API tools faq
paste
Advertisement
dr4k0la

Untitled

dr4k0la
Feb 23rd, 2025
223
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
PHP 6.27 KB | None | 0 0
raw download clone embed print report
  1. <?php
  2. // Simple PHP File Manager – “Non Evil Code”
  3. // Lists directories/files, lets you edit file contents, change permissions, and navigate around.
  4. // WARNING: This demo does NOT include authentication. Do not use it in production without proper security measures.
  5.  
  6. define('BASE_DIR', realpath(__DIR__ . '/files')); // Base directory for file operations
  7.  
  8. // Utility function to sanitize and restrict navigation within BASE_DIR
  9. function sanitizePath($path) {
  10.     $realBase = BASE_DIR;
  11.     $realUserPath = realpath($path);
  12.     if ($realUserPath === false || strpos($realUserPath, $realBase) !== 0) {
  13.         return false;
  14.     }
  15.     return $realUserPath;
  16. }
  17.  
  18. // Determine current directory from the GET parameter (default to BASE_DIR)
  19. $dirParam = isset($_GET['dir']) ? $_GET['dir'] : '';
  20. $currentDir = sanitizePath(BASE_DIR . '/' . $dirParam);
  21. if ($currentDir === false) {
  22.     die("Invalid directory!");
  23. }
  24.  
  25. // Display navigation breadcrumbs
  26. function displayBreadcrumbs($currentDir) {
  27.     $relativePath = ltrim(str_replace(BASE_DIR, '', $currentDir), '/\\');
  28.     $parts = $relativePath ? explode(DIRECTORY_SEPARATOR, $relativePath) : [];
  29.     echo '<a href="?">BASE</a>';
  30.     $pathSoFar = '';
  31.     foreach ($parts as $part) {
  32.         $pathSoFar .= '/' . $part;
  33.         echo ' / <a href="?dir=' . urlencode(ltrim($pathSoFar, '/')) . '">' . htmlspecialchars($part) . '</a>';
  34.     }
  35.     echo "<br><br>";
  36. }
  37.  
  38. // File editing functionality
  39. if (isset($_GET['action']) && $_GET['action'] === 'edit' && isset($_GET['file'])) {
  40.     $filePath = sanitizePath($currentDir . '/' . $_GET['file']);
  41.     if ($filePath === false || !is_file($filePath)) {
  42.         die("Invalid file!");
  43.     }
  44.     if ($_SERVER['REQUEST_METHOD'] === 'POST') {
  45.         // Save file content
  46.         $newContent = $_POST['content'];
  47.         file_put_contents($filePath, $newContent);
  48.         echo "File updated successfully!<br>";
  49.         echo '<a href="?dir=' . urlencode(ltrim(str_replace(BASE_DIR, '', $currentDir), '/')) . '">Back to list</a>';
  50.         exit;
  51.     }
  52.     // Display file editing form
  53.     $content = file_get_contents($filePath);
  54.     ?>
  55.     <!DOCTYPE html>
  56.     <html>
  57.     <head>
  58.         <title>Edit File</title>
  59.     </head>
  60.     <body>
  61.         <?php displayBreadcrumbs($currentDir); ?>
  62.         <h2>Editing File: <?php echo htmlspecialchars($_GET['file']); ?></h2>
  63.         <form method="post">
  64.             <textarea name="content" rows="20" cols="80"><?php echo htmlspecialchars($content); ?></textarea><br>
  65.             <input type="submit" value="Save">
  66.         </form>
  67.         <br>
  68.         <a href="?dir=<?php echo urlencode(ltrim(str_replace(BASE_DIR, '', $currentDir), '/')); ?>">Cancel</a>
  69.     </body>
  70.     </html>
  71.     <?php
  72.     exit;
  73. }
  74.  
  75. // Chmod functionality
  76. if (isset($_GET['action']) && $_GET['action'] === 'chmod' && isset($_GET['target'])) {
  77.     $targetPath = sanitizePath($currentDir . '/' . $_GET['target']);
  78.     if ($targetPath === false || (!is_file($targetPath) && !is_dir($targetPath))) {
  79.         die("Invalid target!");
  80.     }
  81.     if ($_SERVER['REQUEST_METHOD'] === 'POST') {
  82.         $perm = intval($_POST['permissions'], 8); // Read octal input (e.g., 0755)
  83.         if (chmod($targetPath, $perm)) {
  84.             echo "Permissions changed successfully!<br>";
  85.         } else {
  86.             echo "Failed to change permissions.<br>";
  87.         }
  88.         echo '<a href="?dir=' . urlencode(ltrim(str_replace(BASE_DIR, '', $currentDir), '/')) . '">Back to list</a>';
  89.         exit;
  90.     }
  91.     $currentPerm = substr(sprintf('%o', fileperms($targetPath)), -4);
  92.     ?>
  93.     <!DOCTYPE html>
  94.     <html>
  95.     <head>
  96.         <title>Change Permissions</title>
  97.     </head>
  98.     <body>
  99.         <?php displayBreadcrumbs($currentDir); ?>
  100.         <h2>Change Permissions for: <?php echo htmlspecialchars($_GET['target']); ?></h2>
  101.         <p>Current permissions: <?php echo htmlspecialchars($currentPerm); ?></p>
  102.         <form method="post">
  103.             <label for="permissions">New permissions (octal, e.g. 0755): </label>
  104.             <input type="text" name="permissions" value="<?php echo htmlspecialchars($currentPerm); ?>">
  105.             <input type="submit" value="Change">
  106.         </form>
  107.         <br>
  108.         <a href="?dir=<?php echo urlencode(ltrim(str_replace(BASE_DIR, '', $currentDir), '/')); ?>">Cancel</a>
  109.     </body>
  110.     </html>
  111.     <?php
  112.     exit;
  113. }
  114.  
  115. // Main file listing interface
  116. ?>
  117. <!DOCTYPE html>
  118. <html>
  119. <head>
  120.     <title>Simple PHP File Manager</title>
  121.     <style>
  122.         body { font-family: Arial, sans-serif; }
  123.         table { border-collapse: collapse; width: 100%; }
  124.         th, td { padding: 8px; border: 1px solid #ddd; }
  125.         tr:nth-child(even){background-color: #f2f2f2;}
  126.     </style>
  127. </head>
  128. <body>
  129.     <?php displayBreadcrumbs($currentDir); ?>
  130.     <h2>Listing for: <?php echo htmlspecialchars(str_replace(BASE_DIR, '', $currentDir)); ?></h2>
  131.     <table>
  132.         <tr>
  133.             <th>Name</th>
  134.             <th>Type</th>
  135.             <th>Size</th>
  136.             <th>Actions</th>
  137.         </tr>
  138.         <?php
  139.         // List directory contents
  140.         $items = scandir($currentDir);
  141.         foreach ($items as $item) {
  142.             if ($item === '.' || $item === '..') continue;
  143.             $itemPath = $currentDir . '/' . $item;
  144.             $isDir = is_dir($itemPath);
  145.             echo '<tr>';
  146.             echo '<td>' . htmlspecialchars($item) . '</td>';
  147.             echo '<td>' . ($isDir ? 'Directory' : 'File') . '</td>';
  148.             echo '<td>' . ($isDir ? '-' : filesize($itemPath)) . '</td>';
  149.             echo '<td>';
  150.             // If directory, allow navigation; if file, allow editing.
  151.             if ($isDir) {
  152.                 echo '<a href="?dir=' . urlencode(ltrim(str_replace(BASE_DIR, '', $itemPath), '/')) . '">Open</a> ';
  153.             } else {
  154.                 echo '<a href="?action=edit&dir=' . urlencode(ltrim(str_replace(BASE_DIR, '', $currentDir), '/')) . '&file=' . urlencode($item) . '">Edit</a> ';
  155.             }
  156.             // Both files and directories can have their permissions changed
  157.             echo '<a href="?action=chmod&dir=' . urlencode(ltrim(str_replace(BASE_DIR, '', $currentDir), '/')) . '&target=' . urlencode($item) . '">Chmod</a>';
  158.             echo '</td>';
  159.             echo '</tr>';
  160.         }
  161.         ?>
  162.     </table>
  163. </body>
  164. </html>
  165.  
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!