retesere20

Untitled

Nov 30th, 2017
455
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. <?php
  2. /*
  3. @name: PHP AJAX File Manager (PAFM)
  4. @filename: pafm.php
  5. @version: 1.7 RC2
  6. @date: January 19th, 2013
  7.  
  8. @author: mustafa
  9. @website: http://mus.tafa.us
  10. @email: mustafa.0x@gmail.com
  11.  
  12. @server requirements: PHP 5
  13. @browser requirements: modern browser
  14.  
  15. Copyright (C) 2007-2013 mustafa
  16. This program is free software; you can redistribute it and/or modify it under the terms of the
  17. GNU General Public License as published by the Free Software Foundation. See COPYING
  18. */
  19.  
  20.  
  21. /*
  22. * configuration
  23. */
  24.  
  25. define('PASSWORD', 'auth');
  26. define('PASSWORD_SALT', 'P5`SU2"6]NALYR}');
  27.  
  28. /**
  29. * Local (absolute or relative) path of folder to manage.
  30. *
  31. * By default, the directory pafm is in is what is used.
  32. *
  33. * Setting this to a path outside of webroot works,
  34. * but will break URIs.
  35. *
  36. * This directive will be ignored if set to an
  37. * invalid directory.
  38. *
  39. */
  40. define('ROOT', '../../..');
  41.  
  42. /*
  43. * /configuration
  44. */
  45.  
  46.  
  47. /*
  48. * bruteforce prevention options
  49. */
  50. define('BRUTEFORCE_FILE', __DIR__ . '/_pafm_bruteforce');
  51.  
  52. define('BRUTEFORCE_ATTEMPTS', 5);
  53.  
  54. /**
  55. * Attempt limit lockout time
  56. *
  57. * @var int unit: Seconds
  58. */
  59. define('BRUTEFORCE_TIME_LOCK', 15 * 60);
  60.  
  61. define('AUTHORIZE', true);
  62.  
  63. /**
  64. * files larger than this are not editable
  65. *
  66. * @var int unit: MegaBytes
  67. */
  68. define('MaxEditableSize', 1);
  69.  
  70. /*
  71. * Makefile
  72. * 1 -> 0
  73. */
  74. define('DEV', 0);
  75.  
  76. define('VERSION', '1.7 RC2');
  77.  
  78. define('CODEMIRROR_PATH', __DIR__ . '/_cm');
  79.  
  80. $path = isset($_GET['path']) ? $_GET['path'] : '.';
  81. $pathURL = escape($path);
  82. $pathHTML = htmlspecialchars($path);
  83. $redir = '?path=' . $pathURL;
  84.  
  85. $codeMirrorModes = array('html', 'md', 'js', 'php', 'css', 'py', 'rb'); //TODO: complete array
  86.  
  87. $maxUpload = min(return_bytes(ini_get('post_max_size')), return_bytes(ini_get('upload_max_filesize')));
  88. $dirContents = array('folders' => array(), 'files' => array());
  89. $dirCount = array('folders' => 0, 'files' => 0);
  90. $footer = '<a href="http://github.com/mustafa0x/pafm">pafm v'.VERSION.'</a> '
  91. . 'by <a href="http://mus.tafa.us">mustafa</a>';
  92.  
  93. /*
  94. * resource retrieval
  95. */
  96. $_R_HEADERS = array('js' => 'text/javascript', 'css' => 'text/css', 'png' => 'image/png', 'gif' => 'image/gif');
  97. $_R = array();
  98. $_R['js'] = 'function $(a){return document.getElementById(a)}var popup,fOp,edit,upload,shell,__AJAX_ACTIVE,__CODEMIRROR,__CODEMIRROR_MODE,__CODEMIRROR_LOADED,__CODEMIRROR_PATH="_cm",__CODEMIRROR_MODES={html:"htmlmixed",js:"javascript",py:"python",rb:"ruby",md:"markdown"};function ajax(b,g,e,c,a,d){__AJAX_ACTIVE=true;if(!a){json2markup(["div",{attributes:{id:"ajaxOverlay"}},"img",{attributes:{src:"?r=images/ajax.gif",id:"ajaxImg",title:"Loading",alt:"Loading"}}],document.body);$("ajaxOverlay").style.height=document.body.offsetHeight+"px";fade($("ajaxOverlay"),0,6,25,"in")}var f=window.ActiveXObject?new ActiveXObject("MSXML2.XMLHTTP.3.0"):new XMLHttpRequest();d&&f.upload.addEventListener("progress",d,false);f.open(g,b,true);f.onreadystatechange=function(){if(f.readyState!=4){return}__AJAX_ACTIVE=false;a||fade($("ajaxOverlay"),6,0,25,"out",function(){document.body.removeChild($("ajaxOverlay"));document.body.removeChild($("ajaxImg"))});if(f.status==200||f.statusText=="OK"){if(f.responseText=="Please refresh the page and login"){alert(f.responseText)}else{c(f.responseText)}}else{alert("AJAX request unsuccessful.\nStatus Code: "+f.status+"\nStatus Text: "+f.statusText+"\nParameters: "+b)}f=null};if(g.toLowerCase()=="post"&&!a){f.setRequestHeader("Content-Type","application/x-www-form-urlencoded;charset=UTF-8")}f.send(e)}function json2markup(c,g){var b=0,a=c.length,d,f,e;for(;b<a;b++){if(c[b].constructor==Array){json2markup(c[b],d)}else{if(c[b].constructor==Object){if(c[b].attributes){for(f in c[b].attributes){switch(f.toLowerCase()){case"class":d.className=c[b].attributes[f];break;case"style":d.style.cssText=c[b].attributes[f];break;case"for":d.htmlFor=c[b].attributes[f];break;default:d.setAttribute(f,c[b].attributes[f])}}}if(c[b].events){for(e in c[b].events){d.addEventListener(e,c[b].events[e],false)}}if(c[b].preText){g.appendChild(document.createTextNode(c[b].preText))}if(c[b].text){d.appendChild(document.createTextNode(c[b].text))}switch(c[b].insert){case"before":g.parentNode.insertBefore(d,g);break;case"after":g.parentNode.insertBefore(d,g.nextSibling);break;case"under":default:g.appendChild(d)}if(c[b].postText){g.appendChild(document.createTextNode(c[b].postText))}}else{d=document.createElement(c[b])}}}}function fade(e,f,g,c,h,i){var d=e.style.opacity!=undefined,b,a;e.style[d?"opacity":"filter"]=d?f/10:"alpha(opacity="+f*10+")";a=setInterval(function(){if(h=="in"){f++;b=f<=g}else{if(h=="out"){f--;b=f>=g}}if(b){e.style[d?"opacity":"filter"]=d?f/10:"alpha(opacity="+f*10+")"}else{clearInterval(a);if(i){i()}}},c)}popup={init:function(d,a){json2markup(["div",{attributes:{id:"popOverlay"},events:{click:popup.close}}],document.body);json2markup(["div",{attributes:{id:"popup"}},["div",{attributes:{id:"head"}},["a",{attributes:{id:"x",href:"#"},events:{click:function(f){popup.close();f.preventDefault?f.preventDefault():f.returnValue=false}},text:"[x]"},"span",{text:d}],"div",{attributes:{id:"body"}}]],document.body);var e=$("popup"),c=$("popOverlay"),b;json2markup(a,$("body"));if(b=$("moveListUL")){if(b.offsetHeight>(document.body.offsetHeight-150)){b.style.height=document.body.offsetHeight-150+"px"}}e.style.marginTop="-"+parseInt(e.offsetHeight)/2+"px";e.style.marginLeft="-"+parseInt(e.offsetWidth)/2+"px";fade(c,0,6,25,"in");document.onkeydown=function(f){if((f||window.event).keyCode==27){popup.close();return false}}},close:function(){if(__AJAX_ACTIVE){return}if($("popup")){var a=$("popOverlay");fade(a,6,0,25,"out",function(){document.body.removeChild(a)});document.body.removeChild($("popup"))}document.onkeydown=null}};fOp={rename:function(a,b){popup.init("Rename:",["form",{attributes:{action:"?do=rename&subject="+a+"&path="+b+"&nonce="+nonce,method:"post"}},["input",{attributes:{title:"Rename To",type:"text",name:"rename",value:a}},"input",{attributes:{title:"Ok",type:"submit",value:"\u2713"}}]])},create:function(a,b){popup.init("Create "+a+":",["form",{attributes:{method:"post",action:"?do=create&path="+b+"&f_type="+a+"&nonce="+nonce}},["input",{attributes:{title:"Filename",type:"text",name:"f_name"}},"input",{attributes:{title:"Ok",type:"submit",value:"\u2713"}}]])},chmod:function(c,b,a){popup.init("Chmod "+unescape(b)+":",["form",{attributes:{method:"post",action:"?do=chmod&subject="+b+"&path="+c+"&nonce="+nonce}},["input",{attributes:{title:"chmod",type:"text",name:"mod",value:a}},"input",{attributes:{title:"Ok",type:"submit",value:"\u2713"}}]])},copy:function(a,b){popup.init("Copy "+unescape(a)+":",["form",{attributes:{method:"post",action:"?do=copy&subject="+a+"&path="+b+"&nonce="+nonce}},["input",{attributes:{title:"copy to",type:"text",name:"to",value:"copy-"+a}},"input",{attributes:{title:"Ok",type:"submit",value:"\u2713"}}]])},moveList:function(a,b,c){ajax(("?do=moveList&subject="+a+"&path="+b+"&to="+c),"get",null,function(d){if(!$("popup")){popup.init("Move "+unescape(a)+" to:",Function("return "+d)())}else{var f=$("popup"),e;$("body").innerHTML="";json2markup(Function("return "+d)(),$("body"));if((e=$("moveListUL")).offsetHeight>(document.body.offsetHeight-150)){e.style.height=document.body.offsetHeight-150+"px"}f.style.marginTop="-"+parseInt(f.offsetHeight)/2+"px";f.style.marginLeft="-"+parseInt(f.offsetWidth)/2+"px"}})},remoteCopy:function(a){popup.init("Remote Copy:",["form",{attributes:{method:"post",action:"?do=remoteCopy&path="+a+"&nonce="+nonce,id:"remote-copy"}},["legend",{text:"Location: "},["br",{},"input",{attributes:{title:"Remote Copy",type:"text",name:"location"},events:{change:function(b){$("remoteCopyName").value=this.value.substring(this.value.lastIndexOf("/")+1)}}}],"legend",{text:"Name: "},["br",{},"input",{attributes:{id:"remoteCopyName",title:"Name",type:"text",name:"to"}}],"input",{attributes:{title:"Ok",type:"submit",value:"\u2713"}}]])}};edit={init:function(b,c,d,a){__CODEMIRROR_MODE=d;json2markup(["div",{attributes:{id:"editOverlay"}}],document.body);$("editOverlay").style.height="100%";json2markup(["div",{attributes:{id:"ea"}},["textarea",{attributes:{id:"ta",rows:"30",cols:"90"},events:{change:function(){window.__FILECHANGED=true}}},"br",{},"input",{attributes:{type:"text",value:unescape(b),readonly:""}},"input",{attributes:{type:"button",value:"CodeMirror"},events:{click:function(){if(a){edit.codeMirrorLoad()}else{if(confirm("Install CodeMirror?")){ajax("?do=installCodeMirror","get",null,function(e){if(e==""){edit.codeMirrorLoad()}else{alert("Install failed. Manually upload CodeMirrorand place it in _codemirror, in the same directory as pafm")}})}}this.disabled=true}}},"input",{attributes:{type:"button",value:"Save",id:"save"},events:{click:function(){edit.save(b,c)}}},"input",{attributes:{type:"button",value:"Exit",id:"exit"},events:{click:function(){edit.exit(b,c)}}},"span",{attributes:{id:"editMsg"}}]],document.body);document.onkeydown=function(f){if((f||window.event).keyCode==27){edit.exit(b,c);return false}};ajax("?do=readFile&path="+c+"&subject="+b,"get",null,function(e){$("ta").value=e});location="#header"},codeMirrorLoad:function(){if(!__CODEMIRROR_LOADED){json2markup(["script",{attributes:{src:__CODEMIRROR_PATH+"/cm.js",type:"text/javascript"},events:{load:function(){__CODEMIRROR_LOADED=true;edit.codeMirrorLoad()}}},"link",{attributes:{rel:"stylesheet",href:__CODEMIRROR_PATH+"/cm.css"}},],document.getElementsByTagName("head")[0])}else{var a=__CODEMIRROR_MODES[__CODEMIRROR_MODE]||__CODEMIRROR_MODE;__CODEMIRROR=CodeMirror.fromTextArea($("ta"),{onChange:function(){window.__FILECHANGED=true},lineNumbers:true});__CODEMIRROR.setOption("mode",a)}},save:function(b,c){__CODEMIRROR&&__CODEMIRROR.save();$("editMsg").innerHTML=null;var a="data="+encodeURIComponent($("ta").value);ajax("?do=saveEdit&subject="+b+"&path="+c+"&nonce="+nonce,"post",a,function(d){$("editMsg").className=d.indexOf("saved")==-1?"failed":"succeeded";$("editMsg").innerHTML=d});window.__FILESAVED=true;window.__FILECHANGED=false},exit:function(a,b){if(window.__FILECHANGED&&!confirm("Leave without saving?")){return}if(window.__FILESAVED){ajax("?do=getfs&path="+b+"&subject="+a,"get",null,function(e){var g=$("dirList").getElementsByTagName("li"),d=unescape(a),f=0,c=g.length;for(;f<c;f++){if(g[f].title==d){g[f].getElementsByTagName("span")[0].innerHTML=e;break}}})}__CODEMIRROR=null;document.body.removeChild($("ea"));document.body.removeChild($("editOverlay"));window.__FILESAVED=null;document.onkeydown=null}};shell={init:function(b,a){popup.init("Shell:",["textarea",{attributes:{id:"shell-history"},text:""},"form",{attributes:{id:"shell",action:"?do=shell&nonce="+nonce,method:"post"},events:{submit:shell.submit}},["input",{attributes:{type:"text",name:"cmd",id:"cmd","data-bash":"["+b+" "+a+"]"}},"input",{attributes:{title:"Ok",type:"submit",value:"\u2713"}}]])},submit:function(a){a.preventDefault();$("shell-history").innerHTML+=$("cmd").getAttribute("data-bash")+"> "+$("cmd").value;ajax($("shell").getAttribute("action"),"POST","cmd="+encodeURIComponent($("cmd").value),function(b){$("shell-history").innerHTML+="\n"+b;$("shell-history").scrollTop=$("shell-history").scrollHeight});$("cmd").value="";return false}};upload={init:function(b,a){popup.init("Upload:",["form",{attributes:{id:"upload",action:"?do=upload&path="+b,method:"post",enctype:"multipart/form-data",encoding:"multipart/form-data"}},["input",{attributes:{type:"hidden",name:"MAX_FILE_SIZE",value:a}},"input",{attributes:{type:"file",id:"file_input",name:"file"},events:{change:function(c){upload.chk(c.target.files[0].name,b)}}}],"div",{attributes:{id:"upload-drag"},events:{dragover:function(c){this.className="upload-dragover";c.preventDefault()},dragleave:function(){this.className=""},drop:function(c){c.preventDefault();upload.chk(c.dataTransfer.files[0].name,b,c.dataTransfer.files[0])},},text:"drag here"},"div",{attributes:{id:"response"},text:"php.ini upload limit: "+Math.floor(a/1048576)+" MB"}])},chk:function(a,d,b){var c=new FormData();c.append("file",b||$("file_input").files[0]);ajax("?do=fileExists&path="+d+"&subject="+a,"GET",null,function(e){if(e=="1"){json2markup(["input",{insert:"after",attributes:{type:"button",value:"Replace?"},events:{click:function(f){upload.submit(d,c)}}}],$("file_input"))}else{upload.submit(d,c)}})},submit:function(b,a){ajax("?do=upload&path="+b+"&nonce="+nonce,"POST",a,function(c){$("response").innerHTML=c;location.reload(true)},true,function(d){if(d.lengthComputable){var c=Math.round((d.loaded*100)/d.total);$("response").innerHTML="uploaded: "+c+"%"}})}};';
  99. $_R['css'] = 'html,body{height:100%;width:100%}body{margin:0;font-family:Calibri,Consolas,Trebuchet,sans-serif}a{text-decoration:none;color:#b22424}a:visited{color:#ff2f00}a:hover{color:#dd836f}img{border:0}a:hover.b,.b a:hover,#add a img:hover{border:1px dotted #b22424}#header{padding:.2em;background-color:#e8e8e8}#logout{float:right}.pathCrumbs a:hover{background-color:white}#dir-count{color:grey;font-size:small;margin:0 0 3px 10px}#dirList ul{list-style:none;margin:.5em 0 0 1.5em;padding:0}#dirList li{margin:.05em 0;padding:.1em 0 .1em .1em;width:98%}#dirList li:hover{background:#ebebeb;border-radius:5px}#body .pathCrumbs a:hover{background-color:#e8e8e8}#info li:hover{background:0}#file{padding-left:.3em;font-size:.7em;bottom:.10em}#fileop{position:absolute;right:3em;font-size:.7em;margin-top:.30em}.dir,.file{position:relative;bottom:.05em;right:.11em;font:bold 14px verdana,arial;color:black}.dir{background:url(?r=images/dir.png) no-repeat bottom left;padding-left:1.45em;padding-top:2px}.file{padding-left:.30em}.mode,.fs,.extension,.filemtime{position:absolute;right:15em;font-family:Calibri,sans-serif;font-size:.7em;margin-top:.30em}.fs{margin-right:5%}.extension{margin-right:13%}.filemtime{margin-right:20%}.del,.edit,.rename,.move,.copy,.chmod,.extract{position:absolute;margin-top:.11em;min-width:1em;min-height:1em}.del{background:url(?r=images/del.png) no-repeat top right;right:2.22em}.rename{background:url(?r=images/ren.gif) no-repeat top right;right:3.33em}.move{background:url(?r=images/move.gif) no-repeat top right;right:4.44em}.chmod{background:url(?r=images/chmod.gif) no-repeat top right;right:6.55em}.copy{background:url(?r=images/copy.png) no-repeat top right;right:5.56em}.extract{background:url(?r=images/extract.png) no-repeat top right;right:8.92em}.edit{background:url(?r=images/edit.png) no-repeat top right;right:7.65em}.cp{background:url(?r=images/cp.png) no-repeat top right;padding:0 0 1px 1px}#add{float:right;position:relative;right:2em;top:1em}#add a:hover,#add a:focus{border:0}#movelist{text-align:left;margin-left:.5em}#moveListUL{margin-top:.75em;margin-bottom:.5em;list-style:none;overflow:auto}#movelist a img{vertical-align:-15%}#movehere{margin-left:.5em;background:url(?r=images/movehere.gif) no-repeat center left;padding-left:.90em;font-family:Calibri,sans-serif}#ea{position:absolute;top:0;left:0;z-index:125}#editMsg{margin-left:2px}.failed,.succeeded{color:red;font-weight:bold}.succeeded{color:green}.CodeMirror-scroll{width:800px;height:600px!important;border:1px solid black}#footer{position:relative;top:3em;padding-bottom:1em;clear:both;text-align:center;font-size:.85em}#footer a{font-style:italic}#popup{position:fixed;left:50%;top:50%;min-width:15em;min-height:3em;border:2px solid #525252;background:white;z-index:150;padding-bottom:10px}#head{background-color:#e8e8e8;font-family:Calibri,sans-serif}#x{float:right}#body{text-align:center;margin:.5em 0;padding:0 15px 5px;white-space:nowrap}#response{font-weight:bold;font-size:small;margin-top:10px}#shell-history{width:400px;height:300px}#upload-drag{border:2px dashed;color:grey;height:20px;margin-top:7px;padding:7px 0 10px;width:97%}#upload-drag.upload-dragover{border:2px dashed blue}#remote-copy{text-align:left}#remote-copy input[type="text"]{width:300px}#remote-copy input[type="submit"]{float:right;margin-top:8px}#popOverlay,#editOverlay,#ajaxOverlay{width:100%;height:100%;position:fixed;left:0;top:0;z-index:105;background-color:#fff!important}#editOverlay{opacity:1;filter:alpha(opacity = 100);z-index:115}#ajaxOverlay{z-index:150}#ajaxImg{position:fixed;left:50%;top:50%;margin-left:-1.5em;margin-top:-1em;z-index:160}';
  100. $_R['images/copy.png'] = 'iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAAW0lEQVR42mNkgIKGhob/DEQCoFpGGJsR2YD6+nqCmhsbG+lgAEgRsQCnAcS6hvYGYPMOstxIcwG6odR3ATZ/YtOEDBixKcKXrGGugyVpsgyAqmHE6wJ8fkfOTACWlX8HDBsg/gAAAABJRU5ErkJggg==';
  101. $_R['images/cp.png'] = 'iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAABZUlEQVR4nKWTsYoaURhGz+hoJdqmFIvgiGyVZ4i1xbZbJ7W1jxBIlyyCJLAvYLVvYSVYGBCrweY6w8w49473zr/FblgtVk32g6/8DufncuGd8QCCIOgBX4E7oHlho4CfwLflcqkA6Pf797PZTLbbrex2u7MNw1Cm06kEQfADoNrtdj8PBoPvw+EQay1aa4wxb1ZE6HQ6LBaLT9baRx/42Gq1SNP0n26v1WqIyAdfRCp5npNl2dXjPM9JkgQRqfgAWmuSJAFgPp+fHfd6PeI4pigKAHyA/X5PHMcAjEajs4DJZMLhcKAsy1dAFEWEYYjv+xf1/5o6514BxhiUUhfH8Hw/cGrgnENrDcB4PL4KdGJwDLg2xwaltRZjzP8BnHPz42e5JiJClmWUZfmnqpQKG41GR2t943keRVGgtX6zaZqyXq+Jomi6Wq1+eS/QZrvd/lKv1289zzv7G0VEGWN+bzabByB9AqD9D+RrBi73AAAAAElFTkSuQmCC';
  102. $_R['images/del.png'] = 'iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAACXBIWXMAAAsSAAALEgHS3X78AAACYElEQVQ4jW1TTWtTURA9M/c+Hz6pidYKbU0LduWy2K4LXQiCP8Ot/8h/0K0guCiNQkTj3lUFE0lL0xYj9Zm5HzMukpcqOqthuOfMuWdmyMzQhJkREdlgMGgPh8OnRVHsAECM8VOn03m9sbHxvXnTYKghqOu6ZGbq9/sPu93uS2auzOwzABDRI1Wt9/b2nu/u7n5RVauqShYEdV3j8PDw1dbW1hMRSap60zn3HcDlvNHdnHObmX+VZemPj4/f7O/vP6uqCh4ARKQajUaP19fXixCCc85pTrlNRO3510BMGmMszYxHo9FjEamqqqo9AN9ut2sAB71e78XS0lIWkcJ7D1U1g8Gxo5QSl2UZr66u2Ht/MMd4r6rEzNjZ2bnc3NyEasbKyn2cnZ2hdfs2ETMmPyZYubeC8XgMABgOh5dEBFUlbtyMMdLJyQmOjro4Pz9Hr9fD18EAg8EAHz98xMXFBd6+e4fT01PEGKnBLQhU1WIIYGaIBDh2SCkh5zyvCRwzUkpQ1cUYfZOklCBEgBmCCEBATAmqBiKa1WaGI6WE/xJozjADpjKd1WKEsQIApiJQNchUoKbXBM0ipXk3w1wBCCllKCsMQJgKAIPIFMTcbO7fClKcSZMQQABSimB2IADTEObqAorCXytokpyzSRBozhZETKGIIYJdhs19sYXR9K+JIkKFL7C2ukreF7R8ZxneexAIhS/gnMPa+hqNz8YQEfqToHHkff9T/7zzoOMkiBGakzMQCAaz8kZJw2/DvL29/b6Z/uIaY4yYTCa3zMwDuL7xJmjGRUSp1Wr9LIoCAPAbCVuIcRUZG9UAAAAASUVORK5CYII=';
  103. $_R['images/dir.png'] = 'iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAACXBIWXMAAAsSAAALEgHS3X78AAACX0lEQVQ4jZ2Su2tUQRSHf2fuje5uQswa4wNFBTWgJEExKETtUqql6N9gIwqCtWKrVlb2loJYiA9iZdBShKgpsutmN699Ze/ee3dmzjkWm8SYpHJgijkw3/l+Mwf4j0UEY4gMANB60RgyIirnxo6NPXt08/l8YaU8v1AvlBZXC8VyvVCqNErlxWalWo+qSZLa9XvhXyoRoBja1zd05drohCQdMVHHQD0gClhGO7LJcq29FMWudffxmzvvPn37YLbqsfOK1RY4ansr7BeKdR8vN9jGiWZCyR7Znz08MnF05PzZ4xcBYBuAAIIqDEu4K0BYLDfCn3PVQBXEArWWBa0OXGJlR4AqAM8AC+AEpIpaI4Z3DCIQGTIwBKLu+4VbAVAFnO/uUKGqMERQVQgLoJsa7QRQ1a6B542zqEIVYBawKOAFqrqzga4ZsGfQWlcVhYgARHBeAM9wnmVngCjYeTjroT0hnHPoWIeOtQiMgReFtxb5Pdn8v4C1TCKKNPUQBUqVGhaWGhgcyMFaD6iCjAmrKxFu3xq/P/X51/tNv9AlsIik1kFE0GjG2k6sDg5k4ZmRWg/rGGkSS+/BceT68v3bIgSGDHuGtSwiGvYEBGbWTscxiyIQNQF5JKmH8yIbBqpdhdli/UexEpV6M2FYbSbtQqVVDYKQBvozYV+uJwwMGe8cftcNLJMJNgVQQ2RWo7T5cbrwavLSyeuVpVbw4On0jamvc0++z9ZmWjHHQRjk9vZn8jOFRu312y8vts2RMRQAwJlTh4Yf3rv6cncmlwWwMXm5XDZz+cLw5OkTB0YB4A+kvH5q0102OwAAAABJRU5ErkJggg==';
  104. $_R['images/edit.png'] = 'iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAACXBIWXMAAAsSAAALEgHS3X78AAAC7klEQVQ4jVWTTWicVRSGn/sz08mYmWQymWmaiTajkoUtKDVCoQguSkVF+qdUwZULwSpUNy7cuBGVioIIQVAUhKpIFVHBhYt2YTu2toJuVITGQKckXxPzM990vpnv3nNdTCc2d3O53Pe85z3vOUc1m82Ho2jpEWsz7RCC5pajAIfS0bZad9/0yNu3ZXUrBLRSyABjoyh6aPv2iROlUsl57+3gIwAZrfj3Rio//uW1ynbu2zeZO5zPGh9CUOomzBprZHh4mFwu57z3/byqz2AUFFSGJGm7f1qZx5Nm79v9t+cODpngURpAWfGinXMsLCzYXq9n1YBbKYJ3FErjRGtrXPrzSjeTU4/G9+545ek95TeWV9ZGR4uFdSviCSFQrVbx3hFQEPoiUAGtDS/NJqxvOJN0Uzo3rvjv3vvsaHFl9XS3Pv2s9V5I05Try8u4tHfTuv8vAlitKOWzZuquGu+efOuZPbv21jYuniKtVJT13hMkUCmP470DBSEMqlCEENBaYbYVVfPsh7x86PfdJz+/RLu86/k3Xzz+sRURUpeyuLRImqZsegCEEFAKqpM7cRc+YmriC879cI4HMvtfOPD+Ox8AxnrvERHGymOIly3BxhhsrkDc+JTpyS/dmTPn7Wp8bO6p10/NiYQMKqR9BWnK0lKEdymofg9FApWJKczlT6jXTvNz40Jo21e589AT18EQgkdrw6aCcnkMEelPkIJsboj2r19z9x3f0zjfoJV5jfuPPMf8339s+gNgRQTnHNeuNfFeEO8pjJbxUYPdtSq/XNSscILZg8eJ1yOUNuHWcbcShCCB8fEKIoJ3jkq1ytw3X3E5/o29Dz7GPbOH2VhdRCmFyJZ4rFZavHiaV686L/1ykm7CkaNP0modYGTHJEm8hlbaaaMzSinZQtDpdHSSJEzX63awTAGwRjNSLNDrdTHGYIwJcRyTJIkedAnA1uv1s/Pz80P5fL4tIpvrPAAMzNJa+ziOizMzMz8N3gD/AUYHd3EVVX6oAAAAAElFTkSuQmCC';
  105. $_R['images/extract.png'] = 'iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAAGXRFWHRTb2Z0d2FyZQBBZG9iZSBJbWFnZVJlYWR5ccllPAAAAi1JREFUeNp0Uz1oFEEUfjO7KxIl8dQLIqhwHDZCkIARwfIqK20ESbQSCwvlQPxBbASxEUIsrKzUYPAgWogIOaxEUBRDwCbE9aIgYozg5e683M5P3nuzf/Fn4GP2ffO9b7/ZmRXzExJoCAGjOO2GeLxZgGj0tmlOnpP9I2UIYP34bC1M0oNvYwaJPXtPP74BWnP94uESzMyUIAxDKJ8oZq2eB/N3j11NSt/YdEmCisBGERelUgkKhQIb2F5/KhJBANgjMwOTGRh8u40T0CADGibHCSkBezIDnRl49j8GeQ7QAHu8fxlIEhqtUqJWq8UJVK6fDdIEkgxieEZHoJUD7X1s5COLEo5gwbBWYagIIRU2x/AMskYpBn3E61OC54Tzgg2w9GmRtdrCfnrxugQWo5oYB3d9gEqlwkmolnh83xuL/EEPXFYXUT9GJygpSgxMEEGC11/2Qb1ehysnt6dcu7kChcFt0On1WK/+3oLCfToMF99ygpv3f3DNa9ptcaXbZT31+bkT8lx8d5Fmfx7iBBeOb2LOaA+Ucttrr67SheWjlO8baQLfHaPD0MBLTnDrURuSC6bj+UyjyHrqk5ceGHgXCvjdExutcQLC3K/DnKB6NHAcrnUxOs3Lyx3WUx9diL5rU3qw2YHNUkgI/IAxvOUVJxh/EnFNa61Wi+fq04Hp57MwjX19Ag22InaeP+KdLe+AUv6frd4Tc+On7NAfvzIsfINw4pm+g49f1wQYAJEphvxkrDHTAAAAAElFTkSuQmCC';
  106. $_R['images/file.png'] = 'iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAACXBIWXMAAAsSAAALEgHS3X78AAACJ0lEQVQ4jW2TvW4TQRRGz53dGe/aGwwhsUOQ8icakEJPxxsAj0FLx0sg8Qa8AwhEQUNHSZOAhCI52BGShdaxESazs3MpIjuOk68czf107pGuqCp1XTcODw9eqpIDkYUogqWOv7hZrHU3Pu53Gu+jqjUiFUAKMJ1O3dnZ2Yv9/Ycr3nsVEZkVRIUVJ/rt21/5fuKf52l8cm81/6BgBGIKoKrkeR6cc4iYkBgjKoBCHRVsQsMF/T1M0y9D3nqtnj64bd+pYuYFqqSTyYTBYJBaa0VVgfOCW02Lxht8/vojHrSS5FOWvHn97P7OSpb8SWeoVahotlpsbm5ijEHPBSAoYoRHRc3G46ZY1+Bnr5dKmBoouCCIyqgs6Q/62NSiqjAzoWCMUCRw984qTE9NXdc6l6iqVFVFnuV0O12S5IIAAVRAlDrUICnTf57ZigsOlHJUcnx8jHNu/mEWEcF7z9bWFqCXCwB85cmyjE6nQ5IkXJe6rsmyDO+r+VsKEGNEo1KWJb1eD+csSwCIgPcV29vbqEZijJcJQghkWcZ6Z53UJMzn5cJFDOcEVVgimDkYn54y6PdxrnHFASjee0ySgHLVQQiBRpaxtrZ+rQNrLTFGms0WVbVEAGBMEibjMScng+Cck0UCEUN3o4tG1VjXVkTClYLRqEz39nbZ2dlNjTHzY5ovoEqUqAiMx+P0UkG73fZFUbw6OjrKRSQuDy9mOByaoiim7XbbA/wHxj0gO9NbVa4AAAAASUVORK5CYII=';
  107. $_R['images/odir.png'] = 'iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAACXBIWXMAAAsSAAALEgHS3X78AAADBElEQVQ4jW2TS29bVRSFv33O9SNuYtLEKUmaRyUQjeQOECoVaiWU3wASjBigDpjBL+iIX4DoH0GCEQipEi/RolRJaNqkedwkrRPbsR2/rq/vPWczcAIT1mjvrbW119rSElXlAqKqVkQU8KoIoCIowKgfcS84AJjLQhVEJAVcmjr16j2CeK92tIOKiIoIFzMAAhhdigZxfuN5+CBJXHkQJwugW3dvr9wvjOVigCRN7Xm7fzUIbDJZvHKuIAIq3vtARNK1jd0vq43eN7lc1qn3JkmdVOutR0evz05Pas2lOE6moziZm54sVD//ZPWL8s0bPxkjiKqaNHX+5982f8lms/e80+EgHtpfn+wQHtfse7eWWJ6/hgSCihLHTtc39+Wzj+7dLa8s/x5waVDVd3sDchljsxlj568V+fDOO27l7QU9aFRFmyKd81hq9XNvJGONFf/vD6w1oDSjKGb5+jy5XI4bi7P046F9ddTix8ZTHukWc50pveKztpDJ9GYm3wgBjKoKKF59U1VRFT1v96k12oTHdbaPKpQqU2Qms3x/c13DUo0ZLVYK47napQJAsMY22t2IKB4SRQkv9irsHlZJncPH8O7MAtXphrYmY6K5aLcwlncetcEgjln76zE7L6tNgiKd7oCnzw7Z2T8hkwkQAyi09rq8tT0jPyw+oZ+pL3z8uGzv3H7fmbP6Gaurqzx8+G1jfGKCTt/x8qCK955kmJBGTp33vlif0qX+ItODvHvR2C/ff/DVLR2mIwvWWoaDXrNeb7GxFWrqUm+M0SCflXjMmXwuLy6bsH11l27WGcK4ZttJFWsIQNWrkiZx67japj9UMzE1Y1SVuN9j/fCP9p55XnOloNh91VcNO7t8t/l1en2lQmAkUNDAWrqddv7k9JR40OnWX+8fnB7vrNcre3/2GrW12A0qQCAQGWNO8D6RwAiqShiGjI+PC1AOsoVPgQ+AeSDH/8AYI4CUy2W89wTWWt6cndV8q/XMGPlbZAJj7CjeqPBf3AHEGKO9Xk9LpRIA/wDzoLSoJdzQlgAAAABJRU5ErkJggg==';
  108. $_R['images/remotecopy.png'] = 'iVBORw0KGgoAAAANSUhEUgAAABgAAAAYCAYAAADgdz34AAAE1GlDQ1BJQ0MgUHJvZmlsZQAAeNrllWtMU2ccxp9zegcqLdQiU/TIGCIrrAOUVQgBOmQgApYKlJHO3oRqCyeHiiCbyjCCN7zAVBY2lKCoZHNBcchw3pgQTRxihgznBavxhngbJCDafegiH8xM9tnn05Mned+8/3/yex+Af1RH0xYSgDXPxqjiY6lMTRbF6wUXfEjgCU+doYCOSU1Nwn9qpBcEAFwO0tG0pSlpvulm6/X5vgP6DY+OBxnxdgmZTE0WQFAAJDlOHwZAonf6zwBIVtpoG0BkA5AYcnVGgKAByBi1SgkQtQDGc9QqJUDuBjCuV6uUAKsawHihIccGsLcBkOcZzXkA+xTAmmQ0FRgAXjeAjQaasQH8bABBVmu+EeBvBhCQqcminM/MXwcoDgKkz0S2BMBPOYD08UQ2SwVIvYA26UT2fAYIAMQnPxcsDQ0BABDiNoDv53AM1QAulcDLeQ7HmNjhGO8BODKgabphBVP4746KALDgAi/MRgy0KMUh9BNiIoWoJgbIcHIn+YpFswbZDIfN2ctN4L7ineRvFphcEl0j3eYJlZMy3AtF9eJHnpmSm9LSKXO9R6d2+GydkTqT7dvuV+IfG+A++/aHp4P2f1T1cUVo+ZzK8D2K9gh7lDQ6Pbb+0xfxSxJ6klKS+xZZ1W7pLRpztr92UNdm3JZjWZZiDaf9CiSFvKLxkqer75ReWddV3rrxwJbd2yqqSnbSNebapXXmemZf2YHvmzp+HG4OaylrtbcvPnnt7IpO6fkzF4t7InuFfw5e6x/ou3PvgetQzLMtI09eLHc43pjdDVMhxwJY8Q06MErMJVYR50hv0kb2seJYbWwF+zQnjfOYu5M3n0/wOwW7XBjXDLd4YcykOHeVyCyu9OiQuE7WS89PifHumqr1IaYfoWjfSD8vf2LWWCBkkuBQuTakKuxSuFShj2iOYkdnxh6N84mvSpycVJ8SseiGektGXBYn++IX3+kLTMm5wctF1mG6v+DXwr3Fa7/UrJGVjqw7Vm7dOG3zb1tzd/CqG3ZF11yvXV3nt/dSQ3lj4qFpP+Dw6BHBsTnH17QPnlrTEdB540Lj7+WXy67UXbXfTLs9fL976OHfSaMv3pidhAASvI9wpCIPO/ALHhAUkU3sIR6SUWQN+ZK1nGVnG9lPORXcQG4fbzs/QxDgwnEZcr3lNiAcdIfIR6zyaJR4T270WujNe697WsP0EirFN9DPw58XIAj0ksmD0+RrQ1rCnoaHKoojzkQJo9Nj98ch3pjQk5SYfH6ROu1u+teaDz7v1pbpIg3jS8+YKy3a/FBGaLu/smvVwa82rc0rS14fuIG96Wpl8/aK6iW7FN961Y7V2ev/2Nd9oK/p0WGP5oSW6taRduaU4OzRzmUXgi46euy9f/U/vCGxa+6eGIx78my4a+yCw+Fk1UmI808BgHulE/557mtPAE6eAYDFBRrKgcV2YME5oCYR8I8EPI1AqhBQK0DcMoAYmAnigRgsFIF816h610h61+gBnJ0GABCZF+oMlFJnMesZnc30uoZFMGMhdDCAghI6WGCGHgx0sMEE49uO/j/ZTEU2AFDm08WMOSfXRsXQtMVEKfOt9AqbiZFRCXmGYBkVIpeHAoCzdwGAKwJqswDgxDPtG/f+A25321BF3tPDAAAABmJLR0QA/wD/AP+gvaeTAAAACXBIWXMAAAsTAAALEwEAmpwYAAAAB3RJTUUH3AMbAjYlqAxN5gAABUpJREFUSMeVlVtsVNcVhr99zp5zZjyeYTw2zgzGY2xjaIGkQlXs2KQRdVGVAI2EwltQE4mmllqpfUGqSFpXqiJZJFL6WqRKkUhbHnhAohWhqpuEEkTiuqJBcqJgE7se2xSDJ57xmLmcfc7KA2YwlyCypP2yL+vf6/L/S504caKjo6PjSiQS4etMRDDG4LouBw8e7Dl//vwIj2pvHDmyZXp6WgLfF2OMGGNERESCQCQIJAgCMcZIoVCQT8fGglwuJ2+8+ebzj+pfe8YoEaFULiNBAMDl8XFCWiOrIgiCAM/z1OzsLD/o7//L2bNnb8TjcevTsbG3Xzxw4LdfC3DvhjGGUqnE9r6+h30sCkQ9z5NMJjM4NDQ0d/jw4aMPBRARbNvG9/3aYXFp6YHeAxEq5TLT2ayqlMsyMDDwh66urvX79+//zb13LV8ZhQjatjlz5gznzp3Dq1ZrF5RS9y1LKWzbJlpXR75QUOFwWPr7+3996tSp1+8DsAJbBPCM4XvPPEN3Tw9arwQm4Ac+yK0Ib687jy0sy8L3fRWLxejt7X3t0KFDLz8wRUopstkskXC4lqaZ+Sneu3ycbc3fp0GnEeUTq68HpUgkEti2jQQBp0+fplqtiuu66rlnn307Ho8nBwcH3wKwVgNMTk4yMztLsPLLDydOs72rmXc+epU812htzZBsaiLR0IAAWmsSiQSRSATXdVWlUpGZmRl6urt/NzAw8FPA1oHlKwDP8+jr68MYn8nJSQCWlvNAjF/se4E//m2Qz8cO0FSfpn1DO62trYQch3Q6TTqdvtWBvq8q5TLFYjHa29v7/PHjx/+ktSgEoWpKXLj4AdkbE+TLNxi/+SH/vvw+WzbuQGlh384nGRn7B7HoXtY293DlyhU8z8NxHJRSGN8nHotRyOfp6OxkYmIi5jiOq/1ACYCtFSJF2jNh3FgS213ix+mncJwq+dISltJ0b23h/MV3uPTuv/j57iEsZdWKfbvNk42NRCIRHkullOd5ShMSSyEYr8Kmb2W4Xspxo/gFSkpUTAFVtgBVq9MTW1OcGx3h938+xM7NL7KhYwPZ6WnK5XKNqHv27EFrrUKhEBpPBQJ4QZmJ6TEW/P8yV/yYqrrGzeoylgKlbpMR1kQStDy2melCkad6d3B5/DMaGhtpamzEtm0WFxfxVyRHRNCsdIy2XYqLVeoSa1mf3IroNparOeZy/6NYyQOwpi5JfbCFj0fy/Gzvr/D8Cm2ZDCKC4zigFGHXJVilBhoUIlAoLNPU1MnI2BSfjGcpmTzXF+bYs28j85VFmmIp6qtd/HV4gp72X1L4ssR4dZyby8u4rsvCwsKtYhvD7t277wAIgkIRcRpojj/O9s51OKaPrs1bOPXeEbT1BYloC+ZaiuHR6+x84lWe/m43VlDFdV1a1q1jfn6elpYWHMchGo1ijLmfySFtkVwTIaST+KU8Pd/p5MLFCO3Nm5m7cJNq/nFe2rufTW0Z1ibjWCtF11qTSqVqTWDb9l1yom8LmG3bhF0XSykSsTpSTQl6tv6Qv//zCI708aOnf0L7+gaS8Rjatu4SNNt17x2BdwCy2axfLBZpa2tDRPA8j6mpKUSEbRt3oHidtckNJNe4NMTuOJeHDIvVZ1opZY4dO/bu6OjouFKKhYUFf2ho6BWUirohpbZt2oZtWYRDGstSNZ16mN2VoqNHj84CrwCRFXDv6tWrexV0JRsSgKrx4FHNdV2UUpZt22igDFxdPbAKhcLMyZMn/y8i38S1rFBeLMtSly5d+k8ulzMPcmDt2rXr28PDw5GaRnxzC4AvgexXSxxWTKzqLIMAAAAASUVORK5CYII=';
  109. $_R['images/terminal.png'] = 'iVBORw0KGgoAAAANSUhEUgAAABgAAAAYCAYAAADgdz34AAAC7klEQVRIx+2VPYudVRSFn33e917RFANBIT/BykIEnUIhWjiM06gohFsEtLQZGAUHTGHnT1AJWIjBYFplEknAwgS1EBJ/gcFiTKJBZyYz7zl7L4tzPzP3JlNo52neD/Zee+21Pw78x8cA1tbWPmxSOmGWLCUr9xtJANEkS01IQrLqqgmM0Uz77O7eu33p24vvtU8/9eTx5WefOTMYvGlmBkCTGjAbxq9AhqHxlzCDCIGCUBDuFC9E1PcbN37xO7/f/KgtEU1EWO4O+PjTzzl27LHKydKQPrNkmfo2URMSiqjgCt54bZXu4F5z96+dR9uuy0lUg19v/sbtO3c5LJGOJrjgoNvn9VdXiRC5lCY1TcLMxgSvXN7i3Y31o4GLSQYSGqIoAncn59KmnN0kgcHO7h6bm2dYXV3hyuUtNjbWWVpaWgyMFmQrcs50XRepeGmNicY//PgTL760wvubH/DK6goXvjp3CEBUxhFBhBPh+OjpTozqBtaW4kkCKQB4+63TDAanAPj6my3On78wAXMnFFRTjdOZziN3XbX3QKAWkRhquLuzx2BwirNnP+OLc19WHbtuYQEWVkeBmWFgbUSYqqgIOHnyZUoUvHjV04xrV7+b8X9u+fl5ZQEgEBHCwwHU2rinDXenlDLbORLLyy8s5H2oy4bg4YEkS2AhwIuTc/fAtnwo+Ph/jIha27TJI+qYL8x7Lsj8YCOJJBBqWlR3is8LMBVhmv00+DyJFDH2TbUFHS/lyOzvW7MzLhFR27TOG60kiwhyKTxI/XlxtUCyCAEBBq2ZhXut+vo7pxGQUiKZAQlLRpMaupwnk6wgvGYeGjJ2R4hkCUO4BwqlttdrS85Ze3t79sTjxxm1bWoSWMIMjERKdSmO7oERcL0PhBcfzphzkDsO9vfrHGzf+uPPq9e+/+T69Z9PKALDCETCRvukbluJ/iN9er2W4W4kIuj3ezPliAiaptH29q2/cynboyurP15P/94R0PH/edj5B6OaN3c/ZGf5AAAAAElFTkSuQmCC';
  110. $_R['images/addfile.gif'] = 'R0lGODlhGAAYAOZkAPPz8+Hh4fz8/Ozs7Orq6u3t7ebl5v7+/u7u7vLy8vDw8Pj4+IXDLfb29qLYNInVD+Tk5NbW1pnbIPv7+7jpOdLS0m2yJqfgN5rcINzc3HzPANLR0uDg4JzDd+Pj5KXMeLjfe93d3ZTXKrjgf7Paetra2tbV137QAtXU1efn5+Li4qjQf7TmQ6zUf5vbLonVEKDHd6TMf4/VJ7TmQsLtTpnbIcvLy5e+ds3NzdfX19DyWeXk5OXk5dzb3KrjNOPj47zkf7Tcf4/VKJTYKtva29nY2dfW16rReaDHf73kfNPT07vqRsjwVpvaLc/zWsLtT+Hg4Z7Ff9XT1bDYf97e39jY2NnZ2ZO6ddn3Y6/Wetr3Y4rVD97d3sDof9vb2+np6fr6+tXV1fT09P///////wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACH5BAEAAGQALAAAAAAYABgAAAf/gGSCg4SFhoeIiYc8Bo2OjlICioI7Y5aXlxkRkooemJ89AUoTij9jB6ipqEQBARWkiCpjArS1tEWtATiwhgFjYMDBwCYQxRA2vIQcv8LBXBUVGxsoUIddFNhJC9vcuQEpHIdAWExaIA3o6QDrAGNUhyM6S04kYvb3+GMhhEEO/jQ+nvhzkIWdwTEZCE1hIQFDwxoSJMw4kqCixQRjvBBqceGBR48vtlz4oKCkSQVjShBawaBlkxMuWjKAgaCmTQRjrByKMUSDiA4FggodOqbKISQyNAi5MaCp06djchyKYqHqFQJYs2odY+RQmDFfwoodK3ZMBK9j8KnNd9ZQmLdwC+PKDdN2kt27dwMBADs=';
  111. $_R['images/addfolder.gif'] = 'R0lGODlhGAAYAOZ/APr6+vj4+P/1xfPZqe3Rn+rOma/hN57VM//rjP/khfTbq+/TobXmOafbNuS2TozTJ5TOMYPTCYDALP/daf/+9v/tnPLy8vHdt//icPf39+3t7//pkqjOe7Xdf//kiJ69UZHYGHzPAMHpf7vpR//ffZHXGKHeMv/olP/pheLi4v/Zcvber4rHLm+zJ+/v7//qiv38/dz4ZcPtT6LfKne5Kf/52+aoMvz8/aHdM+jLl/7gff7+/uvr7OnMl7TmPv39/f/VZvb29u/Vo5HYF/7eev/ZaujKlf/88P/qmv/rn//smfXhu6HdNPfesP/30//41OXl5v/yu7vpRv/kdf/igP/mgP/tov/skf39/v/ecf/wsrPmPv/77f/ljPz8+//UXOvPnOzPnPPkyfXcrfXdrv/BQPbcrf/MU//2xOjo6ezs7v38/P/uqfDVpP/2zPLXpv/ojP/1x9zc3Nra3P/0vf/ZYv/vo//TW//wp+anMf/PVP/BP//KTf/FR////////yH5BAEAAH8ALAAAAAAYABgAAAf/gH+Cg4SFhoeIgyKLIoYuPBqRkho8LoMMMTEMhmp+np+fPIMGMjIGhjxYN14/N2swMDtzHbQNPlsNtB0AgmleGcDBGUEAByNSIzMzxyMHKYJQARbT1NQQJSDY2SBDEHKCKUsX4+TkLCZMOBERJiY4LN9/KxT09fYc+BIhIRL4HE2CyHARQKegwYN0aOyjQQfNkRWCxtTAQ7GiRYotHjxoQbGGGUEKntgZSbLkyA8oP4x0okDQADcVYsqcqeQKghcoULxAEGeAoDcCNggdugFOlSkYkipNquWNICFRPEiVSiXLhKtYs05g00bQAi0kwhIpUqes2bNmrSwQRICNChVFVb7cmUu3bl0kBASBSQLkjp6/gAML1nMijKACJ87wWcy4sePFXQoIypGgj+XLmDNfTtBDkBEie0KLHk06dBkdRgSJcWAjj+vXsGPnseFATKLbuHMfCgQAOw==';
  112. $_R['images/ajax.gif'] = 'R0lGODlhJAAkAMQaAGNjY7GxsX19fYWFhe/v7/Pz82lpaXR0dMLCwpmZmaOjo6urq3Jycry8vGpqapKSko6OjoGBgXV1dYiIiIqKioODg+jo6IKCgpSUlIaGhv///wAAAAAAAAAAAAAAAAAAACH/C05FVFNDQVBFMi4wAwEAAAAh+QQJAAAaACwAAAAAJAAkAAAF/6AmjmRpnmiqrmzrvnAszyURCEJA0GoA/IAALyUAAgRDjQ2n0xSByGVu9/IBhdYf1ih8PX/R29RpRHrLqO8Rlg2i2l2XtHmaU5NDwoLhkFAaBS4FDRQSDgwLdyNtBwMILggDB1wmagYDCS4JAwZoJZaYmpyeJIyOkJKUNXt9f4Etg4WHiXhJBQgJCQivJhYKExMKFi8FCgPHpyfGyBi8KgQPBgYHEaEnEwMRB9IPim9GjZm3ubsa2JNXLKCPDcgDDRrGnVDqRgYKgRDuEBoWGPNgWLR58CqDuwwiCjxQ9UwMHQ3ujo2ww+PCtmkXapVA9+OARhIOjDj4OIKBEQYkRQssMLIgpRKH3lSEAAAh+QQJAAAaACwAAAAAJAAkAAAF+qAmjmRpnmiqrmzrvnAszyURCEJA0GoA/IAAT2PD6UQCIEAw9AEfBU0SyCzmdq7pz4DQOH/Cb/ClBRgSxNtVqmS6xAf0qexuER4GwyHSPYmFLwUICQkIUSdWR0OLBAsMDgcVEA2HLIlYJXADA30sf3NKBptyLHSgQKIDpCumJpqcb0qANY6QkpQul4u7IoKEhii+hZUsBQqbm50lCBEHeQ+YKsbIoygJB7LFx9SqGsLACQZtK3d5e8hdDdQNGgjiVCuvClEQ1BDeD9kqZaLzIhXO9FQQoWtfKH8isAE5MEMMFBIOlDiYUXAEAyUMeJVYoGSBRhIVP4ocGQIAIfkECQAAGgAsAAAAACQAJAAABf+gJo5kaZ5oqq5s674jEQhCQMDuAuzAgrcMHoDxi81qN5FD6CiKAsJHQSQRSpwagdCgmFIOBsOBopHRbC4tzzBAaBqD+KChgfICLvvuMEhoCggJCQhTajsCLgQPYQcRfSiGAIguBQpybSh6AHgvgIKEKGZIWKRlCwwOBxcDGRANUy2iaCSafHJuLZqcI5Fscn4tkZO8W5fALMIltZe4LLolBKepq62viUezpdoWChMTChah2EktBRiXCplCuyuKjI4TkELDK8vxnoOF82nF6XBydJ4F24Ih3BdGZGSRqxcFVhUeV5woHLGERxNtJYLwIIKRhA4ePjoaObNQpMmTKEsChAAAIfkECQAAGgAsAAAAACQAJAAABf+gJo5kaZ5oqq5sSgSCEBBtPS5ADiw2+cazEkMHYPRGAeKjQHIQHUeRgGhQMEUH4iGqmeoMA6uocjAYDhXRT0ZTJXWHQZgJkcshmsKDGFgRHmYHEXYIGg12Aw0aCAZEAiwFCohyCXkICQkITAmNOo+QkoiVJwlZOn0tkYiFJwgRZQYPbamXmVcmBbWaXLwnBAsMDmgQDbd+MGwnbzlxA6wsywCoJV45YAOjLNUAn9RUlDXb3STRzc8r0dM+wMIVxMYqa0G99CW5mLu+yPMtf4ER58jxsVEumzdPNrYZqCSPhriEVAql0zCxRrQlXRxpaGiDY0aE9UxUDOlj3yySKFMGqlzJMmUIACH5BAkAABoALAAAAAAkACQAAAX/oCaOZEkEghAQZeu+5ALMwALfOEMDDO67jp3jRxwddodi8XIwGA4XpQmlYokG2OzolFr5ArtHQZTJDjKiwmMX8Al2BoxFAzFDNAWFYSdwwwcKGg1mDRoIA3s0fThgNAcDE3gICQkIYwkDRzRtOAQPTgcRkC+YEU0GD1Y4BRhmgS6HWQpjRBYKExMKcy4Fk5W0UsE3BAsMDhIUDcCrDRQSDgwLqiONM48IRIeaM5wkbzQGAwlEmIkzi95/4z/lfC3VANfZmWwtxMbIykQFzc/R08ICkuBS5QVBL0XgdSuhUMm3cy8eAkD3Q2KfgywsKmnIsV4RjBo0ghQY0h1JFw1PDtqjglCly5cwY8qcSSIEACH5BAkAABoALAAAAAAkACQAAAX/oCaOZGmeaKqubEoEghAQbT0uQA4sts3oAEbpFZv1Rg6gg1R4AANH0QF4GBUUBqBgRZTRNJWDwXCoiK6DrG6rCgAfBQ1kQB9ANOjBVAdVCYAGCBoNdQMNGgh1EWIGD18pfzoGCXgICQkIcQmFdApxK246B5Qnm4WeLQQPYwcRgieJdag1BZaYnya1l5lRvSxdRi0FDRBhDgwLjyShOX0ssXvNJ5E5bCymatXTWjXY3CbMAM4r0E8nwMoqw8UHx8m+8EMwXii6tz3h4yQIi2OONtQAWCuRIJo4gNzQaUiQTaCNfBogImg4kMs8IwG3NDEHL6MIhfAgxjt3Md3IkyhTBqpcyRJFCAAh+QQJAAAaACwAAAAAJAAkAAAF/6AmjmRpnmiqrmzrviMRCEJAwO4C7MCCtwwegPFjOYSO2Kx2K2okQomo8BAGXDKaTUM5GAwHisaCMQgFroBV0xi4Bw2NYmDmoVuCs6aASCQQBRoTAwdreHongxFeBg9NLGo8VydzbxiBWEtbJxYKExMKFk6jKFlMLgUNEBkDFwcODAuPIpE7kywIb4SGI3l2Lgm6dTt3vYgswW/DAMW0vCu5b4WSJaabLKmrra+xs6Q/1t4jfH6AMLUAtyXRbgqYh78nwYtfji6+xHt9f4HB07Zp1rR5EyfXsmYqwnFhFGaPgoOjoPCQsqcKNSdHeCQRodBJEB5EvpnQwcOHyGqaxAedXMmy5YoQACH5BAUAABoALAAAAAAkACQAAAX6oCaOZGmeaKqubOu+cCzPJREIQkDQagD8gAAvJQACBCIbTvdS5nZFILLwMApdPqAw+xMiDEakK/pDOpkJsPRFPqISB+uLG0QhIgeD4bFznfsmBQgJCQgFQ4gkfy4FDRAVBw4MC4AkdFcsCAMDcVonbWIsCZtqZZ9hLqMDpW4mly6anHImiy2Nj5GTlYkygoSGKL6Fh34PegcRCHabmwrELHQHCW/Mzc8qbQbTwsCq1c4s2coN1Q0asQN4enwrdA+HENUQGgUKm51dK7WQxxUi9atQycAH4MCIeqxCwXBgxAEJKrNiMDDCoMaNJzMWGFnAy+KSXR1DitQQAgA7';
  113. $_R['images/chmod.gif'] = 'R0lGODlhEAAQAOYAAP+7POLi4v3KYv/GSv/KS//Tjc3Nzf/YeNLS0v/dqf/Ni9ra2sjIyebm5uKxS9a3hMHBwfbVlf/Xd//bqP/Zp//fffbXl//XhP/TgvPz8+Hh4ebl5uvq6P7+/vr6+u7u7vDw8O3t7ezs7PLy8unp6fb29susefj4+Pn5+eTk5NnZ2dbW1uDg4OvVrNjY2Pz8/Ojo6OXl5eTj5PX19ff3976+vtfX1+Tk5fv7+/nPdMexi/3jje/Zr9vb3uvr7cSth+DCjdCjTty+iuvOmsPDw/bWlN7d3ry8vevr6/+0LP/GasXFxf779v/NSMXFyr+/w9mtVbS0tPPz9f+/Pf/Zk/+6Mf+wNbmje/jUgtnMtPrUhKenqdSlQ96tRMaYQdm6hvbWjuTGke7QgefKlPfJW9TU1P/UV9TU1sGib+/v8dGxf9bX1s+5kP/cevbVlru7u9nX2fHMddS+mNG6kf+8VP+vLNnY2f/DQf/FQP/HRN3c3N/f39XV1fT09P///////yH5BAEAAH8ALAAAAAAQABAAAAeogH+Cg4SFhHYbiYlwSIaCMX6RkSksjn8yHZmZATA2DYYuASwNLy8aDRorhQFSDEdnSyciLggIBoREUTEzRwwxJyEaGmWDTD9sPC0tOll9zn16g0NxERFuFmAOGdsZC4NhOQUKCkoAXSDoICqDQFgXGOUDUB/0Hy6DXwIEA3d5ZkEiAopYM+iBmDYHJLTZ4YWDQw6qCK1A8axiHz6FIPDZyJEjBEsg/wQCADs=';
  114. $_R['images/move.gif'] = 'R0lGODlhEAAQANU/AD+0OnvbSEG2OrW2tk7BO0y/O0S5O+7u8rGxsVHDPPr7+/z8/Pb2+Pj4+vX197GysbKxsj6yOvP687Kysr29vfn5+b72du3t8MbFxZriZonbbJTmW0/BPFvPMVDCPEfFJ4vgULj7Zfz/k4jcXMnJyZrrh0i8O+jo7Ui8PE2/PJvqfcr6hLGxsqPmgrGysnbhOrKxsbm5ucLBwpjjeJnpWszNzc/Pz4bcbWLQS/Dw8/Ly9fT09v39/dHR0f///////yH5BAEAAD8ALAAAAAAQABAAAAaLwJ9wSCwOe8hksmLs+Z5QH7JRdB6uh9wpWfXlvuCLtKsrm3WJXtHm27nfu0SiWPM57oUUgcApeRRDJD4MhCY4NxozLSocEkIYPg2SBh8BGzQgAS8pQjI+CqACHSMZKxYhKI4/FD4LrgCwAgIiBoBCMT48urs8sEUDUVERA0UsDzATLhAICMsPRtBGQQA7';
  115. $_R['images/movehere.gif'] = 'R0lGODlhEAAQANU/APn5+VHDPE7BOz+0OnvbSLm6uUK3O7W2tky/O0S5O/39/fT09u7u8vz8/PX197Gxsc/Pz/b2+Pr6+7GysbKxsvj4+kC2Ovz/k+ry60i8O0i8PO3t8LGyspTmW+/v83bhOpriZojcZ4vgUPDz8rj7ZcnJybKxsejo7Zrrh6Pmgr6+vc/P0F/QPk2/PJvqffb595jjeO718LGxssr6hEHIE772drKysszNzMHCwsbFxZnpWvLy9fDw89HR0f///////yH5BAEAAD8ALAAAAAAQABAAAAaMwJ9wSCwOe70VctkDGHu+qNSHrBShjCzDc1pefbyweEP9BnbodJkI8QUCi3jcBxkiWoI8KjBy+H03QxosISEwKS4CGBERPiVDCTQEHToiBB8tFRU+OUMWhCAzNSQaMRISPjhDA6wWBhcJLw2zPipFBT6sCru7PgVFB7lTUgdFMhMmNhwUDw/ME0bRRkEAOw==';
  116. $_R['images/ren.gif'] = 'R0lGODlhEAAQANU/APHy8/zbmqyVYyEhIV5eXsPDw5ucnKqrq/7BZ7Kysuu1SoKCgnx8fPzShS8wMejo6NfX2fz67vj4+ERERL29ve7v7//Zc4uLi+Xl5f79+lRUU2BPL7mtlfT19//IWd7h5ZKSknR0dP3+/vf4+9avtf7rx1lZWXpnQ/rcqElNVGhbQMOvhP+gtu/Mdv/PYZKUmZ6fora3uNvTwtelRNrCjeS9YPXO3VJVXOzs6//kkVBQUPn5+ff392ZmZv///////yH5BAEAAD8ALAAAAAAQABAAAAbAwN9OwuPtjkeJZNexsX4GBoFwKFASh4MhxIGQfqCew1Hw4SCLQ0LQ4FR+F8KYsntATC+aZXYa/RZyZCJ2MCsWChs3PD8hPRo6DBcLIQKHGw4mi409PSYaKSo1HidjGoudIBgfHzItLgEfDAM6pzowPj4ROa+4F7OLBBMGPhkBHg0ZIzsLvz8mwj4lCA0RHRUAzLTO0AEoPAA4Dw/Mpj+cwxkiI+DiDCYEHeYTCwUxMQlYWSETPRI//wADChxIMGAQADs=';
  117. $_R['images/upload.gif'] = 'R0lGODlhGAAYAOZ/AOrNmf398v/rmPj4+OfJk9z5Yv/heuzs7vbdrv/igqLfJv/ebbbWVaa8Ne7ToezQnKLcLPHWpXC6DP/njaniLunp69zc3P/wqf/Xa/zcd+fIlOXl5vLYqP/yu//tpfT09Nb3W87yVP/plqzkMbTmOejLlsfwTLnqP/P09P/51/79+6PYRf/75b3rQf/APv/vof/wpffju/Hx8f7+/qW3L//64pDYFP/WX5DXFf/bZYTTCJzdIevr7LrdaP/deP/2zqrFPNzeu7PtK9f5V8HvVOv22P/ISvz8/Pn5+fvac6/PUf/lhbXPTprcHvn6+druuJXQHJbaGv/ojL/lgozWEfTz87rgef/Zav/nkNLGR4bJGf/QXNjgmJHQIJvXJrLmN//wrvTaqvTbrKThKavpMP/urv/SW+bm5//rnsTyQP/kiOLi4uPj5M7es5fRO3vCEtf1n+/w7f/OU63nKv/76Pj979Dyk9j2Xv/RV//NUf+/PP/ISf/DQ3zPAP///////yH5BAEAAH8ALAAAAAAYABgAAAf/gH+Cg4SFhoeIiYRIPAeOjwc8SIMBZHCHPH6am5sVg0RDQkWGBzOmp6Z+nn92aXcFZHWFFUdItre2Z2dtcwUkLSAraxsHgmdOKB8fKChVyh9FECAjFBQnLVNIFoJsAzLf4N9xKyZjO+c7LQpP238x7/DxTCQmFDj3OCchUEGCCAF0aggcWKNHDwhfdCjUEcKNFS7+WFyYSLGiFwp9MvYxwYAFAkFiUsAYSbJkFwUa+5xgkEKMoDA/XsicSVNLk5QjlPwII4jDDwFAgwIVIeWNjZQKgHTgIChChwlQoy4xsGCBBCopozQAE0GQgw4JwiagmqNsDgk20qpt4MGB1zI+ZOJeuUG3Lo27eGlkQeP2zwMPGDCYwUO4sOHDIh4IAiBii5w8kCNLnpwHi+I/ACYY2cO5s+fPnNUAEFQiAZ/TqFOrRp2gBOkkLvTInk27th4XGVz/UUFAA4HfwIMLB65CkXFCgQAAOw==';
  118.  
  119. if (!DEV && isset($_GET['r'])){
  120. $r = $_GET['r'];
  121. $is_image = strpos($r, '.') !== false;
  122. //TODO: cache headers
  123. header('Content-Type: ' . $_R_HEADERS[$is_image ? getExt($r) : $r]);
  124. exit($is_image ? base64_decode($_R[$r]) : $_R[$r]);
  125. }
  126.  
  127. /*
  128. * init
  129. */
  130. $do = isset($_GET['do']) ? $_GET['do'] : null;
  131.  
  132. if (AUTHORIZE) {
  133. session_start();
  134. doAuth();
  135. }
  136.  
  137. $nonce = isset($_SESSION['nonce']) ? $_SESSION['nonce'] : '';
  138.  
  139. /*
  140. * A warning is issued when the timezone is not set.
  141. */
  142. if (function_exists('date_default_timezone_set'))
  143. date_default_timezone_set('UTC');
  144. $tz_offset = isset($_SESSION['tz_offset']) ? $_SESSION['tz_offset'] : 0;
  145.  
  146. /**
  147. * directory checks and chdir
  148. */
  149.  
  150. if (!isNull(ROOT) && is_dir(ROOT))
  151. chdir(ROOT);
  152.  
  153. if (!is_dir($path)) {
  154. if ($path != '.')
  155. exit(header('Location: ?path=.'));
  156. else
  157. echo 'The current directory '.getcwd().' can\'t be read';
  158. }
  159.  
  160. if (!is_readable($path)) {
  161. chmod($path, 0755);
  162. if (!is_readable($path))
  163. echo 'path (' . $pathHTML . ') can\'t be read';
  164. }
  165.  
  166. /**
  167. * perform requested action
  168. */
  169. if ($do) {
  170. if (isset($_GET['subject']) && !isNull($_GET['subject'])) {
  171. $subject = str_replace('/', null, $_GET['subject']);
  172. $subjectURL = escape($subject);
  173. $subjectHTML = htmlspecialchars($subject);
  174. }
  175.  
  176. switch ($do) {
  177. case 'login':
  178. exit(doLogin());
  179. case 'logout':
  180. exit(doLogout());
  181. case 'shell':
  182. nonce_check();
  183. exit(shell_exec($_POST['cmd']));
  184. case 'create':
  185. nonce_check();
  186. exit(doCreate($_POST['f_name'], $_GET['f_type'], $path));
  187. case 'upload':
  188. nonce_check();
  189. exit(doUpload($path));
  190. case 'chmod':
  191. nonce_check();
  192. exit(doChmod($subject, $path, $_POST['mod']));
  193. case 'extract':
  194. nonce_check();
  195. exit(doExtract($subject, $path));
  196. case 'readFile':
  197. exit(doReadFile($subject, $path));
  198. case 'rename':
  199. nonce_check();
  200. exit(doRename($subject, $path));
  201. case 'delete':
  202. nonce_check();
  203. exit(doDelete($subject, $path));
  204. case 'saveEdit':
  205. nonce_check();
  206. exit(doSaveEdit($subject, $path));
  207. case 'copy':
  208. nonce_check();
  209. exit(doCopy($subject, $path));
  210. case 'move':
  211. nonce_check();
  212. exit(doMove($subject, $path));
  213. case 'moveList':
  214. exit(moveList($subject, $path));
  215. case 'installCodeMirror':
  216. exit(installCodeMirror());
  217. case 'fileExists':
  218. exit(file_exists($path .'/'. $subject));
  219. case 'getfs':
  220. exit(getFs($path .'/'. $subject));
  221. case 'remoteCopy':
  222. nonce_check();
  223. exit(doRemoteCopy($path));
  224. }
  225. }
  226.  
  227. /**
  228. * no action; list current directory
  229. */
  230. getDirContents($path);
  231.  
  232. /**
  233. * helper functions
  234. */
  235.  
  236. /**
  237. * @return bool returns true if any empty values are passed
  238. */
  239. function isNull() {
  240. foreach (func_get_args() as $value)
  241. if (!strlen($value))
  242. return true;
  243. return false;
  244. }
  245. function zipSupport(){
  246. if (function_exists('zip_open'))
  247. return 'function';
  248. if (class_exists('ZipArchive'))
  249. return 'class';
  250. if (strpos(PHP_OS, 'WIN') === false && @shell_exec('unzip'))
  251. return 'exec';
  252. return false;
  253. }
  254. function escape($uri){
  255. return str_replace('%2F', '/', rawurlencode($uri));
  256. }
  257. function removeQuotes($subject, $single = true, $double = true) {
  258. if ($single)
  259. $subject = str_replace('\'', null, $subject);
  260. if ($double)
  261. $subject = str_replace('"', null, $subject);
  262. return $subject;
  263. }
  264. function return_bytes($val) { //for upload. http://php.net/ini_get
  265. $val = trim($val);
  266. $last = strtolower($val{strlen($val)-1});
  267. switch($last) {
  268. case 'g':
  269. $val *= 1024;
  270. case 'm':
  271. $val *= 1024;
  272. case 'k':
  273. $val *= 1024;
  274. }
  275.  
  276. return $val;
  277. }
  278. function getExt($file){
  279. return strrpos($file, '.') ? strtolower(substr($file, strrpos($file, '.') + 1)) : '&lt;&gt;';
  280. }
  281. function getMod($subject){
  282. return substr(sprintf('%o', fileperms($subject)), -4);
  283. }
  284. function redirect(){
  285. global $redir;
  286. @header('Location: ' . $redir);
  287. }
  288. function refresh($message, $speed = 2){
  289. global $redir;
  290. return '<meta http-equiv="refresh" content="'.$speed.';url='.$redir.'">'.$message;
  291. }
  292. function getFs($file){
  293. if (filesize($file) <= 1024)
  294. return filesize($file).' <b title="Bytes" style="background-color: #B9D4B8">B</b>';
  295. elseif (filesize($file) <= 1024000)
  296. return round(filesize($file)/1024, 2).' <b title="KiloBytes" style="background-color: yellow">KB</b>';
  297. else
  298. return round(filesize($file)/1024000, 2).' <b title="MegaBytes" style="background-color: red">MB</b>';
  299. }
  300. function rrd($dir){
  301. $handle = opendir($dir);
  302. while (($dirItem = readdir($handle)) !== false) {
  303. if ($dirItem == '.' || $dirItem == '..')
  304. continue;
  305. $path = $dir.'/'.$dirItem;
  306. is_dir($path) ? rrd($path) : unlink($path);
  307. }
  308. closedir($handle);
  309. return rmdir($dir);
  310. }
  311. function pathCrumbs(){
  312. global $pathHTML, $pathURL;
  313. $crumbs = explode('/', $pathHTML);
  314. $crumbsLink = explode('/', $pathURL);
  315. $pathSplit = '';
  316. $crumb = str_replace('/', ' / ', dirname(getcwd())) . ' / ';
  317. for ($i = 0; $i < count($crumbs); $i++) {
  318. $slash = $i ? '/' : '';
  319. $pathSplit .= $slash . $crumbsLink[$i];
  320. $crumb .= '<a href="?path=' . $pathSplit . '" title="Go to ' . $crumbs[$i] . '">'
  321. . ($i ? $crumbs[$i] : '<em>'.basename(getcwd()).'</em>') . "</a> /\n";
  322. }
  323. return $crumb;
  324. }
  325.  
  326. //authorize functions
  327. function doAuth(){
  328. global $do, $pathURL, $footer;
  329. $pwd = isset($_SESSION['pwd']) ? $_SESSION['pwd'] : '';
  330. if ($do == 'login' || $do == 'logout')
  331. return; //TODO: login/logout take place here
  332. if ($pwd != crypt(PASSWORD, PASSWORD_SALT))
  333. if ($do)
  334. exit('Please refresh the page and login');
  335. else
  336. exit('<!DOCTYPE html>
  337. <html>
  338. <head>
  339. <meta charset="UTF-8">
  340. <title>Log In | pafm</title>
  341. <style type="text/css">
  342. body {
  343. margin: auto;
  344. max-width: 20em;
  345. text-align: center;
  346. }
  347. form {
  348. width: 20em;
  349. position: fixed;
  350. top: 30%;
  351. }
  352. a {
  353. text-decoration: none;
  354. color: #B22424;
  355. }
  356. a:visited {
  357. color: #FF2F00;
  358. }
  359. a:hover {
  360. color: #DD836F;
  361. }
  362. p {
  363. margin-top: 7.5em;
  364. font: italic 12px verdana,arial;
  365. }
  366. </style>
  367. </head>
  368. <body>
  369. <form action="?do=login&amp;path='.$pathURL.'" method="post">
  370. <fieldset>
  371. <legend style="text-align: left;">Log in</legend>
  372. <input type="password" name="pwd" title="Password" autofocus>
  373. <input type="hidden" value="" id="tz_offset" name="tz_offset">
  374. <input type="submit" value="&#10003;" title="Log In">
  375. </fieldset>
  376. <p>'.$footer.'</p>
  377. </form>
  378. <script type="text/javascript">
  379. document.getElementById("tz_offset").value = (new Date()).getTimezoneOffset() * -60;
  380. </script>
  381. </body>
  382. </html>');
  383. }
  384. function doLogin(){
  385. $pwd = isset($_POST['pwd']) ? $_POST['pwd'] : '';
  386. $bruteforce_file_exists = file_exists(BRUTEFORCE_FILE);
  387.  
  388. if ($bruteforce_file_exists){
  389. $bruteforce_contents = explode('|', file_get_contents(BRUTEFORCE_FILE));
  390. if ((time() - $bruteforce_contents[0]) < BRUTEFORCE_TIME_LOCK && $bruteforce_contents[1] >= BRUTEFORCE_ATTEMPTS)
  391. return refresh('Attempt limit reached, please wait: '
  392. . ($bruteforce_contents[0] + BRUTEFORCE_TIME_LOCK - time()) . ' seconds');
  393. }
  394.  
  395. if ($pwd == PASSWORD){
  396. $_SESSION['tz_offset'] = intval($_POST['tz_offset']);
  397. $_SESSION['pwd'] = crypt(PASSWORD, PASSWORD_SALT);
  398. $_SESSION['nonce'] = crypt(uniqid(), rand());
  399. $bruteforce_file_exists && unlink(BRUTEFORCE_FILE);
  400. return redirect();
  401. }
  402.  
  403. $bruteforce_data = time() . '|';
  404. /**
  405. * The second condition, if reached, implies an expired bruteforce lock
  406. */
  407. if (!$bruteforce_file_exists || $bruteforce_contents[1] >= BRUTEFORCE_ATTEMPTS)
  408. $bruteforce_data .= 1;
  409. else
  410. $bruteforce_data .= ++$bruteforce_contents[1];
  411.  
  412. file_put_contents(BRUTEFORCE_FILE, $bruteforce_data);
  413. chmod(BRUTEFORCE_FILE, 0700); //prevent others from viewing
  414. return refresh('Password is incorrect');
  415. }
  416. function doLogout(){
  417. session_destroy();
  418. redirect();
  419. }
  420. function nonce_check(){
  421. if (AUTHORIZE && $_GET['nonce'] != $_SESSION['nonce'])
  422. exit(refresh('Invalid nonce, try again.'));
  423. }
  424.  
  425. //fOp functions
  426. function doCreate($f_name, $f_type, $path){
  427. if (isNull($f_name))
  428. return refresh('A filename has not been entered');
  429.  
  430. $invalidChars = strpos(PHP_OS, 'WIN') !== false ? '/\\|\/|:|\*|\?|\"|\<|\>|\|/' : '/\//';
  431. if (preg_match($invalidChars, $f_name))
  432. return refresh('Filename contains invalid characters');
  433.  
  434. if ($f_type == 'file' && !file_exists($path.'/'.$f_name))
  435. fclose(fopen($path.'/'.$f_name, 'w'));
  436. elseif ($f_type == 'folder' && !file_exists($path.'/'.$f_name))
  437. mkdir($path.'/'.$f_name);
  438. else
  439. return refresh(htmlspecialchars($f_name).' already exists');
  440. redirect();
  441. }
  442. function installCodeMirror(){
  443. mkdir(CODEMIRROR_PATH);
  444. $cmjs = CODEMIRROR_PATH . '/cm.js';
  445. $cmcss = CODEMIRROR_PATH . '/cm.css';
  446. $out = null;
  447.  
  448. copy('http://cloud.github.com/downloads/mustafa0x/pafm/_codemirror.js', $cmjs);
  449. copy('http://cloud.github.com/downloads/mustafa0x/pafm/_codemirror.css', $cmcss);
  450.  
  451. /**
  452. * avoid using modified CodeMirror files
  453. */
  454. if (md5_file($cmjs) != '65f5ba3c8d38bb08544717fc93c14024')
  455. $out = unlink($cmjs);
  456. if (md5_file($cmcss) != '23d441d9125538e3c5d69448f8741bfe')
  457. $out = unlink($cmcss);
  458.  
  459. return $out ? '-' : '';
  460. }
  461. function doUpload($path){
  462. if (!$_FILES)
  463. return refresh('$_FILES array can not be read. Check file size limits and the max execution time limit.');
  464.  
  465. $uploadErrors = array(null,
  466. 'The uploaded file exceeds the upload_max_filesize directive in php.ini.',
  467. 'The uploaded file exceeds the MAX_FILE_SIZE directive that was specified in the HTML form.',
  468. 'The uploaded file was only partially uploaded.',
  469. 'No file was uploaded.',
  470. 'Missing a temporary folder.',
  471. 'Failed to write file to disk.',
  472. 'File upload stopped by extension.'
  473. );
  474. $error_message = ' Please see <a href="http://www.php.net/file-upload.errors">File Upload Error Messages</a>';
  475.  
  476. $fail = false;
  477.  
  478. if ($_FILES['file']['error']) {
  479. if ($uploadErrors[$_FILES['file']['error']])
  480. return refresh($uploadErrors[$_FILES['file']['error']] . $error_message);
  481. else
  482. return refresh('Unknown error occurred.' . $error_message);
  483. }
  484.  
  485. if (!is_file($_FILES['file']['tmp_name']))
  486. return refresh($_FILES['file']['name'] . ' could not be uploaded.'
  487. . 'Possible causes could be the <b>post_max_size</b> and <b>memory_limit</b> directives in php.ini.');
  488.  
  489. if (!is_uploaded_file($_FILES['file']['tmp_name']))
  490. return refresh(basename($_FILES['file']['name']) . ' is not a POST-uploaded file');
  491.  
  492. if (!move_uploaded_file($_FILES['file']['tmp_name'], $path . '/' . basename($_FILES['file']['name'])))
  493. $fail = true;
  494.  
  495. return $fail ? 'One or more files could not be moved.' : $_FILES['file']['name'] . ' uploaded';
  496. }
  497. function doChmod($subject, $path, $mod){
  498. if (isNull($mod))
  499. return refresh('chmod field is empty');
  500.  
  501. chmod($path . '/' . $subject, octdec(strlen($mod) == 3 ? 0 . $mod : $mod));
  502. redirect();
  503. }
  504. function doExtract($subject, $path){
  505. global $subjectHTML;
  506. switch (zipSupport()) {
  507. case 'function':
  508. if (!is_resource($zip = zip_open($path.'/'.$subject)))
  509. return refresh($subjectHTML . ' could not be read for extracting');
  510.  
  511. while ($zip_entry = zip_read($zip)){
  512. zip_entry_open($zip, $zip_entry);
  513. if (substr(zip_entry_name($zip_entry), -1) == '/') {
  514. $zdir = substr(zip_entry_name($zip_entry), 0, -1);
  515. if (file_exists($path.'/'.$zdir))
  516. return refresh(htmlspecialchars($zdir) . ' exists!');
  517. mkdir($path.'/'.$zdir);
  518. }
  519. else {
  520. if (file_exists($path.'/'.zip_entry_name($zip_entry)))
  521. return refresh(htmlspecialchars($path.'/'.zip_entry_name($zip_entry)) . ' exists!');
  522.  
  523. $fopen = fopen($path.'/'.zip_entry_name($zip_entry), 'w');
  524. $ze_fs = zip_entry_filesize($zip_entry);
  525. fwrite($fopen, zip_entry_read($zip_entry, $ze_fs), $ze_fs);
  526. }
  527. zip_entry_close($zip_entry);
  528. }
  529. zip_close($zip);
  530. break;
  531. case 'class':
  532. $zip = new ZipArchive();
  533. if ($zip->open($path.'/'.$subject) !== true)
  534. return refresh($subjectHTML . ' could not be read for extracting');
  535. $zip->extractTo($path);
  536. $zip->close();
  537. break;
  538. case 'exec':
  539. shell_exec('unzip ' . escapeshellarg($path.'/'.$subject));
  540. }
  541. redirect();
  542. }
  543. function doReadFile($subject, $path){
  544. return file_get_contents($path.'/'.$subject);
  545. }
  546. function doCopy($subject, $path){
  547. $to = isset($_POST['to']) ? $_POST['to'] : '';
  548. $dest = $path.'/'.$to;
  549.  
  550. if (isNull($subject, $path, $to))
  551. return refresh('Values could not be read');
  552.  
  553. if (is_dir($path.'/'.$subject)) {
  554. copyDir($path.'/'.$subject, $dest);
  555. redirect();
  556. }
  557.  
  558. if (file_exists($dest))
  559. return refresh('Destination ('.$dest.') exists');
  560.  
  561. if(!copy($path.'/'.$subject, $dest))
  562. return refresh($subject . ' could not be copied to ' . $to);
  563.  
  564. redirect();
  565. }
  566. function copyDir($subject, $to){
  567. if (file_exists($to) || !mkdir($to))
  568. return refresh('Destination exists or creation of destination failed.');
  569.  
  570. $handle = opendir($subject);
  571. while(($dirItem = readdir($handle)) !== false) {
  572. if ($dirItem == '.' || $dirItem == '..')
  573. continue;
  574.  
  575. $path = $subject.'/'.$dirItem;
  576. if (is_dir($path))
  577. copyDir($path, $to.'/'.$dirItem);
  578. else
  579. copy($path, $to.'/'.$dirItem);
  580. }
  581.  
  582. closedir($handle);
  583. }
  584. function doRemoteCopy($path){
  585. $location = isset($_POST['location']) ? $_POST['location'] : '';
  586. $to = isset($_POST['to']) ? $_POST['to'] : '';
  587. $dest = $path.'/'.$to;
  588.  
  589. if (isNull($path, $location, $to))
  590. return refresh('Values could not be read');
  591.  
  592. if (file_exists($dest))
  593. return refresh('Destination ('.$dest.') exists');
  594.  
  595. if(!copy($location, $dest))
  596. return refresh($location . ' could not be copied to '. ($dest));
  597. redirect();
  598. }
  599. function doRename($subject, $path){
  600. $rename = isset($_POST['rename']) ? $_POST['rename'] : '';
  601. if (isNull($subject, $rename))
  602. return refresh('Values could not be read');
  603.  
  604. if (file_exists($path.'/'.$rename))
  605. return refresh(htmlspecialchars($rename) . ' exists, please choose another name');
  606.  
  607. rename($path.'/'.$subject, $path.'/'.$rename);
  608. redirect();
  609. }
  610. function doDelete($subject, $path){
  611. global $subjectHTML;
  612. $fullPath = $path .'/'. $subject;
  613.  
  614. if (isNull($subject, $path))
  615. return refresh('Values could not be read');
  616. if (!file_exists($fullPath))
  617. return refresh($subjectHTML . ' doesn\'t exist');
  618.  
  619. if (is_file($fullPath))
  620. if (!unlink($fullPath))
  621. return refresh($subjectHTML . ' could not be removed');
  622.  
  623. if (is_dir($fullPath))
  624. if (!rrd($fullPath))
  625. return refresh($subjectHTML . ' could not be removed');
  626.  
  627. redirect();
  628. }
  629. function doSaveEdit($subject, $path){
  630. global $subjectHTML, $tz_offset;
  631. $data = get_magic_quotes_gpc() ? stripslashes($_POST['data']) : $_POST['data'];
  632. if (!is_file($path .'/'. $subject))
  633. return 'Error: ' . $subjectHTML . ' is not a valid file';
  634.  
  635. if (file_put_contents($path .'/'. $subject, $data) === false)
  636. return $subject . ' could not be saved';
  637. else
  638. return 'saved at ' . date('H:i:s', time() + $tz_offset);
  639. }
  640. function doMove($subject, $path){
  641. global $pathHTML, $subjectHTML;
  642.  
  643. if (isset($_GET['to']) && !isNull($_GET['to'])) {
  644. $to = $_GET['to'];
  645. $toHTML = htmlspecialchars($to);
  646. $toURL = escape($to);
  647. }
  648. if (isNull($subject, $path, $to))
  649. return refresh('Values could not be read');
  650.  
  651. if ($path == $to)
  652. return refresh('The source and destination are the same');
  653.  
  654. if (array_search($subject, explode('/', $to)) == array_search($subject, explode('/', $path . '/' . $subject)))
  655. return refresh($toHTML . ' is a subfolder of ' . $pathHTML);
  656.  
  657. if (file_exists($to.'/'.$subject))
  658. return refresh($subjectHTML . ' exists in ' . $toHTML);
  659.  
  660. rename($path . '/' . $subject, $to.'/'.$subject);
  661. redirect();
  662. }
  663. function moveList($subject, $path){
  664. global $pathURL, $pathHTML, $subjectURL, $subjectHTML, $nonce;
  665.  
  666. if (isset($_GET['to']) && !isNull($_GET['to'])) {
  667. $to = $_GET['to'];
  668. $toHTML = htmlspecialchars($to);
  669. $toURL = escape($to);
  670. }
  671. if (isNull($subject, $path, $to))
  672. return refresh('Values could not be read');
  673.  
  674. $return = '["div",
  675. {attributes: {"id": "movelist"}},
  676. [
  677. "span",
  678. {attributes: {"class": "pathCrumbs"}},
  679. [
  680. ';
  681. $crumbs = explode('/', $toHTML);
  682. $crumbsLink = explode('/', $toURL);
  683. $pathSplit = '';
  684.  
  685. for ($i = 0; $i < count($crumbs); $i++) {
  686. $slash = $i ? '/' : null;
  687. $pathSplit .= $slash . $crumbsLink[$i];
  688. $return .= ($i ? ',' : null) . '"a",
  689. {
  690. attributes : {
  691. "href" : "#",
  692. "title" : "Go to ' . $crumbs[$i] . '"
  693. },
  694. events : {
  695. click : function(e){
  696. fOp.moveList("'.$subjectURL.'", "'.$pathURL.'", "'.$pathSplit.'");
  697. e.preventDefault ? e.preventDefault() : e.returnValue = false;
  698. }
  699. },
  700. text : "' . ($i ? $crumbs[$i] : 'root') . '",
  701. postText : " / "
  702. }';
  703. }
  704.  
  705. $return .= '
  706. ],
  707. "ul",
  708. {attributes: {"id": "moveListUL"}}';
  709.  
  710. $j = 0;
  711. //TODO: sort output
  712. $handle = opendir($to);
  713. while (($dirItem = readdir($handle)) !== false) {
  714. $fullPath = $to.'/'.$dirItem;
  715. if (!is_dir($fullPath) || $dirItem == '.' || $dirItem == '..')
  716. continue;
  717. $fullPathURL = escape($fullPath);
  718. $dirItemHTML = htmlspecialchars($dirItem);
  719. $return .= ',
  720. [
  721. "li",
  722. {},
  723. [
  724. "a",
  725. {
  726. attributes : {"href" : "#"},
  727. events : {
  728. click : function(e){
  729. fOp.moveList("'.$subjectURL.'", "'.$pathURL.'", "'.$fullPathURL.'");
  730. e.preventDefault ? e.preventDefault() : e.returnValue = false;
  731. }
  732. }
  733. },
  734. ["img", {attributes: {"src": "'. (DEV ? 'pafm-files/' : '?r=')
  735. .'images/odir.png", "title": "Open '.$dirItemHTML.'"}}],
  736. "a",
  737. {
  738. attributes: {"href": "?do=move&subject='.$subjectURL.'&path='.$pathURL.'&to='.$fullPathURL
  739. .'&nonce='.$nonce.'", "title" : "move '.$subject.' to '.$dirItemHTML.'", "class": "dir"},
  740. text: "'.$dirItemHTML.'"
  741. }
  742. ]
  743. ]';
  744. $j++;
  745. }
  746. if (!$j)
  747. $return .= ',
  748. "b", {text: "No directories found"},
  749. "br", {},
  750. "br", {}';
  751. $return .= ',
  752. "a",
  753. {
  754. attributes: {"href": "?do=move&subject='.$subjectURL.'&path='.$pathURL.'&to='.$toURL
  755. .'&nonce='.$nonce.'", "id": "movehere", "title": "move here ('.$toHTML.')"},
  756. text : "move here"
  757. }]
  758. ]';
  759. return $return;
  760. }
  761. function getDirContents($path){
  762. global $dirContents, $dirCount;
  763. $itemType = '';
  764.  
  765. $dirHandle = opendir($path);
  766. while (($dirItem = readdir($dirHandle)) !== false) {
  767. if ($dirItem == '.' || $dirItem == '..')
  768. continue;
  769. $fullPath = $path.'/'.$dirItem;
  770. $itemType = is_file($fullPath) ? 'files' : 'folders';
  771. $dirContents[$itemType][] = $dirItem;
  772. $dirCount[$itemType]++;
  773. }
  774. closedir($dirHandle);
  775. }
  776.  
  777. /**
  778. * Output the file list
  779. */
  780. function getDirs($path){
  781. global $dirContents, $pathURL, $nonce, $tz_offset;
  782.  
  783. if (!count($dirContents['folders']))
  784. return;
  785.  
  786. natcasesort($dirContents['folders']);
  787.  
  788. foreach ($dirContents['folders'] as $dirItem){
  789. $dirItemURL = escape($dirItem);
  790. $dirItemHTML = htmlspecialchars($dirItem);
  791. $fullPath = $path.'/'.$dirItem;
  792.  
  793. $mtime = filemtime($fullPath);
  794. $mod = getMod($path.'/'.$dirItem);
  795.  
  796. echo ' <li title="' . $dirItemHTML . '">' .
  797. "\n\t" . '<a href="?path=' . escape($fullPath) . '" title="' . $dirItemHTML . '" class="dir">'.$dirItemHTML.'</a>'.
  798. "\n\t" . '<span class="filemtime" title="'.date('c', $mtime).'">' . date('y-m-d | H:i:s', $mtime + $tz_offset) . '</span>' .
  799. "\n\t" . '<span class="mode" title="mode">' . $mod . '</span>' .
  800. "\n\t" . '<a href="#" title="Chmod '.$dirItemHTML.'" onclick="fOp.chmod(\''.$pathURL.'\', \''.$dirItemURL.'\', \''.$mod.'\'); return false;" class="chmod b"></a>' .
  801. "\n\t" . '<a href="#" title="Move '.$dirItemHTML.'" onclick="fOp.moveList(\''.$dirItemURL.'\', \''.$pathURL.'\', \''.$pathURL.'\'); return false;" class="move b"></a>' .
  802. "\n\t" . '<a href="#" title="Copy '.$dirItemHTML.'" onclick="fOp.copy(\''.$dirItemURL.'\', \''.$pathURL.'\', \''.$pathURL.'\'); return false;" class="copy b"></a>' .
  803. "\n\t" . '<a href="#" title="Rename '.$dirItemHTML.'" onclick="fOp.rename(\''.$dirItemHTML.'\', \''.$pathURL.'\'); return false;" class="rename b"></a>' .
  804. "\n\t" . '<a href="?do=delete&amp;path='.$pathURL.'&amp;subject='.$dirItemURL.'&amp;nonce=' . $nonce.'" title="Delete '.$dirItemHTML.'" onclick="return confirm(\'Are you sure you want to delete '.removeQuotes($dirItem).'?\');" class="del b"></a>' .
  805. "\n </li>\n";
  806. }
  807. }
  808. function getFiles($path){
  809. global $dirContents, $pathURL, $codeMirrorModes, $nonce, $tz_offset;
  810. $filePath = $path == '.' ? '/' : '/' . $path.'/';
  811.  
  812. if (!count($dirContents['files']))
  813. return;
  814.  
  815. natcasesort($dirContents['files']);
  816.  
  817. $codeMirrorExists = (int)is_dir(CODEMIRROR_PATH);
  818. $zipSupport = zipSupport();
  819.  
  820. foreach ($dirContents['files'] as $dirItem){
  821. $dirItemURL = escape($dirItem);
  822. $dirItemHTML = htmlspecialchars($dirItem);
  823. $fullPath = $path.'/'.$dirItem;
  824.  
  825. $mtime = filemtime($fullPath);
  826. $mod = getMod($fullPath);
  827. $ext = getExt($dirItem);
  828. $cmSupport = in_array($ext, $codeMirrorModes) ? 'cp ' : '';
  829.  
  830. echo ' <li title="' . $dirItemHTML . '">' .
  831. "\n\t" . '<a href="' . escape(ROOT . $filePath . $dirItem) . '" title="' . $dirItemHTML . '" class="file">'.$dirItemHTML.'</a>' .
  832. "\n\t" . '<span class="fs" title="file size">' . getfs($path.'/'.$dirItem) . '</span>' .
  833. "\n\t" . '<span class="extension" title="file extension">' . $ext . '</span>' .
  834. "\n\t" . '<span class="filemtime" title="'.date('c', $mtime).'">' . date('y-m-d | H:i:s', $mtime + $tz_offset) . '</span>' .
  835. "\n\t" . '<span class="mode" title="mode">' . $mod . '</span>' .
  836. (($zipSupport && $ext == 'zip')
  837. ? "\n\t" . '<a href="?do=extract&amp;path='.$pathURL.'&amp;subject='.$dirItemURL.'&amp;nonce=' . $nonce.'" title="Extract '.$dirItemHTML.'" class="extract b"></a>'
  838. : '') .
  839. (filesize($fullPath) <= (1048576 * MaxEditableSize)
  840. ? "\n\t" . '<a href="#" title="Edit '.$dirItemHTML.'" onclick="edit.init(\''.$dirItemURL.'\', \''.$pathURL.'\', \''.$ext.'\', '.$codeMirrorExists.'); return false;" class="edit '.$cmSupport.'b"></a>'
  841. : '') .
  842. "\n\t" . '<a href="#" title="Chmod '.$dirItemHTML.'" onclick="fOp.chmod(\''.$pathURL.'\', \''.$dirItemURL.'\', \''.$mod.'\'); return false;" class="chmod b"></a>' .
  843. "\n\t" . '<a href="#" title="Move '.$dirItemHTML.'" onclick="fOp.moveList(\''.$dirItemURL.'\', \''.$pathURL.'\', \''.$pathURL.'\'); return false;" class="move b"></a>' .
  844. "\n\t" . '<a href="#" title="Copy '.$dirItemHTML.'" onclick="fOp.copy(\''.$dirItemURL.'\', \''.$pathURL.'\', \''.$pathURL.'\'); return false;" class="copy b"></a>' .
  845. "\n\t" . '<a href="#" title="Rename '.$dirItemHTML.'" onclick="fOp.rename(\''.$dirItemHTML.'\', \''.$pathURL.'\'); return false;" class="rename b"></a>' .
  846. "\n\t" . '<a href="?do=delete&amp;path='.$pathURL.'&amp;subject='.$dirItemURL.'&amp;nonce=' . $nonce.'" title="Delete '.$dirItemHTML.'" onclick="return confirm(\'Are you sure you want to delete '.removeQuotes($dirItem).'?\');" class="del b"></a>'.
  847. "\n </li>\n";
  848. }
  849. }
  850. ?>
  851. <!DOCTYPE html>
  852. <html>
  853. <head>
  854. <meta charset="UTF-8">
  855. <title><?php echo str_replace('www.', '', $_SERVER['HTTP_HOST']); ?> | pafm</title>
  856. <style type="text/css">@import "<?php echo DEV ? 'pafm-files/style.css' : '?r=css';?>";</style>
  857. <script type="text/javascript">var nonce = "<?php echo $_SESSION['nonce']; ?>";</script>
  858. <script src="<?php echo DEV ? 'pafm-files/js.js' : '?r=js';?>" type="text/javascript"></script>
  859. </head>
  860. <body>
  861.  
  862. <div id="header">
  863. <?php
  864. if (AUTHORIZE):
  865. ?>
  866. <a href="?do=logout&amp;path=<?php echo $pathURL; ?>" title="logout" id="logout">logout</a>
  867. <?php
  868. endif;
  869. ?>
  870. <span class="pathCrumbs"><?php echo pathCrumbs(); ?>
  871. <span id="dir-count">
  872. folders: <?php echo $dirCount['folders']; ?> | files: <?php echo $dirCount['files']; ?>
  873. </span>
  874. </span>
  875. </div>
  876.  
  877. <div id="dirList">
  878. <ul id="info">
  879. <li>
  880. <span id="file">name</span>
  881. <span class="extension">extension</span>
  882. <span class="filemtime">last modified</span>
  883. <span class="mode">mode</span>
  884. <span class="fs">size</span>
  885. <span id="fileop">file operations</span>
  886. </li>
  887. </ul>
  888.  
  889. <ul>
  890. <?php getDirs($path);?>
  891. </ul>
  892.  
  893. <ul>
  894. <?php getFiles($path);?>
  895. </ul>
  896. </div>
  897.  
  898. <div id="add" class="b">
  899. <a href="#" title="Create File" onclick="fOp.create('file', '<?php echo $pathURL; ?>'); return false;"><img src="<?php echo DEV ? "pafm-files/" : "?r="?>images/addfile.gif" alt="Create File"></a>
  900. <a href="#" title="Create Folder" onclick="fOp.create('folder', '<?php echo $pathURL; ?>'); return false;"><img src="<?php echo DEV ? "pafm-files/" : "?r="?>images/addfolder.gif" alt="Create Folder"></a>
  901. <br>
  902. <a href="#" title="Remote Copy File" onclick="fOp.remoteCopy('<?php echo $pathURL; ?>'); return false;"><img src="<?php echo DEV ? "pafm-files/" : "?r="?>images/remotecopy.png" alt="Remote Copy"></a>
  903. <a href="#" title="Upload File" onclick="upload.init('<?php echo $pathURL; ?>', <?php echo $maxUpload; ?>); return false;"><img src="<?php echo DEV ? "pafm-files/" : "?r="?>images/upload.gif" alt="Upload File"></a>
  904. <br>
  905. <a href="#" title="Open Shell" onclick="shell.init('<?php echo @trim(shell_exec('whoami')); ?>', '<?php echo @trim(shell_exec('pwd')); ?>'); return false;"><img src="<?php echo DEV ? "pafm-files/" : "?r="?>images/terminal.png" alt="Terminal"></a>
  906. </div>
  907.  
  908. <div id="footer">
  909. <p><?php echo $footer; ?></p>
  910. <?php
  911. if (PASSWORD == 'auth') echo '<span>change your password</span>';
  912. ?>
  913. </div>
  914.  
  915. </body>
  916. </html>
RAW Paste Data