'; print_r($paths); echo '';
$path = $_GET['path'];
}
$currentpath = $ROOT . '/' . $path;
$ACTION = $_POST['action'];
if($_GET['action'] != '') $ACTION = $_GET['action'];
$what = '';
if($ACTION == 'phpinfo') {
phpinfo();
exit;
}elseif($ACTION == 'shell' && $_POST['command'] != '') {
if(RESTRICT_SHELL) {
$SHELL_RET = '255';
$SHELL_OUTPUT[0] = 'Shell has been desactivated for security purpose !';
}else{
$line = exec($_POST['command'],$SHELL_OUTPUT,$SHELL_RET);
}
}elseif($ACTION == 'delete') {
$file = $_POST['file']; if($_GET['file'] != '') $file = $_GET['file'];
$what = $currentpath . '/' . $file;
if(is_file($what)) $ACTION = 'file_delete';
if(is_dir($what)) $ACTION = 'folder_delete';
}elseif($ACTION == 'rename') {
if($_POST['newname'] != $_POST['oldname']) {
$ret = @rename($currentpath . '/' . $_POST['oldname'], $currentpath . '/' . $_POST['newname']);
if(!$ret) { $tmp = error_get_last(); $DIRFILE_GET->err = $tmp['message']; }
}
}elseif($ACTION == 'chmod') {
if($_POST['newchmod'] != $_POST['oldchmod']) {
$ret = @chmod($currentpath . '/' . $_POST['name'], octdec($_POST['newchmod']));
if(!$ret) { $tmp = error_get_last(); $DIRFILE_GET->err = $tmp['message']; }
}
}elseif($ACTION == 'extract') {
//print_r($_POST);
//var_dump(class_exists('ZipArchive')); $zip = new ZipArchive();
$cmd = '';
if(substr($_POST['name'],-4) == '.zip') {
if($_POST['where'] == 'extracthere') {
$cmd = 'unzip -d ' . $currentpath . ' ' . $currentpath . '/' . $_POST['name'];
}elseif($_POST['where'] == 'extracttoname') {
$where = $currentpath . '/' . substr($_POST['name'], 0,strlen($_POST['name']) - 4);
$cmd = 'unzip -d ' . $where . ' ' . $currentpath . '/' . $_POST['name'];
}
}elseif(substr($_POST['name'],-7) == '.tar.gz') {
if($_POST['where'] == 'extracthere') {
$cmd = 'tar -C ' . $currentpath . ' -xzf ' . $currentpath . '/' . $_POST['name'];
}elseif($_POST['where'] == 'extracttoname') {
$where = $currentpath . '/' . substr($_POST['name'], 0,strlen($_POST['name']) - 7);
@mkdir($where);
$cmd = 'tar -C ' . $where . ' -xzf ' . $currentpath . '/' . $_POST['name'];
}
}elseif(substr($_POST['name'],-4) == '.tgz') {
if($_POST['where'] == 'extracthere') {
$cmd = 'tar -C ' . $currentpath . ' -xzf ' . $currentpath . '/' . $_POST['name'];
}elseif($_POST['where'] == 'extracttoname') {
$where = $currentpath . '/' . substr($_POST['name'], 0,strlen($_POST['name']) - 4);
@mkdir($where);
$cmd = 'tar -C ' . $where . ' -xzf ' . $currentpath . '/' . $_POST['name'];
}
}elseif(substr($_POST['name'],-4) == '.tar') {
if($_POST['where'] == 'extracthere') {
$cmd = 'tar -C ' . $currentpath . ' -xf ' . $currentpath . '/' . $_POST['name'];
}elseif($_POST['where'] == 'extracttoname') {
$where = $currentpath . '/' . substr($_POST['name'], 0,strlen($_POST['name']) - 7);
@mkdir($where);
$cmd = 'tar -C ' . $where . ' -xf ' . $currentpath . '/' . $_POST['name'];
}
}elseif(substr($_POST['name'],-4) == '.bz2') {
if($_POST['where'] == 'extracthere') {
$cmd = 'tar -C ' . $currentpath . ' -xjf ' . $currentpath . '/' . $_POST['name'];
}elseif($_POST['where'] == 'extracttoname') {
$where = $currentpath . '/' . substr($_POST['name'], 0,strlen($_POST['name']) - 4);
@mkdir($where);
$cmd = 'tar -C ' . $where . ' -xjf ' . $currentpath . '/' . $_POST['name'];
}
}elseif(substr($_POST['name'],-3) == '.xz') {
if($_POST['where'] == 'extracthere') {
$cmd = 'tar -C ' . $currentpath . ' -xJf ' . $currentpath . '/' . $_POST['name'];
}elseif($_POST['where'] == 'extracttoname') {
$where = $currentpath . '/' . substr($_POST['name'], 0,strlen($_POST['name']) - 3);
@mkdir($where);
$cmd = 'tar -C ' . $where . ' -xJf ' . $currentpath . '/' . $_POST['name'];
}
}
if($cmd != '') $line = exec($cmd,$ARRAY,$ret);
//if($ret != 0) { $DIRFILE_GET->err = $ret . ': ' . $line . '
' . $cmd . ''; }
if($ret != 0) { $DIRFILE_GET->err = $ret . ': ' . $line; }
}elseif($ACTION == 'batch_chmod') {
$BATCH['do'] = true;
if($_POST['from'] != 'current' && $_POST['from'] != 'currentandchilds') $BATCH['do'] = false;
if($_POST['what'] != 'file' && $_POST['what'] != 'dir' && $_POST['what'] != 'dirfile') $BATCH['do'] = false;
if($_POST['chmod'] == '') $BATCH['do'] = false;
if(strlen($_POST['chmod']) == 3) $_POST['chmod'] = '0' . $_POST['chmod'];
if($BATCH['do']) {
$BATCH['currentpath'] = $currentpath;
$BATCH['post'] = $_POST;
}else{
$DIRFILE_GET->err = 'Erreur dans le formulaire !';
}
}
function batch($path)
{
global $BATCH;
$Rep = @opendir($path);
while ($Item = readdir($Rep)) {
if ($Item == '.' || $Item == '..') continue;
if(is_dir($path.'/'.$Item)) {
if($BATCH['post']['action'] == 'batch_chmod' && ($BATCH['post']['what'] == 'dir' || $BATCH['post']['what'] == 'dirfile')) @chmod($path.'/'.$Item, octdec($BATCH['post']['chmod']));
if($BATCH['post']['from'] == 'currentandchilds') batch($path . '/' . $Item);
}else{
if($BATCH['post']['action'] == 'batch_chmod' && ($BATCH['post']['what'] == 'file' || $BATCH['post']['what'] == 'dirfile')) @chmod($path.'/'.$Item, octdec($BATCH['post']['chmod']));
}
}
closedir($Rep);
}
if($BATCH['do']) {
//print_r($BATCH);
batch($BATCH['currentpath']);
}
if($ACTION == 'folder_create') {
$_POST['folder_name'] = trim($_POST['folder_name']);
if(preg_match('/^[a-zA-Z1-9\.\s]+$/', $_POST['folder_name'])) {
$ret = @mkdir($currentpath . '/' . $_POST['folder_name']);
if($ret) {
$_POST['folder_name'] = '';
}else{
$tmp = error_get_last();
$DIRFILE_GET->err = $tmp['message'];
}
}else{
$DIRFILE_GET->err = 'Caractere non autorise.';
}
}elseif($ACTION == 'folder_delete') {
if($what == '') $what = $currentpath;
$ret = @rmdir($what);
if(!$ret) { $tmp = error_get_last(); $DIRFILE_GET->err = $tmp['message']; }
}elseif($ACTION == 'file_delete') {
$ret = @unlink($what);
if(!$ret) { $tmp = error_get_last(); $DIRFILE_GET->err = $tmp['message']; }
}elseif($ACTION == 'file_upload_url' && $_POST['url'] != '') {
$parse = parse_url($_POST['url']); //print_r($parse); var_dump(basename($parse['path']));
if($parse['scheme'] == 'http' || $parse['scheme'] == 'https') {
$name = basename($parse['path']);
$CONTENT = file_get_contents($_POST['url']);
file_put_contents($currentpath . '/' . $name, $CONTENT);
}else{
$DIRFILE_GET->err = 'Erreur !';
}
}elseif(is_array($_FILES['FILE'])) {
if($_FILES['FILE']['name'] == '') {
$DIRFILE_GET->err = 'empty filename';
}elseif($_FILES['FILE']['error'] != 0) {
$DIRFILE_GET->err = 'error code : ' . $_FILES['FILE']['error'];
}else{
$ret = @move_uploaded_file($_FILES['FILE']['tmp_name'],$currentpath . '/' . $_FILES['FILE']['name']);
if(!$ret) { $tmp = error_get_last(); $DIRFILE_GET->err = $tmp['message']; }
}
}elseif($ACTION == 'download') {
$file = $_POST['file']; if($_GET['file'] != '') $file = $_GET['file'];
if(substr($file, -4) == '.png') header("Content-type: image/png");
if(substr($file, -4) == '.jpg') header("Content-type: image/jpeg");
if(substr($file, -4) == '.gif') header("Content-type: image/gif");
if(substr($file, -4) == '.pdf') header("Content-type: application/pdf");
header("Content-Disposition: attachment; filename=".$file);
readfile($currentpath . '/' . $file);
exit;
}elseif($ACTION == 'downloadinline') {
$file = $_POST['file']; if($_GET['file'] != '') $file = $_GET['file'];
if(substr($file, -4) == '.png') header("Content-type: image/png");
if(substr($file, -4) == '.jpg') header("Content-type: image/jpeg");
if(substr($file, -4) == '.gif') header("Content-type: image/gif");
if(substr($file, -4) == '.pdf') header("Content-type: application/pdf");
if(substr($file, -4) == '.php') header("Content-type: text/html");
if(substr($file, -4) == '.zip') header("Content-type: application/zip");
if(substr($file, -7) == '.tar.gz') header("Content-type: application/x-gzip");
header("Content-Disposition: inline; filename=".$file);
$CONTENT = file_get_contents($currentpath . '/' . $file);
if(substr($file, -4) == '.php') $CONTENT = highlight_string($CONTENT);
echo $CONTENT;
exit;
}
if(DEBUG) {
echo '[debug] SERVER_NAME (VHOST) : ' . $_SERVER['SERVER_NAME'] . '
';
echo '[debug] DOCUMENT_ROOT (ROOT): ' . $_SERVER['DOCUMENT_ROOT'] . '
';
echo '[debug] SCRIPT_NAME: ' . $_SERVER['SCRIPT_NAME'] . '
';
echo '[debug] dir(FILE): ' . dirname(__FILE__) . '
';
echo '[debug] GET[path] : ' . $_GET['path'] . '
';
if(count($_GET) > 0) { echo 'GET
'; print_r($_GET); echo ''; } if(count($_POST) > 0) { echo 'POST
'; print_r($_POST); echo ''; } if(count($_FILES) > 0) { echo 'FILES
'; print_r($_FILES); echo ''; } echo '[debug] ROOT : ' . $ROOT . '
/** 1FilePhpExplorer : A single PHP file to browse * @link https://sourceforge.net/projects/one1filephpexplorer/ * @author Yves Reveillon, http://www.eurower.fr/ * @copyright 2015 Yves Reveillon * @license http://www.apache.org/licenses/LICENSE-2.0 Apache License, Version 2.0 * @license http://www.gnu.org/licenses/gpl-2.0.html GNU General Public License, version 2 (one or other) * @version 0.1.1 */ Cette application est un explorateur de fichiers. Elle permet de parcourir l'arborescence d'un site internet à la façon d'un navigateur web (avec les mêmes droits). Les fichiers non accessibles par cette application ne le seront pas, sous certaines conditions, par un navigateur web. A UTILISER AVEC PRUDENCE : CETTE APPLICATION PERMET D'AFFICHER LE CODE SOURCE DE VOS FICHIERS PHP ET DE TOUT AUTRES SCRIPTS !$DIRFILEMAX) { $DIRFILEMAXREACHED = true; break; } $DIRFILECOUNT++; if(is_dir($currentpath.'/'.$Item)) { $Index = count($DIR); $DIR[$Index]->FileType = @filetype($currentpath.'/'.$Item); $DIR[$Index]->Name = $Item; $DIR[$Index]->Stat = alt_stat($currentpath.'/'.$Item); }else{ $Index = count($FILE); $FILE[$Index]->FileType = @filetype($currentpath.'/'.$Item); $FILE[$Index]->Name = $Item; $FILE[$Index]->Stat = alt_stat($currentpath.'/'.$Item); } } closedir($Rep); }else{ $DIRFILE_GET->err = 'Unable to open directory : insufficient permission.'; } uasort($DIR, 'cmp'); uasort($FILE, 'cmp'); $DIRFILE = array_merge($DIR, $FILE); //echo '
'; print_r($DIRFILE); echo ''; $me = (function_exists('posix_getpwuid'))?@posix_getpwuid(posix_getuid()):posix_getuid(); $meg = (function_exists('posix_getgrgid'))?@posix_getgrgid(posix_getgrgid()):posix_getgid(); if(DEBUG) { echo '[debug] me :
'; print_r($me); echo '
'; print_r($meg); echo '
Nom du fichier / dossier | Actions | Taille | Propriétaire | Groupe | Permissions | Modification | |||||||
Max file () reached ! For stability reason, no more file or dir can be displayed for this directory.Note that items are stats in filesystem order. | |||||||||||||
err; ?> | |||||||||||||
Stat['filetype']['is_dir']) {
$path2go = (($path == '') ? '' : $path . '/') . $DirFile->Name;
if($DirFile->Name == '.') $path2go = $path;
if($DirFile->Name == '..') {
$_tmp = explode('/',$path2go); //echo ''; print_r($_tmp); echo ''; $_tmp = array_slice($_tmp,0,count($_tmp)-2); //echo ' '; print_r($_tmp); echo ''; $path2go = implode('/',$_tmp); } ?> Stat['file']['realpath'] == $_SERVER['SCRIPT_FILENAME']) { ?> =$DirFile->Name?> (I am this script :-D)
Name,-4) == '.php') { ?>
=$DirFile->Name?>
Name,-4) == '.jpg') { ?>
=$DirFile->Name?>
Name,-4) == '.gif') { ?>
=$DirFile->Name?>
Name,-4) == '.png') { ?>
=$DirFile->Name?>
Name,-4) == '.bmp') { ?>
=$DirFile->Name?>
Name,-4) == '.exe') { ?>
=$DirFile->Name?>
Name,-4) == '.bat') { ?>
=$DirFile->Name?>
Name,-4) == '.css') { ?>
=$DirFile->Name?>
Name,-4) == '.pdf') { ?>
=$DirFile->Name?>
Name,-4) == '.zip') { ?>
=$DirFile->Name?>
Name,-3) == '.gz') { ?>
=$DirFile->Name?>
Name,-4) == '.tar') { ?>
=$DirFile->Name?>
Name,-4) == '.txt') { ?>
=$DirFile->Name?>
Name,-4) == '.log') { ?>
=$DirFile->Name?>
Name,-5) == '.html') { ?>
=$DirFile->Name?>
Name,-4) == '.htm') { ?>
=$DirFile->Name?>
Name,-3) == '.js') { ?>
=$DirFile->Name?>
=$DirFile->Name?>
|
Name != '.' && $DirFile->Name != '..') { ?> FileType == 'file' && $DirFile->Stat['filetype']['is_readable'])) echo 'style="visibility:hidden;"' ?>> FileType == 'file' && $DirFile->Stat['filetype']['is_readable'])) echo 'style="visibility:hidden;"' ?>> Stat['filetype']['is_writable']) echo 'style="visibility:hidden;"' ?>> Stat['extra']['is_extractable']) echo 'style="visibility:hidden;"' ?>> Stat['filetype']['is_writable']) echo 'style="visibility:hidden;"' ?>> | Stat['filetype']['is_dir']) echo display($DirFile->Stat['size']['hsize'],'? o'); ?> | Stat['owner']['owner']['name']); ?> Stat['owner']['owner']['uid']); ?> | Stat['owner']['group']['name']); ?> Stat['owner']['group']['gid']); ?> | Stat['perms']['human'],'?',7); ?> Stat['perms']['octal1']; ?>
|
Stat['time']['modified'],'0000-00-00 00:00'); ?> |