API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Mar 6th, 2017
90
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 23.21 KB | None | 0 0
raw download clone embed print report
  1. <?php // -*- coding: utf-8 -*-
  2. define('PHPSHELL_VERSION', '2.4');
  3. /*
  4.  
  5. **************************************************************
  6. * PHP Shell *
  7. **************************************************************
  8.  
  9. PHP Shell is an interactive PHP script that will execute any command
  10. entered. See the files README, INSTALL, and SECURITY or
  11. http://phpshell.sourceforge.net/ for further information.
  12.  
  13. Copyright (C) 2000-2012 the Phpshell-team
  14.  
  15. This program is free software; you can redistribute it and/or
  16. modify it under the terms of the GNU General Public License
  17. as published by the Free Software Foundation; either version 2
  18. of the License, or (at your option) any later version.
  19.  
  20. This program is distributed in the hope that it will be useful,
  21. but WITHOUT ANY WARRANTY; without even the implied warranty of
  22. MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
  23. GNU General Public License for more details.
  24.  
  25. You can get a copy of the GNU General Public License from this
  26. address: http://www.gnu.org/copyleft/gpl.html#SEC1
  27. You can also write to the Free Software Foundation, Inc., 59 Temple
  28. Place - Suite 330, Boston, MA 02111-1307, USA.
  29.  
  30. */
  31.  
  32. /* There are no user-configurable settings in this file anymore, please see
  33. * config.php instead. */
  34.  
  35. header("Content-Type: text/html; charset=utf-8");
  36.  
  37. /* This error handler will turn all notices, warnings, and errors into fatal
  38. * errors, unless they have been suppressed with the @-operator. */
  39. function error_handler($errno, $errstr, $errfile, $errline, $errcontext)
  40. {
  41. /* The @-operator (used with chdir() below) temporarely makes
  42. * error_reporting() return zero, and we don't want to die in that case.
  43. * We do note the error in the output, though. */
  44. if (error_reporting() == 0) {
  45. $_SESSION['output'] .= $errstr . "\n";
  46. } else {
  47. die('<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN"
  48. "http://www.w3.org/TR/html4/strict.dtd">
  49. <html>
  50. <head>
  51. <title>PHP Shell ' . PHPSHELL_VERSION . '</title>
  52. <meta http-equiv="Content-Script-Type" content="text/javascript">
  53. <meta http-equiv="Content-Style-Type" content="text/css">
  54. <meta name="generator" content="phpshell">
  55. <link rel="shortcut icon" type="image/x-icon" href="phpshell.ico">
  56. <link rel="stylesheet" href="style.css" type="text/css">
  57. </head>
  58. <body>
  59. <h1>Fatal Error!</h1>
  60. <p><b>' . $errstr . '</b></p>
  61. <p>in <b>' . $errfile . '</b>, line <b>' . $errline . '</b>.</p>
  62.  
  63. <hr>
  64.  
  65. <p>Please consult the <a href="README">README</a>, <a
  66. href="INSTALL">INSTALL</a>, and <a href="SECURITY">SECURITY</a> files for
  67. instruction on how to use PHP Shell.</p>
  68.  
  69. <hr>
  70.  
  71. <address>
  72. Copyright &copy; 2000&ndash;2012, the Phpshell-team. Get the latest
  73. version at <a
  74. href="http://phpshell.sourceforge.net/">http://phpshell.sourceforge.net/</a>.
  75. </address>
  76.  
  77. </body>
  78. </html>');
  79. }
  80. }
  81.  
  82. /* Installing our error handler makes PHP die on even the slightest problem.
  83. * This is what we want in a security critical application like this. */
  84. set_error_handler('error_handler');
  85.  
  86.  
  87. function logout()
  88. {
  89. /* Empty the session data, except for the 'authenticated' entry which the
  90. * rest of the code needs to be able to check. */
  91. $_SESSION = array('authenticated' => false);
  92.  
  93. /* Unset the client's cookie, if it has one. */
  94. // if (isset($_COOKIE[session_name()]))
  95. // setcookie(session_name(), '', time()-42000, '/');
  96.  
  97. /* Destroy the session data on the server. This prevents the simple
  98. * replay attack where one uses the back button to re-authenticate using
  99. * the old POST data since the server wont know the session then. */
  100. // session_destroy();
  101. }
  102.  
  103. /* Clear screen */
  104. function clearscreen()
  105. {
  106. $_SESSION['output'] = '';
  107. }
  108.  
  109. function stripslashes_deep($value)
  110. {
  111. if (is_array($value)) {
  112. return array_map('stripslashes_deep', $value);
  113. } else {
  114. return stripslashes($value);
  115. }
  116. }
  117.  
  118. if (get_magic_quotes_gpc()) {
  119. $_POST = stripslashes_deep($_POST);
  120. }
  121.  
  122. /* Initialize some variables we need again and again. */
  123. $username = isset($_POST['username']) ? $_POST['username'] : '';
  124. $password = isset($_POST['password']) ? $_POST['password'] : '';
  125. $nounce = isset($_POST['nounce']) ? $_POST['nounce'] : '';
  126.  
  127. $command = isset($_POST['command']) ? $_POST['command'] : '';
  128. $rows = isset($_POST['rows']) ? $_POST['rows'] : 24;
  129. $columns = isset($_POST['columns']) ? $_POST['columns'] : 80;
  130.  
  131. if (!preg_match('/^[[:digit:]]+$/', $rows)) {
  132. $rows=24 ;
  133. }
  134. if (!preg_match('/^[[:digit:]]+$/', $columns)) {
  135. $columns=80 ;
  136. }
  137. /* Load the configuration. */
  138. $ini = parse_ini_file('config.php', true);
  139.  
  140. if (empty($ini['settings'])) {
  141. $ini['settings'] = array();
  142. }
  143.  
  144. /* Default settings --- these settings should always be set to something. */
  145. $default_settings = array('home-directory' => '.',
  146. 'PS1' => '$ ');
  147. $showeditor = false;
  148.  
  149. /* Merge settings. */
  150. $ini['settings'] = array_merge($default_settings, $ini['settings']);
  151.  
  152. session_start();
  153.  
  154. /* Delete the session data if the user requested a logout. This leaves
  155. * the session cookie at the user, but this is not important since we
  156. * authenticates on $_SESSION['authenticated']. */
  157. if (isset($_POST['logout'])) {
  158. logout();
  159. }
  160.  
  161. /* Clear screen if submitted */
  162. if (isset($_POST['clear'])) {
  163. clearscreen();
  164. }
  165.  
  166. /* Attempt authentication. */
  167. if (isset($_SESSION['nounce']) && $nounce == $_SESSION['nounce']
  168. && isset($ini['users'][$username])
  169. ) {
  170. if (strchr($ini['users'][$username], ':') === false) {
  171. // No seperator found, assume this is a password in clear text.
  172. $_SESSION['authenticated'] = ($ini['users'][$username] == $password);
  173. } else {
  174. list($fkt, $salt, $hash) = explode(':', $ini['users'][$username]);
  175. $_SESSION['authenticated'] = ($fkt($salt . $password) == $hash);
  176. }
  177. }
  178.  
  179.  
  180. /* Enforce default non-authenticated state if the above code didn't set it
  181. * already. */
  182. if (!isset($_SESSION['authenticated'])) {
  183. $_SESSION['authenticated'] = false;
  184. }
  185.  
  186. if ($_SESSION['authenticated']) {
  187. /* Initialize the session variables. */
  188. if (empty($_SESSION['cwd'])) {
  189. $_SESSION['cwd'] = realpath($ini['settings']['home-directory']);
  190. $_SESSION['history'] = array();
  191. $_SESSION['output'] = '';
  192. }
  193. /* Clicked on one of the subdirectory links - ignore the command */
  194. if (isset($_POST['levelup'])) {
  195. $levelup = $_POST['levelup'] ;
  196. while ($levelup > 0) {
  197. $command = '' ; /* ignore the command */
  198. $_SESSION['cwd'] = dirname($_SESSION['cwd']);
  199. $levelup -- ;
  200. }
  201. }
  202. /* Selected a new subdirectory as working directory - ignore the command */
  203. if (isset($_POST['changedirectory'])) {
  204. $changedir= $_POST['changedirectory'];
  205. if (strlen($changedir) > 0) {
  206. if (@chdir($_SESSION['cwd'] . '/' . $changedir)) {
  207. $command = '' ; /* ignore the command */
  208. $_SESSION['cwd'] = realpath($_SESSION['cwd'] . '/' . $changedir);
  209. }
  210. }
  211. }
  212. if (isset($_FILES['uploadfile']['tmp_name'])) {
  213. if (is_uploaded_file($_FILES['uploadfile']['tmp_name'])) {
  214. if (!move_uploaded_file($_FILES['uploadfile']['tmp_name'], $_SESSION['cwd'] . '/' . $_FILES['uploadfile']['name'])) {
  215. echo "CANNOT MOVE {$_FILES['uploadfile']['name']}" ;
  216. }
  217. }
  218. }
  219.  
  220. /* Save content from 'editor' */
  221. if (isset($_POST["filetoedit"]) && ($_POST["filetoedit"] != "")) {
  222. $filetoedit_handle = fopen($_POST["filetoedit"], "w");
  223. fputs($filetoedit_handle, str_replace("%0D%0D%0A", "%0D%0A", $_POST["filecontent"]));
  224. fclose($filetoedit_handle);
  225. }
  226.  
  227. if (!empty($command)) {
  228. /* Save the command for late use in the JavaScript. If the command is
  229. * already in the history, then the old entry is removed before the
  230. * new entry is put into the list at the front. */
  231. if (($i = array_search($command, $_SESSION['history'])) !== false) {
  232. unset($_SESSION['history'][$i]);
  233. }
  234.  
  235. array_unshift($_SESSION['history'], $command);
  236.  
  237. /* Now append the command to the output. */
  238. $_SESSION['output'] .= htmlspecialchars($ini['settings']['PS1'] . $command, ENT_COMPAT, 'UTF-8') . "\n";
  239.  
  240. /* Initialize the current working directory. */
  241. if (trim($command) == 'cd') {
  242. $_SESSION['cwd'] = realpath($ini['settings']['home-directory']);
  243. } elseif (preg_match('/^[[:blank:]]*cd[[:blank:]]+([^;]+)$/', $command, $regs)) {
  244. /* The current command is a 'cd' command which we have to handle
  245. * as an internal shell command. */
  246.  
  247. /* if the directory starts and ends with quotes ("), remove them -
  248. allows command like 'cd "abc def"' */
  249. if ((substr($regs[1], 0, 1) == '"') && (substr($regs[1], -1) =='"') ) {
  250. $regs[1] = substr($regs[1], 1);
  251. $regs[1] = substr($regs[1], 0, -1);
  252. }
  253.  
  254. if ($regs[1]{0} == '/') {
  255. /* Absolute path, we use it unchanged. */
  256. $new_dir = $regs[1];
  257. } else {
  258. /* Relative path, we append it to the current working directory. */
  259. $new_dir = $_SESSION['cwd'] . '/' . $regs[1];
  260. }
  261.  
  262. /* Transform '/./' into '/' */
  263. while (strpos($new_dir, '/./') !== false) {
  264. $new_dir = str_replace('/./', '/', $new_dir);
  265. }
  266.  
  267. /* Transform '//' into '/' */
  268. while (strpos($new_dir, '//') !== false) {
  269. $new_dir = str_replace('//', '/', $new_dir);
  270. }
  271.  
  272. /* Transform 'x/..' into '' */
  273. while (preg_match('|/\.\.(?!\.)|', $new_dir)) {
  274. $new_dir = preg_replace('|/?[^/]+/\.\.(?!\.)|', '', $new_dir);
  275. }
  276.  
  277. if ($new_dir == '') {
  278. $new_dir = '/';
  279. }
  280.  
  281. /* Try to change directory. */
  282. if (@chdir($new_dir)) {
  283. $_SESSION['cwd'] = $new_dir;
  284. } else {
  285. $_SESSION['output'] .= "cd: could not change to: $new_dir\n";
  286. }
  287.  
  288. /* history command (without parameter) - output the command history */
  289. } elseif (trim($command) == 'history') {
  290. $i = 1 ;
  291. foreach ($_SESSION['history'] as $histline) {
  292. $_SESSION['output'] .= htmlspecialchars(sprintf("%5d %s\n", $i, $histline), ENT_COMPAT, 'UTF-8');
  293. $i++;
  294. }
  295. /* history command (with parameter "-c") - clear the command history */
  296. } elseif (preg_match('/^[[:blank:]]*history[[:blank:]]*-c[[:blank:]]*$/', $command)) {
  297. $_SESSION['history'] = array() ;
  298. /* "clear" command - clear the screen */
  299. } elseif (trim($command) == 'clear') {
  300. clearscreen();
  301. } elseif (trim($command) == 'editor') {
  302. /* You called 'editor' without a filename so you get an short help
  303. * on how to use the internal 'editor' command */
  304. $_SESSION['output'] .= " Syntax: editor filename\n (you forgot the filename)\n";
  305.  
  306. } elseif (preg_match('/^[[:blank:]]*editor[[:blank:]]+([^;]+)$/', $command, $regs)) {
  307. /* This is a tiny editor which you can start with 'editor filename'. */
  308. $filetoedit = $regs[1];
  309. if ($regs[1]{0} != '/') {
  310. /* relative path, add it to the current working directory. */
  311. $filetoedit = $_SESSION['cwd'].'/'.$regs[1];
  312. } ;
  313. if (is_file(realpath($filetoedit)) || ! file_exists($filetoedit)) {
  314. $showeditor = true;
  315. if (file_exists(realpath($filetoedit))) {
  316. $filetoedit = realpath($filetoedit);
  317. }
  318. } else {
  319. $_SESSION['output'] .= " Syntax: editor filename\n (just regular or not existing files)\n";
  320. }
  321.  
  322. } elseif ((trim($command) == 'exit') || (trim($command) == 'logout')) {
  323. logout();
  324. } else {
  325.  
  326. /* The command is not an internal command, so we execute it after
  327. * changing the directory and save the output. */
  328. if (@chdir($_SESSION['cwd'])) {
  329.  
  330. // We canot use putenv() in safe mode.
  331. if (!ini_get('safe_mode')) {
  332. // Advice programs (ls for example) of the terminal size.
  333. putenv('ROWS=' . $rows);
  334. putenv('COLUMNS=' . $columns);
  335. }
  336.  
  337. /* Alias expansion. */
  338. $length = strcspn($command, " \t");
  339. $token = substr($command, 0, $length);
  340. if (isset($ini['aliases'][$token])) {
  341. $command = $ini['aliases'][$token] . substr($command, $length);
  342. }
  343. $io = array();
  344. $p = proc_open(
  345. $command,
  346. array(1 => array('pipe', 'w'),
  347. 2 => array('pipe', 'w')),
  348. $io
  349. );
  350.  
  351. /* Read output sent to stdout. */
  352. while (!feof($io[1])) {
  353. $line=fgets($io[1]);
  354. if (function_exists('mb_convert_encoding')) {
  355. /* (hopefully) fixes a strange "htmlspecialchars(): Invalid multibyte sequence in argument" error */
  356. $line = mb_convert_encoding($line, 'UTF-8', 'UTF-8');
  357. }
  358. $_SESSION['output'] .= htmlspecialchars($line, ENT_COMPAT, 'UTF-8');
  359. }
  360. /* Read output sent to stderr. */
  361. while (!feof($io[2])) {
  362. $line=fgets($io[2]);
  363. if (function_exists('mb_convert_encoding')) {
  364. /* (hopefully) fixes a strange "htmlspecialchars(): Invalid multibyte sequence in argument" error */
  365. $line = mb_convert_encoding($line, 'UTF-8', 'UTF-8');
  366. }
  367. $_SESSION['output'] .= htmlspecialchars($line, ENT_COMPAT, 'UTF-8');
  368. }
  369.  
  370. fclose($io[1]);
  371. fclose($io[2]);
  372. proc_close($p);
  373. } else { /* It was not possible to change to working directory. Do not execute the command */
  374. $_SESSION['output'] .= "PHP Shell could not change to working directory. Your command was not executed.\n";
  375. }
  376. }
  377. }
  378.  
  379. /* Build the command history for use in the JavaScript */
  380. if (empty($_SESSION['history'])) {
  381. $js_command_hist = '""';
  382. } else {
  383. $escaped = array_map('addslashes', $_SESSION['history']);
  384. $js_command_hist = '"", "' . implode('", "', $escaped) . '"';
  385. }
  386. }
  387.  
  388. ?>
  389. <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN"
  390. "http://www.w3.org/TR/html4/strict.dtd">
  391. <html>
  392. <head>
  393. <title>PHP Shell <?php echo PHPSHELL_VERSION ?></title>
  394. <meta http-equiv="Content-Script-Type" content="text/javascript">
  395. <meta http-equiv="Content-Style-Type" content="text/css">
  396. <meta name="generator" content="phpshell">
  397. <link rel="shortcut icon" type="image/x-icon" href="phpshell.ico">
  398. <link rel="stylesheet" href="style.css" type="text/css">
  399.  
  400. <script type="text/javascript">
  401. <?php if ($_SESSION['authenticated'] && ! $showeditor) { ?>
  402.  
  403. var current_line = 0;
  404. var command_hist = new Array(<?php echo $js_command_hist ?>);
  405. var last = 0;
  406.  
  407. function key(e) {
  408. if (!e) var e = window.event;
  409.  
  410. if (e.keyCode == 38 && current_line < command_hist.length-1) {
  411. command_hist[current_line] = document.shell.command.value;
  412. current_line++;
  413. document.shell.command.value = command_hist[current_line];
  414. }
  415.  
  416. if (e.keyCode == 40 && current_line > 0) {
  417. command_hist[current_line] = document.shell.command.value;
  418. current_line--;
  419. document.shell.command.value = command_hist[current_line];
  420. }
  421.  
  422. }
  423.  
  424. function init() {
  425. document.shell.setAttribute("autocomplete", "off");
  426. document.shell.output.scrollTop = document.shell.output.scrollHeight;
  427. document.shell.command.focus()
  428. }
  429.  
  430. <?php } elseif ($_SESSION['authenticated'] && $showeditor) { ?>
  431.  
  432. function init() {
  433. document.shell.filecontent.focus();
  434. }
  435.  
  436. <?php } else { ?>
  437.  
  438. function init() {
  439. document.shell.username.focus();
  440. }
  441.  
  442. <?php } ?>
  443. function levelup(d) {
  444. document.shell.levelup.value=d ;
  445. document.shell.submit() ;
  446. }
  447. function changesubdir(d) {
  448. document.shell.changedirectory.value=document.shell.dirselected.value ;
  449. document.shell.submit() ;
  450. }
  451. </script>
  452. </head>
  453.  
  454. <body onload="init()">
  455.  
  456. <h1>PHP Shell <?php echo PHPSHELL_VERSION ?></h1>
  457.  
  458. <form name="shell" enctype="multipart/form-data" action="<?php print($_SERVER['PHP_SELF']) ?>" method="post">
  459. <div><input name="levelup" id="levelup" type="hidden"></div>
  460. <div><input name="changedirectory" id="changedirectory" type="hidden"></div>
  461. <?php
  462. if (!$_SESSION['authenticated']) {
  463. /* Generate a new nounce every time we present the login page. This binds
  464. * each login to a unique hit on the server and prevents the simple replay
  465. * attack where one uses the back button in the browser to replay the POST
  466. * data from a login. */
  467. $_SESSION['nounce'] = mt_rand();
  468.  
  469.  
  470. if (ini_get('safe_mode') && $ini['settings']['safe-mode-warning'] == true ) {
  471. echo '<div class="warning">Warning: Safe-mode is enabled. PHP Shell will probably not work correctly.</div>';
  472. }
  473.  
  474.  
  475. ?>
  476.  
  477. <fieldset>
  478. <legend>Authentication</legend>
  479. <?php
  480. if (!empty($username)) {
  481. echo " <p class=\"error\">Login failed, please try again:</p>\n";
  482. } else {
  483. echo " <p>Please login:</p>\n";
  484. }
  485. ?>
  486.  
  487. <label for="username">Username:</label>
  488. <input name="username" id="username" type="text" value="<?php echo $username ?>"><br>
  489. <label for="password">Password:</label>
  490. <input name="password" id="password" type="password">
  491. <p><input type="submit" value="Login"></p>
  492. <input name="nounce" type="hidden" value="<?php echo $_SESSION['nounce']; ?>">
  493.  
  494. </fieldset>
  495.  
  496. <?php } else { /* Authenticated. */ ?>
  497. <fieldset>
  498. <legend><?php echo "Phpshell running on: " . $_SERVER['SERVER_NAME']; ?></legend>
  499. <p>Current Working Directory:
  500. <span class="pwd"><?php
  501. if ( $showeditor ) {
  502. echo htmlspecialchars($_SESSION['cwd'], ENT_COMPAT, 'UTF-8') . '</span>';
  503. } else { /* normal mode - offer navigation via hyperlinks */
  504. $parts = explode('/', $_SESSION['cwd']);
  505.  
  506. for ($i=1; $i<count($parts); $i=$i+1) {
  507. echo '<a class="pwd" title="Change to this directory. Your command will not be executed." href="javascript:levelup(' . (count($parts)-$i) . ')">/</a>' ;
  508. echo htmlspecialchars($parts[$i], ENT_COMPAT, 'UTF-8');
  509. }
  510. echo '</span>';
  511. if (is_readable($_SESSION['cwd'])) { /* is the current directory readable? */
  512. /* Now we make a list of the directories. */
  513. $dir_handle = opendir($_SESSION['cwd']);
  514. /* We store the output so that we can sort it later: */
  515. $options = array();
  516. /* Run through all the files and directories to find the dirs. */
  517. while ($dir = readdir($dir_handle)) {
  518. if (($dir != '.') and ($dir != '..') and is_dir($_SESSION['cwd'] . "/" . $dir)) {
  519. $options[$dir] = "<option value=\"/$dir\">$dir</option>";
  520. }
  521. }
  522. closedir($dir_handle);
  523. if (count($options)>0) {
  524. ksort($options);
  525. echo '<br><a href="javascript:changesubdir()">Change to subdirectory</a>: <select name="dirselected">';
  526. echo implode("\n", $options);
  527. echo '</select>';
  528. }
  529. } else {
  530. echo "[current directory not readable]";
  531. }
  532. }
  533. ?>
  534. <br>
  535.  
  536. <?php if (! $showeditor) { /* Outputs the 'terminal' without the editor */ ?>
  537.  
  538. <div id="terminal">
  539. <textarea name="output" readonly="readonly" cols="<?php echo $columns ?>" rows="<?php echo $rows ?>">
  540. <?php
  541. $lines = substr_count($_SESSION['output'], "\n");
  542. $padding = str_repeat("\n", max(0, $rows+1 - $lines));
  543. echo rtrim($padding . $_SESSION['output']);
  544. ?>
  545. </textarea>
  546. <p id="prompt">
  547. <span id="ps1"><?php echo htmlspecialchars($ini['settings']['PS1'], ENT_COMPAT, 'UTF-8'); ?></span>
  548. <input name="command" type="text" onkeyup="key(event)"
  549. size="<?php echo $columns-strlen($ini['settings']['PS1']); ?>" tabindex="1">
  550. </p>
  551. </div>
  552.  
  553. <?php } else { /* Output the 'editor' */ ?>
  554. <?php print("You are editing this file: ".$filetoedit); ?>
  555.  
  556. <div id="terminal">
  557. <textarea name="filecontent" cols="<?php echo $columns ?>" rows="<?php echo $rows ?>">
  558. <?php
  559. if (file_exists($filetoedit)) {
  560. print(htmlspecialchars(str_replace("%0D%0D%0A", "%0D%0A", file_get_contents($filetoedit))));
  561. }
  562. ?>
  563. </textarea>
  564. </div>
  565.  
  566. <?php } /* End of terminal */ ?>
  567.  
  568. <p>
  569. <?php if (! $showeditor) { /* You can not resize the textarea while
  570. * the editor is 'running', because if you would
  571. * do so you would lose the changes you have
  572. * already made in the textarea since last saving */
  573. ?>
  574. <span style="float: right">Size: <input type="text" name="rows" size="2"
  575. maxlength="3" value="<?php echo $rows ?>"> &times; <input type="text"
  576. name="columns" size="2" maxlength="3" value="<?php echo $columns
  577. ?>"></span><br>
  578. <input type="submit" value="Execute command">
  579. <input type="submit" name="clear" value="Clear screen">
  580. <?php } else { /* for 'editor-mode' */ ?>
  581. <input type="hidden" name="filetoedit" id="filetoedit" value="<?php print($filetoedit) ?>">
  582. <input type="submit" value="Save and Exit">
  583. <input type="reset" value="Undo all Changes">
  584. <input type="submit" value="Exit without saving" onclick="javascript:document.getElementById('filetoedit').value='';return true;">
  585. <?php } ?>
  586.  
  587. <input type="submit" name="logout" value="Logout">
  588. </p>
  589. </fieldset>
  590.  
  591. <?php if ($ini['settings']['file-upload']) { ?>
  592. <br><br>
  593. <fieldset>
  594. <legend>File upload</legend>
  595. Select file for upload:
  596. <input type="file" name="uploadfile" size="40"><br>
  597. <input type="submit" value="Upload file">
  598. </fieldset>
  599. <?php } ?>
  600.  
  601. <?php } ?>
  602.  
  603. </form>
  604.  
  605. <hr>
  606.  
  607. <p>Please consult the <a href="README">README</a>, <a
  608. href="INSTALL">INSTALL</a>, and <a href="SECURITY">SECURITY</a> files for
  609. instruction on how to use PHP Shell.</p>
  610. <p>If you have not created accounts for phpshell, please use
  611. <a href="pwhash.php">pwhash.php</a> to create secure passwords.</p>
  612.  
  613. <hr>
  614. <address>
  615. Copyright &copy; 2000&ndash;2012, the Phpshell-team. Get the
  616. latest version at <a
  617. href="http://phpshell.sourceforge.net/">http://phpshell.sourceforge.net/</a>.
  618. </address>
  619. </body>
  620. </html>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!