename($filename)).'&p=' ?>';
 
 var Main_div		   = document.getElementById('main');
 var File_textarea      = document.getElementById('file_editor');
diff --git a/readme.markdown b/readme.markdown
index cc47b20..4b33559 100755
--- a/readme.markdown
+++ b/readme.markdown
@@ -91,6 +91,8 @@ OneFileCMS can be configured to work with [TinyMCE](http://tinymce.moxiecode.com
 
 - If you need to upload a lots of files, an FTP program may be a bit more flexible & practicle.
 
+- Directories with many (hundreds) of files, may take a few seconds to display or resort (by size, date, etc).  On my system, a 2.5ghz desktop running XP, it takes 2 to 4 seconds to display or resort a directory with 200 files.
+
 
 --------------------------------------------------------------------------------
 
@@ -118,7 +120,7 @@ OneFileCMS can be configured to work with [TinyMCE](http://tinymce.moxiecode.com
 ##Needed/potential improvements
 
 - With Chrome, and possibly Safari, issue with Edit page: Clicking browser [back] & then browser [forward],  with file changed and not saved. On return (after [forward] clicked), file still has changes, but indicators are green (saved/unchanged). Does not affect FF 7+ or IE 8+.
-- The connection is not encrypted (doesn't use SSL), so passwords & usernames are sent in clear text* during login.  However, this is true of most online login systems, unless SSL or the like is employed.  
+- If your website's connection is not encrypted (doesn't use SSL/TLS), passwords & usernames will be sent in clear text* during login.  However, this is true of any online login system that's over an unencrypted connection.
   *As of version 3.4.15, a client-side hash of the user's "plain-text" password is sent to the server.  So, while this client-side hash is still a "plain-text" password as far as the server is concerned, the user's actual raw password is protected from immediate exposure.
 - Be aware that only some very basic data & error checking is performed.  (But, it's getting better...)  
 - Anything else?

From 445e0c617971c53f45a555a96fa22eda94360906 Mon Sep 17 00:00:00 2001
From: Self-Evident <selfevidenttruths@mail.com>
Date: Mon, 24 Mar 2014 13:00:00 -0400
Subject: [PATCH 192/228] Version 3.5.11 Removed '!' from the  $_['save_2']
 value in language files. X_box is now <button> instead of <a>
 Display_Messages(): sets new focus when X_box is clicked. When dir list is
 re-sorted by name, size, etc, focus returns to that option. Sort_and_Show():
 Added "Working..." message while sorting & dispaying directory. Gave
 #message_box a min height on all pages for visual consistancy and so pages  
 don't jump as much when #message_box is closed. Some minor readme updates.

---
 extras/OneFileCMS.css            |  18 +++---
 info/changelog.markdown          |   6 ++
 languages/OneFileCMS.LANG.DE.php |   4 +-
 languages/OneFileCMS.LANG.EN.php |   2 +-
 languages/OneFileCMS.LANG.ES.php |   4 +-
 languages/OneFileCMS.LANG.NL.php |   4 +-
 languages/OneFileCMS.LANG.RU.php |   4 +-
 onefilecms.php                   | 100 ++++++++++++++++++-------------
 readme.markdown                  |   4 +-
 9 files changed, 86 insertions(+), 60 deletions(-)

diff --git a/extras/OneFileCMS.css b/extras/OneFileCMS.css
index 92325f4..141d0b5 100755
--- a/extras/OneFileCMS.css
+++ b/extras/OneFileCMS.css
@@ -1,5 +1,5 @@
 /*******************************************************************************
-Sample, OPTIONAL, external style sheet for OneFileCMS v3.5.09
+Sample, OPTIONAL, external style sheet for OneFileCMS v3.5.11
 *******************************************************************************/
 
 /* --- reset --- */
@@ -49,7 +49,7 @@ button:active { background-color: rgb(245,245,50);  border-color: #333;}
 
 /* --- layout --- */
 
-.container {
+#main {
 	border : 0px solid #777;
 	width  : 810px;     /*Adjusted by $MAIN_WIDTH config variable*/
 	margin : 0 auto 2em auto;
@@ -81,7 +81,7 @@ button:active { background-color: rgb(245,245,50);  border-color: #333;}
 	}
 
 
-#message_box { border: none; margin: .5em 0 0 0; padding: 0; }
+#message_box { border: none; margin: .5em 0 0 0; padding: 0; min-height: 1.88em;}
 
 .message_box_contents { border: 1px solid gray; padding: 3px 2px 2px 4px; background: #FFF000; }
 
@@ -179,9 +179,9 @@ table.index_T th:hover { background-color: white;}
 .index_T th a { padding: 1px 0 1px 0; border-width: 0px;}
 
 .index_T th.file_name   { text-align: left; }
-.index_T th.file_name a { display: inline-block; padding: 2px 3em 2px 2em; border-top-width: 0px; border-bottom-width: 0px;}
+.index_T th.file_name a { display: inline-block; padding: 2px 2.5em 2px 1.5em; border-top-width: 0px; border-bottom-width: 0px;}
 
-#header_filename       {border-width: 0 1px 0 1px;}
+#header_filename       {border-width: 0 1px 0 1px; min-width: 2.5em;}
 #header_filename:hover {border-color: silver;}
 #header_filename:focus {border-color: silver;}
 
@@ -192,7 +192,7 @@ table.index_T th:hover { background-color: white;}
 #sort_type:hover {border-color: silver;}
 #sort_type:focus {border-color: silver;}
 
-.file_name { min-width: 10em; max-width: 26em; }
+.file_name { max-width: 26em; }
 .file_size { min-width:  6em; padding-left: 10px; }
 .file_time { min-width: 10em; padding-left: 10px; }
 
@@ -313,16 +313,16 @@ a:active { border: 1px solid #333; background-color: rgb(245,245,50);  }
 
 /* --- log in --- */
 
-.login_page {
+#login_page {
 	border  : 1px solid #777;
 	width   : 370px;
 	margin  : 5em auto;
 	padding : .5em 1.2em .1em 1em;
 	}
 
-.login_page .nav { margin-top: .5em; }
+#login_page .nav { margin-top: .5em; }
 
-.login_page input {margin: 0 0 .7em 0;}
+#login_page input {margin: 0 0 .7em 0;}
 
 
 hr { /*-- -- -- -- -- -- --*/
diff --git a/info/changelog.markdown b/info/changelog.markdown
index 1aa94e9..46b6591 100755
--- a/info/changelog.markdown
+++ b/info/changelog.markdown
@@ -1,5 +1,11 @@
 # OneFileCMS Change Log
 
+### v3.5.11 (2014-03-24)
+
+- Improved some $message handling & focus() responses.
+- Some minor readme updates.
+- some css...
+
 ### v3.5.10 (2014-03-23)
 
 - Just a quick fix to a minor issue: needed to urlencode an onclick parameter.
diff --git a/languages/OneFileCMS.LANG.DE.php b/languages/OneFileCMS.LANG.DE.php
index 18d8f56..f1410e2 100755
--- a/languages/OneFileCMS.LANG.DE.php
+++ b/languages/OneFileCMS.LANG.DE.php
@@ -1,5 +1,5 @@
 <?php
-// OneFileCMS Language Settings v3.5.07
+// OneFileCMS Language Settings v3.5.11
 
 $_['LANGUAGE'] = 'Deutsch';
 $_['LANG'] = 'DE';
@@ -61,7 +61,7 @@
 $_['Rename']   = 'Umbenennen';
 $_['reset']    = 'Zurücksetzen';
 $_['save_1']   = 'Speichern';
-$_['save_2']   = 'ÄNDERUNGEN SPEICHERN!';
+$_['save_2']   = 'ÄNDERUNGEN SPEICHERN';
 $_['Size']     = 'Size';    //## NT ##
 $_['Source']   = 'Source';  //## NT ##
 $_['successful'] = 'Erfolgreich';
diff --git a/languages/OneFileCMS.LANG.EN.php b/languages/OneFileCMS.LANG.EN.php
index 385625b..ed296e9 100755
--- a/languages/OneFileCMS.LANG.EN.php
+++ b/languages/OneFileCMS.LANG.EN.php
@@ -1,5 +1,5 @@
 <?php
-// OneFileCMS Language Settings v3.5.07
+// OneFileCMS Language Settings v3.5.11
 
 $_['LANGUAGE'] = 'English';
 $_['LANG'] = 'EN';
diff --git a/languages/OneFileCMS.LANG.ES.php b/languages/OneFileCMS.LANG.ES.php
index bd72b5d..98bc6eb 100755
--- a/languages/OneFileCMS.LANG.ES.php
+++ b/languages/OneFileCMS.LANG.ES.php
@@ -1,5 +1,5 @@
 <?php
-// OneFileCMS Language Settings v3.5.07
+// OneFileCMS Language Settings v3.5.11
 
 $_['LANGUAGE'] = 'Espanõla';
 $_['LANG'] = 'ES';
@@ -61,7 +61,7 @@
 $_['Rename']   = 'Renombrar';
 $_['reset']    = 'Reiniciar';
 $_['save_1']   = 'Guardar';
-$_['save_2']   = '¡GUARDAR CAMBIOS!';
+$_['save_2']   = '¡GUARDAR CAMBIOS';
 $_['Size']     = 'Size';    //## NT ##
 $_['Source']   = 'Source';  //## NT ##
 $_['successful'] = 'satisfactoriamente';
diff --git a/languages/OneFileCMS.LANG.NL.php b/languages/OneFileCMS.LANG.NL.php
index ee8b43e..8bb79e8 100755
--- a/languages/OneFileCMS.LANG.NL.php
+++ b/languages/OneFileCMS.LANG.NL.php
@@ -1,5 +1,5 @@
 <?php
-// OneFileCMS Language Settings v3.5.07
+// OneFileCMS Language Settings v3.5.11
 
 $_['LANGUAGE'] = 'Nederlands (Dutch)';
 $_['LANG'] = 'NL';
@@ -61,7 +61,7 @@
 $_['Rename']   = 'Hernoemen';
 $_['reset']    = 'Reset';   //## NT ##
 $_['save_1']   = 'Opslaan';
-$_['save_2']   = 'WIJZIGINGEN OPSLAAN!';
+$_['save_2']   = 'WIJZIGINGEN OPSLAAN';
 $_['Size']     = 'Size';    //## NT ##
 $_['Source']   = 'Source';  //## NT ##
 $_['successful'] = 'succesvol';
diff --git a/languages/OneFileCMS.LANG.RU.php b/languages/OneFileCMS.LANG.RU.php
index 26193e5..61b9a5e 100755
--- a/languages/OneFileCMS.LANG.RU.php
+++ b/languages/OneFileCMS.LANG.RU.php
@@ -1,5 +1,5 @@
 <?php
-// OneFileCMS Language Settings v3.5.07
+// OneFileCMS Language Settings v3.5.11
 
 $_['LANGUAGE'] = 'Russian';
 $_['LANG'] = 'RU';
@@ -61,7 +61,7 @@
 $_['Rename']   = 'Rename';  //## NT ##
 $_['reset']    = 'Сбросить';
 $_['save_1']   = 'Сохранить';
-$_['save_2']   = 'СОХРАНИТЬ ИЗМЕНЕНИЯ!';
+$_['save_2']   = 'СОХРАНИТЬ ИЗМЕНЕНИЯ';
 $_['Size']     = 'Size';    //## NT ##
 $_['Source']   = 'Source';  //## NT ##
 $_['successful'] = 'успешно';
diff --git a/onefilecms.php b/onefilecms.php
index 4b93e7c..a9dc1c0 100755
--- a/onefilecms.php
+++ b/onefilecms.php
@@ -2,7 +2,7 @@
 
 // OneFileCMS - github.com/Self-Evident/OneFileCMS
 
-$OFCMS_version = '3.5.10';
+$OFCMS_version = '3.5.11';
 
 /*******************************************************************************
 Except where noted otherwise:
@@ -349,7 +349,7 @@ function Default_Language() { // ***********************************************
 $_['Rename']   = 'Rename';
 $_['reset']    = 'Reset';
 $_['save_1']   = 'Save';
-$_['save_2']   = 'SAVE CHANGES'; //#### removed '!' in 3.5.07
+$_['save_2']   = 'SAVE CHANGES';
 $_['Size']     = 'Size';
 $_['Source']   = 'Source'; 
 $_['successful'] = 'successful';
@@ -2162,9 +2162,6 @@ function Edit_Page() { //*******************************************************
 	elseif ($text_editable && !$too_large_to_edit && !$IS_OFCMS) { $header2 = hsc($_['edit_h2_2']); }
 	else									  					 { $header2 = hsc($_['edit_h2_1']); }
 
-	//Preserves vertical spacing when message is closed, so edit area doesn't jump as much.
-	echo '<style>#message_box { min-height: 1.88em; }</style>';
-
 	echo '<h2 id="edit_header">'.$header2.' ';
 	echo '<a class="h2_filename" href="/'.URLencode_path($filename).'" target="_blank" title="'.hsc($_['Open_View']).'">';
 	echo hsc(basename($filename)).'</a>';
@@ -2938,14 +2935,23 @@ function FileTimeStamp(php_filemtime, show_date, show_offset, write_return){
 
 
 
-function Display_Messages($message) { //******************************
-	var $page = '<?php echo $page ?>';
-	var $onclick = 'document.getElementById("message_box").innerHTML = " ";return false;';
-	var $X_box   =  '<a id="X_box" href="" onclick=\'' + $onclick + '\'>x</a>';
-	var $MESSAGE = '<div class=message_box_contents>' + $message + '</div>';
-	document.getElementById("message_box").innerHTML = $X_box + $MESSAGE;
+function Display_Messages($msg, new_focus) { //*******************
+
+	var $X_box		 = '<button type=button id="X_box">x</button>';
+	var $MESSAGE	 = '<div class=message_box_contents>' + $msg + '</div>';
+	var $message_box = document.getElementById("message_box");
+	var $new_focus	 = document.getElementById(new_focus)
+	
+	if ($msg == '') {$message_box.innerHTML = ' ';} //innerHTML must have a space or $message won't clear.
+	else				{
+		$message_box.innerHTML = $X_box + $MESSAGE;
+		document.getElementById("X_box").focus();
+	}
+
+	var $X_box_btn	 = document.getElementById('X_box');
+
+	if ($new_focus) { $X_box_btn.onclick = function () { $message_box.innerHTML = " "; $new_focus.focus();} }
 
-	if ($page == 'index') { document.getElementById("X_box").focus(); }
 }//end Display_Messages() //******************************************
 
 </script>
@@ -2966,11 +2972,11 @@ function Index_Page_onclicks() { //*********************************************
 var Header_Filedate		= document.getElementById('header_filedate');
 
 Select_All_ckbox.onclick	 = function () {Select_All();}
-Folders_First_Ckbox.onclick  = function () {Sort_and_Show(SORT_by, SORT_order);}
-Header_Filename.onclick  = function () {Sort_and_Show(1, FLIP_IF); return false;}
-Header_Filesize.onclick  = function () {Sort_and_Show(2, FLIP_IF); return false;}
-Header_Filedate.onclick  = function () {Sort_and_Show(3, FLIP_IF); return false;}
-Sort_Type.onclick		 = function () {Sort_and_Show(5, FLIP_IF); return false;}
+Folders_First_Ckbox.onclick  = function () {Sort_and_Show(SORT_by, SORT_order); this.focus()}
+Header_Filename.onclick  = function () {Sort_and_Show(1, FLIP_IF); this.focus(); return false;}
+Header_Filesize.onclick  = function () {Sort_and_Show(2, FLIP_IF); this.focus(); return false;}
+Header_Filedate.onclick  = function () {Sort_and_Show(3, FLIP_IF); this.focus(); return false;}
+Sort_Type.onclick		 = function () {Sort_and_Show(5, FLIP_IF); this.focus(); return false;}
 </script>
 <?php
 }//end Index_Page_onclicks() //*************************************************
@@ -2979,7 +2985,7 @@ function Index_Page_onclicks() { //*********************************************
 
 
 function Index_Page_scripts() { //**********************************************
-	global $_, $ONESCRIPT, $param1, $ipath;
+	global $_, $ONESCRIPT, $param1, $ipath, $message;
 ?>
 <script>
 //  DIRECTORY_DATA[x] = ("type", "file name", filesize, timestamp, is_ofcms, "ext")	
@@ -3195,11 +3201,15 @@ function Directory_Summary() { //*************************************
 
 function Sort_and_Show(col, direction) { //***************************
 
-	sort_DIRECTORY(col, direction); //Sort DIRECTORY_DATA
+	//(Any pre-existing $message will be displayed after directory is displayed.)
+	Display_Messages('<b><?php echo $_['Working'] ?></b>');
 
-	Build_Directory();
-
-	document.getElementById('DIRECTORY_FOOTER').innerHTML = Directory_Summary();
+	setTimeout( function () { //setTimeout() needed so 'Working' message will actually get displayed *before* the sort.
+		sort_DIRECTORY(col, direction); //Sort DIRECTORY_DATA
+		Build_Directory();
+		document.getElementById('DIRECTORY_FOOTER').innerHTML = Directory_Summary();
+		Display_Messages('');
+	}, 20); //20 seems sufficient for the 'Working' message to reliably display in Firefox. (For the most part.)
 
 }//end Sort_and_Show() { //*******************************************
 
@@ -3275,7 +3285,6 @@ function Edit_Page_scripts() { //***********************************************
 	$close_params = $ONESCRIPT.$param1;
 	if ( $_SESSION['admin_page'] ) { $close_params .= '&p=admin'; } //If came from admin page, return there.
 ?>
-<!--======== Provide feedback re: unsaved changes ========-->
 <script>
 var onclick_params = '<?php echo $ONESCRIPT.$param1.'&f='.rawurlencode(basename($filename)).'&p=' ?>';
 
@@ -3600,7 +3609,7 @@ function style_sheet(){ //******************************************************
 
 /* --- layout --- */
 
-.container {
+#main {
 	border : 0px solid #777;
 	width  : 810px;     /*Adjusted by $MAIN_WIDTH config variable*/
 	margin : 0 auto 2em auto;
@@ -3632,7 +3641,7 @@ function style_sheet(){ //******************************************************
 	}
 
 
-#message_box { border: none; margin: .5em 0 0 0; padding: 0; }
+#message_box { border: none; margin: .5em 0 0 0; padding: 0; min-height: 1.88em;}
 
 .message_box_contents { border: 1px solid gray; padding: 3px 2px 2px 4px; background: #FFF000; }
 
@@ -3730,9 +3739,9 @@ function style_sheet(){ //******************************************************
 .index_T th a { padding: 1px 0 1px 0; border-width: 0px;}
 
 .index_T th.file_name   { text-align: left; }
-.index_T th.file_name a { display: inline-block; padding: 2px 3em 2px 2em; border-top-width: 0px; border-bottom-width: 0px;}
+.index_T th.file_name a { display: inline-block; padding: 2px 2.5em 2px 1.5em; border-top-width: 0px; border-bottom-width: 0px;}
 
-#header_filename       {border-width: 0 1px 0 1px;}
+#header_filename       {border-width: 0 1px 0 1px; min-width: 2.5em;}
 #header_filename:hover {border-color: silver;}
 #header_filename:focus {border-color: silver;}
 
@@ -3743,7 +3752,7 @@ function style_sheet(){ //******************************************************
 #sort_type:hover {border-color: silver;}
 #sort_type:focus {border-color: silver;}
 
-.file_name { min-width: 10em; max-width: 26em; }
+.file_name { max-width: 26em; }
 .file_size { min-width:  6em; padding-left: 10px; }
 .file_time { min-width: 10em; padding-left: 10px; }
 
@@ -3864,16 +3873,16 @@ function style_sheet(){ //******************************************************
 
 /* --- log in --- */
 
-.login_page {
+#login_page {
 	border  : 1px solid #777;
 	width   : 370px;
 	margin  : 5em auto;
 	padding : .5em 1.2em .1em 1em;
 	}
 
-.login_page .nav { margin-top: .5em; }
+#login_page .nav { margin-top: .5em; }
 
-.login_page input {margin: 0 0 .7em 0;}
+#login_page input {margin: 0 0 .7em 0;}
 
 
 hr { /*-- -- -- -- -- -- --*/
@@ -4003,10 +4012,10 @@ function style_sheet(){ //******************************************************
 
 
 function Language_and_config_adjusted_styles() { //*****************************
-	global $_, $MAIN_WIDTH;
+	global $_, $MAIN_WIDTH, $message, $page;
 ?>
 <style>
-.container { width: <?php echo $MAIN_WIDTH ?>; } /*Default 810px*/
+#main { width: <?php echo $MAIN_WIDTH ?>; } /*Default 810px*/
 
 .button {
 	padding  : <?php echo $_['button_padding']   ?>; /*Default 4px 7px 4px 7px */
@@ -4027,7 +4036,7 @@ function Language_and_config_adjusted_styles() { //*****************************
 	}
 	
 #select_all_label { font-size: <?php echo $_['select_all_label_size']?>; } /*Default .84em */
-#select_all_label { width: <?php echo $_['select_all_label_width']?>; }    /*Default 72px  As of 3.4.23 Not currently used.*/
+#select_all_label { width: <?php echo $_['select_all_label_width']?>; }    /*Default 72px  Not used as of 3.4.23 */
 </style>
 <?php
 }//end Language_and_config_adjusted_styles() //*********************************
@@ -4129,8 +4138,8 @@ function Load_style_sheet(){ //*************************************************
 
 Error_reporting_status_and_early_output(0,0); //0,0 will only show early output.
 
-if ($_SESSION['valid']) { echo '<div id="main" class="container" >'; }
-else                    { echo '<div id="main" class="login_page">'; }
+if ($_SESSION['valid']) { echo '<div id="main" >'; }
+else                    { echo '<div id="login_page">'; }
 
 Page_Header();
 
@@ -4153,11 +4162,22 @@ function Load_style_sheet(){ //*************************************************
 	}
 }//end footer
 
-echo '</div>'; //end container/login_page
-echo '</body></html>';
+echo '</div>'; //end main/login_page
+echo "</body></html>\n";
 
 if ( ($page == "edit") && $WYSIWYG_VALID && $EDIT_WYSIWYG ) { include($WYSIWYG_PLUGIN_OS); }
 
-//Display any $message's
-if ($message != '') {echo '<script>Display_Messages(\''.addslashes($message).'\');</script>';}
+//Lastly, display any $message's
+?>
+<script>
+	var $page	  = '<?php echo $page ?>';
+	var $message  = '<?php echo addslashes($message) ?>';
+	var new_focus = '';
+	if      ($page == 'index') { new_focus = 'header_filename'; document.getElementById('header_filename').focus(); }
+	else if ($page == 'edit')  { new_focus = 'close1'; }
+
+	//The setTimeout() time should be greater than what is set for the Sort_and_Show() "working..." message.
+	setTimeout('Display_Messages($message, new_focus)',25);
+</script>
+<?php
 //##### END OF FILE ############################################################
\ No newline at end of file
diff --git a/readme.markdown b/readme.markdown
index 4b33559..675fd78 100755
--- a/readme.markdown
+++ b/readme.markdown
@@ -83,7 +83,7 @@ OneFileCMS can be configured to work with [TinyMCE](http://tinymce.moxiecode.com
 
 
 
-### What it is not?
+### Limitations
 
 - OneFileCMS would not be the best option for a site that requires different levels of privileges, unless all of the users are trusted to stay within their designated areas of responsibility. Since OneFileCMS allows file uploads and editing files directly on the web server, there is simply no way to secure against any particular action.  
 
@@ -91,7 +91,7 @@ OneFileCMS can be configured to work with [TinyMCE](http://tinymce.moxiecode.com
 
 - If you need to upload a lots of files, an FTP program may be a bit more flexible & practicle.
 
-- Directories with many (hundreds) of files, may take a few seconds to display or resort (by size, date, etc).  On my system, a 2.5ghz desktop running XP, it takes 2 to 4 seconds to display or resort a directory with 200 files.
+- Directories with many (hundreds) of files, may take a few seconds to display.  For instance, on my system- a 2.5gz desktop running XP, it takes 2 to 4 seconds to display a directory with 200 files.
 
 
 --------------------------------------------------------------------------------

From e05ee57bb3f4e483f5569828c0cf6eb38e9ce4f3 Mon Sep 17 00:00:00 2001
From: Self-Evident <selfevidenttruths@mail.com>
Date: Tue, 25 Mar 2014 18:17:16 -0400
Subject: [PATCH 193/228] Version 3.5.12 Fixed a minor bug with Login screen &
 countdown timer... Adjusted how countdown timers are placed and called.
 Functions affected:   Timeout_Timer(), Login_response(), Countdown(),
 Start_Countdown(), and some   misc code at end of file. Added $LOGIN_DELAYED
 global due to above. Countdown(): Added countdown to the 2-minute "Warning!"
 message box. Improved Display_Messages() Added a few php global variables for
 values that were otherwise hardcoded in js.   These variables are declared in
 System_Setup():   $DELAY_Expired_Reload, $DELAY_Sort_and_Show_msgs,
 $DELAY_Timeout_Timer, $DELAY_final_messages Some minor readme updates.

---
 info/changelog.markdown |   6 ++
 onefilecms.php          | 144 +++++++++++++++++++++++++---------------
 readme.markdown         |  19 ++++--
 3 files changed, 110 insertions(+), 59 deletions(-)

diff --git a/info/changelog.markdown b/info/changelog.markdown
index 46b6591..f91deb2 100755
--- a/info/changelog.markdown
+++ b/info/changelog.markdown
@@ -1,5 +1,11 @@
 # OneFileCMS Change Log
 
+### v3.5.12 (2014-03-25)
+
+- Fixed a minor glitch in the countdown used in login delays.
+- Associated/misc code tweaks & imrovements.
+- Added the countdown timer to the two-minute time-out "Warning..." message.
+
 ### v3.5.11 (2014-03-24)
 
 - Improved some $message handling & focus() responses.
diff --git a/onefilecms.php b/onefilecms.php
index a9dc1c0..0c18c6b 100755
--- a/onefilecms.php
+++ b/onefilecms.php
@@ -2,7 +2,7 @@
 
 // OneFileCMS - github.com/Self-Evident/OneFileCMS
 
-$OFCMS_version = '3.5.11';
+$OFCMS_version = '3.5.12';
 
 /*******************************************************************************
 Except where noted otherwise:
@@ -77,7 +77,7 @@
 
 
 
-// CONFIGURABLE INFO ***********************************************************
+// USER CONFIGURABLE INFO ******************************************************
 $config_title = "OneFileCMS";
 
 $USERNAME = "username";
@@ -158,7 +158,7 @@
 
 function System_Setup() { //****************************************************
 
-global $config_title, $_, $MAX_IDLE_TIME, $LOGIN_ATTEMPTS, 
+global $config_title, $_, $MAX_IDLE_TIME, $LOGIN_ATTEMPTS, $LOGIN_DELAYED, 
 	$MAIN_WIDTH, $WIDE_VIEW_WIDTH, $MAX_EDIT_SIZE, $MAX_VIEW_SIZE, $config_excluded, 
 	$config_etypes, $config_stypes,$config_itypes, $config_ftypes, $config_fclass, 
 	$SHOWALLFILES, $etypes, $itypes, $ftypes, $fclasses, $excluded_list, 
@@ -166,7 +166,8 @@ function System_Setup() { //****************************************************
 	$INVALID_CHARS, $WHSPC_SLASH, $VALID_PAGES, $LOGIN_LOG_url, $LOGIN_LOG_file,
 	$ONESCRIPT,  $ONESCRIPT_file, $ONESCRIPT_backup, $ONESCRIPT_file_backup, 
 	$CONFIG_backup, $CONFIG_FILE, $CONFIG_FILE_backup, $VALID_CONFIG_FILE, 
-	$DOC_ROOT, $WEB_ROOT, $WEBSITE, $PRE_ITERATIONS, $EX, $message, $ENC_OS;
+	$DOC_ROOT, $WEB_ROOT, $WEBSITE, $PRE_ITERATIONS, $EX, $message, $ENC_OS,
+	$DELAY_Expired_Reload, $DELAY_Sort_and_Show_msgs, $DELAY_Start_Countdown, $DELAY_final_messages, $MIN_DIR_ITEMS;
 
 //Requires PHP 5.1 or newer, due to changes in explode() (and maybe others).
 define('PHP_VERSION_ID_REQUIRED',50100);   //Ex: 5.1.23 is 50123
@@ -184,7 +185,7 @@ function System_Setup() { //****************************************************
 
 mb_detect_order("UTF-8, ASCII, Windows-1252, ISO-8859-1"); 
 
-//Get server's File System encoding.  Windows NTFS uses ISO-8859-1 or Windows-1252.
+//Get server's File System encoding.  Windows NTFS uses ISO-8859-1 / Windows-1252.
 //Needed when working with non-ascii filenames.
 if (php_uname("s") == 'Windows NT') {$ENC_OS = 'Windows-1252';}
 else								{$ENC_OS = 'UTF-8';}
@@ -277,6 +278,17 @@ function System_Setup() { //****************************************************
 $fclasses = explode(',', mb_strtolower(str_replace(' ', '', $config_fclass))); //for file types with icons
 $excluded_list = explode(',', str_replace(' ', '', $config_excluded));
 
+
+//A few variables for values that were otherwise hardcoded in js. 
+//$DELAY_... values are in milliseconds.
+//The values were determined thru quick experimentation, and may be tweaked if desired, except as noted.
+$DELAY_Sort_and_Show_msgs = 20; //Needed so "Working..." message shows during directory sorts. Mostly needed for Firefox.
+$DELAY_Start_Countdown	  = 25; //Needs to be > than $Sort_and_Show_msgs. In Timeout_Timer().
+$DELAY_final_messages	  = 25; //Needs to be > than $Sort_and_Show_msgs. Delays final Display_Messages().
+$DELAY_Expired_Reload  = 10000; //Delay from Session Expired to page reload of login screen. Ten seconds, but can be less.
+$MIN_DIR_ITEMS			  = 25; //Minimum number of directory items before "Working..." message is needed/displayed.
+
+
 //Used in hashit() and js_hash_scripts().  IE<9 is WAY slow, so keep it low.
 //For 200 iterations: (time on IE8) > (37 x time on FF). And the difference grows with the iterations.
 //If you change this, or any other aspect of either hashit() or js_hash_scripts(), do so while logged in.
@@ -777,7 +789,7 @@ function Valid_Path($path, $gotoroot=true) { //*********************************
 
 	$good_path = false;
 
-	if ($_SESSION['admin_page']) {
+	if (isset($_SESSION['admin_page']) && $_SESSION['admin_page']) {
 		//Permit Admin actions: changing p/w, u/n, viewing OneFile...
 		$ACCESS_ROOT == '';
 		return true;
@@ -1245,9 +1257,10 @@ function show_image(){ //*******************************************************
 
 
 
-function Timeout_Timer($COUNT, $ID, $CLASS="", $ACTION="") { //*****************
+function Timeout_Timer($COUNT, $ID, $ACTION="") { //****************************
+	global $DELAY_Start_Countdown;
 
-	return 	'<script>Start_Countdown('.$COUNT.', "'.$ID.'", "'.$CLASS.'", "'.$ACTION.'");</script>';
+	return '<script>setTimeout(\'Start_Countdown('.$COUNT.',"'.$ID.'","'.$ACTION.'")\','.$DELAY_Start_Countdown.');</script>';
 
 }//end Timeout_Timer() //*******************************************************
 
@@ -1706,7 +1719,7 @@ function Login_Page() { //******************************************************
 
 function Login_response() { //**************************************************
 	global $_, $EX, $ONESCRIPT_file, $message, $page, $USERNAME, $HASHWORD,
-				$LOGIN_ATTEMPTS, $MAX_ATTEMPTS, $LOGIN_DELAY, $LOG_LOGINS, $LOGIN_LOG_file;
+				$LOGIN_ATTEMPTS, $MAX_ATTEMPTS, $LOGIN_DELAY, $LOGIN_DELAYED, $LOG_LOGINS, $LOGIN_LOG_file;
 
 	$_SESSION = array();    //make sure it's empty
 	$_SESSION['valid'] = 0; //Default to failed login.
@@ -1714,6 +1727,8 @@ function Login_response() { //**************************************************
 	$elapsed  = 0;
 	$LOGIN_ATTEMPTS = Convert_encoding($LOGIN_ATTEMPTS); //$LOGIN_ATTEMPTS only used for filesystem access.
 
+	$LOGIN_DELAYED = 0; //used to start Countdown at end of file
+
 	//Check for prior login attempts (but don't increment count just yet)
 	if (is_file($LOGIN_ATTEMPTS)) {
 		$attempts = (int)file_get_contents($LOGIN_ATTEMPTS);
@@ -1722,9 +1737,8 @@ function Login_response() { //**************************************************
 	if ($attempts > 0) { $message .= '<b>'.hsc($_['login_msg_01a']).' '.$attempts.' '.hsc($_['login_msg_01b']).'</b><br>'; }
 
 	if ( ($attempts >= $MAX_ATTEMPTS) && ($elapsed < $LOGIN_DELAY) ){
-		$message .= hsc($_['login_msg_02a']).' ';
-		$message .= Timeout_Timer(($LOGIN_DELAY - $elapsed), 'timer0');
-		$message .= ' '.hsc($_['login_msg_02b']);
+		$LOGIN_DELAYED = ($LOGIN_DELAY - $elapsed);
+		$message .= hsc($_['login_msg_02a']).' <span id=timer0></span> '.hsc($_['login_msg_02b']);
 		return;
 	}
 
@@ -1747,9 +1761,8 @@ function Login_response() { //**************************************************
 		file_put_contents($LOGIN_ATTEMPTS, ++$attempts); //increment attempts
 		$message  = $EX.'<b>'.hsc($_['login_msg_03']).$attempts.'</b><br>';
 		if ($attempts >= $MAX_ATTEMPTS) {
-			$message .= hsc($_['login_msg_02a']).' ';
-			$message .= Timeout_Timer($LOGIN_DELAY, 'timer0', '', '');
-			$message .= ' '.hsc($_['login_msg_02b']);
+			$LOGIN_DELAYED = $LOGIN_DELAY;
+			$message .= hsc($_['login_msg_02a']).' <span id=timer0></span> '.hsc($_['login_msg_02b']);
 		}
 	}
 
@@ -1799,6 +1812,7 @@ function Create_Table_for_Listing() { //****************************************
 	<tbody id=DIRECTORY_LISTING></tbody>
 	<tr><td id=DIRECTORY_FOOTER colspan=7></td</tr>
 	</table>
+	<script>document.getElementById('header_filename').focus()</script>
 <?php
 }//Create_Table_for_Listing() //************************************************
 
@@ -2027,7 +2041,7 @@ function Edit_Page_buttons($text_editable, $too_large_to_edit) { //*************
 	echo '<div class="edit_btns_bottom">';
 		
 		if ($text_editable && !$too_large_to_edit && !$IS_OFCMS) { //Show save & reset only if editable file
-			echo Timeout_Timer($MAX_IDLE_TIME, 'timer1','timer', 'LOGOUT');
+			echo '<span id=timer1  class="timer"></span>';
 			echo '<button type="submit" class="button" id="save_file">'.hsc($_['save_1']).'</button>'; //Submit Button
 			echo $reset_button;
 		}//end if editable
@@ -2782,7 +2796,7 @@ function init_ICONS_js() { //***************************************************
 
 
 function common_scripts() { //**************************************************
-	global $_, $TO_WARNING, $message, $page;
+	global $_, $TO_WARNING, $message, $page, $DELAY_Expired_Reload;
 ?>
 <script>
 
@@ -2854,21 +2868,27 @@ function format_number(number, sep) { //******************************
 
 
 //********************************************************************
-function Countdown(count, End_Time, Timer_ID, Timer_CLASS, Action){
+function Countdown(count, End_Time, Timer_ID, Action){
 	var Timer        = document.getElementById(Timer_ID);
 	var Current_Time = Math.round(new Date().getTime()/1000); //js uses milliseconds
 	    count        = End_Time - Current_Time;
-	var params = count + ', "' + End_Time + '", "' + Timer_ID + '", "' + Timer_CLASS + '", "' + Action + '"';
+	var params = count + ', "' + End_Time + '", "' + Timer_ID + '", "' + Action + '"';
 
 	$message_box = document.getElementById('message_box');
 
 	Timer.innerHTML = FormatTime(count);
 
-	if ( (count == <?php echo $TO_WARNING ?>) && (Action != "") ) { //Two minute warning...
-		$message_box.innerHTML = '<div class="message_box_contents"><b><?php echo hsc($_['session_warning']) ?></b>';
-		Timer.style.backgroundColor = "white";
-		Timer.style.color = "red";
-		Timer.style.fontWeight = "900";
+	if ((count == <?php echo $TO_WARNING ?>) && (Action != "")) { //Two minute warning...
+		
+		var timeout_warning  = '<div class="message_box_contents"><b><?php echo hsc($_['session_warning']) ?></b> ';
+			timeout_warning += '<b><span id=timer2>:--</span></b></div>';
+		$message_box.innerHTML  = timeout_warning;
+		setTimeout('Start_Countdown(' + count + ',"timer2","")',25);
+		
+		var Timer2 = document.getElementById('timer2');
+		Timer.style.color           = Timer2.style.color           = "red";
+		Timer.style.fontWeight      = Timer2.style.fontWeight      = "900";
+		Timer.style.backgroundColor = Timer2.style.backgroundColor = "white";
 	}
 
 	if ( count < 1 ) {
@@ -2876,22 +2896,21 @@ function Countdown(count, End_Time, Timer_ID, Timer_CLASS, Action){
 			Timer.innerHTML        = '<?php echo hsc($_['session_expired']) ?>';
 			$message_box.innerHTML = '<div class=message_box_contents><b><?php echo hsc($_['session_expired']) ?></b></div>';
 			//Load login screen, but delay first to make sure really expired:
-			setTimeout('window.location = window.location.pathname',10000); //1000 = 1 second
+			setTimeout('window.location = window.location.pathname', <?php echo $DELAY_Expired_Reload ?>);
 		}
 		return;
 	}
-	setTimeout('Countdown(' + params + ')',1000);
+	setTimeout('Countdown(' + params + ')',1000); //1000 = one second
 }//end Countdown() //*************************************************
 
 
 
-function Start_Countdown(count, ID, CLASS, Action){ //****************
-	document.write('<span id="' + ID + '"  class="' + CLASS + '"></span>');
+function Start_Countdown(count, ID, Action){ //***********************
 
-	var Time_Start  = Math.round(new Date().getTime()/1000);
+	var Time_Start  = Math.round(new Date().getTime()/1000); //in seconds
 	var Time_End    = Time_Start + count;
 
-	Countdown(count, Time_End, ID, CLASS, Action); //(seconds to count, id of element)
+	Countdown(count, Time_End, ID, Action); //(seconds to count, id of element)
 }//end Start_Countdown() //*******************************************
 
 
@@ -2935,23 +2954,32 @@ function FileTimeStamp(php_filemtime, show_date, show_offset, write_return){
 
 
 
-function Display_Messages($msg, new_focus) { //*******************
+function Display_Messages($msg, take_focus) { //***********************
+
+	var $page     = '<?php echo $page ?>';
+	var new_focus = '';
+	
+	take_focus = typeof new_focus == 'undefined' ? 0 : take_focus ;//default is X_box doesn't take focus()
+
+	if      ($page == 'index') { new_focus = 'header_filename'; }
+	else if ($page == 'edit')  { new_focus = 'close1'; }
+	else if ($page == 'login') { new_focus = 'username'; }
+	else if ($page == 'hash')  { new_focus = 'whattohash'; }
+	else if ($page == 'admin') { new_focus = 'close'; }
 
 	var $X_box		 = '<button type=button id="X_box">x</button>';
 	var $MESSAGE	 = '<div class=message_box_contents>' + $msg + '</div>';
 	var $message_box = document.getElementById("message_box");
 	var $new_focus	 = document.getElementById(new_focus)
-	
-	if ($msg == '') {$message_box.innerHTML = ' ';} //innerHTML must have a space or $message won't clear.
+
+	if ($msg == '') {$message_box.innerHTML = ' ';} //innerHTML must be given a space or $message_box won't clear.
 	else				{
 		$message_box.innerHTML = $X_box + $MESSAGE;
-		document.getElementById("X_box").focus();
+		var $X_box_btn	 = document.getElementById('X_box');
+		if (take_focus) {$X_box_btn.focus();}
+		$X_box_btn.onclick = function () { $message_box.innerHTML = " "; $new_focus.focus();}
 	}
 
-	var $X_box_btn	 = document.getElementById('X_box');
-
-	if ($new_focus) { $X_box_btn.onclick = function () { $message_box.innerHTML = " "; $new_focus.focus();} }
-
 }//end Display_Messages() //******************************************
 
 </script>
@@ -2985,7 +3013,7 @@ function Index_Page_onclicks() { //*********************************************
 
 
 function Index_Page_scripts() { //**********************************************
-	global $_, $ONESCRIPT, $param1, $ipath, $message;
+	global $_, $ONESCRIPT, $param1, $ipath, $message, $DELAY_Sort_and_Show_msgs, $MIN_DIR_ITEMS;
 ?>
 <script>
 //  DIRECTORY_DATA[x] = ("type", "file name", filesize, timestamp, is_ofcms, "ext")	
@@ -3201,17 +3229,22 @@ function Directory_Summary() { //*************************************
 
 function Sort_and_Show(col, direction) { //***************************
 
-	//(Any pre-existing $message will be displayed after directory is displayed.)
-	Display_Messages('<b><?php echo $_['Working'] ?></b>');
+	var DELAY = 0;
+	if (DIRECTORY_ITEMS > <?php echo $MIN_DIR_ITEMS ?>) { //
+		//(Any pre-existing $message will be displayed after directory is displayed.)
+		Display_Messages('<b><?php echo $_['Working'] ?></b>');
+		
+		DELAY = <?php echo $DELAY_Sort_and_Show_msgs ?>;
+	}
 
 	setTimeout( function () { //setTimeout() needed so 'Working' message will actually get displayed *before* the sort.
 		sort_DIRECTORY(col, direction); //Sort DIRECTORY_DATA
 		Build_Directory();
 		document.getElementById('DIRECTORY_FOOTER').innerHTML = Directory_Summary();
 		Display_Messages('');
-	}, 20); //20 seems sufficient for the 'Working' message to reliably display in Firefox. (For the most part.)
+	}, DELAY);
 
-}//end Sort_and_Show() { //*******************************************
+}//end Sort_and_Show() //*********************************************
 
 
 
@@ -3365,7 +3398,7 @@ function Wide_View() {
 }
 
 
-function Reset_file_status_indicators() {
+function Reset_file_status_indicators() {	
 	changed = false;
 	File_textarea.style.backgroundColor = "#F5FFF5";  //light green
 	File_textarea.style.borderColor     = "";
@@ -4153,7 +4186,7 @@ function Load_style_sheet(){ //*************************************************
 if ($_SESSION['valid']) {
 	//Countdown timer
 	echo '<hr style="border-color: white;">';
-	echo Timeout_Timer($MAX_IDLE_TIME, 'timer0', 'timer timeout', 'LOGOUT');
+	echo '<span id=timer0  class="timer timeout"></span>';
 	echo '<span class="timeout">'.hsc($_['time_out_txt']).'&nbsp; </span>';
 
 	//Admin link
@@ -4167,17 +4200,22 @@ function Load_style_sheet(){ //*************************************************
 
 if ( ($page == "edit") && $WYSIWYG_VALID && $EDIT_WYSIWYG ) { include($WYSIWYG_PLUGIN_OS); }
 
-//Lastly, display any $message's
+//Display any $message's
 ?>
 <script>
-	var $page	  = '<?php echo $page ?>';
-	var $message  = '<?php echo addslashes($message) ?>';
-	var new_focus = '';
-	if      ($page == 'index') { new_focus = 'header_filename'; document.getElementById('header_filename').focus(); }
-	else if ($page == 'edit')  { new_focus = 'close1'; }
+	var $page    = '<?php echo $page ?>';
+	var $message = '<?php echo addslashes($message) ?>';
+
+	<?php //Cause $message's $X_box to take focus on these pages on (if any $message, of course) ?>
+	if (($page == 'index') || ($page == 'edit')) {take_focus = 1;}
+	else										 {take_focus = 0;}
 
-	//The setTimeout() time should be greater than what is set for the Sort_and_Show() "working..." message.
-	setTimeout('Display_Messages($message, new_focus)',25);
+	<?php //The setTimeout() time should be greater than what is set for the Sort_and_Show() "working..." message. ?>
+	setTimeout('Display_Messages($message, take_focus)',<?php echo $DELAY_final_messages ?>);
 </script>
 <?php
+//start any timers (Yea, they could probably be put in a window.onload function or something...)
+if ($_SESSION['valid']) { echo Timeout_Timer($MAX_IDLE_TIME, 'timer0', 'LOGOUT'); }
+if ($page == 'edit')    { echo Timeout_Timer($MAX_IDLE_TIME, 'timer1', 'LOGOUT'); }
+if ($LOGIN_DELAYED > 0) { echo Timeout_Timer($LOGIN_DELAYED, 'timer0', ''); }
 //##### END OF FILE ############################################################
\ No newline at end of file
diff --git a/readme.markdown b/readme.markdown
index 675fd78..0375fb2 100755
--- a/readme.markdown
+++ b/readme.markdown
@@ -1,6 +1,6 @@
 # OneFileCMS
 
-## Yes, that's exactly what it is!
+## Yes, that's *exactly* what it is!
 
 Main screen:
 ![OneFileCMS](http://self-evident.github.com/OneFileCMS/images/OneFileCMS_screenshot.png)
@@ -9,7 +9,7 @@ Edit screen:
 ![OneFileCMS](http://self-evident.github.com/OneFileCMS/images/OneFileCMS_screenshot_edit.png)
 
 
-OneFileCMS is just that: It's a flat, light, one file CMS (Content Management System) contained entirely in an easy-to-implement database-less PHP script.
+**OneFileCMS** is just that: a simple CMS (Content Management System) contained entirely in a single, easy-to-implement, database-less PHP script.
 
 Coupling basic editing, upload, and file managing functions, OneFileCMS can maintain an entire website completely in-browser without any external programs.
 
@@ -79,11 +79,18 @@ Well, because "OneFileCMS" sounds way cooler (relatively speaking) than "OneFile
 
 ### Where's the WYSISWYG?
 
-OneFileCMS can be configured to work with [TinyMCE](http://tinymce.moxiecode.com) or [CKEditor](http://ckeditor.com) (and possibly others), but the editors themselves must be obtained from their respective sites.  For basic setup instructions, read the appropriate "init" file from the extras/ directory in the OneFileCMS repo.  
+OneFileCMS can be easily configured to work with [TinyMCE](http://tinymce.moxiecode.com) or [CKEditor](http://ckeditor.com) (and possibly others), but the editors themselves must be obtained from their respective sites.  For basic setup instructions, read the appropriate "init" file from the extras/ directory in the OneFileCMS repo.  
 
 
+### Why do I get a "Stop running script?" pop-up during login?
 
-### Limitations
+IE, version 8 at least, takes condsiderably longer (about 8 seconds on my test system) to run OneFile's javascript login functions than Chrome or Firefox.  Just click [No] and the login should continue normally after a few more seconds.  
+
+Not counting the time the pop-up is waiting for a response, the 8 seconds previously mentioned is the time to login from a 2.5gz single-core XP system.  This delay is the result of the client-side "pre-hash" OneFileCMS performs on your password before submitting the login to OneFileCMS server-side.  
+
+See the global variable "$PRE\_ITERATIONS" at the end of System\_Setup().  It can be adjusted, but it's best to do so on a local copy in a development setup, then upload the updated copy.
+
+### Limitations & Considerations
 
 - OneFileCMS would not be the best option for a site that requires different levels of privileges, unless all of the users are trusted to stay within their designated areas of responsibility. Since OneFileCMS allows file uploads and editing files directly on the web server, there is simply no way to secure against any particular action.  
 
@@ -93,6 +100,8 @@ OneFileCMS can be configured to work with [TinyMCE](http://tinymce.moxiecode.com
 
 - Directories with many (hundreds) of files, may take a few seconds to display.  For instance, on my system- a 2.5gz desktop running XP, it takes 2 to 4 seconds to display a directory with 200 files.
 
+- If your website's connection is not encrypted (doesn't use SSL/TLS), passwords & usernames will be sent in clear text* during login.  However, this is true of any online login system that's over an unencrypted connection.  
+  *As of version 3.4.15, a client-side hash of the user's "plain-text" password is sent to the server.  So, while this client-side hash is still a "plain-text" password as far as the server is concerned, the user's actual raw password is protected from immediate exposure.
 
 --------------------------------------------------------------------------------
 
@@ -120,8 +129,6 @@ OneFileCMS can be configured to work with [TinyMCE](http://tinymce.moxiecode.com
 ##Needed/potential improvements
 
 - With Chrome, and possibly Safari, issue with Edit page: Clicking browser [back] & then browser [forward],  with file changed and not saved. On return (after [forward] clicked), file still has changes, but indicators are green (saved/unchanged). Does not affect FF 7+ or IE 8+.
-- If your website's connection is not encrypted (doesn't use SSL/TLS), passwords & usernames will be sent in clear text* during login.  However, this is true of any online login system that's over an unencrypted connection.
-  *As of version 3.4.15, a client-side hash of the user's "plain-text" password is sent to the server.  So, while this client-side hash is still a "plain-text" password as far as the server is concerned, the user's actual raw password is protected from immediate exposure.
 - Be aware that only some very basic data & error checking is performed.  (But, it's getting better...)  
 - Anything else?
 

From 1524ca91dcf60892f6b9adca92b5a6edca500095 Mon Sep 17 00:00:00 2001
From: Self-Evident <selfevidenttruths@mail.com>
Date: Tue, 25 Mar 2014 19:45:00 -0400
Subject: [PATCH 194/228] Updated readme.

---
 readme.markdown | 107 ++++++++++++++++++++++++++++--------------------
 1 file changed, 63 insertions(+), 44 deletions(-)

diff --git a/readme.markdown b/readme.markdown
index 0375fb2..59e0f12 100755
--- a/readme.markdown
+++ b/readme.markdown
@@ -2,23 +2,36 @@
 
 ## Yes, that's *exactly* what it is!
 
-Main screen:
-![OneFileCMS](http://self-evident.github.com/OneFileCMS/images/OneFileCMS_screenshot.png)
+OneFileCMS is a simple CMS (Content Management System) contained entirely in a single file, database-less PHP script.
 
-Edit screen:
-![OneFileCMS](http://self-evident.github.com/OneFileCMS/images/OneFileCMS_screenshot_edit.png)
+With basic editing, upload, and file managing functions, OneFileCMS can maintain an entire website completely in-browser without any external programs.
 
+### Main screen:
+![OneFileCMS](http://self-evident.github.com/OneFileCMS/images/OneFileCMS_screenshot.png)
 
-**OneFileCMS** is just that: a simple CMS (Content Management System) contained entirely in a single, easy-to-implement, database-less PHP script.
+###Edit screen:
+![OneFileCMS](http://self-evident.github.com/OneFileCMS/images/OneFileCMS_screenshot_edit.png)
 
-Coupling basic editing, upload, and file managing functions, OneFileCMS can maintain an entire website completely in-browser without any external programs.
+--------------------------------------------------------------------------------
+## Contents:
+- [Demo](#demo)
+- [Features](#features)
+- [Installation](#installation)
+- [FAQ](#faq)
+- [Requirements](#requirements)
+- [Limitations and Considerations](#limitations)
+- [Needed/potential improvements](#potential)
+- [License, Credit, Et Cetera](#license)
+- [General layout/structure of OneFileCMS.php](#layout)
+- [Logs](#logs)
 
-## Demo
+--------------------------------------------------------------------------------
+## <a name=demo></a>Demo
 
 - Just download & try the [current version](https://raw.github.com/Self-Evident/OneFileCMS/master/onefilecms.php) - it's one file!  
   
-
-## Features
+--------------------------------------------------------------------------------
+## <a name=features></a>Features
  
 - All the basic file management features like renaming, moving, copying, deleting, and uploading.
 - Sort directory listings by file name, extension, size, or date.
@@ -30,7 +43,8 @@ Coupling basic editing, upload, and file managing functions, OneFileCMS can main
 - Multi-language support.
 - <del>Possibly</del> The easiest installation process ever!
 
-## Installation
+--------------------------------------------------------------------------------
+## <a name=installation></a>Installation
 
 1) **Download** the [current version](https://raw.github.com/Self-Evident/OneFileCMS/master/onefilecms.php).  
 
@@ -45,21 +59,20 @@ As with any CMS, you may also have to modify the file permissions of your site's
 You can also change the file name from "onefilecms.php" to something else, such as "admin.php". (Be careful about making it a folder's default file: your server may get stuck in redirects.)
 
 --------------------------------------------------------------------------------
+## <a name=faq></a>FAQ
 
-## FAQ
-
-### I found something that could be better. Can I suggest it to you?
-
-Yes, of course!
-
-I may not have the time/bandwidth/inclination to implement every feature, but I 'll do what I can. If you find a bug, please file a report on the issues page.
+- [Multi-Language Support?](#language)
+- [I found something that could be better. Can I suggest it to you?](#suggestions)
+- [Can I have more than one username/password?](#multiuser)
+- [This is basically just a file manager with a text editor- why is it being called a CMS?](#handsaw)
+- [Where's the WYSISWYG?](#WYSIWYG)
+- [Why do I get a "Stop running script?" pop-up during login?](#slowlogin)
 
 
-### Multi-Language Support?
+### <a name=language></a>Multi-Language Support?
 
 Yes!  While English (EN) is the default - German (DE), Spanish (ES), Dutch (NL), and Russian (RU) are also available.
 
-
 - German (Deutsch) courtesy of [codeless](http://github.com/codeless).
 - Spanish (Espanõla) courtesy of [fermuch](http://github.com/fermuch).
 - Dutch (Nederlands) courtesy of [symsec](http://github.com/symsec).  
@@ -67,22 +80,28 @@ Yes!  While English (EN) is the default - German (DE), Spanish (ES), Dutch (NL),
 
 If you speak another language and would like to contribute, translations are welcomed and appreciated!  Just use the English language file (or any of the others) as a template, and translate each word, phrase, etc., as appropriate.
 
-### Can I have more than one username/password?
+### <a name=suggestions></a>I found something that could be better. Can I suggest it to you?
+
+Yes, of course!
+
+I may not have the time/bandwidth/inclination to implement every feature, but I 'll do what I can. If you find a bug, please file a report on the issues page.
+
+### <a name=multiuser></a>Can I have more than one username/password?
 
 Yes!  Well, sort of... indirectly.  Upload or create addional copies of OneFileCMS, but give them different file names.(ex: OneFile1.php and OneFile2.php etc...)  Then, in each copy, maintain different usernames, passwords, and $session_name config values.  
   
 Now, since there is no database or other means of granular control or access logging, multiple usernames provides limited utility.  However, having at least one working backup copy of OneFileCMS available is recommended in case the primary copy gets corrupted.
 
-### This is basically just a file manager with a text editor- why is it being called a CMS?
+### <a name=handsaw></a>This is basically just a file manager with a text editor- why is it being called a CMS?
 
-Well, because "OneFileCMS" sounds way cooler (relatively speaking) than "OneFileFileManagerwithTextEditor".
+It may be simple, bit it can get the job done.  While you wouldn't want to build an entire house with just a hammer and hand saw, you can "manage" quite a bit with just those two tools (and nails, of course).  Besides, "OneFileCMS" sounds cool. 
 
-### Where's the WYSISWYG?
+### <a name=WYSIWYG></a>Where's the WYSISWYG?
 
 OneFileCMS can be easily configured to work with [TinyMCE](http://tinymce.moxiecode.com) or [CKEditor](http://ckeditor.com) (and possibly others), but the editors themselves must be obtained from their respective sites.  For basic setup instructions, read the appropriate "init" file from the extras/ directory in the OneFileCMS repo.  
 
 
-### Why do I get a "Stop running script?" pop-up during login?
+### <a name=slowlogin></a>Why do I get a "Stop running script?" pop-up during login?
 
 IE, version 8 at least, takes condsiderably longer (about 8 seconds on my test system) to run OneFile's javascript login functions than Chrome or Firefox.  Just click [No] and the login should continue normally after a few more seconds.  
 
@@ -90,7 +109,19 @@ Not counting the time the pop-up is waiting for a response, the 8 seconds previo
 
 See the global variable "$PRE\_ITERATIONS" at the end of System\_Setup().  It can be adjusted, but it's best to do so on a local copy in a development setup, then upload the updated copy.
 
-### Limitations & Considerations
+--------------------------------------------------------------------------------
+## <a name=requirements></a>Requirements
+
+- PHP 5.1+
+  (Only tested on versions 5.2.8, 5.2.17, 5.3.3, and 5.4 + )
+- File permission privileges on your host.
+- A Javascript enabled browswer.
+- Most* modern browsers probably work, but I only test on Firefox, Chrome, and IE 8.
+- And- but only if you wish to see the icons- a browser that supports inline SVG.  
+  (If your browser doesn't support inline SVG, OneFileCMS will still work, just without any icons.)
+
+--------------------------------------------------------------------------------
+## <a name=limitations></a>Limitations & Considerations
 
 - OneFileCMS would not be the best option for a site that requires different levels of privileges, unless all of the users are trusted to stay within their designated areas of responsibility. Since OneFileCMS allows file uploads and editing files directly on the web server, there is simply no way to secure against any particular action.  
 
@@ -98,24 +129,13 @@ See the global variable "$PRE\_ITERATIONS" at the end of System\_Setup().  It ca
 
 - If you need to upload a lots of files, an FTP program may be a bit more flexible & practicle.
 
-- Directories with many (hundreds) of files, may take a few seconds to display.  For instance, on my system- a 2.5gz desktop running XP, it takes 2 to 4 seconds to display a directory with 200 files.
+- Directories with hundreds of files can take a several seconds to display.  For instance, on my system- a 2.5gz desktop running XP, it takes 2 to 4 seconds to display a directory with 200 files.
 
-- If your website's connection is not encrypted (doesn't use SSL/TLS), passwords & usernames will be sent in clear text* during login.  However, this is true of any online login system that's over an unencrypted connection.  
+- If your website's connection is not encrypted (doesn't use SSL/TLS), passwords & usernames will be sent in clear text* during login.  However, this is true of any login system that's over an unencrypted connection.  
   *As of version 3.4.15, a client-side hash of the user's "plain-text" password is sent to the server.  So, while this client-side hash is still a "plain-text" password as far as the server is concerned, the user's actual raw password is protected from immediate exposure.
 
 --------------------------------------------------------------------------------
-
-## Requirements
-
-- PHP 5.1+
-  (Only tested on versions 5.2.8, 5.2.17, 5.3.3, and 5.4 + )
-- File permission privileges on your host.
-- A Javascript enabled browswer.
-- Most* modern browsers probably work, but I only test on Firefox, Chrome, and IE 8.
-- And- but only if you wish to see the icons- a browser that supports inline SVG.  
-  (If your browser doesn't support inline SVG, OneFileCMS will still work, just without any icons.)
-
-## License, Credit, Et Cetera  
+## <a name=license></a>License, Credit, Et Cetera  
 
 - Available under the MIT and BSD licenses.
 - Original concept and development by github.com/rocktronica
@@ -126,15 +146,15 @@ See the global variable "$PRE\_ITERATIONS" at the end of System\_Setup().  It ca
 - To report a bug or request a feature, please file an issue via Github.
 - And, of course, please feel free to fork away!
 
-##Needed/potential improvements
+--------------------------------------------------------------------------------
+## <a name=potential></a>Needed/potential improvements
 
 - With Chrome, and possibly Safari, issue with Edit page: Clicking browser [back] & then browser [forward],  with file changed and not saved. On return (after [forward] clicked), file still has changes, but indicators are green (saved/unchanged). Does not affect FF 7+ or IE 8+.
 - Be aware that only some very basic data & error checking is performed.  (But, it's getting better...)  
 - Anything else?
 
 --------------------------------------------------------------------------------
-
-### General layout/structure of OneFileCMS.php
+### <a name=layout></a>General layout/structure of OneFileCMS.php
   
 CONFIGURATION SECTION  
   
@@ -157,7 +177,6 @@ LOGIC TO DETERMINE PAGE ACTION
 GENERATE/OUTPUT THE PAGE  
 
 --------------------------------------------------------------------------------
-
-## [Change Log](http://self-evident.github.com/OneFileCMS/changelog.html)
+## <a name=logs></a>[Change Log](http://self-evident.github.com/OneFileCMS/changelog.html)
 
 ## [Git Log](https://raw.github.com/Self-Evident/OneFileCMS/gh-pages/master-branch.git.log)

From 5d51a50148a2be1c819dacba929bdfa9805ae667 Mon Sep 17 00:00:00 2001
From: Self-Evident <selfevidenttruths@mail.com>
Date: Tue, 25 Mar 2014 20:20:00 -0400
Subject: [PATCH 195/228] Updated readme.

---
 readme.markdown | 34 +++++++++++++++++++---------------
 1 file changed, 19 insertions(+), 15 deletions(-)

diff --git a/readme.markdown b/readme.markdown
index 59e0f12..f3d4b55 100755
--- a/readme.markdown
+++ b/readme.markdown
@@ -2,7 +2,7 @@
 
 ## Yes, that's *exactly* what it is!
 
-OneFileCMS is a simple CMS (Content Management System) contained entirely in a single file, database-less PHP script.
+OneFileCMS is a simple CMS (Content Management System) contained entirely in a single file, database-less, PHP script.
 
 With basic editing, upload, and file managing functions, OneFileCMS can maintain an entire website completely in-browser without any external programs.
 
@@ -17,8 +17,8 @@ With basic editing, upload, and file managing functions, OneFileCMS can maintain
 - [Demo](#demo)
 - [Features](#features)
 - [Installation](#installation)
-- [FAQ](#faq)
 - [Requirements](#requirements)
+- [FAQ](#faq)
 - [Limitations and Considerations](#limitations)
 - [Needed/potential improvements](#potential)
 - [License, Credit, Et Cetera](#license)
@@ -58,6 +58,17 @@ As with any CMS, you may also have to modify the file permissions of your site's
 
 You can also change the file name from "onefilecms.php" to something else, such as "admin.php". (Be careful about making it a folder's default file: your server may get stuck in redirects.)
 
+--------------------------------------------------------------------------------
+## <a name=requirements></a>Requirements
+
+- PHP 5.1+
+  (Only tested on versions 5.2.8, 5.2.17, 5.3.3, and 5.4 + )
+- File permission privileges on your host.
+- A Javascript enabled browswer.
+- Most* modern browsers probably work, but I only test on Firefox, Chrome, and IE 8.
+- And- but only if you wish to see the icons- a browser that supports inline SVG.  
+  (If your browser doesn't support inline SVG, OneFileCMS will still work, just without any icons.)
+
 --------------------------------------------------------------------------------
 ## <a name=faq></a>FAQ
 
@@ -96,10 +107,6 @@ Now, since there is no database or other means of granular control or access log
 
 It may be simple, bit it can get the job done.  While you wouldn't want to build an entire house with just a hammer and hand saw, you can "manage" quite a bit with just those two tools (and nails, of course).  Besides, "OneFileCMS" sounds cool. 
 
-### <a name=WYSIWYG></a>Where's the WYSISWYG?
-
-OneFileCMS can be easily configured to work with [TinyMCE](http://tinymce.moxiecode.com) or [CKEditor](http://ckeditor.com) (and possibly others), but the editors themselves must be obtained from their respective sites.  For basic setup instructions, read the appropriate "init" file from the extras/ directory in the OneFileCMS repo.  
-
 
 ### <a name=slowlogin></a>Why do I get a "Stop running script?" pop-up during login?
 
@@ -109,16 +116,10 @@ Not counting the time the pop-up is waiting for a response, the 8 seconds previo
 
 See the global variable "$PRE\_ITERATIONS" at the end of System\_Setup().  It can be adjusted, but it's best to do so on a local copy in a development setup, then upload the updated copy.
 
---------------------------------------------------------------------------------
-## <a name=requirements></a>Requirements
+### <a name=WYSIWYG></a>Where's the WYSISWYG?
+
+OneFileCMS can be easily configured to work with [TinyMCE](http://tinymce.moxiecode.com) or [CKEditor](http://ckeditor.com) (and possibly others), but the editors themselves must be obtained from their respective sites.  For basic setup instructions, read the appropriate "init" file from the extras/ directory in the OneFileCMS repo.  
 
-- PHP 5.1+
-  (Only tested on versions 5.2.8, 5.2.17, 5.3.3, and 5.4 + )
-- File permission privileges on your host.
-- A Javascript enabled browswer.
-- Most* modern browsers probably work, but I only test on Firefox, Chrome, and IE 8.
-- And- but only if you wish to see the icons- a browser that supports inline SVG.  
-  (If your browser doesn't support inline SVG, OneFileCMS will still work, just without any icons.)
 
 --------------------------------------------------------------------------------
 ## <a name=limitations></a>Limitations & Considerations
@@ -180,3 +181,6 @@ GENERATE/OUTPUT THE PAGE
 ## <a name=logs></a>[Change Log](http://self-evident.github.com/OneFileCMS/changelog.html)
 
 ## [Git Log](https://raw.github.com/Self-Evident/OneFileCMS/gh-pages/master-branch.git.log)
+
+
+<br><br><br><br>
\ No newline at end of file

From b30329a005810e9ca12a480b9a0162010dc50fa2 Mon Sep 17 00:00:00 2001
From: Self-Evident <selfevidenttruths@mail.com>
Date: Sun, 30 Mar 2014 00:00:00 -0400
Subject: [PATCH 196/228] Version 3.5.13 Added basic keyboard navigation of
 Index page. (Arrow keys, Page Up/Down, etc.) System_Setup(): made
 $DOC_ROOT_OS global. Put tabindex=-1 on main OneFileCMS logo.
 Create_Table_for_Listing(): added "../" to top of directory listing.
 Edit_Page_buttons_top(): [View Raw] on shows if text_editable.
 Edit_Page_scripts(): check if [View Raw] exists...   Also removed some old
 leftover test code... Renamed Index_Page_onclicks() to Index_Page_event().
 Added document.onkeydown function for basic keyboard nav of directory list.
 Assemble_Insert_row()): added id's to move/copy/delete options as part of  
 arrow key navivation of directory listing. Build_Directory(): Same to <a> for
 filename. On file change, stopped changing <textarea> border color to red.
 Some css tweakin' & cleanup

---
 extras/OneFileCMS.config.SAMPLE.php |   8 +-
 extras/OneFileCMS.css               |  17 +-
 info/OneFileCMS_structure.txt       |  11 +-
 info/changelog.markdown             |   6 +
 onefilecms.php                      | 397 +++++++++++++++++-----------
 readme.markdown                     |  22 +-
 6 files changed, 280 insertions(+), 181 deletions(-)

diff --git a/extras/OneFileCMS.config.SAMPLE.php b/extras/OneFileCMS.config.SAMPLE.php
index a40dfc2..e0fe1dc 100755
--- a/extras/OneFileCMS.config.SAMPLE.php
+++ b/extras/OneFileCMS.config.SAMPLE.php
@@ -1,12 +1,12 @@
 <?php 
 // OneFileCMS - github.com/Self-Evident/OneFileCMS
-// v3.5.07
+// v3.5.13
 // Sample external config file - this file is OPTIONAL.
 //
 // Basically, what follows is just a copy & paste of the OneFileCMS CONFIGURABLE INFO section.
 
 
-// CONFIGURABLE INFO ***********************************************************
+// USER CONFIGURABLE INFO ******************************************************
 $config_title = "OneFileCMS";
 
 $USERNAME = "username";
@@ -17,7 +17,7 @@
 $MAX_ATTEMPTS  = 3;    //Max failed login attempts before LOGIN_DELAY starts.
 $LOGIN_DELAY   = 10;   //In seconds.
 $MAX_IDLE_TIME = 600;  //In seconds. 600 = 10 minutes.  Other PHP settings (like gc) may limit its max effective value.
-$TO_WARNING    = 120;  //In seconds. When idle time remaining is less than this value, a timeout warning is displayed.
+$TO_WARNING    = 120;  //In seconds. When idle time remaining is less than this value, a TimeOut warning is displayed.
 $LOG_LOGINS    = true; //Keep log of login attempts.
 
 $MAIN_WIDTH    = '810px'; //Width of main <div> defining page layout.          Can be px, pt, em, or %.  Assumes px otherwise.
@@ -50,6 +50,8 @@
 
 $EX = '<b>( ! )</b> '; //EXclaimation point "icon" Used in $message's
 
+$PAGEUPDOWN = 10; //Number of rows to jump using Page Up/Page Down keys on directory listing.
+
 $SESSION_NAME = 'OFCMS'; //Name of session cookie. Change if using multiple copies of OneFileCMS concurrently.
 
 //Restrict access to a particular folder.  Leave empty for access to entire website.
diff --git a/extras/OneFileCMS.css b/extras/OneFileCMS.css
index 141d0b5..3f48ab3 100755
--- a/extras/OneFileCMS.css
+++ b/extras/OneFileCMS.css
@@ -1,5 +1,5 @@
 /*******************************************************************************
-Sample, OPTIONAL, external style sheet for OneFileCMS v3.5.11
+Sample, OPTIONAL, external style sheet for OneFileCMS v3.5.13
 *******************************************************************************/
 
 /* --- reset --- */
@@ -24,7 +24,8 @@ li { margin-left: 2em }
 i, em     { font-style : italic; }
 b, strong { font-weight: bold;   }
 
-:focus { outline:0; }
+:focus {outline:0;}
+:hover {border-color: #333;}
 
 table { border-collapse:separate; border-spacing:0; }
 th,td { text-align:left; font-weight:400; }
@@ -40,12 +41,12 @@ input[type="file"]     { width: 100%; border: 1px solid #777; background-color:
 input[readonly]        { color: #333; background-color: #EEE; }
 input[disabled]        { color: #555; background-color: #EEE; }
 
-input:focus  { background-color: rgb(255,250,150); }
+input:focus  { background-color: rgb(255,250,150); border: 1px solid #333; }
 input:hover  { background-color: rgb(255,250,150); }
 
-button:focus  { background-color: rgb(255,250,150); border-color: #333;}
-button:hover  { background-color: rgb(255,250,150); border-color: #333;}
-button:active { background-color: rgb(245,245,50);  border-color: #333;}
+button:hover  { background-color: rgb(255,250,150); border-color: #333; }
+button:focus  { background-color: rgb(255,250,150); border-color: #333; }
+button:active { background-color: rgb(245,245,50);  border-color: #333; }
 
 /* --- layout --- */
 
@@ -256,6 +257,8 @@ a:active { border: 1px solid #333; background-color: rgb(245,245,50);  }
 	background-color: #EEE;
 	}
 
+.button:hover     { border: 1px solid #333; background-color: rgb(255,250,150); }
+.button:focus     { border: 1px solid #333; background-color: rgb(255,250,150); }
 .button:active    { background-color: rgb(245,245,50); }                  /*first                 */
 .button[disabled] { color: #777; background-color: #EEE; cursor: default} /*second - order matters*/
 
@@ -268,7 +271,6 @@ a:active { border: 1px solid #333; background-color: rgb(245,245,50);  }
 .nav a { border: 1px solid transparent; font-weight: bold; padding: .2em .6em .1em .6em; }
 .nav a:hover  { border: 1px solid #333; }
 .nav a:focus  { border: 1px solid #333; }
-.nav a:active { border: 1px solid #333; }
 
 
 /* --- edit --- */
@@ -442,4 +444,3 @@ input[type="text"]#new_name {width  : 50%; margin-bottom: .2em;}
 
 #path_header a:hover  { border-left : solid 1px #777; border-right: solid 1px #777; background-color: rgb(255,250,150); }
 #path_header a:focus  { border-left : solid 1px #777; border-right: solid 1px #777; background-color: rgb(255,250,150); }
-#path_header a:active { border-left : solid 1px #777; border-right: solid 1px #777; background-color: rgb(245,245,50); }
diff --git a/info/OneFileCMS_structure.txt b/info/OneFileCMS_structure.txt
index 8f7be4b..90ddbf0 100755
--- a/info/OneFileCMS_structure.txt
+++ b/info/OneFileCMS_structure.txt
@@ -1,4 +1,4 @@
-OneFileCMS Version 3.5.09 structure/layout
+OneFileCMS Version 3.5.13 structure/layout
 
 LICENSE
 
@@ -97,7 +97,9 @@ JAVASCRIPT FUNCTIONS:
 		Start_Countdown()
 		FileTimeStamp()
 		Display_Messages()
-	Index_Page_onclicks()
+	Index_Page_events()
+		(various onclicks)
+		document.onkeydown
 	Index_Page_scripts()
 		Sort_FOlder_First()
 		sort_DIRECTORY()
@@ -109,12 +111,15 @@ JAVASCRIPT FUNCTIONS:
 		Select_All()
 		Confirm_Submit()
 	Edit_Page_scripts()
+		(various onclicks)
+		window.onbeforeunload
+		window.onunload
 		Wide_View()
 		Reset_file_status_indicators()
 		setSelRange()
 		Check_for_changes()
 		Reset_File()
-	event_scripts()
+	pwun_event_scripts()
 		events_down()
 		events_up()
 		pre_validate_pwun()
diff --git a/info/changelog.markdown b/info/changelog.markdown
index f91deb2..3a9ce72 100755
--- a/info/changelog.markdown
+++ b/info/changelog.markdown
@@ -1,5 +1,11 @@
 # OneFileCMS Change Log
 
+### v3.5.13 (2014-03-30)
+
+- Added basic keyboard navigation on directory listings.
+- Removed [View Raw] button when viewing images.
+- And tweaked some css...
+
 ### v3.5.12 (2014-03-25)
 
 - Fixed a minor glitch in the countdown used in login delays.
diff --git a/onefilecms.php b/onefilecms.php
index 0c18c6b..a1f1e5c 100755
--- a/onefilecms.php
+++ b/onefilecms.php
@@ -2,7 +2,7 @@
 
 // OneFileCMS - github.com/Self-Evident/OneFileCMS
 
-$OFCMS_version = '3.5.12';
+$OFCMS_version = '3.5.13';
 
 /*******************************************************************************
 Except where noted otherwise:
@@ -88,7 +88,7 @@
 $MAX_ATTEMPTS  = 3;    //Max failed login attempts before LOGIN_DELAY starts.
 $LOGIN_DELAY   = 10;   //In seconds.
 $MAX_IDLE_TIME = 600;  //In seconds. 600 = 10 minutes.  Other PHP settings (like gc) may limit its max effective value.
-$TO_WARNING    = 120;  //In seconds. When idle time remaining is less than this value, a timeout warning is displayed.
+$TO_WARNING    = 120;  //In seconds. When idle time remaining is less than this value, a TimeOut warning is displayed.
 $LOG_LOGINS    = true; //Keep log of login attempts.
 
 $MAIN_WIDTH    = '810px'; //Width of main <div> defining page layout.          Can be px, pt, em, or %.  Assumes px otherwise.
@@ -121,6 +121,8 @@
 
 $EX = '<b>( ! )</b> '; //EXclaimation point "icon" Used in $message's
 
+$PAGEUPDOWN = 10; //Number of rows to jump using Page Up/Page Down keys on directory listing.
+
 $SESSION_NAME = 'OFCMS'; //Name of session cookie. Change if using multiple copies of OneFileCMS concurrently.
 
 //Restrict access to a particular folder.  Leave empty for access to entire website.
@@ -156,7 +158,7 @@
 
 
 
-function System_Setup() { //****************************************************
+function System_Setup() {//*****************************************************
 
 global $config_title, $_, $MAX_IDLE_TIME, $LOGIN_ATTEMPTS, $LOGIN_DELAYED, 
 	$MAIN_WIDTH, $WIDE_VIEW_WIDTH, $MAX_EDIT_SIZE, $MAX_VIEW_SIZE, $config_excluded, 
@@ -166,7 +168,7 @@ function System_Setup() { //****************************************************
 	$INVALID_CHARS, $WHSPC_SLASH, $VALID_PAGES, $LOGIN_LOG_url, $LOGIN_LOG_file,
 	$ONESCRIPT,  $ONESCRIPT_file, $ONESCRIPT_backup, $ONESCRIPT_file_backup, 
 	$CONFIG_backup, $CONFIG_FILE, $CONFIG_FILE_backup, $VALID_CONFIG_FILE, 
-	$DOC_ROOT, $WEB_ROOT, $WEBSITE, $PRE_ITERATIONS, $EX, $message, $ENC_OS,
+	$DOC_ROOT, $DOC_ROOT_OS, $WEB_ROOT, $WEBSITE, $PRE_ITERATIONS, $EX, $message, $ENC_OS,
 	$DELAY_Expired_Reload, $DELAY_Sort_and_Show_msgs, $DELAY_Start_Countdown, $DELAY_final_messages, $MIN_DIR_ITEMS;
 
 //Requires PHP 5.1 or newer, due to changes in explode() (and maybe others).
@@ -203,11 +205,11 @@ function System_Setup() { //****************************************************
 $WEB_ROOT  = basename($DOC_ROOT).'/'; //Used only for screen output - Non-url use.
 $WEBSITE   = $_SERVER['HTTP_HOST'].'/';
 
-$ONESCRIPT 			   = URLencode_path($_SERVER['SCRIPT_NAME']);  //Used for URL's in HTML attributes
-$ONESCRIPT_file        = $_SERVER['SCRIPT_FILENAME'];              //Non-url file system use.
-$ONESCRIPT_backup      = $ONESCRIPT.'-BACKUP.txt';                 //used for p/w & u/n updates.
+$ONESCRIPT			   = URLencode_path($_SERVER['SCRIPT_NAME']);  //Used for URL's in HTML attributes
+$ONESCRIPT_file		   = $_SERVER['SCRIPT_FILENAME'];              //Non-url file system use.
+$ONESCRIPT_backup	   = $ONESCRIPT.'-BACKUP.txt';                 //used for p/w & u/n updates.
 $ONESCRIPT_file_backup = $ONESCRIPT_file.'-BACKUP.txt';            //used for p/w & u/n updates.
-$LOGIN_ATTEMPTS        = $ONESCRIPT_file.'.invalid_login_attempts';//Non-url file system use.
+$LOGIN_ATTEMPTS		   = $ONESCRIPT_file.'.invalid_login_attempts';//Non-url file system use.
 $LOGIN_LOG_url		   = $ONESCRIPT.'-LOGIN.log';
 $LOGIN_LOG_file		   = $ONESCRIPT_file.'-LOGIN.log';
 
@@ -282,10 +284,10 @@ function System_Setup() { //****************************************************
 //A few variables for values that were otherwise hardcoded in js. 
 //$DELAY_... values are in milliseconds.
 //The values were determined thru quick experimentation, and may be tweaked if desired, except as noted.
-$DELAY_Sort_and_Show_msgs = 20; //Needed so "Working..." message shows during directory sorts. Mostly needed for Firefox.
-$DELAY_Start_Countdown	  = 25; //Needs to be > than $Sort_and_Show_msgs. In Timeout_Timer().
+$DELAY_Sort_and_Show_msgs = 20; //Needed so "Working..." message shows during directory sorts. Mostly for Firefox.
+$DELAY_Start_Countdown	  = 25; //Needs to be > than $Sort_and_Show_msgs. Used in Timeout_Timer().
 $DELAY_final_messages	  = 25; //Needs to be > than $Sort_and_Show_msgs. Delays final Display_Messages().
-$DELAY_Expired_Reload  = 10000; //Delay from Session Expired to page reload of login screen. Ten seconds, but can be less.
+$DELAY_Expired_Reload  = 10000; //Delay from Session Expired to page load of login screen. Ten seconds, but can be less.
 $MIN_DIR_ITEMS			  = 25; //Minimum number of directory items before "Working..." message is needed/displayed.
 
 
@@ -539,7 +541,7 @@ function Default_Language() { // ***********************************************
 
 
 
-function validate_units($cssvalue) { //*****************************************
+function validate_units($cssvalue) {//******************************************
 	//Determine if valid units are set for $cssvalue:  px, pt, em, or %.
 	$main_units   = mb_substr($cssvalue, -2); 
 	if ( ($main_units != "px") && ($main_units != "pt") && ($main_units != "em") && (mb_substr($cssvalue, -1) != '%')) {
@@ -551,7 +553,7 @@ function validate_units($cssvalue) { //*****************************************
 
 
 
-function hsc($input) { //*******************************************************
+function hsc($input) {//********************************************************
 	$enc = mb_detect_encoding($input); //It should always be UTF-8 (or ASCII), but, just in case...
 	if ($enc == 'ASCII') {$enc = 'UTF-8';} //htmlspecialchars() doesn't recognize "ASCII"
 	return htmlspecialchars($input, ENT_QUOTES, $enc);
@@ -560,7 +562,7 @@ function hsc($input) { //*******************************************************
 
 
 
-function Convert_encoding($string, $to_enc = "") { //***************************
+function Convert_encoding($string, $to_enc = "") {//****************************
 	global $ENC_OS;
 								  //mb_convert_encoding($string, $to_enc, $from_enc)
 	if ($to_enc == 'UTF-8') {return mb_convert_encoding($string, 'UTF-8', $ENC_OS);} // Convert to UTF-8
@@ -570,7 +572,7 @@ function Convert_encoding($string, $to_enc = "") { //***************************
 
 
 
-function Session_Startup() { //*************************************************
+function Session_Startup() {//**************************************************
 	global $SESSION_NAME, $page, $VALID_POST;
 
 	$limit    =  0; //0 = session.
@@ -601,7 +603,7 @@ function Session_Startup() { //*************************************************
 
 
 
-function Verify_IDLE_POST_etc() { //********************************************
+function Verify_IDLE_POST_etc() {//*********************************************
 	global $_, $page, $EX, $message, $VALID_POST, $MAX_IDLE_TIME;
 
 	//Verify consistant user agent. This is set during login. (every little bit helps every little bit)
@@ -634,7 +636,7 @@ function Verify_IDLE_POST_etc() { //********************************************
 
 
 
-function hashit($key,$pre = false){ //******************************************
+function hashit($key,$pre = false) {//******************************************
 	//This is the super-secret stuff - Keep it secret, keep it safe!
 	//If you change anything here, or the $SALT, manually update the hash for your password from the Generate Hash page.
 	global $SALT, $PRE_ITERATIONS;
@@ -710,7 +712,7 @@ function Error_reporting_status_and_early_output($show_status = 0, $show_types =
 
 
 
-function Update_Recent_Pages() { //*********************************************
+function Update_Recent_Pages() {//**********************************************
 	global $page;
 
 	if (!isset($_SESSION['recent_pages'])) { $_SESSION['recent_pages'] = array($page); }
@@ -731,7 +733,7 @@ function Update_Recent_Pages() { //*********************************************
 
 
 
-function undo_magic_quotes(){ //************************************************
+function undo_magic_quotes() {//************************************************
 
 	function strip_array($var) {
 		//stripslashes() also handles cases when magic_quotes_sybase is on. 
@@ -749,7 +751,7 @@ function strip_array($var) {
 
 
 
-function Validate_params() { //*************************************************
+function Validate_params() {//**************************************************
 	global $_, $ipath, $filename, $page, $param1, $param2, $param3, $IS_OFCMS, $EX, $message;
 
 	//Pages that require a valid $filename
@@ -773,7 +775,7 @@ function Validate_params() { //*************************************************
 
 
 
-function Valid_Path($path, $gotoroot=true) { //*********************************
+function Valid_Path($path, $gotoroot=true) {//**********************************
 	//$gotoroot: if true, return to index page of $ACCESS_ROOT.
 	global  $ipath, $ipath_OS, $filename, $param1, $param2, $param3, $ACCESS_ROOT, $ACCESS_ROOT_len, $message;
 	
@@ -815,7 +817,7 @@ function Valid_Path($path, $gotoroot=true) { //*********************************
 
 
 
-function Get_GET() { //*** Get URL passed parameters ***************************
+function Get_GET() {//**** Get URL passed parameters ***************************
 	global $_, $ipath, $ipath_OS, $filename, $filename_OS, $page, $VALID_PAGES, $EX, $message;
 	// i=some/path/,  f=somefile.xyz,          p=somepage,  m=somemessage
 	// $ipath = i  ,  $filename = $ipath.f  ,  $page = p ,  $message
@@ -856,7 +858,7 @@ function Get_GET() { //*** Get URL passed parameters ***************************
 
 
 
-function Verify_Page_Conditions() { //******************************************
+function Verify_Page_Conditions() {//*******************************************
 	global $_, $ONESCRIPT_file, $ipath, $ipath_OS, $param1, $filename, $filename_OS, $page, $EX, $message, 
 			$VALID_POST, $IS_OFCMS;
 
@@ -916,7 +918,7 @@ function Verify_Page_Conditions() { //******************************************
 
 
 
-function has_invalid_char($string) { //*****************************************
+function has_invalid_char($string) {//******************************************
 	global $INVALID_CHARS;
 	$INVALID_CHARS_array = explode(' ', $INVALID_CHARS);
 	foreach ($INVALID_CHARS_array as $bad_char) {
@@ -942,7 +944,7 @@ function URLencode_path($path){ // don't encode the forward slashes ************
 
 
 
-function dir_name($path){ //****************************************************
+function dir_name($path) {//****************************************************
 	//Modified dirname().
 	$parent = dirname($path);
 	if ($parent == "." || $parent == "/" || $parent == '\\' || $parent == "") { return ""; }
@@ -952,7 +954,7 @@ function dir_name($path){ //****************************************************
 
 
 
-function Check_path($path, $show_msg = false) { //******************************
+function Check_path($path, $show_msg = false) {//*******************************
 	// check for invalid characters & "dot" or "dot dot" path segments.
 	// Does NOT check if exists - only if of valid construction.
 	global  $_, $message, $EX, $INVALID_CHARS, $WHSPC_SLASH;
@@ -997,7 +999,7 @@ function Check_path($path, $show_msg = false) { //******************************
 
 
 
-function Sort_Seperate($path, $full_list){ //***********************************
+function Sort_Seperate($path, $full_list) {//***********************************
 	//Sort list, then seperate folders & files
 
 	natcasesort($full_list);
@@ -1017,7 +1019,7 @@ function Sort_Seperate($path, $full_list){ //***********************************
 
 
 
-function add_serial_num($filename, &$msg) { //**********************************
+function add_serial_num($filename, &$msg) {//***********************************
 	//if file_exists(file.txt), add serial# to filename until it doesn't
 	//ie: file.txt.001,  file.txt.002, file.txt.003  etc...
 	global $_, $EX;
@@ -1045,7 +1047,7 @@ function add_serial_num($filename, &$msg) { //**********************************
 
 
 
-function supports_svg() { //****************************************************
+function supports_svg() {//*****************************************************
 	//IE < 9 is the only browser checked for currently.
 	//EX: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0)
 	$USER_AGENT = $_SERVER['HTTP_USER_AGENT'];
@@ -1061,7 +1063,7 @@ function supports_svg() { //****************************************************
 
 
 
-function rCopy( $old_path, $new_path ) { //*************************************
+function rCopy( $old_path, $new_path ) {//**************************************
 	global $_, $WHSPC_SLASH, $EX, $message;
 	//Recursively copy $old_path to $new_path
 	//Both $old_ & $new_path must ALREADY be in OS/file system's encoding.
@@ -1113,7 +1115,7 @@ function rCopy( $old_path, $new_path ) { //*************************************
 
 
 
-function rDel($path){ //********************************************************
+function rDel($path) {//********************************************************
 	//Recursively delete $path & all sub-folders & files.
 	//Returns number of successful unlinks & rmdirs.
 
@@ -1143,7 +1145,7 @@ function rDel($path){ //********************************************************
 
 
 
-function Current_Path_Header(){ //**********************************************
+function Current_Path_Header() {//**********************************************
  	// Current path. ie: webroot/current/path/
 	// Each level is a link to that level.
 	global $ONESCRIPT, $ipath, $WEB_ROOT, $ACCESS_ROOT, $ACCESS_ROOT_len, $message;
@@ -1185,7 +1187,7 @@ function Current_Path_Header(){ //**********************************************
 
 
 
-function Page_Header(){ //******************************************************
+function Page_Header() {//******************************************************
 	global  $_, $DOC_ROOT, $ONESCRIPT, $page, $WEBSITE, $config_title, $OFCMS_version, $config_favicon, $message;
 
 	$favicon = '';
@@ -1197,7 +1199,7 @@ function Page_Header(){ //******************************************************
 	if ($_SESSION["valid"]) { $on_php = '<a href="'.$ONESCRIPT.'?p=phpinfo'.'" target=_blank>'.$on_php.'</a>';}
 
 	echo '<div id="header">';
-		echo '<a href="'.$ONESCRIPT.'" id="logo">'.$config_title.'</a> '.$OFCMS_version.' ';
+		echo '<a href="'.$ONESCRIPT.'" id="logo" tabindex=-1>'.$config_title.'</a> '.$OFCMS_version.' ';
 		echo $on_php;
 		
 		echo '<div class="nav">';
@@ -1211,7 +1213,7 @@ function Page_Header(){ //******************************************************
 
 
 
-function Cancel_Submit_Buttons($submit_label) { //******************************
+function Cancel_Submit_Buttons($submit_label) {//*******************************
 	//$submit_label = Rename, Copy, Delete, etc...
 	global $_, $ONESCRIPT, $ipath, $param1, $param2, $page;
 
@@ -1228,7 +1230,7 @@ function Cancel_Submit_Buttons($submit_label) { //******************************
 
 
 
-function show_image(){ //*******************************************************
+function show_image() {//*******************************************************
 	global $_, $filename, $MAX_IMG_W, $MAX_IMG_H;
 
 	$IMG = $filename;
@@ -1257,7 +1259,7 @@ function show_image(){ //*******************************************************
 
 
 
-function Timeout_Timer($COUNT, $ID, $ACTION="") { //****************************
+function Timeout_Timer($COUNT, $ID, $ACTION="") {//*****************************
 	global $DELAY_Start_Countdown;
 
 	return '<script>setTimeout(\'Start_Countdown('.$COUNT.',"'.$ID.'","'.$ACTION.'")\','.$DELAY_Start_Countdown.');</script>';
@@ -1267,7 +1269,7 @@ function Timeout_Timer($COUNT, $ID, $ACTION="") { //****************************
 
 
 
-function Init_Macros() { //*** ($varibale="some reusable chunk of code")********
+function Init_Macros() {//**** ($varibale="some reusable chunk of code")********
 	global 	$_, $ONESCRIPT, $param1, $param2, $INPUT_NUONCE, $FORM_COMMON, $PWUN_RULES;
 
 	$INPUT_NUONCE = '<input type="hidden" name="nuonce" value="'.$_SESSION['nuonce'].'">'."\n";
@@ -1280,7 +1282,7 @@ function Init_Macros() { //*** ($varibale="some reusable chunk of code")********
 
 
 
-function Init_ICONS() { //*******************************************************
+function Init_ICONS() {//********************************************************
 	global 	$ICONS;
 
 	//*********************************************************************
@@ -1294,7 +1296,7 @@ function icon_txt($border='#333', $lines='#000', $fill='#FFF', $extra1="", $extr
 	}//end icon_txt() //***************************************************
 
 
-	function icon_folder($extra = ""){ //**********************************
+	function icon_folder($extra = "") {//**********************************
 		return '<svg version="1.1" width="18" height="16"><g transform="translate(0,2)">'.
 			'<path  d="M0.5, 1  L8,1  L9,2  L9,3  L16.5,3  L17,3.5  L17,13.5  L.5,13.5  L.5,.5" '.
 				'fill="#F0CD28" stroke="rgb(200,170,15)" stroke-width="1" />'.
@@ -1376,12 +1378,12 @@ function icon_folder($extra = ""){ //**********************************
 		$ICONS['copy']    = '<span class="RCD1 C">+</span>';
 		$ICONS['delete']  = '<span class="RCD1 D">x</span>';
 	}
-}//end Init_ICONS(){ //*********************************************************
+}//end Init_ICONS() {//*********************************************************
 
 
 
 
-function List_File($file, $file_url){ //****************************************
+function List_File($file, $file_url) {//****************************************
 	global $_, $ONESCRIPT, $ICONS;
 
 	$file_OS = Convert_encoding($file);
@@ -1402,7 +1404,7 @@ function List_File($file, $file_url){ //****************************************
 
 
 
-function List_Backups_and_Logs(){ //********************************************
+function List_Backups_and_Logs() {//********************************************
 	global $_, $ONESCRIPT_backup, $ONESCRIPT_file, $ONESCRIPT_file_backup, 
 		   $CONFIG_backup, $CONFIG_FILE_backup, $LOGIN_LOG_url, $LOGIN_LOG_file;
 
@@ -1435,7 +1437,7 @@ function List_Backups_and_Logs(){ //********************************************
 
 
 
-function Admin_Page() { //******************************************************
+function Admin_Page() {//*******************************************************
 	global $_, $ONESCRIPT, $ipath, $filename, $param1, $param2, $config_title;
 
 	// Restore/Preserve $ipath prior to admin page in case OneFileCMS is edited (which would change $ipath).
@@ -1476,7 +1478,7 @@ function Admin_Page() { //******************************************************
 
 
 
-function Hash_Page() { //*******************************************************
+function Hash_Page() {//********************************************************
 	global $_, $ONESCRIPT, $param1, $param3, $INPUT_NUONCE, $PWUN_RULES;
 
 	if (!isset($_POST['whattohash'])) { $_POST['whattohash'] = ''; }
@@ -1510,7 +1512,7 @@ function Hash_Page() { //*******************************************************
 
 
 
-function Hash_response() { //***************************************************
+function Hash_response() {//****************************************************
 	global $_, $message;
 	$_POST['whattohash'] = trim($_POST['whattohash']); // trim whitespace.
 
@@ -1617,7 +1619,7 @@ function Update_config($search_for, $replace_with, $search_file, $backup_file) {
 
 
 
-function Change_PWUN_response($PWUN, $msg){ //**********************************
+function Change_PWUN_response($PWUN, $msg) {//**********************************
 	//Update $USERNAME or $HASHWORD. Default $page = changepw or changeun
 	global $_, $ONESCRIPT, $USERNAME, $HASHWORD, $EX, $message, $page, 
 		   $ONESCRIPT_file, $ONESCRIPT_file_backup, $CONFIG_FILE, $CONFIG_FILE_backup, $VALID_CONFIG_FILE;
@@ -1677,7 +1679,7 @@ function Change_PWUN_response($PWUN, $msg){ //**********************************
 
 
 
-function Logout() { //**********************************************************
+function Logout() {//***********************************************************
 	global $page;
 	session_regenerate_id(true);
 	session_unset();
@@ -1693,7 +1695,7 @@ function Logout() { //**********************************************************
 
 
 
-function Login_Page() { //******************************************************
+function Login_Page() {//*******************************************************
 	global $_, $ONESCRIPT;
 ?>
 	<?php //preserve space for message_box even when there's no message. ?>
@@ -1717,7 +1719,7 @@ function Login_Page() { //******************************************************
 
 
 
-function Login_response() { //**************************************************
+function Login_response() {//***************************************************
 	global $_, $EX, $ONESCRIPT_file, $message, $page, $USERNAME, $HASHWORD,
 				$LOGIN_ATTEMPTS, $MAX_ATTEMPTS, $LOGIN_DELAY, $LOGIN_DELAYED, $LOG_LOGINS, $LOGIN_LOG_file;
 
@@ -1782,12 +1784,14 @@ function Login_response() { //**************************************************
 
 
 
-function Create_Table_for_Listing() { //****************************************
-	global$_;
+function Create_Table_for_Listing() {//*****************************************
+	global$_, $ONEFILECMS, $ipath, $ipath_OS, $DOC_ROOT_OS, $ICONS;
 
 	//Header row: | Select All|[ ]|[X](folders first)      Name      (ext) |   Size   |    Date    |
-	
 	//<input hidden> is a dummy input to make sure files[] is always an array for Select_All() & Confirm_Ready().
+
+	$new_path = URLencode_path(dir_name($ipath)); //for "../" entry in dir list.
+	$new_path_OS = $DOC_ROOT_OS.dir_name($ipath_OS);//.dir_name($ipath_OS);
 ?>
 	<INPUT TYPE=hidden NAME="files[]" VALUE="">
 
@@ -1799,27 +1803,32 @@ function Create_Table_for_Listing() { //****************************************
 	<th class="ckbox">
 		<INPUT TYPE=checkbox id=select_all NAME=select_all VALUE=select_all></th>
 	<th class="file_name ckbox" style="">
-		<a href="#" id=sort_type>(<?php echo hsc($_['ext']) ?>)</a>
 		<INPUT TYPE=checkbox id=folders_first_ckbox NAME=folder_first VALUE=folders_first checked>
 		<label for=folders_first_ckbox id=folders_first_label title="<?php  echo hsc($_['folders_first_info']) ?>">
 			(<?php echo hsc($_['folders_first']) ?>)
-		</label>		  <a href="#" id=header_filename><?php echo hsc($_['Name']) ?></a></th>
+		</label>		  <a href="#" id=header_filename><?php echo hsc($_['Name']) ?></a><a
+							 href="#" id=sort_type>(<?php echo hsc($_['ext']) ?>)</a></th>
 	<th class="file_size"><a href="#" id=header_filesize><?php echo hsc($_['Size']) ?></a></th>
 	<th class="file_time"><a href="#" id=header_filedate><?php echo hsc($_['Date']) ?></a></th>
 	</tr>
 
+	<tr><?php // "../" directory entry ?>
+		<td colspan=4></td><td><a id=f0 href="<?php echo $ONEFILECMS.'?i='.$new_path.'">'.$ICONS['dir'] ?> ../</a></td>
+		<td></td>
+		<td class="meta_T file_time"> &nbsp;<script>FileTimeStamp(<?php echo filemtime($new_path_OS); ?>, 1, 0, 1);</script></td><tr>
+
 	<?php //Directory & footer content will be inserted later. ?>
 	<tbody id=DIRECTORY_LISTING></tbody>
 	<tr><td id=DIRECTORY_FOOTER colspan=7></td</tr>
 	</table>
-	<script>document.getElementById('header_filename').focus()</script>
+	<script>document.getElementById("header_filename").focus()</script>
 <?php
 }//Create_Table_for_Listing() //************************************************
 
 
 
 
-function Get_DIRECTORY_DATA($raw_list) { //*************************************
+function Get_DIRECTORY_DATA($raw_list) {//**************************************
 	global $_, $ONESCRIPT, $ipath, $ipath_OS, $param1, $ICONS, $message, 
 			$ftypes, $fclasses, $excluded_list, $stypes, $SHOWALLFILES, 
 			$DIRECTORY_COUNT, $DIRECTORY_DATA, $ENC_OS;
@@ -1917,7 +1926,7 @@ function Send_data_to_js_and_display() {//**************************************
 
 
 
-function Index_Page_buttons_top($file_count) { //*******************************
+function Index_Page_buttons_top($file_count) {//********************************
 	global $_, $ONESCRIPT, $param1, $ICONS;
 
 	echo '<div id=index_page_buttons>';
@@ -1946,7 +1955,7 @@ function Index_Page_buttons_top($file_count) { //*******************************
 
 
  
-function Index_Page() { //******************************************************
+function Index_Page() {//*******************************************************
 	global  $ONESCRIPT, $ipath_OS, $param1;
 	
 	init_ICONS_js();
@@ -1967,20 +1976,22 @@ function Index_Page() { //******************************************************
 
 	Send_data_to_js_and_display();
 
-	Index_Page_onclicks();
+	Index_Page_events();
 }//end Index_Page() //**********************************************************
 
 
 
 
-function Edit_Page_buttons_top($text_editable,$file_ENC){ //********************
+function Edit_Page_buttons_top($text_editable,$file_ENC) {//********************
 	global $_, $ONESCRIPT, $param1, $param2, $filename, $filename_OS, $IS_OFCMS, 
 				$WYSIWYG_VALID, $EDIT_WYSIWYG, $WYSIWYG_label, $message;
 
 	clearstatcache ();
 
 	//[View Raw] button.
-	$view_raw_button = '<button type=button id=view_raw class=button>'.hsc('View Raw').'</button>';
+	if ($text_editable) {
+		$view_raw_button = '<button type=button id=view_raw class=button>'.hsc('View Raw').'</button>';
+	} else {$view_raw_button = '';}
 
 	//[Wide View] / [Normal View] button.
 	$wide_view_button = '<button type=button id=wide_view class=button>'.hsc($_['Wide_View']).'</button>';
@@ -2014,28 +2025,22 @@ function Edit_Page_buttons_top($text_editable,$file_ENC){ //********************
 		<div class="buttons_right">
 			<?php echo $view_raw_button  ?>
 			<?php echo $wide_view_button ?>
-			<?php echo $WYSIWYG_button    ?>
+			<?php echo $WYSIWYG_button   ?>
 			<?php echo $close_button     ?>
 		</div>
 		<div class=clear></div>
 	</div>
-
-	<script>
-	var Close_button_TEST     = document.getElementById('close_TEST');
-	Close_button_TEST.onclick = function () { parent.location = '<?php echo $close_params ?>'; }
-	</script>
-
 <?php
 }//end Edit_Page_buttons_top() //***********************************************
 
 
 
 
-function Edit_Page_buttons($text_editable, $too_large_to_edit) { //*************
+function Edit_Page_buttons($text_editable, $too_large_to_edit) {//**************
 	global $_, $message, $ICONS, $MAX_IDLE_TIME, $IS_OFCMS, $WYSIWYG_VALID, $EDIT_WYSIWYG;
 
 	//Using ckeditor WYSIWYG editor, <input type=reset> button doesn't work. (I don't know why.)
-	$reset_button = '<input type=reset class=button value="'.hsc($_['reset']).'" onclick="return Reset_File();" id="reset">';
+	$reset_button = '<input type=reset  id="reset" class=button value="'.hsc($_['reset']).'" onclick="return Reset_File();">';
 	if ($WYSIWYG_VALID && $EDIT_WYSIWYG) {$reset_button = '';}
 
 	echo '<div class="edit_btns_bottom">';
@@ -2046,7 +2051,7 @@ function Edit_Page_buttons($text_editable, $too_large_to_edit) { //*************
 			echo $reset_button;
 		}//end if editable
 		
-		function RCD_button($action, $icon, $label){ //***************
+		function RCD_button($action, $icon, $label) {//***************
 			global $ICONS;
 			echo '<button type=button id="'.$action.'_btn" class="button RCD">'.$ICONS[$icon].'&nbsp;'.hsc($label).'</button>';
 		}//end RCD_button() //****************************************
@@ -2097,7 +2102,7 @@ function Edit_Page_form($ext, $text_editable, $too_large_to_edit, $too_large_to_
 				}else{          //show editable <textarea>
 					//<input name=filename> is used only to signal an Edit_response().
 					echo '<input type="hidden" name="filename" value="'.rawurlencode($filename).'">';
-					echo '<textarea id="file_editor" name="contents" cols="70" rows="25">';
+					echo '<textarea id=file_editor name=contents cols=70 rows=25>';
 					echo $FILECONTENTS.'</textarea>'."\n";
 				}
 			}//end if/elseif...
@@ -2119,7 +2124,7 @@ function Edit_Page_form($ext, $text_editable, $too_large_to_edit, $too_large_to_
 
 
 
-function Edit_Page_Notes() { //*************************************************
+function Edit_Page_Notes() {//**************************************************
 	global $_, $MAX_IDLE_TIME;
 			$SEC = $MAX_IDLE_TIME;
 			$HRS = floor($SEC/3600);
@@ -2142,7 +2147,7 @@ function Edit_Page_Notes() { //*************************************************
 
 
 
-function Edit_Page() { //*******************************************************
+function Edit_Page() {//********************************************************
 	global $_, $filename, $filename_OS, $FILECONTENTS, $etypes, $itypes, $EX, $message, $page,
 			$MAX_EDIT_SIZE, $MAX_VIEW_SIZE, $WYSIWYG_VALID, $IS_OFCMS;
 
@@ -2198,7 +2203,7 @@ function Edit_Page() { //*******************************************************
 
 
 
-function Edit_response(){ //***If on Edit page, and [Save] clicked *************
+function Edit_response() {//***If on Edit page, and [Save] clicked *************
 	global $_, $EX, $message, $filename, $filename_OS;
 
 	$contents    = $_POST['contents'];
@@ -2218,7 +2223,7 @@ function Edit_response(){ //***If on Edit page, and [Save] clicked *************
 
 
 
-function Upload_Page() { //*****************************************************
+function Upload_Page() {//******************************************************
 	global $_, $ONESCRIPT, $ipath, $param1, $INPUT_NUONCE, $UPLOAD_FIELDS, $MAIN_WIDTH;
 
 	$max_file_uploads = ini_get('max_file_uploads');
@@ -2260,7 +2265,7 @@ function Upload_Page() { //*****************************************************
 
 
 
-function Upload_response() { //*************************************************
+function Upload_response() {//**************************************************
 	global $_, $ipath, $ipath_OS, $page, $EX, $message, $UPLOAD_FIELDS;
 
 	$page  = "index"; //return to index.
@@ -2311,7 +2316,7 @@ function Upload_response() { //*************************************************
 
 
 
-function New_Page($title, $new_f_or_f) { //*********************************************
+function New_Page($title, $new_f_or_f) {//**********************************************
 	global $_, $FORM_COMMON, $INVALID_CHARS;
 
 	echo '<h2>'.hsc($title).'</h2>';
@@ -2326,7 +2331,7 @@ function New_Page($title, $new_f_or_f) { //*************************************
 
 
 
-function New_response($post, $isfile){ //***************************************
+function New_response($post, $isfile) {//***************************************
 	global $_, $ipath, $ipath_OS, $filename, $filename_OS, $page, $param1, $param2, $param3, $message, $EX, $INVALID_CHARS, $WHSPC_SLASH;
 
 	$page      = "index"; //Return to index if folder, or on error.
@@ -2372,7 +2377,7 @@ function New_response($post, $isfile){ //***************************************
 
 
 
-function Set_Input_width() { //*************************************************
+function Set_Input_width() {//**************************************************
 	global $_, $WEB_ROOT, $MAIN_WIDTH, $ACCESS_ROOT;
 
 	// (width of <input type=text>) = $MAIN_WIDTH - (Width of <label>) - (width of <span>$WEB_ROOT</span>)
@@ -2402,7 +2407,7 @@ function Set_Input_width() { //*************************************************
 
 
 
-function CRM_Page($action, $title, $action_id, $old_full_name) { //******************
+function CRM_Page($action, $title, $action_id, $old_full_name) {//*******************
 	//$action    = 'Copy' or 'Rename'.
 	//$action_id = 'copy_file' or 'rename_file'
 	global $_, $WEB_ROOT, $ipath, $param1, $filename, $FORM_COMMON, $ACCESS_ROOT, $ACCESS_PATH;
@@ -2437,7 +2442,7 @@ function CRM_Page($action, $title, $action_id, $old_full_name) { //*************
 
 
  
-function CRM_response($action, $msg1, $show_message = 3){ //********************
+function CRM_response($action, $msg1, $show_message = 3) {//********************
 	//$action = 'rCopy' or 'rename'.  Returns 0 if successful, 1 on error.
 	//$show_message: 0 = none; 1 = errors only; 2 = successes only; 3 = all messages (default).
 	global $_, $ONESCRIPT, $ipath, $ipath_OS, $filename, $page, $param1, $param2, $param3, 
@@ -2523,7 +2528,7 @@ function CRM_response($action, $msg1, $show_message = 3){ //********************
 
 
 
-function Delete_response($target, $show_message=3) { //*************************
+function Delete_response($target, $show_message=3) {//**************************
 	global $_, $ipath, $ipath_OS, $param1, $filename, $param2, $page, $message, $EX;
 
 	if ($target == "") { return 0; } //Prevent accidental delete of entire website.
@@ -2565,7 +2570,7 @@ function Delete_response($target, $show_message=3) { //*************************
 
 
  
-function MCD_Page($action, $page_title, $classes = '') { //*********************
+function MCD_Page($action, $page_title, $classes = '') {//**********************
 	//$action = mcd_mov or mcd_cpy or mcd_del
 	global $_,  $WEB_ROOT, $ONESCRIPT, $ipath, $ipath_OS, $param1, $filename, $page,
 			$ICONS, $ACCESS_ROOT, $ACCESS_PATH, $INPUT_NUONCE, $message;
@@ -2614,7 +2619,7 @@ function MCD_Page($action, $page_title, $classes = '') { //*********************
 
 
 
-function MCD_response($action, $msg1, $success_msg = '') { //*******************
+function MCD_response($action, $msg1, $success_msg = '') {//********************
 	global $_, $ipath, $ipath_OS, $EX, $message, $WHSPC_SLASH;
 
 	$files      = $_POST['files']; //List of files to delete (path not included)
@@ -2669,7 +2674,7 @@ function MCD_response($action, $msg1, $success_msg = '') { //*******************
 
 
 
-function Page_Title(){ //***<title>Page_Title()</title>*************************
+function Page_Title() {//***<title>Page_Title()</title>*************************
 	global $_, $page;
 
 	if     (!$_SESSION['valid'])     { return $_['Log_In'];        }
@@ -2696,7 +2701,7 @@ function Page_Title(){ //***<title>Page_Title()</title>*************************
 
 
 
-function Load_Selected_Page(){ //***********************************************
+function Load_Selected_Page() {//***********************************************
 	global $_, $ONESCRIPT, $ipath, $filename, $page;
 
 	if     (!$_SESSION['valid'])     { Login_Page(); }
@@ -2725,7 +2730,7 @@ function Load_Selected_Page(){ //***********************************************
 
 
 
-function Respond_to_POST() { //*************************************************
+function Respond_to_POST() {//**************************************************
 	global $_, $VALID_POST, $ipath, $page, $EX, $ACCESS_ROOT, $message;
 
 	if (!$VALID_POST) { return; }
@@ -2766,7 +2771,7 @@ function Respond_to_POST() { //*************************************************
 
 
 
-function init_ICONS_js() { //***************************************************
+function init_ICONS_js() {//****************************************************
 	global $ICONS;
 
 	//Currently, only icons for dir listing needed in js
@@ -2795,7 +2800,7 @@ function init_ICONS_js() { //***************************************************
 
 
 
-function common_scripts() { //**************************************************
+function common_scripts() {//***************************************************
 	global $_, $TO_WARNING, $message, $page, $DELAY_Expired_Reload;
 ?>
 <script>
@@ -2804,7 +2809,7 @@ function pad(num){ if ( num < 10 ){ num = "0" + num; }; return num; }
 
 
 
-function hsc(text) { //***********************************************
+function hsc(text) {//************************************************
 	//A basic htmlspecialchars()
 	return text
       .replace(/&/g, "&amp;")
@@ -2816,7 +2821,7 @@ function hsc(text) { //***********************************************
 
 
 
-function trim($string) { //*******************************************
+function trim($string) {//********************************************
 
 	//trim leading whitespace
 	$len = $string.length;
@@ -2851,7 +2856,7 @@ function FormatTime(Seconds) {//**************************************
 
 
 
-function format_number(number, sep) { //******************************
+function format_number(number, sep) {//*******************************
 	sep = typeof sep !== 'undefined' ? sep : ','; //default to a comma
 	var number	= number + "";   // 1234567890     convert number to a string
 	var result  = "";            // 1,234,567,890  sample result
@@ -2905,7 +2910,7 @@ function Countdown(count, End_Time, Timer_ID, Action){
 
 
 
-function Start_Countdown(count, ID, Action){ //***********************
+function Start_Countdown(count, ID, Action) {//***********************
 
 	var Time_Start  = Math.round(new Date().getTime()/1000); //in seconds
 	var Time_End    = Time_Start + count;
@@ -2954,7 +2959,7 @@ function FileTimeStamp(php_filemtime, show_date, show_offset, write_return){
 
 
 
-function Display_Messages($msg, take_focus) { //***********************
+function Display_Messages($msg, take_focus) {//************************
 
 	var $page     = '<?php echo $page ?>';
 	var new_focus = '';
@@ -2989,9 +2994,11 @@ function Display_Messages($msg, take_focus) { //***********************
 
 
 
-function Index_Page_onclicks() { //*********************************************
+function Index_Page_events() {//************************************************
+	global $PAGEUPDOWN;
 ?>
 <script>
+//onclick events
 var Select_All_ckbox	= document.getElementById('select_all');
 var Sort_Type			= document.getElementById('sort_type');
 var Folders_First_Ckbox = document.getElementById('folders_first_ckbox');
@@ -3005,14 +3012,85 @@ function Index_Page_onclicks() { //*********************************************
 Header_Filesize.onclick  = function () {Sort_and_Show(2, FLIP_IF); this.focus(); return false;}
 Header_Filedate.onclick  = function () {Sort_and_Show(3, FLIP_IF); this.focus(); return false;}
 Sort_Type.onclick		 = function () {Sort_and_Show(5, FLIP_IF); this.focus(); return false;}
+
+
+
+//Control cursor keys to navigate index page. (arrow up/down, page up/down, Home/End)
+document.onkeydown = function(event) { //*******************************
+
+	if (!event) {var event = window.event;} //for IE
+	var key = event.keyCode;
+
+	//Assign a few handy "constants", and ignore any other keys.
+	var AU = 38, AD = 40, PU = 33, PD = 34; END = 35, HOME = 36 // Arrow Up/Down, Page Up/Down, Home/End
+	if ((key != AU) && (key != AD) && (key != PU) && (key != PD) && (key != HOME) && (key != END)) { return }
+
+	var jump = <?php echo $PAGEUPDOWN ?>;//# of rows to jump with Page Up/Page Down.
+
+	var FROWS    = DIRECTORY_ITEMS; // For these events, "../" is 0, and files are indexed 1 to DIRECTORY_ITEMS.
+	var LAST_ROW = "f" + FROWS;
+
+	//Get id of current focus (before this event). If focus is in file list, ID = 'fn', or 'fnn', etc.
+	var ID = document.activeElement.id; 
+
+	//(F)ile (R)ow = 0,1, ... FROWS
+	var FR = parseInt(ID.substr(1));
+	if (isNaN(FR)) {FR = -1;} //If not in file list...
+
+	//true / false: indicates if current focus is on one of the elements of the table header row.
+	var focus_header = ((ID == "select_all")      || (ID == "folders_first_ckbox") || (ID == "sort_type") || 
+						(ID == "header_filename") || (ID == "header_filesize")     || (ID == "header_filedate"));
+
+	//In general: If at top of page, Arrow Up will loop to bottom of page, and vice-versa.
+	//            However, Page Up/Down will stop at top/bottom of page.
+	//            But, Page Up/Down will also "soft" stop on top/bottom of list (next Page Up/Down will scroll rest of way).
+	//            So, first check current focus, then key...
+	//
+	if      (key == HOME) { if (ID != "f0") {ID = "f0"} else {return} }
+	else if (key == END)  {	if (ID != LAST_ROW) {ID = LAST_ROW} else {return} }
+	else if (ID == 'path_0') { // webroot in path_header: webroot/current/path/
+		if      (key == AU)   {ID = LAST_ROW		 }
+		else if (key == PU)   {return				 }
+		else if (key == AD)   {ID = "header_filename"}
+		else if (key == PD)   {ID = "header_filename"}
+	}
+	else if (focus_header) { //in table header row
+		if      (key == AU) {ID = "path_0"  }
+		else if (key == PU) {ID = "path_0"  }
+		else if	(key == AD) {ID = "f0"      }
+		else if	(key == PD) {FR += jump; if (FR < FROWS) {ID = "f" + FR} else {ID = LAST_ROW}}
+	}
+	else if (FR == -1) {     // any other element not in file list
+		if 		( key == AU)				   {ID = "path_0"		  }
+		else if ( key == PU)				   {ID = "path_0"		  }
+		else if ((key == AD) && !focus_header) {ID = "header_filename"}
+		else if ((key == PD) && !focus_header) {ID = "header_filename"}
+	}
+	else { 
+		if      ((key == AD) &&  (ID == LAST_ROW)) {ID = "path_0"}
+		else if ((key == PD) &&  (ID == LAST_ROW)) {return		}
+		
+		else if	( key == AU) {			   if (FR > 0)     {ID = "f" + (FR - 1)} else {ID = "header_filename"} }
+		else if ( key == AD) {			   if (FR < FROWS) {ID = "f" + (FR + 1)} else {ID = "header_filename"} }
+		else if	( key == PU) { FR -= jump; if (FR > 0)     {ID = "f" + FR	   } else {ID = "header_filename"} }
+		else if ( key == PD) { FR += jump; if (FR < FROWS) {ID = "f" + FR	   } else {ID = LAST_ROW		 } }
+		else { return; }
+	}
+	document.getElementById(ID).focus();
+
+	//Prevent default browser scrolling via arrow & Page keys, so focus()'d element stays visible/in view port.
+	//(A few exceptions skip this via a return in the above  if/else's.)
+	if (event.preventDefault) { event.preventDefault() } else { event.returnValue = false }
+
+}//end onkeyup() //***************************************************
 </script>
 <?php
-}//end Index_Page_onclicks() //*************************************************
+}//end Index_Page_events() //***************************************************
 
 
 
 
-function Index_Page_scripts() { //**********************************************
+function Index_Page_scripts() {//***********************************************
 	global $_, $ONESCRIPT, $param1, $ipath, $message, $DELAY_Sort_and_Show_msgs, $MIN_DIR_ITEMS;
 ?>
 <script>
@@ -3036,7 +3114,7 @@ function Index_Page_scripts() { //**********************************************
 
 
 
-function Sort_Folders_First() { //************************************
+function Sort_Folders_First() {//*************************************
 
 	//DIRECTORY_DATA[x] = ("type", "file name", filesize, timestamp, is_ofcms)	
 
@@ -3066,7 +3144,7 @@ function Sort_Folders_First() { //************************************
 
 
 
-function sort_DIRECTORY(col, direction) { //**************************
+function sort_DIRECTORY(col, direction) {//***************************
 
 	//sort DIRECTORY_DATA[] by col and direction
 	
@@ -3111,7 +3189,7 @@ function sort_DIRECTORY(col, direction) { //**************************
 
 
 
-function Init_Dir_table_rows(DIR_LIST) { //***************************
+function Init_Dir_table_rows(DIR_LIST) {//****************************
 
 	var row, cell, cells, tr, td;
 
@@ -3127,19 +3205,24 @@ function Init_Dir_table_rows(DIR_LIST) { //***************************
 		cells[5].className = 'file_size meta_T';
 		cells[6].className = 'file_time meta_T';
 	}
-}//end Init_Dir_table_rows() { //*************************************
+}//end Init_Dir_table_rows() {//**************************************
 
 
 
 
 //********************************************************************
-function Assemble_Insert_row(IS_OFCMS, trow, href, f_or_f, filename, file_name, file_size, file_time){
+function Assemble_Insert_row(IS_OFCMS, row, trow, href, f_or_f, filename, file_name, file_size, file_time){
 
-	//Assemble [move] [copy] [delete] [x] 
-	var ren_mov = '<a href="' + href + '&amp;p=rename' + f_or_f + '" title="<?php echo hsc($_['Ren_Move']) ?>">' + ICONS['ren_mov'] + '</a>';
-	var copy    = '<a href="' + href + '&amp;p=copy'   + f_or_f + '" title="<?php echo hsc($_['Copy'])     ?>">' + ICONS['copy']    + '</a>';
-	var del     = '<a href="' + href + '&amp;p=delete' + f_or_f + '" title="<?php echo hsc($_['Delete'])   ?>">' + ICONS['delete']  + '</a>';
-	var checkbox = '<div class="ckbox"><INPUT TYPE=checkbox class=select_file NAME="files[]"  VALUE="'+ hsc(filename) +'"></div>';
+	//While DIRECTORY_DATA, and the table rows created to list the data, are indexed from 0 (zero),
+	//the id's of files in the directory list are indexed from 1 (f1, f2...), as "../" is listed first with id=f0 (f-zero).
+	//The id's are used in Index_Page_events() "cursor" control.
+	row++;
+
+	//Assemble [move] [copy] [delete] [x]
+	var ren_mov = '<a id=f' + row + 'c0 href="' + href + '&amp;p=rename' + f_or_f + '" title="<?php echo hsc($_['Ren_Move']) ?>">' + ICONS['ren_mov'] + '</a>';
+	var copy    = '<a id=f' + row + 'c1 href="' + href + '&amp;p=copy'   + f_or_f + '" title="<?php echo hsc($_['Copy'])     ?>">' + ICONS['copy']    + '</a>';
+	var del     = '<a id=f' + row + 'c2 href="' + href + '&amp;p=delete' + f_or_f + '" title="<?php echo hsc($_['Delete'])   ?>">' + ICONS['delete']  + '</a>';
+	var checkbox = '<div class="ckbox"><INPUT id=f' + row + 'c3 TYPE=checkbox class=select_file NAME="files[]"  VALUE="'+ hsc(filename) +'"></div>';
 
 	//Don't show remove, delete, or checkbox options for active copy of OneFileCMS.
 	if (IS_OFCMS) { ren_mov = del = checkbox = ''; }
@@ -3159,7 +3242,7 @@ function Assemble_Insert_row(IS_OFCMS, trow, href, f_or_f, filename, file_name,
 
 
 
-function Build_Directory() { //***************************************
+function Build_Directory() {//****************************************
 
 	var DIR_LIST = document.getElementById("DIRECTORY_LISTING");
 
@@ -3185,7 +3268,7 @@ function Build_Directory() { //***************************************
 			var file_size = format_number(filesize) + ' B';
 		}
 		
-		var file_name  = '<a href="' + href  + '"';
+		var file_name  = '<a id=f'+(row + 1)+' href="' + href  + '"';
 			file_name += ' title="<?php echo hsc($_['Edit_View']) ?>: ' + hsc(filename) + '" >';
 			file_name += ICONS[filetype] + '&nbsp;' + hsc(filename) + DS + '</a>';
 		var file_time  = FileTimeStamp(filetime, 1, 0, 0);
@@ -3193,14 +3276,14 @@ function Build_Directory() { //***************************************
 		var IS_OFCMS = DIRECTORY_DATA[row][4];
 		var trow = DIR_LIST.rows[row];
 		
-		Assemble_Insert_row(IS_OFCMS, trow, href, f_or_f, filename, file_name, file_size, file_time);
+		Assemble_Insert_row(IS_OFCMS, row, trow, href, f_or_f, filename, file_name, file_size, file_time);
 	}//end for (row...
 }//end Build_Directory() //*******************************************
 
 
 
 
-function Directory_Summary() { //*************************************
+function Directory_Summary() {//**************************************
 
 	var total_items  = DIRECTORY_DATA.length;
 	var folder_count = 0;
@@ -3227,7 +3310,7 @@ function Directory_Summary() { //*************************************
 
 
 
-function Sort_and_Show(col, direction) { //***************************
+function Sort_and_Show(col, direction) {//****************************
 
 	var DELAY = 0;
 	if (DIRECTORY_ITEMS > <?php echo $MIN_DIR_ITEMS ?>) { //
@@ -3249,7 +3332,7 @@ function Sort_and_Show(col, direction) { //***************************
 
 
 
-function Select_All() { //*******************************************
+function Select_All() {//********************************************
 
 	//Does not work in IE if the variable name is spelled the same as the Element Id
 	//So, prefix with a dollar sign (a valid character in JS for variable names).
@@ -3271,7 +3354,7 @@ function Select_All() { //*******************************************
 
 
 
-function Confirm_Submit(action){ //***********************************
+function Confirm_Submit(action) {//***********************************
 	
 	var files = document.mcdselect.elements['files[]'];
 	var last  = files.length;   //number of files
@@ -3298,7 +3381,7 @@ function Confirm_Submit(action){ //***********************************
 
 
 
-function Edit_Page_scripts() { //***********************************************
+function Edit_Page_scripts() {//************************************************
 	global $_, $ONESCRIPT, $ONESCRIPT_file, $ipath, $param1, $param2, $filename,
 			$MAIN_WIDTH, $WIDE_VIEW_WIDTH, $current_view, $WYSIWYG_VALID, $EDIT_WYSIWYG;
 
@@ -3338,8 +3421,7 @@ function Edit_Page_scripts() { //***********************************************
 var submitted  = false;
 var changed    = false;
 
-//[View Raw], [Close], and [Copy], should always be present on Edit Page.
-View_Raw_button.onclick  = function () { window.open(onclick_params + 'raw_view'); }
+//[Close], and [Copy], should always be present on Edit Page.
 Close_button.onclick     = function () { parent.location = '<?php echo $close_params ?>'; }
 Close_button.focus();
 Copy_File_button.onclick = function () { parent.location = onclick_params + 'copyfile';   }
@@ -3350,7 +3432,8 @@ function Edit_Page_scripts() { //***********************************************
 	Wide_View_button.innerHTML = '<?php echo hsc($_['Normal_View']) ?>';
 }
 
-//These elements do not exist if file is not editable.
+//These elements do not exist if file is not editable, or maybe if in WYSIWYG mode.
+if (View_Raw_button)    { View_Raw_button.onclick  = function ()   {window.open(onclick_params + 'raw_view'); } }
 if (Wide_View_button)   { Wide_View_button.onclick = function ()   {Wide_View();}    }
 if (Save_File_button)   { Save_File_button.onclick = function ()   {submitted=true;} }
 if (WYSIWYG_button  )   { WYSIWYG_button.onclick = function ()     {<?php echo $WYSIWYG_onclick ?>} }
@@ -3360,25 +3443,6 @@ function Edit_Page_scripts() { //***********************************************
 
 
 
-function Wide_View() {
-
-	var main_width_default = '<?php echo $MAIN_WIDTH ?>';
-
-	if ( File_textarea ) { File_textarea.style.width = '99.8%'; }
-	
-	if (Main_div.style.width == '<?php echo $WIDE_VIEW_WIDTH ?>') {
-		Main_div.style.width       = main_width_default;
-		Wide_View_button.innerHTML = "<?php echo hsc($_['Wide_View'])?>";
-		document.cookie            = 'edit_view=' + main_width_default;
-	}else{
-		Main_div.style.width       = '<?php echo $WIDE_VIEW_WIDTH ?>';
-		Wide_View_button.innerHTML = '<?php echo hsc($_['Normal_View']) ?>';
-		document.cookie            = 'edit_view=<?php echo $WIDE_VIEW_WIDTH ?>';
-	}
-}
-
-
-
 window.onbeforeunload = function() {
 	if ( changed && !submitted ) {
 		//FF4+ Ingores the supplied msg below & only uses a system msg for the prompt.
@@ -3398,10 +3462,29 @@ function Wide_View() {
 }
 
 
+
+function Wide_View() {
+
+	var main_width_default = '<?php echo $MAIN_WIDTH ?>';
+
+	if ( File_textarea ) { File_textarea.style.width = '99.8%'; }
+	
+	if (Main_div.style.width == '<?php echo $WIDE_VIEW_WIDTH ?>') {
+		Main_div.style.width       = main_width_default;
+		Wide_View_button.innerHTML = "<?php echo hsc($_['Wide_View'])?>";
+		document.cookie            = 'edit_view=' + main_width_default;
+	}else{
+		Main_div.style.width       = '<?php echo $WIDE_VIEW_WIDTH ?>';
+		Wide_View_button.innerHTML = '<?php echo hsc($_['Normal_View']) ?>';
+		document.cookie            = 'edit_view=<?php echo $WIDE_VIEW_WIDTH ?>';
+	}
+}
+
+
+
 function Reset_file_status_indicators() {	
 	changed = false;
 	File_textarea.style.backgroundColor = "#F5FFF5";  //light green
-	File_textarea.style.borderColor     = "";
 	Save_File_button.style.borderColor  = "";
 	Save_File_button.innerHTML          = "<?php echo hsc($_['save_1'])?>";
 	Reset_button.disabled               = "disabled";
@@ -3430,8 +3513,7 @@ function Check_for_changes(event){
 	changed = (File_textarea.value != start_value);
 	if (changed){
 		document.getElementById('message_box').innerHTML = " "; //Must have a space, or it won't clear the msg.
-		File_textarea.style.backgroundColor    = "#FFF"; //white
-		File_textarea.style.borderColor        = "#F33"; //mild red
+		File_textarea.style.backgroundColor    = "white";
 		Save_File_button.style.borderColor	   = "#F33";
 		Save_File_button.innerHTML			   = "<?php echo hsc($_['save_2'])?>";
 		Reset_button.disabled				   = "";
@@ -3453,6 +3535,7 @@ function Reset_File() {
 	setSelRange(File_textarea, 0, 0) //Move cursor to start of textarea.
 }
 
+
 Reset_file_status_indicators();
 </script>
 <?php
@@ -3461,7 +3544,7 @@ function Reset_File() {
 
 
 
-function pwun_event_scripts($form_id, $button_id, $pwun=''){ //*****************
+function pwun_event_scripts($form_id, $button_id, $pwun='') {//*****************
 	global $_;
 
 	//pre-hash "new1" & "new2" only if changing p/w (not if changing u/n).
@@ -3508,9 +3591,10 @@ function events_up(event, capture_key) {
 }
 
 
-document.onmouseup = function(event) {if (!event) {var event = window.event;} //if IE
-	//if mousedown was on submit button, but mouseup wasn't, clear message.
+document.onmouseup = function(event) {
+	if (!event) {var event = window.event;} //if IE
 
+	//if mousedown was on submit button, but mouseup wasn't, clear message.
 	var target = event.target || event.srcElement; //target = most brosers || IE
 	if ($submitdown && ($submit_button.id != target.id) ) { $message_box.innerHTML = ''; } 
 	$submitdown = false;
@@ -3551,7 +3635,7 @@ function pre_validate_pwun() {
 
 
 
-function js_hash_scripts() { //*************************************************
+function js_hash_scripts() {//**************************************************
 	global $SALT, $PRE_ITERATIONS;
 
 //Used to hash p/w's client side.  This does not really add any security to the 
@@ -3592,7 +3676,7 @@ function hash($element_id) {
 
 
 
-function style_sheet(){ //******************************************************
+function style_sheet() {//******************************************************
 ?>
 <style>
 /* --- reset --- */
@@ -3617,7 +3701,8 @@ function style_sheet(){ //******************************************************
 i, em     { font-style : italic; }
 b, strong { font-weight: bold;   }
 
-:focus { outline:0; }
+:focus {outline:0;}
+:hover {border-color: #333;}
 
 table { border-collapse:separate; border-spacing:0; }
 th,td { text-align:left; font-weight:400; }
@@ -3633,11 +3718,11 @@ function style_sheet(){ //******************************************************
 input[readonly]        { color: #333; background-color: #EEE; }
 input[disabled]        { color: #555; background-color: #EEE; }
 
-input:focus  { background-color: rgb(255,250,150); }
+input:focus  { background-color: rgb(255,250,150); border: 1px solid #333; }
 input:hover  { background-color: rgb(255,250,150); }
 
-button:focus  { background-color: rgb(255,250,150); border-color: #333;}
 button:hover  { background-color: rgb(255,250,150); border-color: #333;}
+button:focus  { background-color: rgb(255,250,150); border-color: #333;}
 button:active { background-color: rgb(245,245,50);  border-color: #333;}
 
 /* --- layout --- */
@@ -3849,6 +3934,8 @@ function style_sheet(){ //******************************************************
 	background-color: #EEE;
 	}
 
+.button:hover     { border: 1px solid #333; background-color: rgb(255,250,150); }
+.button:focus     { border: 1px solid #333; background-color: rgb(255,250,150); }
 .button:active    { background-color: rgb(245,245,50); }                  /*first                 */
 .button[disabled] { color: #777; background-color: #EEE; cursor: default} /*second - order matters*/
 
@@ -3861,7 +3948,6 @@ function style_sheet(){ //******************************************************
 .nav a { border: 1px solid transparent; font-weight: bold; padding: .2em .6em .1em .6em; }
 .nav a:hover  { border: 1px solid #333; }
 .nav a:focus  { border: 1px solid #333; }
-.nav a:active { border: 1px solid #333; }
 
 
 /* --- edit --- */
@@ -4033,9 +4119,8 @@ function style_sheet(){ //******************************************************
 	padding: 1px 5px 0 5px;
 	}
 
-#path_header a:hover  { border-left : solid 1px #777; border-right: solid 1px #777; background-color: rgb(255,250,150); }
-#path_header a:focus  { border-left : solid 1px #777; border-right: solid 1px #777; background-color: rgb(255,250,150); }
-#path_header a:active { border-left : solid 1px #777; border-right: solid 1px #777; background-color: rgb(245,245,50); }
+#path_header a:hover  { border-left : solid 1px #777; border-right: solid 1px #777; }
+#path_header a:focus  { border-left : solid 1px #777; border-right: solid 1px #777; }
 
 </style>
 <?php
@@ -4044,7 +4129,7 @@ function style_sheet(){ //******************************************************
 
 
 
-function Language_and_config_adjusted_styles() { //*****************************
+function Language_and_config_adjusted_styles() {//******************************
 	global $_, $MAIN_WIDTH, $message, $page;
 ?>
 <style>
@@ -4077,7 +4162,7 @@ function Language_and_config_adjusted_styles() { //*****************************
 
 
 
-function Load_style_sheet(){ //*************************************************
+function Load_style_sheet() {//*************************************************
 	global $CSS_FILE, $message;
 
 	style_sheet(); //first load built-in defaults
diff --git a/readme.markdown b/readme.markdown
index f3d4b55..3cfe12b 100755
--- a/readme.markdown
+++ b/readme.markdown
@@ -2,7 +2,7 @@
 
 ## Yes, that's *exactly* what it is!
 
-OneFileCMS is a simple CMS (Content Management System) contained entirely in a single file, database-less, PHP script.
+OneFileCMS is a simple CMS (Content Management System) contained entirely in a single, database-less, PHP/Javascript.
 
 With basic editing, upload, and file managing functions, OneFileCMS can maintain an entire website completely in-browser without any external programs.
 
@@ -37,10 +37,11 @@ With basic editing, upload, and file managing functions, OneFileCMS can maintain
 - Sort directory listings by file name, extension, size, or date.
 - A basic text editor.
 - A WYSIWYG editor may be added as a plugin.
-- A Login delay after too many invalid login attempts.
+- A login delay after too many invalid login attempts.
 - Adjustable idle time before auto-logout.
 - Easily modifiable & re-brandable.
 - Multi-language support.
+- Lots more...
 - <del>Possibly</del> The easiest installation process ever!
 
 --------------------------------------------------------------------------------
@@ -63,11 +64,11 @@ You can also change the file name from "onefilecms.php" to something else, such
 
 - PHP 5.1+
   (Only tested on versions 5.2.8, 5.2.17, 5.3.3, and 5.4 + )
-- File permission privileges on your host.
 - A Javascript enabled browswer.
-- Most* modern browsers probably work, but I only test on Firefox, Chrome, and IE 8.
-- And- but only if you wish to see the icons- a browser that supports inline SVG.  
+- Most modern browsers probably work, but I only test on Firefox, Chrome, and IE 8.
+- And if you wish to see the icons- a browser that supports inline SVG.  
   (If your browser doesn't support inline SVG, OneFileCMS will still work, just without any icons.)
+- File permission privileges on your host.
 
 --------------------------------------------------------------------------------
 ## <a name=faq></a>FAQ
@@ -76,9 +77,8 @@ You can also change the file name from "onefilecms.php" to something else, such
 - [I found something that could be better. Can I suggest it to you?](#suggestions)
 - [Can I have more than one username/password?](#multiuser)
 - [This is basically just a file manager with a text editor- why is it being called a CMS?](#handsaw)
+- [Why do I get a "Stop running this script?" alert during login?](#slowlogin)
 - [Where's the WYSISWYG?](#WYSIWYG)
-- [Why do I get a "Stop running script?" pop-up during login?](#slowlogin)
-
 
 ### <a name=language></a>Multi-Language Support?
 
@@ -105,14 +105,14 @@ Now, since there is no database or other means of granular control or access log
 
 ### <a name=handsaw></a>This is basically just a file manager with a text editor- why is it being called a CMS?
 
-It may be simple, bit it can get the job done.  While you wouldn't want to build an entire house with just a hammer and hand saw, you can "manage" quite a bit with just those two tools (and nails, of course).  Besides, "OneFileCMS" sounds cool. 
+Because it is. And it may be simple, but it can get the job done.  While you wouldn't want to build a new house from the ground up with just a hammer, hand saw, and tape measure, you can "manage" quite a bit with just those tools (and nails, of course).  Besides, "OneFileCMS" sounds cool. 
 
 
-### <a name=slowlogin></a>Why do I get a "Stop running script?" pop-up during login?
+### <a name=slowlogin></a>Why do I get a "Stop running this script?" alert during login?
 
-IE, version 8 at least, takes condsiderably longer (about 8 seconds on my test system) to run OneFile's javascript login functions than Chrome or Firefox.  Just click [No] and the login should continue normally after a few more seconds.  
+OneFile's login functions take condsiderably longer* to run on IE, version 8 at least, than on Chrome or Firefox.  Just click [ No ] on the alert, and the login should finish after a few more seconds.   *(About 8 seconds -vs- 1/4 second on my test system.)
 
-Not counting the time the pop-up is waiting for a response, the 8 seconds previously mentioned is the time to login from a 2.5gz single-core XP system.  This delay is the result of the client-side "pre-hash" OneFileCMS performs on your password before submitting the login to OneFileCMS server-side.  
+The delay is the result of the client-side "pre-hash" OneFileCMS performs on your password before submitting the login to OneFileCMS server-side.  Not counting the time the pop-up is waiting for a response, the 8 seconds previously mentioned is from a 2.5gz single-core XP system.  
 
 See the global variable "$PRE\_ITERATIONS" at the end of System\_Setup().  It can be adjusted, but it's best to do so on a local copy in a development setup, then upload the updated copy.
 

From dc3d055498f85347881eee6d11f20bd6674163b3 Mon Sep 17 00:00:00 2001
From: Self-Evident <selfevidenttruths@mail.com>
Date: Wed, 2 Apr 2014 22:00:00 -0400
Subject: [PATCH 197/228] Version 3.5.14 Improvements/enhancements to Index
 page keyboard navigation... Index_Page_events(): much of the changes for the
 above. Added $TABINDEX global for adding tabindex to most tabbable elements.
 Index_Page(): moved call to Index_Page_scripts() to end of _Page(). Moved
 header_filename.focus() to Index_Page_events() Confirm_Submit(): switched
 from alert() to Display_Messages() for error message.
 Index_Page_buttons_top(): in addtion to tabindex, added id's
 Check_for_changes(): added check for IE & window.event A bit of css...

---
 extras/OneFileCMS.css         |  66 ++---
 info/OneFileCMS_structure.txt |   4 +-
 info/changelog.markdown       |   7 +
 onefilecms.php                | 441 +++++++++++++++++++++++-----------
 readme.markdown               |  14 +-
 5 files changed, 358 insertions(+), 174 deletions(-)

diff --git a/extras/OneFileCMS.css b/extras/OneFileCMS.css
index 3f48ab3..ed12e8d 100755
--- a/extras/OneFileCMS.css
+++ b/extras/OneFileCMS.css
@@ -1,5 +1,5 @@
 /*******************************************************************************
-Sample, OPTIONAL, external style sheet for OneFileCMS v3.5.13
+Sample, OPTIONAL, external style sheet for OneFileCMS v3.5.14
 *******************************************************************************/
 
 /* --- reset --- */
@@ -37,6 +37,7 @@ pre { background: white; border: 1px solid #777; padding: .2em; margin: 0; }
 input[type="text"]     { width: 100%; border: 1px solid #777; padding: 1px 1px 1px 0; font : 1em Courier; }
 input[type="password"] { width: 100%; border: 1px solid #777; padding: 0   1px 0   0; }
 input[type="file"]     { width: 100%; border: 1px solid #777; background-color: white; margin: 0; }
+input[type="checkbox"] { cursor : pointer; }
 
 input[readonly]        { color: #333; background-color: #EEE; }
 input[disabled]        { color: #555; background-color: #EEE; }
@@ -44,9 +45,9 @@ input[disabled]        { color: #555; background-color: #EEE; }
 input:focus  { background-color: rgb(255,250,150); border: 1px solid #333; }
 input:hover  { background-color: rgb(255,250,150); }
 
-button:hover  { background-color: rgb(255,250,150); border-color: #333; }
-button:focus  { background-color: rgb(255,250,150); border-color: #333; }
-button:active { background-color: rgb(245,245,50);  border-color: #333; }
+button:hover  { background-color: rgb(255,250,150); border-color: #333;}
+button:focus  { background-color: rgb(255,250,150); border-color: #333;}
+button:active { background-color: rgb(245,245,50);  border-color: #333;}
 
 /* --- layout --- */
 
@@ -119,45 +120,50 @@ button:active { background-color: rgb(245,245,50);  border-color: #333; }
 
 
 /*** Select All [x] ***/
-#select_all_th { min-width: 60px ; max-width: 70px; text-align: right; padding:  0 0 0 0; } /*TRBL*/
-#select_all {margin: 3px 0 0 0; cursor : pointer;}  /*checkbox*/
 #select_all_label { 
 	font   : 400 .84em arial;
 	color  : #333;
-	border-right: solid transparent 1px;
-	padding: 3px 2px 2px 2px;
+	display: inline-block;
+	padding: 4px 0 3px 0;
 	cursor : pointer;
+	width  : 72px; /*Adjusted by langauge files*/
+	border-right: solid transparent 1px;
 	}
 
-#select_all_label:hover  { border-left: 1px solid #777; background-color: rgb(255,250,150); }
-#select_all_label:hover  { border-top-width: 0; border-bottom-width: 0; }
+#select_all_label:hover  { background-color: rgb(255,250,150); }
+#select_all_label:active { background-color: rgb(245,245, 50); }
 
 
 /*** Directory list file select boxes ***/
-.ckbox {padding: 2px 4px 0 4px}
-.ckbox:focus { background-color: rgb(255,250,150); }
-.ckbox:hover { background-color: rgb(255,250,150); }
-.select_file {cursor : pointer;}
+/*ckbox is assigned to <td>'s & <th>'s that contain <input type=checkbox>*/
+.ckbox        {padding: 4px 4px 2px 4px; display: inline-block;}
+.ckbox:hover  {background-color: rgb(255,240,100);} 
+.ckbox:active {background-color: rgb(245,245, 50);}
+
+/* Slightly darker colors for [m][c][d] file options since they are small & less noticable*/
+.MCD:hover  {background-color: rgb(255,240,100);}
+.MCD:focus  {background-color: rgb(250,240,100);}
+.MCD:active {background-color: rgb(245,245, 50);}
 
 
 /*** [x] Folders First ***/
-#folders_first_ckbox {margin: 3px 0 0px 4px;cursor : pointer;}
 #folders_first_label {
-	border: solid 1px transparent;
-	font-size: .9em;
+	display: inline-block;
+	font-size  : .9em;
 	font-weight: normal;
-	color: #333; margin: 0;
-	padding: 3px 0 2px 0;
+	border     : solid 1px transparent;
+	color  : #333;
+	margin : 0 0 0 -5px;
+	padding: 4px 0 2px 0;
 	cursor : pointer;
 }
 
 #folders_first_label:hover {
-	border            : solid 1px #777;
 	background-color  : rgb(255,250,150);
-	cursor            : pointer;
 	border-left-color : silver;
 	border-right-color: silver;
 }
+#folders_first_label:active {background-color  : rgb(245,245, 50);}
 
 
 /* --- Directory Listing --- */
@@ -180,18 +186,18 @@ table.index_T th:hover { background-color: white;}
 .index_T th a { padding: 1px 0 1px 0; border-width: 0px;}
 
 .index_T th.file_name   { text-align: left; }
-.index_T th.file_name a { display: inline-block; padding: 2px 2.5em 2px 1.5em; border-top-width: 0px; border-bottom-width: 0px;}
+.index_T th.file_name a { display: inline-block; padding: 4px 2.5em 3px 1.5em; border-top-width: 0px; border-bottom-width: 0px;}
 
 #header_filename       {border-width: 0 1px 0 1px; min-width: 2.5em;}
 #header_filename:hover {border-color: silver;}
 #header_filename:focus {border-color: silver;}
 
-.index_T th.file_size a { display  : block; padding: 2px 0 2px 0; }
-.index_T th.file_time a { display  : block; padding: 2px 0 2px 0; }
+.index_T th.file_size a { display  : block; padding: 4px 0 3px 0; }
+.index_T th.file_time a { display  : block; padding: 4px 0 3px 0; }
 
-#sort_type       {float: right; padding: 1px 5px 3px 4px; border-width: 0px 0 0 1px;}
-#sort_type:hover {border-color: silver;}
-#sort_type:focus {border-color: silver;}
+#header_sorttype       {float: right; padding: 4px 5px 3px 4px; border-width: 0px 0 0 1px;}
+#header_sorttype:hover {border-color: silver;}
+#header_sorttype:focus {border-color: silver;}
 
 .file_name { max-width: 26em; }
 .file_size { min-width:  6em; padding-left: 10px; }
@@ -217,7 +223,7 @@ table.index_T th:hover { background-color: white;}
 
 
 /*These must go after .front_links and other style that affect <a> tags*/
-a { border: 1px solid transparent; text-decoration: none; }  /*color: rgb(100,45,0);*/
+a { border: 1px solid transparent; text-decoration: none; }
 a:focus  { border: 1px solid #333; background-color: rgb(255,250,150); }
 a:hover  { border: 1px solid #333; background-color: rgb(255,250,150); }
 a:active { border: 1px solid #333; background-color: rgb(245,245,50);  }
@@ -442,5 +448,5 @@ input[type="text"]#new_name {width  : 50%; margin-bottom: .2em;}
 	padding: 1px 5px 0 5px;
 	}
 
-#path_header a:hover  { border-left : solid 1px #777; border-right: solid 1px #777; background-color: rgb(255,250,150); }
-#path_header a:focus  { border-left : solid 1px #777; border-right: solid 1px #777; background-color: rgb(255,250,150); }
+#path_header a:hover  { border-left : solid 1px #777; border-right: solid 1px #777; }
+#path_header a:focus  { border-left : solid 1px #777; border-right: solid 1px #777; }
diff --git a/info/OneFileCMS_structure.txt b/info/OneFileCMS_structure.txt
index 90ddbf0..103a782 100755
--- a/info/OneFileCMS_structure.txt
+++ b/info/OneFileCMS_structure.txt
@@ -1,4 +1,4 @@
-OneFileCMS Version 3.5.13 structure/layout
+OneFileCMS Version 3.5.14 structure/layout
 
 LICENSE
 
@@ -99,6 +99,8 @@ JAVASCRIPT FUNCTIONS:
 		Display_Messages()
 	Index_Page_events()
 		(various onclicks)
+		Tab_Down()
+		document.onmousedown()
 		document.onkeydown
 	Index_Page_scripts()
 		Sort_FOlder_First()
diff --git a/info/changelog.markdown b/info/changelog.markdown
index 3a9ce72..7d532d8 100755
--- a/info/changelog.markdown
+++ b/info/changelog.markdown
@@ -1,5 +1,12 @@
 # OneFileCMS Change Log
 
+### v3.5.14 (2014-04-03)
+
+- Improved keyboard navigation of directory listings (Arrows, Page Up/Down, etc...)
+- Asked "how hard can it be?" - and found out...
+- Fixed a minor bug on the Edit page (affected IE only).
+- Some css adjustments/cleanup (needs lots more).
+
 ### v3.5.13 (2014-03-30)
 
 - Added basic keyboard navigation on directory listings.
diff --git a/onefilecms.php b/onefilecms.php
index a1f1e5c..da578e7 100755
--- a/onefilecms.php
+++ b/onefilecms.php
@@ -2,7 +2,7 @@
 
 // OneFileCMS - github.com/Self-Evident/OneFileCMS
 
-$OFCMS_version = '3.5.13';
+$OFCMS_version = '3.5.14';
 
 /*******************************************************************************
 Except where noted otherwise:
@@ -329,7 +329,7 @@ function Default_Language() { // ***********************************************
 $_['image_info_font_size']   = '1em';    //show_img_msg_01  &  _02
 $_['image_info_pos']         = '';       //If 1 or true, moves the info down a line for more space.
 $_['select_all_label_size']  = '.84em';  //Font size of $_['Select_All']
-$_['select_all_label_width'] = '72px';   //Width of space for $_['Select_All'] //Not used as of 3.4.23
+$_['select_all_label_width'] = '72px';   //Width of space for $_['Select_All']
 $_['HTML']    = 'HTML';
 $_['WYSIWYG'] = 'WYSIWYG';
 $_['Admin']    = 'Admin';
@@ -1148,7 +1148,7 @@ function rDel($path) {//********************************************************
 function Current_Path_Header() {//**********************************************
  	// Current path. ie: webroot/current/path/
 	// Each level is a link to that level.
-	global $ONESCRIPT, $ipath, $WEB_ROOT, $ACCESS_ROOT, $ACCESS_ROOT_len, $message;
+	global $ONESCRIPT, $ipath, $WEB_ROOT, $ACCESS_ROOT, $ACCESS_ROOT_len, $TABINDEX, $message;
 
 	$unaccessable    = '';
 	$_1st_accessable = trim($WEB_ROOT, ' /');
@@ -1166,9 +1166,9 @@ function Current_Path_Header() {//**********************************************
 	echo '<h2 id="path_header">';
 		//Root (or $ACCESS_ROOT) folder of web site.
 		$p1 = '?i='.URLencode_path($ACCESS_ROOT);
-		echo $unaccessable.'<a id="path_0" href="'.$ONESCRIPT.$p1.'" class="path">'.hsc($_1st_accessable).'</a>/';
+		echo $unaccessable.'<a id=path_0 tabindex='.$TABINDEX++.' href="'.$ONESCRIPT.$p1.'" class="path">'.hsc($_1st_accessable).'</a>/';
 		$x=0; //need here for focus() in case at webroot.
-		
+
 		if ($remaining_path != "" ) { //if not at root, show the rest
 			$path_levels  = explode("/",trim($remaining_path,'/') );
 			$levels = count($path_levels); //If levels=3, indexes = 0, 1, 2  etc...
@@ -1177,7 +1177,7 @@ function Current_Path_Header() {//**********************************************
 			for ($x=0; $x < $levels; $x++) {
 				$current_path .= $path_levels[$x].'/';
 				$p1 = '?i='.URLencode_path($ACCESS_ROOT.$current_path);
-				echo '<a id="path_'.($x+1).'" href="'.$ONESCRIPT.$p1.'" class="path">';
+				echo '<a id="path_'.($x+1).'" tabindex='.$TABINDEX++.' href="'.$ONESCRIPT.$p1.'" class="path">';
 				echo hsc($path_levels[$x]).'</a>/';
 			}
 		}//end if(not at root)
@@ -1188,24 +1188,25 @@ function Current_Path_Header() {//**********************************************
 
 
 function Page_Header() {//******************************************************
-	global  $_, $DOC_ROOT, $ONESCRIPT, $page, $WEBSITE, $config_title, $OFCMS_version, $config_favicon, $message;
+	global  $_, $DOC_ROOT, $ONESCRIPT, $page, $WEBSITE, $config_title, $OFCMS_version, $config_favicon, $TABINDEX, $message;
+
+	$TABINDEX = 1;
 
 	$favicon = '';
 	if (file_exists($DOC_ROOT.trim($config_favicon,'/'))) {
 		$favicon =  '<img src="/'.URLencode_path($config_favicon).'" alt="">';
 	}
 
-	$on_php = '('.hsc($_['on']).'&nbsp;php&nbsp;'.phpversion().')';
-	if ($_SESSION["valid"]) { $on_php = '<a href="'.$ONESCRIPT.'?p=phpinfo'.'" target=_blank>'.$on_php.'</a>';}
-
 	echo '<div id="header">';
-		echo '<a href="'.$ONESCRIPT.'" id="logo" tabindex=-1>'.$config_title.'</a> '.$OFCMS_version.' ';
+		echo '<a href="'.$ONESCRIPT.'" id="logo" tabindex='.$TABINDEX++.'>'.$config_title.'</a> '.$OFCMS_version.' ';
+		
+		$on_php = '('.hsc($_['on']).'&nbsp;php&nbsp;'.phpversion().')';
+		if ($_SESSION["valid"]) { $on_php = '<a id=on_php tabindex='.$TABINDEX++.' href="'.$ONESCRIPT.'?p=phpinfo'.'" target=_blank>'.$on_php.'</a>';}
 		echo $on_php;
 		
 		echo '<div class="nav">';
-			echo '<b><a href="/" target="_blank">'.$favicon.' ';
-			echo hsc($WEBSITE).'</a></b>';
-			if ($page != "login") {	echo ' | <a href="'.$ONESCRIPT.'?p=logout">'.hsc($_['Log_Out']).'</a>'; }
+			echo '<b><a id=website href="/" tabindex='.$TABINDEX++.' target="_blank">'.$favicon.' '.hsc($WEBSITE).'</a></b>';
+			if ($page != "login") {	echo ' | <a id=logout tabindex='.$TABINDEX++.' href="'.$ONESCRIPT.'?p=logout">'.hsc($_['Log_Out']).'</a>'; }
 		echo '</div><div class=clear></div>';
 	echo '</div>';//<!-- end header -->
 }//end Page_Header() //*********************************************************
@@ -1785,35 +1786,34 @@ function Login_response() {//***************************************************
 
 
 function Create_Table_for_Listing() {//*****************************************
-	global$_, $ONEFILECMS, $ipath, $ipath_OS, $DOC_ROOT_OS, $ICONS;
+	global$_, $ONEFILECMS, $ipath, $ipath_OS, $DOC_ROOT_OS, $ICONS, $TABINDEX;
 
 	//Header row: | Select All|[ ]|[X](folders first)      Name      (ext) |   Size   |    Date    |
-	//<input hidden> is a dummy input to make sure files[] is always an array for Select_All() & Confirm_Ready().
 
 	$new_path = URLencode_path(dir_name($ipath)); //for "../" entry in dir list.
 	$new_path_OS = $DOC_ROOT_OS.dir_name($ipath_OS);//.dir_name($ipath_OS);
+
+	//<input hidden> is a dummy input to make sure files[] is always an array for Select_All() & Confirm_Ready().
 ?>
 	<INPUT TYPE=hidden NAME="files[]" VALUE="">
 
 	<table class="index_T">
 
 	<tr>
-	<th colspan=3 id="select_all_th">
-		<LABEL for=select_all id=select_all_label><?php echo hsc($_['Select_All']) ?></LABEL></th>
-	<th class="ckbox">
-		<INPUT TYPE=checkbox id=select_all NAME=select_all VALUE=select_all></th>
-	<th class="file_name ckbox" style="">
-		<INPUT TYPE=checkbox id=folders_first_ckbox NAME=folder_first VALUE=folders_first checked>
-		<label for=folders_first_ckbox id=folders_first_label title="<?php  echo hsc($_['folders_first_info']) ?>">
-			(<?php echo hsc($_['folders_first']) ?>)
-		</label>		  <a href="#" id=header_filename><?php echo hsc($_['Name']) ?></a><a
-							 href="#" id=sort_type>(<?php echo hsc($_['ext']) ?>)</a></th>
-	<th class="file_size"><a href="#" id=header_filesize><?php echo hsc($_['Size']) ?></a></th>
-	<th class="file_time"><a href="#" id=header_filedate><?php echo hsc($_['Date']) ?></a></th>
+	<th colspan=3 id=select_all_th><LABEL for=select_all_ckbox id=select_all_label><?php echo hsc($_['Select_All']) ?></LABEL></th>
+	<th><div class=ckbox><INPUT id=select_all_ckbox tabindex=<?php echo $TABINDEX++ ?> TYPE=checkbox NAME=select_all VALUE=select_all></div></th>
+	<th class=file_name>
+		<div class=ckbox><INPUT tabindex=<?php echo $TABINDEX++?> TYPE=checkbox
+			id=folders_first_ckbox NAME=folder_first VALUE=folders_first checked></div>
+	<label for=folders_first_ckbox id=folders_first_label title="<?php  echo hsc($_['folders_first_info']) ?>">(<?php echo hsc($_['folders_first']) ?>)</label
+	><a 				   tabindex=<?php echo $TABINDEX++?> href="#" id=header_filename><?php echo hsc($_['Name']) ?></a><a
+						   tabindex=<?php echo $TABINDEX++?> href="#" id=header_sorttype>(<?php echo hsc($_['ext']) ?>)</a></th>
+	<th class=file_size><a tabindex=<?php echo $TABINDEX++?> href="#" id=header_filesize><?php echo hsc($_['Size']) ?></a></th>
+	<th class=file_time><a tabindex=<?php echo $TABINDEX++?> href="#" id=header_filedate><?php echo hsc($_['Date']) ?></a></th>
 	</tr>
 
 	<tr><?php // "../" directory entry ?>
-		<td colspan=4></td><td><a id=f0 href="<?php echo $ONEFILECMS.'?i='.$new_path.'">'.$ICONS['dir'] ?> ../</a></td>
+		<td colspan=4></td><td><a id=f0 tabindex=<?php echo $TABINDEX++?> href="<?php echo $ONEFILECMS.'?i='.$new_path.'">'.$ICONS['dir'] ?> ../</a></td>
 		<td></td>
 		<td class="meta_T file_time"> &nbsp;<script>FileTimeStamp(<?php echo filemtime($new_path_OS); ?>, 1, 0, 1);</script></td><tr>
 
@@ -1821,7 +1821,6 @@ function Create_Table_for_Listing() {//*****************************************
 	<tbody id=DIRECTORY_LISTING></tbody>
 	<tr><td id=DIRECTORY_FOOTER colspan=7></td</tr>
 	</table>
-	<script>document.getElementById("header_filename").focus()</script>
 <?php
 }//Create_Table_for_Listing() //************************************************
 
@@ -1927,28 +1926,28 @@ function Send_data_to_js_and_display() {//**************************************
 
 
 function Index_Page_buttons_top($file_count) {//********************************
-	global $_, $ONESCRIPT, $param1, $ICONS;
+	global $_, $ONESCRIPT, $param1, $ICONS, $TABINDEX;
 
-	echo '<div id=index_page_buttons>';
+	echo '<div id=index_page_buttons>'."\n";
 
-	echo '<div id=mcd_submit>';
+	echo '<div id=mcd_submit>'."\n";
 	if ($file_count > 0) {
 		$onclick_m = 'onclick="Confirm_Submit( \'move\');   "';
 		$onclick_c = 'onclick="Confirm_Submit( \'copy\');   "';
 		$onclick_d = 'onclick="Confirm_Submit( \'delete\' );"';
-		echo '<button type=button '.$onclick_m.'>'.$ICONS['move'  ].'&nbsp;'.hsc($_['Move']  ).'</button>';
-		echo '<button type=button '.$onclick_c.'>'.$ICONS['copy'  ].'&nbsp;'.hsc($_['Copy']  ).'</button>';
-		echo '<button type=button '.$onclick_d.'>'.$ICONS['delete'].'&nbsp;'.hsc($_['Delete']).'</button>';
+		echo '<button id=b1 tabindex='.$TABINDEX++.' type=button '.$onclick_m.'>'.$ICONS['move'  ].'&nbsp;'.hsc($_['Move']  )."</button\n>";
+		echo '<button id=b2 tabindex='.$TABINDEX++.' type=button '.$onclick_c.'>'.$ICONS['copy'  ].'&nbsp;'.hsc($_['Copy']  )."</button\n>";
+		echo '<button id=b3 tabindex='.$TABINDEX++.' type=button '.$onclick_d.'>'.$ICONS['delete'].'&nbsp;'.hsc($_['Delete'])."</button\n>";
 	}
-	echo '</div>'; //end mcd_submit
+	echo '</div>'."\n"; //end mcd_submit
 
-	echo '<div class="front_links">';
-		echo '<a href="'.$ONESCRIPT.$param1.'&amp;p=newfolder">'.$ICONS['folder_new'].'&nbsp;'.hsc($_['New_Folder']) .'</a>';
-		echo '<a href="'.$ONESCRIPT.$param1.'&amp;p=newfile">'  .$ICONS['file_new']  .'&nbsp;'.hsc($_['New_File'])   .'</a>';
-		echo '<a href="'.$ONESCRIPT.$param1.'&amp;p=upload">'   .$ICONS['upload']    .'&nbsp;'.hsc($_['Upload_File']).'</a>';
+	echo '<div class="front_links">'."\n";
+		echo '<a id=b4 tabindex='.$TABINDEX++.' href="'.$ONESCRIPT.$param1.'&amp;p=newfolder">'.$ICONS['folder_new'].'&nbsp;'.hsc($_['New_Folder']) .'</a>';
+		echo '<a id=b5 tabindex='.$TABINDEX++.' href="'.$ONESCRIPT.$param1.'&amp;p=newfile">'  .$ICONS['file_new']  .'&nbsp;'.hsc($_['New_File'])   .'</a>';
+		echo '<a id=b6 tabindex='.$TABINDEX++.' href="'.$ONESCRIPT.$param1.'&amp;p=upload">'   .$ICONS['upload']    .'&nbsp;'.hsc($_['Upload_File']).'</a>';
 	echo '</div>'; //end front_links
 	
-	echo '</div>'; //end index_page_buttons
+	echo '</div>'."\n"; //end index_page_buttons
 
 } //end Index_Page_buttons_top() //*********************************************
 
@@ -1959,7 +1958,6 @@ function Index_Page() {//*******************************************************
 	global  $ONESCRIPT, $ipath_OS, $param1;
 	
 	init_ICONS_js();
-	Index_Page_scripts();
 
 	$raw_list = scandir('./'.$ipath_OS);  //Get current directory list  (unsorted)
 	$file_count = Get_DIRECTORY_DATA($raw_list);
@@ -1974,8 +1972,8 @@ function Index_Page() {//*******************************************************
 
 	echo "</form>\n";
 
+	Index_Page_scripts();
 	Send_data_to_js_and_display();
-
 	Index_Page_events();
 }//end Index_Page() //**********************************************************
 
@@ -2995,12 +2993,12 @@ function Display_Messages($msg, take_focus) {//************************
 
 
 function Index_Page_events() {//************************************************
-	global $PAGEUPDOWN;
+	global $_, $PAGEUPDOWN, $EX;
 ?>
 <script>
 //onclick events
-var Select_All_ckbox	= document.getElementById('select_all');
-var Sort_Type			= document.getElementById('sort_type');
+var Select_All_ckbox	= document.getElementById('select_all_ckbox');
+var Header_Sorttype		= document.getElementById('header_sorttype');
 var Folders_First_Ckbox = document.getElementById('folders_first_ckbox');
 var Header_Filename		= document.getElementById('header_filename');
 var Header_Filesize		= document.getElementById('header_filesize');
@@ -3011,78 +3009,231 @@ function Index_Page_events() {//************************************************
 Header_Filename.onclick  = function () {Sort_and_Show(1, FLIP_IF); this.focus(); return false;}
 Header_Filesize.onclick  = function () {Sort_and_Show(2, FLIP_IF); this.focus(); return false;}
 Header_Filedate.onclick  = function () {Sort_and_Show(3, FLIP_IF); this.focus(); return false;}
-Sort_Type.onclick		 = function () {Sort_and_Show(5, FLIP_IF); this.focus(); return false;}
+Header_Sorttype.onclick	 = function () {Sort_and_Show(5, FLIP_IF); this.focus(); return false;}
 
+Header_Filename.focus();
 
 
-//Control cursor keys to navigate index page. (arrow up/down, page up/down, Home/End)
-document.onkeydown = function(event) { //*******************************
 
-	if (!event) {var event = window.event;} //for IE
-	var key = event.keyCode;
+function Tab_Down(ID, FR,shifted) { //********************************
+	//Handle the background colors of checkboxes' parent <div>'s & <label>'s.
+	//(checkboxes generally don't have "background colors" as far as styles go...)
+	//Current checkbox already cleared by onkeydown().
+
+	//Prep for Tab key...
+	//Default tab action occurrs on keyUP, so "new" location is not known in onkeydown().
+	//So, if current focus is ck_box, clear bg, else if we're heading there, set bg.
+	//Tab from L, Current ID will be "f<FR>c2"
+	//Tab from R: Current ID/element is "f<FR>"
+	var fFR   = "f" + FR        //Filename
+	var fFRc2 = "f" + FR + "c2" //(x) Delete
+	var fFRc3 = "f" + FR + "c3" //[ ] Checkbox
+	var ck_box = document.getElementById(fFRc3);
+
+	var highlight = "rgb(255,250,150)";
+
+	if      (!shifted)  { //just Tab
+		if      (ID == fFRc3) { ck_box.parentNode.style.backgroundColor = "";}
+		else if (ID == fFRc2) { ck_box.parentNode.style.backgroundColor = highlight; }
+		else if (ID == "b6" ) {
+			document.getElementById('select_all_ckbox').parentNode.style.backgroundColor = highlight;
+			document.getElementById('select_all_label').style.backgroundColor = highlight;
+		}
+		else if (ID == "select_all_ckbox" ) {
+			document.getElementById('select_all_label').style.backgroundColor = "";
+			document.getElementById('folders_first_ckbox').parentNode.style.backgroundColor = highlight;
+			document.getElementById('folders_first_label').style.backgroundColor = highlight;
+		}
+		return;
+	}
+	else if (shifted)  { //Shift-Tab
+		if       (ID == fFRc3){ ck_box.parentNode.style.backgroundColor = "";}
+		else if ((ID == fFR) && (FR > 0) ) { ck_box.parentNode.style.backgroundColor = highlight; }
+		else if  (ID == "header_filename")  {
+			document.getElementById('folders_first_ckbox').parentNode.style.backgroundColor = highlight;
+			document.getElementById('folders_first_label').style.backgroundColor = highlight;
+		}
+		else if (ID == "folders_first_ckbox") {
+			document.getElementById('folders_first_label').style.backgroundColor = "";
+			document.getElementById('select_all_ckbox').parentNode.style.backgroundColor = highlight;
+			document.getElementById('select_all_label').style.backgroundColor = highlight;
+		}
+		return;
+	}
 
-	//Assign a few handy "constants", and ignore any other keys.
-	var AU = 38, AD = 40, PU = 33, PD = 34; END = 35, HOME = 36 // Arrow Up/Down, Page Up/Down, Home/End
-	if ((key != AU) && (key != AD) && (key != PU) && (key != PD) && (key != HOME) && (key != END)) { return }
+}//end Tab_Down() { //************************************************
+
+
+
+document.onmousedown = function (event) { //************************
+	//Mouse clicks may remove focus from focused elements, including checkboxes, 
+	//but don't clear the manual "highlight" of the parent div's & label's of checkbox's
+
+	//Clear parent div of a checkbox
+	var ID = document.activeElement.id;
+	if (document.activeElement.type == 'checkbox') {
+		document.getElementById(ID).parentNode.style.backgroundColor = "";
+	}
+
+	//Clear labels...  (don't check, just clear them all)
+	document.getElementById('select_all_label').style.backgroundColor = "";
+	document.getElementById('folders_first_label').style.backgroundColor = "";
+
+}//end onclick() //***************************************************
+
+
+
+document.onkeydown = function(event) { //*****************************
+	//Control cursor keys to navigate index page. (Arrows, Page, Home, End)
 
 	var jump = <?php echo $PAGEUPDOWN ?>;//# of rows to jump with Page Up/Page Down.
+	var highlight = "rgb(255,250,150)";
+	
+	//Get key pressed...
+	if (!event) {var event = window.event;} //for IE
+	var key = event.keyCode;
 
-	var FROWS    = DIRECTORY_ITEMS; // For these events, "../" is 0, and files are indexed 1 to DIRECTORY_ITEMS.
-	var LAST_ROW = "f" + FROWS;
+	//Assign a few handy "constants": Arrow U/D/L/R, Page Up/Down, etc... 
+	var AU = 38, AD = 40, AL = 37, AR = 39, PU = 33, PD = 34; END = 35, HOME = 36, ESC = 27, TAB = 9;
+	
+	//Ignore any other key presses...
+	if ((key != AU) && (key != AD) && (key != AL) && (key != AR) && (key != PU) && (key != PD) && 
+		(key != HOME) && (key != END) && (key != ESC) && (key != TAB)) { return }
 
-	//Get id of current focus (before this event). If focus is in file list, ID = 'fn', or 'fnn', etc.
-	var ID = document.activeElement.id; 
+	//File Rows. For these events, "../" is 0, and files are indexed 1 to DIRECTORY_ITEMS.
+	var FROWS     = DIRECTORY_ITEMS;
+	var LAST_FILE = "f" + FROWS;
 
+	//Get id of current focus (before this event). If focus is in file list, ID = 'fn', or 'fnn', etc.
+	var ID      = document.activeElement.id;
+	var x_focus = ID.substr(0,1);
+	
 	//(F)ile (R)ow = 0,1, ... FROWS
 	var FR = parseInt(ID.substr(1));
-	if (isNaN(FR)) {FR = -1;} //If not in file list...
+	if (isNaN(FR) || (x_focus != "f")) {FR = -1;} //If not in file list...
 
-	//true / false: indicates if current focus is on one of the elements of the table header row.
-	var focus_header = ((ID == "select_all")      || (ID == "folders_first_ckbox") || (ID == "sort_type") || 
-						(ID == "header_filename") || (ID == "header_filesize")     || (ID == "header_filedate"));
+	//If current ID/element is checkbox, clear bgcolor of parent div (ckboxes don't have background colors), & it's label if...
+	var is_ckbox = (document.activeElement.type == "checkbox");
+	if (is_ckbox) {document.getElementById(ID).parentNode.style.backgroundColor = ""; }
 
-	//In general: If at top of page, Arrow Up will loop to bottom of page, and vice-versa.
-	//            However, Page Up/Down will stop at top/bottom of page.
-	//            But, Page Up/Down will also "soft" stop on top/bottom of list (next Page Up/Down will scroll rest of way).
-	//            So, first check current focus, then key...
-	//
-	if      (key == HOME) { if (ID != "f0") {ID = "f0"} else {return} }
-	else if (key == END)  {	if (ID != LAST_ROW) {ID = LAST_ROW} else {return} }
-	else if (ID == 'path_0') { // webroot in path_header: webroot/current/path/
-		if      (key == AU)   {ID = LAST_ROW		 }
-		else if (key == PU)   {return				 }
-		else if (key == AD)   {ID = "header_filename"}
-		else if (key == PD)   {ID = "header_filename"}
+	//Always clear these labels (simply losing or changing focus() won't).
+	document.getElementById('select_all_label').style.backgroundColor = "";
+	document.getElementById('folders_first_label').style.backgroundColor = "";
+	
+	//If no files in current folder, [Move][Copy][Delete] won't exist (id's b1 b2 b3). Use [New Folder] (id="b4").
+	if (document.getElementById("b3")) {var button_row = "b2"} else {var button_row = "b4"}
+
+	//Indicate if current focus is on one of the elements of the table header row. (true / false)
+	//Select All[ ] | [x](folders first) Name  (.ext) | Size |  Date  |
+	var focus_header = ((ID == "select_all_ckbox") || (ID == "folders_first_ckbox") || (ID == "header_filename") || 
+						(ID == "header_sorttype")  || (ID == "header_filesize")     || (ID == "header_filedate"));
+
+	//Prepare for Arrow Left/Right keys ...
+	//To simulate Tab/Shift-tab, get list of all tags & incement/decrement to their tabindex.
+	if ((key == AL) || (key == AR)){
+		var FOCUS = document.activeElement.tabIndex;
+		var all_tags = document.getElementsByTagName('*');
+		var tag_count = all_tags.length;
 	}
-	else if (focus_header) { //in table header row
-		if      (key == AU) {ID = "path_0"  }
-		else if (key == PU) {ID = "path_0"  }
-		else if	(key == AD) {ID = "f0"      }
-		else if	(key == PD) {FR += jump; if (FR < FROWS) {ID = "f" + FR} else {ID = LAST_ROW}}
+
+	//PROCESS KEYDOWN ... In general:
+	//  Tab- handle checkbox's (parent <div>'s & <label>'s), otherwise allow default action.
+	//  Esc simply removes focus from active element.
+	//	Home toggles between [webroot]/current/path/ and [../] (first file is list)
+	//	End goes only to last file in list.
+	//	Arrow Up/Down will loop from (top to bottom)/(bottom to top) of page.
+	//  Page Up/Down will likewise loop thru page.
+	//  Arrow Left/Right will function similarly to Tab/Shift-Tab, but stopping at first/last link on page.
+
+	if      (key == TAB)  { Tab_Down(ID, FR, event.shiftKey); return; }
+	else if (key == ESC)  { document.activeElement.blur();    return; }
+	else if (key == END)  { if (ID != LAST_FILE) {ID = LAST_FILE} else {return} }
+	else if (key == HOME) {
+		if      (ID == "f0")     {ID = "path_0"}
+		else if (ID == "path_0") {ID = "f0"}
+		else if (FR  > 0)        {ID = "f0";}
+		else					 {ID = "path_0"}
 	}
-	else if (FR == -1) {     // any other element not in file list
-		if 		( key == AU)				   {ID = "path_0"		  }
-		else if ( key == PU)				   {ID = "path_0"		  }
-		else if ((key == AD) && !focus_header) {ID = "header_filename"}
-		else if ((key == PD) && !focus_header) {ID = "header_filename"}
+	else if (key == AL) { 
+		for (var i = 0; i < tag_count; i++) {
+			if (all_tags[i].tabIndex == FOCUS) {
+				for (var j = i; j > 0; j--) {if (all_tags[j].tabIndex == (FOCUS - 1)) {ID = all_tags[j].id; break;}}
+			}
+		}
 	}
-	else { 
-		if      ((key == AD) &&  (ID == LAST_ROW)) {ID = "path_0"}
-		else if ((key == PD) &&  (ID == LAST_ROW)) {return		}
-		
-		else if	( key == AU) {			   if (FR > 0)     {ID = "f" + (FR - 1)} else {ID = "header_filename"} }
-		else if ( key == AD) {			   if (FR < FROWS) {ID = "f" + (FR + 1)} else {ID = "header_filename"} }
-		else if	( key == PU) { FR -= jump; if (FR > 0)     {ID = "f" + FR	   } else {ID = "header_filename"} }
-		else if ( key == PD) { FR += jump; if (FR < FROWS) {ID = "f" + FR	   } else {ID = LAST_ROW		 } }
-		else { return; }
+	else if (key == AR) {
+		if (ID == "admin") {ID = LAST_FILE;}
+		for (var i = 0; i < tag_count; i++) {
+			if (all_tags[i].tabIndex == FOCUS) {
+				for (var j = i; j < tag_count; j++) {if (all_tags[j].tabIndex == (FOCUS + 1)) {ID = all_tags[j].id; break;}}
+			}
+		}
+	}
+	else if (ID == "admin") {
+		if      (key == AU) {ID = LAST_FILE}
+		else if (key == PU) {ID = LAST_FILE}
+		else if (key == AD) {ID = "path_0"}
+		else if (key == PD) {ID = "path_0"}
+	}
+	else if (x_focus == 'p') { //In path_header: webroot/current/path/
+		if      (key == AU)   {ID = LAST_FILE}
+		else if (key == PU)   {ID = LAST_FILE}
+		else if (key == AD)   {ID = button_row}
+		else if (key == PD)   {ID = "f0"}
+	}
+	else if (x_focus == "b") { //[Move][Copy][Delete]  [New Folder][New File][Upload File]
+		if 		(key == AU) {ID = "path_0"		   }
+		else if (key == PU) {ID = "path_0"		   }
+		else if (key == AD) {ID = "header_filename"}
+		else if (key == PD) {ID = "f0"			   }
+	}
+	else if (focus_header) { //Table header row
+		if      (key == AU) {ID = button_row}
+		else if (key == PU) {ID = "path_0"}
+		else if	(key == AD) {ID = "f0"}
+		else if	(key == PD) {FR += jump; if (FR < FROWS) {ID = "f" + FR} else {ID = LAST_FILE}}
 	}
+	else if ((FROWS == 0) && (key == PD) && (ID == 'f0')) {ID = "path_0"} //no files, only "../"
+	else if (FR == 0) { //First row
+		if		(key == AU) {ID = "header_filename"}
+		else if	(key == PU) {ID = "path_0"}
+		else if (key == AD) {FR++      ; if (FR <= FROWS) {ID = "f" + FR} else {ID = "path_0";}  }
+		else if (key == PD) {FR += jump; if (FR <= FROWS) {ID = "f" + FR} else {ID = LAST_FILE;} }
+	}
+	else if (FR == FROWS) { //Last row
+		if		(key == AU) { FR--      ; if (FR >= 0) {ID = "f" + FR} else {ID = "header_filename" } }
+		else if	(key == PU) { FR -= jump; if (FR >= 0) {ID = "f" + FR} else {ID = "f0"} }
+		else if (key == AD) { ID = "path_0" }
+		else if (key == PD) { ID = "path_0" }
+	}
+	else if (FR > 0){ //Middle rows...
+		if		(key == AU) { FR--;				         ID = "f" + FR						   }
+		else if	(key == PU) { FR -= jump; if (FR >= 0)     {ID = "f" + FR} else {ID = "f0"}	   }
+		else if (key == AD) { FR++; 	   if (FR <= FROWS) {ID = "f" + FR} else {ID = "path_0"; } }
+		else if (key == PD) { FR += jump; if (FR <= FROWS) {ID = "f" + FR} else {ID = LAST_FILE;} }
+	}
+	else if (FR == -1) {ID = "path_0"}     //Anyplace other than path_header, buttons, table
+	else {
+		//just in case I missed something...
+		var error_message  = '<?php echo __LINE__.$EX.'<b>'.hsc($_['Error']).'</b> onkeydown(): ' ?>';
+		    error_message += "key = " + key + ", FR = " + FR + ", ID = " + ID + ",x_focus = " + x_focus
+		Display_Messages(error_message);
+		return;
+	}
+
 	document.getElementById(ID).focus();
 
+	//If new ID/element is checkbox, set bgcolor of parent div (ckboxes don't have background colors), & it's label if apropo.
+	if (document.activeElement.type == "checkbox") {document.getElementById(ID).parentNode.style.backgroundColor = highlight;}
+	if (ID == "select_all_ckbox")    {document.getElementById('select_all_label').style.backgroundColor = highlight;}
+	if (ID == "folders_first_ckbox") {document.getElementById('folders_first_label').style.backgroundColor = highlight;}
+	
 	//Prevent default browser scrolling via arrow & Page keys, so focus()'d element stays visible/in view port.
 	//(A few exceptions skip this via a return in the above  if/else's.)
-	if (event.preventDefault) { event.preventDefault() } else { event.returnValue = false }
-
-}//end onkeyup() //***************************************************
+	if ( (ID != 'path_0') || ((ID == 'path_0') && (key == AD)) || ((ID == 'path_0') && (key == PD))) {
+		if (event.preventDefault) { event.preventDefault() } else { event.returnValue = false }
+	}
+}//end onkeydown() //*************************************************
 </script>
 <?php
 }//end Index_Page_events() //***************************************************
@@ -3091,7 +3242,7 @@ function Index_Page_events() {//************************************************
 
 
 function Index_Page_scripts() {//***********************************************
-	global $_, $ONESCRIPT, $param1, $ipath, $message, $DELAY_Sort_and_Show_msgs, $MIN_DIR_ITEMS;
+	global $_, $ONESCRIPT, $param1, $ipath, $message, $DELAY_Sort_and_Show_msgs, $MIN_DIR_ITEMS, $TABINDEX;
 ?>
 <script>
 //  DIRECTORY_DATA[x] = ("type", "file name", filesize, timestamp, is_ofcms, "ext")	
@@ -3099,6 +3250,7 @@ function Index_Page_scripts() {//***********************************************
 
 var ONESCRIPT	= "<?php echo $ONESCRIPT ?>";
 var PARAM1		= "<?php echo $param1 ?>";  //capitalized here as it is used as a constant.
+var TABINDEX    = <?php echo $TABINDEX ?>;  //TABINDEX only used by js from this point on...
 
 //a few usefull constants for using sort_DIRECTORY()
 var DESCENDING	= 0;
@@ -3219,10 +3371,10 @@ function Assemble_Insert_row(IS_OFCMS, row, trow, href, f_or_f, filename, file_n
 	row++;
 
 	//Assemble [move] [copy] [delete] [x]
-	var ren_mov = '<a id=f' + row + 'c0 href="' + href + '&amp;p=rename' + f_or_f + '" title="<?php echo hsc($_['Ren_Move']) ?>">' + ICONS['ren_mov'] + '</a>';
-	var copy    = '<a id=f' + row + 'c1 href="' + href + '&amp;p=copy'   + f_or_f + '" title="<?php echo hsc($_['Copy'])     ?>">' + ICONS['copy']    + '</a>';
-	var del     = '<a id=f' + row + 'c2 href="' + href + '&amp;p=delete' + f_or_f + '" title="<?php echo hsc($_['Delete'])   ?>">' + ICONS['delete']  + '</a>';
-	var checkbox = '<div class="ckbox"><INPUT id=f' + row + 'c3 TYPE=checkbox class=select_file NAME="files[]"  VALUE="'+ hsc(filename) +'"></div>';
+	var ren_mov = '<a id=f' + row + 'c0 tabindex='+ (TABINDEX++) +' class=MCD href="' + href + '&amp;p=rename' + f_or_f + '" title="<?php echo hsc($_['Ren_Move']) ?>">' + ICONS['ren_mov'] + '</a>';
+	var copy    = '<a id=f' + row + 'c1 tabindex='+ (TABINDEX++) +' class=MCD href="' + href + '&amp;p=copy'   + f_or_f + '" title="<?php echo hsc($_['Copy'])     ?>">' + ICONS['copy']    + '</a>';
+	var del     = '<a id=f' + row + 'c2 tabindex='+ (TABINDEX++) +' class=MCD href="' + href + '&amp;p=delete' + f_or_f + '" title="<?php echo hsc($_['Delete'])   ?>">' + ICONS['delete']  + '</a>';
+	var checkbox = '<div class=ckbox><INPUT id=f' + row + 'c3 tabindex='+ (TABINDEX++) +' TYPE=checkbox class=select_file NAME="files[]"  VALUE="'+ hsc(filename) +'"></div>';
 
 	//Don't show remove, delete, or checkbox options for active copy of OneFileCMS.
 	if (IS_OFCMS) { ren_mov = del = checkbox = ''; }
@@ -3244,6 +3396,8 @@ function Assemble_Insert_row(IS_OFCMS, row, trow, href, f_or_f, filename, file_n
 
 function Build_Directory() {//****************************************
 
+	TABINDEX    = <?php echo $TABINDEX ?>;  //Rest TABINDEX
+
 	var DIR_LIST = document.getElementById("DIRECTORY_LISTING");
 
 	if (DIR_LIST.rows.length < 1) {Init_Dir_table_rows(DIR_LIST);}
@@ -3268,7 +3422,8 @@ function Build_Directory() {//****************************************
 			var file_size = format_number(filesize) + ' B';
 		}
 		
-		var file_name  = '<a id=f'+(row + 1)+' href="' + href  + '"';
+		//For file, (TABINDEX + 4) to account for [m][c][d][x] which are added in Assemble_Insert_Row()
+		var file_name  = '<a id=f'+(row + 1)+' tabindex='+ (TABINDEX + 4) +' href="' + href  + '"'; 
 			file_name += ' title="<?php echo hsc($_['Edit_View']) ?>: ' + hsc(filename) + '" >';
 			file_name += ICONS[filetype] + '&nbsp;' + hsc(filename) + DS + '</a>';
 		var file_time  = FileTimeStamp(filetime, 1, 0, 0);
@@ -3277,6 +3432,7 @@ function Build_Directory() {//****************************************
 		var trow = DIR_LIST.rows[row];
 		
 		Assemble_Insert_row(IS_OFCMS, row, trow, href, f_or_f, filename, file_name, file_size, file_time);
+		TABINDEX++; //To accuont for file_name above
 	}//end for (row...
 }//end Build_Directory() //*******************************************
 
@@ -3359,7 +3515,7 @@ function Confirm_Submit(action) {//***********************************
 	var files = document.mcdselect.elements['files[]'];
 	var last  = files.length;   //number of files
 	var no_files = true;
-	var f_msg    = "<?php echo addslashes($_['No_files']) ?>";	
+	var f_msg    = "<?php echo hsc($_['No_files']) ?>";	
 
 	document.mcdselect.mcdaction.value = action; 
 
@@ -3369,7 +3525,7 @@ function Confirm_Submit(action) {//***********************************
 	}
 
 	//Don't submit form if no files are checked.
-	if ( no_files ) { alert(f_msg); return false; }
+	if ( no_files ) { Display_Messages(f_msg, 1); return false; }
 
 	document.mcdselect.submit(); //submit form.
 }//end Confirm_Submit() //********************************************
@@ -3446,7 +3602,7 @@ function Edit_Page_scripts() {//************************************************
 window.onbeforeunload = function() {
 	if ( changed && !submitted ) {
 		//FF4+ Ingores the supplied msg below & only uses a system msg for the prompt.
-		<?php //use addslashes() because this is for a js alert() or confirm(), not HTML ?>
+		<?php //use addslashes(), not hsc(), because this is for a js alert() / confirm(), not HTML ?>
 		return "<?php echo addslashes($_['unload_unsaved']) ?>";
 	}
 }
@@ -3509,7 +3665,8 @@ function setSelRange(inputEl, selStart, selEnd) {
 
 
 function Check_for_changes(event){
-	var keycode=event.keyCode? event.keyCode : event.charCode;
+	if (!event) {var event = window.event;} //if IE
+	var keycode = event.keyCode? event.keyCode : event.charCode;
 	changed = (File_textarea.value != start_value);
 	if (changed){
 		document.getElementById('message_box').innerHTML = " "; //Must have a space, or it won't clear the msg.
@@ -3572,7 +3729,8 @@ function pwun_event_scripts($form_id, $button_id, $pwun='') {//*****************
 $submit_button.onmouseup   = function(event) {events_up(event,  0);} //For mouse events, keyCode is 0 or undefined, and ignored.
 
 
-function events_down(event, capture_key) {if (!event) {var event = window.event;} //if IE
+function events_down(event, capture_key) {
+	if (!event) {var event = window.event;} //if IE
 	$thispage = true; //Make sure keydown was on this page.
 	if ((event.type.substr(0,3) == 'key') && (event.keyCode != capture_key)) {return true;}
 	$message_box.innerHTML = '<div class="message_box_contents"><b><?php echo hsc($_['Working']) ?></b>';
@@ -3714,6 +3872,7 @@ function style_sheet() {//******************************************************
 input[type="text"]     { width: 100%; border: 1px solid #777; padding: 1px 1px 1px 0; font : 1em Courier; }
 input[type="password"] { width: 100%; border: 1px solid #777; padding: 0   1px 0   0; }
 input[type="file"]     { width: 100%; border: 1px solid #777; background-color: white; margin: 0; }
+input[type="checkbox"] { cursor : pointer; }
 
 input[readonly]        { color: #333; background-color: #EEE; }
 input[disabled]        { color: #555; background-color: #EEE; }
@@ -3796,45 +3955,50 @@ function style_sheet() {//******************************************************
 
 
 /*** Select All [x] ***/
-#select_all_th { min-width: 60px ; max-width: 70px; text-align: right; padding:  0 0 0 0; } /*TRBL*/
-#select_all {margin: 3px 0 0 0; cursor : pointer;}  /*checkbox*/
 #select_all_label { 
 	font   : 400 .84em arial;
 	color  : #333;
-	border-right: solid transparent 1px;
-	padding: 3px 2px 2px 2px;
+	display: inline-block;
+	padding: 4px 0 3px 0;
 	cursor : pointer;
+	width  : 72px; /*Adjusted by langauge files*/
+	border-right: solid transparent 1px;
 	}
 
-#select_all_label:hover  { border-left: 1px solid #777; background-color: rgb(255,250,150); }
-#select_all_label:hover  { border-top-width: 0; border-bottom-width: 0; }
+#select_all_label:hover  { background-color: rgb(255,250,150); }
+#select_all_label:active { background-color: rgb(245,245, 50); }
 
 
 /*** Directory list file select boxes ***/
-.ckbox {padding: 2px 4px 0 4px}
-.ckbox:focus { background-color: rgb(255,250,150); }
-.ckbox:hover { background-color: rgb(255,250,150); }
-.select_file {cursor : pointer;}
+/*ckbox is assigned to <td>'s & <th>'s that contain <input type=checkbox>*/
+.ckbox        {padding: 4px 4px 2px 4px; display: inline-block;}
+.ckbox:hover  {background-color: rgb(255,240,100);} 
+.ckbox:active {background-color: rgb(245,245, 50);}
+
+/* Slightly darker colors for [m][c][d] file options since they are small & less noticable*/
+.MCD:hover  {background-color: rgb(255,240,100);}
+.MCD:focus  {background-color: rgb(250,240,100);}
+.MCD:active {background-color: rgb(245,245, 50);}
 
 
 /*** [x] Folders First ***/
-#folders_first_ckbox {margin: 3px 0 0px 4px;cursor : pointer;}
 #folders_first_label {
-	border: solid 1px transparent;
-	font-size: .9em;
+	display: inline-block;
+	font-size  : .9em;
 	font-weight: normal;
-	color: #333; margin: 0;
-	padding: 3px 0 2px 0;
+	border     : solid 1px transparent;
+	color  : #333;
+	margin : 0 0 0 -5px;
+	padding: 4px 0 2px 0;
 	cursor : pointer;
 }
 
 #folders_first_label:hover {
-	border            : solid 1px #777;
 	background-color  : rgb(255,250,150);
-	cursor            : pointer;
 	border-left-color : silver;
 	border-right-color: silver;
 }
+#folders_first_label:active {background-color  : rgb(245,245, 50);}
 
 
 /* --- Directory Listing --- */
@@ -3857,18 +4021,18 @@ function style_sheet() {//******************************************************
 .index_T th a { padding: 1px 0 1px 0; border-width: 0px;}
 
 .index_T th.file_name   { text-align: left; }
-.index_T th.file_name a { display: inline-block; padding: 2px 2.5em 2px 1.5em; border-top-width: 0px; border-bottom-width: 0px;}
+.index_T th.file_name a { display: inline-block; padding: 4px 2.5em 3px 1.5em; border-top-width: 0px; border-bottom-width: 0px;}
 
 #header_filename       {border-width: 0 1px 0 1px; min-width: 2.5em;}
 #header_filename:hover {border-color: silver;}
 #header_filename:focus {border-color: silver;}
 
-.index_T th.file_size a { display  : block; padding: 2px 0 2px 0; }
-.index_T th.file_time a { display  : block; padding: 2px 0 2px 0; }
+.index_T th.file_size a { display  : block; padding: 4px 0 3px 0; }
+.index_T th.file_time a { display  : block; padding: 4px 0 3px 0; }
 
-#sort_type       {float: right; padding: 1px 5px 3px 4px; border-width: 0px 0 0 1px;}
-#sort_type:hover {border-color: silver;}
-#sort_type:focus {border-color: silver;}
+#header_sorttype       {float: right; padding: 4px 5px 3px 4px; border-width: 0px 0 0 1px;}
+#header_sorttype:hover {border-color: silver;}
+#header_sorttype:focus {border-color: silver;}
 
 .file_name { max-width: 26em; }
 .file_size { min-width:  6em; padding-left: 10px; }
@@ -3894,7 +4058,7 @@ function style_sheet() {//******************************************************
 
 
 /*These must go after .front_links and other style that affect <a> tags*/
-a { border: 1px solid transparent; text-decoration: none; }  /*color: rgb(100,45,0);*/
+a { border: 1px solid transparent; text-decoration: none; }
 a:focus  { border: 1px solid #333; background-color: rgb(255,250,150); }
 a:hover  { border: 1px solid #333; background-color: rgb(255,250,150); }
 a:active { border: 1px solid #333; background-color: rgb(245,245,50);  }
@@ -4121,7 +4285,6 @@ function style_sheet() {//******************************************************
 
 #path_header a:hover  { border-left : solid 1px #777; border-right: solid 1px #777; }
 #path_header a:focus  { border-left : solid 1px #777; border-right: solid 1px #777; }
-
 </style>
 <?php
 }//end style_sheet() //*********************************************************
@@ -4154,7 +4317,7 @@ function Language_and_config_adjusted_styles() {//******************************
 	}
 	
 #select_all_label { font-size: <?php echo $_['select_all_label_size']?>; } /*Default .84em */
-#select_all_label { width: <?php echo $_['select_all_label_width']?>; }    /*Default 72px  Not used as of 3.4.23 */
+#select_all_label { width: <?php echo $_['select_all_label_width']?>; }    /*Default 72px  */
 </style>
 <?php
 }//end Language_and_config_adjusted_styles() //*********************************
@@ -4274,9 +4437,13 @@ function Load_style_sheet() {//*************************************************
 	echo '<span id=timer0  class="timer timeout"></span>';
 	echo '<span class="timeout">'.hsc($_['time_out_txt']).'&nbsp; </span>';
 
+	//Add tabindex to Admin link only on Index page. The *5 is to account for [m][c][d][x] and file names.
+	if (isset($DIRECTORY_COUNT)) {$TAB_INDEX = "tabindex=".($TABINDEX + ($DIRECTORY_COUNT * 5));}
+	else                         {$TAB_INDEX = ""; }
+
 	//Admin link
 	if ( ($_SESSION['admin_page'] === false) ) {
-		echo '<a id="admin" href="'.$ONESCRIPT.$param1.$param2.'&amp;p=admin">'.hsc($_['Admin']).'</a>';
+		echo '<a id="admin" '.$TAB_INDEX.' href="'.$ONESCRIPT.$param1.$param2.'&amp;p=admin">'.hsc($_['Admin']).'</a>';
 	}
 }//end footer
 
@@ -4291,7 +4458,7 @@ function Load_style_sheet() {//*************************************************
 	var $page    = '<?php echo $page ?>';
 	var $message = '<?php echo addslashes($message) ?>';
 
-	<?php //Cause $message's $X_box to take focus on these pages on (if any $message, of course) ?>
+	<?php //Cause $message's $X_box to take focus on these pages only (if any $message, of course) ?>
 	if (($page == 'index') || ($page == 'edit')) {take_focus = 1;}
 	else										 {take_focus = 0;}
 
@@ -4303,4 +4470,4 @@ function Load_style_sheet() {//*************************************************
 if ($_SESSION['valid']) { echo Timeout_Timer($MAX_IDLE_TIME, 'timer0', 'LOGOUT'); }
 if ($page == 'edit')    { echo Timeout_Timer($MAX_IDLE_TIME, 'timer1', 'LOGOUT'); }
 if ($LOGIN_DELAYED > 0) { echo Timeout_Timer($LOGIN_DELAYED, 'timer0', ''); }
-//##### END OF FILE ############################################################
\ No newline at end of file
+//##### END OF FILE ############################################################
diff --git a/readme.markdown b/readme.markdown
index 3cfe12b..84651de 100755
--- a/readme.markdown
+++ b/readme.markdown
@@ -35,6 +35,7 @@ With basic editing, upload, and file managing functions, OneFileCMS can maintain
  
 - All the basic file management features like renaming, moving, copying, deleting, and uploading.
 - Sort directory listings by file name, extension, size, or date.
+- Keyboard navigation of directory list. (Arrows, Page Up/Down, Home, End)
 - A basic text editor.
 - A WYSIWYG editor may be added as a plugin.
 - A login delay after too many invalid login attempts.
@@ -110,9 +111,10 @@ Because it is. And it may be simple, but it can get the job done.  While you wou
 
 ### <a name=slowlogin></a>Why do I get a "Stop running this script?" alert during login?
 
-OneFile's login functions take condsiderably longer* to run on IE, version 8 at least, than on Chrome or Firefox.  Just click [ No ] on the alert, and the login should finish after a few more seconds.   *(About 8 seconds -vs- 1/4 second on my test system.)
+OneFile's login functions take condsiderably longer* to run on IE, version 8 at least, than on Chrome or Firefox.  Just click [ No ] on the alert, and the login should finish after a few more seconds.  
+(*About 8 seconds -vs- 1/4 second on my test system.)
 
-The delay is the result of the client-side "pre-hash" OneFileCMS performs on your password before submitting the login to OneFileCMS server-side.  Not counting the time the pop-up is waiting for a response, the 8 seconds previously mentioned is from a 2.5gz single-core XP system.  
+The delay is the result of the client-side "pre-hash" OneFileCMS performs on your password before submitting the login to OneFileCMS server-side.  Not counting the time the alert is waiting for a response, the 8 seconds previously mentioned is from a 2.5gz single-core XP system.  
 
 See the global variable "$PRE\_ITERATIONS" at the end of System\_Setup().  It can be adjusted, but it's best to do so on a local copy in a development setup, then upload the updated copy.
 
@@ -124,14 +126,14 @@ OneFileCMS can be easily configured to work with [TinyMCE](http://tinymce.moxiec
 --------------------------------------------------------------------------------
 ## <a name=limitations></a>Limitations & Considerations
 
-- OneFileCMS would not be the best option for a site that requires different levels of privileges, unless all of the users are trusted to stay within their designated areas of responsibility. Since OneFileCMS allows file uploads and editing files directly on the web server, there is simply no way to secure against any particular action.  
-
-  These issues, of course, are not unique to OneFileCMS - as they will exist in any CMS that permits unrestricted file editing & uploads.
-
 - If you need to upload a lots of files, an FTP program may be a bit more flexible & practicle.
 
 - Directories with hundreds of files can take a several seconds to display.  For instance, on my system- a 2.5gz desktop running XP, it takes 2 to 4 seconds to display a directory with 200 files.
 
+- OneFileCMS would not be the best option for a site that requires different levels of privileges, unless all of the users are trusted to stay within their designated areas of responsibility. Since OneFileCMS allows file uploads and editing files directly on the web server, there is simply no way to secure against any particular action.  
+
+  These issues, of course, are not unique to OneFileCMS - as they will exist in any CMS that permits unrestricted file editing & uploads.
+
 - If your website's connection is not encrypted (doesn't use SSL/TLS), passwords & usernames will be sent in clear text* during login.  However, this is true of any login system that's over an unencrypted connection.  
   *As of version 3.4.15, a client-side hash of the user's "plain-text" password is sent to the server.  So, while this client-side hash is still a "plain-text" password as far as the server is concerned, the user's actual raw password is protected from immediate exposure.
 

From 9c0cf37000d9e9c9ff5946adaca111285e2b39c7 Mon Sep 17 00:00:00 2001
From: Self-Evident <selfevidenttruths@mail.com>
Date: Thu, 3 Apr 2014 00:00:00 -0400
Subject: [PATCH 198/228] Version 3.5.15 Fixed minor keyboard navigation glitch
 on Index page if active copy of OnefileCMS is listed.   Assemble_Insert_row()
 & Build_Directory() Fixed css/removed borders on checkboxes (ony affected
 IE).

---
 extras/OneFileCMS.css   |  8 +++++---
 info/changelog.markdown |  7 ++++++-
 onefilecms.php          | 30 +++++++++++++++++++++---------
 3 files changed, 32 insertions(+), 13 deletions(-)

diff --git a/extras/OneFileCMS.css b/extras/OneFileCMS.css
index ed12e8d..5cc8850 100755
--- a/extras/OneFileCMS.css
+++ b/extras/OneFileCMS.css
@@ -1,5 +1,5 @@
 /*******************************************************************************
-Sample, OPTIONAL, external style sheet for OneFileCMS v3.5.14
+Sample, OPTIONAL, external style sheet for OneFileCMS v3.5.15
 *******************************************************************************/
 
 /* --- reset --- */
@@ -37,7 +37,6 @@ pre { background: white; border: 1px solid #777; padding: .2em; margin: 0; }
 input[type="text"]     { width: 100%; border: 1px solid #777; padding: 1px 1px 1px 0; font : 1em Courier; }
 input[type="password"] { width: 100%; border: 1px solid #777; padding: 0   1px 0   0; }
 input[type="file"]     { width: 100%; border: 1px solid #777; background-color: white; margin: 0; }
-input[type="checkbox"] { cursor : pointer; }
 
 input[readonly]        { color: #333; background-color: #EEE; }
 input[disabled]        { color: #555; background-color: #EEE; }
@@ -45,6 +44,9 @@ input[disabled]        { color: #555; background-color: #EEE; }
 input:focus  { background-color: rgb(255,250,150); border: 1px solid #333; }
 input:hover  { background-color: rgb(255,250,150); }
 
+/*-- Must be after input:focus, as it alters border --*/
+input[type="checkbox"] { cursor: pointer; border: none;}
+
 button:hover  { background-color: rgb(255,250,150); border-color: #333;}
 button:focus  { background-color: rgb(255,250,150); border-color: #333;}
 button:active { background-color: rgb(245,245,50);  border-color: #333;}
@@ -135,7 +137,7 @@ button:active { background-color: rgb(245,245,50);  border-color: #333;}
 
 
 /*** Directory list file select boxes ***/
-/*ckbox is assigned to <td>'s & <th>'s that contain <input type=checkbox>*/
+/*ckbox is assigned to <div>'s etc that contain <input type=checkbox>*/
 .ckbox        {padding: 4px 4px 2px 4px; display: inline-block;}
 .ckbox:hover  {background-color: rgb(255,240,100);} 
 .ckbox:active {background-color: rgb(245,245, 50);}
diff --git a/info/changelog.markdown b/info/changelog.markdown
index 7d532d8..6ec4efd 100755
--- a/info/changelog.markdown
+++ b/info/changelog.markdown
@@ -1,6 +1,11 @@
 # OneFileCMS Change Log
 
-### v3.5.14 (2014-04-03)
+### v3.5.15 (2014-04-03)
+
+- Fixed a minor keyboard navigation bug on Index page if active copy of OnefileCMS is listed.
+- Fixed css "glitch" that ony affected IE - removed borders on checkboxes.
+
+### v3.5.14 (2014-04-02)
 
 - Improved keyboard navigation of directory listings (Arrows, Page Up/Down, etc...)
 - Asked "how hard can it be?" - and found out...
diff --git a/onefilecms.php b/onefilecms.php
index da578e7..e661a3a 100755
--- a/onefilecms.php
+++ b/onefilecms.php
@@ -2,7 +2,7 @@
 
 // OneFileCMS - github.com/Self-Evident/OneFileCMS
 
-$OFCMS_version = '3.5.14';
+$OFCMS_version = '3.5.15';
 
 /*******************************************************************************
 Except where noted otherwise:
@@ -3370,14 +3370,24 @@ function Assemble_Insert_row(IS_OFCMS, row, trow, href, f_or_f, filename, file_n
 	//The id's are used in Index_Page_events() "cursor" control.
 	row++;
 
-	//Assemble [move] [copy] [delete] [x]
-	var ren_mov = '<a id=f' + row + 'c0 tabindex='+ (TABINDEX++) +' class=MCD href="' + href + '&amp;p=rename' + f_or_f + '" title="<?php echo hsc($_['Ren_Move']) ?>">' + ICONS['ren_mov'] + '</a>';
+	//[Move] [Copy] [Delete]  [x]
+	var ren_mov = del = checkbox = '';
+
+	//Assemble [move] [copy] [delete] [x]   ([copy] is always available)
+	//The empty <a>'s are to accommodate keyboard nav via onkeydown() in Index_Page_events()...
+	if (!IS_OFCMS) {
+		ren_mov = '<a id=f' + row + 'c0 tabindex='+ (TABINDEX++) +' class=MCD href="' + href + '&amp;p=rename' + f_or_f + '"'+' title="<?php echo hsc($_['Ren_Move']) ?>">' + ICONS['ren_mov'] + '</a>';
+	} else { ren_mov = '<a id=f' + row + 'c0 tabindex='+ (TABINDEX++) +'>&nbsp;</a>'}
+
 	var copy    = '<a id=f' + row + 'c1 tabindex='+ (TABINDEX++) +' class=MCD href="' + href + '&amp;p=copy'   + f_or_f + '" title="<?php echo hsc($_['Copy'])     ?>">' + ICONS['copy']    + '</a>';
-	var del     = '<a id=f' + row + 'c2 tabindex='+ (TABINDEX++) +' class=MCD href="' + href + '&amp;p=delete' + f_or_f + '" title="<?php echo hsc($_['Delete'])   ?>">' + ICONS['delete']  + '</a>';
-	var checkbox = '<div class=ckbox><INPUT id=f' + row + 'c3 tabindex='+ (TABINDEX++) +' TYPE=checkbox class=select_file NAME="files[]"  VALUE="'+ hsc(filename) +'"></div>';
 
-	//Don't show remove, delete, or checkbox options for active copy of OneFileCMS.
-	if (IS_OFCMS) { ren_mov = del = checkbox = ''; }
+	if (!IS_OFCMS) {
+		del     = '<a id=f' + row + 'c2 tabindex='+ (TABINDEX++) +' class=MCD href="' + href + '&amp;p=delete' + f_or_f + '" title="<?php echo hsc($_['Delete'])   ?>">' + ICONS['delete']  + '</a>';
+		checkbox = '<div class=ckbox><INPUT id=f' + row + 'c3 tabindex='+ (TABINDEX++) +' TYPE=checkbox class=select_file NAME="files[]"  VALUE="'+ hsc(filename) +'"></div>';
+	} else {
+		del      = '<a id=f' + row + 'c2 tabindex='+ (TABINDEX++) +'>&nbsp;</a>'
+		checkbox = '<a id=f' + row + 'c3 tabindex='+ (TABINDEX++) +'>&nbsp;</a>'
+	}
 
 	//fill the <td>'s
 	cells = trow.cells;
@@ -3872,7 +3882,6 @@ function style_sheet() {//******************************************************
 input[type="text"]     { width: 100%; border: 1px solid #777; padding: 1px 1px 1px 0; font : 1em Courier; }
 input[type="password"] { width: 100%; border: 1px solid #777; padding: 0   1px 0   0; }
 input[type="file"]     { width: 100%; border: 1px solid #777; background-color: white; margin: 0; }
-input[type="checkbox"] { cursor : pointer; }
 
 input[readonly]        { color: #333; background-color: #EEE; }
 input[disabled]        { color: #555; background-color: #EEE; }
@@ -3880,6 +3889,9 @@ function style_sheet() {//******************************************************
 input:focus  { background-color: rgb(255,250,150); border: 1px solid #333; }
 input:hover  { background-color: rgb(255,250,150); }
 
+/*-- Must be after input:focus, as it alters border --*/
+input[type="checkbox"] { cursor: pointer; border: none;}
+
 button:hover  { background-color: rgb(255,250,150); border-color: #333;}
 button:focus  { background-color: rgb(255,250,150); border-color: #333;}
 button:active { background-color: rgb(245,245,50);  border-color: #333;}
@@ -3970,7 +3982,7 @@ function style_sheet() {//******************************************************
 
 
 /*** Directory list file select boxes ***/
-/*ckbox is assigned to <td>'s & <th>'s that contain <input type=checkbox>*/
+/*ckbox is assigned to <div>'s etc that contain <input type=checkbox>*/
 .ckbox        {padding: 4px 4px 2px 4px; display: inline-block;}
 .ckbox:hover  {background-color: rgb(255,240,100);} 
 .ckbox:active {background-color: rgb(245,245, 50);}

From 551410a76fbeb50c58327555eadf13f12859d008 Mon Sep 17 00:00:00 2001
From: Self-Evident <selfevidenttruths@mail.com>
Date: Fri, 4 Apr 2014 00:30:00 -0400
Subject: [PATCH 199/228] Version 3.5.16 Improved logic for handling Left &
 Right arrow keys in Index_Page_events() Some js at end of file now echo'd by
 php, instead of dropping out of php with ?> Left some //##### comments in as
 reminders for potential improvements.

---
 info/changelog.markdown |  5 +++
 onefilecms.php          | 95 +++++++++++++++++++++++------------------
 readme.markdown         |  4 +-
 3 files changed, 60 insertions(+), 44 deletions(-)

diff --git a/info/changelog.markdown b/info/changelog.markdown
index 6ec4efd..f92be3e 100755
--- a/info/changelog.markdown
+++ b/info/changelog.markdown
@@ -1,5 +1,10 @@
 # OneFileCMS Change Log
 
+### v3.5.16 (2014-04-04)
+
+- Improved logic for handling Left & Rigth arrow keys in Index_Page_events()
+- Left some //##### comments in as reminders for potential improvements.
+
 ### v3.5.15 (2014-04-03)
 
 - Fixed a minor keyboard navigation bug on Index page if active copy of OnefileCMS is listed.
diff --git a/onefilecms.php b/onefilecms.php
index e661a3a..78191ea 100755
--- a/onefilecms.php
+++ b/onefilecms.php
@@ -2,7 +2,7 @@
 
 // OneFileCMS - github.com/Self-Evident/OneFileCMS
 
-$OFCMS_version = '3.5.15';
+$OFCMS_version = '3.5.16';
 
 /*******************************************************************************
 Except where noted otherwise:
@@ -909,7 +909,7 @@ function Verify_Page_Conditions() {//*******************************************
 	if ($page == "raw_view"){
 		$raw_contents = file_get_contents($filename_OS);
 		$file_ENC = mb_detect_encoding($raw_contents); //ASCII, UTF-8, etc...
-		header("Content-Type: text/plain charset=UTF-8");
+		header('Content-type: text/plain; charset=utf-8');
 		echo mb_convert_encoding($raw_contents, 'UTF-8', $file_ENC);
 		die;
 	}
@@ -1190,7 +1190,7 @@ function Current_Path_Header() {//**********************************************
 function Page_Header() {//******************************************************
 	global  $_, $DOC_ROOT, $ONESCRIPT, $page, $WEBSITE, $config_title, $OFCMS_version, $config_favicon, $TABINDEX, $message;
 
-	$TABINDEX = 1;
+	$TABINDEX = 1; //Initial tabindex
 
 	$favicon = '';
 	if (file_exists($DOC_ROOT.trim($config_favicon,'/'))) {
@@ -3017,7 +3017,7 @@ function Index_Page_events() {//************************************************
 
 function Tab_Down(ID, FR,shifted) { //********************************
 	//Handle the background colors of checkboxes' parent <div>'s & <label>'s.
-	//(checkboxes generally don't have "background colors" as far as styles go...)
+	//(checkboxes generally don't have "background colors" as far as css goes...)
 	//Current checkbox already cleared by onkeydown().
 
 	//Prep for Tab key...
@@ -3079,7 +3079,7 @@ function Tab_Down(ID, FR,shifted) { //********************************
 	document.getElementById('select_all_label').style.backgroundColor = "";
 	document.getElementById('folders_first_label').style.backgroundColor = "";
 
-}//end onclick() //***************************************************
+}//end onmousedown() //***********************************************
 
 
 
@@ -3112,38 +3112,52 @@ function Tab_Down(ID, FR,shifted) { //********************************
 	var FR = parseInt(ID.substr(1));
 	if (isNaN(FR) || (x_focus != "f")) {FR = -1;} //If not in file list...
 
-	//If current ID/element is checkbox, clear bgcolor of parent div (ckboxes don't have background colors), & it's label if...
+	//If current ID/element is checkbox, clear bgcolor of parent div (ckboxes don't have background colors).
 	var is_ckbox = (document.activeElement.type == "checkbox");
 	if (is_ckbox) {document.getElementById(ID).parentNode.style.backgroundColor = ""; }
 
-	//Always clear these labels (simply losing or changing focus() won't).
+	//Always clear these labels (simply losing focus() of their child checkboxes won't).
 	document.getElementById('select_all_label').style.backgroundColor = "";
 	document.getElementById('folders_first_label').style.backgroundColor = "";
 	
 	//If no files in current folder, [Move][Copy][Delete] won't exist (id's b1 b2 b3). Use [New Folder] (id="b4").
-	if (document.getElementById("b3")) {var button_row = "b2"} else {var button_row = "b4"}
+	if (document.getElementById("b2")) {var button_row = "b2"} else {var button_row = "b4"}
 
 	//Indicate if current focus is on one of the elements of the table header row. (true / false)
 	//Select All[ ] | [x](folders first) Name  (.ext) | Size |  Date  |
 	var focus_header = ((ID == "select_all_ckbox") || (ID == "folders_first_ckbox") || (ID == "header_filename") || 
 						(ID == "header_sorttype")  || (ID == "header_filesize")     || (ID == "header_filedate"));
 
-	//Prepare for Arrow Left/Right keys ...
-	//To simulate Tab/Shift-tab, get list of all tags & incement/decrement to their tabindex.
+	//Prep for Arrow Left/Right keys ...
+	//To simulate Tab/Shift-tab, get list of all tab-able tags & compare each tabindex to current tabindex.
+	//All tab-able tags should have a tabindex = 1, 2, 3... etc, with no duplicates.
 	if ((key == AL) || (key == AR)){
-		var FOCUS = document.activeElement.tabIndex;
-		var all_tags = document.getElementsByTagName('*');
-		var tag_count = all_tags.length;
+		var focus_tabindex = document.activeElement.tabIndex;
+		
+		//##### Make function for creation of tabindex_IDs[], and call at end of Build_Directory?
+		//##### Only really needed after sorts, not on each onkeydonw().
+		var all_tags     = document.getElementsByTagName('*');
+		var tag_count    = all_tags.length;
+		var tabindex_IDs = []; //Array of ID's of all tags with a tabindex, and indexed by tabindex.
+		//
+		//Create array of ID's of all tags with a tabindex. (all tabable elements should have a tabindex)
+		
+		for (var x = 0; x < tag_count; x++) {
+			if (all_tags[x].tabIndex > 0) {
+				tabindex_IDs[all_tags[x].tabIndex] = all_tags[x].id;
+			}
+		}
+		var last_tabindex = tabindex_IDs.length - 1; //[0] is not used, as no element should have tabindex=0.
 	}
 
-	//PROCESS KEYDOWN ... In general:
+	//PROCESS KEYDOWN EVENT... In general:
 	//  Tab- handle checkbox's (parent <div>'s & <label>'s), otherwise allow default action.
 	//  Esc simply removes focus from active element.
 	//	Home toggles between [webroot]/current/path/ and [../] (first file is list)
 	//	End goes only to last file in list.
-	//	Arrow Up/Down will loop from (top to bottom)/(bottom to top) of page.
-	//  Page Up/Down will likewise loop thru page.
-	//  Arrow Left/Right will function similarly to Tab/Shift-Tab, but stopping at first/last link on page.
+	//	Arrow Up/Down will loop from (top to bottom)/(bottom to top) of page (no hard stops).
+	//  Page Up/Down will likewise loop thru page, with soft-stops at first/last filenames.
+	//  Arrow Left/Right will function similarly to Tab/Shift-Tab, but hard stop at first/last link on page.
 
 	if      (key == TAB)  { Tab_Down(ID, FR, event.shiftKey); return; }
 	else if (key == ESC)  { document.activeElement.blur();    return; }
@@ -3155,19 +3169,10 @@ function Tab_Down(ID, FR,shifted) { //********************************
 		else					 {ID = "path_0"}
 	}
 	else if (key == AL) { 
-		for (var i = 0; i < tag_count; i++) {
-			if (all_tags[i].tabIndex == FOCUS) {
-				for (var j = i; j > 0; j--) {if (all_tags[j].tabIndex == (FOCUS - 1)) {ID = all_tags[j].id; break;}}
-			}
-		}
+		if (focus_tabindex > 1) {ID = tabindex_IDs[focus_tabindex - 1];}
 	}
 	else if (key == AR) {
-		if (ID == "admin") {ID = LAST_FILE;}
-		for (var i = 0; i < tag_count; i++) {
-			if (all_tags[i].tabIndex == FOCUS) {
-				for (var j = i; j < tag_count; j++) {if (all_tags[j].tabIndex == (FOCUS + 1)) {ID = all_tags[j].id; break;}}
-			}
-		}
+		if ( focus_tabindex < last_tabindex ) {ID = tabindex_IDs[focus_tabindex + 1];}
 	}
 	else if (ID == "admin") {
 		if      (key == AU) {ID = LAST_FILE}
@@ -3371,15 +3376,15 @@ function Assemble_Insert_row(IS_OFCMS, row, trow, href, f_or_f, filename, file_n
 	row++;
 
 	//[Move] [Copy] [Delete]  [x]
-	var ren_mov = del = checkbox = '';
+	var ren_mov  = copy = del = checkbox = '';
 
 	//Assemble [move] [copy] [delete] [x]   ([copy] is always available)
 	//The empty <a>'s are to accommodate keyboard nav via onkeydown() in Index_Page_events()...
 	if (!IS_OFCMS) {
-		ren_mov = '<a id=f' + row + 'c0 tabindex='+ (TABINDEX++) +' class=MCD href="' + href + '&amp;p=rename' + f_or_f + '"'+' title="<?php echo hsc($_['Ren_Move']) ?>">' + ICONS['ren_mov'] + '</a>';
+		ren_mov = '<a id=f' + row + 'c0 tabindex='+ (TABINDEX++) +' class=MCD href="' + href + '&amp;p=rename' + f_or_f + '" title="<?php echo hsc($_['Ren_Move']) ?>">' + ICONS['ren_mov'] + '</a>';
 	} else { ren_mov = '<a id=f' + row + 'c0 tabindex='+ (TABINDEX++) +'>&nbsp;</a>'}
 
-	var copy    = '<a id=f' + row + 'c1 tabindex='+ (TABINDEX++) +' class=MCD href="' + href + '&amp;p=copy'   + f_or_f + '" title="<?php echo hsc($_['Copy'])     ?>">' + ICONS['copy']    + '</a>';
+	copy        = '<a id=f' + row + 'c1 tabindex='+ (TABINDEX++) +' class=MCD href="' + href + '&amp;p=copy'   + f_or_f + '" title="<?php echo hsc($_['Copy'])     ?>">' + ICONS['copy']    + '</a>';
 
 	if (!IS_OFCMS) {
 		del     = '<a id=f' + row + 'c2 tabindex='+ (TABINDEX++) +' class=MCD href="' + href + '&amp;p=delete' + f_or_f + '" title="<?php echo hsc($_['Delete'])   ?>">' + ICONS['delete']  + '</a>';
@@ -4465,21 +4470,27 @@ function Load_style_sheet() {//*************************************************
 if ( ($page == "edit") && $WYSIWYG_VALID && $EDIT_WYSIWYG ) { include($WYSIWYG_PLUGIN_OS); }
 
 //Display any $message's
-?>
-<script>
-	var $page    = '<?php echo $page ?>';
-	var $message = '<?php echo addslashes($message) ?>';
+echo '<script>';
+echo 'var $page    = "'.$page.'";';
+echo 'var $message = "'.addslashes($message).'";';
+	    //Cause $message's $X_box to take focus on these pages only.
+echo 'if (($page == "index") || ($page == "edit")) {take_focus = 1}';
+echo 'else										   {take_focus = 0}';
 
-	<?php //Cause $message's $X_box to take focus on these pages only (if any $message, of course) ?>
-	if (($page == 'index') || ($page == 'edit')) {take_focus = 1;}
-	else										 {take_focus = 0;}
+	//##### ACTUAL COUNTDOWN STARTS ON THE SERVER.
+	//##### DO I NEED TO ACCOUNT FOR TIME RECEIVING & LOADING PAGE CLIENT SIDE?
+
+	//The setTimeout() time should be greater than what is set for the Sort_and_Show() "working..." message.
+echo 'setTimeout("Display_Messages($message, take_focus)",'.$DELAY_final_messages.');';
+echo '</script>';
 
-	<?php //The setTimeout() time should be greater than what is set for the Sort_and_Show() "working..." message. ?>
-	setTimeout('Display_Messages($message, take_focus)',<?php echo $DELAY_final_messages ?>);
-</script>
-<?php
 //start any timers (Yea, they could probably be put in a window.onload function or something...)
 if ($_SESSION['valid']) { echo Timeout_Timer($MAX_IDLE_TIME, 'timer0', 'LOGOUT'); }
 if ($page == 'edit')    { echo Timeout_Timer($MAX_IDLE_TIME, 'timer1', 'LOGOUT'); }
 if ($LOGIN_DELAYED > 0) { echo Timeout_Timer($LOGIN_DELAYED, 'timer0', ''); }
 //##### END OF FILE ############################################################
+
+//##### Header (UTF-8) for [View Raw] incorrect or not getting sent??
+//##### If file has non-ascii characters, browers display in ISO-8859-1/Windows-1252,
+//##### Except IE asks to download the file...
+//##### When I manually select UTF-8, files display fine.
diff --git a/readme.markdown b/readme.markdown
index 84651de..38d84e9 100755
--- a/readme.markdown
+++ b/readme.markdown
@@ -100,13 +100,13 @@ I may not have the time/bandwidth/inclination to implement every feature, but I
 
 ### <a name=multiuser></a>Can I have more than one username/password?
 
-Yes!  Well, sort of... indirectly.  Upload or create addional copies of OneFileCMS, but give them different file names.(ex: OneFile1.php and OneFile2.php etc...)  Then, in each copy, maintain different usernames, passwords, and $session_name config values.  
+Yes!  Well, sort of... indirectly.  Upload or create additional copies of OneFileCMS, but give them different file names.(ex: OneFile1.php and OneFile2.php etc...)  Then, in each copy, maintain different usernames, passwords, and $session_name config values.  
   
 Now, since there is no database or other means of granular control or access logging, multiple usernames provides limited utility.  However, having at least one working backup copy of OneFileCMS available is recommended in case the primary copy gets corrupted.
 
 ### <a name=handsaw></a>This is basically just a file manager with a text editor- why is it being called a CMS?
 
-Because it is. And it may be simple, but it can get the job done.  While you wouldn't want to build a new house from the ground up with just a hammer, hand saw, and tape measure, you can "manage" quite a bit with just those tools (and nails, of course).  Besides, "OneFileCMS" sounds cool. 
+Becaus "OneFileCMS" sounds cool.  And, because it is. It may be simple, but it can get the job done.  While you wouldn't want to build a new house from the ground up with just a hammer, hand saw, and tape measure, you can "manage" quite a bit with just those tools (and nails, of course).   
 
 
 ### <a name=slowlogin></a>Why do I get a "Stop running this script?" alert during login?

From d1b0bd328bbdc791ca6ecc07b57ec2aa934d9035 Mon Sep 17 00:00:00 2001
From: Self-Evident <selfevidenttruths@mail.com>
Date: Sun, 20 Apr 2014 17:50:00 -0400
Subject: [PATCH 200/228] Version 3.5.17 Moved ob_start() to very top of file.
 Moved basic security & error log settings to top of file, just after version
 #. Improved responses to Left & Right arrows by allowing for skips in
 tabindex's.  (ex: 1,2,3,5,6,10...) Index_Page_scripts() : Added
 $TABINDEX_XBOX for the message box '[X]' box. Display_Messages(): use
 $tabindex_xbox. Reordered onmousedown and on_Tab_down functions to that
 order. In on_Tab_down, renamed/gave a couple var's more intuitive names.
 Uncheck "Clear All" ckbox on resorts, as file ckboxes are. Adjusted some css.

---
 extras/OneFileCMS.css         |  30 ++--
 info/OneFileCMS_structure.txt |   4 +-
 info/changelog.markdown       |   4 +
 onefilecms.php                | 280 ++++++++++++++++++++--------------
 readme.markdown               |   8 +-
 5 files changed, 201 insertions(+), 125 deletions(-)

diff --git a/extras/OneFileCMS.css b/extras/OneFileCMS.css
index 5cc8850..85e6d80 100755
--- a/extras/OneFileCMS.css
+++ b/extras/OneFileCMS.css
@@ -1,5 +1,5 @@
 /*******************************************************************************
-Sample, OPTIONAL, external style sheet for OneFileCMS v3.5.15
+Sample, OPTIONAL, external style sheet for OneFileCMS v3.5.17
 *******************************************************************************/
 
 /* --- reset --- */
@@ -148,23 +148,28 @@ button:active { background-color: rgb(245,245,50);  border-color: #333;}
 .MCD:active {background-color: rgb(245,245, 50);}
 
 
-/*** [x] Folders First ***/
+/*** [x] (folders first) ***/
+
+#ff_ckbox_div {float: left;}
+
 #folders_first_label {
 	display: inline-block;
+	float: left;
 	font-size  : .9em;
 	font-weight: normal;
 	border     : solid 1px transparent;
 	color  : #333;
-	margin : 0 0 0 -5px;
-	padding: 4px 0 2px 0;
+	margin : 0 0 0 0;
+	padding: 4px 3px 2px 0;
 	cursor : pointer;
-}
+	}
 
 #folders_first_label:hover {
 	background-color  : rgb(255,250,150);
 	border-left-color : silver;
 	border-right-color: silver;
-}
+	}
+
 #folders_first_label:active {background-color  : rgb(245,245, 50);}
 
 
@@ -187,10 +192,17 @@ table.index_T th:hover { background-color: white;}
 .index_T td a {	display: block; border: none; padding: 2px 4px 2px 4px; overflow : hidden; }
 .index_T th a { padding: 1px 0 1px 0; border-width: 0px;}
 
-.index_T th.file_name   { text-align: left; }
-.index_T th.file_name a { display: inline-block; padding: 4px 2.5em 3px 1.5em; border-top-width: 0px; border-bottom-width: 0px;}
+th.file_name {min-width: 15em}
+
+.index_T th.file_name a {
+	display: inline-block;
+	padding: 4px 1em 3px 1em;
+	border-top-width: 0px;
+	border-bottom-width: 0px;
+	text-align: center;
+	}
 
-#header_filename       {border-width: 0 1px 0 1px; min-width: 2.5em;}
+#header_filename       {border-width: 0 1px 0 1px; display: block; overflow: auto;}
 #header_filename:hover {border-color: silver;}
 #header_filename:focus {border-color: silver;}
 
diff --git a/info/OneFileCMS_structure.txt b/info/OneFileCMS_structure.txt
index 103a782..7c225c2 100755
--- a/info/OneFileCMS_structure.txt
+++ b/info/OneFileCMS_structure.txt
@@ -1,4 +1,4 @@
-OneFileCMS Version 3.5.14 structure/layout
+OneFileCMS Version 3.5.17 structure/layout
 
 LICENSE
 
@@ -99,8 +99,8 @@ JAVASCRIPT FUNCTIONS:
 		Display_Messages()
 	Index_Page_events()
 		(various onclicks)
-		Tab_Down()
 		document.onmousedown()
+		on_Tab_down()
 		document.onkeydown
 	Index_Page_scripts()
 		Sort_FOlder_First()
diff --git a/info/changelog.markdown b/info/changelog.markdown
index f92be3e..8239f4a 100755
--- a/info/changelog.markdown
+++ b/info/changelog.markdown
@@ -1,5 +1,9 @@
 # OneFileCMS Change Log
 
+### v3.5.17 (2014-04-20)
+
+- Additional improvments to arrow key handling, particularly in regards to $message box.
+
 ### v3.5.16 (2014-04-04)
 
 - Improved logic for handling Left & Rigth arrow keys in Index_Page_events()
diff --git a/onefilecms.php b/onefilecms.php
index 78191ea..6436e39 100755
--- a/onefilecms.php
+++ b/onefilecms.php
@@ -1,8 +1,28 @@
-<?php mb_internal_encoding('utf-8');  $message = ""; //initialize here so can .= at any point later.
+<?php ob_start(); mb_internal_encoding('utf-8');  $message = ""; //initialize $message here so can .= at any point later.
 
 // OneFileCMS - github.com/Self-Evident/OneFileCMS
 
-$OFCMS_version = '3.5.16';
+$OFCMS_version = '3.5.17';
+
+
+
+
+//******************************************************************************
+//Some basic security & error log settings
+//
+//ob_start(); //Catch any early output. Closed prior to page output. Moved to top of file.
+ini_set('session.use_trans_sid', 0);    //make sure URL supplied SESSID's are not used
+ini_set('session.use_only_cookies', 1); //make sure URL supplied SESSID's are not used
+error_reporting(E_ALL & ~E_STRICT);     //(E_ALL &~ E_STRICT) for everything, 0 for none.
+ini_set('display_errors', 'on');
+ini_set('log_errors'    , 'off');
+ini_set('error_log'     , $_SERVER['SCRIPT_FILENAME'].'.ERROR.log');
+//Determine good folder for session file? Default is tmp/, which is not secure, but it may not be a serious concern.
+//session_save_path($safepath)  or  ini_set('session.save_path', $safepath)
+//******************************************************************************
+
+
+
 
 /*******************************************************************************
 Except where noted otherwise:
@@ -32,6 +52,7 @@
 *******************************************************************************/
 
 
+
 /*******************************************************************************
 A portion of this software is copyright under terms of the "BSD" license (below).
 The copyright holders of that portion are indicated near where that portion is included.
@@ -62,21 +83,6 @@
 
 
 
-//Some basic security & error log settings**************************************
-ob_start(); //Catch any early output. Closed prior to page output.
-ini_set('session.use_trans_sid', 0);    //make sure URL supplied SESSID's are not used
-ini_set('session.use_only_cookies', 1); //make sure URL supplied SESSID's are not used
-error_reporting(E_ALL & ~E_STRICT);     //(E_ALL &~ E_STRICT) for everything, 0 for none.
-ini_set('display_errors', 'on');
-ini_set('log_errors'    , 'off');
-ini_set('error_log'     , $_SERVER['SCRIPT_FILENAME'].'.ERROR.log');
-//Determine good folder for session file? Default is tmp/, which is not secure, but it may not be a serious concern.
-//session_save_path($safepath)  or  ini_set('session.save_path', $safepath)
-//******************************************************************************
-
-
-
-
 // USER CONFIGURABLE INFO ******************************************************
 $config_title = "OneFileCMS";
 
@@ -181,7 +187,8 @@ function System_Setup() {//*****************************************************
 	$phpversion = explode('.', PHP_VERSION);
 	define('PHP_VERSION_ID', ($phpversion[0] * 10000 + $phpversion[1] * 100 + $phpversion[2]));
 }
-if( PHP_VERSION_ID < PHP_VERSION_ID_REQUIRED ) {exit( 'PHP '.PHP_VERSION.'<br>'.hsc($_['OFCMS_requires']).' '.PHP_VERSION_REQUIRED );
+if( PHP_VERSION_ID < PHP_VERSION_ID_REQUIRED ) {
+	exit( 'PHP '.PHP_VERSION.'<br>'.hsc($_['OFCMS_requires']).' '.PHP_VERSION_REQUIRED );
 }
 
 
@@ -303,7 +310,7 @@ function System_Setup() {//*****************************************************
 
 function Default_Language() { // ***********************************************
 	global $_;
-// OneFileCMS Language Settings v3.5.07
+// OneFileCMS Language Settings v3.5.17
 
 $_['LANGUAGE'] = 'English';
 $_['LANG'] = 'EN';
@@ -1369,11 +1376,13 @@ function icon_folder($extra = "") {//**********************************
 	$ICONS['move']    = icon_folder($arc_arrow);
 	$ICONS['copy']    = '<svg version="1.1" width="12" height="12"><g transform="translate(1,1)">'.$circle_plus_rev.'</g></svg>';
 	$ICONS['delete']  = '<svg version="1.1" width="12" height="12"><g transform="translate(1,1)">'.$circle_x.'</g></svg>';
+	$ICONS['up_dir']  = icon_folder('<g transform="scale(1.1) translate(1.75,2) rotate(-45, 5, 5)">'.$up_arrow.'</g>');
 
 	if (!supports_svg()) { //Text "icons" if SVG not supported.  Mostly for IE < 9
 		foreach ($ICONS as $key=> $value) { $ICONS[$key] = ""; }
-		$ICONS['dir']    = '[+]';
-		$ICONS['folder'] = '[+]';
+		$ICONS['up_dir']  = '[&lt;]';
+		$ICONS['dir']	  = '[+]';
+		$ICONS['folder']  = '[+]';
 		$ICONS['ren_mov'] = '<span class="RCD1 R">&gt;</span>';
 		$ICONS['move']    = '<span class="RCD1 R">&gt;</span>';
 		$ICONS['copy']    = '<span class="RCD1 C">+</span>';
@@ -1786,7 +1795,7 @@ function Login_response() {//***************************************************
 
 
 function Create_Table_for_Listing() {//*****************************************
-	global$_, $ONEFILECMS, $ipath, $ipath_OS, $DOC_ROOT_OS, $ICONS, $TABINDEX;
+	global$_, $ONEFILECMS, $ipath, $ipath_OS, $DOC_ROOT_OS, $ICONS, $TABINDEX, $ACCESS_ROOT;
 
 	//Header row: | Select All|[ ]|[X](folders first)      Name      (ext) |   Size   |    Date    |
 
@@ -1797,25 +1806,47 @@ function Create_Table_for_Listing() {//*****************************************
 ?>
 	<INPUT TYPE=hidden NAME="files[]" VALUE="">
 
-	<table class="index_T">
+	<?php //RE: $TABINDEX's below
+		// In order to have ['Name'] (it's background) expand to fill available space in header,
+		// (ext) is float'ed right, but has to be listed first, before ['Name'].
+		// However, tabindex's need to be in order as displayed, not in order as listed in source.
+	?>
 
+	<table class="index_T">
 	<tr>
-	<th colspan=3 id=select_all_th><LABEL for=select_all_ckbox id=select_all_label><?php echo hsc($_['Select_All']) ?></LABEL></th>
-	<th><div class=ckbox><INPUT id=select_all_ckbox tabindex=<?php echo $TABINDEX++ ?> TYPE=checkbox NAME=select_all VALUE=select_all></div></th>
+	<th colspan=3><LABEL for=select_all_ckbox id=select_all_label><?php echo hsc($_['Select_All']) ?></LABEL></th>
+	<th><div class=ckbox>
+			<INPUT id=select_all_ckbox tabindex=<?php echo $TABINDEX++ ?> TYPE=checkbox NAME=select_all VALUE=select_all>
+		</div>
+	</th>
 	<th class=file_name>
-		<div class=ckbox><INPUT tabindex=<?php echo $TABINDEX++?> TYPE=checkbox
-			id=folders_first_ckbox NAME=folder_first VALUE=folders_first checked></div>
-	<label for=folders_first_ckbox id=folders_first_label title="<?php  echo hsc($_['folders_first_info']) ?>">(<?php echo hsc($_['folders_first']) ?>)</label
-	><a 				   tabindex=<?php echo $TABINDEX++?> href="#" id=header_filename><?php echo hsc($_['Name']) ?></a><a
-						   tabindex=<?php echo $TABINDEX++?> href="#" id=header_sorttype>(<?php echo hsc($_['ext']) ?>)</a></th>
+		<div id=ff_ckbox_div class=ckbox>
+			<INPUT tabindex=<?php echo $TABINDEX++?> TYPE=checkbox id=folders_first_ckbox NAME=folders_first VALUE=folders_first checked>
+		</div>
+		<label for=folders_first_ckbox id=folders_first_label title="<?php  echo hsc($_['folders_first_info']) ?>">
+			(<?php echo hsc($_['folders_first']) ?>)
+		</label>
+		<a tabindex=<?php echo ($TABINDEX + 1)?> href="#" id=header_sorttype>(<?php echo hsc($_['ext']) ?>)</a>
+		<a tabindex=<?php echo $TABINDEX++?>     href="#" id=header_filename><?php echo hsc($_['Name']) ?></a>
+		<?php $TABINDEX++ // ?>
+	</th>
 	<th class=file_size><a tabindex=<?php echo $TABINDEX++?> href="#" id=header_filesize><?php echo hsc($_['Size']) ?></a></th>
 	<th class=file_time><a tabindex=<?php echo $TABINDEX++?> href="#" id=header_filedate><?php echo hsc($_['Date']) ?></a></th>
 	</tr>
 
 	<tr><?php // "../" directory entry ?>
-		<td colspan=4></td><td><a id=f0 tabindex=<?php echo $TABINDEX++?> href="<?php echo $ONEFILECMS.'?i='.$new_path.'">'.$ICONS['dir'] ?> ../</a></td>
+		<td colspan=4></td>
+		<td>
+<?php		if ($ipath == $ACCESS_ROOT) {
+				echo '<a id=f0 tabindex='.$TABINDEX++.'>&nbsp;</a>';
+			}
+			else {
+				echo '<a id=f0 tabindex='.$TABINDEX++.' href="'.$ONEFILECMS.'?i='.$new_path.'"> <b>..</b> /</a>'; //#### '.$ICONS['up_dir'].'
+			}
+?>		</td>
+		<td></td>
 		<td></td>
-		<td class="meta_T file_time"> &nbsp;<script>FileTimeStamp(<?php echo filemtime($new_path_OS); ?>, 1, 0, 1);</script></td><tr>
+	<tr>
 
 	<?php //Directory & footer content will be inserted later. ?>
 	<tbody id=DIRECTORY_LISTING></tbody>
@@ -1849,7 +1880,7 @@ function Get_DIRECTORY_DATA($raw_list) {//**************************************
 		//Get file .ext & check against $stypes (files types to show)
 		$filename_parts = explode(".", mb_strtolower($filename));
 		
-		//First check for no $ext:  "filename"  or ".filename"
+		//Check for no $ext:  "filename"  or ".filename"
 		$segments = count($filename_parts);
 		if( $segments === 1 || (($segments === 2) && ($filename_parts[0] === "")) ) {
 				 $ext =  '';
@@ -2772,19 +2803,19 @@ function Respond_to_POST() {//**************************************************
 function init_ICONS_js() {//****************************************************
 	global $ICONS;
 
-	//Currently, only icons for dir listing needed in js
+	//Currently, only icons for dir listing are needed in js
 ?>
 <script>
 var ICONS = new Array();
-ICONS['bin'] = '<?php echo $ICONS["bin"] ?>';
-ICONS['z']   = '<?php echo $ICONS["z"] ?>';
-ICONS['img'] = '<?php echo $ICONS["img"] ?>';
-ICONS['svg'] = '<?php echo $ICONS["svg"] ?>';
-ICONS['txt'] = '<?php echo $ICONS["txt"] ?>';
-ICONS['htm'] = '<?php echo $ICONS["htm"] ?>';
-ICONS['php'] = '<?php echo $ICONS["php"] ?>';
-ICONS['css'] = '<?php echo $ICONS["css"] ?>';
-ICONS['cfg'] = '<?php echo $ICONS["cfg"] ?>';
+ICONS['bin']	 = '<?php echo $ICONS["bin"]	 ?>';
+ICONS['z']		 = '<?php echo $ICONS["z"]		 ?>';
+ICONS['img']	 = '<?php echo $ICONS["img"]	 ?>';
+ICONS['svg']	 = '<?php echo $ICONS["svg"]	 ?>';
+ICONS['txt']	 = '<?php echo $ICONS["txt"]	 ?>';
+ICONS['htm']	 = '<?php echo $ICONS["htm"]	 ?>';
+ICONS['php']	 = '<?php echo $ICONS["php"]	 ?>';
+ICONS['css']	 = '<?php echo $ICONS["css"]	 ?>';
+ICONS['cfg']	 = '<?php echo $ICONS["cfg"]	 ?>';
 ICONS['dir']     = '<?php echo $ICONS["dir"]     ?>';
 ICONS['folder']  = '<?php echo $ICONS["folder"]  ?>';
 ICONS['ren_mov'] = '<?php echo $ICONS["ren_mov"] ?>';
@@ -2957,7 +2988,9 @@ function FileTimeStamp(php_filemtime, show_date, show_offset, write_return){
 
 
 
-function Display_Messages($msg, take_focus) {//************************
+function Display_Messages($msg, take_focus) {//***********************
+
+	$tabindex_xbox = typeof $tabindex_xbox !== 'undefined' ? $tabindex_xbox : 0;
 
 	var $page     = '<?php echo $page ?>';
 	var new_focus = '';
@@ -2970,7 +3003,7 @@ function Display_Messages($msg, take_focus) {//************************
 	else if ($page == 'hash')  { new_focus = 'whattohash'; }
 	else if ($page == 'admin') { new_focus = 'close'; }
 
-	var $X_box		 = '<button type=button id="X_box">x</button>';
+	var $X_box		 = '<button tabindex=' + $tabindex_xbox + ' type=button id="X_box">x</button>';
 	var $MESSAGE	 = '<div class=message_box_contents>' + $msg + '</div>';
 	var $message_box = document.getElementById("message_box");
 	var $new_focus	 = document.getElementById(new_focus)
@@ -3015,7 +3048,25 @@ function Index_Page_events() {//************************************************
 
 
 
-function Tab_Down(ID, FR,shifted) { //********************************
+document.onmousedown = function (event) { //************************
+	//Mouse clicks may remove focus from focused elements, including checkboxes, 
+	//but don't clear the manual "highlight" of the parent div's & label's of checkbox's
+
+	//Clear parent div of a checkbox
+	var ID = document.activeElement.id;
+	if (document.activeElement.type == 'checkbox') {
+		document.getElementById(ID).parentNode.style.backgroundColor = "";
+	}
+
+	//Clear labels...  (don't check, just clear 'em)
+	document.getElementById('select_all_label').style.backgroundColor = "";
+	document.getElementById('folders_first_label').style.backgroundColor = "";
+
+}//end onmousedown() //***********************************************
+
+
+
+function on_Tab_down(ID, FR,shifted) { //*****************************
 	//Handle the background colors of checkboxes' parent <div>'s & <label>'s.
 	//(checkboxes generally don't have "background colors" as far as css goes...)
 	//Current checkbox already cleared by onkeydown().
@@ -3024,18 +3075,18 @@ function Tab_Down(ID, FR,shifted) { //********************************
 	//Default tab action occurrs on keyUP, so "new" location is not known in onkeydown().
 	//So, if current focus is ck_box, clear bg, else if we're heading there, set bg.
 	//Tab from L, Current ID will be "f<FR>c2"
-	//Tab from R: Current ID/element is "f<FR>"
+	//Tab from R: Current ID is "f<FR>"
 	var fFR   = "f" + FR        //Filename
-	var fFRc2 = "f" + FR + "c2" //(x) Delete
-	var fFRc3 = "f" + FR + "c3" //[ ] Checkbox
-	var ck_box = document.getElementById(fFRc3);
+	var ckbox = "f" + FR + "c3" //[ ] Checkbox
+	var del   = "f" + FR + "c2" //(x) Delete
 
+	var ck_box = document.getElementById(ckbox);
 	var highlight = "rgb(255,250,150)";
 
 	if      (!shifted)  { //just Tab
-		if      (ID == fFRc3) { ck_box.parentNode.style.backgroundColor = "";}
-		else if (ID == fFRc2) { ck_box.parentNode.style.backgroundColor = highlight; }
-		else if (ID == "b6" ) {
+		if      (ID == ckbox) { ck_box.parentNode.style.backgroundColor = "";}
+		else if (ID == del  ) { ck_box.parentNode.style.backgroundColor = highlight; }
+		else if (ID == "b6" ) { //[New Folder]
 			document.getElementById('select_all_ckbox').parentNode.style.backgroundColor = highlight;
 			document.getElementById('select_all_label').style.backgroundColor = highlight;
 		}
@@ -3047,7 +3098,7 @@ function Tab_Down(ID, FR,shifted) { //********************************
 		return;
 	}
 	else if (shifted)  { //Shift-Tab
-		if       (ID == fFRc3){ ck_box.parentNode.style.backgroundColor = "";}
+		if       (ID == ckbox){ ck_box.parentNode.style.backgroundColor = "";}
 		else if ((ID == fFR) && (FR > 0) ) { ck_box.parentNode.style.backgroundColor = highlight; }
 		else if  (ID == "header_filename")  {
 			document.getElementById('folders_first_ckbox').parentNode.style.backgroundColor = highlight;
@@ -3061,25 +3112,7 @@ function Tab_Down(ID, FR,shifted) { //********************************
 		return;
 	}
 
-}//end Tab_Down() { //************************************************
-
-
-
-document.onmousedown = function (event) { //************************
-	//Mouse clicks may remove focus from focused elements, including checkboxes, 
-	//but don't clear the manual "highlight" of the parent div's & label's of checkbox's
-
-	//Clear parent div of a checkbox
-	var ID = document.activeElement.id;
-	if (document.activeElement.type == 'checkbox') {
-		document.getElementById(ID).parentNode.style.backgroundColor = "";
-	}
-
-	//Clear labels...  (don't check, just clear them all)
-	document.getElementById('select_all_label').style.backgroundColor = "";
-	document.getElementById('folders_first_label').style.backgroundColor = "";
-
-}//end onmousedown() //***********************************************
+}//end on_Tab_down() { //*********************************************
 
 
 
@@ -3107,7 +3140,7 @@ function Tab_Down(ID, FR,shifted) { //********************************
 	//Get id of current focus (before this event). If focus is in file list, ID = 'fn', or 'fnn', etc.
 	var ID      = document.activeElement.id;
 	var x_focus = ID.substr(0,1);
-	
+
 	//(F)ile (R)ow = 0,1, ... FROWS
 	var FR = parseInt(ID.substr(1));
 	if (isNaN(FR) || (x_focus != "f")) {FR = -1;} //If not in file list...
@@ -3129,28 +3162,25 @@ function Tab_Down(ID, FR,shifted) { //********************************
 						(ID == "header_sorttype")  || (ID == "header_filesize")     || (ID == "header_filedate"));
 
 	//Prep for Arrow Left/Right keys ...
-	//To simulate Tab/Shift-tab, get list of all tab-able tags & compare each tabindex to current tabindex.
+	//To simulate Tab/Shift-tab, get list of all tab-able tags.
+	//Below, will compare each tabindex to current tabindex, and allow for skips in tabindex.
 	//All tab-able tags should have a tabindex = 1, 2, 3... etc, with no duplicates.
 	if ((key == AL) || (key == AR)){
 		var focus_tabindex = document.activeElement.tabIndex;
 		
-		//##### Make function for creation of tabindex_IDs[], and call at end of Build_Directory?
-		//##### Only really needed after sorts, not on each onkeydonw().
+		//Need to check all elements on each onkeydown(), in case things change (like closing of message box).
 		var all_tags     = document.getElementsByTagName('*');
 		var tag_count    = all_tags.length;
-		var tabindex_IDs = []; //Array of ID's of all tags with a tabindex, and indexed by tabindex.
-		//
-		//Create array of ID's of all tags with a tabindex. (all tabable elements should have a tabindex)
+		var tabindex_IDs = []; //Array of ID's of all tags with a tabindex, indexed by tabindex.
 		
+		//Create array of the ID's of all tags with a tabindex. (All tabable elements should have a tabindex set.)
 		for (var x = 0; x < tag_count; x++) {
-			if (all_tags[x].tabIndex > 0) {
-				tabindex_IDs[all_tags[x].tabIndex] = all_tags[x].id;
-			}
+			ti = all_tags[x].tabIndex;
+			if (ti > 0) { tabindex_IDs[ti] = all_tags[x].id; }
 		}
-		var last_tabindex = tabindex_IDs.length - 1; //[0] is not used, as no element should have tabindex=0.
 	}
 
-	//PROCESS KEYDOWN EVENT... In general:
+	//PROCESS THE KEYDOWN EVENT... In general:
 	//  Tab- handle checkbox's (parent <div>'s & <label>'s), otherwise allow default action.
 	//  Esc simply removes focus from active element.
 	//	Home toggles between [webroot]/current/path/ and [../] (first file is list)
@@ -3159,7 +3189,7 @@ function Tab_Down(ID, FR,shifted) { //********************************
 	//  Page Up/Down will likewise loop thru page, with soft-stops at first/last filenames.
 	//  Arrow Left/Right will function similarly to Tab/Shift-Tab, but hard stop at first/last link on page.
 
-	if      (key == TAB)  { Tab_Down(ID, FR, event.shiftKey); return; }
+	if      (key == TAB)  { on_Tab_down(ID, FR, event.shiftKey); return; }
 	else if (key == ESC)  { document.activeElement.blur();    return; }
 	else if (key == END)  { if (ID != LAST_FILE) {ID = LAST_FILE} else {return} }
 	else if (key == HOME) {
@@ -3168,11 +3198,17 @@ function Tab_Down(ID, FR,shifted) { //********************************
 		else if (FR  > 0)        {ID = "f0";}
 		else					 {ID = "path_0"}
 	}
-	else if (key == AL) { 
-		if (focus_tabindex > 1) {ID = tabindex_IDs[focus_tabindex - 1];}
+	else if (key == AL) {
+		//Find first tab-able element to the left (usually just (focus_tabindex - 1))
+		for (var new_index = (focus_tabindex - 1); new_index > 0; new_index--) {
+			if (tabindex_IDs[new_index]) { ID = tabindex_IDs[new_index]; break; }
+		}
 	}
 	else if (key == AR) {
-		if ( focus_tabindex < last_tabindex ) {ID = tabindex_IDs[focus_tabindex + 1];}
+		//Find first tab-able element to the right (usually just (focus_tabindex + 1))
+		for (var new_index = (focus_tabindex + 1); new_index < tabindex_IDs.length; new_index++) {
+			if (tabindex_IDs[new_index]) { ID = tabindex_IDs[new_index]; break; }
+		}
 	}
 	else if (ID == "admin") {
 		if      (key == AU) {ID = LAST_FILE}
@@ -3212,9 +3248,9 @@ function Tab_Down(ID, FR,shifted) { //********************************
 		else if (key == PD) { ID = "path_0" }
 	}
 	else if (FR > 0){ //Middle rows...
-		if		(key == AU) { FR--;				         ID = "f" + FR						   }
-		else if	(key == PU) { FR -= jump; if (FR >= 0)     {ID = "f" + FR} else {ID = "f0"}	   }
-		else if (key == AD) { FR++; 	   if (FR <= FROWS) {ID = "f" + FR} else {ID = "path_0"; } }
+		if		(key == AU) { FR--;							ID = "f" + FR						  }
+		else if	(key == PU) { FR -= jump; if (FR >= 0)     {ID = "f" + FR} else {ID = "f0"}	  	  }
+		else if (key == AD) { FR++; 	  if (FR <= FROWS) {ID = "f" + FR} else {ID = "path_0"; } }
 		else if (key == PD) { FR += jump; if (FR <= FROWS) {ID = "f" + FR} else {ID = LAST_FILE;} }
 	}
 	else if (FR == -1) {ID = "path_0"}     //Anyplace other than path_header, buttons, table
@@ -3228,7 +3264,7 @@ function Tab_Down(ID, FR,shifted) { //********************************
 
 	document.getElementById(ID).focus();
 
-	//If new ID/element is checkbox, set bgcolor of parent div (ckboxes don't have background colors), & it's label if apropo.
+	//If new ID/element is checkbox, set bgcolor of parent div & it's label (ckboxes don't have background colors).
 	if (document.activeElement.type == "checkbox") {document.getElementById(ID).parentNode.style.backgroundColor = highlight;}
 	if (ID == "select_all_ckbox")    {document.getElementById('select_all_label').style.backgroundColor = highlight;}
 	if (ID == "folders_first_ckbox") {document.getElementById('folders_first_label').style.backgroundColor = highlight;}
@@ -3303,17 +3339,22 @@ function Sort_Folders_First() {//*************************************
 
 function sort_DIRECTORY(col, direction) {//***************************
 
+	if (DIRECTORY_DATA.length < 2) {return} //can't sort 1 or zero items.
+
 	//sort DIRECTORY_DATA[] by col and direction
 	
 	//col: 1 for "file name", 2 for filesize, 3 for timestamp, 5 for "ext"
 	//derection: 0 = desending, 1 = ascending, 2 = flip, 3 = flip only if new col != SORT_by
 
-	//SORT_by, SORT_order, SORT_folders_1st: values set by prior (or initial) sort.
+	//SORT_by, SORT_order, and SORT_folders_1st: values set by prior (or initial) sort.
 
 	//If needed, set default col and/or direction.
 	col       = typeof col       !== 'undefined' ? col       : 1;
 	direction = typeof direction !== 'undefined' ? direction : ASCENDING;
 
+	//Filename ckboxes are cleared automatically on a resort, in Assemble_Insert_row(), so this needs cleared also.
+	Select_All_ckbox.checked = false;
+
 	//If new sort column, sort ascending. (FLIP overides, but is not currently used.)
 	if ((col != SORT_by) && (direction != FLIP)) { direction = ASCENDING; SORT_by = col; } 
 
@@ -3381,13 +3422,15 @@ function Assemble_Insert_row(IS_OFCMS, row, trow, href, f_or_f, filename, file_n
 	//Assemble [move] [copy] [delete] [x]   ([copy] is always available)
 	//The empty <a>'s are to accommodate keyboard nav via onkeydown() in Index_Page_events()...
 	if (!IS_OFCMS) {
-		ren_mov = '<a id=f' + row + 'c0 tabindex='+ (TABINDEX++) +' class=MCD href="' + href + '&amp;p=rename' + f_or_f + '" title="<?php echo hsc($_['Ren_Move']) ?>">' + ICONS['ren_mov'] + '</a>';
-	} else { ren_mov = '<a id=f' + row + 'c0 tabindex='+ (TABINDEX++) +'>&nbsp;</a>'}
+		ren_mov  = '<a id=f' + row + 'c0 tabindex='+ (TABINDEX++) +' class=MCD href="' + href + '&amp;p=rename' + f_or_f + '" title="<?php echo hsc($_['Ren_Move']) ?>">' + ICONS['ren_mov'] + '</a>';
+	} else {
+		ren_mov  = '<a id=f' + row + 'c0 tabindex='+ (TABINDEX++) +'>&nbsp;</a>'
+	}
 
-	copy        = '<a id=f' + row + 'c1 tabindex='+ (TABINDEX++) +' class=MCD href="' + href + '&amp;p=copy'   + f_or_f + '" title="<?php echo hsc($_['Copy'])     ?>">' + ICONS['copy']    + '</a>';
+	copy         = '<a id=f' + row + 'c1 tabindex='+ (TABINDEX++) +' class=MCD href="' + href + '&amp;p=copy'   + f_or_f + '" title="<?php echo hsc($_['Copy'])     ?>">' + ICONS['copy']    + '</a>';
 
 	if (!IS_OFCMS) {
-		del     = '<a id=f' + row + 'c2 tabindex='+ (TABINDEX++) +' class=MCD href="' + href + '&amp;p=delete' + f_or_f + '" title="<?php echo hsc($_['Delete'])   ?>">' + ICONS['delete']  + '</a>';
+		del      = '<a id=f' + row + 'c2 tabindex='+ (TABINDEX++) +' class=MCD href="' + href + '&amp;p=delete' + f_or_f + '" title="<?php echo hsc($_['Delete'])   ?>">' + ICONS['delete']  + '</a>';
 		checkbox = '<div class=ckbox><INPUT id=f' + row + 'c3 tabindex='+ (TABINDEX++) +' TYPE=checkbox class=select_file NAME="files[]"  VALUE="'+ hsc(filename) +'"></div>';
 	} else {
 		del      = '<a id=f' + row + 'c2 tabindex='+ (TABINDEX++) +'>&nbsp;</a>'
@@ -3998,23 +4041,28 @@ function style_sheet() {//******************************************************
 .MCD:active {background-color: rgb(245,245, 50);}
 
 
-/*** [x] Folders First ***/
+/*** [x] (folders first) ***/
+
+#ff_ckbox_div {float: left;}
+
 #folders_first_label {
 	display: inline-block;
+	float: left;
 	font-size  : .9em;
 	font-weight: normal;
 	border     : solid 1px transparent;
 	color  : #333;
-	margin : 0 0 0 -5px;
-	padding: 4px 0 2px 0;
+	margin : 0 0 0 0;
+	padding: 4px 3px 2px 0;
 	cursor : pointer;
-}
+	}
 
 #folders_first_label:hover {
 	background-color  : rgb(255,250,150);
 	border-left-color : silver;
 	border-right-color: silver;
-}
+	}
+
 #folders_first_label:active {background-color  : rgb(245,245, 50);}
 
 
@@ -4037,10 +4085,17 @@ function style_sheet() {//******************************************************
 .index_T td a {	display: block; border: none; padding: 2px 4px 2px 4px; overflow : hidden; }
 .index_T th a { padding: 1px 0 1px 0; border-width: 0px;}
 
-.index_T th.file_name   { text-align: left; }
-.index_T th.file_name a { display: inline-block; padding: 4px 2.5em 3px 1.5em; border-top-width: 0px; border-bottom-width: 0px;}
+th.file_name {min-width: 15em}
+
+.index_T th.file_name a {
+	display: inline-block;
+	padding: 4px 1em 3px 1em;
+	border-top-width: 0px;
+	border-bottom-width: 0px;
+	text-align: center;
+	}
 
-#header_filename       {border-width: 0 1px 0 1px; min-width: 2.5em;}
+#header_filename       {border-width: 0 1px 0 1px; display: block; overflow: auto;}
 #header_filename:hover {border-color: silver;}
 #header_filename:focus {border-color: silver;}
 
@@ -4443,6 +4498,7 @@ function Load_style_sheet() {//*************************************************
 
 if ($_SESSION['valid'] && $Show_Path) { Current_Path_Header(); }
 
+$TABINDEX_XBOX = $TABINDEX++; //Messages, and the [X] box, not displayed until later.
 echo '<div id="message_box"></div>';
 
 Load_Selected_Page();
@@ -4454,7 +4510,8 @@ function Load_style_sheet() {//*************************************************
 	echo '<span id=timer0  class="timer timeout"></span>';
 	echo '<span class="timeout">'.hsc($_['time_out_txt']).'&nbsp; </span>';
 
-	//Add tabindex to Admin link only on Index page. The *5 is to account for [m][c][d][x] and file names.
+	//Adjust tabindex to account for [m][c][d][x] and file names in directory list.
+	//(Directory list created via js, so $TAB_INDEX is also passed to, and handled by, js at that point.)
 	if (isset($DIRECTORY_COUNT)) {$TAB_INDEX = "tabindex=".($TABINDEX + ($DIRECTORY_COUNT * 5));}
 	else                         {$TAB_INDEX = ""; }
 
@@ -4471,6 +4528,7 @@ function Load_style_sheet() {//*************************************************
 
 //Display any $message's
 echo '<script>';
+echo 'var $tabindex_xbox = '.$TABINDEX_XBOX.';'; //Used in Display_Messages()
 echo 'var $page    = "'.$page.'";';
 echo 'var $message = "'.addslashes($message).'";';
 	    //Cause $message's $X_box to take focus on these pages only.
@@ -4480,8 +4538,8 @@ function Load_style_sheet() {//*************************************************
 	//##### ACTUAL COUNTDOWN STARTS ON THE SERVER.
 	//##### DO I NEED TO ACCOUNT FOR TIME RECEIVING & LOADING PAGE CLIENT SIDE?
 
-	//The setTimeout() time should be greater than what is set for the Sort_and_Show() "working..." message.
-echo 'setTimeout("Display_Messages($message, take_focus)",'.$DELAY_final_messages.');';
+	//The setTimeout() delay should be greater than what is set for the Sort_and_Show() "working..." message.
+echo 'setTimeout("Display_Messages($message, take_focus)", '.$DELAY_final_messages.');';
 echo '</script>';
 
 //start any timers (Yea, they could probably be put in a window.onload function or something...)
@@ -4492,5 +4550,5 @@ function Load_style_sheet() {//*************************************************
 
 //##### Header (UTF-8) for [View Raw] incorrect or not getting sent??
 //##### If file has non-ascii characters, browers display in ISO-8859-1/Windows-1252,
-//##### Except IE asks to download the file...
-//##### When I manually select UTF-8, files display fine.
+//##### Except IE, which asks to download the file...
+//##### When browsers manually set to UTF-8, files display fine.
diff --git a/readme.markdown b/readme.markdown
index 38d84e9..cf42631 100755
--- a/readme.markdown
+++ b/readme.markdown
@@ -34,9 +34,9 @@ With basic editing, upload, and file managing functions, OneFileCMS can maintain
 ## <a name=features></a>Features
  
 - All the basic file management features like renaming, moving, copying, deleting, and uploading.
+- A basic text editor.
 - Sort directory listings by file name, extension, size, or date.
 - Keyboard navigation of directory list. (Arrows, Page Up/Down, Home, End)
-- A basic text editor.
 - A WYSIWYG editor may be added as a plugin.
 - A login delay after too many invalid login attempts.
 - Adjustable idle time before auto-logout.
@@ -65,7 +65,7 @@ You can also change the file name from "onefilecms.php" to something else, such
 
 - PHP 5.1+
   (Only tested on versions 5.2.8, 5.2.17, 5.3.3, and 5.4 + )
-- A Javascript enabled browswer.
+- A Javascript enabled browser.
 - Most modern browsers probably work, but I only test on Firefox, Chrome, and IE 8.
 - And if you wish to see the icons- a browser that supports inline SVG.  
   (If your browser doesn't support inline SVG, OneFileCMS will still work, just without any icons.)
@@ -106,7 +106,9 @@ Now, since there is no database or other means of granular control or access log
 
 ### <a name=handsaw></a>This is basically just a file manager with a text editor- why is it being called a CMS?
 
-Becaus "OneFileCMS" sounds cool.  And, because it is. It may be simple, but it can get the job done.  While you wouldn't want to build a new house from the ground up with just a hammer, hand saw, and tape measure, you can "manage" quite a bit with just those tools (and nails, of course).   
+Because it is. It may be simple, but it can get the job done.  While you wouldn't want to build a new house from the ground up with just a hammer, hand saw, and tape measure, you can "manage" quite a bit with just those tools.  
+
+And, because "OneFileCMS" sounds cool.
 
 
 ### <a name=slowlogin></a>Why do I get a "Stop running this script?" alert during login?

From 24617e1d1a7d4f2d6bb62e464d4294f2993ae25a Mon Sep 17 00:00:00 2001
From: Self-Evident <selfevidenttruths@mail.com>
Date: Thu, 9 Jun 2016 23:09:00 -0400
Subject: [PATCH 201/228] Version 3.5.18 Renamed a few global configurable
 variables in a more consistant manor with the rest. $EXLUDED_FILES now
 ignores folders, as it doesn't make sense or work well overall otherwise. On
 index page, Enter can be used to select/deselect checkboxes. on_Tab_down():
 removed superfluous returns. Improved Up/Down arrow key use: "cursor" (ie:
 focus), can now nav up & down [Move][Copy][Del][x] Changed PU & PD key
 responses to include [Logo] & [Admin] instead of skipping them. Fixed minor
 bug where PU (or was it PD?) got "stuck" when in an empty folder and on the
 "../" row, Check if (FR == FROWS) before if (FR == 0), so AD still passes
 thru [Admin] And some css: #del_backup Fixed minor typo in
 $_['edit_caution_02']: "...OneFileCM.'; => "...OneFileCMS.';

---
 info/changelog.markdown          |   8 +-
 languages/OneFileCMS.LANG.EN.php |  10 +-
 onefilecms.php                   | 325 ++++++++++++++++++-------------
 readme.markdown                  |  16 +-
 4 files changed, 208 insertions(+), 151 deletions(-)
 mode change 100755 => 100644 info/changelog.markdown

diff --git a/info/changelog.markdown b/info/changelog.markdown
old mode 100755
new mode 100644
index 8239f4a..28ee025
--- a/info/changelog.markdown
+++ b/info/changelog.markdown
@@ -1,12 +1,18 @@
 # OneFileCMS Change Log
 
+### v3.5.18 (2016-06-09)
+
+- And a few more improvements to arrow key handling.
+- A couple minor bug fixes
+- Some code cleanup etc.
+
 ### v3.5.17 (2014-04-20)
 
 - Additional improvments to arrow key handling, particularly in regards to $message box.
 
 ### v3.5.16 (2014-04-04)
 
-- Improved logic for handling Left & Rigth arrow keys in Index_Page_events()
+- Improved logic for handling Left & Rigth arrow keys in Index\_Page\_events()
 - Left some //##### comments in as reminders for potential improvements.
 
 ### v3.5.15 (2014-04-03)
diff --git a/languages/OneFileCMS.LANG.EN.php b/languages/OneFileCMS.LANG.EN.php
index ed296e9..2efb8ef 100755
--- a/languages/OneFileCMS.LANG.EN.php
+++ b/languages/OneFileCMS.LANG.EN.php
@@ -1,5 +1,5 @@
 <?php
-// OneFileCMS Language Settings v3.5.11
+// OneFileCMS Language Settings v3.5.18
 
 $_['LANGUAGE'] = 'English';
 $_['LANG'] = 'EN';
@@ -25,7 +25,7 @@
 $_['image_info_font_size']   = '1em';     //show_img_msg_01  &  _02
 $_['image_info_pos']         = '';        //If 1 or true, moves the info down a line for more space.
 $_['select_all_label_size']  = '.84em';   //Font size of $_['Select_All']
-$_['select_all_label_width'] = '72px';    //Width of space for $_['Select_All'] //Not used as of 3.4.23
+$_['select_all_label_width'] = '72px';    //Width of space for $_['Select_All']
 
 $_['HTML']    = 'HTML';
 $_['WYSIWYG'] = 'WYSIWYG';
@@ -61,7 +61,7 @@
 $_['Rename']   = 'Rename';
 $_['reset']    = 'Reset';
 $_['save_1']   = 'Save';
-$_['save_2']   = 'SAVE CHANGES'; //#### removed '!' in 3.5.07
+$_['save_2']   = 'SAVE CHANGES';
 $_['Size']     = 'Size';
 $_['Source']   = 'Source';
 $_['successful'] = 'successful';
@@ -209,7 +209,7 @@
 $_['OFCMS_requires']  = 'OneFileCMS requires PHP';
 $_['logout_msg']      = 'You have successfully logged out.';
 $_['edit_caution_01'] = 'CAUTION'; //##### No longer used as of 3.5.07
-$_['edit_caution_02'] = 'You are viewing the active copy of OneFileCM.'; //## NT ## changed wording 3.5.07
+$_['edit_caution_02'] = 'You are viewing the active copy of OneFileCMS.'; //## NT ## changed wording 3.5.07
 $_['time_out_txt']    = 'Session time out in:';
 
 $_['error_reporting_01'] = 'Display errors is';
@@ -223,7 +223,7 @@
 $_['admin_txt_01'] = 'A backup file was created in case of an error during a username or password change. Therefore, it may contain old information and should be deleted if not needed. In any case, it will be automatically overwritten on the next password or username change.';
 $_['admin_txt_02'] = 'General Information';
 $_['admin_txt_14'] = 'For a small improvement to security, change the default salt and/or method used by OneFileCMS to hash the password (and keep them secret, of course). Every little bit helps...';
-$_['admin_txt_16'] = 'OneFileCMS can not be used to edit itself directly.  However, you can make a copy & edit it.  Then simply run the copy.'; //## NT ## Changed wording in 3.5.07
+$_['admin_txt_16'] = 'OneFileCMS can not be used to edit itself directly.  However, you can make a copy and edit it.'; //## NT ## Changed wording in 3.5.07
 
 $_['pw_current'] = 'Current Password';
 $_['pw_change']  = 'Change Password';
diff --git a/onefilecms.php b/onefilecms.php
index 6436e39..07864b5 100755
--- a/onefilecms.php
+++ b/onefilecms.php
@@ -2,7 +2,7 @@
 
 // OneFileCMS - github.com/Self-Evident/OneFileCMS
 
-$OFCMS_version = '3.5.17';
+$OFCMS_version = '3.5.18';
 
 
 
@@ -28,7 +28,7 @@
 Except where noted otherwise:
 
 Copyright © 2009-2012 https://github.com/rocktronica
-Copyright © 2012-     https://github.com/Self-Evident  David W. Gay
+Copyright © 2012-     https://github.com/Self-Evident
 
 Under the following terms (an "MIT" License):
 
@@ -56,6 +56,7 @@
 /*******************************************************************************
 A portion of this software is copyright under terms of the "BSD" license (below).
 The copyright holders of that portion are indicated near where that portion is included.
+(Search for references to the BSD license)
 
 Redistribution and use in source and binary forms, with or without
 modification, are permitted provided that the following conditions are met:
@@ -83,8 +84,8 @@
 
 
 
-// USER CONFIGURABLE INFO ******************************************************
-$config_title = "OneFileCMS";
+// CONFIGURABLE OPTIONS ********************************************************
+$MAIN_TITLE = "OneFileCMS";
 
 $USERNAME = "username";
 $HASHWORD = "18350bc2181858e679605434735b1c2db6e7e4bb72b50a6d93d9ad1362f3e1c2";
@@ -93,7 +94,7 @@
 
 $MAX_ATTEMPTS  = 3;    //Max failed login attempts before LOGIN_DELAY starts.
 $LOGIN_DELAY   = 10;   //In seconds.
-$MAX_IDLE_TIME = 600;  //In seconds. 600 = 10 minutes.  Other PHP settings (like gc) may limit its max effective value.
+$MAX_IDLE_TIME = 60000;//600;  //In seconds. 600 = 10 minutes.  Other PHP settings (like gc) may limit its max effective value.
 $TO_WARNING    = 120;  //In seconds. When idle time remaining is less than this value, a TimeOut warning is displayed.
 $LOG_LOGINS    = true; //Keep log of login attempts.
 
@@ -109,21 +110,22 @@
 
 $UPLOAD_FIELDS = 10; //Number of upload fields on Upload File(s) page. Max value is ini_get('max_file_uploads').
 
-$config_favicon   = "favicon.ico"; //Path is relative to root of website.
-$config_excluded  = ""; //files to exclude from directory listings- CaSe sEnsiTive!
+$FAVICON  = "favicon.ico"; //Path is relative to root of website.
 
-$config_etypes = "svg,asp,cfg,conf,csv,css,dtd,htm,html,xhtml,htaccess,ini,js,log,markdown,md,php,pl,txt,text"; //Editable file types.
-$config_stypes = "*"; // Shown types; only files of the given types should show up in the file-listing
-	// Use $config_stypes exactly like $config_etypes (list of extensions separated by commas).
-	// If $config_stypes is set to null - by intention or by error - only folders will be shown.
-	// If $config_stypes is set to the *-wildcard (the default), all files will show up.
-	// If $config_stypes is set to "html,htm" for example, only file with the extension "html" or "htm" will get listed.
+$EXCLUDED_FILES  = ""; //csv list of filenames to exclude from directory listings- CaSe sEnsiTive!
 
-$config_itypes = "jpg,gif,png,bmp,ico"; //image types to display on edit page.
+$EDIT_FILES = "svg,asp,cfg,conf,csv,css,dtd,htm,html,xhtml,htaccess,ini,js,log,markdown,md,php,pl,txt,text"; //Editable file types.
+$SHOW_FILES = "*"; // Shown types; only files of the given types should show up in the file-listing
+	// Use $SHOW_FILES exactly like $EDIT_FILES: a list of extensions separated by commas.
+	// If $SHOW_FILES is set to null - by intention or by error - only folders will be shown.
+	// If $SHOW_FILES is set to the *-wildcard (the default), all files will show up.
+	// If $SHOW_FILES is set to "html,htm" for example, only file with the extension "html" or "htm" will get listed.
+
+$SHOW_IMGS = "jpg,gif,png,bmp,ico"; //image types to display on edit page.
 //File types (extensions).  _ftypes & _fclass must have the same number of values. bin is default.
-$config_ftypes = "bin,z,gz,7z,zip,jpg,gif,png,bmp,ico,svg,asp,cfg,conf,csv,css,dtd,htm,html,xhtml,htaccess,ini,js,log,markdown,md,php,pl,txt,text";
+$FILE_TYPES = "bin,z,gz,7z,zip,jpg,gif,png,bmp,ico,svg,asp,cfg,conf,csv,css,dtd,htm,html,xhtml,htaccess,ini,js,log,markdown,md,php,pl,txt,text";
 //Cooresponding file classes to _ftypes - used to determine icons for directory listing.
-$config_fclass = "bin,z,z ,z ,z  ,img,img,img,img,img,svg,txt,txt,cfg ,txt,css,txt,htm,htm ,htm  ,txt     ,txt,txt,txt,txt   ,txt,php,php,txt,txt";
+$FILE_CLASSES = "bin,z,z ,z ,z  ,img,img,img,img,img,svg,txt,txt,cfg ,txt,css,txt,htm,htm ,htm  ,txt     ,txt,txt,txt,txt   ,txt,php,php,txt,txt";
 
 $EX = '<b>( ! )</b> '; //EXclaimation point "icon" Used in $message's
 
@@ -159,17 +161,17 @@
 //See the sample file in the OneFileCMS github repo for format example.
 //$CONFIG_FILE = 'OneFileCMS.config.SAMPLE.php';
 
-//end CONFIGURABLE INFO ********************************************************
+//end CONFIGURABLE OPTIoNS *****************************************************
 
 
 
 
 function System_Setup() {//*****************************************************
 
-global $config_title, $_, $MAX_IDLE_TIME, $LOGIN_ATTEMPTS, $LOGIN_DELAYED, 
-	$MAIN_WIDTH, $WIDE_VIEW_WIDTH, $MAX_EDIT_SIZE, $MAX_VIEW_SIZE, $config_excluded, 
-	$config_etypes, $config_stypes,$config_itypes, $config_ftypes, $config_fclass, 
-	$SHOWALLFILES, $etypes, $itypes, $ftypes, $fclasses, $excluded_list, 
+global $_, $MAX_IDLE_TIME, $LOGIN_ATTEMPTS, $LOGIN_DELAYED, 
+	$MAIN_WIDTH, $WIDE_VIEW_WIDTH, $MAX_EDIT_SIZE, $MAX_VIEW_SIZE, $EXCLUDED_FILES, 
+	$EDIT_FILES, $SHOW_FILES, $SHOW_IMGS, $FILE_TYPES, $FILE_CLASSES, 
+	$SHOWALLFILES, $etypes, $stypes, $itypes, $ftypes, $fclasses, $excluded_list, 
 	$LANGUAGE_FILE, $ACCESS_ROOT, $ACCESS_ROOT_len, $WYSIWYG_PLUGIN, $WYSIWYG_VALID, $WYSIWYG_PLUGIN_OS, 
 	$INVALID_CHARS, $WHSPC_SLASH, $VALID_PAGES, $LOGIN_LOG_url, $LOGIN_LOG_file,
 	$ONESCRIPT,  $ONESCRIPT_file, $ONESCRIPT_backup, $ONESCRIPT_file_backup, 
@@ -276,16 +278,16 @@ function System_Setup() {//*****************************************************
 
 $VALID_PAGES = array("login","logout","admin","hash","changepw","changeun","index","edit","upload","uploaded","newfile","renamefile","copyfile","deletefile","deletefolder","newfolder","renamefolder","copyfolder","mcdaction", "phpinfo", "raw_view");
 
-//Make arrays out of a few $config_variables for actual use later.
+//Make arrays out of a few config variables for actual use later.
 //First, remove spaces and make lowercase (for *types).
 $SHOWALLFILES = $stypes = false;
-  if ($config_stypes == '*') { $SHOWALLFILES = true; }
-  else { $stypes   = explode(',', mb_strtolower(str_replace(' ', '', $config_stypes))); }//shown file types
-$etypes   = explode(',', mb_strtolower(str_replace(' ', '', $config_etypes))); //editable file types
-$itypes   = explode(',', mb_strtolower(str_replace(' ', '', $config_itypes))); //images types to display
-$ftypes   = explode(',', mb_strtolower(str_replace(' ', '', $config_ftypes))); //file types with icons
-$fclasses = explode(',', mb_strtolower(str_replace(' ', '', $config_fclass))); //for file types with icons
-$excluded_list = explode(',', str_replace(' ', '', $config_excluded));
+  if ($SHOW_FILES == '*') { $SHOWALLFILES = true; }
+  else { $stypes   = explode(',', mb_strtolower(str_replace(' ', '', $SHOW_FILES))); }//shown file types
+$etypes   = explode(',', mb_strtolower(str_replace(' ', '', $EDIT_FILES)));   //editable file types
+$itypes   = explode(',', mb_strtolower(str_replace(' ', '', $SHOW_IMGS)));    //images types to display
+$ftypes   = explode(',', mb_strtolower(str_replace(' ', '', $FILE_TYPES)));   //file types with icons
+$fclasses = explode(',', mb_strtolower(str_replace(' ', '', $FILE_CLASSES))); //for file types with icons
+$excluded_list = explode(',', str_replace(' ', '', $EXCLUDED_FILES));
 
 
 //A few variables for values that were otherwise hardcoded in js. 
@@ -294,7 +296,7 @@ function System_Setup() {//*****************************************************
 $DELAY_Sort_and_Show_msgs = 20; //Needed so "Working..." message shows during directory sorts. Mostly for Firefox.
 $DELAY_Start_Countdown	  = 25; //Needs to be > than $Sort_and_Show_msgs. Used in Timeout_Timer().
 $DELAY_final_messages	  = 25; //Needs to be > than $Sort_and_Show_msgs. Delays final Display_Messages().
-$DELAY_Expired_Reload  = 10000; //Delay from Session Expired to page load of login screen. Ten seconds, but can be less.
+$DELAY_Expired_Reload  = 10000; //Delay from Session Expired to page load of login screen. Ten seconds, but can be less/more.
 $MIN_DIR_ITEMS			  = 25; //Minimum number of directory items before "Working..." message is needed/displayed.
 
 
@@ -310,7 +312,7 @@ function System_Setup() {//*****************************************************
 
 function Default_Language() { // ***********************************************
 	global $_;
-// OneFileCMS Language Settings v3.5.17
+// OneFileCMS Language Settings v3.5.18
 
 $_['LANGUAGE'] = 'English';
 $_['LANG'] = 'EN';
@@ -322,7 +324,7 @@ function Default_Language() { // ***********************************************
 // Remember to slash-escape any single quotes that may be within the text:  \'
 // The back-slash itself may or may not also need to be escaped:  \\
 //
-// If present as a trailing comment, "## NT ##" means 'Need Translation'.
+// If present as a trailing comment, "## NT ##" means 'Needs Translation'.
 //
 // These first few settings control a few font and layout settings.
 // In some instances, some langauges may use significantly longer words or phrases than others.
@@ -503,7 +505,7 @@ function Default_Language() { // ***********************************************
 $_['OFCMS_requires']  = 'OneFileCMS requires PHP';
 $_['logout_msg']      = 'You have successfully logged out.';
 $_['edit_caution_01'] = 'CAUTION'; //##### No longer used as of 3.5.07
-$_['edit_caution_02'] = 'You are viewing the active copy of OneFileCM.'; //## NT ## changed wording 3.5.07
+$_['edit_caution_02'] = 'You are viewing the active copy of OneFileCMS.'; //## NT ## changed wording 3.5.07
 $_['time_out_txt']    = 'Session time out in:';
 $_['error_reporting_01'] = 'Display errors is';
 $_['error_reporting_02'] = 'Log errors is';
@@ -515,7 +517,7 @@ function Default_Language() { // ***********************************************
 $_['admin_txt_01'] = 'A backup file was created in case of an error during a username or password change. Therefore, it may contain old information and should be deleted if not needed. In any case, it will be automatically overwritten on the next password or username change.';
 $_['admin_txt_02'] = 'General Information';
 $_['admin_txt_14'] = 'For a small improvement to security, change the default salt and/or method used by OneFileCMS to hash the password (and keep them secret, of course). Every little bit helps...';
-$_['admin_txt_16'] = 'OneFileCMS can not be used to edit itself directly.  However, you can make a copy & edit it.  Then simply run the copy.'; //## NT ## Changed wording in 3.5.07
+$_['admin_txt_16'] = 'OneFileCMS can not be used to edit itself directly.  However, you can make a copy and edit it.'; //## NT ## Changed wording in 3.5.07
 $_['pw_current'] = 'Current Password';
 $_['pw_change']  = 'Change Password';
 $_['pw_new']     = 'New Password';
@@ -555,7 +557,7 @@ function validate_units($cssvalue) {//******************************************
 		$cssvalue = ($cssvalue * 1).'px';   //If not, assume px.
 	}
 	return $cssvalue;
-}//end valid_units() //*********************************************************
+}//end validate_units() //******************************************************
 
 
 
@@ -649,8 +651,8 @@ function hashit($key,$pre = false) {//******************************************
 	global $SALT, $PRE_ITERATIONS;
 	$hash = trim($key); // trim off leading & trailing whitespace.
 
-	//If generating a hash from the Hash_Page(), also do the "pre-hash".  Generally,
-	//the "pre-hash" is done client-side during a login attempt, or when changing p/w or u/n.
+	//Generally, the "pre-hash" is done client-side during a login attempt, or when changing p/w or u/n.
+	//However, if generating a hash from the Hash_Page(), do the "pre-hash" now.
 	if ($pre) { for ( $x=0; $x < $PRE_ITERATIONS; $x++ ) {$hash = hash('sha256', $hash.$SALT);}  }
 
 	for ( $x=0; $x < 10001; $x++ ) { $hash = hash('sha256', $hash.$SALT); }
@@ -914,6 +916,7 @@ function Verify_Page_Conditions() {//*******************************************
 	
 	//[View Raw] file contents in a browser window (in plain text, NOT HTML).
 	if ($page == "raw_view"){
+		ob_start();
 		$raw_contents = file_get_contents($filename_OS);
 		$file_ENC = mb_detect_encoding($raw_contents); //ASCII, UTF-8, etc...
 		header('Content-type: text/plain; charset=utf-8');
@@ -1013,7 +1016,7 @@ function Sort_Seperate($path, $full_list) {//***********************************
 	$files= array();
 	$folders= array();
 	$F=1; $D=1;  //indexes
-	foreach( $full_list as $item ) {
+	foreach ( $full_list as $item ) {
 		if ( ($item == '.') || ($item == '..') || ($item == "")){ continue; }
 		$fullpath_OS = Convert_encoding($path.$item);
 		if (is_dir($fullpath_OS)) { $folders[$D++] = $item; }
@@ -1107,7 +1110,7 @@ function rCopy( $old_path, $new_path ) {//**************************************
 		$error_code = (mkdir($new_path, 0755)*1);
 		
 		if ( sizeof($dir_list) > 0 ) {
-			foreach( $dir_list as $file ) {
+			foreach ( $dir_list as $file ) {
 				if ( $file == "." || $file == ".." ) { continue; }
 				
 				$error_code += rCopy( $old_path.'/'.$file, $new_path.'/'.$file);
@@ -1195,24 +1198,24 @@ function Current_Path_Header() {//**********************************************
 
 
 function Page_Header() {//******************************************************
-	global  $_, $DOC_ROOT, $ONESCRIPT, $page, $WEBSITE, $config_title, $OFCMS_version, $config_favicon, $TABINDEX, $message;
+	global  $_, $DOC_ROOT, $ONESCRIPT, $page, $WEBSITE, $MAIN_TITLE, $OFCMS_version, $FAVICON, $TABINDEX, $message;
 
 	$TABINDEX = 1; //Initial tabindex
 
-	$favicon = '';
-	if (file_exists($DOC_ROOT.trim($config_favicon,'/'))) {
-		$favicon =  '<img src="/'.URLencode_path($config_favicon).'" alt="">';
+	$favicon_img = '';
+	if (file_exists($DOC_ROOT.trim($FAVICON,'/'))) {
+		$favicon_img =  '<img src="/'.URLencode_path($FAVICON).'" alt="">';
 	}
 
 	echo '<div id="header">';
-		echo '<a href="'.$ONESCRIPT.'" id="logo" tabindex='.$TABINDEX++.'>'.$config_title.'</a> '.$OFCMS_version.' ';
+		echo '<a href="'.$ONESCRIPT.'" id="logo" tabindex='.$TABINDEX++.'>'.hsc($MAIN_TITLE).'</a> '.$OFCMS_version.' ';
 		
 		$on_php = '('.hsc($_['on']).'&nbsp;php&nbsp;'.phpversion().')';
 		if ($_SESSION["valid"]) { $on_php = '<a id=on_php tabindex='.$TABINDEX++.' href="'.$ONESCRIPT.'?p=phpinfo'.'" target=_blank>'.$on_php.'</a>';}
 		echo $on_php;
 		
 		echo '<div class="nav">';
-			echo '<b><a id=website href="/" tabindex='.$TABINDEX++.' target="_blank">'.$favicon.' '.hsc($WEBSITE).'</a></b>';
+			echo '<b><a id=website href="/" tabindex='.$TABINDEX++.' target="_blank">'.$favicon_img.' '.hsc($WEBSITE).'</a></b>';
 			if ($page != "login") {	echo ' | <a id=logout tabindex='.$TABINDEX++.' href="'.$ONESCRIPT.'?p=logout">'.hsc($_['Log_Out']).'</a>'; }
 		echo '</div><div class=clear></div>';
 	echo '</div>';//<!-- end header -->
@@ -1283,8 +1286,9 @@ function Init_Macros() {//**** ($varibale="some reusable chunk of code")********
 	$INPUT_NUONCE = '<input type="hidden" name="nuonce" value="'.$_SESSION['nuonce'].'">'."\n";
 	$FORM_COMMON = '<form method="post" action="'.$ONESCRIPT.$param1.$param2.'">'.$INPUT_NUONCE."\n";
 
-	$PWUN_RULES  = '<p>'.hsc($_['pw_txt_02']).'<ol><li>'.hsc($_['pw_txt_04']).'<li>'.hsc($_['pw_txt_06']);
-	$PWUN_RULES .= '<li>'.hsc($_['pw_txt_10']).'<li>'.hsc($_['pw_txt_08']).'</ol>';
+	$PWUN_RULES  = '<p>'.hsc($_['pw_txt_02']);
+	$PWUN_RULES	.= '<ol><li>'.hsc($_['pw_txt_04']).'<li>'.hsc($_['pw_txt_06']);
+	$PWUN_RULES .=     '<li>'.hsc($_['pw_txt_10']).'<li>'.hsc($_['pw_txt_08']).'</ol>';
 }//end Init_Macros() //*********************************************************
 
 
@@ -1448,7 +1452,7 @@ function List_Backups_and_Logs() {//********************************************
 
 
 function Admin_Page() {//*******************************************************
-	global $_, $ONESCRIPT, $ipath, $filename, $param1, $param2, $config_title;
+	global $_, $ONESCRIPT, $ipath, $filename, $param1, $param2, $MAIN_TITLE;
 
 	// Restore/Preserve $ipath prior to admin page in case OneFileCMS is edited (which would change $ipath).
 	if   ( $_SESSION['admin_page'] ) { $ipath  = $_SESSION['admin_ipath'];
@@ -1470,7 +1474,7 @@ function Admin_Page() {//*******************************************************
 	echo $button_attribs.$param1.'&amp;p=changepw\'">'.hsc($_['pw_change']).'</button>'; 
 	echo $button_attribs.$param1.'&amp;p=changeun\'">'.hsc($_['un_change']).'</button>'; 
 	echo $button_attribs.$param1.'&amp;p=hash\'">'.hsc($_['Generate_Hash']).'</button>'; 
-	echo $button_attribs.$edit_params.'\'">'.hsc($_['View'].' '.$config_title).'</button>';
+	echo $button_attribs.$edit_params.'\'">'.hsc($_['View'].' '.$MAIN_TITLE).'</button>';
 	echo '</span>';
 
 	echo '<div class="info">';
@@ -1541,7 +1545,7 @@ function Hash_response() {//****************************************************
 //******************************************************************************
 function Change_PWUN_Page($pwun, $type, $page_title, $label_new, $label_confirm) {
 	//$pwun must = "pw" or "un"
-	global $_, $EX, $ONESCRIPT, $param1, $param2, $param3, $INPUT_NUONCE, $config_title, $PWUN_RULES;
+	global $_, $EX, $ONESCRIPT, $param1, $param2, $param3, $INPUT_NUONCE, $PWUN_RULES;
 
 	$params = $param1.$param2.'&amp;p='. $_SESSION['recent_pages'][1];
 ?>
@@ -1838,10 +1842,10 @@ function Create_Table_for_Listing() {//*****************************************
 		<td colspan=4></td>
 		<td>
 <?php		if ($ipath == $ACCESS_ROOT) {
-				echo '<a id=f0 tabindex='.$TABINDEX++.'>&nbsp;</a>';
+				echo '<a id=f0c4 tabindex='.$TABINDEX++.'>&nbsp;</a>';
 			}
 			else {
-				echo '<a id=f0 tabindex='.$TABINDEX++.' href="'.$ONEFILECMS.'?i='.$new_path.'"> <b>..</b> /</a>'; //#### '.$ICONS['up_dir'].'
+				echo '<a id=f0c4 tabindex='.$TABINDEX++.' href="'.$ONEFILECMS.'?i='.$new_path.'">'.$ICONS['up_dir'].' <b>..</b> /</a>'; //#### '.$ICONS['up_dir'].'
 			}
 ?>		</td>
 		<td></td>
@@ -1850,7 +1854,7 @@ function Create_Table_for_Listing() {//*****************************************
 
 	<?php //Directory & footer content will be inserted later. ?>
 	<tbody id=DIRECTORY_LISTING></tbody>
-	<tr><td id=DIRECTORY_FOOTER colspan=7></td</tr>
+	<tr><td id=DIRECTORY_FOOTER colspan=7></td></tr>
 	</table>
 <?php
 }//Create_Table_for_Listing() //************************************************
@@ -1864,7 +1868,7 @@ function Get_DIRECTORY_DATA($raw_list) {//**************************************
 			$DIRECTORY_COUNT, $DIRECTORY_DATA, $ENC_OS;
 
 	//Doesn't use global $filename or $filename_OS in this function (because they shouldn't exist on the Index page)
-	//$filename below is JUST the file's name.  In some functions, it's the full/path/filename
+	//$filename below is JUST the file's name.  In other functions, it's the full/path/filename
 
 	$DIRECTORY_COUNT = 0; //final count to exclude . & .., and possibly $excluded file names
 	foreach ($raw_list as $raw_filename) { //$raw_list is in server's File System encoding
@@ -1887,9 +1891,11 @@ function Get_DIRECTORY_DATA($raw_list) {//**************************************
 		} else { $ext = end($filename_parts); }
 		
 		//Check $filename & $ext against white & black lists. If not to be shown, get next $filename...
-		if ($SHOWALLFILES || in_array($ext, $stypes)) { $SHOWTYPE = TRUE; } else { $SHOWTYPE = FALSE; }
-		if (in_array($filename, $excluded_list)) {$excluded = TRUE;} else {$excluded = FALSE;}
-		if ( !$SHOWTYPE || $excluded ) { continue; }
+		if (!is_dir($filename_OS)) {
+			if ($SHOWALLFILES || in_array($ext, $stypes)) { $SHOWTYPE = TRUE; } else { $SHOWTYPE = FALSE; }
+			if (in_array($filename, $excluded_list)) 	  { $excluded = TRUE; } else { $excluded = FALSE; }
+			if ( !$SHOWTYPE || in_array($filename, $excluded_list) ) { continue; }
+		}
 			
 		//Used to hide rename & delete options for active copy of OneFileCMS.
 		$IS_OFCMS = 0;
@@ -1897,7 +1903,7 @@ function Get_DIRECTORY_DATA($raw_list) {//**************************************
 		
 		//Set icon type based on if dir, or file type ($ext).
 		if (is_dir($filename_OS)) { $type = 'dir'; }
-		else {						$type = $fclasses[array_search($ext, $ftypes)]; }
+		else					  { $type = $fclasses[array_search($ext, $ftypes)]; }
 		
 		//Determine icon to show
 		if (in_array($type,$fclasses)) { $icon = $ICONS[$type];}
@@ -2634,7 +2640,7 @@ function MCD_Page($action, $page_title, $classes = '') {//**********************
 		
 		echo '<table class="verify '.$classes.'">';
 		echo '<tr><th>'.hsc($_['Selected_Files']).':</th></tr>'."\n";
-		foreach($full_list as $file) {
+		foreach ($full_list as $file) {
 			$file_OS = Convert_encoding($file);
 			if (is_dir($ipath_OS.$file_OS)) { echo '<tr><td>'.$ICONS['folder'].'&nbsp;'.hsc($file).' /</td></tr>'; }
 			else                            { echo '<tr><td>'                          .hsc($file).'</td></tr>'; }
@@ -2995,7 +3001,7 @@ function Display_Messages($msg, take_focus) {//***********************
 	var $page     = '<?php echo $page ?>';
 	var new_focus = '';
 	
-	take_focus = typeof new_focus == 'undefined' ? 0 : take_focus ;//default is X_box doesn't take focus()
+	take_focus = typeof new_focus == 'undefined' ? 0 : take_focus ;  //default is X_box doesn't take focus()
 
 	if      ($page == 'index') { new_focus = 'header_filename'; }
 	else if ($page == 'edit')  { new_focus = 'close1'; }
@@ -3003,7 +3009,7 @@ function Display_Messages($msg, take_focus) {//***********************
 	else if ($page == 'hash')  { new_focus = 'whattohash'; }
 	else if ($page == 'admin') { new_focus = 'close'; }
 
-	var $X_box		 = '<button tabindex=' + $tabindex_xbox + ' type=button id="X_box">x</button>';
+	var $X_box		 = '<button tabindex=' + $tabindex_xbox + ' type=button id=X_box>x</button>';
 	var $MESSAGE	 = '<div class=message_box_contents>' + $msg + '</div>';
 	var $message_box = document.getElementById("message_box");
 	var $new_focus	 = document.getElementById(new_focus)
@@ -3076,83 +3082,88 @@ function on_Tab_down(ID, FR,shifted) { //*****************************
 	//So, if current focus is ck_box, clear bg, else if we're heading there, set bg.
 	//Tab from L, Current ID will be "f<FR>c2"
 	//Tab from R: Current ID is "f<FR>"
-	var fFR   = "f" + FR        //Filename
+	var fFR   = "f" + FR + "c4" //Filename
 	var ckbox = "f" + FR + "c3" //[ ] Checkbox
 	var del   = "f" + FR + "c2" //(x) Delete
 
 	var ck_box = document.getElementById(ckbox);
-	var highlight = "rgb(255,250,150)";
+	var highlight1 = "rgb(255,250,150)";
+	var highlight2 = "rgb(255,240,140)";
 
 	if      (!shifted)  { //just Tab
 		if      (ID == ckbox) { ck_box.parentNode.style.backgroundColor = "";}
-		else if (ID == del  ) { ck_box.parentNode.style.backgroundColor = highlight; }
+		else if (ID == del  ) { ck_box.parentNode.style.backgroundColor = highlight2; }
 		else if (ID == "b6" ) { //[New Folder]
-			document.getElementById('select_all_ckbox').parentNode.style.backgroundColor = highlight;
-			document.getElementById('select_all_label').style.backgroundColor = highlight;
+			document.getElementById('select_all_ckbox').parentNode.style.backgroundColor = highlight1;
+			document.getElementById('select_all_label').style.backgroundColor = highlight1;
 		}
 		else if (ID == "select_all_ckbox" ) {
 			document.getElementById('select_all_label').style.backgroundColor = "";
-			document.getElementById('folders_first_ckbox').parentNode.style.backgroundColor = highlight;
-			document.getElementById('folders_first_label').style.backgroundColor = highlight;
+			document.getElementById('folders_first_ckbox').parentNode.style.backgroundColor = highlight1;
+			document.getElementById('folders_first_label').style.backgroundColor = highlight1;
 		}
-		return;
 	}
 	else if (shifted)  { //Shift-Tab
 		if       (ID == ckbox){ ck_box.parentNode.style.backgroundColor = "";}
-		else if ((ID == fFR) && (FR > 0) ) { ck_box.parentNode.style.backgroundColor = highlight; }
+		else if ((ID == fFR) && (FR > 0) ) { ck_box.parentNode.style.backgroundColor = highlight2; }
 		else if  (ID == "header_filename")  {
-			document.getElementById('folders_first_ckbox').parentNode.style.backgroundColor = highlight;
-			document.getElementById('folders_first_label').style.backgroundColor = highlight;
+			document.getElementById('folders_first_ckbox').parentNode.style.backgroundColor = highlight1;
+			document.getElementById('folders_first_label').style.backgroundColor = highlight1;
 		}
 		else if (ID == "folders_first_ckbox") {
 			document.getElementById('folders_first_label').style.backgroundColor = "";
-			document.getElementById('select_all_ckbox').parentNode.style.backgroundColor = highlight;
-			document.getElementById('select_all_label').style.backgroundColor = highlight;
+			document.getElementById('select_all_ckbox').parentNode.style.backgroundColor = highlight1;
+			document.getElementById('select_all_label').style.backgroundColor = highlight1;
 		}
-		return;
 	}
-
 }//end on_Tab_down() { //*********************************************
 
 
 
+
 document.onkeydown = function(event) { //*****************************
 	//Control cursor keys to navigate index page. (Arrows, Page, Home, End)
 
 	var jump = <?php echo $PAGEUPDOWN ?>;//# of rows to jump with Page Up/Page Down.
-	var highlight = "rgb(255,250,150)";
+	var highlight1 = "rgb(255,250,150)";
+	var highlight2 = "rgb(255,240,140)";
 	
 	//Get key pressed...
 	if (!event) {var event = window.event;} //for IE
 	var key = event.keyCode;
 
 	//Assign a few handy "constants": Arrow U/D/L/R, Page Up/Down, etc... 
-	var AU = 38, AD = 40, AL = 37, AR = 39, PU = 33, PD = 34; END = 35, HOME = 36, ESC = 27, TAB = 9;
+	var AU = 38, AD = 40, AL = 37, AR = 39, PU = 33, PD = 34; END = 35, HOME = 36, ESC = 27, TAB = 9, ENTER = 13;
 	
 	//Ignore any other key presses...
 	if ((key != AU) && (key != AD) && (key != AL) && (key != AR) && (key != PU) && (key != PD) && 
-		(key != HOME) && (key != END) && (key != ESC) && (key != TAB)) { return }
+		(key != HOME) && (key != END) && (key != ESC) && (key != TAB) && (key != ENTER)) { return }
 
 	//File Rows. For these events, "../" is 0, and files are indexed 1 to DIRECTORY_ITEMS.
 	var FROWS     = DIRECTORY_ITEMS;
-	var LAST_FILE = "f" + FROWS;
+	var LAST_FILE = "f" + FROWS + "c4";
 
 	//Get id of current focus (before this event). If focus is in file list, ID = 'fn', or 'fnn', etc.
 	var ID      = document.activeElement.id;
 	var x_focus = ID.substr(0,1);
 
-	//(F)ile (R)ow = 0,1, ... FROWS
-	var FR = parseInt(ID.substr(1));
-	if (isNaN(FR) || (x_focus != "f")) {FR = -1;} //If not in file list...
+	//When ID=f00c0 (zeros mean any digit)
+	//FR: Digits after "f" are the (F)ile (R)ow    (0,1, ... FROWS)
+	//FC: Digit  after 'c' is  the (F)ile (C)olumn (0=move, 1=copy, 2=del, 3=ckbox)
+	var FR = parseInt(ID.substr(1));      if (isNaN(FR) || (x_focus != "f")) {FR = -1;} //If not in file list...
+	var FC = parseInt(ID.split('c')[1]);  if (isNaN(FC)) {FC = -1;}
 
-	//If current ID/element is checkbox, clear bgcolor of parent div (ckboxes don't have background colors).
-	var is_ckbox = (document.activeElement.type == "checkbox");
-	if (is_ckbox) {document.getElementById(ID).parentNode.style.backgroundColor = ""; }
+	if(key != ENTER) { //(ignore if ENTER since focus doesn't change.)
+		
+		//If current ID/element is checkbox, clear bgcolor of parent div (ckboxes don't have background colors).
+		var is_ckbox = (document.activeElement.type == "checkbox");
+		if (is_ckbox) {document.getElementById(ID).parentNode.style.backgroundColor = ""; }
+		
+		//Always clear these labels (simply losing focus() of their child checkboxes won't).
+		document.getElementById('select_all_label').style.backgroundColor = "";
+		document.getElementById('folders_first_label').style.backgroundColor = "";
+	}
 
-	//Always clear these labels (simply losing focus() of their child checkboxes won't).
-	document.getElementById('select_all_label').style.backgroundColor = "";
-	document.getElementById('folders_first_label').style.backgroundColor = "";
-	
 	//If no files in current folder, [Move][Copy][Delete] won't exist (id's b1 b2 b3). Use [New Folder] (id="b4").
 	if (document.getElementById("b2")) {var button_row = "b2"} else {var button_row = "b4"}
 
@@ -3175,28 +3186,49 @@ function on_Tab_down(ID, FR,shifted) { //*****************************
 		
 		//Create array of the ID's of all tags with a tabindex. (All tabable elements should have a tabindex set.)
 		for (var x = 0; x < tag_count; x++) {
-			ti = all_tags[x].tabIndex;
+			var ti = all_tags[x].tabIndex;
 			if (ti > 0) { tabindex_IDs[ti] = all_tags[x].id; }
 		}
 	}
 
-	//PROCESS THE KEYDOWN EVENT... In general:
+	//PROCESS THE KEYDOWN EVENT... /////////////////////////////////////////////
+	//In general:
+	//  ENTER - enabled to check/unckeck checkboxes, and respond as needed.
 	//  Tab- handle checkbox's (parent <div>'s & <label>'s), otherwise allow default action.
 	//  Esc simply removes focus from active element.
-	//	Home toggles between [webroot]/current/path/ and [../] (first file is list)
+	//	Home toggles between [webroot]/current/path/ and [../] (first file in list)
 	//	End goes only to last file in list.
 	//	Arrow Up/Down will loop from (top to bottom)/(bottom to top) of page (no hard stops).
 	//  Page Up/Down will likewise loop thru page, with soft-stops at first/last filenames.
 	//  Arrow Left/Right will function similarly to Tab/Shift-Tab, but hard stop at first/last link on page.
 
-	if      (key == TAB)  { on_Tab_down(ID, FR, event.shiftKey); return; }
+	if (key == ENTER) {	
+		
+		if (ID == "select_all_ckbox") {
+			document.mcdselect.select_all.checked = !document.mcdselect.select_all.checked
+			Select_All();
+		}
+		else if (ID == "folders_first_ckbox") {
+			document.mcdselect.folders_first_ckbox.checked = !document.mcdselect.folders_first_ckbox.checked;
+			Sort_and_Show(SORT_by, SORT_order);
+		}
+		else if (FC == 3) {  //Is focus on a checkbox next to a file name?
+			document.getElementById(ID).checked = !document.getElementById(ID).checked;
+		}
+		
+		return;
+	}
+	else if (key == TAB)  {
+		on_Tab_down(ID, FR, event.shiftKey);
+		return;
+	}
 	else if (key == ESC)  { document.activeElement.blur();    return; }
-	else if (key == END)  { if (ID != LAST_FILE) {ID = LAST_FILE} else {return} }
+	else if (key == END)  { if (ID != LAST_FILE) {ID = LAST_FILE;} else {return} }
 	else if (key == HOME) {
-		if      (ID == "f0")     {ID = "path_0"}
-		else if (ID == "path_0") {ID = "f0"}
-		else if (FR  > 0)        {ID = "f0";}
-		else					 {ID = "path_0"}
+		if      (FR == 0)        {ID = "path_0";}
+		else if (ID == "path_0") {ID = "f0c4";}
+		else if (FR  > 0)        {ID = "f0c4";}
+		else					 {ID = "path_0";}
 	}
 	else if (key == AL) {
 		//Find first tab-able element to the left (usually just (focus_tabindex - 1))
@@ -3213,45 +3245,62 @@ function on_Tab_down(ID, FR,shifted) { //*****************************
 	else if (ID == "admin") {
 		if      (key == AU) {ID = LAST_FILE}
 		else if (key == PU) {ID = LAST_FILE}
+		else if (key == AD) {ID = "logo"}
+		else if (key == PD) {ID = "logo"}
+	}
+	else if ((ID == "logo")|| (ID == "on_php") || (ID == "website") || (ID == "logout")) {
+		if      (key == AU) {ID = "admin"}
+		else if (key == PU) {ID = "admin"}
 		else if (key == AD) {ID = "path_0"}
-		else if (key == PD) {ID = "path_0"}
+		else if (key == PD) {ID = "f0c4"}
+	}
+	else if (ID == "X_box") {
+		if      (key == AU)   {ID = "path_0"}
+		else if (key == PU)   {ID = "logo"}
+		else if (key == AD)   {ID = button_row}
+		else if (key == PD)   {ID = "f0c4"}
 	}
 	else if (x_focus == 'p') { //In path_header: webroot/current/path/
-		if      (key == AU)   {ID = LAST_FILE}
-		else if (key == PU)   {ID = LAST_FILE}
+		if      (key == AU)   {ID = "logo"}
+		else if (key == PU)   {ID = "logo"}
 		else if (key == AD)   {ID = button_row}
-		else if (key == PD)   {ID = "f0"}
+		else if (key == PD)   {ID = "f0c4"}
 	}
 	else if (x_focus == "b") { //[Move][Copy][Delete]  [New Folder][New File][Upload File]
 		if 		(key == AU) {ID = "path_0"		   }
 		else if (key == PU) {ID = "path_0"		   }
 		else if (key == AD) {ID = "header_filename"}
-		else if (key == PD) {ID = "f0"			   }
+		else if (key == PD) {ID = "f0c4"		   }
 	}
 	else if (focus_header) { //Table header row
 		if      (key == AU) {ID = button_row}
 		else if (key == PU) {ID = "path_0"}
-		else if	(key == AD) {ID = "f0"}
-		else if	(key == PD) {FR += jump; if (FR < FROWS) {ID = "f" + FR} else {ID = LAST_FILE}}
+		else if	(key == AD) {ID = "f0c4"}
+		else if	(key == PD) {FR += jump; if (FR < FROWS) {ID = "f" + FR + "c4"} else {ID = LAST_FILE}}
 	}
-	else if ((FROWS == 0) && (key == PD) && (ID == 'f0')) {ID = "path_0"} //no files, only "../"
-	else if (FR == 0) { //First row
+	else if ((FR == 0) && (FROWS == 0)) { //empty folder
 		if		(key == AU) {ID = "header_filename"}
 		else if	(key == PU) {ID = "path_0"}
-		else if (key == AD) {FR++      ; if (FR <= FROWS) {ID = "f" + FR} else {ID = "path_0";}  }
-		else if (key == PD) {FR += jump; if (FR <= FROWS) {ID = "f" + FR} else {ID = LAST_FILE;} }
+		else if (key == AD) {ID = "admin";}
+		else if (key == PD) {ID = "admin";}
 	}
-	else if (FR == FROWS) { //Last row
-		if		(key == AU) { FR--      ; if (FR >= 0) {ID = "f" + FR} else {ID = "header_filename" } }
-		else if	(key == PU) { FR -= jump; if (FR >= 0) {ID = "f" + FR} else {ID = "f0"} }
-		else if (key == AD) { ID = "path_0" }
-		else if (key == PD) { ID = "path_0" }
+	else if (FR == FROWS) { //Last row (FROWS is the number of files listed)
+		if		(key == AU) { FR--      ; if (FR >= 0) {ID = "f" + FR + "c" + FC} else {ID = "header_filename" } }
+		else if	(key == PU) { FR -= jump; if (FR >= 0) {ID = "f" + FR + "c" + FC} else {ID = "f0c4"} }
+		else if (key == AD) { ID = "admin" }
+		else if (key == PD) { ID = "admin" }
+	}
+	else if (FR == 0) { //FR (File Row) is in the first row of files
+		if		(key == AU) {ID = "header_filename"}
+		else if	(key == PU) {ID = "path_0"}
+		else if (key == AD) {FR++      ; if (FR <= FROWS) {ID = "f" + FR + "c" + FC} else {ID = "path_0";}  }
+		else if (key == PD) {FR += jump; if (FR <= FROWS) {ID = "f" + FR + "c" + FC} else {ID = LAST_FILE;} }
 	}
 	else if (FR > 0){ //Middle rows...
-		if		(key == AU) { FR--;							ID = "f" + FR						  }
-		else if	(key == PU) { FR -= jump; if (FR >= 0)     {ID = "f" + FR} else {ID = "f0"}	  	  }
-		else if (key == AD) { FR++; 	  if (FR <= FROWS) {ID = "f" + FR} else {ID = "path_0"; } }
-		else if (key == PD) { FR += jump; if (FR <= FROWS) {ID = "f" + FR} else {ID = LAST_FILE;} }
+		if		(key == AU) { FR--      ; if (FR == 0) {FC=4} ID = "f" + FR + "c" + FC;	}
+		else if	(key == PU) { FR -= jump; if (FR >= 0)      { ID = "f" + FR + "c" + FC} else {ID = "f0c4"}	 }
+		else if (key == AD) { FR++; 	  if (FR <= FROWS)  { ID = "f" + FR + "c" + FC} else {ID = "path_0"; } }
+		else if (key == PD) { FR += jump; if (FR <= FROWS)  { ID = "f" + FR + "c" + FC} else {ID = LAST_FILE;} }
 	}
 	else if (FR == -1) {ID = "path_0"}     //Anyplace other than path_header, buttons, table
 	else {
@@ -3265,9 +3314,9 @@ function on_Tab_down(ID, FR,shifted) { //*****************************
 	document.getElementById(ID).focus();
 
 	//If new ID/element is checkbox, set bgcolor of parent div & it's label (ckboxes don't have background colors).
-	if (document.activeElement.type == "checkbox") {document.getElementById(ID).parentNode.style.backgroundColor = highlight;}
-	if (ID == "select_all_ckbox")    {document.getElementById('select_all_label').style.backgroundColor = highlight;}
-	if (ID == "folders_first_ckbox") {document.getElementById('folders_first_label').style.backgroundColor = highlight;}
+	if (document.activeElement.type == "checkbox") {document.getElementById(ID).parentNode.style.backgroundColor = highlight2;}
+	if (ID == "select_all_ckbox")    {document.getElementById('select_all_label').style.backgroundColor = highlight1;}
+	if (ID == "folders_first_ckbox") {document.getElementById('folders_first_label').style.backgroundColor = highlight1;}
 	
 	//Prevent default browser scrolling via arrow & Page keys, so focus()'d element stays visible/in view port.
 	//(A few exceptions skip this via a return in the above  if/else's.)
@@ -3344,7 +3393,7 @@ function sort_DIRECTORY(col, direction) {//***************************
 	//sort DIRECTORY_DATA[] by col and direction
 	
 	//col: 1 for "file name", 2 for filesize, 3 for timestamp, 5 for "ext"
-	//derection: 0 = desending, 1 = ascending, 2 = flip, 3 = flip only if new col != SORT_by
+	//direction: 0 = desending, 1 = ascending, 2 = flip, 3 = flip only if new col != SORT_by
 
 	//SORT_by, SORT_order, and SORT_folders_1st: values set by prior (or initial) sort.
 
@@ -3481,7 +3530,7 @@ function Build_Directory() {//****************************************
 		}
 		
 		//For file, (TABINDEX + 4) to account for [m][c][d][x] which are added in Assemble_Insert_Row()
-		var file_name  = '<a id=f'+(row + 1)+' tabindex='+ (TABINDEX + 4) +' href="' + href  + '"'; 
+		var file_name  = '<a id=f'+(row + 1)+'c'+4+ ' tabindex='+ (TABINDEX + 4) +' href="' + href  + '"'; 
 			file_name += ' title="<?php echo hsc($_['Edit_View']) ?>: ' + hsc(filename) + '" >';
 			file_name += ICONS[filetype] + '&nbsp;' + hsc(filename) + DS + '</a>';
 		var file_time  = FileTimeStamp(filetime, 1, 0, 0);
@@ -3534,7 +3583,8 @@ function Sort_and_Show(col, direction) {//****************************
 		DELAY = <?php echo $DELAY_Sort_and_Show_msgs ?>;
 	}
 
-	setTimeout( function () { //setTimeout() needed so 'Working' message will actually get displayed *before* the sort.
+	//setTimeout() needed so 'Working' message will actually get displayed *before* the sort.
+	setTimeout( function () {
 		sort_DIRECTORY(col, direction); //Sort DIRECTORY_DATA
 		Build_Directory();
 		document.getElementById('DIRECTORY_FOOTER').innerHTML = Directory_Summary();
@@ -3555,7 +3605,7 @@ function Select_All() {//********************************************
 	var files = document.mcdselect.elements['files[]'];
 	var last  = files.length; //number of files
 	var select_all = document.mcdselect.select_all;
-	
+
 	if (select_all.checked) {
 		$select_all_label.innerHTML = '<?php echo hsc($_['Clear_All']) ?>';
 	}else{
@@ -3569,7 +3619,7 @@ function Select_All() {//********************************************
 
 
 function Confirm_Submit(action) {//***********************************
-	
+
 	var files = document.mcdselect.elements['files[]'];
 	var last  = files.length;   //number of files
 	var no_files = true;
@@ -3647,13 +3697,13 @@ function Edit_Page_scripts() {//************************************************
 }
 
 //These elements do not exist if file is not editable, or maybe if in WYSIWYG mode.
-if (View_Raw_button)    { View_Raw_button.onclick  = function ()   {window.open(onclick_params + 'raw_view'); } }
-if (Wide_View_button)   { Wide_View_button.onclick = function ()   {Wide_View();}    }
-if (Save_File_button)   { Save_File_button.onclick = function ()   {submitted=true;} }
-if (WYSIWYG_button  )   { WYSIWYG_button.onclick = function ()     {<?php echo $WYSIWYG_onclick ?>} }
+if (View_Raw_button)    { View_Raw_button.onclick 	 = function () {window.open(onclick_params + 'raw_view'); } }
+if (Wide_View_button)   { Wide_View_button.onclick 	 = function () {Wide_View();}    }
+if (Save_File_button)   { Save_File_button.onclick 	 = function () {submitted=true;} }
+if (WYSIWYG_button  )   { WYSIWYG_button.onclick 	 = function () {<?php echo $WYSIWYG_onclick ?>} }
 if (Rename_File_button) { Rename_File_button.onclick = function () {parent.location = onclick_params + 'renamefile';} }
 if (Delete_File_button) { Delete_File_button.onclick = function () {parent.location = onclick_params + 'deletefile';} }
-if (File_textarea)      { File_textarea.onkeyup = function(event)  {Check_for_changes(event);} }
+if (File_textarea)      { File_textarea.onkeyup 	 = function(event) {Check_for_changes(event);} }
 
 
 
@@ -4032,12 +4082,12 @@ function style_sheet() {//******************************************************
 /*** Directory list file select boxes ***/
 /*ckbox is assigned to <div>'s etc that contain <input type=checkbox>*/
 .ckbox        {padding: 4px 4px 2px 4px; display: inline-block;}
-.ckbox:hover  {background-color: rgb(255,240,100);} 
+.ckbox:hover  {background-color: rgb(255,240,140);} 
 .ckbox:active {background-color: rgb(245,245, 50);}
 
 /* Slightly darker colors for [m][c][d] file options since they are small & less noticable*/
-.MCD:hover  {background-color: rgb(255,240,100);}
-.MCD:focus  {background-color: rgb(250,240,100);}
+.MCD:hover  {background-color: rgb(255,240,140);}
+.MCD:focus  {background-color: rgb(255,240,140);}
 .MCD:active {background-color: rgb(245,245, 50);}
 
 
@@ -4324,7 +4374,7 @@ function style_sheet() {//******************************************************
 input[type="text"]#new_name {width  : 50%; margin-bottom: .2em;}
 #new_location {border-left: none;}
 
-#del_backup   { margin: 0; padding: 2px 5px}
+#del_backup   { margin: 0; padding: 2px 5px; border: 1px solid transparent;}
 
 /*** For old IE only: text "icons" for Rename, Copy, and Delete ***/
 .RCD1  {font: 900 7pt arial; padding: 0px 3px 0px 3px; margin: 0px; float: left}
@@ -4481,7 +4531,7 @@ function Load_style_sheet() {//*************************************************
 <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
 <meta name="robots" content="noindex">
 <?php
-echo '<title>'.hsc($config_title.' - '.Page_Title()).'</title>'."\n";
+echo '<title>'.hsc($MAIN_TITLE.' - '.Page_Title()).'</title>'."\n";
 
 Load_style_sheet();
 
@@ -4494,6 +4544,7 @@ function Load_style_sheet() {//*************************************************
 if ($_SESSION['valid']) { echo '<div id="main" >'; }
 else                    { echo '<div id="login_page">'; }
 
+
 Page_Header();
 
 if ($_SESSION['valid'] && $Show_Path) { Current_Path_Header(); }
diff --git a/readme.markdown b/readme.markdown
index cf42631..e1517c5 100755
--- a/readme.markdown
+++ b/readme.markdown
@@ -83,12 +83,12 @@ You can also change the file name from "onefilecms.php" to something else, such
 
 ### <a name=language></a>Multi-Language Support?
 
-Yes!  While English (EN) is the default - German (DE), Spanish (ES), Dutch (NL), and Russian (RU) are also available.
+Yes!  While English (EN) is the default, the following laguages are also available:
 
-- German (Deutsch) courtesy of [codeless](http://github.com/codeless).
-- Spanish (Espanõla) courtesy of [fermuch](http://github.com/fermuch).
-- Dutch (Nederlands) courtesy of [symsec](http://github.com/symsec).  
-- Russian courtesy of [zaykin](https://github.com/zaykin).  
+- Deutsch (DE) courtesy of [codeless](http://github.com/codeless).
+- Espanõla (ES) courtesy of [fermuch](http://github.com/fermuch).
+- Nederlands (NL) courtesy of [symsec](http://github.com/symsec).  
+- Pусский (RU) courtesy of [zaykin](https://github.com/zaykin).  
 
 If you speak another language and would like to contribute, translations are welcomed and appreciated!  Just use the English language file (or any of the others) as a template, and translate each word, phrase, etc., as appropriate.
 
@@ -100,13 +100,13 @@ I may not have the time/bandwidth/inclination to implement every feature, but I
 
 ### <a name=multiuser></a>Can I have more than one username/password?
 
-Yes!  Well, sort of... indirectly.  Upload or create additional copies of OneFileCMS, but give them different file names.(ex: OneFile1.php and OneFile2.php etc...)  Then, in each copy, maintain different usernames, passwords, and $session_name config values.  
+Yes!  Well, sort of... indirectly.  Upload or create additional copies of OneFileCMS, but give them different file names.(ex: OneFile1.php and OneFile2.php etc...)  Then, in each copy, maintain different usernames, passwords, and $session\_name config values.  
   
 Now, since there is no database or other means of granular control or access logging, multiple usernames provides limited utility.  However, having at least one working backup copy of OneFileCMS available is recommended in case the primary copy gets corrupted.
 
 ### <a name=handsaw></a>This is basically just a file manager with a text editor- why is it being called a CMS?
 
-Because it is. It may be simple, but it can get the job done.  While you wouldn't want to build a new house from the ground up with just a hammer, hand saw, and tape measure, you can "manage" quite a bit with just those tools.  
+Because it is. It may be simple, but it can get the job done.  While you wouldn't want to build a new house from the ground up with just a hammer, saw, and tape measure, you can "manage" quite a bit with just those tools.  
 
 And, because "OneFileCMS" sounds cool.
 
@@ -130,7 +130,7 @@ OneFileCMS can be easily configured to work with [TinyMCE](http://tinymce.moxiec
 
 - If you need to upload a lots of files, an FTP program may be a bit more flexible & practicle.
 
-- Directories with hundreds of files can take a several seconds to display.  For instance, on my system- a 2.5gz desktop running XP, it takes 2 to 4 seconds to display a directory with 200 files.
+- Directories with hundreds of files can take several seconds to display.  For instance, on my system- a 2.5gz desktop running XP, it takes 2 to 4 seconds to display a directory with 200 files.
 
 - OneFileCMS would not be the best option for a site that requires different levels of privileges, unless all of the users are trusted to stay within their designated areas of responsibility. Since OneFileCMS allows file uploads and editing files directly on the web server, there is simply no way to secure against any particular action.  
 

From 6532ce35291e837ba629ba4cf54b2725051b3cdb Mon Sep 17 00:00:00 2001
From: Self-Evident <selfevidenttruths@mail.com>
Date: Thu, 16 Jun 2016 18:50:00 -0400
Subject: [PATCH 202/228] Version 3.5.19 Added line numbering to edit page:
 Line_Numbering() js functions & associated css & html. 	(This was way
 more work than anticipated... :) Added Word wrap toggle to edit page. (for
 editable files only.) 	(This was way more work than anticipated... :) Added
 $_['Word_Wrap'],  $_['on'],  $_['off'] 	(This was easy.) Added
 $WORD_WRAP & $TAB_SIZE config variables. 	(This was easy.) In
 Display_Messages():Changed ternaries to if/thens.  Because simpler.  (also
 fixed a typo) In Countdown(), made $message_box local (was no var, don't know
 why). In pre_validate_pwun(), a little cleanup. Renamed a few global var's
 from lowercase to all caps: 	$MESSAGE, $EXCLUDED_LIST, $ETYPES, $STYPES,
 $ITYPES, $FTYPES, $FCLASSES css: box-sizing: border-box, plus subsequent
 changes...

---
 info/changelog.markdown          |   6 +
 languages/OneFileCMS.LANG.DE.php |   2 +-
 languages/OneFileCMS.LANG.EN.php |  10 +-
 languages/OneFileCMS.LANG.ES.php |   2 +-
 languages/OneFileCMS.LANG.NL.php |   2 +-
 onefilecms.php                   | 670 +++++++++++++++++++++++--------
 readme.markdown                  |   9 +-
 7 files changed, 523 insertions(+), 178 deletions(-)

diff --git a/info/changelog.markdown b/info/changelog.markdown
index 28ee025..1803587 100644
--- a/info/changelog.markdown
+++ b/info/changelog.markdown
@@ -1,5 +1,11 @@
 # OneFileCMS Change Log
 
+### v3.5.19 (2016-06-16)
+
+- Added line numbers to left of edit window.  A current side effect is wrapping is now break-word, instead of word-break.  That is, lines may wrap in the midddle of words, not just on white-space. 
+- Added a word-wrap toggle option on the edit page.  Only works on editable files. Files with edit disabled still just word-wrap normally as appropriate.
+- And some code cleanup etc.
+
 ### v3.5.18 (2016-06-09)
 
 - And a few more improvements to arrow key handling.
diff --git a/languages/OneFileCMS.LANG.DE.php b/languages/OneFileCMS.LANG.DE.php
index f1410e2..8402984 100755
--- a/languages/OneFileCMS.LANG.DE.php
+++ b/languages/OneFileCMS.LANG.DE.php
@@ -21,7 +21,7 @@
 $_['MCD_margin_R']           = '1.0em';   //[Move] [Copy] [Delete] buttons
 $_['button_font_size']       = '0.8em';   //Buttons on Edit page.
 $_['button_margin_L']        = '0.7em';
-$_['button_padding']         = '4px 2px'; //T R B L
+$_['button_padding']         = '4px 4px'; //T&B L&R
 $_['image_info_font_size']   = '.95em';   //show_img_msg_01  &  _02
 $_['image_info_pos']         = '1';       //If 1 or true, moves the info down a line for more space.
 $_['select_all_label_size']  = '.84em';   //Font size of $_['Select_All']
diff --git a/languages/OneFileCMS.LANG.EN.php b/languages/OneFileCMS.LANG.EN.php
index 2efb8ef..9f282d1 100755
--- a/languages/OneFileCMS.LANG.EN.php
+++ b/languages/OneFileCMS.LANG.EN.php
@@ -1,5 +1,5 @@
 <?php
-// OneFileCMS Language Settings v3.5.18
+// OneFileCMS Language Settings v3.5.19
 
 $_['LANGUAGE'] = 'English';
 $_['LANG'] = 'EN';
@@ -11,7 +11,7 @@
 // Remember to slash-escape any single quotes that may be within the text:  \'
 // The back-slash itself may or may not also need to be escaped:  \\
 //
-// If present as a trailing comment, "## NT ##" means 'Need Translation'.
+// If present as a trailing comment, "## NT ##" means 'Needs Translation'.
 //
 // These first few settings control a few font and layout settings.
 // In some instances, some langauges may use significantly longer words or phrases than others.
@@ -21,7 +21,7 @@
 $_['MCD_margin_R']           = '1.0em';   //[Move] [Copy] [Delete] buttons
 $_['button_font_size']       = '0.9em';   //Buttons on Edit page.
 $_['button_margin_L']        = '0.7em';
-$_['button_padding']         = '4px 7px 4px 7px'; //T R B L
+$_['button_padding']         = '4px 4px 4px 4px'; //T R B L
 $_['image_info_font_size']   = '1em';     //show_img_msg_01  &  _02
 $_['image_info_pos']         = '';        //If 1 or true, moves the info down a line for more space.
 $_['select_all_label_size']  = '.84em';   //Font size of $_['Select_All']
@@ -57,6 +57,7 @@
 $_['Moved']    = 'Moved';
 $_['Name']     = 'Name';
 $_['on']       = 'on';
+$_['off']      = 'off';     //## NT ## as of 3.5.19
 $_['Password'] = 'Password';
 $_['Rename']   = 'Rename';
 $_['reset']    = 'Reset';
@@ -69,8 +70,8 @@
 $_['Upload']   = 'Upload';
 $_['Username'] = 'Username';
 $_['View']     = 'View';
-$_['Working']  = 'Working - please wait...';
 
+$_['Working']      = 'Working - please wait...';
 $_['Log_In']       = 'Log In';
 $_['Log_Out']      = 'Log Out';
 $_['Admin_Options'] = 'Administration Options';
@@ -80,6 +81,7 @@
 $_['Edit_View']    = 'Edit / View';
 $_['Wide_View']    = 'Wide View';
 $_['Normal_View']  = 'Normal View';
+$_['Word_Wrap']    = 'Word Wrap'; //## NT ## as of 3.5.19
 $_['Upload_File']  = 'Upload File';
 $_['New_File']     = 'New File';
 $_['Ren_Move']     = 'Rename / Move';
diff --git a/languages/OneFileCMS.LANG.ES.php b/languages/OneFileCMS.LANG.ES.php
index 98bc6eb..a8d1950 100755
--- a/languages/OneFileCMS.LANG.ES.php
+++ b/languages/OneFileCMS.LANG.ES.php
@@ -21,7 +21,7 @@
 $_['MCD_margin_R']           = '1.0em';   //[Move] [Copy] [Delete] buttons
 $_['button_font_size']       = '0.9em';   //Buttons on Edit page.
 $_['button_margin_L']        = '0.7em';
-$_['button_padding']         = '4px 5px'; //T R B L
+$_['button_padding']         = '4px 4px'; //T&B L&R
 $_['image_info_font_size']   = '.95em';   //show_img_msg_01  &  _02
 $_['image_info_pos']         = ' ';       //If 1 or true, moves the info down a line for more space.
 $_['select_all_label_size']  = '.84em';   //Font size of $_['Select_All']
diff --git a/languages/OneFileCMS.LANG.NL.php b/languages/OneFileCMS.LANG.NL.php
index 8bb79e8..6d5050f 100755
--- a/languages/OneFileCMS.LANG.NL.php
+++ b/languages/OneFileCMS.LANG.NL.php
@@ -21,7 +21,7 @@
 $_['MCD_margin_R']           = '1.0em';   //[Move] [Copy] [Delete] buttons
 $_['button_font_size']       = '0.8em';   //Buttons on Edit page.
 $_['button_margin_L']        = '0.7em';
-$_['button_padding']         = '4px 10px'; //T R B L
+$_['button_padding']         = '4px 3px'; //T&B L&R
 $_['image_info_font_size']   = '1em';     //show_img_msg_01  &  _02
 $_['image_info_pos']         = '';        //If 1 or true, moves the info down a line for more space.
 $_['select_all_label_size']  = '.84em';   //Font size of $_['Select_All']
diff --git a/onefilecms.php b/onefilecms.php
index 07864b5..9447562 100755
--- a/onefilecms.php
+++ b/onefilecms.php
@@ -1,8 +1,8 @@
-<?php ob_start(); mb_internal_encoding('utf-8');  $message = ""; //initialize $message here so can .= at any point later.
+<?php ob_start(); mb_internal_encoding('utf-8');  $MESSAGE = ""; //initialize $MESSAGE here so can .= at any point later.
 
 // OneFileCMS - github.com/Self-Evident/OneFileCMS
 
-$OFCMS_version = '3.5.18';
+$OFCMS_version = '3.5.19';
 
 
 
@@ -94,13 +94,16 @@
 
 $MAX_ATTEMPTS  = 3;    //Max failed login attempts before LOGIN_DELAY starts.
 $LOGIN_DELAY   = 10;   //In seconds.
-$MAX_IDLE_TIME = 60000;//600;  //In seconds. 600 = 10 minutes.  Other PHP settings (like gc) may limit its max effective value.
+$MAX_IDLE_TIME = 600;  //In seconds. 600 = 10 minutes.  Other PHP settings (like gc) may limit its max effective value.
 $TO_WARNING    = 120;  //In seconds. When idle time remaining is less than this value, a TimeOut warning is displayed.
 $LOG_LOGINS    = true; //Keep log of login attempts.
 
 $MAIN_WIDTH    = '810px'; //Width of main <div> defining page layout.          Can be px, pt, em, or %.  Assumes px otherwise.
 $WIDE_VIEW_WIDTH = '97%'; //Width to set Edit page if [Wide View] is clicked.  Can be px, pt, em, or %.  Assumes px otherwise.
 
+$WORD_WRAP = "on"; //"on" or (anything else) =="off".  Word-wrap state on page load of edit page. Once on page, word-wrap can toggle on/off.
+$TAB_SIZE  = 8;    //Some browsers recognize a css tab-size. Some don't.  If your's doesn't, LEAVE AT 8.  (IE/Edge, as of mid-2016)
+
 $MAX_EDIT_SIZE = 200000;  // Edit gets flaky with large files in some browsers.  Trial and error your's.
 $MAX_VIEW_SIZE = 1000000; // If file > $MAX_EDIT_SIZE, don't even view in OneFileCMS.
                           // The default max view size is completely arbitrary. Basically, it was 2am, and seemed like a good idea at the time.
@@ -127,7 +130,7 @@
 //Cooresponding file classes to _ftypes - used to determine icons for directory listing.
 $FILE_CLASSES = "bin,z,z ,z ,z  ,img,img,img,img,img,svg,txt,txt,cfg ,txt,css,txt,htm,htm ,htm  ,txt     ,txt,txt,txt,txt   ,txt,php,php,txt,txt";
 
-$EX = '<b>( ! )</b> '; //EXclaimation point "icon" Used in $message's
+$EX = '<b>( ! )</b> '; //EXclaimation point "icon" Used in $MESSAGE's
 
 $PAGEUPDOWN = 10; //Number of rows to jump using Page Up/Page Down keys on directory listing.
 
@@ -171,12 +174,12 @@ function System_Setup() {//*****************************************************
 global $_, $MAX_IDLE_TIME, $LOGIN_ATTEMPTS, $LOGIN_DELAYED, 
 	$MAIN_WIDTH, $WIDE_VIEW_WIDTH, $MAX_EDIT_SIZE, $MAX_VIEW_SIZE, $EXCLUDED_FILES, 
 	$EDIT_FILES, $SHOW_FILES, $SHOW_IMGS, $FILE_TYPES, $FILE_CLASSES, 
-	$SHOWALLFILES, $etypes, $stypes, $itypes, $ftypes, $fclasses, $excluded_list, 
+	$SHOWALLFILES, $ETYPES, $STYPES, $ITYPES, $FTYPES, $FCLASSES, $EXCLUDED_LIST, 
 	$LANGUAGE_FILE, $ACCESS_ROOT, $ACCESS_ROOT_len, $WYSIWYG_PLUGIN, $WYSIWYG_VALID, $WYSIWYG_PLUGIN_OS, 
 	$INVALID_CHARS, $WHSPC_SLASH, $VALID_PAGES, $LOGIN_LOG_url, $LOGIN_LOG_file,
 	$ONESCRIPT,  $ONESCRIPT_file, $ONESCRIPT_backup, $ONESCRIPT_file_backup, 
 	$CONFIG_backup, $CONFIG_FILE, $CONFIG_FILE_backup, $VALID_CONFIG_FILE, 
-	$DOC_ROOT, $DOC_ROOT_OS, $WEB_ROOT, $WEBSITE, $PRE_ITERATIONS, $EX, $message, $ENC_OS,
+	$DOC_ROOT, $DOC_ROOT_OS, $WEB_ROOT, $WEBSITE, $PRE_ITERATIONS, $EX, $MESSAGE, $ENC_OS,
 	$DELAY_Expired_Reload, $DELAY_Sort_and_Show_msgs, $DELAY_Start_Countdown, $DELAY_final_messages, $MIN_DIR_ITEMS;
 
 //Requires PHP 5.1 or newer, due to changes in explode() (and maybe others).
@@ -234,7 +237,7 @@ function System_Setup() {//*****************************************************
 		$CONFIG_FILE_backup = $CONFIG_FILE.'-BACKUP.txt';                 //used for p/w & u/n updates.
 	}
 	else {
-		$message .= $EX.'<b>$CONFIG_FILE '.hsc($_['Not_found']).':</b> '.$CONFIG_FILE.'<br>';
+		$MESSAGE .= $EX.'<b>$CONFIG_FILE '.hsc($_['Not_found']).':</b> '.$CONFIG_FILE.'<br>';
 		$CONFIG_FILE = $CONFIG_FILE_OS = '';
 	}
 }
@@ -260,7 +263,7 @@ function System_Setup() {//*****************************************************
 $ACCESS_ROOT_OS = Convert_encoding($ACCESS_ROOT);
 
 if (!is_dir($DOC_ROOT_OS.$ACCESS_ROOT_OS) || (Check_path($ACCESS_ROOT,1) === false) ) {
-	$message .= __LINE__.$EX.'<b>$ACCESS_ROOT '.hsc($_['Invalid_path']).': </b>'.$ACCESS_ROOT.'<br>';
+	$MESSAGE .= __LINE__.$EX.'<b>$ACCESS_ROOT '.hsc($_['Invalid_path']).': </b>'.$ACCESS_ROOT.'<br>';
 	$ACCESS_ROOT = $ACCESS_ROOT_OS = '';
 }
 if ($ACCESS_ROOT != '') {
@@ -280,14 +283,14 @@ function System_Setup() {//*****************************************************
 
 //Make arrays out of a few config variables for actual use later.
 //First, remove spaces and make lowercase (for *types).
-$SHOWALLFILES = $stypes = false;
+$SHOWALLFILES = $STYPES = false;
   if ($SHOW_FILES == '*') { $SHOWALLFILES = true; }
-  else { $stypes   = explode(',', mb_strtolower(str_replace(' ', '', $SHOW_FILES))); }//shown file types
-$etypes   = explode(',', mb_strtolower(str_replace(' ', '', $EDIT_FILES)));   //editable file types
-$itypes   = explode(',', mb_strtolower(str_replace(' ', '', $SHOW_IMGS)));    //images types to display
-$ftypes   = explode(',', mb_strtolower(str_replace(' ', '', $FILE_TYPES)));   //file types with icons
-$fclasses = explode(',', mb_strtolower(str_replace(' ', '', $FILE_CLASSES))); //for file types with icons
-$excluded_list = explode(',', str_replace(' ', '', $EXCLUDED_FILES));
+  else { $STYPES   = explode(',', mb_strtolower(str_replace(' ', '', $SHOW_FILES))); }//shown file types
+$ETYPES   = explode(',', mb_strtolower(str_replace(' ', '', $EDIT_FILES)));   //editable file types
+$ITYPES   = explode(',', mb_strtolower(str_replace(' ', '', $SHOW_IMGS)));    //images types to display
+$FTYPES   = explode(',', mb_strtolower(str_replace(' ', '', $FILE_TYPES)));   //file types with icons
+$FCLASSES = explode(',', mb_strtolower(str_replace(' ', '', $FILE_CLASSES))); //for file types with icons
+$EXCLUDED_LIST = explode(',', str_replace(' ', '', $EXCLUDED_FILES));
 
 
 //A few variables for values that were otherwise hardcoded in js. 
@@ -312,7 +315,7 @@ function System_Setup() {//*****************************************************
 
 function Default_Language() { // ***********************************************
 	global $_;
-// OneFileCMS Language Settings v3.5.18
+// OneFileCMS Language Settings v3.5.19
 
 $_['LANGUAGE'] = 'English';
 $_['LANG'] = 'EN';
@@ -334,7 +337,7 @@ function Default_Language() { // ***********************************************
 $_['MCD_margin_R']           = '1.0em';  //[Move] [Copy] [Delete] buttons
 $_['button_font_size']       = '0.9em';  //Buttons on Edit page.
 $_['button_margin_L']        = '0.7em';
-$_['button_padding']         = '4px 7px 4px 7px'; //T R B L
+$_['button_padding']         = '4px 4px 4px 4px'; //T R B L
 $_['image_info_font_size']   = '1em';    //show_img_msg_01  &  _02
 $_['image_info_pos']         = '';       //If 1 or true, moves the info down a line for more space.
 $_['select_all_label_size']  = '.84em';  //Font size of $_['Select_All']
@@ -368,6 +371,7 @@ function Default_Language() { // ***********************************************
 $_['Moved']    = 'Moved';
 $_['Name']     = 'Name';
 $_['on']       = 'on';
+$_['off']      = 'off';  //## NT ## as of 3.5.19
 $_['Password'] = 'Password';
 $_['Rename']   = 'Rename';
 $_['reset']    = 'Reset';
@@ -390,6 +394,7 @@ function Default_Language() { // ***********************************************
 $_['Edit_View']      = 'Edit / View';
 $_['Wide_View']      = 'Wide View';
 $_['Normal_View']    = 'Normal View';
+$_['Word_Wrap']	 	 = 'Word Wrap';	//## NT ## as of 3.5.19
 $_['Upload_File']    = 'Upload File';
 $_['New_File']       = 'New File';
 $_['Ren_Move']       = 'Rename / Move';
@@ -613,7 +618,7 @@ function Session_Startup() {//**************************************************
 
 
 function Verify_IDLE_POST_etc() {//*********************************************
-	global $_, $page, $EX, $message, $VALID_POST, $MAX_IDLE_TIME;
+	global $_, $page, $EX, $MESSAGE, $VALID_POST, $MAX_IDLE_TIME;
 
 	//Verify consistant user agent. This is set during login. (every little bit helps every little bit)
 	if ( !isset($_SESSION['user_agent']) || ($_SESSION['user_agent'] != $_SERVER['HTTP_USER_AGENT']) ) { Logout(); }
@@ -623,7 +628,7 @@ function Verify_IDLE_POST_etc() {//*********************************************
 		$idle_time = ( time() - $_SESSION['last_active_time'] );
 		if ( $idle_time > $MAX_IDLE_TIME ) {
 			Logout();
-			$message .= hsc($_['verify_msg_01']).'<br>';
+			$MESSAGE .= hsc($_['verify_msg_01']).'<br>';
 			return;
 		}
 	}
@@ -637,7 +642,7 @@ function Verify_IDLE_POST_etc() {//*********************************************
 		}else{ //If it exists but doesn't match - something's wrong. Probably a page reload.
 			$page  = "index";
 			$_POST = "";
-			$message .= $EX.'<b>'.hsc($_['verify_msg_02']).'</b><br>';
+			$MESSAGE .= $EX.'<b>'.hsc($_['verify_msg_02']).'</b><br>';
 		}
 	}
 }//end Verify_IDLE_POST_etc() //************************************************
@@ -761,7 +766,7 @@ function strip_array($var) {
 
 
 function Validate_params() {//**************************************************
-	global $_, $ipath, $filename, $page, $param1, $param2, $param3, $IS_OFCMS, $EX, $message;
+	global $_, $ipath, $filename, $page, $param1, $param2, $param3, $IS_OFCMS, $EX, $MESSAGE;
 
 	//Pages that require a valid $filename
 	$file_pages = array("edit", "renamefile", "copyfile", "deletefile");
@@ -786,7 +791,7 @@ function Validate_params() {//**************************************************
 
 function Valid_Path($path, $gotoroot=true) {//**********************************
 	//$gotoroot: if true, return to index page of $ACCESS_ROOT.
-	global  $ipath, $ipath_OS, $filename, $param1, $param2, $param3, $ACCESS_ROOT, $ACCESS_ROOT_len, $message;
+	global  $ipath, $ipath_OS, $filename, $param1, $param2, $param3, $ACCESS_ROOT, $ACCESS_ROOT_len, $MESSAGE;
 	
 	//Limit access to the folder $ACCESS_ROOT:
 	//$ACCESS_ROOT = some/root/path/
@@ -827,9 +832,9 @@ function Valid_Path($path, $gotoroot=true) {//**********************************
 
 
 function Get_GET() {//**** Get URL passed parameters ***************************
-	global $_, $ipath, $ipath_OS, $filename, $filename_OS, $page, $VALID_PAGES, $EX, $message;
+	global $_, $ipath, $ipath_OS, $filename, $filename_OS, $page, $VALID_PAGES, $EX, $MESSAGE;
 	// i=some/path/,  f=somefile.xyz,          p=somepage,  m=somemessage
-	// $ipath = i  ,  $filename = $ipath.f  ,  $page = p ,  $message
+	// $ipath = i  ,  $filename = $ipath.f  ,  $page = p ,  $MESSAGE
 	//   (NOTE: in some functions $filename = just the file's name, ie: $_GET['f'], with no path/)
 	//#####  (Normalize $filename program-wide??)
 	// Perform initial, basic, validation.
@@ -848,27 +853,27 @@ function Get_GET() {//**** Get URL passed parameters ***************************
 	
 	$filename_OS = Convert_encoding($filename);
 	if ( ($filename != "") && !is_file($filename_OS)  ) {
-		$message .= $EX.'<b>'.hsc($_['get_get_msg_01']).'</b> ';
-		$message .= hsc(dir_name($filename)).'<b>'.hsc(basename($filename)).'</b><br>';
+		$MESSAGE .= $EX.'<b>'.hsc($_['get_get_msg_01']).'</b> ';
+		$MESSAGE .= hsc(dir_name($filename)).'<b>'.hsc(basename($filename)).'</b><br>';
 		$filename = $filename_OS = "";
 	}
 
 	//Initialize & validate $page
 	if (isset($_GET["p"])) { $page = $_GET["p"]; } else { $page = "index"; }
 	if (!in_array($page, $VALID_PAGES)) {
-		$message .= $EX.hsc($_['get_get_msg_02']).' <b>'.hsc($page).'</b><br>';
+		$MESSAGE .= $EX.hsc($_['get_get_msg_02']).' <b>'.hsc($page).'</b><br>';
 		$page = "index";  //If invalid $_GET["p"]
 	}
 	
 	//Sanitize any message. Initialized on line 1 / top of this file.
-	if (isset($_GET["m"])) { $message .= hsc($_GET["m"]); }
+	if (isset($_GET["m"])) { $MESSAGE .= hsc($_GET["m"]); }
 }//end Get_GET() //*************************************************************
 
 
 
 
 function Verify_Page_Conditions() {//*******************************************
-	global $_, $ONESCRIPT_file, $ipath, $ipath_OS, $param1, $filename, $filename_OS, $page, $EX, $message, 
+	global $_, $ONESCRIPT_file, $ipath, $ipath_OS, $param1, $filename, $filename_OS, $page, $EX, $MESSAGE, 
 			$VALID_POST, $IS_OFCMS;
 
 	//If exited admin pages, restore $ipath 
@@ -887,7 +892,7 @@ function Verify_Page_Conditions() {//*******************************************
 		
 	elseif ( $page == "logout" ) {
 		Logout();
-		$message .= hsc($_['logout_msg']);
+		$MESSAGE .= hsc($_['logout_msg']);
 	}
 	//Don't load rename or delete folder pages at webroot.
 	elseif ( ($page == "deletefolder" || $page == "renamefolder") && ($ipath == "") ) {
@@ -910,7 +915,7 @@ function Verify_Page_Conditions() {//*******************************************
 	}
 	//if size of $_POST > post_max_size, PHP only returns empty $_POST & $_FILE arrays.
 	elseif ( ($page == "uploaded") && !$VALID_POST ) {
-		$message .= $EX.'<b> '.hsc($_['upload_error_01a']).' '.ini_get('post_max_size').'</b> '.hsc($_['upload_error_01b']).'<br>';
+		$MESSAGE .= $EX.'<b> '.hsc($_['upload_error_01a']).' '.ini_get('post_max_size').'</b> '.hsc($_['upload_error_01b']).'<br>';
 		$page = "index";
 	}
 	
@@ -967,7 +972,7 @@ function dir_name($path) {//****************************************************
 function Check_path($path, $show_msg = false) {//*******************************
 	// check for invalid characters & "dot" or "dot dot" path segments.
 	// Does NOT check if exists - only if of valid construction.
-	global  $_, $message, $EX, $INVALID_CHARS, $WHSPC_SLASH;
+	global  $_, $MESSAGE, $EX, $INVALID_CHARS, $WHSPC_SLASH;
 
 	$path = str_replace('\\','/',$path);   //Make sure all forward slashes.
 	$path = trim($path, $WHSPC_SLASH);     // trim whitespace & slashes
@@ -999,7 +1004,7 @@ function Check_path($path, $show_msg = false) {//*******************************
 	}
 
 	if ($errors > 0) {
-		if ($show_msg) { $message .= $err_msg; }
+		if ($show_msg) { $MESSAGE .= $err_msg; }
 		return false;
 	}
 
@@ -1074,7 +1079,7 @@ function supports_svg() {//*****************************************************
 
 
 function rCopy( $old_path, $new_path ) {//**************************************
-	global $_, $WHSPC_SLASH, $EX, $message;
+	global $_, $WHSPC_SLASH, $EX, $MESSAGE;
 	//Recursively copy $old_path to $new_path
 	//Both $old_ & $new_path must ALREADY be in OS/file system's encoding.
 	//(ie: usually UTF-8, but often ISO-8859-1 for Windows.)
@@ -1097,7 +1102,7 @@ function rCopy( $old_path, $new_path ) {//**************************************
 	while (mb_strlen($test_path) >= mb_strlen($old_path)) {
 		$test_path = dirname($test_path);
 		if ( $test_path == $old_path ) {
-			$message .= $EX.' <b>'.hsc($_['rCopy_msg_01']).'</b><br>';
+			$MESSAGE .= $EX.' <b>'.hsc($_['rCopy_msg_01']).'</b><br>';
 			return 0;
 		}
 	}
@@ -1158,7 +1163,7 @@ function rDel($path) {//********************************************************
 function Current_Path_Header() {//**********************************************
  	// Current path. ie: webroot/current/path/
 	// Each level is a link to that level.
-	global $ONESCRIPT, $ipath, $WEB_ROOT, $ACCESS_ROOT, $ACCESS_ROOT_len, $TABINDEX, $message;
+	global $ONESCRIPT, $ipath, $WEB_ROOT, $ACCESS_ROOT, $ACCESS_ROOT_len, $TABINDEX, $MESSAGE;
 
 	$unaccessable    = '';
 	$_1st_accessable = trim($WEB_ROOT, ' /');
@@ -1198,7 +1203,7 @@ function Current_Path_Header() {//**********************************************
 
 
 function Page_Header() {//******************************************************
-	global  $_, $DOC_ROOT, $ONESCRIPT, $page, $WEBSITE, $MAIN_TITLE, $OFCMS_version, $FAVICON, $TABINDEX, $message;
+	global  $_, $DOC_ROOT, $ONESCRIPT, $page, $WEBSITE, $MAIN_TITLE, $OFCMS_version, $FAVICON, $TABINDEX, $MESSAGE;
 
 	$TABINDEX = 1; //Initial tabindex
 
@@ -1527,7 +1532,7 @@ function Hash_Page() {//********************************************************
 
 
 function Hash_response() {//****************************************************
-	global $_, $message;
+	global $_, $MESSAGE;
 	$_POST['whattohash'] = trim($_POST['whattohash']); // trim whitespace.
 
 	//Ignore/don't hash an empty string - passwords can't be blank.
@@ -1535,8 +1540,8 @@ function Hash_response() {//****************************************************
 
 	//The second parameter to hashit(), 1, tells hashit() to also do the "pre-hash", which is
 	//normally done client-side during a login attempt, p/w change, or u/n change.
-	$message .= hsc($_['Password']).': '.hsc($_POST['whattohash']).'<br>';
-	$message .= hsc($_['Hash']).': '.hashit($_POST['whattohash'], 1).'<br>';
+	$MESSAGE .= hsc($_['Password']).': '.hsc($_POST['whattohash']).'<br>';
+	$MESSAGE .= hsc($_['Hash']).': '.hashit($_POST['whattohash'], 1).'<br>';
 }//end Hash_response() //*******************************************************
 
 
@@ -1592,13 +1597,13 @@ function Change_PWUN_Page($pwun, $type, $page_title, $label_new, $label_confirm)
  
 //******************************************************************************
 function Update_config($search_for, $replace_with, $search_file, $backup_file) {
-	global  $_, $EX, $message;
+	global  $_, $EX, $MESSAGE;
 	
 	$search_file_OS = Convert_encoding($search_file);
 	$backup_file_OS = Convert_encoding($backup_file);
 
 	if ( !is_file($search_file_OS) ) {
-		$message .= $EX.' <b>'.hsc($_['Not_found']).': </b>'.hsc($search_file).'<br>';
+		$MESSAGE .= $EX.' <b>'.hsc($_['Not_found']).': </b>'.hsc($search_file).'<br>';
 		return false;
 	}
 
@@ -1618,14 +1623,14 @@ function Update_config($search_for, $replace_with, $search_file, $backup_file) {
 	}
 
 	//This should not happen, but just in case...
-	if (!$found){ $message .= $EX.' <b>'.hsc($_['Not_found']).': </b>'.hsc($search_for).'<br>'; return false; }
+	if (!$found){ $MESSAGE .= $EX.' <b>'.hsc($_['Not_found']).': </b>'.hsc($search_for).'<br>'; return false; }
 	
 	copy($search_file_OS, $backup_file_OS); // Just in case...
 
 	$updated_contents = implode("\n", $search_lines);
 
 	if (file_put_contents($search_file_OS, $updated_contents, LOCK_EX) === false) {
-		$message .= $EX.'<b>'.hsc($_['update_failed']).'</b><br>';
+		$MESSAGE .= $EX.'<b>'.hsc($_['update_failed']).'</b><br>';
 		return false;
 	}else {return true;}
 }//end Update_config() //*******************************************************
@@ -1635,7 +1640,7 @@ function Update_config($search_for, $replace_with, $search_file, $backup_file) {
 
 function Change_PWUN_response($PWUN, $msg) {//**********************************
 	//Update $USERNAME or $HASHWORD. Default $page = changepw or changeun
-	global $_, $ONESCRIPT, $USERNAME, $HASHWORD, $EX, $message, $page, 
+	global $_, $ONESCRIPT, $USERNAME, $HASHWORD, $EX, $MESSAGE, $page, 
 		   $ONESCRIPT_file, $ONESCRIPT_file_backup, $CONFIG_FILE, $CONFIG_FILE_backup, $VALID_CONFIG_FILE;
 
 	// trim white-space from input values
@@ -1651,15 +1656,15 @@ function Change_PWUN_response($PWUN, $msg) {//**********************************
 	}
 	//If any field is blank...
 	elseif ( ($current_pass == "") || ($new_pwun == "") || ($confirm_pwun == "") ) {
-		$message .= $error_msg.hsc($_['change_pw_07']).'<br>';
+		$MESSAGE .= $error_msg.hsc($_['change_pw_07']).'<br>';
 	}
 	//If new & Confirm values don't match...
 	elseif ($new_pwun != $confirm_pwun) {
-		$message .= $error_msg.hsc($_['change_pw_04']).'<br>';
+		$MESSAGE .= $error_msg.hsc($_['change_pw_04']).'<br>';
 	}
 	//If incorrect current p/w, logout.  (new == confirm at this point)
 	elseif (hashit($current_pass) != $HASHWORD) { 
-		$message .= $error_msg.'<br>'.hsc($_['change_pw_03']).'<br>';
+		$MESSAGE .= $error_msg.'<br>'.hsc($_['change_pw_03']).'<br>';
 		Logout();
 	}
 	//Else change username or password
@@ -1676,15 +1681,15 @@ function Change_PWUN_response($PWUN, $msg) {//**********************************
 		
 		//If specified & it exists, update external config file.
 		if ( $VALID_CONFIG_FILE ) {
-			$message .= hsc($_['change_pw_05']).' '.hsc($_['change_pw_06']).'. . . ';
+			$MESSAGE .= hsc($_['change_pw_05']).' '.hsc($_['change_pw_06']).'. . . ';
 			$updated = Update_config($search_for, $replace_with, $CONFIG_FILE, $CONFIG_FILE_backup);
 		}else{ //Update OneFileCMS
-			$message .= hsc($_['change_pw_05']).' OneFileCMS . . . ';
+			$MESSAGE .= hsc($_['change_pw_05']).' OneFileCMS . . . ';
 			$updated = Update_config($search_for, $replace_with, $ONESCRIPT_file, $ONESCRIPT_file_backup);
 		}
 		
-		if ($updated === false) { $message .= $error_msg.'<br>'; }
-		else                    { $message .= $success_msg.'<br>'; }
+		if ($updated === false) { $MESSAGE .= $error_msg.'<br>'; }
+		else                    { $MESSAGE .= $success_msg.'<br>'; }
 		
 		$page = "admin"; //Return to Admin page.
 	}
@@ -1734,7 +1739,7 @@ function Login_Page() {//*******************************************************
 
 
 function Login_response() {//***************************************************
-	global $_, $EX, $ONESCRIPT_file, $message, $page, $USERNAME, $HASHWORD,
+	global $_, $EX, $ONESCRIPT_file, $MESSAGE, $page, $USERNAME, $HASHWORD,
 				$LOGIN_ATTEMPTS, $MAX_ATTEMPTS, $LOGIN_DELAY, $LOGIN_DELAYED, $LOG_LOGINS, $LOGIN_LOG_file;
 
 	$_SESSION = array();    //make sure it's empty
@@ -1750,11 +1755,11 @@ function Login_response() {//***************************************************
 		$attempts = (int)file_get_contents($LOGIN_ATTEMPTS);
 		$elapsed  = time() - filemtime($LOGIN_ATTEMPTS);
 	}
-	if ($attempts > 0) { $message .= '<b>'.hsc($_['login_msg_01a']).' '.$attempts.' '.hsc($_['login_msg_01b']).'</b><br>'; }
+	if ($attempts > 0) { $MESSAGE .= '<b>'.hsc($_['login_msg_01a']).' '.$attempts.' '.hsc($_['login_msg_01b']).'</b><br>'; }
 
 	if ( ($attempts >= $MAX_ATTEMPTS) && ($elapsed < $LOGIN_DELAY) ){
 		$LOGIN_DELAYED = ($LOGIN_DELAY - $elapsed);
-		$message .= hsc($_['login_msg_02a']).' <span id=timer0></span> '.hsc($_['login_msg_02b']);
+		$MESSAGE .= hsc($_['login_msg_02a']).' <span id=timer0></span> '.hsc($_['login_msg_02b']);
 		return;
 	}
 
@@ -1775,10 +1780,10 @@ function Login_response() {//***************************************************
 		
 	}else{
 		file_put_contents($LOGIN_ATTEMPTS, ++$attempts); //increment attempts
-		$message  = $EX.'<b>'.hsc($_['login_msg_03']).$attempts.'</b><br>';
+		$MESSAGE  = $EX.'<b>'.hsc($_['login_msg_03']).$attempts.'</b><br>';
 		if ($attempts >= $MAX_ATTEMPTS) {
 			$LOGIN_DELAYED = $LOGIN_DELAY;
-			$message .= hsc($_['login_msg_02a']).' <span id=timer0></span> '.hsc($_['login_msg_02b']);
+			$MESSAGE .= hsc($_['login_msg_02a']).' <span id=timer0></span> '.hsc($_['login_msg_02b']);
 		}
 	}
 
@@ -1863,8 +1868,8 @@ function Create_Table_for_Listing() {//*****************************************
 
 
 function Get_DIRECTORY_DATA($raw_list) {//**************************************
-	global $_, $ONESCRIPT, $ipath, $ipath_OS, $param1, $ICONS, $message, 
-			$ftypes, $fclasses, $excluded_list, $stypes, $SHOWALLFILES, 
+	global $_, $ONESCRIPT, $ipath, $ipath_OS, $param1, $ICONS, $MESSAGE, 
+			$FTYPES, $FCLASSES, $EXCLUDED_LIST, $STYPES, $SHOWALLFILES, 
 			$DIRECTORY_COUNT, $DIRECTORY_DATA, $ENC_OS;
 
 	//Doesn't use global $filename or $filename_OS in this function (because they shouldn't exist on the Index page)
@@ -1881,7 +1886,7 @@ function Get_DIRECTORY_DATA($raw_list) {//**************************************
 		if ($ENC_OS == 'UTF-8') {$filename = $raw_filename;}
 		else                    {$filename = Convert_encoding($raw_filename,'UTF-8');}
 		
-		//Get file .ext & check against $stypes (files types to show)
+		//Get file .ext & check against $STYPES (files types to show)
 		$filename_parts = explode(".", mb_strtolower($filename));
 		
 		//Check for no $ext:  "filename"  or ".filename"
@@ -1892,9 +1897,9 @@ function Get_DIRECTORY_DATA($raw_list) {//**************************************
 		
 		//Check $filename & $ext against white & black lists. If not to be shown, get next $filename...
 		if (!is_dir($filename_OS)) {
-			if ($SHOWALLFILES || in_array($ext, $stypes)) { $SHOWTYPE = TRUE; } else { $SHOWTYPE = FALSE; }
-			if (in_array($filename, $excluded_list)) 	  { $excluded = TRUE; } else { $excluded = FALSE; }
-			if ( !$SHOWTYPE || in_array($filename, $excluded_list) ) { continue; }
+			if ($SHOWALLFILES || in_array($ext, $STYPES)) { $SHOWTYPE = TRUE; } else { $SHOWTYPE = FALSE; }
+			if (in_array($filename, $EXCLUDED_LIST)) 	  { $excluded = TRUE; } else { $excluded = FALSE; }
+			if ( !$SHOWTYPE || in_array($filename, $EXCLUDED_LIST) ) { continue; }
 		}
 			
 		//Used to hide rename & delete options for active copy of OneFileCMS.
@@ -1903,10 +1908,10 @@ function Get_DIRECTORY_DATA($raw_list) {//**************************************
 		
 		//Set icon type based on if dir, or file type ($ext).
 		if (is_dir($filename_OS)) { $type = 'dir'; }
-		else					  { $type = $fclasses[array_search($ext, $ftypes)]; }
+		else					  { $type = $FCLASSES[array_search($ext, $FTYPES)]; }
 		
 		//Determine icon to show
-		if (in_array($type,$fclasses)) { $icon = $ICONS[$type];}
+		if (in_array($type,$FCLASSES)) { $icon = $ICONS[$type];}
 		elseif ($type == 'dir')        { $icon = $ICONS['folder']; }
 		else                           { $icon = $ICONS['bin']; } //default
 			
@@ -2019,7 +2024,7 @@ function Index_Page() {//*******************************************************
 
 function Edit_Page_buttons_top($text_editable,$file_ENC) {//********************
 	global $_, $ONESCRIPT, $param1, $param2, $filename, $filename_OS, $IS_OFCMS, 
-				$WYSIWYG_VALID, $EDIT_WYSIWYG, $WYSIWYG_label, $message;
+				$WYSIWYG_VALID, $EDIT_WYSIWYG, $WYSIWYG_label, $MESSAGE;
 
 	clearstatcache ();
 
@@ -2072,7 +2077,7 @@ function Edit_Page_buttons_top($text_editable,$file_ENC) {//********************
 
 
 function Edit_Page_buttons($text_editable, $too_large_to_edit) {//**************
-	global $_, $message, $ICONS, $MAX_IDLE_TIME, $IS_OFCMS, $WYSIWYG_VALID, $EDIT_WYSIWYG;
+	global $_, $MESSAGE, $ICONS, $MAX_IDLE_TIME, $IS_OFCMS, $WYSIWYG_VALID, $EDIT_WYSIWYG;
 
 	//Using ckeditor WYSIWYG editor, <input type=reset> button doesn't work. (I don't know why.)
 	$reset_button = '<input type=reset  id="reset" class=button value="'.hsc($_['reset']).'" onclick="return Reset_File();">';
@@ -2105,8 +2110,8 @@ function RCD_button($action, $icon, $label) {//***************
 
 //******************************************************************************
 function Edit_Page_form($ext, $text_editable, $too_large_to_edit, $too_large_to_view, $file_ENC){
-	global $_, $ONESCRIPT, $param1, $param2, $param3, $filename, $filename_OS, $itypes, $INPUT_NUONCE, $EX, $message, 
-		   $FILECONTENTS, $WYSIWYG_VALID, $EDIT_WYSIWYG, $IS_OFCMS, $MAX_EDIT_SIZE, $MAX_VIEW_SIZE;
+	global $_, $ONESCRIPT, $param1, $param2, $param3, $filename, $filename_OS, $ITYPES, $INPUT_NUONCE, $EX, $MESSAGE, 
+		   $FILECONTENTS, $WYSIWYG_VALID, $EDIT_WYSIWYG, $IS_OFCMS, $MAX_EDIT_SIZE, $MAX_VIEW_SIZE, $WORD_WRAP;
 
 	$too_large_to_edit_message =
 		'<b>'.hsc($_['too_large_to_edit_01']).' '.number_format($MAX_EDIT_SIZE).' '.hsc($_['bytes']).'</b><br>'.
@@ -2122,10 +2127,10 @@ function Edit_Page_form($ext, $text_editable, $too_large_to_edit, $too_large_to_
 		
 		Edit_Page_buttons_top($text_editable, $file_ENC);
 		
-		if ( !in_array( mb_strtolower($ext), $itypes) ) { //If non-image...
+		if ( !in_array( mb_strtolower($ext), $ITYPES) ) { //If non-image...
 				
-			if     (!$text_editable)      { $message .= hsc($_['edit_txt_01']).'<br><br>'; }
-			elseif ( $too_large_to_edit ) { $message .= $too_large_to_edit_message; }
+			if     (!$text_editable)      { $MESSAGE .= hsc($_['edit_txt_01']).'<br><br>'; }
+			elseif ( $too_large_to_edit ) { $MESSAGE .= $too_large_to_edit_message; }
 			elseif (!$IS_OFCMS) {
 				//Did htmlspecialchars return an empty string from a non-empty file?
 				$bad_chars = ( ($FILECONTENTS == "") && (filesize($filename_OS) > 0) );
@@ -2135,10 +2140,22 @@ function Edit_Page_form($ext, $text_editable, $too_large_to_edit, $too_large_to_
 					echo hsc($_['edit_txt_03']).'<br>';
 					echo hsc($_['edit_txt_04']).'<br></pre>'."\n";
 				}else{          //show editable <textarea>
+					
+					$ww_on_checked = $ww_off_checked = "";
+					if ($WORD_WRAP == "on") {$ww_on_checked = "checked";} else {$ww_off_checked = "checked";}
+					
 					//<input name=filename> is used only to signal an Edit_response().
 					echo '<input type="hidden" name="filename" value="'.rawurlencode($filename).'">';
-					echo '<textarea id=file_editor name=contents cols=70 rows=25>';
-					echo $FILECONTENTS.'</textarea>'."\n";
+					
+					echo "<div id=wrapper_linenums_editor>";
+					echo 	"<div id=line_numbers tabindex='-1'><div id=line_1>1</div><div id=line_0></div></div>";
+					echo 	"<textarea id=file_editor class=tab_size name=contents cols=70 rows=25>$FILECONTENTS</textarea>\n";
+					echo "</div>\n";
+					
+					echo "<div id=ww_options>".hsc($_['Word_Wrap']).":";
+					echo 	"<label><input id=word_wrap_on  type=radio name=word_wrap value=on $ww_on_checked>{$_['on']}</label>";
+					echo 	"<label><input id=word_wrap_off type=radio name=word_wrap value=off $ww_off_checked>{$_['off']}</label>";
+					echo "</div>\n";
 				}
 			}//end if/elseif...
 			
@@ -2183,14 +2200,14 @@ function Edit_Page_Notes() {//**************************************************
 
 
 function Edit_Page() {//********************************************************
-	global $_, $filename, $filename_OS, $FILECONTENTS, $etypes, $itypes, $EX, $message, $page,
+	global $_, $filename, $filename_OS, $FILECONTENTS, $ETYPES, $ITYPES, $EX, $MESSAGE, $page,
 			$MAX_EDIT_SIZE, $MAX_VIEW_SIZE, $WYSIWYG_VALID, $IS_OFCMS;
 
 	$filename_parts = explode(".", mb_strtolower($filename));
 	$ext = end($filename_parts);
 
 	//Determine if a text editable file type
-	if ( in_array($ext, $etypes) ) { $text_editable = TRUE;  }
+	if ( in_array($ext, $ETYPES) ) { $text_editable = TRUE;  }
 	else                           { $text_editable = FALSE; }
 
 	$too_large_to_edit = (filesize($filename_OS) > $MAX_EDIT_SIZE);
@@ -2223,15 +2240,15 @@ function Edit_Page() {//********************************************************
 
 	Edit_Page_form($ext, $text_editable, $too_large_to_edit, $too_large_to_view, $file_ENC);
 	
-	if ( in_array( $ext, $itypes) ) { show_image(); } //If image, show below the [Rename/Move] [Copy] [Delete] buttons
+	if ( in_array( $ext, $ITYPES) ) { show_image(); } //If image, show below the [Rename/Move] [Copy] [Delete] buttons
 
 	echo '<div class=clear></div>';
 
 	//If viewing OneFileCMS itself, show Edit Disabled message.
 	if ($IS_OFCMS && $page == "edit") {
-		$message .= '<style>.message_box_contents {background: red;}</style>';
-		$message .= '<style>#message_box          {color: white;}   </style>';
-		$message .= '<b>'.$EX.hsc($_['edit_caution_02']).' &nbsp; '.$_['edit_txt_00'].'</b><br>';
+		$MESSAGE .= '<style>.message_box_contents {background: red;}</style>';
+		$MESSAGE .= '<style>#message_box          {color: white;}   </style>';
+		$MESSAGE .= '<b>'.$EX.hsc($_['edit_caution_02']).' &nbsp; '.$_['edit_txt_00'].'</b><br>';
 	}
 }//end Edit_Page() //***********************************************************
 
@@ -2239,7 +2256,7 @@ function Edit_Page() {//********************************************************
 
 
 function Edit_response() {//***If on Edit page, and [Save] clicked *************
-	global $_, $EX, $message, $filename, $filename_OS;
+	global $_, $EX, $MESSAGE, $filename, $filename_OS;
 
 	$contents    = $_POST['contents'];
 	
@@ -2249,9 +2266,9 @@ function Edit_response() {//***If on Edit page, and [Save] clicked *************
 	$bytes = file_put_contents($filename_OS, $contents);
 
 	if ($bytes !== false) {
-		$message .= '<b>'.hsc($_['edit_msg_01']).' '.number_format($bytes).' '.hsc($_['edit_msg_02']).'</b><br>';
+		$MESSAGE .= '<b>'.hsc($_['edit_msg_01']).' '.number_format($bytes).' '.hsc($_['edit_msg_02']).'</b><br>';
 	}else{
-		$message .= $EX.'<b>'.hsc($_['edit_msg_03']).'</b><br>';
+		$MESSAGE .= $EX.'<b>'.hsc($_['edit_msg_03']).'</b><br>';
 	}
 }//end Edit_response() //*******************************************************
 
@@ -2301,7 +2318,7 @@ function Upload_Page() {//******************************************************
 
 
 function Upload_response() {//**************************************************
-	global $_, $ipath, $ipath_OS, $page, $EX, $message, $UPLOAD_FIELDS;
+	global $_, $ipath, $ipath_OS, $page, $EX, $MESSAGE, $UPLOAD_FIELDS;
 
 	$page  = "index"; //return to index.
 
@@ -2324,11 +2341,11 @@ function Upload_response() {//**************************************************
 		else                  { $ERRMSG = ''; }
 		
 		if ( ($ipath === false) || (($ipath != "") && !is_dir($ipath_OS))) {
-			$message .= $EX.'<b>'.hsc($_['upload_msg_02']).'</b><br>';
-			$message .= '<span class="filename">'.hsc($ipath).'</span></b><br>';
-			$message .= hsc($_['upload_msg_03']).'</b><br>';
+			$MESSAGE .= $EX.'<b>'.hsc($_['upload_msg_02']).'</b><br>';
+			$MESSAGE .= '<span class="filename">'.hsc($ipath).'</span></b><br>';
+			$MESSAGE .= hsc($_['upload_msg_03']).'</b><br>';
 		}else{
-			$message .= '<b>'.hsc($_['upload_msg_04']).'</b> <span class="filename">'.hsc(basename($filename_up)).'</span><br>';
+			$MESSAGE .= '<b>'.hsc($_['upload_msg_04']).'</b> <span class="filename">'.hsc(basename($filename_up)).'</span><br>';
 			
 			if ( isset($_POST['ifexists']) && ($_POST['ifexists'] == 'overwrite') ) {
 				if (is_file($filename_OS)) { $savefile_msg .= hsc($_['upload_msg_07']) ; }
@@ -2338,9 +2355,9 @@ function Upload_response() {//**************************************************
 			
 			$filename_OS = Convert_encoding($filename_up);
 			if(move_uploaded_file($_FILES['upload_file']['tmp_name'][$N], $filename_OS)) {
-				$message .= '<b>'.hsc($_['upload_msg_05']).'</b> '.$savefile_msg.'<br>';
+				$MESSAGE .= '<b>'.hsc($_['upload_msg_05']).'</b> '.$savefile_msg.'<br>';
 			} else{
-				$message .= '<b>'.$EX.hsc($_['upload_msg_06']).'</b> '.$ERRMSG.'</b><br>';
+				$MESSAGE .= '<b>'.$EX.hsc($_['upload_msg_06']).'</b> '.$ERRMSG.'</b><br>';
 			}
 		}
 	}//end foreach $_FILES
@@ -2367,7 +2384,7 @@ function New_Page($title, $new_f_or_f) {//**************************************
 
 
 function New_response($post, $isfile) {//***************************************
-	global $_, $ipath, $ipath_OS, $filename, $filename_OS, $page, $param1, $param2, $param3, $message, $EX, $INVALID_CHARS, $WHSPC_SLASH;
+	global $_, $ipath, $ipath_OS, $filename, $filename_OS, $page, $param1, $param2, $param3, $MESSAGE, $EX, $INVALID_CHARS, $WHSPC_SLASH;
 
 	$page      = "index"; //Return to index if folder, or on error.
 
@@ -2382,30 +2399,30 @@ function New_response($post, $isfile) {//***************************************
 	$msg_new  = '<span class="filename">'.hsc($new_name).'</span><br>';
 
 	if (has_invalid_char($new_name)){
-		$message .= $EX.'<b>'.hsc($_['new_file_msg_01']).'</b> '.$msg_new;
-		$message .= '<b>'.hsc($_['new_file_msg_02']).'<span class="mono"> '.hsc($INVALID_CHARS).'</span></b>';
+		$MESSAGE .= $EX.'<b>'.hsc($_['new_file_msg_01']).'</b> '.$msg_new;
+		$MESSAGE .= '<b>'.hsc($_['new_file_msg_02']).'<span class="mono"> '.hsc($INVALID_CHARS).'</span></b>';
 		
 	}elseif ($new_name == ""){ //No new name given.
 		$page   = "new".$f_or_f;
 		$param3 = '&amp;p=index'; //For [Cancel] button
 		
 	}elseif (file_exists($filename_OS)) { //Does file or folder already exist ?
-		$message .= $EX.'<b>'.hsc($_['new_file_msg_04']).' '.$msg_new;
+		$MESSAGE .= $EX.'<b>'.hsc($_['new_file_msg_04']).' '.$msg_new;
 		
 	}elseif ($isfile && touch($filename_OS) ) { //Create File
-		$message .= '<b>'.hsc($_['new_file_msg_05']).'</b> '.$msg_new; //New File success.
+		$MESSAGE .= '<b>'.hsc($_['new_file_msg_05']).'</b> '.$msg_new; //New File success.
 		$page     = "edit";                                      //Return to edit page.
 		$param2   = '&amp;f='.rawurlencode(basename($filename)); //for Edit_Page() buttons
 		$param3   = '&amp;p=edit';                               //for Edit_Page() buttons
 		
 	}elseif (!$isfile && mkdir($filename_OS,0755)) { //Create Folder
-		$message .= '<b>'.hsc($_['new_file_msg_07']).'</b> '.$msg_new; //New folder success
+		$MESSAGE .= '<b>'.hsc($_['new_file_msg_07']).'</b> '.$msg_new; //New folder success
 		$ipath    = $filename;  //return to new folder
 		$ipath_OS = Convert_encoding($filename);
 		$param1   = '?i='.URLencode_path($ipath);
 		
 	}else{
-		$message .= $EX.'<b>'.hsc($_['new_file_msg_01']).':</b><br>'.$msg_new; //'Error - new file not created:'
+		$MESSAGE .= $EX.'<b>'.hsc($_['new_file_msg_01']).':</b><br>'.$msg_new; //'Error - new file not created:'
 	}
 }//end New_response() //********************************************************
 
@@ -2481,7 +2498,7 @@ function CRM_response($action, $msg1, $show_message = 3) {//********************
 	//$action = 'rCopy' or 'rename'.  Returns 0 if successful, 1 on error.
 	//$show_message: 0 = none; 1 = errors only; 2 = successes only; 3 = all messages (default).
 	global $_, $ONESCRIPT, $ipath, $ipath_OS, $filename, $page, $param1, $param2, $param3, 
-			$message, $EX, $INVALID_CHARS, $WHSPC_SLASH;
+			$MESSAGE, $EX, $INVALID_CHARS, $WHSPC_SLASH;
 
 	$old_full_name = trim($_POST['old_full_name'], $WHSPC_SLASH);     //Trim whitespace & slashes.
 	$new_name_only = trim($_POST['new_name'], $WHSPC_SLASH);
@@ -2549,8 +2566,8 @@ function CRM_response($action, $msg1, $show_message = 3) {//********************
 
 	if (($bad_name !='' ) && ($error_code == 0)) { $err_msg .= '<span class="filename">'.hsc($bad_name).'</span><br>'; }
 
-	if (($show_message & 1) && ($error_code == 0)) { $message .= $err_msg; } //Show error message.
-	if ( $show_message & 2)                        { $message .= $scs_msg; } //Show success message.
+	if (($show_message & 1) && ($error_code == 0)) { $MESSAGE .= $err_msg; } //Show error message.
+	if ( $show_message & 2)                        { $MESSAGE .= $scs_msg; } //Show success message.
 
 	//Prior page should be either index or edit
 	$page = $_SESSION['recent_pages'][1];
@@ -2564,7 +2581,7 @@ function CRM_response($action, $msg1, $show_message = 3) {//********************
 
 
 function Delete_response($target, $show_message=3) {//**************************
-	global $_, $ipath, $ipath_OS, $param1, $filename, $param2, $page, $message, $EX;
+	global $_, $ipath, $ipath_OS, $param1, $filename, $param2, $page, $MESSAGE, $EX;
 
 	if ($target == "") { return 0; } //Prevent accidental delete of entire website.
 
@@ -2596,8 +2613,8 @@ function Delete_response($target, $show_message=3) {//**************************
 		}
 	}
 
-	if ($show_message & 1) { $message .= $err_msg; } //Show error message.
-	if ($show_message & 2) { $message .= $scs_msg; } //Show success message.
+	if ($show_message & 1) { $MESSAGE .= $err_msg; } //Show error message.
+	if ($show_message & 2) { $MESSAGE .= $scs_msg; } //Show success message.
 
 	return $error_code;
 }//end Delete_response() //*****************************************************
@@ -2608,7 +2625,7 @@ function Delete_response($target, $show_message=3) {//**************************
 function MCD_Page($action, $page_title, $classes = '') {//**********************
 	//$action = mcd_mov or mcd_cpy or mcd_del
 	global $_,  $WEB_ROOT, $ONESCRIPT, $ipath, $ipath_OS, $param1, $filename, $page,
-			$ICONS, $ACCESS_ROOT, $ACCESS_PATH, $INPUT_NUONCE, $message;
+			$ICONS, $ACCESS_ROOT, $ACCESS_PATH, $INPUT_NUONCE, $MESSAGE;
 
 	//Prep for a single file or folder
 	if( $page == "deletefile" || $page == "deletefolder" ){
@@ -2655,7 +2672,7 @@ function MCD_Page($action, $page_title, $classes = '') {//**********************
 
 
 function MCD_response($action, $msg1, $success_msg = '') {//********************
-	global $_, $ipath, $ipath_OS, $EX, $message, $WHSPC_SLASH;
+	global $_, $ipath, $ipath_OS, $EX, $MESSAGE, $WHSPC_SLASH;
 
 	$files      = $_POST['files']; //List of files to delete (path not included)
 	$errors     = 0; //number of failed moves, copies, or deletes
@@ -2670,8 +2687,8 @@ function MCD_response($action, $msg1, $success_msg = '') {//********************
 	$show_message = 1; //1= show error msg only.
 	
 	if ( ($new_location != "") && !is_dir($new_location_OS)) {
-		$message .= $EX.'<b>'.hsc($msg1.' '.$_['CRM_msg_01']).'</b><br>';
-		$message .= '<span class="filename">'.hsc($_POST['new_location']).'</span><br>';
+		$MESSAGE .= $EX.'<b>'.hsc($msg1.' '.$_['CRM_msg_01']).'</b><br>';
+		$MESSAGE .= '<span class="filename">'.hsc($_POST['new_location']).'</span><br>';
 		return;
 	}elseif ($action == 'rDel') {
 		foreach ($files as $file){
@@ -2693,15 +2710,15 @@ function MCD_response($action, $msg1, $success_msg = '') {//********************
 		}
 	}
 
-	if ($errors) {$message .= $EX.' <b>'.$errors.' '.hsc($_['errors']).'.</b><br>';}
+	if ($errors) {$MESSAGE .= $EX.' <b>'.$errors.' '.hsc($_['errors']).'.</b><br>';}
 	
-	$message .= '<b>'.$successful.' '.hsc($success_msg).'</b><br>';
+	$MESSAGE .= '<b>'.$successful.' '.hsc($success_msg).'</b><br>';
 
 	if ($action != 'rDel') {
 		if ($successful > 0) { //"From:" & "To:" lines if any successes.
-			$message .= '<div id="message_left"><b>'.hsc($_['From']).'<br>'.hsc($_['To']).'</b></div>';
-			$message .= '<b>:</b><span class="filename"> '.hsc($mcd_ipath).'</span><br>';
-			$message .= '<b>:</b><span class="filename"> '.hsc($ipath).'</span><br>';
+			$MESSAGE .= '<div id="message_left"><b>'.hsc($_['From']).'<br>'.hsc($_['To']).'</b></div>';
+			$MESSAGE .= '<b>:</b><span class="filename"> '.hsc($mcd_ipath).'</span><br>';
+			$MESSAGE .= '<b>:</b><span class="filename"> '.hsc($ipath).'</span><br>';
 		}
 	}
 }//end MCD_response() //********************************************************
@@ -2766,21 +2783,21 @@ function Load_Selected_Page() {//***********************************************
 
 
 function Respond_to_POST() {//**************************************************
-	global $_, $VALID_POST, $ipath, $page, $EX, $ACCESS_ROOT, $message;
+	global $_, $VALID_POST, $ipath, $page, $EX, $ACCESS_ROOT, $MESSAGE;
 
 	if (!$VALID_POST) { return; }
 	
 	//First, validate any $_POST'ed paths against $ACCESS_ROOT.
 	if (isset($_POST["old_full_name"]) && !Valid_Path($_POST["old_full_name"], false)) {
 		//unlikely, but just in case
-		$message .= $EX.'<b>'.hsc($_['Invalid_path']).': </b><span class=filename>'.hsc($_POST["old_full_name"]).'</span>';
+		$MESSAGE .= $EX.'<b>'.hsc($_['Invalid_path']).': </b><span class=filename>'.hsc($_POST["old_full_name"]).'</span>';
 		$VALID_POST = 0;
 		return;
 	}
 	if (isset($_POST["new_location"])) {
 		$_POST["new_location"] = $ACCESS_ROOT.$_POST["new_location"];
 		if (!Valid_Path($_POST["new_location"], false)) {  
-			$message .= $EX.'<b>'.hsc($_['Invalid_path']).': </b><span class=filename>'.hsc($_POST["new_location"]).'</span>';
+			$MESSAGE .= $EX.'<b>'.hsc($_['Invalid_path']).': </b><span class=filename>'.hsc($_POST["new_location"]).'</span>';
 			$VALID_POST = 0;
 			return;
 		}
@@ -2836,9 +2853,11 @@ function init_ICONS_js() {//****************************************************
 
 
 function common_scripts() {//***************************************************
-	global $_, $TO_WARNING, $message, $page, $DELAY_Expired_Reload;
+	global $_, $TO_WARNING, $MESSAGE, $page, $DELAY_Expired_Reload;
 ?>
 <script>
+var $MESSAGE = "";
+
 
 function pad(num){ if ( num < 10 ){ num = "0" + num; }; return num; }
 
@@ -2914,7 +2933,7 @@ function Countdown(count, End_Time, Timer_ID, Action){
 	    count        = End_Time - Current_Time;
 	var params = count + ', "' + End_Time + '", "' + Timer_ID + '", "' + Action + '"';
 
-	$message_box = document.getElementById('message_box');
+	var $msg_box = document.getElementById('message_box');
 
 	Timer.innerHTML = FormatTime(count);
 
@@ -2922,7 +2941,7 @@ function Countdown(count, End_Time, Timer_ID, Action){
 		
 		var timeout_warning  = '<div class="message_box_contents"><b><?php echo hsc($_['session_warning']) ?></b> ';
 			timeout_warning += '<b><span id=timer2>:--</span></b></div>';
-		$message_box.innerHTML  = timeout_warning;
+		$msg_box.innerHTML  = timeout_warning;
 		setTimeout('Start_Countdown(' + count + ',"timer2","")',25);
 		
 		var Timer2 = document.getElementById('timer2');
@@ -2934,7 +2953,7 @@ function Countdown(count, End_Time, Timer_ID, Action){
 	if ( count < 1 ) {
 		if ( Action == 'LOGOUT') {
 			Timer.innerHTML        = '<?php echo hsc($_['session_expired']) ?>';
-			$message_box.innerHTML = '<div class=message_box_contents><b><?php echo hsc($_['session_expired']) ?></b></div>';
+			$msg_box.innerHTML = '<div class=message_box_contents><b><?php echo hsc($_['session_expired']) ?></b></div>';
 			//Load login screen, but delay first to make sure really expired:
 			setTimeout('window.location = window.location.pathname', <?php echo $DELAY_Expired_Reload ?>);
 		}
@@ -2996,12 +3015,12 @@ function FileTimeStamp(php_filemtime, show_date, show_offset, write_return){
 
 function Display_Messages($msg, take_focus) {//***********************
 
-	$tabindex_xbox = typeof $tabindex_xbox !== 'undefined' ? $tabindex_xbox : 0;
+	if (typeof take_focus === 'undefined') {take_focus = 0;}  //default is X_box doesn't take focus()
+
+	if (typeof $tabindex_xbox === 'undefined') {$tabindex_xbox = 0;}
 
 	var $page     = '<?php echo $page ?>';
 	var new_focus = '';
-	
-	take_focus = typeof new_focus == 'undefined' ? 0 : take_focus ;  //default is X_box doesn't take focus()
 
 	if      ($page == 'index') { new_focus = 'header_filename'; }
 	else if ($page == 'edit')  { new_focus = 'close1'; }
@@ -3010,16 +3029,16 @@ function Display_Messages($msg, take_focus) {//***********************
 	else if ($page == 'admin') { new_focus = 'close'; }
 
 	var $X_box		 = '<button tabindex=' + $tabindex_xbox + ' type=button id=X_box>x</button>';
-	var $MESSAGE	 = '<div class=message_box_contents>' + $msg + '</div>';
-	var $message_box = document.getElementById("message_box");
+	var $msg_div	 = '<div class=message_box_contents>' + $msg + '</div>';
+	var $msg_box     = document.getElementById("message_box");
 	var $new_focus	 = document.getElementById(new_focus)
 
-	if ($msg == '') {$message_box.innerHTML = ' ';} //innerHTML must be given a space or $message_box won't clear.
-	else				{
-		$message_box.innerHTML = $X_box + $MESSAGE;
+	if ($msg == '') { $msg_box.innerHTML = ' '; } //innerHTML must be given a space or $msg_box won't clear.
+	else {
+		$msg_box.innerHTML = $X_box + $msg_div;
 		var $X_box_btn	 = document.getElementById('X_box');
 		if (take_focus) {$X_box_btn.focus();}
-		$X_box_btn.onclick = function () { $message_box.innerHTML = " "; $new_focus.focus();}
+		$X_box_btn.onclick = function () { $msg_box.innerHTML = " "; $new_focus.focus();}
 	}
 
 }//end Display_Messages() //******************************************
@@ -3056,7 +3075,7 @@ function Index_Page_events() {//************************************************
 
 document.onmousedown = function (event) { //************************
 	//Mouse clicks may remove focus from focused elements, including checkboxes, 
-	//but don't clear the manual "highlight" of the parent div's & label's of checkbox's
+	//but do not clear the manual "highlight" of the parent div's & label's of checkbox's
 
 	//Clear parent div of a checkbox
 	var ID = document.activeElement.id;
@@ -3078,7 +3097,7 @@ function on_Tab_down(ID, FR,shifted) { //*****************************
 	//Current checkbox already cleared by onkeydown().
 
 	//Prep for Tab key...
-	//Default tab action occurrs on keyUP, so "new" location is not known in onkeydown().
+	//Default tab action occurrs on keyUP, so "new" location is not known by onkeydown().
 	//So, if current focus is ck_box, clear bg, else if we're heading there, set bg.
 	//Tab from L, Current ID will be "f<FR>c2"
 	//Tab from R: Current ID is "f<FR>"
@@ -3332,7 +3351,7 @@ function on_Tab_down(ID, FR,shifted) { //*****************************
 
 
 function Index_Page_scripts() {//***********************************************
-	global $_, $ONESCRIPT, $param1, $ipath, $message, $DELAY_Sort_and_Show_msgs, $MIN_DIR_ITEMS, $TABINDEX;
+	global $_, $ONESCRIPT, $param1, $ipath, $MESSAGE, $DELAY_Sort_and_Show_msgs, $MIN_DIR_ITEMS, $TABINDEX;
 ?>
 <script>
 //  DIRECTORY_DATA[x] = ("type", "file name", filesize, timestamp, is_ofcms, "ext")	
@@ -3577,7 +3596,7 @@ function Sort_and_Show(col, direction) {//****************************
 
 	var DELAY = 0;
 	if (DIRECTORY_ITEMS > <?php echo $MIN_DIR_ITEMS ?>) { //
-		//(Any pre-existing $message will be displayed after directory is displayed.)
+		//(Any pre-existing $MESSAGE will be displayed after directory is displayed.)
 		Display_Messages('<b><?php echo $_['Working'] ?></b>');
 		
 		DELAY = <?php echo $DELAY_Sort_and_Show_msgs ?>;
@@ -3646,8 +3665,8 @@ function Confirm_Submit(action) {//***********************************
 
 
 function Edit_Page_scripts() {//************************************************
-	global $_, $ONESCRIPT, $ONESCRIPT_file, $ipath, $param1, $param2, $filename,
-			$MAIN_WIDTH, $WIDE_VIEW_WIDTH, $current_view, $WYSIWYG_VALID, $EDIT_WYSIWYG;
+	global $_, $ONESCRIPT, $ONESCRIPT_file, $ipath, $param1, $param2, $filename, $WORD_WRAP, 
+			$MAIN_WIDTH, $WIDE_VIEW_WIDTH, $current_view, $WYSIWYG_VALID, $EDIT_WYSIWYG, $TAB_SIZE;
 
 	//Determine edit_view width.
 	$current_view = $MAIN_WIDTH;
@@ -3703,7 +3722,20 @@ function Edit_Page_scripts() {//************************************************
 if (WYSIWYG_button  )   { WYSIWYG_button.onclick 	 = function () {<?php echo $WYSIWYG_onclick ?>} }
 if (Rename_File_button) { Rename_File_button.onclick = function () {parent.location = onclick_params + 'renamefile';} }
 if (Delete_File_button) { Delete_File_button.onclick = function () {parent.location = onclick_params + 'deletefile';} }
-if (File_textarea)      { File_textarea.onkeyup 	 = function(event) {Check_for_changes(event);} }
+if (File_textarea)      { File_textarea.addEventListener("keyup", function(event) {Check_for_changes(event);}) }
+
+
+//Prevent form-submission on enter of the word-wrap radio buttons.  They are only used for changing word-wrap visually.
+var $edit_form = document.getElementById('edit_form');
+$edit_form.addEventListener( "submit", function(event) {Ignore_Submit(event)});
+
+
+
+function Ignore_Submit(event) {
+	if (!event) {var event = window.event;} //for IE
+	if (document.activeElement.type == "radio") {event.preventDefault();}
+}
+
 
 
 
@@ -3729,10 +3761,11 @@ function Edit_Page_scripts() {//************************************************
 
 function Wide_View() {
 
+	//#####  Wide_View() currently only works on #file_editor (editable files).  Doesn't work when "edit disabled".  Yet.
+	
 	var main_width_default = '<?php echo $MAIN_WIDTH ?>';
 
-	if ( File_textarea ) { File_textarea.style.width = '99.8%'; }
-	
+	//Set view width
 	if (Main_div.style.width == '<?php echo $WIDE_VIEW_WIDTH ?>') {
 		Main_div.style.width       = main_width_default;
 		Wide_View_button.innerHTML = "<?php echo hsc($_['Wide_View'])?>";
@@ -3742,7 +3775,15 @@ function Wide_View() {
 		Wide_View_button.innerHTML = '<?php echo hsc($_['Normal_View']) ?>';
 		document.cookie            = 'edit_view=<?php echo $WIDE_VIEW_WIDTH ?>';
 	}
-}
+	
+	//Corrects word-wrapping after changing between normal and wide-view. (Doesn't always wrap consistantly/use break-word.)
+	var tmp = File_textarea.value;
+	File_textarea.value = "";
+	File_textarea.value = tmp;
+
+	Line_Numbers.Set_Line_Numbers();
+
+}// end Wide_View() 
 
 
 
@@ -3788,6 +3829,7 @@ function Check_for_changes(event){
 }
 
 
+
 //Reset textarea value to when page was loaded.
 //Used by [Reset] button, and when page unloads (browser back, etc).
 //Needed becuase if the page is reloaded (ctl-r, or browser back/forward, etc.),
@@ -3801,7 +3843,214 @@ function Reset_File() {
 }
 
 
+
+
+function Line_Numbering(line_numbers_id, listing_id, line0_id, line1_id, wrap_on_id, wrap_off_id, ww_div_id) {
+
+	var line_numbers = document.getElementById(line_numbers_id);
+	var listing 	 = document.getElementById(listing_id);
+	var line_zero    = document.getElementById(line0_id); //empty: used for char-width calc.
+	var line_one     = document.getElementById(line1_id); //<div>1</div> will contain the line numbers.
+	var wrap_on_opt  = document.getElementById(wrap_on_id);
+	var wrap_off_opt = document.getElementById(wrap_off_id);
+	var ww_div 		 = document.getElementById(ww_div_id);
+
+	var char_width     = (line_zero.offsetLeft - line_one.offsetLeft);
+	var padding_L 	   = parseInt(window.getComputedStyle(listing).getPropertyValue("padding-left"));
+	var padding_R 	   = parseInt(window.getComputedStyle(listing).getPropertyValue("padding-right"));
+
+	var Display_Width_Chars = function() {return Math.floor((listing.clientWidth - padding_L - padding_R) / char_width)};
+
+	var TAB_SIZE = <?php echo $TAB_SIZE ?>;
+
+	line_zero.innerHTML = ""; //Just makin' sure. Only used for char-width calc.
+
+	line_numbers.style.height = listing.offsetHeight + "px";
+
+
+	Set_Line_Numbers(); 
+
+
+	listing.addEventListener("scroll",  function(event){Set_Line_Numbers(event)});
+	listing.addEventListener("keyup",   function(event){Set_Line_Numbers(event)});
+	listing.addEventListener("mouseup", function(event){Set_Line_Numbers(event)});
+	listing.addEventListener("paste",   function(event){Set_Line_Numbers(event)});
+
+	wrap_on_opt.onchange  = function() {Toggle_Word_Wrap(this.value);}
+	wrap_off_opt.onchange = function() {Toggle_Word_Wrap(this.value);}
+
+	document.onkeyup = function() {Word_Wrap_Focus_Styles(); }
+	document.onclick = function() {Word_Wrap_Focus_Styles();}
+
+
+
+	//Set default/page load condition from CONFIGURABLE OPTIONS...
+	Toggle_Word_Wrap("<?php echo $WORD_WRAP ?>");
+	Word_Wrap_labels("<?php echo $WORD_WRAP ?>");
+
+
+
+	function Word_Wrap_labels(word_wrap) {
+		//<label> around the radio buttons.
+		
+		if (word_wrap == "on") {
+			wrap_on_opt.parentNode.style.backgroundColor = "#DFD";
+			wrap_on_opt.parentNode.style.borderColor = "#373";
+			wrap_off_opt.parentNode.style.backgroundColor = "#EEE";
+			wrap_off_opt.parentNode.style.borderColor = "#777";
+		} else {
+			wrap_on_opt.parentNode.style.backgroundColor = "#EEE";
+			wrap_on_opt.parentNode.style.borderColor = "#777";
+			wrap_off_opt.parentNode.style.backgroundColor = "#DFD";
+			wrap_off_opt.parentNode.style.borderColor = "#373";
+		}
+	}//end Word_Wrap_labels()
+
+
+
+	function Word_Wrap_Focus_Styles() {
+		
+		var active_id = document.activeElement.id;
+		if ((active_id == wrap_on_id) || (active_id == wrap_off_id)) {
+			
+			//<label> around the radio buttons.
+			if (active_id == wrap_on_id) {var on_off = "on";} else {var on_off = "off";}
+			Word_Wrap_labels(on_off);
+			
+			//<div> around the <label> around the radio buttons.
+			ww_div.style.backgroundColor = "rgb(255,250,150)";
+			ww_div.style.borderColor = "black";
+		}
+		else {
+			ww_div.style.backgroundColor = "#EEE";
+			ww_div.style.borderColor = "#777";
+		}
+	}//end Word_Wrap_Focus_Styles()
+
+
+
+	function Toggle_Word_Wrap(on_off) {
+		
+		if (on_off == "on") {listing.style["white-space"] = "pre-wrap";}
+		else 				{listing.style["white-space"] = "pre";}
+		
+		Set_Line_Numbers();
+		
+	}//end Toggle_Word_Wrap()
+
+
+
+	function Line_Count(str) {
+		
+		var line_count = 0;
+		var i = 0
+		
+		//line_count = (str.split(/\r\n|\r|\n/).length); //This is a little slower for very very very very very large files.
+		
+		for (i = 0; i < str.length; ++i) { 
+			if(str[i] == '\n') { line_count++; } //Also check for \r for some systems?
+		}
+		
+		line_count++;  //Last line doesn't have a new-line at the end.
+		
+		return line_count; 
+		
+	}//end Line_Count()
+
+
+
+	function Effective_Line_Length(line, tab_size){
+		
+		var TAB = "\t";
+		var effective_length = 0;
+		var next_tab_stop    = 0;
+		
+		for (x = 0; x < line.length; x++) {
+			
+			effective_length++;  //At this point, this may include a tab char, but not any subsequent space to the next tab-stop.
+			
+			if (effective_length > next_tab_stop) {next_tab_stop += tab_size;}
+			
+			if (line[x] == TAB) {effective_length = next_tab_stop;}  //adds the subsequent space to the next tab-stop.
+		}
+		
+		return effective_length;
+		
+	}//end Effective_Line_Length()
+	
+
+
+	function Create_Line_Numbers(){
+		
+		var current_width = Display_Width_Chars();
+		
+		var lc = Line_Count(listing.value)
+		var numbers  = '';	//String to contain the line numbers.
+		var lines    = listing.value.split('\n');
+		var cur_line = 0;	//listing[cur_line]
+		var line_len = 0;	//line length adjusted for tabs, to get effective length, and effective word-wrap.
+							//(each tab = 1 to 8 characters, depending...)
+		var effective_line_length = 0; //When tabs are expanded...
+		var line_count_wrapped = 0;
+		
+		for(var num = 1; num <= lc; num++) { 
+			
+			cur_line = num - 1;
+			
+			numbers += num + "\n";  // \n is MUCH faster than <br>
+			
+			effective_line_length = Effective_Line_Length(lines[cur_line], TAB_SIZE);
+			
+			if (wrap_on_opt.checked && (effective_line_length > current_width) ) {
+				
+				line_count_wrapped = Math.ceil(effective_line_length / current_width) - 1; //# of addtional lines after wrapped...
+				
+				//If desired, to mark a continued line, put a dash, plus, or whatever, just before the \n.
+				for (var x = 0; x < (line_count_wrapped); x++) { numbers += "\n"; }
+			}
+		}
+		
+		line_one.innerHTML = numbers;
+		
+	}//end Create_Line_Numbers()
+
+
+
+	function Set_Line_Numbers(event) {
+		
+		//Ignore a few keys that don't affect/not needed for line numbering.
+		if (event) { //event
+			if (window.event) { var event = window.event } 
+				
+			//Page Up/Down, End, Home, Arrow L/U/R/D
+			if ((event.keyCode > 32) && (event.keyCode < 41)) {return;}
+		} 
+		
+		Create_Line_Numbers();
+		
+		//Scroll/align the line numbers with the textarea.
+		line_numbers.scrollTop = listing.scrollTop;
+		
+	}//end Set_Line_Numbers()
+
+
+
+	var LN = {};
+	LN.Effective_Line_Length = Effective_Line_Length;
+	LN.Create_Line_Numbers   = Create_Line_Numbers;
+	LN.Set_Line_Numbers		 = Set_Line_Numbers;
+	
+	return LN;
+
+}//end Line_Numbering() //***********************************
+
+
+
+Line_Numbers = Line_Numbering("line_numbers", "file_editor", "line_0", "line_1", "word_wrap_on", "word_wrap_off", "ww_options");
+
+
 Reset_file_status_indicators();
+
 </script>
 <?php
 }//end Edit_Page_scripts() //***************************************************
@@ -3821,7 +4070,7 @@ function pwun_event_scripts($form_id, $button_id, $pwun='') {//*****************
 <script>
 var $form          = document.getElementById('<?php echo $form_id ?>');
 var $submit_button = document.getElementById('<?php echo $button_id ?>');
-var $message_box   = document.getElementById('message_box');
+var $pwun_msg_box   = document.getElementById('message_box');
 var $thispage      = false; //Used to ignore keyup if keydown started on prior page.
 var $submitdown    = false; //Used in document.mouseup event
 
@@ -3841,7 +4090,7 @@ function events_down(event, capture_key) {
 	if (!event) {var event = window.event;} //if IE
 	$thispage = true; //Make sure keydown was on this page.
 	if ((event.type.substr(0,3) == 'key') && (event.keyCode != capture_key)) {return true;}
-	$message_box.innerHTML = '<div class="message_box_contents"><b><?php echo hsc($_['Working']) ?></b>';
+	$pwun_msg_box.innerHTML = '<div class="message_box_contents"><b><?php echo hsc($_['Working']) ?></b>';
 }
 
 
@@ -3862,7 +4111,7 @@ function events_up(event, capture_key) {
 
 	//if mousedown was on submit button, but mouseup wasn't, clear message.
 	var target = event.target || event.srcElement; //target = most brosers || IE
-	if ($submitdown && ($submit_button.id != target.id) ) { $message_box.innerHTML = ''; } 
+	if ($submitdown && ($submit_button.id != target.id) ) { $pwun_msg_box.innerHTML = ''; } 
 	$submitdown = false;
 }
 
@@ -3870,26 +4119,27 @@ function events_up(event, capture_key) {
 function pre_validate_pwun() {
 	var $pw = document.getElementById('password');
 
-	//These must exist for checks below.
-	var $username = $pw;    var $new1 = $pw;    var $new2 = $pw;
+	var $username = $pw;
+	var $new1 	  = $pw;
+	var $new2 	  = $pw;
 
 	if (document.getElementById('username')){
-		var $username = document.getElementById('username');
+		$username = document.getElementById('username');
 	}
 	if (document.getElementById('new1')){
-		var $new1 = document.getElementById('new1');
-		var $new2 = document.getElementById('new2');
+		$new1 = document.getElementById('new1');
+		$new2 = document.getElementById('new2');
 	}
 
 
 	//If any field is blank..
 	if (($username.value == '') || ($pw.value == '') || ($new1.value == '') || ($new2.value == '')) {
-		$message_box.innerHTML = '<div class="message_box_contents"><b><?php echo hsc($_['change_pw_07']) ?></b>';
+		$pwun_msg_box.innerHTML = '<div class="message_box_contents"><b><?php echo hsc($_['change_pw_07']) ?></b>';
 		return false;
 	}
 	//If new & confirm new values do not match...
 	if (trim($new1.value) != trim($new2.value)) {
-		$message_box.innerHTML = '<div class="message_box_contents"><b><?php echo hsc($_['change_pw_04']) ?></b>';
+		$pwun_msg_box.innerHTML = '<div class="message_box_contents"><b><?php echo hsc($_['change_pw_04']) ?></b>';
 		return false;
 	}
 	return true;
@@ -3948,14 +4198,15 @@ function style_sheet() {//******************************************************
 /* --- reset --- */
 * { border : 0; outline: 0; margin: 0; padding: 0;
     font-family: inherit; font-weight: inherit; font-style : inherit;
-    font-size  : 100%; vertical-align: baseline; outline: none; }
+    font-size  : 100%; vertical-align: baseline; box-sizing: border-box; }
 
+:before, :after { box-sizing: border-box; } /*not currently used anywhere, but you never know...*/
 
 /* --- general formatting --- */
 
 html { background: linear-gradient(170deg, white, rgb(50, 120,190)); background-attachment: fixed;}
 
-body { height: 100%; font-size: 1em; font-family: sans-serif; } 
+body { height: 100%; font-size: 1em; font-family: sans-serif; overflow-y: scroll; }
 
 p, table, ol { margin-bottom: .6em;}
 
@@ -3980,6 +4231,7 @@ function style_sheet() {//******************************************************
 input[type="text"]     { width: 100%; border: 1px solid #777; padding: 1px 1px 1px 0; font : 1em Courier; }
 input[type="password"] { width: 100%; border: 1px solid #777; padding: 0   1px 0   0; }
 input[type="file"]     { width: 100%; border: 1px solid #777; background-color: white; margin: 0; }
+input[type="radio"]    { margin: 0 1px 2px 3px; vertical-align: middle; cursor : pointer; }
 
 input[readonly]        { color: #333; background-color: #EEE; }
 input[disabled]        { color: #555; background-color: #EEE; }
@@ -4259,15 +4511,65 @@ function style_sheet() {//******************************************************
 
 .view_file { font: .9em Courier; background-color: #F8F8F8; }
 
+
+
+#wrapper_linenums_editor {
+	vertical-align	: top;
+	white-space		: nowrap;
+	padding			: 0px;
+	border			: none;
+	width		 	: 100%;
+}
+
+#line_numbers, #file_editor {
+	vertical-align	: top;
+	display			: inline-block;
+	white-space		: pre;
+	margin			: 0;
+	font			: normal .9em courier;
+}
+
+
+#line_numbers {
+	min-width	: 3.1em;  /* Must be wider than scroll-bar left-right arrows, or no scrollbar appears. */
+	padding		: 1px .3em 0 .2em;
+	border		: 1px solid #777;
+	background	: #ccc;
+	color		: #444;
+	overflow-y	: hidden;
+	overflow-x  : scroll;  /*This may be grayed out, but provides visual consistancy with #file_editor.*/
+	text-align	: right;
+}
+
+#line_0, #line_1 {margin: 0; display: inline-block; }
+
+.tab_size {
+	tab-size     : 8;
+	-o-tab-size  : 8;
+	-moz-tab-size: 8;
+}
+
 #file_editor {
-	border: 1px solid #999;
-	font  : .9em Courier;
-	margin: 0 0 .7em 0;
-	width : 99.8%;
-	height: 32em;
+	font  	  : .9em Courier;
+	border	  : 1px solid #777;
+	height	  : 40em;
+	width     : 96.6%;		/* compromise betweeen Normal and Wide views. May be dynamic someday. */
+	margin	  : 0 0 .7em 0;
+	padding   : 1px 0 0 3px;
+	overflow   : scroll;
+	word-break : break-all;
+	word-wrap  : normal;
+	white-space: pre-wrap;
+	resize     : none;
+	
+	color			: black; /* Default. May make themeable, along with background-color. */
+	
+	/* Set in Reset_file_status_indicators() and Check_for_changes() */
+	background-color: white;
 	}
 
-#file_editor:focus { border: 1px solid #000; }
+
+#file_editor:focus { border-color: #000; }
 
 .file_meta	{ float: left; margin-top: .6em; font-size: .95em; color: #222; }
 
@@ -4276,6 +4578,35 @@ function style_sheet() {//******************************************************
 .notes      { margin-bottom: .4em; }
 
 
+#ww_options {
+	display: inline-block;
+	height : 28px;  
+	padding: 5px 6px 0 7px;
+	border: solid 1px #777;
+	color  : black;
+	font-size  : .9em;
+	font-family: sans-serif;
+	background-color: #EEE;
+} 
+
+#ww_options:hover {background-color: rgb(255,250,150); border-color: black;}
+
+#ww_options > label {
+	padding: 0px 3px 0px 0em;
+	margin-left: .3em;
+	font-weight: normal;
+	border : 1px solid #777;
+	border-radius: 3px;
+	background-color: #EEE;
+}
+
+#ww_options > label:hover  { background-color: #DDD; border-color: #333; cursor : pointer; }
+
+
+
+
+
+
 /* --- log in --- */
 
 #login_page {
@@ -4368,8 +4699,6 @@ function style_sheet() {//******************************************************
 
 .edit_btns_bottom {float: right;}
 .edit_btns_bottom .button { margin-left: .7em; } /*Adjusted by langauge files*/
-.edit_btns_bottom .RCD { padding-left: 5px; padding-right: 6px; }
-.edit_btns_bottom svg  { padding : 0 4px 0 0; }
 
 input[type="text"]#new_name {width  : 50%; margin-bottom: .2em;}
 #new_location {border-left: none;}
@@ -4415,11 +4744,17 @@ function style_sheet() {//******************************************************
 
 
 function Language_and_config_adjusted_styles() {//******************************
-	global $_, $MAIN_WIDTH, $message, $page;
+	global $_, $MAIN_WIDTH, $MESSAGE, $page, $TAB_SIZE;
 ?>
 <style>
 #main { width: <?php echo $MAIN_WIDTH ?>; } /*Default 810px*/
 
+.tab_size {
+	tab-size     : <?php echo $TAB_SIZE ?>;
+	-o-tab-size  : <?php echo $TAB_SIZE ?>;
+	-moz-tab-size: <?php echo $TAB_SIZE ?>;
+}
+
 .button {
 	padding  : <?php echo $_['button_padding']   ?>; /*Default 4px 7px 4px 7px */
 	font-size: <?php echo $_['button_font_size'] ?>; /*Default .9em */
@@ -4437,7 +4772,8 @@ function Language_and_config_adjusted_styles() {//******************************
 .edit_btns_bottom .button {
 	margin-left: <?php echo $_['button_margin_L'] ?>; /*Default .7em*/
 	}
-	
+
+
 #select_all_label { font-size: <?php echo $_['select_all_label_size']?>; } /*Default .84em */
 #select_all_label { width: <?php echo $_['select_all_label_width']?>; }    /*Default 72px  */
 </style>
@@ -4448,7 +4784,7 @@ function Language_and_config_adjusted_styles() {//******************************
 
 
 function Load_style_sheet() {//*************************************************
-	global $CSS_FILE, $message;
+	global $CSS_FILE, $MESSAGE;
 
 	style_sheet(); //first load built-in defaults
 
@@ -4577,12 +4913,12 @@ function Load_style_sheet() {//*************************************************
 
 if ( ($page == "edit") && $WYSIWYG_VALID && $EDIT_WYSIWYG ) { include($WYSIWYG_PLUGIN_OS); }
 
-//Display any $message's
+//Display any $MESSAGE's
 echo '<script>';
 echo 'var $tabindex_xbox = '.$TABINDEX_XBOX.';'; //Used in Display_Messages()
-echo 'var $page    = "'.$page.'";';
-echo 'var $message = "'.addslashes($message).'";';
-	    //Cause $message's $X_box to take focus on these pages only.
+echo 'var $page = "'.$page.'";';
+echo '$MESSAGE += "'.addslashes($MESSAGE).'";'; //js version of $MESSAGE declared at top of common_scripts().
+	    //Cause $MESSAGE's $X_box to take focus on these pages only.
 echo 'if (($page == "index") || ($page == "edit")) {take_focus = 1}';
 echo 'else										   {take_focus = 0}';
 
@@ -4590,10 +4926,10 @@ function Load_style_sheet() {//*************************************************
 	//##### DO I NEED TO ACCOUNT FOR TIME RECEIVING & LOADING PAGE CLIENT SIDE?
 
 	//The setTimeout() delay should be greater than what is set for the Sort_and_Show() "working..." message.
-echo 'setTimeout("Display_Messages($message, take_focus)", '.$DELAY_final_messages.');';
+echo 'setTimeout("Display_Messages($MESSAGE, take_focus)", '.$DELAY_final_messages.');';
 echo '</script>';
 
-//start any timers (Yea, they could probably be put in a window.onload function or something...)
+//start any timers...
 if ($_SESSION['valid']) { echo Timeout_Timer($MAX_IDLE_TIME, 'timer0', 'LOGOUT'); }
 if ($page == 'edit')    { echo Timeout_Timer($MAX_IDLE_TIME, 'timer1', 'LOGOUT'); }
 if ($LOGIN_DELAYED > 0) { echo Timeout_Timer($LOGIN_DELAYED, 'timer0', ''); }
diff --git a/readme.markdown b/readme.markdown
index e1517c5..02cb2b7 100755
--- a/readme.markdown
+++ b/readme.markdown
@@ -10,7 +10,7 @@ With basic editing, upload, and file managing functions, OneFileCMS can maintain
 ![OneFileCMS](http://self-evident.github.com/OneFileCMS/images/OneFileCMS_screenshot.png)
 
 ###Edit screen:
-![OneFileCMS](http://self-evident.github.com/OneFileCMS/images/OneFileCMS_screenshot_edit.png)
+![OneFileCMS](http://self-evident.github.com/OneFileCMS/images/OFCMS_screenshot_edit.02.png)
 
 --------------------------------------------------------------------------------
 ## Contents:
@@ -34,7 +34,7 @@ With basic editing, upload, and file managing functions, OneFileCMS can maintain
 ## <a name=features></a>Features
  
 - All the basic file management features like renaming, moving, copying, deleting, and uploading.
-- A basic text editor.
+- A basic text editor with line numbers.
 - Sort directory listings by file name, extension, size, or date.
 - Keyboard navigation of directory list. (Arrows, Page Up/Down, Home, End)
 - A WYSIWYG editor may be added as a plugin.
@@ -66,9 +66,9 @@ You can also change the file name from "onefilecms.php" to something else, such
 - PHP 5.1+
   (Only tested on versions 5.2.8, 5.2.17, 5.3.3, and 5.4 + )
 - A Javascript enabled browser.
-- Most modern browsers probably work, but I only test on Firefox, Chrome, and IE 8.
+- Most modern browsers probably work, but I only test on Firefox and Chrome.
 - And if you wish to see the icons- a browser that supports inline SVG.  
-  (If your browser doesn't support inline SVG, OneFileCMS will still work, just without any icons.)
+  (If your browser doesn't support inline SVG, OneFileCMS will still work, but with text icons instead.)
 - File permission privileges on your host.
 
 --------------------------------------------------------------------------------
@@ -156,6 +156,7 @@ OneFileCMS can be easily configured to work with [TinyMCE](http://tinymce.moxiec
 
 - With Chrome, and possibly Safari, issue with Edit page: Clicking browser [back] & then browser [forward],  with file changed and not saved. On return (after [forward] clicked), file still has changes, but indicators are green (saved/unchanged). Does not affect FF 7+ or IE 8+.
 - Be aware that only some very basic data & error checking is performed.  (But, it's getting better...)  
+- With line numbering, word-wrap is now break-all (wraps in middle of words instead at nearest white-space as with break-word).
 - Anything else?
 
 --------------------------------------------------------------------------------

From e32d149056bc3204f960194379473b0600a86309 Mon Sep 17 00:00:00 2001
From: Self-Evident <selfevidenttruths@mail.com>
Date: Tue, 21 Jun 2016 22:15:00 -0400
Subject: [PATCH 203/228] Version 3.5.20 Fixed sporadic directory-won't-display
 issue: moved initial Sort_and_Show() to end of page. Fixed wrapping &
 line-numbering issue when toggling between wrap on & wrap off. Added
 line-numbers to read-only files also. (OFCMS || $too_large_to_edit) Added
 cookie for word_wrap. (now called line_wrap) Added (bytes) to Size header of
 file listing, and removed "B" suffix from sizes. In sort_DIRECTORY(), changed
 ternaries to if/thens.  Because simpler. Index Page: "Home" key now just goes
 to first row (../). On Edit Page, initial textarea cursor location set to
 start of file. Cursor postion/selection saved when toggling between
 Wide/Normal views, and Wrap on/off. Edit Page: Word Wrap now called Line
 Wrap, and switched from radio buttons to just a button to toggle wrap on/off.
 Tweeked X_box style. Adjusted/simplified some css for the index page buttons
 & all svg icons. Added $_['Line_Wrap'] to language files.

---
 languages/OneFileCMS.LANG.DE.php |  31 +--
 languages/OneFileCMS.LANG.EN.php |   9 +-
 languages/OneFileCMS.LANG.ES.php |  29 +--
 languages/OneFileCMS.LANG.NL.php |  33 +--
 languages/OneFileCMS.LANG.RU.php |  25 ++-
 onefilecms.php                   | 347 +++++++++++++++----------------
 6 files changed, 242 insertions(+), 232 deletions(-)

diff --git a/languages/OneFileCMS.LANG.DE.php b/languages/OneFileCMS.LANG.DE.php
index 8402984..f7af3f9 100755
--- a/languages/OneFileCMS.LANG.DE.php
+++ b/languages/OneFileCMS.LANG.DE.php
@@ -1,5 +1,5 @@
 <?php
-// OneFileCMS Language Settings v3.5.11
+// OneFileCMS Language Settings v3.5.20
 
 $_['LANGUAGE'] = 'Deutsch';
 $_['LANG'] = 'DE';
@@ -21,24 +21,24 @@
 $_['MCD_margin_R']           = '1.0em';   //[Move] [Copy] [Delete] buttons
 $_['button_font_size']       = '0.8em';   //Buttons on Edit page.
 $_['button_margin_L']        = '0.7em';
-$_['button_padding']         = '4px 4px'; //T&B L&R
+$_['button_padding']         = '4px 4px'; //T R B L
 $_['image_info_font_size']   = '.95em';   //show_img_msg_01  &  _02
 $_['image_info_pos']         = '1';       //If 1 or true, moves the info down a line for more space.
 $_['select_all_label_size']  = '.84em';   //Font size of $_['Select_All']
-$_['select_all_label_width'] = '76px';    //Width of space for $_['Select_All'] //Not used as of 3.4.23
+$_['select_all_label_width'] = '76px';    //Width of space for $_['Select_All']
 
 $_['HTML']    = 'HTML';
-$_['WYSIWYG'] = 'WYSIWYG'; //## NT ##
+$_['WYSIWYG'] = 'WYSIWYG';
 
 $_['Admin']    = 'Konfiguration';
-$_['bytes']    = 'bytes';   //## NT ##
+$_['bytes']    = 'Bytes';
 $_['Cancel']   = 'Abbrechen';
-$_['cancelled'] = 'cancelled'; //## NT ##
+$_['cancelled'] = 'abgebrochen';
 $_['Close']    = 'Schließen';
 $_['Copy']     = 'Erstellen';
 $_['Copied']   = 'Kopieren';
 $_['Create']   = 'Kopiert';
-$_['Date']     = 'Date';    //## NT ##
+$_['Date']     = 'Datum';
 $_['Delete']   = 'Löschen';
 $_['DELETE']   = 'LÖSCHEN';
 $_['Deleted']  = 'Gelöschte';
@@ -50,27 +50,28 @@
 $_['File']     = 'Datei';
 $_['files']    = 'files';   //## NT ##
 $_['Folder']   = 'Ordner';
-$_['folders']  = 'folders'; //## NT ##
+$_['folders']  = 'Verzeichnisse';
 $_['From']     = 'Von';
 $_['Hash']     = 'Streuwert';
 $_['Move']     = 'Verschieben';
 $_['Moved']    = 'Verschoben';
-$_['Name']     = 'Name';    //## NT ##
+$_['Name']     = 'Name';
 $_['on']       = 'läuft unter';
+$_['off']      = 'aus';
 $_['Password'] = 'Passwort';
 $_['Rename']   = 'Umbenennen';
 $_['reset']    = 'Zurücksetzen';
 $_['save_1']   = 'Speichern';
 $_['save_2']   = 'ÄNDERUNGEN SPEICHERN';
-$_['Size']     = 'Size';    //## NT ##
+$_['Size']     = 'Größe';
 $_['Source']   = 'Source';  //## NT ##
 $_['successful'] = 'Erfolgreich';
 $_['To']       = 'Auf';
 $_['Upload']   = 'Heraufladen';
 $_['Username'] = 'Benutzername';
-$_['View']     = 'View';    //## NT ##
-$_['Working']  = 'Working - please wait...'; //## NT ##
+$_['View']     = 'Aussicht';
 
+$_['Working']      = 'Working - please wait...'; //## NT ##
 $_['Log_In']       = 'Anmelden';
 $_['Log_Out']      = 'Abmelden';
 $_['Admin_Options'] = 'Konfiguration Optionen';
@@ -80,6 +81,8 @@
 $_['Edit_View']    = 'Datei Bearbeiten / Ansicht';
 $_['Wide_View']    = 'Breitenadaptierte Ansicht';
 $_['Normal_View']  = 'Normale Ansicht';
+$_['Word_Wrap']    = 'Word Wrap'; //## NT ##
+$_['Line_Wrap']    = 'Line Wrap'; //## NT ##
 $_['Upload_File']  = 'Datei heraufladen';
 $_['New_File']     = 'Neuer Datei';
 $_['Ren_Move']     = 'Umbenennen / Verschieben';
@@ -168,8 +171,8 @@
 $_['upload_txt_06'] = 'Umbenennen (Auf filename.ext.001 etc...)';
 $_['upload_txt_07'] = 'Überschreiben';
 
-$_['upload_err_01'] = 'Error 1: Datei zu groß. Von php.ini:';
-$_['upload_err_02'] = 'Error 2: Datei zu groß. (MAX_FILE_SIZE HTML form element)';
+$_['upload_err_01'] = 'Fehler 1: Datei zu groß. Von php.ini:';
+$_['upload_err_02'] = 'Fehler 2: Datei zu groß. (MAX_FILE_SIZE HTML form element)';
 $_['upload_err_03'] = 'Fehler 3: Die Datei wurde nur teilweise heraufgeladen.';
 $_['upload_err_04'] = 'Fehler 4: Es wurde keine Datei heraufgeladen.';
 $_['upload_err_05'] = 'Fehler 5:';
diff --git a/languages/OneFileCMS.LANG.EN.php b/languages/OneFileCMS.LANG.EN.php
index 9f282d1..a5ad942 100755
--- a/languages/OneFileCMS.LANG.EN.php
+++ b/languages/OneFileCMS.LANG.EN.php
@@ -1,5 +1,5 @@
 <?php
-// OneFileCMS Language Settings v3.5.19
+// OneFileCMS Language Settings v3.5.20
 
 $_['LANGUAGE'] = 'English';
 $_['LANG'] = 'EN';
@@ -11,7 +11,7 @@
 // Remember to slash-escape any single quotes that may be within the text:  \'
 // The back-slash itself may or may not also need to be escaped:  \\
 //
-// If present as a trailing comment, "## NT ##" means 'Needs Translation'.
+// If present as a trailing comment, "## NT ##" means 'Need Translation'.
 //
 // These first few settings control a few font and layout settings.
 // In some instances, some langauges may use significantly longer words or phrases than others.
@@ -33,7 +33,7 @@
 $_['Admin']    = 'Admin';
 $_['bytes']    = 'bytes';
 $_['Cancel']   = 'Cancel';
-$_['cancelled'] = 'cancelled'; //## NT ## as of 3.5.07
+$_['cancelled'] = 'cancelled';
 $_['Close']    = 'Close';
 $_['Copy']     = 'Copy';
 $_['Copied']   = 'Copied';
@@ -57,7 +57,7 @@
 $_['Moved']    = 'Moved';
 $_['Name']     = 'Name';
 $_['on']       = 'on';
-$_['off']      = 'off';     //## NT ## as of 3.5.19
+$_['off']      = 'off';
 $_['Password'] = 'Password';
 $_['Rename']   = 'Rename';
 $_['reset']    = 'Reset';
@@ -82,6 +82,7 @@
 $_['Wide_View']    = 'Wide View';
 $_['Normal_View']  = 'Normal View';
 $_['Word_Wrap']    = 'Word Wrap'; //## NT ## as of 3.5.19
+$_['Line_Wrap']    = 'Line Wrap'; //## NT ## as of 3.5.20
 $_['Upload_File']  = 'Upload File';
 $_['New_File']     = 'New File';
 $_['Ren_Move']     = 'Rename / Move';
diff --git a/languages/OneFileCMS.LANG.ES.php b/languages/OneFileCMS.LANG.ES.php
index a8d1950..d6320d6 100755
--- a/languages/OneFileCMS.LANG.ES.php
+++ b/languages/OneFileCMS.LANG.ES.php
@@ -1,5 +1,5 @@
 <?php
-// OneFileCMS Language Settings v3.5.11
+// OneFileCMS Language Settings v3.5.20
 
 $_['LANGUAGE'] = 'Espanõla';
 $_['LANG'] = 'ES';
@@ -21,56 +21,57 @@
 $_['MCD_margin_R']           = '1.0em';   //[Move] [Copy] [Delete] buttons
 $_['button_font_size']       = '0.9em';   //Buttons on Edit page.
 $_['button_margin_L']        = '0.7em';
-$_['button_padding']         = '4px 4px'; //T&B L&R
+$_['button_padding']         = '4px 4px'; //T R B L
 $_['image_info_font_size']   = '.95em';   //show_img_msg_01  &  _02
 $_['image_info_pos']         = ' ';       //If 1 or true, moves the info down a line for more space.
 $_['select_all_label_size']  = '.84em';   //Font size of $_['Select_All']
-$_['select_all_label_width'] = '110px';   //Width of space for $_['Select_All'] //Not used as of 3.4.23
+$_['select_all_label_width'] = '110px';   //Width of space for $_['Select_All']
 
 $_['HTML']    = 'HTML';
 $_['WYSIWYG'] = 'WYSIWYG'; //## NT ##
 
 $_['Admin']    = 'Administrador';
-$_['bytes']    = 'bytes';   //## NT ##
+$_['bytes']    = 'bytes';
 $_['Cancel']   = 'Cancelar';
-$_['cancelled'] = 'cancelled'; //## NT ##
+$_['cancelled'] = 'cancelado';
 $_['Close']    = 'Cerrar';
 $_['Copy']     = 'Copiar';
 $_['Copied']   = 'Copiado';
 $_['Create']   = 'Crear';
-$_['Date']     = 'Date';    //## NT ##
+$_['Date']     = 'Fecha';
 $_['Delete']   = 'Eliminar';
 $_['DELETE']   = 'ELIMINAR';
 $_['Deleted']  = 'Eliminado';
 $_['Edit']     = 'Editar';
 $_['Enter']    = 'Entrar';
-$_['Error']    = 'Error';   //## NT ##
+$_['Error']    = 'Error';
 $_['errors']   = 'errores';
 $_['ext']      = 'ext';
 $_['File']     = 'Archivo';
-$_['files']    = 'files';   //## NT ##
+$_['files']    = 'archivos';
 $_['Folder']   = 'Carpeta';
-$_['folders']  = 'folders'; //## NT ##
+$_['folders']  = 'carpetas';
 $_['From']     = 'de';
 $_['Hash']     = 'Cadena';
 $_['Move']     = 'Mover';
 $_['Moved']    = 'Movido';
-$_['Name']     = 'Name';    //## NT ##
+$_['Name']     = 'Nombre ';
 $_['on']       = 'activado';
+$_['off']      = 'apagar';
 $_['Password'] = 'contraseña';
 $_['Rename']   = 'Renombrar';
 $_['reset']    = 'Reiniciar';
 $_['save_1']   = 'Guardar';
 $_['save_2']   = '¡GUARDAR CAMBIOS';
-$_['Size']     = 'Size';    //## NT ##
+$_['Size']     = 'Tamaño';
 $_['Source']   = 'Source';  //## NT ##
 $_['successful'] = 'satisfactoriamente';
 $_['To']       = 'Hacia';
 $_['Upload']   = 'Subir';
 $_['Username'] = 'Usuario';
-$_['View']     = 'View';    //## NT ##
-$_['Working']  = 'Working - please wait...'; //## NT ##
+$_['View']     = 'Ver';
 
+$_['Working']      = 'Working - please wait...'; //## NT ##
 $_['Log_In']       = 'Iniciar Sesión';
 $_['Log_Out']      = 'Cerrar Sesión';
 $_['Admin_Options'] = 'Opciones de Administración';
@@ -80,6 +81,8 @@
 $_['Edit_View']    = 'Editar / Ver Archivo';
 $_['Wide_View']    = 'Vista Ampliada';
 $_['Normal_View']  = 'Vista Normal';
+$_['Word_Wrap']    = 'Word Wrap'; //## NT ##
+$_['Line_Wrap']    = 'Line Wrap'; //## NT ##
 $_['Upload_File']  = 'Subir Archivo';
 $_['New_File']     = 'Archivo Nuevo';
 $_['Ren_Move']     = 'Renombrar / Mover';
diff --git a/languages/OneFileCMS.LANG.NL.php b/languages/OneFileCMS.LANG.NL.php
index 6d5050f..e79280d 100755
--- a/languages/OneFileCMS.LANG.NL.php
+++ b/languages/OneFileCMS.LANG.NL.php
@@ -1,5 +1,5 @@
 <?php
-// OneFileCMS Language Settings v3.5.11
+// OneFileCMS Language Settings v3.5.20
 
 $_['LANGUAGE'] = 'Nederlands (Dutch)';
 $_['LANG'] = 'NL';
@@ -21,24 +21,24 @@
 $_['MCD_margin_R']           = '1.0em';   //[Move] [Copy] [Delete] buttons
 $_['button_font_size']       = '0.8em';   //Buttons on Edit page.
 $_['button_margin_L']        = '0.7em';
-$_['button_padding']         = '4px 3px'; //T&B L&R
+$_['button_padding']         = '4px 3px'; //T R B L
 $_['image_info_font_size']   = '1em';     //show_img_msg_01  &  _02
 $_['image_info_pos']         = '';        //If 1 or true, moves the info down a line for more space.
 $_['select_all_label_size']  = '.84em';   //Font size of $_['Select_All']
-$_['select_all_label_width'] = '90px';    //Width of space for $_['Select_All'] //Not used as of 3.4.23
+$_['select_all_label_width'] = '90px';    //Width of space for $_['Select_All']
 
 $_['HTML']    = 'HTML';
-$_['WYSIWYG'] = 'WYSIWYG'; //## NT ##
+$_['WYSIWYG'] = 'WYSIWYG';
 
 $_['Admin']    = 'Beheer';
-$_['bytes']    = 'bytes';   //## NT ##
+$_['bytes']    = 'bytes';
 $_['Cancel']   = 'Annuleren';
-$_['cancelled'] = 'cancelled'; //## NT ##
+$_['cancelled'] = 'geannuleerd';
 $_['Close']    = 'Sluiten';
 $_['Copy']     = 'Kopiëren';
 $_['Copied']   = 'Gekopiëerd';
 $_['Create']   = 'Aanmaken';
-$_['Date']     = 'Date';    //## NT ##
+$_['Date']     = 'Datum';
 $_['Delete']   = 'Verwijderen';
 $_['DELETE']   = 'VERWIJDER';
 $_['Deleted']  = 'Verwijderd';
@@ -48,29 +48,30 @@
 $_['errors']   = 'fouten';
 $_['ext']      = 'ext';
 $_['File']     = 'Bestand';
-$_['files']    = 'files';   //## NT ##
+$_['files']    = 'bestanden';
 $_['Folder']   = 'Map';
-$_['folders']  = 'folders'; //## NT ##
+$_['folders']  = 'mappen';
 $_['From']     = 'Van';
-$_['Hash']     = 'Hash';    //## NT ##
+$_['Hash']     = 'Hash';
 $_['Move']     = 'Verplaats';
 $_['Moved']    = 'Verplaatst';
-$_['Name']     = 'Name';    //## NT ##
-$_['on']       = 'on';      //## NT ##
+$_['Name']     = 'Naam';
+$_['on']       = 'aan';
+$_['off']      = 'uit';
 $_['Password'] = 'Wachtwoord';
 $_['Rename']   = 'Hernoemen';
 $_['reset']    = 'Reset';   //## NT ##
 $_['save_1']   = 'Opslaan';
 $_['save_2']   = 'WIJZIGINGEN OPSLAAN';
-$_['Size']     = 'Size';    //## NT ##
+$_['Size']     = 'Grootte';
 $_['Source']   = 'Source';  //## NT ##
 $_['successful'] = 'succesvol';
 $_['To']       = 'Aan';
 $_['Upload']   = 'Upload';  //## NT ##
 $_['Username'] = 'Gebruikersnaam';
-$_['View']     = 'View';    //## NT ##
-$_['Working']  = 'Working - please wait...'; //## NT ##
+$_['View']     = 'Uitzicht';
 
+$_['Working']      = 'Working - please wait...'; //## NT ##
 $_['Log_In']       = 'Inloggen';
 $_['Log_Out']      = 'Uitloggen';
 $_['Admin_Options'] = 'Opties voor beheer';
@@ -80,6 +81,8 @@
 $_['Edit_View']    = 'Bewerken / weergeven';
 $_['Wide_View']    = 'Wijd Gezichtsveld';
 $_['Normal_View']  = 'Normaal Gezichtsveld';
+$_['Word_Wrap']    = 'Word Wrap'; //## NT ##
+$_['Line_Wrap']    = 'Line Wrap'; //## NT ##
 $_['Upload_File']  = 'Bestand Uploaden';
 $_['New_File']     = 'Nieuw Bestand';
 $_['Ren_Move']     = 'Hernoemen / Verplaatsen';
diff --git a/languages/OneFileCMS.LANG.RU.php b/languages/OneFileCMS.LANG.RU.php
index 61b9a5e..08e8c83 100755
--- a/languages/OneFileCMS.LANG.RU.php
+++ b/languages/OneFileCMS.LANG.RU.php
@@ -1,5 +1,5 @@
 <?php
-// OneFileCMS Language Settings v3.5.11
+// OneFileCMS Language Settings v3.5.20
 
 $_['LANGUAGE'] = 'Russian';
 $_['LANG'] = 'RU';
@@ -25,20 +25,20 @@
 $_['image_info_font_size']   = '1em';     //show_img_msg_01  &  _02
 $_['image_info_pos']         = '';        //If 1 or true, moves the info down a line for more space.
 $_['select_all_label_size']  = '.84em';   //Font size of $_['Select_All']
-$_['select_all_label_width'] = '72px';    //Width of space for $_['Select_All'] //Not used as of 3.4.23
+$_['select_all_label_width'] = '72px';    //Width of space for $_['Select_All']
 
 $_['HTML']    = 'HTML';
-$_['WYSIWYG'] = 'WYSIWYG'; //## NT ##
+$_['WYSIWYG'] = 'WYSIWYG';
 
 $_['Admin']    = 'Админка';
 $_['bytes']    = 'байт';
 $_['Cancel']   = 'Отмена';
-$_['cancelled'] = 'cancelled'; //## NT ##
+$_['cancelled'] = 'отменен';
 $_['Close']    = 'Закрыть';
 $_['Copy']     = 'Копия';
 $_['Copied']   = 'Копировать';
 $_['Create']   = 'Создать';
-$_['Date']     = 'Date';    //## NT ##
+$_['Date']     = 'Дата';
 $_['Delete']   = 'Удалить';
 $_['DELETE']   = 'УДАЛИТЬ';
 $_['Deleted']  = 'Удалено';
@@ -48,29 +48,30 @@
 $_['errors']   = 'ошибки';
 $_['ext']      = 'ext';
 $_['File']     = 'Файл';
-$_['files']    = 'files';   //## NT ##
+$_['files']    = 'файлы';
 $_['Folder']   = 'Папка';
-$_['folders']  = 'folders'; //## NT ##
+$_['folders']  = 'папки';
 $_['From']     = 'из';
 $_['Hash']     = 'Хэш';
 $_['Move']     = 'Переместить';
 $_['Moved']    = 'Перемещено';
-$_['Name']     = 'Name';    //## NT ##
+$_['Name']     = 'имя';
 $_['on']       = 'в';
+$_['off']      = 'от';
 $_['Password'] = 'Пароль';
 $_['Rename']   = 'Rename';  //## NT ##
 $_['reset']    = 'Сбросить';
 $_['save_1']   = 'Сохранить';
 $_['save_2']   = 'СОХРАНИТЬ ИЗМЕНЕНИЯ';
-$_['Size']     = 'Size';    //## NT ##
+$_['Size']     = 'Размер';
 $_['Source']   = 'Source';  //## NT ##
 $_['successful'] = 'успешно';
 $_['To']       = 'В';
 $_['Upload']   = 'Загрузить';
 $_['Username'] = 'Логин';
-$_['View']     = 'View';    //## NT ##
-$_['Working']  = 'Working - please wait...'; //## NT ##
+$_['View']     = 'вид';
 
+$_['Working']      = 'Working - please wait...'; //## NT ##
 $_['Log_In']       = 'Войти';
 $_['Log_Out']      = 'Выйти';
 $_['Admin_Options'] = 'Настройки Администратора';
@@ -80,6 +81,8 @@
 $_['Edit_View']    = 'Ред. / Смотреть';
 $_['Wide_View']    = 'Широкий Обзор';
 $_['Normal_View']  = 'Нормальный Обзор';
+$_['Word_Wrap']    = 'Word Wrap'; //## NT ##
+$_['Line_Wrap']    = 'Line Wrap'; //## NT ##
 $_['Upload_File']  = 'Загрузить файл';
 $_['New_File']     = 'Новый файл';
 $_['Ren_Move']     = 'Переименовать / Переместить';
diff --git a/onefilecms.php b/onefilecms.php
index 9447562..4a8ff7b 100755
--- a/onefilecms.php
+++ b/onefilecms.php
@@ -2,7 +2,7 @@
 
 // OneFileCMS - github.com/Self-Evident/OneFileCMS
 
-$OFCMS_version = '3.5.19';
+$OFCMS_version = '3.5.20';
 
 
 
@@ -17,8 +17,9 @@
 ini_set('display_errors', 'on');
 ini_set('log_errors'    , 'off');
 ini_set('error_log'     , $_SERVER['SCRIPT_FILENAME'].'.ERROR.log');
-//Determine good folder for session file? Default is tmp/, which is not secure, but it may not be a serious concern.
-//session_save_path($safepath)  or  ini_set('session.save_path', $safepath)
+//
+//Determine good folder for session file. Default is /tmp/, which is not secure.
+//session_save_path('/home/content/username/tmp/'); //##### or:  ini_set('session.save_path', 'some_safe_path')
 //******************************************************************************
 
 
@@ -101,10 +102,10 @@
 $MAIN_WIDTH    = '810px'; //Width of main <div> defining page layout.          Can be px, pt, em, or %.  Assumes px otherwise.
 $WIDE_VIEW_WIDTH = '97%'; //Width to set Edit page if [Wide View] is clicked.  Can be px, pt, em, or %.  Assumes px otherwise.
 
-$WORD_WRAP = "on"; //"on" or (anything else) =="off".  Word-wrap state on page load of edit page. Once on page, word-wrap can toggle on/off.
+$LINE_WRAP = "on"; //"on", or (anything else) = "off".  Default for edit page. Once on page, line-wrap can toggle on/off.
 $TAB_SIZE  = 8;    //Some browsers recognize a css tab-size. Some don't.  If your's doesn't, LEAVE AT 8.  (IE/Edge, as of mid-2016)
 
-$MAX_EDIT_SIZE = 200000;  // Edit gets flaky with large files in some browsers.  Trial and error your's.
+$MAX_EDIT_SIZE = 210000;  // Edit gets flaky with large files in some browsers.  Trial and error your's.
 $MAX_VIEW_SIZE = 1000000; // If file > $MAX_EDIT_SIZE, don't even view in OneFileCMS.
                           // The default max view size is completely arbitrary. Basically, it was 2am, and seemed like a good idea at the time.
 
@@ -315,7 +316,7 @@ function System_Setup() {//*****************************************************
 
 function Default_Language() { // ***********************************************
 	global $_;
-// OneFileCMS Language Settings v3.5.19
+// OneFileCMS Language Settings v3.5.20
 
 $_['LANGUAGE'] = 'English';
 $_['LANG'] = 'EN';
@@ -395,6 +396,7 @@ function Default_Language() { // ***********************************************
 $_['Wide_View']      = 'Wide View';
 $_['Normal_View']    = 'Normal View';
 $_['Word_Wrap']	 	 = 'Word Wrap';	//## NT ## as of 3.5.19
+$_['Line_Wrap']	 	 = 'Line Wrap';	//## NT ## as of 3.5.20
 $_['Upload_File']    = 'Upload File';
 $_['New_File']       = 'New File';
 $_['Ren_Move']       = 'Rename / Move';
@@ -1314,7 +1316,7 @@ function icon_txt($border='#333', $lines='#000', $fill='#FFF', $extra1="", $extr
 
 
 	function icon_folder($extra = "") {//**********************************
-		return '<svg version="1.1" width="18" height="16"><g transform="translate(0,2)">'.
+		return '<svg version="1.1" width="18" height="14"><g transform="translate(0,0)">'.
 			'<path  d="M0.5, 1  L8,1  L9,2  L9,3  L16.5,3  L17,3.5  L17,13.5  L.5,13.5  L.5,.5" '.
 				'fill="#F0CD28" stroke="rgb(200,170,15)" stroke-width="1" />'.
 			'<path  d="M1.5, 8  L7, 8  L8.5,6.3  L16,6.3  L7.5, 6.3   L6.5,7.5  L1.5,7.5" '.
@@ -1383,8 +1385,8 @@ function icon_folder($extra = "") {//**********************************
 	$ICONS['file_new']   = icon_txt('#444', 'black', 'white', $extra_new);
 	$ICONS['ren_mov'] = icon_folder('<g transform="translate(2.5,3)">'.$pencil.'</g>'.$arc_arrow);
 	$ICONS['move']    = icon_folder($arc_arrow);
-	$ICONS['copy']    = '<svg version="1.1" width="12" height="12"><g transform="translate(1,1)">'.$circle_plus_rev.'</g></svg>';
-	$ICONS['delete']  = '<svg version="1.1" width="12" height="12"><g transform="translate(1,1)">'.$circle_x.'</g></svg>';
+	$ICONS['copy']    = '<svg version="1.1" width="12" height="14"><g transform="translate(1,2)">'.$circle_plus_rev.'</g></svg>';
+	$ICONS['delete']  = '<svg version="1.1" width="12" height="14"><g transform="translate(1,2)">'.$circle_x.'</g></svg>';
 	$ICONS['up_dir']  = icon_folder('<g transform="scale(1.1) translate(1.75,2) rotate(-45, 5, 5)">'.$up_arrow.'</g>');
 
 	if (!supports_svg()) { //Text "icons" if SVG not supported.  Mostly for IE < 9
@@ -1839,7 +1841,7 @@ function Create_Table_for_Listing() {//*****************************************
 		<a tabindex=<?php echo $TABINDEX++?>     href="#" id=header_filename><?php echo hsc($_['Name']) ?></a>
 		<?php $TABINDEX++ // ?>
 	</th>
-	<th class=file_size><a tabindex=<?php echo $TABINDEX++?> href="#" id=header_filesize><?php echo hsc($_['Size']) ?></a></th>
+	<th class=file_size><a tabindex=<?php echo $TABINDEX++?> href="#" id=header_filesize><?php echo hsc($_['Size']." (".$_['bytes'].")") ?></a></th>
 	<th class=file_time><a tabindex=<?php echo $TABINDEX++?> href="#" id=header_filedate><?php echo hsc($_['Date']) ?></a></th>
 	</tr>
 
@@ -1936,7 +1938,7 @@ function Get_DIRECTORY_DATA($raw_list) {//**************************************
 
 
  
-function Send_data_to_js_and_display() {//**************************************
+function Send_directory_data_to_js() {//****************************************
 	global $DIRECTORY_DATA, $DIRECTORY_COUNT;
 	//"send" DIRECTORY_DATA to javascript.
 	$data_for_js = "<script>\n";
@@ -1945,24 +1947,23 @@ function Send_data_to_js_and_display() {//**************************************
 	for ($x = 0; $x < $DIRECTORY_COUNT; $x++) {
 		$filename = $DIRECTORY_DATA[$x][1];
 		if ( ($filename != '.') && ($filename != '..') ) {; // skip . & ..
-			$data_for_js .= 'DIRECTORY_DATA['.$row++.'] = new Array(';
-			$data_for_js .= ' "'.     $DIRECTORY_DATA[$x][0].'"';	// "type"
-			$data_for_js .= ',"'.     addslashes($DIRECTORY_DATA[$x][1]).'"';	// "file name"
-			$data_for_js .= ', '.     $DIRECTORY_DATA[$x][2];		// filesize
-			$data_for_js .= ', '.     $DIRECTORY_DATA[$x][3];		// timestamp
-			$data_for_js .= ', '.     $DIRECTORY_DATA[$x][4];		// is_ofcms
-			$data_for_js .= ',"'.     addslashes($DIRECTORY_DATA[$x][5]).'"';	// "ext"
-			$data_for_js .= ");\n";
+			$data_for_js .= 'DIRECTORY_DATA['.$row++.'] = [';
+			$data_for_js .= '"'  .$DIRECTORY_DATA[$x][0].'"';				// "type"
+			$data_for_js .= ', "'.addslashes($DIRECTORY_DATA[$x][1]).'"';	// "file name"
+			$data_for_js .= ', ' .$DIRECTORY_DATA[$x][2];					// filesize
+			$data_for_js .= ', ' .$DIRECTORY_DATA[$x][3];					// timestamp
+			$data_for_js .= ', ' .$DIRECTORY_DATA[$x][4];					// is_ofcms
+			$data_for_js .= ', "'.addslashes($DIRECTORY_DATA[$x][5]).'"';	// "ext"
+			$data_for_js .= "];\n";
 		}//end skip . & ..
 	}//end for x
 
-	//Initial sort & display of the directory, by (filename, ascending).
 	$data_for_js .= "var DIRECTORY_ITEMS = DIRECTORY_DATA.length;\n";
-	$data_for_js .= 'Sort_and_Show();'."\n";
 
 	$data_for_js .= "</script>\n";
 	echo $data_for_js;
-}//end Send_data_to_js_and_display() {//****************************************
+
+}//end Send_directory_data_to_js() {//******************************************
 
 
 
@@ -1977,16 +1978,16 @@ function Index_Page_buttons_top($file_count) {//********************************
 		$onclick_m = 'onclick="Confirm_Submit( \'move\');   "';
 		$onclick_c = 'onclick="Confirm_Submit( \'copy\');   "';
 		$onclick_d = 'onclick="Confirm_Submit( \'delete\' );"';
-		echo '<button id=b1 tabindex='.$TABINDEX++.' type=button '.$onclick_m.'>'.$ICONS['move'  ].'&nbsp;'.hsc($_['Move']  )."</button\n>";
-		echo '<button id=b2 tabindex='.$TABINDEX++.' type=button '.$onclick_c.'>'.$ICONS['copy'  ].'&nbsp;'.hsc($_['Copy']  )."</button\n>";
-		echo '<button id=b3 tabindex='.$TABINDEX++.' type=button '.$onclick_d.'>'.$ICONS['delete'].'&nbsp;'.hsc($_['Delete'])."</button\n>";
+		echo '<button id=b1 tabindex='.$TABINDEX++.' type=button '.$onclick_m.'>'.$ICONS['move'  ].hsc($_['Move']  )."</button\n>";
+		echo '<button id=b2 tabindex='.$TABINDEX++.' type=button '.$onclick_c.'>'.$ICONS['copy'  ].hsc($_['Copy']  )."</button\n>";
+		echo '<button id=b3 tabindex='.$TABINDEX++.' type=button '.$onclick_d.'>'.$ICONS['delete'].hsc($_['Delete'])."</button\n>";
 	}
 	echo '</div>'."\n"; //end mcd_submit
 
 	echo '<div class="front_links">'."\n";
-		echo '<a id=b4 tabindex='.$TABINDEX++.' href="'.$ONESCRIPT.$param1.'&amp;p=newfolder">'.$ICONS['folder_new'].'&nbsp;'.hsc($_['New_Folder']) .'</a>';
-		echo '<a id=b5 tabindex='.$TABINDEX++.' href="'.$ONESCRIPT.$param1.'&amp;p=newfile">'  .$ICONS['file_new']  .'&nbsp;'.hsc($_['New_File'])   .'</a>';
-		echo '<a id=b6 tabindex='.$TABINDEX++.' href="'.$ONESCRIPT.$param1.'&amp;p=upload">'   .$ICONS['upload']    .'&nbsp;'.hsc($_['Upload_File']).'</a>';
+		echo '<a id=b4 tabindex='.$TABINDEX++.' href="'.$ONESCRIPT.$param1.'&amp;p=newfolder">'.$ICONS['folder_new'].hsc($_['New_Folder']) .'</a>';
+		echo '<a id=b5 tabindex='.$TABINDEX++.' href="'.$ONESCRIPT.$param1.'&amp;p=newfile">'  .$ICONS['file_new']  .hsc($_['New_File'])   .'</a>';
+		echo '<a id=b6 tabindex='.$TABINDEX++.' href="'.$ONESCRIPT.$param1.'&amp;p=upload">'   .$ICONS['upload']    .hsc($_['Upload_File']).'</a>';
 	echo '</div>'; //end front_links
 	
 	echo '</div>'."\n"; //end index_page_buttons
@@ -2015,7 +2016,7 @@ function Index_Page() {//*******************************************************
 	echo "</form>\n";
 
 	Index_Page_scripts();
-	Send_data_to_js_and_display();
+	Send_directory_data_to_js();
 	Index_Page_events();
 }//end Index_Page() //**********************************************************
 
@@ -2050,6 +2051,7 @@ function Edit_Page_buttons_top($text_editable,$file_ENC) {//********************
 
 	//[Close] button
 	$close_button = '<button type=button id=close1 class=button>'.hsc($_['Close']).'</button>';
+
 ?>
 	<div class="edit_btns_top">
 		<div class="file_meta">
@@ -2111,7 +2113,15 @@ function RCD_button($action, $icon, $label) {//***************
 //******************************************************************************
 function Edit_Page_form($ext, $text_editable, $too_large_to_edit, $too_large_to_view, $file_ENC){
 	global $_, $ONESCRIPT, $param1, $param2, $param3, $filename, $filename_OS, $ITYPES, $INPUT_NUONCE, $EX, $MESSAGE, 
-		   $FILECONTENTS, $WYSIWYG_VALID, $EDIT_WYSIWYG, $IS_OFCMS, $MAX_EDIT_SIZE, $MAX_VIEW_SIZE, $WORD_WRAP;
+		   $FILECONTENTS, $WYSIWYG_VALID, $EDIT_WYSIWYG, $IS_OFCMS, $MAX_EDIT_SIZE, $MAX_VIEW_SIZE, $LINE_WRAP;
+
+	//Line-wrap on or off?  $LINE_WRAP default value set in configuration section.
+	//Used to set initial value of on/off button below textarea. A default value is in config section.
+	if (isset($_COOKIE['line_wrap'])) {
+		if (($_COOKIE['line_wrap'] === "on") || ($_COOKIE['line_wrap'] === "off")) {
+			$LINE_WRAP = $_COOKIE['line_wrap'];
+		}
+	}
 
 	$too_large_to_edit_message =
 		'<b>'.hsc($_['too_large_to_edit_01']).' '.number_format($MAX_EDIT_SIZE).' '.hsc($_['bytes']).'</b><br>'.
@@ -2121,19 +2131,25 @@ function Edit_Page_form($ext, $text_editable, $too_large_to_edit, $too_large_to_
 		'<b>'.hsc($_['too_large_to_view_01']).' '.number_format($MAX_VIEW_SIZE).' '.hsc($_['bytes']).'</b><br>'.
 		hsc($_['too_large_to_view_02']).'<br>'.hsc($_['too_large_to_view_03']).'<br>';
 
-	echo '<form id="edit_form" name="edit_form" method="post" action="'.$ONESCRIPT.$param1.$param2.$param3.'">';
+	echo '<form id=edit_form name=edit_form method=post action="'.$ONESCRIPT.$param1.$param2.$param3.'">';
 		
 		echo $INPUT_NUONCE;
 		
 		Edit_Page_buttons_top($text_editable, $file_ENC);
 		
 		if ( !in_array( mb_strtolower($ext), $ITYPES) ) { //If non-image...
+			
+			//Did htmlspecialchars return an empty string from a non-empty file?
+			$bad_chars = ( ($FILECONTENTS == "") && (filesize($filename_OS) > 0) );
+			
+			if     (!$text_editable) { $MESSAGE .= hsc($_['edit_txt_01']).'<br><br>'; }
+			elseif ( $text_editable && $too_large_to_view ) {
+				echo '<p class="message_box_contents">'.$too_large_to_view_message.'</p>';
+			} else {
 				
-			if     (!$text_editable)      { $MESSAGE .= hsc($_['edit_txt_01']).'<br><br>'; }
-			elseif ( $too_large_to_edit ) { $MESSAGE .= $too_large_to_edit_message; }
-			elseif (!$IS_OFCMS) {
-				//Did htmlspecialchars return an empty string from a non-empty file?
-				$bad_chars = ( ($FILECONTENTS == "") && (filesize($filename_OS) > 0) );
+				if ($IS_OFCMS || $too_large_to_edit) {$readonly = "readonly";} else {$readonly = "";}
+				
+				if ( $too_large_to_edit ) { $MESSAGE .= $too_large_to_edit_message; }
 				
 				if ($bad_chars){ //Show message: may be a bad character in file
 					echo '<pre class="edit_disabled">'.$EX.hsc($_['edit_txt_02']).'<br>';
@@ -2141,28 +2157,19 @@ function Edit_Page_form($ext, $text_editable, $too_large_to_edit, $too_large_to_
 					echo hsc($_['edit_txt_04']).'<br></pre>'."\n";
 				}else{          //show editable <textarea>
 					
-					$ww_on_checked = $ww_off_checked = "";
-					if ($WORD_WRAP == "on") {$ww_on_checked = "checked";} else {$ww_off_checked = "checked";}
-					
 					//<input name=filename> is used only to signal an Edit_response().
-					echo '<input type="hidden" name="filename" value="'.rawurlencode($filename).'">';
+					echo '<input type=hidden name=filename value="'.rawurlencode($filename).'">';
 					
 					echo "<div id=wrapper_linenums_editor>";
 					echo 	"<div id=line_numbers tabindex='-1'><div id=line_1>1</div><div id=line_0></div></div>";
-					echo 	"<textarea id=file_editor class=tab_size name=contents cols=70 rows=25>$FILECONTENTS</textarea>\n";
+					echo 	"<textarea $readonly id=file_editor class=tab_size name=contents cols=70 rows=25>$FILECONTENTS</textarea>\n";
 					echo "</div>\n";
 					
-					echo "<div id=ww_options>".hsc($_['Word_Wrap']).":";
-					echo 	"<label><input id=word_wrap_on  type=radio name=word_wrap value=on $ww_on_checked>{$_['on']}</label>";
-					echo 	"<label><input id=word_wrap_off type=radio name=word_wrap value=off $ww_off_checked>{$_['off']}</label>";
-					echo "</div>\n";
+					$wrap_on_off = hsc($_['Line_Wrap']." ".$_['on']."/".$_['off']);
+					echo "<button type=button class=button id=toggle_wrap name=toggle_wrap value=$LINE_WRAP>$wrap_on_off</button>";
 				}
 			}//end if/elseif...
 			
-			if     ( $text_editable && $too_large_to_view ) //This condition must come first.
-				{ echo '<p class="message_box_contents">'.$too_large_to_view_message.'</p>'; }
-			elseif ($IS_OFCMS || $too_large_to_edit)
-				{ echo '<pre class="edit_disabled view_file">'.$FILECONTENTS.'</pre>'."\n"; }
 		}//end if non-image
 		
 		Edit_Page_buttons($text_editable, $too_large_to_edit);
@@ -2217,7 +2224,7 @@ function Edit_Page() {//********************************************************
 	if (!$text_editable || $too_large_to_edit) {$WYSIWYG_VALID = 0;}
 
 	//Get file contents
-	if (($text_editable && !$too_large_to_view) || $IS_OFCMS) {
+ 	if (($text_editable && !$too_large_to_view) || $IS_OFCMS) {
 		$raw_contents = file_get_contents($filename_OS);
 		$file_ENC = mb_detect_encoding($raw_contents); //ASCII, UTF-8, ISO-8859-1, etc...
 		if ($file_ENC != 'UTF-8') { $raw_contents = mb_convert_encoding($raw_contents, 'UTF-8', $file_ENC); }
@@ -2226,6 +2233,7 @@ function Edit_Page() {//********************************************************
 		$raw_contents = "";
 	}
 
+
 	if (PHP_VERSION_ID < 50400) { $FILECONTENTS = hsc($raw_contents); }
 	else						{ $FILECONTENTS = htmlspecialchars($raw_contents,ENT_SUBSTITUTE | ENT_QUOTES, 'UTF-8');	}
 
@@ -3028,7 +3036,7 @@ function Display_Messages($msg, take_focus) {//***********************
 	else if ($page == 'hash')  { new_focus = 'whattohash'; }
 	else if ($page == 'admin') { new_focus = 'close'; }
 
-	var $X_box		 = '<button tabindex=' + $tabindex_xbox + ' type=button id=X_box>x</button>';
+	var $X_box		 = '<button tabindex=' + $tabindex_xbox + ' type=button id=X_box>&times;</button>';
 	var $msg_div	 = '<div class=message_box_contents>' + $msg + '</div>';
 	var $msg_box     = document.getElementById("message_box");
 	var $new_focus	 = document.getElementById(new_focus)
@@ -3161,6 +3169,7 @@ function on_Tab_down(ID, FR,shifted) { //*****************************
 	//File Rows. For these events, "../" is 0, and files are indexed 1 to DIRECTORY_ITEMS.
 	var FROWS     = DIRECTORY_ITEMS;
 	var LAST_FILE = "f" + FROWS + "c4";
+	var FIRST_FILE = "f0c4";
 
 	//Get id of current focus (before this event). If focus is in file list, ID = 'fn', or 'fnn', etc.
 	var ID      = document.activeElement.id;
@@ -3215,7 +3224,7 @@ function on_Tab_down(ID, FR,shifted) { //*****************************
 	//  ENTER - enabled to check/unckeck checkboxes, and respond as needed.
 	//  Tab- handle checkbox's (parent <div>'s & <label>'s), otherwise allow default action.
 	//  Esc simply removes focus from active element.
-	//	Home toggles between [webroot]/current/path/ and [../] (first file in list)
+	//	Home goes to the first row in list - (../)
 	//	End goes only to last file in list.
 	//	Arrow Up/Down will loop from (top to bottom)/(bottom to top) of page (no hard stops).
 	//  Page Up/Down will likewise loop thru page, with soft-stops at first/last filenames.
@@ -3242,13 +3251,8 @@ function on_Tab_down(ID, FR,shifted) { //*****************************
 		return;
 	}
 	else if (key == ESC)  { document.activeElement.blur();    return; }
-	else if (key == END)  { if (ID != LAST_FILE) {ID = LAST_FILE;} else {return} }
-	else if (key == HOME) {
-		if      (FR == 0)        {ID = "path_0";}
-		else if (ID == "path_0") {ID = "f0c4";}
-		else if (FR  > 0)        {ID = "f0c4";}
-		else					 {ID = "path_0";}
-	}
+	else if (key == END)  { if (ID != LAST_FILE ) {ID = LAST_FILE; } }
+	else if (key == HOME) {	if (ID != FIRST_FILE) {ID = FIRST_FILE;} }
 	else if (key == AL) {
 		//Find first tab-able element to the left (usually just (focus_tabindex - 1))
 		for (var new_index = (focus_tabindex - 1); new_index > 0; new_index--) {
@@ -3417,8 +3421,8 @@ function sort_DIRECTORY(col, direction) {//***************************
 	//SORT_by, SORT_order, and SORT_folders_1st: values set by prior (or initial) sort.
 
 	//If needed, set default col and/or direction.
-	col       = typeof col       !== 'undefined' ? col       : 1;
-	direction = typeof direction !== 'undefined' ? direction : ASCENDING;
+	if (typeof col       === 'undefined') { col = 1 }
+	if (typeof direction === 'undefined') { direction = ASCENDING }
 
 	//Filename ckboxes are cleared automatically on a resort, in Assemble_Insert_row(), so this needs cleared also.
 	Select_All_ckbox.checked = false;
@@ -3545,7 +3549,7 @@ function Build_Directory() {//****************************************
 			var DS        = '';
 			var f_or_f    = 'file';
 			var href      = ONESCRIPT + PARAM1 + '&amp;f=' + encodeURIComponent(filename) + '&amp;p=edit';
-			var file_size = format_number(filesize) + ' B';
+			var file_size = format_number(filesize);
 		}
 		
 		//For file, (TABINDEX + 4) to account for [m][c][d][x] which are added in Assemble_Insert_Row()
@@ -3595,6 +3599,7 @@ function Directory_Summary() {//**************************************
 function Sort_and_Show(col, direction) {//****************************
 
 	var DELAY = 0;
+
 	if (DIRECTORY_ITEMS > <?php echo $MIN_DIR_ITEMS ?>) { //
 		//(Any pre-existing $MESSAGE will be displayed after directory is displayed.)
 		Display_Messages('<b><?php echo $_['Working'] ?></b>');
@@ -3637,6 +3642,7 @@ function Select_All() {//********************************************
 
 
 
+
 function Confirm_Submit(action) {//***********************************
 
 	var files = document.mcdselect.elements['files[]'];
@@ -3658,6 +3664,7 @@ function Confirm_Submit(action) {//***********************************
 }//end Confirm_Submit() //********************************************
 
 </script>
+
 <?php
 }//end Index_Page_scripts() //**************************************************
 
@@ -3665,7 +3672,7 @@ function Confirm_Submit(action) {//***********************************
 
 
 function Edit_Page_scripts() {//************************************************
-	global $_, $ONESCRIPT, $ONESCRIPT_file, $ipath, $param1, $param2, $filename, $WORD_WRAP, 
+	global $_, $ONESCRIPT, $ONESCRIPT_file, $ipath, $param1, $param2, $filename, $LINE_WRAP,
 			$MAIN_WIDTH, $WIDE_VIEW_WIDTH, $current_view, $WYSIWYG_VALID, $EDIT_WYSIWYG, $TAB_SIZE;
 
 	//Determine edit_view width.
@@ -3683,6 +3690,7 @@ function Edit_Page_scripts() {//************************************************
 	//For [Close] button
 	$close_params = $ONESCRIPT.$param1;
 	if ( $_SESSION['admin_page'] ) { $close_params .= '&p=admin'; } //If came from admin page, return there.
+
 ?>
 <script>
 var onclick_params = '<?php echo $ONESCRIPT.$param1.'&f='.rawurlencode(basename($filename)).'&p=' ?>';
@@ -3725,7 +3733,8 @@ function Edit_Page_scripts() {//************************************************
 if (File_textarea)      { File_textarea.addEventListener("keyup", function(event) {Check_for_changes(event);}) }
 
 
-//Prevent form-submission on enter of the word-wrap radio buttons.  They are only used for changing word-wrap visually.
+//Prevent form-submission on enter of the word-wrap radio buttons.
+//They are only used for changing word-wrap visually.
 var $edit_form = document.getElementById('edit_form');
 $edit_form.addEventListener( "submit", function(event) {Ignore_Submit(event)});
 
@@ -3759,10 +3768,26 @@ function Ignore_Submit(event) {
 
 
 
+function Correct_Word_Wrapping(text_area) {
+
+	//Correct word-wrapping and save cursor postion/selection
+	//after toggling between Wide/Normal views, and between Wrap on/off.
+	//(Doesn't always wrap consistantly or seem to use break-all.)
+	//This is so line-numbers line-up correctly.
+
+	var tmp = text_area.value;
+	var cursorX1 = text_area.selectionStart;
+	var cursorx2 = text_area.selectionEnd;
+	text_area.value = "";
+	text_area.value = tmp;
+	text_area.selectionStart = cursorX1;
+	text_area.selectionEnd   = cursorx2;
+}
+
+
+
 function Wide_View() {
 
-	//#####  Wide_View() currently only works on #file_editor (editable files).  Doesn't work when "edit disabled".  Yet.
-	
 	var main_width_default = '<?php echo $MAIN_WIDTH ?>';
 
 	//Set view width
@@ -3775,12 +3800,10 @@ function Wide_View() {
 		Wide_View_button.innerHTML = '<?php echo hsc($_['Normal_View']) ?>';
 		document.cookie            = 'edit_view=<?php echo $WIDE_VIEW_WIDTH ?>';
 	}
-	
-	//Corrects word-wrapping after changing between normal and wide-view. (Doesn't always wrap consistantly/use break-word.)
-	var tmp = File_textarea.value;
-	File_textarea.value = "";
-	File_textarea.value = tmp;
 
+
+	Correct_Word_Wrapping(File_textarea);
+	
 	Line_Numbers.Set_Line_Numbers();
 
 }// end Wide_View() 
@@ -3845,15 +3868,15 @@ function Reset_File() {
 
 
 
-function Line_Numbering(line_numbers_id, listing_id, line0_id, line1_id, wrap_on_id, wrap_off_id, ww_div_id) {
+function Line_Numbering(line_numbers_id, listing_id, line0_id, line1_id, toggle_wrap_id) {
 
 	var line_numbers = document.getElementById(line_numbers_id);
 	var listing 	 = document.getElementById(listing_id);
 	var line_zero    = document.getElementById(line0_id); //empty: used for char-width calc.
 	var line_one     = document.getElementById(line1_id); //<div>1</div> will contain the line numbers.
-	var wrap_on_opt  = document.getElementById(wrap_on_id);
-	var wrap_off_opt = document.getElementById(wrap_off_id);
-	var ww_div 		 = document.getElementById(ww_div_id);
+	var toggle_wrap	 = document.getElementById(toggle_wrap_id);
+	var initial_wrap = "<?php echo $LINE_WRAP ?>";
+	var TAB_SIZE 	 = <?php echo $TAB_SIZE ?>;
 
 	var char_width     = (line_zero.offsetLeft - line_one.offsetLeft);
 	var padding_L 	   = parseInt(window.getComputedStyle(listing).getPropertyValue("padding-left"));
@@ -3861,82 +3884,51 @@ function Line_Numbering(line_numbers_id, listing_id, line0_id, line1_id, wrap_on
 
 	var Display_Width_Chars = function() {return Math.floor((listing.clientWidth - padding_L - padding_R) / char_width)};
 
-	var TAB_SIZE = <?php echo $TAB_SIZE ?>;
-
 	line_zero.innerHTML = ""; //Just makin' sure. Only used for char-width calc.
 
 	line_numbers.style.height = listing.offsetHeight + "px";
 
 
-	Set_Line_Numbers(); 
-
 
+	if (listing.getAttribute('readonly') === null) {
+		//If not readonly (ie: editable)...
+		listing.addEventListener("keyup",   function(event){Set_Line_Numbers(event)});
+		listing.addEventListener("mouseup", function(event){Set_Line_Numbers(event)});
+		listing.addEventListener("paste",   function(event){Set_Line_Numbers(event)});
+	}
+	
 	listing.addEventListener("scroll",  function(event){Set_Line_Numbers(event)});
-	listing.addEventListener("keyup",   function(event){Set_Line_Numbers(event)});
-	listing.addEventListener("mouseup", function(event){Set_Line_Numbers(event)});
-	listing.addEventListener("paste",   function(event){Set_Line_Numbers(event)});
-
-	wrap_on_opt.onchange  = function() {Toggle_Word_Wrap(this.value);}
-	wrap_off_opt.onchange = function() {Toggle_Word_Wrap(this.value);}
-
-	document.onkeyup = function() {Word_Wrap_Focus_Styles(); }
-	document.onclick = function() {Word_Wrap_Focus_Styles();}
+	
+	toggle_wrap.onclick = function() {Toggle_Line_Wrap(this);}
 
 
 
-	//Set default/page load condition from CONFIGURABLE OPTIONS...
-	Toggle_Word_Wrap("<?php echo $WORD_WRAP ?>");
-	Word_Wrap_labels("<?php echo $WORD_WRAP ?>");
+	//Set default/page load condition, and also init's the line numbers...
+	//We're just setting the initial condition now, not actually toggling,
+	//so "pre-toggle" the indicator here as Toggle_Line_Wrap() will toggle it back...
+	if (initial_wrap === "off") {toggle_wrap.value = "on";} else {toggle_wrap.value = "off";}
+	Toggle_Line_Wrap(toggle_wrap);
 
 
 
-	function Word_Wrap_labels(word_wrap) {
-		//<label> around the radio buttons.
+	function Toggle_Line_Wrap(on_off) {
 		
-		if (word_wrap == "on") {
-			wrap_on_opt.parentNode.style.backgroundColor = "#DFD";
-			wrap_on_opt.parentNode.style.borderColor = "#373";
-			wrap_off_opt.parentNode.style.backgroundColor = "#EEE";
-			wrap_off_opt.parentNode.style.borderColor = "#777";
-		} else {
-			wrap_on_opt.parentNode.style.backgroundColor = "#EEE";
-			wrap_on_opt.parentNode.style.borderColor = "#777";
-			wrap_off_opt.parentNode.style.backgroundColor = "#DFD";
-			wrap_off_opt.parentNode.style.borderColor = "#373";
-		}
-	}//end Word_Wrap_labels()
-
-
-
-	function Word_Wrap_Focus_Styles() {
-		
-		var active_id = document.activeElement.id;
-		if ((active_id == wrap_on_id) || (active_id == wrap_off_id)) {
-			
-			//<label> around the radio buttons.
-			if (active_id == wrap_on_id) {var on_off = "on";} else {var on_off = "off";}
-			Word_Wrap_labels(on_off);
-			
-			//<div> around the <label> around the radio buttons.
-			ww_div.style.backgroundColor = "rgb(255,250,150)";
-			ww_div.style.borderColor = "black";
+		if (on_off.value == "on") {
+			on_off.value  				 = "off"
+			document.cookie 			 = 'line_wrap=off'
+			listing.style["white-space"] = "pre";
 		}
 		else {
-			ww_div.style.backgroundColor = "#EEE";
-			ww_div.style.borderColor = "#777";
+			on_off.value  				 = "on"
+			document.cookie				 = 'line_wrap=on'
+			listing.style["white-space"] = "pre-wrap";
 		}
-	}//end Word_Wrap_Focus_Styles()
-
-
-
-	function Toggle_Word_Wrap(on_off) {
 		
-		if (on_off == "on") {listing.style["white-space"] = "pre-wrap";}
-		else 				{listing.style["white-space"] = "pre";}
+		Correct_Word_Wrapping(listing);
 		
 		Set_Line_Numbers();
 		
-	}//end Toggle_Word_Wrap()
+	}//end Toggle_Line_Wrap()
 
 
 
@@ -3945,10 +3937,8 @@ function Line_Count(str) {
 		var line_count = 0;
 		var i = 0
 		
-		//line_count = (str.split(/\r\n|\r|\n/).length); //This is a little slower for very very very very very large files.
-		
 		for (i = 0; i < str.length; ++i) { 
-			if(str[i] == '\n') { line_count++; } //Also check for \r for some systems?
+			if(str[i] == '\n') { line_count++; } //Line-endings are normalized to \n elsewhere in OFCMS. (server-side)
 		}
 		
 		line_count++;  //Last line doesn't have a new-line at the end.
@@ -3989,9 +3979,8 @@ function Create_Line_Numbers(){
 		var lines    = listing.value.split('\n');
 		var cur_line = 0;	//listing[cur_line]
 		var line_len = 0;	//line length adjusted for tabs, to get effective length, and effective word-wrap.
-							//(each tab = 1 to 8 characters, depending...)
-		var effective_line_length = 0; //When tabs are expanded...
-		var line_count_wrapped = 0;
+		var effective_line_length = 0; //line length after tabs are expanded...
+		var line_count_wrapped = 0;   //number of visual lines, not neccessarily numbered lines, with line-wrap on.
 		
 		for(var num = 1; num <= lc; num++) { 
 			
@@ -4001,7 +3990,7 @@ function Create_Line_Numbers(){
 			
 			effective_line_length = Effective_Line_Length(lines[cur_line], TAB_SIZE);
 			
-			if (wrap_on_opt.checked && (effective_line_length > current_width) ) {
+			if ((toggle_wrap.value == "on") && (effective_line_length > current_width)) {
 				
 				line_count_wrapped = Math.ceil(effective_line_length / current_width) - 1; //# of addtional lines after wrapped...
 				
@@ -4040,17 +4029,20 @@ function Set_Line_Numbers(event) {
 	LN.Create_Line_Numbers   = Create_Line_Numbers;
 	LN.Set_Line_Numbers		 = Set_Line_Numbers;
 	
+	//Set initial cursor location to start of file, instead of end (the default).
+	listing.selectionStart = 0;
+	listing.selectionEnd = 0;
+
 	return LN;
 
 }//end Line_Numbering() //***********************************
 
 
 
-Line_Numbers = Line_Numbering("line_numbers", "file_editor", "line_0", "line_1", "word_wrap_on", "word_wrap_off", "ww_options");
+Line_Numbers = Line_Numbering("line_numbers", "file_editor", "line_0", "line_1", "toggle_wrap");
 
 
 Reset_file_status_indicators();
-
 </script>
 <?php
 }//end Edit_Page_scripts() //***************************************************
@@ -4208,6 +4200,8 @@ function style_sheet() {//******************************************************
 
 body { height: 100%; font-size: 1em; font-family: sans-serif; overflow-y: scroll; }
 
+svg { position: relative; top: 2px; }
+
 p, table, ol { margin-bottom: .6em;}
 
 h1,h2,h3,h4,h5,h6 { font-weight: bold; }
@@ -4242,10 +4236,14 @@ function style_sheet() {//******************************************************
 /*-- Must be after input:focus, as it alters border --*/
 input[type="checkbox"] { cursor: pointer; border: none;}
 
+button, .button {border-radius: 5px;}
+
 button:hover  { background-color: rgb(255,250,150); border-color: #333;}
 button:focus  { background-color: rgb(255,250,150); border-color: #333;}
 button:active { background-color: rgb(245,245,50);  border-color: #333;}
 
+button:active, .button:active{ position:relative; top :1px; left:1px; }
+
 /* --- layout --- */
 
 #main {
@@ -4280,26 +4278,20 @@ function style_sheet() {//******************************************************
 	}
 
 
-#message_box { border: none; margin: .5em 0 0 0; padding: 0; min-height: 1.88em;}
+#message_box { border: none; margin: .5em 0 .5em 0; padding: 0; min-height: 1.88em;}
 
 .message_box_contents { border: 1px solid gray; padding: 3px 2px 2px 4px; background: #FFF000; }
 
-#message_box #message_left {
-	float  : left;
-	margin : 0;
-	padding: 0;
-	border : none;
-	font-weight : 900;
-	}
+#message_box #message_left {float: left; margin: 0; padding: 0; border: none; font-weight: 900; }
 
 #message_box  #X_box {
 	display: block;
 	float  : right;
 	margin : 0;
-	padding: 0 2px 0 3px;
+	padding: 0px 0px 0 1px;
 	border : 1px solid gray;
-	font   : 16pt courier;
-	line-height: 18px;
+	font-size  : 20px;
+	line-height: 16px;
 	background : #EEE;
 	}
 
@@ -4312,7 +4304,7 @@ function style_sheet() {//******************************************************
 
 /* ------ INDEX Page ------ */
 
-#index_page_buttons     { margin: 0 0 0 0; }
+#index_page_buttons     { margin: 0; }
 #index_page_buttons div { display: inline-block; vertical-align: bottom; }
 
 
@@ -4409,10 +4401,10 @@ function style_sheet() {//******************************************************
 #header_sorttype:focus {border-color: silver;}
 
 .file_name { max-width: 26em; }
-.file_size { min-width:  6em; padding-left: 10px; }
-.file_time { min-width: 10em; padding-left: 10px; }
+.file_size { min-width:  6em; }
+.file_time { min-width: 10em; }
 
-.meta_T { padding-right: 4px; text-align: right; font-family: courier; font-size: .9em; color: #222; }
+.meta_T { padding: 0 .6em; text-align: right; font-family: courier; font-size: .9em; color: #222; }
 
 #DIRECTORY_FOOTER {text-align: center; font-size: .9em; color: #333; padding: 3px 0 0 0; }
 
@@ -4421,15 +4413,16 @@ function style_sheet() {//******************************************************
 .front_links { float: right; }
  
 .front_links a {
-	display: inline-block;
-	margin-top  : .2em;
+	display		: inline-block;
 	border      : 1px solid #777;
 	font-size   : 1em;  /*Adjusted by langauge files*/
 	margin-left : 1em;  /*Adjusted by langauge files*/
 	padding     : 3px 5px 2px 4px; /*TRBL*/
 	background-color: #EEE;
+	border-radius: 5px;
 	}
 
+.front_links svg { position: relative; top: 1px; margin-right: 5px; }
 
 /*These must go after .front_links and other style that affect <a> tags*/
 a { border: 1px solid transparent; text-decoration: none; }
@@ -4440,21 +4433,21 @@ function style_sheet() {//******************************************************
 
 /*** [Move] [Copy] [Delete] ***/
 
-#mcd_submit { margin: 0; height: 1.8em; }
+#mcd_submit { margin: 0; }
 
 #mcd_submit button {
-	height   : 1.55em;
+	height   : 1.75em;
 	cursor   : pointer;
 	border   : 1px solid #777;
-	padding  : 0px 4px 0px 3px; /*TRBL*/
-	margin-top  :  .5em;  /* Helps align bottoms with New & Upload buttons */
-	margin-left : 0.0em;  /* no longer needs adjusted by langauge files */
+	padding  : 0px 3px 0px 2px; /*TRBL*/
 	margin-right: 1.0em;  /* Adjusted by language files */
 	font-size: .9em;
 	color    : rgb(100,45,0);
 	background-color: #EEE;
 	}
 
+#mcd_submit svg { margin-right: 5px; }
+
 #mcd_submit button:focus  { border: 1px solid #333; background-color: rgb(255,250,150); }
 #mcd_submit button:hover  { border: 1px solid #333; background-color: rgb(255,250,150); }
 #mcd_submit button:active { border: 1px solid #333; background-color: rgb(245,245, 50); }
@@ -4554,7 +4547,7 @@ function style_sheet() {//******************************************************
 	border	  : 1px solid #777;
 	height	  : 40em;
 	width     : 96.6%;		/* compromise betweeen Normal and Wide views. May be dynamic someday. */
-	margin	  : 0 0 .7em 0;
+	margin	  : 0 0 .7em 2px;
 	padding   : 1px 0 0 3px;
 	overflow   : scroll;
 	word-break : break-all;
@@ -4687,7 +4680,7 @@ function style_sheet() {//******************************************************
 
 .timer {border: 1px solid #eee; padding: 3px .5em 4px .5em;}
 
-.timeout {float:right; font-size: .95em; color: #111;}
+.timeout {float:right; font-size: .95em; color: #111; padding-right: .3em;}
 
 .edit_btns_top {margin: .2em 0 .5em 0;}
 
@@ -4855,6 +4848,7 @@ function Load_style_sheet() {//*************************************************
 
 
 
+
 //******************************************************************************
 //Output page contents
 //******************************************************************************
@@ -4893,9 +4887,9 @@ function Load_style_sheet() {//*************************************************
 //footer...
 if ($_SESSION['valid']) {
 	//Countdown timer
-	echo '<hr style="border-color: white;">';
-	echo '<span id=timer0  class="timer timeout"></span>';
-	echo '<span class="timeout">'.hsc($_['time_out_txt']).'&nbsp; </span>';
+	echo "<hr style='border-color: white;'>\n";
+	echo "<span id=timer0  class='timer timeout'></span>";
+	echo "<span class=timeout>".hsc($_['time_out_txt'])."</span>";
 
 	//Adjust tabindex to account for [m][c][d][x] and file names in directory list.
 	//(Directory list created via js, so $TAB_INDEX is also passed to, and handled by, js at that point.)
@@ -4915,19 +4909,22 @@ function Load_style_sheet() {//*************************************************
 
 //Display any $MESSAGE's
 echo '<script>';
-echo 'var $tabindex_xbox = '.$TABINDEX_XBOX.';'; //Used in Display_Messages()
-echo 'var $page = "'.$page.'";';
-echo '$MESSAGE += "'.addslashes($MESSAGE).'";'; //js version of $MESSAGE declared at top of common_scripts().
+echo 'var $tabindex_xbox = '.$TABINDEX_XBOX.";\n"; //Used in Display_Messages()
+echo 'var $page = "'.$page.'";'."\n";
+echo '$MESSAGE += "'.addslashes($MESSAGE).'";'."\n"; //js version of $MESSAGE declared at top of common_scripts().
 	    //Cause $MESSAGE's $X_box to take focus on these pages only.
-echo 'if (($page == "index") || ($page == "edit")) {take_focus = 1}';
-echo 'else										   {take_focus = 0}';
+echo 'if (($page == "index") || ($page == "edit")) {take_focus = 1}'."\n";
+echo 'else										   {take_focus = 0}'."\n\n";
 
-	//##### ACTUAL COUNTDOWN STARTS ON THE SERVER.
-	//##### DO I NEED TO ACCOUNT FOR TIME RECEIVING & LOADING PAGE CLIENT SIDE?
+//Initial sort & display of the directory, by (filename, ascending).
+if ($page == "index") {	echo "Sort_and_Show();\n\n"; }
 
-	//The setTimeout() delay should be greater than what is set for the Sort_and_Show() "working..." message.
+//The setTimeout() delay should be greater than what is set for the Sort_and_Show() "working..." message.
 echo 'setTimeout("Display_Messages($MESSAGE, take_focus)", '.$DELAY_final_messages.');';
-echo '</script>';
+echo "</script>\n\n";
+
+	//##### ACTUAL COUNTDOWN STARTS ON THE SERVER.
+	//##### DO I NEED TO ACCOUNT FOR TIME RECEIVING & LOADING PAGE CLIENT SIDE?
 
 //start any timers...
 if ($_SESSION['valid']) { echo Timeout_Timer($MAX_IDLE_TIME, 'timer0', 'LOGOUT'); }

From d266dbf519b6709f326f135aafe1662570984054 Mon Sep 17 00:00:00 2001
From: Self-Evident <selfevidenttruths@mail.com>
Date: Sun, 26 Jun 2016 18:50:00 -0400
Subject: [PATCH 204/228] Version 3.5.21 [Line Wrap on/off] button: added
 underline on current state (on or off). Removed some css & js from when [Word
 Wrap *on *off] used radio buttons. Rearranged Edit_Page_scripts a bit in a
 hopefully more logical way. Set height of both line_numbers & file_editor
 with css. Removed setSelRange() in lieu of selectionStart/End in
 Reset_File(). Moved Toggle_Line_Wrap() out of Line_Numbering(), & into
 "global" scope of Edit_Page_Scripts(). Added some basic validation to
 $TAB_SIZE & its js conterpart TAB_SIZE. Updated OneFileCMS_structure.txt

---
 info/OneFileCMS_structure.txt    |  19 +-
 info/changelog.markdown          |  12 +
 languages/OneFileCMS.LANG.DE.php |  70 ++--
 languages/OneFileCMS.LANG.EN.php |  66 +--
 languages/OneFileCMS.LANG.ES.php |  70 ++--
 languages/OneFileCMS.LANG.NL.php |  72 ++--
 languages/OneFileCMS.LANG.RU.php |  68 +--
 onefilecms.php                   | 696 ++++++++++++++++---------------
 8 files changed, 563 insertions(+), 510 deletions(-)
 mode change 100755 => 100644 info/OneFileCMS_structure.txt

diff --git a/info/OneFileCMS_structure.txt b/info/OneFileCMS_structure.txt
old mode 100755
new mode 100644
index 7c225c2..ad7a9e7
--- a/info/OneFileCMS_structure.txt
+++ b/info/OneFileCMS_structure.txt
@@ -1,4 +1,4 @@
-OneFileCMS Version 3.5.17 structure/layout
+OneFileCMS Version 3.5.21 structure/layout
 
 LICENSE
 
@@ -113,14 +113,21 @@ JAVASCRIPT FUNCTIONS:
 		Select_All()
 		Confirm_Submit()
 	Edit_Page_scripts()
-		(various onclicks)
-		window.onbeforeunload
-		window.onunload
+		Set_File_Textarea_Width()
+		Correct_Word_Wrapping()
 		Wide_View()
+		Toggle_Line_Wrap()
 		Reset_file_status_indicators()
-		setSelRange()
 		Check_for_changes()
 		Reset_File()
+		Line_Numbering()
+			Display_Width_Chars()
+			Line_Count()
+			Effective_Line_Length()
+			Create_Line_Numbers()
+			Set_Line_Numbers()
+		Global variables
+		Event assignments
 	pwun_event_scripts()
 		events_down()
 		events_up()
@@ -147,4 +154,4 @@ LOGIC TO DETERMINE PAGE ACTION
 	Verify_page_conditions()
 	Update_Recent_Pages();
 
-GENERATE/OUTPUT <HTML>...  
+OUTPUT <HTML>...  
diff --git a/info/changelog.markdown b/info/changelog.markdown
index 1803587..1483a5c 100644
--- a/info/changelog.markdown
+++ b/info/changelog.markdown
@@ -1,5 +1,17 @@
 # OneFileCMS Change Log
 
+### v3.5.21 (2016-06-26)
+
+- Some code cleanup & a little local js re-org. 
+- Some minor static & active css improvements.
+- Added some basic validation to a config value.
+
+### v3.5.20 (2016-06-21)
+
+- Fixed sporadic directory-won't-display issue.
+- Fixed wrapping & line-numbering issue when toggling between wrap on & wrap off.
+- Added line-numbers to read-only files also.
+
 ### v3.5.19 (2016-06-16)
 
 - Added line numbers to left of edit window.  A current side effect is wrapping is now break-word, instead of word-break.  That is, lines may wrap in the midddle of words, not just on white-space. 
diff --git a/languages/OneFileCMS.LANG.DE.php b/languages/OneFileCMS.LANG.DE.php
index f7af3f9..e19880e 100755
--- a/languages/OneFileCMS.LANG.DE.php
+++ b/languages/OneFileCMS.LANG.DE.php
@@ -1,5 +1,5 @@
 <?php
-// OneFileCMS Language Settings v3.5.20
+// OneFileCMS Language Settings v3.5.21
 
 $_['LANGUAGE'] = 'Deutsch';
 $_['LANG'] = 'DE';
@@ -11,7 +11,7 @@
 // Remember to slash-escape any single quotes that may be within the text:  \'
 // The back-slash itself may or may not also need to be escaped:  \\
 //
-// If present as a trailing comment, "## NT ##" means 'Need Translation'.
+// If present as a trailing comment, "## NT ##" means 'Needs Translation'.
 //
 // These first few settings control a few font and layout settings.
 // In some instances, some langauges may use significantly longer words or phrases than others.
@@ -21,14 +21,14 @@
 $_['MCD_margin_R']           = '1.0em';   //[Move] [Copy] [Delete] buttons
 $_['button_font_size']       = '0.8em';   //Buttons on Edit page.
 $_['button_margin_L']        = '0.7em';
-$_['button_padding']         = '4px 4px'; //T R B L
+$_['button_padding']         = '4px 4px'; //T R B L  ,or,   V H   if only two values.
 $_['image_info_font_size']   = '.95em';   //show_img_msg_01  &  _02
 $_['image_info_pos']         = '1';       //If 1 or true, moves the info down a line for more space.
 $_['select_all_label_size']  = '.84em';   //Font size of $_['Select_All']
 $_['select_all_label_width'] = '76px';    //Width of space for $_['Select_All']
 
 $_['HTML']    = 'HTML';
-$_['WYSIWYG'] = 'WYSIWYG';
+$_['WYSIWYG'] = 'WYSIWYG'; //## NT ##
 
 $_['Admin']    = 'Konfiguration';
 $_['bytes']    = 'Bytes';
@@ -55,7 +55,7 @@
 $_['Hash']     = 'Streuwert';
 $_['Move']     = 'Verschieben';
 $_['Moved']    = 'Verschoben';
-$_['Name']     = 'Name';
+$_['Name']     = 'Name';    //## NT ##
 $_['on']       = 'läuft unter';
 $_['off']      = 'aus';
 $_['Password'] = 'Passwort';
@@ -71,37 +71,37 @@
 $_['Username'] = 'Benutzername';
 $_['View']     = 'Aussicht';
 
-$_['Working']      = 'Working - please wait...'; //## NT ##
-$_['Log_In']       = 'Anmelden';
-$_['Log_Out']      = 'Abmelden';
-$_['Admin_Options'] = 'Konfiguration Optionen';
-$_['Are_you_sure'] = 'Sind Sie sicher?';
-$_['View_Raw']     = 'View Raw'; //## NT ##
-$_['Open_View']    = 'Ansicht im Browser-Fenster';
-$_['Edit_View']    = 'Datei Bearbeiten / Ansicht';
-$_['Wide_View']    = 'Breitenadaptierte Ansicht';
-$_['Normal_View']  = 'Normale Ansicht';
-$_['Word_Wrap']    = 'Word Wrap'; //## NT ##
-$_['Line_Wrap']    = 'Line Wrap'; //## NT ##
-$_['Upload_File']  = 'Datei heraufladen';
-$_['New_File']     = 'Neuer Datei';
-$_['Ren_Move']     = 'Umbenennen / Verschieben';
-$_['Ren_Moved']    = 'Umbenannt / Verschoben';
-$_['folders_first'] = 'folders first'; //## NT ##
+$_['Working']         = 'Working - please wait...'; //## NT ##
+$_['Log_In']          = 'Anmelden';
+$_['Log_Out']         = 'Abmelden';
+$_['Admin_Options']   = 'Konfiguration Optionen';
+$_['Are_you_sure']    = 'Sind Sie sicher?';
+$_['View_Raw']        = 'View Raw'; //## NT ##
+$_['Open_View']       = 'Ansicht im Browser-Fenster';
+$_['Edit_View']       = 'Datei Bearbeiten / Ansicht';
+$_['Wide_View']       = 'Breitenadaptierte Ansicht';
+$_['Normal_View']     = 'Normale Ansicht';
+$_['Word_Wrap']       = 'Word Wrap'; //## NT ##
+$_['Line_Wrap']       = 'Line Wrap'; //## NT ##
+$_['Upload_File']     = 'Datei heraufladen';
+$_['New_File']        = 'Neuer Datei';
+$_['Ren_Move']        = 'Umbenennen / Verschieben';
+$_['Ren_Moved']       = 'Umbenannt / Verschoben';
+$_['folders_first']   = 'folders first'; //## NT ##
 $_['folders_first_info'] = 'Sort folders first, but don\'t change primary sort.'; //## NT ##
-$_['New_Folder']   = 'Neuer Ordner';
-$_['Ren_Folder']   = 'Ordner umbenennen/verschieben';
-$_['Submit']       = 'Anfrage senden';
-$_['Move_Files']   = 'Datei Verschieben';
-$_['Copy_Files']   = 'Datei Kopieren';
-$_['Del_Files']    = 'Datei Löschen';
-$_['Selected_Files'] = 'Ausgewählte Dateien';
-$_['Select_All']   = 'Alles auswählen';
-$_['Clear_All']    = 'Deaktivieren Sie alle';
-$_['New_Location'] = 'Neuer Ordner';
-$_['No_files']     = 'Keine Dateien ausgewählt.';
-$_['Not_found']    = 'Nicht gefunden';
-$_['Invalid_path'] = 'Invalid path'; //## NT ##
+$_['New_Folder']      = 'Neuer Ordner';
+$_['Ren_Folder']      = 'Ordner umbenennen/verschieben';
+$_['Submit']          = 'Anfrage senden';
+$_['Move_Files']      = 'Datei Verschieben';
+$_['Copy_Files']      = 'Datei Kopieren';
+$_['Del_Files']       = 'Datei Löschen';
+$_['Selected_Files']  = 'Ausgewählte Dateien';
+$_['Select_All']      = 'Alles auswählen';
+$_['Clear_All']       = 'Deaktivieren Sie alle';
+$_['New_Location']    = 'Neuer Ordner';
+$_['No_files']        = 'Keine Dateien ausgewählt.';
+$_['Not_found']       = 'Nicht gefunden';
+$_['Invalid_path']    = 'Invalid path'; //## NT ##
 
 $_['verify_msg_01']     = 'Sitzung abgelaufen.';
 $_['verify_msg_02']     = 'UNGÜLTIGE DATENSENDUNG';
diff --git a/languages/OneFileCMS.LANG.EN.php b/languages/OneFileCMS.LANG.EN.php
index a5ad942..f563461 100755
--- a/languages/OneFileCMS.LANG.EN.php
+++ b/languages/OneFileCMS.LANG.EN.php
@@ -1,5 +1,5 @@
 <?php
-// OneFileCMS Language Settings v3.5.20
+// OneFileCMS Language Settings v3.5.21
 
 $_['LANGUAGE'] = 'English';
 $_['LANG'] = 'EN';
@@ -11,7 +11,7 @@
 // Remember to slash-escape any single quotes that may be within the text:  \'
 // The back-slash itself may or may not also need to be escaped:  \\
 //
-// If present as a trailing comment, "## NT ##" means 'Need Translation'.
+// If present as a trailing comment, "## NT ##" means 'Needs Translation'.
 //
 // These first few settings control a few font and layout settings.
 // In some instances, some langauges may use significantly longer words or phrases than others.
@@ -21,7 +21,7 @@
 $_['MCD_margin_R']           = '1.0em';   //[Move] [Copy] [Delete] buttons
 $_['button_font_size']       = '0.9em';   //Buttons on Edit page.
 $_['button_margin_L']        = '0.7em';
-$_['button_padding']         = '4px 4px 4px 4px'; //T R B L
+$_['button_padding']         = '4px 4px 4px 4px'; //T R B L  ,or,   V H   if only two values.
 $_['image_info_font_size']   = '1em';     //show_img_msg_01  &  _02
 $_['image_info_pos']         = '';        //If 1 or true, moves the info down a line for more space.
 $_['select_all_label_size']  = '.84em';   //Font size of $_['Select_All']
@@ -71,37 +71,37 @@
 $_['Username'] = 'Username';
 $_['View']     = 'View';
 
-$_['Working']      = 'Working - please wait...';
-$_['Log_In']       = 'Log In';
-$_['Log_Out']      = 'Log Out';
-$_['Admin_Options'] = 'Administration Options';
-$_['Are_you_sure'] = 'Are you sure?';
-$_['View_Raw']     = 'View Raw'; //## NT ### as of 3.5.07
-$_['Open_View']    = 'Open/View in browser window';
-$_['Edit_View']    = 'Edit / View';
-$_['Wide_View']    = 'Wide View';
-$_['Normal_View']  = 'Normal View';
-$_['Word_Wrap']    = 'Word Wrap'; //## NT ## as of 3.5.19
-$_['Line_Wrap']    = 'Line Wrap'; //## NT ## as of 3.5.20
-$_['Upload_File']  = 'Upload File';
-$_['New_File']     = 'New File';
-$_['Ren_Move']     = 'Rename / Move';
-$_['Ren_Moved']    = 'Renamed / Moved';
-$_['folders_first'] = 'folders first'; //## NT ##
+$_['Working']         = 'Working - please wait...';
+$_['Log_In']          = 'Log In';
+$_['Log_Out']         = 'Log Out';
+$_['Admin_Options']   = 'Administration Options';
+$_['Are_you_sure']    = 'Are you sure?';
+$_['View_Raw']        = 'View Raw'; //## NT ### as of 3.5.07
+$_['Open_View']       = 'Open/View in browser window';
+$_['Edit_View']       = 'Edit / View';
+$_['Wide_View']       = 'Wide View';
+$_['Normal_View']     = 'Normal View';
+$_['Word_Wrap']       = 'Word Wrap'; //## NT ## as of 3.5.19
+$_['Line_Wrap']       = 'Line Wrap'; //## NT ## as of 3.5.20
+$_['Upload_File']     = 'Upload File';
+$_['New_File']        = 'New File';
+$_['Ren_Move']        = 'Rename / Move';
+$_['Ren_Moved']       = 'Renamed / Moved';
+$_['folders_first']   = 'folders first'; //## NT ##
 $_['folders_first_info'] = 'Sort folders first, but don\'t change primary sort.'; //## NT ##
-$_['New_Folder']   = 'New Folder';
-$_['Ren_Folder']   = 'Rename / Move Folder';
-$_['Submit']       = 'Submit Request';
-$_['Move_Files']   = 'Move File(s)';
-$_['Copy_Files']   = 'Copy File(s)';
-$_['Del_Files']    = 'Delete File(s)';
-$_['Selected_Files'] = 'Selected Folders and Files';
-$_['Select_All']   = 'Select All';
-$_['Clear_All']    = 'Clear All';
-$_['New_Location'] = 'New Location';
-$_['No_files']     = 'No files selected.';
-$_['Not_found']    = 'Not found';
-$_['Invalid_path'] = 'Invalid path';
+$_['New_Folder']      = 'New Folder';
+$_['Ren_Folder']      = 'Rename / Move Folder';
+$_['Submit']          = 'Submit Request';
+$_['Move_Files']      = 'Move File(s)';
+$_['Copy_Files']      = 'Copy File(s)';
+$_['Del_Files']       = 'Delete File(s)';
+$_['Selected_Files']  = 'Selected Folders and Files';
+$_['Select_All']      = 'Select All';
+$_['Clear_All']       = 'Clear All';
+$_['New_Location']    = 'New Location';
+$_['No_files']        = 'No files selected.';
+$_['Not_found']       = 'Not found';
+$_['Invalid_path']    = 'Invalid path';
 
 $_['verify_msg_01']     = 'Session expired.';
 $_['verify_msg_02']     = 'INVALID POST';
diff --git a/languages/OneFileCMS.LANG.ES.php b/languages/OneFileCMS.LANG.ES.php
index d6320d6..54293c3 100755
--- a/languages/OneFileCMS.LANG.ES.php
+++ b/languages/OneFileCMS.LANG.ES.php
@@ -1,5 +1,5 @@
 <?php
-// OneFileCMS Language Settings v3.5.20
+// OneFileCMS Language Settings v3.5.21
 
 $_['LANGUAGE'] = 'Espanõla';
 $_['LANG'] = 'ES';
@@ -11,7 +11,7 @@
 // Remember to slash-escape any single quotes that may be within the text:  \'
 // The back-slash itself may or may not also need to be escaped:  \\
 //
-// If present as a trailing comment, "## NT ##" means 'Need Translation'.
+// If present as a trailing comment, "## NT ##" means 'Needs Translation'.
 //
 // These first few settings control a few font and layout settings.
 // In some instances, some langauges may use significantly longer words or phrases than others.
@@ -21,7 +21,7 @@
 $_['MCD_margin_R']           = '1.0em';   //[Move] [Copy] [Delete] buttons
 $_['button_font_size']       = '0.9em';   //Buttons on Edit page.
 $_['button_margin_L']        = '0.7em';
-$_['button_padding']         = '4px 4px'; //T R B L
+$_['button_padding']         = '4px 4px'; //T R B L  ,or,   V H   if only two values.
 $_['image_info_font_size']   = '.95em';   //show_img_msg_01  &  _02
 $_['image_info_pos']         = ' ';       //If 1 or true, moves the info down a line for more space.
 $_['select_all_label_size']  = '.84em';   //Font size of $_['Select_All']
@@ -31,7 +31,7 @@
 $_['WYSIWYG'] = 'WYSIWYG'; //## NT ##
 
 $_['Admin']    = 'Administrador';
-$_['bytes']    = 'bytes';
+$_['bytes']    = 'bytes';   //## NT ##
 $_['Cancel']   = 'Cancelar';
 $_['cancelled'] = 'cancelado';
 $_['Close']    = 'Cerrar';
@@ -44,7 +44,7 @@
 $_['Deleted']  = 'Eliminado';
 $_['Edit']     = 'Editar';
 $_['Enter']    = 'Entrar';
-$_['Error']    = 'Error';
+$_['Error']    = 'Error';   //## NT ##
 $_['errors']   = 'errores';
 $_['ext']      = 'ext';
 $_['File']     = 'Archivo';
@@ -71,37 +71,37 @@
 $_['Username'] = 'Usuario';
 $_['View']     = 'Ver';
 
-$_['Working']      = 'Working - please wait...'; //## NT ##
-$_['Log_In']       = 'Iniciar Sesión';
-$_['Log_Out']      = 'Cerrar Sesión';
-$_['Admin_Options'] = 'Opciones de Administración';
-$_['Are_you_sure'] = '¿Estás seguro?';
-$_['View_Raw']     = 'View Raw'; //## NT ##
-$_['Open_View']    = 'Abrir/Ver en una ventana del navegador';
-$_['Edit_View']    = 'Editar / Ver Archivo';
-$_['Wide_View']    = 'Vista Ampliada';
-$_['Normal_View']  = 'Vista Normal';
-$_['Word_Wrap']    = 'Word Wrap'; //## NT ##
-$_['Line_Wrap']    = 'Line Wrap'; //## NT ##
-$_['Upload_File']  = 'Subir Archivo';
-$_['New_File']     = 'Archivo Nuevo';
-$_['Ren_Move']     = 'Renombrar / Mover';
-$_['Ren_Moved']    = 'Renombrado / Movido';
-$_['folders_first'] = 'folders first'; //## NT ##
+$_['Working']         = 'Working - please wait...'; //## NT ##
+$_['Log_In']          = 'Iniciar Sesión';
+$_['Log_Out']         = 'Cerrar Sesión';
+$_['Admin_Options']   = 'Opciones de Administración';
+$_['Are_you_sure']    = '¿Estás seguro?';
+$_['View_Raw']        = 'View Raw'; //## NT ##
+$_['Open_View']       = 'Abrir/Ver en una ventana del navegador';
+$_['Edit_View']       = 'Editar / Ver Archivo';
+$_['Wide_View']       = 'Vista Ampliada';
+$_['Normal_View']     = 'Vista Normal';
+$_['Word_Wrap']       = 'Word Wrap'; //## NT ##
+$_['Line_Wrap']       = 'Line Wrap'; //## NT ##
+$_['Upload_File']     = 'Subir Archivo';
+$_['New_File']        = 'Archivo Nuevo';
+$_['Ren_Move']        = 'Renombrar / Mover';
+$_['Ren_Moved']       = 'Renombrado / Movido';
+$_['folders_first']   = 'folders first'; //## NT ##
 $_['folders_first_info'] = 'Sort folders first, but don\'t change primary sort.'; //## NT ##
-$_['New_Folder']   = 'Carpeta Nueva';
-$_['Ren_Folder']   = 'Renombrar / Mover Carpeta';
-$_['Submit']       = 'Cargar';
-$_['Move_Files']   = 'Mover archivo(s)';
-$_['Copy_Files']   = 'Copiar archivo(s)';
-$_['Del_Files']    = 'Eliminar Archivo(s)';
-$_['Selected_Files'] = 'Seleccionar Archivos';
-$_['Select_All']   = 'Seleccionar Todos';
-$_['Clear_All']    = 'Limpiar Todos';
-$_['New_Location'] = 'Nueva Posición';
-$_['No_files']     = 'No se seleccionó ningún archivo.';
-$_['Not_found']    = 'No encontrado';
-$_['Invalid_path'] = 'Invalid path'; //## NT ##
+$_['New_Folder']      = 'Carpeta Nueva';
+$_['Ren_Folder']      = 'Renombrar / Mover Carpeta';
+$_['Submit']          = 'Cargar';
+$_['Move_Files']      = 'Mover archivo(s)';
+$_['Copy_Files']      = 'Copiar archivo(s)';
+$_['Del_Files']       = 'Eliminar Archivo(s)';
+$_['Selected_Files']  = 'Seleccionar Archivos';
+$_['Select_All']      = 'Seleccionar Todos';
+$_['Clear_All']       = 'Limpiar Todos';
+$_['New_Location']    = 'Nueva Posición';
+$_['No_files']        = 'No se seleccionó ningún archivo.';
+$_['Not_found']       = 'No encontrado';
+$_['Invalid_path']    = 'Invalid path'; //## NT ##
 
 $_['verify_msg_01']     = 'Sesión expirada.';
 $_['verify_msg_02']     = 'POST INVÁLIDO';
diff --git a/languages/OneFileCMS.LANG.NL.php b/languages/OneFileCMS.LANG.NL.php
index e79280d..967a874 100755
--- a/languages/OneFileCMS.LANG.NL.php
+++ b/languages/OneFileCMS.LANG.NL.php
@@ -1,5 +1,5 @@
 <?php
-// OneFileCMS Language Settings v3.5.20
+// OneFileCMS Language Settings v3.5.21
 
 $_['LANGUAGE'] = 'Nederlands (Dutch)';
 $_['LANG'] = 'NL';
@@ -11,7 +11,7 @@
 // Remember to slash-escape any single quotes that may be within the text:  \'
 // The back-slash itself may or may not also need to be escaped:  \\
 //
-// If present as a trailing comment, "## NT ##" means 'Need Translation'.
+// If present as a trailing comment, "## NT ##" means 'Needs Translation'.
 //
 // These first few settings control a few font and layout settings.
 // In some instances, some langauges may use significantly longer words or phrases than others.
@@ -21,17 +21,17 @@
 $_['MCD_margin_R']           = '1.0em';   //[Move] [Copy] [Delete] buttons
 $_['button_font_size']       = '0.8em';   //Buttons on Edit page.
 $_['button_margin_L']        = '0.7em';
-$_['button_padding']         = '4px 3px'; //T R B L
+$_['button_padding']         = '4px 3px'; //T R B L  ,or,   V H   if only two values.
 $_['image_info_font_size']   = '1em';     //show_img_msg_01  &  _02
 $_['image_info_pos']         = '';        //If 1 or true, moves the info down a line for more space.
 $_['select_all_label_size']  = '.84em';   //Font size of $_['Select_All']
 $_['select_all_label_width'] = '90px';    //Width of space for $_['Select_All']
 
 $_['HTML']    = 'HTML';
-$_['WYSIWYG'] = 'WYSIWYG';
+$_['WYSIWYG'] = 'WYSIWYG'; //## NT ##
 
 $_['Admin']    = 'Beheer';
-$_['bytes']    = 'bytes';
+$_['bytes']    = 'bytes';   //## NT ##
 $_['Cancel']   = 'Annuleren';
 $_['cancelled'] = 'geannuleerd';
 $_['Close']    = 'Sluiten';
@@ -52,7 +52,7 @@
 $_['Folder']   = 'Map';
 $_['folders']  = 'mappen';
 $_['From']     = 'Van';
-$_['Hash']     = 'Hash';
+$_['Hash']     = 'Hash';    //## NT ##
 $_['Move']     = 'Verplaats';
 $_['Moved']    = 'Verplaatst';
 $_['Name']     = 'Naam';
@@ -71,37 +71,37 @@
 $_['Username'] = 'Gebruikersnaam';
 $_['View']     = 'Uitzicht';
 
-$_['Working']      = 'Working - please wait...'; //## NT ##
-$_['Log_In']       = 'Inloggen';
-$_['Log_Out']      = 'Uitloggen';
-$_['Admin_Options'] = 'Opties voor beheer';
-$_['Are_you_sure'] = 'Weet u het zeker?';
-$_['View_Raw']     = 'View Raw'; //## NT ##
-$_['Open_View']    = 'Openen/Bekijken in browser venster';
-$_['Edit_View']    = 'Bewerken / weergeven';
-$_['Wide_View']    = 'Wijd Gezichtsveld';
-$_['Normal_View']  = 'Normaal Gezichtsveld';
-$_['Word_Wrap']    = 'Word Wrap'; //## NT ##
-$_['Line_Wrap']    = 'Line Wrap'; //## NT ##
-$_['Upload_File']  = 'Bestand Uploaden';
-$_['New_File']     = 'Nieuw Bestand';
-$_['Ren_Move']     = 'Hernoemen / Verplaatsen';
-$_['Ren_Moved']    = 'Hernoemend / Verplaatst';
-$_['folders_first'] = 'folders first'; //## NT ##
+$_['Working']         = 'Working - please wait...'; //## NT ##
+$_['Log_In']          = 'Inloggen';
+$_['Log_Out']         = 'Uitloggen';
+$_['Admin_Options']   = 'Opties voor beheer';
+$_['Are_you_sure']    = 'Weet u het zeker?';
+$_['View_Raw']        = 'View Raw'; //## NT ##
+$_['Open_View']       = 'Openen/Bekijken in browser venster';
+$_['Edit_View']       = 'Bewerken / weergeven';
+$_['Wide_View']       = 'Wijd Gezichtsveld';
+$_['Normal_View']     = 'Normaal Gezichtsveld';
+$_['Word_Wrap']       = 'Word Wrap'; //## NT ##
+$_['Line_Wrap']       = 'Line Wrap'; //## NT ##
+$_['Upload_File']     = 'Bestand Uploaden';
+$_['New_File']        = 'Nieuw Bestand';
+$_['Ren_Move']        = 'Hernoemen / Verplaatsen';
+$_['Ren_Moved']       = 'Hernoemend / Verplaatst';
+$_['folders_first']   = 'folders first'; //## NT ##
 $_['folders_first_info'] = 'Sort folders first, but don\'t change primary sort.'; //## NT ##
-$_['New_Folder']   = 'Nieuwe Map';
-$_['Ren_Folder']   = 'Hernoem / Verplaats Map';
-$_['Submit']       = 'Verzoek Indienen';
-$_['Move_Files']   = 'Verplaats Bestand(en)';
-$_['Copy_Files']   = 'Kopieër Bestand(en)';
-$_['Del_Files']    = 'Verwijder Bestand(en)';
-$_['Selected_Files'] = 'Geselecteerde Mappen en Bestanden';
-$_['Select_All']   = 'Selecteer Alles';
-$_['Clear_All']    = 'Verwijder Alles';
-$_['New_Location'] = 'Nieuwe Locatie';
-$_['No_files']     = 'Geen bestanden geselecteerd.';
-$_['Not_found']    = 'Niet gevonden';
-$_['Invalid_path'] = 'Invalid path'; //## NT ##
+$_['New_Folder']      = 'Nieuwe Map';
+$_['Ren_Folder']      = 'Hernoem / Verplaats Map';
+$_['Submit']          = 'Verzoek Indienen';
+$_['Move_Files']      = 'Verplaats Bestand(en)';
+$_['Copy_Files']      = 'Kopieër Bestand(en)';
+$_['Del_Files']       = 'Verwijder Bestand(en)';
+$_['Selected_Files']  = 'Geselecteerde Mappen en Bestanden';
+$_['Select_All']      = 'Selecteer Alles';
+$_['Clear_All']       = 'Verwijder Alles';
+$_['New_Location']    = 'Nieuwe Locatie';
+$_['No_files']        = 'Geen bestanden geselecteerd.';
+$_['Not_found']       = 'Niet gevonden';
+$_['Invalid_path']    = 'Invalid path'; //## NT ##
 
 $_['verify_msg_01']     = 'Sessie verlopen.';
 $_['verify_msg_02']     = 'ONGELDIGE POST';
diff --git a/languages/OneFileCMS.LANG.RU.php b/languages/OneFileCMS.LANG.RU.php
index 08e8c83..4f749fb 100755
--- a/languages/OneFileCMS.LANG.RU.php
+++ b/languages/OneFileCMS.LANG.RU.php
@@ -1,5 +1,5 @@
 <?php
-// OneFileCMS Language Settings v3.5.20
+// OneFileCMS Language Settings v3.5.21
 
 $_['LANGUAGE'] = 'Russian';
 $_['LANG'] = 'RU';
@@ -11,7 +11,7 @@
 // Remember to slash-escape any single quotes that may be within the text:  \'
 // The back-slash itself may or may not also need to be escaped:  \\
 //
-// If present as a trailing comment, "## NT ##" means 'Need Translation'.
+// If present as a trailing comment, "## NT ##" means 'Needs Translation'.
 //
 // These first few settings control a few font and layout settings.
 // In some instances, some langauges may use significantly longer words or phrases than others.
@@ -21,14 +21,14 @@
 $_['MCD_margin_R']           = '1.0em';   //[Move] [Copy] [Delete] buttons
 $_['button_font_size']       = '0.8em';   //Buttons on Edit page.
 $_['button_margin_L']        = '0.7em';
-$_['button_padding']         = '4px 5px'; //T R B L
+$_['button_padding']         = '4px 5px'; //T R B L  ,or,   V H   if only two values.
 $_['image_info_font_size']   = '1em';     //show_img_msg_01  &  _02
 $_['image_info_pos']         = '';        //If 1 or true, moves the info down a line for more space.
 $_['select_all_label_size']  = '.84em';   //Font size of $_['Select_All']
 $_['select_all_label_width'] = '72px';    //Width of space for $_['Select_All']
 
 $_['HTML']    = 'HTML';
-$_['WYSIWYG'] = 'WYSIWYG';
+$_['WYSIWYG'] = 'WYSIWYG'; //## NT ##
 
 $_['Admin']    = 'Админка';
 $_['bytes']    = 'байт';
@@ -71,37 +71,37 @@
 $_['Username'] = 'Логин';
 $_['View']     = 'вид';
 
-$_['Working']      = 'Working - please wait...'; //## NT ##
-$_['Log_In']       = 'Войти';
-$_['Log_Out']      = 'Выйти';
-$_['Admin_Options'] = 'Настройки Администратора';
-$_['Are_you_sure'] = 'Вы уверены?';
-$_['View_Raw']     = 'View Raw'; //## NT ##
-$_['Open_View']    = 'Открыть/Открыть в окне браузера';
-$_['Edit_View']    = 'Ред. / Смотреть';
-$_['Wide_View']    = 'Широкий Обзор';
-$_['Normal_View']  = 'Нормальный Обзор';
-$_['Word_Wrap']    = 'Word Wrap'; //## NT ##
-$_['Line_Wrap']    = 'Line Wrap'; //## NT ##
-$_['Upload_File']  = 'Загрузить файл';
-$_['New_File']     = 'Новый файл';
-$_['Ren_Move']     = 'Переименовать / Переместить';
-$_['Ren_Moved']    = 'Переименованно / Перемещенно';
-$_['folders_first'] = 'folders first'; //## NT ##
+$_['Working']         = 'Working - please wait...'; //## NT ##
+$_['Log_In']          = 'Войти';
+$_['Log_Out']         = 'Выйти';
+$_['Admin_Options']   = 'Настройки Администратора';
+$_['Are_you_sure']    = 'Вы уверены?';
+$_['View_Raw']        = 'View Raw'; //## NT ##
+$_['Open_View']       = 'Открыть/Открыть в окне браузера';
+$_['Edit_View']       = 'Ред. / Смотреть';
+$_['Wide_View']       = 'Широкий Обзор';
+$_['Normal_View']     = 'Нормальный Обзор';
+$_['Word_Wrap']       = 'Word Wrap'; //## NT ##
+$_['Line_Wrap']       = 'Line Wrap'; //## NT ##
+$_['Upload_File']     = 'Загрузить файл';
+$_['New_File']        = 'Новый файл';
+$_['Ren_Move']        = 'Переименовать / Переместить';
+$_['Ren_Moved']       = 'Переименованно / Перемещенно';
+$_['folders_first']   = 'folders first'; //## NT ##
 $_['folders_first_info'] = 'Sort folders first, but don\'t change primary sort.'; //## NT ##
-$_['New_Folder']   = 'Новая папка';
-$_['Ren_Folder']   = 'Переименовать / Переместить папку';
-$_['Submit']       = 'Отправить изменения';
-$_['Move_Files']   = 'Переместить Файл(ы)';
-$_['Copy_Files']   = 'Копировать Файл(ы)';
-$_['Del_Files']    = 'Удалить Файл(ы)';
-$_['Selected_Files'] = 'Выбранные Папки и Файлы';
-$_['Select_All']   = 'Выбрать все';
-$_['Clear_All']    = 'Очистить всё';
-$_['New_Location'] = 'Новая локализация';
-$_['No_files']     = 'Нет выбранных файлов.';
-$_['Not_found']    = 'Не найдено';
-$_['Invalid_path'] = 'Invalid path'; //## NT ##
+$_['New_Folder']      = 'Новая папка';
+$_['Ren_Folder']      = 'Переименовать / Переместить папку';
+$_['Submit']          = 'Отправить изменения';
+$_['Move_Files']      = 'Переместить Файл(ы)';
+$_['Copy_Files']      = 'Копировать Файл(ы)';
+$_['Del_Files']       = 'Удалить Файл(ы)';
+$_['Selected_Files']  = 'Выбранные Папки и Файлы';
+$_['Select_All']      = 'Выбрать все';
+$_['Clear_All']       = 'Очистить всё';
+$_['New_Location']    = 'Новая локализация';
+$_['No_files']        = 'Нет выбранных файлов.';
+$_['Not_found']       = 'Не найдено';
+$_['Invalid_path']    = 'Invalid path'; //## NT ##
 
 $_['verify_msg_01']     = 'Сессия истекла.';
 $_['verify_msg_02']     = 'НЕВЕРНЫЙ ЗАПРОС';
diff --git a/onefilecms.php b/onefilecms.php
index 4a8ff7b..3e9007f 100755
--- a/onefilecms.php
+++ b/onefilecms.php
@@ -2,7 +2,7 @@
 
 // OneFileCMS - github.com/Self-Evident/OneFileCMS
 
-$OFCMS_version = '3.5.20';
+$OFCMS_version = '3.5.21';
 
 
 
@@ -10,7 +10,6 @@
 //******************************************************************************
 //Some basic security & error log settings
 //
-//ob_start(); //Catch any early output. Closed prior to page output. Moved to top of file.
 ini_set('session.use_trans_sid', 0);    //make sure URL supplied SESSID's are not used
 ini_set('session.use_only_cookies', 1); //make sure URL supplied SESSID's are not used
 error_reporting(E_ALL & ~E_STRICT);     //(E_ALL &~ E_STRICT) for everything, 0 for none.
@@ -19,7 +18,7 @@
 ini_set('error_log'     , $_SERVER['SCRIPT_FILENAME'].'.ERROR.log');
 //
 //Determine good folder for session file. Default is /tmp/, which is not secure.
-//session_save_path('/home/content/username/tmp/'); //##### or:  ini_set('session.save_path', 'some_safe_path')
+//session_save_path('/home/content/username/tmp/'); //##### or:  ini_set('session.save_path', 'some/safe/path/')
 //******************************************************************************
 
 
@@ -103,9 +102,9 @@
 $WIDE_VIEW_WIDTH = '97%'; //Width to set Edit page if [Wide View] is clicked.  Can be px, pt, em, or %.  Assumes px otherwise.
 
 $LINE_WRAP = "on"; //"on", or (anything else) = "off".  Default for edit page. Once on page, line-wrap can toggle on/off.
-$TAB_SIZE  = 8;    //Some browsers recognize a css tab-size. Some don't.  If your's doesn't, LEAVE AT 8.  (IE/Edge, as of mid-2016)
+$TAB_SIZE  = 8;    //Some browsers recognize a css tab-size. Some don't (IE/Edge, as of mid-2016).
 
-$MAX_EDIT_SIZE = 210000;  // Edit gets flaky with large files in some browsers.  Trial and error your's.
+$MAX_EDIT_SIZE = 200000;  // Edit gets flaky with large files in some browsers.  Trial and error your's.
 $MAX_VIEW_SIZE = 1000000; // If file > $MAX_EDIT_SIZE, don't even view in OneFileCMS.
                           // The default max view size is completely arbitrary. Basically, it was 2am, and seemed like a good idea at the time.
 
@@ -173,7 +172,7 @@
 function System_Setup() {//*****************************************************
 
 global $_, $MAX_IDLE_TIME, $LOGIN_ATTEMPTS, $LOGIN_DELAYED, 
-	$MAIN_WIDTH, $WIDE_VIEW_WIDTH, $MAX_EDIT_SIZE, $MAX_VIEW_SIZE, $EXCLUDED_FILES, 
+	$MAIN_WIDTH, $WIDE_VIEW_WIDTH, $MAX_EDIT_SIZE, $MAX_VIEW_SIZE, $EXCLUDED_FILES, $TAB_SIZE, 
 	$EDIT_FILES, $SHOW_FILES, $SHOW_IMGS, $FILE_TYPES, $FILE_CLASSES, 
 	$SHOWALLFILES, $ETYPES, $STYPES, $ITYPES, $FTYPES, $FCLASSES, $EXCLUDED_LIST, 
 	$LANGUAGE_FILE, $ACCESS_ROOT, $ACCESS_ROOT_len, $WYSIWYG_PLUGIN, $WYSIWYG_VALID, $WYSIWYG_PLUGIN_OS, 
@@ -278,6 +277,12 @@ function System_Setup() {//*****************************************************
 $MAIN_WIDTH      = validate_units($MAIN_WIDTH);
 $WIDE_VIEW_WIDTH = validate_units($WIDE_VIEW_WIDTH);
 
+
+//Just some basic validation.  The 80 is just a round number that seems reasonable.
+$TAB_SIZE = intval($TAB_SIZE);
+if (($TAB_SIZE < 1) || ($TAB_SIZE > 80)) { $TAB_SIZE = 8; }
+
+
 ini_set('session.gc_maxlifetime', $MAX_IDLE_TIME + 100); //in case the default is less.
 
 $VALID_PAGES = array("login","logout","admin","hash","changepw","changeun","index","edit","upload","uploaded","newfile","renamefile","copyfile","deletefile","deletefolder","newfolder","renamefolder","copyfolder","mcdaction", "phpinfo", "raw_view");
@@ -304,6 +309,12 @@ function System_Setup() {//*****************************************************
 $MIN_DIR_ITEMS			  = 25; //Minimum number of directory items before "Working..." message is needed/displayed.
 
 
+//Validate wide_view cookie...
+if ( !isset($_COOKIE['wide_view']) || ($_COOKIE['wide_view'] !== "on") ) {
+	$_COOKIE['wide_view'] = "off";
+}
+
+
 //Used in hashit() and js_hash_scripts().  IE<9 is WAY slow, so keep it low.
 //For 200 iterations: (time on IE8) > (37 x time on FF). And the difference grows with the iterations.
 //If you change this, or any other aspect of either hashit() or js_hash_scripts(), do so while logged in.
@@ -316,11 +327,9 @@ function System_Setup() {//*****************************************************
 
 function Default_Language() { // ***********************************************
 	global $_;
-// OneFileCMS Language Settings v3.5.20
-
+// OneFileCMS Language Settings v3.5.21
 $_['LANGUAGE'] = 'English';
 $_['LANG'] = 'EN';
-
 // If no translation or value is desired for a particular setting, do not delete
 // the actual setting variable, just set it to an empty string.
 // For example:  $_['some_unused_setting'] = '';
@@ -333,22 +342,22 @@ function Default_Language() { // ***********************************************
 // These first few settings control a few font and layout settings.
 // In some instances, some langauges may use significantly longer words or phrases than others.
 // So, a smaller font or less spacing may be desirable in those places to preserve page layout.
-$_['front_links_font_size']  = '1.0em';  //Buttons on Index page.
+$_['front_links_font_size']  = '1.0em';   //Buttons on Index page.
 $_['front_links_margin_L']   = '1.0em';
-$_['MCD_margin_R']           = '1.0em';  //[Move] [Copy] [Delete] buttons
-$_['button_font_size']       = '0.9em';  //Buttons on Edit page.
+$_['MCD_margin_R']           = '1.0em';   //[Move] [Copy] [Delete] buttons
+$_['button_font_size']       = '0.9em';   //Buttons on Edit page.
 $_['button_margin_L']        = '0.7em';
-$_['button_padding']         = '4px 4px 4px 4px'; //T R B L
-$_['image_info_font_size']   = '1em';    //show_img_msg_01  &  _02
-$_['image_info_pos']         = '';       //If 1 or true, moves the info down a line for more space.
-$_['select_all_label_size']  = '.84em';  //Font size of $_['Select_All']
-$_['select_all_label_width'] = '72px';   //Width of space for $_['Select_All']
+$_['button_padding']         = '4px 4px 4px 4px'; //T R B L  ,or,   V H   if only two values.
+$_['image_info_font_size']   = '1em';     //show_img_msg_01  &  _02
+$_['image_info_pos']         = '';        //If 1 or true, moves the info down a line for more space.
+$_['select_all_label_size']  = '.84em';   //Font size of $_['Select_All']
+$_['select_all_label_width'] = '72px';    //Width of space for $_['Select_All']
 $_['HTML']    = 'HTML';
 $_['WYSIWYG'] = 'WYSIWYG';
 $_['Admin']    = 'Admin';
 $_['bytes']    = 'bytes';
 $_['Cancel']   = 'Cancel';
-$_['cancelled'] = 'cancelled'; //## NT ## as of 3.5.07
+$_['cancelled'] = 'cancelled';
 $_['Close']    = 'Close';
 $_['Copy']     = 'Copy';
 $_['Copied']   = 'Copied';
@@ -361,7 +370,7 @@ function Default_Language() { // ***********************************************
 $_['Enter']    = 'Enter';
 $_['Error']    = 'Error';
 $_['errors']   = 'errors';
-$_['ext']      = '.ext';  //## NT ## filename[.ext]ension
+$_['ext']      = '.ext';    //## NT ## filename[.ext]ension
 $_['File']     = 'File';
 $_['files']    = 'files';
 $_['Folder']   = 'Folder';
@@ -372,50 +381,50 @@ function Default_Language() { // ***********************************************
 $_['Moved']    = 'Moved';
 $_['Name']     = 'Name';
 $_['on']       = 'on';
-$_['off']      = 'off';  //## NT ## as of 3.5.19
+$_['off']      = 'off';
 $_['Password'] = 'Password';
 $_['Rename']   = 'Rename';
 $_['reset']    = 'Reset';
 $_['save_1']   = 'Save';
 $_['save_2']   = 'SAVE CHANGES';
 $_['Size']     = 'Size';
-$_['Source']   = 'Source'; 
+$_['Source']   = 'Source';
 $_['successful'] = 'successful';
 $_['To']       = 'To';
 $_['Upload']   = 'Upload';
 $_['Username'] = 'Username';
 $_['View']     = 'View';
-$_['Working']  = 'Working - please wait...';
-$_['Log_In']         = 'Log In';
-$_['Log_Out']        = 'Log Out';
-$_['Admin_Options']  = 'Administration Options';
-$_['Are_you_sure']   = 'Are you sure?';
-$_['View_Raw']       = 'View Raw'; //## NT ### as of 3.5.07
-$_['Open_View']      = 'Open/View in browser window';
-$_['Edit_View']      = 'Edit / View';
-$_['Wide_View']      = 'Wide View';
-$_['Normal_View']    = 'Normal View';
-$_['Word_Wrap']	 	 = 'Word Wrap';	//## NT ## as of 3.5.19
-$_['Line_Wrap']	 	 = 'Line Wrap';	//## NT ## as of 3.5.20
-$_['Upload_File']    = 'Upload File';
-$_['New_File']       = 'New File';
-$_['Ren_Move']       = 'Rename / Move';
-$_['Ren_Moved']      = 'Renamed / Moved';
-$_['folders_first']  = 'folders first'; //## NT ##
+$_['Working']         = 'Working - please wait...';
+$_['Log_In']          = 'Log In';
+$_['Log_Out']         = 'Log Out';
+$_['Admin_Options']   = 'Administration Options';
+$_['Are_you_sure']    = 'Are you sure?';
+$_['View_Raw']        = 'View Raw'; //## NT ### as of 3.5.07
+$_['Open_View']       = 'Open/View in browser window';
+$_['Edit_View']       = 'Edit / View';
+$_['Wide_View']       = 'Wide View';
+$_['Normal_View']     = 'Normal View';
+$_['Word_Wrap']       = 'Word Wrap'; //## NT ## as of 3.5.19
+$_['Line_Wrap']       = 'Line Wrap'; //## NT ## as of 3.5.20
+$_['Upload_File']     = 'Upload File';
+$_['New_File']        = 'New File';
+$_['Ren_Move']        = 'Rename / Move';
+$_['Ren_Moved']       = 'Renamed / Moved';
+$_['folders_first']   = 'folders first'; //## NT ##
 $_['folders_first_info'] = 'Sort folders first, but don\'t change primary sort.'; //## NT ##
-$_['New_Folder']     = 'New Folder';
-$_['Ren_Folder']     = 'Rename / Move Folder';
-$_['Submit']         = 'Submit Request';
-$_['Move_Files']     = 'Move File(s)';
-$_['Copy_Files']     = 'Copy File(s)';
-$_['Del_Files']      = 'Delete File(s)';
-$_['Selected_Files'] = 'Selected Folders and Files';
-$_['Select_All']     = 'Select All';
-$_['Clear_All']      = 'Clear All';
-$_['New_Location']   = 'New Location';
-$_['No_files']       = 'No files selected.';
-$_['Not_found']      = 'Not found';
-$_['Invalid_path']   = 'Invalid path';
+$_['New_Folder']      = 'New Folder';
+$_['Ren_Folder']      = 'Rename / Move Folder';
+$_['Submit']          = 'Submit Request';
+$_['Move_Files']      = 'Move File(s)';
+$_['Copy_Files']      = 'Copy File(s)';
+$_['Del_Files']       = 'Delete File(s)';
+$_['Selected_Files']  = 'Selected Folders and Files';
+$_['Select_All']      = 'Select All';
+$_['Clear_All']       = 'Clear All';
+$_['New_Location']    = 'New Location';
+$_['No_files']        = 'No files selected.';
+$_['Not_found']       = 'Not found';
+$_['Invalid_path']    = 'Invalid path';
 $_['verify_msg_01']     = 'Session expired.';
 $_['verify_msg_02']     = 'INVALID POST';
 $_['get_get_msg_01']    = 'File does not exist:';
@@ -427,15 +436,15 @@ function Default_Language() { // ***********************************************
 $_['rCopy_msg_01']      = 'A folder can not be copied into one of its own sub-folders.';
 $_['show_img_msg_01']   = 'Image shown at ~';
 $_['show_img_msg_02']   = '% of full size (W x H =';
-$_['hash_txt_01'] = 'The hashes generated by this page may be used to manually update $HASHWORD in OneFileCMS, or in an external config file.  In either case, make sure you remember the password used to generate the hash!';
-$_['hash_txt_06'] = 'Type your desired password in the input field above and hit Enter.';
-$_['hash_txt_07'] = 'The hash will be displayed in a yellow message box above that.';
-$_['hash_txt_08'] = 'Copy and paste the new hash to the $HASHWORD variable in the config section.';
-$_['hash_txt_09'] = 'Make sure to copy ALL of, and ONLY, the hash (no leading or trailing spaces etc).';
-$_['hash_txt_10'] = 'A double-click should select it...';
-$_['hash_txt_12'] = 'When ready, logout and login.';
-$_['pass_to_hash']   = 'Password to hash:';
-$_['Generate_Hash']  = 'Generate Hash';
+$_['hash_txt_01']   = 'The hashes generated by this page may be used to manually update $HASHWORD in OneFileCMS, or in an external config file.  In either case, make sure you remember the password used to generate the hash!';
+$_['hash_txt_06']   = 'Type your desired password in the input field above and hit Enter.';
+$_['hash_txt_07']   = 'The hash will be displayed in a yellow message box above that.';
+$_['hash_txt_08']   = 'Copy and paste the new hash to the $HASHWORD variable in the config section.';
+$_['hash_txt_09']   = 'Make sure to copy ALL of, and ONLY, the hash (no leading or trailing spaces etc).';
+$_['hash_txt_10']   = 'A double-click should select it...';
+$_['hash_txt_12']   = 'When ready, logout and login.';
+$_['pass_to_hash']  = 'Password to hash:';
+$_['Generate_Hash'] = 'Generate Hash';
 $_['login_txt_01']  = 'Username:';
 $_['login_txt_02']  = 'Password:';
 $_['login_msg_01a'] = 'There have been';
@@ -549,8 +558,8 @@ function Default_Language() { // ***********************************************
 $_['change_un_01'] = 'Username changed!';
 $_['change_un_02'] = 'Username NOT changed.';
 $_['update_failed'] = 'Update failed - could not save file.';
-$_['mcd_msg_01'] = 'file(s) and/or folder(s) moved.';   //#####
-$_['mcd_msg_02'] = 'file(s) and/or folder(s) copied.';  //#####
+$_['mcd_msg_01'] = 'file(s) and/or folder(s) moved.'; //#####
+$_['mcd_msg_02'] = 'file(s) and/or folder(s) copied.'; //#####
 $_['mcd_msg_03'] = 'file(s) and/or folder(s) deleted.'; //#####
 }//end Default_Language() //****************************************************
 
@@ -794,7 +803,7 @@ function Validate_params() {//**************************************************
 function Valid_Path($path, $gotoroot=true) {//**********************************
 	//$gotoroot: if true, return to index page of $ACCESS_ROOT.
 	global  $ipath, $ipath_OS, $filename, $param1, $param2, $param3, $ACCESS_ROOT, $ACCESS_ROOT_len, $MESSAGE;
-	
+
 	//Limit access to the folder $ACCESS_ROOT:
 	//$ACCESS_ROOT = some/root/path/
 	//$path        = some/root/path/...(or deeper)   : good
@@ -852,7 +861,7 @@ function Get_GET() {//**** Get URL passed parameters ***************************
 
 	//Initialize & validate $filename
 	if (isset($_GET["f"])) { $filename = $ipath.$_GET["f"]; } else { $filename = ""; }
-	
+
 	$filename_OS = Convert_encoding($filename);
 	if ( ($filename != "") && !is_file($filename_OS)  ) {
 		$MESSAGE .= $EX.'<b>'.hsc($_['get_get_msg_01']).'</b> ';
@@ -866,7 +875,7 @@ function Get_GET() {//**** Get URL passed parameters ***************************
 		$MESSAGE .= $EX.hsc($_['get_get_msg_02']).' <b>'.hsc($page).'</b><br>';
 		$page = "index";  //If invalid $_GET["p"]
 	}
-	
+
 	//Sanitize any message. Initialized on line 1 / top of this file.
 	if (isset($_GET["m"])) { $MESSAGE .= hsc($_GET["m"]); }
 }//end Get_GET() //*************************************************************
@@ -920,7 +929,7 @@ function Verify_Page_Conditions() {//*******************************************
 		$MESSAGE .= $EX.'<b> '.hsc($_['upload_error_01a']).' '.ini_get('post_max_size').'</b> '.hsc($_['upload_error_01b']).'<br>';
 		$page = "index";
 	}
-	
+
 	//[View Raw] file contents in a browser window (in plain text, NOT HTML).
 	if ($page == "raw_view"){
 		ob_start();
@@ -1029,7 +1038,7 @@ function Sort_Seperate($path, $full_list) {//***********************************
 		if (is_dir($fullpath_OS)) { $folders[$D++] = $item; }
 		else                      { $files[$F++]   = $item; }
 	}
-	
+
 	return array_merge($folders, $files);
 }//end Sort_Seperate() //*******************************************************
 
@@ -1258,7 +1267,7 @@ function show_image() {//*******************************************************
 	$SCALE = 1; $SCALE_W = 1; $SCALE_H = 1;
 	if ($img_info[$W] > $MAX_IMG_W) { $SCALE_W = ( $MAX_IMG_W/$img_info[$W] );}
 	if ($img_info[$H] > $MAX_IMG_H) { $SCALE_H = ( $MAX_IMG_H/$img_info[$H] );}
-	
+
 	//Set $SCALE to the more restrictive scale.
 	if   ( $SCALE_W > $SCALE_H ) { $SCALE = $SCALE_H; } //ex: if (.90 > .50)
 	else                         { $SCALE = $SCALE_W; } //If _H >= _W, or both are 1
@@ -1507,7 +1516,7 @@ function Hash_Page() {//********************************************************
 	<style>#message_box {font-family: courier; min-height: 3.1em;}</style>
 
 	<h2><?php echo hsc($_['Generate_Hash']) ?></h2>
-	
+
 	<form id="hash" name="hash" method="post" action="<?php echo $ONESCRIPT.$param1.$param3; ?>">
 		<?php echo $INPUT_NUONCE; ?>
 		<?php echo hsc($_['pass_to_hash']) ?>
@@ -1558,7 +1567,7 @@ function Change_PWUN_Page($pwun, $type, $page_title, $label_new, $label_confirm)
 ?>
 	<?php //preserve space for message_box even when there's no message. ?>
 	<style>#message_box {min-height: 2em;}</style>
-	
+
 	<h2><?php echo hsc($page_title) ?></h2>
 
 	<form id="change" method="post" action="<?php echo $ONESCRIPT.$param1.$param3; ?>">
@@ -1600,7 +1609,7 @@ function Change_PWUN_Page($pwun, $type, $page_title, $label_new, $label_confirm)
 //******************************************************************************
 function Update_config($search_for, $replace_with, $search_file, $backup_file) {
 	global  $_, $EX, $MESSAGE;
-	
+
 	$search_file_OS = Convert_encoding($search_file);
 	$backup_file_OS = Convert_encoding($backup_file);
 
@@ -1626,7 +1635,7 @@ function Update_config($search_for, $replace_with, $search_file, $backup_file) {
 
 	//This should not happen, but just in case...
 	if (!$found){ $MESSAGE .= $EX.' <b>'.hsc($_['Not_found']).': </b>'.hsc($search_for).'<br>'; return false; }
-	
+
 	copy($search_file_OS, $backup_file_OS); // Just in case...
 
 	$updated_contents = implode("\n", $search_lines);
@@ -1931,7 +1940,7 @@ function Get_DIRECTORY_DATA($raw_list) {//**************************************
 		$DIRECTORY_DATA[$DIRECTORY_COUNT][5] = $ext;
 		$DIRECTORY_COUNT++;
 	}//end foreach file
-	
+
 	return $DIRECTORY_COUNT;
 }//end Get_DIRECTORY_DATA() //**************************************************
 
@@ -1989,7 +1998,7 @@ function Index_Page_buttons_top($file_count) {//********************************
 		echo '<a id=b5 tabindex='.$TABINDEX++.' href="'.$ONESCRIPT.$param1.'&amp;p=newfile">'  .$ICONS['file_new']  .hsc($_['New_File'])   .'</a>';
 		echo '<a id=b6 tabindex='.$TABINDEX++.' href="'.$ONESCRIPT.$param1.'&amp;p=upload">'   .$ICONS['upload']    .hsc($_['Upload_File']).'</a>';
 	echo '</div>'; //end front_links
-	
+
 	echo '</div>'."\n"; //end index_page_buttons
 
 } //end Index_Page_buttons_top() //*********************************************
@@ -1999,7 +2008,7 @@ function Index_Page_buttons_top($file_count) {//********************************
  
 function Index_Page() {//*******************************************************
 	global  $ONESCRIPT, $ipath_OS, $param1;
-	
+
 	init_ICONS_js();
 
 	$raw_list = scandir('./'.$ipath_OS);  //Get current directory list  (unsorted)
@@ -2031,11 +2040,13 @@ function Edit_Page_buttons_top($text_editable,$file_ENC) {//********************
 
 	//[View Raw] button.
 	if ($text_editable) {
-		$view_raw_button = '<button type=button id=view_raw class=button>'.hsc('View Raw').'</button>';
+		$view_raw_button = '<button type=button id=view_raw class=button>'.hsc('View Raw')."</button>\n";
 	} else {$view_raw_button = '';}
 
-	//[Wide View] / [Normal View] button.
-	$wide_view_button = '<button type=button id=wide_view class=button>'.hsc($_['Wide_View']).'</button>';
+	//[Wide View] / [Normal View] button.  Label is what button will do, not an indicator the current state.
+	if ($_COOKIE['wide_view'] === "on") { $wv_label = hsc($_['Normal_View']); }
+	else 								{ $wv_label = hsc($_['Wide_View']); }
+	$wide_view_button = "<button type=button id=wide_view class=button value={$_COOKIE['wide_view']}>$wv_label</button>\n";
 
 	//[Edit WYSIWYG] / [Edit Source] button.
 	$WYSIWYG_button  = '';
@@ -2123,6 +2134,8 @@ function Edit_Page_form($ext, $text_editable, $too_large_to_edit, $too_large_to_
 		}
 	}
 
+
+
 	$too_large_to_edit_message =
 		'<b>'.hsc($_['too_large_to_edit_01']).' '.number_format($MAX_EDIT_SIZE).' '.hsc($_['bytes']).'</b><br>'.
 		hsc($_['too_large_to_edit_02']).'<br>'.hsc($_['too_large_to_edit_03']).'<br>'.hsc($_['too_large_to_edit_04']);
@@ -2131,7 +2144,7 @@ function Edit_Page_form($ext, $text_editable, $too_large_to_edit, $too_large_to_
 		'<b>'.hsc($_['too_large_to_view_01']).' '.number_format($MAX_VIEW_SIZE).' '.hsc($_['bytes']).'</b><br>'.
 		hsc($_['too_large_to_view_02']).'<br>'.hsc($_['too_large_to_view_03']).'<br>';
 
-	echo '<form id=edit_form name=edit_form method=post action="'.$ONESCRIPT.$param1.$param2.$param3.'">';
+	echo "\n".'<form id=edit_form name=edit_form method=post action="'.$ONESCRIPT.$param1.$param2.$param3.'">'."\n";
 		
 		echo $INPUT_NUONCE;
 		
@@ -2160,12 +2173,15 @@ function Edit_Page_form($ext, $text_editable, $too_large_to_edit, $too_large_to_
 					//<input name=filename> is used only to signal an Edit_response().
 					echo '<input type=hidden name=filename value="'.rawurlencode($filename).'">';
 					
-					echo "<div id=wrapper_linenums_editor>";
-					echo 	"<div id=line_numbers tabindex='-1'><div id=line_1>1</div><div id=line_0></div></div>";
-					echo 	"<textarea $readonly id=file_editor class=tab_size name=contents cols=70 rows=25>$FILECONTENTS</textarea>\n";
+					echo "<div id=wrapper_linenums_editor>\n";
+					echo 	"<div id=line_numbers tabindex='-1'><div id=line_1>1</div><div id=line_0></div></div>\n";
+					echo 	"<textarea $readonly id=file_editor name=contents cols=70 rows=25>$FILECONTENTS</textarea>\n";
 					echo "</div>\n";
 					
-					$wrap_on_off = hsc($_['Line_Wrap']." ".$_['on']."/".$_['off']);
+					$wrap_on_off  = hsc($_['Line_Wrap'])." ";
+					$wrap_on_off .= "<span id=w_on>" .hsc($_['on']) ."</span>/";
+					$wrap_on_off .= "<span id=w_off>".hsc($_['off'])."</span>";
+					
 					echo "<button type=button class=button id=toggle_wrap name=toggle_wrap value=$LINE_WRAP>$wrap_on_off</button>";
 				}
 			}//end if/elseif...
@@ -2173,7 +2189,7 @@ function Edit_Page_form($ext, $text_editable, $too_large_to_edit, $too_large_to_
 		}//end if non-image
 		
 		Edit_Page_buttons($text_editable, $too_large_to_edit);
-	echo '</form>';
+	echo "\n</form>\n";
 
 	Edit_Page_scripts();
 
@@ -2247,7 +2263,7 @@ function Edit_Page() {//********************************************************
 	echo '</h2>'."\n";
 
 	Edit_Page_form($ext, $text_editable, $too_large_to_edit, $too_large_to_view, $file_ENC);
-	
+
 	if ( in_array( $ext, $ITYPES) ) { show_image(); } //If image, show below the [Rename/Move] [Copy] [Delete] buttons
 
 	echo '<div class=clear></div>';
@@ -2267,7 +2283,7 @@ function Edit_response() {//***If on Edit page, and [Save] clicked *************
 	global $_, $EX, $MESSAGE, $filename, $filename_OS;
 
 	$contents    = $_POST['contents'];
-	
+
 	$contents = str_replace("\r\n", "\n", $contents); //Normalize EOL
 	$contents = str_replace("\r"  , "\n", $contents); //Normalize EOL
 
@@ -2301,7 +2317,7 @@ function Upload_Page() {//******************************************************
 	echo '<p>';
 	echo hsc($_['upload_txt_03']).' '.ini_get('upload_max_filesize').' '.hsc($_['upload_txt_01']).'<br>';
 	echo hsc($_['upload_txt_04']).' '.ini_get('post_max_size')      .' '.hsc($_['upload_txt_02']).'<br>';
-	
+
 	echo '<form enctype="multipart/form-data" action="'.$ONESCRIPT.$param1.'&amp;p=uploaded" method="post">';
 		echo $INPUT_NUONCE;
 		
@@ -2319,7 +2335,7 @@ function Upload_Page() {//******************************************************
 		}
 		echo '<p>';
 		Cancel_Submit_Buttons($_['Upload']);
-	echo '</form>';
+	echo "\n</form>\n";
 }//end Upload_Page() //*********************************************************
 
 
@@ -2385,7 +2401,7 @@ function New_Page($title, $new_f_or_f) {//**************************************
 		echo '<span class="mono"> '.hsc($INVALID_CHARS).'</span></p>';
 		echo '<input type="text" name="'.$new_f_or_f.'" id="'.$new_f_or_f.'" value=""><p>';
 		Cancel_Submit_Buttons($_['Create']);
-	echo '</form>';
+	echo "\n</form>\n";
 }//end New_Page() //************************************************************
 
 
@@ -2496,7 +2512,7 @@ function CRM_Page($action, $title, $action_id, $old_full_name) {//**************
 		
 		echo '('.hsc($_['CRM_txt_02']).')<p>';
 		Cancel_Submit_Buttons($action);
-	echo '</form>';
+	echo "\n</form>\n";
 }//end CRM_Page() //************************************************************
 
 
@@ -2673,7 +2689,7 @@ function MCD_Page($action, $page_title, $classes = '') {//**********************
 		}
 		
 		echo '</table>';
-	echo '</form>';
+	echo "\n</form>\n";
 }//end MCD_Page() //************************************************************
 
 
@@ -2685,7 +2701,7 @@ function MCD_response($action, $msg1, $success_msg = '') {//********************
 	$files      = $_POST['files']; //List of files to delete (path not included)
 	$errors     = 0; //number of failed moves, copies, or deletes
 	$successful = 0;
-	
+
 	$new_location = "";
 	if (isset($_POST['new_location'])) {
 		$new_location    =                  $_POST['new_location'];
@@ -2693,7 +2709,7 @@ function MCD_response($action, $msg1, $success_msg = '') {//********************
 	}
 
 	$show_message = 1; //1= show error msg only.
-	
+
 	if ( ($new_location != "") && !is_dir($new_location_OS)) {
 		$MESSAGE .= $EX.'<b>'.hsc($msg1.' '.$_['CRM_msg_01']).'</b><br>';
 		$MESSAGE .= '<span class="filename">'.hsc($_POST['new_location']).'</span><br>';
@@ -2719,7 +2735,7 @@ function MCD_response($action, $msg1, $success_msg = '') {//********************
 	}
 
 	if ($errors) {$MESSAGE .= $EX.' <b>'.$errors.' '.hsc($_['errors']).'.</b><br>';}
-	
+
 	$MESSAGE .= '<b>'.$successful.' '.hsc($success_msg).'</b><br>';
 
 	if ($action != 'rDel') {
@@ -2794,7 +2810,7 @@ function Respond_to_POST() {//**************************************************
 	global $_, $VALID_POST, $ipath, $page, $EX, $ACCESS_ROOT, $MESSAGE;
 
 	if (!$VALID_POST) { return; }
-	
+
 	//First, validate any $_POST'ed paths against $ACCESS_ROOT.
 	if (isset($_POST["old_full_name"]) && !Valid_Path($_POST["old_full_name"], false)) {
 		//unlikely, but just in case
@@ -2863,6 +2879,7 @@ function init_ICONS_js() {//****************************************************
 function common_scripts() {//***************************************************
 	global $_, $TO_WARNING, $MESSAGE, $page, $DELAY_Expired_Reload;
 ?>
+
 <script>
 var $MESSAGE = "";
 
@@ -3052,6 +3069,7 @@ function Display_Messages($msg, take_focus) {//***********************
 }//end Display_Messages() //******************************************
 
 </script>
+
 <?php
 }//end common_scripts() //******************************************************
 
@@ -3154,14 +3172,14 @@ function on_Tab_down(ID, FR,shifted) { //*****************************
 	var jump = <?php echo $PAGEUPDOWN ?>;//# of rows to jump with Page Up/Page Down.
 	var highlight1 = "rgb(255,250,150)";
 	var highlight2 = "rgb(255,240,140)";
-	
+
 	//Get key pressed...
 	if (!event) {var event = window.event;} //for IE
 	var key = event.keyCode;
 
 	//Assign a few handy "constants": Arrow U/D/L/R, Page Up/Down, etc... 
 	var AU = 38, AD = 40, AL = 37, AR = 39, PU = 33, PD = 34; END = 35, HOME = 36, ESC = 27, TAB = 9, ENTER = 13;
-	
+
 	//Ignore any other key presses...
 	if ((key != AU) && (key != AD) && (key != AL) && (key != AR) && (key != PU) && (key != PD) && 
 		(key != HOME) && (key != END) && (key != ESC) && (key != TAB) && (key != ENTER)) { return }
@@ -3340,7 +3358,7 @@ function on_Tab_down(ID, FR,shifted) { //*****************************
 	if (document.activeElement.type == "checkbox") {document.getElementById(ID).parentNode.style.backgroundColor = highlight2;}
 	if (ID == "select_all_ckbox")    {document.getElementById('select_all_label').style.backgroundColor = highlight1;}
 	if (ID == "folders_first_ckbox") {document.getElementById('folders_first_label').style.backgroundColor = highlight1;}
-	
+
 	//Prevent default browser scrolling via arrow & Page keys, so focus()'d element stays visible/in view port.
 	//(A few exceptions skip this via a return in the above  if/else's.)
 	if ( (ID != 'path_0') || ((ID == 'path_0') && (key == AD)) || ((ID == 'path_0') && (key == PD))) {
@@ -3401,7 +3419,7 @@ function Sort_Folders_First() {//*************************************
 	row = 0
 	for (D = 0; D < folders.length; D++) { DIRECTORY_DATA[row++] = folders[D]; }
 	for (F = 0; F < files.length;   F++) { DIRECTORY_DATA[row++] = files[F];   }
-	
+
 	SORT_folders_1st = true;
 
 }//end Sort_Folders_First() //****************************************
@@ -3414,7 +3432,7 @@ function sort_DIRECTORY(col, direction) {//***************************
 	if (DIRECTORY_DATA.length < 2) {return} //can't sort 1 or zero items.
 
 	//sort DIRECTORY_DATA[] by col and direction
-	
+
 	//col: 1 for "file name", 2 for filesize, 3 for timestamp, 5 for "ext"
 	//direction: 0 = desending, 1 = ascending, 2 = flip, 3 = flip only if new col != SORT_by
 
@@ -3675,104 +3693,41 @@ function Edit_Page_scripts() {//************************************************
 	global $_, $ONESCRIPT, $ONESCRIPT_file, $ipath, $param1, $param2, $filename, $LINE_WRAP,
 			$MAIN_WIDTH, $WIDE_VIEW_WIDTH, $current_view, $WYSIWYG_VALID, $EDIT_WYSIWYG, $TAB_SIZE;
 
-	//Determine edit_view width.
-	$current_view = $MAIN_WIDTH;
-	if ( isset($_COOKIE['edit_view']) ) {
-		if ( ($_COOKIE['edit_view'] == $MAIN_WIDTH) || ($_COOKIE['edit_view'] == $WIDE_VIEW_WIDTH) ) {
-			$current_view = $_COOKIE['edit_view'];
-		}
-	}
+	//Get current view width.
+	$current_view = $MAIN_WIDTH; //default
+	if ( $_COOKIE['wide_view'] === "on" ) { $current_view = $WIDE_VIEW_WIDTH; }
 
 	//For [Edit WYSIWYG/Source] button
-	$set_cookie = "document.cookie='edit_wysiwyg=".(!$EDIT_WYSIWYG*1)."';";
-	$WYSIWYG_onclick = "parent.location = onclick_params + 'edit'; ".$set_cookie;
+	$WYSIWYG_onclick  = "parent.location = onclick_params + 'edit'; ";
+	$WYSIWYG_onclick .= "document.cookie='edit_wysiwyg=".(!$EDIT_WYSIWYG*1)."';";
 
 	//For [Close] button
 	$close_params = $ONESCRIPT.$param1;
 	if ( $_SESSION['admin_page'] ) { $close_params .= '&p=admin'; } //If came from admin page, return there.
-
 ?>
-<script>
-var onclick_params = '<?php echo $ONESCRIPT.$param1.'&f='.rawurlencode(basename($filename)).'&p=' ?>';
 
-var Main_div		   = document.getElementById('main');
-var File_textarea      = document.getElementById('file_editor');
-var View_Raw_button    = document.getElementById('view_raw');
-var Wide_View_button   = document.getElementById('wide_view');
-var WYSIWYG_button	   = document.getElementById('edit_WYSIWYG');
-var Close_button       = document.getElementById('close1');
-var Save_File_button   = document.getElementById('save_file');
-var Reset_button       = document.getElementById('reset');
-var Rename_File_button = document.getElementById('renamefile_btn');
-var Copy_File_button   = document.getElementById('copyfile_btn');
-var Delete_File_button = document.getElementById('deletefile_btn');
-
-if (File_textarea) { var start_value = File_textarea.value; }
-
-var submitted  = false;
-var changed    = false;
 
-//[Close], and [Copy], should always be present on Edit Page.
-Close_button.onclick     = function () { parent.location = '<?php echo $close_params ?>'; }
-Close_button.focus();
-Copy_File_button.onclick = function () { parent.location = onclick_params + 'copyfile';   }
-
-Main_div.style.width = "<?php echo $current_view ?>"; //Set current width
-
-if ( Main_div.style.width == '<?php echo $WIDE_VIEW_WIDTH ?>' ) {
-	Wide_View_button.innerHTML = '<?php echo hsc($_['Normal_View']) ?>';
-}
-
-//These elements do not exist if file is not editable, or maybe if in WYSIWYG mode.
-if (View_Raw_button)    { View_Raw_button.onclick 	 = function () {window.open(onclick_params + 'raw_view'); } }
-if (Wide_View_button)   { Wide_View_button.onclick 	 = function () {Wide_View();}    }
-if (Save_File_button)   { Save_File_button.onclick 	 = function () {submitted=true;} }
-if (WYSIWYG_button  )   { WYSIWYG_button.onclick 	 = function () {<?php echo $WYSIWYG_onclick ?>} }
-if (Rename_File_button) { Rename_File_button.onclick = function () {parent.location = onclick_params + 'renamefile';} }
-if (Delete_File_button) { Delete_File_button.onclick = function () {parent.location = onclick_params + 'deletefile';} }
-if (File_textarea)      { File_textarea.addEventListener("keyup", function(event) {Check_for_changes(event);}) }
-
-
-//Prevent form-submission on enter of the word-wrap radio buttons.
-//They are only used for changing word-wrap visually.
-var $edit_form = document.getElementById('edit_form');
-$edit_form.addEventListener( "submit", function(event) {Ignore_Submit(event)});
-
-
-
-function Ignore_Submit(event) {
-	if (!event) {var event = window.event;} //for IE
-	if (document.activeElement.type == "radio") {event.preventDefault();}
+<script>
+function Set_File_Textarea_Width() {
+	var Mw  =  parseInt(window.getComputedStyle(Main_div).getPropertyValue("width"));
+	var Mbr =  parseInt(window.getComputedStyle(Main_div).getPropertyValue("border-right-width"));
+	var Mbl =  parseInt(window.getComputedStyle(Main_div).getPropertyValue("border-left-width"));
+	var Lw  =  parseInt(window.getComputedStyle(Line_Numbers_div).getPropertyValue("width"));
+	var Lmr =  parseInt(window.getComputedStyle(Line_Numbers_div).getPropertyValue("margin-right"));
+	var Fml =  parseInt(window.getComputedStyle(File_textarea).getPropertyValue("margin-left"));
+	File_textarea.style.width = (Mw - Lw - Mbr - Mbl- Lmr - Fml) + "px";
 }
 
 
 
 
-window.onbeforeunload = function() {
-	if ( changed && !submitted ) {
-		//FF4+ Ingores the supplied msg below & only uses a system msg for the prompt.
-		<?php //use addslashes(), not hsc(), because this is for a js alert() / confirm(), not HTML ?>
-		return "<?php echo addslashes($_['unload_unsaved']) ?>";
-	}
-}
-
-
-window.onunload = function() {
-	//without this, a browser back then forward would reload file with local/
-	// unsaved changes, but with a green b/g as tho that's the file's saved contents.
-	if (!submitted) {
-		File_textarea.value = start_value;
-		Reset_file_status_indicators();
-	}
-}
-
-
-
 function Correct_Word_Wrapping(text_area) {
 
-	//Correct word-wrapping and save cursor postion/selection
-	//after toggling between Wide/Normal views, and between Wrap on/off.
-	//(Doesn't always wrap consistantly or seem to use break-all.)
+	//Correct word-wrapping and save cursor postion/selection after toggling 
+	// between view modes (Wide/Normal or Wrap on/off).
+	//When width or wrap changed dynamically, the browser doesn't always wrap 
+	// correctly, or seem to use break-all.
+	//
 	//This is so line-numbers line-up correctly.
 
 	var tmp = text_area.value;
@@ -3786,27 +3741,58 @@ function Correct_Word_Wrapping(text_area) {
 
 
 
+
 function Wide_View() {
 
-	var main_width_default = '<?php echo $MAIN_WIDTH ?>';
+	var normal_view_width = '<?php echo $MAIN_WIDTH ?>';
+	var wide_view_width	  = '<?php echo $WIDE_VIEW_WIDTH ?>';
 
-	//Set view width
-	if (Main_div.style.width == '<?php echo $WIDE_VIEW_WIDTH ?>') {
-		Main_div.style.width       = main_width_default;
-		Wide_View_button.innerHTML = "<?php echo hsc($_['Wide_View'])?>";
-		document.cookie            = 'edit_view=' + main_width_default;
+	//Toggle view width
+	if (Wide_View_button.value == "on") {
+		Main_div.style.width       = normal_view_width;
+		Set_File_Textarea_Width();
+		Wide_View_button.innerHTML = "<?php echo hsc($_['Wide_View'])?>"; //Button label is what to do next click, not current state.
+		document.cookie            = 'wide_view=off';
+		Wide_View_button.value 	   = "off"
 	}else{
-		Main_div.style.width       = '<?php echo $WIDE_VIEW_WIDTH ?>';
+		Main_div.style.width       = wide_view_width;
+		Set_File_Textarea_Width();
 		Wide_View_button.innerHTML = '<?php echo hsc($_['Normal_View']) ?>';
-		document.cookie            = 'edit_view=<?php echo $WIDE_VIEW_WIDTH ?>';
+		document.cookie            = 'wide_view=on';
+		Wide_View_button.value 	   = "on"
 	}
 
+	Correct_Word_Wrapping(File_textarea);
+
+	Line_Numbers.Set_Line_Numbers();
+}
+
+
+
+
+function Toggle_Line_Wrap(on_off) {
+
+	if (on_off.value == "on") {
+		on_off.value  				 = "off"
+		document.cookie 			 = 'line_wrap=off'
+		File_textarea.style["white-space"] = "pre";
+		document.getElementById('w_on').style.textDecoration  = "none";
+		document.getElementById('w_off').style.textDecoration = "underline";
+	}
+	else {
+		on_off.value  				 = "on"
+		document.cookie				 = 'line_wrap=on'
+		File_textarea.style["white-space"] = "pre-wrap";
+		document.getElementById('w_on').style.textDecoration  = "underline";
+		document.getElementById('w_off').style.textDecoration = "none";
+	}
 
 	Correct_Word_Wrapping(File_textarea);
-	
+
 	Line_Numbers.Set_Line_Numbers();
+	
+}//end Toggle_Line_Wrap()
 
-}// end Wide_View() 
 
 
 
@@ -3820,26 +3806,12 @@ function Reset_file_status_indicators() {
 
 
 
-//With selStart & selEnd == 0, moves cursor to start of text field.
-function setSelRange(inputEl, selStart, selEnd) {
-	if (inputEl.setSelectionRange) {
-		inputEl.focus();
-		inputEl.setSelectionRange(selStart, selEnd);
-	} else if (inputEl.createTextRange) {
-		var range = inputEl.createTextRange();
-		range.collapse(true);
-		range.moveEnd('character', selEnd);
-		range.moveStart('character', selStart);
-		range.select();
-	}
-}
-
-
 
 function Check_for_changes(event){
 	if (!event) {var event = window.event;} //if IE
 	var keycode = event.keyCode? event.keyCode : event.charCode;
 	changed = (File_textarea.value != start_value);
+
 	if (changed){
 		document.getElementById('message_box').innerHTML = " "; //Must have a space, or it won't clear the msg.
 		File_textarea.style.backgroundColor    = "white";
@@ -3853,96 +3825,55 @@ function Check_for_changes(event){
 
 
 
+
 //Reset textarea value to when page was loaded.
 //Used by [Reset] button, and when page unloads (browser back, etc).
 //Needed becuase if the page is reloaded (ctl-r, or browser back/forward, etc.),
-//the text stays changed, but "changed" gets set to false, which looses warning.
+//the text stays changed, but var "changed" gets set to false, which looses warning.
+//
 function Reset_File() {
+
     <?php //use addslashes() because this is for a js alert() or confirm(), not HTML ?>
 	if (changed) { if ( !(confirm("<?php echo addslashes($_['confirm_reset']) ?>")) ) { return false; } }
+
 	File_textarea.value = start_value;
 	Reset_file_status_indicators();
-	setSelRange(File_textarea, 0, 0) //Move cursor to start of textarea.
-}
-
-
 
+	File_textarea.selectionStart = 0;
+	File_textarea.selectionEnd = 0;
 
-function Line_Numbering(line_numbers_id, listing_id, line0_id, line1_id, toggle_wrap_id) {
+	Line_Numbers.Set_Line_Numbers();
 
-	var line_numbers = document.getElementById(line_numbers_id);
-	var listing 	 = document.getElementById(listing_id);
-	var line_zero    = document.getElementById(line0_id); //empty: used for char-width calc.
-	var line_one     = document.getElementById(line1_id); //<div>1</div> will contain the line numbers.
-	var toggle_wrap	 = document.getElementById(toggle_wrap_id);
-	var initial_wrap = "<?php echo $LINE_WRAP ?>";
-	var TAB_SIZE 	 = <?php echo $TAB_SIZE ?>;
+	Close_button.focus();
 
-	var char_width     = (line_zero.offsetLeft - line_one.offsetLeft);
-	var padding_L 	   = parseInt(window.getComputedStyle(listing).getPropertyValue("padding-left"));
-	var padding_R 	   = parseInt(window.getComputedStyle(listing).getPropertyValue("padding-right"));
+	//needed so textarea cursor selectionStart/End stay set to 0.  I don't known why. I wish I did...
+	return false;
+}
 
-	var Display_Width_Chars = function() {return Math.floor((listing.clientWidth - padding_L - padding_R) / char_width)};
 
-	line_zero.innerHTML = ""; //Just makin' sure. Only used for char-width calc.
 
-	line_numbers.style.height = listing.offsetHeight + "px";
 
+function Line_Numbering(wrapper_id, line_numbers_id, listing_id, line0_id, line1_id) {
 
 
-	if (listing.getAttribute('readonly') === null) {
-		//If not readonly (ie: editable)...
-		listing.addEventListener("keyup",   function(event){Set_Line_Numbers(event)});
-		listing.addEventListener("mouseup", function(event){Set_Line_Numbers(event)});
-		listing.addEventListener("paste",   function(event){Set_Line_Numbers(event)});
-	}
+	//***** functions ************************************************
 	
-	listing.addEventListener("scroll",  function(event){Set_Line_Numbers(event)});
-	
-	toggle_wrap.onclick = function() {Toggle_Line_Wrap(this);}
-
-
-
-	//Set default/page load condition, and also init's the line numbers...
-	//We're just setting the initial condition now, not actually toggling,
-	//so "pre-toggle" the indicator here as Toggle_Line_Wrap() will toggle it back...
-	if (initial_wrap === "off") {toggle_wrap.value = "on";} else {toggle_wrap.value = "off";}
-	Toggle_Line_Wrap(toggle_wrap);
-
-
-
-	function Toggle_Line_Wrap(on_off) {
-		
-		if (on_off.value == "on") {
-			on_off.value  				 = "off"
-			document.cookie 			 = 'line_wrap=off'
-			listing.style["white-space"] = "pre";
-		}
-		else {
-			on_off.value  				 = "on"
-			document.cookie				 = 'line_wrap=on'
-			listing.style["white-space"] = "pre-wrap";
-		}
-		
-		Correct_Word_Wrapping(listing);
-		
-		Set_Line_Numbers();
-		
-	}//end Toggle_Line_Wrap()
+	function Display_Width_Chars() {
+		return Math.floor((listing.clientWidth - padding_L - padding_R) / char_width)
+	}
 
 
 
 	function Line_Count(str) {
-		
-		var line_count = 0;
 		var i = 0
+		var line_count = 0;
 		
 		for (i = 0; i < str.length; ++i) { 
-			if(str[i] == '\n') { line_count++; } //Line-endings are normalized to \n elsewhere in OFCMS. (server-side)
+			//Line-endings are normalized to \n elsewhere in OFCMS. (server-side)
+			if(str[i] == '\n') { line_count++; }
 		}
 		
 		line_count++;  //Last line doesn't have a new-line at the end.
-		
 		return line_count; 
 		
 	}//end Line_Count()
@@ -3950,24 +3881,21 @@ function Line_Count(str) {
 
 
 	function Effective_Line_Length(line, tab_size){
-		
 		var TAB = "\t";
 		var effective_length = 0;
 		var next_tab_stop    = 0;
 		
 		for (x = 0; x < line.length; x++) {
-			
-			effective_length++;  //At this point, this may include a tab char, but not any subsequent space to the next tab-stop.
-			
+			//At this point, this may include a tab char, but not any subsequent space(s) to the next tab-stop.
+			effective_length++;
 			if (effective_length > next_tab_stop) {next_tab_stop += tab_size;}
-			
 			if (line[x] == TAB) {effective_length = next_tab_stop;}  //adds the subsequent space to the next tab-stop.
 		}
 		
 		return effective_length;
 		
 	}//end Effective_Line_Length()
-	
+
 
 
 	function Create_Line_Numbers(){
@@ -3990,7 +3918,7 @@ function Create_Line_Numbers(){
 			
 			effective_line_length = Effective_Line_Length(lines[cur_line], TAB_SIZE);
 			
-			if ((toggle_wrap.value == "on") && (effective_line_length > current_width)) {
+			if ((Toggle_Wrap.value == "on") && (effective_line_length > current_width)) {
 				
 				line_count_wrapped = Math.ceil(effective_line_length / current_width) - 1; //# of addtional lines after wrapped...
 				
@@ -4022,27 +3950,157 @@ function Set_Line_Numbers(event) {
 		
 	}//end Set_Line_Numbers()
 
+	//*** end functions **********************************************
 
 
-	var LN = {};
-	LN.Effective_Line_Length = Effective_Line_Length;
-	LN.Create_Line_Numbers   = Create_Line_Numbers;
-	LN.Set_Line_Numbers		 = Set_Line_Numbers;
+
+	//*** common variables *******************************************
+
+	var wrapper		 = document.getElementById(wrapper_id);
+	var line_numbers = document.getElementById(line_numbers_id);
+	var listing 	 = document.getElementById(listing_id);
+	var line_zero    = document.getElementById(line0_id); //empty: used for char-width calc.
+	var line_one     = document.getElementById(line1_id); //<div>1</div> will contain the line numbers.
+
+	line_zero.innerHTML = ""; //Just makin' sure. It's only used for the char_width calc.
 	
+	var char_width     = (line_zero.offsetLeft - line_one.offsetLeft);
+	var padding_L 	   = parseInt(window.getComputedStyle(listing).getPropertyValue("padding-left"));
+	var padding_R 	   = parseInt(window.getComputedStyle(listing).getPropertyValue("padding-right"));
+
+
+	//Check for tabSize css support.  Default/standard size is 8.
+	var TAB_SIZE = 8;
+	
+	if ("tabSize" in document.body.style){
+		TAB_SIZE = <?php echo $TAB_SIZE ?>;
+		listing.style.tabSize = TAB_SIZE;
+	}
+	else if ("MozTabSize" in document.body.style) {
+		TAB_SIZE = <?php echo $TAB_SIZE ?>;
+		listing.style.MozTabSize = TAB_SIZE;
+	}
+	else if ("OTabSize" in document.body.style) {
+		TAB_SIZE = <?php echo $TAB_SIZE ?>;
+		listing.style.OTabSize = TAB_SIZE;
+	}
+
+	//*** end common variables ***************************************
+
+
+
+	//*** attach events **********************************************
+
+	if (listing.getAttribute('readonly') === null) {
+		//If not readonly (ie: editable)...
+		listing.addEventListener("keyup",   function(event){Set_Line_Numbers(event)});
+		listing.addEventListener("mouseup", function(event){Set_Line_Numbers(event)});
+		listing.addEventListener("paste",   function(event){Set_Line_Numbers(event)});
+	}
+
+	listing.addEventListener("scroll",  function(event){Set_Line_Numbers(event)});
+
+	//*** end attach events ******************************************
+
+
 	//Set initial cursor location to start of file, instead of end (the default).
 	listing.selectionStart = 0;
 	listing.selectionEnd = 0;
 
+
+	//Set_Line_Numbers() is also used by Wide_View() & Toggle_Line_Wrap().
+	//Toggle_Line_Wrap() will make the initial call to Set_Line_Numbers().
+	var LN = {};
+	LN.Set_Line_Numbers = Set_Line_Numbers;
+
 	return LN;
 
-}//end Line_Numbering() //***********************************
+}//end Line_Numbering() //********************************************
+
+
+
+
+//***** Global variables *********************************************
+var Main_div		   = document.getElementById('main');
+var Ln_Editor_wrapper  = document.getElementById('wrapper_linenums_editor');
+var Line_Numbers_div   = document.getElementById('line_numbers');
+var File_textarea      = document.getElementById('file_editor');
+var View_Raw_button    = document.getElementById('view_raw');
+var Wide_View_button   = document.getElementById('wide_view');
+var WYSIWYG_button	   = document.getElementById('edit_WYSIWYG');
+var Close_button       = document.getElementById('close1');
+var Toggle_Wrap		   = document.getElementById('toggle_wrap');
+var Save_File_button   = document.getElementById('save_file');
+var Reset_button       = document.getElementById('reset');
+var Rename_File_button = document.getElementById('renamefile_btn');
+var Copy_File_button   = document.getElementById('copyfile_btn');
+var Delete_File_button = document.getElementById('deletefile_btn');
+
+var submitted  = false;
+var changed    = false;
+
+if (File_textarea) { var start_value = File_textarea.value; }
+
+var onclick_params = '<?php echo $ONESCRIPT.$param1.'&f='.rawurlencode(basename($filename)).'&p=' ?>';
+
+//Wide View / Normal View init...
+Main_div.style.width = "<?php echo $current_view ?>"; //Set current width
+//***** end Global variables *****************************************
+
+
+
+//***** Events assignments *******************************************
+//[Close], and [Copy], should always be present on Edit Page.
+Close_button.onclick     = function () { parent.location = '<?php echo $close_params ?>'; }
+Copy_File_button.onclick = function () { parent.location = onclick_params + 'copyfile';   }
+Toggle_Wrap.onclick 	 = function () {Toggle_Line_Wrap(this);}
+
+//These elements do not exist if file is not editable, or maybe if in WYSIWYG mode.
+if (View_Raw_button)    { View_Raw_button.onclick 	 = function () {window.open(onclick_params + 'raw_view'); } }
+if (Wide_View_button)   { Wide_View_button.onclick 	 = function () {Wide_View();}    }
+if (Save_File_button)   { Save_File_button.onclick 	 = function () {submitted=true;} }
+if (WYSIWYG_button  )   { WYSIWYG_button.onclick 	 = function () {<?php echo $WYSIWYG_onclick ?>} }
+if (Rename_File_button) { Rename_File_button.onclick = function () {parent.location = onclick_params + 'renamefile';} }
+if (Delete_File_button) { Delete_File_button.onclick = function () {parent.location = onclick_params + 'deletefile';} }
+if (File_textarea)      { File_textarea.addEventListener("keyup", function(event) {Check_for_changes(event);}) }
+
+
+window.onbeforeunload = function() {
+	if ( changed && !submitted ) {
+		//FF4+ Ingores the supplied msg below & only uses a system msg for the prompt.
+		<?php //use addslashes(), not hsc(), because this is for a js alert() / confirm(), not HTML ?>
+		return "<?php echo addslashes($_['unload_unsaved']) ?>";
+	}
+}
+
+
+window.onunload = function() {
+	//without this, a browser back then forward would reload file with local/
+	// unsaved changes, but with a green b/g as tho that's the file's saved contents.
+	if (!submitted) {
+		File_textarea.value = start_value;
+		Reset_file_status_indicators();
+	}
+}
+//***** end Events assignments ***************************************
 
 
 
-Line_Numbers = Line_Numbering("line_numbers", "file_editor", "line_0", "line_1", "toggle_wrap");
 
+Set_File_Textarea_Width();
+
+Line_Numbers = Line_Numbering("wrapper_linenums_editor", "line_numbers", "file_editor", "line_0", "line_1");
+
+//Set default/page load condition, and also init's the line numbers...
+//We're just setting the initial condition now, not actually toggling,
+//so "pre-toggle" the indicator here as Toggle_Line_Wrap() will toggle it back...
+//
+if (Toggle_Wrap.value === "off") {Toggle_Wrap.value = "on";} else {Toggle_Wrap.value = "off";}
+Toggle_Line_Wrap(Toggle_Wrap);
 
 Reset_file_status_indicators();
+
+Close_button.focus();
 </script>
 <?php
 }//end Edit_Page_scripts() //***************************************************
@@ -4137,6 +4195,7 @@ function pre_validate_pwun() {
 	return true;
 }//end pre_validate_pwun()
 </script>
+
 <?php
 }//end pwun_event_scripts() //**************************************************
 
@@ -4152,6 +4211,7 @@ function js_hash_scripts() {//**************************************************
 //in transit. However, this does help to protect the user's plain-text p/w, which
 //may be used elsewhere.
 ?>
+
 <script>
 /* hex_sha256() (and directly associated functions)
  *
@@ -4178,6 +4238,7 @@ function hash($element_id) {
 	$input.value = $hash;
 }//end hash()
 </script>
+
 <?php
 }//end js_hash_scripts() //*****************************************************
 
@@ -4186,6 +4247,7 @@ function hash($element_id) {
 
 function style_sheet() {//******************************************************
 ?>
+
 <style>
 /* --- reset --- */
 * { border : 0; outline: 0; margin: 0; padding: 0;
@@ -4515,8 +4577,9 @@ function style_sheet() {//******************************************************
 }
 
 #line_numbers, #file_editor {
-	vertical-align	: top;
+	vertical-align  : top;
 	display			: inline-block;
+	height			: 40em;
 	white-space		: pre;
 	margin			: 0;
 	font			: normal .9em courier;
@@ -4532,38 +4595,33 @@ function style_sheet() {//******************************************************
 	overflow-y	: hidden;
 	overflow-x  : scroll;  /*This may be grayed out, but provides visual consistancy with #file_editor.*/
 	text-align	: right;
+	float		: left;  /*only needed to help eliminate whitespace between #line_numbers & #file_editor*/
 }
 
 #line_0, #line_1 {margin: 0; display: inline-block; }
 
-.tab_size {
-	tab-size     : 8;
-	-o-tab-size  : 8;
-	-moz-tab-size: 8;
-}
-
 #file_editor {
-	font  	  : .9em Courier;
-	border	  : 1px solid #777;
-	height	  : 40em;
-	width     : 96.6%;		/* compromise betweeen Normal and Wide views. May be dynamic someday. */
-	margin	  : 0 0 .7em 2px;
-	padding   : 1px 0 0 3px;
+	font  	   : .9em Courier;
+	border	   : 1px solid #777;
+	width      : 96%;		/* Dynamically set by Set_File_Textarea_Width(), base on Normal or Wide view. */
+	margin	   : 0 0 .7em 2px;
+	padding    : 1px 0 0 3px;
 	overflow   : scroll;
-	word-break : break-all;
 	word-wrap  : normal;
+	word-break : break-all;
 	white-space: pre-wrap;
 	resize     : none;
-	
-	color			: black; /* Default. May make themeable, along with background-color. */
-	
-	/* Set in Reset_file_status_indicators() and Check_for_changes() */
-	background-color: white;
+
+	color 			: black; /* Default. May make themeable, along with background-color. Someday... */
+	background-color: white; /* Set in Reset_file_status_indicators() and Check_for_changes() */
 	}
 
 
 #file_editor:focus { border-color: #000; }
 
+.tab_size {	tab-size: 8; -o-tab-size: 8; -moz-tab-size: 8;  }
+
+
 .file_meta	{ float: left; margin-top: .6em; font-size: .95em; color: #222; }
 
 #edit_notes { font-size: .8em; color: #222 ;margin-top: 1em; clear:both; }
@@ -4571,32 +4629,6 @@ function style_sheet() {//******************************************************
 .notes      { margin-bottom: .4em; }
 
 
-#ww_options {
-	display: inline-block;
-	height : 28px;  
-	padding: 5px 6px 0 7px;
-	border: solid 1px #777;
-	color  : black;
-	font-size  : .9em;
-	font-family: sans-serif;
-	background-color: #EEE;
-} 
-
-#ww_options:hover {background-color: rgb(255,250,150); border-color: black;}
-
-#ww_options > label {
-	padding: 0px 3px 0px 0em;
-	margin-left: .3em;
-	font-weight: normal;
-	border : 1px solid #777;
-	border-radius: 3px;
-	background-color: #EEE;
-}
-
-#ww_options > label:hover  { background-color: #DDD; border-color: #333; cursor : pointer; }
-
-
-
 
 
 
@@ -4730,6 +4762,7 @@ function style_sheet() {//******************************************************
 #path_header a:hover  { border-left : solid 1px #777; border-right: solid 1px #777; }
 #path_header a:focus  { border-left : solid 1px #777; border-right: solid 1px #777; }
 </style>
+
 <?php
 }//end style_sheet() //*********************************************************
 
@@ -4739,6 +4772,7 @@ function style_sheet() {//******************************************************
 function Language_and_config_adjusted_styles() {//******************************
 	global $_, $MAIN_WIDTH, $MESSAGE, $page, $TAB_SIZE;
 ?>
+
 <style>
 #main { width: <?php echo $MAIN_WIDTH ?>; } /*Default 810px*/
 
@@ -4770,6 +4804,7 @@ function Language_and_config_adjusted_styles() {//******************************
 #select_all_label { font-size: <?php echo $_['select_all_label_size']?>; } /*Default .84em */
 #select_all_label { width: <?php echo $_['select_all_label_width']?>; }    /*Default 72px  */
 </style>
+
 <?php
 }//end Language_and_config_adjusted_styles() //*********************************
 
@@ -4848,7 +4883,6 @@ function Load_style_sheet() {//*************************************************
 
 
 
-
 //******************************************************************************
 //Output page contents
 //******************************************************************************
@@ -4871,8 +4905,8 @@ function Load_style_sheet() {//*************************************************
 
 Error_reporting_status_and_early_output(0,0); //0,0 will only show early output.
 
-if ($_SESSION['valid']) { echo '<div id="main" >'; }
-else                    { echo '<div id="login_page">'; }
+if ($_SESSION['valid']) { echo '<div id=main >'; }
+else                    { echo '<div id=login_page>'; }
 
 
 Page_Header();
@@ -4902,13 +4936,13 @@ function Load_style_sheet() {//*************************************************
 	}
 }//end footer
 
-echo '</div>'; //end main/login_page
+echo "\n</div>\n"; //end main/login_page
 echo "</body></html>\n";
 
 if ( ($page == "edit") && $WYSIWYG_VALID && $EDIT_WYSIWYG ) { include($WYSIWYG_PLUGIN_OS); }
 
 //Display any $MESSAGE's
-echo '<script>';
+echo "\n\n<script>\n";
 echo 'var $tabindex_xbox = '.$TABINDEX_XBOX.";\n"; //Used in Display_Messages()
 echo 'var $page = "'.$page.'";'."\n";
 echo '$MESSAGE += "'.addslashes($MESSAGE).'";'."\n"; //js version of $MESSAGE declared at top of common_scripts().

From 6c965119900742e7e1477e777965ef17b17022d5 Mon Sep 17 00:00:00 2001
From: Self-Evident <selfevidenttruths@mail.com>
Date: Tue, 5 Sep 2017 19:21:47 -0400
Subject: [PATCH 205/228] Version 3.5.22 [Wide View] / [Normal View] button
 only available on edit page when $text_editable. Added if (Toggle_Wrap)...
 since not available if file not editable. Wrapped some function calls in "if
 (File_textarea) {...}" because needed. Moved some inline events from
 Index_Page_buttons_top() to Index_Page_events(). Removed: 
 <style>#message_box {min-height: 2em;}</style>  from Change_PWUN_Page().
 Added file permissions to Directory List:  sogw (s(u/g)id/sticky owner group
 world) 	ex: 0644 	affected: Create_Table_for_Listing(),
 Init_Dir_table_rows(), Assemble_Insert_row(), Build_Directory() changed js
 array delclarations from New Array() to []. Removed <head> & <body> tags, as
 they're superfluous and just clutter things up.

---
 onefilecms.php | 164 +++++++++++++++++++++++++++++--------------------
 1 file changed, 98 insertions(+), 66 deletions(-)

diff --git a/onefilecms.php b/onefilecms.php
index 3e9007f..e236530 100755
--- a/onefilecms.php
+++ b/onefilecms.php
@@ -2,7 +2,7 @@
 
 // OneFileCMS - github.com/Self-Evident/OneFileCMS
 
-$OFCMS_version = '3.5.21';
+$OFCMS_version = '3.5.22';
 
 
 
@@ -18,7 +18,7 @@
 ini_set('error_log'     , $_SERVER['SCRIPT_FILENAME'].'.ERROR.log');
 //
 //Determine good folder for session file. Default is /tmp/, which is not secure.
-//session_save_path('/home/content/username/tmp/'); //##### or:  ini_set('session.save_path', 'some/safe/path/')
+//session_save_path('/home/content/username/tmp/'); // or:  ini_set('session.save_path', 'some/safe/path/')
 //******************************************************************************
 
 
@@ -101,7 +101,7 @@
 $MAIN_WIDTH    = '810px'; //Width of main <div> defining page layout.          Can be px, pt, em, or %.  Assumes px otherwise.
 $WIDE_VIEW_WIDTH = '97%'; //Width to set Edit page if [Wide View] is clicked.  Can be px, pt, em, or %.  Assumes px otherwise.
 
-$LINE_WRAP = "on"; //"on", or (anything else) = "off".  Default for edit page. Once on page, line-wrap can toggle on/off.
+$LINE_WRAP = "on"; //"on",  anything else = "off".  Default for edit page. Once on page, line-wrap can toggle on/off.
 $TAB_SIZE  = 8;    //Some browsers recognize a css tab-size. Some don't (IE/Edge, as of mid-2016).
 
 $MAX_EDIT_SIZE = 200000;  // Edit gets flaky with large files in some browsers.  Trial and error your's.
@@ -162,6 +162,7 @@
 
 //Name of optional external config file.  Any settings it contains will supersede those above.
 //See the sample file in the OneFileCMS github repo for format example.
+//Basically, it is just a php file with a copy/paste of this configuration section.
 //$CONFIG_FILE = 'OneFileCMS.config.SAMPLE.php';
 
 //end CONFIGURABLE OPTIoNS *****************************************************
@@ -1839,6 +1840,9 @@ function Create_Table_for_Listing() {//*****************************************
 			<INPUT id=select_all_ckbox tabindex=<?php echo $TABINDEX++ ?> TYPE=checkbox NAME=select_all VALUE=select_all>
 		</div>
 	</th>
+	
+	<th style="font-family: courier">sogw</th>
+	
 	<th class=file_name>
 		<div id=ff_ckbox_div class=ckbox>
 			<INPUT tabindex=<?php echo $TABINDEX++?> TYPE=checkbox id=folders_first_ckbox NAME=folders_first VALUE=folders_first checked>
@@ -1856,12 +1860,13 @@ function Create_Table_for_Listing() {//*****************************************
 
 	<tr><?php // "../" directory entry ?>
 		<td colspan=4></td>
+		<td style="font-family: courier"></td>
 		<td>
 <?php		if ($ipath == $ACCESS_ROOT) {
-				echo '<a id=f0c4 tabindex='.$TABINDEX++.'>&nbsp;</a>';
+				echo '<a id=f0c5 tabindex='.$TABINDEX++.'>&nbsp;</a>';
 			}
 			else {
-				echo '<a id=f0c4 tabindex='.$TABINDEX++.' href="'.$ONEFILECMS.'?i='.$new_path.'">'.$ICONS['up_dir'].' <b>..</b> /</a>'; //#### '.$ICONS['up_dir'].'
+				echo '<a id=f0c5 tabindex='.$TABINDEX++.' href="'.$ONEFILECMS.'?i='.$new_path.'">'.$ICONS['up_dir'].' <b>..</b> /</a>'; //#### '.$ICONS['up_dir'].'
 			}
 ?>		</td>
 		<td></td>
@@ -1938,6 +1943,7 @@ function Get_DIRECTORY_DATA($raw_list) {//**************************************
 		$DIRECTORY_DATA[$DIRECTORY_COUNT][3] = $file_time_raw;
 		$DIRECTORY_DATA[$DIRECTORY_COUNT][4] = $IS_OFCMS; //If = 1, Don't show ren, del, ckbox.
 		$DIRECTORY_DATA[$DIRECTORY_COUNT][5] = $ext;
+		$DIRECTORY_DATA[$DIRECTORY_COUNT][6] = decoct(fileperms($filename_OS) & 07777);
 		$DIRECTORY_COUNT++;
 	}//end foreach file
 
@@ -1963,13 +1969,14 @@ function Send_directory_data_to_js() {//****************************************
 			$data_for_js .= ', ' .$DIRECTORY_DATA[$x][3];					// timestamp
 			$data_for_js .= ', ' .$DIRECTORY_DATA[$x][4];					// is_ofcms
 			$data_for_js .= ', "'.addslashes($DIRECTORY_DATA[$x][5]).'"';	// "ext"
+			$data_for_js .= ', ' .$DIRECTORY_DATA[$x][6];					// file permissions
 			$data_for_js .= "];\n";
 		}//end skip . & ..
 	}//end for x
 
 	$data_for_js .= "var DIRECTORY_ITEMS = DIRECTORY_DATA.length;\n";
 
-	$data_for_js .= "</script>\n";
+	$data_for_js .= "</script>\n\n";
 	echo $data_for_js;
 
 }//end Send_directory_data_to_js() {//******************************************
@@ -1984,12 +1991,9 @@ function Index_Page_buttons_top($file_count) {//********************************
 
 	echo '<div id=mcd_submit>'."\n";
 	if ($file_count > 0) {
-		$onclick_m = 'onclick="Confirm_Submit( \'move\');   "';
-		$onclick_c = 'onclick="Confirm_Submit( \'copy\');   "';
-		$onclick_d = 'onclick="Confirm_Submit( \'delete\' );"';
-		echo '<button id=b1 tabindex='.$TABINDEX++.' type=button '.$onclick_m.'>'.$ICONS['move'  ].hsc($_['Move']  )."</button\n>";
-		echo '<button id=b2 tabindex='.$TABINDEX++.' type=button '.$onclick_c.'>'.$ICONS['copy'  ].hsc($_['Copy']  )."</button\n>";
-		echo '<button id=b3 tabindex='.$TABINDEX++.' type=button '.$onclick_d.'>'.$ICONS['delete'].hsc($_['Delete'])."</button\n>";
+		echo '<button id=b1 tabindex='.$TABINDEX++.' type=button>'.$ICONS['move'  ].hsc($_['Move']  )."</button\n>";
+		echo '<button id=b2 tabindex='.$TABINDEX++.' type=button>'.$ICONS['copy'  ].hsc($_['Copy']  )."</button\n>";
+		echo '<button id=b3 tabindex='.$TABINDEX++.' type=button>'.$ICONS['delete'].hsc($_['Delete'])."</button\n>";
 	}
 	echo '</div>'."\n"; //end mcd_submit
 
@@ -2044,9 +2048,12 @@ function Edit_Page_buttons_top($text_editable,$file_ENC) {//********************
 	} else {$view_raw_button = '';}
 
 	//[Wide View] / [Normal View] button.  Label is what button will do, not an indicator the current state.
-	if ($_COOKIE['wide_view'] === "on") { $wv_label = hsc($_['Normal_View']); }
-	else 								{ $wv_label = hsc($_['Wide_View']); }
-	$wide_view_button = "<button type=button id=wide_view class=button value={$_COOKIE['wide_view']}>$wv_label</button>\n";
+	$wide_view_button = "";
+	if ($text_editable) { //#####  && !$EDIT_WYSIWYG  ??
+		if ($_COOKIE['wide_view'] === "on") { $wv_label = hsc($_['Normal_View']); }
+		else 								{ $wv_label = hsc($_['Wide_View']); }
+		$wide_view_button = "<button type=button id=wide_view class=button value={$_COOKIE['wide_view']}>$wv_label</button>\n";
+	}
 
 	//[Edit WYSIWYG] / [Edit Source] button.
 	$WYSIWYG_button  = '';
@@ -2853,7 +2860,7 @@ function init_ICONS_js() {//****************************************************
 	//Currently, only icons for dir listing are needed in js
 ?>
 <script>
-var ICONS = new Array();
+var ICONS = [];
 ICONS['bin']	 = '<?php echo $ICONS["bin"]	 ?>';
 ICONS['z']		 = '<?php echo $ICONS["z"]		 ?>';
 ICONS['img']	 = '<?php echo $ICONS["img"]	 ?>';
@@ -3080,7 +3087,10 @@ function Index_Page_events() {//************************************************
 	global $_, $PAGEUPDOWN, $EX;
 ?>
 <script>
-//onclick events
+var Move_Button			= document.getElementById('b1');
+var Copy_Button			= document.getElementById('b2');
+var Delete_Button		= document.getElementById('b3');
+
 var Select_All_ckbox	= document.getElementById('select_all_ckbox');
 var Header_Sorttype		= document.getElementById('header_sorttype');
 var Folders_First_Ckbox = document.getElementById('folders_first_ckbox');
@@ -3088,13 +3098,21 @@ function Index_Page_events() {//************************************************
 var Header_Filesize		= document.getElementById('header_filesize');
 var Header_Filedate		= document.getElementById('header_filedate');
 
-Select_All_ckbox.onclick	 = function () {Select_All();}
-Folders_First_Ckbox.onclick  = function () {Sort_and_Show(SORT_by, SORT_order); this.focus()}
+
+//These buttons aren't present if folder is empty...
+if (Move_Button)   { Move_Button.onclick   = function () {Confirm_Submit('move');}   }
+if (Copy_Button)   { Copy_Button.onclick   = function () {Confirm_Submit('copy');}   }
+if (Delete_Button) { Delete_Button.onclick = function () {Confirm_Submit('delete');} }
+
+//Always present...
+Select_All_ckbox.onclick = function () {Select_All();}
+Folders_First_Ckbox.onclick = function () {Sort_and_Show(SORT_by, SORT_order); this.focus();}
 Header_Filename.onclick  = function () {Sort_and_Show(1, FLIP_IF); this.focus(); return false;}
 Header_Filesize.onclick  = function () {Sort_and_Show(2, FLIP_IF); this.focus(); return false;}
 Header_Filedate.onclick  = function () {Sort_and_Show(3, FLIP_IF); this.focus(); return false;}
 Header_Sorttype.onclick	 = function () {Sort_and_Show(5, FLIP_IF); this.focus(); return false;}
 
+
 Header_Filename.focus();
 
 
@@ -3127,7 +3145,7 @@ function on_Tab_down(ID, FR,shifted) { //*****************************
 	//So, if current focus is ck_box, clear bg, else if we're heading there, set bg.
 	//Tab from L, Current ID will be "f<FR>c2"
 	//Tab from R: Current ID is "f<FR>"
-	var fFR   = "f" + FR + "c4" //Filename
+	var fFR   = "f" + FR + "c5" //Filename
 	var ckbox = "f" + FR + "c3" //[ ] Checkbox
 	var del   = "f" + FR + "c2" //(x) Delete
 
@@ -3186,8 +3204,9 @@ function on_Tab_down(ID, FR,shifted) { //*****************************
 
 	//File Rows. For these events, "../" is 0, and files are indexed 1 to DIRECTORY_ITEMS.
 	var FROWS     = DIRECTORY_ITEMS;
-	var LAST_FILE = "f" + FROWS + "c4";
-	var FIRST_FILE = "f0c4";
+	var FILENAME_COL = 5;
+	var LAST_FILE = "f" + FROWS + "c" + FILENAME_COL;
+	var FIRST_FILE = "f0c" + FILENAME_COL;
 
 	//Get id of current focus (before this event). If focus is in file list, ID = 'fn', or 'fnn', etc.
 	var ID      = document.activeElement.id;
@@ -3293,31 +3312,31 @@ function on_Tab_down(ID, FR,shifted) { //*****************************
 		if      (key == AU) {ID = "admin"}
 		else if (key == PU) {ID = "admin"}
 		else if (key == AD) {ID = "path_0"}
-		else if (key == PD) {ID = "f0c4"}
+		else if (key == PD) {ID = FIRST_FILE}
 	}
 	else if (ID == "X_box") {
 		if      (key == AU)   {ID = "path_0"}
 		else if (key == PU)   {ID = "logo"}
 		else if (key == AD)   {ID = button_row}
-		else if (key == PD)   {ID = "f0c4"}
+		else if (key == PD)   {ID = FIRST_FILE}
 	}
 	else if (x_focus == 'p') { //In path_header: webroot/current/path/
 		if      (key == AU)   {ID = "logo"}
 		else if (key == PU)   {ID = "logo"}
 		else if (key == AD)   {ID = button_row}
-		else if (key == PD)   {ID = "f0c4"}
+		else if (key == PD)   {ID = FIRST_FILE}
 	}
 	else if (x_focus == "b") { //[Move][Copy][Delete]  [New Folder][New File][Upload File]
 		if 		(key == AU) {ID = "path_0"		   }
 		else if (key == PU) {ID = "path_0"		   }
 		else if (key == AD) {ID = "header_filename"}
-		else if (key == PD) {ID = "f0c4"		   }
+		else if (key == PD) {ID = FIRST_FILE	   }
 	}
 	else if (focus_header) { //Table header row
 		if      (key == AU) {ID = button_row}
 		else if (key == PU) {ID = "path_0"}
-		else if	(key == AD) {ID = "f0c4"}
-		else if	(key == PD) {FR += jump; if (FR < FROWS) {ID = "f" + FR + "c4"} else {ID = LAST_FILE}}
+		else if	(key == AD) {ID = FIRST_FILE}
+		else if	(key == PD) {FR += jump; if (FR < FROWS) {ID = "f" + FR + "c" + FILENAME_COL} else {ID = LAST_FILE}}
 	}
 	else if ((FR == 0) && (FROWS == 0)) { //empty folder
 		if		(key == AU) {ID = "header_filename"}
@@ -3327,7 +3346,7 @@ function on_Tab_down(ID, FR,shifted) { //*****************************
 	}
 	else if (FR == FROWS) { //Last row (FROWS is the number of files listed)
 		if		(key == AU) { FR--      ; if (FR >= 0) {ID = "f" + FR + "c" + FC} else {ID = "header_filename" } }
-		else if	(key == PU) { FR -= jump; if (FR >= 0) {ID = "f" + FR + "c" + FC} else {ID = "f0c4"} }
+		else if	(key == PU) { FR -= jump; if (FR >= 0) {ID = "f" + FR + "c" + FC} else {ID = FIRST_FILE} }
 		else if (key == AD) { ID = "admin" }
 		else if (key == PD) { ID = "admin" }
 	}
@@ -3338,8 +3357,8 @@ function on_Tab_down(ID, FR,shifted) { //*****************************
 		else if (key == PD) {FR += jump; if (FR <= FROWS) {ID = "f" + FR + "c" + FC} else {ID = LAST_FILE;} }
 	}
 	else if (FR > 0){ //Middle rows...
-		if		(key == AU) { FR--      ; if (FR == 0) {FC=4} ID = "f" + FR + "c" + FC;	}
-		else if	(key == PU) { FR -= jump; if (FR >= 0)      { ID = "f" + FR + "c" + FC} else {ID = "f0c4"}	 }
+		if		(key == AU) { FR--      ; if (FR == 0) {FC=FILENAME_COL} ID = "f" + FR + "c" + FC;	}
+		else if	(key == PU) { FR -= jump; if (FR >= 0)      { ID = "f" + FR + "c" + FC} else {ID = FIRST_FILE}	 }
 		else if (key == AD) { FR++; 	  if (FR <= FROWS)  { ID = "f" + FR + "c" + FC} else {ID = "path_0"; } }
 		else if (key == PD) { FR += jump; if (FR <= FROWS)  { ID = "f" + FR + "c" + FC} else {ID = LAST_FILE;} }
 	}
@@ -3376,8 +3395,8 @@ function Index_Page_scripts() {//***********************************************
 	global $_, $ONESCRIPT, $param1, $ipath, $MESSAGE, $DELAY_Sort_and_Show_msgs, $MIN_DIR_ITEMS, $TABINDEX;
 ?>
 <script>
-//  DIRECTORY_DATA[x] = ("type", "file name", filesize, timestamp, is_ofcms, "ext")	
-var DIRECTORY_DATA	  = new Array();
+//  DIRECTORY_DATA[x] = ("type", "file name", filesize, timestamp, is_ofcms, "ext", permissions)
+var DIRECTORY_DATA	  = [];
 
 var ONESCRIPT	= "<?php echo $ONESCRIPT ?>";
 var PARAM1		= "<?php echo $param1 ?>";  //capitalized here as it is used as a constant.
@@ -3402,9 +3421,9 @@ function Sort_Folders_First() {//*************************************
 	//DIRECTORY_DATA[x] = ("type", "file name", filesize, timestamp, is_ofcms)	
 
 	var type = ""; //= row_data[0] = DIRECTORY_DATA[x][0]
-	var files   = new Array();
-	var folders = new Array();
-	var row_data = new Array();
+	var files    = [];
+	var folders  = [];
+	var row_data = [];
 	var F = D = row = 0;  //indexes
 
 	for (row = 0; row < DIRECTORY_DATA.length; row++) {;
@@ -3415,7 +3434,7 @@ function Sort_Folders_First() {//*************************************
 	}//end for
 
 	//Replace contents of DIRECTORY_DATA[] with a "merged" folders[] & files[].
-	DIRECTORY_DATA = new Array();
+	DIRECTORY_DATA = [];
 	row = 0
 	for (D = 0; D < folders.length; D++) { DIRECTORY_DATA[row++] = folders[D]; }
 	for (F = 0; F < files.length;   F++) { DIRECTORY_DATA[row++] = files[F];   }
@@ -3480,18 +3499,22 @@ function sort_DIRECTORY(col, direction) {//***************************
 function Init_Dir_table_rows(DIR_LIST) {//****************************
 
 	var row, cell, cells, tr, td;
+	
+	var last_cell = 8; // number of columns in directory listing.
 
 	for (row = 0; row < DIRECTORY_ITEMS; row++){
 		
 		//initialize <tr> with empty <td>'s
 		tr = DIR_LIST.insertRow(row);
-		for (cell = 0; cell < 7; cell++) {td = tr.insertCell(-1);}
+		for (cell = 0; cell < last_cell; cell++) {td = tr.insertCell(-1);}
 		cells = tr.cells;
 		
 		//assign css classes
-		cells[4].className = 'file_name';
-		cells[5].className = 'file_size meta_T';
-		cells[6].className = 'file_time meta_T';
+		var c = 4;
+		cells[c++].className = 'meta_T';	//file permissions
+		cells[c++].className = 'file_name';
+		cells[c++].className = 'file_size meta_T';
+		cells[c++].className = 'file_time meta_T';
 	}
 }//end Init_Dir_table_rows() {//**************************************
 
@@ -3528,14 +3551,16 @@ function Assemble_Insert_row(IS_OFCMS, row, trow, href, f_or_f, filename, file_n
 	}
 
 	//fill the <td>'s
+	var c=0;
 	cells = trow.cells;
-	cells[0].innerHTML = ren_mov;
-	cells[1].innerHTML = copy;
-	cells[2].innerHTML = del;
-	cells[3].innerHTML = checkbox;
-	cells[4].innerHTML = file_name;
-	cells[5].innerHTML = file_size;
-	cells[6].innerHTML = file_time;
+	cells[c++].innerHTML = ren_mov;
+	cells[c++].innerHTML = copy;
+	cells[c++].innerHTML = del;
+	cells[c++].innerHTML = checkbox;
+	cells[c++].innerHTML = DIRECTORY_DATA[row - 1][6];
+	cells[c++].innerHTML = file_name;
+	cells[c++].innerHTML = file_size;
+	cells[c++].innerHTML = file_time;
 
 }//end Assemble_Insert_row() //***************************************
 
@@ -3570,8 +3595,10 @@ function Build_Directory() {//****************************************
 			var file_size = format_number(filesize);
 		}
 		
+		var file_col = 5; //column of file names
+		
 		//For file, (TABINDEX + 4) to account for [m][c][d][x] which are added in Assemble_Insert_Row()
-		var file_name  = '<a id=f'+(row + 1)+'c'+4+ ' tabindex='+ (TABINDEX + 4) +' href="' + href  + '"'; 
+		var file_name  = '<a id=f'+(row + 1)+'c'+ file_col + ' tabindex='+ (TABINDEX + 4) +' href="' + href  + '"'; 
 			file_name += ' title="<?php echo hsc($_['Edit_View']) ?>: ' + hsc(filename) + '" >';
 			file_name += ICONS[filetype] + '&nbsp;' + hsc(filename) + DS + '</a>';
 		var file_time  = FileTimeStamp(filetime, 1, 0, 0);
@@ -4053,7 +4080,7 @@ function Set_Line_Numbers(event) {
 //[Close], and [Copy], should always be present on Edit Page.
 Close_button.onclick     = function () { parent.location = '<?php echo $close_params ?>'; }
 Copy_File_button.onclick = function () { parent.location = onclick_params + 'copyfile';   }
-Toggle_Wrap.onclick 	 = function () {Toggle_Line_Wrap(this);}
+
 
 //These elements do not exist if file is not editable, or maybe if in WYSIWYG mode.
 if (View_Raw_button)    { View_Raw_button.onclick 	 = function () {window.open(onclick_params + 'raw_view'); } }
@@ -4063,6 +4090,7 @@ function Set_Line_Numbers(event) {
 if (Rename_File_button) { Rename_File_button.onclick = function () {parent.location = onclick_params + 'renamefile';} }
 if (Delete_File_button) { Delete_File_button.onclick = function () {parent.location = onclick_params + 'deletefile';} }
 if (File_textarea)      { File_textarea.addEventListener("keyup", function(event) {Check_for_changes(event);}) }
+if (Toggle_Wrap)		{ Toggle_Wrap.onclick 		 = function () {Toggle_Line_Wrap(this);} }
 
 
 window.onbeforeunload = function() {
@@ -4086,22 +4114,27 @@ function Set_Line_Numbers(event) {
 
 
 
+//***** A few function calls that only matter... 
+if (File_textarea) {
 
-Set_File_Textarea_Width();
+	Set_File_Textarea_Width();
 
-Line_Numbers = Line_Numbering("wrapper_linenums_editor", "line_numbers", "file_editor", "line_0", "line_1");
+	Line_Numbers = Line_Numbering("wrapper_linenums_editor", "line_numbers", "file_editor", "line_0", "line_1");
 
-//Set default/page load condition, and also init's the line numbers...
-//We're just setting the initial condition now, not actually toggling,
-//so "pre-toggle" the indicator here as Toggle_Line_Wrap() will toggle it back...
-//
-if (Toggle_Wrap.value === "off") {Toggle_Wrap.value = "on";} else {Toggle_Wrap.value = "off";}
-Toggle_Line_Wrap(Toggle_Wrap);
+	//Set default/page load condition, and also init's the line numbers...
+	//We're just setting the initial condition now, not actually toggling,
+	//so "pre-toggle" the indicator here as Toggle_Line_Wrap() will toggle it back...
+	//
+	if (Toggle_Wrap.value === "off") {Toggle_Wrap.value = "on";} else {Toggle_Wrap.value = "off";}
+	Toggle_Line_Wrap(Toggle_Wrap);
+
+	Reset_file_status_indicators();
+}
 
-Reset_file_status_indicators();
 
 Close_button.focus();
 </script>
+
 <?php
 }//end Edit_Page_scripts() //***************************************************
 
@@ -4117,6 +4150,7 @@ function pwun_event_scripts($form_id, $button_id, $pwun='') {//*****************
 		$hash_new_new = " hash('new1'); hash('new2');";
 	}//end if changing p/w --------------------------------------
 ?>
+
 <script>
 var $form          = document.getElementById('<?php echo $form_id ?>');
 var $submit_button = document.getElementById('<?php echo $button_id ?>');
@@ -4258,7 +4292,7 @@ function style_sheet() {//******************************************************
 
 /* --- general formatting --- */
 
-html { background: linear-gradient(170deg, white, rgb(50, 120,190)); background-attachment: fixed;}
+html { background: linear-gradient(170deg, white, rgb(50, 120, 250)); background-attachment: fixed;}
 
 body { height: 100%; font-size: 1em; font-family: sans-serif; overflow-y: scroll; }
 
@@ -4466,7 +4500,7 @@ function style_sheet() {//******************************************************
 .file_size { min-width:  6em; }
 .file_time { min-width: 10em; }
 
-.meta_T { padding: 0 .6em; text-align: right; font-family: courier; font-size: .9em; color: #222; }
+.meta_T { padding: 0 .5em; text-align: right; font: bold .9rem courier; color: #333} 
 
 #DIRECTORY_FOOTER {text-align: center; font-size: .9em; color: #333; padding: 3px 0 0 0; }
 
@@ -4891,7 +4925,7 @@ function Load_style_sheet() {//*************************************************
 header('Content-type: text/html; charset=UTF-8');
 ?>
 <!DOCTYPE html>
-<html><head>
+<html>
 <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
 <meta name="robots" content="noindex">
 <?php
@@ -4901,8 +4935,6 @@ function Load_style_sheet() {//*************************************************
 
 common_scripts();
 
-echo '</head><body>';
-
 Error_reporting_status_and_early_output(0,0); //0,0 will only show early output.
 
 if ($_SESSION['valid']) { echo '<div id=main >'; }
@@ -4937,7 +4969,7 @@ function Load_style_sheet() {//*************************************************
 }//end footer
 
 echo "\n</div>\n"; //end main/login_page
-echo "</body></html>\n";
+echo "</html>\n";
 
 if ( ($page == "edit") && $WYSIWYG_VALID && $EDIT_WYSIWYG ) { include($WYSIWYG_PLUGIN_OS); }
 
@@ -4945,7 +4977,7 @@ function Load_style_sheet() {//*************************************************
 echo "\n\n<script>\n";
 echo 'var $tabindex_xbox = '.$TABINDEX_XBOX.";\n"; //Used in Display_Messages()
 echo 'var $page = "'.$page.'";'."\n";
-echo '$MESSAGE += "'.addslashes($MESSAGE).'";'."\n"; //js version of $MESSAGE declared at top of common_scripts().
+echo '$MESSAGE += "'.addslashes($MESSAGE).'";'."\n"; //js version of $MESSAGE is declared at top of common_scripts().
 	    //Cause $MESSAGE's $X_box to take focus on these pages only.
 echo 'if (($page == "index") || ($page == "edit")) {take_focus = 1}'."\n";
 echo 'else										   {take_focus = 0}'."\n\n";

From 081b842487a7fbbea00bc0b4bf6d75296e6ec9ab Mon Sep 17 00:00:00 2001
From: Self-Evident <selfevidenttruths@mail.com>
Date: Tue, 5 Sep 2017 19:48:16 -0400
Subject: [PATCH 206/228] v3.5.22 - updated changelog

---
 info/changelog.markdown | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/info/changelog.markdown b/info/changelog.markdown
index 1483a5c..df1a2cf 100644
--- a/info/changelog.markdown
+++ b/info/changelog.markdown
@@ -1,8 +1,14 @@
 # OneFileCMS Change Log
 
+### v3.5.22 (2017-09-05)
+
+- Added file permissions to directory list.
+- A couple of minor bug-fixes.
+- Some minor code improvements.
+
 ### v3.5.21 (2016-06-26)
 
-- Some code cleanup & a little local js re-org. 
+- Some code cleanup & a little local js re-org.
 - Some minor static & active css improvements.
 - Added some basic validation to a config value.
 

From c81eef43cc187387d8d6e3ad1211aae752ea8b44 Mon Sep 17 00:00:00 2001
From: Self-Evident <selfevidenttruths@mail.com>
Date: Fri, 8 Sep 2017 12:58:46 -0400
Subject: [PATCH 207/228] Version 3.5.23 OneFileCMS no longer restricted to
 public_html.   Affected: $DOC_ROOT, $ACCESS_ROOT, $DEFAULT_PATH, and a couple
 localized $ipath's.   Also affected how optional config & laguage files are
 referenced.   Maybe some other stuff too, I forget... Added session path to
 Admin page. Added "Connected to: [hostname]" to Admin page. Added
 $_['admin_txt_03'], $_['admin_txt_04'], & $_['must_be_decendant'] to langauge
 files Added $_['Invalid'] to language files, but not yet used.  Because.
 Added $DEFAULT_PATH config variable, for $ipath if $ipath is not present or
 is invalid. Added Set_IS_OFCMS(). Removed all usage of $WEB_ROOT. It was
 based on $DOC_ROOT, which has changed slightly. Changed $DOC_ROOT. Now only
 defines default folder for $ACCESS_ROOT. Updated OneFileCMS.config.SAMPLE.php
 Increased $MAX_EDIT_SIZE from 200000 to 250000. And only a couple minor css
 changes!

---
 extras/OneFileCMS.config.SAMPLE.php |  67 ++++----
 info/changelog.markdown             |   5 +
 languages/OneFileCMS.LANG.DE.php    |  64 ++++----
 languages/OneFileCMS.LANG.EN.php    |  64 ++++----
 languages/OneFileCMS.LANG.ES.php    |  64 ++++----
 languages/OneFileCMS.LANG.NL.php    |  64 ++++----
 languages/OneFileCMS.LANG.RU.php    |  64 ++++----
 onefilecms.php                      | 241 +++++++++++++++++++---------
 readme.markdown                     |   6 +-
 9 files changed, 380 insertions(+), 259 deletions(-)

diff --git a/extras/OneFileCMS.config.SAMPLE.php b/extras/OneFileCMS.config.SAMPLE.php
index e0fe1dc..419df3d 100755
--- a/extras/OneFileCMS.config.SAMPLE.php
+++ b/extras/OneFileCMS.config.SAMPLE.php
@@ -1,13 +1,13 @@
 <?php 
 // OneFileCMS - github.com/Self-Evident/OneFileCMS
-// v3.5.13
+// v3.5.23
 // Sample external config file - this file is OPTIONAL.
 //
 // Basically, what follows is just a copy & paste of the OneFileCMS CONFIGURABLE INFO section.
 
 
-// USER CONFIGURABLE INFO ******************************************************
-$config_title = "OneFileCMS";
+// CONFIGURABLE OPTIONS ********************************************************
+$MAIN_TITLE = "OneFileCMS";
 
 $USERNAME = "username";
 $HASHWORD = "18350bc2181858e679605434735b1c2db6e7e4bb72b50a6d93d9ad1362f3e1c2";
@@ -23,7 +23,10 @@
 $MAIN_WIDTH    = '810px'; //Width of main <div> defining page layout.          Can be px, pt, em, or %.  Assumes px otherwise.
 $WIDE_VIEW_WIDTH = '97%'; //Width to set Edit page if [Wide View] is clicked.  Can be px, pt, em, or %.  Assumes px otherwise.
 
-$MAX_EDIT_SIZE = 200000;  // Edit gets flaky with large files in some browsers.  Trial and error your's.
+$LINE_WRAP = "on"; //"on",  anything else = "off".  Default for edit page. Once on page, line-wrap can toggle on/off.
+$TAB_SIZE  = 8;    //Some browsers recognize a css tab-size. Some don't (IE/Edge, as of mid-2016).
+
+$MAX_EDIT_SIZE = 250000;  // Edit gets flaky with large files in some browsers.  Trial and error your's.
 $MAX_VIEW_SIZE = 1000000; // If file > $MAX_EDIT_SIZE, don't even view in OneFileCMS.
                           // The default max view size is completely arbitrary. Basically, it was 2am, and seemed like a good idea at the time.
 
@@ -32,31 +35,40 @@
 
 $UPLOAD_FIELDS = 10; //Number of upload fields on Upload File(s) page. Max value is ini_get('max_file_uploads').
 
-$config_favicon   = "favicon.ico"; //Path is relative to root of website.
-$config_excluded  = ""; //files to exclude from directory listings- CaSe sEnsiTive!
+$FAVICON  = "favicon.ico"; //Path is relative to root of website.
+
+$EXCLUDED_FILES  = ""; //csv list of filenames to exclude from directory listings- CaSe sEnsiTive!
 
-$config_etypes = "svg,asp,cfg,conf,csv,css,dtd,htm,html,xhtml,htaccess,ini,js,log,markdown,md,php,pl,txt,text"; //Editable file types.
-$config_stypes = "*"; // Shown types; only files of the given types should show up in the file-listing
-	// Use $config_stypes exactly like $config_etypes (list of extensions separated by commas).
-	// If $config_stypes is set to null - by intention or by error - only folders will be shown.
-	// If $config_stypes is set to the *-wildcard (the default), all files will show up.
-	// If $config_stypes is set to "html,htm" for example, only file with the extension "html" or "htm" will get listed.
+$EDIT_FILES = "svg,asp,cfg,conf,csv,css,dtd,htm,html,xhtml,htaccess,ini,js,log,markdown,md,php,pl,txt,text"; //Editable file types.
+$SHOW_FILES = "*"; // Shown types; only files of the given types should show up in the file-listing
+	// Use $SHOW_FILES exactly like $EDIT_FILES: a list of extensions separated by commas.
+	// If $SHOW_FILES is set to null - by intention or by error - only folders will be shown.
+	// If $SHOW_FILES is set to the *-wildcard (the default), all files will show up.
+	// If $SHOW_FILES is set to "html,htm" for example, only file with the extension "html" or "htm" will get listed.
 
-$config_itypes = "jpg,gif,png,bmp,ico"; //image types to display on edit page.
+$SHOW_IMGS = "jpg,gif,png,bmp,ico"; //image types to display on edit page.
 //File types (extensions).  _ftypes & _fclass must have the same number of values. bin is default.
-$config_ftypes = "bin,z,gz,7z,zip,jpg,gif,png,bmp,ico,svg,asp,cfg,conf,csv,css,dtd,htm,html,xhtml,htaccess,ini,js,log,markdown,md,php,pl,txt,text";
+$FILE_TYPES = "bin,z,gz,7z,zip,jpg,gif,png,bmp,ico,svg,asp,cfg,conf,csv,css,dtd,htm,html,xhtml,htaccess,ini,js,log,markdown,md,php,pl,txt,text";
 //Cooresponding file classes to _ftypes - used to determine icons for directory listing.
-$config_fclass = "bin,z,z ,z ,z  ,img,img,img,img,img,svg,txt,txt,cfg ,txt,css,txt,htm,htm ,htm  ,txt     ,txt,txt,txt,txt   ,txt,php,php,txt,txt";
+$FILE_CLASSES = "bin,z,z ,z ,z  ,img,img,img,img,img,svg,txt,txt,cfg ,txt,css,txt,htm,htm ,htm  ,txt     ,txt,txt,txt,txt   ,txt,php,php,txt,txt";
 
-$EX = '<b>( ! )</b> '; //EXclaimation point "icon" Used in $message's
+$EX = '<b>( ! )</b> '; //EXclaimation point "icon" Used in $MESSAGE's
 
 $PAGEUPDOWN = 10; //Number of rows to jump using Page Up/Page Down keys on directory listing.
 
 $SESSION_NAME = 'OFCMS'; //Name of session cookie. Change if using multiple copies of OneFileCMS concurrently.
 
-//Restrict access to a particular folder.  Leave empty for access to entire website.
-// "some/path/" is relative to root of website (with no leading slash).
-//$ACCESS_ROOT = 'some/path/';
+//Optional: restrict access to a particular sub folder.
+//$ACCESS_ROOT = '/some/path';
+//If blank or invalid, default is $_SERVER['DOCUMENT_ROOT'].
+//$ACCESS_ROOT = '/home/user';
+
+
+//Optional: specify a default start path on login.
+//$DEFAULT_PATH = 'some/path/deeper/'
+//Must be a decendant of $ACCESS_ROOT.
+//If blank or invalid, defaults to $ACCESS_ROOT.
+//$DEFAULT_PATH = '/home/user/public_html';
 
 
 //URL of optional external style sheet.  Used as an href in <link ...>
@@ -66,20 +78,21 @@
 
 //Notes for $LANGUAGE_FILE, $WYSIWYG_PLUGIN, and $CONFIG_FILE:
 //
-// Filename paths can be:
-//  1) Absolute to the filesystem:  "/some/path/from/system/root/somefile.php"  or
-//  2) Relative to root of website: "some/path/from/web/root/somefile.php"
+// Filename path examples:
+//  1) $SOME_FILE = "/some/path/from/system/root/somefile.php"	//Absolue to filesystem.
+//  2) $SOME_FILE = $_SERVER['DOCUMENT_ROOT']."/some/path/from/web/root/somefile.php" //Relative to root of web site.
 
 //Name of optional external language file.  If file is not found, the built-in defaults will be used.
-//$LANGUAGE_FILE = "OneFileCMS.LANG.EN.php";
+//$LANGUAGE_FILE = "/home/user/public_html/OneFileCMS.LANG.EN.php";
 
 //Init file for optional external wysiwyg editor.
 //Sample init files are availble in the "extras\" folder of the OneFileCMS repo, but the actual editors are not.
-//$WYSIWYG_PLUGIN = 'plugins/plugin-tinymce_init.php';
-//$WYSIWYG_PLUGIN = 'plugins/plugin-ckeditor_init.php';
+//$WYSIWYG_PLUGIN = '/home/user/public_html/plugins/plugin-tinymce_init.php';
+//$WYSIWYG_PLUGIN = '/home/user/public_html/plugins/plugin-ckeditor_init.php';
 
 //Name of optional external config file.  Any settings it contains will supersede those above.
 //See the sample file in the OneFileCMS github repo for format example.
-//$CONFIG_FILE = 'OneFileCMS.config.SAMPLE.php';
+//Basically, it is just a php file with a copy/paste of this configuration section.
+//$CONFIG_FILE = '/home/user/public_html/extras/OneFileCMS.config.SAMPLE.php';
 
-//end CONFIGURABLE INFO ********************************************************
+//end CONFIGURABLE OPTIoNS *****************************************************
diff --git a/info/changelog.markdown b/info/changelog.markdown
index df1a2cf..76913ac 100644
--- a/info/changelog.markdown
+++ b/info/changelog.markdown
@@ -1,5 +1,10 @@
 # OneFileCMS Change Log
 
+### v3.5.23 (2017-09-08)
+
+- OneFileCMS is no longer restricted to just public_html.
+- Increased $MAX_EDIT_SIZE to 250000. (It could probably go higher.)
+
 ### v3.5.22 (2017-09-05)
 
 - Added file permissions to directory list.
diff --git a/languages/OneFileCMS.LANG.DE.php b/languages/OneFileCMS.LANG.DE.php
index e19880e..8c7a90a 100755
--- a/languages/OneFileCMS.LANG.DE.php
+++ b/languages/OneFileCMS.LANG.DE.php
@@ -1,5 +1,5 @@
 <?php
-// OneFileCMS Language Settings v3.5.21
+// OneFileCMS Language Settings v3.5.23
 
 $_['LANGUAGE'] = 'Deutsch';
 $_['LANG'] = 'DE';
@@ -53,6 +53,7 @@
 $_['folders']  = 'Verzeichnisse';
 $_['From']     = 'Von';
 $_['Hash']     = 'Streuwert';
+$_['Invalid']  = 'Invalid'; //## NT ##
 $_['Move']     = 'Verschieben';
 $_['Moved']    = 'Verschoben';
 $_['Name']     = 'Name';    //## NT ##
@@ -69,8 +70,8 @@
 $_['To']       = 'Auf';
 $_['Upload']   = 'Heraufladen';
 $_['Username'] = 'Benutzername';
-$_['View']     = 'Aussicht';
 
+$_['View']            = 'Aussicht';
 $_['Working']         = 'Working - please wait...'; //## NT ##
 $_['Log_In']          = 'Anmelden';
 $_['Log_Out']         = 'Abmelden';
@@ -101,8 +102,9 @@
 $_['New_Location']    = 'Neuer Ordner';
 $_['No_files']        = 'Keine Dateien ausgewählt.';
 $_['Not_found']       = 'Nicht gefunden';
-$_['Invalid_path']    = 'Invalid path'; //## NT ##
 
+$_['Invalid_path']      = 'Invalid path'; //## NT ##
+$_['must_be_decendant'] = '$DEFAULT_PATH must be a decendant of, or equal to, $ACCESS_ROOT'; //## NT ##
 $_['verify_msg_01']     = 'Sitzung abgelaufen.';
 $_['verify_msg_02']     = 'UNGÜLTIGE DATENSENDUNG';
 $_['get_get_msg_01']    = 'Die Datei wurde nicht gefunden:';
@@ -112,9 +114,9 @@
 $_['ord_msg_01']        = 'Eine Datei mit demselben Namen existiert bereits im Zielverzeichnis.';
 $_['ord_msg_02']        = 'Speichern als';
 $_['rCopy_msg_01']      = 'Ein Ordner kann nicht in einer eigenen Sub-Ordner kopiert werden.';
-$_['show_img_msg_01']   = 'Die Bilddarstellung entspricht ~';
-$_['show_img_msg_02']   = '% der wahren Größe (W x H = ';
 
+$_['show_img_msg_01'] = 'Die Bilddarstellung entspricht ~';
+$_['show_img_msg_02'] = '% der wahren Größe (W x H = ';
 $_['hash_txt_01']   = 'Die Streuwert von dieser Seite erzeugt wird, kann verwendet werden, um manuell zu aktualisieren $ HASHWORD in OneFileCMS, oder in einer externen Konfigurationsdatei werden. In jedem Fall sicher, dass Sie das Kennwort erinnern verwendet, um den Streuwert zu generieren!';
 $_['hash_txt_06']   = 'Tippen Sie das gewünschte Passwort in das Eingabefeld und drücken Sie Enter.';
 $_['hash_txt_07']   = 'Der Streuwert wird in einer gelben Box überhalb angezeigt werden.';
@@ -122,55 +124,55 @@
 $_['hash_txt_09']   = 'Stellen Sie sicher, dass Sie den GESAMTEN Streuwert -- und nur diesen (keine führenden oder nachgestellten Leerzeichen, etc.) -- kopiert haben.';
 $_['hash_txt_10']   = 'Ein Doppelklick sollte den Streuwert auswählen...';
 $_['hash_txt_12']   = 'Wenn die Werte eingetragen wurden, melden Sie sich ab und wieder an.';
+
 $_['pass_to_hash']  = 'Passwort Streuwert:';
 $_['Generate_Hash'] = 'Streuwert generieren';
-
 $_['login_txt_01']  = 'Benutzername:';
 $_['login_txt_02']  = 'Passwort:';
 $_['login_msg_01a'] = 'Es wurden ';
 $_['login_msg_01b'] = ' ungültige Anmeldversuche gezählt.';
 $_['login_msg_02a'] = 'Bitte warten Sie ';
+
 $_['login_msg_02b'] = 'Sekunden, um es erneut zu probieren.';
 $_['login_msg_03']  = 'UNGÜLTIGER ANMELDEVERSUCH #';
-
 $_['edit_note_00']  = 'ANMKERUNG:';
 $_['edit_note_01a'] = 'Denken Sie immer daran: Ihre ';
 $_['edit_note_01b'] = ' ist ';
-$_['edit_note_02']  = 'Speichern Sie Änderungen bevor der Countdown abläuft, oder die Änderungen sind verloren!';
-$_['edit_note_03']  = 'Einige Browser (wie zum Beispiel Chrome) zeigen eventuell nicht den richtigen Dateistatus an, wenn man die Vor- und Zurückknöpfe verwendet. Zum Korrigieren offensichtlich falscher Angaben drücken Sie in so einem Fall bitte den "Neu laden"-Knopf.';
 
+$_['edit_note_02'] = 'Speichern Sie Änderungen bevor der Countdown abläuft, oder die Änderungen sind verloren!';
+$_['edit_note_03'] = 'Einige Browser (wie zum Beispiel Chrome) zeigen eventuell nicht den richtigen Dateistatus an, wenn man die Vor- und Zurückknöpfe verwendet. Zum Korrigieren offensichtlich falscher Angaben drücken Sie in so einem Fall bitte den "Neu laden"-Knopf.';
 $_['edit_h2_1']   = 'Betrachtend: ';
 $_['edit_h2_2']   = 'In Bearbeitung: ';
 $_['edit_txt_00'] = 'Edit disabled.'; //## NT ##
 $_['edit_txt_01'] = 'Unbekannter Dateityp oder keine Textdatei. Bearbeitungsmöglichkeit ausgeschalten.';
 $_['edit_txt_02'] = 'Die Datei enthält möglicherweise ungültige Zeichen. Der Bearbeitungs- und Betrachtungsmodus wurde gesperrt.';
-$_['edit_txt_03'] = 'htmlspecialchars() gab eine leere Zeichenkette zurück.';
-$_['edit_txt_04'] = 'Das Verhalten kann je nach verwendeter PHP-Version unterschiedlich sein.';
 
+$_['edit_txt_03']          = 'htmlspecialchars() gab eine leere Zeichenkette zurück.';
+$_['edit_txt_04']          = 'Das Verhalten kann je nach verwendeter PHP-Version unterschiedlich sein.';
 $_['too_large_to_edit_01'] = 'Bearbeiten deaktiviert. Dateigröße >';
 $_['too_large_to_edit_02'] = 'Einige Browser (wie zum Beispiel der Internet Explorer) bleiben stecken oder werden instabil, sobald größere Textmengen in einer HTML <textarea> bearbeitet werden.';
 $_['too_large_to_edit_03'] = 'Die Einstellung $MAX_EDIT_SIZE im Konfigurationsbereich des OneFileCMS kann nach den Erfordernissen angepaßt werden.';
 $_['too_large_to_edit_04'] = 'Mittels einfachem Trial & Error kann das optimale Limit für einen bestimmten Browser und Computer festgestellt werden.';
 $_['too_large_to_view_01'] = 'Betrachtungsmodus deaktiviert. Filesize > ';
 $_['too_large_to_view_02'] = 'Klicken Sie auf den Dateinamen überhalb, um die Datei direkt im Browser anzuzeigen.';
+
 $_['too_large_to_view_03'] = 'Adjustieren Sie die $MAX_VIEW_SIZE im Konfigurationsbereich von OneFileCMS nach Ihren Bedürfnissen.';
 $_['too_large_to_view_04'] = '(The default value for $MAX_VIEW_SIZE is completely arbitrary, and may be adjusted as desired.)'; //## NT ##
 
 $_['meta_txt_01'] = 'Dateigröße:';
 $_['meta_txt_03'] = 'Aktualisiert:';
-
 $_['edit_msg_01'] = 'Die Datei wurde gespeichert:';
+
 $_['edit_msg_02'] = 'Bytes geschrieben.';
 $_['edit_msg_03'] = 'Bei dem Versuch die Datei zu speichern trat ein Fehler auf.';
-
 $_['upload_txt_03'] = 'Anmerkung: Die maximale Dateigröße für das Heraufladen von Dateien beträgt: ';
 $_['upload_txt_01'] = 'php.ini: upload_max_filesize';
 $_['upload_txt_04'] = 'Maximale Gesamt Upload-Größe:';
 $_['upload_txt_02'] = 'php.ini: post_max_size';
 $_['upload_txt_05'] = 'Für die hochgeladenen Dateien, die bereits existieren: ';
+
 $_['upload_txt_06'] = 'Umbenennen (Auf filename.ext.001 etc...)';
 $_['upload_txt_07'] = 'Überschreiben';
-
 $_['upload_err_01'] = 'Fehler 1: Datei zu groß. Von php.ini:';
 $_['upload_err_02'] = 'Fehler 2: Datei zu groß. (MAX_FILE_SIZE HTML form element)';
 $_['upload_err_03'] = 'Fehler 3: Die Datei wurde nur teilweise heraufgeladen.';
@@ -179,31 +181,31 @@
 $_['upload_err_06'] = 'Fehler 6: Konnte kein temporäres Verzeichnis finden.';
 $_['upload_err_07'] = 'Fehler 7: Die Datei konnte nicht gespeichert werden.';
 $_['upload_err_08'] = 'Fehler 8: Eine PHP-Erweiterung hat das Heraufladen der Datei gestoppt.';
+
 $_['upload_error_01a'] = ' Fehler beim Heraufladen.  Die Gesamtmenge and heraufgeladenen Daten (in Hauptsache die Datei) überschreitet die post_max_size = ';
 $_['upload_error_01b'] = ' (der php.ini)';
-
 $_['upload_msg_02'] = 'Der Zielordner existiert nicht: ';
 $_['upload_msg_03'] = 'Das Heraufladen wurde abgebrochen.';
 $_['upload_msg_04'] = 'Heraufladen: ';
 $_['upload_msg_05'] = 'Das Heraufladen war erfolgreich! ';
+
 $_['upload_msg_06'] = 'Das Heraufladen ist fehlgeschlagen: ';
 $_['upload_msg_07'] = 'Eine bereits vorhandene Datei überschrieben wurde.';
-
 $_['new_file_txt_01'] = 'Die Datei wird im aktuellen Ordner erstellt.  ';
 $_['new_file_txt_02'] = 'Ungültige Zeichen für Dateinamen sind: ';
 $_['new_file_msg_01'] = 'Die neue Datei wurde nicht erstellt:';
 $_['new_file_msg_02'] = 'Der Name enthält ungültige Zeichen: ';
 $_['new_file_msg_04'] = 'Die Datei besteht bereits: ';
+
 $_['new_file_msg_05'] = 'Datei erstellt:';
 $_['new_file_msg_07'] = 'Ordner erstellt:';
-
 $_['CRM_txt_02'] = 'Der neue Ort muss bereits existieren.';
 $_['CRM_txt_04'] = 'Neuer Name';
 $_['CRM_msg_01'] = 'Fehler - der neue Zielort besteht nicht:';
 $_['CRM_msg_02'] = 'Fehler - die Quelldatei besteht nicht:';
-$_['CRM_msg_03'] = 'Fehler - die Zieldatei besteht bereits:';
-$_['CRM_msg_05'] = 'Fehler bei der';
 
+$_['CRM_msg_03']      = 'Fehler - die Zieldatei besteht bereits:';
+$_['CRM_msg_05']      = 'Fehler bei der';
 $_['delete_msg_03']   = 'Fehler löschen:';
 $_['session_warning'] = 'Achtung: Die sitzung wird ende bald!';
 $_['session_expired'] = 'SITZUNG ABGELAUFEN';
@@ -212,53 +214,55 @@
 $_['OFCMS_requires']  = 'OneFileCMS erfordert PHP';
 $_['logout_msg']      = 'Sie wurden erfolgreich abgemeldet.';
 $_['edit_caution_01'] = 'ACHTUNG ';
-$_['edit_caution_02'] = ' Sie bearbeiten gerade die aktive Version von OneFileCMS - Sichern Sie den Code und seien Sie vorsichtig !!';
-$_['time_out_txt']    = 'Automatischer Sitzungsstopp in:';
 
+$_['edit_caution_02'] = ' Sie bearbeiten gerade die aktive Version von OneFileCMS - Sichern Sie den Code und seien Sie vorsichtig !!';
+$_['time_out_txt'] = 'Automatischer Sitzungsstopp in:';
 $_['error_reporting_01'] = 'Anzeigen von Fehlern ist';
 $_['error_reporting_02'] = 'Loggen von Fehlern ist';
 $_['error_reporting_03'] = 'Fehlerberichterstattung';
 $_['error_reporting_04'] = 'Anzeigen der Fehlertypen';
+
 $_['error_reporting_05'] = 'Unerwartete frühzeitige Ausgabe';
 $_['error_reporting_06'] = '(Nicht einmal Leerzeichen hätten ausgegeben werden sollen)';
-
 $_['admin_txt_00'] = 'Alte Sicherung gefunden';
 $_['admin_txt_01'] = 'Diese Datei wurde erstellt, da es während der Änderung des Passwortes oder des Benutzernamens zu einem Fehler gekommen ist. Diese Datei enthält somit eventuell veraltete Informationen und kann gelöscht werden, sofern sie nicht weiter von Ihnen benötigt wird.';
 $_['admin_txt_02'] = 'Allgemeine Information';
+
+$_['admin_txt_03'] = 'Session Path'; //## NT ##
+$_['admin_txt_04'] = 'Current Session File (changes every page load)';
 $_['admin_txt_14'] = 'Eine weitere, kleine Sicherheitsvorkehrung wäre, das Salz oder die Methode für die Streuwertgenerierung von OneFileCMS zu ändern.';
 $_['admin_txt_16'] = 'Sie können auch OneFileCMS selbst bearbeiten.  Legen Sie aber sicherheitshalber eine Kopie an, falls es zu einem unerwünschten Schreibfehler kommt...';
 
 $_['pw_current'] = 'Aktuelles Passwort';
 $_['pw_change']  = 'Passwort ändern';
 $_['pw_new']     = 'Neues Passwort';
-$_['pw_confirm'] = 'Bestätigen Sie das neue Password';
 
-$_['un_change']  = 'Benutzername ändern';
-$_['un_new']     = 'Neuer Benutzername';
+$_['pw_confirm'] = 'Bestätigen Sie das neue Password';
+$_['un_change'] = 'Benutzername ändern';
+$_['un_new'] = 'Neuer Benutzername';
 $_['un_confirm'] = 'Bestätigen Sie den neuen Benutzernamen';
-
 $_['pw_txt_02'] = 'Regeln für Passwort / Benutzername:';
 $_['pw_txt_04'] = 'Groß-/Kleinschreibung wird berücksichtigt!';
 $_['pw_txt_06'] = 'Zumindest ein Zeichen, das nicht als Leerzeichen zählt, muss enthalten sein.';
+
 $_['pw_txt_08'] = 'Leerzeichen in der Mitte sind gültig. Beispiel: "This is a password or username!"';
 $_['pw_txt_10'] = 'Führende und angehängte Leerzeichen werden entfernt.';
 $_['pw_txt_12'] = 'Nur die aktive Kopie von OneFileCMS wird aktualisiert - es werden keine externen Konfigurationsdateien geändert.';
 $_['pw_txt_14'] = 'Wird ein ungültiges Passwort eingegeben, werden Sie abgemeldet. Sie können sich anschließend neu anmelden.';
-
 $_['change_pw_01'] = 'Passwort wurde geändert!';
 $_['change_pw_02'] = 'Passwort wurde nicht geändert.';
 $_['change_pw_03'] = 'Falsches (derzeitiges) Passwort. Bitte melden Sie sich an, um es erneut zu versuchen.';
+
 $_['change_pw_04'] = 'Die Werte der Felder "Neu" und "Bestätigen" gleichen sich nicht.';
 $_['change_pw_05'] = 'Aktualisierung';
+
 $_['change_pw_06'] = 'Externe Konfigurationsdatei';
-$_['change_pw_07'] = 'All fields are required.'; //## NT ##
 
+$_['change_pw_07'] = 'All fields are required.'; //## NT ##
 $_['change_un_01'] = 'Benutzername wurde geändert!';
 $_['change_un_02'] = 'Benutzername wurde nicht geändert.';
 
 $_['update_failed'] = 'Aktualisierung fehlgeschlagen - die Datei konnte nicht gespeichert werden.';
-
 $_['mcd_msg_01'] = 'Dateien verschoben.';
 $_['mcd_msg_02'] = 'Dateien kopiert.';
 $_['mcd_msg_03'] = 'Dateien gelöscht.';
-
diff --git a/languages/OneFileCMS.LANG.EN.php b/languages/OneFileCMS.LANG.EN.php
index f563461..c0e40bc 100755
--- a/languages/OneFileCMS.LANG.EN.php
+++ b/languages/OneFileCMS.LANG.EN.php
@@ -1,5 +1,5 @@
 <?php
-// OneFileCMS Language Settings v3.5.21
+// OneFileCMS Language Settings v3.5.23
 
 $_['LANGUAGE'] = 'English';
 $_['LANG'] = 'EN';
@@ -53,6 +53,7 @@
 $_['folders']  = 'folders';
 $_['From']     = 'From';
 $_['Hash']     = 'Hash';
+$_['Invalid']  = 'Invalid'; //## NT ## as of 3.5.23
 $_['Move']     = 'Move';
 $_['Moved']    = 'Moved';
 $_['Name']     = 'Name';
@@ -69,8 +70,8 @@
 $_['To']       = 'To';
 $_['Upload']   = 'Upload';
 $_['Username'] = 'Username';
-$_['View']     = 'View';
 
+$_['View']            = 'View';
 $_['Working']         = 'Working - please wait...';
 $_['Log_In']          = 'Log In';
 $_['Log_Out']         = 'Log Out';
@@ -101,8 +102,9 @@
 $_['New_Location']    = 'New Location';
 $_['No_files']        = 'No files selected.';
 $_['Not_found']       = 'Not found';
-$_['Invalid_path']    = 'Invalid path';
 
+$_['Invalid_path']      = 'Invalid path';
+$_['must_be_decendant'] = '$DEFAULT_PATH must be a decendant of, or equal to, $ACCESS_ROOT'; //## NT ## as of 3.5.23
 $_['verify_msg_01']     = 'Session expired.';
 $_['verify_msg_02']     = 'INVALID POST';
 $_['get_get_msg_01']    = 'File does not exist:';
@@ -112,9 +114,9 @@
 $_['ord_msg_01']        = 'A file with that name already exists in the target directory.';
 $_['ord_msg_02']        = 'Saving as';
 $_['rCopy_msg_01']      = 'A folder can not be copied into one of its own sub-folders.';
-$_['show_img_msg_01']   = 'Image shown at ~';
-$_['show_img_msg_02']   = '% of full size (W x H =';
 
+$_['show_img_msg_01'] = 'Image shown at ~';
+$_['show_img_msg_02'] = '% of full size (W x H =';
 $_['hash_txt_01']   = 'The hashes generated by this page may be used to manually update $HASHWORD in OneFileCMS, or in an external config file.  In either case, make sure you remember the password used to generate the hash!';
 $_['hash_txt_06']   = 'Type your desired password in the input field above and hit Enter.';
 $_['hash_txt_07']   = 'The hash will be displayed in a yellow message box above that.';
@@ -122,55 +124,55 @@
 $_['hash_txt_09']   = 'Make sure to copy ALL of, and ONLY, the hash (no leading or trailing spaces etc).';
 $_['hash_txt_10']   = 'A double-click should select it...';
 $_['hash_txt_12']   = 'When ready, logout and login.';
+
 $_['pass_to_hash']  = 'Password to hash:';
 $_['Generate_Hash'] = 'Generate Hash';
-
 $_['login_txt_01']  = 'Username:';
 $_['login_txt_02']  = 'Password:';
 $_['login_msg_01a'] = 'There have been';
 $_['login_msg_01b'] = 'invalid login attempts.';
 $_['login_msg_02a'] = 'Please wait';
+
 $_['login_msg_02b'] = 'seconds to try again.';
 $_['login_msg_03']  = 'INVALID LOGIN ATTEMPT #';
-
 $_['edit_note_00']  = 'NOTES:';
 $_['edit_note_01a'] = 'Remember- ';
 $_['edit_note_01b'] = 'is';
-$_['edit_note_02']  = 'So save changes before the clock runs out, or the changes will be lost!';
-$_['edit_note_03']  = 'With some browsers, such as Chrome, if you click the browser [Back] then browser [Forward], the file state may not be accurate. To correct, click the browser\'s [Reload].';
 
+$_['edit_note_02'] = 'So save changes before the clock runs out, or the changes will be lost!';
+$_['edit_note_03'] = 'With some browsers, such as Chrome, if you click the browser [Back] then browser [Forward], the file state may not be accurate. To correct, click the browser\'s [Reload].';
 $_['edit_h2_1']   = 'Viewing:';
 $_['edit_h2_2']   = 'Editing:';
 $_['edit_txt_00'] = 'Edit disabled.'; //## NT ## as of 3.5.07
 $_['edit_txt_01'] = 'Non-text or unkown file type. Edit disabled.';
 $_['edit_txt_02'] = 'File possibly contains an invalid character. Edit and view disabled.';
-$_['edit_txt_03'] = 'htmlspecialchars() returned an empty string from what may be an otherwise valid file.';
-$_['edit_txt_04'] = 'This behavior can be inconsistant from version to version of php.';
 
+$_['edit_txt_03']          = 'htmlspecialchars() returned an empty string from what may be an otherwise valid file.';
+$_['edit_txt_04']          = 'This behavior can be inconsistant from version to version of php.';
 $_['too_large_to_edit_01'] = 'Edit disabled. Filesize >';
 $_['too_large_to_edit_02'] = 'Some browsers (ie: IE) bog down or become unstable while editing a large file in an HTML <textarea>.';
 $_['too_large_to_edit_03'] = 'Adjust $MAX_EDIT_SIZE in the configuration section of OneFileCMS as needed.';
 $_['too_large_to_edit_04'] = 'A simple trial and error test can determine a practical limit for a given browser/computer.';
 $_['too_large_to_view_01'] = 'View disabled. Filesize >';
 $_['too_large_to_view_02'] = 'Click [View Raw] to view the raw/"plain text" file contents in a seperate browser window.'; //** NT ** changed wording as of 3.5.07
+
 $_['too_large_to_view_03'] = 'Adjust $MAX_VIEW_SIZE in the configuration section of OneFileCMS as needed.';
 $_['too_large_to_view_04'] = '(The default value for $MAX_VIEW_SIZE is completely arbitrary, and may be adjusted as desired.)';
 
 $_['meta_txt_01'] = 'Filesize:';
 $_['meta_txt_03'] = 'Updated:';
-
 $_['edit_msg_01'] = 'File saved:';
+
 $_['edit_msg_02'] = 'bytes written.';
 $_['edit_msg_03'] = 'There was an error saving file.';
-
 $_['upload_txt_03'] = 'Maximum size of each file:';
 $_['upload_txt_01'] = '(php.ini: upload_max_filesize)';
 $_['upload_txt_04'] = 'Maximum total upload size:';
 $_['upload_txt_02'] = '(php.ini: post_max_size)';
 $_['upload_txt_05'] = 'For uploaded files that already exist: ';
+
 $_['upload_txt_06'] = 'Rename (to filename.ext.001 etc...)';
 $_['upload_txt_07'] = 'Overwrite';
-
 $_['upload_err_01'] = 'Error 1: File too large. From php.ini:';
 $_['upload_err_02'] = 'Error 2: File too large. (Exceeds MAX_FILE_SIZE HTML form element)';
 $_['upload_err_03'] = 'Error 3: The uploaded file was only partially uploaded.';
@@ -179,31 +181,31 @@
 $_['upload_err_06'] = 'Error 6: Missing a temporary folder.';
 $_['upload_err_07'] = 'Error 7: Failed to write file to disk.';
 $_['upload_err_08'] = 'Error 8: A PHP extension stopped the file upload.';
+
 $_['upload_error_01a'] = 'Upload Error. Total POST data (mostly filesize) exceeded post_max_size =';
 $_['upload_error_01b'] = '(from php.ini)';
-
 $_['upload_msg_02'] = 'Destination folder invalid:';
 $_['upload_msg_03'] = 'Upload cancelled.';
 $_['upload_msg_04'] = 'Uploading:';
 $_['upload_msg_05'] = 'Upload successful!';
+
 $_['upload_msg_06'] = 'Upload failed:';
 $_['upload_msg_07'] = 'A pre-existing file was overwritten.';
-
 $_['new_file_txt_01'] = 'File or Folder will be created in the current folder.';
 $_['new_file_txt_02'] = 'Some invalid characters are:';
 $_['new_file_msg_01'] = 'File or folder not created:';
 $_['new_file_msg_02'] = 'Name contains an invalid character:';
 $_['new_file_msg_04'] = 'File or folder already exists:';
+
 $_['new_file_msg_05'] = 'Created file:';
 $_['new_file_msg_07'] = 'Created folder:';
-
 $_['CRM_txt_02'] = 'The new location must already exist.';
 $_['CRM_txt_04'] = 'New Name';
 $_['CRM_msg_01'] = 'Error - new parent location does not exist:';
 $_['CRM_msg_02'] = 'Error - source file does not exist:';
-$_['CRM_msg_03'] = 'Error - new file or folder already exists:';
-$_['CRM_msg_05'] = 'Error during';
 
+$_['CRM_msg_03']      = 'Error - new file or folder already exists:';
+$_['CRM_msg_05']      = 'Error during';
 $_['delete_msg_03']   = 'Delete error:';
 $_['session_warning'] = 'Warning: Session timeout soon!';
 $_['session_expired'] = 'SESSION EXPIRED';
@@ -212,53 +214,55 @@
 $_['OFCMS_requires']  = 'OneFileCMS requires PHP';
 $_['logout_msg']      = 'You have successfully logged out.';
 $_['edit_caution_01'] = 'CAUTION'; //##### No longer used as of 3.5.07
-$_['edit_caution_02'] = 'You are viewing the active copy of OneFileCMS.'; //## NT ## changed wording 3.5.07
-$_['time_out_txt']    = 'Session time out in:';
 
+$_['edit_caution_02'] = 'You are viewing the active copy of OneFileCMS.'; //## NT ## changed wording 3.5.07
+$_['time_out_txt'] = 'Session time out in:';
 $_['error_reporting_01'] = 'Display errors is';
 $_['error_reporting_02'] = 'Log errors is';
 $_['error_reporting_03'] = 'Error reporting is set to';
 $_['error_reporting_04'] = 'Showing error types';
+
 $_['error_reporting_05'] = 'Unexpected early output';
 $_['error_reporting_06'] = '(nothing, not even white-space, should have been output yet)';
-
 $_['admin_txt_00'] = 'Old Backup Found';
 $_['admin_txt_01'] = 'A backup file was created in case of an error during a username or password change. Therefore, it may contain old information and should be deleted if not needed. In any case, it will be automatically overwritten on the next password or username change.';
 $_['admin_txt_02'] = 'General Information';
+
+$_['admin_txt_03'] = 'Session Path'; //## NT ## as of 3.5.23
+$_['admin_txt_04'] = 'Connected to'; //## NT ## as of 3.5.23
 $_['admin_txt_14'] = 'For a small improvement to security, change the default salt and/or method used by OneFileCMS to hash the password (and keep them secret, of course). Every little bit helps...';
 $_['admin_txt_16'] = 'OneFileCMS can not be used to edit itself directly.  However, you can make a copy and edit it.'; //## NT ## Changed wording in 3.5.07
 
 $_['pw_current'] = 'Current Password';
 $_['pw_change']  = 'Change Password';
 $_['pw_new']     = 'New Password';
-$_['pw_confirm'] = 'Confirm New Password';
 
-$_['un_change']  = 'Change Username';
-$_['un_new']     = 'New Username';
+$_['pw_confirm'] = 'Confirm New Password';
+$_['un_change'] = 'Change Username';
+$_['un_new'] = 'New Username';
 $_['un_confirm'] = 'Confirm New Username';
-
 $_['pw_txt_02'] = 'Password / Username rules:';
 $_['pw_txt_04'] = 'Case-sensitive: "A" =/= "a"';
 $_['pw_txt_06'] = 'Must contain at least one non-space character.';
+
 $_['pw_txt_08'] = 'May contain spaces in the middle. Ex: "This is a password or username!"';
 $_['pw_txt_10'] = 'Leading and trailing spaces are ignored.';
 $_['pw_txt_12'] = 'In recording the change, only one file is updated: either the active copy of OneFileCMS, or - if specified, an external configuration file.';
 $_['pw_txt_14'] = 'If an incorrect current password is entered, you will be logged out, but you may log back in.';
-
 $_['change_pw_01'] = 'Password changed!';
 $_['change_pw_02'] = 'Password NOT changed.';
 $_['change_pw_03'] = 'Incorrect current password. Login to try again.';
+
 $_['change_pw_04'] = '"New" and "Confirm New" values do not match.';
 $_['change_pw_05'] = 'Updating';
+
 $_['change_pw_06'] = 'external config file';
-$_['change_pw_07'] = 'All fields are required.';
 
+$_['change_pw_07'] = 'All fields are required.';
 $_['change_un_01'] = 'Username changed!';
 $_['change_un_02'] = 'Username NOT changed.';
 
 $_['update_failed'] = 'Update failed - could not save file.';
-
 $_['mcd_msg_01'] = 'file(s) and/or folder(s) moved.'; //#####
 $_['mcd_msg_02'] = 'file(s) and/or folder(s) copied.'; //#####
 $_['mcd_msg_03'] = 'file(s) and/or folder(s) deleted.'; //#####
-
diff --git a/languages/OneFileCMS.LANG.ES.php b/languages/OneFileCMS.LANG.ES.php
index 54293c3..62210dc 100755
--- a/languages/OneFileCMS.LANG.ES.php
+++ b/languages/OneFileCMS.LANG.ES.php
@@ -1,5 +1,5 @@
 <?php
-// OneFileCMS Language Settings v3.5.21
+// OneFileCMS Language Settings v3.5.23
 
 $_['LANGUAGE'] = 'Espanõla';
 $_['LANG'] = 'ES';
@@ -53,6 +53,7 @@
 $_['folders']  = 'carpetas';
 $_['From']     = 'de';
 $_['Hash']     = 'Cadena';
+$_['Invalid']  = 'Invalid'; //## NT ##
 $_['Move']     = 'Mover';
 $_['Moved']    = 'Movido';
 $_['Name']     = 'Nombre ';
@@ -69,8 +70,8 @@
 $_['To']       = 'Hacia';
 $_['Upload']   = 'Subir';
 $_['Username'] = 'Usuario';
-$_['View']     = 'Ver';
 
+$_['View']            = 'Ver';
 $_['Working']         = 'Working - please wait...'; //## NT ##
 $_['Log_In']          = 'Iniciar Sesión';
 $_['Log_Out']         = 'Cerrar Sesión';
@@ -101,8 +102,9 @@
 $_['New_Location']    = 'Nueva Posición';
 $_['No_files']        = 'No se seleccionó ningún archivo.';
 $_['Not_found']       = 'No encontrado';
-$_['Invalid_path']    = 'Invalid path'; //## NT ##
 
+$_['Invalid_path']      = 'Invalid path'; //## NT ##
+$_['must_be_decendant'] = '$DEFAULT_PATH must be a decendant of, or equal to, $ACCESS_ROOT'; //## NT ##
 $_['verify_msg_01']     = 'Sesión expirada.';
 $_['verify_msg_02']     = 'POST INVÁLIDO';
 $_['get_get_msg_01']    = 'El archivo no existe:';
@@ -112,9 +114,9 @@
 $_['ord_msg_01']        = 'Un archivo con ese mismo nombre ya existe en el directorio asignado.';
 $_['ord_msg_02']        = 'Guardando como';
 $_['rCopy_msg_01']      = 'Una carpeta no se puede copiar en uno de sus propios sub-carpetas.';
-$_['show_img_msg_01']   = 'Imagen mostrada a ~';
-$_['show_img_msg_02']   = '% del tamaño (Ancho x Alto =';
 
+$_['show_img_msg_01'] = 'Imagen mostrada a ~';
+$_['show_img_msg_02'] = '% del tamaño (Ancho x Alto =';
 $_['hash_txt_01']   = 'Las cadenas generadas por esta página pueden ser usadas para cambiar de forma manual la variable $HASHWORD en OneFileCMS, o en un archivo de configuración externo. De cualquier forma, ¡asegúrese de recordar la contraseña que usó para generar el hash (cadena)!';
 $_['hash_txt_06']   = 'Ingresá la contraseña que quieras en la caja de texto siguiente y presioná enter.';
 $_['hash_txt_07']   = 'La cadena se mostrará en un mensaje amarillo.';
@@ -122,55 +124,55 @@
 $_['hash_txt_09']   = 'Asegurate de copiar TODO y SÓLO la cadena (sin dejar espacios en blanco o demás).';
 $_['hash_txt_10']   = 'Haciendo doble click debería seleccionarlo...';
 $_['hash_txt_12']   = 'Cuando estés listo, deslogueate y volvé a loguearte.';
+
 $_['pass_to_hash']  = 'Contraseña del Hash:';
 $_['Generate_Hash'] = 'Generar Hash';
-
 $_['login_txt_01']  = 'Usuario:';
 $_['login_txt_02']  = 'Contraseña:';
 $_['login_msg_01a'] = 'Hubo ';
 $_['login_msg_01b'] = 'intentos fallidos.';
 $_['login_msg_02a'] = 'Por favor espere ';
+
 $_['login_msg_02b'] = 'segundos para volver a intentar.';
 $_['login_msg_03']  = 'INTENTO DE INICIO INVÁLIDO NÚMERO #';
-
 $_['edit_note_00']  = 'NOTAS:';
 $_['edit_note_01a'] = 'Recuérdalo- tu';
 $_['edit_note_01b'] = 'es';
-$_['edit_note_02']  = 'Entonces guardá antes que se acabe el tiempo, ¡o vas a perer los cambios!';
-$_['edit_note_03']  = 'Con algunos navegadores, como Chrome, si clickeás el botón del navegador [Volver] y después [Continuar], puede que el estado del archivo no sea exacto. Para corregirlo, clickeá en el botón [Recargar].';
 
+$_['edit_note_02'] = 'Entonces guardá antes que se acabe el tiempo, ¡o vas a perer los cambios!';
+$_['edit_note_03'] = 'Con algunos navegadores, como Chrome, si clickeás el botón del navegador [Volver] y después [Continuar], puede que el estado del archivo no sea exacto. Para corregirlo, clickeá en el botón [Recargar].';
 $_['edit_h2_1']   = 'Viendo:';
 $_['edit_h2_2']   = 'Editando:';
 $_['edit_txt_00'] = 'Edit disabled.'; //## NT ##
 $_['edit_txt_01'] = 'No texto o tipo de archivo desconocido. Edición deshabilitada.';
 $_['edit_txt_02'] = 'El archivo posiblemente contiene un caracter desconocido. Edición deshabilitada.';
-$_['edit_txt_03'] = 'htmlspecialchars() devolvió una cadena vacía de lo que debería ser un archivo válido.';
-$_['edit_txt_04'] = 'Este comportamiento puede ser inconsistente de versión a versión de PHP.';
 
+$_['edit_txt_03']          = 'htmlspecialchars() devolvió una cadena vacía de lo que debería ser un archivo válido.';
+$_['edit_txt_04']          = 'Este comportamiento puede ser inconsistente de versión a versión de PHP.';
 $_['too_large_to_edit_01'] = 'Edición deshabilita. Tamaño >';
 $_['too_large_to_edit_02'] = 'Algunos navegadores (por ej.: IE) se vuelven inestables cuando se edita un texto largo dentro de un <textarea>.';
 $_['too_large_to_edit_03'] = 'Ajustá la variable $MAX_EDIT_SIZE en la sección de configuración de OneFileCMS como sea necesario.';
 $_['too_large_to_edit_04'] = 'Una simple prueba puede dar con el resultado necesario.';
 $_['too_large_to_view_01'] = 'Vista deshabilitada. Tamaño >';
 $_['too_large_to_view_02'] = 'Clickeá en el botón de debajo para verlo como se ve normalmente en un navegador.';
+
 $_['too_large_to_view_03'] = 'Ajustá $MAX_VIEW_SIZE en la sección de configuración de OneFileCMS como sea necesario.';
 $_['too_large_to_view_04'] = '(El valor por defecto para $MAX_VIEW_SIZE es completamente arbitrario, y puede ser ajustado como sea necesario.)';
 
 $_['meta_txt_01'] = 'Tamaño:';
 $_['meta_txt_03'] = 'Actualizado:';
-
 $_['edit_msg_01'] = 'Archivo Guardado:';
+
 $_['edit_msg_02'] = 'bytes escritos.';
 $_['edit_msg_03'] = 'Ocurrió un error guardando el archivo.';
-
 $_['upload_txt_03'] = 'Nota: El tamaño máximo de subida es de:';
 $_['upload_txt_01'] = '(php.ini: upload_max_filesize)'; //## NT ##
 $_['upload_txt_04'] = 'Tamaño total de la subida:';
 $_['upload_txt_02'] = '(php.ini: post_max_size)'; //## NT ##
 $_['upload_txt_05'] = 'Para los archivos subidos que ya existen: ';
+
 $_['upload_txt_06'] = 'Renombrar (hacia filename.ext.001 etc...)';
 $_['upload_txt_07'] = 'Sobreescribir';
-
 $_['upload_err_01'] = 'Error 1: Archivo demasiado pesado. Desde php.ini:';
 $_['upload_err_02'] = 'Error 2: Archivo muy grande. (MAX_FILE_SIZE HTML form element)';
 $_['upload_err_03'] = 'Error 3: El archivo se subió sólo parcialmente.';
@@ -179,31 +181,31 @@
 $_['upload_err_06'] = 'Error 6: Carpeta temporal no encontrada.';
 $_['upload_err_07'] = 'Error 7: No se pudo guardar el archivo en el disco.';
 $_['upload_err_08'] = 'Error 8: Una extensión de PHP detuvo la subida del archivo.';
+
 $_['upload_error_01a'] = 'Eror de subida.  Total de datos POST (mayormente el peso del archivo) excedido post_max_size =';
 $_['upload_error_01b'] = '(desde php.ini)';
-
 $_['upload_msg_02'] = 'La carpeta de destino no existe: ';
 $_['upload_msg_03'] = 'Subida cancelada.';
 $_['upload_msg_04'] = 'Subiendo:';
 $_['upload_msg_05'] = '¡Subida satisfactoria!';
+
 $_['upload_msg_06'] = 'Subida fallida: ';
 $_['upload_msg_07'] = 'Un archivo existente se sobrescribe.';
-
 $_['new_file_txt_01'] = 'Se creará un archivo nuevo en la carpeta actual.';
 $_['new_file_txt_02'] = 'Algunos caracteres inválidos son: ';
 $_['new_file_msg_01'] = 'Archivo nuevo no creado:';
 $_['new_file_msg_02'] = 'El nombre contiene caracteres inválidos:';
 $_['new_file_msg_04'] = 'El archivo ya existe:';
+
 $_['new_file_msg_05'] = 'Archivo creado:';
 $_['new_file_msg_07'] = 'Carpeta creado:';
-
 $_['CRM_txt_02'] = 'La nueva localización debe existir.';
 $_['CRM_txt_04'] = 'Nuevo Nombre';
 $_['CRM_msg_01'] = 'Error - la localización padre no existe:';
 $_['CRM_msg_02'] = 'Error - el archivo inicial no existe:';
-$_['CRM_msg_03'] = 'Error - el archivo de objetivo no existe:';
-$_['CRM_msg_05'] = 'Error en';
 
+$_['CRM_msg_03']      = 'Error - el archivo de objetivo no existe:';
+$_['CRM_msg_05']      = 'Error en';
 $_['delete_msg_03']   = 'Error eliminando';
 $_['session_warning'] = 'Advertencia: ¡La sesión terminará pronto!';
 $_['session_expired'] = 'SESIÓN TERMINADA';
@@ -212,53 +214,55 @@
 $_['OFCMS_requires']  = 'OneFileCMS necesita PHP';
 $_['logout_msg']      = 'Has cerrado la sesión satisfactoriamente.';
 $_['edit_caution_01'] = 'PRECAUCIÓN';
-$_['edit_caution_02'] = 'Estás editando la copia activa de OneFileCMS - ¡HACÉ UNA COPIA DE SEGURIDAD Y TENÉ CUIDADO!';
-$_['time_out_txt']    = 'Tiempo de Espera de Sesión Agotado:';
 
+$_['edit_caution_02'] = 'Estás editando la copia activa de OneFileCMS - ¡HACÉ UNA COPIA DE SEGURIDAD Y TENÉ CUIDADO!';
+$_['time_out_txt'] = 'Tiempo de Espera de Sesión Agotado:';
 $_['error_reporting_01'] = 'Display errors is'; //## NT ##
 $_['error_reporting_02'] = 'Log errors is'; //## NT ##
 $_['error_reporting_03'] = 'Error reporting is set to'; //## NT ##
 $_['error_reporting_04'] = 'Showing error types'; //## NT ##
+
 $_['error_reporting_05'] = 'Unexpected early output'; //## NT ##
 $_['error_reporting_06'] = '(nothing, not even white-space, should have been output yet)'; //## NT ##
-
 $_['admin_txt_00'] = 'Backup Antiguo Encontrado.';
 $_['admin_txt_01'] = 'Este archivo fue creado en caso de error en caso de cambio fallido de usuario y contraseña. Por ello, puede contener información vieja y debería ser eliminado si no es necesario. De cualquier forma, se sobreescribirá automáticamente en el siguiente cambio de contraseña o usuario.';
 $_['admin_txt_02'] = 'Información General';
+
+$_['admin_txt_03'] = 'Session Path'; //## NT ##
+$_['admin_txt_04'] = 'Current Session File (changes every page load)';
 $_['admin_txt_14'] = 'Para otro tip de seguridad, cambiá la llave de seguridad y/o el método usado por OneFileCMS para almacenar la clave (y mantenelo en secreto, obviamente).  Acordate, cada granito ayuda...';
 $_['admin_txt_16'] = 'Podés usar OneFileCMS para editarlo. Sin embargo, asegurate de hacer un backup...';
 
 $_['pw_current'] = 'Contraseña actual';
 $_['pw_change']  = 'Cambiar Contraseña';
 $_['pw_new']     = 'Nueva contraseña';
-$_['pw_confirm'] = 'Confirmar Contraseña Nueva';
 
-$_['un_change']  = 'Cambiar Nombre de Usuario';
-$_['un_new']     = 'Nuevo Usuario';
+$_['pw_confirm'] = 'Confirmar Contraseña Nueva';
+$_['un_change'] = 'Cambiar Nombre de Usuario';
+$_['un_new'] = 'Nuevo Usuario';
 $_['un_confirm'] = 'Confirmar Nuevo Nombre de Usuario';
-
 $_['pw_txt_02'] = 'Reglas de Usuario / Contraseña:';
 $_['pw_txt_04'] = '¡Se hace diferencia entre mayúsculas y minúsculas!  "A" =/= "a"';
 $_['pw_txt_06'] = 'deben tener al menos un caracter.';
+
 $_['pw_txt_08'] = 'Deben tener espacios en el medio. Por ejemplo: "¡Esta es una contraseña o usuario!"';
 $_['pw_txt_10'] = 'Los espacios al inicio o al final serán eliminados.';
 $_['pw_txt_12'] = 'Para guardar el cambio, sólo un archivo es actualizado: la copia activa de OneFileCMS, o, si fue especificado, un archivo de configuración externa.';
 $_['pw_txt_14'] = 'Si se ingresa la contraseña actual de forma incorrecta, serás deslogueado y tendrás que volver a loguearte.';
-
 $_['change_pw_01'] = '¡Contraseña Cambiada!';
 $_['change_pw_02'] = 'Contraseña NO cambiada.';
 $_['change_pw_03'] = 'Contraseña anterior inválida. Logueate e intenta de nuevo.';
+
 $_['change_pw_04'] = 'La contraseña y su confirmación no coinciden.';
 $_['change_pw_05'] = 'Actualizando';
+
 $_['change_pw_06'] = 'archivo de configuración externa';
-$_['change_pw_07'] = 'All fields are required.'; //## NT ##
 
+$_['change_pw_07'] = 'All fields are required.'; //## NT ##
 $_['change_un_01'] = '¡Nombre de Usuario Actualizado!';
 $_['change_un_02'] = 'Nombre de Usuario NO Actualizado.';
 
 $_['update_failed'] = 'Actualización fallida. No se pudo guardar el archivo.';
-
 $_['mcd_msg_01'] = 'archivos movidos satisfactoriamente.';
 $_['mcd_msg_02'] = 'archivos copiados satisfactoriamente.';
 $_['mcd_msg_03'] = 'archivos eliminados satisfactoriamente.';
-
diff --git a/languages/OneFileCMS.LANG.NL.php b/languages/OneFileCMS.LANG.NL.php
index 967a874..45503c7 100755
--- a/languages/OneFileCMS.LANG.NL.php
+++ b/languages/OneFileCMS.LANG.NL.php
@@ -1,5 +1,5 @@
 <?php
-// OneFileCMS Language Settings v3.5.21
+// OneFileCMS Language Settings v3.5.23
 
 $_['LANGUAGE'] = 'Nederlands (Dutch)';
 $_['LANG'] = 'NL';
@@ -53,6 +53,7 @@
 $_['folders']  = 'mappen';
 $_['From']     = 'Van';
 $_['Hash']     = 'Hash';    //## NT ##
+$_['Invalid']  = 'Invalid'; //## NT ##
 $_['Move']     = 'Verplaats';
 $_['Moved']    = 'Verplaatst';
 $_['Name']     = 'Naam';
@@ -69,8 +70,8 @@
 $_['To']       = 'Aan';
 $_['Upload']   = 'Upload';  //## NT ##
 $_['Username'] = 'Gebruikersnaam';
-$_['View']     = 'Uitzicht';
 
+$_['View']            = 'Uitzicht';
 $_['Working']         = 'Working - please wait...'; //## NT ##
 $_['Log_In']          = 'Inloggen';
 $_['Log_Out']         = 'Uitloggen';
@@ -101,8 +102,9 @@
 $_['New_Location']    = 'Nieuwe Locatie';
 $_['No_files']        = 'Geen bestanden geselecteerd.';
 $_['Not_found']       = 'Niet gevonden';
-$_['Invalid_path']    = 'Invalid path'; //## NT ##
 
+$_['Invalid_path']      = 'Invalid path'; //## NT ##
+$_['must_be_decendant'] = '$DEFAULT_PATH must be a decendant of, or equal to, $ACCESS_ROOT'; //## NT ##
 $_['verify_msg_01']     = 'Sessie verlopen.';
 $_['verify_msg_02']     = 'ONGELDIGE POST';
 $_['get_get_msg_01']    = 'Bestand bestaat niet:';
@@ -112,9 +114,9 @@
 $_['ord_msg_01']        = 'Een bestand met die naam bestaat reeds in de doelmap.';
 $_['ord_msg_02']        = 'Opslaan als';
 $_['rCopy_msg_01']      = 'Een map kan niet naar de eigen submap gekopiëerd worden.';
-$_['show_img_msg_01']   = 'Afbeelding weergegeven bij ~';
-$_['show_img_msg_02']   = '% van volledige grootte (W x H =';
 
+$_['show_img_msg_01'] = 'Afbeelding weergegeven bij ~';
+$_['show_img_msg_02'] = '% van volledige grootte (W x H =';
 $_['hash_txt_01']   = 'De hashes gegenereerd door deze pagina kunnen gebruikt worden om handmatig het $HASHWORD in OneFileCMS, of in een extern configuratiebestand, bijgewerkt te worden. Hoe dan ook: draag er zorg voor dat u het wachtwoord gebruikt om de hash te genereren onthoudt!';
 $_['hash_txt_06']   = 'Typ uw gewenste wachtwoord in het invoerveld hierboven en druk op Enter.';
 $_['hash_txt_07']   = 'De hash wordt weergegeven in een geel berichtenvenster erboven.';
@@ -122,55 +124,55 @@
 $_['hash_txt_09']   = 'Zorg ervoor dat u alles, en alleen, de hash correct (geen voor- naloop spaties enz.) kopiëert!';
 $_['hash_txt_10']   = 'Een dubbele klik op de linker muisknop zou het moeten selecteren...';
 $_['hash_txt_12']   = 'Wanneer gereed: log opnieuw in en uit.';
+
 $_['pass_to_hash']  = 'Wachtwoord verwarren:';
 $_['Generate_Hash'] = 'Genereer Verward Wachtwoord (Hash)';
-
 $_['login_txt_01']  = 'Gebruikersnaam:';
 $_['login_txt_02']  = 'Wachtwoord:';
 $_['login_msg_01a'] = 'Er zijn diverse';
 $_['login_msg_01b'] = 'ongeldige inlog pogingen.';
 $_['login_msg_02a'] = 'Aub wachten';
+
 $_['login_msg_02b'] = 'seconden tot nieuwe poging.';
 $_['login_msg_03']  = 'ONJUISTE INLOG POGING #';
-
 $_['edit_note_00']  = 'NOTITIES:';
 $_['edit_note_01a'] = 'Onthoudt- uw';
 $_['edit_note_01b'] = 'is'; //## NT ##
-$_['edit_note_02']  = 'Dus sla uw wijzigingen op voordat de klok afloopt of ze zullen verloren gaan!';
-$_['edit_note_03']  = 'Bij sommige browers, zoals Chrome, komt het voor als u op de [Terug] knop klikt, en daarna [Voorwaarts], dat de toestand van uw instellingen incorrect zijn. Om te corrigeren, klik op de knop [Vernieuwen].';
 
+$_['edit_note_02'] = 'Dus sla uw wijzigingen op voordat de klok afloopt of ze zullen verloren gaan!';
+$_['edit_note_03'] = 'Bij sommige browers, zoals Chrome, komt het voor als u op de [Terug] knop klikt, en daarna [Voorwaarts], dat de toestand van uw instellingen incorrect zijn. Om te corrigeren, klik op de knop [Vernieuwen].';
 $_['edit_h2_1']   = 'Weergeven:';
 $_['edit_h2_2']   = 'Bewerken:';
 $_['edit_txt_00'] = 'Edit disabled.'; //## NT ##
 $_['edit_txt_01'] = 'Non-tekst of onbekend bestandstype. Bewerken uitgeschakeld.';
 $_['edit_txt_02'] = 'Bestand bevat mogelijk een ongeldig teken. Bewerken en weergeven uitgeschakeld.';
-$_['edit_txt_03'] = 'htmlspecialchars() heeft een lege string teruggegeven van wat normaalgesproken een valide bestand is.';
-$_['edit_txt_04'] = 'Dit gedrag kan per versie van PHP verschillen.';
 
+$_['edit_txt_03']          = 'htmlspecialchars() heeft een lege string teruggegeven van wat normaalgesproken een valide bestand is.';
+$_['edit_txt_04']          = 'Dit gedrag kan per versie van PHP verschillen.';
 $_['too_large_to_edit_01'] = 'Bewerken uitgeschakeld. Bestandsgrootte >';
 $_['too_large_to_edit_02'] = 'Sommige browsers (bijv. Internet Explorer) lopen vast of worden onstabiel bij het bewerken van een groot bestand in een <textarea>.';
 $_['too_large_to_edit_03'] = 'Bewerk $MAX_EDIT_SIZE in de configuratiesectie van OneFileCMS wanneer nodig.';
 $_['too_large_to_edit_04'] = 'Een eenvoudige proef en ondervind test kan de praktische limieten van uw browser / computer aantonen.';
 $_['too_large_to_view_01'] = 'Weergave uitgeschakeld. Bestandsgrootte >';
 $_['too_large_to_view_02'] = 'Klik de bestandsnaam boven de weergave om te zien hoe deze normaal in een browservenster wordt weergegeven.';
+
 $_['too_large_to_view_03'] = 'Bewerk $MAX_VIEW_SIZE in de configuratiesectie van OneFileCMS wanneer nodig.';
 $_['too_large_to_view_04'] = '(De standaardwaarde voor $MAX_VIEW_SIZE is volledig willekeurig en mag, indien gewenst, naar eigen inzicht aangepast worden.)';
 
 $_['meta_txt_01'] = 'Bestandsgrootte:';
 $_['meta_txt_03'] = 'Bijgewerkt:';
-
 $_['edit_msg_01'] = 'Bestand opgeslagen:';
+
 $_['edit_msg_02'] = 'bytes geschreven.';
 $_['edit_msg_03'] = 'Er was een fout bij het opslaan van bestand:';
-
 $_['upload_txt_03'] = 'Maximum grootte van ieder bestand:';
 $_['upload_txt_01'] = '(php.ini: upload_max_filesize)'; //## NT ##
 $_['upload_txt_04'] = 'Maximum totaal upload grootte:';
 $_['upload_txt_02'] = '(php.ini: post_max_size)'; //## NT ##
 $_['upload_txt_05'] = 'For uploaded files that already exist: '; //## NT ##
+
 $_['upload_txt_06'] = 'Rename (to filename.ext.001 etc...)'; //## NT ##
 $_['upload_txt_07'] = 'Overwrite'; //## NT ##
-
 $_['upload_err_01'] = 'Fout 1: Bestand te groot. Uit php.ini:';
 $_['upload_err_02'] = 'Fout 2: Bestand te groot. (Overschrijdt MAX_FILE_SIZE HTML form element)';
 $_['upload_err_03'] = 'Fout 3: Het upload bestand was slechts gedeeltelijk verzonden.';
@@ -179,31 +181,31 @@
 $_['upload_err_06'] = 'Fout 6: Geen tijdelijke map aanwezig.';
 $_['upload_err_07'] = 'Fout 7: Schrijven van bestand naar opslagmedium mislukt.';
 $_['upload_err_08'] = 'Fout 8: Een PHP extensie heeft de zending van bestanden gestopt.';
+
 $_['upload_error_01a'] = 'Upload Fout. Totale POST data (meerendeel bestandsgrootte) overschrijdt post_max_size =';
 $_['upload_error_01b'] = '(van php.ini)';
-
 $_['upload_msg_02'] = 'Doelmap ongeldig:';
 $_['upload_msg_03'] = 'Upload geannuleerd.';
 $_['upload_msg_04'] = 'Uploaden:';
 $_['upload_msg_05'] = 'Upload succesvol!';
+
 $_['upload_msg_06'] = 'Upload mislukt:';
 $_['upload_msg_07'] = 'A pre-existing file was overwritten.'; //## NT ##
-
 $_['new_file_txt_01'] = 'Bestand of map zullen in de huidige map gemaakt worden.';
 $_['new_file_txt_02'] = 'Sommige ongeldige tekens zijn:';
 $_['new_file_msg_01'] = 'Bestand of map niet aangemaakt:';
 $_['new_file_msg_02'] = 'Naam bevat een ongeldig teken:';
 $_['new_file_msg_04'] = 'Bestand of map bestaat reeds:';
+
 $_['new_file_msg_05'] = 'Aangemaakt bestand:';
 $_['new_file_msg_07'] = 'Aangemaakt map:';
-
 $_['CRM_txt_02'] = 'De nieuwe locatie moet reeds bestaan.';
 $_['CRM_txt_04'] = 'Nieuwe Naam';
 $_['CRM_msg_01'] = 'Fout - nieuwe bovenliggende locatie bestaat niet:';
 $_['CRM_msg_02'] = 'Fout - bronbestand bestaat niet:';
-$_['CRM_msg_03'] = 'Fout - nieuwe bestand of map bestaat reeds:';
-$_['CRM_msg_05'] = 'Fout gedurende';
 
+$_['CRM_msg_03']      = 'Fout - nieuwe bestand of map bestaat reeds:';
+$_['CRM_msg_05']      = 'Fout gedurende';
 $_['delete_msg_03']   = 'Verwijderfout:';
 $_['session_warning'] = 'Waarschuwing: Sessie verloopt binnenkort!';
 $_['session_expired'] = 'SESSIE VERLOPEN';
@@ -212,53 +214,55 @@
 $_['OFCMS_requires']  = 'OneFileCMS vereist PHP';
 $_['logout_msg']      = 'U bent succesvol afgemeld.';
 $_['edit_caution_01'] = 'VOORZICHTIG';
-$_['edit_caution_02'] = 'U bent de actieve kopie van OneFileCMS aan het bewerken - MAAK EEN BACK-UP & WEES VOORZICHTIG !!';
-$_['time_out_txt']    = 'Sessie verloopt in:';
 
+$_['edit_caution_02'] = 'U bent de actieve kopie van OneFileCMS aan het bewerken - MAAK EEN BACK-UP & WEES VOORZICHTIG !!';
+$_['time_out_txt'] = 'Sessie verloopt in:';
 $_['error_reporting_01'] = 'Weergave van fouten is';
 $_['error_reporting_02'] = 'Loggen van fouten is';
 $_['error_reporting_03'] = 'Foutrapportage is ingesteld op';
 $_['error_reporting_04'] = 'Toon foutsoorten';
+
 $_['error_reporting_05'] = 'Onverwacht vroege uitvoer';
 $_['error_reporting_06'] = '(niet, zelfs niet een blanko regel, zou al getoond mogen worden)';
-
 $_['admin_txt_00'] = 'Oude Backup Gevonden';
 $_['admin_txt_01'] = 'Een backup bestand is aangemaakt voor het geval er een fout tijdens het wijzigen van de gebruikersnaam of het wachtwoord plaatsvindt. Met andere woorden, het kan oude informatie bevatten en dient verwijderd te worden indien niet benodigd. In ieder geval, het bestand zal tijdens de volgende wijziging overschreven worden.';
 $_['admin_txt_02'] = 'Algemene Informatie';
+
+$_['admin_txt_03'] = 'Session Path'; //## NT ##
+$_['admin_txt_04'] = 'Current Session File (changes every page load)';
 $_['admin_txt_14'] = 'Voor een kleine verbetering van de beveiliging, verander het standaard "salt" en/of methode gebruikt door OneFileCMS om het wachtwoord te hashen (en houdt deze geheim, natuurlijk). Alle kleine beetjes helpen...';
 $_['admin_txt_16'] = 'OneFileCMS kan gebruikt worden om zichzelf te wijzigen. Echter, draagt u zorg voor een backup indien er iets misgaat zoals de onvermijdelijke typvout...';
 
 $_['pw_current'] = 'Huidig Wachtwoord';
 $_['pw_change']  = 'Bewerk Wachtwoord';
 $_['pw_new']     = 'Nieuw Wachtwoord';
-$_['pw_confirm'] = 'Bevestig Nieuw Wachtwoord';
 
-$_['un_change']  = 'Wijzig Gebruikersnaam';
-$_['un_new']     = 'Nieuwe Gebruikersnaam';
+$_['pw_confirm'] = 'Bevestig Nieuw Wachtwoord';
+$_['un_change'] = 'Wijzig Gebruikersnaam';
+$_['un_new'] = 'Nieuwe Gebruikersnaam';
 $_['un_confirm'] = 'Bevestig Nieuwe Gebruikersnaam';
-
 $_['pw_txt_02'] = 'Wachtwoord / Gebruikersnaam regels:';
 $_['pw_txt_04'] = 'Hoofdlettergevoelig: "A" is geen "a"';
 $_['pw_txt_06'] = 'Moet minimaal 1 niet-spatie teken bevatten.';
+
 $_['pw_txt_08'] = 'Mag spaties in het midden bevatten. Vb: "Dit is een wachtwoord of gebruikersnaam!"';
 $_['pw_txt_10'] = 'Voorafgaande of afsluitende spaties worden genegeerd.';
 $_['pw_txt_12'] = 'Bij het opnemen van wijzigingen wordt alleen 1 bestand bijgewerkt: of de actieve kopie van OneFileCMS of, indien opgegeven, een extern configuratiebestand.';
 $_['pw_txt_14'] = 'Indien een onjuist huidig wachtwoord opgegeven wordt, zult u automatisch uitgelogd worden. U mag dan wel weer meteen inloggen.';
-
 $_['change_pw_01'] = 'Wachtwoord gewijzigd!';
 $_['change_pw_02'] = 'Wachtwoord NIET gewijzigd.';
 $_['change_pw_03'] = 'Onjuist huidig wachtwoord opgegeven. Log in en probeert u het nog eens.';
+
 $_['change_pw_04'] = '"Nieuw" en "Bevestig Nieuw" waardes komen niet overeen.';
 $_['change_pw_05'] = 'Bijwerken';
+
 $_['change_pw_06'] = 'extern configuratiebestand';
-$_['change_pw_07'] = 'All fields are required.'; //## NT ##
 
+$_['change_pw_07'] = 'All fields are required.'; //## NT ##
 $_['change_un_01'] = 'Gebruikersnaam gewijzigd!';
 $_['change_un_02'] = 'Gebruikersnaam NIET gewijzigd.';
 
 $_['update_failed'] = 'Update mislukt - onmogelijk bestand op te slaan.';
-
 $_['mcd_msg_01'] = 'bestanden verplaatst.';
 $_['mcd_msg_02'] = 'bestanden gekopiëerd.';
 $_['mcd_msg_03'] = 'bestanden verwijderd.';
-
diff --git a/languages/OneFileCMS.LANG.RU.php b/languages/OneFileCMS.LANG.RU.php
index 4f749fb..ffe7ba0 100755
--- a/languages/OneFileCMS.LANG.RU.php
+++ b/languages/OneFileCMS.LANG.RU.php
@@ -1,5 +1,5 @@
 <?php
-// OneFileCMS Language Settings v3.5.21
+// OneFileCMS Language Settings v3.5.23
 
 $_['LANGUAGE'] = 'Russian';
 $_['LANG'] = 'RU';
@@ -53,6 +53,7 @@
 $_['folders']  = 'папки';
 $_['From']     = 'из';
 $_['Hash']     = 'Хэш';
+$_['Invalid']  = 'Invalid'; //## NT ##
 $_['Move']     = 'Переместить';
 $_['Moved']    = 'Перемещено';
 $_['Name']     = 'имя';
@@ -69,8 +70,8 @@
 $_['To']       = 'В';
 $_['Upload']   = 'Загрузить';
 $_['Username'] = 'Логин';
-$_['View']     = 'вид';
 
+$_['View']            = 'вид';
 $_['Working']         = 'Working - please wait...'; //## NT ##
 $_['Log_In']          = 'Войти';
 $_['Log_Out']         = 'Выйти';
@@ -101,8 +102,9 @@
 $_['New_Location']    = 'Новая локализация';
 $_['No_files']        = 'Нет выбранных файлов.';
 $_['Not_found']       = 'Не найдено';
-$_['Invalid_path']    = 'Invalid path'; //## NT ##
 
+$_['Invalid_path']      = 'Invalid path'; //## NT ##
+$_['must_be_decendant'] = '$DEFAULT_PATH must be a decendant of, or equal to, $ACCESS_ROOT'; //## NT ##
 $_['verify_msg_01']     = 'Сессия истекла.';
 $_['verify_msg_02']     = 'НЕВЕРНЫЙ ЗАПРОС';
 $_['get_get_msg_01']    = 'Файл не существует:';
@@ -112,9 +114,9 @@
 $_['ord_msg_01']        = 'Файл с таким именем уже существует в главной директории.';
 $_['ord_msg_02']        = 'Сохранить как';
 $_['rCopy_msg_01']      = 'Папка не может быть скопированна в одну из своих под-папок.';
-$_['show_img_msg_01']   = 'Изображене показано на ~';
-$_['show_img_msg_02']   = '% от полного размера (Ш x Д =';
 
+$_['show_img_msg_01'] = 'Изображене показано на ~';
+$_['show_img_msg_02'] = '% от полного размера (Ш x Д =';
 $_['hash_txt_01']   = 'Хэш сгенерированный на этой странице может быть использован для обновления вручную $HASHWORD в OneFileCMS, или во внешнем файле конфигурации. В любом случае, убедитесь, что вы помните пароль, используемый для создания хэш!';
 $_['hash_txt_06']   = 'Введите желаемый пароль в поле ввода выше и нажмите Enter.';
 $_['hash_txt_07']   = 'Хэш будет отображаться в желтом окне сообщения, которое выше.';
@@ -122,55 +124,55 @@
 $_['hash_txt_09']   = 'Убедитесь в том, чтобы вы полностью скопировали хэш (пробелов, кавычек и т.д..';
 $_['hash_txt_10']   = 'Нажмите 2 раза, для того что-бы выбрать его...';
 $_['hash_txt_12']   = 'Когда будете готовы, выйдите из системы и войдите снова.';
+
 $_['pass_to_hash']  = 'Пароль для хеширования:';
 $_['Generate_Hash'] = 'Сгенерировать Хэш';
-
 $_['login_txt_01']  = 'Логин:';
 $_['login_txt_02']  = 'Пароль:';
 $_['login_msg_01a'] = 'Имело место быть';
 $_['login_msg_01b'] = 'неудачных попыток входа в систему.';
 $_['login_msg_02a'] = 'Пожалуйста подождите';
+
 $_['login_msg_02b'] = 'несколько секунд, чтобы попробовать ещё раз.';
 $_['login_msg_03']  = 'ПРОБЛЕМА ПРИ ПОПЫТКЕ ВХОДА #';
-
 $_['edit_note_00']  = 'ПРИМЕЧАНИЕ:';
 $_['edit_note_01a'] = 'Поните- ваша';
 $_['edit_note_01b'] = 'это';
-$_['edit_note_02']  = 'Сохранить изменения перед окончаниеи сессии, иначе они будут утеряны!';
-$_['edit_note_03']  = 'В некоторых браузерах, таких как Chrome, если вы перемещаетесь [Назад] или [Вперед], измения могут обновиться. Для этого нажмите клавишу F5, либо в браузере нажмите [Обновить]..';
 
+$_['edit_note_02'] = 'Сохранить изменения перед окончаниеи сессии, иначе они будут утеряны!';
+$_['edit_note_03'] = 'В некоторых браузерах, таких как Chrome, если вы перемещаетесь [Назад] или [Вперед], измения могут обновиться. Для этого нажмите клавишу F5, либо в браузере нажмите [Обновить]..';
 $_['edit_h2_1']   = 'Просмотреть:';
 $_['edit_h2_2']   = 'Редактировать:';
 $_['edit_txt_00'] = 'Edit disabled.'; //## NT ##
 $_['edit_txt_01'] = 'Неизвестный текст или неизвестный тип файла. Редактирование невозможно.';
 $_['edit_txt_02'] = 'Возможно файл содержит недопустимый символ. Редактирование и Просмотр невозможны.';
-$_['edit_txt_03'] = 'htmlspecialchars() возвращает к предыдущим обновлениям файла.';
-$_['edit_txt_04'] = 'Это поведение зависит от версии вашего PHP.';
 
+$_['edit_txt_03']          = 'htmlspecialchars() возвращает к предыдущим обновлениям файла.';
+$_['edit_txt_04']          = 'Это поведение зависит от версии вашего PHP.';
 $_['too_large_to_edit_01'] = 'Редактирование невозожно. Размер файла >';
 $_['too_large_to_edit_02'] = 'В некоторых браузерах, таких как (ie: IE) неустойчивое редактирование HTML кода в файлах большого размера <textarea>.';
 $_['too_large_to_edit_03'] = 'Настройте $MAX_EDIT_SIZE в конфигураторе OneFileCMS по мере необходимости.';
 $_['too_large_to_edit_04'] = 'Простым методом тестирования проб и ошибок можно определить практический предел для данного браузера / компьютера.';
 $_['too_large_to_view_01'] = 'Просмотр невозможен. Размер файла >';
 $_['too_large_to_view_02'] = 'Нажмите на название файла, чтобы просмотреть, как обычно он отображается в окне браузера.';
+
 $_['too_large_to_view_03'] = 'Настройте $MAX_VIEW_SIZE в конфигураторе OneFileCMS по мере необходимости.';
 $_['too_large_to_view_04'] = '(Значения по умолчанию $MAX_VIEW_SIZE установлены произвольно, и могут быть скорректированны по желанию.)';
 
 $_['meta_txt_01'] = 'Размер файла:';
 $_['meta_txt_03'] = 'Обновлен:';
-
 $_['edit_msg_01'] = 'Файл сохранён:';
+
 $_['edit_msg_02'] = 'записанных байт.';
 $_['edit_msg_03'] = 'Существовала ошибка сохраниния файла .';
-
 $_['upload_txt_03'] = 'Максимальный размер каждого файла:';
 $_['upload_txt_01'] = '(php.ini: upload_max_filesize)'; //## NT ##
 $_['upload_txt_04'] = 'Максимальный суммарный размер загружаемого:';
 $_['upload_txt_02'] = '(php.ini: post_max_size)'; //## NT ##
 $_['upload_txt_05'] = 'Для загруженных файлов, которые уже существуют: ';
+
 $_['upload_txt_06'] = 'Переименование (в файле filename.ext.001 и.т.д...)';
 $_['upload_txt_07'] = 'Заменить';
-
 $_['upload_err_01'] = 'Ошибка 1: Файл слишком большой. Из php.ini:';
 $_['upload_err_02'] = 'Ошибка 2: Файл слишком большой. (Превышает MAX_FILE_SIZE HTML элементов)';
 $_['upload_err_03'] = 'Ошибка 3: Загруженный файл был загружен лишь частично.';
@@ -179,31 +181,31 @@
 $_['upload_err_06'] = 'Ошибка 6: Отсутствует временная папка.';
 $_['upload_err_07'] = 'Ошибка 7: Не удалось записать файл на диск.';
 $_['upload_err_08'] = 'Ошибка 8: Расширение PHP остановило загрузку файлов.';
+
 $_['upload_error_01a'] = 'Ошибка при загрузке. Общий объём данных  (размер файла) превысил post_max_size =';
 $_['upload_error_01b'] = '(из php.ini)';
-
 $_['upload_msg_02'] = 'Папка назначения недействительна:';
 $_['upload_msg_03'] = 'Загрузка отменена.';
 $_['upload_msg_04'] = 'Загружается:';
 $_['upload_msg_05'] = 'Загрузка прошла успешно!';
+
 $_['upload_msg_06'] = 'Загрузка не удалась:';
 $_['upload_msg_07'] = 'предварительно существующий файл был перезаписан.';
-
 $_['new_file_txt_01'] = 'Файл или папка могут быть созданы в текущей директории.';
 $_['new_file_txt_02'] = 'Содержатся некоторые недопустимые символы:';
 $_['new_file_msg_01'] = 'Файл или папка не создаются:';
 $_['new_file_msg_02'] = 'Название содержит недопустимый символ:';
 $_['new_file_msg_04'] = 'Файл или папка уже существуют:';
+
 $_['new_file_msg_05'] = 'Созданный файл:';
 $_['new_file_msg_07'] = 'Созданная папка:';
-
 $_['CRM_txt_02'] = 'Новая локализация уже должна существовать.';
 $_['CRM_txt_04'] = 'Новое Имя';
 $_['CRM_msg_01'] = 'Ошибка - новая локализация не существует:';
 $_['CRM_msg_02'] = 'Ошибка - исходный файл не существует:';
-$_['CRM_msg_03'] = 'Ошибка - новый файл или папка уже существуют:';
-$_['CRM_msg_05'] = 'Ошибка при';
 
+$_['CRM_msg_03']      = 'Ошибка - новый файл или папка уже существуют:';
+$_['CRM_msg_05']      = 'Ошибка при';
 $_['delete_msg_03']   = 'Удалить ошибку:';
 $_['session_warning'] = 'Внимание: Близится окончание сессии!';
 $_['session_expired'] = 'ВРЕМЯ СЕССИИ ИСТЕКЛО';
@@ -212,53 +214,55 @@
 $_['OFCMS_requires']  = 'OneFileCMS требует PHP';
 $_['logout_msg']      = 'Вы успешно вышли из системы.';
 $_['edit_caution_01'] = 'ВНИМАНИЕ';
-$_['edit_caution_02'] = 'Осторожно редактируйте активную копию OneFileCMS - Сделайте резервную копию !!';
-$_['time_out_txt']    = 'Сессия закончится через::';
 
+$_['edit_caution_02'] = 'Осторожно редактируйте активную копию OneFileCMS - Сделайте резервную копию !!';
+$_['time_out_txt'] = 'Сессия закончится через::';
 $_['error_reporting_01'] = 'Вывести ошибки в';
 $_['error_reporting_02'] = 'Лог ошибок в';
 $_['error_reporting_03'] = 'Ошибки отчётности установленны в';
 $_['error_reporting_04'] = 'Показаны типы ошибок';
+
 $_['error_reporting_05'] = 'Неожиданный ранний выход';
 $_['error_reporting_06'] = '(ничего нет, даже пробела)';
-
 $_['admin_txt_00'] = 'Найти старую резервную копию';
 $_['admin_txt_01'] = 'Файл резервной копии был создан в случае ошибки при изменении имени пользователя и пароля. Таким образом, он может содержать устаревшую информацию и должен быть удален. В любом случае, он будет автоматически заменен на файл с новым паролем или логином пользователя.';
 $_['admin_txt_02'] = 'Общая информация';
+
+$_['admin_txt_03'] = 'Session Path'; //## NT ##
+$_['admin_txt_04'] = 'Current Session File (changes every page load)';
 $_['admin_txt_14'] = 'Для небольшого улучшения безопасности в OneFileCMS изменён метод хеширования паролей (его нужно держать в тайне как и основной пароль). Каждый в дальнейшем может Вам понадобиться..';
 $_['admin_txt_16'] = 'OneFileCMS может быть использована для редактирования себе. Однако, будьте уверены, что у Вас есть резервная копия...';
 
 $_['pw_current'] = 'Текущий Пароль';
 $_['pw_change']  = 'Изменить Пароль';
 $_['pw_new']     = 'Новый Пароль';
-$_['pw_confirm'] = 'Подтверждение Нового Пароля';
 
-$_['un_change']  = 'Подтверждение Логина';
-$_['un_new']     = 'Новый Логин';
+$_['pw_confirm'] = 'Подтверждение Нового Пароля';
+$_['un_change'] = 'Подтверждение Логина';
+$_['un_new'] = 'Новый Логин';
 $_['un_confirm'] = 'Подтверждение Нового Логина';
-
 $_['pw_txt_02'] = 'Пароль / Логин правила:';
 $_['pw_txt_04'] = 'С учётом регистра: "A" =/= "a"';
 $_['pw_txt_06'] = 'Не должен начинаться или заканчиваться с пробелов и различных символов.';
+
 $_['pw_txt_08'] = 'Может содержать пробелы в середине. Пример: "Это мой логин или пароль!"';
 $_['pw_txt_10'] = 'Пробелы в начале и конце игнорируются.';
 $_['pw_txt_12'] = 'При записи изменения обновляется лишь только один активный файл OneFileCMS, при этом сразу создаётся его старая копия.';
 $_['pw_txt_14'] = 'Если неправильный текущий пароль будет введён или зарегистрирован, Вы можете воспользоваться бекапом.';
-
 $_['change_pw_01'] = 'Пароль изменён!';
 $_['change_pw_02'] = 'Пароль не изменён.';
 $_['change_pw_03'] = 'Неправильный текущий пароль, войдите заново чтобы повторить попытку.';
+
 $_['change_pw_04'] = 'Данные "Нового пароля" и "Подтверждения нового пароля" не совпадают.';
 $_['change_pw_05'] = 'Обновить';
+
 $_['change_pw_06'] = 'внежнюю конфигурацию файла';
-$_['change_pw_07'] = 'All fields are required.'; //## NT ##
 
+$_['change_pw_07'] = 'All fields are required.'; //## NT ##
 $_['change_un_01'] = 'Логин изменён!';
 $_['change_un_02'] = 'Логин НЕ изменён.';
 
 $_['update_failed'] = 'Обновление не удалось - файл не сохранился.';
-
 $_['mcd_msg_01'] = 'файлы перемещаются.';
 $_['mcd_msg_02'] = 'файлы копируются.';
 $_['mcd_msg_03'] = 'файлы удалены.';
-
diff --git a/onefilecms.php b/onefilecms.php
index e236530..7b951df 100755
--- a/onefilecms.php
+++ b/onefilecms.php
@@ -2,7 +2,7 @@
 
 // OneFileCMS - github.com/Self-Evident/OneFileCMS
 
-$OFCMS_version = '3.5.22';
+$OFCMS_version = '3.5.23';
 
 
 
@@ -104,7 +104,7 @@
 $LINE_WRAP = "on"; //"on",  anything else = "off".  Default for edit page. Once on page, line-wrap can toggle on/off.
 $TAB_SIZE  = 8;    //Some browsers recognize a css tab-size. Some don't (IE/Edge, as of mid-2016).
 
-$MAX_EDIT_SIZE = 200000;  // Edit gets flaky with large files in some browsers.  Trial and error your's.
+$MAX_EDIT_SIZE = 250000;  // Edit gets flaky with large files in some browsers.  Trial and error your's.
 $MAX_VIEW_SIZE = 1000000; // If file > $MAX_EDIT_SIZE, don't even view in OneFileCMS.
                           // The default max view size is completely arbitrary. Basically, it was 2am, and seemed like a good idea at the time.
 
@@ -136,9 +136,17 @@
 
 $SESSION_NAME = 'OFCMS'; //Name of session cookie. Change if using multiple copies of OneFileCMS concurrently.
 
-//Restrict access to a particular folder.  Leave empty for access to entire website.
-// "some/path/" is relative to root of website (with no leading slash).
-//$ACCESS_ROOT = 'some/path/';
+//Optional: restrict access to a particular sub folder.
+//$ACCESS_ROOT = '/some/path';
+//If blank or invalid, default is $_SERVER['DOCUMENT_ROOT'].
+//$ACCESS_ROOT = '/home/user';
+
+
+//Optional: specify a default start path on login.
+//$DEFAULT_PATH = 'some/path/deeper/'
+//Must be a decendant of $ACCESS_ROOT.
+//If blank or invalid, defaults to $ACCESS_ROOT.
+//$DEFAULT_PATH = '/home/user/public_html';
 
 
 //URL of optional external style sheet.  Used as an href in <link ...>
@@ -148,22 +156,22 @@
 
 //Notes for $LANGUAGE_FILE, $WYSIWYG_PLUGIN, and $CONFIG_FILE:
 //
-// Filename paths can be:
-//  1) Absolute to the filesystem:  "/some/path/from/system/root/somefile.php"  or
-//  2) Relative to root of website: "some/path/from/web/root/somefile.php"
+// Filename path examples:
+//  1) $SOME_FILE = "/some/path/from/system/root/somefile.php"	//Absolue to filesystem.
+//  2) $SOME_FILE = $_SERVER['DOCUMENT_ROOT']."/some/path/from/web/root/somefile.php" //Relative to root of web site.
 
 //Name of optional external language file.  If file is not found, the built-in defaults will be used.
-//$LANGUAGE_FILE = "OneFileCMS.LANG.EN.php";
+//$LANGUAGE_FILE = "/home/user/public_html/OneFileCMS.LANG.EN.php";
 
 //Init file for optional external wysiwyg editor.
 //Sample init files are availble in the "extras\" folder of the OneFileCMS repo, but the actual editors are not.
-//$WYSIWYG_PLUGIN = 'plugins/plugin-tinymce_init.php';
-//$WYSIWYG_PLUGIN = 'plugins/plugin-ckeditor_init.php';
+//$WYSIWYG_PLUGIN = '/home/user/public_html/plugins/plugin-tinymce_init.php';
+//$WYSIWYG_PLUGIN = '/home/user/public_html/plugins/plugin-ckeditor_init.php';
 
 //Name of optional external config file.  Any settings it contains will supersede those above.
 //See the sample file in the OneFileCMS github repo for format example.
 //Basically, it is just a php file with a copy/paste of this configuration section.
-//$CONFIG_FILE = 'OneFileCMS.config.SAMPLE.php';
+//$CONFIG_FILE = '/home/user/public_html/extras/OneFileCMS.config.SAMPLE.php';
 
 //end CONFIGURABLE OPTIoNS *****************************************************
 
@@ -180,7 +188,7 @@ function System_Setup() {//*****************************************************
 	$INVALID_CHARS, $WHSPC_SLASH, $VALID_PAGES, $LOGIN_LOG_url, $LOGIN_LOG_file,
 	$ONESCRIPT,  $ONESCRIPT_file, $ONESCRIPT_backup, $ONESCRIPT_file_backup, 
 	$CONFIG_backup, $CONFIG_FILE, $CONFIG_FILE_backup, $VALID_CONFIG_FILE, 
-	$DOC_ROOT, $DOC_ROOT_OS, $WEB_ROOT, $WEBSITE, $PRE_ITERATIONS, $EX, $MESSAGE, $ENC_OS,
+	$DOC_ROOT, $WEBSITE, $PRE_ITERATIONS, $EX, $MESSAGE, $ENC_OS, $DEFAULT_PATH,
 	$DELAY_Expired_Reload, $DELAY_Sort_and_Show_msgs, $DELAY_Start_Countdown, $DELAY_final_messages, $MIN_DIR_ITEMS;
 
 //Requires PHP 5.1 or newer, due to changes in explode() (and maybe others).
@@ -200,22 +208,27 @@ function System_Setup() {//*****************************************************
 
 mb_detect_order("UTF-8, ASCII, Windows-1252, ISO-8859-1"); 
 
+
 //Get server's File System encoding.  Windows NTFS uses ISO-8859-1 / Windows-1252.
 //Needed when working with non-ascii filenames.
 if (php_uname("s") == 'Windows NT') {$ENC_OS = 'Windows-1252';}
 else								{$ENC_OS = 'UTF-8';}
 
-$DOC_ROOT = $_SERVER['DOCUMENT_ROOT'].'/'; //root folder of website.
-$DOC_ROOT_OS = Convert_encoding($DOC_ROOT);
 
 //Allow OneFileCMS.php to be started from any dir on the site.
 //This also effects the path in an include("path/somefile.php")
-chdir($DOC_ROOT); 
+chdir('/'); 
+
 
 $INVALID_CHARS = '< > ? * : " | / \\'; //Illegal characters for file & folder names.  Space deliminated.
 $WHSPC_SLASH = "\x00..\x20/";  //Whitespace & forward slash. For trimming file & folder name inputs.
 
-$WEB_ROOT  = basename($DOC_ROOT).'/'; //Used only for screen output - Non-url use.
+
+//$DOC_ROOT is normalized to always be (for ex:) "/server/doc/root/", instead of "C:/server/doc/root/" if on Windows.
+$ds_pos   = strpos($_SERVER['DOCUMENT_ROOT'], "/") * 1;
+$DOC_ROOT = substr($_SERVER['DOCUMENT_ROOT'], $ds_pos).'/';
+
+
 $WEBSITE   = $_SERVER['HTTP_HOST'].'/';
 
 $ONESCRIPT			   = URLencode_path($_SERVER['SCRIPT_NAME']);  //Used for URL's in HTML attributes
@@ -227,6 +240,26 @@ function System_Setup() {//*****************************************************
 $LOGIN_LOG_file		   = $ONESCRIPT_file.'-LOGIN.log';
 
 
+//If specified, check for & load $LANGUAGE_FILE
+if (isset($LANGUAGE_FILE)) {
+	$LANGUAGE_FILE_OS = Convert_encoding($LANGUAGE_FILE);
+	
+	if (is_file($LANGUAGE_FILE_OS)) { include($LANGUAGE_FILE_OS); }  
+	else { $MESSAGE .= '<b>$LANGUAGE_FILE '.hsc($_['Not_found']).":</b> ".hsc($LANGUAGE_FILE)."<br>"; }
+	
+}
+
+
+//If specified, validate $WYSIWYG_PLUGIN. Actual include() is at end of OneFileCMS.
+$WYSIWYG_VALID = 0; //Default to invalid.
+if (isset($WYSIWYG_PLUGIN)) {
+	$WYSIWYG_PLUGIN_OS = Convert_encoding($WYSIWYG_PLUGIN); //Also used for include()
+
+	if (is_file($WYSIWYG_PLUGIN_OS)) { $WYSIWYG_VALID = 1; }
+	else { $MESSAGE .= '<b>$WYSIWYG_PLUGIN '.hsc($_['Not_found']).':</b> '.hsc($WYSIWYG_PLUGIN)."<br>"; }
+}
+
+
 //If specified & found, include $CONFIG_FILE.
 $VALID_CONFIG_FILE = 0;
 if (isset($CONFIG_FILE)) {
@@ -238,43 +271,51 @@ function System_Setup() {//*****************************************************
 		$CONFIG_FILE_backup = $CONFIG_FILE.'-BACKUP.txt';                 //used for p/w & u/n updates.
 	}
 	else {
-		$MESSAGE .= $EX.'<b>$CONFIG_FILE '.hsc($_['Not_found']).':</b> '.$CONFIG_FILE.'<br>';
+		$MESSAGE .= $EX.'<b>$CONFIG_FILE '.hsc($_['Not_found']).':</b> '.hsc($CONFIG_FILE).'<br>';
 		$CONFIG_FILE = $CONFIG_FILE_OS = '';
 	}
 }
 
 
-//If specified, check for & load $LANGUAGE_FILE
-if (isset($LANGUAGE_FILE)) {
-	$LANGUAGE_FILE_OS = Convert_encoding($LANGUAGE_FILE);
-	if (is_file($LANGUAGE_FILE_OS)) {include($LANGUAGE_FILE_OS);}
-}
-
 
-//If specified, validate $WYSIWYG_PLUGIN. Actual include() is at end of OneFileCMS.
-$WYSIWYG_VALID = 0; //Default to invalid.
-if (isset($WYSIWYG_PLUGIN)) {
-	$WYSIWYG_PLUGIN_OS = Convert_encoding($WYSIWYG_PLUGIN); //Also used for include()
-	if (is_file($WYSIWYG_PLUGIN_OS)) { $WYSIWYG_VALID = 1; }
-}
-
-
-//If specified, clean up & validate $ACCESS_ROOT
-if (!isset($ACCESS_ROOT)) { $ACCESS_ROOT = ''; } //At least make sure it's set.
+//Clean up & validate $ACCESS_ROOT
+if (!isset($ACCESS_ROOT)) { $ACCESS_ROOT = $DOC_ROOT; } //Make sure it's set.
+$ACCESS_ROOT = trim($ACCESS_ROOT, ' /'); //Trim to '' or 'some/path'
+if ($ACCESS_ROOT != '') { $ACCESS_ROOT = $ACCESS_ROOT.'/'; }
 $ACCESS_ROOT_OS = Convert_encoding($ACCESS_ROOT);
 
-if (!is_dir($DOC_ROOT_OS.$ACCESS_ROOT_OS) || (Check_path($ACCESS_ROOT,1) === false) ) {
-	$MESSAGE .= __LINE__.$EX.'<b>$ACCESS_ROOT '.hsc($_['Invalid_path']).': </b>'.$ACCESS_ROOT.'<br>';
-	$ACCESS_ROOT = $ACCESS_ROOT_OS = '';
-}
-if ($ACCESS_ROOT != '') {
-	$ACCESS_ROOT = trim($ACCESS_ROOT, ' /').'/'; //make sure only a single trailing '/'
+if (!is_dir('/'.$ACCESS_ROOT_OS)) {
+	$MESSAGE .= $EX.'<b>$ACCESS_ROOT '.hsc($_['Invalid_path']).': </b>'.$ACCESS_ROOT.'<br>';
+	$ACCESS_ROOT	= $DOC_ROOT;
 	$ACCESS_ROOT_OS = Convert_encoding($ACCESS_ROOT);
 }
+
 $ACCESS_ROOT_enc = mb_detect_encoding($ACCESS_ROOT);
 $ACCESS_ROOT_len = mb_strlen($ACCESS_ROOT, $ACCESS_ROOT_enc);
 
 
+//Clean up & validate $DEFAULT_PATH
+//It must either be = $ACCESS_ROOT, or $ACCESS_ROOT."some/valid/path/"
+if (!isset($DEFAULT_PATH)) { $DEFAULT_PATH = $ACCESS_ROOT; } //Make sure it's set.
+$DEFAULT_PATH = trim($DEFAULT_PATH, ' /');  //Trim to 'some/path'
+if ($DEFAULT_PATH != '') {$DEFAULT_PATH .= '/'; } 
+$DEFAULT_PATH_OS = Convert_encoding($DEFAULT_PATH);
+
+//Verify that $DEFAULT_PATH is equal to, or is a decendant of, $ACCESS_ROOT.
+$needle        = realpath($ACCESS_ROOT);  //ex: /some/access/root
+$haystack      = realpath($DEFAULT_PATH); //ex: /some/access/root/some/default/path
+$needle_len    = strlen($needle);
+$valid_subpath = (substr($haystack, 0, $needle_len) === $needle);
+
+if (!is_dir('/'.$DEFAULT_PATH_OS) || !$valid_subpath) {
+	$MESSAGE .= $EX.'<b>'.$_['must_be_decendant'].'</b><br>';
+	$MESSAGE .= "\$DEFAULT_PATH = $DEFAULT_PATH<br>";
+	$MESSAGE .= "\$ACCESS_ROOT = $ACCESS_ROOT<br>";
+	$DEFAULT_PATH	 = $ACCESS_ROOT;
+	$DEFAULT_PATH_OS = Convert_encoding($DEFAULT_PATH);
+}
+
+
 $MAIN_WIDTH      = validate_units($MAIN_WIDTH);
 $WIDE_VIEW_WIDTH = validate_units($WIDE_VIEW_WIDTH);
 
@@ -328,7 +369,7 @@ function System_Setup() {//*****************************************************
 
 function Default_Language() { // ***********************************************
 	global $_;
-// OneFileCMS Language Settings v3.5.21
+// OneFileCMS Language Settings v3.5.23  (Not always in sync with OFCMS version#, if no changes to displayed wording.)
 $_['LANGUAGE'] = 'English';
 $_['LANG'] = 'EN';
 // If no translation or value is desired for a particular setting, do not delete
@@ -378,6 +419,7 @@ function Default_Language() { // ***********************************************
 $_['folders']  = 'folders';
 $_['From']     = 'From';
 $_['Hash']     = 'Hash';
+$_['Invalid']  = 'Invalid';		//## NT ## as of 3.5.23
 $_['Move']     = 'Move';
 $_['Moved']    = 'Moved';
 $_['Name']     = 'Name';
@@ -426,6 +468,7 @@ function Default_Language() { // ***********************************************
 $_['No_files']        = 'No files selected.';
 $_['Not_found']       = 'Not found';
 $_['Invalid_path']    = 'Invalid path';
+$_['must_be_decendant'] = '$DEFAULT_PATH must be a decendant of, or equal to, $ACCESS_ROOT';	//## NT ## as of 3.5.23
 $_['verify_msg_01']     = 'Session expired.';
 $_['verify_msg_02']     = 'INVALID POST';
 $_['get_get_msg_01']    = 'File does not exist:';
@@ -533,6 +576,8 @@ function Default_Language() { // ***********************************************
 $_['admin_txt_00'] = 'Old Backup Found';
 $_['admin_txt_01'] = 'A backup file was created in case of an error during a username or password change. Therefore, it may contain old information and should be deleted if not needed. In any case, it will be automatically overwritten on the next password or username change.';
 $_['admin_txt_02'] = 'General Information';
+$_['admin_txt_03'] = 'Session Path'; //## NT ## as of 3.5.23
+$_['admin_txt_04'] = 'Connected to'; //## NT ## as of 3.5.23
 $_['admin_txt_14'] = 'For a small improvement to security, change the default salt and/or method used by OneFileCMS to hash the password (and keep them secret, of course). Every little bit helps...';
 $_['admin_txt_16'] = 'OneFileCMS can not be used to edit itself directly.  However, you can make a copy and edit it.'; //## NT ## Changed wording in 3.5.07
 $_['pw_current'] = 'Current Password';
@@ -777,6 +822,20 @@ function strip_array($var) {
 
 
 
+function Set_IS_OFCMS($fullpath_filename) {//***********************************
+	//Used to restrict edit/del/etc. on active copy of OneFileCMS.
+	global $MESSAGE, $DOC_ROOT;
+	
+	$is_ofcms = 0;
+	$ofcms = ltrim($DOC_ROOT, '/').trim($_SERVER['SCRIPT_NAME'], '/');
+	if ($fullpath_filename == $ofcms) { $is_ofcms = true; }
+	
+	return $is_ofcms;
+}//end Set_IS_OFCMS() //********************************************************
+
+
+
+
 function Validate_params() {//**************************************************
 	global $_, $ipath, $filename, $page, $param1, $param2, $param3, $IS_OFCMS, $EX, $MESSAGE;
 
@@ -793,8 +852,7 @@ function Validate_params() {//**************************************************
 	if ($page == ""    ) { $param3 = ""; } else { $param3 = '&amp;p='.$page; }
 
 	//Used to restrict edit/del/etc. on active copy of OneFileCMS.
-	$IS_OFCMS = 0;
-	if ($filename == trim($_SERVER['SCRIPT_NAME'], '/')) { $IS_OFCMS = true; }
+	$IS_OFCMS = Set_IS_OFCMS($filename);
 
 }//end Validate_params() //*****************************************************
 
@@ -817,6 +875,7 @@ function Valid_Path($path, $gotoroot=true) {//**********************************
 
 	$good_path = false;
 
+
 	if (isset($_SESSION['admin_page']) && $_SESSION['admin_page']) {
 		//Permit Admin actions: changing p/w, u/n, viewing OneFile...
 		$ACCESS_ROOT == '';
@@ -825,6 +884,7 @@ function Valid_Path($path, $gotoroot=true) {//**********************************
 	elseif ( $path_len <  $ACCESS_ROOT_len ) { $good_path = false; }
 	else                                     { $good_path = ($path_root == $ACCESS_ROOT); }
 
+
 	if (!$good_path && $gotoroot) {
 		$ipath    = $ACCESS_ROOT;
 		$ipath_OS = Convert_encoding($ipath);
@@ -844,21 +904,28 @@ function Valid_Path($path, $gotoroot=true) {//**********************************
 
 
 function Get_GET() {//**** Get URL passed parameters ***************************
-	global $_, $ipath, $ipath_OS, $filename, $filename_OS, $page, $VALID_PAGES, $EX, $MESSAGE;
+	global $_, $ipath, $ipath_OS, $filename, $filename_OS, $page, $VALID_PAGES, $EX, $MESSAGE, $DEFAULT_PATH;
 	// i=some/path/,  f=somefile.xyz,          p=somepage,  m=somemessage
 	// $ipath = i  ,  $filename = $ipath.f  ,  $page = p ,  $MESSAGE
 	//   (NOTE: in some functions $filename = just the file's name, ie: $_GET['f'], with no path/)
-	//#####  (Normalize $filename program-wide??)
+	//#####  (Normalize $filename usage program-wide??)
 	// Perform initial, basic, validation.
 	// Get_GET() should not be called unless $_SESSION['valid'] == 1 (or true)
 
+
 	//Initialize & validate $ipath
-	$ipath = $ipath_OS = "";
 	if (isset($_GET["i"])) {
 		$ipath = Check_path($_GET["i"],1);
 		$ipath_OS = Convert_encoding($ipath);
-		if ( $ipath === false || !is_dir($ipath_OS)) { $ipath = $ipath_OS = ''; }
+		if ( $ipath === false || !is_dir($ipath_OS)) {
+			$ipath = $DEFAULT_PATH;
+		}
+	}
+	else {
+		$ipath = $DEFAULT_PATH;
 	}
+	$ipath_OS = Convert_encoding($ipath);
+
 
 	//Initialize & validate $filename
 	if (isset($_GET["f"])) { $filename = $ipath.$_GET["f"]; } else { $filename = ""; }
@@ -870,6 +937,7 @@ function Get_GET() {//**** Get URL passed parameters ***************************
 		$filename = $filename_OS = "";
 	}
 
+
 	//Initialize & validate $page
 	if (isset($_GET["p"])) { $page = $_GET["p"]; } else { $page = "index"; }
 	if (!in_array($page, $VALID_PAGES)) {
@@ -877,6 +945,7 @@ function Get_GET() {//**** Get URL passed parameters ***************************
 		$page = "index";  //If invalid $_GET["p"]
 	}
 
+
 	//Sanitize any message. Initialized on line 1 / top of this file.
 	if (isset($_GET["m"])) { $MESSAGE .= hsc($_GET["m"]); }
 }//end Get_GET() //*************************************************************
@@ -906,7 +975,7 @@ function Verify_Page_Conditions() {//*******************************************
 		Logout();
 		$MESSAGE .= hsc($_['logout_msg']);
 	}
-	//Don't load rename or delete folder pages at webroot.
+	//Don't load rename or delete folder pages at webroot. //##### is this still needed?
 	elseif ( ($page == "deletefolder" || $page == "renamefolder") && ($ipath == "") ) {
 		$page = "index";
 	}
@@ -1175,29 +1244,34 @@ function rDel($path) {//********************************************************
 function Current_Path_Header() {//**********************************************
  	// Current path. ie: webroot/current/path/
 	// Each level is a link to that level.
-	global $ONESCRIPT, $ipath, $WEB_ROOT, $ACCESS_ROOT, $ACCESS_ROOT_len, $TABINDEX, $MESSAGE;
+	global $ONESCRIPT, $ipath, $ACCESS_ROOT, $ACCESS_ROOT_len, $TABINDEX, $MESSAGE;
 
 	$unaccessable    = '';
-	$_1st_accessable = trim($WEB_ROOT, ' /');
+	$_1st_accessable = '';
 	$remaining_path  = trim(mb_substr($ipath, $ACCESS_ROOT_len), ' /');	
 
 	if ($ACCESS_ROOT != '') {
 		$unaccessable    = dirname($ACCESS_ROOT);
 		$_1st_accessable = basename($ACCESS_ROOT);
 		
-		if ($unaccessable == '.') { $unaccessable = $WEB_ROOT; }
-		else { $unaccessable = $WEB_ROOT.dirname($ACCESS_ROOT).'/'; }
+		if ($unaccessable == '.') { $unaccessable = '/'; }
+		else { $unaccessable = '/'.dirname($ACCESS_ROOT).'/'; }
 		$unaccessable = '&nbsp;'.hsc(trim(str_replace('/', ' / ',$unaccessable)));
 	}
 
 	echo '<h2 id="path_header">';
 		//Root (or $ACCESS_ROOT) folder of web site.
 		$p1 = '?i='.URLencode_path($ACCESS_ROOT);
-		echo $unaccessable.'<a id=path_0 tabindex='.$TABINDEX++.' href="'.$ONESCRIPT.$p1.'" class="path">'.hsc($_1st_accessable).'</a>/';
-		$x=0; //need here for focus() in case at webroot.
-
+		
+		if ($_1st_accessable == "") {
+			echo '<a id=path_0 tabindex='.$TABINDEX++.' href="'.$ONESCRIPT.$p1.'" class="path"> /</a>';
+		} else {
+			echo $unaccessable.'<a id=path_0 tabindex='.$TABINDEX++.' href="'.$ONESCRIPT.$p1.'" class="path">'.hsc($_1st_accessable).'</a>/';
+		}
+		
 		if ($remaining_path != "" ) { //if not at root, show the rest
 			$path_levels  = explode("/",trim($remaining_path,'/') );
+			
 			$levels = count($path_levels); //If levels=3, indexes = 0, 1, 2  etc...
 			$current_path = "";
 			
@@ -1215,13 +1289,13 @@ function Current_Path_Header() {//**********************************************
 
 
 function Page_Header() {//******************************************************
-	global  $_, $DOC_ROOT, $ONESCRIPT, $page, $WEBSITE, $MAIN_TITLE, $OFCMS_version, $FAVICON, $TABINDEX, $MESSAGE;
+	global  $_, $ONESCRIPT, $page, $WEBSITE, $MAIN_TITLE, $OFCMS_version, $FAVICON, $TABINDEX, $MESSAGE;
 
 	$TABINDEX = 1; //Initial tabindex
 
 	$favicon_img = '';
-	if (file_exists($DOC_ROOT.trim($FAVICON,'/'))) {
-		$favicon_img =  '<img src="/'.URLencode_path($FAVICON).'" alt="">';
+	if (file_exists($_SERVER['DOCUMENT_ROOT'].trim($FAVICON,' /'))) {
+		;//$favicon_img =  '<img src="/'.URLencode_path($FAVICON).'" alt="">';
 	}
 
 	echo '<div id="header">';
@@ -1415,11 +1489,13 @@ function icon_folder($extra = "") {//**********************************
 
 
 function List_File($file, $file_url) {//****************************************
-	global $_, $ONESCRIPT, $ICONS;
+	global $_, $DOC_ROOT, $ONESCRIPT, $ICONS, $MESSAGE;
 
 	$file_OS = Convert_encoding($file);
 	clearstatcache ();
-	$href = $ONESCRIPT.'?i='.dir_name(trim($file_url,'/')).'&amp;f='.basename($file_url);
+	$ipath = trim($DOC_ROOT,'/').dir_name($file_url);
+
+	$href = $ONESCRIPT.'?i='.$ipath.'&amp;f='.basename($file_url);
 	$edit_link = '<a href="'.$href.'&amp;p=edit'.'" id="old_backup">'.hsc(basename($file)).'</a>';
 ?>
 	<tr>
@@ -1469,7 +1545,7 @@ function List_Backups_and_Logs() {//********************************************
 
 
 function Admin_Page() {//*******************************************************
-	global $_, $ONESCRIPT, $ipath, $filename, $param1, $param2, $MAIN_TITLE;
+	global $_, $DOC_ROOT, $ONESCRIPT, $ipath, $filename, $param1, $param2, $MAIN_TITLE, $MESSAGE;
 
 	// Restore/Preserve $ipath prior to admin page in case OneFileCMS is edited (which would change $ipath).
 	if   ( $_SESSION['admin_page'] ) { $ipath  = $_SESSION['admin_ipath'];
@@ -1482,7 +1558,8 @@ function Admin_Page() {//*******************************************************
 	if ($filename != "") { $params = $param2.'&amp;p=edit'; }
 
 	$button_attribs = '<button type="button" class="button" onclick="parent.location =\''.$ONESCRIPT;
-	$edit_params = '?i='.dir_name($ONESCRIPT).'&amp;f='.basename($ONESCRIPT).'&amp;p=edit';
+	$ofcms_ipath = trim($DOC_ROOT,'/').dir_name($ONESCRIPT);
+	$edit_params = '?i='.$ofcms_ipath.'&amp;f='.basename($ONESCRIPT).'&amp;p=edit';
 
 	echo '<h2>'.hsc($_['Admin_Options']).'</h2>';
 
@@ -1498,6 +1575,12 @@ function Admin_Page() {//*******************************************************
 
 	List_Backups_and_Logs();
 
+	echo '<p><b>'.hsc($_['admin_txt_03']).': </b>';
+	echo '<span class="meta_T meta_T2">'.session_save_path()."</span><br>\n";
+
+	echo '<p><b>'.hsc($_['admin_txt_04']).': </b>';
+	echo '<span class="meta_T meta_T2">'.php_uname('n')."</span><hr>\n";
+
 	echo '<p><b>'.hsc($_['admin_txt_02']).'</b>';
 	echo '<p>'   .hsc($_['admin_txt_16']);
 	echo '<p>'.hsc($_['admin_txt_14']);
@@ -1816,12 +1899,11 @@ function Login_response() {//***************************************************
 
 
 function Create_Table_for_Listing() {//*****************************************
-	global$_, $ONEFILECMS, $ipath, $ipath_OS, $DOC_ROOT_OS, $ICONS, $TABINDEX, $ACCESS_ROOT;
+	global $_, $ONEFILECMS, $ipath, $ipath_OS, $ICONS, $TABINDEX, $ACCESS_ROOT;
 
 	//Header row: | Select All|[ ]|[X](folders first)      Name      (ext) |   Size   |    Date    |
 
 	$new_path = URLencode_path(dir_name($ipath)); //for "../" entry in dir list.
-	$new_path_OS = $DOC_ROOT_OS.dir_name($ipath_OS);//.dir_name($ipath_OS);
 
 	//<input hidden> is a dummy input to make sure files[] is always an array for Select_All() & Confirm_Ready().
 ?>
@@ -1866,7 +1948,7 @@ function Create_Table_for_Listing() {//*****************************************
 				echo '<a id=f0c5 tabindex='.$TABINDEX++.'>&nbsp;</a>';
 			}
 			else {
-				echo '<a id=f0c5 tabindex='.$TABINDEX++.' href="'.$ONEFILECMS.'?i='.$new_path.'">'.$ICONS['up_dir'].' <b>..</b> /</a>'; //#### '.$ICONS['up_dir'].'
+				echo '<a id=f0c5 tabindex='.$TABINDEX++.' href="'.$ONEFILECMS.'?i='.$new_path.'">'.$ICONS['up_dir'].' <b>..</b> /</a>';
 			}
 ?>		</td>
 		<td></td>
@@ -1875,7 +1957,7 @@ function Create_Table_for_Listing() {//*****************************************
 
 	<?php //Directory & footer content will be inserted later. ?>
 	<tbody id=DIRECTORY_LISTING></tbody>
-	<tr><td id=DIRECTORY_FOOTER colspan=7></td></tr>
+	<tr><td id=DIRECTORY_FOOTER colspan=8></td></tr>
 	</table>
 <?php
 }//Create_Table_for_Listing() //************************************************
@@ -1919,8 +2001,7 @@ function Get_DIRECTORY_DATA($raw_list) {//**************************************
 		}
 			
 		//Used to hide rename & delete options for active copy of OneFileCMS.
-		$IS_OFCMS = 0;
-		if ( $ipath.$filename == trim($_SERVER['SCRIPT_NAME'], '/') ) { $IS_OFCMS = 1; }
+		$is_ofcms = Set_IS_OFCMS($ipath.$filename); //#####
 		
 		//Set icon type based on if dir, or file type ($ext).
 		if (is_dir($filename_OS)) { $type = 'dir'; }
@@ -1941,7 +2022,7 @@ function Get_DIRECTORY_DATA($raw_list) {//**************************************
 		$DIRECTORY_DATA[$DIRECTORY_COUNT][1] = $filename;
 		$DIRECTORY_DATA[$DIRECTORY_COUNT][2] = $file_size_raw;
 		$DIRECTORY_DATA[$DIRECTORY_COUNT][3] = $file_time_raw;
-		$DIRECTORY_DATA[$DIRECTORY_COUNT][4] = $IS_OFCMS; //If = 1, Don't show ren, del, ckbox.
+		$DIRECTORY_DATA[$DIRECTORY_COUNT][4] = $is_ofcms; //If = 1, Don't show ren, del, ckbox.
 		$DIRECTORY_DATA[$DIRECTORY_COUNT][5] = $ext;
 		$DIRECTORY_DATA[$DIRECTORY_COUNT][6] = decoct(fileperms($filename_OS) & 07777);
 		$DIRECTORY_COUNT++;
@@ -2235,7 +2316,7 @@ function Edit_Page() {//********************************************************
 
 	$filename_parts = explode(".", mb_strtolower($filename));
 	$ext = end($filename_parts);
-
+	
 	//Determine if a text editable file type
 	if ( in_array($ext, $ETYPES) ) { $text_editable = TRUE;  }
 	else                           { $text_editable = FALSE; }
@@ -2461,16 +2542,17 @@ function New_response($post, $isfile) {//***************************************
 
 
 function Set_Input_width() {//**************************************************
-	global $_, $WEB_ROOT, $MAIN_WIDTH, $ACCESS_ROOT;
+	global $_, $MAIN_WIDTH, $ACCESS_ROOT;
 
-	// (width of <input type=text>) = $MAIN_WIDTH - (Width of <label>) - (width of <span>$WEB_ROOT</span>)
+	// Adjust (shorten) <input> width based on width of $ACCESS_ROOT
+	// (width of <input type=text>) = $MAIN_WIDTH - (Width of <label>) - (width of <span> / </span>)
 	// $MAIN_WIDTH: Set in config section, may be in em, px, pt, or %. Ignoring % for now.
 	// Width of 1 character = .625em = 10px = 7.5pt  (1em = 16px = 12pt)
 
 	$main_units  = mb_substr($MAIN_WIDTH, -2);
 	$main_width  = $MAIN_WIDTH * 1;
 
-	$root_width  = mb_strlen($WEB_ROOT.$ACCESS_ROOT);
+	$root_width  = mb_strlen('/'.$ACCESS_ROOT);
 	$label_width = mb_strlen($_['New_Location']);
 
 	//convert to em
@@ -2493,7 +2575,7 @@ function Set_Input_width() {//**************************************************
 function CRM_Page($action, $title, $action_id, $old_full_name) {//*******************
 	//$action    = 'Copy' or 'Rename'.
 	//$action_id = 'copy_file' or 'rename_file'
-	global $_, $WEB_ROOT, $ipath, $param1, $filename, $FORM_COMMON, $ACCESS_ROOT, $ACCESS_PATH;
+	global $_, $ipath, $param1, $filename, $FORM_COMMON, $ACCESS_ROOT, $ACCESS_PATH, $MESSAGE;
 
 	$new_full_name = $old_full_name; //default
 
@@ -2514,7 +2596,7 @@ function CRM_Page($action, $title, $action_id, $old_full_name) {//**************
 		echo '<input type=text name=new_name id=new_name value="'.hsc(basename($new_full_name)).'"><br>';
 		
 		echo '<label>'.hsc($_['New_Location']).':</label>';
-		echo '<span class="web_root">'.hsc($WEB_ROOT.$ACCESS_ROOT).'</span>';
+		echo '<span class="web_root">'.hsc('/'.$ACCESS_ROOT).'</span>';
 		echo '<input type=text name=new_location id=new_location value="'.hsc($ACCESS_PATH).'"><br>';
 		
 		echo '('.hsc($_['CRM_txt_02']).')<p>';
@@ -2616,7 +2698,7 @@ function Delete_response($target, $show_message=3) {//**************************
 
 	if ($target == "") { return 0; } //Prevent accidental delete of entire website.
 
-	$target = Check_path($target,$show_message); //Make sure $target is within $WEB_ROOT
+	$target = Check_path($target,$show_message);
 	$target = trim($target,'/');
 	$page = "index"; //Return to index
 
@@ -2655,7 +2737,7 @@ function Delete_response($target, $show_message=3) {//**************************
  
 function MCD_Page($action, $page_title, $classes = '') {//**********************
 	//$action = mcd_mov or mcd_cpy or mcd_del
-	global $_,  $WEB_ROOT, $ONESCRIPT, $ipath, $ipath_OS, $param1, $filename, $page,
+	global $_, $ONESCRIPT, $ipath, $ipath_OS, $param1, $filename, $page,
 			$ICONS, $ACCESS_ROOT, $ACCESS_PATH, $INPUT_NUONCE, $MESSAGE;
 
 	//Prep for a single file or folder
@@ -2675,7 +2757,7 @@ function MCD_Page($action, $page_title, $classes = '') {//**********************
 		
 		if ( ($_POST['mcdaction'] == 'copy') || ($_POST['mcdaction'] == 'move') ) {
 			echo '<label>'.hsc($_['New_Location']).':</label>';
-			echo '<span class="web_root">'.hsc($WEB_ROOT.$ACCESS_ROOT).'</span>';
+			echo '<span class="web_root">'.hsc('/'.$ACCESS_ROOT).'</span>';
 			echo '<input type=text   name=new_location  id=new_location value="'.hsc($ACCESS_PATH).'">';
 			echo '<p>('.hsc($_['CRM_txt_02']).')</p>';
 		}
@@ -4500,7 +4582,8 @@ function style_sheet() {//******************************************************
 .file_size { min-width:  6em; }
 .file_time { min-width: 10em; }
 
-.meta_T { padding: 0 .5em; text-align: right; font: bold .9rem courier; color: #333} 
+.meta_T  { padding: 0 .5em; text-align: right; font: bold .9rem courier; color: #333}
+.meta_T2 { border: solid 1px black; background-color: white; font-size: 1rem; }
 
 #DIRECTORY_FOOTER {text-align: center; font-size: .9em; color: #333; padding: 3px 0 0 0; }
 
diff --git a/readme.markdown b/readme.markdown
index 02cb2b7..d4ad861 100755
--- a/readme.markdown
+++ b/readme.markdown
@@ -7,9 +7,9 @@ OneFileCMS is a simple CMS (Content Management System) contained entirely in a s
 With basic editing, upload, and file managing functions, OneFileCMS can maintain an entire website completely in-browser without any external programs.
 
 ### Main screen:
-![OneFileCMS](http://self-evident.github.com/OneFileCMS/images/OneFileCMS_screenshot.png)
+![OneFileCMS](http://self-evident.github.com/OneFileCMS/images/OFCMS_screenshot.03.png)
 
-###Edit screen:
+### Edit screen:
 ![OneFileCMS](http://self-evident.github.com/OneFileCMS/images/OFCMS_screenshot_edit.02.png)
 
 --------------------------------------------------------------------------------
@@ -188,4 +188,4 @@ GENERATE/OUTPUT THE PAGE
 ## [Git Log](https://raw.github.com/Self-Evident/OneFileCMS/gh-pages/master-branch.git.log)
 
 
-<br><br><br><br>
\ No newline at end of file
+<br><br><br><br>

From 49e6c968402e341b2afbe3885a3cfbe7bafb2252 Mon Sep 17 00:00:00 2001
From: Self-Evident <selfevidenttruths@mail.com>
Date: Sun, 17 Sep 2017 16:37:16 -0400
Subject: [PATCH 208/228] Version 3.6 Fixed minor bug in $ACCESS_ROOT. (Even if
 set to root, was unable to acually access root...) Some prep work for
 allowing editing of file permissions. Not yet editable. For js, created E()
 function for document.getElementById().  Because shorter & easier to read.
 document.onkeydown => E("main").onkeydown Proper-cased common_scripts() to
 Common_Scripts(). Some css.

---
 onefilecms.php | 255 ++++++++++++++++++++++++++++---------------------
 1 file changed, 144 insertions(+), 111 deletions(-)

diff --git a/onefilecms.php b/onefilecms.php
index 7b951df..631dda0 100755
--- a/onefilecms.php
+++ b/onefilecms.php
@@ -2,7 +2,7 @@
 
 // OneFileCMS - github.com/Self-Evident/OneFileCMS
 
-$OFCMS_version = '3.5.23';
+$OFCMS_version = '3.6';
 
 
 
@@ -285,7 +285,7 @@ function System_Setup() {//*****************************************************
 $ACCESS_ROOT_OS = Convert_encoding($ACCESS_ROOT);
 
 if (!is_dir('/'.$ACCESS_ROOT_OS)) {
-	$MESSAGE .= $EX.'<b>$ACCESS_ROOT '.hsc($_['Invalid_path']).': </b>'.$ACCESS_ROOT.'<br>';
+	$MESSAGE .= $EX.'<b>$ACCESS_ROOT '.hsc($_['Invalid']).":</b> $ACCESS_ROOT<br>";
 	$ACCESS_ROOT	= $DOC_ROOT;
 	$ACCESS_ROOT_OS = Convert_encoding($ACCESS_ROOT);
 }
@@ -307,10 +307,15 @@ function System_Setup() {//*****************************************************
 $needle_len    = strlen($needle);
 $valid_subpath = (substr($haystack, 0, $needle_len) === $needle);
 
-if (!is_dir('/'.$DEFAULT_PATH_OS) || !$valid_subpath) {
+if (!is_dir('/'.$DEFAULT_PATH_OS)) {
+	$MESSAGE .= $EX.'<b>$DEFAULT_PATH '.$_['Invalid'].":</b> $DEFAULT_PATH<br>";
+	$DEFAULT_PATH	 = $ACCESS_ROOT;
+	$DEFAULT_PATH_OS = Convert_encoding($DEFAULT_PATH);
+} 
+else if (!$valid_subpath) {
 	$MESSAGE .= $EX.'<b>'.$_['must_be_decendant'].'</b><br>';
-	$MESSAGE .= "\$DEFAULT_PATH = $DEFAULT_PATH<br>";
 	$MESSAGE .= "\$ACCESS_ROOT = $ACCESS_ROOT<br>";
+	$MESSAGE .= "\$DEFAULT_PATH = $DEFAULT_PATH<br>";
 	$DEFAULT_PATH	 = $ACCESS_ROOT;
 	$DEFAULT_PATH_OS = Convert_encoding($DEFAULT_PATH);
 }
@@ -917,9 +922,9 @@ function Get_GET() {//**** Get URL passed parameters ***************************
 	if (isset($_GET["i"])) {
 		$ipath = Check_path($_GET["i"],1);
 		$ipath_OS = Convert_encoding($ipath);
-		if ( $ipath === false || !is_dir($ipath_OS)) {
-			$ipath = $DEFAULT_PATH;
-		}
+		
+		if 		( $ipath === "") 						  {;} //root, aka '/', is valid.
+		else if ( $ipath === false || !is_dir($ipath_OS)) { $ipath = $DEFAULT_PATH;	} //not root & not valid
 	}
 	else {
 		$ipath = $DEFAULT_PATH;
@@ -1325,7 +1330,7 @@ function Cancel_Submit_Buttons($submit_label) {//*******************************
 	<button type="button" class="button" id="cancel" onclick="parent.location = '<?php echo $ONESCRIPT.$params ?>'">
 		<?php echo hsc($_['Cancel']) ?></button>
 	<button type="submit" class="button" id="submitty" style="margin-left: 1em;"><?php echo hsc($submit_label);?></button>
-	<script>document.getElementById("cancel").focus();</script>
+	<script>E("cancel").focus();</script>
 <?php
 }//end Cancel_Submit_Buttons() //***********************************************
 
@@ -1586,7 +1591,7 @@ function Admin_Page() {//*******************************************************
 	echo '<p>'.hsc($_['admin_txt_14']);
 	echo '</div>'; //end class=info
 
-	echo '<script>document.getElementById("close").focus();</script>';
+	echo '<script>E("close").focus();</script>';
 }//end Admin_Page() //**********************************************************
 
 
@@ -1606,7 +1611,7 @@ function Hash_Page() {//********************************************************
 		<?php echo hsc($_['pass_to_hash']) ?>
 		<input type="text" name="whattohash" id="whattohash" value="<?php echo hsc($_POST['whattohash']) ?>">
 		<p><?php Cancel_Submit_Buttons($_['Generate_Hash']) ?>
-		<script>document.getElementById('whattohash').focus()</script>
+		<script>E('whattohash').focus()</script>
 	</form>
 
 	<div class="info">
@@ -1672,7 +1677,7 @@ function Change_PWUN_Page($pwun, $type, $page_title, $label_new, $label_confirm)
 			onclick="parent.location = '<?php echo $ONESCRIPT.$params ?>'">
 		<input type="button" class="button"    id="submitty" value="<?php echo hsc($_['Submit']) ?>" style="margin-left: 1em;">
 		
-		<script>document.getElementById('password').focus()</script>
+		<script>E('password').focus()</script>
 	</form>
 
 	<div class="info">
@@ -1823,7 +1828,7 @@ function Login_Page() {//*******************************************************
 		<input name="password" type="password" id="password">
 		<input type="button"  class="button"   id="login" value="<?php echo hsc($_['Enter']) ?>">
 	</form>
-	<script>document.getElementById('username').focus();</script>
+	<script>E('username').focus();</script>
 <?php
 	//Note: The "login" button above must NOT be of type="submit", NOR have an id="submit", or the event_scripts won't work.
 	pwun_event_scripts('login_form', 'login');
@@ -2001,7 +2006,7 @@ function Get_DIRECTORY_DATA($raw_list) {//**************************************
 		}
 			
 		//Used to hide rename & delete options for active copy of OneFileCMS.
-		$is_ofcms = Set_IS_OFCMS($ipath.$filename); //#####
+		$is_ofcms = Set_IS_OFCMS($ipath.$filename);
 		
 		//Set icon type based on if dir, or file type ($ext).
 		if (is_dir($filename_OS)) { $type = 'dir'; }
@@ -2965,11 +2970,14 @@ function init_ICONS_js() {//****************************************************
 
 
 
-function common_scripts() {//***************************************************
+function Common_Scripts() {//***************************************************
 	global $_, $TO_WARNING, $MESSAGE, $page, $DELAY_Expired_Reload;
 ?>
 
 <script>
+var D = document;
+function E(id) { return document.getElementById(id); }
+
 var $MESSAGE = "";
 
 
@@ -3042,12 +3050,12 @@ function format_number(number, sep) {//*******************************
 
 //********************************************************************
 function Countdown(count, End_Time, Timer_ID, Action){
-	var Timer        = document.getElementById(Timer_ID);
+	var Timer        = E(Timer_ID);
 	var Current_Time = Math.round(new Date().getTime()/1000); //js uses milliseconds
 	    count        = End_Time - Current_Time;
 	var params = count + ', "' + End_Time + '", "' + Timer_ID + '", "' + Action + '"';
 
-	var $msg_box = document.getElementById('message_box');
+	var $msg_box = E('message_box');
 
 	Timer.innerHTML = FormatTime(count);
 
@@ -3058,7 +3066,7 @@ function Countdown(count, End_Time, Timer_ID, Action){
 		$msg_box.innerHTML  = timeout_warning;
 		setTimeout('Start_Countdown(' + count + ',"timer2","")',25);
 		
-		var Timer2 = document.getElementById('timer2');
+		var Timer2 = E('timer2');
 		Timer.style.color           = Timer2.style.color           = "red";
 		Timer.style.fontWeight      = Timer2.style.fontWeight      = "900";
 		Timer.style.backgroundColor = Timer2.style.backgroundColor = "white";
@@ -3144,13 +3152,13 @@ function Display_Messages($msg, take_focus) {//***********************
 
 	var $X_box		 = '<button tabindex=' + $tabindex_xbox + ' type=button id=X_box>&times;</button>';
 	var $msg_div	 = '<div class=message_box_contents>' + $msg + '</div>';
-	var $msg_box     = document.getElementById("message_box");
-	var $new_focus	 = document.getElementById(new_focus)
+	var $msg_box     = E("message_box");
+	var $new_focus	 = E(new_focus)
 
 	if ($msg == '') { $msg_box.innerHTML = ' '; } //innerHTML must be given a space or $msg_box won't clear.
 	else {
 		$msg_box.innerHTML = $X_box + $msg_div;
-		var $X_box_btn	 = document.getElementById('X_box');
+		var $X_box_btn	 = E('X_box');
 		if (take_focus) {$X_box_btn.focus();}
 		$X_box_btn.onclick = function () { $msg_box.innerHTML = " "; $new_focus.focus();}
 	}
@@ -3160,7 +3168,7 @@ function Display_Messages($msg, take_focus) {//***********************
 </script>
 
 <?php
-}//end common_scripts() //******************************************************
+}//end Common_Scripts() //******************************************************
 
 
 
@@ -3169,16 +3177,16 @@ function Index_Page_events() {//************************************************
 	global $_, $PAGEUPDOWN, $EX;
 ?>
 <script>
-var Move_Button			= document.getElementById('b1');
-var Copy_Button			= document.getElementById('b2');
-var Delete_Button		= document.getElementById('b3');
+var Move_Button			= E('b1');
+var Copy_Button			= E('b2');
+var Delete_Button		= E('b3');
 
-var Select_All_ckbox	= document.getElementById('select_all_ckbox');
-var Header_Sorttype		= document.getElementById('header_sorttype');
-var Folders_First_Ckbox = document.getElementById('folders_first_ckbox');
-var Header_Filename		= document.getElementById('header_filename');
-var Header_Filesize		= document.getElementById('header_filesize');
-var Header_Filedate		= document.getElementById('header_filedate');
+var Select_All_ckbox	= E('select_all_ckbox');
+var Header_Sorttype		= E('header_sorttype');
+var Folders_First_Ckbox = E('folders_first_ckbox');
+var Header_Filename		= E('header_filename');
+var Header_Filesize		= E('header_filesize');
+var Header_Filedate		= E('header_filedate');
 
 
 //These buttons aren't present if folder is empty...
@@ -3206,18 +3214,18 @@ function Index_Page_events() {//************************************************
 	//Clear parent div of a checkbox
 	var ID = document.activeElement.id;
 	if (document.activeElement.type == 'checkbox') {
-		document.getElementById(ID).parentNode.style.backgroundColor = "";
+		E(ID).parentNode.style.backgroundColor = "";
 	}
 
 	//Clear labels...  (don't check, just clear 'em)
-	document.getElementById('select_all_label').style.backgroundColor = "";
-	document.getElementById('folders_first_label').style.backgroundColor = "";
+	E('select_all_label').style.backgroundColor = "";
+	E('folders_first_label').style.backgroundColor = "";
 
 }//end onmousedown() //***********************************************
 
 
 
-function on_Tab_down(ID, FR,shifted) { //*****************************
+function on_Tab_down(ID, FR, shifted) { //****************************
 	//Handle the background colors of checkboxes' parent <div>'s & <label>'s.
 	//(checkboxes generally don't have "background colors" as far as css goes...)
 	//Current checkbox already cleared by onkeydown().
@@ -3228,10 +3236,11 @@ function on_Tab_down(ID, FR,shifted) { //*****************************
 	//Tab from L, Current ID will be "f<FR>c2"
 	//Tab from R: Current ID is "f<FR>"
 	var fFR   = "f" + FR + "c5" //Filename
+	var perms = "f" + FR + "c4" //permisions
 	var ckbox = "f" + FR + "c3" //[ ] Checkbox
 	var del   = "f" + FR + "c2" //(x) Delete
 
-	var ck_box = document.getElementById(ckbox);
+	var ck_box = E(ckbox);
 	var highlight1 = "rgb(255,250,150)";
 	var highlight2 = "rgb(255,240,140)";
 
@@ -3239,26 +3248,26 @@ function on_Tab_down(ID, FR,shifted) { //*****************************
 		if      (ID == ckbox) { ck_box.parentNode.style.backgroundColor = "";}
 		else if (ID == del  ) { ck_box.parentNode.style.backgroundColor = highlight2; }
 		else if (ID == "b6" ) { //[New Folder]
-			document.getElementById('select_all_ckbox').parentNode.style.backgroundColor = highlight1;
-			document.getElementById('select_all_label').style.backgroundColor = highlight1;
+			E('select_all_ckbox').parentNode.style.backgroundColor = highlight1;
+			E('select_all_label').style.backgroundColor = highlight1;
 		}
 		else if (ID == "select_all_ckbox" ) {
-			document.getElementById('select_all_label').style.backgroundColor = "";
-			document.getElementById('folders_first_ckbox').parentNode.style.backgroundColor = highlight1;
-			document.getElementById('folders_first_label').style.backgroundColor = highlight1;
+			E('select_all_label').style.backgroundColor = "";
+			E('folders_first_ckbox').parentNode.style.backgroundColor = highlight1;
+			E('folders_first_label').style.backgroundColor = highlight1;
 		}
 	}
 	else if (shifted)  { //Shift-Tab
 		if       (ID == ckbox){ ck_box.parentNode.style.backgroundColor = "";}
-		else if ((ID == fFR) && (FR > 0) ) { ck_box.parentNode.style.backgroundColor = highlight2; }
+		else if ((ID == perms) && (FR > 0) ) { ck_box.parentNode.style.backgroundColor = highlight2; }
 		else if  (ID == "header_filename")  {
-			document.getElementById('folders_first_ckbox').parentNode.style.backgroundColor = highlight1;
-			document.getElementById('folders_first_label').style.backgroundColor = highlight1;
+			E('folders_first_ckbox').parentNode.style.backgroundColor = highlight1;
+			E('folders_first_label').style.backgroundColor = highlight1;
 		}
 		else if (ID == "folders_first_ckbox") {
-			document.getElementById('folders_first_label').style.backgroundColor = "";
-			document.getElementById('select_all_ckbox').parentNode.style.backgroundColor = highlight1;
-			document.getElementById('select_all_label').style.backgroundColor = highlight1;
+			E('folders_first_label').style.backgroundColor = "";
+			E('select_all_ckbox').parentNode.style.backgroundColor = highlight1;
+			E('select_all_label').style.backgroundColor = highlight1;
 		}
 	}
 }//end on_Tab_down() { //*********************************************
@@ -3266,7 +3275,7 @@ function on_Tab_down(ID, FR,shifted) { //*****************************
 
 
 
-document.onkeydown = function(event) { //*****************************
+E("main").onkeydown = function(event) { //*****************************
 	//Control cursor keys to navigate index page. (Arrows, Page, Home, End)
 
 	var jump = <?php echo $PAGEUPDOWN ?>;//# of rows to jump with Page Up/Page Down.
@@ -3304,15 +3313,15 @@ function on_Tab_down(ID, FR,shifted) { //*****************************
 		
 		//If current ID/element is checkbox, clear bgcolor of parent div (ckboxes don't have background colors).
 		var is_ckbox = (document.activeElement.type == "checkbox");
-		if (is_ckbox) {document.getElementById(ID).parentNode.style.backgroundColor = ""; }
+		if (is_ckbox) {E(ID).parentNode.style.backgroundColor = ""; }
 		
 		//Always clear these labels (simply losing focus() of their child checkboxes won't).
-		document.getElementById('select_all_label').style.backgroundColor = "";
-		document.getElementById('folders_first_label').style.backgroundColor = "";
+		E('select_all_label').style.backgroundColor = "";
+		E('folders_first_label').style.backgroundColor = "";
 	}
 
 	//If no files in current folder, [Move][Copy][Delete] won't exist (id's b1 b2 b3). Use [New Folder] (id="b4").
-	if (document.getElementById("b2")) {var button_row = "b2"} else {var button_row = "b4"}
+	if (E("b2")) {var button_row = "b2"} else {var button_row = "b4"}
 
 	//Indicate if current focus is on one of the elements of the table header row. (true / false)
 	//Select All[ ] | [x](folders first) Name  (.ext) | Size |  Date  |
@@ -3360,7 +3369,7 @@ function on_Tab_down(ID, FR,shifted) { //*****************************
 			Sort_and_Show(SORT_by, SORT_order);
 		}
 		else if (FC == 3) {  //Is focus on a checkbox next to a file name?
-			document.getElementById(ID).checked = !document.getElementById(ID).checked;
+			E(ID).checked = !E(ID).checked;
 		}
 		
 		return;
@@ -3369,7 +3378,7 @@ function on_Tab_down(ID, FR,shifted) { //*****************************
 		on_Tab_down(ID, FR, event.shiftKey);
 		return;
 	}
-	else if (key == ESC)  { document.activeElement.blur();    return; }
+	else if (key == ESC)  { document.activeElement.blur();   return; }
 	else if (key == END)  { if (ID != LAST_FILE ) {ID = LAST_FILE; } }
 	else if (key == HOME) {	if (ID != FIRST_FILE) {ID = FIRST_FILE;} }
 	else if (key == AL) {
@@ -3453,12 +3462,12 @@ function on_Tab_down(ID, FR,shifted) { //*****************************
 		return;
 	}
 
-	document.getElementById(ID).focus();
+	E(ID).focus();
 
 	//If new ID/element is checkbox, set bgcolor of parent div & it's label (ckboxes don't have background colors).
-	if (document.activeElement.type == "checkbox") {document.getElementById(ID).parentNode.style.backgroundColor = highlight2;}
-	if (ID == "select_all_ckbox")    {document.getElementById('select_all_label').style.backgroundColor = highlight1;}
-	if (ID == "folders_first_ckbox") {document.getElementById('folders_first_label').style.backgroundColor = highlight1;}
+	if (document.activeElement.type == "checkbox") {E(ID).parentNode.style.backgroundColor = highlight2;}
+	if (ID == "select_all_ckbox")    {E('select_all_label').style.backgroundColor = highlight1;}
+	if (ID == "folders_first_ckbox") {E('folders_first_label').style.backgroundColor = highlight1;}
 
 	//Prevent default browser scrolling via arrow & Page keys, so focus()'d element stays visible/in view port.
 	//(A few exceptions skip this via a return in the above  if/else's.)
@@ -3550,7 +3559,7 @@ function sort_DIRECTORY(col, direction) {//***************************
 	if ((col != SORT_by) && (direction != FLIP)) { direction = ASCENDING; SORT_by = col; } 
 
 	//Get status of [x](folders first) checkbox
-	var folders_first_checked = document.getElementById('folders_first_ckbox').checked;
+	var folders_first_checked = E('folders_first_ckbox').checked;
 
 	//If '[x](folders first)' is now checked, but was previously unchecked,
 	//no need to re-sort by col, just sort by folders. Otherwise, first resort by column.
@@ -3593,7 +3602,7 @@ function Init_Dir_table_rows(DIR_LIST) {//****************************
 		
 		//assign css classes
 		var c = 4;
-		cells[c++].className = 'meta_T';	//file permissions
+		cells[c++].className = 'meta_T perms';  //file permissions
 		cells[c++].className = 'file_name';
 		cells[c++].className = 'file_size meta_T';
 		cells[c++].className = 'file_time meta_T';
@@ -3612,24 +3621,34 @@ function Assemble_Insert_row(IS_OFCMS, row, trow, href, f_or_f, filename, file_n
 	row++;
 
 	//[Move] [Copy] [Delete]  [x]
-	var ren_mov  = copy = del = checkbox = '';
+	var ren_mov  = copy = del = checkbox = perms = cells = '';
 
 	//Assemble [move] [copy] [delete] [x]   ([copy] is always available)
 	//The empty <a>'s are to accommodate keyboard nav via onkeydown() in Index_Page_events()...
 	if (!IS_OFCMS) {
-		ren_mov  = '<a id=f' + row + 'c0 tabindex='+ (TABINDEX++) +' class=MCD href="' + href + '&amp;p=rename' + f_or_f + '" title="<?php echo hsc($_['Ren_Move']) ?>">' + ICONS['ren_mov'] + '</a>';
-	} else {
+		ren_mov  = '<a id=f' + row + 'c0 tabindex='+ (TABINDEX++) +' class=MCD href="';
+		ren_mov += href + '&amp;p=rename' + f_or_f + '" ';
+		ren_mov += 'title="<?php echo hsc($_['Ren_Move']) ?>">' + ICONS['ren_mov'] + '</a>';
+	}
+	else {
 		ren_mov  = '<a id=f' + row + 'c0 tabindex='+ (TABINDEX++) +'>&nbsp;</a>'
 	}
 
-	copy         = '<a id=f' + row + 'c1 tabindex='+ (TABINDEX++) +' class=MCD href="' + href + '&amp;p=copy'   + f_or_f + '" title="<?php echo hsc($_['Copy'])     ?>">' + ICONS['copy']    + '</a>';
+	copy  = '<a id=f' + row + 'c1 tabindex='+ (TABINDEX++) +' class=MCD href="' + href + '&amp;p=copy'   + f_or_f;
+	copy += '" title="<?php echo hsc($_['Copy'])     ?>">' + ICONS['copy']    + '</a>';
 
 	if (!IS_OFCMS) {
-		del      = '<a id=f' + row + 'c2 tabindex='+ (TABINDEX++) +' class=MCD href="' + href + '&amp;p=delete' + f_or_f + '" title="<?php echo hsc($_['Delete'])   ?>">' + ICONS['delete']  + '</a>';
-		checkbox = '<div class=ckbox><INPUT id=f' + row + 'c3 tabindex='+ (TABINDEX++) +' TYPE=checkbox class=select_file NAME="files[]"  VALUE="'+ hsc(filename) +'"></div>';
-	} else {
+		del       = '<a id=f' + row + 'c2 tabindex='+ (TABINDEX++) +' class=MCD href="' + href + '&amp;p=delete' + f_or_f;
+		del		 += '" title="<?php echo hsc($_['Delete'])   ?>">' + ICONS['delete']  + '</a>';
+		checkbox  = '<div class=ckbox><INPUT id=f' + row + 'c3 tabindex='+ (TABINDEX++);
+		checkbox += ' TYPE=checkbox class=select_file NAME="files[]"  VALUE="'+ hsc(filename) +'"></div>';
+		perms	  = '<input id=f' + row + 'c4 class=perms tabindex=' + (TABINDEX++) ;
+		perms	 += ' value="' + DIRECTORY_DATA[row - 1][6]+ '" maxlength=4 readonly>'; //##### readonly for now
+	}
+	else {
 		del      = '<a id=f' + row + 'c2 tabindex='+ (TABINDEX++) +'>&nbsp;</a>'
 		checkbox = '<a id=f' + row + 'c3 tabindex='+ (TABINDEX++) +'>&nbsp;</a>'
+		perms	 = '<a id=f' + row + 'c4 tabindex='+ (TABINDEX++) +'>' + DIRECTORY_DATA[row - 1][6] + '</a>'
 	}
 
 	//fill the <td>'s
@@ -3639,7 +3658,7 @@ function Assemble_Insert_row(IS_OFCMS, row, trow, href, f_or_f, filename, file_n
 	cells[c++].innerHTML = copy;
 	cells[c++].innerHTML = del;
 	cells[c++].innerHTML = checkbox;
-	cells[c++].innerHTML = DIRECTORY_DATA[row - 1][6];
+	cells[c++].innerHTML = perms;
 	cells[c++].innerHTML = file_name;
 	cells[c++].innerHTML = file_size;
 	cells[c++].innerHTML = file_time;
@@ -3653,7 +3672,7 @@ function Build_Directory() {//****************************************
 
 	TABINDEX    = <?php echo $TABINDEX ?>;  //Rest TABINDEX
 
-	var DIR_LIST = document.getElementById("DIRECTORY_LISTING");
+	var DIR_LIST = E("DIRECTORY_LISTING");
 
 	if (DIR_LIST.rows.length < 1) {Init_Dir_table_rows(DIR_LIST);}
 
@@ -3679,8 +3698,8 @@ function Build_Directory() {//****************************************
 		
 		var file_col = 5; //column of file names
 		
-		//For file, (TABINDEX + 4) to account for [m][c][d][x] which are added in Assemble_Insert_Row()
-		var file_name  = '<a id=f'+(row + 1)+'c'+ file_col + ' tabindex='+ (TABINDEX + 4) +' href="' + href  + '"'; 
+		//For file, (TABINDEX + 5) to account for [m][c][d][x][perms] which are added in Assemble_Insert_Row()
+		var file_name  = '<a id=f'+(row + 1)+'c'+ file_col + ' tabindex='+ (TABINDEX + 5) +' href="' + href  + '"'; 
 			file_name += ' title="<?php echo hsc($_['Edit_View']) ?>: ' + hsc(filename) + '" >';
 			file_name += ICONS[filetype] + '&nbsp;' + hsc(filename) + DS + '</a>';
 		var file_time  = FileTimeStamp(filetime, 1, 0, 0);
@@ -3738,7 +3757,7 @@ function Sort_and_Show(col, direction) {//****************************
 	setTimeout( function () {
 		sort_DIRECTORY(col, direction); //Sort DIRECTORY_DATA
 		Build_Directory();
-		document.getElementById('DIRECTORY_FOOTER').innerHTML = Directory_Summary();
+		E('DIRECTORY_FOOTER').innerHTML = Directory_Summary();
 		Display_Messages('');
 	}, DELAY);
 
@@ -3751,7 +3770,7 @@ function Select_All() {//********************************************
 
 	//Does not work in IE if the variable name is spelled the same as the Element Id
 	//So, prefix with a dollar sign (a valid character in JS for variable names).
-	$select_all_label = document.getElementById('select_all_label');
+	$select_all_label = E('select_all_label');
 
 	var files = document.mcdselect.elements['files[]'];
 	var last  = files.length; //number of files
@@ -3885,15 +3904,15 @@ function Toggle_Line_Wrap(on_off) {
 		on_off.value  				 = "off"
 		document.cookie 			 = 'line_wrap=off'
 		File_textarea.style["white-space"] = "pre";
-		document.getElementById('w_on').style.textDecoration  = "none";
-		document.getElementById('w_off').style.textDecoration = "underline";
+		E('w_on').style.textDecoration  = "none";
+		E('w_off').style.textDecoration = "underline";
 	}
 	else {
 		on_off.value  				 = "on"
 		document.cookie				 = 'line_wrap=on'
 		File_textarea.style["white-space"] = "pre-wrap";
-		document.getElementById('w_on').style.textDecoration  = "underline";
-		document.getElementById('w_off').style.textDecoration = "none";
+		E('w_on').style.textDecoration  = "underline";
+		E('w_off').style.textDecoration = "none";
 	}
 
 	Correct_Word_Wrapping(File_textarea);
@@ -3922,7 +3941,7 @@ function Check_for_changes(event){
 	changed = (File_textarea.value != start_value);
 
 	if (changed){
-		document.getElementById('message_box').innerHTML = " "; //Must have a space, or it won't clear the msg.
+		E('message_box').innerHTML = " "; //Must have a space, or it won't clear the msg.
 		File_textarea.style.backgroundColor    = "white";
 		Save_File_button.style.borderColor	   = "#F33";
 		Save_File_button.innerHTML			   = "<?php echo hsc($_['save_2'])?>";
@@ -4065,11 +4084,11 @@ function Set_Line_Numbers(event) {
 
 	//*** common variables *******************************************
 
-	var wrapper		 = document.getElementById(wrapper_id);
-	var line_numbers = document.getElementById(line_numbers_id);
-	var listing 	 = document.getElementById(listing_id);
-	var line_zero    = document.getElementById(line0_id); //empty: used for char-width calc.
-	var line_one     = document.getElementById(line1_id); //<div>1</div> will contain the line numbers.
+	var wrapper		 = E(wrapper_id);
+	var line_numbers = E(line_numbers_id);
+	var listing 	 = E(listing_id);
+	var line_zero    = E(line0_id); //empty: used for char-width calc.
+	var line_one     = E(line1_id); //<div>1</div> will contain the line numbers.
 
 	line_zero.innerHTML = ""; //Just makin' sure. It's only used for the char_width calc.
 	
@@ -4130,20 +4149,20 @@ function Set_Line_Numbers(event) {
 
 
 //***** Global variables *********************************************
-var Main_div		   = document.getElementById('main');
-var Ln_Editor_wrapper  = document.getElementById('wrapper_linenums_editor');
-var Line_Numbers_div   = document.getElementById('line_numbers');
-var File_textarea      = document.getElementById('file_editor');
-var View_Raw_button    = document.getElementById('view_raw');
-var Wide_View_button   = document.getElementById('wide_view');
-var WYSIWYG_button	   = document.getElementById('edit_WYSIWYG');
-var Close_button       = document.getElementById('close1');
-var Toggle_Wrap		   = document.getElementById('toggle_wrap');
-var Save_File_button   = document.getElementById('save_file');
-var Reset_button       = document.getElementById('reset');
-var Rename_File_button = document.getElementById('renamefile_btn');
-var Copy_File_button   = document.getElementById('copyfile_btn');
-var Delete_File_button = document.getElementById('deletefile_btn');
+var Main_div		   = E('main');
+var Ln_Editor_wrapper  = E('wrapper_linenums_editor');
+var Line_Numbers_div   = E('line_numbers');
+var File_textarea      = E('file_editor');
+var View_Raw_button    = E('view_raw');
+var Wide_View_button   = E('wide_view');
+var WYSIWYG_button	   = E('edit_WYSIWYG');
+var Close_button       = E('close1');
+var Toggle_Wrap		   = E('toggle_wrap');
+var Save_File_button   = E('save_file');
+var Reset_button       = E('reset');
+var Rename_File_button = E('renamefile_btn');
+var Copy_File_button   = E('copyfile_btn');
+var Delete_File_button = E('deletefile_btn');
 
 var submitted  = false;
 var changed    = false;
@@ -4234,9 +4253,9 @@ function pwun_event_scripts($form_id, $button_id, $pwun='') {//*****************
 ?>
 
 <script>
-var $form          = document.getElementById('<?php echo $form_id ?>');
-var $submit_button = document.getElementById('<?php echo $button_id ?>');
-var $pwun_msg_box   = document.getElementById('message_box');
+var $form          = E('<?php echo $form_id ?>');
+var $submit_button = E('<?php echo $button_id ?>');
+var $pwun_msg_box   = E('message_box');
 var $thispage      = false; //Used to ignore keyup if keydown started on prior page.
 var $submitdown    = false; //Used in document.mouseup event
 
@@ -4283,18 +4302,18 @@ function events_up(event, capture_key) {
 
 
 function pre_validate_pwun() {
-	var $pw = document.getElementById('password');
+	var $pw = E('password');
 
 	var $username = $pw;
 	var $new1 	  = $pw;
 	var $new2 	  = $pw;
 
-	if (document.getElementById('username')){
-		$username = document.getElementById('username');
+	if (E('username')){
+		$username = E('username');
 	}
-	if (document.getElementById('new1')){
-		$new1 = document.getElementById('new1');
-		$new2 = document.getElementById('new2');
+	if (E('new1')){
+		$new1 = E('new1');
+		$new2 = E('new2');
 	}
 
 
@@ -4345,8 +4364,8 @@ function js_hash_scripts() {//**************************************************
 <script>
 //OneFileCMS wrapper function for using the hex_sha256() functions
 function hash($element_id) {
-	var $input = document.getElementById($element_id);
-	var $hash = trim($input.value); //trim() defined in common_scripts()
+	var $input = E($element_id);
+	var $hash = trim($input.value); //trim() defined in Common_Scripts()
 	var $SALT = '<?php echo $SALT ?>';
 	var $PRE_ITERATIONS = <?php echo $PRE_ITERATIONS ?>; //$PRE_ITERATIONS also used in hashit()
 	if ($hash.length < 1) {$input.value = $hash; return;} //Don't hash nothing.
@@ -4585,6 +4604,19 @@ function style_sheet() {//******************************************************
 .meta_T  { padding: 0 .5em; text-align: right; font: bold .9rem courier; color: #333}
 .meta_T2 { border: solid 1px black; background-color: white; font-size: 1rem; }
 
+input.perms {
+	display: inline-block;
+	width: 2.4rem;
+	padding: 2px 2px;
+	border: solid 1px transparent;
+	background-color: transparent;
+	text-align: right;
+}
+
+/* //##### remove/normalize bg color assignment once permissions are editable. ##### */
+input.perms:focus { border: solid 1px transparent; background-color: #DDD }
+td.perms { padding: 0; }
+
 #DIRECTORY_FOOTER {text-align: center; font-size: .9em; color: #333; padding: 3px 0 0 0; }
 
 
@@ -5016,7 +5048,7 @@ function Load_style_sheet() {//*************************************************
 
 Load_style_sheet();
 
-common_scripts();
+Common_Scripts();
 
 Error_reporting_status_and_early_output(0,0); //0,0 will only show early output.
 
@@ -5052,7 +5084,7 @@ function Load_style_sheet() {//*************************************************
 }//end footer
 
 echo "\n</div>\n"; //end main/login_page
-echo "</html>\n";
+echo "</html>\n";  //***********************************************************
 
 if ( ($page == "edit") && $WYSIWYG_VALID && $EDIT_WYSIWYG ) { include($WYSIWYG_PLUGIN_OS); }
 
@@ -5060,7 +5092,7 @@ function Load_style_sheet() {//*************************************************
 echo "\n\n<script>\n";
 echo 'var $tabindex_xbox = '.$TABINDEX_XBOX.";\n"; //Used in Display_Messages()
 echo 'var $page = "'.$page.'";'."\n";
-echo '$MESSAGE += "'.addslashes($MESSAGE).'";'."\n"; //js version of $MESSAGE is declared at top of common_scripts().
+echo '$MESSAGE += "'.addslashes($MESSAGE).'";'."\n"; //js version of $MESSAGE is declared at top of Common_Scripts().
 	    //Cause $MESSAGE's $X_box to take focus on these pages only.
 echo 'if (($page == "index") || ($page == "edit")) {take_focus = 1}'."\n";
 echo 'else										   {take_focus = 0}'."\n\n";
@@ -5079,9 +5111,10 @@ function Load_style_sheet() {//*************************************************
 if ($_SESSION['valid']) { echo Timeout_Timer($MAX_IDLE_TIME, 'timer0', 'LOGOUT'); }
 if ($page == 'edit')    { echo Timeout_Timer($MAX_IDLE_TIME, 'timer1', 'LOGOUT'); }
 if ($LOGIN_DELAYED > 0) { echo Timeout_Timer($LOGIN_DELAYED, 'timer0', ''); }
-//##### END OF FILE ############################################################
 
 //##### Header (UTF-8) for [View Raw] incorrect or not getting sent??
 //##### If file has non-ascii characters, browers display in ISO-8859-1/Windows-1252,
 //##### Except IE, which asks to download the file...
 //##### When browsers manually set to UTF-8, files display fine.
+
+//##### END OF FILE ############################################################

From 28fc252832aca40616aba39975e8872b3eb234c4 Mon Sep 17 00:00:00 2001
From: Self-Evident <selfevidenttruths@mail.com>
Date: Sun, 17 Sep 2017 17:31:17 -0400
Subject: [PATCH 209/228] Updated readme, change log, and optional external
 css.

---
 extras/OneFileCMS.css   | 144 +++++++++++++++++++++++++++++-----------
 info/changelog.markdown |   8 ++-
 readme.markdown         |  10 +--
 3 files changed, 117 insertions(+), 45 deletions(-)
 mode change 100644 => 100755 info/changelog.markdown

diff --git a/extras/OneFileCMS.css b/extras/OneFileCMS.css
index 85e6d80..31bb8a0 100755
--- a/extras/OneFileCMS.css
+++ b/extras/OneFileCMS.css
@@ -1,18 +1,23 @@
 /*******************************************************************************
-Sample, OPTIONAL, external style sheet for OneFileCMS v3.5.17
+Sample, OPTIONAL, external style sheet for OneFileCMS v3.6
+
+This is just a copy of the primary <style></style> section in OneFileCMS
 *******************************************************************************/
 
 /* --- reset --- */
 * { border : 0; outline: 0; margin: 0; padding: 0;
     font-family: inherit; font-weight: inherit; font-style : inherit;
-    font-size  : 100%; vertical-align: baseline; outline: none; }
+    font-size  : 100%; vertical-align: baseline; box-sizing: border-box; }
 
+:before, :after { box-sizing: border-box; } /*not currently used anywhere, but you never know...*/
 
 /* --- general formatting --- */
 
-html { background: linear-gradient(170deg, white, rgb(50, 120,190)); background-attachment: fixed;}
+html { background: linear-gradient(170deg, white, rgb(50, 120, 250)); background-attachment: fixed;}
+
+body { height: 100%; font-size: 1em; font-family: sans-serif; overflow-y: scroll; }
 
-body { height: 100%; font-size: 1em; font-family: sans-serif; } 
+svg { position: relative; top: 2px; }
 
 p, table, ol { margin-bottom: .6em;}
 
@@ -37,6 +42,7 @@ pre { background: white; border: 1px solid #777; padding: .2em; margin: 0; }
 input[type="text"]     { width: 100%; border: 1px solid #777; padding: 1px 1px 1px 0; font : 1em Courier; }
 input[type="password"] { width: 100%; border: 1px solid #777; padding: 0   1px 0   0; }
 input[type="file"]     { width: 100%; border: 1px solid #777; background-color: white; margin: 0; }
+input[type="radio"]    { margin: 0 1px 2px 3px; vertical-align: middle; cursor : pointer; }
 
 input[readonly]        { color: #333; background-color: #EEE; }
 input[disabled]        { color: #555; background-color: #EEE; }
@@ -47,10 +53,14 @@ input:hover  { background-color: rgb(255,250,150); }
 /*-- Must be after input:focus, as it alters border --*/
 input[type="checkbox"] { cursor: pointer; border: none;}
 
+button, .button {border-radius: 5px;}
+
 button:hover  { background-color: rgb(255,250,150); border-color: #333;}
 button:focus  { background-color: rgb(255,250,150); border-color: #333;}
 button:active { background-color: rgb(245,245,50);  border-color: #333;}
 
+button:active, .button:active{ position:relative; top :1px; left:1px; }
+
 /* --- layout --- */
 
 #main {
@@ -85,26 +95,20 @@ button:active { background-color: rgb(245,245,50);  border-color: #333;}
 	}
 
 
-#message_box { border: none; margin: .5em 0 0 0; padding: 0; min-height: 1.88em;}
+#message_box { border: none; margin: .5em 0 .5em 0; padding: 0; min-height: 1.88em;}
 
 .message_box_contents { border: 1px solid gray; padding: 3px 2px 2px 4px; background: #FFF000; }
 
-#message_box #message_left {
-	float  : left;
-	margin : 0;
-	padding: 0;
-	border : none;
-	font-weight : 900;
-	}
+#message_box #message_left {float: left; margin: 0; padding: 0; border: none; font-weight: 900; }
 
 #message_box  #X_box {
 	display: block;
 	float  : right;
 	margin : 0;
-	padding: 0 2px 0 3px;
+	padding: 0px 0px 0 1px;
 	border : 1px solid gray;
-	font   : 16pt courier;
-	line-height: 18px;
+	font-size  : 20px;
+	line-height: 16px;
 	background : #EEE;
 	}
 
@@ -117,7 +121,7 @@ button:active { background-color: rgb(245,245,50);  border-color: #333;}
 
 /* ------ INDEX Page ------ */
 
-#index_page_buttons     { margin: 0 0 0 0; }
+#index_page_buttons     { margin: 0; }
 #index_page_buttons div { display: inline-block; vertical-align: bottom; }
 
 
@@ -139,12 +143,12 @@ button:active { background-color: rgb(245,245,50);  border-color: #333;}
 /*** Directory list file select boxes ***/
 /*ckbox is assigned to <div>'s etc that contain <input type=checkbox>*/
 .ckbox        {padding: 4px 4px 2px 4px; display: inline-block;}
-.ckbox:hover  {background-color: rgb(255,240,100);} 
+.ckbox:hover  {background-color: rgb(255,240,140);} 
 .ckbox:active {background-color: rgb(245,245, 50);}
 
 /* Slightly darker colors for [m][c][d] file options since they are small & less noticable*/
-.MCD:hover  {background-color: rgb(255,240,100);}
-.MCD:focus  {background-color: rgb(250,240,100);}
+.MCD:hover  {background-color: rgb(255,240,140);}
+.MCD:focus  {background-color: rgb(255,240,140);}
 .MCD:active {background-color: rgb(245,245, 50);}
 
 
@@ -214,10 +218,24 @@ th.file_name {min-width: 15em}
 #header_sorttype:focus {border-color: silver;}
 
 .file_name { max-width: 26em; }
-.file_size { min-width:  6em; padding-left: 10px; }
-.file_time { min-width: 10em; padding-left: 10px; }
+.file_size { min-width:  6em; }
+.file_time { min-width: 10em; }
 
-.meta_T { padding-right: 4px; text-align: right; font-family: courier; font-size: .9em; color: #222; }
+.meta_T  { padding: 0 .5em; text-align: right; font: bold .9rem courier; color: #333}
+.meta_T2 { border: solid 1px black; background-color: white; font-size: 1rem; }
+
+input.perms {
+	display: inline-block;
+	width: 2.4rem;
+	padding: 2px 2px;
+	border: solid 1px transparent;
+	background-color: transparent;
+	text-align: right;
+}
+
+/* //##### remove/normalize bg color assignment once permissions are editable. ##### */
+input.perms:focus { border: solid 1px transparent; background-color: #DDD }
+td.perms { padding: 0; }
 
 #DIRECTORY_FOOTER {text-align: center; font-size: .9em; color: #333; padding: 3px 0 0 0; }
 
@@ -226,15 +244,16 @@ th.file_name {min-width: 15em}
 .front_links { float: right; }
  
 .front_links a {
-	display: inline-block;
-	margin-top  : .2em;
+	display		: inline-block;
 	border      : 1px solid #777;
 	font-size   : 1em;  /*Adjusted by langauge files*/
 	margin-left : 1em;  /*Adjusted by langauge files*/
 	padding     : 3px 5px 2px 4px; /*TRBL*/
 	background-color: #EEE;
+	border-radius: 5px;
 	}
 
+.front_links svg { position: relative; top: 1px; margin-right: 5px; }
 
 /*These must go after .front_links and other style that affect <a> tags*/
 a { border: 1px solid transparent; text-decoration: none; }
@@ -245,21 +264,21 @@ a:active { border: 1px solid #333; background-color: rgb(245,245,50);  }
 
 /*** [Move] [Copy] [Delete] ***/
 
-#mcd_submit { margin: 0; height: 1.8em; }
+#mcd_submit { margin: 0; }
 
 #mcd_submit button {
-	height   : 1.55em;
+	height   : 1.75em;
 	cursor   : pointer;
 	border   : 1px solid #777;
-	padding  : 0px 4px 0px 3px; /*TRBL*/
-	margin-top  :  .5em;  /* Helps align bottoms with New & Upload buttons */
-	margin-left : 0.0em;  /* no longer needs adjusted by langauge files */
+	padding  : 0px 3px 0px 2px; /*TRBL*/
 	margin-right: 1.0em;  /* Adjusted by language files */
 	font-size: .9em;
 	color    : rgb(100,45,0);
 	background-color: #EEE;
 	}
 
+#mcd_submit svg { margin-right: 5px; }
+
 #mcd_submit button:focus  { border: 1px solid #333; background-color: rgb(255,250,150); }
 #mcd_submit button:hover  { border: 1px solid #333; background-color: rgb(255,250,150); }
 #mcd_submit button:active { border: 1px solid #333; background-color: rgb(245,245, 50); }
@@ -316,15 +335,61 @@ a:active { border: 1px solid #333; background-color: rgb(245,245,50);  }
 
 .view_file { font: .9em Courier; background-color: #F8F8F8; }
 
+
+
+#wrapper_linenums_editor {
+	vertical-align	: top;
+	white-space		: nowrap;
+	padding			: 0px;
+	border			: none;
+	width		 	: 100%;
+}
+
+#line_numbers, #file_editor {
+	vertical-align  : top;
+	display			: inline-block;
+	height			: 40em;
+	white-space		: pre;
+	margin			: 0;
+	font			: normal .9em courier;
+}
+
+
+#line_numbers {
+	min-width	: 3.1em;  /* Must be wider than scroll-bar left-right arrows, or no scrollbar appears. */
+	padding		: 1px .3em 0 .2em;
+	border		: 1px solid #777;
+	background	: #ccc;
+	color		: #444;
+	overflow-y	: hidden;
+	overflow-x  : scroll;  /*This may be grayed out, but provides visual consistancy with #file_editor.*/
+	text-align	: right;
+	float		: left;  /*only needed to help eliminate whitespace between #line_numbers & #file_editor*/
+}
+
+#line_0, #line_1 {margin: 0; display: inline-block; }
+
 #file_editor {
-	border: 1px solid #999;
-	font  : .9em Courier;
-	margin: 0 0 .7em 0;
-	width : 99.8%;
-	height: 32em;
+	font  	   : .9em Courier;
+	border	   : 1px solid #777;
+	width      : 96%;		/* Dynamically set by Set_File_Textarea_Width(), base on Normal or Wide view. */
+	margin	   : 0 0 .7em 2px;
+	padding    : 1px 0 0 3px;
+	overflow   : scroll;
+	word-wrap  : normal;
+	word-break : break-all;
+	white-space: pre-wrap;
+	resize     : none;
+
+	color 			: black; /* Default. May make themeable, along with background-color. Someday... */
+	background-color: white; /* Set in Reset_file_status_indicators() and Check_for_changes() */
 	}
 
-#file_editor:focus { border: 1px solid #000; }
+
+#file_editor:focus { border-color: #000; }
+
+.tab_size {	tab-size: 8; -o-tab-size: 8; -moz-tab-size: 8;  }
+
 
 .file_meta	{ float: left; margin-top: .6em; font-size: .95em; color: #222; }
 
@@ -333,6 +398,9 @@ a:active { border: 1px solid #333; background-color: rgb(245,245,50);  }
 .notes      { margin-bottom: .4em; }
 
 
+
+
+
 /* --- log in --- */
 
 #login_page {
@@ -413,7 +481,7 @@ hr { /*-- -- -- -- -- -- --*/
 
 .timer {border: 1px solid #eee; padding: 3px .5em 4px .5em;}
 
-.timeout {float:right; font-size: .95em; color: #111;}
+.timeout {float:right; font-size: .95em; color: #111; padding-right: .3em;}
 
 .edit_btns_top {margin: .2em 0 .5em 0;}
 
@@ -425,13 +493,11 @@ hr { /*-- -- -- -- -- -- --*/
 
 .edit_btns_bottom {float: right;}
 .edit_btns_bottom .button { margin-left: .7em; } /*Adjusted by langauge files*/
-.edit_btns_bottom .RCD { padding-left: 5px; padding-right: 6px; }
-.edit_btns_bottom svg  { padding : 0 4px 0 0; }
 
 input[type="text"]#new_name {width  : 50%; margin-bottom: .2em;}
 #new_location {border-left: none;}
 
-#del_backup   { margin: 0; padding: 2px 5px}
+#del_backup   { margin: 0; padding: 2px 5px; border: 1px solid transparent;}
 
 /*** For old IE only: text "icons" for Rename, Copy, and Delete ***/
 .RCD1  {font: 900 7pt arial; padding: 0px 3px 0px 3px; margin: 0px; float: left}
diff --git a/info/changelog.markdown b/info/changelog.markdown
old mode 100644
new mode 100755
index 76913ac..d1b332b
--- a/info/changelog.markdown
+++ b/info/changelog.markdown
@@ -1,9 +1,15 @@
 # OneFileCMS Change Log
 
+### v3.6 (2017-09-17)
+
+- Fixed a minor bug in $ACCESS\_ROOT.
+- Did some prep work for editing of file permissions. Not yet editable.
+
+
 ### v3.5.23 (2017-09-08)
 
 - OneFileCMS is no longer restricted to just public_html.
-- Increased $MAX_EDIT_SIZE to 250000. (It could probably go higher.)
+- Increased $MAX\_EDIT\_SIZE to 250000. (It could probably go higher.)
 
 ### v3.5.22 (2017-09-05)
 
diff --git a/readme.markdown b/readme.markdown
index d4ad861..86a1961 100755
--- a/readme.markdown
+++ b/readme.markdown
@@ -7,9 +7,9 @@ OneFileCMS is a simple CMS (Content Management System) contained entirely in a s
 With basic editing, upload, and file managing functions, OneFileCMS can maintain an entire website completely in-browser without any external programs.
 
 ### Main screen:
-![OneFileCMS](http://self-evident.github.com/OneFileCMS/images/OFCMS_screenshot.03.png)
+![OneFileCMS](http://self-evident.github.com/OneFileCMS/images/OneFileCMS_screenshot_04.png)
 
-### Edit screen:
+###Edit screen:
 ![OneFileCMS](http://self-evident.github.com/OneFileCMS/images/OFCMS_screenshot_edit.02.png)
 
 --------------------------------------------------------------------------------
@@ -34,13 +34,13 @@ With basic editing, upload, and file managing functions, OneFileCMS can maintain
 ## <a name=features></a>Features
  
 - All the basic file management features like renaming, moving, copying, deleting, and uploading.
-- A basic text editor with line numbers.
 - Sort directory listings by file name, extension, size, or date.
 - Keyboard navigation of directory list. (Arrows, Page Up/Down, Home, End)
+- A basic text editor with line numbers.
 - A WYSIWYG editor may be added as a plugin.
 - A login delay after too many invalid login attempts.
 - Adjustable idle time before auto-logout.
-- Easily modifiable & re-brandable.
+- Easily modifiable.
 - Multi-language support.
 - Lots more...
 - <del>Possibly</del> The easiest installation process ever!
@@ -188,4 +188,4 @@ GENERATE/OUTPUT THE PAGE
 ## [Git Log](https://raw.github.com/Self-Evident/OneFileCMS/gh-pages/master-branch.git.log)
 
 
-<br><br><br><br>
+<br><br><br><br>
\ No newline at end of file

From 6c42bca3abe9685231032ecfc486d8dc5a909744 Mon Sep 17 00:00:00 2001
From: Self-Evident <selfevidenttruths@mail.com>
Date: Sun, 17 Sep 2017 18:00:49 -0400
Subject: [PATCH 210/228] Updated a couple typos in the readme.

---
 readme.markdown | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/readme.markdown b/readme.markdown
index 86a1961..946739b 100755
--- a/readme.markdown
+++ b/readme.markdown
@@ -7,9 +7,9 @@ OneFileCMS is a simple CMS (Content Management System) contained entirely in a s
 With basic editing, upload, and file managing functions, OneFileCMS can maintain an entire website completely in-browser without any external programs.
 
 ### Main screen:
-![OneFileCMS](http://self-evident.github.com/OneFileCMS/images/OneFileCMS_screenshot_04.png)
+![OneFileCMS](http://self-evident.github.com/OneFileCMS/images/OFCMS_screenshot_04.png)
 
-###Edit screen:
+### Edit screen:
 ![OneFileCMS](http://self-evident.github.com/OneFileCMS/images/OFCMS_screenshot_edit.02.png)
 
 --------------------------------------------------------------------------------

From 7c9bee3e6a1bc0fb9c330df4aebc0118e77125dd Mon Sep 17 00:00:00 2001
From: Self-Evident <selfevidenttruths@mail.com>
Date: Sun, 17 Sep 2017 18:15:40 -0400
Subject: [PATCH 211/228] Updated another stupid typo in the readme.

---
 readme.markdown | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/readme.markdown b/readme.markdown
index 946739b..d1ea715 100755
--- a/readme.markdown
+++ b/readme.markdown
@@ -7,7 +7,7 @@ OneFileCMS is a simple CMS (Content Management System) contained entirely in a s
 With basic editing, upload, and file managing functions, OneFileCMS can maintain an entire website completely in-browser without any external programs.
 
 ### Main screen:
-![OneFileCMS](http://self-evident.github.com/OneFileCMS/images/OFCMS_screenshot_04.png)
+![OneFileCMS](http://self-evident.github.com/OneFileCMS/images/OFCMS_screenshot.04.png)
 
 ### Edit screen:
 ![OneFileCMS](http://self-evident.github.com/OneFileCMS/images/OFCMS_screenshot_edit.02.png)

From e58a5949803316a7e8c2f0801c8c480ccdcc7336 Mon Sep 17 00:00:00 2001
From: Self-Evident <selfevidenttruths@mail.com>
Date: Mon, 18 Sep 2017 01:22:05 -0400
Subject: [PATCH 212/228] Version 3.6.01

Fixed minor issue of not showing site's favicon next to site name.
Fixed sort-of minor bug introduced in 3.5.23 on edit page:
  Wasn't showing images, and couldn't view file by clicking on filename in,
	Editing: filename
---
 info/changelog.markdown |  4 ++++
 onefilecms.php          | 41 ++++++++++++++++++++++++++---------------
 2 files changed, 30 insertions(+), 15 deletions(-)

diff --git a/info/changelog.markdown b/info/changelog.markdown
index d1b332b..9d73d85 100755
--- a/info/changelog.markdown
+++ b/info/changelog.markdown
@@ -1,5 +1,9 @@
 # OneFileCMS Change Log
 
+### v3.6.01 (2017-09-18)
+
+- Fixed a couple of minor display bugs.
+
 ### v3.6 (2017-09-17)
 
 - Fixed a minor bug in $ACCESS\_ROOT.
diff --git a/onefilecms.php b/onefilecms.php
index 631dda0..8e859bd 100755
--- a/onefilecms.php
+++ b/onefilecms.php
@@ -2,7 +2,7 @@
 
 // OneFileCMS - github.com/Self-Evident/OneFileCMS
 
-$OFCMS_version = '3.6';
+$OFCMS_version = '3.6.01';
 
 
 
@@ -1298,22 +1298,30 @@ function Page_Header() {//******************************************************
 
 	$TABINDEX = 1; //Initial tabindex
 
+	$FAVICON = trim($FAVICON,' /');
+
 	$favicon_img = '';
-	if (file_exists($_SERVER['DOCUMENT_ROOT'].trim($FAVICON,' /'))) {
-		;//$favicon_img =  '<img src="/'.URLencode_path($FAVICON).'" alt="">';
+	if (file_exists($_SERVER['DOCUMENT_ROOT']."/".$FAVICON)) {
+		$favicon_img =  '<img src="/'.URLencode_path($FAVICON).'" alt="[favicon]">';
 	}
 
 	echo '<div id="header">';
 		echo '<a href="'.$ONESCRIPT.'" id="logo" tabindex='.$TABINDEX++.'>'.hsc($MAIN_TITLE).'</a> '.$OFCMS_version.' ';
 		
 		$on_php = '('.hsc($_['on']).'&nbsp;php&nbsp;'.phpversion().')';
-		if ($_SESSION["valid"]) { $on_php = '<a id=on_php tabindex='.$TABINDEX++.' href="'.$ONESCRIPT.'?p=phpinfo'.'" target=_blank>'.$on_php.'</a>';}
+		if ($_SESSION["valid"]) {
+			$on_php = '<a id=on_php tabindex='.($TABINDEX++).' href="'.$ONESCRIPT.'?p=phpinfo'.'" target=_blank>'.$on_php.'</a>';
+		}
 		echo $on_php;
 		
 		echo '<div class="nav">';
-			echo '<b><a id=website href="/" tabindex='.$TABINDEX++.' target="_blank">'.$favicon_img.' '.hsc($WEBSITE).'</a></b>';
-			if ($page != "login") {	echo ' | <a id=logout tabindex='.$TABINDEX++.' href="'.$ONESCRIPT.'?p=logout">'.hsc($_['Log_Out']).'</a>'; }
+			echo '<b><a id=website href="/" tabindex='.$TABINDEX++.' target="_blank">';
+			echo $favicon_img.' '.hsc($WEBSITE).'</a></b>';
+			if ($page != "login") {
+				echo ' | <a id=logout tabindex='.$TABINDEX++.' href="'.$ONESCRIPT.'?p=logout">'.hsc($_['Log_Out']).'</a>';
+			}
 		echo '</div><div class=clear></div>';
+		
 	echo '</div>';//<!-- end header -->
 }//end Page_Header() //*********************************************************
 
@@ -1337,7 +1345,7 @@ function Cancel_Submit_Buttons($submit_label) {//*******************************
 
 
 
-function show_image() {//*******************************************************
+function Show_Image($url) {//***************************************************
 	global $_, $filename, $MAX_IMG_W, $MAX_IMG_H;
 
 	$IMG = $filename;
@@ -1359,9 +1367,9 @@ function show_image() {//*******************************************************
 	echo hsc($_['show_img_msg_01']).round($SCALE*100).
 		 hsc($_['show_img_msg_02']).' '.$img_info[0].' x '.$img_info[1].').</p>';
 	echo '<div class=clear></div>'."\n";
-	echo '<a  href="/'.URLencode_path($IMG).'" target="_blank">'."\n";
-	echo '<img src="/'.URLencode_path($IMG).'" width="'.($img_info[$W] * $SCALE).'"></a>'."\n";
-}//end show_image() //**********************************************************
+	echo '<a  href="'.URLencode_path($url).'" target="_blank">'."\n";
+	echo '<img src="'.URLencode_path($url).'" width="'.($img_info[$W] * $SCALE).'"></a>'."\n";
+}//end Show_Image() //**********************************************************
 
 
 
@@ -2317,12 +2325,15 @@ function Edit_Page_Notes() {//**************************************************
 
 function Edit_Page() {//********************************************************
 	global $_, $filename, $filename_OS, $FILECONTENTS, $ETYPES, $ITYPES, $EX, $MESSAGE, $page,
-			$MAX_EDIT_SIZE, $MAX_VIEW_SIZE, $WYSIWYG_VALID, $IS_OFCMS;
+			$MAX_EDIT_SIZE, $MAX_VIEW_SIZE, $WYSIWYG_VALID, $IS_OFCMS, $DOC_ROOT;
 
+	//Get "path/filename" relative to root of website (instead of filesystem).
+	$len_doc_root = strlen(trim($DOC_ROOT,'/'));
+	$filename1 = substr($filename,$len_doc_root);
+
+	//Determine if a text editable file type
 	$filename_parts = explode(".", mb_strtolower($filename));
 	$ext = end($filename_parts);
-	
-	//Determine if a text editable file type
 	if ( in_array($ext, $ETYPES) ) { $text_editable = TRUE;  }
 	else                           { $text_editable = FALSE; }
 
@@ -2351,13 +2362,13 @@ function Edit_Page() {//********************************************************
 	else									  					 { $header2 = hsc($_['edit_h2_1']); }
 
 	echo '<h2 id="edit_header">'.$header2.' ';
-	echo '<a class="h2_filename" href="/'.URLencode_path($filename).'" target="_blank" title="'.hsc($_['Open_View']).'">';
+	echo '<a class="h2_filename" href="'.URLencode_path($filename1).'" target="_blank" title="'.hsc($_['Open_View']).'">';
 	echo hsc(basename($filename)).'</a>';
 	echo '</h2>'."\n";
 
 	Edit_Page_form($ext, $text_editable, $too_large_to_edit, $too_large_to_view, $file_ENC);
 
-	if ( in_array( $ext, $ITYPES) ) { show_image(); } //If image, show below the [Rename/Move] [Copy] [Delete] buttons
+	if ( in_array( $ext, $ITYPES) ) { Show_Image($filename1); } //If image, show below the [Rename/Move] [Copy] [Delete] buttons
 
 	echo '<div class=clear></div>';
 

From f108377b2bb837920bfd8db7fe5b11925068dcde Mon Sep 17 00:00:00 2001
From: Self-Evident <selfevidenttruths@mail.com>
Date: Mon, 18 Sep 2017 16:52:55 -0400
Subject: [PATCH 213/228] Version 3.6.02

Fixed minor tabindex bug introduced when added file permissions.
Check for and attempt to set session_save_path($user_tmp_path).
Increased default $PRE_ITERATIONS from 1000 to 10000. Had kept low as IE8 was slow.
  If IE8 support is needed, it can be changed back.
Removed a couple redundant $_[] language values:
   $_['login_txt_01']  = 'Username:';
   $_['login_txt_02']  = 'Password:';
A couple css tweaks.
---
 extras/OneFileCMS.config.SAMPLE.php |   8 +-
 extras/OneFileCMS.css               |   6 +-
 info/changelog.markdown             |   6 +
 languages/OneFileCMS.LANG.DE.php    | 199 ++++++++++++------------
 languages/OneFileCMS.LANG.EN.php    | 204 ++++++++++++------------
 languages/OneFileCMS.LANG.ES.php    | 199 ++++++++++++------------
 languages/OneFileCMS.LANG.NL.php    | 199 ++++++++++++------------
 languages/OneFileCMS.LANG.RU.php    | 199 ++++++++++++------------
 onefilecms.php                      | 231 ++++++++++++++++------------
 9 files changed, 646 insertions(+), 605 deletions(-)

diff --git a/extras/OneFileCMS.config.SAMPLE.php b/extras/OneFileCMS.config.SAMPLE.php
index 419df3d..7fc9738 100755
--- a/extras/OneFileCMS.config.SAMPLE.php
+++ b/extras/OneFileCMS.config.SAMPLE.php
@@ -1,6 +1,6 @@
 <?php 
 // OneFileCMS - github.com/Self-Evident/OneFileCMS
-// v3.5.23
+// v3.6.02
 // Sample external config file - this file is OPTIONAL.
 //
 // Basically, what follows is just a copy & paste of the OneFileCMS CONFIGURABLE INFO section.
@@ -10,8 +10,8 @@
 $MAIN_TITLE = "OneFileCMS";
 
 $USERNAME = "username";
-$HASHWORD = "18350bc2181858e679605434735b1c2db6e7e4bb72b50a6d93d9ad1362f3e1c2";
-//$HASHWORD = "18350bc2181858e679605434735b1c2db6e7e4bb72b50a6d93d9ad1362f3e1c2"; //"password" with $PRE_ITERATIONS = 1000
+$HASHWORD = "5ccc11367dc9fc18822100df2149464a64c8992fc0de9cce2a7a451360491650";
+//$HASHWORD = "5ccc11367dc9fc18822100df2149464a64c8992fc0de9cce2a7a451360491650"; //"password" with $PRE_ITERATIONS = 10000
 $SALT     = 'somerandomsalt';
 
 $MAX_ATTEMPTS  = 3;    //Max failed login attempts before LOGIN_DELAY starts.
@@ -58,7 +58,7 @@
 
 $SESSION_NAME = 'OFCMS'; //Name of session cookie. Change if using multiple copies of OneFileCMS concurrently.
 
-//Optional: restrict access to a particular sub folder.
+//Optional: restrict access to a particular sub folder from root.
 //$ACCESS_ROOT = '/some/path';
 //If blank or invalid, default is $_SERVER['DOCUMENT_ROOT'].
 //$ACCESS_ROOT = '/home/user';
diff --git a/extras/OneFileCMS.css b/extras/OneFileCMS.css
index 31bb8a0..7ac7db6 100755
--- a/extras/OneFileCMS.css
+++ b/extras/OneFileCMS.css
@@ -1,5 +1,5 @@
 /*******************************************************************************
-Sample, OPTIONAL, external style sheet for OneFileCMS v3.6
+Sample, OPTIONAL, external style sheet for OneFileCMS v3.6.02
 
 This is just a copy of the primary <style></style> section in OneFileCMS
 *******************************************************************************/
@@ -39,8 +39,8 @@ label { font-size : 1em; font-weight: bold; }
 
 pre { background: white; border: 1px solid #777; padding: .2em; margin: 0; }
 
-input[type="text"]     { width: 100%; border: 1px solid #777; padding: 1px 1px 1px 0; font : 1em Courier; }
-input[type="password"] { width: 100%; border: 1px solid #777; padding: 0   1px 0   0; }
+input[type="text"]     { width: 100%; border: 1px solid #777; padding: 1px; font : 1em Courier; }
+input[type="password"] { width: 100%; border: 1px solid #777; padding: 1px 1px 0px 1px; }
 input[type="file"]     { width: 100%; border: 1px solid #777; background-color: white; margin: 0; }
 input[type="radio"]    { margin: 0 1px 2px 3px; vertical-align: middle; cursor : pointer; }
 
diff --git a/info/changelog.markdown b/info/changelog.markdown
index 9d73d85..64c9776 100755
--- a/info/changelog.markdown
+++ b/info/changelog.markdown
@@ -1,5 +1,11 @@
 # OneFileCMS Change Log
 
+### v3.6.02 (2017-09-18)
+
+- Fixed a minor bug with tabindex on directory listing page.
+- Increased default $PRE\_ITERATIONS from 1000 to 10000. Had kept low as IE8 was slow.
+- Now attempts to set a session\_save\_path() based on username. (default is /tmp, or /var/lib/php5/, etc)
+
 ### v3.6.01 (2017-09-18)
 
 - Fixed a couple of minor display bugs.
diff --git a/languages/OneFileCMS.LANG.DE.php b/languages/OneFileCMS.LANG.DE.php
index 8c7a90a..071fecb 100755
--- a/languages/OneFileCMS.LANG.DE.php
+++ b/languages/OneFileCMS.LANG.DE.php
@@ -1,5 +1,5 @@
 <?php
-// OneFileCMS Language Settings v3.5.23
+// OneFileCMS Language Settings v3.6.02
 
 $_['LANGUAGE'] = 'Deutsch';
 $_['LANG'] = 'DE';
@@ -30,81 +30,81 @@
 $_['HTML']    = 'HTML';
 $_['WYSIWYG'] = 'WYSIWYG'; //## NT ##
 
-$_['Admin']    = 'Konfiguration';
-$_['bytes']    = 'Bytes';
-$_['Cancel']   = 'Abbrechen';
-$_['cancelled'] = 'abgebrochen';
-$_['Close']    = 'Schließen';
-$_['Copy']     = 'Erstellen';
-$_['Copied']   = 'Kopieren';
-$_['Create']   = 'Kopiert';
-$_['Date']     = 'Datum';
-$_['Delete']   = 'Löschen';
-$_['DELETE']   = 'LÖSCHEN';
-$_['Deleted']  = 'Gelöschte';
-$_['Edit']     = 'Bearbeiten';
-$_['Enter']    = 'Eintreten';
-$_['Error']    = 'Fehler';
-$_['errors']   = 'Fehler';
-$_['ext']      = 'ext';
-$_['File']     = 'Datei';
-$_['files']    = 'files';   //## NT ##
-$_['Folder']   = 'Ordner';
-$_['folders']  = 'Verzeichnisse';
-$_['From']     = 'Von';
-$_['Hash']     = 'Streuwert';
-$_['Invalid']  = 'Invalid'; //## NT ##
-$_['Move']     = 'Verschieben';
-$_['Moved']    = 'Verschoben';
-$_['Name']     = 'Name';    //## NT ##
-$_['on']       = 'läuft unter';
-$_['off']      = 'aus';
-$_['Password'] = 'Passwort';
-$_['Rename']   = 'Umbenennen';
-$_['reset']    = 'Zurücksetzen';
-$_['save_1']   = 'Speichern';
-$_['save_2']   = 'ÄNDERUNGEN SPEICHERN';
-$_['Size']     = 'Größe';
-$_['Source']   = 'Source';  //## NT ##
+$_['Admin']      = 'Konfiguration';
+$_['bytes']      = 'Bytes';
+$_['Cancel']     = 'Abbrechen';
+$_['cancelled']  = 'abgebrochen';
+$_['Close']      = 'Schließen';
+$_['Copy']       = 'Erstellen';
+$_['Copied']     = 'Kopieren';
+$_['Create']     = 'Kopiert';
+$_['Date']       = 'Datum';
+$_['Delete']     = 'Löschen';
+$_['DELETE']     = 'LÖSCHEN';
+$_['Deleted']    = 'Gelöschte';
+$_['Edit']       = 'Bearbeiten';
+$_['Enter']      = 'Eintreten';
+$_['Error']      = 'Fehler';
+$_['errors']     = 'Fehler';
+$_['ext']        = 'ext';
+$_['File']       = 'Datei';
+$_['files']      = 'files';   //## NT ##
+$_['Folder']     = 'Ordner';
+$_['folders']    = 'Verzeichnisse';
+$_['From']       = 'Von';
+$_['Hash']       = 'Streuwert';
+$_['Invalid']    = 'Invalid'; //## NT ##
+$_['Move']       = 'Verschieben';
+$_['Moved']      = 'Verschoben';
+$_['Name']       = 'Name';    //## NT ##
+$_['on']         = 'läuft unter';
+$_['off']        = 'aus';
+$_['Password']   = 'Passwort';
+$_['Rename']     = 'Umbenennen';
+$_['reset']      = 'Zurücksetzen';
+$_['save_1']     = 'Speichern';
+$_['save_2']     = 'ÄNDERUNGEN SPEICHERN';
+$_['Size']       = 'Größe';
+$_['Source']     = 'Source';  //## NT ##
 $_['successful'] = 'Erfolgreich';
-$_['To']       = 'Auf';
-$_['Upload']   = 'Heraufladen';
-$_['Username'] = 'Benutzername';
+$_['To']         = 'Auf';
+$_['Upload']     = 'Heraufladen';
+$_['Username']   = 'Benutzername';
+$_['View']       = 'Aussicht';
+$_['Working']    = 'Working - please wait...'; //## NT ##
 
-$_['View']            = 'Aussicht';
-$_['Working']         = 'Working - please wait...'; //## NT ##
-$_['Log_In']          = 'Anmelden';
-$_['Log_Out']         = 'Abmelden';
-$_['Admin_Options']   = 'Konfiguration Optionen';
-$_['Are_you_sure']    = 'Sind Sie sicher?';
-$_['View_Raw']        = 'View Raw'; //## NT ##
-$_['Open_View']       = 'Ansicht im Browser-Fenster';
-$_['Edit_View']       = 'Datei Bearbeiten / Ansicht';
-$_['Wide_View']       = 'Breitenadaptierte Ansicht';
-$_['Normal_View']     = 'Normale Ansicht';
-$_['Word_Wrap']       = 'Word Wrap'; //## NT ##
-$_['Line_Wrap']       = 'Line Wrap'; //## NT ##
-$_['Upload_File']     = 'Datei heraufladen';
-$_['New_File']        = 'Neuer Datei';
-$_['Ren_Move']        = 'Umbenennen / Verschieben';
-$_['Ren_Moved']       = 'Umbenannt / Verschoben';
-$_['folders_first']   = 'folders first'; //## NT ##
+$_['Log_In']             = 'Anmelden';
+$_['Log_Out']            = 'Abmelden';
+$_['Admin_Options']      = 'Konfiguration Optionen';
+$_['Are_you_sure']       = 'Sind Sie sicher?';
+$_['View_Raw']           = 'View Raw'; //## NT ##
+$_['Open_View']          = 'Ansicht im Browser-Fenster';
+$_['Edit_View']          = 'Datei Bearbeiten / Ansicht';
+$_['Wide_View']          = 'Breitenadaptierte Ansicht';
+$_['Normal_View']        = 'Normale Ansicht';
+$_['Word_Wrap']          = 'Word Wrap'; //## NT ##
+$_['Line_Wrap']          = 'Line Wrap'; //## NT ##
+$_['Upload_File']        = 'Datei heraufladen';
+$_['New_File']           = 'Neuer Datei';
+$_['Ren_Move']           = 'Umbenennen / Verschieben';
+$_['Ren_Moved']          = 'Umbenannt / Verschoben';
+$_['folders_first']      = 'folders first'; //## NT ##
 $_['folders_first_info'] = 'Sort folders first, but don\'t change primary sort.'; //## NT ##
-$_['New_Folder']      = 'Neuer Ordner';
-$_['Ren_Folder']      = 'Ordner umbenennen/verschieben';
-$_['Submit']          = 'Anfrage senden';
-$_['Move_Files']      = 'Datei Verschieben';
-$_['Copy_Files']      = 'Datei Kopieren';
-$_['Del_Files']       = 'Datei Löschen';
-$_['Selected_Files']  = 'Ausgewählte Dateien';
-$_['Select_All']      = 'Alles auswählen';
-$_['Clear_All']       = 'Deaktivieren Sie alle';
-$_['New_Location']    = 'Neuer Ordner';
-$_['No_files']        = 'Keine Dateien ausgewählt.';
-$_['Not_found']       = 'Nicht gefunden';
+$_['New_Folder']         = 'Neuer Ordner';
+$_['Ren_Folder']         = 'Ordner umbenennen/verschieben';
+$_['Submit']             = 'Anfrage senden';
+$_['Move_Files']         = 'Datei Verschieben';
+$_['Copy_Files']         = 'Datei Kopieren';
+$_['Del_Files']          = 'Datei Löschen';
+$_['Selected_Files']     = 'Ausgewählte Dateien';
+$_['Select_All']         = 'Alles auswählen';
+$_['Clear_All']          = 'Deaktivieren Sie alle';
+$_['New_Location']       = 'Neuer Ordner';
+$_['No_files']           = 'Keine Dateien ausgewählt.';
+$_['Not_found']          = 'Nicht gefunden';
+$_['Invalid_path']       = 'Invalid path'; //## NT ##
+$_['must_be_decendant']  = '$DEFAULT_PATH must be a decendant of, or equal to, $ACCESS_ROOT'; //## NT ##
 
-$_['Invalid_path']      = 'Invalid path'; //## NT ##
-$_['must_be_decendant'] = '$DEFAULT_PATH must be a decendant of, or equal to, $ACCESS_ROOT'; //## NT ##
 $_['verify_msg_01']     = 'Sitzung abgelaufen.';
 $_['verify_msg_02']     = 'UNGÜLTIGE DATENSENDUNG';
 $_['get_get_msg_01']    = 'Die Datei wurde nicht gefunden:';
@@ -114,9 +114,9 @@
 $_['ord_msg_01']        = 'Eine Datei mit demselben Namen existiert bereits im Zielverzeichnis.';
 $_['ord_msg_02']        = 'Speichern als';
 $_['rCopy_msg_01']      = 'Ein Ordner kann nicht in einer eigenen Sub-Ordner kopiert werden.';
+$_['show_img_msg_01']   = 'Die Bilddarstellung entspricht ~';
+$_['show_img_msg_02']   = '% der wahren Größe (W x H = ';
 
-$_['show_img_msg_01'] = 'Die Bilddarstellung entspricht ~';
-$_['show_img_msg_02'] = '% der wahren Größe (W x H = ';
 $_['hash_txt_01']   = 'Die Streuwert von dieser Seite erzeugt wird, kann verwendet werden, um manuell zu aktualisieren $ HASHWORD in OneFileCMS, oder in einer externen Konfigurationsdatei werden. In jedem Fall sicher, dass Sie das Kennwort erinnern verwendet, um den Streuwert zu generieren!';
 $_['hash_txt_06']   = 'Tippen Sie das gewünschte Passwort in das Eingabefeld und drücken Sie Enter.';
 $_['hash_txt_07']   = 'Der Streuwert wird in einer gelben Box überhalb angezeigt werden.';
@@ -124,55 +124,53 @@
 $_['hash_txt_09']   = 'Stellen Sie sicher, dass Sie den GESAMTEN Streuwert -- und nur diesen (keine führenden oder nachgestellten Leerzeichen, etc.) -- kopiert haben.';
 $_['hash_txt_10']   = 'Ein Doppelklick sollte den Streuwert auswählen...';
 $_['hash_txt_12']   = 'Wenn die Werte eingetragen wurden, melden Sie sich ab und wieder an.';
-
 $_['pass_to_hash']  = 'Passwort Streuwert:';
 $_['Generate_Hash'] = 'Streuwert generieren';
-$_['login_txt_01']  = 'Benutzername:';
-$_['login_txt_02']  = 'Passwort:';
+
 $_['login_msg_01a'] = 'Es wurden ';
 $_['login_msg_01b'] = ' ungültige Anmeldversuche gezählt.';
 $_['login_msg_02a'] = 'Bitte warten Sie ';
-
 $_['login_msg_02b'] = 'Sekunden, um es erneut zu probieren.';
 $_['login_msg_03']  = 'UNGÜLTIGER ANMELDEVERSUCH #';
+
 $_['edit_note_00']  = 'ANMKERUNG:';
 $_['edit_note_01a'] = 'Denken Sie immer daran: Ihre ';
 $_['edit_note_01b'] = ' ist ';
+$_['edit_note_02']  = 'Speichern Sie Änderungen bevor der Countdown abläuft, oder die Änderungen sind verloren!';
+$_['edit_note_03']  = 'Einige Browser (wie zum Beispiel Chrome) zeigen eventuell nicht den richtigen Dateistatus an, wenn man die Vor- und Zurückknöpfe verwendet. Zum Korrigieren offensichtlich falscher Angaben drücken Sie in so einem Fall bitte den "Neu laden"-Knopf.';
 
-$_['edit_note_02'] = 'Speichern Sie Änderungen bevor der Countdown abläuft, oder die Änderungen sind verloren!';
-$_['edit_note_03'] = 'Einige Browser (wie zum Beispiel Chrome) zeigen eventuell nicht den richtigen Dateistatus an, wenn man die Vor- und Zurückknöpfe verwendet. Zum Korrigieren offensichtlich falscher Angaben drücken Sie in so einem Fall bitte den "Neu laden"-Knopf.';
 $_['edit_h2_1']   = 'Betrachtend: ';
 $_['edit_h2_2']   = 'In Bearbeitung: ';
 $_['edit_txt_00'] = 'Edit disabled.'; //## NT ##
 $_['edit_txt_01'] = 'Unbekannter Dateityp oder keine Textdatei. Bearbeitungsmöglichkeit ausgeschalten.';
 $_['edit_txt_02'] = 'Die Datei enthält möglicherweise ungültige Zeichen. Der Bearbeitungs- und Betrachtungsmodus wurde gesperrt.';
+$_['edit_txt_03'] = 'htmlspecialchars() gab eine leere Zeichenkette zurück.';
+$_['edit_txt_04'] = 'Das Verhalten kann je nach verwendeter PHP-Version unterschiedlich sein.';
 
-$_['edit_txt_03']          = 'htmlspecialchars() gab eine leere Zeichenkette zurück.';
-$_['edit_txt_04']          = 'Das Verhalten kann je nach verwendeter PHP-Version unterschiedlich sein.';
 $_['too_large_to_edit_01'] = 'Bearbeiten deaktiviert. Dateigröße >';
 $_['too_large_to_edit_02'] = 'Einige Browser (wie zum Beispiel der Internet Explorer) bleiben stecken oder werden instabil, sobald größere Textmengen in einer HTML <textarea> bearbeitet werden.';
 $_['too_large_to_edit_03'] = 'Die Einstellung $MAX_EDIT_SIZE im Konfigurationsbereich des OneFileCMS kann nach den Erfordernissen angepaßt werden.';
 $_['too_large_to_edit_04'] = 'Mittels einfachem Trial & Error kann das optimale Limit für einen bestimmten Browser und Computer festgestellt werden.';
 $_['too_large_to_view_01'] = 'Betrachtungsmodus deaktiviert. Filesize > ';
 $_['too_large_to_view_02'] = 'Klicken Sie auf den Dateinamen überhalb, um die Datei direkt im Browser anzuzeigen.';
-
 $_['too_large_to_view_03'] = 'Adjustieren Sie die $MAX_VIEW_SIZE im Konfigurationsbereich von OneFileCMS nach Ihren Bedürfnissen.';
 $_['too_large_to_view_04'] = '(The default value for $MAX_VIEW_SIZE is completely arbitrary, and may be adjusted as desired.)'; //## NT ##
 
 $_['meta_txt_01'] = 'Dateigröße:';
 $_['meta_txt_03'] = 'Aktualisiert:';
-$_['edit_msg_01'] = 'Die Datei wurde gespeichert:';
 
+$_['edit_msg_01'] = 'Die Datei wurde gespeichert:';
 $_['edit_msg_02'] = 'Bytes geschrieben.';
 $_['edit_msg_03'] = 'Bei dem Versuch die Datei zu speichern trat ein Fehler auf.';
+
 $_['upload_txt_03'] = 'Anmerkung: Die maximale Dateigröße für das Heraufladen von Dateien beträgt: ';
 $_['upload_txt_01'] = 'php.ini: upload_max_filesize';
 $_['upload_txt_04'] = 'Maximale Gesamt Upload-Größe:';
 $_['upload_txt_02'] = 'php.ini: post_max_size';
 $_['upload_txt_05'] = 'Für die hochgeladenen Dateien, die bereits existieren: ';
-
 $_['upload_txt_06'] = 'Umbenennen (Auf filename.ext.001 etc...)';
 $_['upload_txt_07'] = 'Überschreiben';
+
 $_['upload_err_01'] = 'Fehler 1: Datei zu groß. Von php.ini:';
 $_['upload_err_02'] = 'Fehler 2: Datei zu groß. (MAX_FILE_SIZE HTML form element)';
 $_['upload_err_03'] = 'Fehler 3: Die Datei wurde nur teilweise heraufgeladen.';
@@ -184,28 +182,29 @@
 
 $_['upload_error_01a'] = ' Fehler beim Heraufladen.  Die Gesamtmenge and heraufgeladenen Daten (in Hauptsache die Datei) überschreitet die post_max_size = ';
 $_['upload_error_01b'] = ' (der php.ini)';
+
 $_['upload_msg_02'] = 'Der Zielordner existiert nicht: ';
 $_['upload_msg_03'] = 'Das Heraufladen wurde abgebrochen.';
 $_['upload_msg_04'] = 'Heraufladen: ';
 $_['upload_msg_05'] = 'Das Heraufladen war erfolgreich! ';
-
 $_['upload_msg_06'] = 'Das Heraufladen ist fehlgeschlagen: ';
 $_['upload_msg_07'] = 'Eine bereits vorhandene Datei überschrieben wurde.';
+
 $_['new_file_txt_01'] = 'Die Datei wird im aktuellen Ordner erstellt.  ';
 $_['new_file_txt_02'] = 'Ungültige Zeichen für Dateinamen sind: ';
 $_['new_file_msg_01'] = 'Die neue Datei wurde nicht erstellt:';
 $_['new_file_msg_02'] = 'Der Name enthält ungültige Zeichen: ';
 $_['new_file_msg_04'] = 'Die Datei besteht bereits: ';
-
 $_['new_file_msg_05'] = 'Datei erstellt:';
 $_['new_file_msg_07'] = 'Ordner erstellt:';
+
 $_['CRM_txt_02'] = 'Der neue Ort muss bereits existieren.';
 $_['CRM_txt_04'] = 'Neuer Name';
 $_['CRM_msg_01'] = 'Fehler - der neue Zielort besteht nicht:';
 $_['CRM_msg_02'] = 'Fehler - die Quelldatei besteht nicht:';
+$_['CRM_msg_03'] = 'Fehler - die Zieldatei besteht bereits:';
+$_['CRM_msg_05'] = 'Fehler bei der';
 
-$_['CRM_msg_03']      = 'Fehler - die Zieldatei besteht bereits:';
-$_['CRM_msg_05']      = 'Fehler bei der';
 $_['delete_msg_03']   = 'Fehler löschen:';
 $_['session_warning'] = 'Achtung: Die sitzung wird ende bald!';
 $_['session_expired'] = 'SITZUNG ABGELAUFEN';
@@ -214,20 +213,19 @@
 $_['OFCMS_requires']  = 'OneFileCMS erfordert PHP';
 $_['logout_msg']      = 'Sie wurden erfolgreich abgemeldet.';
 $_['edit_caution_01'] = 'ACHTUNG ';
-
 $_['edit_caution_02'] = ' Sie bearbeiten gerade die aktive Version von OneFileCMS - Sichern Sie den Code und seien Sie vorsichtig !!';
-$_['time_out_txt'] = 'Automatischer Sitzungsstopp in:';
+$_['time_out_txt']    = 'Automatischer Sitzungsstopp in:';
+
 $_['error_reporting_01'] = 'Anzeigen von Fehlern ist';
 $_['error_reporting_02'] = 'Loggen von Fehlern ist';
 $_['error_reporting_03'] = 'Fehlerberichterstattung';
 $_['error_reporting_04'] = 'Anzeigen der Fehlertypen';
-
 $_['error_reporting_05'] = 'Unerwartete frühzeitige Ausgabe';
 $_['error_reporting_06'] = '(Nicht einmal Leerzeichen hätten ausgegeben werden sollen)';
+
 $_['admin_txt_00'] = 'Alte Sicherung gefunden';
 $_['admin_txt_01'] = 'Diese Datei wurde erstellt, da es während der Änderung des Passwortes oder des Benutzernamens zu einem Fehler gekommen ist. Diese Datei enthält somit eventuell veraltete Informationen und kann gelöscht werden, sofern sie nicht weiter von Ihnen benötigt wird.';
 $_['admin_txt_02'] = 'Allgemeine Information';
-
 $_['admin_txt_03'] = 'Session Path'; //## NT ##
 $_['admin_txt_04'] = 'Current Session File (changes every page load)';
 $_['admin_txt_14'] = 'Eine weitere, kleine Sicherheitsvorkehrung wäre, das Salz oder die Methode für die Streuwertgenerierung von OneFileCMS zu ändern.';
@@ -236,33 +234,34 @@
 $_['pw_current'] = 'Aktuelles Passwort';
 $_['pw_change']  = 'Passwort ändern';
 $_['pw_new']     = 'Neues Passwort';
-
 $_['pw_confirm'] = 'Bestätigen Sie das neue Password';
-$_['un_change'] = 'Benutzername ändern';
-$_['un_new'] = 'Neuer Benutzername';
+
+$_['un_change']  = 'Benutzername ändern';
+$_['un_new']     = 'Neuer Benutzername';
 $_['un_confirm'] = 'Bestätigen Sie den neuen Benutzernamen';
+
 $_['pw_txt_02'] = 'Regeln für Passwort / Benutzername:';
 $_['pw_txt_04'] = 'Groß-/Kleinschreibung wird berücksichtigt!';
 $_['pw_txt_06'] = 'Zumindest ein Zeichen, das nicht als Leerzeichen zählt, muss enthalten sein.';
-
 $_['pw_txt_08'] = 'Leerzeichen in der Mitte sind gültig. Beispiel: "This is a password or username!"';
 $_['pw_txt_10'] = 'Führende und angehängte Leerzeichen werden entfernt.';
 $_['pw_txt_12'] = 'Nur die aktive Kopie von OneFileCMS wird aktualisiert - es werden keine externen Konfigurationsdateien geändert.';
 $_['pw_txt_14'] = 'Wird ein ungültiges Passwort eingegeben, werden Sie abgemeldet. Sie können sich anschließend neu anmelden.';
+
 $_['change_pw_01'] = 'Passwort wurde geändert!';
 $_['change_pw_02'] = 'Passwort wurde nicht geändert.';
 $_['change_pw_03'] = 'Falsches (derzeitiges) Passwort. Bitte melden Sie sich an, um es erneut zu versuchen.';
-
 $_['change_pw_04'] = 'Die Werte der Felder "Neu" und "Bestätigen" gleichen sich nicht.';
 $_['change_pw_05'] = 'Aktualisierung';
-
 $_['change_pw_06'] = 'Externe Konfigurationsdatei';
-
 $_['change_pw_07'] = 'All fields are required.'; //## NT ##
+
 $_['change_un_01'] = 'Benutzername wurde geändert!';
 $_['change_un_02'] = 'Benutzername wurde nicht geändert.';
 
 $_['update_failed'] = 'Aktualisierung fehlgeschlagen - die Datei konnte nicht gespeichert werden.';
+
 $_['mcd_msg_01'] = 'Dateien verschoben.';
 $_['mcd_msg_02'] = 'Dateien kopiert.';
 $_['mcd_msg_03'] = 'Dateien gelöscht.';
+
diff --git a/languages/OneFileCMS.LANG.EN.php b/languages/OneFileCMS.LANG.EN.php
index c0e40bc..af9ecd3 100755
--- a/languages/OneFileCMS.LANG.EN.php
+++ b/languages/OneFileCMS.LANG.EN.php
@@ -1,5 +1,5 @@
 <?php
-// OneFileCMS Language Settings v3.5.23
+// OneFileCMS Language Settings v3.6.02
 
 $_['LANGUAGE'] = 'English';
 $_['LANG'] = 'EN';
@@ -30,81 +30,81 @@
 $_['HTML']    = 'HTML';
 $_['WYSIWYG'] = 'WYSIWYG';
 
-$_['Admin']    = 'Admin';
-$_['bytes']    = 'bytes';
-$_['Cancel']   = 'Cancel';
-$_['cancelled'] = 'cancelled';
-$_['Close']    = 'Close';
-$_['Copy']     = 'Copy';
-$_['Copied']   = 'Copied';
-$_['Create']   = 'Create';
-$_['Date']     = 'Date';
-$_['Delete']   = 'Delete';
-$_['DELETE']   = 'DELETE';
-$_['Deleted']  = 'Deleted';
-$_['Edit']     = 'Edit';
-$_['Enter']    = 'Enter';
-$_['Error']    = 'Error';
-$_['errors']   = 'errors';
-$_['ext']      = '.ext';    //## NT ## filename[.ext]ension
-$_['File']     = 'File';
-$_['files']    = 'files';
-$_['Folder']   = 'Folder';
-$_['folders']  = 'folders';
-$_['From']     = 'From';
-$_['Hash']     = 'Hash';
-$_['Invalid']  = 'Invalid'; //## NT ## as of 3.5.23
-$_['Move']     = 'Move';
-$_['Moved']    = 'Moved';
-$_['Name']     = 'Name';
-$_['on']       = 'on';
-$_['off']      = 'off';
-$_['Password'] = 'Password';
-$_['Rename']   = 'Rename';
-$_['reset']    = 'Reset';
-$_['save_1']   = 'Save';
-$_['save_2']   = 'SAVE CHANGES';
-$_['Size']     = 'Size';
-$_['Source']   = 'Source';
+$_['Admin']      = 'Admin';
+$_['bytes']      = 'bytes';
+$_['Cancel']     = 'Cancel';
+$_['cancelled']  = 'cancelled';
+$_['Close']      = 'Close';
+$_['Copy']       = 'Copy';
+$_['Copied']     = 'Copied';
+$_['Create']     = 'Create';
+$_['Date']       = 'Date';
+$_['Delete']     = 'Delete';
+$_['DELETE']     = 'DELETE';
+$_['Deleted']    = 'Deleted';
+$_['Edit']       = 'Edit';
+$_['Enter']      = 'Enter';
+$_['Error']      = 'Error';
+$_['errors']     = 'errors';
+$_['ext']        = '.ext';    //## NT ## filename[.ext]ension
+$_['File']       = 'File';
+$_['files']      = 'files';
+$_['Folder']     = 'Folder';
+$_['folders']    = 'folders';
+$_['From']       = 'From';
+$_['Hash']       = 'Hash';
+$_['Invalid']    = 'Invalid'; //## NT ## as of 3.5.23
+$_['Move']       = 'Move';
+$_['Moved']      = 'Moved';
+$_['Name']       = 'Name';
+$_['on']         = 'on';
+$_['off']        = 'off';
+$_['Password']   = 'Password';
+$_['Rename']     = 'Rename';
+$_['reset']      = 'Reset';
+$_['save_1']     = 'Save';
+$_['save_2']     = 'SAVE CHANGES';
+$_['Size']       = 'Size';
+$_['Source']     = 'Source';
 $_['successful'] = 'successful';
-$_['To']       = 'To';
-$_['Upload']   = 'Upload';
-$_['Username'] = 'Username';
+$_['To']         = 'To';
+$_['Upload']     = 'Upload';
+$_['Username']   = 'Username';
+$_['View']       = 'View';
+$_['Working']    = 'Working - please wait...';
 
-$_['View']            = 'View';
-$_['Working']         = 'Working - please wait...';
-$_['Log_In']          = 'Log In';
-$_['Log_Out']         = 'Log Out';
-$_['Admin_Options']   = 'Administration Options';
-$_['Are_you_sure']    = 'Are you sure?';
-$_['View_Raw']        = 'View Raw'; //## NT ### as of 3.5.07
-$_['Open_View']       = 'Open/View in browser window';
-$_['Edit_View']       = 'Edit / View';
-$_['Wide_View']       = 'Wide View';
-$_['Normal_View']     = 'Normal View';
-$_['Word_Wrap']       = 'Word Wrap'; //## NT ## as of 3.5.19
-$_['Line_Wrap']       = 'Line Wrap'; //## NT ## as of 3.5.20
-$_['Upload_File']     = 'Upload File';
-$_['New_File']        = 'New File';
-$_['Ren_Move']        = 'Rename / Move';
-$_['Ren_Moved']       = 'Renamed / Moved';
-$_['folders_first']   = 'folders first'; //## NT ##
+$_['Log_In']             = 'Log In';
+$_['Log_Out']            = 'Log Out';
+$_['Admin_Options']      = 'Administration Options';
+$_['Are_you_sure']       = 'Are you sure?';
+$_['View_Raw']           = 'View Raw'; //## NT ### as of 3.5.07
+$_['Open_View']          = 'Open/View in browser window';
+$_['Edit_View']          = 'Edit / View';
+$_['Wide_View']          = 'Wide View';
+$_['Normal_View']        = 'Normal View';
+$_['Word_Wrap']          = 'Word Wrap'; //## NT ## as of 3.5.19
+$_['Line_Wrap']          = 'Line Wrap'; //## NT ## as of 3.5.20
+$_['Upload_File']        = 'Upload File';
+$_['New_File']           = 'New File';
+$_['Ren_Move']           = 'Rename / Move';
+$_['Ren_Moved']          = 'Renamed / Moved';
+$_['folders_first']      = 'folders first'; //## NT ##
 $_['folders_first_info'] = 'Sort folders first, but don\'t change primary sort.'; //## NT ##
-$_['New_Folder']      = 'New Folder';
-$_['Ren_Folder']      = 'Rename / Move Folder';
-$_['Submit']          = 'Submit Request';
-$_['Move_Files']      = 'Move File(s)';
-$_['Copy_Files']      = 'Copy File(s)';
-$_['Del_Files']       = 'Delete File(s)';
-$_['Selected_Files']  = 'Selected Folders and Files';
-$_['Select_All']      = 'Select All';
-$_['Clear_All']       = 'Clear All';
-$_['New_Location']    = 'New Location';
-$_['No_files']        = 'No files selected.';
-$_['Not_found']       = 'Not found';
+$_['New_Folder']         = 'New Folder';
+$_['Ren_Folder']         = 'Rename / Move Folder';
+$_['Submit']             = 'Submit Request';
+$_['Move_Files']         = 'Move File(s)';
+$_['Copy_Files']         = 'Copy File(s)';
+$_['Del_Files']          = 'Delete File(s)';
+$_['Selected_Files']     = 'Selected Folders and Files';
+$_['Select_All']         = 'Select All';
+$_['Clear_All']          = 'Clear All';
+$_['New_Location']       = 'New Location';
+$_['No_files']           = 'No files selected.';
+$_['Not_found']          = 'Not found';
+$_['Invalid_path']       = 'Invalid path';
+$_['must_be_decendant']  = '$DEFAULT_PATH must be a decendant of, or equal to, $ACCESS_ROOT'; //## NT ## as of 3.5.23
 
-$_['Invalid_path']      = 'Invalid path';
-$_['must_be_decendant'] = '$DEFAULT_PATH must be a decendant of, or equal to, $ACCESS_ROOT'; //## NT ## as of 3.5.23
 $_['verify_msg_01']     = 'Session expired.';
 $_['verify_msg_02']     = 'INVALID POST';
 $_['get_get_msg_01']    = 'File does not exist:';
@@ -114,9 +114,9 @@
 $_['ord_msg_01']        = 'A file with that name already exists in the target directory.';
 $_['ord_msg_02']        = 'Saving as';
 $_['rCopy_msg_01']      = 'A folder can not be copied into one of its own sub-folders.';
+$_['show_img_msg_01']   = 'Image shown at ~';
+$_['show_img_msg_02']   = '% of full size (W x H =';
 
-$_['show_img_msg_01'] = 'Image shown at ~';
-$_['show_img_msg_02'] = '% of full size (W x H =';
 $_['hash_txt_01']   = 'The hashes generated by this page may be used to manually update $HASHWORD in OneFileCMS, or in an external config file.  In either case, make sure you remember the password used to generate the hash!';
 $_['hash_txt_06']   = 'Type your desired password in the input field above and hit Enter.';
 $_['hash_txt_07']   = 'The hash will be displayed in a yellow message box above that.';
@@ -124,55 +124,53 @@
 $_['hash_txt_09']   = 'Make sure to copy ALL of, and ONLY, the hash (no leading or trailing spaces etc).';
 $_['hash_txt_10']   = 'A double-click should select it...';
 $_['hash_txt_12']   = 'When ready, logout and login.';
-
 $_['pass_to_hash']  = 'Password to hash:';
 $_['Generate_Hash'] = 'Generate Hash';
-$_['login_txt_01']  = 'Username:';
-$_['login_txt_02']  = 'Password:';
+
 $_['login_msg_01a'] = 'There have been';
 $_['login_msg_01b'] = 'invalid login attempts.';
 $_['login_msg_02a'] = 'Please wait';
-
 $_['login_msg_02b'] = 'seconds to try again.';
 $_['login_msg_03']  = 'INVALID LOGIN ATTEMPT #';
+
 $_['edit_note_00']  = 'NOTES:';
 $_['edit_note_01a'] = 'Remember- ';
 $_['edit_note_01b'] = 'is';
+$_['edit_note_02']  = 'So save changes before the clock runs out, or the changes will be lost!';
+$_['edit_note_03']  = 'With some browsers, such as Chrome, if you click the browser [Back] then browser [Forward], the file state may not be accurate. To correct, click the browser\'s [Reload].';
 
-$_['edit_note_02'] = 'So save changes before the clock runs out, or the changes will be lost!';
-$_['edit_note_03'] = 'With some browsers, such as Chrome, if you click the browser [Back] then browser [Forward], the file state may not be accurate. To correct, click the browser\'s [Reload].';
 $_['edit_h2_1']   = 'Viewing:';
 $_['edit_h2_2']   = 'Editing:';
 $_['edit_txt_00'] = 'Edit disabled.'; //## NT ## as of 3.5.07
 $_['edit_txt_01'] = 'Non-text or unkown file type. Edit disabled.';
 $_['edit_txt_02'] = 'File possibly contains an invalid character. Edit and view disabled.';
+$_['edit_txt_03'] = 'htmlspecialchars() returned an empty string from what may be an otherwise valid file.';
+$_['edit_txt_04'] = 'This behavior can be inconsistant from version to version of php.';
 
-$_['edit_txt_03']          = 'htmlspecialchars() returned an empty string from what may be an otherwise valid file.';
-$_['edit_txt_04']          = 'This behavior can be inconsistant from version to version of php.';
 $_['too_large_to_edit_01'] = 'Edit disabled. Filesize >';
 $_['too_large_to_edit_02'] = 'Some browsers (ie: IE) bog down or become unstable while editing a large file in an HTML <textarea>.';
 $_['too_large_to_edit_03'] = 'Adjust $MAX_EDIT_SIZE in the configuration section of OneFileCMS as needed.';
 $_['too_large_to_edit_04'] = 'A simple trial and error test can determine a practical limit for a given browser/computer.';
 $_['too_large_to_view_01'] = 'View disabled. Filesize >';
 $_['too_large_to_view_02'] = 'Click [View Raw] to view the raw/"plain text" file contents in a seperate browser window.'; //** NT ** changed wording as of 3.5.07
-
 $_['too_large_to_view_03'] = 'Adjust $MAX_VIEW_SIZE in the configuration section of OneFileCMS as needed.';
 $_['too_large_to_view_04'] = '(The default value for $MAX_VIEW_SIZE is completely arbitrary, and may be adjusted as desired.)';
 
 $_['meta_txt_01'] = 'Filesize:';
 $_['meta_txt_03'] = 'Updated:';
-$_['edit_msg_01'] = 'File saved:';
 
+$_['edit_msg_01'] = 'File saved:';
 $_['edit_msg_02'] = 'bytes written.';
 $_['edit_msg_03'] = 'There was an error saving file.';
+
 $_['upload_txt_03'] = 'Maximum size of each file:';
 $_['upload_txt_01'] = '(php.ini: upload_max_filesize)';
 $_['upload_txt_04'] = 'Maximum total upload size:';
 $_['upload_txt_02'] = '(php.ini: post_max_size)';
 $_['upload_txt_05'] = 'For uploaded files that already exist: ';
-
 $_['upload_txt_06'] = 'Rename (to filename.ext.001 etc...)';
 $_['upload_txt_07'] = 'Overwrite';
+
 $_['upload_err_01'] = 'Error 1: File too large. From php.ini:';
 $_['upload_err_02'] = 'Error 2: File too large. (Exceeds MAX_FILE_SIZE HTML form element)';
 $_['upload_err_03'] = 'Error 3: The uploaded file was only partially uploaded.';
@@ -184,28 +182,29 @@
 
 $_['upload_error_01a'] = 'Upload Error. Total POST data (mostly filesize) exceeded post_max_size =';
 $_['upload_error_01b'] = '(from php.ini)';
+
 $_['upload_msg_02'] = 'Destination folder invalid:';
 $_['upload_msg_03'] = 'Upload cancelled.';
 $_['upload_msg_04'] = 'Uploading:';
 $_['upload_msg_05'] = 'Upload successful!';
-
 $_['upload_msg_06'] = 'Upload failed:';
 $_['upload_msg_07'] = 'A pre-existing file was overwritten.';
+
 $_['new_file_txt_01'] = 'File or Folder will be created in the current folder.';
 $_['new_file_txt_02'] = 'Some invalid characters are:';
 $_['new_file_msg_01'] = 'File or folder not created:';
 $_['new_file_msg_02'] = 'Name contains an invalid character:';
 $_['new_file_msg_04'] = 'File or folder already exists:';
-
 $_['new_file_msg_05'] = 'Created file:';
 $_['new_file_msg_07'] = 'Created folder:';
+
 $_['CRM_txt_02'] = 'The new location must already exist.';
 $_['CRM_txt_04'] = 'New Name';
 $_['CRM_msg_01'] = 'Error - new parent location does not exist:';
 $_['CRM_msg_02'] = 'Error - source file does not exist:';
+$_['CRM_msg_03'] = 'Error - new file or folder already exists:';
+$_['CRM_msg_05'] = 'Error during';
 
-$_['CRM_msg_03']      = 'Error - new file or folder already exists:';
-$_['CRM_msg_05']      = 'Error during';
 $_['delete_msg_03']   = 'Delete error:';
 $_['session_warning'] = 'Warning: Session timeout soon!';
 $_['session_expired'] = 'SESSION EXPIRED';
@@ -214,20 +213,19 @@
 $_['OFCMS_requires']  = 'OneFileCMS requires PHP';
 $_['logout_msg']      = 'You have successfully logged out.';
 $_['edit_caution_01'] = 'CAUTION'; //##### No longer used as of 3.5.07
-
 $_['edit_caution_02'] = 'You are viewing the active copy of OneFileCMS.'; //## NT ## changed wording 3.5.07
-$_['time_out_txt'] = 'Session time out in:';
+$_['time_out_txt']    = 'Session time out in:';
+
 $_['error_reporting_01'] = 'Display errors is';
 $_['error_reporting_02'] = 'Log errors is';
 $_['error_reporting_03'] = 'Error reporting is set to';
 $_['error_reporting_04'] = 'Showing error types';
-
 $_['error_reporting_05'] = 'Unexpected early output';
 $_['error_reporting_06'] = '(nothing, not even white-space, should have been output yet)';
+
 $_['admin_txt_00'] = 'Old Backup Found';
 $_['admin_txt_01'] = 'A backup file was created in case of an error during a username or password change. Therefore, it may contain old information and should be deleted if not needed. In any case, it will be automatically overwritten on the next password or username change.';
 $_['admin_txt_02'] = 'General Information';
-
 $_['admin_txt_03'] = 'Session Path'; //## NT ## as of 3.5.23
 $_['admin_txt_04'] = 'Connected to'; //## NT ## as of 3.5.23
 $_['admin_txt_14'] = 'For a small improvement to security, change the default salt and/or method used by OneFileCMS to hash the password (and keep them secret, of course). Every little bit helps...';
@@ -236,33 +234,33 @@
 $_['pw_current'] = 'Current Password';
 $_['pw_change']  = 'Change Password';
 $_['pw_new']     = 'New Password';
-
 $_['pw_confirm'] = 'Confirm New Password';
-$_['un_change'] = 'Change Username';
-$_['un_new'] = 'New Username';
+
+$_['un_change']  = 'Change Username';
+$_['un_new']     = 'New Username';
 $_['un_confirm'] = 'Confirm New Username';
+
 $_['pw_txt_02'] = 'Password / Username rules:';
 $_['pw_txt_04'] = 'Case-sensitive: "A" =/= "a"';
 $_['pw_txt_06'] = 'Must contain at least one non-space character.';
-
 $_['pw_txt_08'] = 'May contain spaces in the middle. Ex: "This is a password or username!"';
 $_['pw_txt_10'] = 'Leading and trailing spaces are ignored.';
 $_['pw_txt_12'] = 'In recording the change, only one file is updated: either the active copy of OneFileCMS, or - if specified, an external configuration file.';
 $_['pw_txt_14'] = 'If an incorrect current password is entered, you will be logged out, but you may log back in.';
+
 $_['change_pw_01'] = 'Password changed!';
 $_['change_pw_02'] = 'Password NOT changed.';
 $_['change_pw_03'] = 'Incorrect current password. Login to try again.';
-
 $_['change_pw_04'] = '"New" and "Confirm New" values do not match.';
 $_['change_pw_05'] = 'Updating';
-
 $_['change_pw_06'] = 'external config file';
-
 $_['change_pw_07'] = 'All fields are required.';
+
 $_['change_un_01'] = 'Username changed!';
 $_['change_un_02'] = 'Username NOT changed.';
 
 $_['update_failed'] = 'Update failed - could not save file.';
-$_['mcd_msg_01'] = 'file(s) and/or folder(s) moved.'; //#####
-$_['mcd_msg_02'] = 'file(s) and/or folder(s) copied.'; //#####
-$_['mcd_msg_03'] = 'file(s) and/or folder(s) deleted.'; //#####
+
+$_['mcd_msg_01'] = 'file(s) and/or folder(s) moved.';
+$_['mcd_msg_02'] = 'file(s) and/or folder(s) copied.';
+$_['mcd_msg_03'] = 'file(s) and/or folder(s) deleted.';
diff --git a/languages/OneFileCMS.LANG.ES.php b/languages/OneFileCMS.LANG.ES.php
index 62210dc..49e2795 100755
--- a/languages/OneFileCMS.LANG.ES.php
+++ b/languages/OneFileCMS.LANG.ES.php
@@ -1,5 +1,5 @@
 <?php
-// OneFileCMS Language Settings v3.5.23
+// OneFileCMS Language Settings v3.6.02
 
 $_['LANGUAGE'] = 'Espanõla';
 $_['LANG'] = 'ES';
@@ -30,81 +30,81 @@
 $_['HTML']    = 'HTML';
 $_['WYSIWYG'] = 'WYSIWYG'; //## NT ##
 
-$_['Admin']    = 'Administrador';
-$_['bytes']    = 'bytes';   //## NT ##
-$_['Cancel']   = 'Cancelar';
-$_['cancelled'] = 'cancelado';
-$_['Close']    = 'Cerrar';
-$_['Copy']     = 'Copiar';
-$_['Copied']   = 'Copiado';
-$_['Create']   = 'Crear';
-$_['Date']     = 'Fecha';
-$_['Delete']   = 'Eliminar';
-$_['DELETE']   = 'ELIMINAR';
-$_['Deleted']  = 'Eliminado';
-$_['Edit']     = 'Editar';
-$_['Enter']    = 'Entrar';
-$_['Error']    = 'Error';   //## NT ##
-$_['errors']   = 'errores';
-$_['ext']      = 'ext';
-$_['File']     = 'Archivo';
-$_['files']    = 'archivos';
-$_['Folder']   = 'Carpeta';
-$_['folders']  = 'carpetas';
-$_['From']     = 'de';
-$_['Hash']     = 'Cadena';
-$_['Invalid']  = 'Invalid'; //## NT ##
-$_['Move']     = 'Mover';
-$_['Moved']    = 'Movido';
-$_['Name']     = 'Nombre ';
-$_['on']       = 'activado';
-$_['off']      = 'apagar';
-$_['Password'] = 'contraseña';
-$_['Rename']   = 'Renombrar';
-$_['reset']    = 'Reiniciar';
-$_['save_1']   = 'Guardar';
-$_['save_2']   = '¡GUARDAR CAMBIOS';
-$_['Size']     = 'Tamaño';
-$_['Source']   = 'Source';  //## NT ##
+$_['Admin']      = 'Administrador';
+$_['bytes']      = 'bytes';   //## NT ##
+$_['Cancel']     = 'Cancelar';
+$_['cancelled']  = 'cancelado';
+$_['Close']      = 'Cerrar';
+$_['Copy']       = 'Copiar';
+$_['Copied']     = 'Copiado';
+$_['Create']     = 'Crear';
+$_['Date']       = 'Fecha';
+$_['Delete']     = 'Eliminar';
+$_['DELETE']     = 'ELIMINAR';
+$_['Deleted']    = 'Eliminado';
+$_['Edit']       = 'Editar';
+$_['Enter']      = 'Entrar';
+$_['Error']      = 'Error';   //## NT ##
+$_['errors']     = 'errores';
+$_['ext']        = 'ext';
+$_['File']       = 'Archivo';
+$_['files']      = 'archivos';
+$_['Folder']     = 'Carpeta';
+$_['folders']    = 'carpetas';
+$_['From']       = 'de';
+$_['Hash']       = 'Cadena';
+$_['Invalid']    = 'Invalid'; //## NT ##
+$_['Move']       = 'Mover';
+$_['Moved']      = 'Movido';
+$_['Name']       = 'Nombre ';
+$_['on']         = 'activado';
+$_['off']        = 'apagar';
+$_['Password']   = 'contraseña';
+$_['Rename']     = 'Renombrar';
+$_['reset']      = 'Reiniciar';
+$_['save_1']     = 'Guardar';
+$_['save_2']     = '¡GUARDAR CAMBIOS';
+$_['Size']       = 'Tamaño';
+$_['Source']     = 'Source';  //## NT ##
 $_['successful'] = 'satisfactoriamente';
-$_['To']       = 'Hacia';
-$_['Upload']   = 'Subir';
-$_['Username'] = 'Usuario';
+$_['To']         = 'Hacia';
+$_['Upload']     = 'Subir';
+$_['Username']   = 'Usuario';
+$_['View']       = 'Ver';
+$_['Working']    = 'Working - please wait...'; //## NT ##
 
-$_['View']            = 'Ver';
-$_['Working']         = 'Working - please wait...'; //## NT ##
-$_['Log_In']          = 'Iniciar Sesión';
-$_['Log_Out']         = 'Cerrar Sesión';
-$_['Admin_Options']   = 'Opciones de Administración';
-$_['Are_you_sure']    = '¿Estás seguro?';
-$_['View_Raw']        = 'View Raw'; //## NT ##
-$_['Open_View']       = 'Abrir/Ver en una ventana del navegador';
-$_['Edit_View']       = 'Editar / Ver Archivo';
-$_['Wide_View']       = 'Vista Ampliada';
-$_['Normal_View']     = 'Vista Normal';
-$_['Word_Wrap']       = 'Word Wrap'; //## NT ##
-$_['Line_Wrap']       = 'Line Wrap'; //## NT ##
-$_['Upload_File']     = 'Subir Archivo';
-$_['New_File']        = 'Archivo Nuevo';
-$_['Ren_Move']        = 'Renombrar / Mover';
-$_['Ren_Moved']       = 'Renombrado / Movido';
-$_['folders_first']   = 'folders first'; //## NT ##
+$_['Log_In']             = 'Iniciar Sesión';
+$_['Log_Out']            = 'Cerrar Sesión';
+$_['Admin_Options']      = 'Opciones de Administración';
+$_['Are_you_sure']       = '¿Estás seguro?';
+$_['View_Raw']           = 'View Raw'; //## NT ##
+$_['Open_View']          = 'Abrir/Ver en una ventana del navegador';
+$_['Edit_View']          = 'Editar / Ver Archivo';
+$_['Wide_View']          = 'Vista Ampliada';
+$_['Normal_View']        = 'Vista Normal';
+$_['Word_Wrap']          = 'Word Wrap'; //## NT ##
+$_['Line_Wrap']          = 'Line Wrap'; //## NT ##
+$_['Upload_File']        = 'Subir Archivo';
+$_['New_File']           = 'Archivo Nuevo';
+$_['Ren_Move']           = 'Renombrar / Mover';
+$_['Ren_Moved']          = 'Renombrado / Movido';
+$_['folders_first']      = 'folders first'; //## NT ##
 $_['folders_first_info'] = 'Sort folders first, but don\'t change primary sort.'; //## NT ##
-$_['New_Folder']      = 'Carpeta Nueva';
-$_['Ren_Folder']      = 'Renombrar / Mover Carpeta';
-$_['Submit']          = 'Cargar';
-$_['Move_Files']      = 'Mover archivo(s)';
-$_['Copy_Files']      = 'Copiar archivo(s)';
-$_['Del_Files']       = 'Eliminar Archivo(s)';
-$_['Selected_Files']  = 'Seleccionar Archivos';
-$_['Select_All']      = 'Seleccionar Todos';
-$_['Clear_All']       = 'Limpiar Todos';
-$_['New_Location']    = 'Nueva Posición';
-$_['No_files']        = 'No se seleccionó ningún archivo.';
-$_['Not_found']       = 'No encontrado';
+$_['New_Folder']         = 'Carpeta Nueva';
+$_['Ren_Folder']         = 'Renombrar / Mover Carpeta';
+$_['Submit']             = 'Cargar';
+$_['Move_Files']         = 'Mover archivo(s)';
+$_['Copy_Files']         = 'Copiar archivo(s)';
+$_['Del_Files']          = 'Eliminar Archivo(s)';
+$_['Selected_Files']     = 'Seleccionar Archivos';
+$_['Select_All']         = 'Seleccionar Todos';
+$_['Clear_All']          = 'Limpiar Todos';
+$_['New_Location']       = 'Nueva Posición';
+$_['No_files']           = 'No se seleccionó ningún archivo.';
+$_['Not_found']          = 'No encontrado';
+$_['Invalid_path']       = 'Invalid path'; //## NT ##
+$_['must_be_decendant']  = '$DEFAULT_PATH must be a decendant of, or equal to, $ACCESS_ROOT'; //## NT ##
 
-$_['Invalid_path']      = 'Invalid path'; //## NT ##
-$_['must_be_decendant'] = '$DEFAULT_PATH must be a decendant of, or equal to, $ACCESS_ROOT'; //## NT ##
 $_['verify_msg_01']     = 'Sesión expirada.';
 $_['verify_msg_02']     = 'POST INVÁLIDO';
 $_['get_get_msg_01']    = 'El archivo no existe:';
@@ -114,9 +114,9 @@
 $_['ord_msg_01']        = 'Un archivo con ese mismo nombre ya existe en el directorio asignado.';
 $_['ord_msg_02']        = 'Guardando como';
 $_['rCopy_msg_01']      = 'Una carpeta no se puede copiar en uno de sus propios sub-carpetas.';
+$_['show_img_msg_01']   = 'Imagen mostrada a ~';
+$_['show_img_msg_02']   = '% del tamaño (Ancho x Alto =';
 
-$_['show_img_msg_01'] = 'Imagen mostrada a ~';
-$_['show_img_msg_02'] = '% del tamaño (Ancho x Alto =';
 $_['hash_txt_01']   = 'Las cadenas generadas por esta página pueden ser usadas para cambiar de forma manual la variable $HASHWORD en OneFileCMS, o en un archivo de configuración externo. De cualquier forma, ¡asegúrese de recordar la contraseña que usó para generar el hash (cadena)!';
 $_['hash_txt_06']   = 'Ingresá la contraseña que quieras en la caja de texto siguiente y presioná enter.';
 $_['hash_txt_07']   = 'La cadena se mostrará en un mensaje amarillo.';
@@ -124,55 +124,53 @@
 $_['hash_txt_09']   = 'Asegurate de copiar TODO y SÓLO la cadena (sin dejar espacios en blanco o demás).';
 $_['hash_txt_10']   = 'Haciendo doble click debería seleccionarlo...';
 $_['hash_txt_12']   = 'Cuando estés listo, deslogueate y volvé a loguearte.';
-
 $_['pass_to_hash']  = 'Contraseña del Hash:';
 $_['Generate_Hash'] = 'Generar Hash';
-$_['login_txt_01']  = 'Usuario:';
-$_['login_txt_02']  = 'Contraseña:';
+
 $_['login_msg_01a'] = 'Hubo ';
 $_['login_msg_01b'] = 'intentos fallidos.';
 $_['login_msg_02a'] = 'Por favor espere ';
-
 $_['login_msg_02b'] = 'segundos para volver a intentar.';
 $_['login_msg_03']  = 'INTENTO DE INICIO INVÁLIDO NÚMERO #';
+
 $_['edit_note_00']  = 'NOTAS:';
 $_['edit_note_01a'] = 'Recuérdalo- tu';
 $_['edit_note_01b'] = 'es';
+$_['edit_note_02']  = 'Entonces guardá antes que se acabe el tiempo, ¡o vas a perer los cambios!';
+$_['edit_note_03']  = 'Con algunos navegadores, como Chrome, si clickeás el botón del navegador [Volver] y después [Continuar], puede que el estado del archivo no sea exacto. Para corregirlo, clickeá en el botón [Recargar].';
 
-$_['edit_note_02'] = 'Entonces guardá antes que se acabe el tiempo, ¡o vas a perer los cambios!';
-$_['edit_note_03'] = 'Con algunos navegadores, como Chrome, si clickeás el botón del navegador [Volver] y después [Continuar], puede que el estado del archivo no sea exacto. Para corregirlo, clickeá en el botón [Recargar].';
 $_['edit_h2_1']   = 'Viendo:';
 $_['edit_h2_2']   = 'Editando:';
 $_['edit_txt_00'] = 'Edit disabled.'; //## NT ##
 $_['edit_txt_01'] = 'No texto o tipo de archivo desconocido. Edición deshabilitada.';
 $_['edit_txt_02'] = 'El archivo posiblemente contiene un caracter desconocido. Edición deshabilitada.';
+$_['edit_txt_03'] = 'htmlspecialchars() devolvió una cadena vacía de lo que debería ser un archivo válido.';
+$_['edit_txt_04'] = 'Este comportamiento puede ser inconsistente de versión a versión de PHP.';
 
-$_['edit_txt_03']          = 'htmlspecialchars() devolvió una cadena vacía de lo que debería ser un archivo válido.';
-$_['edit_txt_04']          = 'Este comportamiento puede ser inconsistente de versión a versión de PHP.';
 $_['too_large_to_edit_01'] = 'Edición deshabilita. Tamaño >';
 $_['too_large_to_edit_02'] = 'Algunos navegadores (por ej.: IE) se vuelven inestables cuando se edita un texto largo dentro de un <textarea>.';
 $_['too_large_to_edit_03'] = 'Ajustá la variable $MAX_EDIT_SIZE en la sección de configuración de OneFileCMS como sea necesario.';
 $_['too_large_to_edit_04'] = 'Una simple prueba puede dar con el resultado necesario.';
 $_['too_large_to_view_01'] = 'Vista deshabilitada. Tamaño >';
 $_['too_large_to_view_02'] = 'Clickeá en el botón de debajo para verlo como se ve normalmente en un navegador.';
-
 $_['too_large_to_view_03'] = 'Ajustá $MAX_VIEW_SIZE en la sección de configuración de OneFileCMS como sea necesario.';
 $_['too_large_to_view_04'] = '(El valor por defecto para $MAX_VIEW_SIZE es completamente arbitrario, y puede ser ajustado como sea necesario.)';
 
 $_['meta_txt_01'] = 'Tamaño:';
 $_['meta_txt_03'] = 'Actualizado:';
-$_['edit_msg_01'] = 'Archivo Guardado:';
 
+$_['edit_msg_01'] = 'Archivo Guardado:';
 $_['edit_msg_02'] = 'bytes escritos.';
 $_['edit_msg_03'] = 'Ocurrió un error guardando el archivo.';
+
 $_['upload_txt_03'] = 'Nota: El tamaño máximo de subida es de:';
 $_['upload_txt_01'] = '(php.ini: upload_max_filesize)'; //## NT ##
 $_['upload_txt_04'] = 'Tamaño total de la subida:';
 $_['upload_txt_02'] = '(php.ini: post_max_size)'; //## NT ##
 $_['upload_txt_05'] = 'Para los archivos subidos que ya existen: ';
-
 $_['upload_txt_06'] = 'Renombrar (hacia filename.ext.001 etc...)';
 $_['upload_txt_07'] = 'Sobreescribir';
+
 $_['upload_err_01'] = 'Error 1: Archivo demasiado pesado. Desde php.ini:';
 $_['upload_err_02'] = 'Error 2: Archivo muy grande. (MAX_FILE_SIZE HTML form element)';
 $_['upload_err_03'] = 'Error 3: El archivo se subió sólo parcialmente.';
@@ -184,28 +182,29 @@
 
 $_['upload_error_01a'] = 'Eror de subida.  Total de datos POST (mayormente el peso del archivo) excedido post_max_size =';
 $_['upload_error_01b'] = '(desde php.ini)';
+
 $_['upload_msg_02'] = 'La carpeta de destino no existe: ';
 $_['upload_msg_03'] = 'Subida cancelada.';
 $_['upload_msg_04'] = 'Subiendo:';
 $_['upload_msg_05'] = '¡Subida satisfactoria!';
-
 $_['upload_msg_06'] = 'Subida fallida: ';
 $_['upload_msg_07'] = 'Un archivo existente se sobrescribe.';
+
 $_['new_file_txt_01'] = 'Se creará un archivo nuevo en la carpeta actual.';
 $_['new_file_txt_02'] = 'Algunos caracteres inválidos son: ';
 $_['new_file_msg_01'] = 'Archivo nuevo no creado:';
 $_['new_file_msg_02'] = 'El nombre contiene caracteres inválidos:';
 $_['new_file_msg_04'] = 'El archivo ya existe:';
-
 $_['new_file_msg_05'] = 'Archivo creado:';
 $_['new_file_msg_07'] = 'Carpeta creado:';
+
 $_['CRM_txt_02'] = 'La nueva localización debe existir.';
 $_['CRM_txt_04'] = 'Nuevo Nombre';
 $_['CRM_msg_01'] = 'Error - la localización padre no existe:';
 $_['CRM_msg_02'] = 'Error - el archivo inicial no existe:';
+$_['CRM_msg_03'] = 'Error - el archivo de objetivo no existe:';
+$_['CRM_msg_05'] = 'Error en';
 
-$_['CRM_msg_03']      = 'Error - el archivo de objetivo no existe:';
-$_['CRM_msg_05']      = 'Error en';
 $_['delete_msg_03']   = 'Error eliminando';
 $_['session_warning'] = 'Advertencia: ¡La sesión terminará pronto!';
 $_['session_expired'] = 'SESIÓN TERMINADA';
@@ -214,20 +213,19 @@
 $_['OFCMS_requires']  = 'OneFileCMS necesita PHP';
 $_['logout_msg']      = 'Has cerrado la sesión satisfactoriamente.';
 $_['edit_caution_01'] = 'PRECAUCIÓN';
-
 $_['edit_caution_02'] = 'Estás editando la copia activa de OneFileCMS - ¡HACÉ UNA COPIA DE SEGURIDAD Y TENÉ CUIDADO!';
-$_['time_out_txt'] = 'Tiempo de Espera de Sesión Agotado:';
+$_['time_out_txt']    = 'Tiempo de Espera de Sesión Agotado:';
+
 $_['error_reporting_01'] = 'Display errors is'; //## NT ##
 $_['error_reporting_02'] = 'Log errors is'; //## NT ##
 $_['error_reporting_03'] = 'Error reporting is set to'; //## NT ##
 $_['error_reporting_04'] = 'Showing error types'; //## NT ##
-
 $_['error_reporting_05'] = 'Unexpected early output'; //## NT ##
 $_['error_reporting_06'] = '(nothing, not even white-space, should have been output yet)'; //## NT ##
+
 $_['admin_txt_00'] = 'Backup Antiguo Encontrado.';
 $_['admin_txt_01'] = 'Este archivo fue creado en caso de error en caso de cambio fallido de usuario y contraseña. Por ello, puede contener información vieja y debería ser eliminado si no es necesario. De cualquier forma, se sobreescribirá automáticamente en el siguiente cambio de contraseña o usuario.';
 $_['admin_txt_02'] = 'Información General';
-
 $_['admin_txt_03'] = 'Session Path'; //## NT ##
 $_['admin_txt_04'] = 'Current Session File (changes every page load)';
 $_['admin_txt_14'] = 'Para otro tip de seguridad, cambiá la llave de seguridad y/o el método usado por OneFileCMS para almacenar la clave (y mantenelo en secreto, obviamente).  Acordate, cada granito ayuda...';
@@ -236,33 +234,34 @@
 $_['pw_current'] = 'Contraseña actual';
 $_['pw_change']  = 'Cambiar Contraseña';
 $_['pw_new']     = 'Nueva contraseña';
-
 $_['pw_confirm'] = 'Confirmar Contraseña Nueva';
-$_['un_change'] = 'Cambiar Nombre de Usuario';
-$_['un_new'] = 'Nuevo Usuario';
+
+$_['un_change']  = 'Cambiar Nombre de Usuario';
+$_['un_new']     = 'Nuevo Usuario';
 $_['un_confirm'] = 'Confirmar Nuevo Nombre de Usuario';
+
 $_['pw_txt_02'] = 'Reglas de Usuario / Contraseña:';
 $_['pw_txt_04'] = '¡Se hace diferencia entre mayúsculas y minúsculas!  "A" =/= "a"';
 $_['pw_txt_06'] = 'deben tener al menos un caracter.';
-
 $_['pw_txt_08'] = 'Deben tener espacios en el medio. Por ejemplo: "¡Esta es una contraseña o usuario!"';
 $_['pw_txt_10'] = 'Los espacios al inicio o al final serán eliminados.';
 $_['pw_txt_12'] = 'Para guardar el cambio, sólo un archivo es actualizado: la copia activa de OneFileCMS, o, si fue especificado, un archivo de configuración externa.';
 $_['pw_txt_14'] = 'Si se ingresa la contraseña actual de forma incorrecta, serás deslogueado y tendrás que volver a loguearte.';
+
 $_['change_pw_01'] = '¡Contraseña Cambiada!';
 $_['change_pw_02'] = 'Contraseña NO cambiada.';
 $_['change_pw_03'] = 'Contraseña anterior inválida. Logueate e intenta de nuevo.';
-
 $_['change_pw_04'] = 'La contraseña y su confirmación no coinciden.';
 $_['change_pw_05'] = 'Actualizando';
-
 $_['change_pw_06'] = 'archivo de configuración externa';
-
 $_['change_pw_07'] = 'All fields are required.'; //## NT ##
+
 $_['change_un_01'] = '¡Nombre de Usuario Actualizado!';
 $_['change_un_02'] = 'Nombre de Usuario NO Actualizado.';
 
 $_['update_failed'] = 'Actualización fallida. No se pudo guardar el archivo.';
+
 $_['mcd_msg_01'] = 'archivos movidos satisfactoriamente.';
 $_['mcd_msg_02'] = 'archivos copiados satisfactoriamente.';
 $_['mcd_msg_03'] = 'archivos eliminados satisfactoriamente.';
+
diff --git a/languages/OneFileCMS.LANG.NL.php b/languages/OneFileCMS.LANG.NL.php
index 45503c7..3aead95 100755
--- a/languages/OneFileCMS.LANG.NL.php
+++ b/languages/OneFileCMS.LANG.NL.php
@@ -1,5 +1,5 @@
 <?php
-// OneFileCMS Language Settings v3.5.23
+// OneFileCMS Language Settings v3.6.02
 
 $_['LANGUAGE'] = 'Nederlands (Dutch)';
 $_['LANG'] = 'NL';
@@ -30,81 +30,81 @@
 $_['HTML']    = 'HTML';
 $_['WYSIWYG'] = 'WYSIWYG'; //## NT ##
 
-$_['Admin']    = 'Beheer';
-$_['bytes']    = 'bytes';   //## NT ##
-$_['Cancel']   = 'Annuleren';
-$_['cancelled'] = 'geannuleerd';
-$_['Close']    = 'Sluiten';
-$_['Copy']     = 'Kopiëren';
-$_['Copied']   = 'Gekopiëerd';
-$_['Create']   = 'Aanmaken';
-$_['Date']     = 'Datum';
-$_['Delete']   = 'Verwijderen';
-$_['DELETE']   = 'VERWIJDER';
-$_['Deleted']  = 'Verwijderd';
-$_['Edit']     = 'Bewerken';
-$_['Enter']    = 'Enter';   //## NT ##
-$_['Error']    = 'Fout';
-$_['errors']   = 'fouten';
-$_['ext']      = 'ext';
-$_['File']     = 'Bestand';
-$_['files']    = 'bestanden';
-$_['Folder']   = 'Map';
-$_['folders']  = 'mappen';
-$_['From']     = 'Van';
-$_['Hash']     = 'Hash';    //## NT ##
-$_['Invalid']  = 'Invalid'; //## NT ##
-$_['Move']     = 'Verplaats';
-$_['Moved']    = 'Verplaatst';
-$_['Name']     = 'Naam';
-$_['on']       = 'aan';
-$_['off']      = 'uit';
-$_['Password'] = 'Wachtwoord';
-$_['Rename']   = 'Hernoemen';
-$_['reset']    = 'Reset';   //## NT ##
-$_['save_1']   = 'Opslaan';
-$_['save_2']   = 'WIJZIGINGEN OPSLAAN';
-$_['Size']     = 'Grootte';
-$_['Source']   = 'Source';  //## NT ##
+$_['Admin']      = 'Beheer';
+$_['bytes']      = 'bytes';   //## NT ##
+$_['Cancel']     = 'Annuleren';
+$_['cancelled']  = 'geannuleerd';
+$_['Close']      = 'Sluiten';
+$_['Copy']       = 'Kopiëren';
+$_['Copied']     = 'Gekopiëerd';
+$_['Create']     = 'Aanmaken';
+$_['Date']       = 'Datum';
+$_['Delete']     = 'Verwijderen';
+$_['DELETE']     = 'VERWIJDER';
+$_['Deleted']    = 'Verwijderd';
+$_['Edit']       = 'Bewerken';
+$_['Enter']      = 'Enter';   //## NT ##
+$_['Error']      = 'Fout';
+$_['errors']     = 'fouten';
+$_['ext']        = 'ext';
+$_['File']       = 'Bestand';
+$_['files']      = 'bestanden';
+$_['Folder']     = 'Map';
+$_['folders']    = 'mappen';
+$_['From']       = 'Van';
+$_['Hash']       = 'Hash';    //## NT ##
+$_['Invalid']    = 'Invalid'; //## NT ##
+$_['Move']       = 'Verplaats';
+$_['Moved']      = 'Verplaatst';
+$_['Name']       = 'Naam';
+$_['on']         = 'aan';
+$_['off']        = 'uit';
+$_['Password']   = 'Wachtwoord';
+$_['Rename']     = 'Hernoemen';
+$_['reset']      = 'Reset';   //## NT ##
+$_['save_1']     = 'Opslaan';
+$_['save_2']     = 'WIJZIGINGEN OPSLAAN';
+$_['Size']       = 'Grootte';
+$_['Source']     = 'Source';  //## NT ##
 $_['successful'] = 'succesvol';
-$_['To']       = 'Aan';
-$_['Upload']   = 'Upload';  //## NT ##
-$_['Username'] = 'Gebruikersnaam';
+$_['To']         = 'Aan';
+$_['Upload']     = 'Upload';  //## NT ##
+$_['Username']   = 'Gebruikersnaam';
+$_['View']       = 'Uitzicht';
+$_['Working']    = 'Working - please wait...'; //## NT ##
 
-$_['View']            = 'Uitzicht';
-$_['Working']         = 'Working - please wait...'; //## NT ##
-$_['Log_In']          = 'Inloggen';
-$_['Log_Out']         = 'Uitloggen';
-$_['Admin_Options']   = 'Opties voor beheer';
-$_['Are_you_sure']    = 'Weet u het zeker?';
-$_['View_Raw']        = 'View Raw'; //## NT ##
-$_['Open_View']       = 'Openen/Bekijken in browser venster';
-$_['Edit_View']       = 'Bewerken / weergeven';
-$_['Wide_View']       = 'Wijd Gezichtsveld';
-$_['Normal_View']     = 'Normaal Gezichtsveld';
-$_['Word_Wrap']       = 'Word Wrap'; //## NT ##
-$_['Line_Wrap']       = 'Line Wrap'; //## NT ##
-$_['Upload_File']     = 'Bestand Uploaden';
-$_['New_File']        = 'Nieuw Bestand';
-$_['Ren_Move']        = 'Hernoemen / Verplaatsen';
-$_['Ren_Moved']       = 'Hernoemend / Verplaatst';
-$_['folders_first']   = 'folders first'; //## NT ##
+$_['Log_In']             = 'Inloggen';
+$_['Log_Out']            = 'Uitloggen';
+$_['Admin_Options']      = 'Opties voor beheer';
+$_['Are_you_sure']       = 'Weet u het zeker?';
+$_['View_Raw']           = 'View Raw'; //## NT ##
+$_['Open_View']          = 'Openen/Bekijken in browser venster';
+$_['Edit_View']          = 'Bewerken / weergeven';
+$_['Wide_View']          = 'Wijd Gezichtsveld';
+$_['Normal_View']        = 'Normaal Gezichtsveld';
+$_['Word_Wrap']          = 'Word Wrap'; //## NT ##
+$_['Line_Wrap']          = 'Line Wrap'; //## NT ##
+$_['Upload_File']        = 'Bestand Uploaden';
+$_['New_File']           = 'Nieuw Bestand';
+$_['Ren_Move']           = 'Hernoemen / Verplaatsen';
+$_['Ren_Moved']          = 'Hernoemend / Verplaatst';
+$_['folders_first']      = 'folders first'; //## NT ##
 $_['folders_first_info'] = 'Sort folders first, but don\'t change primary sort.'; //## NT ##
-$_['New_Folder']      = 'Nieuwe Map';
-$_['Ren_Folder']      = 'Hernoem / Verplaats Map';
-$_['Submit']          = 'Verzoek Indienen';
-$_['Move_Files']      = 'Verplaats Bestand(en)';
-$_['Copy_Files']      = 'Kopieër Bestand(en)';
-$_['Del_Files']       = 'Verwijder Bestand(en)';
-$_['Selected_Files']  = 'Geselecteerde Mappen en Bestanden';
-$_['Select_All']      = 'Selecteer Alles';
-$_['Clear_All']       = 'Verwijder Alles';
-$_['New_Location']    = 'Nieuwe Locatie';
-$_['No_files']        = 'Geen bestanden geselecteerd.';
-$_['Not_found']       = 'Niet gevonden';
+$_['New_Folder']         = 'Nieuwe Map';
+$_['Ren_Folder']         = 'Hernoem / Verplaats Map';
+$_['Submit']             = 'Verzoek Indienen';
+$_['Move_Files']         = 'Verplaats Bestand(en)';
+$_['Copy_Files']         = 'Kopieër Bestand(en)';
+$_['Del_Files']          = 'Verwijder Bestand(en)';
+$_['Selected_Files']     = 'Geselecteerde Mappen en Bestanden';
+$_['Select_All']         = 'Selecteer Alles';
+$_['Clear_All']          = 'Verwijder Alles';
+$_['New_Location']       = 'Nieuwe Locatie';
+$_['No_files']           = 'Geen bestanden geselecteerd.';
+$_['Not_found']          = 'Niet gevonden';
+$_['Invalid_path']       = 'Invalid path'; //## NT ##
+$_['must_be_decendant']  = '$DEFAULT_PATH must be a decendant of, or equal to, $ACCESS_ROOT'; //## NT ##
 
-$_['Invalid_path']      = 'Invalid path'; //## NT ##
-$_['must_be_decendant'] = '$DEFAULT_PATH must be a decendant of, or equal to, $ACCESS_ROOT'; //## NT ##
 $_['verify_msg_01']     = 'Sessie verlopen.';
 $_['verify_msg_02']     = 'ONGELDIGE POST';
 $_['get_get_msg_01']    = 'Bestand bestaat niet:';
@@ -114,9 +114,9 @@
 $_['ord_msg_01']        = 'Een bestand met die naam bestaat reeds in de doelmap.';
 $_['ord_msg_02']        = 'Opslaan als';
 $_['rCopy_msg_01']      = 'Een map kan niet naar de eigen submap gekopiëerd worden.';
+$_['show_img_msg_01']   = 'Afbeelding weergegeven bij ~';
+$_['show_img_msg_02']   = '% van volledige grootte (W x H =';
 
-$_['show_img_msg_01'] = 'Afbeelding weergegeven bij ~';
-$_['show_img_msg_02'] = '% van volledige grootte (W x H =';
 $_['hash_txt_01']   = 'De hashes gegenereerd door deze pagina kunnen gebruikt worden om handmatig het $HASHWORD in OneFileCMS, of in een extern configuratiebestand, bijgewerkt te worden. Hoe dan ook: draag er zorg voor dat u het wachtwoord gebruikt om de hash te genereren onthoudt!';
 $_['hash_txt_06']   = 'Typ uw gewenste wachtwoord in het invoerveld hierboven en druk op Enter.';
 $_['hash_txt_07']   = 'De hash wordt weergegeven in een geel berichtenvenster erboven.';
@@ -124,55 +124,53 @@
 $_['hash_txt_09']   = 'Zorg ervoor dat u alles, en alleen, de hash correct (geen voor- naloop spaties enz.) kopiëert!';
 $_['hash_txt_10']   = 'Een dubbele klik op de linker muisknop zou het moeten selecteren...';
 $_['hash_txt_12']   = 'Wanneer gereed: log opnieuw in en uit.';
-
 $_['pass_to_hash']  = 'Wachtwoord verwarren:';
 $_['Generate_Hash'] = 'Genereer Verward Wachtwoord (Hash)';
-$_['login_txt_01']  = 'Gebruikersnaam:';
-$_['login_txt_02']  = 'Wachtwoord:';
+
 $_['login_msg_01a'] = 'Er zijn diverse';
 $_['login_msg_01b'] = 'ongeldige inlog pogingen.';
 $_['login_msg_02a'] = 'Aub wachten';
-
 $_['login_msg_02b'] = 'seconden tot nieuwe poging.';
 $_['login_msg_03']  = 'ONJUISTE INLOG POGING #';
+
 $_['edit_note_00']  = 'NOTITIES:';
 $_['edit_note_01a'] = 'Onthoudt- uw';
 $_['edit_note_01b'] = 'is'; //## NT ##
+$_['edit_note_02']  = 'Dus sla uw wijzigingen op voordat de klok afloopt of ze zullen verloren gaan!';
+$_['edit_note_03']  = 'Bij sommige browers, zoals Chrome, komt het voor als u op de [Terug] knop klikt, en daarna [Voorwaarts], dat de toestand van uw instellingen incorrect zijn. Om te corrigeren, klik op de knop [Vernieuwen].';
 
-$_['edit_note_02'] = 'Dus sla uw wijzigingen op voordat de klok afloopt of ze zullen verloren gaan!';
-$_['edit_note_03'] = 'Bij sommige browers, zoals Chrome, komt het voor als u op de [Terug] knop klikt, en daarna [Voorwaarts], dat de toestand van uw instellingen incorrect zijn. Om te corrigeren, klik op de knop [Vernieuwen].';
 $_['edit_h2_1']   = 'Weergeven:';
 $_['edit_h2_2']   = 'Bewerken:';
 $_['edit_txt_00'] = 'Edit disabled.'; //## NT ##
 $_['edit_txt_01'] = 'Non-tekst of onbekend bestandstype. Bewerken uitgeschakeld.';
 $_['edit_txt_02'] = 'Bestand bevat mogelijk een ongeldig teken. Bewerken en weergeven uitgeschakeld.';
+$_['edit_txt_03'] = 'htmlspecialchars() heeft een lege string teruggegeven van wat normaalgesproken een valide bestand is.';
+$_['edit_txt_04'] = 'Dit gedrag kan per versie van PHP verschillen.';
 
-$_['edit_txt_03']          = 'htmlspecialchars() heeft een lege string teruggegeven van wat normaalgesproken een valide bestand is.';
-$_['edit_txt_04']          = 'Dit gedrag kan per versie van PHP verschillen.';
 $_['too_large_to_edit_01'] = 'Bewerken uitgeschakeld. Bestandsgrootte >';
 $_['too_large_to_edit_02'] = 'Sommige browsers (bijv. Internet Explorer) lopen vast of worden onstabiel bij het bewerken van een groot bestand in een <textarea>.';
 $_['too_large_to_edit_03'] = 'Bewerk $MAX_EDIT_SIZE in de configuratiesectie van OneFileCMS wanneer nodig.';
 $_['too_large_to_edit_04'] = 'Een eenvoudige proef en ondervind test kan de praktische limieten van uw browser / computer aantonen.';
 $_['too_large_to_view_01'] = 'Weergave uitgeschakeld. Bestandsgrootte >';
 $_['too_large_to_view_02'] = 'Klik de bestandsnaam boven de weergave om te zien hoe deze normaal in een browservenster wordt weergegeven.';
-
 $_['too_large_to_view_03'] = 'Bewerk $MAX_VIEW_SIZE in de configuratiesectie van OneFileCMS wanneer nodig.';
 $_['too_large_to_view_04'] = '(De standaardwaarde voor $MAX_VIEW_SIZE is volledig willekeurig en mag, indien gewenst, naar eigen inzicht aangepast worden.)';
 
 $_['meta_txt_01'] = 'Bestandsgrootte:';
 $_['meta_txt_03'] = 'Bijgewerkt:';
-$_['edit_msg_01'] = 'Bestand opgeslagen:';
 
+$_['edit_msg_01'] = 'Bestand opgeslagen:';
 $_['edit_msg_02'] = 'bytes geschreven.';
 $_['edit_msg_03'] = 'Er was een fout bij het opslaan van bestand:';
+
 $_['upload_txt_03'] = 'Maximum grootte van ieder bestand:';
 $_['upload_txt_01'] = '(php.ini: upload_max_filesize)'; //## NT ##
 $_['upload_txt_04'] = 'Maximum totaal upload grootte:';
 $_['upload_txt_02'] = '(php.ini: post_max_size)'; //## NT ##
 $_['upload_txt_05'] = 'For uploaded files that already exist: '; //## NT ##
-
 $_['upload_txt_06'] = 'Rename (to filename.ext.001 etc...)'; //## NT ##
 $_['upload_txt_07'] = 'Overwrite'; //## NT ##
+
 $_['upload_err_01'] = 'Fout 1: Bestand te groot. Uit php.ini:';
 $_['upload_err_02'] = 'Fout 2: Bestand te groot. (Overschrijdt MAX_FILE_SIZE HTML form element)';
 $_['upload_err_03'] = 'Fout 3: Het upload bestand was slechts gedeeltelijk verzonden.';
@@ -184,28 +182,29 @@
 
 $_['upload_error_01a'] = 'Upload Fout. Totale POST data (meerendeel bestandsgrootte) overschrijdt post_max_size =';
 $_['upload_error_01b'] = '(van php.ini)';
+
 $_['upload_msg_02'] = 'Doelmap ongeldig:';
 $_['upload_msg_03'] = 'Upload geannuleerd.';
 $_['upload_msg_04'] = 'Uploaden:';
 $_['upload_msg_05'] = 'Upload succesvol!';
-
 $_['upload_msg_06'] = 'Upload mislukt:';
 $_['upload_msg_07'] = 'A pre-existing file was overwritten.'; //## NT ##
+
 $_['new_file_txt_01'] = 'Bestand of map zullen in de huidige map gemaakt worden.';
 $_['new_file_txt_02'] = 'Sommige ongeldige tekens zijn:';
 $_['new_file_msg_01'] = 'Bestand of map niet aangemaakt:';
 $_['new_file_msg_02'] = 'Naam bevat een ongeldig teken:';
 $_['new_file_msg_04'] = 'Bestand of map bestaat reeds:';
-
 $_['new_file_msg_05'] = 'Aangemaakt bestand:';
 $_['new_file_msg_07'] = 'Aangemaakt map:';
+
 $_['CRM_txt_02'] = 'De nieuwe locatie moet reeds bestaan.';
 $_['CRM_txt_04'] = 'Nieuwe Naam';
 $_['CRM_msg_01'] = 'Fout - nieuwe bovenliggende locatie bestaat niet:';
 $_['CRM_msg_02'] = 'Fout - bronbestand bestaat niet:';
+$_['CRM_msg_03'] = 'Fout - nieuwe bestand of map bestaat reeds:';
+$_['CRM_msg_05'] = 'Fout gedurende';
 
-$_['CRM_msg_03']      = 'Fout - nieuwe bestand of map bestaat reeds:';
-$_['CRM_msg_05']      = 'Fout gedurende';
 $_['delete_msg_03']   = 'Verwijderfout:';
 $_['session_warning'] = 'Waarschuwing: Sessie verloopt binnenkort!';
 $_['session_expired'] = 'SESSIE VERLOPEN';
@@ -214,20 +213,19 @@
 $_['OFCMS_requires']  = 'OneFileCMS vereist PHP';
 $_['logout_msg']      = 'U bent succesvol afgemeld.';
 $_['edit_caution_01'] = 'VOORZICHTIG';
-
 $_['edit_caution_02'] = 'U bent de actieve kopie van OneFileCMS aan het bewerken - MAAK EEN BACK-UP & WEES VOORZICHTIG !!';
-$_['time_out_txt'] = 'Sessie verloopt in:';
+$_['time_out_txt']    = 'Sessie verloopt in:';
+
 $_['error_reporting_01'] = 'Weergave van fouten is';
 $_['error_reporting_02'] = 'Loggen van fouten is';
 $_['error_reporting_03'] = 'Foutrapportage is ingesteld op';
 $_['error_reporting_04'] = 'Toon foutsoorten';
-
 $_['error_reporting_05'] = 'Onverwacht vroege uitvoer';
 $_['error_reporting_06'] = '(niet, zelfs niet een blanko regel, zou al getoond mogen worden)';
+
 $_['admin_txt_00'] = 'Oude Backup Gevonden';
 $_['admin_txt_01'] = 'Een backup bestand is aangemaakt voor het geval er een fout tijdens het wijzigen van de gebruikersnaam of het wachtwoord plaatsvindt. Met andere woorden, het kan oude informatie bevatten en dient verwijderd te worden indien niet benodigd. In ieder geval, het bestand zal tijdens de volgende wijziging overschreven worden.';
 $_['admin_txt_02'] = 'Algemene Informatie';
-
 $_['admin_txt_03'] = 'Session Path'; //## NT ##
 $_['admin_txt_04'] = 'Current Session File (changes every page load)';
 $_['admin_txt_14'] = 'Voor een kleine verbetering van de beveiliging, verander het standaard "salt" en/of methode gebruikt door OneFileCMS om het wachtwoord te hashen (en houdt deze geheim, natuurlijk). Alle kleine beetjes helpen...';
@@ -236,33 +234,34 @@
 $_['pw_current'] = 'Huidig Wachtwoord';
 $_['pw_change']  = 'Bewerk Wachtwoord';
 $_['pw_new']     = 'Nieuw Wachtwoord';
-
 $_['pw_confirm'] = 'Bevestig Nieuw Wachtwoord';
-$_['un_change'] = 'Wijzig Gebruikersnaam';
-$_['un_new'] = 'Nieuwe Gebruikersnaam';
+
+$_['un_change']  = 'Wijzig Gebruikersnaam';
+$_['un_new']     = 'Nieuwe Gebruikersnaam';
 $_['un_confirm'] = 'Bevestig Nieuwe Gebruikersnaam';
+
 $_['pw_txt_02'] = 'Wachtwoord / Gebruikersnaam regels:';
 $_['pw_txt_04'] = 'Hoofdlettergevoelig: "A" is geen "a"';
 $_['pw_txt_06'] = 'Moet minimaal 1 niet-spatie teken bevatten.';
-
 $_['pw_txt_08'] = 'Mag spaties in het midden bevatten. Vb: "Dit is een wachtwoord of gebruikersnaam!"';
 $_['pw_txt_10'] = 'Voorafgaande of afsluitende spaties worden genegeerd.';
 $_['pw_txt_12'] = 'Bij het opnemen van wijzigingen wordt alleen 1 bestand bijgewerkt: of de actieve kopie van OneFileCMS of, indien opgegeven, een extern configuratiebestand.';
 $_['pw_txt_14'] = 'Indien een onjuist huidig wachtwoord opgegeven wordt, zult u automatisch uitgelogd worden. U mag dan wel weer meteen inloggen.';
+
 $_['change_pw_01'] = 'Wachtwoord gewijzigd!';
 $_['change_pw_02'] = 'Wachtwoord NIET gewijzigd.';
 $_['change_pw_03'] = 'Onjuist huidig wachtwoord opgegeven. Log in en probeert u het nog eens.';
-
 $_['change_pw_04'] = '"Nieuw" en "Bevestig Nieuw" waardes komen niet overeen.';
 $_['change_pw_05'] = 'Bijwerken';
-
 $_['change_pw_06'] = 'extern configuratiebestand';
-
 $_['change_pw_07'] = 'All fields are required.'; //## NT ##
+
 $_['change_un_01'] = 'Gebruikersnaam gewijzigd!';
 $_['change_un_02'] = 'Gebruikersnaam NIET gewijzigd.';
 
 $_['update_failed'] = 'Update mislukt - onmogelijk bestand op te slaan.';
+
 $_['mcd_msg_01'] = 'bestanden verplaatst.';
 $_['mcd_msg_02'] = 'bestanden gekopiëerd.';
 $_['mcd_msg_03'] = 'bestanden verwijderd.';
+
diff --git a/languages/OneFileCMS.LANG.RU.php b/languages/OneFileCMS.LANG.RU.php
index ffe7ba0..34b34b7 100755
--- a/languages/OneFileCMS.LANG.RU.php
+++ b/languages/OneFileCMS.LANG.RU.php
@@ -1,5 +1,5 @@
 <?php
-// OneFileCMS Language Settings v3.5.23
+// OneFileCMS Language Settings v3.6.02
 
 $_['LANGUAGE'] = 'Russian';
 $_['LANG'] = 'RU';
@@ -30,81 +30,81 @@
 $_['HTML']    = 'HTML';
 $_['WYSIWYG'] = 'WYSIWYG'; //## NT ##
 
-$_['Admin']    = 'Админка';
-$_['bytes']    = 'байт';
-$_['Cancel']   = 'Отмена';
-$_['cancelled'] = 'отменен';
-$_['Close']    = 'Закрыть';
-$_['Copy']     = 'Копия';
-$_['Copied']   = 'Копировать';
-$_['Create']   = 'Создать';
-$_['Date']     = 'Дата';
-$_['Delete']   = 'Удалить';
-$_['DELETE']   = 'УДАЛИТЬ';
-$_['Deleted']  = 'Удалено';
-$_['Edit']     = 'Редактировать';
-$_['Enter']    = 'Вход';
-$_['Error']    = 'Ошибка';
-$_['errors']   = 'ошибки';
-$_['ext']      = 'ext';
-$_['File']     = 'Файл';
-$_['files']    = 'файлы';
-$_['Folder']   = 'Папка';
-$_['folders']  = 'папки';
-$_['From']     = 'из';
-$_['Hash']     = 'Хэш';
-$_['Invalid']  = 'Invalid'; //## NT ##
-$_['Move']     = 'Переместить';
-$_['Moved']    = 'Перемещено';
-$_['Name']     = 'имя';
-$_['on']       = 'в';
-$_['off']      = 'от';
-$_['Password'] = 'Пароль';
-$_['Rename']   = 'Rename';  //## NT ##
-$_['reset']    = 'Сбросить';
-$_['save_1']   = 'Сохранить';
-$_['save_2']   = 'СОХРАНИТЬ ИЗМЕНЕНИЯ';
-$_['Size']     = 'Размер';
-$_['Source']   = 'Source';  //## NT ##
+$_['Admin']      = 'Админка';
+$_['bytes']      = 'байт';
+$_['Cancel']     = 'Отмена';
+$_['cancelled']  = 'отменен';
+$_['Close']      = 'Закрыть';
+$_['Copy']       = 'Копия';
+$_['Copied']     = 'Копировать';
+$_['Create']     = 'Создать';
+$_['Date']       = 'Дата';
+$_['Delete']     = 'Удалить';
+$_['DELETE']     = 'УДАЛИТЬ';
+$_['Deleted']    = 'Удалено';
+$_['Edit']       = 'Редактировать';
+$_['Enter']      = 'Вход';
+$_['Error']      = 'Ошибка';
+$_['errors']     = 'ошибки';
+$_['ext']        = 'ext';
+$_['File']       = 'Файл';
+$_['files']      = 'файлы';
+$_['Folder']     = 'Папка';
+$_['folders']    = 'папки';
+$_['From']       = 'из';
+$_['Hash']       = 'Хэш';
+$_['Invalid']    = 'Invalid'; //## NT ##
+$_['Move']       = 'Переместить';
+$_['Moved']      = 'Перемещено';
+$_['Name']       = 'имя';
+$_['on']         = 'в';
+$_['off']        = 'от';
+$_['Password']   = 'Пароль';
+$_['Rename']     = 'Rename';  //## NT ##
+$_['reset']      = 'Сбросить';
+$_['save_1']     = 'Сохранить';
+$_['save_2']     = 'СОХРАНИТЬ ИЗМЕНЕНИЯ';
+$_['Size']       = 'Размер';
+$_['Source']     = 'Source';  //## NT ##
 $_['successful'] = 'успешно';
-$_['To']       = 'В';
-$_['Upload']   = 'Загрузить';
-$_['Username'] = 'Логин';
+$_['To']         = 'В';
+$_['Upload']     = 'Загрузить';
+$_['Username']   = 'Логин';
+$_['View']       = 'вид';
+$_['Working']    = 'Working - please wait...'; //## NT ##
 
-$_['View']            = 'вид';
-$_['Working']         = 'Working - please wait...'; //## NT ##
-$_['Log_In']          = 'Войти';
-$_['Log_Out']         = 'Выйти';
-$_['Admin_Options']   = 'Настройки Администратора';
-$_['Are_you_sure']    = 'Вы уверены?';
-$_['View_Raw']        = 'View Raw'; //## NT ##
-$_['Open_View']       = 'Открыть/Открыть в окне браузера';
-$_['Edit_View']       = 'Ред. / Смотреть';
-$_['Wide_View']       = 'Широкий Обзор';
-$_['Normal_View']     = 'Нормальный Обзор';
-$_['Word_Wrap']       = 'Word Wrap'; //## NT ##
-$_['Line_Wrap']       = 'Line Wrap'; //## NT ##
-$_['Upload_File']     = 'Загрузить файл';
-$_['New_File']        = 'Новый файл';
-$_['Ren_Move']        = 'Переименовать / Переместить';
-$_['Ren_Moved']       = 'Переименованно / Перемещенно';
-$_['folders_first']   = 'folders first'; //## NT ##
+$_['Log_In']             = 'Войти';
+$_['Log_Out']            = 'Выйти';
+$_['Admin_Options']      = 'Настройки Администратора';
+$_['Are_you_sure']       = 'Вы уверены?';
+$_['View_Raw']           = 'View Raw'; //## NT ##
+$_['Open_View']          = 'Открыть/Открыть в окне браузера';
+$_['Edit_View']          = 'Ред. / Смотреть';
+$_['Wide_View']          = 'Широкий Обзор';
+$_['Normal_View']        = 'Нормальный Обзор';
+$_['Word_Wrap']          = 'Word Wrap'; //## NT ##
+$_['Line_Wrap']          = 'Line Wrap'; //## NT ##
+$_['Upload_File']        = 'Загрузить файл';
+$_['New_File']           = 'Новый файл';
+$_['Ren_Move']           = 'Переименовать / Переместить';
+$_['Ren_Moved']          = 'Переименованно / Перемещенно';
+$_['folders_first']      = 'folders first'; //## NT ##
 $_['folders_first_info'] = 'Sort folders first, but don\'t change primary sort.'; //## NT ##
-$_['New_Folder']      = 'Новая папка';
-$_['Ren_Folder']      = 'Переименовать / Переместить папку';
-$_['Submit']          = 'Отправить изменения';
-$_['Move_Files']      = 'Переместить Файл(ы)';
-$_['Copy_Files']      = 'Копировать Файл(ы)';
-$_['Del_Files']       = 'Удалить Файл(ы)';
-$_['Selected_Files']  = 'Выбранные Папки и Файлы';
-$_['Select_All']      = 'Выбрать все';
-$_['Clear_All']       = 'Очистить всё';
-$_['New_Location']    = 'Новая локализация';
-$_['No_files']        = 'Нет выбранных файлов.';
-$_['Not_found']       = 'Не найдено';
+$_['New_Folder']         = 'Новая папка';
+$_['Ren_Folder']         = 'Переименовать / Переместить папку';
+$_['Submit']             = 'Отправить изменения';
+$_['Move_Files']         = 'Переместить Файл(ы)';
+$_['Copy_Files']         = 'Копировать Файл(ы)';
+$_['Del_Files']          = 'Удалить Файл(ы)';
+$_['Selected_Files']     = 'Выбранные Папки и Файлы';
+$_['Select_All']         = 'Выбрать все';
+$_['Clear_All']          = 'Очистить всё';
+$_['New_Location']       = 'Новая локализация';
+$_['No_files']           = 'Нет выбранных файлов.';
+$_['Not_found']          = 'Не найдено';
+$_['Invalid_path']       = 'Invalid path'; //## NT ##
+$_['must_be_decendant']  = '$DEFAULT_PATH must be a decendant of, or equal to, $ACCESS_ROOT'; //## NT ##
 
-$_['Invalid_path']      = 'Invalid path'; //## NT ##
-$_['must_be_decendant'] = '$DEFAULT_PATH must be a decendant of, or equal to, $ACCESS_ROOT'; //## NT ##
 $_['verify_msg_01']     = 'Сессия истекла.';
 $_['verify_msg_02']     = 'НЕВЕРНЫЙ ЗАПРОС';
 $_['get_get_msg_01']    = 'Файл не существует:';
@@ -114,9 +114,9 @@
 $_['ord_msg_01']        = 'Файл с таким именем уже существует в главной директории.';
 $_['ord_msg_02']        = 'Сохранить как';
 $_['rCopy_msg_01']      = 'Папка не может быть скопированна в одну из своих под-папок.';
+$_['show_img_msg_01']   = 'Изображене показано на ~';
+$_['show_img_msg_02']   = '% от полного размера (Ш x Д =';
 
-$_['show_img_msg_01'] = 'Изображене показано на ~';
-$_['show_img_msg_02'] = '% от полного размера (Ш x Д =';
 $_['hash_txt_01']   = 'Хэш сгенерированный на этой странице может быть использован для обновления вручную $HASHWORD в OneFileCMS, или во внешнем файле конфигурации. В любом случае, убедитесь, что вы помните пароль, используемый для создания хэш!';
 $_['hash_txt_06']   = 'Введите желаемый пароль в поле ввода выше и нажмите Enter.';
 $_['hash_txt_07']   = 'Хэш будет отображаться в желтом окне сообщения, которое выше.';
@@ -124,55 +124,53 @@
 $_['hash_txt_09']   = 'Убедитесь в том, чтобы вы полностью скопировали хэш (пробелов, кавычек и т.д..';
 $_['hash_txt_10']   = 'Нажмите 2 раза, для того что-бы выбрать его...';
 $_['hash_txt_12']   = 'Когда будете готовы, выйдите из системы и войдите снова.';
-
 $_['pass_to_hash']  = 'Пароль для хеширования:';
 $_['Generate_Hash'] = 'Сгенерировать Хэш';
-$_['login_txt_01']  = 'Логин:';
-$_['login_txt_02']  = 'Пароль:';
+
 $_['login_msg_01a'] = 'Имело место быть';
 $_['login_msg_01b'] = 'неудачных попыток входа в систему.';
 $_['login_msg_02a'] = 'Пожалуйста подождите';
-
 $_['login_msg_02b'] = 'несколько секунд, чтобы попробовать ещё раз.';
 $_['login_msg_03']  = 'ПРОБЛЕМА ПРИ ПОПЫТКЕ ВХОДА #';
+
 $_['edit_note_00']  = 'ПРИМЕЧАНИЕ:';
 $_['edit_note_01a'] = 'Поните- ваша';
 $_['edit_note_01b'] = 'это';
+$_['edit_note_02']  = 'Сохранить изменения перед окончаниеи сессии, иначе они будут утеряны!';
+$_['edit_note_03']  = 'В некоторых браузерах, таких как Chrome, если вы перемещаетесь [Назад] или [Вперед], измения могут обновиться. Для этого нажмите клавишу F5, либо в браузере нажмите [Обновить]..';
 
-$_['edit_note_02'] = 'Сохранить изменения перед окончаниеи сессии, иначе они будут утеряны!';
-$_['edit_note_03'] = 'В некоторых браузерах, таких как Chrome, если вы перемещаетесь [Назад] или [Вперед], измения могут обновиться. Для этого нажмите клавишу F5, либо в браузере нажмите [Обновить]..';
 $_['edit_h2_1']   = 'Просмотреть:';
 $_['edit_h2_2']   = 'Редактировать:';
 $_['edit_txt_00'] = 'Edit disabled.'; //## NT ##
 $_['edit_txt_01'] = 'Неизвестный текст или неизвестный тип файла. Редактирование невозможно.';
 $_['edit_txt_02'] = 'Возможно файл содержит недопустимый символ. Редактирование и Просмотр невозможны.';
+$_['edit_txt_03'] = 'htmlspecialchars() возвращает к предыдущим обновлениям файла.';
+$_['edit_txt_04'] = 'Это поведение зависит от версии вашего PHP.';
 
-$_['edit_txt_03']          = 'htmlspecialchars() возвращает к предыдущим обновлениям файла.';
-$_['edit_txt_04']          = 'Это поведение зависит от версии вашего PHP.';
 $_['too_large_to_edit_01'] = 'Редактирование невозожно. Размер файла >';
 $_['too_large_to_edit_02'] = 'В некоторых браузерах, таких как (ie: IE) неустойчивое редактирование HTML кода в файлах большого размера <textarea>.';
 $_['too_large_to_edit_03'] = 'Настройте $MAX_EDIT_SIZE в конфигураторе OneFileCMS по мере необходимости.';
 $_['too_large_to_edit_04'] = 'Простым методом тестирования проб и ошибок можно определить практический предел для данного браузера / компьютера.';
 $_['too_large_to_view_01'] = 'Просмотр невозможен. Размер файла >';
 $_['too_large_to_view_02'] = 'Нажмите на название файла, чтобы просмотреть, как обычно он отображается в окне браузера.';
-
 $_['too_large_to_view_03'] = 'Настройте $MAX_VIEW_SIZE в конфигураторе OneFileCMS по мере необходимости.';
 $_['too_large_to_view_04'] = '(Значения по умолчанию $MAX_VIEW_SIZE установлены произвольно, и могут быть скорректированны по желанию.)';
 
 $_['meta_txt_01'] = 'Размер файла:';
 $_['meta_txt_03'] = 'Обновлен:';
-$_['edit_msg_01'] = 'Файл сохранён:';
 
+$_['edit_msg_01'] = 'Файл сохранён:';
 $_['edit_msg_02'] = 'записанных байт.';
 $_['edit_msg_03'] = 'Существовала ошибка сохраниния файла .';
+
 $_['upload_txt_03'] = 'Максимальный размер каждого файла:';
 $_['upload_txt_01'] = '(php.ini: upload_max_filesize)'; //## NT ##
 $_['upload_txt_04'] = 'Максимальный суммарный размер загружаемого:';
 $_['upload_txt_02'] = '(php.ini: post_max_size)'; //## NT ##
 $_['upload_txt_05'] = 'Для загруженных файлов, которые уже существуют: ';
-
 $_['upload_txt_06'] = 'Переименование (в файле filename.ext.001 и.т.д...)';
 $_['upload_txt_07'] = 'Заменить';
+
 $_['upload_err_01'] = 'Ошибка 1: Файл слишком большой. Из php.ini:';
 $_['upload_err_02'] = 'Ошибка 2: Файл слишком большой. (Превышает MAX_FILE_SIZE HTML элементов)';
 $_['upload_err_03'] = 'Ошибка 3: Загруженный файл был загружен лишь частично.';
@@ -184,28 +182,29 @@
 
 $_['upload_error_01a'] = 'Ошибка при загрузке. Общий объём данных  (размер файла) превысил post_max_size =';
 $_['upload_error_01b'] = '(из php.ini)';
+
 $_['upload_msg_02'] = 'Папка назначения недействительна:';
 $_['upload_msg_03'] = 'Загрузка отменена.';
 $_['upload_msg_04'] = 'Загружается:';
 $_['upload_msg_05'] = 'Загрузка прошла успешно!';
-
 $_['upload_msg_06'] = 'Загрузка не удалась:';
 $_['upload_msg_07'] = 'предварительно существующий файл был перезаписан.';
+
 $_['new_file_txt_01'] = 'Файл или папка могут быть созданы в текущей директории.';
 $_['new_file_txt_02'] = 'Содержатся некоторые недопустимые символы:';
 $_['new_file_msg_01'] = 'Файл или папка не создаются:';
 $_['new_file_msg_02'] = 'Название содержит недопустимый символ:';
 $_['new_file_msg_04'] = 'Файл или папка уже существуют:';
-
 $_['new_file_msg_05'] = 'Созданный файл:';
 $_['new_file_msg_07'] = 'Созданная папка:';
+
 $_['CRM_txt_02'] = 'Новая локализация уже должна существовать.';
 $_['CRM_txt_04'] = 'Новое Имя';
 $_['CRM_msg_01'] = 'Ошибка - новая локализация не существует:';
 $_['CRM_msg_02'] = 'Ошибка - исходный файл не существует:';
+$_['CRM_msg_03'] = 'Ошибка - новый файл или папка уже существуют:';
+$_['CRM_msg_05'] = 'Ошибка при';
 
-$_['CRM_msg_03']      = 'Ошибка - новый файл или папка уже существуют:';
-$_['CRM_msg_05']      = 'Ошибка при';
 $_['delete_msg_03']   = 'Удалить ошибку:';
 $_['session_warning'] = 'Внимание: Близится окончание сессии!';
 $_['session_expired'] = 'ВРЕМЯ СЕССИИ ИСТЕКЛО';
@@ -214,20 +213,19 @@
 $_['OFCMS_requires']  = 'OneFileCMS требует PHP';
 $_['logout_msg']      = 'Вы успешно вышли из системы.';
 $_['edit_caution_01'] = 'ВНИМАНИЕ';
-
 $_['edit_caution_02'] = 'Осторожно редактируйте активную копию OneFileCMS - Сделайте резервную копию !!';
-$_['time_out_txt'] = 'Сессия закончится через::';
+$_['time_out_txt']    = 'Сессия закончится через::';
+
 $_['error_reporting_01'] = 'Вывести ошибки в';
 $_['error_reporting_02'] = 'Лог ошибок в';
 $_['error_reporting_03'] = 'Ошибки отчётности установленны в';
 $_['error_reporting_04'] = 'Показаны типы ошибок';
-
 $_['error_reporting_05'] = 'Неожиданный ранний выход';
 $_['error_reporting_06'] = '(ничего нет, даже пробела)';
+
 $_['admin_txt_00'] = 'Найти старую резервную копию';
 $_['admin_txt_01'] = 'Файл резервной копии был создан в случае ошибки при изменении имени пользователя и пароля. Таким образом, он может содержать устаревшую информацию и должен быть удален. В любом случае, он будет автоматически заменен на файл с новым паролем или логином пользователя.';
 $_['admin_txt_02'] = 'Общая информация';
-
 $_['admin_txt_03'] = 'Session Path'; //## NT ##
 $_['admin_txt_04'] = 'Current Session File (changes every page load)';
 $_['admin_txt_14'] = 'Для небольшого улучшения безопасности в OneFileCMS изменён метод хеширования паролей (его нужно держать в тайне как и основной пароль). Каждый в дальнейшем может Вам понадобиться..';
@@ -236,33 +234,34 @@
 $_['pw_current'] = 'Текущий Пароль';
 $_['pw_change']  = 'Изменить Пароль';
 $_['pw_new']     = 'Новый Пароль';
-
 $_['pw_confirm'] = 'Подтверждение Нового Пароля';
-$_['un_change'] = 'Подтверждение Логина';
-$_['un_new'] = 'Новый Логин';
+
+$_['un_change']  = 'Подтверждение Логина';
+$_['un_new']     = 'Новый Логин';
 $_['un_confirm'] = 'Подтверждение Нового Логина';
+
 $_['pw_txt_02'] = 'Пароль / Логин правила:';
 $_['pw_txt_04'] = 'С учётом регистра: "A" =/= "a"';
 $_['pw_txt_06'] = 'Не должен начинаться или заканчиваться с пробелов и различных символов.';
-
 $_['pw_txt_08'] = 'Может содержать пробелы в середине. Пример: "Это мой логин или пароль!"';
 $_['pw_txt_10'] = 'Пробелы в начале и конце игнорируются.';
 $_['pw_txt_12'] = 'При записи изменения обновляется лишь только один активный файл OneFileCMS, при этом сразу создаётся его старая копия.';
 $_['pw_txt_14'] = 'Если неправильный текущий пароль будет введён или зарегистрирован, Вы можете воспользоваться бекапом.';
+
 $_['change_pw_01'] = 'Пароль изменён!';
 $_['change_pw_02'] = 'Пароль не изменён.';
 $_['change_pw_03'] = 'Неправильный текущий пароль, войдите заново чтобы повторить попытку.';
-
 $_['change_pw_04'] = 'Данные "Нового пароля" и "Подтверждения нового пароля" не совпадают.';
 $_['change_pw_05'] = 'Обновить';
-
 $_['change_pw_06'] = 'внежнюю конфигурацию файла';
-
 $_['change_pw_07'] = 'All fields are required.'; //## NT ##
+
 $_['change_un_01'] = 'Логин изменён!';
 $_['change_un_02'] = 'Логин НЕ изменён.';
 
 $_['update_failed'] = 'Обновление не удалось - файл не сохранился.';
+
 $_['mcd_msg_01'] = 'файлы перемещаются.';
 $_['mcd_msg_02'] = 'файлы копируются.';
 $_['mcd_msg_03'] = 'файлы удалены.';
+
diff --git a/onefilecms.php b/onefilecms.php
index 8e859bd..90273b2 100755
--- a/onefilecms.php
+++ b/onefilecms.php
@@ -2,7 +2,7 @@
 
 // OneFileCMS - github.com/Self-Evident/OneFileCMS
 
-$OFCMS_version = '3.6.01';
+$OFCMS_version = '3.6.02';
 
 
 
@@ -17,8 +17,16 @@
 ini_set('log_errors'    , 'off');
 ini_set('error_log'     , $_SERVER['SCRIPT_FILENAME'].'.ERROR.log');
 //
-//Determine good folder for session file. Default is /tmp/, which is not secure.
-//session_save_path('/home/content/username/tmp/'); // or:  ini_set('session.save_path', 'some/safe/path/')
+//Determine good folder for session file. Default is /tmp/, or /var/lib/php5/, or similar, which may not be secure.
+//session_save_path('/home/username/tmp/'); // or:  ini_set('session.save_path', 'some/safe/path/')
+
+$user_tmp_path = '/home/'.get_current_user().'/tmp/';
+
+if (is_dir($user_tmp_path)) {							//check for a user based tmp directory.
+	session_save_path($user_tmp_path);
+} else {
+	$MESSAGE .= '<span class="filename">'.__LINE__.') session_save_path: &nbsp; <b>"'.ini_get('session.save_path').'"</b></span><br>'; //##### 
+}
 //******************************************************************************
 
 
@@ -88,8 +96,8 @@
 $MAIN_TITLE = "OneFileCMS";
 
 $USERNAME = "username";
-$HASHWORD = "18350bc2181858e679605434735b1c2db6e7e4bb72b50a6d93d9ad1362f3e1c2";
-//$HASHWORD = "18350bc2181858e679605434735b1c2db6e7e4bb72b50a6d93d9ad1362f3e1c2"; //"password" with $PRE_ITERATIONS = 1000
+$HASHWORD = "5ccc11367dc9fc18822100df2149464a64c8992fc0de9cce2a7a451360491650";
+//$HASHWORD = "5ccc11367dc9fc18822100df2149464a64c8992fc0de9cce2a7a451360491650"; //"password" with $PRE_ITERATIONS = 10000
 $SALT     = 'somerandomsalt';
 
 $MAX_ATTEMPTS  = 3;    //Max failed login attempts before LOGIN_DELAY starts.
@@ -136,7 +144,7 @@
 
 $SESSION_NAME = 'OFCMS'; //Name of session cookie. Change if using multiple copies of OneFileCMS concurrently.
 
-//Optional: restrict access to a particular sub folder.
+//Optional: restrict access to a particular sub folder from root.
 //$ACCESS_ROOT = '/some/path';
 //If blank or invalid, default is $_SERVER['DOCUMENT_ROOT'].
 //$ACCESS_ROOT = '/home/user';
@@ -366,7 +374,7 @@ function System_Setup() {//*****************************************************
 //For 200 iterations: (time on IE8) > (37 x time on FF). And the difference grows with the iterations.
 //If you change this, or any other aspect of either hashit() or js_hash_scripts(), do so while logged in.
 //Then, manually update your password as instructed on the Admin/Generate Hash page.
-$PRE_ITERATIONS = 1000;
+$PRE_ITERATIONS = 10000;
 }//end  System_Setup() //*******************************************************
 
 
@@ -374,9 +382,11 @@ function System_Setup() {//*****************************************************
 
 function Default_Language() { // ***********************************************
 	global $_;
-// OneFileCMS Language Settings v3.5.23  (Not always in sync with OFCMS version#, if no changes to displayed wording.)
+// OneFileCMS Language Settings v3.6.02  (Not always in sync with OFCMS version#, if no changes to displayed wording.)
+
 $_['LANGUAGE'] = 'English';
 $_['LANG'] = 'EN';
+
 // If no translation or value is desired for a particular setting, do not delete
 // the actual setting variable, just set it to an empty string.
 // For example:  $_['some_unused_setting'] = '';
@@ -399,81 +409,85 @@ function Default_Language() { // ***********************************************
 $_['image_info_pos']         = '';        //If 1 or true, moves the info down a line for more space.
 $_['select_all_label_size']  = '.84em';   //Font size of $_['Select_All']
 $_['select_all_label_width'] = '72px';    //Width of space for $_['Select_All']
+
 $_['HTML']    = 'HTML';
 $_['WYSIWYG'] = 'WYSIWYG';
-$_['Admin']    = 'Admin';
-$_['bytes']    = 'bytes';
-$_['Cancel']   = 'Cancel';
-$_['cancelled'] = 'cancelled';
-$_['Close']    = 'Close';
-$_['Copy']     = 'Copy';
-$_['Copied']   = 'Copied';
-$_['Create']   = 'Create';
-$_['Date']     = 'Date';
-$_['Delete']   = 'Delete';
-$_['DELETE']   = 'DELETE';
-$_['Deleted']  = 'Deleted';
-$_['Edit']     = 'Edit';
-$_['Enter']    = 'Enter';
-$_['Error']    = 'Error';
-$_['errors']   = 'errors';
-$_['ext']      = '.ext';    //## NT ## filename[.ext]ension
-$_['File']     = 'File';
-$_['files']    = 'files';
-$_['Folder']   = 'Folder';
-$_['folders']  = 'folders';
-$_['From']     = 'From';
-$_['Hash']     = 'Hash';
-$_['Invalid']  = 'Invalid';		//## NT ## as of 3.5.23
-$_['Move']     = 'Move';
-$_['Moved']    = 'Moved';
-$_['Name']     = 'Name';
-$_['on']       = 'on';
-$_['off']      = 'off';
-$_['Password'] = 'Password';
-$_['Rename']   = 'Rename';
-$_['reset']    = 'Reset';
-$_['save_1']   = 'Save';
-$_['save_2']   = 'SAVE CHANGES';
-$_['Size']     = 'Size';
-$_['Source']   = 'Source';
+
+$_['Admin']      = 'Admin';
+$_['bytes']      = 'bytes';
+$_['Cancel']     = 'Cancel';
+$_['cancelled']  = 'cancelled';
+$_['Close']      = 'Close';
+$_['Copy']       = 'Copy';
+$_['Copied']     = 'Copied';
+$_['Create']     = 'Create';
+$_['Date']       = 'Date';
+$_['Delete']     = 'Delete';
+$_['DELETE']     = 'DELETE';
+$_['Deleted']    = 'Deleted';
+$_['Edit']       = 'Edit';
+$_['Enter']      = 'Enter';
+$_['Error']      = 'Error';
+$_['errors']     = 'errors';
+$_['ext']        = '.ext';    //## NT ## filename[.ext]ension
+$_['File']       = 'File';
+$_['files']      = 'files';
+$_['Folder']     = 'Folder';
+$_['folders']    = 'folders';
+$_['From']       = 'From';
+$_['Hash']       = 'Hash';
+$_['Invalid']    = 'Invalid'; //## NT ## as of 3.5.23
+$_['Move']       = 'Move';
+$_['Moved']      = 'Moved';
+$_['Name']       = 'Name';
+$_['on']         = 'on';
+$_['off']        = 'off';
+$_['Password']   = 'Password';
+$_['Rename']     = 'Rename';
+$_['reset']      = 'Reset';
+$_['save_1']     = 'Save';
+$_['save_2']     = 'SAVE CHANGES';
+$_['Size']       = 'Size';
+$_['Source']     = 'Source';
 $_['successful'] = 'successful';
-$_['To']       = 'To';
-$_['Upload']   = 'Upload';
-$_['Username'] = 'Username';
-$_['View']     = 'View';
-$_['Working']         = 'Working - please wait...';
-$_['Log_In']          = 'Log In';
-$_['Log_Out']         = 'Log Out';
-$_['Admin_Options']   = 'Administration Options';
-$_['Are_you_sure']    = 'Are you sure?';
-$_['View_Raw']        = 'View Raw'; //## NT ### as of 3.5.07
-$_['Open_View']       = 'Open/View in browser window';
-$_['Edit_View']       = 'Edit / View';
-$_['Wide_View']       = 'Wide View';
-$_['Normal_View']     = 'Normal View';
-$_['Word_Wrap']       = 'Word Wrap'; //## NT ## as of 3.5.19
-$_['Line_Wrap']       = 'Line Wrap'; //## NT ## as of 3.5.20
-$_['Upload_File']     = 'Upload File';
-$_['New_File']        = 'New File';
-$_['Ren_Move']        = 'Rename / Move';
-$_['Ren_Moved']       = 'Renamed / Moved';
-$_['folders_first']   = 'folders first'; //## NT ##
+$_['To']         = 'To';
+$_['Upload']     = 'Upload';
+$_['Username']   = 'Username';
+$_['View']       = 'View';
+$_['Working']    = 'Working - please wait...';
+
+$_['Log_In']             = 'Log In';
+$_['Log_Out']            = 'Log Out';
+$_['Admin_Options']      = 'Administration Options';
+$_['Are_you_sure']       = 'Are you sure?';
+$_['View_Raw']           = 'View Raw'; //## NT ### as of 3.5.07
+$_['Open_View']          = 'Open/View in browser window';
+$_['Edit_View']          = 'Edit / View';
+$_['Wide_View']          = 'Wide View';
+$_['Normal_View']        = 'Normal View';
+$_['Word_Wrap']          = 'Word Wrap'; //## NT ## as of 3.5.19
+$_['Line_Wrap']          = 'Line Wrap'; //## NT ## as of 3.5.20
+$_['Upload_File']        = 'Upload File';
+$_['New_File']           = 'New File';
+$_['Ren_Move']           = 'Rename / Move';
+$_['Ren_Moved']          = 'Renamed / Moved';
+$_['folders_first']      = 'folders first'; //## NT ##
 $_['folders_first_info'] = 'Sort folders first, but don\'t change primary sort.'; //## NT ##
-$_['New_Folder']      = 'New Folder';
-$_['Ren_Folder']      = 'Rename / Move Folder';
-$_['Submit']          = 'Submit Request';
-$_['Move_Files']      = 'Move File(s)';
-$_['Copy_Files']      = 'Copy File(s)';
-$_['Del_Files']       = 'Delete File(s)';
-$_['Selected_Files']  = 'Selected Folders and Files';
-$_['Select_All']      = 'Select All';
-$_['Clear_All']       = 'Clear All';
-$_['New_Location']    = 'New Location';
-$_['No_files']        = 'No files selected.';
-$_['Not_found']       = 'Not found';
-$_['Invalid_path']    = 'Invalid path';
-$_['must_be_decendant'] = '$DEFAULT_PATH must be a decendant of, or equal to, $ACCESS_ROOT';	//## NT ## as of 3.5.23
+$_['New_Folder']         = 'New Folder';
+$_['Ren_Folder']         = 'Rename / Move Folder';
+$_['Submit']             = 'Submit Request';
+$_['Move_Files']         = 'Move File(s)';
+$_['Copy_Files']         = 'Copy File(s)';
+$_['Del_Files']          = 'Delete File(s)';
+$_['Selected_Files']     = 'Selected Folders and Files';
+$_['Select_All']         = 'Select All';
+$_['Clear_All']          = 'Clear All';
+$_['New_Location']       = 'New Location';
+$_['No_files']           = 'No files selected.';
+$_['Not_found']          = 'Not found';
+$_['Invalid_path']       = 'Invalid path';
+$_['must_be_decendant']  = '$DEFAULT_PATH must be a decendant of, or equal to, $ACCESS_ROOT'; //## NT ## as of 3.5.23
+
 $_['verify_msg_01']     = 'Session expired.';
 $_['verify_msg_02']     = 'INVALID POST';
 $_['get_get_msg_01']    = 'File does not exist:';
@@ -485,6 +499,7 @@ function Default_Language() { // ***********************************************
 $_['rCopy_msg_01']      = 'A folder can not be copied into one of its own sub-folders.';
 $_['show_img_msg_01']   = 'Image shown at ~';
 $_['show_img_msg_02']   = '% of full size (W x H =';
+
 $_['hash_txt_01']   = 'The hashes generated by this page may be used to manually update $HASHWORD in OneFileCMS, or in an external config file.  In either case, make sure you remember the password used to generate the hash!';
 $_['hash_txt_06']   = 'Type your desired password in the input field above and hit Enter.';
 $_['hash_txt_07']   = 'The hash will be displayed in a yellow message box above that.';
@@ -494,18 +509,19 @@ function Default_Language() { // ***********************************************
 $_['hash_txt_12']   = 'When ready, logout and login.';
 $_['pass_to_hash']  = 'Password to hash:';
 $_['Generate_Hash'] = 'Generate Hash';
-$_['login_txt_01']  = 'Username:';
-$_['login_txt_02']  = 'Password:';
+
 $_['login_msg_01a'] = 'There have been';
 $_['login_msg_01b'] = 'invalid login attempts.';
 $_['login_msg_02a'] = 'Please wait';
 $_['login_msg_02b'] = 'seconds to try again.';
 $_['login_msg_03']  = 'INVALID LOGIN ATTEMPT #';
+
 $_['edit_note_00']  = 'NOTES:';
 $_['edit_note_01a'] = 'Remember- ';
 $_['edit_note_01b'] = 'is';
 $_['edit_note_02']  = 'So save changes before the clock runs out, or the changes will be lost!';
 $_['edit_note_03']  = 'With some browsers, such as Chrome, if you click the browser [Back] then browser [Forward], the file state may not be accurate. To correct, click the browser\'s [Reload].';
+
 $_['edit_h2_1']   = 'Viewing:';
 $_['edit_h2_2']   = 'Editing:';
 $_['edit_txt_00'] = 'Edit disabled.'; //## NT ## as of 3.5.07
@@ -513,6 +529,7 @@ function Default_Language() { // ***********************************************
 $_['edit_txt_02'] = 'File possibly contains an invalid character. Edit and view disabled.';
 $_['edit_txt_03'] = 'htmlspecialchars() returned an empty string from what may be an otherwise valid file.';
 $_['edit_txt_04'] = 'This behavior can be inconsistant from version to version of php.';
+
 $_['too_large_to_edit_01'] = 'Edit disabled. Filesize >';
 $_['too_large_to_edit_02'] = 'Some browsers (ie: IE) bog down or become unstable while editing a large file in an HTML <textarea>.';
 $_['too_large_to_edit_03'] = 'Adjust $MAX_EDIT_SIZE in the configuration section of OneFileCMS as needed.';
@@ -521,11 +538,14 @@ function Default_Language() { // ***********************************************
 $_['too_large_to_view_02'] = 'Click [View Raw] to view the raw/"plain text" file contents in a seperate browser window.'; //** NT ** changed wording as of 3.5.07
 $_['too_large_to_view_03'] = 'Adjust $MAX_VIEW_SIZE in the configuration section of OneFileCMS as needed.';
 $_['too_large_to_view_04'] = '(The default value for $MAX_VIEW_SIZE is completely arbitrary, and may be adjusted as desired.)';
+
 $_['meta_txt_01'] = 'Filesize:';
 $_['meta_txt_03'] = 'Updated:';
+
 $_['edit_msg_01'] = 'File saved:';
 $_['edit_msg_02'] = 'bytes written.';
 $_['edit_msg_03'] = 'There was an error saving file.';
+
 $_['upload_txt_03'] = 'Maximum size of each file:';
 $_['upload_txt_01'] = '(php.ini: upload_max_filesize)';
 $_['upload_txt_04'] = 'Maximum total upload size:';
@@ -533,6 +553,7 @@ function Default_Language() { // ***********************************************
 $_['upload_txt_05'] = 'For uploaded files that already exist: ';
 $_['upload_txt_06'] = 'Rename (to filename.ext.001 etc...)';
 $_['upload_txt_07'] = 'Overwrite';
+
 $_['upload_err_01'] = 'Error 1: File too large. From php.ini:';
 $_['upload_err_02'] = 'Error 2: File too large. (Exceeds MAX_FILE_SIZE HTML form element)';
 $_['upload_err_03'] = 'Error 3: The uploaded file was only partially uploaded.';
@@ -541,14 +562,17 @@ function Default_Language() { // ***********************************************
 $_['upload_err_06'] = 'Error 6: Missing a temporary folder.';
 $_['upload_err_07'] = 'Error 7: Failed to write file to disk.';
 $_['upload_err_08'] = 'Error 8: A PHP extension stopped the file upload.';
+
 $_['upload_error_01a'] = 'Upload Error. Total POST data (mostly filesize) exceeded post_max_size =';
 $_['upload_error_01b'] = '(from php.ini)';
+
 $_['upload_msg_02'] = 'Destination folder invalid:';
 $_['upload_msg_03'] = 'Upload cancelled.';
 $_['upload_msg_04'] = 'Uploading:';
 $_['upload_msg_05'] = 'Upload successful!';
 $_['upload_msg_06'] = 'Upload failed:';
 $_['upload_msg_07'] = 'A pre-existing file was overwritten.';
+
 $_['new_file_txt_01'] = 'File or Folder will be created in the current folder.';
 $_['new_file_txt_02'] = 'Some invalid characters are:';
 $_['new_file_msg_01'] = 'File or folder not created:';
@@ -556,12 +580,14 @@ function Default_Language() { // ***********************************************
 $_['new_file_msg_04'] = 'File or folder already exists:';
 $_['new_file_msg_05'] = 'Created file:';
 $_['new_file_msg_07'] = 'Created folder:';
+
 $_['CRM_txt_02'] = 'The new location must already exist.';
 $_['CRM_txt_04'] = 'New Name';
 $_['CRM_msg_01'] = 'Error - new parent location does not exist:';
 $_['CRM_msg_02'] = 'Error - source file does not exist:';
 $_['CRM_msg_03'] = 'Error - new file or folder already exists:';
 $_['CRM_msg_05'] = 'Error during';
+
 $_['delete_msg_03']   = 'Delete error:';
 $_['session_warning'] = 'Warning: Session timeout soon!';
 $_['session_expired'] = 'SESSION EXPIRED';
@@ -572,12 +598,14 @@ function Default_Language() { // ***********************************************
 $_['edit_caution_01'] = 'CAUTION'; //##### No longer used as of 3.5.07
 $_['edit_caution_02'] = 'You are viewing the active copy of OneFileCMS.'; //## NT ## changed wording 3.5.07
 $_['time_out_txt']    = 'Session time out in:';
+
 $_['error_reporting_01'] = 'Display errors is';
 $_['error_reporting_02'] = 'Log errors is';
 $_['error_reporting_03'] = 'Error reporting is set to';
 $_['error_reporting_04'] = 'Showing error types';
 $_['error_reporting_05'] = 'Unexpected early output';
 $_['error_reporting_06'] = '(nothing, not even white-space, should have been output yet)';
+
 $_['admin_txt_00'] = 'Old Backup Found';
 $_['admin_txt_01'] = 'A backup file was created in case of an error during a username or password change. Therefore, it may contain old information and should be deleted if not needed. In any case, it will be automatically overwritten on the next password or username change.';
 $_['admin_txt_02'] = 'General Information';
@@ -585,13 +613,16 @@ function Default_Language() { // ***********************************************
 $_['admin_txt_04'] = 'Connected to'; //## NT ## as of 3.5.23
 $_['admin_txt_14'] = 'For a small improvement to security, change the default salt and/or method used by OneFileCMS to hash the password (and keep them secret, of course). Every little bit helps...';
 $_['admin_txt_16'] = 'OneFileCMS can not be used to edit itself directly.  However, you can make a copy and edit it.'; //## NT ## Changed wording in 3.5.07
+
 $_['pw_current'] = 'Current Password';
 $_['pw_change']  = 'Change Password';
 $_['pw_new']     = 'New Password';
 $_['pw_confirm'] = 'Confirm New Password';
+
 $_['un_change']  = 'Change Username';
 $_['un_new']     = 'New Username';
 $_['un_confirm'] = 'Confirm New Username';
+
 $_['pw_txt_02'] = 'Password / Username rules:';
 $_['pw_txt_04'] = 'Case-sensitive: "A" =/= "a"';
 $_['pw_txt_06'] = 'Must contain at least one non-space character.';
@@ -599,6 +630,7 @@ function Default_Language() { // ***********************************************
 $_['pw_txt_10'] = 'Leading and trailing spaces are ignored.';
 $_['pw_txt_12'] = 'In recording the change, only one file is updated: either the active copy of OneFileCMS, or - if specified, an external configuration file.';
 $_['pw_txt_14'] = 'If an incorrect current password is entered, you will be logged out, but you may log back in.';
+
 $_['change_pw_01'] = 'Password changed!';
 $_['change_pw_02'] = 'Password NOT changed.';
 $_['change_pw_03'] = 'Incorrect current password. Login to try again.';
@@ -606,12 +638,15 @@ function Default_Language() { // ***********************************************
 $_['change_pw_05'] = 'Updating';
 $_['change_pw_06'] = 'external config file';
 $_['change_pw_07'] = 'All fields are required.';
+
 $_['change_un_01'] = 'Username changed!';
 $_['change_un_02'] = 'Username NOT changed.';
+
 $_['update_failed'] = 'Update failed - could not save file.';
-$_['mcd_msg_01'] = 'file(s) and/or folder(s) moved.'; //#####
-$_['mcd_msg_02'] = 'file(s) and/or folder(s) copied.'; //#####
-$_['mcd_msg_03'] = 'file(s) and/or folder(s) deleted.'; //#####
+
+$_['mcd_msg_01'] = 'file(s) and/or folder(s) moved.';
+$_['mcd_msg_02'] = 'file(s) and/or folder(s) copied.';
+$_['mcd_msg_03'] = 'file(s) and/or folder(s) deleted.';
 }//end Default_Language() //****************************************************
 
 
@@ -1830,9 +1865,9 @@ function Login_Page() {//*******************************************************
 
 	<h2><?php echo hsc($_['Log_In']) ?></h2>
 	<form method="post" id="login_form" name="login_form" action="<?php echo $ONESCRIPT; ?>">
-		<label for ="username"><?php echo hsc($_['login_txt_01']) ?></label>
+		<label for ="username"><?php echo hsc($_['Username']) ?>:</label>
 		<input name="username" type="text"     id="username">
-		<label for ="password"><?php echo hsc($_['login_txt_02']) ?></label>
+		<label for ="password"><?php echo hsc($_['Password']) ?>:</label>
 		<input name="password" type="password" id="password">
 		<input type="button"  class="button"   id="login" value="<?php echo hsc($_['Enter']) ?>">
 	</form>
@@ -3351,7 +3386,7 @@ function on_Tab_down(ID, FR, shifted) { //****************************
 		var tag_count    = all_tags.length;
 		var tabindex_IDs = []; //Array of ID's of all tags with a tabindex, indexed by tabindex.
 		
-		//Create array of the ID's of all tags with a tabindex. (All tabable elements should have a tabindex set.)
+		//Create array of the ID's of all tags with a tabindex. (All tab-able elements should have a tabindex set.)
 		for (var x = 0; x < tag_count; x++) {
 			var ti = all_tags[x].tabIndex;
 			if (ti > 0) { tabindex_IDs[ti] = all_tags[x].id; }
@@ -3629,6 +3664,10 @@ function Assemble_Insert_row(IS_OFCMS, row, trow, href, f_or_f, filename, file_n
 	//While DIRECTORY_DATA, and the table rows created to list the data, are indexed from 0 (zero),
 	//the id's of files in the directory list are indexed from 1 (f1, f2...), as "../" is listed first with id=f0 (f-zero).
 	//The id's are used in Index_Page_events() "cursor" control.
+	//Note: Number of tab-able items per row affects both the (TABINDEX + 5) offset near end of Build_Directory(),
+	//		and the $TABINDEX calculation for the [Admin] link in footer.
+	//		There are currently 6 tab-able items per (file) row:  [m] [c] [d] [x] [sogw]   [file name]
+	//		[m][c][d][x][sogw] tabindexes are set below.  [filename]'s tabinex is set in Build_Directory().
 	row++;
 
 	//[Move] [Copy] [Delete]  [x]
@@ -3709,7 +3748,7 @@ function Build_Directory() {//****************************************
 		
 		var file_col = 5; //column of file names
 		
-		//For file, (TABINDEX + 5) to account for [m][c][d][x][perms] which are added in Assemble_Insert_Row()
+		//The (TABINDEX + 5) accounts for the [m][c][d][x][perms] links which are added in Assemble_Insert_Row().
 		var file_name  = '<a id=f'+(row + 1)+'c'+ file_col + ' tabindex='+ (TABINDEX + 5) +' href="' + href  + '"'; 
 			file_name += ' title="<?php echo hsc($_['Edit_View']) ?>: ' + hsc(filename) + '" >';
 			file_name += ICONS[filetype] + '&nbsp;' + hsc(filename) + DS + '</a>';
@@ -4380,7 +4419,7 @@ function hash($element_id) {
 	var $SALT = '<?php echo $SALT ?>';
 	var $PRE_ITERATIONS = <?php echo $PRE_ITERATIONS ?>; //$PRE_ITERATIONS also used in hashit()
 	if ($hash.length < 1) {$input.value = $hash; return;} //Don't hash nothing.
-	for ( $x=0; $x < $PRE_ITERATIONS; $x++ ) { $hash = hex_sha256($hash + $SALT); } ;
+	for ( $x=0; $x < $PRE_ITERATIONS; $x++ ) { $hash = hex_sha256($hash + $SALT); }
 	$input.value = $hash;
 }//end hash()
 </script>
@@ -4430,8 +4469,8 @@ function style_sheet() {//******************************************************
 
 pre { background: white; border: 1px solid #777; padding: .2em; margin: 0; }
 
-input[type="text"]     { width: 100%; border: 1px solid #777; padding: 1px 1px 1px 0; font : 1em Courier; }
-input[type="password"] { width: 100%; border: 1px solid #777; padding: 0   1px 0   0; }
+input[type="text"]     { width: 100%; border: 1px solid #777; padding: 1px; font : 1em Courier; }
+input[type="password"] { width: 100%; border: 1px solid #777; padding: 1px 1px 0px 1px; }
 input[type="file"]     { width: 100%; border: 1px solid #777; background-color: white; margin: 0; }
 input[type="radio"]    { margin: 0 1px 2px 3px; vertical-align: middle; cursor : pointer; }
 
@@ -5083,10 +5122,12 @@ function Load_style_sheet() {//*************************************************
 	echo "<span id=timer0  class='timer timeout'></span>";
 	echo "<span class=timeout>".hsc($_['time_out_txt'])."</span>";
 
-	//Adjust tabindex to account for [m][c][d][x] and file names in directory list.
-	//(Directory list created via js, so $TAB_INDEX is also passed to, and handled by, js at that point.)
-	if (isset($DIRECTORY_COUNT)) {$TAB_INDEX = "tabindex=".($TABINDEX + ($DIRECTORY_COUNT * 5));}
-	else                         {$TAB_INDEX = ""; }
+	//Adjust $TABINDEX to account for contents of directory list (created by Assemble_Insert_row()).
+	//Directory list is created client-side by js, so tabindex is incremented by the js at that point.
+	//Each row in directory list (with a filename) has 6 tab-able/focusable items:
+	//	[m] [c] [d] [x] [sogw]   [file name]
+	if (isset($DIRECTORY_COUNT)) { $TAB_INDEX = "tabindex=".($TABINDEX + ($DIRECTORY_COUNT * 6)); }
+	else 						 { $TAB_INDEX = ""; }
 
 	//Admin link
 	if ( ($_SESSION['admin_page'] === false) ) {

From fca8a03126b34dd777882d5b29dba369f970eb01 Mon Sep 17 00:00:00 2001
From: Self-Evident <selfevidenttruths@mail.com>
Date: Wed, 20 Sep 2017 18:00:00 -0400
Subject: [PATCH 214/228] Version 3.6.03

Removed Rename/Delete/Edit options for readonly files.
  (previously would simple have generated an error.)
Some more prep for eventual option to edit file perms.
Some improvement to cursor control feedback (bg colors) handling.
(evidently I just discovered onblur & onfocus)
Removed $_['edit_txt_04'] (not used)
Added $_['edit_txt_05']
---
 languages/OneFileCMS.LANG.DE.php |   4 +-
 languages/OneFileCMS.LANG.EN.php |   5 +-
 languages/OneFileCMS.LANG.ES.php |   4 +-
 languages/OneFileCMS.LANG.NL.php |   4 +-
 languages/OneFileCMS.LANG.RU.php |   4 +-
 onefilecms.php                   | 157 +++++++++++++++++++++----------
 6 files changed, 120 insertions(+), 58 deletions(-)

diff --git a/languages/OneFileCMS.LANG.DE.php b/languages/OneFileCMS.LANG.DE.php
index 071fecb..db8a960 100755
--- a/languages/OneFileCMS.LANG.DE.php
+++ b/languages/OneFileCMS.LANG.DE.php
@@ -1,5 +1,5 @@
 <?php
-// OneFileCMS Language Settings v3.6.02
+// OneFileCMS Language Settings v3.6.03
 
 $_['LANGUAGE'] = 'Deutsch';
 $_['LANG'] = 'DE';
@@ -145,7 +145,7 @@
 $_['edit_txt_01'] = 'Unbekannter Dateityp oder keine Textdatei. Bearbeitungsmöglichkeit ausgeschalten.';
 $_['edit_txt_02'] = 'Die Datei enthält möglicherweise ungültige Zeichen. Der Bearbeitungs- und Betrachtungsmodus wurde gesperrt.';
 $_['edit_txt_03'] = 'htmlspecialchars() gab eine leere Zeichenkette zurück.';
-$_['edit_txt_04'] = 'Das Verhalten kann je nach verwendeter PHP-Version unterschiedlich sein.';
+$_['edit_txt_05'] = 'Datei ist readonly.';
 
 $_['too_large_to_edit_01'] = 'Bearbeiten deaktiviert. Dateigröße >';
 $_['too_large_to_edit_02'] = 'Einige Browser (wie zum Beispiel der Internet Explorer) bleiben stecken oder werden instabil, sobald größere Textmengen in einer HTML <textarea> bearbeitet werden.';
diff --git a/languages/OneFileCMS.LANG.EN.php b/languages/OneFileCMS.LANG.EN.php
index af9ecd3..e42c18a 100755
--- a/languages/OneFileCMS.LANG.EN.php
+++ b/languages/OneFileCMS.LANG.EN.php
@@ -1,5 +1,5 @@
 <?php
-// OneFileCMS Language Settings v3.6.02
+// OneFileCMS Language Settings v3.6.03
 
 $_['LANGUAGE'] = 'English';
 $_['LANG'] = 'EN';
@@ -145,7 +145,7 @@
 $_['edit_txt_01'] = 'Non-text or unkown file type. Edit disabled.';
 $_['edit_txt_02'] = 'File possibly contains an invalid character. Edit and view disabled.';
 $_['edit_txt_03'] = 'htmlspecialchars() returned an empty string from what may be an otherwise valid file.';
-$_['edit_txt_04'] = 'This behavior can be inconsistant from version to version of php.';
+$_['edit_txt_05'] = 'File is readonly.'; //## NT ## as of 3.6.03
 
 $_['too_large_to_edit_01'] = 'Edit disabled. Filesize >';
 $_['too_large_to_edit_02'] = 'Some browsers (ie: IE) bog down or become unstable while editing a large file in an HTML <textarea>.';
@@ -264,3 +264,4 @@
 $_['mcd_msg_01'] = 'file(s) and/or folder(s) moved.';
 $_['mcd_msg_02'] = 'file(s) and/or folder(s) copied.';
 $_['mcd_msg_03'] = 'file(s) and/or folder(s) deleted.';
+
diff --git a/languages/OneFileCMS.LANG.ES.php b/languages/OneFileCMS.LANG.ES.php
index 49e2795..0686de7 100755
--- a/languages/OneFileCMS.LANG.ES.php
+++ b/languages/OneFileCMS.LANG.ES.php
@@ -1,5 +1,5 @@
 <?php
-// OneFileCMS Language Settings v3.6.02
+// OneFileCMS Language Settings v3.6.03
 
 $_['LANGUAGE'] = 'Espanõla';
 $_['LANG'] = 'ES';
@@ -145,7 +145,7 @@
 $_['edit_txt_01'] = 'No texto o tipo de archivo desconocido. Edición deshabilitada.';
 $_['edit_txt_02'] = 'El archivo posiblemente contiene un caracter desconocido. Edición deshabilitada.';
 $_['edit_txt_03'] = 'htmlspecialchars() devolvió una cadena vacía de lo que debería ser un archivo válido.';
-$_['edit_txt_04'] = 'Este comportamiento puede ser inconsistente de versión a versión de PHP.';
+$_['edit_txt_05'] = 'El archivo es de sólo lectura.';
 
 $_['too_large_to_edit_01'] = 'Edición deshabilita. Tamaño >';
 $_['too_large_to_edit_02'] = 'Algunos navegadores (por ej.: IE) se vuelven inestables cuando se edita un texto largo dentro de un <textarea>.';
diff --git a/languages/OneFileCMS.LANG.NL.php b/languages/OneFileCMS.LANG.NL.php
index 3aead95..3f0ac00 100755
--- a/languages/OneFileCMS.LANG.NL.php
+++ b/languages/OneFileCMS.LANG.NL.php
@@ -1,5 +1,5 @@
 <?php
-// OneFileCMS Language Settings v3.6.02
+// OneFileCMS Language Settings v3.6.03
 
 $_['LANGUAGE'] = 'Nederlands (Dutch)';
 $_['LANG'] = 'NL';
@@ -145,7 +145,7 @@
 $_['edit_txt_01'] = 'Non-tekst of onbekend bestandstype. Bewerken uitgeschakeld.';
 $_['edit_txt_02'] = 'Bestand bevat mogelijk een ongeldig teken. Bewerken en weergeven uitgeschakeld.';
 $_['edit_txt_03'] = 'htmlspecialchars() heeft een lege string teruggegeven van wat normaalgesproken een valide bestand is.';
-$_['edit_txt_04'] = 'Dit gedrag kan per versie van PHP verschillen.';
+$_['edit_txt_05'] = 'Bestand is alleen-lezen.';
 
 $_['too_large_to_edit_01'] = 'Bewerken uitgeschakeld. Bestandsgrootte >';
 $_['too_large_to_edit_02'] = 'Sommige browsers (bijv. Internet Explorer) lopen vast of worden onstabiel bij het bewerken van een groot bestand in een <textarea>.';
diff --git a/languages/OneFileCMS.LANG.RU.php b/languages/OneFileCMS.LANG.RU.php
index 34b34b7..ddb1a05 100755
--- a/languages/OneFileCMS.LANG.RU.php
+++ b/languages/OneFileCMS.LANG.RU.php
@@ -1,5 +1,5 @@
 <?php
-// OneFileCMS Language Settings v3.6.02
+// OneFileCMS Language Settings v3.6.03
 
 $_['LANGUAGE'] = 'Russian';
 $_['LANG'] = 'RU';
@@ -145,7 +145,7 @@
 $_['edit_txt_01'] = 'Неизвестный текст или неизвестный тип файла. Редактирование невозможно.';
 $_['edit_txt_02'] = 'Возможно файл содержит недопустимый символ. Редактирование и Просмотр невозможны.';
 $_['edit_txt_03'] = 'htmlspecialchars() возвращает к предыдущим обновлениям файла.';
-$_['edit_txt_04'] = 'Это поведение зависит от версии вашего PHP.';
+$_['edit_txt_05'] = 'Файл только для чтения.';
 
 $_['too_large_to_edit_01'] = 'Редактирование невозожно. Размер файла >';
 $_['too_large_to_edit_02'] = 'В некоторых браузерах, таких как (ie: IE) неустойчивое редактирование HTML кода в файлах большого размера <textarea>.';
diff --git a/onefilecms.php b/onefilecms.php
index 90273b2..65c4ac9 100755
--- a/onefilecms.php
+++ b/onefilecms.php
@@ -2,7 +2,7 @@
 
 // OneFileCMS - github.com/Self-Evident/OneFileCMS
 
-$OFCMS_version = '3.6.02';
+$OFCMS_version = '3.6.03';
 
 
 
@@ -25,7 +25,7 @@
 if (is_dir($user_tmp_path)) {							//check for a user based tmp directory.
 	session_save_path($user_tmp_path);
 } else {
-	$MESSAGE .= '<span class="filename">'.__LINE__.') session_save_path: &nbsp; <b>"'.ini_get('session.save_path').'"</b></span><br>'; //##### 
+	$MESSAGE .= '<span class="filename">'.__LINE__.') session_save_path: &nbsp; <b>"'.ini_get('session.save_path').'"</b></span><br>';
 }
 //******************************************************************************
 
@@ -382,7 +382,7 @@ function System_Setup() {//*****************************************************
 
 function Default_Language() { // ***********************************************
 	global $_;
-// OneFileCMS Language Settings v3.6.02  (Not always in sync with OFCMS version#, if no changes to displayed wording.)
+// OneFileCMS Language Settings v3.6.03  (Not always in sync with OFCMS version#, if no changes to displayed wording.)
 
 $_['LANGUAGE'] = 'English';
 $_['LANG'] = 'EN';
@@ -529,6 +529,7 @@ function Default_Language() { // ***********************************************
 $_['edit_txt_02'] = 'File possibly contains an invalid character. Edit and view disabled.';
 $_['edit_txt_03'] = 'htmlspecialchars() returned an empty string from what may be an otherwise valid file.';
 $_['edit_txt_04'] = 'This behavior can be inconsistant from version to version of php.';
+$_['edit_txt_05'] = 'File is readonly.'; //## NT ## as of 3.6.03
 
 $_['too_large_to_edit_01'] = 'Edit disabled. Filesize >';
 $_['too_large_to_edit_02'] = 'Some browsers (ie: IE) bog down or become unstable while editing a large file in an HTML <textarea>.';
@@ -2225,8 +2226,8 @@ function Edit_Page_buttons_top($text_editable,$file_ENC) {//********************
 
 
 
-function Edit_Page_buttons($text_editable, $too_large_to_edit) {//**************
-	global $_, $MESSAGE, $ICONS, $MAX_IDLE_TIME, $IS_OFCMS, $WYSIWYG_VALID, $EDIT_WYSIWYG;
+function Edit_Page_buttons($text_editable, $too_large_to_edit, $writable) {//***
+	global $_, $MESSAGE, $ICONS, $MAX_IDLE_TIME, $IS_OFCMS, $WYSIWYG_VALID, $EDIT_WYSIWYG, $filename_OS;
 
 	//Using ckeditor WYSIWYG editor, <input type=reset> button doesn't work. (I don't know why.)
 	$reset_button = '<input type=reset  id="reset" class=button value="'.hsc($_['reset']).'" onclick="return Reset_File();">';
@@ -2234,7 +2235,7 @@ function Edit_Page_buttons($text_editable, $too_large_to_edit) {//**************
 
 	echo '<div class="edit_btns_bottom">';
 		
-		if ($text_editable && !$too_large_to_edit && !$IS_OFCMS) { //Show save & reset only if editable file
+		if ($text_editable && !$too_large_to_edit && !$IS_OFCMS && $writable) { //Show save & reset only if editable file
 			echo '<span id=timer1  class="timer"></span>';
 			echo '<button type="submit" class="button" id="save_file">'.hsc($_['save_1']).'</button>'; //Submit Button
 			echo $reset_button;
@@ -2246,9 +2247,9 @@ function RCD_button($action, $icon, $label) {//***************
 		}//end RCD_button() //****************************************
 		
 		//Don't show [Rename] or [Delete] if viewing OneFileCMS itself.
-		if (!$IS_OFCMS)      { RCD_button('renamefile', 'ren_mov', $_['Ren_Move']); }
-		/*Always show Copy*/ { RCD_button('copyfile'  , 'copy'   , $_['Copy']); }
-		if (!$IS_OFCMS)      { RCD_button('deletefile', 'delete' , $_['Delete']); }
+		if (!$IS_OFCMS && $writable) { RCD_button('renamefile', 'ren_mov', $_['Ren_Move']); }
+		/***  Always show Copy  ***/ { RCD_button('copyfile'  , 'copy'   , $_['Copy']); }
+		if (!$IS_OFCMS && $writable) { RCD_button('deletefile', 'delete' , $_['Delete']); }
 		
 	echo '</div>';
 
@@ -2270,8 +2271,6 @@ function Edit_Page_form($ext, $text_editable, $too_large_to_edit, $too_large_to_
 		}
 	}
 
-
-
 	$too_large_to_edit_message =
 		'<b>'.hsc($_['too_large_to_edit_01']).' '.number_format($MAX_EDIT_SIZE).' '.hsc($_['bytes']).'</b><br>'.
 		hsc($_['too_large_to_edit_02']).'<br>'.hsc($_['too_large_to_edit_03']).'<br>'.hsc($_['too_large_to_edit_04']);
@@ -2280,6 +2279,11 @@ function Edit_Page_form($ext, $text_editable, $too_large_to_edit, $too_large_to_
 		'<b>'.hsc($_['too_large_to_view_01']).' '.number_format($MAX_VIEW_SIZE).' '.hsc($_['bytes']).'</b><br>'.
 		hsc($_['too_large_to_view_02']).'<br>'.hsc($_['too_large_to_view_03']).'<br>';
 
+	$writable = (fileperms($filename_OS) & 0200)/0200;
+	$file_perms = decoct(fileperms($filename_OS) & 07777);
+
+	if (!$writable) { $MESSAGE .= $file_perms." : ".$_['edit_txt_05']." ".$_['edit_txt_00']."<br>"; }
+
 	echo "\n".'<form id=edit_form name=edit_form method=post action="'.$ONESCRIPT.$param1.$param2.$param3.'">'."\n";
 		
 		echo $INPUT_NUONCE;
@@ -2296,11 +2300,11 @@ function Edit_Page_form($ext, $text_editable, $too_large_to_edit, $too_large_to_
 				echo '<p class="message_box_contents">'.$too_large_to_view_message.'</p>';
 			} else {
 				
-				if ($IS_OFCMS || $too_large_to_edit) {$readonly = "readonly";} else {$readonly = "";}
+				if ($IS_OFCMS || $too_large_to_edit || !$writable) {$readonly = "readonly";} else {$readonly = "";}
 				
 				if ( $too_large_to_edit ) { $MESSAGE .= $too_large_to_edit_message; }
 				
-				if ($bad_chars){ //Show message: may be a bad character in file
+				if ($bad_chars){ //Show message: possible bad character in file
 					echo '<pre class="edit_disabled">'.$EX.hsc($_['edit_txt_02']).'<br>';
 					echo hsc($_['edit_txt_03']).'<br>';
 					echo hsc($_['edit_txt_04']).'<br></pre>'."\n";
@@ -2324,12 +2328,12 @@ function Edit_Page_form($ext, $text_editable, $too_large_to_edit, $too_large_to_
 			
 		}//end if non-image
 		
-		Edit_Page_buttons($text_editable, $too_large_to_edit);
+		Edit_Page_buttons($text_editable, $too_large_to_edit, $writable);
 	echo "\n</form>\n";
 
 	Edit_Page_scripts();
 
-	if ( !$IS_OFCMS && $text_editable && !$too_large_to_edit && !$bad_chars ) {Edit_Page_Notes();}
+	if ( !$IS_OFCMS && $text_editable && !$too_large_to_edit && !$bad_chars && $writable) {Edit_Page_Notes();}
 }//end Edit_Page_form() //******************************************************
 
 
@@ -3285,7 +3289,7 @@ function on_Tab_down(ID, FR, shifted) { //****************************
 	var perms = "f" + FR + "c4" //permisions
 	var ckbox = "f" + FR + "c3" //[ ] Checkbox
 	var del   = "f" + FR + "c2" //(x) Delete
-
+	
 	var ck_box = E(ckbox);
 	var highlight1 = "rgb(255,250,150)";
 	var highlight2 = "rgb(255,240,140)";
@@ -3339,7 +3343,7 @@ function on_Tab_down(ID, FR, shifted) { //****************************
 	if ((key != AU) && (key != AD) && (key != AL) && (key != AR) && (key != PU) && (key != PD) && 
 		(key != HOME) && (key != END) && (key != ESC) && (key != TAB) && (key != ENTER)) { return }
 
-	//File Rows. For these events, "../" is 0, and files are indexed 1 to DIRECTORY_ITEMS.
+	//File Rows. For these events, "../" is 0, and files are indexed from 1 to DIRECTORY_ITEMS.
 	var FROWS     = DIRECTORY_ITEMS;
 	var FILENAME_COL = 5;
 	var LAST_FILE = "f" + FROWS + "c" + FILENAME_COL;
@@ -3553,6 +3557,35 @@ function Index_Page_scripts() {//***********************************************
 
 
 
+function Octal_Input_Only(e) { //*************************************
+	//Restrict input to digits & a few special keys.
+
+	//##### This function works on desktops, but inhibits number inputs on android / Samsung Galaxy S III mini. //#####
+	//##### return;
+
+	function Stop_Prop(event) { event.stopPropagation() }
+
+	//Normalize the event (e) codes...
+	if (!e) {var e = window.event;} //for IE
+	var e_code = e.which || e.keyCode || e.charCode;
+
+	//Allow:
+	if (e.ctrlKey || e.altKey) 				{ Stop_Prop(e); return; } //control & alt keys
+	if ((e_code == 8) || (e_code ==  13))   { Stop_Prop(e); return; } //backspace, enter
+	if ((e_code >=  35) && (e_code <=  37) || (e_code == 39)) { Stop_Prop(e); return; } //end, home, <- -> arrows
+	if ((e_code >=  45) && (e_code <=  55)) { Stop_Prop(e); return; } //insert, delete, keyboard top row numbers 0-7
+	if ((e_code >=  96) && (e_code <= 103)) { Stop_Prop(e); return; } //keypad numbers 0-7
+	
+	//Prevent everything else, except tab
+	if (e_code != 9) { //tab
+		e.preventDefault ? e.preventDefault() : (e.returnValue = false);
+		return false;
+	}
+}//end Octal_Input_Only() //******************************************
+
+
+
+
 function Sort_Folders_First() {//*************************************
 
 	//DIRECTORY_DATA[x] = ("type", "file name", filesize, timestamp, is_ofcms)	
@@ -3664,54 +3697,80 @@ function Assemble_Insert_row(IS_OFCMS, row, trow, href, f_or_f, filename, file_n
 	//While DIRECTORY_DATA, and the table rows created to list the data, are indexed from 0 (zero),
 	//the id's of files in the directory list are indexed from 1 (f1, f2...), as "../" is listed first with id=f0 (f-zero).
 	//The id's are used in Index_Page_events() "cursor" control.
-	//Note: Number of tab-able items per row affects both the (TABINDEX + 5) offset near end of Build_Directory(),
-	//		and the $TABINDEX calculation for the [Admin] link in footer.
-	//		There are currently 6 tab-able items per (file) row:  [m] [c] [d] [x] [sogw]   [file name]
+	//Note: Number of tab-able items per row affects the (TABINDEX + 5) offset near end of Build_Directory(),
+	//		the $TABINDEX calculation for the [Admin] link in page footer, and on_Tab_down().
+	//		There are currently 6 tab-able items per (file) row:  [m] [c] [d] [x] [sogw] [file name]
 	//		[m][c][d][x][sogw] tabindexes are set below.  [filename]'s tabinex is set in Build_Directory().
+	
 	row++;
 
-	//[Move] [Copy] [Delete]  [x]
+	//[Move] [Copy] [Delete] [x] [perms]
 	var ren_mov  = copy = del = checkbox = perms = cells = '';
 
-	//Assemble [move] [copy] [delete] [x]   ([copy] is always available)
+	var ren_id   = 'f' + row + 'c0';
+	var copy_id  = 'f' + row + 'c1';
+	var del_id	 = 'f' + row + 'c2';
+	var ckbox_id = 'f' + row + 'c3';
+	var perms_id = 'f' + row + 'c4';
+
+	var sogw = DIRECTORY_DATA[row - 1][6] + ""; //File permissions (suid sgid sticky)(owner)(group)(world)
+	sogw = parseInt(sogw,8);
+	var writable = (sogw & 0o200)/0o0200;  //Only check file owner write bit.
+
+	//Assemble [move] [copy] [delete] [x] [perms]  ([copy] & [perms] are always available)
+	//[move], [delete], and [x] are not available for OFCMS or readonly files.
 	//The empty <a>'s are to accommodate keyboard nav via onkeydown() in Index_Page_events()...
-	if (!IS_OFCMS) {
-		ren_mov  = '<a id=f' + row + 'c0 tabindex='+ (TABINDEX++) +' class=MCD href="';
-		ren_mov += href + '&amp;p=rename' + f_or_f + '" ';
-		ren_mov += 'title="<?php echo hsc($_['Ren_Move']) ?>">' + ICONS['ren_mov'] + '</a>';
+
+	if (IS_OFCMS || !writable) { //[Move] not available
+		ren_mov  = '<a id=' + ren_id + ' tabindex='+ (TABINDEX++) +'>&nbsp;</a>'
 	}
 	else {
-		ren_mov  = '<a id=f' + row + 'c0 tabindex='+ (TABINDEX++) +'>&nbsp;</a>'
+		ren_mov  = '<a id=' + ren_id + ' tabindex='+ (TABINDEX++) +' class=MCD href="';
+		ren_mov += href + '&amp;p=rename' + f_or_f + '" ';
+		ren_mov += 'title="<?php echo hsc($_['Ren_Move']) ?>">' + ICONS['ren_mov'] + '</a>';
 	}
 
-	copy  = '<a id=f' + row + 'c1 tabindex='+ (TABINDEX++) +' class=MCD href="' + href + '&amp;p=copy'   + f_or_f;
+	copy  = '<a id=' + copy_id + ' tabindex='+ (TABINDEX++) +' class=MCD href="' + href + '&amp;p=copy'   + f_or_f;
 	copy += '" title="<?php echo hsc($_['Copy'])     ?>">' + ICONS['copy']    + '</a>';
 
-	if (!IS_OFCMS) {
-		del       = '<a id=f' + row + 'c2 tabindex='+ (TABINDEX++) +' class=MCD href="' + href + '&amp;p=delete' + f_or_f;
-		del		 += '" title="<?php echo hsc($_['Delete'])   ?>">' + ICONS['delete']  + '</a>';
-		checkbox  = '<div class=ckbox><INPUT id=f' + row + 'c3 tabindex='+ (TABINDEX++);
-		checkbox += ' TYPE=checkbox class=select_file NAME="files[]"  VALUE="'+ hsc(filename) +'"></div>';
-		perms	  = '<input id=f' + row + 'c4 class=perms tabindex=' + (TABINDEX++) ;
-		perms	 += ' value="' + DIRECTORY_DATA[row - 1][6]+ '" maxlength=4 readonly>'; //##### readonly for now
+	if (IS_OFCMS || !writable) { //[delete] & [checkbox] are not available
+		del      = '<a id=' + del_id + '   tabindex='+ (TABINDEX++) +'>&nbsp;</a>'
+		checkbox = '<a id=' + ckbox_id + ' tabindex='+ (TABINDEX++) +'>&nbsp;</a>'
 	}
 	else {
-		del      = '<a id=f' + row + 'c2 tabindex='+ (TABINDEX++) +'>&nbsp;</a>'
-		checkbox = '<a id=f' + row + 'c3 tabindex='+ (TABINDEX++) +'>&nbsp;</a>'
-		perms	 = '<a id=f' + row + 'c4 tabindex='+ (TABINDEX++) +'>' + DIRECTORY_DATA[row - 1][6] + '</a>'
+		del       = '<a id=' + del_id + ' tabindex='+ (TABINDEX++) +' class=MCD href="' + href + '&amp;p=delete' + f_or_f;
+		del		 += '" title="<?php echo hsc($_['Delete'])   ?>">' + ICONS['delete']  + '</a>';
+		checkbox  = '<div class=ckbox><INPUT id=' + ckbox_id + ' tabindex='+ (TABINDEX++);
+		checkbox += ' TYPE=checkbox class=select_file NAME="files[]"  VALUE="'+ hsc(filename) +'"></div>';
 	}
 
+	perms  = '<input id=' + perms_id + ' class=perms tabindex=' + (TABINDEX++) ;
+	perms += ' value="' + DIRECTORY_DATA[row - 1][6]+ '" maxlength=4 readonly>'; //##### readonly for now
+
+
 	//fill the <td>'s
-	var c=0;
 	cells = trow.cells;
-	cells[c++].innerHTML = ren_mov;
-	cells[c++].innerHTML = copy;
-	cells[c++].innerHTML = del;
-	cells[c++].innerHTML = checkbox;
-	cells[c++].innerHTML = perms;
-	cells[c++].innerHTML = file_name;
-	cells[c++].innerHTML = file_size;
-	cells[c++].innerHTML = file_time;
+	cells[0].innerHTML = ren_mov;
+	cells[1].innerHTML = copy;
+	cells[2].innerHTML = del;
+	cells[3].innerHTML = checkbox;
+	cells[4].innerHTML = perms;
+	cells[5].innerHTML = file_name;
+	cells[6].innerHTML = file_size;
+	cells[7].innerHTML = file_time;
+
+
+	E(ckbox_id).onblur    = function() { E(ckbox_id).parentNode.style.backgroundColor = ""; }
+	E(perms_id).onfocus   = function(event) { this.prior_value = this.value; }
+	E(perms_id).onkeydown = function(event) { Octal_Input_Only(event); } //##### Not actually used yet as still readonly above.
+	E(perms_id).onchange  = function(event) {
+		
+		this.value = this.prior_value; //##### Will be used in future if there's an input error.
+		return; //##### just not yet...
+		
+		//##### NEED LANGUAGE $_[] values...
+		Display_Messages('Permissions updated: ' + this.value + ' for "' + filename + '"');
+	}
 
 }//end Assemble_Insert_row() //***************************************
 
@@ -5105,7 +5164,6 @@ function Load_style_sheet() {//*************************************************
 if ($_SESSION['valid']) { echo '<div id=main >'; }
 else                    { echo '<div id=login_page>'; }
 
-
 Page_Header();
 
 if ($_SESSION['valid'] && $Show_Path) { Current_Path_Header(); }
@@ -5138,6 +5196,9 @@ function Load_style_sheet() {//*************************************************
 echo "\n</div>\n"; //end main/login_page
 echo "</html>\n";  //***********************************************************
 
+
+
+
 if ( ($page == "edit") && $WYSIWYG_VALID && $EDIT_WYSIWYG ) { include($WYSIWYG_PLUGIN_OS); }
 
 //Display any $MESSAGE's

From addbe0414e8c37ce6e34438015fda029dc60fcea Mon Sep 17 00:00:00 2001
From: Self-Evident <selfevidenttruths@mail.com>
Date: Wed, 20 Sep 2017 23:17:00 -0400
Subject: [PATCH 215/228] Version 3.6.04

ckbox bgcolors for focus & blur are now handled by onfocus & onblur events.
(Instead of the other method - a convoluted buckshot of code...)
Removed a few one-time use vars of elements since E('element_id') is almost as short.
(As opposed to document.getElementById('element_id')...)
---
 onefilecms.php | 136 +++++++++++++------------------------------------
 1 file changed, 36 insertions(+), 100 deletions(-)

diff --git a/onefilecms.php b/onefilecms.php
index 65c4ac9..df92027 100755
--- a/onefilecms.php
+++ b/onefilecms.php
@@ -2,7 +2,7 @@
 
 // OneFileCMS - github.com/Self-Evident/OneFileCMS
 
-$OFCMS_version = '3.6.03';
+$OFCMS_version = '3.6.04';
 
 
 
@@ -529,7 +529,7 @@ function Default_Language() { // ***********************************************
 $_['edit_txt_02'] = 'File possibly contains an invalid character. Edit and view disabled.';
 $_['edit_txt_03'] = 'htmlspecialchars() returned an empty string from what may be an otherwise valid file.';
 $_['edit_txt_04'] = 'This behavior can be inconsistant from version to version of php.';
-$_['edit_txt_05'] = 'File is readonly.'; //## NT ## as of 3.6.03
+$_['edit_txt_05'] = 'File is readonly.';
 
 $_['too_large_to_edit_01'] = 'Edit disabled. Filesize >';
 $_['too_large_to_edit_02'] = 'Some browsers (ie: IE) bog down or become unstable while editing a large file in an HTML <textarea>.';
@@ -1972,7 +1972,7 @@ function Create_Table_for_Listing() {//*****************************************
 		</div>
 	</th>
 	
-	<th style="font-family: courier">sogw</th>
+	<th style="font-family: courier">sogw</th>  <!-- //##### move css to style sheet -->
 	
 	<th class=file_name>
 		<div id=ff_ckbox_div class=ckbox>
@@ -3231,13 +3231,7 @@ function Index_Page_events() {//************************************************
 var Copy_Button			= E('b2');
 var Delete_Button		= E('b3');
 
-var Select_All_ckbox	= E('select_all_ckbox');
-var Header_Sorttype		= E('header_sorttype');
-var Folders_First_Ckbox = E('folders_first_ckbox');
-var Header_Filename		= E('header_filename');
-var Header_Filesize		= E('header_filesize');
-var Header_Filedate		= E('header_filedate');
-
+var highlight1 = "rgb(255,250,150)";
 
 //These buttons aren't present if folder is empty...
 if (Move_Button)   { Move_Button.onclick   = function () {Confirm_Submit('move');}   }
@@ -3245,83 +3239,40 @@ function Index_Page_events() {//************************************************
 if (Delete_Button) { Delete_Button.onclick = function () {Confirm_Submit('delete');} }
 
 //Always present...
-Select_All_ckbox.onclick = function () {Select_All();}
-Folders_First_Ckbox.onclick = function () {Sort_and_Show(SORT_by, SORT_order); this.focus();}
-Header_Filename.onclick  = function () {Sort_and_Show(1, FLIP_IF); this.focus(); return false;}
-Header_Filesize.onclick  = function () {Sort_and_Show(2, FLIP_IF); this.focus(); return false;}
-Header_Filedate.onclick  = function () {Sort_and_Show(3, FLIP_IF); this.focus(); return false;}
-Header_Sorttype.onclick	 = function () {Sort_and_Show(5, FLIP_IF); this.focus(); return false;}
-
-
-Header_Filename.focus();
+E('select_all_ckbox').onclick = function () {Select_All();}
 
 
+E('select_all_ckbox').onfocus = function() {
+	E('select_all_ckbox').parentNode.style.backgroundColor = highlight1;
+	E('select_all_label').style.backgroundColor = highlight1;
+}
+E('select_all_ckbox').onblur = function() {
+	E('select_all_ckbox').parentNode.style.backgroundColor = "";
+	E('select_all_label').style.backgroundColor = "";
+}
 
-document.onmousedown = function (event) { //************************
-	//Mouse clicks may remove focus from focused elements, including checkboxes, 
-	//but do not clear the manual "highlight" of the parent div's & label's of checkbox's
 
-	//Clear parent div of a checkbox
-	var ID = document.activeElement.id;
-	if (document.activeElement.type == 'checkbox') {
-		E(ID).parentNode.style.backgroundColor = "";
-	}
+E('folders_first_ckbox').onfocus = function() {
+	E('folders_first_ckbox').parentNode.style.backgroundColor = highlight1;
+	E('folders_first_label').style.backgroundColor = highlight1;
+}
 
-	//Clear labels...  (don't check, just clear 'em)
-	E('select_all_label').style.backgroundColor = "";
+E('folders_first_ckbox').onblur = function() {
+	E('folders_first_ckbox').parentNode.style.backgroundColor = "";
 	E('folders_first_label').style.backgroundColor = "";
+}
 
-}//end onmousedown() //***********************************************
 
 
+E('folders_first_ckbox').onclick = function () {Sort_and_Show(SORT_by, SORT_order); this.focus();}
 
-function on_Tab_down(ID, FR, shifted) { //****************************
-	//Handle the background colors of checkboxes' parent <div>'s & <label>'s.
-	//(checkboxes generally don't have "background colors" as far as css goes...)
-	//Current checkbox already cleared by onkeydown().
+E('header_filename').onclick = function () {Sort_and_Show(1, FLIP_IF); this.focus(); return false;}
+E('header_filesize').onclick = function () {Sort_and_Show(2, FLIP_IF); this.focus(); return false;}
+E('header_filedate').onclick = function () {Sort_and_Show(3, FLIP_IF); this.focus(); return false;}
+E('header_sorttype').onclick = function () {Sort_and_Show(5, FLIP_IF); this.focus(); return false;}
 
-	//Prep for Tab key...
-	//Default tab action occurrs on keyUP, so "new" location is not known by onkeydown().
-	//So, if current focus is ck_box, clear bg, else if we're heading there, set bg.
-	//Tab from L, Current ID will be "f<FR>c2"
-	//Tab from R: Current ID is "f<FR>"
-	var fFR   = "f" + FR + "c5" //Filename
-	var perms = "f" + FR + "c4" //permisions
-	var ckbox = "f" + FR + "c3" //[ ] Checkbox
-	var del   = "f" + FR + "c2" //(x) Delete
-	
-	var ck_box = E(ckbox);
-	var highlight1 = "rgb(255,250,150)";
-	var highlight2 = "rgb(255,240,140)";
-
-	if      (!shifted)  { //just Tab
-		if      (ID == ckbox) { ck_box.parentNode.style.backgroundColor = "";}
-		else if (ID == del  ) { ck_box.parentNode.style.backgroundColor = highlight2; }
-		else if (ID == "b6" ) { //[New Folder]
-			E('select_all_ckbox').parentNode.style.backgroundColor = highlight1;
-			E('select_all_label').style.backgroundColor = highlight1;
-		}
-		else if (ID == "select_all_ckbox" ) {
-			E('select_all_label').style.backgroundColor = "";
-			E('folders_first_ckbox').parentNode.style.backgroundColor = highlight1;
-			E('folders_first_label').style.backgroundColor = highlight1;
-		}
-	}
-	else if (shifted)  { //Shift-Tab
-		if       (ID == ckbox){ ck_box.parentNode.style.backgroundColor = "";}
-		else if ((ID == perms) && (FR > 0) ) { ck_box.parentNode.style.backgroundColor = highlight2; }
-		else if  (ID == "header_filename")  {
-			E('folders_first_ckbox').parentNode.style.backgroundColor = highlight1;
-			E('folders_first_label').style.backgroundColor = highlight1;
-		}
-		else if (ID == "folders_first_ckbox") {
-			E('folders_first_label').style.backgroundColor = "";
-			E('select_all_ckbox').parentNode.style.backgroundColor = highlight1;
-			E('select_all_label').style.backgroundColor = highlight1;
-		}
-	}
-}//end on_Tab_down() { //*********************************************
 
+E('header_filename').focus();
 
 
 
@@ -3359,16 +3310,6 @@ function on_Tab_down(ID, FR, shifted) { //****************************
 	var FR = parseInt(ID.substr(1));      if (isNaN(FR) || (x_focus != "f")) {FR = -1;} //If not in file list...
 	var FC = parseInt(ID.split('c')[1]);  if (isNaN(FC)) {FC = -1;}
 
-	if(key != ENTER) { //(ignore if ENTER since focus doesn't change.)
-		
-		//If current ID/element is checkbox, clear bgcolor of parent div (ckboxes don't have background colors).
-		var is_ckbox = (document.activeElement.type == "checkbox");
-		if (is_ckbox) {E(ID).parentNode.style.backgroundColor = ""; }
-		
-		//Always clear these labels (simply losing focus() of their child checkboxes won't).
-		E('select_all_label').style.backgroundColor = "";
-		E('folders_first_label').style.backgroundColor = "";
-	}
 
 	//If no files in current folder, [Move][Copy][Delete] won't exist (id's b1 b2 b3). Use [New Folder] (id="b4").
 	if (E("b2")) {var button_row = "b2"} else {var button_row = "b4"}
@@ -3424,10 +3365,7 @@ function on_Tab_down(ID, FR, shifted) { //****************************
 		
 		return;
 	}
-	else if (key == TAB)  {
-		on_Tab_down(ID, FR, event.shiftKey);
-		return;
-	}
+	else if (key == TAB)  { return; }
 	else if (key == ESC)  { document.activeElement.blur();   return; }
 	else if (key == END)  { if (ID != LAST_FILE ) {ID = LAST_FILE; } }
 	else if (key == HOME) {	if (ID != FIRST_FILE) {ID = FIRST_FILE;} }
@@ -3514,11 +3452,6 @@ function on_Tab_down(ID, FR, shifted) { //****************************
 
 	E(ID).focus();
 
-	//If new ID/element is checkbox, set bgcolor of parent div & it's label (ckboxes don't have background colors).
-	if (document.activeElement.type == "checkbox") {E(ID).parentNode.style.backgroundColor = highlight2;}
-	if (ID == "select_all_ckbox")    {E('select_all_label').style.backgroundColor = highlight1;}
-	if (ID == "folders_first_ckbox") {E('folders_first_label').style.backgroundColor = highlight1;}
-
 	//Prevent default browser scrolling via arrow & Page keys, so focus()'d element stays visible/in view port.
 	//(A few exceptions skip this via a return in the above  if/else's.)
 	if ( (ID != 'path_0') || ((ID == 'path_0') && (key == AD)) || ((ID == 'path_0') && (key == PD))) {
@@ -3561,7 +3494,8 @@ function Octal_Input_Only(e) { //*************************************
 	//Restrict input to digits & a few special keys.
 
 	//##### This function works on desktops, but inhibits number inputs on android / Samsung Galaxy S III mini. //#####
-	//##### return;
+	//##### 
+	return; //##### Not actually needed yet... (as of 3.6.03)
 
 	function Stop_Prop(event) { event.stopPropagation() }
 
@@ -3632,7 +3566,7 @@ function sort_DIRECTORY(col, direction) {//***************************
 	if (typeof direction === 'undefined') { direction = ASCENDING }
 
 	//Filename ckboxes are cleared automatically on a resort, in Assemble_Insert_row(), so this needs cleared also.
-	Select_All_ckbox.checked = false;
+	E('select_all_ckbox').checked = false;
 
 	//If new sort column, sort ascending. (FLIP overides, but is not currently used.)
 	if ((col != SORT_by) && (direction != FLIP)) { direction = ASCENDING; SORT_by = col; } 
@@ -3698,7 +3632,7 @@ function Assemble_Insert_row(IS_OFCMS, row, trow, href, f_or_f, filename, file_n
 	//the id's of files in the directory list are indexed from 1 (f1, f2...), as "../" is listed first with id=f0 (f-zero).
 	//The id's are used in Index_Page_events() "cursor" control.
 	//Note: Number of tab-able items per row affects the (TABINDEX + 5) offset near end of Build_Directory(),
-	//		the $TABINDEX calculation for the [Admin] link in page footer, and on_Tab_down().
+	//		and the $TABINDEX calculation for the [Admin] link in page footer.
 	//		There are currently 6 tab-able items per (file) row:  [m] [c] [d] [x] [sogw] [file name]
 	//		[m][c][d][x][sogw] tabindexes are set below.  [filename]'s tabinex is set in Build_Directory().
 	
@@ -3759,13 +3693,15 @@ function Assemble_Insert_row(IS_OFCMS, row, trow, href, f_or_f, filename, file_n
 	cells[6].innerHTML = file_size;
 	cells[7].innerHTML = file_time;
 
-
+	//##### Abstract out bgcolors.  IE: add/remove a class instead of setting/clearing value directly. ##############
+	E(ckbox_id).onfocus   = function() { E(ckbox_id).parentNode.style.backgroundColor = "rgb(255,240,140)"; }
 	E(ckbox_id).onblur    = function() { E(ckbox_id).parentNode.style.backgroundColor = ""; }
+
 	E(perms_id).onfocus   = function(event) { this.prior_value = this.value; }
 	E(perms_id).onkeydown = function(event) { Octal_Input_Only(event); } //##### Not actually used yet as still readonly above.
 	E(perms_id).onchange  = function(event) {
-		
-		this.value = this.prior_value; //##### Will be used in future if there's an input error.
+
+		this.value = this.prior_value; //##### Will be used in future if there's an input error.		
 		return; //##### just not yet...
 		
 		//##### NEED LANGUAGE $_[] values...

From 25780d85188d7d985aa670c9bba852940e8d3887 Mon Sep 17 00:00:00 2001
From: Self-Evident <selfevidenttruths@mail.com>
Date: Sun, 24 Sep 2017 18:15:08 -0400
Subject: [PATCH 216/228] Version 3.6.05

On index page, changed from <form> name to id.  document.mcdselect => E('mcdselect')
Fixed a couple bugs in keyboard navigation when there's only one item in current diretory.
 - Couldn't "arrow up" when in the file row [M][C][D][x][perms] [Filename]
 - It was submitting on enter when on checkboxes.
---
 info/changelog.markdown | 17 ++++++++
 onefilecms.php          | 95 +++++++++++++++++------------------------
 2 files changed, 57 insertions(+), 55 deletions(-)

diff --git a/info/changelog.markdown b/info/changelog.markdown
index 64c9776..9a8805b 100755
--- a/info/changelog.markdown
+++ b/info/changelog.markdown
@@ -1,5 +1,22 @@
 # OneFileCMS Change Log
 
+### v3.6.05 (2017-09-24)
+
+- Fixed a couple bugs in keyboard navigation when there's only one item in current diretory.
+ (Couldn't "arrow up" when in the file row [M][C][D][x][perms] [Filename])
+ (It was submitting on enter when on checkboxes.)
+
+### v3.6.04 (2017-09-20)
+
+- A _little_ bit of code improvement/cleanup - using onfocus/blur in lieu of the prior scatter gun approach.
+
+
+### v3.6.03 (2017-09-20)
+
+- Removed Rename/Delete/Edit options for readonly files.
+  (previously would simple have generated an error.)
+- Some more prep work for eventual option to edit file perms.
+
 ### v3.6.02 (2017-09-18)
 
 - Fixed a minor bug with tabindex on directory listing page.
diff --git a/onefilecms.php b/onefilecms.php
index df92027..4bc872b 100755
--- a/onefilecms.php
+++ b/onefilecms.php
@@ -2,7 +2,7 @@
 
 // OneFileCMS - github.com/Self-Evident/OneFileCMS
 
-$OFCMS_version = '3.6.04';
+$OFCMS_version = '3.6.05';
 
 
 
@@ -734,6 +734,7 @@ function Verify_IDLE_POST_etc() {//*********************************************
 	$_SESSION['last_active_time'] = time();
 
 	//If POSTing, verify...
+	//##### NEED TO ACTUALLY CHECK IF HTTP POST (VS GET), THEN ALWAYS CHECK FOR NUONCE. #####
 	if ( isset($_POST['nuonce']) ) {
 		if ( $_POST['nuonce'] == $_SESSION['nuonce'] ) {
 			$VALID_POST = 1;
@@ -2149,7 +2150,7 @@ function Index_Page() {//*******************************************************
 	$file_count = Get_DIRECTORY_DATA($raw_list);
 
 	//<form> to contain directory, including buttons at top.
-	echo '<form method="post" name="mcdselect" action="'.$ONESCRIPT.$param1.'&amp;p=mcdaction">';
+	echo '<form method="post" id="mcdselect" action="'.$ONESCRIPT.$param1.'&amp;p=mcdaction">';
 	echo '<input type="hidden" name="mcdaction" value="">'; //along with $page, affects response
 
 	Index_Page_buttons_top($file_count);
@@ -2944,7 +2945,7 @@ function Load_Selected_Page() {//***********************************************
 		if ($_POST['mcdaction'] == 'copy')  { MCD_Page('mcd_cpy', $_['Copy_Files']); }
 		if ($_POST['mcdaction'] == 'delete'){ MCD_Page('mcd_del', $_['Del_Files'], 'verify_del'); }
 	}
-	else                             { Index_Page();          } //default if valid session.
+	else /* default if session valid */ { Index_Page(); }
 }//end Load_Selected_Page() //**************************************************
 
 
@@ -3025,7 +3026,6 @@ function Common_Scripts() {//***************************************************
 ?>
 
 <script>
-var D = document;
 function E(id) { return document.getElementById(id); }
 
 var $MESSAGE = "";
@@ -3037,12 +3037,14 @@ function pad(num){ if ( num < 10 ){ num = "0" + num; }; return num; }
 
 function hsc(text) {//************************************************
 	//A basic htmlspecialchars()
+
+	text = text.replace(/&/g, "&amp;");
+	text = text.replace(/</g, "&lt;");
+	text = text.replace(/>/g, "&gt;");
+	text = text.replace(/"/g, "&quot;");
+	text = text.replace(/'/g, "&#039;");
+
 	return text
-      .replace(/&/g, "&amp;")
-      .replace(/</g, "&lt;")
-      .replace(/>/g, "&gt;")
-      .replace(/"/g, "&quot;")
-      .replace(/'/g, "&#039;");
 }//end hsc() //*******************************************************
 
 
@@ -3233,6 +3235,8 @@ function Index_Page_events() {//************************************************
 
 var highlight1 = "rgb(255,250,150)";
 
+E('header_filename').focus();
+
 //These buttons aren't present if folder is empty...
 if (Move_Button)   { Move_Button.onclick   = function () {Confirm_Submit('move');}   }
 if (Copy_Button)   { Copy_Button.onclick   = function () {Confirm_Submit('copy');}   }
@@ -3272,10 +3276,6 @@ function Index_Page_events() {//************************************************
 E('header_sorttype').onclick = function () {Sort_and_Show(5, FLIP_IF); this.focus(); return false;}
 
 
-E('header_filename').focus();
-
-
-
 E("main").onkeydown = function(event) { //*****************************
 	//Control cursor keys to navigate index page. (Arrows, Page, Home, End)
 
@@ -3352,23 +3352,32 @@ function Index_Page_events() {//************************************************
 	if (key == ENTER) {	
 		
 		if (ID == "select_all_ckbox") {
-			document.mcdselect.select_all.checked = !document.mcdselect.select_all.checked
+			E('mcdselect').select_all.checked = !E('mcdselect').select_all.checked
 			Select_All();
 		}
 		else if (ID == "folders_first_ckbox") {
-			document.mcdselect.folders_first_ckbox.checked = !document.mcdselect.folders_first_ckbox.checked;
+			E('folders_first_ckbox').checked = !E('folders_first_ckbox').checked;
 			Sort_and_Show(SORT_by, SORT_order);
 		}
 		else if (FC == 3) {  //Is focus on a checkbox next to a file name?
 			E(ID).checked = !E(ID).checked;
 		}
+
+		//Prevent the hair-pulling "implicit submit on enter" that only occurs sometimes.
+		//Specifically, here, if there's only one item in the current dir, and if focus is on a checkbox,
+		// and enter is pressed (to check/uncheck via this onkeydown event), then the form would also submit.
+		//Not any more! HAHAHA!
+		//But, allow "enter" on <button>'s & <a>'s ([Move], [Copy], [Delete], and  [M][C][D] & [file names])
+		//
+		var has_focus = document.activeElement;
+		if ((has_focus.tagName != 'A') && (has_focus.tagName != 'BUTTON')) { event.preventDefault(); }
 		
 		return;
 	}
 	else if (key == TAB)  { return; }
 	else if (key == ESC)  { document.activeElement.blur();   return; }
-	else if (key == END)  { if (ID != LAST_FILE ) {ID = LAST_FILE; } }
-	else if (key == HOME) {	if (ID != FIRST_FILE) {ID = FIRST_FILE;} }
+	else if (key == END)  { ID = LAST_FILE;  }
+	else if (key == HOME) {	ID = FIRST_FILE; } 
 	else if (key == AL) {
 		//Find first tab-able element to the left (usually just (focus_tabindex - 1))
 		for (var new_index = (focus_tabindex - 1); new_index > 0; new_index--) {
@@ -3423,6 +3432,12 @@ function Index_Page_events() {//************************************************
 		else if (key == AD) {ID = "admin";}
 		else if (key == PD) {ID = "admin";}
 	}
+	else if ((FROWS == 1) && (FR == 1)) {
+		if		(key == AU) { ID = FIRST_FILE; }
+		else if	(key == PU) { FR -= jump; if (FR >= 0) {ID = "f" + FR + "c" + FC} else {ID = FIRST_FILE} }
+		else if (key == AD) { ID = "admin" }
+		else if (key == PD) { ID = "admin" }
+	}
 	else if (FR == FROWS) { //Last row (FROWS is the number of files listed)
 		if		(key == AU) { FR--      ; if (FR >= 0) {ID = "f" + FR + "c" + FC} else {ID = "header_filename" } }
 		else if	(key == PU) { FR -= jump; if (FR >= 0) {ID = "f" + FR + "c" + FC} else {ID = FIRST_FILE} }
@@ -3490,36 +3505,6 @@ function Index_Page_scripts() {//***********************************************
 
 
 
-function Octal_Input_Only(e) { //*************************************
-	//Restrict input to digits & a few special keys.
-
-	//##### This function works on desktops, but inhibits number inputs on android / Samsung Galaxy S III mini. //#####
-	//##### 
-	return; //##### Not actually needed yet... (as of 3.6.03)
-
-	function Stop_Prop(event) { event.stopPropagation() }
-
-	//Normalize the event (e) codes...
-	if (!e) {var e = window.event;} //for IE
-	var e_code = e.which || e.keyCode || e.charCode;
-
-	//Allow:
-	if (e.ctrlKey || e.altKey) 				{ Stop_Prop(e); return; } //control & alt keys
-	if ((e_code == 8) || (e_code ==  13))   { Stop_Prop(e); return; } //backspace, enter
-	if ((e_code >=  35) && (e_code <=  37) || (e_code == 39)) { Stop_Prop(e); return; } //end, home, <- -> arrows
-	if ((e_code >=  45) && (e_code <=  55)) { Stop_Prop(e); return; } //insert, delete, keyboard top row numbers 0-7
-	if ((e_code >=  96) && (e_code <= 103)) { Stop_Prop(e); return; } //keypad numbers 0-7
-	
-	//Prevent everything else, except tab
-	if (e_code != 9) { //tab
-		e.preventDefault ? e.preventDefault() : (e.returnValue = false);
-		return false;
-	}
-}//end Octal_Input_Only() //******************************************
-
-
-
-
 function Sort_Folders_First() {//*************************************
 
 	//DIRECTORY_DATA[x] = ("type", "file name", filesize, timestamp, is_ofcms)	
@@ -3635,7 +3620,7 @@ function Assemble_Insert_row(IS_OFCMS, row, trow, href, f_or_f, filename, file_n
 	//		and the $TABINDEX calculation for the [Admin] link in page footer.
 	//		There are currently 6 tab-able items per (file) row:  [m] [c] [d] [x] [sogw] [file name]
 	//		[m][c][d][x][sogw] tabindexes are set below.  [filename]'s tabinex is set in Build_Directory().
-	
+
 	row++;
 
 	//[Move] [Copy] [Delete] [x] [perms]
@@ -3679,7 +3664,7 @@ function Assemble_Insert_row(IS_OFCMS, row, trow, href, f_or_f, filename, file_n
 	}
 
 	perms  = '<input id=' + perms_id + ' class=perms tabindex=' + (TABINDEX++) ;
-	perms += ' value="' + DIRECTORY_DATA[row - 1][6]+ '" maxlength=4 readonly>'; //##### readonly for now
+	perms += ' value="' + DIRECTORY_DATA[row - 1][6]+ '" maxlength=4 readonly>';
 
 
 	//fill the <td>'s
@@ -3698,7 +3683,7 @@ function Assemble_Insert_row(IS_OFCMS, row, trow, href, f_or_f, filename, file_n
 	E(ckbox_id).onblur    = function() { E(ckbox_id).parentNode.style.backgroundColor = ""; }
 
 	E(perms_id).onfocus   = function(event) { this.prior_value = this.value; }
-	E(perms_id).onkeydown = function(event) { Octal_Input_Only(event); } //##### Not actually used yet as still readonly above.
+	E(perms_id).onkeydown = function(event) { ; } //##### Not actually used yet as still readonly above.
 	E(perms_id).onchange  = function(event) {
 
 		this.value = this.prior_value; //##### Will be used in future if there's an input error.		
@@ -3817,9 +3802,9 @@ function Select_All() {//********************************************
 	//So, prefix with a dollar sign (a valid character in JS for variable names).
 	$select_all_label = E('select_all_label');
 
-	var files = document.mcdselect.elements['files[]'];
+	var files = E('mcdselect').elements['files[]'];
 	var last  = files.length; //number of files
-	var select_all = document.mcdselect.select_all;
+	var select_all = E('mcdselect').select_all;
 
 	if (select_all.checked) {
 		$select_all_label.innerHTML = '<?php echo hsc($_['Clear_All']) ?>';
@@ -3836,12 +3821,12 @@ function Select_All() {//********************************************
 
 function Confirm_Submit(action) {//***********************************
 
-	var files = document.mcdselect.elements['files[]'];
+	var files = E('mcdselect').elements['files[]'];
 	var last  = files.length;   //number of files
 	var no_files = true;
 	var f_msg    = "<?php echo hsc($_['No_files']) ?>";	
 
-	document.mcdselect.mcdaction.value = action; 
+	E('mcdselect').mcdaction.value = action; 
 
 	//Confirm at least one file is checked
 	for (var x = 0; x < last ; x++) {
@@ -3851,7 +3836,7 @@ function Confirm_Submit(action) {//***********************************
 	//Don't submit form if no files are checked.
 	if ( no_files ) { Display_Messages(f_msg, 1); return false; }
 
-	document.mcdselect.submit(); //submit form.
+	E('mcdselect').submit(); //submit form.
 }//end Confirm_Submit() //********************************************
 
 </script>

From a028db159bc1d3e0a19cc90557d1a80d2560e97d Mon Sep 17 00:00:00 2001
From: Self-Evident <selfevidenttruths@mail.com>
Date: Wed, 27 Sep 2017 17:43:47 -0400
Subject: [PATCH 217/228] Version 3.6.06

Added ability to edit file permissions:
  PHP: Update_File_Permissions()
  js: Perms_onkeydown()
      Directory_Events()
      Validate_and_Post()
      Enable_Edit_Perms()
      Octal_Input_Only()
      Perms_Update_Response()
      Post_New_File_Perms()

Removed period at end of value:  $_['Update_failed'] = 'Update failed';
Still needs some new langauge $_[] values, but I'll get those next commit.
---
 info/changelog.markdown |   4 +
 onefilecms.php          | 344 ++++++++++++++++++++++++++++++++++------
 2 files changed, 301 insertions(+), 47 deletions(-)

diff --git a/info/changelog.markdown b/info/changelog.markdown
index 9a8805b..4c5f7b5 100755
--- a/info/changelog.markdown
+++ b/info/changelog.markdown
@@ -1,5 +1,9 @@
 # OneFileCMS Change Log
 
+### v3.6.06 (2017-09-27)
+
+- Added ability to edit file permissions.
+
 ### v3.6.05 (2017-09-24)
 
 - Fixed a couple bugs in keyboard navigation when there's only one item in current diretory.
diff --git a/onefilecms.php b/onefilecms.php
index 4bc872b..2e5666d 100755
--- a/onefilecms.php
+++ b/onefilecms.php
@@ -2,9 +2,9 @@
 
 // OneFileCMS - github.com/Self-Evident/OneFileCMS
 
-$OFCMS_version = '3.6.05';
-
+$OFCMS_version = '3.6.06';
 
+//If language values changed, don't forget the Language Settings version.
 
 
 //******************************************************************************
@@ -382,7 +382,7 @@ function System_Setup() {//*****************************************************
 
 function Default_Language() { // ***********************************************
 	global $_;
-// OneFileCMS Language Settings v3.6.03  (Not always in sync with OFCMS version#, if no changes to displayed wording.)
+// OneFileCMS Language Settings v3.6.0x  (Not always in sync with OFCMS version#, if no changes to displayed wording.)
 
 $_['LANGUAGE'] = 'English';
 $_['LANG'] = 'EN';
@@ -454,7 +454,6 @@ function Default_Language() { // ***********************************************
 $_['Upload']     = 'Upload';
 $_['Username']   = 'Username';
 $_['View']       = 'View';
-$_['Working']    = 'Working - please wait...';
 
 $_['Log_In']             = 'Log In';
 $_['Log_Out']            = 'Log Out';
@@ -487,6 +486,8 @@ function Default_Language() { // ***********************************************
 $_['Not_found']          = 'Not found';
 $_['Invalid_path']       = 'Invalid path';
 $_['must_be_decendant']  = '$DEFAULT_PATH must be a decendant of, or equal to, $ACCESS_ROOT'; //## NT ## as of 3.5.23
+$_['Update_failed']      = 'Update failed';
+$_['Working']            = 'Working - please wait...';
 
 $_['verify_msg_01']     = 'Session expired.';
 $_['verify_msg_02']     = 'INVALID POST';
@@ -643,8 +644,6 @@ function Default_Language() { // ***********************************************
 $_['change_un_01'] = 'Username changed!';
 $_['change_un_02'] = 'Username NOT changed.';
 
-$_['update_failed'] = 'Update failed - could not save file.';
-
 $_['mcd_msg_01'] = 'file(s) and/or folder(s) moved.';
 $_['mcd_msg_02'] = 'file(s) and/or folder(s) copied.';
 $_['mcd_msg_03'] = 'file(s) and/or folder(s) deleted.';
@@ -911,10 +910,8 @@ function Valid_Path($path, $gotoroot=true) {//**********************************
 	//$path        = some/root/                      : bad
 	//$path        = some/other/path/                : bad
 
-	$path_len     = mb_strlen($path);
-
-	$path_root    = mb_substr($path, 0, $ACCESS_ROOT_len);
-
+	$path_len  = mb_strlen($path);
+	$path_root = mb_substr($path, 0, $ACCESS_ROOT_len);
 	$good_path = false;
 
 
@@ -926,7 +923,6 @@ function Valid_Path($path, $gotoroot=true) {//**********************************
 	elseif ( $path_len <  $ACCESS_ROOT_len ) { $good_path = false; }
 	else                                     { $good_path = ($path_root == $ACCESS_ROOT); }
 
-
 	if (!$good_path && $gotoroot) {
 		$ipath    = $ACCESS_ROOT;
 		$ipath_OS = Convert_encoding($ipath);
@@ -1424,8 +1420,8 @@ function Timeout_Timer($COUNT, $ID, $ACTION="") {//*****************************
 function Init_Macros() {//**** ($varibale="some reusable chunk of code")********
 	global 	$_, $ONESCRIPT, $param1, $param2, $INPUT_NUONCE, $FORM_COMMON, $PWUN_RULES;
 
-	$INPUT_NUONCE = '<input type="hidden" name="nuonce" value="'.$_SESSION['nuonce'].'">'."\n";
-	$FORM_COMMON = '<form method="post" action="'.$ONESCRIPT.$param1.$param2.'">'.$INPUT_NUONCE."\n";
+	$INPUT_NUONCE = '<input type="hidden" id="nuonce" name="nuonce" value="'.$_SESSION['nuonce'].'">'."\n";
+	$FORM_COMMON = '<form method="post" action="'.$ONESCRIPT.$param1.$param2.'">'."\n".$INPUT_NUONCE."\n";
 
 	$PWUN_RULES  = '<p>'.hsc($_['pw_txt_02']);
 	$PWUN_RULES	.= '<ol><li>'.hsc($_['pw_txt_04']).'<li>'.hsc($_['pw_txt_06']);
@@ -1739,7 +1735,7 @@ function Change_PWUN_Page($pwun, $type, $page_title, $label_new, $label_confirm)
 
 
 
- 
+
 //******************************************************************************
 function Update_config($search_for, $replace_with, $search_file, $backup_file) {
 	global  $_, $EX, $MESSAGE;
@@ -1775,7 +1771,7 @@ function Update_config($search_for, $replace_with, $search_file, $backup_file) {
 	$updated_contents = implode("\n", $search_lines);
 
 	if (file_put_contents($search_file_OS, $updated_contents, LOCK_EX) === false) {
-		$MESSAGE .= $EX.'<b>'.hsc($_['update_failed']).'</b><br>';
+		$MESSAGE .= $EX.'<b>'.hsc($_['Update_failed']).'</b><br>';
 		return false;
 	}else {return true;}
 }//end Update_config() //*******************************************************
@@ -2067,7 +2063,7 @@ function Get_DIRECTORY_DATA($raw_list) {//**************************************
 		$file_time_raw = filemtime($filename_OS);
 			
 		//Store data
-		$DIRECTORY_DATA[$DIRECTORY_COUNT] = array('', '', 0, 0, 0, '');
+		$DIRECTORY_DATA[$DIRECTORY_COUNT] = array('', '', 0, 0, 0, '', '');
 		$DIRECTORY_DATA[$DIRECTORY_COUNT][0] = $type;  //used to determine icon & f_or_f
 		$DIRECTORY_DATA[$DIRECTORY_COUNT][1] = $filename;
 		$DIRECTORY_DATA[$DIRECTORY_COUNT][2] = $file_size_raw;
@@ -2142,7 +2138,7 @@ function Index_Page_buttons_top($file_count) {//********************************
 
  
 function Index_Page() {//*******************************************************
-	global  $ONESCRIPT, $ipath_OS, $param1;
+	global  $ONESCRIPT, $ipath_OS, $param1, $INPUT_NUONCE;
 
 	init_ICONS_js();
 
@@ -2152,6 +2148,7 @@ function Index_Page() {//*******************************************************
 	//<form> to contain directory, including buttons at top.
 	echo '<form method="post" id="mcdselect" action="'.$ONESCRIPT.$param1.'&amp;p=mcdaction">';
 	echo '<input type="hidden" name="mcdaction" value="">'; //along with $page, affects response
+	echo $INPUT_NUONCE; //Needed for file permission updates.
 
 	Index_Page_buttons_top($file_count);
 
@@ -2895,6 +2892,67 @@ function MCD_response($action, $msg1, $success_msg = '') {//********************
 
 
 
+function Update_File_Permissions() { //*****************************************
+	//Validate new_perms & update.
+	//$_POST['new_perms'] must be an octal value with 3 or 4 digits (0-7) only.
+	global $_, $ACCESS_ROOT, $ACCESS_ROOT_len, $MESSAGE;
+	
+	$new_perms   = trim($_POST['new_perms']);
+	$len         = strlen($new_perms);
+	$errors      = 0;
+	$ipath		 = $_POST['ipath'];
+	$ipath_OS	 = Convert_encoding($ipath);
+	$filename	 = $_POST['perms_filename'];
+	$filename_OS = Convert_encoding($ipath.$filename); //Full path/filename
+
+	//Verify that each digit is octal (0-7), and that $new_perms is only 3 or 4 digits in length.
+	$digit = "";
+	for ($p = 0; $p < $len; $p++) {
+		$digit = substr($new_perms, $p, 1);
+		if (($digit < '0') || ($digit > '7')) {
+			$errors++ ; break;
+		}
+	}
+	if (($len < 3) || ($len > 4)) {
+		$errors++;
+	}
+	//##### 													//##### Needs language $_[]
+	if ($errors) { $MESSAGE .= $_['Invalid'].": [$new_perms]. Must be exactly 3 or 4 octal digits (0-7)"; }
+
+	//Validate path & filename.
+	if (!Valid_Path($ipath_OS, false)) { $MESSAGE = $_['Invalid_path'].". \n"; }
+	if (!file_exists($filename_OS))    { $MESSAGE .= $_['get_get_msg_01']."\n "; }
+
+	if (!$errors) { 
+		//Update the file permissions...
+		$chmod = chmod($filename_OS, octdec($new_perms));
+		if (!$chmod) {
+			$errors++;
+			$MESSAGE .= "<b>".$_['Update_failed'].":</b> <span class=mono>";
+			$MESSAGE .= "chmod(\"$filename_OS\", octdec($new_perms))</span>";
+		}
+	}
+	clearstatcache ();
+	$new_perms = decoct((fileperms($filename_OS) & 07777)); //May not actually be new, if update failed.
+
+	if ($errors == 0) {
+		$MESSAGE .= "<b>".hsc($_['meta_txt_03'])."</b> ";
+		$MESSAGE .= "<span class=mono> <b>[".hsc($new_perms)."]</b> ".hsc($filename)."</span><br>";
+	}
+
+	$new_perms_response = "";
+	$new_perms_response['new_perms'] 	  = $new_perms;
+	$new_perms_response['perms_filename'] = $ipath.$filename;
+	$new_perms_response['nuonce']		  = $_SESSION['nuonce'];
+	$new_perms_response['early_output']   = hsc(ob_get_clean()); //Should always be empty unless error or trouble-shooting.
+	$new_perms_response['errors']		  = $errors."";
+	$new_perms_response['MESSAGE']		  = $MESSAGE;
+	echo json_encode($new_perms_response);
+}//end Update_File_Permissions() //*********************************************
+
+
+
+
 function Page_Title() {//***<title>Page_Title()</title>*************************
 	global $_, $page;
 
@@ -2954,6 +3012,8 @@ function Load_Selected_Page() {//***********************************************
 function Respond_to_POST() {//**************************************************
 	global $_, $VALID_POST, $ipath, $page, $EX, $ACCESS_ROOT, $MESSAGE;
 
+	// $_POST['key']'s must all be unique, or order of if/elseif's below becomes significant.
+
 	if (!$VALID_POST) { return; }
 
 	//First, validate any $_POST'ed paths against $ACCESS_ROOT.
@@ -2984,6 +3044,7 @@ function Respond_to_POST() {//**************************************************
 	elseif (isset($_POST['rename_file']  )) { CRM_response('rename', $_['Ren_Move']);}
 	elseif (isset($_POST['copy_file']    )) { CRM_response('rCopy' , $_['Copy']   );}
 	elseif (isset($_FILES['upload_file']['name']))  { Upload_response(); }
+	elseif (isset($_POST['new_perms']    )) { Update_File_Permissions(); } //die()'s after return from Resopnd_to_POST().
 
 	//If Changed p/w, u/n, or other Admin Page action, make sure to not return to a folder outside of $ACCESS_ROOT.
 	Valid_Path($ipath, true);
@@ -3226,7 +3287,7 @@ function Display_Messages($msg, take_focus) {//***********************
 
 
 function Index_Page_events() {//************************************************
-	global $_, $PAGEUPDOWN, $EX;
+	global $_, $ONESCRIPT, $ipath, $PAGEUPDOWN, $EX;
 ?>
 <script>
 var Move_Button			= E('b1');
@@ -3266,8 +3327,6 @@ function Index_Page_events() {//************************************************
 	E('folders_first_label').style.backgroundColor = "";
 }
 
-
-
 E('folders_first_ckbox').onclick = function () {Sort_and_Show(SORT_by, SORT_order); this.focus();}
 
 E('header_filename').onclick = function () {Sort_and_Show(1, FLIP_IF); this.focus(); return false;}
@@ -3276,6 +3335,7 @@ function Index_Page_events() {//************************************************
 E('header_sorttype').onclick = function () {Sort_and_Show(5, FLIP_IF); this.focus(); return false;}
 
 
+
 E("main").onkeydown = function(event) { //*****************************
 	//Control cursor keys to navigate index page. (Arrows, Page, Home, End)
 
@@ -3362,16 +3422,15 @@ function Index_Page_events() {//************************************************
 		else if (FC == 3) {  //Is focus on a checkbox next to a file name?
 			E(ID).checked = !E(ID).checked;
 		}
-
-		//Prevent the hair-pulling "implicit submit on enter" that only occurs sometimes.
-		//Specifically, here, if there's only one item in the current dir, and if focus is on a checkbox,
-		// and enter is pressed (to check/uncheck via this onkeydown event), then the form would also submit.
-		//Not any more! HAHAHA!
-		//But, allow "enter" on <button>'s & <a>'s ([Move], [Copy], [Delete], and  [M][C][D] & [file names])
+		
+		// Prevent the hair-pulling "implicit submit on enter" that only occurs sometimes.
+		// Specifically, at least here, if there's only one item in the current directory,
+		// and if focus is on an <input>, and enter is pressed, then the form would also submit.  
+		// Not any more, as that behaviour is NOT wanted, expected, or intuitive.
+		// But, allow "enter" on <button>'s & <a>'s ([Move], [Copy], [Delete], and  [M][C][D] & [file names])
 		//
 		var has_focus = document.activeElement;
-		if ((has_focus.tagName != 'A') && (has_focus.tagName != 'BUTTON')) { event.preventDefault(); }
-		
+		if (has_focus.tagName == 'INPUT') { event.preventDefault(); }
 		return;
 	}
 	else if (key == TAB)  { return; }
@@ -3400,7 +3459,7 @@ function Index_Page_events() {//************************************************
 		if      (key == AU) {ID = "admin"}
 		else if (key == PU) {ID = "admin"}
 		else if (key == AD) {ID = "path_0"}
-		else if (key == PD) {ID = FIRST_FILE}
+		else if (key == PD) {ID = "path_0"}
 	}
 	else if (ID == "X_box") {
 		if      (key == AU)   {ID = "path_0"}
@@ -3472,7 +3531,211 @@ function Index_Page_events() {//************************************************
 	if ( (ID != 'path_0') || ((ID == 'path_0') && (key == AD)) || ((ID == 'path_0') && (key == PD))) {
 		if (event.preventDefault) { event.preventDefault() } else { event.returnValue = false }
 	}
-}//end onkeydown() //*************************************************
+}//end E("main").onkeydown() //***************************************
+
+
+
+
+function Perms_onkeydown(event, $perms) {//***************************
+
+	//Get key pressed...
+	if (!event) {var event = window.event;} //for IE
+	var key = event.keyCode;
+
+	var TAB = 9, ENTER = 13, ESC = 27;
+
+	if (key == ENTER)  { //Toggle readonly state of permissions.
+		$perms.value = $perms.value.trim();
+		$perms.readOnly = !$perms.readOnly;
+		if ($perms.readOnly) {
+			Display_Messages("");
+			$perms.style.backgroundColor = "";  //##### Remove .class instead?
+			$perms.style.boxShadow = "";		//##### Remove .class instead? 
+			
+			//onchange doesn't seem to occur until looses focus, which ENTER doesn't do.
+			if ($perms.value != $perms.prior_value) { $perms.onchange(); }
+		}
+		else {
+			Enable_Edit_Perms($perms);
+		}
+		
+		event.preventDefault();
+		return false;
+	}//end ENTER
+
+	if ($perms.readOnly) { return; }
+
+	event.stopPropagation();
+
+	//if ESC or TAB, cancel any changes, & return to readonly.
+	if ((key == 27) || (key == TAB)) {
+		$perms.value = $perms.prior_value;
+		Display_Messages("");
+		$perms.readOnly = true;
+		$perms.style.backgroundColor = "";	//##### Remove .class instead?
+		$perms.style.boxShadow = "";		//##### Remove .class instead?
+	}//end ESC or TAB
+
+	Octal_Input_Only(event);
+
+	return true; //false would .preventDefault(), which is not wanted here (TAB's).
+
+}//end Perms_onkeydown() {//******************************************
+
+
+
+
+function Directory_Events($ckbox, $perms, $file, filename) {//********
+
+	//##### add/remove a class instead of setting/clearing value directly? ##############
+	$ckbox.onfocus   = function() { $ckbox.parentNode.style.backgroundColor = "rgb(255,240,140)"; }
+	$ckbox.onblur    = function() { $ckbox.parentNode.style.backgroundColor = ""; }
+
+	$perms.onblur	 = function(event) {
+		$perms.readOnly = true;
+		$perms.style.backgroundColor = "";	//##### Remove .class instead?
+		$perms.style.boxShadow = "";		//##### Remove .class instead?
+	}
+
+	$perms.onfocus   = function(event) {
+ 		var deselect = function() { $perms.setSelectionRange(0, 0); }
+		setTimeout(deselect, 1);
+		$perms.prior_value = $perms.value;
+	}
+
+	$perms.onkeydown = function(event) { return Perms_onkeydown(event, $perms); }
+
+	$perms.onchange  = function(event) { Validate_and_Post($perms, filename); }
+
+	$perms.onclick   = function(event) { Enable_Edit_Perms($perms); }
+
+}//end Directory_Events() {//*****************************************
+
+
+
+
+function Validate_and_Post($perms, filename) { //*********************
+
+	$perms.value = $perms.value.trim();
+	
+	//$perms.onchange sometimes fires when there isn't any. Usually by $perms.onblur, 
+	//after perms already updated by a $perms.onchange(), in Perms_onkeydown(), after [Enter].
+	if ($perms.value == $perms.prior_value) { return };
+
+	//Verify that each digit is octal (0-7), and that $perms is only 3 or 4 digits in length.
+	var octal = /^[0-7]{3,4}$/;
+	var valid =  octal.test($perms.value);
+
+	if (!valid) {
+		var msg  = "<b>" + hsc("<?php echo $_['Invalid'] ?>: [" + $perms.value + "].") + "</b>";
+		    msg += hsc(" Permissions must be exactly 3 or 4 octal digits (0-7).");  		//##### Needs language $_[]; //#####
+		$perms.value = $perms.prior_value;
+		Display_Messages(msg);
+		return false;
+	}
+
+	$perms.prior_value = $perms.value;
+	Post_New_File_Perms($perms, filename);
+
+	return true;
+}//end Validate_and_Post() //*****************************************
+
+
+
+
+function Enable_Edit_Perms($perms) {//********************************
+
+	//##### NEED LANGUAGE $_[] values #####################################################
+	var msg = "Press [Enter] to save changes. Press [Esc] or [Tab] to cancel.";
+
+	Display_Messages(msg);
+	$perms.readOnly = false;
+	$perms.setSelectionRange(0, 0); //Just for consistency.
+	$perms.style.backgroundColor = "rgb(255,240,140)";	//##### Add .class instead?
+	$perms.style.boxShadow = "0 0 10px 2px #F44";		//##### Add .class instead?
+}//end Enable_Edit_Perms() {//****************************************
+
+
+
+
+function Octal_Input_Only(event) { //*********************************
+	//Restrict input to digits & a few special keys.
+
+	//##### This function works with keyboards, but may inhibit number inputs on 
+	//##### touchscreens / android / Samsung Galaxy S III mini / etc.  I don't know.
+	//##### return;
+
+	function Stop_Prop(event) { event.stopImmediatePropagation() }
+
+	//Normalize the event codes...
+	if (!event) {var event = window.event;} //for IE
+	var key = event.which || event.keyCode || event.charCode;
+
+	//Allow:
+	if ((key >=  96) && (key <= 103)) { Stop_Prop(event); return; } //keypad numbers 0-7
+	if ((key >=  45) && (key <=  55)) { Stop_Prop(event); return; } //insert, delete, keyboard top row numbers 0-7
+	if ((key ==  37) || (key ==  39)) { Stop_Prop(event); return; } //arrows  <- ->
+	if ((key ==  35) || (key ==  36)) { Stop_Prop(event); return; } //end, home
+	if ((key ==   8) || (key ==  13)) { Stop_Prop(event); return; } //backspace, enter
+	if (event.ctrlKey     || (key ==   9)) { Stop_Prop(event); return; } //control & tab keys
+
+	event.preventDefault();
+	return false;
+
+}//end Octal_Input_Only() //******************************************
+
+
+
+
+function Perms_Update_Response(request, $perms) { //******************
+
+	//##### Need to also handle non-200 response cases... ##### ###########
+
+	if ((request.readyState != 4) || (request.status != 200)) { return; }
+
+	var update_response = JSON.parse(request.responseText);
+
+	$perms.value = update_response.new_perms.trim();
+	$perms.prior_value = $perms.value;
+
+	var msg = update_response.MESSAGE;
+
+	//Should always be blank unless troubleshooting, or an error server side.
+	if (update_response.early_output != "") { msg += "<hr>" + hsc(update_response.early_output); }
+
+	//#####	msg += "<hr>" + hsc(request.responseText); //For trouble-shooting...
+
+	E('nuonce').value = update_response.nuonce; //For the next post...
+
+	Display_Messages(msg);
+
+}//end Perms_Update_Response() //*************************************
+
+
+
+
+function Post_New_File_Perms($perms, filename) { //*******************
+	//key input restricted to 0-7 client-side, and validated both client & server-side.
+
+	Display_Messages("<?php echo $_['Working'] ?>");
+
+	var request_update = new XMLHttpRequest();
+
+	request_update.onreadystatechange = function() { Perms_Update_Response(this, $perms); }
+
+	request_update.open("POST", "<?php echo $ONESCRIPT ?>", true);
+
+	request_update.setRequestHeader("Content-type", "application/x-www-form-urlencoded");
+
+	var post_data  = "new_perms=" + $perms.value;
+		post_data += "&ipath=<?php echo $ipath ?>";
+	    post_data += "&perms_filename=" + filename;
+		post_data += "&nuonce=" + E('nuonce').value;  //Needed to confirm $VALID_POST
+
+	request_update.send(post_data );
+
+}//end Post_New_File_Perms() //***************************************
+
 </script>
 <?php
 }//end Index_Page_events() //***************************************************
@@ -3631,6 +3894,7 @@ function Assemble_Insert_row(IS_OFCMS, row, trow, href, f_or_f, filename, file_n
 	var del_id	 = 'f' + row + 'c2';
 	var ckbox_id = 'f' + row + 'c3';
 	var perms_id = 'f' + row + 'c4';
+	var file_id  = 'f' + row + 'c5';
 
 	var sogw = DIRECTORY_DATA[row - 1][6] + ""; //File permissions (suid sgid sticky)(owner)(group)(world)
 	sogw = parseInt(sogw,8);
@@ -3678,20 +3942,7 @@ function Assemble_Insert_row(IS_OFCMS, row, trow, href, f_or_f, filename, file_n
 	cells[6].innerHTML = file_size;
 	cells[7].innerHTML = file_time;
 
-	//##### Abstract out bgcolors.  IE: add/remove a class instead of setting/clearing value directly. ##############
-	E(ckbox_id).onfocus   = function() { E(ckbox_id).parentNode.style.backgroundColor = "rgb(255,240,140)"; }
-	E(ckbox_id).onblur    = function() { E(ckbox_id).parentNode.style.backgroundColor = ""; }
-
-	E(perms_id).onfocus   = function(event) { this.prior_value = this.value; }
-	E(perms_id).onkeydown = function(event) { ; } //##### Not actually used yet as still readonly above.
-	E(perms_id).onchange  = function(event) {
-
-		this.value = this.prior_value; //##### Will be used in future if there's an input error.		
-		return; //##### just not yet...
-		
-		//##### NEED LANGUAGE $_[] values...
-		Display_Messages('Permissions updated: ' + this.value + ' for "' + filename + '"');
-	}
+	Directory_Events(E(ckbox_id), E(perms_id), E(file_id), filename);
 
 }//end Assemble_Insert_row() //***************************************
 
@@ -4639,12 +4890,9 @@ function style_sheet() {//******************************************************
 	width: 2.4rem;
 	padding: 2px 2px;
 	border: solid 1px transparent;
-	background-color: transparent;
 	text-align: right;
 }
 
-/* //##### remove/normalize bg color assignment once permissions are editable. ##### */
-input.perms:focus { border: solid 1px transparent; background-color: #DDD }
 td.perms { padding: 0; }
 
 #DIRECTORY_FOOTER {text-align: center; font-size: .9em; color: #333; padding: 3px 0 0 0; }
@@ -5048,6 +5296,8 @@ function Load_style_sheet() {//*************************************************
 
 	Verify_Page_Conditions(); //Must come after Respond_to_POST()
 
+	if (isset($_POST['new_perms'])) { die(); } //die() here just for clarity.
+
 	Update_Recent_Pages();
 
 	//Don't show current/path/ header on some pages.

From 066e15b215f729c3640aa855f9f626133035b4ab Mon Sep 17 00:00:00 2001
From: Self-Evident <selfevidenttruths@mail.com>
Date: Wed, 27 Sep 2017 23:08:49 -0400
Subject: [PATCH 218/228] Updated Langauge Files etc.

---
 extras/OneFileCMS.css            |  8 ++++---
 languages/OneFileCMS.LANG.DE.php | 15 +++++++------
 languages/OneFileCMS.LANG.EN.php | 37 +++++++++++++++++---------------
 languages/OneFileCMS.LANG.ES.php | 15 +++++++------
 languages/OneFileCMS.LANG.NL.php | 11 ++++++----
 languages/OneFileCMS.LANG.RU.php | 11 ++++++----
 6 files changed, 57 insertions(+), 40 deletions(-)

diff --git a/extras/OneFileCMS.css b/extras/OneFileCMS.css
index 7ac7db6..e5e5904 100755
--- a/extras/OneFileCMS.css
+++ b/extras/OneFileCMS.css
@@ -1,5 +1,5 @@
 /*******************************************************************************
-Sample, OPTIONAL, external style sheet for OneFileCMS v3.6.02
+Sample, OPTIONAL, external style sheet, as of OneFileCMS v3.6.06
 
 This is just a copy of the primary <style></style> section in OneFileCMS
 *******************************************************************************/
@@ -118,6 +118,9 @@ button:active, .button:active{ position:relative; top :1px; left:1px; }
 
 .filename { font-family: courier; }
 
+#submitty { margin-left: 1em; }
+#hr_bottom { border-color: white; }
+
 
 /* ------ INDEX Page ------ */
 
@@ -184,7 +187,7 @@ table.index_T {
 	font-size: .95em;
 	border         : 1px solid #777;
 	border-collapse: collapse;
-	margin: .5em 0 0 0;
+	margin: .5em 0 .5em 0;
 	background-color: #FFF;
 	}
 
@@ -233,7 +236,6 @@ input.perms {
 	text-align: right;
 }
 
-/* //##### remove/normalize bg color assignment once permissions are editable. ##### */
 input.perms:focus { border: solid 1px transparent; background-color: #DDD }
 td.perms { padding: 0; }
 
diff --git a/languages/OneFileCMS.LANG.DE.php b/languages/OneFileCMS.LANG.DE.php
index db8a960..afe4880 100755
--- a/languages/OneFileCMS.LANG.DE.php
+++ b/languages/OneFileCMS.LANG.DE.php
@@ -1,5 +1,5 @@
 <?php
-// OneFileCMS Language Settings v3.6.03
+// OneFileCMS Language Settings v3.6.06
 
 $_['LANGUAGE'] = 'Deutsch';
 $_['LANG'] = 'DE';
@@ -71,7 +71,6 @@
 $_['Upload']     = 'Heraufladen';
 $_['Username']   = 'Benutzername';
 $_['View']       = 'Aussicht';
-$_['Working']    = 'Working - please wait...'; //## NT ##
 
 $_['Log_In']             = 'Anmelden';
 $_['Log_Out']            = 'Abmelden';
@@ -104,6 +103,11 @@
 $_['Not_found']          = 'Nicht gefunden';
 $_['Invalid_path']       = 'Invalid path'; //## NT ##
 $_['must_be_decendant']  = '$DEFAULT_PATH must be a decendant of, or equal to, $ACCESS_ROOT'; //## NT ##
+$_['Update_failed']      = 'Update failed.'; //## NT ##
+$_['Working']            = 'Working - please wait...'; //## NT ##
+$_['Enter_to_edit']      = '[Enter] to edit'; //## NT ##
+$_['Press_Enter']        = 'Press [Enter] to save changes. Press [Esc] or [Tab] to cancel.'; //## NT ##
+$_['Permissions_msg_1']  = 'Permissions must be exactly 3 or 4 octal digits (0-7)'; //## NT ##
 
 $_['verify_msg_01']     = 'Sitzung abgelaufen.';
 $_['verify_msg_02']     = 'UNGÜLTIGE DATENSENDUNG';
@@ -145,6 +149,7 @@
 $_['edit_txt_01'] = 'Unbekannter Dateityp oder keine Textdatei. Bearbeitungsmöglichkeit ausgeschalten.';
 $_['edit_txt_02'] = 'Die Datei enthält möglicherweise ungültige Zeichen. Der Bearbeitungs- und Betrachtungsmodus wurde gesperrt.';
 $_['edit_txt_03'] = 'htmlspecialchars() gab eine leere Zeichenkette zurück.';
+$_['edit_txt_04'] = 'Das Verhalten kann je nach verwendeter PHP-Version unterschiedlich sein.';
 $_['edit_txt_05'] = 'Datei ist readonly.';
 
 $_['too_large_to_edit_01'] = 'Bearbeiten deaktiviert. Dateigröße >';
@@ -213,7 +218,7 @@
 $_['OFCMS_requires']  = 'OneFileCMS erfordert PHP';
 $_['logout_msg']      = 'Sie wurden erfolgreich abgemeldet.';
 $_['edit_caution_01'] = 'ACHTUNG ';
-$_['edit_caution_02'] = ' Sie bearbeiten gerade die aktive Version von OneFileCMS - Sichern Sie den Code und seien Sie vorsichtig !!';
+$_['edit_caution_02'] = ' Sie bearbeiten gerade die aktive Version von OneFileCMS.';
 $_['time_out_txt']    = 'Automatischer Sitzungsstopp in:';
 
 $_['error_reporting_01'] = 'Anzeigen von Fehlern ist';
@@ -227,7 +232,7 @@
 $_['admin_txt_01'] = 'Diese Datei wurde erstellt, da es während der Änderung des Passwortes oder des Benutzernamens zu einem Fehler gekommen ist. Diese Datei enthält somit eventuell veraltete Informationen und kann gelöscht werden, sofern sie nicht weiter von Ihnen benötigt wird.';
 $_['admin_txt_02'] = 'Allgemeine Information';
 $_['admin_txt_03'] = 'Session Path'; //## NT ##
-$_['admin_txt_04'] = 'Current Session File (changes every page load)';
+$_['admin_txt_04'] = 'Connected to'; //## NT ##
 $_['admin_txt_14'] = 'Eine weitere, kleine Sicherheitsvorkehrung wäre, das Salz oder die Methode für die Streuwertgenerierung von OneFileCMS zu ändern.';
 $_['admin_txt_16'] = 'Sie können auch OneFileCMS selbst bearbeiten.  Legen Sie aber sicherheitshalber eine Kopie an, falls es zu einem unerwünschten Schreibfehler kommt...';
 
@@ -259,8 +264,6 @@
 $_['change_un_01'] = 'Benutzername wurde geändert!';
 $_['change_un_02'] = 'Benutzername wurde nicht geändert.';
 
-$_['update_failed'] = 'Aktualisierung fehlgeschlagen - die Datei konnte nicht gespeichert werden.';
-
 $_['mcd_msg_01'] = 'Dateien verschoben.';
 $_['mcd_msg_02'] = 'Dateien kopiert.';
 $_['mcd_msg_03'] = 'Dateien gelöscht.';
diff --git a/languages/OneFileCMS.LANG.EN.php b/languages/OneFileCMS.LANG.EN.php
index e42c18a..47f5ba8 100755
--- a/languages/OneFileCMS.LANG.EN.php
+++ b/languages/OneFileCMS.LANG.EN.php
@@ -1,5 +1,5 @@
 <?php
-// OneFileCMS Language Settings v3.6.03
+// OneFileCMS Language Settings v3.6.06
 
 $_['LANGUAGE'] = 'English';
 $_['LANG'] = 'EN';
@@ -28,7 +28,7 @@
 $_['select_all_label_width'] = '72px';    //Width of space for $_['Select_All']
 
 $_['HTML']    = 'HTML';
-$_['WYSIWYG'] = 'WYSIWYG';
+$_['WYSIWYG'] = 'WYSIWYG'; //...
 
 $_['Admin']      = 'Admin';
 $_['bytes']      = 'bytes';
@@ -56,7 +56,7 @@
 $_['Invalid']    = 'Invalid'; //## NT ## as of 3.5.23
 $_['Move']       = 'Move';
 $_['Moved']      = 'Moved';
-$_['Name']       = 'Name';
+$_['Name']       = 'Name';    //...
 $_['on']         = 'on';
 $_['off']        = 'off';
 $_['Password']   = 'Password';
@@ -65,13 +65,12 @@
 $_['save_1']     = 'Save';
 $_['save_2']     = 'SAVE CHANGES';
 $_['Size']       = 'Size';
-$_['Source']     = 'Source';
+$_['Source']     = 'Source';  //## NT ##
 $_['successful'] = 'successful';
 $_['To']         = 'To';
 $_['Upload']     = 'Upload';
 $_['Username']   = 'Username';
 $_['View']       = 'View';
-$_['Working']    = 'Working - please wait...';
 
 $_['Log_In']             = 'Log In';
 $_['Log_Out']            = 'Log Out';
@@ -102,8 +101,13 @@
 $_['New_Location']       = 'New Location';
 $_['No_files']           = 'No files selected.';
 $_['Not_found']          = 'Not found';
-$_['Invalid_path']       = 'Invalid path';
+$_['Invalid_path']       = 'Invalid path'; //## NT ##
 $_['must_be_decendant']  = '$DEFAULT_PATH must be a decendant of, or equal to, $ACCESS_ROOT'; //## NT ## as of 3.5.23
+$_['Update_failed']      = 'Update failed.';
+$_['Working']            = 'Working - please wait...'; //## NT ##
+$_['Enter_to_edit']      = '[Enter] to edit';
+$_['Press_Enter']        = 'Press [Enter] to save changes. Press [Esc] or [Tab] to cancel.';
+$_['Permissions_msg_1']  = 'Permissions must be exactly 3 or 4 octal digits (0-7)';
 
 $_['verify_msg_01']     = 'Session expired.';
 $_['verify_msg_02']     = 'INVALID POST';
@@ -145,7 +149,8 @@
 $_['edit_txt_01'] = 'Non-text or unkown file type. Edit disabled.';
 $_['edit_txt_02'] = 'File possibly contains an invalid character. Edit and view disabled.';
 $_['edit_txt_03'] = 'htmlspecialchars() returned an empty string from what may be an otherwise valid file.';
-$_['edit_txt_05'] = 'File is readonly.'; //## NT ## as of 3.6.03
+$_['edit_txt_04'] = 'This behavior can be inconsistant from version to version of php.';
+$_['edit_txt_05'] = 'File is readonly.';
 
 $_['too_large_to_edit_01'] = 'Edit disabled. Filesize >';
 $_['too_large_to_edit_02'] = 'Some browsers (ie: IE) bog down or become unstable while editing a large file in an HTML <textarea>.';
@@ -212,16 +217,16 @@
 $_['confirm_reset']   = 'Reset file and loose unsaved changes?';
 $_['OFCMS_requires']  = 'OneFileCMS requires PHP';
 $_['logout_msg']      = 'You have successfully logged out.';
-$_['edit_caution_01'] = 'CAUTION'; //##### No longer used as of 3.5.07
+$_['edit_caution_01'] = 'CAUTION';
 $_['edit_caution_02'] = 'You are viewing the active copy of OneFileCMS.'; //## NT ## changed wording 3.5.07
 $_['time_out_txt']    = 'Session time out in:';
 
-$_['error_reporting_01'] = 'Display errors is';
-$_['error_reporting_02'] = 'Log errors is';
-$_['error_reporting_03'] = 'Error reporting is set to';
-$_['error_reporting_04'] = 'Showing error types';
-$_['error_reporting_05'] = 'Unexpected early output';
-$_['error_reporting_06'] = '(nothing, not even white-space, should have been output yet)';
+$_['error_reporting_01'] = 'Display errors is'; //## NT ##
+$_['error_reporting_02'] = 'Log errors is'; //## NT ##
+$_['error_reporting_03'] = 'Error reporting is set to'; //## NT ##
+$_['error_reporting_04'] = 'Showing error types'; //## NT ##
+$_['error_reporting_05'] = 'Unexpected early output'; //## NT ##
+$_['error_reporting_06'] = '(nothing, not even white-space, should have been output yet)'; //## NT ##
 
 $_['admin_txt_00'] = 'Old Backup Found';
 $_['admin_txt_01'] = 'A backup file was created in case of an error during a username or password change. Therefore, it may contain old information and should be deleted if not needed. In any case, it will be automatically overwritten on the next password or username change.';
@@ -254,13 +259,11 @@
 $_['change_pw_04'] = '"New" and "Confirm New" values do not match.';
 $_['change_pw_05'] = 'Updating';
 $_['change_pw_06'] = 'external config file';
-$_['change_pw_07'] = 'All fields are required.';
+$_['change_pw_07'] = 'All fields are required.'; //## NT ##
 
 $_['change_un_01'] = 'Username changed!';
 $_['change_un_02'] = 'Username NOT changed.';
 
-$_['update_failed'] = 'Update failed - could not save file.';
-
 $_['mcd_msg_01'] = 'file(s) and/or folder(s) moved.';
 $_['mcd_msg_02'] = 'file(s) and/or folder(s) copied.';
 $_['mcd_msg_03'] = 'file(s) and/or folder(s) deleted.';
diff --git a/languages/OneFileCMS.LANG.ES.php b/languages/OneFileCMS.LANG.ES.php
index 0686de7..223d4be 100755
--- a/languages/OneFileCMS.LANG.ES.php
+++ b/languages/OneFileCMS.LANG.ES.php
@@ -1,5 +1,5 @@
 <?php
-// OneFileCMS Language Settings v3.6.03
+// OneFileCMS Language Settings v3.6.06
 
 $_['LANGUAGE'] = 'Espanõla';
 $_['LANG'] = 'ES';
@@ -71,7 +71,6 @@
 $_['Upload']     = 'Subir';
 $_['Username']   = 'Usuario';
 $_['View']       = 'Ver';
-$_['Working']    = 'Working - please wait...'; //## NT ##
 
 $_['Log_In']             = 'Iniciar Sesión';
 $_['Log_Out']            = 'Cerrar Sesión';
@@ -104,6 +103,11 @@
 $_['Not_found']          = 'No encontrado';
 $_['Invalid_path']       = 'Invalid path'; //## NT ##
 $_['must_be_decendant']  = '$DEFAULT_PATH must be a decendant of, or equal to, $ACCESS_ROOT'; //## NT ##
+$_['Update_failed']      = 'Update failed.'; //## NT ##
+$_['Working']            = 'Working - please wait...'; //## NT ##
+$_['Enter_to_edit']      = '[Enter] to edit'; //## NT ##
+$_['Press_Enter']        = 'Press [Enter] to save changes. Press [Esc] or [Tab] to cancel.'; //## NT ##
+$_['Permissions_msg_1']  = 'Permissions must be exactly 3 or 4 octal digits (0-7)'; //## NT ##
 
 $_['verify_msg_01']     = 'Sesión expirada.';
 $_['verify_msg_02']     = 'POST INVÁLIDO';
@@ -145,6 +149,7 @@
 $_['edit_txt_01'] = 'No texto o tipo de archivo desconocido. Edición deshabilitada.';
 $_['edit_txt_02'] = 'El archivo posiblemente contiene un caracter desconocido. Edición deshabilitada.';
 $_['edit_txt_03'] = 'htmlspecialchars() devolvió una cadena vacía de lo que debería ser un archivo válido.';
+$_['edit_txt_04'] = 'Este comportamiento puede ser inconsistente de versión a versión de PHP.';
 $_['edit_txt_05'] = 'El archivo es de sólo lectura.';
 
 $_['too_large_to_edit_01'] = 'Edición deshabilita. Tamaño >';
@@ -213,7 +218,7 @@
 $_['OFCMS_requires']  = 'OneFileCMS necesita PHP';
 $_['logout_msg']      = 'Has cerrado la sesión satisfactoriamente.';
 $_['edit_caution_01'] = 'PRECAUCIÓN';
-$_['edit_caution_02'] = 'Estás editando la copia activa de OneFileCMS - ¡HACÉ UNA COPIA DE SEGURIDAD Y TENÉ CUIDADO!';
+$_['edit_caution_02'] = 'Estás editando la copia activa de OneFileCMS.';
 $_['time_out_txt']    = 'Tiempo de Espera de Sesión Agotado:';
 
 $_['error_reporting_01'] = 'Display errors is'; //## NT ##
@@ -227,7 +232,7 @@
 $_['admin_txt_01'] = 'Este archivo fue creado en caso de error en caso de cambio fallido de usuario y contraseña. Por ello, puede contener información vieja y debería ser eliminado si no es necesario. De cualquier forma, se sobreescribirá automáticamente en el siguiente cambio de contraseña o usuario.';
 $_['admin_txt_02'] = 'Información General';
 $_['admin_txt_03'] = 'Session Path'; //## NT ##
-$_['admin_txt_04'] = 'Current Session File (changes every page load)';
+$_['admin_txt_04'] = 'Connected to'; //## NT ##
 $_['admin_txt_14'] = 'Para otro tip de seguridad, cambiá la llave de seguridad y/o el método usado por OneFileCMS para almacenar la clave (y mantenelo en secreto, obviamente).  Acordate, cada granito ayuda...';
 $_['admin_txt_16'] = 'Podés usar OneFileCMS para editarlo. Sin embargo, asegurate de hacer un backup...';
 
@@ -259,8 +264,6 @@
 $_['change_un_01'] = '¡Nombre de Usuario Actualizado!';
 $_['change_un_02'] = 'Nombre de Usuario NO Actualizado.';
 
-$_['update_failed'] = 'Actualización fallida. No se pudo guardar el archivo.';
-
 $_['mcd_msg_01'] = 'archivos movidos satisfactoriamente.';
 $_['mcd_msg_02'] = 'archivos copiados satisfactoriamente.';
 $_['mcd_msg_03'] = 'archivos eliminados satisfactoriamente.';
diff --git a/languages/OneFileCMS.LANG.NL.php b/languages/OneFileCMS.LANG.NL.php
index 3f0ac00..d99e7de 100755
--- a/languages/OneFileCMS.LANG.NL.php
+++ b/languages/OneFileCMS.LANG.NL.php
@@ -1,5 +1,5 @@
 <?php
-// OneFileCMS Language Settings v3.6.03
+// OneFileCMS Language Settings v3.6.06
 
 $_['LANGUAGE'] = 'Nederlands (Dutch)';
 $_['LANG'] = 'NL';
@@ -71,7 +71,6 @@
 $_['Upload']     = 'Upload';  //## NT ##
 $_['Username']   = 'Gebruikersnaam';
 $_['View']       = 'Uitzicht';
-$_['Working']    = 'Working - please wait...'; //## NT ##
 
 $_['Log_In']             = 'Inloggen';
 $_['Log_Out']            = 'Uitloggen';
@@ -104,6 +103,11 @@
 $_['Not_found']          = 'Niet gevonden';
 $_['Invalid_path']       = 'Invalid path'; //## NT ##
 $_['must_be_decendant']  = '$DEFAULT_PATH must be a decendant of, or equal to, $ACCESS_ROOT'; //## NT ##
+$_['Update_failed']      = 'Update failed.'; //## NT ##
+$_['Working']            = 'Working - please wait...'; //## NT ##
+$_['Enter_to_edit']      = '[Enter] to edit'; //## NT ##
+$_['Press_Enter']        = 'Press [Enter] to save changes. Press [Esc] or [Tab] to cancel.'; //## NT ##
+$_['Permissions_msg_1']  = 'Permissions must be exactly 3 or 4 octal digits (0-7)'; //## NT ##
 
 $_['verify_msg_01']     = 'Sessie verlopen.';
 $_['verify_msg_02']     = 'ONGELDIGE POST';
@@ -145,6 +149,7 @@
 $_['edit_txt_01'] = 'Non-tekst of onbekend bestandstype. Bewerken uitgeschakeld.';
 $_['edit_txt_02'] = 'Bestand bevat mogelijk een ongeldig teken. Bewerken en weergeven uitgeschakeld.';
 $_['edit_txt_03'] = 'htmlspecialchars() heeft een lege string teruggegeven van wat normaalgesproken een valide bestand is.';
+$_['edit_txt_04'] = 'Dit gedrag kan per versie van PHP verschillen.';
 $_['edit_txt_05'] = 'Bestand is alleen-lezen.';
 
 $_['too_large_to_edit_01'] = 'Bewerken uitgeschakeld. Bestandsgrootte >';
@@ -259,8 +264,6 @@
 $_['change_un_01'] = 'Gebruikersnaam gewijzigd!';
 $_['change_un_02'] = 'Gebruikersnaam NIET gewijzigd.';
 
-$_['update_failed'] = 'Update mislukt - onmogelijk bestand op te slaan.';
-
 $_['mcd_msg_01'] = 'bestanden verplaatst.';
 $_['mcd_msg_02'] = 'bestanden gekopiëerd.';
 $_['mcd_msg_03'] = 'bestanden verwijderd.';
diff --git a/languages/OneFileCMS.LANG.RU.php b/languages/OneFileCMS.LANG.RU.php
index ddb1a05..41945c8 100755
--- a/languages/OneFileCMS.LANG.RU.php
+++ b/languages/OneFileCMS.LANG.RU.php
@@ -1,5 +1,5 @@
 <?php
-// OneFileCMS Language Settings v3.6.03
+// OneFileCMS Language Settings v3.6.06
 
 $_['LANGUAGE'] = 'Russian';
 $_['LANG'] = 'RU';
@@ -71,7 +71,6 @@
 $_['Upload']     = 'Загрузить';
 $_['Username']   = 'Логин';
 $_['View']       = 'вид';
-$_['Working']    = 'Working - please wait...'; //## NT ##
 
 $_['Log_In']             = 'Войти';
 $_['Log_Out']            = 'Выйти';
@@ -104,6 +103,11 @@
 $_['Not_found']          = 'Не найдено';
 $_['Invalid_path']       = 'Invalid path'; //## NT ##
 $_['must_be_decendant']  = '$DEFAULT_PATH must be a decendant of, or equal to, $ACCESS_ROOT'; //## NT ##
+$_['Update_failed']      = 'Update failed.'; //## NT ##
+$_['Working']            = 'Working - please wait...'; //## NT ##
+$_['Enter_to_edit']      = '[Enter] to edit'; //## NT ##
+$_['Press_Enter']        = 'Press [Enter] to save changes. Press [Esc] or [Tab] to cancel.'; //## NT ##
+$_['Permissions_msg_1']  = 'Permissions must be exactly 3 or 4 octal digits (0-7)'; //## NT ##
 
 $_['verify_msg_01']     = 'Сессия истекла.';
 $_['verify_msg_02']     = 'НЕВЕРНЫЙ ЗАПРОС';
@@ -145,6 +149,7 @@
 $_['edit_txt_01'] = 'Неизвестный текст или неизвестный тип файла. Редактирование невозможно.';
 $_['edit_txt_02'] = 'Возможно файл содержит недопустимый символ. Редактирование и Просмотр невозможны.';
 $_['edit_txt_03'] = 'htmlspecialchars() возвращает к предыдущим обновлениям файла.';
+$_['edit_txt_04'] = 'Это поведение зависит от версии вашего PHP.';
 $_['edit_txt_05'] = 'Файл только для чтения.';
 
 $_['too_large_to_edit_01'] = 'Редактирование невозожно. Размер файла >';
@@ -259,8 +264,6 @@
 $_['change_un_01'] = 'Логин изменён!';
 $_['change_un_02'] = 'Логин НЕ изменён.';
 
-$_['update_failed'] = 'Обновление не удалось - файл не сохранился.';
-
 $_['mcd_msg_01'] = 'файлы перемещаются.';
 $_['mcd_msg_02'] = 'файлы копируются.';
 $_['mcd_msg_03'] = 'файлы удалены.';

From 1004bf4fc09859f8405d13ccfe9117974c4e126c Mon Sep 17 00:00:00 2001
From: Self-Evident <selfevidenttruths@mail.com>
Date: Fri, 29 Sep 2017 10:35:15 -0400
Subject: [PATCH 219/228] Version 3.6.07 New language values $_[] values:
 $_['Permissions_msg_1'], $_['Press_Enter'], $_['Enter_to_edit'] Changed
 $_['Update_failed']  from 'Update failed - could not save file.'    to
 'Update failed.' Restored $_['edit_txt_04'] to language files. (Had
 inadvertently removed it previously.) Added Format_Perms(), in both php & js:
 [7777] [ugt rwx rwx rwx]  (js version not yet used.) Added
 Insert_mov_del_ckbox() to index page js.  (Prep for future improvements.)
 Added Cancel_Perm_Changes() to index page js. Improved handling of ckbox &
 permission field events. Cleaned up some inline css.

---
 info/changelog.markdown |   5 +
 onefilecms.php          | 297 +++++++++++++++++++++++++---------------
 2 files changed, 190 insertions(+), 112 deletions(-)

diff --git a/info/changelog.markdown b/info/changelog.markdown
index 4c5f7b5..82c0160 100755
--- a/info/changelog.markdown
+++ b/info/changelog.markdown
@@ -1,5 +1,10 @@
 # OneFileCMS Change Log
 
+### v3.6.07 (2017-09-29)
+
+- Mostly some code improvements.
+- And some css...
+
 ### v3.6.06 (2017-09-27)
 
 - Added ability to edit file permissions.
diff --git a/onefilecms.php b/onefilecms.php
index 2e5666d..3fceb3e 100755
--- a/onefilecms.php
+++ b/onefilecms.php
@@ -2,7 +2,7 @@
 
 // OneFileCMS - github.com/Self-Evident/OneFileCMS
 
-$OFCMS_version = '3.6.06';
+$OFCMS_version = '3.6.07';
 
 //If language values changed, don't forget the Language Settings version.
 
@@ -382,7 +382,7 @@ function System_Setup() {//*****************************************************
 
 function Default_Language() { // ***********************************************
 	global $_;
-// OneFileCMS Language Settings v3.6.0x  (Not always in sync with OFCMS version#, if no changes to displayed wording.)
+// OneFileCMS Language Settings v3.6.07  (Not always in sync with OFCMS version#, if no changes to displayed wording.)
 
 $_['LANGUAGE'] = 'English';
 $_['LANG'] = 'EN';
@@ -411,7 +411,7 @@ function Default_Language() { // ***********************************************
 $_['select_all_label_width'] = '72px';    //Width of space for $_['Select_All']
 
 $_['HTML']    = 'HTML';
-$_['WYSIWYG'] = 'WYSIWYG';
+$_['WYSIWYG'] = 'WYSIWYG'; //...
 
 $_['Admin']      = 'Admin';
 $_['bytes']      = 'bytes';
@@ -439,7 +439,7 @@ function Default_Language() { // ***********************************************
 $_['Invalid']    = 'Invalid'; //## NT ## as of 3.5.23
 $_['Move']       = 'Move';
 $_['Moved']      = 'Moved';
-$_['Name']       = 'Name';
+$_['Name']       = 'Name';   //...
 $_['on']         = 'on';
 $_['off']        = 'off';
 $_['Password']   = 'Password';
@@ -448,7 +448,7 @@ function Default_Language() { // ***********************************************
 $_['save_1']     = 'Save';
 $_['save_2']     = 'SAVE CHANGES';
 $_['Size']       = 'Size';
-$_['Source']     = 'Source';
+$_['Source']     = 'Source'; //## NT ##
 $_['successful'] = 'successful';
 $_['To']         = 'To';
 $_['Upload']     = 'Upload';
@@ -484,11 +484,14 @@ function Default_Language() { // ***********************************************
 $_['New_Location']       = 'New Location';
 $_['No_files']           = 'No files selected.';
 $_['Not_found']          = 'Not found';
-$_['Invalid_path']       = 'Invalid path';
+$_['Invalid_path']       = 'Invalid path'; //## NT ##
 $_['must_be_decendant']  = '$DEFAULT_PATH must be a decendant of, or equal to, $ACCESS_ROOT'; //## NT ## as of 3.5.23
 $_['Update_failed']      = 'Update failed';
-$_['Working']            = 'Working - please wait...';
+$_['Working']            = 'Working - please wait...'; //## NT ##
 
+$_['Enter_to_edit']		= '[Enter] to edit'; //## NT ## as of 3.6.07
+$_['Press_Enter']       = 'Press [Enter] to save changes. Press [Esc] or [Tab] to cancel.'; //## NT ## as of 3.6.07
+$_['Permissions_msg_1'] = 'Permissions must be exactly 3 or 4 octal digits (0-7)';  //## NT ## as of 3.6.07
 $_['verify_msg_01']     = 'Session expired.';
 $_['verify_msg_02']     = 'INVALID POST';
 $_['get_get_msg_01']    = 'File does not exist:';
@@ -597,7 +600,7 @@ function Default_Language() { // ***********************************************
 $_['confirm_reset']   = 'Reset file and loose unsaved changes?';
 $_['OFCMS_requires']  = 'OneFileCMS requires PHP';
 $_['logout_msg']      = 'You have successfully logged out.';
-$_['edit_caution_01'] = 'CAUTION'; //##### No longer used as of 3.5.07
+$_['edit_caution_01'] = 'CAUTION';
 $_['edit_caution_02'] = 'You are viewing the active copy of OneFileCMS.'; //## NT ## changed wording 3.5.07
 $_['time_out_txt']    = 'Session time out in:';
 
@@ -1370,7 +1373,7 @@ function Cancel_Submit_Buttons($submit_label) {//*******************************
 	<p>
 	<button type="button" class="button" id="cancel" onclick="parent.location = '<?php echo $ONESCRIPT.$params ?>'">
 		<?php echo hsc($_['Cancel']) ?></button>
-	<button type="submit" class="button" id="submitty" style="margin-left: 1em;"><?php echo hsc($submit_label);?></button>
+	<button type="submit" class="button" id="submitty"><?php echo hsc($submit_label);?></button>
 	<script>E("cancel").focus();</script>
 <?php
 }//end Cancel_Submit_Buttons() //***********************************************
@@ -1580,7 +1583,7 @@ function List_Backups_and_Logs() {//********************************************
 		echo '</table>';
 		
 		if ($backup_found) {
-			echo '<p style="margin-top: .5em"><b>'.hsc($_['admin_txt_00']).'</b></p>';
+			echo '<p><b>'.hsc($_['admin_txt_00']).'</b></p>';
 			echo '<p>'.hsc($_['admin_txt_01']);
 		}
 		echo '<hr>';
@@ -1716,7 +1719,7 @@ function Change_PWUN_Page($pwun, $type, $page_title, $label_new, $label_confirm)
 		
 		<p><input type="button" class="button" id="cancel" value="<?php echo hsc($_['Cancel']) ?>"
 			onclick="parent.location = '<?php echo $ONESCRIPT.$params ?>'">
-		<input type="button" class="button"    id="submitty" value="<?php echo hsc($_['Submit']) ?>" style="margin-left: 1em;">
+		<input type="button" class="button"    id="submitty" value="<?php echo hsc($_['Submit']) ?>">
 		
 		<script>E('password').focus()</script>
 	</form>
@@ -1969,7 +1972,7 @@ function Create_Table_for_Listing() {//*****************************************
 		</div>
 	</th>
 	
-	<th style="font-family: courier">sogw</th>  <!-- //##### move css to style sheet -->
+	<th class=mono>sogw</th>
 	
 	<th class=file_name>
 		<div id=ff_ckbox_div class=ckbox>
@@ -1987,8 +1990,7 @@ function Create_Table_for_Listing() {//*****************************************
 	</tr>
 
 	<tr><?php // "../" directory entry ?>
-		<td colspan=4></td>
-		<td style="font-family: courier"></td>
+		<td colspan=5 id=header_msg></td>
 		<td>
 <?php		if ($ipath == $ACCESS_ROOT) {
 				echo '<a id=f0c5 tabindex='.$TABINDEX++.'>&nbsp;</a>';
@@ -2892,52 +2894,72 @@ function MCD_response($action, $msg1, $success_msg = '') {//********************
 
 
 
-function Update_File_Permissions() { //*****************************************
+function Format_Perms($perms_oct) {//*******************************************
+	//$pemrs_oct is a 3 or 4 digit octal string (7777).
+
+    //file                 file   | s s s | owner | group | world  
+    //permissions         t y p e | u g t | r w x | r w x | r w x
+	//                    
+    //bits        | 0 0 1 | 4 2 1 | 4 2 1 | 4 2 1 | 4 2 1 | 4 2 1
+	//octal             1     7       7       7       7       7
+	//
+    //bits                  8 4 2 1 | 8 4 2 1 | 8 4 2 1 | 8 4 2 1
+	//hex                      F         F         F         F
+
+	$ugt = ['---', '--t', '-g-', '-gt', 'u--', 'u-t', 'ug-', 'ugt']; //SetUid SetGid sTicky
+	$rwx = ['---', '--x', '-w-', '-wx', 'r--', 'r-x', 'rw-', 'rwx'];
+
+	if (strlen($perms_oct) > 3) { $ugidsticky = substr($perms_oct, -4, 1); }
+	else 						{ $ugidsticky = 0; }
+	$owner = substr($perms_oct, -3, 1);
+	$group = substr($perms_oct, -2, 1);
+	$world = substr($perms_oct, -1, 1);
+	
+	return "[$perms_oct][".$ugt[$ugidsticky]." ".$rwx[$owner]." ".$rwx[$group]." ".$rwx[$world]."]";
+
+}//end Format_Perms() {//*******************************************************
+
+
+
+
+function Update_File_Permissions() {//******************************************
 	//Validate new_perms & update.
 	//$_POST['new_perms'] must be an octal value with 3 or 4 digits (0-7) only.
-	global $_, $ACCESS_ROOT, $ACCESS_ROOT_len, $MESSAGE;
+	global $_, $MESSAGE;
 	
 	$new_perms   = trim($_POST['new_perms']);
 	$len         = strlen($new_perms);
-	$errors      = 0;
+	$errors      = 0; //No errrors
 	$ipath		 = $_POST['ipath'];
 	$ipath_OS	 = Convert_encoding($ipath);
 	$filename	 = $_POST['perms_filename'];
 	$filename_OS = Convert_encoding($ipath.$filename); //Full path/filename
 
 	//Verify that each digit is octal (0-7), and that $new_perms is only 3 or 4 digits in length.
-	$digit = "";
-	for ($p = 0; $p < $len; $p++) {
-		$digit = substr($new_perms, $p, 1);
-		if (($digit < '0') || ($digit > '7')) {
-			$errors++ ; break;
-		}
-	}
-	if (($len < 3) || ($len > 4)) {
-		$errors++;
-	}
-	//##### 													//##### Needs language $_[]
-	if ($errors) { $MESSAGE .= $_['Invalid'].": [$new_perms]. Must be exactly 3 or 4 octal digits (0-7)"; }
+	if (preg_match("/^[0-7]{3,4}$/", $new_perms) != 1) { $errors++; }
 
-	//Validate path & filename.
-	if (!Valid_Path($ipath_OS, false)) { $MESSAGE = $_['Invalid_path'].". \n"; }
-	if (!file_exists($filename_OS))    { $MESSAGE .= $_['get_get_msg_01']."\n "; }
+	if ($errors > 0) { $MESSAGE .= "<b>".$_['Invalid'].": [$new_perms]</b> ".$_['Permissions_msg_1']."."; }
 
-	if (!$errors) { 
+	//Validate path & filename. Valid_Path() required to prevent access outside $ACCESS_ROOT.
+	if (!Valid_Path($ipath_OS, false)) {  $errors++; $MESSAGE .= $_['Invalid_path'].". \n"; }
+	if (!file_exists($filename_OS))    {  $errors++; $MESSAGE .= $_['get_get_msg_01']."\n "; }
+
+	if ($errors == 0) { 
 		//Update the file permissions...
-		$chmod = chmod($filename_OS, octdec($new_perms));
-		if (!$chmod) {
+		if (!chmod($filename_OS, octdec($new_perms))) {
 			$errors++;
-			$MESSAGE .= "<b>".$_['Update_failed'].":</b> <span class=mono>";
-			$MESSAGE .= "chmod(\"$filename_OS\", octdec($new_perms))</span>";
+			$MESSAGE .= "<b>".$_['Update_failed'].":</b> <span ";
+			$MESSAGE .= "class=mono>chmod(\"$filename_OS\", octdec($new_perms))</span>";
 		}
 	}
 	clearstatcache ();
 	$new_perms = decoct((fileperms($filename_OS) & 07777)); //May not actually be new, if update failed.
+	$new_perms = str_pad($new_perms, 3, "0", STR_PAD_LEFT); //Always at least three digits:  000
+
 
 	if ($errors == 0) {
 		$MESSAGE .= "<b>".hsc($_['meta_txt_03'])."</b> ";
-		$MESSAGE .= "<span class=mono> <b>[".hsc($new_perms)."]</b> ".hsc($filename)."</span><br>";
+		$MESSAGE .= "<span class=mono> <b>".Format_Perms($new_perms)."</b> ".hsc($filename)."</span><br>";
 	}
 
 	$new_perms_response = "";
@@ -3536,7 +3558,7 @@ function Index_Page_events() {//************************************************
 
 
 
-function Perms_onkeydown(event, $perms) {//***************************
+function Perms_onkeydown(event, $perms, filename) {//*****************
 
 	//Get key pressed...
 	if (!event) {var event = window.event;} //for IE
@@ -3549,11 +3571,9 @@ function Perms_onkeydown(event, $perms) {//***************************
 		$perms.readOnly = !$perms.readOnly;
 		if ($perms.readOnly) {
 			Display_Messages("");
-			$perms.style.backgroundColor = "";  //##### Remove .class instead?
-			$perms.style.boxShadow = "";		//##### Remove .class instead? 
+			$perms.classList.remove("edit_perms");
 			
-			//onchange doesn't seem to occur until looses focus, which ENTER doesn't do.
-			if ($perms.value != $perms.prior_value) { $perms.onchange(); }
+			if ($perms.value != $perms.prior_value) { Validate_and_Post($perms, filename); }
 		}
 		else {
 			Enable_Edit_Perms($perms);
@@ -3567,14 +3587,8 @@ function Perms_onkeydown(event, $perms) {//***************************
 
 	event.stopPropagation();
 
-	//if ESC or TAB, cancel any changes, & return to readonly.
-	if ((key == 27) || (key == TAB)) {
-		$perms.value = $perms.prior_value;
-		Display_Messages("");
-		$perms.readOnly = true;
-		$perms.style.backgroundColor = "";	//##### Remove .class instead?
-		$perms.style.boxShadow = "";		//##### Remove .class instead?
-	}//end ESC or TAB
+	//if ESC or TAB...
+	if ((key == 27) || (key == TAB)) { Cancel_Perm_Changes($perms) }
 
 	Octal_Input_Only(event);
 
@@ -3585,17 +3599,22 @@ function Perms_onkeydown(event, $perms) {//***************************
 
 
 
+function Cancel_Perm_Changes($perms) {//******************************
+		$perms.value = $perms.prior_value;
+		$perms.readOnly = true;
+		$perms.classList.remove("edit_perms");
+		Display_Messages("");
+}//end Cancel_Perm_Changes() {//**************************************
+
+
+
+
 function Directory_Events($ckbox, $perms, $file, filename) {//********
 
-	//##### add/remove a class instead of setting/clearing value directly? ##############
-	$ckbox.onfocus   = function() { $ckbox.parentNode.style.backgroundColor = "rgb(255,240,140)"; }
-	$ckbox.onblur    = function() { $ckbox.parentNode.style.backgroundColor = ""; }
+	$ckbox.onfocus   = function() { this.parentNode.classList.add("ckbox_parent");    }
+	$ckbox.onblur    = function() { this.parentNode.classList.remove("ckbox_parent"); }
 
-	$perms.onblur	 = function(event) {
-		$perms.readOnly = true;
-		$perms.style.backgroundColor = "";	//##### Remove .class instead?
-		$perms.style.boxShadow = "";		//##### Remove .class instead?
-	}
+	$perms.onblur	 = function(event) { Cancel_Perm_Changes($perms) }
 
 	$perms.onfocus   = function(event) {
  		var deselect = function() { $perms.setSelectionRange(0, 0); }
@@ -3603,9 +3622,7 @@ function Directory_Events($ckbox, $perms, $file, filename) {//********
 		$perms.prior_value = $perms.value;
 	}
 
-	$perms.onkeydown = function(event) { return Perms_onkeydown(event, $perms); }
-
-	$perms.onchange  = function(event) { Validate_and_Post($perms, filename); }
+	$perms.onkeydown = function(event) { return Perms_onkeydown(event, $perms, filename); }
 
 	$perms.onclick   = function(event) { Enable_Edit_Perms($perms); }
 
@@ -3618,23 +3635,20 @@ function Validate_and_Post($perms, filename) { //*********************
 
 	$perms.value = $perms.value.trim();
 	
-	//$perms.onchange sometimes fires when there isn't any. Usually by $perms.onblur, 
-	//after perms already updated by a $perms.onchange(), in Perms_onkeydown(), after [Enter].
 	if ($perms.value == $perms.prior_value) { return };
 
 	//Verify that each digit is octal (0-7), and that $perms is only 3 or 4 digits in length.
 	var octal = /^[0-7]{3,4}$/;
-	var valid =  octal.test($perms.value);
+	var valid =  octal.test($perms.value); 
 
 	if (!valid) {
-		var msg  = "<b>" + hsc("<?php echo $_['Invalid'] ?>: [" + $perms.value + "].") + "</b>";
-		    msg += hsc(" Permissions must be exactly 3 or 4 octal digits (0-7).");  		//##### Needs language $_[]; //#####
+		var msg  = "<b>" + hsc("<?php echo $_['Invalid'] ?>: [" + $perms.value + "]") + "</b> ";
+		    msg += hsc("<?php echo $_['Permissions_msg_1'] ?>.");
 		$perms.value = $perms.prior_value;
 		Display_Messages(msg);
 		return false;
 	}
 
-	$perms.prior_value = $perms.value;
 	Post_New_File_Perms($perms, filename);
 
 	return true;
@@ -3645,14 +3659,14 @@ function Validate_and_Post($perms, filename) { //*********************
 
 function Enable_Edit_Perms($perms) {//********************************
 
-	//##### NEED LANGUAGE $_[] values #####################################################
-	var msg = "Press [Enter] to save changes. Press [Esc] or [Tab] to cancel.";
+	var msg = hsc(" <?php echo $_['Press_Enter'] ?>");
 
 	Display_Messages(msg);
 	$perms.readOnly = false;
 	$perms.setSelectionRange(0, 0); //Just for consistency.
-	$perms.style.backgroundColor = "rgb(255,240,140)";	//##### Add .class instead?
-	$perms.style.boxShadow = "0 0 10px 2px #F44";		//##### Add .class instead?
+
+	$perms.classList.add("edit_perms");
+
 }//end Enable_Edit_Perms() {//****************************************
 
 
@@ -3661,9 +3675,8 @@ function Enable_Edit_Perms($perms) {//********************************
 function Octal_Input_Only(event) { //*********************************
 	//Restrict input to digits & a few special keys.
 
-	//##### This function works with keyboards, but may inhibit number inputs on 
-	//##### touchscreens / android / Samsung Galaxy S III mini / etc.  I don't know.
-	//##### return;
+	//This function works with keyboards, but not touchscreens etc.
+	//However, total input is validated on enter anyway, regardless of device.
 
 	function Stop_Prop(event) { event.stopImmediatePropagation() }
 
@@ -3873,6 +3886,46 @@ function Init_Dir_table_rows(DIR_LIST) {//****************************
 
 
 
+//********************************************************************
+function Insert_mov_del_ckbox(IS_OFCMS, row, cells, writable, href, f_or_f, filename, tabindex) {
+
+	//Assemble [mov], [del], & [x]
+	//[mov], [del], and [x] are not available for OFCMS or readonly files.
+	//([copy] & [perms] are always available)
+	//The empty <a>'s are to accommodate keyboard nav via onkeydown() in Index_Page_events()...
+
+	var ren_id   = 'f' + row + 'c0';
+	var del_id	 = 'f' + row + 'c2';
+	var ckbox_id = 'f' + row + 'c3';
+
+	var mov = del = ckbox = '';
+
+	if (IS_OFCMS || !writable) {
+		//Used when file is read only, or IS_OFCMS.  (These options are unavailable.)
+		mov   = '<a id=' + ren_id   + ' tabindex='+ (tabindex + 0) +'>&nbsp;</a>'
+		del   = '<a id=' + del_id   + ' tabindex='+ (tabindex + 2) +'>&nbsp;</a>'
+		ckbox = '<a id=' + ckbox_id + ' tabindex='+ (tabindex + 3) +'>&nbsp;</a>'
+	}
+	else {
+		//Used when file is writable.
+		mov    = '<a id=' + ren_id + ' tabindex='+ (tabindex + 0) +' class=MCD href="' + href + '&amp;p=rename' + f_or_f;
+		mov   += '" title="<?php echo hsc($_['Ren_Move']) ?>">' + ICONS['ren_mov'] + '</a>';
+		del    = '<a id=' + del_id + ' tabindex='+ (tabindex + 2) +' class=MCD href="' + href + '&amp;p=delete' + f_or_f;
+		del   += '" title="<?php echo hsc($_['Delete'])   ?>">' + ICONS['delete']  + '</a>';
+		ckbox  = '<div class=ckbox><INPUT id=' + ckbox_id + ' tabindex='+ (tabindex + 3);
+		ckbox += ' TYPE=checkbox class=select_file NAME="files[]"  VALUE="'+ hsc(filename) +'"></div>';
+	}
+
+	//fill the <td>'s
+	cells[0].innerHTML = mov;
+	cells[2].innerHTML = del;
+	cells[3].innerHTML = ckbox;
+
+}//end Insert_mov_del_ckbox() {//*************************************
+
+
+
+
 //********************************************************************
 function Assemble_Insert_row(IS_OFCMS, row, trow, href, f_or_f, filename, file_name, file_size, file_time){
 
@@ -3887,56 +3940,33 @@ function Assemble_Insert_row(IS_OFCMS, row, trow, href, f_or_f, filename, file_n
 	row++;
 
 	//[Move] [Copy] [Delete] [x] [perms]
-	var ren_mov  = copy = del = checkbox = perms = cells = '';
+	var ren_mov  = copy = del = checkbox = perms = '';
+	var cells = trow.cells;
 
-	var ren_id   = 'f' + row + 'c0';
 	var copy_id  = 'f' + row + 'c1';
-	var del_id	 = 'f' + row + 'c2';
 	var ckbox_id = 'f' + row + 'c3';
 	var perms_id = 'f' + row + 'c4';
 	var file_id  = 'f' + row + 'c5';
 
 	var sogw = DIRECTORY_DATA[row - 1][6] + ""; //File permissions (suid sgid sticky)(owner)(group)(world)
 	sogw = parseInt(sogw,8);
-	var writable = (sogw & 0o200)/0o0200;  //Only check file owner write bit.
+	var writable = (sogw & 0o200)/0o200;  //Only check file owner write bit.
 
-	//Assemble [move] [copy] [delete] [x] [perms]  ([copy] & [perms] are always available)
-	//[move], [delete], and [x] are not available for OFCMS or readonly files.
-	//The empty <a>'s are to accommodate keyboard nav via onkeydown() in Index_Page_events()...
-
-	if (IS_OFCMS || !writable) { //[Move] not available
-		ren_mov  = '<a id=' + ren_id + ' tabindex='+ (TABINDEX++) +'>&nbsp;</a>'
-	}
-	else {
-		ren_mov  = '<a id=' + ren_id + ' tabindex='+ (TABINDEX++) +' class=MCD href="';
-		ren_mov += href + '&amp;p=rename' + f_or_f + '" ';
-		ren_mov += 'title="<?php echo hsc($_['Ren_Move']) ?>">' + ICONS['ren_mov'] + '</a>';
-	}
+	//[mov], [del], & [x] are only available when while is writable.
+	Insert_mov_del_ckbox(IS_OFCMS, row, cells, writable, href, f_or_f, filename, TABINDEX);
 
-	copy  = '<a id=' + copy_id + ' tabindex='+ (TABINDEX++) +' class=MCD href="' + href + '&amp;p=copy'   + f_or_f;
+	//[copy] & [perms] are always available.
+	copy  = '<a id=' + copy_id + ' tabindex='+ (TABINDEX + 1) +' class=MCD href="' + href + '&amp;p=copy'   + f_or_f;
 	copy += '" title="<?php echo hsc($_['Copy'])     ?>">' + ICONS['copy']    + '</a>';
 
-	if (IS_OFCMS || !writable) { //[delete] & [checkbox] are not available
-		del      = '<a id=' + del_id + '   tabindex='+ (TABINDEX++) +'>&nbsp;</a>'
-		checkbox = '<a id=' + ckbox_id + ' tabindex='+ (TABINDEX++) +'>&nbsp;</a>'
-	}
-	else {
-		del       = '<a id=' + del_id + ' tabindex='+ (TABINDEX++) +' class=MCD href="' + href + '&amp;p=delete' + f_or_f;
-		del		 += '" title="<?php echo hsc($_['Delete'])   ?>">' + ICONS['delete']  + '</a>';
-		checkbox  = '<div class=ckbox><INPUT id=' + ckbox_id + ' tabindex='+ (TABINDEX++);
-		checkbox += ' TYPE=checkbox class=select_file NAME="files[]"  VALUE="'+ hsc(filename) +'"></div>';
-	}
-
-	perms  = '<input id=' + perms_id + ' class=perms tabindex=' + (TABINDEX++) ;
+	perms  = '<input id=' + perms_id + ' class=perms tabindex=' + (TABINDEX + 4) ;
 	perms += ' value="' + DIRECTORY_DATA[row - 1][6]+ '" maxlength=4 readonly>';
 
+	TABINDEX = TABINDEX + 5;
 
 	//fill the <td>'s
-	cells = trow.cells;
-	cells[0].innerHTML = ren_mov;
+	//( 0, 2, & 3 are filled in Insert_mov_del_ckbox() )
 	cells[1].innerHTML = copy;
-	cells[2].innerHTML = del;
-	cells[3].innerHTML = checkbox;
 	cells[4].innerHTML = perms;
 	cells[5].innerHTML = file_name;
 	cells[6].innerHTML = file_size;
@@ -4090,6 +4120,37 @@ function Confirm_Submit(action) {//***********************************
 	E('mcdselect').submit(); //submit form.
 }//end Confirm_Submit() //********************************************
 
+
+
+
+function Format_Perms(perms_oct) {//**********************************
+	//##### Not used yet. Had grand ideas, but now not sure...
+	//returns [7777][ugt rwx rwx rwx]
+
+	//$pemrs_oct is a 3 or 4 digit octal string (7777).
+	
+    //file                 file   | s s s | owner | group | world  
+    //permissions         t y p e | u g t | r w x | r w x | r w x
+	//                    
+    //bits        | 0 0 1 | 4 2 1 | 4 2 1 | 4 2 1 | 4 2 1 | 4 2 1
+	//octal             1     7       7       7       7       7
+	//
+    //bits                  8 4 2 1 | 8 4 2 1 | 8 4 2 1 | 8 4 2 1
+	//hex                      F         F         F         F
+
+	var ugt = ['---', '--t', '-g-', '-gt', 'u--', 'u-t', 'ug-', 'ugt']; //setUid setGid sTicky
+	var rwx = ['---', '--x', '-w-', '-wx', 'r--', 'r-x', 'rw-', 'rwx'];
+
+	if ((perms_oct.length * 1) > 3) { var ugidsticky = perms_oct.substr(-4, 1); }
+	else							{ var ugidsticky = 0; }
+	var owner = perms_oct.substr(-3, 1);
+	var group = perms_oct.substr(-2, 1);
+	var world = perms_oct.substr(-1, 1);
+	
+	return "[" + perms_oct + "][" + ugt[ugidsticky] + " " + rwx[owner] + " " + rwx[group] + " " + rwx[world] + "]";
+
+}//end Format_Perms() {//*********************************************
+
 </script>
 
 <?php
@@ -4756,7 +4817,7 @@ function style_sheet() {//******************************************************
 	}
 
 
-#message_box { border: none; margin: .5em 0 .5em 0; padding: 0; min-height: 1.88em;}
+#message_box { border: none; margin: .2em 0 .1em 0; padding: 0; min-height: 3em; }
 
 .message_box_contents { border: 1px solid gray; padding: 3px 2px 2px 4px; background: #FFF000; }
 
@@ -4779,6 +4840,9 @@ function style_sheet() {//******************************************************
 
 .filename { font-family: courier; }
 
+#submitty { margin-left: 1em; }
+#hr_bottom { border-color: white; }
+
 
 /* ------ INDEX Page ------ */
 
@@ -4845,13 +4909,13 @@ function style_sheet() {//******************************************************
 	font-size: .95em;
 	border         : 1px solid #777;
 	border-collapse: collapse;
-	margin: .5em 0 0 0;
+	margin: .5em 0 .5em 0;
 	background-color: #FFF;
 	}
 
 table.index_T tr:hover {border: 1px solid #777; background-color: #EEE}
 table.index_T th { border: 1px inset silver; vertical-align: middle; text-align: center; padding: 0 ;}
-table.index_T td { border: 1px inset silver; vertical-align: middle;}
+table.index_T td { border: 1px inset silver; vertical-align: middle; white-space: nowrap; }
 table.index_T th:hover { background-color: white;}
 
 .index_T td a {	display: block; border: none; padding: 2px 4px 2px 4px; overflow : hidden; }
@@ -4890,11 +4954,20 @@ function style_sheet() {//******************************************************
 	width: 2.4rem;
 	padding: 2px 2px;
 	border: solid 1px transparent;
+	background-color: transparent;
 	text-align: right;
 }
 
+
 td.perms { padding: 0; }
 
+input.perms.edit_perms { background-color: rgb(255,240,140); box-shadow: 0 0 10px 2px #F44; }
+
+.perms:focus { border: solid 1px transparent; background-color: #DDD }
+
+.ckbox.ckbox_parent { background-color: rgb(255,240,140); }
+
+
 #DIRECTORY_FOOTER {text-align: center; font-size: .9em; color: #333; padding: 3px 0 0 0; }
 
 
@@ -5347,7 +5420,7 @@ function Load_style_sheet() {//*************************************************
 //footer...
 if ($_SESSION['valid']) {
 	//Countdown timer
-	echo "<hr style='border-color: white;'>\n";
+	echo "<hr id=hr_bottom>\n";
 	echo "<span id=timer0  class='timer timeout'></span>";
 	echo "<span class=timeout>".hsc($_['time_out_txt'])."</span>";
 

From bae1ec972f4bc21d50cd4c9b2bcb70fcfd1fada5 Mon Sep 17 00:00:00 2001
From: Self-Evident <selfevidenttruths@mail.com>
Date: Sat, 30 Sep 2017 11:00:08 -0400
Subject: [PATCH 220/228] Version 3.6.08 [Mov], [Del], & [X] now show/hide as
 needed as perms are changed (owner write bit). Some restructuring/refactoring
 in:   Init_Dir_table_rows(), Insert_mov_del_ckbox(), Assemble_Insert_row(),
 Build_Directory(),   Split Insert_mov_del_ckbox() into Assemble_mdx() &
 Insert_mdx(). Fixed minor perms bug (if changed perms, then resorted dir
 list, would show old perms value).   Perms_Update_Response()
 Index_Page_events() - moved some "hard coded" colors to .classes In header,
 "(on php 5.x.x)" version & phpinfo link now only shows on Admin page. Minor
 wording change in readme "Limitations" section. Tweaked some class names. And
 some css.

---
 info/changelog.markdown |   7 +
 onefilecms.php          | 275 +++++++++++++++++++++++-----------------
 readme.markdown         |   8 +-
 3 files changed, 171 insertions(+), 119 deletions(-)

diff --git a/info/changelog.markdown b/info/changelog.markdown
index 82c0160..5fc87a1 100755
--- a/info/changelog.markdown
+++ b/info/changelog.markdown
@@ -1,5 +1,12 @@
 # OneFileCMS Change Log
 
+### v3.6.07 (2017-09-30)
+
+- Fixed minor issue where if perms changed, new value not always displayed.
+- A bit of restructure/refactor of perm & Assemble_Insert_Row() related functions.
+- "(on php 5.x.x)" version, and link to phpinfo, now only shows on Admin page.
+- Andd some css...
+
 ### v3.6.07 (2017-09-29)
 
 - Mostly some code improvements.
diff --git a/onefilecms.php b/onefilecms.php
index 3fceb3e..01b3272 100755
--- a/onefilecms.php
+++ b/onefilecms.php
@@ -2,7 +2,7 @@
 
 // OneFileCMS - github.com/Self-Evident/OneFileCMS
 
-$OFCMS_version = '3.6.07';
+$OFCMS_version = '3.6.08';
 
 //If language values changed, don't forget the Language Settings version.
 
@@ -1344,8 +1344,9 @@ function Page_Header() {//******************************************************
 	echo '<div id="header">';
 		echo '<a href="'.$ONESCRIPT.'" id="logo" tabindex='.$TABINDEX++.'>'.hsc($MAIN_TITLE).'</a> '.$OFCMS_version.' ';
 		
-		$on_php = '('.hsc($_['on']).'&nbsp;php&nbsp;'.phpversion().')';
-		if ($_SESSION["valid"]) {
+		$on_php = '';
+		if ($page == "admin") {
+			$on_php = '('.hsc($_['on']).'&nbsp;php&nbsp;'.phpversion().')';
 			$on_php = '<a id=on_php tabindex='.($TABINDEX++).' href="'.$ONESCRIPT.'?p=phpinfo'.'" target=_blank>'.$on_php.'</a>';
 		}
 		echo $on_php;
@@ -3316,7 +3317,6 @@ function Index_Page_events() {//************************************************
 var Copy_Button			= E('b2');
 var Delete_Button		= E('b3');
 
-var highlight1 = "rgb(255,250,150)";
 
 E('header_filename').focus();
 
@@ -3329,24 +3329,24 @@ function Index_Page_events() {//************************************************
 E('select_all_ckbox').onclick = function () {Select_All();}
 
 
-E('select_all_ckbox').onfocus = function() {
-	E('select_all_ckbox').parentNode.style.backgroundColor = highlight1;
-	E('select_all_label').style.backgroundColor = highlight1;
+E('select_all_ckbox').onfocus = function() {  //ckbox_label_focus
+	this.parentNode.classList.add("ckbox_label_focus");
+	E('select_all_label').classList.add("ckbox_label_focus");
 }
 E('select_all_ckbox').onblur = function() {
-	E('select_all_ckbox').parentNode.style.backgroundColor = "";
-	E('select_all_label').style.backgroundColor = "";
+	this.parentNode.classList.remove("ckbox_label_focus");
+	E('select_all_label').classList.remove("ckbox_label_focus");
 }
 
 
 E('folders_first_ckbox').onfocus = function() {
-	E('folders_first_ckbox').parentNode.style.backgroundColor = highlight1;
-	E('folders_first_label').style.backgroundColor = highlight1;
+	this.parentNode.classList.add("ckbox_label_focus");
+	E('folders_first_label').classList.add("ckbox_label_focus");
 }
 
 E('folders_first_ckbox').onblur = function() {
-	E('folders_first_ckbox').parentNode.style.backgroundColor = "";
-	E('folders_first_label').style.backgroundColor = "";
+	this.parentNode.classList.remove("ckbox_label_focus");
+	E('folders_first_label').classList.remove("ckbox_label_focus");
 }
 
 E('folders_first_ckbox').onclick = function () {Sort_and_Show(SORT_by, SORT_order); this.focus();}
@@ -3362,8 +3362,6 @@ function Index_Page_events() {//************************************************
 	//Control cursor keys to navigate index page. (Arrows, Page, Home, End)
 
 	var jump = <?php echo $PAGEUPDOWN ?>;//# of rows to jump with Page Up/Page Down.
-	var highlight1 = "rgb(255,250,150)";
-	var highlight2 = "rgb(255,240,140)";
 
 	//Get key pressed...
 	if (!event) {var event = window.event;} //for IE
@@ -3611,8 +3609,9 @@ function Cancel_Perm_Changes($perms) {//******************************
 
 function Directory_Events($ckbox, $perms, $file, filename) {//********
 
-	$ckbox.onfocus   = function() { this.parentNode.classList.add("ckbox_parent");    }
-	$ckbox.onblur    = function() { this.parentNode.classList.remove("ckbox_parent"); }
+	//If $ckbox events changed, also change in Insert_mdx()
+	$ckbox.onfocus   = function() { this.parentNode.classList.add("ckbox_parent_focus");    }
+	$ckbox.onblur    = function() { this.parentNode.classList.remove("ckbox_parent_focus"); }
 
 	$perms.onblur	 = function(event) { Cancel_Perm_Changes($perms) }
 
@@ -3660,11 +3659,9 @@ function Validate_and_Post($perms, filename) { //*********************
 function Enable_Edit_Perms($perms) {//********************************
 
 	var msg = hsc(" <?php echo $_['Press_Enter'] ?>");
-
 	Display_Messages(msg);
 	$perms.readOnly = false;
 	$perms.setSelectionRange(0, 0); //Just for consistency.
-
 	$perms.classList.add("edit_perms");
 
 }//end Enable_Edit_Perms() {//****************************************
@@ -3676,7 +3673,7 @@ function Octal_Input_Only(event) { //*********************************
 	//Restrict input to digits & a few special keys.
 
 	//This function works with keyboards, but not touchscreens etc.
-	//However, total input is validated on enter anyway, regardless of device.
+	//However, total input is validated on [Enter] anyway, regardless of device.
 
 	function Stop_Prop(event) { event.stopImmediatePropagation() }
 
@@ -3709,6 +3706,7 @@ function Perms_Update_Response(request, $perms) { //******************
 	var update_response = JSON.parse(request.responseText);
 
 	$perms.value = update_response.new_perms.trim();
+
 	$perms.prior_value = $perms.value;
 
 	var msg = update_response.MESSAGE;
@@ -3720,6 +3718,14 @@ function Perms_Update_Response(request, $perms) { //******************
 
 	E('nuonce').value = update_response.nuonce; //For the next post...
 
+	var frow = $perms.id.split('c')[0].substr(1); //id = "fNNcN", frow = the NN after the "f"
+	var drow = frow - 1; //See frow & drow notes in Assemble_Insert_row()
+
+	DIRECTORY_DATA[drow][6] = $perms.value;
+
+	var cells = E("DIRECTORY_LISTING").rows[drow].cells;
+	Insert_mdx(drow, cells); //Show/Hide [M]    [D][X]   file options
+
 	Display_Messages(msg);
 
 }//end Perms_Update_Response() //*************************************
@@ -3778,7 +3784,12 @@ function Index_Page_scripts() {//***********************************************
 var SORT_order       = true;  // Default to "normal" sort orders (ascending). Set to false for reverse (descending).
 var SORT_folders_1st = true;  // Initially set to true. false = did not consider folders during prior sort.
 
-
+//Used to either show or hide [Mov][Del]  [X] options depending on if file is readonly or not.
+//Made 2D & set in Assemble_mdx().
+//Need to be global as used Insert_mdx(), which is called from two other functions.
+var MOV_rw = []; //Move/Rename
+var DEL_rw = []; //Delete
+var CBX_rw = []; //checkbox
 
 
 function Sort_Folders_First() {//*************************************
@@ -3861,20 +3872,19 @@ function sort_DIRECTORY(col, direction) {//***************************
 
 
 
-function Init_Dir_table_rows(DIR_LIST) {//****************************
-
-	var row, cell, cells, tr, td;
+function Init_Dir_table_rows() {//************************************
+	//initialize <tr>'s with empty <td>'s
+	
+	var drow, cell, cells, tr, td;
 	
 	var last_cell = 8; // number of columns in directory listing.
 
-	for (row = 0; row < DIRECTORY_ITEMS; row++){
-		
-		//initialize <tr> with empty <td>'s
-		tr = DIR_LIST.insertRow(row);
-		for (cell = 0; cell < last_cell; cell++) {td = tr.insertCell(-1);}
+	for (drow = 0; drow < DIRECTORY_ITEMS; drow++){
+		tr = E("DIRECTORY_LISTING").insertRow(-1); //-1 adds row after last row.
+		for (cell = 0; cell < last_cell; cell++) { td = tr.insertCell(-1); }
 		cells = tr.cells;
 		
-		//assign css classes
+		//assign classes
 		var c = 4;
 		cells[c++].className = 'meta_T perms';  //file permissions
 		cells[c++].className = 'file_name';
@@ -3887,85 +3897,112 @@ function Init_Dir_table_rows(DIR_LIST) {//****************************
 
 
 //********************************************************************
-function Insert_mov_del_ckbox(IS_OFCMS, row, cells, writable, href, f_or_f, filename, tabindex) {
+function Assemble_mdx(drow, cells, href, f_or_f, filename, tabindex) {
 
-	//Assemble [mov], [del], & [x]
+	//Assemble [mov], [del], & [x](checkbox)
 	//[mov], [del], and [x] are not available for OFCMS or readonly files.
 	//([copy] & [perms] are always available)
 	//The empty <a>'s are to accommodate keyboard nav via onkeydown() in Index_Page_events()...
 
-	var ren_id   = 'f' + row + 'c0';
-	var del_id	 = 'f' + row + 'c2';
-	var ckbox_id = 'f' + row + 'c3';
+	var frow = drow + 1;
 
-	var mov = del = ckbox = '';
+	var ren_id   = 'f' + frow + 'c0';
+	var del_id	 = 'f' + frow + 'c2';
+	var ckbox_id = 'f' + frow + 'c3';
+
+	var IS_OFCMS = DIRECTORY_DATA[drow][4]; 
+	var sogw = parseInt(DIRECTORY_DATA[drow][6] + "",8); //File permissions (suid sgid sticky)(owner)(group)(world)
+	var read_write = (((sogw & 0o200)/0o200) && !IS_OFCMS) * 1 ;  //Check file owner write bit, or if IS_OFCMS.
+
+	//Store both verions of these options for each file.
+	//[0] empty placeholder <a> (needed for keyboard nav), & [1] actual working option.
+	MOV_rw[frow] = [];
+	DEL_rw[frow] = [];
+	CBX_rw[frow] = [];
+
+	//Used when file is read only, or IS_OFCMS.  ([M], [D], & [X],  are unavailable.)
+	MOV_rw[frow][0] = '<a id=' + ren_id   + ' tabindex='+ (tabindex + 0) +'>&nbsp;</a>';
+	DEL_rw[frow][0] = '<a id=' + del_id   + ' tabindex='+ (tabindex + 2) +'>&nbsp;</a>';
+	CBX_rw[frow][0] = '<a id=' + ckbox_id + ' tabindex='+ (tabindex + 3) +'>&nbsp;</a>';
+
+	//Used when file is read_write.
+	MOV_rw[frow][1]  = '<a id=' + ren_id + ' tabindex='+ (tabindex + 0) +' class=MCD href="' + href + '&amp;p=rename' + f_or_f;
+	MOV_rw[frow][1] += '" title="<?php echo hsc($_['Ren_Move']) ?>">' + ICONS['ren_mov'] + '</a>';
+	DEL_rw[frow][1]  = '<a id=' + del_id + ' tabindex='+ (tabindex + 2) +' class=MCD href="' + href + '&amp;p=delete' + f_or_f;
+	DEL_rw[frow][1] += '" title="<?php echo hsc($_['Delete'])   ?>">' + ICONS['delete']  + '</a>';
+	CBX_rw[frow][1]  = '<div class=ckbox><INPUT id=' + ckbox_id + ' tabindex='+ (tabindex + 3);
+	CBX_rw[frow][1] += ' TYPE=checkbox class=select_file NAME="files[]"  VALUE="'+ hsc(filename) +'"></div>';
+
+}//end Assemble_mdx() {//*********************************************
 
-	if (IS_OFCMS || !writable) {
-		//Used when file is read only, or IS_OFCMS.  (These options are unavailable.)
-		mov   = '<a id=' + ren_id   + ' tabindex='+ (tabindex + 0) +'>&nbsp;</a>'
-		del   = '<a id=' + del_id   + ' tabindex='+ (tabindex + 2) +'>&nbsp;</a>'
-		ckbox = '<a id=' + ckbox_id + ' tabindex='+ (tabindex + 3) +'>&nbsp;</a>'
-	}
-	else {
-		//Used when file is writable.
-		mov    = '<a id=' + ren_id + ' tabindex='+ (tabindex + 0) +' class=MCD href="' + href + '&amp;p=rename' + f_or_f;
-		mov   += '" title="<?php echo hsc($_['Ren_Move']) ?>">' + ICONS['ren_mov'] + '</a>';
-		del    = '<a id=' + del_id + ' tabindex='+ (tabindex + 2) +' class=MCD href="' + href + '&amp;p=delete' + f_or_f;
-		del   += '" title="<?php echo hsc($_['Delete'])   ?>">' + ICONS['delete']  + '</a>';
-		ckbox  = '<div class=ckbox><INPUT id=' + ckbox_id + ' tabindex='+ (tabindex + 3);
-		ckbox += ' TYPE=checkbox class=select_file NAME="files[]"  VALUE="'+ hsc(filename) +'"></div>';
-	}
 
-	//fill the <td>'s
-	cells[0].innerHTML = mov;
-	cells[2].innerHTML = del;
-	cells[3].innerHTML = ckbox;
 
-}//end Insert_mov_del_ckbox() {//*************************************
+
+function Insert_mdx(drow, cells) {//**********************************
+
+	var IS_OFCMS = DIRECTORY_DATA[drow][4]; 
+	var sogw = parseInt(DIRECTORY_DATA[drow][6] + "",8); //File permissions (suid sgid sticky)(owner)(group)(world)
+	var read_write = (((sogw & 0o200)/0o200) && !IS_OFCMS) * 1 ;  //Check file owner write bit, or if IS_OFCMS.
+	
+	var frow = drow + 1;
+
+	//MOV_rw, DEL_rw, & CBX_rw, are globals, with values set in Assemble_mdx()
+	cells[0].innerHTML = MOV_rw[frow][read_write];
+	cells[2].innerHTML = DEL_rw[frow][read_write];
+	cells[3].innerHTML = CBX_rw[frow][read_write];
+
+	//Re-assign checkbox events. (Initially assigned in Directory_Events()).
+	$ckbox = E('f' + frow + 'c' + 3);
+	$ckbox.onfocus   = function() { this.parentNode.classList.add("ckbox_parent_focus");    }
+	$ckbox.onblur    = function() { this.parentNode.classList.remove("ckbox_parent_focus"); }
+
+}//end Insert_mdx() {//***********************************************
 
 
 
 
 //********************************************************************
-function Assemble_Insert_row(IS_OFCMS, row, trow, href, f_or_f, filename, file_name, file_size, file_time){
+function Assemble_Insert_row(drow, href, filename, file_name, file_time){
 
-	//While DIRECTORY_DATA, and the table rows created to list the data, are indexed from 0 (zero),
-	//the id's of files in the directory list are indexed from 1 (f1, f2...), as "../" is listed first with id=f0 (f-zero).
-	//The id's are used in Index_Page_events() "cursor" control.
-	//Note: Number of tab-able items per row affects the (TABINDEX + 5) offset near end of Build_Directory(),
-	//		and the $TABINDEX calculation for the [Admin] link in page footer.
-	//		There are currently 6 tab-able items per (file) row:  [m] [c] [d] [x] [sogw] [file name]
-	//		[m][c][d][x][sogw] tabindexes are set below.  [filename]'s tabinex is set in Build_Directory().
+	//The number of tab-able items per row affects the (TABINDEX + 5) offset near end of Build_Directory(),
+	//and the $TABINDEX calculation for the [Admin] link in page footer.
+	//There are currently 6 tab-able items per (file) row:  [m] [c] [d] [x] [sogw] [file name]
+	//[m][c][d][x][sogw] tabindexes are set below.  [filename]'s tabinex is set in Build_Directory().
 
-	row++;
+	var cells = E("DIRECTORY_LISTING").rows[drow].cells; //Must come before the row++ a little later in this function.
 
-	//[Move] [Copy] [Delete] [x] [perms]
-	var ren_mov  = copy = del = checkbox = perms = '';
-	var cells = trow.cells;
+	var filetype = DIRECTORY_DATA[drow][0];
+	var filesize = DIRECTORY_DATA[drow][2];
 
-	var copy_id  = 'f' + row + 'c1';
-	var ckbox_id = 'f' + row + 'c3';
-	var perms_id = 'f' + row + 'c4';
-	var file_id  = 'f' + row + 'c5';
+	//folder or file?
+	if (filetype == "dir") { var f_or_f = 'folder';	var file_size = ''; }
+	else 				   { var f_or_f = 'file';   var file_size = format_number(filesize); }
 
-	var sogw = DIRECTORY_DATA[row - 1][6] + ""; //File permissions (suid sgid sticky)(owner)(group)(world)
-	sogw = parseInt(sogw,8);
-	var writable = (sogw & 0o200)/0o200;  //Only check file owner write bit.
+	//While DIRECTORY_DATA, and the table rows created to list the data, are indexed from 0 (zero),
+	//the id's of files in the directory list are indexed from 1 (f1, f2...), as "../" is listed first with id=f0 (f-zero).
+	//The id's are used in Index_Page_events() "cursor" control.
+	var frow = drow + 1;
 
-	//[mov], [del], & [x] are only available when while is writable.
-	Insert_mov_del_ckbox(IS_OFCMS, row, cells, writable, href, f_or_f, filename, TABINDEX);
+	var copy, perms;
+
+	var copy_id  = 'f' + frow + 'c1';
+	var ckbox_id = 'f' + frow + 'c3';
+	var perms_id = 'f' + frow + 'c4';
+	var file_id  = 'f' + frow + 'c5';
 
 	//[copy] & [perms] are always available.
 	copy  = '<a id=' + copy_id + ' tabindex='+ (TABINDEX + 1) +' class=MCD href="' + href + '&amp;p=copy'   + f_or_f;
 	copy += '" title="<?php echo hsc($_['Copy'])     ?>">' + ICONS['copy']    + '</a>';
 
-	perms  = '<input id=' + perms_id + ' class=perms tabindex=' + (TABINDEX + 4) ;
-	perms += ' value="' + DIRECTORY_DATA[row - 1][6]+ '" maxlength=4 readonly>';
+	perms  = '<input id=' + perms_id + ' tabindex=' + (TABINDEX + 4) + ' class=perms';
+	perms += ' value="' + DIRECTORY_DATA[drow][6]+ '" maxlength=4 readonly>';
 
+	//Assemble & Insert contents for cells[0], [2], & [3]  ([Mov], [Del], [ckbox])
+	Assemble_mdx(drow, cells, href, f_or_f, filename, TABINDEX);
+	Insert_mdx(drow, cells);
 	TABINDEX = TABINDEX + 5;
 
-	//fill the <td>'s
-	//( 0, 2, & 3 are filled in Insert_mov_del_ckbox() )
+	//Insert contents for the remaining cells...
 	cells[1].innerHTML = copy;
 	cells[4].innerHTML = perms;
 	cells[5].innerHTML = file_name;
@@ -3983,10 +4020,10 @@ function Build_Directory() {//****************************************
 
 	TABINDEX    = <?php echo $TABINDEX ?>;  //Rest TABINDEX
 
-	var DIR_LIST = E("DIRECTORY_LISTING");
-
-	if (DIR_LIST.rows.length < 1) {Init_Dir_table_rows(DIR_LIST);}
+	//Has the directory table been init'd yet?
+	if (E("DIRECTORY_LISTING").rows.length < 1)	{ Init_Dir_table_rows(E("DIRECTORY_LISTING")); }
 
+	//Fill 'er up!
 	for (var row = 0; row < DIRECTORY_ITEMS; row++) {
 		
 		var filetype = DIRECTORY_DATA[row][0];
@@ -3997,14 +4034,10 @@ function Build_Directory() {//****************************************
 		//folder or file?
 		if (filetype == "dir"){
 			var DS        = ' /';
-			var f_or_f    = 'folder';
 			var href      = ONESCRIPT + PARAM1 + encodeURIComponent(filename);
-			var file_size = '';
 		} else {
 			var DS        = '';
-			var f_or_f    = 'file';
 			var href      = ONESCRIPT + PARAM1 + '&amp;f=' + encodeURIComponent(filename) + '&amp;p=edit';
-			var file_size = format_number(filesize);
 		}
 		
 		var file_col = 5; //column of file names
@@ -4015,10 +4048,8 @@ function Build_Directory() {//****************************************
 			file_name += ICONS[filetype] + '&nbsp;' + hsc(filename) + DS + '</a>';
 		var file_time  = FileTimeStamp(filetime, 1, 0, 0);
 		
-		var IS_OFCMS = DIRECTORY_DATA[row][4];
-		var trow = DIR_LIST.rows[row];
+		Assemble_Insert_row(row, href, filename, file_name, file_time);
 		
-		Assemble_Insert_row(IS_OFCMS, row, trow, href, f_or_f, filename, file_name, file_size, file_time);
 		TABINDEX++; //To accuont for file_name above
 	}//end for (row...
 }//end Build_Directory() //*******************************************
@@ -4864,17 +4895,49 @@ function style_sheet() {//******************************************************
 #select_all_label:hover  { background-color: rgb(255,250,150); }
 #select_all_label:active { background-color: rgb(245,245, 50); }
 
+label.ckbox_label_focus { background-color: rgb(255,250,150) }
+.ckbox.ckbox_label_focus { background-color: rgb(255,250,150) }
+
 
 /*** Directory list file select boxes ***/
-/*ckbox is assigned to <div>'s etc that contain <input type=checkbox>*/
-.ckbox        {padding: 4px 4px 2px 4px; display: inline-block;}
+/*ckbox is assigned to <div> that contain <input type=checkbox>*/
+.ckbox        {padding: 3px 3px 1px 3px; display: inline-block; border: solid 1px transparent; }
 .ckbox:hover  {background-color: rgb(255,240,140);} 
 .ckbox:active {background-color: rgb(245,245, 50);}
 
+.ckbox.ckbox_parent_focus { background-color: rgb(255,235,90); border: solid 1px rgb(220,190,0); }
+
+
 /* Slightly darker colors for [m][c][d] file options since they are small & less noticable*/
-.MCD:hover  {background-color: rgb(255,240,140);}
-.MCD:focus  {background-color: rgb(255,240,140);}
-.MCD:active {background-color: rgb(245,245, 50);}
+.index_T a.MCD:hover  {background-color: rgb(255,240,140);}
+.index_T a.MCD:focus  {background-color: rgb(255,240,140);}
+.index_T a.MCD:active {background-color: rgb(245,245, 50);}
+
+.index_T a.MCD       { border: solid 1px transparent; }
+.index_T a.MCD:focus { border: solid 1px rgb(220,190,0); }
+
+
+input.perms {
+	display: inline-block;
+	width: 2.4rem;
+	padding: 2px 2px;
+	border: solid 1px transparent;
+	background-color: transparent;
+	text-align: right;
+}
+
+
+td.perms { padding: 0; }
+
+input.perms {height: 1.42rem;}
+
+input.perms.edit_perms { background-color: rgb(255,240,140); box-shadow: 0 0 10px 2px #F44; }
+
+.perms:focus { border: solid 1px rgb(190,160,0); background-color: #EEE }
+
+.perms:hover { cursor : pointer; }
+
+
 
 
 /*** [x] (folders first) ***/
@@ -4918,7 +4981,7 @@ function style_sheet() {//******************************************************
 table.index_T td { border: 1px inset silver; vertical-align: middle; white-space: nowrap; }
 table.index_T th:hover { background-color: white;}
 
-.index_T td a {	display: block; border: none; padding: 2px 4px 2px 4px; overflow : hidden; }
+.index_T td a {	display: block; height: 1.42rem; border: none; padding: 2px 4px 2px 4px; overflow : hidden; }
 .index_T th a { padding: 1px 0 1px 0; border-width: 0px;}
 
 th.file_name {min-width: 15em}
@@ -4949,24 +5012,6 @@ function style_sheet() {//******************************************************
 .meta_T  { padding: 0 .5em; text-align: right; font: bold .9rem courier; color: #333}
 .meta_T2 { border: solid 1px black; background-color: white; font-size: 1rem; }
 
-input.perms {
-	display: inline-block;
-	width: 2.4rem;
-	padding: 2px 2px;
-	border: solid 1px transparent;
-	background-color: transparent;
-	text-align: right;
-}
-
-
-td.perms { padding: 0; }
-
-input.perms.edit_perms { background-color: rgb(255,240,140); box-shadow: 0 0 10px 2px #F44; }
-
-.perms:focus { border: solid 1px transparent; background-color: #DDD }
-
-.ckbox.ckbox_parent { background-color: rgb(255,240,140); }
-
 
 #DIRECTORY_FOOTER {text-align: center; font-size: .9em; color: #333; padding: 3px 0 0 0; }
 
diff --git a/readme.markdown b/readme.markdown
index d1ea715..0426f96 100755
--- a/readme.markdown
+++ b/readme.markdown
@@ -6,10 +6,10 @@ OneFileCMS is a simple CMS (Content Management System) contained entirely in a s
 
 With basic editing, upload, and file managing functions, OneFileCMS can maintain an entire website completely in-browser without any external programs.
 
-### Main screen:
+### File Manager:
 ![OneFileCMS](http://self-evident.github.com/OneFileCMS/images/OFCMS_screenshot.04.png)
 
-### Edit screen:
+### Text Editor:
 ![OneFileCMS](http://self-evident.github.com/OneFileCMS/images/OFCMS_screenshot_edit.02.png)
 
 --------------------------------------------------------------------------------
@@ -136,7 +136,7 @@ OneFileCMS can be easily configured to work with [TinyMCE](http://tinymce.moxiec
 
   These issues, of course, are not unique to OneFileCMS - as they will exist in any CMS that permits unrestricted file editing & uploads.
 
-- If your website's connection is not encrypted (doesn't use SSL/TLS), passwords & usernames will be sent in clear text* during login.  However, this is true of any login system that's over an unencrypted connection.  
+- As with any website, if your website's connection is not encrypted (doesn't use SSL/TLS), passwords & usernames will be sent in clear text* during login. 
   *As of version 3.4.15, a client-side hash of the user's "plain-text" password is sent to the server.  So, while this client-side hash is still a "plain-text" password as far as the server is concerned, the user's actual raw password is protected from immediate exposure.
 
 --------------------------------------------------------------------------------
@@ -188,4 +188,4 @@ GENERATE/OUTPUT THE PAGE
 ## [Git Log](https://raw.github.com/Self-Evident/OneFileCMS/gh-pages/master-branch.git.log)
 
 
-<br><br><br><br>
\ No newline at end of file
+<br><br><br><br>

From 509ee2adcecdee3496ba29937ce16cbf7d912f22 Mon Sep 17 00:00:00 2001
From: Self-Evident <selfevidenttruths@mail.com>
Date: Sat, 30 Sep 2017 12:16:43 -0400
Subject: [PATCH 221/228] Updated optional language & css files.

---
 extras/OneFileCMS.css            | 61 +++++++++++++++++++++-----------
 languages/OneFileCMS.LANG.DE.php |  4 +--
 languages/OneFileCMS.LANG.EN.php | 10 +++---
 languages/OneFileCMS.LANG.ES.php |  4 +--
 languages/OneFileCMS.LANG.NL.php |  4 +--
 languages/OneFileCMS.LANG.RU.php |  4 +--
 6 files changed, 54 insertions(+), 33 deletions(-)

diff --git a/extras/OneFileCMS.css b/extras/OneFileCMS.css
index e5e5904..049f47d 100755
--- a/extras/OneFileCMS.css
+++ b/extras/OneFileCMS.css
@@ -1,5 +1,5 @@
 /*******************************************************************************
-Sample, OPTIONAL, external style sheet, as of OneFileCMS v3.6.06
+Sample, OPTIONAL, external style sheet, as of OneFileCMS v3.6.08
 
 This is just a copy of the primary <style></style> section in OneFileCMS
 *******************************************************************************/
@@ -95,7 +95,7 @@ button:active, .button:active{ position:relative; top :1px; left:1px; }
 	}
 
 
-#message_box { border: none; margin: .5em 0 .5em 0; padding: 0; min-height: 1.88em;}
+#message_box { border: none; margin: .2em 0 .1em 0; padding: 0; min-height: 3em; }
 
 .message_box_contents { border: 1px solid gray; padding: 3px 2px 2px 4px; background: #FFF000; }
 
@@ -142,17 +142,49 @@ button:active, .button:active{ position:relative; top :1px; left:1px; }
 #select_all_label:hover  { background-color: rgb(255,250,150); }
 #select_all_label:active { background-color: rgb(245,245, 50); }
 
+label.ckbox_label_focus { background-color: rgb(255,250,150) }
+.ckbox.ckbox_label_focus { background-color: rgb(255,250,150) }
+
 
 /*** Directory list file select boxes ***/
-/*ckbox is assigned to <div>'s etc that contain <input type=checkbox>*/
-.ckbox        {padding: 4px 4px 2px 4px; display: inline-block;}
+/*ckbox is assigned to <div> that contain <input type=checkbox>*/
+.ckbox        {padding: 3px 3px 1px 3px; display: inline-block; border: solid 1px transparent; }
 .ckbox:hover  {background-color: rgb(255,240,140);} 
 .ckbox:active {background-color: rgb(245,245, 50);}
 
+.ckbox.ckbox_parent_focus { background-color: rgb(255,235,90); border: solid 1px rgb(220,190,0); }
+
+
 /* Slightly darker colors for [m][c][d] file options since they are small & less noticable*/
-.MCD:hover  {background-color: rgb(255,240,140);}
-.MCD:focus  {background-color: rgb(255,240,140);}
-.MCD:active {background-color: rgb(245,245, 50);}
+.index_T a.MCD:hover  {background-color: rgb(255,240,140);}
+.index_T a.MCD:focus  {background-color: rgb(255,240,140);}
+.index_T a.MCD:active {background-color: rgb(245,245, 50);}
+
+.index_T a.MCD       { border: solid 1px transparent; }
+.index_T a.MCD:focus { border: solid 1px rgb(220,190,0); }
+
+
+input.perms {
+	display: inline-block;
+	width: 2.4rem;
+	padding: 2px 2px;
+	border: solid 1px transparent;
+	background-color: transparent;
+	text-align: right;
+}
+
+
+td.perms { padding: 0; }
+
+input.perms {height: 1.42rem;}
+
+input.perms.edit_perms { background-color: rgb(255,240,140); box-shadow: 0 0 10px 2px #F44; }
+
+.perms:focus { border: solid 1px rgb(190,160,0); background-color: #EEE }
+
+.perms:hover { cursor : pointer; }
+
+
 
 
 /*** [x] (folders first) ***/
@@ -193,10 +225,10 @@ table.index_T {
 
 table.index_T tr:hover {border: 1px solid #777; background-color: #EEE}
 table.index_T th { border: 1px inset silver; vertical-align: middle; text-align: center; padding: 0 ;}
-table.index_T td { border: 1px inset silver; vertical-align: middle;}
+table.index_T td { border: 1px inset silver; vertical-align: middle; white-space: nowrap; }
 table.index_T th:hover { background-color: white;}
 
-.index_T td a {	display: block; border: none; padding: 2px 4px 2px 4px; overflow : hidden; }
+.index_T td a {	display: block; height: 1.42rem; border: none; padding: 2px 4px 2px 4px; overflow : hidden; }
 .index_T th a { padding: 1px 0 1px 0; border-width: 0px;}
 
 th.file_name {min-width: 15em}
@@ -227,17 +259,6 @@ th.file_name {min-width: 15em}
 .meta_T  { padding: 0 .5em; text-align: right; font: bold .9rem courier; color: #333}
 .meta_T2 { border: solid 1px black; background-color: white; font-size: 1rem; }
 
-input.perms {
-	display: inline-block;
-	width: 2.4rem;
-	padding: 2px 2px;
-	border: solid 1px transparent;
-	background-color: transparent;
-	text-align: right;
-}
-
-input.perms:focus { border: solid 1px transparent; background-color: #DDD }
-td.perms { padding: 0; }
 
 #DIRECTORY_FOOTER {text-align: center; font-size: .9em; color: #333; padding: 3px 0 0 0; }
 
diff --git a/languages/OneFileCMS.LANG.DE.php b/languages/OneFileCMS.LANG.DE.php
index afe4880..1a7968e 100755
--- a/languages/OneFileCMS.LANG.DE.php
+++ b/languages/OneFileCMS.LANG.DE.php
@@ -1,5 +1,5 @@
 <?php
-// OneFileCMS Language Settings v3.6.06
+// OneFileCMS Language Settings v3.6.08
 
 $_['LANGUAGE'] = 'Deutsch';
 $_['LANG'] = 'DE';
@@ -103,7 +103,7 @@
 $_['Not_found']          = 'Nicht gefunden';
 $_['Invalid_path']       = 'Invalid path'; //## NT ##
 $_['must_be_decendant']  = '$DEFAULT_PATH must be a decendant of, or equal to, $ACCESS_ROOT'; //## NT ##
-$_['Update_failed']      = 'Update failed.'; //## NT ##
+$_['Update_failed']      = 'Update failed'; //## NT ##
 $_['Working']            = 'Working - please wait...'; //## NT ##
 $_['Enter_to_edit']      = '[Enter] to edit'; //## NT ##
 $_['Press_Enter']        = 'Press [Enter] to save changes. Press [Esc] or [Tab] to cancel.'; //## NT ##
diff --git a/languages/OneFileCMS.LANG.EN.php b/languages/OneFileCMS.LANG.EN.php
index 47f5ba8..69fdd11 100755
--- a/languages/OneFileCMS.LANG.EN.php
+++ b/languages/OneFileCMS.LANG.EN.php
@@ -1,5 +1,5 @@
 <?php
-// OneFileCMS Language Settings v3.6.06
+// OneFileCMS Language Settings v3.6.08
 
 $_['LANGUAGE'] = 'English';
 $_['LANG'] = 'EN';
@@ -103,11 +103,11 @@
 $_['Not_found']          = 'Not found';
 $_['Invalid_path']       = 'Invalid path'; //## NT ##
 $_['must_be_decendant']  = '$DEFAULT_PATH must be a decendant of, or equal to, $ACCESS_ROOT'; //## NT ## as of 3.5.23
-$_['Update_failed']      = 'Update failed.';
+$_['Update_failed']      = 'Update failed';
 $_['Working']            = 'Working - please wait...'; //## NT ##
-$_['Enter_to_edit']      = '[Enter] to edit';
-$_['Press_Enter']        = 'Press [Enter] to save changes. Press [Esc] or [Tab] to cancel.';
-$_['Permissions_msg_1']  = 'Permissions must be exactly 3 or 4 octal digits (0-7)';
+$_['Enter_to_edit']      = '[Enter] to edit'; //## NT ## as of 3.6.07
+$_['Press_Enter']        = 'Press [Enter] to save changes. Press [Esc] or [Tab] to cancel.'; //## NT ## as of 3.6.07
+$_['Permissions_msg_1']  = 'Permissions must be exactly 3 or 4 octal digits (0-7)'; //## NT ## as of 3.6.07
 
 $_['verify_msg_01']     = 'Session expired.';
 $_['verify_msg_02']     = 'INVALID POST';
diff --git a/languages/OneFileCMS.LANG.ES.php b/languages/OneFileCMS.LANG.ES.php
index 223d4be..5c179a6 100755
--- a/languages/OneFileCMS.LANG.ES.php
+++ b/languages/OneFileCMS.LANG.ES.php
@@ -1,5 +1,5 @@
 <?php
-// OneFileCMS Language Settings v3.6.06
+// OneFileCMS Language Settings v3.6.08
 
 $_['LANGUAGE'] = 'Espanõla';
 $_['LANG'] = 'ES';
@@ -103,7 +103,7 @@
 $_['Not_found']          = 'No encontrado';
 $_['Invalid_path']       = 'Invalid path'; //## NT ##
 $_['must_be_decendant']  = '$DEFAULT_PATH must be a decendant of, or equal to, $ACCESS_ROOT'; //## NT ##
-$_['Update_failed']      = 'Update failed.'; //## NT ##
+$_['Update_failed']      = 'Update failed'; //## NT ##
 $_['Working']            = 'Working - please wait...'; //## NT ##
 $_['Enter_to_edit']      = '[Enter] to edit'; //## NT ##
 $_['Press_Enter']        = 'Press [Enter] to save changes. Press [Esc] or [Tab] to cancel.'; //## NT ##
diff --git a/languages/OneFileCMS.LANG.NL.php b/languages/OneFileCMS.LANG.NL.php
index d99e7de..c616176 100755
--- a/languages/OneFileCMS.LANG.NL.php
+++ b/languages/OneFileCMS.LANG.NL.php
@@ -1,5 +1,5 @@
 <?php
-// OneFileCMS Language Settings v3.6.06
+// OneFileCMS Language Settings v3.6.08
 
 $_['LANGUAGE'] = 'Nederlands (Dutch)';
 $_['LANG'] = 'NL';
@@ -103,7 +103,7 @@
 $_['Not_found']          = 'Niet gevonden';
 $_['Invalid_path']       = 'Invalid path'; //## NT ##
 $_['must_be_decendant']  = '$DEFAULT_PATH must be a decendant of, or equal to, $ACCESS_ROOT'; //## NT ##
-$_['Update_failed']      = 'Update failed.'; //## NT ##
+$_['Update_failed']      = 'Update failed'; //## NT ##
 $_['Working']            = 'Working - please wait...'; //## NT ##
 $_['Enter_to_edit']      = '[Enter] to edit'; //## NT ##
 $_['Press_Enter']        = 'Press [Enter] to save changes. Press [Esc] or [Tab] to cancel.'; //## NT ##
diff --git a/languages/OneFileCMS.LANG.RU.php b/languages/OneFileCMS.LANG.RU.php
index 41945c8..fbc9a58 100755
--- a/languages/OneFileCMS.LANG.RU.php
+++ b/languages/OneFileCMS.LANG.RU.php
@@ -1,5 +1,5 @@
 <?php
-// OneFileCMS Language Settings v3.6.06
+// OneFileCMS Language Settings v3.6.08
 
 $_['LANGUAGE'] = 'Russian';
 $_['LANG'] = 'RU';
@@ -103,7 +103,7 @@
 $_['Not_found']          = 'Не найдено';
 $_['Invalid_path']       = 'Invalid path'; //## NT ##
 $_['must_be_decendant']  = '$DEFAULT_PATH must be a decendant of, or equal to, $ACCESS_ROOT'; //## NT ##
-$_['Update_failed']      = 'Update failed.'; //## NT ##
+$_['Update_failed']      = 'Update failed'; //## NT ##
 $_['Working']            = 'Working - please wait...'; //## NT ##
 $_['Enter_to_edit']      = '[Enter] to edit'; //## NT ##
 $_['Press_Enter']        = 'Press [Enter] to save changes. Press [Esc] or [Tab] to cancel.'; //## NT ##

From ccac666af6d5a1f2b5c5bd22580dc6b4b0939330 Mon Sep 17 00:00:00 2001
From: Self-Evident <selfevidenttruths@mail.com>
Date: Wed, 4 Oct 2017 17:00:00 -0400
Subject: [PATCH 222/228] Version 3.6.09 When focus is in path header, HOME &
 END now goto ID=path_0 & ID=path_(last) respectively.    Otherwise, HOME &
 END goto f0c.. or f(last)c.. Added file owner & group (when available) to dir
 list. Removed hsc() of early output messages when updating permissions.
 $ckbox events are now only assigned in Insert_mdx(). Some misc code
 improvements in Timeout_Timer(), Create_Table_for_Listing(), & other places.

In index page js, variaible row split to frow & drow, depending on use.
   See Assemble_Insert_row() for description/explanation.
Send_directory_data_to_js() simplified & rolled into Index_Page().
   Now using (php) json_encode & (js) JSON.parse to send directory data to js.
New language values: $_['Group'], $_['User']
---
 onefilecms.php | 310 ++++++++++++++++++++++++++++---------------------
 1 file changed, 175 insertions(+), 135 deletions(-)

diff --git a/onefilecms.php b/onefilecms.php
index 01b3272..2d53bac 100755
--- a/onefilecms.php
+++ b/onefilecms.php
@@ -2,7 +2,7 @@
 
 // OneFileCMS - github.com/Self-Evident/OneFileCMS
 
-$OFCMS_version = '3.6.08';
+$OFCMS_version = '3.6.09';
 
 //If language values changed, don't forget the Language Settings version.
 
@@ -214,7 +214,7 @@ function System_Setup() {//*****************************************************
 }
 
 
-mb_detect_order("UTF-8, ASCII, Windows-1252, ISO-8859-1"); 
+mb_detect_order("UTF-8, ASCII, Windows-1252, ISO-8859-1");
 
 
 //Get server's File System encoding.  Windows NTFS uses ISO-8859-1 / Windows-1252.
@@ -382,7 +382,7 @@ function System_Setup() {//*****************************************************
 
 function Default_Language() { // ***********************************************
 	global $_;
-// OneFileCMS Language Settings v3.6.07  (Not always in sync with OFCMS version#, if no changes to displayed wording.)
+// OneFileCMS Language Settings v3.6.09  (Not always in sync with OFCMS version#, if no changes to displayed wording.)
 
 $_['LANGUAGE'] = 'English';
 $_['LANG'] = 'EN';
@@ -435,13 +435,15 @@ function Default_Language() { // ***********************************************
 $_['Folder']     = 'Folder';
 $_['folders']    = 'folders';
 $_['From']       = 'From';
+$_['Group']      = 'Group';  //## NT ## as of 3.6.09
 $_['Hash']       = 'Hash';
 $_['Invalid']    = 'Invalid'; //## NT ## as of 3.5.23
 $_['Move']       = 'Move';
 $_['Moved']      = 'Moved';
 $_['Name']       = 'Name';   //...
-$_['on']         = 'on';
 $_['off']        = 'off';
+$_['on']         = 'on';
+$_['Owner']      = 'Owner';  //## NT ## as of 3.6.09
 $_['Password']   = 'Password';
 $_['Rename']     = 'Rename';
 $_['reset']      = 'Reset';
@@ -737,6 +739,8 @@ function Verify_IDLE_POST_etc() {//*********************************************
 
 	//If POSTing, verify...
 	//##### NEED TO ACTUALLY CHECK IF HTTP POST (VS GET), THEN ALWAYS CHECK FOR NUONCE. #####
+	//##### I think nuonce is now used on every page, so one should ALWAYS be sent with EVERY request.
+	//##### So, if a nuonce is not present on a post - ignore the request & set $MESSAGE..
 	if ( isset($_POST['nuonce']) ) {
 		if ( $_POST['nuonce'] == $_SESSION['nuonce'] ) {
 			$VALID_POST = 1;
@@ -1413,8 +1417,12 @@ function Show_Image($url) {//***************************************************
 
 function Timeout_Timer($COUNT, $ID, $ACTION="") {//*****************************
 	global $DELAY_Start_Countdown;
-
-	return '<script>setTimeout(\'Start_Countdown('.$COUNT.',"'.$ID.'","'.$ACTION.'")\','.$DELAY_Start_Countdown.');</script>';
+	
+	//These represent strings that need to be "quoted".
+	$ID     = '"'.$ID.'"';
+	$ACTION = '"'.$ACTION.'"';
+	
+	return "<script>setTimeout('Start_Countdown($COUNT, $ID, $ACTION)', $DELAY_Start_Countdown);</script>\n";
 
 }//end Timeout_Timer() //*******************************************************
 
@@ -1542,7 +1550,7 @@ function List_File($file, $file_url) {//****************************************
 	global $_, $DOC_ROOT, $ONESCRIPT, $ICONS, $MESSAGE;
 
 	$file_OS = Convert_encoding($file);
-	clearstatcache ();
+	clearstatcache();
 	$ipath = trim($DOC_ROOT,'/').dir_name($file_url);
 
 	$href = $ONESCRIPT.'?i='.$ipath.'&amp;f='.basename($file_url);
@@ -1571,7 +1579,7 @@ function List_Backups_and_Logs() {//********************************************
 	$ONESCRIPT_file_backup_OS = Convert_encoding($ONESCRIPT_file_backup);
 	$LOGIN_LOG_file_OS		  = Convert_encoding($LOGIN_LOG_file);
 
-	clearstatcache ();
+	clearstatcache();
 	$backup_found = $log_found = false;
 	if (is_file($ONESCRIPT_file_backup_OS) || is_file($CONFIG_FILE_backup_OS) ) { $backup_found = true; }
 	if (is_file($LOGIN_LOG_file_OS)) { $log_found = true; }
@@ -1955,6 +1963,18 @@ function Create_Table_for_Listing() {//*****************************************
 
 	$new_path = URLencode_path(dir_name($ipath)); //for "../" entry in dir list.
 
+	$file_owner_header = $file_group_header = "";
+	if (function_exists('posix_getpwuid')) { 
+		$file_owner_header = $_['Owner'];
+		$file_group_header = $_['Group'];
+	}
+
+	$ti = $TABINDEX + 6;
+	if ($ipath == $ACCESS_ROOT)
+		{ $file_0 = "<a id=f0c5 tabindex=$ti>&nbsp;</a>"; }
+	else
+		{ $file_0 = "<a id=f0c5 tabindex=$ti href='$ONEFILECMS?i=$new_path'>{$ICONS['up_dir']} <b>..</b> /</a>"; }
+
 	//<input hidden> is a dummy input to make sure files[] is always an array for Select_All() & Confirm_Ready().
 ?>
 	<INPUT TYPE=hidden NAME="files[]" VALUE="">
@@ -1969,7 +1989,7 @@ function Create_Table_for_Listing() {//*****************************************
 	<tr>
 	<th colspan=3><LABEL for=select_all_ckbox id=select_all_label><?php echo hsc($_['Select_All']) ?></LABEL></th>
 	<th><div class=ckbox>
-			<INPUT id=select_all_ckbox tabindex=<?php echo $TABINDEX++ ?> TYPE=checkbox NAME=select_all VALUE=select_all>
+			<INPUT id=select_all_ckbox tabindex=<?php echo $TABINDEX + 0 ?> TYPE=checkbox NAME=select_all VALUE=select_all>
 		</div>
 	</th>
 	
@@ -1977,38 +1997,37 @@ function Create_Table_for_Listing() {//*****************************************
 	
 	<th class=file_name>
 		<div id=ff_ckbox_div class=ckbox>
-			<INPUT tabindex=<?php echo $TABINDEX++?> TYPE=checkbox id=folders_first_ckbox NAME=folders_first VALUE=folders_first checked>
+			<INPUT tabindex=<?php echo $TABINDEX + 1?> TYPE=checkbox id=folders_first_ckbox NAME=folders_first VALUE=folders_first checked>
 		</div>
 		<label for=folders_first_ckbox id=folders_first_label title="<?php  echo hsc($_['folders_first_info']) ?>">
 			(<?php echo hsc($_['folders_first']) ?>)
 		</label>
-		<a tabindex=<?php echo ($TABINDEX + 1)?> href="#" id=header_sorttype>(<?php echo hsc($_['ext']) ?>)</a>
-		<a tabindex=<?php echo $TABINDEX++?>     href="#" id=header_filename><?php echo hsc($_['Name']) ?></a>
-		<?php $TABINDEX++ // ?>
+		<a tabindex=<?php echo $TABINDEX + 3 ?> href="#" id=header_sorttype>(<?php echo hsc($_['ext']) ?>)</a>
+		<a tabindex=<?php echo $TABINDEX + 2 ?>     href="#" id=header_filename><?php echo hsc($_['Name']) ?></a>
 	</th>
-	<th class=file_size><a tabindex=<?php echo $TABINDEX++?> href="#" id=header_filesize><?php echo hsc($_['Size']." (".$_['bytes'].")") ?></a></th>
-	<th class=file_time><a tabindex=<?php echo $TABINDEX++?> href="#" id=header_filedate><?php echo hsc($_['Date']) ?></a></th>
+
+	<th class=file_size><a tabindex=<?php echo $TABINDEX + 4 ?> href="#" id=header_filesize><?php echo hsc($_['Size']." (".$_['bytes'].")") ?></a></th>
+	<th class=file_time><a tabindex=<?php echo $TABINDEX + 5 ?> href="#" id=header_filedate><?php echo hsc($_['Date']) ?></a></th>
+
+	<th><?php echo $file_owner_header ?></th>
+	<th><?php echo $file_group_header ?></th>
 	</tr>
 
 	<tr><?php // "../" directory entry ?>
 		<td colspan=5 id=header_msg></td>
-		<td>
-<?php		if ($ipath == $ACCESS_ROOT) {
-				echo '<a id=f0c5 tabindex='.$TABINDEX++.'>&nbsp;</a>';
-			}
-			else {
-				echo '<a id=f0c5 tabindex='.$TABINDEX++.' href="'.$ONEFILECMS.'?i='.$new_path.'">'.$ICONS['up_dir'].' <b>..</b> /</a>';
-			}
-?>		</td>
-		<td></td>
-		<td></td>
+		<td><?php echo $file_0 ?></td>
+		<td></td><?php //file size  ?>
+		<td></td><?php //date time  ?>
+		<td></td><?php //file owner  ?>
+		<td></td><?php //file group  ?>
 	<tr>
 
 	<?php //Directory & footer content will be inserted later. ?>
 	<tbody id=DIRECTORY_LISTING></tbody>
-	<tr><td id=DIRECTORY_FOOTER colspan=8></td></tr>
+	<tr><td id=DIRECTORY_FOOTER colspan=10></td></tr> <?php //##### Abstract out the 10, and define/determine by??? ##### ?>
 	</table>
 <?php
+	$TABINDEX += 7;
 }//Create_Table_for_Listing() //************************************************
 
 
@@ -2064,16 +2083,32 @@ function Get_DIRECTORY_DATA($raw_list) {//**************************************
 		//Get file size & date.
 		$file_size_raw = filesize($filename_OS);
 		$file_time_raw = filemtime($filename_OS);
+		
+		//Some systems, like Windows, don't have this function/info (posix_getpwuid).
+		$fileowner_name = "";
+		$filegroup_name = "";
+		if (function_exists('posix_getpwuid')) {
+			$fileowner_uid  = fileowner($filename_OS);
+			$fileowner_info = posix_getpwuid($fileowner_uid);
+			$fileowner_name = $fileowner_info['name'];
 			
+			$filegroup_uid	= filegroup($filename_OS);
+			$filegroup_info = posix_getgrgid($filegroup_uid);
+			$filegroup_name = $filegroup_info['name'];
+		}
+
 		//Store data
-		$DIRECTORY_DATA[$DIRECTORY_COUNT] = array('', '', 0, 0, 0, '', '');
+		$DIRECTORY_DATA[$DIRECTORY_COUNT] = array('', '', 0, 0, 0, '', '', '', '');
 		$DIRECTORY_DATA[$DIRECTORY_COUNT][0] = $type;  //used to determine icon & f_or_f
 		$DIRECTORY_DATA[$DIRECTORY_COUNT][1] = $filename;
 		$DIRECTORY_DATA[$DIRECTORY_COUNT][2] = $file_size_raw;
 		$DIRECTORY_DATA[$DIRECTORY_COUNT][3] = $file_time_raw;
 		$DIRECTORY_DATA[$DIRECTORY_COUNT][4] = $is_ofcms; //If = 1, Don't show ren, del, ckbox.
-		$DIRECTORY_DATA[$DIRECTORY_COUNT][5] = $ext;
+		$DIRECTORY_DATA[$DIRECTORY_COUNT][5] = $ext; //##### Is this used?
 		$DIRECTORY_DATA[$DIRECTORY_COUNT][6] = decoct(fileperms($filename_OS) & 07777);
+		$DIRECTORY_DATA[$DIRECTORY_COUNT][7] = $fileowner_name;
+		$DIRECTORY_DATA[$DIRECTORY_COUNT][8] = $filegroup_name;
+
 		$DIRECTORY_COUNT++;
 	}//end foreach file
 
@@ -2082,37 +2117,6 @@ function Get_DIRECTORY_DATA($raw_list) {//**************************************
 
 
 
- 
-function Send_directory_data_to_js() {//****************************************
-	global $DIRECTORY_DATA, $DIRECTORY_COUNT;
-	//"send" DIRECTORY_DATA to javascript.
-	$data_for_js = "<script>\n";
-
-	$row = 0; //index after filter of . & ..
-	for ($x = 0; $x < $DIRECTORY_COUNT; $x++) {
-		$filename = $DIRECTORY_DATA[$x][1];
-		if ( ($filename != '.') && ($filename != '..') ) {; // skip . & ..
-			$data_for_js .= 'DIRECTORY_DATA['.$row++.'] = [';
-			$data_for_js .= '"'  .$DIRECTORY_DATA[$x][0].'"';				// "type"
-			$data_for_js .= ', "'.addslashes($DIRECTORY_DATA[$x][1]).'"';	// "file name"
-			$data_for_js .= ', ' .$DIRECTORY_DATA[$x][2];					// filesize
-			$data_for_js .= ', ' .$DIRECTORY_DATA[$x][3];					// timestamp
-			$data_for_js .= ', ' .$DIRECTORY_DATA[$x][4];					// is_ofcms
-			$data_for_js .= ', "'.addslashes($DIRECTORY_DATA[$x][5]).'"';	// "ext"
-			$data_for_js .= ', ' .$DIRECTORY_DATA[$x][6];					// file permissions
-			$data_for_js .= "];\n";
-		}//end skip . & ..
-	}//end for x
-
-	$data_for_js .= "var DIRECTORY_ITEMS = DIRECTORY_DATA.length;\n";
-
-	$data_for_js .= "</script>\n\n";
-	echo $data_for_js;
-
-}//end Send_directory_data_to_js() {//******************************************
-
-
-
 
 function Index_Page_buttons_top($file_count) {//********************************
 	global $_, $ONESCRIPT, $param1, $ICONS, $TABINDEX;
@@ -2139,28 +2143,36 @@ function Index_Page_buttons_top($file_count) {//********************************
 
 
 
- 
-function Index_Page() {//*******************************************************
-	global  $ONESCRIPT, $ipath_OS, $param1, $INPUT_NUONCE;
 
-	init_ICONS_js();
+function Index_Page() {//*******************************************************
+	global  $ONESCRIPT, $ipath_OS, $param1, $INPUT_NUONCE, $DIRECTORY_DATA, $DIRECTORY_COUNT;
 
 	$raw_list = scandir('./'.$ipath_OS);  //Get current directory list  (unsorted)
 	$file_count = Get_DIRECTORY_DATA($raw_list);
 
 	//<form> to contain directory, including buttons at top.
-	echo '<form method="post" id="mcdselect" action="'.$ONESCRIPT.$param1.'&amp;p=mcdaction">';
-	echo '<input type="hidden" name="mcdaction" value="">'; //along with $page, affects response
+	echo "<form method=post id=mcdselect action='{$ONESCRIPT}{$param1}&amp;p=mcdaction'>\n";
+	echo "<input type=hidden name=mcdaction value=''>\n"; //along with $page, affects response
 	echo $INPUT_NUONCE; //Needed for file permission updates.
 
 	Index_Page_buttons_top($file_count);
 
 	Create_Table_for_Listing(); //sets up table with empty <tbody></tbody>
 
-	echo "</form>\n";
+	echo "</form>\n\n\n";
+
+	//  DIRECTORY_DATA[x] = ['type', 'file name', filesize, timestamp, is_ofcms, 'ext', permissions, file owner, file group]
+
+	if ($DIRECTORY_COUNT < 1) { $json_parse_encoded_data = "[]"; }
+	else { $json_parse_encoded_data = "JSON.parse('". json_encode($DIRECTORY_DATA)."')"; }
 
+	echo "<script>\n";
+	echo "var DIRECTORY_DATA = $json_parse_encoded_data;\n";
+	echo "var DIRECTORY_ITEMS = DIRECTORY_DATA.length;\n";
+	echo "</script>\n";
+	
+	init_ICONS_js();
 	Index_Page_scripts();
-	Send_directory_data_to_js();
 	Index_Page_events();
 }//end Index_Page() //**********************************************************
 
@@ -2171,7 +2183,7 @@ function Edit_Page_buttons_top($text_editable,$file_ENC) {//********************
 	global $_, $ONESCRIPT, $param1, $param2, $filename, $filename_OS, $IS_OFCMS, 
 				$WYSIWYG_VALID, $EDIT_WYSIWYG, $WYSIWYG_label, $MESSAGE;
 
-	clearstatcache ();
+	clearstatcache();
 
 	//[View Raw] button.
 	if ($text_editable) {
@@ -2907,7 +2919,7 @@ function Format_Perms($perms_oct) {//*******************************************
     //bits                  8 4 2 1 | 8 4 2 1 | 8 4 2 1 | 8 4 2 1
 	//hex                      F         F         F         F
 
-	$ugt = ['---', '--t', '-g-', '-gt', 'u--', 'u-t', 'ug-', 'ugt']; //SetUid SetGid sTicky
+	$ugt = ['...', '..t', '.g.', '.gt', 'u..', 'u.t', 'ug.', 'ugt']; //SetUid SetGid sTicky
 	$rwx = ['---', '--x', '-w-', '-wx', 'r--', 'r-x', 'rw-', 'rwx'];
 
 	if (strlen($perms_oct) > 3) { $ugidsticky = substr($perms_oct, -4, 1); }
@@ -2953,7 +2965,7 @@ function Update_File_Permissions() {//******************************************
 			$MESSAGE .= "class=mono>chmod(\"$filename_OS\", octdec($new_perms))</span>";
 		}
 	}
-	clearstatcache ();
+	clearstatcache();
 	$new_perms = decoct((fileperms($filename_OS) & 07777)); //May not actually be new, if update failed.
 	$new_perms = str_pad($new_perms, 3, "0", STR_PAD_LEFT); //Always at least three digits:  000
 
@@ -2967,7 +2979,7 @@ function Update_File_Permissions() {//******************************************
 	$new_perms_response['new_perms'] 	  = $new_perms;
 	$new_perms_response['perms_filename'] = $ipath.$filename;
 	$new_perms_response['nuonce']		  = $_SESSION['nuonce'];
-	$new_perms_response['early_output']   = hsc(ob_get_clean()); //Should always be empty unless error or trouble-shooting.
+	$new_perms_response['early_output']   = ob_get_clean(); //Should always be empty unless error or trouble-shooting.
 	$new_perms_response['errors']		  = $errors."";
 	$new_perms_response['MESSAGE']		  = $MESSAGE;
 	echo json_encode($new_perms_response);
@@ -3081,6 +3093,7 @@ function init_ICONS_js() {//****************************************************
 
 	//Currently, only icons for dir listing are needed in js
 ?>
+
 <script>
 var ICONS = [];
 ICONS['bin']	 = '<?php echo $ICONS["bin"]	 ?>';
@@ -3099,6 +3112,7 @@ function init_ICONS_js() {//****************************************************
 ICONS['copy']    = '<?php echo $ICONS["copy"]    ?>';
 ICONS['delete']  = '<?php echo $ICONS["delete"]  ?>';
 </script>
+
 <?php
 }//end init_ICONS_js() //*******************************************************
 
@@ -3372,7 +3386,8 @@ function Index_Page_events() {//************************************************
 
 	//Ignore any other key presses...
 	if ((key != AU) && (key != AD) && (key != AL) && (key != AR) && (key != PU) && (key != PD) && 
-		(key != HOME) && (key != END) && (key != ESC) && (key != TAB) && (key != ENTER)) { return }
+		(key != HOME) && (key != END) && (key != ESC) && (key != TAB) && (key != ENTER) 
+	) { return }
 
 	//File Rows. For these events, "../" is 0, and files are indexed from 1 to DIRECTORY_ITEMS.
 	var FROWS     = DIRECTORY_ITEMS;
@@ -3418,6 +3433,14 @@ function Index_Page_events() {//************************************************
 		}
 	}
 
+
+	//For when focus is in the /current/path/header (x_focus == "p").
+	if ((key == HOME) || (key == END)) {
+		//path_items[0].id = path_header, then path_0, path_1, ..., path_(length-2)
+		var path_items = document.querySelectorAll('[id^="p"]');
+	}
+
+
 	//PROCESS THE KEYDOWN EVENT... /////////////////////////////////////////////
 	//In general:
 	//  ENTER - enabled to check/unckeck checkboxes, and respond as needed.
@@ -3429,8 +3452,14 @@ function Index_Page_events() {//************************************************
 	//  Page Up/Down will likewise loop thru page, with soft-stops at first/last filenames.
 	//  Arrow Left/Right will function similarly to Tab/Shift-Tab, but hard stop at first/last link on page.
 
-	if (key == ENTER) {	
-		
+	if 		((key == HOME) && (x_focus == "p")) { ID = "path_0"; }
+	else if ((key ==  END) && (x_focus == "p")) { ID = "path_" + (path_items.length - 2); }
+	else if (key == TAB)  { return; }
+	else if (key == ESC)  { document.activeElement.blur();   return; }
+	else if (key == END)  { ID = LAST_FILE;  }
+	else if (key == HOME) {	ID = FIRST_FILE; } 
+
+	else if (key == ENTER) {	
 		if (ID == "select_all_ckbox") {
 			E('mcdselect').select_all.checked = !E('mcdselect').select_all.checked
 			Select_All();
@@ -3453,10 +3482,6 @@ function Index_Page_events() {//************************************************
 		if (has_focus.tagName == 'INPUT') { event.preventDefault(); }
 		return;
 	}
-	else if (key == TAB)  { return; }
-	else if (key == ESC)  { document.activeElement.blur();   return; }
-	else if (key == END)  { ID = LAST_FILE;  }
-	else if (key == HOME) {	ID = FIRST_FILE; } 
 	else if (key == AL) {
 		//Find first tab-able element to the left (usually just (focus_tabindex - 1))
 		for (var new_index = (focus_tabindex - 1); new_index > 0; new_index--) {
@@ -3609,9 +3634,7 @@ function Cancel_Perm_Changes($perms) {//******************************
 
 function Directory_Events($ckbox, $perms, $file, filename) {//********
 
-	//If $ckbox events changed, also change in Insert_mdx()
-	$ckbox.onfocus   = function() { this.parentNode.classList.add("ckbox_parent_focus");    }
-	$ckbox.onblur    = function() { this.parentNode.classList.remove("ckbox_parent_focus"); }
+	//$ckbox events are assigned in Insert_mdx()
 
 	$perms.onblur	 = function(event) { Cancel_Perm_Changes($perms) }
 
@@ -3712,14 +3735,14 @@ function Perms_Update_Response(request, $perms) { //******************
 	var msg = update_response.MESSAGE;
 
 	//Should always be blank unless troubleshooting, or an error server side.
-	if (update_response.early_output != "") { msg += "<hr>" + hsc(update_response.early_output); }
+	if (update_response.early_output != "") { msg += "<hr>" + update_response.early_output; }
 
 	//#####	msg += "<hr>" + hsc(request.responseText); //For trouble-shooting...
 
 	E('nuonce').value = update_response.nuonce; //For the next post...
 
 	var frow = $perms.id.split('c')[0].substr(1); //id = "fNNcN", frow = the NN after the "f"
-	var drow = frow - 1; //See frow & drow notes in Assemble_Insert_row()
+	var drow = frow - 1; //See Assemble_Insert_row() for description/explanation.
 
 	DIRECTORY_DATA[drow][6] = $perms.value;
 
@@ -3766,9 +3789,6 @@ function Index_Page_scripts() {//***********************************************
 	global $_, $ONESCRIPT, $param1, $ipath, $MESSAGE, $DELAY_Sort_and_Show_msgs, $MIN_DIR_ITEMS, $TABINDEX;
 ?>
 <script>
-//  DIRECTORY_DATA[x] = ("type", "file name", filesize, timestamp, is_ofcms, "ext", permissions)
-var DIRECTORY_DATA	  = [];
-
 var ONESCRIPT	= "<?php echo $ONESCRIPT ?>";
 var PARAM1		= "<?php echo $param1 ?>";  //capitalized here as it is used as a constant.
 var TABINDEX    = <?php echo $TABINDEX ?>;  //TABINDEX only used by js from this point on...
@@ -3785,14 +3805,15 @@ function Index_Page_scripts() {//***********************************************
 var SORT_folders_1st = true;  // Initially set to true. false = did not consider folders during prior sort.
 
 //Used to either show or hide [Mov][Del]  [X] options depending on if file is readonly or not.
-//Made 2D & set in Assemble_mdx().
-//Need to be global as used Insert_mdx(), which is called from two other functions.
+//Made 2D & assigned values in Assemble_mdx().
+//These need to be global as they're used in Insert_mdx(), which is called from two different functions.
 var MOV_rw = []; //Move/Rename
 var DEL_rw = []; //Delete
 var CBX_rw = []; //checkbox
 
 
 function Sort_Folders_First() {//*************************************
+	//Maintain existing sort order (by name, ext, date, etc.), but place all folders first.
 
 	//DIRECTORY_DATA[x] = ("type", "file name", filesize, timestamp, is_ofcms)	
 
@@ -3800,8 +3821,9 @@ function Sort_Folders_First() {//*************************************
 	var files    = [];
 	var folders  = [];
 	var row_data = [];
-	var F = D = row = 0;  //indexes
+	var F = 0, D = 0, row = 0;  //indexes
 
+	//Seperate folders & files into two seperate arrays...
 	for (row = 0; row < DIRECTORY_DATA.length; row++) {;
 		row_data = DIRECTORY_DATA[row];
 		type     = row_data[0];
@@ -3809,11 +3831,8 @@ function Sort_Folders_First() {//*************************************
 		else 			   { files[F++]   = row_data; }
 	}//end for
 
-	//Replace contents of DIRECTORY_DATA[] with a "merged" folders[] & files[].
-	DIRECTORY_DATA = [];
-	row = 0
-	for (D = 0; D < folders.length; D++) { DIRECTORY_DATA[row++] = folders[D]; }
-	for (F = 0; F < files.length;   F++) { DIRECTORY_DATA[row++] = files[F];   }
+	//Merge folders[] & files[] back together.
+	DIRECTORY_DATA = folders.concat(files);
 
 	SORT_folders_1st = true;
 
@@ -3874,11 +3893,12 @@ function sort_DIRECTORY(col, direction) {//***************************
 
 function Init_Dir_table_rows() {//************************************
 	//initialize <tr>'s with empty <td>'s
-	
+
 	var drow, cell, cells, tr, td;
-	
-	var last_cell = 8; // number of columns in directory listing.
 
+	//Number of columns in directory listing.
+	var last_cell = 10; //##### DEFINE/DETERMINE THIS ELSEWHERE??
+	
 	for (drow = 0; drow < DIRECTORY_ITEMS; drow++){
 		tr = E("DIRECTORY_LISTING").insertRow(-1); //-1 adds row after last row.
 		for (cell = 0; cell < last_cell; cell++) { td = tr.insertCell(-1); }
@@ -3890,6 +3910,8 @@ function Init_Dir_table_rows() {//************************************
 		cells[c++].className = 'file_name';
 		cells[c++].className = 'file_size meta_T';
 		cells[c++].className = 'file_time meta_T';
+		cells[c++].className = 'meta_T'; //file owner
+		cells[c++].className = 'meta_T'; //file group
 	}
 }//end Init_Dir_table_rows() {//**************************************
 
@@ -3897,14 +3919,14 @@ function Init_Dir_table_rows() {//************************************
 
 
 //********************************************************************
-function Assemble_mdx(drow, cells, href, f_or_f, filename, tabindex) {
+function Assemble_mdx(drow, href, f_or_f, filename, tabindex) {
 
 	//Assemble [mov], [del], & [x](checkbox)
 	//[mov], [del], and [x] are not available for OFCMS or readonly files.
 	//([copy] & [perms] are always available)
 	//The empty <a>'s are to accommodate keyboard nav via onkeydown() in Index_Page_events()...
 
-	var frow = drow + 1;
+	var frow = drow + 1; //See Assemble_Insert_row() for description/explanation.
 
 	var ren_id   = 'f' + frow + 'c0';
 	var del_id	 = 'f' + frow + 'c2';
@@ -3912,20 +3934,22 @@ function Assemble_mdx(drow, cells, href, f_or_f, filename, tabindex) {
 
 	var IS_OFCMS = DIRECTORY_DATA[drow][4]; 
 	var sogw = parseInt(DIRECTORY_DATA[drow][6] + "",8); //File permissions (suid sgid sticky)(owner)(group)(world)
-	var read_write = (((sogw & 0o200)/0o200) && !IS_OFCMS) * 1 ;  //Check file owner write bit, or if IS_OFCMS.
+	var writable = (((sogw & 0o200)/0o200) && !IS_OFCMS) * 1 ;  //Check file owner write bit, or if IS_OFCMS.
 
-	//Store both verions of these options for each file.
-	//[0] empty placeholder <a> (needed for keyboard nav), & [1] actual working option.
+	//Declared earlier in global scope (near top of Index_Page_scripts()).
+	//For storing both sets of html below.  For a given file, only one set used at a time, depending on write bit.
+	//[0] = file is not writable, contains empty placeholder <a> (needed for keyboard nav),
+	//[1] = file is writable, (write bit is set),contains working <a> or <input>
 	MOV_rw[frow] = [];
 	DEL_rw[frow] = [];
 	CBX_rw[frow] = [];
 
-	//Used when file is read only, or IS_OFCMS.  ([M], [D], & [X],  are unavailable.)
+	//Used when file is not writable, or IS_OFCMS.  ([M], [D], & [X],  are unavailable.)
 	MOV_rw[frow][0] = '<a id=' + ren_id   + ' tabindex='+ (tabindex + 0) +'>&nbsp;</a>';
 	DEL_rw[frow][0] = '<a id=' + del_id   + ' tabindex='+ (tabindex + 2) +'>&nbsp;</a>';
 	CBX_rw[frow][0] = '<a id=' + ckbox_id + ' tabindex='+ (tabindex + 3) +'>&nbsp;</a>';
 
-	//Used when file is read_write.
+	//Used when file is writable.
 	MOV_rw[frow][1]  = '<a id=' + ren_id + ' tabindex='+ (tabindex + 0) +' class=MCD href="' + href + '&amp;p=rename' + f_or_f;
 	MOV_rw[frow][1] += '" title="<?php echo hsc($_['Ren_Move']) ?>">' + ICONS['ren_mov'] + '</a>';
 	DEL_rw[frow][1]  = '<a id=' + del_id + ' tabindex='+ (tabindex + 2) +' class=MCD href="' + href + '&amp;p=delete' + f_or_f;
@@ -3942,16 +3966,16 @@ function Insert_mdx(drow, cells) {//**********************************
 
 	var IS_OFCMS = DIRECTORY_DATA[drow][4]; 
 	var sogw = parseInt(DIRECTORY_DATA[drow][6] + "",8); //File permissions (suid sgid sticky)(owner)(group)(world)
-	var read_write = (((sogw & 0o200)/0o200) && !IS_OFCMS) * 1 ;  //Check file owner write bit, or if IS_OFCMS.
-	
-	var frow = drow + 1;
+	var writable = (((sogw & 0o200)/0o200) && !IS_OFCMS) * 1 ;  //Check file owner write bit, or if IS_OFCMS.
+
+	var frow = drow + 1; //See Assemble_Insert_row() for description/explanation.
 
 	//MOV_rw, DEL_rw, & CBX_rw, are globals, with values set in Assemble_mdx()
-	cells[0].innerHTML = MOV_rw[frow][read_write];
-	cells[2].innerHTML = DEL_rw[frow][read_write];
-	cells[3].innerHTML = CBX_rw[frow][read_write];
+	cells[0].innerHTML = MOV_rw[frow][writable];
+	cells[2].innerHTML = DEL_rw[frow][writable];
+	cells[3].innerHTML = CBX_rw[frow][writable];
 
-	//Re-assign checkbox events. (Initially assigned in Directory_Events()).
+	//Assign checkbox events. (See Directory_Events() for other directory events.)
 	$ckbox = E('f' + frow + 'c' + 3);
 	$ckbox.onfocus   = function() { this.parentNode.classList.add("ckbox_parent_focus");    }
 	$ckbox.onblur    = function() { this.parentNode.classList.remove("ckbox_parent_focus"); }
@@ -3974,12 +3998,17 @@ function Assemble_Insert_row(drow, href, filename, file_name, file_time){
 	var filetype = DIRECTORY_DATA[drow][0];
 	var filesize = DIRECTORY_DATA[drow][2];
 
-	//folder or file?
-	if (filetype == "dir") { var f_or_f = 'folder';	var file_size = ''; }
-	else 				   { var f_or_f = 'file';   var file_size = format_number(filesize); }
+	if (filetype == "dir") {
+		var f_or_f = 'folder';
+		var file_size = '';
+	}
+	else {
+		var f_or_f = 'file';
+		var file_size = format_number(filesize);
+	}
 
-	//While DIRECTORY_DATA, and the table rows created to list the data, are indexed from 0 (zero),
-	//the id's of files in the directory list are indexed from 1 (f1, f2...), as "../" is listed first with id=f0 (f-zero).
+	//While DIRECTORY_DATA[], and the table <tbody> rows created to list the data, are indexed from 0 (zero),
+	//the id's of files in the directory list are indexed from 1 (f1, f2...), as "../" is listed first with id=f0c5 (f-zero).
 	//The id's are used in Index_Page_events() "cursor" control.
 	var frow = drow + 1;
 
@@ -3992,13 +4021,13 @@ function Assemble_Insert_row(drow, href, filename, file_name, file_time){
 
 	//[copy] & [perms] are always available.
 	copy  = '<a id=' + copy_id + ' tabindex='+ (TABINDEX + 1) +' class=MCD href="' + href + '&amp;p=copy'   + f_or_f;
-	copy += '" title="<?php echo hsc($_['Copy'])     ?>">' + ICONS['copy']    + '</a>';
+	copy += '" title="<?php echo hsc($_['Copy']) ?>">' + ICONS['copy'] + '</a>';
 
 	perms  = '<input id=' + perms_id + ' tabindex=' + (TABINDEX + 4) + ' class=perms';
 	perms += ' value="' + DIRECTORY_DATA[drow][6]+ '" maxlength=4 readonly>';
 
 	//Assemble & Insert contents for cells[0], [2], & [3]  ([Mov], [Del], [ckbox])
-	Assemble_mdx(drow, cells, href, f_or_f, filename, TABINDEX);
+	Assemble_mdx(drow, href, f_or_f, filename, TABINDEX);
 	Insert_mdx(drow, cells);
 	TABINDEX = TABINDEX + 5;
 
@@ -4008,6 +4037,8 @@ function Assemble_Insert_row(drow, href, filename, file_name, file_time){
 	cells[5].innerHTML = file_name;
 	cells[6].innerHTML = file_size;
 	cells[7].innerHTML = file_time;
+	cells[8].innerHTML = DIRECTORY_DATA[drow][7]; //File owner. Will be blank on Windows machines.
+	cells[9].innerHTML = DIRECTORY_DATA[drow][8]; //File group. Will be blank on Windows machines.
 
 	Directory_Events(E(ckbox_id), E(perms_id), E(file_id), filename);
 
@@ -4020,19 +4051,30 @@ function Build_Directory() {//****************************************
 
 	TABINDEX    = <?php echo $TABINDEX ?>;  //Rest TABINDEX
 
-	//Has the directory table been init'd yet?
-	if (E("DIRECTORY_LISTING").rows.length < 1)	{ Init_Dir_table_rows(E("DIRECTORY_LISTING")); }
+	//Has the directory table been init'd yet?  (<tbody id=DIRECTORY_LISTING></tbody>)
+	if (E("DIRECTORY_LISTING").rows.length < 1)	{ Init_Dir_table_rows(); }
+
+	//If directory is empty (no files or folders, but still has header & footer rows),
+	//then the bottm, L, & R, directory <table> borders do not show.  I don't know why.
+	//Inserting a blank row solves this. (Even without inserting any cells.)
+	if (DIRECTORY_ITEMS < 1) {
+		var tr = E("DIRECTORY_LISTING").insertRow(-1);
+		return;
+	}
+
 
 	//Fill 'er up!
-	for (var row = 0; row < DIRECTORY_ITEMS; row++) {
+	for (var drow = 0; drow < DIRECTORY_ITEMS; drow++) {
+		
+		var frow = drow + 1; //See Assemble_Insert_row() for description/explanation.
 		
-		var filetype = DIRECTORY_DATA[row][0];
-		var filename = DIRECTORY_DATA[row][1];
-		var filesize = DIRECTORY_DATA[row][2];
-		var filetime = DIRECTORY_DATA[row][3];
+		var filetype = DIRECTORY_DATA[drow][0];
+		var filename = DIRECTORY_DATA[drow][1];
+		var filesize = DIRECTORY_DATA[drow][2];
+		var filetime = DIRECTORY_DATA[drow][3];
 		
 		//folder or file?
-		if (filetype == "dir"){
+		if (filetype == "dir") {
 			var DS        = ' /';
 			var href      = ONESCRIPT + PARAM1 + encodeURIComponent(filename);
 		} else {
@@ -4043,15 +4085,15 @@ function Build_Directory() {//****************************************
 		var file_col = 5; //column of file names
 		
 		//The (TABINDEX + 5) accounts for the [m][c][d][x][perms] links which are added in Assemble_Insert_Row().
-		var file_name  = '<a id=f'+(row + 1)+'c'+ file_col + ' tabindex='+ (TABINDEX + 5) +' href="' + href  + '"'; 
+		var file_name  = '<a id=f'+ frow +'c'+ file_col + ' tabindex='+ (TABINDEX + 5) +' href="' + href  + '"'; 
 			file_name += ' title="<?php echo hsc($_['Edit_View']) ?>: ' + hsc(filename) + '" >';
 			file_name += ICONS[filetype] + '&nbsp;' + hsc(filename) + DS + '</a>';
 		var file_time  = FileTimeStamp(filetime, 1, 0, 0);
 		
-		Assemble_Insert_row(row, href, filename, file_name, file_time);
+		Assemble_Insert_row(drow, href, filename, file_name, file_time);
 		
-		TABINDEX++; //To accuont for file_name above
-	}//end for (row...
+		TABINDEX++; //For the next item after file_name.
+	}//end for (drow...
 }//end Build_Directory() //*******************************************
 
 
@@ -4096,7 +4138,7 @@ function Sort_and_Show(col, direction) {//****************************
 	}
 
 	//setTimeout() needed so 'Working' message will actually get displayed *before* the sort.
-	setTimeout( function () {
+	setTimeout( function () { 
 		sort_DIRECTORY(col, direction); //Sort DIRECTORY_DATA
 		Build_Directory();
 		E('DIRECTORY_FOOTER').innerHTML = Directory_Summary();
@@ -5483,9 +5525,6 @@ function Load_style_sheet() {//*************************************************
 }//end footer
 
 echo "\n</div>\n"; //end main/login_page
-echo "</html>\n";  //***********************************************************
-
-
 
 
 if ( ($page == "edit") && $WYSIWYG_VALID && $EDIT_WYSIWYG ) { include($WYSIWYG_PLUGIN_OS); }
@@ -5504,7 +5543,7 @@ function Load_style_sheet() {//*************************************************
 
 //The setTimeout() delay should be greater than what is set for the Sort_and_Show() "working..." message.
 echo 'setTimeout("Display_Messages($MESSAGE, take_focus)", '.$DELAY_final_messages.');';
-echo "</script>\n\n";
+echo "\n</script>\n\n";
 
 	//##### ACTUAL COUNTDOWN STARTS ON THE SERVER.
 	//##### DO I NEED TO ACCOUNT FOR TIME RECEIVING & LOADING PAGE CLIENT SIDE?
@@ -5514,6 +5553,7 @@ function Load_style_sheet() {//*************************************************
 if ($page == 'edit')    { echo Timeout_Timer($MAX_IDLE_TIME, 'timer1', 'LOGOUT'); }
 if ($LOGIN_DELAYED > 0) { echo Timeout_Timer($LOGIN_DELAYED, 'timer0', ''); }
 
+echo "</html>\n";  //***********************************************************
 //##### Header (UTF-8) for [View Raw] incorrect or not getting sent??
 //##### If file has non-ascii characters, browers display in ISO-8859-1/Windows-1252,
 //##### Except IE, which asks to download the file...

From 06ed75e100ffabfc0154abfb65be125b6ee2f428 Mon Sep 17 00:00:00 2001
From: Self-Evident <selfevidenttruths@mail.com>
Date: Fri, 6 Oct 2017 14:30:00 -0400
Subject: [PATCH 223/228] Version 3.6.10 Fixed minor bug introduced in 3.6.09: 
  removed unneeded client side JSON.parse of the result of PHP's
 json_encode($DIRECTORY_DATA). Re-worked the Index page keyboard nav a bit.
 Fixed issue of stat() errors on dead links.  (by using lstat(), of course)
 Directory list now shows link targets:[ symlinkedfile -> /path/to/linked/file
 ] Some restructure of Get_DIRECTORY_DATA().

---
 onefilecms.php | 290 ++++++++++++++++++++++++++++++-------------------
 1 file changed, 177 insertions(+), 113 deletions(-)

diff --git a/onefilecms.php b/onefilecms.php
index 2d53bac..6814311 100755
--- a/onefilecms.php
+++ b/onefilecms.php
@@ -2,7 +2,7 @@
 
 // OneFileCMS - github.com/Self-Evident/OneFileCMS
 
-$OFCMS_version = '3.6.09';
+$OFCMS_version = '3.6.10';
 
 //If language values changed, don't forget the Language Settings version.
 
@@ -197,7 +197,8 @@ function System_Setup() {//*****************************************************
 	$ONESCRIPT,  $ONESCRIPT_file, $ONESCRIPT_backup, $ONESCRIPT_file_backup, 
 	$CONFIG_backup, $CONFIG_FILE, $CONFIG_FILE_backup, $VALID_CONFIG_FILE, 
 	$DOC_ROOT, $WEBSITE, $PRE_ITERATIONS, $EX, $MESSAGE, $ENC_OS, $DEFAULT_PATH,
-	$DELAY_Expired_Reload, $DELAY_Sort_and_Show_msgs, $DELAY_Start_Countdown, $DELAY_final_messages, $MIN_DIR_ITEMS;
+	$DELAY_Expired_Reload, $DELAY_Sort_and_Show_msgs, $DELAY_Start_Countdown, $DELAY_final_messages,
+	$MIN_DIR_ITEMS, $DIRECTORY_COLUMNS;
 
 //Requires PHP 5.1 or newer, due to changes in explode() (and maybe others).
 define('PHP_VERSION_ID_REQUIRED',50100);   //Ex: 5.1.23 is 50123
@@ -370,6 +371,11 @@ function System_Setup() {//*****************************************************
 }
 
 
+//This will probably never change, again...
+//Value deterimined in Create_Table_for_Listing(), and used in Assemble_Insert_row() & Init_Dir_table_rows().
+$DIRECTORY_COLUMNS = 10; 
+
+
 //Used in hashit() and js_hash_scripts().  IE<9 is WAY slow, so keep it low.
 //For 200 iterations: (time on IE8) > (37 x time on FF). And the difference grows with the iterations.
 //If you change this, or any other aspect of either hashit() or js_hash_scripts(), do so while logged in.
@@ -1957,7 +1963,7 @@ function Login_response() {//***************************************************
 
 
 function Create_Table_for_Listing() {//*****************************************
-	global $_, $ONEFILECMS, $ipath, $ipath_OS, $ICONS, $TABINDEX, $ACCESS_ROOT;
+	global $_, $ONEFILECMS, $ipath, $ipath_OS, $ICONS, $TABINDEX, $ACCESS_ROOT, $DIRECTORY_COLUMNS;
 
 	//Header row: | Select All|[ ]|[X](folders first)      Name      (ext) |   Size   |    Date    |
 
@@ -2024,7 +2030,7 @@ function Create_Table_for_Listing() {//*****************************************
 
 	<?php //Directory & footer content will be inserted later. ?>
 	<tbody id=DIRECTORY_LISTING></tbody>
-	<tr><td id=DIRECTORY_FOOTER colspan=10></td></tr> <?php //##### Abstract out the 10, and define/determine by??? ##### ?>
+	<tr><td id=DIRECTORY_FOOTER colspan="<?php echo $DIRECTORY_COLUMNS ?>"></td></tr>
 	</table>
 <?php
 	$TABINDEX += 7;
@@ -2036,12 +2042,12 @@ function Create_Table_for_Listing() {//*****************************************
 function Get_DIRECTORY_DATA($raw_list) {//**************************************
 	global $_, $ONESCRIPT, $ipath, $ipath_OS, $param1, $ICONS, $MESSAGE, 
 			$FTYPES, $FCLASSES, $EXCLUDED_LIST, $STYPES, $SHOWALLFILES, 
-			$DIRECTORY_COUNT, $DIRECTORY_DATA, $ENC_OS;
+			$DIRECTORY_DATA, $ENC_OS;
 
 	//Doesn't use global $filename or $filename_OS in this function (because they shouldn't exist on the Index page)
 	//$filename below is JUST the file's name.  In other functions, it's the full/path/filename
 
-	$DIRECTORY_COUNT = 0; //final count to exclude . & .., and possibly $excluded file names
+	$file_count = 0; //final count to exclude . & .., and any $excluded file names
 	foreach ($raw_list as $raw_filename) { //$raw_list is in server's File System encoding
 		
 		if ( ($raw_filename == '.') || ($raw_filename == '..') ) {continue;}
@@ -2068,9 +2074,6 @@ function Get_DIRECTORY_DATA($raw_list) {//**************************************
 			if ( !$SHOWTYPE || in_array($filename, $EXCLUDED_LIST) ) { continue; }
 		}
 			
-		//Used to hide rename & delete options for active copy of OneFileCMS.
-		$is_ofcms = Set_IS_OFCMS($ipath.$filename);
-		
 		//Set icon type based on if dir, or file type ($ext).
 		if (is_dir($filename_OS)) { $type = 'dir'; }
 		else					  { $type = $FCLASSES[array_search($ext, $FTYPES)]; }
@@ -2079,40 +2082,60 @@ function Get_DIRECTORY_DATA($raw_list) {//**************************************
 		if (in_array($type,$FCLASSES)) { $icon = $ICONS[$type];}
 		elseif ($type == 'dir')        { $icon = $ICONS['folder']; }
 		else                           { $icon = $ICONS['bin']; } //default
-			
-		//Get file size & date.
-		$file_size_raw = filesize($filename_OS);
-		$file_time_raw = filemtime($filename_OS);
 		
-		//Some systems, like Windows, don't have this function/info (posix_getpwuid).
-		$fileowner_name = "";
-		$filegroup_name = "";
-		if (function_exists('posix_getpwuid')) {
-			$fileowner_uid  = fileowner($filename_OS);
+		//Get file size, date, mode (permissions), etc.
+		$file_stats = lstat($filename_OS);
+		
+		if ($file_stats) {
+			$file_perms = decoct($file_stats['mode'] & 07777);
+			$file_size  = $file_stats['size'];
+			$file_mtime = $file_stats['mtime'];
+		}
+		else {
+			$file_perms = "";
+			$file_size  = "";
+			$file_mtime = "";
+		}
+		
+		//Get file owner & group names. Some systems, like Windows, don't have posix_getpwuid().
+		if ($file_stats && function_exists('posix_getpwuid')) {
+			$fileowner_uid  = $file_stats['uid'];
 			$fileowner_info = posix_getpwuid($fileowner_uid);
 			$fileowner_name = $fileowner_info['name'];
 			
-			$filegroup_uid	= filegroup($filename_OS);
+			$filegroup_uid	= $file_stats['gid'];
 			$filegroup_info = posix_getgrgid($filegroup_uid);
 			$filegroup_name = $filegroup_info['name'];
 		}
-
+		else {
+			$fileowner_name = "";
+			$filegroup_name = "";
+		}
+		
+		if (is_link($filename_OS)) {
+			$link_target = " -> ".readlink($filename_OS);
+		}
+		else {
+			$link_target = "";
+		}
+		
 		//Store data
-		$DIRECTORY_DATA[$DIRECTORY_COUNT] = array('', '', 0, 0, 0, '', '', '', '');
-		$DIRECTORY_DATA[$DIRECTORY_COUNT][0] = $type;  //used to determine icon & f_or_f
-		$DIRECTORY_DATA[$DIRECTORY_COUNT][1] = $filename;
-		$DIRECTORY_DATA[$DIRECTORY_COUNT][2] = $file_size_raw;
-		$DIRECTORY_DATA[$DIRECTORY_COUNT][3] = $file_time_raw;
-		$DIRECTORY_DATA[$DIRECTORY_COUNT][4] = $is_ofcms; //If = 1, Don't show ren, del, ckbox.
-		$DIRECTORY_DATA[$DIRECTORY_COUNT][5] = $ext; //##### Is this used?
-		$DIRECTORY_DATA[$DIRECTORY_COUNT][6] = decoct(fileperms($filename_OS) & 07777);
-		$DIRECTORY_DATA[$DIRECTORY_COUNT][7] = $fileowner_name;
-		$DIRECTORY_DATA[$DIRECTORY_COUNT][8] = $filegroup_name;
-
-		$DIRECTORY_COUNT++;
+		$DIRECTORY_DATA[$file_count] = array('', '', 0, 0, 0, '', '', '', '', '');
+		$DIRECTORY_DATA[$file_count][0] = $type;  //used to determine icon & f_or_f
+		$DIRECTORY_DATA[$file_count][1] = $filename;
+		$DIRECTORY_DATA[$file_count][2] = $file_size;
+		$DIRECTORY_DATA[$file_count][3] = $file_mtime;
+		$DIRECTORY_DATA[$file_count][4] = Set_IS_OFCMS($ipath.$filename); //If = 1, Don't show ren, del, ckbox.
+		$DIRECTORY_DATA[$file_count][5] = $ext; //##### Is this used?
+		$DIRECTORY_DATA[$file_count][6] = $file_perms;
+		$DIRECTORY_DATA[$file_count][7] = $fileowner_name;
+		$DIRECTORY_DATA[$file_count][8] = $filegroup_name;
+		$DIRECTORY_DATA[$file_count][9] = $link_target;
+
+		$file_count++;
 	}//end foreach file
 
-	return $DIRECTORY_COUNT;
+	return $file_count; 
 }//end Get_DIRECTORY_DATA() //**************************************************
 
 
@@ -2148,26 +2171,26 @@ function Index_Page() {//*******************************************************
 	global  $ONESCRIPT, $ipath_OS, $param1, $INPUT_NUONCE, $DIRECTORY_DATA, $DIRECTORY_COUNT;
 
 	$raw_list = scandir('./'.$ipath_OS);  //Get current directory list  (unsorted)
-	$file_count = Get_DIRECTORY_DATA($raw_list);
+	$DIRECTORY_COUNT = Get_DIRECTORY_DATA($raw_list);
 
 	//<form> to contain directory, including buttons at top.
 	echo "<form method=post id=mcdselect action='{$ONESCRIPT}{$param1}&amp;p=mcdaction'>\n";
 	echo "<input type=hidden name=mcdaction value=''>\n"; //along with $page, affects response
 	echo $INPUT_NUONCE; //Needed for file permission updates.
 
-	Index_Page_buttons_top($file_count);
+	Index_Page_buttons_top($DIRECTORY_COUNT);
 
 	Create_Table_for_Listing(); //sets up table with empty <tbody></tbody>
 
 	echo "</form>\n\n\n";
 
-	//  DIRECTORY_DATA[x] = ['type', 'file name', filesize, timestamp, is_ofcms, 'ext', permissions, file owner, file group]
+	//  DIRECTORY_DATA[x] = ['type', 'file name', filesize, timestamp, is_ofcms, 'ext', permissions, file owner, file group, link target]
 
-	if ($DIRECTORY_COUNT < 1) { $json_parse_encoded_data = "[]"; }
-	else { $json_parse_encoded_data = "JSON.parse('". json_encode($DIRECTORY_DATA)."')"; }
+	if ($DIRECTORY_COUNT < 1) { $json_encoded_DIRECTORY_DATA = "[]"; }
+	else { $json_encoded_DIRECTORY_DATA = json_encode($DIRECTORY_DATA); }
 
 	echo "<script>\n";
-	echo "var DIRECTORY_DATA = $json_parse_encoded_data;\n";
+	echo "var DIRECTORY_DATA = $json_encoded_DIRECTORY_DATA;\n";
 	echo "var DIRECTORY_ITEMS = DIRECTORY_DATA.length;\n";
 	echo "</script>\n";
 	
@@ -2192,7 +2215,7 @@ function Edit_Page_buttons_top($text_editable,$file_ENC) {//********************
 
 	//[Wide View] / [Normal View] button.  Label is what button will do, not an indicator the current state.
 	$wide_view_button = "";
-	if ($text_editable) { //#####  && !$EDIT_WYSIWYG  ??
+	if ($text_editable && !$EDIT_WYSIWYG) {
 		if ($_COOKIE['wide_view'] === "on") { $wv_label = hsc($_['Normal_View']); }
 		else 								{ $wv_label = hsc($_['Wide_View']); }
 		$wide_view_button = "<button type=button id=wide_view class=button value={$_COOKIE['wide_view']}>$wv_label</button>\n";
@@ -2908,16 +2931,16 @@ function MCD_response($action, $msg1, $success_msg = '') {//********************
 
 
 function Format_Perms($perms_oct) {//*******************************************
-	//$pemrs_oct is a 3 or 4 digit octal string (7777).
+	//$perms_oct is a 3 or 4 digit octal string (7777).
 
-    //file                 file   | s s s | owner | group | world  
-    //permissions         t y p e | u g t | r w x | r w x | r w x
-	//                    
-    //bits        | 0 0 1 | 4 2 1 | 4 2 1 | 4 2 1 | 4 2 1 | 4 2 1
-	//octal             1     7       7       7       7       7
+    //file           file  |s s s|owner|group|world
+    //permissions   t y p e|u g t|r w x|r w x|r w x
 	//
-    //bits                  8 4 2 1 | 8 4 2 1 | 8 4 2 1 | 8 4 2 1
-	//hex                      F         F         F         F
+    //bits          1|4 2 1|4 2 1|4 2 1|4 2 1|4 2 1
+	//octal         1   7     7     7     7     7
+	//
+    //bits          8 4 2 1|8 4 2 1|8 4 2 1|8 4 2 1
+	//hex              F       F       F       F
 
 	$ugt = ['...', '..t', '.g.', '.gt', 'u..', 'u.t', 'ug.', 'ugt']; //SetUid SetGid sTicky
 	$rwx = ['---', '--x', '-w-', '-wx', 'r--', 'r-x', 'rw-', 'rwx'];
@@ -3373,6 +3396,8 @@ function Index_Page_events() {//************************************************
 
 
 E("main").onkeydown = function(event) { //*****************************
+	//Halt and be warned! For this be no lore, that here truly be, the dragons of yore!!!
+	//It won't look back, if you enter this Abyss, it'll only swallow you hole, then [redacted]!
 	//Control cursor keys to navigate index page. (Arrows, Page, Home, End)
 
 	var jump = <?php echo $PAGEUPDOWN ?>;//# of rows to jump with Page Up/Page Down.
@@ -3382,18 +3407,19 @@ function Index_Page_events() {//************************************************
 	var key = event.keyCode;
 
 	//Assign a few handy "constants": Arrow U/D/L/R, Page Up/Down, etc... 
-	var AU = 38, AD = 40, AL = 37, AR = 39, PU = 33, PD = 34; END = 35, HOME = 36, ESC = 27, TAB = 9, ENTER = 13;
+	var AU = 38, AD = 40, AL = 37, AR = 39, PU = 33, PD = 34, END = 35, HOME = 36, ESC = 27, ENTER = 13;
 
 	//Ignore any other key presses...
 	if ((key != AU) && (key != AD) && (key != AL) && (key != AR) && (key != PU) && (key != PD) && 
-		(key != HOME) && (key != END) && (key != ESC) && (key != TAB) && (key != ENTER) 
+		(key != HOME) && (key != END) && (key != ESC) && (key != ENTER) 
 	) { return }
 
-	//File Rows. For these events, "../" is 0, and files are indexed from 1 to DIRECTORY_ITEMS.
-	var FROWS     = DIRECTORY_ITEMS;
+	//File Rows. "../" is 0, and files are indexed from 1 to DIRECTORY_ITEMS.
+	var FROWS        = DIRECTORY_ITEMS;
 	var FILENAME_COL = 5;
-	var LAST_FILE = "f" + FROWS + "c" + FILENAME_COL;
-	var FIRST_FILE = "f0c" + FILENAME_COL;
+	var LAST_FILE    = "f" + FROWS + "c" + FILENAME_COL;
+	var FIRST_FILE   = "f1c" + FILENAME_COL;
+	var FILE_ZERO    = "f0c" + FILENAME_COL;
 
 	//Get id of current focus (before this event). If focus is in file list, ID = 'fn', or 'fnn', etc.
 	var ID      = document.activeElement.id;
@@ -3410,7 +3436,7 @@ function Index_Page_events() {//************************************************
 	if (E("b2")) {var button_row = "b2"} else {var button_row = "b4"}
 
 	//Indicate if current focus is on one of the elements of the table header row. (true / false)
-	//Select All[ ] | [x](folders first) Name  (.ext) | Size |  Date  |
+	//Select All[ ] | [x](folders first) Name  (.ext) | Size |  Date  | Owner | Group 
 	var focus_header = ((ID == "select_all_ckbox") || (ID == "folders_first_ckbox") || (ID == "header_filename") || 
 						(ID == "header_sorttype")  || (ID == "header_filesize")     || (ID == "header_filedate"));
 
@@ -3434,10 +3460,15 @@ function Index_Page_events() {//************************************************
 	}
 
 
-	//For when focus is in the /current/path/header (x_focus == "p").
-	if ((key == HOME) || (key == END)) {
-		//path_items[0].id = path_header, then path_0, path_1, ..., path_(length-2)
-		var path_items = document.querySelectorAll('[id^="p"]');
+	//Get ID of current directory (path_END).
+	//For example: <h2 id=path_header>/  home / [user] / [www1] / [some] / [path] / </h2>
+	//path_items[x]:         [0]      /(no id)/  [1]   /  [2]   /  [3]   /   [4]
+	//path_items.length = 5
+	//path_items[x] id's: path_header /(no id)/ path_0 / path_1 / path_2 / path_3
+	//   So, path_END id = path_(5 - 2) = path_3.
+	if ( (key == PU) || (key == PD) || (key == AU) || (key == AD) || ((x_focus == "p") && (key == HOME || key == END)) ) {
+		var path_items = document.querySelectorAll('[id^="path_"]');
+		var path_END   = "path_" + (path_items.length - 2);
 	}
 
 
@@ -3446,18 +3477,18 @@ function Index_Page_events() {//************************************************
 	//  ENTER - enabled to check/unckeck checkboxes, and respond as needed.
 	//  Tab- handle checkbox's (parent <div>'s & <label>'s), otherwise allow default action.
 	//  Esc simply removes focus from active element.
-	//	Home goes to the first row in list - (../)
-	//	End goes only to last file in list.
+	//  If focus in path_header, Home & End stay in path_header. Otherwise,
+	//	Home goes to the first row in list (first acutal file, not the .../), and 
+	//	End goes to last file in list.
 	//	Arrow Up/Down will loop from (top to bottom)/(bottom to top) of page (no hard stops).
 	//  Page Up/Down will likewise loop thru page, with soft-stops at first/last filenames.
 	//  Arrow Left/Right will function similarly to Tab/Shift-Tab, but hard stop at first/last link on page.
 
 	if 		((key == HOME) && (x_focus == "p")) { ID = "path_0"; }
-	else if ((key ==  END) && (x_focus == "p")) { ID = "path_" + (path_items.length - 2); }
-	else if (key == TAB)  { return; }
-	else if (key == ESC)  { document.activeElement.blur();   return; }
-	else if (key == END)  { ID = LAST_FILE;  }
+	else if ((key ==  END) && (x_focus == "p")) { ID = path_END; }
 	else if (key == HOME) {	ID = FIRST_FILE; } 
+	else if (key == END)  { ID = LAST_FILE;  }
+	else if (key == ESC)  { document.activeElement.blur(); return; }
 
 	else if (key == ENTER) {	
 		if (ID == "select_all_ckbox") {
@@ -3483,13 +3514,13 @@ function Index_Page_events() {//************************************************
 		return;
 	}
 	else if (key == AL) {
-		//Find first tab-able element to the left (usually just (focus_tabindex - 1))
+		//Find first tab-able element to the Left (usually just (focus_tabindex - 1))
 		for (var new_index = (focus_tabindex - 1); new_index > 0; new_index--) {
 			if (tabindex_IDs[new_index]) { ID = tabindex_IDs[new_index]; break; }
 		}
 	}
 	else if (key == AR) {
-		//Find first tab-able element to the right (usually just (focus_tabindex + 1))
+		//Find first tab-able element to the Right (usually just (focus_tabindex + 1))
 		for (var new_index = (focus_tabindex + 1); new_index < tabindex_IDs.length; new_index++) {
 			if (tabindex_IDs[new_index]) { ID = tabindex_IDs[new_index]; break; }
 		}
@@ -3500,65 +3531,94 @@ function Index_Page_events() {//************************************************
 		else if (key == AD) {ID = "logo"}
 		else if (key == PD) {ID = "logo"}
 	}
-	else if ((ID == "logo")|| (ID == "on_php") || (ID == "website") || (ID == "logout")) {
+	else if (ID == "logo") {
 		if      (key == AU) {ID = "admin"}
 		else if (key == PU) {ID = "admin"}
 		else if (key == AD) {ID = "path_0"}
-		else if (key == PD) {ID = "path_0"}
+		else if (key == PD) {ID = path_END}
+	}
+	else if ((ID == "website") || (ID == "logout")) {
+		if      (key == AU) {ID = "admin"}
+		else if (key == PU) {ID = "admin"}
+		else if (key == AD) {ID = path_END}
+		else if (key == PD) {ID = path_END}
 	}
 	else if (ID == "X_box") {
 		if      (key == AU)   {ID = "path_0"}
 		else if (key == PU)   {ID = "logo"}
 		else if (key == AD)   {ID = button_row}
-		else if (key == PD)   {ID = FIRST_FILE}
+		else if (key == PD)   {ID = FILE_ZERO}
 	}
 	else if (x_focus == 'p') { //In path_header: webroot/current/path/
 		if      (key == AU)   {ID = "logo"}
 		else if (key == PU)   {ID = "logo"}
 		else if (key == AD)   {ID = button_row}
-		else if (key == PD)   {ID = FIRST_FILE}
+		else if (key == PD && FROWS  > 0)   {ID = FIRST_FILE}
+		else if (key == PD && FROWS == 0)   {ID = FILE_ZERO}
 	}
 	else if (x_focus == "b") { //[Move][Copy][Delete]  [New Folder][New File][Upload File]
-		if 		(key == AU) {ID = "path_0"		   }
-		else if (key == PU) {ID = "path_0"		   }
+		if      (ID == "b1" && key == AD) {ID = "select_all_ckbox"} //[Move]
+		else if (ID == "b4" && key == AU) {ID = path_END;}          //[New Folder]
+		else if (FROWS == 0 && key == PD) {ID = FILE_ZERO}
+		else if (key == AU) {ID = "path_0"		   }
+		else if (key == PU) {ID = path_END		   }
 		else if (key == AD) {ID = "header_filename"}
 		else if (key == PD) {ID = FIRST_FILE	   }
 	}
+	else if (ID == 'select_all_ckbox') {
+		if		(E('b1')    && key == AU) {ID = 'b1'}
+		else if (FROWS == 0 && key == AD) {ID = FILE_ZERO}
+		else if (FROWS == 0 && key == PD) {ID = FILE_ZERO}
+		else if (key == AU) {ID = button_row}
+		else if	(key == PU) {ID = path_END}
+		else if (key == AD) {ID = "f1c3"}
+		else if (key == PD) { FR = jump; if (FR < FROWS) {ID = "f" + FR + "c3"} else {ID = "f" + FROWS + "c3";}}
+	}
 	else if (focus_header) { //Table header row
 		if      (key == AU) {ID = button_row}
-		else if (key == PU) {ID = "path_0"}
-		else if	(key == AD) {ID = FIRST_FILE}
+		else if (key == PU) {ID = path_END}
+		else if	(key == AD) {ID = FILE_ZERO}
 		else if	(key == PD) {FR += jump; if (FR < FROWS) {ID = "f" + FR + "c" + FILENAME_COL} else {ID = LAST_FILE}}
 	}
-	else if ((FR == 0) && (FROWS == 0)) { //empty folder
+	else if ((FROWS == 0) && (FR == 0)) { //empty folder
 		if		(key == AU) {ID = "header_filename"}
-		else if	(key == PU) {ID = "path_0"}
+		else if	(key == PU) {ID = path_END}
 		else if (key == AD) {ID = "admin";}
 		else if (key == PD) {ID = "admin";}
 	}
 	else if ((FROWS == 1) && (FR == 1)) {
-		if		(key == AU) { ID = FIRST_FILE; }
-		else if	(key == PU) { FR -= jump; if (FR >= 0) {ID = "f" + FR + "c" + FC} else {ID = FIRST_FILE} }
-		else if (key == AD) { ID = "admin" }
-		else if (key == PD) { ID = "admin" }
+		if		(ID == FIRST_FILE && key == AU) { ID = FILE_ZERO }
+		else if	(key == AU) { ID = "select_all_ckbox" }
+		else if	(key == PU) { ID = path_END  }
+		else if (key == AD) { ID = "admin"   }
+		else if (key == PD) { ID = "admin"   }
 	}
 	else if (FR == FROWS) { //Last row (FROWS is the number of files listed)
-		if		(key == AU) { FR--      ; if (FR >= 0) {ID = "f" + FR + "c" + FC} else {ID = "header_filename" } }
-		else if	(key == PU) { FR -= jump; if (FR >= 0) {ID = "f" + FR + "c" + FC} else {ID = FIRST_FILE} }
+		if		(key == AU) { FR--      ; if (FR >= 1) {ID = "f" + FR + "c" + FC} else {ID = "header_filename" } }
+		else if	(key == PU) { FR -= jump; if (FR >= 1) {ID = "f" + FR + "c" + FC} else {ID = "f1c" + FC} }
 		else if (key == AD) { ID = "admin" }
 		else if (key == PD) { ID = "admin" }
 	}
-	else if (FR == 0) { //FR (File Row) is in the first row of files
-		if		(key == AU) {ID = "header_filename"}
-		else if	(key == PU) {ID = "path_0"}
-		else if (key == AD) {FR++      ; if (FR <= FROWS) {ID = "f" + FR + "c" + FC} else {ID = "path_0";}  }
-		else if (key == PD) {FR += jump; if (FR <= FROWS) {ID = "f" + FR + "c" + FC} else {ID = LAST_FILE;} }
+	else if (FR == 0) { // [ ../ ] 
+		if		(key == AU) { ID = "header_filename" }
+		else if	(key == PU) { ID = path_END}
+		else if (key == AD) { FR++      ; if (FR <= FROWS) {ID = "f" + FR + "c" + FC} else {ID = "path_0";}  }
+		else if (key == PD) { FR += jump; if (FR <= FROWS) {ID = "f" + FR + "c" + FC} else {ID = LAST_FILE;} }
+	}
+	else if (FR == 1) { // The first actual file(or folder) in the dir list.
+		if      (ID == FIRST_FILE && key == AU) { ID = FILE_ZERO }
+		else if (FROWS == 1 && key == AD) { ID = "admin" }
+		else if (FROWS == 1 && key == PD) { ID = "admin" }
+		else if (key == AU) { ID = "select_all_ckbox" }
+		else if	(key == PU) { ID = path_END }
+		else if	(key == AD) { ID = "f2c" + FC }
+		else if (key == PD) { FR += jump; if (FR <= FROWS)  {ID = "f" + FR + "c" + FC} else {ID = "f" + FROWS + "c" + FC;} }
 	}
 	else if (FR > 0){ //Middle rows...
-		if		(key == AU) { FR--      ; if (FR == 0) {FC=FILENAME_COL} ID = "f" + FR + "c" + FC;	}
-		else if	(key == PU) { FR -= jump; if (FR >= 0)      { ID = "f" + FR + "c" + FC} else {ID = FIRST_FILE}	 }
+		if		(key == AU) { FR--      ; ID = "f" + FR + "c" + FC;	}
+		else if	(key == PU) { FR -= jump; if (FR > 1)       { ID = "f" + FR + "c" + FC} else {ID = "f1c" + FC} }
 		else if (key == AD) { FR++; 	  if (FR <= FROWS)  { ID = "f" + FR + "c" + FC} else {ID = "path_0"; } }
-		else if (key == PD) { FR += jump; if (FR <= FROWS)  { ID = "f" + FR + "c" + FC} else {ID = LAST_FILE;} }
+		else if (key == PD) { FR += jump; if (FR <= FROWS)  { ID = "f" + FR + "c" + FC} else {ID = "f" + FROWS + "c" + FC;} }
 	}
 	else if (FR == -1) {ID = "path_0"}     //Anyplace other than path_header, buttons, table
 	else {
@@ -3608,10 +3668,9 @@ function Perms_onkeydown(event, $perms, filename) {//*****************
 
 	if ($perms.readOnly) { return; }
 
-	event.stopPropagation();
+	event.stopPropagation(); //Should precede if(ESC or TAB)
 
-	//if ESC or TAB...
-	if ((key == 27) || (key == TAB)) { Cancel_Perm_Changes($perms) }
+	if ((key == ESC) || (key == TAB)) { Cancel_Perm_Changes($perms) }
 
 	Octal_Input_Only(event);
 
@@ -3786,12 +3845,13 @@ function Post_New_File_Perms($perms, filename) { //*******************
 
 
 function Index_Page_scripts() {//***********************************************
-	global $_, $ONESCRIPT, $param1, $ipath, $MESSAGE, $DELAY_Sort_and_Show_msgs, $MIN_DIR_ITEMS, $TABINDEX;
+	global $_, $ONESCRIPT, $param1, $ipath, $MESSAGE, $DELAY_Sort_and_Show_msgs, $MIN_DIR_ITEMS, $TABINDEX, $DIRECTORY_COLUMNS;
 ?>
 <script>
 var ONESCRIPT	= "<?php echo $ONESCRIPT ?>";
 var PARAM1		= "<?php echo $param1 ?>";  //capitalized here as it is used as a constant.
-var TABINDEX    = <?php echo $TABINDEX ?>;  //TABINDEX only used by js from this point on...
+var TABINDEX	= <?php echo $TABINDEX ?>;  //TABINDEX only used by js from this point on...
+var DIRECTORY_COLUMNS = <?php echo $DIRECTORY_COLUMNS ?>;
 
 //a few usefull constants for using sort_DIRECTORY()
 var DESCENDING	= 0;
@@ -3897,7 +3957,7 @@ function Init_Dir_table_rows() {//************************************
 	var drow, cell, cells, tr, td;
 
 	//Number of columns in directory listing.
-	var last_cell = 10; //##### DEFINE/DETERMINE THIS ELSEWHERE??
+	var last_cell = DIRECTORY_COLUMNS;
 	
 	for (drow = 0; drow < DIRECTORY_ITEMS; drow++){
 		tr = E("DIRECTORY_LISTING").insertRow(-1); //-1 adds row after last row.
@@ -3910,8 +3970,10 @@ function Init_Dir_table_rows() {//************************************
 		cells[c++].className = 'file_name';
 		cells[c++].className = 'file_size meta_T';
 		cells[c++].className = 'file_time meta_T';
-		cells[c++].className = 'meta_T'; //file owner
-		cells[c++].className = 'meta_T'; //file group
+		<?php if (function_exists('posix_getpwuid')) { ?>
+			cells[c++].className = 'meta_T'; //file owner
+			cells[c++].className = 'meta_T'; //file group
+		<?php } ?>
 	}
 }//end Init_Dir_table_rows() {//**************************************
 
@@ -3993,7 +4055,7 @@ function Assemble_Insert_row(drow, href, filename, file_name, file_time){
 	//There are currently 6 tab-able items per (file) row:  [m] [c] [d] [x] [sogw] [file name]
 	//[m][c][d][x][sogw] tabindexes are set below.  [filename]'s tabinex is set in Build_Directory().
 
-	var cells = E("DIRECTORY_LISTING").rows[drow].cells; //Must come before the row++ a little later in this function.
+	var cells = E("DIRECTORY_LISTING").rows[drow].cells;
 
 	var filetype = DIRECTORY_DATA[drow][0];
 	var filesize = DIRECTORY_DATA[drow][2];
@@ -4008,7 +4070,7 @@ function Assemble_Insert_row(drow, href, filename, file_name, file_time){
 	}
 
 	//While DIRECTORY_DATA[], and the table <tbody> rows created to list the data, are indexed from 0 (zero),
-	//the id's of files in the directory list are indexed from 1 (f1, f2...), as "../" is listed first with id=f0c5 (f-zero).
+	//the id's of files in the directory list are indexed from 1 (f1c5, f2c5...), as "../" is listed first with id=f0c5.
 	//The id's are used in Index_Page_events() "cursor" control.
 	var frow = drow + 1;
 
@@ -4028,11 +4090,12 @@ function Assemble_Insert_row(drow, href, filename, file_name, file_time){
 
 	//Assemble & Insert contents for cells[0], [2], & [3]  ([Mov], [Del], [ckbox])
 	Assemble_mdx(drow, href, f_or_f, filename, TABINDEX);
-	Insert_mdx(drow, cells);
+	Insert_mdx(drow, cells);//cells[0],[2],[3]
 	TABINDEX = TABINDEX + 5;
 
 	//Insert contents for the remaining cells...
 	cells[1].innerHTML = copy;
+
 	cells[4].innerHTML = perms;
 	cells[5].innerHTML = file_name;
 	cells[6].innerHTML = file_size;
@@ -4049,7 +4112,7 @@ function Assemble_Insert_row(drow, href, filename, file_name, file_time){
 
 function Build_Directory() {//****************************************
 
-	TABINDEX    = <?php echo $TABINDEX ?>;  //Rest TABINDEX
+	TABINDEX = <?php echo $TABINDEX ?>;  //Reset global TABINDEX
 
 	//Has the directory table been init'd yet?  (<tbody id=DIRECTORY_LISTING></tbody>)
 	if (E("DIRECTORY_LISTING").rows.length < 1)	{ Init_Dir_table_rows(); }
@@ -4072,6 +4135,7 @@ function Build_Directory() {//****************************************
 		var filename = DIRECTORY_DATA[drow][1];
 		var filesize = DIRECTORY_DATA[drow][2];
 		var filetime = DIRECTORY_DATA[drow][3];
+		var link_target = DIRECTORY_DATA[drow][9]; //empty unless file is a symlink.
 		
 		//folder or file?
 		if (filetype == "dir") {
@@ -4087,7 +4151,7 @@ function Build_Directory() {//****************************************
 		//The (TABINDEX + 5) accounts for the [m][c][d][x][perms] links which are added in Assemble_Insert_Row().
 		var file_name  = '<a id=f'+ frow +'c'+ file_col + ' tabindex='+ (TABINDEX + 5) +' href="' + href  + '"'; 
 			file_name += ' title="<?php echo hsc($_['Edit_View']) ?>: ' + hsc(filename) + '" >';
-			file_name += ICONS[filetype] + '&nbsp;' + hsc(filename) + DS + '</a>';
+			file_name += ICONS[filetype] + '&nbsp;' + hsc(filename + DS + link_target) + '</a>';
 		var file_time  = FileTimeStamp(filetime, 1, 0, 0);
 		
 		Assemble_Insert_row(drow, href, filename, file_name, file_time);
@@ -4200,16 +4264,16 @@ function Format_Perms(perms_oct) {//**********************************
 	//##### Not used yet. Had grand ideas, but now not sure...
 	//returns [7777][ugt rwx rwx rwx]
 
-	//$pemrs_oct is a 3 or 4 digit octal string (7777).
+	//$perms_oct is a 3 or 4 digit octal string (7777).
 	
-    //file                 file   | s s s | owner | group | world  
-    //permissions         t y p e | u g t | r w x | r w x | r w x
-	//                    
-    //bits        | 0 0 1 | 4 2 1 | 4 2 1 | 4 2 1 | 4 2 1 | 4 2 1
-	//octal             1     7       7       7       7       7
+    //file           file   s s s owner group world
+    //permissions   t y p e u g t r w x r w x r w x
+	//
+    //bits          1 4 2 1 4 2 1 4 2 1 4 2 1 4 2 1
+	//octal         1   7     7     7     7     7
 	//
-    //bits                  8 4 2 1 | 8 4 2 1 | 8 4 2 1 | 8 4 2 1
-	//hex                      F         F         F         F
+    //bits          8 4 2 1 8 4 2 1 8 4 2 1 8 4 2 1
+	//hex              F       F       F       F
 
 	var ugt = ['---', '--t', '-g-', '-gt', 'u--', 'u-t', 'ug-', 'ugt']; //setUid setGid sTicky
 	var rwx = ['---', '--x', '-w-', '-wx', 'r--', 'r-x', 'rw-', 'rwx'];
@@ -5026,7 +5090,7 @@ function style_sheet() {//******************************************************
 .index_T td a {	display: block; height: 1.42rem; border: none; padding: 2px 4px 2px 4px; overflow : hidden; }
 .index_T th a { padding: 1px 0 1px 0; border-width: 0px;}
 
-th.file_name {min-width: 15em}
+th.file_name {min-width: 15em; font-family: arial; font-weight: normal; }
 
 .index_T th.file_name a {
 	display: inline-block;

From 36c09df26767e707fbe2e48cf5e51ca82aa157be Mon Sep 17 00:00:00 2001
From: Self-Evident <selfevidenttruths@mail.com>
Date: Fri, 6 Oct 2017 15:09:27 -0400
Subject: [PATCH 224/228] Updated langauge files & changelog.

---
 info/changelog.markdown          | 19 ++++++++++++++++++-
 languages/OneFileCMS.LANG.DE.php |  4 +++-
 languages/OneFileCMS.LANG.EN.php |  4 +++-
 languages/OneFileCMS.LANG.ES.php |  4 +++-
 languages/OneFileCMS.LANG.NL.php |  4 +++-
 languages/OneFileCMS.LANG.RU.php |  4 +++-
 6 files changed, 33 insertions(+), 6 deletions(-)

diff --git a/info/changelog.markdown b/info/changelog.markdown
index 5fc87a1..af4f686 100755
--- a/info/changelog.markdown
+++ b/info/changelog.markdown
@@ -1,6 +1,23 @@
 # OneFileCMS Change Log
 
-### v3.6.07 (2017-09-30)
+### v3.6.10 (2017-10-06)
+
+- Fixed a minor bug introduced by prior commit's code "improvements".
+- Directory list now shows link targets:  some_symlink -> /target/of/symlink
+- Reworked keyboard nav a bit.
+- Some misc code improvements.
+
+### v3.6.09 (2017-10-04)
+
+- Some minor keyboard nav improvements on index page.
+- Some misc code improvements.
+
+### v3.6.08 (2017-09-30)
+
+- [Mov], [Del], & [X] are unavailable if file is readonly.
+- Some misc code improvements.
+
+### v3.6.07 (2017-09-29)
 
 - Fixed minor issue where if perms changed, new value not always displayed.
 - A bit of restructure/refactor of perm & Assemble_Insert_Row() related functions.
diff --git a/languages/OneFileCMS.LANG.DE.php b/languages/OneFileCMS.LANG.DE.php
index 1a7968e..fd0e142 100755
--- a/languages/OneFileCMS.LANG.DE.php
+++ b/languages/OneFileCMS.LANG.DE.php
@@ -1,5 +1,5 @@
 <?php
-// OneFileCMS Language Settings v3.6.08
+// OneFileCMS Language Settings v3.6.09
 
 $_['LANGUAGE'] = 'Deutsch';
 $_['LANG'] = 'DE';
@@ -52,6 +52,7 @@
 $_['Folder']     = 'Ordner';
 $_['folders']    = 'Verzeichnisse';
 $_['From']       = 'Von';
+$_['Group']      = 'Group';   //## NT ##
 $_['Hash']       = 'Streuwert';
 $_['Invalid']    = 'Invalid'; //## NT ##
 $_['Move']       = 'Verschieben';
@@ -59,6 +60,7 @@
 $_['Name']       = 'Name';    //## NT ##
 $_['on']         = 'läuft unter';
 $_['off']        = 'aus';
+$_['Owner']      = 'Owner';   //## NT ##
 $_['Password']   = 'Passwort';
 $_['Rename']     = 'Umbenennen';
 $_['reset']      = 'Zurücksetzen';
diff --git a/languages/OneFileCMS.LANG.EN.php b/languages/OneFileCMS.LANG.EN.php
index 69fdd11..752826b 100755
--- a/languages/OneFileCMS.LANG.EN.php
+++ b/languages/OneFileCMS.LANG.EN.php
@@ -1,5 +1,5 @@
 <?php
-// OneFileCMS Language Settings v3.6.08
+// OneFileCMS Language Settings v3.6.09
 
 $_['LANGUAGE'] = 'English';
 $_['LANG'] = 'EN';
@@ -52,6 +52,7 @@
 $_['Folder']     = 'Folder';
 $_['folders']    = 'folders';
 $_['From']       = 'From';
+$_['Group']      = 'Group';   //## NT ## as of 3.6.09
 $_['Hash']       = 'Hash';
 $_['Invalid']    = 'Invalid'; //## NT ## as of 3.5.23
 $_['Move']       = 'Move';
@@ -59,6 +60,7 @@
 $_['Name']       = 'Name';    //...
 $_['on']         = 'on';
 $_['off']        = 'off';
+$_['Owner']      = 'Owner';   //## NT ## as of 3.6.09
 $_['Password']   = 'Password';
 $_['Rename']     = 'Rename';
 $_['reset']      = 'Reset';
diff --git a/languages/OneFileCMS.LANG.ES.php b/languages/OneFileCMS.LANG.ES.php
index 5c179a6..e5fc3d2 100755
--- a/languages/OneFileCMS.LANG.ES.php
+++ b/languages/OneFileCMS.LANG.ES.php
@@ -1,5 +1,5 @@
 <?php
-// OneFileCMS Language Settings v3.6.08
+// OneFileCMS Language Settings v3.6.09
 
 $_['LANGUAGE'] = 'Espanõla';
 $_['LANG'] = 'ES';
@@ -52,6 +52,7 @@
 $_['Folder']     = 'Carpeta';
 $_['folders']    = 'carpetas';
 $_['From']       = 'de';
+$_['Group']      = 'Group';   //## NT ##
 $_['Hash']       = 'Cadena';
 $_['Invalid']    = 'Invalid'; //## NT ##
 $_['Move']       = 'Mover';
@@ -59,6 +60,7 @@
 $_['Name']       = 'Nombre ';
 $_['on']         = 'activado';
 $_['off']        = 'apagar';
+$_['Owner']      = 'Owner';   //## NT ##
 $_['Password']   = 'contraseña';
 $_['Rename']     = 'Renombrar';
 $_['reset']      = 'Reiniciar';
diff --git a/languages/OneFileCMS.LANG.NL.php b/languages/OneFileCMS.LANG.NL.php
index c616176..250f9be 100755
--- a/languages/OneFileCMS.LANG.NL.php
+++ b/languages/OneFileCMS.LANG.NL.php
@@ -1,5 +1,5 @@
 <?php
-// OneFileCMS Language Settings v3.6.08
+// OneFileCMS Language Settings v3.6.09
 
 $_['LANGUAGE'] = 'Nederlands (Dutch)';
 $_['LANG'] = 'NL';
@@ -52,6 +52,7 @@
 $_['Folder']     = 'Map';
 $_['folders']    = 'mappen';
 $_['From']       = 'Van';
+$_['Group']      = 'Group';   //## NT ##
 $_['Hash']       = 'Hash';    //## NT ##
 $_['Invalid']    = 'Invalid'; //## NT ##
 $_['Move']       = 'Verplaats';
@@ -59,6 +60,7 @@
 $_['Name']       = 'Naam';
 $_['on']         = 'aan';
 $_['off']        = 'uit';
+$_['Owner']      = 'Owner';   //## NT ##
 $_['Password']   = 'Wachtwoord';
 $_['Rename']     = 'Hernoemen';
 $_['reset']      = 'Reset';   //## NT ##
diff --git a/languages/OneFileCMS.LANG.RU.php b/languages/OneFileCMS.LANG.RU.php
index fbc9a58..7f30fd7 100755
--- a/languages/OneFileCMS.LANG.RU.php
+++ b/languages/OneFileCMS.LANG.RU.php
@@ -1,5 +1,5 @@
 <?php
-// OneFileCMS Language Settings v3.6.08
+// OneFileCMS Language Settings v3.6.09
 
 $_['LANGUAGE'] = 'Russian';
 $_['LANG'] = 'RU';
@@ -52,6 +52,7 @@
 $_['Folder']     = 'Папка';
 $_['folders']    = 'папки';
 $_['From']       = 'из';
+$_['Group']      = 'Group';   //## NT ##
 $_['Hash']       = 'Хэш';
 $_['Invalid']    = 'Invalid'; //## NT ##
 $_['Move']       = 'Переместить';
@@ -59,6 +60,7 @@
 $_['Name']       = 'имя';
 $_['on']         = 'в';
 $_['off']        = 'от';
+$_['Owner']      = 'Owner';   //## NT ##
 $_['Password']   = 'Пароль';
 $_['Rename']     = 'Rename';  //## NT ##
 $_['reset']      = 'Сбросить';

From b780454830718099017645ad81de93c4ea11800f Mon Sep 17 00:00:00 2001
From: Self-Evident <selfevidenttruths@mail.com>
Date: Sat, 7 Oct 2017 22:57:57 -0400
Subject: [PATCH 225/228] Version 3.6.11 - Switched to php short tags: <?= ?>. 
 Because I felt like it.  I wanted to years ago, in the beginning, but my web
 host was still on some 5.3 version of php, and didn't always have 'em
 enabled. But now that php is up to v7.something, and most hosts have, at
 least, php 5.4, it seems like a safe move at this point.  If not, oh well!

---
 onefilecms.php | 298 ++++++++++++++++++++++++-------------------------
 1 file changed, 149 insertions(+), 149 deletions(-)

diff --git a/onefilecms.php b/onefilecms.php
index 6814311..fe85f87 100755
--- a/onefilecms.php
+++ b/onefilecms.php
@@ -2,9 +2,9 @@
 
 // OneFileCMS - github.com/Self-Evident/OneFileCMS
 
-$OFCMS_version = '3.6.10';
+$OFCMS_version = '3.6.11';
+
 
-//If language values changed, don't forget the Language Settings version.
 
 
 //******************************************************************************
@@ -1382,9 +1382,9 @@ function Cancel_Submit_Buttons($submit_label) {//*******************************
 	$params = $param1.$param2.'&amp;p='. $_SESSION['recent_pages'][1]; //.'&amp;m='.hsc($_['cancelled']) not sure I like this.
 ?>
 	<p>
-	<button type="button" class="button" id="cancel" onclick="parent.location = '<?php echo $ONESCRIPT.$params ?>'">
-		<?php echo hsc($_['Cancel']) ?></button>
-	<button type="submit" class="button" id="submitty"><?php echo hsc($submit_label);?></button>
+	<button type="button" class="button" id="cancel" onclick="parent.location = '<?= $ONESCRIPT.$params ?>'">
+		<?= hsc($_['Cancel']) ?></button>
+	<button type="submit" class="button" id="submitty"><?= hsc($submit_label);?></button>
 	<script>E("cancel").focus();</script>
 <?php
 }//end Cancel_Submit_Buttons() //***********************************************
@@ -1563,11 +1563,11 @@ function List_File($file, $file_url) {//****************************************
 	$edit_link = '<a href="'.$href.'&amp;p=edit'.'" id="old_backup">'.hsc(basename($file)).'</a>';
 ?>
 	<tr>
-	<td><a href="<?php echo $href.'&amp;p=deletefile' ?>" class="button" id="del_backup">
-	<?php echo $ICONS['delete'].'&nbsp;'.hsc($_['Delete']) ?></a></td>
-	<td class="file_name"><?php echo $edit_link; ?></td>
-	<td class="meta_T file_size">&nbsp;	<?php echo number_format(filesize($file_OS)); ?> B	</td>  
-	<td class="meta_T file_time"> &nbsp;<script>FileTimeStamp(<?php echo filemtime($file_OS); ?>, 1, 0, 1);</script></td>
+	<td><a href="<?= $href.'&amp;p=deletefile' ?>" class="button" id="del_backup">
+	<?= $ICONS['delete'].'&nbsp;'.hsc($_['Delete']) ?></a></td>
+	<td class="file_name"><?= $edit_link; ?></td>
+	<td class="meta_T file_size">&nbsp;	<?= number_format(filesize($file_OS)); ?> B	</td>  
+	<td class="meta_T file_time"> &nbsp;<script>FileTimeStamp(<?= filemtime($file_OS); ?>, 1, 0, 1);</script></td>
 	</tr>
 <?php
 }//end List_File() //***********************************************************
@@ -1663,26 +1663,26 @@ function Hash_Page() {//********************************************************
 ?>
 	<style>#message_box {font-family: courier; min-height: 3.1em;}</style>
 
-	<h2><?php echo hsc($_['Generate_Hash']) ?></h2>
+	<h2><?= hsc($_['Generate_Hash']) ?></h2>
 
-	<form id="hash" name="hash" method="post" action="<?php echo $ONESCRIPT.$param1.$param3; ?>">
-		<?php echo $INPUT_NUONCE; ?>
-		<?php echo hsc($_['pass_to_hash']) ?>
-		<input type="text" name="whattohash" id="whattohash" value="<?php echo hsc($_POST['whattohash']) ?>">
+	<form id="hash" name="hash" method="post" action="<?= $ONESCRIPT.$param1.$param3; ?>">
+		<?= $INPUT_NUONCE; ?>
+		<?= hsc($_['pass_to_hash']) ?>
+		<input type="text" name="whattohash" id="whattohash" value="<?= hsc($_POST['whattohash']) ?>">
 		<p><?php Cancel_Submit_Buttons($_['Generate_Hash']) ?>
 		<script>E('whattohash').focus()</script>
 	</form>
 
 	<div class="info">
-		<p><?php echo hsc($_['hash_txt_01']) ?><br>
-		<ol><li><?php echo hsc($_['hash_txt_06']) ?><br>
-				<?php echo hsc($_['hash_txt_07']) ?>
-			<li><?php echo hsc($_['hash_txt_08']) ?><br>
-				<?php echo hsc($_['hash_txt_09']) ?><br>
-				<?php echo hsc($_['hash_txt_10']) ?><br>
-			<li><?php echo hsc($_['hash_txt_12']) ?>
+		<p><?= hsc($_['hash_txt_01']) ?><br>
+		<ol><li><?= hsc($_['hash_txt_06']) ?><br>
+				<?= hsc($_['hash_txt_07']) ?>
+			<li><?= hsc($_['hash_txt_08']) ?><br>
+				<?= hsc($_['hash_txt_09']) ?><br>
+				<?= hsc($_['hash_txt_10']) ?><br>
+			<li><?= hsc($_['hash_txt_12']) ?>
 		</ol>
-		<?php echo $PWUN_RULES ?>
+		<?= $PWUN_RULES ?>
 	</div>
 <?php
 }//end Hash_Page() //***********************************************************
@@ -1716,33 +1716,33 @@ function Change_PWUN_Page($pwun, $type, $page_title, $label_new, $label_confirm)
 	<?php //preserve space for message_box even when there's no message. ?>
 	<style>#message_box {min-height: 2em;}</style>
 
-	<h2><?php echo hsc($page_title) ?></h2>
+	<h2><?= hsc($page_title) ?></h2>
 
-	<form id="change" method="post" action="<?php echo $ONESCRIPT.$param1.$param3; ?>">
-		<input type="hidden" name="<?php echo $pwun ?>" value="">
+	<form id="change" method="post" action="<?= $ONESCRIPT.$param1.$param3; ?>">
+		<input type="hidden" name="<?= $pwun ?>" value="">
 		
-		<?php echo $INPUT_NUONCE; ?>
+		<?= $INPUT_NUONCE; ?>
 		
-		<p><?php echo hsc($_['pw_current']) ?><br>
+		<p><?= hsc($_['pw_current']) ?><br>
 		<input type="password" name="password" id="password" value="">
 		
-		<p><?php echo hsc($label_new) ?><br>
-		<input type="<?php echo $type ?>" name="new1" id="new1" value="">
+		<p><?= hsc($label_new) ?><br>
+		<input type="<?= $type ?>" name="new1" id="new1" value="">
 		
-		<p><?php echo hsc($label_confirm) ?><br>
-		<input type="<?php echo $type ?>" name="new2" id="new2" value="">
+		<p><?= hsc($label_confirm) ?><br>
+		<input type="<?= $type ?>" name="new2" id="new2" value="">
 		
-		<p><input type="button" class="button" id="cancel" value="<?php echo hsc($_['Cancel']) ?>"
-			onclick="parent.location = '<?php echo $ONESCRIPT.$params ?>'">
-		<input type="button" class="button"    id="submitty" value="<?php echo hsc($_['Submit']) ?>">
+		<p><input type="button" class="button" id="cancel" value="<?= hsc($_['Cancel']) ?>"
+			onclick="parent.location = '<?= $ONESCRIPT.$params ?>'">
+		<input type="button" class="button"    id="submitty" value="<?= hsc($_['Submit']) ?>">
 		
 		<script>E('password').focus()</script>
 	</form>
 
 	<div class="info">
-	<?php echo $PWUN_RULES ?>
-	<p><?php echo hsc($_['pw_txt_12']) ?>
-	<p><?php echo hsc($_['pw_txt_14']) ?>
+	<?= $PWUN_RULES ?>
+	<p><?= hsc($_['pw_txt_12']) ?>
+	<p><?= hsc($_['pw_txt_14']) ?>
 	</div>
 <?php
 	//Note: The button with id="submitty" above must NOT be of type="submit",
@@ -1879,13 +1879,13 @@ function Login_Page() {//*******************************************************
 	<?php //preserve space for message_box even when there's no message. ?>
 	<style>#message_box {height: 3.1em;}</style>
 
-	<h2><?php echo hsc($_['Log_In']) ?></h2>
-	<form method="post" id="login_form" name="login_form" action="<?php echo $ONESCRIPT; ?>">
-		<label for ="username"><?php echo hsc($_['Username']) ?>:</label>
+	<h2><?= hsc($_['Log_In']) ?></h2>
+	<form method="post" id="login_form" name="login_form" action="<?= $ONESCRIPT; ?>">
+		<label for ="username"><?= hsc($_['Username']) ?>:</label>
 		<input name="username" type="text"     id="username">
-		<label for ="password"><?php echo hsc($_['Password']) ?>:</label>
+		<label for ="password"><?= hsc($_['Password']) ?>:</label>
 		<input name="password" type="password" id="password">
-		<input type="button"  class="button"   id="login" value="<?php echo hsc($_['Enter']) ?>">
+		<input type="button"  class="button"   id="login" value="<?= hsc($_['Enter']) ?>">
 	</form>
 	<script>E('username').focus();</script>
 <?php
@@ -1993,9 +1993,9 @@ function Create_Table_for_Listing() {//*****************************************
 
 	<table class="index_T">
 	<tr>
-	<th colspan=3><LABEL for=select_all_ckbox id=select_all_label><?php echo hsc($_['Select_All']) ?></LABEL></th>
+	<th colspan=3><LABEL for=select_all_ckbox id=select_all_label><?= hsc($_['Select_All']) ?></LABEL></th>
 	<th><div class=ckbox>
-			<INPUT id=select_all_ckbox tabindex=<?php echo $TABINDEX + 0 ?> TYPE=checkbox NAME=select_all VALUE=select_all>
+			<INPUT id=select_all_ckbox tabindex=<?= $TABINDEX + 0 ?> TYPE=checkbox NAME=select_all VALUE=select_all>
 		</div>
 	</th>
 	
@@ -2003,25 +2003,25 @@ function Create_Table_for_Listing() {//*****************************************
 	
 	<th class=file_name>
 		<div id=ff_ckbox_div class=ckbox>
-			<INPUT tabindex=<?php echo $TABINDEX + 1?> TYPE=checkbox id=folders_first_ckbox NAME=folders_first VALUE=folders_first checked>
+			<INPUT tabindex=<?= $TABINDEX + 1?> TYPE=checkbox id=folders_first_ckbox NAME=folders_first VALUE=folders_first checked>
 		</div>
 		<label for=folders_first_ckbox id=folders_first_label title="<?php  echo hsc($_['folders_first_info']) ?>">
-			(<?php echo hsc($_['folders_first']) ?>)
+			(<?= hsc($_['folders_first']) ?>)
 		</label>
-		<a tabindex=<?php echo $TABINDEX + 3 ?> href="#" id=header_sorttype>(<?php echo hsc($_['ext']) ?>)</a>
-		<a tabindex=<?php echo $TABINDEX + 2 ?>     href="#" id=header_filename><?php echo hsc($_['Name']) ?></a>
+		<a tabindex=<?= $TABINDEX + 3 ?> href="#" id=header_sorttype>(<?= hsc($_['ext']) ?>)</a>
+		<a tabindex=<?= $TABINDEX + 2 ?>     href="#" id=header_filename><?= hsc($_['Name']) ?></a>
 	</th>
 
-	<th class=file_size><a tabindex=<?php echo $TABINDEX + 4 ?> href="#" id=header_filesize><?php echo hsc($_['Size']." (".$_['bytes'].")") ?></a></th>
-	<th class=file_time><a tabindex=<?php echo $TABINDEX + 5 ?> href="#" id=header_filedate><?php echo hsc($_['Date']) ?></a></th>
+	<th class=file_size><a tabindex=<?= $TABINDEX + 4 ?> href="#" id=header_filesize><?= hsc($_['Size']." (".$_['bytes'].")") ?></a></th>
+	<th class=file_time><a tabindex=<?= $TABINDEX + 5 ?> href="#" id=header_filedate><?= hsc($_['Date']) ?></a></th>
 
-	<th><?php echo $file_owner_header ?></th>
-	<th><?php echo $file_group_header ?></th>
+	<th><?= $file_owner_header ?></th>
+	<th><?= $file_group_header ?></th>
 	</tr>
 
 	<tr><?php // "../" directory entry ?>
 		<td colspan=5 id=header_msg></td>
-		<td><?php echo $file_0 ?></td>
+		<td><?= $file_0 ?></td>
 		<td></td><?php //file size  ?>
 		<td></td><?php //date time  ?>
 		<td></td><?php //file owner  ?>
@@ -2030,7 +2030,7 @@ function Create_Table_for_Listing() {//*****************************************
 
 	<?php //Directory & footer content will be inserted later. ?>
 	<tbody id=DIRECTORY_LISTING></tbody>
-	<tr><td id=DIRECTORY_FOOTER colspan="<?php echo $DIRECTORY_COLUMNS ?>"></td></tr>
+	<tr><td id=DIRECTORY_FOOTER colspan="<?= $DIRECTORY_COLUMNS ?>"></td></tr>
 	</table>
 <?php
 	$TABINDEX += 7;
@@ -2240,19 +2240,19 @@ function Edit_Page_buttons_top($text_editable,$file_ENC) {//********************
 	<div class="edit_btns_top">
 		<div class="file_meta">
 			<span class="file_size">
-				<?php echo hsc($_['meta_txt_01']).' '.number_format(filesize($filename_OS)).' '.hsc($_['bytes']); ?>
+				<?= hsc($_['meta_txt_01']).' '.number_format(filesize($filename_OS)).' '.hsc($_['bytes']); ?>
 			</span>	&nbsp;
 			<span class="file_time">
-				<?php echo hsc($_['meta_txt_03']).' <script>FileTimeStamp('.filemtime($filename_OS).', 1, 1, 1);</script>'; ?>
-				<?php echo '&nbsp; '.$file_ENC; ?>
+				<?= hsc($_['meta_txt_03']).' <script>FileTimeStamp('.filemtime($filename_OS).', 1, 1, 1);</script>'; ?>
+				<?= '&nbsp; '.$file_ENC; ?>
 			</span><br>
 		</div>
 		
 		<div class="buttons_right">
-			<?php echo $view_raw_button  ?>
-			<?php echo $wide_view_button ?>
-			<?php echo $WYSIWYG_button   ?>
-			<?php echo $close_button     ?>
+			<?= $view_raw_button  ?>
+			<?= $wide_view_button ?>
+			<?= $WYSIWYG_button   ?>
+			<?= $close_button     ?>
 		</div>
 		<div class=clear></div>
 	</div>
@@ -2385,12 +2385,12 @@ function Edit_Page_Notes() {//**************************************************
 			$HRS_MIN_SEC = $HRS.':'.$MIN.':'.$SEC;
 ?>
 			<div id="edit_notes">
-				<div class="notes"><?php echo hsc($_['edit_note_00']) ?></div>
+				<div class="notes"><?= hsc($_['edit_note_00']) ?></div>
 				<div class="notes"><b>1)
-					<?php echo hsc($_['edit_note_01a']).' $MAX_IDLE_TIME '.hsc($_['edit_note_01b']) ?>
-					<?php echo ' '.$HRS_MIN_SEC.'. '.hsc($_['edit_note_02']) ?></b>
+					<?= hsc($_['edit_note_01a']).' $MAX_IDLE_TIME '.hsc($_['edit_note_01b']) ?>
+					<?= ' '.$HRS_MIN_SEC.'. '.hsc($_['edit_note_02']) ?></b>
 				</div>
-				<div class="notes"><b>2) </b> <?php echo hsc($_['edit_note_03']) ?></div>
+				<div class="notes"><b>2) </b> <?= hsc($_['edit_note_03']) ?></div>
 			</div>
 <?php
 }//end Edit_Page_Notes() //*****************************************************
@@ -3119,21 +3119,21 @@ function init_ICONS_js() {//****************************************************
 
 <script>
 var ICONS = [];
-ICONS['bin']	 = '<?php echo $ICONS["bin"]	 ?>';
-ICONS['z']		 = '<?php echo $ICONS["z"]		 ?>';
-ICONS['img']	 = '<?php echo $ICONS["img"]	 ?>';
-ICONS['svg']	 = '<?php echo $ICONS["svg"]	 ?>';
-ICONS['txt']	 = '<?php echo $ICONS["txt"]	 ?>';
-ICONS['htm']	 = '<?php echo $ICONS["htm"]	 ?>';
-ICONS['php']	 = '<?php echo $ICONS["php"]	 ?>';
-ICONS['css']	 = '<?php echo $ICONS["css"]	 ?>';
-ICONS['cfg']	 = '<?php echo $ICONS["cfg"]	 ?>';
-ICONS['dir']     = '<?php echo $ICONS["dir"]     ?>';
-ICONS['folder']  = '<?php echo $ICONS["folder"]  ?>';
-ICONS['ren_mov'] = '<?php echo $ICONS["ren_mov"] ?>';
-ICONS['move']    = '<?php echo $ICONS["move"]    ?>';
-ICONS['copy']    = '<?php echo $ICONS["copy"]    ?>';
-ICONS['delete']  = '<?php echo $ICONS["delete"]  ?>';
+ICONS['bin']	 = '<?= $ICONS["bin"]	 ?>';
+ICONS['z']		 = '<?= $ICONS["z"]		 ?>';
+ICONS['img']	 = '<?= $ICONS["img"]	 ?>';
+ICONS['svg']	 = '<?= $ICONS["svg"]	 ?>';
+ICONS['txt']	 = '<?= $ICONS["txt"]	 ?>';
+ICONS['htm']	 = '<?= $ICONS["htm"]	 ?>';
+ICONS['php']	 = '<?= $ICONS["php"]	 ?>';
+ICONS['css']	 = '<?= $ICONS["css"]	 ?>';
+ICONS['cfg']	 = '<?= $ICONS["cfg"]	 ?>';
+ICONS['dir']     = '<?= $ICONS["dir"]     ?>';
+ICONS['folder']  = '<?= $ICONS["folder"]  ?>';
+ICONS['ren_mov'] = '<?= $ICONS["ren_mov"] ?>';
+ICONS['move']    = '<?= $ICONS["move"]    ?>';
+ICONS['copy']    = '<?= $ICONS["copy"]    ?>';
+ICONS['delete']  = '<?= $ICONS["delete"]  ?>';
 </script>
 
 <?php
@@ -3232,9 +3232,9 @@ function Countdown(count, End_Time, Timer_ID, Action){
 
 	Timer.innerHTML = FormatTime(count);
 
-	if ((count == <?php echo $TO_WARNING ?>) && (Action != "")) { //Two minute warning...
+	if ((count == <?= $TO_WARNING ?>) && (Action != "")) { //Two minute warning...
 		
-		var timeout_warning  = '<div class="message_box_contents"><b><?php echo hsc($_['session_warning']) ?></b> ';
+		var timeout_warning  = '<div class="message_box_contents"><b><?= hsc($_['session_warning']) ?></b> ';
 			timeout_warning += '<b><span id=timer2>:--</span></b></div>';
 		$msg_box.innerHTML  = timeout_warning;
 		setTimeout('Start_Countdown(' + count + ',"timer2","")',25);
@@ -3247,10 +3247,10 @@ function Countdown(count, End_Time, Timer_ID, Action){
 
 	if ( count < 1 ) {
 		if ( Action == 'LOGOUT') {
-			Timer.innerHTML        = '<?php echo hsc($_['session_expired']) ?>';
-			$msg_box.innerHTML = '<div class=message_box_contents><b><?php echo hsc($_['session_expired']) ?></b></div>';
+			Timer.innerHTML        = '<?= hsc($_['session_expired']) ?>';
+			$msg_box.innerHTML = '<div class=message_box_contents><b><?= hsc($_['session_expired']) ?></b></div>';
 			//Load login screen, but delay first to make sure really expired:
-			setTimeout('window.location = window.location.pathname', <?php echo $DELAY_Expired_Reload ?>);
+			setTimeout('window.location = window.location.pathname', <?= $DELAY_Expired_Reload ?>);
 		}
 		return;
 	}
@@ -3314,7 +3314,7 @@ function Display_Messages($msg, take_focus) {//***********************
 
 	if (typeof $tabindex_xbox === 'undefined') {$tabindex_xbox = 0;}
 
-	var $page     = '<?php echo $page ?>';
+	var $page     = '<?= $page ?>';
 	var new_focus = '';
 
 	if      ($page == 'index') { new_focus = 'header_filename'; }
@@ -3400,7 +3400,7 @@ function Index_Page_events() {//************************************************
 	//It won't look back, if you enter this Abyss, it'll only swallow you hole, then [redacted]!
 	//Control cursor keys to navigate index page. (Arrows, Page, Home, End)
 
-	var jump = <?php echo $PAGEUPDOWN ?>;//# of rows to jump with Page Up/Page Down.
+	var jump = <?= $PAGEUPDOWN ?>;//# of rows to jump with Page Up/Page Down.
 
 	//Get key pressed...
 	if (!event) {var event = window.event;} //for IE
@@ -3623,7 +3623,7 @@ function Index_Page_events() {//************************************************
 	else if (FR == -1) {ID = "path_0"}     //Anyplace other than path_header, buttons, table
 	else {
 		//just in case I missed something...
-		var error_message  = '<?php echo __LINE__.$EX.'<b>'.hsc($_['Error']).'</b> onkeydown(): ' ?>';
+		var error_message  = '<?= __LINE__.$EX.'<b>'.hsc($_['Error']).'</b> onkeydown(): ' ?>';
 		    error_message += "key = " + key + ", FR = " + FR + ", ID = " + ID + ",x_focus = " + x_focus
 		Display_Messages(error_message);
 		return;
@@ -3723,8 +3723,8 @@ function Validate_and_Post($perms, filename) { //*********************
 	var valid =  octal.test($perms.value); 
 
 	if (!valid) {
-		var msg  = "<b>" + hsc("<?php echo $_['Invalid'] ?>: [" + $perms.value + "]") + "</b> ";
-		    msg += hsc("<?php echo $_['Permissions_msg_1'] ?>.");
+		var msg  = "<b>" + hsc("<?= $_['Invalid'] ?>: [" + $perms.value + "]") + "</b> ";
+		    msg += hsc("<?= $_['Permissions_msg_1'] ?>.");
 		$perms.value = $perms.prior_value;
 		Display_Messages(msg);
 		return false;
@@ -3740,7 +3740,7 @@ function Validate_and_Post($perms, filename) { //*********************
 
 function Enable_Edit_Perms($perms) {//********************************
 
-	var msg = hsc(" <?php echo $_['Press_Enter'] ?>");
+	var msg = hsc(" <?= $_['Press_Enter'] ?>");
 	Display_Messages(msg);
 	$perms.readOnly = false;
 	$perms.setSelectionRange(0, 0); //Just for consistency.
@@ -3818,18 +3818,18 @@ function Perms_Update_Response(request, $perms) { //******************
 function Post_New_File_Perms($perms, filename) { //*******************
 	//key input restricted to 0-7 client-side, and validated both client & server-side.
 
-	Display_Messages("<?php echo $_['Working'] ?>");
+	Display_Messages("<?= $_['Working'] ?>");
 
 	var request_update = new XMLHttpRequest();
 
 	request_update.onreadystatechange = function() { Perms_Update_Response(this, $perms); }
 
-	request_update.open("POST", "<?php echo $ONESCRIPT ?>", true);
+	request_update.open("POST", "<?= $ONESCRIPT ?>", true);
 
 	request_update.setRequestHeader("Content-type", "application/x-www-form-urlencoded");
 
 	var post_data  = "new_perms=" + $perms.value;
-		post_data += "&ipath=<?php echo $ipath ?>";
+		post_data += "&ipath=<?= $ipath ?>";
 	    post_data += "&perms_filename=" + filename;
 		post_data += "&nuonce=" + E('nuonce').value;  //Needed to confirm $VALID_POST
 
@@ -3848,10 +3848,10 @@ function Index_Page_scripts() {//***********************************************
 	global $_, $ONESCRIPT, $param1, $ipath, $MESSAGE, $DELAY_Sort_and_Show_msgs, $MIN_DIR_ITEMS, $TABINDEX, $DIRECTORY_COLUMNS;
 ?>
 <script>
-var ONESCRIPT	= "<?php echo $ONESCRIPT ?>";
-var PARAM1		= "<?php echo $param1 ?>";  //capitalized here as it is used as a constant.
-var TABINDEX	= <?php echo $TABINDEX ?>;  //TABINDEX only used by js from this point on...
-var DIRECTORY_COLUMNS = <?php echo $DIRECTORY_COLUMNS ?>;
+var ONESCRIPT	= "<?= $ONESCRIPT ?>";
+var PARAM1		= "<?= $param1 ?>";  //capitalized here as it is used as a constant.
+var TABINDEX	= <?= $TABINDEX ?>;  //TABINDEX only used by js from this point on...
+var DIRECTORY_COLUMNS = <?= $DIRECTORY_COLUMNS ?>;
 
 //a few usefull constants for using sort_DIRECTORY()
 var DESCENDING	= 0;
@@ -4013,9 +4013,9 @@ function Assemble_mdx(drow, href, f_or_f, filename, tabindex) {
 
 	//Used when file is writable.
 	MOV_rw[frow][1]  = '<a id=' + ren_id + ' tabindex='+ (tabindex + 0) +' class=MCD href="' + href + '&amp;p=rename' + f_or_f;
-	MOV_rw[frow][1] += '" title="<?php echo hsc($_['Ren_Move']) ?>">' + ICONS['ren_mov'] + '</a>';
+	MOV_rw[frow][1] += '" title="<?= hsc($_['Ren_Move']) ?>">' + ICONS['ren_mov'] + '</a>';
 	DEL_rw[frow][1]  = '<a id=' + del_id + ' tabindex='+ (tabindex + 2) +' class=MCD href="' + href + '&amp;p=delete' + f_or_f;
-	DEL_rw[frow][1] += '" title="<?php echo hsc($_['Delete'])   ?>">' + ICONS['delete']  + '</a>';
+	DEL_rw[frow][1] += '" title="<?= hsc($_['Delete'])   ?>">' + ICONS['delete']  + '</a>';
 	CBX_rw[frow][1]  = '<div class=ckbox><INPUT id=' + ckbox_id + ' tabindex='+ (tabindex + 3);
 	CBX_rw[frow][1] += ' TYPE=checkbox class=select_file NAME="files[]"  VALUE="'+ hsc(filename) +'"></div>';
 
@@ -4083,7 +4083,7 @@ function Assemble_Insert_row(drow, href, filename, file_name, file_time){
 
 	//[copy] & [perms] are always available.
 	copy  = '<a id=' + copy_id + ' tabindex='+ (TABINDEX + 1) +' class=MCD href="' + href + '&amp;p=copy'   + f_or_f;
-	copy += '" title="<?php echo hsc($_['Copy']) ?>">' + ICONS['copy'] + '</a>';
+	copy += '" title="<?= hsc($_['Copy']) ?>">' + ICONS['copy'] + '</a>';
 
 	perms  = '<input id=' + perms_id + ' tabindex=' + (TABINDEX + 4) + ' class=perms';
 	perms += ' value="' + DIRECTORY_DATA[drow][6]+ '" maxlength=4 readonly>';
@@ -4112,7 +4112,7 @@ function Assemble_Insert_row(drow, href, filename, file_name, file_time){
 
 function Build_Directory() {//****************************************
 
-	TABINDEX = <?php echo $TABINDEX ?>;  //Reset global TABINDEX
+	TABINDEX = <?= $TABINDEX ?>;  //Reset global TABINDEX
 
 	//Has the directory table been init'd yet?  (<tbody id=DIRECTORY_LISTING></tbody>)
 	if (E("DIRECTORY_LISTING").rows.length < 1)	{ Init_Dir_table_rows(); }
@@ -4150,7 +4150,7 @@ function Build_Directory() {//****************************************
 		
 		//The (TABINDEX + 5) accounts for the [m][c][d][x][perms] links which are added in Assemble_Insert_Row().
 		var file_name  = '<a id=f'+ frow +'c'+ file_col + ' tabindex='+ (TABINDEX + 5) +' href="' + href  + '"'; 
-			file_name += ' title="<?php echo hsc($_['Edit_View']) ?>: ' + hsc(filename) + '" >';
+			file_name += ' title="<?= hsc($_['Edit_View']) ?>: ' + hsc(filename) + '" >';
 			file_name += ICONS[filetype] + '&nbsp;' + hsc(filename + DS + link_target) + '</a>';
 		var file_time  = FileTimeStamp(filetime, 1, 0, 0);
 		
@@ -4179,9 +4179,9 @@ function Directory_Summary() {//**************************************
 	}
 
 	//Directory Summary
-	SUMMARY += folder_count + " <?php echo hsc($_['folders']) ?>, &nbsp; ";
-	SUMMARY += total_items - folder_count + ' <?php echo hsc($_['files']) ?>, ';
-	SUMMARY += '&nbsp; ' + format_number(total_bytes) + " <?php echo hsc($_['bytes']) ?>";
+	SUMMARY += folder_count + " <?= hsc($_['folders']) ?>, &nbsp; ";
+	SUMMARY += total_items - folder_count + ' <?= hsc($_['files']) ?>, ';
+	SUMMARY += '&nbsp; ' + format_number(total_bytes) + " <?= hsc($_['bytes']) ?>";
 
 	return SUMMARY;
 
@@ -4194,11 +4194,11 @@ function Sort_and_Show(col, direction) {//****************************
 
 	var DELAY = 0;
 
-	if (DIRECTORY_ITEMS > <?php echo $MIN_DIR_ITEMS ?>) { //
+	if (DIRECTORY_ITEMS > <?= $MIN_DIR_ITEMS ?>) { //
 		//(Any pre-existing $MESSAGE will be displayed after directory is displayed.)
-		Display_Messages('<b><?php echo $_['Working'] ?></b>');
+		Display_Messages('<b><?= $_['Working'] ?></b>');
 		
-		DELAY = <?php echo $DELAY_Sort_and_Show_msgs ?>;
+		DELAY = <?= $DELAY_Sort_and_Show_msgs ?>;
 	}
 
 	//setTimeout() needed so 'Working' message will actually get displayed *before* the sort.
@@ -4225,9 +4225,9 @@ function Select_All() {//********************************************
 	var select_all = E('mcdselect').select_all;
 
 	if (select_all.checked) {
-		$select_all_label.innerHTML = '<?php echo hsc($_['Clear_All']) ?>';
+		$select_all_label.innerHTML = '<?= hsc($_['Clear_All']) ?>';
 	}else{
-		$select_all_label.innerHTML = '<?php echo hsc($_['Select_All']) ?>';
+		$select_all_label.innerHTML = '<?= hsc($_['Select_All']) ?>';
 	}
 
 	//Start x at 1 as files[0] is a dummy <input> used to force an array even if only one file is in a folder.
@@ -4242,7 +4242,7 @@ function Confirm_Submit(action) {//***********************************
 	var files = E('mcdselect').elements['files[]'];
 	var last  = files.length;   //number of files
 	var no_files = true;
-	var f_msg    = "<?php echo hsc($_['No_files']) ?>";	
+	var f_msg    = "<?= hsc($_['No_files']) ?>";	
 
 	E('mcdselect').mcdaction.value = action; 
 
@@ -4351,20 +4351,20 @@ function Correct_Word_Wrapping(text_area) {
 
 function Wide_View() {
 
-	var normal_view_width = '<?php echo $MAIN_WIDTH ?>';
-	var wide_view_width	  = '<?php echo $WIDE_VIEW_WIDTH ?>';
+	var normal_view_width = '<?= $MAIN_WIDTH ?>';
+	var wide_view_width	  = '<?= $WIDE_VIEW_WIDTH ?>';
 
 	//Toggle view width
 	if (Wide_View_button.value == "on") {
 		Main_div.style.width       = normal_view_width;
 		Set_File_Textarea_Width();
-		Wide_View_button.innerHTML = "<?php echo hsc($_['Wide_View'])?>"; //Button label is what to do next click, not current state.
+		Wide_View_button.innerHTML = "<?= hsc($_['Wide_View'])?>"; //Button label is what to do next click, not current state.
 		document.cookie            = 'wide_view=off';
 		Wide_View_button.value 	   = "off"
 	}else{
 		Main_div.style.width       = wide_view_width;
 		Set_File_Textarea_Width();
-		Wide_View_button.innerHTML = '<?php echo hsc($_['Normal_View']) ?>';
+		Wide_View_button.innerHTML = '<?= hsc($_['Normal_View']) ?>';
 		document.cookie            = 'wide_view=on';
 		Wide_View_button.value 	   = "on"
 	}
@@ -4407,7 +4407,7 @@ function Reset_file_status_indicators() {
 	changed = false;
 	File_textarea.style.backgroundColor = "#F5FFF5";  //light green
 	Save_File_button.style.borderColor  = "";
-	Save_File_button.innerHTML          = "<?php echo hsc($_['save_1'])?>";
+	Save_File_button.innerHTML          = "<?= hsc($_['save_1'])?>";
 	Reset_button.disabled               = "disabled";
 }
 
@@ -4423,7 +4423,7 @@ function Check_for_changes(event){
 		E('message_box').innerHTML = " "; //Must have a space, or it won't clear the msg.
 		File_textarea.style.backgroundColor    = "white";
 		Save_File_button.style.borderColor	   = "#F33";
-		Save_File_button.innerHTML			   = "<?php echo hsc($_['save_2'])?>";
+		Save_File_button.innerHTML			   = "<?= hsc($_['save_2'])?>";
 		Reset_button.disabled				   = "";
 	}else{
 		Reset_file_status_indicators()
@@ -4441,7 +4441,7 @@ function Check_for_changes(event){
 function Reset_File() {
 
     <?php //use addslashes() because this is for a js alert() or confirm(), not HTML ?>
-	if (changed) { if ( !(confirm("<?php echo addslashes($_['confirm_reset']) ?>")) ) { return false; } }
+	if (changed) { if ( !(confirm("<?= addslashes($_['confirm_reset']) ?>")) ) { return false; } }
 
 	File_textarea.value = start_value;
 	Reset_file_status_indicators();
@@ -4580,15 +4580,15 @@ function Set_Line_Numbers(event) {
 	var TAB_SIZE = 8;
 	
 	if ("tabSize" in document.body.style){
-		TAB_SIZE = <?php echo $TAB_SIZE ?>;
+		TAB_SIZE = <?= $TAB_SIZE ?>;
 		listing.style.tabSize = TAB_SIZE;
 	}
 	else if ("MozTabSize" in document.body.style) {
-		TAB_SIZE = <?php echo $TAB_SIZE ?>;
+		TAB_SIZE = <?= $TAB_SIZE ?>;
 		listing.style.MozTabSize = TAB_SIZE;
 	}
 	else if ("OTabSize" in document.body.style) {
-		TAB_SIZE = <?php echo $TAB_SIZE ?>;
+		TAB_SIZE = <?= $TAB_SIZE ?>;
 		listing.style.OTabSize = TAB_SIZE;
 	}
 
@@ -4648,17 +4648,17 @@ function Set_Line_Numbers(event) {
 
 if (File_textarea) { var start_value = File_textarea.value; }
 
-var onclick_params = '<?php echo $ONESCRIPT.$param1.'&f='.rawurlencode(basename($filename)).'&p=' ?>';
+var onclick_params = '<?= $ONESCRIPT.$param1.'&f='.rawurlencode(basename($filename)).'&p=' ?>';
 
 //Wide View / Normal View init...
-Main_div.style.width = "<?php echo $current_view ?>"; //Set current width
+Main_div.style.width = "<?= $current_view ?>"; //Set current width
 //***** end Global variables *****************************************
 
 
 
 //***** Events assignments *******************************************
 //[Close], and [Copy], should always be present on Edit Page.
-Close_button.onclick     = function () { parent.location = '<?php echo $close_params ?>'; }
+Close_button.onclick     = function () { parent.location = '<?= $close_params ?>'; }
 Copy_File_button.onclick = function () { parent.location = onclick_params + 'copyfile';   }
 
 
@@ -4666,7 +4666,7 @@ function Set_Line_Numbers(event) {
 if (View_Raw_button)    { View_Raw_button.onclick 	 = function () {window.open(onclick_params + 'raw_view'); } }
 if (Wide_View_button)   { Wide_View_button.onclick 	 = function () {Wide_View();}    }
 if (Save_File_button)   { Save_File_button.onclick 	 = function () {submitted=true;} }
-if (WYSIWYG_button  )   { WYSIWYG_button.onclick 	 = function () {<?php echo $WYSIWYG_onclick ?>} }
+if (WYSIWYG_button  )   { WYSIWYG_button.onclick 	 = function () {<?= $WYSIWYG_onclick ?>} }
 if (Rename_File_button) { Rename_File_button.onclick = function () {parent.location = onclick_params + 'renamefile';} }
 if (Delete_File_button) { Delete_File_button.onclick = function () {parent.location = onclick_params + 'deletefile';} }
 if (File_textarea)      { File_textarea.addEventListener("keyup", function(event) {Check_for_changes(event);}) }
@@ -4677,7 +4677,7 @@ function Set_Line_Numbers(event) {
 	if ( changed && !submitted ) {
 		//FF4+ Ingores the supplied msg below & only uses a system msg for the prompt.
 		<?php //use addslashes(), not hsc(), because this is for a js alert() / confirm(), not HTML ?>
-		return "<?php echo addslashes($_['unload_unsaved']) ?>";
+		return "<?= addslashes($_['unload_unsaved']) ?>";
 	}
 }
 
@@ -4732,8 +4732,8 @@ function pwun_event_scripts($form_id, $button_id, $pwun='') {//*****************
 ?>
 
 <script>
-var $form          = E('<?php echo $form_id ?>');
-var $submit_button = E('<?php echo $button_id ?>');
+var $form          = E('<?= $form_id ?>');
+var $submit_button = E('<?= $button_id ?>');
 var $pwun_msg_box   = E('message_box');
 var $thispage      = false; //Used to ignore keyup if keydown started on prior page.
 var $submitdown    = false; //Used in document.mouseup event
@@ -4754,7 +4754,7 @@ function events_down(event, capture_key) {
 	if (!event) {var event = window.event;} //if IE
 	$thispage = true; //Make sure keydown was on this page.
 	if ((event.type.substr(0,3) == 'key') && (event.keyCode != capture_key)) {return true;}
-	$pwun_msg_box.innerHTML = '<div class="message_box_contents"><b><?php echo hsc($_['Working']) ?></b>';
+	$pwun_msg_box.innerHTML = '<div class="message_box_contents"><b><?= hsc($_['Working']) ?></b>';
 }
 
 
@@ -4765,7 +4765,7 @@ function events_up(event, capture_key) {
 	if (!pre_validate_pwun()) {return false};
 	$submit_button.disabled = "disabled";  //Prevent extra clicks
 	hash('password');
-	<?php echo $hash_new_new ?>
+	<?= $hash_new_new ?>
 	$form.submit();
 }
 
@@ -4798,12 +4798,12 @@ function pre_validate_pwun() {
 
 	//If any field is blank..
 	if (($username.value == '') || ($pw.value == '') || ($new1.value == '') || ($new2.value == '')) {
-		$pwun_msg_box.innerHTML = '<div class="message_box_contents"><b><?php echo hsc($_['change_pw_07']) ?></b>';
+		$pwun_msg_box.innerHTML = '<div class="message_box_contents"><b><?= hsc($_['change_pw_07']) ?></b>';
 		return false;
 	}
 	//If new & confirm new values do not match...
 	if (trim($new1.value) != trim($new2.value)) {
-		$pwun_msg_box.innerHTML = '<div class="message_box_contents"><b><?php echo hsc($_['change_pw_04']) ?></b>';
+		$pwun_msg_box.innerHTML = '<div class="message_box_contents"><b><?= hsc($_['change_pw_04']) ?></b>';
 		return false;
 	}
 	return true;
@@ -4845,8 +4845,8 @@ function js_hash_scripts() {//**************************************************
 function hash($element_id) {
 	var $input = E($element_id);
 	var $hash = trim($input.value); //trim() defined in Common_Scripts()
-	var $SALT = '<?php echo $SALT ?>';
-	var $PRE_ITERATIONS = <?php echo $PRE_ITERATIONS ?>; //$PRE_ITERATIONS also used in hashit()
+	var $SALT = '<?= $SALT ?>';
+	var $PRE_ITERATIONS = <?= $PRE_ITERATIONS ?>; //$PRE_ITERATIONS also used in hashit()
 	if ($hash.length < 1) {$input.value = $hash; return;} //Don't hash nothing.
 	for ( $x=0; $x < $PRE_ITERATIONS; $x++ ) { $hash = hex_sha256($hash + $SALT); }
 	$input.value = $hash;
@@ -5425,35 +5425,35 @@ function Language_and_config_adjusted_styles() {//******************************
 ?>
 
 <style>
-#main { width: <?php echo $MAIN_WIDTH ?>; } /*Default 810px*/
+#main { width: <?= $MAIN_WIDTH ?>; } /*Default 810px*/
 
 .tab_size {
-	tab-size     : <?php echo $TAB_SIZE ?>;
-	-o-tab-size  : <?php echo $TAB_SIZE ?>;
-	-moz-tab-size: <?php echo $TAB_SIZE ?>;
+	tab-size     : <?= $TAB_SIZE ?>;
+	-o-tab-size  : <?= $TAB_SIZE ?>;
+	-moz-tab-size: <?= $TAB_SIZE ?>;
 }
 
 .button {
-	padding  : <?php echo $_['button_padding']   ?>; /*Default 4px 7px 4px 7px */
-	font-size: <?php echo $_['button_font_size'] ?>; /*Default .9em */
+	padding  : <?= $_['button_padding']   ?>; /*Default 4px 7px 4px 7px */
+	font-size: <?= $_['button_font_size'] ?>; /*Default .9em */
 	}
 
 .front_links a {
-	font-size  : <?php echo $_['front_links_font_size'] ?>; /*Default 1em */
-	margin-left: <?php echo $_['front_links_margin_L']  ?>; /*Default 1em */
+	font-size  : <?= $_['front_links_font_size'] ?>; /*Default 1em */
+	margin-left: <?= $_['front_links_margin_L']  ?>; /*Default 1em */
 	}
 
-#mcd_submit button{ margin-right: <?php echo $_['MCD_margin_R']  ?>;}  /*Default 1em*/
+#mcd_submit button{ margin-right: <?= $_['MCD_margin_R']  ?>;}  /*Default 1em*/
 
-.image_info { font-size: <?php echo $_['image_info_font_size'] ?>; }   /*Default 1em*/
+.image_info { font-size: <?= $_['image_info_font_size'] ?>; }   /*Default 1em*/
 
 .edit_btns_bottom .button {
-	margin-left: <?php echo $_['button_margin_L'] ?>; /*Default .7em*/
+	margin-left: <?= $_['button_margin_L'] ?>; /*Default .7em*/
 	}
 
 
-#select_all_label { font-size: <?php echo $_['select_all_label_size']?>; } /*Default .84em */
-#select_all_label { width: <?php echo $_['select_all_label_width']?>; }    /*Default 72px  */
+#select_all_label { font-size: <?= $_['select_all_label_size']?>; } /*Default .84em */
+#select_all_label { width: <?= $_['select_all_label_width']?>; }    /*Default 72px  */
 </style>
 
 <?php

From b6368120e42c896e39850d08bcd8d6c7518aa357 Mon Sep 17 00:00:00 2001
From: Self-Evident <selfevidenttruths@mail.com>
Date: Sun, 8 Oct 2017 11:27:41 -0400
Subject: [PATCH 226/228] Version 3.6.12 Show username on Admin page. Now
 checks if is_writable,  Dir list then hides [m]   [d][x] for files not
 writable.    Update_File_Permissions() & Edit_Page_...(). New function
 Get_File_Stats(), used by: Get_DIRECTORY_DATA, Edit_Page_buttons_top(),
 Edit_Page_form() Enable_Edit_Perms(): added current perms [rwxrwxrwx] to msg.

---
 onefilecms.php | 184 +++++++++++++++++++++++++++----------------------
 1 file changed, 103 insertions(+), 81 deletions(-)

diff --git a/onefilecms.php b/onefilecms.php
index fe85f87..79c2f86 100755
--- a/onefilecms.php
+++ b/onefilecms.php
@@ -2,7 +2,7 @@
 
 // OneFileCMS - github.com/Self-Evident/OneFileCMS
 
-$OFCMS_version = '3.6.11';
+$OFCMS_version = '3.6.12';
 
 
 
@@ -110,7 +110,7 @@
 $WIDE_VIEW_WIDTH = '97%'; //Width to set Edit page if [Wide View] is clicked.  Can be px, pt, em, or %.  Assumes px otherwise.
 
 $LINE_WRAP = "on"; //"on",  anything else = "off".  Default for edit page. Once on page, line-wrap can toggle on/off.
-$TAB_SIZE  = 8;    //Some browsers recognize a css tab-size. Some don't (IE/Edge, as of mid-2016).
+$TAB_SIZE  = 4;    //Some browsers recognize a css tab-size. Some don't (IE/Edge, as of mid-2016).
 
 $MAX_EDIT_SIZE = 250000;  // Edit gets flaky with large files in some browsers.  Trial and error your's.
 $MAX_VIEW_SIZE = 1000000; // If file > $MAX_EDIT_SIZE, don't even view in OneFileCMS.
@@ -125,7 +125,7 @@
 
 $EXCLUDED_FILES  = ""; //csv list of filenames to exclude from directory listings- CaSe sEnsiTive!
 
-$EDIT_FILES = "svg,asp,cfg,conf,csv,css,dtd,htm,html,xhtml,htaccess,ini,js,log,markdown,md,php,pl,txt,text"; //Editable file types.
+$EDIT_FILES = "svg,asp,cfg,conf,csv,css,dtd,htm,html,xhtml,htaccess,ini,js,log,markdown,md,php,pl,txt,text,types"; //Editable file types.
 $SHOW_FILES = "*"; // Shown types; only files of the given types should show up in the file-listing
 	// Use $SHOW_FILES exactly like $EDIT_FILES: a list of extensions separated by commas.
 	// If $SHOW_FILES is set to null - by intention or by error - only folders will be shown.
@@ -147,14 +147,14 @@
 //Optional: restrict access to a particular sub folder from root.
 //$ACCESS_ROOT = '/some/path';
 //If blank or invalid, default is $_SERVER['DOCUMENT_ROOT'].
-//$ACCESS_ROOT = '/home/user';
+//$ACCESS_ROOT = '/home/user'; //$DEFAULT_PATH = '/home/'.get_current_user();
 
 
 //Optional: specify a default start path on login.
 //$DEFAULT_PATH = 'some/path/deeper/'
 //Must be a decendant of $ACCESS_ROOT.
 //If blank or invalid, defaults to $ACCESS_ROOT.
-//$DEFAULT_PATH = '/home/user/public_html';
+//$DEFAULT_PATH = '/home/'.get_current_user().'/public_html';
 
 
 //URL of optional external style sheet.  Used as an href in <link ...>
@@ -1639,6 +1639,9 @@ function Admin_Page() {//*******************************************************
 
 	List_Backups_and_Logs();
 
+	echo '<p><b>'.hsc($_['Username']).': </b>';
+	echo '<span class="meta_T meta_T2">'.get_current_user()."</span><br>\n";
+
 	echo '<p><b>'.hsc($_['admin_txt_03']).': </b>';
 	echo '<span class="meta_T meta_T2">'.session_save_path()."</span><br>\n";
 
@@ -2039,6 +2042,47 @@ function Create_Table_for_Listing() {//*****************************************
 
 
 
+function Get_File_Stats($filename_OS) {//***************************************
+	//Get file size, date, mode (permissions), etc.
+
+	$file_stats = lstat($filename_OS); //returns [file size, mtime, uid, guid, etc...]
+
+	$file_stats['is_writable'] = is_writable($filename_OS) * 1; //1 or 0  (true or false)
+
+	if ($file_stats) {
+		$file_stats['perms'] = decoct($file_stats['mode'] & 07777);
+	}
+	else {
+		$file_stats['perms'] = "";
+		$file_stats['size']  = "";
+		$file_stats['mtime'] = "";
+	}
+
+	//Get file owner & group names. Some systems, like Windows, don't have posix_getpwuid().
+	if ($file_stats && function_exists('posix_getpwuid')) {
+		$fileowner_uid  		  = $file_stats['uid'];
+		$fileowner_info 		  = posix_getpwuid($fileowner_uid);
+		$file_stats['owner'] = $fileowner_info['name'];
+		
+		$filegroup_uid			  = $file_stats['gid'];
+		$filegroup_info			  = posix_getgrgid($filegroup_uid);
+		$file_stats['group'] = $filegroup_info['name'];
+	}
+	else {
+		$file_stats['owner'] = "";
+		$file_stats['group'] = "";
+	}
+
+	if (is_link($filename_OS)) { $file_stats['link_target'] = " -> ".readlink($filename_OS); }
+	else 					   { $file_stats['link_target'] = ""; }
+
+	return $file_stats;
+
+}//end Get_File_Stats() {//*****************************************************
+
+
+
+
 function Get_DIRECTORY_DATA($raw_list) {//**************************************
 	global $_, $ONESCRIPT, $ipath, $ipath_OS, $param1, $ICONS, $MESSAGE, 
 			$FTYPES, $FCLASSES, $EXCLUDED_LIST, $STYPES, $SHOWALLFILES, 
@@ -2047,12 +2091,16 @@ function Get_DIRECTORY_DATA($raw_list) {//**************************************
 	//Doesn't use global $filename or $filename_OS in this function (because they shouldn't exist on the Index page)
 	//$filename below is JUST the file's name.  In other functions, it's the full/path/filename
 
+	clearstatcache();
+
 	$file_count = 0; //final count to exclude . & .., and any $excluded file names
 	foreach ($raw_list as $raw_filename) { //$raw_list is in server's File System encoding
 		
 		if ( ($raw_filename == '.') || ($raw_filename == '..') ) {continue;}
 		
-		$filename_OS = $ipath_OS.$raw_filename; //for is_dir() & file_exists() below
+		$filename_OS = $ipath_OS.$raw_filename;
+		
+		$file_stats = Get_File_Stats($filename_OS);
 		
 		//Normalize filename encoding for general use & display. (UTF-8, which may not be same as the server's File System)
 		if ($ENC_OS == 'UTF-8') {$filename = $raw_filename;}
@@ -2083,54 +2131,19 @@ function Get_DIRECTORY_DATA($raw_list) {//**************************************
 		elseif ($type == 'dir')        { $icon = $ICONS['folder']; }
 		else                           { $icon = $ICONS['bin']; } //default
 		
-		//Get file size, date, mode (permissions), etc.
-		$file_stats = lstat($filename_OS);
-		
-		if ($file_stats) {
-			$file_perms = decoct($file_stats['mode'] & 07777);
-			$file_size  = $file_stats['size'];
-			$file_mtime = $file_stats['mtime'];
-		}
-		else {
-			$file_perms = "";
-			$file_size  = "";
-			$file_mtime = "";
-		}
-		
-		//Get file owner & group names. Some systems, like Windows, don't have posix_getpwuid().
-		if ($file_stats && function_exists('posix_getpwuid')) {
-			$fileowner_uid  = $file_stats['uid'];
-			$fileowner_info = posix_getpwuid($fileowner_uid);
-			$fileowner_name = $fileowner_info['name'];
-			
-			$filegroup_uid	= $file_stats['gid'];
-			$filegroup_info = posix_getgrgid($filegroup_uid);
-			$filegroup_name = $filegroup_info['name'];
-		}
-		else {
-			$fileowner_name = "";
-			$filegroup_name = "";
-		}
-		
-		if (is_link($filename_OS)) {
-			$link_target = " -> ".readlink($filename_OS);
-		}
-		else {
-			$link_target = "";
-		}
-		
 		//Store data
 		$DIRECTORY_DATA[$file_count] = array('', '', 0, 0, 0, '', '', '', '', '');
-		$DIRECTORY_DATA[$file_count][0] = $type;  //used to determine icon & f_or_f
-		$DIRECTORY_DATA[$file_count][1] = $filename;
-		$DIRECTORY_DATA[$file_count][2] = $file_size;
-		$DIRECTORY_DATA[$file_count][3] = $file_mtime;
-		$DIRECTORY_DATA[$file_count][4] = Set_IS_OFCMS($ipath.$filename); //If = 1, Don't show ren, del, ckbox.
-		$DIRECTORY_DATA[$file_count][5] = $ext; //##### Is this used?
-		$DIRECTORY_DATA[$file_count][6] = $file_perms;
-		$DIRECTORY_DATA[$file_count][7] = $fileowner_name;
-		$DIRECTORY_DATA[$file_count][8] = $filegroup_name;
-		$DIRECTORY_DATA[$file_count][9] = $link_target;
+		$DIRECTORY_DATA[$file_count][ 0] = $type;  //used to determine icon & f_or_f
+		$DIRECTORY_DATA[$file_count][ 1] = $filename;
+		$DIRECTORY_DATA[$file_count][ 2] = $file_stats['size'];
+		$DIRECTORY_DATA[$file_count][ 3] = $file_stats['mtime'];
+		$DIRECTORY_DATA[$file_count][ 4] = Set_IS_OFCMS($ipath.$filename); //If = 1, Don't show ren, del, ckbox.
+		$DIRECTORY_DATA[$file_count][ 5] = $ext; //##### Is this used?
+		$DIRECTORY_DATA[$file_count][ 6] = $file_stats['perms'];
+		$DIRECTORY_DATA[$file_count][ 7] = $file_stats['owner'];
+		$DIRECTORY_DATA[$file_count][ 8] = $file_stats['group'];
+		$DIRECTORY_DATA[$file_count][ 9] = $file_stats['link_target'];
+		$DIRECTORY_DATA[$file_count][10] = $file_stats['is_writable'];  //1 or 0 (true or false)
 
 		$file_count++;
 	}//end foreach file
@@ -2170,9 +2183,13 @@ function Index_Page_buttons_top($file_count) {//********************************
 function Index_Page() {//*******************************************************
 	global  $ONESCRIPT, $ipath_OS, $param1, $INPUT_NUONCE, $DIRECTORY_DATA, $DIRECTORY_COUNT;
 
-	$raw_list = scandir('./'.$ipath_OS);  //Get current directory list  (unsorted)
+	//Get current directory list  (unsorted)
+	$raw_list = scandir('./'.$ipath_OS);
 	$DIRECTORY_COUNT = Get_DIRECTORY_DATA($raw_list);
 
+	if ($DIRECTORY_COUNT < 1) { $json_encoded_DIRECTORY_DATA = "[]"; }
+	else 					  { $json_encoded_DIRECTORY_DATA = json_encode($DIRECTORY_DATA); }
+
 	//<form> to contain directory, including buttons at top.
 	echo "<form method=post id=mcdselect action='{$ONESCRIPT}{$param1}&amp;p=mcdaction'>\n";
 	echo "<input type=hidden name=mcdaction value=''>\n"; //along with $page, affects response
@@ -2183,12 +2200,6 @@ function Index_Page() {//*******************************************************
 	Create_Table_for_Listing(); //sets up table with empty <tbody></tbody>
 
 	echo "</form>\n\n\n";
-
-	//  DIRECTORY_DATA[x] = ['type', 'file name', filesize, timestamp, is_ofcms, 'ext', permissions, file owner, file group, link target]
-
-	if ($DIRECTORY_COUNT < 1) { $json_encoded_DIRECTORY_DATA = "[]"; }
-	else { $json_encoded_DIRECTORY_DATA = json_encode($DIRECTORY_DATA); }
-
 	echo "<script>\n";
 	echo "var DIRECTORY_DATA = $json_encoded_DIRECTORY_DATA;\n";
 	echo "var DIRECTORY_ITEMS = DIRECTORY_DATA.length;\n";
@@ -2202,7 +2213,7 @@ function Index_Page() {//*******************************************************
 
 
 
-function Edit_Page_buttons_top($text_editable,$file_ENC) {//********************
+function Edit_Page_buttons_top($text_editable,$file_ENC, $file_stats) {//*******
 	global $_, $ONESCRIPT, $param1, $param2, $filename, $filename_OS, $IS_OFCMS, 
 				$WYSIWYG_VALID, $EDIT_WYSIWYG, $WYSIWYG_label, $MESSAGE;
 
@@ -2240,10 +2251,10 @@ function Edit_Page_buttons_top($text_editable,$file_ENC) {//********************
 	<div class="edit_btns_top">
 		<div class="file_meta">
 			<span class="file_size">
-				<?= hsc($_['meta_txt_01']).' '.number_format(filesize($filename_OS)).' '.hsc($_['bytes']); ?>
+				<?= hsc($_['meta_txt_01']).' '.number_format($file_stats['size']).' '.hsc($_['bytes']); ?>
 			</span>	&nbsp;
 			<span class="file_time">
-				<?= hsc($_['meta_txt_03']).' <script>FileTimeStamp('.filemtime($filename_OS).', 1, 1, 1);</script>'; ?>
+				<?= hsc($_['meta_txt_03']).' <script>FileTimeStamp('.$file_stats['mtime'].', 1, 1, 1);</script>'; ?>
 				<?= '&nbsp; '.$file_ENC; ?>
 			</span><br>
 		</div>
@@ -2315,23 +2326,30 @@ function Edit_Page_form($ext, $text_editable, $too_large_to_edit, $too_large_to_
 		'<b>'.hsc($_['too_large_to_view_01']).' '.number_format($MAX_VIEW_SIZE).' '.hsc($_['bytes']).'</b><br>'.
 		hsc($_['too_large_to_view_02']).'<br>'.hsc($_['too_large_to_view_03']).'<br>';
 
-	$writable = (fileperms($filename_OS) & 0200)/0200;
-	$file_perms = decoct(fileperms($filename_OS) & 07777);
+	clearstatcache();
+
+	$file_stats = Get_File_Stats($filename_OS);
+	$file_perms = Format_Perms($file_stats['perms']);
+	$writable   = $file_stats['is_writable'];
 
-	if (!$writable) { $MESSAGE .= $file_perms." : ".$_['edit_txt_05']." ".$_['edit_txt_00']."<br>"; }
+	if (!$writable) {
+		$MESSAGE .= "<span class=mono>";
+		$MESSAGE .= $file_perms." ".$file_stats['owner']." ".$file_stats['group']." :".get_current_user().":</span> ";
+		$MESSAGE .= $_['edit_txt_05']." ".$_['edit_txt_00']."<br>";
+	}
 
 	echo "\n".'<form id=edit_form name=edit_form method=post action="'.$ONESCRIPT.$param1.$param2.$param3.'">'."\n";
 		
 		echo $INPUT_NUONCE;
 		
-		Edit_Page_buttons_top($text_editable, $file_ENC);
+		Edit_Page_buttons_top($text_editable, $file_ENC, $file_stats);
 		
 		if ( !in_array( mb_strtolower($ext), $ITYPES) ) { //If non-image...
 			
 			//Did htmlspecialchars return an empty string from a non-empty file?
-			$bad_chars = ( ($FILECONTENTS == "") && (filesize($filename_OS) > 0) );
+			$bad_chars = ( ($FILECONTENTS == "") && ($file_stats['size'] > 0) );
 			
-			if     (!$text_editable) { $MESSAGE .= hsc($_['edit_txt_01']).'<br><br>'; }
+			if     (!$text_editable) { $MESSAGE .= hsc($_['edit_txt_01']).'<br>'; }
 			elseif ( $text_editable && $too_large_to_view ) {
 				echo '<p class="message_box_contents">'.$too_large_to_view_message.'</p>';
 			} else {
@@ -2989,10 +3007,9 @@ function Update_File_Permissions() {//******************************************
 		}
 	}
 	clearstatcache();
-	$new_perms = decoct((fileperms($filename_OS) & 07777)); //May not actually be new, if update failed.
+	$new_perms = decoct((fileperms($filename_OS) & 07777)); //May not actually be new, if chmod() failed.
 	$new_perms = str_pad($new_perms, 3, "0", STR_PAD_LEFT); //Always at least three digits:  000
 
-
 	if ($errors == 0) {
 		$MESSAGE .= "<b>".hsc($_['meta_txt_03'])."</b> ";
 		$MESSAGE .= "<span class=mono> <b>".Format_Perms($new_perms)."</b> ".hsc($filename)."</span><br>";
@@ -3005,6 +3022,7 @@ function Update_File_Permissions() {//******************************************
 	$new_perms_response['early_output']   = ob_get_clean(); //Should always be empty unless error or trouble-shooting.
 	$new_perms_response['errors']		  = $errors."";
 	$new_perms_response['MESSAGE']		  = $MESSAGE;
+	$new_perms_response['writable']		  = is_writable($filename_OS) * 1; //1 or 0 (true or false)
 	echo json_encode($new_perms_response);
 }//end Update_File_Permissions() //*********************************************
 
@@ -3741,6 +3759,7 @@ function Validate_and_Post($perms, filename) { //*********************
 function Enable_Edit_Perms($perms) {//********************************
 
 	var msg = hsc(" <?= $_['Press_Enter'] ?>");
+	msg += "<br><span class=mono>" + Format_Perms($perms.value) + "</span>";
 	Display_Messages(msg);
 	$perms.readOnly = false;
 	$perms.setSelectionRange(0, 0); //Just for consistency.
@@ -3791,24 +3810,27 @@ function Perms_Update_Response(request, $perms) { //******************
 
 	$perms.prior_value = $perms.value;
 
-	var msg = update_response.MESSAGE;
-
-	//Should always be blank unless troubleshooting, or an error server side.
-	if (update_response.early_output != "") { msg += "<hr>" + update_response.early_output; }
-
-	//#####	msg += "<hr>" + hsc(request.responseText); //For trouble-shooting...
-
 	E('nuonce').value = update_response.nuonce; //For the next post...
 
 	var frow = $perms.id.split('c')[0].substr(1); //id = "fNNcN", frow = the NN after the "f"
 	var drow = frow - 1; //See Assemble_Insert_row() for description/explanation.
 
-	DIRECTORY_DATA[drow][6] = $perms.value;
+	DIRECTORY_DATA[drow][6]  = $perms.value;
+	DIRECTORY_DATA[drow][10] = update_response.writable;
 
 	var cells = E("DIRECTORY_LISTING").rows[drow].cells;
 	Insert_mdx(drow, cells); //Show/Hide [M]    [D][X]   file options
 
+
+	var msg = update_response.MESSAGE;
+
+	//Should always be blank unless troubleshooting, or an error server side.
+	if (update_response.early_output != "") { msg += "<hr>" + update_response.early_output; }
+
+	//#####	msg += "<hr>" + hsc(request.responseText); //For trouble-shooting...
+
 	Display_Messages(msg);
+	window.scroll(0,0); //Leave focus on perms of file, but scroll message box into view if needed.
 
 }//end Perms_Update_Response() //*************************************
 
@@ -4028,7 +4050,8 @@ function Insert_mdx(drow, cells) {//**********************************
 
 	var IS_OFCMS = DIRECTORY_DATA[drow][4]; 
 	var sogw = parseInt(DIRECTORY_DATA[drow][6] + "",8); //File permissions (suid sgid sticky)(owner)(group)(world)
-	var writable = (((sogw & 0o200)/0o200) && !IS_OFCMS) * 1 ;  //Check file owner write bit, or if IS_OFCMS.
+	var writable = DIRECTORY_DATA[drow][10];     //1 or 0 (true or false)
+	    writable = (writable && !IS_OFCMS) * 1;  //1 or 0 (true or false)
 
 	var frow = drow + 1; //See Assemble_Insert_row() for description/explanation.
 
@@ -4261,8 +4284,7 @@ function Confirm_Submit(action) {//***********************************
 
 
 function Format_Perms(perms_oct) {//**********************************
-	//##### Not used yet. Had grand ideas, but now not sure...
-	//returns [7777][ugt rwx rwx rwx]
+	//returns them formatted as [7777][ugt rwx rwx rwx]
 
 	//$perms_oct is a 3 or 4 digit octal string (7777).
 	

From 76f3917c55c80eb7567fb355c197bcb984d9ec3b Mon Sep 17 00:00:00 2001
From: Self-Evident <selfevidenttruths@mail.com>
Date: Sun, 8 Oct 2017 11:31:26 -0400
Subject: [PATCH 227/228] Updated logs.

---
 info/changelog.markdown | 19 +++++++++++++------
 1 file changed, 13 insertions(+), 6 deletions(-)

diff --git a/info/changelog.markdown b/info/changelog.markdown
index af4f686..f13248b 100755
--- a/info/changelog.markdown
+++ b/info/changelog.markdown
@@ -1,9 +1,20 @@
 # OneFileCMS Change Log
 
+### v3.6.12 (2017-10-08)
+
+- Admin page now shows username OneFileCMS is running as.
+- Index & Edit pages now indicate files that are not writable (rather than just responding with an error message after trying to edit/delete said files).
+- When editing file permissions, message box shows current expanded perms [rwxrwxrwx] owner group :current user:  
+    (But, can still only edit the octal form by the file name.)
+
+### v3.6.11 (2017-10-06)
+
+- Switched to php short tags: `<?= ?>`&nbsp; &nbsp; (from `<?php echo ?>`) &nbsp; &nbsp; Because I felt like it.  I wanted to years ago, in my beginning of this project, but my web host was still on some 5.3 version of php, and didn't always have 'em enabled. But now, as php is up to v7.something, and most hosts have, at least, php 5.4, it seems like a safe move at this point.  If not, oh well!
+
 ### v3.6.10 (2017-10-06)
 
 - Fixed a minor bug introduced by prior commit's code "improvements".
-- Directory list now shows link targets:  some_symlink -> /target/of/symlink
+- Directory list now shows link targets:  some\_symlink -> /target/of/symlink
 - Reworked keyboard nav a bit.
 - Some misc code improvements.
 
@@ -15,12 +26,8 @@
 ### v3.6.08 (2017-09-30)
 
 - [Mov], [Del], & [X] are unavailable if file is readonly.
-- Some misc code improvements.
-
-### v3.6.07 (2017-09-29)
-
 - Fixed minor issue where if perms changed, new value not always displayed.
-- A bit of restructure/refactor of perm & Assemble_Insert_Row() related functions.
+- A bit of restructure/refactor of perm & Assemble\_Insert\_Row() related functions.
 - "(on php 5.x.x)" version, and link to phpinfo, now only shows on Admin page.
 - Andd some css...
 

From d1ff5045ebeaea77434490beae83949fe37a0a11 Mon Sep 17 00:00:00 2001
From: Self-Evident <selfevidenttruths@mail.com>
Date: Sun, 8 Oct 2017 18:59:26 -0400
Subject: [PATCH 228/228] Version 3.6.13 Tweaked usage of $DOC_ROOT to
 "server/doc/root/" (no leading "/"). $MESSAGES from System_Setup() no longer
 reported on Login page, but are reported after login. Minor restructure of
 Session_Startup(). Improved $ACCESS_ROOT & $DEFAULT_PATH a bit.

---
 onefilecms.php | 53 ++++++++++++++++++++++++++++----------------------
 1 file changed, 30 insertions(+), 23 deletions(-)

diff --git a/onefilecms.php b/onefilecms.php
index 79c2f86..0f3471e 100755
--- a/onefilecms.php
+++ b/onefilecms.php
@@ -2,7 +2,7 @@
 
 // OneFileCMS - github.com/Self-Evident/OneFileCMS
 
-$OFCMS_version = '3.6.12';
+$OFCMS_version = '3.6.13';
 
 
 
@@ -147,7 +147,7 @@
 //Optional: restrict access to a particular sub folder from root.
 //$ACCESS_ROOT = '/some/path';
 //If blank or invalid, default is $_SERVER['DOCUMENT_ROOT'].
-//$ACCESS_ROOT = '/home/user'; //$DEFAULT_PATH = '/home/'.get_current_user();
+//$ACCESS_ROOT = '/home/'.get_current_user();
 
 
 //Optional: specify a default start path on login.
@@ -200,6 +200,10 @@ function System_Setup() {//*****************************************************
 	$DELAY_Expired_Reload, $DELAY_Sort_and_Show_msgs, $DELAY_Start_Countdown, $DELAY_final_messages,
 	$MIN_DIR_ITEMS, $DIRECTORY_COLUMNS;
 
+//Used to pass & display any setup $MESSAGES only if $_SESSION['valid'].
+//(So they don't display on the Login screen.)
+$setup_messages = "";
+
 //Requires PHP 5.1 or newer, due to changes in explode() (and maybe others).
 define('PHP_VERSION_ID_REQUIRED',50100);   //Ex: 5.1.23 is 50123
 define('PHP_VERSION_REQUIRED'  ,'5.1 + '); //Used in exit() message.
@@ -233,9 +237,9 @@ function System_Setup() {//*****************************************************
 $WHSPC_SLASH = "\x00..\x20/";  //Whitespace & forward slash. For trimming file & folder name inputs.
 
 
-//$DOC_ROOT is normalized to always be (for ex:) "/server/doc/root/", instead of "C:/server/doc/root/" if on Windows.
+//$DOC_ROOT is normalized to always be (for ex:) "server/doc/root/", instead of "C:/server/doc/root/" if on Windows.
 $ds_pos   = strpos($_SERVER['DOCUMENT_ROOT'], "/") * 1;
-$DOC_ROOT = substr($_SERVER['DOCUMENT_ROOT'], $ds_pos).'/';
+$DOC_ROOT = trim(substr($_SERVER['DOCUMENT_ROOT'], $ds_pos), '/').'/';
 
 
 $WEBSITE   = $_SERVER['HTTP_HOST'].'/';
@@ -254,7 +258,7 @@ function System_Setup() {//*****************************************************
 	$LANGUAGE_FILE_OS = Convert_encoding($LANGUAGE_FILE);
 	
 	if (is_file($LANGUAGE_FILE_OS)) { include($LANGUAGE_FILE_OS); }  
-	else { $MESSAGE .= '<b>$LANGUAGE_FILE '.hsc($_['Not_found']).":</b> ".hsc($LANGUAGE_FILE)."<br>"; }
+	else { $setup_messages .= '<b>$LANGUAGE_FILE '.hsc($_['Not_found']).":</b> ".hsc($LANGUAGE_FILE)."<br>"; }
 	
 }
 
@@ -265,7 +269,7 @@ function System_Setup() {//*****************************************************
 	$WYSIWYG_PLUGIN_OS = Convert_encoding($WYSIWYG_PLUGIN); //Also used for include()
 
 	if (is_file($WYSIWYG_PLUGIN_OS)) { $WYSIWYG_VALID = 1; }
-	else { $MESSAGE .= '<b>$WYSIWYG_PLUGIN '.hsc($_['Not_found']).':</b> '.hsc($WYSIWYG_PLUGIN)."<br>"; }
+	else { $setup_messages .= '<b>$WYSIWYG_PLUGIN '.hsc($_['Not_found']).':</b> '.hsc($WYSIWYG_PLUGIN)."<br>"; }
 }
 
 
@@ -280,7 +284,7 @@ function System_Setup() {//*****************************************************
 		$CONFIG_FILE_backup = $CONFIG_FILE.'-BACKUP.txt';                 //used for p/w & u/n updates.
 	}
 	else {
-		$MESSAGE .= $EX.'<b>$CONFIG_FILE '.hsc($_['Not_found']).':</b> '.hsc($CONFIG_FILE).'<br>';
+		$setup_messages .= $EX.'<b>$CONFIG_FILE '.hsc($_['Not_found']).':</b> '.hsc($CONFIG_FILE).'<br>';
 		$CONFIG_FILE = $CONFIG_FILE_OS = '';
 	}
 }
@@ -288,13 +292,13 @@ function System_Setup() {//*****************************************************
 
 
 //Clean up & validate $ACCESS_ROOT
-if (!isset($ACCESS_ROOT)) { $ACCESS_ROOT = $DOC_ROOT; } //Make sure it's set.
+if (!isset($ACCESS_ROOT) || $ACCESS_ROOT == '') { $ACCESS_ROOT = $DOC_ROOT; } //Make sure it's set.
 $ACCESS_ROOT = trim($ACCESS_ROOT, ' /'); //Trim to '' or 'some/path'
 if ($ACCESS_ROOT != '') { $ACCESS_ROOT = $ACCESS_ROOT.'/'; }
 $ACCESS_ROOT_OS = Convert_encoding($ACCESS_ROOT);
 
 if (!is_dir('/'.$ACCESS_ROOT_OS)) {
-	$MESSAGE .= $EX.'<b>$ACCESS_ROOT '.hsc($_['Invalid']).":</b> $ACCESS_ROOT<br>";
+	$setup_messages .= $EX.'<b>$ACCESS_ROOT '.hsc($_['Invalid']).":</b> $ACCESS_ROOT<br>";
 	$ACCESS_ROOT	= $DOC_ROOT;
 	$ACCESS_ROOT_OS = Convert_encoding($ACCESS_ROOT);
 }
@@ -305,26 +309,26 @@ function System_Setup() {//*****************************************************
 
 //Clean up & validate $DEFAULT_PATH
 //It must either be = $ACCESS_ROOT, or $ACCESS_ROOT."some/valid/path/"
-if (!isset($DEFAULT_PATH)) { $DEFAULT_PATH = $ACCESS_ROOT; } //Make sure it's set.
+if (!isset($DEFAULT_PATH) || $DEFAULT_PATH == '') { $DEFAULT_PATH = $ACCESS_ROOT; } //Make sure it's set.
 $DEFAULT_PATH = trim($DEFAULT_PATH, ' /');  //Trim to 'some/path'
 if ($DEFAULT_PATH != '') {$DEFAULT_PATH .= '/'; } 
 $DEFAULT_PATH_OS = Convert_encoding($DEFAULT_PATH);
 
-//Verify that $DEFAULT_PATH is equal to, or is a decendant of, $ACCESS_ROOT.
+//Verify that $DEFAULT_PATH is equal to, or a decendant of, $ACCESS_ROOT.
 $needle        = realpath($ACCESS_ROOT);  //ex: /some/access/root
 $haystack      = realpath($DEFAULT_PATH); //ex: /some/access/root/some/default/path
 $needle_len    = strlen($needle);
 $valid_subpath = (substr($haystack, 0, $needle_len) === $needle);
 
 if (!is_dir('/'.$DEFAULT_PATH_OS)) {
-	$MESSAGE .= $EX.'<b>$DEFAULT_PATH '.$_['Invalid'].":</b> $DEFAULT_PATH<br>";
+	$setup_messages .= $EX.'<b>$DEFAULT_PATH '.$_['Invalid'].":</b> $DEFAULT_PATH<br>";
 	$DEFAULT_PATH	 = $ACCESS_ROOT;
 	$DEFAULT_PATH_OS = Convert_encoding($DEFAULT_PATH);
 } 
 else if (!$valid_subpath) {
-	$MESSAGE .= $EX.'<b>'.$_['must_be_decendant'].'</b><br>';
-	$MESSAGE .= "\$ACCESS_ROOT = $ACCESS_ROOT<br>";
-	$MESSAGE .= "\$DEFAULT_PATH = $DEFAULT_PATH<br>";
+	$setup_messages .= $EX.'<b>'.$_['must_be_decendant'].'</b><br>';
+	$setup_messages .= "\$ACCESS_ROOT = $ACCESS_ROOT<br>";
+	$setup_messages .= "\$DEFAULT_PATH = $DEFAULT_PATH<br>";
 	$DEFAULT_PATH	 = $ACCESS_ROOT;
 	$DEFAULT_PATH_OS = Convert_encoding($DEFAULT_PATH);
 }
@@ -381,6 +385,8 @@ function System_Setup() {//*****************************************************
 //If you change this, or any other aspect of either hashit() or js_hash_scripts(), do so while logged in.
 //Then, manually update your password as instructed on the Admin/Generate Hash page.
 $PRE_ITERATIONS = 10000;
+
+return $setup_messages;
 }//end  System_Setup() //*******************************************************
 
 
@@ -707,16 +713,15 @@ function Session_Startup() {//**************************************************
 	session_name($SESSION_NAME);
 	session_start();
 
-	//Set initial defaults...
-	$page = 'login';
-	$VALID_POST = 0;
-	if ( !isset($_SESSION['valid']) ) { $_SESSION['valid'] = 0; }
-
 	//Logging in?
+	$page = 'login'; //Changed later in Login_response() or Get_GET() as appropriate.
 	if ( isset($_POST['username']) && isset($_POST['password']) ) { Login_response(); }
 
+	if ( !isset($_SESSION['valid']) ) { $_SESSION['valid'] = 0; }
+
 	session_regenerate_id(true); //Helps prevent session fixation & hijacking.
 
+	$VALID_POST = 0;
 	if ( $_SESSION['valid'] ) { Verify_IDLE_POST_etc(); }
 
 	$_SESSION['nuonce'] = sha1(mt_rand().microtime()); //provided in <forms> to verify POST
@@ -881,7 +886,7 @@ function Set_IS_OFCMS($fullpath_filename) {//***********************************
 	global $MESSAGE, $DOC_ROOT;
 	
 	$is_ofcms = 0;
-	$ofcms = ltrim($DOC_ROOT, '/').trim($_SERVER['SCRIPT_NAME'], '/');
+	$ofcms = trim($DOC_ROOT, '/').'/'.trim($_SERVER['SCRIPT_NAME'], '/');
 	if ($fullpath_filename == $ofcms) { $is_ofcms = true; }
 	
 	return $is_ofcms;
@@ -2044,7 +2049,7 @@ function Create_Table_for_Listing() {//*****************************************
 
 function Get_File_Stats($filename_OS) {//***************************************
 	//Get file size, date, mode (permissions), etc.
-
+	
 	$file_stats = lstat($filename_OS); //returns [file size, mtime, uid, guid, etc...]
 
 	$file_stats['is_writable'] = is_writable($filename_OS) * 1; //1 or 0  (true or false)
@@ -5506,7 +5511,7 @@ function Load_style_sheet() {//*************************************************
 
 Default_Language();
 
-System_Setup();
+$setup_messages = System_Setup();
 
 Session_Startup();
 
@@ -5542,6 +5547,8 @@ function Load_style_sheet() {//*************************************************
 
 	Verify_Page_Conditions(); //Must come after Respond_to_POST()
 
+	if ($page != "login") { $MESSAGE .= $setup_messages; } //Must come after Verify_Page_Conditions()
+
 	if (isset($_POST['new_perms'])) { die(); } //die() here just for clarity.
 
 	Update_Recent_Pages();